From 0fcdc6e6cc123901d6aed5d83df7fdaab00eecf2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Sun, 5 Apr 2026 23:54:12 +0200 Subject: [PATCH 01/57] feat: add SLS (Straight-Line Speculation) check with --extra option --- .github/workflows/expected_cve_count | 2 +- UNSUPPORTED_CVE_LIST.md | 22 +++ src/libs/001_core_header.sh | 1 + src/libs/002_core_globals.sh | 10 +- src/libs/200_cpu_affected.sh | 27 ++- src/libs/230_util_optparse.sh | 9 +- src/vulns-helpers/check_sls.sh | 286 +++++++++++++++++++++++++++ src/vulns/CVE-0000-0001.sh | 15 ++ 8 files changed, 365 insertions(+), 7 deletions(-) create mode 100644 src/vulns-helpers/check_sls.sh create mode 100644 src/vulns/CVE-0000-0001.sh diff --git a/.github/workflows/expected_cve_count b/.github/workflows/expected_cve_count index 6f4247a..f64f5d8 100644 --- a/.github/workflows/expected_cve_count +++ b/.github/workflows/expected_cve_count @@ -1 +1 @@ -26 +27 diff --git a/UNSUPPORTED_CVE_LIST.md b/UNSUPPORTED_CVE_LIST.md index 3674307..8c06e17 100644 --- a/UNSUPPORTED_CVE_LIST.md +++ b/UNSUPPORTED_CVE_LIST.md @@ -48,6 +48,28 @@ A Spectre V1 subvariant where the `SWAPGS` instruction can be speculatively exec **Why out of scope:** This is a Spectre V1 subvariant whose mitigation (SWAPGS barriers) shares the same sysfs entry as CVE-2017-5753. This tool's existing CVE-2017-5753 checks already detect SWAPGS barriers: a mitigated kernel reports `"Mitigation: usercopy/swapgs barriers and __user pointer sanitization"`, while a kernel lacking the fix reports `"Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers"`. CVE-2019-1125 is therefore fully covered as part of Spectre V1. +## CVE-2021-26341 β€” AMD Straight-Line Speculation (direct branches) + +- **Bulletin:** [AMD-SB-1026](https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1026.html) +- **Affected CPUs:** AMD Zen 1, Zen 2 +- **CVSS:** 6.5 (Medium) +- **Covered by:** CVE-0000-0001 (SLS supplementary check) + +AMD Zen 1/Zen 2 CPUs may transiently execute instructions beyond unconditional direct branches (JMP, CALL), potentially allowing information disclosure via side channels. + +**Why out of scope:** This is the AMD-specific direct-branch subset of the broader Straight-Line Speculation (SLS) class. The kernel mitigates it via `CONFIG_MITIGATION_SLS` (formerly `CONFIG_SLS`), which enables the GCC flag `-mharden-sls=all` to insert INT3 after unconditional control flow instructions. Since this is a compile-time-only mitigation with no sysfs interface, no MSR, and no per-CVE CPU feature flag, it cannot be checked using the standard CVE framework. A supplementary SLS check is available via `--extra` mode, which covers this CVE's mitigation as well. + +## CVE-2020-13844 β€” ARM Straight-Line Speculation + +- **Advisory:** [ARM Developer Security Update (June 2020)](https://developer.arm.com/Arm%20Security%20Center/Speculative%20Processor%20Vulnerability) +- **Affected CPUs:** Cortex-A32, A34, A35, A53, A57, A72, A73, and broadly all speculative Armv8-A cores +- **CVSS:** 5.5 (Medium) +- **Covered by:** CVE-0000-0001 (SLS supplementary check) + +ARM processors may speculatively execute instructions past unconditional control flow changes (RET, BR, BLR). GCC and Clang support `-mharden-sls=all` for aarch64, but the Linux kernel never merged the patches to enable it: a `CONFIG_HARDEN_SLS_ALL` series was submitted in 2021 but rejected upstream. + +**Why out of scope:** This is the ARM-specific subset of the broader Straight-Line Speculation (SLS) class. The supplementary SLS check available via `--extra` mode detects affected ARM CPU models and reports that no kernel mitigation is currently available. + ## CVE-2025-20623 β€” Shared Microarchitectural Predictor State (10th Gen Intel) - **Advisory:** [INTEL-SA-01247](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html) diff --git a/src/libs/001_core_header.sh b/src/libs/001_core_header.sh index f2f7e9b..d09a997 100644 --- a/src/libs/001_core_header.sh +++ b/src/libs/001_core_header.sh @@ -32,6 +32,7 @@ exit_cleanup() { [ -n "${g_dumped_config:-}" ] && [ -f "$g_dumped_config" ] && rm -f "$g_dumped_config" [ -n "${g_kerneltmp:-}" ] && [ -f "$g_kerneltmp" ] && rm -f "$g_kerneltmp" [ -n "${g_kerneltmp2:-}" ] && [ -f "$g_kerneltmp2" ] && rm -f "$g_kerneltmp2" + [ -n "${g_sls_text_tmp:-}" ] && [ -f "$g_sls_text_tmp" ] && rm -f "$g_sls_text_tmp" [ -n "${g_mcedb_tmp:-}" ] && [ -f "$g_mcedb_tmp" ] && rm -f "$g_mcedb_tmp" [ -n "${g_intel_tmp:-}" ] && [ -d "$g_intel_tmp" ] && rm -rf "$g_intel_tmp" [ -n "${g_linuxfw_tmp:-}" ] && [ -f "$g_linuxfw_tmp" ] && rm -f "$g_linuxfw_tmp" diff --git a/src/libs/002_core_globals.sh b/src/libs/002_core_globals.sh index aa480ce..0296cc0 100644 --- a/src/libs/002_core_globals.sh +++ b/src/libs/002_core_globals.sh @@ -29,9 +29,11 @@ show_usage() { --no-color don't use color codes --verbose, -v increase verbosity level, possibly several times --explain produce an additional human-readable explanation of actions to take to mitigate a vulnerability - --paranoid require IBPB to deem Variant 2 as mitigated - also require SMT disabled + unconditional L1D flush to deem Foreshadow-NG VMM as mitigated - also require SMT disabled to deem MDS vulnerabilities mitigated + --paranoid require all mitigations to be enabled to the fullest extent, including those that + are not strictly necessary but provide defense in depth (e.g. SMT disabled, IBPB + always-on); without this flag, the script follows the security community consensus + --extra run additional checks for issues that don't have a CVE but are still security-relevant, + such as compile-time mitigations not enabled by default (e.g. Straight-Line Speculation) --no-sysfs don't use the /sys interface even if present [Linux] --sysfs-only only use the /sys interface, don't run our own checks [Linux] @@ -128,6 +130,7 @@ opt_allow_msr_write=0 opt_cpu=0 opt_explain=0 opt_paranoid=0 +opt_extra=0 opt_mock=0 opt_intel_db=1 @@ -164,6 +167,7 @@ CVE-2024-36357|TSA_L1|tsa|Transient Scheduler Attack - L1 (TSA-L1) CVE-2024-28956|ITS|its|Indirect Target Selection (ITS) CVE-2025-40300|VMSCAPE|vmscape|VMScape, VM-exit stale branch prediction CVE-2024-45332|BPI|bpi|Branch Privilege Injection (BPI) +CVE-0000-0001|SLS|sls|Straight-Line Speculation (SLS) ' # Derive the supported CVE list from the registry diff --git a/src/libs/200_cpu_affected.sh b/src/libs/200_cpu_affected.sh index fe1e4b2..7681a93 100644 --- a/src/libs/200_cpu_affected.sh +++ b/src/libs/200_cpu_affected.sh @@ -99,6 +99,7 @@ is_cpu_affected() { affected_taa='' affected_itlbmh='' affected_srbds='' + affected_sls='' # Zenbleed and Inception are both AMD specific, look for "is_amd" below: _set_immune zenbleed _set_immune inception @@ -741,13 +742,35 @@ is_cpu_affected() { _infer_immune itlbmh fi - # shellcheck disable=SC2154 # affected_zenbleed/inception/retbleed/tsa/downfall/reptar/its/vmscape/bpi set via eval (_set_immune) + # SLS (Straight-Line Speculation): + # - x86_64: all CPUs are affected (compile-time mitigation CONFIG_MITIGATION_SLS) + # - arm64 (CVE-2020-13844): Cortex-A32/A34/A35/A53/A57/A72/A73 confirmed affected, + # and broadly all speculative Armv8-A cores. No kernel mitigation merged. + # Part numbers: A32=0xd01 A34=0xd02 A53=0xd03 A35=0xd04 A57=0xd07 A72=0xd08 A73=0xd09 + # Plus later speculative cores: A75=0xd0a A76=0xd0b A77=0xd0d N1=0xd0c V1=0xd40 N2=0xd49 V2=0xd4f + if is_intel || is_amd; then + _infer_vuln sls + elif [ "$cpu_vendor" = ARM ]; then + for cpupart in $cpu_part_list; do + if echo "$cpupart" | grep -q -w -e 0xd01 -e 0xd02 -e 0xd03 -e 0xd04 \ + -e 0xd07 -e 0xd08 -e 0xd09 -e 0xd0a -e 0xd0b -e 0xd0c -e 0xd0d \ + -e 0xd40 -e 0xd49 -e 0xd4f; then + _set_vuln sls + fi + done + # non-speculative ARM cores (arch <= 7, or early v8 models) are not affected + _infer_immune sls + else + _infer_immune sls + fi + + # shellcheck disable=SC2154 { pr_debug "is_cpu_affected: final results: variant1=$affected_variant1 variant2=$affected_variant2 variant3=$affected_variant3 variant3a=$affected_variant3a" pr_debug "is_cpu_affected: final results: variant4=$affected_variant4 variantl1tf=$affected_variantl1tf msbds=$affected_msbds mfbds=$affected_mfbds" pr_debug "is_cpu_affected: final results: mlpds=$affected_mlpds mdsum=$affected_mdsum taa=$affected_taa itlbmh=$affected_itlbmh srbds=$affected_srbds" pr_debug "is_cpu_affected: final results: zenbleed=$affected_zenbleed inception=$affected_inception retbleed=$affected_retbleed tsa=$affected_tsa downfall=$affected_downfall reptar=$affected_reptar its=$affected_its" - pr_debug "is_cpu_affected: final results: vmscape=$affected_vmscape bpi=$affected_bpi" + pr_debug "is_cpu_affected: final results: vmscape=$affected_vmscape bpi=$affected_bpi sls=$affected_sls" } affected_variantl1tf_sgx="$affected_variantl1tf" # even if we are affected to L1TF, if there's no SGX, we're not affected to the original foreshadow diff --git a/src/libs/230_util_optparse.sh b/src/libs/230_util_optparse.sh index 529ca16..61b267e 100644 --- a/src/libs/230_util_optparse.sh +++ b/src/libs/230_util_optparse.sh @@ -68,6 +68,9 @@ while [ -n "${1:-}" ]; do elif [ "$1" = "--paranoid" ]; then opt_paranoid=1 shift + elif [ "$1" = "--extra" ]; then + opt_extra=1 + shift elif [ "$1" = "--hw-only" ]; then opt_hw_only=1 shift @@ -166,7 +169,7 @@ while [ -n "${1:-}" ]; do case "$2" in help) echo "The following parameters are supported for --variant (can be used multiple times):" - echo "1, 2, 3, 3a, 4, msbds, mfbds, mlpds, mdsum, l1tf, taa, mcepsc, srbds, zenbleed, downfall, retbleed, inception, reptar, tsa, tsa-sq, tsa-l1, its, vmscape, bpi" + echo "1, 2, 3, 3a, 4, msbds, mfbds, mlpds, mdsum, l1tf, taa, mcepsc, srbds, zenbleed, downfall, retbleed, inception, reptar, tsa, tsa-sq, tsa-l1, its, vmscape, bpi, sls" exit 0 ;; 1) @@ -265,6 +268,10 @@ while [ -n "${1:-}" ]; do opt_cve_list="$opt_cve_list CVE-2024-45332" opt_cve_all=0 ;; + sls) + opt_cve_list="$opt_cve_list CVE-0000-0001" + opt_cve_all=0 + ;; *) echo "$0: error: invalid parameter '$2' for --variant, see --variant help for a list" >&2 exit 255 diff --git a/src/vulns-helpers/check_sls.sh b/src/vulns-helpers/check_sls.sh new file mode 100644 index 0000000..5301637 --- /dev/null +++ b/src/vulns-helpers/check_sls.sh @@ -0,0 +1,286 @@ +# vim: set ts=4 sw=4 sts=4 et: +############################### +# Straight-Line Speculation (SLS) supplementary check (--extra only) +# +# SLS: x86 CPUs may speculatively execute instructions past unconditional +# control flow changes (RET, indirect JMP/CALL). Mitigated at compile time +# by CONFIG_MITIGATION_SLS (formerly CONFIG_SLS before kernel 6.8), which +# enables -mharden-sls=all to insert INT3 after these instructions. +# No sysfs interface, no MSR, no CPU feature flag. +# Related: CVE-2021-26341 (AMD Zen1/Zen2 direct-branch SLS subset). + +# Heuristic: scan the kernel .text section for indirect call/jmp thunks +# (retpoline-style stubs), then check whether tail-call JMPs to those thunks +# are followed by INT3 (0xcc). With SLS enabled: >80%. Without: <20%. +# +# Thunk signature: e8 01 00 00 00 cc 48 89 XX 24 +# call +1; int3; mov ,(%rsp); ... +# Tail-call pattern: e9 XX XX XX XX [cc?] +# jmp ; [int3 if SLS] + +# Perl implementation of the SLS heuristic byte scanner. +# Args: $1 = path to raw .text binary (from objcopy -O binary -j .text) +# Output: thunks=N jmps=N sls=N +# +# The heuristic looks for two types of thunks and counts how many jmp rel32 +# instructions targeting them are followed by INT3 (the SLS mitigation): +# +# 1. Indirect call/jmp thunks (retpoline stubs used for indirect tail calls): +# e8 01 00 00 00 cc 48 89 XX 24 (call +1; int3; mov ,(%rsp)) +# +# 2. Return thunk (used for all function returns via jmp __x86_return_thunk): +# c3 90 90 90 90 cc cc cc cc cc (ret; nop*4; int3*5+) +# This is the most common jmp target in retpoline-enabled kernels. +# +# Some kernels only use indirect thunks, some only the return thunk, and some +# use both. We check both and combine the results. +_sls_heuristic_perl() { + perl -e ' + use strict; + use warnings; + local $/; + open my $fh, "<:raw", $ARGV[0] or die "open: $!"; + my $text = <$fh>; + close $fh; + my $len = length($text); + + # Collect two types of thunks separately, as different kernels + # apply SLS to different thunk types. + + my (%indirect_thunks, %return_thunks); + + # Pattern 1: indirect call/jmp thunks (retpoline stubs) + while ($text =~ /\xe8\x01\x00\x00\x00\xcc\x48\x89.\x24/gs) { + $indirect_thunks{ pos($text) - length($&) } = 1; + } + + # Pattern 2: return thunk (ret; nop*4; int3*5) + while ($text =~ /\xc3\x90\x90\x90\x90\xcc\xcc\xcc\xcc\xcc/gs) { + $return_thunks{ pos($text) - length($&) } = 1; + } + + my $n_indirect = scalar keys %indirect_thunks; + my $n_return = scalar keys %return_thunks; + + if ($n_indirect + $n_return == 0) { + print "thunks=0 jmps=0 sls=0\n"; + exit 0; + } + + # Count jmps to each thunk type separately + my ($ind_total, $ind_sls) = (0, 0); + my ($ret_total, $ret_sls) = (0, 0); + + for (my $i = 0; $i + 5 < $len; $i++) { + next unless substr($text, $i, 1) eq "\xe9"; + my $rel = unpack("V", substr($text, $i + 1, 4)); + $rel -= 4294967296 if $rel >= 2147483648; + my $target = $i + 5 + $rel; + my $has_int3 = ($i + 5 < $len && substr($text, $i + 5, 1) eq "\xcc") ? 1 : 0; + if (exists $indirect_thunks{$target}) { + $ind_total++; + $ind_sls += $has_int3; + } + if (exists $return_thunks{$target}) { + $ret_total++; + $ret_sls += $has_int3; + } + } + + # Use whichever thunk type has jmps; prefer indirect thunks if both have data + my ($total, $sls, $n_thunks); + if ($ind_total > 0) { + ($total, $sls, $n_thunks) = ($ind_total, $ind_sls, $n_indirect); + } elsif ($ret_total > 0) { + ($total, $sls, $n_thunks) = ($ret_total, $ret_sls, $n_return); + } else { + ($total, $sls, $n_thunks) = (0, 0, $n_indirect + $n_return); + } + + printf "thunks=%d jmps=%d sls=%d\n", $n_thunks, $total, $sls; + ' "$1" 2>/dev/null +} + +# Awk fallback implementation of the SLS heuristic byte scanner. +# Slower than perl but uses only POSIX tools (od + awk). +# Args: $1 = path to raw .text binary (from objcopy -O binary -j .text) +# Output: thunks=N jmps=N sls=N +_sls_heuristic_awk() { + od -An -tu1 -v "$1" | awk ' + { + for (i = 1; i <= NF; i++) b[n++] = $i + 0 + } + END { + # Pattern 1: indirect call/jmp thunks + # 232 1 0 0 0 204 72 137 XX 36 (e8 01 00 00 00 cc 48 89 XX 24) + for (i = 0; i + 9 < n; i++) { + if (b[i]==232 && b[i+1]==1 && b[i+2]==0 && b[i+3]==0 && \ + b[i+4]==0 && b[i+5]==204 && b[i+6]==72 && b[i+7]==137 && \ + b[i+9]==36) { + ind[i] = 1 + n_ind++ + } + } + # Pattern 2: return thunk (ret; nop*4; int3*5) + # 195 144 144 144 144 204 204 204 204 204 (c3 90 90 90 90 cc cc cc cc cc) + for (i = 0; i + 9 < n; i++) { + if (b[i]==195 && b[i+1]==144 && b[i+2]==144 && b[i+3]==144 && \ + b[i+4]==144 && b[i+5]==204 && b[i+6]==204 && b[i+7]==204 && \ + b[i+8]==204 && b[i+9]==204) { + ret[i] = 1 + n_ret++ + } + } + if (n_ind + n_ret == 0) { print "thunks=0 jmps=0 sls=0"; exit } + + # Count jmps to each thunk type separately + ind_total = 0; ind_sls = 0 + ret_total = 0; ret_sls = 0 + for (i = 0; i + 5 < n; i++) { + if (b[i] != 233) continue + rel = b[i+1] + b[i+2]*256 + b[i+3]*65536 + b[i+4]*16777216 + if (rel >= 2147483648) rel -= 4294967296 + target = i + 5 + rel + has_int3 = (b[i+5] == 204) ? 1 : 0 + if (target in ind) { ind_total++; ind_sls += has_int3 } + if (target in ret) { ret_total++; ret_sls += has_int3 } + } + + # Prefer indirect thunks if they have data, else fall back to return thunk + if (ind_total > 0) + printf "thunks=%d jmps=%d sls=%d\n", n_ind, ind_total, ind_sls + else if (ret_total > 0) + printf "thunks=%d jmps=%d sls=%d\n", n_ret, ret_total, ret_sls + else + printf "thunks=%d jmps=0 sls=0\n", n_ind + n_ret + }' 2>/dev/null +} + +check_CVE_0000_0001_linux() { + local status sys_interface_available msg + status=UNK + sys_interface_available=0 + msg='' + + # No sysfs interface for SLS + # sys_interface_available stays 0 + + if [ "$opt_sysfs_only" != 1 ]; then + + # --- CPU affection check --- + if ! is_cpu_affected "$cve"; then + pvulnstatus "$cve" OK "your CPU is not affected" + return + fi + + # --- arm64: no kernel mitigation available --- + local _sls_arch + _sls_arch=$(uname -m 2>/dev/null || echo unknown) + if echo "$_sls_arch" | grep -qw 'aarch64'; then + pvulnstatus "$cve" VULN "no kernel mitigation available for arm64 SLS (CVE-2020-13844)" + explain "Your ARM processor is affected by Straight-Line Speculation (CVE-2020-13844).\n" \ + "GCC and Clang support -mharden-sls=all for aarch64, which inserts SB (Speculation Barrier)\n" \ + "or DSB+ISB after RET and BR instructions. However, the Linux kernel does not enable this flag:\n" \ + "patches to add CONFIG_HARDEN_SLS_ALL were submitted in 2021 but were rejected upstream.\n" \ + "There is currently no kernel-level mitigation for SLS on arm64." + return + fi + + # --- method 1: kernel config check (x86_64) --- + local _sls_config='' + if [ -n "$opt_config" ] && [ -r "$opt_config" ]; then + pr_info_nol " * Kernel compiled with SLS mitigation: " + if grep -qE '^CONFIG_(MITIGATION_)?SLS=y' "$opt_config"; then + _sls_config=1 + pstatus green YES + else + _sls_config=0 + pstatus yellow NO + fi + fi + + # --- method 2: kernel image heuristic (fallback when no config) --- + local _sls_heuristic='' + if [ -z "$_sls_config" ]; then + pr_info_nol " * Kernel compiled with SLS mitigation: " + if [ -n "$g_kernel_err" ]; then + pstatus yellow UNKNOWN "$g_kernel_err" + elif [ -z "$g_kernel" ]; then + pstatus yellow UNKNOWN "no kernel image available" + elif ! command -v "${opt_arch_prefix}objcopy" >/dev/null 2>&1; then + pstatus yellow UNKNOWN "missing '${opt_arch_prefix}objcopy' tool, usually in the binutils package" + else + local _sls_result + g_sls_text_tmp=$(mktemp -t smc-sls-text-XXXXXX) + + if ! "${opt_arch_prefix}objcopy" -O binary -j .text "$g_kernel" "$g_sls_text_tmp" 2>/dev/null || [ ! -s "$g_sls_text_tmp" ]; then + pstatus yellow UNKNOWN "failed to extract .text section from kernel image" + rm -f "$g_sls_text_tmp" + g_sls_text_tmp='' + else + _sls_result='' + if command -v perl >/dev/null 2>&1; then + _sls_result=$(_sls_heuristic_perl "$g_sls_text_tmp") + elif command -v awk >/dev/null 2>&1; then + _sls_result=$(_sls_heuristic_awk "$g_sls_text_tmp") + fi + rm -f "$g_sls_text_tmp" + g_sls_text_tmp='' + + if [ -z "$_sls_result" ]; then + pstatus yellow UNKNOWN "missing 'perl' or 'awk' tool for heuristic scan" + else + local _sls_thunks _sls_jmps _sls_int3 + _sls_thunks=$(echo "$_sls_result" | sed -n 's/.*thunks=\([0-9]*\).*/\1/p') + _sls_jmps=$(echo "$_sls_result" | sed -n 's/.*jmps=\([0-9]*\).*/\1/p') + _sls_int3=$(echo "$_sls_result" | sed -n 's/.*sls=\([0-9]*\).*/\1/p') + pr_debug "sls heuristic: thunks=$_sls_thunks jmps=$_sls_jmps int3=$_sls_int3" + + if [ "${_sls_thunks:-0}" = 0 ] || [ "${_sls_jmps:-0}" = 0 ]; then + pstatus yellow UNKNOWN "no retpoline indirect thunks found in kernel image" + else + local _sls_pct=$((_sls_int3 * 100 / _sls_jmps)) + if [ "$_sls_pct" -ge 80 ]; then + _sls_heuristic=1 + pstatus green YES "$_sls_int3/$_sls_jmps indirect tail-call JMPs hardened (${_sls_pct}%%)" + elif [ "$_sls_pct" -le 20 ]; then + _sls_heuristic=0 + pstatus yellow NO "$_sls_int3/$_sls_jmps indirect tail-call JMPs hardened (${_sls_pct}%%)" + else + pstatus yellow UNKNOWN "$_sls_int3/$_sls_jmps indirect tail-call JMPs hardened (${_sls_pct}%%, inconclusive)" + fi + fi + fi + fi + fi + fi + + # --- verdict (x86_64) --- + if [ "$_sls_config" = 1 ] || [ "$_sls_heuristic" = 1 ]; then + pvulnstatus "$cve" OK "kernel compiled with SLS mitigation" + explain "Your kernel was compiled with CONFIG_MITIGATION_SLS=y (or CONFIG_SLS=y on kernels before 6.8),\n" \ + "which enables the GCC flag -mharden-sls=all to insert INT3 instructions after unconditional\n" \ + "control flow changes, blocking straight-line speculation." + elif [ "$_sls_config" = 0 ] || [ "$_sls_heuristic" = 0 ]; then + pvulnstatus "$cve" VULN "kernel not compiled with SLS mitigation" + explain "Recompile your kernel with CONFIG_MITIGATION_SLS=y (or CONFIG_SLS=y on kernels before 6.8).\n" \ + "This enables the GCC flag -mharden-sls=all, which inserts INT3 after unconditional control flow\n" \ + "instructions to block straight-line speculation. Note: this option defaults to off in most kernels\n" \ + "and incurs ~2.4%% text size overhead." + else + pvulnstatus "$cve" UNK "couldn't determine SLS mitigation status" + fi + elif [ "$sys_interface_available" = 0 ]; then + msg="/sys vulnerability interface use forced, but there is no sysfs entry for SLS" + status=UNK + pvulnstatus "$cve" "$status" "$msg" + fi +} + +check_CVE_0000_0001_bsd() { + if ! is_cpu_affected "$cve"; then + pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" + else + pvulnstatus "$cve" UNK "your CPU is affected, but mitigation detection has not yet been implemented for BSD in this script" + fi +} diff --git a/src/vulns/CVE-0000-0001.sh b/src/vulns/CVE-0000-0001.sh new file mode 100644 index 0000000..ed7c49f --- /dev/null +++ b/src/vulns/CVE-0000-0001.sh @@ -0,0 +1,15 @@ +# vim: set ts=4 sw=4 sts=4 et: +############################### +# CVE-0000-0001, SLS, Straight-Line Speculation +# Supplementary check, only runs under --extra + +# shellcheck disable=SC2034 +check_CVE_0000_0001() { + # SLS is a supplementary check: skip it in the default "all CVEs" run + # unless --extra is passed, but always run when explicitly selected + # via --variant sls or --cve CVE-0000-0001 + if [ "$opt_cve_all" = 1 ] && [ "$opt_extra" != 1 ]; then + return 0 + fi + check_cve 'CVE-0000-0001' +} From 2ed15da028386e95e99190eb8332268648558538 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Sun, 5 Apr 2026 23:57:28 +0200 Subject: [PATCH 02/57] feat: implement CVE-2023-28746 (RFDS, Register File Data Sampling) --- dist/README.md | 6 ++ src/libs/002_core_globals.sh | 1 + src/libs/200_cpu_affected.sh | 31 +++++- src/libs/230_util_optparse.sh | 6 +- src/libs/400_hw_check.sh | 28 +++++- src/vulns/CVE-2023-28746.sh | 173 ++++++++++++++++++++++++++++++++++ 6 files changed, 241 insertions(+), 4 deletions(-) create mode 100644 src/vulns/CVE-2023-28746.sh diff --git a/dist/README.md b/dist/README.md index 6623175..c26dde2 100644 --- a/dist/README.md +++ b/dist/README.md @@ -28,6 +28,7 @@ CVE | Name | Aliases [CVE-2023-20569](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20569) | Return Address Security | Inception, SRSO [CVE-2023-20593](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593) | Cross-Process Information Leak | Zenbleed [CVE-2023-23583](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23583) | Redundant Prefix Issue | Reptar +[CVE-2023-28746](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746) | Register File Data Sampling | RFDS [CVE-2024-28956](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28956) | Indirect Target Selection | ITS [CVE-2024-36350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350) | Transient Scheduler Attack, Store Queue | TSA-SQ [CVE-2024-36357](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357) | Transient Scheduler Attack, L1 | TSA-L1 @@ -62,6 +63,7 @@ CVE-2022-40982 (Downfall, GDS) | πŸ’₯ | πŸ’₯ | πŸ’₯ | πŸ’₯ | Microcode update (o CVE-2023-20569 (Inception, SRSO) | πŸ’₯ | βœ… | πŸ’₯ | βœ… | Microcode + kernel update CVE-2023-20593 (Zenbleed) | πŸ’₯ | πŸ’₯ | πŸ’₯ | πŸ’₯ | Microcode update (or kernel workaround) CVE-2023-23583 (Reptar) | ☠️ | ☠️ | ☠️ | ☠️ | Microcode update +CVE-2023-28746 (RFDS) | πŸ’₯ | βœ… | πŸ’₯ | βœ… | Microcode + kernel update CVE-2024-28956 (ITS) | πŸ’₯ | βœ… | πŸ’₯ (4) | βœ… | Microcode + kernel update CVE-2024-36350 (TSA-SQ) | πŸ’₯ | πŸ’₯ (1) | πŸ’₯ | πŸ’₯ (1) | Microcode + kernel update CVE-2024-36357 (TSA-L1) | πŸ’₯ | πŸ’₯ (1) | πŸ’₯ | πŸ’₯ (1) | Microcode + kernel update @@ -165,6 +167,10 @@ A bug in AMD Zen 2 processors causes the VZEROUPPER instruction to incorrectly z A bug in Intel processors causes unexpected behavior when executing instructions with specific redundant REX prefixes. Depending on the circumstances, this can result in a system crash (MCE), unpredictable behavior, or potentially privilege escalation. Any software running on an affected CPU can trigger the bug. Mitigation requires a microcode update. Performance impact is low. +**CVE-2023-28746 β€” Register File Data Sampling (RFDS)** + +On certain Intel Atom and hybrid processors (Goldmont, Goldmont Plus, Tremont, Gracemont, and the Atom cores of Alder Lake and Raptor Lake), the register file can retain stale data from previous operations that is accessible via speculative execution, allowing an attacker to infer data across privilege boundaries. Mitigation requires both a microcode update (providing the RFDS_CLEAR capability) and a kernel update (CONFIG_MITIGATION_RFDS, Linux 6.9+) that uses the VERW instruction to clear the register file on privilege transitions. CPUs with the RFDS_NO capability bit are not affected. Performance impact is low. + **CVE-2024-28956 β€” Indirect Target Selection (ITS)** On certain Intel processors (Skylake-X stepping 6+, Kaby Lake, Comet Lake, Ice Lake, Tiger Lake, Rocket Lake), an attacker can train the indirect branch predictor to speculatively execute a targeted gadget in the kernel, bypassing eIBRS protections. The Branch Target Buffer (BTB) uses only partial address bits to index indirect branch targets, allowing user-space code to influence kernel-space speculative execution. Some affected CPUs (Ice Lake, Tiger Lake, Rocket Lake) are only vulnerable to native user-to-kernel attacks, not guest-to-host (VMX) attacks. Mitigation requires both a microcode update (IPU 2025.1 / microcode-20250512+, which fixes IBPB to fully flush indirect branch predictions) and a kernel update (CONFIG_MITIGATION_ITS, Linux 6.15+) that aligns branch/return thunks or uses RSB stuffing. Performance impact is low. diff --git a/src/libs/002_core_globals.sh b/src/libs/002_core_globals.sh index 0296cc0..ba18f36 100644 --- a/src/libs/002_core_globals.sh +++ b/src/libs/002_core_globals.sh @@ -166,6 +166,7 @@ CVE-2024-36350|TSA_SQ|tsa|Transient Scheduler Attack - Store Queue (TSA-SQ) CVE-2024-36357|TSA_L1|tsa|Transient Scheduler Attack - L1 (TSA-L1) CVE-2024-28956|ITS|its|Indirect Target Selection (ITS) CVE-2025-40300|VMSCAPE|vmscape|VMScape, VM-exit stale branch prediction +CVE-2023-28746|RFDS|rfds|Register File Data Sampling (RFDS) CVE-2024-45332|BPI|bpi|Branch Privilege Injection (BPI) CVE-0000-0001|SLS|sls|Straight-Line Speculation (SLS) ' diff --git a/src/libs/200_cpu_affected.sh b/src/libs/200_cpu_affected.sh index 7681a93..b4e5e27 100644 --- a/src/libs/200_cpu_affected.sh +++ b/src/libs/200_cpu_affected.sh @@ -107,9 +107,10 @@ is_cpu_affected() { _set_immune tsa # Retbleed: AMD (CVE-2022-29900) and Intel (CVE-2022-29901) specific: _set_immune retbleed - # Downfall, Reptar, ITS & BPI are Intel specific, look for "is_intel" below: + # Downfall, Reptar, RFDS, ITS & BPI are Intel specific, look for "is_intel" below: _set_immune downfall _set_immune reptar + _set_immune rfds _set_immune its _set_immune bpi # VMScape affects Intel, AMD and Hygon β€” set immune, overridden below: @@ -266,6 +267,32 @@ is_cpu_affected() { fi set +u fi + # RFDS (Register File Data Sampling, CVE-2023-28746) + # kernel cpu_vuln_blacklist (8076fcde016c, initial model list) + # immunity: ARCH_CAP_RFDS_NO (bit 27 of IA32_ARCH_CAPABILITIES) + # vendor scope: Intel only (family 6), Atom/hybrid cores + if [ "$cap_rfds_no" = 1 ]; then + pr_debug "is_cpu_affected: rfds: not affected (RFDS_NO)" + _set_immune rfds + elif [ "$cpu_family" = 6 ]; then + set -u + if [ "$cpu_model" = "$INTEL_FAM6_ATOM_GOLDMONT" ] || + [ "$cpu_model" = "$INTEL_FAM6_ATOM_GOLDMONT_D" ] || + [ "$cpu_model" = "$INTEL_FAM6_ATOM_GOLDMONT_PLUS" ] || + [ "$cpu_model" = "$INTEL_FAM6_ATOM_TREMONT_D" ] || + [ "$cpu_model" = "$INTEL_FAM6_ATOM_TREMONT" ] || + [ "$cpu_model" = "$INTEL_FAM6_ATOM_TREMONT_L" ] || + [ "$cpu_model" = "$INTEL_FAM6_ATOM_GRACEMONT" ] || + [ "$cpu_model" = "$INTEL_FAM6_ALDERLAKE" ] || + [ "$cpu_model" = "$INTEL_FAM6_ALDERLAKE_L" ] || + [ "$cpu_model" = "$INTEL_FAM6_RAPTORLAKE" ] || + [ "$cpu_model" = "$INTEL_FAM6_RAPTORLAKE_P" ] || + [ "$cpu_model" = "$INTEL_FAM6_RAPTORLAKE_S" ]; then + pr_debug "is_cpu_affected: rfds: affected" + _set_vuln rfds + fi + set +u + fi # ITS (Indirect Target Selection, CVE-2024-28956) # kernel vulnerable_to_its() + cpu_vuln_blacklist (159013a7ca18) # immunity: ARCH_CAP_ITS_NO (bit 62 of IA32_ARCH_CAPABILITIES) @@ -769,7 +796,7 @@ is_cpu_affected() { pr_debug "is_cpu_affected: final results: variant1=$affected_variant1 variant2=$affected_variant2 variant3=$affected_variant3 variant3a=$affected_variant3a" pr_debug "is_cpu_affected: final results: variant4=$affected_variant4 variantl1tf=$affected_variantl1tf msbds=$affected_msbds mfbds=$affected_mfbds" pr_debug "is_cpu_affected: final results: mlpds=$affected_mlpds mdsum=$affected_mdsum taa=$affected_taa itlbmh=$affected_itlbmh srbds=$affected_srbds" - pr_debug "is_cpu_affected: final results: zenbleed=$affected_zenbleed inception=$affected_inception retbleed=$affected_retbleed tsa=$affected_tsa downfall=$affected_downfall reptar=$affected_reptar its=$affected_its" + pr_debug "is_cpu_affected: final results: zenbleed=$affected_zenbleed inception=$affected_inception retbleed=$affected_retbleed tsa=$affected_tsa downfall=$affected_downfall reptar=$affected_reptar rfds=$affected_rfds its=$affected_its" pr_debug "is_cpu_affected: final results: vmscape=$affected_vmscape bpi=$affected_bpi sls=$affected_sls" } affected_variantl1tf_sgx="$affected_variantl1tf" diff --git a/src/libs/230_util_optparse.sh b/src/libs/230_util_optparse.sh index 61b267e..4d5b455 100644 --- a/src/libs/230_util_optparse.sh +++ b/src/libs/230_util_optparse.sh @@ -169,7 +169,7 @@ while [ -n "${1:-}" ]; do case "$2" in help) echo "The following parameters are supported for --variant (can be used multiple times):" - echo "1, 2, 3, 3a, 4, msbds, mfbds, mlpds, mdsum, l1tf, taa, mcepsc, srbds, zenbleed, downfall, retbleed, inception, reptar, tsa, tsa-sq, tsa-l1, its, vmscape, bpi, sls" + echo "1, 2, 3, 3a, 4, msbds, mfbds, mlpds, mdsum, l1tf, taa, mcepsc, srbds, zenbleed, downfall, retbleed, inception, reptar, rfds, tsa, tsa-sq, tsa-l1, its, vmscape, bpi, sls" exit 0 ;; 1) @@ -244,6 +244,10 @@ while [ -n "${1:-}" ]; do opt_cve_list="$opt_cve_list CVE-2023-23583" opt_cve_all=0 ;; + rfds) + opt_cve_list="$opt_cve_list CVE-2023-28746" + opt_cve_all=0 + ;; tsa) opt_cve_list="$opt_cve_list CVE-2024-36350 CVE-2024-36357" opt_cve_all=0 diff --git a/src/libs/400_hw_check.sh b/src/libs/400_hw_check.sh index 581b800..e6d7aef 100644 --- a/src/libs/400_hw_check.sh +++ b/src/libs/400_hw_check.sh @@ -734,6 +734,8 @@ check_cpu() { cap_tsx_ctrl_msr=-1 cap_gds_ctrl=-1 cap_gds_no=-1 + cap_rfds_no=-1 + cap_rfds_clear=-1 cap_its_no=-1 if [ "$cap_arch_capabilities" = -1 ]; then pstatus yellow UNKNOWN @@ -749,6 +751,8 @@ check_cpu() { cap_tsx_ctrl_msr=0 cap_gds_ctrl=0 cap_gds_no=0 + cap_rfds_no=0 + cap_rfds_clear=0 cap_its_no=0 pstatus yellow NO else @@ -765,6 +769,8 @@ check_cpu() { cap_tsx_ctrl_msr=0 cap_gds_ctrl=0 cap_gds_no=0 + cap_rfds_no=0 + cap_rfds_clear=0 cap_its_no=0 if [ $ret = $READ_MSR_RET_OK ]; then capabilities=$ret_read_msr_value @@ -781,8 +787,10 @@ check_cpu() { [ $((ret_read_msr_value_lo >> 8 & 1)) -eq 1 ] && cap_taa_no=1 [ $((ret_read_msr_value_lo >> 25 & 1)) -eq 1 ] && cap_gds_ctrl=1 [ $((ret_read_msr_value_lo >> 26 & 1)) -eq 1 ] && cap_gds_no=1 + [ $((ret_read_msr_value_lo >> 27 & 1)) -eq 1 ] && cap_rfds_no=1 + [ $((ret_read_msr_value_lo >> 28 & 1)) -eq 1 ] && cap_rfds_clear=1 [ $((ret_read_msr_value_hi >> 30 & 1)) -eq 1 ] && cap_its_no=1 - pr_debug "capabilities says rdcl_no=$cap_rdcl_no ibrs_all=$cap_ibrs_all rsba=$cap_rsba l1dflush_no=$cap_l1dflush_no ssb_no=$cap_ssb_no mds_no=$cap_mds_no taa_no=$cap_taa_no pschange_msc_no=$cap_pschange_msc_no its_no=$cap_its_no" + pr_debug "capabilities says rdcl_no=$cap_rdcl_no ibrs_all=$cap_ibrs_all rsba=$cap_rsba l1dflush_no=$cap_l1dflush_no ssb_no=$cap_ssb_no mds_no=$cap_mds_no taa_no=$cap_taa_no pschange_msc_no=$cap_pschange_msc_no rfds_no=$cap_rfds_no rfds_clear=$cap_rfds_clear its_no=$cap_its_no" if [ "$cap_ibrs_all" = 1 ]; then pstatus green YES else @@ -941,6 +949,24 @@ check_cpu() { pstatus yellow NO fi + pr_info_nol " * CPU explicitly indicates not being affected by RFDS (RFDS_NO): " + if [ "$cap_rfds_no" = -1 ]; then + pstatus yellow UNKNOWN "couldn't read MSR" + elif [ "$cap_rfds_no" = 1 ]; then + pstatus green YES + else + pstatus yellow NO + fi + + pr_info_nol " * CPU microcode supports clearing register files (RFDS_CLEAR): " + if [ "$cap_rfds_clear" = -1 ]; then + pstatus yellow UNKNOWN "couldn't read MSR" + elif [ "$cap_rfds_clear" = 1 ]; then + pstatus green YES + else + pstatus yellow NO + fi + fi if is_amd || is_hygon; then diff --git a/src/vulns/CVE-2023-28746.sh b/src/vulns/CVE-2023-28746.sh new file mode 100644 index 0000000..a40d518 --- /dev/null +++ b/src/vulns/CVE-2023-28746.sh @@ -0,0 +1,173 @@ +# vim: set ts=4 sw=4 sts=4 et: +############################### +# CVE-2023-28746, RFDS, Register File Data Sampling + +check_CVE_2023_28746() { + check_cve 'CVE-2023-28746' +} + +check_CVE_2023_28746_linux() { + local status sys_interface_available msg kernel_rfds kernel_rfds_err rfds_mitigated + status=UNK + sys_interface_available=0 + msg='' + + if sys_interface_check "$VULN_SYSFS_BASE/reg_file_data_sampling"; then + # this kernel has the /sys interface, trust it over everything + sys_interface_available=1 + # + # Kernel source inventory for reg_file_data_sampling (RFDS) + # + # --- sysfs messages --- + # all versions: + # "Not affected" (cpu_show_common, pre-existing) + # + # --- mainline --- + # 8076fcde016c (v6.9-rc1, initial RFDS sysfs): + # "Vulnerable" (RFDS_MITIGATION_OFF) + # "Vulnerable: No microcode" (RFDS_MITIGATION_UCODE_NEEDED) + # "Mitigation: Clear Register File" (RFDS_MITIGATION_VERW) + # b8ce25df2999 (v6.15, added AUTO state): + # no string changes; RFDS_MITIGATION_AUTO is internal, resolved before display + # 203d81f8e167 (v6.17, restructured): + # no string changes; added rfds_update_mitigation() + rfds_apply_mitigation() + # + # --- stable backports --- + # 5.10.215, 5.15.154, 6.1.82, 6.6.22, 6.7.10, 6.8.1: + # same 3 strings as mainline; no structural differences + # macro ALDERLAKE_N (0xBE) used instead of mainline ATOM_GRACEMONT (same model) + # + # --- Kconfig symbols --- + # 8076fcde016c (v6.9-rc1): CONFIG_MITIGATION_RFDS (default y) + # no renames across any version + # + # --- kernel functions (for $opt_map / System.map) --- + # 8076fcde016c (v6.9-rc1): rfds_select_mitigation(), rfds_parse_cmdline(), + # rfds_show_state(), cpu_show_reg_file_data_sampling(), vulnerable_to_rfds() + # 203d81f8e167 (v6.17): + rfds_update_mitigation(), rfds_apply_mitigation() + # + # --- CPU affection logic (for is_cpu_affected) --- + # 8076fcde016c (v6.9-rc1, initial model list): + # Intel: ATOM_GOLDMONT (0x5C), ATOM_GOLDMONT_D (0x5F), + # ATOM_GOLDMONT_PLUS (0x7A), ATOM_TREMONT_D (0x86), + # ATOM_TREMONT (0x96), ATOM_TREMONT_L (0x9C), + # ATOM_GRACEMONT (0xBE), ALDERLAKE (0x97), + # ALDERLAKE_L (0x9A), RAPTORLAKE (0xB7), + # RAPTORLAKE_P (0xBA), RAPTORLAKE_S (0xBF) + # 722fa0dba74f (v6.15, P-only hybrid exclusion): + # ALDERLAKE (0x97) and RAPTORLAKE (0xB7) narrowed to Atom core type only + # via X86_HYBRID_CPU_TYPE_ATOM check in vulnerable_to_rfds(); P-cores on + # these hybrid models are not affected, only E-cores (Gracemont) are. + # (not modeled here, we conservatively flag all steppings per whitelist principle, + # because detecting the active core type at runtime is unreliable from userspace) + # immunity: ARCH_CAP_RFDS_NO (bit 27 of IA32_ARCH_CAPABILITIES) + # mitigation: ARCH_CAP_RFDS_CLEAR (bit 28 of IA32_ARCH_CAPABILITIES) + # vendor scope: Intel only + # + # all messages start with either "Not affected", "Mitigation", or "Vulnerable" + status=$ret_sys_interface_check_status + fi + + if [ "$opt_sysfs_only" != 1 ]; then + pr_info_nol "* CPU microcode mitigates the vulnerability: " + if [ "$cap_rfds_clear" = 1 ]; then + pstatus green YES "RFDS_CLEAR capability indicated by microcode" + elif [ "$cap_rfds_clear" = 0 ]; then + pstatus yellow NO + else + pstatus yellow UNKNOWN "couldn't read MSR" + fi + + pr_info_nol "* Kernel supports RFDS mitigation (VERW on transitions): " + kernel_rfds='' + kernel_rfds_err='' + if [ -n "$g_kernel_err" ]; then + kernel_rfds_err="$g_kernel_err" + elif grep -q 'Clear Register File' "$g_kernel"; then + kernel_rfds="found 'Clear Register File' string in kernel image" + elif grep -q 'reg_file_data_sampling' "$g_kernel"; then + kernel_rfds="found reg_file_data_sampling in kernel image" + fi + if [ -z "$kernel_rfds" ] && [ -r "$opt_config" ]; then + if grep -q '^CONFIG_MITIGATION_RFDS=y' "$opt_config"; then + kernel_rfds="RFDS mitigation config option found enabled in kernel config" + fi + fi + if [ -z "$kernel_rfds" ] && [ -n "$opt_map" ]; then + if grep -q 'rfds_select_mitigation' "$opt_map"; then + kernel_rfds="found rfds_select_mitigation in System.map" + fi + fi + if [ -n "$kernel_rfds" ]; then + pstatus green YES "$kernel_rfds" + elif [ -n "$kernel_rfds_err" ]; then + pstatus yellow UNKNOWN "$kernel_rfds_err" + else + pstatus yellow NO + fi + + if [ "$opt_live" = 1 ] && [ "$sys_interface_available" = 1 ]; then + pr_info_nol "* RFDS mitigation is enabled and active: " + if echo "$ret_sys_interface_check_fullmsg" | grep -qi '^Mitigation'; then + rfds_mitigated=1 + pstatus green YES + else + rfds_mitigated=0 + pstatus yellow NO + fi + fi + elif [ "$sys_interface_available" = 0 ]; then + # we have no sysfs but were asked to use it only! + msg="/sys vulnerability interface use forced, but it's not available!" + status=UNK + fi + + if ! is_cpu_affected "$cve"; then + # override status & msg in case CPU is not vulnerable after all + pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" + elif [ -z "$msg" ]; then + if [ "$opt_sysfs_only" != 1 ]; then + if [ "$cap_rfds_clear" = 1 ]; then + if [ -n "$kernel_rfds" ]; then + if [ "$opt_live" = 1 ]; then + if [ "$rfds_mitigated" = 1 ]; then + pvulnstatus "$cve" OK "Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled" + else + pvulnstatus "$cve" VULN "Your microcode and kernel are both up to date for this mitigation, but the mitigation is not active" + explain "The RFDS mitigation has been disabled. Remove 'reg_file_data_sampling=off' or 'mitigations=off'\n " \ + "from your kernel command line to re-enable it." + fi + else + pvulnstatus "$cve" OK "Your microcode and kernel are both up to date for this mitigation" + fi + else + pvulnstatus "$cve" VULN "Your microcode supports mitigation, but your kernel doesn't, upgrade it to mitigate the vulnerability" + explain "Update your kernel to a version that supports RFDS mitigation (Linux 6.9+, or check if your distro\n " \ + "has a backport). Your CPU microcode already provides the RFDS_CLEAR capability." + fi + else + if [ -n "$kernel_rfds" ]; then + pvulnstatus "$cve" VULN "Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability" + explain "Update your CPU microcode (via BIOS/firmware update or linux-firmware package) to a version that\n " \ + "provides the RFDS_CLEAR capability." + else + pvulnstatus "$cve" VULN "Neither your kernel or your microcode support mitigation, upgrade both to mitigate the vulnerability" + explain "Update both your CPU microcode (via BIOS/firmware update from your OEM) and your kernel to a version\n " \ + "that supports RFDS mitigation (Linux 6.9+, or check if your distro has a backport)." + fi + fi + else + pvulnstatus "$cve" "$status" "$ret_sys_interface_check_fullmsg" + fi + else + pvulnstatus "$cve" "$status" "$msg" + fi +} + +check_CVE_2023_28746_bsd() { + if ! is_cpu_affected "$cve"; then + pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" + else + pvulnstatus "$cve" UNK "your CPU is affected, but mitigation detection has not yet been implemented for BSD in this script" + fi +} From a49234ed962e9a861f41f95e5bca0bf7d825fa54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Sun, 5 Apr 2026 23:57:53 +0200 Subject: [PATCH 03/57] doc: add CVE-2021-26318 (ADM Prefetch) to unsupported list --- UNSUPPORTED_CVE_LIST.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/UNSUPPORTED_CVE_LIST.md b/UNSUPPORTED_CVE_LIST.md index 8c06e17..5a7b6db 100644 --- a/UNSUPPORTED_CVE_LIST.md +++ b/UNSUPPORTED_CVE_LIST.md @@ -130,6 +130,17 @@ AMD CPUs may transiently execute non-canonical loads and stores using only the l **Why out of scope:** AMD's mitigation guidance is for software vendors to "analyze their code for any potential vulnerabilities" and insert LFENCE or use existing speculation mitigation techniques in their own code. No microcode or kernel-level mitigations have been issued. The responsibility falls on individual software, not on the kernel or firmware, leaving nothing for this script to check. +## CVE-2021-26318 β€” AMD Prefetch Attacks through Power and Time + +- **Issue:** [#412](https://github.com/speed47/spectre-meltdown-checker/issues/412) +- **Bulletin:** [AMD-SB-1017](https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1017.html) +- **Research paper:** [AMD Prefetch Attacks through Power and Time (USENIX Security '22)](https://www.usenix.org/conference/usenixsecurity22/presentation/lipp) +- **CVSS:** 5.5 (Medium) + +The x86 PREFETCH instruction on AMD CPUs leaks timing and power information, enabling a microarchitectural KASLR bypass from unprivileged userspace. The researchers demonstrated kernel address space layout recovery and kernel memory leakage at ~52 B/s using Spectre gadgets. + +**Why out of scope:** AMD acknowledged the research but explicitly stated they are "not recommending any mitigations at this time," as the attack leaks kernel address layout information (KASLR bypass) but does not directly leak kernel data across address space boundaries. KPTI was never enabled on AMD by default in the Linux kernel as a result. No microcode, kernel, or sysfs mitigations have been issued, leaving nothing for this script to check. + ## CVE-2024-7881 β€” ARM Prefetcher Privilege Escalation - **Affected CPUs:** Specific ARM cores only From 24ed9ccaf6c4dbf75679e4451bb9f9346a319742 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 00:17:32 +0200 Subject: [PATCH 04/57] enh: MDS FreeBSD: detect software mitigation as OK unless --paranoid (#503) --- src/vulns-helpers/check_mds.sh | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/src/vulns-helpers/check_mds.sh b/src/vulns-helpers/check_mds.sh index 8f9f033..031c924 100644 --- a/src/vulns-helpers/check_mds.sh +++ b/src/vulns-helpers/check_mds.sh @@ -53,7 +53,17 @@ check_mds_bsd() { else kernel_mds_state=inactive fi - # https://github.com/freebsd/freebsd/blob/master/sys/x86/x86/cpu_machdep.c#L953 + # possible values for hw.mds_disable_state (FreeBSD cpu_machdep.c): + # - inactive: no mitigation (non-Intel, disabled, or not needed) + # - VERW: microcode-based VERW instruction + # - software IvyBridge: SW sequence for Ivy Bridge + # - software Broadwell: SW sequence for Broadwell + # - software Skylake SSE: SW sequence for Skylake (SSE) + # - software Skylake AVX: SW sequence for Skylake (AVX) + # - software Skylake AVX512: SW sequence for Skylake (AVX-512) + # - software Silvermont: SW sequence for Silvermont + # - unknown: fallback if handler doesn't match any known + # ref: https://github.com/freebsd/freebsd-src/blob/main/sys/x86/x86/cpu_machdep.c case "$kernel_mds_state" in inactive) pstatus yellow NO ;; VERW) pstatus green YES "with microcode support" ;; @@ -85,7 +95,23 @@ check_mds_bsd() { pvulnstatus "$cve" VULN "Your microcode supports mitigation, but your kernel doesn't, upgrade it to mitigate the vulnerability" fi else - if [ "$kernel_md_clear" = 1 ]; then + if [ "$kernel_md_clear" = 1 ] && [ "$opt_live" = 1 ]; then + # no MD_CLEAR in microcode, but FreeBSD may still have software-only mitigation active + case "$kernel_mds_state" in + software*) + if [ "$opt_paranoid" = 1 ]; then + pvulnstatus "$cve" VULN "Software-only mitigation is active, but in paranoid mode a microcode-based mitigation is required" + elif [ "$kernel_smt_allowed" = 1 ]; then + pvulnstatus "$cve" OK "Software-only mitigation is active, but SMT is enabled so cross-thread attacks are still possible" + else + pvulnstatus "$cve" OK "Software-only mitigation is active (no microcode update required for this CPU)" + fi + ;; + *) + pvulnstatus "$cve" VULN "Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability" + ;; + esac + elif [ "$kernel_md_clear" = 1 ]; then pvulnstatus "$cve" VULN "Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability" else pvulnstatus "$cve" VULN "Neither your kernel or your microcode support mitigation, upgrade both to mitigate the vulnerability" From 78e4d253197ff2d879acc0cd52ba5a8985440fb7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 00:38:39 +0200 Subject: [PATCH 05/57] fix: bsd: use proper MSR for AMD in ucode version read fallback --- src/libs/350_cpu_detect2.sh | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/src/libs/350_cpu_detect2.sh b/src/libs/350_cpu_detect2.sh index 8d6812c..77b6dca 100644 --- a/src/libs/350_cpu_detect2.sh +++ b/src/libs/350_cpu_detect2.sh @@ -130,16 +130,20 @@ parse_cpu_details() { if [ -z "$cpu_ucode" ] && [ "$g_os" != Linux ]; then load_cpuid if [ -e ${BSD_CPUCTL_DEV_BASE}0 ]; then - # init MSR with NULLs - cpucontrol -m 0x8b=0 ${BSD_CPUCTL_DEV_BASE}0 - # call CPUID - cpucontrol -i 1 ${BSD_CPUCTL_DEV_BASE}0 >/dev/null - # read MSR - cpu_ucode=$(cpucontrol -m 0x8b ${BSD_CPUCTL_DEV_BASE}0 | awk '{print $3}') - # convert to decimal - cpu_ucode=$((cpu_ucode)) - # convert back to hex - cpu_ucode=$(printf "0x%x" "$cpu_ucode") + if [ "$cpu_vendor" = AuthenticAMD ]; then + # AMD: read MSR_PATCHLEVEL (0xC0010058) directly + cpu_ucode=$(cpucontrol -m 0xC0010058 ${BSD_CPUCTL_DEV_BASE}0 2>/dev/null | awk '{print $3}') + elif [ "$cpu_vendor" = GenuineIntel ]; then + # Intel: write 0 to IA32_BIOS_SIGN_ID, execute CPUID, then read back + cpucontrol -m 0x8b=0 ${BSD_CPUCTL_DEV_BASE}0 2>/dev/null + cpucontrol -i 1 ${BSD_CPUCTL_DEV_BASE}0 >/dev/null 2>&1 + cpu_ucode=$(cpucontrol -m 0x8b ${BSD_CPUCTL_DEV_BASE}0 2>/dev/null | awk '{print $3}') + fi + if [ -n "$cpu_ucode" ]; then + # convert to decimal then back to hex + cpu_ucode=$((cpu_ucode)) + cpu_ucode=$(printf "0x%x" "$cpu_ucode") + fi fi fi From 1ff1dfbe26ce20e399def35e30cbe9b6bef4fabf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 00:38:55 +0200 Subject: [PATCH 06/57] fix: don't default to 0x0 ucode when unknown --- src/libs/350_cpu_detect2.sh | 16 +++++++++++----- src/libs/360_cpu_smt.sh | 2 +- src/libs/380_hw_microcode.sh | 4 ++++ src/vulns/CVE-2023-23583.sh | 5 ++++- src/vulns/CVE-2024-45332.sh | 5 ++++- 5 files changed, 24 insertions(+), 8 deletions(-) diff --git a/src/libs/350_cpu_detect2.sh b/src/libs/350_cpu_detect2.sh index 77b6dca..bd257f4 100644 --- a/src/libs/350_cpu_detect2.sh +++ b/src/libs/350_cpu_detect2.sh @@ -147,8 +147,8 @@ parse_cpu_details() { fi fi - # if we got no cpu_ucode (e.g. we're in a vm), fall back to 0x0 - : "${cpu_ucode:=0x0}" + # if we got no cpu_ucode (e.g. we're in a vm), leave it empty + # so that we can detect this case and avoid false positives # on non-x86 systems (e.g. ARM), these fields may not exist in cpuinfo, fall back to 0 : "${cpu_family:=0}" @@ -163,9 +163,15 @@ parse_cpu_details() { g_mockme=$(printf "%b\n%b" "$g_mockme" "SMC_MOCK_CPU_UCODE='$cpu_ucode'") fi - echo "$cpu_ucode" | grep -q ^0x && cpu_ucode=$((cpu_ucode)) - g_ucode_found=$(printf "family 0x%x model 0x%x stepping 0x%x ucode 0x%x cpuid 0x%x pfid 0x%x" \ - "$cpu_family" "$cpu_model" "$cpu_stepping" "$cpu_ucode" "$cpu_cpuid" "$cpu_platformid") + local ucode_str + if [ -n "$cpu_ucode" ]; then + echo "$cpu_ucode" | grep -q ^0x && cpu_ucode=$((cpu_ucode)) + ucode_str=$(printf "0x%x" "$cpu_ucode") + else + ucode_str="unknown" + fi + g_ucode_found=$(printf "family 0x%x model 0x%x stepping 0x%x ucode %s cpuid 0x%x pfid 0x%x" \ + "$cpu_family" "$cpu_model" "$cpu_stepping" "$ucode_str" "$cpu_cpuid" "$cpu_platformid") g_parse_cpu_details_done=1 } diff --git a/src/libs/360_cpu_smt.sh b/src/libs/360_cpu_smt.sh index eb1ba5b..3a1f8eb 100644 --- a/src/libs/360_cpu_smt.sh +++ b/src/libs/360_cpu_smt.sh @@ -210,7 +210,7 @@ has_zenbleed_fixed_firmware() { model_high=$(echo "$tuple" | cut -d, -f2) fwver=$(echo "$tuple" | cut -d, -f3) if [ $((cpu_model)) -ge $((model_low)) ] && [ $((cpu_model)) -le $((model_high)) ]; then - if [ $((cpu_ucode)) -ge $((fwver)) ]; then + if [ -n "$cpu_ucode" ] && [ $((cpu_ucode)) -ge $((fwver)) ]; then g_zenbleed_fw=0 # true break else diff --git a/src/libs/380_hw_microcode.sh b/src/libs/380_hw_microcode.sh index 8e6f221..9245392 100644 --- a/src/libs/380_hw_microcode.sh +++ b/src/libs/380_hw_microcode.sh @@ -42,6 +42,10 @@ is_latest_known_ucode() { ret_is_latest_known_ucode_latest="couldn't get your cpuid" return 2 fi + if [ -z "$cpu_ucode" ]; then + ret_is_latest_known_ucode_latest="couldn't get your microcode version" + return 2 + fi ret_is_latest_known_ucode_latest="latest microcode version for your CPU model is unknown" if is_intel; then brand_prefix=I diff --git a/src/vulns/CVE-2023-23583.sh b/src/vulns/CVE-2023-23583.sh index f94ab74..af7a28c 100644 --- a/src/vulns/CVE-2023-23583.sh +++ b/src/vulns/CVE-2023-23583.sh @@ -24,7 +24,10 @@ check_CVE_2023_23583_linux() { pvulnstatus "$cve" VULN "your CPU is affected and no microcode update is available for your CPU stepping" else pr_info_nol "* Reptar is mitigated by microcode: " - if [ "$cpu_ucode" -lt "$g_reptar_fixed_ucode_version" ]; then + if [ -z "$cpu_ucode" ]; then + pstatus yellow UNKNOWN "couldn't get your microcode version" + pvulnstatus "$cve" UNK "couldn't detect microcode version to verify mitigation" + elif [ "$cpu_ucode" -lt "$g_reptar_fixed_ucode_version" ]; then pstatus yellow NO "You have ucode $(printf "0x%x" "$cpu_ucode") and version $(printf "0x%x" "$g_reptar_fixed_ucode_version") minimum is required" pvulnstatus "$cve" VULN "Your microcode is too old to mitigate the vulnerability" else diff --git a/src/vulns/CVE-2024-45332.sh b/src/vulns/CVE-2024-45332.sh index 762ca04..42b088c 100644 --- a/src/vulns/CVE-2024-45332.sh +++ b/src/vulns/CVE-2024-45332.sh @@ -31,7 +31,10 @@ check_CVE_2024_45332_linux() { "update is available for your specific CPU stepping." else pr_info_nol "* BPI is mitigated by microcode: " - if [ "$cpu_ucode" -lt "$g_bpi_fixed_ucode_version" ]; then + if [ -z "$cpu_ucode" ]; then + pstatus yellow UNKNOWN "couldn't get your microcode version" + pvulnstatus "$cve" UNK "couldn't detect microcode version to verify mitigation" + elif [ "$cpu_ucode" -lt "$g_bpi_fixed_ucode_version" ]; then pstatus yellow NO "You have ucode $(printf "0x%x" "$cpu_ucode") and version $(printf "0x%x" "$g_bpi_fixed_ucode_version") minimum is required" pvulnstatus "$cve" VULN "Your microcode is too old to mitigate the vulnerability" explain "CVE-2024-45332 (Branch Privilege Injection) is a race condition in the branch predictor\n" \ From ee618ead07ddc21228efc6e7daee2338ceb7f053 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 00:45:09 +0200 Subject: [PATCH 07/57] enh: detect IPBP return predictor bypass in Inception/SRSO ("PB-Inception") (#500) AMD Zen 1-3 CPUs don't flush return predictions on IBPB, allowing cross-process Spectre attacks even with IBPB-on-entry active. The kernel fix (v6.12+, backported) adds RSB fill after IBPB on affected CPUs. Detect this gap by checking CPUID IBPB_RET bit and kernel ibpb_no_ret bug flag, and flag systems relying on IBPB without the RSB fill fix. --- src/libs/400_hw_check.sh | 20 ++++++++++++++++++++ src/vulns/CVE-2023-20569.sh | 36 +++++++++++++++++++++++++++++++++--- 2 files changed, 53 insertions(+), 3 deletions(-) diff --git a/src/libs/400_hw_check.sh b/src/libs/400_hw_check.sh index e6d7aef..25fe422 100644 --- a/src/libs/400_hw_check.sh +++ b/src/libs/400_hw_check.sh @@ -467,6 +467,26 @@ check_cpu() { fi fi + # IBPB_RET: CPUID EAX=0x80000008, ECX=0x00 return EBX[30] indicates IBPB also flushes + # return predictions (Zen4+). Without this bit, IBPB alone does not clear the return + # predictor, requiring an additional RSB fill (kernel X86_BUG_IBPB_NO_RET fix). + cap_ibpb_ret='' + if is_amd || is_hygon; then + pr_info_nol " * CPU indicates IBPB flushes return predictions: " + read_cpuid 0x80000008 0x0 $EBX 30 1 1 + ret=$? + if [ $ret = $READ_CPUID_RET_OK ]; then + cap_ibpb_ret=1 + pstatus green YES "IBPB_RET feature bit" + elif [ $ret = $READ_CPUID_RET_KO ]; then + cap_ibpb_ret=0 + pstatus yellow NO + else + cap_ibpb_ret=-1 + pstatus yellow UNKNOWN "$ret_read_cpuid_msg" + fi + fi + # STIBP pr_info " * Single Thread Indirect Branch Predictors (STIBP)" pr_info_nol " * SPEC_CTRL MSR is available: " diff --git a/src/vulns/CVE-2023-20569.sh b/src/vulns/CVE-2023-20569.sh index b05ad94..7643152 100644 --- a/src/vulns/CVE-2023-20569.sh +++ b/src/vulns/CVE-2023-20569.sh @@ -7,7 +7,7 @@ check_CVE_2023_20569() { } check_CVE_2023_20569_linux() { - local status sys_interface_available msg kernel_sro kernel_sro_err kernel_srso kernel_ibpb_entry smt_enabled + local status sys_interface_available msg kernel_sro kernel_sro_err kernel_srso kernel_ibpb_entry kernel_ibpb_no_ret smt_enabled status=UNK sys_interface_available=0 msg='' @@ -25,6 +25,15 @@ check_CVE_2023_20569_linux() { status=VULN msg="Vulnerable: Safe RET, no microcode (your kernel incorrectly reports this as mitigated, it was fixed in more recent kernels)" fi + # kernels before the IBPB_NO_RET fix (v6.12, backported to v6.11.5/v6.6.58/v6.1.114/v5.15.169/v5.10.228) + # don't fill the RSB after IBPB, so when sysfs reports an IBPB-based mitigation, the return predictor + # can still be poisoned cross-process (PB-Inception). Override sysfs in that case. + if [ "$status" = OK ] && echo "$ret_sys_interface_check_fullmsg" | grep -qi 'IBPB'; then + if [ "$cap_ibpb_ret" != 1 ] && ! grep -q 'ibpb_no_ret' "$g_kernel" 2>/dev/null; then + status=VULN + msg="Vulnerable: IBPB-based mitigation active but kernel lacks return prediction clearing after IBPB (PB-Inception, upgrade to kernel 6.12+)" + fi + fi fi if [ "$opt_sysfs_only" != 1 ]; then @@ -117,6 +126,19 @@ check_CVE_2023_20569_linux() { fi fi + # check whether the kernel is aware of the IBPB return predictor bypass (PB-Inception). + # kernels with the fix (v6.12+, backported) contain the "ibpb_no_ret" bug flag string, + # and add an RSB fill after every IBPB on affected CPUs (Zen 1-3). + pr_info_nol "* Kernel is aware of IBPB return predictor bypass: " + if [ -n "$g_kernel_err" ]; then + pstatus yellow UNKNOWN "$g_kernel_err" + elif grep -q 'ibpb_no_ret' "$g_kernel"; then + kernel_ibpb_no_ret="ibpb_no_ret found in kernel image" + pstatus green YES "$kernel_ibpb_no_ret" + else + pstatus yellow NO + fi + # Zen & Zen2 : if the right IBPB microcode applied + SMT off --> not vuln if [ "$cpu_family" = $((0x17)) ]; then pr_info_nol "* CPU supports IBPB: " @@ -166,7 +188,11 @@ check_CVE_2023_20569_linux() { elif [ -z "$kernel_sro" ]; then pvulnstatus "$cve" VULN "Your kernel is too old and doesn't have the SRSO mitigation logic" elif [ -n "$cap_ibpb" ]; then - pvulnstatus "$cve" OK "SMT is disabled and both your kernel and microcode support mitigation" + if [ "$cap_ibpb_ret" != 1 ] && [ -z "$kernel_ibpb_no_ret" ]; then + pvulnstatus "$cve" VULN "IBPB alone doesn't flush return predictions on this CPU, kernel update needed (PB-Inception, fixed in 6.12+)" + else + pvulnstatus "$cve" OK "SMT is disabled and both your kernel and microcode support mitigation" + fi else pvulnstatus "$cve" VULN "Your microcode is too old" fi @@ -181,7 +207,11 @@ check_CVE_2023_20569_linux() { elif [ "$cap_sbpb" = 2 ]; then pvulnstatus "$cve" VULN "Your microcode doesn't support SBPB" else - pvulnstatus "$cve" OK "Your kernel and microcode both support mitigation" + if [ "$cap_ibpb_ret" != 1 ] && [ -z "$kernel_ibpb_no_ret" ] && [ -n "$kernel_ibpb_entry" ]; then + pvulnstatus "$cve" VULN "IBPB alone doesn't flush return predictions on this CPU, kernel update needed (PB-Inception, fixed in 6.12+)" + else + pvulnstatus "$cve" OK "Your kernel and microcode both support mitigation" + fi fi else # not supposed to happen, as normally this CPU should not be affected and not run this code From 076a1d57230228f3f02abdec9e93bfd86a4861d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 00:58:49 +0200 Subject: [PATCH 08/57] fix: CVE-2020-0543 (SRBDS): microcode mitigation misdetected (#492) --- src/libs/400_hw_check.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/libs/400_hw_check.sh b/src/libs/400_hw_check.sh index 25fe422..dbbca94 100644 --- a/src/libs/400_hw_check.sh +++ b/src/libs/400_hw_check.sh @@ -1122,11 +1122,11 @@ check_cpu() { read_msr $MSR_IA32_MCU_OPT_CTRL ret=$? if [ $ret = $READ_MSR_RET_OK ]; then - if [ "$ret_read_msr_value" = "0000000000000000" ]; then - #SRBDS mitigation control exists and is enabled via microcode + if [ "$((ret_read_msr_value_lo >> 0 & 1))" = 0 ]; then + #SRBDS mitigation control exists and is enabled via microcode (RNGDS_MITG_DIS bit is 0) cap_srbds_on=1 else - #SRBDS mitigation control exists but is disabled via microcode + #SRBDS mitigation control exists but is disabled via microcode (RNGDS_MITG_DIS bit is 1) cap_srbds_on=0 fi else From acf8b585a5929db4e4d6886ab96607e96fb32bbf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 01:12:34 +0200 Subject: [PATCH 09/57] doc: add CVE-2024-2201 (Native BHI) and TLBleed as unsupported --- UNSUPPORTED_CVE_LIST.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/UNSUPPORTED_CVE_LIST.md b/UNSUPPORTED_CVE_LIST.md index 5a7b6db..d781f4c 100644 --- a/UNSUPPORTED_CVE_LIST.md +++ b/UNSUPPORTED_CVE_LIST.md @@ -70,6 +70,19 @@ ARM processors may speculatively execute instructions past unconditional control **Why out of scope:** This is the ARM-specific subset of the broader Straight-Line Speculation (SLS) class. The supplementary SLS check available via `--extra` mode detects affected ARM CPU models and reports that no kernel mitigation is currently available. +## CVE-2024-2201 β€” Native BHI (Branch History Injection without eBPF) + +- **Issue:** [#491](https://github.com/speed47/spectre-meltdown-checker/issues/491) +- **Research:** [InSpectre Gadget / Native BHI (VUSec)](https://www.vusec.net/projects/native-bhi/) +- **Intel advisory:** [Branch History Injection (Intel)](https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html) +- **Affected CPUs:** Intel CPUs with eIBRS (Ice Lake+, 10th gen+, and virtualized Intel guests) +- **CVSS:** 4.7 (Medium) +- **Covered by:** CVE-2017-5715 (Spectre V2) + +VUSec researchers demonstrated that the original BHI mitigation (disabling unprivileged eBPF) was insufficient: 1,511 native kernel gadgets exist that allow exploiting Branch History Injection without eBPF, leaking arbitrary kernel memory at ~3.5 kB/sec on Intel CPUs. + +**Why out of scope:** CVE-2024-2201 is not a new hardware vulnerability β€” it is the same BHI hardware bug as CVE-2022-0002, but proves that eBPF restriction alone was never sufficient. The required mitigations are identical: `BHI_DIS_S` hardware control (MSR `IA32_SPEC_CTRL` bit 10), software BHB clearing loop at syscall entry and VM exit, or retpoline with RRSBA disabled. These are all already detected by this tool's CVE-2017-5715 (Spectre V2) checks, which parse the `BHI:` suffix from `/sys/devices/system/cpu/vulnerabilities/spectre_v2` and check for `CONFIG_MITIGATION_SPECTRE_BHI` in offline mode. No new sysfs entry, MSR, kernel config option, or boot parameter was introduced for this CVE. + ## CVE-2025-20623 β€” Shared Microarchitectural Predictor State (10th Gen Intel) - **Advisory:** [INTEL-SA-01247](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html) @@ -168,6 +181,17 @@ A transient execution vulnerability in some AMD processors may allow a user proc **Why out of scope:** AMD has determined that "leakage of TSC_AUX does not result in leakage of sensitive information" and has marked this CVE as "No fix planned" across all affected product lines. No microcode or kernel mitigations have been issued, leaving nothing for this script to check. +## No CVE β€” TLBleed (TLB side-channel) + +- **Issue:** [#231](https://github.com/speed47/spectre-meltdown-checker/issues/231) +- **Research paper:** [Defeating Cache Side-channel Protections with TLB Attacks (VUSec, USENIX Security '18)](https://www.vusec.net/projects/tlbleed/) +- **Red Hat blog:** [Temporal side-channels and you: Understanding TLBleed](https://www.redhat.com/en/blog/temporal-side-channels-and-you-understanding-tlbleed) +- **Affected CPUs:** Intel CPUs with Hyper-Threading (demonstrated on Skylake, Coffee Lake, Broadwell Xeon) + +A timing side-channel attack exploiting the shared Translation Lookaside Buffer (TLB) on Intel hyperthreaded CPUs. By using machine learning to analyze TLB hit/miss timing patterns, an attacker co-located on the same physical core can extract cryptographic keys (demonstrated with 99.8% success rate on a 256-bit EdDSA key). OpenBSD disabled Hyper-Threading by default in response. + +**Why out of scope:** No CVE was ever assigned β€” Intel explicitly declined to request one. Intel stated the attack is "not related to Spectre or Meltdown" and has no plans to issue a microcode fix, pointing to existing constant-time coding practices in cryptographic software as the appropriate defense. No Linux kernel mitigation was ever merged. Red Hat's guidance was limited to operational advice (disable SMT, use CPU pinning) rather than a software fix. The only OS-level response was OpenBSD disabling Hyper-Threading by default. With no CVE, no microcode update, and no kernel mitigation, there is nothing for this script to check. + --- # Not a transient/speculative execution vulnerability From 53c45e33635dec69eceb7c6909533ae3cddf10ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Sun, 5 Apr 2026 23:58:14 +0200 Subject: [PATCH 10/57] doc: update dev guidelines --- DEVELOPMENT.md | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index b9644d8..e975f45 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -267,6 +267,8 @@ In `src/libs/200_cpu_affected.sh`, add an `affected_yourname` variable and popul Never use microcode version strings. +When populating the CPU model list, use the **most recent version** of the Linux kernel source as the authoritative reference. The relevant lists are typically found in `arch/x86/kernel/cpu/common.c` (`cpu_vuln_blacklist`) or in the vulnerability-specific mitigation source file. Cross-reference the kernel list with the vendor's published advisory to catch any models the kernel hasn't added yet. Always document the kernel commit hash(es) you based the list on in a comment above the model checks, so future maintainers can diff against newer kernels. + **Important**: Do not confuse hardware immunity bits with *mitigation* capability bits. A hardware immunity bit (e.g. `GDS_NO`, `TSA_SQ_NO`) declares that the CPU design is architecturally free of the vulnerability - it belongs here in `is_cpu_affected()`. A mitigation capability bit (e.g. `VERW_CLEAR`, `MD_CLEAR`) indicates that updated microcode provides a mechanism to work around a vulnerability the CPU *does* have - it belongs in the `check_CVE_YYYY_NNNNN_linux()` function (Phase 2), where it is used to determine whether mitigations are in place. ### Step 3: Implement the Linux Check @@ -321,7 +323,7 @@ This is where the real detection lives. Check for mitigations at each layer: Each source may independently be unavailable (offline mode without the file, or stripped kernel), so check all that are present. A match in any one confirms kernel support. -- **Runtime state** (live mode only): Read MSRs, check cpuinfo flags, parse dmesg, inspect debugfs. +- **Runtime state** (live mode only): Read MSRs, check cpuinfo flags, parse dmesg, inspect debugfs. All runtime-only checks β€” including `/proc/cpuinfo` flags β€” must be guarded by `if [ "$opt_live" = 1 ]`, both when collecting the evidence in Phase 2 and when using it in Phase 4. In Phase 4, use explicit live/offline branches so that live-only variables (e.g. cpuinfo flags, MSR values) are never referenced in the offline path. ```sh if [ "$opt_live" = 1 ]; then read_msr 0xADDRESS @@ -697,13 +699,15 @@ CVEs that need VMM context should call `check_has_vmm` early in their `_linux()` ### Step 4: Wire Up and Test -1. **Add the CVE name mapping** in the `cve2name()` function so the header prints a human-readable name. -2. **Build** the monolithic script with `make`. -3. **Test live**: Run the built script and confirm your CVE appears in the output and reports a sensible status. -4. **Test batch JSON**: Run with `--batch json` and verify the CVE count incremented by one (currently 19 β†’ 20). -5. **Test offline**: Run with `--kernel`/`--config`/`--map` pointing to a kernel image and verify the offline code path reports correctly. -6. **Lint**: Run `shellcheck` on the monolithic script and fix any warnings. -7. **Update `dist/README.md`**: Add details about the new CVE check (name, description, what it detects) so that the user-facing documentation stays in sync with the implementation. +1. **Add the CVE to `CVE_REGISTRY`** in `src/libs/002_core_globals.sh` with the correct fields: `CVE-YYYY-NNNNN|JSON_KEY|affected_var_suffix|Complete Name and Aliases`. This is the single source of truth for CVE metadata β€” it drives `cve2name()`, `is_cpu_affected()`, and the supported CVE list. +2. **Add a `--variant` alias** in `src/libs/230_util_optparse.sh`: add a new `case` entry mapping a short name (e.g. `rfds`, `downfall`) to `opt_cve_list="$opt_cve_list CVE-YYYY-NNNNN"`, and add that short name to the `help)` echo line. The CVE is already selectable via `--cve CVE-YYYY-NNNNN` (this is handled generically by the existing `--cve` parsing code), but the `--variant` alias provides the user-friendly short name. +3. **Update `dist/README.md`**: Add the CVE in **both** tables β€” the "Supported CVEs" reference table at the top (CVE link, description, alias) **and** the "Am I at risk?" matrix (with the correct leak/mitigation indicators per boundary). Also add a detailed description paragraph in the `
` section at the bottom. +4. **Build** the monolithic script with `make`. +5. **Test live**: Run the built script and confirm your CVE appears in the output and reports a sensible status. +6. **Test batch JSON**: Run with `--batch json` and verify the CVE appears in the output. +7. **Test offline**: Run with `--kernel`/`--config`/`--map` pointing to a kernel image and verify the offline code path reports correctly. +8. **Test `--variant` and `--cve`**: Run with `--variant ` and `--cve CVE-YYYY-NNNNN` separately to confirm both selection methods work and produce the same output. +9. **Lint**: Run `shellcheck` on the monolithic script and fix any warnings. ### Key Rules to Remember From 3d01978cd425cc83a1d70142db7d56a3e5483d66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 02:40:09 +0200 Subject: [PATCH 11/57] feat: add CVE-2023-20588 (AMD DIV0 bug) (#473) --- .github/workflows/expected_cve_count | 2 +- dist/README.md | 6 + src/libs/002_core_globals.sh | 1 + src/libs/200_cpu_affected.sh | 12 +- src/libs/230_util_optparse.sh | 6 +- src/vulns/CVE-2023-20588.sh | 169 +++++++++++++++++++++++++++ 6 files changed, 192 insertions(+), 4 deletions(-) create mode 100644 src/vulns/CVE-2023-20588.sh diff --git a/.github/workflows/expected_cve_count b/.github/workflows/expected_cve_count index f64f5d8..9902f17 100644 --- a/.github/workflows/expected_cve_count +++ b/.github/workflows/expected_cve_count @@ -1 +1 @@ -27 +28 diff --git a/dist/README.md b/dist/README.md index c26dde2..85bfc5e 100644 --- a/dist/README.md +++ b/dist/README.md @@ -26,6 +26,7 @@ CVE | Name | Aliases [CVE-2022-29901](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29901) | Arbitrary Speculative Code Execution with Return Instructions | Retbleed (Intel), RSBA [CVE-2022-40982](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40982) | Gather Data Sampling | Downfall, GDS [CVE-2023-20569](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20569) | Return Address Security | Inception, SRSO +[CVE-2023-20588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20588) | AMD Division by Zero Speculative Data Leak | DIV0 [CVE-2023-20593](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593) | Cross-Process Information Leak | Zenbleed [CVE-2023-23583](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23583) | Redundant Prefix Issue | Reptar [CVE-2023-28746](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746) | Register File Data Sampling | RFDS @@ -61,6 +62,7 @@ CVE-2022-29900 (Retbleed AMD) | πŸ’₯ | βœ… | πŸ’₯ | βœ… | Kernel update (+ micro CVE-2022-29901 (Retbleed Intel, RSBA) | πŸ’₯ | βœ… | πŸ’₯ | βœ… | Microcode + kernel update (eIBRS or IBRS) CVE-2022-40982 (Downfall, GDS) | πŸ’₯ | πŸ’₯ | πŸ’₯ | πŸ’₯ | Microcode update (or disable AVX) CVE-2023-20569 (Inception, SRSO) | πŸ’₯ | βœ… | πŸ’₯ | βœ… | Microcode + kernel update +CVE-2023-20588 (DIV0) | πŸ’₯ | πŸ’₯ (1) | πŸ’₯ | πŸ’₯ (1) | Kernel update (+ disable SMT) CVE-2023-20593 (Zenbleed) | πŸ’₯ | πŸ’₯ | πŸ’₯ | πŸ’₯ | Microcode update (or kernel workaround) CVE-2023-23583 (Reptar) | ☠️ | ☠️ | ☠️ | ☠️ | Microcode update CVE-2023-28746 (RFDS) | πŸ’₯ | βœ… | πŸ’₯ | βœ… | Microcode + kernel update @@ -159,6 +161,10 @@ The AVX GATHER instructions can leak data from previously used vector registers On AMD Zen 1 through Zen 4 processors, an attacker can manipulate the return address predictor to redirect speculative execution on return instructions, leaking kernel memory. Mitigation requires both a kernel update (providing SRSO safe-return sequences or IBPB-on-entry) and a microcode update (providing SBPB on Zen 3/4, or IBPB support on Zen 1/2 β€” which additionally requires SMT to be disabled). Performance impact ranges from low to significant depending on the chosen mitigation and CPU generation. +**CVE-2023-20588 β€” AMD Division by Zero Speculative Data Leak (DIV0)** + +On AMD Zen 1 processors, a #DE (divide-by-zero) exception can leave stale quotient data from a previous division in the divider unit, observable by a subsequent division via speculative side channels. This can leak data across any privilege boundary, including between SMT sibling threads sharing the same physical core. Mitigation requires a kernel update (Linux 6.5+) that adds a dummy division (`amd_clear_divider()`) on every exit to userspace and before VMRUN, preventing stale data from persisting. No microcode update is needed. Disabling SMT provides additional protection because the kernel mitigation does not cover cross-SMT-thread leaks. Performance impact is negligible. + **CVE-2023-20593 β€” Cross-Process Information Leak (Zenbleed)** A bug in AMD Zen 2 processors causes the VZEROUPPER instruction to incorrectly zero register files during speculative execution, leaving stale data from other processes observable in vector registers. This can leak data across any privilege boundary, including from the kernel and other processes, at rates up to 30 KB/s per core. Mitigation is available either through a microcode update that fixes the bug, or through a kernel workaround that sets the FP_BACKUP_FIX bit (bit 9) in the DE_CFG MSR, disabling the faulty optimization. Either approach alone is sufficient. Performance impact is negligible. diff --git a/src/libs/002_core_globals.sh b/src/libs/002_core_globals.sh index ba18f36..1c9d8a8 100644 --- a/src/libs/002_core_globals.sh +++ b/src/libs/002_core_globals.sh @@ -156,6 +156,7 @@ CVE-2019-11091|MDSUM|mdsum|RIDL, microarchitectural data sampling uncacheable me CVE-2019-11135|TAA|taa|ZombieLoad V2, TSX Asynchronous Abort (TAA) CVE-2018-12207|ITLBMH|itlbmh|No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC) CVE-2020-0543|SRBDS|srbds|Special Register Buffer Data Sampling (SRBDS) +CVE-2023-20588|DIV0|div0|Division by Zero, AMD Zen1 speculative data leak CVE-2023-20593|ZENBLEED|zenbleed|Zenbleed, cross-process information leak CVE-2022-40982|DOWNFALL|downfall|Downfall, gather data sampling (GDS) CVE-2022-29900|RETBLEED AMD|retbleed|Retbleed, arbitrary speculative code execution with return instructions (AMD) diff --git a/src/libs/200_cpu_affected.sh b/src/libs/200_cpu_affected.sh index b4e5e27..65175f7 100644 --- a/src/libs/200_cpu_affected.sh +++ b/src/libs/200_cpu_affected.sh @@ -100,7 +100,8 @@ is_cpu_affected() { affected_itlbmh='' affected_srbds='' affected_sls='' - # Zenbleed and Inception are both AMD specific, look for "is_amd" below: + # DIV0, Zenbleed and Inception are all AMD specific, look for "is_amd" below: + _set_immune div0 _set_immune zenbleed _set_immune inception # TSA is AMD specific (Zen 3/4), look for "is_amd" below: @@ -587,6 +588,13 @@ is_cpu_affected() { fi _set_immune variantl1tf + # DIV0 (Zen1 only) + # 77245f1c3c64 (v6.5, initial model list): family 0x17 models 0x00-0x2f, 0x50-0x5f + # bfff3c6692ce (v6.8): moved to init_amd_zen1(), unconditional for all Zen1 + # All Zen1 CPUs are family 0x17, models 0x00-0x2f and 0x50-0x5f + amd_legacy_erratum "$(amd_model_range 0x17 0x00 0x0 0x2f 0xf)" && _set_vuln div0 + amd_legacy_erratum "$(amd_model_range 0x17 0x50 0x0 0x5f 0xf)" && _set_vuln div0 + # Zenbleed amd_legacy_erratum "$(amd_model_range 0x17 0x30 0x0 0x4f 0xf)" && _set_vuln zenbleed amd_legacy_erratum "$(amd_model_range 0x17 0x60 0x0 0x7f 0xf)" && _set_vuln zenbleed @@ -796,7 +804,7 @@ is_cpu_affected() { pr_debug "is_cpu_affected: final results: variant1=$affected_variant1 variant2=$affected_variant2 variant3=$affected_variant3 variant3a=$affected_variant3a" pr_debug "is_cpu_affected: final results: variant4=$affected_variant4 variantl1tf=$affected_variantl1tf msbds=$affected_msbds mfbds=$affected_mfbds" pr_debug "is_cpu_affected: final results: mlpds=$affected_mlpds mdsum=$affected_mdsum taa=$affected_taa itlbmh=$affected_itlbmh srbds=$affected_srbds" - pr_debug "is_cpu_affected: final results: zenbleed=$affected_zenbleed inception=$affected_inception retbleed=$affected_retbleed tsa=$affected_tsa downfall=$affected_downfall reptar=$affected_reptar rfds=$affected_rfds its=$affected_its" + pr_debug "is_cpu_affected: final results: div0=$affected_div0 zenbleed=$affected_zenbleed inception=$affected_inception retbleed=$affected_retbleed tsa=$affected_tsa downfall=$affected_downfall reptar=$affected_reptar rfds=$affected_rfds its=$affected_its" pr_debug "is_cpu_affected: final results: vmscape=$affected_vmscape bpi=$affected_bpi sls=$affected_sls" } affected_variantl1tf_sgx="$affected_variantl1tf" diff --git a/src/libs/230_util_optparse.sh b/src/libs/230_util_optparse.sh index 4d5b455..65ab8ae 100644 --- a/src/libs/230_util_optparse.sh +++ b/src/libs/230_util_optparse.sh @@ -169,7 +169,7 @@ while [ -n "${1:-}" ]; do case "$2" in help) echo "The following parameters are supported for --variant (can be used multiple times):" - echo "1, 2, 3, 3a, 4, msbds, mfbds, mlpds, mdsum, l1tf, taa, mcepsc, srbds, zenbleed, downfall, retbleed, inception, reptar, rfds, tsa, tsa-sq, tsa-l1, its, vmscape, bpi, sls" + echo "1, 2, 3, 3a, 4, msbds, mfbds, mlpds, mdsum, l1tf, taa, mcepsc, srbds, div0, zenbleed, downfall, retbleed, inception, reptar, rfds, tsa, tsa-sq, tsa-l1, its, vmscape, bpi, sls" exit 0 ;; 1) @@ -224,6 +224,10 @@ while [ -n "${1:-}" ]; do opt_cve_list="$opt_cve_list CVE-2020-0543" opt_cve_all=0 ;; + div0) + opt_cve_list="$opt_cve_list CVE-2023-20588" + opt_cve_all=0 + ;; zenbleed) opt_cve_list="$opt_cve_list CVE-2023-20593" opt_cve_all=0 diff --git a/src/vulns/CVE-2023-20588.sh b/src/vulns/CVE-2023-20588.sh new file mode 100644 index 0000000..955a7f5 --- /dev/null +++ b/src/vulns/CVE-2023-20588.sh @@ -0,0 +1,169 @@ +# vim: set ts=4 sw=4 sts=4 et: +############################### +# CVE-2023-20588, DIV0, AMD Division by Zero Speculative Data Leak + +check_CVE_2023_20588() { + check_cve 'CVE-2023-20588' +} + +# shellcheck disable=SC2034 +_cve_2023_20588_pvulnstatus_smt() { + # common logic for both live (cpuinfo) and live (kernel image fallback) paths: + # if --paranoid and SMT is on, report VULN; otherwise OK. + # $1 = mitigation detail message + if [ "$opt_paranoid" != 1 ] || ! is_cpu_smt_enabled; then + pvulnstatus "$cve" OK "Mitigation: amd_clear_divider on exit to user/guest" + else + pvulnstatus "$cve" VULN "DIV0 mitigation is active but SMT is enabled, data leak possible between sibling threads" + explain "Disable SMT (Simultaneous Multi-Threading) for full protection against DIV0.\n " \ + "The kernel mitigation only covers kernel-to-user and host-to-guest leak paths, not cross-SMT-thread leaks.\n " \ + "You can disable SMT by booting with the \`nosmt\` kernel parameter, or at runtime:\n " \ + "\`echo off > /sys/devices/system/cpu/smt/control\`" + fi +} + +# shellcheck disable=SC2034 +_cve_2023_20588_pvulnstatus_no_kernel() { + pvulnstatus "$cve" VULN "your kernel doesn't support DIV0 mitigation" + explain "Update your kernel to a version that includes the amd_clear_divider mitigation (Linux >= 6.5 or a backported stable/vendor kernel).\n " \ + "The kernel fix adds a dummy division on every exit to userspace and before VMRUN, preventing stale quotient data from leaking.\n " \ + "Also disable SMT for full protection, as the mitigation doesn't cover cross-SMT-thread leaks." +} + +check_CVE_2023_20588_linux() { + local status sys_interface_available msg kernel_mitigated cpuinfo_div0 dmesg_div0 ret + status=UNK + sys_interface_available=0 + msg='' + # No sysfs interface exists for this CVE (no /sys/devices/system/cpu/vulnerabilities/div0). + # sys_interface_available stays 0. + # + # Kernel source inventory for CVE-2023-20588 (DIV0), traced via git blame: + # + # --- sysfs messages --- + # none: this vulnerability has no sysfs entry + # + # --- Kconfig symbols --- + # none: the mitigation is unconditional, not configurable (no CONFIG_* knob) + # + # --- kernel functions (for $opt_map / System.map) --- + # 77245f1c3c64 (v6.5, initial fix): amd_clear_divider() + # initially called from exc_divide_error() (#DE handler) + # f58d6fbcb7c8 (v6.5, follow-up fix): moved amd_clear_divider() call to + # exit-to-userspace path and before VMRUN (SVM) + # bfff3c6692ce (v6.8): moved DIV0 detection from model range check to + # unconditional in init_amd_zen1() + # 501bd734f933 (v6.11): amd_clear_divider() made __always_inline + # (may no longer appear in System.map on newer kernels) + # + # --- dmesg --- + # 77245f1c3c64 (v6.5): "AMD Zen1 DIV0 bug detected. Disable SMT for full protection." + # (present since the initial fix, printed via pr_notice_once) + # + # --- /proc/cpuinfo bugs field --- + # 77245f1c3c64 (v6.5): X86_BUG_DIV0 mapped to "div0" in bugs field + # + # --- CPU affection logic (for is_cpu_affected) --- + # 77245f1c3c64 (v6.5, initial model list): + # AMD: family 0x17 models 0x00-0x2f, 0x50-0x5f + # bfff3c6692ce (v6.8): moved to init_amd_zen1(), unconditional for all Zen1 + # (same model ranges, just different detection path) + # vendor scope: AMD only (Zen1 microarchitecture) + # + # --- stable backports --- + # 5.10.y, 5.15.y, 6.1.y, 6.4.y: backported via cpu_has_amd_erratum() path + # (same as mainline v6.5 initial implementation) + # 6.5.y, 6.7.y: same erratum-table detection as mainline v6.5 + # 6.6.y: stable-specific commit 824549816609 backported the init_amd_zen1() + # move (equivalent to mainline bfff3c6692ce but adapted to 6.6 context) + # 6.8.y, 6.9.y, 6.10.y: carry mainline bfff3c6692ce directly + # 6.7.y missed the init_amd_zen1() move (EOL before backport landed) + # 501bd734f933 (__always_inline) was NOT backported to any stable branch + # 4.14.y, 4.19.y, 5.4.y: do NOT have the fix (EOL or not backported) + # no stable-specific string or behavior differences; all branches use the + # same dmesg message and /proc/cpuinfo bugs field as mainline + + if [ "$opt_sysfs_only" != 1 ]; then + pr_info_nol "* Kernel supports DIV0 mitigation: " + kernel_mitigated='' + if [ -n "$g_kernel_err" ]; then + pstatus yellow UNKNOWN "$g_kernel_err" + elif grep -q 'amd_clear_divider' "$g_kernel"; then + kernel_mitigated="found amd_clear_divider in kernel image" + pstatus green YES "$kernel_mitigated" + elif [ -n "$opt_map" ] && grep -q 'amd_clear_divider' "$opt_map"; then + kernel_mitigated="found amd_clear_divider in System.map" + pstatus green YES "$kernel_mitigated" + else + pstatus yellow NO + fi + + pr_info_nol "* DIV0 mitigation enabled and active: " + cpuinfo_div0='' + dmesg_div0='' + if [ "$opt_live" = 1 ]; then + if [ -e "$g_procfs/cpuinfo" ] && grep -qw 'div0' "$g_procfs/cpuinfo" 2>/dev/null; then + cpuinfo_div0=1 + pstatus green YES "div0 found in $g_procfs/cpuinfo bug flags" + else + # cpuinfo flag not found, fall back to dmesg + dmesg_grep 'AMD Zen1 DIV0 bug detected' + ret=$? + if [ "$ret" -eq 0 ]; then + dmesg_div0=1 + pstatus green YES "DIV0 bug detected message found in dmesg" + elif [ "$ret" -eq 2 ]; then + pstatus yellow UNKNOWN "dmesg truncated, cannot check for DIV0 message" + else + pstatus yellow NO "div0 not found in $g_procfs/cpuinfo bug flags or dmesg" + fi + fi + else + pstatus blue N/A "not testable in offline mode" + fi + + pr_info_nol "* SMT (Simultaneous Multi-Threading) status: " + is_cpu_smt_enabled + elif [ "$sys_interface_available" = 0 ]; then + msg="/sys vulnerability interface use forced, but it's not available!" + status=UNK + fi + + if ! is_cpu_affected "$cve"; then + pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" + elif [ -z "$msg" ]; then + if [ "$opt_sysfs_only" != 1 ]; then + if [ "$opt_live" = 1 ]; then + # live mode: cpuinfo div0 flag is the strongest proof the mitigation is active + if [ "$cpuinfo_div0" = 1 ] || [ "$dmesg_div0" = 1 ]; then + _cve_2023_20588_pvulnstatus_smt + elif [ -n "$kernel_mitigated" ]; then + # kernel has the code but the bug flag is not set, it shouldn't happen on affected CPUs, + # but if it does, trust the kernel image evidence + _cve_2023_20588_pvulnstatus_smt + else + _cve_2023_20588_pvulnstatus_no_kernel + fi + else + # offline mode: only kernel image / System.map evidence is available + if [ -n "$kernel_mitigated" ]; then + pvulnstatus "$cve" OK "Mitigation: amd_clear_divider found in kernel image" + else + _cve_2023_20588_pvulnstatus_no_kernel + fi + fi + else + pvulnstatus "$cve" "$status" "no sysfs interface available for this CVE, use --no-sysfs to check" + fi + else + pvulnstatus "$cve" "$status" "$msg" + fi +} + +check_CVE_2023_20588_bsd() { + if ! is_cpu_affected "$cve"; then + pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" + else + pvulnstatus "$cve" UNK "your CPU is affected, but mitigation detection has not yet been implemented for BSD in this script" + fi +} From 3c61c7489b0eca27b4f916c289af2f8e9f296922 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 03:09:18 +0200 Subject: [PATCH 12/57] fix: CVE-2024-3635[0,7] don't print lines about TSA CPUID bits under non-AMD --- src/vulns/CVE-2024-36350.sh | 32 +++++++++++++++++--------------- src/vulns/CVE-2024-36357.sh | 32 +++++++++++++++++--------------- 2 files changed, 34 insertions(+), 30 deletions(-) diff --git a/src/vulns/CVE-2024-36350.sh b/src/vulns/CVE-2024-36350.sh index 4aec907..89cbe2e 100644 --- a/src/vulns/CVE-2024-36350.sh +++ b/src/vulns/CVE-2024-36350.sh @@ -93,22 +93,24 @@ check_CVE_2024_36350_linux() { pstatus yellow NO fi - pr_info_nol "* CPU explicitly indicates not vulnerable to TSA-SQ (TSA_SQ_NO): " - if [ "$cap_tsa_sq_no" = 1 ]; then - pstatus green YES - elif [ "$cap_tsa_sq_no" = 0 ]; then - pstatus yellow NO - else - pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021" - fi + if is_amd || is_hygon; then + pr_info_nol "* CPU explicitly indicates not vulnerable to TSA-SQ (TSA_SQ_NO): " + if [ "$cap_tsa_sq_no" = 1 ]; then + pstatus green YES + elif [ "$cap_tsa_sq_no" = 0 ]; then + pstatus yellow NO + else + pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021" + fi - pr_info_nol "* Microcode supports VERW buffer clearing: " - if [ "$cap_verw_clear" = 1 ]; then - pstatus green YES - elif [ "$cap_verw_clear" = 0 ]; then - pstatus yellow NO - else - pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021" + pr_info_nol "* Microcode supports VERW buffer clearing: " + if [ "$cap_verw_clear" = 1 ]; then + pstatus green YES + elif [ "$cap_verw_clear" = 0 ]; then + pstatus yellow NO + else + pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021" + fi fi pr_info_nol "* Hyper-Threading (SMT) is enabled: " diff --git a/src/vulns/CVE-2024-36357.sh b/src/vulns/CVE-2024-36357.sh index 858b50e..dc0e0fa 100644 --- a/src/vulns/CVE-2024-36357.sh +++ b/src/vulns/CVE-2024-36357.sh @@ -93,22 +93,24 @@ check_CVE_2024_36357_linux() { pstatus yellow NO fi - pr_info_nol "* CPU explicitly indicates not vulnerable to TSA-L1 (TSA_L1_NO): " - if [ "$cap_tsa_l1_no" = 1 ]; then - pstatus green YES - elif [ "$cap_tsa_l1_no" = 0 ]; then - pstatus yellow NO - else - pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021" - fi + if is_amd || is_hygon; then + pr_info_nol "* CPU explicitly indicates not vulnerable to TSA-L1 (TSA_L1_NO): " + if [ "$cap_tsa_l1_no" = 1 ]; then + pstatus green YES + elif [ "$cap_tsa_l1_no" = 0 ]; then + pstatus yellow NO + else + pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021" + fi - pr_info_nol "* Microcode supports VERW buffer clearing: " - if [ "$cap_verw_clear" = 1 ]; then - pstatus green YES - elif [ "$cap_verw_clear" = 0 ]; then - pstatus yellow NO - else - pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021" + pr_info_nol "* Microcode supports VERW buffer clearing: " + if [ "$cap_verw_clear" = 1 ]; then + pstatus green YES + elif [ "$cap_verw_clear" = 0 ]; then + pstatus yellow NO + else + pstatus yellow UNKNOWN "couldn't read CPUID leaf 0x80000021" + fi fi elif [ "$sys_interface_available" = 0 ]; then From 6332fc3405d09e02533ed736b486cade6cf4e730 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 03:23:56 +0200 Subject: [PATCH 13/57] fix: CVE-2019-11135 (TAA) detect new 0x10F MSR for TSX-disabled CPUs (#414) --- src/libs/210_cpu_detect.sh | 2 +- src/libs/340_cpu_msr.sh | 1 + src/libs/400_hw_check.sh | 48 +++++++++++++++++++++++++++++++++++++ src/vulns/CVE-2019-11135.sh | 14 ++++++++++- 4 files changed, 63 insertions(+), 2 deletions(-) diff --git a/src/libs/210_cpu_detect.sh b/src/libs/210_cpu_detect.sh index 13111dc..0189f6a 100644 --- a/src/libs/210_cpu_detect.sh +++ b/src/libs/210_cpu_detect.sh @@ -143,7 +143,7 @@ is_cpu_srbds_free() { return 1 elif [ "$cpu_model" = "$INTEL_FAM6_KABYLAKE_L" ] && [ "$cpu_stepping" -le 12 ] || [ "$cpu_model" = "$INTEL_FAM6_KABYLAKE" ] && [ "$cpu_stepping" -le 13 ]; then - if [ "$cap_mds_no" -eq 1 ] && { [ "$cap_rtm" -eq 0 ] || [ "$cap_tsx_ctrl_rtm_disable" -eq 1 ]; }; then + if [ "$cap_mds_no" -eq 1 ] && { [ "$cap_rtm" -eq 0 ] || [ "$cap_tsx_ctrl_rtm_disable" -eq 1 ] || [ "$cap_tsx_force_abort_rtm_disable" -eq 1 ]; }; then return 0 else return 1 diff --git a/src/libs/340_cpu_msr.sh b/src/libs/340_cpu_msr.sh index 4a23c85..51ef6d1 100644 --- a/src/libs/340_cpu_msr.sh +++ b/src/libs/340_cpu_msr.sh @@ -153,6 +153,7 @@ write_msr_one_core() { readonly MSR_IA32_PLATFORM_ID=0x17 readonly MSR_IA32_SPEC_CTRL=0x48 readonly MSR_IA32_ARCH_CAPABILITIES=0x10a +readonly MSR_IA32_TSX_FORCE_ABORT=0x10f readonly MSR_IA32_TSX_CTRL=0x122 readonly MSR_IA32_MCU_OPT_CTRL=0x123 readonly READ_MSR_RET_OK=0 diff --git a/src/libs/400_hw_check.sh b/src/libs/400_hw_check.sh index dbbca94..8810d65 100644 --- a/src/libs/400_hw_check.sh +++ b/src/libs/400_hw_check.sh @@ -895,6 +895,8 @@ check_cpu() { pstatus yellow NO fi + # IA32_TSX_CTRL (MSR 0x122): architectural way to disable TSX, available on + # Cascade Lake and newer, and some Coffee Lake steppings via microcode update if [ "$cap_tsx_ctrl_msr" = 1 ]; then read_msr $MSR_IA32_TSX_CTRL ret=$? @@ -1089,6 +1091,52 @@ check_cpu() { pstatus yellow UNKNOWN "$ret_read_cpuid_msg" fi + pr_info_nol " * CPU supports TSX Force Abort (TSX_FORCE_ABORT): " + ret=$READ_CPUID_RET_KO + cap_tsx_force_abort=0 + if is_intel; then + read_cpuid 0x7 0x0 $EDX 13 1 1 + ret=$? + fi + if [ $ret = $READ_CPUID_RET_OK ]; then + cap_tsx_force_abort=1 + pstatus blue YES + elif [ $ret = $READ_CPUID_RET_KO ]; then + pstatus yellow NO + else + cap_tsx_force_abort=-1 + pstatus yellow UNKNOWN "$ret_read_cpuid_msg" + fi + + # IA32_TSX_FORCE_ABORT (MSR 0x10F): stopgap for older Skylake/Kaby Lake CPUs that + # don't support IA32_TSX_CTRL, forces all RTM transactions to abort via microcode update + if [ "$cap_tsx_force_abort" = 1 ]; then + read_msr $MSR_IA32_TSX_FORCE_ABORT + ret=$? + if [ "$ret" = $READ_MSR_RET_OK ]; then + cap_tsx_force_abort_rtm_disable=$((ret_read_msr_value_lo >> 0 & 1)) + cap_tsx_force_abort_cpuid_clear=$((ret_read_msr_value_lo >> 1 & 1)) + fi + + pr_info_nol " * TSX_FORCE_ABORT MSR indicates all TSX transactions are aborted: " + if [ "$cap_tsx_force_abort_rtm_disable" = 1 ]; then + pstatus blue YES + elif [ "$cap_tsx_force_abort_rtm_disable" = 0 ]; then + pstatus blue NO + else + pstatus yellow UNKNOWN "couldn't read MSR" + fi + + pr_info_nol " * TSX_FORCE_ABORT MSR indicates TSX CPUID bit is cleared: " + if [ "$cap_tsx_force_abort_cpuid_clear" = 1 ]; then + pstatus blue YES + elif [ "$cap_tsx_force_abort_cpuid_clear" = 0 ]; then + pstatus blue NO + else + pstatus yellow UNKNOWN "couldn't read MSR" + fi + fi + pr_info_nol " * CPU supports Software Guard Extensions (SGX): " ret=$READ_CPUID_RET_KO cap_sgx=0 diff --git a/src/vulns/CVE-2019-11135.sh b/src/vulns/CVE-2019-11135.sh index 8ff17f0..555d00e 100644 --- a/src/vulns/CVE-2019-11135.sh +++ b/src/vulns/CVE-2019-11135.sh @@ -70,7 +70,19 @@ check_CVE_2019_11135_linux() { else if [ "$opt_paranoid" = 1 ]; then # in paranoid mode, TSX or SMT enabled are not OK, even if TAA is mitigated - if ! echo "$ret_sys_interface_check_fullmsg" | grep -qF 'TSX disabled'; then + # first check sysfs, then fall back to MSR-based detection for older kernels + # that may not report TSX as disabled even when microcode has done so + tsx_disabled=0 + if echo "$ret_sys_interface_check_fullmsg" | grep -qF 'TSX disabled'; then + tsx_disabled=1 + elif [ "$cap_tsx_ctrl_rtm_disable" = 1 ] && [ "$cap_tsx_ctrl_cpuid_clear" = 1 ]; then + # TSX disabled via IA32_TSX_CTRL MSR (0x122) + tsx_disabled=1 + elif [ "$cap_tsx_force_abort_rtm_disable" = 1 ] && [ "$cap_tsx_force_abort_cpuid_clear" = 1 ]; then + # TSX disabled via IA32_TSX_FORCE_ABORT MSR (0x10F), for older Skylake-era CPUs + tsx_disabled=1 + fi + if [ "$tsx_disabled" = 0 ]; then pvulnstatus "$cve" VULN "TSX must be disabled for full mitigation" elif echo "$ret_sys_interface_check_fullmsg" | grep -qF 'SMT vulnerable'; then pvulnstatus "$cve" VULN "SMT (HyperThreading) must be disabled for full mitigation" From f100b4e1dca9b6457123263eb4b2e74b0e249a81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 03:33:32 +0200 Subject: [PATCH 14/57] doc: add CVE-2020-0549 (L1D Eviction Sampling, CacheOut) as unsupported --- UNSUPPORTED_CVE_LIST.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/UNSUPPORTED_CVE_LIST.md b/UNSUPPORTED_CVE_LIST.md index d781f4c..65f7518 100644 --- a/UNSUPPORTED_CVE_LIST.md +++ b/UNSUPPORTED_CVE_LIST.md @@ -83,6 +83,18 @@ VUSec researchers demonstrated that the original BHI mitigation (disabling unpri **Why out of scope:** CVE-2024-2201 is not a new hardware vulnerability β€” it is the same BHI hardware bug as CVE-2022-0002, but proves that eBPF restriction alone was never sufficient. The required mitigations are identical: `BHI_DIS_S` hardware control (MSR `IA32_SPEC_CTRL` bit 10), software BHB clearing loop at syscall entry and VM exit, or retpoline with RRSBA disabled. These are all already detected by this tool's CVE-2017-5715 (Spectre V2) checks, which parse the `BHI:` suffix from `/sys/devices/system/cpu/vulnerabilities/spectre_v2` and check for `CONFIG_MITIGATION_SPECTRE_BHI` in offline mode. No new sysfs entry, MSR, kernel config option, or boot parameter was introduced for this CVE. +## CVE-2020-0549 β€” L1D Eviction Sampling (CacheOut) + +- **Issue:** [#341](https://github.com/speed47/spectre-meltdown-checker/issues/341) +- **Advisory:** [INTEL-SA-00329](https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/l1d-eviction-sampling.html) +- **Affected CPUs:** Intel Skylake through 10th gen (Tiger Lake+ not affected) +- **CVSS:** 6.5 (Medium) +- **Covered by:** CVE-2018-12126 / CVE-2018-12127 / CVE-2018-12130 / CVE-2019-11091 (MDS) and CVE-2018-3646 (L1TF) + +An Intel-specific data leakage vulnerability where L1 data cache evictions can be exploited in combination with MDS or TAA side channels to leak data across security boundaries. + +**Why out of scope:** The June 2020 microcode update that addresses this CVE does not introduce any new MSR bits or CPUID flags β€” it reuses the existing MD_CLEAR (`CPUID.7.0:EDX[10]`) and L1D_FLUSH (`MSR_IA32_FLUSH_CMD`, 0x10B) infrastructure already deployed for MDS and L1TF. The Linux kernel has no dedicated sysfs entry in `/sys/devices/system/cpu/vulnerabilities/` for this CVE; instead, it provides an opt-in per-task L1D flush via `prctl(PR_SPEC_L1D_FLUSH)` and the `l1d_flush=on` boot parameter, which piggyback on the same L1D flush mechanism checked by the existing L1TF and MDS vulnerability modules. In practice, a system with up-to-date microcode and MDS/L1TF mitigations in place is already protected against L1D Eviction Sampling. + ## CVE-2025-20623 β€” Shared Microarchitectural Predictor State (10th Gen Intel) - **Advisory:** [INTEL-SA-01247](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html) From 0fa7e44327ffee06702c5d05e65da73f9ade1762 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 10:27:17 +0200 Subject: [PATCH 15/57] doc: add Blindside to unsupported list (#374) --- UNSUPPORTED_CVE_LIST.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/UNSUPPORTED_CVE_LIST.md b/UNSUPPORTED_CVE_LIST.md index 65f7518..5b921b1 100644 --- a/UNSUPPORTED_CVE_LIST.md +++ b/UNSUPPORTED_CVE_LIST.md @@ -193,6 +193,17 @@ A transient execution vulnerability in some AMD processors may allow a user proc **Why out of scope:** AMD has determined that "leakage of TSC_AUX does not result in leakage of sensitive information" and has marked this CVE as "No fix planned" across all affected product lines. No microcode or kernel mitigations have been issued, leaving nothing for this script to check. +## No CVE β€” BlindSide (Speculative Probing) + +- **Issue:** [#374](https://github.com/speed47/spectre-meltdown-checker/issues/374) +- **Research paper:** [Speculative Probing: Hacking Blind in the Spectre Era (VUSec, ACM CCS 2020)](https://www.vusec.net/projects/blindside/) +- **Red Hat advisory:** [Article 5394291](https://access.redhat.com/articles/5394291) +- **Affected CPUs:** All CPUs vulnerable to Spectre V2 (BTB-based speculative execution) + +An attack technique that combines a pre-existing kernel memory corruption bug (e.g., a heap buffer overflow) with speculative execution to perform "Speculative BROP" (Blind Return-Oriented Programming). Instead of crashing the system when probing invalid addresses, BlindSide performs the probing speculatively: faults are suppressed in the speculative domain, and information is leaked via cache timing side channels. This allows an attacker to silently derandomize kernel memory layout and bypass KASLR/FGKASLR without triggering any fault. + +**Why out of scope:** BlindSide is an exploitation technique, not a discrete hardware vulnerability: no CVE was assigned. Red Hat explicitly states it is "not a new flaw, but a new attack." It requires a pre-existing kernel memory corruption bug as a prerequisite, and the speculative execution aspect leverages the same BTB behavior as Spectre V2 (CVE-2017-5715). No dedicated microcode update, kernel config, MSR, CPUID bit, or sysfs entry exists for BlindSide. The closest hardware mitigations (IBPB, IBRS, STIBP, Retpoline) are already covered by this tool's Spectre V2 checks. + ## No CVE β€” TLBleed (TLB side-channel) - **Issue:** [#231](https://github.com/speed47/spectre-meltdown-checker/issues/231) From b0bb1f4676517bbc666ce6fa3b0d97b4d3d0cc44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 11:25:51 +0200 Subject: [PATCH 16/57] feat: implement check for MMIO Stale Data (CVE-2022-21123 CVE-2022-21125 CVE-2022-21166) (#437) --- .github/workflows/expected_cve_count | 2 +- dist/README.md | 10 ++ src/libs/002_core_globals.sh | 3 + src/libs/200_cpu_affected.sh | 9 +- src/libs/210_cpu_detect.sh | 55 ++++++ src/libs/230_util_optparse.sh | 18 +- src/libs/400_hw_check.sh | 36 +++- src/vulns-helpers/check_mmio.sh | 252 +++++++++++++++++++++++++++ src/vulns/CVE-2022-21123.sh | 7 + src/vulns/CVE-2022-21125.sh | 7 + src/vulns/CVE-2022-21166.sh | 7 + 11 files changed, 402 insertions(+), 4 deletions(-) create mode 100644 src/vulns-helpers/check_mmio.sh create mode 100644 src/vulns/CVE-2022-21123.sh create mode 100644 src/vulns/CVE-2022-21125.sh create mode 100644 src/vulns/CVE-2022-21166.sh diff --git a/.github/workflows/expected_cve_count b/.github/workflows/expected_cve_count index 9902f17..e85087a 100644 --- a/.github/workflows/expected_cve_count +++ b/.github/workflows/expected_cve_count @@ -1 +1 @@ -28 +31 diff --git a/dist/README.md b/dist/README.md index 85bfc5e..320d332 100644 --- a/dist/README.md +++ b/dist/README.md @@ -22,6 +22,9 @@ CVE | Name | Aliases [CVE-2019-11091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091) | Microarchitectural Data Sampling Uncacheable Memory | MDSUM, RIDL [CVE-2019-11135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135) | TSX Asynchronous Abort | TAA, ZombieLoad V2 [CVE-2020-0543](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543) | Special Register Buffer Data Sampling | SRBDS, CROSSTalk +[CVE-2022-21123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21123) | Shared Buffers Data Read | SBDR, MMIO Stale Data +[CVE-2022-21125](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21125) | Shared Buffers Data Sampling | SBDS, MMIO Stale Data +[CVE-2022-21166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21166) | Device Register Partial Write | DRPW, MMIO Stale Data [CVE-2022-29900](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29900) | Arbitrary Speculative Code Execution with Return Instructions | Retbleed (AMD) [CVE-2022-29901](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29901) | Arbitrary Speculative Code Execution with Return Instructions | Retbleed (Intel), RSBA [CVE-2022-40982](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40982) | Gather Data Sampling | Downfall, GDS @@ -58,6 +61,9 @@ CVE-2018-12207 (iTLB Multihit, No eXcuses) | βœ… | βœ… | ☠️ | βœ… | Hypervis CVE-2019-11091 (MDSUM, RIDL) | πŸ’₯ | πŸ’₯ (1) | πŸ’₯ | πŸ’₯ (1) | Microcode + kernel update CVE-2019-11135 (TAA, ZombieLoad V2) | πŸ’₯ | πŸ’₯ (1) | πŸ’₯ | πŸ’₯ (1) | Microcode + kernel update CVE-2020-0543 (SRBDS, CROSSTalk) | πŸ’₯ (2) | πŸ’₯ (2) | πŸ’₯ (2) | πŸ’₯ (2) | Microcode + kernel update +CVE-2022-21123 (SBDR, MMIO Stale Data) | πŸ’₯ | πŸ’₯ (1) | πŸ’₯ | πŸ’₯ (1) | Microcode + kernel update +CVE-2022-21125 (SBDS, MMIO Stale Data) | πŸ’₯ | πŸ’₯ (1) | πŸ’₯ | πŸ’₯ (1) | Microcode + kernel update +CVE-2022-21166 (DRPW, MMIO Stale Data) | πŸ’₯ | πŸ’₯ (1) | πŸ’₯ | πŸ’₯ (1) | Microcode + kernel update CVE-2022-29900 (Retbleed AMD) | πŸ’₯ | βœ… | πŸ’₯ | βœ… | Kernel update (+ microcode for IBPB) CVE-2022-29901 (Retbleed Intel, RSBA) | πŸ’₯ | βœ… | πŸ’₯ | βœ… | Microcode + kernel update (eIBRS or IBRS) CVE-2022-40982 (Downfall, GDS) | πŸ’₯ | πŸ’₯ | πŸ’₯ | πŸ’₯ | Microcode update (or disable AVX) @@ -145,6 +151,10 @@ On CPUs with Intel TSX, a transactional abort can leave data from the line fill Certain special CPU instructions (RDRAND, RDSEED, EGETKEY) read data through a shared staging buffer that is accessible across all cores via speculative execution. An attacker running code on any core can observe the output of these instructions from a victim on a different core, including extracting cryptographic keys from SGX enclaves (a complete ECDSA key was demonstrated). This is notable as one of the first cross-core speculative execution attacks. Mitigation requires a microcode update that serializes access to the staging buffer, plus a kernel update to manage the mitigation. Performance impact is low, mainly affecting workloads that heavily use RDRAND/RDSEED. +**CVE-2022-21123, CVE-2022-21125, CVE-2022-21166 β€” Processor MMIO Stale Data (SBDR, SBDS, DRPW)** + +A class of MMIO (Memory-Mapped I/O) vulnerabilities where stale data from CPU internal fill buffers can be inferred through side-channel attacks during MMIO operations. Three sub-vulnerabilities are covered: Shared Buffers Data Read (SBDR, CVE-2022-21123), Shared Buffers Data Sampling (SBDS, CVE-2022-21125), and Device Register Partial Write (DRPW, CVE-2022-21166). Affected Intel CPUs include Haswell through Rocket Lake server and client processors, plus Tremont Atom cores. Mitigation requires a microcode update providing the FB_CLEAR capability (VERW instruction clears fill buffers) plus a kernel update (Linux 5.19+) that invokes VERW at kernel/user transitions and VM entry/exit. When SMT is enabled, sibling threads can still exploit the vulnerability even with mitigations active. Performance impact is low, as the VERW mechanism is shared with the existing MDS mitigation. + **CVE-2022-29900 β€” Arbitrary Speculative Code Execution with Return Instructions (Retbleed AMD)** On AMD processors from families 0x15 through 0x17 (Bulldozer through Zen 2) and Hygon family 0x18, an attacker can exploit return instructions to redirect speculative execution and leak kernel memory, bypassing retpoline mitigations that were effective against Spectre V2. Unlike Spectre V2 which targets indirect jumps and calls, Retbleed specifically targets return instructions, which were previously considered safe. Mitigation requires a kernel update providing either the untrained return thunk (safe RET) or IBPB-on-entry mechanism, plus a microcode update providing IBPB support on Zen 1/2. On Zen 1/2, SMT should be disabled for full protection when using IBPB-based mitigation. Performance impact is medium. diff --git a/src/libs/002_core_globals.sh b/src/libs/002_core_globals.sh index 1c9d8a8..bbfe58e 100644 --- a/src/libs/002_core_globals.sh +++ b/src/libs/002_core_globals.sh @@ -156,6 +156,9 @@ CVE-2019-11091|MDSUM|mdsum|RIDL, microarchitectural data sampling uncacheable me CVE-2019-11135|TAA|taa|ZombieLoad V2, TSX Asynchronous Abort (TAA) CVE-2018-12207|ITLBMH|itlbmh|No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC) CVE-2020-0543|SRBDS|srbds|Special Register Buffer Data Sampling (SRBDS) +CVE-2022-21123|SBDR|mmio|Shared Buffers Data Read (SBDR), MMIO Stale Data +CVE-2022-21125|SBDS|mmio|Shared Buffers Data Sampling (SBDS), MMIO Stale Data +CVE-2022-21166|DRPW|mmio|Device Register Partial Write (DRPW), MMIO Stale Data CVE-2023-20588|DIV0|div0|Division by Zero, AMD Zen1 speculative data leak CVE-2023-20593|ZENBLEED|zenbleed|Zenbleed, cross-process information leak CVE-2022-40982|DOWNFALL|downfall|Downfall, gather data sampling (GDS) diff --git a/src/libs/200_cpu_affected.sh b/src/libs/200_cpu_affected.sh index 65175f7..39e662d 100644 --- a/src/libs/200_cpu_affected.sh +++ b/src/libs/200_cpu_affected.sh @@ -99,6 +99,7 @@ is_cpu_affected() { affected_taa='' affected_itlbmh='' affected_srbds='' + affected_mmio='' affected_sls='' # DIV0, Zenbleed and Inception are all AMD specific, look for "is_amd" below: _set_immune div0 @@ -135,6 +136,11 @@ is_cpu_affected() { pr_debug "is_cpu_affected: cpu not affected by Special Register Buffer Data Sampling" fi + if is_cpu_mmio_free; then + _infer_immune mmio + pr_debug "is_cpu_affected: cpu not affected by MMIO Stale Data" + fi + # NO_SPECTRE_V2: Centaur family 7 and Zhaoxin family 7 are immune to Spectre V2 # kernel commit 1e41a766c98b (v5.6-rc1): added NO_SPECTRE_V2 exemption # Zhaoxin vendor_id is " Shanghai " in cpuinfo (parsed as "Shanghai" by awk) @@ -156,6 +162,7 @@ is_cpu_affected() { _set_immune mdsum _set_immune taa _set_immune srbds + _set_immune mmio elif is_intel; then # Intel # https://github.com/crozone/SpectrePoC/issues/1 ^F E5200 => spectre 2 not affected @@ -805,7 +812,7 @@ is_cpu_affected() { pr_debug "is_cpu_affected: final results: variant4=$affected_variant4 variantl1tf=$affected_variantl1tf msbds=$affected_msbds mfbds=$affected_mfbds" pr_debug "is_cpu_affected: final results: mlpds=$affected_mlpds mdsum=$affected_mdsum taa=$affected_taa itlbmh=$affected_itlbmh srbds=$affected_srbds" pr_debug "is_cpu_affected: final results: div0=$affected_div0 zenbleed=$affected_zenbleed inception=$affected_inception retbleed=$affected_retbleed tsa=$affected_tsa downfall=$affected_downfall reptar=$affected_reptar rfds=$affected_rfds its=$affected_its" - pr_debug "is_cpu_affected: final results: vmscape=$affected_vmscape bpi=$affected_bpi sls=$affected_sls" + pr_debug "is_cpu_affected: final results: vmscape=$affected_vmscape bpi=$affected_bpi sls=$affected_sls mmio=$affected_mmio" } affected_variantl1tf_sgx="$affected_variantl1tf" # even if we are affected to L1TF, if there's no SGX, we're not affected to the original foreshadow diff --git a/src/libs/210_cpu_detect.sh b/src/libs/210_cpu_detect.sh index 0189f6a..dce3c3d 100644 --- a/src/libs/210_cpu_detect.sh +++ b/src/libs/210_cpu_detect.sh @@ -156,6 +156,61 @@ is_cpu_srbds_free() { } +# Check whether the CPU is known to be unaffected by MMIO Stale Data (CVE-2022-21123/21125/21166) +# Returns: 0 if MMIO-free, 1 if affected or unknown +is_cpu_mmio_free() { + # source: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/kernel/cpu/common.c + # + # CPU affection logic from kernel (51802186158c, v5.19): + # Bug is set when: cpu_matches(blacklist, MMIO) AND NOT arch_cap_mmio_immune() + # arch_cap_mmio_immune() requires ALL THREE bits set: + # ARCH_CAP_FBSDP_NO (bit 14) AND ARCH_CAP_PSDP_NO (bit 15) AND ARCH_CAP_SBDR_SSDP_NO (bit 13) + # + # Intel Family 6 model blacklist (unchanged since v5.19): + # HASWELL_X (0x3F) + # BROADWELL_D (0x56), BROADWELL_X (0x4F) + # SKYLAKE_X (0x55), SKYLAKE_L (0x4E), SKYLAKE (0x5E) + # KABYLAKE_L (0x8E), KABYLAKE (0x9E) + # ICELAKE_L (0x7E), ICELAKE_D (0x6C), ICELAKE_X (0x6A) + # COMETLAKE (0xA5), COMETLAKE_L (0xA6) + # LAKEFIELD (0x8A) + # ROCKETLAKE (0xA7) + # ATOM_TREMONT (0x96), ATOM_TREMONT_D (0x86), ATOM_TREMONT_L (0x9C) + # + # Vendor scope: Intel only. Non-Intel CPUs are not affected. + parse_cpu_details + # ARCH_CAP immunity: all three bits must be set + if [ "$cap_sbdr_ssdp_no" = 1 ] && [ "$cap_fbsdp_no" = 1 ] && [ "$cap_psdp_no" = 1 ]; then + return 0 + fi + if is_intel; then + if [ "$cpu_family" = 6 ]; then + if [ "$cpu_model" = "$INTEL_FAM6_HASWELL_X" ] || + [ "$cpu_model" = "$INTEL_FAM6_BROADWELL_D" ] || + [ "$cpu_model" = "$INTEL_FAM6_BROADWELL_X" ] || + [ "$cpu_model" = "$INTEL_FAM6_SKYLAKE_X" ] || + [ "$cpu_model" = "$INTEL_FAM6_SKYLAKE_L" ] || + [ "$cpu_model" = "$INTEL_FAM6_SKYLAKE" ] || + [ "$cpu_model" = "$INTEL_FAM6_KABYLAKE_L" ] || + [ "$cpu_model" = "$INTEL_FAM6_KABYLAKE" ] || + [ "$cpu_model" = "$INTEL_FAM6_ICELAKE_L" ] || + [ "$cpu_model" = "$INTEL_FAM6_ICELAKE_D" ] || + [ "$cpu_model" = "$INTEL_FAM6_ICELAKE_X" ] || + [ "$cpu_model" = "$INTEL_FAM6_COMETLAKE" ] || + [ "$cpu_model" = "$INTEL_FAM6_COMETLAKE_L" ] || + [ "$cpu_model" = "$INTEL_FAM6_LAKEFIELD" ] || + [ "$cpu_model" = "$INTEL_FAM6_ROCKETLAKE" ] || + [ "$cpu_model" = "$INTEL_FAM6_ATOM_TREMONT" ] || + [ "$cpu_model" = "$INTEL_FAM6_ATOM_TREMONT_D" ] || + [ "$cpu_model" = "$INTEL_FAM6_ATOM_TREMONT_L" ]; then + return 1 + fi + fi + fi + + return 0 +} + # Check whether the CPU is known to be unaffected by Speculative Store Bypass (SSB) # Returns: 0 if SSB-free, 1 if affected or unknown is_cpu_ssb_free() { diff --git a/src/libs/230_util_optparse.sh b/src/libs/230_util_optparse.sh index 65ab8ae..501146a 100644 --- a/src/libs/230_util_optparse.sh +++ b/src/libs/230_util_optparse.sh @@ -169,7 +169,7 @@ while [ -n "${1:-}" ]; do case "$2" in help) echo "The following parameters are supported for --variant (can be used multiple times):" - echo "1, 2, 3, 3a, 4, msbds, mfbds, mlpds, mdsum, l1tf, taa, mcepsc, srbds, div0, zenbleed, downfall, retbleed, inception, reptar, rfds, tsa, tsa-sq, tsa-l1, its, vmscape, bpi, sls" + echo "1, 2, 3, 3a, 4, msbds, mfbds, mlpds, mdsum, l1tf, taa, mcepsc, srbds, mmio, sbdr, sbds, drpw, div0, zenbleed, downfall, retbleed, inception, reptar, rfds, tsa, tsa-sq, tsa-l1, its, vmscape, bpi, sls" exit 0 ;; 1) @@ -224,6 +224,22 @@ while [ -n "${1:-}" ]; do opt_cve_list="$opt_cve_list CVE-2020-0543" opt_cve_all=0 ;; + mmio) + opt_cve_list="$opt_cve_list CVE-2022-21123 CVE-2022-21125 CVE-2022-21166" + opt_cve_all=0 + ;; + sbdr) + opt_cve_list="$opt_cve_list CVE-2022-21123" + opt_cve_all=0 + ;; + sbds) + opt_cve_list="$opt_cve_list CVE-2022-21125" + opt_cve_all=0 + ;; + drpw) + opt_cve_list="$opt_cve_list CVE-2022-21166" + opt_cve_all=0 + ;; div0) opt_cve_list="$opt_cve_list CVE-2023-20588" opt_cve_all=0 diff --git a/src/libs/400_hw_check.sh b/src/libs/400_hw_check.sh index 8810d65..ab90713 100644 --- a/src/libs/400_hw_check.sh +++ b/src/libs/400_hw_check.sh @@ -757,6 +757,10 @@ check_cpu() { cap_rfds_no=-1 cap_rfds_clear=-1 cap_its_no=-1 + cap_sbdr_ssdp_no=-1 + cap_fbsdp_no=-1 + cap_psdp_no=-1 + cap_fb_clear=-1 if [ "$cap_arch_capabilities" = -1 ]; then pstatus yellow UNKNOWN elif [ "$cap_arch_capabilities" != 1 ]; then @@ -774,6 +778,10 @@ check_cpu() { cap_rfds_no=0 cap_rfds_clear=0 cap_its_no=0 + cap_sbdr_ssdp_no=0 + cap_fbsdp_no=0 + cap_psdp_no=0 + cap_fb_clear=0 pstatus yellow NO else read_msr $MSR_IA32_ARCH_CAPABILITIES @@ -792,6 +800,10 @@ check_cpu() { cap_rfds_no=0 cap_rfds_clear=0 cap_its_no=0 + cap_sbdr_ssdp_no=0 + cap_fbsdp_no=0 + cap_psdp_no=0 + cap_fb_clear=0 if [ $ret = $READ_MSR_RET_OK ]; then capabilities=$ret_read_msr_value # https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/x86/include/asm/msr-index.h#n82 @@ -805,12 +817,16 @@ check_cpu() { [ $((ret_read_msr_value_lo >> 6 & 1)) -eq 1 ] && cap_pschange_msc_no=1 [ $((ret_read_msr_value_lo >> 7 & 1)) -eq 1 ] && cap_tsx_ctrl_msr=1 [ $((ret_read_msr_value_lo >> 8 & 1)) -eq 1 ] && cap_taa_no=1 + [ $((ret_read_msr_value_lo >> 13 & 1)) -eq 1 ] && cap_sbdr_ssdp_no=1 + [ $((ret_read_msr_value_lo >> 14 & 1)) -eq 1 ] && cap_fbsdp_no=1 + [ $((ret_read_msr_value_lo >> 15 & 1)) -eq 1 ] && cap_psdp_no=1 + [ $((ret_read_msr_value_lo >> 17 & 1)) -eq 1 ] && cap_fb_clear=1 [ $((ret_read_msr_value_lo >> 25 & 1)) -eq 1 ] && cap_gds_ctrl=1 [ $((ret_read_msr_value_lo >> 26 & 1)) -eq 1 ] && cap_gds_no=1 [ $((ret_read_msr_value_lo >> 27 & 1)) -eq 1 ] && cap_rfds_no=1 [ $((ret_read_msr_value_lo >> 28 & 1)) -eq 1 ] && cap_rfds_clear=1 [ $((ret_read_msr_value_hi >> 30 & 1)) -eq 1 ] && cap_its_no=1 - pr_debug "capabilities says rdcl_no=$cap_rdcl_no ibrs_all=$cap_ibrs_all rsba=$cap_rsba l1dflush_no=$cap_l1dflush_no ssb_no=$cap_ssb_no mds_no=$cap_mds_no taa_no=$cap_taa_no pschange_msc_no=$cap_pschange_msc_no rfds_no=$cap_rfds_no rfds_clear=$cap_rfds_clear its_no=$cap_its_no" + pr_debug "capabilities says rdcl_no=$cap_rdcl_no ibrs_all=$cap_ibrs_all rsba=$cap_rsba l1dflush_no=$cap_l1dflush_no ssb_no=$cap_ssb_no mds_no=$cap_mds_no taa_no=$cap_taa_no pschange_msc_no=$cap_pschange_msc_no rfds_no=$cap_rfds_no rfds_clear=$cap_rfds_clear its_no=$cap_its_no sbdr_ssdp_no=$cap_sbdr_ssdp_no fbsdp_no=$cap_fbsdp_no psdp_no=$cap_psdp_no fb_clear=$cap_fb_clear" if [ "$cap_ibrs_all" = 1 ]; then pstatus green YES else @@ -971,6 +987,24 @@ check_cpu() { pstatus yellow NO fi + pr_info_nol " * CPU explicitly indicates not being affected by MMIO Stale Data (FBSDP_NO & PSDP_NO & SBDR_SSDP_NO): " + if [ "$cap_sbdr_ssdp_no" = -1 ]; then + pstatus yellow UNKNOWN "couldn't read MSR" + elif [ "$cap_sbdr_ssdp_no" = 1 ] && [ "$cap_fbsdp_no" = 1 ] && [ "$cap_psdp_no" = 1 ]; then + pstatus green YES + else + pstatus yellow NO + fi + + pr_info_nol " * CPU microcode supports Fill Buffer clearing (FB_CLEAR): " + if [ "$cap_fb_clear" = -1 ]; then + pstatus yellow UNKNOWN "couldn't read MSR" + elif [ "$cap_fb_clear" = 1 ]; then + pstatus green YES + else + pstatus yellow NO + fi + pr_info_nol " * CPU explicitly indicates not being affected by RFDS (RFDS_NO): " if [ "$cap_rfds_no" = -1 ]; then pstatus yellow UNKNOWN "couldn't read MSR" diff --git a/src/vulns-helpers/check_mmio.sh b/src/vulns-helpers/check_mmio.sh new file mode 100644 index 0000000..7e1428b --- /dev/null +++ b/src/vulns-helpers/check_mmio.sh @@ -0,0 +1,252 @@ +# vim: set ts=4 sw=4 sts=4 et: +# MMIO Stale Data (Processor MMIO Stale Data Vulnerabilities) - BSD mitigation check +check_mmio_bsd() { + if ! is_cpu_affected "$cve"; then + pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" + else + pvulnstatus "$cve" UNK "your CPU is affected, but mitigation detection has not yet been implemented for BSD in this script" + fi +} + +# MMIO Stale Data (Processor MMIO Stale Data Vulnerabilities) - Linux mitigation check +check_mmio_linux() { + local status sys_interface_available msg kernel_mmio kernel_mmio_can_tell mmio_mitigated mmio_smt_mitigated mystatus mymsg + status=UNK + sys_interface_available=0 + msg='' + if sys_interface_check "$VULN_SYSFS_BASE/mmio_stale_data" '^[^;]+'; then + # Kernel source inventory for MMIO Stale Data, traced via git blame walkback + # across /shared/linux, /shared/linux-stable, and /shared/linux-centos-redhat: + # + # --- sysfs messages --- + # all versions: + # "Not affected" (cpu_show_common, generic) + # + # 8cb861e9e3c9 (v5.19, initial MMIO mitigation, Pawan Gupta 2022-05-19): + # enum mmio_mitigations: MMIO_MITIGATION_OFF, MMIO_MITIGATION_UCODE_NEEDED, MMIO_MITIGATION_VERW + # mmio_strings[]: + # "Vulnerable" (MMIO_MITIGATION_OFF) + # "Vulnerable: Clear CPU buffers attempted, no microcode" (MMIO_MITIGATION_UCODE_NEEDED) + # "Mitigation: Clear CPU buffers" (MMIO_MITIGATION_VERW) + # + # 8d50cdf8b834 (v5.19, sysfs reporting, Pawan Gupta 2022-05-19): + # mmio_stale_data_show_state() added with SMT suffix: + # "{mmio_strings[state]}; SMT vulnerable" (sched_smt_active() true) + # "{mmio_strings[state]}; SMT disabled" (sched_smt_active() false) + # "{mmio_strings[state]}; SMT Host state unknown" (boot_cpu_has(HYPERVISOR)) + # No SMT suffix when MMIO_MITIGATION_OFF. + # Uses sysfs_emit() in mainline. CentOS 7 backport uses sprintf(). + # + # 7df548840c49 (v6.0, "unknown" reporting, Pawan Gupta 2022-08-03): + # Added X86_BUG_MMIO_UNKNOWN handling: + # "Unknown: No mitigations" (X86_BUG_MMIO_UNKNOWN set) + # Present in: v6.0 through v6.15, stable 5.10.y/5.15.y/6.1.y/6.6.y, rocky8, rocky9 + # + # dd86a1d013e0 (v6.16, removed MMIO_UNKNOWN, Borislav Petkov 2025-04-14): + # Removed X86_BUG_MMIO_UNKNOWN -- "Unknown" message no longer produced. + # Replaced by general X86_BUG_OLD_MICROCODE mechanism. + # + # 4a5a04e61d7f (v6.16, restructured, David Kaplan 2025-04-18): + # Split into select/update/apply pattern. Same strings, same output. + # + # all messages start with "Not affected", "Vulnerable", "Mitigation", or "Unknown" + # + # --- stable backports --- + # Stable branches 5.4.y through 6.15.y: identical mmio_strings[] array. + # 5.4.y uses sprintf(); 5.10.y+ uses sysfs_emit(). + # v6.0.y through v6.15.y include "Unknown: No mitigations" branch. + # v6.16.y+: restructured, no "Unknown" message. + # + # --- RHEL/CentOS --- + # centos7: sprintf() instead of sysfs_emit(), otherwise identical strings. + # rocky8: sysfs_emit(), includes X86_BUG_MMIO_UNKNOWN. + # rocky9: sysfs_emit(), includes X86_BUG_MMIO_UNKNOWN. + # rocky10: restructured, matches mainline v6.16+. + # All RHEL branches use identical mmio_strings[] array. + # + # --- Kconfig symbols --- + # No Kconfig symbol: v5.19 through v6.11 (mitigation always compiled in when CPU_SUP_INTEL) + # 163f9fe6b625 (v6.12, Breno Leitao 2024-07-29): CONFIG_MITIGATION_MMIO_STALE_DATA (bool, default y, depends CPU_SUP_INTEL) + # No other name variants exist (no renames). Single symbol throughout history. + # + # --- stable --- + # Only linux-rolling-lts and linux-rolling-stable have the Kconfig symbol. + # Stable branches 5.x through 6.11.y: no Kconfig (always compiled in). + # + # --- RHEL --- + # rocky9, rocky10: CONFIG_MITIGATION_MMIO_STALE_DATA present. + # rocky8, centos7: no Kconfig symbol. + # + # --- kernel functions (for $opt_map / System.map) --- + # 8cb861e9e3c9 (v5.19): mmio_select_mitigation() [static __init] + # 8cb861e9e3c9 (v5.19): mmio_stale_data_parse_cmdline() [static __init] + # 8d50cdf8b834 (v5.19): mmio_stale_data_show_state() [static] + # 8d50cdf8b834 (v5.19): cpu_show_mmio_stale_data() [global, non-static -- visible in System.map] + # 4a5a04e61d7f (v6.16): + mmio_update_mitigation() [static __init] + # 4a5a04e61d7f (v6.16): + mmio_apply_mitigation() [static __init] + # + # Best grep targets for $opt_map: mmio_select_mitigation, cpu_show_mmio_stale_data + # Best grep targets for $g_kernel: mmio_stale_data (appears in sysfs strings and parameter name) + # + # --- stable --- + # 5.4.y-6.15.y: mmio_select_mitigation, mmio_stale_data_parse_cmdline, mmio_stale_data_show_state + # 6.16.y+: + mmio_update_mitigation, mmio_apply_mitigation + # + # --- RHEL --- + # rocky8/rocky9: mmio_select_mitigation, mmio_stale_data_parse_cmdline, mmio_stale_data_show_state + # rocky10: + mmio_update_mitigation, mmio_apply_mitigation + # + # --- CPU affection logic (for is_cpu_affected) --- + # 51802186158c (v5.19, initial model list, Pawan Gupta 2022-05-19): + # Intel Family 6: + # HASWELL_X (0x3F) + # BROADWELL_D (0x56), BROADWELL_X (0x4F) + # SKYLAKE_X (0x55), SKYLAKE_L (0x4E), SKYLAKE (0x5E) + # KABYLAKE_L (0x8E), KABYLAKE (0x9E) + # ICELAKE_L (0x7E), ICELAKE_D (0x6C), ICELAKE_X (0x6A) + # COMETLAKE (0xA5), COMETLAKE_L (0xA6) + # LAKEFIELD (0x8A) + # ROCKETLAKE (0xA7) + # ATOM_TREMONT (0x96), ATOM_TREMONT_D (0x86), ATOM_TREMONT_L (0x9C) + # All steppings. No stepping restrictions for MMIO flag itself. + # + # No models have been added to or removed from the MMIO blacklist since v5.19. + # + # immunity: ARCH_CAP_SBDR_SSDP_NO (bit 13) AND ARCH_CAP_FBSDP_NO (bit 14) AND ARCH_CAP_PSDP_NO (bit 15) + # All three must be set. Checked via arch_cap_mmio_immune() in common.c. + # Bug is set only when: cpu_matches(blacklist, MMIO) AND NOT arch_cap_mmio_immune(). + # + # microcode mitigation: ARCH_CAP_FB_CLEAR (bit 17) -- VERW clears fill buffers. + # Alternative: MD_CLEAR CPUID + FLUSH_L1D CPUID when MDS_NO is not set (legacy path). + # + # vendor scope: Intel only. Non-Intel CPUs never set X86_BUG_MMIO_STALE_DATA. + sys_interface_available=1 + status=$ret_sys_interface_check_status + fi + + if [ "$opt_sysfs_only" != 1 ]; then + pr_info_nol "* Kernel supports MMIO Stale Data mitigation: " + kernel_mmio='' + kernel_mmio_can_tell=1 + if [ -n "$g_kernel_err" ]; then + kernel_mmio_can_tell=0 + elif grep -q 'mmio_stale_data' "$g_kernel" 2>/dev/null; then + pr_debug "mmio: found 'mmio_stale_data' string in kernel image" + kernel_mmio='found MMIO Stale Data mitigation evidence in kernel image' + pstatus green YES "$kernel_mmio" + fi + if [ -z "$kernel_mmio" ] && [ -n "$opt_config" ] && grep -q '^CONFIG_MITIGATION_MMIO_STALE_DATA=y' "$opt_config"; then + kernel_mmio='found MMIO Stale Data mitigation config option enabled' + pstatus green YES "$kernel_mmio" + fi + if [ -z "$kernel_mmio" ] && [ -n "$opt_map" ]; then + if grep -qE 'mmio_select_mitigation|cpu_show_mmio_stale_data' "$opt_map"; then + kernel_mmio='found MMIO Stale Data mitigation function in System.map' + pstatus green YES "$kernel_mmio" + fi + fi + if [ -z "$kernel_mmio" ]; then + if [ "$kernel_mmio_can_tell" = 1 ]; then + pstatus yellow NO + else + pstatus yellow UNKNOWN + fi + fi + + pr_info_nol "* CPU microcode supports Fill Buffer clearing: " + if [ "$cap_fb_clear" = -1 ]; then + pstatus yellow UNKNOWN + elif [ "$cap_fb_clear" = 1 ]; then + pstatus green YES + else + pstatus yellow NO + fi + + if [ "$opt_live" = 1 ] && [ "$sys_interface_available" = 1 ]; then + pr_info_nol "* Kernel mitigation is enabled and active: " + if echo "$ret_sys_interface_check_fullmsg" | grep -qi ^mitigation; then + mmio_mitigated=1 + pstatus green YES + else + mmio_mitigated=0 + pstatus yellow NO + fi + pr_info_nol "* SMT is either mitigated or disabled: " + if echo "$ret_sys_interface_check_fullmsg" | grep -Eq 'SMT (disabled|mitigated)'; then + mmio_smt_mitigated=1 + pstatus green YES + else + mmio_smt_mitigated=0 + pstatus yellow NO + fi + fi + elif [ "$sys_interface_available" = 0 ]; then + # we have no sysfs but were asked to use it only! + msg="/sys vulnerability interface use forced, but it's not available!" + status=UNK + fi + + if ! is_cpu_affected "$cve"; then + # override status & msg in case CPU is not vulnerable after all + pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" + else + if [ "$opt_sysfs_only" != 1 ]; then + # compute mystatus and mymsg from our own logic + if [ "$cap_fb_clear" = 1 ]; then + if [ -n "$kernel_mmio" ]; then + if [ "$opt_live" = 1 ]; then + # mitigation must also be enabled + if [ "$mmio_mitigated" = 1 ]; then + if [ "$opt_paranoid" != 1 ] || [ "$mmio_smt_mitigated" = 1 ]; then + mystatus=OK + mymsg="Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled" + else + mystatus=VULN + mymsg="Your microcode and kernel are both up to date for this mitigation, but you must disable SMT (Hyper-Threading) for a complete mitigation" + fi + else + mystatus=VULN + mymsg="Your microcode and kernel are both up to date for this mitigation, but the mitigation is not active" + fi + else + mystatus=OK + mymsg="Your microcode and kernel are both up to date for this mitigation" + fi + else + mystatus=VULN + mymsg="Your microcode supports mitigation, but your kernel doesn't, upgrade it to mitigate the vulnerability" + fi + else + if [ -n "$kernel_mmio" ]; then + mystatus=VULN + mymsg="Your kernel supports mitigation, but your CPU microcode also needs to be updated to mitigate the vulnerability" + else + mystatus=VULN + mymsg="Neither your kernel or your microcode support mitigation, upgrade both to mitigate the vulnerability" + fi + fi + else + # sysfs only: return the status/msg we got + pvulnstatus "$cve" "$status" "$ret_sys_interface_check_fullmsg" + return + fi + + # if we didn't get a msg+status from sysfs, use ours + if [ -z "$msg" ]; then + pvulnstatus "$cve" "$mystatus" "$mymsg" + elif [ "$opt_paranoid" = 1 ]; then + # if paranoid mode is enabled, we know that we won't agree on status, so take ours + pvulnstatus "$cve" "$mystatus" "$mymsg" + elif [ "$status" = "$mystatus" ]; then + # if we agree on status, we'll print the common status and our message (more detailed than the sysfs one) + pvulnstatus "$cve" "$status" "$mymsg" + else + # if we don't agree on status, maybe our logic is flawed due to a new kernel/mitigation? use the one from sysfs + pvulnstatus "$cve" "$status" "$msg" + fi + + if [ "$mystatus" = VULN ]; then + explain "Update your kernel to a version that includes MMIO Stale Data mitigation (Linux 5.19+), and update your CPU microcode. If you are using a distribution kernel, make sure you are up to date. To enforce full mitigation including SMT, boot with 'mmio_stale_data=full,nosmt'." + fi + fi +} diff --git a/src/vulns/CVE-2022-21123.sh b/src/vulns/CVE-2022-21123.sh new file mode 100644 index 0000000..f4799e0 --- /dev/null +++ b/src/vulns/CVE-2022-21123.sh @@ -0,0 +1,7 @@ +# vim: set ts=4 sw=4 sts=4 et: +############################### +# CVE-2022-21123, SBDR, Shared Buffers Data Read, MMIO Stale Data + +check_CVE_2022_21123() { + check_cve 'CVE-2022-21123' check_mmio +} diff --git a/src/vulns/CVE-2022-21125.sh b/src/vulns/CVE-2022-21125.sh new file mode 100644 index 0000000..43c03a2 --- /dev/null +++ b/src/vulns/CVE-2022-21125.sh @@ -0,0 +1,7 @@ +# vim: set ts=4 sw=4 sts=4 et: +############################### +# CVE-2022-21125, SBDS, Shared Buffers Data Sampling, MMIO Stale Data + +check_CVE_2022_21125() { + check_cve 'CVE-2022-21125' check_mmio +} diff --git a/src/vulns/CVE-2022-21166.sh b/src/vulns/CVE-2022-21166.sh new file mode 100644 index 0000000..6a1b4f3 --- /dev/null +++ b/src/vulns/CVE-2022-21166.sh @@ -0,0 +1,7 @@ +# vim: set ts=4 sw=4 sts=4 et: +############################### +# CVE-2022-21166, DRPW, Device Register Partial Write, MMIO Stale Data + +check_CVE_2022_21166() { + check_cve 'CVE-2022-21166' check_mmio +} From 3c56ac35dd72f80841b2a2f5e3c9a93068588fe4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 12:29:26 +0200 Subject: [PATCH 17/57] fix: better detect kernel lockdown & no longer require cap_flush_cmd to deem CVE-2018-3615 as mitigated (fix #296) --- src/libs/001_core_header.sh | 3 ++- src/libs/340_cpu_msr.sh | 26 ++++++++++++++++++++++++++ src/libs/400_hw_check.sh | 11 ++--------- src/vulns/CVE-2018-3615.sh | 15 +++++---------- 4 files changed, 35 insertions(+), 20 deletions(-) diff --git a/src/libs/001_core_header.sh b/src/libs/001_core_header.sh index d09a997..2723c25 100644 --- a/src/libs/001_core_header.sh +++ b/src/libs/001_core_header.sh @@ -17,7 +17,8 @@ VERSION='1.0.0' # --- Common paths and basedirs --- readonly VULN_SYSFS_BASE="/sys/devices/system/cpu/vulnerabilities" -readonly DEBUGFS_BASE="/sys/kernel/debug" +readonly SYSKERNEL_BASE="/sys/kernel" +readonly DEBUGFS_BASE="$SYSKERNEL_BASE/debug" readonly SYS_MODULE_BASE="/sys/module" readonly CPU_DEV_BASE="/dev/cpu" readonly BSD_CPUCTL_DEV_BASE="/dev/cpuctl" diff --git a/src/libs/340_cpu_msr.sh b/src/libs/340_cpu_msr.sh index 51ef6d1..067c972 100644 --- a/src/libs/340_cpu_msr.sh +++ b/src/libs/340_cpu_msr.sh @@ -58,6 +58,19 @@ write_msr_one_core() { return "$(eval echo \$$mockvarname)" fi + # proactive lockdown detection via sysfs (vanilla 5.4+, CentOS 8+, Rocky 9+): + # if the kernel lockdown is set to integrity or confidentiality, MSR writes will be denied, + # so we can skip the write attempt entirely and avoid relying on dmesg parsing + if [ -e "$SYSKERNEL_BASE/security/lockdown" ]; then + if grep -qE '\[integrity\]|\[confidentiality\]' "$SYSKERNEL_BASE/security/lockdown" 2>/dev/null; then + pr_debug "write_msr: kernel lockdown detected via $SYSKERNEL_BASE/security/lockdown" + g_mockme=$(printf "%b\n%b" "$g_mockme" "SMC_MOCK_WRMSR_${msr}_RET=$WRITE_MSR_RET_LOCKDOWN") + g_msr_locked_down=1 + ret_write_msr_msg="your kernel is locked down, please reboot with lockdown=none in the kernel cmdline and retry" + return $WRITE_MSR_RET_LOCKDOWN + fi + fi + if [ ! -e $CPU_DEV_BASE/0/msr ] && [ ! -e ${BSD_CPUCTL_DEV_BASE}0 ]; then # try to load the module ourselves (and remember it so we can rmmod it afterwards) load_msr @@ -231,6 +244,19 @@ read_msr_one_core() { return "$(eval echo \$$mockvarname)" fi + # proactive lockdown detection via sysfs (vanilla 5.4+, CentOS 8+, Rocky 9+): + # if the kernel lockdown is set to integrity or confidentiality, MSR writes will be denied, + # so we can skip the write attempt entirely and avoid relying on dmesg parsing + if [ -e "$SYSKERNEL_BASE/security/lockdown" ]; then + if grep -qE '\[integrity\]|\[confidentiality\]' "$SYSKERNEL_BASE/security/lockdown" 2>/dev/null; then + pr_debug "write_msr: kernel lockdown detected via $SYSKERNEL_BASE/security/lockdown" + g_mockme=$(printf "%b\n%b" "$g_mockme" "SMC_MOCK_WRMSR_${msr}_RET=$WRITE_MSR_RET_LOCKDOWN") + g_msr_locked_down=1 + ret_write_msr_msg="your kernel is locked down, please reboot with lockdown=none in the kernel cmdline and retry" + return $WRITE_MSR_RET_LOCKDOWN + fi + fi + if [ ! -e $CPU_DEV_BASE/0/msr ] && [ ! -e ${BSD_CPUCTL_DEV_BASE}0 ]; then # try to load the module ourselves (and remember it so we can rmmod it afterwards) load_msr diff --git a/src/libs/400_hw_check.sh b/src/libs/400_hw_check.sh index ab90713..5ea9273 100644 --- a/src/libs/400_hw_check.sh +++ b/src/libs/400_hw_check.sh @@ -626,17 +626,16 @@ check_cpu() { if [ "$opt_allow_msr_write" = 1 ]; then pr_info_nol " * FLUSH_CMD MSR is available: " # the new MSR 'FLUSH_CMD' is at offset 0x10b, write-only + # this is probed for informational purposes only, the CPUID L1D flush bit + # (cap_l1df) is the authoritative indicator per Intel guidance write_msr 0x10b ret=$? if [ $ret = $WRITE_MSR_RET_OK ]; then pstatus green YES - cap_flush_cmd=1 elif [ $ret = $WRITE_MSR_RET_KO ]; then pstatus yellow NO - cap_flush_cmd=0 else pstatus yellow UNKNOWN "$ret_write_msr_msg" - cap_flush_cmd=-1 fi fi @@ -655,12 +654,6 @@ check_cpu() { cap_l1df=-1 fi - # if we weren't allowed to probe the write-only MSR but the CPUID - # bit says that it shoul be there, make the assumption that it is - if [ "$opt_allow_msr_write" != 1 ]; then - cap_flush_cmd=$cap_l1df - fi - if is_intel; then pr_info " * Microarchitectural Data Sampling" pr_info_nol " * VERW instruction is available: " diff --git a/src/vulns/CVE-2018-3615.sh b/src/vulns/CVE-2018-3615.sh index 6db32df..fb07763 100644 --- a/src/vulns/CVE-2018-3615.sh +++ b/src/vulns/CVE-2018-3615.sh @@ -8,15 +8,10 @@ check_CVE_2018_3615() { pr_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m" pr_info_nol "* CPU microcode mitigates the vulnerability: " - if { [ "$cap_flush_cmd" = 1 ] || { [ "$g_msr_locked_down" = 1 ] && [ "$cap_l1df" = 1 ]; }; } && [ "$cap_sgx" = 1 ]; then - # no easy way to detect a fixed SGX but we know that - # microcodes that have the FLUSH_CMD MSR also have the - # fixed SGX (for CPUs that support it), because Intel - # delivered fixed microcodes for both issues at the same time - # - # if the system we're running on is locked down (no way to write MSRs), - # make the assumption that if the L1D flush CPUID bit is set, probably - # that FLUSH_CMD MSR is here too + if [ "$cap_l1df" = 1 ] && [ "$cap_sgx" = 1 ]; then + # the L1D flush CPUID bit indicates that the microcode supports L1D flushing, + # and microcodes that have this also have the fixed SGX (for CPUs that support it), + # because Intel delivered fixed microcodes for both issues at the same time pstatus green YES elif [ "$cap_sgx" = 1 ]; then pstatus red NO @@ -27,7 +22,7 @@ check_CVE_2018_3615() { if ! is_cpu_affected "$cve"; then # override status & msg in case CPU is not vulnerable after all pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" - elif [ "$cap_flush_cmd" = 1 ] || { [ "$g_msr_locked_down" = 1 ] && [ "$cap_l1df" = 1 ]; }; then + elif [ "$cap_l1df" = 1 ]; then pvulnstatus "$cve" OK "your CPU microcode mitigates the vulnerability" else pvulnstatus "$cve" VULN "your CPU supports SGX and the microcode is not up to date" From b6a41918b0c38ed7d59ac9898a942123dcdcccec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 12:38:57 +0200 Subject: [PATCH 18/57] doc: add CVE-2019-11157 (Plundervolt) to unsupported CVE list --- UNSUPPORTED_CVE_LIST.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/UNSUPPORTED_CVE_LIST.md b/UNSUPPORTED_CVE_LIST.md index 5b921b1..80cc2df 100644 --- a/UNSUPPORTED_CVE_LIST.md +++ b/UNSUPPORTED_CVE_LIST.md @@ -221,6 +221,18 @@ A timing side-channel attack exploiting the shared Translation Lookaside Buffer These are hardware flaws but not side-channel or speculative execution issues. They fall outside the vulnerability class this tool is designed to detect. +## CVE-2019-11157 β€” Plundervolt (VoltJockey) + +- **Issue:** [#335](https://github.com/speed47/spectre-meltdown-checker/issues/335) +- **Advisory:** [INTEL-SA-00289](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00289.html) +- **Research:** [Plundervolt (plundervolt.com)](https://plundervolt.com/) +- **Affected CPUs:** Intel Core 6th–10th gen (Skylake through Comet Lake) with SGX +- **CVSS:** 7.1 (High) + +A voltage fault injection attack where a privileged attacker (ring 0) uses the software-accessible voltage scaling interface to undervolt the CPU during SGX enclave computations, inducing predictable bit flips that compromise enclave integrity and confidentiality. Intel's microcode fix locks down the voltage/frequency scaling MSRs to prevent software-initiated undervolting. + +**Why out of scope:** Not a transient or speculative execution vulnerability β€” this is a fault injection attack exploiting voltage manipulation, with no side-channel or speculative execution component. It requires ring 0 access and targets SGX enclaves specifically. While Intel issued a microcode update that locks voltage controls, there is no Linux kernel sysfs entry, no CPUID flag, and no kernel-side mitigation to detect. The fix is purely a microcode-level lockdown of voltage scaling registers, which is not exposed in any standard interface this tool can query. + ## CVE-2023-31315 β€” SinkClose (AMD SMM Lock Bypass) - **Issue:** [#499](https://github.com/speed47/spectre-meltdown-checker/issues/499) From 155b3808b9b95b56e015bff939aa02b9c443348c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 12:58:03 +0200 Subject: [PATCH 19/57] fix: CPUs affected by MSBDS but not MDS (fix #351) --- src/libs/200_cpu_affected.sh | 5 +++++ src/libs/210_cpu_detect.sh | 31 +++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/src/libs/200_cpu_affected.sh b/src/libs/200_cpu_affected.sh index 39e662d..b41e5df 100644 --- a/src/libs/200_cpu_affected.sh +++ b/src/libs/200_cpu_affected.sh @@ -124,6 +124,11 @@ is_cpu_affected() { _infer_immune mlpds _infer_immune mdsum pr_debug "is_cpu_affected: cpu not affected by Microarchitectural Data Sampling" + elif is_cpu_msbds_only; then + _infer_immune mfbds + _infer_immune mlpds + _infer_immune mdsum + pr_debug "is_cpu_affected: cpu only affected by MSBDS, not MFBDS/MLPDS/MDSUM" fi if is_cpu_taa_free; then diff --git a/src/libs/210_cpu_detect.sh b/src/libs/210_cpu_detect.sh index dce3c3d..41f24e4 100644 --- a/src/libs/210_cpu_detect.sh +++ b/src/libs/210_cpu_detect.sh @@ -85,6 +85,37 @@ is_cpu_mds_free() { return 1 } +# Check whether the CPU is known to be affected by MSBDS only (not MFBDS/MLPDS/MDSUM) +# These CPUs have a different microarchitecture that is only susceptible to +# Microarchitectural Store Buffer Data Sampling, not the other MDS variants. +# Returns: 0 if MSBDS-only, 1 otherwise +is_cpu_msbds_only() { + # source: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/kernel/cpu/common.c + #VULNWL_INTEL(ATOM_SILVERMONT, MSBDS_ONLY), + #VULNWL_INTEL(ATOM_SILVERMONT_D, MSBDS_ONLY), + #VULNWL_INTEL(ATOM_SILVERMONT_MID, MSBDS_ONLY), + #VULNWL_INTEL(ATOM_SILVERMONT_MID2, MSBDS_ONLY), + #VULNWL_INTEL(ATOM_AIRMONT, MSBDS_ONLY), + #VULNWL_INTEL(XEON_PHI_KNL, MSBDS_ONLY), + #VULNWL_INTEL(XEON_PHI_KNM, MSBDS_ONLY), + parse_cpu_details + if is_intel; then + if [ "$cpu_family" = 6 ]; then + if [ "$cpu_model" = "$INTEL_FAM6_ATOM_SILVERMONT" ] || + [ "$cpu_model" = "$INTEL_FAM6_ATOM_SILVERMONT_D" ] || + [ "$cpu_model" = "$INTEL_FAM6_ATOM_SILVERMONT_MID" ] || + [ "$cpu_model" = "$INTEL_FAM6_ATOM_SILVERMONT_MID2" ] || + [ "$cpu_model" = "$INTEL_FAM6_ATOM_AIRMONT" ] || + [ "$cpu_model" = "$INTEL_FAM6_XEON_PHI_KNL" ] || + [ "$cpu_model" = "$INTEL_FAM6_XEON_PHI_KNM" ]; then + return 0 + fi + fi + fi + + return 1 +} + # Check whether the CPU is known to be unaffected by TSX Asynchronous Abort (TAA) # Returns: 0 if TAA-free, 1 if affected or unknown is_cpu_taa_free() { From 24ab98d757710e5f2db50f75052ae5f74d994206 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 13:07:20 +0200 Subject: [PATCH 20/57] doc: document CVE-2020-24511 and CVE-2020-24512 as being out of scope along with rationale (#409) --- UNSUPPORTED_CVE_LIST.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/UNSUPPORTED_CVE_LIST.md b/UNSUPPORTED_CVE_LIST.md index 80cc2df..52ae954 100644 --- a/UNSUPPORTED_CVE_LIST.md +++ b/UNSUPPORTED_CVE_LIST.md @@ -155,6 +155,28 @@ AMD CPUs may transiently execute non-canonical loads and stores using only the l **Why out of scope:** AMD's mitigation guidance is for software vendors to "analyze their code for any potential vulnerabilities" and insert LFENCE or use existing speculation mitigation techniques in their own code. No microcode or kernel-level mitigations have been issued. The responsibility falls on individual software, not on the kernel or firmware, leaving nothing for this script to check. +## CVE-2020-24511 β€” Domain-Type Confusion (IBRS Scope) + +- **Issue:** [#409](https://github.com/speed47/spectre-meltdown-checker/issues/409) +- **Advisory:** [INTEL-SA-00464](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html) +- **Affected CPUs:** Intel Skylake through Comet Lake (different steppings; see advisory for details) +- **CVSS:** 6.5 (Medium) + +Improper isolation of shared resources in some Intel processors allows an authenticated user to potentially enable information disclosure via local access. Specifically, the Indirect Branch Restricted Speculation (IBRS) mitigation may not be fully applied after certain privilege-level transitions, allowing residual branch predictions to cross security boundaries. + +**Why out of scope:** The mitigation is exclusively a microcode update (released June 2021) with no corresponding Linux kernel sysfs entry in `/sys/devices/system/cpu/vulnerabilities/`, no new CPUID bit, no new MSR, and no kernel configuration option. The only way to detect the fix would be to maintain a per-CPU-stepping minimum microcode version lookup table, which is brittle and high-maintenance. Additionally, Intel dropped microcode support for Sandy Bridge and Ivy Bridge in the same timeframe, leaving those generations permanently unpatched with no mitigation path available. + +## CVE-2020-24512 β€” Observable Timing Discrepancy (Trivial Data Value) + +- **Issue:** [#409](https://github.com/speed47/spectre-meltdown-checker/issues/409) +- **Advisory:** [INTEL-SA-00464](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html) +- **Affected CPUs:** Intel Skylake through Tiger Lake (broad scope; see advisory for details) +- **CVSS:** 2.8 (Low) + +Observable timing discrepancy in some Intel processors allows an authenticated user to potentially enable information disclosure via local access. Certain cache optimizations treat "trivial data value" cache lines (e.g., all-zero lines) differently from non-trivial lines, creating a timing side channel that can distinguish memory content patterns. + +**Why out of scope:** Like CVE-2020-24511, this is a microcode-only fix with no Linux kernel sysfs entry, no CPUID bit, no MSR, and no kernel configuration option. Detection would require a per-CPU-stepping microcode version lookup table. The vulnerability has low severity (CVSS 2.8) and practical exploitation is limited. Intel dropped microcode support for Sandy Bridge and Ivy Bridge, leaving those generations permanently vulnerable. + ## CVE-2021-26318 β€” AMD Prefetch Attacks through Power and Time - **Issue:** [#412](https://github.com/speed47/spectre-meltdown-checker/issues/412) From e1ace7c281230421c6ee9481a62ee31191ccfa85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 13:26:38 +0200 Subject: [PATCH 21/57] doc: document Platypus (CVE-2020-8694 CVE-2020-8695) as out of scope (#384) --- UNSUPPORTED_CVE_LIST.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/UNSUPPORTED_CVE_LIST.md b/UNSUPPORTED_CVE_LIST.md index 52ae954..12330b9 100644 --- a/UNSUPPORTED_CVE_LIST.md +++ b/UNSUPPORTED_CVE_LIST.md @@ -255,6 +255,18 @@ A voltage fault injection attack where a privileged attacker (ring 0) uses the s **Why out of scope:** Not a transient or speculative execution vulnerability β€” this is a fault injection attack exploiting voltage manipulation, with no side-channel or speculative execution component. It requires ring 0 access and targets SGX enclaves specifically. While Intel issued a microcode update that locks voltage controls, there is no Linux kernel sysfs entry, no CPUID flag, and no kernel-side mitigation to detect. The fix is purely a microcode-level lockdown of voltage scaling registers, which is not exposed in any standard interface this tool can query. +## CVE-2020-8694 / CVE-2020-8695 β€” Platypus (RAPL Power Side Channel) + +- **Issue:** [#384](https://github.com/speed47/spectre-meltdown-checker/issues/384) +- **Advisory:** [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html) +- **Research:** [PLATYPUS (platypusattack.com)](https://platypusattack.com/) +- **Affected CPUs:** Intel Core (Sandy Bridge+), Intel Xeon (Sandy Bridge-EP+) +- **CVSS:** 5.6 (Medium) / 6.5 (Medium) + +A software-based power side-channel attack exploiting Intel's Running Average Power Limit (RAPL) interface. By monitoring energy consumption reported through the `powercap` sysfs interface or the `MSR_RAPL_POWER_UNIT` / `MSR_PKG_ENERGY_STATUS` MSRs, an unprivileged attacker can statistically distinguish instructions and operands, recover AES-NI keys from SGX enclaves, and break kernel ASLR. + +**Why out of scope:** Not a transient or speculative execution vulnerability β€” this is a power analysis side-channel attack with no speculative execution component. The mitigations (microcode update restricting RAPL energy reporting to privileged access, and kernel restricting the `powercap` sysfs interface) are not exposed via `/sys/devices/system/cpu/vulnerabilities/`. There is no dedicated sysfs vulnerability entry, no CPUID flag, and no kernel configuration option for this tool to check. + ## CVE-2023-31315 β€” SinkClose (AMD SMM Lock Bypass) - **Issue:** [#499](https://github.com/speed47/spectre-meltdown-checker/issues/499) From 6043f586ef15e8b136026c22c80c1db2d9bdda1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 13:43:39 +0200 Subject: [PATCH 22/57] enh: update IntelDB affected CPU list to 2026-04 data, including Hybrid CPU detection --- src/db/100_inteldb.sh | 157 +++++++++++++++++++++-------------- src/libs/200_cpu_affected.sh | 7 +- src/libs/350_cpu_detect2.sh | 16 ++++ 3 files changed, 118 insertions(+), 62 deletions(-) diff --git a/src/db/100_inteldb.sh b/src/db/100_inteldb.sh index bfc0404..06482d0 100644 --- a/src/db/100_inteldb.sh +++ b/src/db/100_inteldb.sh @@ -1,11 +1,9 @@ +# %%% ENDOFINTELDB # vim: set ts=4 sw=4 sts=4 et: -# Dump from Intel affected CPU page: -# - https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html -# Only currently-supported CPUs are listed, so only rely on it if the current CPU happens to be in the list. -# We merge it with info from the following file: -# - https://software.intel.com/content/dam/www/public/us/en/documents/affected-processors-transient-execution-attacks-by-cpu-aug02.xlsx -# As it contains some information from older processors, however when information is contradictory between the two sources, the HTML takes precedence as -# it is expected to be updated, whereas the xslx seems to be frozen. +# Merged INTELDB: HTML (authoritative) + CSV history (supplementary) + XLSX (legacy/stale) +# HTML source: https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html +# CSV source: https://github.com/intel/Intel-affected-processor-list +# XSLX source: https://software.intel.com/content/dam/www/public/us/en/documents/affected-processors-transient-execution-attacks-by-cpu-aug02.xlsx # # N: Not affected # S: Affected, software fix @@ -13,9 +11,20 @@ # M: Affected, MCU update needed # B: Affected, BIOS update needed # X: Affected, no planned mitigation -# Y: Affected (this is from the xlsx, no details are available) +# Y: Affected (no details available) +# MS: Affected, MCU + software fix +# HS: Affected, hardware + software fix +# HM: Affected, hardware + MCU fix +# +# Entries may have an optional hybrid qualifier after the CPUID: +# 0xCPUID,H=1,... matches only hybrid CPUs (CPUID.0x7.EDX[15]=1) +# 0xCPUID,H=0,... matches only non-hybrid CPUs (CPUID.0x7.EDX[15]=0) +# 0xCPUID,... matches any CPU (no qualifier = fallback) # # %%% INTELDB +# +# XSLX +# # 0x000206A7,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=N, # 0x000206D6,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=N, # 0x000206D7,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=N, @@ -27,8 +36,6 @@ # 0x000306D4,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=Y,2020-0543=Y, # 0x000306E4,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=N, # 0x000306E7,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=N, -# 0x000306F2,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=N,2020-0543=N,2022-40982=N, -# 0x000306F4,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=N, # 0x00040651,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=Y, # 0x00040661,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=Y, # 0x00040671,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=Y,2020-0543=Y, @@ -37,82 +44,110 @@ # 0x000406C4,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N, # 0x000406D8,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N, # 0x000406E3,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=MS, -# 0x000406F1,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=N, -# 0x00050653,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=M, -# 0x00050654,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=M, -# 0x00050656,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=MS,2020-0543=N,2022-40982=M, -# 0x00050657,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=MS,2020-0543=N,2022-40982=M, # 0x0005065A,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, -# 0x0005065B,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, # 0x00050662,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=Y,2020-0543=N, -# 0x00050663,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=N, -# 0x00050664,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=N, -# 0x00050665,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=N, # 0x000506A0,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N, # 0x000506C9,2017-5715=MS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, -# 0x000506CA,2017-5715=MS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, # 0x000506D0,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N, -# 0x000506E3,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=MS,2022-40982=N, -# 0x000506F1,2017-5715=MS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, # 0x00060650,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N, # 0x000606A0,2017-5715=Y,2017-5753=Y,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=Y,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N, # 0x000606A4,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, # 0x000606A5,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, -# 0x000606A6,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, -# 0x000606C1,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, # 0x000606E1,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N, # 0x0007065A,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N, -# 0x000706A1,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, -# 0x000706A8,2017-5715=MS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, -# 0x000706E5,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=HM,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, # 0x00080660,2017-5715=Y,2017-5753=Y,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=Y,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N, # 0x00080664,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, -# 0x00080665,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, -# 0x00080667,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, # 0x000806A0,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=HM,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, # 0x000806A1,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=HM,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, # 0x000806C0,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, -# 0x000806C1,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, -# 0x000806C2,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, # 0x000806D0,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, -# 0x000806D1,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, -# 0x000806E9,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=M,2022-40982=M, -# 0x000806EA,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=MS,2022-40982=M, -# 0x000806EB,2017-5715=MS,2017-5753=S,2017-5754=N,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=M,2018-3646=N,2019-11135=MS,2020-0543=MS,2022-40982=M, -# 0x000806EC,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=MS,2020-0543=MS,2022-40982=M, -# 0x000806F7,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, -# 0x000806F8,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, -# 0x00090660,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, -# 0x00090661,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, # 0x00090670,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, # 0x00090671,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, -# 0x00090672,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, # 0x00090673,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, # 0x00090674,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, -# 0x00090675,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, # 0x000906A0,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, # 0x000906A2,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, -# 0x000906A3,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, -# 0x000906A4,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, -# 0x000906C0,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, -# 0x000906E9,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=MS,2022-40982=M, -# 0x000906EA,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=MS,2022-40982=M, -# 0x000906EB,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=MS,2022-40982=M, -# 0x000906EC,2017-5715=MS,2017-5753=S,2017-5754=N,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=MS,2020-0543=MS,2022-40982=M, -# 0x000906ED,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=MS,2020-0543=MS,2022-40982=M, # 0x000A0650,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, # 0x000A0651,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, -# 0x000A0652,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, -# 0x000A0653,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, -# 0x000A0655,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, -# 0x000A0660,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, -# 0x000A0661,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, # 0x000A0670,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, -# 0x000A0671,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M, # 0x000A0680,2017-5715=Y,2017-5753=Y,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=Y,2018-3615=N,2018-3620=N,2018-3639=Y,2018-3640=Y,2018-3646=N,2019-11135=N,2020-0543=N, -# 0x000B0671,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, -# 0x000B06A2,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, -# 0x000B06A3,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, -# 0x000B06F2,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, -# 0x000B06F5,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N, +# +# HTML/CSV +# +# 0x000306F2,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=N,2022-29901=N,2022-28693=N,2022-21166=MS,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=N,2022-0002=N,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=X,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=X,2020-0551_zero=X,2020-0551_stale=X,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=S,2019-11135=N,2019-1125=S,2018-12127=MS,2018-12126=MS,2018-12130=MS,2018-3615=MS,2018-3620=MS,2018-3646=MS,2018-3639=MS,2018-3640=M,2017-5754=S,2017-5715=MS,2017-5753=S, +# 0x000306F4,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=N,2022-29901=N,2022-28693=N,2022-21166=MS,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=N,2022-0002=N,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=X,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=X,2020-0551_zero=X,2020-0551_stale=X,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=S,2019-11135=MS,2019-1125=S,2018-12127=MS,2018-12126=MS,2018-12130=MS,2018-3615=MS,2018-3620=MS,2018-3646=MS,2018-3639=MS,2018-3640=M,2017-5754=S,2017-5715=MS,2017-5753=S, +# 0x000406F1,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=N,2022-29901=N,2022-28693=N,2022-21166=MS,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=N,2022-0002=N,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=X,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=X,2020-0551_zero=X,2020-0551_stale=X,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=S,2019-11135=MS,2019-1125=S,2018-12127=MS,2018-12126=MS,2018-12130=MS,2018-3615=MS,2018-3620=MS,2018-3646=MS,2018-3639=MS,2018-3640=M,2017-5754=S,2017-5715=MS,2017-5753=S, +# 0x00050653,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=N,2022-29901=S,2022-28693=N,2022-21166=MS,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=N,2022-0002=N,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=X,2020-0551_stale=X,2020-0549=M,2020-8696=MS,2020-0548=MS,2018-12207=S,2019-11135=MS,2019-1125=S,2018-12127=MS,2018-12126=MS,2018-12130=MS,2018-3615=MS,2018-3620=MS,2018-3646=MS,2018-3639=MS,2018-3640=M,2017-5754=S,2017-5715=MS,2017-5753=S, +# 0x00050654,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=M,2022-26373=N,2022-21233=N,2022-29901=S,2022-28693=N,2022-21166=MS,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=N,2022-0002=N,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=X,2020-0551_stale=X,2020-0549=M,2020-8696=MS,2020-0548=MS,2018-12207=S,2019-11135=MS,2019-1125=S,2018-12127=MS,2018-12126=MS,2018-12130=MS,2018-3615=MS,2018-3620=MS,2018-3646=MS,2018-3639=MS,2018-3640=M,2017-5754=S,2017-5715=MS,2017-5753=S, +# 0x00050656,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=M,2022-26373=S,2022-21233=N,2022-38090=N,2022-29901=N,2022-28693=S,2022-21166=MS,2022-21125=N,2022-21123=N,2022-2118=N,2022-0001=S,2022-0002=S,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=M,2020-24512=N,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=X,2020-0551_stale=X,2020-0549=M,2020-8696=MS,2020-0548=MS,2018-12207=S,2019-11135=MS,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x00050657,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=M,2022-26373=S,2022-21233=N,2022-38090=N,2022-29901=N,2022-28693=S,2022-21166=MS,2022-21125=N,2022-21123=N,2022-2118=N,2022-0001=S,2022-0002=S,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=M,2020-24512=N,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=X,2020-0551_stale=X,2020-0549=M,2020-8696=MS,2020-0548=MS,2018-12207=S,2019-11135=MS,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x0005065B,2024-45332=M,2024-28956_IBPB=M,2024-28956_GH=S,2024-28956_cBPF=S,2024-31068=M,2024-36242=N,2024-23984=M,2024-25939=M,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=M,2022-26373=S,2022-21233=N,2022-29901=N,2022-28693=S,2022-21166=MS,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=S,2022-0002=S,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=M,2020-24512=N,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=X,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=S,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x00050663,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=N,2022-29901=N,2022-28693=N,2022-21166=MS,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=N,2022-0002=N,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=X,2020-0543=N,2022-21127=N,2020-0550=X,2020-0551_zero=X,2020-0551_stale=X,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=S,2019-11135=MS,2019-1125=S,2018-12127=MS,2018-12126=MS,2018-12130=MS,2018-3615=MS,2018-3620=MS,2018-3646=MS,2018-3639=MS,2018-3640=M,2017-5754=S,2017-5715=MS,2017-5753=S, +# 0x00050664,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=N,2022-29901=N,2022-28693=N,2022-21166=MS,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=N,2022-0002=N,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=X,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=X,2020-0551_zero=X,2020-0551_stale=X,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=S,2019-11135=MS,2019-1125=S,2018-12127=MS,2018-12126=MS,2018-12130=MS,2018-3615=MS,2018-3620=MS,2018-3646=MS,2018-3639=MS,2018-3640=M,2017-5754=S,2017-5715=MS,2017-5753=S, +# 0x00050665,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=N,2022-29901=N,2022-28693=N,2022-21166=MS,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=N,2022-0002=N,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=X,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=X,2020-0551_zero=X,2020-0551_stale=X,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=S,2019-11135=MS,2019-1125=S,2018-12127=MS,2018-12126=MS,2018-12130=MS,2018-3615=MS,2018-3620=MS,2018-3646=MS,2018-3639=MS,2018-3640=M,2017-5754=S,2017-5715=MS,2017-5753=S, +# 0x000506CA,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=MS,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=S,2022-29901=N,2022-28693=N,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=N,2022-0002=S,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=M,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=MS,2018-3640=N,2017-5754=N,2017-5715=MS,2017-5753=S, +# 0x000506E3,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=M,2022-26373=N,2022-21233=N,2022-29901=S,2022-28693=N,2022-21166=MS,2022-21125=MS,2022-21123=MS,2022-21180=MS,2022-0001=N,2022-0002=N,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=M,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=MS,2022-21127=MS,2020-0550=N,2020-0551_zero=S,2020-0551_stale=S,2020-0549=M,2020-8696=MS,2020-0548=MS,2018-12207=S,2019-11135=MS,2019-1125=S,2018-12127=MS,2018-12126=MS,2018-12130=MS,2018-3615=MS,2018-3620=MS,2018-3646=MS,2018-3639=MS,2018-3640=M,2017-5754=S,2017-5715=MS,2017-5753=S, +# 0x000506F1,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=MS,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=S,2022-29901=N,2022-28693=N,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=N,2022-0002=S,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=M,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=MS,2018-3640=N,2017-5754=N,2017-5715=MS,2017-5753=S, +# 0x000606A6,2024-45332=M,2024-28956_IBPB=M,2024-28956_GH=N,2024-28956_cBPF=S,2024-31068=N,2024-36242=S,2024-23984=M,2024-25939=N,2023-28746=N,2023-22655=MB,2023-38575=N,2023-39368=N,2023-23583=M,2022-40982=M,2022-26373=S,2022-21233=MS,2022-29901=N,2022-28693=N,2022-21166=MS,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=S,2022-0002=S,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000606C1,2024-45332=M,2024-28956_IBPB=M,2024-28956_GH=N,2024-28956_cBPF=S,2024-31068=N,2024-36242=S,2024-23984=M,2024-25939=N,2023-28746=N,2023-22655=MB,2023-38575=N,2023-39368=N,2023-23583=M,2022-40982=M,2022-26373=S,2022-21233=MS,2022-29901=N,2022-28693=N,2022-21166=MS,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=S,2022-0002=S,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000706A1,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=MBS,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=S,2022-38090=S,2022-29901=N,2022-28693=N,2022-21166=N,2022-21125=N,2022-21123=N,2022-2118=N,2022-0001=S,2022-0002=S,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=M,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=MS,2018-3640=N,2017-5754=S,2017-5715=MS,2017-5753=S, +# 0x000706A8,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=MBS,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=S,2022-29901=N,2022-28693=N,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=S,2022-0002=S,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=M,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=MS,2017-5753=S, +# 0x000706E5,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=S,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=M,2022-40982=M,2022-26373=S,2022-21233=S,2022-29901=N,2022-28693=S,2022-21166=MS,2022-21125=MS,2022-21123=MS,2022-21180=N,2022-0001=S,2022-0002=S,2021-0145=M,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=M,2020-24512=M,2020-24513=N,2020-8695=M,2020-8698=M,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=HM,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=S,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=HM,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x00080665,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=X,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=S,2022-29901=N,2022-28693=N,2022-21166=MS,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=S,2022-0002=S,2021-0145=N,2021-33120=M,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=M,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x00080667,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=MS,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=S,2022-29901=N,2022-28693=N,2022-21166=MS,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=S,2022-0002=S,2021-0145=N,2021-33120=M,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=MS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000806C1,2024-45332=M,2024-28956_IBPB=M,2024-28956_GH=N,2024-28956_cBPF=S,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=M,2022-40982=M,2022-26373=S,2022-21233=S,2022-29901=N,2022-28693=N,2022-21166=MB,2022-21125=MB,2022-21123=MB,2022-21180=N,2022-0001=S,2022-0002=S,2021-0145=M,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=M,2020-24513=N,2020-8695=M,2020-8698=M,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000806C2,2024-45332=M,2024-28956_IBPB=M,2024-28956_GH=N,2024-28956_cBPF=S,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=M,2022-40982=M,2022-26373=S,2022-21233=S,2022-29901=N,2022-28693=N,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=S,2022-0002=S,2021-0145=M,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=M,2020-24513=N,2020-8695=N,2020-8698=M,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000806D1,2024-45332=M,2024-28956_IBPB=M,2024-28956_GH=N,2024-28956_cBPF=S,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=M,2022-40982=M,2022-26373=S,2022-21233=S,2022-29901=N,2022-28693=N,2022-21166=MB,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=S,2022-0002=S,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000806E9,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=M,2022-26373=N,2022-21233=N,2022-29901=S,2022-28693=N,2022-21166=MS,2022-21125=MS,2022-21123=MS,2022-21180=S,2022-0001=N,2022-0002=N,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=M,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=M,2022-21127=M,2020-0550=N,2020-0551_zero=S,2020-0551_stale=S,2020-0549=M,2020-8696=MS,2020-0548=MS,2018-12207=S,2019-11135=MS,2019-1125=S,2018-12127=MS,2018-12126=MS,2018-12130=MS,2018-3615=MS,2018-3620=MS,2018-3646=MS,2018-3639=MS,2018-3640=M,2017-5754=S,2017-5715=MS,2017-5753=S, +# 0x000806EA,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=M,2022-26373=N,2022-21233=N,2022-29901=S,2022-28693=N,2022-21166=MS,2022-21125=MS,2022-21123=MS,2022-21180=S,2022-0001=N,2022-0002=N,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=M,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=MS,2022-21127=MS,2020-0550=N,2020-0551_zero=S,2020-0551_stale=S,2020-0549=M,2020-8696=MS,2020-0548=MS,2018-12207=S,2019-11135=MS,2019-1125=S,2018-12127=MS,2018-12126=MS,2018-12130=MS,2018-3615=MS,2018-3620=MS,2018-3646=MS,2018-3639=MS,2018-3640=M,2017-5754=S,2017-5715=MS,2017-5753=S, +# 0x000806EB,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=M,2022-26373=N,2022-21233=N,2022-29901=S,2022-28693=N,2022-21166=MS,2022-21125=MS,2022-21123=MS,2022-21180=S,2022-0001=N,2022-0002=N,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=M,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=MS,2022-21127=MS,2020-0550=N,2020-0551_zero=S,2020-0551_stale=S,2020-0549=M,2020-8696=MS,2020-0548=MS,2018-12207=S,2019-11135=MS,2019-1125=S,2018-12127=MS,2018-12126=MS,2018-12130=MS,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=MS,2018-3640=M,2017-5754=N,2017-5715=MS,2017-5753=S, +# 0x000806EC,2024-45332=M,2024-28956_IBPB=M,2024-28956_GH=S,2024-28956_cBPF=S,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=M,2022-26373=S,2022-21233=N,2022-29901=N,2022-28693=S,2022-21166=MS,2022-21125=MS,2022-21123=MS,2022-21180=S,2022-0001=S,2022-0002=S,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=M,2020-24512=M,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=MS,2022-21127=MS,2020-0550=N,2020-0551_zero=S,2020-0551_stale=S,2020-0549=M,2020-8696=MS,2020-0548=MS,2018-12207=S,2019-11135=MS,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000806F5,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=M,2024-36242=S,2024-23984=M,2024-25939=N,2023-28746=N,2023-22655=MB,2023-38575=M,2023-39368=M,2023-23583=M,2022-40982=N,2022-26373=S,2022-21233=HS,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000806F6,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=M,2024-36242=S,2024-23984=M,2024-25939=N,2023-28746=N,2023-22655=MB,2023-38575=M,2023-39368=M,2023-23583=M,2022-40982=N,2022-26373=S,2022-21233=HS,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000806F7,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=M,2024-36242=S,2024-23984=M,2024-25939=N,2023-28746=N,2023-22655=MB,2023-38575=M,2023-39368=M,2023-23583=M,2022-40982=N,2022-26373=S,2022-21233=HS,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000806F8,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=M,2024-36242=S,2024-23984=M,2024-25939=N,2023-28746=N,2023-22655=MB,2023-38575=M,2023-39368=M,2023-23583=M,2022-40982=N,2022-26373=S,2022-21233=HS,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x00090660,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=MS,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=S,2022-29901=N,2022-28693=N,2022-21166=MS,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=S,2022-0002=S,2021-0145=N,2021-33120=M,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=M,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x00090661,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=MS,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=S,2022-29901=N,2022-28693=N,2022-21166=MS,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=S,2022-0002=S,2021-0145=N,2021-33120=M,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=M,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x00090672,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=M,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=MS,2023-22655=N,2023-38575=M,2023-39368=M,2023-23583=M,2022-40982=N,2022-26373=S,2022-21233=S,2022-29901=N,2022-28693=MS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=MS,2022-0002=MS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x00090675,H=0,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=M,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=M,2023-39368=M,2023-23583=M,2022-40982=N,2022-26373=S,2022-21233=S,2022-29901=N,2022-28693=N,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=MS,2022-0002=MS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=MS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x00090675,H=1,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=M,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=MS,2023-22655=N,2023-38575=M,2023-39368=M,2023-23583=M,2022-40982=N,2022-26373=S,2022-21233=S,2022-29901=N,2022-28693=N,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=MS,2022-0002=MS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=MS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000906A3,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=M,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=MS,2023-22655=N,2023-38575=M,2023-39368=M,2023-23583=M,2022-40982=N,2022-26373=S,2022-21233=S,2022-29901=N,2022-28693=N,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=MS,2022-0002=MS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=MS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000906A4,H=0,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=MS,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=N,2022-29901=N,2022-28693=N,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000906A4,H=1,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=M,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=MS,2023-22655=N,2023-38575=M,2023-39368=M,2023-23583=M,2022-40982=N,2022-26373=S,2022-21233=S,2022-29901=N,2022-28693=N,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=MS,2022-0002=MS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=MS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000906C0,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=M,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000906E9,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=M,2022-26373=N,2022-21233=N,2022-29901=S,2022-28693=N,2022-21166=MS,2022-21125=MS,2022-21123=MS,2022-21180=S,2022-0001=N,2022-0002=N,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=M,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=MS,2022-21127=MS,2020-0550=N,2020-0551_zero=S,2020-0551_stale=S,2020-0549=M,2020-8696=MS,2020-0548=MS,2018-12207=S,2019-11135=MS,2019-1125=S,2018-12127=MS,2018-12126=MS,2018-12130=MS,2018-3615=MS,2018-3620=MS,2018-3646=MS,2018-3639=MS,2018-3640=M,2017-5754=S,2017-5715=MS,2017-5753=S, +# 0x000906EA,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=M,2022-26373=N,2022-21233=N,2022-29901=S,2022-28693=N,2022-21166=MS,2022-21125=MS,2022-21123=MS,2022-21180=S,2022-0001=N,2022-0002=N,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=M,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=MS,2022-21127=MS,2020-0550=N,2020-0551_zero=S,2020-0551_stale=S,2020-0549=M,2020-8696=MS,2020-0548=MS,2018-12207=S,2019-11135=MS,2019-1125=S,2018-12127=MS,2018-12126=MS,2018-12130=MS,2018-3615=MS,2018-3620=MS,2018-3646=MS,2018-3639=MS,2018-3640=M,2017-5754=S,2017-5715=MS,2017-5753=S, +# 0x000906EB,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=M,2022-26373=N,2022-21233=N,2022-38090=N,2022-29901=S,2022-28693=N,2022-21166=MS,2022-21125=MS,2022-21123=MS,2022-2118=S,2022-0001=N,2022-0002=N,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=M,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=MS,2022-21127=MS,2020-0550=N,2020-0551_zero=S,2020-0551_stale=S,2020-0549=M,2020-8696=MS,2020-0548=MS,2018-12207=S,2019-11135=MS,2019-1125=S,2018-12127=MS,2018-12126=MS,2018-12130=MS,2018-3615=MS,2018-3620=MS,2018-3646=MS,2018-3639=MS,2018-3640=M,2017-5754=S,2017-5715=MS,2017-5753=S, +# 0x000906EC,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=M,2022-26373=S,2022-21233=N,2022-29901=S,2022-28693=N,2022-21166=MS,2022-21125=MS,2022-21123=MS,2022-21180=S,2022-0001=N,2022-0002=N,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=M,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=MS,2022-21127=MS,2020-0550=N,2020-0551_zero=S,2020-0551_stale=S,2020-0549=M,2020-8696=MS,2020-0548=MS,2018-12207=S,2019-11135=MS,2019-1125=S,2018-12127=MS,2018-12126=MS,2018-12130=MS,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=M,2017-5754=N,2017-5715=MS,2017-5753=S, +# 0x000906ED,2024-45332=M,2024-28956_IBPB=M,2024-28956_GH=S,2024-28956_cBPF=S,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=M,2022-26373=S,2022-21233=N,2022-29901=N,2022-28693=S,2022-21166=MS,2022-21125=MS,2022-21123=MS,2022-21180=S,2022-0001=S,2022-0002=S,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=M,2020-24512=M,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=MS,2022-21127=MS,2020-0550=N,2020-0551_zero=S,2020-0551_stale=S,2020-0549=M,2020-8696=MS,2020-0548=MS,2018-12207=S,2019-11135=MS,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=M,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000A0652,2024-45332=M,2024-28956_IBPB=M,2024-28956_GH=S,2024-28956_cBPF=S,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=M,2022-26373=S,2022-21233=N,2022-29901=N,2022-28693=S,2022-21166=MS,2022-21125=MS,2022-21123=MS,2022-21180=S,2022-0001=S,2022-0002=S,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=M,2020-24512=M,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=S,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=S,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=M,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000A0653,2024-45332=M,2024-28956_IBPB=M,2024-28956_GH=S,2024-28956_cBPF=S,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=M,2022-26373=S,2022-21233=N,2022-29901=N,2022-28693=S,2022-21166=MS,2022-21125=MS,2022-21123=MS,2022-21180=S,2022-0001=S,2022-0002=S,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=M,2020-24512=M,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=S,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=S,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=M,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000A0655,2024-45332=M,2024-28956_IBPB=M,2024-28956_GH=S,2024-28956_cBPF=S,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=M,2022-26373=S,2022-21233=N,2022-29901=N,2022-28693=S,2022-21166=MS,2022-21125=MS,2022-21123=MS,2022-21180=S,2022-0001=S,2022-0002=S,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=M,2020-24512=M,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=S,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=S,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=M,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000A0660,2024-45332=M,2024-28956_IBPB=M,2024-28956_GH=S,2024-28956_cBPF=S,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=M,2022-26373=S,2022-21233=N,2022-29901=N,2022-28693=S,2022-21166=MS,2022-21125=MS,2022-21123=MS,2022-21180=S,2022-0001=S,2022-0002=S,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=M,2020-24512=M,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=S,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=S,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=M,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000A0661,2024-45332=M,2024-28956_IBPB=M,2024-28956_GH=S,2024-28956_cBPF=S,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=M,2022-26373=S,2022-21233=N,2022-29901=N,2022-28693=S,2022-21166=MS,2022-21125=MS,2022-21123=MS,2022-21180=S,2022-0001=S,2022-0002=S,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=M,2020-24512=M,2020-24513=N,2020-8695=M,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=S,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=S,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=M,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000A0671,2024-45332=M,2024-28956_IBPB=M,2024-28956_GH=N,2024-28956_cBPF=S,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=M,2022-40982=M,2022-26373=S,2022-21233=S,2022-29901=N,2022-28693=N,2022-21166=MS,2022-21125=N,2022-21123=N,2022-21180=S,2022-0001=S,2022-0002=S,2021-0145=M,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=S,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000A06A4,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=M,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=N,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000A06D0,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=N,2022-38090=N,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-2118=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000A06D1,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=N,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000A06E1,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=S,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=N,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000A06F2,2024-31068=N,2024-36242=S,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=N,2022-38090=N,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-2118=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000A06F3,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=S,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=N,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000B0650,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=N,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000B0664,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=S,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=N,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000B0671,H=0,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=M,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=M,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=S,2022-21233=S,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000B0671,H=1,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=M,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=MS,2023-22655=N,2023-38575=M,2023-39368=M,2023-23583=N,2022-40982=N,2022-26373=S,2022-21233=S,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000B06A2,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=M,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=MS,2023-22655=N,2023-38575=M,2023-39368=N,2023-23583=M,2022-40982=N,2022-26373=S,2022-21233=S,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000B06A3,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=M,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=MS,2023-22655=N,2023-38575=M,2023-39368=N,2023-23583=M,2022-40982=N,2022-26373=S,2022-21233=S,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000B06A8,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=M,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=MS,2023-22655=N,2023-38575=M,2023-39368=N,2023-23583=M,2022-40982=N,2022-26373=S,2022-21233=S,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000B06D1,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=M,2022-40982=N,2022-26373=S,2022-21233=S,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000B06E0,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=MS,2023-22655=N,2023-38575=N,2023-39368=M,2023-23583=N,2022-40982=N,2022-26373=N,2022-21233=N,2022-29901=N,2022-28693=N,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000B06F2,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=M,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=MS,2023-22655=N,2023-38575=M,2023-39368=M,2023-23583=M,2022-40982=N,2022-26373=S,2022-21233=S,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000B06F5,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=M,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=MS,2023-22655=N,2023-38575=M,2023-39368=M,2023-23583=M,2022-40982=N,2022-26373=S,2022-21233=S,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000C0652,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=S,2022-21233=S,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000C0662,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=S,2022-21233=S,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000C0664,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=N,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=S,2022-21233=S,2022-38090=S,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-2118=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000C06C2,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=S,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=S,2022-21233=N,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000C06C3,2024-45332=N,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=N,2024-36242=S,2024-23984=N,2024-25939=N,2023-28746=N,2023-22655=N,2023-38575=N,2023-39368=N,2023-23583=N,2022-40982=N,2022-26373=S,2022-21233=N,2022-29901=N,2022-28693=HS,2022-21166=N,2022-21125=N,2022-21123=N,2022-21180=N,2022-0001=HS,2022-0002=HS,2021-0145=N,2021-33120=N,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# 0x000C06F2,2024-45332=M,2024-28956_IBPB=N,2024-28956_GH=N,2024-28956_cBPF=N,2024-31068=M,2021-0089=S,2021-0086=S,2020-24511=N,2020-24512=N,2020-24513=N,2020-8695=N,2020-8698=N,2020-0543=N,2022-21127=N,2020-0550=N,2020-0551_zero=N,2020-0551_stale=N,2020-0549=N,2020-8696=N,2020-0548=N,2018-12207=N,2019-11135=N,2019-1125=S,2018-12127=N,2018-12126=N,2018-12130=N,2018-3615=N,2018-3620=N,2018-3646=N,2018-3639=HS,2018-3640=N,2017-5754=N,2017-5715=HS,2017-5753=S, +# # %%% ENDOFINTELDB diff --git a/src/libs/200_cpu_affected.sh b/src/libs/200_cpu_affected.sh index b41e5df..10ca4eb 100644 --- a/src/libs/200_cpu_affected.sh +++ b/src/libs/200_cpu_affected.sh @@ -50,7 +50,12 @@ is_cpu_affected() { if [ "${g_intel_line:-}" = "no" ]; then pr_debug "is_cpu_affected: $cpuid_hex not in Intel database (cached)" elif [ -z "$g_intel_line" ]; then - g_intel_line=$(read_inteldb | grep -F "$cpuid_hex," | head -n1) + # Try hybrid-specific entry first (H=0 or H=1), fall back to unqualified entry + g_intel_line=$(read_inteldb | grep -F "$cpuid_hex,H=$cpu_hybrid," | head -n1) + if [ -z "$g_intel_line" ]; then + # No hybrid-specific entry, try unqualified (no H= field) + g_intel_line=$(read_inteldb | grep -F "$cpuid_hex," | grep -v ',H=' | head -n1) + fi if [ -z "$g_intel_line" ]; then g_intel_line=no pr_debug "is_cpu_affected: $cpuid_hex not in Intel database" diff --git a/src/libs/350_cpu_detect2.sh b/src/libs/350_cpu_detect2.sh index bd257f4..48aa9e4 100644 --- a/src/libs/350_cpu_detect2.sh +++ b/src/libs/350_cpu_detect2.sh @@ -117,6 +117,22 @@ parse_cpu_details() { g_mockme=$(printf "%b\n%b" "$g_mockme" "SMC_MOCK_CPU_PLATFORMID='$cpu_platformid'") fi + # Detect hybrid CPU: CPUID.(EAX=7,ECX=0):EDX[15] = 1 means hybrid + cpu_hybrid=0 + if is_intel; then + read_cpuid 0x7 0x0 $EDX 15 1 1 + if [ $? = $READ_CPUID_RET_OK ]; then + cpu_hybrid=1 + fi + fi + if [ -n "${SMC_MOCK_CPU_HYBRID:-}" ]; then + cpu_hybrid="$SMC_MOCK_CPU_HYBRID" + pr_debug "parse_cpu_details: MOCKING cpu hybrid to $cpu_hybrid" + g_mocked=1 + else + g_mockme=$(printf "%b\n%b" "$g_mockme" "SMC_MOCK_CPU_HYBRID='$cpu_hybrid'") + fi + # get raw cpuid, it's always useful (referenced in the Intel doc for firmware updates for example) if [ "$g_mocked" != 1 ] && read_cpuid 0x1 0x0 $EAX 0 0xFFFFFFFF; then cpu_cpuid="$ret_read_cpuid_value" From 8d9504d174e51e74d2967f7afd132a4a34aba373 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 13:46:11 +0200 Subject: [PATCH 23/57] chore: add comment about is_intel/amd/hygon recursion --- src/libs/350_cpu_detect2.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/libs/350_cpu_detect2.sh b/src/libs/350_cpu_detect2.sh index 48aa9e4..a521c65 100644 --- a/src/libs/350_cpu_detect2.sh +++ b/src/libs/350_cpu_detect2.sh @@ -65,6 +65,7 @@ parse_cpu_details() { # see https://elixir.bootlin.com/linux/v6.0/source/arch/x86/kernel/cpu/microcode/intel.c#L694 # Set it to 8 (impossible value as it is 3 bit long) by default cpu_platformid=8 + # use direct cpu_vendor comparison: is_intel() calls parse_cpu_details() which would recurse if [ "$cpu_vendor" = GenuineIntel ] && [ "$cpu_model" -ge 5 ]; then read_msr $MSR_IA32_PLATFORM_ID ret=$? @@ -119,7 +120,8 @@ parse_cpu_details() { # Detect hybrid CPU: CPUID.(EAX=7,ECX=0):EDX[15] = 1 means hybrid cpu_hybrid=0 - if is_intel; then + # use direct cpu_vendor comparison: is_intel() calls parse_cpu_details() which would recurse + if [ "$cpu_vendor" = GenuineIntel ]; then read_cpuid 0x7 0x0 $EDX 15 1 1 if [ $? = $READ_CPUID_RET_OK ]; then cpu_hybrid=1 @@ -146,7 +148,8 @@ parse_cpu_details() { if [ -z "$cpu_ucode" ] && [ "$g_os" != Linux ]; then load_cpuid if [ -e ${BSD_CPUCTL_DEV_BASE}0 ]; then - if [ "$cpu_vendor" = AuthenticAMD ]; then + # use direct cpu_vendor comparison: is_amd/is_hygon/is_intel() call parse_cpu_details() which would recurse + if [ "$cpu_vendor" = AuthenticAMD ] || [ "$cpu_vendor" = HygonGenuine ]; then # AMD: read MSR_PATCHLEVEL (0xC0010058) directly cpu_ucode=$(cpucontrol -m 0xC0010058 ${BSD_CPUCTL_DEV_BASE}0 2>/dev/null | awk '{print $3}') elif [ "$cpu_vendor" = GenuineIntel ]; then From 333aa74fead89a0f112febba573a5ef768631f54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 14:59:13 +0200 Subject: [PATCH 24/57] enh: clearer CPU details section --- src/libs/004_intel_codenames.sh | 127 ++++++++++++++++++++++++++++++++ src/libs/400_hw_check.sh | 26 ++++++- 2 files changed, 152 insertions(+), 1 deletion(-) create mode 100644 src/libs/004_intel_codenames.sh diff --git a/src/libs/004_intel_codenames.sh b/src/libs/004_intel_codenames.sh new file mode 100644 index 0000000..2dae1cc --- /dev/null +++ b/src/libs/004_intel_codenames.sh @@ -0,0 +1,127 @@ +# vim: set ts=4 sw=4 sts=4 et: +# Human-friendly codename lookup for Intel CPUs. +# Depends on constants from 003_intel_models.sh being set. + +# Print the human-friendly codename for the current Intel CPU, or nothing if unknown. +# Reads: cpu_family, cpu_model (set by parse_cpu_details) +get_intel_codename() { + case "$cpu_family" in + 5) + case "$cpu_model" in + "$INTEL_FAM5_PENTIUM_75") echo "Pentium 75 (P54C)" ;; + "$INTEL_FAM5_PENTIUM_MMX") echo "Pentium MMX (P55C)" ;; + "$INTEL_FAM5_QUARK_X1000") echo "Quark X1000" ;; + esac + ;; + 6) + case "$cpu_model" in + "$INTEL_FAM6_PENTIUM_PRO") echo "Pentium Pro" ;; + "$INTEL_FAM6_PENTIUM_II_KLAMATH") echo "Pentium II (Klamath)" ;; + "$INTEL_FAM6_PENTIUM_III_DESCHUTES") echo "Pentium III (Deschutes)" ;; + "$INTEL_FAM6_PENTIUM_III_TUALATIN") echo "Pentium III (Tualatin)" ;; + "$INTEL_FAM6_PENTIUM_M_DOTHAN") echo "Pentium M (Dothan)" ;; + "$INTEL_FAM6_CORE_YONAH") echo "Core (Yonah)" ;; + "$INTEL_FAM6_CORE2_MEROM") echo "Core 2 (Merom)" ;; + "$INTEL_FAM6_CORE2_MEROM_L") echo "Core 2 (Merom-L)" ;; + "$INTEL_FAM6_CORE2_PENRYN") echo "Core 2 (Penryn)" ;; + "$INTEL_FAM6_CORE2_DUNNINGTON") echo "Core 2 (Dunnington)" ;; + "$INTEL_FAM6_NEHALEM") echo "Nehalem" ;; + "$INTEL_FAM6_NEHALEM_G") echo "Nehalem (Auburndale / Havendale)" ;; + "$INTEL_FAM6_NEHALEM_EP") echo "Nehalem EP" ;; + "$INTEL_FAM6_NEHALEM_EX") echo "Nehalem EX" ;; + "$INTEL_FAM6_WESTMERE") echo "Westmere" ;; + "$INTEL_FAM6_WESTMERE_EP") echo "Westmere EP" ;; + "$INTEL_FAM6_WESTMERE_EX") echo "Westmere EX" ;; + "$INTEL_FAM6_SANDYBRIDGE") echo "Sandy Bridge" ;; + "$INTEL_FAM6_SANDYBRIDGE_X") echo "Sandy Bridge-E" ;; + "$INTEL_FAM6_IVYBRIDGE") echo "Ivy Bridge" ;; + "$INTEL_FAM6_IVYBRIDGE_X") echo "Ivy Bridge-E" ;; + "$INTEL_FAM6_HASWELL") echo "Haswell" ;; + "$INTEL_FAM6_HASWELL_X") echo "Haswell-E" ;; + "$INTEL_FAM6_HASWELL_L") echo "Haswell (low power)" ;; + "$INTEL_FAM6_HASWELL_G") echo "Haswell (GT3e)" ;; + "$INTEL_FAM6_BROADWELL") echo "Broadwell" ;; + "$INTEL_FAM6_BROADWELL_G") echo "Broadwell (GT3e)" ;; + "$INTEL_FAM6_BROADWELL_X") echo "Broadwell-E" ;; + "$INTEL_FAM6_BROADWELL_D") echo "Broadwell-DE" ;; + "$INTEL_FAM6_SKYLAKE_L") echo "Skylake (mobile)" ;; + "$INTEL_FAM6_SKYLAKE") echo "Skylake (desktop)" ;; + "$INTEL_FAM6_SKYLAKE_X") echo "Skylake-X / Cascade Lake / Cooper Lake" ;; + "$INTEL_FAM6_KABYLAKE_L") echo "Kaby Lake (mobile) / Sky Lake" ;; + "$INTEL_FAM6_KABYLAKE") echo "Kaby Lake / Coffee Lake / Sky Lake" ;; + "$INTEL_FAM6_COMETLAKE") echo "Comet Lake / Sky Lake" ;; + "$INTEL_FAM6_COMETLAKE_L") echo "Comet Lake (mobile) / Sky Lake" ;; + "$INTEL_FAM6_CANNONLAKE_L") echo "Cannon Lake (Palm Cove)" ;; + "$INTEL_FAM6_ICELAKE_X") echo "Ice Lake-X (Sunny Cove)" ;; + "$INTEL_FAM6_ICELAKE_D") echo "Ice Lake-D (Sunny Cove)" ;; + "$INTEL_FAM6_ICELAKE") echo "Ice Lake (Sunny Cove)" ;; + "$INTEL_FAM6_ICELAKE_L") echo "Ice Lake-L (Sunny Cove)" ;; + "$INTEL_FAM6_ICELAKE_NNPI") echo "Ice Lake NNPI (Sunny Cove)" ;; + "$INTEL_FAM6_ROCKETLAKE") echo "Rocket Lake (Cypress Cove)" ;; + "$INTEL_FAM6_TIGERLAKE_L") echo "Tiger Lake-L (Willow Cove)" ;; + "$INTEL_FAM6_TIGERLAKE") echo "Tiger Lake (Willow Cove)" ;; + "$INTEL_FAM6_SAPPHIRERAPIDS_X") echo "Sapphire Rapids-X (Golden Cove)" ;; + "$INTEL_FAM6_EMERALDRAPIDS_X") echo "Emerald Rapids-X (Raptor Cove)" ;; + "$INTEL_FAM6_GRANITERAPIDS_X") echo "Granite Rapids-X (Redwood Cove)" ;; + "$INTEL_FAM6_GRANITERAPIDS_D") echo "Granite Rapids-D (Redwood Cove)" ;; + "$INTEL_FAM6_BARTLETTLAKE") echo "Bartlett Lake (Raptor Cove)" ;; + "$INTEL_FAM6_LAKEFIELD") echo "Lakefield (Sunny Cove + Tremont)" ;; + "$INTEL_FAM6_ALDERLAKE") echo "Alder Lake (Golden Cove + Gracemont)" ;; + "$INTEL_FAM6_ALDERLAKE_L") echo "Alder Lake-L (Golden Cove + Gracemont)" ;; + "$INTEL_FAM6_RAPTORLAKE") echo "Raptor Lake (Raptor Cove + Enhanced Gracemont)" ;; + "$INTEL_FAM6_RAPTORLAKE_P") echo "Raptor Lake-P (Raptor Cove + Enhanced Gracemont)" ;; + "$INTEL_FAM6_RAPTORLAKE_S") echo "Raptor Lake-S (Raptor Cove + Enhanced Gracemont)" ;; + "$INTEL_FAM6_METEORLAKE") echo "Meteor Lake (Redwood Cove + Crestmont)" ;; + "$INTEL_FAM6_METEORLAKE_L") echo "Meteor Lake-L (Redwood Cove + Crestmont)" ;; + "$INTEL_FAM6_ARROWLAKE_H") echo "Arrow Lake-H (Lion Cove + Skymont)" ;; + "$INTEL_FAM6_ARROWLAKE") echo "Arrow Lake (Lion Cove + Skymont)" ;; + "$INTEL_FAM6_ARROWLAKE_U") echo "Arrow Lake-U (Lion Cove + Skymont)" ;; + "$INTEL_FAM6_LUNARLAKE_M") echo "Lunar Lake-M (Lion Cove + Skymont)" ;; + "$INTEL_FAM6_PANTHERLAKE_L") echo "Panther Lake-L (Cougar Cove + Darkmont)" ;; + "$INTEL_FAM6_WILDCATLAKE_L") echo "Wildcat Lake-L" ;; + "$INTEL_FAM6_ATOM_BONNELL") echo "Atom Bonnell (Diamondville / Pineview)" ;; + "$INTEL_FAM6_ATOM_BONNELL_MID") echo "Atom Bonnell (Silverthorne / Lincroft)" ;; + "$INTEL_FAM6_ATOM_SALTWELL") echo "Atom Saltwell (Cedarview)" ;; + "$INTEL_FAM6_ATOM_SALTWELL_MID") echo "Atom Saltwell (Penwell)" ;; + "$INTEL_FAM6_ATOM_SALTWELL_TABLET") echo "Atom Saltwell (Cloverview)" ;; + "$INTEL_FAM6_ATOM_SILVERMONT") echo "Atom Silvermont (Bay Trail)" ;; + "$INTEL_FAM6_ATOM_SILVERMONT_D") echo "Atom Silvermont-D (Avaton / Rangely)" ;; + "$INTEL_FAM6_ATOM_SILVERMONT_MID") echo "Atom Silvermont (Merriefield)" ;; + "$INTEL_FAM6_ATOM_SILVERMONT_MID2") echo "Atom Silvermont (Anniedale)" ;; + "$INTEL_FAM6_ATOM_AIRMONT") echo "Atom Airmont (Cherry Trail / Braswell)" ;; + "$INTEL_FAM6_ATOM_AIRMONT_NP") echo "Atom Airmont (Lightning Mountain)" ;; + "$INTEL_FAM6_ATOM_GOLDMONT") echo "Atom Goldmont (Apollo Lake)" ;; + "$INTEL_FAM6_ATOM_GOLDMONT_D") echo "Atom Goldmont-D (Denverton)" ;; + "$INTEL_FAM6_ATOM_GOLDMONT_PLUS") echo "Atom Goldmont Plus (Gemini Lake)" ;; + "$INTEL_FAM6_ATOM_TREMONT_D") echo "Atom Tremont-D (Jacobsville)" ;; + "$INTEL_FAM6_ATOM_TREMONT") echo "Atom Tremont (Elkhart Lake)" ;; + "$INTEL_FAM6_ATOM_TREMONT_L") echo "Atom Tremont-L (Jasper Lake)" ;; + "$INTEL_FAM6_ATOM_GRACEMONT") echo "Atom Gracemont (Alder Lake-N)" ;; + "$INTEL_FAM6_ATOM_CRESTMONT_X") echo "Atom Crestmont-X (Sierra Forest)" ;; + "$INTEL_FAM6_ATOM_CRESTMONT") echo "Atom Crestmont (Grand Ridge)" ;; + "$INTEL_FAM6_ATOM_DARKMONT_X") echo "Atom Darkmont-X (Clearwater Forest)" ;; + "$INTEL_FAM6_XEON_PHI_KNL") echo "Xeon Phi (Knights Landing)" ;; + "$INTEL_FAM6_XEON_PHI_KNM") echo "Xeon Phi (Knights Mill)" ;; + esac + ;; + 15) + case "$cpu_model" in + "$INTEL_FAM15_P4_WILLAMETTE") echo "Pentium 4 (Willamette)" ;; + "$INTEL_FAM15_P4_PRESCOTT") echo "Pentium 4 (Prescott)" ;; + "$INTEL_FAM15_P4_PRESCOTT_2M") echo "Pentium 4 (Prescott 2M)" ;; + "$INTEL_FAM15_P4_CEDARMILL") echo "Pentium 4 (Cedarmill)" ;; + esac + ;; + 18) + case "$cpu_model" in + "$INTEL_FAM18_NOVALAKE") echo "Nova Lake (Coyote Cove)" ;; + "$INTEL_FAM18_NOVALAKE_L") echo "Nova Lake-L (Coyote Cove)" ;; + esac + ;; + 19) + case "$cpu_model" in + "$INTEL_FAM19_DIAMONDRAPIDS_X") echo "Diamond Rapids-X (Panther Cove)" ;; + esac + ;; + esac +} diff --git a/src/libs/400_hw_check.sh b/src/libs/400_hw_check.sh index 5ea9273..451624a 100644 --- a/src/libs/400_hw_check.sh +++ b/src/libs/400_hw_check.sh @@ -345,13 +345,37 @@ sys_interface_check() { # Display hardware-level CPU mitigation support (microcode features, ARCH_CAPABILITIES, etc.) check_cpu() { - local capabilities ret spec_ctrl_msr + local capabilities ret spec_ctrl_msr codename ucode_str pr_info "\033[1;34mHardware check\033[0m" if ! uname -m | grep -qwE 'x86_64|i[3-6]86|amd64'; then return fi + pr_info "* CPU details" + pr_info " * Vendor: $cpu_vendor" + pr_info " * Model name: $cpu_friendly_name" + pr_info " * Family: $(printf '0x%02x' "$cpu_family") Model: $(printf '0x%02x' "$cpu_model") Stepping: $(printf '0x%02x' "$cpu_stepping")" + if [ -n "$cpu_ucode" ]; then + ucode_str=$(printf '0x%x' "$cpu_ucode") + else + ucode_str="N/A" + fi + pr_info " * Microcode: $ucode_str" + pr_info " * CPUID: $(printf '0x%08x' "$cpu_cpuid")" + if is_intel; then + pr_info " * Platform ID: $(printf '0x%02x' "$cpu_platformid")" + if [ "$cpu_hybrid" = 1 ]; then + pr_info " * Hybrid CPU: YES" + else + pr_info " * Hybrid CPU: NO" + fi + codename=$(get_intel_codename) + if [ -n "$codename" ]; then + pr_info " * Codename: $codename" + fi + fi + pr_info "* Hardware support (CPU microcode) for mitigation techniques" pr_info " * Indirect Branch Restricted Speculation (IBRS)" pr_info_nol " * SPEC_CTRL MSR is available: " From 49472f1b64d0e4fa2bb08414d2a84d2229ba8ae6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 15:00:00 +0200 Subject: [PATCH 25/57] enh: clearer kernel info section at the top of the script --- src/libs/400_hw_check.sh | 46 +++++++++++++++++++++++++++++++++------- src/main.sh | 6 +++++- 2 files changed, 43 insertions(+), 9 deletions(-) diff --git a/src/libs/400_hw_check.sh b/src/libs/400_hw_check.sh index 451624a..29fb958 100644 --- a/src/libs/400_hw_check.sh +++ b/src/libs/400_hw_check.sh @@ -91,8 +91,6 @@ fi if [ "$opt_live" = 1 ]; then pr_info "Checking for vulnerabilities on current system" - pr_info "Kernel is \033[35m$g_os $(uname -r) $(uname -v) $(uname -m)\033[0m" - pr_info "CPU is \033[35m$cpu_friendly_name\033[0m" # try to find the image of the current running kernel if [ -n "$opt_kernel" ]; then @@ -189,7 +187,6 @@ if [ "$opt_live" = 1 ]; then fi else pr_info "Checking for vulnerabilities against specified kernel" - pr_info "CPU is \033[35m$cpu_friendly_name\033[0m" fi if [ -n "$opt_kernel" ]; then @@ -222,9 +219,7 @@ if [ "$g_os" = Linux ]; then g_bad_accuracy=1 fi - if [ "${g_bad_accuracy:=0}" = 1 ]; then - pr_warn "We're missing some kernel info (see -v), accuracy might be reduced" - fi + : "${g_bad_accuracy:=0}" fi if [ -e "$opt_kernel" ]; then @@ -262,7 +257,7 @@ else pr_warn "Possible discrepancy between your running kernel '$(uname -r)' and the image '$g_kernel_version' we found ($opt_kernel), results might be incorrect" fi else - pr_info "Kernel image is \033[35m$g_kernel_version" + pr_verbose "Kernel image is \033[35m$g_kernel_version" fi else pr_verbose "Kernel image version is unknown" @@ -343,10 +338,45 @@ sys_interface_check() { return 0 } +# Display kernel image, config, and System.map availability +check_kernel_info() { + local config_display + pr_info "\033[1;34mKernel information\033[0m" + if [ "$opt_live" = 1 ]; then + pr_info "* Kernel is \033[35m$g_os $(uname -r) $(uname -v) $(uname -m)\033[0m" + elif [ -n "$g_kernel_version" ]; then + pr_info "* Kernel is \033[35m$g_kernel_version\033[0m" + else + pr_info "* Kernel is \033[35munknown\033[0m" + fi + if [ -n "$opt_kernel" ] && [ -e "$opt_kernel" ]; then + pr_info "* Kernel image found at \033[35m$opt_kernel\033[0m" + else + pr_info "* Kernel image NOT found" + fi + if [ -n "$opt_config" ]; then + if [ -n "${g_dumped_config:-}" ]; then + config_display="$g_procfs/config.gz" + else + config_display="$opt_config" + fi + pr_info "* Kernel config found at \033[35m$config_display\033[0m" + else + pr_info "* Kernel config NOT found" + fi + if [ -n "$opt_map" ]; then + pr_info "* Kernel System.map found at \033[35m$opt_map\033[0m" + else + pr_info "* Kernel System.map NOT found" + fi + if [ "${g_bad_accuracy:-0}" = 1 ]; then + pr_warn "We're missing some kernel info, accuracy might be reduced" + fi +} + # Display hardware-level CPU mitigation support (microcode features, ARCH_CAPABILITIES, etc.) check_cpu() { local capabilities ret spec_ctrl_msr codename ucode_str - pr_info "\033[1;34mHardware check\033[0m" if ! uname -m | grep -qwE 'x86_64|i[3-6]86|amd64'; then return diff --git a/src/main.sh b/src/main.sh index f7d1357..3522c61 100644 --- a/src/main.sh +++ b/src/main.sh @@ -1,6 +1,10 @@ # vim: set ts=4 sw=4 sts=4 et: +check_kernel_info +pr_info + if [ "$opt_no_hw" = 0 ] && [ -z "$opt_arch_prefix" ]; then + pr_info "\033[1;34mHardware check\033[0m" check_cpu check_cpu_vulnerabilities pr_info @@ -20,7 +24,7 @@ if [ -n "$g_final_summary" ]; then fi if [ "$g_bad_accuracy" = 1 ]; then - pr_warn "We're missing some kernel info (see -v), accuracy might be reduced" + pr_warn "We're missing some kernel information (see kernel section at the top), accuracy might be reduced" fi g_vars=$(set | grep -Ev '^[A-Z_[:space:]]' | grep -v -F 'g_mockme=' | sort | tr "\n" '|') From 2c766b7cc63e441df75415d42dc69be8beb99805 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 17:01:17 +0200 Subject: [PATCH 26/57] fix: wrmsr: specify core number (closes #294) --- src/libs/340_cpu_msr.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/libs/340_cpu_msr.sh b/src/libs/340_cpu_msr.sh index 067c972..33500f1 100644 --- a/src/libs/340_cpu_msr.sh +++ b/src/libs/340_cpu_msr.sh @@ -86,14 +86,13 @@ write_msr_one_core() { ret=$? else # for Linux - # convert to decimal if [ ! -w $CPU_DEV_BASE/"$core"/msr ]; then ret_write_msr_msg="No write permission on $CPU_DEV_BASE/$core/msr" return $WRITE_MSR_RET_ERR # if wrmsr is available, use it elif command -v wrmsr >/dev/null 2>&1 && [ "${SMC_NO_WRMSR:-}" != 1 ]; then pr_debug "write_msr: using wrmsr" - wrmsr $msr_dec $value_dec 2>/dev/null + wrmsr -p "$core" $msr_dec $value_dec 2>/dev/null ret=$? # ret=4: msr doesn't exist, ret=127: msr.allow_writes=off [ "$ret" = 127 ] && write_denied=1 From 42ed8efa65ddc4508f0ce9f57ce3844ab185e6a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 17:12:21 +0200 Subject: [PATCH 27/57] fix: better compatibility under busybox, silence buggy unzlma versions (fix #432) --- DEVELOPMENT.md | 1 + src/libs/300_kernel_extract.sh | 4 +++- src/main.sh | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index e975f45..56ba3bc 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -167,6 +167,7 @@ Common traps to avoid: | `xargs` | `-r` (no-op if empty, GNU only) | Guard with a prior `[ -n "..." ]` check, or accept the harmless empty invocation | | `readlink` | `-f` (canonicalize, GNU only) | Use only in Linux-specific code paths, or reimplement with `cd`/`pwd` | | `dd` | `iflag=`, `oflag=` (GNU only) | Use only in Linux-specific code paths (e.g. `/dev/cpu/*/msr`) | +| `base64` | `-w N` (set line-wrap width, GNU only; BusyBox doesn't support it) | Pipe through `tr -d '\n'` to remove newlines instead of `-w0` | When a tool genuinely has no portable equivalent, restrict the non-portable call to a platform-specific code path (i.e. inside a BSD-only or Linux-only branch) and document why. diff --git a/src/libs/300_kernel_extract.sh b/src/libs/300_kernel_extract.sh index bfeef9a..3b29f3f 100644 --- a/src/libs/300_kernel_extract.sh +++ b/src/libs/300_kernel_extract.sh @@ -88,7 +88,9 @@ try_decompress() { fi pos=${pos%%:*} # shellcheck disable=SC2086 - tail -c+$pos "$6" 2>/dev/null | $3 $4 >"$g_kerneltmp" 2>/dev/null + # wrap in subshell so that if $3 segfaults (e.g. old BusyBox unlzma on random data), + # the "Segmentation fault" message printed by the shell goes to /dev/null + (tail -c+$pos "$6" 2>/dev/null | $3 $4 >"$g_kerneltmp" 2>/dev/null) 2>/dev/null ret=$? if [ ! -s "$g_kerneltmp" ]; then # don't rely on $ret, sometimes it's != 0 but worked diff --git a/src/main.sh b/src/main.sh index 3522c61..2b405c5 100644 --- a/src/main.sh +++ b/src/main.sh @@ -35,7 +35,7 @@ if [ -n "$g_mockme" ] && [ "$opt_mock" = 1 ]; then # not a useless use of cat: gzipping cpuinfo directly doesn't work well # shellcheck disable=SC2002 if command -v "base64" >/dev/null 2>&1; then - g_mock_cpuinfo="$(cat /proc/cpuinfo | gzip -c | base64 -w0)" + g_mock_cpuinfo="$(cat /proc/cpuinfo | gzip -c | base64 | tr -d '\n')" elif command -v "uuencode" >/dev/null 2>&1; then g_mock_cpuinfo="$(cat /proc/cpuinfo | gzip -c | uuencode -m - | grep -Fv 'begin-base64' | grep -Fxv -- '====' | tr -d "\n")" fi From a3f6553e65d4184f323d8b4daf267f84d8904611 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 17:40:25 +0200 Subject: [PATCH 28/57] fix: read/write msr and lockdown: fix a variable error, properly report lockdown to users --- src/libs/340_cpu_msr.sh | 45 +++++++++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/src/libs/340_cpu_msr.sh b/src/libs/340_cpu_msr.sh index 33500f1..819b10b 100644 --- a/src/libs/340_cpu_msr.sh +++ b/src/libs/340_cpu_msr.sh @@ -52,10 +52,17 @@ write_msr_one_core() { mockvarname="SMC_MOCK_WRMSR_${msr}_RET" # shellcheck disable=SC2086,SC1083 if [ -n "$(eval echo \${$mockvarname:-})" ]; then - pr_debug "write_msr: MOCKING enabled for msr $msr func returns $(eval echo \$$mockvarname)" + local mockret + mockret="$(eval echo \$$mockvarname)" + pr_debug "write_msr: MOCKING enabled for msr $msr func returns $mockret" g_mocked=1 - [ "$(eval echo \$$mockvarname)" = $WRITE_MSR_RET_LOCKDOWN ] && g_msr_locked_down=1 - return "$(eval echo \$$mockvarname)" + if [ "$mockret" = "$WRITE_MSR_RET_LOCKDOWN" ]; then + g_msr_locked_down=1 + ret_write_msr_msg="kernel lockdown is enabled, MSR writes are restricted" + elif [ "$mockret" = "$WRITE_MSR_RET_ERR" ]; then + ret_write_msr_msg="could not write MSR" + fi + return "$mockret" fi # proactive lockdown detection via sysfs (vanilla 5.4+, CentOS 8+, Rocky 9+): @@ -76,7 +83,7 @@ write_msr_one_core() { load_msr fi if [ ! -e $CPU_DEV_BASE/0/msr ] && [ ! -e ${BSD_CPUCTL_DEV_BASE}0 ]; then - ret_read_msr_msg="is msr kernel module available?" + ret_write_msr_msg="msr kernel module is not available" return $WRITE_MSR_RET_ERR fi @@ -171,10 +178,11 @@ readonly MSR_IA32_MCU_OPT_CTRL=0x123 readonly READ_MSR_RET_OK=0 readonly READ_MSR_RET_KO=1 readonly READ_MSR_RET_ERR=2 +readonly READ_MSR_RET_LOCKDOWN=3 # Read an MSR register value across one or all cores # Args: $1=msr_address $2=cpu_index(optional, default 0) # Sets: ret_read_msr_value, ret_read_msr_value_hi, ret_read_msr_value_lo, ret_read_msr_msg -# Returns: READ_MSR_RET_OK | READ_MSR_RET_KO | READ_MSR_RET_ERR +# Returns: READ_MSR_RET_OK | READ_MSR_RET_KO | READ_MSR_RET_ERR | READ_MSR_RET_LOCKDOWN read_msr() { local ret core first_core_ret first_core_value if [ "$opt_cpu" != all ]; then @@ -206,7 +214,7 @@ read_msr() { # Read an MSR register value from a single CPU core # Args: $1=core $2=msr_address # Sets: ret_read_msr_value, ret_read_msr_value_hi, ret_read_msr_value_lo, ret_read_msr_msg -# Returns: READ_MSR_RET_OK | READ_MSR_RET_KO | READ_MSR_RET_ERR +# Returns: READ_MSR_RET_OK | READ_MSR_RET_KO | READ_MSR_RET_ERR | READ_MSR_RET_LOCKDOWN read_msr_one_core() { local ret core msr msr_dec mockvarname msr_h msr_l mockval core="$1" @@ -238,21 +246,28 @@ read_msr_one_core() { mockvarname="SMC_MOCK_RDMSR_${msr}_RET" # shellcheck disable=SC2086,SC1083 if [ -n "$(eval echo \${$mockvarname:-})" ] && [ "$(eval echo \$$mockvarname)" -ne 0 ]; then - pr_debug "read_msr: MOCKING enabled for msr $msr func returns $(eval echo \$$mockvarname)" + local mockret + mockret="$(eval echo \$$mockvarname)" + pr_debug "read_msr: MOCKING enabled for msr $msr func returns $mockret" g_mocked=1 - return "$(eval echo \$$mockvarname)" + if [ "$mockret" = "$READ_MSR_RET_LOCKDOWN" ]; then + ret_read_msr_msg="kernel lockdown is enabled, MSR reads are restricted" + elif [ "$mockret" = "$READ_MSR_RET_ERR" ]; then + ret_read_msr_msg="could not read MSR" + fi + return "$mockret" fi # proactive lockdown detection via sysfs (vanilla 5.4+, CentOS 8+, Rocky 9+): - # if the kernel lockdown is set to integrity or confidentiality, MSR writes will be denied, - # so we can skip the write attempt entirely and avoid relying on dmesg parsing + # if the kernel lockdown is set to integrity or confidentiality, MSR reads will be denied, + # so we can skip the read attempt entirely and avoid relying on dmesg parsing if [ -e "$SYSKERNEL_BASE/security/lockdown" ]; then if grep -qE '\[integrity\]|\[confidentiality\]' "$SYSKERNEL_BASE/security/lockdown" 2>/dev/null; then - pr_debug "write_msr: kernel lockdown detected via $SYSKERNEL_BASE/security/lockdown" - g_mockme=$(printf "%b\n%b" "$g_mockme" "SMC_MOCK_WRMSR_${msr}_RET=$WRITE_MSR_RET_LOCKDOWN") + pr_debug "read_msr: kernel lockdown detected via $SYSKERNEL_BASE/security/lockdown" + g_mockme=$(printf "%b\n%b" "$g_mockme" "SMC_MOCK_RDMSR_${msr}_RET=$READ_MSR_RET_LOCKDOWN") g_msr_locked_down=1 - ret_write_msr_msg="your kernel is locked down, please reboot with lockdown=none in the kernel cmdline and retry" - return $WRITE_MSR_RET_LOCKDOWN + ret_read_msr_msg="kernel lockdown is enabled, MSR reads are restricted" + return $READ_MSR_RET_LOCKDOWN fi fi @@ -261,7 +276,7 @@ read_msr_one_core() { load_msr fi if [ ! -e $CPU_DEV_BASE/0/msr ] && [ ! -e ${BSD_CPUCTL_DEV_BASE}0 ]; then - ret_read_msr_msg="is msr kernel module available?" + ret_read_msr_msg="msr kernel module is not available" return $READ_MSR_RET_ERR fi From 3ebfba2ac245460760b2ac811c02e9aa50d3275f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 17:40:59 +0200 Subject: [PATCH 29/57] fix: CVE-2017-5715 (Spectre V2): Red Hat specific fix for RSB Filling (fixes #235) --- src/vulns/CVE-2017-5715.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/vulns/CVE-2017-5715.sh b/src/vulns/CVE-2017-5715.sh index 8f59f4a..830857b 100644 --- a/src/vulns/CVE-2017-5715.sh +++ b/src/vulns/CVE-2017-5715.sh @@ -633,7 +633,15 @@ check_CVE_2017_5715_linux() { fi fi if [ "$rsb_filling" = 0 ]; then - if [ -n "$g_kernel_err" ]; then + # Red Hat kernels (RHEL 6/7/8) stuff RSB on context switch as part of + # their retpoline implementation when retp_enabled=1, but don't use the + # upstream X86_FEATURE_RSB_CTXSW flag or "Filling RSB on context switch" + # string. Detect this via the RHEL-specific debugfs knob. + # See https://bugzilla.redhat.com/show_bug.cgi?id=1616245#c8 + if [ "$retp_enabled" = 1 ]; then + rsb_filling=1 + pstatus green YES "Red Hat kernel with retpoline enabled includes RSB filling" + elif [ -n "$g_kernel_err" ]; then pstatus yellow UNKNOWN "couldn't check ($g_kernel_err)" else if grep -qw -e 'Filling RSB on context switch' "$g_kernel"; then From 6d69ce9a77d54a8f38e96478fbde947de9ae62c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 18:43:36 +0200 Subject: [PATCH 30/57] enh: read/write_msr: clearer error messages --- src/libs/340_cpu_msr.sh | 31 +++++++++++++++++++++++++------ src/libs/400_hw_check.sh | 20 +++++++++++++------- 2 files changed, 38 insertions(+), 13 deletions(-) diff --git a/src/libs/340_cpu_msr.sh b/src/libs/340_cpu_msr.sh index 819b10b..f488076 100644 --- a/src/libs/340_cpu_msr.sh +++ b/src/libs/340_cpu_msr.sh @@ -5,20 +5,27 @@ readonly WRITE_MSR_RET_ERR=2 readonly WRITE_MSR_RET_LOCKDOWN=3 # Write a value to an MSR register across one or all cores # Args: $1=msr_address $2=value(optional) $3=cpu_index(optional, default 0) -# Sets: ret_write_msr_msg +# Sets: ret_write_msr_msg, ret_write_msr_ADDR_msg (where ADDR is the hex address, e.g. ret_write_msr_0x123_msg) # Returns: WRITE_MSR_RET_OK | WRITE_MSR_RET_KO | WRITE_MSR_RET_ERR | WRITE_MSR_RET_LOCKDOWN write_msr() { - local ret core first_core_ret + local ret core first_core_ret msr_dec msr + msr_dec=$(($1)) + msr=$(printf "0x%x" "$msr_dec") if [ "$opt_cpu" != all ]; then # we only have one core to write to, do it and return the result write_msr_one_core "$opt_cpu" "$@" - return $? + ret=$? + # shellcheck disable=SC2163 + eval "ret_write_msr_${msr}_msg=\$ret_write_msr_msg" + return $ret fi # otherwise we must write on all cores for core in $(seq 0 "$g_max_core_id"); do write_msr_one_core "$core" "$@" ret=$? + # shellcheck disable=SC2163 + eval "ret_write_msr_${msr}_msg=\$ret_write_msr_msg" if [ "$core" = 0 ]; then # save the result of the first core, for comparison with the others first_core_ret=$ret @@ -26,6 +33,8 @@ write_msr() { # compare first core with the other ones if [ "$first_core_ret" != "$ret" ]; then ret_write_msr_msg="result is not homogeneous between all cores, at least core 0 and $core differ!" + # shellcheck disable=SC2163 + eval "ret_write_msr_${msr}_msg=\$ret_write_msr_msg" return $WRITE_MSR_RET_ERR fi fi @@ -181,20 +190,28 @@ readonly READ_MSR_RET_ERR=2 readonly READ_MSR_RET_LOCKDOWN=3 # Read an MSR register value across one or all cores # Args: $1=msr_address $2=cpu_index(optional, default 0) -# Sets: ret_read_msr_value, ret_read_msr_value_hi, ret_read_msr_value_lo, ret_read_msr_msg +# Sets: ret_read_msr_value, ret_read_msr_value_hi, ret_read_msr_value_lo, ret_read_msr_msg, +# ret_read_msr_ADDR_msg (where ADDR is the hex address, e.g. ret_read_msr_0x10a_msg) # Returns: READ_MSR_RET_OK | READ_MSR_RET_KO | READ_MSR_RET_ERR | READ_MSR_RET_LOCKDOWN read_msr() { - local ret core first_core_ret first_core_value + local ret core first_core_ret first_core_value msr_dec msr + msr_dec=$(($1)) + msr=$(printf "0x%x" "$msr_dec") if [ "$opt_cpu" != all ]; then # we only have one core to read, do it and return the result read_msr_one_core "$opt_cpu" "$@" - return $? + ret=$? + # shellcheck disable=SC2163 + eval "ret_read_msr_${msr}_msg=\$ret_read_msr_msg" + return $ret fi # otherwise we must read all cores for core in $(seq 0 "$g_max_core_id"); do read_msr_one_core "$core" "$@" ret=$? + # shellcheck disable=SC2163 + eval "ret_read_msr_${msr}_msg=\$ret_read_msr_msg" if [ "$core" = 0 ]; then # save the result of the first core, for comparison with the others first_core_ret=$ret @@ -203,6 +220,8 @@ read_msr() { # compare first core with the other ones if [ "$first_core_ret" != "$ret" ] || [ "$first_core_value" != "$ret_read_msr_value" ]; then ret_read_msr_msg="result is not homogeneous between all cores, at least core 0 and $core differ!" + # shellcheck disable=SC2163 + eval "ret_read_msr_${msr}_msg=\$ret_read_msr_msg" return $READ_MSR_RET_ERR fi fi diff --git a/src/libs/400_hw_check.sh b/src/libs/400_hw_check.sh index 29fb958..04ca0fa 100644 --- a/src/libs/400_hw_check.sh +++ b/src/libs/400_hw_check.sh @@ -549,7 +549,7 @@ check_cpu() { elif [ "$spec_ctrl_msr" = 0 ]; then pstatus yellow NO else - pstatus yellow UNKNOWN "is msr kernel module available?" + pstatus yellow UNKNOWN "$ret_read_msr_msg" fi pr_info_nol " * CPU indicates STIBP capability: " @@ -974,7 +974,8 @@ check_cpu() { elif [ "$cap_tsx_ctrl_rtm_disable" = 0 ]; then pstatus blue NO else - pstatus yellow UNKNOWN "couldn't read MSR" + # shellcheck disable=SC2154 + pstatus yellow UNKNOWN "$ret_read_msr_0x122_msg" fi pr_info_nol " * TSX_CTRL MSR indicates TSX CPUID bit is cleared: " @@ -983,7 +984,8 @@ check_cpu() { elif [ "$cap_tsx_ctrl_cpuid_clear" = 0 ]; then pstatus blue NO else - pstatus yellow UNKNOWN "couldn't read MSR" + # shellcheck disable=SC2154 + pstatus yellow UNKNOWN "$ret_read_msr_0x122_msg" fi fi @@ -1008,7 +1010,8 @@ check_cpu() { pr_info_nol " * GDS microcode mitigation is disabled (GDS_MITG_DIS): " if [ "$cap_gds_mitg_dis" = -1 ]; then - pstatus yellow UNKNOWN "couldn't read MSR" + # shellcheck disable=SC2154 + pstatus yellow UNKNOWN "$ret_read_msr_0x123_msg" elif [ "$cap_gds_mitg_dis" = 1 ]; then pstatus yellow YES else @@ -1017,7 +1020,8 @@ check_cpu() { pr_info_nol " * GDS microcode mitigation is locked in enabled state (GDS_MITG_LOCK): " if [ "$cap_gds_mitg_lock" = -1 ]; then - pstatus yellow UNKNOWN "couldn't read MSR" + # shellcheck disable=SC2154 + pstatus yellow UNKNOWN "$ret_read_msr_0x123_msg" elif [ "$cap_gds_mitg_lock" = 1 ]; then pstatus blue YES else @@ -1205,7 +1209,8 @@ check_cpu() { elif [ "$cap_tsx_force_abort_rtm_disable" = 0 ]; then pstatus blue NO else - pstatus yellow UNKNOWN "couldn't read MSR" + # shellcheck disable=SC2154 + pstatus yellow UNKNOWN "$ret_read_msr_0x10f_msg" fi pr_info_nol " * TSX_FORCE_ABORT MSR indicates TSX CPUID bit is cleared: " @@ -1214,7 +1219,8 @@ check_cpu() { elif [ "$cap_tsx_force_abort_cpuid_clear" = 0 ]; then pstatus blue NO else - pstatus yellow UNKNOWN "couldn't read MSR" + # shellcheck disable=SC2154 + pstatus yellow UNKNOWN "$ret_read_msr_0x10f_msg" fi fi From 3afbda843010e56efc0392e07988e2c6e5a85233 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 6 Apr 2026 18:58:36 +0200 Subject: [PATCH 31/57] enh: when reading CPUID is unavailable (VM?), fallback to cpuinfo where applicable cap_* variable <= cpuinfo flag cap_ibrs <= ibrs cap_ibpb <= ibpb cap_stibp <= stibp cap_ssbd <= ssbd / virt_ssbd cap_l1df <= flush_l1d cap_md_clear <= md_clear cap_arch_capabilities <= arch_capabilities Should fix #288 --- DEVELOPMENT.md | 47 ++++++++++++++++++++++++++++++++++++++-- src/libs/400_hw_check.sh | 42 +++++++++++++++++++++++++++++++++++ 2 files changed, 87 insertions(+), 2 deletions(-) diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index 56ba3bc..b128eaf 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -129,11 +129,54 @@ Never look at the microcode version to determine whether it has the proper mitig **Exception**: When a vulnerability is fixed purely by a microcode update and the fix exposes **no** detectable CPUID bit, MSR bit, or ARCH\_CAP flag, then we must hardcode the known-fixing microcode versions for each affected CPU stepping. In this case, build a `_ucode_list` table of `FF-MM-SS/platformid_mask,fixed_ucode_version` tuples (sourced from the Intel affected processor list and the Intel-Linux-Processor-Microcode-Data-Files release notes), match against `cpu_cpuid` + `cpu_platformid` in `is_cpu_affected()`, and store the required version in a `g__fixed_ucode_version` global. The CVE check then compares `cpu_ucode` against this threshold. Because Intel never lists EOL CPUs, the microcode list may be incomplete: keep a model blacklist as a fallback so that affected CPUs without a known fix are still flagged as affected (the CVE check should handle the empty `g__fixed_ucode_version` case by reporting VULN with "no microcode update available"). See Reptar (`g_reptar_fixed_ucode_version`) and BPI (`g_bpi_fixed_ucode_version`) for reference implementations. -### 4. Assume affected unless proven otherwise (whitelist approach) +### 4. `/proc/cpuinfo` fallback for CPUID reads + +The primary way to read CPU capability bits is via `read_cpuid` (which uses `/dev/cpu/N/cpuid`). However, this device may be unavailable β€” most commonly inside virtual machines where the `cpuid` kernel module cannot be loaded. When `read_cpuid` returns `READ_CPUID_RET_ERR` (could not read at all), we can fall back to checking `/proc/cpuinfo` flags as a secondary source, **in live mode only**. + +This works because the kernel always has direct access to CPUID (it doesn't need `/dev/cpu`), and exposes the results as flags in `/proc/cpuinfo`. When a hypervisor virtualizes a CPUID bit for the guest, the guest kernel sees it and reports it in `/proc/cpuinfo`. This is the same information `read_cpuid` would return if the device were available. + +**Rules:** +- This is strictly a fallback: `read_cpuid` via `/dev/cpu/N/cpuid` remains the primary method. +- Only use it when `read_cpuid` returned `READ_CPUID_RET_ERR` (device unavailable), **never** when it returned `READ_CPUID_RET_KO` (device available but bit is 0 β€” meaning the CPU/hypervisor explicitly reports the feature as absent). +- Only in live mode (`$opt_live = 1`), since `/proc/cpuinfo` is not available in offline mode. +- Only for CPUID bits that the kernel exposes as `/proc/cpuinfo` flags. Not all bits have a corresponding flag β€” only those listed in the kernel's `capflags.c`. If a bit has no `/proc/cpuinfo` flag, no fallback is possible. +- The fallback depends on the running kernel being recent enough to know about the CPUID bit in question. An older kernel won't expose a flag it doesn't know about, so the fallback will silently not trigger β€” which is fine (we just stay at UNKNOWN, same as the ERR case without fallback). + +**Known mappings** (CPUID bit β†’ `/proc/cpuinfo` flag β†’ script `cap_*` variable): + +| CPUID source | `/proc/cpuinfo` flag | `cap_*` variable | +|---|---|---| +| Intel 0x7.0.EDX[26] / AMD 0x80000008.EBX[14] | `ibrs` | `cap_ibrs` | +| AMD 0x80000008.EBX[12] | `ibpb` | `cap_ibpb` | +| Intel 0x7.0.EDX[27] / AMD 0x80000008.EBX[15] | `stibp` | `cap_stibp` | +| Intel 0x7.0.EDX[31] / AMD 0x80000008.EBX[24,25] | `ssbd` / `virt_ssbd` | `cap_ssbd` | +| Intel 0x7.0.EDX[28] | `flush_l1d` | `cap_l1df` | +| Intel 0x7.0.EDX[10] | `md_clear` | `cap_md_clear` | +| Intel 0x7.0.EDX[29] | `arch_capabilities` | `cap_arch_capabilities` | + +**Implementation pattern** in `check_cpu()`: + +```sh +read_cpuid 0x7 0x0 $EDX 31 1 1 +ret=$? +if [ $ret = $READ_CPUID_RET_OK ]; then + cap_ssbd='Intel SSBD' +elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_live" = 1 ]; then + # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo + if grep ^flags "$g_procfs/cpuinfo" | grep -qw ssbd; then + cap_ssbd='Intel SSBD (cpuinfo)' + ret=$READ_CPUID_RET_OK + fi +fi +``` + +When the fallback sets a `cap_*` variable, append ` (cpuinfo)` to the value string so the output makes it clear the information was derived from `/proc/cpuinfo` rather than read directly from hardware. Update `ret` to `READ_CPUID_RET_OK` so downstream status display logic (`pstatus`) reports YES rather than UNKNOWN. + +### 5. Assume affected unless proven otherwise (whitelist approach) When a CPU is not explicitly known to be unaffected by a vulnerability, assume that it is affected. This conservative default has been the right call since the early Spectre/Meltdown days and remains sound. -### 5. Offline mode +### 6. Offline mode The script can analyze a non-running kernel via `--kernel`, `--config`, `--map` flags, allowing verification before deployment. diff --git a/src/libs/400_hw_check.sh b/src/libs/400_hw_check.sh index 04ca0fa..bc5f52d 100644 --- a/src/libs/400_hw_check.sh +++ b/src/libs/400_hw_check.sh @@ -446,6 +446,15 @@ check_cpu() { ret=invalid pstatus yellow NO "unknown CPU" fi + if [ -z "$cap_ibrs" ] && [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_live" = 1 ]; then + # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo + if grep ^flags "$g_procfs/cpuinfo" | grep -qw ibrs; then + cap_ibrs='IBRS (cpuinfo)' + cap_spec_ctrl=1 + pstatus green YES "ibrs flag in $g_procfs/cpuinfo" + ret=$READ_CPUID_RET_OK + fi + fi if [ $ret = $READ_CPUID_RET_KO ]; then pstatus yellow NO elif [ $ret = $READ_CPUID_RET_ERR ]; then @@ -514,6 +523,10 @@ check_cpu() { if [ $ret = $READ_CPUID_RET_OK ]; then cap_ibpb='IBPB_SUPPORT' pstatus green YES "IBPB_SUPPORT feature bit" + elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_live" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw ibpb; then + # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo + cap_ibpb='IBPB (cpuinfo)' + pstatus green YES "ibpb flag in $g_procfs/cpuinfo" elif [ $ret = $READ_CPUID_RET_KO ]; then pstatus yellow NO else @@ -581,6 +594,14 @@ check_cpu() { ret=invalid pstatus yellow UNKNOWN "unknown CPU" fi + if [ -z "$cap_stibp" ] && [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_live" = 1 ]; then + # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo + if grep ^flags "$g_procfs/cpuinfo" | grep -qw stibp; then + cap_stibp='STIBP (cpuinfo)' + pstatus green YES "stibp flag in $g_procfs/cpuinfo" + ret=$READ_CPUID_RET_OK + fi + fi if [ $ret = $READ_CPUID_RET_KO ]; then pstatus yellow NO elif [ $ret = $READ_CPUID_RET_ERR ]; then @@ -645,6 +666,15 @@ check_cpu() { fi fi + if [ -z "$cap_ssbd" ] && [ "$ret24" = $READ_CPUID_RET_ERR ] && [ "$ret25" = $READ_CPUID_RET_ERR ] && [ "$opt_live" = 1 ]; then + # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo + if grep ^flags "$g_procfs/cpuinfo" | grep -qw ssbd; then + cap_ssbd='SSBD (cpuinfo)' + elif grep ^flags "$g_procfs/cpuinfo" | grep -qw virt_ssbd; then + cap_ssbd='SSBD in VIRT_SPEC_CTRL (cpuinfo)' + fi + fi + if [ -n "${cap_ssbd:=}" ]; then pstatus green YES "$cap_ssbd" elif [ "$ret24" = $READ_CPUID_RET_ERR ] && [ "$ret25" = $READ_CPUID_RET_ERR ]; then @@ -700,6 +730,10 @@ check_cpu() { if [ $ret = $READ_CPUID_RET_OK ]; then pstatus green YES "L1D flush feature bit" cap_l1df=1 + elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_live" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw flush_l1d; then + # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo + pstatus green YES "flush_l1d flag in $g_procfs/cpuinfo" + cap_l1df=1 elif [ $ret = $READ_CPUID_RET_KO ]; then pstatus yellow NO cap_l1df=0 @@ -716,6 +750,10 @@ check_cpu() { if [ $ret = $READ_CPUID_RET_OK ]; then cap_md_clear=1 pstatus green YES "MD_CLEAR feature bit" + elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_live" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw md_clear; then + # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo + cap_md_clear=1 + pstatus green YES "md_clear flag in $g_procfs/cpuinfo" elif [ $ret = $READ_CPUID_RET_KO ]; then cap_md_clear=0 pstatus yellow NO @@ -782,6 +820,10 @@ check_cpu() { if [ $ret = $READ_CPUID_RET_OK ]; then pstatus green YES cap_arch_capabilities=1 + elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_live" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw arch_capabilities; then + # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo + pstatus green YES "arch_capabilities flag in $g_procfs/cpuinfo" + cap_arch_capabilities=1 elif [ $ret = $READ_CPUID_RET_KO ]; then pstatus yellow NO cap_arch_capabilities=0 From 39dea1245e50fc61b24ca0e16c32063b028b7ef9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 8 Apr 2026 20:50:54 +0200 Subject: [PATCH 32/57] feat: rework the --batch json output entirely --- DEVELOPMENT.md | 36 +++- src/libs/002_core_globals.sh | 3 +- src/libs/230_util_optparse.sh | 4 +- src/libs/250_output_emitters.sh | 293 +++++++++++++++++++++++++++++++- src/libs/380_hw_microcode.sh | 5 +- src/libs/400_hw_check.sh | 10 ++ src/main.sh | 35 +++- src/vulns/CVE-2018-3639.sh | 18 +- 8 files changed, 384 insertions(+), 20 deletions(-) diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index b128eaf..8d54875 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -84,8 +84,11 @@ sudo ./spectre-meltdown-checker.sh --variant l1tf --variant taa # Run specific tests that we might have just added (CVE name) sudo ./spectre-meltdown-checker.sh --cve CVE-2018-3640 --cve CVE-2022-40982 -# Batch JSON mode (CI validates exactly 19 CVEs in output) -sudo ./spectre-meltdown-checker.sh --batch json | jq '.[] | .CVE' | wc -l # must be 19 +# Batch JSON mode (comprehensive output) +sudo ./spectre-meltdown-checker.sh --batch json | python3 -m json.tool + +# Batch JSON terse mode (legacy flat array) +sudo ./spectre-meltdown-checker.sh --batch json-terse | python3 -m json.tool # Update microcode firmware database sudo ./spectre-meltdown-checker.sh --update-fwdb @@ -105,7 +108,25 @@ The entire tool is a single bash script with no external script dependencies. Ke - **Microcode database** (embedded): Intel/AMD microcode version lookup via `read_mcedb`/`read_inteldb`; updated automatically via `.github/workflows/autoupdate.yml` - **Kernel analysis** (~line 1568): `extract_kernel`, `try_decompress` - extracts and inspects kernel images (handles gzip, bzip2, xz, lz4, zstd compression) - **Vulnerability checks**: 19 `check_CVE__()` functions, each with `_linux()` and `_bsd()` variants. Uses whitelist logic (assumes affected unless proven otherwise) -- **Main flow** (~line 6668): Parse options β†’ detect CPU β†’ loop through requested CVEs β†’ output results (text/json/nrpe/prometheus) β†’ cleanup +- **Batch output emitters** (`src/libs/250_output_emitters.sh`): `_emit_json_full`, `_emit_json_terse`, `_emit_text`, `_emit_nrpe`, `_emit_prometheus`, plus JSON section builders (`_build_json_meta`, `_build_json_system`, `_build_json_cpu`, `_build_json_cpu_microcode`) +- **Main flow** (~line 6668): Parse options β†’ detect CPU β†’ loop through requested CVEs β†’ output results (text/json/json-terse/nrpe/prometheus) β†’ cleanup + +### JSON Batch Output Formats + +Two JSON formats are available via `--batch`: + +- **`--batch json`** (comprehensive): A top-level object with five sections: + - `meta` β€” script version, format version, timestamp, run mode flags (`run_as_root`, `reduced_accuracy`, `mocked`, `paranoid`, `sysfs_only`, `no_hw`, `extra`) + - `system` β€” kernel release/version/arch/cmdline, CPU count, SMT status, hypervisor host detection + - `cpu` β€” vendor, model name, family/model/stepping, CPUID, codename, ARM fields (`arm_part_list`, `arm_arch_list`), plus a `capabilities` sub-object containing all `cap_*` hardware flags as booleans/nulls/strings + - `cpu_microcode` β€” `installed_version`, `latest_version`, `microcode_up_to_date`, `is_blacklisted`, firmware DB source/info + - `vulnerabilities` β€” array of per-CVE objects: `cve`, `name`, `aliases`, `cpu_affected`, `status`, `vulnerable`, `info`, `sysfs_status`, `sysfs_message` + +- **`--batch json-terse`** (legacy): A flat array of objects with four fields: `NAME`, `CVE`, `VULNERABLE` (bool/null), `INFOS`. This is the original format, preserved for backward compatibility. + +The comprehensive format is built in two phases: static sections (`meta`, `system`, `cpu`, `cpu_microcode`) are assembled after `check_cpu()` completes, and per-CVE entries are accumulated during the main CVE loop via `_emit_json_full()`. The sysfs data for each CVE is captured by `sys_interface_check()` into `g_json_cve_sysfs_status`/`g_json_cve_sysfs_msg` globals, which are read by the emitter and reset after each CVE to prevent cross-CVE leakage. CPU affection is determined via the already-cached `is_cpu_affected()`. + +When adding new `cap_*` variables (for a new CVE or updated hardware support), they must be added to `_build_json_cpu()` in `src/libs/250_output_emitters.sh`. Per-CVE data is handled automatically. ## Key Design Principles @@ -315,6 +336,8 @@ When populating the CPU model list, use the **most recent version** of the Linux **Important**: Do not confuse hardware immunity bits with *mitigation* capability bits. A hardware immunity bit (e.g. `GDS_NO`, `TSA_SQ_NO`) declares that the CPU design is architecturally free of the vulnerability - it belongs here in `is_cpu_affected()`. A mitigation capability bit (e.g. `VERW_CLEAR`, `MD_CLEAR`) indicates that updated microcode provides a mechanism to work around a vulnerability the CPU *does* have - it belongs in the `check_CVE_YYYY_NNNNN_linux()` function (Phase 2), where it is used to determine whether mitigations are in place. +**JSON output**: If the new CVE introduces new `cap_*` variables in `check_cpu()` (whether immunity bits or mitigation bits), these must also be added to the `_build_json_cpu()` function in `src/libs/250_output_emitters.sh`, inside the `capabilities` sub-object. Use the same name as the shell variable without the `cap_` prefix (e.g. `cap_tsa_sq_no` becomes `"tsa_sq_no"` in JSON), and emit it via `_json_cap`. The per-CVE vulnerability data (affection, status, sysfs) is handled automatically by the existing `_emit_json_full()` function and requires no changes when adding a new CVE. + ### Step 3: Implement the Linux Check The `_linux()` function follows a standard algorithm with four phases: @@ -748,7 +771,11 @@ CVEs that need VMM context should call `check_has_vmm` early in their `_linux()` 3. **Update `dist/README.md`**: Add the CVE in **both** tables β€” the "Supported CVEs" reference table at the top (CVE link, description, alias) **and** the "Am I at risk?" matrix (with the correct leak/mitigation indicators per boundary). Also add a detailed description paragraph in the `
` section at the bottom. 4. **Build** the monolithic script with `make`. 5. **Test live**: Run the built script and confirm your CVE appears in the output and reports a sensible status. -6. **Test batch JSON**: Run with `--batch json` and verify the CVE appears in the output. +6. **Test batch JSON**: Run with `--batch json` and pipe through `python3 -m json.tool` to verify: + - The output is valid JSON. + - The new CVE appears in the `vulnerabilities` array with correct `cve`, `name`, `aliases`, `cpu_affected`, `status`, `vulnerable`, `info`, `sysfs_status`, and `sysfs_message` fields. + - If new `cap_*` variables were added in `check_cpu()`, they appear in `cpu.capabilities` (see Step 2 JSON note). + - Run with `--batch json-terse` as well to verify backward-compatible output. 7. **Test offline**: Run with `--kernel`/`--config`/`--map` pointing to a kernel image and verify the offline code path reports correctly. 8. **Test `--variant` and `--cve`**: Run with `--variant ` and `--cve CVE-YYYY-NNNNN` separately to confirm both selection methods work and produce the same output. 9. **Lint**: Run `shellcheck` on the monolithic script and fix any warnings. @@ -760,6 +787,7 @@ CVEs that need VMM context should call `check_has_vmm` early in their `_linux()` - **Always handle both live and offline modes** - use `$opt_live` to branch, and print `N/A "not testable in offline mode"` for runtime-only checks when offline. - **Use `explain()`** when reporting VULN to give actionable remediation advice (see "Cross-Cutting Features" above). - **Handle `--paranoid` and `--vmm`** when the CVE has stricter mitigation tiers or VMM-specific aspects (see "Cross-Cutting Features" above). +- **Keep JSON output in sync** - when adding new `cap_*` variables, add them to `_build_json_cpu()` in `src/libs/250_output_emitters.sh` (see Step 2 JSON note above). Per-CVE fields are handled automatically. - **All indentation must use 4 spaces** (CI enforces this via `fmt-check`; the vim modeline `et` enables expandtab). - **Stay POSIX-compatible** - no bashisms, no GNU-only flags in portable code paths. diff --git a/src/libs/002_core_globals.sh b/src/libs/002_core_globals.sh index bbfe58e..469f374 100644 --- a/src/libs/002_core_globals.sh +++ b/src/libs/002_core_globals.sh @@ -43,7 +43,8 @@ show_usage() { so that invoked tools will be prefixed with this (i.e. aarch64-linux-gnu-objdump) --batch text produce machine readable output, this is the default if --batch is specified alone --batch short produce only one line with the vulnerabilities separated by spaces - --batch json produce JSON output formatted for Puppet, Ansible, Chef... + --batch json produce comprehensive JSON output with system, CPU, and vulnerability details + --batch json-terse produce a terse JSON array of per-CVE results (legacy format) --batch nrpe produce machine readable output formatted for NRPE --batch prometheus produce output for consumption by prometheus-node-exporter diff --git a/src/libs/230_util_optparse.sh b/src/libs/230_util_optparse.sh index 501146a..7de9896 100644 --- a/src/libs/230_util_optparse.sh +++ b/src/libs/230_util_optparse.sh @@ -116,7 +116,7 @@ while [ -n "${1:-}" ]; do opt_no_color=1 shift case "$1" in - text | short | nrpe | json | prometheus) + text | short | nrpe | json | json-terse | prometheus) opt_batch_format="$1" shift ;; @@ -124,7 +124,7 @@ while [ -n "${1:-}" ]; do '') ;; # allow nothing at all *) echo "$0: error: unknown batch format '$1'" >&2 - echo "$0: error: --batch expects a format from: text, nrpe, json" >&2 + echo "$0: error: --batch expects a format from: text, nrpe, json, json-terse" >&2 exit 255 ;; esac diff --git a/src/libs/250_output_emitters.sh b/src/libs/250_output_emitters.sh index 5d6b653..0e48929 100644 --- a/src/libs/250_output_emitters.sh +++ b/src/libs/250_output_emitters.sh @@ -1,4 +1,245 @@ # vim: set ts=4 sw=4 sts=4 et: +# --- JSON helper functions --- + +# Escape a string for use in a JSON value (handles backslashes, double quotes, newlines, tabs) +# Args: $1=string +# Prints: escaped string (without surrounding quotes) +_json_escape() { + printf '%s' "$1" | sed -e 's/\\/\\\\/g' -e 's/"/\\"/g' -e 's/ /\\t/g' | tr '\n' ' ' +} + +# Convert a shell capability value to a JSON token +# Args: $1=value (1=true, 0=false, -1/empty=null, other string=quoted string) +# Prints: JSON token +_json_cap() { + case "${1:-}" in + 1) printf 'true' ;; + 0) printf 'false' ;; + -1|'') printf 'null' ;; + *) printf '"%s"' "$(_json_escape "$1")" ;; + esac +} + +# Emit a JSON string value or null +# Args: $1=string (empty=null) +# Prints: JSON token ("escaped string" or null) +_json_str() { + if [ -n "${1:-}" ]; then + printf '"%s"' "$(_json_escape "$1")" + else + printf 'null' + fi +} + +# Emit a JSON number value or null +# Args: $1=number (empty=null) +# Prints: JSON token +_json_num() { + if [ -n "${1:-}" ]; then + printf '%s' "$1" + else + printf 'null' + fi +} + +# Emit a JSON boolean value or null +# Args: $1=value (1/0/empty) +# Prints: JSON token +_json_bool() { + case "${1:-}" in + 1) printf 'true' ;; + 0) printf 'false' ;; + *) printf 'null' ;; + esac +} + +# --- JSON section builders (comprehensive format) --- + +# Build the "meta" section of the comprehensive JSON output +# Sets: g_json_meta +# shellcheck disable=SC2034 +_build_json_meta() { + local timestamp mode + timestamp=$(date -u '+%Y-%m-%dT%H:%M:%SZ' 2>/dev/null || echo "unknown") + if [ "$opt_live" = 1 ]; then + mode="live" + else + mode="offline" + fi + local run_as_root + if [ "$(id -u)" -eq 0 ]; then + run_as_root='true' + else + run_as_root='false' + fi + g_json_meta=$(printf '{"script_version":%s,"format_version":1,"timestamp":%s,"os":%s,"mode":"%s","run_as_root":%s,"reduced_accuracy":%s,"paranoid":%s,"sysfs_only":%s,"no_hw":%s,"extra":%s}' \ + "$(_json_str "$VERSION")" \ + "$(_json_str "$timestamp")" \ + "$(_json_str "$g_os")" \ + "$mode" \ + "$run_as_root" \ + "$(_json_bool "${g_bad_accuracy:-0}")" \ + "$(_json_bool "$opt_paranoid")" \ + "$(_json_bool "$opt_sysfs_only")" \ + "$(_json_bool "$opt_no_hw")" \ + "$(_json_bool "$opt_extra")") +} + +# Build the "system" section of the comprehensive JSON output +# Sets: g_json_system +# shellcheck disable=SC2034 +_build_json_system() { + local kernel_release kernel_version kernel_arch smt_val + if [ "$opt_live" = 1 ]; then + kernel_release=$(uname -r) + kernel_version=$(uname -v) + kernel_arch=$(uname -m) + else + kernel_release='' + kernel_version='' + kernel_arch='' + fi + # SMT detection + is_cpu_smt_enabled + smt_val=$? + case $smt_val in + 0) smt_val='true' ;; + 1) smt_val='false' ;; + *) smt_val='null' ;; + esac + g_json_system=$(printf '{"kernel_release":%s,"kernel_version":%s,"kernel_arch":%s,"kernel_image":%s,"kernel_config":%s,"kernel_version_string":%s,"kernel_cmdline":%s,"cpu_count":%s,"smt_enabled":%s,"hypervisor_host":%s,"hypervisor_host_reason":%s}' \ + "$(_json_str "$kernel_release")" \ + "$(_json_str "$kernel_version")" \ + "$(_json_str "$kernel_arch")" \ + "$(_json_str "${opt_kernel:-}")" \ + "$(_json_str "${opt_config:-}")" \ + "$(_json_str "${g_kernel_version:-}")" \ + "$(_json_str "${g_kernel_cmdline:-}")" \ + "$(_json_num "${g_max_core_id:+$((g_max_core_id + 1))}")" \ + "$smt_val" \ + "$(_json_bool "${g_has_vmm:-}")" \ + "$(_json_str "${g_has_vmm_reason:-}")") +} + +# Build the "cpu" section of the comprehensive JSON output +# Sets: g_json_cpu +# shellcheck disable=SC2034 +_build_json_cpu() { + local cpuid_hex ucode_hex codename caps + if [ -n "${cpu_cpuid:-}" ]; then + cpuid_hex=$(printf '0x%08x' "$cpu_cpuid") + else + cpuid_hex='' + fi + if [ -n "${cpu_ucode:-}" ]; then + ucode_hex=$(printf '0x%x' "$cpu_ucode") + else + ucode_hex='' + fi + codename='' + if is_intel; then + codename=$(get_intel_codename 2>/dev/null || true) + fi + # Build capabilities sub-object + caps=$(printf '{"spec_ctrl":%s,"ibrs":%s,"ibpb":%s,"ibpb_ret":%s,"stibp":%s,"ssbd":%s,"l1d_flush":%s,"md_clear":%s,"arch_capabilities":%s,"rdcl_no":%s,"ibrs_all":%s,"rsba":%s,"l1dflush_no":%s,"ssb_no":%s,"mds_no":%s,"taa_no":%s,"pschange_msc_no":%s,"tsx_ctrl_msr":%s,"tsx_ctrl_rtm_disable":%s,"tsx_ctrl_cpuid_clear":%s,"gds_ctrl":%s,"gds_no":%s,"gds_mitg_dis":%s,"gds_mitg_lock":%s,"rfds_no":%s,"rfds_clear":%s,"its_no":%s,"sbdr_ssdp_no":%s,"fbsdp_no":%s,"psdp_no":%s,"fb_clear":%s,"rtm":%s,"tsx_force_abort":%s,"tsx_force_abort_rtm_disable":%s,"tsx_force_abort_cpuid_clear":%s,"sgx":%s,"srbds":%s,"srbds_on":%s,"amd_ssb_no":%s,"hygon_ssb_no":%s,"ipred":%s,"rrsba":%s,"bhi":%s,"tsa_sq_no":%s,"tsa_l1_no":%s,"verw_clear":%s,"autoibrs":%s,"sbpb":%s,"avx2":%s,"avx512":%s}' \ + "$(_json_cap "${cap_spec_ctrl:-}")" \ + "$(_json_cap "${cap_ibrs:-}")" \ + "$(_json_cap "${cap_ibpb:-}")" \ + "$(_json_cap "${cap_ibpb_ret:-}")" \ + "$(_json_cap "${cap_stibp:-}")" \ + "$(_json_cap "${cap_ssbd:-}")" \ + "$(_json_cap "${cap_l1df:-}")" \ + "$(_json_cap "${cap_md_clear:-}")" \ + "$(_json_cap "${cap_arch_capabilities:-}")" \ + "$(_json_cap "${cap_rdcl_no:-}")" \ + "$(_json_cap "${cap_ibrs_all:-}")" \ + "$(_json_cap "${cap_rsba:-}")" \ + "$(_json_cap "${cap_l1dflush_no:-}")" \ + "$(_json_cap "${cap_ssb_no:-}")" \ + "$(_json_cap "${cap_mds_no:-}")" \ + "$(_json_cap "${cap_taa_no:-}")" \ + "$(_json_cap "${cap_pschange_msc_no:-}")" \ + "$(_json_cap "${cap_tsx_ctrl_msr:-}")" \ + "$(_json_cap "${cap_tsx_ctrl_rtm_disable:-}")" \ + "$(_json_cap "${cap_tsx_ctrl_cpuid_clear:-}")" \ + "$(_json_cap "${cap_gds_ctrl:-}")" \ + "$(_json_cap "${cap_gds_no:-}")" \ + "$(_json_cap "${cap_gds_mitg_dis:-}")" \ + "$(_json_cap "${cap_gds_mitg_lock:-}")" \ + "$(_json_cap "${cap_rfds_no:-}")" \ + "$(_json_cap "${cap_rfds_clear:-}")" \ + "$(_json_cap "${cap_its_no:-}")" \ + "$(_json_cap "${cap_sbdr_ssdp_no:-}")" \ + "$(_json_cap "${cap_fbsdp_no:-}")" \ + "$(_json_cap "${cap_psdp_no:-}")" \ + "$(_json_cap "${cap_fb_clear:-}")" \ + "$(_json_cap "${cap_rtm:-}")" \ + "$(_json_cap "${cap_tsx_force_abort:-}")" \ + "$(_json_cap "${cap_tsx_force_abort_rtm_disable:-}")" \ + "$(_json_cap "${cap_tsx_force_abort_cpuid_clear:-}")" \ + "$(_json_cap "${cap_sgx:-}")" \ + "$(_json_cap "${cap_srbds:-}")" \ + "$(_json_cap "${cap_srbds_on:-}")" \ + "$(_json_cap "${cap_amd_ssb_no:-}")" \ + "$(_json_cap "${cap_hygon_ssb_no:-}")" \ + "$(_json_cap "${cap_ipred:-}")" \ + "$(_json_cap "${cap_rrsba:-}")" \ + "$(_json_cap "${cap_bhi:-}")" \ + "$(_json_cap "${cap_tsa_sq_no:-}")" \ + "$(_json_cap "${cap_tsa_l1_no:-}")" \ + "$(_json_cap "${cap_verw_clear:-}")" \ + "$(_json_cap "${cap_autoibrs:-}")" \ + "$(_json_cap "${cap_sbpb:-}")" \ + "$(_json_cap "${cap_avx2:-}")" \ + "$(_json_cap "${cap_avx512:-}")") + + g_json_cpu=$(printf '{"vendor":%s,"friendly_name":%s,"family":%s,"model":%s,"stepping":%s,"cpuid":%s,"platform_id":%s,"hybrid":%s,"codename":%s,"arm_part_list":%s,"arm_arch_list":%s,"capabilities":%s}' \ + "$(_json_str "${cpu_vendor:-}")" \ + "$(_json_str "${cpu_friendly_name:-}")" \ + "$(_json_num "${cpu_family:-}")" \ + "$(_json_num "${cpu_model:-}")" \ + "$(_json_num "${cpu_stepping:-}")" \ + "$(_json_str "$cpuid_hex")" \ + "$(_json_num "${cpu_platformid:-}")" \ + "$(_json_bool "${cpu_hybrid:-}")" \ + "$(_json_str "$codename")" \ + "$(_json_str "${cpu_part_list:-}")" \ + "$(_json_str "${cpu_arch_list:-}")" \ + "$caps") +} + +# Build the "cpu_microcode" section of the comprehensive JSON output +# Sets: g_json_cpu_microcode +# shellcheck disable=SC2034 +_build_json_cpu_microcode() { + local ucode_uptodate ucode_hex latest_hex blacklisted + if [ -n "${cpu_ucode:-}" ]; then + ucode_hex=$(printf '0x%x' "$cpu_ucode") + else + ucode_hex='' + fi + is_latest_known_ucode + case $? in + 0) ucode_uptodate='true' ;; + 1) ucode_uptodate='false' ;; + *) ucode_uptodate='null' ;; + esac + if is_ucode_blacklisted; then + blacklisted='true' + else + blacklisted='false' + fi + latest_hex="${ret_is_latest_known_ucode_version:-}" + g_json_cpu_microcode=$(printf '{"installed_version":%s,"latest_version":%s,"microcode_up_to_date":%s,"is_blacklisted":%s,"message":%s,"db_source":%s,"db_info":%s}' \ + "$(_json_str "$ucode_hex")" \ + "$(_json_str "$latest_hex")" \ + "$ucode_uptodate" \ + "$blacklisted" \ + "$(_json_str "${ret_is_latest_known_ucode_latest:-}")" \ + "$(_json_str "${g_mcedb_source:-}")" \ + "$(_json_str "${g_mcedb_info:-}")") +} + # --- Format-specific batch emitters --- # Emit a single CVE result as plain text @@ -16,28 +257,62 @@ _emit_short() { g_short_output="${g_short_output}$1 " } -# Append a CVE result as a JSON object to the batch output buffer +# Append a CVE result as a terse JSON object to the batch output buffer # Args: $1=cve $2=aka $3=status(UNK|VULN|OK) $4=description # Sets: g_json_output # Callers: pvulnstatus -_emit_json() { +_emit_json_terse() { local is_vuln esc_name esc_infos case "$3" in UNK) is_vuln="null" ;; VULN) is_vuln="true" ;; OK) is_vuln="false" ;; *) - echo "$0: error: unknown status '$3' passed to _emit_json()" >&2 + echo "$0: error: unknown status '$3' passed to _emit_json_terse()" >&2 exit 255 ;; esac - # escape backslashes and double quotes for valid JSON strings - esc_name=$(printf '%s' "$2" | sed -e 's/\\/\\\\/g' -e 's/"/\\"/g') - esc_infos=$(printf '%s' "$4" | sed -e 's/\\/\\\\/g' -e 's/"/\\"/g') + esc_name=$(_json_escape "$2") + esc_infos=$(_json_escape "$4") [ -z "$g_json_output" ] && g_json_output='[' g_json_output="${g_json_output}{\"NAME\":\"$esc_name\",\"CVE\":\"$1\",\"VULNERABLE\":$is_vuln,\"INFOS\":\"$esc_infos\"}," } +# Append a CVE result as a comprehensive JSON object to the batch output buffer +# Args: $1=cve $2=aka $3=status(UNK|VULN|OK) $4=description +# Sets: g_json_vulns +# Callers: pvulnstatus +_emit_json_full() { + local is_vuln esc_name esc_infos aliases cpu_affected sysfs_status sysfs_msg + case "$3" in + UNK) is_vuln="null" ;; + VULN) is_vuln="true" ;; + OK) is_vuln="false" ;; + *) + echo "$0: error: unknown status '$3' passed to _emit_json_full()" >&2 + exit 255 + ;; + esac + esc_name=$(_json_escape "$2") + esc_infos=$(_json_escape "$4") + aliases=$(_cve_registry_field "$1" 4) + + # CPU affection status (cached, cheap) + if is_cpu_affected "$1" 2>/dev/null; then + cpu_affected='true' + else + cpu_affected='false' + fi + + # sysfs status: use the value captured by this CVE's check function, then clear it + # so it doesn't leak into the next CVE that might not call sys_interface_check + sysfs_status="${g_json_cve_sysfs_status:-}" + sysfs_msg="${g_json_cve_sysfs_msg:-}" + + : "${g_json_vulns:=}" + g_json_vulns="${g_json_vulns}{\"cve\":\"$1\",\"name\":\"$esc_name\",\"aliases\":$(_json_str "$aliases"),\"cpu_affected\":$cpu_affected,\"status\":\"$3\",\"vulnerable\":$is_vuln,\"info\":\"$esc_infos\",\"sysfs_status\":$(_json_str "$sysfs_status"),\"sysfs_message\":$(_json_str "$sysfs_msg")}," +} + # Append vulnerable CVE IDs to the NRPE output buffer # Args: $1=cve $2=aka $3=status $4=description # Sets: g_nrpe_vuln @@ -85,7 +360,8 @@ pvulnstatus() { case "$opt_batch_format" in text) _emit_text "$1" "$aka" "$2" "$3" ;; short) _emit_short "$1" "$aka" "$2" "$3" ;; - json) _emit_json "$1" "$aka" "$2" "$3" ;; + json) _emit_json_full "$1" "$aka" "$2" "$3" ;; + json-terse) _emit_json_terse "$1" "$aka" "$2" "$3" ;; nrpe) _emit_nrpe "$1" "$aka" "$2" "$3" ;; prometheus) _emit_prometheus "$1" "$aka" "$2" "$3" ;; *) @@ -93,6 +369,9 @@ pvulnstatus() { exit 255 ;; esac + # reset per-CVE sysfs globals so they don't leak into the next CVE + g_json_cve_sysfs_status='' + g_json_cve_sysfs_msg='' fi _record_result "$1" "$2" diff --git a/src/libs/380_hw_microcode.sh b/src/libs/380_hw_microcode.sh index 9245392..a486f1a 100644 --- a/src/libs/380_hw_microcode.sh +++ b/src/libs/380_hw_microcode.sh @@ -33,11 +33,12 @@ read_inteldb() { } # Check whether the CPU is running the latest known microcode version -# Sets: ret_is_latest_known_ucode_latest +# Sets: ret_is_latest_known_ucode_latest, ret_is_latest_known_ucode_version # Returns: 0=latest, 1=outdated, 2=unknown is_latest_known_ucode() { local brand_prefix tuple pfmask ucode ucode_date parse_cpu_details + ret_is_latest_known_ucode_version='' if [ "$cpu_cpuid" = 0 ]; then ret_is_latest_known_ucode_latest="couldn't get your cpuid" return 2 @@ -64,6 +65,8 @@ is_latest_known_ucode() { ucode_date=$(echo "$tuple" | cut -d, -f5 | sed -E 's=(....)(..)(..)=\1/\2/\3=') pr_debug "is_latest_known_ucode: with cpuid $cpu_cpuid has ucode $cpu_ucode, last known is $ucode from $ucode_date" ret_is_latest_known_ucode_latest=$(printf "latest version is 0x%x dated $ucode_date according to $g_mcedb_info" "$ucode") + # shellcheck disable=SC2034 + ret_is_latest_known_ucode_version=$(printf "0x%x" "$ucode") if [ "$cpu_ucode" -ge "$ucode" ]; then return 0 else diff --git a/src/libs/400_hw_check.sh b/src/libs/400_hw_check.sh index bc5f52d..a6d8b66 100644 --- a/src/libs/400_hw_check.sh +++ b/src/libs/400_hw_check.sh @@ -312,9 +312,14 @@ sys_interface_check() { g_mockme=$(printf "%b\n%b" "$g_mockme" "SMC_MOCK_SYSFS_$(basename "$file")='$ret_sys_interface_check_fullmsg'") fi if [ "$mode" = silent ]; then + # capture sysfs message for JSON even in silent mode + # shellcheck disable=SC2034 + g_json_cve_sysfs_msg="$ret_sys_interface_check_fullmsg" return 0 elif [ "$mode" = quiet ]; then pr_info "* Information from the /sys interface: $ret_sys_interface_check_fullmsg" + # shellcheck disable=SC2034 + g_json_cve_sysfs_msg="$ret_sys_interface_check_fullmsg" return 0 fi pr_info_nol "* Mitigated according to the /sys interface: " @@ -334,6 +339,11 @@ sys_interface_check() { ret_sys_interface_check_status=UNK pstatus yellow UNKNOWN "$ret_sys_interface_check_fullmsg" fi + # capture for JSON full output (read by _emit_json_full via pvulnstatus) + # shellcheck disable=SC2034 + g_json_cve_sysfs_status="$ret_sys_interface_check_status" + # shellcheck disable=SC2034 + g_json_cve_sysfs_msg="$ret_sys_interface_check_fullmsg" pr_debug "sys_interface_check: $file=$msg (re=$regex)" return 0 } diff --git a/src/main.sh b/src/main.sh index 2b405c5..4b99f07 100644 --- a/src/main.sh +++ b/src/main.sh @@ -1,6 +1,12 @@ # vim: set ts=4 sw=4 sts=4 et: check_kernel_info + +# Build JSON meta and system sections early (after kernel info is resolved) +if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "json" ]; then + _build_json_meta +fi + pr_info if [ "$opt_no_hw" = 0 ] && [ -z "$opt_arch_prefix" ]; then @@ -10,6 +16,15 @@ if [ "$opt_no_hw" = 0 ] && [ -z "$opt_arch_prefix" ]; then pr_info fi +# Build JSON system/cpu/microcode sections (after check_cpu has populated cap_* vars and VMM detection) +if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "json" ]; then + _build_json_system + if [ "$opt_no_hw" = 0 ] && [ -z "$opt_arch_prefix" ]; then + _build_json_cpu + _build_json_cpu_microcode + fi +fi + # now run the checks the user asked for for cve in $g_supported_cve_list; do if [ "$opt_cve_all" = 1 ] || echo "$opt_cve_list" | grep -qw "$cve"; then @@ -80,10 +95,28 @@ if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "short" ]; then _pr_echo 0 "${g_short_output% }" fi -if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "json" ]; then +if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "json-terse" ]; then _pr_echo 0 "${g_json_output%?}]" fi +if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "json" ]; then + # Assemble the comprehensive JSON output from pre-built sections + # Inject mocked flag into meta (g_mocked can be set at any point during the run) + g_json_meta="${g_json_meta%\}},\"mocked\":$(_json_bool "${g_mocked:-0}")}" + _json_final='{' + _json_final="${_json_final}\"meta\":${g_json_meta:-null}" + _json_final="${_json_final},\"system\":${g_json_system:-null}" + _json_final="${_json_final},\"cpu\":${g_json_cpu:-null}" + _json_final="${_json_final},\"cpu_microcode\":${g_json_cpu_microcode:-null}" + if [ -n "${g_json_vulns:-}" ]; then + _json_final="${_json_final},\"vulnerabilities\":[${g_json_vulns%,}]" + else + _json_final="${_json_final},\"vulnerabilities\":[]" + fi + _json_final="${_json_final}}" + _pr_echo 0 "$_json_final" +fi + if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "prometheus" ]; then echo "# TYPE specex_vuln_status untyped" echo "# HELP specex_vuln_status Exposure of system to speculative execution vulnerabilities" diff --git a/src/vulns/CVE-2018-3639.sh b/src/vulns/CVE-2018-3639.sh index b0d1bae..7d46421 100644 --- a/src/vulns/CVE-2018-3639.sh +++ b/src/vulns/CVE-2018-3639.sh @@ -121,11 +121,21 @@ check_CVE_2018_3639_linux() { fi else if [ -n "$kernel_ssb" ]; then - pvulnstatus "$cve" VULN "Your CPU doesn't support SSBD" - explain "Your kernel is recent enough to use the CPU microcode features for mitigation, but your CPU microcode doesn't actually provide the necessary features for the kernel to use. The microcode of your CPU hence needs to be upgraded. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section)." + if [ "$cpu_vendor" = ARM ] || [ "$cpu_vendor" = CAVIUM ] || [ "$cpu_vendor" = PHYTIUM ]; then + pvulnstatus "$cve" VULN "no SSB mitigation is active on your system" + explain "ARM CPUs mitigate SSB either through a hardware SSBS bit (ARMv8.5+ CPUs) or through firmware support for SMCCC ARCH_WORKAROUND_2. Your kernel reports SSB status but neither mechanism appears to be active. For CPUs predating ARMv8.5 (such as Cortex-A57 or Cortex-A72), check with your board or SoC vendor for a firmware update that provides SMCCC ARCH_WORKAROUND_2 support." + else + pvulnstatus "$cve" VULN "Your CPU doesn't support SSBD" + explain "Your kernel is recent enough to use the CPU microcode features for mitigation, but your CPU microcode doesn't actually provide the necessary features for the kernel to use. The microcode of your CPU hence needs to be upgraded. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section)." + fi else - pvulnstatus "$cve" VULN "Neither your CPU nor your kernel support SSBD" - explain "Both your CPU microcode and your kernel are lacking support for mitigation. If you're using a distro kernel, upgrade your distro to get the latest kernel available. Otherwise, recompile the kernel from recent-enough sources. The microcode of your CPU also needs to be upgraded. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section)." + if [ "$cpu_vendor" = ARM ] || [ "$cpu_vendor" = CAVIUM ] || [ "$cpu_vendor" = PHYTIUM ]; then + pvulnstatus "$cve" VULN "your kernel and firmware do not support SSB mitigation" + explain "ARM SSB mitigation requires kernel support (CONFIG_ARM64_SSBD) combined with either a hardware SSBS bit (ARMv8.5+ CPUs) or firmware support for SMCCC ARCH_WORKAROUND_2. Ensure you are running a recent kernel compiled with CONFIG_ARM64_SSBD. For CPUs predating ARMv8.5, also check with your board or SoC vendor for a firmware update providing SMCCC ARCH_WORKAROUND_2 support." + else + pvulnstatus "$cve" VULN "Neither your CPU nor your kernel support SSBD" + explain "Both your CPU microcode and your kernel are lacking support for mitigation. If you're using a distro kernel, upgrade your distro to get the latest kernel available. Otherwise, recompile the kernel from recent-enough sources. The microcode of your CPU also needs to be upgraded. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section)." + fi fi fi else From 61fa02d577297a0eb20376cbdcaa164fcfa03cbd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 8 Apr 2026 20:51:12 +0200 Subject: [PATCH 33/57] feat: rework the --batch prometheus output entirely --- src/libs/002_core_globals.sh | 9 ++- src/libs/230_util_optparse.sh | 4 +- src/libs/250_output_emitters.sh | 119 +++++++++++++++++++++++++++++++- src/main.sh | 57 ++++++++++++++- 4 files changed, 183 insertions(+), 6 deletions(-) diff --git a/src/libs/002_core_globals.sh b/src/libs/002_core_globals.sh index 469f374..7aa5d8a 100644 --- a/src/libs/002_core_globals.sh +++ b/src/libs/002_core_globals.sh @@ -46,7 +46,8 @@ show_usage() { --batch json produce comprehensive JSON output with system, CPU, and vulnerability details --batch json-terse produce a terse JSON array of per-CVE results (legacy format) --batch nrpe produce machine readable output formatted for NRPE - --batch prometheus produce output for consumption by prometheus-node-exporter + --batch prometheus produce Prometheus metrics (smc_* schema, recommended) + --batch prometheus-legacy produce legacy Prometheus output (specex_vuln_status, deprecated) --variant VARIANT specify which variant you'd like to check, by default all variants are checked. can be used multiple times (e.g. --variant 3a --variant l1tf) @@ -138,6 +139,12 @@ opt_intel_db=1 g_critical=0 g_unknown=0 g_nrpe_vuln='' +g_smc_vuln_output='' +g_smc_ok_count=0 +g_smc_vuln_count=0 +g_smc_unk_count=0 +g_smc_system_info_line='' +g_smc_cpu_info_line='' # CVE Registry: single source of truth for all CVE metadata. # Fields: cve_id|json_key_name|affected_var_suffix|complete_name_and_aliases diff --git a/src/libs/230_util_optparse.sh b/src/libs/230_util_optparse.sh index 7de9896..b58fef6 100644 --- a/src/libs/230_util_optparse.sh +++ b/src/libs/230_util_optparse.sh @@ -116,7 +116,7 @@ while [ -n "${1:-}" ]; do opt_no_color=1 shift case "$1" in - text | short | nrpe | json | json-terse | prometheus) + text | short | nrpe | json | json-terse | prometheus | prometheus-legacy) opt_batch_format="$1" shift ;; @@ -124,7 +124,7 @@ while [ -n "${1:-}" ]; do '') ;; # allow nothing at all *) echo "$0: error: unknown batch format '$1'" >&2 - echo "$0: error: --batch expects a format from: text, nrpe, json, json-terse" >&2 + echo "$0: error: --batch expects a format from: text, short, nrpe, json, json-terse, prometheus, prometheus-legacy" >&2 exit 255 ;; esac diff --git a/src/libs/250_output_emitters.sh b/src/libs/250_output_emitters.sh index 0e48929..02c3507 100644 --- a/src/libs/250_output_emitters.sh +++ b/src/libs/250_output_emitters.sh @@ -8,6 +8,13 @@ _json_escape() { printf '%s' "$1" | sed -e 's/\\/\\\\/g' -e 's/"/\\"/g' -e 's/ /\\t/g' | tr '\n' ' ' } +# Escape a string for use as a Prometheus label value (handles backslashes, double quotes, newlines) +# Args: $1=string +# Prints: escaped string (without surrounding quotes) +_prom_escape() { + printf '%s' "$1" | sed -e 's/\\/\\\\/g' -e 's/"/\\"/g' | tr '\n' ' ' +} + # Convert a shell capability value to a JSON token # Args: $1=value (1=true, 0=false, -1/empty=null, other string=quoted string) # Prints: JSON token @@ -321,17 +328,124 @@ _emit_nrpe() { [ "$3" = VULN ] && g_nrpe_vuln="$g_nrpe_vuln $1" } -# Append a CVE result as a Prometheus metric to the batch output buffer +# Append a CVE result as a legacy Prometheus metric to the batch output buffer # Args: $1=cve $2=aka $3=status $4=description # Sets: g_prometheus_output # Callers: pvulnstatus -_emit_prometheus() { +_emit_prometheus_legacy() { local esc_info # escape backslashes and double quotes for Prometheus label values esc_info=$(printf '%s' "$4" | sed -e 's/\\/\\\\/g' -e 's/"/\\"/g') g_prometheus_output="${g_prometheus_output:+$g_prometheus_output\n}specex_vuln_status{name=\"$2\",cve=\"$1\",status=\"$3\",info=\"$esc_info\"} 1" } +# Append a CVE result as a Prometheus gauge to the new-format batch output buffer +# Status is encoded numerically: 0=not_vulnerable, 1=vulnerable, 2=unknown +# Args: $1=cve $2=aka $3=status(UNK|VULN|OK) $4=description +# Sets: g_smc_vuln_output, g_smc_ok_count, g_smc_vuln_count, g_smc_unk_count +# Callers: pvulnstatus +_emit_prometheus() { + local numeric_status cpu_affected full_name esc_name + case "$3" in + OK) numeric_status=0 ; g_smc_ok_count=$((g_smc_ok_count + 1)) ;; + VULN) numeric_status=1 ; g_smc_vuln_count=$((g_smc_vuln_count + 1)) ;; + UNK) numeric_status=2 ; g_smc_unk_count=$((g_smc_unk_count + 1)) ;; + *) + echo "$0: error: unknown status '$3' passed to _emit_prometheus()" >&2 + exit 255 + ;; + esac + if is_cpu_affected "$1" 2>/dev/null; then + cpu_affected='true' + else + cpu_affected='false' + fi + # use the complete CVE name (field 4) rather than the short aka key (field 2) + full_name=$(_cve_registry_field "$1" 4) + esc_name=$(_prom_escape "$full_name") + g_smc_vuln_output="${g_smc_vuln_output:+$g_smc_vuln_output\n}smc_vulnerability_status{cve=\"$1\",name=\"$esc_name\",cpu_affected=\"$cpu_affected\"} $numeric_status" +} + +# Build the smc_system_info Prometheus metric line +# Sets: g_smc_system_info_line +# Callers: src/main.sh (after check_cpu / check_cpu_vulnerabilities) +# shellcheck disable=SC2034 +_build_prometheus_system_info() { + local kernel_release kernel_arch hypervisor_host sys_labels + if [ "$opt_live" = 1 ]; then + kernel_release=$(uname -r 2>/dev/null || true) + kernel_arch=$(uname -m 2>/dev/null || true) + else + kernel_release='' + kernel_arch='' + fi + case "${g_has_vmm:-}" in + 1) hypervisor_host='true' ;; + 0) hypervisor_host='false' ;; + *) hypervisor_host='' ;; + esac + sys_labels='' + [ -n "$kernel_release" ] && sys_labels="${sys_labels:+$sys_labels,}kernel_release=\"$(_prom_escape "$kernel_release")\"" + [ -n "$kernel_arch" ] && sys_labels="${sys_labels:+$sys_labels,}kernel_arch=\"$(_prom_escape "$kernel_arch")\"" + [ -n "$hypervisor_host" ] && sys_labels="${sys_labels:+$sys_labels,}hypervisor_host=\"$hypervisor_host\"" + [ -n "$sys_labels" ] && g_smc_system_info_line="smc_system_info{$sys_labels} 1" +} + +# Build the smc_cpu_info Prometheus metric line +# Sets: g_smc_cpu_info_line +# Callers: src/main.sh (after check_cpu / check_cpu_vulnerabilities) +# shellcheck disable=SC2034 +_build_prometheus_cpu_info() { + local cpuid_hex ucode_hex ucode_latest_hex ucode_uptodate ucode_blacklisted codename smt_val cpu_labels + if [ -n "${cpu_cpuid:-}" ]; then + cpuid_hex=$(printf '0x%08x' "$cpu_cpuid") + else + cpuid_hex='' + fi + if [ -n "${cpu_ucode:-}" ]; then + ucode_hex=$(printf '0x%x' "$cpu_ucode") + else + ucode_hex='' + fi + is_latest_known_ucode + case $? in + 0) ucode_uptodate='true' ;; + 1) ucode_uptodate='false' ;; + *) ucode_uptodate='' ;; + esac + ucode_latest_hex="${ret_is_latest_known_ucode_version:-}" + if is_ucode_blacklisted; then + ucode_blacklisted='true' + else + ucode_blacklisted='false' + fi + codename='' + if is_intel; then + codename=$(get_intel_codename 2>/dev/null || true) + fi + is_cpu_smt_enabled + case $? in + 0) smt_val='true' ;; + 1) smt_val='false' ;; + *) smt_val='' ;; + esac + cpu_labels='' + [ -n "${cpu_vendor:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}vendor=\"$(_prom_escape "$cpu_vendor")\"" + [ -n "${cpu_friendly_name:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}model=\"$(_prom_escape "$cpu_friendly_name")\"" + [ -n "${cpu_family:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}family=\"$cpu_family\"" + [ -n "${cpu_model:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}model_id=\"$cpu_model\"" + [ -n "${cpu_stepping:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}stepping=\"$cpu_stepping\"" + [ -n "$cpuid_hex" ] && cpu_labels="${cpu_labels:+$cpu_labels,}cpuid=\"$cpuid_hex\"" + [ -n "$codename" ] && cpu_labels="${cpu_labels:+$cpu_labels,}codename=\"$(_prom_escape "$codename")\"" + [ -n "$smt_val" ] && cpu_labels="${cpu_labels:+$cpu_labels,}smt=\"$smt_val\"" + [ -n "$ucode_hex" ] && cpu_labels="${cpu_labels:+$cpu_labels,}microcode=\"$ucode_hex\"" + [ -n "$ucode_latest_hex" ] && cpu_labels="${cpu_labels:+$cpu_labels,}microcode_latest=\"$ucode_latest_hex\"" + [ -n "$ucode_uptodate" ] && cpu_labels="${cpu_labels:+$cpu_labels,}microcode_up_to_date=\"$ucode_uptodate\"" + # always emit microcode_blacklisted when we have microcode info (it's a boolean, never omit) + [ -n "$ucode_hex" ] && cpu_labels="${cpu_labels:+$cpu_labels,}microcode_blacklisted=\"$ucode_blacklisted\"" + [ -n "$cpu_labels" ] && g_smc_cpu_info_line="smc_cpu_info{$cpu_labels} 1" +} + # Update global state used to determine the program exit code # Args: $1=cve $2=status(UNK|VULN|OK) # Sets: g_unknown, g_critical @@ -364,6 +478,7 @@ pvulnstatus() { json-terse) _emit_json_terse "$1" "$aka" "$2" "$3" ;; nrpe) _emit_nrpe "$1" "$aka" "$2" "$3" ;; prometheus) _emit_prometheus "$1" "$aka" "$2" "$3" ;; + prometheus-legacy) _emit_prometheus_legacy "$1" "$aka" "$2" "$3" ;; *) echo "$0: error: invalid batch format '$opt_batch_format' specified" >&2 exit 255 diff --git a/src/main.sh b/src/main.sh index 4b99f07..ca3dd09 100644 --- a/src/main.sh +++ b/src/main.sh @@ -25,6 +25,14 @@ if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "json" ]; then fi fi +# Build Prometheus info metric lines (same timing requirement as JSON builders above) +if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "prometheus" ]; then + _build_prometheus_system_info + if [ "$opt_no_hw" = 0 ] && [ -z "$opt_arch_prefix" ]; then + _build_prometheus_cpu_info + fi +fi + # now run the checks the user asked for for cve in $g_supported_cve_list; do if [ "$opt_cve_all" = 1 ] || echo "$opt_cve_list" | grep -qw "$cve"; then @@ -117,12 +125,59 @@ if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "json" ]; then _pr_echo 0 "$_json_final" fi -if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "prometheus" ]; then +if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "prometheus-legacy" ]; then echo "# TYPE specex_vuln_status untyped" echo "# HELP specex_vuln_status Exposure of system to speculative execution vulnerabilities" printf "%b\n" "$g_prometheus_output" fi +if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "prometheus" ]; then + prom_run_as_root='false' + [ "$(id -u)" -eq 0 ] && prom_run_as_root='true' + prom_mode='offline' + [ "$opt_live" = 1 ] && prom_mode='live' + prom_paranoid='false' + [ "$opt_paranoid" = 1 ] && prom_paranoid='true' + prom_sysfs_only='false' + [ "$opt_sysfs_only" = 1 ] && prom_sysfs_only='true' + prom_reduced_accuracy='false' + [ "${g_bad_accuracy:-0}" = 1 ] && prom_reduced_accuracy='true' + prom_mocked='false' + [ "${g_mocked:-0}" = 1 ] && prom_mocked='true' + echo "# HELP smc_build_info spectre-meltdown-checker script metadata (always 1)" + echo "# TYPE smc_build_info gauge" + printf 'smc_build_info{version="%s",mode="%s",run_as_root="%s",paranoid="%s",sysfs_only="%s",reduced_accuracy="%s",mocked="%s"} 1\n' \ + "$(_prom_escape "$VERSION")" \ + "$prom_mode" \ + "$prom_run_as_root" \ + "$prom_paranoid" \ + "$prom_sysfs_only" \ + "$prom_reduced_accuracy" \ + "$prom_mocked" + if [ -n "${g_smc_system_info_line:-}" ]; then + echo "# HELP smc_system_info Operating system and kernel metadata (always 1)" + echo "# TYPE smc_system_info gauge" + echo "$g_smc_system_info_line" + fi + if [ -n "${g_smc_cpu_info_line:-}" ]; then + echo "# HELP smc_cpu_info CPU hardware and microcode metadata (always 1)" + echo "# TYPE smc_cpu_info gauge" + echo "$g_smc_cpu_info_line" + fi + echo "# HELP smc_vulnerability_status Vulnerability check result per CVE: 0=not_vulnerable, 1=vulnerable, 2=unknown" + echo "# TYPE smc_vulnerability_status gauge" + printf "%b\n" "$g_smc_vuln_output" + echo "# HELP smc_vulnerable_count Number of CVEs with vulnerable status" + echo "# TYPE smc_vulnerable_count gauge" + echo "smc_vulnerable_count $g_smc_vuln_count" + echo "# HELP smc_unknown_count Number of CVEs with unknown status" + echo "# TYPE smc_unknown_count gauge" + echo "smc_unknown_count $g_smc_unk_count" + echo "# HELP smc_last_scan_timestamp_seconds Unix timestamp when this scan completed" + echo "# TYPE smc_last_scan_timestamp_seconds gauge" + echo "smc_last_scan_timestamp_seconds $(date +%s 2>/dev/null || echo 0)" +fi + # exit with the proper exit code [ "$g_critical" = 1 ] && exit 2 # critical [ "$g_unknown" = 1 ] && exit 3 # unknown From a952fe32c40c4335718c72655012c9b86601fe92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 8 Apr 2026 20:51:36 +0200 Subject: [PATCH 34/57] fix: exit_cleanup: don't lose passed exit code --- src/libs/001_core_header.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/libs/001_core_header.sh b/src/libs/001_core_header.sh index 2723c25..6b3d4e0 100644 --- a/src/libs/001_core_header.sh +++ b/src/libs/001_core_header.sh @@ -27,8 +27,7 @@ trap 'exit_cleanup' EXIT trap 'pr_warn "interrupted, cleaning up..."; exit_cleanup; exit 1' INT # Clean up temporary files and undo module/mount side effects on exit exit_cleanup() { - local saved_ret - saved_ret=$? + local saved_ret=$? # cleanup the temp decompressed config & kernel image [ -n "${g_dumped_config:-}" ] && [ -f "$g_dumped_config" ] && rm -f "$g_dumped_config" [ -n "${g_kerneltmp:-}" ] && [ -f "$g_kerneltmp" ] && rm -f "$g_kerneltmp" From 5c469787eab72dd56bf8d81d307892737881f908 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 8 Apr 2026 20:51:58 +0200 Subject: [PATCH 35/57] enh: rework --batch nrpe entirely --- src/libs/002_core_globals.sh | 7 +++++- src/libs/250_output_emitters.sh | 17 ++++++++++--- src/main.sh | 44 ++++++++++++++++++++++++++++++--- 3 files changed, 61 insertions(+), 7 deletions(-) diff --git a/src/libs/002_core_globals.sh b/src/libs/002_core_globals.sh index 7aa5d8a..37662df 100644 --- a/src/libs/002_core_globals.sh +++ b/src/libs/002_core_globals.sh @@ -138,7 +138,12 @@ opt_intel_db=1 g_critical=0 g_unknown=0 -g_nrpe_vuln='' +g_nrpe_total=0 +g_nrpe_vuln_count=0 +g_nrpe_unk_count=0 +g_nrpe_vuln_ids='' +g_nrpe_vuln_details='' +g_nrpe_unk_details='' g_smc_vuln_output='' g_smc_ok_count=0 g_smc_vuln_count=0 diff --git a/src/libs/250_output_emitters.sh b/src/libs/250_output_emitters.sh index 02c3507..23e11a6 100644 --- a/src/libs/250_output_emitters.sh +++ b/src/libs/250_output_emitters.sh @@ -320,12 +320,23 @@ _emit_json_full() { g_json_vulns="${g_json_vulns}{\"cve\":\"$1\",\"name\":\"$esc_name\",\"aliases\":$(_json_str "$aliases"),\"cpu_affected\":$cpu_affected,\"status\":\"$3\",\"vulnerable\":$is_vuln,\"info\":\"$esc_infos\",\"sysfs_status\":$(_json_str "$sysfs_status"),\"sysfs_message\":$(_json_str "$sysfs_msg")}," } -# Append vulnerable CVE IDs to the NRPE output buffer +# Accumulate a CVE result into the NRPE output buffers # Args: $1=cve $2=aka $3=status $4=description -# Sets: g_nrpe_vuln +# Sets: g_nrpe_total, g_nrpe_vuln_count, g_nrpe_unk_count, g_nrpe_vuln_ids, g_nrpe_vuln_details, g_nrpe_unk_details # Callers: pvulnstatus _emit_nrpe() { - [ "$3" = VULN ] && g_nrpe_vuln="$g_nrpe_vuln $1" + g_nrpe_total=$((g_nrpe_total + 1)) + case "$3" in + VULN) + g_nrpe_vuln_count=$((g_nrpe_vuln_count + 1)) + g_nrpe_vuln_ids="${g_nrpe_vuln_ids:+$g_nrpe_vuln_ids }$1" + g_nrpe_vuln_details="${g_nrpe_vuln_details:+$g_nrpe_vuln_details\n}[CRITICAL] $1 ($2): $4" + ;; + UNK) + g_nrpe_unk_count=$((g_nrpe_unk_count + 1)) + g_nrpe_unk_details="${g_nrpe_unk_details:+$g_nrpe_unk_details\n}[UNKNOWN] $1 ($2): $4" + ;; + esac } # Append a CVE result as a legacy Prometheus metric to the batch output buffer diff --git a/src/main.sh b/src/main.sh index ca3dd09..211ffbf 100644 --- a/src/main.sh +++ b/src/main.sh @@ -92,11 +92,49 @@ if [ "$g_mocked" = 1 ]; then fi if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "nrpe" ]; then - if [ -n "$g_nrpe_vuln" ]; then - echo "Vulnerable:$g_nrpe_vuln" + _nrpe_is_root=0 + [ "$(id -u)" -eq 0 ] && _nrpe_is_root=1 + + # Non-root + VULN: demote to UNKNOWN, MSR reads were skipped so VULN findings + # may be false positives or genuine mitigations may have gone undetected + _nrpe_demoted=0 + [ "$g_nrpe_vuln_count" -gt 0 ] && [ "$_nrpe_is_root" = 0 ] && _nrpe_demoted=1 + + # Determine status word and build the one-line summary + if [ "$_nrpe_demoted" = 1 ]; then + _nrpe_status_word='UNKNOWN' + _nrpe_summary="${g_nrpe_vuln_count}/${g_nrpe_total} CVE(s) appear vulnerable (unconfirmed, not root): ${g_nrpe_vuln_ids}" + [ "$g_nrpe_unk_count" -gt 0 ] && _nrpe_summary="${_nrpe_summary}, ${g_nrpe_unk_count} inconclusive" + elif [ "$g_nrpe_vuln_count" -gt 0 ]; then + _nrpe_status_word='CRITICAL' + _nrpe_summary="${g_nrpe_vuln_count}/${g_nrpe_total} CVE(s) vulnerable: ${g_nrpe_vuln_ids}" + [ "$g_nrpe_unk_count" -gt 0 ] && _nrpe_summary="${_nrpe_summary}, ${g_nrpe_unk_count} inconclusive" + elif [ "$g_nrpe_unk_count" -gt 0 ]; then + _nrpe_status_word='UNKNOWN' + _nrpe_summary="${g_nrpe_unk_count}/${g_nrpe_total} CVE checks inconclusive" else - echo "OK" + _nrpe_status_word='OK' + _nrpe_summary="All ${g_nrpe_total} CVE checks passed" fi + + # Line 1: status word + summary + performance data (Nagios plugin spec) + echo "${_nrpe_status_word}: ${_nrpe_summary} | checked=${g_nrpe_total} vulnerable=${g_nrpe_vuln_count} unknown=${g_nrpe_unk_count}" + + # Long output (lines 2+): context notes, then per-CVE details + [ "$opt_paranoid" = 1 ] && echo "NOTE: paranoid mode active, stricter mitigation requirements applied" + case "${g_has_vmm:-}" in + 1) echo "NOTE: hypervisor host detected (${g_has_vmm_reason:-VMM}); L1TF/MDS severity is elevated" ;; + 0) echo "NOTE: not a hypervisor host" ;; + esac + [ "$_nrpe_is_root" = 0 ] && echo "NOTE: not running as root; MSR reads skipped, results may be incomplete" + + # VULN details first, then UNK details (each group in CVE-registry order) + [ -n "${g_nrpe_vuln_details:-}" ] && printf "%b\n" "$g_nrpe_vuln_details" + [ -n "${g_nrpe_unk_details:-}" ] && printf "%b\n" "$g_nrpe_unk_details" + + # Exit with the correct Nagios code when we demoted VULN→UNKNOWN due to non-root + # (g_critical=1 would otherwise cause exit 2 below) + [ "$_nrpe_demoted" = 1 ] && exit 3 fi if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "short" ]; then From 3f7e0a11f79ee00c03cfcfcb9f778fe93f39ed2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 8 Apr 2026 20:52:22 +0200 Subject: [PATCH 36/57] enh: CVE-2018-3640 (Spectre 3a): enhance ARM mitigation detection --- src/vulns/CVE-2018-3640.sh | 74 ++++++++++++++++++++++++++++++-------- 1 file changed, 59 insertions(+), 15 deletions(-) diff --git a/src/vulns/CVE-2018-3640.sh b/src/vulns/CVE-2018-3640.sh index 42a23e4..72064e7 100644 --- a/src/vulns/CVE-2018-3640.sh +++ b/src/vulns/CVE-2018-3640.sh @@ -3,7 +3,7 @@ # CVE-2018-3640, Variant 3a, Rogue System Register Read check_CVE_2018_3640() { - local status sys_interface_available msg cve + local status sys_interface_available msg cve is_arm64_kernel arm_v3a_mitigation cve='CVE-2018-3640' pr_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m" @@ -11,22 +11,66 @@ check_CVE_2018_3640() { sys_interface_available=0 msg='' - pr_info_nol "* CPU microcode mitigates the vulnerability: " - if [ -n "$cap_ssbd" ]; then - # microcodes that ship with SSBD are known to also fix affected_variant3a - # there is no specific cpuid bit as far as we know - pstatus green YES - else - pstatus yellow NO + # Detect whether the target kernel is ARM64, for both live and offline modes. + # In offline cross-inspection (x86 host, ARM kernel), cpu_vendor reflects the host, + # so also check for arm64_sys_ symbols (same pattern used in CVE-2018-3639). + is_arm64_kernel=0 + if [ "$cpu_vendor" = ARM ] || [ "$cpu_vendor" = CAVIUM ] || [ "$cpu_vendor" = PHYTIUM ]; then + is_arm64_kernel=1 + elif [ -n "$opt_map" ] && grep -q 'arm64_sys_' "$opt_map" 2>/dev/null; then + is_arm64_kernel=1 + elif [ -n "$g_kernel" ] && grep -q 'arm64_sys_' "$g_kernel" 2>/dev/null; then + is_arm64_kernel=1 + elif [ -n "$opt_config" ] && grep -qw 'CONFIG_ARM64=y' "$opt_config" 2>/dev/null; then + is_arm64_kernel=1 fi - if ! is_cpu_affected "$cve"; then - # override status & msg in case CPU is not vulnerable after all - pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" - elif [ -n "$cap_ssbd" ]; then - pvulnstatus "$cve" OK "your CPU microcode mitigates the vulnerability" + if [ "$is_arm64_kernel" = 1 ]; then + # ARM64: mitigation is via an EL2 indirect trampoline (spectre_v3a_enable_mitigation), + # applied automatically at boot for affected CPUs (Cortex-A57, Cortex-A72). + # No microcode update is involved. + arm_v3a_mitigation='' + if [ -n "$opt_map" ] && grep -qw spectre_v3a_enable_mitigation "$opt_map" 2>/dev/null; then + arm_v3a_mitigation="found spectre_v3a_enable_mitigation in System.map" + fi + if [ -z "$arm_v3a_mitigation" ] && [ -n "$g_kernel" ]; then + if "${opt_arch_prefix}strings" "$g_kernel" 2>/dev/null | grep -qw spectre_v3a_enable_mitigation; then + arm_v3a_mitigation="found spectre_v3a_enable_mitigation in kernel image" + fi + fi + + pr_info_nol "* Kernel mitigates the vulnerability via EL2 hardening: " + if [ -n "$arm_v3a_mitigation" ]; then + pstatus green YES "$arm_v3a_mitigation" + else + pstatus yellow NO + fi + + if ! is_cpu_affected "$cve"; then + pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" + elif [ -n "$arm_v3a_mitigation" ]; then + pvulnstatus "$cve" OK "your kernel mitigates the vulnerability via EL2 vector hardening" + else + pvulnstatus "$cve" VULN "your kernel does not include the EL2 vector hardening mitigation" + explain "ARM64 Spectre v3a mitigation is provided by the kernel using an indirect trampoline for EL2 (hypervisor) vectors (spectre_v3a_enable_mitigation). Ensure you are running a recent kernel. If you're using a distro kernel, upgrading your distro should provide a kernel with this mitigation included." + fi else - pvulnstatus "$cve" VULN "an up-to-date CPU microcode is needed to mitigate this vulnerability" - explain "The microcode of your CPU needs to be upgraded to mitigate this vulnerability. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section). The microcode update is enough, there is no additional OS, kernel or software change needed." + # x86: microcodes that ship with SSBD are known to also fix variant 3a; + # there is no specific CPUID bit for variant 3a as far as we know. + pr_info_nol "* CPU microcode mitigates the vulnerability: " + if [ -n "$cap_ssbd" ]; then + pstatus green YES + else + pstatus yellow NO + fi + + if ! is_cpu_affected "$cve"; then + pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" + elif [ -n "$cap_ssbd" ]; then + pvulnstatus "$cve" OK "your CPU microcode mitigates the vulnerability" + else + pvulnstatus "$cve" VULN "an up-to-date CPU microcode is needed to mitigate this vulnerability" + explain "The microcode of your CPU needs to be upgraded to mitigate this vulnerability. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section). The microcode update is enough, there is no additional OS, kernel or software change needed." + fi fi } From b9c203120bc1f51988a91f104d2e772bd94547fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 8 Apr 2026 20:53:00 +0200 Subject: [PATCH 37/57] enh: --no-runtime and --no-hw modes replacing --live and implicit 'offline' mode --- src/libs/002_core_globals.sh | 32 ++++++++++++++----------- src/libs/230_util_optparse.sh | 22 ++++++++++------- src/libs/250_output_emitters.sh | 12 ++++++---- src/libs/400_hw_check.sh | 22 ++++++++--------- src/main.sh | 9 +++++-- src/vulns-helpers/check_mds.sh | 12 +++++----- src/vulns-helpers/check_mmio.sh | 4 ++-- src/vulns/CVE-2017-5715.sh | 42 ++++++++++++++++----------------- src/vulns/CVE-2017-5753.sh | 2 +- src/vulns/CVE-2017-5754.sh | 12 +++++----- src/vulns/CVE-2018-12207.sh | 6 ++--- src/vulns/CVE-2018-3620.sh | 6 ++--- src/vulns/CVE-2018-3639.sh | 6 ++--- src/vulns/CVE-2018-3640.sh | 2 +- src/vulns/CVE-2018-3646.sh | 14 +++++------ src/vulns/CVE-2019-11135.sh | 6 ++--- src/vulns/CVE-2020-0543.sh | 8 +++---- src/vulns/CVE-2022-29900.sh | 6 ++--- src/vulns/CVE-2022-29901.sh | 8 +++---- src/vulns/CVE-2022-40982.sh | 4 ++-- src/vulns/CVE-2023-20588.sh | 8 +++---- src/vulns/CVE-2023-20593.sh | 6 ++--- src/vulns/CVE-2023-28746.sh | 4 ++-- 23 files changed, 135 insertions(+), 118 deletions(-) diff --git a/src/libs/002_core_globals.sh b/src/libs/002_core_globals.sh index 37662df..f87a610 100644 --- a/src/libs/002_core_globals.sh +++ b/src/libs/002_core_globals.sh @@ -4,26 +4,29 @@ show_usage() { # shellcheck disable=SC2086 cat <] [--config ] [--map ]> --live - Offline mode: $(basename $0) [options] <[--kernel ] [--config ] [--map ]> + Live mode: $(basename $0) [options] [--kernel ] [--config ] [--map ] + No-runtime: $(basename $0) [options] --no-runtime <--kernel > [--config ] [--map ] + No-hw: $(basename $0) [options] --no-hw <--kernel > [--config ] [--map ] Modes: - Two modes are available. + Three modes are available. - First mode is the "live" mode (default), it does its best to find information about the currently running kernel. - To run under this mode, just start the script without any option (you can also use --live explicitly) - - Second mode is the "offline" mode, where you can inspect a non-running kernel. - This mode is automatically enabled when you specify the location of the kernel file, config and System.map files: + First mode is the "live" mode (default), it does its best to find information about the currently + running kernel. To run under this mode, just start the script without any option. + You can optionally specify --kernel, --config, or --map to help the script locate files it + couldn't auto-detect, without changing the mode. --kernel kernel_file specify a (possibly compressed) Linux or BSD kernel file --config kernel_config specify a kernel config file (Linux only) --map kernel_map_file specify a kernel System.map file (Linux only) - If you want to use live mode while specifying the location of the kernel, config or map file yourself, - you can add --live to the above options, to tell the script to run in live mode instead of the offline mode, - which is enabled by default when at least one file is specified on the command line. + Second mode is "no-runtime" (--no-runtime), where the script inspects the local CPU hardware + but skips all running-kernel artifacts (/sys, /proc, dmesg). Use this when you have a kernel + image from another system but want to check it against this CPU. + + Third mode is "no-hw" (--no-hw), where the script skips both CPU hardware inspection and + running-kernel artifacts. Use this for pure static analysis of a kernel image, for example + when inspecting an embedded kernel from a different architecture. Options: --no-color don't use color codes @@ -55,7 +58,8 @@ show_usage() { --cve CVE specify which CVE you'd like to check, by default all supported CVEs are checked can be used multiple times (e.g. --cve CVE-2017-5753 --cve CVE-2020-0543) --hw-only only check for CPU information, don't check for any variant - --no-hw skip CPU information and checks, if you're inspecting a kernel not to be run on this host + --no-runtime skip running-kernel checks (/sys, /proc, dmesg), still inspect local CPU hardware + --no-hw skip CPU information and running-kernel checks (implies --no-runtime) --vmm [auto,yes,no] override the detection of the presence of a hypervisor, default: auto --no-intel-db don't use the builtin Intel DB of affected processors --allow-msr-write allow probing for write-only MSRs, this might produce kernel logs or be blocked by your system @@ -114,7 +118,7 @@ g_os=$(uname -s) opt_kernel='' opt_config='' opt_map='' -opt_live=-1 +opt_runtime=1 opt_no_color=0 opt_batch=0 opt_batch_format='text' diff --git a/src/libs/230_util_optparse.sh b/src/libs/230_util_optparse.sh index b58fef6..4342655 100644 --- a/src/libs/230_util_optparse.sh +++ b/src/libs/230_util_optparse.sh @@ -47,7 +47,7 @@ while [ -n "${1:-}" ]; do opt_arch_prefix="$2" shift 2 elif [ "$1" = "--live" ]; then - opt_live=1 + # deprecated, kept for backward compatibility (live is now the default) shift elif [ "$1" = "--no-color" ]; then opt_no_color=1 @@ -74,8 +74,12 @@ while [ -n "${1:-}" ]; do elif [ "$1" = "--hw-only" ]; then opt_hw_only=1 shift + elif [ "$1" = "--no-runtime" ]; then + opt_runtime=0 + shift elif [ "$1" = "--no-hw" ]; then opt_no_hw=1 + opt_runtime=0 shift elif [ "$1" = "--allow-msr-write" ]; then opt_allow_msr_write=1 @@ -334,11 +338,13 @@ if [ "$opt_no_hw" = 1 ] && [ "$opt_hw_only" = 1 ]; then exit 255 fi -if [ "$opt_live" = -1 ]; then - if [ -n "$opt_kernel" ] || [ -n "$opt_config" ] || [ -n "$opt_map" ]; then - # no --live specified and we have a least one of the kernel/config/map files on the cmdline: offline mode - opt_live=0 - else - opt_live=1 - fi +if [ "$opt_runtime" = 0 ] && [ "$opt_sysfs_only" = 1 ]; then + pr_warn "Incompatible options specified (--no-runtime and --sysfs-only), aborting" + exit 255 fi + +if [ "$opt_runtime" = 0 ] && [ -z "$opt_kernel" ] && [ -z "$opt_config" ] && [ -z "$opt_map" ]; then + pr_warn "Option --no-runtime requires at least one of --kernel, --config, or --map" + exit 255 +fi + diff --git a/src/libs/250_output_emitters.sh b/src/libs/250_output_emitters.sh index 23e11a6..31116e7 100644 --- a/src/libs/250_output_emitters.sh +++ b/src/libs/250_output_emitters.sh @@ -68,10 +68,12 @@ _json_bool() { _build_json_meta() { local timestamp mode timestamp=$(date -u '+%Y-%m-%dT%H:%M:%SZ' 2>/dev/null || echo "unknown") - if [ "$opt_live" = 1 ]; then - mode="live" + if [ "$opt_no_hw" = 1 ]; then + mode="no-hw" + elif [ "$opt_runtime" = 0 ]; then + mode="no-runtime" else - mode="offline" + mode="live" fi local run_as_root if [ "$(id -u)" -eq 0 ]; then @@ -97,7 +99,7 @@ _build_json_meta() { # shellcheck disable=SC2034 _build_json_system() { local kernel_release kernel_version kernel_arch smt_val - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then kernel_release=$(uname -r) kernel_version=$(uname -v) kernel_arch=$(uname -m) @@ -383,7 +385,7 @@ _emit_prometheus() { # shellcheck disable=SC2034 _build_prometheus_system_info() { local kernel_release kernel_arch hypervisor_host sys_labels - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then kernel_release=$(uname -r 2>/dev/null || true) kernel_arch=$(uname -m 2>/dev/null || true) else diff --git a/src/libs/400_hw_check.sh b/src/libs/400_hw_check.sh index a6d8b66..f923b36 100644 --- a/src/libs/400_hw_check.sh +++ b/src/libs/400_hw_check.sh @@ -89,7 +89,7 @@ if [ "$opt_cpu" != all ] && [ "$opt_cpu" -gt "$g_max_core_id" ]; then exit 255 fi -if [ "$opt_live" = 1 ]; then +if [ "$opt_runtime" = 1 ]; then pr_info "Checking for vulnerabilities on current system" # try to find the image of the current running kernel @@ -251,7 +251,7 @@ else fi if [ -n "$g_kernel_version" ]; then # in live mode, check if the img we found is the correct one - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then pr_verbose "Kernel image is \033[35m$g_kernel_version" if ! echo "$g_kernel_version" | grep -qF "$(uname -r)"; then pr_warn "Possible discrepancy between your running kernel '$(uname -r)' and the image '$g_kernel_version' we found ($opt_kernel), results might be incorrect" @@ -283,7 +283,7 @@ sys_interface_check() { msg='' ret_sys_interface_check_fullmsg='' - if [ "$opt_live" = 1 ] && [ "$opt_no_sysfs" = 0 ] && [ -r "$file" ]; then + if [ "$opt_runtime" = 1 ] && [ "$opt_no_sysfs" = 0 ] && [ -r "$file" ]; then : else g_mockme=$(printf "%b\n%b" "$g_mockme" "SMC_MOCK_SYSFS_$(basename "$file")_RET=1") @@ -352,7 +352,7 @@ sys_interface_check() { check_kernel_info() { local config_display pr_info "\033[1;34mKernel information\033[0m" - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then pr_info "* Kernel is \033[35m$g_os $(uname -r) $(uname -v) $(uname -m)\033[0m" elif [ -n "$g_kernel_version" ]; then pr_info "* Kernel is \033[35m$g_kernel_version\033[0m" @@ -456,7 +456,7 @@ check_cpu() { ret=invalid pstatus yellow NO "unknown CPU" fi - if [ -z "$cap_ibrs" ] && [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_live" = 1 ]; then + if [ -z "$cap_ibrs" ] && [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_runtime" = 1 ]; then # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo if grep ^flags "$g_procfs/cpuinfo" | grep -qw ibrs; then cap_ibrs='IBRS (cpuinfo)' @@ -533,7 +533,7 @@ check_cpu() { if [ $ret = $READ_CPUID_RET_OK ]; then cap_ibpb='IBPB_SUPPORT' pstatus green YES "IBPB_SUPPORT feature bit" - elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_live" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw ibpb; then + elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_runtime" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw ibpb; then # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo cap_ibpb='IBPB (cpuinfo)' pstatus green YES "ibpb flag in $g_procfs/cpuinfo" @@ -604,7 +604,7 @@ check_cpu() { ret=invalid pstatus yellow UNKNOWN "unknown CPU" fi - if [ -z "$cap_stibp" ] && [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_live" = 1 ]; then + if [ -z "$cap_stibp" ] && [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_runtime" = 1 ]; then # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo if grep ^flags "$g_procfs/cpuinfo" | grep -qw stibp; then cap_stibp='STIBP (cpuinfo)' @@ -676,7 +676,7 @@ check_cpu() { fi fi - if [ -z "$cap_ssbd" ] && [ "$ret24" = $READ_CPUID_RET_ERR ] && [ "$ret25" = $READ_CPUID_RET_ERR ] && [ "$opt_live" = 1 ]; then + if [ -z "$cap_ssbd" ] && [ "$ret24" = $READ_CPUID_RET_ERR ] && [ "$ret25" = $READ_CPUID_RET_ERR ] && [ "$opt_runtime" = 1 ]; then # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo if grep ^flags "$g_procfs/cpuinfo" | grep -qw ssbd; then cap_ssbd='SSBD (cpuinfo)' @@ -740,7 +740,7 @@ check_cpu() { if [ $ret = $READ_CPUID_RET_OK ]; then pstatus green YES "L1D flush feature bit" cap_l1df=1 - elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_live" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw flush_l1d; then + elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_runtime" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw flush_l1d; then # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo pstatus green YES "flush_l1d flag in $g_procfs/cpuinfo" cap_l1df=1 @@ -760,7 +760,7 @@ check_cpu() { if [ $ret = $READ_CPUID_RET_OK ]; then cap_md_clear=1 pstatus green YES "MD_CLEAR feature bit" - elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_live" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw md_clear; then + elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_runtime" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw md_clear; then # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo cap_md_clear=1 pstatus green YES "md_clear flag in $g_procfs/cpuinfo" @@ -830,7 +830,7 @@ check_cpu() { if [ $ret = $READ_CPUID_RET_OK ]; then pstatus green YES cap_arch_capabilities=1 - elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_live" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw arch_capabilities; then + elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_runtime" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw arch_capabilities; then # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo pstatus green YES "arch_capabilities flag in $g_procfs/cpuinfo" cap_arch_capabilities=1 diff --git a/src/main.sh b/src/main.sh index 211ffbf..b9e15ef 100644 --- a/src/main.sh +++ b/src/main.sh @@ -172,8 +172,13 @@ fi if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "prometheus" ]; then prom_run_as_root='false' [ "$(id -u)" -eq 0 ] && prom_run_as_root='true' - prom_mode='offline' - [ "$opt_live" = 1 ] && prom_mode='live' + if [ "$opt_no_hw" = 1 ]; then + prom_mode='no-hw' + elif [ "$opt_runtime" = 0 ]; then + prom_mode='no-runtime' + else + prom_mode='live' + fi prom_paranoid='false' [ "$opt_paranoid" = 1 ] && prom_paranoid='true' prom_sysfs_only='false' diff --git a/src/vulns-helpers/check_mds.sh b/src/vulns-helpers/check_mds.sh index 031c924..6fcb72f 100644 --- a/src/vulns-helpers/check_mds.sh +++ b/src/vulns-helpers/check_mds.sh @@ -3,7 +3,7 @@ check_mds_bsd() { local kernel_md_clear kernel_smt_allowed kernel_mds_enabled kernel_mds_state pr_info_nol "* Kernel supports using MD_CLEAR mitigation: " - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then if sysctl hw.mds_disable >/dev/null 2>&1; then pstatus green YES kernel_md_clear=1 @@ -76,7 +76,7 @@ check_mds_bsd() { else if [ "$cap_md_clear" = 1 ]; then if [ "$kernel_md_clear" = 1 ]; then - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then # mitigation must also be enabled if [ "$kernel_mds_enabled" -ge 1 ]; then if [ "$opt_paranoid" != 1 ] || [ "$kernel_smt_allowed" = 0 ]; then @@ -95,7 +95,7 @@ check_mds_bsd() { pvulnstatus "$cve" VULN "Your microcode supports mitigation, but your kernel doesn't, upgrade it to mitigate the vulnerability" fi else - if [ "$kernel_md_clear" = 1 ] && [ "$opt_live" = 1 ]; then + if [ "$kernel_md_clear" = 1 ] && [ "$opt_runtime" = 1 ]; then # no MD_CLEAR in microcode, but FreeBSD may still have software-only mitigation active case "$kernel_mds_state" in software*) @@ -135,7 +135,7 @@ check_mds_linux() { pr_info_nol "* Kernel supports using MD_CLEAR mitigation: " kernel_md_clear='' kernel_md_clear_can_tell=1 - if [ "$opt_live" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw md_clear; then + if [ "$opt_runtime" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw md_clear; then kernel_md_clear="md_clear found in $g_procfs/cpuinfo" pstatus green YES "$kernel_md_clear" fi @@ -158,7 +158,7 @@ check_mds_linux() { fi fi - if [ "$opt_live" = 1 ] && [ "$sys_interface_available" = 1 ]; then + if [ "$opt_runtime" = 1 ] && [ "$sys_interface_available" = 1 ]; then pr_info_nol "* Kernel mitigation is enabled and active: " if echo "$ret_sys_interface_check_fullmsg" | grep -qi ^mitigation; then mds_mitigated=1 @@ -190,7 +190,7 @@ check_mds_linux() { # compute mystatus and mymsg from our own logic if [ "$cap_md_clear" = 1 ]; then if [ -n "$kernel_md_clear" ]; then - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then # mitigation must also be enabled if [ "$mds_mitigated" = 1 ]; then if [ "$opt_paranoid" != 1 ] || [ "$mds_smt_mitigated" = 1 ]; then diff --git a/src/vulns-helpers/check_mmio.sh b/src/vulns-helpers/check_mmio.sh index 7e1428b..683c2d5 100644 --- a/src/vulns-helpers/check_mmio.sh +++ b/src/vulns-helpers/check_mmio.sh @@ -162,7 +162,7 @@ check_mmio_linux() { pstatus yellow NO fi - if [ "$opt_live" = 1 ] && [ "$sys_interface_available" = 1 ]; then + if [ "$opt_runtime" = 1 ] && [ "$sys_interface_available" = 1 ]; then pr_info_nol "* Kernel mitigation is enabled and active: " if echo "$ret_sys_interface_check_fullmsg" | grep -qi ^mitigation; then mmio_mitigated=1 @@ -194,7 +194,7 @@ check_mmio_linux() { # compute mystatus and mymsg from our own logic if [ "$cap_fb_clear" = 1 ]; then if [ -n "$kernel_mmio" ]; then - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then # mitigation must also be enabled if [ "$mmio_mitigated" = 1 ]; then if [ "$opt_paranoid" != 1 ] || [ "$mmio_smt_mitigated" = 1 ]; then diff --git a/src/vulns/CVE-2017-5715.sh b/src/vulns/CVE-2017-5715.sh index 830857b..8fecf0a 100644 --- a/src/vulns/CVE-2017-5715.sh +++ b/src/vulns/CVE-2017-5715.sh @@ -265,7 +265,7 @@ check_CVE_2017_5715_linux() { g_ibpb_supported='' g_ibpb_enabled='' - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then # in live mode, we can check for the ibrs_enabled file in debugfs # all versions of the patches have it (NOT the case of IBPB or KPTI) g_ibrs_can_tell=1 @@ -416,7 +416,7 @@ check_CVE_2017_5715_linux() { fi pr_info_nol " * IBRS enabled and active: " - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then if [ "$g_ibpb_enabled" = 2 ]; then # if ibpb=2, ibrs is forcefully=0 pstatus blue NO "IBPB used instead of IBRS in all kernel entrypoints" @@ -447,7 +447,7 @@ check_CVE_2017_5715_linux() { esac fi else - pstatus blue N/A "not testable in offline mode" + pstatus blue N/A "not testable in no-runtime mode" fi pr_info_nol " * Kernel is compiled with IBPB support: " @@ -455,8 +455,8 @@ check_CVE_2017_5715_linux() { if [ "$g_ibpb_can_tell" = 1 ]; then pstatus yellow NO else - # if we're in offline mode without System.map, we can't really know - pstatus yellow UNKNOWN "in offline mode, we need the kernel image to be able to tell" + # if we're in no-runtime mode without System.map, we can't really know + pstatus yellow UNKNOWN "in no-runtime mode, we need the kernel image to be able to tell" fi else if [ "$opt_verbose" -ge 2 ]; then @@ -467,7 +467,7 @@ check_CVE_2017_5715_linux() { fi pr_info_nol " * IBPB enabled and active: " - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then case "$g_ibpb_enabled" in "") if [ "$g_ibrs_supported" = 1 ]; then @@ -484,7 +484,7 @@ check_CVE_2017_5715_linux() { *) pstatus yellow UNKNOWN ;; esac else - pstatus blue N/A "not testable in offline mode" + pstatus blue N/A "not testable in no-runtime mode" fi pr_info "* Mitigation 2" @@ -544,7 +544,7 @@ check_CVE_2017_5715_linux() { # # since 5.15.28, this is now "Retpolines" as the implementation was switched to a generic one, # so we look for both "retpoline" and "retpolines" - if [ "$opt_live" = 1 ] && [ -n "$ret_sys_interface_check_fullmsg" ]; then + if [ "$opt_runtime" = 1 ] && [ -n "$ret_sys_interface_check_fullmsg" ]; then if echo "$ret_sys_interface_check_fullmsg" | grep -qwi -e retpoline -e retpolines; then if echo "$ret_sys_interface_check_fullmsg" | grep -qwi minimal; then retpoline_compiler=0 @@ -595,7 +595,7 @@ check_CVE_2017_5715_linux() { # only Red Hat has a tunable to disable it on runtime retp_enabled=-1 - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then if [ -e "$g_specex_knob_dir/retp_enabled" ]; then retp_enabled=$(cat "$g_specex_knob_dir/retp_enabled" 2>/dev/null) pr_debug "retpoline: found $g_specex_knob_dir/retp_enabled=$retp_enabled" @@ -625,7 +625,7 @@ check_CVE_2017_5715_linux() { if is_vulnerable_to_empty_rsb || [ "$opt_verbose" -ge 2 ]; then pr_info_nol " * Kernel supports RSB filling: " rsb_filling=0 - if [ "$opt_live" = 1 ] && [ "$opt_no_sysfs" != 1 ]; then + if [ "$opt_runtime" = 1 ] && [ "$opt_no_sysfs" != 1 ]; then # if we're live and we aren't denied looking into /sys, let's do it if echo "$ret_sys_interface_check_fullmsg" | grep -qw RSB; then rsb_filling=1 @@ -718,7 +718,7 @@ check_CVE_2017_5715_linux() { *", IBPB"* | *"; IBPB"*) v2_ibpb_mode=conditional ;; *) v2_ibpb_mode=disabled ;; esac - elif [ "$opt_live" = 1 ]; then + elif [ "$opt_runtime" = 1 ]; then case "$g_ibpb_enabled" in 2) v2_ibpb_mode=always-on ;; 1) v2_ibpb_mode=conditional ;; @@ -816,7 +816,7 @@ check_CVE_2017_5715_linux() { *"PBRSB-eIBRS: Vulnerable"*) v2_pbrsb_status=vulnerable ;; *) v2_pbrsb_status=unknown ;; esac - elif [ "$opt_live" != 1 ] && [ -n "$g_kernel" ]; then + elif [ "$opt_runtime" != 1 ] && [ -n "$g_kernel" ]; then if grep -q 'PBRSB-eIBRS' "$g_kernel" 2>/dev/null; then v2_pbrsb_status=sw-sequence else @@ -847,7 +847,7 @@ check_CVE_2017_5715_linux() { *"BHI: Vulnerable"*) v2_bhi_status=vulnerable ;; *) v2_bhi_status=unknown ;; esac - elif [ "$opt_live" != 1 ] && [ -n "$opt_config" ] && [ -r "$opt_config" ]; then + elif [ "$opt_runtime" != 1 ] && [ -n "$opt_config" ] && [ -r "$opt_config" ]; then if grep -q '^CONFIG_\(MITIGATION_\)\?SPECTRE_BHI' "$opt_config"; then if [ "$cap_bhi" = 1 ]; then v2_bhi_status=bhi_dis_s @@ -871,7 +871,7 @@ check_CVE_2017_5715_linux() { esac # --- v2_vuln_module --- - if [ "$opt_live" = 1 ] && [ -n "$ret_sys_interface_check_fullmsg" ]; then + if [ "$opt_runtime" = 1 ] && [ -n "$ret_sys_interface_check_fullmsg" ]; then pr_info_nol " * Non-retpoline module loaded: " if echo "$ret_sys_interface_check_fullmsg" | grep -q 'vulnerable module loaded'; then v2_vuln_module=1 @@ -970,7 +970,7 @@ check_CVE_2017_5715_linux() { if [ -n "${SMC_MOCK_UNPRIVILEGED_BPF_DISABLED:-}" ]; then _ebpf_disabled="$SMC_MOCK_UNPRIVILEGED_BPF_DISABLED" g_mocked=1 - elif [ "$opt_live" = 1 ] && [ -r "$g_procfs/sys/kernel/unprivileged_bpf_disabled" ]; then + elif [ "$opt_runtime" = 1 ] && [ -r "$g_procfs/sys/kernel/unprivileged_bpf_disabled" ]; then _ebpf_disabled=$(cat "$g_procfs/sys/kernel/unprivileged_bpf_disabled" 2>/dev/null) g_mockme=$(printf "%b\n%b" "$g_mockme" "SMC_MOCK_UNPRIVILEGED_BPF_DISABLED='$_ebpf_disabled'") fi @@ -1158,18 +1158,18 @@ check_CVE_2017_5715_linux() { pvulnstatus "$cve" OK "Full IBPB is mitigating the vulnerability" # Offline mode fallback - elif [ "$opt_live" != 1 ]; then + elif [ "$opt_runtime" != 1 ]; then if [ "$retpoline" = 1 ] && [ -n "$g_ibpb_supported" ]; then - pvulnstatus "$cve" OK "offline mode: kernel supports retpoline + IBPB to mitigate the vulnerability" + pvulnstatus "$cve" OK "no-runtime mode: kernel supports retpoline + IBPB to mitigate the vulnerability" elif [ -n "$g_ibrs_supported" ] && [ -n "$g_ibpb_supported" ]; then - pvulnstatus "$cve" OK "offline mode: kernel supports IBRS + IBPB to mitigate the vulnerability" + pvulnstatus "$cve" OK "no-runtime mode: kernel supports IBRS + IBPB to mitigate the vulnerability" elif [ "$cap_ibrs_all" = 1 ] || [ "$cap_autoibrs" = 1 ]; then - pvulnstatus "$cve" OK "offline mode: CPU supports Enhanced / Automatic IBRS" + pvulnstatus "$cve" OK "no-runtime mode: CPU supports Enhanced / Automatic IBRS" # CONFIG_MITIGATION_SPECTRE_V2 (v6.12+): top-level on/off for all Spectre V2 mitigations elif [ -n "$opt_config" ] && [ -r "$opt_config" ] && grep -q '^CONFIG_MITIGATION_SPECTRE_V2=y' "$opt_config"; then - pvulnstatus "$cve" OK "offline mode: kernel has Spectre V2 mitigation framework enabled (CONFIG_MITIGATION_SPECTRE_V2)" + pvulnstatus "$cve" OK "no-runtime mode: kernel has Spectre V2 mitigation framework enabled (CONFIG_MITIGATION_SPECTRE_V2)" elif [ "$g_ibrs_can_tell" != 1 ]; then - pvulnstatus "$cve" UNK "offline mode: not enough information" + pvulnstatus "$cve" UNK "no-runtime mode: not enough information" explain "Re-run this script with root privileges, and give it the kernel image (--kernel), the kernel configuration (--config) and the System.map file (--map) corresponding to the kernel you would like to inspect." fi fi diff --git a/src/vulns/CVE-2017-5753.sh b/src/vulns/CVE-2017-5753.sh index 693fac1..f4ed40a 100644 --- a/src/vulns/CVE-2017-5753.sh +++ b/src/vulns/CVE-2017-5753.sh @@ -57,7 +57,7 @@ check_CVE_2017_5753_linux() { status=$ret_sys_interface_check_status fi if [ "$opt_sysfs_only" != 1 ]; then - # no /sys interface (or offline mode), fallback to our own ways + # no /sys interface (or no-runtime mode), fallback to our own ways # Primary detection: grep for sysfs mitigation strings in the kernel binary. # The string "__user pointer sanitization" is present in all kernel versions diff --git a/src/vulns/CVE-2017-5754.sh b/src/vulns/CVE-2017-5754.sh index 2265b55..2eb4f88 100644 --- a/src/vulns/CVE-2017-5754.sh +++ b/src/vulns/CVE-2017-5754.sh @@ -104,7 +104,7 @@ check_CVE_2017_5754_linux() { mount_debugfs pr_info_nol " * PTI enabled and active: " - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then dmesg_grep="Kernel/User page tables isolation: enabled" dmesg_grep="$dmesg_grep|Kernel page table isolation enabled" dmesg_grep="$dmesg_grep|x86/pti: Unmapping kernel while in userspace" @@ -150,7 +150,7 @@ check_CVE_2017_5754_linux() { pstatus yellow NO fi else - pstatus blue N/A "not testable in offline mode" + pstatus blue N/A "not testable in no-runtime mode" fi pti_performance_check @@ -167,7 +167,7 @@ check_CVE_2017_5754_linux() { is_xen_dom0 && xen_pv_domo=1 is_xen_domU && xen_pv_domu=1 - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then # checking whether we're running under Xen PV 64 bits. If yes, we are affected by affected_variant3 # (unless we are a Dom0) pr_info_nol "* Running as a Xen PV DomU: " @@ -183,7 +183,7 @@ check_CVE_2017_5754_linux() { pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" elif [ -z "$msg" ]; then # if msg is empty, sysfs check didn't fill it, rely on our own test - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then if [ "$kpti_enabled" = 1 ]; then pvulnstatus "$cve" OK "PTI mitigates the vulnerability" elif [ "$xen_pv_domo" = 1 ]; then @@ -209,12 +209,12 @@ check_CVE_2017_5754_linux() { fi else if [ -n "$kpti_support" ]; then - pvulnstatus "$cve" OK "offline mode: PTI will mitigate the vulnerability if enabled at runtime" + pvulnstatus "$cve" OK "no-runtime mode: PTI will mitigate the vulnerability if enabled at runtime" elif [ "$kpti_can_tell" = 1 ]; then pvulnstatus "$cve" VULN "PTI is needed to mitigate the vulnerability" explain "If you're using a distro kernel, upgrade your distro to get the latest kernel available. Otherwise, recompile the kernel with the CONFIG_(MITIGATION_)PAGE_TABLE_ISOLATION option (named CONFIG_KAISER for some kernels), or the CONFIG_UNMAP_KERNEL_AT_EL0 option (for ARM64)" else - pvulnstatus "$cve" UNK "offline mode: not enough information" + pvulnstatus "$cve" UNK "no-runtime mode: not enough information" explain "Re-run this script with root privileges, and give it the kernel image (--kernel), the kernel configuration (--config) and the System.map file (--map) corresponding to the kernel you would like to inspect." fi fi diff --git a/src/vulns/CVE-2018-12207.sh b/src/vulns/CVE-2018-12207.sh index 0065b3a..4300965 100644 --- a/src/vulns/CVE-2018-12207.sh +++ b/src/vulns/CVE-2018-12207.sh @@ -36,7 +36,7 @@ check_CVE_2018_12207_linux() { fi pr_info_nol "* iTLB Multihit mitigation enabled and active: " - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then if [ -n "$ret_sys_interface_check_fullmsg" ]; then if echo "$ret_sys_interface_check_fullmsg" | grep -qF 'Mitigation'; then pstatus green YES "$ret_sys_interface_check_fullmsg" @@ -47,7 +47,7 @@ check_CVE_2018_12207_linux() { pstatus yellow NO "itlb_multihit not found in sysfs hierarchy" fi else - pstatus blue N/A "not testable in offline mode" + pstatus blue N/A "not testable in no-runtime mode" fi elif [ "$sys_interface_available" = 0 ]; then # we have no sysfs but were asked to use it only! @@ -63,7 +63,7 @@ check_CVE_2018_12207_linux() { elif [ -z "$msg" ]; then # if msg is empty, sysfs check didn't fill it, rely on our own test if [ "$opt_sysfs_only" != 1 ]; then - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then # if we're in live mode and $msg is empty, sysfs file is not there so kernel is too old pvulnstatus "$cve" VULN "Your kernel doesn't support iTLB Multihit mitigation, update it" else diff --git a/src/vulns/CVE-2018-3620.sh b/src/vulns/CVE-2018-3620.sh index 835f212..26737e1 100644 --- a/src/vulns/CVE-2018-3620.sh +++ b/src/vulns/CVE-2018-3620.sh @@ -37,7 +37,7 @@ check_CVE_2018_3620_linux() { fi pr_info_nol "* PTE inversion enabled and active: " - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then if [ -n "$ret_sys_interface_check_fullmsg" ]; then if echo "$ret_sys_interface_check_fullmsg" | grep -q 'Mitigation: PTE Inversion'; then pstatus green YES @@ -51,7 +51,7 @@ check_CVE_2018_3620_linux() { pteinv_active=-1 fi else - pstatus blue N/A "not testable in offline mode" + pstatus blue N/A "not testable in no-runtime mode" fi elif [ "$sys_interface_available" = 0 ]; then # we have no sysfs but were asked to use it only! @@ -66,7 +66,7 @@ check_CVE_2018_3620_linux() { # if msg is empty, sysfs check didn't fill it, rely on our own test if [ "$opt_sysfs_only" != 1 ]; then if [ "$pteinv_supported" = 1 ]; then - if [ "$pteinv_active" = 1 ] || [ "$opt_live" != 1 ]; then + if [ "$pteinv_active" = 1 ] || [ "$opt_runtime" != 1 ]; then pvulnstatus "$cve" OK "PTE inversion mitigates the vulnerability" else pvulnstatus "$cve" VULN "Your kernel supports PTE inversion but it doesn't seem to be enabled" diff --git a/src/vulns/CVE-2018-3639.sh b/src/vulns/CVE-2018-3639.sh index 7d46421..6211653 100644 --- a/src/vulns/CVE-2018-3639.sh +++ b/src/vulns/CVE-2018-3639.sh @@ -18,7 +18,7 @@ check_CVE_2018_3639_linux() { fi if [ "$opt_sysfs_only" != 1 ]; then pr_info_nol "* Kernel supports disabling speculative store bypass (SSB): " - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then if grep -Eq 'Speculation.?Store.?Bypass:' "$g_procfs/self/status" 2>/dev/null; then kernel_ssb="found in $g_procfs/self/status" pr_debug "found Speculation.Store.Bypass: in $g_procfs/self/status" @@ -57,7 +57,7 @@ check_CVE_2018_3639_linux() { fi kernel_ssbd_enabled=-1 - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then # https://elixir.bootlin.com/linux/v5.0/source/fs/proc/array.c#L340 pr_info_nol "* SSB mitigation is enabled and active: " if grep -Eq 'Speculation.?Store.?Bypass:[[:space:]]+thread' "$g_procfs/self/status" 2>/dev/null; then @@ -106,7 +106,7 @@ check_CVE_2018_3639_linux() { # if msg is empty, sysfs check didn't fill it, rely on our own test if [ -n "$cap_ssbd" ]; then if [ -n "$kernel_ssb" ]; then - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then if [ "$kernel_ssbd_enabled" -gt 0 ]; then pvulnstatus "$cve" OK "your CPU and kernel both support SSBD and mitigation is enabled" else diff --git a/src/vulns/CVE-2018-3640.sh b/src/vulns/CVE-2018-3640.sh index 72064e7..3d3ec7d 100644 --- a/src/vulns/CVE-2018-3640.sh +++ b/src/vulns/CVE-2018-3640.sh @@ -11,7 +11,7 @@ check_CVE_2018_3640() { sys_interface_available=0 msg='' - # Detect whether the target kernel is ARM64, for both live and offline modes. + # Detect whether the target kernel is ARM64, for both live and no-runtime modes. # In offline cross-inspection (x86 host, ARM kernel), cpu_vendor reflects the host, # so also check for arm64_sys_ symbols (same pattern used in CVE-2018-3639). is_arm64_kernel=0 diff --git a/src/vulns/CVE-2018-3646.sh b/src/vulns/CVE-2018-3646.sh index 0fb3ab3..dd70ca9 100644 --- a/src/vulns/CVE-2018-3646.sh +++ b/src/vulns/CVE-2018-3646.sh @@ -69,7 +69,7 @@ check_CVE_2018_3646_linux() { pr_info "* Mitigation 1 (KVM)" pr_info_nol " * EPT is disabled: " ept_disabled=-1 - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then if ! [ -r "$SYS_MODULE_BASE/kvm_intel/parameters/ept" ]; then pstatus blue N/A "the kvm_intel module is not loaded" elif [ "$(cat "$SYS_MODULE_BASE/kvm_intel/parameters/ept")" = N ]; then @@ -79,12 +79,12 @@ check_CVE_2018_3646_linux() { pstatus yellow NO fi else - pstatus blue N/A "not testable in offline mode" + pstatus blue N/A "not testable in no-runtime mode" fi pr_info "* Mitigation 2" pr_info_nol " * L1D flush is supported by kernel: " - if [ "$opt_live" = 1 ] && grep -qw flush_l1d "$g_procfs/cpuinfo"; then + if [ "$opt_runtime" = 1 ] && grep -qw flush_l1d "$g_procfs/cpuinfo"; then l1d_kernel="found flush_l1d in $g_procfs/cpuinfo" fi if [ -z "$l1d_kernel" ]; then @@ -106,7 +106,7 @@ check_CVE_2018_3646_linux() { fi pr_info_nol " * L1D flush enabled: " - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then if [ -n "$ret_sys_interface_check_fullmsg" ]; then # vanilla: VMX: $l1dstatus, SMT $smtstatus # Red Hat: VMX: SMT $smtstatus, L1D $l1dstatus @@ -152,18 +152,18 @@ check_CVE_2018_3646_linux() { fi else l1d_mode=-1 - pstatus blue N/A "not testable in offline mode" + pstatus blue N/A "not testable in no-runtime mode" fi pr_info_nol " * Hardware-backed L1D flush supported: " - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then if grep -qw flush_l1d "$g_procfs/cpuinfo" || [ -n "$l1d_xen_hardware" ]; then pstatus green YES "performance impact of the mitigation will be greatly reduced" else pstatus blue NO "flush will be done in software, this is slower" fi else - pstatus blue N/A "not testable in offline mode" + pstatus blue N/A "not testable in no-runtime mode" fi pr_info_nol " * Hyper-Threading (SMT) is enabled: " diff --git a/src/vulns/CVE-2019-11135.sh b/src/vulns/CVE-2019-11135.sh index 555d00e..2d72ce1 100644 --- a/src/vulns/CVE-2019-11135.sh +++ b/src/vulns/CVE-2019-11135.sh @@ -33,7 +33,7 @@ check_CVE_2019_11135_linux() { fi pr_info_nol "* TAA mitigation enabled and active: " - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then if [ -n "$ret_sys_interface_check_fullmsg" ]; then if echo "$ret_sys_interface_check_fullmsg" | grep -qE '^Mitigation'; then pstatus green YES "$ret_sys_interface_check_fullmsg" @@ -44,7 +44,7 @@ check_CVE_2019_11135_linux() { pstatus yellow NO "tsx_async_abort not found in sysfs hierarchy" fi else - pstatus blue N/A "not testable in offline mode" + pstatus blue N/A "not testable in no-runtime mode" fi elif [ "$sys_interface_available" = 0 ]; then # we have no sysfs but were asked to use it only! @@ -57,7 +57,7 @@ check_CVE_2019_11135_linux() { pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" elif [ -z "$msg" ]; then # if msg is empty, sysfs check didn't fill it, rely on our own test - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then # if we're in live mode and $msg is empty, sysfs file is not there so kernel is too old pvulnstatus "$cve" VULN "Your kernel doesn't support TAA mitigation, update it" else diff --git a/src/vulns/CVE-2020-0543.sh b/src/vulns/CVE-2020-0543.sh index c2ef667..894361b 100644 --- a/src/vulns/CVE-2020-0543.sh +++ b/src/vulns/CVE-2020-0543.sh @@ -32,7 +32,7 @@ check_CVE_2020_0543_linux() { pstatus yellow NO fi pr_info_nol "* SRBDS mitigation control is enabled and active: " - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then if [ -n "$ret_sys_interface_check_fullmsg" ]; then if echo "$ret_sys_interface_check_fullmsg" | grep -qE '^Mitigation'; then pstatus green YES "$ret_sys_interface_check_fullmsg" @@ -43,7 +43,7 @@ check_CVE_2020_0543_linux() { pstatus yellow NO "SRBDS not found in sysfs hierarchy" fi else - pstatus blue N/A "not testable in offline mode" + pstatus blue N/A "not testable in no-runtime mode" fi elif [ "$sys_interface_available" = 0 ]; then # we have no sysfs but were asked to use it only! @@ -61,7 +61,7 @@ check_CVE_2020_0543_linux() { # SRBDS mitigation control is enabled if [ -z "$msg" ]; then # if msg is empty, sysfs check didn't fill it, rely on our own test - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then # if we're in live mode and $msg is empty, sysfs file is not there so kernel is too old pvulnstatus "$cve" OK "Your microcode is up to date for SRBDS mitigation control. The kernel needs to be updated" fi @@ -75,7 +75,7 @@ check_CVE_2020_0543_linux() { elif [ "$cap_srbds_on" = 0 ]; then # SRBDS mitigation control is disabled if [ -z "$msg" ]; then - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then # if we're in live mode and $msg is empty, sysfs file is not there so kernel is too old pvulnstatus "$cve" VULN "Your microcode is up to date for SRBDS mitigation control. The kernel needs to be updated. Mitigation is disabled" fi diff --git a/src/vulns/CVE-2022-29900.sh b/src/vulns/CVE-2022-29900.sh index 9a9f40a..5728142 100644 --- a/src/vulns/CVE-2022-29900.sh +++ b/src/vulns/CVE-2022-29900.sh @@ -174,14 +174,14 @@ check_CVE_2022_29900_linux() { # Zen/Zen+/Zen2: check IBPB microcode support and SMT if [ "$cpu_family" = $((0x17)) ]; then pr_info_nol "* CPU supports IBPB: " - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then if [ -n "$cap_ibpb" ]; then pstatus green YES "$cap_ibpb" else pstatus yellow NO fi else - pstatus blue N/A "not testable in offline mode" + pstatus blue N/A "not testable in no-runtime mode" fi pr_info_nol "* Hyper-Threading (SMT) is enabled: " @@ -217,7 +217,7 @@ check_CVE_2022_29900_linux() { "doesn't fully protect cross-thread speculation." elif [ -z "$kernel_unret" ] && [ -z "$kernel_ibpb_entry" ]; then pvulnstatus "$cve" VULN "Your kernel doesn't have either UNRET_ENTRY or IBPB_ENTRY compiled-in" - elif [ "$smt_enabled" = 0 ] && [ -z "$cap_ibpb" ] && [ "$opt_live" = 1 ]; then + elif [ "$smt_enabled" = 0 ] && [ -z "$cap_ibpb" ] && [ "$opt_runtime" = 1 ]; then pvulnstatus "$cve" VULN "SMT is enabled and your microcode doesn't support IBPB" explain "Update your CPU microcode to get IBPB support, or disable SMT by adding\n" \ "\`nosmt\` to your kernel command line." diff --git a/src/vulns/CVE-2022-29901.sh b/src/vulns/CVE-2022-29901.sh index 1a76f05..b712556 100644 --- a/src/vulns/CVE-2022-29901.sh +++ b/src/vulns/CVE-2022-29901.sh @@ -84,7 +84,7 @@ check_CVE_2022_29901_linux() { fi pr_info_nol "* CPU supports Enhanced IBRS (IBRS_ALL): " - if [ "$opt_live" = 1 ] || [ "$cap_ibrs_all" != -1 ]; then + if [ "$opt_runtime" = 1 ] || [ "$cap_ibrs_all" != -1 ]; then if [ "$cap_ibrs_all" = 1 ]; then pstatus green YES elif [ "$cap_ibrs_all" = 0 ]; then @@ -93,11 +93,11 @@ check_CVE_2022_29901_linux() { pstatus yellow UNKNOWN fi else - pstatus blue N/A "not testable in offline mode" + pstatus blue N/A "not testable in no-runtime mode" fi pr_info_nol "* CPU has RSB Alternate Behavior (RSBA): " - if [ "$opt_live" = 1 ] || [ "$cap_rsba" != -1 ]; then + if [ "$opt_runtime" = 1 ] || [ "$cap_rsba" != -1 ]; then if [ "$cap_rsba" = 1 ]; then pstatus yellow YES "this CPU is affected by RSB underflow" elif [ "$cap_rsba" = 0 ]; then @@ -106,7 +106,7 @@ check_CVE_2022_29901_linux() { pstatus yellow UNKNOWN fi else - pstatus blue N/A "not testable in offline mode" + pstatus blue N/A "not testable in no-runtime mode" fi elif [ "$sys_interface_available" = 0 ]; then diff --git a/src/vulns/CVE-2022-40982.sh b/src/vulns/CVE-2022-40982.sh index 8de3d1a..954ca44 100644 --- a/src/vulns/CVE-2022-40982.sh +++ b/src/vulns/CVE-2022-40982.sh @@ -145,7 +145,7 @@ check_CVE_2022_40982_linux() { if [ -n "$kernel_gds" ]; then pr_info_nol "* Kernel has disabled AVX as a mitigation: " - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then # Check dmesg message to see whether AVX has been disabled dmesg_grep 'Microcode update needed! Disabling AVX as mitigation' dmesgret=$? @@ -172,7 +172,7 @@ check_CVE_2022_40982_linux() { pstatus yellow NO "AVX support is enabled" fi else - pstatus blue N/A "not testable in offline mode" + pstatus blue N/A "not testable in no-runtime mode" fi fi diff --git a/src/vulns/CVE-2023-20588.sh b/src/vulns/CVE-2023-20588.sh index 955a7f5..5c0b5f4 100644 --- a/src/vulns/CVE-2023-20588.sh +++ b/src/vulns/CVE-2023-20588.sh @@ -101,7 +101,7 @@ check_CVE_2023_20588_linux() { pr_info_nol "* DIV0 mitigation enabled and active: " cpuinfo_div0='' dmesg_div0='' - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then if [ -e "$g_procfs/cpuinfo" ] && grep -qw 'div0' "$g_procfs/cpuinfo" 2>/dev/null; then cpuinfo_div0=1 pstatus green YES "div0 found in $g_procfs/cpuinfo bug flags" @@ -119,7 +119,7 @@ check_CVE_2023_20588_linux() { fi fi else - pstatus blue N/A "not testable in offline mode" + pstatus blue N/A "not testable in no-runtime mode" fi pr_info_nol "* SMT (Simultaneous Multi-Threading) status: " @@ -133,7 +133,7 @@ check_CVE_2023_20588_linux() { pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" elif [ -z "$msg" ]; then if [ "$opt_sysfs_only" != 1 ]; then - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then # live mode: cpuinfo div0 flag is the strongest proof the mitigation is active if [ "$cpuinfo_div0" = 1 ] || [ "$dmesg_div0" = 1 ]; then _cve_2023_20588_pvulnstatus_smt @@ -145,7 +145,7 @@ check_CVE_2023_20588_linux() { _cve_2023_20588_pvulnstatus_no_kernel fi else - # offline mode: only kernel image / System.map evidence is available + # no-runtime mode: only kernel image / System.map evidence is available if [ -n "$kernel_mitigated" ]; then pvulnstatus "$cve" OK "Mitigation: amd_clear_divider found in kernel image" else diff --git a/src/vulns/CVE-2023-20593.sh b/src/vulns/CVE-2023-20593.sh index 2669ecd..26b46cf 100644 --- a/src/vulns/CVE-2023-20593.sh +++ b/src/vulns/CVE-2023-20593.sh @@ -28,7 +28,7 @@ check_CVE_2023_20593_linux() { pstatus yellow NO fi pr_info_nol "* Zenbleed kernel mitigation enabled and active: " - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then # read the DE_CFG MSR, we want to check the 9th bit # don't do it on non-Zen2 AMD CPUs or later, aka Family 17h, # as the behavior could be unknown on others @@ -53,7 +53,7 @@ check_CVE_2023_20593_linux() { pstatus blue N/A "CPU is incompatible" fi else - pstatus blue N/A "not testable in offline mode" + pstatus blue N/A "not testable in no-runtime mode" fi pr_info_nol "* Zenbleed mitigation is supported by CPU microcode: " @@ -82,7 +82,7 @@ check_CVE_2023_20593_linux() { elif [ -z "$msg" ]; then # if msg is empty, sysfs check didn't fill it, rely on our own test zenbleed_print_vuln=0 - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then if [ "$fp_backup_fix" = 1 ] && [ "$ucode_zenbleed" = 1 ]; then # this should never happen, but if it does, it's interesting to know pvulnstatus "$cve" OK "Both your CPU microcode and kernel are mitigating Zenbleed" diff --git a/src/vulns/CVE-2023-28746.sh b/src/vulns/CVE-2023-28746.sh index a40d518..70a54e8 100644 --- a/src/vulns/CVE-2023-28746.sh +++ b/src/vulns/CVE-2023-28746.sh @@ -106,7 +106,7 @@ check_CVE_2023_28746_linux() { pstatus yellow NO fi - if [ "$opt_live" = 1 ] && [ "$sys_interface_available" = 1 ]; then + if [ "$opt_runtime" = 1 ] && [ "$sys_interface_available" = 1 ]; then pr_info_nol "* RFDS mitigation is enabled and active: " if echo "$ret_sys_interface_check_fullmsg" | grep -qi '^Mitigation'; then rfds_mitigated=1 @@ -129,7 +129,7 @@ check_CVE_2023_28746_linux() { if [ "$opt_sysfs_only" != 1 ]; then if [ "$cap_rfds_clear" = 1 ]; then if [ -n "$kernel_rfds" ]; then - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then if [ "$rfds_mitigated" = 1 ]; then pvulnstatus "$cve" OK "Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled" else From 9e617a436344a57e85559ad834b039c319a8eda8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 8 Apr 2026 20:53:19 +0200 Subject: [PATCH 38/57] remove prometheus-legacy format --- src/libs/002_core_globals.sh | 3 +-- src/libs/230_util_optparse.sh | 4 ++-- src/libs/250_output_emitters.sh | 14 +------------- src/main.sh | 6 ------ 4 files changed, 4 insertions(+), 23 deletions(-) diff --git a/src/libs/002_core_globals.sh b/src/libs/002_core_globals.sh index f87a610..7380634 100644 --- a/src/libs/002_core_globals.sh +++ b/src/libs/002_core_globals.sh @@ -49,8 +49,7 @@ show_usage() { --batch json produce comprehensive JSON output with system, CPU, and vulnerability details --batch json-terse produce a terse JSON array of per-CVE results (legacy format) --batch nrpe produce machine readable output formatted for NRPE - --batch prometheus produce Prometheus metrics (smc_* schema, recommended) - --batch prometheus-legacy produce legacy Prometheus output (specex_vuln_status, deprecated) + --batch prometheus produce Prometheus metrics (smc_* schema) --variant VARIANT specify which variant you'd like to check, by default all variants are checked. can be used multiple times (e.g. --variant 3a --variant l1tf) diff --git a/src/libs/230_util_optparse.sh b/src/libs/230_util_optparse.sh index 4342655..254ee3b 100644 --- a/src/libs/230_util_optparse.sh +++ b/src/libs/230_util_optparse.sh @@ -120,7 +120,7 @@ while [ -n "${1:-}" ]; do opt_no_color=1 shift case "$1" in - text | short | nrpe | json | json-terse | prometheus | prometheus-legacy) + text | short | nrpe | json | json-terse | prometheus) opt_batch_format="$1" shift ;; @@ -128,7 +128,7 @@ while [ -n "${1:-}" ]; do '') ;; # allow nothing at all *) echo "$0: error: unknown batch format '$1'" >&2 - echo "$0: error: --batch expects a format from: text, short, nrpe, json, json-terse, prometheus, prometheus-legacy" >&2 + echo "$0: error: --batch expects a format from: text, short, nrpe, json, json-terse, prometheus" >&2 exit 255 ;; esac diff --git a/src/libs/250_output_emitters.sh b/src/libs/250_output_emitters.sh index 31116e7..229cd92 100644 --- a/src/libs/250_output_emitters.sh +++ b/src/libs/250_output_emitters.sh @@ -341,18 +341,7 @@ _emit_nrpe() { esac } -# Append a CVE result as a legacy Prometheus metric to the batch output buffer -# Args: $1=cve $2=aka $3=status $4=description -# Sets: g_prometheus_output -# Callers: pvulnstatus -_emit_prometheus_legacy() { - local esc_info - # escape backslashes and double quotes for Prometheus label values - esc_info=$(printf '%s' "$4" | sed -e 's/\\/\\\\/g' -e 's/"/\\"/g') - g_prometheus_output="${g_prometheus_output:+$g_prometheus_output\n}specex_vuln_status{name=\"$2\",cve=\"$1\",status=\"$3\",info=\"$esc_info\"} 1" -} - -# Append a CVE result as a Prometheus gauge to the new-format batch output buffer +# Append a CVE result as a Prometheus gauge to the batch output buffer # Status is encoded numerically: 0=not_vulnerable, 1=vulnerable, 2=unknown # Args: $1=cve $2=aka $3=status(UNK|VULN|OK) $4=description # Sets: g_smc_vuln_output, g_smc_ok_count, g_smc_vuln_count, g_smc_unk_count @@ -491,7 +480,6 @@ pvulnstatus() { json-terse) _emit_json_terse "$1" "$aka" "$2" "$3" ;; nrpe) _emit_nrpe "$1" "$aka" "$2" "$3" ;; prometheus) _emit_prometheus "$1" "$aka" "$2" "$3" ;; - prometheus-legacy) _emit_prometheus_legacy "$1" "$aka" "$2" "$3" ;; *) echo "$0: error: invalid batch format '$opt_batch_format' specified" >&2 exit 255 diff --git a/src/main.sh b/src/main.sh index b9e15ef..52e0b60 100644 --- a/src/main.sh +++ b/src/main.sh @@ -163,12 +163,6 @@ if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "json" ]; then _pr_echo 0 "$_json_final" fi -if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "prometheus-legacy" ]; then - echo "# TYPE specex_vuln_status untyped" - echo "# HELP specex_vuln_status Exposure of system to speculative execution vulnerabilities" - printf "%b\n" "$g_prometheus_output" -fi - if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "prometheus" ]; then prom_run_as_root='false' [ "$(id -u)" -eq 0 ] && prom_run_as_root='true' From f1c0d5548c2bf12f2c064e5014e2fd2a7e080dfa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 8 Apr 2026 20:53:35 +0200 Subject: [PATCH 39/57] chg: remove --no-intel-db, it's now always used when available --- src/libs/002_core_globals.sh | 2 -- src/libs/230_util_optparse.sh | 3 --- src/libs/380_hw_microcode.sh | 5 +---- 3 files changed, 1 insertion(+), 9 deletions(-) diff --git a/src/libs/002_core_globals.sh b/src/libs/002_core_globals.sh index 7380634..8b39f21 100644 --- a/src/libs/002_core_globals.sh +++ b/src/libs/002_core_globals.sh @@ -60,7 +60,6 @@ show_usage() { --no-runtime skip running-kernel checks (/sys, /proc, dmesg), still inspect local CPU hardware --no-hw skip CPU information and running-kernel checks (implies --no-runtime) --vmm [auto,yes,no] override the detection of the presence of a hypervisor, default: auto - --no-intel-db don't use the builtin Intel DB of affected processors --allow-msr-write allow probing for write-only MSRs, this might produce kernel logs or be blocked by your system --cpu [#,all] interact with CPUID and MSR of CPU core number #, or all (default: CPU core 0) --update-fwdb update our local copy of the CPU microcodes versions database (using the awesome @@ -137,7 +136,6 @@ opt_explain=0 opt_paranoid=0 opt_extra=0 opt_mock=0 -opt_intel_db=1 g_critical=0 g_unknown=0 diff --git a/src/libs/230_util_optparse.sh b/src/libs/230_util_optparse.sh index 254ee3b..13d526e 100644 --- a/src/libs/230_util_optparse.sh +++ b/src/libs/230_util_optparse.sh @@ -84,9 +84,6 @@ while [ -n "${1:-}" ]; do elif [ "$1" = "--allow-msr-write" ]; then opt_allow_msr_write=1 shift - elif [ "$1" = "--no-intel-db" ]; then - opt_intel_db=0 - shift elif [ "$1" = "--cpu" ]; then opt_cpu=$2 if [ "$opt_cpu" != all ]; then diff --git a/src/libs/380_hw_microcode.sh b/src/libs/380_hw_microcode.sh index a486f1a..01bb07e 100644 --- a/src/libs/380_hw_microcode.sh +++ b/src/libs/380_hw_microcode.sh @@ -26,10 +26,7 @@ read_mcedb() { # Read the Intel official affected CPUs database (builtin) to stdout read_inteldb() { - if [ "$opt_intel_db" = 1 ]; then - awk '/^# %%% ENDOFINTELDB/ { exit } { if (DELIM==1) { print $2 } } /^# %%% INTELDB/ { DELIM=1 }' "$0" - fi - # otherwise don't output nothing, it'll be as if the database is empty + awk '/^# %%% ENDOFINTELDB/ { exit } { if (DELIM==1) { print $2 } } /^# %%% INTELDB/ { DELIM=1 }' "$0" } # Check whether the CPU is running the latest known microcode version From 60ea669e41e469bdc34a104baffb0834eb392bad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 8 Apr 2026 20:53:50 +0200 Subject: [PATCH 40/57] enh: better explain the 4 run modes --- dist/README.md | 22 ++++++++++ src/libs/002_core_globals.sh | 82 ++++++++++++++++-------------------- 2 files changed, 59 insertions(+), 45 deletions(-) diff --git a/dist/README.md b/dist/README.md index 320d332..0b8f3fc 100644 --- a/dist/README.md +++ b/dist/README.md @@ -238,6 +238,28 @@ What is the purpose of this tool? Why was it written? How can it be useful to me All these questions (and more) have detailed answers in the [FAQ](FAQ.md), please have a look! +## Operating modes + +The script supports four operating modes, depending on whether you want to inspect the running kernel, a kernel image, the CPU hardware, or a combination. + +| Mode | Flag | CPU hardware | Running kernel | Kernel image | Use case | +|------|------|:---:|:---:|:---:|----------| +| **Live** *(default)* | *(none)* | Yes | Yes | auto-detect | Day-to-day auditing of the current system | +| **No-runtime** | `--no-runtime` | Yes | No | required | Check a different kernel against this CPU (e.g. pre-deployment) | +| **No-hardware** | `--no-hw` | No | No | required | Pure static analysis of a kernel image for another system or architecture | +| **Hardware-only** | `--hw-only` | Yes | No | No | Quickly check CPU affectedness without inspecting any kernel | + +In **Live** mode (the default), the script inspects both the CPU and the running kernel. +You can optionally pass `--kernel`, `--config`, or `--map` to point the script at files it couldn't auto-detect. + +In **No-runtime** mode, the script still reads the local CPU (CPUID, MSRs, microcode) but skips all running-kernel artifacts (`/sys`, `/proc`, `dmesg`). +Use this when you have a kernel image from another system but want to evaluate it against the current CPU. + +In **No-hardware** mode, both CPU inspection and running-kernel artifacts are skipped entirely. +This is useful for cross-architecture analysis, for example inspecting an ARM kernel image on an x86 workstation. + +In **Hardware-only** mode, the script only reports CPU information and per-CVE hardware affectedness, without inspecting any kernel. + ## Running the script ### Direct way (recommended) diff --git a/src/libs/002_core_globals.sh b/src/libs/002_core_globals.sh index 8b39f21..ab5f7f6 100644 --- a/src/libs/002_core_globals.sh +++ b/src/libs/002_core_globals.sh @@ -3,68 +3,60 @@ show_usage() { # shellcheck disable=SC2086 cat <] [--config ] [--map ] - No-runtime: $(basename $0) [options] --no-runtime <--kernel > [--config ] [--map ] - No-hw: $(basename $0) [options] --no-hw <--kernel > [--config ] [--map ] - Modes: - Three modes are available. + * Live mode: $(basename $0) [options] [--kernel ] [--config ] [--map ] + Inspect the currently running kernel within the context of the CPU it's running on. + You can optionally specify --kernel, --config, or --map to help the script locate files it couldn't auto-detect - First mode is the "live" mode (default), it does its best to find information about the currently - running kernel. To run under this mode, just start the script without any option. - You can optionally specify --kernel, --config, or --map to help the script locate files it - couldn't auto-detect, without changing the mode. + * No-runtime mode: $(basename $0) [options] --no-runtime <--kernel > [--config ] [--map ] + Inspect the CPU hardware, but skips all running-kernel artifacts (/sys, /proc, dmesg). + Use this when you have a kernel image different from the kernel you're running but want to check it against this CPU. - --kernel kernel_file specify a (possibly compressed) Linux or BSD kernel file - --config kernel_config specify a kernel config file (Linux only) - --map kernel_map_file specify a kernel System.map file (Linux only) + * No-hardware mode: $(basename $0) [options] --no-hw <--kernel > [--config ] [--map ] + Ignore both CPU hardware and running-kernel artifacts. Use this for pure static analysis of a kernel image, + for example when inspecting a kernel targeted for another system or CPU. - Second mode is "no-runtime" (--no-runtime), where the script inspects the local CPU hardware - but skips all running-kernel artifacts (/sys, /proc, dmesg). Use this when you have a kernel - image from another system but want to check it against this CPU. + * Hardware-only mode: $(basename $0) [options] --hw-only + Only inspect the CPU hardware, and report information and affectedness per vulnerability. - Third mode is "no-hw" (--no-hw), where the script skips both CPU hardware inspection and - running-kernel artifacts. Use this for pure static analysis of a kernel image, for example - when inspecting an embedded kernel from a different architecture. + Vulnerability selection: + --variant VARIANT specify which variant you'd like to check, by default all variants are checked. + can be used multiple times (e.g. --variant 3a --variant l1tf). For a list use 'help'. + --cve CVE specify which CVE you'd like to check, by default all supported CVEs are checked + can be used multiple times (e.g. --cve CVE-2017-5753 --cve CVE-2020-0543) - Options: - --no-color don't use color codes - --verbose, -v increase verbosity level, possibly several times - --explain produce an additional human-readable explanation of actions to take to mitigate a vulnerability + Check scope: + --no-sysfs don't use the /sys interface even if present [Linux] + --sysfs-only only use the /sys interface, don't run our own checks [Linux] + + Strictness: --paranoid require all mitigations to be enabled to the fullest extent, including those that are not strictly necessary but provide defense in depth (e.g. SMT disabled, IBPB always-on); without this flag, the script follows the security community consensus --extra run additional checks for issues that don't have a CVE but are still security-relevant, such as compile-time mitigations not enabled by default (e.g. Straight-Line Speculation) - --no-sysfs don't use the /sys interface even if present [Linux] - --sysfs-only only use the /sys interface, don't run our own checks [Linux] - --coreos special mode for CoreOS (use an ephemeral toolbox to inspect kernel) [Linux] - - --arch-prefix PREFIX specify a prefix for cross-inspecting a kernel of a different arch, for example "aarch64-linux-gnu-", - so that invoked tools will be prefixed with this (i.e. aarch64-linux-gnu-objdump) - --batch text produce machine readable output, this is the default if --batch is specified alone - --batch short produce only one line with the vulnerabilities separated by spaces - --batch json produce comprehensive JSON output with system, CPU, and vulnerability details - --batch json-terse produce a terse JSON array of per-CVE results (legacy format) - --batch nrpe produce machine readable output formatted for NRPE - --batch prometheus produce Prometheus metrics (smc_* schema) - - --variant VARIANT specify which variant you'd like to check, by default all variants are checked. - can be used multiple times (e.g. --variant 3a --variant l1tf) - for a list of supported VARIANT parameters, use --variant help - --cve CVE specify which CVE you'd like to check, by default all supported CVEs are checked - can be used multiple times (e.g. --cve CVE-2017-5753 --cve CVE-2020-0543) - --hw-only only check for CPU information, don't check for any variant - --no-runtime skip running-kernel checks (/sys, /proc, dmesg), still inspect local CPU hardware - --no-hw skip CPU information and running-kernel checks (implies --no-runtime) + Hardware and platform: + --cpu [#,all] interact with CPUID and MSR of CPU core number #, or all (default: CPU core 0) --vmm [auto,yes,no] override the detection of the presence of a hypervisor, default: auto --allow-msr-write allow probing for write-only MSRs, this might produce kernel logs or be blocked by your system - --cpu [#,all] interact with CPUID and MSR of CPU core number #, or all (default: CPU core 0) + --arch-prefix PREFIX specify a prefix for cross-inspecting a kernel of a different arch, for example "aarch64-linux-gnu-", + so that invoked tools will be prefixed with this (i.e. aarch64-linux-gnu-objdump) + --coreos special mode for CoreOS (use an ephemeral toolbox to inspect kernel) [Linux] + + Output: + --batch FORMAT produce machine readable output; FORMAT is one of: + text (default), short, json, json-terse, nrpe, prometheus + --no-color don't use color codes + --verbose, -v increase verbosity level, possibly several times + --explain produce an additional human-readable explanation of actions to take to mitigate a vulnerability + + Firmware database: --update-fwdb update our local copy of the CPU microcodes versions database (using the awesome MCExtractor project and the Intel firmwares GitHub repository) --update-builtin-fwdb same as --update-fwdb but update builtin DB inside the script itself + + Debug: --dump-mock-data used to mimick a CPU on an other system, mainly used to help debugging this script Return codes: From db84fc10de9ba256b079e13a4d7822e9cbfb189f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 8 Apr 2026 21:03:57 +0200 Subject: [PATCH 41/57] chore: make fmt --- src/libs/230_util_optparse.sh | 1 - src/libs/250_output_emitters.sh | 49 +++++++++++++++++++-------------- 2 files changed, 29 insertions(+), 21 deletions(-) diff --git a/src/libs/230_util_optparse.sh b/src/libs/230_util_optparse.sh index 13d526e..d40b04f 100644 --- a/src/libs/230_util_optparse.sh +++ b/src/libs/230_util_optparse.sh @@ -344,4 +344,3 @@ if [ "$opt_runtime" = 0 ] && [ -z "$opt_kernel" ] && [ -z "$opt_config" ] && [ - pr_warn "Option --no-runtime requires at least one of --kernel, --config, or --map" exit 255 fi - diff --git a/src/libs/250_output_emitters.sh b/src/libs/250_output_emitters.sh index 229cd92..622d4d3 100644 --- a/src/libs/250_output_emitters.sh +++ b/src/libs/250_output_emitters.sh @@ -20,10 +20,10 @@ _prom_escape() { # Prints: JSON token _json_cap() { case "${1:-}" in - 1) printf 'true' ;; - 0) printf 'false' ;; - -1|'') printf 'null' ;; - *) printf '"%s"' "$(_json_escape "$1")" ;; + 1) printf 'true' ;; + 0) printf 'false' ;; + -1 | '') printf 'null' ;; + *) printf '"%s"' "$(_json_escape "$1")" ;; esac } @@ -349,9 +349,18 @@ _emit_nrpe() { _emit_prometheus() { local numeric_status cpu_affected full_name esc_name case "$3" in - OK) numeric_status=0 ; g_smc_ok_count=$((g_smc_ok_count + 1)) ;; - VULN) numeric_status=1 ; g_smc_vuln_count=$((g_smc_vuln_count + 1)) ;; - UNK) numeric_status=2 ; g_smc_unk_count=$((g_smc_unk_count + 1)) ;; + OK) + numeric_status=0 + g_smc_ok_count=$((g_smc_ok_count + 1)) + ;; + VULN) + numeric_status=1 + g_smc_vuln_count=$((g_smc_vuln_count + 1)) + ;; + UNK) + numeric_status=2 + g_smc_unk_count=$((g_smc_unk_count + 1)) + ;; *) echo "$0: error: unknown status '$3' passed to _emit_prometheus()" >&2 exit 255 @@ -387,8 +396,8 @@ _build_prometheus_system_info() { *) hypervisor_host='' ;; esac sys_labels='' - [ -n "$kernel_release" ] && sys_labels="${sys_labels:+$sys_labels,}kernel_release=\"$(_prom_escape "$kernel_release")\"" - [ -n "$kernel_arch" ] && sys_labels="${sys_labels:+$sys_labels,}kernel_arch=\"$(_prom_escape "$kernel_arch")\"" + [ -n "$kernel_release" ] && sys_labels="${sys_labels:+$sys_labels,}kernel_release=\"$(_prom_escape "$kernel_release")\"" + [ -n "$kernel_arch" ] && sys_labels="${sys_labels:+$sys_labels,}kernel_arch=\"$(_prom_escape "$kernel_arch")\"" [ -n "$hypervisor_host" ] && sys_labels="${sys_labels:+$sys_labels,}hypervisor_host=\"$hypervisor_host\"" [ -n "$sys_labels" ] && g_smc_system_info_line="smc_system_info{$sys_labels} 1" } @@ -432,19 +441,19 @@ _build_prometheus_cpu_info() { *) smt_val='' ;; esac cpu_labels='' - [ -n "${cpu_vendor:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}vendor=\"$(_prom_escape "$cpu_vendor")\"" + [ -n "${cpu_vendor:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}vendor=\"$(_prom_escape "$cpu_vendor")\"" [ -n "${cpu_friendly_name:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}model=\"$(_prom_escape "$cpu_friendly_name")\"" - [ -n "${cpu_family:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}family=\"$cpu_family\"" - [ -n "${cpu_model:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}model_id=\"$cpu_model\"" - [ -n "${cpu_stepping:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}stepping=\"$cpu_stepping\"" - [ -n "$cpuid_hex" ] && cpu_labels="${cpu_labels:+$cpu_labels,}cpuid=\"$cpuid_hex\"" - [ -n "$codename" ] && cpu_labels="${cpu_labels:+$cpu_labels,}codename=\"$(_prom_escape "$codename")\"" - [ -n "$smt_val" ] && cpu_labels="${cpu_labels:+$cpu_labels,}smt=\"$smt_val\"" - [ -n "$ucode_hex" ] && cpu_labels="${cpu_labels:+$cpu_labels,}microcode=\"$ucode_hex\"" - [ -n "$ucode_latest_hex" ] && cpu_labels="${cpu_labels:+$cpu_labels,}microcode_latest=\"$ucode_latest_hex\"" - [ -n "$ucode_uptodate" ] && cpu_labels="${cpu_labels:+$cpu_labels,}microcode_up_to_date=\"$ucode_uptodate\"" + [ -n "${cpu_family:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}family=\"$cpu_family\"" + [ -n "${cpu_model:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}model_id=\"$cpu_model\"" + [ -n "${cpu_stepping:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}stepping=\"$cpu_stepping\"" + [ -n "$cpuid_hex" ] && cpu_labels="${cpu_labels:+$cpu_labels,}cpuid=\"$cpuid_hex\"" + [ -n "$codename" ] && cpu_labels="${cpu_labels:+$cpu_labels,}codename=\"$(_prom_escape "$codename")\"" + [ -n "$smt_val" ] && cpu_labels="${cpu_labels:+$cpu_labels,}smt=\"$smt_val\"" + [ -n "$ucode_hex" ] && cpu_labels="${cpu_labels:+$cpu_labels,}microcode=\"$ucode_hex\"" + [ -n "$ucode_latest_hex" ] && cpu_labels="${cpu_labels:+$cpu_labels,}microcode_latest=\"$ucode_latest_hex\"" + [ -n "$ucode_uptodate" ] && cpu_labels="${cpu_labels:+$cpu_labels,}microcode_up_to_date=\"$ucode_uptodate\"" # always emit microcode_blacklisted when we have microcode info (it's a boolean, never omit) - [ -n "$ucode_hex" ] && cpu_labels="${cpu_labels:+$cpu_labels,}microcode_blacklisted=\"$ucode_blacklisted\"" + [ -n "$ucode_hex" ] && cpu_labels="${cpu_labels:+$cpu_labels,}microcode_blacklisted=\"$ucode_blacklisted\"" [ -n "$cpu_labels" ] && g_smc_cpu_info_line="smc_cpu_info{$cpu_labels} 1" } From 945f70bb63ec899cef35258f064573703a40f3f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 8 Apr 2026 21:11:12 +0200 Subject: [PATCH 42/57] fix: early abort when using --allow-msr-write --- src/libs/340_cpu_msr.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libs/340_cpu_msr.sh b/src/libs/340_cpu_msr.sh index f488076..76f9761 100644 --- a/src/libs/340_cpu_msr.sh +++ b/src/libs/340_cpu_msr.sh @@ -52,7 +52,7 @@ write_msr_one_core() { core="$1" msr_dec=$(($2)) msr=$(printf "0x%x" "$msr_dec") - value_dec=$(($3)) + value_dec=$((${3:-0})) value=$(printf "0x%x" "$value_dec") ret_write_msr_msg='unknown error' From df3c2aeaa398aa32c9ee6bd6a42b62509f0d4c43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 8 Apr 2026 21:32:16 +0200 Subject: [PATCH 43/57] add screenshot to README --- dist/README.md | 13 ++----------- img/smc_amd_epyc_milan.jpg | Bin 0 -> 1502310 bytes 2 files changed, 2 insertions(+), 11 deletions(-) create mode 100644 img/smc_amd_epyc_milan.jpg diff --git a/dist/README.md b/dist/README.md index 0b8f3fc..8ed34b4 100644 --- a/dist/README.md +++ b/dist/README.md @@ -310,15 +310,6 @@ docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/m ## Example of script output -- Intel Haswell CPU running under Ubuntu 16.04 LTS - -![haswell](https://user-images.githubusercontent.com/218502/108764885-6dcfc380-7553-11eb-81ac-4d19060a3acf.png) - -- AMD Ryzen running under OpenSUSE Tumbleweed - -![ryzen](https://user-images.githubusercontent.com/218502/108764896-70321d80-7553-11eb-9dd2-fad2a0a1a737.png) - -- Batch mode (JSON flavor) - -![batch](https://user-images.githubusercontent.com/218502/108764902-71634a80-7553-11eb-9678-fd304995fa64.png) +- AMD EPYC-Milan running under Debian Trixie +![alt text](https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/refs/heads/test/img/smc_amd_epyc_milan.jpg) diff --git a/img/smc_amd_epyc_milan.jpg b/img/smc_amd_epyc_milan.jpg new file mode 100644 index 0000000000000000000000000000000000000000..26088e738d90d103da23b1d9fca94e19a156e9c1 GIT binary patch literal 1502310 zcmeFZcU)7;wm6QWqJk(*R0t@&_m)r;>0Npai1c0(K&lmxF1?1{r1xHwE+v7`2}Mc> zp&Obs{c-O7zWe09^X@(Oc;0`%&F2$lubDM_m07datl6`FO#JwQcS})LK^E`Ag$sD{ zXMcD!m+>!Mx`coE?C0|3%U1}9t`eMGHwg)^5s};^B_+8@LPB<%nv#tC9t8=> zodBK~jW{^PoI`6B+63j|lsYN^iPzg7NJd*LGfr86FWOyLpX zpP}BuzlDc);oHZ5VE^9~E{MIXqzK{F`~QFb0~rL%;^A?yuitb?_ccjF9s)3}=4i~f z8(|0=$D5HhYe0#{E4BYO>cYE_=gvSYWQTXb)a0o*7ab$$I{l>?S#Xm(uLWuOb zTTMmn%>-boV}%-JnWDDlrVVvNV$p|UgGKLPS6~qzskhMG5EGDoB4dN@t%%2sa|nsm@rMm;_-=kut9QjjivX7>$b7z*usd`UGrR@h3|1^jkp ziBjnm{PQXu`8V(iYje%VH=%}^amvkT_ks98v8pNcLvI6F2a@IkvS-K#0riHxoQKan zmtQ?(n{Tz}71nb8Q%vJ^bI3Q;tp0sKIcSLHH|1vK2g-5_jD)9VHW@;x&BRR;aa(zz^MiHgw6#*-56_2?mKBMxtl-SF_rO3TFmbSM8F zk;t_pq|h-P?>5CgK{LTaYXdv~vgn&cAxXt$VMx1@>kX*Q=W7C5Q%Nk#pE#J?r)?9- z_{j4;LozGnq=+v2l^BjQWEbG>w|vRvKm%s47`@SPH{l0pE%uazzoOnlcwi=W?g z*GNjnRdqQI>j``FXEbVvStaJQc3_>hkp~kcoG8xc#Seg~rL4r%?><}Vd< zin3~5<8NcjZ|R6Ae^L!H_%ato&*+$}n{#~CW(rMF3Fc?EuHF^436642mUi5ymt-V~ z78t0imA{{3{q7U{-Gq$^8E5%@hdZ$p!O3BzBxy0Zte(c(QI!vkMH+ zWA-`LgnuD||5^3(Xl|_P;VCOj&{xa}RgTvHDIO(uJWmbrzRn?!6zj5@^BIGEx2;Zm zMdi*5uJaCs^YI1UXxLW}upkpPY34&wO#~S%ZY1t- z8jsaCE3bD+U}1b^qa>|5RdN;2g7mDFYi)EIYh(;O?1LGy$ZCny^=Yh?H=-{k8q1QF zhYQ)Us}w818cwL(JC%D!^BKCN6~^;njr7+Hcu1?UN)LH;7|j573|%tj^ErHz#Ri{y z>BeJ%`6hEHV%MdoREw>H5;~R9K?eVm?SBRNdA@W}Wkf+H0roA_P)Oa-bQ@YIvFo{8 z{0kthRKZeFcwfvLqP`sTsVJ;THo9c8%gcBruYYX;Voc*S6w_b){x;GtAzQIskxW*cV%sqH7y!+-sH)YH%Ted{}ok#yzb|5zDxZr*#@Bu zx@jXsCOo*s#a9q26}_Chsxa)=)wRchyT@++Ba`5c;g8X1#hbRmR0CvUKK~O0{h~ zY1Q??e@)OIuKjtg`wi(D$wxfAD>ILNE7N>C`ynd-t@zhmKMhVVy*UuNq}a7oB~CNX zO20&PkB79%D)$ zl@!GKE3@)~^2_Zl!X-C9(3eZnGF`TilR`kveQVsh>U2lm$|HS2gx@_bI`Ixd{FhdJ zJHDNugG>>|A3?M%=-9*68ak&)YRs_&-*haMYP)5K2$SAG&#SPvn!Rg&&;J^F&w9B6 zd?qtm`vi~h`Z4~XI8Grvq?d0$EkD)yxG||cVG>q8a5$z-zP|@3??F!tCb{hzs6L`} zK4Qmz6+hu5a#!f+`b{p@K5MY$ViXE#%fb!{H!>V?vtW?OcP+uOc5SW|^xhPe?`DiJ z?MJv0_^*C`p8j_y>?TVTVib78BL_CQEOAHh+#C0kuZjlGn!9;F|2nzY zO+5VKS`&;ZK!IO`|9Wf_9m|a)JUpr!4ik5TZ3wS#U%)PUG-yzJ*vt61 ze~Zpoy^qs1GYYB>tk0&+@Yz=wYR{W8v{1T(-5a)aE3Yplu1$=1Wu;OB9G=?7_4zq* zTA7lD=tGzyki!`ZjzQk_zUC+ii02??04v}oR+W|AmrNNA^tCwg0_WLD=3qaG@1Ck;eOccFcPZb*T z7z7lXUUbiQy;g3v!rVQ~fP&dq_yjBDiB7oecO>e!G3Z+4PqOz|L|>Kt){sk@+hiZ3pp#4Mbk}A-l70Cl_I_SarQ==WtzF@&47xvB$#O|F z*i)uU;5FvXp8s^Jk3MQ=NcBx>pZbs$;<-|FI$24-qVbBYU zZsNEDj3>Z@KJ`srB|3vLF2%S#z4=QG;0pCzHoWlN6jbLb- zX2v#tXx+jO2Fj)P$M=bS0pnh$_OE<0RdVtQXRQpOwm~r`DTD04DT{+L5zMZ!9 zCai>ayhNG^t=rEmhyyY<;&6CC->w|PzN zxja2dRD;z7gKUJ8QlL=p`(%t`w&Io9<-+|RItsT$L^Jz(w}`Sj2aRTS3_p|eJ)?}( z$buEwhB0e1W5&7~l z9N6u9>I`hyIRv12;uT{qaL2xj4Vb>Hgqc?T0%qO5Tizv8f2VJ#y zJMYr!;cMw)4-5Xh4-bZYsW1hBt0>K*ihmk>vLNjZ-!hSl%8qT>dk=p`pw@r8yn!e<)QdyaLljHEO=qqVU@nn> z;aS}Q0%o}Lm{zxe9(JGK%`h=C$Ke$39K<~RFT(%K|MODj?fMf=N;_E?P|u2UkS2?a z$)23@BOA6`2O{D0vDq%RCC?-lbOJlX&K>rTc_<`+#ies9r zj-y9YsRu4)C*jb)+(PT*6rqki=Xf+LT`7`YO1Ls`ua3eSS+m!*2 zvas3C4pgJsTSD+HrLI%iG`s!iTTKjoT&BRDOE9K^U zQ`KA&NVLk}j3Vw1j<2f=B(2(HW7+23Qx8ANN}#NoI*6~VcaVu!X|o4?BOmPBfM)J9 zfJd{xhlIa#-;F``fxdw(XN*fM_&sg9{n0eYE)y~C99%mVD)zoQsPM_3rTu5T^R@;m z(c$^DZy2zv&kasc!+@aFL0EQ6Y`RIp+l27^rLywUkEYvW4t%by?oE9IYskB7HX zKdG*Sed2z5m!sFvDO)r{3x+ZZ5o zZ3c!#afDIm>@I&3T}(vyR}B@WV|sis1iPsw5)F;H!vmib=w?BXL&T_`b}P8%)N|j< zy|SSB{t#FL=3ea9nd*$=TwTH~x0J?IFv>O|ZHgK3oRG)0u85 zSUZ28(~qHO1`K^{@U?oF5}vZqjCG7iMQQCZ5OEZQt$kn?l|w=-J$xysbqZ09ETzm5 znpbm5HtIiDzkvBc9Qol%DSaim$HM(yv}Ew9V@2f7L#xA7oyEWr&oBQ>=AXF#S%()G zLRSvkEnAQza1e}{zh(?b&=O5Fm&P!dIdEVqu$I&Tvx_j6MPv13=MIZ^ z2JUl$&JMdy6416Ec#4Zy!zbcIkNyPt|Ag{SOAAjviU$tMpD#V+EV#7k)xV?FY({lY zQ)JjxcqKl4k_@!q{^3}$ka{U;$>MW7jrBIF)Ug6k<=N@i?{Vj|e`1zjen)S;3n8;M z7}2TQDqhp_&X<@X=dvv#tEPM~+;eINts#>rzk*H)$;rQ8tI9T}oiVfkf!ADkoJ>8^ z90MV)D9g2v`$fLaO%3>#6OUzsWCc&6;*60j?|cg>$=rkq`)BvY*_=0}CR}@`WPyzS9`9qVaw& z=o9v@oLU;;r+oQLudO!@K-hGj z5-f;2ipnX`RKECXQhy?x8PmS*Q}%0={)Byg9iXo>gS_2%ut`5Q(|wk|1YK;TNs|Pt zjdZh~mY1_Vn1T{e5|*H^MQ#>;J^~p;$FCgrWq}tf;jRevcV7G6Vx7B54DuNaa*0nR$IZxR0%oMyX&>#A!xxsOlkfk$9P>FtSuc4?ID$t>gj zX~AH(NtVE(W2@~R$|s-(!T9nok@4S|J1=ScLbUky3Pznc_jRj_u7`r9kxUpCA{i%p zo5z<~6;m5^*l1g^+MPIUsIM)}=56e#AaSMtTCGt`yBkB@+lMVDgquI`_~#HE*wvHN zL<4)a%Gw^e6`EgaN`^NgR=r&RHwFN^DuPT2^`#-{*I{bJ{8qF)`wKEH^qP)Aa+7 zn$}_IN-t!qs_xh~tx(IGIwqHfz&Z zbEWFDuQ;>w zC0n}U7?w0Ad&jJUyme&sbVwKWXcfLTv;YYkQO^&@hmO^vUF@b;4h=KYv=C@K@s>xw ztdX-0&Y9@qW)%DzH!E{= z?XaAvwNV)sjdM}WeJI9--l4De?{xwtZTf)VYV<{20e2@xwJnWhipJb2e3r7Zi%I~u zHv)gnQn2O zIf%kj`9PSB15L>Tr<4a^zj>25i~p6!GamtMhas>V~511E7ox{xYyj#4QYS_{43 zw8@EV2shAovO?IggBnyUW-yd>t9AXgl+z9)W(8sW6R_Jxr8%j=PJ}E#TRLB>r8&i~ z4JC&ynal_e`4vw)E)@xyhceqAe}S#Pqn_IcKoy$Wsj#sQDTM@u>hsE12pW^?@Np^v z05?nte3G822Jyi?KA;;aDs+05rBP_kHn!WRsmvs&oq(~9y zT}l7Ab~~p%D_r~7`~Fh)Zc~um#k1F8H|o`3H8M0MnXC$xnc2LNF%=OOu@73g;>ynU zUr6$1nt^>bs|37_`2morEqh{Jt~7ngfN#>U7w#Adk4E(OQ&QaCA#p^xk5wy`{Jqow zASPQOQH#{<8pxTnY*5H5T_NI&n^;AnyRl1u*}5Rk=KWmJuP}N}!{R$OrF{mOn-t-= z7LIRSiSM&-4B-U&#^>pcUMNg-Bw6QI6>{($sE4atB|}%I)Zmv$Wyx$qixw^I^UF$^ zFlhlUF7Jh9scJPQ$-XGRbUN@M^K)^J%$V$xD93a(9k%?yD>Cpgvsl~X4xd0{P4!k5 z4i=Tunm*`v(=p15L7#Yw6bz$vM*0+++&PN*#}oA}wYeUU+}@V&)^oLqyL@j=Ujt>S zS?nHD=$k_&-eIMr@yK}S(q|b(L|e53_DSW~BfYf;3?|gQJ`3+=tyOzU^(LtokVV{X zF`sJ~3G=62x$@Kp8p4=CbEVP9Y|`F zr96ST^yE&&u&YS_I|=_B(_a~Q2BqEx*%wqWb-bDv8jquF%-^LXJ^VEO2@`0M74zOr z%o!}7J*XP5f*tA1N4gu!$Sp|5wQ zIMEd?BxA0_dvQ_q#eZAK2eV0z_Ab-{81AWE+xFQ5z|60GM}!sFEAyi)E;kw9l=Ukp zuA3{E?3VL)^CudY=teP!~N7rm+#rQ$0`QMGCYF%0w2s({DU)Y2`O0L!on-Wa!-HTsxg@5C~z1QGt;on{-QR97amZ?r5Mo)b@-GCMY4=kbfT6afqr5jnQw7pqP4-|c%E z$Fda4Zx0@P{5^&IY_b=XO$QUqD~Lu2 zUe?^3D;WS11o)A=!2A3wi@0zFQBW5a2uz zun(CSX$)^SVSF{%Rxqs(cAcg48Jn=^M6lj(7*z`zH|u|AI1dMjvG6e|=kG?k^f`bU zz8iQ}%*CfdjkIB=lN|*g%lAu><5SNu4pKC{9?bC-{P{2)w|YpU;%s+#6^Hqg74hn# z-G(re`B4|wXRsUgV8-1k5sY0RVNo&tB4rWuMAYSCQFx zXFEJOZ1wOl6yYQIIf5gCjxiD6IGI$&=cwH%44A0ok1e58`W&AGRT3C89ELFzz?Kt) zwJfnb4HY5Yo&?fO10$9DckU@yv?-vO6$YZ0ydw)I@7(k4^`w$bA+nlhDJdu~;jWob zk4m>-F$0zLCgDQsakA#Vd@G-kOXhMYTKx@SImEB!g3rIijxQ!mm4OJ#CDzGXc__g#Z!!QRa$N1B^_ZZ5!b*kYDsU57`)iWKulHFS1X}|rqM2je z03LLz@vtC--I*U1+AK{JlBxYz5H#x|ds<-+x8lkT4MFG0I^#H&s0%p=ueW5zym3*R zrVePSknBQF%CgcyMZ@{Dj1x-VxIK5FYH0Bp0#9#ucA8iep=WgD7}GS#)BAGrS@)(! z0fIRZFTQ?H>!sfx6bQH6)O8!k`()QZX5v5TDFa~B6D5}R&W$6RaN;w_+t8QO*U)Gfz}a{MJ*Z7O?UlPfdE)FVX2Q+g-0 zTi?~xde~ZO@eNLf_C65w*nQvHj*!CJ^Zea0{qKeG^W20tWxKx|Qx)ccm8lqeP^b)( zaz7!;KMFT0kBxgRcGp0Oli!k}+SiIjrT5`u4X4EXf}r7@%ej<-4D6!8n%Y(}@Hi@s z8{6({f~$R|0YR?vdmbl;+z^-08)V8D@Zfv*UJB9L$ym`^T@tRH3?}>1RK=kCb_ed6 zCD7hy2+I)C%%cJYTH~omHsk0y;XZ-xenDMh3Y^~E4p^0ciSjersqd_Fp6X+^^8$wr z9`!EYR7BOnQfoe~{K*8~xtsu%U=Z)Vttf~{j6dGw4whx!3p|DU3U7TMOWv3)m0wvn z!d?6LV_ET>2G}VtMn%WVp-tw2olq;i%mC4Xm8g{-STSd}HWuCqU)gLq|~Hj#*!V#O)gDm+J-eP6*nk{e!x`N)i4M%q9ddO$nqhYxZkV-zWcG z&A;2?XWgIqCEv%pM*v#j{E#EMLX^vuHc!f--Ci^;Rq-8k=Mb>8+Al!q;gcF&lrc z(BO=-H(`s*s~6k}+v~zO`nqNI_sME$fnd9Sl=Jhi7K3}rIg51ecSn9G;Z{}G^h9*29&T?8)ecim0iv%!>2jw zpd;p;+7+kRUC)B=Ne?4O^)1R3!oHeR`Iulu@K;1${sB&Zzsb)70pGFM-{0sP<9=Vb z^Bft_!r0?vURW9xmGq`=zAqt;U)2gcpl;WA_pKsL+sgmF3fz`#nwXAV>Cg#8Hh_sxIzA>Q|lZ*Az(B=VMR1N%q3kgoB0# zWpWMZcVqWTZ;9VD|9!6h2=r&C|A^t9OKUm<1~o+PRf+?~n;;_Hp!)>0SxxgdCTEm^ zH@WUd2`H_oy4U7s3m#Wy0ewJvofb}mKze{7XgGS@%-MC@Yg0O!Noz52d~hPgE_)jz zyenjNb$y=vo@kgAWxUd*uz05@E{%I&ipIPNa_0?k7L;IeJc;6|J5Pk08(BCbQVl2$ z2vbmq*9?*&-h7`(nLPqQ9R+7Lg1d0Ri&v}Q4uKEmAYUH^c_^il<3QM*hn#@fxKwObV;Seje~NO;qC3k>-RrUgxk{q4)I0`!H-()b624 zw74u)$G#-LLaa-JyVj>OJ$zeYY~~i7d^P)l&aMS9s?Nf%&*8HB=cIRK4II~PctDS9 z#IQ1&=54JqyN{ELF!RG)TUtsqw9K+Aca?G6`97$;)<=JSoq5jgiMIRA*dB}`x27fM zQuw-RRTqq=zU3TnJ7^dpir%UgKQ}@L=JpnXH0Icj=>d_h9G=G|&Xr{$x5}dN$s8Cz zc56cyloN*fYul#PaOAE>f`YFeayebxB(k}TiJ2fNeqe58ra2F}_%Iv67c5!Zb(c=X za)F|Shw!NRaT}MLoD6A!x`$DKOxZA&uRSSAp^GL8@%eEHb+MJU?@qs`*d~U?okMQO z&k&-YTNXA0XwYb;WBMj#uyVilNKQVStOTy_{Yr7Anp~mnI#g5N*Jwre+c1c6{ad)Q z1M+vZ|Gxsy4GTvk7n>NZY@&noRIXD%eGJ|`VO)S_lO<+{z!y;=8=__YUp=vhV6u20|cfIUjhITv_)m{O7r8WlO=bZ7oa$Ud1(;4 zqa1$vGDo2jJR$(;9wp*3JGOI|a&WcgHb_85@W4o=g}Pb$inr%C4ldw^=VCX5!>(_S zO49NtzW-HBzgO{dXn852JqvTTdzn)h3SLwyYsv0Y@DNU(hKk9c?+$I|#mI%!T=Vcm z*nntWxao`LE%R|d8+8JeNNAIcXs%Dm>-2IJ)t%;Wq5-eCv@SUDr|edhwgHD8`D0^_ zru!1g++x{nqf2n_?fZ-`ZJeA&x*4L?ZJ6>%9R-g=5`C5zRF77cLKMRSG+7ywKX9>; zrWXn93LYb%8@I)Dtq{?6_7L7S#t(Ux@6am6+C$td6*s1Yt=UXXI@mU`Abzk#38UW$ zFQZ*mD#Tcr>We(moBhdw%Becq2iD=kWgUiEw^KCi6*be*Sic^m<0f-?@1`r{s34*nHb99`SLakw@5T{Cxr81Wy6YUk2me@}Eqz;f;?QDscK`t4886F=0p zcTx8X+-cJ(3GnPFwY%1EFiWm2?r@<%tu_z1C3(wVW!AL|w6PE=JgrBa7N10Hsb$#y zc$}|NW}kq&WcC92Cb6iRoerchC{J+9Ycq|?w)q{zSr-3UvH!D5$F0)%T1P< zQN3r|`tEU4@sS*J@=k<3mm+8r1ADhDXO;WE4Wi$L|7?pF7{az>;8eaF_fxvS#1#>< zuT#Qc)9s0YQ)eD*tR)7-k#*O)r3NU{+{!1tZ=&qd2(r#0SIhcpZsL>?o2rtcvA$AE zt(9MEA#v=`$y5?-+JESAH5)Z51w5@p$4q&_EQp^Rn}zjdq>GKe&ARE;EC<9Gc2K$R zMk;a&*Haj5oUkmp#dNxdBwE~zZ&39E$Gncd0Wj4Bk9Gm~Qjtjux?C1DNE?LR%6`he zFNOX^@g{ttO!vw8&xfc{G-6<5&FMqh=l!*v%Hj9n!d7>zO!Y|3i1xdwYC1@(*2n~~ zR6N^?tKV{sP6Nb(>-Vb!uhspB)BexmB4}|CEL!b5LIHAQKX3OhdMBpNL2pxUoL;cu zmzDx;O!e6dI|^tS560f6l-F^IidLEDLr;Xy`8Y9DrGEjG_id*ax@SZn`0_SaS8)m*(r;;W01lG z2AOvy3ZZ~d4j{1lq&`)96c<0j{RfW~{w%Vy^r{c7i)f4M74v%NQFvwYTM%I?xBB$< zaTVawtQB8xp<19MU%ceV6ZVh~CqM9VzBf3jHpa9yt(+9yjym)tkklo<+EkFFhjN~X zf1gfV-){|4W}63uq=Z8a4$DnV`0lz@B&+-K#{$#@mlkt}y8Ahy(B40gYsd4uA z4y6qX)KP0ojM3|!7d+4$!^N0_Z6<|$fKNERr*B0(|G*R3FLiejn-m1YJhm_E%6)howYpYXGaHb%g?s- z^c<^lcI&FpyxdMArX$^$K(qc1%3xEWCW+*miIbleCk%EJYL#{xy~2*#{r;FMI2VXr z;|-KTh)eh@DCD;sr1fL1eLgmpp*;X{*X%T)6^D~op11}WLXD=)(z8)U%2;4Z$TuEw zQNIUz?le2I@ePMFo!$IqM#c_>vxWmXuc6dCZ4L*_9PlV}shpaHYyi1p<6}<$D+|MH z0RIE=7}ECKMSH?x!7{=hc%G+$3W#H4r*)A+`s~t@cLvyy^cgcHj+HY%EVJt?ur#TK z3u%T@c5{2m36$4hvS77M5jla?R0>z|9UM;y)CXPTPiO?V&28RczuQfG)j{6h+Ao?DpAUg{7-VKVKvMsVZhq-hvGtdWy_ubYzvGN#2@pqiI4 zzkcoO8bjQPnr0us-0M)975Ln$Qu$5t+97ewFt?n)eF{$Sar~{ovn0ANdo(gyyES`NLU_f;#VUhm znx$OC>}qQLWR~dXnx05$mNl>5*9{a)7bz764j5%U?xxffIxyaVSv`Fs-Bbpg`kpqN zFlUvGyD8=FGPU8}p}~YE(XHh+6D@d=>0;z(ufMatAmRm&Pg>u7qw?|h1o1Cn=OYG& z7iW9fleP6Zz;!QbRhLoZEivqJieCvPP{^@<7IJUn8O>^S^O@UoyFmHb7uW+zU=&bI zDvO|*`nb$jjtv(@9a>Saan2i3W!8&4^lHeg1;cmJb}E)a_n>2PSJyIP3^wzqyJ5nC ze5)&0D};9QD7P#Oo>&dFv+|cGX<$s{?RQqR0tI1R739RB>YfGLMF$@eTtp5;sEvI& z)n#uqic)D}jG;KeQ37XQz z52Gzdm1>->_MTWhKPTXVM){y^_A1bI&bZGt!ncX;%49{jL|e;XR_#f0XDKhIpiCtXu| zG6%oDiyS`8B>Zzh8!D*_E!y@w;!zniI>t6aQg7U?KSgdPD@HMnC3Jj?J?(l9G1%PG z1i^fTdP)Ji5sAfqKk#&~Be*k>xS;pg&3`#Mez)@6WHVW$7?xUDm5vnZD-MTNJ@MZt zWv5=R!}5lFZu)*1rjy~@a;0Ld&`sTqE=kfMvlWRfw2&NHFC@zyUgctVV$bG?WxRcq z@kLF2lamAZ!90li8@A9EP09@U4zprxl|*9t!jo!>jJpbZx{H>&Rrteh577|^zn}*B z3N+lP6nN^kcd}Vo6oeqoEh^#+ z9P_Jm&UWu^ja6bz1k2l_YYNlN`X)tYTqqVB$9|XFe*-*cKWA^??cP+&7}{w85YL+N zmtf4iObosnst#j@pTfj8HC^~>@1O?`*r`{o%iihD;aXtgzB)2!*}BW4TkJtdU_Ws* znAn`E7ibal-N!BRu$jPA&2WCg7Tv9MB};wz121vblt{OBydc*1cAmbCXO9x+^4ALD zz*)QD%u%IRgRT_|fJ-e9{PL2_k83>3)qt+=H$6S?rKx+n^*l9#pm?}J#N4Js6E1pW z9wX~aqw`#Pn6tiY_#YTiyV{LQSfq*ZRCsg#F; zwSm)z{>X5V#DQ!ic(sd!KP~OmP4?@H`MnNL_e(GCXjx-oy#--aM1oQ5Uw3u;UmC$n zVpQMcx@OA320 zt-Sq#=aqV*@n;dBZ#WC*do!rp5Kyw}588O$|Ilj+ zVx`oMxo9P)Htl>!&82xTP`T_E_NhZ7d`s^S3ig~Sot>}+5&OiZImka*UGW75nm&>m z9nqt9Pu+PVjP~GJ;;nzFFvOk#oSMyiKOP6Z3-|UlmM&a*Kw~%eRBLfeQKT8nV3rhn zdpqc6PNfKt(iN_uE2E_$>L3ST&wBS{ZF2riT``LfwgL$Dm>{=9nS~~Ll%c8Yd%v9q z$lY5NOqt#cD9f63gSt@VsIY*+ui7Zl_?ZLkVX7=#8hI&B60=;YGn89gS4lDkf!j0#1hm2WwqGG||HVzNPs9}yrDAqQR} zHO~*K#oFuvfIld?bLmX009mhtZqTZDVkFx3osm}8l%BpuCrDMNtFEpr@15S5*}O+; zWJ`?$5E5&TlWnFUU0v3IUAz;`BmnVA0LIjk?1E}n?+YkBf&k(IOdJg z-669W{ER@uc^jsNyA5vUnP(g8!tvhqO?^kc{GX|?0)U$WaSGMToqImwa!Q(%F7#7P zs=+l*^`o1R|bnaH1h*Rm<$YAn($&n;9otmRb49-CG>Cd#fNSRZaED9hWRh z59+``3qsiLYW+7*c#^nrWyxIkGdEQ|*`}-*C?&NJft#8F5w_uG$`Mr1#hs*-<&=9v z1flu^kA@96qPp-^^z%dDgt6mtZDb>y*v4;Z2PEQl2L?!^n8!#WHbB>?^8)Si-tTT& zv%4^l5V-Kim3{fTXQ=B4iimde$!)$cx`O98Ev0~bYA;xOgY%8vHBStW#&!%e=vJvk z*cXQX!Ro&U{Jd=c_et7@3+I!x^Sa@sk;7N(u=UCV2jnzy9zO01ak%i0RT1EMQyaJ{ z6Go{C#h2`2pWP9y&vkc9a_E&)yeLamJi=bkX{ZRhO8-d!DmGo2Q&ieh8!ySz3l9cT zIz@i=+O>qP4lvg6%u_yjw#E#{IH^?H3M7J`ESug)udK)$gARMvF=6-a0#wYwdGE}w zYCcFaZdeAHAWlnc*W}{D#66fHh`i3H{eef60rwvLdpZ1bi*pMss!aWjp@jk(zsz1%qFpO|Pgi zG>G;?wMgBZoX-<&H>m6f!kx7J{R{f|txN5`iRu{1paI9aI2Y2) zS&|Gev7fGqF{A->jhSP!5bpj^6G3>-@ht{+s?Y~oqYoIK+__|U#{V|Lp-w8$t-HQ}40rWPZee!2xv8iW?7 z_IXD0nhuL}ECR9^IM?6l>740+v=U_wzQC0cAEay3k`i625GllP3Oo8qT7k zwtNxVv5^Y?<2eKs_iw~e=82N67^%|Ui2Mnw2gqPi2=bB|!l>lNx8H#S1QeWs-&^Fm35Ap%7Ewtvm-w)%r93h`L$ z;%FhBAxdPIM1IE)Jho%y?c6TackjF%%%rs!De}}-&dve6kuV!N_S^CoD4i*gc+~Vv zBINBqEBO!JpYt22eEqTGpgD+JeRQt+nkezJt1Bhn9IU)QZ6KkLda!@2P7!f{@0B-2 z812r{GyzZov;_vZB#%*{kAH7uSG2vd>Xz&o17)mdO32C+anR;t21s=&W|;~- zZmy4gQ*j-h>#U~+W428okUaUQg{b-t&h0I&w`<>-j>Efla(d~_|!Znw+YwS zto?I)28n}11}ysZq;i7viRQQp`DTX`r;W!n^{GrfgSeWD>Ni_nj5|M{-U~p`ao0KK zy-(IA{(<-O4=VTfn*D72`0gPx|NT}(lib!Xqsh!dH*;|gR=v7Myd>UQ&2$QBz z0v?kC-y^cY(i;+llZTjQqL6OJ@sHU0(rtq^gVN@&Z){)w9yfmsb}m5t8_L};|G=cG zdU;mn>-c|wi;hP%I#t>k)`fS!*gbjwk7oaQ;io9Xdn*oPWn3OzL*Al?Maa(@IE~+v zX(HN-K*!}v>mPe*7ca&R9GW$~;L6Z+bMr(KFMs8YX(S!+Vu!-#9dGyQ_#0ZkY$BJ@o- zJy^25sOpB5oo*3>wO&~lTODH&U6F-gYC4}t%4VQepPCaDW4=LhS>?`9p%GrqZLq0g zk^_u-8T;wy`T6k-V#T@k_MpPR%b~o1djT9Xj4E`Tn-%-+G)ZN+o>Pk>Gnr(>q;|y8 z7V>_m&)RDC-fOyAxjLH^#Z8}FxiOdxJRNi~9+|Vyrs9@IYYNpZg5ultl2}A~2eNOf zmPif51Nk#dI`y;8)f(ZQRK!LzoqSG1nr~>bu{@3#wJ>wwOT6NaS?c$8-}?5Q91>Z_ z31^TUbuj{IL{Oyz+Ct50eJ)p*XpHIcrc+!x2T3VE<3FDViqxv?fA}~>hu4B)Bq4?j z5U8cl#DLY*t86JU`NUEv$W04*X^k_eoX{pwW9BL29x>|Rcj|&5&RaHtWm{GJ zf7vqegHUUdt`u@Ti#^6$#?@%SUg0BW43~PGf#N1m0vJrYmGJ{0sWk5~`5muk*#KWI z&6|Y1uNc>t?(0uiS3&Ogsw(;YazKV2F&;@+>G>T$OQcf|Yp=EA!cd>*Je)}2ELa4UJGIyZ`bwaWcb zNp>Dx$^coXNyn<-(m7Oc6hJh&-%NASXtfByhBh(tk&}3A@@d8HWW>m1=TS{?CoCi2 zHZbuq%jSgU+aHJO|1J@~^ISMuCe?jF!;XvAareKTppm>6qR8kI)zb$90ewSfZc$P^QHI}-P}3=8oc-LO#bq-;w+p)liLzus7z5uuIR2%C}pjz*PRbr zge4&$$eQb9^|dpeCXEgc@6K*m~b24 z19ov@_|%OWbFsak<8TRn`(7U;z?Q4Nh#6G*PVrdu>|tuc=GX7txLTw9q?M^~-ra-h z5w9fS50`#|%s=Z&{BEnY@_n)%X{QCkyNQ#kurAtwyXo-^L6|quTvDZcJ;(>+We@oN=14y6pc>VBDiPOcWHLPJg+DuGj@Ig^*w!Bt4(I;`*p<^+uB~)Tol+Bj)-oy zj(NP2>6VUVc!{y?AuG}~gEhkdfu{7U6^p@&wDG2#5B{>yh$g+ax948O&96}yNhys8 z-)oPz_N7SuAChIs2WHSYyMj;}qS@f;T!wP+K_ z-cENuob>8pchQFgL$8dCIOsd6Zcri^9}g#!qONZ!Wi_g+AI#Tsk4SEtE{&qcjR%XW zg`4yUbqQygASV=(A-Lpq@BN9o><31rYj{z2h|BD)>7&!h3mA)H>Dsru%-HVHJF~+0 zcku1fQJ#bLQI*btppMFLGf-kBQ-cNVAMo^7tBH9>Pwat#l0+NdUtV>&6H_I z+l`y2BHA^U=2TXDY2WL-m}08Azx&wc)@V*z(32_6nZ&$rd_wizPlhux^EuY=MZE&Y z6xycl=Yp+t2V=@lJ`I+n1WC2eNkQFVWUiY<{o-Hd_`jXeR!;1E0A4chx z$Q>aY*7g=h*2lckAGC>Tk_2C#e>)Cu`*1}i^c9_K-(FDsVHIg2?>2XNO|Fo`Y(h@= zinZL$FgVWv)=tx>{}ET=5$f&h=#>j!t0lUaoaNaopvlv%GS9SJQkjZ&O+ORjtRE>i z89qWid&m}c^{%ZV8r*V>_bykHTgg&~f2V@lKG#|)8}rh1GVy`AUA-~6!kOK@wY)o7 z`m%p_n%RP(?H2~Z)~w<-_8>@u@D1Jm-O;v=3Y_|DxoOh+eK_cH6YA@g!5V^7U;&eb}F7n9|E*6X4vUa-1P`*FgQq$CZEQu~jw%qJ zR9(MVai@pb8O^C&QFI4#65;5cRJhvZge(fD^?$(g)M|ifsD6)Pw=`N`Z$h4{PFk>< zlPAM~32|fI3bPB>R78%%=gg)rhTFbjX}Si#gjSlQkATPSAcg8LKOo@P6JWb+n+kaG0}t_`sylv%eMEy z?e`n%#5`QIv{o8x#6qM>&H!lBi-p%R;vun$XEwOe<}!UCiEN#dKk=>(8K=b9$5f#L4ap0rT%J~? zjEo(8=p6MBYVGD<&azPon?$g1m*;mUhWI2;rb4Q=sUJE2V}ZSh=42m3=)O%6N9f`U(I&ClZibY@*_+7NY|y>4QzN+ zTy^wi^Qqf?CzEA;d_4aCqQ|4$)Yhjd<%nReiLMK9>mc1ayhfgmK4|v@qy>r_%qVzy zhL8%W;VB8D+5?if>%aZ|XTKjlz?1wkyz{c(rJw_k&#k1DJk2tk_*DEBEO^w@_iShp zOnC%vy?c5-q~A($&bD`K1YTqlzZC5~bqNveMH^#i$FhGCtcLUQT%C^aNKJ7)l|!jy zE`OEc?i2<}ZmQ1&$W#uKeI9yPIAbuj^9>duFD(xf9#C%#M&$9ky^Qo}OrbStjRB3d zzC5?WRoNjqeU{~)@kThCSjqp}*R;;=pd`amF$MlmIsTBkntBN(uEb%z8f$&$Ms|>1 zunbacP!Kw(##_W`h1_@-nJjaaBD)Ew!sT^7CB@r9t-2>Xe)9OiG|Eef5ZINV#v&f; z>5}bNbfhSCRc}-coPGM{TC>bl#!o_iNiM2pI@Y*+utn zI^PtzWtzk1?BVeskX>T0F~JD~koqL}DWro7<8~3AEza!l;`eCz={jQK&7*I2SBua3 z*t10OrCicjuiTB_&3U7lwe$A^boq?~2DBYD=!VE;?stqZ+RSC8cH zJrDF%a2QE5L-#UGtO?CV&eVqO>Bn0#V5=b@!Gt(~yk5TDW$@x*v&FGgYI z{>MbUc$#is<*c?>wE+f?oKtjpPq_4A74JvgE;hw;(eD4^bG^vWTMsB^{Sa%YlUi9| zFnT^kUaL!1IjOW*btgBXbSFhapK`;g=+-@`qz9CF;K3hJ_1Eiv&_m;es=*b86Ao!5 z{8qZ;C}i;cW!N*pJh$fJj3Qc$9V->mS>X}^kW7+yZ9(aM>K}E9^uEfVYm@gm^ zZ{jmE}Fu_eyS#Jb&C680Oqj8q>X~imo`biVqu856Kr8 zG1#FBiL~FR6O}}iV|W8zuQqaSh@JHL4d&c5Ho=Lus2&~acR`Ms2PXcAx}T~i9{eOE ztKxo%=n=%Z1u@hEo;A+93A-aP*2TTXml9U?(87UAg7iL}2B3cX$O~Tv`DzTcZ08nN zCY8fhZ?r$6Q@tDJ}QNXZoRnw#9ef;cJhXCUMpEh#gHGz8noG5H6f z1iy(=TM;8TzB@fx6w8(J+#TIRKr2UkPi1l;onU-LyGaYC^i`7LaJAh?pKLx^hy2_wtN%Hl=s&R;nMV2eI{_F6cn!lz?xQbTx+GQomKjW& zL%nX_#RT-sqMe*of4h^*rswCY#uLyA-n2~whoJmv^dt@S{@&eZcY!W$A59(5|R67 zhr~nkm&&1rbbj!d5fgI5wQaS!gw;@yqO>;uj&*s>IG3$7x8Fa%efnlHO%Pv#%`3vB~Kd+YBc|E)G8`^S&umfJ@^`)dPvI;7P>v z=X8l*NyMlX-QzCCd8Lw^&8h!0>i%lm54OwI#I{q$O8CtViL2Z3H|-LrOQX7MAl`Nh zw7MUx0N0#$#(h&f+^Jyt(ld@?H~p)G^?mC6E<zzpp^m#s0==8v{Yxfxeab^FJA|AP|o zWCWASu&7Q8ye?VsJUo(=GmG6p%?3y`{ABRXnDrK@f{Q@K-TwE#IA2+OW#`Oto z9F=>m&?1F4Z>6xS%+POKN3~T91}? z+ej+PQk(7FraB{fBuovr{AeXK-mljcja%hGQxb4)d6Jw7afo-`L+T@0q?QL$JcJcR zrTe_PB|&*J^LSs(Qf#>LFl5+S>~#9snONZ|E#yS@*HA=_*t#jNxSG4# zNb<-nrFmt7KjMPZqT?Zilv#URhuV6;G(z@z24qlOlz>$g0j3S+WX#RwE?SjnjvANl zSYp}JIoENx{g(4piTp}B^gYbN%EZ{pqcp9#yof_TiCn-I!!)A3%MCez1k0HFQ5Pg! zs}<{$&>+9l=^2@`S9bZasr2B7?!rPY;e8a-qVr}9cOmz&Tk6e;HwDG0P+j!vJ*rpT zMKjOy7$0jN1J3i1=YTra2q|&t_ZeXhXk_${*=2}lJL)U#KAG**`WI6Zsb!Ok8?N&d zQtP%{VajVYq8Fx9n7pIc54P+|ymCSSK`1o`XkzU-2^r6F2~!hKywqZp^JZM3>c;fd zYQ5>LmR{G^(aKlmr7gWxP3jDfpph){o(a|ud023aOZry_x#h#3tHwQH`*zOp@JU&4 zuJZUfgXSR~zoJW}fy0ijf@2SzDdb_-<%4oxJqsUlHk(A*~Ht~uLv1C1AKUe^uehA8LB=m%QD4an%dgU0X4t!uuS!ndZpefq-$ zBer~%L<*nvlq6Hf5B0-05+0}x8rvxi8#}0sdp}SgQn2YWp{z1WOsX6q;HNqn;JmLo z)wZ-dGiWW)Bi7>Iaef4mnt-z%LSVDyYUF@`dP7Fz93W#YmUW2R$`s<^?iB8|F_!SyCeE`u% zxR^I~${=oz6wE>7mkkuuQ>VoA+n2J5V<{DXpHSBQT?ssU;>x;l=-4>6n99nr+X<65vEW}2(kL}; z7Lq)bYMbk8FxpWfr|e( zi4uqh@5;F-vw~I1Ur87f-A#25r7dDkYg>GVO_>yC>QcqAhW8df?wuUv&3Zon4o!~C zU_`w?+6#%bmB>ji6PxleAQf~n9d*T(UmFqUPuvsB6A_X6x+`|@93(mN{ngdUZti0_?h)@%PDcBkt zx#3)|Ir`juo(8Ey^UutPw;xSE&q3`)savu`5067kldQS;<1ErrhQG?Rnxp zH~Zo_wpX3VuTFm!7l+2R|H8%pL`xngz#+U>%Y-mE$hm>lB!uldxw&Gze~~31!vFNJ z_#yD?5-Y(a&nR$gF6}Nh(<^?1&Q&>tZU?QRN4F%Ai*W~42MZUZ4{706x5Z0$vv8M@(58M>mW=4zx}j)$NJd-8Y8e)fbxUw__Xo#QyYfS?I~+URy@kw< zJXwD(b_#$D>?R*yL3@zLGONVCtkyRzT|7a4c;Zmof!$fjVnUc=yi9lW3XFjb9e zI(ALq1Zt7XP28Z0m6i^R$?21-Zmi!memL_UnM^DNo0>zx0GuyD5HazdclCT#2?sEq zI(>#!z^0I~`Vn2(YG9$~!&#svgp#DPfE-aAueL)EXG>F$Q3nDi=G=>ORo>Em$W_!g zROfe?yVSo;SJmI-$Xw^k?4$*_3h_)`q+lOQ$96r(9li9pe6eOH&G5(wDE*v`Im{6k z{D>jhXz2-$RPkRF4+*hx+!G{fq_r8}7}IBu@ME(7nuVaKO#d$FxXj^$Vi_eH-_fp* ziHrHboWE0W&K#fFlfQx&%I=mkyr4&O6QGd)I9TnBlxuzyN<-dTIX6P1E5Wrl`(9v$ zOVpZzv6mXxhx8XDO217C#>!Vp^duyz(K_^Pap5#_p(j(Ur8K))ZS##`Dvj<((N#?M-z0~<#GhsOMdu!hvP$~1$)ZOTe zl*tr5A&jufI0U)8Rt>7kY8j7~^Wv3{HZZ)C_vM(}Y{Dgw(IcR&zjJvT_?YH>AHVo% z>(KEajcRwZ$}5N zAiIjfIe&i4%0+A$AkTS0$2@JJx9w7<=l{-gTQjQ{<&UJBS7i$a9V$yOuW2b7vQGCHzg`Mq>R!2x~!1EyC{| zUrD*N;subZJ{Phf?E1z-*mop!L8PAf{fc5kDlITsJaR%)hb%FG6k^^L zm}Rhv2L(>w_V8^rsEm0C%ok(XnSBQcl)pFm7qLcu7zu;|@ha=VzZ-qN5I$S~I}Zsd z>gEQBxy(xw`Ea_j|d-;tIe=wz%S51e6W5bPqnRF$&2b}atv8cv>n!-ixND}>gJOsp(>Z6$Zs|^=5k8m z3NFv`p1Y9G`J+Un8PX0r9-!&@w%z^USLT<4u|9IsYuJc@6_*093HznAj@NI z*5#!9MQ#p)*b z3X6js=JYq^&2 z4}!r|GAaVPh1ML02|D8MBtnuCDm*mlvE@n6+&vHayROnEP^*7%Z7XrOh)(=8&j#7U zirx0fMJ8gI&F&oluxM=F$EC`*uxf21Jkt+#D zDgVZ5YFSAVTZeM|Xr!04GzLxfw?(rY#3#Q)6{BlUHb`ZuN-!@Qb@%s|0rggq5K46; z8Cf~UfdD(#Btj_47#K=Qj}uMK#!GgI!%6b;S3%+4JUg5s`}9o3GZ~<^l4r^2Z|^P> z#B+(_6Up!6O8=4Qh^JK6oMI#AGjXV~x{IyHZhEsk!dg1y+uKR^c#Gh=%Z==E+*pG) z;gMoB3P(`)wfo7kyHHFcI<_*eyd88CxtyFJ*qaIPBfV{47kMuvsFU>?+cW*OvKR7Q zGMcKnL(x-N+@gfoh)-%(hprE)GH zgtjClw3DlU0N79%ht#iigs$dEh~ftVgSyS6jjf}#a&&ICm6otuT)*2w_nbL=a*hlj za6Yz%MP2jUSbP}olR#LmrN3^I%ll7%#QGoC6VJX1lO}0TB_6+!NY{?NsZPIq@`YKe z4bignQW34x3(=Ls9qf%kXbHn@m#OZtbC1@Ff75u(*?CQcjs_7zbdY(^j9HXFL)EGo=c zG|B|{?DxY$PDZnSCE=_vv_h(TxwpR-1R>-&w;A)fSl0)VS6m0B*^;{f(u1+ylCgF# zS-hS^(X)BVDNQ}Ftq+ZhyyULRczOphPIJli%*-!rkEN`Cn=oZgKio#*81(u_H#etk>sku8p-wH(Al|B z+ofz5j6gYOht_`W(a28KFm_K>K1vPP`5qw%T1|L}TV2A!gkwvi@^#F4?P|sx5b-$p zJ3XXa11RdOWP0_~Ez`DHjc0=!ds4;OL3OT>GkoQccf9S$r-W?V*riyo^cUIc+-R_7 zze?8%>c*I!y@-K6o+qP)j*`RuHet&mpL^DXD*DQ!f(2fC@?s4c)+9!;yKT9^Fg{C6 zX?4;QwvOUG6gs0>GQXNmAPvt9W}1#}_JV5Kn%TP!+d8ulEw&-yZFMaOH_6E)DM8C?(ZUh`1G z;=+o*i)!#b{Qmmt!P=k&2gAB34$jggZxaW}?iKuKYHO?mTDjN25j!l|U<_TGMcf-~ z7zEC;md%ja)B{DZ{4>SM^+`v^;5kTyA}??R+)7?x0`l&S6IeGo)&62Jz$RP?OR>Kp zcp9jnC1PEvW;h4?{7*ww334I+P~OeBsKu%lV^)XX4Q@xwMW!~8D+(`V=f?Y+cE)4r zq?IG2U!g1779i#Vx5%^4fbQe&JdB#WQI6eh?7-IJzuZYZG=KO6DMRjlGb$-$a%s_6 z-YO?Qq_8g?6Dp;@GuZQOM4u&${8b{mIiiA1yw8Q3if#(%40HDAUOV>kTJyFm6H0(G zIU9Xj=2M>d#7%UCUD+M#l;b~WuyMd3x|6YpAnVQpvmUr7L7ROF$p zLB8;+@FR*?V228Du(k5T%b_8ftntT$Oe<#1+_A!+ZRd>CZx_nD%_s9%kLD zko|i6b2KHszsux*tt1}OPWFM}!BR3N5+L8Cfo&%~aUl&2hBpvl$P>Khtn!iR?CWu$ z6H9{09@G8WgXrj%DaQ<>k%`-Eqek2mw5Xx51{$mCIT4+S-L%%(aooQ24w9UJNXdsI z{p~6yxsVjM*SS&c_vU+C)DT$2_d!h#8BX#O z?jAO{0ecR(CN4X@yZ34*>hsL#j;yP?1Ot-U?;+q&;0Xcep}7ouJM0^Z8oDPmo`CzW z-2QF{;HmVTIWciS{nxH81?vS%W98# z?|dsM`9M1*;(CBZiS(9^XV{c8s5+ZUxnUoLn361h172u@oPvu|y5fgv4o>-{knognJ^azC-__>En4)D7o`Ult> zaq@%@;0-Ch2Rdez%TnvyOKUa!1fKFe@^y+>+s?a^pDJ;6Oti zxtppLtumMQz(b2S1c1BoNls}Q%{95)5cH?K@k#eAy_DTpE^qRH6*1R-`SrZouej3{ zE7jH||B{`8bvC_mQ~z-FltVbT0|E6uPNHDBW80CH>HADwl4OWiKa-xRqO`V`$o0R< z;_vq(UdG2QUC>&;e8sy5CO`0)!@~ro8QZL#-m~n7w@k*upDZ<$m5Y~nJ3pP>v}VG_ zfdipEe9A5o7lVaXOT{Cc_hV{IyT!exuZcaH%&F=oSKG7q75h5t<0Mke$+-F}iAYjY z+r~8wXzr=W{nzMN!w#^7Jr0fu>Xy9AjU#XTur4%frmrCnOLG4P%snrXgnVRES4R~E zNl8vBdh7mmdLU&T^ZPvfkxQVlIrzTiu;i$fu*3xS+S!r1PYDCsVD7qblMeA^I^0@@g{x z2n_Y!wlew4Ec`)7;>Xwl6Ezr8N?hXa)kkke*S-r+s>i5DQt7mGt%#Z&#^~p&$0>0P zlXqVXbJDFNQ{@s?9sg!nUln1*?PD(%NxAlASQQ;{jT=9t-yhZhIrCjnfG2^{JUg}i zgtqzf+6JrdX?M=>SCkua+boU>_uDqVOBA1Z2>UtNmAL4xKTacwE9{S<{#UK!i=;Hn z8M)_Ck$-cT5--piNTqpfG>sklCYCfRhL64;#+Z#9=pM^Y-<()!5XGR(M|@|&WCk^( zJV=-=&ki!nLJ*sMHE0ADv8|K#kPUvUnG*pt@{(Aj{lU}yFV)1u`oVwc`wyCloeFC;QTy#o zCy|5Qmw92y9^HhB!a@S` zDt*^<@$(x!g`XlDr|%aZKszd>L_CeE42d-vDoKi;KTFOsPwKvRQG5~(I8Mf|4?a| zGMo*SNGkLAA29syQ;FY$v7%YDHBHZjO8EH4g9Pz3UFF0e9t=7@%#&y9VcF+TV-VgTC2-VhT4nc8b}ZUfy1@iwvPN8QH;9jJ0|Me1gt6 zpUz77(JeLr1JYbaD^nwe3`hKC-!TsTaEE_fASQ8=0OS%Iqa9|{FvB>v@o4~|JAhsQ zUV^O^c6CXoCbDhL8p-|R8~)A(h*jdh!aI)7=;3*Kbw-iO+#DlWj@*+K!7)RM;wFU) z48mZ;1h2fNPUa{EJ)WSof;rea&Eo9Y~l-92M%Ft9rFkkM-0L%{>=z z3>`RC3A?a(2l{?{Y1tjWB|a0d+Q>DUuGJl&0ijKa9hx&$jfxA~(||{@j@fb4qh{Q- zkc@&a%Zlr7H`hgL%HzB;{9&*5zGStmkxNaG^A2>0bCWm1IjUDs9HzG(_-;?Sh;f=W z3jP1#;J?G=pH>mCOZU#m0tVc(V0D+|dHAyHbH>Y0KBC+27fXE~OlW%6bW;idQUdN+ zbgM*0UIrX|NL5Xsj<1tG+$|xk2pZUz2=O%z0PSuXC;FZ(koxxVD$0S;qnT1@9^k^- zcXRNja0Urj)sjB>L*#r*%8n8>LW!IWOrWy{3JB9H_L4!b7&g((V{-rc<6kO z))^hE))SU0+uTF^Y1(M2G)VUW$r!U6?*L`!>J=~1dL-T_vu}%uF5y4&K zdI;aW9?Lox5c_e8s%l1MwQR4`YvW0+hFvLRr=dHw!JTAmyQ*#da{fl6ICXR-p zw-T2m@8NP>EzzaGuS{PdQ*UvsZkCYt`w~)9_iAev0;l<=+0b#Z09qu)s2ekg>y0Uf z)YSYTFo~Sr<9RIwY9vDN_xSzux*sMyr4@N_%C*ehp`DNs>i69fst#e7hVGMhB~~a6 z_{i4d90~+jr+4OeU=!~u!*ZJQ$I%aXw+p6Z>oUhQrf+E$6fW?Rhu)>d{7RyxdViwn zh1r1P8%08H&pKzbD__PHnqkdiK)gDKxBu3k6ZMx{iK$-?^b5IZBGKSg44!t{|L&1` zV4ZB1Uy#+xkPl?=Oi^56x`sg+56s(i&6?o&w-J2|kKuQfE~tAM?F(!^uUb8vYzrOn zvPIac>7q3$J!c4jXI1m{!z(_<*}eU8ZRqGgClxy*1B@PR{jVgC`e?t2ELtp6stw0d zoCk!vxg z>y)j4N%rZ7rY(08D+|ilR+7#|5u7XLDlzET$n?h|kIM6TPQz?`bZzzY@O^(-AU|~c zL6coYzKsv6Vq*?@YiU!nxWvL0#YscKNv$kT87Y^k`Tq`z=-JG^CjGyQkfKOPe%XBS z!zKS-fq2nVYh{)F#5a}Ok#j4xM9Ql0nL{|&gp|wKZm~*KgsrW&-ZzUksx*}>>~)UZ z_VvzEgIq4Y)4jt*7Rx7FQmL;j9ZDxcOB`916DrJQln{L;_NApemS+OWgz>@!2BmVJ z59WDyOLn@u%xXb5+1O)IGclY;T3e-6#p>C5G*uq4WB3@O?ulL-t+Jv8FVIH9s2Awn zNJ+P3fqnLg>+BV0Q^}$4M))lJhq7)1Jm7di9oaNoxZ_V#d9G8_J|@uL`&ohoiaIQU zSNWaGd`yZVsL#O6c`#`1Z#sO5HSuivj05QuFTc^)w7j)b2AM$|n!OGo_i5B2hW{!{ zw<_*Q;Z+8#mGPtLdc|=rzk(j#=iPQ@V|GUSdm0aGum2e-1htct6U|E50~Vq zeyng6;siWyR8_aE6q47}Y&>I+Y)5cqV@LgZGtmubyvaq)L6` z6?>~6cUDn6-4i5-8mF;pS!60FRD!Ua94J zV2I>%2vZHdU`2i>*bDe8Nf_N_*O8XI5ykopKm-%wzGF793)z`vU8S36yM8sH_zDjp z;9`?^s{o*;#!-oGR2m=92T9y?zV1hgotBZI(>FBFiR(j!=`T)}9qC)QISsmo2f+Q~ ztR5ND*JYC9lY*(MW)*;4yqYR?D7H`aMOl>TFJ|n1u`na~rSXAF%TV`qlB>sObe@o0 zO`#_txC$JFvmaeOCLv*M`_{O)FQ;@y>eOhF}0mCtaDy)g0aSpYa z3=jemGCO;J991kS2F@rxSQY9&hD=QX6mH2L9cuTr4h$}p#PuP<4OhMUVxYcer}`51 zLi@+2=OX|$wY7_2_-J3w0|~WyXX|P56BVa>5co6yfab!*=P)14?tS#ZEykxVk!WXN z9Utl0%((7$pps;6%l@8a#Ydga7>_3$3vec7&R}yx+0xa5qxE)`9-r%_)l1p2 z$p^i*J|z(orVHq=9@M%wVujq&;|?W*gRLqed+;FU7WRRzpR#v|RZjJg^oJr2TRI6Y zKUU}5_XbJ@Z)M>*EURq5Ffni8r0k=6ucIZ^cI~mDoc$rSqv|xVRf<-$v}}`Hd2C`$ zAJih{#jxId(7o|wsbw7z0kRboo~PMw{4%5suF=~tCCC;aT0c>{_p5CZ!b)P1>v)S26JnL&L0&H8 zm|xhp;O%Ui9xTtEo}5wEu>iQRkTN_>z=1y{Y*2D|?xy}hvjb`77{zAORL*au`lR7l zU^mz}q_-}`u3*4j-E)IEIl=cy9dJHOU#T|)?gWxANn`3RO=Digt-%Cm`cgQP_I^q# z|LIIDo?1&fp>Er~tBpViVY&RU5Bq3^ev2dZqGp^RDW*-d{;1<^6+i zyb3E`mp7MjB)bZ6N-jagZ^~gxNR4))c(ny`mn38n}F4OmM3; zHHfFW*XsTloRcB)HE#>_F@mQ-;gY7!C2l#JJ@q$l_dlqIywjqhz<}lE`!0`7FBRl9 z8ouUnuo7y!()sz0$*3{((&rSKD5yu~vlCteP{MmEq1H+SKC7PM>3<&8PaF{2UDNdM_dJO`@x&N!7waNzCm)pSo-zNnW4 zmQLk#Ad-5!IFQnALlq$&0%ib-qd+!b_a(zK#%ukzbR$JhGmV9sO=VQ=eGoW0#zMN_#5 z3zlkpO-0)99R-czQ3YS^WU_~|HCe^@rTI! zU?q*}=)N@B)d=aitpO+b*zNzp77?ZFXL>~|Y4V-27j@hlZ&X1H+h*lf;V7GhF+z1P za=j)cI;IaCZF7I$nbX_8PEamH0OqWhu>2-jHDiMwv?6@Hz{RV{a-KQ;>Jl?q>B9Hd zz0H>!iwl>(6m+e!qBqX2&Jz4D%{JZ=Qfd>Y{w1$k(0bUK9>0LaRvAMnC{gP@t7FVO8I)}L{3_y&gTm| z%v8Fu=~n|Z(Mclmja&{z_OMsN9qE0}QPUnV+4*6}hodg#T}xXTgM)+bS2up@+cEK^ zI&>~5|DXpA)R9KXwg3}?X)J~wiED^VP)~m2dR1^Uh`A4_67?!_u#H0qtdH%3r{1$` zLMzGNA59hTBUNfLFdt)r!h%7aD!8R&iiu?HiubPDKqIX?wQqDj;aHM)j<@DauUO`k zE)w+cSE*E*$f3D6qjDRZ0wtI8{1j82bmyHm0|{F)eo66uKtOqNPW#W({nvr$3gg~y z3#p&@5&7r6&8fvZKInJgtCPu1&2K9Wx)hd-vf81)-!Lr6=*T-5rAj??2`W6kcwRw@ z)iTs1Axp?Vj3rgW5Z5ha7*of$`i{Z785UzzpMh>#S*$YY;*8rtD_*)6!tlMM@$=e| zP(Y@Mk+l3iU-j;?=rJrc5m<4YD%DoS#FdQe)D&-N(t_OZF_HhUlR)Kb68qUCgQcRI!e z%DU;N?s@6!`zUBk!I-=^)Y{!6`^~AGZn)R{h|)t`e(3yEuEEoXrgFF0Kat(Kykl`y z0&`|2jmMGP%kO%j>V!U@6%D>4(0%rg`TVn%AI$ntS1Xy+)NDW@N*CuDD=L}Ki)qOM z$m>1>&hTSUh8|xIRN$)FdZ*XOi~VBm%8E>K>Q$w@1y!LE7vdawnML&BePP046Cs(Ea-Ux=ga#`kIaBi&k*jP}u;N7FaPd z+5lW1TajKlCqI4LymP5tqa^v}=~--Z*=Q#L;X65luF{|Ud*geuM2iXCCuGMY$E5t~ ze0O(WS1vz=y*hja7?n~h?f#pddEzg+FaAtk|E!Hz+T;B;4zS(<=-y7+W;<+ zYA`VFP|sMTU7<&^sM>3o>?G&>%RtyZM@^sXE0I)bvI=cl^f;t>>Q4ra37UM3|EV4@Vz^1 z32DD@g7}%GsRK44mq8v8LRNYWy(TDuy5ub47NTeZ=CXf8EhM;(2KANn9Bs!URc|IuUo$)A2hM$RCW_dbB`|NGXQRRkT-@b5bDblb-rEd@b2^i1z9?VDg&V zgAHi!hzyBL^AQHo{RT8}_!;Y>~0O0tz)_)w(>k1 zVd{?3lvL61>W&!_)aL?PNE3{%LsUE#9i4WT#?<5{amlb5o^A?)G;Pc;h=d4rW@#ZD#Ykb}G1 zsT&T}QSXrr`D%r9p!MMI=ZrTCX}@KLn?u{Cba>Z)aWLR>23ko%jVk9=dB)y!DGF4D z-ZA6sIQ+#e*l1oR*IXG%n=*RcgkUXc;?8&9^hk#UH(;vtmdEK$JLr>7BMhJ@^2=ZI zR5^QW*(_|lQG(B%jGi4Ft&ubE%0rwPgrS8l2vyTClX6fe=;pcI0aPualm29^cf80jcO94TTDW zI(l>kjcZOen3Tz#oqqwo-jCjTm&TGAtx?ikzbckQ&mkr0TsL^7_H>_Ez9Q1i>Y2_s zg0=%zHP$a)DnUE36jm%YJ=C)a-TRy#Inn7`_1#7ZA(=5~sdr?V_bPzm%D=kuw@PQW zOMceoPpyQC|8dUMHAEjiZ@pT$?^YiE5z*4ggqhRnte4F>UBb(9u6-jeJLf|IjDC#Y zP(dVcw}i!UUG74ltHuXGk-+oKDSM~m;b}P=+)-H=vpCL-w3FB0rSkTQIdff z!O9D5`6MZp<*7#3jqJ8!1#9TVwTGi&^_QZW%X?0iy7<7wb9V0pDQwzmnQfyJimTr+$tfJ9f3%@bii$2) zcr zjooxAD#|{2+J}^@M}|UHD>%!9WL5Eh=p&E7S_q1$tSoISR^Ne1OePpqCe(-+&&a=3s4_Xft%1;ssRU#p%O3!Yi#7{bVpB2Zm4XFI;Xcrfgx>=}#2^-xL!sELt)2U6a&3Oo+6o-6&T+AlI zzRq|f6g4X#H)UnxxTEF|9&fZschZpoZ4qcv358E)!7zUL3N%lLi!b4Qpyse+XV+YQ z%~X-I!I2%?v!p(08`r*MhoEAtI?DzrG(DtM*)7UH3Q+ChQ@`!&X49>5Ooyi5+=ssV zPW^5BX}_H5kU~!!vkhXfbV+BgfgqwPW>7ca_@XtGw)Eg86{Ysui0rJbS*~d%Z3EP4 z&dpe>%d@KUU{xm;iEsl0n0*R;nL@DZf1e(IP;+)^B8=T{bMdb*EYC?alKa|Jy__2- zglhtspN?N{Nqq%*;^@yOg`BhT>9^t|7VFACA~Q~9Ah0@1%E{m>;k6JPXY5pueZRFWlWz_kWD#|=k2SBS^&N8$bZvRs>W z0}aUP?!M9yJm)iI9(?5_^mIERI6kaZ^G(L|&gxP^s_{n@Q}-Z??v#Q;y2f=?qG=#o z{*%@wMVVxr~!7}J- zwI^4)$=}(rf~FWXvh-)Z&cU{YwFSy&weM7~c{`(z#mU*tz)UdBsFzgv6X>WN(Tf+V zm$S&H`PuO^-~?fAftH|-d7}F+8qhiFnCu=N+p*j%>1x2lx)m3>+lp&%eIWyrfxqzDO~;X9 zsHC?;lpQ*v4(tXG0JEa3%8eBt)yYIk4M-vY5`Sj%M*OMD?juV(+}0sd5rH$b75gFf5gpJ#w`|Y~Z;AB@*qS zSD0T^bBEEt$BPX{H`B%&!AapfPo$9LXzjlCv@6H7hIIF6HeOWZ&zLZu z2JQ0WO6AWT%lxDk`2SDn?{=JPn!XAt4c1hKf!jM0$+LhJw+{R^_iEEt%X-Ap*3$s) zwvD6O#PPLd*4aJkLENO5UV&_e9G_VrJOt~c(eQ)OAfyjZB_il&RGkN~!_)z*#XQRz zr6u@kv^ykCh^YzrU&A+x3V>9FEA3@H`6pm{Ukl6jw`-B|{JLNhY z1Pazl28_O9Z}4|^j+X6u5uh~@>2h+wIj=#Cp(`OM}QWm_#a z)xzSMcH_a-Z=&yJA3^vpu03dUmSdT0vn=Zxu&Q*n0-xtd$}vi)xRS?AY$8y(dL#s&xq@Q1iIIVh{~A>ZZ&Nek*NlYogF<6>9qQ>ha<~d;Ql6XV*3r zgIvA-?evSuqoc6I6vG0?(1@7))MrVA%6BQt+3bqpPBt|)LkVvu)y{ngg;pud(xT#|c0b7ul)uTimek48F7J6;Li{FY%&KUu4^>eu zM$Iih&R_HG+C+Z-48rAVS+3jO?GcPoXhR&JRgv%K6#xGu`|POgx3yw%G8$q8_mmu+ z+H!P`v{2cE3379>n`8y(EpWkGMLwhTeSmNf6DbOZo&K2h7@aMMZU{V1QWjlp@ZVOO zr0Fp$_FyOEE6j21TQm^X@3`5}%IMy8I&d|8oT3Il9ZxVS%6l8uoP;)*ZgrtOb__19 z7UpJPlbg6L4BCF^mZK3+oIy1MB77~H7#?scrllT1m$OTYbzxtN+en(BvO2zY!qKkC ze|G=p3TKDWZS5jf(^qAD#9)i>i~Ps(N@Rc13X@I8k7p_>BVf$H(Us6oux7_^5HT3}2RGODUWPKu;ysKUsw&d}U4=a;gCNstbVl z-28?3hXMnp!7s47Q_9Oko3-KPLHV6hQtnyT#x$;*(k%rxDolbd16r>#D z@}qFByt7|@$)#EG(~6b~I!?^TRd1_m$Z^8!TuBOraU!82Qfg)I>iDpwH`qXLyxqJ+ z9#H1|9&0;xOQi3;DKvc$iaTtIaLs2m$R~1A_eB-9WN+_3H`BE#Rp?0qy|-9+E>}=l z$X{h6^;&CKKY1Xos$|Sc;5EW4@8Vv0I=8f?x(8DZQF46#B>HjogTD01#eL5~=_PzUK;i+hdau8nK0AYo!j>I)2LJtujP z@9^lf@4K?>y{wN}eKkm61|KJSy>VmaWtVT0!U-y*K<08d{^i3xZ(OD{pTpXPz&8_D z|L0&cc<-NtT=4wKqt4mmKi<~B2Bg1(^qTgQn!Cr;rEVHRT!TJd{&sAx(0vjCgE6{#SL2_!bo7sZ}l@cT%q6}4!3aO~H@9DU=XyJ;Y?XE~tnht9Ihm3uQaqx8{ zPHNpVJ<9MnOf-He!_pZzA@?ib2IfNmSvrTsK8_qOz#&a2x+dl75QH28Km4qYU!-=8 zPQOcnd8o`E2fG$0qac_l(J3A3freNA*^Q>3nelz9?oBY)@gt8iago*Myo_$RC`wwsX zH2uv~aSAk{u`>(cVR1dx`$)hnVMOkbjMhTG!K(+Dc6pF`X%27$RBP!;tX3jLWYrx}f z`{fy1f!kIsPFdSA_dlEyTXD2k9eNsfmo<{3lSS3tCSCM5$jQ{jN36fpSnIlGGXE;J zp3I=}i1i#P=29s=Qae<;*d)D*hNf2Re))@zXlI8G zOHW9(;j>W-4EW(RoH(xI^kN>~D`n~A;9hkEuemZH6jwt|nL>5bo50qV zUmrm+U#Ejza6hu!fPoN4#^t~r5a?@Xr%|iOFX)66TTGcdtPZzVJ_FX}Te zX3bV=sVw@g_aEnM*^Vp;E>7B8`c3ca9rD_FU;S(B|3v9`l7By(S+V*CCOmp3e2mxH2WWB~bZ-jS>^HS9!lei4X|!F7&U?y!^8 z@bk_NI`4NqzA>9WnM-jirG2vhE3Z|@q|pTWjj6V=!L1WC#hTO%(-`Ed_vz#v)Af`T z;=STige$^{3no2Ry<(G~A`Yu50y&R%wxrGmM>;3lbwL1fG@Z2YoxQ#W)-NQxq?Tb1wy9 zSu%m&18TV*VW1+b;~2D)rLKjpkJZ8jH*-y0yWtLwBr#>qB(;S>$HodEyPAO^uBJZ+ z!g%ChINHWBYk`R#M4-3>>SjDpy;py&odj>efpWEmuI}WO+UC~9u15Cr*A)!xM1^kd zrffrT{A8DK#xmmz;`@p5gDVW8b6&oqM{|xG=1?n@+5-5CG^lwz))n6mfu?Fc-O{8t z&n3p1Io@A_I(kT$4FCg@Cle;;zi1Q2u<7!ZDBy(RQx72anU2etrw-^_59kyvZnKsB z*C8#>MpXNn#eb#`O)VIF;1iU-($ zC%~Wi?d+ali@@TVTU7GhugW1Z@kLHdUQd+qqnLarr18sv5*~L2jo^s3W-Ao4nXD&0 z6jy8uZ6?P+Gy+p5+uui~mK0&c29x_VO8C87H5=f$5I9lzY8kt&iDKa!XnG4%lBe1G zBr$58IYa5t(Xp{(pP8>CM3jI)N>vA4=it#qwIPYz#du9v3t ztkpZ0lkgYc*}YhK0H8HntwfY95JANa0X7-(pUGoi(%^@{Op6f7`u->snRM0I?mx~Y z5hOLFGD3!Ye6`(`E46nWw;n66)z3t&m!^Nk0|OeObBLoL&FGihcq};K2MjRrOUmp{ zb^V>Sf2aS?JUJ^_hyKh9KiTHYF2s+ImEdj{^#g7c!y{_lGE+I2lgKoiJpQd}pqX$tttHon9p;zbD>VNn1*h&VBaV$kWIzk%TD-{H&mfL?081-AYwMg`SzzTSfI^l`9_@3=h9j0U1U1ft6xu zRk7mbd5{Q^d?`c>=MPMBf2^$;QXb-nlZS1KimGoQm`8oLyM;FG zub4FW$%jpi=}>JA`hQ2PurpCwFprNnj~G zNyB03o1V9%Gp_8@!sAyPW?1YZ=is&$X8SD|wKVguNv5TFN@*z#yV@J!ti9C#IG1JB z{pr*Co&xwT)S$Zb=C*t{0VD3YVJ?<4VSNKh%>Igl-2-`VmJGrq-N-qowc}TYRX4sc zo)jRtV0?CbB-=YC@0~8F_|f@;^9dthtD#OVy5nnJhKx9Xh){x`#Us}S;NE}$^aDEJ zWl1gs)cbJnin$wbQ)M|VD96gUBw94=LsNE{4jrE^zIx^vriu&Yq#LCRGX)3ZYZQU>{Q z(-)5)7-js&VLGeY0Jm8&*ix$5*KM<{J3VlWGf;u)mnBB?OgN|&;<*v~sjF=rHEpHL zG}Y>Fx-?|peIL$Eb>R|ZotPZEYdXGcqOJBGVr1Y80TP8mhZb%98hA!DQ-SaL7mtn9 zkqFx1CRU?QBMw-K5iF>g^|M~9@-ikh*pET-NyFhD+zT(ujvZbJV3IwTFRR#xy8=Bm z7zmKAnZ7SFpVjsjLhf&dA(IQfwRYgqwqgF*R4*#WifL zf#mfgH{_H<#S8p4?3hh=jK4(Cd$D%($=VD+D|J|nIcM2bL_7Atj_)m`v0iRkXC(AP zTer*OwY{O6#}{(C;k2olT<}cPt>dK+0TvH=3^PtVIDL4KT%g-*PzrmC_0}2T_ z9uoZldlK`AjwGJ#^a^4 zbRB_uBvo3N+Z_TE=Y=7M!4G!1T#YtZnDV`OVugR|X1Q$ynlSlssLuUW+*JTk5Q=jQLfO3EBRce9?J0s5OC;JJ9k z#~(*8NL{f1$pGQs(c7TWQ4jG-C3^bq67~aKQ#TBH9bnI!Y$87 z*u{KpP*^B%DM3G7VIzTx!2;xou;jqFhkcA=F|m;+PL|4j+Dj(|ud}5$Q#h__SUgNO z7wtlz1GU{91`S~Mgk5wXC-xP5HDIh}R6gIOXmK{dAr;&K;QS3{gY{-Id6x8PqwdIC zNltPiNz4WA?680R(d*017@sdj&BvCFhg}oNBF+tY9L@%Jq>`%xCG@ z4D|ZUtZUuHjgjDwg)m+Yt#&L)*6KRAmuMDQ5Yk-=2V<%youv|PHLuyF+oItuY-yhb zA7(W4{JoqVXAie|S%$)T?Mj4XxK-_l?Yd8{^LhY}o#8XNI^ubCXDPArnMXCHNOsin zEzyDZ;BmjAzIF1D^B1P_>x^s_)3SF%xGuiAEXk6}cfVJl@AJFlv@%g#rB#J2oMGW} zPvN$APrcRdVfy9|elE;4EjHizWQf=SCSh!KZr-4)MY?JFrcGkSNU;H{b91^f1~Z<3 z%~ieMS<=M0Hz#+$M4X1(By%mB<~r<>qyM?)Fay3Sn$Wb~&iJ-qyHK-=2qkB@0h=2) z9aDUt)U~~LHdeL}RX&Tde&miNBkGGzIFBB7_W0hJn0hSy9K*2503{ZOrOz1Y&R{*(; zPOH7&3z~~dd+*h>CDN^&U8P!`8D>!!Jh$chwH3Mgf|rd*@>T6$WB*7#n158g4O=nB zW9hD+4DZyGYl^9JSk&fKkTfSd2Wy*$G2{5vOYy04(}v)ng7Ss7{rAu(Ys%X6ue=x~ zpp+8d#uacO#-Br=iVA#-hEdsC>`nOM!r+;x7f>kl{CImRz>NOE*yqJ={UkPi9-u&D zE}g{ab%dq@WXPf0gp~hVITQ5bSE#4itxYka{!0FI#IHZcE;o)2Ed4!|gZMIXTu?cR zlme*h(kS53>R?#1X|W*4C*3eFn6a?HxG{aV6`ezQKyIc|zM2Q4W3e`a(sO)e-Hwd0 zBBe;&wFqof85zeofy}9e!cms4Ir-t&fG=6#{cGGC%t>BNFGJ)aRCn%y+x8e40wm+h zF*||r7Nj8OvXaxCD0C&E>BHQsKTpAbZF%-I;-{F>f=+a|4X^5UagKvb4yk@l-KUM& z8PN(Y)lNs&JXG=(5K|3$W}jQ}O0D+>QGuaYw_suuY@U0UHNe+~X#g1uHmowgT`Dbf zgTv)P;_*Xe){cq7wq7x!y2kX)d%lO_YnJi5-V)z=0&h0wZUT)mlA;^Gef+PT`zsY^ zm%9}5q0+cgcOk{^##FGTYl%lN*i?Cjf z9+W8NcnqkO{DN!aPMl0@nCOh*z8!mT2_`+x3F3Zta*}Zr`x*BOYP@i>Vx1>Y9CQE1x2>-?wWRO1ypvMqk5=PYvHpIZ z(J&!$Plnt@1y-e5`shM#tcPYX=isIV&7`RbqbDjYg*?LnHC}6%Q4L4Zh@_$Da#xQl zL06?kR$wnfm|JGRlTaOUaW^@}Y!j38%IrB0bTmxdtzt$SPgo11Yn7AnB>}O`G`d2H z#z>)e1m^T2Z|#P|OSAxXv4_wXsyBRZXu3>j-+F=HBp00;q8^z3Id=U{%uhesiS+*w z+PI2pm0W8i*)2k&2eoA%7c31sz_thAcFIuP4V3w5Mp}03zyX z-fe-?N72HleqtP4h)3 z2^Bf;I0j1F zNuL_^y5EhiyJ7ton(Ydrl_PeNN9PF$z-DrCk#;l_!i{N#hjMYi-wi{xP&YDL_-&oN z1L>8YRBYMZ!a7@X)S=cpMhfby86qXrqFiNWJMsULcSIYej?AjXhkj#|>WGUnxgJm2{`TdhVy2@Ve2lsVd6Cbb_ze&ECCN7I#-sW&^4s)f413$Moz1F~xEjqj z+$!SwM&_hnRyFm^`N30>#bAwHlU6TW&9E7=ydkeo+C{p!PaRpUe{5_}-sc)LO{T?L znqYy;J!JBUT7YN%A<=(Wd6pwDB-ReCtkEe)?ZXI3Vgz9g?cR|rEtFFfnQSS zo?C;TB)IjO#tcjGe$g1$-ZdLYaqHb>JQ_LC;rp_1kz|LLs19Gw;Q~y?Z2N4)8cb)X z_1s=edXi~tKIRr-3D$k^;YSd0>m=!ozT&B-matOM^r}mX{vJgVVZzNpxqzhDD`qvM zm70ZFja%gxHjHV<_-Mgn=e(qwDoT4f>DdOJ{vkF0&&spp+8K*r_yFYv*Iicb)emsl zVm|^0pKq`(K%asqAzypRlo#Y1Qcr{a2gkkzP;{Af^V+oE5C1j6>f-zT2~Ddt=E_`d zoDDi*T8iioIhOWZD>jb0{lpO_DleK7kjY{OAnyI$xu;-lyN@8wsogoR&@Pln|ClKr z&z;d}uB}!Dat!Dv+=Z|<`(RQCu74fKK%iB6D z)b4&h#_I<1_4tnBjBD|$iF|c=%@ZFoS+ViLkciKho(D!1BFfMobLXMwFofK=^fn@M z2+)B2p^d4hVu;gglyq>Gd`0gsQHbqpy_&J_C#(%8sq4(981uzXqO?ePbpHZp&#n)+ zV7y{Ff|9?%E$j{ecUf%jI7*G-@F6&_Qex$Bm6Yk8BBPX(0^o{?gdU|k)qGqM*D41l znSQ1(T4=0bi&8HSQN&56=>EzN_^w8E?-j>+#;&D=qzz zmP5~eMK(|BIn|_VA5j`J*}V0T5gY0WB*YskH1-E2;@O(SMkpDYxgV}vDM#YVILfN4 zfc;3(4-e+GIQI-^6Bd(@4@tacE6x;Ph2(y1K); za>ZxWRH-!8Y2v!JJ98(Fpv;i7yYlkU>2?qiB=d=375ed$`1u7R9_}Bb)#B+ zm$oUs&{QG6W6OO>vYNB_PGe3cUeJIi;-_DUqqSAvRim z*d?y{eD^pO$DxQpy8;w`5$A4{U&cH+cMjY1E~fC~IR+0AF(*<`CyyL!#C&MsWute4 z8o!?H^q()E-Ay*+&8a4+_?3!Vm0E1ut>RrpxANiR>YcPAmH5S(-&8uJ>_RyMrrso# zj&G>X3c);G*sL&l`r9cCHDR9?VbG!ub4a+lX_)!t7%g+`$Dm{pQti&%O4%mX(5{b@ z<*Bd2IcbKc)E0tVs^Ce+LoOit!bw`jndHt>)Jyl5%a3ip@5P`)UP@P$MbmR~p~HMw z0?dM5N-_%$ZRJlxMMQgK>6k+a9(?ff(|3!3JGrV^Kej zxL+!ZKC^9bpfa2Faf*&5PTY~{pAxhzp1bLCos$;QEYsM0VvTkgOQQ4Kv_Wq!X6-EX zI+&scpK(bwBJ;kfq@nbjkQKQTb`^<8j7xl{Y_0z82>^>)(KmK08Mb`gXM+ znyLmdO-Io%LCW$u$1$32=maXX&4^m^(rMdiHZd!jN+Y2`@5sWGC2VKAr&<=qO09pC zB+mz)OG^|c=Ik?0G%GMC>Tx%Yq|LqKb@W*wxe1SZ zuA?Dhr-iq+G7i0rW4!8K?d@t+7vg4WV#Jqwt6H6;?n!e%2f^1~+>cX#YL!9@@f+c3 zn7VjRD9XN}G~Q=R_@=h!Q!BXN&0+tqG1oK|l><6E`!d!Aj_PMD%+ba7*!=D#Sz;|M zoHQl<0@PF|$BFj(o+f>cDH1U|nj-f24b|@_dAAnz=V<6l?|(302unadfoNX~M!%_+ zIY)xaqXVgS46HoswR%+9fihNN5!2$P5>E(^R<(g&@@*F?tK_DA5~(JAQ8cQp$SoIT zq5aNNQHPX8%OTVxDdsPPAe=o3x#qU|hv`HXFf2LntMa(?6~^ zEiK>PUL!Lk?YA5{$ZN^6gvU~c|v zb=hi&;pO*G5AX6Zo6q5WzEjT2)+Aw{e$7*HS*RE0Q01ak~f>id>m?W z{(^4o?0mvbKM?B*VRre>dZBiKXM=pu5Li+h939-8#2`{>@C>5sy%`!Gy9lu8WekTU z)Y07`!WlMwibCW*8ymnBd|jSLP7AS*sJ{!KgN5X-ITecnXj4@lb_kKOQ`f5x5phU+J!z5K(Yj)&G`5OQJb#}Y$qg;ly z(~`<~M|tJsz6#a1S9*QjR@OPLZ=BVkp_Dwm(shnPF|Y{H&=QNGn=jT!(l^w{~%0y~3TH>{OZUuNgzF+-qO8j~~x4 z*r-f;d_D3$DZT&qX(0WDvja5sfpF~zbU?*wITi!N_A*2K%vYGw{I5*y3OqjS|60&q zALijJ4R?f!vfA&1!eF(Y1rN9uIW>e4U%!ZLv~mh>O2nCWzO?l)njQdt7OPdh4U2p| zpwR?>K~HduYMra-UJj7CfaMEO9ey$IbGnB~?+|b77B+bM=Ij3nEx+60y6QQnu^s8l zgd=ME7et{o&{{Iw&;}cjLMBN|u>CQ1x0C^~GPz6pe(^iL!56a%54cvr^5LL7LHN_c zn3W61a|r!nQz?w^2ySTk($Zw7K?d=ue;DU<4>42Zb3$lv%5vYwE*G8xzTEsp2hMf!iQt_dSw+Rz;z*99Sz?w`xuyV^guE z(!VfA?7Tkr^$SdfT{_8WF#eEaxU{~r(pM2P*2d9<2bQ-MM}VWkjnSaqN3CeMd)LX7 z_Wy~tXG;6gaj<_&Ozo=Xpyb*~%X68SX!Mg~b8&j)>h}w)TEaPv2SJ9inf*tx)yK|E z=ez=6AWU1v+9@)vJ~2z4N(j!Zw6O)Ibm_9~G{0ZlZ0`DCsozP;yWZ@Y<*rE^Xb^sL z?>x@@Ndoml*HQo@$-$F}g9Na|o2@{(Y2R5DcAJaC$QePIr%%e^*D#^Ohgb}!|HrvY zr@pTes76;k!$62bp?U<+MC|!&O{gIIf-6zP8;tr{4P*#=X2ySbUiOT~HS3dlWseSh2 z#L{n8^+FmvC)L`On)a$uFk8X#lbc zJG!DavzY_g87MtKTQsUbS|B^q3x)~KgK8Q1SQo8ke=kAqrqD91ek4Cg(JnYj;A+i& z238j+Al;t5ZLXV>+G|5mNnh}>FRo$`s@yC!LGR=)e<8Yx@^3KWthb$CfP4(wNSM1D z%vOm|Ep&AUVf8`GdB_ZhGT!t9TzUaz@zQUTv!pm`_|%nk8y-86YYUQ$F-n>bC{gpVE~3k~<&R$uSm_?8!Ra=&)Z5 z#paBA2uTaqY_`~MvxzQ{q4POSl}Ct*iGY9y^iqYkNH5(mj#=It_XFr~vLpbXBYLf@ z(W3yV(R#XR!!QVg8x7Q4Nk3T>)+q+wIicSeEG3F5;;pESpnG{#nGs+wh*!tsMB!@# zUf3w`RLv!4huQ+5=@^C@3pKkvg1Sbt`tU|dW0aG@RF@EBI(`yb)o}+P`b+kDP(GJO zO(|#T8YoEJFEwr~DdYiIV>TTHkkSdkM&{9OMH>(Lj1gDv{4sC-L+#n!cpt-J$n*66 z-Q5$kZ|eTrSr|N`5?R)W;=Z!ZXHAP1G++n@_2I-8crmGu}Kj>FhHGJGky#l?`mppVSvpDSN2U z1WwCa+ibIl&fAd+w3BAfOA+qeSgU7>8p6CFNlU{0Grhflz4qlNV6e{aAoD`aTRA=R zUr1^I%oyVXF_Um>bZ-f6c|SpzakQ}cALmk9e~D}w3BgJpV?waw3LN0ZSdYDCbw7(( z#qs4Q)_$QX(U$tR2MEXPcT!JtL6Y|;twk^hPgb5q?ClaSW5#r*pbR#b*|NeZw*^Xm zc_ZH`B{giTkPJfVS}D8Rd;Fq49=A}NFtC^+wK*jT)k7JMqY}_wqcx6Wy=$F z)ToM*0#m)<{fhW1u8HYuBs2<3HK3gabq*;p6pW$(w80hj?kBaEXGJz4@l-L?laUS2yOAUJVVN)=yv2y+jQiAM={!O zv$((YH1&StXIA%mcaFSKu~b}7*0-4)p(O%pF!@r2pc{)JlOH6LO9JsN6RitEl}Jz+ zT`pHPmcSNtf*Zk|A$Ryl7^;6I6^Sy8GqK-1rN{v-6>#Afib*qWngal+D7@Jf+Rz zZ$EkD*8Tk!$%?+=nJ%XI3BC%w%W~^~#mWVqC&B_(&mD|Dqx=Pa$ z9$e}C)OBQGJB5!tz%151a=9~I9Wq_9^FB1GR7p@U*4ks=$fwkhl-;&mIvKm#$~=cI zs7_s1oT80;SITQFVZTr5^suAP>4wOO|7zBf@8dqDhPesNXwf!<$U8XH?6>b?6OVt( zT>D_9g_6~9#sBL#rf>YN^M9n|&p-U#ENoVYql@k106(W0sks8(_fy@Qcq`+TgCl<< zT}7pCETD11D@Hv+D7pzc=wVT8LU3)aZw=4{SaKLURQCsO%fCi%rZpkv>8x^WqMlzn zxwg~GThkufn2QhVM>cVN+fgZ%bd0?SEQ?C)CQlpqdU(qJA|Iw+e4t`gG5=kFOHa<3-bg1CW?tvTlfnQ&a-AZqW2IJ)-QQ4KyrpksUUpsmlNJJo#tKvlF7yoRnA9 z^I`)ks$+4*(?rv@wXkE=yo;Tk4z;YJ?Kf%1xKYJ81FxtmeC?wozVEB4rmU#vFg(^H zG4Opr1#REjljB(xeBtG@7h5}=eVgkdjET}bONrgZOY)7SKoxVS3c3U&95FxS3~Z)b ztTB{VRme?{6F3H|c`C^pF}`3;#zAXyUW#M$Y%i&h?= zfbJ@b>rQxd5fVj~CzGh6gagBOUSo!DdtnVJ*FmN%?*lGJtil4@6T?Tq?+A1U1!Qj8 zBQ(Q)aK>RP=8}rGX%#tLKPB&flKTnfB_R9-ZRY~YRj$r zSO@-icU3KT^E_iX#kHPh&4*-($ut|&i=wU49*P(+n&G)|8}s^F05FAkK<(#Tn{b=I zCLTU*@E#x&TOkAgP&ho+E8(NNJ}`X@8bR2+LQL7zWzGwkn>RVy&&ld<4#Ex8kjpK> zqeO>q1X)X*cmWxAeTpD);NGuogBfa@u8v2x|2S83O69v5a}!VOoyav(7^P$h{p!yk zu1Hz)k@nVJsBs&^?!^-8x08=7roZt^usknhCc!)Z_3Nx&^I)De1~)N~+SfJ5cA6@- zH9te6zJmD%j59tK3uC#hBiFc}UMJIOj7(i+SjVoC(| zfD3%tw`ge=Y(g#69~AihO3Km@PlQ`4a8rpT^d+x&>^w00KT!1UFQyv};x1@*ZkCS{=>6&822fz5X*tA@Jsi;NCc;<}+s?zQFxMQr)6n_6Wml4%%$ttj{WN`cp z9W*#B%$wHWV=WXXn9Ue@*Qs_Uv9x-YOx9Gr?;aIDV-8^uUh=ii#f03VEd0;X^k3VZ z~7{t60wIxAa_ zyK)^tJaq?1I0Eezk$_ai9}!*xE&t&eG3;ig-`bA5uzxoDjm+N@eAp?Bi^|89v zwC-nKw}I}XN1xRn%wg6+D1Fw}VbgQ#z*!+Ryi~yJF`~((F;?~KrsVeKCrW&)JH)6| zS(rLQ6HZj!xQ$9tV2i<$ z(a7)YvbQ$;mpgY`Oj+#I&|Q-DP00kj!yfGjhqAU^o7R03{qO-A`IpMQQS=&?Ex!6HA{d)WmgP#xdl1+MQ;o`40{~ixI_o{#^ehyd@{zy>i7l zUvHKvoabA~>!I;mdD7MEyB1E>8~Y|}VdEv9?AIFAvuhZ|{XWeb{cvm_-d|N8)Q+l$ zESsisQ?B>HO8AcY)+u+?)m2&ydwGhzy2YPpzA=A{_+adaWsGhS@xXzQtKQbP_MbC6 zlQCII<;ed8x;olOo{=8JQLuT4j-PmE(pMa@u2MCg5Tbn#^6cGQw!0I9vyhjxlO7ak zrE2b2JZYl;_`RumZmcn;A9dgHCs9Gp%G_NF|GR=LY^0lC>P9&`8%IR)@9w5=_y12q zmH#zxzY~I@llXXrlr-Yl8VPmJYPrbN${+!is<>lYY)PHcXr;SS(`Zn6z0eqcVRoN- z1aTdfx}*qa07^=C`M01{d2l$>2|IU7|1Z3iNPLZn1Glkt->8KmekEun(IBk!`Qt&= z&Ul1Qvcq(x(fo2t${ zV4b$!A>q-Ss0*1Sznclc;F?J@nEXksjlqz6TEo%!Mr|o_mu)i?h3>|V6oDC0#`bxO zxXqr_l}dGlK+S0C%G+dJy9P6p%SAf`RsEK$2sa|&YabMTI(B^$Ypu1sHq-3uf6(uF z@zuZh@@GoF;~mtzU%$B~b+mh9or=PIMoovTqL#*J)=zDWhnLsF4M6*rk+-@N;ib+@ z-gg}srRW|hf<%w=7TpeB?$m5V`G2VE$#0u`Knt3y3C_nTBIp==-)980&FSs%uu@a< zK$$aaPC;{gjT{GP@xXiJjp3AO;Ph1*oBGECE=W&{nef*p^EkH!)Tj3w#E;*&qS zqJ^9q0rs%DHHPLP@s+!RjU3Ck=&)%e`b5;`((OhS(~CxbhBs&0oSonYuE*Pp){fxwc;y&k+O1MHr-dZ z5%up6-95h@*?&G(?#*8)RX{?wqULH+E3IVUo|VP8%wx3}DiuFnYGbU&bW|#N;pLvA zWk*s(mMU}2`qlCqrU4=~k!qliy>c{l4leX*-$c)l_7{q0^|ST)RJ=Z$=n6Xu{IKQ{ z8Tfj_480%-%XBN?Jede+&^tXcDZOX2uKAc8N6s&FjABwYWC^R1yv7G^TUVCGW1r|h zH5$h!-QHb)Y$~-)VY}w*;uiod(;b}C-rki?8#t{|c4`a)RJke(TWa)gN@_4hu^Uqc zwU;DyJP)|8Oi_Xzb^igo7k>xF$GCP3aCxXbP5l4Zd+)fWmhEpCdqGh^P^r>8NH?LW zfOL@FL2Bp-1d!^nAU#NLfhfI&(0fsk4xt1RAQTZo2%$(Xg1+&d`}{8Fz4t!%9?$c6 z-+!L{$%hQHXLiN zp$`%%MqDDUc8nAWQyBo&`23AIM(K#uKq2p>k)rD4BX8X8p+5K< zjC#SE9z}|pZCqCU15y_DG#;Y>*TqBVP6l)Jh)UWf+Rb3!xni+ImDnpq9Te@B{Vp$t z&@z}_NqZxUNcT|?q9=0Lmk2c;Tb?xT47rt|&&q-t-=e=H!tx0S0oi&6UQG*w868NX z_L~}}X@O7Y+YF+zL=G?kAH5G*#(vT3`==C6nu}a@x!b_x!Xa-q^Z7YxP%C$CFm-oh z8~d^jzwa()Y5YJS_WG26Bt{U&D zT2SfiDi|MaWO*52TILEX!aGz}d8}3CX7lIo#a)Y@bU>p6FO(6ojnAlY z+T<^!PO#$-=8|DmpB9eHZ`o_@{$d06O>CvkZ$zYR9X6(kzHLAp8iruDT$3c07C6kk ze~0A@IUjVkFjLO(VNC-4p>nLrx!r>_?q;aTNE(7L#V}cEyDyUoy=l%pH{I+wpf>#M z(XL))=J1GT=d?LQ>DEdPL!iZO!JZ~Kd)}Fj3cx%nUx7D#gTFdL=8-JaGX|RlRi&+Op1M!W zck#enVONyA5D|=T7~()xW8Ewh0iBeSR$UaeGm4^9UgCu<0~_? z?QY}Q&&xj{tgoiE+joDNxnjkqS z>V8mZ6ubC>^R8xOiOb&O#FYnJE|iiN-~C!YI60z6^b2W3rSPXX#l^Yo^7IK#ldO-@ zus5c*k#-7r=x!el%Pn`W!uDOk7n*6){N^aXj=}cpzSe!e& z)wS>{*ToEh8HHs#oa>iItD-Mw>t0Vcz25T{df$4V^2wi*$w|duhUh&&#%hta2prmb zXWD_#?cU&qF;}UJ^}1@8!~%ADQJ29TRkv2E<84&arq=O$#H2UJ3_)mW?rG^Hr-4}K z-ou?@uMAl)Q=`OQtPgavJ#Ve0d3XSnp;{^G?RGdDlq^?q(1$f_zPCD-DP{CcH&jb} z!9Ul2_HzB0OP@hQ=el)L*#uq90bWqT*jsH@zu3&pXM|X7C^k|)<6FH?j7~7RJV{iz z>P1V>w~I#K{hY@>n6Frpm}8<46{-1vw$1>qwsf7E_SQpPbvUoK#Ds2DZy()`yA5xw zlX9ZTpeYYn!?R}h{iRz3o2Ekjx>>32>f(|4%kOK{g*>s8f7UtS58Dho7t=w5>%e7` zX57L>Bif`y+4!S({f)4`HJ(E^`|hS!Yvru!xTj?y6KV1^~(%*c^3Wit$ z!OvP4nR{DaY^@%yxj2aJ`e(q|8P9cz1217Q9}q(2S>1#skFRx=3wy~`hgB(UzxWRD zKRxPXXKBct1lj3JCnId*XrJQfTqH0F6Kg}7SP2z!jVbGD$+imftHY)F`HK`UmQd&Q zsDcM}&xxf2*%$#m*H@hefRco;Lk>yp3%v(3UUtY;iBMXkv>|?X=cX*I)yA+?I~zQx ztmEo|!9MvJO8u8@wFyV3cnB>=CL5jwuHJ#ApglYQ*zGbRi z3DbUY>?0N;>|#-EL9Iw>dO`fl52e!;l(J$2oe~7m%Z;cIhyP*j z&m>N2kO|7w-oj^Cn)1VN5It@i6`z562$17gWfSzLj%aTf^7y`8bynTKIUis=^VDAF zunsR((e_}V)Pa1UVx2;ld>X`4@jMT{E0L@9R?t~B$dKWMkTilq%iYk?`RE53^2_aR zwdI2>{(wN$Qdrs{LJ0P;b9oydBgeVrVwm=x6!WP;>P+wlvfqIKCm?rzXXNVS{XfIe zKgyou4fPJNJ<*|xd4Df3pyf&*{js8ChE}M^k}Wi+4{$+fb=C2vT?-1fm!IY#3*Kj# z&yRWx8ngCn1n+Q(uUkENnhtEBO6C{34D~maf77)@Ng>qdRM`{cN@+>EEUZ`d+O9G0 zFy__7S4ic%oG9^m8zJc>bW1i2ACPLYzO@9)YL#&fVjIW(gScN$oiq%o=@co&U833b z3agTlyQ`U8aoZ!W@qtyMkbzgafG6+WJ+@2q(&G5m2NiPl^x{@!TRyzA2m-hWcP_aU%xwTGJsmYa`{=h!$`cJO76|EIxAtr z36DMLLnFJveGu>21m!LRN-DR5rmnOdjRs|J`eD%OUBsH-c)rp#MXTZYK75cnSQ|1D z@lLSNj@C4b+*Fg7WqfSd-{`>yA36Q~*FVV8*H`AYE^9g0hUoain_g~=seT#yCWJ4A zC9L#O8P@mQAS2U=(}TaK{OuIqnTP66$jBs@&VIRU|LQR*rl?lVuk1RJSUzc?`H9e! zF7J+zb1A|S1GlAm*PR0{A6wki3m`iCYvl&EmmRb$7e5=<74nC8*@;x=VhaI%B^YPi z+O)3Y+pS){yhr!cClo_glng)4Y)OtNa5sKy4vsJseld#C`*aifePq+_EL%Pf|3KC3c{0X?XQ zu^QFa?qLlQUDQElTgtqc+T0mW5*x9G-ACY$?trCt+pCMSzcw%CD$2f6)4sA);{{;! zm0=#)#70i~F!Y<-H~*uJ|5WPa%JxrH{Bwo>(C-w>FbpEQN?QCE(I&#PpvD@o=Z9T` zs2x;R`y+q5S{@mOp{FV8G6s~MXwG#PK8IW5YuL+I4;f@%M>VI8^_V8~TMq}-Y?<*L zO_!!AAl;VI1|%MDVl`Jqi4Na5{Dudp^+RJFf>)st8k4TVGZY8kcQ!DDvdE+cgNAk0 zRSEB@WBxsj7Vpe)$0~*0$t#_$5&_0Br55_tfni&f7`MX1fI3!(^2pFfc}qsix8436 ztN&E` z?yvCnN*^yFZQRW})j_cP;fv;yCuQd5#=vFNpyeg^8j zfebJV=u4bLaDVtGj{l2{lNOZi1|C~})m1cIcZz2J9(U5YM^8mL*N4jrD^qjEN|hnK z#=15kDgqAT`>!9u*sMykzGy#A&2fU=c)>MINxio-IyEJ|m>DWX=r#5(=hHN`C3nkQ zv7SX=_lmDVMWwRe@_*185ogFRb#ZEqOFo)b zL8_=BV&f)>BI}V=9)kihLjeJD!<^tgW*+N z2M+w81rK8skGW3k{SvS7B++{S(iTx>VzJRSum6O!9o&w*@9niez)=eR@XuWRcR42) zhQFJSAT^+?v41xojoY%eteIUP%#Un^f`rW=$T~3M@RFh!`rsmAXtF{JLJOUR0ghpkKb~C@98&T zfF&+&&EqQD262`e2gynfKK{S`NBaJ&0w=Z8DqOG9Y+T~aJ!5yCV|6}|@qNI$?V`)X z>V$qCQ3N91ti5P>o3b8R8^>-uWk@MWoHYDELQ@3{yY%`sH1U2-ESZ(m+obSL%DF{5 z)zhMR)9waQ>P$LnxQ&bzvm z)E?i*s94hyc{+92<=%}*YnWi@1Eu_e8BYqBUw7UF^jrB$ulNRXw#d+cvK-W?BLJht z@P6r_<*t$DJTHocZsG9Vu z-yPC))^h)J!R8&#kcox@@?gMm+0WVn5_tyd6U^X}8Dacseb`?c$enW$gXX$J6o)p} z4tWg$TOPZQp`ev5Bqss$7wvcnl}G>g`oMyC;ZsP>s1N5iyMdz z`-uPuDURE@N1nx(DES3?{bzPnK6R`fyvz@V5Yvu2<&3gPyWk#Dm1}%*WLPWxHIKFF ztItwf%3S;IBat~8;b9fKWvUZrRj_B(V@mjm=UVjIo>zbI(VusFw_^LXG*}R;#U#aJ zcKg!XX~qd;>CLB~$(fxMqQ9OUWmye*ntDZIEsV>~LQ?5;W)|X{XO%uMEzFDyp8pp%=|ge{9Dyj_#m!xqCNwx zy!N(d5A1j+n?^`pvQ6Bm#T$_q^Acajr9Lmi-~LR$OG)+R9LWRiaYRN*M8@1D?~AXK z3x4t3%n3$MDxk(3TG0ajYWzyB7eeh*tT!?XQ$`G1a$@}mCrUxi&*Q(ZSxoK*ndTbC zMlCs(WZb*5*FnvtQw)z`b2J=VurS&5uia`;fj(QpZ)6vSKa>qI?xsK>^(;C{C}zVL z$K-&(XL?zimUpEZE(^<^KR!1-NDGt=pxm~wehseMdbx{*cfOz(#-O`R}poMU_TqhL@{W5t+Mej*v%t4H0X)?I9pMDVM%YOcJRgif#$S(^OjZv}a$boX9hgiA^NrD<+ByGE6`D zkHr7y0w={t7=muYx5T=x%9IYucg<&8S{O_PLq^VaNM!cDT|g`cCw|^J!eja5lTw{g z_~Z+S+H6J6zEo;AOa0xOBQWo6Be-O(6sME*j)$|!;q$zwUgEb+99Wnxi6ob0ze0P0>V0mrMf#+px)s))kfu!eNiuucDIRNIpF)yZU&5BjKmO11_*W%P%4mspj8C^}FbwSBGqZ8Y2O>Z* z)0(1~vtwox8r;sLXx7M3_eo0n*&N2ECokX%fCcldD|Xzko1(lYe!{DoXeqN{vaNx7 z=ROu@7Z%GPxpZY~L?WQTbx*nPdY{b0UfTDK7Hn=FovY8nx!ZjkNbdCgRWUw>~-nug6qopS&@#Hz+DiAN}J$%wIkb_@Us z8@vsNVAE`Bmf_(d)t%)e`*`Ncc2s(1Dkf)MZRy6)f5FASD{^u++XXYMLkD(5w)@=j z8YX?bQyrnJ*Y%qdo*gKRyXVB_d3j^_oE>5*ML?*?pluPcUa4S+=Je(rv0nAVpxWF_ zaXuZl{oCl>>vOSI7PFZ(K)$qjpzED_jDE|ooJR2EBwE1VO7fABd+X$G>bQEgr4)bB zy2nVqIa<1zCU(tE;ZyXP=kI&?y#44aV{q<8%Q1k+Xm4`7b3>)*Jt^_IVX0f0CP~qh z2$cqFzJM5Bc0$s)>_O;#-TRj)+kY_{(oeaZG`#(Et?hl~fzi`*6MAp>+0;~rT-|S~ z56fi8iYUOXP`qhrq#8C5bi3#HDI;ONxG08TNU|ntB0?+RK)dTJ+{7c2HF+JVp)VCa zcB@NzsXi6AMzTB>P7MU1kYkXK0q|lo9WE7FWI!1TY`N;M4`XAi%4}u6G=Wyq9l# zmTLOw#i$O@#;IBcT>g@;0Shr~PJDoLA^d5o?zyV%okDoU>~r-NZ@O7S_u})& zxGjxhai0JRN&3b!nHbrZe4}mCw)&4r+o*)(h96|=1LvnFuA^)5H~EV35&J%yy<9f; zwZ}2Xx8{UbSfFUbZxqfTn;W>f;|ust#}Wam0MVy>zF=Jn6%aQ*4_w_P8a2-TgUl5H zVWU9S;k|>-B(gkc`Zc|Fvd@!nLb$12E)Q~ol^FAzKDXy>FNzXA(>%joUac`vb;Trh z_(*2n_!%Aml5eb-k0|7!t?3eo(dC}!u-IDka1)@=;v-xTByH+)A{}*|DeR4IcSX2P zB%QNUGBrdf8Wb-BDw(qVx>cixZ%nRnK+!Fozs1C8$9CccJq(jd%NDs*m#$^@M2{o@ z8wwP;lAABJI}@EENZ#Djut%`1=2?N%VX#C@%2;s35wZEq#NW))XP4M~5a*}w|56V* zX);LWkXU!s5I+{su8Es%*LBb79Y{^1jg8i}nn>GTNpqN8%gSpre61p4MYm^Yd}}4~ zPVV$Dn&v4^lXq_o;?g$DmQqwKZiOF$I>1JuG9CAt2-+eCiJiKp> z4KE$IwwYDgsUQ>V3_tpcEz_)yEMsVpvDz&nq}xA{H9mErCLuF?VE|Fqzf6>WP#*voF52$ zj$({5`tBi}lRf8~b$#Ml32(qUbqM!Q-qPOBPtKu`tZAVBZ>Z4X8f8!aCQI2(^Z;zLfv0s;U9HRj_Sr7YL|oKP<;7%?qB@{~@lvJfNzIDYg!zVWlrQY6Az$wqhZi@A+fjkTmA z2~1a2NGut{AiH^pfAQAWtiz(RAinpB#lsS`+M#=&|BRdn|I$8+-rsc_Dl`MPV}9Xf~Wdk+RXJOh2DQ<=}cX*ojuOuygwQ?w>p7`)?UP**gEW z&|klC(m2uh^JJnWd;e@ELSaw@%V4L9z1*z31t)G)hNvB^^w3)wFElwno5VQ|Dt})u z<1K3#G;^qI2XWb}FSv(z2F7Lh<&Bn(StYug)S-mWkOTXxVwtc8<82s6R=ofL<@{+$ zefLw|?`bk|LIPj-o3NKx1bhb^b~UF>b!&<3*=NHx0N+Ff4v3zeKBh{2`fpO@J6)zd z-yt9M`-Vr2$KLxU$Wvlh_7|D{1IOML>Ux!=^Mpz(g;`JL0w}gi$3Uz#Ih#Moy3@Ry zql^0w=)PDZ%oo!fjcfd!%`1>2HW0IU4c>~zaB=u-(XMqeU#5?ZeIN9T!_Lg7I}T1aji8fj_PiT4Z?%_OA!!;JXH`v#r3ws6_}2(|;&a8sK>DL>%dtBit6TYK z_+8X|regh}oJ6*i-;GwO4Cu>ja$^I8I4g>7veicPv^~yv>ykpk)sC@1ISpE%u%PYM zFu8^a_|`0j$jK*}tY2Qnz7j$RGQT#m3}aS?+3oMnNl0M3S)SHyNKb&LSfV&Bm8J@#mWF z|9V$AvB?zRtWV(Nvl{MM*vX&?r6;V8F;sk;@ompR4eSS<7owi?GJWT5QeV<98@Ywh z68ikad!t^!?t38q)%)xZ1pc~dE-xhoped7(XzRf=TziCwKN6A{agW$Gn0jqfR*3g) z8`RgV&qN5C1`gV&4L&o~3k8AtjK3bx<@wEx1Qr)9Y-6e24YLd1cGNx=5qA9>K>exO z#}afi`(zxH7W*Uw`)gYC;=lb0wvU?Ypwovs+$t|JhAs#%Z+;%Yxs@`b4pZjzv$Qo@>MW~@yaLuHzK?gz{{Reb z4POpir=Tb-Bbq0Jb%`*({K;7*?B08PGb%XV+()6mAUDooK>-K{k3fp?XmPwTj`nOu zSu-bgE8|oJ!#%|}DI#jU<6pave~=BXM%GoQ(8{7$gxCxwsI&f!#XN45QQ5}4_2 zNg1jRffb^X)h+5@9DgXCSNo~-m6tM@Zlemo6q8ZKU!1kwVRzxd*$E-H?98gt8WwO< zP!AO03k|7>6jjvtWaAxmdr{orsq)=LdD(DYjUQy6{HGKO(Go8Euq6btdH=#sU;kgf zPOj5dNpYr(te(h6j@<{~4RaQomP<6*D6&2*WcldEzyk1ko~4;fpUc--7y@d4^V&Gf zP!bpNv2Vtdg^e|TipQr4QCLmu(ez0}?6!H?QeB#Od;^9U(kshleH-7Qy)w5AFOcK4 zE%bJ$+?OoR)Xr;vQ@>j)Lr&03#p33dn?93~T?@R>axIXItUUQq+g^mYVS;`2)jPk= z8`;S>uI)-b3H8LlqME%l|D!cgB^yqG4y$dtdWa!&&L|sXkZHdA5CKzdh^N~U%+|{-)L1va@GI_!w4Aq? z_$aM-=&>cKGCSc8^se47m@HK9L0>*dp3Wz>BVcH0`+)ElxH?hwq{;$b zBn>meKEk(PgVoLNv7$KJV>#wjmK~rbF|5YGqU>&gAyMnuiPa?7zt7etB$#7t_1%Xd&H&i zX3J3cH@*{O{DtJnsW)#TT7}6Zjmkzb+-S0Vgw*R@I=ODdxEl2^#io~s{~ht>-jiuu zaRHWg6kBjHp1qSl*QBgN@YI^_Evh`$I2H!QH$Bm=4ZnqpOo)#pt`aEu)J;vLd7dc$ z1seZX)stgo9OHuG@!~bzTHmsWs;P)KeRH%W5>lFGERVto$l9s7z^y;+(q6Bc*N`;Q zbLHP1S;1b!iq{2Q66M=mS}fl!mcn!0Gt${@F%(j{r?e;Ft@R?)f4V(7KR>C{++;ic zwVWqbqgf$p9YiPCTn=lf{j`#JX3|2h7v`Q3?RF1WQkRJ{?c0>Ni5!uDx|?}Jo2{t+ z7oC6M`($&}Citbp3l=kIB%)vMKl^OQsxVSJV4OLQ?gKbS1e1_&14U_r=>-79tVTv_ zTeYx`bL%p0YIy(PCre(X+vyZReuf^p)+#ZwDwmUjvp5E54x+*=sOJ0N{ML^q)k5ve zwDRloSoX|>hWzTJi~wIhcU@zmp6Vhj15Xai7DQ9rW1QQvaEEOTO;e0%G^4 zR6>Atl@q5wZ8D@NT>SPI5hzd2gewI#9k$Ir9l?+!B!^ext-d=a9F7ENS2~0wR>jqErY7xYeA~{V! zz+GG78{S_%$QfCw zixnMMBl>yqBIDBqvdmQh=FN86YB2Z5`ugCeVLqlDZS>BW^oh|?IyN(Bo(+O6L$IXY z>n3-5sCmfqr=E0&Kgcw7=~KHz1;1C}^V*tuD~K0ZU>+A2c6S*FzpxiaMt1TAH)!+d zokkg7Q~VGV0$G18vz5=#8KiI;L9cCD)1{(Svss5|`>NyeGhQKFkqOdLkZpp6mddDC zMkWRfrn8!vK$8r=A#LnSs}?F(?$GR(*W%tN3EWtgtfqO4sCFJ!Du(B#8_uJU_nI1< zUQ(34QRyu$RGBb7)KhFNW^pSkWuLGkXi=9e48-}X$iOnkL4lZYWsha3(yc(7_VKt}Q_^w3J zMfO{qy1+iJ)#8~mRA+;qt|l-^V&ZVmvS~EaA@;DoN5q7dZJokUxLPA6d@+OJ(7_Z|+JzCEYBP{@jRs9Wb$BQ_z*lm`iiNKL4w){!xL6KBTB2 z#eC#~Z@+$|iXK~0_Ddmw{g2~%x>p;1`;{*7$7RLepTM;L_k@hni#yk}$bPqEY;UZG zF=d|p?eF(~`Rk-wt`Q&c?o^LBI`s4D+LV==bPvHR2~N!u^U}R-iW%X)V=K$JxJaBm zm>-PN;`%tN*0U))T?YTT0jOD)KRwZ5mBr*!8UO~FN>rINd|CJ0A=c!j2Cg|aMVIPM z%D|iV4D_pt>a`tnlN;`0ucpt>Q`gEEQMwWModZooQsN=N^-LY>0BVZf8mx@iH%6yE zhqmqU_Q@H8jC=hqv)SV|@NC9E8-n+rC3Di)Q2~c4RlqCQA5;$cQQ4p6Uvbm4#F|AI zZ*elnggk$&6M!*rY`YQ=6|a zkqMe0C=Fw_7So)UsgSPg5^j;umz5xSWZb-Z3t+&v3ipVb<*zmJ$$_=@%pyU@=b-@6 z9{}RY+VyylO>Uhrx&)YRX3pndlfD-PXQdOLaRZO{_z3irA;O?q*udZ{&5 zhWk`2%0^k;UhO<*PcWqj)_=X34qSZ=wRII! zsvXgDYQFvzD~4aK%%exFB2~t{I^63AxN9w+7!YGT4GC4FN}VVbt3Gh-#WZ*4?%Ntu zj>)A>)3kC!p7=TMJ^lK5l^B(}MXTeRi^&+D^l&NgN-ch~9kOmHBgi-W)ZCppC>#Ua z_M&)m$*3~rG4LLa)j&ZUomH@`X&m%IxncZqsVEP5TSY^t?6tCMVc%X%bWLM$1TIba$B~cF{6NxQftj5zlV!C_$ zHJ3-JL!zmTAw}$p8l#8ocqq@|n&0&m!WW&JV=Zp{lr?m72ZU<`>A*n0fN5#k0od4jm^l$t9th}gLyOt9Pg=^8PGl&#|ngV8yV+SeJ1&I8C8kbCjO zw|0ui42rnEaQZ`8Js*#HZPK~BE@xw8WUtIGD(`>6=E)V#{eN-)|4`P+A-*!M>)j=g zR!a)9`bz4G?{vB##Aw1bCbO<9qgY15eXKPbrr9J3%3>ei5YCwg)T>~7`jyepZj~(qwEui*pCZAOmwzod+`s10>fE4=lL=@4__pJa*Y=-wGX7`boP6uv zb1SZh3zj&0uUYSOI#UwMU_*e->%r1b^SRq-u0feC1b|s8Z9WA&pOPH#>?zRyYN#aM zSI5hX4P4343cG)Bqz+w|1|$bP^cu;UxsmCUMxli)B6+Td>UeqrgFrm^03)ycZ90me zS+5RG#yydUfHe1abA1C{tAvgDcU$Gr)M|srmN*mF#=!b!i;%PKSwjhw4G^O%%VZKubr=G=iW^z%f+7$-zI!XnZ0Om)+giZ}=H&0h*J=IT7xF?2ep@7bEswvOZ8F-+&mHR9a=4`CmEk zbAVW=_0`u5 zV0poyPJpR|PyE1J_Dn;gzPm{72?(Xyy;#?a$>Lk;cg!%cHr-KbeOJ_+jC?z;jej>@ zKR;{tViP9a5>wQ_KQj>|^?cy{q--U=N2KJ~zj(0$K`C%|czwf&C*aCPNsROPs(=PP zMMW)8r==PYdnwKJ%)ns}y|XWE;H)AtKL5d6uwZZQ^m#PIvrlJ zfE7ffvlkk>@t|dC7Uxw1+hUzxn3R7-s6|(Aaq5D;LQl) zWQ3GDKR^ZaQ@}DtrP6q1aHR!9nvky86br+l$O&i-Na=K?v0OJGLt#cp6pn2tcOit@ zX`LP|%=#v>9~0POwlSnYp>J7o99tL)@%NEYL*rjTo=wr5k#w>G@}>(LBBOlhnE zLdh1x?ijx!1O)`!7kt;}I$#dFLDrl_D;b!wod5L87bwt~>5h*uU=$6jC)~0BMzM*~>`GbsGu@n4qnG|N;%xi=#d8_^ov7Qp+*F#Ri=pqswUe3JpHm%#3 z>R8Cj&|qY;|2Ii#j!*1p;I=aQz(@IxG{1+v7tL7`L>JYqj!^5tfdb|w}Od+tRHWt z1EzYazRfc}AC*O~WSsG#R5|4h`c2~+}|)@-?`{6B#BVciYjD6ynf0i6q_D-$Si{D|LLD(>?sd3uBS=dKLzA}n z*&SY=Lu0VRfs`DgutrvNC+4-CYI(Dm(vTsSMnaN`^P@vUE4uW{iz?6s#qIXLwn=w# zGTFY`5SI43n)Cgof`@K(pK!c%@xoUrg|Dc~Q(yn|N%-%H?n4xRxkmHXzc<8B$I!pL znEm;zla%bu@`I5Vl0uuXgaH3+W0RE}xrRMm z-1i*Z3!9bn@^&(ITUyLhk2M{GZ>vA(oNTEXEyFtL;e>c+&Kuk_DJv^)Y@hw@Cxw6Q zI;p!^WnN<*Y3C7>Ql?AH>mACMJes-1cE-l4nKBQvxL^}_=k{PxdLG>y<)v#5^OD;e z!-Ff0u}&MM@sEPUO$B`%V8^m28^6H{ybBo0sP>2hCXS`^Z8Sb>)|g{E)XPBa(6 zn`-@Qk~#SbGmg20Zdz!*yKeV%U8!pcUI*3!700qwmEf~6>avNO#d6n5Nym=!f@Ed~ z^#@z?7L`p0AGNN&>_Ot#jc@eGWxqsOR+vXhvo(hEtM5nMdT44Bl7u- zk|K<9O?4!5$t%Q*!AO&L)vy7`pq5ZUbBvzgD&W+}heB$9O+%F-qm3+d0SOh@dT)|) z-T4zFpXrHDmEM=-^pDf`ai>R0yc4Uk*4|3BSeKZnzGpPQLFwn!LD89+^7|IzpO?c) z)%5PqSO0HooE%(#(Wv{s{mGL}+7ta$cVI$Jo&5j=%bxcf5zNDATI;`{5p_StQ23JK zogwR*WnTr=FmcIAx$=7Q-toT63OL@fpH-FOQvuBPuC$;e7WcL(U7d_K1&S?n4HZp; zgd@ic44R@lKz6lSzy?g_EvFV#CPNF>d#_+@NF@TJ?;TsL>QK8&Egcvs4R_Et&tOn= zh4d{!C}cXGYX$ZnMj(Ufq=F1XC9mZ~OBC;J(7dZEpEmK7a#<0|7m(d-VXgHp?S@$P zb?;$7LfeBG{rPsoP_$0~p9YP&ovWi-bf@n~F`rCgi4(G-h)*ja)fbHb6B2XTWz)_M zm|wH&-1d2M{N#Ttqkntzr0`x?S)_s2tZF4S7ccz&ksmx*3)nGT0s93j+8@_)FqKA> zvYwyzk!ZHfO)$t9_F}^p;B1?3;$r0Jrf1dfi*d)rG*}~`x={2)P zhpv2=w1EtTi5KdySXC%LJL?sTh&Q*{b_z%UOGz~57ST>2v|m%-)eF~r4VNq zn=00Z2JcmYa{f5sN{U14v$|mtg}dJpci^6Pv^=SrPM;fAFboV5L4*z~MvS>kmtxv` zW;$#X2+mo2l71mOeE@2n4BLQvK2^bnhy`Fkd+@JKSAVdU-zQ1(%&d%*d3lZB3}=AD z`uV~{Ve@^=U`?t}j`X-)0QjFJf_BzYFZ2X##8td6;R3}R6N&GxoDtTD!vk``NkoHVj*DP&_})>hJSbCTz4YJF#-JSWyKRFlbyds^mU4$2N|fHgDCIj zd4R{!t|;S)4RdisEW~UNSX`cGfs08RQMAn&7`=5!$Ve&(?mr;XTlBeVf(Kpo`qy(g zqmBt{tArg;58k;cXEOCEQ~wHD#Y?TCy0j*$CeCAQLC2c8{I)_o4l#1H{+U`I_N^#oo>e&@4{W7FS^h!Up`?HaM;X3&m z^t1Z4!0q+hcDSQsyP4?4-r}p2CXvj6E%nG3HtJ>JN%l=Lovx6K35}A^Zf&VLj*W%0 z70H$JheV5;l{>gTz>0b~d_t1Zr;FihSoyGEL+ZTfLsv^S{`F^)JGy+z-ZxEM^M&c% zkO=vb7eY)zf;F2Bqmf!RiST@T`Yg5y`Lc*HrPzwehe-SS6j7PU@T2J|Ui4Kin-1`v zi6v^*Zt#qcu`Z7{x>`TSkN$2=y0^O`hoP~dg3ctqQlpxEUVR3?prC9ZJF7`P7`Wa1 z;ny~xPuh(B=3o?n&)06~W0q>iyV%6bp3C3P5D*5=3a}(S$?ag( zIVQoKZ{hjG1C4K@=^@M?Y*GfEZAc}=Q)a#yEP(9 zYhkFmgb{`(i{e}SWFI4MeYZTU z=GNdQmzguKt!v&ApcKN#;|7yshGHD8R7Wv8u~|)rC|87ONU8Akxu34!UK3v1lQ6y% zZOYxLwo>qfxuKbQuOQal{N)4yLP4e&p=fZ1nM!Rd&_?))Jqfc{R|s;u`aV%seE*&uV_r-O#-LkVVSlUeyKeD?BKtCV7J zaS#=gQaf^J>ys^xkJge};^?(obLY+ogpwj)j#*WMo$t-%LMf z{59S6cY02a(sjGe9w{TeNwsF^_f1&U7ktKrMBzwRar&@~+N)p-`67t1TgfQMQ8#u- zeNiHz792+|Q$4AfMI#p1iGsvgbiW_+bA2EN1BM!(DZ;s`4f5;0rxATc z!TtG8ABs#3==VC7l#P4edVD_+3l-(bTMBq8y&GuLd%P8vien!uHE27>k?8PiLyT1G zB*TB3q<()A=(m47@%*!Yr2j(dJm8taSnXp{_+R>(Pu)oo9IWBWSvuSa|2OeBAvmMv z*8b-p!e0>c|F2bsnZuupE-N#92q4Q^$nWqcSKp9 zo@Zqf787Tuy({vB)@zg1@Q|C_qAp0JS*tWFr#{b{X|929Q zyS4VMYh%NIdB7Gx1=9`~8B0r*ZK;J9i;M2nkN+SmlY<08m}4;X)&@S#EO);1aU}Je zJq!Dya|QKn3VCxzF6M>WhkNO~${+wzUw#yTRFiA&p9`Ab|3MaH+(vrz@pz}#?hi83 z|22Ff%=zlO$91F((Csd43J-hS5HTJkz$R#)wrm^)X0Z0VJQmf7ItA!m@_X#dtygr) zkwGlrcE3%j!)iO9#aW{Szc=1CjFCE490wqphQ!O6dxgPl56JepHqR1ivKeF03qd&% zlT#M~r$sBza4DURow~%LL}-?N-Am{(P`a#Xn)tlmH?masEk6GT8C%wQzW{RJ zR7@ohy{A*wwy!Kq`C#EOf?xSD)z^>!$2RjvH);jC4bHY=HXnbi=KuKSdR8}w`^U=~ zVpPY*t$Afyv3%+aLD`|&-}U8Vr1UbaPOU2Q@}I6iD$5EN1Se%0ONkyGp<$1d4z
0m!n|C++j0Y;(>(MC8SnHE?bIv9 zX1I3TKok{IfYK}}lNI~cjec@PsybH%Y{&RPzgD`v?*eQs2^Y8pX7PjE8s-=Ou5SJ6 zBWbfJzAtku*=p|xnW-2k)0(iO8*mQEiCf)Vn4Y~YAPq!y0DLb=#mdo-w9+^Tw+>E z-^N@p%Tuy%Wm=}3Ywqc4tqP?=Mf(^^h>zN7spPasKpw|uj3B`@k7ccznHW%rw(PUd zH&C4zz7aR3uxpYS$v5e!FJ9H#JkQW5Y)_62#`awF8|x>HHa8JAbDjo|tMuT(*UYJ; zU-0*5!4v*kR-1PcTiaVqU82}6m$R?hxK-Y@+W&2|Ze9T~ z&~m0x>acTZC!X(cl-SX&c5wjd)11l({`h**+xA8Nq~_fsTG8^jgMFe1RYn1bCtG&6 zk9-&I6s!^=f(ad1*U(E%n|!fJiak?9d%DX?)hKNYT}#?G9^AK?6BmJieAR6)G~pYljk{MW;YJP%1R(Gna$ zcg{3#x1BprADuOQ?{1Cq%An>a9NYMuY`xygYCdhPi@_OBf_v8&3(u!WY>(tBZBk1Z zuWG5xzKkEwfJ(PN>ij{rJXZa6fzgJpUgg?2aUl4rACK!pkHuP^+;*Mp4zWTVdX8Pj z&*j49Z1k3*JQD^?qrNt?&tCxZ>@?A4L$(`K5duO{Skp>Hxys+i*l+Dup6}v|!oM2# z-26e7^DSXt?vQNn^mF^vpW5&HVP(i(%>41r@BQ!x**sBvWmnnz!=85OQaUxAXhr;? zE`?}urr$Bu3#Xv1!qbe+-@GiYcXNG=8aeAn7;|W69x{g}o4-u-&$UYC za1_EW{!Pusy)}81P|VZH+inr%+12|!Fh&>h+vD^uls=#oJ}iXb%SO76bFt$OI2IeA zs@vEfWFox=qq;g!MK=+&QRq_``m7F2y++l>^&NfWl0G0SMAmxM=Lxq*;MucfBFzt{M! zpW*Cc)*E|(@YZqLs`wpdT%Ll^i*yt^g*Pz(k$J@N=cD@*We2=kob92ePy0#xZ@x;M z0d0a^4sQSVm&GkX-SJ}H3>MLRx~84)C~%OxUZdpbucOM|i@AHg@q9$`^zn-QDXnfS zcq-T%puJ-xws8E=+&Y-BMY0@p0uI|h*rzhC|06nr+<_dK_Ifvp(!Ee3`TLJkxY(89 z$+A%90rG+r1xja~KLvNd>9ZT~?b>a$^YIM1QDB>cEYPh|-3onJx8ZK9) zF!3Mx-V54+HsJNEw^u*+n|_h8i?_(;rVNFGtkE8wYSuMnjWGvJs7## zh|%xk$+#O>-f40nM&C(*=pWwh->~L8B1cB_a9Q^70I|SAJugIjV)XM8yc@RtY=vFk zRqN^Vlo5Zim%WkSP9$xI^>{si8>imO9x2)WdlQL` zW#TVvjrPjq93#9v(s2)2@WR3-U^rOR@PyRV<3;1QYR?vf-(1H-uP!fNR5W=!(#JYNOnm%60sp6!Z44|iGOGy_!O#_R*_)}olnGTMFXQo-e6 z6L@M;BDjV01p%<|jl%Q7*Zr^Qvz_|3TfT|S?jg*%(@vlI{{ZJ)eOt&AZolf0r@u!w zJR+TD92VGm`-#a)EI7oDXk}8PpPcq)k_7$H-p-uA_zNsk3l8SB*M$#M2;1%q5z-2V z;5{bCO$8{40rz&8`ybkhMpo`)@mJ zux4w7Kp|GPRR%7jnPx2MI# zlSdp9n9D}o?}fLXKGKMS*oSf866MpCU1bg1Ltw!hFpB61B(n^Xc0YR$xi~{8PhYbC zMHs%B)Ip=?e;%lMcq=On5qfH&(AUbMr`@xnNW6VnnOEOhPa?#-oy-9nRiCy1m1fXH zX2%^*o7vsiTJsI%;N$VK;ej)5@{B14Lkk)y`k0}>15t0jD39U@@r2%YJr3Fr#@lH| z=xpQ|nIGPQjn*aNgdF5N%4@BSN*&SU*jiYtBj z31Kr?>nq*hNbJ_ZP#(guHY)Al4hPf|qfUZ)kcL zTe}K0ZM6D`bZvkIan-*r^rH;tb{R!l^Q(G@*AcE;G*UiUR4!PJr|5U}661_%r}We4 z8LJ07f}G=|e^?PGaS}zD)0d=wpACN{VWi_p&g5H*vLZhtPn^#ngC#uvkuNj?T>PiO zHoW)Ca-(J)(ObEDs@zn5OuonYlD4vXcU66<9IvV%DW$H3)Vw-QBPQXF=*7uaHK*4w zL0!M|*_lPqbcA^m`;XR>bV^$qtSw_lt{@1>LuPP2by_5{(3Y_akuao=WF-i20WR21 z;LMkjZAx$0p-wwWN;CRicZvP?-{D;_;+X3!igZ{#?gO&X)KLBOVsZ6Js zI9pmYPj9G*bav<(Gy4%~P^TM{9VRsMo8|PlbxEvVy#5&X$x#T2A$M7CtPJ|TWq*#7 z9yY=qeb2iXE(rIvRiMaw+SYG{_kZN#5vlRAVdD|WD7;VNU`xzre@&>z$KfwX{{Qr& zE6B6#^Tw8h4Bq#8%}T?kooU}HKTrFL60)&#ypB$1iyFl8IS$RBo)G8R%R>cw8lRum ze?wc~S6O)E-cR=@im&~fqGfuA57$;V-0#h75ar9aKzxVND|Ha#9*&fbIJb+D;8ExO z+CR3l?j$o=DNTl1>{u947U=EidRNDo7|N~AAc7PcK55F40j0}BmbwPa%JY_H$TQ*f zNVU3={*N`C2uFT&TZxefd8I0L($-fk!D{9&EP~uM;-cfwtEMvwn%`;zS+92Bx zU$F})n5?#~K+KD%e8(+++ITlu9a~ih*hrCUas===jzE6i&-}glOAn>9aVyOn4-CPU zC~j-!VFJx*hy8bg8LOEQ5R#wPOovW(R;Q5W7zip(!!VZi(~+|il_Ux?NdXb)n?2`= zy+h0p`~hbTQ6J~OkK|rmP{1aeWXR{_jP}~;J$*p;sFsw_4D|F(?J6~V?Y!Q=)StP- zX-4R@Y)_c}SVjIQ=@i8Bk-VL1FoRx;Rm%^?Vn3QLBo^kY04-7@6F^B`oYPa6^RD0e zWcQY1U=Qi~UAM0^*&gdQkHiYWOBOAfnW0?-r%)o`D-CNle-?=BnD6A764|DC@rU<@ z^?!NQLkSHs11XwBYai|~M=~O%*gY;Cda8jq;WeNA<3nm0dhIL+^eF0ZfMcE1y<{n1 zVeC(c5SlYvVE?uSfv&KL`ETu}1r&on(KAT7)husJ{n@2oG-;o7N_vMTP&%NY41a55 zXbE}4rlQfSwTN7hz?(&Y0pCTE#x9^kkV0O<{@-|+gF|k`e03vjm|jsBak~P^ARBKNH1o5Y3!pYr zLt1pO3vbq#%Xb=aDtia|)-!uzA+5n|ZM2GK`K`~L#l52rPu5x&W=U^Eq$^?(;8izb z2)~RK`wuty{n6K)4r0&Vjp14Z2Q_F}-X#y^cgz&b9L?@s-3UjJAAAwymhGM0dPFM9 zT-+QZDYr6oKX-94rz6(fCb%$dOZ2Jx%UB=wF2RB)uD4;^u_LaGcT*}*()Jz&8Y$7; zjP&lI6ma(mMe&yXN&uQvp)8(jn9JP4?1};Pd;ofAJ<+YNnhgcRpIH^C zJ|~G|Cr~P4&Uu}mRWiOavwmu&#&(O5g$o#G5lGpdmZ8yQy-BRC{}u9K@e!%>_>zUc zq(czPL%(&3&$zdue=Icpu>8{aFHp}%9Uf#3C@2SoluBC_^z{8Cb+wFwIOR40gKO$zn?kTGt{A-;zPcWn1*!up#- zDaNX};7T(a(4h0wJHFZvXH3HDd-FA40H}(;qr&@HRHlKHT;_x%i+t^uY^CQ%(jlx3 zF4`{PiBnw~C4B%~&6-t#d4@^F1CJMoB_M-7dqc8`g2^f9g((hz8Su>&KK`<(%=MmNkIAhwK8)2%;BUuyab%~ur+ zRE!FgL-Z+`e*)st+WV;PhYF7}s2NsMu(FbUyY6<24hguD&Q$L*-Fw+UNeP173rfJe z1=HMyhan#q^oVkmJpYzSFT5Pv_Z~yN)erS58&sdh>^QSHYYc1uUgEmAl#Ueul=)uJ z$J#9eTPzDLR*#q${n) z>Eo0|1+E+J@-GdS|5|%6Z_M>z?vdeeb9|}1t=V*AzcZV(e}2H~3}l-un{Q~Be`1lz z{m7YQNpQZZ^yzCOAl|~~@h8$>aT-4ti*WdII;vS+A)>eOCjE9!V=)a5q*7@$oMcWO z@QRP;6(NlmS}KJD5_pGNl+}8lj>=6pzz}na0TbblHde8<-g@HtuA!d0l&RaM!G=)~4MT4LK3M(L{$S^^GIzLRDy?9HY@Bjc#&& zZBk9Onl!m_Du%k)hyDz?f#h!PMD-rf+2C%`3PPlw!@l0~hk^RfG@-uD(88PmeW`FQ z%~#NE`AH2-H8+ozK8q&ho>(bJ zd!WczxLD6X^ZvEuXuQTp-q0_dBT(#bn?a&MbB&ZWyS1DN#l`-9J9)O3ET_%GZV%Ic zLGWgT#&!WA{4!&_1)6J6|NUcwK zisxE^_pj88wP^bZKJa)MO)h7+w_Z~U&OIVM?GyxhQ#8HXk+3_>!7#BRT@&iyp@m7= zi;yT7;9i~B{_|zHoB^yg8w2@?*=i9cDjmg;da?g^5l@qj@J@>f?e`yF!Sfv~747QS zW&>Uf6~jOeac;uiRpxPVRhSS))xJ4wY&ZTPT0=rrKuIm z-u#pyT;uMRCyQ^mM8{|1%#d52p;1=uU<{!W5F8whSsw{TC!}w@+p|~1j1P?%|4!wI z@j?C+uNH$myAmz$O1cDw`NR388d_wmLj;Hdw-r5E z#9TBXmYlJ2**n}`v+yhbQ)9tl*#q9cv$tuHQyDt6z`_W~u-pUH8dw%o^$i=!Yotz= zP~*rde^)}mDN6y0^P|vKCyt4K+B%L{6W%inEyU7tem1^e8~Smw4TWyiu~~5HXHPGa zPsqv7LC~wxgY-GFxf_mZ+|19h#P89R<{?);r;dadDwK@my2}TKF6O6qOAF?IiI)rD zZ2gZD3b&>r^KZ622}<5^hFek5-rY37-S{~*^(|xi8Iegjjt~plC_C>Ox0b(G{k`K; zv0)V)gfGHN4{-Pv6YoTxcXGHj*qX`l;PFP>q&ZT46%zHrTr(wYk4IROyaUk{T;j^Y zGT+^=Mk43h81f}^ds}Py_+4>!Wj!Fi9xifp8v6r63j-gg;^zLbK?6lgWQ9EQ`Ua;z z9^k9)`Yr@qF{}>%3+sn;hHnseK0)W{1?6fJzlm>fv;wxY1BSOW@%fsGe7YLD*@lHK zc43g4H!f?;LaPe=%ZUK(k(U||2*dGBrw1Nl*Xa_M@1`THn3=jnTzW%e5w3D$1kC7! z4`du8L^@wur?!va1y`O&BA+5~TZ)d^)HmFe(I1g0BC#+7Hk2I=CWgis_8yViHhcz) zC&4#(uHLT~137a|ozzMuR;~nWz}M=Sp==ET?CR`kW8Ot}5$=|dO#jWw846DpCDWrE z{ykI-ivF;7jKUSu@uz_Jp_C%R2(s)~frwW)h-c!{u6y`-4>rpCw0|eaE#AcJkyCXg z@2rSLQ9LfO+H(ikj3bA;7F7ShBcfY;*Zxvx^GC6TV%XwZ#?;%VLIIDeBYd4|9}H4< zFEqK*C0-X2vyq>+l8m!X*&IG|1A0U#&y1}=^WQRL#ckM`6b`dpIJW0UzzjBE9#C=$ z|8!Utk;B>hz3b)U>}0}JSV}B}^B_=nktYrkkJXsypebZD*MB7{JAcBtFVo>)n$huI zu$@;du1*9~bijiMWs~4eH^K^!sL|Yc9y<3R0#f);CJ<_4IbjydY-znv9QgUG z`T*)Af6?hh=dIk|?8d>>(baDyR+(CI@)JJw)SavQ?wl}t`JVAYLqD7dQxkGK=BUEFU%m)yW(t22q1-A1iVKaRCeBv& z5{kyGJnu6ZnkGJr@C+XAb+@0rkS@krJ{w9%Hq3u6T`nr*kV>qBm+=)r3_Dn*#+T3S z*GH^aj7#gXdn!ziJS{4@sHm%9pLcIDXCD^+@ztOE+x=;NAz$;qT5S`G7tp@8*9o*r zvJ9MT(NsJrf77tYc9;^Y;N;A7epc%;;KB9|I*`DX;Se|J+RRmnSuDHh!CtDJB#85R z#%O#G$0%Ys567LjjzQp0t_Fs&{?F-JdO%`tGF62N-4Z{w+Gwy)di;a-LX@VMUkqbQ zti^=7wR5SGv({8?-(ac9v~`AKF0YU{Xby5EayK}k90I-A+>_LT4PV~+%m@Bk=fQV+ ziH0l*FW><%^Ow9y1wE`tX>6wfrBMNlW>@#F?@gp?alRzffzXUsI&V8L(II>* zrISFfj}rZ@E3V4#!qUNSC~hH0H}98t|5Qyj3G7vf9}L3R1)jn%u10~#=FE08L6dTT zfQ^Xu-6Ik?c?jtr2Aq+94y(-1p?N<3Bc<~5jVL(tcTf#{z>QsJLAx1d1?RlhWzqIf^i8h7 z>9HU@^wgmEEe!Yly-MAWUBFi;t!?>8bRJ= zw~E$BB$C}B?*@stPo;_Q89`Ze+`aY;q3Nez5HyvIeNO3;1lBu4e%p5$^CE^wbK!MJ zr1A*$+%kD{0aFZ`TP)jYeWMdX1W~tLuwa4#xsxZ|x|eUsxs%CS@xhC9xHbQ~;&uhN zlowW&3o2#rC4_0)Tp6L@6}Jb*0Hpn5EqpGUd;kwi@c-pXZkzAiU17<~`We&OQ;P>@HSGMtp_;$ET8yL(_#AabnXb`pc|`Nw zmNK7d55Wa4OXkEQMQff$60g1>&ziq6)Hf$RWh-_(9@A=1)q-wn4Id`zazr^LU zzl>+`c=)VAIF|xMooI{J;<*sAgP6Db9$Z~8@yUab?)=AILI#B|9z#&i z$h&sSO!JSH^XzJSzw1P_+ti2+p@6#Xm$e@U!zf;=PZl=_XQ$_b2UiCi^l=S;?8K#i zB>=<*gp&Q>AA|>k6=`))3*r&w&g%OPz(6vt@bb*|rR9Bso+9X0LPM#(#fSUDr(cmaOEBxwU(D>+y994W5exmVnn-} zg$+Rheni@gcpnMmZke}wYhG@r@Ck=$%em&;7jquQl1C(P`F6w*P?t~*qtd#(m zsz#*nETPl}iIwOP>CO2xk-nY5J-OlT*OXnuquUn(acWByGmK-gOPu9TLb}(SypT6k z=etS1mFKO*kr4Q%S!+2uR#?ERR z{G(5gNPEhXTMVif4gh{0sG*E&u|eL-L3?(iDybFEYFVt??5CQ^v6TzM-LjqbPqn$_ zai6cl-f1OO%_R?Q2@N_ERSStJXNFZJq&1#Lv|^guWcXrb5a z!DWwm*y(i&D0y!9*M&nSg(uEd9qhQk7}LSL$9Whb?j@zKLsU|tg&CCid5Ss$hM*Pl zP`btbR9jur=S^)KI?<_yGZ4|%iDed)aHMU*`)hk}v1H_i@w*v8^D)$+f zPA;o&aACT#y1AIe;LGXO#C`6+$l>mIXZSi(OQV#rnGUl*I;!2VvbU!gBe($SpoF4u z6-#<7$%B`=HysL|LotaNe}H$Db`FcY5Wu6qba%58AFrA88J4&YI#Qxb$+L;& zCi3d%*+(U*%Hw9YCjV&Bp+xRPIlc!AO1o_7PN9lodlt~2qiv#ibotWVCQknKM~e*0 zMfHcUKMMI~!7lvgG;qqIF z`M+)-9}VA%otW`^=0xCC!)fwXV$d?fk0pOseRr;~OnN3t4mljdD2AbGu|SmxPN6U8 zD(v`2P9vlZ1XaQs@|WxMKbF)PN@q%05~Xz}lXp5^Qz&EbpQ#CjJloC3#4JM5oY_%L zC;ViXXBg^ck%QqI5%a^+ywRZ;O0P*LSc2;Ain+ExL{oC_U+$D2A^Wamp=Mz7^+|`8_ zPhL82U();4NtrZlS4L`{XDHSHb^*zQEKkm-zA5c=Bh}wO-RC#iHm7WXOY)MqNzlX1 zB;dYrQ#h{eRu1Q!Qu}m6_$7s1IY(3TygUM{{9^H6+!_}X;;UBa+bYM+a~{>_9v6Q@ zD6h;ITKvp?H<@HwKlVtZHS9Tvo1c_A@aK=W731B{_yfX2yb4ts;CWFXq{Js`;yA2m zJ)$FCq@W)c8;uw1yJhQ|dj}w^z@WR*;`h#$=c_ z#TrRte$=>==DdyozVrC_tFP=>#pMy{S9H-h-o5?o>65}G;*!KX-Lvw_d=|FRNA%)d z=H`FdvQD|I_(vy=!iQ%w&Hm3YgY1%hX$gHssshH{1Cz zgrT(R@wUV|<^{&Dl!Z&{lA6mqlpzS;ZrWPDV(-*lDX^E5P6g!P&tv+J^8}{}67|1J z^JG3<)04XF{q{jhNRf*@h^6B5j)$`FQ779mn(fRdLF;B25UH%(H5NQAK~WgH&w&1X zqwDw+#`;J7SArHUR z^rfRk;*caJTyFS#pPX4xZ$R9SJxX^AYX{{_4(L}Et2U$yR&ww0{}@`3^9lIvss>BS zE46@8wa?rTY)SsXN?OY$R`W~Zi1pz_mmx<5r$n~%bAkU9QIa5~LtHYL!@5vc)^tOo za;8dvy0$Y624~ZvarAOc<(uf&S+dKJQrh=(q}9`YsxO)l6?>p0hOyI`r^jT6)+s&B znAptm&8E9IM2d+uT)*g*q=?30nNcBZl*JxsUS7JW0?tZhu#6r(Bc1VT6^Rp|fwu0(Lq}S^kd#x#WwR--s&4EXx?E(j#6;nRTVF1-iZS+136Z3uD zf3hjVi;@lFMi9LnOZ`^Sm8{y+2O7b5V9PFB#m($b)vc3Iqdp+evg_zJz7N!;198<^ zp7baUIl~n;&l8pohd)V}Ral96Fc%0Xz`ODU$4jO@|28S+l_3J%X>zde+g^&Mg>jlV zm7pA+D}V&>*ux&Em2g=bYkVP^Y{2(aCvUZ@IMLMS$t+}sjS1@9zQpsQhk8y2TiW?~ z1;vSY1tl#$Jh_}89X)D=rz~H0+mg_aU2c`&rSU&>?VkEEC zHT-4u7$1F;K)Q_!p3xA>0f%97rn($WsQ`w*2 z$wb6w$L#bWTh_wo)rj;Xk{V}fs)Ltd?cU$a6C4NoHadw)CS^7t|E>IaM_#-dGrY{Q zi2lWH9fjjiTWPM6^_TM*5LUYXHI!yJ`LrFmFJMw|+u zJ{L8av3MagM^JKeAo}xHKREOTMi3^MFR34q_#@0XN05cTn5mftJpcGYsQ{*w$K^H9AYEc&{J(2NM*d&Yed`35L&2qP+IKP!` zzkDEe_Q}-6a*UuSO^==4)hr<)_&f>!o-xKMiK(woFa5xO3poCyq%uHKYp%IL(D<-1 z^DwN-sgu~`lRbz!QPs-MKfXnfp*iP_G72rnGb{SCy8n>q9F(M`oEcS}Jjbjin{2=lGvx(IfjYpjcSL&tdG%UeR28i@2g3x? zJ5GMUsK8_~&~62?Jocn)tSm2J1t?lJlqHijsE9ek97iE*nY`mzDLHX{(=f-187_5o zfp=`PZwMn2>wlfd+BUpY;BP#0n=Of3C?B^=?eK0YaMWs_QW&k04@%SSeS;V8Z<#Q* z=(&>=7;Vs`g}E(njJ8ua{n5A4sg%JG8rGq{xxEn=5~xb0L)Y*50JFrUWlC<556(z% z7$4;Mz>Ok7>F>ZxjmXXCVB+b~=6ZYQzVx0hNXYcZt8&^vgD9QWx&J0_{SrDOeXA~O zCBZQ;QNutJW+#!quUe=i@GQPX*^Ks1nkv)=jZ;1){{G>2)b&cg z8?k62u{Hm(?F1jfwH#d{yqE2H=WMx}l*>IWiAn^633a;V^qXGBWnSUH7Z=HhJloTr zL=}HyJ*qo91MPP~kmKmCqw<>hCnceL&d*wdH)s}?`Fvdf`@6=n0e760qwqCwS+(#X z?37-0pOSCBhnq@}9ak3G<9;{1o^IQ4J!D~vdPdvb^_u<`<;VOwZa@!$38()QAAjz? zKg3$XV)m~oJP?I+ZLABA&Lif`QBks&Y0S{NNSNvz^^$XkOzkal8(gz+tZrfvJZd$ zMXex^s~o!iyO+_0!5^!q!$ z<4wC{gB6dWteFd{WewcVEOQezTJn-ZhrH0(LGjUl)D_STt0J6+W67e<`}LjjR0q@v;m{TWq8SENHdVD_eg){izG{A zm9nFI;BAq%mEkr%4*v%2x8#jUI7lBAQ;s2p(ZeFOdmm7Ae|$|Y=hjiETso(_u}9j+KS!^w7li_xguXz7ju?I{(nSuJ>jw|}ZC`(02EB60 zV)%o0d3bgUKh0q8`X& zG}Xto32ri+@z1vHo*eZ*-pK|cJ>9(31Z0%WpIBQAYV!@>^r`V7rVMM8`>cJtmrac( zmqecaAXrS$_2=4(lf-b}SVu&P$-&1s@fqbN@A1B?2Fjl5Rc!;^^K8Z&W@_ zIn!!BMB|+MZ9lVLdFfN>=Bx(&!WGfkRa9n%-{N^s0JqZ2=lvtt4}KCa=js|Y2B5B1 zP3ExPX@hC@5?zwc$RCz|%}yK(Hmaoa`<~QylE!Nfc?GGuvlZa~9>)LNHGy)7ELQ;= zReHd$Wwdlvb-AwN+I&?8k7=V!1LAZOGf520_mcLxR%6azzZ4BrB&rL&5PCYIS?eq> z02_7tVgS`JYdh7#ksEEEN#98sFQvQ#Jo6zSx#K0t`62oKdoAK$(o(#z9z~_)q z`pFbC?CRX&3ylWp;pFn#lvM>;rc7<%j!x9L@Eoy-)A%=Q^v-nWcKGlYJapsy9)~)_ z<$ddalqc*~%}O)(*Q6-hmv;*;m5L}2!ubuXMZUs2u5w{yd3+~5pA_gBbS@~h-5>&d zB&)sGqagKc4<0DFo#_D|6_Z7Cw@3KvsyteenZU9hSgBiF3Mk}kX1Xls&1|F>Dk=Ukiq+18SW@wzXQb5R-Ob*AmWfMGXK#sE z7;=eVzRX9`(<(r=3v?@+lFK|o^7$Kz!a%dV=oii@ayEwK0lhV!5k1lz7VBfz8oNZ& z!k2uf&(5=vRS`Pvgp#otf@8BWj7c0=?9eXQr8-Gxc>wjdNVQ_^M3o7oMyI#{OwSD3 zX0cT4w2(~lY-jpbvXP1*`pST}x6DxwkhSBYxM+nwC!N#KzIBnc(Q2*LO<q+o^Ui z|5h?*oeNp<0C4Ach){^6hVe%fjDfv@FyUvRQdgCE6@yj~ohjazU)>7Gv&?5w?=rh? zYRq&MzdJhG73YZHDC{yqPhfK6!fDpVWGO%+jKsuV(M9J>!i{X@MYMm6SnuK-A)Shx zLbHi=oJd;Hgn;)Q5<58IQL`=gwe`Ii8j664yAY$oUJ-FgX}3So+mv@S&YzB3fU$8)FA-=4xs2?K|i$>gUD@sJ_YR8w;W#XZrfcTtp{Z$`AsZ#NIq_ zPg+R7?0D1ZE3{#}-$u(OnT(CdMCDq`_^T$Wh+$l6bd5m_2L#4N%`1hOnb|c2w3KlC z7YUarluP;xlnec(+OE#FNYlLE#VfDI^G_x#;Qyggpkni{+!vz6{%WViF`YKhMQFwp z8pH|R7}&y!6`1ofuwEfm8`vVq(IP9pv82^6P1WBdMsW9hv8RpwLv4zfl7hANjCg)m zq{VeAh*k7C(EXR7Uy#s^yHG2QNe=x|%BW#z>6G@MWvPA+GNOq8v`6O?Ler*nT_9gp z(YtE9|Fu8~V{R|x$F0YC7j;Fi+H4GaiVb9%lQJt`jHip$-gUOj2qxHQ!267$a>lTz zPolj_EytK<``J`Tf6Qg?o;q4w62M+AG6uU5CxCY2(<-q9cW zrayWB3v4`g?i#h9q+uiHT~8gE*SDo zHxk6s6tol76t-_zl8UsmW=z=fo+Z8G9R9lby(-qKG_QSMV*2GSD#KiC3v*yTDkrA0 zvGF>2+on|xWB-ol)#*C~bbA=xMy402;9Dw?*{l^5_j$WN;j^0>HXy&4`G(?xY~0C0 zyXJd0*F;xM2&g1$);JD(T76?ByyH4|UYeu+QYS|ue(c01KhYN0bZ5sbVdq}t^)FwF!P4Lx@K)*76hIb+OW$IgWr0|!{i?K~oB$doHX^L*6+ zCd1Jq;`y^YOi_9yLrUb9*_x2juB#rN6j?Bw4COd{i+@n`F3Erorb0WVF1aQ3J~rEo zRYVleS;S|WQ+rJ_S2|r8HpLr_Y~tFMc~mtuoWL^}lG}E}C_M5k@gvphTh#qWB)k7c zT=SkGOFW<7+d8Z-T{GAShhKKMQj z|8azK?KhYy(5S3_;Scu832LvE#ZGUkk?^sr#`0YeH8B%4;ZAs?>;%RZRy^rW)>R<} zfurpBYg9{PK@;lb&KeYoZ__uyBJBr>{&DMh$RR8P$UtDP=(S07km$Y3HIV?U-ftKX?t7K@QYo6CHcDVGaE9DZCR)r!aiU3wTVdkL9DrJ^burMz) zkj^u%3txk-jX$Hs$F`TnHiN;TabTLoEN@V%S|Tic&jlvKROG79nHX=hR%EG{z%3d= z=`2$;2QF7`oa~)!yekNkjpYVLpDGsgbm*5Q8>i33GY5}lJQa)bB`*^G0{kTXH`|UW z-LqMxLA`k~SASjSa%U3{3Lqc*z$ky&2L$$y?!9)~Q)dbl?v=gWly5UvPt*U=+JER?jXp=P1zl3h*SZtG&HjvdDqOmUyT|IqDQF)xNeRYx)c@o(a|IYWHf=3{e+eJdFeo|q8E zkY~JVmlT>21i~Lp!a8KAv-W3QX-MAs5Q?J@}=&!4yXL-#1!uGc-ea<75|fz z(5g2F>~5Yld$s#eY+RHHj=nQgR9ZNHYPgvg-ns|;_WAp^G^hEGUo@KC`bD>-=9BF| zM;-P+ZEQZgrSN{G5kE7$8gLV@OlgDC8+f%9Yp80f0do(tHRE;G<+~_PhIpg0E2`}z z-0S-a?mtjIp)jT*KbN^@%}pG8a)y)wkIc(tDNrbA+m3u=&ni?$Rws?K$7K9H0T@+w@a^ zVi_l8iOH0wrv&1;W4JP6h3ed=3$t_F49iH&D82F#Y2`nA!9n-lvC!t^uyLMx{U1lt zRgjGZ{soq0tp_JP$E-8TCAY#w`lO5k$a0WM+H?{!;+@St@S#SiC~xb-z-h`Zk1kU~ zq}qb*>H)VrD}7PHx=Dtm`n0fvSE*%sCFIFY#G#}39Jr$*F;#f$v8eV&jgv;}X05}p(5J1V z;n*C5TmHx`?^Hg(q7IpdpooO^KV(yF^O((0FdFP5E!oIqp#G_$q zHith|m4+EzZdpQIPSBeVemF?fcgrt~H z{Neb=5s*_!>MsduDeGLvvBBZ5J2a(9zE$keg#x zDE#cGJYk}0YM&ez_O&OKpX;%t2Jh zJHLC|^ryFHW4cd-r*M8jRIQKs7Dx09xJv8hHzntBts^Kpl;Cw~Zz|%b)du)C^%MbQ zYxt8$0JFljNhp?<6G|Ui6TIPy@R#a*5&`#kIaWiCsA*uTk3nxKc!xkjH(wE2fkX>y zf*WeaOsh_tUHkyGmPo8;UlD+;%mD#K6M)u_AkfH~b7C4E7s?m`{oWdhXh7wZl% zmpCq!y>Y=pMHF5y#;KZqPlm)aDRP-+7^4+=-hW7RGvxhlpYxJ?cmTRfvOW6dWbRz# z@It576*ls6aX`D-t06~(kkG)Gg%C$h#k_Vv!P2JWjefZY-KwkrRK6|f=F|I3kA+>) zy1d9GjfF+EwkXB!Dve!8nOn%LzDo!fKd;EbOG%tI$Y5XS2bR6n$1!6HRZb zV`wxz{G)8~Sez*I#QG@Eao~dVNA<#j&lUq_Cz^a=7!JlZGXEBzd>BE_bkGgwwIS}X z*3}!-YfB>2tDnmkskle27XQYtZR`1obQ&{E^J#127vGYn_>#9WIcjQzE^5Nmpk+p3 zR39P1&}orvC{;p2#JTzu)6dcqu9>w#U^M9W2r>!sP>iYcFurcIS+_O+0EG6 z1Cf_l`yB`!MA4?PdKn6qnKw-Ld`DU^;}b;(Z2NV*T$8Q8_1y}(ml_^-7G+vJeA2gj z0zVRnLt~y}hCloZDSxfn*=FEWmN#!=lERa&;HAGGQeWWZpMuEyunX5vEluN}PV2)P zrP*X678(gjYxCulAfqTQ&_rtaY9HkDT6a7s2=(%1;2HlOe|y{ZLCC{S%4^k?;89fRP(nnb%#lDy#+?8rYOD zmO2{oDNk@E-q0;b3nx52v2_;4HjsYsLgywarQxZ2C4hoNmKgkv^-J^I4VsR8Zpg1| zZJ}17N?lYVh7uO{;?E9FMapFHPzoIgE!7ey|BzuXG}f6>uX-5Im-K<2Yb5jH_#bOg zU`Rh|1RVc~G~m$w=`6)NT=jlfeZ1B$pA6jn=jgTM`#dhyNg6V8mY6+rTDQ**pE#O%%clu(Z zq^v?ZnQRHTRg%nQJqQNYad8;^G|FiG+{jj-&rRfIQTe`Q??V%zESa4Wy~IC08Nqh= zYJurWO7Ffe;*ar3$`d9%Ut2YLL6~ z$z0S=di4s)N(KM-i|L7F0N}E-hXBZ_SeWNeF4KS_4!?CeMz(`$;KM%pVm`M5!b*uF zynp~MVZR}OFm;+kmFQO?H7Ij2o%?KLIQenz`A?|xX#c8!KEPT-Ib@r7xA^^?lef^; zVXPbF`6>%Uk*CpCsk9|DONR06&xryVuzZ=RUpv+hWNJ^rErtZMLRIjK(|Q|Yol!4G z6%y6>Cy_`4lPhf(zu!nkJy;Wy;!A{DUy^mX&cp~g-}4}SASbgqA)ECuoI0N8TFfGz z)XLJAM5{nH=C#-gxz*6j)VE1>!A|FsVzBi(V8GMDpgcG*h*kfY_!KRwRkZhQ)&Tzk zwh5#?VIyQiZqSjK{W52|{7JI>O+%dnovVsdmB&`}^B2G4<26}M+05az;J?xw-Z6pg zeQo-n&spTB^Q&WLy2W2x#n^&R4Br$(r5n@&UB$}BIeK$PxtZ`IJu02E1jo=fT!u~h zRVGUgPLQq9Vwwy~C0&sVTbm+m!>_T2ChfJ1hFr~}v(cZeSp%~WK~s3FLC-Ge=;mvc z3*6Lr7-2jM-?L8w)yVHTmjJAWHl@J%!v)-WbTKvuwb&4}3kAQA70<>Y)h zOf|CkeRJU@qgkD6EdP_#$HZSH%2|?8UBJdPY0g;e4((VhcV=wtMUt9+n>F>#ojx+4 zl(v^#wZJ+@JvAxix!p0s*}eu?_O@@`pI_#Tze%M{@}(z{_PKxHx;ce5dZG3{yN_}I zRvJ^(Gqf(p`dstRY!~*Xz}<9364Fn9dU}nci&HTyvKxu;%_m(xeT;Zfj;k_LN1;zX z91=;r`AbXkR+EFgIJwzB>X_UQb90cj%MsqG_?78(5bZDj0-cU;9N0xH7iG^!CVZO| z{W{lvemMGxvhviM7`qhcq0Aw*+8+jLIEv^gCy|C`uoX`*jWftol*hL;p-t zksyDkH3=R5 z3#Dge71L+wY#z)hg z4emvYyIav9!KFCGTihiCD6YZXin}&IkQR3-?$VvN{np-l{aG{XA2SRy$wP9>ah+l+ zPD#LMVpfh z!2CS~`w)rL9(VJ*gI?diHC3{33cG3i)!|vucVU&!SFegEaZ$wmr5Yxgq9V~TZq-jA zmT)2JSd$c4rC&Cbkph$Y@CWJ3E>)f{7rODd>H6G84c&s+o@k>Jn`K4f3fZ=m+)4Wk zyXOJyp~7HhdvLu_3Uw^}rVdE;6rG|}1!U^_RoBy@+=(*kbT^Mn;z*gipZHDXTBX6# z(@HS%HHL>9ySC;RwbhT4r9ma9123V!8_d8(1hBz3;wH=ADTf0GD%`*`dVCBIzv6EE z=AROVpNd}ZeSnyot{Xd9>1YiN@rja%USxZ;$C@?D_$(N3k$G;Yac8A(?##P0h7z3N z#WN8i6PX~Ie$Yn<8W+A=={+5t+@BPJ!a4R75nj7TVZMUuG*`?1xjA7)b{S#mb??=> z-Xr^J8i2Ew^$MZKeQ|<$yJSRvf=t}Qk9WJ~CL959^f9d++&=4=R2+oN)1ZoSKv3$~ zfsP^YjjoQuy&tqQx&S`zjOs?sEk_}pf@TgjUc70Hq4Z@4`X)q?BFhLDwNJ`Sc;=ds zLNVWd-*_dw%YNGLieHNQ-n5TnP~p?7_+L&G(j%>eMS+AArn!Nyo2Y!2^((`|`EP9~ zmdeKU=Sq&!>PV2Z9zs|=v8sK2xme37e|~@LLE#jtc~|y^XuO7ixlV&g`ANw>gu6QR zix@lmk66Kn&B*6@izo?9yv&ioJ^}%hiE|t9v9ISOpAN5P$uCXU?NTYi39ImNp8vY<%{uBDT9+%o$=$Y}ltFW0hAo6qgBKS!PZ!`Hdlanyhc#|iX zO82c<^YOVylxGYTyVGX+&ptJ}Y1ebG0qg}vZOv{omyT!GH-Fm^x7p|mrL`cuJoUk5+GK?3BgB-OHRw-&@z8vQ+glb{yty~(VJ}WY+UMU<*18LD~HPx^9 z=i*U#C?j|K@zoZ^Vsgh#ILgsSUo&SnO$Z`Xtc{TNqk^R^U>uvZcAs95Y7;{sn3A+C z#;dlz))DW%AUi@ec}byKtG#60-Rh_@+&YTU3rm&cRuo%~As4p8JDpZC49Y8>qEQ_1 zGuFY`agw4247f$7)F+h|&iJG6M+RCw?zg5OEvbE9%3t(QwYTXkBlIQ1Vwu-#$QyZs zNe#$4f}DGJyB+2pFlT@0zw}D*w>5EtbHkUZhE_^h?ZA?Q`n-4BY^a6v@I*#?ek+$nSVYTqq!2NlYb^AiR9k!N;uBWd)f+-W>8STP-JTCQQ_&T zE(EBCs$eAnbAP+OCHYA*hukHPIq7mxal*ipzc?^RG3$ZGzC9>E>25xs9WSklRw-4e zBe}`6>~gd02U+$uiqjw}6^sp~RW;8MApcTXE?aO)gk%py#AzL=H(1S2I;t&l&-fIY zpN$E*!4FuJnprP77E}L{D>Yn^PS4`K-L!%Cl@`-4F-s!^xAQgM7t=|6dM^zbn=uo* zG1m0v0ZJF7#`!sckWfJz`w7&`+On;{9EBFnoXbu?QpqZuwgwEH|u&;V%!Qv@$k z8BTKXY;jL%sV8;VrAs+4X{xg0h^q36RM2uOgYWIUKWFL=yVMUE3|$h%55-@yj@PLz zfG5IZGYv|X^(?6h^5q#p3z_fqo@ED5R{lW}j^D&9%B9M%?E%VVyh9FDX0O_mTv_{r zWa9cGqJ}UL{9Z^`T>N4}ur_n1>B{#1Wvv6-#t4b*@3^H*!M8dkt!}CbOsQir4b%k| zcF0QgQIo{=Rg>3n4E-_-X+Gh=-Q>YA&AOO{Z+hbRRZc<)yln9!d_QVG4LhQCC?{88 z>0ij^s>JJ7+$yo4XSB`m?Q<-!RrWtQMQ(i`ht939%Z0|7E|d5yY%~_=L_0hShvvuC zcn{M@UyG|hO6|6K&RH}%v?*OFy$HxRNH7+YMAglCvKlo{ucilh3rm=Cl?BkbbFp@7 z(@~xo$Ci4wY9QlX$LT zX0iy8_d$r{v_j<^6 zJ4%ng0I)>fyh4%GSYl#->4nhGB#*pglJM7$N`B(&{K$d(76=&YH?U#>F=+!e7kMF+ z>HPq;-{gEqPoseUyhnHA(N_04n&PV3h;la!Euk0yQLIF0yT71Hk&vtCH0xdw6QRKg z*grO~{blvcw){lo3|i`YymAMr^XdT~*iYh_O277G{1~J);j3Vp%BAKUT%)c16cR2M zt!SCmQeQ=cFlEarfZ>U@T4vgHa&t~)R!kLrC;4N}=-$W(cyCm=h()9rXDmgIduFYR zk8;0T@*Y~N<-TxN=Fx1Li!bl=2ABPVb7_Sw8kcN;cGs};qtN(4rT0{+jH9)A8X;y$ z6#=*TcAvF>JG@4!EbOD#MbW^bI(YOwo-Ui4eAthf2XS5j{p=2#vFl(RhYWWRNV>DJ z&nhKvW<##BXPldj3Y#`*(u-lP>bAjQ?5PP+k@wnVGm~%pAZp8PEvy&pxq_HHS!Mji zbj?ps=baKJl3#z?Zq_FXMxinmt}lz#x@LMBhJqHW3K|me%S29rxlrhO5ve|%W47tuyli@9-RbpDHu4 zeaF*o(kY2&d!H-PrW^}-DK+#GH;D~Jn7~?!!R>3bH{?=8ujt2|>M-A%=!RKnA)mOR zD(9}Brm#`!Vbzz*KS;G>|KcdH&ljcAC$qr;42B|4sb%iG+25=GAiZzNO{!3}rv?Jx zoLm*~k7bkB;Z|)%&OAy}@42N|9TpN;FLowoxnn(kKh$xtY+GdVfvle8*kovh-Z>eYe*7M%m3!*61 zfl{cmC7&-v7;{vUZWGe=Od6M`@VIDrlS#joBZY~n3N}aSbr1d!)K`x-KDK1t-{nSS z1oLnhS&M*;T6Bl1YZ9&~7Ny4xsduxP#Wv}k#mrHB-+ahxh_55}(>G|D1{Pr!*)HW zvz0=7D}cIloGHWwDZ4 zqg$anogr3?qUE(UchH3CAoE>vi#EG6@3(8Fo@H2rn|Zm$FH@$;G~M!=4>=~6mHdW+ zAaAJxt9reP0Ua7)LA~IRL@3I5RPyyl>h>g+QHI}WO?SP=FS8)X$L@qNV+gx_x`X*#vQ7X3U=**0Bncc64?%L`Cv^}DjqjSR-Y(jJI<_`z zi_@hyo*ol}2D7_fh%eL7;7;F5+@f|=T)l9^bV?<;KUpf4JF26Q`NzHd? zZ%(cI$;h|4Cf#n+_?fS4PQvh!TvS|Jga`3E3U=J)^Lv*Acwq{CQM3wfNxi<&i#t3E z+N|U-S?zvJg&<|S=&|Tpt8BsFpI~DF)fut4*9_S@9@|ET(B!EJZ<3!y4T9??n{L>i z#M<467Mm_R(F|mfrz>- z#dkGlN!QpTT;geRq{d^9ng4JeMEX}twmXps@lBS+n=HrVq;N(4&feLJ!tAtwP3!YE z)rE1Ra~iXpW0Z(>g;!Qp5@q@!qbd`P>(Qt{%UYZLaD#nwmF5))hw$6hKS=8iVz3Nze&Jy!Dax9!uxDI``~(7>r}kCh@xC*u!g$uGTp9* zsMnPsj{grLIXDwFg*zOLd)OoEM>0kZi{#s0%&{2wxx*eDby$abpwfkWzlPtBs^WRT zgsN6NvBi}}8R(FUkV*^S%>WKm5YUypa=nY2dTKMzmduJ@lS!vNKgc!4NPR{XDKoA7 zktG23wp(I?=3*W%uW07Esbt{lejSC&gVa;zmG|HO|G$6~uE!^nI4{P-RJj{Ly64}F z6=Zml`$x(Q2f#%Ezy(HWo5%uU>FQE1#4}$9ls63ohkpC4Etj3$Xa5i+wtdVkbiK9a^VR zotXqzx@jFSwjN6KJm-5y@1IlmF4L&fHK9d@jc2?h?TO`yx%K3wYJE{gIaIF@|GxufIJnYP| zZ9@*)jxfugIN6Fs7qmm0@tj?Y5kt_C_#M@Ik$>|@gjjGlivu=I842$WSB6F`SX)`x zF)@;okj?oLV=F-jo;S44O&$J0^4hpE7i4@sk`elObE02H&UoR>O72fg~d%;~TDcOV9mELuAd`J7xP z<0a*xm~JsEe6EwCcAC<(sME{Vi&?I^NcQ=i6vj7~netHUkm=(7gQkRBxfmnw#ZYn?%F{mT;=vx-d*a8 zh|x=P7`F$jCq{%?HPnp}Uk`iUmRz%%pO){>>-ruek$&>9tZTsi^uG5Dy~qE7b%dy4 z`^C18X%AUlFYn?o;6dTOsLP~SWL`u`veoyx^sBoAj~VpYY3A4)gSBH~Ge(tD$exkC z#u;(a@mzcu%d>u-VQ+40Bjm(4zGvx&$p00zkBKCRpB9`JNddhQ8`u#)tIWXzWWK~= zon`g67__w`MxVE@#nn}h4^zflHV?g}K631crhK1~l?c44QVrobxu4!7(04^rP_&fmr2>dmIx((QWg zMt@@D_EU8Jw%~l)u`3mX^>`AUv|p_5F~$DSZp;;hXR?@%?S%|L4Ag+FhR+-6EuuAr zmKwp2qX~Y?hUUPn&L?Qij@nB|nFgcLWn> zcz#B9#mHjZdBydlWa@R(Vu%k_&xk z5V^JU0(+_;Yu1{wUYFpH?Kn4FZcx@${4)swi31kS#rF>WAPs!o6!I6Y6@a6sr-Z6P zlM_<+T7;m)xVyeMwUgJMAAF)qQH&2rU<|;9rsLc9lV^3@8yYEN6YQYIjAg7kv$cUb zn*lK*PwOpe4I?_v*6c`Q4Uas+Dq()F0J5|I@N%6WbGt3v3@>)lG-bg7NJ8`R-NOD5 zzgeZiiOlCz(eRgyOxhCK)C}p`0-`H$j}Pdc{jp({k2LVWN>WjqGU`lvm}CGu)8zt`*E#1+QE=J^Zi7@iQRf%Jj&rqGzVpl))DWs0>D+ zrØo|zrQeg~ya&Ykk^EZ8mIA*)G74_ozPZe2VcABWsTczjDhXpw@ssX0e(0$P` z%Su%bMuYNP2eJdA))7(ZQ?G=SFa?cw*aBGU8&8z)Mu*QT`yuhTK2)peF5 z!~tuDiib-iIzd@B<4(wrL5JfF){*x9&j+s+4|hnPlpO#Sjs-SlX&Qc3 zs^$uJUu9u*>k%ITQtdm2V`-Z3!3D*%!|!ve)%}`qNhHVe*Le}@U?$)G6w$Be7tsdY zy1c0qUlq;JfJ^XC^c}9Qzmf~87Uuq<5v?zopKzHqcPgtQ=X^%td#8MQrKc8d(8=nq zxbKb`I@|mA-sLeEZQ{#F@^+J^aWn}VsUEkcHTg)#=x+6DL<3eF_HX7CER%s|4YFM9 zOYpH|TFz>4$XgWy>Czwcdj_Ku?wWNA7%Bm30y?$YIeqKSRBt~Srcm1yeQ^l`St%7( zCty{gKF>9>!w1o+gD9&GbA9>fYq@Qu8VQLl=XS+z}haYst zf5yk#((^n=62=Vlg`rAAO)yYn^i!4nF5Ko64lZ3EN4HhzJe&O$UbDj7J^-#!E6YhL zhG1b65@&7pq&7gj+l}SJx`NMt7 zy+U2Sqi%P$zeDb?Eb}+fl{6ixRJ;{Ei)wj`iuPtB-?qV7Xo@vxez#PUw@`5)v(mFw56A z19U1+lM*%8HV+BxH+w|I-b-rbU--2d&=*21rsg{?IYp!W{P;pw7kz7fD+vo8^jJH< zJel^!M84k0y(_fS9m=27#@lAjPWzS}F7@ISMn?ZIJ68db~yN%xsZo+$Vx0H3D zzbnT#T5rEYRoFB~bcm6Y(i`p~@*QxDGBPCP*{@f)K!AE^H%6Hgee`Z};`F4grv=G` zZ35o;#`&37te=7xIeAyew#UL%SrUd$4{kIG6laomiok+|%0# zBnsxEqrhn>_>DXxpQ18&F)Zi`%{6|oT+U{>?~W1{G_)f?-KL^Ci*V6r_q7OhkqY&DeH?ye(v9h zJy&0}r7mICPO+Hh7B>Slw4`A#%a><4`l0%!zc3)Mv)N!=k(8=%Dvd7@NQN#`B2s4$NE?nJiKTtUXbHd=Qv zcy9CUQ-nIQX#TH_JF@cagJFGpz5X zM#HDe%=_o~Z|xYaL5-z#6G{`FcZYc9v#Yli12QaT=8Kvdg3ZWy6#4xrJf~%0;-})t zfnT$WsKDzV4eKN-{o{EPFT~^N<9Bl>GqoGJh27u!UtBAtsSK}G)SZ6RzmfOh*N(_Z z{}Kh3#96>K>QE%ukh3=}f-^jarV4>P1RY8C8OWGU=R2ROXRxu7B~<6^gl;v%RiU`Q z1BOUDRQbinuJj>}!0V_;T;gmJFA9@RQ127blMrKInlXRc^mfz(Te#5X+}O?#{?EXh z|Ml#D_Z&)+pS|K-{BJah@G<3e&HHsxNb33=nc?J!ygv1$j0b)@g;=^4auvplkm>Xj zO4mde&g;JXP+Q2`GQmx^VNE>Kpijr6+qX6Us&K43sG?b57{`LzIAUYR))P@ef`~p7 z>7tO@ujV6Ke&C^dA()sA+78$i~A=>&9jEB(i>Um_e9IQR%m$E}a=!VK!pov!A=}zt;a1455@7$-PAlARrz*Q$}t<%|4N9C%5+( z@WAv1Y`?QZt{gZD_>v*Yx4HmXfDGAl|JU{DX@>^0r>f*KynPwLKST6=6~*8E-si(~ zg{i+>b965FsVHHXz!C41BTVFSjmO~e+yD{Ncj_B^E!ksC0ax$~+s-?;JFR!b%(mj0 zO-wmVvsiW{-Dmceu{`lua76xjV^xsQr=Q~7h|OH+J#oFLlwL-i_W2xb%X{M3f<~MD zoO`5B$LlE5unz==Fm2bQ>MR&B@1+%5R>q8yG@R~4e!E=OXf|7h9 zGOC62=EvsU!q7{0em)}(_M{r3HSf5DHBhj=>lOr27!~5WPiN3zG*Q#M&bvK3i9r_Q zC-2yOK#-{8Xe--b-@#r+oRDRC9wM{P(<(m_PKttkf!gfTOWytIZsbvPa%`CMaX=9XpB8-VRPW*LagiY(PxV5##I1cC zHl>@J8`Il>p8pdS{fMBVEdLu7rOBBh<;p@(QQngOkBUzGZ&Z}U@+#RotWj}C`;y7W zEkh+_S}~nT=$Mgl;Rp+B%hAMgy>1g$^h2d;n2b+i?*;HsB?W}cC(Nij;6gxaeT^?H zzrZtVsTMJFNZ4Qhfi>|q`De2jyDV*|T4?mZ??t)@16N2!S=Qy-U6 zZuRGxHe0ASJRx^+*?ut>A99;SsC-D+{q}-PC-(%{QW)Z>%sThluQa9$UJbA zjqtMcI5wF+AyL`?+0UyH#oT=?o1OmR5HTj;Wt-qPM8w!^5}`VU9a3&IVsN)}kN(d} z`w@3EJF|nt`aHC5JG|bR^-eA6{h2fYkMkQDX7DU&c5j0;f&zOu2VJwF75{MOun^ap`Rr;sK2bhTL-T;yHWGt|89#ZQw%zltl zCN;Fufl41iPHae?q&myQ7q_6b{OZKzr&d9NB)+2yLWC49>wQ=7a=}2s$AI|tJ-w`- z9h%LZWFucVZ$01eqs1Sj25$Ksq=kK`uN3l*B}u`d#N~o-VP)~?mxWAR3fX!z&^l2X z|2pI9Fr>7m8kJXtt5!4l`}IG2lYZR5W8r)q`6)w%wi;;+?`v|qjGu+1yDhUu`o9FX z?|(M5QhR{_kC#PT`>F!t_aa_IRH)jGiZwOlh}7;0ml%admA$Qgt%sg-AW*57HfGzrgM;VfK@=h$928N}FBLL#*1N z@(`(gkTTWNyIBsJPvBzp+S20ce0GL|(CXXe;fvaa*yc<+r zX)}EdoZ-<8vuyjmAKB&)oxIPg%2`3!wX+5TRd|RiW30J31K$KVJs$m~Jxh-*o4|P2 zo>j}!c>2OCm0Nye|U73f?RD}MUy({nYPMvCeI?RH(B7&VmHQj8C_%%<#~G71ed^RH)l58st7zN5eg=cE&e#^$1WV`7m{&oAJvUS|&y80B}pW$*57XDg`2gxY-8aQ%H$XJfHO+5CIV%4l; zY?wD}Q1tg24u$@QJEN?=kZ!_Pj;=S#W|^hAy@%>+!x>gQTq^Q6i@o#!!3j4SPOzA< z$i#%v*TVuJ;-`ffUWD`B_a9^aFO^}#YD2&%I&1b0-gd-( zD)}6>{uRm7iB|w^uDnp_bE{;|5l>I`NEev!8+$1YfTkv{&WEROhHPCx*b=8PNtDsn zdqdrCHc{>l1R&*LX!cQf$83RI`9c#vN7P`PVzHIzwpn!mb#l$#SQ$vVlHrS=^j-f= zHiamwt%~)S{Z*XaOW0*y;p#_y&$4pmi+BR^tlyBUMgSRBtgWlhAEeWVsSPHBkFUMx z3^~AbId4V!=|*BLXh)^!rI&+Y3?WmQ*u-kv+uo4i1TPBDH5pv0?ex^FUa?@;5ic!7Y?V6F=Ad#g;ym5GB5dM!`trg} zeC100--i&ncQ5%wd+d7u6KKtR4=-s^9dJP_W5sHyB^=`%nn@pvWAO}<{kHttktH=|ANPHKS z*Kw)+%rf(Z8Ha*rbSpCJ_S!UGxeQ|DYowSD)!a4%p=ZVrkH|5IaUbcXL41@+A9Anw zN-}JxoR3!X3$r;zt#ddO|7q{<3?-B$zyRJxMpgKRY&fAACTg9 zA(*sjMrK5GZq~TE=nJJMk{YPv$2&!q(haIopmZD}rcbM!7mCdsP^0?x^|RQ-yih*3 z!2>XL?z5V?1~x5TUd^HFNJRBa04BF`wD_e^cc;7>ncPh1-dBsvW~h9MgI>Ha=&CWTm;X` zRc2#MJ_|4rZk=P=dV#KY5lc(U1KhkDUJ%}pgpNgSE^gtm!>Mo)a~!3=SNZaZS1B_i zEpc$MpJMx{DEbwg*mef(D)^q-O1E-+#^Ijovp*6e|C=BP>qEyeuwpl;UuR`A9I7F& z<(lHAwypO+5lW&Kr8G5JG<L89~4AxrffvDH^whP-YeTM6NeB&&h zBmY(+#vjO4XBAI!d4zAQPDrSno;pQFrxtSQ;1n>e6hnr>)jghycfjq3DKZ=HKC=m2 zvORn2Vc+LVwgfqV-y$Pgave?a1WBrX&23sQcIeC3r=0h6T>uu36r9;-`o$P0-+g>p zFtm8hYae0_!F$-hb?}rZ=Ej*xVPxjB_TI$8|KF$A-|w%g}DmDInotpUGpqnN1PoExD=#X@jLEYVx>Ei=={$Ire9FUt(@} zS^~%6xve7cynPfp59mWmHNOSDoa-R69fOR;P{B2LF_8J!1K9ebD23G1TeMNo z2k~e0sCx*Ef>8M{{*#AfSyOqf z5c!09`6hxHhF`sTk~Jfkz5=H^olJv~-(NnX5u&Pe-h}bRQen9nkmx@muKGMuMjQR! z)l~=#;XW+Aaj67#O-885V>9m768yT5`rrWhh&#C(4t{%qVSmy|e)aB_?u(x+rHq()N-R9*z#{WG z2pj98p-I>l_nc9 z^=xnImV_RtbpoV0>fc~j@WuiJ8`e}jS=xLzPHhuq+Bx}yw7C!%6t@S9yLgxn%)F=n zyF?!i?&a7%Et8M2Df7D8kqHtcTV4EE6j;peOSwpd)j+9+%l+2NIF~@)n!4C`$|j>7 z+8|~PJ$*oG(`Zj)bo+0F$Npjp#a}vB(FzaUAy?lw{c62rFdnAFA|n%itWP)F&5 zkQOGIZz(ROktsnue<%|HYDfDvwkiK0p%JNtWpQvSU$Rir05j$^);%s7>;o+mzjyZu zmWbIgYHg3MeIx*{J2K9h(mID8HpMiG<7rg#;7qai8)yyt#8KM(4_ z#4Vh@?h1`{`b*;{N@^{?JZrOz%sC_BNjd=wq6m%n=zQC-;Wettkb!>V}hAQ9n{#rDswtX zm0DHgkx*dov<0hbW!ZRM3@2A@K4G=HOe!;}tHPlkk>4)GAYLJBF~1>_|!_*=I!dUP4dY-G{Pd9s(D=A=T&LG^yS9Y55``WY)>Yg$!%oQ%;KF;+X213=eG})%No+?pfhjIRk#)tJXfCf zdNYMLiyMM-hW{?V{h8+*)>zvgtydpD^xsqbI{>_t@CFQ7+&^^tj(UZvi>Qx#ctN;q z*jxQg^bzBTDnrCL!t8d_31T4?8&kCKZAqdQ#lk#apxLFgcimFYrKI7a&`BGRH^KrL zG{0rsa+jDvSjPIL?PB>pWM-?^E-?kigdHb_o1Lm;GX?v!Jc@)IBU{_gwZk>Av7!bt zOXgqPivBQ*$leG$4^8hNc8Gf~?>i8oc539t0#2W(5s zog8)kooq-iqw@1NESA)I4T=T7Ka6+|{u-XAtIV7kdI;T|0nw?*&M<_0{G`yW#1#qP zAd-FlYMB`RiYEOE|HCZzZ961q`mlc^t0GxdxT=&L3{D2s&I))D%B>rB*;sc0n!sO+ zYFiVX1%rip%>Bje{~-04`|fM88UQspkBV<7YyMI7JVDkLOdaptoPpjd{vu+PBCc15 ziSw9(B`+EoMj^R3S~z^guHIN@TOjhQG)FGTb_Slfm`JB84hvV@_Lm~_<`QbkM`9TwwxDCRCR2@Vv|Zja`Rc72 zfpby{Ov?*al~13^_irxpI}|hxC-M9$Gzqdb;*eT-@-g5Q$wH?+E>%=kNZ*8UR)JFu zto`o$;M}(#{UQsHr!D6{u(|@ZVEJKHC00fkoYYxb=w0)m7y1LyFm0SwHO(nzR3@f3 zeAQ|LWIwg(HW#If&!&#US4Uok_d-Z7srwJ>pp z*ZRJ0nqTTDCg`4|BvDpIOP#64%%>zHMWSq}wN@cO(S?BR=b^f!#)@;^wzx52-SP>= za|=CR@&#;{qLq%qhLZD0YN8aChgJ~3(E7f|VxwyLFB0qW=<~{MV7q}?{v6&s6nv6d zFEDI?ej>dU-!-Q8C{|-4rXRa_>D@#=HZnfijmk5W*KG4Pv|NanG8!Ub8j&! z#CUw=z(+C-^J$K@Oe2r5F=^hB5Q8mkj}4CtV*}9~S6{`Az~bUxRu!fAztZS+9@BJ> zrxm`2*{8&7aKSvvo~s>wxp&VwI?IoJCl|fdyHXM)c+q45cWYvAgQle|&;CKm8Qh>k zCdF$-qU%R=C(v9m{k`z~nh)TinxreOut)m;36AgSJ_U_&TL>OZubtM7;Le!q4JB&8 zaoBn39zM470WQ>q>re2Axc7Dc)&n4e1|!MTN8Y=x$FNbyCWb*YBtv5 z)wB{F;BrC<4G8e#xDDR>~6r89sCARh?%DgM9*`O9aY_f^6T!|pI7RTxQYW_pDbB*5GY8nXcK z@fBfuY+!cehR>zv^^Cxm5}6e>xD?}*3UT0G7Vc|BSAf4FmPBjD(z4) zeMsX}Laxg2UAuv$JDY=E>brtHSZebshhq$`*Xom1Rq;R?j{ z)->?8cc~9Rg;YtU!UA=f3Hu&?3h84c{ z;}usn`B)U1b-vZmq_n=7el8u{TVth?-vJbNHXeeen^)Uw_;hhM#-;AICPyRY-_8Fy zJO3v$LzLG~rPb2Mr!;ZfXCe1CXt|gEjc9>=`lQj+TkEz?1S<3@L^+s1K?7qls9D9d z!4yS#fOe(2r$-NUq(o!=e4s{4s1jOMrGeV+EspXmC&Oza!1m9v?@6^*=7uy7qJBoM zN(dd6e&4hDzU{>almign+J^Z^a=iy!m4sKSDnOxS!rCqsd%hD-&qt-7d^UPQT+fCp zXv?%f-=7;-`vN{tED7~lftDHj5YvAMcxO39b>+Ggu zxMS*B;}V$bxY9*1=#c6~36xuLsv7T|QkZ)(>2ws4JOX$MPFgw9Gbkh)rz;Kg37sox z(5)+NTtkG`A*Yly;W~V6uPs`FQW#Uk3N?_+(9 z1fKpN(ebyZR`A|k1-F!!XhHO7w3#(-eQ|$O{^Tsq6M^R(<4mS=eR#-T4Ox=ka`=ub z7-AkkgPGO3HM0}N&Xt;)EQ5>ytV8$qxVx3?N9koIEEKqif6BDAH=iH?;&0nAY1c{_BgBxmYz z?=7d4q&nB8JlX{vRM6P$ne~WbcIbu~8WqWcRuRBf@3`5E(%TU;dA$fk2;F2RxoM_}^; zgEhY58!R4j{}LROIg(t#Y4F8FG*GyaLf>DdEOA}J>80(Kn3@-21J`jlNK?#}ws6i6rmK6Ee$|F3CXCNbTB=AN zThIh%y_^LKUYfy)F5EOk4}{w@xyNx`q(ReV;mVci!(>Np#A8oT^D_HSCYm5OY`bEzOn~rUwm54n) z?&1B-A0%s%e=d_pz?M_m%ZbmjBATS(d=Y<(9Y)S9wIw>Kj#b~BUX|F2K8$Ny zQOJ6wSlPXx=9XHH<&GpC&{QN{VzJ>HS?pwPO?;+|v|9AprDJ;16k8KW&~;8{ZwO-1Wm*6{AIpxlSqwK{1VDL6K~AJWCa@fQ{8B&asrOv1tEA|CW!)c$~!d`|RxJ6I1b`lDr|2SARepX43eu4S%@F^rZ zfn5E%zY_g9rRMtf!)FruWr|6VHPJD;mXN1Bk%|QZt#7*7^_7D``0GbStcRW=;82Uv61~a& zbHyj@nGel7mNzVD$APPlS^uU2gL{*R*j&Ui$|l$T`Y=@&p|d7dV=pWMtGI4yzZi(z zLD25!lZjgB8GmVa3?ZU-+YXBFMnuRPVtMW6cQj=?^exl%4|r zVGL^%q7JD$wA{MdFF7(~ez5fHtsW1RHfP(yWFqz@h)_h?3ms2G!m%9x)SH|P^jfb` z;do+D6fs@s;sbcDLpLJ(}W|1bdz?0F{q<41u6W1tt*sl(Bo))|d zCq#*msvqe*6zU?x1x^Ac{;egY)-c2+?Bc@Z)Zj5N)xn)&6u?5Ft|-xwpjJ2EHO#Fx z!!&nbEampN5ydm$I`t}r0{=yl5DfqJ;>DJ~R~pIH_4t9?MjE&@0SPNx^9y~GquD# zA>i}KTow8NeQve+;*1$rJ@Ta-7OlJDA^p%M!9HFq5ioGND>gX5q8J~BmM27A_^e+_ zQ+v%Rnx!bBvxA71(ib1=F@Q|e0`P0Ob=n-{u0%Hq7i1GKpkq&d z#i!@4v<-U;*VfI>gVf5I4|w|* z^X^fF6!b=i)c2GhAFXU?TH-#@lmkm&6>fu5Ry||d>YmrdZlH?g;Tm)5o}oMOvzvj? zv4^(58|>+w90+2()$$Lvj0(k;4Mk)1YdQtvF27ey;0Pa?+tB9Y;vxI%J}Im$k7Vwn z+vUk9D9EIbDXd9p&7iF;m%4h{f5D+e7nW7AbF0_1OO9#)bzlw0xOVQAg|(n59fjo& zA-;E07_L7ZX@no5qgY(DNUg{ndDB<`uyq1F(vIf71T&*Mu^>g{x=p1jh;=gwQ@;+> z43Sg)^siNChi}HTkJEc1ZdQMZAQuNBHi^yDuC9Zu9ntRytPf( z_ZT=Xa(gxFSk7@moG;}El}A&W5Vn;NoiVohne#d(J&d$tikI5ImG!d29>#_`FNLb< ztFRWP-7g5`X!o%Fo47l!X0A;kma=VW{_`ts2ES+K|@fDwucPZ`b8^52w96jh~ zxl}3~+7Nt5|4Vb;gi$$a6_*mXEw zhtZkeH*af6xR0)hBQ1X6*p*NIl7>Z4(|URHZ3q_j%>-7hOfl4+_~t;cg;8PKmMC!@ z95Ay6p2ic#UbVLcN6~9D*?G3>fPxD}_%s-GEt->39QC7)CGhg{`=6CPgy_lFe*fx; z&MUBJ$a%v5$CnS z%dth2=*YOWqr^LYg)yx)p_n`{a&`1^>q?oar4!X0lU%%i1YYBbj;U_+c&M5!vJ-F? z^DuBIwZl|x+PQV{)*q36yl@(8U072;(qbXHRmNh~M%G}6Po9|qTr=NEyp?QdE)-=4 z8pwlxU?W1MJy${2u{NJ{<3hA$uTX}Yl`#@l4{u)5AOjaE!=Ku@lR_!)Ab))g4}1mzUe#Rfk4+ooT1!KH#i|WI z^o5WY%dm*1G!J*yb0#4$ z`f_-IHs0g7NIe>eUDM|Rk*WQ8`oN>Fce_C=w$BRkNxumy+77jvC- z3GEj7ftRfy*c#?}O~uYXwL76LgFULNl%3s4hi{(kH^Uu~F~T})=?+x7H$S5oXH$dV z0Q$7&#Cvk0ec)Mu68e$z8AjL!j&3K{frG@uT+zm|WSZZ~99Yaql!m}t%S4=+FI=8l zjs!e9PqsdT<)4wt6!N<;;jH-!A(r~eY{j&ilOCIzIMJrz5XX0@M*?7|d*qNSuDZV} zB=4KCs)4#Aqe1>b|J0^38hu~;6Pl$S7>Y5c`u%o)o+bv@dVXx!SdJ+E165f-`9U#u zD;L%L2~)=JHswliAoKkq{QiIp)2A_flM%&`4OOn}X(z<&4h_Der@@kDJ)h^DIN5kD z_Q{u!)OMfanK^l}I1Y0@kH>vYNX{K2UTG(yeX^(*N1F}t;ZdKydWN|sT4rKFbFIFp z2;rx>kCat&R>&>%`1$S+Ovvse6z`C;YOpNI69j90hDYTamiCO7qYvLQA9K=Um%X2) zisJu5hv4F3bv=R2S_EV8fU8)J66u_?XX1f7idMg9NP7QO-3pjN6bH;nnu@5zM#;fW9vk%#GbXj46FAwIX!UhO=Al-giuaUkj z(a_if005^;zA7!%=`nBTOK5hGeWw& zb{5VCQgE*?*z>6Xt90}Qiq=o*=)<)p&gyk=R^AM+%7mA+{wiV6 z<}Ob3A^!^st=q(>PL3ACSi|g< zf|4hAm^3aCl`ea-A1WV)WUT8ZgQJ+SIfg6%s=OC(@%hYu_^ui|f@7GN6G{^Z*a#|t zQ4^BxZ&qv?JQ$iO$~*w59rgO>ob9w~Vq_^Ggp1P4ySnuTh3IJnjlhh_Bf13*rU%%W zp|SeBXtCXbTZ;d#Q^zQ1jAkj{hyJQjLRCwhjMV~kj!BqBxvL{{qR8Y#fa*~BO{(O? zmr&p&|C?o4`QV$7jpROQI@5m&p}x!aEvaUTAKiH3&z zZ*q%F)JLeh?Di1km1>ps4LPjRqqIp52Wao#mew5IJ)(2z^Kx*E@cKzPSUh1=(AMlO zj{>sL+^ii2k_`l^K0xA;jU-@fASixC=?C3}FEX?BSRNFf*!j1$4t8E^`!p@8Wxn#t zFz}ueu{Qksn1`ur^~00=FlcI6+)#N5s8vk2jmU<;6e#<$HSb#~w-XR}>-&s2%lp=iL0R*L)dRQD5_ly}v<5RKZ zIJKG!xfOE*@8IV~yMHB%SuP%iJc}fpg}>Q>%a0jC?V$2c?nVMBWzKk2{Jf*^qWX+I>XOD{00Sh98BjsF(G83@Jby|-S)da1%aM4@jX?|Vy-;oV z54m%#LWgCESbEvST^4chz7AN$ba#umUnR|S!I--_ho>6&g>A9Bg0(9O>$Frb?+MAJRjbOdO5JG7_uB@~@RJcmcPTHM6 z#4H_#$ZX+r3B1Jqd%JT8r+$l;1>{%1GX29w2e6X{BY8c#<|(=D`xfahC~2^??(jU3 zLbGNh^Ga|^9$pC!%V&C>^@t<$*xPbwKrnjnW?&?KGw6BVUydSQSaZvu(yE?9P-nIi zdt9RndG3n40)|Fw=k{)zoOT_YOw%dH~%3Rc2$F;KB@-5A6q*8jiTj>B0io`SA{mX-9HYzSga& zz$_}xMk9@&F85IV&+hGjlFIpTB9)1->-1izN=fp_!#rh2luH(_lGa+9k~RyKQz*1c zB2RyFx|H=|5{MjFxkk;F*D=+iQQ0{h__Hqu1KQ8G{103CpMuBM|5fl9gerLWZ2Z3z zJhnv7dpIrq-)<-6g?)3;(E#Bm&U<3vc>?m8(rbnD3)RpruhWJSWpk%lLxe=iJf1r76y>Rro8R{=8poD~YtNmNb1%>a_<6O9QkXsK_2%t3 ziFdAcPfLfc%@heJoM)zh%MQuCQY+2bCjC?Vt-iD7a1XSLVpSGplN@@^a<4md3#e&H za`B;RTqz1`%*!314av(WSk@Zuu;ze*xm6jjGRuoh<8LF@icw(6QD4!L|pCS;N% zlet>z+zt7DAw73m<-y9_!zpLvZYmI3#m_zTl9+9Y<$V{cIja^qaQ{>Iq9 zWTYw#%JV}0sr=+VdSfOKd7ZXMew(R`d0@kYFNPhal5Cw9db44=dchCeq8IPMpWO1X zr>KqXK5}C6MC)}{y9lrHac{swqQHOfZX>9o1+As-v~z8)O0S6}rtwzl0bqb%RmcL+ z59PocS0It^=&*WEtuKUS9$@k^ImooKQarm|lV}P4-p@ere+k_a8X_BOR-mN}%g2mB z4^!u9j-)s$HhnHC8ssx8JQ@>g zwfxANQ>Ec+1L~}oRJ!oklyUh@p7e3Meyn-?3vOpvQb?M{1_mZ&Y$@sxzxaw9EzKj# zEmLYU8gzP>mKtZ8gCDp}0(+!BuRKv+`+ml7q)!vPN~B$q>k z%i->R;i=Pj?zA;)_su$A%U#ky7!+sA6?bn$yMpxuJ&DnyiDb0%W7kpR%b;Etod~{r zE16YLQ?s^nO)>NXP0DXKhP?*Xi;t6D)DwWYj$-Q$$nDwiDx=uc!8qTFYtFTm&6&NL z-O-imW5R#e3F@wDbW3)k$Y;W>q6(CSffO&=i7F%)#lyZUgEC3`;)1J8|G(kuvCqW)-3o0Xhw`$ChJda!;} zsTbAx9Xu!&T^)y7TVRI&@fBnP$z8iS;`4i$E)WITOtz&j7W}s&{e;FRLx~>HaG$j1 zka}6+P@Mkv(bfb{cBzI^{f_T1}3UL`*Oh6{PJHsI;w%XvUsOz@cr?IraVn^NV8V*+z)f z#I>aQ5nNm6lmbk)aH_13Yvn5L=RRv`QNKm zwz+cnO5>|)0;I7m1s0_gWy<0EPEO0WH#!d**8jk$CrqTt+4=fGN#1ef+}Tj40KOaz zj@1Trd-wj`V`xcs+M8fgFtq*PD7JD$gaWmG*PZ$UGyPKZ_pG|x`vpnsbGo^Jd%tTi zoMY>2D9xh|?tM^g*9~)DY`wzp;g3jYm6ZQ+2rOr~<{qwQRwKenX7J&kw6!GCW&t|X zexb7vR(7X>trG7jixuOU%b1fqo>)@E8Q~9RC<`^)+GFAEm^v=BW_yD&mm7$ZnczAQAIA%Ogdcl4-t z^``r)yN2CRPRRZY4KJI${14x2C3BqW%AE*Ia0a#%DCyC@%BYjIBvfE+EP3Roc>(JO zMq#dmb-I5?p5NuP<50OCg^Duk*{XCar+U-pY}uWO?Q_rn_{L@=(iJ~rf0zeN!3IK) zG}I8&jt5IKgrZM_0z21_BjcnRcrmJxPOSV_Wig{>cWYK-i^1ErhU7=_epUgK^K6&|WM(87E9 z3xZ0#M@f)e&l)uLjFSr~`Oi1Q_AGmeKEJACCo#dYM|{@qF+-5B-Q8+=rD~A?(O{-a zSCfk{52zMtOMtvGB*SOWwF7f z>k2Z`--g>~MCocEX3XQd+(j)ITG=3nk!q;5mTIeJZF?Bu^{=w#h_~qMxX8bnG8TXz zOTW~hMtGu8n6EcN@E1a|q!H=|27PXeKsypfsCm&|{2Uma(bu2Frc%;5FVrD`sE zy^bEa{W}rs_NGaI+x=Psh{fi1f6O1MvUD}&4)|^|<}#<8`K;woO6AoVh+R}KSZKzW zIMdCj-%P?9FJHMv8=39wL#>SyeG9S~BFL1qfPIN!mIVu3Tc8kvUl1Q!To<5@c)U32 z+hkf5b43k)vpgIp))b;uCZngLpYI;3XArF$8)wWD3e@=@ZW+eAjlEMGmlBd$Ed0`5 z5LFvd8*yqG19|iBa8jXWbmlwwP_4DM!j2StWt2BSrAJ`ZMX}KKd}IPjGyhc}reLg= z5Q*NK-68(;_2moag2c@u3hJg;{fo1`M_!w3n$uX|RX$Wp`o5s~Us&KDF9SbK-OyEhDYVM~}ux*(dH3Lz$;Wpdvc!D~V`PQcAU`FS-1A1$I;=`lh8VQsgFS0JnE>1q&WfY` zBEZnF;Ar4T2sa1sX%<~CF)F_klCckth>$4wD}-Qh@0FBv?E1Lu_7&+%n^nG}mOo*YW4de0xw}l?F)c zbvx%BIS`(+ZJAc|jh16=nrHsQ=Hgn=OsnF@MRKCu)e6mk1d8YMke8M%?C2F`?*3Pb zx!3ly$j>*JCYvw9kE%Bbe_-AQDwr+^?%!TH{egkJ6#m~MvkfXAi4MR`&+giNUHDuvRM&c-?PvXq6UzFPc3?1ovVN1>6~WLG+wAg7mNMiE z{voTMCX%vpoR0sgNJv)*u+CQ|E{=T+_jS#t^;pNDm@N;SSME=nVBX6Oy3W-)C$gdW zcnGTooriMgIkHx@TF_d%5<$ydvP{)nHrZS`qL)_k0tpfO`)Qop80}Y8p4g-CiLI7} z1d?fHmoCoc`67$!gSg5$zMU9p&USG{ulduDX7Tn@tJX6=6GpA(r?m#{QE@Nv;Fx$| z-LNfN12)Z@_o)x(zMTGnvHg!j!_VhfIBWw^7sIL5T8+@iS_M<%3hjaOhiB;9vfVhd zFSmg2P1_58AmeV@ok0+Wt?1;e>v~fv`)VH6%lw`}{cJ@p0B&q<){nHq*##DY?|my@`Nrh-GcA4K%{~ zTN$+BH;MQ{_IRJyg6b`wr2dWnO|)69;r}#qS;((*-=MO=-{=GAO?#+~DfzEgD8JR4 zN4WY@-+^9s9bS{S(=YhW;Tmnyn&!g}`Ra)aXjFpTMIA;wZ;s4zHKrr$dG%ryHj}x- z99T8>D@8LMf)jqvou4ylJ~UZ5$}+Hg&?hJ()sCJS)G4#)jW@d8G}x&3RXa{g;|r?Q z^Gi@cbK}#I{`5R4p-!A5G(Ux{^Bhko@B(6(l&Hc|#Pb1Iebyv4@HfkpPCFBtd(bH*RJ zPRxJfyfe{Mbh!Oeeu48hBD_W>VL)MGR)FN|GIws^ZIU(vMN)qOb)cxst6$vn1IfLW zOkj)BKeZ^77V_@{BxnO2r^$kv;HW@fpmtXOz276634og8{DJ9S5b3`Yv?*VMilzdf z{yABrF27Fl3))ft`IZM!Upny=q`+c3mLpX0px}Zq{R<*ca3wq#PsCUips~)KVw#p; z1?iy?{$B7+RWs5-p^CV$OL6A^s;ml>hIp!tHHu>VTgp3e%$4%m z%2x!3k9Yk@sPl~%-#vV+f-eUN_9uhFCQxZ7-{@5cGmC-)R{yr+b`8^Rrsn!wZyI~= zchon-W@Jb;E_QWHDx$ip1XD5IEV+1XKgybzXa>-)<@I z8E(gZc$5Ms5A?#^d{blzJ~%j}cQ;gJ;cahu`|vfTNkWCCvwS-@AnU{La7FTd{L9%p zl3-JHZxk_CQm%kY^V%kHal0#E3t6oo1z1NVL3E*2~bZ%?A1 zzcl|1aMNx|jdkiYw>V|l`t^7~R@q>u6%UCL_i#JnpI|m(1bkmlDfzm{+_Yi?3(|Z^ zuc{9@oYc|Daeeld_V^dR^O!)T)l^SuVJDwPG@`Of!w>i(M@eshk(E zR&w~*ZYr_N-BEhjMYKt)2F@3>y61!qqFG_hyr1CrI(DT&;v8*1`xI<9B6qRsuyc!^ z>QyS!mVtWJI0R1w(iZh^7Eim3ni{(OMH|rFtKyZgGR!{pB6FBcWACDbk*h)gn^s>M zBgO8jq6;HHSEEjEcZle%Rt!QQAYQ01tWt9NB!cWBxs;mwk+o@+I37UYm4dRKD)k%H z)v7)Z)z^?ZU2FJcIt{Lcod`V+xIpcP}iLEQS+6206W5JF*4ZFoK7(2a%mXeFp^(j}Rcdf~9(#UJil z1kEcM5vmozrYX?_)vLeXk{9oCKYENyT3c;-+{lvC(%E%3A2u<9(QNGHqdA^8X6+1D zmeq%9*5d@l6tBD*;7`MkMLg#Y=H`YvC?1BwOy!Izc|>~Zm5Lco`$+B=Z!WBV2{0Yt zNin5eSH9Bb_d=wrYOYBf%j=JVLfKp>nTJaCXJ=V0)(IESh~KSBC?sceQ+ehSxdVzb zlDM1;%zkC-{Sp%5(hbQgotfWI?1@Bchg3@e4?n$WTfkeCB zq;*m%Gy5TQw05b{?BSa0Jg_9)!B!CmpmRd9=h0$^kLXjCb+6ogm|)3U^R}lVhsiRL z30d&{5FK_vRz`Z0n!6J!i3W<*O9= zPLY*D0azws`r`;rgx{P;lO=uwzcik672?KX-KQi+x68D=K9a<%Hcrr5q>`RL;fstJ z9dLW^y++_TBAHICK~kCv=xvCszZax5XT7*aGFsf!2M|Mb89BSDGAqpejEztj;VWsr z{()(c=agMx5w28q4LRn&WWtpTL<(2T&rpRN6@4DF^FK^Mx*s7PyD)3BN3Mz?KM2%{ zNc$qd$ARQv>jm{9(EqBQo!rkXT9yJ2MO!#?_g=?|>c#H<={L-P{=igm|D%|FSk;hN z3xx!BUbmAFN?CVq^R@Pl(G4+RES255#r% zHyHh8L1avU^v0_7I!U$C#@@IEl0>=%owZwi=M@&2_Rg#f$rfOxS97-7$yNY*mF3KB zmPxmE79;P@Z`6*&@;3R^B^+1;$=UU;f!40p3HPb>%_i~_rGQ%v)BCHy<3#?MywJ{1 z8h$xK`5CfZC4;pghN2oWNy3ME#I1SD^j+PgO?~0N_lR$mby|FcP#xB@rL3n>4cOPC zt|+n>KIpy=)Q2vnp_@OR*uYm0x95`G$C&LpWu!(}lm7jLDjEN9M1Hmr#hn}Xk_;x=?)f$}7m|&PdWF1D=AxM8;1ZTl#DBDs0Es%5Zu8hn% z(9~3MNW0V=e@Z)kX?m`{Fia*la4zu2-_!iHnp+=*klDJmQ3l|5-5gaFn$#M;(hGS{ z1$RwhXKem%O|3j-{^5bOMw3i(eQZT@_^e{Siu}tDG16b6ehC0fch!TxuniXSafYG=8*l};ksBc4?;YE{) z=+U;tVUiQ1(ik#+)5qOR`l|94Iki)h(I;Q@u6aBOY^YafDr4*@kySfjfYz|VjS$kFpqm#mQo@0DK6CW?BD|J5Iy~6WQy7yNn=!6lpkk=pR>qDRxX?2yN;()5k=Ck zxGSMp8A7ALl;$JUW0gpCG-~REf$A`oj_*vyubKD?1dKq*NM+`CSpSCm5N3;Z$sr`d zG*ahKR4Z+84xe6!wE~oqO^tk3wl5%Jfa}xaxa70zHO}5e8bt+cDRXfX6u~)iG8yni z%6OzRNrTK;E^8I#q5hoO!S=sTX0){lAqd*i&8}%XFN1%x4=}znjXukO44qHyMRpay zi79}Tu$gfDTN6x)c0)PC6!oXi4b`wAtJ4{h7Bpk;1Lz91XlY`esWokAZ-g*jRq@}? zeeaIsR=KJ|KcV1f z7a$JsSZu4ST6SMu-2iV1bSmpXf27#0j%r4_JO5M?D^cZk#BZd(G$ZPyrGJ#b`usG0 zD~GBaS1GKZIlvDYe)hI4hDx7%Lb(t%qLal%eq2!bhY?MjiT$#mUsX4J2KXy-zg*Y2 zsyZ@(&Z?}q&a_{)Pc@H<46riBG~ni|2cqbW9w$V)NJT$Dk@aK~^eUPn7clRR*Yf7@ zc&;Mp>j+*6ec!&%k_fB#c#mNJqkRCo!Dse}8&YB|O}a;lgd^{po`%6O)#>hK27uPZ|yzW^mu~M;0_x-}t>+au#80w696ri;Tdzb=H+lAR~(TTkD6gMz=L{mP%Jl z5bF2@NIfjaeX!p2U0$qO-5SfVci#BNv-{jq!LdSYs|-Se$_8KUTE1zEU2@&jap90( z5e9vo0_DtyjN6SIc}eHmyd)yR(>lC)ryB_Py*Yy3VxfWSy00vMVCD+=M*|~5>TRw* zJQZyGJ8Pl;ZJ2|>R^=@FJ20+egmnxL7?M?(Kg~v;ttan64rXa{w~6kYL|4|teCtmu z5t|NfxIT2S<#dE0ZW#8jcCz_W1@OWbMp_a1{G_)t-C|uF*{wXXJMzoB*)lqc9Wp)# z%x&8`4ElCXpVU8;WoPv)bV64;TE1IuCMr>Yduc(0)5wbi!ro;`3PhXDsuyW%_*yxS znez+qBXjx2??AofKi}$!119{XMp=B$r0jR=IKXA?d-ZFcvt?c?9*ZBu!Z?x?5oVn? zHIdHlj~YLvy-?-4NEhFnY1Zd*x>Xo0mXd2o_;D(Qo9Wc(?#Z~W9iFB^qQu{GOjb_D z`HfqxY4wd#Wt6R%Ro#w{@SV8`-KhjKEU(wFX~sJMX?2i^O0P>Bz3dr&wmX(f-8pFQ z4gggNRoYpI%BLVH?+emKhmdXFT6aB%!;<=(q!3A1{=iyphFt9{|0Jk{O4`)MYE{u$ zC>6c!a0mamzwM)!g%kd5{hE&TK zz~aV8cN34@Z@CwnClw%Yu0y~m`(ad}23MnmEM1PdVQ+AwJqu^8K{ry-z-!RG)9i?h zyGD)kn!-^C6J~8q?74X92yS<5M3&}arA&$N+54eQ&cOQ7M$LGB9AmKXG<|Rh#C3PD z@VL71&ircwpbjr2?AdIfY zvEkg_{SVCH)m2OB)oglhX`C(!A!RZES*HpmYD9jD)*OZ|jHogmMC;_W3L$zcyurpK z@zqYV@ufZR$o?C{s)8h0O!X@fC)x@eJ)qkJN&?@pau;Fjw$a!UlFVD|jdYW>${*LM z5t02+kUhq#3Ig1oH+m~)pm=KrC&SVCFi=eLw8Xryfauju@v#MMU5o9{ym|rZVl(TZIaok-}AxI$v9C51&2qXSX0j(x-31 zt44QnR$k2KxPn;n0mA21Gp|2Tcgaw5N-geS=^*E9sOJw<&^XMec2jKc)8Fm)A|s!u zPfi|!Mkf&B;uPKZ8Zi`NkQdKlkaS78Z8ufnzkGf4o)*micARc|btv8$Xaiten zEK$DhppEMMO{2Thqjp`9uFi`kh*RDF{~u$y&HX2V+W&}Czno)P23fr=SP=ufYj`gO zzsw0u=GP|hU7q;<{@342e}m*77)6SD=u4ST;3^bradOEGT!*^&y+C1@6~dW7hrh_p zwcnje2;G5cF(cIsVK__(#$f#c5)^wu_=~;7Ca-hJ^fQZSXXqUPgq25~Cx&_kBrpo~ zP_q%ozKYIfUhQ7p3acO}6_9#h3wXvXpUaiXk=E|)IRsWhM|P-_`85ZaC)|F`CcVF6 zkv2nVeaRP}k!7X2?F(Kzxral0V@NEAe#jW`AzBw4#C?KcqYc9u8g#vnmyVs51TG%A z?^S}bX&$Y|O$ZM^|7=I+YR+_t{hW^D_2MnWwGWfQk(Sg7{F(Ke{jTxvlCi(l=bOae z9L~;MIMlLH^@52{z-ze)u;hvuT%W4qUkfHBK(^>g7N_u>gg@JwUb!E>KvZ1pp zrwh~E?qmqLf4p_)ITU}1I6@q5X6E#Ca(%wNgrwC_;G1rad}si@EbGJFxY-1H2{(r2 zG#Cx_Cn;V1BwGC@)bbMh`ygwwANcoX+!$i59xd znZyr+LwfR*PF<5yR+y`$Bv)nR*TtC*AyLR3h46AVqImR9yyGoVmJlk;=j-GTd!5#3 zb7Jv@SYu8Nt*9~YtHm6ob2@Z>PO#64Biv0Uk0=4ZF9*P33iTH5S&a3Z74WZ$B9>|a ze|Dt6t#|H%LQG-0&3?r&IXJKOMT)U6MCJcEOVXu)`m29u+>_{YDkVT54?yb2G2=_FQSISN9Dmevm3GJAo zm16j=YkB5Sl6%fJ!w~9{@kXr^KYwN!l5KJ2Ml0f@^&@kKZ#mmq974?DhHTnSI#yLs z@S7wcz#1>jIcnVP(P zn7U&StxeFOCJzTcFT5pq6+XYroA3aheTq-Ri%ddaD3Sle98FlZO}4fw=|ggBwEgmQ zbak)dU7ZP*)3iOh7Sc?o?OA<3T_-il^`n(5kphWO#4Y^@z8#w1uzbF-5=W&Zwsm0+ z<8mT&j_q>Na@DoV$#+>v-=Ymj&DAg!0T6%{rDQVr6em9m@3-z~fE;MMKD!>FZ!E@Q<3Od_CQV30>%yd)q1c>Sjq5Pf z#{H41faUa?SrSjVgzHwyqmlFxUyWS`qUFuuSY-PpjZ#^cgEl2&_KPJx>Hw=6)1rBT z%T5lpxboy5nCjZAird%g<2TiW%?XuyukQgi`Nk>YJxodKs=3V#m8jpB#L|VU(8A(o zXupeo0*#gdVN03;eQOs~5~ppc*^H9~C=J0uO!)8Pw5OV8m^Uu;(AFImzBi}E{(-^g zrJtM*W`d@@XKiSC%bL4GM`Ad4DDod5A9`?^5dhI;MNq=eBHG}b(*nx0HgR@%mxD%? zdR%DS$BFae*DsSJZs*$H+bOo5srRBwd;{rIYd#RY-E#D8Qf7@&WCrz+hewNAYqCz^*Xp!g9GGd5mL*%r;jO`7^NDTCa+2OTh7`&$-&h2`2mq0eb;sgBoY+!8x>^)VGg zjf9-qbC@o=d{d?%5rrTv&T3lpe{pOmS_bppMLy- z`PX@nSDQ_vW%&4T?4>pK<|^yQ+?gJ#xFwZATPgiQvyH;&`_&@|-(b0o;U>#qGTubT zD5sxI+JbD9&}IP$uwOlvks>@-;`KQfkmxbQ^7ZoAjzah$M{D56lJ-34RTZ#owYMJ7 zx~yke_G+BK`=UvHWlvN7VM#dOq2fEtkG5xj85P(ZTu^9cu)Zgw_!}^dIw^y`DEYtd8ovLIxix7HQSLTy# zT{gU(S0UeW+Qa5txC0wr8kV{?u0N-LCc0-qB-0n;?8<3ewMQr|)OH%hhy?OoYaaED_g^25yn0(u|62zpuDD%>=+$21=42G&` zjwvP!IdG8D80nH;R;n)pgn}9)N#`szkeMArMD_0A-}?53E@QD#v&DoRkfqI6Z2`+r zsJ5rekM5oV&K-AV^~_bszo<|ma2RUYs8>sFJ!ZL){r-ULGM});_YW(|ZvY>DJhmtR zD@}casFx)ILtGMPxgmzI2IhNQ*Pp)HD?Jt zv)c_dn~4tvH7*oReKyRftDbcti4QpAveR`d zNL)V7a57&aP*;Lwn?n6RB1F`E6mM7#6yyz@Fli@LW6c_>fmO+~PHVWq-bN5^05&ek zpVm4pHt4J25H+i#Tv~D|HG21<8ol`xv$15|VL#~RSZ<;g9hwyVF{4FBxaJ09^dwf+ z!k(wweC6A6V8JLm(YnyP2gFBjvcQy;*Z0p9?KS@#bg!2M;Ya?$sw#q1Tx!mKQgl%>ozbo=9OoN}C!;i@EZ^!ZZ-%CgJWCGK#1&!SJb*$bg znvA|-c};0%bl!AQzjnJ1F#q-t0Xig`auf{tF$qC_!s0GSD8>guE`WcZ`R+dU*uxls zyH;>^tGB;VtR$KIXYit?S`RvB*c*z&D&9m-mpl;hpkoDw>F{RCR#7DJN$z=XuT zD%0f^G3FrOX0VJkl}M2n7tRl-U%{4~ z0R~-TmHCwLtJTdWvb;*Bqa|^Q1hg2ofjaF?OR)6q53L2Qf3M&lm~&|$&0w9ywIQ-x zil$ci`Y3%&XHkedWhkFp2jCL;{A9Pz zmd>6?RC*Mbj6R#la%PfgDmYaja(642H7<9gCNKB0pw)&SC%>lp^Ro}5OEvcV#6wQO z#S7t{MOkGe1?S^&?F8QDM-ainzJIMfqs#31*0%_{+Q_$hOU>KGYmPre)%E%Ld*fhw zdb4!fes}QJkD=-_s-Ies%Z9w$s?a82Lc9;=NVx4YQRk%$n4eNCB%NV z%OOqqvfJhdUc!HqLrOi}5DPCMm4_`K65pt&P5SWVv$~^PVs_R0tJ>_DL6!ajWGbL)MhG1RB2fbOqBbpRC1(Lc;jVrJC6Lj3;Uul?v?VwX2?KCJLjbaFzYUw*e#BWWf$J zSs3L`t_9&`nPaz3^q3+Q zvu9Dg)chxWh}wO2X#0w%{so|^%&*W&LW)=~FMow&hN2Uuf=Q}?7Gjfcc(4o9#0vBl;loQef`4Fe1y<(5$_*u9 zX}n?e4L=?ti&RM!}?u@n?FgfG#R%8d_b*UxZ)b0Bc}@T>hiy zjZeH|VC8sa8ryZmFt9>l$vj5ZS?}(A_};1eC4wRPbGG{&4ljei&MVLBb{qKb;WdPf zdNW_V_5?>ZW^}|YddNIFStjrrjoMfX<>gBbOiK;~xs@DwE}1Er$4m9arG8d3Q4;-u zb+6Uae4I|KFZu2IQ1GaLKo==u(M4W*i#CEOf~=mrcC*3ecQ;ia(sTrI=ydP?@oGKi8E@-T{A8sI|?CEHbZ@kuMf}|F`F4%rwlYL0&^XN zQ+*4r+r)M{iu302)pP@MYUQ-ac8;q*72t1pO3Izuq+iNF(93XO)7;n(4!Mf&g8~o6 z&mTyjtz`!8&HA)_G}$;fmFY+)-tTC=rP*|zHx4P95wewR=i)D{0r0}VGjdEDuCD@9 za`0~5VFTYUa*WC}B)Gix-(CGpMK;gHR+U?6{Aw=n3B$?H@$l4TxD{{2aIEExZWs9D zFvz9tAd}>$?<&2iar<%VPM1s8G<5VQuvbT}VlDY6O_uQ3X}mZ0j}o6XdlypjkGLE| zTtKIVyBkdQNs4o!0u|gKRXAnXQwDdUz4OYQfDwqmiQluPUKv_y%w$Fi*U%&wd@pcp z%FK>pO=P`%wpsAWa8G9t4}HiiV(Q83?-jlLbpS2S_KXEvsD%)03=_PtsO{V$!551j zpmB#eSNUaIshiG1Sfa7Bqp#|ytJI`^JYcQ`NsM&O65)^xYmS87IpMVg!P^jW@-okYi@T6m6y6*2l+&LI!@Nnd z?7mgY_l?H~=1%>{$(_YH$cvsJ{*x>lb(N?iyIpt!vbqA&BF3xmcu`6g?s;j%WF??1 ze*f~18tg9KKQOg@yjL;foK>>D5+Ov1bdw*7_zQCUyz&}T9=U-Wa$3xzIKpvX&!k&* z>8w?bn;gGSznA6fQE@n1%=hzo9wTnjuA*tS#fm1uPNU#4LFEa-a~>{1TXuy86RZMQ zI|;_tU63>tR%^ODfEysa!hkO5G_fOrBljw1)nE|O0 zt<+8G9=tf?%CgSw30t-435K_&xP@%LmkCK4yw`Mss(kRGsK4O0Xw^`XBeUpzolaC^U}n^`K7icW3SpkhODt#2IM|DRL~EO6BRSTVS;t+y z3E=i%mc&be=rii62z?}$wbi537Nu@|9cs3^AXk(ac~^?e)x*Kmjp~2<-XI(AWK3eY zWU=0e@oh83R$I*RN?_igu0b672o0}WnkeQrbR1xbd#jVAi7BAkLPy7Ad z_wF6zy?+=Z=a3^g`|Q2eTyw6;ZMm48C5*?{b^ zMIbuYB>u5gMv6H@n}7z%?@!e%8z1QW%CB3eM;gX8$7fkYjjAM(>R%$AMLNS`ch#`* zdu~EgMNm%Ou8b>J-MPHyQG>R7iY-YXSR_eG!<{vkpfa^l#a>UWADhLXUj13cK_XlE z(%jLM!Q<86VVhEV z)OXWGm?`n4*}C54Q`Zn6buBKYl;#sOuM5l!ywR;lDB~oW zIeLS3;KCTvcVf3*3HT{n-GR%EQuboAfEd4mV0)bxck zAtjpim0_WyOR85sJ4Grn|&%>p!;{`ElUvSezHAi_vM=wtCO^tNhi{nEsDXS;%ud1%2 z>PzOu3k^7UZahOq8y^sV7vU=~jYJfU#aDHtn>y`uKZ*TQnzx8L77>KhqjLGS{?ad?pqm?s} ze!>r;y7~LbU*M#uSmElQ1;v~TEU0@3QDAG%UMGELtJ|AZj7v7gJYeZlW6P?;T*7C! zo-IJ&$QY$MdDXO_X3TODTie1k2JI^!^)lU<%SieXk)Kgd%1*7yNv*c5z^qQ5t2>fO zC-M%GYQVHdMOihgg#=)BpOv!Ba)G)`x@jC>VtfuMdBl$F18?=ARc!zDs5*jip}mj~ z93($4()&ImY`1Ry2W6IRIG$h>8)5mKkgc7UmQU{wO6;BYzp0V4M0lf_zz{tmoH{RR z@~9=%&zJ^6kqaB;Eb!sckEJN7Oy^1}A4vW5ZHa9(9JbuSctk}43y2|Ypg*9PEG^Z< ztB6;wwA!6p!b0gNq&<9?2M!IGoqHTZq^i7)5zgPmoak0#_pS&ml|(+cuY2LUU%ysb z5|D|!5m>D%eQBJ-M6Y52;<)TmD&$jLiEoqJTQr;I$LJLan89Z}P=QuP(vqj_oIk~mIG8Z2mVVN1H?4(sB z6CF3E(aP5>ELNm7+wJ(JtYRzwQT`Y32kYm_rQN%&2I3PLo(B_7KeaK~JasrI^&TJ4w1BWS89z zn*c>Bn%nmEj1VMmr+jDrk^-pCIg`R?)Z-`|vmna2DO~b6;pL4AgL9lVs!m6AqUU~} zf0di}^I!7b@*$D@+&Xr25GEhvLvBX+@g(~j%2{+Qu0l&&d)%*Kn9`!R%3j`vK#k-j zz5ix#vYBKw3Z`@OZ|hTdL`E{^B2m|C%5H52T9b6F!IXZ?ILm9ID_MmFB6)k2dQ2GM z$H$$&OVjO`(CeS_CP5TIE+Zd7NfUU}xC{Q5#W(PD-Nc=?xm4*Yv}|WcuweTxHtR#un-Y_$Ox(H=>akMQ4ygjLoK+&9Z@0ejX5O?Q zL$6Q{ko}W;l2N0tzL~FiYCnjz{h9hjSK9y1c#zLT+e0=Clhl2;NRJKpBzskJz%SxO zy|MuPDnVY%Hh*n{=PXOo_dBu)hn>+pZJQU?ecH_T;SyYC zk*; zQoS~Ec+Dk<($3#J3UtY1zVcAKG5b#bXx@tZcQUEadL8~M7F9Uwmf#BC15KB}(oWve zVP1Qx6q{K)oCDlH->b5Mmlit;7O>>$XtDbmv0mTmcVW8J5rn%o@Qn{T7$F>8NzVU7 z9&nHr&j{JGC*5I=w*~cM@$#5lu9tYkWIcyZu|d*W%ck95V00cP9!As>Em;+Ag=_ zG^8Ax#X`g_4JNuOi3P(_u~O-M)hmcvMmsy0zHo@#JKl)67&j$B3{pRZKPZKNU)Y_N zXH&k)1k+Un3<8_FdAoj{73MeHkKg%In34v@oJ51k%^%-VJ}@XuFFu6q|1|96Xpsa* zTnqfT&bwHZpiG~R+JI&~&Emk0!le>0U!UL}y=nV{A}Tk%?b$lP?!^}T*%Ee5sS`{F z_zl@cgzH{j83)TLbhxFDLheU-2|i}N#}^}<8fONR6^m5`?h1ZOPqkb=j`44NX_5Q0 zz0ElZ*}}bCC$t%o#U)d&MaS?5MW^~vQM;J8iO&cBdqUa|9Tk1(vxRWVOCvZL=35_h zd)pxS7Qw`q1&^seH*n@=c_A_sL2)bXqt-ssMdI)K!JR6V95rs+pd8A~tWSJ)U+OMN z33t>XA>ElDMVQxsL#!$+W$fad9gnoaSqZjzRn@+1CR^m&3;d&|%?~U~-+D6Yf|G0y zNA926Tb+=*ya^Wnb!QZITNT3oHx+vkAW2o{oirBZZo%q45Z&)0k9 zFUQ(7s^%B*L*EbOewNO}c@a=aVOS-8n-)?$7mP<6a>J?d)*scYAqp7?y&Qv1*y6cq zWWPVWsaz3u?lSd=Hf z4%}Lkt8-LN%HGJST|2N^I24~UgZ`jU1CmR@){o|=Xp8J=>EN-a5>c-h5|UcY6K&JT z>iiyUO&`miKiDpr)oc7gp}USbW(Ke^gEV4p+bSI#({vORBqM{s_pWA*>EO5A%D)-3 zb$T3#z4EG&)-oUdt%)^G2mIzW>Td9G^fM%0g5m9IlNa2yDB2W>wFsG^rnYs`rX|-H z868`#8(B7MZ5NMY>P*YXW9NQeA7N$4ePe9|`VD~7G!p|06L zUBz@YaNwJ&war>#YJKWAzknybgxF@!)VP%=ck(yt8d9AA`bdgwV#zOn_8$~;!P!*H zpWQfy=>7Hc-5zppn=>L=gPDtLHcYN`ggC2>P3DB7oaGTOuXDVdwM?~`QzTjY^zA?+ zl|Y%pf)&dY3ROOo=6sEh_bLGy5eCwY`ZEe!k|fR*F*sG|?vCYo$>00JSLPc(m@Dw= zQ7AMifc89Z^qN@6O>y3~8Z^jp7o|#a_CNRO?K3wb&8bqy&d6Z)0NV;^Dd0u=Zg5uM zWPbqef($XiJ$IX3n3v)k|{V^sX|2~~5W zr@F+@R{n~oWJox2$EuRYRqr5?sbD&dR3!X0&%)i2f1rttzh*_YTCo^tyDGj;)3Gyb`VF#1!Uz(EUm9icD zwA03D$ds+#r6S9J0g_;jpnje2FYf{+s$9F8?l`cL#q5VvIqsm<;TRXv?JGW~L$;SsY<$V14Qf zlLB8Yj)3?oLyw;Js2E?Y+4Lmqf@ev#4ihGCpswlNgD9fmgAW)C^%K2Fc`U%y0+z>+hoY zO08+4X7p_nkjIW0+GMxmn;{$mGcqU*&If6jzG9;E#ya`2aJCTKc zz!f#PGyHq~DHr^&XhnFTRwIGA6plmNeoxD8!rtzbDDS@kK7Cwgl5Cro+)ATWwX!y# zn;vJvWSpm&IDSh|indQD-Q{WR0rgw3O(~+;ye~@2IM;yD0>c!OXz~`{EnbXfJcBUt#+=h1l=`$BRnlJb1!0}2g}qi-*VreEcszVoyOkQd-iyjxPP?(NOvnpfT8fY0eG%$6AB;5I<2h~# zKR%E#^pe(R-D&^*0kgfwN{ttf?Bh~zjlyP+TszIOF*lfc5QcHARDWSS%47M0k)Zj+*Z{PB{W2|SMkEBjpJqXj+F-FY@5p(!+Uoz9OFD_Vd zs*82mgBD(={BE_Bb|T(}dA)-n19M?B3)>&rWlJa_C4dV}h$JqpKG&a1DiU*6bJVa_VoyOHBb#zTaFU}iECjO@doYbZejHszO6}wU(jXT`xnl46iO<7%21vRvxc<2{l-rwmr?z6A2t zvs0%~%3n&o59$Wjp(a*wN03q0id4&4fsu`7FYeGy6q$J3tRv_|^LFaY+wPg^ydORZ zK@rce%1;+S!{DoezksTM)?KQ2Fq6Y1|FTK%YZ^?8Tbc^_HV$+JXq{Oe{twAjDOG2W zCqkO_4tSPi&j~!QLr)CnMPCEl4r|}!?7e56vx)9EoQIQwjS!4{*WV}yo=vDi z?BeV)Nqy`Vjn!kifmn_-op=V`mzA_YXn99JEjMzxe`s}~2hgC~kHCN~zsNNPoDF3+f zH%?pQ?=tFv2xwqcnii}#cUu^(IS!Oqv$gXT)S)()Yjc=uFkZ4IHI_GSvg+C%w&@-+ z!!w&G7Ch{R_k#3T3O8%G<*D>ra*WuD_e|sh?xuTv!3MP5*t^NE6@GE=Y!vWL)rWi( zwv;uxsZ`$9DRz8r0d^n(L$ACzH$Mrlsw_mwdJP|=JN7Qab`Df%ot-ICmj?Ko2{6wZ zqnnn_dhGIm7Q**5k4(c%7eK?F1y(WvXvoe(>p#>;z@~BCF*mNvbX#@lz9Sxgzyp~S zPmArt(imfVw006H4iQM!%^R*@&k5maG3m3p7BLsCdc5~`egkeJg!c5fmSO|IyxQ7V zUn4{CJ0RB{Cy{MmO%8ww80F_6$59;p>bRfNP^ejcoaBC`Fw}E|C_RC9K2=?5R~<|_ zh@`5jUTp2X-tj-kp<`~?9dYtI3!u$oZrH!?@5^5j2O=#fN10z_>`#lSE;wZlcpxuE z_(2#72JFM213;KHC4xB2>c7tuzyw}gBR{14SUs;wQzh>|x$+)~#m0XZ=LYpC^#=*7 zKC)uW*18KfB<{GbQ6t^l)wA}I|1X7KBjzcQwK?gqLj)bY!~GZg0L9)eng6uT!Jg$j z38|i}iFgx(Y9A2P|9Myjuw*$zC-*$q5VMV{b02atmg9ZnC-v@3e07%#uyXW@O(7#B zr-G!5!uoZ`9e!K$T%fnf14AZRsh#&hA2eX+w_iv&vdA+Zms;50$R=4-!4LmYRbtRH zIqGD`vk9sRiENo=`eI+^z?a$K z#RUns@kVt#>31j7gwGNA>LVCM>GPXN)wir;$IXI#e=~y~IDJf-zYM+Kqhs>sLQJxF z-YPEsK^Z`!0-5^>&=}#fP2iYA1We}r^k{6f&xOU>oHNopb1L_!)CxXTUhGOUT$k?f4~k{h-&t+&2Xrl#!Z^Df*x5-r!S~iL!_D(-(ziD^^vR2t5ILCs zjauY{EjX09<>q@(*G?$1pXx$C5oHFl2n&<9^TY3s@@eI_E2%{Hh55l;Xm?- zA)&(2kAtUxYb3ianyH)i$`TMlsIrMT#l4vbiPoBbEH=jxSK<q_#ZE|hy0FJov?dvdn#ROU`1&RlF<2F~*H&YGgLWxjuj5vBt zw?}DK1_TyIVJiDD>-PF0$MZ0cD0~Q;x{yk_2zNCw^-LH%N4twW{$~ zEWZRRuWM21iKk6tcX-w60%LU{^PBoOVp54ImV-Z9hQ3^lzdV^GJ%8GO`!%^IJkqA~ zn~c5DZe!(!;&{IWjuuCwolLR-zO{MdxZ^lN2tHn+cIc*&1-5K@eKFy2Q z&FQG_o2?gEs?KnZiBhy z*Z`dBCHJ!mhtsS)cCdhcU^?6Us$Xn|Dc4a3pv`FV6(aQe-+)gs-4 z8+b?XcMcFYB2WAE4tP)=ENDD45EtL;wZ@z zI1$T9agW)W)Nm~TQy9=@{aqsPHt-6#&v36k`u=EPP9P7*>3&B!@D-;7CR-w2D%FC! zDDd0im(p0$U!|>?tcRb!#ITI;kv%C73Ue2!7V*-HQ(}KGHDC(X8fIZ#J`P(slqwa^ z^Wn81)-$|4sDJ8QCeUed8YKDeQAj{Go#Wi&nX9DtYrf@gj!g`B)YhTodZ|Av8};L# zD2jM4R2uy~;$%Hvmq;vSc=z?$`v$xeEH<{-8JYYNmFt5$VG)LbFE#$@&tH%Tw!TuE z$hOYByu=PS0O9ei^Uh*fI~oq9LdY7DS)|CGR#(x$vi%e-T^=U>F1y3!Hur8f)Ft+X zzdRPx6Hz=CG)7`G=H#oW<*o|lG!qWyBOKhO>ymAEq(N%qK2dY44bFuxlqN@?t2_B% zyuYtwh6DH4%b0^_^OprMuosh4|-{|z$8gbu0JU3 zzlHyi>6Do)Y>I@Q@*}1~8tv_=3JRjKj5ib5{f~5f;w@Cc0|sNtW3hIQXEVIMs{Ehv z!Xj|2{Ll9#n_M*~a1&lJ00FE^Lb@9EPiur{frgG@k?+)3Xa&-CNf{=)09heob-!s4 zZYzKPSZ+;t3PxIC^PSDlFaSTly2@4s|3PU~<~8`13jK9gn)S)X>w*McSB2LD%6c5p z_Go24Yy5A|N|B00@|dR^Ne*oC6uvi01s|T#@Yi;hT>M9VoX1M$rj)z&vh0f#b4|!bd(h| z>FImZN&pYbY)F()d*1kunjmSo z`iXDx-0vH6E`x$CA6i0=QvS|3wGHs{so*BDfeBpjme+T{(b|N0aMQi*5**#B=>RXS zv6+Q6q%)|?Kl}MvxEr!?{V+Un4k7Vb6sWw>gYW0+CCHi+_yVS6!ZACr~ z{|)2+-bm6eTFLJXLxH*eunj2RXJ0Ars}UbiYuJ-6tS~ zB{D3vQK8sDIZw#iUkH-3O>sQK{3zy8|CmXP;6aD3sR$o&)dJ9vhqc9wuuu^~eiMqc z1pz|0R487)+>ttc&(6VP?sNS2QA=pt??K(a@ZN&dDW~2;6Qk#l^+X<(xHRB94Ey6= zm4^4c{+GpAS{ZF|W?Eg^=kw@m{-thKZwx zr;R-0ur05Hkw)p~SbqBh?zPpzA#54_!iC*897G(ot=nzHPI zOED-EQeKMvD$4u8fo6mt4I>_(Hy0Z3 zunI{}atj&%@zX`lnn;QvfA^s(=}R~FtMSwK){^U2cxGWIRQ zkOz#+$N|tW?O5L|Y1ZVc>_ur*(PKJ|vZ$I=zAX)+<7axMUlYq*2|Bc`%9&YH4D)$s zMk!^`G#91>Np__3-@WvHtiFhId~qltEys;F71H$P*=OqrMDzEi;PYbXX!k^o?2yaf zn7S<H{M=d}UB!K63E^l{x+oXqm~|1#D0StCXk$|R)bbG zm$PL*7pj}d{5z0jn`KTZ!X)!ike8%tb91diJTvAk#0~_Ru7ah9S<>9e{PZa=T zT`y^WgavLVYpkTI#LSB{;7%hlx&h-ka~a$NUnO$%I0d>A?YhiAyQ=rdG>vOoG23Nr z2u^e#*>$k&lyMBq<5pqHu^CD{P6X2#>WoAvyX9KdGHh&YOGrNiW#xnhJGF4N)*j4E< z)(g`EaXZgXCT-eyve_5eQO-Npxgj_0feEZU1TyN@17(pyJjveI`k(WNj$UzO6{BQu zEI>P|vsP=r2TbTl#ywKeun>5a zt=|tpY~U?HM%Q7(TfB0mmnJtO2kB-!r7)VDcQYPibR>1<@~mSf%C$DnF(M#WwU|eI z_AX7{Scvq(islL9D?*-WTir_W;neBArB~Y$WV?>5lkFsip~=~t$FJW?lXaBPg3vW~8+uS1Gw*(D4 z&G$NS?6MlZMtiFKg_B~3nU1I2L#7us9Y%2VPby6OeZsPZ+z&ZYdAb_r#a_R&^z{B< z8nKHHu&w?zv|B*!wmDAYijT6ffY!s2#0ZlJpaJe8q>Jc4%Ns+YW#Wmuh{I&>XW~#F zoLl0Y#pL~Dv=^ID)!s94Uwpy=DwH_MI`q|2&MtwPZjPKV0x->p%TrPWC7LT<@A-~p zj5W;iG~6ws=DORi(2GPMGX$lS0{G(j4}ASJ;eFn{6Vn_YE@M_ zur>8e?}QuM+(>;kT8l?=yVThC2I$Mi2&b}ZV^VaGo=4B-J`WCW7OZ92LxPmWBbB81 zvRLvk(JflMY8==CQ$2=dx~z-K3w<>DBUP`cu9SKr8#G?cH^!8{&ylb$TSV@Fu~Llr zet_nub`wSxT1%z&zvDTOm!9v}*8R_*%d%n=rc4*@HSUGTVAR?6SB~C;QsSxT6Rs3} zgnYZPpMNRr6w~t+h=X;Rdw-qP;=8B)!mz@M98x{+>n3~Czf3{-Qb$6E&+AHv=s7oq zz;W?BJJ6WeY;&_jEKr~%7~}RH=4tf;*-=SJaZ0vMf$ljA?%4fnwl|Ku2~qEecRjD)OxOn&xQ3YJDo!wd#FPsC~{ajOExhN z??W1UlJu<*(dAdqrX6ibf<85Du6O4UkDL`Nj>=g=JQ$bswY}=^j@9rVR|m+st%HU*LrF^%aqEmP=!s1T%+i%C^y; zjV+3sMFrW%lTGfHaFZjwtzfdO7Y72GLp&^jXwl7_0JW+WI9@wn0+J>zmP0S55eF7t0^@AlQFG` z92DgI^IY!B0RDJ0PwxcJgDOqp!VpW}qGPbn=lLp1BcJeh>4L(3K5wocAwWa!Lestu z7D>r!A5|&m(*SJ?)0#Mv0}`D-D4I5WA2=m3mgdHR94>Abb9VVAC6XN!Yr4&>`hBNn z-+CB}J_PVk{QzwXsv{{uo7DSY$7bm~qwfQ1ecr8#jt!mBrs5!7x|b=2Y6@0v(*!eU zu6=p;!>{FWmmmPv&ychz&MslU6Lvrk-?2)CR(g4F>Wie@IUeuDI1!eRWP<-ahNp_L zF**QW6~4sk3o4-!NlT4~^y(QzVOM6i4Br;ggHt?}Dl~f<@NSBo@JZuH@K|u3x#ic- z4A6ZC>rXBH**9tFBv(y#MYo80f6|(WYP$5QJWc}%quRhG6QoMuS-9BXVT#O?5A=nu zHqSYg^v69|<$qM~L54r-qG)Lfozi)L9T8Lq=L1$Tn2A~?)oE1<3tQP9gB+>m$ha+1 znD~yg=JsT0NreWin_n!cN*+_9q+*06Rjj`Hqgv$@@rVw%ma`evcxEPxT4Spfoy zJ13z|ygqQ1X$!w-@BA8m50kA;>;52WMDT{?{sWR-y^k~17M#u_+<#E-h$OBHY(`W{U)JOl&Bm!FEymbN{*b%F{|jgzq&F~e*_V9Q zoo$F5^IPs)lx}?M@HMJA{K*gvndS*+#QV=qIU8nO)7X##h3xWifR~27#FEKZ`h$=4 z9&fIj<3v}=7DOv0B$mvYzFn3&(nu(cF^+<);&aWW=WLn<2irtxVk;bfm6MC7z96y1 z8a3N#d##u8b%eIDV(b04iyBX1dsx{7r)5*L2jK{k;O?y9nB%3URX@hu_#O>6(?fHA zC@)c#Bdx~+%)=#i=dS)6f25}U^*YpW5?W`g?b?vlXl%zj{YMy*dE zG?03o^TC>cn&osHJ}-v?LaWI1!n6Dwh{@Zj#GY{c$&U#QCjsxwGh8grxyL(6x#s&N;-G!Fxv4{<;aDE&t;JtXTV~D zUAX{Y+*614xqLrG_OB(3zq(YCmt>SYQyXUuXSgswBEh$@WbP3C zPdj5)gW0_L{VA;%;`li?z~L*McS9GEuY6Vf>F5pH%48xo<9(Rj#W`(}0(#iy-27nz zr=cEWtg^WykliJ5F=?m|ZX%TO{N=kw|8kesO@W#Q+N`C<5+8-5Gm%uH*A|iAexbl^ z7WV?6QSv?*UhnFOrK#dXk>&|Xsmgtj8nzNIG2s?u38Koibd`&zV}L_-w6VX*Tg-&L zvgAF1Q6s+cuHFb$K@s1)9)uBYE1^cN@IkoFSN)>(*~p>cCSn;<`B9cD5pUj_H2zcd zY=iH#S?p)Bjy=j|d@8P{Z@M~P0(;Tss>?}7t_ZH2AM*cUd}Y={UE#bM+4lS|5-PUU z2@E^A$pvtqDt@a0He7(Hw}Tvz3bnc(zHdr7=4vD=tc?-x>L+}{O`^&GSPlZdh|nlX z(qCkJj%3c+5xgmy^})?eYHR9Vi%+^T35nAOa*}6q7%F_LOmzGMZGB$sv0k*V}C?ceo()809UIH5BUpc zIXu6e@g))<=wS{x`y?FCAY^hO{&c@w9otAw2yMun)2Bi75=QT78YVKZ`D{)YdL2xz z$*Q&8mz;)mx!1cA^&*#(6=%(JY=b$Ve$O;Ekn3CnNBOE?pVrDqi8VV4Tl2U3h5t-+ z63MPV-+sAb+^3Hi&G5t+6%(5%tSdTs=~;OX%_jGtAoW!34QAFDo+o1K;E$f4@}-Sb z4FvFv>Q`6` zyt}Yc2tNx#h}i=vUdfk9(0uLSRAD^G_`P+}-k~c=!m<(ve^DcmoX1GX_Oq zi0TlMT>2-Ovexv=iKO8e&pNU*H;J`SEZCtH=~SJ5u}3V>Pd(wD5TrIbhw?w38*HhneP`LSEudmT_Ws*NXK7C6lbb2WeA z7{sIWpk_uX!+kW?W@&PE#CcXJN}i!w$31{_AV!x7&kdiJ5muTNHk=v^w(m5xE5gva zu2-$XAUq~X1RV`K`-XbtyGJyAQ>95JZM}N95$8ttE0hhNwgvYhaMK_Vh-VN}rV>&s>NyaZlr zkOakd!v<=ftO4)5`hN*lK3oEOtRYlvcfP3Yh3``m}w*r2LO;Qrzuq}VoF+Tr0rh;g2+ z5xkJHq5)1y4F$IjxTT=s28A)$%nAtKJr`X9q-_Jw<2D&EC~j+1zq)`kG};z*Kwby^(T=Y!Ot^!YghFn+!#9KN)4Pvy(p*b@0=!h{HvC`K4L0pWn038yBO!p^X6^r4r?r zb3Yx+O@5kW+L}=wz*=A7i`galNk4$n*;XNGTec&x|H2?Dx6~|N3XDqgi zmEzF{sX1vws)yE=F)4d+sVo>v<#-(7Vy2O)*>r1Re##@4sVE}XEi4*4#Vl6n#yw4f zs|Y|;Z1w9{Q+r^5*gyEY-ZQ1O&p~y~Dl1>WjPTtfuJ`Q*Ytr;bFh=0|9$KU&jowmD zE)*Z2k?wZa>MEzdv>X~-+PDTdxp99}B@28e=Nb!VuinExV1pl%+5V>4<62plgOvbJ zU|KqWxuxF1Sf$F6oil3q;&3&?OaATO2-oz>47iYZ%ofH<*bclq4r#*qDfPawsEWHD zst#v@9#cc>?4~Fk_^GN#&d5GWe3=N{Jn|@k6)L9%kbQ=81vh`prR?}R@vPo+es_S4 zTi+-K6=%Rd#Afk7SnTok{~KrSXUQ5XZeiuyeExAz41MVn<%eXak&JY=cWECtTQZYT zM^sQF=wcjR;ck}t)(^vxCExr=McrhJ%q#K*$WY=`)yVnf5h9vU7Dovd$k>Y;NkRGK zmJp0mLM;)Vu)%xGU7o0Qi}IU9h8>I!8u=PykRddv%{xRHDf2%}fGA<#Za}X0R!?3C zf$2i#pxv+n^s%exiz4;DA;6hXxi_$W>Of|v>vQ4F!6E?vEO<<5m zb{l)_f^!ri31+Id*{Ps|I2$s>2Fn}JK|HXlP zU`Ul=Wjx=zHgu4jfRkvwIMQN9$DO6rX;0eVb9RW;ynnIrQw7l++yzT|S)|n~F%&x| zRaOAh7&~X8+TVGxl~yJeI5tFx*xh(qQb(&T(gNrDYTp5`wpW6z#-;cJT_!{hp*#R$MK4trcPzB9 zoz-t$lv5VkFL`VFT=l-!iV;B{QX{>u9sim*EK>1JSLdr5*z6N>uuGSN(Mj7GAb)#k zJ@Ve2d<2=Y58o{)LzjRT@_D(NYhS1j2-qgH>!>Md%j3&g+7h$ED)UxuC?`G zX|B`-+$gm$lel?@^m=>#WeXNbwmb(-RTBS0^CVpPZ$q2Pn0xv4A9759s zc&CJrPTeZ((w zT{~J-R3Y{=ceOP5=>6)_rFipi*;Md`Oh58 zrEYca6sWt~gp^-<5KgB-@_WJaG9S#eb0ESjyoCi&x}Mc=E`^8e;3EUMEeS+q7X6T z=jm50qmt>!%*s+XO1B9#efAB{vZS!AWHW32!PhvoY@k|G@;{h4vp;}$l(EXLZ^C6H zwa-?#j)N`&DO%Z>$EWY0#@HFK^cWvvQKwJKUxn=bQWR$FYvOaur1V<$#&OvF7))+5 zIngT2Oa;gqiNn3^m_~1-KlUyMaOP(9C;yD2hR?UnH`J(#T6L+^dFvd_b#wZ>8WJ_f zvI6wF(RMFTHkn*${fvsgcjMa6QpWFy#i`wW;%$BRTeW(4(`H2mld4*n$zV&G69Hk} zvSlmJ?4?=-h0>N(kw(yp?B^l71BDG8WKjZ!2f@nRVE@&jC?(o z24DX{DQ(Uk{FOTpNlBFVU*1pnI0F2y@%jI=BpFTAlddTp?`bd6Z`pv?_fl*77;oSNw5pY*zYsCUw1N!83J(LhTx-W~V(_nYwE zJDb1pRisu%HJmeX|o+bCL_d z@tqPtb(Zkr1dv;ZdW4xYhFh`IY|YfDaGdiOoKlYz8dCJDNm(tLluRt4C9?aPpGq{R z$2hU3er~nnH)T_sHZC(8vkoEe*N~BeSmUNnK{U5XlDE$1iyB#s-_+1dvvR#f=VWSd zGLupq8M4pFk~yhW!y|pk%NsqC6WOGu;rqDQ#_uIwp#AN6PbR~lEtCRuYEt~eB&Fu@dauIh^jq+Co9N)wMp9) z>ms&J#V9)M#!ea^TVu*cnoek5F)*to%FCx$d;n%goVD0ziV>U)zOuKn>*byR#y!sb z9cMdV=4AC=kINTbFwJLQUWU_EbBNytx!^SvyyY}?Jah8SI-RsqdVEpGVRB3*4wHi3 zdd84=^<2)@VItu9w7K%9Vncc%F_rKuV3~cb6flSpAY4K7wt=c4g4KP;+)Tun>@z@ z$)nx6d2AOc?adz4Sm!Ya&U*~HVAp=iB+3(qq2Vqa4N95Qv4VviGCxFo?qdgl!^WLn z)_j>uCM~g+cOK}3Er-7n9qS@(&I=11ByhA$MriBcfo@S!@G7k|a?3XF+!^D7h50sfXAy72s*FOSRsNtbtnnQ~H<}vxtu09U zw@#J#)f0TLiBye&o~`0HRiZR;BTwBJRH96^Xn$yL3YZwa8vMQV%sMe!Qp8#XBvx_J zV>nRJA;Q^VM(#w)Xbt{2WS7XD2V4)F42jonA2#qPnNJ9Ko@lV&fXrF6ZUL0IdWu}D zr?rl+Y-0LHv&FvHj)gA$L4nU-1w`knu1=D`+H!=$pQ-AE5y$9f4al>+%x!Wa{Fvu< z<0}MmND>Q%*=TAHmFcm4F!FFGis8M#)mZwcB?i%Y2zY&BDjX9sJ9FJ=wtnZ}dG!oZ z(&B+8UV3{sX)H)a-S9kmq3KZm$|vCG)s3ECS={GJq1_yYL!#~!&4{q1nwK7#2FsxjV0c4UCKU0);dkTr? zWh7&rQmOZaKw~}F^Jl(|_w*!I7#P2gKLVSqzrRgkS0f^RTA(g4&HRNM^|s~RccU@} z_u&ZxsVB={2|!&58uU#%bE|fBrn-`SQ)+ZSfqy42)-ioR4}||0Rx_!N9H3^@Mi4Lq z&K{`Ye^&ww2yM=V7g^fUonCQa0(2Re=bBXbQ*Tla^S(yD>jsMPgUp`Ee+q=^y;OqO z6mT>cE{|*}gtV=@rN%@h8H;$xq-yD?&XUbmK)eRhmgU~<9R(SD!o!<`WERjsn2c=~ zyuABc!5o+EOaC>J$Ho_6DqpUGmPGx38p+?5fLt)m^<7(OovyF$RFl^FA+P~|wbL>^ z9r+HA9c>xTw|&#yAI~_F3erdV!@NGh@#i|E_oxalsF!LW%iS^W$40)Bx&W9kK9N)7 z>&eeidDXd}ziKlN8o$N*WqJq~q~#RRqmrc9}bh zLcvob{JY7;{}*3x8P!JDhK=Ix#kD|jXn|ls+v4u-1cy?*xD|JIcXzkq8VD|h(xO2E z#apx|PoL*q-}!!=^Cv57vodRjnb~{a*L_K45eAFkt@7WE0sox@>T^Yb8n(I8N}Ow8 z-kuEy{B5d7|G+-7A2l}EGkl)?2jR-==MjVr>u45`uzjZUg>UMOt#4=wV$gQM#K_I1 z1kMbK)C*cygf9zuAY>wzp0)8?xS>d1@zG_I$ZB)yYo_@ODx%u-WqjauEiZ`Q>t~7# z1@?9wc_G581S5h^xizw31_t`Gs;S%gmG6zOeQwL%8SuIh@QjqucQ~Gv_QJSwOKZD1 z+ks0svul5nvIO3Q=v>akb&z9d&-qsG+H%RFXuS-*0k2K-Wd{%7b*HuWVxq-l**(}z zr?MpH>w3mL2ym745sj_V)w`lD5V6cmkjpRsLGbzD(Ddd4+eGJ*`wb_FD8H~hHA}Vl zBWH>uCu^J@L5gK2};-GkFKFr{(43?C17^d#7;JM zzF7=%cn8`_)0m3Oo6PE5G>k?DDN+6GnR+*6h;P@y#~9-IFjPJ+x6Zl1X2*X>1^)|M z`wu7B(Rn3g0Eu}EjUxe3lT@C!qDf;6W|Ojvha*H(xDnHmR+0irdbNtCrYoEgX?0@n zqO9VH^cY9uF^Jms#l>%}l!h@msVViyr}TrtcT+3nw5Xh%ZDQo|)_~wy7w}91Yn7L} z`<=aM*1#B;%p zChwdS4laS3`z}Rpwj$$C!e1JN}G_khpS~UO;v> zKV};2yuitqlOHJn5>-qarPG?zV^LgR?G?#Z{D|=x@mf*TjrHN;GY-%uR%7QmYfs(` zwAI@%HiUejNBiz2p3v&Hpjjv-tw&;_gwS*eM7Bm;FsT9Gu=@({4?-Ht(MUvM7p?Of zCJ=Q6a@x6wigxC{xRQHjQ&4FH!}De@*e#d|lchDOV3F4bS?XCrK#zR5$2s}b^5hg4 z==c{_K9^<6XR}_>rUBrSaAX#=1vyNzj+&~EDe}!u#=sB&J4@DIs#hEza!Yi)*8(Jp zM`Di^2_Owd*Mm0HD0~Z}nV?u?eShY>Rx4WvR@cjNe;gd~Xnp>&*r6x$fjaK_V~d_PqQrE(U2jB)M2f5RSnwOZb7^3 zCEu0`-PQmw5bwOD(FSr2^;E63y;z9*e6e5oQZlLFx8Gu`cD?(Wx|(F>ud_+r3ANr9 zgU9d=g~y#dPhwcePWj4ex{d2&;v50}yr-(R#NK~babFc$uI{g8!zTiqR%MgEq4#p* zE}h#q_gtVT?&x!@0xMLz&h;D{G#^;0n0M8{V}V*`Eu}v8S8#l*`68M(BMDG+8?4&V z(ppX6@K(DqR>;8RNP96i;&KMs7^>ULU3kp4_eqVRO?$wFyNYFJw7vFk1%7Ogi1?x! zOFgH{y<#r@G4- z$>(}9h+UsY(8WR{_tM{Mu3o8?v_SX~`J(=3)l?=`hf*|zjDd%d>J1v|(co3&x;h9oHl&(FPW-DP3058NOHq!rfdrgPCy>@B8-B1{qEIPdQNGn$% z^+}a!Yf2U9%io?9i}U2%7A$JqHEZV}Ll6IjON{2L(jj;9rjd#T*-C&Fnj0Y0AZc)H zBjD&jRz6-Fb^&=2g`dNt>-r7i?dLYKT^=fgH^**vDsZWg%Hw#5Rkhk{Q)>7f?R5Pd z#+vOPWP+Ap<}ce+9=UcC*jYd1NjLAJUC4Bw)0dswrTc@FuT16a1~7jOw#)Scaq`u);qjx)~B~NTN3te2-0Ozl?b) zL2JtFGdvC;Q_cc0m_E&ckn@M{U=n{n{<9zAUuh<)>$m5pD-!5kZK$PuGB^LZc;fsa z3ftTML`T2rD_n-K{}H<#;e+HkOeefx!sg*{X~nS})50MZPMWn0jBJ;_6n!y1x~xwx z5U=_>#p3;^=d-^r=|eC6QJ7%63Jf>=K=U6T)}U9GFRgA67@2tz1eqpY z`W-U(9%up(7Hc%9f^sD2`6hKnivVV8a5KR?zX6weOYRnN0l#OQ#|_90HfMFP9$rdL z!R?oB@L#gqfumoh+e~%(=d1z+&gq$(UnP<2O-AVxD#t7PJrnz=eXU;A1Ym1<2A!ZhzsLI^r)u@z*=BdPfVRF69;Jv>xns*T@BP*~ z)S|qusPDJKoD!0Ej|GnUQiS;2VxFh)&mx#KjmIlZuEtf9i3RrlU9x^x@aVZ=)~@oA zJP@>dQH~xU+nejZjfNynSAuvt~aqq^L052~RjhwyEG&SqAG~D>*-EPW6HH9pfpr z2L}sy^jf9uRL5g>I9`(4g2j^=i(G$MJ=R5@nO%zp&)JOPCJXi5rTkR5GA(PxiGhN> zP?cZuC`YX~s5LvpK*;tG-Mf zX{XKb&$Y4PP*(j8tX)67$gk7=gTO|32i4{((C$FQ&2?nbRK5Q6AP!X=Eofm_O+lkl zC-g8RNnl%$c`~`IusEr%Y_nJb*HV;=K_C3_RPkm|Sl3DjW#un! z`{Tl}-F=O0#!SXXu8g1YAaoZTCS-WJpWnw#R~00DevXkksJp-AK2JFAmxfXvXRDa{ z%9_srHrtMIvbvYi{A)qu_3MP{T=4=MGapZw6S&4^MTsDeN|vJQmK*q~EuZ+sJI1Cz z>z73Zd^O0EnT(qu+*)Eg9&;-_2%Yfs8RBC|6ozM;s2t?Xe^mfbcfRn-3HdzHjpfb{-QHaqHwM%?UKeX5oNDFue)Jm@0&_@&`T5)&HdH4 zXDMU$D`Zhy9##E)=ma=@j5TWSm$7W~nYZCqc9p7V?2jxw(b(PNvfo!d!>eMw8P;hk zhWe4JHuRC-5w;C6w1+kr8ApZE3wd#>V%2jtojz!Fh|9q9R7MARX+gj-g>1~)^6(c& zMUR&qJ-7vhd`kn>i8gJjS+i~}gT7%VI=`-Zd(a|c@Un4>rI@z-#kzah+>-L)ztmU8 zf#f~SmS?zRBvf}F8zk3OcFtw#=*^J{cm<8ROsYh1%RqpN5F7y+hox{Q(Et%Nmw<|= z3MIE5b_%r``vqFVnrGg}g6`PAuW{!S5Y7^dYuB})A`}i;varv0p93E1h^$pdzdIC5 zBn34AoGVYb;&1Ka6A;-;8A^5JbAPI;Cgc4+Bo3+8A*x=W=&n_trh`dnK0`Xao?JI5 zWZq8_SCv2W&hkRO$^2_b%K6oEuH~uJf4UXu(w>EleSq=JsN4 zZE_S*aXMOgD$Osx zJuwrmA@AKF8@b`J7cie&N~^|NdoijA_j>?LCVzDBxKo*(FqNPa*Jda#i$3W0n}4r0 zE)dF3v1?JLV4sv{d7=H5M@f%efnqp0$ak*@+a7)XKc>%(i8E(&yYBTJ(cPMu$B(b% z1*Y>!pGv@ELz@x|lrt^d!^4e!SfM}`hnu^b_yluI(7`Jkr|XTBlCG;;!E_r`>x$OY zNeuD;?u`t~BxjreI_;#rm=g|)q&AakfkMy)wJFH50O81p7VI_A!)BkTwfo|@!*STN zc8sPPZ97`xF4;iQ>8T*a_-_68qfNXGYAEP>^!whCTS6fG>biKWr#8*!cSm#h;mT03 zIGwA-OnL$PwCBfnqXFFOS+OG8uencc=*K8(C<()1k&o)!+8`9I`2EMARv|7;oAt&l zQ=0XwfVVe57LYaKsKIs-%cEoikMF@QUP&gbTJ0C3wz5L@@8)yZb9}c zYmpBn$OM-_Q&XmVeKi^oe#KWwD%5{e_HFg?d>fZG_M}tx}9O6&qw6 zFDmxzS4&8W^~cS_H~^EJK$!`WJR_k&-QyWBh8dE!#zB$Naye#3%z@mrLbCF!nqe#g zF9N;Q-GW!wW5BniAmWhiG&k!!R|41HB{SsdPB}rS>$NJZUGHK%5$O*;ISe>++X$#K z%nFz}&)Bc-t`NXCGedp~8L8*y4E8&wF}ppAyI=MMxGf<`Uiq0RLYLkMds+_MV;%S3 z>9)RFA!e_oytd1yUnxhN8l%SgWybMUCc!E)^lOJq@5}9pCBh0KxNL(%i}L%O5`}gK zm-+eT@33Fx2rn@j*}LhvVu;l{oEfN8EZ~*`{3yN2YH&Xjnm-6k3srvK7%X)se_)Z- zV1{$aDNUi0*Zo1Dmb$GrB3&k`39CKIGh!dj-b8fN10p{q|6M32kA_Hp@k5I)y^||Q z?Br4D;HJZblZ-`EUQ21}q8FvBGmWkM!v8=)hq3$TbM4e!zqf42XI~|zrxnLuDAoZj z!yPaW)xENvEUon&B`TRiET`)bII5J#O>(|mwKa_VvXbFHJ36gun~W_#Jm2gM5KL6V z+=C=5lzTH*Xud2-+JxusHuB_|r=d=sjV_kN`PC$tT@*cDC5#O^k#NRo%Ds875~0H5 zn9sLyke7V}L#Y@A2>9m=<+MEqx^5s+rT1%3Y?Ms1dNqs7zHbt)%nxulx`FwYlY3vv z-|A{b#I8hZ=4D@L&kj?xxUvRF^ayBLWk0-N|6LI|7?YCRcEon8lArG43k*B-3RUY> zGx+*sJ~~9Q808W}8&RJZ`6b1WmZpv=eqfq8@IUQFjd_FkvgmCUv`tm4+WS-!VxRA; zb-uYvI4dhYLw#!tZIKnr2Eyhc*73f4ZtEra|DS`~Nwk3vYflm%{@+ZCf8r_`^q_Wb z40`vT8A_No7paNjm3AQ7|(jy z-k40mysyWOA&QiC_f|J56~Sm=+q2^`L8X<`8HedUs0|d-7Rlrwu7L#1fX6X{mFYk0 zhchNdU?~g?W9l}78${K90q(u@UIIo5e4-F17RU{gf~NHvj)`>Fw^dQ?cDlD+Joj4= zvdlSnd30=c1LZ>_u$l3_%szj<@Ay*t^Vq@kxGB$F=GLQg6~oY$ z8N2tJOmDMna0_F8mM})>A>)ABd*pX!((BZ%mqYsdHW?XCM*7fZ|9~KG9JVZdD%ZCv zlV~)#oVGj!-a&VYGbv}FX|y?roi`-L>Fv99!b_VrrKu|zowrakr)cBl<%IcYJXa}t zI28Aa6elNlziyi601|5_3i=|>)WLwV%gmpzw0k`%0z~w5ZY&(}3tKC<@-zRnhyBv} z>Lt6X&`(GtJ_Co7B)N-u?wF5dCGU8%zs_bj>iR(IxGAtszNZ%}AUI8?Zq8)G9*W z^izaoR)FvAQgtSx3yaAL$^~$+K9s7-Cpb-jIarffJ^W;|ks?#W&5(FDzSCNjhF8oi z+MN7HUgz(%-+@JAh2Z!_D3blii(8xX$;l;eW9W#mrn_mV?KPLCcv{lTh;MCs*Uz)$CsEDGF4_w~n6L ztY1~%3lh&K$#+XgFuJ}MX3b6?lgqobA~e}~&%dGb`IKxtrwyhXxz@D8o0a>mAAx!Q zAOo8<8RfTPA_CeyVnH&dD(njR!eXpgwXDcTu zBOe~zy2$p6jvad1u_+~nBxeJ9(#Tc?-yejNE#NC4=WLmj-_XPfyyXb|8LoiJEq)lc zoUMxnPJX+D3srCoD^Ab|5Tj0P?=y6{x5gWndmu8MmgMRw3>1gYjvfT~m?qBrG zTPh{Kl_tc2`Wjm5Hx}}?_rgZ?AKPkR_vJ?IA3NAZ8Kc!ZqG@kQMHElpKh|xRh6KVJ zPQ&ANPi*gIAx)r7k6BH@e2GK<@?;b^krL;h(&etY_7#UJPRZ}Ujy*eqy45Z*j) zK-Bv$I87>c5<84z&bDx&O_Ft#LBq4UC0Jr&vMtTbasb0`@SA-8(+pP}^i*-Qp_6o< z>G*QyOOWp;wpmU^<(Y{1T3wk#a_~o2rjEsc-i2ME4N?H?r!wtjGC7I$TkSO`u7z}+ zyc%r8&RN~oZ)%sr%}NXMDTX8~&N^-q7c9-N1$lUUJ7II4hvTKz7m3k-65W0bPHi8R z4o$zLa6kR0S9}~8@zuO#mAk-b{pwtI(OCW0Dq;4m(Sl7I`K)VPQx3fhNj?7G<=?9fR}HPfD%}xfQ*~JmRK|4Jb;pTG zvC=-jT150R5;A1m-rHK6zCn#l(^Mg2rsV$i+(1)aaA#B<+U`q{t`0Kfezh#n{hicd zg;v)O6#MbWT)lFChnCQSDG!HumAzCarD~)p;yYUkOefw2e*Kn)O%HfxEiIcTV@H zP>PLC%Vz=22^`oSgQLbsG5gSMXqC#2Dyek~y!o*tHgxZ9vIM^v#jUT6(>RmJs_p^ ztsV0oGsa^J%*Tmj)fb;fPIb^lP*fvM1u#))C5+$%zmZ{jVj|>pK(*aDMem-FSy~+_-Xjo?RQkZ~NhpInEWsAZrr=w)g#ex2&56b@m0juk8w8OkC*HU{-$@etxT*p+SsOH^nBR{-d~5J*rAi znS{2dyv%J)kgVsOa;_FkB(g+E+?=IkMb|PK)_ZV4jk^JnDH+T9;>-^T=d7mXxvVR-{s75?u@>B3=>v7koc) z48(+n3rnyxr@K3*zd-H`z|IaKtS0m^ZZ#m2sj86~180|=UL6yN`^&e`k&cy>XY6@y z!sDTv(HaJY?rzj}aaWIBIr`ti^s9{4_FSshK{)$PCsKJ8c7gl&Hy+cjtL=Lu^pfb~ zlP(9#Cr$hL(u}MwT&b{bl-A^74|Ad=1V-&1PQio? zsgivgopQhwAh%>ba;HA_dRhn|lw8VR+F1qPm*ErW<^p9>;64XAo;+Hy#fA$4ANR%$N$Ft!&WK(F0$0D0}g;C|U@q|4v|J%OV->>e|thx`qo5TxXOL+V# zAQmGri+_8`6u}qIyleGb0JlQMzn4#_Xu1D`u(;V4pzr&XPxfOqaL07f@7a_~+)wj+ zVnU}h^8P4g!#VU;^zok#d&wA}EiQ(NiX7a&t!x3+@vLO3P#gMb-SS9-u9_Hph5X_- zknbpfFcgLE0>MxIiu3(w{`)#lcs_=!tAPj4ws@k2Xd9a{%JWx#-*7IiRh0lH(5tJA z5ZhmW5KeEr)K?;x!_(haQil1Z!_nUL=c7Lel4S#yFMZ@s;NNB^pVGE9w+AY%%j|x& zQ)DK5dj3vV@5eqd876EZxkkC8;dh;Q|9u2+(sWX-H<#FwU)TnUUO$xmva_L>4zGr9DjRUo`OwG$2k1E_W z9%91G`i7*0Fqy{G)f0-81{1qG^1Dl(3x0=W4$mf=bo)#F3gaZ^N5(OMI>Ty7`PZCPX^z#mCMUKv6+PfY8kxq; zg?pcEe#c9^3_7GK#JKkKgB;dE>P45UsQ}C>_s0w~2gc@PfBybpU*#EN6%^*L#H||& zjkiswIim;NaDIw%s~UP!ZO~Wier3rD#^#V$jSEwb{>Tu|`fF1SUAWB9#lvJ2A2b!6 zCnIFY0SNo1usUcLEi;AMI`@_LKL7j&tdL(yYyKt9=-Y^jqF8p0{%`>^)|192mZ5>G{2%Qvdv|GE_x6p>{~){x z?d8zH4~f08wX&HVI$qwR_-ZUvIE`r@vYV0yuQ(xgE>ly}E%$oV(4gMLKL`PE&lXpv zcqF)a3EZ#{0g%G!&Izvv%VsyP2hv^OHRmZrn}gZEY`N&GOfkXf>r85Bv^qen3#xS0 zA;!xT&#y;vfi=y`F=o&>NP&h5F^&B_YU#2lst^^i^IVg$%egBAweu(L&9cPqQ)H%< zYSbTdxjucJSGL&N_0>q@AvU6fQs~7$1J`Pw_U)&US6=s1f1(5g10%gd1KB@MDB@i~ zemy1q3uIh;7u`)Pp({(>&Lfwb_^nr3a~EPns3}D58o$Z+fKjC>%3PvBP;PDau2}N^ z^84g#k$lLo?iJQ}ksHM~`T z;kE>Tp4Dyc3;shW3Yoo6MS~F|pZieo>2KgNq#(4wTTJoGCP>kwk`{9+S%U|GcX zz{cIO0tTS9B`amXbb=MGg2m=5Gbc-Ly=yHZObKf!x5M3PEK{+(0x#OU@|ds~DO1>Y z9XN67)8O1`ra-~>Wv>jD{4`23iBqS#-0M_4ugvUfe@JF70coOc zd1|#2%#hIEkV(4B6TWanWGmWuiYw;3m>JQKR~^}7tS{%A0v<7ym9NV^Ub~Ox4U?qh z5^?TeR`?`veEZtV4*9n%4AkGU-PtmiXw^?-pJhryMvKM zI(bqkhV|0st$bN8^ZXscj;6=rRYTl)7>Kvadzng$iwE36Q3q?S}R zaTNY8fR-McyDUbJInNe+z?+EW^24XorcIFI4?=DNNi8ji=K~w_vbrd1Wqv=0?Q-&# zSy#SWy8)itjQ4O=p>eo&x@u0dr1)qQrU|`EI$VtPufs1q4PFoWhFwepE&Di=8GT?G zjsNt5(dZzA5rk|i6uv0&%|gaQG3#7i1RobPp^2;)6t*t0GQ){F~>aH=v(blSF- zEEW6ij)lVBt!Z;4^KjC7LxB+#sdVy^CNTLYx&mA7vqEHM*%yQBNbpcf_FB2S$0)DY z(c%e;CdN3*>G;_A@DmB00j!O+t@(C|r{qoe3 zKW^-keuJpeI*+I?S+&dT($cS85UXKcx{Y?G3fpR*g3Rc#y=Q1f^QGcav!aLdKJfyc z45I~5kFKgIUT6A8Z)cRuN`TqhVjQ$5keAb#%8P;2_t0^Kf?@Ch_D77&c*_-KI zSqQDunsxoQ3tZun6krsggdaM(R-fHgpFM_!D`7rXk}Ssh3c89MH9gJXvn*my-9SYV z(oHw-SOzSW=US1LI(fg9kSvd~T9?9N)(+u)JU%~nB;_#Hda|f!u@kUS)Ye+CuDF)8 zm-$e!T1%*wtKGs?4!Y35$rAa<{>+kQ5FN_#53FL5RVaLI6l6VEmI}jsgC{31#G@c) zQ4V5R<)|cMe%ZBt6C=*`=D(W|jbwglNrQ8<9u+WQeVbQMg~nY%Mm@MW>TfGwG)7MH zq$LL9bboW2%~2kFUrKXa=%$$8TlV-KbMO|3Qs%F<@ty(m^FLTq z$(}#E#Kn;t$FGU{=xbJF+cdpzpq_uV5;*dK2zdc+Wl>b?PGS|mSYQ2&uOXxGd8*EB zw0~@alcuGMy{r>s`!1KDS^jnm469c%mK_e?@y`5P;uo1 zFFHQuvs}4+U+huN<+_(xmKc-Re%|`qU%L+`utD=eDo;@-BomDo6*~q101gJQC<3yi zJknK8EhtNnb#r$9xVi&gI)CkU*I1LAbigPr-qnFyG6bMZAqcF0ZISJq%ab=SNj*48U4zc1GgFnAwihvD266byNdj|LKO&S>jM55C{|DnkCh`Uz@u4HrtkOy^P= z1-KfBqQU|%9-|ZVcU;Xku>8xxyZO;n^avVXwH7++qsvPGFs&BINfsMw#h$S7X!_fAA6|e)V>YEt0lmc} z#d@&t6zb4Jqx;+uj$5;ivdVxeWLx4!yJS{>`OWKmorl+t5}ita0l82Sw!IqtAMWGx zl*6DW%;$GshYc5NP3*|i2UIdexT38_+0Va<(^FHVB!S5V1bA*3+hh6OVdTR9|26aAp$%--u0TD6KBE20s=pg2rpk_PG~7wIQ&kSOS| zcS2`S6jUuBfxQNsq9TNctZ8^X&07tPf+{7Ek!@aT%m%tt9mwT7G zgm)>^7f`HT?Y`b&s5;3vU>#M;$O-*4rfA{%sM;XZ$qYKJmKO@LT z-9U^s;a_xeEo<$(1UOJ}gwLL5GVcB1K5ITX$A~@&l?!$~pLlxEDWf>1{aa{6p(<{XccTM#m4$;it;tm*?!lMUV zp%2J2j`#*nZ})v%6MOU}FYVAcn^Q2o25vlZ!oAs`Ddh7fvG@kLO<+kfpqhApg(u`S zI090IJZxiQ_-czFf7J-4YMyQWHPfg2mzh}gdh7|1O!lPk4?SzL3#wPqS>%Q5h6s^~cd#>+q{ak1MOD55)wv70{m2cwK^?ox(4Hm~5DN{L@OK$s> z&}nr@dPxD7thhnEUmNwEJ@Ef;cwd#B3e5L-4NUm-2SHhdAOE|EYk1=%TuyvVz>B~B zFNft{x3&Kfqc4!iH6Ex&YelN4f57XhH%&2WXh>EKGcSL%$boQ9kFuS~sXZy*>SkHb z@=7KS+rx$$wP{;24LBHZfb&sX}mM4PZs-2Zs-*j&r|$bk~Td2Qd=Z$&rZkEJ3HufHC1 zUtKd4h>5<(`~g`-N?3f6kx2T5>n#H~pbI6^-1g@XF@+qbTyAge3Wa%-1@KiMOU-@k zlXGl9GQQip09h-F?UF*b4rKNvlyFYrF(JmG&&=;jj2XXjP*akvuRjR<-I)BRo{RWT zJ!d-wSI-grPd&#uxnCZF&Vz!*hov)umFi&V4cz{~5)s!x>P8&#X`XX{bH;I+vbL|@ z6olvLjN&IMDTR^~U%I?~b`DL=CkKo94_pkqh!D!l#N%A*Na4v^bKw6~o5%-h!9haF ztUKoCDqTK@P~UgNShCTPKIqzrq;p)>jzeNIZCVeRvhaLJjq-8n z(d+t9I|pWFJK5w57OrZTaWp1z zPF>pk^QDo}a*-r#{?F!z@>L- zQ9BOE(RrsNb+Npf(shcdDvBu(~{Py7MBb%I#PGusUlc=^J>@3 z0z4F&&MQ^Xuh}SoW1o_nnPO3X3J@d`L{Vro(4a*i2w>?7(SuQ|V)vZ;qYn!hCACIh z5ZqwW57jT6?)hxaML3Acto5K%u7WUD#Ik<-oqtgRC$NrVE^=7Egv;~VNA46e^JA+q zRFaZkl#iFRr*pxDcR~AV^Fm%UJIT5lBQxQ~a1Yo2+CeiOwV^d1v*TnBl^gg^PSC#S z=@s37aKfEe>BiPIXr75*1RCQI>0Y3ETR?3WVV5Y-#ZtMPdb0XDFEJ`%#N(xpwBNl! zGM>U|1TXL2iI&%lh*CcD!T3Fv!E6*fW0ff^ zq0rM|$O*1tSZTL$UZEm}shz%$5hrv(>yR6sUDcxSXIi5!)2Ulc;f9ko-@v^|Z}ISS z@py{g$&V1AQrqmM+$=lLWZl3JH0!Qdbi2utuJj6M2$EtAB;WYT`ODj^TiN&Nt;ei$ zs0#Uk-er#@eDcQp_MrCniH5hzfk(N!Cn7riWNjXFw{EMa8DdnR$?+SQct7*?J!S4I z;6#e9jN4ofYW#?VCNdJ#{MO&)2`q;X3mL2anEc5Iwh@mvA2#@vR&mdC=t;rVHk~JT zf689*7|GgHEkBIq85|E>*oeU1Y22=FEs`Rv%}C*Cfmp-mo$=wSjvq|OVtW$f?J zFPAFFuh(Ze3>j4f5JgQ?iBm=np$Wmnqs;=7Dc_S@n%2N&6`5JamFa<;g^ZnXSWaLo zX|vI>Nw2XQ;ty4RyFGdw4&~1pOIe|@fknf5RV0xNXb#mvyY3% z4z`poc#r?;a+scybA2bOC*+c-)2^Lc#_2HWU}dGHED>I{dwc*n|9Y2d{~1ftY)aLJ z@5E_@B|E5yH}z2q5dFks@d~rw%_J?$oUKh;S)xH}{*D#X3bRCR++tAM!B=d(Lh}=G zD74{V#f*fRVw6p)Cf_A-fnfG)JBA#i+q0}NqFsupR{}4ado$ajLUDTTH(?%@XCKw4 z?SCcMvZ*u1A22IxjU#$xl-Sn8i-?0?HHK2Apm|6X(p1TR# zy3gFyfz3-@XTOh*+t$`EG}g_+tf3cZPC^|0gD|DrBZ5xexbBM;v5}%~u;8^Yn37#l zN-qdD3&@f~$#oVBWNG;i6{wa?U6OwX-tBxS2+&LJDtj;BsJq~x7px7#5zf^eMhRzY zAvWi?WH!zt>hWRALFY}V=*q3wGv4|ZRLfL4XW!5gW_pyDMk}*`8q$%>$Bol9KE^vB8|1+ znhrOOQOD&*5>GqTnq`&c5_YE+z0u&3;bRFvn20V{^M}g{wau!po8ljR@pY|2S&STq z93l4YhVS3Kp)0pXtN~YfZYAJG8|be8j*g?FnV2*@>iGJ@*O{(2%h2-Mc z=d1^U5NFRo$-~qaIz@wdwro{<6D%1ExXL=k-=qmY^AmHW*dO}_Ae}>JV0Tx(;(l9@ z0>PI394r|A#>!t7#_}33N$oIeaGkQjzREa6uS){njJr~h-e2yt5o_eOT?$!m?hb3V zzx=R-stuB<$Le!2a6&&8kpwB0h+;R?WhdHXQ@i%ba-gzmAVC?P zN|1(qi+N-{VgU)BR~`&?bH7qP1hh=n3`Bdp{@}}$pdptK5saUdaxwtra!ob~>4owh zW-Wp>botysDKio!oGBi2c*A-#4ER{I8~5E8#D_BavY=~tW{)Y~n3wg}w` zB*gva+(*pTVq%Z?>>>Jj$lZJhY&`S+ zgYZL94dqU@>mlFlF14_BRFi_b+M*Px3t= z!q7ao*)F)X(Z65dMo0hmU;eLwU&enQ(*Igp2uV;5Q8#SS^QD1t-gGl*M|woY2~1i= z3hMLFh`h3mu$GtDfPpANf1dljaR$?O)bJ?3yIt|es?6=$;ZPu5qsuB&Y?S}NE3087 zT2E-lA!9OR&7PaCC<@I>G6}MYoXm`fXo-#d2f?Pb2Oe6Kwv zX9sR*R9;`iDu*a&%>R+o((U2pzu@ah6w|ES@U`zH#V#=teQuS*^CFo7lpan8A8ZjdZ@1Slf`mRo^S!+u#{n-?Fr$4M7WL}6zF6z91^+hSqy$eBW9+_JN?m4S9V<+Cr8f(*QHfSKS^ z0@4g$Qp@J6mY&`oOc?zw)qopPur^02DBUZNoH= zf9jBCOusxythF%~?X*0N)HE%nw`xY8=;kz+54OKo6wYQu+>S}XEwm(El*+_B4rSgW z;IzxrOp6I3?PeqENOL1q{3NERyd-Wh`-sk>f$l|=0yuM~Iz}^C(+K{EVW8frqn-6>c zlw0SaEW@}a;3J+4ODxG7=(?H3JX&6jiur!ADyJY+*V1ndYur**$^!SreO-X?)3yEO z7yb^-Nf4R^Qs0%03+S@36(VJjB65i;!){h*iI)q0jxkNs4xfZ}Fkm_ewKavU8E>KQ z3QQbP$~#AhCaHNR4l#7ysU zz9X1p;&%W6(*!AedRVIkXNFZRcgi#CUfVDxwF$!KD#Wn9X#3ytwh>CVmzcJeGx=pX zGKmAlkLCavMS)B|*`X%m6!+BBVU>_!lrp@v9-1C0NyYvNQAyOxaIf6rJutNc+wX)t zSeZw|V9QJqXtCCN8Tz{=Rf2rTFe%@oTRXV1F+C}JjoKo+pD6pKx*BhYkvV641?D>v z6p1B%KAhA!TCD7Mxi;i^6rd5g=qPzWld>r$7XfkWpuGdn$eXDJ{A2iaE_BJiM&%np zfaH_@+P4Y!YR2vNQ#$hs+=({QL+PAG@CFznb83=|F}9ojS4Q!7Py^x0S&4|NjV7D; zF-Oc|5iIJiEQ8Y@k>hhG>`MIZg@J#_soq#Qar*5LFv!c5|RsOl%$0!#e+nY9$$ESdE+hi ztvJVjumgyE{#6--$c)&fAX#-)vxtGFz7Tw(>eJ}fMR{y6yfz-~)_9Nz*63~A-!xx~ zqRIE~G=(8$o-zOmloc7!pzPmxYHb!09lZC=#UxErj1%Y`WEo!=e5Y0NzjvL_Pj7+; zV0O>U&RJ&W^LoEZQT?L|6}E%k!p9;m4w8s& zJbjzrC?-*b!-pmgBeDkBa6`R$hXU|etC{gd7m~WUa`5~6(N8Ldi!&8*b66DT6K$PT zp>X?!bv|0P~ubK~Fv+l$xng4-W*Xwn@Q{p1qxNy zp(5G!kQx%|OCV_k#1`%$b?W@4JyTj0dD`X3n=DSw$hL&m69UGB^>^j%swI`S!DH^Z zcYh9A=kvjf()1g(`&1SX3jqxtTfu)0otPg2sgL}-WmwJbiS7l5%>zkZ-6VZ(o{TIS>=HoXNvDy8_Ib9Bt3%(O$)>FoKB=jK$8@FN4$bB70GHEx_WH z6Eq}JJ_S|#W8FCN2SV~E?zDBLwRu)C7Durz!vXBcTxu-eO-YWv5-MB9NP+9qWot$S zhOFF~KL^p+sQvm-F|}jR#>CX*XeXG3MxKJ7Y;bOq2i-N`IR98MI@YGLr-5=|`y1s| z&>tDyjo*JmDrO9juH^%JPQym&q25>|)uW(HVk^$l;8}&Wy!$;d#p;si>H)Dd8?RUU z5Fr!cs!yjs7j&DE4mDW|q~i_exG@-G5ltrP_9ks9v5)ENE@%eU@U9l%OQ-p{gREl&81@HJo12Btjgo$T^iMI_*B;Xg%lP2>z@AIPml?LR zW!ihDGgFoI8>LWoyj(;O**B+mba~0tsuQXxShl%sqRR}$X%KzpfYA2Qg0i?N3QkbC zleWakG+RF+LR4<`MC5-uQ*_n-Xvq=)tLQw1PP@drM~t&D&><>wKr%}_4h6nE1 zbZuV$dO%f&$!RK0z}E`TvsR{PIf5zRHWrZR^3iV?a!PZ<;)wTloGI)4A{yFcetd2* z*lrFZl7|6V>U&x3_SGw|dtn-ak$LWmqLVbT zfH6L?eOKW54p-l;D!BasAO4mKNGIV}hX?3r=cFi&4rV4lUAG!4nny?5HD zxqFxU9G|HTp#G9CDDi*#^76%2?2tx51a2)?HfR^Fx$A6m5bBzHS!CFVZEt%D1NQ6B zI>L0ty19O~q?>;QltqA@k;o;E4dz;V#UjW7_ZoCnEj8bS&ISn>Pmf_93`u5ko&AXH*M_>0v)mxdU7PUJ~ZFlQxp z1JkX$j*2jnDi>uIxMrPw<0<6DXbo~NEl4O%84!?E8gdX!Nss+Txw2=J1>AOox~rC6 z{grlaB$q7Dk3d zI?NO}=uYp?!Ym!0@iqFWDaVT$l{+*hdcc8*i_#W!VeqYmyJlY4(QB;%t}2 zT)uHVw)M%WEL7nd!gjjbz zimgxMp~GmJcT)d11$gnaEHkPZ0$IFH z=r;t-eb=Yv^)-3*HTk061%C+|$ABF_T?SId-I}{85W;NF#(aWQDH@y!D22sEv(tn5 z=sIxkmXRtIrb(mLQPxV`Kt)idz8lRj3m zPLU5lv-vC@ecP*R(qB^OtTrF!v7cBEo>ZgG&{22aX#M^AQ-3lQ({S)g$FZM!SdvPo zUoh);qkpf(?haAwK7~C3y$+J&{EZR|s5=vR8~DZV75Tv)^Hd+NeeCINp3bxWgvv2> z6uvxLKxBx?73`K@ZRx6Fg1*_(k_YjCl1XTH5?)KMXSwEs$ValoqlQ6=q#~Cy^Eg}{ zh$|HNr{`Z6o2nTYdf`gfjSkOZ4|j&*>ac`+U!AN$P7`;&C2pAneOW+JOS10KGa*7;1--OH_&JMx1$ZOLzx7RSE=0jTFSyON!`(r~;D+M;n$GxMDyIpNx@ zBS4Cj<|vWc(3)ct%stTWsyXef2+5Er&WDZpZH@>u!w9?XNYQ)!^unkvQgNXj)fthP zR>kO=AB9^e`Ei73OLZsA90zN|o6x9S!lNW#(bw~8wntUQK*oV#g8SkFS&K3vN&Ei< zA1Xs>BmR7{G2vD07NDy6)xdThg6Nz_;ugFmd&c~k{@p~&C&oFuy7a{~7@bKqm|ln& z96n`&MC=d0%mo}iz_PtY!&RG8ABlT>Be7osB-w*REBapfJ4H$sEEiWbE(skhk%GNU z11f`%4o-(*WleQuk_H25%g~{8lqAvoI(jOh5o9Cr%F|B=XT`Bd%sYzjD4SW8E?w3D9{r-k z_Ga}?4!%3V+K=`7=t%g6XoY%-8To)e^?~RDk{4b;cl8Kaqa2ud;@X` z^I|fJ53h8l3@b)z91L!-y9`Ah`s5gtto^!z!y~|r`Sy;MbJFn#czF-_$A<=g@GH&0 zv|CC{^M%R;SsUMF0;RE6qgd;dCS0Xg-dN?HiK7A$2#g^qMf9IOuF}eftBY&fP2a*a z`S|P1ILDBQjX?Q9VbV-^^1F*8t4+Z!kP3{~En`OD3Sep1jZ`)J%X_B&`&nCxScm9(w zYSM5O?w#;^;Uv1IaeZ(rb-j+c%vY>GD}1sdfn({>^&&GAg0*8;dnV;H1 zCUZc-R?H##`>QOYWkE}d($_Stj5+gz3f!enaxz~@2#V^br+9w7%;#YcoE%=9VW9x7 zF-9Ro@U&YNX)mJYWU>>FqTjsuM?uT0kLZREag)2lOse%-=eSe5~<>x6n$)LB9 z6gttrvYJz6{lGi2)TS`GGnc9E9rt|ysR;d8t5_c-<)Q1^x*P#$odWA0<%u^qOhkI2paINne+MUI&kGWJ@M> z3u2F=-|P`d=185@M<32;8p-Y&#KnH>v~a~YGBqz#xdUUw5ze|vGFUULl7)z8cTxWv zdIk3agqQw+rl?mC>-NA1&o|_+?0#4voxDMextB*+H_AZXozBtNDOJqrH(SFIhYX5;Bh2C zO(UkaUQ-<6xtd>RZ1Ms<)s_AGghHlr$)e9Oo~Boh_50&eos2j7wVO5E`2RHBI#Hmn zmDW&5v=oB{0?cW&q*(2-X5$k|Cl_INt9-=t(2@+N@K>v8kj+M`7y$5vho^p&wPgy+ z%R`;}28;SdZfwt{+FbDZ4Vs2w%tjA)`7%OYC47?m0*rfq(J{}zH}(DCwRctLHXW!{ zC%TM3*3v7!?L`^qOd9WuS-xOualx2;apRS~N@Kz|^&u!pu92l5XYJN=RJ-SM{TtYl zCN0l?*k78K*=p9!GfrjRm2HX$k~8^c;Ov2ZPv-K8iSm1<@ok<*t3;;&Yp=C$uhz-v zdJPEk0oDD^qVY#UB>L-*F+-Jl1R3wsGDsg$y(CxhVUPi=;oHvsd0-A_z#86_;R0y( zULN;eKTf)Hy%oA$r*ONXh4O3p2~B=(Nwc3i)JD41`KP-tSLbgUIp_g$xbKAYJol4} z{r`N;TTN?mLeEF#gxE(Z4bH^v_X|cx9rT{8!YK=`2pxa<);~RPnXS32chJMcpW`o3 zRe&d~>$I|Mp8Dguo0hJVue-6irL?3p>%rngE7kQy@H+wRp0gf zrO3{o47nG7iWYWXJUpTVFCJP^_Vgm7whp>!o!JLf6D`r80*VaF+Y)d^iGTu2Kc5AJ zKN3(nDnKX?+i3o} z4CgCQzh~CLx-XG40$MCak_Ju~_~K`mofGf30RH_RSYukfiUR}0{LM=y{hjv-l|3-y%Sy9iNRV$oV!KUGQ9h!>@R#8l(~}45ERE)=04e33!_%c0 z0s^R?v`XdSef%0?4HtjRKkLv<&*&Ixx*7`o)wwA9)f_UM7Sq+(uFC%cHp}%|ttG8R zaitd{hgjSmSBqj#vF*VYHfDm9DeP^FZ8AJ9B(X>y3T#El@JaK#XO*9AV%K?<=?vJL z=j@1B!#iH5ZERtOtm064u((HAWm!AvC$5#x*7w3}V4_DCi$5a>vQcdt`GsU(6@JE! z;e*`3^$WBs-afO?534l&;d^rIn<)?sP9`j?fXAm-{#*jeL*5`0_32%!dEEq%S!cMH z{xfX#L3=mLIYzBKdeha0r4}w%tdx2NGg}#H`rOFc<*ypOB7MVg=hjp9D<`f096&^d zll4cVteYxm1g7DXdvZI?Jx(qmVp62AhIC822p(-r*Eq4Nbx2++Memn635(O}d~G*v zm2_??Fv*40bf{@KmT;FZ9ve#=h~|a)x6;eTg++wm+vnhJL!vW5D->;KhtuhUNCKP% zGoU82bZ`f;Mas^ji2dwsm;A;Yg@w$En7dr_7Y$gm(*a)8C7nU*PoeC_3^iyCH(uZ&qS0R6xi3p)ovxW2=Eli_Zvd2w3pER+@VD&wHDv&wdeRMoi?A z3L{VW^#_BF_Wvx8FEL-_Hk<}Z9|<*_AVoht(qq6gvqX%YF^H{$;cge(zy zi$18xC3ZIWRu9;BdS1TtE}oe?uGrJ0n9*X`kFZZA0st27E7zq zuR7s#qO8f`q|@gb^TSAZ1|dAwsj#g!Hy{JyYHr;ytm^U> zXC=BANDixji#5te$Yq-G&Rlpe=O6Sxd8cWxN^LLb!(7IE>4{42q)2a#oXH?NSDd-7 zL5ZD$fh!D#A89b~;1c7!6tytQS0((29D2B7F3)S#V=^Q%V|29A;*$zY$q#7G`5iO9@ac;22%Qw9 z2u0OYi86T28|+r7D?4GAQ>nmR-Ap6Op03%`mCucF8rYZfLx|Nf5ld?KsvegcHR_Jb zh?ejFQ7~6rqwlhsO(4X{Gq{yb;~kb(R}UwcRq^S$eRHQ#|Maq@Guh5g!!nt<6xM62 z%_zn^iE=kDre3{QP4M&d5suEf4E4?#_KsViR{^DE=2)PPd%b$lAwtC8glckynT4lJqt@T*g#w@J7CiHU5`MZB@P5uN)w&WIM_vGp>l{F?{zmC;gu8_)is#a>0W!UR z6*f2gQRe+5p)BZBf!3-UP#y^U-psL>@ZJi}W#$d!@p zsT|p&>_KW^+wz^;9x@5|U|R~mZ-o8ay+$EFF>`#*9s`+i5PC}5Y$Hd`RjTB=$=wSS zut{nu{aPmjM*LGOWvIZB)+L`R{aowIvIbNDWX<|-;~to|D=C73&5Kf&iSu56dF!d% zYNwB=??55qA24)H-~l#!XC>p0KBEimBKWF{u`6ZY!K@vT~yC67=GRX?&k-_s2)S5L3XW&Zk}-(%HxhMhmmg=my?lu`W5 zO6F&s%h&y>#X1}fS09oUi_$!a_i=(Fpk}GkPY0dV;zI2~#Ff?>F>WKzZtmcTt@vGo z_C+sJOw>irh|lOYlRf*F$NOsLzwrKItqcYd#;nKSXt@j79 zq)J%`4zf9G3QP-GvAwI**iMC>?fX{t0M?->sGLk!^{5 z;4HxY8U#ZCCvQ;taLk$|a)_TzD`g^QPO`dS>wm}R(W(A^zHIn*^N{Cc+Ovx>sL=9F>SR?OV|9d0X=i;eE$Lnx2h!FqU!s);13U}RNqFh zNx#>aT(CgPyL{r+q19>V+#V>#mMJkUjo&1n`M8{xv`yoyqXuN7#a5eiv9xlEljq$z ztVdZGUT4Q*(`uB+LY$2XLMLU8B@3H zRrx}u=|xj#7Z3yga{F0;8=K0LWdN!&YK|qCgst&?B9)E2Ao0z6TNU!wbfS*FRW}P# zn^Kujg<^AKYHuHCx@$#Ux_nB-VIF zPvHuUAK%)Q_t$4{tZ-UghR)LeuzY+F;3QWuz%%iSBz|{@|NEP$Q8Wyph?t&o3!I0G z1)3(CNGq6%FkF>=pVQE+J=zED@u+*>RcJw5pnjmz!is9Ot32A3vIwUeQxd zoY)4Vj!9TvoSH*Yx2L*&EPo?-L0QY!9W;IZo?G6z$E_+!%H66@P2YmDPPvNO>SCSm z(PMx7Agmym-_Upymj8Tgr*6*C1t1an%l_Y2=w_nTmJ1uHSOyBW!(VN-7|il@BwO1} zi-$P_L;6P}hR261L(5#zeL3{p^0VSuf$t~r=ThQ$pIUg9eZ$pfxsF08D?GHYCNuH{ zlRSYH8#tSmeP7Q^=LAlbo)dmp| z{U-7+1}^v1k1g%&{eooyYts*}gBP^yP3w3G*3pRRI}mgoh>DYxXXfDj$Pd4D_>%Qv zOT_~z0?C5A4{x*Yyv7#l+p=#1NL@%dppif-otI*X0)H}Pj`5FX(~LiP1MDGjnwl8#fTcS1=g#t2mAH6hpQ%w))gBeW!y}M8Ww3nK+n%e_iXVpZBd{e-;j4(Vt)~d5 z6fx?OHT?y}+}kSOyxfH?q38h#ZR&-^a$x%^G9|OlOA{jbtj^?CQ;JloX_;DRBHKvW z4wGsh%jn`5kY9n}0hZa_TR@PcgLW=#JIj0}9%`dE+ZqA11Ok$0OVZc1ajT7yP7ahQ zV~PxLl-e;9)LMK}H~riUyvhL?TnBwb+XB@#cmQS8O4*K7Qbn-V*>?k?<{+gr%adiv z>uBB(1Et?G*~4JvElW?;Es&2ZO6I!tu#p9+T_+YOKWN-qkn} z;k5wX6SinZE>=r^MlnLg#48u~WRUqq+UncQv}R0u-qq4zZc~d0TzWNBpm9%?TSWwD zmSA5LX1*B129Zx>xMM>CH4x+#T|VyhpK-)at-Mccj|yXfCN&G$43x7uT~sbEdUF2b z0)JA)70Zv`aPWP|mtvN3aVYau8b>my5oSR~lU-C}%a(Dt*0y>nvn}KnE+hO&V`LFO zEz%lan;j<;@+@ZjJtJ8;4psY#Q%ufc@Q(rS7&G2`~C1RK|-Ki{Q za#wyl@3&-K7r-cOkmc3y++|M~tTE(XKx&Mt!dzAo?_{ z66-+HnHTL=87>(XokhgX4l`*5i_x}j!#L;*jJo{_v(}n|r6=iU!aHek1{`?^MdJP_ zie_~pAOk^dE@d39wz;Wv&1chD6h7Z2jR&wq|E-=Y3qjN+%(6*M_=P*p&DP_kWn}@c z+6i=^Yj3r2NKADtoFEFoFxU=Ek(=ox7DYpzTl!kf%H;A9>Arzpxo)c$;ZF$mqTKj- zGYwIt+jQoEzq`l?oqu_9W6_tTQA>p2i6mnk@tD?rf)^_ww}H=9!><@%UPx}DC;O!K zjn+vbT@rrKFvy28h?YdjkgP_Q$9tGl(a?krBtO;ROxhVCW&ZVK`H$l4qv)2)Z$gE(a4*F3>J zOcl->8NxrjefU3Kq}?)#OD;aW$y=3A`R~Ur#?)rkM=qXmnks(JoRe<4v2z@xF+G^r=l?`D>`(*+M{eQwbQ>KxZoRP!Z^__Tn2S}6(j3L`w8~ex81waa52*^V zCjOLw??>`XgzZ<=aZ!2^`L4&M176LRV@cH5w-C*4>`x{22qcA`oz;=!zGvEJVtpAD z-C2cR{RnqskDa6su1V?RgfH`KU9}x_g4kIJ#8n`dF5F^3iN=ufvtnrFzUtG4MhkAU z*erViaI~dEVY#x08o2T*_f3sfT-D31V)kmux}bkNjViz0TSXF4-IZT49yd88Uc(y% zIqiyTPu6gb5t=xt%N-ahqP$(y!{KHqw9!hH=Wj9Mhho^4wLlhmv5Mb3*t>4s{M!UZ z5JNDo!M)%g9#gBLp0B@rl2nAwM# z@C*-!aAG%wv?A<5$lSSXyBy8YZ$iU&4TVx^kXhcL5Fg+jk+;mN)yT`E+tjra&2(T&xyO8O4R=>jEBBatV$ghP8r+ zVYrGbsS8`4h0xDB;?sM5YG2)6%~k|5kn2kIQao*@Qa%vT^xA1E22Ir~oDH3?X{uv0 zzu;xGC9=L@$Wxx3sC%p^I7HOfTua!)Dmb-ept-Oau;6@tT26RcDO#3~${uD4734=; zSQJ=g)CxX?kfP-&HHN_7@@g<5hs@4gC(CEnN$>^P<7rrHQZBbK zBPwNmjUGfCq%&Ol$H2s|oM zZ8oHnt6QOsQ79ZMHh2(_;9{{v7;@f2wC+(!e1qcp;Cz=s$^CjA+TS$KItNUsXa71h z&(QUV82DwiBO{ts==FY)!c`reGm91&!41WWRl4RcoQlrJe|Bj4k>e(+sXn~n*LU2M zd5UdpPPceH9pIVj(cc|+C5U~l{%UW#I8%qDF;IQ8HqMFS=AlLG5hgM&FpI(b~mkC%-^lka3E0K-6nf&u%%_QD3Q> zZ;@G-$o`B=h@IpHD@S~&=g5~`*<-A0wEO6W@RRSp3G=(~uRWgv_9LMd5|)+;9Q}Ut zCA@8>;kA?m_?&La&VI(M41TjM1}(wgiu4S)D-Ylue)(bQY4`OE#Si=5vl8Cyjls`w`n%?oLOp^D^6ZrQBFS$`H@@oCOgl+8*gqhtZiB~M!2<@ zx2&xx+d#F5gS2JcBE(aWt`HbfX&Gfpq)1{v{GnF-w8nW$#FK*Y-wW{nLOSuxZi}KBPgr5dng32-Y_&l9z zy&HjxvF5MGY-6fr!^}LZd{n^ij1L)NQ9R2tEV7wY$4mSig-aoO&1#w_osnHcu%#@> zR3aPVAK^9$S0o{*Jsr=~sYine;+R&e#zjl#>*ZYqs@)1~mXJFV4|S&$p=5_?RVbFN zkt#dPEhugklC6xsVAh!2XRxOovV3mYzZ%$0mJJ_$`BIN+VvV`<(txJt{QGtlDBoE~ zA+2RZQCH$q<_H&jcI6S{Iz(>lr%Q034{fgl-DUW?L%d%0>I4Sb$0=NXOL5TV8?oB$ z^e?Ba`8vnYk&E`fZVSN+eumO~-R|v+o1nb0emcbGkV(d=C?Vi3g6V7<#J9jwG zc*OH_Ng*Tm^!Z49839E+kng~=!=YrhgWS87gj!Oy`C5gWz!i@jI!};4cjQt>R8xtu zFAE9vhG~>EtA3;4(Y&z)(%9dJg)Y8U94&oZsBDA~9ER>stmsrmgxWM;S&nZrH^dAP z$*pXhGT-L0_33LV!XY^blxkumhR9ulO@UZJSFKU(i`VRNh|2PJ6+L;iOEy;OhP`Xr zVwEq@Cr3H}3a|!4sB%r`bwjMVRRw&Y=4|imZX0QnsC>IlIjw4XP2+cR^9VaRvh)c< z8q?7{?xpzmn?S$H;VlhAT819k2icAiiTJGdbY|(d8QL^vE(zsI6Wx2$nd?Na7nfcl zT9pY!Y+{t=R*Ak>kGZz`tWf_`yyffov{f*z#yH}bO`#NI8t;`N2qy_<~I*eQtNRqaK5}FL*ShOvq^+aEs&TWr~{(7Q^U-Ke+P{{@Q-c})GZZDh^Ctt|fo zyNo73y+c2=BXm@#Ww;Q2ww-lnS7m{z_{BPa zeNh;2wnzEgRT=8T_SR@!iyGuuWX$*iTlVB&8~D{u@v~lgOAX!kJ#W*o`&9dW-VgmX zqx_$wArRCDlXuauhI7&<_&jQ{1(B39BbYvCH|gVx#>CL0smC4{pKyc4aGHTty*0wJ z&VXG1j+C5VV<@)=lyMi9&}QaEk(ps##e64bOpJ4AI*+!j^dk5SHMjmp=_brRCP|y)0xyxqj8z8V+&_=%-Qc_gq13x z0hAI($c1RG7VcU(T?!H?UcLz82P|CumQ!McgIkXI!VQnB&+WfnBNZPCi=(5}J%wEH z1qB3oS<(yQN@AtmF?$f>`^(^QHGP3#NN&>)CaN$k0Syx*`cR9k&eH)qqRuRW-zXTr z%)jLPM!|0K8Sav~95|)nCzHs3{Tqc2mByFF-zT*fym_iJE~!d3W)f71OzpCyp%mfW zE50f%aZk^526a6U9yt?k;`UCe_TH29@(;56Z%qOOA1oXD$JM=VMgWnBNta-WWpc~B zZNxTs3p51=A$gUNypRO%0^kSad`nWr3JDZHVuQqhFoMumz_0D@2-r5zAq4OYWDEn6 zIbv}41gkjk5b0mXJ4*D2Z43amS2W@n2FzZnbKLp*|zV` zwI&O_BY05doP^Su_$G4KvwQnN(O@Q^mIwGXz_quX@BQ=zTv2!gJrOJP@R`-0_Q@;| zobP&@M#<%M)Su%gLtr4}!GBGzcA*wd!5qa>NIZd6j%mkNZ|&WA`Vb5TeJrjaNfkVf zgW0{;S1FmWHX5x3ISvhS%QWQ`uf_iK*Kkls)d-W&4>upO@-hhmt zj|s0UlbaK)0;wo=2cKX((>a3&Qpjp^0g(2NSjYB7?Id3ZLE);)OI<~rs>rrI3453p8~4KaHv({j2h2D z4wcK&g$gctSA7??0XH{mr1gd->pt+2Wen-nIu}o3$1H^TBFqgaWy!4tlSn08f7Nmk3Gc4mPTLDi&>AK_VD6 z%CEucljHI96ZhXJUHPo-&ia*~ro+DPNtQklM=`j5VOdub>XU!IH{KkC;s#MFKWaAC znE5fW_KLXOJ~q;w^H|$W+#ZPj7WzAF%8pbWpiTZHhx^N-^m)efcl%^qYHe>{>^iQi zIv^78c2 z9fZpW%X1n(4c-bvD`h34&##OU=V3mUW0$5C{`sb<6sVygeaeN;eixyZ>zKY4@EJtvXdXyJd=b)nkp9FGHHdnvV8gfeEck|q z-~`?NWzBp8sHT2Y*zLa26 zayiQw&28Z5kgaQfG<$Ac=EBfbOWx5-m+9E;gae#VVb|AypO#xRokZYox%=Ha=Sf3a zJ7QY-M$N{3!_Stp@&|sSxc^z!t#E8Qb8Er3-S~)yG~NfOc)9Pq0~|eR8r#27u5q{u>AT0|ByWoUK346k zj7sfdCV&_&J5o^GVUZP(pRnfa&>R9)EZa7E$DPCGgwIukBK!ned}jUYt$^W;jVMICmme zQUW#m6LD*qodk)Wi$=T0erRpOOZAm~IVM=jC0Xg-u;U491ex;I#@r6TFOP`*@WVcYl+2tG*65AWVa2O{Z}uvQBKQ3iz5_= za6bTni_$0fZp_k)Kx6VmZ|PP-Ktu=AoPze&n`9eBJ`kz8vA`oeC&&})*XS)VX1Y?6 zU#rI!E8gHnk9xG*_2c&no`>&wa*15sirO<2=6tn8X{89|NuBhkJ;(fT)zn;(8r8!W?5PN3GiDEImrDE2~NNS7|gBa&W^t7U~?F*MY5C#BdlBq0V;fTIPTb_iC|N@R+g{Ux-( zn>Jm_6LZ^9vy6&yxRR&iu2M=U8K+e`^v|u8#n1(NlF~B~A$}XA6@?Pkw#^({F$c7{7coT8S4|r6W9IwbQobwOV$MjF!j;G2A`1IjODehimWJ6V&xoPAvat~qYS^Ed*Y zWYHTHC=*HX6uWs$Q$+mfd;_qGUVMWWAG%+CK}?%dTpDY-Ut424Ap5>^mixK(OC6!A zCdU&_p1hitOo2NO#P!^T@(IRgN1!)=i-X0Y1g_0KDVOE(R>dm~SzVjFFF0Q86Fb_@ zyFKg7_dcHQz3cdUUl@H0jjn{GAN$_54HR!Qt;J;~OMpDi<@O z7=b>}zpF+wPXnaU_Bse|*ub2An-%B}oDPb%2cY(@E-*fip_2Y}k%9GNCL8vPS=sg4 z^D5R4qdjW<2H*-xW!LRTm2L)KyZ?UyY?J>#fK47R3rKUH{!C{<|9=4NNWEg_OTq7# z+t(h&L!0G8vFNvIFIJmS&ml%K5J1RZNMKQ=yGvSqwFQUzx*k%+btt z+1K@8@BczPBz*PPw%(;iGLN%|DLn`@_O9^glKmw$H6nN~pkDuaA4VhCNcy1D%Y@t^ zo{NouDI)wHt5oDvhOKx${YzEsek{yxoox#()2DO z0i?=YntCP#syVQrR))H@of7-1H~57BaQu|mCYCyrM4P{$%*z8%U&P=)f~q|gGt}lP zPMaRa3VC1hkjgAgcnVfwwV6X1H6@pWR~aw=Z3_EBi}i^l(bWH2B0qob@nab{XEW6? zq{Tfsn)7o$)h|I`0Afc^C8NoQHl!Zc8egK5`dBU+b!}HmH|BwU>RE@EZsrnuz7YY+ z-hNVfj!47%>bXWplCG`AiLrM(%a!g>{NpR=Xkc5U`npPY#9tb+sB?Gn0UF;OXEz<6 zKoSCx!2uNNw>^A@t1Y8sO!0V#A;ik__D`v6o*;3yywT z!G(A7ADjYM8F0IW%?CB_|CN|Ry+?UBXe3KLEXB!J4o)c2YP@mgmb=wk#*pWOIuNOp zX@@rzNj5fl%upVlJ-z5p>WBW4S~J(N1BEW`$%q9TVHA4Z-5JqaKRwHCq!j)Ub-_mO z-N|p1RNfbVP_Z@yPOvO# zkeLgJDMaJ44i5kn?F|87?VlW7OI85=0$Ujd<~{>(+OqQx_y*kNV{LnLFb3olMy`9E z@AdZIEn9#?9dM!M`9im;#{ABN2Z5vbE*k;6^F#tJcVXVYNW5)M%)u>SU}r2MKS(p| zYp7i^mYw@`zQh_F>oX9Q^9494`9@pHy^1BeKGNIhS0n)6|9qIkXJK=7qW5|3z2&>PO+TuTOY0HM>b5xSBsy9A9-$4Ws@rKxs!{9^_FB%*NGpGF= z_q=m8uG(r5-@^3^*24_Sbeobi{)63pkKzclCY9DpTnJ2U@HbXkwUk*S5d$Z-vpjt; z2)bP}&q$P0MymnSfQ2lHNIyyf%Q?9GH;Sptc2mfZgI0~#z^WlYhmwl^2fU5Qz#7*# zNW=LJk@Inp3}y{GW$^rPa!1%~jCen(dn=-YC&mQyz*=$g5AZ&o`=4+|&QoaR6}J29 zT+7$ju2U<0tdT5BGdY~iqZv!HtsU+}3;2Pt4SZln|K+NF0X(T}+Zr4IciZCS^SVx~ ztWL~o>8Mt_%w$exN9>AcdQXaoQC;wbTbv%1MoSQ=?0t`Amx-0y`@ZY2Wr0SjrmYD# z413d>|J}-+hEtuB*dv2=%if}Rj(;A4CW9@ZZa~{z%*ZN;DI5~sY)D)bEqckh`<>wu zIm8&O@rj=h?1h39KDz}b#!#a<1!kKx> zCDvH*PvMI0RGXk)ay}I=pw2rM)vKUGaUEkfH@lKA*GX{|CQ9`i#T5=9@2LdqKnjZ8 zA=}7IZuRlrbM}h_3X}_%H0J;AN$1COQ)7VC17(ro~9xm%Sfe zKM%WP1b}x6#8HOBHmYGQT06$u=7Vt^AHK;Z1?PbW>*9e)XTt_ATFb0Cc;1n!z~73D zqI!_*V;X_x%&FU|FMbfgJ^t&O$PU!k<~=N9fTf^>IxNe{@Nbc65G`+nZ%zxR8*&!_!mf8$ti%v{4U zYhBm*J8KE>EkumMGh>YSB@1gWGY#CjhtSoBJ`tAIf-sxa`)jp#^!B8O!8#dl*>A&d zK5`ek+sTV?{v2R!70ez(_^^-|uU6^p-2D8tdkP_dyOVt4;;@ds;UC^9)M~}}GZ7bqHb=ptY=JaVe zZO4HR9N!R0VsvMdKdypdoGk0;R1RX1e2~d#jJ(wB#?Jl!2Ht%l44@>~B`%j>L_Lo^ zo857u`_m}jg0~AWENcF&4iuP4&TBK8HqQkNe-pmjz4Ec1{75w*eiJPE{YLO%yz{R1 zDH_;yufDwbe*7EG;qT1)QJSBm`EIqBlIyzS#EIT1k|#vIIz=EV=ZSl`QqYFGWF?^m zR^lwFPTk(>d!hP6B(}M<(y>ys)l9S9p}Y6*=;mXg$kd7hceQd~jw zMa>s_Hr6_mTdOK~=o>am^{duHPtwvb-=}YxTK|E(N6J4Jo0fi-eUabm`WWN3KB@rc`qh$Q2B=uqPX)0juI-E^xR;mAjwnQC#OL+lWEuf+&a znhYNO?6i#NoSPr%u|KLo7dbGBpdSTv}jL6qTQ?)w{tDoU6e8QGcuN zHb?ugk_^k%y&0uC?9+uPS$uM7aMAWb#o3JSK+U#$YFA3AmcQ_h6T&(qi##$MEa_Qf z30A|I0NNa;Uh$=0)=d7FE#N1Z%m^`l2AN>&!tf0NtQvu4pFK9rOREgJKsi%R-KQu@`z3erq^>4isUBB~fjcQ~BQBR{faZ5^{it+QXjH!uc*O!B?D#EQ|Y zo(rHkrSCS+!guF8p0h`!8<`a8^Q8LPc^2q$Y_lA=hK=oFik+V~wVS6jcNCb*omg4w zaX#Mw@Zbjd-@XhrreJR5c1}Z2Qtzs2uhS=`Tv&Q-wpi2 z{hhTL9{|2zQ?O~~u)nkzfM16C{Tzu4%k3& zxPyNI>JX`*&rf?S(W08UtjaJhATeb!tj zLnhA0q<^Lx-U|;#d}EKQ?;pekI@mFNmWxw>adNQq<~Frlg8=s79tTr;h9i3wFHKrb1TR_T z^6rknr3(!*E8Qmy^#)~iRDmR zJ_&)I&Y?^*)(we$u`2BW2VO_wFcz0WbTLXvuHwv>AE)U4nqpP>^$+BzcEup?(k*)r zde~#Pk>HJn%~Z~iD%}J$!!Qk#I&+Gm%WB@^9|lTGIG1Id=J)`fSclUt!GArm?E70n zb2znq&3Lu+Av(K@-r*9|gU$F{9q0@gK~!~ogL>G;w%0UUP{R+FCPJCU4DG{SKjnre zp0Rj^pgobjh(SQV6T+ANNEw*5FE*nihD4SI=8qkY+8f}7A?Ywhd874>G|%7T3YzYJ zymB-Y8vJpl3*r*qAz&W1l7!iO%_K>;s+=qMd`1Bdg)9j*NLIRhc5cr)C$Hd8~6q%pkMFHs%lG;R_y|9%?2n z`nN;?xy}DJQ@3`a`?et5OSUxzK;E$vD$YfotQ=Vmp3UWoF&Zkd zx84+$l8S6*pX07k5Okq!KFm1EH=i(i7(YO8sd_fnB+*&pc=5G%lN=Vhmi(Kn z(eKzGSzVs=6K@F;?wAFK0eG#XlTJp@*>lIv33|-=duQ~Sby(NMJ3S>&Lr(u!e%l@3 zw=MtWx6#MSkB)W-Ni_NJWrZiLeq?m27zz*|^OKB162u9+8}CdZo(mgSqmTL&p$|Y};IF&! z`9D%X0SwL$u+k+m4L$yX>^g(&k}+l%P-nNFtbY*s1bAZma8XqJ=h2!zK!dO6WF6%M zyb-WU|24_=J$_f6DB4#y) z+ebh;+_04pkh~APpmCOzPdO(7fy8PY6 zNw1tHwb!cnH1S6-qkIIeb-PmPp#2v?9Y|d-MKVzyJU|fb=RW%N7$lj|RI8q@l81l> z{AHY%krD^fK(y#2>Au91dblp6E{8AQ6{}iD)6}Q)Evb5sS^OLmcHbz$J4IZ0CZAgL z;M2OeRq=1a=YsSNXX%x!de8uOcqu8NA_X%K{zlfaL5^MXn&n`t>8oWnQAzDKc|CNF z;m@z$syAv#%8dc#b$PrdVbW6Ay@jA;o@6`+!nU2H8Gz=NXc#)^;fEQkM2Gnta1$Vx zx_93cq{HO5YCOtn(i6j3^2#e9jW0JgeEj0*PjwZv3yb1K7fKj8_)~ftKltvAFlIjx zTqI_EBzZd)R27L3!aiZ*HR{s~d5Hh|9IddP_c%JHJl>S4h@Onj67DbDzRV^iLywkI zz^ymyEkjlunfj?z3)fd=G}L%D;6L|Ilza#8!XW*O_wqo-hcr65&0;1}KkCM#awke@ zK>%*=HazyZNXkcNfvHY57d78TFt{X>qKhi#e%N**n;{vvqx42hU#Mt4mQ5+?N4+wm z9$%UZv1B!jq-I~lK7z*Akh&f*S;^5`aPj)f6I$R(v%0WP$z~cVhH}=md8dT|5o@m9 z@;fd#%s~`P0&yD?mnCCwEA9(KV|0{Uz_4L#u=mv3BW!& zYay@WJQ>V->Bz0Pw9J@`@wVU-3dqAw&weotnaw*I&t2dZ%)J^tNQO|YX~EN9?7DPg z8E(6L*pihSabC>1Ar*B9d=qfuqJd?*iHAhSXU5+Eq&+L;)My=iw~%|HWM;` zAT#ydx?3_Y^*qor93zIWGEy!fJiQqg9Xi*8!e7ynZ@-ue)u}VK(s9u2UsObC>&m}_ zwc`o2Vn=^wbz0Hxx~cY2yN^pa6M%hOi%GP@OQy0!6Kk3@9WGSb z3FAa@AH$z2e-)iU@^W!fO2lOJlq>siVvHOY-*jsR8JLCWOQDV5|ojRM!uKvzQ5|w0X!Z!NjDQ* zF(K!EM&%fN<_yXuB9+qkgSUYh3cz%aZzhPSF_7azP5{77=7H_5)!3fMX)qh=?pzwN zJO3NbUYQB|Lfp0%$97eeY*xQk+P>lI4{sVWzKjV)%i0Nhs4{{X;k z9htU@yt1vi^LOhi6@Xq6E&?OG309J-GN5`zl}qDj%2LeOyBhX+Tpo$TzTiunelOVb zleO&BesR75+%NAMLA&BMlSIN+!x#N*y>9a#aaS@l&u?7%B*i^+o0*$4Ohp4EVZK*i z{u6G`$+R96d#brc60DowA7;;t4vol-3q-(7}WGD{nB^`Ejc zE8vVV%bDtymAroEkjTl@Zu-hhS6BrhS^>Q(qYGa@Jt{g{PWHTa!F^9)FPAD^v8V94 zBIB4xt8b^vkaP00#A2Z+NoA@RQRg)<|9M$mT&#M4uD-vK+4Cz>?SMut zNu_PimFtaA9G_JUZ_OgX>&pYz+i=6nqHUN>c`?^wZJA=G`Qf1n|I1*4acKX$Rh6yA zvB{U{{9FzrwfWkQT#9{0T}@`Hc1oXDi@X+m_MXl-7Fd z;&7pqT~l#s9y0DuNS7jZW5l0N>Rt)+z7f*pA;JW@=UtH|D2a+mUH3ReApyPru6nrC zY^bZ3Ln-5fexgX+Je1~O@CWpM1o90$Jcd^+7MFi474ePu$V{4Esd3RXenN7 zN<_rS2EGKnn656HQQ+WWP$TimfUxfs5!>O)jg3oT*M!c$5iLl3w7X*6gQrp^t0R(h{vN>Eo5(8_ zIrI8g<bdJBErOwMV2bnMV6>ni-vP=OOv_ENS;l@?U;mPtM_^cLp=KKT|&IF7Aey(c~J& zc!jn7 z@mpCvB1>xIYv{#Yv4S(|lDy5h^c7ruS`Y#3A2E+uqiE{*4^hoR54w@ax?+**+M4(} zls|AxmfR(MPY#-KFA} zEtThcvtH)Rtr_=#8|Em5`c&`Lz$=-F-t@Ysukkt9PKD6K)P3of z?ij=&OXAfqEk&cKALF8LSJ(-^#3^wNgHjTtIV{DZ^j`uUO9`WGUvn+{&IqCyCy#Rf zZBqQ-Dh=gmtr&#<=*OvpNlwUZrh4&;Vi6LC*-^~-e$rA0zDMseL5|av?^Cq^VyM7` zM=3~epFW|dGe}Gj4ZRFr@*TP`g7c}n1o-BlIMIR`>9EQaBby}q&Cikk4FXM;9Y7Rr z<;3@b6#I#Q&NU#j{SR2CI3PC(li)Ln8=STo4xd8)I!Rg_H)-`>5^)fN#emcFBcngZ zfC=eWMA_7s0<@ow=ZS}1w=!A@4xGigyGoaQxzoY|F5gG#uZ45RGJs=%_QmA0dj3q% zh(T6OlAD1m25$2;r+NVA{!wz_Gls)h9{!(zft1RpA^v#CMdOro{riZz$8~#qUq=sY zcO4#dkYy(P;LgcuM(VQ3Q*kRDHEA>Z@frk)oXm-_(oYnCBCkSz!|^F1CS;PsN_D(G zvmNTn@7%|@T?|#^E7zD$TSxj3Kl>#11BNSD5lUa)($B@ zi3qRU#dNL-PRSgUv>kNIXW;lruWJti!a6vqykjwp@wK zIUphj;B$_b&KUb?%=SL|X%8hckSXQV^UGFdbjYv3Qm8wHe?8|H#U&Lb)XRNylJF-h z@a9&RL%=G}e@IzOoE@KW0a5FqUn0LKt}Vg=;{3lP;nRY-y8TL1VW8SN5zbPrK$USK z<%r@Tg{mKEnnNByRat`g&~a8pYWRzn`RMIZI$9K6EoTBJEJ1gq_g!fY%MxWAlW!uu ze>T{c2+a#<*0S_89M+JIv6yF%kXWfygSaq?H1+tb2)GcAE!CK6vxi%gV@ zgk&|&_*#EB;1T?^)9A&7?z*3)n$8tA`k?bPdky;QfC9z|;H-UAVXN}Bkhy6lXSIjk zPXbo>mEEqW4n+y_7;D5wnx?{0E(+!5=i_hst&CYGhXN+{=1LL;aX3!cqzGP?%R%!$ zd?SGFR#g%OPFg?YUKZxtswc4sW#8m16LmUYR5SCIJ18JYO})U!DImmQA0KleDm`7ft`M!2riBLDt~4%G$-qpHlId4GUBGLC?vfL>NV zEGfiyfHW&2bqqmId6kKZDtEndB zD#Y>T0hxKGuX4rbLzw0?o?6)J8m8_2SZoE<4rQzC=%wE6WMN=CyM3E}1z zUdpPXm<3veF&~@QrYm}hp6}eF{^bZ0R9zAQ@|NPo+D4zPJL3RPhnuf_43dJL(EN{# zTE(uel65m=%|${7Z=e#4FGqEajG-sa^qAtTYvo{{TtyZh*_TNw+Bp4M<)@{Ze0FPp^C z@sY>wCq61Xjx3?-n%^=E2q9x9%^{)dVyRF)4sV%&#lyWjfdaO3kB3Dorg4}{yA4U{ z4u;o?NP#;(TYvE$VQb-A+ALw~Hz8Y2>l zc}j)+>V2an=%S}5TL0KUw2#XQ$KEewvbnuO*n>;VFZZ>816(iMiyUXP74C3L^xww@&KY&P?mG-N^Y30VQyLaIZV z0?rMX7v9h-TZ+LmB3gqFVoYX8(x04C&FK`~TOVi=$vElCjoEbl83R+uF`J&QRTj0g z;D6AGr4i{Hdw4@O^}F@L>Q&Z1^a#bcVUOn+skP?xBU%Vb4{fl^biGP?&LZ2KiQzoO}F6mbv$ z4Ob70ktS-l*^1GKNVt;~St(OYz7apK=Xsntv(Xb#Gt(FVaU`}xSULnG8BVLfDwxeI z3=wRI`56c4!xlgND4RR|X*=Q4HGRf$Qns*X`Dne#7J>+t{qXqZ?{{VxN)YBb}*IY@V)6Ze*`gkuDrim-?Py*zVyQ875Rm+V7dqU&lP>$s`Zr#Zea#yDhF z?rq43NMQ3b<{e99^o1&aVUw4ccw=;ZWnM~1IJDI?HywhF9fD8dW=Qh41d)f4T(NZV zR+NQ0VLY7+H&0j7^ymwH>0tR&j3$B8kpU9aYh$JrsaT7Mkd-e|o%<bJ(Rg(E9-< zb)xUL3LuSC7L${;o6zeLxS?m-cm`N0{ZaI*U$I}7a=?*1WqdSzPtO|=18k3n>KzX8 zoJ_kX&(Y=~z4%460?!Gne#4PSTvhAi&*N0kR32vQ%l2oi!P@}_x_?i&!-qZi*F4bt zGp~eFJnQ$*$%z40ZalE$iFEa2vfb5-2HIua5Y*-OaP{*YtPduE; zRq>mL*`ge%cxE}6Tk6<}ey03rK3WCGRHiU!2)Ig{YWl7%q@%7~FUp#RAteVVYi<5- z;*?Q#Clh2#yl6|+UKhr%p@hlRa%7t%KOg?te_j~vTM=t~n*VSfJJ9Wb#~iID!zQK} zuE=4R!@atnopA|!R@%?S>zCP++4L0PvI|~q4yX4#;azLasP_(rZl4aQ({8XA;XnoPKvV+f9Qc{ zh;o~x@1`fu*oha0?Hm@`gt^#S_-dy&slIv1EC{rgS6|M7R9Ih+;xquHD- z@phf$fIxu&rppPg7}rU~bg29};ee;nh*)0 z7IoU8$!(z29-Jkd2(bG*;yUxak`JcE`3)yEW#H6D_yTmJkuzUBvKLb&qwg$s zwUG*UbWZilVd0rN<9R+X^*)%vlsneykPwqfhl7;!-f0^J!p$@_L1fIh+2F(JpZhAw zPsAC8!=csIg{vFatM$M3e|Akn6`xz{#b)_I_Qd{_`DVVR9}q8w%8+A~60&PPpL2FYfVS@?Q)d;M8>G&w9S@C2^d?#^SP`AsdxZM8bk+*_ga zQ-&7!(bn4RH9JSA(~AIpE`HthI1-`z6WAuOt0=UKvpyLzq#JR5-=)Jh2umRvG_M^n zUxuYRO=lS!#9M-~i%F;zU?%~1C_v>?wBURP{x2<0*@`TM1X~nn>y}jCJAPU}?VdJWg1be); z8?1Kn@P+!j)#HxmMe5_~XT-@7owY9R8edr-C7Zo6T=P4lxt zz7UH`9iq=#K}K|fB;HfsU;Fa5e&5#Es9ts7a@Cmjs)exls`LnRktw$7Clka}zG@g_ z{+F)vOO@&^9Z_{*kqe~sV`kJ3qfkRAJg1vt8KEKy%YyAvC4-kZMM)nyi_NkqBXtLt z3z(cI8m78T5v6E3UB&ZUYq1#dLbjE-(5JNk`QM0eu$Sa z)j$v`Q{9F%sX3)MV59jNR)d^A%)F=+`R%WpjZ>cD6B6QEj@$joher`-7~8Gh@#i=D zYU60R%^IDC--W@lysZ6|uhD&x;V9+)P+yz&umv|hy=AKjAa-YZzZ1uqNI zo*NZjK`r0BCNlUf!eqML?pC#bf)-=8h>DnjvX=vwpWep-yT{0X?zABGo6x<=0{oJI zLRC5SnY|x(A7!9BQ#P2NvEc>6XEXN4e#5EP49TdpuX#Tx+L>-@UlvRmQpFpNSY*-M#qetU%#79IEX)yWzX}f8TLy8|EK~pUOQVX?RD;KtM z2c!MSEf=_LPOrec*Z-*OTmc)LCb}a@65Bru*`q~}avkVHyqu6mK*lMs$Prx{`0KKo z*Tlgq4O3yn$RLz+TWk^LocO|0qu&6B(W?|1GMm(>otV=4a!ydC8!t&M0Xkn6*=w91 zW4?r%>4s|OgL(3mg+_vWwC#!9jG)niZS+WY^d>UwS~BRUfBx;kCAH2Am-h=#!BSmk z2XtM@#K^DZK|oWk!90_LqRb?M;G=1;ptJcr``Xn}OXVQsY$j1plY_(2MaQ8<;;3xo zaNd4xZ~j>2#CwJ^=DB4H-sV-ayj~SKZl_Z(}J6$ zrabj@e(n^S+^%LIJE6a}i{6_fvuv#onYxJ5?Ms_F^-k;Oj3SqkiD;l=FYo-p*OI+o^ZIxoyGyiB`2}Efv5T)A zWN;Qrv+U*K+FllcV{(zn*@nhF*flph=}xmb)WCz{K2N-;a zl!0E3j4ik--*Ku7B>-#dZ`u@`92CaP1-dVVCu|$Wlpm5xEqvl4^TRl-D7l zzE3X)xU#P}qNPR&`)BZ_jVNx{Iu9J1KB3-}cvrWb8xQ##g!YJ}9-IADcDPN-1BnIg zTRie5{&z-HUVx}|Tw|yw-cqb_Ci&EjhK)!$yt&UiYhtik&B_8i^=hHlD02;GX{vt| zWg{j?_L2SocT0l`#qHLLJ|JD+p2@Dz6gNidaJKua%wCg%e@Bz$d7WvhVL?CUS&1yX ztO8??hAO_6DmOapR7G;+b=k6FZlZdd!Z8x|OR{fFMTC*d+y1=5{47i;^QvHWl|XfM z6OvnuLEd)VD&Ko8BAJZ|Z?`+=TT~#tvqeq| zk+$`?F=~SRB`rb(8FohzyAIQ*i3T`h-;uw5G{e96(aQ~a+pU-;$P#7I&v~*ULO}vb zjvph1*?C^R`uxbWP{vU5oFzTTkiV(S0fBoz{?m}cqB#nCDU-e}eJYYry{+m6#@Dnp zn^&{OK{=7C>T1bejCkoRb?U{Y9u^J5a{YmFe3rfE+|#qVdEz%MPICLIYec|Zub))= zDC?Jz&#fSzG$9i0FQP<)i8uJZ(F~BZe?V4ag6>dM*}B(<4n>r^Koi1u%!4xK5i!&B zB3`s7voBT^F&xz#<@j2xNoWXzM{+5iOo_jh-CIQtkqE z()Ux4Vq?%bR1tOaCiEf=LQX5J5=NBA6 zVQQ1KBAEKd-gA2~ri3jcL6?_;%_iSC$wi7lVG|S0@4s;fSGRAphgpZ)nEW_e54@_d z;k-Z03Ds4OfAf1lNR}( zE|=|zdxhoZgme4^U_{wK{yo&1qLR~0^zj*b@RiDc^lkrF0O#8n+>U`$TZ|vld?Z0; zpJ1kQ@PS6}tj*!)!q_)@e$0o_@vsHv?;Z_^gRt$zD7OYxM+Ci8zsb=3BBN{Qu)~DR z2D2H}JeSPEUFQoj#40wv<-6(tNFR;gaD^SgZwwjugcS3CzC{-Hz0UA9DeHMkEF|5o z1W`~$37PG>w0Z8Rg>HTL)ipUM?4PCVc?k63Ps@Kt<=cdOa6DB{&R3a9K=X5V-LocsPrN2i+>EzFwan*SZ3jQ!O@Vs!(XebD zjQ2bm8d||UD@vF^H`P7^25`>WM-b_{W#7c$*p?gZWqvh4rx%WL9{XhuzGh@7hmwE0 zQx!Q3PMZ*rf^c{r3BzNc~%+PMlB6{~T@A9jtg}@Mc4wC2H0 zer(1@&~_+8&mL$-qKjJ*dd_}=Af=3QTaCd3dx{s(RbDQw zkV`Dc7fG^Pu4euix?yaruliy-^a~S!EK$>>v#dY>?KsuOvfKQk`AxO6-V2ErEz~gu zrKL>+NY8AIF*L`JkI2-H?(n!JHbo%>NTa%$Np`1cXDYR-#r8G56mKZGt z9KZsG%osVCEhHT^pYKyYll^d(P7-w5Fvz@rRpLm~^2qhCFDqj;hI#3`Fj2tNs?nF~ zulkR+s9&s`HZ;50XHPYlN6i|jG!%M~Z^C*l=^Venz=qA}t|(irzpU_%PGw++{e*Ll z3<0g3R=aLFQhi8=7gfK;^=f$OaE4NLmW2c-e}YvV87$va=obvwtYCYuEd{(o?fsCb z%~Y;!cx`6ciMOqTQ)f4Ed~BwAR<#m}FNx+{VNeAAWM6TnqO!@a$l6=Oh0nHpQ*Hel zZgGW=-vDAJQ8_wI%Tx$?NbqmX)@u-HTMTI(Yxf?9)=Q6@M$j)d%(RkkTyur zNE;7(kRleH-RBs)WG;qi0--?6yA6xNe4Px?Y_u zGFC!HzufV8nd;b#AnuYL`}oDW70EgbjS2tUlw=XReP9s7Beh?gi6wc)JW%@sw&2ZT zSeHonZV|qGK(k%bHD2M?-b>k zv4_qwLKU1BMb6lb`@h(P3IbXIMo-y|#1cSVQ3^1v#q)v+*R@p20t>uh!$&z`? zr{LkE(|k>L$SNz;H~4v}ze^Oa6ii7|J>8nx85f6v$OZ5EIqpx!Yc}v8hyUo`C-;6c zRo#RR{Utb>M~z+nOV=I}&(BjT{i}~uwunZ2F|(p;&mcdNO1q_CLOhLFl*l|xp}YRk zpxT`wvIUBiDB$*qjD*OaadhLi#aiyNq%779=_X~i95nQ$0hv>@>?93x=IKdiX{4g8 z(ovuCabL&J>It#B)PZhI7k97ZbDI{aDBQ64nS|}(gyhAJ&8WOjb~8em-tg3J>8?y~ zr_NY?^g`K=@Yzc7WwPwwS!n_he_m{7BDHuPW4)*Fj0?jYRE*PV60bhCd>Z@fG{Lz+ zPEZF6rIml7$Yy%AHq3Q!um}&MRT4KcZap}9tG`$LW!zU6WfR>eDn0Q~oL9~moud*e zpGbxbSqgY*92Q$BhF-tH9{yOu;;&OTwtPOzP{g;CR!oV{rvm8wqU}k$VhvYuDQeqA z=tT9zBn3u@V{GI1?HV|9G&m+?NM8L+WO8u()kTY6hZPV|jyZlK#7WeDi zYz`%t1Kz7x{>9lShOFsPRfL+yy}!3L))iHZrS7`mfR9uY;j;9Z;gsn>s2gfZ-%EpU z87XL{0n&DaiOJQ8OOt_wZ(DiP)r8yn)nZ07^^510=1H;^8rhSReub|{Pei(cb(4Qu zS1YM4C!vM~*%lX}8G$)h3O_tsmBray!pSPHFCAoH$T+Nz!d;+SasxjcGvQ@!KD z3S7!SE6yUwHc5Mnt;>R#4Vs%dS9b^V@eC`&88w=3Ueowkc1=j&(1 zJ%+#1rCUhm!k^3K;!PD|mgLJNB!6hJ84fkZxB2-Lf;L3<{n3MEGSx`%t=rIuQI!SP z)Gt$uX4F{$rA4XEjE90xr8XQQ*11rckrMhUS)>Ih&T$6Dm!1uZL@u~ptC!UQIdPVf zU-)#YN0uSP>MFhR!;=jn1oPa3w)5e~LXsLqsfgB!_JMJasXPkL*0Rdo7N+>16VLAj zW<40bpxb6VucQs{OaA<34Yqghh`l(LkX zO?Z%tYaQ%_YvGYqj2q}%?ANF{Rc)r8b`%m9eJi5 zRT~nh$tff|&oTax2&az=cFV+nrU~Ay+^%k~niyEKSX7J!sBF$Ztyv&Zm$Ox`XN1S4xLM{aS*~i0w!?pkYB>Uw}BbsU1i>rifB!5ABt_60dFm}yPQuhG)BkyYO2BCZ5&$;;gyj%!< zPN3u-QsjUKk=d7p*3KgRmDk6-yvpbvw52hzsyfW?a`8I}F@^V1ZJR|50S8;>%+kSc zI9b=+Pe5{vh@5Ycduc`IpLH298t!LGHsu|xM;m}K;#5D3juRZ=TIJB%T@Wlnt*EU04#gD zb`rN|8(ynWWNx@Lb99pi23wp#)obF)vYRECks5iOyN0mq1fLlP5amCPD*yrdoeOyv zlg@x8V1(z0g$HFPgG5^Oo2D+yco&jOT2-06ObaQw{xwSsCku)V8&L5S^!8PRrYG<} zZhXB(-N{`S3*>zZVle4jR$S~9_$)dOBXb*Ku|_qVLOPt~)QJ8Fgi@)jETnL3F7ALx z0%+3k;-_A1#(C;fiqKnhnO0eHq_d+iI>FDnK}^?WL+_tmG?;Q&bsdy!_JCTw_Afv{ zHR7hEKx%VU#_3!F)#j#n7^l4_$zF}B+>}z*z6O_oSCs62jGc=Y^ui*9r1D4;lhiw7 zgigAwHiKU=Kb)wg$&>odTI|cxVRH~+@oe`V(m2PMQ^ay)k-pc{X~5uuP1+CLI)r>r z0C{fjoR#y}iexC4Z(Z@a(ZmUQJgw#u(eYAhQtX2B_Qp{AF>;Ja561A%3_eU{tK=(N z*T}%tv zS=v4!?iZLnEHOj_wri_U12jW#qQi$d6Qn z(%}i;HzVu|zva-HD*qHzFU27D;3D-KPQRcO1*=M?JRy~@ zJXu&>OPD0nG)@?d|Lqe$<-h;0t3M}aAV#AFs()VnCk8XO^xq$H{`cSfFBbybmj6ud zp6>pA29vpzn5F4J!%C3&lfEFJnnW;!2dSaaQvZQcb@CWEX;h(HuTf1-@U0RCq=7t| zM3NxCXD&LrV>hPna;~??3UyE7cTs-DaacKDH0G#JayK$96!X!1w&E- zjQ_6lPmv-xE6qPikZF>zDI)v=Xi^M%`f@HjPGJjS=NGz3p1115B1S&RRZMw$KiFPE zk-S6&LFlc)_d-Z4{X`Y)_16orF9h)EXlVcs1ApiTuREA3X2sI5w7|)|fb*G7@?B?$B1cm_-q+FEuV!lHth3nxZ=?8G#@dIs~aW~w8fmT>A^M_lDam6 zGS?H)H)r;%4BvM!i+0)Vr($6tZMZWg_&`jo%t6XI|7uH4H$OO=BOR<>g{Wvn2?$4g#4+ zpuLvZ#}_JHTymU~4{=&BgIG6!Y&k*sEj=r?oBY9J{Ap}lf=j(3eD_aj`CkET97`p- z`6%rGF`t9U$tbO1uU7)|M{OoDcr0`BTrPd9vGx{h@UwSg@V%Jm=M7(%ta@!R$uvD5 z!gr8sk@=63)7eBcJrcDg987lD9Hc*i5kb~aGE0w4ZJjslH;&fEMBR9`i``&k5%DeT zKQ_R<(kwLX*UcHHyCNYvl!&hZL0$@fcr25Ur;n3x|1ywEAYlQ#=f1YrfZ6h zs;~|(oef}x3MLptV@PCcNQ9nUEos9k@^yFSnOTk6W|I`RLdRY74;J??{_bBHkqE8y zhPdmm^U4Zn6e^aO(B$?ZZl5)|s&iEMm$6DFW$-K#*aYb$_*6|){Sy>RUvz1k77-|O zB9;}r1sz4IxxB!|ldr_@@PgaBd5FdzJ&HQv7p^>~qpLc;vxO$t$%K#?k>*;K)fS)N zqb=0)l#%7{d4_m@L0~pSrnBM7uEL6%SDy}RS2hmCx@OW6s$Bloceh$2az`iQ+zP{d z&Nr4duNWLPoX{pLHzu2-xMUSEI+qFg4L9+cTunuQKBAx(e;FU~OOE-Q1Towl)s{y; zRjB)5Z`9#LTV#xUZ+6y9aRBk%(Y8^#h>-n(q3UnAm4Bl9UUA@q*ta~XD6}4E0hK>S zcE*iED|f-ktPByvEmjQV(Ydm$ zNYFh9dQ*kTyybs*pJOYQh4I=p2=Mi}%TepNNLqRw=42Q5BBI}wM)EP4IN@6jg$-P8gtoNO66E@;u?sMCJ7WjFLO%`-uBHcrK&iUdu; z4n1Lssyht>4$)FV=2PwcXL!9xJM4YDSZ(~?JDFG@3V&+BWRh6W*Y5av`ZoW^pnZ<4 zy&qjdN!mR+k5Be{7_viU7P z4lJ&kQ&I*SVqQ7iV~J&^gztWa&{V=2fpVV)Aac{)P1T~~3hXe7?z?u*O@YI97p}0M z=_uV?s!jfI6t?y*l+e<&D#Knxz5z=a%N)Y+bvUEFv|$5i-~QP5`Afs@|HIc`M@9L) z;iE7iDy?)QT|*8aLn9^KjWmO#zyQ*SGz{G>Al;0VbT>mugY-yAcX;NjpWnOQbJjZN zKX{lm#eVj_@9Vz8U@yVUoaUp%8pQUt>|>K#$)%E(x|iB*xUc+H&k2}6t0=5o4`j2+ zXs={b-j}0NoH*4SaKGBQ^y$mp`zU1p_$UV*C9Ja-rR;LO^nqJN&%0B2@**1+GQy|I zufMo4A8S-!$3Du@6;{}unLJ%_+f?gqY2p8k^$A=04@%C0rRC4Tnz=n^1cO#{KX3iy zrTP8=XH{o<_(!*nWfGVOKZ#3qtk|6{V8%j*QS#?)6sIK}F&U9iF_-BzrRa7G^^Qw+ z<3ZG4Mq0@lEX%CL)jA$weEc?yP3dO>(%6cg9^vAapZIIOm8Q16zSKF&W z9^a^fq-P{9q5Lhd0bRz}y^DS_5V1)9@dh_Bb$`RBGc4D$)8durC?(ogqi5R^iQC_C zTWBr(t&5Y8#?+q;kip&);b-T+yin3oBKQ1mdnNO;Ga*CS$u5yi&m zNQW*Z{c$q-eqlrvB><#I7dy(A$!_4!;wR&8VKL_Xmf|cn!7QWb zBC?LWW|K?f&1>=a(@6gH|Afa#`gMXX;pS6MCZ41N1PK1`V~g9iIS5XoAQunWcz@qV zzGkNGWnQ@GZY)Z;F5z%}!F6!QX@q#6JJDB_6g6?CV9(wGz_jw$BjmOq#L{OpD;FAj zZ>-k8e`@x1oKj-_6vyF0E^$HoIqS1ODD+6*Up(G0(zESXU2we65Th&p2K)QWSrJ?x-1rCr=DXM{5ORL{MGhn9dk1DF_ z9XhbV!1(vM{uT7u$utc{%C_fApT=|CU^nW{bGGdj6>YR;8bS036 zw;8-ims2G7o?gS*#Avc`{f=fc3*<;w4$mfd$~Ip?s0zP{m$Ny%eHY5~jRV^!0USQc zXJmTu2L(3zmvL1mx?{KhUPbovf!Nl1pThv!@_FAAfvHIdiB*G+dI!z|&w$7?n-K2@ zD%~Tms^2clUZwSzE-eHCCzLE-36+S|r;}#|E;Uk9OM4c0YO)i5=n(Vn-3Z!nd63OE zF4c6QMppNct4@U&N8(B$B$N-#L8BwapkFGmW?JTP>b0+2eK9b~r`zp!e&ag2?`a5o z*K#&AX)P%*EFpUJQ?)M9IP*5_vIfT2m1(aU#mXCNDogh0;I`@;?s$!3!8*y~QLbO9 zEBK^`ge-@`H`zy6t}+kRY8Wf)DG5e0tYx2`G;eI?r-*tTzz3)*w`pJoKTP-T$7%z62wtENk5xk+2aLc^D8Y(BPZWH7Q^o{V~Q#j5$F@ zK5Wm5Vn38uq%=9)l;XvvZV59NmZdgmE{}Xsm9RrMuE5Mr&Ooji8-`vr-UgA4KX>k$ zN7Iqnd)>56XH&5Xoz)~WX$a-=%$P9d&&CYqbuiP}ZJWwmvHsL< zYjm*EYpGW;(UvySNFnb;)ERz)s@OCZ8^cOFE0!Jw*U2@qGB|v1Bq(Xv5k{S^ChCy! z4o**xRqD3pMl>SpC37b}b4f|)Fj~uERU9&1OME9_;p-BRm;y)}?rdvKJ%42)*+{#O zjH)32Uy=WySph@GFzDX)f^DuG^63Q;SLZ>`mo`#^ z!IYW*Sx{yiu^`)JEqIAOf3fA~A&K!*T8=*`BINyoryMvb%$d9&!`219RDD~oaHnXi zSJ62ANOh~93ALZI5U4LYW9 z>mQVO%gnui7ofh63{*E?3fD`g)z`%gt|AqPmiG=sf9ITyRc3PsFSgYC{p5N4De=$X zRHCYOSE|^$T20)LtAhhSb~}IXFr{r7JYw8wvd9!OVlGCY=&3`?`5IUkML)7;gKbNP zKcWIp$qa-+c}P2->e?$wFp<7#F*c@#(v2SE59JIqY+SzJ7T$k`i^@TW&R_8$SvJyIMmP7o9DRYr3ZN2l2c+EXbc zI3zf6S$jSy&v&&gR8_&`u3bNVDlK94x6S;o9sVyuq__N8>gD$(E?t^%Y`N!> zq;ni7mUEkQy9rGA(Bgg`;HIdiOPuiybBZttZx(``cSI*%f>6XW?v#RrnN!WyTDc4K zq+RR@MsipcHgK(CL>zcz*Ft=L0{o_H-6iK*SPpVRXPo<*;-$qKODH0%%w>g5MmM2!q}@&PJl=*wlpHVsl9L5#@rYui zZ`OQA{^e6|gffi>EfBP>Z+eaj_C<<1d0!1~G9gn{H}&RQRlQVSCa4A|hi}y>i8?2B zZQAhQlV1?mG=~610amW)3Cv;g1fwn+HfG~qZ!1R94K}mGR+52F&IwMpFYzO?KNpdp zg1rD%5UBeIid2#=%QA-AlVeo4ucjvWg7oothQ$6;YU2rlCVqRom9blMF|ZmyZ@1D$UDzyjnrC- zt{qPuSuFrwqmg}qeR`UTUrv&ft~u!UjT=on^>pF3_WG2CSsVpm?f7886_89j{hovr z$pEC+H`Eu6DO0T42C9|i#iVyOj4?^{ z=m~?0>$>@zO>#ZDSvGbsO}*m2PC<}=flOq^-Z*fTiwA%EgTmkau8!emdReG2-+V+O z6EKkAYeOR`>Ny~$3dN(!x~$*K1;;(csL@y zOgxobLs>idFg{_BSMNgIhaym26b1jF%qvEZBCj0qyn;_ihRez+-oCV|!v+p4UQif} z2AY9FNk|Ga^)D!tv0r(?jURNFaB&7yaS+Zf3YMLB4MGf<;Nf0R)1s zX81;ex|Le$!5uas*Cg-4zJG*}eFcx(Q!i9U%u_p$@oLpw)a6J#3N~95%QKeO64Xgs zj|k}29SA2?e0bljAN78}3}Y~afv`-BlX}Tkcv3@2;OQJL?l(G|Q2B}fS;2Izh#;}~ z@PoWh1+Mu2n{#JW0%g?&HB4#aSR0Y+DC1^EzVf3Lg?zyH99E85+HUO+^YmqjW=CyS z2YqZ!^rZidxo-=Ls?e3SBD43oiqV+!U`hO!r`d^Ei|l^nez7j?b3)kG2G0l` zv2?kL@%ujXu~^nEI=G`;X3kTx_aYx2-xl0lE@5x0KAFQ;%=@gSBzdUBVLO97j*^u` zOR6Ji8p9|u@+l&+=nHeGw+b0VWo+F@3Nrsevb0Co$$JiA6M@SwXjA7QxM&pV;Ep!( z%glVN8&pweEvMJ}MteWf*`vv`(f-rp8*$n_h(s^_4i==Q8c>unIiS5$9<`v`ik(Iu znxXo!&V#R!lCAQaS(%Gk)UOk`AFJ_!n0Ye0ARONv-2Y|v%3M7L+}|2pTV-ziK1}_`0ej8GQ!-21dAdajB=)*E%S(4{d$Y)b z6vev)-Y*z z=q&WKaFcx=Kis|(Y1Hl9cYgZLaDfsK#c4j6!2Rxf(PHGy5d$TjL#7yBQ9YQ3ICAuH zquoNcNF|!=ZDyJ32fL|kFNflzY*>;of|FB;sT*tNV{@mowpNPPP4k&P zDz%8T6ysZ3Z+wx;a`06qyhbbAsO4NV+zU1@}lHO_8) zJ){ATvCvXW=c&PTXP756LDqq?>^1p^0GdVh1(7ALZ;*53rX;a+eP- ze3obC>##fT^^%YakI#Va6#xNR|L8hbd*n0U_bgxr6$-CZ!@%$Nmu(ZfvPqk76dmts zE2yR!A#5=T;N)@d)3{-8u7PrsaIWnBBG`$2?DGW8D?JA)_6v`EU_V)1MM7O~mY#og=cpy-z+E>*=NY)^;CL_PngR zxA5kKOlQ`3LHhF*xa66O07f-Np0Dw%DQC-VyowS5=}5XJuiXN;=`6VH)d*s?;UyBe za|x6ytshQGtOn^<+SUeE35yL09gW?&{sXyxrCS>3YwRN~%m1K!MhGk5=S2G3C-#Ne z`w8BWN5+DKtwnL%g)L%-7q-(0Mms8yGHE%!?ny5U_ zmmBi>KQ z;5bKkACV`g?icpthd9mcr!?v!x#Y^O&+aAI9hw)#oLM#t&fge7xGX=t7jqk&za^xR zH|5cB_`b~cqQB1*oD8=8$`;FQ}UJdQ}}f*1M*<}_bh!HloH zX7-QhUojZyU4>l9=W7$VNh|L9M2AbS&9|Lq(TlEJC$9Z%qsSUHmz9iIDGMPj?(kBR zjiU_92=g;ZMUT!qpFb$U0gL=TGszS0t0-U<<4p_lfwSTU2Zq0LiUIZG27K}{J+b#c z8~>gkkEOZ>fuULJu1yQSL>58DIJ)hjv?V_&+>`n3<|g@)$SuX$t1NV_j5wq@)1!#? zcbzD!y+dmL_32lz|N3-eA!V-jPoSV=27TMPw!HN0p#G|gjijstREF2jB03xf9dXZ% z-ALNAUW|9s76G&Tz{2ME*$WVahw%+kZ}rg{{{Q&Jx#7-S!KTVf6A5HYjSlm@5L(Li z6LKQ($~-7#5t$;hWLHp=U%jB9JWsLkXUWRB3`NbAXPwSbPRI{_wG3bQ7t=Lob{ciU zOk1ok6gLp!8j!usRsRPiOQL9%|Ar~Lf7EpI`W-Uv^TRnJR)_*JN87Vp>2HwYKZ^`L zqBz(rkcfw^oi6hHv7_Lx7mvR}v|?>`9hKIu zzE!`yLjPzEX1-G%-~G*3pHO(5UUq2uaa5ua{(q>^72X84^ZSXTj^_RTn)oCh zH3+Wx{p@}RfeMU6I(3KY^pjyv9SLN!UK93er2b&tVe{3EZS(20v!Dhyc8dv&y*}8K z0bjb&&=-3R&&Co@`I48G*rUzhvK~1AH%}3)+oWU(A*vX1U@&5DkF`FiN-1$D(OLBu zXA3Q`PUg+>a~BojG^_G{pBsEdi}9P#onM4sN0tmIXp@cD%>JEK+}5d_ci>Lc4y_pr z{Z3P#|2+<~Ea@cF0d$%rIE@S6hjJkA`kcsxE`$a6z_v$L6Xy_+&L2eo?gD_0xm&56wx{b1! zo^&cgQl4)`v4e4D&11j(or$w6P$~d=M3frYz|Yv6cssT5(TZLQfVy}=#0hEiie@oH zqsZZT46j5pqH5@+#q+LksRsw`M93zwV5pCS9IexAnMP1Z z1pBi7FTBX|OF>Om<1>|kT7Vq?b64t84NSBe&?~|-b?Go0`so5{q@4*gZk^?a5ZBJU zr{LJa4&Z+svvUVo?v!zWwlGG%<+{H_7M$9pHwBmu+bk41NkgC~0>G|#k%*7?j4u*I zbI*wHlXInHLw?-wp1DxxkXWgKcuz@O0+Hn4VOz_O?ckywYcs}a34bcxt@}bdnOC?1vj!;q@l(G zP}o8{iX@EVwv-|bV2|CpPCQz;0p=0UCg4ng1OTkjWaNaS>(01{DQgfJcJxKCcGm*` zP_BKhG-IE{U~U0AM$Er<@$r+huGJIR3#5l$oS~{`4fS~Q?s+$yEt%8D;4|TEK6?)N zgAh_6M;9(puu+Rr={IJ0F~>ubl9%hMJwUp;onh2pF#}(C`mfq(u&P7)9mrV~PtA~2 zTYkFOEueiVh;k8rQlP&(+wzMD4haVQoZ{o9*8C27{#Jc%;N+}&) zZg+H68v2~dhHhm^HupkgD>m2k%Ihcn%)Sd_mNmlH8A5Y7FlrHi+WKb4roEJ%gXwYau@?g_M4?}VUY|QI$yz52l*1xJ&Zm-#tydkb1`Ekr#nH9IWIBgy^Yy|WL*a4Jxv<>s`kWdAstRse!?k* zp2ZIzu;x<5LeD8OBa$J3CLW$Pwt3THiJ4A$X+`~_20m$IJ}wgcBCN%;KCCfNI zNQ{Dlj2AaQ!Flr>-h?c*J-EAPE;)n|x3fGg3nD6bq&(^mA$X=htroGy zJ4?&J$0fgbdcu4}n>8eYZCdJNv_*uWka~?Ru9Fg0SjF|HWBs|;uc>|!E)7TQ*GXmm zqF61>P>%MtomMF-G@pC*s50Tf@)EOzF;lonCzRcwwJRC|l!bVref7T4+k-2bh}mXW zXR|{Rd5ZM6P7c9uHn#1FhN_i&&=`9N<}+HkO?pK4;mkvtZF)em&xH7Ho2Z+)G;oWM zO0R9_4HIEr#YD!wifk+}Z#9?}XZNZ!tC;4su@v;p=v2u`QnksH!_@f40~LFiU4?I^ zz)I`+%I_QzHN%S6d`cN;Ll2N(XO9(TZTTv?jrD%8vJm42dRM7QL-%^8(MWO#`~+i# zA4%Q^T&C22x-CA2nALVZj{NNd*LXS&t!C|33AJ0KdmKM^)^|=&Bty$ihC^GQF6OK0BgIvs~IJ=_l(t&v* zEO}v8t8afBqE^Iv|5nh{dF{|w)(^+s0hpM)C$O~6lm6zc;jA4WsawD+ub4`Cn10^7 zCF_oJ6$aGK5iI3dI8?U>H`2s@6Jy}jaU;QtELG5+8*KHhcvzlodik~%GiLx@i*DWB zz*#TylI$a^GZo|UC@o{1BfmS$GKrc>kna0YT<&7d*5`=Q3fl^n7K zg0GSwe8ppI^*c|=EwffNUNE3n47q4*vMT%C*SV&*3e9>~ZUIPO*@ZDTn$q7yO58@gX{KdNofY?7M`K6V5z+1$n_211wppnX;w%uDI z>};v_LrlK|Zd2cRn-<-n3F-7pbfhic%c+#S??m|=E`omBBr`ATov?)jYtG1W7KW%*!$sDK7INTY+3f;zEe-d}OXp|TkeA~Se zZqxOKfYtX-#Or9G4#2ISlZXNHyI=(?~s19=vTOZ z-{u^(*X{XGihMSti=OK9;xcl0{frzCPpi6dxSvBTpYDZp!$!J;y^KeibtCP!ce4Q2HM1$AJ(U=dE)WpTbOdE#URtW(Vd&LELoc(07Nd+ zEgt;5*gUnM_viAzGI$zi;eTn-*8$W^l*Bo=Ym%kqkzR-luAz&~;I|b@_mZYJb`p!) zrRm~ky6UCGX?_@{uvNqO(u_peU4ePZ%+SW9_l?jxmVwlQ40^+jApL9Z-slyB?W3Bn9 z#i34Rx87f?u4q6cR}%G37zoQ^_NYZw*(!}lvQKE?X>&5eG(S9dw)CFLcv0YEKo=$E zaSm?yLcCvUfruE#=u@I8an&__U2$vUc8}xE9hnMEu;N+kC!5!; zsW-Uq0!G_4ltmR0kf_sxYnmiGVD2W6=te9tU=>=kDn9j;5twpjV5ROM*r;i_1qmp+Mdm1`S4@2`L?O=pfJV6 zNi7x&@Ati#J-R|{r@9}{_Z^rXh-S+oo&yixN_hepM7-&N@2*NsT(jM` z(Dz31<}~@_YGT_@2ZPhZtN<6JPlajdsT^bLYaJlVI?rli*!y)U24!n(gh}K`Agwx4 zb@=%}&10FuHzDky>Rmq7Fu&Sichbp`Vb~>}NW_T1>r1A8tAoGH@>?(xk2}1f_{8ov znp&uKQIvLEt55%ahmrIIGhiEfKK}D!tAWvtEtL-P#99W(4>IEVssfO8Tkwc8*5S-~ zx9+Pw-DN$$%B19#1-F}{8OAn8-IP$@l-AZG8+mv`fjFGUi+wZQg8^?K->!37uL5`8 zlCd&WE&}%R#CJ9zux{Yqj&yS_LBF>$_8rC_lvvW+_vc>wHB&YWgT1V-Bl8K}XOly4 zECaU~vEeQsT%L$SCNSr`{%)kto|Ajl5B1I%%Y(p369Y889PWm}p|46?2ES)V{c+{C zWIQPFFPpP5-c_b0LLS^l-*Cwh3Vs(YkmyB5z$K$G)sM?YMo4d~`ttF-h;fK`rn-M$ zJ)iQwqB%f^XXec;R=T@`Mh%<>d?GNB@S1-`dP(YRA)soh%%UliO))YxmDgIxhodl9 zHi7w_5pl1PCJ7D?{KYI&bbCWK$?P!%ca%EhOBFf}Pf9HSnLXS;by=D^+bKvMo1Bd# z_hX&0QfpJ*BFd{O%dZYjRIgMOs)7;YM-q+lHG3wT=7jiZ?W648y5Za3io+egn&{3b z`)P}C*QJKV-TOwF3m1wdfpOZO0_*=AVO+ejk1}V5F7$ zlT>tU!=aE7U_fGsGTz+(&QVo=>O>wj6kQB2SEwpW6Zy0~_*jk?wZ7S7QkfYRvy>{z z0yGq(Y;)S%wV~tYzq|6kzZ`9D_E{dt<$Wh)TK9<8-G%G^DdcX(B1LF%FH2kFj^H1* z=B1-URH1#S_$KOeE;uuOLKG9J*Sn$mv=Hhd!18X3H_&k;--KYrb%2g>laVbvFG02= zrW4!UQ_iW-?WW;5Ee&`eN5(zzximN8IC6Hti6D9J$HMY+)S%hSOkXpPfbXM!hpe9g znDOM&a@OTTSW8IvKHuO~f5~l@oKpiC?Y#Q#b07X`;jYH96tQb77cnK{ifokyjmUEO zsFBDWMI(nau@JJtO>NoN4Gj*UdvfHVp0zGvhb_)Pg?PHH5B;%X>c{M&el&HkVS*VRhAp)w8o{1y;3kbaPg9ZLuGE0E)x!qC+udG9j?jEY1vNG9g*Jrh1WMl=(HZTnRQbKPSsWoYIKcY;| z@?}gUCfljGBczn3`hw*r`3EI{^=|RN%Sv(Vdz*)<$L`4O-r(SOM4pO2pMcV5PUu6` ztln0!Z4)ne`m*isMmUQ#Ea$uAb>@f|Ys?i~{XajZ9K?KOy?3}_Kn&4}zr8t?hbM^p z#-DA)<}&*J-!5vHgN#S;+5e#IR~8`;s`df_+QXo~+{T}}f47Eze!16y_+;je8#C?S z@ZX=qNke#u>Myw)aSm}b)Sts>^MI)7carfTu}HcjfJfX=Mz$xWFzI}o?T}91Lnvqb zM)Iv;mUX(ECuB=D0*B7_sFQ_}C1z?3-zCGxQwu>R^MH>z?h_v!a*Cd z4@eU$+V(|q-iOEyv)cQ3{dj|~1b)t(Zih*+-UMlOF(z+2n8t!M>Jod%LE%EnAfqhY z9X8XClQ;+Z6V%r>5Gs4Bj}^sO=w!_JAq<~w-G1x(7|Q=ap{pk7r^=U+A9_WCSe)yaF$JX!6Dxdp z9_$J5<}#vqXf50;KA-^-{iN4>CpX-;I<bQ77#+Yih^da!wAxgis3AVuC3WY2ez z7vKOnaPcnEtWDVxbgRIo5z>Xc?OTR|X{?ZTZbe9OzG#(ePSU4D2UT!+HW2xIkUONx z2CjTj_)G-(s*I`Qd}A3j6E8np?zm*R22%i$*QB&$23cAzRsJ2^y%tf!n*Lw3y^=!( z6&^qO`23I7)uh*uM&v3vZML*_Erx`NKc4TTb@8Y0N%Sn2`rA$zl<=6@g_Pj|Zxr5% z#`G%&4Lvy=LMd+~+Na1%e%IbF(QtHsNUD|`y^t|HQ}Q`$I)zS|Gv8$4+=0)0uQo;L zt3kOraoMGF5wpK+peqyDrTleVH95U^D|BC$iiXI2jNsX(GBNukc)X)pu1@Y8U(CCrnXq8@AJ~-#0`G59 zTbAW)QAKNAUw`@e%_gq#i|3-{-4=e_c5G&xK*Y=ieg4h_LBNZ;d{}(o`h?b7JGU8i zmQt{?w#EK0|DMd08PEDAqqQ*xaCJ2jDCYi80(3DuMab*pl?qRn7q_PF;ESPI1v_7! zk;QDIN5>4gs{lpSZbBg28WRnPslWzRmoqHHC`Z~7qo;^MFRU&VbfXOs0l`KcSq8*) zs23IsM5(`S!V^-fJTws!TvaCbT9PD^b<5O(lNrV;woj=Jo*7>rL*j=({l=CVT|3Wf z*zJk4(h+IEE=n>lOT%#_>lk5tSqU|uZ{QB?C$Fz?QUU>@$b^itTG92XkcxZ|fKn?a zl57^14yi-(h+|OWUJ3;3KM2j%HzVS+r7BU4$lA@JUA3Xz%;fldS2kpjns%h+4*6Od zxO;>=4w1dm2AL)w7kVP8Y)PhKZv;Y)Qj4|H6mX_ zbW!JWvNcWs@hiSp>|NFpr);Q3&x#>LG$db1*bLJ{Sox9xz(~?f-u|~p(=HH*@EF(_ z@sc4+*QzfpDWPlqYbQj+B~Xcv-BhR2YTVP{XA%rUQPg0)R0-oN99!PC6>xM6Yn_bO zgPsgL_mstuJSNkD|@Xj%YoMD1pG0ivo{n|-B)>^fmbbT7IS_QCKq$dIB2W(Y47(`Ig`nU%cpyTu) zwL{9km@5NAGDp3(7dr7|*12U%Zw;9uln-mry({ueT6$D|o0)_s=shCw9Eah2tp+=p z1T)dY3p&uJgxZ9zo;yk2PgO@{2tqoJ(-4?>>BJB3&|4v6ko#7H>atPSoD<&D>M;d(8ok?84>1sIVN}4Zp+@$a zn?WHTB>Mc7M2gztzri{x1DBFWDVW6rY%z$=AqpUo=_o=<7d|P8Gch0C5q@2rFraws z2h8Pu0gTErzrC%Lv%GAxN^wrH=*TB>vj35kyTn|!826wPPXA*Tlxp-2Q<;lfpK^mlFGDui&MMCr<-8b9J$aV_PsKOw%;BX<>gGpqu~F zOylbC@^(F7))R$AMZPj^_`1*yKOL;@>hgL)SYbdfe^#`rT0@R>EDl`rD=RRp9qr14 z6QEVT)Pm^^3~^-m<-HJ#In!*XblKLNZ5<~zJvcvU;MQx-NB0XNTAM^ro>nLj9zkOk$B-iqe03GK}v z6DX(ng`_DBh#EgQS&b&-9BD;8);W!{^sk$hU-`$g_IGW{FqED4# z5%k2kvu6d~d5=VjLJV#TE?xfKX+M+&j`b~S3$L@?kpSdj)_V0o>VdItduj)FRhada z=5|VVw<)1DoBGn*j-`TmYd7AcIax9YZjlH!2BZy^-d02~qhD@g!p23d#!vhs0VJ{n z+CChAT85FNxhDkrrQP%^piM7?sPY9|3(=$RXalrn6bGMUD2oa#|x@v*Ti zFPzUGevj5(r%N`{YqWlQO;l2 z^UTjngJ;OLE}8X1h03^n))Jc~Yh74iZ75YAcURS3iUZIRHI&R64=k2?yUP0MdsEL2a4TJ~Ejxu3GW1ReLm=HJ`Wc1MM~6sbAdkUF58T7i}@*F4)GrfB1` zFYIG1)!yq?-7@6^b0k0S%r<$hQ>FHK%fj2T6P%)|vb>yBEShP|&yx7$W}2jxlfv8q?u8<^3PJl_72)&hh&jg0L6&D{=7Lt`a`Zj~2@Vzc z!^dN;&Rh08O3G3j7c;h2`_lGOBs&X9MS@Q@(-O=Q+*t=Qm@1~fz4iWTK4W8u-4OAr-H9mSXoKn44e5XfLeP9vu^S>sw?YDVm{}i^-?zBqGCo^ zM52oo8Ws9^%;P2o)@2f%!DC}NX8OOU&yR&zoX?-Dw}Y;QCS@Lz^{|_d@G0)8wAE7q zhXh3g1UAftLQ&Rle<g94RX>!^Fvo9t1_3U@@Gn{aSmx}kL zkB5rwQm7tj?}<6M3}k2P$A3Tm|K9V~bp4i@d790o$xy3igQ0f)kQRof_N2^_zxx^I zrOn;R=~Up!>sG6hlyqAUf-oUu(#wwUvC(r=N^(vPJ?2PxRX(*1neMv^IdI7nXgZVP zGqq%8ip6mdVuU2P9uZM8qG%{P*CS)2eDmf+0QAPXa2_KQKV#QLqeW}JTFUBeVAa4t zI&DuZckZk=i7JHn4+@9*Q!A-4NtWK#^AV+*^wo`8YszBr%_39EvhHLkl5+~(C@lOE zL7@W|Va;#)3EWrvbjGBw%UI5qX{th~#8$g!@NN8KP`1c)jJMzkP<;*gVWjY1gY9^( z@&=hl6vOzYgI&E&`&2+8e1=Ag!LqsoZa zM5kvd_^o8Z&)kCP>P4;a!O}+)04ydA>UL!)f1sGp{lz@Qex@M_eSyWzt2&-mLG&}_ zXDz0A$C)2XHE0&kjWRAGFs7>sK<*NgOOh$YKzF6PyKh;iNJXUS1(TfN{Z|FO+mil~ zvZ;#F-Ot_J5(2cP+-($X?LO&+YfMd;{2Zw~u5%Oq9GMXJXm)e<44x+L+jX{0z4@WG z_9I1)JqTH1>%gU-0VhKRlr_l6Y;xLYUP(idQ%)tNH07L-by%BphCa}R)u-uOeW?Cm z9BNIAQhm5;`c=M%bQ2+Er z0fT6W!lBJM{P>PMI;XuA?+v}~o~aniSMjPyk7y(d+0qPm#8&2Yk{Wcx`%rQoz~`x~F}FT?cx)U8r~W=zenuu>DIP zc+l)oGWg&EO1E!USZU3v(`7mc$ zhiFc|W?PXP_Ckz!qi}a~&a4AGIW?Vyn6!+Pgj7slm#PP%zNtoPnHmXT{#wS6nJ~Yb zEMS!^+$h-L_7GS2B@%Fkz3jBnpkjh<=4smS2jwHli%IF@Wr)B_MM@SFSNSY>`YKgQ z-}1Axu~CQTF4gnb$UGPH6EX7LAN9Nq2(x#2MslrOsu9&##H-8H6&YoLfgHT{C&ZLb zo9+Bb32g1O;Ojn2Iaq*MiR@d4X`q1ZhoSvHDE~h3nGS8!Rdw$eU$G-spw`}zDp7t^ z?b|38zWm=fl1FBir<&@(Qn|u?gDT#Emn^=I&7P!HwlInv%9WQ`KdS{oU;Roi$j;bO z*fM%nb75z+LNzpcM}BWy1!}F|how4%*tcWO{=$12#VhD*ljCjh1sV2pU6fHJO%`B8FpXhfU;5}MB;}V5`*Tnm9WSnOfq0t}Fb{UB zjj-eIRdDLY?!5nkYf<(joaO=tbIvSDpgS<{-CEV1cU ziGA;`oxCbMOGtLfFdfD{noIkFWKQX-<9+KpXZm|@GcMOfTc<{toHSGf#!huD-dHwZ zyPqBG5Sm*pV6&Xp8n61KOBBPL#mkm)(i+HY_}0d&Gp<;leo`mglOHnB#WbZ8#2rVQ zvp236(ocR{Hl;F;HCI|byAkl3mN1rY$T)5G)kN$jEpmGQ;qO8_kyH^^49d$78trfx zIwKT-zGDWV-I1lJj$SA|mMc&&$7NJVE*Ed6u{RJTMk{cNzUbGw()=v<#_9SoMvBc? z-8%X@?AVfiy?@ljuwTG!{Fh3lWmFnm`M!N1m%A1*a^Q7(N2BAYgMYaHw+OL2JU_Gd z{q`O>Z65h-gX=|(>&T;&GWn)-D_@lEmB!jpF)}+a2ErO-qxA#I|AO~pA@N%A&RC`H z4>Rd|P0lf41h^G}Bo;~&LahPZCfP9G<0GU{JoT1KDWy@R+)2(}G8G&J8w1MDtw+Q3 zS2rb-X%5JSq^ib=%TC>Q_Bk03A97u}&xC$%8Ov}K=se<|;Qt2x1&~UtkY*3N_H~a2 zMn98AB%cNE$l`X*XNqWsuV>^o6s(D4DH+cP$~@Wm0AeK$DCESlyX;bHSmQ);@swU_j?K=*HKCA$zk?Gxco_`lr0v9-Xitn{ODzvwNj>=W#$V+;wBH@D< z3dbTF*tPrZaKoy@o+a{F56Svm-2XJ)tClLq*kAS%rOW|85kTu+0BtkaSM4Di8l`9W z_6LP96W}?KN5T4)XUGy??>fjZM6{b|YQ#c+$lE-X&wh684@$&IJnC4@kD*8}Sds?v zUZEa#3H?nBNE?ynaH>+s`A*CineMuBVGvtb7V5;s=G&bfPoX8q#A;)ZG+a&EkDVwn zGxfOgk3nsp$G#JLVW$Tbv#9w{`nssgpnjxFNM}>I6RUp$)v#1z=r;{TiZ-vGK@z@* zFapS(9TGp>!*MaazikR%r?Q$$=>8rn=+$q%t@=zkN<}@t78A*rO`E~CsImwRQ#H3d zQ%Z$(g7mnb>p&@W)B(Q)XdDXoTcQ?g0IEGGOj+>?=Biu;0IjN{vSPZX%A36M1&L_$Grd8g-9~W;a}Pfe zY#3Cdn%3B|O8M>c-Y^hBzjzwjpkFYfXeWt$5HucZG(2H)lc=*_vWDuAtCK+V9PVOC zF9V`_oc;Gzdfz5o42A7Vw|Z@o)V_F(oO`IDHtyIHtm%Jm7JhaE;poM!MNseY{z76? z$x=6zLRa68$=`hz>I8V7*u=4Q2>n43Sn-X1AF6IaJ#@eXpJq>!?xoLaZth1reJp-f ze?K5Qn!o!x!t;HkN=M$;PG84ADEMe!P!EW5d?EqveiFr;5_{?a6Pg26B6_0p1X@VH z1WR(}Pk12H7qaO$v|F_IC4lJBmln$sNIOlsKPb1nFU?2qQ~c#<)FkRF{toM4ObAX< z*s#AGC@jW@>ldEcb5LFoAf5c>79^e-1noCo4y#$6fS|~Xkgui4M2vEIsa4nfEI}}2 zk(-@ltwoFiybNZHyI%0&tdDkCkNzGak;&+$@mgAJsP#PJ`Uw;{-LZ-u<)X~+B&m_1 znV>m6T#LsOiK@xy#u3O)^KtnELC;1^jK)eBs~?!rOcIPMv5QumJ)HKO5-u9|;6LkY zj_Rjbe#rw}^fG^(1BP71Ztmph=*V&qi^y+W+Qw_yHDJGx#SEhungz|m`Cx3_^~)NZ zqz3Hi^}guAMGBKS((J!zrE8|ybKmT!5Noiv88PITNKp`4ePOD~(N6N3TVwrhCdu8% z(x4p0FvpEC=4~Z}R9rsmzbISaNp_Ybtgy1vZciteLpw`ZPZ5m50tDzD+jHrw;}N^R#Nl_bT9q!0hJvN>7(Trgvol7!kc$k4SfT zl{c8lpT_H$f;myz-#Vj@OT7OtS?G+woadSl-n94g1K?plE(YSMWtEBH!xU2Te7B z@pSuIu3jk7z<*y%VqPpC0gWmX>%G=%f_k)V1CC(>GmdbH!;!_6>GaUGHGwIzQ zGd|nl;Jn4fX0GpAyiz^)6SET)Rd#T*NF`KIA<3GlI0%jKkIV@@d*#_Veky_83YAV7 zPF%NzO9H@OQhW1`)-CDP3l_fYe8EOBSXYs(gtSE&W~}mZnxb;j=Xt)v%L!gXc(Q4! zuRee2Omj@_y<5U5OUS_CglqTp?0A0NGVlL%*xzSmbbw>>f)a-&-N3he(Sl8Q5lZKr zsz%FjDiI@RjgI%#*E3PsWoYBhIPmi3hYwO7!e8VA&>p4&s{KB9^2y0~uRaviDMt12XSgXn8j^U?)Y2 z7@Kvvkff+^_wS=S&_l{tA2WR1l|57)GUxV29{2x?uCEMhWB=BrSc?}YXp6fxxU{&t zyE_zjDems>?h+_16n6;}4ess~2`%iK&EDtS|GCdS9~mYSW|;ZSde?d-5!&eoL)j#3 zJ+>lN=)`ETe+vGks23u7_mGR7W_wOcTjDLYu3vOEYJ;au8$+opAv>Q_8%2%eYcK1w z&U7c9`-Y^bTiz<)TdfG57q&cF#p*Pi8{>fg z3(Xubu2>@A1!Dbz`AvB1nNsy_98U_KB!1$gQIkb6f{puk^TFJcRAHRrW~QhK7-!kq z*6Chfab)$liU2~t;o1ZcYkDVL0f%y;nDl!tZ6x!Fi#57yz8Va}iiCNp>z&rOUv;YA zDG!aNovydi1P-9XfBVDs6J_uIEl#~NB9#?*>o2$ovyeAmMjuak271j00KG8l)-`&R zGr>HgukRcbjfN>`qCiRQkL@+?%FiH{#tf`6#I>+_Srn4zpU+J{1iplrMOq;ki zN!E8<$(o946vx7_8o@;Cr}%E170#`oRL;BPr{UkL299uydg(ucUF}MbsH!4(I;l9@ z+}Kin4p@8!{^V{n%Go%$p{N5VmWDa%cW4K0VD4oPFebiHR`YOtHIFQRh zoTVl+8diUuGv3mN#pN^`Ydh0G%c4T?>AHcWCodi}`^BQ^uDr5BpK&oM+H92iYT0?h z9q+Tf(C9SIw~v z%)5O9diuQu-unDetzQt<)zGk=+9l)UW*TsvSBROQwf6Yxh%1k0%%{S96x5S1W1Gyv zmxRPDwzJ5*$5yePlj+YSu`XJ=Q4G)pIW4f*;$=BXhyDzwKjIV|;#lbt<-P zpz6!_m~PNVHc{_D7Pg<53o z6ap8QUc;?Qvx{J>SV(l5y(a&{51^^w7CYU-<;{c0ljR`oIeFcn?4sVuQ`yV7cJS2) zD0*DeQXC{ICA zepdNAG5Avd#-o&P0%R9dhrGUv7l?Vzu8Em#Jbf6la5>DA^~kQUTZCCr)CZm^xVyd{ zxA(qYA@^$=E?{Z;_uD58e&jn?rN?o*F#C&Xez!>fMi#@U1s@JBld~q%bKa@ZcjJb1 z*YjB@%o|SYbyR!!f5zT^M^K;H>=3{?Eb~e5Mnfr|*ScXF*lLd7tW$la=9CwNY*Ay8 zUtgK3hXf~(-ZE}kn@ik0q|oYZwQynWt<_we{3W}UgU$R=62SiJ$qC3AzCRchhi z{}E~J^qYflSsdpVh;XM*o-b+VEr|$>I=<@p>wK1g;ECe6;6JeNlNepR+2}Ium3CW^ z)~$f*7;X~Xs}y=}z62A_XcDlHA#2ulo@|)BPqb}z?xbFZtM=XHiWp)3^>*ACjc}Tk z5CklL8P{PlFO%Twd%3V9m|IEiowIMIyN-=*MXl4L_K~gXVF0}m@uQ-hzW72S*$3jM zYylUEB=~n!c1ls7rR*7Run>e`09X|aehe2Tzc;j_*yfWWSt~S*w*m~G{nN&m?#Skm z9$BkJ=E8{$RT<^!+M`Hrmg(AsYp^cM8b_gGT=8zHO88Sx;DS;>L~OA?;G*LUC0v59 zYJ^!_k)KEbTv`_L!Z}hh#ieYX>9~z%MMJHN6Z>gmg^ac_Z1Ha1sL8QJna~`C>yOs! z^*_@MiNEIV*CJ=wpHh)z9$4~ZAmwtZq8`!(=()Sd-%eMhs*k5%R8RP`$a6V6%k9I| zCO@;BImGxU$~C-xuOUim5T)hi`^Fua3r#L6<|3Z7_JIO+aVz1!qdS zw6TIvC7of>b6%~&ktx91_RgSF!{mgv5&uuT%wQ8ZIef}^7#RrT7~22;^gIjpqcoYD zRbfLkG2|8)J;BHZo#twYxNLZxhLwJPSy$0p* z4rbp>AiDt2w*vLe_(shr#b7SSeoab_Cz`KzISo)l6Sh}`atC!kW zsh)M%XWsEKKd-(ZlI_2d;PvYxx$nF^iipmsb%9G_H5vJLnpCGmSemeESN<=!QAFgy z!~=vN-Q!mXnZB!D@ETsjA77pHFo#?IIU#SyL<;sk5$Mi#JY}`GL*)qDVX*X%9_RZ^ z_DtF16Yqr6aA{5$o`sCL4bI3qd^SUclTwtW+QwGt%r;mg@I87`r4*L9i{6MenF&mK zJm3k?6?uL5ECq#Y20VRzS%G>u(f1-!t|`1h5%Jz@)4IKH?GO-kC@DwHVMBUQL~KVE z1((39iC4%(<}ox$Q&QCXgn|)^QyZ0l2*KL(3)avD0;F2(Q7g)}M!s-z^w`L_@Id)= z7hYfI`0X<>MBd?aeS5CaMlk7kPSR_3c3M$wJ9clA-KBmj&i;`YZL08=SL+5`xd-ob z;4i?5%l$)gFlNANB!%_!zq6$OLUp0PKa5m?^pGMcL&f6EPe@O!vUF0nbkFJ2V`|f+ zTK`6MAE*SwHKv6lOv*LBg^g9ri&qb{NeOlae_$NdgrPbOysZC;>X5nqUsQ+xFRJT9 zI$-HBi8&ozjXn4*E{nL3DW#w1lt}x248-s^s?#w0AE<7>OqSl^BV6Ze_A0KszRK$W zMCXF!_dUbqvSiqU;VjLCS{?Gyo|KDmpDF?2{?Zd`krnHepbpv&=N$p@ASD{+(DfP1^v*!ctofv$VZUmH2D7 zEMdx4ABPSs`(KI?WjEty8@$7fUbD&@bWLarMLZ2N8suvN^*xx{zXSn(>xQDYl}@*z zHA|7ri!7O>?kp)mt#Y-;k?xmPGI%!&(B2cM&a9;U5WWXHKyy>b)i{+rIoa zR2zGNYO}DZu=RaaOOjp4%0YCvKtF4 zT6G0(8XCd{vW5{8Yr$)yry0q~VCy>z@Kfc>Jvcf&oP~l#S@5AF#lof8v(5zgIt(m^ z#NgV}kmaUTa4`fHl^U8lRgnCo*7a3YclN4fG|Q&f0CxulteBF9A|}z*<~|WCeSrTm zAU&F*++@qyF>ItF!_PTbrr>OXHO?h)xl->SSh(g*B!ngwgW~;A%wI>If6&OzT*% zb9{Zcp?dIhfj(IknI8a+t{p?>WQsN$NCeV^F#3>7_Ll6Y2$U_9(%i^dv}J@GH%s`^ zZ0-0?x+mm}8}~{vmkQpy5Ctf8r$>@RdQqdQhU;Z<`T z-u!}JO8LItR$jyGq1rra!UTF{rIL-77G9W@i@GDx<=&Okgq8!N?s-sa%)tr3+${NP zn-SK(;Gof^+#ZuDg8~xnS)(HECQ3QOav+Vsk<9|f!|b0^mt;8}a3so`>Gph&{v!IhwjNY2GHDKvu_V(THeMW$XYMVqd}E9~COeka{cV7ITgHlw|BxN0_skcP<3Y zFl*y1m~8w7$9|%&dfIHrd&sZYH#I@ za_3xs6wCLp8D4yHR5!aHG~{4{LfH6gUe2l~Ze`P${iz*F?Y@)tFibc{OWgvqS~@w_ z+99f)g4c~5kwyzG--4urc0){-aemtF6L{-y_XhN=B^$%Wb`aOM2Dv`&P+40fyXdx% z(yC8?!OfHY;+bEMH;D*+9(rjw?&t35IrLxl||qTtwLJ?K^tECEobNwbQJ;G7_4Y zH>t(dh%<(`56Mh&8fxG(Yam=Y#~)GH(du$TP93N7QHj?f5OUNE-^nP6k85h}ozC@K z5LWw8RVhZhlEP%s$_4q?3wjdJf*kc#PkPt6@!>x4|ORSL1n>eya#?TJZNE&QeNBX zs3PND*4M*T0O3~iMwhN;;2Y@}X*iDlKHF;Z4$RPoA+6E0 z5rI{FZHBJ3@~A$gB&{0*d3wJh<+O0%d7*|4D+0y5MvFZVdxZ*yohDvL+k$aLmWW92 z;y)3O%F`|c&7UY-f3W+=D380nfe4j z8xzl5HHo4+%Dv)R8hrr`vJ)l)pw%dvLJj^X{a-74`r@Me_nv;fT^X=(JaJ@{j2mL& z?iERez78v92gJkJGdl}~u^K)HPc$)zorIuL`%}9zl^H(%RR z)mxpNEsAQh04Z9WMp6x@YMEpQ_I*e#acY;KNm4uDx~%(&-e+cWxjUJcvX<8V7>&{0 ze#ZRrC^g`iz(lF|Lgj?3taxuZ(FJCuHXqlXvkhAy_OGsaOM8Sc_>_qAi8lLWa<+8W z{iK>>n=KRJ4NE?xERW_bAL+%`DbkLf7JXz@YkF!AJh0WJUwYeY+m3}K)R2gQCv|Gk zd!-M{pJmUzT+Ycm2PKyWh?#1krzI3FhbH5LbL%@Sc2I4$AYUn@1beS^A45%Z2M50G ze^R#A?6%zu=%)=o(X!5k+A`+Y?{%9XU~p^5maJw?3Mv$f09g?tl0Y=1@#+%zWpN=> zZYLcVlV>639su#XcQ78l-fQ!5dueyx=RNzSi4W9t+qwvKgRV*X1KSE!Md!Qsvh9k~ zZ-A4C`PD_zrZcEVs#-Cb5lC8F6+rC$JR|wjY(vTC(U&UrvFPlRUtA}Y#QU22X4m0h zWCfhmUO@Gk%zzb+65;;jpxa335qhx*4*21Fd$ZAy|K#_-ZzS%wxw5q5qU407t3_q* zT&QWMJhi0paR#O9;O1T@ z4llc)@YAA99!w##CszjZFp-h?4RZS-!D#ZG55~@>mwYIVVgvbb2hSD_yznAKjQQ8d zb#mKQxTFkThBVK%8r!VMzVcU)g54Vv3}G6w-c(F-<36Gr?74jTdtTf~u;L>AdjoY-tV?2!KI!4~zl)D>) zIK1n!&H??fw{gvtd#mRwhS`&%vpb#>?z9qu$*3ntL#0w8lK{r8M z7L3nTQjMeZ$Z9mWo13+Sn4mhKQgXaEy%)M$8lL>oL(^z}AF@nec#{&R`CGyHX3&a%A1Ys)cwk3JMhG;@qloQb`R!DVE|Gbob2wZKs} zR)swf+PTJxsMVh_q*Jarm?kfsE;n$?xL#Ou$^v!<1tZmt=4^`+H*`Y!!JuU86ye|9wj#cR2Y#Kwg^wv>)LRW@-K-=^|^4 zEv#UXv{Gz&M}#_XvMx9QxoawA+)Dh!W2s*$`$C5;@r(H!5mL5CE$=r${8v@Xdren3Gt{^Yu3{b#E{Wf^wy^&# zNOw|Hno@M?eH8;dIJcdo`E^Hf;!h{jRp23_-(g<5xLy(-;Md+)*&t~PHkGZ$N%OE{>C`t_FkLE>w?dzmW2vo z6bRc3=h*SH6_1f4s9o_pR>|ENEiaHLML5v9sXx9BX=-%_zkiS%lYlhG&M2^!M5s-Y z(gIk04n-ky5U|A`S^yJJFe#fXCBc-dB4ts0`yRNTP8_R~KN&`OZq#BI$D^7C&Ds&u z4$s2Qg2?PguU|RL18Mu&^|WE-hOU(wTUh43`?G~wt;(O=T#>oI;Qp~Rx=~>~DNfr` z_(^T#p0Wi9=oII|AxO2GGtPA0UaTx%BfOWksQ=~$P6?sXw#&$8rSaLI*nz2*8h|n( ztHtIJzvv9XfnG&So7$}C)O<*#|GECs_-4=8nK1%>eJ@J<$Jl^P{$~Gyy6fs$^6(P&V;!4{^%N!x}-@~Mo275kp6aCp4vV?V2Tpqv71e;#x@@O?NknAyCNg(WIIb#>F~F-E>pWN=rz<$pzMcao;@NQdbne z$ElegzxyTIl#wwUKhVRcYJ3tVo$k8xZ5nzRcFynZg+>uoVA!URnGUqlORCxVej{$o z1>-=Aw7k^$&=6)c^h}>+WLta>4xx0GBD29BU^r*jmpwC0!j_8OUCj00%sPGJrQ^g9 zmE6?fDvQyI{Kuw1Zr1$tZv&5{i>tU}Zhyh`nU$0jyeo9#fIF!Lp&`RrQ(nZDh87lX_Q980a(? z&@Re`DE0%=L$3KOmcWiG%O*Qloh*@D(Veb5&BCo0_#<(VmGxdt?j2ZCRDXZJXhPzr zcxF^P*9b%IX>=v82DRV(FE6INh@IWzes+EzSditNz|Qc7N5_eayEh{;`K4m!h{Iwq zOVSwxAa=p$V<<%v-(r{ukWz&Exa*OD(eB@%5wOZr5WVmbM)EYIj)|!|m~t zgBiSka=4#ZJtfVlfH2|T0lA2rEFnPTW(+LyP9W#~bRmcJsHoadl#`zq*ITm$M3eyH zA4)rSz+YvqJBx!}y8`t`c*qZRzG8}}OS3=(EpIPF9(fZ+=P+b<{oKRGXv zaHrU6yshCbSJ>omWx=HljqIHi#%M>c5Xkd}m?lnTFW=x%&?;v!@J<=Thx4AZVLFfD zE^B|XB2`47V}FIF@@F??7}FKo$)f^=b&d|XNybVT;kwBi)9iPb9p+oNOeZA9IjL~u zk7cj8n@rM@<>0M{-lB}|h*Z#OXYM-5--4?YO=$#Pzy2~&gLTLvZnh~xr7rg<2s5K# zs;m{HM7c6`?rm@X@uerliRcORvfd96dCezkkSpJ8x%?WiH36@JfpAIUS4MDRh-f1Dw8FCLIztMplLZ2Zp__?@}F z9C8qIMQ#YfDty8_66PWHA6kC~KErc;7Ozdqx;7qG_cB?0g1wLan{X#aW$!`dVQOsr zG1>GBI?j(Td{i!@thzo0N|z6W_<}=0*X^WljPhxT0R@pIS;O*E$)0p^;H(iKTPpQ5xHQEwp3?6} z1zd=5yiCPm*xr=-0L*U8_T^8x(fVAGqqkS0kQ+mxJYNs7s1N(Kq-!k`J3pRLqo$l` z&&H)tH`@LXJ-qp|zXG!VeI$#VPYgJ4r_sPO(^9y8CV5;D$4D1HZYVG0LJDb}JST1! z)}Lyj$v>LQH%Q-Kw=Gb7pLAi^{>cYvKbX6qS_GEO<3#%X0GMM3g!C>Y)A4hYRFqqE ziCCo)tO+f6Bhb?MfME?^Swyw!UzCEQlRX({$Gc2EeP?|Y_^?ZYRIGoNlxto8)|;pttzG!}5-V+M5?aYzsuIl~e)m`0;Irfh&0PEfsVVrzVs3vI<4 zx$b}eoANK2_a*X$j=h>H3VP`2uUi9;9VPH4^4`ea-6);vUZ}?yM;^GEm9u;HK>ux&(qP;PrQlt9zOfVztQmD}dG*VnW|SE;D6 zJfnt;_%3zMwE#joWc>XGbwTC(;={KUaCYgBY#}Ha7J{m+z{1f<7a)60Yj?y_4}_{^ zvI!fb?F0uSHk4os@TB-62kL%`2LpIiZ;X$@+}}Jnd`zY1P&yC#T`pWTy(~lq3ywQl zh9fa>6w8$8<>ZBt3T1`L=>`S-Vu!2B`NaK74izGwDTMe>tPIf8bxy0h0tmi=`Z&vQ zrl#m|*4)vtY}spV)^-Z@;-3OfZ(izcm|pLIZ#RLjl97f$6%3@H{_#wCffL<#=WM!Y zmL=l;`HsnP08MzAC{?q-XqSDRd>HXj)@3*DQl00Q{;yh#3etA6Wf@{rPJ8=^kAoG~M|Q;WEnxgZACSV+)ANosU@9wH+P zC2f=6N&%BuNdxf@0P`+GA+u*iQ3^J&$ZadxVsqMk|-dzn9|^iJe)hjgZ@p0-iiq(dEyy@E^sx z?zdm*k}igR7*7q0tU4z%n!D{}8HI;`Yu0^VHm>f*{>1NJ68=Rfmxg2m{|zQ1?{5w2 z%}`1LdSH*6+VKt1N%H(MFN|@uDfMdRgKCPssPH0eoA?N{ zxdGruh0nqEXBo5tEct*qryz3E~08WPX1TF z$W9;WiW>>lx+87@ZYxn*c>rQ7D)IsBj&+nERmy648TB1D;}@B7eIU zFVmN#UqBUKi7W*Wo*P;QS0-C@Dg*Jtor?s5H|YsA9d=%Wr2jFM57P8>S%Z-p;Q*z) z-Qi;6XZoW-toYEdk=tu$WfVhD1macK=GP;$N-;WKjR=VG0BL<7DsicmmY}+j3l(}p zluk!n(m2y5pSb(2g^9=?l4+ zfAFg`DSskP(EKj;B2J{lSym`h0Fx!qDnZ|j`{yT=jh$S&+J5310Rz&m`UN($V&5vY zvK1oEE?=jdGkAsXJ~*!Sx_22PTjJ3w)ZbkZy48*8nD99e5O#R$7j6AQF2DU@nyWh; zmslfg8F)tZHK=D@v;{%oQxT2on^RlJKc6^o2*bL^qZO8fM=oracQNDdA+KE)xA2CD z24OXC0(i7^fe6_h3ZLX4tsGnJ^qLK~h2btBF_D{mRnC~We4Y0@PM_?oFXGSq=X-YZTZn-J9kB()?R<^?;lp1`WAl#zI1YhbxrZS$+Z+_RxeVa zu7Qf)L1%K}o>edi^9(%tS)uWh2l${?b~~SRfq6LGl08WG^E814LJp{XHJYQE@(~eQ zZAAJ232a(;t-r66rDuChaP+hqXkts7#ny*}fa0^$ZngW24U>KtJybpibIm^IVRjV^ zY@7#ve!1gq|dQ zd4(D*Ms=K9BXhfbYj#bRpr4l0R!>;RUD9oCc=On~2*@X^!KQw*u=~3CR8?n`@N$nn z`DXPvQg#g+Wxj~VZ@ndFu{y8d?DxyNMTsq!JiTy>yoA~51MOmE%~i#&&0?jUcqGXm zo7=s3Hp~I+JaekxhPj-~9%E#U>HQ+BT6x?C!imJ}G`cYvt#G_|m+v~YAi^%Yqp_vR zobaLV(_HuSeBQ!zgO;%}YzklDPZvt?RvYixP~6hT zI^Kh}b7bu+>Yd*JrOmG%tKHyMmfXc{TYLz*)AD_mrcO{8g|)PNw1_jKJ!|dV0xA0>_tvVtGLLfBn{+I z$yR3gG9EG?N0`EHf!C@t-LA%6%0i*~)0lk%=6J{sUqg}YZe2S6LFuBI5#`Ltxo%PX zDY|?uXCa785>m0F$5_1dl|B&GIM4p=rz$)DH5fAO#_begxmkR{e7eYF5}dP?b>l#e zx6v>jKF*}SlFqF@v_d&vG@kUE}g12eJORcFN z3QU6DW??14#6SOf@E*5uc;6i#v}*}{>o}VSJJ$QUyROv4`est)#`{-$pQ(Xu^L^EC zmMik-1@Ed3KuSXY>&AXg&P^D({<-@}-U_A3i%tN zsepCZ5C52OfFZe7fX5vGcnxOT@$}p=$g_OnEalPWf!@Ua@@HMJ60zzhVpuV4X(&qsSOm*>>VzLCoW_Ye! z9r1y9P7@P|BQU=LY)-s;TANO^G{e|yDz0dhMVr!%i*DkFcEpDY#bUU7`* zOZt(yBcAraxT&1PT8dpMTbIo5e`W~>RthIOWZ4TiOt<+lEp)jWpm4x6-gYG z!9IHo`zi+amjkmB4vSVP9*lqK~O51RfKndNtuVx+ou0#2HLpR5#43nUPK+hMaP zM5DmNJyYXIWUk24od-i>6q!=UCr+&G#!s>P&$_S_UMArbY}PsFG>nX+c!An`FyQ-U z+|mZFY@C*k&5qX7tjvS6>_Z+!W7r#x&%<|r=XX_ESD0#>gB(^-eDxS7u@WHTV%y&J zE}`$K#atQ!9Bd}CpcvNroa%f*^C;Ae1$+i-azmEho68@_qy&qu_#dU-PI-AVR#h;f zFf2M`V=b8{pP8NzC@LtpIxM%Jn%Gc|S@C_A>6;&(M062}Nn}K~`58 z^6Dhjp$XP+s%54(a^W?NL-J76JVTDW9J!GV2<<=IY*=8-b^6U7%fXl)IJLci;j^&n zx?fpm@vhV+QpZxHmhU zv4$NwPJ!>QF11$KA{0ey@}B|aV#E}uyq9W|ijBc+&yeKrG5==>4&dJ5oB z10v154U)xX<39rV{~2o5Z!8&hG|yG=`Em*w<7~F59RS%Qk)mt^hfe)Oz0PDjEya^H zP@A(rOMcOdRx1yom%wMK`P#9@5g*s>xi>L}?GeMHX{;3c`Z1!<>amU;tiWG3rJW6L=&)z~(V@G$+en zzuy2_-v59J$qa>V2hInH6E>`wHm;!X>6~tF%{W9Uu4z8&MIeqZrBF3+d74diX$n~8 zCDu7DRVV31D7zy?1kq?w4KXLs1Xbt@y#}(#CRvYrq^X{>Z!MmPLR%7L zHqWlO2%^|)7%rvr_PAU11$*|I;${A%(ed+v{(=+H3&!Uub3rB=DH`ZclG$9{putP9 zFsF_aYuSxwf3|?FRl5S5xv1Q4N(Obu!R(2jl#^t%+yO2(lp+>cFH8{A%3Z5THE?!C z0Z>WUHs5bv5L)ehqkgkrwQ~oy^;!#ye&1lKBa~*$*mf7S2s7xs7l>KX?Z4+Hmpo-w z@g))FKbZ|`yVkuUU{`AdLCC^F!Dd#&Mz-E(rvl+!QC8+F7}$FuN+XcH`_ETgR;nYm zkhkAfU?165b?jIo;YQS6(n`Aexd1v12U)2ct-_Jt@yqKxmrQPk#D=y)@o!&<3CN)nOTi<_LUPeh!-_BUV7LgFhMl?@3{S@hB|?Z%lTx!a0o5N zXd3OUu*2XtHI?e2A=S1RH@PoXywV&PsD``=@9RgcZtws14tqWq`O$qlNq3@>*2H>Y zO%GV-J9pGrn@fKW@*tAe^R+rQFZcAqu^*({g~Io1aIqWq`B<5D3yZQ5SZ)MHVCier z_dLFSiU40D_oL&AtL`O^)9U0DX;(L%-)isRmQ3zwscr}EG6KEbWqDW=dwuzit}w2B z5oX&TLT<(%GMj+%Ipz555WbAp-fQh`M(k6419icAwliT>P41E=#C`kedBYQ+>^L zVx^uN^lhJL<84fJSZ6=ztF(YVuiEX2akoKun$NXaL4yqj{}m7>18lFt%0|FnVqHYp z&kL|N0}V}o;~-{O?9L469>{h--p;AlbDFe7+ojqmKzLJ7H#QXKRpzkBVpC#RLVUaZ z)3G%xdb5{yM7^tj?(R4c$aF6 zOIQ5hWLe&^6`FB!ovH!vRDFAb&!by%bK)PEn2>`&pi^(38K)uI^!g;&UBIvz`UaYA z_kH!rRi@Q$se$|ZK(w(I>O)J|cYWq@_YNK%1kGb(M`z9NZx}%Xu{?SZhqoY#=9kLq zFSzra-}Tf#y~K}86O#s-2e*04jL{F}rc1Z7GM!tRxMDJx*ZFs~g1x2>Y0`L$0U@mB zGICKaxVcdo(KMeHMAJ;?5-JEkw@{;+{*fJ!7ti0`OF*;7`_inAzhRGv)jR7f(-TTNcMW&_uPWOH2Dec=Sury2G@( zNE_%To;5FvyBlsT-K7n+mr+&@#g|uZ(GWkpl8)+%m811$?mgc(9-0a*&1c9DFMD_9 z#--?-sdVTQEoOo^2Y?0aHOKy4bG}@eEjOAB`OkZd9@ae;H9)T!PQ5T%&HD~_%N7NA zGe$oJcsv#lL{0=v-1?$2v|9bqjaYU7L^SIF09dq7mUaKytH-XI#1O-?=N2ZOXg!zi zrNCm|TsSyeUsP#P(&wsZ;j=!kiVrk9=rcEvDL{3#mXGT-*E{7hr2SD*Ve_RX4&Y&(Ey^hcVXkG;;D*<4-L(^%;v)pJK*hFi|> zfBMNf2<5!Y5R}3g8mE+tLxz~ZLQH(xDk5auJ-kelu%eaV6td$%mQ*-FyLao49 zmbIUnS+^hJqX|iT{xo+OnH0-~@42D~SA(?q_EIzf{;=Y3{EO{{2ft~pRD9qVM^G^T zYr*W1iK$A2%X9)2c@qFIQYGdQWK|Hy%0ij zu!o1vIh59^O=6Y==O`}fh6HDy8@7e{-Y! zznw{G^8Y?8^Nj$`8IG9YGfRE6kkQI8F7?0-f(IK^$4Q*n4!1e@ z{Bdhy9AwoBi@!d=!z5{BPQLjpy7(y{Hl%3b2uOL0=>c$=etpuRLmKORm&T;~bXR8B z&nQh+#AB8ih*x<1v3ac3_K0t=fXHg{)Z~){ukY1lBQqDkT+_LvujCFDKi+9fy`|Ce zGyp>;mcR_BCyMIJQkV=?2g4p&?N_{ID;orwDUOrT_zbqmy)%lK3pOirUK00>DS}db zA&NPA!dNF;8L}fK`a@5pEg?Tx?>h|BsaY@e*+lj}vb#*xh0Q}<) zCjn5$^^VBKoyrS^4Axh4>FZ40*1AqWBTBDD4u4-I73C$Zhzt*B6}BJb;{^1g2;%75 zyP}HfTiAWW#L~AiY^k{g6?-G9Z{{3&XXnBT(pGKBmCGJSy9t>MYUsHFhyEl|e1iHO@$Qo1)Dy7bezz9UDX%Ez>Z#mQ&#iVNGR0# zL5&=Y62`q@YK>J46d zy~P2y-5}gyp(1?{`Ean)V9FOTQP2#ma2AG{0f-ma_>B6JRm+$yNEdtklqd69)B|p( zJdE;5R`PN(EZwH;FeK*Eile3Q`?lZ_dH0}uzzd&L+}_YPQ0mqXTFS_!45Z)eQ19Hz z9ZO4EiKE%h!e84hRx-hkpxLQR2S2$(Y0YK;kZ)Gh4#sOG#6#ZD2*5&omYv@!c1I%^ z8GHww56K4-_yeHwUdrFxp~37v8jLG~&80V)Dzmfr-Aq~le*bLcARF0w1x7jAtQO(} zIi)ug6sP|H!{1+@xArpcQ0%yLZ%*ORR6k|S@M5#zwlELrYpCt>YbSXEcnlF+O?6cM z92V3u$@!9G;46-QQ>F#_ObFZeMiuA_El4YB69aN4-Z)Ulgy#aKX|RVmV*!L2BemZ@ zG+Sh??9r;k5~qonXC`L07H0mMSU-jO2lpr6_Wt>;#Nz=HKcy-6jzUMJ!O;Y;16KB^ z>cnSW6{&&OTP1dT5yx=_zgC0%wWa$i2EuU%inZQdZ!Yd#KNuZ9h9!4XYxL1B9y0FGr+dvPN z6J*SCzUwZ8)26Vzp^4_HySy6iv~jBY zURjKk*9;Id6aig>g@5GS)n4iDUgGd>IWfq=95L8M=N8Y z>jPdFv)9ImM;A5Eib~xZNk3Rz32ZX-y$_26Ttu#|S$~vK&TXmfrmQbsbBVm)3?PH{ z3h2%2gYTbGU&cUx!FjixWJ@(gKAdcN;x~nfPNv!;>D8;Sp80?w^Y>&vvm)sk@jqU> z64*I4w(G;?fR3h^7frGn^wJ4_itc#4ZFO#pKxnD96;nJR-LJl=knX@uXOz*O1B|Jp#VD60TPHX{-4T)$Qra za=9{RYUH#+BKwY^CeaZhuMXeG!Y&>1gtJjX&*-!eN6IUgt=><_zP8aCIIi(alQ#F? z%cP0Riv0Pdh-&j&>Dhdes}*K~bfbKU$p~@qj!F>eRbs=Oy*hFUn^IY`{bS=js`2q) z0^lGb=>t4VVByzc>E=2dbAve*O3mpER80%?KVQCaGVybym5`5TFkv&Mk5H;EaWa^h zUgfqo`eXhD2Ni(Bhx}Ikr%*l@=?>}{r@7-3C34gREMHQ|9~#4(zh}??;yN$J3rC3| zs@L-c*?-B}3a62{Lm-HF`zTd)qnH9!;G-QC>@?(Wh-8h3XmIKdr) zC3uo=I^X}FnX~5R%-qb)99FIB>h3Dqs`lQGy!-XE%v(G5@cx$nzus7pP`>!lDSA08 z0-O0?Zmj%2-BASgqWwSfj-2J@a;P+_x|#mxy0Ft=wtaZpCNIc^n4+{-S&mAKT2oJA z)(K6$Orqe3YkDwqfo0q;33d3y&8hY~804mRliD_xi%p$?60Vm{g@zCO#}|TUuYRzK zA|osZ-V>HMH(QiDrJB^O%l$hBZ|Ue*qtvZmT}a-T4h$3ld2n zJ`BBBfk$+5;1GeB!zJ}2!wH2@&64~-2>8bs)hsLgy3;-x;iL)gb$QPwj`OAwbj}`> z37?H!LbOZc0|zhqz8wMQTq@yuFf44b&TO3CB6uVL$hMz@solvlfwLNO8?_Xv-Jf?( zH<>ecL&X5YvM@%83l=Rs+OtrB8Hlnvl^9O+E-jrO!{_nXSi}A!8qn@m-27a!_klri zZd6PKT$j{Fy4Ij8@EB5Bcz0*)y-e%!1n;YIAN_BYCpvYPXs$M=EiiF5o#` z!?vUO_Pv)QZ%W##go7F|k&LoAum81yTr19irR-~CN0#y@h+eDya+KXE!NH{oP>V;@ zG(KpZVxqEr7P9GZWFO!i9}j$>xfIIR=046Tu+<}nu33`!F4x)_P8ot5aw_kw8tODy zObMn|e?=|t)><2B-g_&4xBX;ZbecaAGGJqp!iSx^WJ{XTaAfD44e#q!{Lt=c7nQ}Q zC`o%Eonea@?m9jw&Dpv-Qn>||U~C^()t;j12E(LpuNwH9ZKl~LDprpXm9PtE9&#YQ z@hnxrg3A{o5>0l0uY#vaJ>M&pI+HN@oI`(l~h`MOnui1TWlzP zeYV#Ko_a0+>hbj3LSmFR{xOzm@mA-q`6|@7GGnOBDLCe?k4|JGD%QN?BLgUDgmT2Y zT&6rnFtzrChifKEqc6GFFN^kpeAHo`I-@HNZ(B>B z4_}W>Ir_1NdD#xu+L$`fka+0(f^5w-^^=>*t?Ne1V$_!=*3`EhjBFL!p*B=_=^nPt z7j!n>&@yYSd-l53)QiGEDT`t9DL97`JYn!!oxEN=@5h1DnIkpCs)@33uqS0jaSx!0 zlf5@h(&8wUUUYlZ6vwc}tlT|e2r6P$o@wq$*I?|v#Ug0jwOZb>3A7~tOHsqS{kzEK z2L4_B+s-L+@AsV}*42n>g3)Z=;mqx^w`*7Xmi`roXNJh+|9;^Ahu=p}_&*4ib;3XX z_wxVUHvk_W{SU%FLkLm?2#Bu`kWt`&sHjNDh=>S?2uR2TuLx<0h`HXWp%@t#UE{yu zR-Y%4N^01B&FSPE+>Z(X@tE9521#pt<}LhZ9RVE?ew+j%eB=T)Do$qXly;vzaAT+8 zEf)nw!qmpqj8$amx&|&94zmPIpT{S*-*n6W3VB$n3N= zGJS&lyz~@jFnb#)y2!1y-s=^Eu%T>sLf+kLYF4wESda>Rqq!E#!sqzVAP7ITg2m!E zI^_^bJyH_{RY0+7x|Gs-Aci1W6%dNE@Fra0&gY?*`b(sBUPk?Fjm?7;If=-EFs-FUVD2?hUK}3 z_Y@Erv!+iTEm7T;x{HSIKdYt0yh6%7C)t);LCLE8TejB$qj1p2~6lCBXi21VfB zR^EfFbQ^S;_eAHcxkGl|PB()E8?jxxKNoO0^v24=7+%054e!w<=%F~iU5-g1Vn@OZ z9-a^Jef%Zr$iLJ2K0tGvVqaH^Y^qRo-f_Va=gXhpc{J*+fa@vMJ{Z5P`085Tnnrzs zb&Xco#UJ38R!!7*>o2h971`-3NA=f@OhF07Tu z{V*%HRL##pZZ-*I&z?U8TUA>Y{3h)gr?L`~X3Bc0052SK0==DK3NCT3OhzTsIrnSf z)6~9@)|djEMpFOZiNxg8Qh@vIG!rfnHLdM8_n|U{_xUK~WI~0Gk%3%ET~qJTBPm-7 z`o#s3u5nF0(OY!xVn%msJXqE*C}a{dxMs1yfdn|%+GT7_APry(RVoJ z2HL7jxG2PaZ-d@MDGkeQ)etbHElVV1;?e^sRThYT`@V#j8YmmZvG-ui!OWCA@9JE| z30rR6<*aeT{w!0_vQ}2?t}Yt1(T18+{~iwK7T|+!-pL6V`(JB6{t0$WtiIY5ETZII z*vh)Cx{=ae3i#m}pubf7ZF^oGYyYwH3{eyScGIO=ye}D&1L4qP6a$wzEXH+x&qH6! zSARyM!nDnPYw*V-c5}1+0};hzw|c_ItiGNicwzUTPpJ7;UbWgRZ7$YgZ(VfaW5_TV z$TmemtU@8k>%+8v&>)={Xc6An%9@fxM7MSp`)1GH_(saNXnV~`*)OXfl3Kt$u&em$ z{AHZZ&SW!!fd^U=8|Hd-$t@sH#m7y)Do*Tl#b=nQyRp*SmgFoXYfmhdDzu3d`n%;} zPd9fHOhu5nobW04L4@CQdyxpYlsztxNy!w_=j)uAF|!g!?I6GX>iicP%_$*E@AEXmrj;$G`aXu>|Cw-q|8juKvjM z{0E^)9-BCebAqjimb=v;@Aqqxq;BFMzOZmqmX9|qikd}T+El|g@F*i2!%93>SZz~T zeaqx*c!nOd*sC$KD%*|?LGOV4^lq$`BU91V-v0-Io*JVz!1tEC6*cm(8g&3y-&etolB zZar&=r$M+;x$i**^`9QHE&F~`WZGINMl$;E`z9ZZ%+U`0yd#X&H(R#uVru=Lr{E6I zXmN6wws{+@O0l0SVcLIJFmtfcpvF7l%U4%!!>|`A!J~WyKS!Ahhys@6Racv};_wa# zd-U?D78@^?-}oiBObtGFy$L%P!UtkJ5^@A*<^65rVR3+VupRlA=o^@svcbz99oL9H zu~$2Aw0NVFiSPUx;;FV6`Qw?r5PL?$S;@6ZmdAXjG->M9!q%$b z^HElm?IXh;n=bH_+oOB9NZ7A#A}89mjeUo&Y#69vHK*j>@>OMKgGHBHeQRylk*z}- zAQbixfyJ~ZtuLLzg%gPKYD0T{OZKz&&mk^F-W-14$;r+cE2rWXw$q*Lx%qbvH%scP zjpJWfK1V}$TCio~*(b;CKqpz0y4MxFf@;z@WC99iLm(?D{!n9K{ysCtsz+MvLArz0%cGQ_H zcogi`S~Tw%UsKlI`U!u8H<>jgl58z66>oDm#?5{La37#rHq@a8?plqyZ%BXT%WXQv z=;3zxwaxX1p@o9x`yXoeZtOD(<|4ly+fYtYT0N6$O39Y;tm;j&;ij594%6 zFm`ac!*U7e5?!W5Ju%EI*!R15YmUM|HPb=yF;6`@!B&#O=URENdvF&b0O{VS50iyX z2r}&coLSHY!&SBik5^)`=iRe9x_4{#f4V z3-H(D`k*IVwQ5L?C=Gedoy_DaJDpq! zw#vr8kTP~ygf<1!T0OF#D(Reav94P9Er(Dwr}QJ5!K57O^%~;Z$ycjuuwwXvZFRV9 zZEV&{xM_US%H+dTWM+tWO@^gBAl9YfROgZuAz&`{S2c4({${1~S9a$hV-g5XfDx2dMb zd4Frq4NUs_q;*Y5ecM0?rT4vUh+sQdws(vwy>pG9t3iSpvf;yMy1Mm2;5!9S!u{S= zIMoS9!V5aytgXGb(KYO!KLgO-+s=gcXL$IoMfZ1nJVJ5ccBK_*ShZTwq?ZD`51X<}0OZAe=3oB#ht<~`soN%j`P@Ii5_#O%*)i=&*Jc!9g~Nhbk;8o5n%=i@oGCB2L8i#PFHyNb|7G%&ig>d zfNSo+b;s(QP(87^@%0Z28|xbni--OzY=Bx`XyO;^FSr1LAvr-P%>7zQuDv}HrPbW< zp4D!GKA3|M(%fKPdKk98c^uyel!d zXxX@EkuVXT+V5wz#Aa5!+DqvuH}HdX*M&+zU|u@w<;5-XVGH!JdA%DYCy$a&7aqaV zU;M6Sx20o}$bXUslKEIo?B)*@%(mn+{d(g|!cpP#5GSl9FFIu@Z9@a9(LFv^r;C+X z1L^a{tCM1bf$4|k6-(-7-ufzz1d3s);7Ko?5 zwK{-IXgMd;nW8{TK8c@^l(2xv;G%!4jbVU%He_&w-0fTr$sv(=lj9S+gK2eA)`t8l zgl^q|h#B>_kJ$ZaQ->I_@pmX5$>%fHaSvDE!a3FN82(H__VkYM1S@;ht5kMeFBAzJ zGA5~+Sfj~OW21wTLAguNedwkTwB)&X&+B3Q3p+pH;jLEp|vxDXUq&mc;6HST%ROt*y;W<%hwt@`+Ij z6caMDxF)7+4OnpilIKq~-iF|c?zX~xg2`bKJdUQpx)3*)6kncc^zyo}KbYurM980m zjZOD_x46Uf9x&ONZ$4agWD!G2(#Y~<%~?w8!V1UHzTMffrCp~r`lqCx@6>a4CvQaF z^mqaq2a+vgaYXAT&x${%Cj^Fg(5~5kQ63VsAe{#@vynbRcb{#~Wq!$I-^xj?!cwO+ zVw>TuLTvH)zmo9ekxjK$2uLr!=y3}QwYNj>hOET2Di55K`l>9({;-h$h}W!RuT~xw zBxJ@mK0P-q9-J_@PwOVg9z|*OPybN{Z*dr6O26)RX~odK;6Oj)WbaeDDHnGGCcKaL zsVsFJKPg}hjY1A;?xCPyD)ajy-to}W9frhI-o&eVFI2P{XiCBro)u!j%7t5p(o1E< z#y~ggAu{rC0O(nWG(@?N`v`t2S|`XyDECNp^iak8n;MCo?SL8$4NW#V@uuydcq38; zA4l09?l0;0)2bt!$-+#|c4=$i%i}P`%`)6stCvY<8t%c}Fj8=rSJYHPdf4T3?hk6~ zZv|1#jbI7Bd%HV5@5&c(H74IEoi5gLCt8OTDjY^5dQU7? z^l?ntbbGX+j`*-s_7=MSHjSHsXP2fqdPJO=JG`fjaeoUX9BXnF=)23C!(bszy}*$) z9Q3{nl~eJeFyKg^lHS840wpwyH`Uuuqz0Q9&?*!B~Ub4XYH<-b2Yj}KWr_W%xm4ehX zk1o3m+@uHz)GjPti`OY4$v~0T*zTlK>E=RrYUZJD5&5Pk5jMMrJK9u{4ot4V46CM$ z81&r1V08Y~%%I{!kjWq%A2}`1*F1%w?(NVfs??SF@W zhLY;0D^-@t7Jqs%fsf#Huc`@9Z46KK=E5&0mN@8>C|tI51S?GTtl(8m z{3gMO918R>);9s_s0O`c1r^7V0KZIZf7`2n@i6aDx;Vz+d7@pLp$Qx}cFO5K_uLXy zz)k{$U7*sh+$r~)=sQG8@U@w+MrOw%3ucP-IqOXE96GUsakz-3Ja8=;c8;w|of`9) zu|-deD{*V>9ZLdm888s-k0HfS>4?!+l6-^<EpeQFVQE&~}DUY4VwevH9w)PgrMw!vD9-RoVkweqU?UirCq z3E;iJk&91^(1f465-HTrwMd8@2@RB)`vtdV5~FzTQ?i!8FQ4Htn_0eYrMh_|OTX64 zhZO>j@vIc*gV?g3oHyyD01J157ebje6d?yyH%KZKu@m>(FwbSHFzAHp#Zh8c@kI(p z(InoQ1<0skH+R|cN+Fkm4Z8O>3tI-9y=8J1!9sXZv|cea;wNjLwM4#;^c`EqGJ6Yj z)-rV#cN6RZzX`j^W9PQovaYzVUyT?-XZ4OvsMc4YqJFoPtLhvTaicsi4dsb(BWl~4 zttRt6-(kV#9WZiHt#6p?0VB=DxwNU-_z{U*mcQeXHJ2ktudShLzAgfmTs}9$(tAi6 zlE){9jS7>JA@JDcPZe5l7k3=;aF19o7%fcIDTsBQ0sWxQfc!S&g+5CC&xO-o@3jLSZ za==HwhuYfqJU+6YiIm}T2<4@9zqqb%|E&~i%^2jNr2(uSL#~KM^~ur>_@7= zQ+c5`!AF{|s$VO_hmpbt>#8BP#40rqd)yi;>Abq^KB19MDt_;qVV1K0U91jb-|aOD z6pwAif_&KGPyVOPP|4kG48zYlDnml)=qo=JbKd1-d(clGB)mSaP~ja94LWO?nZN<@ zRINKH7Vz9IBzrWhsg4M|_EzqgCqF%Kq3%t#d)j1nB;N2$O!i@0$NcI@9DiY5X zTHt}3Bq57zuNXTPW47FceL9p2SffCaIZ=3XuehW+EOC3@?;&&xG9AraVKzNU>r;3a zMK6qj3Fk1%n%jPaaVZ_2M=k-SPeVGn zIBy~Ra7toyo^0LfBTA#CjEV6fPsUHi)WE#&G*SU_CZ#!Q31d&}0Cq30^OPv&uaO5`EvWzynY12gF1 zdp+k6j!hUFW5|fyvbMpGS%&HG$?xFUmXdWs-k{ydTSIG!=r0Dw;C1c})de(?*kNH( z1fm89t7ZnVX&@2TtW(p4?Vv;Y{pDX+6j=iX{C0z!!vv`nu;Tn?Cjy-qKVzae65gpK z%|0f2A0}FDmQhc{-8dVX%l;r1VGq3`o|%qMoHbVoHyhb(1^gQJhYJclvx!xZlmL@f zKw_8n&TJ-hxLG%5Gjd8(P)_Dzum{)4su3R2vUhfk?e~GpOWEiBXh>}AFeXZfh1NP@ zeKraq5}q|68V8^~-`@B`Hw6Akq&SdcnhfUHUa*3+Ny3eVzFRfIuu7>{uu%SP*0N&M z;QtS`)t=we{9F`C@eh1Tn7S^id0Ddf;39{7R`;T!!w+OF_N7i{t?U&>vjpdw zW8B&`?sK}k&uqLLaXHG7eA~$KZIW+S468S14fXs1eL>&73R%0U3Nd1ptGSPsbC;;V zOCGN8IePw>ZXJ!AyV(hiH6Wyqbnu{I!hRUXLT~jV$yXi|*Zx<_mM>n`AQiwK_ z%WX{u#l{y;kd4j0a!v}i^)}hsuYr8E^-UN%DINy1Hnu)skC+=dXmvOFZ}UYJ*z0)~ z5Dq-X>g5Fu3IF`@-+F_WQ!r-tsJL&29uJf~VqCx)Y$NC$RZLXxDkOlxBMS;oJvFd0 zK0b+{c53xLt8!>u;~O0|=4_N@uneR;eg%^SnSJFy>uqL&MI;((9*sc?nKx9tY$xy3 z?2%>vR9Z~T%Zl&`s_kVCHua+Ll+7ybz)UE~NUEKtm;t>u^1IIr{3@P_ZRYnpuQhXqwp>H_z~5NAc-GkUfp6Z#BO+9dN08?9sa#m8E+lCIEoKL{ zXRV*i`+SsdfWdx}#|CvmTke%*Km9dtR=E9z_Wd}u{_eR9nSuKm3 z&2pf*)$!vDIe9oXd+vZR{#2Fl?AnjnGU;5Bk1;J76S*HZT|-R{T@}9_8CzM_*zz-; z#9*4%t=de=D}1SdXD`lupVKFjNRSt?clf#?nVfb$n&Gp$f(bl%IU?BP9wljqLC??9 z=S$VZq4p54RxX<0HVM4b$mKr>l!xA?Zt5n$N#H*SD%EBk*qe(tcvf{aFd@}%)=5oQ)5>BQw#)=+0tfibYg8t8`==rqFuM1ojT@U-Ih&Qw0 z>BaMTeT@UYQG3Tj?m}+@;`|&m+9I zcf;79IwNb!x(@BzZ0nNK)hJ!rZ@Te^L&qIo3vf{|_OfE7wq-Ody*DwO25S5)g2UvZugxOjir2T72mm`XKq?1y|Dz zx-{7iU^q8~9d{0zK>E9kw{#$*gBGsqi59!gvWCRszv(X1 z`^}szNu#AKJm;OP@4gR`h08vG5%DOwKD$?Bhz(nDuF@r67tBB(eAakvfB?jJ`^CCm zw+|x&PoVO!DGu7S%OB01({-Ik093SL@5q4bS6I648u+h4y>{W{1jYEVOEnZDEtQ`6 z-u%uPZ=1?Uiv^$bB*jDrUgVS+2X9%}{AN;l@36?D|HI=2+bG(u^D2(K-?d&HN49r- zyVqLrnRU5xFTZv4$o*DFQR6U$wbzN>YmTHP+)_JOlID^2v zW>!b=3}tRaYCVgym&2-W1u7pxMub~b8*H!E|BL7bRU zXsYCGAVi_&{hb`tk4Nh7^46dZ0Y{Sli9uZ{e%dD--vzMJn*Bx7PpbsZzKh^wuCcn_ zXvj7@Xo6^mm&2Ew8-oZ4*?t4l9L|O>;DC*SaOxbr3TO&;L-#dXlTbln*1?uGlptc?XV+|JvXrx5o0HlNg_5 zu&Z$#W?_C`_Ng`GMJ@{0kxoRRAG|JmYc|m!*d2_NG<^6q>{ozVKMzo!Bc)*otE@Xe z){oB!6f1lZA+YtPjZK`#?pO1R?`F65!&}WKD%w`hVypXFc5q|e)e~sV4BkXh)<2`n z@>cEM0UUX(6Zbmv8+7c~*uDGj0}=6X3rNyaSNcJKc^kanlmkNz_h#?mL1BN?r|g%V z_wWLywx(%?Z(v<}UAR;BJ8ySR5mh@C#ytF_B(c<|o7YHe88DgZZH% zkaA&p_ZPrI==vp!rTu3ZO0HH7^@60fpzk|0)o5gm7oo^YL^QPvIz-ERkGQkA`NXc4 z+Ow9pIlU>7SXQi!;uPHDWIxeGkQ35`2Q?VSt0dB+dG{cTz>1;>J4@QF^n}i%A|`>Y z!aypuzWeGGNym5!6I1M573YlWWbmD4v9YaHQCNU}X$jUHq$$svVRwslWRDj(@aZo6Ju^)XBD;JFfq>%I8*o>rF&=Ron1$|&Y zfHy1B*8ryq#Nov1=5OV1lR!0upE*FDhRri*vsi!iy4-j>$AG5Tj>F2{1yXan^jrr2 z6!72KRUd=JYV#pRd2j;p_@vUvmnt*$B>J=1P(}7 z+VB|yyIWb=2~}1s1M>SY_B&in%+EV)%I}p#U%2OK+7;D#zR3K8Q1)BXWy#QxzG>gw z!!YrFL1wU?DT)i~Wb&w%U!zW7b)?aB zCJ6S3U;s@!a{cukltd+bS>6(_@k%&bWQ;$`4)i9v6%`U8rEF)|2RYLHaA54xDQ}<0 z-(p^spI(Ib$)URtryaTXR~D%Cy4IPingM6iQT#NRh z%O;3Q`(UO_I>Jl>uazJcKf9DGwAe!w(XBAUX6oBh0;BvjG<1G&j50f&5#7RloeT}H zt7q0-+dMMXY^wVkLtAY>TGKVF)fS*7uA>QlVg98aF*_l0ce)!(7LJ+*^V61&n!v?r z_+An{10PnexHn`ytskTA%?lqQNqs@@8`c++&)(x(qSnNwPB&yPv>cv3&}aoV|WoV=2O-F88 zd0`Ws@#fFtSwBYUI$OSj%-e!_s`Czm)E(G5!fl`R$m$}V%D2TYR3+6X0IF5yj|v8UtRO@Yz|pz<RaT#jYQHam!&}~_>zvKh6UHyY{;9K>b&VT? zLTdN6I=`M`3NY8=lUoUXkia$5w0mElw068q=#byA1M(58Gs%C!G5^3t-$VZl9QLlI zdHe?**EBa6T zNpNT28eE@)U%8m~nzgyyy6?3r$$w$oWIW95mwvoE43?T8IwHkwm z`ME)32{=Q}$^+k4ctQUlD7^6?n5l6Q1obh#Gah)X;(Qu+KYwNuQJ}2mOrEN7bN}|- zsW_P4MyY6Lu0=T+Tk(>>pSNEW}Y=^EMPWn~JQct(5^%Jf)T?kMd z6(@qEeYe*oz6WYi-Y(tgwrxLr%I5P7bS8@?=PHi7Dv^cj$0@0Dt9XH+fnm1%Yn6*B z9wl?Ndjs-KDOYJ_we3pIBikj1(eNVVVoFu*=bv1OKxQI~mz&P<3<3Ji-s1R~fnU-w zTUnzlDFEP9kY{T49_$tMVjr}`2U@}bB}E*9*LN_1_`mD_ly_jhyl!oed@Hev;NOE> z1Q&zyQdW_Cv1yHP(q`|<%o@uit)aPvyv#7ejVF2pNWxh zx33EM+t>|rFr2r^eqSvS0@KIuLFs|&enC;2+W)_TO4oma3gTgap%!szuup}FK1xW- z^Z$q{)4bcf7t(M8Hy`ogt$GGQ(v#}QSK}eZPgbQv?a4IyDb4~?ZADS9z1Gy=ZvUpz zA)#dIg5qsaf+0Xt%9047-lyNhuI)!v%1_8aCR-PCST?^7d$4>S!Fs9^JnquO=hb&^ zEeW%!Kb3|l>=RhPfF;H~1EAzxC1hww=k!i-NN8Um<`oIU8>2HS)x7(+!^Wj=QRnma z1wsU4JtQMocd4`)G^o@)*k1Z@vAq64Q03x3H#nQq`fn5|QZH;wG-tsKDU+Y)+tgOA z`q&r=W4br7SZ(EFFm+Wc>%mJizM&ir`5Sj65vo+RK7r(OV&*uW zGj6x~H@5V!aS5+mPrdC;F)~kA*GshAYi<}8fjPfD$Xr|Ke@ ze<#yRG)I2OSd%_xy=c(N1Fsb&PG^~L7Mq$uNB_LPcareNokdohbomD%c{A{!mF9_k z^utu^+b1SY6H*Jb|FCX4okYrU|2@_iN0G3oQ7zcX)6o++3LM6b^R8D6IzqsB_q!&l-{`zlsWp0Ch_!~VTD zaEgS7dp}yt2$<6o5>)Wi(o&%*)*B!4`#AZijr{W8s=3?O0_;6IExlM>*Zb& z>Y>;Y)#UWRU^@7-l=Jez4(>K0+$^c~d-cs#Z8uh*%Ek&i0e&s8H~OQ{;dy(&tuITX z#W9R>%u0Z-=3vzK`_=K`@nFmcoDYH;S6;QHFlGqs0#9GVDGaxAH&>x~KftQ*SX8il zcT(Cm*#ke{`X&RMgbfO&##oikU{Z&PFvH)XV8|A+OT2nhJ|_RXPT~Vz zV7;B~rYmFLWFdZd=^0?SYhX3Dw)(ve?ewQ-)6Lm%I5i3x>ejw_tJS5jBy0_2O5KjD&O2x9QFX@L+heqMqp z_|>NCr*WXGWCvvKq_yFrf-l8M1Yc>AJ~7$I6kK}!8A}{#IU-1yfEX$DA%=^{CE#~sin>83uzS+E?K)0)sH}uWD;^v5gph( z*tIe$1!8UySKD2?tpHVFdFLEfN9Z>X46UZgt(O-4)tBL?EN2EY1EM#!2n2nS;tmsm4Nw5tv8 zAk5Xeu10O}wNZ~|9`N2>DMtT0$Kg*Ues=VOYB8S@V2itwU3<1BG`kP2E>gxcxwkHP zoR7MyHWl!EcT{M*E_Pt*pM9h~q7s|uT@I!{AJl3b(lX3m?cBP-n9j_>1hkiIDJMvx zJ8GU(xWq?9IEXzAsel-G)rN%Qg%m_{bBp==w+FG!)-c+cvLeWI z>{P!f*l%Tf-nXDye3w@qn6Ht>@mu~rGdHMPqtV|0^=*Tn*G#560@Y+EUWPGnHgj~~ z!5mXx;SKL$R|8OA3Gjie4bEmd|I22U{L5y>{L5xCPi+4}Z}28hPQTyIn0B;((*F71 z+c*9V6rQgCZ-~uy0SuA<5}WTNWH^8PgiEQKt=4wg`+N17x^Gf=dgFhD=ob6Z{fF2L z9R$}^yPC1jkzDEW22|xp&MVM8`<%qmudHa{d-(e>!>3SmM9INl?K{fl!BioP#&Cp+ zSBm>q>st6)Z(+QAJaVLy*qqjvvV~zuS?3w~?8TZ3{Kj{C3a@lEBX6t8AHSOptQNaM ze5_QM6#K)}^fl`?2hSqFCb%0)8681tk{ zWbtOvNpWzJAE>869_C@@oH1PE_YXqM7QFLt>+EAmoY4Ea%~mSPHug(iuK5gesyjP} zzyZMcZ-VF@c#|L}!ltcQm-L{;X#o_DInfn=Cw0Dz%-Si`AI#eS0X>#vU0X1Zfq)D}PdxR|~z68X>rF9? zOVAptGg#0uzSoyoiL-}^G?uH)IyU=o2HJ}TxQ@mB3DqG0<1w;{9oBr3!x1DBBN!Qk z1Bwa6ysMj+je6^^p6oPgE=|V&Z~iTaVf!4~M=L~!sW{Z$7pTJPY(!K{mOF!hr*%PA z=!Mc%;HAEvyYrFGS&~;Ufz_)hGaeA=%Ex}41pCYvOHhXJS z=83zNJAjTSN}3c(a4yT%$(g`}E8iBknSQHePF=mcUiY++NJxE#C=OTnKK%9n&ZKHs zI9sa}Fbg|Lr&IXJK*VdSlztk`xvs;C!B_P^m z4W!G3y2Vl`eU4KU?GBF@mHO*?{iQ@aiLt4;Gl7^vTm434W- z{}unZIB&3+IxokD2fRqSz)RSgGKXmQ4XRmLsSG=Gj(lyRPPE2OBUrF)o_-!I5v7H1 zM@5%^}v`LvsIm&7J=T zBf3WhcY@Mrf~jknXJ6p%+G1-s z5MR@|v}zMj|F?*)T4?C{00%TEnVQ z$Hj3V8C{OzKtvm*QpZDzQKRUjv3*f%zc`*#bGKR?zzkBw@%6cBlfeK* z7`5exNX*#6_3b|h`uK6Y0$Y!&gYYTFuu}G?rm7zGkJVenJ<4Nk2nLX+1#mL59VjAc zwB+Y>g&!-g`@?ATndMPEkDBWj>hj8^C@#k5A}xBX+x(iV9f)zQ>mzz4z8K0p!YCn7 zC-Ei--pt~4(NGSA{ap{nDul$}Z~2VxZf04c`fhI2cO-?rPFisdYt1uTadM|#Ev>l$CH8I>e{vqXs+ys$O+ZLF9h;l?&( z{m#-;5+-tpCDc*ako9wVi(6VYtrZSUN8lHl?7-a6z^4rUs@sMFg1=6D3q+5wn|xbG z8Z9^`wlG>=UdmI=<|!+m8qK!;Jwrn{ww4O*l5vF$iL-je)M&Lv4x3ciHGkS4Mk7lw zU|zLuE~nBc&KkM5%*LNK#85Rp{Ez=~*LRaUOcxXmNPRT-{H7SA9WxQ9@}@B@{llZG zSt#5fllR#S~X5?ucdtM$i9FhO=pxC!DA)vR|t!~nu)krKn^Lk+T-)=xTqRj~)e z>nKT0x?$^#8so}q2922B!)dGP;K&N1+n6-_=c@~;{I9RFGq(D^OVS&L?Sn(~ z?!*^7dbTUCIPFX7TA4bpq7_G**AZGe z=cSTF_A5n^l1amk=`i$K4~-4|}v* z4ROh5t9i@3hIl?@@^EJU0jZ5)1qT1LD-_;BoIGB+~8l~&F(Ul@0--fo*_|?jbIi+ed);9e1#S@ zw-j52i3Oq~p)+JE%;&5%nh(x=@uU+G(KVWT`kBSO-~3`|Vf^e}2jl!ry4DtuZ=F|w zOqGeF+2(Z!H_gkmlKHTYP{+DNJE*abkhBf7GNpQ1?elLvitUC>2u37`x0g!@HaW8a zwbxqZ>u?>6B51>b(qLi+YY)xi=JIH`5ayA4Q9PfCX3h%NTK)yG?(jt7t~RztnN@IER$$R8_b*= zwF&c}RqhUq=UGQQC8BfDFOT30BW&eA9QX01!FPX*Q5lT<>=^P5MXO?WuugM|NAH~) z%wn^~WBE$+g7wqT^Wq8oaHYXRpuZNwt{!pR%w`!s!g|TzONFuY|H0OGK(iUJQETl@ z?MLAU;i~09R5uLHAWC9};o45{3q- zIJ0~z)Sk0f-N;3_x04?49&==k{X=TA;u?1}GTypyA~TPbt|slD z_|GHY>QUn!i_&{@R@!Hhx8x?7k#2Rr z`<)C8GkdF(1DLZj@N8bMWD0fn^sIX;AkonjqCP5Q!=D<(TLVNT&h}KW9G1lHfC7 z{N)=#RL~Lz5-Q%k*&g)u?7a?t9vfwKWBv#vCmF%g3C$90pvD3UwS;5!@YL~dD4#MO zHiUwMFFrcnTNuFk=y|-?b5)LAkQE|GhysJB`(`nwF&gJM-HcWn#J57j>OO*MKr;a} zA)Fg+FGSsp^{*8ASAA)J#o7~3cu?tV(}z>oe|dUd&m7NXL*F#x ztT)~*|!P?|{Hp!6!tawvNV1jf22a zxU74_u7>~{&w3>c#Po?(-Xkz8P#$=P7;&=S6Q+Ra36ONCQv6+oSvqJNCmAF6Jr=LsAA40*F1j2=urIA|0;!P)Ah^SZA z)$BYMbon7LE1s=7Oo)l=A5y zVX&if|`KkfM|d&5JjFwKOW#U4mN1B&iShgFBynRyg+9|T>eFP zo!BSjRS9sp21bczYA3Agi0>p)Y&BV|+e@Ow78W-1BGiMfN|e92)Bdc-_<=rfon+<5 znlZV*+lF$~B_JHG)(8d&yUT3Vs_NIi$y*tW%6eH%_#_CPPWFjH8S}F4h3zUO=KS+m zQziR2Ka$Lf5;UpAho{uMXp6#ZrZ8gf5f#(a6lzuPmFG>tGjmMQf7LQ<`5RW#tR#;Z zyx9;}&6H6=j@$dsEM&reXCZ@6oq8V#Lz5l4(n{k}1)YuCTR;CU^TQWWN3_4^?Wi-n z>Q;NjL*dPt5k5dE`ZTqw^Jc&K&mSV^GjQ-unRDJNJdOu1z-dm=gslpAD@66L-pMfe z;maFKSu;0Y&wS<-$EHwtEoMSZXj$b!iy;hlQi!q`Cw&RE`M#=Dy?13SCV-A_RH5OI zENK(NJfeOW>P994s4^-O(ZcHd#czu-hXo7F^0O2CYbV_pf0kVE2mxyHSBttqUoVM( zsmEh*znJ8>J(NFMzQKR0=7n_!M;Cci-^&q4!PgB+lt`@xe#*HAzH}iLYk+h!=j|7q zB_|&5RiLB8u}6E@zR+lv;g#sLA2%jK2z^Be5HSF4>7s zcNtKyHPC>~4|k*p8U;Y5TAowhfIYr`Vg;tJZLwi=m!Q{jQ>;}|S- zUgP#GWuverANz0ZetP)0Os-ElcHd!0ifxI*ylHY|7wbb{t4n~XCt^NZBp{#*l_EgK z;;`y1Nk9N?D@zoTr?D1=aPHsg;~&XS^_PRSy@k3?ShO}pHUrlcWMu@S%LsByxhA^o zR%GkJn!}jTUIbpFufl*8Z2IXiB@W4K7V%^HuUy$kS!+pt_GYzAnqcUa|0`K7R7RvZ zJKE2$LOZpy8Iy~NTml#j_!^xVu@E)beaZ;Jz5SyEY%H@7GK1@yyao-T-z%*Axp( z+@t;2Vs_w~aR?|!N6tqV@jI`!iH`bsaNlh~yQuW$Z#L<1?Th$VJ0cy!)arB|YqI2D z2JYO>*)cJ{`L6bykP%!cP;}~4Kd`X~y@9ifHOv)D%>P%PZv6k~(lYZ&9Uzz^@UeSVodG+Y;lIBHm)+lyCEPn-Ot7`PMw5MI@+h&B5hP)+*cobSY zj~Am1tLD5_SsnzjT2LfP6dO>on7g(&#G%hj_X)m}m~~P2LMq4>kI|{6upCuZ2erB= z5pZatSdV6lyy~b`-~f@5uEvZ3+}5*d_J&nC({5qcH$vl1Tvs;?^qdnpQS?n3Y|X`D zEkVCw_22qCw%p{xh_4l=Exnm7&QDPAl+Ag&FlpJEDhQZLtzdotrK?IAGS26N^zt{9Y4S)$143thz-CxM8nJVm_8 zr-&CHD)DU=^{HfU7mmrdTCpu<+9c{+Xq)ymWpdgzWn#;;Y5?;k_oLo{9|BK4 zStlzcZvW_$tp4tC&F5;spoR z<+;ac%n~hsiz9j9*Z=!R3Hv2+x2gc<2sxMJMR0*Ec-gy#g%tTbbYJk98kPv(hC8sq zYZdeK)8PV_Q zeupiDMfXJ+-&mp@9EZjNi zhyKh#UXG57SSVJa$!`m>*3paQ*SACF`0JSOn?5W;gWRk!r-FpMWqFM+5(F(4_3;G{ z4)Fak`u*g_$s;<>@P+CZ;3!KgpCwo`wefu{$f-}>LIa1~)h(QMF#7ZVMr1*cF7O41 zx}A$RwtuQ~-GuPDh=nADTzMNyN(q@B=vGEJ0)f<&>k*e zp&swIU_Z?}d1Ea^21q9#<>ntd772#4g-v;5`P1U0ndlSo=#u%A)%V~S{X)-7lh<}f zbzy{I`yy?FeGJ4Q4RFkww_-je*~~5$3UP6huTdD&i!=Oc#Q&EAAVqIz21FhQ7wc*bJUM^SnpfN<&*%+So_SFk#HEbUHCW0Mk)eD zuy>=1)d1~E`+lOKH!Y=NjZJ7b3p{O@l9R7>Uwm#L;Pe+ z_SmNrEGaO!)|l$AvD)O0h&5Jo8aRVQdO_M6RI~l(rDiWTOX<^{V+VF}3m7JCWS(AK!WN$gW8YH>n`Y34j$i7APnZU3IU zFfhd40EP{cI;pr8)2m_GUn1LIOi0m6HJ8>T?g1+_O;KCrsgI|BBih~N&@tTnCwWkr z@u-~cKIeY{QIB0pcw9|8#xku)+JwK5O#j85z|$>`HetW`(d19n(aAH)iR-fi9Eh#o_?e9SXKW&!mIaR-+voNC#pwqSOhzXlY`~C2` zM4SrkdL=8u!i*Zs1^x*3N&weYd;QTk=48ZhaCvu4i&HPKax|{Gl%e-Qc-EH)!)EW% zj<)|-yYKkb4a+q%N!4ij<;5N2lDD>^-UVhySg4BwzKqJ!60d?tHH?(w86LS+tc&J} zi5fSwaUkjBo3U~E_&=og6Uze|?SMYzx|2VmGmzwZK!EL~rl2^OsHC7saqfQXPaVsZJVjzW4|Phw&zzfm=t-+xDd6O9iV-x##Dsl8)Sff*E$-{;2Hf8?k<=wMD%M<2H!p zOI@q%-vE?vxiU3pubSJ!onAG!o{1zoS*M+QC9l%x0#Afb=TD8CuzqPAb6D@gl?1hH zY!-)IY8+plas%f&otT`trG1CR>sL>CjAI@HUp+ml^n9B`BpDD~cI?*Nc*)xX`)&Rz z0gi?8|8XotK|w}AM?*zMLH^&4g+vVh)3K1?W&Sw{zqU(o(llULSlhjY#we?EA@D{{ z&^!o2nppQ=&%)>b^(@>(nMrds7_-;{t11a1j6>DEsR7TSUpxCF4MzBaZzK?R0BO%I z5(QY4Joxp}7L-!+$>Dn`P)q4(04VE9<|YGflTfi)xSg#WzE!1jp&M(TNYzo8B;pVg zTlZnX%gd;G-|nt}F@e94W({4ub>dR2V)8UL`Qskx3~qx0XYN>$_J}UK;oA}aOkHAB z$lUW;R&2pKk|f(yV`U*r4hBQXuuyhG;l|YOT%=PClyA8Vbva8=Q=mzf*Osi&hPaE# z-9=!2<^@Zdw^Ocl^(0-dG7a_X>gr!qRL&=dHF?-j8b+ffx?nAsS6a#RarRqX8#PeN zayQ^|u4s=pzC1GQ$V}uAsplW7v}Rv$+oRWW{}_|zk!fX^=)qw)MgQ`M)*WzEso=oK zNi3W@gb&FhmH4v#Yy&h?&X4?q6h7Z`!o3?-#iQi#8HAMI{4tQLOXWQkIcWBI?x#?R z2X8Ym9(Lhp9)ne}YaAIa+O(%+f;+$+6efzM|B!}=XIiSEc5M*%$tpVmdz9OYrvXYM z!fSPJ=29F5q~>(1GWZ$R`cXK|BF;+N^|m#+cWf~vW?&~Nv-fTGpn1##OVc*7=G-Um zqx~^Q>TP;=xw4pF7kts+K}4w^HX)BlSjiYQ?z}_^!?uAnHr}J{BU`8$1Tdhy8K6~D zq+&83uaLs0!3L{ti%?&M^1!=*{1qW!BV#3cC{fmrVM4rd;` z&Ay{EoyPmvdu8xbp6(nerisNx?ws_g6kR)nly5c8c@=6uvuv?Sip(SV@z-EuvN;d8cRMFn3*?XeCExna1Vjv=2Ui%yMz7Xs%Qv0>F=w-VK?4N^U<#V-n11{vzyo&Ud167FQ-)WJkp5 zk*>{6jIqColLTLI%C|{A$o6^XvehnmISo4eLweaRtUnrNvF-)m$)e`}`bQD}mmSYj^ zYuR6JXCLmSAImrc=y%9h?+qT)_n|cxn*Wfres;$71pXxQlg8=ItRTDp$Q7G{j^Qg_ zBBAF)PSZ46ex-4-3c&WLbdo!MX3d5TF%EPjHiE{$eAbwW6tB0JVD!d5T<(|iPD;*g z_4k_F`edgw_(r6+c&*N1g!UaB;o~MEJ^V(l#x)bW+G(ARs29`S&3E*-gwRJ&*q}^w z2cyTnzGNlocH{QF48;ywOvH(Ky8!92@ed1o|KB&%;DL*?zwwaha|xU!wL3^vS9Ok` zM|=Qj7LP}`Tfrwhvz6I-b(|`$XN8N!rEnNqpDver%a8UYOl+xz2e)-qrW_#ydllN=QJHy)39~s z-K;V>dtZD*wc9=e|MQV1coQ<)wsHL-_-mtWvkJ|yDiOp}-{)GBpf|5Vhi}Ph;fN$E z-q4|VviV2)Gi7vLZ7|I@V5)SJC(^r$8OJzd(YN4KsqccJdc?6q>MHue#DcYP{>HJU znkP8kiyu9Y`FxCXlE>Fe`tuzX>a}#%g^3gq%0gPd*P$NW0G?vdwCVSMNTFvm0kTHZ zw+IATnD>|33b$|U?YG+*$`@QVKD*hQ)54|uo1IaS-!douA-VqgL=|ESR^P~Nq{KCv zvrEP7EH!$;ytS6i2cIt`KT-R|SuIIQDI%B+-?#zN2_3MtS2T!!qY{21Bc(P?pb5XJ zKHq=L+z9+b>(|#YUS{;8<;UBdSEhL;18rHEl@|6WgC5VQRe!>dmS|Za*IS?so{+>1h$o1NaTih}D+a~ciTC@2BF=avOj!b(O4g9*cI zEemn3!|3~&g>N4cTvSo8U!gyz?p!%7taPsDL%le~@$L@?KI6ALmdUEPDj4ytMHy!G z=ou1#rCi=-4uqBX1&FDm@%*4Toz*y$rip`N)X|IwE~^lvWNl@yiQp|{!|}>_*cZ%! zNj4sESTxXI;f?f~ZTTa!A(7#B5PwAHu(qG@Uhbsz^3$BmK(R>tV_>s7+O>LEceqd> zw#;ASCgndc$l;RUYvfa$E>?(^YxPs&XLWL|R;QAIZ5J?Bu5b*Mxr`XKX}_`$jvvgb-ug#ltN}axT&WYoF|oV&SMS1BI#M%vu1W( zt!^=KU#nlORq7ve0X|Z2qe+=v>QTdo+4X(6x{Ga1Jj0b2DYmyl zC!tBc}6yu-S%kG^^6X!NUb zjej)o9~#Lb%<=;~`J*rB$kMSRXKXNT3gaZgh)lE2yGYY1_~JHQ;R41PGn*TATh#G{ zy=9)b;||NoW)zUdUrGd1;q=5VNZ3Z*;IJx!Z-!W6z2o?+I})^wsUR>yv=<($; z4~uwvIH>VmJAT}_9;w62%k>=y?zw7k6iZ;yS>ij|F#ArLf>L(nIgOg>CbG^dj`Sq|qk zel2@E!utFAY%(l=b@m%drmX=DDFw9JNvajCd3h_VAgcBfJ}nq}%wZU*(PQHSt>oS% z&2Hn2KmIneZn3=eDU|mTwcuquSp-bV^L)RtN*JKHnM4C@B!A*LMPHB!O%MkLY2FnH z%gt5Ft;z3{PEIUEQU78S_M$X8D~d>(q5`Seq;Bh+llvK*T<$$BW^Cw+Y5=<_+JG|a z-VKm^!#$~Rmh#2|I(_>2Cdy>0k7FIHRB>h&&Jf7`51&FK+Z@5Tz+n5$_Nr?1qU$zw za|CK%3%J9D8`vkbkK;j7McCKC+{W9r=3IH&Y_{gS)4CPm(bM#F+bevEfO1oJEHryD zMEABX(+b~D4VrCRx9_37l#p{%wD-A|#v2%9{KokB){m51wWQ@_%(d+!HcEz{lnN@9 zUNzLrs7pfH)`3!^E)46Xxh?tUy6;>gg)C>~@qVKl)As@Us$JreFEIT!dT$fuIo(@5H;!C7t z8QJ6`kIZGNgY#rK$~aBNDP;T3P=>uS(|c-g|PFEO8>Fm}uzjSQ(Tsg6UNyJIq7TXE7U zPdeeEJ}Vnk0aD7Tja=KMLt> zhExZ5gA_LMTrx@-FNn?@0z*V6z19LX{vr7Xa3I75lPLsRZ+%ATIP!ZtPGF>T{THsn z!#AIakKI@9*B((&B$Nn@0mn6bqgNs{kuK=M8`2{^{obAIoGl+FXXo*up0q4fTy)7> zpYD+_)uNIfWInoPF^}~OUb1>K;{+CO>rZ7!*I#fPsIfRjnaX~;_j`MXkA5A%vUIF2 z&c*#Q#FM?1p)1D#kiKIsu~FLm*evv7g6%QUEqPM$wV8;Ni5eeTRg$0ARY;m1`DDkmxxqe72*V)6jrKEh?WU_jytsC;r%csx=~|kSA=GRM z*5!h53d^5>WMbpKc)d9IM| zhu=MMpgQZG+VW~Y~0NdHbj6-=+RvZE#xR=qdAXve?%}q6@MKytn$)RDPf2s zPVP##30p(9syg&yY{ZMINPf&+U>v4=vIT79XewA6+`6{0A3#Wx> z@;A%)&D9F?N^AuD0=w^%QArInH>Dq|GiN)9kZ&)Ws2qRK7!I%iyHT1@XLA!CY|#?c zIDzfIGW7^3fEySiZR7}M;u*ekeQI0=dcE*9)_w3e{@O6@_oAM7pu3)X7kTRw&$8?7 zNX1|lsE9kS;_F9`RM!#QWOk)F0uZeTLPH^Tq(?w7%l^uUb? zT#$u{sg1JpXabQRf*l56*+)IHm>3kkl`e#6~wH>x(k ze=XzKQcL24c=9B6lULx;9sPCU*05FYa?)n)cjk_em+PgyY=vu#UBw6WX4m?(IvbCq zHZh~$-hKT!*NcJ7pU&;%VI3>(I4US8^*NxVRe-K6>Uc=*t2`FKf{|ZlX}Gx5?|)N` zF|M@xm=l=a1C zRKt-Zkv*Pr3~}}JXYDS9xe5X0z>7{&^w-groE}7f{Q?yLh=O@*S)CvhcjZD`;p;#; z-t6dpmOa;BdpFG5l}i>g+b*eS8~5n23YRq;QO`}p8Uqp+H!2QmYge`$_UT%&8S3%- zTJmeQS`jHzdEOn%n_uGxk&IdP$nUV0X2AZ3Y)fVuBEvYm++3Zi^7c95L)Zxl0Jf>&ub!{l0G6@A48b*)l=2@9nluIOuj9W>K z^&1-4s7;K5L&WN=lu(=hwp3`4ZykAn4B^-cStd*!>9{Yq3N?C^r$JJB^;rvc0yPZc zSc~Qhc2Ac@bIWm`{QGvnJG^n_o$d{uerjLMJ5m;sYGa>xGPL#=;p_zA%mmFPDHnVh zmthjzK2Td_t=^$`A#d1hy6R?v;-e+RR1%k39XH`)RF)aD-STJ0tZg-1uP%PiIBcCx8ZdvaKPUF6u36GS@TSJpe z_0k|9vOS4(Wo_kH*-y6m@Zr|TB0I(XxajXejNMn9N(ObK@bp`5k39J`Dx~Vmi8U^? z9);3KCgMfj#!9x6$mhoJ(R+wtCZb7xBbN`K(;;+t)fTK=Gb8plzyoOVY|K@#Bi~I} z3f<#9_2b_6+_X}|NsZsyj~E4_O;}HBo12{-pZ)E!Qyc8YO|hdR3%C7)BytxZW&3;~ z<(?6HPyzBd)J^{+2J)#mF^W3{`ZK%w);YU5Cy$c(lJ(zpLMzDkA9=Q1cRnui#-&e- z_N*5E>>>#{kChj#l?e5?x&841xj$dR*LO&jfXXPNuF{OyZJg5aM;k2{k0VYrvkto_i_MK8eHXmKM&%F119an0 z^$HOqSj=Za(b~+(gYL$En##Tl|1@tC-@91#{P74id@G;u!{RAp&oHB#kn?1@_LgO& zl~?X)&{K)nvy&e$5ief#5--exPivG`@Aiy%#<nKI6j$3Xj zm#%T;PHB*^&1!^!nZ`>xpXfK?~L};TLK4&A~bTG?c!jpw)_Il9ULVB!Gtr(Z^XSSHhWI z+_yYXw8L1`WNGaG(K8?TlrA|ws~|vN5u3TUd&uN1`5ncn&&%tOWZ%hi?_N7e_eF2msSK z_qJ{gx)uai2uo}(q*G!mJUrFom1MawD)$cKq=`0_ENj{`UQ8Cwq_Pk#TeL)!ENpeC z8$0X3rY%~^ur`j1&@t{SZAi)Yo*fyGkWFo`c~;L!2&AM~uwh!3g#h0pasKI0!^{@a zu%`E|XI4Rb=&&*INdU~jP_9r&`99Rq>(%$iQCW>qm4)X8`nv}kiOW`u^xt0>k6O-< zhc_Gx%Q|y7CFgOQdn#HP3SB%7sZFOlno6eZkBv1HBcbe^0gWp>V+5lhtiApnsqW+FN6ISP_ zdQPGZb^GNR6>eV!zw1#TRD8fS4%+$Pi_MNMx1(q20J=Jj2;Nc(9GBU=v9Ww1k^$#X zv``I8soN?v5tyy16ExKPS^;a!iao~A=xJPP%=*t|DO2F1O~7{GbAFBAp^`m<$>|iuAnk{2gxvZP~ce-sNVi`XoN%sOgn%dR#bU0={QV=MyG!T~Uu$ zIip~cXB>8f)&1H}nHHRGpdP13mp=V=@NjA>ky?TJco-@m(lt!O&oM7f-;t)w^&6EN{(*P&&R{L2N>9RB$NL>46eemh$b&m6jfWNaIIF z-|iOp+2h(OjM2xX#G&0bJ;C#8IRk0+3zYg&XOkHr$X=K&_zI`~U&HCw@FjQJ-*S@J zeLOUM5qz@#YY9PYa6l&-`r(nTY^&q_yGR6lU<>{mw&v3Oc|6lQp6a*kY=rk;{b_^M z77ZhWuXfLk)JutXIlDe*L?Qh+7DZrOLv5L;z(>Z#Z8mQ-QUl~GDwFof2r_yMB@Z)< zVcK&=fsxejzv)`cA8QnLAa2LZtszXhMiZoFLlxU;X4W2IcmI$EZZfF7)Pk!E;Nwz~ z6YrPEw?nyB0{$VPGKr}i$Er8sbvuu(1m>hBg*RPj{rb2%w1ww7rDONkh-(I)b!+8J zU-gEK;%k4t0zjXVbHI({-2Bq9oU*pYgTeBoR_Oa6$cl5P@>V45U8pFQ#B@klay%W^ zvV}k@LddWqsn_vPB30{ULMwpC<2^aE$U+OsbPjI0M zKXccVcdnw*>Y3Vy>oxmLa+CJ?V&x`Qa)^U)p+NnW@WvnWwvy^RuJJN&pW<8 zIWeOA#c8TQzbQqAehG;4zy>Z5Sj7vhi>NegGn(-)0-6W$a<1bqtEkUItDlkubu@oF zoJ05FEgoa?#OXoD1Wd2|zT&j4;p5J{opdXZahRMBV^)2>mfg2$0$`+xnX?k*$!!TA zMM7KMd?1ISe%fAR$$gtz=814UH8d${uxueEr&7ta5%^QO4^v-v%J3MS8%@`MC$kTw zdNW;9-vWT7{G!pX$WkW9$%C-H*lMpi=z+u`h+VK>ciog}5JJ0btA@8Lodxt8y^638 zw`U0DLD50Eu0KXUMh{z|>JxtO3BfBw0YZxZ(}XyxqB%Fg6= zSMN=f75<#ZC0s&%;?RUjSPrX4*o09G1;J^SMhq8=u(Wbs6DQcrj&vc7J$nWg1B-@L z>{T7HV}ARq_0U^m;Pq|dQ&)>Kx#{)bF7Z1B{0HG+n5SsXl8JpxT#`#Ni}|jbYjMva z+(cX-r@xoa`2;w?>+h|#5#lGUS%QBtGO=Mmo&>-EK>*B2i@63uI&05GK#alyy8FTE zGziENcZHEqf68a54t!CS9I1PzTGM>8$G zKuN2mHll3S1n;--)Y+;gK|w^3C8T!0;R$4C?miBZ0sa~g6GAxwQo zqw|9)l~2$ULvz&fHYTdEYK1v518XJO9h&`BNlI~^n`eFeU{)L^HuzL?~gUWwQ$eoGCIjp zr5Ic!KX_yRiE1pKh)TlH@n{T?inxh$5x+R^@#Xob``wfXGocANF7#>k*%|JJnxHUS zvVhNh%@N0qSZ-@3bIeN;R}mMn@58z$em}f1$Rp|-pixRcRN%qPS*nmKZ2Owjk*0VJ z7jyvLPcp7WObhd7>G#LvU;(2ne}VV0e{!O#qMEZ0;+ex{7LD#*jgBH$qqQ_k4y#x0 z@KLV=UioAGhbmsOIUgG)Ul}LtVytI~ul`dd0`L<%f!D=50wUbHoRr~GB!%~7GVzjxDE4~U_gpNOg$A44Kd%Xm ziBT(lR4-9#@<4H1b_p#ac)!i8MRPjCNOi_R9Bi$+ClFoQfEf%}5R2KpnC2-4qs1{& zPQ>x=wz}!WKSr9z4Qmr=I=cqBlqa(+U?kculv_%b@7dy%p1YwZ%MSr;mk~sD{PldE zzw7zh@Ki3XsJt49D=jb>T=@3KWYLlr%PK zYaLwD1dD>vTJ1uG+-yzFw@}QLPsI{sFeQS~R`s0kp}$wsopNS>fMcr5whg^Zg$umF z6~z;af${5;E|25n< z$7_EU8?%ly)IY@nEXK_QE9zr0|Ax;aY5t_Fh(9Q}C@HjZp80VxWDdheFv~)Xm}tCA zcu$+(eZCFCUgE+O|L>JCA`!drH|085t6Vo{p&VbgY~lzw1i(4Ha`7KSiR7vsxV!FsU;_n;S zr%AGyls_nxBr;FLQyzdfa#kPLN!JbC?KW&!gCe5F{gV(*q0didDaT{l7W>~Wz}PB4 zv!z0@%d^?E0k-4uL$`-t82^IZ7rwl5*NB#AqsvLXXbc6t+v6rB!>7}M+g|V@E6Wdx z&w}VFWUzz>4t`1eLu%dHd4;jGk2jZ1?TD+*FC3RfQ9%z=j~7nVoEUC(v_UTgPKMNU z|9~_16O6p&6Hsd_i+tV-j)?Ry(i)Iak0n%UB~bM7gKHtZjjP~7sYueFgmA_mfoi~- znbp^Fk$d-EO8e8-%Nu+&GW^{ilHk7y$5Ox*2C zfKR`LSBcJr~?SAa!82_ zuH9~%bH}Np;#_F|M+5JF15yFl=ejKhR*CrOgLu}1_8HQSdVsr0# z8#fulL4McTZ@TGi-usl$$8DMln#EVPojkn15DL<^SLd=dk?OlP;dM(;z($U0IA(Rc zj;A`(mj@T8aY7t`-7tFfBpK!GBV+z)x?e$tdQUgkR_r57eS3*J07t__=(1m%@Mbe@s+z%vNo%j_;gvx$}5Js z=-UN%A%G~srB#h%c^YJPev`3eU@jS$+_&Yz|6nl5@8e~lm)7&k7hf_kirUDcVB?OP zD=hnUPSZc6$sq#@x0@K7lK|iJz6+dzmduW+w<$DHU{9}|8w141xy1YCngo&=v;N!Hx&GBZWjb$X zisx|?;W+RkTY3cJheqIjRxgK((V@`@Z2@jIv;?CJiY7LQw_Pm69gfBB^{2 z)sTp2Vk-x-Z}t;g^0G(lp8Zn{pCPZ!6Y^#J#*5p+&0*0r&b%Gz!ma|ZXHOtZ`mXKCn1R_0 z!Fxz2u>Z{XYB&?e06p1}x$KTh6E2V+ZPSWjfzF>TWl~(1@PbPH7FLT7&Z#2`LX1X} z=)zUt5zpDg#$6D^t{JB(7e4Wbq&_ThubYxW99VW_S!YZnMOEu^n%Zdt->28Vag;a? ziUPcdUrcqehSEycWw>G1Q!pLnRs8pfJ%>8`_wrO@2(~+XH(S6 z-~4P`v6~7RT~orJC47E*{EVmYd_J4MUydwR3$SI=pKYbZ7Nzh&^sJ&oPCg!@khNz>?J3FV&Cv|>+J!t=O0qsd5zed z4gnVgn%OecEc<&Ih2tz$Y# zt={?U-Pq?3Y$|w)=tl8qoqQYjRYda`$luTbwSp+hjU4K7SS)>d6=_&<12mORx7XhS zs8Os$OaIVtdfO75?Ix9btx)my;IyX8JS-$#(Q0l0gYY-U&)>sMtaJ zlDD^xfOk(8%hBC=!{FM$J2c(4S?d%EYYueo08npss6Loa&p#6Yy36(a(<*=fkNS8>~EaD~bl2d-NlSqEArs!U8+ zaBYBJpOSog7KS=iu-G81Fq!ZFgpXMF45dcMNN;y!Tv#}Z$M1t$QG59=JrOsSbdNC9 z8eZDoNz-kmmLIPHTnMtgY*^oM()Fl^X8sR}z=5WE()H%YtBggZ>@}2Y%?lh=bB z%RNV&G)SD>WVHd%2{}B45Sm3Sai9VO4#TeiPVfJYAOH&Frm9W?xi151x4J}ITj{!) zKud#7&IB`Jo9{fI>R#9D4Mht^7JVEM3K$o8mi6N zcti8lHAo7m3js0%tooC7M93!kvR!k?OYIx)v%@@krYZG4zNcUTLb;WTg5szu04D?i zk0cnVh`2kJOOAB)wiH=eQ!Rh;epw*lbA;gP8@w?ctLN2_0D7@P?eI?niN%SpgVZu( zku8rEF13}RxFwdeVu}4Rdv!@$6LK#GazeN%d?~DeXf%Szj~n-0$Ws7yHjN!?xx?YP~yurwr>n=(4h-epWY*U3#|BzO&4=U*H&HPEe{6n(mfz$+^ zgwaK86?j_lM@yve;kkM;bju@7>S3f!d_~>T4vT1~kz3TSi$9GTXU)}Pj5CU2Y#R~u zg~Zc8b8ie;BpC*W@;x6aqTYga`S&z<00h|&Ufy?boTug9d=GTqJd@!J0xPtXi7B)RzGqA42}hdM?!?X7_B(XvDbC!C63NnuXN>GwcWpk| zvJR8pvy4-?RQ>$2m0#zcw98Q16Zi7wvk>sQ&7dk2cFFwMh;LZYNgeEXH-=r?%V`8p*5Sy6T6Lh82f$v>fYYIkENTXc%=>y z#N+=H#IY$qvym^ zt>?22=uC%tJ4IfMyNv4Y4a5jG8~SonD)cJnge5^n{3@-5%I2&;$$FAh^;gV4U8?$q zv*2=%y%d|pgpmSK9OsV*-b}xi(*GeK1w&=y(2L8Yp6N~E2FIq`fXiPWjo z_-upDa{eL78{=|L^DS(=A7|cU{f9JLH9S6IOAc`$f)68;SND_lrp^FVuUB%34eF!T zU;nomg5qm3iB^AP5_47dGHu-1dN@2P)Eqz{wGsYD>Adlm2S>%@EFf-aS7yXTB;eD) ztg)kNc!bZ9=hJ?)OtaDr|T5APu3cT-28jgJM;dB z>-C<1>SyVvIFPBYvk1R2sVx#$nXDw0}X`1_^e;9b=hu2^Ekl)7f?B`L~kw{<1_OXy;r`JfoWo1_Z<2>Nr1 zQ=5knIRrjy`T83r!W-WMqUSr=dDO08oU^+D@B~kUQ%?H|sfYa9=Gh`ojIC_fC9M?n3p#Ie%DrjmQLgFO+ z=6HPIRW&q;p0yvHIk!p1_?q4Fb>bj^-@jUy$HYz&+Q)@5ly_VNlB#omB>pMM77O*k zP6!R0^7x9;m!eY=F*YlGPs~a@wly>aP8^fJ6GOFULP(x&7CvwCd9rgH?rnq2_MxQ3@O3eVNT!a7RrB426Yc&7;9JB!$1Qn*oCT23*+S*Gt6@P}$rG1e z(pkK%o>uwp9vd$(HesFUL>xUI;Fh2`Wfl=UC>4*wmKl;of~7DiD2Uc*ct2u z(OjK36=wZ*BU{G}nY3zdnzJy4BJLU)#w9|5fOJiDT;ET1a_gQ<2MNDilt z|78>RLqbPa9!ppZ$4kYxJx2{f1X*X`U6|LKuzo2-8=YIPFm@rTgXpGNzeCaSW9iP) z@ztB2%0rMo_&`7>rgU4jlbefN!RCaL7urNyBK$9Y?3_%=PwIzl<+~%;jZhihKG1;AWsQ5yVMlR!( zTZID7)4Zsjs5v}#debb3oB1iM{{*jSEs`DmG&Z`?-1ZiWW>V|FYS zo}TI_Jq@CAo!oxZ{MP?E!QN=F&l7Tp5zbBACu!@0=HBM%W#Pfx587xcIjB5281Z=X zXAl)AT3&xbU!3to48%La@^ZPs$8FhM#?R+tqPYjKsn5FnKT0o%o}szbn!5vwb1mWA zSFz7x(3sPN0v&az70h)Q0I^$qQNgEDD-_>+P>4K{@dmxr9NX)KLwBDfZSPJ_(yfLKUZiDiZOlyxHIzxhwIEmzEwVmUYYONiAJe^U`*=k+qBWUpt>BXo1U_INMJ&9gx?;(;WXBPC@~AWVAQJX7GQrGNj@Wr zC5<8i;c&os{PffAdsYPujelb>ia0cQuG|SCV6}y-b1%$e&y~N^RZYyVv6sHd0MW_i zHnv+i*-vJJ?%7mUUe4H@rzPD6i8|zRfBaAw!25ucFm*Z}xl&`gCYy8f@Lm)BEu|3` z0>MgRZD+p5Pvo(>Ey)k0=gt?z+u}SV@-g#$a6y25^(8p^joTLTW5gKoFm!iB?95f>QZirI^)-!U6 z(Aa&W-~~vGOFl9dJ6)IWpR_vui8yHyUCNTT4LzoH0(nh2)Y2T8v;^ zyPMBjGZu(#7*P*aMuHVrL(~ZTt|NrcLJ)NP`~S%!r{N>isd$Nf;QBevv5jK`{R5I+ z?QB@8<3HT*OCq|Y2j^&ZnA*8W`jnD4NYQR7ShrA2s>PFrtz-oyFdN=K-VaVuA|ep0iBrTf(3 z6O}G?-iwEjJ0}H|CNO^xX=v{Jm+q;*p5e7ce}Qnd3Fi>bR9ocyLlEFEPdh;VfEon( zC8Vo6j{eR>@%A}{(>;SopDN!^lpow%Nyer*Am>={Jnj-3P(UNU>HYqj04wmd>pv)f z!qsDcAnJZ=>5CLkhz+ZRWPVj0(;6k^)IhN`m+#rOCuLlu1gd@3mdfxsl0WH>o^U5m zuSB~;NJabcDKG?y_aEQ#FE_-^%}XccX1kbL3hz`kYd_4L^``A9d`B>Lavo0b=&>Yy zq1i!n=%f)_oO4Lvd?(44c4KeLH&~n^<=nJo>C%r01-js@bxOF8nx0JfsbSVlG^d~VVnv$!XctdDL1WlsI4 zbv%9r(f;i0&U-4qD(x3hj@wMuAzA-c!U}|eh{t`dESdXsK>ok{UU?)yvEwhNm#*si zFMc$Q9C!Q=y%%4*&;*q)70mm>P;G1PL2*`BRqN6Y3(j!9S0Ru0|2gZ$L?AfE+UA1X z)sNk;*I{~Q2($Pn|32B0dTJ=Ioyk19^a=2QEoF?)uZ<|9V zO&a+xw398^FF2pz^xa+MoSGnnk{QJB0WBJFQFOIz>XVa7*JUpC>%oKQ)ymVHb!o(n zm?40%wLOj*O+Ewh)-eHTiM#cO%>VWHP?Qmi2}3+Stq@EFwL^JoF`Mju^ZnbWWKz{v zq*Ijvm{_*Ox!jC~M{n3l+L=of|Lb%4#83YwtRS_3Y@ZTl27RG|-7I!-?Wbi~ z1`-lD2wXCN~M2Z>$SgPoZ{S1!_KMS+pYIF+gzFz)cD#1i7065Kmw`(xV9=hlZY9X%D`JOO z-WROF7H-uGwNpn;jYAP zZ^<)#{N!T)!E<@$sJ$6&g5tU|8{4=OK&eBlXS6)795L3AEDs!OO8B%4FLB_lVq@ZH zS4Bi5F~&AS&|_)Vc#OUD3!gGO_Umx(Zz^qwLVR;UW{9(dPR@q-mk%Y*w|6T(uCM6{ zYJ`2z-%_?>zox&QXTwXVJ8z?85lr z#9!Li$9BXp2mEj@U055T_{TAsfEG!pw+E3>I#o z(()XK?&W=)BDL6IXAO<(pse0TidwtK`2AWB-7il{)qYB8zv+=x2+=Qz&goE~#`UqH zsg)Vd^1Eskiv_css+Mv#%KNXT>a_xXA2&lXC3_pz=8k@zjHh9UQs;!fv-bQP67mZ* zl$yd)|9{yl^a0{>Zn;rEWUg9WVJN7r@#`&E8c;nF6AMeC>HsiW_BOL!4Y}qhT!u^? z>!twM)(>LnS%D!puAyk$dYJvZU1Q0_Ks5Ofc6I=(lKX37;Krd?4zqqun0GQIL2(Oo zZ5blcDsa{nu4}FkD#;HIZ5L7|p(p~DPJRO`bel8M{0QR2n6YVE2poM*G{ds6bm0a4s z%ol|R?&H5IT5XnWwvPD2iAz=U0Jqxr!?CwHvjEp8Jsq4y5(WnCH`P7A8~L;s09#MA z>+c@OeKT2LP7>((f@?Z!IpSSFDl&g|&HP;C(;g%imc-IZK4@&&qNo6C)Hf$5K$|u z|Da@k+$%U9P6t`xN#VYwN_7-=uXJcxd^nd8UAqVZ=lt%TGM|(NbB031rU57Y$J_+iq!#6LW@*l_O z=&5r(rB3p%EVk=uw)b*~5v`jVod*)C;XPS&cp4s9!jm3n9p~et-FHud7}m~}F)t=R zR&)dbZGNc0n-^E5`IK92s;70j=auUX&gh&wY}9ec9zk@$)L7Afv& zV%p4R`VVR?MBGIi{-w632tJ`DbJHg~?}t}yekF$iSet9V$zhVS^UW*~bJBF*j<joFAmjO*j$8`@mY zBVYYWiH@7j?vgBfY-sA!Zr44ehMspr9Zq9N6{)l!f{#4iq`1|;>JQA`CPQ~4BV&AB z4bA(%tWi%j1QL>udlkNj_l`&Ur%i^rIaj2_(3ZH>HOg-hag-g6)(< z=SOA%^bkw1)orEmX)H?}x_MS&p3S$Ho_#af#{9q(Y!a1CC{qbv9YYbz{=~ zy!5K`(1acvwMEX#m;D^d`V%JAb!+d65eMVY?y<>ty|n7{GQoc@X-zfta6KaNolaW^ z*H^p7Z$#V1pBMS%TWb@OK&HO#+!r^9RJ};tx+DImsn-u&)g8U?4O}%jiKH07u)k5o zyHkiL)P~pwGitGFh+DoE%uEtI!CZy#Or4Zz+lV&i#n|5f$PY6A3NF1E@_Bs$j9<(DTQ{M`*sMGed!HraEM)?8z}N8rm#7_kn)TEFV2l<7>nejpMq6* zP`t2<7j4Lc&M04tg&|i&9yV-7`(?hFs6l@Mne|ksffOleERLj=yQ`*bv%K6W40a#$ zQeeb_RQKS=pkvk!#8vU0Ov`r>lJx)Jc2CYV!HjQ*XwTRh8|uA1d5{l`(5o_L5m@}_QxrzNUWfmn%i7uUwbbpe(#FEC)N$Yr za@0he^%wN!QStsa;5;5D-(Hu$XZG)DNDqx7kBcK4ZXi{PN+4B=G%%n(K*M~1f&T!H z0Eh4a1{xFk0}K=<7Ayt!XI2b05oIGMoFq6(c2SieNR6VR#$Pj39LCPcVlKf=TbEa= z#h-)?OKueOR70C9fg^ z1j?FX{g#?}U}}{>@MPgW>-Ota>RHcZoWdJ>%M`Cn!W-e#J-5N%cOw;E7;S$8)q{@l zR_{;$p37mb0q>3Iy`iZDgD=N@&knL{k~IpLUIRc%WE*J+m6)mw&o&I~?P-|N`vqt= z^d9Zm^-AGNK;5>T2~^nkRyNU@9BFX2fex3{Gco*poCj8aH(NIaE0$@!4`i&~p`0zd za9H(9@Xy4NQ7o>cO4)+e<^xoN(_8!32p0nG{WkMBM9^dj_In?#KP90McyvFj(rj^^ zHdNj|?8;|8KQ7FY5mwZ75v*JCteaIabi)Vu)g-e~D` zRfdOWlQ|Xeul8#L)eOCn*t$&tLZiQGc`VL8cyt}Jjp6s~Uz=Fx!I*v!yankzIm|}& z%6LO6fL!o-p zp{#x%C8Ix|^#1ZyIiTy0Mp4$O8tP&|8da`@o6`?HAC5Ca{#A7ER11$Sosd6Vr>0OY zbnUOzHlUAozhA4+l>?joSqzqvU;K;wI_*6;&?vf5VZUq56P+C>@K|;!T#<766I#T7 zsS=69uW&6uZa=pC7NYZWCWGXG934jUs?G!-|j@O!;#b zR$MqPv6ZdXGK;9S%c`?$Jns8FnFiOXQKXrD;T(>*(s*38fGv+{l5Rt>cg)Nf)x@2( zM#HirD6=pDi-%PH7uh$wd#Xv7-jM|3!^&?mthn=r)zT3F1yVmYg&OKgLMqh zk4@cVRk5tc^Cq;lpq_V<@UPq^6Ml5z^uO-OXB*U^B`AEEr2Cce#T*gxK55Ocaoc!K z$0Y&Q=eFrNl+Bc1jv7Hwy zfmrCChkAN`cnw_g+3PTMTqq4s`ezmy%u5p;*Vg;uHID7CjozM@su>B9HIXw3Srx=o zzk1F-2t%Pj2?!a>p8buk8ETiKg3NfZT%f8dLCmk}x{)4--;QbL8FTfw#2hUJl}AE% zJXcPKTurHotI@b|TrL)A>b|s%0E{1B(-ojI z`}&@V7z~P`o5<-7M3=%d-a{pMTbkmUoyb*14my8{t7V}3=yxigeScl438ypcQ?pA1 zF3MEIWW)!7Q6Da=XaF6(Gni#IX!fG&F~Vw8i}k{gp}%17mRKm6Ry1s?B?T9dpf&qX}m?-}z7RQY9MLQRA6K&$m-9L{}iH0O~U#W6^>msuaRUFaHD3TNXO zJ5=^JwU+(;=%ower5@cWse3Ht>s9k4@T5@wkYy=`4KkK(#|pV{|4>g%hu!!okWO71 zx4|Q4J~`l{i6*PRh|3MDGKjT%HmxcrXTN4xlyuHVIG3xMN$Td?wE3VSqmMr`INcfK zo$Svc5~QQ|dI4@*#eulKc0^2<(oh`&mS+D2QT;87RR7`iHjv~c?@5w(uCfV{S?-=r;!41xHhn;+!f8p3Rm zL?D?L1$3{pPJR6@AFQ=;@blhk7K!^0{_gA2{B&tU%;hpbtt014WF^U7v@))c=?~oQ zGet(#(i%!!+@6iw?8kjc-Gzot3hTwD<5{svGL1r_hx%@oSp$qt$$Oo>bgotr;f}+ zY}UV7!|fDzQPjoxJ@hP8%?Z?CCKjozbM@X;-dFr0ybF=$9)0L}?W@c8kdF zLHYg#%dyecWCnhe7iBPWHD?FP(BcRNpIWwg)@OfOr@T{l&d(!{wMiUaUiz(k)bkQ3 zY)#TV)Ei_yZN|Ex-qbPt9ytLg0M8JYns&;)<%-X)=pQ|sh&HGv;3$`jqn^-4#sv;RR^eAMdh()tgI z!W#3a)e+z1FoZGlDX;SF^GaG{1UA}}0g=v1xkmwltYP}aBBo%XJiCEUI>Lk6a|o4n z@fxS2u*<%kwqO+vODEq((oRMKjxBFs>u?-?+srXbaHWz@v_rRz%Uty+GrzeP=w1Ee z86Q-1uGFbBW8lgHVho@|`qR?5Pi(jQ381ko(~4vt;!V=?{c$8xmggiDE+_Iqv&?+q z7qyR`Lo|At)drIqTV}D=SYSYAaU5wb%%hQ#m75I@La+l#+%F`DG;7yuDa!52!JP7; zyQ*kuHKfn15gUtb@2N{C#Zf68i{xZe3m*e;vuZWGR_zfp1cPV))*kxZbVQ5^4P~3*;CD!eCz^FRIO;ZgTmz`!}&KKUyr48YFht;GWoZH zo*Bm34(7}U+=PnJDR~r6*ek032ena$PSDT_Jc3jKZDF85eETC1U}E!ky?yIs`M%!nur5DupRy4ZIf|IHJN8ELZGygQ0K}x={ ztaCmGG5(z$>kxSq83ZImdEngR{EBJTR51?Ys&kIphr)U5FBvD!d%^;!cC%%f+yZjU zy<38uROVv2-u4UuIpYuD9ChMYlIvHXhL9%&9-U>-NRp+LEWJ!jck6Ng4VJF;Jo3YU3C=UT))w6v?- zf$i}Xs_Cw`o-Iw0p_-4^VIJ?U(H=t6!}fs&eLa$lNEgIA5&b-1tFW$ESXn59iD+WJ zUAJAHuA-i-K$yV3qw%A#HLP^_cqM5h{nePo$Y)!~O;RAH%AbzsQsti1JXUpL>#-hx zz^ru{ni7reslU!1DMji{Qi?&wSX4Pe9nFwweaY0bDJdfOLej>ARJk_A;6DDrb89h1j4S~_ffn(%tt$Yy(plyPED9Qh> zDq=xRH?f`4t+0;eu%(Xs0FT;8x^OusF&Tp^q0t&uKBtJ?fj5C;gJBgzZF#61cGg&B zxHW!xE{5iBMhOnu`rQwDui$)rR%0#nHO7ToIkn`wgWqn&600!HQDWR}{n@Ld#urbv zJb<-$GHyRSXH97ll|vELsH(~W_lQ*vYc_ciFxKKg3`?EU&)m5Yb;C(rLhQobN?;ak z&yRYQl3KtwBZU6aK>F?6X8u)bT#{`$(1sLL(htiLHmPrBZgANeXLWm7v%(+7_HAhs zToQfkXi&>A-F~9dUlDIKh)c2C5%Fe%dtYL$d9`y#;bXQundb?FecY0{cr z*I+efT$|I@Mf-bi^WFWM=!^gQKd|7%{oj-@*H~!}>y;Gn@?q8QZcp2LBSLOG(E=H) zV*SfKc%Lm)vTS9ZZYzQD2bpMT{g{;mZdHN8Ut8lGr=WChs{DoxRSGvEjhwnAX=72J z)odcyCEnGk1irHB>?wm#wF>wU!n^wxD2;>MFI0?6GLeNeIheLk*{GP+Q{*L06>DG8?hpwTi30&j^#{50PbTKTn*Md z&aHl$&6$nzW_=kvjg#&|6lWA?+CyuvEy}+w2oj_qSL%%1!Wnp>&vfb#O!{LbMU?Wl z+JNbX<{_MH|NJmR|9v#{>hrv_e097ay=m~k{Ku8d9lnHSSW-|cM@LjTEPD9%14p)Y zGM)O!F{tgfL?=g$+;N2U12T%iCKyOv=J^w*f8g=?9%cv9XZi5L23dz_PuqJX>YGr4 z@pTo=#J!8Mj-5B2u1?bq@Ok!n-T&&8DhFCJ0AVe1p*PKb^+~A{N>Qeh*q31n#8os24#a)Z^a-FJZ%CF{m;q$iU~%KH%=Sz`|FNlH zkrC^*eV&bfpnm!vG#et-T&JO?w)?^|xGs6PU-DX7$oofn>s>XBqB-}_k^Bzc zDwL>Nncxm+$c1O^qNo#Sao1Fxp^d=lW2FV`OLpK!{v6l4Qdna}z&R~xL<3Z``&Chf zETocW{l6KyGzK(;xPtdjy|cHw&q7eU#f4`-xDjf?vp;5x%$IRKCzF+m2RLy9zv{f{ zYLWS5KMQrgN_eSOy+`PF$uF!_+tudT%B zE^S`dLUzbSac?%nanHA<#!|z5?b0}7yBFO@Qioh+LT;AzamRykIv1{$*Ho%p;tt{| z>2-?^$UojL2&vSYm_V{h2WG9t19#mgNpbq3@&*j=>Yy~tBnO80G~1kmWs`$FZK2DW zU7c&-Vc@{#Y||#uM(PK5l2`$G&R20}J+*g;sNlMInJmq~$4;2;oBRhGBTYx)THH4e zj*zjaOO7Jp)!A^ot1_y5CHn1M($=wocfAaplCii~@fvHR12Lwjdad0FhaF9l^pRli zGp)6_d#;-Jv|fc&+}#Uj%h(u$sSX$QCd%K|4*Yhy>kK36=XN`-w!jY!>_!zx=8zj2AN8MC(n>B&)Bp>ryL?PN#^M9>%p!fE@rQUPI((FC8eVzG#NZOvMB0?w~3ezrvj`ebUf|$kWrcQeSHV;mZi`W`(Mj zJds4e06zy|V(nGrH2d8qJ@V85i9{)8z(*U&@ya9u5lDaPT7&a>l;RPbthTmCl3IDc z&y~qtT~1CY+KrVr!BSch(Az|fcbv(|=$U2MysR(;ZJwf;P3b1AcZ70nDvT&&vUOpKMEEDKRLy%vTF5b%z<5 zn~4y78de|FRQ*hZjS_OsH`eokue3(~4`I>~I**!;-D& zio`u!?{St*A0^ytHxB*>b%(Ta@T~S&fgZ|BJOwP+12|ufGK}L&=7ZP3p|UvfD|u1q zwq8JQFFl^&XcP7AP$JKH*1iYPF`vcP%6TOi+a;#M!HS^y@CN6H-fn9S%lI!rNZV!` zlywWGb1lwz^8=9HLJD`a)YQz4_P@^jjf62j?<;&UZ3JXX2hn}>N`qenauvgxZl{mR z>VsQRVxngylKA#ehrzbI2~!z|*9k+cn=u(1LvI2#!XD2zzu#-ru1ASR!%GKh(tZGS zV@b9{sp-<{Gk}({!l8d`k&Y&;Fz9@8jQO(DjR*&>FvpssSOSFTXLaPn7p|VCa@RAy z!QY<0%szeXhJ%Xkh|!u+LfhbmbOA^#lDq*V)o;&ZnL{(RyIDDU_e{w!cSdHos~3_MPWWFpewz*zUHCd__Xoowh;5I^Jm*B1~vz zLf(H+c?f?bub{tTJNN)L`J&`7N2XhM%zNgq(sTsY45mu0K1)igtIw^LN#0rE$9+}m zQA?rmLLHQa1!xsZ+ojbh0`vqDOSXK8e1I>kWOY~00Bxad!zIr|>zIDY%ry?>(4UE(loc4!S_1TwPjGgnWxe-fDFuvSCS z>u}gn(cV!@=%%m-m@#36LGA0LhD=Yh;Rp;WP~TJbB~xAS4k)MaXc_BRoY?o$kA4Zt zA#O8z0xFN@(tddn$X|xk7@0tgtlaicSLu7;FR<2f9Yt(=iI;jEtqg8)W&{Q|aV=IA z*ofNBKUg-2j}+S5c!6_bO@_q$32fMz2!(WT3_UvmC3A9zMGzp=lZ>98N)qqeoR2%M zU|$!X{zCds(n?Da;iFiLH&OO8 zd%>w9*lsTWj*5YUHHn`u%Xs9gP*SUSWx6tbk-n*p-I+$bYbMzzgs0gEU%Ww}k6MQp zXNksyW;oo_H;>A_HATM5gzEZ)%O{n(8fDmqFd>bZ+{LBUCvZ8EDW;Q}@c@ynAH5w7 z;U@vPv<-o@UN^a9Ym>x3(V5f`qNhWxn7jK}Y$P zj>L^svSMpB{PTW~Aoaqni)@uv!$?j@+jw7jCJKV{LPfe*G()hw5YBcorG(Dd4$x{_ zJ9N;E*n$={qWli1w!jGFrxULB)^An0;wAl1ZMPFwBVLoDLiwk-q@4Oixk?g?wt~v| z`paOKFM}kX^Z+Kkxf4iC?n)s!!q^>F=U_SVuq9rnIIenwR|9s{X9jPTNI!4{b4Qzu zkNc8ec^`k($l8p0UgVp2a7hXS87ka~Y$9Z(D?(*xP+xfOp86$* zuqkKte&pZu=qKsOnd!*+G*sM_uL#&iAM{S7$1Ko0>D+ob=CA7To)2EX?`BK1-H-_9 z^*6u8_f)12WxcB+BE4P-H#&#=VcjQArN86t7#JJBk(P*i^Vally>FT+G1>m9zYtrg z+!aTKD9p6&OV3l7ZagGh+7zQR)yhzjEk>RFgdnR6V^{O1EqrN{At3xMv>%&?#9E#? zPwxuq{g}{&K=WPS?bkp~58XTclvZ@T>^$@6=jKh9b-{%zqya3(Ai@Lt@ECDSGa~)y zhDMSA+y6f}(NaU@IQ024?z*A3 z+d?4eRiGI=c?50oZJ{PEMHU4sOohAs^ZOlENx4#Iy2?)?q5zo;h1y^R`tGdYHLa)V zaIM00v@cI(zfu-~QjJ{7;XDPbFJ}MV>BDoT<)2$1-21-O_h397b2bCzXQuwR0?ZUG zSCSw#EJb13?=c>NWQDqP18y7|oFjpXd#jiGc-!wN4hkAHp9SC7SH|oF8tbzRR>uDB zNqa?L=)Y30?e`_MR5Gno<=ZPeqyd-zgBlEYPk;Ci>Wn|F{P&jPCzq6HzO_x-272%+y~*h2!3HBh#^zGX$Rg@B{OFMabXR?1|tGZIsI*WU;EdLmbj1 z;4^D>9hhD=@?zMw?wX;Vc*r#P?jC^FO*j2)m4Z3oKt{T|C?xJ1K~B5{iFEgK&v{eP zMDBrFO#@0mWN%YB)MW!x-f*5|$)na8btbFd^*9Q+xg5MIL)l9CA)4*H|L#!=K)_WvJaAq-t(6V*J6V?uZsrHuO~Egd|L6aqxW)Ed+ti8}J@~oaBQmJ51d|f$RUw~~sser+ibUHUwTfoMG$s-< zF~{Zu|5WEKh&SNeNO$tKm(67eeBnk}Cbso5!38Acgue>Igv*B5r=~Q&8S7xdb*LOe z#hDs>5@wOW@ItY8nnRFsw!gU?lDsJ^pvW$VaX zj;@Ft{hf6p8KsJD@tU*pyHYh37fh4oP#K}6CR=8H{%v)30?92U**vg2FF%t%MMO{Wb-|BfrjafO5{r|9KP`jb*tzG6Vm_ZqM874!1RG1}9@ zCjiEK=KHhMvbnzdCiB%NM!X(0jaJFP6g~-LhT9Vnn(3dVqNkXATpM@r^{Pc$260g_ zPT4xZI9{&QsetDHpi-^^=>4#)jD6u5&wOKafUcaSO<^g$3|{5m$QsrAkx zgba2(PzzC5-|1PbLbjItz&Tnv@E;U%7)6pEH37pd?o~IHx1A)(dgBi&H6U)0nWg_U z9Oaw?AF;eJRw{Zp!Z5fb+fO(l#upxTI^Rz?jG$3pXQN`SD>58zGV}JwCO87#pBAM1 zzk&M@LDgKNi0d9PZnBajO=` z^spe8*#%P-;{0UgfLn5oGPZPT_-Spokl>{5y{~yxlD~Rc;&_!ZR-mE6(cOub_WQ4$ zqiw()qp|iMjh_(;g<+tvq-?8JL?##Nfw>k$75?ig?pBF8-64EjP?~jyQcZuBqC2b4 zqvoK#0s_8toRw)xygu|Als2dr;HA@bss%1*5=lf#WSVi<@!l4rn)+zpSyn5xI#f5I z^_)Fht$!sR)SEX+B9}lfr6?>_LA3y&F~3RCsMcypF0rX!6%xhJJNijVGX+V z?G^FjjS>T3Zp07!6YC$I<|VkWsn+{Ss;*0=38Y=eQ*Y0tE#`-zQrZxyA)1$zh_*Oc zgP$vZB~jJ`Rj7N`&`Ckxm}&niqNr3xlSUIf$k6#0`dCT4l?P>YfMI~4x2TWCr~7?v zjS4B1wnRjymN6t9vwp6|R@fXdK1nJQZPgN`Ymd+9E6D$|kdSf9l8m{PcF%4)diX&m zq(A^F%zsek3g+-{-%dm|xA!#nJ4P+%0<5)mjDw$n5rsh5a8WiX7w(feASQ=x?xv^r z+;QJmV%-^FvudQm%J8Hg<*|_0+X9*j#oWH50frBSR;Q(19^>jEi!ANtPSrZjpE_jN2=J53OkR4 z3%+F7F;@oK{TG1M0KUc7Z|@8dq*@RcJ&ENz4YSa%T#x;6AAi@%XFsi$40PV!2!*t= zJmpvev=V+h?-)Alt;dK@SG}gPIP!GFT9L}@Og4nzQ91bW-ptTU%;n)Qj` zBUHV&)VU) zyo*ssU@Wr8gL9Z#>DCm z>)C8HUz*W8*~*81Z@S`8T+>gt>$-|&XL)81H!}BIB8=$jPimfMki!U*>eM>J=YaygM&kg% zRfYzHzPBt>hXY-cDJM#oeJ14zY3EqP_Um$U8fW?X*&kGz`l+6YP7d#Ebo)N0LoexzkAWivY5t{c5NVDDzKFSX7a1c6vZ9Km<)ICtULJ z{H#KCL!rfPwqyh*(j3&#jhio#Tk`!+<7Sq}rz>85s?GJ`t8PX7I3>yoMeLrt@+~PP zSS+@L`_R$&|De(ovc2TE=f~Lee~7nzs?0)1lg33edud;#RJP8^H=UDl7V<12C!CWM z2={dpVYe@n32(I~aBGsGFv>NvE$L4$C$w{YZQM09G9yPl``?_Q;_C5Z^KUZbBmieJ zuXvWc08527x%mXOWa`WOB(Y4f)R>8XTBg#^;M$5J_#!<4W7w!>CDf;`!?f8_71nmc z;RocTp*&o#|BtEnj%TwE+yALjHEQoYszvM=HEYM-E7YdMR-2;KUbR=Pnn4f*ReO)3 z_Kw=MYVUCW^4$0Hd|$u6^G9-hlIzNO9>@DUP9v(6-4Lltnin~uIV`c?UzOs%pROJ% zN!wwLrOo;lZ+!UKOb3{%jMNJ-*3*Rd=Q|fA2|zOx4OPVXemAS>IgZCr3&+tfdvXc; zk?K8fQ%G&Tgp&Gw{&Soc(=4n3fLB%bjOSsualO$6>L<7xqXf<>l=20h^etB4ppf3I zie;ddvNK|p&I>3`F6c{RT%3r)(cZnue`WJiY{h>tNDu@=tNP0(2?|!+O#h+~on$$7e5)t( zX8Ppmy4&~8)y{S~8+yQEa{5}!=z-2AyDoQ261&sF%m#ZhnApS&aT7`>f+PnnsPuDR zeRpP}ha=RW=|#>ic8)wQD2GAGthhxTNwm6zFB!phvHy|FPxq!co$8_H-%jd+;*c=m z(80r0@cE9E?;&k%EGQR)T?ywJtEaJU4?)l}ARnEJfFBK!LqfpT5~ z`}sa43(X(dwe7bIW`2AkK2A)lx?=I&z9>Vnz=IAZ!nD&cwIhxu*AkqUiZ{T%*nb`zQkmTMU!x0 z&#$3ogx`*@I>mXpGX>CQnTEEv4a6_EQb14E6?;NYgFNhK*&y8BpN%H2(jqHq%HhnY zZ)x9^(0z;22}^~;;X_B)U#WXz<_<37dpv^{Dv|Gd>diO<^9(X?$6OUHOYW}f)I5tm zgs?27*hg_6zSvy5a`;br@h7pxYK;ge2*I=dOn%>F<^$^=e13%%;U|+co;_`<6ka_$ zhj})%4Pc1!f5!7XK{!%UBzT7Xb$`Y)_K}Jlx9pAc#Ar~WDXK!~tC*(>4cpIVKGa%k z)^7JZpg{2^wf)fXriHRJ)kdNHFve(YgyZiStL_cwqPM6@ztzR9r!Ud$nX)en!|X zV!7F!T7K)KTsmF+`R2>v6vObIh02O)tIV|zaTOEu^zs+Kgo8aEF)WM}VxDaX3#)p12!g!{c&Yn|OSh8Qaunhal^^x^k37#`FbZ=MN zLBa8)7WY+VEzhWVM*@gM^`|SUd1xEG@RM$?_xlwf3VmAN#9BZjjTt9|RbCR1R^bMVBuy@&r z;oa4C0*hhC)k@BtycS_Pg&mhb#g;YiPt0uwE<1Z`-zvaifnN(GZ zEXR`jb|2vj+Xn3SHz}VtXFTVsqM?_%wJ%0+nAadvptl{GC7+JK3|tBcSbf#9Z#_j; z=Ay{I3yFy^ZP%7?5cYULdtXM2aHA?T;*5K(Q7jFQ00<}8F56bE$|@-->F{56f2}CZ zS$}ES5Oc^Bi9|RGlk&3;>|}DhBC-0z9Yub|ioC*!J*Dlhm$r0|?6cyntfok{Np+%y9DMnbzCg zpPr#-H3;=U?Z32CiQC2}YZYIW0#&#xMg862rTvJPncv=D`WBOa zXe~OyY1uH^xE#NqOi>05_Du;*unGFAxTe7Xq)wFYk3 z&5FctiI%z41op*!AL>t|V-UgpC5>%?ilk|1wUGCZLM1H;ymt};G*Y!Xj*T$Rq8mrd6W&_2EcGuzK>rA-+1JJi_kSWIp(a$au62#d?WISMh zq)%-O?NH@E**Van*{@b~QkN89?&&{jdPI=3W2ak<>hzj-thE-W0e)4f^s;(P&%sId zKaDJkZCmYub>m(GYHgYe66B#XlAXrJ))^--b0XHdn52lLd4h<6@2GqTTwDNk3zmgqWIoQ#;COk9ysoW;2d*$k{(ib4X7X_*?{~5Qy{P zW9uc_!i^B7yODbX$%LA@lV#`BAgE;h#?2e(B0 zlkXQIKFD02cwfCc8_RdOR1Z%+grhV-;pI9bH}=+OkXCI3+XTCwVz3Dtd~GB{9vNvS z!^-y%@;>f=9Owu9a2vyp)q>|IDc%#jqDVwrmGWiCYJ1?ye0h=%miVc9Ox)7^No}G& zt~?I@kZEC_+>3n`QJ2w1?h>YcrR<8SQUZ8T?$y}?8OJM6o0!tq?H z4&GrxN~CC+U*l0vG9D=Yx*e5JrO_1{T^MvY@q;NKhd_FAwl+AU^YSoO(1o4XS#k!= z7TnB4-@Q*RF{6%gX&xz=Rw?sMC>?X*iGG*`%F*k5GyYbq7% zkVp=t!h{I#HTz6}m#F;*wmUz}d&z%`@4Zt$LGQh!sDk(X5c9XCCpy$fgb=X)#A;wp z_Cv_{x5h)u42~}%lFNSJ;wYtQVB*|eKi2IuyPoP96mhccI+SY!DB3m)8)&XO2VUoD z(~6BEzL>i4>|JuWDC2^NJ@GHDp?Y!Nw87%St#Lkzm|~~&JO@Vpn#5%~xxQDOCpF|# zV}o6yTm-&U2uFp~k@|gQo|Jvj<~&J_S!!r$JX_0sxA;tM zQ-Lbz4|N-uii|O8CaWO4%$&4zpPd9$z*xHG#&!#%ZQc z2}K@=1I)>~`P7odZ_}(gPHmD|dJsYHJaO}O4L+L{M}%iX_k*8~NIb&Y*Lgr0#oC}- z#H)1FX#x2nhn|)9&;4Klx$M;iA+8^a|22Lt9?6KH&1w(F{R_dA#&tYnboKvWU|E2& zo<1dE$gE7=gb=X}Wc3^{DH@=yI*4$J!k?6n19~XVZBm6vi?o<$qT7pQ8PDQUSm+|% zTb7ZCY{9s_EW*1BD1i0-O~kf0AtEV4P5fuUl2?M|#Hwr7FJ5a=lpxL{MVUP_Ci8dT z$izppu3-$}MI=cz&2+=%GrCpRX=qi@F|)qVz`n@6!Qba*M@u{P+QYp4Wu zAhv`9_-S}X0IJB=vCdi(n^W&PlgbH=D>Vi`BN^`dA;Z_s0bNyCQnWL8<!b4xOCVz(1X=OE_-2 zzZAYmgq9_2q|@k*zfia+#uN0QbUyrvGj|Dl9ZUVvp@v$rg+laTMn7?>WU7IZLs7y< z?a_P;oo|)umi_{ud-_4fqitUe7uj@)hGhQl=#O1~2t;yxxx@3z)Zp|w z=9S_sb}$o+&!YIl9TU@YH9A+rY3t;U{7p|4JZjX7J3&robBFbkbz|dErqB>KUrv03 zPY$arGg`4{vmI*vQ8M;u6+7UUP&d2f<4c4`V!kFrZH6>cDa2umx;~f0%sIFg;C7&_ zO|~DU7tkX-T&;nv2pB9R@2Ai}9UN}fHY9e8i$CrcT;ERWlqDX_ge=woE90&Mk@~h6 z{Y3hrqrdMQke;hM-Bol{`m;pu@Jt&Lr#EZH{ z(&u!oO$Vwej@!CBquvJ=D`>)3*`B{l0YB&Usx17df2N8E>yCH7S^t=cx0gIFu2#p; zj(fBHxyKeq*W<9!zq)FWG`U$wW0NuypLBaTQ9Bf^>6b(1Pwm&^l*gQIrWMJ6VGIOu zx%hS}|6r`Xdem7gO}Ey!9xrF212>A>l*XeJf@={lFZ$p=7aB4jq7!Inpm*CaMWvpAAH__W2oRKAio7K|5=&0nfQY9VnjkF9B!IJ;Ya%*1`Et z%e83@#t&Q>)PSU;jKxm|MCj-U4+F_`tyD@<8#PvG`I8*K(rETjEO-lR>DA%n>pzR%uiHD* z(eHC#fZnu2@v0A46wK@^e(hv9!2+_-ATdIW)rjBCMW1Wn^}Nk2vUEE`1ZigY`Ze^Y z_s8brIqUuqek6K4lGzo0MWxft#PBjv^sKg|WP`d`k|mo;LO%{)C{H?K z2GrAc41Tg|WZ3-?4t+`{QUtb2W?hjPoohrV3OAE=^Ch6oPwVv^d13C!CIMRTik@j=-jltiCDq zU)xb*j&Uf?jT%o6^zhIL;{S|P@RdVfDC=2%-u~476z(9!bBD*HZUl%_xLeEXVo&ue zZsvaR8~n9aZZMI;>x1LK;Q#&2W*BrQ{}?)OhuCcy? z=*3PhmRQWVl1?Wmj4#6Am<{{=);W{CCvF*v z#}5{c{t8#9YsaN$aEr^8-tMA!X;+miaU}MA(&bJQm8yigMnStg6ku=OAwK4d( zL8`e*05_d{DV<>kt@={)L~v%6u=S_NY;l&ZG48L86syqJ4*<}e&PU(B!0&3Smc2Hr zU?1!Nik50=F7xINjR1B{HBm#SR9#jzA2ydCIC+tOZdtDPUk}pC+b?VrvriX-R3+>U zil3U7jve=F!CC`a*-f+*3S}RI(2ap>!sJZ%qpY_oUxi% ztl>VAV}*mNRyUZP9pL*KdwqV3{aJ#@3!0-5K#^i7`8Vy)N$p7j*Fg9X@dgHA=m_${ zYhU#J@I+oK(dPZj{|X?K5u=3Ne8~FZsT-*p+i=*kKj`MV-uu_U-y(tdC(7>*IHsdZ z#6^?8p?H2f+7A{a8a`$mPK!4>Q#Y+U&o9H|%5}q3re9AD6lXZj@v?#W6_54$zP@aX zC!ygji;cvs{4T+S34&G12OR=u@0(r zx}DOJE>x%|rTUVem-0Q`#yFFMqw!Rks~#ee1OZvi02+jTYjZvdv-MV(v{*PiNj^KT z7*Qbuem@5qy;>gmMhc;PV^5VJAd@~3p#p3GaFhL>r-Eik$yt%U&!$|4D82)E$pm7d zI4=qey0nmlYa-FA3rs=OfBZ*g$z3fRl`68O*%^g95o6`x7pn-~k73%vC+X7Gf!1XiTDH zaq^QoosY+xI^yRs#2vk*i5FEO#RSDfmY?(f46r}j_k%Y3=@U?!`}4mINiY$nSHkJD zRP++2f3F>`!)l*wdOIUH3N`**ZJ@+{tgOZk@6rEaGQRAi+R#^zk!y}1<;Y+jr6cyZ zfRRe)^D-Aa_YdqPRX!`dGr~q{Z1mYg8X`ix;vR%0Jt_zEqS|AqDP8bo^W1AG`5 zOIiuem30DXXZx{6FS9J?n&sQy)4&B~2 z3Yow^QJ7xOa8?L%eu|-nojqMUE3UyC5aM+5TPo3>8h#2-vq{L(*DW6Aid#uTv_l(L zJ}Mmd5q&KvfXR=sj*Bo2m%lLoog;Phe964vgubGoSiHa~trW%O_XqI`M*3!$#l zq+O|v;)hYvG>W^?xh}8F1cdU1+d8j|8KpNcpq)!pIf)k(+p~#v5-FygEB7MCZ90iJ?6yI`ZKm8!`A7 zW>Au;)yLhNjI*vB;jlGXJtYYu-~R6MN14WMx_hYQ@)B5gS~4@7caxaGC0Q}ZQE9I? zLsj8j+qc;l>VCQyO^I_^qHz|p(7dClR*~~6<(ZGOo6Vx=edn&8T*mOPigw3WN@h0A z_cQ4(}mPUfHNm>Dw}9Nzc!_B=>1TExXlVy_S{ z6Qu)>Dr3d^zVd@49`|$OBz3A~jXSo819X*Y>A1_R-}-x;0tvurIgfASg6@U7;pa`W zzb5hGK?hc*cx&u3ygy?_r1&5|i>-rPLm*9&6UA z?#~Z?xvVC$khnl@87k{Ru_o9|P@3gTk_lD!EB{~|0L_&EgHWKo$?O|A0&173hr;YeDVYvEY;I~+8LdZ_{3@Sj%*vJ7h@8y{rxm={We5uzpcOM5s7f^ zz`2Gob-%xY_4kfH%A|vYxM=O41tSEhm!z~XTbSeM?t3c`H!AU28@yQf-tfcx+mI9VWr(1tHxZrU z;b!+JVwQ&>z3Zt)8~t&68$QfxxAlNKCA*lykjVDj3dtY;V2IQ z=$$I?>SxZ5^~W)r4{lt25;ofbbgjjxB-_(|8dv5gn>_=UK0KMV=3S)=pVkBFBc1T? z^~is|LN==+Tns6~ZA*iQBEb1#mg|{j#ygtGyi6Sq={#l&r(dh6if2@0*>8@kq<{-!;CFtmk$By!pN4#W&$j{$ja!q%6WIx#zA>v! zuBxJt&dW`KEYj($!K`v^wu7gihjxk>jm$p${0F0^_C)C)jNRhI$oT_%G|^9T67>+$ zp!n~u+oUQEQi%Jl!8f}ysfd&P#e-yb<>J3`AWy6PH?eJ-p5DS6A2FxC> zo73_4+%B(<^II+tXP9C>iq5|hUmKcvq6_AjUW*oQPdg9ZkCl>6X#Lw}etl7zO+kG6 z*_qUA;Ibx`I@?sE1w9KO47GHiRUxp-K1ak*Ep;R$`hnHY%rD_PP}YNR3YZTWt||F0 z$J`DKCr2fiB??ea)ZVUG62_5uX4A(Pm;_1tHc0le?(r9s6spR!G?8PRM0{*4Y8S&9C21{ar5E9Vwg z#@Fz*9|6+}tsh8*B3uKJE$&@iRlcLwRjQMb+9zwI^UVU~({+md!3+D?XU*#s-lRQK zZSg&e3oa0`I3i4NOvi<`5MQU(u57W7(zzZ4Z%V)*GmUJj1WW&}&0g+9=Pa6d#FR$Z zDic7lhv6qz2#5KNwU2_BP`@qZ)TnhE#gl~d(}zmG(8!*-@-mN%2dN2b@CuQ zMnS}IsRvY;3ha?cj6gW(GYT%+S$ylL%Hgr3tBi!hH>kL~tzOQst{~-RHMBfA8t9Gkw>DH-FmeGyDwEM`3m>HF5D=?uP45ZoNN~97ZJX`^GnaWNfUacvfwE-moB>hViSv z)kzhi!{DZ$e9)Agdtc+%w~D^(jmHBoP|a5lXTyc?Ef36g^Y zx#!;|B#u3K;MMZ1cR!2`bKac#l}V60g_{|!w{FK-U&GIYOEX@#1nINKrCvvux>XHl zzKrh_V4US1XeQy+>Ws2Y5{I)K!3*#FV!pIiU?(MbJXN>4kr%EP?M!!!EP3`$YrUmw z34Q;5L~9T=(U%V;|0%CGbnfs$CZdqwZhF#nK6*IiNuMFSgC+8tk{T1)+$AGymt^Er zTy5SS@d*Z;eqc}i)`9xzaT}YDyKA!b6?TF%g7YZ6;+Fmv?RnGl(OZiWg%FW|y{1PW zy9Qs~C8$vK4>HXu&07Ys!7JwIvNqzCN^X`1$^?aLu_~?+5HdYcA>3J?6P)r`mjFm| z#w7E1`1x8XHKXSeC!4;^`ZgWvPu$vEEw^=beDhfgLVU1l+SgePzxd9p^d?9mJf`>W z_MQ&I+cpz|hbjYn2=M1b5}{RM&-_(&FM5A!G9?vb_~0XW3e>Q-8S{1{oMDUS3?|q1 z$&6Wh2PZ`Lk}|_cF!t4JEfN^Nq5av z@;80@?Lp^HDcU@KS-jzxPg1_)Ik&R3>?7KF^zvVvxjgT?o70uR+aja3pL0)2bb9Z8 z*!qPnUm&vy0;6y86yfJZ70t651CIy~)m{B9ss5JSD{!vr&)9tsdtRq3KCHnkbNNEd z!z%OUE77I};ibKrU1M19c||IPq+vf^3v)q$pdeJ+Syjv_2pY#qkG%j0O}-6Ihpq?O zMh>)m=cylXreZc5tAmC2%LMRiplw`4^npJ)I4?6Q zR)js99DgR+lA@SKL>=7%vr`j%eWxkc7x>E;PdgXKkU+-Q-lf;v3@%6jJJPO^_=%}; zx3ZKCqsH5jcEs4B;Igc+Zt`z24chZUN&8UI9l1%&=wKTPUZbz?(W~The=hy!(75|K z+wPb@eg_YMbflHU@3Ip@zcu3wRvZa{T3RoeiUC#5))>t@E(Y#CIi(_;nQ7=( z!C%V3h5x785?F7V0&W5=MvzFUaHbznwDhaFHjY3A^?;?1%^Od8;@RSqS!>>DB`6<2 z-ENibGvufMtFGikTz4`WJ#kS$wwR$ewE>eSHcCRE6}3XqwNeclJcDgZS#5~#Yle-8 zJo30>9UK8$UQdCf;C$gz)fMGLcdRTqKd)t&qyGB)=`jCi*(K9I5}y&gdrHOQG0&Bx zK_2s>5PsbMC3Q5wPD&Qx7_#>26lN~BNmC=k2IdG8B5;D4LPdvekqGU*Io)&NtoCX^ z5VsM5d;Rz%|Hiiao1h=0eg=L?oJO97OI^nLcZ12+W}zaV1-_p#lAi&%`u_MeIUJ4c zLMGK5=6sR|6tSb}kh6mXwzhftZ$7`;Mtpqr6keDp{N7yFJ&5qZA%${J3}b`OiFO{{ z@5$^Gli-c~na7sBFPp`KRgc+t<9yir%%9;plZzd{UHXe!5yycA=TihR5E^JP1f=yQi^@ z1$p~f@cU~-MW56b9o>*Ue$Zu5reaD=S&;}Zni5j2N&cu^|JP?vxA%!)HTV_i?3m%N zlYFLLm37C$%-U1N6~#>t@g%Ove=yqqN3@mO9HnOcL$pRA4a?Kjdu`St3ui=<-(@lA z=n~tx;vNJ#BZ_DH*Swt?6mU#$y^6^;L(@J^TBv_CuD4)l{V?}Mp8jncm8Uj+vvA2> zzYgoxb-3j9UO;MiFrzZvtzrA5JaOEN#j#65ziR3{2GX5%S-0kI3_V@Ja zI{Cj*tcdwPVzz;6|6s_}8~j_qlw{f3cAEOlWRDESI6t_^fxZ^M_^d6YI^mk1mq6}W zU+isxm(Z7xW<3;CQKBcvxdz#!a(#I=I&kqyNR-^mjaCJ0KPFK=5<4m+SU`k#6U^=2 zN$8&9i~lRY=*62wquyz>BhqMltNnGKDHc0CKo@iuL-S?TH9+ST^jiv~lq(?aijkl? zbDwjS!*T+731v@Fq4}vuQrl9RT^2Om8dN!@-si8AXtJ7i`TamSoSWmF%ce;$8=Kcs zOZQO9^^pHOO^FTjJrW3mr6}uc&*fMHUUd26Y5(lw?b$82T+&J>NFGZVm=S{uEtk%< z1Yso{J3B;gqB9zyo7&fGqYdjrEkr2=eB$f96#kJDyH{IbRxU)WgPA4*usv z5i!}tq8jsRbxl8__F^GNvKsKrilA}+3o+%Nf27XKvn`&4t-P1KO znGG*cw!a+0p>0YMend+{}@q$@@(*W3=wN!fs}0-`EFQEG-ayoaWk#lW*XpTc#Q4M-NPygf@{I zc1H4Ge9=y*9wc%pA1+_m+v9P z;b-~7gN`4{31+ER?CV6)=!5eV>dzZ^UyCkva5&oajc8-*gao7z)ORgCdL6JwP_XfW zsP?oqusUBTuYZl)cf6QX0i;%K{<8LkrYjYT>BD^zhvp6-VWP>8%w;~!ya$1XwKNQ7 z%ANp#V!sM>MgpMP{Z{q|ZHzR0lUIPC`1)7ZXcV%Ast6-!@dP8;wa~D5eLJ~83pwQ6 zbJbEd9aAE7;#ZuR`6EylVtW%s6jE>cxjBzN-<5O&B(@g9J7%a#PXI+ff zh|QUmCs!wRcJXP4DP{{P$;I=zByi+v(N#nG$6Y+N-uG(IrNo0p44W;)r!;yW|9)}_ zZmQUvksG(Np4^x_`0a2oCtd$OVJ}|$d!$15WI;%tvPeEBpm|hu1(~Zxz>DdAD`YkU zIhCOWcJaHwLbyn^=vSQIimBMSfmPfKV#`qVCZ@H3Re?JDx3R`P>~T*OvNH%yIF z<)+eY_+_}>8w^`F&4ukW=K=vUb0>R z4odxKYL_n`JX}mb9jlcM{$L4wlq)Hq{~*Qnfw>hWaTI7?7>m1T9do|plmWa;r_M+f z*lSnejJ4vvq}NoN0cTGC(2R)+Njq|y2~*&shlXP~L*7aBvpKHTo4eWpbE1hi>7Gy| z?4Pg|o)XMgAh_vxO9j4%uhQpK4k4s-N&c0FRneEvy1K7RHy zgJxBOIYln4Z8+3x&jBJ@D2I$|#e^-l~{lmKUXkiH?)B1?6Q2 zgoH?hsv7r<{J3Ey-Rmmwk> zYDOF>VMqLon{}CLJdFqjKs`(R&_b%JL%J>HiAOtn#41@wBZjqQ=h^z@$m~~biP|g* zz)*r6{SV*fZ;6233aDR-AiyJ=FyoS-)t^>B>r1mKUF^m%R;BqoYfDPkeuu42=K59_ zL9H7e2lczIQ}XfX9fM2)o<9zQtmsh?+I68c>I`=L3#y{Z>7P@|`2;i`%+sJde+nun zYYXbx`qHgw&$m0M81GHylXB;mw($(V{O;z62gZ?dnd;VdADoVU`Ogz>x-3L2x4#|3 zFO=ftEV=RL*YR{Qv-|Y(qnqm>F9?md_377xwpn95t+B^GwxJ|LF8YtpYnb}fC+uYG zd2DWHbO$AC?5N(_U=1L>mK-j5-|LSLNb4c)kc~YWY9%?JyzhRXmv#O5v*m2c8u|}L zY;{2FLh`$-+xd?j-fM1ozRSD!LjMg5aPtpgwX{RQZjGkLdy7d^&$KwcDEW_avbj_T z%++e*oiZ2^Yt-5(k*@R_w639qFFp$leO1ww)HEEKYiW0&SP(Gwg?A!>t&4aJ5@TO1 zyXFdmfL!&-zGT}Ok91d%xs4srp|p32_5+8f;zQM*j|#?+v+Ti7ZXG&nFbJ-mOYFNB zFtz8+Kls!Vj-e6qB0sIoxG;)A_e}y5TjFC`N2))ETmyc&*qigq!`bDi%ZexFic~x0 zaV(jAfB7D1=jF+u8K4dBF=QPTMX}ue;TMzY`KDdSO)1x;N+LV|8BE?TXLom95Au7u z>$IM!TIl1l7y3T&cBE4uj`!H;<>yE1J+_!>lF9L|bDjL(5@rm`akO_eyFJ-pgLw|Y zT%hq%`}=qRnQPNh8Q&{zbys92%rm<2v?w}yIWASDv)$pCxz8~S&C*~y7Eh;hu&yW! zy(ovNG1~COP{9x2)t?A29XnC1_0BH6!PlC5MK1&fso&VpE|`})pHbDV^%R(tqd!{O zlDud{D_SdW?MRpz^F;0!R!8gT0dU@S2E&<@Z^hg zMUPuz4S^}~s%3ZM4@48Nw@~JQ6$CDM~tt_P<0m#=4BD+ht%D zIaIHVei%JJ05g)l9f$j7yXtR2NHrEls0$`O=z-d4hM8m*d;S}e;&$0x@DmVPhC(TT zL53Q6415scj=axB&hQ9C1ePQpwG^M33A4ABpoCE5Gw*Y9G`1s{A2~AutbZ49r1_O& z7<<9A@DMlFBx?aLT|vVyV$Jo)BQoye41S~*!k0FieE$Kewo|{fal>P*ELSI>ix}J^FJ8hEpGM0{K3LE z>8nP3txo#V`+sl^JA-VHhv-Pnc5ngKWxXs*?juFrV`EF(m;IAE2JMC5{X5Ql9~C)I zo+ekD&2`-dUIMe#ph|MT$=MZ7!hOinr%RSGbho9eas2EQYGa@zX}@^qeOe># zj$bm;9D$ec@IO#azVLdaw+FJN2+bnNJn}f^bx?7-P7DxEUDYAP60xcxkHU^y4l_}W z1`*u{TDi7BRPwLEh~BYQ^Iw?BTe(J+lSxhOtF;0_Yb27WJe{#dJP>C&eQJ5tsP zsp3Ibw)~(|-y@?($ysntdb%;ov z$}u5aZ9S4rTS(}CzMz=(560oZydluvt2em;}(cM@fpXAWv&?8~+|k{$0V@hZlDS*XO|(_~0JkT@iMf{w*^ zicwmrdM(^@*ZkHMtI$bjMwx?@?ypoJ{m9J`B~OX?)1h07nnV{d;A9DWi=%31ZT&Ury5 zlCULUc2@TX%}gAKZM*Hcj!8gc!YOwQSlUE{iEpy{QaN|iRlAnbPsmzH7++a@%bL)M(dBMxa8S0wZb;GQ zcz!&^AAyfI1X6>FHrwugZcwij^AI@ppWJw0AQcf2XnGrXSr*1aj={@;nwP-Z1-mk) zQ2&JQfI71;VY*EbtYKn*Q=hm6x@>}}LvH+%ITF-U2x>$Rwlym~F&3D_QBs@`&&0?X%SdmG(THk)Ze6p8 zn~%B3D+Hl3rPLZd-`MdY9gs_fJk>oje6qha;8$Ln68jfZ*ZrA^av9>^eu?Q`Uo@J2 zFD1>q(i}z*6sGjBUz~E36zFI7lKz!aK{)+RcVle<WCPt`SNg*5vbkvDf0I@eU%QKdrNZhnb@mBWcn-jXX|S@F#2ygJD3ztPb&;^ zB&#KfU$Ao1>@A*YP{KMT=|Li`5gxLD=2Qa4g$s%4#_f?&I;F80G?}u; z?2|G@Lo>1rw@hATxhvN5@;M^ zF&_3gBznT9W8q5i5u75tKWe2D-33U5SqDLD2_Qkz_16zG4Q(ovTuNh}Gsx9cS$7(G z)s7CF7M*Xvq?cGTzaA*S|a;juxhs zE3*H7c8>*LGfK?WP

44#QX8U1YyZEfoZgNtjyvwQiDPe4Xg>$d^s>1={aQbGgu zB=+pHTRt{BTJ{+%LEi{7cOY!1tqE@w@N{&qo1-h{H{O3rj`5(rw-`szh8N&C4{8j^ zmBo+ja9VTb(M~Uu1N&4y)mHe_ zy7Xw#x`Y<4OQ>Y#J1t;h?XqiDsqsUE!inxyo1KpKDU_-jvvNn)VBDH?@ z;+;C6i*&3#V>O72GSaWagq%+G#++K~>*kzI})^W_%aljT@y)8>?zt(8zZdnkA(CsHd8ti|W2u=KF#aQ|lZ zU6x0ReTD#Ql9fa+D^d(zk5$-XB;mgp6Z&Y|ChD$brZjtDhB*{dWR}@o8;mHv0bHlI zwD_+Lo-Ttep~hoQs*pGi8*3pxtlDYSl;NV7iME92!>m42ZdM=4qELvxp1-x(Se)K33-oWJJ{71fGh?%^e_Xzo}o} zBz0z*+9CGIXGg#g~9e!DB3N zdDtmg1%`jk0Af0m=M`34$j`=!6d6)#y zq4!x)Fy_3mrN=e5s5};)h}wqyf}CWD53NDwom>z=fn1c@>9hMzG({4eE*Z6PvB0%W z_D~Sn6R8FrUtWx;J%bT-?fz&cBkB)f8bR!WZiwPAD9&~&7$rQit(^+`t@J#O`hRY_ ziAO#1{SIXDSeY@QL-nX7tp?l~a(?B`rU}ch#ybN0t+l}`WVkG@J!u&!Q3z zIFhs5hKs+(&z}ol_r2e8!eon(rdo;xB$D4?Edn9ZGnj!F@OJxmasF$;T`9ngr zx$R(S=P$|Q>2!b}Wzj$5^QHQRaOjzp35Q+liVpqZ*!*16gupquSoaok+ikAic0IJn zKn9omds~F`(fI0Tw)!<#0{Gr==OLzoGhcN1toCohW9#5=pR zD;iBRmyrKGm;aZm@KNCXQ|$43&wsg)1@Hdg$~8P!k*42%w3DYc$;&!OmZK!$O66p+ zLk@?qQ#rymCp|VYcK*sQl|5U{5qn{MlNAw5ix%#LicqQz8k69+hPizxU`S6H&WoqX zeHQm!_RC`q7V3ishrtbljEE}w^}d(&L~cAVy_QZ&R=U-I5LLgii6_KU1YN_Z+V#0_ z=@{{dUgbU_h?4iP{1fFo2*>nC=J!!;C%IwY9?jFsAAc_YSUwPE1WzR>cuGJ-TbwNU zAoC1LZYSg9*dn8zT>f*UY|;3N{fOa9VKQaApC34^;L;n7oySHubMRmu#Ah)v#ACHZ z4O)uLFn5a}J~aw%{v#dI)2Q8s4xlXj@qYC?LX=LEc8X#Q@kHR(9O2FcbLbc*_#}k- z(<|vxPI)g9T(-)mDoxRN&49l}gphqa4N3UOS)TVZd4OS>=ai+5TX+nV^+agl&=>K{ z_(i4eAUo-XexTn>;+=DvaLqYx*Tr>h3ELZ>#S54v(oUlm{L!%BbzkAxb|8rchR6np z@=`!yo%+Y;aajK2yJXXc#*$`~luQDlxRYk0_I3<%;x=}6?-HCby>FIOOZN{3k$7JD ztofZ1rx^Ruu7z^T*L~+REP;d7zjH;17q))y`0ZDYXY|oL3q08*WMknU49t7^|LUOK z|BtD+3Tta^ySA}XoZ=Fk;8vUhg(AV-t+*6-x6-=de=i$3l9@Sk+jWg`4!i{N-GRkVK95zhBD^YRY+~zaJ1W`H8D4gio{qvhS|pz& zh(D9Y1!`ndi!wy?l@1TlG$jGqh(GjyBs;5^EmQ-Vvk!OvW;aC7pa+iV$*l(>4jHc% zv6LyCT3YKLE59(bHKg0P63F=#swlMJ{Nd6X`Dwjn77dxIRqmN7q4Otnz4$tZK3G^u zhzoSfdXX2#;yTeqqo4&sYe)^O6eR4*f1@I4Js#W*aUiJn+vcbAW^ItCYb^HrwfUni zYy(q}>JXXrXT+gSoGP)n>78*(h&Nt@jUt{QuNm@&B>2M!h`0fS(Fiyf9Ov}-NwvUh z%@thx=wNt7`C*$cAlU&vissS^M=<9#iw5ck$#*mr=?=@TSQ9V`w*W(WH?Dc&JXp#A zs_JFj7%z}AnH`;v*rxc@cS�P5=EscIo}vsZ z@kaA8Vx2vWAX19A?pCq8Jl&A0*hn?NLB1|7j6k_^ou5}-*|_2556{#IVCQ{Mr2*QW zNfH^Es{AJQIr&AD(6z6~=H+ zW7l{rL(|=7c%tF2$bNtkF=F&v3duc?Mr6-?30<61esWv%MQ=235-LNhoEP2c;vD5L zd4?QxpQAgYRvw(+wjz4N;??WXq8j@a%rVC%sscMI!ms%cOW09p+#nw zl?i5c2EY9o z$KJts@!DHQc_QxOw@T}Dy_tbtP-Sk}HU|;YjQUb;KI1>^3R0~v)9w=S7p4Czi-nE$ z3?Swa$&kr#do4CXm0#U5&2VT%cJz`o5z337>mgA3+41Y7CaFYF#pNgK^xHC-C@E+= zV`6*^ko!2!@3Tt*`@P`UXYyi=y-`mib8k$7uw~AUn9hEoa>;L7M46?k*oTY^ACxf3 z+$8_ZlJ%+L#B`pm;B(CM%-AoPvN}p7%9Wm{QG|}Ke!^SVP{4ads%|W@t=dV z*PtlD9*3TiI$tveL)tGPrciI*5ov!!B@?}cXFcS#LJ$yV=1vCoYZCGCL>#pVTu8>~v%tN@ZU?k+aA+Kav%p$JBQnMBl;UlLcNUah6XY>|xV& zh_0)V(A|n&GAUEmuQSD=ctkPwveX%;2kuW5fQ}MROF+qQpX{<`F$@vPAcJE_wJ%pP zr;+v%&5xADY1bs`x{0vk$pWq}%ZP&MiI+_9XH8OkmR+%?EG}cElS@mK3-~v;q_j0j z^Yk?tE$6$K=gKq0HtUSd;!r0161Y(oCx4o{|9c=yi%~{8& zHTKOA%ldlH?9b672}X_pD0czN zbpdieqVLyFNG;f*L`u~|i>&7Qi19i8CWd_7T@l5YMTqQo53i?Xh>o<-n|OREpEV=~ z3R|I_A(V6KEhY2e9Q06k4GJx5-+B^Ur#+~-MWASW2k$=&{N|O&%jjBv%-3vZ^sj_k z0ngj+NW1q}0JMur{|+lD+@82UN;?mgIK0(Xg(kksWzVZgp*I4d=W`8weMJXLy%*Hk zowDZcsYtlB(Qh3U**FN^(-I`&&`M&>I5KjYMfVEFvoWMF$T5pddW8@ejRPA5#&I|m zHeTp54qbzUa&fkk!x1H8$A82!nc>(GBGQ;$h>eiH9-TF%1bY>W-bKp^ghSP~UTn)1 zEB=soS*OzNtD(Blto=$ow9oxf#FXN6z0sIDtREG(yN`90T$82Gn4yI+0~(+ai!=37 z8NWN)^+?lx%O-Ktf{W22OXE<^Wku_IhlL{PC4~Mj(!DiAEQy=Rrn7^SV}Dhg zwSxt0a(*SjoIEyGWRIb%Ad`9$0Q-r7mEoBnxhc@dkJIK05?3ehjh{0^-O*C6)SY+( zW3+N;&QpM*cdwqX%_gC+G=+KxGK#Avk(Lb8OItL`Eqw6 zHu1efn}N%7t*RAC<;rG_BG%TfuRlck&^61iPlT_?!STSsM+ptDGj2v6W=peHOs|<+ zsq{BPu#Z)eM-CxtNLPha0Wlk?LyeV}JT=&-6zDNDF#`Mvatda?P0N(MW5|w@4 z*@36pid;wDMaa#u;{UDkwnyo8yDjPxnP1n%H6bgu8X9U zg8`cU$?O(pLpg7bKT#&*)?rIkv%*;-o)Q|%Rzegb~5^U zpeVyE`hM*M3sLDCm&nu=38$y)tX-6FfQ*R7!Wsr*Wo`Sgreql6x4sk~uaOh7)0T!V z^GCWeU>gJU7Y3iRVMv_(PbL4;6CBUbbkV#AmkxTe20qJ`Cs_L^>eI+r&0VGOs#tkh zCyB)^+&OF77sslheD@jto}JId>G5P?5+5&$1v_lDo#BWxD?NNvmHdlTW^}7+B*y-R zb*gy_v9%?(L9yIO-G71Lm`Qig5cGHVr-O(!Pd8(4<5o`K4s1iCk(&^$dbB;j*UL^! zcx1?H0Lm6%sVVZc?&Xo=-ARByg9-t-=T65Hui|HfyR2upr7{kJ&Cec-22W4eV>3GL zwq8oWDN`(Foe$2~>M5By{qu0T_O#MIOGPxuw#jSp*+B5|XlqWgJ42wsKK%z^ar~xq zuAexQ(-78DkS>u=zO$QbChU9-Q912p7_WGtx@?YbfDHM`*Ad7A8B z54rzoL8p`ZdOZ{Yo_9z8VcEjzsL9hW5=n)SLgw6?HYlD)|CnL4np-0lG`z~haXwfi zYE!DdIpK=vxEMBBi@ zBi@Vh0#!*8DOHo zjYRxcx3T&eWFVLDgw9-@nW3p?I%r>e-y0kGfz^#D~sHgsQdnVZmZqKi-a4`yLtDZ#6Q! zBWc-pad>N5pw#d+9%;o9iR)KvB-=&@*1&Xi>zBt972*{$E2D+EMFAnCoZwAG0NwCI z2fT@}iyjHAIOL52wX{{)YbZiTyXt&kB3p+O-3mGswT>uYLB?xbIE+h>+-sr$ccx88 zScANj@8Z8-U64Ugx!}OnExS>y0_OH0>AcCp-=Ca$(SZ^20Sg3kO^uxPEP~s~JBXD( zV1DpL%iP-h3GSh3>NpiftDX5V^yz5-2_7A7jXvoX6-v1=>B6X<61VQ?;;1a(W0SyX z781qy>1Um{mU{Z3hvQ!S~bjuI7P`h7;6hA*XVq{PC zfB1EePrIjOS3!w5iojk%?EfN-F9L@Fgr){7#(y%FZ{`}~0Y}nJKE^wvj(Yhli|N7@ zlEa9Tq}_l0HtPO%ku7x=y!laDyul2Cw(`KxUyW?q^8toR=Wlxo#6lup%TB*0Ylxd8 zk~?cj#STeCkj?75Ywhre?Od6N(M~&j50Y9O1}V3HJH3#=4kBZ|qz-%c{p|~bID&gB zgUjhQ|A^wUWvYv-?tOaiI`83N`F&$`%BI?e9GACMQIuq!8^WbAP3JE|_FIf%{RJjU zXiVnjt9S0jURi&ybXLYc7$kN_B5@iM~LfAsIfUNJ(EH_`WERvsi=Q}$Q7xP zZ1u5b+@2gO^hPf9OmeytS%MgYII$Byq7UBuQbSX|a?g!8Sta@ZK`7dCC5j`BEDrNR z0)r0OhNk!U1#jmU@R1#o?3Y<Vj`r@_ zUGf35C;~+WdVi6$(+8e~k2Lq6Nx1%xYo4zjm0*{{puFw~Fv`2d_=~jUqqqOYevYZ1 zlN_HTZe|58!sog(s#qMWmwV>PsrSSAm(IP2S3P@FUGRCO*O=G0=o0jHcRpw^EyheS z1&K9Z@KN?`aUbMER;;J7Q8>_OJ(dfMq=0D-NBg2 z;zfG~%w-78$i`YDg?GVQH4lp8Ih=fl9_CVH!B%h?53+K9ex1EWfbbNk%d(`TX98Ri1eK;@@pgnRGRKpXGZim{dlMOVLV2wJNdVN$?D3= zY@UVfAk~-^M6mN(Eg7EtqyOkx5{f6b;Tz7_1Vad!@FM-XUDKavaW5Ab~?Pj;zgHg33PGkWY-=5TgG+LcXmTa2suBW@hHWz zsU{~pz}yuteS1>2`deu898QXy`9RlN+x|BPol+&Yd?HCz6rZUR{;?yG2h%JiaNVY$ zGtxK)>Qn-3W4Af{V`q1wIY@eiS9eLMcjE_H+eUaCcxi}bT#nBGL5KV_Mf`s0^}FA@ z6V-Ytb{7B%IhU0U*~A7^obl>P2C{X^UGt-4mj{Z(DV*kYN5MA-X82{vOq@H?kn5XH zfl6_0_8bYaoeJoSR0>Qa)YcYjyn7qYsY>R(k)p)S)Xh_hL{9`C28+@=LU(&skvz1g z$|#TXS9K&|iKOx;c0-Gg9B~Hg^Vb3Yb=G>hRbCG)8#jjGOv@uoQ+>;hShGANbM{!T zq}B%>U`8>yC1orLR*B$h%BG7)i*(()uIf0QHfI5_*hDX5#7ESg8n4vlr^O1Kr3AEO z7ToWcLwFewQ7J}jX{*#HSy-~r*Fj%!SkDt7ESFB!eSlH7O%BxCGF_wQ#yUzt2&5CJDJy4y0? zlSAE((7U%shN2FpE(j%dPj9Gbf`~WaX*g@Ci*ul>k)X3xt2MnPvlwwHakuk^Ax)x09oQSRdVB*?_2|n)e&4j+)={M4Wj^mDhggtRt-7w2O!T zRvhF>kIdJ31E9wyp^4L{=L3(cA-XoZ*O0XA1>NYi>Jh1u#vSkP%jKmu zgC8t=3qSaZinhmAkqX1l#_(g;@1`r!Y^JY(@Tt#3d zy%7gXB1)El=^5ns|3x}SCezx~F~EAhzIr-7dRU%{eJ>+Q^YwXB|KI&A#$B7iAALxr z5byFgypzJ4-+z&A5GPd9!j13oO_OcE1GuQ=i41lXqX*ENpKZI+KYRyZfCnK}Qk9z> z=hTvd?SmaWCr19a_ZhfBdM@X4i5hopZo~q4LF!-!qKK*#8Vao9-}TLX`cp|S8JHtH z%+NdU=bBlWvJbx&RZ)L$feI6Go{VQ2g`kO>YfUo?zi^b|w|}M@893uzc8Llwi{szw zr+!$vy6n(;V{M#nhHOVdp1@_@7V@frWwEaL>e77L?x&=EqO=Dh0yNzr188Rf`Hsc2 z;egZJ2ntOqBa%B}#ql~I zx|u9J(rZ($DqhzRHwl$eCb=>)p_Bac#dvW2y6C^TVPJPn*YQ|Z?sv){A!Sw2QNyik9^9O)ruTso;F zJ{Zyk{WP>0R0}0BBuCxAC2ZhZha?((7yfFvkUYKHRlf?k1)JpLkHrA*<}7k}#OCzh z_|FqX-#v4jn2Ze$dcIR+tfS_3fW0DrPrF=P*sY%IC`8PVD23KvKFEiK2mMtWJozziBlTx zF899v&_MtJpcX58mwF7vRRC|Hyo=AZ34FFHwXchOH-H=i$8CA*QyP|HGGa2G)Ccg_ z$oVW(8uNxz4Ox9;H3>vjU2$IX&hJG1%u@)%M6S;)G6?q@)fGpTT#)8$ZFjmeg=T5$ zC)_qjcZH;_SNoMRV9~p#` z5NVSo?JrXH2nIy?&@B2)A%gtY^oE20oIBqAism!oyF=T}HkB)1elXYCdSr^0oIkH< zn(WYW*yEHWY13;_%8`w)uG(?e3amYQD*LxIa>Z4iO(4MO0sSp?K~fRRiUM3XPCs^- ze6>-jrwzvizUu9XQFOHV$77+4;f87b#+cAiSr{kOPUEW?q>?d5jcK#~!-QVTRdJ0j z@;~%?9=u$P#n*nLrtlPJi5#RBG_o%Jvg!UZf zn_bXTKjR~}HhrrLJ#AYYP03pE7wnCnkYja$x)_pSCRc}OsZvZT*S>nkRmfaftiC;| zZVSKHIwUlB=CR;j#{-uzt9XA!#_?_`gUgBPLtoYkfFJ}aPz(8-RU0UT&@7k9`t5GX z$8ZFvQogc9V7Q$g7vnL=)sN?{*%tinu3G-+f$JpKQRdR&O+;Rq|i5ego>^ z2*pNJM<7kf3h#l-10}Yw>XearpH>n&eJvMJTC*j~|Jo;sVF=AOhyQxr;T6;Ayd!v_{PriCMw zu_eBYy11N57`6H_?||G~v0;6sCk8?xb{U0Y+VnqbEgXI1J{inz`Z5_p+?;22%;b2}-4mE_TxUFuG+1K!QJeh* z+j3U?XVgsGS_gBc%Rec?@As8BW9KzOf9oiJOCgmBNpwF5)b1NEB|J;7i(KV&RA*PF zo$VpW93ih;r*v2X{d$-`$)^%MWzgP5GXFXo| z{rL%Dg2&3VM4mya-Ci`&L(o(5RZ{$wzXBGkbgMor@$zbfMSwq6zMa2)p7~!DZaL$+ z+sX}Q7&xZ-@o`)sHqP%jbB?R!pi{t^BuhJH{?FY!Ep62(;QkueVk~&v^^{RuDiVWC zw{m=soxLnLj0hkr!yXDpm(Z_hbzhGQdh@ZfZJL?YaG3-JB=&e9QQL9*sRr-r^hmr+ zPGl?3xW0J$P{gk0&C->>wH@QwbL>Ee7;D{5*(QclCmi(g@nB1LCgszfH?;G_grC^o z-0bVYo_s9PM>E2AXGaT`sU2JkdSXs|z#Jr2`>p*aiF}oDhK!8zMOfrS39vUC2_RtVjKc=_#^wlc{q@LYJdPnaSJm{H{ z9>Nw~c#AA98Zeix5Ib3pw#0NHk)w4`;&)5M>%H+ld#gs5CZ8peOUf#Q^9`nW%W0W5 zjQU6u(U_WxUViL#*RW6YRWGw)oJUbVgRu1W0_|dX(y~I?^DcvA?32d(4w1x+FUrk7 z$6-r+ZAoAe3%%`@=*tJj4+BdLvrw%ZojVx~P&^i}@eV4tGikp?H*9~$zFTS<#qPO} zPf-2YuW;0QH#0%5FwCj}N2U#1c4_iDlff#C@wl(|a3`)iFd}g$m=F$spBRI?aC=3W zT+l40*Bx)dg6kT+-ofT|%CSkBt$}@I38H;I{EKuJNUI3cJdGz~K@M%~(yuL&$5n9S zTkf22G>v6!=<72Tl=Ra&rhR*I<+vT-uQTI-W~Pg2b6@EAfHh;7qS)GOS#OR7ySI)d zjk04qMF8+y{dcb=bVp!IncEDq1HHXR(=KxmYXud>}= zpVzP7!2JFq-8I@g7djy5$Zf8h|05e8Dn?4T9Bn(OY_r56?8VdJ$#3MTF$xD#IRo&K z7p8#WjNV2GQuHId))G2eY)X~Fk4K4F@SO}(;lc`dKI?w3gQ7}_sILMklsH98=V={b zFsA3d(*WCwgjuvGZ4Pp?i#pHLTZ8LugwYd9tr@gEGdt<+$EO{0@V5y>aWiWsXY0<Qv87;;M zLogYg47>z@F(a?{L2N0?8!pYHQ2y`jyx#?^5Z8aTT-!3u&Jspm2f;W^+ou9D;XSddjn5%A;%|+XF&of`k61r zOjuE%jq=5jiXT-pmq)w1CjL zEX(`W?Zo&TKdbagK^}T68&;>5W>_v+P`rYBuT_gF6v(I?Rxayf%sa^u-31n zn`_I6Xs<(phK?^JE$ZyI@-X&~PSXT+5(4j>KE4gwua2$}v9l#Ruf&*<#*n#rVQ-Zp zGS=Z&vyfoz{1@rqPOtcY?yI~?S?e3C?y~t?$^XSnOFa0xA8qa| zEU9V)@sAsdRzgf(#qeh0CMcNsa)Cxq;x1js5n1ywJ_gDoI z;&K*!;c9GJq^dOPN1oPug4zkDc9V%oYL-abM5{%s-?%dn1aXSnX$CdaNu~>B^NXd@ z1#Leba>S5+NJYL?y9D}QB@aixuyWCUVl#{ThJ(9Ey3k1qtqIWS;VMfCOK-+DvS-n= z1Nm(;^c;p>D3;E|ys_p2sG|yEu z-G{y1@^Mji4aoDeQAuIs`KsvvzTyxH5`Ukvoc!zY8?^w63L|j)Nl}2@n}qo*W`^BL z&BFRx5$rYWy#@;ojTE%%oj1z+xa6orVWnI(+xTH&(lft%ogH`@@K?3ZOLxamrAQ3a z(@pgLwv>QhS+a4wNUtB-v32wbG2tqbJ)on_GC~}aHsWgpvr8gJ1K8Ke9?wL2u$ zp(>rV(Z~OLXgHe6v~(O<007&_vI~z(KV_aWaO}HfJwie=_hq<>^*(GwM4#Gu?yApc zmq-8m4Zo9(1vwY=0rKVCUhVtKQmGxngZ>6FJ6j>eb|)! ziI##qPtr+1<X;&YepB?U_ ztu? zzmJnI2l^>oEY7>qhK(DebH_OD9|!8Ra7rw%n>CzAchFs#=qE$Fmx-@{1Oo-*%P}3o zo(Vl&mYm)|9}sty#@U(cM}_m{`G7GLtI=223$q!Rn2cPRJ*`@@hy^Mfd`N!vYWP)h z&kBTJKntURy+$8GhWMH9I?qmvIo%Y7Bu)`cJYZ62gk!knm*p-3?w(e6MlpZnPA+&p zOK_$oW-0tp%Vv7}M3F=2Tfc`(N6zg$b;)cTH0>mY=F*5ZCJC=pv8vi*#MRO{fbCz~ ztpfID`VI7v6<6SVY zf@lRGc7xm+{*2>W9wVCr!0FEp%f@7US*9$fk9asjK!|&)I-~sUr{jf1D$Q5z1yTm% zVttCp&NTW@SEtDiS$PIgBOFLCwdXP;DwE=?7eS8r63_~J>n8Ub%60pYj7nSWaRLf_ znJtx(c-_E0ygV>(?x5Yk!dm!>ZOR|gpY~z1M3e`&cQ1}KL6sq76p9He>&dkzQBSo0 zBX)dhM0qEH4g(7ZyLLykOYp15$qlvaQkCHTgrF0=`@_h>OvW+hNdDYlQDNsEe1jSg zME)A9${k_kDg^ngr{$PA{8F|;hX2!@qaL`bC4^%SeTi?2%R4fxOpik9(eIqkw794( zx}pff(PZ!1Mo3XlWjbxm%wm=+AC zM|+&bs~`HTN46&GGaeo_mY<0f$wS&AfuTLDLkyHLemPZ&=EW0TDc0V*pEyX~20||# zdq@@0fCdG6%R2}Z-Si%dCt1z z0z#c6?u%R!mhKXeJ^NwaS?+_ji!gGzsSbZhUBg$*WyuJmRzP1l1(l_&E(~-Bi31SMrrR&yHe8e==w-r-g=;{ zBeZk*@930_l`=^2*oC2Lg-Zx-xbvUR?meXsQ=yzLUeHX=z`^^oPZn39ujSA zFs7?s>PX6}uaUyO`+XrlkCjvQ2ASRHmX-q+Fwb#%!peTL1XccKk=DRXHUIt0;a=&) z&D>o0x}uAnihxn%kW}q6%*WA^diT@TIbC+#BfQL+BaDS4HW#8G`06Jqq!jDRg0;9J zlp4tOG-k@DzJ%Xtbb#+05w&X&ss!8mW)R5;WH}ZC{zVE3{RrWnf1XaSp8CeSc~BpJ z7hm)896}H-SU6nLwoDCiUF7?B=c6)|q%b5}_rB^MMM4N&UYd%=Fdc1#s|gc$^cmo4LW7g5j))6je62)vX`(t#>dd);S2E!E zPiR7St&7`FVBGX!6ZXNjaSk@b;&gh)ahVp2fjnQ?yU(<{P4zk9*I6^Cc&L0tCewLK zt)p~Z)oR0c!KYctS+iB`C*A*hVfKG>20F-Gwc2RCEBUer{?mi2o3%wf)3P7XFi7P< zIM{<2F13&iG-Wt)yC)@K5xll4DQu^%7{RLFA^xo8OpE9)dw-Zy6<{N-b?m#*UtfdP zCJLw(1|ykX1S&j54Saaf+n+~{etivPkLc{0s zQNN|C3IyVQH%OhIhKj!TZpB(RP~5*+-qXq&;Ipw5?_{UF?cNbApDAmwml;AHc1A?5 zmBp#iza{{G`NQLUNKC1548$568?=;zt6Q)`Z7H~VYHjCx+x--s@pODX@4%m~4c*x-{k_6A&m*OQmItLZQph|#UWL4zlQ@Ik9E~}?r`RX3 zra^cY=E?|V$C+1zUfTS2y(z!NnvwRwuh4t|I~W|ZPKBqg^Wg^5{?usEmvQZNaCKcQ z`gfG7YAKkfeS=pYdAtAtjHb9bE{ZV|*sMl5t;y=kvbB92@IOfw$Hm6IPzYxM>Htvp zv_L(Pf=Sy8Jlfi)XnO96WHgptx@E68Ri=8-ZG7b}3n>!VbcB@qjNuL*gN%|v1%cB; zkz-{W(_`iz3BDuyxCRhlY{kCz=zp1L*XtbV|LjwOs$OQRcGTc%!pyLk>3T+MgwND~ zMf&X3DDM=N#~JN3;({v>BvOp$5k$I3sd79N_Oh-t1|DgiH^Hz@xzXgVO8tja>ep0| zuIoloPbt{h{vEF7H>)cTchaqaRtv^xn^beIBReHdHQMl|u^LDq8+b5{EbPf3JzaL-EqNsiaXK}<5~@mTbOJTEWI}PEM5u5y zM#Rl7F4gvH&H5zwtaC_0P1}*cjjOPddv;ol{xc|oQ_06rBsNHAs^b+0k&n0P_?uMK zvf=w?z}$UI_Y*?)aP>{#p`M!!s@NBcDH2b<-6aI2P{Z~5QD|xs1d;jymM#Qq;C>Xi z4~~8FG8BcKb!jfzFvPc#Uc)mz5|OJ@8bLYC)ku1@Ff6bS?qlwI(D6Uqx^KaI)8XKs zP{wCxVol-nLHRFIpGb98>>03&A@RDk&Hs7)zq%H(hi-Qq0KwU6|Ca0V{h<5gH>K~) zne`8{prLxko+j2M`D7?+R{Hp$U=`D@MWx^Q1xl-X95+^o11pHSCg_o!)iR$#CF+$< z-Zy)pCLsFbA&9SMT8{5SudAzQ;*kX|`wk`PYK6jdKUSkIwfJw!#oAbBA62Y>Ew6*^SSN2+}4I3s1_Vd6~L$b$D;RZ;kbnfX6Z0vpnt-q4=V*S*Z-YwQgDx=3A~k6Ps+d z;!#44OF@6TFk`AuHs48Tsf&cAA3486oZEpp8|%7sN!;w}$^klYGzA}rzPo+Nf!T8= z54`tS@5#mh8cH;hNCicRVOpd{U5DWvsry@u6G@OepOvKVMRGob4S%m(KKxQ`4e$H> zhizFPLF8fL>4lqA;%`LO#}3DyM!4TDQ4YNf^ys0F53mr<;xbgiaIVt#dAsZvi zudlGNY)*Uc6o|Z$kZ;>6N6=G8n}wK>K;-YLcmAxsqs(~2@S@n!Y@#tiT+KAJ(dIuM zaw`5)iI7xat6grz{l{6z;)d67SfK3$o8xrLACILP%D6f85 z`<$V}##D!eI~9ww)kqdZ-_}|otgXt45wDx(-Uc1X02BudvTmbrTMo3|Ep>^Pfh?>M zUCLbBqfdz`v8tYjyyBcHemOhfuJ$*QYS>4=O90N3ALGn}sJT!gQu(lHMla82e zShoU*=M{xt1TS4|W>gJ0{dwavDZ{gv&WzpAFLT@uHz>oQAa4i5-McB1XSou1u9m_g zkK@u+#gx!jq#Z-1zNM|3+j(4*G*y5!BEHe!6UDefMoXW>$d=0AqB6jPK~ii9f3mDU-oY9aci{;sBIii7X`)|u-%H)$!V!Mm8MX{F zYjj_*PHH5AWmAwkfug=1E9iK(zaT3r|FP6UU0_%d1{~z3V1CN+F^c8<^iJXw(huSr zYv9a;Mzs0J^X6mpg@@zKbygO7H&)hDf5k*ym0G^lJyw=nv1OO!UOftr|K_B+Tn1w% z1aVq#rP&QO!mZP-(2_n496R{u>&6Py0YCW)Hb3P|OHpWy?@fpQ+{$2ZPP2WOJ(khD z!QQ-^R~u+#XUA@Dk$T5DHG*-N-dd9fu28i(rQ@?guw8D;x~j0*#BT5Pmj#XEXTuu^ z#S^WycxeqiUY6%^C{}!8_8!)Z>HNm#ckcyXf8kRv$e{?-a4SHE6U~+Ar4SQ*4I1@G z3ea(j2SjsM1JV-3e%Zi!g|4?*?qHrPBp&kh)K%J=fN zt%`6Jbgv~;$ede}TXAzy0t=EWor%`R9N4(`!SHTlsO^0|<>o|MC_pun3*z=`eC-tE z-$n^*{xZ?M^o8i9Mi*_mBl9OVA}xBY?>xehs)~qk4IpZI4y4ja3Db}_W!a0Qn&-^9 z*QQY|$aT|555!5bJ+ekECO}JqobHzrd}Qo?0SQW&rj{r0-vDd`$(JkHCA^XQYLABw z+V#1(fqt<5(wg}O!)omTinh&ueN*dT34%F@pJ$Wk-`Z+tc3AXe_`$FS$^( zFfel?0TL3~m6m}q#=_J`(B`SJy3@iKO&!7_%XQtR0k5^x5i z4d8aJl-K~%sQ04MFCawRsW};I#i%Le2XI;-`j2)MwtwJUf-U7IxoV`D94O?Gl{1AO zeOf{FQNg(a#B7G{HE(g_9A%d0s7u^vLs9p5=!YsS&NIC04)Meuq{I9pT)}+eU@U8h z9}|3hHU9aMi4ld`i$2dUEOxHTsRYq z$ae9bRXlr_Y-Lry?l5aeE_T3pU*-FzO@HdF#QIP>dVsHGM*=PA2p*YsV4@f)Ead74 z%kn!UqfPGgQjgs7J{ws@Kv4|ydM{8x@_Ks#3<;o9m9xxYyK+R#-is}LGv9rsGVSxbT> zK&N~JN9jF$t_WG|>gqSn^mmS583%@lKqFUD;oqASCB3IRP!NvI7C|Lim2Zu!A&9XM z!Jvn`10?%{kJzZUUHM$4a1x{Ud8WVbCO0=9gESXqypgVcV=30{vx<&veypRfP?jV# zyZs&FP08L+WY)1rs2(HO3m2k|e9$mtPKJ5m%oj2Ek{!hq_hiUk^h4yoTzIe7+A8#` ze-ZSj&b`l>&9^7_TCLz3kCHN2f%`&9BevD~%3y;+?f>__>b$H@#jlk17$`l*@==Uj z_X|_9{wTs4cmoYiF&BbqPWwUg4)BbmZg|&Ksxq5|4cJ)dz@^F8OPbgsV;Ngdvz`6| zeKyG|GmomoD$_W>3CyfkwV7VY0I~rweP3q=-e1cT8BMKIZo2<_LtX$Eyl8Ys#Xm1r zG>mK}YEd?hH(YdG`P=w&-DY1=iJ51%>@6jeucTLZ95OoCH>e{{`ehvbc8chV)FA$GXVqF59%ZEaBcC(IGUT)Rgv8LyTq{S zLelud?cQYvgbHCs{SKruV;8TvXLGiq-6W^oo5pAz@QKGL$VeK3l0J5M1eM5Y9T&x2 zAV@HsMK22Br|{U3ekr3lS-C~P|Eds!6m2P~nQ0zc~49bcK;+7?$j8b!39!neb;ZL-^Cxd*j*()Gj87LOe7yNZaf`u*{$E`v{~D?B1Q)rb2}5`%NIXynTg8PC1~NrwWD769wq>&Gfh z#GIt%naV0ue_7tEe#OU(OA%7M_H{#=kk!?i`OXZoFH`n89IZ%0d1Wo{nTVpG67I3S z+yL^sO&)1&ScCOnPWZMh852BI?wKQ7A@&I#bqs6p+42eTWwkp-v)Ul zxZFM*T%NjV=CHKyg#0WUEXi6wuS6Z}O91s}T$fYo@bb5WawLgYj4%@H!0<8)dE;U% zny>3G5OKO?yh^nhaw?Uv_E-vQ;;K<~m4f0Dk0xSfk0NsgZ<$@oslWx0n@XS;98=2h z#c?349+Ba`UEllmCry)zXrS!y=i;~LG*`q+@83vA?y-#WC7bRf90z;}Y*(6wlVuc}7+Ujzt3Tow_+x!2M9U>FX zOEeeu8KaQZ8YhSJ$A*ZFY4DTKz37gDeCX>Y=!4;X14UjR7;Y2h*q5Mf0V$o?NqXBiho z`~Gc^k`C!wxrs2bw7raZrMXDVPfX(M~Rlgo}Dn8ZoKgx6KEJD7ZXTEal0 zqMlwh#g~}!!5a44TC+0gm&fnb`CY#08j)cOI3OZN%G>mpS z%>eqj4{VuA`IU1n^zjPJg-6V{ZaI>0cc`6;i3M8chRl3SAOKNzCPMT=B9lzP4>6I^ zVRio0s%<<I3Kj^Cttg0wCwcSCw;uK057P-xtg}J(wWHorP`$}U zhU74rzMA3bvQYuyqkBR<`1;Fl1T?VTURP(&tQ^~G;oIS2whjX)O=`?XdnsI? zYBKj}nsJ?Ah)+c02(l1k>?%SJT4T>QF#`SZ<*!6t-h2HPjkqv02w6^;biE!;(HlEo z9SyAc0*#A~KiTO9;Cft5iiEv^>0VU*(WsNr!IW72@4l|q0vd6A3uvnABM)Fi-v3$37;C8EZPj7;zP5Oq| zR-&UJ3!hK*bDG6UkSA5dWV?5jSL(u$>4OI_ex8k5)VIaQU&5c5MlU#a!H?qYHBGu? z17k{yqJphfvnE}C=EZRNvyTw|8}ecB?AXvu$AydKXU!x95s;?M4tjiOFKLD~kxK3j zqNCb;Z17<#kIQ#-a{+@Y_0!sJSBFgz_QSajOO=B!lRY*?_j^Cec}|#p8mBEI_0K%@ zx8DAIwerif&)>j(x`y$3n6NkgFEpQ3UVn8+^vOZAQuQePwa9Sf8TzHKkF;ymvrAIn*g~W2@79twhW#5@P@Zu zfzi|Br#H}*P+tt^X0jk+vI*`1WGpo}R;m@)X%b{peH=WU1I2SP^8v-P-jT;4!KMB)*O`4C%;B(1H zzg{e{&y{INV5FB^0;_@2_3-eg6FuJ@y8a%e+!GiN_5wN&Ft7nh-P?ti?-%=+bL^m# zO|iGQuJeZ_LCsvE@ff*x=u04Ke12hS&5c0pj829QnEG+O8CKcAU?=|wOFX9Bdf+lZ zd)g3}Vbnn`(X)ua)ikJ3B%OQKarrSRd;7yEypuYMfEfLFuFp*kZxmTm;Eb%wBT9)Si0YKdfe*-o)#k4Q(z+X0|wRx00ZO zHq?kqi@8n(y{IJo=)ui9Pe-OWF!jsvN*ga5Uc{nj())S&p27ObQ`^@hHSaw*mN)(A zzTR9Q^jKI&4Ep{SMqGt|^47tjGW}YN!vkOqNgEz$HCKEjXX~8M} z>6IA?AgZ#*se7z!t&ublXgo!ch3T*F9Z?oP34ZW)$2J@?YiYWTZs$)3qj&tOX#7mx z>S&eME5uSQR`EWk4T)w9tW=w3I=)?=19?jaEYst1y&#(~T`qbsK}n@l%_eI{Y%fAR zJAF<)=n&3*)hW=5XiEaQ=3xejmlSVXE6Y17|C#udQu8i=xG(Onp0LwW$db(P81JwL zxq;s%_-77o#E9Z}%No^{H8yaeZjM4<#5bk42)Fs!*(Guo#+XssbRc&rh%={P|cOj)oqGqbg5hXMZm^jI|I~=*KX=>U| z+Q|#CJ;DfZUWlI@yGu%vjI(uQ`XJxY#&}4K`!4Yyz%>T~QfFxi__PnVHWf z5{=Q>dF#%((HE1eJ~XlVs4^@cr4Or0f~5mb=6*OO>XAxwWKRd3yCFhYj9II3twvJc z@4@go%=w`hee@sQK~|O9u7Z`SxR;VK!IX1{(Zi#XiQ9O35y-$mKL<17?1x!AhUZT^ z`?D2~8c@dVMtRs);r$ww$?r?JrcapkEV{&9vyZ`GjaJ@pM|A4%$Xb>HC?}ytexIpc zN9#D=pE9t5*g+a*o!!n5i;W5?#@SxZ&zy*hZE0AOyvE7c#glQZa5bs`oe|F3U2Sso zsXoU*5h)5&X@#M_f+uC0fL#wHwayk$3g^b28jPnoVw?MWK1 z#TWWn<=mNGo5BTr&sBN#{s7IjEYS4+_lm}Q@b|j+a3x+C(n&}%<-EeE(vHiH?taxb zD&t7h$dlBb!_8VpDZ(McN!BFIrFcAyFu%$DNyxnyz~7>$dyln=7U8cEJF-#W3aWM7 zsx9Zi?N>smP7PBlu}lQswboYb)EQL#DZo(jIM(56S3J&z3r}u#auh%dDsx`H_G-Id znx#xnPK+xT-u@UUB2p_vARMdCkPbR$C)Og5$sFU*7}ln5kuaUrWO)QLsh4k^zDAT$ zD(gizjM7(1d0l@U=?6Ld;c}f!9axa6Ns>L%C#VS}n~LBNACNRPPmF!I8bT<~cYhMQ zCe^*Q1Ls_lUe)pCvQYy7u1;T z$q%;`#bOLTXC2$k4@FT-C z7AXU1=X4TmI`>+LaG!@7r;!veIS)A`9)gv4|9CIdG6Yqc7^}(`pG;>$5LbFr`hIT& z!ei-u`{G~aAI=afl0VLK2Z`08_8V+s&HU8c*4EPLN+f0&o`<<*qv>ChXlWf&!(vrH z+FQ3Nj0RM&13Fk57q1empm_;5k&U=qL18{WhX6Y(HPk`Sj-Ok?mo@WF&b^45PHvSK zqcz!BYI#AazeJP5*uECVuo6?8_oDK^qEur2&d5islf3;OEW(}MyPviUmH@X3RnLfn zR3j}lAr{Z%InQa+QLxr?>OqKD1)2Gar?Yvr*Sx@&RHoXgo6bE#ddbI))$+-ma~sxC@Xia!5fW{; zdPOf!U>S!%B=dYr;`!l@Mj}DD)S;11FO1PzgOX{=jtE>Emw|qi#a+i<(BJ8Ue3p~6 zzGM_3dz@<8u}|{aexvkPZt+PDNuM)aT;Xf!?KHoZKA((6HK!!Z(M*?9O3*;DJGWe* zqvScZk#c^e6|cTyp3S8Krcq_n^>4>cpK4K|+#UOJf(KT9W}D!&AI)5GZ{CoOs7~{6 zI)of>xw*BrfJvlj`u)h5o0md^*E$k%Z^>A0Uky;j1VQ4WCcAoiHvi1}=$5_9+M0}O z^B2x9;(Hp+lGwe64p1SleGY(V%~K}1Ob<1)cEZ1+ySc|HthF*|txU%fgt7OizqYDu zK?*zG?$H{73ucl(l=j+rM~LHd_-4Dsp?)~x<$5Q3Ji~?<<7j)5MDkiKnY1B;5%WYR z*rhzv$A39V*`X!FGTgbvPWNdyfbG8(yn^f;Hwmc96eoVd_uQ zIzE&u=YL|lxMcUv&w?vc=e}^TkOHk3Hx=nP5#dP5;i_J4rSn>D$=%ggrM+%d7Bg$b6ZZ_4>6C(S zVnh19eHJJ3l8^u0hpcr!047k7hh zof4`+%LpIbxoncb&RX%`+zcpVQ1Vt9d)o_d5X~SA_55ZrS3mY6?guuqS21bOnv!by8<@Yg|Tp6>6=H$|Mmzl!4Ca^_sou(L2`Y3w}ckIU8zz#ZiLBGh2vxdGosd)?s4LhVdJb;wSX1 zW~gS4<+d7rvIyvOedqYm&WEUyi9hprrBOe@TX)iD-4CBK)2uwrR+*P67}Q^{m_cU~ zI8?=mR1?wP{Uuh{uHix!Kcur)iO9Q(oWz`F8X{h#evXuCSgVIQbGy8^(u5#F*!@G| zpYMxv)gsemkXIJI;L}p#u3%s?oOz)R(=mB zM*6f3RD{D_0S)n|mLDd<;_avEvR~gHKAZ$JS5kU#$wAZY#~j44W{+se&)%QyA+^|c zcP*gK4H4MMVB{d7lDrr(U7DR@_AvJST||VVYJS5d8Te|Z?6W0!Q* z0$Ee5wi5LCXg{SHzBLF1P%ca)FeqcA!PA9aj4P@FKgts={`q|F*=tDD$R`M5OeyB= zTA*Wj?c~(s!Z6{ncc_61llRRdvyihIAgOhfg|lre=*TNMv*wZy3D?AZG1L<@NPQ&RqfhYu>xSj;E7vi4<0Ir1>Pi-DN(*@ zx=X(=+!?Hd>GY70Ey_^+Al-RY3eMl&+BX#eR`$Z zt4@*jPp!5SySUB|^!qB11^nTV-~h$iFXCFsr5B}u9U$2D!tU``<{qt_N~c0pWrD38 z9k#<1X{~no>mJp$gxNLyne^%`Y8blc1>>*9Gz&trg|-oo@FSUu9zt&*eZW{zZ&Q)g~#Z+tE`7TtXbVlcdTDI?z|P1mHH zl0($PIs0ERo0~`Zf%_2ArNNBRLD{AsCcbJ{*EI-KVWS*YMWEep1Q#{PWK@bUP2z?w zVx@L8-%`8kUih-*#s5NN(l~7I()wbt$vXbekHnF2sqfc9h%uiE0gOxcp2i-Gvz|`? z@h?|=h;IQw{y}B|V%=G^;h@4S>bzsxJB%+)f|3n1F;*YnH&--n0e>qwdPywJDrnN! zAG3dmaoFC2IA&4&09f9MQV6^X(}~p(^r?Uh=Qkba(iyj#zDt=Pw=kjA^IKeCnjIqK zlbs=EjwU<=hHI!$PK@$>HvS&BNg|v|A0^t;wIV|Gurv!aiV{>U^X{^I@#p@{pJs^M zx)plAn5z^;8kjRgrg7S}(45PbSs+9$G~xR_uvT5M)!`MN5v?FKn#^DGq+bKNL5$u+BOBG|V(m7eN;LVxr!QUG zUfSYj)2`G=9;^vq20M}zzM_PYr}BB4NOp@6t!3R@odZL_-%}~Vn z=*#n*2EA%OXo&Q|K#>6TzR1o4l*5zZ^2b!U65ED%^Qvl~1kd>|xB?JZ<)aki!4}5d zjc==SUaMJ(*H9bU7>1Kb5qxhl>lBs#J>&HiSvMa^{lX7AlT;Hx!ycKGJEsQYHmj8| z;Yv7eJ$v-wZb}x45-lK;rts;x6!+?ObRZe3!k!n?Ll8h!xuqiDe@99W1jSYXDIGLi5DSV+EK7BBBurwRV_8x~fJQgdUA(;mmbujvu(Vd^p`b z!y?2p;0EFKSKfhCG<}Pme9D-#>dRi6#2Uf`)t53kZhuFoQfxOx(UD$`evj2q*w4QH z1{XU8a-+))x}r>OQUqfy5x!x{pl;_5>ji<;?i=qAJ$c_(^A0h)3}uW5c(!H>gNt4h zY^*)t1D9rivQ8Qk$*ntA!qNu|2PsQ2zP zq4vG+;R#%lRQDNy7~!W+(-?ogo|^8F&5?P1XXwQeY#?uDqX zG}VQvUzWQJ@w)9zT)C@+6~19|hmy?IPXC7d&F;0~EuRa$gq2i`ORh<2zw4Xrj!PG(p~ z`V8879%n9wOyxYbx{_eQa)W zfHNs*EBQ{ZfN9@tH|&6^%~Gz1^iUo>bX5G6xZYg+WBVVa!&lSp!svsymtfR1bGCIH zxlW%2gt>6CXZz%~>stgCwZ2#g(w7Ll@trLBDe^Xaj%}DQ3ZXw)H<(MQ7abWCATS4X*VCU;5T12Fjo_feE zKt1PhO)`|FQFWexghe2*fuWI>GX(W;57Y|{ovrj;<_&z;X)%WY^2&tTcxlu^flA8+ zNR>s&KLNhqd|!+ZPX_SQ7rp;(7g=52%i6P7jn0I!jr7@sq1WJ4hw!6d+(NZH(g*+$ z@9W!j{X~ZWiPVpsfbkR+;C&?PB5M%7{&b;q*p$27!uPB%1ICpCFM5edB+& z1i34D_jFnKtSFtH%Zu){rGDeUt@FndjS)64sZRcHN$ele`Q(3}yIfd|z3dAw_I2>`;$U6UP&!Vmmb5 zwQ$)!3(&*&U|?I{U+a!GZ~)?DY^Y#w9eT4gTJ}kEg*5y=Jj7$MV^pAYm|CU6x=PaZ zAy#;5CX-dd+F=ZA!RFLwYqpWQ9J!dMhq`W>Y}W^sJDKa#TzTtt8~*%!3&QfrWp{}G z^lno`%2}s2f4FhPcp_8ySOc>Nk) zZ=|K{JIHe!8@J)^BF$(JlU5Le8Q#webozNZK_l+vx^S?pd{oD4NFythlEv?FXTab} z&jlLHur!Z{OjfB{oYIr;Y=DHh8dFKWW2Pq_>njYCGlgk051cmZ!ko4zgb#YGSN8`C zsQRl%D|6LEeN@~sx<#Z(D-$%iIUL>)x`Xj^e(Y%oCYCYk`nVEURNuFTY&#S}vVe=d2_s)&C7Q~k1$=~tit@G)Q_9ZpN=WUwqv7dA8Is_SZ{1`JE z80k|Xn~3OB?>p`*kfHBnD_kV#2G*%uS37~*n_?wxTxXj(h)0iFe|lNFm!`rt>;14Z z91TnnVo(#@FZS+Et*1bp&K5WyI!9=sS;~V~`RM6AXe}lGAvw7H*Wh*HfFtWU&|x{F z8B(Y=xR_aI+^^frv#e@N0f z)iEeRZIHjNY{fT(`O8HrvpOM*n5dI|i6rwM#XLe12Jr~KC{ERN3SPjFGn4sS4mJ2; zsEfLjDm;S=#QHv@roN+tf7UnibVLY&!jAgocVI}Bj$nch`eT4h%4zrWeSngfMO5*K zl{8mIA92`6j1WtfqJ*hZ!h(^eP=+{dh6y~=WecivAf}I-%RKtcdLe<}W3e=jdWSUK zL-L$xFzpLJtt-x@22Gz}xRNsxFMZ1L1l?a(_6jIzFv*NvwG^8AkVzA|&aKHF08+*H z!%nRoE{z8rt5^HVL_;I)g$k>iwGC%F> z85T0%BABh*M&Orl_PUI7pu!;P5*B8@Kl^1dM~0~8SP~^&CZx?xsO>z=K>~jZtXB89 zS8&Jv4k2bkKyNKV-LP@se^7T6Jy z+nA6s25?*B+T~G6+`m5&Af3NbiN`*x;qKb3nsXKXC=ibm_00S1>X0W*-Ma06B!b9N zy3!MACo{KZst9k=xDpW=r^wo5Gxj3Raqv5r&rFd;%qU}c+4^MnM^CVCexf}VpAqkzL~F?*BAQ1Q$kbU#X$>$95q zW#9WZS5lF_%!P%EHEY!5B{Wm<>6ic6%t?97gh*<#Ye zL8NOf`8LecuGx2!hWDzbc=iM3>avRO<~%$rA?uEwC*b0)0+mm5?Bdg31iyaAKl>sR z%pqN36O|Bd=kPVF8=Sdg3e>z|@8(}mzp+-hZ-tMw z#y$^YWZ7$}P-<3-F+wr9e}^Hobic;!Q`cygh;ZeBMs{=}C}(Sf)j>CnL28-(!Y|>` z2GW(o*q@M8@-!lVA9(62TK68mZWiJv?wJNPu1lBXRvIqw>5y%&Zsmk&m-umDd~efK zl}fI)`wGqo!K<#wGpOV9@%m^uV zRZgieHuBE_WEbUAHJ@t9daSYdRZ!ES>#)1+3p2JHx6M5EcYxjnYD^O)SYIP8#BAT& z{ZaC~_$`UOM-9?PbR}G3IH0H{L*BnH*XiUgkb%ceSVpZ>Z-dq{Qh_1uuMYY%cAT z5Oj0HcFinB-CC?EHw40IwrBePuFgh$G)|Uz6K6=yg2iMO>UQkb*rN$X4BYy=$8kKD zXX>sJFC_&dP5@U|9aOXUof~Ply?}g{Mq#eI$yac#H0zrdA%`e=cf6^63p||9*5A`^ zQhrO?-@om|$i-wd_|>-B^Y{Olw)Kv9;^r3WA@O4b_1k5LQU?5{vjRwLps)Xx%!Du74l(p z>3_Xz`Az?6&rCY2KA#mV)6uW8&!U=oX?$ zRftds!Dy`$a~EC@dlJeV3|^Vbed-3z4G9ExKyg*}pM@U`LkPSsjvWyTAjf*DA)L_$ zM;T5id_Hs%rc0x{qRE(Z9|94v6E~HMmJ#OmDJBC?FJPuW&|-@hV|0tdH$k76jDvE2 z*+8XE4ueelw_^8-QWr6i;`S8R$^~2&i?pMFbp`$BhdftBnr98itvwnxOhJdWk)BF@ zIQKnsQwYLQn{U3YH&x1|q#>OPckC6u1Tp!di9@NRMozaQfL*Pm6sXZL^{=*mzC$dX zafu_1hhIXjYO}YY^Db&nx1tZ{+rXapsBLg-HjMr*p}OQ#Aq*YLBB^A;O)?OZpWMYV zXTlVC`lrs8^(qSJXX3H0D_J4WD|Wa0)eh%2DxTs1^bY;Qj-Mi!7y;(Cn<6BPwxlNk zv?RhA8KSTpGPr^doWq~YAxV-!$;~Nk5ro8-P~a${*_^IEzcE2AFMe;;aSD(@g}nK2 zu0HoRooy0(W)|@ffrG47*nGJ;vmv#hFxPL6%tl*v}ES=rY2h$XyC3C zQ}kwD?m9XjewMG2?xqL)J@YG`7C#W_s#~rvKE2ZlM_^>t7`eiwVWg8~6iA2Hq1RIQ zLgCbNZ};Y<_lMrWj|~eeY#rs1y~2+?l&i_+#tF<~K4*oPw~=4xIjWIQCIw!!f^6Hb zV84W)L+5uOT!o^8SIb?4(3>(X<{C1F<<|$E zpA|T`9rn3@&#wH18h-DR3KykPTy8}?Lk0&v1qt)i6NFgTOm?(r>(EL`SSl=M`#B)w zo3XYz{u0Vow}*?@kBJP~TAXU@PCXHN`akPpuP?deX8>6`8ph=c8ZJkZuV#(w++U>S2~W#Y?s+aK?K1+y_=`q7_(7CP^*!b?Xi5Q-dI>s`x4H{-~*lh z`%nxO?WYipNTz9sk9NBE09(@K#OEt0654W-S2#(l^IGty04~--Mom}nv$1uVRdMG$ zJN;_%kzY_&g0?fq3PA_kI0!O>RZdF6cvwQG_l5gEB;4+Xi8nP5xf`*8fA$8}tP+zb zsPTG02Z!!_P^aTi^J@`6*?%$CYw|jzYw7U%JyqkgQt6F&M~&TZUHPg4Z5>aW0U<$IY<0AMNQ@u87b5IxkUTd! zR&+)Vcj7LFznds+N(6}l2p8d5@=IU)LDXsZDx{D1@%X9yA5v2!Kv7-p?j?t73yr_E zbDn+8^{f0&sHdcJn;awCk^FUYeUuvaz45hKM>|JaW!ZCbbN3P1+BKn>0P5C;VOHhgsv>D?X{okXclJcXo zw%yW@9C|eGZNaQD>H^>ehH;xPr7ug&BTV!@S56A2*x{Sbebk%8V(kJD{E#yhibLUr1Vv3Lel zr(PU7RgxY33NJnra5trrHfM?F5%2@}aM_jN+&>4#l2)X{ywdg9y}a=IKFg)UU9>du zo5Zhnm|{pWycUuN&PD(gj|BWTZ=0w~fN3}o zUcD-k&z5%7R5MswOo6QohqdlOv?5>pVfelT4O9`IOhyzW&+6~n)I+St+7+WK&@-Mk zwp%Cv=>(K=rcsw?n&pO&(D(xHO^OW=_XP5+JB#eF>X-aB`Xwp z1#&DJBjiV5p_lF`(=`Uo$h6S%1)yJUm|h$^vc9DF*s~3aFo(&2w5sE^+^Hk!{X%9{ z6XVR*?NwLHqnzKRR+?`m1r>|0c4Vp5Ks#n8*LOWamgK(UM``>}JCI~+Q)UFjP)@Qq zcnKZr9{lyaisxAp8T^M7*nP14cMc|?-#wm;^HY7X16H72qMHnEUV1caOJ$O0MuD(n zL1uD~gNoGWY}28Woh$zMRPptoznGt&E78whoU94km(Fy;F1VST?TH+~BVUCI zTyjo`;A2IFRRtXv7nd#kszxSri@6N=XkVbFBHHGsdWwQ@VlwXJEK}qVlO#OU)H>BJ zTcy-v-7j(goN#koWz9`!$JWZ5fDAmxwHo{JL%%^^Dh6%`q54AS`_Ih!<+rd-m+CZ5 zrq+1A^|d;{WQQ(j$E-p=xY?^%eX>Py!u{>Mqj>~nIQg9YIF|#DSH!mbqoP-HchH&7 zF|f-1uc-z)PPlNLzn{`bdyEk{RxnO@n}(IffG2+Prh0ya3_Cf)0e!~~D5ewS1lX0i z(oNX$;eji&+MTZ8KefWy{U1YpFcw;*>8>9rAEk*?ojlol{I*1k3Y|v_UsDOWBlm&( z@#cR`R8YEHOt}$EodZknwBRzf|HG5Zr0qeio`vh)A^T)RMQ~(e`;{p~FlzIesF2!w z#^pNOCQ&OjR@j{@&`9d8U08=01?^18Qfv5`>hZh$aWOTWvWqwjNk}MjVIXfz5kUwn zGA?$q#9oh!Ue@jx+Rr7Nx}mhtzN#wyV%Ks>OB0`nif&BGzca0(G&MBE3rxe9bJ;UJ zPjmHx>?^fm`~7-P!ooKUmrMK+q_0E#cG%>*^4Ml3s?QiDRg89C8S&#OT;YSS=t3RU1;8yPw@v8qsl2qCW3pONp)g)4c+-4J<0 z6%*TJE2<Xq<;CYt7U0Z&T5KhHse48y~?YgGOhC$XY$WiU>rc#gqGrl|=z(R{ET z1c_eKQ7~7ebK#jym@iq;mK5-QUat-%=AjNYur-^0>r9yVl|S0gVA^5Qfny`>6=P-8 zk0xP3SU!EwM%(vh2kB2js4DsC@pEp#1?ptFl(=)k*%(4W3Rq96ZYA=&W3AjGZKe;` zAHAMAw^!MAHL`kf7ZDwXonw&)t`4ddsg6hl1EjUKnX^KvJ~&?Iy26DT7mP-Dk|Tr{ zeeWHQCUK9CZDK3OXxXXff8|%?^82=@#U_VBVe@YA)T6&7ffnjMF&tG=6x6$6Umsp zgAwFh^fnCKg*XdHUp&@($>b^U9ZiSI}tm; z;EKn$M?lRsx~{cH17GjEvj+o;_fRj+R-~|cfk@RCs&pok!$Xa?39^IQ)Jd3(Ro_9J zhraYfmg$?VAk8uP)`X=`iB$a|0hnZ}g^4MZrc-H)v>k^mF%qOJ8gIvDt0Ha8Rq*{1 zWO>ik$bVl@e60uN8euE-e^yqbeOB$Z=k{tWNVc9(UMPEuO)&t1Oh-H>mBvfzDmL3A zh@Y#v25)<>Ck52(UkQt<`A%kj94=e{JxC*K)bV)A8gD;O?!Udh&o6qOU*-#F9kuQM^00I+OF! zsYFu@yO~73LiM;<4n$GSJDYWy?F>6q1i0|N`K0!dp;TX&z+vM!Hc|J>3Zg$JffDdK zQ2`~6Ue2s7P_rwYhdr;~E_*yBEnRxzP;alfb>|{~1@VtvkIvU+^9poh4A5I$$s^h~ zmB#|MDJ37w=d)SLDUA6^T3PK3hTcz-aBbzN1ecpRkfreldXDA%hckCC{W+OS%cL8L zMQR%Wu9rAs*jD9fJNMcS34#{9o?JfnIoDwV<~wfR4O)BUpO{sZu#r3!Y!&TkmDH0r zdQ6AE$XCU#youpC(_teSger;We~#jHTb`GsAo3Bgt&)Uy*JQFLc~W%bTj#Y_{weQM zZ^$@OO2xEtE;DvFkhr4EV*i_lLeV;jz#XP2?O?r0u!rzS`&T-!?OlCs-rVe1O&DcR z;uwM}yo@M`*)y0gBaq{zwr@!HR1&Mw5n|2cbEpdgcCus>|K+RdIK}bN&`q1)K|Af% zKX2duukppi+)``gfGag8QR4CT-C+8*_n-ZEVbV_5GS-3>K6tai-_VOT{E!m#?AVc3 z{4`_6*}UXBfnhu62~*hUi=ikmO{6#@IqXPE)A!j%5uJZPeu3-vamx=t{huqud73?D zF32gDO{JxkUpkq0`TJ>fmOn>y-6Lcc_pOUQ6T$U)I-*`hp1vR}>hchQs4^c_L#q~4 zYUv;%udDCwnrMCw?+j9fPi=PmmTnw`Irv0MX^9{H-Gf+!%pD2M`mJRhdh3AdD#JBg ziR>M6E?UW|A{}?$u=uK_#%o|jiFTUx)13}6au&vG5pFRu4ZILDs<~IxuvG>7e`dk( z-_DBQ2!9_n<$E;XG?;%RM9q1gE7A+%a7ieQEENDnPF6(PBvPxY4b$`mxa9lCUj;5H~rEb z+N>UBa#oo%wvV8A^w4R1yd0-Yk^|ib7$P-eF#7Bw{2gbynq4zXt>7csvmnn@TASee z#TxawXNyU0HiK65XHM0m6WG|BF-E)l=AMUnz3;r_iNlS{%O2YXBe=KJq5)6UOD}+d z!mu=I9PyxwQ@EP}Q=IJYS~iuyutigiTAe~ z5Ep@}{kB79XJ6s0%fJP?^7RzLqD=N$ZFDR7LrLy`T{)GkJ-_WD%;)uUa5*H1x{q)* z1fxka?!0~(gr+YK{$Jyx3K>Fc_m_7CR^)w&z(HnAW~$J%IYQDq`8jK`u*sy5h>a{% zWe8xWgW5fD56QPo9I`wfek&|r2<>gU5QX}YH^gZ%$<$h3b%>lvWqE9;3geRV5_C#7 z-)9R~=um=T)1Xj2^SIU{af9&pddNGBz-(7?P->H8=o^`Vf^@HWwM3NHQ|E{JWM{2ON9CJkK^bPtzv{mf;PEpB6;T z`-%L2OSg=Uy4JpEx0NG7R%l2Fp!?nm;`3#I-tXQMfc<9c-2V<_EFk{p_YOq6vmToh z`CH)e&OUHjqrcjltQc(_{|%gjbbEa6we=eg^MtjXb2X+m4S!ZrX%fl_rqAeU0*4zU zwR4$u&ffI4gegc}!(LCvayUqEzF5;__keZylTdoifZWcyKaDF}b&H2_J{M$P3jd;3 zP$ooZQs)Zr2rLggi$`6o{A4S@9U2t;>rrRq{V3r6336HZYfDiG!8#b}7O9dM#@rEE z(S83g_ZmCFBp`q)Qi~w50)PdR1ua#fP?BHGTk*NQm&HE^VXM-@A4maEkOehE6P?KX z3-^HeFKAbd47DLJXH5x)rNaw+R5f+AH(Th9g~Qod{AddmYVe4o6Cx0S#$*|SG)>Vo z2(qPMgs9 zQSh|$0Ny_&)6?PMz`|$zJ>cI*>Fv=Psv6xQMA3S_PN(snm{}IK2M(uX(Yn{?PxcoP zZnTD0`moHZ=XTe;OA}+AySTn{PI@*sjS!DEU{R|CB}-VhD}3{$u(^9T ze`Q>vx;xJ(Awn>S0F0M`+#ks|*+r*1dvgL2ecHZ3UW4fp9_QMpH9V-h+n!(Nft?F8 z$HQ%jN(EXj%}jA3b9G(}UK+0{YvwLu%T-5lxEITv%`pTZZ;yZJ1&BC`2-Sw7q!o|% zl&|KwSTfkrE{T8yx){g7NxLF`{XaxTn>Dthll5Ec9>Y4z#2or6&m9 zLs)~}#qWw|wV%9bCwc37hz?G~;i#yKSL(kz2{De;jq)|Pq`Fmmv3sKapJ5s%;C>#~ z3?`Xq+)yc|RwG+pZA)Dt4~lk$s&TfzFs%LB(Y!RT)(Y9Cu#Ug?UG0$!4vL89ZivgC zYzT!?wZT*mUkqG#j*RxDLZ5X&l0P^7{8qm2Obo%rJS-&Fu(zmALk6W3YX{`U%YUe` z)(Hmb_Xi#)1Ec$A1@L0JpzXOP0atb*gIbD>HQ#!hFiR8w+f$xD7)lJSnca+i#t#q^ zlt9}bA=&aL+7h^rx;yIsjpoA)`UwAchyhvva+k1_^F>wA`4Va85nKh_`X33Ek$(XD zw^vJZV~NS?S|=$~SP^*FFv2++G3c=zBp~_U{(A;ZpdYxpn;UbsLeISPl5Ja?I3$p` zRIQ>X6OvpAXc0Z>n%1e16n$H_bPDGLWE0W@q%S}fTXBnDZ?qWKU_wu#T9VZ=L%H*- zK^63s-Go#A-LZr?vuz=fO{OD}nqoRu+UZZLYdVxx+@=|a1kIqd*Vqy`a&+@4A_ zf?3nV?dp^RZIDCHGR51QgeG&LI3nWB)jDQBX*!E&rEl-0u`|HdS3nUJ>iOwxD8{) zFO7zYnU6lp%mEAJikZ+*_}^lTRk<>Iijdd_;JjXY>8zaxB<2vU;kl3(rqFWf2|6nO z@MEKK5w+7x-^5Ykkk7(kr|C2A<4_%R^-IO}QGYf=pq*S#S!upy!x^4292R&jNR?O?2;tEE2QgZ*S6f%c z86)*`-^?X@qQTRr`jUDb>+3(FU7a)4H3PaN7mDfyf4OK(b&bl(z~ugVGG$K3*_hKA z3OQSe<}!2K>YW2)AKPEgT^z(Q`V@fq&bpx+Q`2C_Qw3 zVgDlYZL#_T>RIpUU<;CAp;Jx{DG!VB*4Geif>L})CKLHr{Uj!;b=mVqdfg{0wtks6L0EY7035E z5Rh$phJFFQQNwWZv)2f^A_}q2@)1j%ilvkRI7HcbzSdx3mg z8djXM$wK`k)NBXkG#j={p<)LFm7Je#=Bc-7jRi$VcZrPNR!(x8h;a_s(4o93Cb+B9>FK-V$Z)PWE={D$c$tD+e{`|8kAWjDb zh$}HBT;?4XRlIx(Ru+6zTjb&1OM?G^h-bbZhY!qU^i{ z9j68&2zLiQVm^niB}k>NhMUjaA$fT`Ob+7LU^U`a7(>wcHc z+1<7p)<`!vRV;^gFI(N#1b!SJHd75#pPfekT)*5T4)aRA(3i8t3lhu3?b}qHL?Lg@E8t=u9 z4&r1mxqt7qCc=M5pu=QyGXm1!yk16gTs9~cuOI80nyY@!8mWm=+`$&s-^FO@bg?(} zE0Gen{eFwS$&f{3$jgd%&o9jyftSNYB&%JbJkAzA|1{qf*+ayFCa|@yJ3=if7(*b| z9Dc;D8?_qCVY)ZDcnwlls&crG`~lQh3w_W({2SA%nZyqUh2*l^LRHu(kQOBjQ|PCu z%5x9odW5+A%5ud5J>94te*IDW4H~$z*J5{=@alm8?@bvpbqAcp_z~{eAtt7N*%yorPZe+AK7!h_(&J52+F^2};QnaA-G;wl<(h4NJDl){6_eHyJ$q!iN!7 z#0vfyzX$Z7w|7$NuhP0Zke1I@1j&sf*76!z5SWKp3JNpsG9^8q|)MiSBjfCbZ7B2^nu>0SVF;W80 zXgr}RDz9ZX!*eM~!A>Be=7M$_QLI+?$q}tpk0105uUGbJPvPq(c;&H;P!|XNN%|fr zgNOsYcz$Z}p2+hq{sT5=+xWH@}p4 zC9+t2jq$Kk!QKgPUd%rVsu^dlr)v|9+}_Dj;YTD}X0w8VlCb|wu^LIaY5&$5fudwy z^hlEkB3D62$lfG`#(REi=c)Q!6mHp|&&02qF@U5f_Ic?wX_O4Dh*8zA_zx5|{IGTX zm}DcWh}(_KA4@aFqW_RS83I#Ps0%1!Gt#mAstpDW7L{LZ6$^h>TsJ!E$h4u@>LZDc zz_OS(ON}%}KoyMjW2u%?zB69dIP1eW&^KaF-}$-XQ`SM`@_XU6{VtQZ-E>}i28Y*E z{s}jZo#1I{pEYa;NU6Gu?5_U*qwKA}s_Nf%Z4d>eySp1fN*bhl(JVS8q(i!-VUf}y z-HYy&Zk6s1rCH=6-Sht5`+4^B{;>BL?;qe;!^s?T&d+t7$9W)%CSbthGFpo7wd@53 zNGRXlanxa}=|+YsV7nI+fWbPRD= z5L35^(9|rx=s6M!A%!1{F)wjlEkjUSsXBoo8UH834Iv}`YNmbD4nAlgX%gR`Dv3N4 z2p!Nc_)pb?Sx*|o4Ey+XEqxFI^rKcTjhC9uE~Qvotp6BL%0dn(6)oU2QZ%4VdvpYrS!Mg%tB1f3F^tQ zb3f_*p{xk=EmEcC-QOml+;mfx@W8018B@4rdh7FpWVtmwIjrZXk z9RhqJ4e7MnL|c227JF*2cYV?@UT@h2tyZ9ev?!`1$#4a^)qs=EXS!y+ybI_p8Hb#$1^JUjdxXQbg!8D&8+w0oifEx{iTb&-Yq6{-!c~Tx#>bqH-H#?lQ zVcux2$!7rj=j^sTL4RQNGtiXV% z39C`#G%ckBoEB+EnkOD8HJK-x2d#C5X}Tm?NI+r@JT;s?%HZ1fB&5?U|084X-33gI z6ZlxlFrvV*Xj9G7Y#%3&KGwsxzp?4773{V6HRLv%bvK~j)vhSq6RsPP^@%5>X=b@3- z?pvEDd8o)F-by$qhzxS3AzW@uA68{6{`0ZN674?+0J67qKp&yt$FS7*J~PgJOTL5Y z%v3^KvOpH3+g&|{J^;^U<)cQ)!bY8WtkH_u;tb+Q=nMa&C>+Gju`jy9$xA~v@=7Ld zTPG$M{UY`&q`33~n!i>-vV_!&Q`jYX*XK*uz)s)`%eFV-A4KzJzN1d}P-mGM#ag96V`olu<_G=aA zkBVaLbob?yR`nO%pkM_Yy;DQ5=UHy3ve@vVK#-RlXT>5mMazSl0hCc%eKX2N^N*o}C zjX*jcDh1RHzqlTbKF~vwYk?yMFsrgp8*+aA`5_|Bzl>tz3#L_ znK2t|fx0vAx=Es4i!L79@69Rjnr;N^W$^{Q#e%1Qc|0_xQUXG72kgM8>eV0Z#fQDW z2+`AziemxwN~RJQrE_w)9VF-EGUEhI2WKxf-8+q`68o+MVSSaP@ANemYGF+@V@zKa zdQe5)vnn)}D*s}`NEI;>sre0t2!EjHCS$MLZ;d5eZ>+Twq%yLIKt7fPHj81hqv)=@ z$wJNc{$b5EMNJ~S-niP@BZeH04tm3=^fR{8>Ii>a>st17CUDsM-zYwf2hQhn+YOXP z@_&zB_<38PP!Q*ePKCFrQR>Wm?xohANgwOiyW_r= z_$t2cSrfmp-@bw{8=hMx_d%Xd3)3!*{vrfbGh&3Dq%{ARH?wf7`F*YCi4UMm>T=qV z4AKO|AbODyNxi!ev|AZFUf>c*XyZ$}VQfu;1yn>h=z}jlDm@))o}VY5LpjF$H?K@L zhx-#u$OC)*E49u@M?+tI704O1v6A1E^YFX#_V#ly!A^h24w!kIAK5-U?*M;R$4Om! zIYQOCc(70u_@$gLdj3S_JrHJoE5GD z_qgk{Qbt>todrJ5ZY;U2`hVU$rrd9Yee3*-FfyOl;>B*ybl*}2G`yB9+$?{4EWHu= z&n{}Z%TE^@R+DPn2n*kHMZ*&MM7qSuv|JwrYpuI3%8L4^dP+N=KgiaS6#U36b(U14 z6dai2JdsAc;|DMr^C@(hy}li2@qkf+slLSvy!mU^o<3nEK(c$CGKKzZZuu#jG3m(O zvEb(R$OI!}%PLi@v5vko<`)5SOpAu2Z7Wus(MfO@{l1cX&NKpkiEg*(uUA3U`1K*V zdZ^ruD>za7M06W9rt+%@LPm&9A~8(wZZ7~P&30fzZ#;^hLZqBxcVA^T=vBAY%b(5y zwFpj&yvHqr7n*zfEan^|p(&JCeN45Ec|me#rRgI|tu*mDe-y|F%zi~1rn_c`Gb00> zz4O|TKpSeF$({-qUQQaWKZl)`f#Oxii6Vtom zUk~NHqrGY+x?AXHT|P^u66gA@g6;WwZLfQ{R*nwaX-`ovNo&kpexuX5^)0}8ZEne9Q;Vj(fL7%BNv7KT=O0u7+U;> zVlBzL-uGUnn18OzX>sL0LX@Z~cUQ`g8$)c>NWS~M-D^pC;FI-aC6r#}_zB@DS~AAu zHS7ZD<<@t>JoJ{%wknmEs*RvN32K|hj#bB2->#B z#8>b6y-7k0&yG|za93B(7o66VJ6~=G-XyMX2%(=3XM;7_r-H}RDa6Cx(CZD9bD~=q zy1sISl4p8J+x2!$#zWMuu^-=tz=8^+G1|Y8j#8%t!(Q8eA^mfIHl)4r8+; zln@HK_n${5@Md6I?NGyPdR#M`1hSUWu=2)zXQGG!eU4f1Ridr6Cn3Z5usxyzI|n19 zD#>;UJ*mxQ`dG;@a~;ZxPda_EwVrgk*?4_Cm5>A(D9gbGW6FQ>k5WZO;piA6TR@J& z74%cRI4W^Arc4_>9M#(*jjz{I)wn{X2O=zJm1v0*dD6y5M2MoziNZ5qA-^q2g$#l; z>l*dsKOVS)Md{rLqQFYSiT3gLH+CNMNWJlCt0&-A#gIplUn>EC93vl3l00H7_hbA0 z$wLnWLnKj-F6wJ4n?K}OObTEv?25N&b_S+pTAUHL?y>^3E2NM?U~Tc%o1=`cxMi(b z?)$~>DtRr+D0#hHs_a0Rto*0Z8^yMn0%?q~iPs;p(y!MGl^@?rSUFMx&b#NY_nOo%NBY?VQ!u3Q8fx¨#^g znIaFxstjRf18=X^^FKFBSsSeM_1D|dTTjwjQ|S<68F$&9UiPG7$7Wr0y}mSsqABty zQPk8?rN~w3Zba+MUo_b+u4Ji(Rk11mx!4_>zt5kX-08A2rK^&ey(8GTpUqYn(95@K zJ)`0rb(3)z2C0PFh3`0v+VOKUDv@Wz2Ao6L=SN1qi{6t(KM(^osH!O2;&p@n>CgUf(2#yny*(xK10ldoonC?M@#HdFg}IXrChMw zcJnUP)`uucnWc8LTA8lo0u%4i7Gy2td=DFSEl5b*pt$t&qVAyKkN6 zCLTd@7CBPj6xif?TT9~6CH76R{>dWTf}vAHn3@EWo*vrS3tVYZKb0M8f!ihu&SJ}c zk-6kDKKf1`?C)kW7sQLYxC0@mfB}V6Tc6Jrz1j=1rBV!O!bLU>Xuajw(>Q!^!O$!h=kyc1$DlD!;vKG1-lSKZZg-~#s1M7E~*tRMPu>eLm#T@@8Q57d7z|` ztPYb-Pog{25A;cbI>>{S#^{#SrL^C+81v>-$a`>JBYlk#Z3l^Yh~U1}&J;F;djF% z_JOEEzT~l;O3&J;Uzy%0Js;_$;dG)o1(@5|TPS>H|536ord79{C@cP-fvFI)MWP%epAuvH5HWL2t4YdG&j6_~2-lAS#q@Yb@YDxg_D z3zSvYzbTaXwneR_K2raN<|PXS#^e!*#q1ka_?M066edDMPI;-bPio&RySHOaS6m)# zCe!F>Uiqs?)wdIGts0bH949{x-w6I2nyF{8IQYMlLy1my0s7JkzO_m@ouYqw(KWdr z8Qynm_j#?E{J+T|`VdBY7w$z*1$MKHsT3*ZuCu@cRZ@Xh!Yl4oFv0bOJQPh8vcv8! zp|XE)L{e_*x{WBO4*T_jTnBws4%iE}E3qr7W+i_}`;5!)EyUdnJkU@wOPoABM9JNR zYD@2qK8D3U^WS1o@cxet6%j?hlc_Z`8rzcZ;f`oNdMUN{F) zD$5MOmF@M-@TjJY7nNPdnI|ny6&Eu)*km6hXkYP(2|pgEHye@~Y8?VlnRtqFWQ@;Zc{k?K`kg@q(~`8zfJseyqMl9kl!W7=kltDT&p(oNI$INN6x{%Uf}iIq zlA17k5SqF3o_LM|y-S;x!L9FlN-y?^<)a|*k0Ar!LLmpBtBY{QKWy{e^#VivSrjc4 zENS6OoW~r~-4$=BhEr@B!QO_L#X6ZxpXKV7oSrsx-xc?o z$P7M2$Z-KjSm$GT6K+W%T2O&twZX!2JTeJ=i=obyl$jo4dfulEv$De@@JeJxBZ#A<+u-MB4;3~eiJT9^N@ZfB@iOx z_KRS3%9i({BCZHZLZ-$nITw8*rxABo8D>T2aQ4Kik2)H{rL7cmzc43#_6+jbJpUF0 z=jihPq(*fY)UC`D9O) zqme7tBq;5Y70br366c_Yn4rsnkug3f?4w$M>6~D>iUsgJiA&md=A!Wx;F)mpX z7R)yM+@h$!!*U~OWahF}m{!*DzbI7y#z$54&yG!{;nrui z1Eldk?;QX?JN3ra{N%I6d_lsME^_G{^$%q8Z3)l18pwzXAzsPj*< z5zg+@;XU8hMEppjVJZy1U0w^tEHCQ_ux~ksYQBQR%)(O5w3-F^%?FrH2lB$n|K}8H7#_zx}kp&_INj&{vy;3?mV;3H2OW_KB_!)u_-Yo z?bC;1YOXqwO=;U(m9KB?m79m0h!ejk4Id)_Ddw<+2^aZ*j0pQEzW zU3PyG(g8ReXq2d5p7%JBC~5y;WjSq|V0w3XKTSg*ERlU-rJd~nL!kv#Mc8!V%>4lT zQkU8-Cmvq$Cg~kFryHZe>k5ZiWLt!bRWcpie4UH3TmlSg`yfAChCU;a*x!daXLs|N z?j6##taT{)U4Fn(zV@8M_v8~t{Eq?|Ut`a%t}x8-;Z z7g)Ifo99rC@iSf8t@^8)r%?D`gqswx0?ntiEm+shsr%i0!Rv4h7o0j+^Rr(?e@-dy*GMeo1SNOe1PD3nCGmD7>V(G1#;FTfsNeB z{#T-d%k*{>k}MHvD_jN zqcVRg3JDF8IHn^*n3C39h^om!4Lu3?|GtRvJy`q8MAJWz341elIeR$_bk#NARxv^f zofrw9{;}H9EY&^{W_*9u*`e2uHX3gzb0Tp*uXf%7Vdp^oPTPtTdch_TfWj`VeL{& zA=k=6%hE-cCG)+msiius(o{;k;(HqG@eg$4cL=URcSuWVsX4s}Ecr+G2)rbW|Nl^E z8E%x0O%(7a=dQ(&e$*mU-ZFU^kQ;h#U9yo-Uv%}w->u#6{1|{?vZG3v(UVmJ_I_AUq+&)gNVRO)U zVU*=m;SVt~iDJx>?T>5r%fGaa}zowM5^dblm!OxNgxS$xp48=-GY3I!RQ-?_zuYv1`)qIbn{`{4EE? z<760T<(HA=&jFNj)|!tj=x@&_-1@tvH#m+=`Xj>6$-h{w@7HyGU@c*a9`lZSz&KK7 z&@+h6U)umhsr!ZD>!2go2Fb;9s8wW&alX>lxFHgUml-o7$-00%C!KRw_fV z_So>x#7ElFh(o;aQW7z0YdvqML`}(#NMaOFr*40z)4;*g6k?Ko>84W%3TJ0f@3=y~ zMprEjUv{L^gKzmn3-U^M*I-}zX2R3w8O%6e%Fvk2%r}akia%N(&zUGg&4C-$VNw-B z^}uBM0mq&N%JtA|l4IAiPC2Ri?ThV8tI#&DupVH66j{SQRqlU(Y7a(79W-Cv{Y-*U zc}(QI=N-?*QeMQ(Du?fFHc-n{stH#1QnXAap^Gyd26ZWvMySMLnbEkpE%FvnRp}{g z@6Dc{U6gs9f3Q`ZxWpa~L^P3?FvE4;Nw8E{MVc;7-m=&#`*VR^c{htiNUfMw-!ypU zQ2rr{Hm~5&!+nc@|EK@?Boh zstsx#lN3);fVBO}?@25rE-Z}U5%{3Q%PoURyI8jPupTbtmEW=nY@md+y$b&uvCI1} z#4f5;y)hA8N0w}5yk6eRWt2RW5L2Y${eA}TwlMhnF-lN5(;wnvk%$PhZQD(r+Pc)$ zS$D%uk^1YKvQ2;fT<($L*o<*ZExilBU9`Km-BwNo&q_(2ZTaidb={AobQN8p+H;F?ziBYt<0Jo+sxfJ2p+rnc09Mf>-r3M-lh-ArP zJ-7YN%uGXsRSR0!o$)oy0*9%2jYC#%D+-B|gP6QXOLOog$a(U+!E$TfQa#XL_Yx#G zD3F-oI5)7_JIEH()naC^VLMqT%Pubds3|oy%&Y7ab9XoUr!2Ywyos55QTD~)a0bzd z6)MVn`a;L>FlopV?X{Hp zqB6M}JjtL+WrJ^0@5;%@W}8DO$(zSSPad5>l@-jf`Yx3Cq~BM*PlXH8hUu-<{&Vks z-jtwER2;ckD~n;=LQ(6V4tMEihm?7f5L47R-7gGTUAI~3S1Aw`xR+fUGE0xRayY`S zOM?suP1idD_nXi!4s!JihYx@44lmR@y!&EJlROp1n7x8;-hT;X)4`)RUF?C{%7C3{r+#Rpym#DxZqWrnvL&HU(C|Pho5vD^Xa}>Y7 z{&!(Z#HR#rQT)eQda>s=6S%RI5^zXYF(})-bY!9~8 zp6(XN|NJQVAVvWwOm+K-TkGmT<}1*XJT8-y6FP>_4hAV3cob3*+;Lueu&ZBhL^6XwG z3)JJVX)+PAWauL>t8p33@PgB=EDbXVZ(GJfe*@85hHBRp#~h)#6>W6c8^oF?mhA-n zgvEJO?N7xSS$Qu~h&0i{A08HcXZ=XFQ;a1kmHeY_tEp$DR*Qp(*4O-44tm66Z=6QY{$%_XH!^~6DQ9p81YX^oLU)`q z;#s;X(ex>Xx-e!Y?cPi81vMyIfw1biROZ4CQUd4s_t`I+$2IOj0fWYl@dNa_|r!%B$zs zp+8#)m=FX#a*~t7_WS0cTJ)E~jN&PWem?^UCC@a!PXi5rH0NUjJ{m9&5wBPW5;jV~ zjj;$c4aOS{j?1!Z?(yqjY~ryyG_3}?>i)L@m0u=%!j6=xQeDI8Ur%lAax9h2sBmEv zS+TmbE?*ZJ{lAdM@_&%W{H~{?2sfDEdH9CwEtFTK@@=QSp{bgtYP)xv(*k9WkiTrZ zs;{dN=bP&$-uQ9{DdpJuZhqRU+BfhC%O48dwFhQkubnyT^9@H562sa1{4#4?X)Rlr zu*1w)U#Km^SNA=9t6abL`VPUOG8JQ)ehE*D~-iiVEu09^W3E+jKMJE z7!6`BR%tqFW+;CqUOoD^$KUmO0aqGPfpm4xTD0LG2Q>b=!Q;MComPa%i`M(BcG^bb;kV;efcJZGL_!1t#|V^+T?>P>QyhjZe5RjW=8lJ z1+@`ubi~OV19SXD@8EaOfQ%_wp|2xCw`uUnUY9uS?fEtoQtim5fSU{W7M_71y3!AA z?LxNczB%+5jw1OKbSu9un?pRKUWS05UtBRdk5uaq1+h>!9Yc4yd}ih7QuHmp^R+u- zT|jkGe%Fs6^O!r-LD4Gf;$Fin;=5$%kG`6q*P_pUDJ?jOT&r0_Bne--o_Qo%CP zD%%E?=Kf)AYb3u%X9kY3i$~SVun3j=#3^FiI6dCy$Z5Lc?Aat+SuXThhf#@P{Mmzd zimb3{&CgbaF7fPBM%*5$)5F_zH~>GcJ0rqeX+&@Hx z{EbCbg`L08WfaX>i?T z*UjpQY*RO}*3t?UgD?c3;!bi>C|s3HLqKzc&bk(sEnR}5C(wIteLcfl499@co;vGHCCA2+dFbMQEDu zFqnGFUl#dI%Wo9sx0c2Bt%96IY)8Ff3U*q&TM z$2{}KYi;NQP>7erV$uCx)(IGzGZ0sGP3ei_5w{DCeTsv6@WKSViOVZZO6~GJfWVe_JJzh?_uxL|pFh^pqX?dK zix~s`k>V{@=$Pae7;m14i}2{nIgWLnDW8J<4&_M)3JLg&qJ)2ZV*awVlH9<3;C4^k z8AE&tII~%kkg31&^A|N#?zXJ-&s+<5a+ooVLy6c|JPI zUqmjGAcXSDuSZ8)9#N|SZ}XKJXU1`&9x!+4v5R`9(Ne7H`<+MWK~aMHMkTS3I>aWq zCT#3@4BA>U?J|rb$uwSkq?+9_i~e;3K6Aj?soi=@*Ow|1vg_csr9u|NlZCTb2d!TB zxJeAS&y=JE(^(g^V3~OipGKqC4@jeUv7V(L|1G}hi?c{jiBv9l;)5+HF4+r7| zGsJ;AKuT`R{)0c!08p<+xVruofc=JJH>@OQek)UR(ikl*y5mo=I}pQlqhC38G4tA4 z`~-OoLZ=YKyBm3gx()ZD0E*POv0vz&#M172N!kd4ruXpef{mf**av(EtmD?fhe7W)dJ$ zq~`;*;gk7ETxj&@X<>&K6I1Xu5H4feoAiOq_SZLB`{1YIt4GlSy`h%|H6|Ni@euZk z&3*NMIMh?99bGFeZm(RfRCfZ`=cEy}Z$8~Ix@tEsfK%_d|0Uzld~nG1t- zb_|;}`UnVQaBnScTUS!gV0l!2hn6mX!n$UfjQZ=}P$lUZSwIK{CTK(3WCK-3HDSMm zxYZ*ZtHl@F6u%yln-TYOT;Z!xVyxH)i7^{g^RG8LSw!?#UvqwYQ0nckAD|-!uTb{n zJkV={EE|(auc8MYhX~cbe{24Honnd2u{J*#=WoOQou{NJ1@U0*;Ie$f z!1aJ9avbB)k!@?|6W!YqMX_7vBhVA8!!@`0#u@VXquh9di6an1570-OFOlLb(7T|t z$h@M^3er`_@qbHL)~5f_LEY;sP`E8iEB$oAz;KM8lEydp_?S8;zR_+fXQe&d6al5VkMPvAe{XEVg zgUp34Z45VkZqd}{IIYQfQY_$N~N`fC$v4s< zW{E?$O*i?W7tpY<^s9WP0i|@p@pnFxIZKbD>(OE*<|2}AQV7k;7fcg3dcxrOBVBd{ z%0`O)#0($Ym1qq1>Gu?9d?zxKKOQo1M5cKy3R0ItEkMjNe|Us--t!A|RSFhaI`Q$B zSf`8zzdbkU-iu+BH^w%9KsfrqvM2z&BB+?al0eM>s8wSEyU zB{cPlD*6sHf@2UM`a~3VeearhZP_XWv{5V!qAlY-$~fln)hHi`L{F~MwEtp1mOpS) zJmHNUUt?$oZBNo|R0GWMn_Nu*P6mEunl%7>MH^nTbK7}8JBGG9mM7@A2O&yaT7)Mn z#Q2gi;Ied5f!#gnMKqgv-6%ui;{riHgDWd zc+`5xq(~Ct=A_RiY61ja7)C6x)OK06tnFXh)C`#=f(+$4RdAq&75 zM^n5Xfa|IMR0gkczViS2wW>lU;-5v#zllr&5~F(ldXFLpVG=|{SBiCz#U1>{kLvYP z#DJAkS0JGBYT|j7EyzrgWZ-?ZVmCXYVN4yh_%^wJZ(+WPG^wGTq0MdI+}}=gT`<;x zu3W&X1tf0~?%d-=0;Fc!6KSJm5{4<-20IF;i(}q=kqw2#pzFn>=|HHWKYHL=1%O;? zTdb>oP<&OO9CHY03I(bc4N7;Uu)ZbUkp@SJ=u4W5r1cfVUVVH~IzzYhqE3?d4?@ws z;%X1Zu=qX_)m^2m=E1A!4dM02)%B1fujiI5&mORi8GBOmYL`9#kiylyjxAPj0@lNw zx^4CZY%=^~`Ku2)A(Es+&AzN~^h&MbuYZ);&4>sW4Z)#6ll9d;0lgsuJFMsZIdM(} z+fenymZbP+pH$gMg;>a#k5*Ft;1E3(T!u|7&u%2^1m!`r-KopYa^@&kesC@cAtt@s`*ceqJ%k`&!poh7+ujFknlV%= zX00`N@L97AGh-sirw7>$CGvv$0n-wBfqo3~tNtA)5CCb8^cbdLI&J#$ZpgoFKNqZd zwp@V+D;9h*)6DJ(Ul%ARWf(-mEgbRu_%e)izO`&8W2x~5k|T11T%5#VXXn1q2AV?w zEHuCy)%kfQ9_!9UJk2t*8ppSNu(o^H^9fK$jwbVpF3we%_&9LK*%0UV8lI)t3>5bt zGBibmxR+bbz&?DS)=WGzez zlP^u@h$T``T4H5mb~Y?m6{{aM1M_kK>qL%{YqGsV7GR49>tAhay)YxI}phu+O)`#Op4CuoZO zmFPav@tUQW6_#7|bzKmpl33LrkWb@iew7NbxFMjr`(AjwQOoh{gz%3eqCFtmkNQQm z9tThC2-KaQY4)1OuLa76&$`@X*xVxU0d&|Z^P=NJYxBnETTQ(AH(^~sB7mSO^a=+i zmyhz?BtViaXi_=gA=VZD>?7S(pCWUxdq8^-DF*SGJ`ZbXZ-F=eS2@}oQybM~?q}`+kri+&wym^F8v3noYLfzGno{p}3}D)I;v9AV z;V?lTzmX4|KolKBGL5M{N3u_R5;(s)(;FHCHTeEVFGK02=y0L;CPOjK5dr*1@K?%o zGp}>qt|2LpPAw@EytObQ_OE;Pq!14wV>VfC9jv%@*|cF8PQBRfM*^EhwpKQ4PjQ6t4bIxOhURI0tZRjpWuQAde}9vFD{;-s=fccA&>t@JiPfv_K?fs{&E$T{ zo40VA*m3LTw#l}1E51ykxyJxBW6^>q{H%4Zfg_`vc`?7AxfJ z@wuXzk?d85M`Y2e*u9;u;4eHOV>|ObQR$trV3P}WWL)p?lq-#FG}EhNT|1i1HWEyZ z!5wB2Fz}kSq5+}GT5RF@mLGM=0juHy*&j=W$r`G%@0)dsLgZb!H&Djrd#nr9Xli|d zI+JuQpP)8VC%X)br9A{|%uVC3LNI#eT2F@s8oM+#7TXVtA(Lyg;W=3EMzg<-1d`4o z1T-5k)nAK`mBdGox#%pIwcZ^2CTnFF$Z-IZ z-tJ50zX$?~dV-cCYrh1#Xlqsd!-@>l*A%yVyo`6fbqNX=(IZC;v4lO!l%s46pJ@PB zWW6_DcWhyonT1axSaioQYvo6(d1ve=tels|MT=SqR{uB1Idyp`j%et?1j;=NQ%g|N zlC*R|>K~$yvod+WPwpR3H$m1HDn9~y#yN6flgEeko|orga1k=MX5?-yKP9!L zW)rwBN`!K`FL0KjY>HF7W;0|~J;6|>{*Kqz0%z9-9yO5>aRhoOx=qJEIGR7H25KrJ9o z2lfI}j3sg$8ooRVTc_unelaI@IAt+Si=($cZEjJ_?jL%=jGldSZ!)AFN$*uQ1z{>*N6m{pvRd8rqpd7ZF|2eq4VXDpNn z9r!k};kYcG<`JU#%JTA*E%IPARdmzgY)`#S3T-2cS~9=v6{qq1HkXp`O)lyNWec?i z-LUz7f4WEBH1ohQiQe0%xq-wN!Lyc};+##{EM9QM{bQ~f{|ehNT*7&p@D+IUw(J+Q z725A;Grj%4Rj((Zz!lB2U8!rnL|%C~kPsMS{O zNCI?{DW|{4K?dEP&R`5Sd!P{9R;+sHrz>_w~3hd<t@17uIpf8@l=Dr@3VG^x_I?qZ}RFx~l&BH_cv;&RCoJv6NUD z5|!)YFSmAz){QOwL;CxY6oR6!txZwRpz3r-=0mG}bLV>qz9yXQiwLd2*NcL|o*DcOCC#<_eVgGHn^GJg>UoPMdpU8oHlDHDbR$RjD7)a~fHau3&I#g8=(QE~neir&cX z6?HHJt)&4C$Yfbp1u?1C7Nlnnhw@fjnFb!h*tUDJzVYw=BFx$U+q`3*A0&zeVaXgE zyz3IFm^*KMGC|vduc{gtK)a4~Nz4-6YXJnQd@`u}e`4yMnog*3@3T}$&yD%G$wJ4% zHKZ3Fu~K9z6lmRh5e?g#DYeBau!4tV9L-m6=!$FR8^J%LqUhrIbY8W*L~}o$lN^Fj zPB>{RH?Y3b= z+b=(=#Y1X*AFJ6EGmZSz3C8(&c6KySV${maR~nqu*!PK3WZ>RF%g49vkD*c9HW!fU zau+itJOw-z`nF~a=Vn9M>tZ1K)E3GwY1y_`VSi}mfEYa`O%{;l@Z0CjdFIEK7?vJb zNy>gWUvFB@$()^Rrh~9^M}_6m&z=;j*tz~0elzO2D}tAoN+@XVXn4DH1_pOCQqz4G z;ut6xHDh0(wpUZNPB--i6IWE6!;m5T`g-qbem=2O3TeM(uQ~FZI5C3a znKy)TQK~X3L%)k9-^El2GL`~(X~Yia65A#J^Ho3$W;O$ne&^oh%{i0{(@T9IU8rNn z;r>?y1ee#1@O@J=wbMhTo~b`?qG)w})0f#%qSx#RW^D{ecP3+vuu7YPA;X36g@L== zrYz1J4}fA>6z!!9NTDoJBx7XNSX-Y|WK zjwMk`F|J~`c#?@wy0(=aV`#gMi_E9cPzyXIB1@EE(A9biXxmAEjtAhr!mX-{2+OW- z&^vQX`HnkO&%U&@yg*nkhfgCv9us%n!H1asLK&!m)3#twtfw%9wyl(Gq#S(6;llA? z-4}FNt1G`&C=1*19QD3~{7j*P>0$x+++T#_d!0&EOKDqdi^ST+sV{t-d;+!NTSwr< zeu*LN7(ALiezKTZP)k2TOl|1;$}FB>dtr#}K0MM=$Dz(Q`A(+|UZH(;T;a5k+Snj@ zt{cs#VP(&gcsD&zKafOUHK<>Q{7lXM=FSit zOSg$*>2l-bdw*RMrf}Ez7s2Z(B) zZX2t#=GPI#P?P7a+o}MjpKERf+x7HT7&Wu9m-4Idj$V9Q-N}p;Ps54imxeYkI zm36-ju;$15(D`U>MRx-1mX3%EvhgMm3JZH z{S>3?QwvX%;=TGA)%*hMrS&U3<1BVmiY8MlzYuCY=(Jf}Ac=my^9Qq>#-thC~hp!YhM|PEeW# zPC+XJ$d3qg$&lg%mY%;YMSGl+DG_$`;%NbbK?S&0hH-wO@98~tx3zOamqX2FI-PV< z_16Vu@*C@ac+U*v#co`#0|2|oR6*Q*Nm|KEXP`k;yu!zkE#^<3{V4xJQ4}EvWFm|& z-87G4TQ#R!w*}+!6;v}p(%kTbwRlA z1)msH9`DeZt-a=WXXVD8TKr&Qxc#oPKs5sXkkdN8pWbvHXyDTt?$SB+k8i zoRx|nPHsPIICfwx@HELd&4^6Ldm8r&i&x_O4GWhgBDr=Ce?umJK?yrDVY;tG^eJ;i z1HS);$k2_kk;jCgt_^Z-?@vh&9qUVEi-)&M@r`k9p@D!nYQ5sRfG#@aRn&HrhF05i zyOc2K7d)2TD(nS5*#4*K@zvN?SD18LTP?o#X>mPA$v(OM<^l0Cf+1V(@iY5tUkpbh zsh=(=K3C<(*-oJ(q&{eD>ow5Gq7#;C7zZlf{fRa+MNKnMT|e5wH&u#CB|Or;D6A>g zqb~WSx+IVZfG@y zU-=m6f?;wFmFJ@JdG4b$OvMV!Hf(m(GXqi~NkUYj4u79Ine%{2!;9IsCb5flQhR|1 z`AEGo7{fn3;oYX)Ef;1m?T3_?+Xat-M6qHA7H`Y7s-Jo==3bc}Jh}p(RS$1!(FbaV zdz=ZO&$aLtS*TtL7gE6^dhZcoLhC-mem_dVk`I-=9N1!U{8WGXIvxGgbA$Z$BqYb5 zZljwN03{-NqVsV1Mf{P2VCLhp9B}|veA}N2Zt#;d+TZ2F_>`8LOxBC8m+`6X#fbqN6E~D}Q)J>XMp4%> zovwJb0k>J`jawaVoxD9$Minz2r8Yb|b3v--{OxR5h@`Ida-!JV8r=|lPnqQzHjdJ>^> z;}?4sLty$e_fsG_U1#kTsz^f<^hWx1;XNEEFQfD+)3WU?YprGbTo0Jx*a2sX{2!-X z&9-o6FEY?0#+EL3wjkm%Dk~M;xQyFo7Jx{!^yXW~L?bMA}Bse_G{47rnnF2`Zq9#g)I! zlxWAF2JfK`-ThCp!Mlrw9-^Ib*3kpVXG$#RN}MVt7%MqFmlBSictx6cV_X`6d~Hrm7hXX~=4dP{U#z}e!jmcd;Z4E(2 zHn-qRGpQD${OSk|*M@pJU-TG%odPFcf1!Ty!sTByTHP@@s5##`fc?MG0guC{8vo|# zN_`)?>6cAey6pB)$0=dMzgIRm*tF-{vtk?U4q&?2(V<|@e+vn38;it7?LmTl!)cWN zk>*8G1egFJpv^s(DGxdBLH8TL1dz0)<0ac8PKL>x9~y2}%o77Hm{znA`#rry(6 zoXUYB`}=(m{JspW6~*lngnX=>PSw!DM`q-z#~hSt>9S>cNey@PeYI7Q026HB zB!_)MY}0=7sHv1BtNI5CZ=318vdE)4`$c`^2*Jxcjkd=67JNu_uW@AMW!Vl#^QT~S z$;ZW`Le!A~EYT_!>o%kZr@31~F9ggw0bAhJws;>izeUgtVJ+QV7DJi$i@^fyl0lcn zB)7eEXy6u_*%2DceYMa-2QW98#x*cAh0#X}I` z#=|f1hsSO%;eG+g4SRp0)jHNQ>4By8Mi?XVu@slFy4($QC~>x4ISm=>^qu$-;8W5L zrhzIOTS2Ma_qB-+8vl+Ig1)a7tt8l?85H}h?vu~=ez}mwWLu-DZ_lYYp$_z2s+Eg>2=i1Ka6*KX`L;^W;#S!}-&HiE`y>@uWQcpqC?llG$ zGziUiXRB_JqQ19WMwFCK{}^*0wPYs>`2BE@GrFokI-io_vS+-t!`Ou>)dNwVmR!D3 zd$gY>jXAmQ%aBHEEn6y3iX3h7@eaUj-CsgptIyD%?Bz_t&Yp4p!CJ>CVe*{#9RJ`YeDm~44w9SEt6+fa$Xt2On74vM zL#+E>D1?ednx{&PZpYRJQfEevg^}_5dc3{+xf+yJvz+$8$SuH3I^?}fXF|@lDRZJo zmwjRczq8{C4w%$ZUV-&E7&;s-6)IW%tVSgIZSM_;>D#b=Z)hDO* z9w|3V3t7Rd?I;NMqvJ6)m{nVwCrH`b9fS~UN5RnIlYBqXw3(MAQ6Q(L0!3cnUsl&> zVjkcX&kvV|Xij!3xY?GGfRx(@M1&p|a~f zp0(%I;J)hihgm>VfcLB-y{nA(*tftZ_~a8Q zsczuKG0_3nADG7S+lpZ_aY-(?O962a@2d!mpa1XvL2xv3vI#l6(%PG6(ca{3O46?k|Y6yPT~v zn{pjRkrjNrRo*SL(@aekgy2IZBG|Af_XXGu%FBv<1=Eo8U{=zYH=W_|QVI@Dnpm`M zo!Z1Wnk)ul+I};y-+uH97|7fR8S?|c*+E7~gIG0X%)fU{e{fEsnT8+X_&(J&?i4tdhGmCDR@=Y5@2fB~qLEErllUH0N&t#W-U4ij`Eq2lSLwF2^N?sV z5*@+i`ofFNq7YK~k>D0*7Dgkln0UPaa%?P)s_%-@fxK2?9sRB?rK$W~CRay0@mm8#fu7tTVehox&Gbn(Ux!QCCj5iGlO>pJv}G-rw#1q; zwQsqWb9P|ROdVMLB8Py5${BxUc$B=M;ABx{P@!VTVZtb`e>28tiSnm4}P2CQ5D`Tf@`7yTd~%{F+UN4%xRA1y6@j3OR90qu<5D zt;q-8^GQ=!6s0q~(c;2WfehYk8dapLihBji;~!3#?{ird*$U)cQN1lvl4d(=@xf`dbYlETPzK*XzR4#JB;aJU8z%&8eWEgWa3CmZyc}h|6lX zt(NAgl&>B?S<{ysJc|4$?RlPpSxcEDmAp-gB}wwp8d^ks+Ab?RE)ZFXIY(c>_GksM zvei8W5W6C%En127(EiXAQ0l?6gK+eO%BXSGQC15|;WCW5 zp0rn3%nuCFd{Nwx`j)jw)mkPca6-Sib(5qtfR1Sq?o0f*l$O8CHUAf?S!-;4>z2Cq zbV9yMt-NteRudf}drGtG635k)jU|F`TS1F;40+E#60HXC6aZ$2a8tXFD5`y#c6My# z2L!&R)K#&snePb{GcGTv?`MfZx!QsyP!&n(cKC8Wv^F|@w{b=y3E*e}Ug;@ndN;9c-m3Zm@4=OxQk0B{@G;ZLpO#eUv*BG42EIxcbrycdH; zt!Qoc*5YGXi0xr5Rr_5~yy(ygWH<<1kSZrlnqn<3ThgA zW0R`d3T;;Iw-8-nmz<}?Xxn{XDpxDNjyrU$mIQI7+QVVceTFl9h%x5zx1mzLP93(7 zRINeg{%Shkiv$|L%jBK->Pcn{Jh`Q(OF6nQ$#oeKS7u{DlMyOs^7DWEGGSsjFGzb#;0 z&Lr5tId__C9@v|^HDCHlt}Ae|`2JrxuPfa1;f{mJEzY%rfWP6cfYlApht?0zyNDv3*RP8>(G{r3t+Zpw(YH8j@nR*)6%ql;PQFP;x3SDa9Zf%F zw;~%{Jwxc|ez?#ds+G{H7dAKkW;jY248;sY{cd|?l`BDN)w;I9*z7S-FOR9ok+CNC${<+T zZ)iAC$RLjD#lAHvdc(gi6zOxBbiEK9>0s>nf%2(1YN>h;dUWJ8~d$kK}x+Q+6J?E;nNIE2Hx5UTgGPv!a*?H_`?mDXY_0TmS zzu~_*ScvEf=yl#w-l|*ab3NocQ(w=6m)pnQhk#I&P9X5Hgp#ShcX?l{$NBc>jkj9a zL?MSYq?<)9@u~t#o>+~l_XIQT54fu`fI=}l$E^YaBWxGvdhPv5#-1)wjwh+b3V!di z3E$o8VnG&G0KtcX?5p@Tvis8|y1d5>m5j<0bt%Ekn?6#xj<;-W1B`$lK0Q;u3z}px zKNp_TK3s6)W1)o+Jv?96z^goN0|zF&MGsCa?)T?k%xfn#*{T&M9zFE>wmWkMiAxyR zdP%ZZv}7t`cOJ65Vt~Q8lft{$NRjK1#=N32ylzrTR|NiaP2saw#zhLZEBa-HpVbdC z@92^@zsqNBk9G40*$k}lkkK#Ced**(wnk+yyQMM0n_Ov1w7{S2BP)BYcFi}@UA~-A@Gb>hP82V{bDzj2a+NAk%m=m9w}|O zHv!I%F65m{HjRAvB~y6eVXsRL$!&jXKU@+cuPv`FT=y5}ft0;;vH!VS^~JRF+dGR; z7HGZOSvPODwHP0ox;3uS#-~E~sI}FZIZ z(ZMkS|70&pSNNc*QmK2=$)4-5SdbzbA)>%$nh91XXbvDujkcUGH<%fTW{L61GGR>- zebOFx(4W4n48Wu0Iva?qlX%lkmqO`5GyWNUHu>Nnt89a(oAIS<>`DU#*eIH-k-yDB z=B6|H3FKk&v|9VOZdueTePDhxk~&!$RN!~fz%V^#$1E0(@$XTX&%7SH#J?69Bbk9a z`0!uO3}EseznT(ilsQuhgDZzMZhbabM zX@A$}YW2TR@<&+oI-QdVwAqgfMkE`<)Q6TcAl(FQ1#6hi{8+14-=zT-WW;2-y1QB{ zbd-Dy9mn8C3lV#SU-JrxG8C?4r!pr>Zx_04yKtzYX*ju4_g(hbk&KBuD=gEr13BF| zmy+2d&CoHqXZ8v5d+Bagg0QK$i3GeAo{7|j z2WNX0A@*TqtE(9=hT8I*AI>%YLS@|H{kwe5@0zWctQtDZf-LM1PRxxM_G|+CU~!Ta z8;*rP!FVC;!Dik-H;mxymJK}W;fJLFs$(HLlKy|n8*M6$9Bw341W~gR**7C)$yAEEESKEyj`Ybzbk@O6+rdP3oizdR4%6W1XdID zfYeC5gjQ-e0%Sh9C`6H2tK((>Ta1j?=@&VFq*t3Q{Gv-KKqaiB_M6d@n$q)@yue$1 z^dGN#H3ySizI}%#?sNHcLpCv5PXQD@T|Ez1!Cxq>nj5GG-F zcv{8}rANQCgjkbc2|ZS&O3UCR$QkM0m5uQe+}8GYV)4n|0m?;3g$n=YkG^I7xb9;p0F*WhVddw9^h4}4vG{Q*RdFfXLjPL3qkm8?Zk zkE|X(5_=;ri#T@g-QoPVE0P!?zy{3p=Ov#R+8c~w!DIirmHoxkB6oow&z65WkoNUu z@in7<=?5n#2GvKiiSH)=`1*L(s#X?9AzUI8i>4ngUzJd!NUP8^4%{F8M5Sg+;AvAQ ztl92P;SJ#h49oZ8VcKi%7su3EaXHRz{S&$|XmF|{bygi+BLG>rBueQvc~xP3D4i#f zJbK<0U|aNL{CT}CH~j2gk2ziVn~5gi$OYA2``f#(hNk^vsYj-)Y#(3tQXke@M2wX$ z?%yWC0bpM*qNp#XuhpO|AzPY}wzq6YhvV(2Cnw@}^t)zgH)V{V3kbRH{k8|p+mkK5 z+uYQTzSIq}z+AP8g^|fi1Wg`GVDE;%FZo8V+;(BdV*A-|7)9iCc{T9F$TnFop5tQU zy}iCRqjhqvtCYA@Paf`&0t5xm6AMwz@L{P#)9xW@v&JtBdTukWza}fra0MB7=F*K{ zMIR*n(YA@pR;C^nMeSCz5^{EE;PF&o1FLVDvP0avU?cr>L?fOO-;;Pz%RH3%5p|?P z-1~8M4wdU041Q8$*GMf#nwc{bd~%*6$aE}Mr%8PYehQ)wV1_|C>ran*%kC^h>TWh| z_#@lbwM?N%+@o>PC|{ip4Wj220Zpq!Gg-uKNg8!;t67j*WEW7oM>+4OQyP&DdO}*< zRw1?w|6`aP=$ooLib!XKNt238#+xvS4%LBh5A0rVzKaU=gZmVErv4p!FLm=RUQU#R z$3c&|opcexiRqPH?E@ID$v;rdn74X4_t*Pc9%bu&@RqyRXW|Bu3PxI4KDEB_SZS0esNW&ubXW=Va3(}> zQ{Dp|t{e6E6%$@qaN_}wrSZqUilq^p^P_!JCF5@V(|d5Bnvf8|J~w~=t`+rncev6A zhl}!L&YmP-n%iCEz9hH`52;@-)*pE8#kZZy;~UMXumNZJ)7utofT;cjR;70T zYeS_QZG#=s_5`#+9y8vM6>}iB-yMDbaY;k~85Q;>9~m5ke{N{W``m3~^W4BE4^@m1 z#8cPnhpde`xUow~o*OTa(H@)=yLNY5nk+_2JGCN1Cy^+GTR;B|8&R$^71%!;ctbFb zmg9G=oGE*vE^6KQ^7wzij?!o6_%6(oiseVJ-X(mfzvd-JS{cRo96!8oU>9(c<;nUY zo+j5Dz4wdI$~RxgG+4$sxb~KUj$bhOhpZUc9(P;aGH|mdNA2jyF#(6V66# zH{MxJyq7}{&cb5k!O&&;?)CA6O9))Y?~F6n+7H!WU-U@h>537G(@?Ku>ad1!7}KR? zS>07RqD>_2Xmk#ofrus|iWGe@`jZ}XIC7oOb?vFWLS{6|Hv!jX&89&Tft#I}-O2bf zr*Kr^5=VS%3&Hfp6awSM;V8YVg~m}7Zu1Q;w%zFR`B<}4f;SzEeGy*9_T%#21r-uk zy9S4SqJ<>p-ZPru?lP_d|C60nYL9J_h?79378i;71QBJQ$^|ANaUUZiBF~+H%Z`rt zhy`o;J*7e=rZWrHl@xYuew-_QU4Gtyo&EvlSTW&-lA!;E7jUZA5V~5MyT~B!z2}45 zBS+$9;iyy8SzwzC6apd1CKnrjNcfU0B&&!F-^Tm>8$}ZCcgB#j9aHpH!o$b8Ny28v z_R>6_1Ulm(XnSL6I}+8NAkP}vJcPEc*-xi2c<=(zz?Lg)!M+krqmGe|q%R_89b^C1 z*>2C#XI3M=P2i@EM|W%htYMe6BCB9JRXATjskz?;TJSZwL^Cb_G~dLqwiNAZntKvS z$Jcd778J-7b2;!rJ1E6od*mr;nV`ep$!@TNup1-NG{otUH(ed7nqsgak+bj{my~Rk zIlf}RJbb3rT;H#JE<<|&QFlFfUrIfBkl1_o8-Eupk+;RxOYAB=i^f;s(`buDOw2y3 zD192{c3kT4545X`5kn;=D6AwA2V8t`$)&@|t^~18`V3UO>QU%PCER=<3Yqo3j4go7 zaI4)rm2bFpP|ssr)(aG-HFwfEAdRsKQ+ z+IWd$Clc3hbX7Si$Ctac2Q}d}ZBH%oq_3d%O>9hTD!7k9wc?~jEjb%h8-sqlXo}R-<-&QP zzRAv!2oK-Lt{!6&yjr=i@TcuT%hkk48A@cCjZ%Q@xkGHBXn052-?`@#@lu}ElaPv% zLb{B8>-JoBD(Z8$_K>Z>mJ~Bm-0mpm{N=BN=S0Osb&mrP>poEElMz_c-ZFG&jUP$y z57{kCr1Y8x=ufJRqgsZA^bpJSAY&m*-jFQxpN5BVvdWIz}R^`~e{PrqLyU^ajMx8hVbZK8sc5Q;j zhTL+Wo$Tdxz6?Edx}rA0_uHrAAQ8F=Y>)Tq4LD+phzo`EiP@f~V7YCa>nn&bJ?!`Q z@K)J%*VgC_{7M_Nvk2!JAVk;Fs?OZ~i9y5Wt1ip5tUfkA6BEJ+CqMNL#|o?Om>hrb zTjWw%*e(i1b3Q5n80QIEF;Vai1Nkh>OY5R?L4uQB!u`2^nv(qJo?!J&ASjEl3GCez z{jEro02&>p5fd}6n}Z%or3BW1Fr%g1V)%r!$)3%z?YXjCk29)wnCeCex5tc>{7EyJH#z zoZlrJPAyi=Pog-^4xQ!Q!)UXbm8pYv-hFSLu~hJmzr zc`j=#sl`!Mrur7?^0cQh2zW=A_d>2>Q-M7ec>0l}G^VJkOKM;BSeyb&Gl$XFIS)+Jh>!)F}MtQn3ws4`Q zB(=j*vf1}aA_UdV%e@zeV9f98Xhd(ufuCtYtFmJg z+?K}fwWE{iqZkf6X#r+pM$z4%?L#%ORvi@B1)P2QrG+`As=b=uqtxNRy`S$c5z{%E_uNBA#F7_fQVou95mm)+aM$5~)_S-0b$=mR?p+dB8Fi-@1TOsn*UADo zdoxAG>9etOr+E*xzSJ^TEanECWd0(|V~3(4-%vrDN&L%ik;vAD&xGR0S(oR6uRPLw z2fsJ(_f}yH@x_kvJ25c`!9q8tY35o&rDyWD_ndLE{a~gnTS#L?5_$Dc_wyaUfaj$U z&6i~9s%MWA%~7!uS$#sN-n`;kT)9bqqD=?NN+NgXOT$F_IhP9-oJ#|q0nWyYQcx*T z1b5B1_bhm2wvbs%`V9>Iu4o9V+(6WJ1hlL+@K0tx)6#q~^|d1d3p@!t{7)?~X*FfAw#EqiyF|^>{+UmJVfm=vnihA zDQy=={4M>Bb!|aY=Z6bk9QrPn2-ER`H;>j` ze_5mLh|PaS@n4d?AC$|lYck=I=_bHicmR1LnPUW2r%UPV8RNf0@72NhV8B@IZykxu zVlTH#<2vm4_0=v}UqT(!_#5i7sBp3OxxetNPtwwCTWla00p+0YHO2lNK{2d&{u@J! zCKnc~C*K*J0;S&j1Cht-pEUw)*J~-3e7U&i32p{=MQw1y6-O$!$+GyBUJ$yxv5DPd z$(2Om1^-z9Vo+B*?z;ycqYXDOv<%@cX;26nO(Xk-*4t-`budPzgsoX@NsfGmoDEwx zpMz6%=(f@RxRrviCTRTRvUWo=#fZ@=NNohI!ZZ$3DEz|TEt)dk0D9Vf&^7YL_S65> zSclTS?{JlUN29d3!cZ1>t7V@6{9@9C1;@XLe-Md!8bD)R&uQX`KLC#9$~)+9>6GU! z9ls`tZ9ZX<3}QWYjl6fDk7rP>7mGiBV+u#^Q?-Ni^-hD21jegdt|r z>r>mjWm9&t-fo+3moLYlf#@&B#~(@rJx5@>&OS(|aFu=O&bPpWSf zr!;j8_z)w~rgikcp9QsbRQDnA*_phhBz~|&aerY?+rRLFu<4zK9ng04*4>FgjTJRq zBKbc8Y)a@LfJ)n}L)}AQ`B59C*E@elL#TL^A$;;z92zz9y1fF87cDv?b*UUlg0~6@ za3$MX+04rcNd!G3J-{xQ?-MI5(xuu|X%iQlv`V@U9q#G`*acsp*19;boMxw` zUYJmEYkqeCqT#<#O4`b=Ge7fl?cH?G(|gKu(Mw+Rlr8>3C4PHBwRN9;kqbP>bOtL1 z2xhU~X&e59!d7nJcG2_tL<-9z9~Z-uhy!(dq(~8$z*c^|wEYtb2)yyad`q$cqjoaX zDvP68eEG1d(lZi6qVGxh;u?qf;;?(5`?GKbtqzbOiZ21;$iSvrd-c_=;|=ON!QE0D?D;g`4E_rxc<>iWb$cq? zn93&k6W-?GMXht0J3R@5*$*yr_YR2N27K~>o7I&poFB1nf_{Q(XK%rJzf<)Q&q9KH z{N8$}+r>+@vP4&D3XrI9kcL*qoZ)8rKp^iA?s7HvDV*|xsgaDjg8y7?ST$QL`zW{Q zsEygvdRsc`cvh}byC=(-RGd&S)1#OzpVR62r@*-J`Y%+itv3v%m1EX=p1T2iIJy1V z!2UV$jd+?vkra)@s8u>|w^$ng0N$6KyQu8ivq}3971`4L1nG8{bO-Q`K>+l`a149a zyS;N$g+ZY;fwnkHM^!_EmS{u-VpU|PtrJt({&IDT%+F>+k2!5!Dr~Wqm$b+Uh5pR? zm0voiI1fNStjXvW%k#r|(&G+>IFLOL+FoyJ$x2I|jFi{mlsFqVG#2PewIcjaXJIG0%1GkOQ+&M=Bz^GDJl3>U z`aG5=Gi-G072O9d^CPiCPBd{p6S_`_LhMvE5%sxl8ct_1_)viqzNhUB&jwwzl5A20 zme09we7b($B(ph*E&4P7gNznnF2^eE^P5L>1zOai8~&_E2Bw1-qZzNy21O5p!H^RKh*nV|tQ#zz7t1hU*v3{M zefqgnnxe4($s`Vx!k~CPGRH2<+FnDusCx2iO1_RH>uat^Y~BRb!X(inbF!>;o+RV( zsIjV}i0`0%nkPc?J{Bx_kR@k6)9g`0x1dDz$ZgsL3WBvFely{X6Z%?g(yB)l zHmt$;<@3wrNz_xc{+UC10qzRaD(Z{>Z#kALp@iV9n-iQArZ#WJm05XDtfBHB1`E?D zO{Gt1JT?h--jUUC`~}y-qhP+RxZ1tdf8SInYo&H0rC-r2Lk;&Rf#?TFMJ8Q}Fra{y zwaSu7x;0zRn$jm+pNu~iWc3FTIhLkI7&R3-g`<4U#x(!UFidhqMOH;@KZa<+6^ICN zO}B%IJm2p^oGLP5_`M4Lpih^a^AE~^#OGJaCYQsVHA+3!7Ek!pVAEE^$e!QYvlkal6O*_%+{zNBJpf|Rh48peQ!#tK>zucy z&Us$HEk&F7;RTiVWv)l}>Y{d(r}h`v^dl|*0zbc>c^8ZmCzBA0?4mhNkROsnOh5MC zGvR-0FB6A*@;}mU=&x+=f5EdeG`>8GVMk8>0E9++0r^L@%Eh~Q66)O4D-Sno5Uyl? zOu*VrT>k2yQ7Mi|RoVgm1XSlaeW;>~xj3A!)@$ie>5=b)&0iTc34UP_?6vN0&T0-u z6bsDcG5+Bs!!4ErWT%L1!bShDx7(b!XUXniX8VCWxq>8hF#QZndr?s=O4wU@Q{fT} zDu_c3!pWDn;COHryc$6coHXDjYh@L^?hf?JUMumQnVkH_%A;XSCv333 zAvNCZ#!^YK%dgM!QKD_?&bG?Ia8<@+3U5HXj_8Tc*vLqKBCd&TneWJVOkr=aX}Tr$ zUQ}Et_qH~rD-0^JD-d0El!o-k8uLxU^hw=Y9_CnH*z`|KhUU)_Dx5DR0Zu!z-UiAB z*i>*QE{-x>$4#=kvLV~MK=ISw8_wuv;vK64-(5wRI97x>5vc^1)4&Mq zqxVwh`?H|n4lv{o6RnGR3=9#cz|!$>ix@i2cuN#<`SD*~&(8e@%r-ZcaN=mh_9u zN{<}fUY3l;)ee;^k?U4dk8`!M6xqh)U@$pRf(knZHb+#X*k@GxCAw@;u3Nt5bLYOj zE}oTqYx3KQlKG@&HBO_Kpw{J!6N5(@rsh}O-Qn63rRofXEL-Ai($E`J`}o6LUd)X> zD&hrfvKu#o9=77grBbzLJU!ECOTZ`WL!gZC!>REaaK{yZCbOg4y5iNSusTXC*A9y1 zBbcd(6YT@9@>j0@eG>h!TWh#HVBD_vO!DZouO)$PrdowFn9ud#I)ngnYpU!%rO|bQj`=~qFO{r&io1bu$OuY__`ISkmWZ2skgu9qso(=TUUPti7f-VZanDvfHzX7 z>k6}cc`Lxyt>9c1Ei(vi=sHuKgvX3(5Cqk-%-CHT;(C1SmRR7d%Ri>}ALHKWxGxKg zuugio1cS#G@PEeawwIQ!1~Pleh0VFl*7r|aYUO@tspN#YUI`Hb&G?u-l^WskI)MBZ zP+=&kLmmqGyPme9%lRXNnC*Z@;nc|1(2%biEJN+WJ@JksQNFc^`UH(#z!G6=eXaDQm@ z;3yKWK~i{JXi{rC=%%UtPDS7?k2Y4*9+Lk;y=ORrU|d>^Q`$6YX|ZG(6(><3(LfrH z6zA=JL}SCo8>|4aD2$6D)V#A~x`KIGu!ZqoC;;}QDP4X-=bBNJ`24y^L&7j+<(@nt z`VH=luE_DM-?3WbHd|%q!6BZfPZl|9ZK-_YliL4^MX`8C6D6gh;&8$@Vx48qRxkDQ z=>5*Gz z8p=bXxmB~VpoVTb%_)C29p*o{c1enyRebLN(SAoIVUNG-F|e%UTJM$H(|}29M@J{7 z;@7!+!zDSk0mbf6xK4D7_mwOFd#)-o0tKgYEq|WWORBgY0XzpUhFl0?V;cn?Zl#k_ z2kUgzszVK{@MRz!H3_?OeuJ8axkYrg$+%Rc#b0lZPEOAG=$v zJzHffJ#R$F1H2(nN9f@T z&o{K{_Iz%vNX_Jy zCJeql;}S6{uFWL&oAHQE>m&~L4FO>^3z{uccpNF$Vz)y50-gvz(@3mfafxX+>`fhv zK|}kZ)9Avi*8$nuT?KN6V<~9+T?8NbcA8+{I2>^hTVBh^?nK#8%s>ao=-fdMO6E&? zS8(@2%;o)aD{$z^GzB_kcP?02CM;@NXDhn9tJuTLDZ!UKG>Bl@1!XYrH*TPP*`S3d zD`_Afibz|Ia3eJB3zJ4}+&{qKIU=qmajcQk(u9gU9^9U5-@uMbAR43LjYXGUK6gWC1-O`sBy$rro~U<)L|s`;q4 z0<$-_2G`xWrfPG8qK_-ht@+>iqe5>%oXQ{7S9N^_Izrp=ZK*0zV5 zW2nYw{<%b~9BD6bTS4=3RB4{ajGMa0*=?oVRhzoYVz*ddtSvJ5DYn-ZN!H!pgRJ-< zl61L**RgaPo*hRkx&-4%Y)(q>NLL)~P@zi1bmyA~c;dO1TgE~BWI9X)QyR{DW1%HR zHEgK8UGNFS)gJusZ!K74Sj?5c?J&^xwv_R)Myvi_rCh^ioBUlLS-cZ+cU(25TOX~s zhz&xAaTi`sf|&V~*kr_oY+>Z0x_0)J%FS@HKkv-7%dR&fPw?92D~YKES#3rQW+V(Op$nS&~nGg`%3G{Q59F^%|X zkWKCB1;sp4t|QrSVu21O?F1)p!gID~b!6(HEDueh>08}@TSsQDU+<0%73V?iJ^bZq z2HjX2IpmRhu0BrAT_Pv?gw`W~8}4KYBFJHQw1S*h2I0U&^x^NlxP*J*Ioll^(Xvoz{JCPJ7SCg1$e0R5=-G z_0Dv#i8WaFgm*3zNA+M(2|0qh{;i+OXBj(k0`+q{9W_&fBn7y9^}#lqjyJeG1!at) z*o*67c1hpBm@H&9WLYEurVKn%CQ*@;-llO5o90b*3w-wv1hn(HLge4L(%lbbNyUm4 zm+`+2j00U~gqwnLnKHl62dM7PzmLN@14Pe=6etM(LdE*#VR8QV;`U%VZqIJ zbGT%)7K0UM1`aT&+4GS-m0MqaBa+dlG6Z3E8&&QZWbF3MHjPjY{+ayRqlWAyl+ZYx zd`GoC78EyN^^mvEW3;?zXYqB^yg)zVnHt<|i?+$Munc0!5nz@h$L8h41BJTvANyJ)n!gpZ9E2zu*QBw{;B0m z0X6Pcj#|MO-1_7nubFt=bU9eQ4U;JfeBkdePr9uos*V^|g&QvHs1wOOLuAS8@E|{~ z&Vw)&%r{s!)6_=UCwrV$prti6|EgGdTuKq#;vb0i<2rLNWZz#|(@w_I;PdhtrgZRLYL*#{QheBTC&>0TDVifJp57s&rZXyx22!Q( zcp5tr)hBigS!5Rl5DO4#>t@GO`GCLqbZ+v!ZFCGTe!8+ECO~EqX_go3I>qJR0mfcW zy5(}8dFEW9QMShRws!LfvsEyi7{gJVJdIye?6Q2QS`Bx1YOg9O?F#Ksj$P&89Y{}9 zm=rK~`YK5RNU>X1%}VLVM(Ox?=;}MaL!&R1XFv50n0wh3 zp|R1p>Ao#cVGY!!;t6)OQrCW_hH;nkY2a*hfNKjsCZnbt3?(6E1|Mn4(?l=HS(K6x z%^mCPS<5HuyAc}s>h^#Uukc+QQMPaO)nT3w6U z4agoP4?JmBu1D2`Zp7;0`MrZ;kLK$jg`X-AH#1wXzD?QM0b;UDDU8PN%d%wD3>SLj zUzAbW-I%(@Nt{#!{|sU`J{mqQAc+&u&uFB^_v(Ggqu<%en;tk2*$M!hXNYBYwUnTB zf0&R>R)ctU#PM%@B;Pbdzpe zQq}k82b1=s;goISUvM{;{{#%tKlZ1!e6_SZRE}R%iKmGV*88m!{EDy|M9AQIxfc5k z&vGGuCP7oss#`qGEWM`^!s1$|Jk%QyHGdWLqkG)p`K~c;otEiy;_vQ47pB~ur1qC@ zxENLwj37r~Qk&u`OW%Kn)N5(_@DlN@SQoC;Bsd zRd*W5^mb1E`sOigm3hOlu%|cbUy5{rtvYZk~|A(owjEZB6wl%?nyE_d*g9L}*?ku169uIrLNq&OHgFFT2+{-E$0jp8W=5%j1=CqyO3IN=x$VGEL(bnIoN0OldB$bac zxouELKo3M^VDC!epkchwhmvvF@*$%>`35Ssy0?7y<2F6nV557jXN4Ftr!hbUQYW{} zUM_S7hbUrkaVc>UXUtklVGJYgcj6(zx|0n;_|~YB!W*bykAO1wS_5!YZZ29@C*H(m zb|v8qGRGhUB_)7rkW@(gO9~-ob&APddBnUb;cctdV4cs#d#PWv6trtZLReV#)vAq< zGRfEDauiU7l7fgoEWH(D+R`7(;|jC}Q%VtTovfF|3YvMd=s6;?_a}hL# zW!WUKyXxZMA$%$-jX@`J{g_)Y2&?lpU4zECSSDN_Y=ZR?HBjIPCXHrK4r=0bAlZ1i z&Pe`eV;ymNH^KVTDxqK1#P=;8qpa5zZ-y$q_`gwX<6?J&+JUn9q&-mu`dmlBS9H8m zgKg`lMeNQzGi5&&kQqSRXgJP(3qQyDwd*j_Ne*D$zzon$Vwae?Xo*NQWMyL#DDyi( zs8@7q7bMUmKNi~9)cYwSp3Wd+ocqT3h@14GR z2~=4te3=^Ps5Oi=gJ#cS$;*xqk9;v7o+qj4&!T1@w{B&%aP%|ydBDqtHdp^qUf84R zODC120=mLWW9Qk5cWEF;A%%D|$)5yML10hsG`I080xjM|`-o-1D!hI0H$J$mp!{~E=d)aUmfqBTT;%>|+?MX<|I z&ggH1beqkP0)N zO;P7LF~@8vW?xwSeYf%IAg*tWVfM>c+HS*?tTdG1I9tY6`ZlS+KWBAi24QW(@d+z% zOQ2nvk9bc1dOD+r2l9f#+i?7ls?ltdEua6mCJt@72t_MYNSoYw6EJD4rsH+X&q31K z2SxC+i=#!ftvLFon6l3DVGP*Dl4`Kc1el0DN?pr*9~f^wufc1sJ?8c3Ue=xpiFA~~ zjx1d2PR_E7%XC36^CCTiN@|SV*p=14 z%|GRVal{o4zay@2OGd-V4Qh)V+5As#FQu677LCfs)Z|~otA~KGMQxn zo07O+t}q*2%7?b$c+~%ZGkn1hON^nw6CZVHb&p_7#h&|mQ8838u}ol#sq_{ z$Q_-)x+wuK8IAxuD^)ly+QIrK)vd- zQ^1{gvB-hqX2cN?bykaNZji2jRcguF{u=4ATNf+Lab_H)TQ~09H0d{g_(3E`EAsC{ z!JCWnaP$4;N`^~D1+s(;O~)f&i^L|%q;d3~T@9AhtcL|nsmCgte0eK@p7^SALHLRv z8F@$l)VOfh;~swY0nNBrr2`F-snui4Q{8$(^|1+LFa@SUU=jbTm6jSk?j z`j*#S*dUIrVsrd$-&_9^+GJ{$UfTV~DAZz?#~(Lu*)G>9`W8s8h(OUX^=D-S__lu# zgCAL~lg}|{Erari>{={iKMLNI$~%OSm@CJ-Exnzc$yN}2C&*mOqCDgNS>7;_0zYCK zJCg=F@QDn*g#tXSY}{z~O>2^T4J2FIiZqvFgp2Ce(3|pt81HzvxCh96Qp6BEhc%T< zBS6G=coXM=>`_ZN;rZ5!RD7r8i_&+pA&sOOMi+$NZb_7rOr8pF>-A|B}h5|`q7 zrPId-_3v0JVZu@gvadl5FeJzx_xu~y6B=TOGF{Skh@0getTaj^K-M9ZnbL92thv}H zBkJ*yA%o=RaGr0HacDM&vVi8xeq+RaKHs~QD?swLuBAHlk6{8Xg<=mSN>y{Roh5!z zFOQjHr?ZkEb|4vGnBXr01lwjS@?{&5pHGfCOXz5Pc)ngo?a#jVUg>#|`^PUqZ$R~3 zHvKG}NDzh+99=efD)cKRJC+;K#aKlQDZvZ;c*l%9HI5}y5oyM)4J4L88)WV)awk2vVRWxHeW)f@Yy}GS6RF*q={OeaaKf6rjM)TXV@GgOi@?cM?ikJCho=Z>uf5tEH z9yMRCU;a9RK}kHvtgPRu96iP>@im?nCoBkj`*vC*bTGhumagInj`>i&F~W2+Jcz%H zb+LbIW#RgQSCmp)MeLEDUdV{I2V!3|FCnJ*U>z6=QMbxqihlFW*xdEWLE)+ZuGap^ z2cm+p-;^OnW?BEZ?@m*yc<*jUO6k4aAek2y=jen_=a;>)|9&lQ(qY0cdEp#l{3gmG ztWpSa!`Q1IsfPIqCN121u;813El?8AE&#H$kPz{)D2QQX6fKv?tTEU0hN02WtcoNU zK~X65#v~Iq0gH+6^okqM!*A64lBofz4yj6skx)sxRKDD#ngL2<$eup70bcsZ;n5we z!TtGY555DH1KoEDRi%8+fT#v%FpbdZEcC)kr|8G5n17iq#~*0^RLMX_Jzl2QY!c+F z&KH;IhnVBU@WhNA`#XS{fuk0BMJNkd3LFVmZ-eSH4}Y`4^V~7hlB$7P?4L*^eux$x z?n*;U68Pb$6{>>%C%zR5iYn6o08_!mym|sW^_6OaYrARE@EF$G>W+PZ*PlF_VnhPD zIO9XtCZ%B1vnOi4U)Y*Sqe2J&Q?;r#^R4zsEEi_3kGEMJqFklQl`Sg#%XgA|(8q}V z&w<1L<7)6@F}RHnuYry-X0^i*Hf$?v2=oh3P@|^U9aiRS9fR6Ap&15 z1xbj|^&}fw77h#4DmQQ#S+PQ{p$BTGuA&@lc;-X?&KKo)PjNv8wDo14`{f&@b2uWZ z59^lkPY3G_PJ%9i5u`n55V1GFv`hFC5uQ`PUPOi#FTFUn!(-JI#lV{hC;1b@yAu<= zHxpDb6R#~$1uF~3eHb?0vnL@5My#fpG0$On$+93;-p$p$m=o=^MQs0!@`u5`T#p*T zT|L3`<(tFl7+kIla5`1F;RITOB&xDP*^5`?^aqZ-Mf#8CJNFIerr3%%wE@X@;_e%GK)NoQMmK;-SW_{b$)S zvSFbZwVT74!55v%QjbelM7UM+cDDu%ktMj9RW?cEXQMS?`A_lcVdEC*V!VSkA~YEg zG;G@e}WjzrsO3U9CFM+DGU{y)M^-9h6NRD|-ENIVd?g+@6i4g+_0E7nbb} ztz;x6dkYHA58sKz%VMwn#J!(8$Ki0D3|3+O-U_d@CEWLv;tCY3OW#Sm{Qid9VQ~&q zA6iUEIv+^K(YXK-sg%$oL4Dq-i10tnl5F=R5v)pU;!%ze4W2rY387xwqqlUDfn9-O z|MM6(>t;e{Fn-&a7zI&j{5EUSJm2pdF1kT>{tQ5iHXk@zlMj^U@Ub&!L$ee-X^ z4>9;Vt#Tmz~(7 zto73X~LrI_mC0Mzxgr6e2!I4jPH>b^91SY4XI+T9} z15&HzYW{?wZ8I!XaNExq$WCPt2pm$WS;ndy)>TI@FZz8fOqJ|(DrzSX`LQ9t z7np^qTichc{hE%+Z#nTm(qiE)N_EOBXWME8O5sb=A`Dx0BK<}Gp#vmJwDXqBqGA{0 z4$lKcQ|v4xvlXtzl))|V4W>!d)Ovj_>C4-KNa}+yMt>mKptT6kj{3yf`%r>QM6ZKD zmjGjFWISeVfm*KJONo9Ig_7#^%kvs*dH1d2tAV~I05WcKB#eAy`czZnxGS|JsQ30I zB}Iy-bCYGtJuL+Ysnx9i(L@jmk(U2b-_-)9`(B?I?eEX3Ep0t%`dVaR`7grJlW2T= zkY52{H$m}yBk>oZl>g}%*wPgp9)Nt6=cI+3Z+{V<=xc1|lmX3_#-ZiEO~Jy%R7m1) z0lx5K^zPpCd%f_W(_>JsI@-Wy;%igi)oEy`AX%r^Y6WpAA zc$PgS>yVR_>v;#?IW&lFDtl6S{NBvFpVJW}ZXOo8>pt<&FP5FLw+Szy6C~VkXn_+K zdh_0zVT34rDhCEv5B#y^6TD}KT^isJYALuWccfO(n_a+LwfM(hgg;yoci+J=@_%Yy zLgWkOr(RlZNUhM_FZ@Nodzg4J8#Dx5nJz4L{Zgg!1b(*dWS{KmYxicNxSI?}XjmIz z=*_7=;pfxo_jpu$BZnveTees9W)`lPLriWNvBi9JSWkJ0Y=CN{d^q*Qu0>Lz(i
vyDG|sSYW}=bslUwfD z-wW+K;#6)Awz2{@eXs4_vMf+&y|`BR?g*R-1v^K`sTEME@ZbAhht67tcP z?oq2o82x^89UQ@IknFKHMrhdG-yQE3mpG8|?qk$JL*WVIo7WXq>YM4!7dVVky^>Qm z&Wo2ib{Fe)zAI?L2j)rwSq(Zs+c<;Y{$x1aJ<;`W+u!k_TE+X_Y&+okn-zYb^U295 zd-)RH+#YU_EQC>Zf1-iWm}g&jo8xJF{@Bv1&M`M z8}w%ph$-MJt#oxzKJA_pqdjZ`z`|hWTKyGi8-xob)Y8kr+wp<<-y&k~j7JE*sLwrk zPRm4EOCUc9&_CFJN~#$Xk>>QKoSgLqt4)@|TqCS}Sq^zwKI$I(SI7M1DD}YJRb$L) zqRgMXbvx}mbTkp89S^1tlJv!r83-7xf}&Y z@33|GM_Tg8F$Ql``wr7>KW0E&2HjkPuv=>>hc`6(*j&>Vi7W{FB1```WYIrS$8Sxb6_bXsr1}%Wx}mSUgdu1S*@O ze)n9hZn)Fl1ti{t!oWfj_*D4ywT6_T8s)I>Vt5CAVqvuF@`&Fx!sql;sJq#fH4M^r zL}2C0+&kaL@7v|%ES1kH8;D#5b?I45?@_O49_b%H3WPqb0vgz$PXO&E*&UwxIs?cv zXz%Ixi*WqJWJYPT9P9*juSj3r;vd2r)d6sIg0G6yUVDpi_LFc)1ME%DpnmzQxQ2FG zW|E?m`nTWYD$*9FG_x^0nh<@laIU5*z8IQ&yk#fb@Di7Dh-eTF8c4W$ z`mP1+6H|C{QTq~>)&I4;^;P=>TJ)bT6U#af5x0y_V?FM?{9nDSzYP>H-|YGiT-R@6 zHW|r**w-PZ_PP5fYOu}igN4o#@fw=jAm8h@6{Sps0Bn7PS%0MeGTg)dvnP4Jy&??7 zfM;YX`H`VKbe}MyeCAPdv>sUT2XeS*tmJx=S>DNjO{)qio-1P`9PWXSS2t*Pn~Zs5 zJaI!Y8ynyrx4hh6tZ>})*+Dy30fVYsa0#wkpzH%^R{w$4VX<#*mID7G0PcGLv`#n# zKi~*fDk+~G^K$I2y5{!`1Z6u?;=I~$!MTJ`O%8J^%y-?aym;pCof8#Xiqx02_E#v_ z1y3>TZPm+t8|hxe{1GUg<-9hF@PVU!toaZ2Fy+FGj>;E~cL=BLzkdIsh+fbW#Q8Ar z{w8GMXL}sn+v?Q;uJ_4IaUMTmr2llt{hzxQw$VqqMVztHr%`_vn$h!v#rDzijnT0uUVHGaC{RhAiKro zc)-blKUvHTmf{jApoG|~lX$RpEBF<#smYY`@+C+TsC`DzZ&7ib;Sll)XgzI%P?jQ* zr%|z5k1JKVgelljY!P-}z9enf13W`BjOmvJgO53Sdgpjra^g<#l5@Y2^rU@2{^9EO ziF$*x4Wd$?p!$l3F2w|`OXF?2;bydPM5Bp~8pPFHz5)$`@_;0wQDB|3fa`eM?9GmB0E8c^9EnSHjq zvZ>q^@aFOUO_6(rgu`pLjb}7Am^5jMkWoeurG6fhp$0yZSbXJB`m=PAYX{$S>1rhj z#Ck2RVPYU2l!1Ryw)Uloj!Ex)@XqYNz$zEzw4`8XOh+(nZEB`cpi}2u4`z*b`TAzB zAd=;pJvYNUHQjI<#y&^qjUZ2vEc&<-E16LeD1}cs>!2p`Pj_$}kRf@7U}xhES{;Cg zDh_4w3uybt%sKgv2ulH;CE&U0?{Wme02y(q5u_uDBqD%-eSN*{c1mw$m> zWx`*CZSxnh)I=11WnobZ68+8h0s0aAtH^mAQqCJ(i;!C!-5wRNb@VKY9k;sJLDt;AC z$efRw79Q6k_?%Ih6OO5bH)Lbk)!6}xjHF5)m9p3zFUhw{RcD0O;PiT9qz48k42*hv z(J<#Dv15`uPASMu3`}sD+b5vS+HD)2Bv`BlO~+c1>=yoEQ?-h|4JFJxEzM`KjH-oc zHQZD-L=Yt~kIJKQKH0_E6&hH(?E`gOyb7MEGJ@bukA+U@?6`uwi?fc{*VLCC`|;aX;A|ZZlU?A?Ij5&oyIe{hoP1!&5JRZ& z@$)|~2CMWP>74roe8jvc`gVLJ3K=Xrst`FnG>AP)#=+F`uCHyP2J**=P?1nK)&=Bb zDtGovJ}YmAbdE;!g>CUPUgUUv2NRY(XSVPbRAP*l%bH0ZMo+7JeqYa6HDqR~SY9MQ z?GX;VaZRhZwci*KqMSvbx?LS|#u(kK3mZ%56YHWy7-KCb@i)avkZ!aPB^{E3!9Wzi z!Co}tQW(+*Ex)k!bAMrOToIzgGZNJcPgQq};jsits?CPx{$EX~uZ9cNx=Y&pec??X ztQ5L_RlrN9g)WS7=%|);OQjH-$MxkAF3eJdEh0XmBQ0|m^_B_SdDSu5D zr1$lTs231~=LYZ`j0})G+P2Q0FmF zAhB_Z2sX5i!bL7i#?DgftFm4%&zJX~MzWJAlbDyu85#K0a>%LJxVM&B*!U*Yg+0tF zMv{_$^pl$ExdK%z&)Cn1g_ zJyYBj`4SOQwd+!p`+F&eh2e`}XiS2x;SX6JU8Hn4KY@HPVw^KUg3dErr26MYrT16X z8i=8}377>^Gi9??RKkwwaMMhc%4o_rP5j22bbk>H>ptK9x;3=C4!P=?IoyCXDK{r_ z&2(Clx3iD8p!Rf2JvZny=7cgDJ_ps$|65UhmK^80jSt6)IsWRH)T0K#?e9s0qDO#0 zN|Yn*eOqo}vd^_!FMvd@M#Z1j6b-!%wAXBAv?z>fi;Y`gMFY|e%xczc#_1$~^}NP2 z{a>2>AAVVtFFLoCcgPLujTKL1V$7aRdXG&Fa84S0Z_;A=X+$mj>(`4e#m)-!+nj&M zcBQEXH|b~HhB|!#;@4Sp?`*a=cIO_nfjR-hdeifv4c>f#jl2|*%Dyq;K;b~I_E6EE z`Tb?a=zII9i_%vbBOcucds_QK*mwk%96qc45485FIz*f=;`?vTu>p@<=MnVUl2JmZ zY1&?;N{3^;gnp>%*QL_vQ#qZFT~kDnC%j|;oS%n0FV&L8GwmL;K)w#-8(iUs%;A3J3Z-|mai zu#zbB@>18SZ*Mq}56kI)1CJ|N>W{ppF@aURZ+5g2obY(8jwvfTvG-1gZ8U+G&dS-@7t_z=s*3KGReu>Y^Z;*e6ssS~Y-fkYV$8Jj zX>~LqnnE(tl(H1lnTN8b!XK-OnTXhSOj=)ye}YiCTG%9$$D;oFRj@6iV_{8T?Ys*9 z6hlu-Koy02^{w{OMAd!W_Pae{7DEDq^45{#A0Sz}WzKtHT|OKRmrlrts-`h1OVoSI zT5Pm2!iy&O3I2^aK7zf)_?R`1IYbpzwep5ed-QyO#IMk+!T$4LMi$`u+Ka)SmzWWNqNj~j706kUHdF|2S0}HlCXS2 z71WEfDw3#2HEzg&M2`A^>8HCC<(ch)gZm2UK=8DyC*VM-CRLkpouP!8`37PwLUdMCLa5oL3ck^aMclY~UCA$3@Y?ZIE`klM<_&RBionIG& z><9Z%y0=gMA}G%ciYHNgO5_O78NA2vjNVKlg!6<3WmXgzbJ$C^SE=huoW{J*(SK#M zX_Gv!!8rmnTmrPa-2f83e4>Tni`|tLpVlXOjOF{hc3AyHS+q@>T=;U1FM20Cu8=O! zjU>P=HBepnZB+MAZHzcdr&Nj)7T``ZfO%3jr1Gr8od24+`+K|6mh9NhMr_kBOZY##~i{elVvhl9*A)EK| zKOWGVLkut4?@nflQa4hV6+?Kr#cA}4R9mBe^^|WwwLm`=(hJ8EK}M{!oYh(tIeO%P z1huioOUv31JYT3K?m!?i+NZwIb5$3iCOz?r_Dz%kw96iqkR^rXlqbpQQ_0s@gNm4g z6>j%Xr;OH%N_y<+Mqx(yO6rQXk`29!!;LR+*M9CxV*Ei!CV8;(dYZeC5g7-$!4N{; zo+woreK{}uaOg%tat+agYPr}%r?bqkTc1EBcXgARUC|c}X>r+gT_}a@DC5%iOK~Y| zBh*2kwjID%x!!Qtj^^rcaO!{V_obJpP>Rf}Gpfvb6N||LF1syvTO*>>yScD^A-V>(YyL7d{kjcR?F=rfkDM!au&=CEF(mGT+O0bd zKwmQMeYh3pHTx60GER$7worqujq{r=HiZoRC>{?gNY_x^Ooj$wG_M0HF<|!j8;>_xqWy#4hbfll*=L{-_EqXB9t^!Wqx0@|9`)lbym}1T3qHF5(5} zZJk!MV5&rqn5UI0fN7Ah#{9S9qZDeWm*5Hf9#_9^8!viBz?ZQ2=KiOg?F%WZkwT>5 zm`DSp6E2zMu#n-t?to}SJo2gV2hbcMk32?@#G}>+8`X;st%}VS<>q7p3wXwaG^B|6fRg;pC z5}`_~^|)Z)H!7i-)enZCke)4E-KH~zakcvA*I zM=#-5UmB&!JQKw&@4Qr4=s2u{_GD$xP|x2t6lXCS52=k<%>A~`r)^K#iBDOzo?X2Z za*b`--Cm6NkY5WU&Y7w>-a<%qlaQm2GyVO`3t7vHxmSym54p}qUnTk1Qd&AM(dUV- zp$BO$?T@S_PUkrkW*+_-uXSc;FS(7eqd}Jl2H0l&5}OVNFLq~9sRNrT%G{M+SUWI` zc?p(ta-d{%hN#q+=Nf)(;oM=9PQQnaCaS~MHz$Bz$Cn}B6D`9E*v+Rxl$sG@=XSNA zrn^~2PaWre~TIkwPo9=x1WW zuVN`tCUC{x4eqX%(i8B^QFL_-J)k=)EJnDNhz>30W{uM=DV$v(u3?f$Zfx zK_e^AsLf((uV{O2qFM#ZB&f?{1JVcp5#KBa)^FmKyb&oiq7UOGif59zI#8AnUgYe8 zYU7~KNDqJhMEd+9U+wkPZ=j#=>oZK#sr|j84(AhUvPZfN{|_<8?vwf9>Anp<(k~Wg z@gZetckaGKj(&xvRf>difcF=n!CZlwS5!o_eMgYd@kq;lYqk_CJKRjmVxv1b{&GB* zZo1JMU^l-1f0+4~UpKVRGT?>5clEI*9y`Qkb0U$sd!?4GKH*1NN`ihH*x4&y5TdDW z&12ZvC@fv*V{r3C0he#HBwrCV5^pJeSmf}|7@vL2Y0qxj0P*r2oBD<4F^^w z&c$M_&GIMsRBzl($qU^?wjZY)aifd;tztXPL0GMuioeZ_xBgA2&obHwieUo_ z4G^1egRN0NfO?fuP)6^Ty4zCZm*<>G0}P38AgY_HOLkT}4mA3!HwFV{??NM+RnP}x zJ%P@RD6AR#uH@N+*$5Q9q)k1;J@Ug7;#I9eZls4-t7IiXX#9LX$J>z`jl}LrS|uA7 zSgSwclmkmq_;dPN4gACrg__NhSvX?b>Jf7>2-^MU>UlUj5tmmllSqspe=K(z~hx6mppg`%l*5kE1KdTRqe5`NQye!uj z1?#JNCbaBEa(MlSpP^-PC+|Ywt%o^}yVvsnKIb!SwSxG!8Qq`YmlHWg9sN%qHin!y zKKjN?vyxLzsa2|gX5J*k8N13P@}(G;tNG$(mGUG+r_cA@MtcYF0O{Z(m1&yJ7Aplh zZ$_T=p{`fbN{MDSItLnWZgPKLyWkZ6m(Tw0x9BS6k#9ez?r2G$NwC~XEYH3g4f2d! zU>kpxO^T1{LJ7%l?eYI3w^jckx6AdckUoXqUt0oBB@1IFF}&r)T8y3_Tlq%_$Nr&@ zP2Bl%%}3HNu`a~Y_maEN&3q_$eyTVwa_FPjKu`8IWu?R#LKjdO^0Mv7x+hgWRiP)} ziRRn{R3DV5Xk76B>1T4q-_LTCVdk{7bpN6CztA?AyfiMqtrfg+Mj7q59dICA>O(mN z*r$F3_xJA>)|l(?khC1z{SUYuahu=DAndAt$HjEaTTZqrHD#wyz)i0Gm{pv zStyihAP!rKwlQaRSU~aQ{Wr2*UvvDdH9JS^Lq#&CCw=<@mD(%Pv+b_;eDRDv4P7kR zcA$}RH9rHSm`AR@^f`LFEuO@7V|xRFZbgprC($>WID>e;cn&PK-pjx}A}>$T{^xfl z4-Gv8{|8<-%SJ%JTI4z7r;`+KaD6qZH<$ctNAfpZSFgkkHyDg#<)2YB=xCz#0{6C_ zwDz!oEk*9nRL~;Df5t{y7Y)l_OlDk4r}xp=&JQ_)M6dn1uw2_D2-8{*W}o;gGx;Xy zSTI>AJ@>%Th7*H^E5Y^43veh!h$jJqaq-I171_ArhWBJ-ROdLFX_e4>twi`J=1eIj zom(_CyrZ}@4qJhMkHci->K&Z8#0V598vIJ#^d4u*D7Rh<6acS)5GTkBOASYC)>WKU zf;hi(PK&GjMfg;?v6q8Vb=gp3hu9zq0Cl@ckUnp7+%ptMXfL#99xNZ@$idV!5kng2 ztfkH8()@clbHV-tOw3l)sH6io&*p5{HdNUrOLChRP}s*PZLN3ym`X6jqj}3QSy6;;{}T8Im1JG3&Q{&Q5sAdfPzENe z)`7Z9h}h|AiO)JpZ3&();Y0PGGob{1`fPcD?{q$ow#|fq$)hp zT>jW!g}2mH&Xh(%GU_k*1(MAlR2|2~sI=u%zG?QNX^O7Slo>6K67Y}5Phau&Q!54x zMKCTm*f44im0*GN?mO;uI-=b+DnTy-BP+^y*6s60o>DH0N(rdkn}VXiS;7r^uYbkn z_-df@f7Tvy|D7`}l1&fs5!w+9-%yw+W}`E&dtpOS)KVTUHFcg2<&m2P%QEjSr(`f2Y& z36wg+d8B&61uCdjlh3%NC``Mi>?uA45=p5KWNyy_o~+YWYo17fq&*Ar3d!glJC2TU+)B#;cB=G{ zez7sa%kP+Tf8iviLVt7ibXoket*{WZ=|IaC`?z_#;2Nm=Q#!bt>#**5>M@AjSZ9SCe|Mb?bo7hLj3F23E4$loo%JlwU@d~N76mk4iXSMH! z=`(Ew5@!PxqSKeS)cC)wcT~l6S%mDn7-Msi24wFaDP+0jOr|z|Tex6aT&n8b9JAzG zr>3u8x6_w>b;eI8nO(a|w|erVDpS?Ji?I>*SSZ*m`4qo5QqHM1jMc@hz@+FUdhPgA zAx~7HStgz58Gj}eJ8DmZXSRKx7E+M@?BU@r?r?K*skTl(M1$6~tvS zKIGB>HHdyA(bsP<2NU#RuIbjqocISHtZT_KB=sidLU`O2sLNRCNeF_6H3T5>IVDsg-hA|^ZBu&r> zbI3txnG)VRsto^x6*Q=-b$GhbQ2vQ0jTcQ<%3kiTNP<^&!L&Eqa!cZD_*Sh~J?9YF zkFRGHX}N&f037kM=)LYc<|(I^=QJv?&z(GD94*#w9vX73Y!QFam6ysk6KE8_qMmAy3p`(kUI>V48 zss3l_*a6JbJPeUHCq0lCK)lvuV&K>n{@&uNG?$a#FTmcet>^;Jp9CwdvPs=vFmYU? zK6`$p67xQf7P&llvOgl;qTGxATxKV&Xdv2)#3`l#@yFEHohnT<#Es z@{taDzlY^}g8_T|anvzo{-~-A?y=MJ<&Ss4G=i0~t}ZZ^Q^cFI%B$qzu}UoRZ?)xf zQ$z%yIOmQPh2zS#lvmSq(!8x%-B%oh^53b_#UNJbrJ*`V?Sn%lLq~wNteS5pUoObO ztay6_9VXtbi~R0vFoa*+>#U3wQN{+-_U!6EQA)llq|YC+3$5}5`;~hnlQ0|IL>q=MM zMa7&F)euU<%lWS|VYwjG>x0&CK0F!Dk(IX!UFa0A2xwv*r`W`>$RE0)UfS9N*>I3Y zt*GRNcq>#EER6ixF_SuFjO<-9xg-({=$Dr2M+YZ54lHQ-b5u}+3X7I;yd@owncL2kB6VVDXmMFBU+#sG|5;udyrChxnkS5wBK9_ zt7&q)6LjGPXj8(e=hqc;cDBi3ACV%BJ*&iNd{mQ%O?J`&nB9W#J6i{(+lULh-WhLF zyBE3(DJUD!sB~S-^2b-_p3E-E(+NgbDF=~X!J6VeDvZQ7tsY0MC*_Ip?CKpf>MFOf z*D956lG?-ph6_XX%*kk^5r|BWT)PS?WSf*GRw4<_^dC$VeL36bx5Iy!E$~w`D#vLb zWj+&+tV!T3^pyEa507LbwCs!hIkkL00;wu7%x%9ic4Fc9`2}R|8$-D)i0SJYW49zH zuoL&<(VoO6&FI7*P^!Hy7iTt6B@8?T@- zzLfmd%%A!1{_;}*cM>r>eZ1s8U7LQ^vOH(vD0|mwd1r;}drGWIOb zF+8UuAnPyw{oAwp-4yoy((pV8v`V-zory_+U^zlkRHS6zT%%-&@ol>Ab-6sfJNPI(r$#`t7Uzb>TX zDRE#ob6|BBJP5MQ_47Z_b3?g2X4gYyIaf+x`<|eG+9gL+jg$XFL|!(_O6|y9CN`=^ zl8Pc$m)qOhH9j*CA6l*TH3C~yfk6;<)?P(paIgoa22W7*CbOlOV5!w8ysIVh#FU9gD45@Bkxe8bb-bL|QW<@guK2*MVRqi{V4mNcF^zpO?#W6eqB@)( z4mL@{L7$iS?1&7X8GYy1{&)_BpIbPI1z=0&%5Jn*W`(*%)QZx7VBC(wrJre@VN{)L z4|yCk@4tb#e-{x?krR87DZ1)_Gpq%BE3bB_@WkRK!|1Q!B?p|&w6Ie0bnSmeroctZ z4m60Wa5B-ibODMl>Fm5Pg*Wx=EpeR_7%(Q5ZjcMTzzj`3ecUUXAEDqK7~@rew@TTk zqmR1^jsHqVa-bDaBp}=INRDMxO59!Wy_Z(t8QxV(WM4hKy|x2%{Cdy)ppTm6?_hGY z-G%F4m+l)bV71{nFF;fnk+F>Z)rK63w6oe@(`RB{ z_`+gkKv9oOZm>Y@kzznr)<+cLce?3!T)Xpm~PY59F+g4~b7k!b55cd&exY~CKM&*!YCbtM&Vq?6^y zCbLjRc;1S@iXG{rhB!(ybL&p|Hq}X~ThudJt{?Zl1Ptklue|`XB>Gr>dmQ7h=&sSY z3gEg9%xljgR#((Yh4nYjD%OxjXdcb_rc0x5C<4y&sgHjVCaxv_EpmVUHf~BBa3VgN z=)e5U)csaT0I^N0R_#QNVu42fsl}7cG2nrOWmtU$&03i>SrPeR0iPHXCkt~amgk#j z>f#8uP{KdkoCJ1TYl}F4uJ0$?3xJ#itO#VKDBrd(_jgklxpJ+yTsCyRrhX`y4pqaX z6X!es$`da-wf&1R8uQy96pCFA*7zD3q;y-K)Mhg%{c7T(p80qmCD|U7$y8cEAJzfO?OE{8$Ms=RcpA* zw!AzIvKLE|F%#C?4lLLfHqe!XA|O#*?NA1qmkr&%?_V^ZZLo?nT`oLQN?D|DtE`n!DtK?>}10HJ}vU z*i$CT(kA6~Sz}G=U^YjsmPr|EAew!aB4cj#L6P8(T5y-k5?QE^!HrxE0A}%DyZ%tn zL!dl*p!<)0V3tB>{{6&CsT_mm0l#xQlwkMr$KGrmuub?Upcv5a1*pCvN&I>RcrnO? zN^gn5r^4*;K;{offBTuNi)ZyiN8Zw;&gmkp*)*9(-@cD8^w z0%=-A;q^|;X4ep$Jdd;75(BQATDb>)=K&+}Mp4wgO|6lBU6C#UWeLoC|DFK5jgf?xt|{QM$lRY88_VAuAY`4bNSn%Ak(pz_Cm z^p2f$BjqE9{-Breh-iD7NB(JHrX=a)I{q2Z<-+W)@LXjRa5>U1D$lt3l1Wqo)^Ni= zOc%UHn8bQmI4i$ZXJ+T-brpdxgUbkLYv)h!Qd6$w8lxEPl-o?6s|5uT@d?6j%V-tdhS7EOjN;B8CMU z0!j6&-E!D(22+5olpCU64DhM+2C;6%&vUh%!rZ~7$&78<{mI>w>TP$ghwIm6h4HpX z1OGrcib3*BeS@CRYNaBP4~y^OReInZ-l5?4x87x+(&l4h4>@%P^X8I*75(*$BHMKA z6S-dX+^f;exN@s$lMCeqaGEQIr){UWjU|v^PMJRg%*@7*xEoVy<7Glk-YWvGvkEC( zauO?K>l4h&ie`VF3YEZCPB7FcOmUir!`Z!3Qm#jiS|0r;h7PYO# z7FGYIE)0kR9)~yAC*aE-ZxcYfJxrFiRxRxV@y%S{jUk!uDhaV9d<1ALw;tYZF#^hMNT zmF8L{B%S3m=Il%FSFbC=TJM${O+`894;4x}f#=*VF2l>@Wo!6L1_67$ z_OB(8db$WmI#}JyJ*}oECd}*547{Ni7H{`Su{&wsx2m1U=9ia-Yk<;6{WR0xyrUK+ zK^sc*BGq!eoAZ6|H$v;7!)6`psjoS3^Yg>#4hdass73@tpzjHr|Tsb`-ud zhl56M5*)$jY$V8;tuLJkkS|&KiPP@41)4BDr@fds6#wp&1MhzAL&^6s1m#4BY;@;@ zl@v9_lPw|dHxUAhO#`F{@t~NFS?8-My^c&2g_xBwhmzdF3zRyB@u? z>{n$uR54B^3;kiETZ-7{#m7#QPHOKNty=0@o`y@LA7q{Kyo!%rnT`U>rLKjRQEu~N z`f4N7f1(KO{fsldlBf)}&f=TBo|7Ki`sevbpk`a|f;{dA$c*8;M(xJc8^g=fjTqY* zxwRwUSA3m@DP#}R1Ow;96bcL?ir;GTP$G?IkYVgq`!1rIc;heoggN{bz~0aFIK}*9 z#SM=)5J4Kl^VEV61--+$&bZ{Yy=l24Sg95Rw0M)AHo%_sS0dyU{vR|O3MR^4r6XxIH`F{ul|D0BpeSk@4er5LpMmMce>SQgc_Z(u6slJ;T~Sf?$bbM3B(D0&ttCR?VughA>< zxqF*g1p>mWHpXV~4p=FN11mv|OSFi)bI-Ope*b+>#O7&Tiz(-kZ}_4<;oyg|0oT?j z$QwIrmP8!myy@LWq^J#5mDN$~9*ErQ0y&zRoU=MNgPDFPHhb8x06m9KfL&394IS&p zgaLawQ!C#53o9SH_ex>OZ>;?l8zAD$0{SuQ$&LZv!90(uR-TDbKYtx^2IYMSnV`~E zq3K`Q8HJUVe_=27p)s@U!h>X9TvU%0+9uhNs%Amu{YdOGSpZN(2_lJyNa4KT#kRtxD4RK&{w>}OfO%N-w8ERPdo8Ov?O8nfLEn=!0>)E}0 z;pmIOkD)Vk#&@r0IFK=jyl7VzshRp!fXhPetIcgD+)!TiGfiIVzLAtLdg_n7v8Q?V zp$awiLhj~|fhT#L4n{+>=rMMS^{Z)L`SO3!zHzw2z!dzsSMG4AOTG6F18IaAdmm@> z4pwRASYH*#vcZx8fCF8(}tU?Gz?JRQMz~w#i-cS zPS}Cgk`rI%?_piz3MhTLWP9~RuP*L5tnN5Ds2qwON=$%l?tvby4vAhzW@T9?EuP}DWQ{?n07MLy!0(w^Ndb9*mv1swK0J2aBt9- ztbyUyiFZr6zHze_&*Fyp81lG4_^GZLMF_ zFU8s-r8oo+?!{eOytoG|1Pv10rKQCQ?%LuOJXi@(Tna7jP`p^N0zuEsIsf;)<9@s! z7=w|F$lh7md7ia?b53YQMQWRbor10 zjqP4os;MvSbR6qEvro_AIBiInU%9<<8Xwe2r6GFVhL#zRR~2xQtwd=5f`YP3j8re5 z4Dq4XN}HOB-weMHU5O=83$l@a$7iq%CzR{gu1G@1*9IAg`I&xsD==ig_7EnSX+9z; z<+RMGpXRxAU01xGv*a%H4~DKtm8k}HzH1U?%XK+Q^Gz&K^wQs{L%Zb0m{h)UkJle6 zQeJOQZrvYHj`ueVR_N2gI-#JO_J(|FeWk!0yM~558dm8{XuB$CjHK(h|B(Jd- zbdOA8v-P4OMmnW1GY^rpIUr)jMvJ*?3w4a-Q5_4eH#4aNJlPW61m)TjT^!Aw${!>3 z>7xh&XKtMqlQd!os)Nk_!4UZd$o_l8!UGanQ@E&uJwZ8Coc&pX6TpBs=?L~IflMAN z_V_w&nFB}fA1smflq0UuS8;KuOa|Xc{^*aTNJ~V3QRg#=88#>oXwS=VBep5 z%U8C!W#;>6&`^YP=q*asF2#8yf6;|<>60<_IA3Uw>w~i)6Ei19jLL~zZyCwpF%yH4 z0=iRow{`y%>^LE~W4!usso&s(jt{exi<7M%Ow^Y3kw zeymxS?EmK}mK*<__oVTer5fjS zDG3P=!{ckr&zjo@+OG#VHx`Ja%+3wE zE{dgL+6vrkx&Lg|lt&_TTKUrQmxZG;G?;HD5zumM!%z`}|8_!q@`fo32iv zUY$H*41jy_<C$ZaSoNfs^1l> z<(seGq+F^qIh~%K3U>`!Zz3R%I6(@$qY~3KUGPRAIVB9Nr=l-hD%;6y#cECFxj_$~ zOau!)Pn#Op@~Sy|#u@WKa@QeiBEzWJBdNCKCIUnB<2~|wmkN|c+l1SyYGpCAF*yj| z@Icyq5Uzloy*r`*Hiq_`(}Vq1J0>!9zoBnCBJE&c9`%{2v7~(Zxl;sMdaW>A%-W@X zgS%E-2&2$Ue{A*-Fqr-YcZT+_`kj|0yBpvxO4;!5Xk+JzFJkcKeo(`X6dCOowdoH8 zyc!&1U8%x(r%5R-is!N*E?x-AM?48&;*Acqlcl7~=I;Hv@H7b%@}{5tzwCrs%y-Am zt0tf|zmgaN&*uC!nvaUg9K%`?%(nbHN~Hq45odz<$;avr_%X0T+8cPn;H>llH`o=G zTl;8WXHM~IA;TBLvgCb*QKBEu@{<#_0jxX=Rk60ut(cGYy=gVc^&BM^aVxQWiWbIf zZzJUcmK&Yg8fx)J3Eumo<|_YlkP_xKDI72ct8__~G>Q2DPuKud&2&9x7KABVIf3%ng1bQKM(P04a1M+&5ni z@`kl^+#d+og|fSU85Xfv0zz#lE&V^dX85dMzyLLk+e*5;UkO*{4xK zvJWzlfGsU0@zNjYL?#x2)`%QE2(M7nytmhaKqtY>0f_*Y4Yg3pC(o5dfJ%1lRNtP;Z<_Nea*9*sRoXN!Efj$*jsynO3TWu zu^rQPn3lvlb2})+SSN4ucWLBX8Jy=)ggSW&epq2#$=SSp!3;mA?0IvxWvaEy4#E)<<)2 z4UG&(YL_``G?@KY0h?c7cW}n1dwOj>MKZ90o!~m9zBdcCZ>t$u@Jzel%&s4$-g7Rx z571E9^gJ=gWX@RkR>!p*Z1W(zz5LB3Fx>mv7F{fFM#0!LWZ!M&xOkc0JUhsakJ?$l z>jdtO0_2~UyBQd`n12Ng7GRRUwK>vod76Kyfm(g;O!Kk*;Ta{}-kr?t3BS@8j<{y;B9tUv-PGFz`#7F!w6EWr+*3u!(6bv$&vf;P^6D z=0DlED(6QeJ0#qGUheI>)+`+SZUGpT`Y+4qA2przdUtRYH=3xDPqZ-WSH8n2LF<_{ie3saw2BB)ZsooSRZs;n1 zf@L~TncTfyLQKIp^Tie01Ys3x5APQ4#yR1k&Ud!x3<9&mr-c#R@wg!ad{|=jHG_EV zHiFK!!4cX7L0l48O;L1>4N|$@#mw%baen4>iLW);bj7tENpJ@n8_mmK@_~WKKm%Ua zvPH2=glfb_{NO^~Hdde}TPj|0#GamQ?h|a}X=Ptxrq$hDIb{~TEzs*^rSVEk}Oo}(g zFnj&H4ZSURn$OF_DjxR}5VKt%rtdx|bJm8C&C{m+!SbbD5`+K2DW8UQ04>t{WITlK zz{3ga*BKW;vy~sVO;8n>P2O!{Wz%Qmg`51X(XF7_zClA$C3?O<3;CsHj#~OjI&^DB zCK5JL9Y})Mulfq`iBtmYm?Jv-`RiZZ*`8> z?>U}qH>|)J4-fB}C+t)z>Uc%lN1VdRxn+6aKkNQK0VCdxgTTh)%j#_|<*YDoX~&0K zvpq=0g;UM$QR-hPD0L%rtgn#}@`E0yxZ`05QFqV1&liTUj;fQ9FLIpSm^fI~M8}~_ zjugX+bN2bSYWv8EnXG*XqeFgM7_ZRzpW`3Tp4+WQs|YOo@M)~KW8 zyGvDAB#py|4xdwWgM;Q8pR6?w%WWLqJ0Gk~6Uw{GF@tmq^a#ct?F$Xbh7UQrWSQ48 z^=T(_iwI;-8<&a`<73daKGh+I%cYL&fCzm+m2lA7){TJ@%e3;hM4ISqvCPn8Q?w)V{zT!wO=UEE2z zLS+Z1v$taATyE}_;QC#Ky0`?fvdx}t^~F)o4S#(b#{TSeUkMc4$2$`oB!9T9NT*?S zU;(6pa|88DjaAs7*Xi_K#&cR(oSj ztlIq{s828DUZD}^a1A-G`RUg1!-idqk*wQE48qBV@O%6X5nsBngje&Z>poaVlikNE zFh{iDDd`&nncCtoz%;XFDM#auqj9-eppi4NZL-t&{wvSs3r z3=aD9$iOs@<~(NJ?_P;(+@|I4`=kE=m<3l|_z_MZ(_g);QvE#D^YunuUKPsY)YxHx zyUj}%l}aYXI+G8F6^IB3IJrOAF*ZC9%RMYzyL^*dj#{-fx&h8|W5I0F$ov!kr*94? z@kfHpAai52@2Y${I`^&DtBj50Uio2YFVu2DCtzklQT z+{VQN4Gq9m)t>OO*oLY)YXiS$D^UI-w?m4EHe)JNWdlkS8A@|&8<1TAd^Y) zdL6n*N;e58wa5z1c|pLX=q;3=MC76KI%K9(&nd%bMqt#go4suIMWvN^W~3VCD#mH? zr^!*8pi;-b|6l|#k92Q}Rcy)Z+Y1uC<9!Ib)%~|EvYN%%E|aCq=b}B@#Tcg&taKmJ zEq_`te^@W9LM>h!wnX|ph=i;~Yawn@|5un^6Y+5W`;f0*F*UAk>3OxL9lmd-*`#%S zjzhi8jrqWH_3`Elh3QYGvIUL$mk!*B9J3OXT@)_M;^M2xf)_|#y6b)q<+sl>%5XnL zoDsHGbpMVR=DpWe-)Q1?0US;Z)sN-)!C^OFu|1G!fyPTje`D_y9+Ryc<)*kK{9}zY zme3}GKf_84e{0Y)GJs4Hs9!Ay1}*$r$PJhlFvpBb`4wBQDBArB*tIv&rpB8ww|{@2 zLV*uhjd=jQRpCydoLm3=pCK68K217Nli5%+$60yAaf&G0YIOX(!JkAfX*R^|ao}E( z?eW+4M`5LJt(gbRdCSz#vCfZ_J*p`9sYs_7jw z&%p0EfPeZI^qKwA7N#zWEna)(F6F4vu(^&L1sHe^xg;X3bJ(kMiGC)y#;OIGP5*R>X{UlNH$cY;@Hce zCqDxXi15<&#%4X%m!f5TO3@0_?mb4P$U z$)+2ed`{c!N;BJW5gz|Vuon@5^6Kv0EhloOF$%ZP`^Zc!dlK3QT{qES9=nJ_|H=nz?J7a4oq(f>2HckQj=0_u%%W>^ zzpGL;*S^$)<*7%J7g=#{O@<%AJw_4RtXVP7+3#0BacC)&4<-4-4)=K_KfE_pH4D&% zX$_(!=i)i0*^wdq(Pglo)Ey#Af&b$DrR9YhcW<-w}q4C<7L;J0ty3 z=?G_=g%9+vp=WrmZ!kRGqJ%(K6mZ)(z*Cfgr@)_v!OP-&cz=peG8R1RO4IGn!kr1I z#8pnTPGIbyu}_l*c~t-XX<`#N*knuyH_&zCE&XBtFYXb|mYc<4b2 zJu6~Zoc=g)X9f-OK8jn)QD_>PD4#1bl*)d&a~O(X34|#_`bOtU!c8f3el0BZgA#4q zE>RIP zHOk_FO0g^0H0brtt$Ps`UcoPk6?Ccn{smLlzRGL;zGK6!v!v76(fi>H8BwiU{LQdD z#sovE5p?w^QhqDRC@7C6{o&1&f6l3hkv!YevvCYh|65jAhus<9 zMRftbmkV+7PF4LeptBQ^n3hJYMtu3^#Cr>WnaR@*KcN#V9L3#jR`#){3nJ>Rog;J(t>L%ndLqSN}jl z`}GTsBiTdNun1e^uyaik})MrM&hqYr{QQbh7bmtZXqvUE60BU68z4`mfy`hUghIH0~rAyDRW)aN%FGrA=irRUd47qiq5u z&FVyYDJ`rPW^2fd`Y142crrQOZ}18or?>MVYm|>(IhxN<+AYB7b;2r)zCere1%4;* z%a%T`z{&mXHvNU=MOmBBVtJaI0E1EYT=OkwiIaHp${-WfLZaLrs2;Y`yHY&SAS!L%NO9Nz zHy`~xPHU_Yx9s6%rJ^m!nWB^`Yk5l9@P(%>)AS6RgT|~><{ymvZSW&nWsvy~hIw7< z0p;>vL1nH$S4}EU;;(%ZZQ2#dsly1qw_3oypL$-cv)5vOriJw-Gfqq{Yq^KV+0iKc zs1xAz)RChkNsSn`KA-)MHF|GygkTcR*V%7?7;N7bu_Ni{ru=h5aBXg(<`iXPsgsb_ zFDxlv#eYMm>T?39@%599L$~P%)75 z^1iCY6F%`J02#F}_g&BNSEfh6*UC)Fyp0Z?9GVU=GY3?bCA0fDoX}jBvnhAxKith! zeOI;oeSVbqiZ3SO{O^itpEYsKGP!!<~nkCdu2lWDX0wiutHPYn8e&hMk2b5;3@t;v^X&AyFWI$W+VP+&kh zy1WPQt9K%?{|93*uNA3yiYeK4=c?IU!Mo6gZ|$8gwV5gDoCx-lH_JbBDE!alV?Ec_5P4HVt(DcW8zU9TbJq~1y_Z8J<{-m}J zp{Sm~#3FQVCWWV#8YgZ2b6suv+A3d=IHto!DE_f}TxA;9Uuy4KdKLV&wdU=S3dLX> zXXE}iARvZe6Z9Rg{5ZD+9iNk)Y5r^=u8fp8Z$;A3)O;-ogvEgVNi~HpGfxNVW}Y}d z?veXMp)5T=N^vj>V4O;yO*8+m2BR;eq9iBVR9gp>Au=;c9!St(qqVXAN`MD>%xh|?ioi+gU((#Ei5e#md zUdOZhA=^AhMilvbnh5g`L(`!MvXpz3c|U)TZL)xzWJHSO7H9N3eox7qWaH2HXkMdo zvi|YU)!1jzLygoo{RggT4!jNJGh7EcOq8T5Fm$iLUW@N-9r*ov7$DOa7^$k$m;EI^OZOuB7k59CGGIIh9pXGIYA@ExNwc9A=`@FU7BwQ5PL)N^K;cViD#K z7f6hy>hl;CTe+<8zJGn0{1n;Yx!!=#A3dOu&#L<4TT8f`j`viH#3Bn26>CpC%5Rg` z7Y6VbZnw7|qLtS@)~5ARKmUR_+Yu40NnkU1y-aVB5FRnQxDA* z+dT#E2dad*0~k}qtxj+C8*59X9;VqjDsV+NRHD#fo#s(@Vpf*U(*uH|FGp?lX-wi! zdJr3<##f9|=Cgkffpw|5Gy25Av?A5|^b9TsYjbP}(rDIA2yuGt9q&-YQ>7UXUYquF zF?*NnO1&C>*Jy-xugaimEJ4C%b6Y7&VmZsCTYAg-#OG;6x2Muk$xxPNg-RPGl z@Z4=JL^`5$x&ZdzuWs{|!V7<eD5Ewzf-F`BHjDr_^K z11GfRCCt(JUvchHv*Q9<`-A{p00rOlXX~}Q2nF19CP&&g_Zm&d zC%S|-3g6y{W@*@Kk2Ptg#kS0vqlHzG%^Pi=svY2Pp#_TX=y-}-x$q@}95LsrR<8Ui z32~1;iBxYjL5hpN@HZZfOp%I*_Di}CL9(&53d8;Rw_Y=+3M>IIGnu##Nf(u$XrF(J z0jG-9r}S9P#9=)8H4)`@`x>@3ThS~j-+1Yh3tUD)wQFKk z<5?9LO!!3iAwM^ihbn#Y)8R{z=iql*asm)l zgn4y(&h9LaONV30W@WEf*Ya&nTkv}rMguywsroEso%;ESKNzH2I#Xg!Y0W=}b2r~z zQCYk(N_SK|Fsn|Fdwo8OJQ{gYDL;74N#)V zLGs}n^A`g!oJH9CA|l<}0@Obk@<-f&ZF%-{y6mBOl5PPADR|h7=Jqk$&*pnz>aDnP ztBj*yF7Z?h+xC@;U|ia}-Y(`}lo6;J$LQwdcFf(LzeS{)&l#a5@7bHC?gA-14h)EwMxBgn`+T`|5^DJHAX9n!s%|8I^6R;!dZ41|u~=s)Yl zrh6p?*cG*;S$|+_7U=c(IjT7HJM{9wS*LJOpQy2q=Oi?;xoscln?jq1ydMvtE!UvQ zSDvEi-b6^3Z;WLx2@E0M)6YKbdnK@2?)Gs4<`lM8cLvwz%V&19GgrS9>jupz0QV_O zitGm&7dh#XT*6aj8EOsEN+~y~`-?0S9d1-io>`>bpUFvn5unp2n4oSOQkKnU_rkh$ zFR>!7Da)o5N@863xcr7sK&8y8tP#*lrglGc5|2oy!08IXVz3a6*&ejeHd&2CT%f)E zfTs-MIYKfFmN#IKj!>$2Rl$HaEe!qwyex_ztdE*~x#0bq3;HK^>`IZRZvG20*#Bby z89&iCqRp$LNUyR4Q-Hl?7&qR$I+Llm*Rw6--~55$YQ*3KN1^`pm+OPGC8l4dPfO1} zog)QavJj*K!@D&1Kv~dI1uAK2&rS1y86CbHPQe({{5nt7)1&!esa_GQ;g(C5hCZk#bz2=;|tuUoBlxl`7d+nRR*+&42{WP^(>p~Plvy@gBI5d3Y8OM7J z<%(B+vN<@;Y%BM?aR%SbnnO=c3eex{0JCL&a$Q-|7WelYZLQ-S7F`)O92Vi|z3#Ie z>4@HiK-ce`LC5Qx!`e5EOA)tAWmi@k|EBW;mU~PjejuE-nb{6ZM7md=cA7Z z;DcU_Qpw;e!P3bAW?Ak2kQ&@o4*QFpEn9}UwhmuuVgtU}y7teaw3KV<)w7qJXJ4XEiO`*?kzw)b-e%Zslj8t3^V$jB4tKaStcX&U>z&%eQWRE_P zq~KJJo$J#t!dga3D*&Fs?LUqqQolL{`IWRPU6eWi(;vkj$K4n#;L5KnMeRpYj$>qf z>rOPzMOf-vR9(S0p+Eog+g|i9iIaNBb{42%RaQQ?)~CfX4X$&&opvuLG54wOm>Hf> z@9+ClduKJ;H6Tvy4oBy+&2ZGprzfsjv|N>aNVYIy^rIIOd7i}MII*!kRGKgw#Ip6R zMlSvN=JaU{lo+hbjUPUH^&C_`SvqLX4CV6HVcw|vOQ%*BucbWHK?eHkNvrM7S&~5B z;pTgKRs@7$n3ztib4?bISSp*h93nLGR9(3_mU|J;CfR7BuYSuT`7>PCXY?JE#_Eq9bRFrG{q}7QP4<)a^}$Qpb#i*U z1I-G5^SOdSAb=aq612)d-*!5p4ziog)@E@oiJ7(d0l6nyd8%6+rS0P#zT$eg#F=7$ zE2z~Ug3@#kTQ6($^-@Jm(sdw8r2W%x1XBb;IuAH^X9h?#f}vhpkgah^#ZQ~9*gNNy zECE{yEG}LvE4Ky>%?%YW@oW_NMMa8)?i|{??%wG1y10@B=Ld%LxJQZE2scPhUNQ$) z^Q|+J{H7FrdZND#JZayCOSNovfQG46(OIWagBGmqGICi8vsH}GQ(%vj^}+8G_NWqw<+>Ab*+iy&?)anN2LzFmqe)Ry+N(6DPG z`{3h&yz9prQ)D&yW9YH*SB#ubGP)#%p;@VGeXcme)j;>TF$?bBRL#l+V%F0(wyUcn zX|*{p@%NQ|8A3g`RYFQc(;zx@ngWDIryo;{M#Ro{4S(DQYSW3M8R* z=JbwFqTfByIuDYWl0-ah5nHc9eT4cY~U@t_Sa}%2N z6B+uswr$oP!z4A|c4U2ljbL80Lx9(pm9)bRLsVY{Y8eJpq8>|ORoJlxK6#4_9!QTV z|D7lG!O&6Xx1%=i7QHycq)=VFRY+CO_VDX`)RB z3p5QhqKsD(A@Q*N~g>ya`n+Hbjtd*pft8OR{3BK5y$_APAL-JnpN6L~H_Y~XK zXwZw38>HYgC$+U-=!3FGFQQS=Asvq=kM;j!k8bTU z%#O^D+Qjw6$HdqhJ~?iw5}f--A%H1z7sT;qcA0? z5nR0qj8~-=VCL3igt1CxQkzv)nx^YVFJjYCbRpAA#ypW+3>Utt)o$#>v3CH67;;oB z|F|=;6?>YDWT|QNNF*h_JgE6>IJWwEm#NQEDJG8lln_>bD`*DvZSg`oU2zQ1 z_3D?hQ3Xp1>l48dXrLqI-B(qbI)zOxOHvAweuLdLS@I|TQv#IH&Z!7@6kZ>5H|bm% zH)fmPFzvC~vDIm8tnr_<@gv{L4E<|5(Mt;WThFgTlECt92uF^x8q;VWO(c>~Iz`wm zg_5=v_g9#D0cVV1jIXF~PoMzBA$nmTdo}%`V11LV)K&2- z=Tm~a^A$&92P z4cwt>(w!TFKyf$;=WhFgkXzWvR72d64VB6fXK||DQiOm_varSU$v((&htL@;yM`Z( z-WWEIl%<#P?NIvRcBQ0!t#?42U${xu@p`C1-iDEnxk2gUPy^5xde-0w%Lcp zWJ<*l_$SE~+NbJFsWNB+!n6FMFVSwF%^Kx)o>R}}kHs$PN=!XlirZUJA8MJ`7SO{$ zx||RfH~)qW|ItSV^v;{JE-h-GIPsbkWM}qZZqkYz=O;B-ky`yFU`vD`!HG)OD$~bK zz$J-5R}r5zKZ2UY|Ln2B#_IaPCP(PnTL3srnb)$jEg>6v0Tfn(F@xppf-!c@%ONX-6l0pm(=_|WM65Z#Ld+1vavyrI3kp| zhI?W-Jf=jA8>kzr(dM6VJJdmsA@S=JOI}c%VTQmIrQ6P;es$*G>#?(6 zc%`SQSZx0E!H@M7x?F+v_jS5&&IQ$87*VZ={C3(&F1Af-+i4TSx-~d^t6np?h31EU zq30vn@kgxtq^BoPtH6BaFKHd;+L4>h-&p_OlC(~aNv_p_H&j5GdFsokwwj=!-T87; zPuAlnlY57X$y=?sZY5e<3KowafldqFY$Xw}PiMk@vY`xJAI^nuqiw+hHUsL*fGI6o zJAXxPHdz(;e$X=Yz1+*C(y57Kdac?TiUOSY8B=&ePSor7IxxT8RvvA7fzN_13w>wHn00x8{LL|x zT~Ks}gR164X$g(LQG@9sbH3gW*pX5dt?8Mj+%r{uALjyR1D*RfO~WZ97WWWN?08ny zIl-(O|FyF996!9LMJEs3h7xi|@y-WkkLa1B$^V2#{4{B@=?|OQ`CC%V?O^Z$R|o!S6C zy!DG!(Rd_GXXzsZA$!OM^zkTU7-J9jAN)Vded7q z4E!f&SnMfwlM$iIJ<%b{hD4EGW5yIqeP9`K)pEyn&wDYGO8t#T=WJx4(P5Bx@3 zPuEMU*$~M69Q{$HGy_I&nGmNWB2pxny2UX3#I=$j1M$0KEal_WD(B+Tjc07Kt1~G4 zxx4d?KJH=QpH!Vj)VlN9`<1T%uubXzfa3@yiqy}nsW-hlA7ZE+THk{r>ZaU zyV1apib^`X8|G$2kUJ48-NjC|srUV~LFJ=$?|Jvkm6Yi7GZBY4@*f9hs-1Ca#5E2N zt!ztBy5O0~rC(?a*%s?Xx-((U)>OgdheFF`VaO~uvQ|YMn*#$M6iNK40U44LiKdVj zpP(t^R^NKt7t&l;SU>-zkj)4?IX=sO&YgQ>goDL_b7@H-zb17!x;J=Z(9x)jfI^vH%pvf7`EEK4s=!)ux_ik zk?$*Y___A?esX&~vUZXaD#>LaSSZ`mS5Y(fO0*>I-BZ|`*q-z=GPM{_Sz+>GqgIV+ zd`y}Ok(>|5#wI=3Cb7zR7+T?NzIXEvng1iTfy?t*mh~>s-}7Y_3f6!@lclm0^DZWa z@`yUk|C#MT-DQELq3}X6XnC&#x}(YHIQgVSYmV}~JlrUjP5$}# zu^K@lAhLn5pg&MIoXwP<$q;W|E}wFg9nS?Nb9N0^n6dW%#rytWHu-2+0~7j=?nqPp z6HhRIGoK4Z8*!SK^EMof$O)ub=f>HSlbL=!AGScI8DLt zbTymSJ>CvQrPR98oA(6yY769uaCCk~b_P2eKvnOHux?6pO>>l`w z(HGS*?=+9FMrJ%^QC<&jTD5#@{f^kpBenhRm(L40N#-`P-D_KqsjK-1knWhq(yWY zZ`zT?zTnZV120gypWBUt$FdTo^fc1c8)?|IopbWk52<6!(h#tr^U^4eLXXF(Z%BT< z{tx>2slJQymo+Pc@{F{gt8VqEWM$oT*5HrOxtuo{xOmz1L~UdV1kU|;A`T5<5dPth zJONAdvIb}FkEIMg-4U``UZyo&T?RkDw{=|7C2P|c=$vO@p0Cq{8e&U7A0i?5k~ObJ z+*hk#yyk&PSbGP7hL#W#ulY&_+A7WQdv% z)6Tad-?VY9y>hF|u>AJ}WgPh_CYT6OB=GYYA?rFmHYVxGU3eNqs$DYk&9})vw-RG& zF#Kq+M_-9+^T0(3s-r8h&}+C0As8Vk|9RH!R;!%_ti?I0|FuH*RywDmrJWm z*EmH?zJnWSob8NAomC@qDsYC_G_C|?n==DMvN}Y^g+GjbFiF_){W7~V{*BI56+DtsImpTy@q2$u z%Ox7~f%7Q^wcv8{iL%a_YIT$Q8fqqwK)`?~GI*|Kw*+$oItrUSc7{7o^&3F$5n;*(B%4~bP|{dz-3eGdrIO=@~v!s zrx$Q3v{RGXGf)1IKhE0H?$L|+={0IdxW0C*Nc6hQ^m(nQZb<+*713I0|ETEui0B0}D3 zQr+{+ujM?C$PYYGmmXIGP`o5*E>`G zwD>mBrONYsuv3_Y;6AKWl3T@=(qSwu)H^BOOdzG+%`9N8IOF%kRQ(9xR~#O!^zECt zl)!{>78UIZX~#a{(PjQWaOwKu;fV>VinfJg75TH_QB^!IM9Wo;_gUK0clhXoP|6RS z(QQ?BCxjSkP-Wnz2pxz%ihW-H-}@j&BimlW3Tg1#2g%DKQPJ}vAs7$8pR?ZJkC!j_ z&<8^QSNQB%L@sSxrd(mViW|P_FjY5Y*l>X1W1Y0u#?B8Y#8hJd(CQU^HCmor3RCCp z`7z^DiP`KwwC1@|d{Ilp@Ap6d-11PpbD;}vb7F+kC2`zS9FwrNhoO{$17?Ad zktMIT6H7QY<^0@k7HgnYF7oici{vhCtiXaKI zlE6uN4+4UA0*{bJqxxn$p1k12%5XL8V1p+nf05td=Cn#Y6IsiH^QGqVxylW;WA5-n z-GQNLaqK*6jVE^%90$H7Q-e_YJaCxk-QfG#@v;f057Sg8>_&PLLAURRJN#IQ)Lg6`Hw zn+MpZ-b^y;55#Vp^}B*fo%mT&tGy5Bic^#al>UTqg^FVQ^0yn95kph^WoiY~F{zPR zaWvjv1R+H^KirGZ@Q1drWIm(mYuDb}@q0=AjAYaefzdMYLSf-qB^myzYUwA|b)20W zed{8}@$O#!ecciI^v|s!u!sjKnl(g@#~PC@ecR=u$R#wsPlqm4xw%-n#2iiT=c38| zUj1Odj=QM?a6aKAS=kLf{{LXo466okib`L`NqIR6ZE7FtG>ZR>-G z4-Td|zEl-mbIvCqc;Eqf+ho1T_2`i_#De>KgFv!51u_wo&Eg(zl8xn$1%k_wo5q!i zqb@(Um&+ytM=~}{0_O6So8Afpe~96EdGoileY&MwW(lW$Xue5}5#9Ck&z%lR+_F*; z&Pj`+jTwCqJgxjGOe_Qe7;dqCdwMf-%yZUyWe+o@=quOitI^N1aX}71dLepXnQ)x0 z-s^U_EMYLCp=@N~p=1riUEoY2!L9$o#L+QJ07>i8vhftH1pk2lXy6QF%G65bn|-VI zj9~Uw7Bquq*;)Vd%1e2l$xvz~3C0bupUI_TNjxn|%90}0xhQez+G~3^(*2oQ@ zRr|RR|8K>zNV4v?4%A$gLZymnaj)8my7XxC9Wf4WE&iL?&%gMPo?r@g zHl7Ur2g4@dLE=Q2xk5Eo>tsCCPFMu8_=d%(8&PR%nqv2Z&kU`*R+3b2lyI%{H~~3j z*p71a3fo^V%+;B9M7T-5Lf66Zo|Ve5?RG5di{OqKe@$$y|689WGY*%0l!S@BR(Y*Nz@B*C43wKK|QZ3;n8FDJV z|ABT^RQX%fi{%;|F;}4a#AoSw~eb{q)kj)fKZ*|&A`y6?`x z^s^1%jpAl?pnM8nNBmqOOpa9Mvx`Mn#8+ABa#ah~9|c#8v6^pO^Bloq7xm(L_aiiUA;pUo^(+xpr*Tf^KwOKZ#k7{2;v<6K^@2qV0u1R*b zsfOjU)$Np1e~ztxe%F#z+2jGp zxWPZiF1A^BBuEuA^L68q4z4Mi3F@%v5${s$zoe`PZPo;qmZZHnL%y1p>a@g({9AG} zKSez<>JP&*gAc&(WetnxT1xfb$I?sD)^-_I$Es2Ay`oB;Mh5;H9g+x0jRqU{9por= zM8dhAry+Y?p};K!4)P{1 zOM{3PDea?pHx`SMLV(PwMY=5i4^?j&)Ykt+dsB)PYboyT!CeZ)-QAr+a0yRz)M;*wpUINee3K|*m=~;JGS?=XC?WK+;3q<%|1--bd0Z}NQS;p`*Q2OqhdK~c$eq+IH3X>}9;2oz+Nu=Qz{m*kJ_|ceq ziriw3N%*1mdx72yqq*Fnk!<~qCxfcFQSph>w%rtsBU9s-fq9iuqc#uH`u{|AQ`+WN z*3r*8Zr6BDOY@=#-MZ^EFHS`Q$!Z(9)iy>JH=9rFIYZkm#vR|NJffvVXKO4jUZDQw z`Kg|x7vC|kdJ)R#Dll~3upOcSF`3w1U2J}V9wiJ|D5q#*M(9%8{YXINikhOzMai;Z+nxT&=6wz8YtF36vy!?)nBSo*v>r-Lc?p53 zMYQp1W8okjva8v$gIpJAsaA>Sur?IMCiNr7aCuA*t(igv^OaQ>skun%7 zBgV=HaQz|EyRJMKaKtPv=;f0-?*Ut1%YVPa*{S%o0@%ym`^%owzjywk{2Xx$QHU-1 zi*k(m?;uIOtB{HxpZw$gMvrLpWuL>S`?Sa{{S#_`CU~BU&;n5I9<0lU11hGBJ{c*S z9by=$0R*37ybkn`rzxx8KTGda;hlVbqyttP1_Z?&<*K;`QOr44#R=w}GSdh{!;x|z zaq+l!O40UIpI$W-8I<=^{aSu+{Giz0(w0mp-?0CAGCs8LD?yprR)tqO&YILn{%4%J z&W$>DGP9;QsIq+`Te^?$^TCVWXav)@cPY!(6Tuh}@3v|1CIHU~CPS~SzO)ocdfyaP zdbpb|9x#AKBH-yM>`qkPKYvm5ag;2X&IIKxKn{C$pM-2x(*~~>@75#u{z|yCYO6E@uM{7? zx{%ATja_fLaB@~D3`2T7CV+V6@suhwW$T~00eJN~9N~(k;gJu8I}g!P;8L*f18!gB zi52JlLK5jS8s0N}40EkFheiOtS_Tk7j#(Dfd|mv!`qU@+)>RPFs?4N=_B2!a0#4Zl zR>?GqckGebW_PrZRjJ-Vzo$#eX{r!Rc@5xYB>Nq1hl~h_8%&D@x#pHIol_uAF2;Gc z&RQh&)!P20b8;AiU?Rt286mkA?r+0LZna4=zZ}vx?o#{6)E` zjpA>`IKTvZmKV-TqMZC@A;-3Af_Mpm0g)r4L2iZz!;O6xXC-awGZ0-Y>Q4Cyfs_so)mb&<#J~P z_bN`1y8K06!Q)<(N#|@lBF_FMAv)dwX~(ipa8z(F(c5LDq3^p}ToLhkc@t7=2k^3t zoQT3OS{lHS0C)4iG!?PsM-}-!EJ~P>TWl<=dPj8P+ergTSN~f$Bbsw`Xq0)E zg0JLR6B9GgwS(M4fN#a^!(9Jo3+H&za=^*LR4kyoW+j>@1(F23;NP*^1tznTXfnNx zqWkUNf6*J5tzHh$u0^t`%JPgyIl{dp5-Ab+9iXLvD>U_t!5bQONHjpO1U z?xEA*s$U5U6Mgff6*}OWjVUY*W&hQ=kqImV>D?bl5x80kg}V1$QOhwwzY{|y<%bAG zX#@?T;|^s-zxL6D>y9!3$otA?(r7Tzr*qt^68nqZmY5gl%P_SZ-vJYo|_! zU!OHHHH-7)5!t&*e!$cNZjU~14g6rGM<{i*q!V7w^5&@5Eof^j+H4}pyHtr1GKQ>DGs@|BMHuuwi?@L@vqt7!m+B&JgK7!o zJ-R?12?I4=ySdSQ>w7BO^Mfykac-miE{bi8PF`~Gdy3|?W+C<|PC1G(&VTCf z?$-lE%`bRDc@5=ubO9Rq7@}RdwL4Rc<1gfyR)b=9UH<-!XYDoHw|v zo{c%XouS1bS1tXLLBW~FHsnjR3~ur#838IeD*_wU!+DKi6+t&zg6Enqi;P;I%scAm z>Ujtf_#+meO^+@n)#LIhWY{>*f_WjX>Ys(3xI&>W8jhIv;+7FyjUm(Z3iN#2E%2Dx z=eC>{r~E@FQuX50IXY?orm2g2ppLn8RlOfQi{Q%%;9$T(}a+5Ysv3RxCmO>1v4%ZmAN22V5+ z$(<83N~3Qpak~l$=%{MlWX8v)8uMXwGpAVscG~7Ha z!LwfK8O5YlGe-B!8Pcqv{6Qw}jZB^4T+opTN{^`knExbpqg>>fCnn|H;xhC5bfaZv zbbB2;^~26OOd&}n`%SRxp`FXq>}?@zs}>|~p`KhPlg31u_!os{TGIPLn1`Z0 z>5tFmL}|v>tY2WEJN$wKV#QJ%N!5+S&tZ7E#)-(oM)V5QlD zsh_c|uHGR`ld*74AOec`@I(ZlxxvbE5ofOCcm4~z*@~7y(=jvNx2Go%(Ho~dXS;2Q zHxGB%3z60FEiw!D=Pym=0~k5!JGyqSHi|GT-^mS0X>6HNOGbR5;~(?54#E8McrhhK z%xp-8Wn7SAhM@QTozkys1zRdYuxOsFl<2pJ-Q0ZBCD8c8HQSud3voHx(R$KbMu)Aa z55wrV9$XA@2|7wx_U``(ADR}rIDboMtyAh}K%OQbwDWc(Wq@U#xu%N}#yKV8Plnf0 zkNJEjUz5@xE@$U71#{9b9UG>}-t!z?=mwt>4R=I*?p=3|aG+n4G?swaC#3Bg*?TO{4NkpDHXu|EW{{ zF3T?oPKNKCJ)hm-)f+&>eMO0JsAm{1dK5x!QwggNHOu7KPHfu?F78#fH9{N|XxFf}$97e&kqvaf5h(e4W|;ePrP8xxY> ze!6ox?BjF%H3SBBvVZf(_u<1|l&0T3|4L`Aq+nde_PCGk4wdMnYfkKBS0y0`WyB87 z6|QG41aAynj=nC(QZ7>zv7s>I9#%{y_guz}_hx4h9wuvkIM6+$iZC3{%HDngjr5Xi zo!rCxQh62h|J30;Q*I<=>L{jhgF3e*;}(2+kg}5<1Vq>rQ7zs2dA5LOZ&40|DKdM| zCQ8j$A+S^J*0f8tgrlv)^UA0O7m9+qvX%8Dw^#4XEt=OyApix2R92t3oRI=tWu*9* z6eH?%nMzoWU^W|MyaN&;8s4*PE>x>Zuz74l&ZGUI#$o933hyk>y&< zuzk}=rg*HmW)prSSiDkwye=jB6XtD{A6?nndw?98EDqG^FyY_L`P4Q zAWp}|TY@Q*tf0_)SB%Gs;wHY@SiAFiW!iBcmLyKf3g`1zn5X-WcM(m;)h z&MpC=EgwsFVjcLFJRIdX#nkwTMM_{4uKe4d1PZjrV9>{jsM-m`M#!Iz3`HDy_eBEz zxc}3J_Efy!5Y&vm=|{ouAWG|1%bcD;M`i(4q|o*7l1dQ?UXA?GV-Q}2XmGS^yfg37 zR9ooaSK~D_AXz#)H*9W?L*+Ns?Wg>zK2*=6~paIZ1eJw@?c?c0- zXnXTohRVu;A;a6F3oKJD{%jz?Am1x%F$Z#Im{b)Zc9Z8tl`eG+RZXKDp^BEueApr; z6}J1%CWm|Qy%xEQkkJ_0RWm>%`>48F>u>It9eDNC)B#)XYZ@2wmZ5RBS!xb64zI zKYyrG{*el=s|SAqGTTKl^T4|TzV4cY4gXZOOJe8xzfZbfn0k(SUNR=}DCyEt}jcV5Z zuxq=3D8R>;5uZcv;#)y^jK&i?EnVPymN`ueL)iv$g(IY=-xN0dg;w}it>@5BUFG);IlkC8aF$I;C4yPsNuXs^W^CXt@UzbL)cb2Ao(=9;QJw$kUOaSl8~SzhCcJHZza z%|bO{*Gi2~P1-i0$_983!}#>{lFFnI$<$A9cuf@lv*y!7Q>Z+P|NFN#iEJoV=QStq z25b%JZamN76SfY*F6`&vBNFag?t<;gh<>yFmM34ZN}zpG zonX8dO6K)G1tR$k$dG3z9O91saF2s#TVC7YT`tmG&mcf6qvsKyz<w> z>|cG;+ValnyUN*{yz^7uCu}__bSE99SR6g6Qc-$&koV&BtY*WhIV>`R4Pz+!*Ke5kd`~LQdXmd zcT|r?KezkYQ>!i$HC=Mv=g^f>=q$y`{bm!kF*!!trxZhE?0mtv2$YJKk%$*mq90?R01GHjtL1;34)VbawGS z_2S*zRE0ag*Uy>{%^Q?{8jU?1T)&Bwgz_xO_MrqFFZ=R@sU84-t4MYHm*GXVO3S$* zCiJOk$;*~!VIJ{yvs!h}_WeD|bmuV&`TRIbqZ5Xo@cEm%kA%%#L9o8! zOT)Y1C(z^S^?Z(o$4rsb3vzbq;}z3?(?OgAZv%}<Pd-co+fR6X zansF%GCbDMooS@#43m~kT1Rsi3hpKT%$gmFQ$slol?W`nV8YX|tPsOe8uf~;x_YxA zA3ep?aY5w-|5WBiOg&RuojhjkrTAwpuwt-AlzL}Y>(4`2=X}-H&v((v_={bYKtU&_ zowre^IIeKeN_#5*ggs&e-^5?@@gp8pa^;tG;VP#ww{S<=fK{J+`+tqcFBNNiugqJ- zS7TFi_xH8FXR-~tH*c><0R>oQ< zG;mSVtr8w!a1?w=o$piqnKVk6`PvSq`cK_QqeiG(Z%2#cj8pJT0f!SAr#q~G8*wmN z>7@eBzDWlM({ivFMk|xTyL*V!B>_vj;i(Ql@Ibu$f8s1!4xdSi5!b0B>z7$TL?#af zDl(u;XXi-9iZK00rN#hJ8f)Nmv_Kc`ch@b`-8a9KkFYV+7g$j(t}x|U#a>}GJqWEjCkSX7QK3Hp5vN#v3;yi zrphufm4#Y2>F+=p1yC-x<^qcG+~*@A*MjsfHaapBBbHluZMqS5@3>O%EPuc309Is< zOw-U=U&A+p=bxGYK3hMLf(r15Brk;>^lM;Y0_PU_5;X4evfB4Ez;CS06e0Lfku?eE z@j8cPF*WFacKQ;qpoFmepRlKCiyj-0t?l5o%f}1@|?4r!DlSeFQavcchJS&~_IIV5h`X+V4$X z0n+(;)^2oFzwvi&g@?Uz(+&}3lx*@jLfZ5_5IkMKIG2RLzk_s7lkKf?FOej0$vG?a z@1C2;tc!4ns7iZUJ7=UQ5C5vpdn+ z?C|Jp?`}44B`iyZUp>b-TR0`8Q9>#?b$pTtNOkM(%v+#E7%OSMGah%+Io}Wf68EA4 zhd5dqJt9WcF-WL4kV!Z-4p}V<68Y)q2&QR3LZC-8=~Mfx;xacU?13R|QKvdZYp4^I zJ9uZ??WdJu($jcy=*Rh*xzh!H5R1O!ufdMy)2u{>XvSk7>~D1)6AF$OdqPN?<$vI) z&p;Bx!iG8?uj%)PT9FP(Sk+$_@^*?<2o)%5w}<`E0>E|jER_ra6}F3*xrD(9;-8vG zNv&<>oUf1JcG5+0XOK5yA(pKSDtb3iA~Z zBnoV^^1=C1`#>=52bAL9vdKzOI9L`V^y3f2Z9gZ6IK~;&g>HwjjcAl6rd*CWtKFQ$ z#b3i&$KmyRmp|eGe$JQAdrxW}7VS&}N#09(qLcGrpE7FBHu?^2oEqWAM=&c_$ZrCAtLwlNays3{M~WfyOf8wHJG=vYA0XV z-itG$bYU1e|NUL|bgoifr(C4=z=DKkefiO|8wV7~A{)o54NqM!(F%yxgf5AT%x&1Eh!h|9e$&6N?wC z0r`LT0X_5E{@onzPjul3X}d^I2V?8MWdj zQ+{hEp@PlK@|yS}IbYe%xWtfe8D(%3Nc)JS#ceNi@)PZl*-Uot5uGzs6DAY!X}e9h z7}d0v1Nge{K1KXMpROYTx2D6D*Ccs%wUt=CDo`E{Em`78!P+sn%5~l048kXkGeM+wLLu5- zzLS{qIJR7==atvL6Q+z30z3}H5uAirPqqC=4|NhVXk+e>l(Smf9IEop!>@?qoYTjm z|52cx82^JQ?HCVButASBdkVz*g60@nuphU6>NKZ)NHW2@(+*t}O0p}(_(Or(*3s;dxz61l3RuQ zBgXX$)GOQZwdo=(`nh2A(cD}!(_CLuTD5-K0tt%EtfobhWV6Z@iqJT z%h{!KLxAD@w@Jea&|%fPK&E%mgTiulVI1kaLR89MTYPBe3j*{oZ3kGj`wNibe8N6} z&XPBHDL*S4X~Eg&?4Os?U;$sFI$AL{ zuBrkX;|KU_&rgV}?b9aqhDe^<*#u3)yLM2NQ6D$Aw5jEkF{wxCHp>vrRsf2{lBCwI z3N;@cWwZn)7$5>}))q56HJgbGC>un&ZQ{U6#0$4rPYpqam6fmeD!Jbx)vda~%5?2S z?q~Y$K%+pjty!VeS7Ny$smK)|RxOsk7>-xouVytc`n9yxMxm?JL zH-(r~svU%#A9re9>1YOOpfJfdOcHHP#7Ut@5T;0Gs>7F+t~a}Y8YA)x<(k39Y*-?8 zdMfZ#=WX-kwGBjTL#rnRYeqHiXidEWAht;2ha^o0Ct9muzWbG&BWdS6VMR&`QA7p) zWi&7?H%lpnV0WV_J`IGAV_T1Hevdd&V>d|PW--1&4x49BD9l5Ah{mgP63KpDbsTU$ zas1(#NRBr;(wP5?f{ny)Y(kV%(30yCt#ejN`-|kNM|;I159K1BvqG3N@k8OW$*Cjd z=L|n@5T-qisSlFCPU^jp(m+yO_0?n|f9y9dh9Lgd2Z3nO#7$(LwS1XMHkm&4=doj8 zlI$OwfPnSYW*P&UM*5n>VoKFc>ySgu-|o}ZvRb>#_~kkPm{|_Tvn{n65Tdv5RRmN2 z5PYHLz#;hUftcb^5ZACr%y+M|E}>qtjmydaiyPC}pi*JAoiSp%ShRrPJ8{4-d zuM~%nX*wze+hm^t9qY$l=GZshp1x*vXr^>~Ko-SqBr+>(t+QOmzUWvB+@lKJF`sxxzBD@@5IzEAa#{ah#Fl&`bpX#Nr9q zeIB=w)%XV!vCR~h@gTJs(aI3bkuy1ycdP^_(nb}lelCib`Vg~L_J}USU1lPaH?gdw zX2@C)&BD4+73Hf$7k0V*zo!3FkXci#J#PuesjB_UFpqsbOVpN`XQ_;4xd90=0p+O; zq4?J`_9oWs0%BUc&ePau|}faM)Wyom+6Nh5z1KWalpt5XF43oF^t~}9PtT^vD%HBpm zZ1FURzU3rq^TfB1RL!ZT=eA8_Lv!^{b1TFH->ynoD}fJ)lNl+7X;Al`gs6t#F0X)Zq~46mp$uHWprhUK6ua$8ILZ zA}4#X6!9RwDN|-R*^iD<2$c%z6G)J-yj5AIR|q_;z_8!*nudfNw6Wa|9_oqM?K-{* zL-tr`{P>I*(;Gj5ukBJ8n#N4iItbM54RFSpBh6Ya=0?5{rmj^DYp6$%iU%6K?(qrU zh|-alSHn^4a=ZQH#7(yM^*A*5$aFY@<)r|zAD5TQjn14FCGQs@j)j&EHMDPSqg;K+ zIOV38JZ8RFKr{{9u%yB*sfBDr!<%y^Uq9ML@0zrv1~$EvVbxnWu_lB&BET=FCO@ zds$U^`%I^e(J<@<$CM%G*OSG(hw`3ULni^E4*gP3{t*5lLag?qth_F}pma4eVU}{G z_?wn0?19dXhuUtPX}HtGEBha7pf3AZsy1-OPu+?dOEEnX_|hd*HVtlPoI&6dd~9w* z$pqQl>#iA69CZ3hXT3^rw2Vf!8f6wHF}r{Hf?l7gTya6-#)z7cS%fTm18xQZlIwI^ z;jT5_=g)x!<&|(q+6uB+A;QIKgk@s`AN#DTWpsv^+&&s%4Ro$;2E7+NZ7b*XN;Hl% z)gSszRs{8jYGx=th%xggQ4DKXGJ~v6g{A=ma%MGB4COg0R0+RseL4LoKS_y>jz)hDK%JfmfQC2!0^#Rh7Kx~_8Mot50&moMN&EH z!)98CQdJCz0yw_MB_rsyXQ5*=uJ^7mN#)!$B}q~SC8t?ap+b!l*@3OP{_cd^*Zeu9 zl%+PIA{&8aY zPBe@oj$bu-(r+pZTjj2o7s44ei6vfQQ3Rp`ZpK=>GO;=Ca<|3-8kU*-j7C*^<9HqJheu zTdZmByhh&PMSL+|Dw;3E@+1E#wb3h$COak7q(p#EHi#Qzq2tg{S!GW@1??SNgslhi z{JjwaZj|FzVDdbmOEz737`s^n!d+$NBm*)jh1Xwn4zwRbx@%Im}fLZYYJukkc$5b)FkZh)>?{L2oR z`fWw}8&{9q!=aA)Uw?>dL=_S(J`WW@fV5k>4uLOpO^{LCeA>;Cbx}Jxn*AW+T*8r@ zQH0JsyJ3R57kzA&Lai*A7M;|Q+RZ&Pk=(p2EAN9fUW0VydvZbD66L{i+|P8IlMCJP zMEo$~?vE;5L$rK)MGUrEpIwf6wN1FZ`bRE=-1i6471_2vAp3_jAh}OEh^=&BKREx+ zIPV#5%JloKWcOqN?uBK5GA1|mnQ(N~Yu_o69Pd3vWr!oQ{UaC079 zf}HI|91mA$+$39SPaV2`naD`3m-G?ZxNiW00!^e}S-{?oGHegkG+HYqU;I-HIC*Zz z3hlE<4z*6akjk<_%qi}W=-EokM6^7ME?Dd!&mI^?%15OJ>PerOjWsv50Pjia<4pSp z>VH!txsZ>6h)T<>jhBp;gx*K~`=eurgChMd@!!`&!>##T;6sV6ILp@2(j&Q6wl3N0 zXPd4H!b35TTa(PH){r;V8Ica@bmiG{&#Fl|paA6%6Q*NGFLb195h;I7MROlT(UAX| z+c-JXQcxpAwCg?41kBN^M2sC&kiV9(<#}+?E7Ra8QJ&;n+xTv^YZ|b7<7y8!RrD7- z-c=Dn7s6voDuMn+sfARh1XM6wuVx-Cgl7{QpSaXn4QMD3%#C8>WW-B^^C*lCF_p$J zkg)8W|F$rCc`q__s=9gX+jUn9@>ZV2__*1GgogNcw2E|)WE1Bc?r0o;-MGXZua=ql zWfV-MA*zfh>0*cW>N}sDvVR}(CWZNLw4XJog5eIr{a2{%6z}E$uvf%|<05M}I)S#c zXwF!Ad@jWgC#UW+!h8UDHo(&+ksFG=8kG!zE6=}uIEP)#Oh zBg$=MQX3Bnen6uZ76B5+v&){ToTMy;W>}y-N3z|F+fR9G^cUsB6R4VgI`5Qo>+7s+ zYo=~gL8t*yAfIDeW-ItNhi93r(sCXOl%Jf1%l&t`m+oJb)W0Y%m;dh>jE>%Dl!h+J z;k@QEL3T>_u2^V)Ar#lzxXz^pa7%2G zGd{7__~WVO7ef7152&Tva$YB_@`_YwK>reLo81XS0=xHREEjO6&nsVZkkE$F*r`z^ zlEYCbX*)gZVc`XG;S?SOH27TNaNW8u;SFZ70(=3HPnYy@ucT9d4O?kN*`h zm>#N-hj(t!B6UGXwxizK%GC%Ad_k@WxDVQF!-EWM`JO-zWRU^~IX@$_M5H4`m0Pq6JXn`rqyLY(Uy|z9Q)MCNMfr*v;;N$iV&y{nKmcam z2sE}ukc_*Qf*nqgn{0ljCEYZ!)<1PBtzX09IEGwm8N!|KC?j|}I8XmfbgwN?c|cPo z)+iiqy2JvqMaur7yfR5%1g6Ok?rQ!1_vqU!A?mGs&|sV9HVE{GY5YZbe=qtM1s#(x zeh?97zDN#q% zKawb;1)F2A&EVg%gkG@HrJ~>;Xu!bA9|Kkba#$1J!^G#jc2n5JZkRx(gc>!<1o`8h z8i(J1q>JWXji+!CsJF7&fL}2fFoDi0V#Dk9uU5l0O+%T6DdXO1V-|O)P(e{i%9xK$Xtk#)f$_S4|@z>0B_}KeSPbsYmhYFkoRc z$i$(L9)GFCIqd^leih=cLN%U5h}+Xcm5hM?mwf8@~u{ zb(Q}wVEwC+<=Ov><7|326e8dA6MoM_>3e7@z%<9WzW@ik_lKDw5(xqdFS)ofZwO3l zgkFn#wX~s6mO>tMQ2N? zB>i+1k}oepJ}vFf%OO!QK+(&W3}hB@!yc)Epb4_k;fW35n#$-EeMP+9ogGDGCVzaD zJvCFL^wE(}zNVXaHD{s2XK+?9KZ_9+I$3xPk$hMh#ggkv7DfuW;^ zlacJHzH1mz&#jPwrPq9Aj3UYi#p;>C&Gvtkj?iSTAC!AM%a^@1y5`%5*h+GMEOGZ~UXY^gZlb{Y8oMkA86WW!--cw;!X$ zHWJ9Qcg9uDUR%kZ;}93-PU?$P^vffA?(%Gzs3COr%1TQ-nZDC4*>FiePf8SW2a+;y zKr2=q8F|vrci$1~+>Uu0{+@$WB_NSwjnZsnJ{uXxScg;=oRwEhVN8`sIX3t)UVZ%E zC8RVxJL(N}Q)y8H$*f;I+=~W1;xj2dZV$WJv`As}r~O4?2%FXwANl=>mGn7sggekxtFdm##wC)w zo{*mEjgrm*r^+zhu;T2mqX`=+;FH-tgh zO5mIzk8}KKa_Y?(v(Wp+Z{=FWL!LRD{vOv&w+oHvj$(sXGTSaXXyw@^&%{U8;B7qEylHyj24@)U%KubOS|rZAXRN@^ht2-DlsL&F zrNSYazWFl|DQF}!!}j(CafNq3N+;t^!$!dc}yM6Pn`@Jz62vz z)P8em0jsnPf6ghgVu0feo5haM2M+cQf=@AybS98E;yM}3*KGL%Mb_b=ph|O`h8SVX z(4)r?r>yWATyOHrnleR?2IZpy%SF@p2Bu@MnW&@*rtYx-iVC_Md|<=8<}AWoh%)sxvqu}g?_(>Sz5Y4wp?o5 zGTzVWJxo2BwBJfZHS%zJbHxZZm?S0Wrw1swsYoc7nuYM4T-Qo<`;-0&%1Cx8fRV93zPrspVTCw84-A<$R`W zF)onHjS;?9)Bw}Ce8svn1n7Z1jn=yN+&mP7UrwYHhtdu1+&5`>L2wE$d;(E#>j12u zu|co)b$6BSc4+Ey=>ZRX{%64I==GL1fS>nF-Nu@$D{4` z5QouwE5c{?J(N0GLNeZ+vfCs5^V0Jg48W5qlLo~L!8NbA)3Lxg9%2!aW22$=IwMN| z`eHLUjUoc|P^!UKEn$bHhS78c?xDeC+CuJr87EQ+n%~~?;_~V)rI@OCDO__3lDMJ$ zzt`JahLxXFD>1>S^@zkjBCD-r1|J6xJo>jHHt%$MzYF}q@Wi>-$w+%8j9wVAG^fDU zR@*|j{TuGHQj*dFBc?@5QUhv&tu1QuRIJIFTLm~~H3~IiSZyRzqHia4@3n&B-2p{1R z!J{5!0hP`KHnghe}_Meh)}!*5rInxAHk{t1(CWwc+J zugy^@!>vF<5!X%bhheHW!PT#qO)n$;|NS@2*Dq##)bWD50@+7b+#4!mX5SmVe%pQj zRpGz|d6urr%bSn+XdN~LduB=wX3M0OysGb~BXna~f1poa`+m6)eg#E~y>CsTZZL)B`#R&hm)~w8bhNL%-BwpG!||)~MMxZk8Paz()v`xhDtnie zsr?_ZcHb=Xr0lBYY?$XD{7!B4*$){KL+{=xs2j8}jg^NLs*oj2lZLV2cobrZn(um3 z4Z;IAE7`Ne%t~>|LXYQ??bg$;9%@ka*X3M2lr3DT?EA~QyUZNGO|V~R<3{t~XhD86 z=0o=lL147xO`UY1mz}~8z};R4wg-I6_&mz>R@5xyaI0G>-eq-eCPxy>J=$F4gBv^f! z8~wML&kBgv2OupqpT>YD+ItT9vb&I%rO#17;)l(1i-@b~N`wUxJ-b~XWMN87u^i5t zz>OZ%B0SPD%#~LrOXX^9%P`G{uDd#h07EXF(y<f6`JJ{{;gS(@q-e8l2)_%v&igl_jeP^)!7v-A zAKW}OXismCcRT*6J7PwoV|VCfg(ropYESM5@wm--GQF9hD)!jyT=I8Ocyj!Ul8x+c zykT&J?l7GS!H<#c@5j0orE()n=}d2G8F3}(IZ3ekOf-u6VG zZG}h)cGDHQ{;nK$mA~LAgOkwr@-%0oU3dFKfkf6@9$2NU8|g~#WBTn&)rC@h(Gl`M z^ikf^YQ#v~Y+l6c2}%MF({u*{=WldLUGo?%biTyph{4xqRX+yNuMbmH3$fGyRSR#C z>Si%M1s=RrVjQ2ev)cZY@1rOCFIqmEn|Nd${u-0#%_;bK_D)>qdW{TD^0rc=)kK^FX5JfCu{iya8aKpMrMz9BP>lABIVK$BXV9($jGi+0aMym& zh3^s|Li^T|F3)VXJkU^(QI~OCn=3P+SeZVaL2+0K*WCE_vb4%S<--uECHm4DXtEi| zD9GFx}KjIh~(1;N?%GyA;)mO(tE^@ zWvpqToMrveejU?%HiY}zHgW3;!_i8(P7h>)XV)nL=C7SK3n|zZLLKb9RcJs}ld8?h zG*g%>L08Ub1aSG5z2Dzr#x|=i(Y`5BO1AQPk5N{3HdW-amG?>p*mn(HtTYmZXhpo< zNnZAa*30n8<7E_P8vl{xctNbACPRt5305cC6XXp8ME-ZxFx6SGqP&W@YB`0x#3tKJ z)*@uW%MpT@4&i#G=YJx|lQT9(&LE<<IL{370)fmM|k7{cQN@Ao2SbLT|j0Rb3iVQq>h5isL?3SmD7N z!-6=1rCJm52niMp_U;9$N=SFrm0a1vQ+Z@wWNYA#%Y5q2E$) zkWQT(TVa&h_OKU3uHM3@ux+dLSr!{v|PKb3x(swvz2;7&_R zaXz~or^42&YIUj)ZM8Q#|J3VaM$4&7{k*Y;FyI3xO2O(8lIL~_p{`LL(7h>EP+Sjc zC%=>DJLPi_E@E4<u;>o_M1eD;Cm|=O{x~joG|K5K%P$c87r0EC4_hL2)C>c&wszum2Wo!IXz~nlKq2X zOJ<1-zD0_fjpp|(w&bo~9ri=E8GL+oS81D8%Sdi?T#M_iQA~^N zh3ECYP!P?09m;|el`eC9N>ZQWya{C0G$Ub43iU~S;#4v`k7G#I!sHXaIJtm$)hLrU zJ>xedu%Y&=KkSHPSX^M+f+kP~~ZDiTzPbu$mAMUCp77;woeU2d8WV zpX8ZtXewlEfgIZO3RJ#A2p}0!^vz=sTMoJ%Bt=1|GiXJ#HpaI182^c2S3|i!j#|$l zMmAR+V}9=~~<9Zw&PKPE@CT-g3*es8%Au&L&=2C;xTF5!%YPiI<0unC+L50F~S zIDz|_mVB41_lE2}PO1uHzwE@Besw;SUuI;uT(081)yEfIhV#|uH!!!9zl+&x=&$`o^Kz=BU+?GC?63`;p>FXQuZ@x<>Y~i`XC6BF+Tm z8w~=0$r`6AZoe33pYaP`Gkeg?Xo15x;>b^%N0iwyF2Q852a<(=7qr-IaTtOYe%7XG zjUCQ+(nR{0h8M<@QQ?`rQrw1_VGZbA=d%doU?ZLLabD-eNhRj{lQ#>P^x=k}`B*m< zLv>T54YGLR=ItfAm3K+pW=3H$y+H2%1X)=PYbT~ZvmHRr_)U9l!0&^>t!aAxInlz= z7FJ$VXk}RXyR&8p6A%NjgzKl3oD_`^?&t! zy(`Z3ty|oVY#gf)6&jPbH3nNVGTYEqMdq>@jE7Y$jdW*n020?8Z5a#=csN)B#mZcZ z*pZih!}oPi1mh;??M4u}6IPhp{=R`cx2FG80)3Q2*8=1e^#=1$0#tR?&~m;gYZ8BT(EJDmd(i|$0(RE)r? zfLluigUJ{iGH#}Y!1Zx1rqbGrP&iM<4aMyhaoA`|-DOotVk-r%629oappxD+FUzwk zoZ?ex7mK`gi?r26<={d1{NmMXI`e7~JSo+;A4PCkZrtB;2a$7k^q24ND@BQ-z}A%p zg(FE|F#A}luj!ro@XJ$5ErxT#_~~zjM=SPv_@jo-{yuuSs$OP9<0}i@UbNN>wDot| zc*4I01yPRG>3%K&*CjmvhE&#k9IuJ&_t%#HJ8cPlc!tUyUJMTZhEFqN4G?B87meyU zaRxo{6$l&3Br6v03EIYO3aZN*D2vu3{k)qQVN~c~Ji>##?5w0@bFA>=eYHd01`))< z*;!uQ=;#Zp<{Z>Ctx>^dX=O4mCfHP9gr#2MqrUqC-x=Ewv*;6a$d+`(e>-rWIhS5K zbum6X)5KiXliH&$ZA%M4I2FES{+duu%N$p8R`Z+6s_g9T0={CqR%3md)t>gVedwN*T+=S&N{EFwjHv*$W9e7>s?;ZWH_8 zzYtNhGBbQlo^OoR`f+o|Sl>N2hb@7b14c1emj;SiFK#ZROsUgi3$z0e2IiwBCDiMsp!hZSEO9tHn zdSB3zehRHbYo~CAT10h$ab&xcG{hc+_rw|eENb1a ztz0}!(_M3UJG(c8$ve-%&-ieQ_xUX7y%r8kA$v;VtVSPZz39cHoD{iX za!zcpVa z!!;)M+Ei_`(bySr6>pAz1=#0l=SnRUeOzrhhB-R89uw~`YGUVdillISq9*e!JCfRJ zHUZP%bzbKHle*?-YBhA?Td$PTN$Bl-QbXT8{5eiRJ>RpVK#1I2RDGyky8RzkV(BC2 zQY_%-JS?P;E3W0^BDAT<3xrN$YJ{VM@FVvnaw>;Qd}t!n4Mp`tud4+iT4|hT&B(Xb z9M$O{bD~3I7rv=6F~`dQEt$)Ul2lGQ5d8{_TbF^U-7hF9UUwiO;-h&f!Q|}~1+q}U zHeUO@Hqj7vysS6MIp5dJ7nK?ChdHX+55plb)>{H>GpIOSE1lwtagToRmiUT9V)l%M zTke>`qu5&O1!hf+RgO}w$*P%3Bnf}F&ZzQo?|&EL(c<9XTrB&y+z_XC#OZo?&+^}_ z`J0#*kRZ6NLjUTGNB1iEcll#B9C^FK>D&r5igWYeKS(pAQWBfB+`G>g$9P802b1o6 zU-DNH2QA|$0yAku(50G{??wah9mM@eJy03{ov6rgVK)|2RD zoLr&93$;cY2H-4G#1b;5TiD<9yOUL>&U_>PqAa*0@E-5?2U%4 zC$^<(2DtNq`zObKbKCgabCK^tD_rZFf0CZxfYKsJ}i*reoc z-z^(~w~$|cI>4SNXRJ?e{jcpcFMMY5@Dv6t?-!n5AI#&Rsz&4F9sgkcz#PsyL6vfJ zGnG+flZ(OFof5C;3|2U8qy!}*C^ns6beYRO&1haGJejsh<}ghwmL%Pn8c;td-z+x{ zykr1=9h#{&WqqjB()IYW{Zwq-iIg6gr2aXra*)`&$Xl!gbzc-k(jtW->F~Mg*QJ0b zszFqf$9-ob^@B;Qmhb54!PxsM3^yP^=oSz0STL(zg%kcnU#1?%>qF4hg688v&ft3EK+Iz=gln;In-SZg;((dEt$9?E*|}z=F{u# zyMLjy1)HA|a#Y2Jd>IEOerOMIzLsUL1{3lQriqp9F2XM%uJA4O;oLjD(x@wkKM4oU z8jSh8H-T(%35W*r2qV5zR#$QX)l!11WF~kyW{=qgO996LU;n) z@p;ETnV$+cEE8`IN0G<5GewM7g)Oo!>9A%9%QmrUI*}QyX?-xPF_Doy2=owVn;!aV zOs(V>Mf8m=h0>e%y!fliE093ST%2UGIxqJH*oJg^*=+F5oS5yJAt`R|LGiz6j=V+c zyHtt6qOa73?8s{OCx1McljXZX zx6O7fD;@mmk1bX#Cu#kn(QN%UVtK)Fo#(1VHXCH#nHDHnR$`)Uh{KSPi1Guxcrpy9 zutfaMIkuuo*PtmwCyKLbk&kiqh8h;mtXfK+g|Z}$u~G8L@Csg}F}1|pP9@8F@u6&N zkzk#WS#0}RP>c2cAT`EQC1H}eUBo4~wfe>gjOy@x@kd^!Z0S`BW!>QYtrwdXs)PKO zk37vVLZJ`o!~rkmd`;_Oea&(=PxJVuN1etO>gg7VV`EL9rL75; zhdr%yHAD6{h80u~lV8L=lv}V8hWd8^`YhCm2050fI)V=-(|E0^m>RuS&810Db?iMg zDXge59qfK2e(_H;=w^)c{8~rM<1(mtUNRFQ#wf_TzZiKI=6F?5VpX@?N%@1TmM|D9 zY7EMfv61XgXI&eKf(EwD_|Hz&j=WQ*34WpeN-SPl5-k5VC5xfkabsTz^0~lUm$+N2 zC=`blWf7}0FbTY|Lt5YYg4NfgSRPtT?3}YNG#(du8>8o%)KZ6PjHfyLSt!=O2K)J3 zmXN;xH~Qxnv@WrPhCt~=>Ij&jIoGT_ecx4NGZNk7HeL}f!Lk*y z?iZS^O=un5@bW%;Im@sZfM<#c9iP|+7JU~g#_22Tgqz2)*~2Z&6}=$ z%7jg9Ya~Q|1@df@JG(23wMFLZnSWuuEN?kuV8t~5;k`bcu0;0QYMlI@3%aYnX-0b; zi9L2-p8Q(p=q1IfqY9)vb~NWtw|Eu}5{rEL<9a;Q{u-h^bZQfwOa%H2yw#~2p`+{P z@fBm=&}11SsH!lQ4ADf`s8WvbS=Eg=u?35uR!dQT_oPO8;v!^I09s33A=Hf(S!FFX zYw<%jvsz+x-K*AG??DIr5sTFHO0ZO4Gy%ZO*M) zte1!2;O*JL_}#4HctoN1tUNB^GS|Xyh(el=1~^`=&_$|%+A8wdT+KrT?Oo)J7G_nN z06(29Paa8@o(sKd?~W-uf6g&~}m9#=GY zzLZDiT`#dq`{hFgHpoVXw}Ck7m^d-^llpTdCU#H@vIjk)^B7+O5UL23bp1hd%c8x{{pvAeBywdD}# zm$cpG4CN{@QJJj!`caSJeL%84@;L_1BDpT8b?M_27h_xeZ$m-46=YHOpu=sapJ0D2 z1&MPsnAoQPgXj*G(e(|{DO^Bv0sKD0S*n!@RB$?1yhmn@7k=I4lSUFmVy_m^5K zSL|Tzr0>_Xb`~`a7=3zHm%Cufrtt0CxhEDR^G4Z@z4e@*{ykuUUawNeJ*A-z2vDz-y zkhqx!I4hlxl(jW8+aK7m6=mkzScs-X36$ZAbqE{yBG_2fFTOaRM9Y2OY<&p!RAg|h zz?p6)%G(ddoc9y*aZB3NEP2?1r zX<7cnUpfD7>&6${B7r^1c{`P@;$~KCXfBbT@WcwNWSq>=S;@s}(`zvKHZ>roM?cs* zbc5_$y?wuNQN19EKq7ODrgon;frIMfII=qr{>TV~wEb`1S8%9$$*_8|6YN*}KPb~h ziODGeSl;5;=R}UuBP1Xz^aq%PCy!Fwfz7^B6k8;XF*tgd zqU|)z*6pek0((fm9wo*9gYvVHd#BPfC2QD`lm!0dc@g^t$byLb%q&V7W^d(QcJuwi z!Xe7(lWx`!*DMFP))t*NR}#Fhu>37%hw*SWu7a1voZ+u%AdoyJy^oKzpT;AB;z{@7 ztLyXrfl;yB0Xs6EeXhip+}^$ap!_bHeLo;GwcF#531qy21yYoAsj{BCjkH7KY^}33 z%Wbf3>g_}lBuAmHfUF^EjIrVD14T;(67IU3+w>awl1x+W0ow_pjblI4>xF3^+k!M< zA7CA^GiL6N(WgXH&`Gtz2W97k9lJ@vX%fy;ftPBWD=4H*E>}+NC2DbZNVaGk%?=r{<^Wi}| zf)4kklb6DiWz8kWjTGlw6R}O+WjwA``20qkeDMzYa|SWV{B{yVdgkNJ88mL`GREHj zv7nNwHSEynme*AP=p}wkKD~z;ThI5(um_%H@&X`q%d*l1!&aox(T+*L34XD=n8<3^ zSo~3fMrZTK{d{I4qx?vAw8efpvPsKwr(lwTsLNjw$u^$dwU#ee|nK?Eju3qOb|ro7Z*wdhz?1fP#CI#fTCE@s6Uy>qt>I*^;;Rz6G@o2#L!1PNF5uSu%1d1gXY$j zVB_daJ?gTKm07kF_D*o3G{>NH7$NY3&gHX;-}P}zxLMhHM}zQ2q5Aff5>>yA--|&M zhjR4w>yQK^d#eceS>*tI@joc9p_ah+6Llq)oF0R{U2R==Wy5V)#+PRHS$)6MBtS+{ z=|lXVOR7w|7sm`F$x%hT@rpHZcQ^PU5t zRU16a=SJ&MopVSt1pIUR=r0e{6k|bOW85|%UyJQ;M2&3b;FHf44%OL7v(a!nv8c)Y zLZsbJvVyob-|Bdm|9p$N{;QxPkUo~uh9nM1&umdJ=en9U>HI+--V(=}{$S{AYDh2H z3R7spsDq?>(J@=<#wtiTX3hPDKC?#F3kCP%T=wIS^dsL8%K7d%2X?p;S3|Jte_oDTuM9) zUs2a7j~eQbS%0}NRhLBN=Yyy3ZGA1CZVtSxCLgC&@1?LCAuT_DnNd{T>Rq*FBQm@Z z-u*=%!T-2Vk?jd(0i2m#%Tkp!Il9*g9{l^0acl7(y!U0cvK^JM62{ini*eYhuO1X0 z!x?O|xaXt=3VXrRkFNHbb&hv;3rdDG!rWSU1i#s(Mvvxqld7p5BQ`qcx>vC3B^r$e z`^pOt0xTlgj*1Z!{B4U~hSCgAWh8N_)af)uf4}?q1|$1B7`Y9Z`=1F(K_MWns$?*! zai9nl?dQE)49)&h1&NuE!0l=WrjShoW_RpW^36mwlT^i60z>o#l!n@u9;Cn@0$1i*N(uV zSU~AscSpL(mtLr*R6SdkSwLn@PFw=i77o}>`kg@k3EIq`J;cftY9)3BTb|!F3j4(u znQTs0f|szqY4r0wUNWIRNDzcPc%kvelfC7sg$+ZGA6Q8FPQ~8A`x~~QD!UYN=11F1 z4g>f6SVGamyXk_gCQpP3EK0`xXAW0K-@)aX^LjcPsm5JzU^SYg`N@Eyh-eZn?rZ)+ zyhnqaNV9(2IG8*R7Ct1qJf%ZIw|Ed8>*KbV+P9&Z1{F_M`liAYXe~+ej!{_-Sy9xx zhKOcq`B@?KQvt;tS%RnySVB5;+4=lyPjgUZp>f5^&qfP`Rb%3}+xFGLZdt;_2OR8qVfX$@si-} z#3{tO@K}*3{fXXgZcqP^E+%C%#eP=Ia4EVHVQ{g{UzDI-p{iDhNG;bJBf73B?ixe( z^yB-%A5*k`-+oOVkYpi`JKrRHfEdltCZ(ZdgseFO-_Nt*mfAW74%9RsL3nrj`We!{ zZp7=IA}i~e46(hvxBO=>lZ4zl5-?!rO$^am9!Ei)>$aPb7uB?3P@WwN@{y<)6Z07c zad+gg1N3j%p4FX{XBJs+xVp6N)|K;fUE>rm7hbJ9Z<_*@VB}K+2gsfz2D)Zt!iLcE z6XI4eWVpZwzBm#*tazOjdcV}y-(JQm3P=cDLW1&C9<-*;*MrHY?EsWOi=9i_<;R9U z2>eq#%m{V_+M!*jr2?Za*0ifs?-Q8qE_QWD0EHFA($@P(S~~CTt6r=s_Su9`b4%L4 z?gYB8$R<54yw#JMz2drgJN+kFIB4a?+o1Ma-A$k@pBq>EMc>_Yq12S9Vxqgqdg;a) zge>!&*DOAE*5bL*rPy-FG-~$eijoBh&$3L5AVMi4v4If@C_&y(q@c`3op_d*PllMR zwf$ymA$idPV&skR6CRSNNU6nEe96Mm)7~slx@kMMER%WKZ-Jx~kvnW9sP#y_9H^Pj zYs8K6tlybjUoP5E82P!-ZgM}Jw>LOfG1JR{Z=3pU%=>V`u5Ey+V_s;?{##&|x5WuR zYpHW2<-qAZ^v(1hcE;d4=31{)e$K1RplZFo>~>>8aOU%Tl-!eOwfAlh@VS`B2+Bd# z>smN+nVTa-FzcCiH8^h@4GeFdj5m+wKZ`^?K0BEH2c?6E)fPO3NW`)3ltLQZ#LNs; zlmMxt!bp@ct|h)5v7+tb3UL#yqtWSmf`}5aCQ)P}aXo`tom~3HDcZ<2MBq&;Vx37Y zB+1!G6_9{8(37Y_{nu?~a4o;SVVSl78@~b#o_ZD@wN(FLWDFvB7k4sCQ7V18+Ap*%iRqhk=5)N4g1!GGg`s( z2^1OXm8mTwnrJV|E^!G|tlpb3sYoFOBHJPi9efz`oeMDezD}`Mr(Gt8@`ACGRdL6g z|L>zxGOovYvL=)mN~d0I=;Qx(I0l!6YpeuFKfy;rPw>d%YZXfM2}Q(YP4ZM@G)bX= zVPoT${?oW3N7}O&Z^t@Rsi~9b+?*3FnxQJ|*raKegNm)|4eFGMMO%O!{CWCf)l7nVC$?me};K8j+;)9#`ePkg*XVG?A`2D>;>hU8BAuSI6M+xsI4~uT+S20`8 zYVT(lLW>a3l8E_*x$}7G3PIEB(~SoeU0Pv+_ucC?KMPY-OW*Ja=nrQ(c-T@j>tO}E z93;PwvWi!>ELtgk)o*V`F?7psr!rM&)oaW-`^=7^_ZtBTW<+rNu~85fkfg89=5T+< zRKLi;AUl~f3s4lMtk6=p3ST&gdN)(FO5ii{-g#f^r^5tGt@BO0P;}lIczqUB|7tX} zS4FY0Y;VYXaR>_@do^GcG*6W;VL5%|Yw4d-kN60r=F z0J5ALKLWcFwio01Dy&uK&Ln%Y$UYjTcAEd5=da1~h|P4lYriZws2ig6^9D>_>`v$3 z*rXAKoj<>B*OtXW2Ch-OuVcKZk|HfA9X5*p4$#vX<8CG9!?e{?)OJ})QfIx+i6O@q zqXT)MCMoJ;^SaH5y&Obsz3OXAay&u#4z8`0(_GJpO*l$H}3W%8WyxZ@d;_X3b|x_ zOd33?6a&#CZzU3gXn$41c^76A-A7q3Pdpy9Z#+FDhADt$`1(Dvq<755v@71A?o4i& z7bzc#iV1HpAf{7Y?mw1_FDPLx1#EvaQbbNp){QFmex%?f-E129yCY1`pbR0VFJET) zn&Xhg5W?CfgCh*q`@==A1nJIYk!O}i*xhVWqcWQtjuqqV5xrJCMm-I^a#`qeb0-pr z6(!xr;J*{Qzgec3PFijHj8E}{m5YLfPMoce)5gjMRE2v~Hm(Spmsj0Rjn zA12fdr2Il6yQ$1Tt|RpftCb*;|D`i^*FBfW_EP?ci_Zhjcos@p|NX0u+pfnxroxgb-9kCv$*vYr(iaMR?{d&aA^sRO zzWC2ea`h5m7I(COoa4SS>YZoin>FD`y5gvd;mLNZu;Kp6B(TLc=GdfBb*^kV z)xZ5SYbFjc$AxVJ0E#m!yv1!hoNb7@9dp{wivS#E;Zw<=XH}AV5J5k93}l4{w@T{k&D@m35l$u_RgmdV;bxM_n_B~ zTslU!qb1^_Lth6$WHGC?P(X`b0*w5av+YO?av#`Xwz7<^E+>kb=<<5AVVR%W#N+2) z2ke9rzZ22W zbdzZ}ST4?1vZBQ2HDvRW;Im|E=a6?Jd$wbT9qT2qPj_=s_D=OdNFro7I3(el8(x3|n0O(6QvMWOc{NXkyjE3( z$zm4ZJ6=tCNjOcm%%mKcN1f{6#5tdEYa4P__R6#`y|}z_k$+_I22_XC<^5NydPz60 z>F#II>uMG_JC8{LzdFjP+_?2g8(pX(7la+IiOyqmEN)vg%~CH6C!*}xsA4RZ->*+j zrfA1w)?$7{-(sS>6lZPg+ABA(uxY=)sKg7bU-8EniD0iuBq3B9l|)^=-A5Q{kvc5>Sn1=u*>Y&eqms#dg`&~*RVa-^cf_c$w zYMbmehIy#|GmKbD*%ZwD0q8$#6P=}Xj8i@`&+jLnW$SC6RTpl5P#kSb024cvw79ZQ znA#a=f87qHtqO@l(o#Xui{<*L1jkynAM%fnXZ(Xw-LuV+#)F{pcdWzL{r6stf87zz zGjv>R1qc0$7&Z&xuErw>EXQMI8mteq^@-h|(II?ScTfl5=! zWD1I)ynm4phi+s<8t%N=&lH$O58YI+YEKI?D^~{8*75-Co><}u<}zs`<6*l=?1`u= zKiBL2<-&SV{+emZWru6WCFJkxO^b?v{BLLL(uPtEZvVC>N5yAoN7>K+PmoWT>m2aF zbu=IIF#Zn;JMd{cII65D-h?uGB7UI-rj)$-%`u8~a&qIx49ABvzgfxO2eZn*4jCLD zDmBx8$=(_@KhR9n10Db?@RHn`kN?pJI8iG29R}eMySAX;$*bdjEW71ef%{ zsqziZ#Erc4?FxKF#|@Cbz~K_07>6yE)^UEY{+Mx! zx8!hHG~X~OlPeC0eCB1r4yTLBHqJg^HwCafmc9b5u{Dufq{^8rCFc|txu80S6Y+imi*Faq{WJGEYaDM>YI)n;z9lk5vGG)tP$9*x7DMoy}&tUI{R`w7It2NoQq3H~zU+gM)p# zWO|4aNW6kdRD9%~`RopQ0ihA8X!}I_>(lr9V;NNjJD;ow6OY!~KhUz}m4po$VX0mu z2I$6guu95^E807fofVrf9g~g zpGW;FUCRA8w0uRWY++8!5{zB@hjo_>K71P4d-f@A2rP3-`F-7B(IV|h7wOXQv74)$ zRzm276Ek27>1v537{w@;B++FPB#TK!;dWV9Sn2Sft0=P{&KJ!_PL7=@Gm##qEeJpu z8wd%SK7K>zq82Epb8tn)8x?COk>!mLqewMCi(tP;?!IeV+{~P$cZ?Fb@5v}ykVr|t zR;4IBeS+SX@TRg?&uvkiKzpb7TqG1)4I3V!fd*w34z4!z;yv41yM_^{@6x!@ONNjl z@mGbi6b0>WPU=y}Oe>b<$GTn0yvRO6zusv1%@C3@LOyj;!6@RsM{Zpk@N@XK_0p zZ0!*RwQm?IQoo&r&tO4gLq89h=`Li->W368y2Xm%$tdK+JTp7gC;IxAAbH@Ertk_0##H>m z$|Noi{8r_YbAK}psIRpoEk7eH0p>(!S3fenF8TE0XT2Ajqtj1fMa*qyqyJ*s)ai$R z8`2LLJqi*s+GY&HkX+48r3t5069u-Ra=s~sDtf2N4Fh>zmRoI?-<}g*@YrN-WS(H& zrwQB>&(hhP%&g7n&*Qv86vxH_v%(+?`x~wQBG8t;@$d*1i;DeFu4X^nmY#~P{UeVf zR&}+zlulOj-TU&qno_&1CXug~%#df_jyEbd(hqt!XmkIpZq;H5xt8mGoxQ!_o#F{>UI@$N&Mg7f**p-|EqTW zCj-1X_&a%=dX3Jah+&Bf(MyKMmVTKvM%0{)Xg6*_lw zNR_MLS^lW^MZWz798nVkT5d1hR)NcoK@1jn5zMZ_FL#Yc6}y~9RSlTCpaw7ej&i{! zE4rgeOD;tTcCe;ObLT??19%<0S&MV`!{Du#L($yl?0Y?0id)?}NfwsZbk#bchtdb$ zCs1Q%x+c`Q$hyjBey!RtcV;3th_l@b7u>k=>!X;bAL)PhQ%el8uvvZVrxU1LZm8pZ z#WDG_V2rKE^6P>(#z{Y%HEN;huw7NAqt)5ZeWDJX9^ukKCRQ)O<|^v2KpPBcq}0UC zb%SW}ZW5(wWIB=Yrs-nKcg7RegtB~Dy1W+P43HjpVUWO*VQ{f$bbV+uk-^VsYbixigw~q98fOzf%S-rb!G-(2aR|O(nY&PPj|3>kS#d2n} z)uCA%W@7LzHaH4UO@n>@Ah6y@$82r!5zXK!V_a#~QoKtxCaU*ldtYvGQMXWQ5Q$nA zL=6fHVVLRx_FD$F%iQ41Ckris{ri3NJwfoW1NKSWNv%;SSI^5*gTgNM#ZXw;3H_%b zNIRArv)+eDerr_!r*I%a?fLU6kFAtnW5%bOk-JV{ORb^lT3t4{OlPn9#naFK_RW@a zoGi|XPR{n)YL zoK({@Z44B~fvFBeFpX!m6nhM@`-;>PFZfZNI3TpBL7rp9I@Zy8Ef!5wOaOWegoD%T zb-P(pWdg%Z*qFOF%udHA{IvDuPTHuwc6pk_do=mPoG8XdH`!tkkU%W@r_6zR0$9Eh z@JrG_Gflt&2i`sl;5#kn8X9+R=7cGiI7etiJH98$W%bnw#>FC!iWHN#eHA?H#l=#Z#UX}@Iv|w0~2X-_2gAJeyCwa%gJcTtn z8;Aq;Rr_fGFZyiIcnYW^-cE`Q2@QN;{WEMm6D5>{F#7$=(oe5hZJ2b3V(G{kDt#0j z#%$C7Ud&TPu~td2jSPvO-ox7OBe3QwfZl4AGfV_#Q{$F1{O=}Tf>OK$%Ibn~F# z!IqeYfuAKsInBOx?&rirbbOlf$%$mx$bFhT)}4oGTRcpZV*SeFzqQoR!r_BzPqA6) z%;4z8QIvg_FR0_dV8M-pk<`_7r&+CEesGu)yX#F|Sure&_Ic9obh=g)p_3%WLEx?< zDz~}waO1gny}P@eiyrM!OGl`0hSuPzEC*HZzFQ;R#sEvDWrutxV=)hEhLW2r?edf7 zkdP@3nX#|Ztx?+Kz#EznEv1|-hcLA5T78q;7zm$%B7=i7QU<%D7OFXQKZ-!KOfAx| zI;uINV(gn2zn0Z-!E&OH99&J)>k8{Alm2Q;>hL*lSD7-3jOBSmGk+L01D7bc`AsQ5 zCk`oU%vuVy+2XtSC0voDWT6?p?l20Y{8x)72K6+4LmL;T$8MV52O^^JWXNZAGFOrS zb}}&td{r`sPtNue3%vZrw5S&#w0R+ICN-S2gZSkHzo?{BOsqwK zvKsH0N)T20?;!SBj$FXC?};ZfkeXEz$ zB6G&G-BqldDx0RK*}7{Kx%@V=3)g)XBZQaXZT^oGguPl6UE-|?@_t8wzN&M*&w^3{ zBBN}ujU=UflVMwfZ$Sqt3QhULCtMeFaLm}rnLV{(Oh-%jcy`di;(x% z+T*`sNmjEGPwBj44)N6XHG4cq<$gGC*e~>xna8u$j!eW6jTjA8T=0vXf3^s9(xE>6 zgU0f}fq@sLvEz?9pJnz!hC++ZYIGx_*nTl?gEIRcl<2iApMj`v&(li0vq(2_L##!) zFUr3(x}LCSS~OkujEb7|BTUn2M5d~Qlo@{ZF^C_52Mo;5N;YklCeF~KtnU=n8s*kyJH8vy!kkg=OC0qc2(*up>Ch2~N~!V~ zrSPkBaVJ()&ew&8$;yMElXxiG)sCUAA~eBTEKtJG%pt*lw9tu7Gc#!1_-OVgQg2&n zb{SFWt8+T^m0OOmfqTh|Fl?TAYGC#_M(0$arJxnXi&wGivrJ41T~2p#8gL_q+e43W z%L~YfFEq`=!x8YOC)NKwK~#`&z@F$h367L&+77u@wB<+ku})d1iON~2X^V6$YP)Q0 z*4;%&RXuV2@unSk+s9Sjy7$n+d0Xq`$7^!ThUYFc;(JVm%Sp~>76WY^(tfp+%WDA4Nqwj(g`qQ-C(vw zFD&14g2^^xqRGV^upvOQnbR7#UwF_7h?3H)FVK0(KGS6`gjJ_F3(dI~(uwj3Z}fPU z+&iA*J)UBM4C_XE=IH^8AD&&RYD4`m@el}~Gx2i*wYIpY*sGe=-D@Hzg0GG zb+Ee;7B5kaJt3mN(q|-Wsf#nVse#fi&Ov`pi3G8;q}kr7DGv4KF+Rh^EpKUEZc$WG z=U(UD(asG+pa+Bw`|2y}KhWhTU4a(wsmf}A^v-Y=)F|$C1cT{m(-p+JfcYk_T#Hyt zb%7qXuUZ)>A1&L*jc^WdR7ShK**@GgTax(hrYAhT^ejMKQ<-+|)9}M+sfA+&wnBm7 zyA2_+alg3}D5do*=nY}4{BhT(d4iz`j+g5(cUrbLyDtX&*AT;8l1UJ|jtBjeh!`__ zB#$*fw=v*vw#Kp1n`GA(j^8q9ZMQm;vXWFKo_~rAF!WN<K%+dssA&79{hJeDOHH zDAVFnA(u@+a#ghZupYcJ(~puOi7IE~s7){HSW^pYAeX9RJdEAH9Gj-@s zV>FB0MK{P=dZM};YpGWxD-yE+1!?i@L<~v^ct?>f9Tb$y1H`AX)6XWkUUNmshBu1p z4IB(xoPp)jhCbLsw(_&t;gFB<#`q3gNrj_}33!?bQHH&^?bNi|c4pZe%&jT_R?vJQ zmBz0T0ybARJtWy4>?xA5{q=>95o_(0cvd8E$6E#+x*z^imj+Oq*6bN3T^z2)iPgZn z+>10E6MAy1x?Q!II|&@b4VEdQ<5FV`wFop_RzxN6Wmw#jXS6nHv?aK)_!#yFXs~Vb zpd={8#FP^ZeR;bv6ff+nv9YITf6GjKJFCsGx=;Q#w)}*+bXE}(FBY+MB3$E?4z+>0 z?Fm_<>00)$+W}wKE37I=eDV7v>9hWSCv$cJglb^xt^P_b`2X|euer_!NzjD4`pC5psi3k=r$ro|(el^rzx z@9y{B>)#^#;nKf6jASKru0@^DwtBrB@z<5Ec*s~DMi7QOdo47iIZm!%-su{`V}bB4 z6@B4!dQyzRp>%nkX8;;){`mV*F^tc(Erg`iuFi^XZOpT1V-vnp@}hWe-r`UbFYo~y z#py#FFUqe3i6P=+3|0hnhIv0z(;WG+b>;KlLw>3wTgw+-E{=hFT*@B?lmluU_tUN} zA$Qp03a-tZHuj>%CWyjM>=RA11NHV4ZZj|6qmgOoj=~%3%Z05pb5Ah-{93-B>J0QQ zcQBw-AN}^Y4XTNSosaGYCFF7O7x3!FiRS6(@OVi%c|!|m$fS`-PKwMjL(*AM08<=#*f^UYD?mU zAK-`grz3={>9%xneD|S?G)-G<0x=8PH66GlE{!gBp`}aKF3T-eX1SkhC7Apt(@`_@ z2&H5uG67Gt`_RsW$0BWW{xhfczLFQ~=VUi3KsEQ*P5VnY-0L6>S+5)WAqa;O(|`z= znq=VoC#&=WXZZsltI01e{_kdo0T?o+H(4#K63SNXm@CVL=Iy|>%W`_WW9kVn6x^TD zLJc^Lcz(G?H$I!5q9|4J`%!ELkOS}CW8|Q8%7*EVmmm)(*okbX##!wv8!2x35 z@~Hi}s>_4m}MHZxU)mmP^Ffk^z`Mu|B8! zmhEdEmyrgFi}G!iXa!f$_tL@dzzG(}EzU*t*2mrlNK5rat_b~nX_oQ^{{O?+TLs0n zMcuyy5(w_@?(Q1g-JRg>?(Po3J-BP*jW%uxG>t>BB)Ger+vj}Wt@_`(_u)Qtb@j{c z>R!9n+H=k^e#6f%bFmt1;}_?zx8Rt+7-g}jh$en!A;NfjRnB&gbYR+#wC3A=EF*cE zM0hbE9;tXWqR;Q^?r9(!mbl>qdq?%)=djX)-%ZLOKI3!sVT=b;_Q^KRjL4KG_~xs` zN7JMXsf5~g7ry4Wq06=jcGHDKaGqk$(C4FfRMMZJxY4nVY$Z{C$v;pplt8KvlBmN^ zx*ij8SHJPevqWUM3mr4jDdp4?PN*g^wwln!+v7jrcb{~Hd^+Gvg~3#Y0^3-Dsx752G1Yx{4W+kSklQ$gwBgg478jYerk*>HK!@#^%@>cn zh^=tkFL{g1tC_}Ua@BQkx;>j2E!NHX;&81pYD%C$Jv+&|^nggi2t|8vAL3q@|lD~qQkM^%mR+FejxFEoPV4@wUw0%>k zMs4t~0OnW+&H?%ygq?e{=od9u-fi-`9=Zq*3F+OoQO%Br9Wd>nSIc4Plz*e=|RaXFGIY}zrK zA?K%)1qP%BynPXh)|4NWo;NTU5{5RhL#U`H>r-q-E#(x(qiIq+Cg@wt9laaPR;M`R zAA@w;iZud$wD_f>!i11Z%-VY=)2JaU>*F|{ooT+AMj}xC7G#?PzMdSR>WxWS7SrwC zoV)J2Ocud^8<0z~abB4o8Ayv@EJvlOr^14ui8McfpZ#g$4fPcfP`weh%j^&1;M~34 zR?i&I)Zk{Yr)bK)Q6GN&u$`AR+Qjq$;gxDYc+Xtl5E;fSaM#J%um<@%PYvhfs?*TY zaQ>ewQ8=@6NE>cGhfRWrekUjq3RpqR4V3mpc$I4-RaC%ch{s79*Mr?+)@t4dnP<>} zY-e3q9eo^rvBfRQLNDVR-sr?~l;^d|Z`x63NM$D7dQ)uNpDcr@!o*-PY#ub2R|ya4!uAESy8L$an6u=4Ya+WrEHEz}>lP{bB#nJ!f8qoA$V zs)_a@P;6WP38n?JuUyxnkKsB^fZy3oLD0!nvV12He5OQ@bQrPaJQ&THs6}*4n)06Ca%t$Bjz_#p{qmL6n@)MgW)IK;#4j&L`6?R-#tJaj%~c{x zrZNCUNj{P9IVf~rPBv`dreW=5IoyR}qG27)le}c6Drv8q)7aBv8r!UH>Vut1kgO)J zl;^g{@NjEfn9M2M$X;AJ$`W|vM3RUGgczy4?UfS~cP7R=uEbARj9rBHFIu40lYWjw zROwATnlgIj^SeoWO0&x4!OaA9BKjnx)zVu2P)@&%k1VU_jl-K~`h zi`DRb3bFZIplLZ+sW;xkwa9_f1V$m`T3(6oUGMa#c~dxr{x`*BiW_KCP<+FFKQvCw z92{aXkZws;Kl#@`f9Tw&X4fZ1fpW>Bho2IfC}-!Vd8FxgXyGPOzX&F&z&uvEjZqFa z`=Xd{qBrV(KO%44<9RGBmg-&1FkZN>TnzFwy`zbd!EB%8y4=K6BkIg*%Ko~DqVI3| z-K2-W}TziV{-*4n@D56o4%HnKMq1G zVOkVn{LYH>NyLDYN$xkJcs{`vy-$df>^oJp-=3u*Tpj;=~aT-9VMJAJ9dt%7zL`|?!$keB^E{^m*(k`Jsc|G?n$I#Al` z&;GP%2r#{c)|sj&&cSkc2Xi~xp9Fj(h>P|uiSN0 z`fGhfC=<{`zxJrhIyy*)2%i1+ON(94Oo<+n+4k2 z1i_fQaSeqOZzxmaJ28>cfPN(UKyvBp4#DrrEVW?{u^?H zmojIe-STl`x zWgqNX{1tr-6ib$l;omnX%<7?M_P%X2R*swA)auW#Q2myIkIzw< z`?TIc^lhwQFT$$TJfs-+Hq6gb70v{yG43}2=qUH@|0T=8CEjm~)5&-HofoAZg_T-) zC`akc91u*+qCv?yT^F9cD*?36v(Ud;s>k@gaiP(1@=YQ}YF1M@wJHORjX#Cu^DXaf zOwR6JihxEQrxJ!-quj?-nAn(}6ht-`p+iG|ssuXwM63DmUa|sk=GU@!8ZXjMDa#c) z>II`+2aIQO;(meomT1cQn($`~AZ8N1GaXnS5- z1T>D#K=jeUi%RhJ=WTn#r?FhTOET?0D)(|#U}AN)Y%%=S%k?s_nFVk1%f+CYV&?Aq z44aw*r1QgB^L7juSqk6?uOwjQVL7e+X0{=FxEAUOP&rZH0O}1nLW9>?kdxQp(Egj z&{;?>zbZvl+G?lXrfJ7jRvg?%n>`M6#pSVYZwN=XxU+PFVwQ65c5fBz|5*5bf>Nbt-BNN9VRhSsPPq3Lm9R%rCt~bvH_x zh~FZbAWx%atKR)(f2x0A1m7cy-BFzBN!XNgS^)CnADJ%;P07Oqw%f7^)R5@i>atPI z0rnMHSbRcdm<-)p4*CKZ;|UNL*$-y(5&yt+fN#jJ(Mq^qnOMbgk5)7Wlvwm;pNSHj zb`5BJdNNp^{WM?s*NFGu^W(y*P7%0v#;c6A?DbL9kuNm<>QzveEH9WHJ!vHO^u2i2rm&)V6YB3)l-+INF6K~h zoQM=`gPBYJczLc^v3xuQkH+p3(a!lXlxaJ7{TB5f>*kg_xs{J9A2&pnpDIBl2cZ^Z z{O%RL{>aAsmx(R3?L5FWz@yD~ZWZG*{d)J|0(O&5Vb$5016mbStk9A^&JTj?&MY-yITT>dI(ALLoB0+{%?Um^-{IJ7bL@M#^N_8zn_f!W;)2Z5c z{X2f`QQWD{ez8iOU{qWT> zmZi&R^K4~jJ|8!<-lb0FZ*B=mr?BZQHS0710H~tCvL3HdL7XMN@_^I8MX64~3V#0K z#b>^lrnp(R(pCfapgnASY0_-*>1;Ou6B?B_a*Rk`gp>T_8i@PR?4}k;;l2Pcc42H! zL#NWy?^9Wlc$fIlz#L1HqqIW|^XW6;d1U2;qTPOo>@jOV22NVs!3DYyGx2qCojCQw zzW@eNM}fIiz+Xbc$J0*@pI9`-6oG8~Pb-Lry~TYl!3)V$+$LJqWI9o!ebybFz|>^3jamrQH(R_#AT9-*vdJ|UecsO) z@;byPFR~;?HhrlPe)lq2ZRhNv%a-P|=7)Ck(6Fu3x}v{cdu-n$!9(YFTq1q^0n;DE zZZT~snD$sc4Lww)ArH_nUJoWCQu)Y{eiltyEP(B7?)Y+4~j&YLtk7LUbO^j7=2WHHUpTqFk{ zId5=i;uCsrsd5tDw*SHo1=S;(QSMK(g$i+Tzzu!)frMF+4WsXom^z;@{#qR*|1sqG zF=+wsVLEDla~}l5;1GxQWIgvsCccNq(qGUBXbt;*Ybkf&QkwW9p0+Kez(usb=2$vP zF`%o6aQXB=|2h%#Oo3X-NA-M*QM%C$2m|xsx~3F4p>m-|>`MzY5K8jJ$Ksly^MF4G zNHF>*1+=~acC48|eHkCQU%x{-@k*B<4DCn`NS!WT7Zq6A$bLc-Ew8RO5a9Q6A~sr>!FY*?XH%J=AUT0$vuHFr z>N=k#TbX1#5j!}2$0Yg3{__MhoU+y0%C70NvYHm8A~p_MI~OViZXJ}07aS!-ud>BX}3R%jZ(pe`M&(KLHBUQ?t^=~pLP}FV=8)( zx%m@0QT(6fU)IXYl4gJO^jA|Iz#a2aEPCg@zQmB;YY#TOw5m4;R1r_B_9l5~UMf=x zDqndbGar4%=pQu}>^x~JTfeK$;pZl>&R>JzmMx`4y_{w$xMbi1Ew%f3nB`x^-uB%G_U;FMN zi#^kw-RaW3V?Q;)XTbP7-*$z;A>!yV&MfWJdNJ&9>(xyYK8D=1;h!IxY9BZC*IH;A z<9KQ0^a>}P<5UK`G)+_hFvg`Sv6X)nmpDRL6W!i~yc?~YY9z-pu8||tt}4>MaUi$_ zIoKh{I0FZ*nExA%S)+)%40M>xD+k%R-|Rl_LSi!5c;c+l4#UWqig#o8hVl+9H%R#LD#jYI` zF62>kqSKUtxM%Nm<}sRa;73jj$<`Grsa5Z%J%53GXY|~i6>8Q19?_}K$88H^G3ieb zmgb8X{(>ilq+4R~aNyCT_hGA5wN6e$jY8?C&TQpz@c#7_gVDA63$-7KI~3vBWx@ap ziurWV5O=s@>e&kQw7EL)2ja$q8>($@*beKYfE31SD1w?Jo>z+pLRoRy`cUhg-mqzt z3R8jX1vob0E04on<*>qU#eeVUwJFg;K#kXp1(9)(bdw5rG;6b!S4pOB=EeEQ-*z`7Q^Ol;d?nEBuu$Durhj%ZE;qH6P_Q$WN z$F#w!ZE#q-b}6%Bf!fU?DjZ*(eYW3&GegW4+Kkc{D9trM(x3Dur~~ZeW8q&`_`ABS zN^&kM?8WAql22u7bsB~}fvKii^7*RNhUSc1$X^f*ESnnWD2>s5-P;|`bS3J3s9%o-KLa1c zaCw+LgSF(*qid_g#VG@xk+p2t`U%jt&2HIq~@0UY+|zpe7?0GtQ^T#;(%egxx;f0tI>m_J^GBEIzgLDfE=G z5UshvXo79Q2H>map&gCg{6r~iH!Dhn+GxscmA(m_*OYU}D3b)Wtk|VVtv_)|UzZ_M zx-f>5xET>A4;KRLq5F0gO@xfic?8hjG6NB}pcm<`^jd%Gy zMd9B~xZ%XEp+^!4X^lUgAZ(Rt=?zq}KGzxnBl=s!Q_;1``TlyW*(Z<;xddecE|J)r zP$KNMX)Z^0dPcI_E={gYXGlIxgsk^*nJ zO>)M8rPp6EJTUt5RD{4PW6RxW1^PUa=B>`(gmNZ=zq-d?`xSe7RnQb@M>s&m5n%0Z z9O&R@mKvxIMvv!rG@PjH{mJnv9p*j$I|Xx!8Lbn)jCATi_bCy=8DTW3zAt^XQ>El! zk5;Un2;N`penk{8OC_!8;836-bvOEnF-jBVJ?3gm6TkKk%xB`2Pv70?cP9dndDI9+ zx$sJtBxt_gPB|OfL`abDO*pXOwvwuJo?>0OL-!AMer964iAv=eIwkz%-V!F8+$b5N zO;^Q_ZR0O@PZi6kZs@Eq#^wYXnSY zN0a>T-;nWh@<-W=vd<}pcJno+fXRFUq36gk_HZoTSrdGkPPU5CnQLSzKnaDcnO5}>O)Ruv!+dM>e zG)d%mMjF;j)7r?J?9uMj5pt?I$jZ?8RA$J`Vw9&TXI6pBx646))YMbd|K^FwGE0G57X+a&X6oFz_~m)rQZ*Sbt|J zcnaX0f}Zc~d(Nh6plWZ_U~+2SFnJH2Dvh{3)AyWOEAz=~PO0Ezdv7MLWOJnPH`F;t z0Mh>M!IBusmaH(+&)$hbYYF>xlkivGrlsn2T!O~uwK_`1kvSWngV(7*Ks-f9;N1>% z`gv=mRiGR__3^xXq++fqgobpX>@+5rbru;Z+~!>0h57GF$|~qU-gWCYFqk!RHBV0M zhN$S~H<54aU?mx~aqcSZ`X$yXM*u z3PADLO2880*I$=l)E#Qa#~)xd7v$O5)Zo!#79G7P+K-~(LA*TeFiw9)=-@muEw!1>X z66Iv|XGB41*uch~cU*=&tiBI}m11rGz^p3c0q;BUCjJ2*UIK-jE(I*e_xapQYS5y3HRvHhvQDV}`=73DmF2dwI<()R~+nKXSfg z4TPd-HEN@8uRr3s)6*1Z*EZJbq*D4d_xZ5*)Z!#2IaVD)>!nrsiq>q{zW>zzM73j0Aa+mNc1P|=x?*op`TYG6 z2TtOp0Uj}_zv?AMZ13x#d51EYD|LozM2cuhbR^dm{kYqL#Rv3Miv3n<1y&-7M#@bIb ztuhg^WFNy%$L;kG6-qlGw%+u+PDm~jKWDe5Z(1(PmhlVeDrO{Rk==j{?k%jh>~20J zKSLKhfrih7%L!FP{YIW1HTeOMYIRkWdyF|Wr_23Q9-Ad>y383kAahJOkF2E%@y$aqTd1@>OEBG z5g(nZSr)eL8o5X5krhBg;aw;@P^0y&Pzbs&NyX$Kzu`}+NvB@#RdS+dHWlG;93Q>k z=Y?HQ;L9Rr6?71`SCC?U217{#cZ;h~{x+W0`KSNgJa$UmWF5U*zUvT#uefA=t$>gq za-BFijH#St6QZZg7~~eR7uD0m$dZ{mGE%0?(a!42K27plz-VJBXk1@R!?Z+of+!`4>dh|?>giT*rl7b}PPd&np~kN7 zyZSZ9&Wl-V^1A0GLcq={YfZ_A)SSQiiA0*mvXUpEn9r2jc=SU$mC5^G_VC{D{GeFE z3k)G2M0Hqk>QD`bR=i4<3V3`ovmfI;wyw1J4K%X4*HjGw@2P04%!>FRos{B<*X4V- zH=Y0ErEN3|k%!P=KKU?OQ&YO1$k1pu2t}^x|J}k1@s{Qn zLSBtFuA2z*XxCo{$nHe!WTyRYg%f_wRp?hRhr$x*HXkq97&$Lx4^YQ(?Yo`5qm_(z zl;{?;Lt9e-3U!!Y%~!lAt=|Df%8~H*hpBcuaxeysE_22lqDg-_V+pHz)~$2t4y(@aX(r zRIiexz<%$NdAvKnMsY#&KS#z1;I>$eNd8;oyM z6|$>*-fjp+u!XAQP}n|9Z;#y3Jp9>}U%3N8+C;fwlkl`$Vdwc?>*bi}2xGb@(;;Q= zlO+!O{o7Ij5EH?laPX7wlq&VvWSm@X%L){z&B3+Z0p51f4FA9w(MD{d0jlyWk|8=h z>IaP%zZ|?Vn9>>hjBj+a_LaF~9uHJ{Qj3&s-C~QVX;jh&BwVi>KdM#F0hnjkihAPK zD@`Ot!Wfa`uWn957`@R6m6z(CA*rki%l1~87`}KnxReoO$TC!o*Yp%BU5(PZ;R1?o zA);GxH)H@5=c;{S5NTl#-e8tp@#bP5{8IuL6fs@TL4L$@Fp|NLN_duW@@0>YVvKQNv|RtR~5v5NG;-lZdlfjAsqNuN3M6e1qo?`xSl@#S4^Ux zgs5%mK=3!Uzp~|G6CLFv?g94sxC7>BNmn#7#+m+@i z*lYI}JQ_LdOH}XnD%QqXcpyAMDlUH|$jh9ORHho~|8VBPT)5No*}JK|I;_|o#ry67 zJt+4^r?>KxwOgC4Iy-~ZrVZAM>j|Mnq0?9!{OFUVM-^RA!@&ys1(Ec^{JpF zV9`i1k~Ywj%;ZGl{pm}jZV8AxntGNrSqQxs6axBB<+e6#pf9U39l6pbL9gf}p=YT)h1>EbK!Z%^rmN!Kp+^OJ$ zQ!;0;2)r)w6qN9`m@P;VqZu(d&kvi;hNBi~6&-VI53nRz&5-HbX_S}7xIDnKJ9V%5 znZc{y9Hz0@mcaljW-Iq8tM=Rf3LK}-bNtog=Wn*Mo&mki*P@YMXVR<4Pg?L1j8Y+- z^7q=iiBvUf_TI=O?uw1s@n`q;)ktj8D zS%rRJ&jlfIs!l%BFh8WnH8kY(*Ut4cITE+%5PFK^ZEvmy3|TsIgSZp@iRy5YDtK|! zGo_SbI4YMm3>St>@KO^Zl|0Mj8!Dx@%&?n!`AGUf0@aBlpbv7>gyS}bls(ll@Vmks z<-?(78=o-Xn7uZtgE`4X&%5d??hQd(mn4(KaQyd7PfU^yD|vGr#z;9AO(ub9*?8Q` z&q8Kxtit7_4ZGkP_#|(a>rHN6f=wd|=cY@g?hvCcE?hDTUA^+Uz zvi`5c&6a!d0U??bsC6>60;2hk=(fLIgw^Kl7-+MtLXp0&03BvYlzp_ zcf61_>t$y7hOVW1`dP$bt3ht7AzWQl#qiflNJ0sSeVu)e{h34!dA+T-MwHF&mf()A zz|9?h{aXo8SG4XO%8x@ELP*9HBQKqxV10RUPBRN&2oe^E&XQ|(j)VzzBw`9;FoQ;5 zJN(ymn9>Mb9yND@ETe=*JDwuBLVA!7Ph=;RTAq-?!UIE&E!d;ylrpfpJm<^zO!UYi zN5W#cf*rkfS8s1>*`fZRKblVC_v6{zXiA|>)}~=gypt`LCx$-TFLx*M)N9E4FW@>) zfmF;@anXRKY~vUcCcR`9$RVi%>}X+%gLa^Kj-uP}Le@$pZ<`XkS8}~-@h9I>3FnRP z3ArG_Cgy5^M01TR1mOtA>BsB$;Is`$h9K3H2=R19vVUu4s6+3THtYIb(Rl-3P0&@T z{Oav#A})O+X+D(gA=HjcWJFdKmeUv9#2AS{_ksmv{X*afT<}! zV-WO7a%1ypi8s0b1!t!gAk8+xP6@y$uUP&ECPZ7PaSmf;{KZ-FPt{Jl&VTD^Oss1F zO+M4(ziC`8S!f^F5o)pcg3RxT%|yufrp`Bd8ubOe zI0Nf`t+!3?EVPZqligX2Z{G^0Y%vWdn^A`b0O!W6(}9M6+R>4>8wkQL^o&v+L?!|N z_x1TYm!@-hv44!XgN|Q{=cd*h^h@Tu_?xbtmWL@;w18%GKo^C2Eax@nGhHZDKrZ(J z(j0u^q2dDiU-js!YFPr4ivqscd_L_$j%8W}7MtP+3z1WHb(&d1ziH>V4X8}jQX+Z* z2DZoa#jC*`Z};{en9Jbw{$>VSEHWc~3wA>M568-@`IECluug~ zMor0eMeQZ8h!}3;HtT0MoHZ1&>_9mLih|K~1o~;DBM^=LCxWf$vj=+vGPTZjMnJO* zKv+H_8!d+-)ijF%m5CqqifW5f)WN=*btDQ_@{Z=VksW!DMgiPO;pum#p{i>w8)QI` zG~i7H%0S?hbICqZ!$;QwNz*6j9Zz*Bsz|6P_rQ7LHj)ooBBtm5x<7I`YE%`GN!-nU z*o0*6=8Lx-c1Egj9cvr9+@6SI6uOu(5EXomdqt`=gGAx^US zm_LRk!>4o$XvM9YT7ajSGrBVCQ=MZ*ygpQNlCuEod-r_ltu+4;U7h<7zz#4j0pOp0 zX|Me6wl%!#sVEk2H(^p}blL>e?}?GT>Jr$Nuq&BvrB|apvP3rT z<28yLciQQ|+>Li%+D}J(_Ok7EysH%QGhuP@2pY_Sh6D=sIGR-|aUETOXLI{(JKyAS ziH^O_s6pNJEV-KjX9{T5s@9mTR_*&ML*RWq%yilidS=V`?-Qy5Dj4zQGeZH3$s%mo zCz%H-GJJwxhZ`mQOt7RcLYSO+F7q%tE%8B-n!_xz@&~PJtrQ7+byj^z3YWs#KV?4c zW(k)2hkX%R`aWK%3!fsb2W(Q?zNuUs{UEJ3e|WA!yGv!I-V?jws%US$*hLz1pfD3E zY?!Sbp(>QpZ>n|9x=K62Y4Q2yqhTe-$gox1giRnceK^ZLf}$T~A{3Yt9V}ZcZ4uCs z({+9-q)PVoG3PH3>R86fQMIxoW|;ROFH)%6-IOkpuOyc1K}K(K0Th|< zSEcy6cMm-B#*me)?bdZ%{*_#AMzy9#AgQUlHSY@_>83dM71_46rAu+iZiX_=l~OBs z;P2b-Vl))1cC&aF^VN>j9G}YF!S&FyCagjq0Ht`1_8nZy|B{|pZRGRPh_U#)tfDWb z`F0>+SEiyK`C4kW&ZMwyz);`iOOM%w;T?%NWDyH535(mAz_A%9iJQ=$G;#n1WtdQ# zz4BfO`I8RwRV4Rv0(=jiAazgHxKMKul2zCP4&Kb{quv;3Gk1Fql1lj2+QeYXNAFy(ki6X-%fQuO$L8LhMl_+@QihyV(8V0=tUWb0!P_~LGl;rsjwq3Ipm7)>E#*1gLm6O)R{ zyb^;_VC34p)Xad;lX`~0z34^@VW9sK7u~dz5(n{ z`59@sN6UuU)zonRZ~?UM_Ahtvv5`8OPjlsVJ!xE!kcgu{G5A7bqHam}z@P!|@j~;u zcOqxG{tke$i&5AYIa2ly48K)Fdf{VgSAKqalBPhq?rP#Wg5obr--*&wD^UW&Dy~{R z#!>uR+=|3#s@ym>`3-X|W(m&z2ANC<0E>wPlt*6!uz!5EO_#>&#BXh6&^MtXG&UmE z`kRi1O3}V?{s<{`WyizrHp5iU<+;Ee_>lz|tB<-=3rgL*tDSw8%ee3s5k7Mu!-WnW zYLp6K-3Pk?a9bJlZ+oTka@2#M?uWl(W>B$LNqm9~nECUN^V~vCbiGo&P%c!P`I&V< zA4=l$Bn*;p3f(2mFJeid-Y*?XRf-JI&G18C9+X89uIiW*M#IsBAJhJDjoZ|JIY>6b zksJyPooR)hOmvIZqh@0vCDaO^iL_{3K=E_Up_qp6H0kc-Q3xof&WB3)xF3Sik*R!8 zLt+L}^oq!%ssDrz@Yn9z?`0i&gQ(5SgO3!uzfwUvWF0O9RQ=Vs8CfgzeV-QIdG!zO4q-R~hB2Zf|-UGGT3x^zeOCCs;4iH z)Hv@%)h?fOtN4l;4Q-9x9B;20UF!GD$L-MIST6u}FjK4#yNE&WOF+c^N9hUtC|%+4_q;uF zT>1Gt7@xosk88}WA0f(w9io%T6%2oS@t9k(n*U!8ns~q8W}>Uf>VVEx;^F`MZ8VLx zIXIdnaarXAD!ToDC~*J(f9OtieD-m7&AjV_g4v0$5hLQ`-M`6U30sMP ziP*+ZRi>cnY?z>Qcgz3JYE7h}$EdVc5Jq5A8%f&}RwX#0>P^PDmOM*zPe)w{{I%5S zIp4}W9a!7r;pl`4Q*Y@!RB9mRMKF%p45+CCReXTFKv=P&;e0AB!rR2ew5LUw#u_zt zpvlBdD)FKWZNRgm)hF*RR?gj6$0g&>5qFj9Lot8tm?jCE9W|_jT2G7@=3KIC!YK8d z=eq)lpG-^mknqQ|WWIgu;q`XYj*zIb1VkSns!f--ojt@J%KHV$1&DM%t0Pov$x(J0 zX->td1`=yLXCeO@DRBOAKP~^aPfzqrnxW-XlEmx!LY**avKzNRKqF9h5v>y^lEa0K z??i@=I3I-sL#3v7K=-z02lr#iht*k-lMtrLJj|`(1bbiB5$)>E(2o}6mI}%Vsom|W z!H}1b+5dV$t3M~vSPvy~Sc2`XTE}GSuCBNSlMM>fB@i$^>?-6sRxA1aOuwFf$2nSv z^m|;qJmBG>>g-rqu+<7F+txufz_?wpcn zzL%bA7SUA8SYR$R0Ng&=rpIihRr@d_xyGbI6G6gQ^djp>VgOXKrNKcu#GuH11!QRD z3#yaw74&~pPrlx$>?3<;cJLNNeoWAs``Vo^t=tpzm!BihXfex(C8zrI=YPjhxVHDz zWz$zVAVGJ8nC1#EU1I?WISDIJE-g(Mxy1@lOV2T7Gq6h9sHr?6{;Bm~_1())L*(Bv zY&SIC=^vOVw!0zBFW4Z<#e6}`=-jZ?RbKdPLJYF#?3L>DpZgM+-WGkleaJE&QxG)k z14abaHl}3e-17OcLWo@@XybpTiqANZ*cJaf!&QDobT_RgjYcl7u;N@G?feMN#H2vp z5^xF?dafyghOKrrVU7P*8-c&G$IRR`jHt_|FU3Jg@1&KOA&q`zPBKrEdu-ikQz%bP zC>`{=aoyG8(A$%p?icapZ^BG|EQ#5GaE)JeWg`112|DQthgd!8;eJhp3IakbLP7*h zd~-8B;(_~B)0mQ&zpnF&zK)Sd4g?$J6E;t}|MOky{*>uBw=A7y%u*Cdw-$Z6euZ+W z7Bl1H?*w4;szXnw*1rxmSXQn2W@J@)RU$kZP;VydbTTwDP)+h|2u}1pGB#kIe)7@R%>Z+$@=YD$zM>QF~*E;U9bcA!Xyc`cbD~KgKb&=Rcs>ZW?U@%>&2!nmLZk_;D2BqxFN06QC%qd zff;J^9hnqtt>uX5yT3&p;P6~WZJ|W%Bf~i%PhqAkH8BS}o(F8Y@7D}`e4RV7$N7vdy_p{{t$YXH*$qPzr^W6`)ZkoC zRP$#eJARE5H%ocGGG@lDMrk-gZ(Kc6#7C*Bwu0*ov=SkR{gSWWIP;%b#>La*D_wKw zSj;hl`t7^C929FOJKcTjpbW>sX)PXx{JCnZ`!zm zPtw=YyWhCYng--NsDJjA0y~;Z)%zhdFHh^G@wXYHiJV&0oA)whzzeX92=OoG9)9nRT=RgTM)vP?d(OIK{@eM=Z^oAI5bicd$gr(y~Ka;(&SG19V z?711w2)57(Lz_f?%s-&kqYFbuo^|^w%+eP@Cpf=NL%{f#x@qrKvZAv(Dw8hY!)^6c z1$4e%*J$ycb?fLrz5A)CP1kXMsnMPHyDH{4D}}XsJ*Fc%zXMqkRsQ9Tq1#&L8VPg^ zQ|5EEl7F!|l?a#lWOWtq$3eFK{{G<>8`=sLMHN!pN}CMtCdn6uVA7NF5WRn3Y8s`> z>*ff%N(^HJNK86Xhxo5(Hf{j+`(Uf~c!C<^(?^+!-(bCTabFi9G}zu3~JKB78EOda|)go(!QxS`rH6M~8R!yWoPnAMFDeQs$?eELefTY0)GX~6d5m8!_O^25*MQNk zC?!XYd!e_>5u9SnF{n9N^`}s$jfz2Z@+WmAvM?XUYgwaNB(rJcs>9x(qO^b+(Qx0o|1vXk}%u&0R(w3qJr} zzsO@%z#pA#6xz%=n%!&v*FhbntJ~EI8h(RZRmrd5n)I!iK^j!4V;;net2**UIXg2n zIb1;jSiuf%-x(e)(+4OxL){HM);*bL@Z^din~*34IAI4L%c90P2Y(aGtnMmabdDr_ zKQJO(jPkeBm9EOai->3p`c^^F)_8dz4c4p`JQ215X<=>&c-A}P%ioteP>i&QvV&eK zp0qvYKIEuf+k{Zf3^krEiuKgu=)NGgRT74ACHLDR(VfM1nFO|)%}Uyu$ex~ zV5CP^?b0OVW1r8VEkdyhIO}Ot&7%DJa}+|&5Zp=Mc-HU5PQ;oLObA`@Qu47WS5Ht#GdbMJDpWJ@J*V}!dJ_EHc&%_^CWd8TDUo%pxkMKk_^$p>Hu|Lr)PxmbDv2gyH1>^uHk`eph2d#(+5 zY_J3>{QGRGb2Xo}1CSs} z4Et`@I?9H_y^vn5ZG2^Q8CpOwR>Q~d(;CCeC-5t}&Vh!)QO1XLP(;7Z zog{=|#}hv%YDY$sBvP~^08zZIq+ExC-)&pJ`jtC<%6gbY$_~O$zH3kYcErHvDs)o{0IoDr;Dd0kFMj{t#BV_sTsf}>Tv%<@WE<_87cGF zLN4dbO5J6dtQ=>WXDHBcnMux3vAc6Cg(e;6aL@4tWOiH*1FnLmFa`N7ZXChtgdBMT zQ0|^e`9a;y7nq@SmDUsyTMp-l$=}Mu59~Nzs`gS^o!V@Rx4q2eslo}{oY-d_%xa=U zrjk-V^l5YN=VMUVb<$2EV)UEF=Gec3IA&iwVr00q|Px&fbW&@^DCqF`Wn*ZlM+6sqbfAVN; zKxQT-y#TO3G{MdHcD=983DmrNPt4HSWp?Ls^g8|a zriGiF!Xkfp%p|KPtv|Nf+5k5Wo$romqWcFk@oR+86!MVKEXlV^F-X}CJ=lq~59LvK zX>POtSlZN3{FBo43(^f^pQ{)N1u|Sj?GNUtl7;$it7ERNCqOf7ngd?R`SKaa_4JA` z$eEhKPHb1f-x;?Y&&+2hK>F94iKf}>xwxxq8u2~VwsyPe^uu`z)ru-~RRjlfVaEaF zn8pN+`zximaG#>(zJNyaJcLRpyA;7n zcgoscGzWdjCwo4lBBIGSHp%Yd=b+QDr$v(V|BJG>ev7JazrSguB&1tP8tLxt?oR2U zrBk}QM3AnbhaN#%Qff#C8A`f4u4nZAeE)#wXE>NSnAv-u?{%)VUbDlCOJ5rZqm@DT z>IbjZ%}wOd_blO=m)n8|X=>`-VC3}2z8kh^yx*HhqJpNadfpNRlYTD32ROC3v8mWC z-)=9S%l^f&nm>J@>@FsEqUrtREL`rYFZj*u_#$Ll^ z7$|a6zVfR-W188+b;hsql!ve)5Kh5|(sUGOwymj?>%ny@K1(4I#g)GRkaE2xMY_Iq zBkp%$RJ8;#cl~i8{T1dKmBQATp%tY)xVF0Nz{m-FH6Yx9`fdUBp?{x=Y1BDg|A+kS z89oroUlFg#7qD|*kYZ|yhU1(MTVmp|Jh&rvd%^(83YaBUy;AS>_XBd9OU1_CRMYQ< zJRR!dFPu#rBvq>vnv^Ust}=U&oWFI-{{T~@k(5&DQ!tz{p26tSRJ2wV0dk?^^?)eLrFZE%Cx-82zt!s^-q-$C zV)6dt>eVcjCA9@>XN$2btGQWV(YCP1_~*ta7OQ|xP0A$LfrcUSgFz`-aST%`9t52H zy{7FUpQ|d!8xe;4;$mRuNi*b5S}FbUqI%&V!=vLwF^=dtH-50`^cu+Zxbq@jP*3QY zbaH;WfbR?&t=js4#KvsJZC}0Vg_W4okuM13da|6jN%}iu0DgLBR7=Bq)CcJXZfH*x z-pBl2zJM30x2DFsT=UU0yQ{~tKs!ImyLz=+WJef`rPXqIJNL0Z@DF?1*@2FmE0P17 zK_5%+7bdABs`?C8riCfpUD@KHs+Nr4>Z3PLOGKG%ew|c~Y+v4ZaTo}U)b)lYj26tMTB-bLtkQey;smFwb zw&gywkchQ5^61DFRfN3>4^AGxcTrbCt%HsH5P}7}z&z=d5SsH%Fmn0)5@z;M6jb^j0&m!aW;)VYqUHJm=eyryWRo8zEh>!3OkGHgNsJNE`HOmRch>{$e2 z_3(8SK&a3K^-0vX1glzDFcs+RR{Q%Ipo;tUuX(*%QZ#7IImLhkbA52q|K~h6iZjy$ z*UOj>e5O-*P#~LI_0KvR5#@Yp2U5H`DaOP(?(m8lv`;&DHNBRiEx-ONZynN22sKEu z5$hNI$wQCI{bN5=*F>EUzeVw!^=NvDVQH?b#v;mdtJtB?q~EpzMg88rZ!YGmT|PsG z158XiMj{FrLND=!7yqHoE{8SP@2oKnflB)4If;AY-l_8g+ZO6Y`r{yYZV4!Rh|Z%@ z$|K)h&%25lr4b6ULFnrilS`52L4RH>`(E|x@FV^J zsS==56cUJHKcll5Bf54{161sMAtbPD&GOiod*T23AmY&h`ykl$NAh$Uqzj7GZ#z?}7XrC@dI;vP_YU7f=H(O7>OchJ^kBTkw7&SlxvEe$A9@G3ze zkx7_;f&j$nZ14~bdQSa->l(@%>k=|2NOTn(sNd`LT*YxI?2fym5t@3w$U{*27%~e7 zR(UC>DW>A^uyTNF(UHu~cLUx~-X5AnN;ik}@E0gsICZ`k)I&r>9w?m~WaxH!FL`v5 z5tzABn<0vhOI7eoWd49idLbBdtS98SA>>f8);6VlZ^~`_E=2r0+FT^{=np{UNdCVeBNmfK!x5-z;^UqZCN4P+2F$dCEJI@oAg(!DMQ`j&VIJmh%oznzD?hmyn#Hl;vo4k3F zBFB8t>GwgEw@DL8rA759OI`{(Ret-Y^7_V0+XC6>nwXGxp14D`y559@ek{WB17pbN z>M6S*MTOc39cj)QjL7_g?UtEO9Io8^ePd$o!9F$V~#-4M0m)clfp zg*mQG9Or34Pjeu2slISTCTLmeia0(?Sq zy*c}tmMu?);EPlL`&p%3xLZ8@m*ZK5|LGDj=rDoN<3EH%jzbo^0E(&PeeE4T{XZD{ z%Y+AvZ~c&YK^}4!a8}oAQ$M0HSYQIYoy-2D@Tz_%y{LB?`pJ#0<#mFo^>Q^o0Sr8w zznTyuAg)+MX_T1gW;}9~Bqm+Io&75|-kH*=JmVLS%Mw-sygV~!@%x*J!6#uiGrlkK zrqJ)z-KKQqmgD~+{11r{`YZQu7y19S^x29Q!kg!Ro7#7R<-Oc*8`Mq@mzPP#uukVP z1zh@6wGCZNoo$v{QZb2{hAacgd>ZKNA?u5_Uo8Aq6S+IG9qs`?IVgPUm@AY~BkI<2 zZiv#&dnhx1x+y4fG`BB0%F+Z5QahtGn)GlkrkmH0zgHigGMC3A@q}dK5vV}x4F|52 z&JI^dyIQpZQ~^IR1=h7pSUJ(7S!@Cd7IydG2u?)`-4|L;QBQtnGm~4Aqw)2n{e46I z)fBdQpl!+(q6H|jhB~IjezgT2CgMsv>WEFYN(keXB08K)#BUPdr(nGAJ!JE?tf~;7 zs_%Ht|KB7CbHEDu&TsQOl3iVKl3Uvaa!H?fMdVJvRZaBCYxITVVZp9DNhC_a=Afr2 zS%`qiZwG*Bu;Ya;m|j6z?)xF#ym7+$BP=r7&*Yb9izyJ*7{$LM{;bk|Up+^#eZ{9* zIMW5X(4gKdKtET3Fl;02wz>=|WX(1|nt?eJO;V!mwz}u*E)P0f9607<+pXDD1 ziCdn76C4*cX(EYf0E0;YRZI02C$4FMt5V;`9iy`{>Joz^4lC*F>iY#A8nBvS#UIO2 zXOugt14aYV#KL(rYb$ov6>P4sUm7on&MT(w{YJ}L56e?CMU3UL32TiXaQSt!Z_ANm zeV_EJcS$7lmL%AoTx@WKEAm8EVIayuFAlRx+RhiB^KHV+kb{NtLQL1={m^Wpao5K! z9qfgS+trNel8O@?k4t@F%dnMyORXOElFViLB=b~hsTq8!kRWm^LIpA7{%1CkY=LiA z8D9?9ai035m`RwLbFq7)q5!#n+A%fg_I~PRFz+Op_enRI!n$arAEYD`Vh;C~8HRqV zM;z-(`!V$!@MLrR+3bt`WAdooe5lFum3tH_p%)GLKD@NxXLF!;Pd!JEoMo2Lk9gUD zV#WJF_02~+Awv=iN%EuPl+u`4kRQ7e=d>#`yl?iy|3bA+{P=aXS2TeyS?dzi$UU*D zeoo)l2@~%y9~9nJ#iM0NguJ6(Im8Fwa?$2IHTYiUr*9+U}U z^!XU%Sdg>X9jE{sT?`WC&t^q5$#ZRbN4ZQQhVaIYd22qH9&wn&r5PK@pvsOXe?-o+ z9Lc5@IzA^}aSH{I-|1fMMz z-9zxgbe~w6eKxSpiG|C5^c2ggq*uRDWX28~fWj+al<*ZpN;vbGZwY1NqWkHif6-5B zxgY~X!fRRguw7*mvC=J-okj`>jil{ZdlKKDSBF;Of;?|*#|-jU+Daz;LfP#b!Sw>G z-_i=0A$CcP=-hB$nvPPcxMMSV4N-zVp)LY{ssi z2cRIP>0Aqvk5dW(iX`lBc_WLCJC;YOhr{3Mw8tI}#L5 z!ahN&^xsFQIdY>4quqd`ous&xAfe3hDltu+6_U7BX6hr{YZpKf4;Y!#&vm9NpB9Nc zIf4y`b=5WCv894slfsjk`R7LdiGT;a;$6wse~XLIa5#tPlB9yClM!c>mWX@i_}jdD z4>X5hJwX-mP)2CoIH*HQB$*hPX%5KsB%$JkT{PXQ)K%}3+}_TS7T)%kX`L+oF&h|UlI_ELR= zO=D7)2xa|Ra(2YTIN@WVA8WsHc=DV z$VS@OkwLQ>6Cly{yuYsJ(Y20aM6?p$*AYe-?Dj-y1QCmC9_{>FO6K)OxOHI*bihj~ zc2Y)j)*xm=8!pBW*w+Z3RbK=A<~EzhWk|b{LyzoR_BVdmZO@ z1#$#$TV+7-ktm#jMenh?Ti0=yyxlsw}=P?;V?;My@OU zcY^atpNoU?uAyHI^K*=&f4({?edcr#_C=+LnIjr_M7C8YhM%Eu^XRT3*6>3+cQh-0 z$np&XTwa5cyi}$_21irvVHq}eJH28>B9={UGlT7Ay~KMxCK2qA7z7LtFks$!ew1)U zQDnO@HP^iNrb55KG~}tY*>XeqyWhm8SV{p=-@_H+D(xEP76JsluGLH}>dkVy{T;xe zNdspY;e3;hj5|QB82>u>_50w^Q;;;P+6;Eb1{S`1kDdzYd&jiMH&j5AEOia9{afqk z=tk!R^hIm2#4kdwsEtcA&8v)wHCEaPj(K9-qU zU8w_&#WF`i59J|WGnF#L;!xvH`Fqu^ihsd&5W_<1HglAB_pr$UJ%3o4KPxeO!fXHI z4$$^=fXL03sLHMJ_eGWTKB z!HQKj&J-}tH?OJg4PD$;&LF~`-hDf|_3`h}?4&!i^n8J0wn^XXwSR+F}l)OkPG}ALLRo46N26nfGwU@mUSXeN}GQ)%}mCG#y?0&n-=3E+CkkLNXvSnq~BA|q}; zYJdnP1R9v)Js!$hF~3m5J7TH#=HR@k_-s|V1MU8cns=ZUx7alJ8MtlSyb*qibXKy> z2uS#m7x3-01gLh-(Ca3XCVc{YfE3W;z;tkTmulpiJh3>^c3d@!?TU9xN+Ld>Z#ygV zJapj!!RoRjb|chz&nF}Q58%+mn(|G8X!6x<8D1K^(POuKvDG$eE4ril0)}Sohn)jr z*kxf~T0;iaDi_8fw2KweOs8VL`!HZ82L{pLh7Be46-X6w{F!O(Y8cX3ltta>1LrGvR^6xv<)AtD4t_YsxQ; zE31EPMm^L@jrqhB$C_M%+#vPLLGxpp-+MVC`dHSoFdtZWg**&h9%rk``Pd2MIsR~I zFv^r?$UoJRg#Pi+oUZ>B%Jv_^NX-JO@m0fe_2ZAQElZkE-|+oD(f<%0Dof*-#nf2= zcY*&Q&^gxn@+KO5o$t1@kq84V{xt=J7TxifK7sO*&o4m)K9YF2GO}T;P7XQ^(3~UY zzgCJM8M++XpO~(CpXH}|MP*8JY=1Ko3-d?*UqQgH2tBhekqx~moZ>yW|2{#Ix+3=e zu(Y2qQ=HGjudfI3l#Ah=1uy%O4>&{~@IM&leE7GRptm>&F(%=cN{H*Wf{~xuK=mDZcEaeugzXd&R+nTfO?*H z)%SN9rlC`skAshf|3ruV6wXAoBSKC^w&VK+?k3`RPvToJi4+E_VVL%6hBAtol!AJn zB$$*wl3BZuY2>kZriJOZ%*7D5F)77rVzdEvg|X>Z!kspcmX2S-UXK7BrSp*qIxE}9 z&XnSTwxe{JC=KN#gkYD*v{6jrA5DGS74yB??G*Hd+igPKMvQ5kbPDjsgk(8vZl#~a zbq-)iu`c!7)!Vh17H_^9s{VF`g)@nEyaskR+G^hqrX&P!t*@iP0^#3#Czfa$zQnlB zD9a6a=FA8vTZX2yI~2P3KhG8(51f(9M&94jd_DyI>@3Y)Z=am3HWzjN>LtwY=0&0H zW;1O}!%-eriXE#OVYsXBLtP#HSq=W7YQhk(i$x^M!cW3VD& zrW{efebCY1+!wwA0kg5Dce&6~1jSydUl_uH^Urn)N=xtJsO^bpAOqxj<9r-Fe$WV!BZ^}SwRI0^%unHch(`%QbNnh zNZI{0yU=S&_4g@C`N;`iTvkCM0d||`dd9#YquIIMWorSII|2%qFxJIJeCw=w8(}Ig z7v@eNeR-uW!OFBi7g+3Unt?#r#YWm>eyk;eLHiSTw&*gX$}Dqxo*t2y>32s_2n~z7 zk*(IF&*AdL6i<2GjqzK0XuR>=?K(K_MY3J~-^G~1$?l3fY1wR`>J9JibT*gaS{xFN zZxATfX{u|NbV-rZt?!RV-0d^Hc~!n3UvzZS_wL(5t+^%RYs`D<ejtq?`vs00f8EB`h%Zceell3bQ+_G;oj6g;Yy}=#hB7V zim&q{znRz3wfO-|j1osPu@Y=EK3n4S?iYOn!s|0p^qU7=E|FO86)%r+)FVeYmA?|; z2{7%IASKi%(mtuqUtzvQi00@k>9f|i*Q(3p^+8I)s7d$_!ROTBd86d)pG@AO3^97C zH_r^Z2EDQ}?Kp$itX5Ytn80({;&Cfwc3f70K{rL}BX7^1H!99m*@G8Q*Zp?!i~w$9y8x@ z+}Qz}MqJX=Ic^hmJpu zjNRf?-hVvUt$b)Ai)EuW1MZtJ$&$7wpuki#7!6GSf^^WD8Qq;Ycc4(Sn;4&5u1X{x zrHS1l^#h$xK|*oOJMiHhA$UEi9cW6TT=Ks=F$&B+vKzJF49|57f4P3p+NP1 zxyP$h{9tu?iLwCy9sRg*!<^q(sg& zv^k)!NGbEcTla_qo`Ya|T@HoN6|OZOFToTn_XS>j>FCphbZBPYm`tf(E|g1s?NA?{ z8UL1&V;xYg%(DhwdZWer&fNK$I{WG~z?IHrgyYv9$eC|UvXv>niFg@X86@$^~e&a79G$@U}QQ<{YoT$ zY1Hoeoq8WFRhPr0KZYB)G+uZ8Cs)1O+ucR#;&xmx*8Gu=SCE@|32>K;^NtI(?em0t zRcz1=O~OgA%G&tdmv7lupSm+9YEr3Yk%_1oaI+mrG03__$0EFe>|XeTZ-6;#IEO|| z?c6GzZtLq;HCLl4vnX$E@RAhP_)qVlRZZY3)u&WDrPtH0ibc-90?cJh-9IlzHpx;q z$jc_5YjMrx7?XcM)~Wkkf(#&k&|!IVP%1;eb8^A~7%z>yZ2vqYQS%nnVhebxz0u<^ zvGyix8TQW#t;TxDkEqa(fn!Zv>A3X6EWxTfKit;)gXov_4JLRbeN5?&WW6lX^K7s~buvqC&SYC?E3BX#)=<2At-8t=~+k6OG_41Yz~)^J~fv*Y!# z)r3*@8nQENsWM6c-I)F47{wfja%L#&b#Mm-v~z|%Msq~tI%}@?lYcXq#P5F~&K6cd zeVpdfv;)Ru&B$iL3BoyA_v?bC(rM$oYo?au72JYCtq{`*=JQ=>>nNfAtHjW7KelsA zh7}ES<}+V{(Off=rK&ym(3|H2t9mK7%U;ES)$Hh-L?T>n`J zW8_Im%?Dc;TWDTV-0-RLMG72zZRam0x&Sri+#GFgdw|csEq$e%qV*-l$@#67zn5N4 zMcNLFV#6Eskbgf_|Lgc+2^nU;=`+gf+{@Ez_d?uZ|Gl}??u%h(bB}?U6IYJm#OQP? zaRBwRm$Sd^T~xv5b;~wkpdki7Pkq=YVUTik!(sAM?2+d`i%v=P_i2UoA}8$EcAZ#h zl)a^+mq$_mA#}l0@HwESxLi&Qn-_6;nOQt8Q484ZvhJ%TBCE#K?BPG2+4*4uZW_(K zzlYy~HsE_mu5723c!vG5E{Vn3D5eq8#MChz&4C5=jEpHVV$Hz0Cr!c>-iU~f%^EB4 znGKhYB~Npu+&kTU6D_%)7k<=cO>K&Xp6q7SQN}5a~-fePIW1GRr;1!Vu?$&kM z3GWr&EfG(6@#P5?ya|v(<=p^KEWEYBuU8Hy=}RW_*B%b*jvQ#)I5p@_DAxGUL99y) z7z~6tfozz#JL0Y^_ zw1sf;g31u-FqSF3nKj19iZ7hjQoR=AuXY1|@vEVyA{ryA@lx7UOuL5Wh-JG6HZSXu z%Vie`%X~iG)6uNRkR6~E>D<_82Jw^$bz;`B0-bpXFl}~#B2Awjm>69 zqaOxwGu|)4rgKX#L_TSXnMH|c0E5TMu@TO$cujLQ}O`KyK&3?%;5-^VNL&5?GB+K_>f zD<3%XhMEwi#^pq?Q@kMF_m$R2Ny8R!)MU#;gLG#pC}1^vE9T(WuaT>Dp&N_xLd455 z$^`w~YQDeV8xhAc53iOw{6Ls0F86rKGo zS%M6%tO%e+=Q{H{2XtqfM32bheFeqTEZ6M7h`?#)hK{Cntj7R2-1i8- z$}&)0tk_}RiWJ|AOJkRJ05|#c$(hBNl;m9jY{-y^en*_M-*T;q3HuO67#{5%;_@wX;9CE?X3&IeCw5mGG+#wK` zTTw}DM}Wgh)_!k!>D9`?S@%xo9^ZY=8%8S^D~dG=2yBw&chc(K(i926-3y;UC;k5+ zm_X#HNxvxL)e;X;_W)EW_;`N2&Z66XO1iylEX#)?4t^kb)y?>aR}~ApeL!mI8Yt&{ z{xy1{qA*8$>weCK??*|K^c2Gp<5 z@a-Ab=E-rM(8x8TzISWP^d$I(>y>jl-|fq z{lic&!!Z;{Q`i8?=^4Kv0E}hD*NlNDq~%W6xOD@(XL&XsWbkGD<0zM^UO_MgoqGFP zbM@P`I3VdQ-J&g|!pCadt@Gv|RKgGrmB4QF-n1k;$BSE2joTxch;=dfnrgrYtTeqO z^Ys5CM`;Pe=typ^F(>6IbjPhwMmZs1v2A`gAGV|1|6T3E;ZL8}zy_r4vOGO4t(Iq- z2Yt2ePMKP3uOJ8Ex^GX%X(+w^v(}B@2yC=f7a@l)y&fK)o@q7cqQi zB8$b8jkF#eeF1v9<;QOPrHo8d6v8l76Ws~nj-X}i>R$Q}0e@?_|M#u;?ujXd;jE=m zpFu#!$>l;*>Asz3&4;$eINH19VS*=$Xsm06!}%5}#{zn+@tFI>lp@9G5L&Fn-UP$Y zo-bodCVV5Px=upv>Eaw)aIl8<6rmedyY)JkC3%L&Zw2pGs&D&1u@u)j*38Ss`T}ag z`x^T+d|NoQTpyQi=zHMrD)1AVN!0Hxg_K#VTZav3n^MDTe0Q#&+b$|}sY=JM-hP_1 zF$~(Mt}@JFUR4lH*_S9v2u|j#OU9CWNc#R-#By}}TSjlVum^!K~;Tt87^z$r{?lcAvOy4%ukO@g$8`< zAx#-%?sgKT1*jSP=?>G=-`zP(*xw~cAd0CKQ@{}@Vi#5e;<9{>8~&2d(8}4e@3eRf zo~<49rruyjV(p4}x(qlPvIPUjauk*TMLXxJK;b) z=JsCqU`ZL@VIi9gE1DQwr_Wz%X26rkINl(0U4}If{IX(;PVwT?{K`5)_G9=uuBFHi z{&bZv%$OIOw!YKidwA!RF>Uft6T+mzi#V(DBnCsIM_n;Uv);2(5r(35;9=fdJyCUM zllWRE$KboBdbH!tFsaCxDJm-kjf%tXQL?-Abz<}^NQ!+jevv7={I_exvOCA-koPu_ z-3csc8{66W#5wxsrVX$Q<^o+J>sUYTba_~Bn$pCnGv^;;G8O*hWca$+#MsWU)s7W5 ztic45p`Sb>gS%1FoP3aSM!+RO`)}|OJd@kMVS}h zUFVKtAipA+z>jdSvo%MBR(RY%-G{VGfoi^D9AcjR?+zXO=ir0aLUR$^%RIz>Bpo{@ zAfpVaf^|dgAXgVTTQigx7H;?^jj8<=)lsmUiT`9lD4Pc18DZnQJxe9TsuXq=#PIeN z|GCuYW>`pHah09rPIc31z3arutCFqG)e6Z+XVb8Kj_2E&kUqzM!qu~6;>=<1@xF5b z^RLO)<@fF5s2*WuBI;t)X!!=AuHwR*)ab*mmf$zU9B$4T2!H5u$Ua~fE zTFp#XbFiLG+NA;)#_MM2wsOa@Mf3X4~CN!&48I6^2>dRxH@n(LL`-v4l=>3%{nc z{`ge0A~QQg4V+VBo)q{gs#oUnR0ZXSJy0T%c-^R?--xi{{Ha2 zogUb|fXRbo;Bs|Q75k~a4o__2z?nEhRL=Y^rKZok_MBDin;o)@bvd4}d)}!w8&>4v zGnDHJ(!}R=J8U%wq)8`=jF-EQwXhY$f=? zAnq*VWFnW#yw>$=(y9Y;4hVBrF``q$;u99+vkGPunj-3fiyBvwdiHW6`4?RRk+)(3 z%))iLl<8k{7{3`k=&6!U@?>l--D!P@;qe0W9O}kiX?{7QQ8!d?h%07Ko z6YUUZ{^SaIq%gUzSyYLXMnZzy0tzvu9*hJOcl1`;*PQ1B>J;Emb)7fZo>Ss=`vh7c zM%!0=M{}j(BPFiEy?>@SOUmuXzv6G3K>4e;H1MrPwmD94RSm>Ezi)bW<~?sX{~WHg z_hwI>N$%~Q*Q{Fb%%&jO9$CCD=&R?B)yLQs3wmAaril6e?xTC4UZy}v98ohieV6UA z4x2_Dx%@D0s(v*JFIs|?k{5@IFBnJe&AIIavhProCdI)i&-2gX>5_B@*Fy2TkkbvV zd=RBzVP~i1-j4jW?pbKlh_F`|RTyhN9s(kjcug6OLw`%^FaR^W4!bH7#d1$mpjdYV zzsYcWWa%8JMk#&$%H-zIIaXVuE~W+A&!lL(!U@_kCKXCX_MryVq&dPq8gW+FfKJ5N zR6fj=^NOf`Hn^am@YidB@xEb3pBrt(P1=Qde49Bnb&gH0!58}v!J%_w9=>Ve*Y%J} z`}byCbSIl-UzsHUA0mG0>A+QeCC-Yn7X=V&0+C!yzu&(?eqO=2X!@TE-s;uN_9R;L zo%c7YVwoNpJcv78(0rk-$mak3Ut=`mzI`!Wf%CpLoqZ#whrDd(0TMH{`IC9jb^26| ze1kHrxz}_s;jc3|&(2Pa9xC)rXlyA(ZcnvN{{6C~sGsEl&!u0D%5f-5n*4~Hr~s;i zi@b@KA^Je=Gdp3@w5?dvl(wJnM&q{HZC#vhi=|5-4YmEW45ggT@5Y*n7m?aiBg8bIlt7tR^u+px3!B}X`+T+2 zO3Gk+gMRN=CvS++{9@PE^t$m*UY_@(^zO}h8KI=n_bwGcV6?VOTbMC?PjdWv7o;o2 z2s@BQHNs+icw8XQedB4H7^8>io&(0=Pm!^CDH3H&v3H2EA8tMncT~pDAHl|8McXzh zE$-Eh0+?jadnP)I>>>OsG$q z>X2bvvzh#NuuN(##A#ABb)hIP_+bfM=fiedchfrP2}fB3srDCQbxJ*>JAr`KTXJwsvzk~`0;&u+ z&?$MKBmz8Dc_RlsphG6#NYw0I%ct^(dqw;_Ju)^3nVx_q4htBq@ZAIIXN#@XeEwj0 zF>2p9rgf!(IlN0a?gA5k5HjqD~ z1NeV_WeY)jiI~1#)t6RFDC2(!#*L@&tw{aSZG0F6o+Rr#%R&l?}gJ&Drc2nW^P zXD5p+%&h}wVofNA8#pma+QH~rh&XNqS2M1OG});3n2;ya8+(_9o~;Q;_~azV7KlCG z3gB)4es_;58)lLspre`yeP#*1%PX+MIs%y0#oZq1i(>#Yg9KBvkq{}NJ`MZ%@GE;o zJ-71e!rET@7g%Ae@cjui8}jSW6`)T3wXf(98^h&eqZU2z1UFf&T@c|kuwC?ic4t`6 z2dtQ!vpa+awrO4+odGIdhbXLFRYTSYyBg>l6xn<$LrLL@w*a6@-Ou@;pM5Ibw4>)} zns2$uc(3~ zYpsN0(3k03>RJ*h!hf*rpAIS2i8=Y^E3#2ihX>dTbbUYt%Sa9JpKvM2$@D@FSMaC> znMx$et0qm*qL?<6ypc7W;GEO&#Q0CAxeL=yO72#{tP& z)9Mg)${EUa!{Os~%c+9pH<9cu=8Uzd2AbzA(ZM~4#EM_a==2&>KZx`%Fu zNVSU9CG3^IaJmfy(1T9R%p0Za>yDV4N(Kjd#lk{t?X3@uVD;kiBF8h3Msdme-`l9)5Ffn?tXa){ z5@*hcTM}H?B_P~^z@og4n}{n!y{?E?oBzGbe&2Ut%Ps#LGe|7dWgLfSteSV~`y-W4 z{7KCqwTlfH+-Y+I-57%uJKkq~o^8y5`vA1zK7glRZacbDj%ySl$A5<*?-Zf$qwfT| zE~+A(-o~dPdAZdJ*=4+Mw4ve13)GH8H|Bb)uP-QB#2ZhS_O|smTtA}p#&`V95e`53 zgLCiV=%M|h?#_Cyw!fdtgjZamC`KOb)7-Vh4uotnSPC@q_%Zy`RjG}3C@ee*qhsz|e1t_2Ats91bT=}B+F<`b;%z9KWB z1xZkQ^B;V4mKs#Opv2h>42O$S`z9GnutYf8<|VrvFU5(DbGs-y9$Lm^l;q`;CdlEX zmc(t|vf;TbuF73OElK8+Z>@p}wRjf

NcZ(q?wP;&p#5EA0dBS7cwOh1Qu;g?~79>PE3zu8^fGgs1_9L^k^`XJI+Sx!X zi=^t#&Dn2UpG+68QOAmk*7Lr>;v-#1HQn3XP9P2Lc!4gXGlfd^b zGDa(;v(mNc*zi04)^J#!6m26A{L9r;>I`j`X*g}3@Mx~X5Sw^TG>s){7~H>5{l+$v z!Y)8M*t&!wOLKI)0gOe@6C$+3+b<^m09k^1i6k+SOKSR^J_W^B=1@u$3Ty>jk_vNU z?V7M_AFM)&JA5(q4n0$?MQhae%~@_fhf0AK8{#J`CR-7Wti$|L^D%`2U;n+bM`8b6 z+EARl75DHXedk9OPB=BqEi@8i{qgWlsp3z?c-##H$~%E( zCXMPm;y2zjXLtUzChwm88vD5$Hl6jy1sm?jU|;Zm8i zGaArN;h~P&(Hk3H@ibJY#V`n9T}w_i*$_YVlYv&>sTac^+SprAa2a1zr{xM4`*o7WkV=LScc8=%Wrr^i|kX^}#>j9Hkq z!aXGRAC#etpeP{Q#`Wk>58Oo}`z(~6js3E~;gK))HyRS+^vhElm)s|3tJPKON4-QY z%PAY%6>)QwBOAP#k3(C3oc?ZAXN)Yb&|aD+w4i1)5VN&8x;&^}Fr?V&tA*wbpLx#uA!!7pxpLgppSd6;4FH7=EV4z>{|hnG6nwK-;v~ezw}p&J zp-qqpPiL$}Nae=^5EZZB9%Pd#o@sm{d!NX++fM4E`;)EU`RDtm-G5M9Gr$L0>0Xoi zzQN9xO62HYG$NOyO?;jHxW-Jvhq-Fe$P6l_O6waz_Ftl z&1sgqGw|hd*CxcR&_OHq1IJM)#d39_v9Z&I+LS>5GfzT|_=?w@{hq@^JHu_xB5lvm zd9*l~s^p|1yp|bb@aH|-ffg_?L^4tnv-fGKxW*#TWRz#7C#mPg3xa8RGv(MNw2s^J zF1y_EnX_u`-^-_t7eQ)KTDdB$P?FvC%f?CZUU$pkOUzBgvnHP4D)Dz2(6%3Kzrh?S zvb*`SmZFb|qteOmxK<8`#pP05!r@)Wvd4Y7TTI7XLEKQqmyr(B4!cJ#cOqzL9m)7{ z)GPawG2znK)CqKNTJMR5HfZ1-(<)Yl>HY5CnAn#SsT5bA$poX<6SEEp-9@n4+7+g+pBQ42@b3hM;!`3QqKox{ekGBAK>=_+4MS)j2|0qT?6}dU@77}f_s!l+OGfTxjOalZ)8B> z`^p^hS-{Bdi-(_mwC%K6mITsgC$2Wb(=F)f5&WKCAkTR`%7^E2O$(-*{hPb1wx=u@ zvh4#V^EV2=cl-h$xGobs-!z>{92RDhKGFK7F=YWeQg|zjR9UqNrgO&KnV)aRe(h+( zFJ-o@hcJD`ucug(vGa)z7FdC&HO-tSeFsWD5=PQC*g)_VHOBP6ee6TS=cXE079D!C zQIq!?mo?_R3xZ)FPmk5O?{l*695mOyGk4J<)A+4fS(d(-KQRv%w0u@UXDC&5YOBlf z`dPo~=ReL?1U%K>mx;~dFs{icoXsQP3-%dFf`__}#9C7@cT2VR84sf()7;p!b-&Bx z=x-uGk0nMDS;A%;!8CmP$78$m3Yje_z0EOfQ7V(@*|#{%Rg3(hQ)2<59F>Bq0lZVe zHf^dUR}L*Lb6s$NYiLFk3aReu!s#r+=&=zFVMd?9Zb?Qy)`jyY$$I`Sqhr}-* zy3XtB6thlgT0ksF%L3gA!T3E^ekVn>xSK`d@L+n7R;4}s#vDQER^HatT5Dfw@O`EL zr43Wb8y$0LbV>d+6s1lEws&sh$OLBr+0ZFI?Ua6X?-T*%*-Ea3WsOUjY_v7 zuwOp+uvq`x(UeJHFx#q06ma`BqeO4Rf`SfGbCv;Mxx$hXbJj=*rV}4_@ zo25TGnyH-0%p^GO+~txS8vI0cd+~D*$=>X$OknZ{XbX|b>%vi@=GwTqsKpaUvaNHh>v(uO9{R-Aou~hrDj1DiK6O?v>UrVZ=#zY7y;)pOR8-0 z2MbA0(I!5zCF))|S*~(%XEr5j?L>)^%h49_aDw=EMItNH;@^&^u;<>S@!R02?+AIV z@I>+ZHhqQu2{OedV zIX8xdRWtN`U82Wnp2Ka#cY8b77W%0B}tH?f#Ti!2N0S2Pgn zY!v=8^ici*g?K255bmlt72fWDxet>uKz`GzR(2}#4#&~f3RS`SlnOAD{iX4g4}NVK zUi=T7lHmc#hcHXEj1VmD|tlGlfz-pt3nkC1&abf}JkP zUWwf{F=iGR`?@qySQ+EEyepS5??roa(CX981N~u^$&thx@}C}_F#Ojzx{1U)%ehz3 zBPBt()!8r2qKE1)JKaEl%_IBO;;6oag1W7@R~Q$S(bR+V@2NLkXUA{Mp|0Hci#C~; zWqD8Cg(AY-)GK2hiVingJ{>RrhS*R%7g!J~G3;F{6R0zaRH(KJD1*#b7EtgUj(?fH zp6eiSSslipGg&dIE05LZs0!>^4IFTMZ*Sf;i<>3snwaM=2~?qEsu}Ds1Zz*&@9*J4=b@ zOBbUHZBk^e{;k!_Ru{)r)Vc=vy0s2&9O!C>c9=E4s)+lm9&RA|XCH{|B1F@IZs)@D z16(CP3Fp|$MMr`Hqts?vm51DV1scuU1MGfomsOREJur!D* zncK;3`DJwN1YC=Eg~o|3nIR^3k+f~9@%ofK2FB?^L9M+usKAhWq_2&t&Mhs#)er*O zTI%*z`nB^3N6>3aaM2z1ypS@DuYk8%-iSo^C1>A3l`-mWc2z;HG0(b{q}p}$0-F#K zRtwgfdaX=LFeXb~2qS2S?X@R68LNPLk)LItNUID9cb77E&j)Mqky=S`%Rr3x42jnO zgS1h&DN{lzDU($Us3lfB<72jUx25D@Ri3tSHe2wl2kd10vP_z% zf}`!+C*xGPEJ_{aC=s59fz8%sX>tX5*^XqfK&0+&;2;j?%pS(17t%2%nEy}UY%S@d z4_m01*Uhop^I}$V>*`HuiTwZ_R|^_-yg7;2Bdfu|3xiO?WUmAt+@(jd78mof*Or+Z z%NONaWcRq&t|yg%(IBj&^su=z>yPo(TzGxYX3@sum%M*7=qq!|SJ7skP?@M5*09+F zS+X^oKA5w^;vhw-Arf^Z*~f-9F_QuZE!Y|T9~6p3PsYT5P>>GzRNu?y!HSZ8w zJ?xcQjqVz)xxY}23-<_foZ+so=&Ubm@hcq6u|B4VS!~tTc3bXK`fUHfSg?yLSPD(t z3IT%znmwC+TY*ZPFjhQoq`kX}8TYn%;OzqY_ID94f!5G8e@O7YUD&Mi0K6Gl3B3D? zi;Qzw67cfYftUtkJd4Rp0gD??WvXp+dU08a!X;<-*s8B~*oXYx5H#N&zTUtVLbsGJ zyoXG7L~Wnn2=~w$NoC9uVhE_oiq$~{4)8KW?6D;_y4R;~O~3WV7q0oG7^hl1-R4}X z#*$s>Eeu!=55Py3h1-LExrk+TQ#qX2XiRedv25_$KmCmhs*L4xMjHe^ zQi?KOZ=gV&SPt7bq4WZThTZ}jk{UqqVEq4Jz^4Cq2JE}COTwI(&}I5;y7VP^<3jA? zEXVs6NjDW~oQ0h_v-v#E$<2GY2WAKrbbJK&A;r~iMHo1=X}*bYP1^*S&Sy^JNcwu@ zoz?t<^88QP-*M{&0giUetS}!U_;fA;U0oJBj1UXxmlcuc!n$lyn|2Rth&Py=yUg|$ zP7^d&C$0U>5>?v+lrx`KOVIL%%*7FV4`?nH+l6U|fhfBW@Sbv81k6`u7@mE$UetG_ zN|nE|?(&LN-1@o-ug8OrFZgQ)B2~#f_BB{-8<(YtlgJI-8VW~R-8b?JWn z&cn6Cy;1mh0_1@eE466LVBrC2Ka}6nycjP%d}_9G@uC_y44_v%K>U49T-e??cSl$@ zVO$P5v61+X)Bl`I_(bdAKA=?{*Q zwM$`(Sf9Z{{(r%+LedB|3PqXdRIT4Ddx;WpsizDYdMUd~s=filI0*ydj0B~=HAn~} z=c)Ju^x1vRBS%>w53b6&&wwIKO(OI;dE@X>9ECo&101ysXd!Z}>p!kmmVG3zow3Ql zcr!rPcZ%m6_)2n}CFfSjwtK z2;<%$f^YKX8{3dmcnQ!(&bALPb^U@&`jzgL<59w};SsNyymlXYw4E*zYNcXtszMuI z+Grmg*x3GqB60j}hT@wU5}2uNJRZ^%i>zw0nrV$qVdl72DVZY2@Zz>Z7g;Hkn906x(Wsa7h0*x3`r(VF94kMzHH$V!QrDDtcG zk9{G*VM)#gPCN--n5fOHcOJ=a_}_Uf_5YE_Qu`lytY_GNc`Un-@|tU)HHsvy1KsFW zJjSVG4pLPxEthY@zhgL6XdhYT(8>0T@V)Cc@wqZ7KvNum%-@o;XIi$+6uE_n;xo+5 zb9LRixtg)%JvsZc1M7)#_Crq1Q&r@i6MHnwRRc-E=ts=7M4N|9bsc}8b2tieh;{;^ht*uj-=XRORg%Us}YGhhEUsmPm{w*@%!eyUqm`$YRB;SzA!~8y|F1d(uZRmUaCJxh0pb6sDD}P&tmmb zQ=wpigVXiM`gk)$BMNIFN;2kGz_FDG@<4x0dWB*;&@-HCaZ8&N9CP~C{UH#ddli(n zFaejfl3J=UKn|4)2&%BLe>tsnAHElR15W7NJHM`CRmHIj#%uilOJz|KcL(;1ueZsI z6bqO_PIfGH6K7A{-Zw+lcJ#WkV6aer`XHc3F6DEXC!_XHb)?w~h@Y#wT0%V{`XK3> z@xoJp%JR_m68YRG?q{Sm_DM9X*KlYq*{V(YX7TYEY3efy=%|-OJ;_o_bC<@wU$s(> z+t~j8e^A!?|AMldxr~ILlU#RIc2+jwMvR_7RklboG*{YfAl_O-z?oHiL&tEpVRK|v zcs!qJUlx3Ey3wB!7F}d0vDmxo;T>Y!ePpgO7*odq2nWB7oRvGS-ETh^aC}aJW)NHy zG+#&j?%A3Yq~Om156dJa(ZBr?v8BIWm;P8Sw)bmAvm{nf+liHaZoy&!!BliK^m48k zVk7XlVQ;%W&eMs@w7&ELyrrk1_7*D()Aq)>tLPSfm2a)pZUR{C`c=w0iO;lm2Hjl{ zU^?eqC6=}Q_N*r6w+fr3gxA7fepkP&MRpl^dxHw7!6rdo#@N#fMm|k~XPwIWEoBUX z<5c3K6hn`G^XhO9=-D3F55CHa1oWcrbVAYpGm<6#zav>Gn)WNaZ6ZV8tmZM@#BKFQ zHdjv5eypt6O>O@RJgFy+MJauXvA{K$CT?%mAhxCR-r@mUSYCPa^>_!tWG}fQXf7?8Ja7@u%p<@(#un zsBy&LiLi$^X?ERa-4Wmtx)Gxcg5%uj^Xli<*=1KEK$SW!P^B)CrP4YyIgbu~G8ij& z&R%Di0hWk(3ZC^0ZXd_(mq6n98U@8CDQ^U5wlElvvmAfO0iNT>`v2~2wz?etT5dQ0 zTU@!n!ZdJhobskz%kus**F2(f^&+~Vf{5St<)-qT%~+SeVTjp0w@{O;KiH(3;WFRB z_CS7pd?>k}Ot$sOizn56TsupbuJ2A(Fg3sFbT+KF6RUcm9BQKxRBvC?zn6AbmZ@Ed zv<>@78;e;+AGr#78`T}tN-y^>oz>KcX%S?qArypjuxhLL9`tBD-!VbwzF?dLzGME9 zu=b8pc|fypT0}p@Qw!U89C8H2bT1?qoA)$=W9e(xeQ6D8Qw`;DKd|W~3$@A`=Pbr) z1NRfgGW4MIlc~nIjJ8F`uj)-V*D7JcKA@8-RL&mvFQ=6$dg|Xqn`GZv3x43X7$UNP z_+U;irE+PuY~12RM7A6q=!&*cyJ4mXru!W!CdZhpKhbE3?fKnAQ#U^P@o-f89H!n1 zkXn><@jstGHglJ_Chk$Jdu#B!P!ew4FFqrzm3izSeINTGR2qP_TC~RFE1AIlJvLm? z?VhEe+}q=~mn?NHLlq;EmTylrbcoi4bN)lM&|@)vLc~uS;~S#(XVDswBp35E?+!vVQY~#G4;{(1G#*(yZ7K?^&l0G z@nCeu42Fb{>suV3?bj^^o>x!7AYFA&b^k{KhnRM|AkS0s|H7V z6r$YB%-)5o`1ruNUr9^nWMvP#>#}d_oK8`ZTp_+Sny9JqGfEvj??(jBmD0KVXg-eo zyT>jvK80Cd_K5IFEeCyrp6pnVT4{TPNENQMHdXf)u9U#5dlzF>61sF|Q|hm`+Ut&2 z3XjY^Pc3MUEV5QzRx(ywp`I2SG#kr?7Bq*hpS#etEej7_A%wWR4KA>hutT)6S2EmB zD7cq;X@*H%x2izt4X3Pf-HYdhmeX~ zSSn%*NY$g_Cvx-rv7@SuBjYwNUg~S3888%ku#BpXAD7rs(o4I zaT-wY^Y`XD&IjLDD=dNML-b}y`k82rTOmbsTp+np*482@M z_|c!|f{7N^2Z3~bA)Yo4b=lyr(*d{ZRnBOpX{mc^e2lcgiNwy}eAxiJU-)*XXB z(VDp$GgOdTud-tEt||E$Sqqb5HX&|$sqLVs;cLCfOv|&LBEfjE1DCJfL9ylqmP7&8 z?yw`iie!0)SMLv-c+F#V9M6{quFv@Bb; z8^m=X9+|+JZk~Hp$1M2C?u)27$2jTf4ybIHRG#kzfpqO57iud{C~@LCJkJ!5<$3!| zaT9jM(41Fs(O!YrRb45H6{+iqG?8r+72-YHNn(bs`Fj z!(at(NLp~Jy9la`46Z{?s0w>EFqgoqn=U#{&cP~-Fd-< zO^ZfrAkRMWTLLSv5rfqS8A$Uq5?be0aR7yk@#ea4vT}MkoXt1qFudNNZ~jzcl3)f6 zDdX*VkelEaVb2^F#svC3iWL4CLd`q(U>SEg%89tKh2JeGT@lBLz9>7)7M)f{!6vn@ z zjNNxxXV{~Ewv;tqfkS%8L)~TvIQfs6B=q4#w+1op=+@RHZio8GA9-1=!}5!FDYhsX zJsbC4f7*;@X9CwiX042awzh?Q%jUf}%!Mh-AtyjqOUkG>G$12;Ypo(<+c4Sk8Dla- zN4hd44jbFrb&p6@8LA#?9{$q0-*K#Ol}QN`CCj>5ut~W4>?od+?_U&4f|D&( zd351s!O-~?G1+gow&uFIvy@+NPSw(|wpF@$B0s)pki3Z8A6wm5{xkX#$k4ROU%6Q< zU5E+?Dthzo2d@>XoC^M*Fjm{QDAkmY+}IerdzNBsc+{O2lvO0TH+fsJvOg~`%g>qG zu6rW6f5~vFN8k({YDNZ|s*RTR1U%(;u}eg48fiyo?2k<|CEcA(oplRAt?hZib#A+~ zE+Hn$rYyN*nQ!x<%9~=QhhLzNP+mbvK2i*=h4$7co@7k+QI%*w3eb9NUyh%{xCD|Z z063KLaa3rxv8!dD^47!$o#IfKk}=OQC0C^*>CM0}^dFR%pJ()II(!nPym7zD39>(a z&Wst&-BhoM6$6gN%qBo1=eGuj7aK1N&Q@(|U!>J|#tUcUBp=|SOhAinL zT-OUe^*sDM@E4S|_;Un)n74t=+t|J1!9zP=`p8-;iPxu7giESh z1$!HhL=s}J|B~ZF)vYPLCnTY+%lhj?C zq0*Qv7S#;bn;V=|Rfo}-W2vt>YQ%e+{g;pPKXhp>Fj_<67brvC;2_512ew`H<_D?! zl|4uBEY9hHE&9(BMFl&`vQ28exbz;%HF?kXtU3iMTQP%}zsV`l1WXgGN46l| zcp*su{9l>&J*tF zc1sJklr))@C!zqipvG$SbxKQ!$*N9Or4cwq@*lX6W*=VR(OIl5q>>)4Lf|N+(r=c^ zm>5k-b0+gq#D9w*v3hnW-S2SJv;qTv*?H#R4HXsnbh`uUBz_iLg3ElmFn~^7AcMuX zW738sZmYb*-N|@`e(>+SN{pp|;flD={U?`j ztX3k)t|!&j=LPy}nq<#c<`F#){~}e-w$Z_%5Z9-O6*AC|nYGwL&V0eKDKmzO&&erN zBY2%&0ZklSDw1XrfEZTBdqc48_me#6i*!5!9`gvw^CpHWD!YxHvC7!%k>k+ue^5aD z|MvQ{7V;J+VIaxo>?m17aQ+fi3BSiW?hedCl}Px>!VmdNVJ_CfABHS`bNjYDo9b|B zA|Numqba-o)(obzSi-5c^f&}=qA)6fp#mT!n%SBK_$@6 zh$EyXGHhVu@pOxMCwR%_k%P{0KK&i<>3>WWF~C&iqIVqz6VgP@t5PmcxSaq{l`>gv zOtq=O52Ek5Mid3^1Vyp-{i7`};*9COwW%pLuBUvgHy4$|@uz)t)_?lLdzH?sHz!Pp z^$wJ)%~m^GT+&Bt5~U-f(K1f$GwTrxeexr|8o;Vdx-EOH^VCOE)oDDK2b)l!eQar_ zkf<;@ylBgF@w2Y@nt3Ex9c}P-ZJDBy)9<6!7qZy}LR=i@n|IL`uwPtG_Cd5s6kMxT zQa5WA(GN^|qpdN`E;0Eln3T6m{o(P6Dhu|l^|Y4&S@rWyUJG*H1u-d}i2tS6 zcx=(g)&>d`#`2A$eG0KU$ly1|CI4a z4?Xu^0H@vT(YSuTfS5r`W8Y0or1!0i{zsu!K#Khrt-8Vh&?;XjWZ(ygnnG>K z%X9yutiazDdKm4NITq$snS}oj%I-2Os<3VNJr*J<-5{xSNP{3E-8I0_spJ3((%m?~ zfPjF2bPhcXHFQZzcXvrhmwTc2{k+e+_ow~AZvyLpHOE@(TEFXmZU=;ucGyp>+iPsq zlxKfaTM7$XJd~uBm=+w!eAfrl;vc}P66y!I5zFk=*HOPr5Jmo_QtYn z&&WFHd9F#HUyc&~VCQA+#>w)khD%C)Z&faV_O;#`Cc}kc_^a(DR&C~rxHbkhWHET( z3(^FzvrlM7Exhboea@tM!I11EKfz9|YvwuG9EHHe`@*yq6C85dZTB$oZV=x;ur9~E zF!xEJ80id@Ghz>X(%%4aQe{7qdD*X6>bhpHOCob3Q?om4>vrgPTXH=E4>`NgV1Ypn zDoTwB#@rTUl0V>M`dl!10ULeC^;V>wV0NqA?CfbYqkpa2HiYv4JF~T;anj>uvGNq+ z2py{xudsYiGXK8EBhbk+7*8V z;(pC;Ut3n>6JP}iSZ*ARiR%uEd38l3G5>mH@;3jmKEVS#^O+8)4%Uh*OviVik?ITH ztrH~GaSWz<4$W`w&<-?{7uCU3G-}@Ux_Y_vpf^6SK;U#|sx4|_rxua_I@rS5j$07D z>>V`voB{w>>@j=~pTA@)jN3<%y0Z5<$lpAS-Fb&XE*xWa*(!V8^ z{!x=}fT7T5PYZYSDP=E1)jA(FDO|m1G|MLRV{GEje`+Uf@CWU8%lHJ1*>UEZno?

Dm~)$}u(4Sc-)zr@JCk+>ZDyS(uEw@mE4A^TeK<4M!dxell4tZR^+_n|;O z7qHK!sS~k-N1l_EM9KDuYG&+O2>2kL8^%NtDJKu;Gd`~4WRr1o0=q3={?zcx8cH?;DvdRynPla<;6JijS18wgqfwAvzn4}Jf1Fso-s_6 z)<%9PP&am<6<5v-#AM!WJw zjDy_-Wrnt9MMBbtY3+A?+bp3Yp}x=`R#f96TeQuA#5 zxFYv6Sgzz}6$70^9_QfR6Ncz;ffo3gHNH6&3&mtN@C@tQK--Cs*w;V*2@E=;y$-BY z2zY)T;(z}~eDms2X_h-t0xZyeejV=RRBZbCYjhC};sIFPort!`cy3L0`JpS+z>fiq z(gU|jyqxiygmx${c+}b~gec+`Kl1vD?;FOlm{$K(77naQc?al-&-PzS+qhtNm*i-@ zluZ*n&fvp)y43ci&va&%tEcK^B#*m7!qUUuJU_Th5`8ee9tN5W*TevjGxm=%iGR&y z>kf*RZwU?M{PwP!Q{@!|EKbGKL_J8zh<-Ia#@m)HzsE4m?)rCJ2wdkX_m((w_}uAj z`4zF?%^$SR7~iVpdwJ%$tN5D8p$2QW3S*iSaI&oMOTciEBt?M7+M>)zo88rQEm^rdJw~dW zV~kNN9)ySK5sxY|I=sra5b&wCSPiX{892MG=p%L0J+RxyU)|=9xzdBl%&Z8=KRnN; z9~}wT51U)rkW#Z0)86y~Y!)3)l;6aYT%pvcIZq*BZzDbZ@jw>3kj01rogWQbZo{Nq zIa{XgSoFt_+bTm3xuE4UJvB~BJxG*T(zp2wTG5jn*qzP#2_q{C^o+n_Pehv^N02kx zCDo-3P-(=VfEn=Z;XO^Me7$tIbNgVz!zdH;3!q5L^qesEQd2YqAZp5(-EQ_{){F#H zKh5&GK^)>a?xhjnu1l@tY;($blC@V{Qw#%g*wrLNL-oRUIxD=}Z0Hj%HCwd*ve8-d z39wc24_an!viJ^l)4RWWy>>fRvFy7|5va{hs%lXheTV_`>oeIhako)l*$#?^!EoMN zwqvXapxI37Y3G$LRjb_%LZ=`(o z#2l56ktXvSkA~4z%s}Tn$RKR#=onQB{%8;4wISK$zUBL1eT0Hj2~Q&qZ49^ol=Z0g za7)c`7Kmjl#HMPcvnDDNC;aB7k@6T+I(qeu4v*%Q2M7gnV24Rt)w!*TxZ=7WG0(=V zKCT67P=jsw%B^&uGkysIPbtihKF;+U0XQi}2s*tpqO|Y*eLJzO6MVk$sEK81=>D3n za=vMP7yBE#S6nhWv9D*W|( zXs+350IWNo&aXQcK3-_}CO6ef-TH&$-LklO@cqNq>>MOgt)IbO8;2~{ z8b(si0NGP1!YbY>cOpulCEFhM;i?FN_aCW)8S+d}eM3)_MBJ+8^Aj@Oy=@M4bPcPK zn)mu6-J`))<8yz|rYfByM*J|Ar2Q|Fe;y%E9nMPmx0XMRzHQK?uafn?#$hfHihXF} zQ}&ypF+Du`e9O{Aj&y5JMhyH14V&)z2!$io`g*96m-yuOh5GOSBa)Ec;uIm@4q{=n zq@+RQ4>O8{XD|vie<+}dZ>4`ri&;*E$4e1F7L=}?_%iKeCn`WX9v<^bM9Z<8kwD4| z{>iMd}<`NR3u9Pm12(wy~7Wf7@e{|ad09sPOAZi*( z-T_cMmYH(h$QI(hl42au!Ehhd|UqLenzNjK};fGw7`JT()n^;e1CCeVH&XOjn7wd z+Qh`$I)TU$QUP}GC6k3QbG~c5?C-SdvUqaJ?x^OGyRsHLg0M~jKw2FCkQUB#iz9H; z8}Xh%o;=AP?IWTIPPQCA)ur}Wf%|KE7%+o6=jEHjwGq1UfM@JoCXYzH`3k=q#8y>` zDCDG=>3oUyuzw>>S5D@ax*hjoy_4Iy1!BIVD@7^leoqm9r1!r{>#@UT7aZMf0b7zI zs`Zw*i(9@GXnU!98w8NrDf!!s1@TmcUenizJ^yF4em0oaS%{n}vk(0sll!e-YIsMq z7y+X7&0X#+^JfdApId%bi~j;mH8q=BO%n-IjiQ5cb1}bDFYVXr6GlwMN3WD0Cp^Jd z4F~heQ-#ywd=n6*#C)e^Rx~d#>FU(CCJeWOsQ>7)ejxrlF%PapsnNj@q!?p_e8s|d znYY9j8LOW%s}6~@559^&J^F)IJTcRITWJj8y6pFEXxia_2b=l7krpkhI~oInr_pgb z_IdA_@*Y@^AJ&4KxBRHQjL8dP6HD5TaXgIXOKk4s8?gmQcXJk#m*GDR&f^QdpSvV7 zR>3v^4F{t4^o!?6c-(XHF!t=hKG^SLVG#?dkAMzEylfv`nYdG+u&e_%pdKb;$)Tp zm3rE%ZG-wr0ip$=)S9m0%Rj6Fh}Mj`L&B~0v1_iN`hA(gE;chSX^PRUB_vs0wctMI zNmhL+0f#sz(uYJ_+=4W&ArG_4(5moQUjs4%4u^7b`gpWH;xvWisa;I~k?hxYJkxJm>K{52%LHwEVs;z!*OLzpa7BDjl z$LXp_k&&Dz*r1lp7Fe&l&N~gcv(k{CLM*lp_R?PrxHQ*5lyN({j>fcU;?s{p_Nzp1ol)_H)$kxX;-P0$z)6 zEE$7>Z;(aBoU-4Gb#*T&uAYc%M;2)AOsaRXi$o7&M(9Pqe)0C>QRpku2Or)DhDf_^ z=6vFth4#+RiVZM@_7$3)vX zuUD+^NBtDs?kZX0N#=2skq%^_N|>u<^}8{)pqZeBIcfHi}A7z zxf#Z~FyktOdRww}u?~^s{oW~CkCtN+GxT~cx%#RiiS##d{xX_fSp5aK!UW57;&+MK zV}ua(B4^`r_LonZs>piGONndXfr&%)7P#ky+E`r`-xae|?vR!pgRBJ35Y(FMe!|A8 zCc-A0MCKg>Uh^H&O5SAn;iH{n%^=rNoFmvc&nMBh&_14rVdm7a-SyMse<>~8q9pR# zv;VKs${INsNRrp-o?Z5`RmP=?MzbP4Y&|&yp8hJFBK|3@T(s209>fUqaIp!?(Zl`M zd?BsEg5p#_G)ukUJn@cc*=6;5TK|8E{E2R6|tM__G#;a!U=2L%wWhW9m&T+!FEf}zRE&pn0 zPjjZv7jscT{3o&0>O67gNDoHBC-!+$u_mZ0pNA9B&9Wt|5&s1Dk`$&7PkMAoU8Kk| zTs#bfvv{hzMk>`Atp$p!4!2oSqw5vL)0{-t0UJtnm2`|hX>Q;8$Y&@LZo2+xs9O>MnK6U*s)S@&G{-vMd z>oMy4?(>ZjboAom4med&mLROTlXsP45H96FU1N9DMYvGEwy&TgOJL@4f9Ccw7(I=j zne3v(L11eZU31bcB0_JQHkY5!d=%q$syh7$>hHaBSQ2t zOY`Ro4nH1N9QYf3pXsa#)oJ$x|C%RefGW(Z)K9b?PK4TiDijn6ZtxZ?dERj_KVByo z%;>ZuWGZ5I+-#$@>d=w$!2staJn$oWrj@|GqCMc%1(wpkf)*6?7$|6s>a-okFu}`9 zk*cZQbzWOAW__M{fNOyyMI#0)Mu^AjRy)G*G%`}<5?$xxsP*22`*mEi3WyYc{#4Gf zVPGVLYSZT^Vciq?6)Yf*9zRe7M6}X#oNW!T=BGyLcJy8f3Ze9uNjL7iRs*YWTp|DF z^6ZO9JN;%Kt*^os;rH1-q8h9xFygbXWVP2lqJH4MuX)VY4`HS7F2lPMTduRZ0h|~| z8H|o?#9!d?UR#DZNy;sG(V^I0Qtp@>6}yQ_L8e@WMM36Kx`5fD#!>QD2k9HI&g3v0 zQ86s(LL)9mg@PjeAY_umH3mYNZ>G4R_ORmliFVHU003=OlW$y%$Ogz$Isn^OcC;B7 z<&3C^?>nbb= z0S;#wZ6Rpe?2KJ0<%=X8-OrD5e5BsjfB?-_A6CUkPdj5t0xN!NfvK2t8kVk_Y1Wf<_r$+a5A?#yVBk4Xc}8$XF@ z-j5P{^KFbcmf5XZ)^Zk)^*n&H*STr^;6K-r)7`&U=b4JXXE#nUK&|+bROqiXK5lI3 z^y8K9GKx?_Ol;Zmn-tF{yh%NElP#^Zkx51T;L0Dm9%`^U3f`OPp6#M_>)`R;(R1w* zJfsPcW^Z*XG$PV{ECr!Y*A%+>6oZ8HUr@`z9czAkSKxs3h9+OR)OLTyZ|C*LOfFyW zf{kX3$y}r_zDN5{4SQYaS!Nz0y&3d6e|{#}Hr~KvzHBCEU!RzvkHSoR6ZJ%l%VFdh zBADh^>v2##x%w3|0p&+x@AqJ+$-4 z+pdYbJpfbmT%K^pS$!si6zvjt9{bVd#B)L}uz-eP$Zf!X>RKcQcXh3945UXWx!zy1 zwf5n>D5TKo5F#@7*K7$^^ZCh8g#Z#>r99u3<_kMd-7gmDz1QDPeNh^Ymw|(CUZ!CC zF74I`6!^_fYRS!=D9Erejn$RqA+Ka^#>nTQ&hl#>Kq%dZ;|IvmUCcbf#VGE_h@YmO~ePK0& z7dnL3n7-c3Y-7-1nN{aKl#N~;O=>t5%pwhEO`{X;`2Z^S%b0HT9_mfkZy z%msmnD=;G9BlCJ7i!=EphX`(HYf?5l8CSvyq3*&2+yQb$```GM(fWyJ%J{D8JGbl2 z$rQKoKIu=<14u!5kt_ea%|30aUAuM*J#u#r>cVfLk2I4uLYmor&?jKCqOWGu-myXK zxH3m%yDf}YGlKejyc26t#ta?{l^)eHV-uBWXD20x@X2IEf4#^=)XC5B3koDZc+Y0j zIfjhhNH-_tib@q+Gr05Oh55>DBsX!{Ek zEqFA_oYYEGJo@`&NtkaIk&>`oHT1&Au(nXo2`32K&Q>!otVl0G3H1Z{>wXoKQvMEg zL4cf=@YDYKSG8S+b$j3n3TewOjthN{bGYi$khn)$0%!c}m~jJPg))p>Y9h%a>lI{c z_X1Wqaqe1L-*sfH!^}EYN`vJYomBBZM0*2hW$Ua}-`h=!OCHC*w!J$JCRC?WE> zMHJdgiON1$yl$Lg9GEXkJNqobKJGD`okap}zqwQ<6-(tnTh0v(WB{;VQ;Bwu6Oh zj=O-?*PxNG=^qr_*lhzz+J>)R(dPgA`51b0ffd*(C5xaUKg&U-W`cG-pr55t*7szP z#%W^(A=w_S)@hnxZKp=N0uFa!|AVIfLh<>X;NqaFMy=H2R3A=8*tU8l3~Uw2mKCt`##>#eQ^KleYEmurN7}US&s7fVbKett80L7 z8In+oRwe9IQbg*IB?b(r|17H!Kl$ub*ZAZtxISy7f}eW;`fU2m4kR(&X0@tSJK9wi zIZrK+3k&Ml-OZCY0N@sT-ZC|VVvPQCh~jvXPB=yidxCP$44muHa}xU_)0zu=un(06 zIyZ}vDP+**DN%Zu#>PUivT~ngn!R1um+}ZcV%dL zqhe6`Id330kn->!+`^d_4RRc>KFi2UpgLsCLPwNpWOcPisaugEVJG0uax6cl;ZqElzlqx+@p$^!?I&Mo zbMe>dG*=Rir77I+EhpVN%)M5~9Gei@d7R7R`Qtiw)9#!DlX1j0|L9f?oUB7vT-0N< z&M`$abY~b4TyZN2;zSqB*7PQ=r_)tCc|p?6&RhMysg~$p+nDu?!#zDUyQdXZZgk~) zeSwp0rZvq#6mWCkF>JjQ8B9Ph-m@B~0H#zz(^#q&AlaHi|Gp)q zN)X)W`PXoz+g0xXi+Y4qwR%2gqf0UJRFRRTsnPxjdA!^NPa^Z71cq zm`i^VS8YGEf-!x3JEX1SQ5UrCy66cS z&YH(ktqHf)%ukKt;6@f?vvNeXkBY7=%hq;ywz5$raF>;{xS)XC(_YBq` z43%eR173ey&y(Vq_D6gD^zgwAS^2`?irG(a zsDBBSqHE3|0esHVr1`o~Xi&z4O)DAnRX!KhHo1BaVb$=mH-TO<9#yC;OTaB76v!H# z9?zdl7hcZ6>Mz5hLrN`89ERl&t3?D`vgVVUR|cvDd`(cC6*8GQna)fJ$LB~e{+D7> z4FS>rOEHnYt_ifQd<3MJ(nwncR8E~AAvlwjG)`x0wzf88*s~buNq2~@uL}sV-S6#( zG?k26d^9qgL?`E}`F_s1^{<5l%Tx-ojl0C{w8paYdhvtC{;%%}(Cvh+f^Wr%DH{qR zu_j$g=xd%Ne(D?>S4|bO^<*h}b#9Y0KmVreO{8yovo8gOx0vUu8dzW21E!6$5@Oo%u`9sER_thgdzZ#NuL%-gcfxKYR0y=fz6`RTCW88Uwcx@zTGwJ@Y zb>79e>C8zpyS9j(jAom;9DVtw?(_P?5*2oK`!(Zx?mldx2|8;%6Nq|oPL~A9_BOJ9 z_%GW~N^{clS)c_1$AI9Qaa9!o(5t8LuzWiTL*i?G4Xd^hlP951l|kWdEpea4zq;YHWhsr`d;%jP024(L3VoI0P2;j=M=SS^h<=6OJp&SlEAJSraIUY1P!DU_(8?p zv^F)XI6uD3Wz6M~=Ed7N6aJX<*3bsjPef0^MGyUhmc#y#;TPw_qNehahjJf!TC8=0 zUi3#))I3XGrlEWxz{H3H@zm0EqGt*uxm-IqTJVTd4?ZI?eYSQ+ocsvO3+O@vg|wK5 zNQ`Nvuh_PsFUohu&%TG{BtiX%o?uAYaaKGqU-c@~Jy;JTxJ@V#Rw=a$3S6^+9#RQ- zIxLd>MyA@3P+}~{l&Cb{Yf37hU-~V>>tI^;J3ACRS!JDhDc?9`LSWT#=2pwF_2}%- zQQ_*sRq-y;h7TM8wQYp|LwEByA$8w@WEN6VO*0nQz9}WLTgxD&cb4Y)QSmIDnw^v5 zxVX$%yJG}Tw~?eX0KmAV*Z=j|bnx##LivBf`moBSVSR!xV5+;oX7>7(zjTRLf4+5A zB&pqNgO+Wv&2DWTtc2kQ2&cz5wa%=JkKlU>hlRf>pK;!U*m%R<2(TNrMqcRPX@tht zj{ir1h5jD`#;GG}xy+K?p~JB&qC@-xXVyd5C&JADluPHa9 zEi}62r;@I!3E}umLyW~!hWiAtUrzZ^piztbg2wg}eyr@|w}E*0?!3qofPVGB>c6nT zW^6}-?YY{Yi1gQV4OfPbO@!3@Loi1z#(U5o%p>S59+rnJ0QBpfo_T}%Vz;WG8}JA6 zV;?GNOH=6VI)a0ea^$9!6cV?}b4IA&s*3^k>!XQ%(=WKgfzz+APM6@BTbGP@3t9Zk z4ZpG)^CeY!WvWPqSRVeI(cosuK(q(g(QHF%&2|ERYm83>Y)=-V+!eFcFFgMmF?g>c+T$}~E7 z-)RFJDivGxS@L>E^IfM>7Rv?2mqFG;;|Tj-nPUZn-3>BJg|{+Qg>`VzD!RZ&5P{NL zwnO}t;PX%Gy_Dd&;N#2lZJ1~0*wOCH*^OX@wy!a>nxW%qBxnq^;E>Z zeba0Y_I{&C-pVAS_}f5hI-e0RUmiEPD|uE>V{IY>`isDc58&DfKW1xmDxa^uM)8?n z<)UE4?nES%)TcQwd$D6G2_0RJQDPj-iIE+k&Zi=}r0D{Kn>&4UemPBVRmE$x z?(7o@$~0M`kTR;D85vDNs}s|>W7>3(ZS<_EO`$2trcORvSvV|sW``>}I^LVA^`lHs zki{#{iRm0aF9F*E*UMi)6o{2iLitO_1w4XS7ENV9tmq$Wy_;q3f0u}0`SAIJfT)n@ zg}OUkMM--APNVk0EO3)^*pzbx;zvwQ8jLkbzO-GeDMheL*Am4(ZZZp{Uc-GAz3u1H z4)g6rMiQCi>^V0>jIo^ve81{%81TQqJ5L@pF)M5-7rf(LmL{%(yMuw%!gj5vr@Kp? zob#s{_m_VuhoGMoQ^%wqltG4Kl|`i^eskN&pOt6+Qsfb2ybX}E2V@se(pqWynwk6& z8b&HkG%UsgycTkhfWKX$V-pzqC0K&a^DaR=@d)J|WXyA8BPn!W@%O#|A2}@w`4t_k zpZZ_ZJsfDryk{R(16yN=Q)s=E3$gy7ZI>RxJ=!hZt=L1K-7gi~FZzRa>iY+ct%9KDR-}TA5Y_RM%CoI}pGUFx9Ert+`WdePRJJeMv zb#Tb8*4cq8*4hT&QG!WfJ)y_l-K3yJN? zL}kuDyzWF-Mu;Fw5l@lGnyJm0jRsM_88iUjF}MzRhoLa^?Bz}7qsiak)9)l?#Ok#^ z#lBPdKZ`-!ovxpa>y;1QsYblTk{S9C{W3B7-Dxl^v^~Yd{>+*|w@sP>Jd8G@WxW6R z5UzSPe#<8@C;JEO+3s+@yf|aCKh5>`r8Q$&XO4Lp9HeJ5;*ef8446MD#-%2}^P&6u zjqc67)~rj!P!S?Pm(o+M3MRI6*+oJHXo!wHe}=~gSb*hfcwy?mYPGvbadixb09Z`$ zkT`#|_OnR5HfPc!)b$I+y!XO%JytxAc2Eo8x7_cG2^OyyMF;p z`WW#A=8uR8W$NBUqyUeeK6mfuz~F zyKdHDl+enEr@L{vwo!}ogWo#}9sNJi@_I%qlYGiOxJiJyJ5=?NFKAnn<#DEz^ z>uC3B{c2!N2ifOu*}7A&pa0%nTsv{Mgn)5_iXJ#hzhg6O*t4N}*B4Ex(YhbYr5M#G zw2JLCi8Wp0q-crioMTxVOjBI-+8jzf(GgyUn?gCsgB&b~?yd`CJXdF@#0GldC z--*%Z@0=Ghm9Oyh-M$^WFYAhv@L^XS2ZT*ygQ@k~7yTT*D2F}=Wj-KG2b$B099Ccy z?&Q&2Wg{K6Axu8cypMNW!0%KJor`o%OWcKRm_6VK86B!G2fWt+zSQlz9TLv6$h;0GQ}jKScpulj^8ekLbtx{?HgL-EJoWO? zaY2pdAr1Acsp$nRMTGo`o0BHfJua|0a}oOJCv?(z08|;i4dKUYBg=i89IY@bjNiTO zw~B|N&~vT{RF@T&({~cL9?61Z;)ZQSLySr-CS;o8S-orpHx1 zFOHs_X6>fV6nt3AI4m9y=>X41joOwOLKC@3{&%yA&gg3Q=+`ajOg5orn?q4S(*Lq|&xo#_e1)bSO| z>YRg;(p&}^M3^EKr*B>IKx5|284!x4>-QV%5fg}5_9A1FoG~SpKyIY?D^_fBrYHl2 zSid>>BYw{0XC(immol5;I}AxBk7Ky=VS+V%M7!xvKziYo#0U#iwCdu0(D;#`9z>rQ zG;V+_2#WK^W+m$;IeVNtmbLV>xn1Qo_`1`Nxosd_ohX)D(ej(_$x*S@=(Lw}GgI?1 zirfhJ1)(AFa=RQ5`IRMam<8VNBais`T96SF#!@SCA+N>rpv-fC^z!YDb<5_JX)oCU z;#;jB6B)6ct{T6jo!kuL{XvsqQ;UAceE-dhX6I_bTST`1kd~JqaZmmu=-zm?{KtcO zDK=TyXNXNu2lo5_ZN12)o>G>=Nk7EVQY;HGn)D*`5mL!<;;C(K=F?=d*$O8<{6VX* zTBB{OT9Ul1DHA;7|Goy~k}t$zZy}>C7VB)POaji}&)@{m zLw}#NQS*+{gI3x>(Vrvz?KqS#>C_z|8%J3=>0wQJ$rV`V;B0~rKz!l8lD6TCB*_I@ zT;zmbX>FF$7=5QeY^6Rg)ud>NzE-Tq?He@$4R4uh1sP!1;fw5L_Ob;^9BBWR%Vh5% zy_nNgEqDU;UOMGUxZdNpQBKUqPs~}#6D@53`HIfhVl1Du$Q#c1ELKT`T8sHWtAG+~ zB8JPDo+`{DFOK04YYB8sO5~Xp7{*^hQ4Wh+pYB$ z5VznYMgokSaFRs_One*9*8=y6t+zIF5*bJ6^5RKWIQi zwqLd-G}z)^ZRvmc*YEt7yjAZGV%U@!nVA!W+*HV7FfyqF<$f7%62LT|LR zCgZ6IvX=4uo?2Vp*h_L+!Y{7KQt+51x3-@FmFKO*o&H+DKDff8O|=K6`z}T(4{-qq zOBz5}FHokeyn=C9uIR~67#?R>BHr#+6ur9oVG2>82oBM7EmI54sTGT@V0JJ*2hlY#P+f~%aDkT@66Bof`PUeuPxVe;Aeu#7-Mj2;F|{~ zv5GDo5Svjf2?C}@vR}&0B{XoR=st6lJepkqO%;tUqx35*j{N#AdfB#jcu}3LNv%BE z+x8=s(T8Loz?1W_QlfW_E|I%Nmn_*5!73sAn#E+a=~1e);s@j5NH5b#<67W!x&1A8 z+3)L~a%0uh&<{AUc`Lvw7Rj?U)f=CB{S7R3#TS$sjDCke%%AI?; zE3Yc#51J>T!LR<6+WcviMbkutHydN=i8Fj8rKyj@CYG!=n-IP8mV}>(cWbtlYFaCf zN^BpHU@msd)xwkdhoG7_J8@eC;|{0=ilH{H8Tx9ecC202R~Fx?*?O`C{fP^o197_l znbt^o_1|fYY?@Iy<|+nR&p!bJPYyz=%qD1`avkx*M@;&DwiY%m-z$-Du{KswWPh>N zU-y4GuvHmbcT7fxry_eG3?J=ibj1sE&ubQJ%R4quUH^ARPB0I7I-`M;REBbcQxacX(}W~>bu zA#9x3HlGLOa845!h32<$LQP{z74MUQO1HDtERkF);PWW@waz7T-};gB@wn}*b*m;W z!$N5_w8fIP*->6b+ZR#tT$D8RBSDb?J+nU?LK+(i;y3{L{Rb_j66CX+D+vI;g7ZR3 zB5BeigcG$^jiQCjjV+AWJ6QbHQeWe8n&h0a`23zRaJ!%6yH@ZAZK3H9uGHi*6SA;1 zT{Z4+b=yBwB!~OO`wv=?J}6ha!f=4)98Y0AZ5c12$$}Fl%e*(b8qZfWq8DOM29zCQpz$#3aV&=ImD97 z3saWk1F^oz#`k-(?MiG=CkyI_eWMY~eYHO)rC|m=k9}JBdy!c75NuksCw( z42ngxk{b!|+glji%OCuPOVJiX`Igm+n06;94M52zP$~_!#MhA7qtb{F&L?`@mOYDm z8e5qov2FW_TVUheEFY%YK`w=nLk+@sg^$;$3)C>fb6CEF+5CJgjkK z^~ya$CRC*^2{Z2b_*CMgs|`P)j0I0cFu6W_YrUn0Etl}%=y&x5T)g}lFoW`a#Vgs; z4UNLKNCU%)9i&+sJAV5f^?v8Zmgfq%zQvildtF9<{QCi?8!xvoO~Mu!DhYM`j3r~) zPT;L9WmcF&z9zSdXXov0tzgYvKI??LoT2TQagtM z0b=$*ZR)k10kNVbA0}=@=~t9A-I%P~<%fvnl3FuQa~G$Y>?jVmNWABiS0lc*GMo;5 z1Dx+A^Wwq%BcjRSUnkK^_wjuT(+CUnMJ*SoZ5hYIei-PJQbwFRh}k4m53pUe8*l&p zFUkC)bU5R`Sh(Q*=D%2+5Im~c3Kkv3)HW6(U#fC9zG+$VPZB9TO7+lkm~P&q-c^jI zSiV*`3)JVajbPkXGsL76+O#G|G$@JI3QZTM%a!TRPr*g=h9A8Yd?qs1$ovxcs29Tm zv1OLCQa!SaB0A4y^uILuXfoBpdno#>qkl z$4__J{dKuJ;_J9G7)9QjRm7JyMQU&$gI8AF6u z8ehLU1!}t#T@>u&H4kzc3Me1anJvb@BKNkzC30$gW@e5hLlp2rJ%zdTx-+l_ZJ87z z=`a{l)+KfWv3Z}&n9MBr;?~C#RM4lEtF~M|Ir)o~gqqgTc06q^Pd$A?RYr+d+P8JeIsPMT;AIMfU_sNYX)8 zanMSnw{cl+__GLN*B=K>JOz07pC08Byn;?=1o^)&h4d|yk35VO7VW;lQEUr&F|K=V zfpwgdENao{(ky2lB341iReOCURMX`nNSOzfp}??s4_&cBjVCch2#=+Ud+yGAYE}H8 za$rW23vy0TW5IUxUrfApN$H^Yah3{k-Gz0g-D4~Sfy&pLHWbW9q&n2A>KD#uD&)|} zx+Nvz*_O!fb3V}!u*_DWkfrh-HO73j^jUu88EWuoS1%;(0k?rt5GBmkeYDJvCt>2c zpvUjSn~>Y872=Oh?_@TunFGi&+FBeS`yOQ0nW5K-3+vYEOVLbfnaW3HH={~*x-=Rb z?Sf5*h;5R^H%C$xq7NJak4j|#?}@>j*bn!HmfVLFMY%U=)w5_@|N?>N7 z+&&-Pa=HtuS!gRq-fuhRkX8+~Z!zv0=a@K-5+@oE;Q~K!NGvf0WjfS*oKDGZvy)4n z>{YrO#g_;k+z>-LCbMsre1=;R?f0gM+=eulB(L#yxT zJWonwoW0+FBdf>b45(TK?$}t}?G!>L@hCVCNq!S0&1sdYvI6g7o(}|>f+yz^z&X6 zEIyn*1{RI%QH27CfwQt4={nk@T^rrYqdg7Y(s4WmREPl^Os#es0&EXQH+qevR2#ML zsTRKpG0Q366zf+wy3cr;uMEAGCqZFMPg)L-3F6xk9qsAOBo0p8lSDnoatj7=dY3W+~}%Z3(yb~PTxRGdRq5;Z449c}eR1bv@eU|rVx*##x8!Q*J~4TWa-n`761jQvZk!cE zkpKB3Bx*=o!kSX={%!Z|dJnz>hO-xw`Ga&!FUHysH`}YTV=d)Hq~;gn!j$eHVMIeI zFcQ&FH=*6zg(qGHzc7eYCh80i_;bJTCrV>p8)OFViQz!PC8Ccd$lQJ^t^~fuyYZuY)Qzu2@83e){$J8r6XBWy+$FAR4mY3a{E`xv*@>}M%WRNinLC@_NRzG7$ZZz97 zN>E%Rd+oL>S=6u7yo9%DigM;yn6rB;>RaP79Z8TSN3YFc*%*VbSm~JUvIU@?37D(t z7C8TMTWG-gDTk6fsVk~CM zY_O$piJrs<`D|w;kAD>qJnfmFw2xL`CDrtOf_Wr?d^a@Yxa^j#;_^apU7SCEn3I`* z*+tFcfz5dF*Cfm*S}P9w#&c>iLq%kK@O%?lkZ9!XHXaKoLD;d6qvDZsj`2%r61|H4 z719TVk)yjMi$%G%rsm^gMb@A|SV z^+W~8KTBZ#Sb0P84jw|E`6a*pyAAM2V}2U-ukmkeuEV@u^L4Ge*Y+Y(Lk6^uoz!~v>r%6>g|+(+ z+D+bzn=!P`*%t@E^g~~ro0$nzzlR$FUs#F`=IBX`V$OZ|jNv|U@`)S6M`LE&pX|K) zz|fo}6ZtoZ*ly7P%CMG6su_`P`;ay#67jR!j8~ZmQ!8}(>I5#)-Z`AchGd&O2Yt86 z=(U61Mh1oZ1XB8n4+uU=(6qZa<>yRSrTVUDyTR0qOqfgds>)d#fqzL7 z_E^Xf&vY}=Gv;WUDK*9#tz9*6*IL z`9^y>$mMy6nLwV!MOEF%VTMrvTj3%q3Mbb+L2+g>O;IfA4pF$_;cC6uJObc>$j_j# z2l&oE+H1>yGjwJTw>WCZY~qm4Q0wtUnYkZW#gfB!!n0c z>GgdqRfk!erJwR&Zy<`4PpMC`;L-1ZcFTx^)>Sq(0ioSyXYtMG)fPQPEpNU zZ|*nDO9qSKcb*MC&4Y6hh+5cTJlj`hjEUD4uL4CJrS$iOh%gIPKPHezK*hvF zMLzjI12=b5KLksD>c=DZ|Kz9zy)!rG7`Fw zMD(Ibcq^Z|*~~NKA7ngW>c0pm+tQGwpixYr`Hs09EMy72u@yFdhFd>Bf2+k$CWuij z>~ShB+ROb;KLuZHt0oTo)(X`XjAE6c0<~$jBD$0ynvU}ztzbq?C)D)3_Vc!eexhgV zt5J{}h$yAvgAI(2#qUWpvQssB!KnwdtCGV7J>yaAb{> zZ4A2?GB4=u2bBX+a7cQnJKk%YO}_Fe`7*&8ewzsUCVWws#m$h=XZ)iQvN(ySjads7roI zh?~+W>ejX3=|>PlnJh(u)#fAmI;`4?DgT9|;#C#>=_UVLqJe`L(vsz4YEwqyZU;e{ z_%G_SMiVuZBN?mB{QI`ExbcDhzMem|AIAN}G~zYGGOv7KlbZ0d1-j=MIn#R5`ShE8 zqT$|#1LB+0(fkDam*Nfug1dWhm;Gh$|95lF)j79Go|U!oth{T!bB^&F zi^1FlNj??^l>dsHQrI|7-~fcOd-Gc}Xm~qjz=F_@FPo>!>#GDqm-D^U8Xi9sY4dR;st z!{AKW&c1YYPLz?h9g!3o<Z|3wO=>Xay`gap<+Mb@_&` zp(TRb67QU3(2szE<_VUe{XJ@e;wD3tu-ozSs>!MB# z?OhNEL56p6NYMJzNsqkk{B*DtGsVrBl_zAVHh6haiZ>YRdAedBSaUp8D@Oy*dt3DT z^QO0Udj}N3Pr(5W^`??Onr05XK$UUca|DCrNq$Fw{|vngT;mf{nU@>HS=)W z3QzgWtHjM0Qo3lRvkERseta4%is?~=c;+j9DmVCaM?$Ye39W{5;vIG?aJCacF)5)4 zFOX$t7&_J-^G@r0cYgfP-@|KxdnZR_hhLG%N%)1I0HtvU*tE31Wu}7`Q4R8* z`$8<=ko_~Ofbb1=0*T49glA#Cw`Sy%+LUd}f(T z!{=0eEsP#CXMbu>)rU`+uPIz%eD`oer7WILxC82#fsA_=ZY6}`f^XZ86rw`0O2nZD z3k50>KScqeULBh^XVuXJ1C+8`UX+|G?*-!k@A%DPKoRq^V8OuLKtannP^ZS@L7vw; zYkvxsn2Q~S(*=JX{mne5+aHF9#1XtslO(7LO#Hj;{hKg79HI(_R5x30)cdOIPd3pw z`1OuJISqiy+$2=DYsvuD^5$__8SVF&w136JTA=I>lD5Iw>h-jU1 z2DbcdhD7}0ECQVfmJ|Bhhm~~Ec=;UkpHsGWnA7JKU5fc1Oeq_RzYZP6g<2sIQJpUo zFGq~JlNekkx(I|(zrpollj}R_BPF7rqwPN0nz~=VOa6Fo8nC9=C5N>tYFy?8ej|BG z!x}5|wSxKE{U0^^UmwL8kqCH51Qx-=@sL0F)AFzB@ZQ`Wk7JM{!0C8r;M&x+LH}^6 zL!}U2WPhkLD1fswH@XMh2fx1&$#r3@6}^h5lZeE^3Np5Sji@4lkAk8y4|5A$7hh&O z#&Hu~U^m}<oPE*{FZzw#2>4?ex&9C-NBsdeR19C92Crg8OCR~6C&(OR{twbBJ^4m? zl1JC8wVioQ?%r$afSUg>-X6ReX)|DNf3D%oPVZv zakN}?mgd`N@=rwWccLE*Py8w*==&4SQPV@_DQyWOiV4y+xsb_RavGZ;zBD+L63T`B z!vgb50iQxe$$lRM;UD$1GpPA;^`;21AFW}+xfY|s$!OKDKH@n5&yGl)2Mv095Bq~o^omktrrGnv2zafxcz@1)Xm zh(0kkdiISd-<9t&*`J|zI+*M@;V<=z4AVVCz78nJV{_xM4=GcnVv?p>b%S1+n%+uc zQ`?hk#1g+eZihSKP*f;GU6Y`ITL{c9Kauy_7?;{qSB%|uB4bh*Fb6fFzI(7?EQ@=_^|bj*eHZ(#=`Bwp`rH{rxtuuCh*BN|{msq)*UZkgLZfR%K5uAS-}+Omh|c1mN3%NbLZwA?CDOFkJSG)w$AuFFTI{|CQ_e zZ|LdY?Q*GsEtCNkd3eYHpIky0$~2DcH%_m;teuU9RIB7z&3f)=viZsIRwQUmANP47 zK3G^-NbkvNx3dAr{wYVg){VGf(|=d5bof?2nEz-+G?$>@zLp9W)5n8o3s$tg5LT4dD8rs8afuCK|Q z{(frnkX)+vx1}@NA4$vFOvoRC4n%%7>rEUgWcnIbb6bE|VXq+up zK+9;=Ih;dHP+KW>iK~GSge}sY_PQ%QoajWTTVB#q5aQ4Vj<_{k6Vx}0&R@WIiDi*P%=r3i_YBHhaya+_ffWIb%np(S939z0QBMS@>M>5o&K?- z{cMRA>l;)I42?gDjM>j{voezeLm;eL2&1j75^ zCqu3V^;dK>)~k5vA#+#FF(0ToEQWt8zzy@*E0W{R3MYnQ(>I%+sIw`P@J2<_P*97M<61}FN0lD0)*!5>r_zpc zf81HJ0ZtwI>KzR_BqaJ07_VvNJc-&JWJ8tMH2K0L>giy28lfBE$9zg#eBmn#inzf5 z-W=J5sfkvE)~^0$k}+T4gl*}O3C5tfQNzmOZ8p3}u*z8-ec~{u(yz*}#}oI6+d}(S ziP@W?dxw#)pvOI1LQPp*b&s=)d0TdpDqj|=1g_SGGn6!!@ff&c4XR{-@Jo!mU`{FR zXR&?O_hyy}45aFl{~*x=!CIL45+=gbvQ{1}>6yJ>6ZY+dinHT~Idf$|m&YkyOdAXq zC?l@zJfHzIvn>$!W5*2kFFfTO{e`n-{0%$z!0}!e^J!<%iSqQ(wAE$$xCX6KIB!sR zQ>=}|Mkhpxq1q+<7&&sQ1i|gkF#3Skk8F*P(977AYQIO3VPU5VK?GM!on0$#KCNll zYxe5!};XJQWdRXY!Lx#J_@f6J;h zJ3epfX;XVACpc^BVist zstk9~y#*L@zl$j&;3Ui**=YoV*C@9gD%;V_d9!3jJYeNCmmYFtmTxVrG)@)IzKz?V zSgy;&_|oC~I=aq_@7qa&139^yE@0)TsbRsw%kGZlVn1I&-Z{?S&E{IY@I5F%^TeTb`4V0x$kZ(xNtu@Y#7ZcD&2GqjzSv|UroFvJzlX35 zG8$g&GBq9fRAY9M+Fhu4$}?c zSy*AJ8hZe)*~IE8=JWtXYZpNa?1m#1cxNbpADF~%P4ZMO_XiKMCx_Z5w>4>GjLW4FukA`W)qb+irLW@f4yKcK$d-QN2lWM)44Q%ii;2H-jkZI5U!+bjrLw^H@_H54@niJJy_s35<7 zPcHjZt=rQ1rhWu#scMxjZ`$_qJ=M4(yKcr-37-7yknB>)FALW?I}b%c`j%FGL=hG5 z%*p>0Bd<%CrTB9-zc?mCQ%`I!{PI0fA_(>=xwqn6CGaBe?DV78Zmy=2U=$Bs5o81= zQle88ljfJ0qyO}vovI<28C8M|Qe~grx3!M{k&wgO-u6E0n&}@TDBpkCH6dFb8vFK- zy`6~RE5W}w&o+gZ@|Sb2hl>B#YkfN&)RHss`MIT`m-0uiFEhr@%nubO+yBN5wjtsM z8~=?Pya*`oSXH^!`Tz479S?TD0K5O1DbKC{?Ohs++^VuuVQ!ER2jTC;J~|Q$HP2X7 zof4+{H}g?i!+!>X%Yj8Amrv0rXtM=G1VK## zU9J^X(CO?cUclf{ESIH7!qgr0gE5h82Ghj;6pb+~BrD$ce-Ldk7;5s$P$x`*W(8|{ zIE6R4!h8xIXuy$~lP#IW*9mqzyZ@ta6jTbuak@Sz6iyNLR@F98>Lk559-do-#y~rP zjmzSfh5Y>|W<2des!lO>?rS2>-U0%9xjQbMkg^G1l!lvp6*o@pcEs%HQS*b@D3{Nl zgf8L5=*l%Fy9{q=0@>Rv$rwTUbosc8?xbbK)e%;lpL_vmMz)eABdQB@wdqQbhnVi?&qV`s&LsSJr4yqp2$JrH>DUf=w}YyOI@SKIecWwS-NObAYv}# zuyX7@wVQoPS#AmCM}M5{3VCpz%H)h{E?p5v&gj)hM&F-3US7)qr&*@nLF{~@lRbCr z+>Js%{YGij*wcYEG#)qqSLB45h#%s-A=cFIZfYQ{_%`VmW_2!ek;|>&6nv*G$Y!wS z%^V#1LfjtGf-Da4(OJk9H4Cq4CShte7h8+$7?Zo?b&>MPJk_HZ)P6^VwVJc8x6h9S zhWO8tm33yLYf9Zv*~<4vnR|mw$DL)sPEyrUAncNHC`)Ar=~?l%f&Sl_ZWa<)nf7nA z13P_vQ^(d&l+ctIOuzi9G6An8JBGx$0o=|3cOZgluU9dLQ_hNJN zR8@OMEdUVCL4l=>Oe}Q@!-JOZ%&z=*Q9Ni!+<6=!eW2I+e^m3dZ)++ifbC&EtVUXl z-V|0fyN7Jyxw!IUYBIkd9LY%SXgu?-fEyy#%J%P-dc;2t0x&IEisaf$GjZl9RQ*rm zj@$qHy#k5i)W9(&eTePVn|2g-U#TY{VBW?-#%Ia?4cC#>m-@X3!nBu3tt#y}5h2sw z9!|4{cAHiHNCB{lU+W(0j07)MhU7`gEvkl@mKNH={5+;?D*BkqTR_U{_tHB{CIWs| zb3~+k893*?o*@yD{SxF6dGoh$yK%80o4TI4RgB7ed*bVoaZT0I{<*axb^~4gIZh3g z;@A%~;hHR;S;iSdWqVBBoGH8rY#86HVa&m#1mQhNAB{7IXG$|B8~7iWM>@geuCXj# z1MhJ{p2}^;F-%Ea#$as+62vAWiM83`$H8Wq13m@DT)<(uJlt3Vk>*yxe%<^ycBj3v zG7B{M-Y%sWR5F9U{*{gs2?|~pP-}FFxq)Iqyk$gJb;L!9+4)DAn{db|m~xCApW)|G z=HfN)t|vGdQnm8wy2PJBj)KzF9Col}7K!g-%`xJP0@OE88t`Csdb^t^O{yJ_a#^-Q z!KAx7T0Zx_W3HfhXAnE0V-|Kg4NBq&Z{Wdkj zR3C%C?^lT)3KdqLfdy7@dJ;WZq;XW*h>Yhb0SG+u<^ zOS4zJL(&$JjGGys!IoE-PBR3F5>?hpv8HtI&q2#{+Z4_C6A-se7*eljk#Sfm_s%K| z+fha2`Xd9BJ~rCc5sQ zv4x9qvtqJ?x?du%iNXZIg{!<)yLOxP318FAy>P1RR4QZCIWM7$(FUF#Ya-2vSQo~v z@8oa$qemFji^aJB#@?=3ij${wY_42Z`S#NDfw#@6{tX2J1T0%P5!Uw3O4unwzGd|B zhO&;G8+;_oQ@4bt6yGE2;+MU<{5yErfoi#P}I45mcTN6xMd*vSIjBW1HQMsfL0 zc20n4h>l917z+M341t0IM|o*=hnYda8d!xcaZCowR_s=L1kF@^WQ;4NZe!lyjaat{ zL!=0{1t9yNzd#MWuOMXgiz!t3g^hN?xhJhTaq9GVYD4 zpjUTulMlK(1mNUWo*>63ftzC862kh#0tbv5<1fJ3Lv#3>w?(qD=K|z36jOAtQBeG9 z7(FnXw>CUF4Q%!X;NvrWAb8f_Z7{PP#pnpxf!Xn1+Wk4l|2j-x8|}+sH`RyTrcC4s zg*7&p8jgW2P@j%~=XR(i8nsnS>y~~8OtcZ(G`Io0fVI1~<9Kx>nb{bJX|p9tZ}VOW zvkfpLSbUCMg_U^0)CLpE$YrSCc|T|p3_3)vCuv|^rYFF?7OzDn?M<*~MSkI4XWkjD zbzCjlGT}9nhGU_a!`fJlgk=G^6$2A<|ArpOk?V6$*hK&&H3Q9Vfiw$(F6cD+phk<1 zYX;`$HYKv#&+lCp$J+U8T%{0L8>5oQ&tJ!zlT$-Wfb zlT(i5=6g0G!K-s&%m>B2`rD0@xtwe2COh$s?$@}4F7u19Pqvo$AP{RW0lz5ttj*Kh zBEH6!Zb;WRra}WTK8lEE;z{!o^5t;eF?bJCYjebsNd}pf1q^C_ve_eO862HOUs@VZ zh!g7$0`cEPtmW2NmykCfL5obFcbbhp!_f(&%nfCL7BPfLMX1+~Z29d0s z@2LmR9xNFDE&fG9_adzQ3%vu6mB#ylZ{(u8oMEYiyXc1sDhB}iFkg#}yKU?KQK3(N zz6H|8F$I-NQM*f~*;~kmpa0&#nE6xI$rZyq>qdA-)5c$FU}qkS^nrI~N`8DhXEfKS&KVETypU+HNgNy=P@ zG}uu!OFY1ZHIO18hvK|M6k{*XDe6&1Wf@Hdhf4U&`v)gQnUf>E_$7P04;=AR41yWpNVryxATBJWOBaZ#KJ9x5otG z$3w4)sQFoY@@Vqig-vL1$KiAY($OB||0=>3*t_TZ>|fllYd_BG8eBbNTr|$of}FYj z5H7_x2wayqOnxJUe)em{h&X>e)iHvW)h>N#`mnm0j>I9Qs~ZzuvXM;2si;?pR1_Ciyn9X%<$FN;JuG~8mH?;y(26ZQ z%)0Yes<~W-OFVbS-WACdM$F@0chjfz(Wa=Fo3*Qa4_J{w*!W7scueA2^40B$oNAvn z1FbC*hx#r32H*=m6lP{5uv9Mk^(RX!p$SWBB7t}v>);!rWjVL5WP@rV;~n{(e8s*= z!`~e0Oc@?x{q zoyTFSLJ5#sW+ayAwejmS&l0ryMz-+fvs3Q}4mvSyg`g4N<_DcA{Js@@c@mgwqPFA! z$(saK?@aZf(J2OOmk+TXRBuJUTtVn$jjR!BBRu`Mo=b>nmKzvpr!i+G!-@J~BJ?4* z$LSma>3M@%4Uj#_WEVd@FqTt76=R7e(lH8qw*gEq>RaLMpHtgqL*!!7e*BR5)PCev ztnI~^EZ7(Qj{A~0SCo?QA0+PM?OyXj8Onn8>}ud35jLgVi1S%S1kt?EnjJx%Yqe6D zx)`eRK>(Ys&XkDf+~LC43w>%QaQWm2{is=B1SKB6EH$ya|M7-TK`~!NROyG0z*W97 zxTI*aq4v$+sw*q*61;uEXzs^V4+z7B?x3ss?2)~u-R`h1$_WtiF&zU5fks4@kf_HzD&4k*h;sU*I{jQTjb-rl?>(n}z51)OL=QB+>jZNea<$tbyuYRX zT69$0JnL;wDra$+f5s<=FPYLYFZFDohj!)+BBldI29R|dyM( z!|+EE^I{WS_ooV#!~|P7RlA);F&Pdoq&IH)cK>s;r=Ib2n6ZqUh)ZiZK_0ND%}y?} z0%{K2qO)qlnZ4=!koWsXKgTqC*%TjRTB&h-by<=q3ee~6rGDpAD<9_fjlr~&X~;L! zm=bW|qBymlwX;~qoy|!-F;p(C%WL&hs6P1EX*uUPge{6 zUAG&{=H(EBuIDn2eb_|^8L0rDo?VubT9)Gq|JtcbC z70&*v1Ua^P`$+}2;=s3gm$1-@}nPmm^P;24k z>;sELTk_PFzD6R{>A{-=S6zkDf3Lcu@k1d+&ASrib*UhJib{w=&>h5Ggh{8EpGwgvUtsrGDRS%KTkx^lLuWkpd6RzdwWQFrkV_``k3MdFvI?T)ttA zW_5w_s)hH9bqP@d>3NwXy}HJ~RdGw$eeY6=@AMb~0e>r|ci0;Ij&fiqY4NQr7Zq~Iu6x;KP4Ds%PHRqBZ^QzbXIYUo ze6-J-;Q9SeC^;5in-5Q@PV_%W!Hbc7r3uIa{C3T`=TL1bj9e>lA$`#p22h8)T8i1! zfCMgY{v@QH3m+!-#%|HUrAO%ZfK22@!q?CO!5roHhYQX+DblVl^!`0a;5(VW#&%r2 zzG=Fd*Hl?7*97_gcuQ*QN(|qRqJY;q)t|*-p(;~hn1tm2AbsAK;mns&TL(rB_N84j zHK`pkXkOr`o1m?5cc%W|M^W%0Wq$E?g8S1!zQMhR5GF2u-JPR%(0;$A*TMkayu&~~ ze20GKeXy|*Dfqc!qc;f@Eh6SI&oy^VQI_Ff!&>%mW3y4?8ivemxO54{Mpt(OYz}QU@tGwpXZ6F%$(V zBsd!-Kjcv7OHQE4h6(Ix@a`I6+f>`@-M3)=Ig29N09eko*{i%<2gKM@qo+n-SuD7j zf*XqWoWt50*#vagBOk;u#0Dz2E60c%6W3$3$lCci`Z+h4bctYgx4&eYRF@c zl!Wk@I3@_dDilo;f5vqra8w zDH5BYE*tH>muxHjY^Uq)l6L2XRoafQDODl=MKsdk@koN&i9LT65P);rT)znta-#bR znj>#VEF-}TFV26E;{4akGS)QQ!mEF@oIHQ|G-F5P1Oj@p_{TPEGqc2oauarAx0 zGFL?m8CMWFdq9Y-S<)f`?JAs`iqvNxUgMjb7mX;pLzUVBGPgNbYg7LO90w{a`JBLTc>kpKMbWb@B5LS9`9zuCSgpQLZQeyMlkZ_7QxjIk z<1=M#CLpjXlFtwQ2hBGzO>%KYtw{@%&TlsRn<~Q2I>GYs;&k<8K}P!3!z+P>q1p++ zjYNY0uw4fo<+SPoUQA4k{0TumQ}jTnp}iE5ZP!m`j`7>&yCmt)>`atd!US^%Q>$R% zzT%CsQj&zart6wg`u=5xfoj83^&WO<*&W#Ne0Ev=<=2TfzOxgEX_k6PPh-z;F42Tv zo3m=+x3gJ>URUG(f|R+gAYjS*!KicT7hTuRn48l2=s`=X=Duo+GaAvJVz{Jb6niQO zR0Ehs7e+2nO6+1lW0AgA09K!!<(Lv*N6a9| z09-p7;k^CKzfRux+^u%!xE3)Z;O+blHwX5M1xni4+cu%BLrenHGIrnBWoS*rbXHd~ zs_z1_{E2ACX;aV191FG-ufro3!bLq%a2S0)Wn<9Izr49kAqoMx_2q z857IG_la#YUmy-JpN&Y$rT(}yLTI44{6p%w0?qo1_ILp6G{4GqFRo*`LTj`I+eO(1 z;{a}p?;&IO-*eDg>Acvj2*xLmrHeAf=tEPHSw8l$j5d=M=L7EurZ09v@{P}I;fDR& z{tsX?y21HNfoC=^L{mYIJFx*u8b-1%TMU;FjRLm=K zm?etiBmk3TbF{cuGlqVHNFgaxeSjzlwJ*K))gu<1$96X<^b$j#4@wF#xA4z(JQ{QA zReY<`#2a1NpiGD{sqT19EejFnR@YGV`MY-cOqzuyuN!yQT2 z*W9VqEicLv!zzm5airOP}l z$z|!kai6q2D|P3c-s}D?B1$^+Ws5d-;0PEQ&l?t4Z`G~2s19TJIrrwp8F&7Fk%od} zrP)T$gAJW~2I81fux4MsLnj6+sUG)NFTDO_^1OFW6gQnkN4kAVQ5+3NBgTZVyDTSa z%GEX2$r=rlF~1g<$@G~sn;&S}kE;br25+54SEfK~Q$>%;B*r?w^i>~XUkkVn=lzR@ z8&7C3kVAvaD9KI$66nedv>yYfnsgKIuBe}5$oIQvKFSsu40My;AP^?uGPE|~T<)++ zR!h&_=JeRfq%B~&7JxB{ajA5`dm6NnkZgNWn;l~-Y0KLG@ls!7AFQ7tKH=Qrd!!CH z60FJD^o;y*u#tfA_;pwe)@~nsJ_?|J8NHv)J){LkB$?sI&gLN|=)uq$ge5gf6;z+_ z<&+o|09tAH!KFQz?E``bxy>t1%xZ z@)?A_iv&FS-n=)JAoOJuD)&x~Q1$PYFwT>d^8N-q=j?njQF`T*;HAcFeTMp6l;RwM z^@@M~Lct#($+g3-igvV^2`e9nCg<)x>2ARONPVZ_F0(E@a%r8wNOSF_HD#vrrva1+kTq0 zpT@6Rl3D)MP0_anY{(S+v^K6qgB(IZD%yjl=M zRw|Y5(iJGe_mw)L3R6xV_y9U&T^0vd$yg-f`%1$v1V?Bv_rjDD>p40!c+CvNCDfNegICUSUhRh?Qw6-=a11Rc*=zhMXMd?lwsmkWqQc5wM z|EryLiCBYX)ktr7$zX#A-u*pn_ZlB?GO@f>g=A$PJBTWnBnbV=R)Wx-QqHOrAxGlj z?dIQ|?3brQ+gnPC(Dx1;e1#2-*#y8??>9pF6U>LZs+<*bY2KYE&x#Di@cJ|S(Ql%C zUZdEY-;$r)7Q3uWV#{eP8gOi+ieh{Bn!1B1D9e0Z#CCOnqzq|zw1Jp(UcF69xC7c{&c`E z3fQgdBk%tj>{5q5f-Hw6fR(cA;2-$s1N{ZNLLXXRHS{OCgpo4$6qU;<;Kx9BPW{~n zqh~LOBMV3_UNwoo{eEC)vrRQi_kteiX8F3PPZ*G2Y1zd#yAoXJ^xM6rQcZ#8oi6da zHi&Ku&o4T*Y;wOol8yE-4X0#McXhIz*d;7@A_-gE_tf_LIl7NNn7`RbE?}gsp6(y$W?_^$kBxu@8|wxlh{A z3wFuzSPU5ecA2}ZifM&IE0A5KdCgv$mTpz8q>-)|G+lWBpPxPfqgc7s5Gs^%m72T~ zOwBc)*pqLYJaVU0al`)|Fn0{V^7#!BWdYh}oQ8@er!Lw|JYNpA3Z=SCV;YLIa~^zM zYGVqklylaoWyIh56DgWj3pdKc+-=}X23?T@RCbz)uQVIuA;CpNN$mMA&o+`^zR2wj%f@vPJ-%Ov8%kXC=%tz+xTML3dX4_-5^rzT;YXIw)+7_qKA9 zvXeyw5nDsdH-1ol4$B^5-UA99U!Y3AU2z=shNCm3pIZ~?COKu>>y;>GZ5F8pWP00N z{S@ap6s>3Wo?W`1ZO|V*j-c8Ktkh5TKl~#%K}goGhl#^-&^f`;Q|IkZ@#_7joNc;d05P{Z%RKOz>S#8Lu^we89~&T+=wv3%7TgY4nXSJ z67CUj<&#BkE^E+JcNUw7(mB8A>sH_k+6&`Gbk%1SMFC+u=djyS;MnXA5Ep-R($qD zmXe(UxkXmrP?YQS>KfQa+mk7dV7?)D`4`uko}E9f>$T5qg%T}Ky$IUiY0T-C{MiA_ zRlFPdYv&AjV6h|WlffOz3HO0-bF~x@k%@>^0cPN+l9D#==$96SJDlMHvU(Dw%FKY8iCq_&=e)MOsF*fQKr)2v=)H2@ z(_vVx8kM`Qa#88D#`)+Bz-+2Ko?o52t}Kj;mFVe(zy+IhSSH%jt}GqNzq8Fg{dl)rSoRKMQAM%4voLX_5cmj%_9A! zI*4He^DM-#71cJ=i{*HHfI77ZnTCF431W7@| z)tGswjdn!WXJjLowR#C$hcNigpWWk`O-&n3*Fn6Bi5YA0g|zC+n>*v!C9MPn>Q?_B zL$Xax*UwS^JzQ&s%9}LTJ_NY8*(Q+UwSKSdgjh+9f?7+jQS7GejJ0}IA{FDI41l>Q zkn-^X8D~0R)8(vU{~7`~J2~s$%3a2NJCu;T_H+A#J#a)F1ZCiwsSte^*KX$agwxt= zlqe+5;*5x!;QdAv5JqUs<2V*mp+NUuzwReb(;}R!==IUb+Gj+A6vpbJtALJk0#m5S z5ar~=*S=X^d(iZy5(Q-oCWj?g*OLte4mNhG|` ze*E0l=gSg)u1(;X?k*yHb#ZK!!O3-#oyz97n8VW59IS*hQ8ak3i63~~CQ|tHfD4u) z%1vhW=AuNSJh+=1&2$CMlq3+9jU`7{eZo0>%b7KLQG%CsVtSx{Xcav;LaSu}@rzM` zIDY=alP{GsC)x>qqH-zjJoBOITu1Dhycx3C^^Nz-7C}1^!HR>Ov76ipG1NP6>Jfu6Y`Y2WgdNVFg5s`vWP>c$#wL=4W1U30&@W$w_DS__TtN zDSg~!8#!OkI?2Wh5uSjE;)I5PP}QxWAig8D7o#zXxSNn|XP>2e&5t9vOyS{Y|l;Mxu#(R zC8)vREi<8L7gKf-QfU&Ed6e&&s&M7b=%%6pPdbJ)H!6%|SdNV*LpQ&B9NmaC-Y%#dH zv{;-e1M%M(&#q$ckobMWRBYop#ui_|hJ>cX)$=Z#swv5gbb7XMNI{af?OXYa=yg#B zj?hEDrA^(%bs=0DTEIRWEW>Hm5ib>9m|)4|T9>Y;NF*QSqgAN zu_htGFo#tj>62XhpmzmnNmx2JSSSya$BDkEQ-WGCTTjlY^E) zZ)KF+M#YPdOdB84vF-16Ua8t$3+TlDUVd)Ndp;7=6p4dK)oevAGl%P5(WS@65| zo-u=0M5S#OK|IcAa`@hqY(SA2a}^KXi3>FtY{WWHwNtJYStp?Z3fz`nbyB2+uh2v` zqi7r~=}~_awK&&ae^BQ&mc!69-$;?uNw-&U)Rfq${;?UiCQqtI!~PTiGwPfwo?)tG z-#vXx3sWvD3rVZ`EqE+Tao@k4clFsmkR5-5OhEN^=Uy}Xj}(LQ!nd(w+#-?Dgc`Sv zw3CrIuwZH6gP9IVI1+=PfPuf`S-4G#2NH3;5tW5!Z}ES-YY zOd@|gPySI?{y}1tT9oq9TH~92k{qg%&vxSrj15Nw^YXnOa3BMrf0KN|0P4;WCj_>) zk}8>oyS#MX!lY|$H^6EikOMET%7d{#tX-GSGj*>?lHNN`X;MBi9w+a$SP)@GVQa{oR7fMfep9@xm3MN8|p?QS+(IrFO4s zwxpTMMrMYPHl7yMgvlN9G+vf~RcIGHO5G+`hZQ<2Xde9g=Kh6m&*M8D@{m@NA^Jew zb5(?EO#{y23RpiE8(?t12^DV-4ni`7lK8L2YNEEMxsE}SK!X-xXoP2{bq`FU;YC-J>(cy!CWh->w$XzMGtulRH(f% zuL#aly!o`^S1QvNyw=O#9sP!c*`BV!h-e%rfZ_0esCvt&wzjv6mzDx8?(PIB?i4TX zZXr-8+7hg|dvSt01zOyK2P*-J7cCHidx7Fo+|JE8|96ag@26yBj}h6~Ywh){=QroP z5jmAC{h*<`*BPd$2%c}bsTg#9y* z^SYBD1}3a7pD;`z%@x{EMFI&8jM|#WpC9zKpQxJSQt)l;lM>p&*`43jS4}Wg>L#J9 zHVTMcw+eBIYHrX}@0>D+UFiojr>KR*Nw#%+`eG*xqiwP|c1L0#Gh7TGdUkfYvL7KO-C#E4a(vz-HvZm%aK*{}DJ#xRfyOd~6ESi`(SQNgP>yl^XRxe1)+?*=?+v?SAJuW+5}M`II7uLi&cetVt(Slo!YL?Cro!U# z5@DcH6;OYqNWW;e>>`H9_)qzVVFploLrnJfefr=2)7I7_a;e{f9sRDvIHl9iDF*Ki zPS1Xu=dn0qo5$6=r8ee;bBajgJOf4Rl9Q$vEnlwn*7^P&lA$-hx+*PvQ=E`0h#DvT z6J(mFKMNfZ4J`tv!Bg4u*opxe*00hhnsf)^c@`D>q!W%$6g@LYnvTLmoI$!utH8**&+kA6EYY%uo*HF2c># zsGY8a-FuSBy-EL6vdkA&l5d1mKJ`2qkr$a78_BoYn&AW(rP`)5kahnp5#JaS?}UFm zW6{Dj~qa<7ke} z`b^x?EyZP9+!*$}?I=Ok*FxFKgs;PiUvVrV{6zjZ+T;TuJHw%PJu+V0ZeoIqq)Sy! zuJ_$RI#ER!VH) z>-GH2dV+~@2Z+HUe;9QCj zS-f>e8=LX*plY+v^-8h>0wao}Su-}e;D~L)R~`@)SXz??_!qsbeBa7FV zP+28Vd+LnreQrWDZwmOhmKaG&^GyT_A-8r|(oa!k;~5VC^_IlCSRvT4pZehUb=rGZ zHW{)bqGY6vK60z2VP0z75YAQ(X|am5gh~MGE$CtH{Hut^-cF42TXO=Upl7Z5Z}mS~ zbL!A=oZGMUfsunE9AC6_h;Y!YQ6BN7p5jC0M75Uj)b@#<8RluDK~;Fx6D@b0se=da z`5w6TWI|e`3OcWgYfJ~m@O%$l@X2qzRS09*ypz92wGFOF1bd#_lhYX*r@8F0+#x!0 z@HUeU)6SOcNOPlIkKS(H`$UI58Bsi2X%|1IqmH(vgr21fTvgbvQ)L*1(S%4m{hnX* z+^z&F{eVE@47;<=4yQ(BHna17t^R{H0n;Pjb`5u;S05DK*5F+Nts`&GP-ubzleh;V;Ed=43tGARE(`gNr7wE zdcI4n11e8bmMH(^Jt%G}*qEhk0TB^=c?FeA{K%3%VJ1#|t)o@NqZ?R6xxDp6<5^de zOJ#x{Z>=76+6DvA`tE$u%9<^WgdUj))YBuj3}gyC`kH~?HqkfW)oRR>xO!h{jW*tm z23GKqJSL3J^rwMm7wzOeqq9t}8)w+KFz@|(ZM6m8+lli`v2#aKv|U4`4g^`eyf!;_Co5KRZ2tHI zE)G#1`f6pcvo58riRYY;Qg|8Rmut{#tbFuC{hh|Sgvd8jGi%Djh8SXP=T(9N=~ z=5d#|^J~bw91610?8S=%(uA;q+*R4HXlHd-vip^uBd2G~6juImZ;ft>{#3iGUcp{j z`3w_mTleRIKleU2?VyvZeJyR#_@-31 z%2CKw9Li6i=s)1PG*0ZhKs{v~UX}Qp zl#ZVPq%uZ7)Uw$#KwY>Qn;)Xz)hVeqFnqf@{|Bw+DN$Wj#=60wgk`w(kFZrD55n&$ z>4j#mBxtqpA$EP(`0-YnMo?v8ZuOpNVG(`ZkdcoL z3!w;Y%DwJhsgPM?5#Ex~zPIv6gx=k|x+7;_EVU^MC>N4ehe{O$a_rTf4TM{VNEp%q z=Z!lkJh&6h88)=O6Zdm-BV8XgL{Fmr1n3nGe&o7lt$ zPw(f2MDP{X?^v$s@57ugd3#*=eBdXyhOy$EIWB>Z4z@Xhav?ZN$gZS}9W6zDjrYF3 zH}T+cF4-@xxBp$h9xZWVqNrAJn_d#OL#RQ?&NbjB0pwS8ye*%NfgCv#KgVb zZoY_9>zCe`&YP8&I$l!y&VAfs;kXkS7$z%2JWpxuqXM{4O7rr$O59263))N6czo<7 z7Co;kc`+Ojz7=iP!p;S1w%kd(iJN8$P@dwF_=N7pH|Ib7zztTMZZT#3xn>3W;(w-9 zZIHC}_$1p%_McEXO0U7d(OHYqo#=btM4L`UO4`VygMz@Dcmg@SzlGJuAyGNSIqBU2 z$hJuqDp|7YnzEGq4)b50qIP1K`5vM{^L|L4%H()6=qJTvVkGQA@>P_v#wF|nS5vD- znqHF*lfX6Jo&K4<{ZM(S=_N5g^H6ZJ^-U~4GqOAK18xFj#zymOY{U|NpzJ1jhCfh; zjL>2cr?+o{#I2}ro0jHsf!fw!MYbIV_bCXGUWd8)XsJk+WApqD2<;d zk%!+}d;B1gKrE1P~to9J!i?BJ#t@%7049Mx|d_RX%#^l70&Ar0Kr@5=CJ z(y!M|MFc-sU5>9j4}Z|ir12{Lkum+~h0ah=!E#Nqrl!unIg-YlXHBqYN7fzNe4eo@ZBp~{i?)Jj*4j_M$Wk%x)e(| z^;TA4hT9Ef0Dj(eT@JB*-{>=x&utfLc$~yZtIT6%6~alZxJ~IBN5EY(1{d2i&h>Ho zt)==R^`-gRbMTvQsj5@fFMA(9)(Aj1`pn&YQB33g32um{-8!t_FNzZY+Vdi-Tc800yP(n>ylbKaMj>#x82 zmG63>$n5o3tjrc2u)~lcpnd4?zLo>Us^<9zZN|VH{c`fbQD4XHr;ZI|=r5E%^)-Nj zAb>sJK`u@yVb^Q*QmWXqeZy|<=>*jF>br6l*0SLJqE^>f9Uu*NLX}>BIO2f8>yN%kK9I(2jB>uoaPj) z?gz2Dc!U~jTbp%+2aKK`Xz7TGysW5dl8-=Bx@Maz*<3$l32;y9byOA!Cy13OZF#ds zU}iG?rT9J1-sD2@%iULlyQfQVOQNVU#Sfg}tnKw@BGoss43zxGkR{G;q9=y1A$U7< z`)^(G#>{t&R5dZTj*D`HgM~uxd)haD&uXaEa*Y$-)RR-tOGlejq`rNT{qHx?s4znO zBn;Hk^Mh!zr7A&~NboIO!86T*{NYB{8hCT`urrW-8sUv#Hz*Y!Fv+o3KiGU&%tu9`TBRCKE4VBJKoywPla=~hL=ASwLVlozN zR7%3lZqSz%AKBRgZ-JxA@vYi_&{7UJ&dNq1KmJH8K^+FmOv$xWe25z3m;65U2(kkF@w;?HbTJPWlL3fw%xfpTuiO$6$*A)V4m%xsm|Dh2u+169%r5QUvrBLX7@ zk7;0bpXZ`_c4zRtB(f*E_av*!NE!M|%x@rr^32U8+n1H(WM1!;muzP0t#eDQbL>a> z;nfBrJEkUtrp_%-WKwklg4{0q-scA=29rUGv6L^4e88VAREtwglZgD1`9Ky#2++fV zS*aqEDSEa|tA=NJJe>}i0r%3-O%OP(2RPSW^@;o!a2|M{=4 zWcP)O+~52SJYcsT3)E6)`2>mTkH49t_an>ZW#pVUJh!_lq0bksrOSe#vNsa1|5gA- z4`Zbzj?8@lM%Ha#GB;D-u)V9x)L5;gT6+x;v&N{#OetadK92kkSW9u^HXV&>)tK^S z#Wt0PAs?k2H^^!PVD~)w%98~Fmea_J&#Bb_=_THs!e}Yqrp#4Y*@<%f`{4z2m%WPI z*XgA3(H$0-xT&h8#obD<6P3dKoW4d-VMK!57ROu5H9e{_T$bZVGvilMzRUS23n!@R zloloa0w*ib-)9@{%v$iiFS&v<8bPolZyHGlvB>1dcf0C#fUd zu|<1_;-u)nE0m`pwYk5#1SxTfBm?=~>7|ufG|s_zUIh zdu!-0Utr&5QXZj!qYQXIVOlrS`#F2d*60?;JCIlQ$fJ83>@56eoXTks&l=B>0I$s) z$9meuFB&5E(wlzUT(#+QiOds+_RBs%--!4WUX*CGsT@(D3QDV7Crr8oupP zJZ948P~<6p+u+@PxOp1#@KwtRE@6lnBq{l0nduP!dNo(tT#NO$U^vuy5`+*=E+D;G zF{)AO0RCDB#9?hYrkUHtrW%U{J0^|P8B7RI4&+l=oICMKiGE{N5~Cz|)K)m=L7ifT zW;?NSl!6k9yV3bUo6!q((*<)dC6wq{EYPHCx%q0Q(b#%y@6G2Hmw9KiVI7G3n>knc z3UpJ@JwWwQT_RDPd^Oq_i`Odrm_w_n@1%5MUht=!Bn!*Xzb2U!>prje8T)xSF6Tqb zYWnm~+)i(rMQt-wxS8Bo!e>fJ2LES`^yg9pF=y~j%j>^~ z0Es!!!8=E&S1k4W%NIBd}I7n$HjsC=v?W$%)Tb(sM*v?=Gtn1 z#@B5J##T1QbdLGXrlg`Zy)-7wX~sr?*_ehynDt74Q_+c_Kft2?IcQSb@DUMdPb(@40lqK5SFf2K0Z zRdyG{adOsMIz#+}wnI_+x5pxs{Nazp)~BnEc!S2!{sNnAd3K^T28^}c1vdj*RdUj* zrK-{)C?>67&jmVIFZ{UJ-**K6=o}>xkmmZrJ9J{0*tU3YH=TpvGUao{L9ihYU@ns6 zVnoYz8*96Ar^ZfDxa2y4tPZwbXcK;cp`YB&S&f?o+@T1VwVL3>(q@VA=XC@FC8JI|pMn4N?C$Qldsric9v zjR8{+(7EL?W(eP<-Cz)7roxpoJ>979s|a1g8XSVL!THx08{rOtf(`n#yNuX5I+px5 z-_vHcT#7M@nuR)0q6wNE$pO8}Y`Xb|5!$3UYo(S^`3IgA$KUGMA^dcF##U}%BY~>0 zZIipsu=}Fo-&%8{r5ycck^TgI#!j6MB^#CEGZ^HgqFAd9EeqJ0!^N132w!>Wtf2Oa z0%|AZo)(i5J7>-*+R=10pX!OL1YWNeoQu|Ewdnm<%aKfaO2)c?!J^;BKcR5dazgj* zVP{1`EEuDVr%E0uaecEFDU!6hcZ+g`yjX1yAtUa>0(T$c{Z|QRDS$UEbK7z}{ATlO zC3y;uYm8c|xqy1_mkPccEw46Oz~V&)tj)kZqO*36dYmi%NKF?1EN?gm#dEm@_YRBe!Cp!rqSF8@@3CzA!lIbVPk$})VpI?f!QzC4$oTqA{-}2GUw{_#aKLK zULG77IVoplLZ?J%X6@ogxMY+8eQWvN)s()hwrsE#4`Q0QIvZu)j2VF4`v8l)IxrPz zKcsL;?|nRmC0cg0gAm5|B>rz`EF!kYq#U!6+;e1+w~n|ir4+{(MXqxmFx$c1rkKt$ zNKydQjcMP-y3?C+U|@4lkAyX>7O09mccFSVD0=IMgworl0@t0===Uz9zbuAB z0)WaO*mFN}K#oLEwb$Gu<6^j*KKP(Q;5+DB4q~rqjBw2&1zZ}w$!=#iwbjffT;;9 zqyI15`MOvbJLbEwk8b@ZZpe}ZFzG&v=AvYX%(!OisJ#(`=lNf3q#bjlvWBWj2=zv6 zR%GAine%l}C0n8ex3(%Ka@kwzoM+Xzmv6MP#LtVeGd8#O#natP2kp%+(VtbLiVuiq zqy%B8_{Jilzm}M-pl3^DXQFk{cMU0e!!0yn8wP@4a^)~6bL5_`YT94XfOWrpUX+_3 zU}>;zZFk#1O?VW$cf(@y$+MxkR}sraVG>4Ar=;PNNfW%G`_e3i-O2bM@iIZ;n{bXz zjJ%8yC+{~4-z;{`z>X6gS!#YGXy5%%1J$OoTpI_pA=wAuo@C=T=~ z`Gh`;npocH?v7}9un=tj>l5h!KQOAa!wZizyKQ~UMZ}W2y)uM!#=;$*Z&4tcMuvLF zz^_g8((%=IljNm2e~os%{+V>+f5kaeafkfVDdg&iEb^oCQ2aCXn<5+MZieceR^$6l z={)O@L&F5t1jYEYwj@GX&QLkV6ng*{2-#{jy-~gCVcPz(6)JC?m)#3>(h-BcY}?vY z-|iinzUt0*p!Q4Ati>KQzQwsg;)nK6r?dPz(pU5^CVNc(ADx>4`q6PWqV{5Y&!$~t=`?_>)Z!Ez#a)Hj-bs~}a(Kbu$6}!%) z|16jS(vKMIqxIGg3Sf>IulPLJUmyQi3ZB+x9*~SB3vD+z(q|NuA|C3qaTJ5AaBBfZ zcqT+vx1Y=!x15haZw%k`^7LJv&=3DMU>>WeFrjN%f@(o6_~;F}B3ty8 zV!Lh6w6fJw=k(mg;9$>#JU1%!JU@%nWh2Wd!X`dn1_9M#lL`b%GNB73SbJ-ZbCXNd z>x#=2?teF>Aa(v){tfPz)@!(qaLN~wTuj-!eA$!5oG#uV$&fJDkTrcR>i0GN-U>CC z=6!4qiA#PABe34_%im-uVrT!2tso$I8BOthC{5L0Smr8)-tU`GuUMZwyDRLF<_k{$ zGesiqV$#*)jbafU5MEqhYPUoyLw{!#K&1ELnD#$toUz-gzm#1^=GYrh7jT(1CYa83 zr~3k~MIc7BLZx~EXWD2}4lB-FwOvlRMfhupdmFhQj`4VC2EJl_*vIx0Y}4fXT_pMmy_bwK;YFO_7#J6z6w-%+1fW^F#fcG`C)r zY|`)IgGWsMhYI)?Oi(A|v$kGPe5*(a-(9vOzr6Z7mOy#|FyVIc?pE&@92&AxR6uFT z`sA_F2gjT`TaPfd{$-n9|GJiB=Nx!FM1;N zdQ-fyH2SjEd!vwX<7~lNfEWB9wDJ$!POFmGZ&*Y+<_)-sRmn(O`WMTdrUbLoxXe%57$)iq4Ju-M zFWVj}*KgV_8EA5Gr?sE`Q4{Ik)QR3~hcV;U9FxL3EOMkE)frUqNDPiSY0X7_FnPP7x{&3mf~4!vB|$*>q4Y@f<}vX1|>*jEW7-+)CMfLV#M@mt8)=g2(eH{1@a z7EoyV5DgX27NpyYc&ZJ3%-CKOXVg(PE9+WY%|npxc=u%+5M2YqnHb)TBIB$VNt_INpTf zrh+sA%`MG34f12xN`sgxdQS5+2P}Kenx*572_L?3&d!h)Di zDK^jMcp1zCLxLPeAM2+do&P~2$ErL2I$n{U@@soKXDQ~rH8#nLq;atx|zz$vUGw>g@M3^2IQU4~6Wo17?pzG60s{ssMJO@B01mEXT91f;h!MAnKj|^fx zvpY0(n|xR$tNL79r9|z0_Y<%k)KXvePEvCs4U(J}ISAu_ZSw`s_OD2FB3X(TQyMFJ z9v!NIqS?Qs+pY3wbvAl;0VNq8$UVm?9Qk&WLo|uuHuS?mc1%)u?tU`fKe2nHcvI7g zmZi)1tm1r@E(wrx65^ks`NdGdE=0oBZK23&<>r$tzt(=BeKN@K`S^@|MHg0VA?2BG zP@uq**G0`IUT5F&G*oeXQgYwOK2?4$IX9IgY3tjFW`1vWjaZ}V@9yVm%lD@re?Gva zGSa{4d_C@<`KsETs_DkNRpi0@9BQpx_sTPM3jG@T;AoD@oseNT@#%=0!c#U65IH}w z3F^*Qk^1+fh#!q8MLNF7b++LO+I9T8W-VG%Gy~qAIj#9-wjZ~3WT}+T8$u8>Nq=;{ z16O;pQHv)EvVFVs7s}nKylJ8Bc(PjQg-xfoxW{;QCEQ5=dZyXIrc12fI6qyglPz%4 z+}~shT0Xhq>lonUdR=$mAFg;)>5=^SCA%iz2H8THlf}f#Szg(KfC#ClVp8w~EasHT zw-4_y_gVY2o|jOsvXg9PMfV>(p%Q~N0f}Q(esa>>kGb>3`p2J`R4ibL$!Y`CNzhlT zd#!)#N-*>8ry!E~fkLp4nhCvD_&fL45Vj&uS=@7`u|$2*%EaQNzR7?!2JLZ8qFpBZ z1VY!AYbXa~QD`V&$+ZuZEPIKkZHtk%vAXVi1kyr5jg9qEMC(y2YxxptWk^>>@rk*H zi^T+a6QWauHU7#J$XCdPXc|rbo}n5_H8WHl=$iGc>+!)Gstas$W>zPcHS??iC@a&y z05$3xCK2g@-CSrkjUEVCG5n~)exSgr~^=Pkp70&jC+aM*%+C0 zUp+M@IyZ`1Yn=~5B*)+d8Uhd`;2X=Uh68Zov(Ye{PyVZG)1lGKPn4I{@<}XS+Z4h^ zkue9x?J)X#POpo@1M_d$my4Zh)o2sWCvWL`PRpVwU&tM02}nzE;Rn=3XW(FBboe7R zXpXkPBLXa9xl?!Td|NP&;)+YUurWbXpW|PapB)RrFJAr{4(vXjef%-reKL}CrEN*~ zhas}@ekwi^^58mOpEg{!HPe(4b5&i*cxPfUVLi0g#6_z-cV27EGJoYIR^0%&o2^Av zL89ky%fcuvIG-`D^8zx9Uuj@qe@?X8e6a$z<}agC2P34MzpP%Z)jDwZu5KbZ zv5=h2S1KUJ-;ww(dQaBU#mQ@LHm-I zrfZG541p|W6SE_UeZP!;n>tDTK%I;lm4?H1vBMVSj$c%C9j@x5<(Nid_`u7nng~Lj zl+uiV5f?tiH1`l|jsLb+1i`gcc{>Ehtq?)xO$wJQlgnz77=f-Q^Rnh#X@QnhYkt>3 z?fyd07tSFDTz9d4Oul0-Z8PoZ&IVh*Bj@ptipfGP<@Vx>%gFMKDOQ))5QQ-o8ehaK zoZmUG7wT^HD!#&--nSN$Qd@r(iO7OK9vBp^)DGth7qR`QaH6Ku8tAb^HTZ6}aG=s8iow(xdbu%IGb*8|#m{lA>^O1!|kXy5uqM zSIv(T*znl>z>qMgc8*cIUg-PZE)@R%2LYP^+Z=jR*F~Q8DlT;gdZiR-aO>8^zJX4z z^+SGID%Y*e#4tP&zm*+n{voo49n5S=GCppp-sM_MYxGBqrjV1C&J&de<(LABSv27Q zi0Ut4Tl)W-l0lSv%TU?S+6tPkKiNCQdMK5xJA;1O8vRMYC$N-ltYX>YQFYQpcdMjT zmhv(&KoPa2bLv`fA>8noS(p-}6I+Vw)Ve(NQFyc$&n|~`F@Uvo5v)t?ZvNp+ z1bEbMYXspaXnAJOjERk@X{B0slVdZLh6b>3v*e$sq+gz3_}9ss1{ns3%!f$|Ow9i^ z0}FNlYV0`B$5_b8D)WxElF;H920Dk&p-c&6meFSD8||f7{fLe?jN-2Zh$$}5E59{6 z^cgq=Gun>H_Gtuh$XcibUiQ0!Or6JB>Rm_HkXalOSuI~m+`WiI%o{=cb42&`);+`jv@~vn&)vAXD`1~6Y8XUh zID%f+m4vE3?ovFpR75W+rQGKNCJx8^9@ed*VvpO!q#K%a`@&es3rLvtM2w_K38y zlN3Kpb+Ty2{?XhnWXqDgnjZLqc?pEFn@D-vTpimD59EoW)n!^-iWZOQMfZ zQzQH#>QYEOmUDbfd2dgx5<4QQt;j4L|Hl`BGmL0Li=DOa4UCSvG^x?QE=v>oNWX}V z2+nPb2sYLsM+ZdzuH7L(DKWmik*zmiY0XbcG%R*@@Yvg5`QD!v2>f$}XXGgJx*bot z;lg;N?t|LKj)y1<3mU#Fmy_D-)g0C+@!}7Y;s3e7V^tEUU{B*~K zyggOC+C6#`sv79_Mgb|BL(!?cI+QMU^ay<2_^sJHyXm&bB8dCziL14d1Y+gV)b+th z$i8qU6Z3bB27vF(-dD2%CL@M?EIiukOfg8E%{HhtdvKf>FXJS_R^kdHgbY_2qCtyt z?NSMRlX>6zh-mm;1-;&BkeTgqPhAyd!8&Vz0V0b%gCbbWEgQUW%914;bYOc{bEOU} z63%j4%2Z{>3$k7++*4`-epI|kE}0ilyUi?vAD-Bx^Yd{=NsLtJ)++|n-@-LEk8Hq+ zvY`mM^f31i-RDsCT4mPAlB5u#)-$+h_4@X9GMiM04tOdm+}cZQ#rF8G*+^LwPFE3? zbL*Pf;%1xfmv9^*zg7shUVM{h#g?g6@~|7F^u9+c!sp4mtUZa<{FGokDPOs#|4q?Z z_&tnbaCygMvb>Nd1;Wz;ibl{YstNp2I7*hEg^3uwcVPXH@j>>nM z&u%;|7Q)l~Xe~Rl13taONST(!=DVDvt9&8URCI6j1d~*%nzmsN@B6^A4SEX+WEz0u zjR#RpUa=R>6kGzh*zzg0Cvc~h`DHVdDl&~SbfF96y{ogfIjmR%uDTOSy>HkOruMhe z$vbMVQOs8DJNZ^>Q5?EN6ITh>n)}5Nf?lx_cKsCe%JlHLWoJvOws_f<=}Ved`gX>6 zp52AeK;3-SMCIVn71tdCIMWRT5IseaSN~{5 zFCc^n6>dq~@|xHB$>fEh_H^}NxwppbM3I;U$zPra!)b-AH(y|IZb@Py=;z_YNk`FZ zbeD`GRIL&dGtGfeV-S4`@GN~t8^to{-S3MB1(gK3K6juqW8>*IyQuiA`N1}ETFvDQ zDmAl0Wa+M?!t%(LRyB+-79xwX(BSIYjqMRV$cjF#WE?%f-GJ`dfB;eYMxB(L-g^&j3%44UnnKw=y-s}!L z>OViX5jBBt&N=1UspvBzv~#^p^KVbAsbS}sjXyD8h0vc|RFp`Q{U}d;J#CZ{@4g03 z+E`gj{*e3!(e;??PJZ*#DM>esv6O0RbAoy zSu!EkWWKzX@#;hMzQcPas37e+ppPZlqhYQ7TNm{S_*sBFG^stSL?CTF z+y1??o;4~}F_0|f80FK%--@_?@~-)9J-(|>75kFAE8>FXOG?7$uv>47|JPxb>;K0< z7Skqq$>hfh(AEWp@FF9Jxw|aO<~OUt4-cI%B)IDdV{-y;omC?+$2GXP-f4BrfJJ`* zUtd3x;3TWIst=R^A3+zV;uy*EOP83hF|xgmyf*<341T!@s-yLQhCQn-C1a)JVAj3G zB01|3$^iP|b$N72phbd%Qz+Z2_ha0DB~tyF48=y{8f16R1^hHrK)%K&tDXUH!jyLX zwc15(YV24h7urC7i5jn{#lfg0%?~Hv+cRFt{Kct|obK&PR3)x*CW2G5{8~X=VHd8R znqfm@lY1fD`HEU`(%uC|aQj_^#8*g-CWH^Q38-v~uPAv7YJFgsY*c+1oE3i3wYpv0 z=}JP280$VqT)&q=ZCatyBhZh3#s`p*l?}R3Tv@b08BHT(Wd%S8r8xsYcA?pAuu)A+ zzcn5?7_SowlAm#_<)%12LWU0e2z=o{DFS>lQ&9ow@a%_hVJ#lm^<_~gHbs# zPg5c&X!I~z=l-Iur1>ugp?rCiz=GH|?BlRTU2nw911TVGlnFtU-%48)-;M&Dpn+pgZLtLCPo83;hfX;F~XUh(Iht=j#s3ZA&FO;OJ|>zT^rID0=p~I787E z#m5ccNht#CUkpE6-KP7ZS_8O=w{sri(W!O-m?j`UB=Yy;1n|~G$fn;WCB^L8IG!RyZ-(vFODm?X z^%J=Z4wKkQFPC>m*M`XAKDP%BK=%iZjn>i!M}-T|{npJ7V%?#rEH{Z+(HajG<_$MT z1|mzfFXD>0{sG4Eq4GjlKcVeA)yQuwE17ooD5pG#qwoGrpjgyUCznoHxTxxun!wLm zU`D0;3rpRWTlxw5`G*hq$omq{y5gc4o~^v@(ZC6_h+Bh}=pn;lRf?tKxI1;5RP}I4 zQq8z{S8&)|3~2dyFEQW}sx@R%ZQP^=NFB2Zi|u^R$mnYbQnd>bZp&};QIif3(N}rD zvDIW&4hmAQ5PHBK7QJ6GMtqXd5yyTQjSEGH7Hb_|;l!yjt7M&z7j`Tp5cfbi35=U99qa$}a@R zv9B}khik(Qo1u@N8vB_jFBa-TCN3|W2ni~EXS2;J&qT_H>L^2~)9{a#*ZwbKCgN;H z*bc?5NO4f{-RK(7ldN={Lk^;U1oAk!k(WxbcU)}K=x+8*y7q^M%jD;%yw!CE4v|#d zVvzlaHFph8PZd)Vt352_ZLtAngBiaT(wC_PM>35aGqk#l3f>e|D4L<9r}{c9$`Y@g zD-=6ob!LtG+99Iq9F$UrU9NzCB&XJuQy8#rAEeK#gaH4gPMvVXysg(+#9+dJ)y1dc8>$=YE%S2Qt@eUqj|>!BL6vW?eJRKL#((FuoD zwiyiPT-U5P{>x0Mef^;9d2Rp>Qg9kW={B^aQlFtd=;cI_ekf=m50s%nT>Z#yKxmvr2uFYip=$>q`V~j(SCYCS=y+u}n0jl6(p&r~F&K$kc?*`JDoNsPgVmYa z<;t;dj`~kHSSbIs@i$EU;AQcLC%_v+A}5CCSx)UsggVQExbwU&Drb}8K!Y)(ucGlw zE7_N6VaU$l1+!m?two%f)qI7B5QfE{u_Gk~LMXx#N=peHfIvQwpsZpIz{DEDiCf=z zrlaZo0Iiz2mp_EmdLO8q&50_rqHjDF+uZh972$`}2wM%iShPZ%rvZw88zA@I{~wQ{ zm4vbRs+slce#=s&@in-+D)8Q$7QhUVILtcyup%yVw8a;U=jA+}KCYP#`q8!JaVz9AisflI@>}}uA!^ z(ldS7vlM`QlXq*Z{yA}!qrFBz+|MX3FZaVIIm|{5=LIkQk9josutc^eqxjdDQL0LR z&I>G>sRy47ClvhsOgPgNF~rDFA5;%_lF(136gcpo7`)z-ODCR#RSnh@UGSC%r}KWc zhyY%!O+#bhb*P`=6b-HF2hN7VNp*wxOzaqqfi%Y6Vy9#yB{zB9<0Wz3N4_N` zP!Si&suB-E3?WN28|-QHOx)aCFdsQlLTRQh!yn6H(swhBpBWR|uNa@HS&G8cxKfgm z&no5KFF+vs+`XZ)1OB)ZFGnZJ#rZ^_a1MN4{Ch;oZ(e7|xmV^`cwLv`#`oP4@d4-h ztA#Y?xYB#vy$1oyQ*YNrE!c{wLYh|#R=wPvVb72L7I7Dc4Ef8`I(zEE* z+SVHH@>KomVE5CFTgp*y{JN!R+8SSy-=%q&7IUyR(RyZ z73>p{d+JraNW|h3BzP({CAqCT<`DSnUG}_Qtno2lYwJH~zCL1)k_FxM|Lfcd=cXGQ z?cH>9T2Ur29&b#Srv!|ayK@=lS~luKZc{`4$Z}4NG!#)0X7-1~#LWaL(vCA8d+vcc zi#3b;tIdKh19dRP-|h5$F@FX|bf}akQqIaC$OqSbjT3>zDD?2v_V$U_^Db&dMGML2 zhQR!NrAgJgQysP*8Ia6tsXOb)jZqrjOt2_&fZ| zNx`h=qM~?1kq`F+i>ZROui|a!qKB-n5e)U|oafbovhXP5S_P~!5 zKZyxGle~A0dM9Hmd!3tw4pRMbGImp@=B=OHnH5BU%iC7t^T$|Su9>CG)w1l+&un`Q=Vtm zZ^1n9d{GBe6P3%gxZ!;1I?~0YUVO2wivh1>HD|FsKK;e>B2XSZQ15yC?UAw?-uy4! zgT{?aRJ>cAQW1-r^~*Nq1lt6h-S<3j;l_P_?(DQaT!L?8*wy4jY~p0F>+?gPB{?=X z{`0HrVk)~8H=dZ`B(5tGBHG@6Q;Aixp4l?iqHIzQCx@f^vI^iE?E1Qlhv$*DZ{EL5Z-M1pQ_U@4=xoqtSamfMvK+Alay%VyWzs zfAr}4Jxb?s`cNi)WsAAGYRGceVsyMq=@e9_LvCKXAi65dny?V9J|QSZE=KV}|M~jM zB>?tUniu{|alcect;cYD1!!C#|Ega5PTdaup= z4_f+aoPC{3iA9@c&I)xOa!LQAqThaYLf*(D+7pbAKtJ^-!6FBitE)t!8q95IKr7`zXBoA zwa1fJ7*B*_3*c96f7*Lk$%9wHOK=_MsM|>KY@$VKNWy)a8IiL?si}-Jlv(w?h$%@b zlw*pdH&Q?8oi&T#&ihmOI4Qos;FwjF4|5f=S$l&(PDmg9Q9SS4FUD@lw%TF%`D_w3 z4YZ^u?u9Y#wLR{B)@lR+qh8(A)_ks-R}4_-kxVxnbw>rMfreW!KdsF}mFxMa%pA!# zy>_{B=`V!4scqZU^8&-_2j!VcO44r1C_TlLBq4RUYxhdA(Zm8wEQ!5U;$+g4F*3^m zEz%-GF|u*oAG*3|C98Zt`;`4SoW9R7nb_S|5~ttdac97?vu1D)&&<|!$95eyJLgwn z6DzmlhG~#Zi`vttC-Dmcwum7KWDj&#!6jE9 zt9@XthO^a@E&gJAjz}e=2_rR6f63UcWkFetWwqd8HALapR@4 zHle?yYwbu1RJ?aaI#oQml=$*v^rLp(gklJ<2I&@Y(#ro_VejSx2otR_h?$o^Blgr3SvNL_p$3UAdzVtP$ zl1j}71lT*>1>ydLatw7}9E2{5&)QO6DE4F-G7 zeac)L2J9Vqm4obAc_NEwyJl&XL?K5fc$+pva2A*X{is9_9*lssfxc_u+GzZ#LO$YI z$gS3se5^wFFjy}|Apw2cy!xs}81NB}21Ta%XHw+zcZ)&tvBXshdf@LpAs#hIq^61a>c9$ ztt}{gbKmL559#W0$us>4=7ztMOEPG}A@(S3D_Z3;jA4Hh)83oYzK?VirL`PCZK(o> z^r-edicLJr{hGR1NdxQcsI9z)ywFPuoRW2CjH{_XXr9UsopU}fo^)9=rQwh@RU=)is@NrG;~Uip3%1cuEGVyVNKqxFa3hS(UY+E~@$(@f)tc$7EWS3OK;Okkn6w18T$dFC%`Hc- z1esbBOuG0j>vvY_yOEU(Ppdl2UcHbT%(Xi$n~%}>%C|!jub=aBGO+?atd1b7vJ&Y& znuqDc+u^AuNYC&|;mi1*K3j%;ZNJB0T*m33Wn1MKDPe5?ArE<`jlBAHL+>L|5=tSC z1JW`9Qjaj&)+YH_+OoObL&Ht-m7z7v(T7BlnKN~r_P+Y27>aXw=Bjm_Q?Gncis|NB(ty1T+nQ>BK>o2qPWh;- z9pc2UQ#AEXY9SA93kCJ(c&mo!JVK`7f|LmnW(WM-9A0@m$9m0a9I?Q_70a)j~hOB%0z zSJ~cuXs46Ip3d*$FLLEh_n-S;X7|-GWv=oFpZ)9tYr2S4CKhKJSb3CoW9AbE_q6YZ zV^O)iT?h4>m2G9<5$9K@{C%LW35zG**i8m0OWq+txc`uLm;ErGo6+hbhuj~H@~c|fmy z>d6vFb#}gso-#AE1)cbhLlmwPSFv5?r0- z`J$Gd zpnp}rVNOC#Taq=gmfG9?vPe!oQMK;*Q^Hl(3!s`&Dg7R@zIrXNTVkHId1@XdmU(T~ zb2;);CD=|2CO`6K|ARH&{x=LAhgFT+K(f&faX{SCxHVOLBzmbKqEJvh{ox+o_@vt} z2JV`I3_&shUF>n?uFd;Sdhl2Jve;rh89iNX3UJnf(4Rd(N&32JH>Eit@VW z@^M5?b6ABcJ9|<3N2T~-?&i(pa%}SV;Q==rG59VU>#g|>Ii$=6>wr{3q{!}VmfL>C zGfFeb-M+yZCD1z=Z~igrf3_0NhsXegB(Im6wNQ6wr~KX^IW&xvpX;14-1B zZnf`w&G`t}MVA=0K@Jdsv{|Vbia^92v%hfM>~{uc`iYd~B^!v2FE0eP=cB&$*Cg1` zWihj1U|yHaK^x>d%-v+wGbI&z$m>elx@Xgq1<4QLR-d&aY`Q#X5-+h_4O>wolWl*W zdZ^^sxHAJXpADv7Qk{{Frk5<;ev@3IU1GC>prp%q$E)2B98-&&RiZA{^?Oy9oG=yx z%H`H567Og!B+XBx=v%3il&I! zn(WI{nn!>8Dmemk=EoNyIq#z?aW6P_2f7u7`aOcQdWHLOIC~}BElbroJ1wi?*Xr@6 zEN^xG^V$txah}V&i>bR&z;X;hPrv?lgd2hD;3L1`3X&en~+)m_K$(I`-vEX##qu-Im8ja(lvmU8#S; z(sWUF&;x`V5l4!Mr5&a}kiUn(c{7f^8)8A~i3O|;GaC6Mjq`xt8Ku!RCk}%LeONLN!1TX&gNy|YQD3D-^Zs#&`Eg}R1HovQf zFWv(}2KWf)9uCP}O=?Fk7tsSiP*CU439e8{g6~j?BkoWfA+9gB&jdxw#T~r0w zV6+d;%u_N>~JwvXn$f9Gp1hTn*HcK3)8LM zAjuL(Y3DK9My561a6jj~U`Ro96C?J+Y7ee+-7fy4^$x*fP8*z_#eSk zPWBEkJkWRQFX|=bG)P=Bs;VT4HRcJ`A^2NJtx^ida#P0H4H5z{(LO|*q0x_LYdseD z()1T~3};3V)i~Z5uGp^309wOA9LI#XRrH@;xCzufTi!p2n<_t}vk9fkm`*t?JeOlK zV2%w%eMHypH5e!oq366QWhbQryqL5$&TkWElsxSM~tMFLP!x-al z^yWylPIBh_eADHCH(b1Is%v7;Kj&DDHrNfTy!ywBb)+>ff=)+H6J* zW6Y>Z@v9~VK!^UAqt}CEdFCINg*WJEzRHX)_W=rLZ6yKB9CEa9Nj8ttgO3tHsecO0 z7-zj5>^0?rfkd7fJj?8uj0E3$|4hMYv4Cgt6H>n(Zj!GT8KnD4m89oougw*tf#4EW zA%vrIwr!V;N{Gt!ERW_slk~VyBgb$z3-$x~VQx!JT_^d!Taa=W+9e1ieH3viBAS4n z`&uai)e(C6>jAumK#mVJn} zxo0AKP+Y7WW3c6N)6Z4yqn^e}?B{6UdR@<;CXp(1l*9-(IoSMejV|Ugy-gn1P_izh zR)rxOOWx=}t^A@%kv$ zRdbuZ}3+H zk2A%gD%G)S-VVZ)b(_^Mbl^?>dMjz2z)Aaw{n;wZX(O;0eaG5~f>)BnT?8-t#51|q zH+RbdcZ&KOtfkDVTaL}&u@_il2aMW80B#DZbUnoOY#kh$gu6G2`Cnu`@6jkSll%D+UH`WeV< zqAS>3d}eVJS{y{h^{k_=5L{!|2xH=ec)YLFv@m1SF>4Y^kIjESSNAzxd}AYFfMM}N z7`3%bUdP6Si5F8a1K--poGX&Xn}yHr;5Ac(F7q^|LlYT&2_BwX26l&urdarCt0=^S#s;ks%$QTn&34GqgMDV}iVT74vLdWmY2u}{q@l8ym#-7dLnLegh+{z6^P z$2zZOf1pyj*+1Xz?hmdkxkJQXfm=mNVb5#WD^;FLW-wVplAs;4a$%8EbR9$2J7zfb zWVSPI?a=4-jBp>K!swo4Yj&*)_vi~p{6mhe-( z@y3w2Rc&gBA8u8Rws1ZDKcXw|^@1X;mblv>8A7(rVU#~5a$8sRAwi$eP$otLlMWdtF&{g^0B%NA(d>_`N4!L!25BZvvB5cdR~Z9FGI8o zNF#59=0kgV0Vcj^M&uDPUx|Roccy|c;{+`oF3li6{p9PA0y*N37BS#;A%2a)tz!GY zofw0znVV~kAsSvVb#VP5V5O&Hi%~;xY{>$EE)jGT#8jGt_Ly%BMjkonHW6zv+L`Jz zSn0(Le1io2o9#``R=Z;%DbLe^Q;t*CKfbfk%Z|}Db===UVg*|xh3FQVhFY+>GFZZK z*778it>pD~N$r#lwfXt!+D*5FL1Ff-R9`YEp5#Q!+SgY5AWBUwB>i8URzv?6=<+#Y zW3ynsB)R*kT{2HIPK%4Gqca6L{8+KCi5K1OQiUEs)&M_N_cq(Q%Nm=1f~^7g4GcGR z8s7T|-5zgXm&}TQ7#s^zM%U`-RSY0Uxc30hMH@Tp&=J%wDg7wK$VUtAo=ti9S}D$N z*}JLwOP+hl1^YVcbd17SKuWf*b<;X?KUtcsqIF(x#>8jEs2sX^;OFqcfBWyg3!~!2) zNiMYgapC|{rI{N2G3@1~+ODkIk1_E+K&N>4?)l6>q7MlbGrz&|#SJ`NN zboG|%Zwc4_hkuytbjm{0uk$?99vwzj^sd#eiG@~O>i&fhqB3yw@2(B~B%a!a)uM&Z z0&mN&@!nM+?7A9|HuVK-x%WuNNc<|knNdi_V&!6N!@J2F{L<8}2Z58M-;Z`l+}ERc zP)p!ebYF&W1XOqi10dHTby=?pDyCM)T9>6+NjF*lFRr3~jMnS==!!67o6d`BkLBj( zV~rT-&}mqMZJ;Smn*Y6cGza5zC60`@20AmuV`emDvUqDcL2L-W`jbB$3NDr!LZtT+ z5;|BQDyX*!AytV~TiRBk%r-sxr4+Hm6Y4O&8e~mD3(;XlQe}{?aq)Efs|P%I$1dbtnGj(JUvIwVN9OH3j?olD+19Y zD`l|WymxMPR-k;bGE|FKD}8C4*c6%%z535cj$Wz^spWHL(6PU`)^_M*WY*{3%GeH8(opHCj=lcl4dEAEXM} z3e-k+{LJ019SAwDe<4s>^g#7$C1IzHm(SlvHUYSMse?<{#A2 z*;$_yqOO+z<)nxp&es4(4@s&NkE-AnJV4Lu_%r#ZZFXkm`TQ5uk#mfGLPG# zmzpG!sJ%a3Dk}abFHReKBWwKY3SUj$Yq%`YH{m_{jjY?du{vifsM3rF5VB(v=Y{;y zjqhFfJQ3pxS?o2agRbMbHvPeRcV!{MW;54pMrZOx3nv|*IfQSB@V<{KSN4NN-a&r7 zc`f4+PATKh!*i8Gl6ARS3&XD*;Ry*Oy|Y@?v=70p`n~~|INcA#$!ry+R2!Ujq-_z4 zH>GbJq?@0nx!d>UCk7f&+Z1=U4LewDf6;F#0~OjqrNK4*=(@w{GA~rUyF+ON88hFE z>ls9>vYP@bhzUR((by9>XfHFit4ZY& z{nTn1KYbVYZN-mf|IOso;tHmTMV&&Hl+q;DSZs9q7yJhAP{Y+_Sw zgRu=oK<~Xlu-)|Ww=WXt)p84SmvrkUXC%zi2g)tDn{^^j`Tc3Z6wC(FR-Y~@>xKS6 z<=P->4o!7_lp3Mi85pQ#RmN^75t=5n*2*-5H6n$2+PwZ!d$|1Lnj?||Rwk2ibZs^W zk&xAW&1rf|e6U4_fN8}7DSz*lKX_mMqR6R`-d!OJ>PUTO=T*(}Q_2mH6af}5gqvE1 zoUY6S@2MC=@WeMa=Eh&P++R?(XGf0@;0?uK)1w2hzvPc>ytGXfC*w|5A(GFGk9)mu zB;rV@&w1Z8kd6-;ea&XAmKc1^%Li<7OECk4k&(g9s8k3}?_nV3N7??F95HJqI717qw%SQYoJC2xkvkJFhZjc~SDjGEoH zns63L`p#D8Ybc~SHt`ZEa@8kDTno&^aAU#{Ap@1L{0L}&PQM$!Kx#3jH~GlD3{G3j zVIa7F{Kd!KK+4KwmJA`+RsCr*$5>#Z5SiS@3`MJ3tvdA!<<>ZPv`%i<9jCwc*%)~-%E76H6GLp zgJ*~LUkl}YKK+5xPdcQ4fY92zXt?MW&IM`7&;#);AAC=>x7s~+@7?jRk2jic3SXz- zxiNb$&$hLdsQXvM&^{zGv|Kh>7jHA%%U0mqWpk8lZ{t6p{@%dS6)9E|>oD_yx~f7{ z`3DsV2iV&4y|2!|6Y+*_X{{1_d#Eab5KGvaj>Z>9#LAr3xcK|gP4qVq<)j2-&TyYY z9y1TvY~g)*;ymqJOD`^F3A>Hw%l<&QY!1}Z`#!8Pk0SdM+#7AgxRNh7e;n^l$N_CB zO8#QDp2pU(cyE5g%`rX7R8?L_k|h^~-fx_)Cj9`qDZAb~R5N)?S-)c{a117$8KOvl z8|``~h(C}csH}9{fn(UDdlY{wLsne$DfIBJ;?qU02s5gzWMCJVuxoNXwyN5))|Mvi zBTW$F;#Dd1VU(>&QtFfZlu))7Y3#bO^vVN-mWuT&cl)i~ zb5jhCWRf5uvMrG3OnY-qY*tvvE&am`kO~-!RmD(*U|H7`np0IFegUrt+8%L0cIB)D zV$L*P)r{IsfG#}+wWD-DR&Yq3NxLV(qSc~oyboVO6yJ$$kJ&2@mDwyq3*=^ezI@g} zam0e&zr&2$dhUoqgc|k@f)|Edg>21R>!JWN{gAwwcLI(dl2Agu<}1kM2&tfvurIqR zts1S0!-5srxkocyt5B00$4KYsQk^#rE^kZ21F5ad9ArG1lYKvwB?cu-qI2_-u(U2gMU^&nR)Ogd zb}XMdIiSDTpeqvAi4Pili%J01<-U;#9$Rrvg3^A(|ZpUC07srJ`@+x^t zG@=QY5ioydI}}E?6%l2MC9zDZ*34<48Q3+Z*-I7X8dmooL6s>_c%HTfRAn9Icr#j=oZKcNflb03>jy0YnS6nyJ7uB_vG#gS(tg~>HkvVMOMkea6Cz+7pRraj1;Rfq> ztZD~Cam>tGIjU$0E5d4&V8?E*%E)^dzTiBUhN82h8y~Qyek%x%WpE$4 zDvEaaAorslT4SY%8g7?M8BSPK1AjHAe^oohPdwRuOcD8M0ggve|2aO;D~8%hS!nC> zL`^N^aNXoR18r)8u+GOy;RSm>JuUA^#wj2}eQ?1@L|QDsehg2$i%4HIVzGPOikuea z3y$u#`br_K(V%iwOJHFR6`uXXGws)xT`#QyF4see_nydb&xi4~KhJ7~k)LjjQr1{W z6p%N%>6xp#&aBxZy(_$ACO*+2fI zH@)V;$FkV^_Bh%hi@lvQw5qvi+Tm)x4xeOTFTZF&iLeH3g>2LQSZRW*oaVkF0mfO8 z-P$o-ov$u+jz!)@q|EaU{gR&KM46SJG5pzpgfegVN0Oi6cC-5~hr(I z#CCeGudpr~E3lMSPBt2+9ZhN@BS?CyB+16>M<_3h4yAbFyQM&J8*{l2i%ZnwSp={? zuOs#(bP=?s=r4N9b)bxhNfev4S!1q>D0AX>P3#oX#k+n}Y`ZrJ%-FFd0Wb4RMSB6= z(mk3{pKhuJ8b(me>Xb#+777GJ0s=Mw^ozoThG$U-I`_SFBEw#=QHy*NM;U`NFyu4>+SCTY#Xu2{}O_~UAz{Iz>%JwRfZb8XC{!jj-j~dFb#O$a*Z7d$a~mGW#`I>!}5-3-Rxbb?~-X?bAg=-={l4MN2<(_eF`Uab8D!jV2LH4xohmnwZxp=e!-cTmm9 zQq@Gnd-HH>6_J*%31WkB?ukAoi40}9ciZgrLV`Lf0OKuvfGhOem%`!RUT-jWTb4Bm%MKguf5N}z`PvQo{}PfHpk&7 z6w>$+onF%1xqjm*VvaWXdJWtf(P#fakWQ7YRgl6&f=M(ID~*1Le*?G3C8Mq^LdKk~ zonUzu>C)50;bg6&SS+AU726JQG7UWuJ9hgVZ7qR zik{ZRyedN}yimFfKApE;=cJgZ&JgH(tR{&~ey)%KuGN0(fi;5r7=`)Atezt4d2x<&Y%kL1mGHdn z%udT5tDY=tV*$fZMKejw%i}GG5}f^ek6qn>wokC6_a$@2e927}GR1Jucn@7;Jts#0 zQCGNSC);IEJ39U%UIgKIOuj=G_6F7{qkRgW#GQsmAlDV;tQSjaf8B6-FyqGNT>3h< zA*O~Ud1MVVOF1B0nK5#YccpX{wM0;rS`o~VCf>?J6d?l5@SrmV?6V;3Y8SJfw6Y>d zZZtbC(O=FgGg8G|3rc4b+R8Y}&c_GVA>-mJehcxZYj$-5`Uq&S-YGB`$Tn6HCSTxj z;-^s>XPvhz9XP}8`v*!WiE7Ro1J<0bXT0%Yg_G+KA_))wn0AQg!s9zYhdmsOEl?`(*MOS=^m;S|ryU*2q&>bokpA24u zSbwU>PCIiR0;p1p-R+7wk^8Oq9IY~KDckU?-}i6RNjz7fn;o7 zXeA=Uo2zBc0T6=w-GxNL@QAVhm16jGenZeCgepgj3S%{3C@Ydv&(s*W52n0% z=k0l~G1G%Sxc#!$?mi+vB@lbtAVC)E-`Vmi>~pMGI)eYdFw`bb^=jElP3cbfTQ>B; z<8@BV@skryls6{+Z&?`5oI92omfY1Td5x&j`qiaqOjr$YTYYC8<1|rkJAHzAE$`{)t-7{X zzo%-_aqh5=Wu=0e7ZXUnFIeAmpw4cQ6a%63^b~*g8S4tE--G1ajDcp1y!;6KcYwW`1v% z9y0her!3t@*2+M;uTUsNhZ1Pk*8X4vImBctR6zLjmUJ!eTqwCDRFXdW{>jTPDc`4^NlUQ^JU-Eylui zg{&hfN{jw8=iR1b`A1jFhMdo$Tn1SX0<2^m1&CfvDrc!q_yzviz2iybb0a5YBeJG^ zh9mN8f^6mP_nBg;#sb+BLGA}dh2VQn$5p$YEbf-me_HU(yg@}YTD=$XQV~N(pIv(_ zj-Ok*S_Ty%AN%v)zUh~Rwepm_waf0<$f6E3i~c$aJ32UXWE5>O__>@My9r1r&wkax1tLR*EBaiM90AbB0>q_GwZK8SEop~~ znD{%n^kAmHHi`R4?iXHT8M6Kzikw1B28XTi(aOcBo{gkW9whiR!kD(}Q_I zm(An74=s_4l4D}~197)oHF5siIU1iuGVy4E8TYSiKhlLMU>4`JQ!Jk*WCms^BuQmV z<*e_~B~S{>l87s$pWpI*k;T!;&f@d@F{`Nw27odQ1~9DfIz-kGw93>c{$U>X8%8%royt#hIP7P{2x5PiiLYcvTYiEr6xPD_MwA z0|S9H7Rhi^O8*6o23UeGFhu1~wBi&$Ec?H&9Y zad+e75+VOlHKKu+7GgN|!tvJtGo|+P-o&=Vz-0DIGTOn$=&*k&xUdskg1@r@RdusJ zhr31Wnk$h~sPH1X;y zttz|zK}#K`CizpOjmT;EqFLubz3gXiqZF4$H>2ZXEqzQmo;N`}MYLw2`#`wK%ynHu zc}*+}{AD#vQo=amD$G$q48tEA^7spSp6wU62eGiPVHKbdzo;OaC=DXw^mkG z8`$*D)qkmYr!xh@7gDBNcs%@b!<#0Xn+tP8pY=2tobdtiAt;7q0eKiXKxZW~3SHF1 z-Nya0j8yZrp4IK`b?KH>UW1NnoaY}X0@EoxQ{jf7tHPaX0kJ9f^ISp5+4GTj8nf#&i9_DY7>_|C@vkgaa4VLMaJ`eYfOpcuR7hb;c7 zld6QO&0l9rT!E3rQ;o-kyqz5JFFC;sCuo2=smkZW;3FvGkvZoi_G5|Qk(AnX-@9NitKh3ncADTxMoJ)-R1oDYZE{|DxD*#B%I`?VS3@oi}}cV)g@rRu!` zd4>6;_~T}g_<$dKrCWk9|8V2w#Aw7*qEcs%v?L!xx#Lu9Y-vp)_TJ_(5A_Ay`QO~f zZv-1DoOzms?d92Y{zKvk{$&k2uSd2^Q3;i@eEcrhMTti|6I99${H>=?$A`$)1##a* zguAu$bJSP9tbiO|Z^pIfuT3wlm02-NdvBU0i;RY2;I!6HUO!YEB4VG^i+m;-T7OOc zxAaz^aF(PS9SRY`CV|#Sj5CY-u4< ztEJg>;!hWwFQg9r`)$=ztO)(XYb1DaafnIE+^DG$$Aid$gH6qyCFv#M1MO3rK?;N3F#IQlrq38fC^{v%G zmls4LFNrp8lU91uW9JpJm}SswywnQIhU`L*<=e9MkfqJ*Pix2zv*M%;v~@4R|20pu zO|_tYHLvA(*{}@!-f2D6y&DO+Yk82fERxp))sMu!#$S+pYhvl3W|}7J3;%?cWrahN z2fNjgh{tOO`8D{y-(wZ*0{qXqdR#e6J}&i&FkX);ma z=>zDt0^SWJOnMlxHJ~Bgv&BoolMt&y1^V;N3r~J+LH~P7g5DfJ8>}_QlTFy^psB*( zt)^i(V|BoF{wXAfvc=TkjO-PeT3|B9zWF5pIW+3mRRR%pboMv;(BzHnQZ5(3Jr8%s4%2{>mv~L#cA1g|AnRIqXju@7 zZHlOPJtv*jGo@Oa2{Z;Z~g!?F@T+)CG)1Ol`;M>v)- z-t}2@oI%IJO*yRM`M9woF0POZCpsBEv2jtls4?TQ-qNu3-izilTuHWAbT$n#*%nk! zlVuYI86tsk$b?PEeCaHO5{1kMsJFPsKbNollJlbTQ{@AHfBtFD7cL$Ots_0~2TB2$ zH*l=ducje;cL76E0sqECQn`~xa-cB5SJ4K1iGA%?EjC4n0pvmA(v#3dDh)+=I1eA< zz^@dg%280gHM;S6UqzCPc2W_FdwSXm?hgL z#G)8Zj~kkDHRux``a`Lr2$nk2(N9n!6Wx zEh_~3(&EB#Xf8}dyou#mZO{%@+zCug(sf27uu9;W{OXXG{-%Xd2nh>Yz4ov@NJ)1| zt7o4xFN8%1Rf6#Lz+~4eo6D3*XiOc2WwXd?H-tvQ%auviFr}uz-yfyu-m%aQfpbK3aJc#ZC? z)nENUckLUEWIQH*{Ml4es5&e2m1%f8_K}u-tQKLnm5nb*QI)MxooQ_U_lEZ?T?EF|}H z`TSY5|CzJjGhAhHu_2gnvSNQf0oL`A?ApsIGGGN@~J?ya5JD|lNw69;UL$ODGxNV8%A0{ zWdM>Z<9Q{B$wKijM~dg_z#q)?Q!9zxfP+<$HRzJoKdPFrTRvqceLFZA-dg}N2u4$s z1-P*q8cV{uX7@EN3J4Q%R2BgU$!&ztpNZ;3= z40_Z0=$Gerf2B|k;`ptTgi&?^<%05g>E~~eJ#1wLlbYdnH=>*-Ckxje7w>=t(+kTV zs2gh`=NrB6($0j1=5`y6-^;Yj+_+m4Hpdg>=*BRa!@Yq;Z!7;IDmaq%_*ml2hwYq> zrK2jtovCB7fe$)2H#OnA+_)FYQsy>^9fuMOF>m+nwOKn)R3l0BC%2uVXRXaFTFob8 zwZBP>URUngXnHIn@D4Ck9ZT?1F_hF)G1>Y^0G$`d51qg{*kKjIt;OWG9!TtLJa{ZP zHOu{6ioejo;x>?e620s3*H+ULh3caF&Q;`D^I3c3QFV6s9$yov0y`4F;jSAb`{bmD2-MJCg3Hz{z!tT?>l%U6T#T^HDr4C$tp#6mB+N5#aD zyS-a!)uq_pUT@yCSb7ZC7Y^&QB`}4k(1Be;7WU6{SMpSZ$fQtOMv7`)=;aNwGI-6l zF~*FGi#({=8X4XOA^RB@1-rsFu@uX?}IJsU)VqP_xfQ17gd?M=TI}D;}a) z_q_|#o*n_73{HG96C3qwfamsw$~}Hh`S{L}x~Sr*)8H3&DH0U4=1EsLx`pMii=}m4{En_luW&Jo&xgfG6210wr*l7c;c0hcwKZLK%n1Pr z=IX$BlZpu8u%57?Guea}YHk3!hQEmQOyQxBBFsA3i1%E3l|-5pMcV+qoAt+WI!mko zJzHl*>-k9gMpj#nq=rc^cjw8qhPykM`{vEkgKLD z5$3SVM@;1c_Eb8H33941UKrO#$R>jIOY?KC-(zT63=Q?lTqv0+h(tOyEt>#vzkfG` z-ZW9V;1$c7;jV@=-;7)wFG6k~S@f3{N3|KtI+ZG2#^u_y=1v;+?}vPhNP2a>o$)Wv zbDNX-+5$0~hR8u%n;Mm>(JfvTLmG{OX<2%!I>hcl+66$?{1NnYW@|mvc?C975PS&_gzc|&embOc*^FEZq*mjA(Hf*z!wGfvL_UD|^E1<&=Lv`#MYnC7V zHMXDT(|P--7h?+t&xL^dq2sc1QRep!Wovv&V6GN7^@>9bT_EMyNDdeFO25K(h=KX- zXNlkc4_|K;)zzX^D>Ayk#>KZN%roq%1F(N_bUvjGo~HHQfaVWPey zyQ)A-OyP+e)Vb?=2KV&8u&%wG5y zWLQH&Wngey^V%e<|9YbBB7ezrh`L)Tm^(bq)dzktouMs&n|tU@wW+o8g7NXTHdu)C zwE3cJU;+ky@r9phys`J^qn<`aqRTt*osnu2PP|WEE?fi>f!hTM>p*K6Sixii^4P?q z2fKcY3H4^-+QOBc+F<7HK~P}WLpp!CapoHNc}wS2$@>mG8u++0QlF!Fc!2l0TfLJp z$n^Ru;M3y4dV+VoK+p1ZilA}^&N#@DD?d*i|3WCb4FqZ)nmx?6uL1-Kn0 zL%RjPEoD@JUpB3j9q6Jr)k@+{3XaXuj)$Bt40?_@J4>vbIL~*k&qhGGe)O@MY7y?i zWbPb>+YGn9lhyFha)>>dKjo=QCjT&u$aq{js15J%&A1@)aqzEhJq^hmjN4XJvBd+J zqFA7uXEggBIE=S~7uhOCynQ`2nCeECP7 zf9|zE{I$^??bkPGmyJzY1#ptd;nCYYE9)Y$$Jc+w?U@b@vWDA=aC$38(2eW=-=9x1 z;;#d}kvygEWAs;f?T+D%>ZnQ0HnT5N{|cA>zr4W|_C(;Ot_kmM2dr4P8#Lb7G#CbM z_yUJo#OlC$l+(@ok{*oS4ChR&JEz%g1p*9Z-N97)d=_YM}lKx6ho%nyYMgL5u7)LOtD5trfL$dVFH&IwT{9-Z)WQ z9Q7nCSDI>Ghx=;sz}t0#A=_;uckJS=Y*!P#d$;tc} zsFaR#W7#MnDi(=?4??xs@7&euRqU@0%_-06eGZrX_sv_HR)IBdY&jP`mTw55+=6P& zRl85;TDJK9Lx`bXUimxJ?3105^&+nP=GIOOE+83#6Rh34j0Vn)#I5Ec9fiBexz=5y zQk6#81?lPSXH*Q3LTh(oe`FXD7QE?cuSj%*1DBv;1s$IcxHE10jJ?LTf3YWYk0xE{ zfXJV%?(2lo+&zVgD-{`P+`mQ1ttmdty_&b9yJ)s}W^?LD_+sJw%3`w8c5tAqt6eLY z6TFfW8Q*dAJ$frox5dP$`nER-b=OjlF?i#l*fc5}t z91(Aw;47k+%!;-rA6MhFNw7sVyV}Q{)whSHc?VO{W^>zPfr|y<18g`mu$z^#+;!+$ zU<#RqkdcPMat1tPgnbGxQOeNE9%L&dk^I@mS*Oe*r?;sr9OL~dYJwM%mU_5OU@`M< zHN$l2ZJ;HOe&Eun%=FujwiylZZitHcK^zqBSR>b7h1>`2Npcz?9WTh3cPVjV{+UncSc&CiTdjNhK&eN!Rs<9yO90q`f8 zw%?Q7fWhXu*hcV5*6Yl4saF=taBg%khTJa60Vn)sYW9BUjPfPZ4{w0#j2Q6LGD2uh zlWjdj>tt4vu8q~*9*VvPVbyavY_IS$2SGRP^=HvcY?rLXe1YN|E78QMD)Q8tpi-VE zOOo|S`pn!%Sj&SXd{kF)X>cI@MzH#pdf;QmQ8|V1jbO=xn45n_9Cwy-)d_e8q-<3H zHQ3zy1rus4-|hcp?JE3f-xTk466N4p!_cL{p$?`@TLN1roH2=Kx)B?7e6~2+r7~t% zq(xxP^3xu@(>&d<9KVd#U2c^YfV3Qg*L*jd)we!c5lYb|ai?+f^@^GE;t6iJz4Nep zG(*|E2CqMLEzW6OM|jeMF}@*#!6!gbRuSv&Z)G1~RdDOLBxJSG5v)P)vWwThHb-68 zL2j%s=HPDlB~r+N+VG{S)$p8GX-0BX2bycYq3?@+5aPYE2U{pD*h%vk9VAM;lRRu_@h{u=0oy)>XVTSZVPEahH08#B188@4oB|(I z9fQ^O=CW=;t8}~&jl-kD*gGG)zclFmV1qVpeM`&$1gpjC}yWg=jv_qkx?|M)(r=i>cFhHxy`er?tkmr|xsaeq`G5 z5f6l-XN&c{OrXYdXue4WnmS@kDbcINJe|>ME4E++_~7 zHevKfD(0MTsjx=3|cJdQ|s;)?kpKfgRS$yi>;Vj$@2mY zb-HOU^<47vb9Uc(PkMDoPqcn;1n_;R8>bhAn*e$&;+UcFbuFJENYL11BblHrXjx=( zr(g3S93oRZH#}@Lm|3$Ic9}Q3rE=<#Lq4m=zJ>g8;v>V7@6k9(UEpWMTxG_t^q?C{ z6UyVeq(|;N%iF_kMO|eBNf}9}vmJQAi`>v=NxI;+zTDpj4s0eYh)@1lSn!dwylH=W zuEW-Z2M%{$PMS`MLcw07#CkB)6&DZ82zp}?pB(Y%kG!oKe?{tB%Hz0Isiub^0bkJ}z^G{6hj$S98toXF?U@XWbstXgQ)4zWYE*)|3qyO3Hg z480qEd7MRGd|rp-sW@!xS20;4v^2jZO4MjG_Z-YI zGO&=a>od177()ke|6}gA(n4c4`;#%q(C`LUFtKJf)2XaBNO>HD;n5=u?CyR3%yFW4 zB4z+_*8q#S>b(0v>BJ#qmcSJR=R zTFZ3*R8uM@H$aB~iZ!ragISm^!Lo4_r%!D(hUA7Y;$7JfXc^3F^3-2kDKz<$=fe#GGva@@WeX&ESX_pEx6 zXKCEWC3o(X@tQ7|joJoKNj8>{I;et}n0sjkhUB8|ow>3wWJD>Z>+@0Hx17xm1HgGI z%a5*qH-CaQxu=ZMAwKJhbZRkVWwRvzt|4pLd7FbEW7}McMi&?!l+(Dt!Lqx>DGMOB z>Xf@9i+t(3I#WaML6DJ?u9XPz#RwbW5X?HjX(gkj>p82!i@j-<*#88tvo_7V@ zknC^4nZz={)bqM^+tq?v5OkDc9S9;^zidMoMpEEiP$$4p*oOqt!TWMC}^A~#6#F6x( z)bUI!z#9=$#ZwJ6P~;P0orXX>tdBqj7>F&4^Qbp8=oLDuJNGD4SSaFLi-J^5 z0;%qbTrlXi)S{n~tV!XRjX0ndX2Fh-WPas3P=o>=-QF`7U?I602L{=D)VhVs5j)NB zhvr;XCJpCk#6BZnV5oGug}?jZA+z)n8f`5~*eq4l{10E`FOV_PfT{@QmAYD!;Cbu- zw%4p{=N!-Y{>UX&YiTsoe>`@u7K7oF$fi!blZ6| zy|na6JAqA%^XwRgwFbD~30x^piToLrWldR2j9)qtU55}P*4;O)aCl^jaFy8*G_UCd zQuk6f&o&1sZyU>f>t4H3Xp5LJZC@V6?KtVHjpAD4^Bc|K599MI@+e?(;gUlh;^>lc zSumn7thGRLt)rx%>C9KVpkt84g(8_MMTveXatF<^R%QGfLLRdV4A|gEFSdx?W^m`SFI(lWJxURRZ%n1Mh1Sp?WCM6vK8@lK zG*du<%nTAwGGR3#PZD)1q{ZmxF{uKgM14S)-^mOaq!0xQfK3nU0Bw<(lEgQOnhJ^6 zc%vC_ahs?Xu7dOMIO^*Mq^JzRQE#YNY%Q7B6JLR9=K19a5sl%%ViZczTCJm!XuCt; z`qfd)dS8;$W={*Z-HsRVT{7o&t{2Zm^TsU%9%;XHoP3u1e-lR>VOPi5W2VU&rwkK= zOGn|Eq0CY=OO;d+H$bc}T-r5K-MK6W=mmzq9wGP21R<=cv<9G0JuU)Mvyn0exbjmt zF@jDjBD8!WAvvkSus~Bw4-gMlNa;6Ho9qyE%Ha@mmF9nYYF{Ge0CSvUq z=q2dSv%MBim?edX`>v_$zJlDyoY}FsfTsWUHJMFyH2&rwllTyANAtD`W4?u z$1B3-Ct+fci#-hT^7OYT<&%uvo3WUO3R^BMpAAdGq4G7Nc0D4R&2!;vUnQ|x~^fY zwDC{k+dsYg!uffNOQ-_Bl*x2RcdX;s1=2tLW@L-O*lj`?=$hHxhZFvT7O?cMuBuPA z$<@B2$R%LVyQhW9zpU!VK_6E2K;!lMla(t|;-NIVL)~nM2A)rNos4YF`^Yc&#>S_f z68rDwh}q}oGAq)LdT^2m($zmNegT;C^A0sIdzAf^j@m8DJPKj@^Jtm?xIcvuOBpu~ zHFhOko-s$fBhme$m?`}iz}2)htpy;4S3lBkH$OPh8g(wzT$;F6aY+wNocqCs-?0;q zb5b3V?U2Mf{!sAvn(Lls-^-ln>!zzO3}$pR@xQx!wW{JVunw<^QL#7If6zTQ#_d7S zmX1PlT^%TVf6CkA8TqYadz~208MaS}8~JLx5s6O6gh2hO7;agC3sX5=8Ovlj+=Dcg z>zulnFN=MLO32}L(!L3^$)cjl>L1;YHK>${-SQx_=|aOX@+L!fU^N|v@+e^|j9^2) z@zkEjvY^d2@N45EZa`R@E%q9phvB2Y^6RPZ!!M^mhD7t051Nu}9(vdRAvll2%Dzvl z`w1~Xe%AHAi^R6l92eO2sQ(^wr$H1ofzK;+Q99czOeAi3MfRRcrm08im~(~S&lRAV zf(9DH4#lzUL{bJv_@x8=@#es!WCa&^q(5!;1tY&ZXIZsH<;zRXuJ zvH>0T$U;6>CQhjNhq=mLlYzFBNFE-v<+`BA{Y9Sp_q~G|=8;_;c>y}_D915nr87fB zgGYCi)qdr8w2yjn1K8)3rv22nB7*{If}VoQ13Xuz~qj7P6Esu;dEF%Ta;^K@@pyqjI52rSh9;)VOiO zqaV@bN~Sji@%A!#DC|KKEmar|s|msPaIu9`v-E=wEe#vv3?%pCEe<`i7JInq!nq&j zTg~tO8Y@?m=dTs}w_`?wgZ1Akv$yeW)LvrvRcA|lR*0nFg`0npCFLc$LRa>!6_0hC zi*zR?;tHB}$t~C6=6YT#+~G_C1{joPW!>2T=tkXmuOTlG6tgLjFU*m}erVdtZg;jv zRq(q1kX<(N5 zr!c#2!qIBrC*`o*gMsb&M}p?H)uDyd@b?K{kfo@Ep0CfEbJiTmE(%XUikJyB>9}&K z{=&krvTaJ;Z%%IyiX4&dwBL~*kxBKs2W=sG7*Nx?U`k*erbG@3ang*19cb{8=Ckj9 zsq*?G{#N(rls#IssCN<&{C?0ZjO)V_P%q9d409~r?E`X%%bT-I-!ouTig3Y;A0~@~ z7v=q~#Oj@{5Ff`xd_kZ_x4@ZMK+6U!x=4p2294ib%S!$N=#ZKc>u0m?azcHQkMm=u zIAV3gcmuY8L6E9JR_nJ*W7uwvbCW7_1-nM+3Keg_GagSJv~hjBp%fU<7RiC}FM33G zR7atpxA&zsuoCauToP6Mti}KB7BjI>H80pvBCln43$%HxRW+bE5Rp}S>aH@4doPyh zlucb5`c;3{q>0KCh;^eC;H26 zD6$JvJnQR+DB6ZV!)JF>r;lJ{6)CWAjY29K2JlP9x>RU-cy7dJR~~74UDa%cSpCKx z#Sve29RI;ayWp3Z?7v6&rB|%rcR-K{q%nD`BhYSQIyewxZjycLbS-%`ZEs&rl_m}M z%C_53wJI~J(X*HEOHiPNdvH`KP1Fw9T=9={6`#_S7ZD{+qf=mUx}YQmXH7=*Jxe!+ zZv)Nzgf_+oCD14yjRFoGd{g?t27;)>MgCh12rk#F%ws-D#J)0A2mx5%Es<@FS7mBH zZ*}`i^pPD7YR`yBN{0%Z*4Ur~(Bhqpz>G>>`&dX{^PYiDUD9894_#jtS66(!L+55H z)YpMzR+sx`nw-MaF@lVSIPmj85s~5vel_;2TyJ`I)e|0|xFd7I=?Sw5pSW?K*FKb> zMOf1Q={RwU!#i6oB1Zx#STGt{dr)#-G>AlK5^s&Vd@~I+4~(kEBh4Gb9?`v93e@8p zGygQV?t(`#e3y6ihnRV-B2-5)cci_}#MP0f~Z! zj1e=5({${Ii@lY==XhU6xRNOX$iS!uoBq8(c$8B;&$mdwVSvjfN6MO^6s6+9{6R&W zI|Q@F_xx}-{rxE6z+kx9Je%uoAnsD48_sEC(p~f+Tzth*e|qFkMzaVRSVY|XinoED zZ7o^%8J!%V(dTqr4N7~I#*gY8^>uOQx;`Xf4 z{@xhKArq}Hc*5UxVsM%nEq>L(i5a0an0!^~WXZG6XJ*y6NYm%V0HK>BoF|P^03x8)7@$$k_Ngf%MO?f8A(R=5S-nouQ8Nt`~IEsh(FN z5)Sgs)~Mc6np#T0j)BHrNT!vj8ceLkr~?!VIQkL8HXHc%cX?lEy7fqG0(lSPVGG}l z?fG!JldmJI#|EqEgZe4Hd>n&WzYP6Tg_hRGmG(1c@$_>rQMj`^~6@8}3Tr-FEd1owm_S46XjObK#KB``6;P@yI1 zez?nDgaw}@4oQvPLQ8p9dA7;nLM}tx)x1E#AmiXe{Gv-|0H1RnN?)+c1D7W>LgY*5 zWEXdj>{)>n?Q|o6oosQmjJDi)Ar`f_{RLFDN1<}n?i1egslk!?vJ%p8uA+n$n!F%Y zr-R{KwfbBEwVG_T>U*SxQ#&ik0@4E#e3X9i^nqL*Pbx8pc=MLO`k389v-Qw~oX$l3 zx{jYXwewcPcMUoJL)eiDf3BcO_&Us1Waz0ac)qW!D;#w`{OLagEazM)59|<)$8HE& z|KKku0$OjsUDwm$pQc7vmC?q#+Ax#~fl=Ys44Y-{`(Qx@&dwvruGuYBnhgGS4G$2# zB177NMAp;j>PR-%HMsFk(RtF14@4-=BP59Dz8FIYPq@PyY~Iyl7aFfddoQ1^gPa8A zsnGigKuLNimWbWF#5yT=5hz9KESe!vcJ_QpD$5U1Z17Q$QF7{${Qp2Jm0 zKORU$AYFMWaBf2^??c)=Z6}7Sxm434GaClg=T|_?M5uP^PB^XV2+1Yv_N+(kNR z1rU5{YN3``YHVPfF8$bC3TL3hjD+mhXQs%kwJx;x)~A)6B_(sbO! zI?tvsy{?fj-5R>IHx%X2hc;mGg_tYYu05um%JKZT5%o;W+r8s9eJi2*M#Es4ub18f z)F>7`#$R%3#pMC2h74A0DV(PbZF_G6xObPUgXZ(ro+Lip z8-6W%mNgBPOSFlQX_3GCaCi@G(Ww|`eC-vms4IcxglE2_7@Cr-)EkF*{GPe-?$F@1 z=XufAay-Y^yntY6q3W#sXBrRJE4bO9&h-TD1=XwKW3VybC>dJ}2PEc=J_(j)+F|Dr z>cUCH)AM^mzxzXDU&62*9%jejC z7LzOeZ}<%stBt1Ln#Mjqsk^{aQ__R({~;*Qy)wQcjQrUmoJP<>C<2z>)7e2?D3%4V z8544)uHV2Lc%ly9*g2B}KbF>WC=L0adx=<4^aLwN2yIa%xF3w#iUZtJoF_H6ayKmTouxv3spSOC71_ZC(IwY_=*0jej~kGTO7U?GwWf5vCP_Hy}C3+pX$iQVi{;CEaaFhx3|@kQk40;asiAG~ETRC7mtxQwafHvQm@Es-# zoH<{qmENW*V82{H&j7B%FU0pZvx6@;02>+{(MKbD&E;t=jtAlYqf8v}xkP0Oj|sg% z&ns0R$mAG8M%UFR+}2a5)hG)%_(ra9F8RH_qC#3E_gzx_$JoWyF z^NUsrME}Imfq*QP&W=a-Y!=;%vUsnzpUcFGsgZTVA#`&R8SvxA?Is6;od9N`!p+sE4b&7DMX! z56V(vTMkqZn?NA_*F|r|b}9n~Kp2_h$hrz4f#;tEV^Fh^#D-X|fePLx`;9KqK?uN9 z`lvZE^LT3Q8|=E$#1Ls%=0f~O0_RhdN-a&H7Za_026^MxD&2fOk_)&!#h0rFL$c9* z*ePH6yNS=V{tGqx{DIy4n?ybqHj>o-jR(UoSbVRnmv#aJQyf!AIKM=Th9|vP4OBuD zzQPZc!@`g4g5@g1QCrgDdJO$v_LxRzp*dx-GFCd@UGe=dVO2xUTdX$$KhoSE$UcT} zr#4>-PzKd|C_iY}qe2b@ zwL7S8JMLkPC6%Iu96t=rK%^a!Ru50Qk` zw(fjRP2nL&u76I@k$Y9#w>nG$ep9e-789t*y-% zVk%ePBc3*|Nm5bU?UI@%mF=wr3T4?H7IjhcbQBrrsXJ)j4sVpewL_mu$~R5IEB!O> z&2MlfrMNOhTySEH?}M%~1J87fXUCe3FS-Y>^`I?#3K={M6}{Ge(LhHxq%89VGlB$7 zVg?a@!r(BWmx&K~4kmj`;jJ`s*KvLc6xn@9-kZ6m2`J69xcl1iXW{&vOxCZpAl(C9 zk+M|3p$|O=qBapEq~x?8&ueInZQ>YDkxj|`lZ6d>8Iqt^aSXT`A6tmYKbh?pr|zb5 zi0P@*!YhJnc)(%=!WV)Fa;S(2w6_iD!vw5Z3QA(R##AD!cn;p8ACIy`j-3^gMzsJ1 z66PYiNn;}LyD6z9rie7u9@KDdjuekd>sN)h*_fiJ+Z zu_b&89O;B>=)7$_W6|u4Hjgromm(pEGpJDr}6 z3yqbc-=E{>Dr29ia5SsznU{GD88_xgZJ7fqP_=3mmF5v|DIh3R!kch3wysB^bts)9 zbQH`NtY>n$(X%JJWbuY=dx{DKRucp3b7_pVLx@CZ;=D1xD+j@R9|{tBO{_}#OgHox z;dJ|OXheump}7{j7(h42fcY&&fw_ASKWPC$b<5dlN(Gw0Tn^c=rp{_LxB!cW9^wA; z7M994k<`hX#JX-sGmGei4D%CRMI6~AOY8B{zQ8`Ymujxn>8o?6j$5_!3qL?lBRh(MV+9Y9c_m zv~5JcTdM|L`0;b&c?}%?jmA?PjOOv;S0C#%g@#U~+T#8r>zX6i?-laqarhAGb8b|MI~k&aGH<@JWEuIyXq8w_ux_ZTRT>&?b58xz)l>j;X8}XMP|2t=YC#UH8nRe@VsJC~!X;1YV z#LC~Q^27taAbgdBuKtESS@QT)UfT~vRK!{!z{-;oB#$6*$j5d>)=9jLjV&v3CB5Fk zDGNj|i$}kq)}0omPOT`Q)T}$-ESd8Q7_@hzw{mzRvJ0Ek6#%M}uZWw95b}Qy>PmSq zBn!lxn&&83HRg0>iZ)EUruq1Fl{_yGnyG(EVGQn>)~d{vr^c;A8F}V@c0O+SwRXk3 zQ_rUSi6^lj3aB&Hqx0GDOTX5jj3V5{ML4Z05HzsUE-PXm04;GyTU8ZSf8L-&cKW;< z!C1MvveB<6dN6WbGyj7&am?s#(t~BBDEPH=BE`G#&^nE(XnESiUS)DWkQe>Qug^Qh zhH1q0Ua1=gOz8%Tl;X$;RVcrI1(4xd6(w6;G#wS9#p&npj$v#8f?lz9^u8z84_6u5 zO}5G9>yZ}A#tQWO58>!eNHRo2MX6?p8_(b)V}$#*X@GJdDZJQ8YnXu{tpy)d9om4L zA#v8f?YdH`>0PDTA7bQXs-Lvn+dMt7^2{b3jgKu`7#^STG}vl7X+3jrR;10Y&ZofW z_c@Br0buIE*^#a?C-@DmIvf_xy?pUcW_(4{DVZ;F9HI{R!wMp|t|xd2FIOgG0m5VI z?y6PpN=30V#JD3{SNeD4Ve!mFYsQdtiIf5=ioBZT*_X%+bL8ZW94P`vXS;YFukjyx zdJ`$+^+c0IhsWCE9J2~74eEK}8wGd_XZ$!Fz#c`;?f9^I~ zB0txXrIhws8IfM9p{##H&Z|-X? z@Do#^v9$`i3+_e6PRK#1zJGhm8n^61UxhNp=d+|rr>vO9~%jTu-n< z89C5xA0PwUzUwvRi>mziV!%eL<-4z|r`P51z82~W;0MwcyorwRm`1e-lA_mQP8Ue0 z-gnR>y{&gjjEwX$hVt7%ab+0>iF56|!<(n3H$NlNu~bm8OW--}D(`pRo@EoOX6}D> zvQQjBqn2&J+K`BYFXnfw@FJ5q76}6R!BvOfMBv>e_^EkMVq<^xei2=RdT4)gW7P4A zu4;%kC4ovMXc-=533YY=eM&dOp`CQeUJlK4@Tk;05Jngkwxdaism z_gt?YJ_h;Ojq2cy5ePZ*-r`^wjqU8KaN-ig-qO3y;0_4X^D5kN!KIb<|MhaPI7shO zvB_)_3`Xq_FpPg29_7yWn{z@*90vOHv3Xb{=Dt>yU?%;%{uuuf(H$OOW1b(Sb9t@W zX(oJ^+r}xpLh_;SJ}KN)!GxEbQ~t&4DOiv{B1;Sr>d;FzltC`;xw0(}K%7jawn z?!GxCCc$6&*t>D|5G0%EXhk#=jHRp8uETvQW9btOK}~i+-C1^r>VXbBCzq6URBk~l zg)C)X9Xs-O#}M~HzBP0psJi9LmjJ#=N;tVV7^lJrfR)x1%S3Z2%bDZ?()+=Q(zy*GUn+rWVe%7bte>m*n znI9c&UVj5h3U_+LFc}i0AO8EO5E0Uo{lfhyD3<(@`wU2YZ(4%xwtRd6RKFhq(UMsb zFBIGWrLp-*M~*a?-Ob&ie++`2q%Td&&VI}Pf|=c;|Hli`Gdjd7oN4SVY5-uJL zQ$FRpN|~UDno+gQGw90cd~6*fr!~iIm54%eNNq`%1eYsC7%$Ilt~gvgNxGXN)|i;? zj?$a1t-BgkY~j~Yl+9k`<|<)M;-1tr+qy8zj1QswnL;ytnV1vsr+n#&_9HJ&XO*5+ zk-ptEHGaR9<3~f0*{)vDeqNb)t>>aAjejZN(Ed}DFq(<6BN$G>D7uSp`Qb`%zx{)roNvo*|bBwLpu#ETMvP#{7l(EZ-s95d_Y^f>q)!bhsO z)wc)oDuu*uP-w|}sZx;D^IkSj6ka->cubo!ruO932~I1&xSXP!w4U4r{tVdbZ)y#I zn2R=TCg70CUG5k(>Y1v0h5PaKR?#SSp(h1o@ve+?7!f~N3LJIi`y4iv^J+w6q!ch- zQ;d0FMfpro-|DRS9nHg0E+ZY(0Q77%0xD+MlT`RX2mU@(yD`^%WhA+SZO8QPPQQ|b z$Ape|mHiqhqDcJdYl_)I>D- J1H3a?$H9ZuEiJAMAzD9*Gs({(nIin;o4_-gsU zZH-!Mie8h?+hHIY3z1(c96z&Od_{OX;V}imQ*+(4O1O~{7Dv=?p>+pWrA$mazctX%S2K-v zICaK+5B%^d(HLLMv_I>hlIpLE)+?%F=6arWI})?oh8`%T6FQa4k|y6YQL-Tsuq2>= z!GQj{UnrS7OM3XNp-p=Z5%x(nf_+jQ}N`6 zYUS}=z(aC?p^cp(rOQ!!{rT=++;r`l&M?3O)?J2kV3`J`>TOBoxiI zVo*&r2_13&68Aal=|%)lTg^7r@if=*fL%BIuIt{yB8k$^O?XvDtxl@R*^9Il|gvl^I0@?6%IwOG2Vr?qD>pT5zy;5th@d zj{x429TCQHjRJ|YU;?H>suec5QzGD$sL6P(pjHn)0ea(EAN_*K#!WN*xIv5b+Y0^7 zy)6>I8vW{JK#()Ga8GA-Dk6pWiyuL$KxfZzd%c%cI8}cYLn^w_cjM;s8gjgiKQ4L> zyRR1a)s&d+JW&>iX^1l_T(IdKS4y7_B$|E`3zI{VVqK*c>y~g_`Xb;RQWKBH_XbT? zNONU78l%~2#%qjY`^o0A0BOC!+es22=gi>_+e$PH`_PP`C$aOW(2~+~MED>!^#|=q;Damc#U( zp<~BUyI(vg%EWY_#m>jbE@;fJj^Ewb0c2OW5Z?|_kqo-AuNj+go#@o#gT|v-_h5KxZFQbRQoDTfn z3OE;H#P6t9%}caMvAx+;Omj_uu=0-&rlMHYZ8XYpD{GWHj#se9sUvT|%G1#p!blNY zQph)40ee}Vp{zn4#A=3qGm7<^;<5y{Z%41F4e0_yqN%&oYs~TRFE=u zmZPX2SJp@`y#~KZ{GE_0ob1qBlh_fBpbXX`!yD()i#16M@V*s;4}3JKb7aQh)!=6W zetI)HufLk;?p3%DnE){ncs;xGu2xC{cDFbtQ+Gk&k{sF)72^Kx$jXII zh@Z2{!)(ZTnDhQ`x8(Gk4Pustn_;&6^*<=dhBkNxE-a z`-vZrCVp3C=m@`&r%^)m2nnxX%b}dRRUd_|js_9uDw+A=B81PeYtsEVT*VuD_eLoGl)hc));VLkX7ZNfSs_nC{(GE`Y}p-+UkcS}i+m z6Kq)bnZhvRV{<+#m!*Kf0AoOTBv@o(hzx>P8HxASEH%*Ii-SMc9I!(S-+_=TeU8tt zhEjU(KOGv{4jZY*8)M&o0t&?b%Fz}&oDa%)*Dmvr7~~7fRe^_eJ@7_|4tI5x7=0wv zOk!}dJ&MU15Vg=O|CO0&y&2;C;Y3~ zEG&=6fcP)tw2DdmLS}dKd^1*PucR5f65{8#?rS0mMeN$IY_qjDaFHh>cTp#9t3hH( z>NHuu*eYfqtuBICWMjj2Eml=YE>cY9^dGl|6;DDqwIcUEkvY!jdEFZpeG<~q2y-+e z1e-1181ZF6Y7^5(OKKw2jv44q1CFX@MnF2ae2QB&H-}H*c6I+)Vr(SK@alx|rRGaP zE}8r-`+I09(O6rD@uR+uNUHi9T9rQ^dbkR0Xq+Yq*tf&Qa!E6%ysKX~>evN^^2{GF zCNWOG3srnNG{KwJmHEt)yp1>4Hp1Z5ZyuO*+OzMs;+G-Cp`TnOAQ6_ z*XwzK@G|M)-H2l)*~ysiG|I%Kdt4%GXre#hOv3bZkxi)3=r=)+3lv>m?A5)2OXg%^ z?krg|_pPb`?1)^4*RK#ZW=(rJxAT(i`jeV_g?cmyCPqXJN2$t!=bcl9R~^wV;1b`W z7Dw7Ne#F~vyl^V{C;gIS&V{a|AC_aVIk*R+Xmh1vq2BxHUA2Bn7a9?Bi&Lc`E1Rv? zfpCutjm(b9gnp6w+{M`2%^~i%=39bNQ9nMjMuOSbtI+0zBRdl1BMGM{cXcAUN_r2< zv6{U!QL%olmnx0E(}4tmuCGPkOKO-gVgcA=egR{Qx;ZIW-|9?xrB~k2&*xrK;Kv~i zXCViX-$T?nx;j=E2M_Wb2?dC3?Y~I=_zSpXm_ow{D}>zdy-%!||JGaD_6<3;Kq9J< z_S7;m*HR>;1@YKMS9KW5KK}AUN+!HQLJ4ESbW8n;$|CgTYWuAN1YX#cL znQX|JZ5N}TEti9#Io3&2ybf6wW?XG_a~z#$k)5gl^t8yX*&i=ceKhc*bQd$)p|k)s zNwJK_zW@7`pnq;miSl8kx^}MI~(eC!k5HIL1C}7?2Neopq+kMDiVX4@!27SLb24pt5*!nn)cR z6Kk@l6NoUh;%U=?)L|FTDjK@J;Q45f?YKdSiKN*moa~dI`ON&iI`HAFM{)rrE+oD!0cM z9h=l9A$l_2vm)LFuQlyt6?-E|f`;D_J{x$RlW{#>RA_|Uu9+(x39sv8PLWre&TP`v z;VzATLR|xq@kR4J#$4TZy4G7+%Qm<2?atK-QZh6-Y+y3PKADshRhQW1p=13P%+f=# z#5KB!)>@9XX|cR(G&b0NuB9#C(R6#Y|l#{5*8*62!h7n#8E zo0~Y}RGn3|*gw1_?eso*=#`LDqR@6*p5S6J^<;BIGchD#^$FCdqIDBTmq7049&Ko_h>yiw7= zwm7#W*~sSmbQntw=Y~aJUjy+t{jr!YfL!I6rJG6>&+b<0(cVT#HsMT!<%L8q)BPB* zCGQid&=fjFrjom?&AOF=b(gKxkpirjV|FB0`oG=BqWq$jwFg?!1G&b)=g!ZoXN|G& z`0!Z`^OvH?yWqE>-33y9r5PHPSswV5>>%LkE#nnq@ zr29Am9_vkGe6qyn=`YIPYy9v>1uz|d$1C^BPZ`bePldOtl6y|y00vziB=P0Sh{dVT zb0KHfthk$((URx8%gpyR;V|a&8sC23sIwcmws_0p9e#Ga1UK^juWK_bDoveQR&jt= z2eNAOz#vO5N@b9zkZyL;rxs{0>?kZ<-TDe{)N+{9l>MXNm@7CxVG%s}siT1y>n^)p z2o~Q&8>1bpP@#$GhUH-AkzM&+b=ccAFf8gTZm2Wmm#DD)%f`C-Ax2O~_r^n5%tD!P zQ#}l2$ZyPD%@Tw1|??H7+7UY<2qOM5f&4%-Bho@D>?0d_u;>9v; zno<9cH9yEy6Q~y){rd*QH&RRB#_PHPtsfbTzLh@9{po!5dxcd6ugEfn+Z4h==5!Zs zZ)nzhC0O|~)*{igGyL_wF!L&?H`87$DL+d(epPQ`0F6BHXEOg10vlqLwcWJl$jw!m z>M(IBRnAJ@5q_J|=~E}Xu{)fR1>f@6YvcBM_st^#$-&U}O3Q*%{cS1QNRKXW#H z1WE+ducQ^ikKHz88rXVVDMo%1?IhA+)jbhj!D>OEMm)&$`xaKA`HB^jYwK1#c)mBC zQoO&tEq0Ih#U^}rxpB|E)C}-Kt5E^b;9!m`!c#I@9jQv~BP@+!2)<_UzP_!u1O%cyENWNa0w2lpa z5s`V*_ihp+wr;aM)+W&>aJtI)!!+W7(puskVFPcR49ir7)Z^sY7^lC$&%k*2nzfd@ zSKIM>=YgJH-jXrX8%{P&x@h&3vVo7|jY!KKaycZ{pvkv|BZPQ!4CT&A6ITqjY28VhSF+{_6GNjrkMv)kI#7wc?B8#^P|+ojI4PZwq2Qf zvz%Vc%HD1VW$*3X)KMdkDBl*n?Gl8@!a+hAYAG(*`rOBNgORGa{;&d9=20P3jvkzZU?gXVpu8xdC=?^v%dA%6QL8NC8X_nbZ`f>Z)uZdaDP_e+=?F5*o z0+5pT=0l|-0-2pF^W4h0=@T1BJG#rT-L0RQ23KUR*+Gva;T;`TAmO&Q!`HzoIf2Zi zt2|t_X{}G@S<&rI1-E*onhf-M@{%7iT~0yYnJ^iYnZ)&p;kRY}Z0d-HQ(wD&oXpP? zSEVf5-osktx`S0?&Os1+Rl>4Yyndqt25%Juj;K1nzpZ z9WiC;j3a%yFtloy0(1$7cB0~2v5P;876;l#yN}THMjCUDTNxW^+SUnigSbMyyFvAX zM`R=`lklw&W3toKeP#BL-2(#`R~pR9m{V1hS3gycCxd8|?9aj9!RJ0bS3@al>{6sJ zbvnej>!N&k-s0{`Z4Sev>76s}9;@lyBkECto`aX&Lh%&P$8 zKE+gS>MM*Bd)1i&UBEUQfg;k^W*J~i`*}l~lCR{d&qa7U2ngd$7Y^~KqTQ`jrBERl3FUQE%LJ-5JAd=kxM-3c$_iIP+&Sw*9F z&7-tgEjE7-r-uzKH2h$(1=?b4?8eGdry&pMjx=VyT}k0Moo&)|vC-3P+k)>hXBBZH zrXS2iw~r)CATBqj1F>OQ#%Al;s5<5)6N|rJoN8qkGG>7MgXC-sGAfRuYboZ^$103PutY@$0VdgCqt!H>=OO?0#D3^?ImXV#Cnb(W4Xtas z)yK~;k0-TqvY4MPk2R`%1`YGv#&9MqM801)@^mYR#A3i{(o*gM;9X^MNS6x!WYN&k zUA=B-6`_09x#4@U9GmB_B+L#8Hh{|s$$*&I3X59Nb25z6;D)v-ZB>#ImMk<}@Lj0o zhb$jW67!*(j<&Pq(h2|446_z+gKsH&ivl9*V9`?;E1SD>U@C=;yxcHm#^}HYgSSkC zH{^kVSM{up^x0x(w#FCvF|*qE93-+{Uao;IOGuc4G@Wju%X7dSdHl%%0l1N=N#me0 zg+(@oD-5WhPC~l|2~$caNoOVyN5Z`6YO5xQm8bTt;62E8x+S6CV5N9b zX`mhdBJ*`ns87@r;0zLyf71IE!o~_W?MgPV^hTL(Og5AE-H&9wD^{&0)J?~dj;0B` z{Nas~<%9Xozlr`?x;*I=ZsaZfgAmj32SI6G4vSJ?7Axz5nHC#-q}etv=kVh4r=x?+ z2Yk#lwSD-yqzLbrf&S)_n0)5o8)&BHVRo82PbCa>Sa+j4a8^MiAx8sEaD@c%LH|bg zuJ}K(Tr!|ljuEf;@tOmZ&A9y38=N_!ro-gcG=Te9W3`)D1HPxmYk*PjZ5(;~dr^1y zhsEuM$(GIJKL|JzyHR8pD3|xG@4vFX=-(aLzsCsZH)n{HVSOfaIZ-T&HRYQ3Aa81m zfoP01FUuxa@nl_GmB;Mzj1#`bG2RUdQwkri;_lKsTeJvTnJ70@)Xk>Pdl95( z7!y4W<-juJIp}ngIn-CvhnP;{MuuZv-+6<2AJ?HN%*-(_N%i&>dw38kZ9H5EmsCW$dU1VF#P2F zO_quW0s!FBHOG?i($u(x`aXSfJ6?I+=Us@qBMoV)_HbKyjVX0kd)Rd_fVu}>L`%Jc z5eLt4@pBN!qY^NxF5ayt<5uw$$J?PI%2hcYuhL3hK_Obm@4Gw|;_#ULF8C78-+Kft zD#TNzg}Cw#~1OCe@BB@xrqExD>!c==tN zm-i<3l6oN7IenPH6Ezk24!$44GtQ|L%+A7aI}j~fqaUp#o7}Xr#OA@t7V6X0e5|+z`q;S*|^Y z26&X0rImFBR&0m`#_OyR_@NnbY!IN`cRh{`t}*NFmKtqk?a!2cCKjq~N zDsl7b?o}X7lNTGSjEJ`^0$x)5s?JJy%)1w3*7zn}Ng&C1G{;lA3Fxc8(6r3dIU)J!X^H>J4y|w1jRuho3Z-|JA{sASwyW39=amtmc5_5 z7cwv&b-d?QRp2}RBK*1e*6d~hz9Qh7td=wBlE7;yD}_b%Cx;jSZG=6SKd~X5onkMh zQd=3pQT4Y}JVTcNSj`4LKs2>J-sC~2X`C59Vy)|t$#qkxt!Z)L`!eCWp;wsa#y6eb z=dburcFSG?3p4mq_;0o8$Vqx+hF+W)d7GDC#m7DyApd1vxwbsRLY#`#gZooGU_PZ8 zPr=0s8Cxrv@Vpl)x%?eS>Sr(;5?dBJ;6)gvoc*B6j+g?+{cnm$eu~QQp3Q{B}|pyQm}tGV7Z|2_jS zyiG;DH2sS3Wkf?*%dZp1nOs2Z)Tu93Fq^YrRY97=nFMxqklm@?}tf0Hf1;=U6 z?CbichN>Q0g|*K`S(Uf%S+aERPRuY z!bF*&hcq|Elh?t2_eb5n3Bl2)<;3K=z(k%}5Z;v;l00LE1^L5=0zI+CR17B4Y|*Qs z<@Ut4X6HE2VY{s2bHZ-B*JJzBU?at{FyC%>|7Q3(jUzwz?YlvF){8^p__~q+ykcU3 zYQ^cit<9*=6Q&xIJ)1}QIO3h)Kx;Qg{H}~ z{vI2@Rd!M83h*$E0z#45okcLP>U2`^Ro|s7`PB!`@V!^SY;0M4)=5WB*F~2wSmI&+ z+GIQi_tl2^2wp4foqDfFyL}i(m7_J#(484WI3ub0PUqcXda}LL{#5kObg(53IFXUr zgqZ=C6JeMr(*GY!3-1+i_5C||n$)#Gf9M=_`OGB@_i?`9P`j{zR+_vj zi{+2PHdk+g?{yF=2@5*+p_JyEftokR-}^+|{ow+FWBu>< zZNK85+x|%>%)ma+GbiwU0Zb0w&pMR&ZNk+HrrKKPNiiw(k3CtXx53+n7h^mVi&qtS z^ce)n$c2N}Y*EQy=_Hq|*~?O04)FTfoew;KNur!2vEVTccJl1sW*Wf^F2E1GrYhG>rtDt3@M{9 z<4NHEJ<)>pX3yRAeAtIo*STYPLgs^FK`x0}Dq3li4OewUnojj*siuWI+Q z7=&A;+GO>pcqfJo(V}_#-He&$RP2vM zeK9!U?*qVJXi@)zP)l+4wJk=u91WN7G?YeS(*)gn3l6q;8NtC8`u`SeasRJii|${r zB}dcAyUH?0srgKi)w2yOP#x}hXNwEIheddAN6@y&8{d8V(LaFnsNe0O;_+X&me4Hp z5Z-Zi#P2<3aIT+yC9|XK#fuROF8G2M;C}ireZcR4m#P6^GWWGQG1D){=MiM)wFl`_ z>zbuO73gNGVe+{QdBLq8QA%)ls~Lrx=&u-f9R>$Zb4?%#H`Q2awQ}@mQ-1K3vIf~l zSp%I9rfsNSAUHYEZVSAQZ+Lw;tur@1(6kKy)h>{X-D{M{H@6W}1JrcBE``>RtPJ zG3eR`Y+Va|t8iN9(rq~~QYSLE=we8`+=2>fVpGM3CEF=|PD5$cgmPf<-q8OXF2t z(+Y%yn#$>2=okHe06ES#_8%W69U~?E;PK0Pw2h#qYPpWHwJz4z(-{zmBR-#8>{~bOBpWLkstDtiiExs~pWID! z_uG!XlIXpHFY;J9 zaC>ng=Rtja>{QDTuH!c{w+4Gt0pwqHNJ|0mhjeCT4hJH7w+L(i7M z*Z8$TEgtK{5XLxo`Yrfy+e*)lL632|7Au86u>-NbPO7%4qqe#Uvie=v@AJ2PQQwOK zJ;Q=;q>J9QuQTDl`ieyqCu?Fz&jNfz?^o~J-HDjlcpz!(TjvG^4mHs?VYwLCx=5N;Ds>!5#c3Kga2V$1BNP>~5$wVG zLQWbUME(gb*z$r%R?-HYg1#s7IQxpVu9rD%8RFB~HW61P*Lvw$nZJ^m1^6 zTWuU$(0u8Z&A=N`OZZlQ2urr`S7br~U(=}N(m3VUl%I2yt<3N%^2+3b0SrTl)*+g_ zTVyY&*Tn1<7&_GGY28Cb7uuq1g=Pr=fvvoYH+XpMsvN_ zp&i0#_1VF~UBPU~*=J|%OWQr->pqmy6-7GfR!U;~^sUmHRyYir3L%OsTZr;Ts1#Q0C!{&1h9M z)BqXVl?jS)ZbXN7$2%?CP^@8LXzSF2YUu`2d zo~KFnG~?zt!})C)CBSH1#gS#k&qcIJ%Y9Gl4VPX_F}rpSCeCTEW&FA;Fzi|^{LU2m zy0eI$`8mxwAod~OE^E?nNde8^SoQw-F#WbNHX&02WAuss(-tWsGXvsLg0W9G7p6Aw zw_yWu>u&%Ig*iBx)n)KBu<)m}byz%GwwSnS4)jQVcG@m0iq*oy>2{v|!-&nR!EXgR zX~pfsVK!|4AwR;`6bh}64es)DXw^J;gO4;Zt*4nt#OH|A7zhT?v_z;*l`C^W6uiS2 zw;Nw7V$C0gbuj-2`C;>y{IK!}6PcG)t{KC#!C$o$(aRmG7s5;xKKkFt4~A8C@Pq`! z(avCR>k!B)zgYbyU51&GEVn@3H!N@tT}uk<7p2wzU*v~w+9=84n*4r)wVMNpjhy<~ ziPqt~a43@wtHRpLB*G;=Z8oAT9-%A1IuwuAlfi~nz5Kv8jd?KMjL_;Ai?nKW#+rXc zIMX^b+02S;K*CLg&P;2GP8+`sXGiDv*!x0r=06D96&p93a``SQ>OU<1C;2h)|3H4^ z|99la?(dcnZH7~>DhSsLYpcpM=+2v?Z<)%YxY?3#;7OCMBVu?cz^<59Vx|a)yvyOi zc#q3D^!Nt>%o~uTF^kBHQSuD)`T=f*-oxAk(a@&v#Dd^Y&dAQZOAf2-uHh*^ACt0h zE&>j72ynMD5mJ5#`~`YEe8ZV5jxjtbq2*wMC|5wNCH`w*E#G0$kvB&Atbb<(&JHaW z@rFylusz5KxNTNo_*!gs(X|P$oCje#ujTI(&bn_$Ax95_)He^;%O&mUwkh1joBTro z&;%v{Hh^a){AQ8ifF)D4ab(^iD3K5ZueBNyyf|_UFs^N~dSLlCKc-6+9L$ynx~V5~ z4lwMIzHCuiY`GyEN);gx<7K5z*0<6JFk^_0EmoW(4=gSR51QK_8SJ9fHZ5c`5Q&FaTjNOzf)j2jk zbBlgA#IF2#BeOZI5rB|9B9r3;}(ZG1Uht47`xeh_5XU$Q8UPUu7y1mWeq@74esM^j|*fn%(&;le>ZuJ~0zsL+UKXlY zg4xp+7V~MnfOtvf!{f+j(%&E1Wavi%dEQoWVb`xjxI+DZq{Daj+v;cu`MU@nG*aR7 zQoW-+E-Bp|%RmID=;kkhe)YH$?J4{iaZUxx&9;TW{#@~E0n%z_3tDKCkaL*GU&^C( z;Hv+}`0yjysfhqM>X|^WTw!(s4xeb8ni+t>aRQ>Qq9`9^=#U}KxH(1~LLzty|s zn-xoMp_I#hxSwZ57i@%D@u`zvSUBRGfocK?x*dh{S=jqB#{&G$OGVL9esD3fJpMfU z_z$?Em%{8715pe_vLl-QBL~K zGxQ79MDLRRhhp9;r|3Mv$j@~Z4l`q{gl8Klx)J%yzxtE%EaQAOf}WzV#@&BBqGIW0 zyzGL@MW(J+p;mzteanJJ&)P;|WksvatcN*w4|+{08Cn@v=@p-S{?^AP01;^awQ}fs zqL_wlS6jxSGg(wy9#Fz{1vtwXh6{k+PTknI9B15$Nu44eWg7tkZ%l5T4T6Ao+pY=XE0}O;Ky6Rr!2mJmvI3J zPQFB&ZZCfnV~n*`o}{?c4vfBsj~ZL}{~$ENr?|cw%;|Qhcz)1Y zO*GMQB-W%W{@R(6EZ9yQ4MFdXV?5}~MSZ*{@YmiGm(lAu^ayu-(X0an%_;L>4>zPq zBRfeGxnjacQ5Z#9SYtc_)8hxL_Pd4e7L-+6Jd5x~iAstPX@?cTmZrw@z zi<5=BZ(scMr!Mwf=F9yn{VN}Vr!T%U=E!a&VczFI>&86ejR`P1dbX_aC@0&+4A3 zkV81BCcRvGZ;v!ZGS5;goU!jfgBC{9V!>bfl`0EUuIe?EBnbG$!vdiWNt3UwY;bMi z5A0i&z9|wQUzh;|u5JWrJxZnv3hg-fAOVr&v)wSaM7iUby^D5`x|^yPLF-N(W9K{u zwFj}u@N3iI0Q42*c|Ky3$^GRs|E2j{kvk*e$+ufg@Fy=>tdCKO95kEurH0GUIzj&+@H#ALk{eP8Y@Rw5%NXgv ze(uE5RbdC1afMBkXFH$SotoJ~*hVw!9JiFI->>u6%#QkHGMEukCJ_zpSv7r$zXTp+S!IvK%R=s_*!mH;#r(I z5e%7ie-I4P$CHd!f?yY9Q@ot-uAB3gg%4)1kJtgC#M^QwE$GE*Olbd)p0c68Feo$^Ld#a)%X~^cyZLp|Hl= zW{V_mh*LJLxINlF=gC0tEu3~@q);>!CQ4zZIB-K0fH)PM4yNB_a6I7r^DgzXI#Zo> zw|NccD&Rvl&od)^doc6Yv+drW(VD(*kS%zLoV@wq?hZk3SO9{MJ)TiEvT~iUFmQfu z0$n^S`qkU67-9=c0bpBF!ocnB(K20sd+fX!)z2uHZ4Y5HD1VLej>a|HcxkpwgBP{+kOr1M?0 zaQVL!)zm{a@TdNQFTdqII`XbH+oC&Gvv3;lMCAq_QNYni4{dce<}J)Ni!`9Q0EbI8 z>cF`&c3RZ5B2i4K>yQ*Uh4wA6eP-I~8DsNN?7gxXz|E2OlL{Wd z#-&OOZqibhCb@e5O(|(_5?-o;(&$7TH`2~CNXfICjv4ZGf6)>(tswnB$J-)Pr>puV z$}7ky&q^0VfDC$iq`7JmK2-`sa*PuuZ{W@J+77&z0_czOW|YukzuP@Bd&d2PuzMY> zT!(W?r@<5~iCC;moH*8%Lh<<8>9P9q1d}M1X)=hE)~9T46k}jj8^D@r1$}f<{htnx zrfADA6+@>^IvC!Qua(Kt^Kx%*G4&uuJU;(mB03)iQv7)V12c?D&rj?B#AjX!nEBc1xH@k8Ife&drO^!qWgpJg& zs_(WbR>lOrivc?EH=7mClA>v1tgkk|(>FO8lKl>J)1DwzX+Sq?@_nNYK2mtfpv&lP zb2W7foMkUnldYmw2yh;F)}^nSot7Z!Q`(g>Q}VXnOdHLasCdofnAWm;YeL5o zO8-&9Z@ml#9|_u9YnrR(!YN#(nTYauk|-8Jj zBf)YpvgtL-l({E)yUg`lMdU=e{h3a8NJe&`Y{dH%^r51HfcZ}BSKtq=FL@sIHd@q4 zN~n0xy9`(2rOru~q2F_Xo@s47%poId4q+{$(?PBQzHbDpsY+7#66tTPB_;B1AgoAO zt{0X^m^&Q%2BW1Zq5`A9puqXGV0M{TzJji%R!5pLT!Tw# z#ln-7bJI%Lx&FW*b2iGB-4GIO$ia5jZ@1x4Xr;ocohpmiZgaPN$I3%9bwFw#)qORu?RWyIQO{$UK>2^&6@b)LaqCf4#T zPt)x4&&(@w5@31gip_?`ci!9{RARJOq<1Px!oQl75KCziaI$F0LfMoVY+@EzfSe-! zs;S?lEeqY2%{wC9n7Y#?(BLdZXu-XTooip2u*~j-`9J0kVbB_vN7}DqC4==>HiPYN zUGwrhpbVNJ%%o zd;o+fcxVNLVqda0p0E4|wKNn|gYjco($Tbgg?5HxJ(k!6TjCs0mqN|gfl8gDm3=f!K z-PECb6lfsTobXrN0Yx8cNsIp1cX=T8XraIJx(9krYvz4+EINr zh~z}OD6`*6M2y{z?cwjjqhs1lcUDEC0>Uwz;ehNcQ!>U^>~#m8$gCEGKitTDI@BEl z%(_m}D|ups>)FZ79KnqCm**dvwiI0&Z{zJ{SDa(I=Mq_k`{>F;xXBF+U+LwK9o zSpVFxd+Dk6l#eFCL6nz^W6I0N=V9@w}p4Fj1T)pjE~^%=+k`DZm6J zRm19J!LGsQEQ=pFU^aIt-E$a<$~(~lGs6YO< z58c5gX3K=S!}+fzpKTk#9>zKvru`}Vvm@>9$f*K5FP{$sy6__(GPS7L)y_joSk@ec zI6FXjsZORnw39@dHnD2K_Vr5hZxm#-zY1|sVg^f{Qip3b4E*>=nT6xm*zHj9gO3hM z&!kdMrq><6jz8Xe3t6g6HpuH^akLBAOyRyou?$EpSEDLTmU5n?YOBZbSixZ?cx=C$ z2U`pnGWn9ToO;)@P7;j)NL~e1G-vx0ZRXb-H?~>8$SqT77qh*#wRnn%6R_K(kJZZ+ zsWp=c6VhE0?_ioEml%2f1EvFX~*<&%G+J zv*`mHI|b?&)kc+iq>!{Z}g%H5HU1@g*N5`5miLM=z!-w3sg!E zF{6TR6ymGfooCQ3Sv|$YiC=J|`G=_9i0Y#q!2M!-VuxO5U6QA1!nmvlj(>aKcqM$V z-K?O*2MjI`!;(!*qK~pk&jRanbuc*zd?>5*Xu{_mzitPpTU8Ut-&PF!6kKiID?!=a z%`VCu>8U3?v-BcZUBkiptzK~IRE-?CwTho2!8#}Q$8Y{4{Q;Oqfu<7{Xvp;8nwn0` z-}8sdZErbKaY`DWv+6o~6w;j@)HIZBd~moCdZGvr##k1|F{ z^5K0QbtnvEAwkUA7DVJT%Sicxe0O`dG6TD};vHC38RQGVDP%Jop0h1gO~q4i^1{WK zl^WuePonihI=|B&7#1YYH|X!n#hS*+gcmPDy}BPyGV_igtM zTpK4|iK>`)!Lot6GE$xm^tNi7D9PX-kMjO~S*69TLLme0-K*Y=4HZ?Hya5ei%pJ;? z>}#UG;1;DZnvt!{=Uxi6Yko_4I*8T({UnG2b_Qi=kx3MZ6s~7so>K%S5i=B|p+TwG zwa@c*aX?xK2!YoguZ14Xb1K)M4h-3$__N283Bs5gj^5d(NFK|YlR>c%^Ar;TXYTaU ziN#cW&C~?L0o+b%T5U&*0#23=6=%IRh`dNcbq15cmcdEPD46w-pM{+k(D(gqT+=a3 zT3z%r{+(&N^A7NUgkb(xV-;WH`0!@7ZIA(c*}9cd!BTI!prSgmmfk*RfkJks_og4( z2GLOoC>x|1gAGqN$H0QpwFkZcw<7FV(q0DYn7joQiIL;th!A%tMY1KJE09L2`*m@b+XLaht16O& zbEclP+LPt~@(JCB{S&!r{DGOX(+N1FsiBqsdZcG@VTIzs>c9Jz9nd-msg&5_TO#|h zVX9Wxojk@63W>n^le`CLY~9i2LGYgk{7xU~nUbqi|AxdS&obQPB`rg!lT8B92 zEGOhTvyVXfrvg_z%1Bvp<%r@J>){(0x}6O^a-Tbj$BlvJIpZL6&p=zxTBYbZ^|}z*Uzg>2r~*FfMZa&YmabjemO5kOd$^J z3R3aBs)A&bieGkSPKeBtTK+-!-1cQjr%M9TOV=df8_lK zFm@`dKGHKnHlQkTKf~A=Q#^_s_R7Uh4~$)1KIyGQ=2fe!e?c1i~ZQTibWO=93xg zPxj5_;5xwr$(4ekyScNLfc0>eDddLGKH1>Gk;?^>D4$AG8lb;vdgKZP0juS@=vBQz zllW7jzZD}1%GF@odiT!}xN84?mNKw{pB$+}Dx2M}*C;cmcM12ECu*^h53tKkPHCrd zpuP!SiIXsa9s8d6Gie#7Oq9T@v_VyaE7FRC}DM)=Nk$;4Iwu^dKZ ziCiax-F8kiO<=;M1tR)(cJ4!JK80N6u;gLYv*Z1{lr-pljX|WU9lI}S(<*?*j5S;F zTTLC~$kxqSudN3y{q-*hi-GV5L%Ei4A2s^oI;!Qbg0|yJDod;KW=q-8Eu2PTt z@Dd=VRX;P;3m{?IbRvMRs}}2L{6ZW-LqVf0YvD-0OH$YeBDu7W%y21PE6s`HyFC~Z zC$Lkt-2ziW-(Il41{mLd%Mhxstk^DC`I3+*7B0X%(L=4Kf%_&m^zcVN`r8KEEaRJ* z+R=?)f0Jaa6FLZ{Yd>5}^b;qLzie%?_R_6qttOM1WwjBnXYR`e!hS0T)2rhW1nO0&jAe+LOOTo!7@4Bk1$=|{ zz6Pa)lm2=ile$0iIkNTb1vRiGzG>Cyddzfv%~5gZJ#KZ9^F#?-_d1Hn|MzC`m4$zCC)Zrm@7bD9Cko0uTH>q9^;VP(t^w=<5sZ z-CZtbSVJ+K8Z^L7Ie;a+>bCq}2=Uy7js*MGp%||Nu&7rmfEgkh5hgO1x8@%gOBAqt zRbibWI#5?%UKh0R?1NF49-HvKxn=RxaqeI$K9#;+xBweW#Z1AFAv{T0)E@(xhlW`( z^aD4~jV1!*j->myTqzJ9#iMd(jwnDyB)QP<4Q)_m>u=^eW^s&5ZM}sdbTzkCDqcgY z;vv(I97}|i1N-UQm?4mi6dKw zn@!6L%SEW!%o&O@2&q}&sDZZnIPFz0Y0eUFPZMG+?KvzTHZZLm=Oo|amrJF{589#> zVJ%1``~*Dm*TvW-lb58Da6pIaxr~UW-js-@{-z%DVPQ}yVbJRMZG!0yQR_{`j|CMF zPv))~%^%P8S<5;A$#$GY`{tVo4)VMg1x-KI7}1-_HvKL#=>p54tFpeb?6(N+&HI3| z0}Et0K-jwqqdBV)n5}9k7jJR{B6i+%9H~dA@8Sfoy-9s?Qe}t^@vM!}oKbm$Yz{l_u=`KOl%h^2SlgOV}!Z55zvSo$-ARH`Tk#3(;D*CC%Ub&yIDQ5Qn7(jx$xg_ zEm^X&`0$Ja=wwO0=28ZC@@25hunUlP3W}TZ*X!9Jry*}N2-OuvrT~70O*m;1o}IG$ znlk$}D9xb9W($35TWmF0^%2eQRK{FAiH>MEG7885je(?j_osvIH0B)^q?}RtQe-&i zp$%pVYW(=}jRqj{W4ZiGM5^SQ-tv3cOoKvNBLp|i`qSdgbp+`i!} z8ED5ld_$1@K;H{gYgkhca=2lo%P_|Vp;tbfDHWkvk% zA{-qFHx-+kacl5-j%~qX8l0RqQv%B2Z3=*-PdD0(6kg@A-&zwPIXk|ha}jaGq>TP< zGjy>r5dTI_ab$>~Ro;4x<+@B&{Y9oGRaD8M+xJ>koD#N-9RI_CA5}@6hq`i1l5|;1gRdfGVrW);JzbI!V>HIz8?Y-(<7S{iX7B z+UT*}Uthvc0%IkUGSz-824dG9FoWp3JU=LxpC766L;^!_Nht$7A=I^TWNFzbV+imW z#RocKuUG*(y@4J58KcmbuhJsN6AdEC{O1eg&c2Ir;8`lUstI;K05nc9=z?F^`$y-q zQEZj#LY#bv%91X`H_q~-^v-171tvS=AxxS(J83h~MNg5chYhaxo)O*C#Ku_s*mW=1 zz+As7!}*5nKREvWf0azV`=?~eF>RErfSTU2^#B%JBUB1H#fWjL5_F?T;|tSjajo4| zrdO;Cks#ujVJ8ncGAk4D&k({-wq}eUU6}u*N{N?~ZY*Gp9cpEi1wZSbT+aqmRDFsQ$K1d@r56zPdS;)jVZ_(y%TtWz^7UsF<~- ziT>tS{?^ljRj|6!w1D`i<7qKGgwgwNxZKzBf_23cP!7N4qY?9EnqO~MiTIUj9(-Q) zoSMS@yE{p7KQtnQ)s<*ZAGbSj_02we*&ElGO)DRG{zbOeg$AwI%;(`KxL<|CHwGRi1*)KsL%(zLQHLR-g{m>tb1lJUG3w)HIdd-!JJG#+K|7}D~A~r{}UyW>8 zDmAVUy%5oZ5rF&)qT)R^BSaG-QPof@3~kdV+R&s?A6ydnP{sa*-b|fPuEOOzdE~qH zB}WI9A2Jj>Uk65KKeOUfF3IsW>5syj;u$(tSfcgXPOGN^i+~5yWn{)9D>~`p+z#2O zw#gNPIbXjv`Cu$`<>K$|suCVH(aR-ugj%u^r37b7jj zs+UjejO^y=C6J|MNi?2@nH7# zUgy{6hU#dfbk*r676ResgsrV}j7u{|RUHBkLa~5tXev~4v5KQoUI@~5oGs_WAhLtu zDssu!+*65Y#cPatj15-AoO(deM{8zB>*jOgM>K^egOIWwrEX{{1VsWg6vq?-M2Dskr-SIxvGNM;l=)kGSOOj6PF`!cdx9!XN+~ zX2(nX2Z5~o%k4&xPeUBRSK+U;vpD-7s;^$yZhb|U7HBTeiwuyhF!-UTAtGq3_x>=s ztuLD`MgMLU()vtH`H?1uh>7v{uk^SRM^Em_gD8T}_$A7GZQA{H3sFr;>f5SVH+Q6PDD-F(fF94^L++L5Uu zu8y&WPoE8TnPb4}tO=pOxR{<_M@}$lRkdakFrpE##rXGf!s_ZROe!mdB7&|ht5&53 zdkf_T?yow4;(H*0Jbf%0uj@rTUP7GTfj$A5(neiXJ30-VQ_;OON*=A6$Od`Z$Yb%6@cG~;7&4B5ATCh>Iy_Rt)`mm%Q|#*H zPB8@!Qph2~4bnWg3wB;irqp`JNsmwlWv9m0%f#HBIzX6`b2RPK3ZWw30Dm7IV!?XB zO0$b7HP^6f2!ow@2ZocuC^vw*8C*+UJQ-TjbP;I|*cxdl%J-Z~0d5DJJyu-GD) zLLVVdA1>~_Ov~o73c&1g7>fo3t-V$W+r0A5eYit7a{)51gO#RS4&c46Q}22A8IC%Z zKV`^U=Y86HR19n@_n_S-FuD~YA+FBk(DvB2>AOt1`dB2zlKn=6So3>VHC?7=b@)dC z?%R!!n+o?Y3vWzLm9~Ese4GDJ;A`tc>k`H);zXJJ@$}A@oi_oX-fu8*hbKBv0=^Py z$C9C`5#_#{ujllAEs~~Qem`G9kG+e5y5pu{plB05a4jI3*ikS1Z;s9rm{@=(IC@UWV;O`}cek3ws@yg{h9??^S843#~=_QTY9GmBh564Q$V? z_(F}&CM18Tm3BZe2@J#*beftiP_9 z#B+hB8u=fiyhPb+h}ottJPr=71~v+3kme_IF|p(EEML)JpE4x(aX~|z+i9E@sQ3}3 zf}B}^-OU0G@NmeAQRa|fh;Pd-hag&V9z)O09ZYFF}2UZklBJ@ZwWt_(TLPaImWCp3mP$YA-A zyGo`<@GUPP4^+4|m=NqTcA&+sXATCBL)|2vmp6B_VQH1{7N}rWRcnT2X|Y@CHfuXJ3aS4I%9A6 zo_+h)`DX8z#@T6xMvET#+v33a%vrdhBfIA{Q5z|EJFEBHh+f2c<6>5kWtf8Y#Z|Z5 zxuJrut^6u}x3X^l5c|q`4fJs^=A%hxw0Bk5^paRj#obutBCNtVf}Z8==aZR6i|IJ^ zuT9$${zjGQ?{)__akKv*^nB7}ocxG9+}TPjGPYRs`ZjR>|6=W}qT<-1cV7}TNC@sO zA-FaK4FqZ2y@NwSH9&6dz5nNqd(VBkW1NS6 zsZmwEYE{*$wdS1P?<=#%+2*+GV?8fhuP?e44`;hFN_xqjb$V(UwxajDvn`RChN+Dh z2F-ZUVg87XSjfz)od4HM@aGql=Y@3WT+ScMsEYMLRz}Vl2S&y;ylu;)*vLPS^xFXx zvr9E2Fu*)3uJ9BdV^0fM54kt0DJjpd!K(Cs%~ud=uEz@*rLQ)zbmx^~REpjK^qW!n z@8WzAA~@z`ls^}}$rr9>JacZc;K#qd$Q`c3{|~AvvLxlg525pTd2@uYmE8%lN+464``0!^NiP?$_Hn|jZ3;R^j5knmp8Fk~ z!5?$H%f;ZHBR>;^>igKE8$>sp-!<5A&Y~{&wzi?k*{c0RNh+b%K}`6R_4c*MqFFs$ zb6U;JMaD1Gb#Z6SWj4lT3*$@9lDYd3nVOkK?vO;=2LyjHa=YG}2A<>Ot&TJ-pQm>+ z+RgCIAYC&G*^TLb^wkYgKW-33q*(UnL}c>^3v}2b_2%xzjpU=QVSrZmjCuN?{In>* zcSk@$NkhwMSL;Im`mCt)EpB#EuFKSSz$&HDrUuqnrc=$^IF#I^wQ+6aifCP^QA>Ja z$@qS(*`TKIlW|MeS}JjON5|guzhS0CvRs_wLWjX%O*rjsET1u1=1L(&oZ0g9J5B5L z;hEyWYJI>Sb+MgP=mcGH7t#i6nfT(csq|UJ%;H&HA`7H$@o^kX%Ht7X!z0%;14aj_ zKYBb|wa0M1D;z0W>fAZAdvAiXYK?6Anu$EJ$tITxT$(-N*}O?XC9@)DH2$s%=}Loe4QOlOPUB~8NX`AyN^0|7B+gF%ol()D;Uz+q(YX0X3EkT86#fT-v*SHeTxIeB^PQpF zN--7YxaBEQ739#}vw~>blhU3|Yp3gp@}K6RqyK&#=18yy_g0k>jM{${7}vtgnaq?& z%~^toTUCV)nwdil4s+sNh5{Sk$WP_!_uK(a*eNFAAM7vB?o=Lu>Bu@hp`{$E62t$j z6jh0k`4Ebq?x!dn^zpAq8PvbyqrpfF`<|g|g@g^>vA$DEy;YyAdv4y!aeUiqgw>!C z>_nb!&j=+x-5+e+C#_<}9ZT|{P~RikF$%zR-%l=1IqIb1`0Y8z7$0aHDwj{9CI7%y zBP-{l|9-qwW4_|PlUlRD*ix42Oy_OyAIL9ciBqbGzwtwH{n>)9?mna{R`D@LSON6) z<)qO5T(W?%)fextk$%j91@n6UO7{LYsy>{}M)aFmH?381R3n@{XIx`mjt$4{3g$SF zq3`Pxa#v-J$J>c*)p4xr!f9h6D{Lc&yKFpwmu4KopO8_$31saL(5EJiq4C;v9L z?v&sEo4SgYPN6oV{#LqghL$4UQ-8qCH-y~`-kVV&Px0)-k2v~8@i`Mj`YUf)R;=GC zJ0V(vyV1GrZeM2+O7m6DocqW6a2*5H@*mTXZ}KPiqAmU#1sX<}KK(nuNUPMdT@o~S ze^_&JcMkVm?{jeXuZ7J{l&Z3?iLaf0`rT{d&03iBKJJSmlT1VidkS5(7NPCYDc}V6 zk++&Intf%q?+Zi(zFPNinD${E6WvT57?yDTmIe6oc_p7jAsJtJkgJ3 zh4%Oq4;EschYmZ+GidkoGOZ_Rc6jqnhM4^DR8mq|>aW4ka1X_+Q0Bolx4D9XW4ORi zeiJG zwq26^>0BHn$2|$PccA^qgXOi%gTna6@}ciTfS-y(rrKdex?MbJ(V`TI*{13%1!f-G z$vpi#r_+-7g>#9Vsc$?3r`3=Tgt;{lZ$89{pcX#*G=#pK4Qx9UU|Y02$eFZICDbn0 zTUK1ocp|1Tx}}!{!i^>-uta6LK(m z@a7SRAHl?akP)diTg4Hdf{1k111sT$+9I_b#1zilEQP)MUyL}u-Pnoesel+9H^bPM zfk5oHM`-}xB{HPvnq2bV?f-EU5YGY?5!6FA`~dD0Z=2CVQhYFJIstquQ;+#mOchmrFsTYNYupURt%Sli+K4p?kbTQ8@hgCfZ38y zD3^aVn=)pzZKg<}#PW|NrmGV?#%ZrpaXB1$!=4J>k;HMDB}jZqe6)!&N7~qVs-&Cr za#&df2UqiCs;Sh)wm7O4C{bMK>4M68Ad=};!4-%FvMIffY)ewDXVqoNi`PiBd;Dje zkcIs@HnM>yt~loSuC}AIp(r04;!>RWTI)5QXZC(<$8_IGN7>(c57t2Vc>v`+(Zy%d zZ_L_VbkMJy$p%+ApM@_k7yn`~{m+>6Xi7*)bC|^EcDo32?fYEs5fujplF^r{g4BVq z%^uX_f_92TetPEBsbkEu;+meox+q(4Ph2OSzDczQs@Wy!A{(eQ|DY-TogB;0 zHsmTUZ;uf#q1p4cK&(Y3j`2&OKaAWAypZMv0swm-a)dbgNP*?Gwap7Zd>2#Y$qidy zs>Y>Ky8ziABV{w_mZ^QfXvlluolKy?C((*U@t!#Eo^yCvUL*b!en8++>gaDt!m3q@ z#IRr2)s7#Ezp4{?80tgYlY%Rx;?moq-y2yT9Ss;JRdFso6T^|wn184mJCnGA{4g-$ z9^~EVJyXue+Iut_bl{|VG|F0ijrnoYV^>pB2_A=o5fc@7&sHat8!Yv*k8cgT@$S4h zIB^zx1IJ4hF$DLM-9GNY?6wwk(8xg1bz+ zXR@toyrC~E8YNU4-}D-luxxnd?e(Q_Bk_sRjD;=QiB*7gC|S<0urWe8cCYg8C-Ez| zf41#CBT8~)0*skkKxR?|E*lK#MMNWvwETrQp)0X>KYSfcv@^NQZKPN(-PSEtZU$CP za%TH;`8LCSkI*3H3I15au+xWJG<8}JKa(&qwEp_|)YGdE{0%6W!ASgbT2tafO1Y-E zhorj{VkAEy9~tgSS$egoW= zFZS17|98klv_!bM(F5Ws7c*4Erm$neCcQa`8ISO*E=bn^jvwh@L#-ss@1J0^e%4wsF`Q2novc7xc z)!{0S2>Yi!f$tiM{(0df6ryZ6=i=)dLvv`gkSCC|_=yS@YxShYJf6WdZh? zsX9T6;{}kwFs8Yie?RDa<`dcsb^7b7?6gM8#>8!zw=D*#X7kMeM<`hQqFV5qtVIU8 zl}(G`$Q0MIkIyV%+WC8B_%6)j=j0k5%lOCDnwhlipWevk!IOJK&Z4=q>fqNK9IuEze8Nl%r%}E=c!&W2tD}ws}Ig zC;MhcK0=-Q#jVfrnrDHB>sS8gd-9A{aezC832!p>-nSsj6NI25;7@UQS$9-ZF)1l_ z^Ch$KU{6wu@eV8VHyQvhlV@u8yrJV7^Sz$R`OMH0QKx<-1|{W+R!!nR400ttK}f8= zV^vnhy8PO4UL}uN*uGgZd~J{u?=b>YKTHL)tgA&pjzNp&E>)U66B{?y175r6%ku2m zm>xoUi&->(5#C;TFV)D!Y)ZxVHn)Q?ZDYDx)nl&jcslk=R2^Ho+w=Ukws9++ zS4IWeG)*v9?W;t~|9K;X;z^}lR!zV{ZrrO#W~$(;Td0hLxnNiMDg)LNyRwnNjCvE>b=AIEyn3Drn*;)3m#v8?+ccqN>p@VeQhAu_5y6rx?@{3yTJmcJChykKw}H zV_zo*7`+hKhe%}X>qg3-M-IGvNW>$kQ0*}YAqh;-NZQC2pAjekqV_{RK{${3_Mu~< zl$>3AI4YB4+3C*>kv1dPiCdcFRdF@C>a>?xb2^iDU5rnO1(n--J1>3Pw&tQ}{oW;-vq%spDJ!m{GzO;-UsZs#)pF!}0>>asg%aZndRUMJ zFv11Dr(1Bq=^wcER1{AfN5nJ%>{2c1G{`7!S6e0Jx$j8N+<;6w`KhQ(v}_my+}+4i#?K zdY$tEJu9z_raF9zl0?PYey8V3k1N5JY|ft}&llc8_ZkU^&ocyipY6yFTpLTLAc_D%bW>E`S@AvYFH zB4kW~_ZbXv^iHXb@?b>w7Kkz#T;iPco))=fQT8DVqtuhiU0`1iif_?l`W}YvH(OIK zCRk6l!rlSb)~l=x%<*xLWM$A0-Na(}PjF(Zz6k1EnT7hLNLeq_5F`%QYaR25)(s51 zIq63boQM44f0#IyQ1HS3lO@xNDkc8dWvwx8DUT$9P;GDc$}m)bl|UeHhc~p^c=^1<>O)y6Num)TW6MH0-q2aDm1Lhe^k1C$TWH$0Cjc@)?(nYB%C~ zH__uZ5$X>Y&Sh|6@{YxEyBi?i#&jpvSObMg9=KPuJ9Z_3MnjZlx3Hzn9AkH7!kc+^ z))|++WkcSa)KW=Ut-qz;Y17_!Zs9t-eJ+N;0w(-vm9lBVrro$_OBsErDo`O--O-+% zlf`uDq$3Jkt`)WG7Cn%AUeQ)rtCbQpk}7a>@%dgB1{R~mgQy&4KoCfG6zko{TkJ#9Y>;J z%n&aS9qlWwkK`%OvhqHD4R5%-t=gt%$7P|dx!N~l!}=ciO7^M9@H(=>--aSBmjupxP1oysXeYNp!CJWyjIAJ{G;If{H(#ICt> zdPxUm<;`hZp=@V^&b|ugW2In<^D?`$>{ZnBw|tN()DhA8di+Zqod{2%trhsFqAr<< zl=`QeCF!K%G5A1UKgjai7Uby_N5lr?ipZC33{}CTTsi)Ogh{_6|4p*Rl~U8mbH*ML zNe@}(loCu-1k~L>cP$y>q1AZ>uPDm?GLZN5g|+yjq*5(za47pFQNQn(33lY2fr&8X zFZ8$bau@4~dc6D3;FY`rg4hr_O3~DKCg4s%V=+X_z)PQ>f_B$s`SN^@#1sx?NOL%2`dR9+ zL3OgAekfXsHDd2&YYgAAA+tC9i~L!gM6Q@HqcP=ab!iHAx7I)zTch`!f$JVQ#sVM- zk8Z{)Lqcj`2(!%i--4M=@Ga{wZj%qls$MoB!kH#!?`vPd< zMm=11D3XiVA9*|u@NAz&kb!SJ$DzVLQJpSkll=)+cJU{nl)(l63^#ATs1rQXHyM|o&AJ`oj9=WnXS{lyox?b)UEy*^6nA4?l4o( z+4rUfr<6bXV_E51mx3L`wUTD*Bfw(9$;y?j79(&^?gi^PXIG9mr9DWd(MI*WFekmK zsU!UnVnB=S%-@~U#py>JgAhhow4NIB6}tp{z}4yP09Gcdj^b_#Fh$jkweRiMy+I~( zb}d!DvmuJZ!*kQ6%I2sE??^?6(>}A zd$2k&-3~Yd{KZhM(AOB{RnhfzpyZy}hEAI&_I;bA&DNgJYOi02G7Ay?WnwSit@3KN zCb~SPb)Z+%0&JUd6TSY65$6&iy^Zx^X_np>B*v8>+G}p#u*CHgpXFRPH)5rQN1Y2s z5hs~aj6j$Xu}t)`j>L}jxVouLz_?85*YoVNJ4&5IkNYAF?Hd%fT6{~q2&Hmu6Zuph zXjhstr3G3-*Rxn*6FwI5R`N$RC7)i2f<^!I8MrMsI#i1~dg~0$th8~z=)=xS4$pRN zfRid3SOp5Gxr!md^Lv4GMrrnCjv6~9iXR?+Y(!YSlJ+=ar>3AgZ#b9D(Jft5Api*# zwj{|>gwT|ShWQiP)z^#juP{eLl{!j_-;JY6;XmE1n9ib4DUdjE~Mr#qyWYQ;5evB_=e zr0g$-cUUw$YyjX9dIL}aRhDeITem;w2oKl47^DheqnY`+KG@*#AmTBR#}& zdH{;7(MAx&ds_`R+Ol>X>OrHhHTtqPmR%C+%@T7fqA)#s

Og9bGAU>(P;`U2ns7)u=1*=P@eCEx$pt>zBj6EPTG)<0GMqd!qD}e8xme z`QlC5p(ZaZwNYQeB$twbh%Lm-YMzh{GceurhrZteg3+gy(Bvn7_v~0Q#cY!4E=oIhjZ`<{6nhDXz8WU5eIXI=f1*rvr4un!S5ezS z5Pmq5!@;fFMk9YO#*TN9pmkJC`*T3^*qcz`dbX!(T_7h;*FpR#f<}z^-A|=`C3Afw zr8Ml08(SDKP;DegZ$Qy#^ljGhe2bCwtvQtYLw944sxZ%jf}!Q!{5PO&JCtwyng5$yv)0>U=UwusqFgWn@Pio-6MAvK%EKl?ksy>|{huhC(xf50Pl z@v7mX>}}uYswdJz(xVFYFOut<0v>v=KwCcK2h(aUCAYBIbg#E>*@Qh8<>KO5#KOoL1(MIECp`oY4@lv(i1iAw%o44&Cu^$KwDH=^Fr zeI>(FjJ;)_im8$8>PNxBgCO$4FG+E1c}5p54G7-U-+lQDdTib93?Z-(Ry8;3jk8~S zldOVn(Ny}I%BDU%^rmSqW1bro#|bOf+NSz6$?%zYq(*eDd$=@+6(wp6vS}QMpxRo- zKQbtcMbDwbDQghZpFG2-g*gBCGH9fh=tgxeLZ(t0N{z6bU#xgdSkTEZu_jJ`(|rr;q*L8W`|$(I$X>2y@JtkV_m#oF*p3Zx9o zV$M}b)q?|6r2v6NopN2$nyArsnB>&pk*)|kl}RTE-Ro%fiYsD6m7urd?c7wo?HH#a z?nHk*aaLCR@o{&1pjmE@RRMp0-Y1(S1v1w%&k)sYTE;!zpA-R*4%MB zN+3&w;_5%tUK^+q#%^&BXj57$Pi5LNU^c;H3Y`!Sv z%bJ*UQdtdWK#!=AYo>sITh+co68vY2z9w)I%=c!H@1!O=!tg``%m-CeN_g2E>g00* zH|?qd&)cA}&HRWt&6Bv9PJO|#24Fh}OIwYj56)AVUQQ&I_#f#Cbg`Ye>M_ch%i3?qom;jusqd37S-BxbjUB zxA_4Tb*v)yST0%qy zS+c`9GG-nEb|c+NE8{NnM+;kh-%e1nS>Jf6g1bL;Y&e9|PMO zKb}E8Kd*_HY#mI?t`}bDE>#t_q}&b!49X_JaTIlnVmsuLqsm!5P4n2@p*O2gyEO9j zd~>=C-0P|OK0KrCz?d(;EtH(za?3tkW_Z?Xdw}4K~#0L8&m5l_x>! z8G={gT9Hm*5z4VZXQFERq7HFN)pSv&sV}V(Kk=?A6s-iU4Jb?q=G|R}C_TN%_MuLw zBhZK1ydHY#t88(&H816H&cP9rY>mp0N(_8(P9|xxS^msNCbiQowI%u5qBi)-rPRbE zyos&v(?q9fhE&Q3pQqCr+w0N&6pHP}0z1#+b5_BuTge1nRNJopqjo)8w}GkB!%+g} z#%u~vrHyzsTuC22ZgCgIo08u2I?B0gou3*fL1mzdQX>yx6h1T8e3I#_dT=!5L0icVDs9AHHV~sF)BOS)Pb6w zV}YBhKRq2g|NAzo^tk{sV|^Q*{S6?88q!vSi zk+Z-JrBrBS_gRfgha#!u1u0H90`iRQtc7ubA@R4pOWR)zl~PxpQg5-z3(x=5qwE%! zYCg7}gJ%AB0!Hgw9qLAkHDlSEPH;+H9SmQY5XWRXa--(*bfcf%jNZ6e$ED^8&{~Cu zD7nY_wFf_{?K<9SOZE)E#Vya5e9Cz#o2GX5sR50vYeT!VI|=sV^*#Gk-IN8g-NGtrx7Nb$zl^f(~pj#j1 zbf83T==6T(oWy)CAu_$On-He%^iJ|nOP~QKJK^feBD2$M!y-LpH}ywWc#P$-&t7V7 ztCLRhS9Ww2rl&x|IkPy6Bj0c`k_v58vA`sYVq)2DxZ_@1&mAikeyD!GlY|~4QZg>( zzRvlJkuWXzO-{QTazZG0Fx9rSV3s+Hu>8!Yct85@Q!(d@#rWxavY}ENPn>mNBN5e{ zuN!$7Hzoz>w|0c>JJjf9k#WjBfw36MD)>;5n{@?I^=48)@{j1#k;zwvb-RJ>EFo1a zCLeSJ0)xW8$=5;X+g!ElAkIM8fVWW0$NLC>Rmt_wO zJ$IqaCn)Rgms`80$&;U|?#HP9c^~F1o_tnW#08iewakf_di9870J-rdJr9gG9~Gfa zr}{-hT5>x?vd7BQdWF9+`Ix*;J`p8*<*kT zWCBDt)Csyz=T}`yPjfSio`0@%6?BdNmWGmkbtHAm%zr}1Yv^!azYU&=m7Mf6r(F2y ztfKUtfG(%Hgokhc!FNB+gWwRTz2t`|+*+L04}URwO_X{0bmfEW{AAO+Co44OewIv* zNL48ON!6O~8D;vx+9+(`?zze8Aby0}P0Z8n&EUvKpvec#`YX@i8MERp%RWpG zrS1!-u8WbJv-on#t4-QaqBvxBd4ULe;)eIn;LytaKfDb`YZ#_=YD3SB!Pj_?BbRK4 zIg2K$#O9uF{E*;XFl(QxgD(xse2ZCA8@Tkv91>O&Q(c;YCE-wM=}Wn{zD4hW(^HSC zeAyde8$UN-o>7u;98VT)(l7_mHaJN={FL>F-l*q!_Gvv=b`{vv1dLmK{$!uh##+Op zIEQYRTsFar;NrEAoK_Pwl|uqE9dR|NHNc>@uc`7X)L@m*2awWn!@gU_JSD=75w#;# z;;yn;1hsRPeOL!*8;vFTrIB3ASD8+}>eW-ve2nlah(2oqy=gs37eq zJm}4LrKDQ%XP3L;0=d^nNw67F|7Y0%mZ#eDN6Z%)_}U?X!l>(n?p0f*e^DRT8V1s~ zZts~y4EgV_-R9m(|6)odPmI0Ss-Kc7H-->RO<|{FwvR5ipC71GeEGtjKy&l zmRh(r$m4&=N>Gm@Auv`PBa|A~BAgH7y2_W@aPe_Xi{OOS(B|5=uO&)DUNmRbZ9V+5 zXiF(fcQouJ{C#o&l$!L9NL5?+e<%PB+L-Em7ptRwjKOlec_TCChevvUYR;sH)YOUnS+CLB)~^_C|?}di+G}Ze{C`l%FIG z_o!#9N9j4+41Z8}pO{nmj<(%gnu##R&c4{4lq6i$yt5<^=J2)!2}R-JJ$nB(yFTcu$R zP}#(%n|D7WJA8tbG{XZFYm?MTX1hMg5r191%vldAx6w6|XML=L&fCjkejf0o+D1M{_%;(q9ZRH|Wfc?bM^krC^g|aT+GtN$83m6`uRE z81!-DPzGW1)#m=T^}Osy-!1^SVRn_|`poVM6;>5$r;luy#=6P2OH*8J6sum{F|w^_ zV171dA96T<4!bKNY@+iSzVRuUJT8n__Y7_L2f0BzQ#HmBAmN{sF*KD-BV;^&WQte< zGzR$f9!>nW8uG^{XicoZi2O32gLk~RXddPH2c!anDz7p5LuGx>P_mhErpht94P(=ywNW?GRkjP0eZNM;zc%qU2LxnbhBrk zv+#RZ1=MUpC)eSVo#ULm?C%9e=xA3*D@j^3z9s9A(fvc;pd6&$3*(M8q5C@tr$G?21i*NB?2s#{0)#=+`LCt>falcBHJtrAp za10qN0_B}PDfW}K`K2@uU4iDH;^-^kAZqaO#&ebEim4seEWkPVH6wHAsx}+|B^$Ma zm=SJf@jklIb`cp|6Fjz!2~%;EQ}VnROqFlOZ08oPFQ6=ZV+S9Ion{}E^jaz-sTzGE z9M6zo4gkkt1!_LI)}2<8Z1CMcw(Otm!TQQ1&TggLKR`Mc`k~W`qu)5G6QyXg23*qk zix*?36vmLpFY4>;9x&PztwU{d044`MuY&zGJ~gx$_!NI&+S1iZ{j3g9Io^jvper>s z%m&y7{2mt+l&ddX&%_z?m#B0a8f$1?RBXr$EJXKzchdljKUOX{|C!aeedi;v(OTl! z@3@Hl<91inz5rBi*E9gWy#Mb_pXuvfg;Yr9l1#ME{<8<_-#x;BgDioA{ts+=PP9-9 zjyH@_;A%xW$fyE@KWd&Q)TZb#-8}w*Wvl6Ld-MO)AFnjp|9`y${)2ri<=Mx?Tg}xn zNU;k5pZK;zXojj~OGG5+mwxe^^^UUH&vJ64cMCU`S4KsfC-L)gz357sSx^A>@fm9L zCH-Ub*hj6jubunxHSCewJI~ft>5GUKW{1jBp3RTEQmL_pJ>Ps8!yA~BAr9yO?+tMn z?6I2@BSM^`1dhg6TPcs4%i?r;o@6ftSIV+IsXIe11uOlQKW~~lWl{^kfq3C{p&qKgZYmuIYu|-Tcxdx9NSAx4)8xMwmj_beSSfM7 z1NS?y_=Jk_O!g}ySGyNM#eGxk#y0Bafd*doGMc=fesFGkjY0$BWT9&7yFmuY$|@W+ z$)|;BuuNEmyTw*Nn;w-wk4jhPo+fok(h7aJR%EGu&kKMceW+VS@f_74cUJQyrAcT& zs`=HAsWx${KeKXYW!a}78*od`}E*@&->y9A$R^q+)Vz(&dDdIqv{_q@ zrYy4#Z@IAtc)+CzudOGVQq{V;gB^!66+RnHO;jHYWuhy|_@+4z<_=`G1^MlRPOct= zmbK5Q`KP5&X3Va&t`&Eeo9XlTxR=0>#8|7Iul8n_zP5T2x94|Hagn007CNY1AXd>& z;P;|k8sRylOv-fVZ7Cx1pr$3D+i15j%!yc@xroPi>wx@s7S*8vHFIXS4fn z3S%8qhwpXadgVbY z%cz3+t5<%vq3Bfhn5QC{dR0No?-i>xV!A*Ka)*JFugSisRX;Z<5a8~^WM>83rTZ@@ zn;l=vK3urpNfRf7vAU`~!7Wt~OcJzrCWVKyifrrj+D4q(?oULD3^HB2 zfLkIQ(Q5Ykazq)@F-i>=7e%KmyqA8Ir$-elnvaz5y(DbIxD&vvY1&!MTuMPn<%0D=7V?_0=yk6S4ET5PD#gID@job4013;VlnUj@eme7X~ zUhPMDYT8kEXYe2Xc2*ueAD&+6xo>80G`^5SaMzHkNZG^ocTpi~U^NM^l(~lUoT$}G z5?^yjYGB^c=0gn+PGL#>*H#`e9+rB6<81oeHw0m7JfcKw=6^A?E=$$PKoWm+C?!5M zbe-veOMYD9h^)O)EsySJqzr|~!)1#ZqGm$5b5**%*o68sZ656gPN}_((WxOUV1Qea zmRvF6C*Gn2<$W;(8GXf~RdE(JJ{a+r@M08^t$W=8*y!@im>$ks&}mV(K6fDS&ri%C zcw0USVcZeZ^h)oQ1H{d53?_xq*$vc(uK8Srs^lB}+2CXNYxkGn1~3E7)-5Q6BA4tKfviiy^rwB*CaBH`ezZlIzxu14Rd*jP5EE# zyl+Y4Lb@&TzL<*GEy{)A$IP(e3wIEP;eRw4KYn7xkJgkdLPmlCt=Y_7+`mR7X9RuZ zDSYUVJj?d>F@Y7!*Hni!^>LT8^Sys|_tx&tFFZnT{z!C$h-xIyM>Op9feZBy0mncV z@8evbzZk9G9TJ`p13=haQxz-?>HhmS_1o))i~#Ik)L*A(X4ma@Trrl?dNu53mUwl2 zByQn;)RtWbelB-ja{&K~5teUZ!fF|IJ4<2}T@HkycQppd6$LB-U%mvctiKp52=^H- z^=r#})ZMh);b~!SBu7WV{TqSqeoub6gENKgb&0*OgEO2W3Z>zS5+Q!=pF9y=QL-5w zcTRDgal~?e#Nzt#3-p2J61Kb&f#~3n&D-FmV{%T6Zk`Mmpsz*hS(@z06b%-vONvOadu{T8# z11JCYwYbOYY;A_!OcF;W>;fnIZa1kce+=xceoXQK^keE5UU#lrpp(j@ey@(ZH}>W6 zkh!p>U3zBpz7vp*?Pw{#yZ4DtRxAhR0AfAmY2eyAFtVe}?8<^ZqcSGa#6jraN8d9Pq^)EdwYTxZ9%Kz?&H%t!mr z?Jia^9Tg8-Uf@dFu;DL3t&V z^lvRtr3-1o*87p?WRE|8R=qZ=e@hOh3`Vzc^OFk?lwu>GgZflQ#CnC8(LOv`f7;2t zPtrp*!XHjk(UH{S9pC$uzwMG&HO~3NaLX;F8NIxHRb`mDsv}eR7&qu0kSUpPS4znQ zWO)M<>$5?@m2{y`!X#6buF4i}%fo<)GcobOiU8CS9zfLCwKCQ;0ay2D{9+-WNbBQZ z$>L#YT2Gx|x$^_Xm5;;JRpio67v~-dbP~7dq6e%1Cp|olGsO zJXxN{7h14sn#rcCR#X3T8HVt5uU!*2UqMjNI$BPd-^>iACDzsCI~G|ufD4#T%}}}> z-h*g##17;$S)R+GPVkEt?ks}$K8f8L?PV)7xpqI#!+NicKJ^SV7$U91@Dp|Pv-^f5 zQ#Z{FK+S1LMk=HjC`7H$4LB2%Wv`Q1^ifUm(XGPr+!TFSU8{S?Xc*&Q$gUP$Yp?C~ z8lTdXm-5TRAyj?BJ6@{Iz(iR}>MM(L;J;)vI}pL_w%LugS4!&Ep=$*vZh_dBUBXI^ z3U_7d5jPggVsK%;%}w^F>i&i~kJ!$g3~(U+0rNt;LH?6F&xJ_oGZyl1ckF`_7zg;K zuD=TjC&HT?EX{08l-D`M$@$I1o>}k-uqNsB{r_U3Pv_Y{jY~jpwIp( zI)?QudoY-&-^|D{i{iJ@8j=j)WQvVaFI(u(A|O!uD=!gR!n*v{Ps_vmkeAZgVcGDk zk#7DA_V@~}Gz=Lcf*l%{wMO!B4}L_e#ii&9q^B0io;ypHFw$LUqgfTx@4!~3nDoq! zpP=TYt*K}ao!PF3huSbRHWdkSTT9Q}!PQr^iaeYCaH7}`q-)AMBHk|U6kMU*bJNKe zL@VsEDB{zbrK2mSEj6(vv?)&6R2DxnhL~mT%c}0l*fHCfC3&4HKv(bf;#f0$fd6Xc zNBhDh?Z6Iwz?zBPQ?e)di>`di99eJu*e!tf)XsFd|5j6}r?;R?)6=o^v50F~UtG4< zuT4Ls>@=H)>?9glNUJ#{=~E&EdV!w=#p}(O_L+MAW3d+oUt+J93$lf@#Nb@k`qnhu z^)*HM5jlBgkXO8Rebo(F4E5I z9dKqO79n~eju7lj(yr+)5g{t{pwsQ|h+KFx=SB{9!Y49M-Z#QS0YQz;1pAQ3PoHjC zy8MBGf4i2&n?)kOvCPCC&)3ZIcX*PusVCe|L^*5c4+3S;SiUlTE1Nj z{s&V270HR1W)UL?Ztk7J-kYYP%INk=ZhJfq80*01PbjG|YtN$xbY2AeU<7$E$fz!S z6PhJAorH_W1q|=B7VJVe4QKvBio|P;YOy;M+48(N=c3kF(Vt8j3(}#K{_E@{-+di~UrszvcvaDR3d zGCU%0{;ZDf-_+e0}<0XadM0VX>%pyKY0Fefqt|XWKwfU4qU`^8-l4d~5wQh)I=`wcq+#U01 z(w5wLo`gPI9BTx?b;*)jNR}?^N@J1?gg9?{0dKvUy4XS-t{zQ~ zXa?W%oGTM&Y=ry_b#bt;mus$`=jvAUuD*&>5jy!6s_VQipD4ZtC;Qp8x@L^FWQacW z<7*H{sh63ouZd>psd$@x6#I>$H;Ef$X*GApAg3pM*Tk2Z4t0kq^b%(-m;CZ`@-uO{ z<=HDL<_;-zRjNgvl_fG#Lkw(Wj|)XT6cG_~3qxPJBjG((G>C2ePF;Exn@8t}!o*E| z_Hn>-iHq*>m)LQYZmSs`ZXGH@Eul4OkM?tFdy;1#dcm9m3i#jonyFD?rC`ia|Au38N0dXU2C))5u$p|o%0&dalflv&DEml4N5n(S?1 zY45UfVHHC=F~hNyxmSx*DU!YM8R)Eix1m%Ge}5iJsl%B&o~Q3XPkRvVYa|P<$LA&H zN^Tc%*(;aE^F8$54;t>tZCUAHvsu^QGkg^BOMw(NTCpZlD0$@ZzH3@FU}x*va16H~ z#LN7w(&8vzugtt!V3zQl8pM`%V=%tl&ybjm4)IjRZr`;yJLs{UkdqIZdBDPxEIx8o z03BR~WnHD0e6@L#c~Ea22pj6pSp*7vi4owLmplzd?bDn&TC|%%6yiJ3=Nu;Am5IHV z&r`lqy9uJ`qmi}@`@T~9`|`&z$w8GSu-hA5n2~h8^Q>zc8@-roS?tIM{-+3GF@io)Wa@VWm2EL!TGDARqT6<#M;uxtIOds57+PG^Vff5z4qnL$s? z&yGY{9V=|Oz%JM}^=S0usu!^7KN+saJh{Pl%(m`*i!%b;z>3# zDVziuTU{wPa9z6tAsMID$QA{c*&u_g9S5JpcKL1jNOX0`@7CRw?*xZ0b$kvgjQI{B z@`z-mfnRXJnL)c_@#Qpi>4ECG$c{V5an9^_AdWiV^kHFcD{667DJrgSX|?xL-hJz4 zJIZ+uWqdP@@R~S_O$?U{8VXnaCB&ErtOTI4Aa%Y2X~$yKGS7w%@q(=v`A+Z?G@+RA zfOc|uGAafBGEM-tT^s^QZlXfUQZQ?JXJ|8Aep(?Dc$E9(vgYvc&$j0*SlyrC`=g2s zg;_; z_5yX77_W}5vIF(LBpiASnGcotYe|m72*#C`mrs_Dz;wO#FE9v*Js&(FCP)C^8s&6 zrfR!$jHHE}Ic_Mv)k#|LSO{aAi^%ej>)#b=%}tP+9=R^$TP(=x8XiBs|EpEsBwhI= z`kA}JxibSA|AY%kXuRlPh%MfEP*=f2BF9e_a+HzVy#5%#N(N?B8JJ7=?I2xT zi9gzpBXT!MIdq0F!`EEmWXjiLFpMy=b{Oc(mJzg}W`RzWF(v;?2;S}Qj(DenaPR6) ziR7Jl5^uJ+?#S{G3J%YY0-CmTNm;J`H=22g>Y0}Net(1NNf3n*pWAQwYO5!H zUkXLK*il(0iuzISr3>=YL`unU+yO~pm{xKvHbF|~IPJ8NIGzZzF#JSqeF=N0wVDr6 znCu}LyX9IpUAH)YD(TjwcenKh<4|RTo*|B|Y!ne3Di5Msp=o8OY)L`hXrX&Bh%l5_ zI&tis8K|3BS6JV=Uc=i|Bt6~i>>0n>jm}eLP04r|_B=PN{moN3hdBYaghMg7$B%UI zw@0{8;x29zw=}IY0_CVnSuZaJ2bs=+T5$$}V|?um5Zk$i37-?K&qU?;Tn7abrs`!~ zX6=v=@WjW$d3Ma(1bjvY7F-G za;fikD0^bzc1=e!zmX5|Wa10lp!}G%sWduZ-3TA!pFhrfDJj{D7C& zitpGEUxUV?Y_5F>}9)h;A zv8QKc^!N8X(>z8GM_P}xU2o4?5A-4z*H!jdtB~^twn(i=$=ga0PjVDWj&`*`)^b3K zt5w!b^*QU`Zv&kFmiE88mt=|Pu-AO#?dtefKmx0*nZE#!)#s{4?{D;S;X@`nU&gTH zoVR31uzVK(k*xY$@!z4hG$=kTJmWR}E%PVHf5_nP#_}Ei(`SH-T`BGq=oQjyCFHyzy2++ zeZI~6-rs|C41#!oHj0oNz8(dDb>M@;AThFOdh~S^)qC zk4vk1(w+AKs~xKkLvXFRLgo9YfG&5bzW^Z|OLdQ-s*Eba8RCPr7){bPvniqo7O-8o z3a&n}d{intI=lQo4ixX?XUFQEzzG&iy6fUe;yUWs22TUBu-iKL$z;K5`H!*?wk`Dx z+;xYqvGd42R`Ui#pG-Cx>?Jd;ioVo!fuZAj!XS{a43YG3vgn|=><=*A#=sQCvE>Z-|_@zGH^O=VmXWm!<~YF(E=nR}_69-meF4r`p`;`OP*)je?? zY;2;NNL%QH3AO>hw@G`rc9-JUxP~Rx|0TisWo;^WZG0NOe zU2+0;WuIsbC@(E*z7wgd(lKqIjDyABY)El8ffolSYNqz_NCB=&5tvnSG2KAI+*Zy2 z=ccQQY{Zefn7b_RY3a$Gk&jhOwTy{OJZsOIIiIDyq$kA=WpMJ+A+q9*w9IK&0CnieuG$Rm^aLKgO1b+CO`#+PpLz`W4OvSE~?RT&_5-6ruX2llE?7VvLy29qDcWD;KZ@!PZi7^=7c@P`94o~uB%KaVySC0K59ix_ zVc2+rB3XaAQ9oOyo^DlYqhNmGbIl2vvjR$4hJXA8QO+6HST&;3hTBRYfB2s&@w6A+ zV%iss4jleHCLdmwxs6o`7}plVh8aIEySDC~4*T2C#g_96DI-HZ$@4Ta#u*s?Xg!K= zMeg&|4juRya&JX)TH9FhYtxDJViTeAXcwhp=+qRN#`D(_OvQGS*-byrL`NPwq?E4ul>8ASKEsr((R+xkW^U*+4jxGM8r zj>XbU0o~`$Q-wD~_o_J7;S}2Zx0qAHwdOJHAF)XlO-I#r9Hi$0PheyST4^P0bUG&42E`x=2e1zg3wi0NiPmk@#f7l`xz9errgE+=2 zSVsWJjx}llo)Z#1#HIq!uKqi~H}V4Xh1s17X>i*vUNfz%!Ut5<(f^-0=EJ+zb+ zBzP#}J8tRP)(s4(_UEqaPYm4Y3bI??(B^#huVM02hykiNGf9RH$gDLt7sbbSH|q-> z%cUeUM1=@*0sBmxXBoyq`)^@bitFgTzx-nFgcxjkZw~DH(L7xtQpD}s%0BjHDz&xD zw6tV6B{`erw_imjlUr*>YKd|hGQC1+ewYsVA{vsz5HveDZrMBr>tkdNqv?6iRA&Dn zlp8?=c9Q1Yo~oUs)ST@2B(iWwqN6^u%crM%gok{u7j4I^(_13jziYu9wN zmun`t)a>D1bqJV~)Gp}_Hmq@r=(TM0&byYzd>-x_s_yVadoI6fjuE{A|K__KkJO3N zgHj6WmGo2aj?96vGzaB^gE7Awn~(0;YC(X0%A*%yB|HU>Eu!Kj;SDa7D<#5y`HA~L z>T+;rGLX$T?AvXWl}DA~R8i_asQ)srXA1GKN#xcX6~5o^ik^5dB{#fy9VX$GL6FvM3%ud`INdU`;6Pc{lr501W45(f zx~}xV6-$vw6HWS}Kd18gStsRu)?Vv7S8TX9fD-&>%_m=ymBk9Ba*Tl#Sfq{G5JUa_ zOa>$Q5lIVfF)YICPntm)_T!rWv7$itT6;?nv(5RNoC$^S?||)Mj~RlL+S=8pnN&=f zCO0AAby1vB)#9yf zRibr>h7wSl>sb)gmM+PRQ$t89V764{`b=unzY;;IhW(flfTWtLT9#v-W9%5g^zw|I zu{QE{*igd|cx6a$q8i|nBVCFVLnFG*H% z`lgY}k+9brC#dnB1ceo0`ITXeTwvwVUf%%{MwD`GAywIUQWlijm z4#_)K!jKFzc9`@d`f(^2rgCzauk%zle2uTb?W!|Oc^sDTwBuj!_SbfNrC*IKK)qya z24;ef9QU*%wEV+JV!r45g@`Q5jDS~?ub{?$f9#+d-D+H!J3}g8a>bIWuYrCkd82n^ za3w;i_||#9BJ!-Y@@ZHjYGcT}>$=FF1AToJ71WPehS%ijJ3T1Xe2lm>D@pqWQdo8$ zagAf?>u9^xbXn;Y*pvu7bTxdJ6IWu0R}4vw+N=2saQg6$6X?rb-KzKWccaQl(dkJh zAan~N_qy9+j(DTNIYVCM3|%nwR2yuY83ZpgvLV7LBi9DXu`43B?@`O2zn%|3WD&+X zIUmKJWP1%frB@QW#=~bmTH;xh4?sawGaImua zjQM>(q<89%iq?c|+`-YuP>0N2qjew9Zje-HWxH|0-SP17^z>B~1{6d*?f;zW{2K)R z3EsgBND+*BUtmPLLCqa(fPmrQ#Dts$Fuc?YLCA5xJcnpQOl+KEdpTIS@Jibqo0*GI z9k%;EpUvv!0)y2#FSRW;DMT0C6BT@N)gpK;P?tMg!sp2zZ18@18!B~7!b911=9lH| ziWqMjpS&@W>%7n8yHBUCUk`Jk&m6Pm z_CRmd+K+6d@qYno)dKueoavA^dCBV=zTH%5c4SQ-5RV13Kqf z3ebT5QG423Wr?R-mVd20PFmPNiElTp5m<#ynvtY6BubJoH9Ji(G;c$Tyb`TB{7TVn>-3GNL zObrFSmUGO8>iafpWPU(8=!XoOguydlr75kXL&3~pOJo;(2WV7f+co0X4)omS-lKmx zQN_garzhtD>uD|YhYR*?JgJVoj|yKr#@&`=v6gPH4eWq#fC{Y0L$td|>nnNwoCB1- zc($4mQ9B;S+UnDs2Yt41ujPiwK(_uHtPZQ1JCRgw2vJeuaC6=({MgNZ^wg8wN3(Zb z{Q|Ry=Dj0{C?ug)16%w8bJ8d&5|ZRc3>_&biNgj13WlK}!m+KUleJ1PwB9Rd=4%Qn z)0g`r_X7ODP0vQI;hK2hVj3jXL%`Sfgy`D*i z*ygk;OJMZ7tt16Al{0@a{}9BiB^#M*L!Wt-(^-qJil{ollHvb4p&8UC3((K0> zmr}|pDMy+-*@42vnP&?+vl--D7Q3y&?C%jls z#;|Fnj=l$ywAN6pPS-aCqZ|6ezl>_5-$FUQeVL&}#FwT+rUyRukAEkrNQxp;tEN}u zy6(d2Xc|w13m#q(y0NZea@>wS`vZtru-!fdf1W*7_98CzzDRr9D)bXM#Lu%*kVOV; zttVp}Tqs+MtAxE22}6u1_(4R;af?HY+@6j{HJKuwwsq_b1A!SVnoC3)ekb#+ngiOd zK-?f|&7+zGSUyRL50C9^-_hO}EWQgS0&thS>}AOi?w3S#k)5rcPd!Tdtaj6xz71hX zbA2&O;(AJ<85c|u=74B>cT_A8*zarJdYjg9Lz zpPfdszILvnJZFZ}kDj=I-C2ZW5z$g6_+sqFQ#($i*-1D9AkhTR*)M1Pg1z@A+7Qkx zK@@^wA}COd^^AK*!8hjvN5oXT5Bb8YkGl6j$-n?h!;9E=o?;Ftk8mDgy#+>Unz#@u z=3r}%stvCVA8#Z1nW6A=5b!{b6}CvvC8WAid=txpwL{6lIXdi7jL?G=Ig zk4+7+bz%3bjWd@qNZGi2ni3q;eiP<8&!Lcwq>8bKg~C5xG2aHv@-SYC)O&6+VZOW7 z((BT_NGb8an1wgn6CM3$=CVZIt=gA`Dy()(0o~EmcXv`3IN7%Lwp<@;zN^F`-=U87 z)>-llT%NxGaJQv!qfB(pRGLi+vxCLsdgR@Zs&Q}RsD8%qy3>ZlKa`CmQx!HE9H^K) zqGk}(VOd;Js`&L#f#;QYrWjHtG}gEx>RLV>Jo|wj?BEd(%q#rWvi#$hNh92p3s8((>@ZpvsP&GpZmAcrP?f~BSi&<8naq;o{@ty!v6*E&NZNHA1t z8)v}TAT=n%%;IWy?fqFJ)0~d*g(jjZxsIt6`c_i`QoQ35p%obzdp=l1{IxPZQFk4M z308s}7aUz)4#xv3r(01r4PTcQcvc4Lz{Wb`feJ;jnEsNt;!8HCFDa64Vs@-s3_Mb1}Lp}r8M+(Qtzzx z^v7^b#}4ncK&M+nQr5zXZ(t z%5GNg)&DC$r%b$5{TUJ%v`hR^n`+vD!RdTQSPj9RLxYXN_^N2!G zqV#MC%Jib59%C2X^~#Z&N{)$OI~f!1PpRoCe4agEArP_1{xw9p(Joa?f&y$YE)I>S zjD)+QpRUi;xGXr10;cQA%#Jik6uDfGbri$jNO=S^%mR$22D|DlEB?W&T+(HZ+@|G?BC}`J22QRAsXfb+y`Zpe}x-ecK}xCLec0 zY}CAm;geXj|5etNKc4lzik+{{e#lF z%=s}UaV0|N-%q=Y3Z({u0eUzqLRTHbkkEfVj4(}F8BmWUgMtlR9r$dxz>P?o$YV{e zX=!^$)!Wr7IUq@tbrBCP+@_6}8MIL2k&G7v>SpsxM(3H=+OD}|mlI8CKbGa!5@0K*{#`jS%bXy-H1n*H+I z3@sxuv+MWk6C+vcM|p9k5Yz|UN-x<(t+hv&OdVlTauK-ucdiu$Gd$dd+p=9nN*PE! ze6!KuU3pBJd|e-btyHSKOva&&$Y~8(waLz-^qZ|F5HnTwM)T^J{>~mz{?!m44dSuR zF$B-39l);C7EGA~UU zYk7I9YutBGe<(96ya0S~)(g?>ubV6tH_Es9(`Nxl=q+GE_x%%mRPOv$bsW$JLde8^ z8PE15mS|-oMe+*YEA**Sa_7+Vl!e>Jn)yLJ3*wUgv%|H{8Z!Y2eOO2Tl=rIm^-Gf% z^vbMuq}3YdmhJ_7_II!Pbp)G_6m0q8Xn&$m8p}>b;4sRsPo!R3ZmH{Vk^Pn7l@}A& zsAgpFHdOt&5SIfNbaWlq_VFMN3i; zac!kj`b#?(2uTK6)2^CO8(bJ2o~&@6UIeL1bT<9L?}ZrO94kh(uQ9X3%Acyb=&fFn zD~~B@H-{I3Z0!G`$?RueTNTTaE887csVV{6GSc8j>_=0HD2}={!UU&?gh?p^o(`tO zthy*9BxP$!Z?76X+=oJ~-XmLK!BwAG_*mks_E+|VJO@%Swm+zLe$`7f(aRz7(1StB zFtB=vF?xlzk*^mrs=70&qdSw)=F)kwUxW0hPULdeM1L-+tT~2-Z5>H(^B%Au(Of|| zLs=;Xu6Qc1ByYt`*+tuU1M_m(z!pCgy!r!XIDtMFLR)D zX52p>aZ(iQufW5vOWC6uohRNbPalYfT|%=#Paqs5A}?(Or+&g{r0l8PZ|X9^BMLFh z4J+a)#K^)*T_w7!j)+58^T%1;(=m=Xj51Lf-qV=-IiL>7Tmf>)F$lE(s3z8iay(GA z$Gnm%qyR8W6G>ks`SODYqh#y{sWF_S5m>T z#+@3(e$9hVrBp-j15P!OT%D5AjV+~H6wa~ttKVNfc=aC_pJWz8|1*!9nvmAhPh)rcT+DlUlU=s=imQ(MAQ$GBT{tckrsFV7;z{^8UxQH_pr-jr! z3o(_fchy%J^^tWObZEWB4rn|giTjH6m5cBPU0lbo%;@j5Fv2dJ)Z@nHn$m+@)!L7& zVe~?D$F%7Zq}o4i*QO)Fg~?-sReKAOE?iamin5|-h&-J^a@736S;78w5Dbx#E4o?n zmO6ls@0`m-nf7>8A`A7*AK^R`EgmIR$FIoQdpyMl2;nUPWKb$1{q#Y4D__2b6(LZt zyX@4&WtHTbHngVbkP1^4e=6yazOlh1WnB*X*i~I5zY_7`Bi7{z<%1)IZdj~_TQH2T zdke^#YCOQ2$j8wJV3Pp8w?OoG2bI)DS4bk5>lwL1cmuC#f1CHjx!qjonoFZx0dRy3 z0~pAO1BLvKaIf|rB%_?>`;c+F>&eLJoQk*Ou2<%Xp@PzQK1_+TePADsX*^LNBZ14C z<>MsLu9NZw-zVyj;@<&vTV1!UM7u#jxW03O`lB-^BNvi6{QKLTB2R~JxMQU0nH9{Fn= zQ2IGWUfdi{sz1AZ!e+W4dJ9*6>B288hLrl1(QS`Oky=$g9h9MmWh%&1w#iKFl}6i_ ztXmiBo_tL#DnwKy|2M)B0tDgc_2H_tI7>6(qvkRDr=ffPe-1T$*fzy7i5Ho0xFq~@ zu29x|#&V#Lp>O@0x`N5ue)cx=CH=>iJE)?4=HPet%bEHDsx(#HhvuV~GS|6@nDa}g zbD+%Ep)^HnqzY-)#qMbbro_Jh5zm>L*5;8L-}xhFycxU z{W;K0M;hr#fest;T_a8T?Y517+dJXhvX;q>vbx7;5bhI z%P+TRR8j$4=*12c;is#pcTMb}?fu!NM>TR=b+w2Ot}Ej|-KhrWer^}fnQd<`+@D7D z@ug5{kD4`tK`aGXcwtaYvA94+=R1sW(NSz7_M0liJ%0g_U3=9Dk}EUNvE9X=zp++; zWc0KI1nE9R>i+|D15=MTr@&w=(^u!R0nQIRE}6xzUc*CX_%58Uh0cvLeDbiFs0~4%wz-+=rAHHV$H*>9W+o@o zoQ_AEF3YyF$dhP4({(g;Fga%Rd>>v~os1QTI+NE~hkY5F)BIH#QN9=Gnhh_?e$ZWI_Suzhx1()_p^P1+19D>je}lDXi~%d}jOqmH7MriIYLs#qI; zb4ldHwE$h%gk>y1ki&>Q1fJ&Nvn5*tM7~?s$z4 z?;3)PrJ0!Hh~rT$q!6p#beot;AHa+b1%QTzf`)^Fh5F|Y z00qFHU>8#{L3jR>gIOS26QIW@F#3zR^l0W zv+y+iHqV-|BMsj8g?ID)&rTzae^<_nWvu;Pdp|V75p7*jiI6|J59Mv?J;n6Gny>V3 z?NDJp_mcO{%e&*^^9e&u9?26h}4tb*{J!%a`)K|GpfM4SMBy?>p$+ zSa>Va5_`6uS~QyZc6V4h5Jb?kHOX1Y9#H;%j5}R$tFm7Nq=a({82XHP7_|0b8kGPNM0c|M%~>cm8X;vZiQYludyG?wQ?hmbBU^rigT zKN+Agr8G{b6$HpfZRT^65_C34YQqsq(>G>hHzVwh5 z^ZEmT{X!exqiE#FbYny7F(gaKFbL9RusCT1fBlKB+kiO-BtLe2J>q(HQ`u;5k>^Y| z(2_mG%Mvh%FY?0wnfi$eX;pP8PAmgSgBDWpHQL?jR}@hPn-`;uT6W4gFW`XZ%FYBG zRf&E`1JxJPO>#GeLSPORb9sR?BEc}2lq{@x>z7{8lRPQ?j=$*4s##3c&$VE-mpqdc znYFuvK9Df+Zl+K@47~bYfWD2wgo0%;p}3>M=N$a!v#$cby8ky^=*gRujK%w-?p4@EE}?1WU!_7cO-9^9>V@>bTCyWHDJr`mg3r^a^!DpW%uT zuLGC>YJ(^fPQyxJB|!pqLX|K8xMCS@kOGJD)Y6B}zdJb(I@WeNsD}XTI{Nn8kakeT z=#yMeZwnj#(|NukSjn21QAxZar9Vn7S-rE^g6$7CHr^45Ya*DFe{L%XJEyKd= zG=RL`PXQ{-V{NvNa@AW+_hdr%kBB@b;TT^kV3kQF$cWKAC(=nh5|CLS&jgz zVcoFqJ@~8kz-JcC<&Xtr?zIadJk;lT31qb|H%8|cXyq4a?Jn(rF&OD%^E#|1-iUNU zN!}3m)S(Gj-&veOB!0f|oOBLJ8A<%qr}6=nP`K9&Bkchx0*}lSExuY#F1Iu}9*gdj zKHlkp$>80I-aw$!JLZ2h9cEHlKJy$XGE%BI4gGS^3=So0{-B9dMo!heh*CarV=h9X zzrTn?$%NvYta$Cs0|%XK$V|)auiGcj6O!Lx44=A|@Yb!U9do8Y+|)qZFQ96?=x#3t z_O@n~l9ac-0W>-_F`s>y`b+_eFZB_2yc&UqI$~w6HZB;;Jt*YL0{RGUg!T&eoF5a9 z6~lEHq2#*(_a?d;P<5YpHR5TyIPpd2SJE6tG74};ldn$<@|;R*icp`r>1IbspC6-Z z#)Vp+qP{_i>djX2P_oZPcL?;4O4bNyCAziGY)EXllaPO~CBe{g-y1>u6ewv%#Ei7B ziP^0`Vz3PyIbXJ;XRzC3C!VECSysSn~vpHEyOmp6QoQ$Kqahl&V-;C4g49LW3#b%QS%=s9e zUtE>C=tG5Aqs^i=jnGCoT0Z@iqs1_Lyxoql?Xpb`Qk{fr$)<$`o?Edc+2_wuI7U`s z8~eR?pPEcgGHTst**3aK+g!!kmNuHtMvj2kGcx)~B3#PDW&NO#exA8d|Ij&dNIM6` z4MBJ9Tf{#6$DlsJJT1mOjX(BYbe!rvL0eNRTXUUlbG7|!>MnP*$(YebYz}DWJ0aqC zOFQXs0ea#`VP1{;o?iT0^#*$fUQ=4)Itrx@*{tW^%nLF0-o`(a5!~{hM2I?}qYp>a z>9EalYkjN0+Wa-*hxf$&nHkxhuG9GrYtNLNK!DhkWw69d;it1K3G~>7QJ?NRQGm(K zhGWQVkp|JYpL8pCBM0Gmb%T!qicaOnB0a_)EY}2_k{wK}6PM%^DI=XJ`IzHe8epni7Y=3**s$QVPn8|Vcsyw z3$tXP+fd$+Sire_u>KLutS??NuJoWSkq`#WnuYMBN&XuRNBe|b_?{4tGBQ{Ko+Q%u zkyW`b0Vi+7h_gs-z6ZXmvYk6RHm&!LZPo+UGmBxbFf;wqdS}s3!loG!yO^H6ElP-m z4vt|q{IS9^>fyF|frI5~h2wn-;(QDPLRc$44idhiv0bj@>ud^4rX;g&}rIeRYt&!@m zxr-|`GU-)1m>B|7MQ|N*_8k2Ln6_BtWlE3d5-_J}nr}rVtwa%uhU(+ApO;#HWm-ML zo!Op-D=!`yS^J{LW@Vb*{AQEAMH7+1CujQJ9SUb*8o< z=G-~+N6J~(V6FAnrVAmrOG6nboy5SKLOOCKd#d&XkbaNE!UF8m{3VgWzv`xcp}@$7 zo~qf>CSK&$he+V2q8k(!s5vsl>&dcX$p@hyXV1w0McRy8KHopOyas*25%-o(vQ1Hg zJU@=;j;*?aKBXMA6b%Xaw|Jrz2BVtQJOB7O6FA>RA=@`YKehQz_#fq`Csxd#W<>Tr zK$nWRp*LwCBVCyfyl-8$9a98NYlHbGX>)F4X=U)H;+eiDius`2B zk!3%%+QmD2mC0IE#PW@@z#dG#RE6G!-ycS4Ox@q6L21?!7TX=LF(b7!XUA5ejGo8o zpJwy-GlEu`V;w?)u0I1XYh+AaaIOR{&KIqo8M*~PpmkOpV@JI4!SBVzOWte-?O#@b zwaynFL^7itd+2nw+9DVv^(WEuao$Os-w$x%J@tVa6RDEc?9JGpwx7E{MoOs~bOxxH z#vJpfp;@nbDSXjF6(^sI!lUMQPz%DrRpAbw%R;GgMSN^#F8xyMeIyV)xX?pLY1~&q zv{(pUOE8k=W&D2UKK~N*J1r#+&f+k~jN{OKli>shY)r*ww{{Q*D7*?Oy7~Pv(Bik2 z*n@XTt)|_2vE>!*1cS}`x`LU>DQ?2^`7{(^f=3E*u!Cv<| z^z{5MOgF?$zXBA*YOPH&YKtTsmxXks{Q@tO2Qd$2lL_Bn9x*VKEF@_MW!e`QUy8Wb z-bMcNqv1epzn#{1NaW!6-NTxuy41gb#d6`K0v z@N#-$=!*cF_M=JQ2S-GYD_kbqq+_<*QYXjZ0`Gv*8I`1#58`vFRgnknEpBI@jk+12 zDpV_Lw^FT#_|4rkHY8PJ`r0-$_t7fwzqzX(n-K7U7!kV^(x~T@f^N?Z32SO!Y%8w`t$t zb6J53U>9+kCAJznqTWURed4<&SN>J(H;w)+w-R46|g+E7)eq)#XxFG1C_1zs( ze~ti%tq7Cqgcb6O^?MT|2;h^yA>+HFUJ4~SufKof&6WCpml)nIM z|5=X!f!!@I%x@>V6f2kC{d+!>H#E1tfrKk`Dz4fw!EMnewoVFDv)J4SsR+TY+LD;< zX!J#rB?M+d0PIbl%iaeqBJ{+I=cUV9r5->83U{t|ev{W)_e?c$z<+n~5lcZ+iqTA? z^D@Q(p+SfP%X4TR<>^bHXM|7A^{6c4XN4l{awe(w?jib2c3^korgEc70l`5#s3$V| z9%{DId1($Ym1jQsX)1z_#V|gR_dUziO3GEGo3OVk7a2Z@MGMaXD%7YazH&I)s&}~- zPP91pXiJr#s#@H*NWEu*pSXA6hsqtZan#R}5ZP9ZJ+jzPgM_sz#eH&Yo6g;ddG0R= zyo%0S&G;58SjCAf#s;8DoKRWkgaX`bb1IVoxFp5xX>N5Z6 zhUXN_SJkl4wiRNi^x_y|7r=xf(m=QLjnhOIeK z&{MOV6kh@H^6U9$%e_)0J~|e62vxHHFptDW7esA3UOh*$TE*Hsn4QR%Wd35uVtOHioA`6vgg#IvBAy7JxVnSO`&p>gGkIb zJ+bKxJ_r@ceF5qxq6qDUjRa)3=@)B#&jk{2q|lg56($ht_}BKoFQtE8anm zbweeR%P70lul^%cJCc7=^=DI@+0>^GquOWuap!dH(E?YuzeKm!pkE}-fLs&X8**uX z0eJ1sn)Q`09lN-*H$ z!#)fVwV*!kINg0VxnWfM7?Xw<3tc2>dKA6WgE}owBThdFfiZK!?*@yX<{GeT7|`)W z{pzT#&2YwdkukiUvc|V)5p8n80H!heFgAJ=Rurk1$10Wb_%mzzFBO^DWCp)Q9X5*w z@W}!Yb>ta}8nTpq$Ir6UKQnBzue38&}iv{SvL3vg%5MW(L%a4aieAbp@~u zWT_G$7@9DT_(cV~u1HJa{6rvq|Da4!p>{60DSWAX#m{Ehka7ehJ^gKGDG5CYM0z zz#8C3eI-^)Fc7D*8$EnB@{*|mHQTtbx{^|OtKNKhHbc zDnT?u!)W|jpMx$i@`zst*~_) zjcnPV{I*6t4SToC-=Jwp>$G<7#N)&RSYZ_f6 z`(CPaWVg(H%TK1aSY}%&8IE)DHC@iXz+E>nQjIET`&ly!cl`M`-NXz;{#c361)2^18b$);2C=|Rp(X~s0vYnOs3 zC`Ts>C6bY~Kkt`X>rdqrs&LzeL>O5>`Mf=gk2QS@(Aj144t3+Hy?c%A2vmULav?N+ zNP+EZ%zu89P}aFttQXNuD37@N2>k-*J!VPR&FK-_T(A74uKKj9r5b^nclD0wnaCRl zRaPBi!xj!me%CDZo>7o5k|d>fMMzYhw+UP;rx?rk?J@#VM3XbV87Q;mRQ1aX59YF= zS`KXl?i$mzDwdZ=7*5y`yZm86K0A#C{N{?wNfvPEue(66&|egcV;t|#hrHDw##Q<13H;S14y5=?;bUlM^ zXk`@!XhjITX-Ml4wyc?a4|W4iV{!=?*GgletYC!ccIT@y%P8h*}fP)n#^xU82> zd$f(AxO&CfGcBWVwx5!vH20#E4!#6Ghu5|^!LGkMP!4g|oBsLcEWczu+AdTuI+O;$iRB zKE#xo>BjTuI5FUbqSBbpcToD$5(`QZS)S$Y3I(8a)j+}yeVDs4;umP>lqf%>#t@*w zw>XuqyI=CG?fxwHQ>*;`Mw0n*#r(upVq!$iy;k`PTER2xh;(OTz#OY`SlT0p_wy z&`mT2@j5y-bVyt1W~q~d9oTqq@hVyD0^zl{sb8Mqm++M?aoxqsJ`lNV5rc;qN#g=N zSbN=K0xcYO8bi9r(2*TN%F%DLk=Q}$rK5Tji^pa?qet{X30e5V#InM|WIR6#8z=j? z9is}aI=P;Vwy;HfME}5aSYSzjQ{nDSnj(eURCWO;k!WiREp2 zd4UCe7N!PsHa%Ce@u7u$d?~}uM5HQv(0m#en|Mnkp_6*$UjUB(*bA^tD8GRc<*sbO zydEtsO_FyJ(v~@DSxsGTG`UjB7CR68<4v@uAL#~QsPmhO^9>F%YwyFt2Jy1SO{?vm~XX{1|1(1#zs-q-UV>}&S(o|$vz z%o)~G!5}I;!pLsaNwDCLiH!d;>Ki4b%E-)4l6YJq7;py1@Ka>u!*@<;Kf;?!Bw%33 zQ?Bv+z_5c7^!R9vkuz#VNh8Sd>zLBX6IOdS7gLP&8c^2_*_XA1LP^tN$S}v*x7Zp6 zO+Ce!IED~xz+BupP%@+}kDo7GOi8!L7jAZDf^5H{L~NoMzo55C}b3 zg1k)qv95l>e<}_^^sX=~6}Al!pUS>wK)s*HYQBtEESj**u(vZTqG4)wI(^`wsVXSr zUspkL(*RfwBw`XL)8%>NtuCmD=az>(rT$mxU+LyRq**NBg0JQQa|J32k-b7?YA>IP zq#XCl4z7H_!c9gauB4ZD;J^?>|!xZmMSCy^@bm%VTZY)d)+r?pQ|L%?ju9jL*59|J$S|z?O%FLWuPSK)u5%C zUB1BTfqY`u_V8p+ia4ERJnd*AXAoJ&NWhcq&;DkD+~7J5@5@VZl?~Y4D58x%j!B%9 zbF=?yC*-cxQzBaAv0Y$|~j zSa~ikN6y9di-Dfb>clv^(U~Yf17#d{)yL3%8&s912DBgNICd*6%9d|HqCl1>j?fuT zB&)JhCgn2=M0*|*Cw}(qzJeb`@nbXGDLb)7h22#SF*mj9kZ75cl07C5QbywcdZsPf zi>767iu%D$rUT6OG?`c#`6j#?jr$n zXb|0pcHP7&3JP~dEr@ZJqDEDh_Je4E@)sh+>ugNXVS&O}MaXK-w2MW^CSd-O-gT5+ z+F|0;GVe$DwRBAR+Oq-F(a6xik%f@}E+*`oc!R5K8>53#l0UlvF{bJ>?z$QsCH_5B zeLjg5j;{E1w3xtk0WWIcTL#u^Z$aoLdNBn5}iu z|B?KUQTi&u9KiQM-~t2vhtjMU`){$AlauZCabXOadkvQHc!{gEAMT8q%EqtGP$OFDE z3!@Z`Wa@3QL%kc-^32)7!(viP5V(fXPMff?)5S%FMRSrW@|P_hh}j#%zEMKqSx+PV zC<>fgUt|9%;>N%^gdM+F!O!pTD+$+=l|X_$X5^&S+-56x^!2~8cL)2k74v4th4Si= z)<39`agp}sN}IgyDRfqKrh+klDLuWMUZG<2eVu;58lXTngA<%znu}&$TwM}P#7-EP zjVVr6JHr5%@dLjC{imVZjC;?rd<$TQB$d1{ymVjzfZI(Dzg%m6hW z>cGA_asvTQst(?&Jju%?OK-AAYZ)LfnUN!ZB}1n`AEjtDY`B*XE8qB0ucA|mo|I_J zuULmoSDt%`C*97N8V-*58u_u_d<@N2VDg9NvV6nK-TR@8YwD9=#?I~ey^PjYo7);f z4X+-}VP`+oj@%wr5~r>OhqFGG6h?^%Upw1Sw&ZG!jH^Pf`nNVEj0K(VAP+;lVF~zt z;msM6iV&)S{z=RRW)BRseAku?E;I_&9*BXP8buS=s7y1x8+jf5 z4{gvuH};M{`PEde?V?-UqXR5kD!?FLM~34$TUjEFNBL#&V$uAHjErXp)qMt|*aaqF zZaM>w)-;c$8@*wDvpTv{#)1vS!#?)fdnvhPf5AdWtjMP)p7X!NzwB?5R>D`ky>vWx zD0Aw(1UlE!i0-p1R#jOIbUDY#=sPOxwblzxb8rO?>io>6GA>YIZJ2R}Ju zX){+DHp*rToQb-Q(R(SkBI!ox`2UCCC=CW7ri9s+GZQFK5Ac@HuGwEeeza*)fC^C_ z$KDjFPJ;4~<%twP<=swHNUv0J@fNz2b*9BU%U9;^_(2WZ>>&{`GUixoO5}mae+^l=qL+e)v)wm8#bcM1h|2L#@NiIaS&_1hMEv$Ad6;_qB2yjSJ|2^f zS=b)*kXy5SJc36IG=xJnwtFdct5X7?op$|ML-<1sBRZ%d-3`WeJE=IhOE8V+HGF%$ zpiVhwXjp)s!$?r!GfC3U@Ty@E>SVi^%tRMgxzq>wmNWzYOwrmZH9YKfB%SJI@OoNh z)%FG(KVn(dy*Zom{&>^ndP`4XeW3V>Pd$eXj~lCpR;DaVAM2XSBiB6H zMNm9cV}*&*YJm$xQq2ems;F*FlQB=geR4%9@ci6PsBD?#=$xdz2&|s;aMkQcij?Tj zfH)6R8Av7Rc{{4%_mM6Dqfj6;6ln1hTI}-+up|1fbE?TD zcsr(+E9migjl}NGL?UR#1(Q%{o?L0TCP7ZGhx5n9U9iMR(b&-_gpp16@HA827;)?{ zPKbt64KQG|&0AWl1qau3({V8fFZo#_Q2Ed<X<%ex!PeXrkKRY1#1lb>4u}wLJx#-psr>U%AWK$SQdgg7l_WL@& zt{o=`x_-X|!SU6SNo6=*A>Ir%taUyQ7xx9-)2)WN)Co~ZlTG%J>kP#v} z!UWr+3)l>go&+vg>1*Zt)O_jiHCuEN{3JZ>K^lS)HZ+Vj+h-rUkCmw*^?vx@4-U|a zf}JO22Bu^sOVtIkdO>Z~rDNIP@#x)TjS|$UX?z_)S-%hwxa3epoh0?d#uQ!95orCo zhe$gD)RJ}C3VvX9N$fk}M_UzUa?S^An6<{ip%kz&x@y)i!!pQ!KR7uhI%d{D+4sN< zq|~swa5;t_1m5YML69o2GwEsUTJ3`?ZTl>KdeFu6+Js1GcO-v|S3$1%gti5|cnS<} zG+6%&_y*A7Z=%D9w|?zsMyR1iTEC*Nr%I) z>pQ~PaN*0MY2qOTRMu`!;Nx!DUA zhs62H3(s8G@iz|oW%YT+u`o;8p0j^OUxur!J{8;+s7^*>lPc1z!W9)tg6f)r6Isdu ztZJ1~3nwn*+5yS=N+)W!VxlWFdo{sTejB6bz%iC8;iX?gLIbr*x(0D{vL&dJ1$7Aq*j13Yg*xotRGY|MEJ5kLB?^MY*pDdN zRnXGP5gD>@YV?*D{eN^!^yqyuN79I0aTxAA{$fZ7|8GoTdD}bW8IIWW{!ZPVcK7@K z+xxgmHOOjnUZG@80~BWU_H<{!foEBPerT)GP-otAyXn653--P!$zAdn{+m+yZ_WMf zg)IQw76hEQ7W@3|u>1;z*U~x1JlZeu@5v;m>EgxZKDbz#);~WoyQkFbE=)W)h1pJU zp0VA^FsrwLD!K~d)q+0vj}ljx%QHfaAp(W<>AIZrW3-^=bjPCPu<<3tZpi_$@Sico z7Uw%vQQlIR3{6nJ>KvstB1pgcHkc55b~!^YxS})DoIioCM%YYRj(Xw|vwKt3X)bZQSVQb6Rn`EQA`(8RX}P_Wn8ir7LxPiJz8p zyypWUPQcH4_dXcTW8-&=zo&1#D1?D)L*A058uIL)^__0-{TZt=y#+dC@j=bk^N&6M z(iD-QpyEmF+nKV;I`eMe{n5Zd&NJWBMv+>+l4jM}IV&qEpG`NL5!F6yv_a!F4A0qR z)|hlJm>1^Tn0apqt<%p*BO@+)IeWBUJrQ?oW6XWB;nr#vqhn(>6pBb6euw|S1kaV< zBcrcWlHhzF4$=PWr+yp0Clab4RX;_(=> zEc+#{)3kA)V@a2ByDGfKEX7(oPvd1%oF`=Z>?jTn;hFvgB%ZDy=j3%+hB=q$Ao8$i zPkcrLYLkW9yQjzpoQ`-r(e;J?%J_b}?d!ejPZgr17^xm^!_cM1IuU(_j)ZU2egT_;HrouXl1PG7MnO5v~4}`QT56bg($Il&8z#MpE4gGy&=kMgJ>jM(m zDS)0_X)8j}46wX=j`DwOZ9@aJGLDoWhV$8~SW|@H&pMRa&L~c)yA|%N5{oULeu%Ce zQm%c`FNRtsVIpDi(P?BIA372Eqin#1S|ijL-EL&v5_pn%$;B9qw)30Q;Kj!~ZCh=ht@!JDx6AG+krmFlyS|+!3Ls zRUA)gkEO!+ixt;P@LdbKPxQ$){$`VA)3CLRS)H1hKc#%OY`zu{PJ(?^EW^mm)L)V} z;P-k-L;>y1LY=X@xr~(ApJ6O)?Iy<6OCp(=?PxfR&d}jn)>u`i zed&4fvE}tt6$k1HNLgf|$F&2oXN6#nIOBF23$)J~tphZa?R1jTH$%+DS%U-S((MG( zl{?51@@`5vFg(0oWO{=?a#sfY;Kn~hiDFsYSlO1!d39Z4vLhM?C=>x`2e6$Bac;hZ zySCi$|9k8{){AVN-3+BcjmDMIUgl4>WDYRH$cWk?q!@R1<^CAaZt$uwOPsfnhLyqEM8B! z*+(yN{|ZaDTr$MC&$8UomF&QSIK*vnDCjPbw5x>4uiZFVQZUGbQ_h33oBt6WaU}$i zA=T_pkMIPkbos(7Af(a|la9S&Q;kSsF6iKtC7@4u4B-al;^tKZCb^HWVr++2ZsC`8 zxs4q1u(i%cEhFG3{)+@1E>Lq5PTu*C^`Ggdn%|!ed(H^!B^4`5X?jWIabXT7?B~Tq zZs|hSqGkOZZAJnC<=tF+yE-CPyW&71%QJSJV}ddjW)MwOrpS}V_4V>?4F{FRGfoT2IW4PJ1W>BvMpqyXjUn;UEHMYj_JtP zUKEA7Hdw(usp%jqiI12@!2kyIv_SRNX0_ap*ZKWqbyW@GCv$n*X)&s z$Xha=>1GDK5G}wAIbS|Y_(u5now-Vl+Mu>k^Jx+Av%tr|+PB;4kJPi+ihltk*hjog z>IsRQU1AYx(MU^*&)oD%P`i7ld$k-!z?r20jBI5hI+AVQlvV(Dt$wzQcT@SzrNS@m z1^?)*6x@~rHu>E&Qi1z=pm2w&*{$l)u5-h&#p=Y1z3fyys|B8dGU#U>_{kXzlF!p5 z>f}VZs&;=}K%{h5@t%7T;zcNsI4?Y88@Li3$td{{JZ`ZQB{po-ZolRC{wv(Wn~zwU zrqKAc2H}#!#qU2;v6{oG}9o>=e)BFg!-WwIOHIcsAiEk&eC17 zv&)F3l-N9qtnvZ!$qvuDvGmj2G}8mBay2Y#J1>Dot18wz&SldU`Yh_GT{WFbWzG5} zZRV2h^o-l#75x!C;p|?3`Itkzn4Iam%tR#~R(VqUF^n3+bgI@``^tRMjzgj*4sgce z0zYOzeDg)x!wxi?>;gA_fgk@K{b5B$DC+!0=HItJnyVn9BPTFMFTxc|u>h-tLkSlw zWzsECnsHv33v3=lpOwyL+pKOySl*!091!Yi!VlSSK89=PrgG!sW{Y1K<2Dzn>&5vj zdK<^vWb#f!auIH}oC@eA+2XC~&6)|)?i?$_vyR_PE$uA$K112Gs=7JB#mL-9WJ<`` z-Vb>lUe{<}HJlEaa{Xk{#o8dut5mepP4hGGzG{UQ>KJ`6ySBxDi;}hwF;NxT&Cv0Y z_*VqGcxDXm5$h?I@PjA$)p$T8y^lJyu@;d&g5Sz9Xy5&Ut-%@{g6`dMpV~vZw~Z;; z!zkQWs)*S7CbaO5)w}0Hu3GRpAo<3op08Mde+7S!?}G93y+ag*$OQs z1wh(A1uz>+qYrK@M!gz%{{5Yw*Jry92aW(8@>*v&Dgwt}-mKu^*Oq9u4Sp88GGuV8 zH`zr^p$?Y+(y}Te)7;VTn;J#BdWxpzt~>Xq6GhQS2j&;$vC5aXaQB0Y+i1MnHY8kh zftn1_VyiYh6iUWUjd|Fy!^^s&;Tg7CUz;g&RFdp!P845@CCFz^3*S-Qr;FA~-x<)T zGM3ZPoyg;+UZWn(osh@vIo$jl zOYNIOfyFf~PWEOwgl`&&EE73m4$^aSC^u`IX#d_t;Kg#NO*SkKQn4`8dWV3n!QjQ} zC=*^DbP-n?q(qB|5a1-u3jjrJO@*ViB@O{SRpEl)Q^LkBJdb#mpQ&Y(%D=a8Vmhpd zlV~FHcr%gr8620Hvk43uO+gRLk|?B-z?^i<9z$I2U(fx#Q|=ND=d!^pM;WZbWO7_D zC?mp-c?Je;n!TWXL4rfX*!#yl-2VmWAn`p+`HYL^~_~I&0!Nw6UL{*m7t8 z?3E0F-O2%CZiF*&-`362`9=Nu(fMTp0I-|1Z4)G2YolY* zJr{7HnE^;ePtL#j97)C=0p zO)%`xso0-zx%Hs=R=yS_a5l}Q68Mj% zMdmV{1zwo2H~bp?TJHi^Sn6+c8&G0k2Q$c}>)!xDTwSkvM?Y^AZs-J@;ntG6Y>^sX zGW6?$0J97=BP}z!4I!sTlD+EH%1C2jJmTVl)phw3BmtF_r?E_o(sC8^!AIH>lI^Sq zzINYve2x46<9uGV_(*S(4z7ktjsS!i_YLdge6UPSM1?%{ni*Fa*dO(wpVvp?$sM;Q z`#0esY33jojAUTPPxWbJP$<5M4?Pt=6P0&UXdcqxlH$={hO==v`~^6{;}~&n3tI!6 zj_FH_Z+>MatOjuxs1d-D8m?UkuyZ!U!7}38;&u+Md68fuHiWFWmf4yLzpOb42Q`=7 z$;A{O4zz@Bpd6lbx?@kD2;F-W58{}IQA9H7*yb2?u$rn2BDEKJuUtv5^ZW&v$iWk6 zZY*xTD{8E(nk|>a;B8VImptGCC#c;80%op!jhi-7W=L)((EFgHyKdkVmV_A37?s50 z*E%{5Z;9a3vTv$KjRFNTWm?Bazr$II&33YDDwa^h-SkEN4AU@l>v%6w)H}3roOVix zfevF%k!YzQR1a@fa54X=)}=pKvif!me>}8f(AyPD(^Y&N53;;7sS;@L7us8_)BQ~R zmD_KxN`qHD7P~`GDT_!Nb$G+#GNp$!uQ#_4B9;)U!D=b1gA!ksMiD0-X#Ivi`q5%BK4+mY`=)wegH&Z3z z52GHut1Q)+?t@j(akY)3Q>VFEXGXJ#Fc2a6(A(}bn5ByMYjNC-bIt~wz05-K_W4(X zmkhryv=~Du@9R4#g->R#m~-8tP@A>a3}jTgZvvCKR3wj-XaK~ZK&@S5E!(|Mx3EPL7_N~+s|BGq4}RDamYKh3J(>FAisvm>;p zwU+c>$>%R-_og9q>1{DALP!JF8%vr?#^3LcPB<&vIA65W46m8`SwGJILn0*4FyMz> z?TLc^u~s+m=}0~IkiNz6p0 zTK6gbaUlvy%Zz!t2G!b%H%mML8E$6PEcfr=SwK*r=1?b}nFzy2pmOmVV z-zn%v*pyDg!l`PteH$>0UYe?`%>Guz$!AxRMVcO!3H{aE0wx`-PpsXCAf=lzSmcLL z4rC6p;9LFTayZ9`3-=^Bj!Z>={|=}m z@(ETar3SAp#oDVX?KY;KZ)Fp6&ij+UFIxuilwp_mJiJ7}B{Z}U20z8A1@m1_45XYP zk-_c@BPY({0nYAR@K=5@bFu%;B)VU|p2_Ue{kkNWeD13?8?`H6wwpU0OzxBL715o0 zDq6p%)A41;RnT*vu@E+;@aBO+??HkVF^qUdafqIjd27vlLvoH3Uimr4rpWZQ(o(bG z1KyUCV-Jy$;zKKYC!+l%wL32JkZtdTmdQ8q6=rCa-6trpApi}2Tv9zpZh*0xnZKiV zCRCZW7#_Nbk;GQ_t$4PMWTR`@kKDjc4`bGme(fav^AGemffOYi=F~dtwHCt6;gFMa z2Xm}qd5*9ebU*b}+S_Q2Y^4o(NGuNuT`tX%TjA?zEGO~}aY3oliUDB_n6qGEfFKjcKA>&T| zZ`)blR@RBspWZIaQv4f%)V$7Xb^Ne>gyrhBAmBP>2>8WS4CRi zI*esChN4K!yVn!o>5aX|vOduQVeEfj>yCm*h?UvYrwF!gzc7j7<2a^wydSk^r(WLS zqwz6r3E*QZs;RT}f*F2cB=;$^T&g&s)H6nAuC#tshgHyRL}>IL48Y{i*8h#^=zxje zasU&f-w*MYk)P`pYWjJM9*)~tVU%9BHA4W!fvhRpe<1Gb?X0Ud3@zVpNH{>nErzS1 zDAjq#(5LEd%PL--xz1HaU4r(`w*t37THB$+vi|FaFk1fm?|lC{#>cUH{jTZz9Y57j z&D5Oz)*5DQNCN(yKo0U0=LGQFrKGBNOrT1GLc0lb{IYmM$d@C}o>Vr%;RvYit@@sx zT(wW}a1Vf?daDwpjtaMhlFzdA=fT&79dQ{=u-Is!Ey@ucKP>f^zc97xJj}*aOR9Z3 zgtFCtN#hq!?Dhq`=a#OOVnF%f1lhU&!YQJ4?5yv}Uc!?*%q5q$ni#medM^-E!jeDx zcHMRBd!0qd{UL~}#tw}=)2^IY6^ zNf1?9hF~zp3(vVbfT#B83Cr}gl*H!wxUWuT2ur`-Z*(l2`(;GBQ+NENZ9wLexXt&fn4Nm#+eTX6d{@IN%!GFN!#s`ire z2WB;VISSt(aSe~3KZWUsP8--)mT@Sk$Nye-!vMtD%H7LJf_QR(oNrlq<|A86kR_fp-_OQv?EPa#V?q_5KBD^-=V-6?_Q&fup&MBPpeuTIIIc-&h}W&Z1IM zp*&g)F+bolGL+AU^2LX&x@!-hA*jh5TK4J$Y(Xp$qqt?YqIwV@y7YNkQBA39n>lE- zh_qbR!oP7eln(P|c@5|*v-kX9_h&oPIlCk-2?6tE>xbM^jDR{ioty@CzFeX%ol&Xc zQ$boX=563|5fJrsjv&Z%^H+xG^XT^{UT=A+7cYCe?)RiIY3ylUrZzI#{-nY&(&=A@ z^gLrqv^l7~c^p4s^n}v1{z{#F&q_-7(A~n(drEokF>c2Vh!|%`FF}*KUQz?ea%xxm z;N2qFwoL_vA_Ry>o@kMnNjZ+FI%x8Ve`!e)+J^D?61yA`w69=xx&(^oR7`o(eqZhl zYFKrY^V>{Unn;bF`$h(x6&2PmkH@O@ge2&3~sG4iyg_|E}OWfxx2&wptC zlgaheAJ3~BxbsGQcz6$bDS5>|rXh|&(i0m{3(9H@R0I;yLbpI|wQZ-XaTguk#bfAe z_+bZAAU5lHr5oX@ol38UtmkUf9~8|*G#5633^o4Jo1@tSPCtd-Wiz;$MIxN$2_I3gikqNXY zFSPrOcSh}`FBA5yokB0*(vyT@jF05=LgeRzwsx~8vQ4V+cfJv}76wK)kqt!7`svr$p7g? z-T~~m{}PWv*(RGZpwn#r{j)kdFL1DV6JouRaWk|jQzvXO{QNVxyxM2%DSdv0Lr^}! zfp2zfxPO`HT}?%bsNvTno2i5I zh`}_hENGGUQm~ojD}?D)Y0j7XL2Chds;fVOim+R$g0kZ*ePF;D zE_@YOSZLghq!VPl4Q!VyllopG)E$2TR2=DBDDV59d%wtO-U=FP#EAJ6G)dl#6oE;t z)&?s^)QPvGy=wLEk!0L}J-;b6!+Vz!V@TVUgCx_Onl?KMplthd(Rt;wEy3ff6hl~! zfmQhd3#neesEWigspVd_RO@_mD0U^#L+zIiz;%Q5g-z|n6NXByP7jj*viKO=c(5JZh{6K0vrZ<^|zy&vr2({|W0XiAtL_?ic zNc0S5*YRQD*s6*S5@f!0IbM4Cd~|(~DpAC?Dcc~z&NOJ$OIVEi2%V~f-W|a(T37wd zIvs&{S`+p#sLi?B6vOCvRih?{6*nDoe4sC=v-&e=1c01~LPOA2nyyeuW*RPj6hsh5 z|7QLVz=W;6{Yv!jh1Age`J$&saBUr9HBOc#y*!ZBy*_M*hN)qsIzK>uE6juhBSDT7 z7)}@18Qtfdq4kcu2#Ne>mH3TI8nIZ!nMj+%cT zBSpyx22{y#NkvOEX^Bt%J-L@5Xtx_>K%#c;#8e%a)U1sso%k4#oq#R~!0?oj`96bA z;JU??B4O$w;VCjeI$iijWVL>CMPrb~vVoyebXB<85cEDL>-8 zqW#>#uqzKxknFC+6o$-b<2)*yg%U16&#!-bNmHqD8wNUR*m?`^B+iHvCx*mQQ z(8uwAU<2t}lckxkSp%bA{#SBBjU{X~{PFCC+Hn$^dCS#4*q2w+lel!bAD;_S{k1YW zAHoaa-9~;cIPtmpfb!51&()4IZ2lCR@H4w88p>~})o>Lf3H8Z0^h7VGR>EYr8s3MX z2>=pH=X>d`bW0*Fy<_1tKlvqomzXHkOAu_fP%eP!?=7yOWPydHZ~vW4T_XbV=@_Jq zv0xUfbPCApDx-WjCX=z`Vw=ukY79}!HV~ky5gltO=K~m+sl{!D<$h*i!|!Bzsh~G1 zV)Yf+@jE5PXPEz>#4K85m{pMQrL<_bn%$aLe1MEXP0p-)m*BmHyQh2fI~-xAq)?`h z!=atuU?Pt@T~if9nu+fui4r=|jEvQxcz3rs$p|5k-`p&u+yb#cfVe;3mtk0gx2ZzFSn)2D+k7DjBVRid8dtYWPGs z{l}5LXTx_QYE3Qwi#%{&oQ;e*JR&qim#emV_3?O{#fXd*CwYkmA%&T^xV1gnfUV#p zm5CySD#V%Kk2GVk;xNf!(=i#n6v}3PVzo1ae?dRk&-VqeYc$cI)K8x<^gCs(Aq@g? zbRe=Kh-4NWPbYkpaO0X4JLJysrZZ`Qc|vhT^uPOkB_W!$3%lc3ZEOLu+#nd5kf1@L zbUm8W?QGI;j{W9&r$I`yTI!t7MiVSEfT}ju?5)nS;mz=s1Jsg9;t!xp4y0*aAcHwB z^7|5QhslHVE}MwTRwa0I1VIt)j|pdF5rDd`;7(>JmoI(wl5JUYy>{}uX7{W@LzOM+ z>v%v_YUpi-rUQQ|{QkqSrM%xY#s~C70`}$*ZcMzNfz>gCE>L+IS|ol>(ht!Z8VL4i_C`2+v9(mnpEOpcqcGm~ zAxQr(XJwdc8oeNySrG~v;Biy5G-@x)Mv-EO!57)|l_3fKxT}A~S4`LMz-} z)FVhVFL;;**M#VVH`lFg2q0c)wM=d5L3Yee^c(s!HodLkiKXS=4r5J}Q) z5$4~9;I@5?DjJQ6i_0dUQ*_p6OjvMvS2bwR!Wq^SzPdGOV<@*y*7GjcU*@&s_|>e@ z->(UPm`(cedg|Ylb}P~0PT?bG4a#7B&LnC+R zZ2dIzXYv_?NNIq}G4roKBTB(G_N*R~K1(+Gvw&kqgj|dVbN4q$%e*r4()Vh?tmv9G+l58$V zhzFM$FpxQ5x%*#$n0>h!Asq@*%%)cO&!lhYXC83=l;)mqcb5N%_Rri{6$gc&c67;b z0GW;a{olENO)MzK|4RK2d{>=wu2!jQ_+`HkYmqkL3(KrXPr|&JE6F`@c3SW(a z;hi&qE`Od|H@Dh1{tKW^-g+s@n+tYCBt=rfkGA9S>hHfP8V9FJVK%jrq~<5w<5M4* zPL1_$?*3GcMSnxK#M=&tUoaj5JDz+&nQ=< zK4KzI)z+Vy$@0dD9}PmkWRI)JYa||)=?-C+U_m)2Wz@{D1L${k+VY_F@vccSm@&=% z6DqAOD5nfkLCt1EnDk?d7e54=c+(7e-WR>piY%7UBawEAIvmZExr>w6uz*QebL0?*g2grk_C%@>$GIh&jYwV$B1Rr*I$UxBFKZG&`^g z1wM2q@Gq6V7~COl>4?mRKmMlXwQGI~r(2u}4dR|Bm>}CW_775`&k}Q_f2D@d(cLkNy=#Tw33N@ImL9ZCSv%(xJaVkI9|*7K4p z2qA|K^JmItEu+Td2&ef_2Z4+QG)cYVdA3fZe!Rkk9{pY4{}eCxH{?m`?rKN5pU`rQ zPRfDv;`ZA_VYIQlVO0pB$;~^84q1x}GlIjSegC`pV;zfLT;e^YD$RUn4lbcYlXxkIEhk#?opY!jyM)(B) z=MR}@`{Qgy6czJ8FTGpde84--lqTh@$yb@lrnc$J7<@d}b)0%-GUR69bEY_{EDV%! zQ1`2gO*8+=cDbOrxT}qoip|BQZR>dVDR^6=b2vY`!yUrH5lR2%=~8j($Eotbn3gCE zcbL>amEgXEF*^a<5`%Ln@ZR9qrJ`GE3$&n-5b9mo6_`y!!)HWx%%T&{KV|m;tleG) zXtd9TKiWB_l!0e53TR|)a`+ukUQu7#SWworG@ea<-MAW##=?WayIEI!HN0YDY^n57 z!?mEY!T0b7bSRTW_ByQ@plwL$>Z1$&Mut^#bK)9jw>%6)=r1XFQp4_V7|_`#Cs?4t z)DH6ax*EuL{+aMpgS{{1v$Uh{bAQqZvoB~>Zb{AbyBEakE6%@%Toe0eNZ)_GX^6oe zrGA!b^|(p>F%bWU{7GH+gaT#P_IsO0CAM@*8Wo=nA_Ul_CJ-t!ofX0O3+CWB&o;7#2Ym1+ERnv>{EI=&qRCS#0!FOyZ(q_!?GbEUxfp%!B`y{fLu3@`k$ z`u0;k={Z^Ju8JmdXhjG7DT61IHPk}S2MIQN9=;B0>{{(>M$&hbw8V_SICY%Yf`HrC zc_bIOSlXM+P8%b2JVHoC6DTOa;VWV&`j!^|j2T&z#RxmE(xYvnb?aD+D+2KHO=3w= z@S6StKE?juEaqYE&t40eUngAc_U1d45^T&S6D`&~Qr2XoMUc~hGe|}xC3!hF#QOUZ zjeWj2?k!2Jwlk4OP+~^e`Nbvdrk0r3d(FH&xW&RrL+%`wnZ{G2&ciPH-^TtSVdY#C z5lCZt#h?+0J)YggB{x#k%p|nS4qDmIAHwkv-u%8W6>@U0dOERsEpz|nh;TTNDlQf& zX@HD%$(9NcZTmhQCQ4?2Gv(?BmS))qV!~cgfn)d5&-ZM`Pl(61`cT$Wil{7svBt-a zK`AlfG*aE_Z*Q|0Gb>oRv7CptL&7PnmG`{8<7;MRMAC-Ug|Hc&CF>>XiuxYZ^M-+U zF4G~5Z6*j7CBIKN7ZHh6Fg>w<_vtWtgWqee(z+cVrPa_~?t`6)S&p{gSiM}nni_)6 zw(eqyPw?0j+WrE96<8gPzUZ-R)Qy-|ltkc6Vo5NwpK>iHRGDU!Uv*+J{>;)A!VuNG zZwoM7E&|Xow=zE-BL3?i2BGVEf5?@6SyPUfzavv{WXZeDsGjpSa}i8@;LVrlZ?FSx zuanc)a601F$yFTUEx{)R$#Eo8MS!d9crdCHjTOXSEXiG!aiP0yB zh^#SD<1t@<=Lx%ZA3U4kVEMPog%y$}0v+IElwc9_sE@>x07MN6w) zL92a2BJEGnMqLB5Fta9&`HJZO^7Agxx5Ml2;FEsJtXn!`sljweR%>eDuCEe0a$uY{ zXbz0Fh5E<*sWj!dTc{gvU}R@~jg08SD$VjBFSxCRxiMwWpqPP$IqTG!^Z zQHJg=$D`-WRIB@7)UyFt(o`cMVf#>dQd!tuNrpsBw{Zf#=61C#coyNc=6gFRRiow7 zz}W_{tmI8xB!Z>31((W7S=nOJHVJKTNX_f{5dyVC5d?8D zA7XYBW7MB7;IK(}0&SCeKrxF)`JY_kY~|YG;9)RWnk!iu z8g|60I-s$i?i@Z#SXdmpl;zZ5knkRFkH-eBte%950&4W*hb}DZ9bnsO-Iu5VYNdw8 zXTwCKVOy>^(jz3~RH4*qT>#6GP%sCUWZ<%%ovHw5*Z=5ZedyTe6(+D=tVlekW=eBH|3^y(^>8i z@xQmS{ft52e(8K%gE%eo&X#efci;|#QMD9{>0y|#uW(E=5~`TTTrGfj(_5~bVF%Ap z^~La(e!XPrCmb^#k`ABfP5mF!TurM5nW4Xc6H@LK2m}oxrDjJZWU!~?u9Imo&I)b`=Ee&7$qeeW66gw(K98?L!(AcxaYMectM;#h4 z>(e7T$8j|RM=Ubn7*14ew;6RCLHG6gX$y3gy?w{!p7DC&=m#N5OEyWCwR#7OslO{% zH8F0qi0g&(8MzZpfZr#yRWu`!;B;T`(o#cBFf2y%La>7vsY6vW@ z9`~mwy8)ySap-v}^o2mXwh<&p&*+%`<0=zeZdA)JAGzk7G%fIs*qUpKo+W6if zNrN@cf|cG-y1C>oEi|dVi&XE>Rj8)m^$<>ke?uRQwdO-Ofjkm#oYd!Jygf=}Jh#Kf z-~an>k3aept{`9KAi{=l2Yxr@N1yrH&D6!ptZcsCTeVfSg^-JJq7k^5WPN8@`273-hZ3`Bh3|;j*J;Yv-rzr##IsmsicN?g0jTl-|B8F zaUr_BM}1NqOOf>wI~G{yyunRq5r@S-F?3ZQL!GD4G+RJX1}gm@1F)R1m20=MS>J!0w)u zelk}=25hTWbUE(COjXKi>X`OGab?i-9t5?13^9C%HS2XBSY*LCd*JghU{%La4mwHw zy2)qkA>EgrPFQN(In^#KF6{c(zyItR9@E~h(mKNQ(|O5g*OGajB<<}yvTZH( zGUwgo+t9&ls6Ej}tMe~_{vYR5wI6rm?yqDpOpduTX8<&OS>v3uUZ*-n>oa{Y9ri3M zD&jY27Fmtl*U73luR)zwi@XUXF^()lpxX?dhq9t=&;oHlSTGX%m3fY#us3~1y6o6_ zZE}28>_c9qCfx+YD^WBhQ?&Y0EO9Zl%v9!l=`$5n=qSJR z2Rjzk8~-0s@8BQT`+f0FY&EtTXJV_dZBA_4X>2vNJ+Uz{8{2NI#z~X5pPPGMx8L8t z@SNxDbN1SMy%#)9Nc~w1Sm-rFj8-XU{40PGx!E1p*Ccwm{CFsL^wQEVrGmloO;?Na zuQc?&Cj6I_e}DgLQ?D|mLkH~zY`72Te^)3ak{>hR5D=NDk(>n_n_zI%LiqzvaoPc- zzIiz47wWihmPh1WVaWPxiU&mTldcwPrOITEYPu{a?&jLR1z`k3hFp#sT$I9(>E zpKujc)@(@JGCpX;n*u$_yM|()mB~t7#$ZTT>I{V~o2w1k#?3Kp33YiwYJa?pAYiYB z6bVb5hy-)F5Dd2;zg_|TEjo)JHG0NSF`yFd%#~WlJ)1^doQn1FyoO2Gu5WQ2@8P2t zB_G&SSQnH zp^;Q18DfKf;IS;)uRXwGP4J)bsW!Dg@Rce%^!fUgy$yDgqh^U*9=J8Nas zcx^A05WvhtDV`Ci^%{zPK2=dNux<#`yb&^HLH-rX6|3eJd+8GA0B^S0i8sM(d34QA z1)egJ>mpnCAw2~9BB;DTlXPS{5|?}flD|q zY4-;92a!KC2iJ$FCkX!E}sS?|46u=LeM0M)nVwaI>f*US`fp-Wz_Lmr4{hFVh zM|au39R2Q_3r?gxssp9HSfV{}Y=?HW7#+OGfs*7N`p2*TS*nUY4#7hi$;_ZDccARF0sU0ThVS0Q>sy6Z=Quyu~t#NdH_?;e~d6GCk z%sDhg3(9WHNs4;>jG)Kk(axM$ek|lm|NN-1&8NTQ3vCzA-efX@kvlk~*?Y_6Q>&&7 z9B_*q4OjD_D0H(b^ztNrKfr;fe+blj-Tr({dip=&3DO7gq(ZCFR3DwC&bnU(wJ3e| z$8gb6e5ruN|3^JZ`!(0j@gG3Dh1%`v@(X1kABF8OJy}~9n|-W&{q3J+y72Pu>DsG;8WZ518yo~fq!73XwkW48YQq4%S{Yy%_qhEmOKI{}ls z8s92;u8w&yy)k(+gxETXm>f?pFimBn=Bv{}>0wdtSiDyW$oNom+YG>;NjUZ=#u%f+vU)3NoIT8sYHtHpeVmn1WJ_9+PUJkv^yM&v~*{=*4~^O$HKV zAyw}CG%nmK-_R?Ac7KX@#=1aQfZo6+vJ%iO>~zxb2(~A>{xz!xQ&cc_RbGq<696L= zT@r;Aj?K2SHUm-HT)Q?qwvXfnPcNzzv2zbnIgAO*L*0zoWm@wp53&?p(!~6lFyE`> zgf@p6rDb4=V*_Ubb?ajs-H{tZc;7bIM2dir)riI~BL-A&UOKZ-Td6%H-w#oUF+?$==0R%-i7XN&8eKyK6^ zxEZOOd?~l>t?GlNK#aWlV3U(yeND%;H^X5^@yfI%Tz!-?5wVVrR%xK3F8$q~_5$LB zxZDe~j}RZqy%n&IDBK}bP=-yB?e3>pco?cb3)!I=VQ68~(uff4wp`9UGki0%#=65= zzRq?%VC`W@lwKgS6qxdQRaGmo%BH0KK7vTgz}dwLp{3*w{Ifx~Ny^w>vE@Xu0WG~2 z+0j}~5;tMvo_*DesR*4wbw((1IB^a0x2E*@;q7zC>R~cvuWuV(O7eF? zeEC}*NlQk+pCa!8@zlV&6-6LzK*1DQ8#)?>34=ry{7IR08O9J>#?6suV+%3W!6rV0 z?{;&ZnZD1;He)7239?_}5Ye7T)W^xZ6JfXBXg6s#x*3Ou-ap>`ulad>|PR-=qvzK265)sF_6~cF*y-;z)QSlQz=@?06;{ zKUqp4di+nEAUP#hMtGA0XRNV?TRHEGC%jApg8+|gF4E9fjYU=H(iLnB{_rq*OJq;x zO5x8?E#ulPTUd7WvcR24<1B5u>ElnZMs2Q4>~9 zbh$KD@M@=;MV^&A4S&n?d4EPbmKhzD@L-4vc@@dRV-d8Ng3k|zs!77&52lbcd(=0( zpUZ#z4?y-$YA)Mfd>jxVuoa)(rTc5;xmICL_nD#dp35n&DuVhL*m$NmJAlLpRLYm_ z&!H7_5}=4?!)vR)bdo-gj$Vp19>Xxw`TnuehYT6uxJ1RwRA-d_RDFhzDh5PFz_a5d zDGgJEr_t5@qjdG&tu`dyVnHi*$wEBAf7|0Z@yG(H?F!}nxjwv0Gt|+9zkKl!JKalh zKvOh>vrXS7>x3GbzeN5QW;IwFI*8#5PGPKklQiy^|6PSMJF$5ut#guQq(O2GvVt$1 zZ9HiBOTXjO`FchiE4^O`Xp6FOJ(S%}sOpuvI0VrB6WiB&pT8` zlH1<6BzUrfQQ|H4w*Dpaufzo2?&@~A{=ZIVw6fx8qihPQTRT$%=2to|_zc(>p`L=2 zR5`o%H#>MV#y2{@pz2^*!$e2M@khn3FDq=~bUbgg)|n0WvHD)Rz0@a{>ZqRDKo!ki zniZ?xveG5THyLd|3A=dejgi^%vI8g88+IA|_3vkb&lg zof6(5uTIf1Jp<372aSON`o$LpaJvb5XI?EQL4u{fIR8BducrWbQTHjvIeJEtqp9AW z&LU2ZFm=(XTxpxOdm-LYD^Y~$K_KFj80!mb=~44B(c(m`{?)7jb)ehr*6gfs5g)Xt zc-~>-6gHc{kmXa-5q=b{hu452GKzXQf6YLx!o8|1FF7abT;`O4`4$o}l>VLw?4zc_lrl0YsE{aZ%>rp=+nnhi`e~zLA$0>b)5s;@4(U|`M^z{4veI@`caCrQst80K;h!bUeO#?X9O4!6rlrhM6W>P-*f&I z-1};XU2pn6h#OMuWCR7eo2;1We%xhp?F+ewv!Ce1U|13R@DLTwVLGV7r#!gSa={A1 zZJk47Z8!+%O-&kW;}RI@Fw_Vl9vsW~C5Ywza&;pTwgw_&)~KRYG>eNpCo`=-2Fsdl zC^NIra7`BH01Wh+(M9V^xRmuX3Gale$`HF)SVqVbd?>nzhXaI*W0$-i&W3{sMwwRz zgzM5PnwSBF!UM&ssoEuwHbL8kr62;#c4CEdCMOiX;MF{#b<3UKtD9pk0h5LtKc-OF zadC!Pr;NU&{;#1tKEBvH7!$&iV>W~~h@%gc6k5t5;dTd*9u7tjAUQ7_5QQ$`ALw)f zp`>|Oi z!q(6pEoLtFCCiTJ)Mw@Lo(~jF&}k|`xv$%D#B22nST}1#^j0Sk1X_E21SENwA_fWI`nS!P9BHI_DZpH;1?wIC$*u z712KOuVCdE^-WSFAllM7>1A-(i1R=vK#8|eC2H8$P}dO5&6TawAiFkM9|Z{lpIoOb zsrUZIJ`&5bA@K+o50QeYsE!u73<7i%{*U|c)c@MZl9>#Cxt&T1xwnKaP{t@4`euTX z*86>Yd2H7HmLR`M3c5o&&~m}Oy^$4#djxm0jfkSYDbF)xC29F$+E3j5qt{2YIH|L5 zoraaw)Q?aV5MMqgt6gVfbI6cFgn#|CX_J0;G{6GxaYjYbQSH)fe3q~vfT{HiihJEu z(M6&s1b?MUlC{o&?ikWHh~NlE=NC~;u*K8GNP>a8%0dQEdNmpJ^(bgr z2&rdK7x%Th!FC#x^I(oj}L znkrv2S-w5+n18CqeTDVFwvWfkW$&PU=rLHkD`52rB#Prfn!I^s)8k<`C)>W&Im3XD z>f@2O=G+-UAx}CZy>hz8BR$mX`(^&tcWXjL20Qp^MtCt9IhgG+k}D(q_qE~C=$Y^5?I&i-~~p}6~^egwCRHfljum#t;5pPH|( z65BeqfR!Tw`ZCz2D1GL^jJQ`;x}|T3$_P;V zXTQhDPsPyH=JA`UovOb=|K1>j>Q$XhL8h9^0gL95fjYkS3ELtLBI@s~KWAM!`E{^u zkC%eiLXenJBm^BRTyfP-It_*(cAy{Xr)?~{tRw?tl{%?NmS!4ZR7Qbao@A$X4GVaG z4lp^Jq}Gj4g$Cz&MfEHeUY1)2_T}_RUyN$(;2gd2G`-`8yt2*W$y%vAn6%*v#pMs( znnZUWI?dHJGw@lIFG@cg+9e7omgozy9BRD{_2s<%@{v&Xm(`gjv$LK~uoo~1&O)AJ z^+prP5)BB8*i1^W%bC94QzUYxu&1 z7>c&6^XkB7PUw=}>73UNRlydrxmX)59AG#&OO5PZ2IP}Ft@oB|`aj)6Z+wyb0D+rK zrZy<=6;c;yv+=YNwk~F^rxSF}Fz!-24U?gI+`p2PuXPmT|Kpzj`I^>0H3*UMm(COX z)LU*sUu`9Q0j2O#tnHoXgDnQIS&)f9K=iON+ZhpEvjWm2eb|t7yJXi_eP@ryYb$bH zPZhsRFh)R0pB&=r>kl8GMRWxdQTZZ=@kcma?8NDUI~JxsrQO^V(#p%yR;YjaQRJ zI)4zTQB5y0%rlTmM_v;#trTs|V~0XcuDK>ByP>@l15$6*ut{zo7nW`Yo9mXzpkQ-? z+EiKBa?arw>f7+7nt`pelk?~mi$uif6?hp z9!D%t6SyPCC)M66-u0jpBwFy0BLhFBpP*#=VgzL9G26=bKc7!ND@o*4;hCngoxz%sBc^_*HIs5OFlqN^79sHU@Vrcp=GaNL12j&hp>sDCf zSm(@b)=L}8pC3D+2|A+Afv0GlI=uPMS-?S;?xM~?A{LVlDehCEe)75hb16WZE;kkg zNJ&-8qzv^~i-4e5d{@+UU8@jzQKVVy`(&{qf}>CPnleNgm{q@gF2f=aEoPZz;UI^x z<>4dwStd>vOz*-s?Pz|@A*Nz{?iMZuz$Yf1^Rsa+vAi=PkRX*w*oRvXZx}cQr4ZiYBDfuR?~B_z8`6F0b%x zP6H9>v$|p_7+z%m?b?+46fycn$t2^x%ax|u7L7>K`Xhe2g0VM=)_oH=UpnB;mD2&4 znb<$UYg;w=R>kZ3q1{&Q9N@)fo``C6OK%5)3+C?~5t%vBF6PCqUgmHDF}9eGw@Q@Wr%Co)=02%_|ftUQT}HX7;}IO?AoBseFNnW(mVC z6A!6`MxxDq7Y#ogKK4_WMjS8Y_dIQKxR>cw;iyeE8HDF)c+jvj3sr?rbEyn6(RA<6 z{T=VrR>MabzoeFP1O;}(R?h}ZEA!G$hyhTQyXmRrDk%#^fhhgKsYgcT|L%htk51&! zw#`#U%v9rxlq`zl+UO z{|7KL{?@)9_9%{&KQ7qbO^INd0l%SX+s?_qZ+Xc`Eaf@EeX59f?N^Tho}KvIO|+D1 zf5!}FIfJVSgz&Lvvy^*|`ZJS6u6pB+3M%8;yd|+R$g;cG$9mCGiZ`F5;ds1PXPC8l zQvJsBuEbt+J{x#Df#*k`uhL~Qm}bphT8URT*d?cm{?O?^mh{my1()M6yTpKwZiVXe zBgM@Y8;hM)s?0)VB%5<4nW@ceMWce_BMl+;2Ym2)&s~SyA(H9TBO~K(I$W4$F0gs#-~>T?rC(A z!CbtO&Do}A>b>R7MzsRQ0wd-L$aC!f0T`|2==rokwYbfe@=H7)Qz>G~wl!q3DZyw@ za9j?w4!0=tV+_x{JKo@ILuiF+cn1>`*+itY1>o1Dl9>K z0_6aIYtue)=&PSFBS%?I;Ct_+yfX)Ps(b~|@n?1814g53yGPQo&WxYf^5wD6V3Bq zu7A>A={*Q;z|tk5TAOd;*77BejhNp-izhrr0*!D6dd;w{fW!Q0Uz zXo0L?RTe_`JoavhwL&RwM?Xk?cRu4gO2bWc>4Dtd2b#l!W$Dk->|K()IuNTO>zah- zi?g9oT!!?NkY=Hk(0cvZ4?TPznnlge=%Q`xzt5iU&WSVx>vf7Qx0-V~6>G$c&s>Iw%)}vL_k6n4R+C5T zqdwixu{raXSWQ5~tO4%YXUAlOLtFitKC~OK$~00x`D$2woSOjQb^Z#tlIONEV_U-S}*Cbpdu;_y)rYd zxvcI^M=p6BV{=Ab(y%8)KeS8ec*5ys!&xvzklc(KpQqo&Eog@=RAk}v7`TGvmH!f_ zU?cFtPf$QCB8IxB;_eznYX0$q3c0haxALyIWbFI3?{i?y=uh+^mWL!@YPH>JWLxLoH>3E%F z3Ugt;Cr;_1+bcb}H{!-S9L29r4upO@=7V>fMhQXLK^Jg3pWFn8tJYZlEC!3voqm`u zi2wD$Wo+snB02UzCk|bii&}tTaeF&QLF~q=4trYwW6w)w#800h@*qTY4EMpR3?uL< zk~HbeBL;)1_?ikTfABDqcu3O6C;HVX8gWQAh;ASg|& zpJ;~Zs?a;WiWOv4>gSCCyc6Y^_@%_W%#>GVlK?@ENfhO%P)5X;3|Jx~6XPdtwb{hT zb1FcxfE}f3tH3<@RVeaj-hh+M>QfS=G^m^kEe7E-dkhN))kcl7r)OyVX zX4oq71bB|RQ3EP(T~`7!dOFQy79-K3^=W z3I5-&*#8c__!26#X^P}fuSJusI`N^hf)|9`cN>dX5Iv4D8f6eW2SIMaQ=fbG6)^gA zNMr7DH--K|toXuJRdQp%*{O?@RR{cAbfMIgcrfl=i-s*}+A;Sa`B_zhqClf`_S0ak z-smrZxEn*k4t3VS_E;i(m<*`8`jw;S+ryX8edSox!C-oH(m%)$;r+u+y+!AQ613I@ z{~}MtA7HdXa$0NUx9L_m1Li2**2(i)AQORmLGtH`h=&fB)1%=tpzPbw&Su98Nub+ooAB`@?nTM`w zw0iPs&t)w?>nyC4e_GP*M7iDJe!Jmr;jEr}a##O?&eEokS^cD^#DEV6g+*(>dk$PQki5jk3EqOIgig*2Jz>wV$507i-(2ggwi4{+^ zuZk`v1~J}46%@rhd1mAwDaz3~BUe$5|Er!#{a-A`^6!$9kW+Z{$=CdyT|>wT0s3ML z#q$j$ym5NNJuz8wg@eo)7P@a7Zi>PtloTGgNbI~(Tj8o`FEuYf;wrcW>GD;Y0f-?` z6BJwf1#5#mAs6O+UoU*{$X93qsK-C>6yQJHz>zanNaaEmWDg}&nTssT$X@-t#sGkT zyqwS9I*#N{+|tUl2h(hKD@BQEiohfW6Z=YqQHgTePBe6r5}p=rk8wr8qj95 zm+m9cFO8sWVP>hOeSX_5Dz0FRZ&asNV=F!2mmTq^4-X{ego@6)0ffMR^V!JvjO^-lglLNe(A zc&>yXTmf=-e!%l2RthdlEygh@0L2J~i~jF1wf7KHWeROQcD8H}Fj{kESl zqf`O-O6wb&gw(aID4I|M(gw7BKi4-xXP^Ym=MxxzZ}W8x{G zwd($(>D$z^8*bZL4ft94`tonKgrrTMm$H-KacfY$o{TGHDNN0pkG3nn$MK3{2A#JQ zj|HEOCJOM!l0DX0He`~POE*x-j{H`W?#y*Fye=bVS7-2)6waS7+4|04>#yrDA`W%U zw%DTOiTA671nr;)LAAHYE2u6ZE8#x?4h?oOhcSf~-eTci$o5|*#OPni$pQM0y?r#L zE6RK^R-E!1e~P}vh1l)%fVxGyPaXp&TsALCLbEg=rJ8JSl?zw-Mj7j3xgEZqjB9M3 z#EH+}{9AN6#xuxF;!34a0`M*}zo=^Y$w+Qo)Jpm|P~+gvccBYhpD?u0`o=82DQxNY z-Cl?u9PS8eTB0?etL#K^z)jhafNbwuoJJlnCnUzp|70bZ`V=Rb zd*xZ5nuI<5NU#Ul)fot3lIG-rBgq68LKE4Jon_2q%PZF73PcmBe`BQ)W%>;j8q5lX z`^|^6@W;+SsSH;^HO_wu)-y}Bq$6_bdLMBSo@$a#&6i?h#(FCOxTZVf*#&L!l5}6U zI~q8qG?i+i-{+#${-(l_XZ``%Ju3paxKyjJhCQt}3K)&pHE%mG$r}f_{ZjtAsK=cF zTc7I|HM=6;vr(8vkXgI|+r%@IsGpXSp2o{>s2Mgks{V*`o<+lxg=-6+o(qZ zGh6xXjTBcMqh=}W;}G;`MDUPAMfj!HlTTavEw%{LE3Rr*oFnOqh@i#Vsu*ZzKrt6Y zhsbj!!49pb!-)E-4omr?M-*rlC%67i(A-!11{~cdMcrK_u22Qh!c(kKwF-O0Mdxz$ z?`$&8y2C||qDn5{tiPJ@!M}61_o_R0(bxoe>1`jwR;*>48$?`>ih4&D#Oj6`;PwTY zHyA{qr#!IwHCtSzLhGeg_Ar;)>90G3^&hXG7qVOieC13!cnuYJc~J3FJ+yci39_pS z=_e*OvpuGh3!luYk2u|R)V5l6D2(jP4?GVnbZ(YdLx)qoui_VDCAWwbIS1tL-amBv zB2{d(cfw$pI+IN86JKi?E_ughQrVmS1WHFI`dMZ@4rMgk{JP!skPED5+^TQtt~KnJ zh*Yx^mlqc65=)m|gS+dU9N_fHNEvAPT<@O0QePgwL?wZPz&$4mP+v)V;PaCqNS?

Q&JzqJ=OC=W;R z#dD+|#YigEzC0hBYw^M=uAQ9EfMKYo6qS*MK}S1s7(zaw7r2vgNLAJ?T4TAxsk)N* zL{>AYf`@aFqpdiU4V|3&jW8A)BUiP!xKXzz5zUIC_6|MnOjBhi2GG%u5Ygv_rXM{z zLgi-No<9rDCzn=s6WwsbTG6Wj0g&-*u&wajSqAnI7`OK2nt&F1G62PpI5GXF8FwQJ zG0So26{m3Y`f~kCL(Cf(dNfh42T@Q#>>rvS`)ogsiOvI_dohmk)lszpS9}cKNIFH! z`}hdL_yp2j_2A}hf418*LYduJCg^UA0$>btcMFj9Dst4cGpzY^kr|N|zyl5r^=1nR zqsUrb(|O3KAWQcIxe)mlOW0R01R{TgJov2mGE}Sw*N}G03-Be>YiO-ehxy*;VBmT& z;u6TRJki$QzRw=r>LWdgtNtW!Cw zZPFk;a?^M_Z&zl-rc-glLGcWqC@A6rs0dNwR~w@bk7#GBLF+jwW+!Eeu;2Ld%kf_^ zz+y2J8G{Z9obNc}1O*ZK?U4}icaMr@O9@<|urC6owv&yXn$4q22RlZ56!s?HUM+E` zcf#;@t;?0ufF#-JxqzzWApNi}$dIORWYSr&24mm|ZfTWa`48_bC_N>@sFHf>dBgMR z2Ln4*SHTP4--nuNGQiO_%7kZxaQ7 z>j5EB5GDcdLbLv6UNCx~DGPdyG@sE!?UcTvq+5PPKzMpB;2vL4Lq;laHsrHq-?>~JbIHlDLIrXaS!OD}+cj_PVhW1AASv-6tmXRm^-CZku!Ah+); zO|M`LdH83yLxc1Sx~ZnoxtZ(z{{Xd{5(|hSm2_ftuja2VN=|fbTJm-+l&@FSC_0Qo z6J77FqYsN;Rt=5mFez(__0^81E_`@f^BmCKsPm+i{sVN}hZrXSU=sgSEY!3)vvbv` za|lh=J((6;Z~?+ChvH5ipR!ucV8(8ISJ)RBSELw8)GWH@0CyVl(ZrS4HVxHj9l7(Ih~dZv59rJ zr2SYvG|>nIB`5s+bm{W^bct?9ix*k|wbsNJ!XYgb_aDG~@Vcg^-()FbBSJ9@sco2r%;OQ1NGpbq@Uwlc8KB&JTZb@8ni_nXjPaQs0Z|e{u)r~yYROi)2a>`UkVxnh!kc)hySEP?6 zg(Ak?k6#tG8N%yyD0QcS$8V9bYb`^o<@Pj2ee<1|sQAf&#+`OH1UdI{p%Dq`kMTlM z=kh-vl2BmDde}(OiQ@<)o$f?FfS0J}efVI~+!-mb9dkv|%@{AU?Zo)We}Mn13EOc} z*x^mj0kC)#^K_Jsk10^{CS~9Z27u{8<0y!AqHQ*d7w$wU1GE_DQU_W=_%q=1 zKal)0xZ$c7^e8*q?|TEZ^#J{u`=41EVA^0{@h(!VSla~m4S7RR7R*lQXv@fO5ay~& z3*9^P{>?BQgbw3wW}25$9r2~p!7E3qX5J7Ba8?UCcYgW_Cq7Vf61RS9Nn|a8`#q4E zu7#-Ye#{0=IkK>DEitGKC9>J|jm;&4z60VXRb$&v9LM0JX6r!u+pA#$rhC6IcfF@q z%bf>20ky2ik@{>PMCjy?D3BFi&OCVr8c%?5waNSPMdZp9A=49Zh#=yDt(jCp#^t@W zn|NsyyR`|!S2bk?yC01nYfcQm#QS1JlgUp_l~;14IyV=DxpRGvcm&2&KQ`C^r`FTN zSh}t<-T3v*$nN1hgKja8dt}sa9q7X^!h#ys2P?MQB-|p%*)V5t=lK6H!#Hdleu1O8 zA_@v%zgUOfy)S4}AR*lrdlF4J;WUwb!sCpxLuqax>%%vx-?aTI*_>GHiBxXSzvhnp zr7ny4=UYq{9<|&DeASpVlm|mQPpUHMLQww%!myejjlpBqqz<^sGMj`Aib>+#ZP6rt z@^N$aVfReziT`Fo`(`1Y-J)Ny;zD|;XX;Uxw%9ZELTF5%mA(=?P6KXB84OIlX6jYc z`!(nZbXb%FP2wHr#!)gYD-!k9bvGR&b>SeenIgb_Ux1&}-E2&hBq~>re5<)ZC`Rr* z_-X+Ur>5UgCTTnTAK=;Z|KE6@zb=%L7b;^6Ti18!h|IeB8HD#Y!ECK=;7F~G*qUsi z##?Ne(dMyT`|zSfqdQ<9FHLfo@bDkAP1(+>F6hMsMYEWMYei&b>OZaAhhA8H?sIoyA40 zRIEwZGzTGxo3@TCVz_W_*?OU`KUpNyB^wW>93PP1_2%zi_J$5KYlfZBZ?(4}KWIok zLhpUh_RtF?+ktIZ8qz>*%ZA7wt^NoL=ZHrs5n`9TV-P5nA_5f7QjP@0Lmm;kX&L-) zGP7)C>fg{(ReOD{pty6Xf!Gg!T&>`vS5s~@IPu(VhQ*(P9>gCX4`YmChk_e-zPc44 zw*LZZTKk;?`qXq;6JhOzVo-*G*9qO<u@SO^omv`k(Ev? z$GP?{YDwPl%1XX^5R~SZ4U@o@!WEHl)pS)_JMsG1!;(e)xmrA4Z9&y;e#z(e{Z#Sy z%^b!b^RM$l&`=9)xPS@|i>y*nyzTg-$q(~g&EmLVzpThZ4u2HX*DI?KCow&^4(+A&YI$2(%+6Kw#u0emK^tjW#-7I;$qU+)u0ndb)u48=#89vH ze0?hr)A4)rF(2s_5bl<7?Y~oW&a9q>7kJiuMGrzc+vydS}8H&N&K=_eVQb?S7|W2h3)yGk-lr7Os*K&lN<5cHBl2OE|sUgT7l+ zPHmH|&(XM#rWIAA`*KmW(>2ff%YOjtf7*vBJMBCx67yqpN$Oe8y9rpSzP^=YglDz3 zwmNqOsv#5@pvQqsZbKa%vUz(o4X#@hrn+4HqN0t~WQ-{5!92X3Efg<$Pr_O4f#_wb zwFyJJfRN0lnB?D`Mtb1ALiJN2@HZK?D53y$q>a`=PYC-tj)WV^f!5Y;6qDW>r`sl+ z6HmaXqoC-xK1*)^P`_fU>3~1P-rm|=4;M*x>1yUr3;XOhYXhFCq8^T$I>HFXh32&? z&P#gjRr+3#q6iWNtA3`+6q;KYifY)ExP8^M)!y?=UK+8$yw>oaP@k?i8aoXEvh`d4 zGU{DCjt>hM%huXsY~wW4oEM)}0nXqNn!QFi4cxIrckY00TJOr`B9C7@BX{U!Yv+L` z?7dzTgiEj~H@4xK3cFNZ_Cb}t?2!yVi0udRryWc`SR)oOP+NSqO4Cg5^Bii^E-XUS-?qFC1wc*U_Vh2&DpLm(w zEo246Y?^MaBzCbT=szNfHEl2{F`-+Vcf3|)$PBYRi>#dG%+z0W8srpv4H=GEdJNZb z8pwLyGuvS=8dE9O^CVt3c6fc}YAeuUw{lA{P)fCL8y7bOMJERpHP4|rTAOEGUNzav zkO42B@>NE!w6tqFv%KTw6nqFGCIlE8%qSWAFc#_UQLrbByz;z?u`blA8VF>V$ZrP# zXNiRRLv@6Fb=scXlF<_RPzlWyLBUmL+@8=(O7a-e_@E|@_WMG{4AN3T{q||ra&Dpx z_U2pFd*tJ2KNqYcIPnmGJ>Na$OWz;c`7YT-D5yVmeN7xX$bzAdFI1~Eyw1AX8WaOQ zz893w4&doxAWjoe8BI#`LfQq&lMl7-2A7^L`8ur5x=>(Jz95mI|U+ja;Ul zO#FFJo;vx$A3K2R?6@N9HQ;tsRYc#|AaWF11OEKY*{;y)$3Aes4<;iFe1ALhK!4*w zjM4lS1ph4iZ6SKv`9@bgV>GOUPc|1?p29ms)daY)ybI@J0ar#=?qqIqQQF2rgQa7S zebX|s%id_=*fcWsxdd=UKt;%Uro9)FN{kjOuu!NAgGX$Dva0J|9*1>6I>2RPu%d-C zuMLf@nJ&jb&3<21gIp9+iK7~bII2jLGNa47!d$Q#Snd_}!VeUdrNNP#a{Lb67%YLL zk|BiK%R?-%eI)CjY%_IA2xpX}wP@dk$j2Blb#KSHBjql)P0b|l^P$XD9F@G0#y}JwV!qd-=pZ|%r>8RYI@B0vI__duBnNA zA=f2Jr>Nym5ZMk1Yrg|5vV-tZoMF2xc~V(Yb}1oK7`490r|aR#$<9;ttZ=8Q6tX=$ z4n>{mbn8khB|p8&Cmo4SrL1NgO~LVXYG__!aK(U_bo-i~hFD7tW3jr|YdB!?Yt zyX*tYtG-$r6c}DYG~7mBru}CIknDGQU@I|MxjAh|+c}c;otcjpmKs9w5EmpeOE(Az zPyr;2cMtqkR}$Uj?@go{_Lr-O;p3}D7*+5r+D+fU4ts1OP20GQ&ivp|;a&EYh_CM4 zN0AbITiP(^;J4miI_7A&`;+pakER#Ufs}Ph>wN=zlFak12QnJ|vb@ z`M-p^)*6Cb7+}D?bDjIQY?~(yAh!~B3-}3*yq*z~fm1Ip&`vs2ujq{YS_FtNvc?ui zO@~l$oE4U_O{lgLRH3He#3!)b1O?}Gxi{jjiqv$L7#Q=lt<2HQX{LMdI8S^UA%CqH zsl`J>Iparm8|GHq=`P|YqP09d^FT}IzkO!+^`6;wPpCD>_Zno=pe|~4XMThEPy|2I znaRsVs&(9xa9|**CRFqxqE0yr{-=d9mF{fgAsa;a`n-Hg0c}9!W;dGq$mDD5_})Nc zu5HOrHbFHst&8Lk*)pu}ifEFy@j^sTz;Aet1jI(`e zW#|o--D2j(i&St$%GiB#0ZX2QAw!n8;&Y;y4Tdbiz8#)n&m{1q4I#p(8Jerj35#Jr zm*fwUezQ~Xu&o|-YaH_x&*LtEOlU^lSKNOy>C%k2y8b$uiq{z zrIDxIVLPr4xQFr4S5{bcmnRXymCa86b|RoA%BIvF$XXktCy-><{Nl8vSLmPh*rn3EKaLSsU*VnyxotO-S0r@@(caH;qsUT zJy?r~ByQXzhjY_zM@R_kIRPO76g@M!UdTTaW>s@JjvW4`w6j057W+H_K)TI5XDUFB zoxytwlyIvS{D}z^E9b!g*2rk^db~*ZkDGP7ht%fYQi3oocmlI6&W&YKWJI8X#iN%f z!eWkme?0}KtblWwa+%Hy@Y*+*I3&S?&s?7OmV^=^><(w7_5QD1uq44~$IMY=O=(?x zoU9$?$^fs_a*V1u%lXEsNXE4AnbP%zNh0tU?y>fO=nJ)*i{~(jt87F5JEiYe|EeP+ z-zSI_xzJ4RcB|bFlD&@r`XY8Tu48#QW>b;Ki-9xdQRC_%!Y$7Q{Mq>|6knk11#JGo ziR(XrHMe}@UduS|WaaW%ogQsai=MM45U1l9EK=RTAm_k@@O`1AQrWhV5Yc^thLPEB z0%n7EaiDrQsW)r}a+DMEOqHpJQ(M}#8Mj|aB}NeN~|sHV)rI)$M|XeJ4g(*MPl_xPATz@!B6f_hw_^US9?I&kgi=+H4| zzSbZ=1aNPGN(_hkNJO0#3{l{i|6T|!JyUJ9f}}B3p`_qTbLyu05u$B2U(7GCX29nD+UiN+98w|VVXn0l@Z)Df zRK-K+6%H)cyu2!oeCG-w9YRu_myynrD^)ky2}5s8RM-!pd!*niVq z-8~>yB$(JLrfI(u`8jmZ8~PKvvJG1=`GF2gn)>>8mk+)09((&p*;_p4Y#Bck8coB( zlcBaPY6v$mfhdq2(F)-250m29bR}8If@>MaYBGz70ONJ8jK3z|{5UCNx6=DWVkJL0 zm8L0oBZB~2Oagqs@*AXhLQnVub;vKuR|joFP<5^{ld8P#U@?PH&XtNjW|!^Vcejn; zlKDgClTTIClr0NqS#x{*-loS#IieF(x`}`aE96cTDw$Su=`BOZ2ZtyHmFYit+7{w) z9t2xl&ihfy3Z!gJi=w&K+Iy6j%U=ZmhMdz{N&=GTBshVEWH)J&;t|@$=A?yipX8V# z0n-X2F8j&!?<d(H31W(>q}Lr9qQXhpZL|$P{1{-e3fc+AlVyD1k({c)-Z9+&7vAn&?5lTE3zwQM&;<0%fth^9% zuFySi`WN#|wH%KB41Q1IqZx0Vgsc1l)8}1^CK6@VQA5V?XAZC%xcLyd2rZ$7f5~lt zMI6pZ;`9C9#EG5T1^Fv=%=>C&l|?u-eS1gHXvd>*gi@55hQ4Q54z{bX;GBPt1NZF@ zu6%1K4&(~Ypc~p&0in_u{$osnNEt$)Lnw1}fCfsOe#33HLI2zTaz*EA`1pG{Q|}q& zXIf#}aZYCHH_QdYIi>|RNA0c`+YEa_r|t<`n^3{Y)zi&&spG+mAW(RO=x5%uG!Yo$m8Li!cKj9ge>AZ3+Hx z*exQ;zs-IG@cvQr38C6`bLr7(r*q>#vk!CvgIknr&snuLl7oL*w@&%&sI-K zS_r)IpZZ>1h~A2Ia_j&JtW#M$vFniXiaiqwM`zTs`>BfktQz)(3lta{YS3-@lrs}s z=dcYdmbd~EQqt4tW)Z^Lq*qNHgSH7!xcxN^bI%SV{yQXJC1s8?Hgt<{IJ#caDkZts z_}C?`dWl{iBEeP#!E{~@dT&#k_Pd-;Q&3B}eNEw80l>P%y8DnMBEC{xzcjkT~ zGv^xG*B(>+99ruqisU_fDVV2sX`bb%e7;4Rq_?zPVl83_%OyB&VNju}FkTq*58r@I zJ51ex7&CHDZaGt}RwC%KKK+f6SQKJdgw9Kh%?2gWNAsnKwSvaHl2B(c2Ks~=`$*#| zWiB+~H{$+LJLOJ}#@wmQ$21{r`_c*rRO1!9dQvo%Y=HG@A83vezHln%@6f4@RY1US z?l;%PX_1}AQna^Z`yJwV&em}(8y~1y%PbC>u$s_bUpaZWL+iHgT4YPuuro2<#EFUQGi$_?CZt`bi3Rp-YOH6_#3eI1 z4Mf6ney!*RUTp1AlAZL@$dj${e0CIJRbnjRlx4@q1I*YM z!>-LFtI$FYpKN?&{Nly7`Z;$B2Z|CPsX7p{FZxgnccIU3CD!;VY-MT zlda;vS5ch|BZ!Z|R{{=iDQtG0ZASRe$hX|s22x)(E09^2Y@*uwBAM0Jn?F_JU7H<( zVjP`ddV052Ha~=8zVL<$-{W8c0hK4Uf zk&femJXE?kEclfnzelpCbfo1?I;k5t%RUdm9+XH(z*Xcc17R|uRYnG$HRkDaSw)e1_6)=tRyeRn4!*AHr`4da?8Z zRb)k+PC(;fD!8~1pw&bAPVL>fsNz-ght-&-$y+Wp?&;Nynk{>4F60Ozv*pyW$Tkla z%3Op^fD*7m_MC3p{zbM<%W==cg@kUJzEZsz9d;8{3;h{mWn_^0BqSjubz9j9dZXrc z_`jgZe3(Sv&?w3g_AT)j|66@HcGQHxE9{{;jrt`goo^yn^w-Yv5=6-TVdBtLl7MfN z_{ML2bVUy6gXRuD`*o~XSf4McB^;OByCl;sGC$)%Eq(4*IO9m$3e_aKG9echWAi%Pgfo?=y%!MM1Kv2X=T^iAd7vq@4Baghu! zqcoI8j|gBEl<8-!~BEMZ|tkeS45|CRLC~Z+v zFj-egO*HyxVFQ4W}lTxG)DaeW~2B0OBvgM?wX{7%h@O2nq$@|o% zB|EPFMT6{u1;m)M(()deM4k{%4H{=eR8`0wrar+*O0-_!CXLtT?!SgvdLyZ>`kE9I zMLyhqr<^xxG+(3l8#O-|JX}CryK3?{rCa)d54Trl4f8n}z;GI%;xZDDcHj~EJ+gbn zaRUmr+{~Ab%`Fqlj9>mKa6@nGN5AteVMDj8hWlCAI!KL*+V&w*&imE#(QNxkBj;+! zChB&3!X)DPPr7)rWJb$}?3G3}4!!SPbCJNM;ar~hipN)aSa3+$>PY8iefE9wiKzpd zq}i()HoBe!r64@FI{3K%AAmm8ImdYFk*L$_P^3lzm*-B*k5q!&;%X<`>Q?`DGE2^- zru>~62n;RLE9jC3wU^tH-pR&DScq*jssRH>8txEQES3BAw=9D*$JPkW-tK~6jqxXz z8Wa5wu6h5he*jd7$CuThGv19F4w`ZR?{i_ux4$L7 z@xD4r{{OEnOQ~V_QJ6=J1QLHS4uQ+#AnV+BC<=#C$kN3ldsT#0l$mxzQ~&x#ox|>1 z?q)o=Wb;k0FO^eEPN+{`zEE`7`d-5mO()q!v*-mPRWNM6$$vN%aL1vt72>Hsme+s0 zIwQf3dp+j+zpPp2@Np?3f6zSD?6Wl;_xY(XH`%Z_d9ju9!;Cc~H|S)}eVj}{?RWq) zJLNgz4UxGAN(tBuXJIpbhxHD)J#8yDwK(m1FxoEFY0{QR#$C3sPc|DuBQbE=6&E#a zX8537!@mK#_{0-^`|{nGM?5V1@-D+f|B61-2GkF1b6;E0Sw(fz&GY7sx-7WkH0X6= zc`UM#^YfYRFz0^u_&;o(6?9xKE|%Fmj0^McShOyj6-GkOr}B)cgOySa!R^i$MAWK2 zbLY!U1C*AGA>xlweZ1=ZgZrOK{BF343B$Rt!Pb%R{{6P5+sl1C(^D!Gg0Ul{24)`Q zm)fY=KuTwQovG_1g$NC*pQ-Io=M8L*IN0jO+Qcr#`(ai|q;rM%C1tDa{%-zJbF0HM zH0J()ExkuNt9Dizf0vy>gq5bwgq`rcIM2^xPR~^3!Pc@> zt)F9C5Wm0hjn+11s%6>-yUF_>K=eg{)v=}){TB&Tsnzv4>)|iD$z8=)Gc)l6LLh5$ zy(|Y`G8R3q+gq39#)vKcyO;DfW3YM6WIHc9hkV87MXA5VNu({S;rAB3Ov*)x)6Rdc z^!c(R?)U0;YqZ$x=EfbeRJ=8!7_m~SW2LTn6n-aav$4(tj-&cb=Pe_={or%7Z9H** z0XV8?XM8#ChIymOavEIzEhP|-(V8E#5_)WtB3p_WLr_HQowv~6?_|xH5o>M2 z5}w9k^g3r}EW!cSpM52)j&9z#l;7X#=~arD0xtB4)C@nLWu*;zVXV)sfmrR7wzv8D zR}`VyGnFv*(pkIC>aJXE;ZC*>(>585#99Ox9@-&$*sR4UsD}HvXNV&dfqwvD|5;^b z?FxI5x0J38LvQGHujYPqZoT@M%{W4VA`#s*kj%mH=?JVQRg*^!uW&f0$6pM+f6TWn z^B=U@aA9#5l3swB5PJ#yk!y=73viY*BT3xoFiyAIZn%CAI5ZkH#I#4tX)Kh!v=dR< zYl@mNsRc=kFv(gQjSfSopWhIK=Wx0xHXLhl5D@RHL3=_C$`yzcK~CB!jqEZih$4VD zV?aC*DlsmTjJqzBvYy@pcAId0tlTAZ?f`>rtWViSV9jvD;XWdD$dk>c0%U!8Y&wId%4t$MlDL=aZU8DeQ|wfSXu$2AdlAUbn-oB4;?x4}lLd@2} zZK?wr`NdK+~RI@NGGl{9Z3ZgQl+J-VIRvjRNu|cD*;!@YD0gB zxe6E1FU!!B~GCWj_I`MgxkUB%5;U2l&4QkiAQBLPtqXcN6BY~P-ECmKyl}UQ1|4{ z*w8I{e~_Y^7I0jOZP6k4XClV?_6@dG<(o_R`aIllpm9+gG7a z62^VaHmX;ijb=vB^~JCsCxPlr*7?STPQi4c8u$5oCF#gs?o$Ixd6I#n|NRQ_;V*^! z^-#^O2tty2Q8<-O}VHs+U)Oy|85cZx1SL|#~)i5s@}Z(N9^8pNbwUn}^Up(Ju~ z(enme2*=qh2yUjI9MCDS)37s+FBC;OKx>#Ep=L=FZwn^>JpHO*Su9yL3dR(kVhZTD-Z(xs)Uo-O`AXv`SiA-p1?dTJl!gVYrFYVb zfNjkL(ppD_<^q}%%=(#DXw6EdN$$=Hd=D?#7|!}`8?liI-Sv(yf07?H2bf_Zu?Gj> z9HME#f6UA47^K1Mjho*i>JX8L^b0#DqF(G1{@&3WUoyV^Y}1ZMa^7@iE(@-(ePQj% zE&IM1Is^1B;hePZ#K>Z)eRhcZi@(4uuNY*V_~hgCux(>NC8u=N)qgrKSrlI@GB02k%Hc^GL^R}f%YK1FLg zYzVb->Fs0W6he3r{~XjYB$2hgQH7F(wkYKf(RGk~!#!Q7Xz zW80=AUhEmj%MLsKE+wFV!*p{^yTI$9VrY{UgUS`#RV^sf?_%^jARxdXf4_ zi0AJz3g@Ioi#L1|A`A%m2Tl0*v%2%AYjJ$Wgvmyt`3pI7SNH)lVw~dWW7c-!pyS*! zndO!F8lUxSl6!A^GxLeXpqJbwSxuA zkv6n~;bFu|5uwiOX)c^zoZcj4ZO~MXtoMxs1E*&bk%qXlLkOp!p!Z4SMzmh3ZL#*p zD%dkdSOy_UA;}tdx!(Dv%++Ut2wmopt06%f+EU2DtwpiQT`jmxMqqMnLfQpMXC<{4mvBv{b-X6SCh(nZ|{u|d5)=}(I!+G1y5c6!d zZ4oDneaB_wN{>#q-wP@=PvTDw$^Fh@U2wFGm1}kC6|R3qzl};UYiQ+JL9#R3qJ_2BO6zWI{rDs%=C%(cG}5HjEL;*Fn=ofSQq(iIeF&^zmuNc*_L&Q)Q)ogK z-+%BuxT5aA&9-W7uNRu~)tQ_)yK4R;E3D;uWWVypY8-fafron@Bpd@n znh4X{H*1~(0S`+h(mvAC%Nm>L;1pdhzvOw0Nv;MRuw?rZs49xD2fdMYXrqzEYp=XHP40r1Hf>HfqXCNeeVhXFLPNiWx!Ox7}*$jOYx>m3FXYIP?9te zY4zu?FKAPPY9c1|qz#&kZKA8PM zMqGHaiA&JC{IYk~%}`O@DMlcJQVDaySA=+3YPY37Kpe(Y5+J9(UW#a7Y1GYG$EP}s>Bu1W zFjnMQ7VTd4?78-LJ`2bq8{?skZZ-tjQM_UP4u!%a7;r_4%p^KuH|+v)ve7)vI*rz| zD3Z9^BJ{mokw~IKI{UQuvRMq0ZL*U|aUIw15!!gq2L%%SIwxjm*bWyE3!ysp#<}XY zgPqP|&Zl26HBP2%OZ=Jn)yQ|thWJ8R1d)q`IoSU&BC|mlFG;;{$Cg)O$mAAs7z>R;?G1#SdYpd% zI{i8KfqSpyzdEn&hRvouEpZ*~_2=lE`(xh0QB3p{+wKR z<#^*Z2`l)LeDx#vu!9WP78PsNqB0(8!4V$s0SSZ~2W}+eC#s9P*NHqvo^mv>m0JtXS zUr}uT#de?lJ*??}QSilh0yaTvok%eaAo;~rR`=FZJ%49z9;}$dbPWb^nlYT39uT|{ zK+PV6iHxf!F(CWJxO@avtC~v_RwPxglVL<$o}hy0S~n^ck-aL?)7o}}t;8Ox2E2x~(W!3k@PdMVtPqKIQ-?eP_ZvX#$w{Hz4cA5@Q93_T6L?Zl z$2e}xs2Pk(PsoB`3iDWA@r4Rzxkh+iOOuqcdDiS^cdbrm?t88=iZx1x!5jo+@_Ch^ znx1?rHD=BnWmm;lB*GU_qZEsXQMw9|cjGZo(sWoerL~7)cL-yLkT{i9MUlDQs8cfn z#bl)U58sO++8|*i1m0LgTNf*O@4h66h@iHt^@(Yy9x-+Bru@Npso%)FE;8*<_-!l( z-?BNvDQ5X}?xp^KA_&5<8I4Kc5^6Gv!4j>c+Ls?9`3e|v7=ULqbYJd2EUxz>EJPa3 zIG_NrG@iz(qsZhr;!~{6`L{1%2_vRbV4t=H2rna;r{N^TSSyx_Xw!Csm2DhPc?cvh zNMj8@NmK5H6_6NINhhA@?e zR^0BxcHE=>`J2Qp;Ylj%GB>^*yd?2&0wIwba_4prX+Ih|oWJdS0ZvfGk!c2_ls@{I zf*7`XtP(jDQWjgrWK63s(8kGgFElddbDh`8Bse(uHRimnRHkVoza4!aM3;fp;&xmV zA#B)%2*L)5ASy11J554fEH3p;uV6u1CjenJ)!l$YhriL-6SkYLlq&oY+yUgh&e(Yd z&nT4pY_$5Nh)F0`RbQ>xRl8k#fMWr8c@=wJ{mB`(p_p%Zw|Nf%x&AV8HL77Y(em16 zgG~_jzDe$SAeQ>JAs4Cu@3e!99RC3~oF+2N`!qlP<{WFx+Hb_9( zU{aX58FFz#tZsV=2Yusg5`RL(;*UsT{9o)CufJGjr)5=xnE8aVU+0X+GyDY1$cd&7 zn}!6w{q-T0K|nRwoBD6=k<7JGg~b}}OMu&7jHK}z4(?8`&bcGT>c`UKmyBWthx_nr zt08jNjn7;mSB^BsZ?V^I!q1Wx@7E!gdaMU!rSX)6_itJwfjM+Z^%bImWJ3_^&~xky z&?AJP-fODnGq@^e84A2yV92n#NEcRN>ThhhWtJ=3YWYZExP(+BrmHvy!L+s?gXyyj zYR{k`l$KQ@PFOuPm;X0{aohd902XzQs%2pgJJj~xpJb`2y z^;cE^-b10+W9b116}-v%8hXj_3%E_Mf{4{3NheUze?6!yL)cjy(ZiKGM}6nG3!y&E zj~S1zR@rux;tB$Upt#j=mv8cT)V)u@`{_oM4AQ~7dl{T2f6=v$zdC;4sn9h1%5AgG zUnW`>Gt?F#F-y*Gcq@yvzIQ}z;v79ud1*%`38Qa#0jP{YEM>P*_6EARpz4%fLa0^> zX#4ivYhv9q-0|E-tgiTdHXi%Ml3Hs0%KUSb{S6FLHKRFaD_m~>rvAU)6{j_79enO| zwaV1xU#QPjIXkAP+ZMFhxOA+EtQ(i#3jU?v7(DUQg*i;06UzWw=UPs)#YL)% z;%fben5HSyiOekD<`{3@#X|;F>9V-H|T25TpUH3_A{dl zh58W2w}Ukt^BM$N-_!oO6si!>pfP8t%Sa(aP0`EI$6=o&p}D00!5ul&;#@eTvpjH> zhQMlVbQYRdq?C=jZ;&_(UCsRLFAb7CfdQUwWSdkQCvDJFiDWWLeL+EK7a*?JeQrq$uwo^1F;FTM9!iV9o~=U0P*QY&6nBYp99Tte#@tVTv_KKp;;*;)zqYECPwh3UWz5qD``smvEV`%u9xDE#a zaGqL@rv^o)^FSYJGZHXCEUL8sMr2OA=xAQ~Nf}wJQJnCYmrrPX%y`zeIQ?!H4_ri$ zFfV1mu~yv&TU`o@rcb$GNA*Z2^z7!yy9KP&hBHYbzvTFimNd?($Q0Y$pnLZtqU z<`UJeFHFMqggdK-7xfDj&%$hFz6MENne6m#=vR|&Imvt^f`2cJQhvvtL|ilE~X8XJ|Cb#B-T)~Xz*eg}ik$xZ+NYM8kg(SI4fVYCst zFjdNja5O}Xh>MU@r;auqW%pD9BRKz z58LD65#v@1iY<-8?2~jnXZ}4nZjb*L;mbVw7vUq5{$GR-<)P%r10r5ND*p+=VChk@7Z9jT-J`uTKFC9neK1Y7(^n3(0&kA;7dGnzz zT97&=j2H>)o%-_T?8n-~F=TMB8zg~N)|o|P8xG(+-4}`Q3kBaObNBmB)vF+}PdQF| zj2dIW3O4*v_yV)zTsx)4#iVA!?_n(j>|4sI2~htpCt#)3m1sBa6_b)R0IFm&JzXI= zbi@nKH)cJmgN}GhPol`Jh+&MI9+kH5CBT#bXT2!fy&tx5+rHDoD_O=*>b_NfmDq5i zMpv^OSS|cP-Q_9rHzY6@^gYIpPT~^yvs>p{YrAezkqoT1zCIMEe%%aiW01bl! z^%m_CY&*)Z@lq`X)tV3sOJB3WHe(BH(jd-yyj} zTfXrn;i^R06~j_kV@2(uagTQi{q`HPhu7C&Ko+nia}XP)WN;Zk7wSy2k*LeM-a`ZA zw}S-OId#Fy=gMQ&lc>(`lPNHx)mI%FMdxlMNteZx8K<6a0_J?kC_=Q}3FpGna@_oP zToQZopipK6>t_Qs45yEy#G$_@eNJol(8TA&G^zLCdytn%aw#cN*O*XP-kS66qz|5~ zh^@Z=WB4kjklslNp?jQPqwXa|{t@|_r1rGU7nr}`hnuF7~6_;nKNW_;l>AxNuM-q^v7Brt$f{uhOnb2=T zhf5kgSmz_9R#BD`_Yi4E@wXp-yf2LUFfc{X8}3w@f2X#dH7LB1P`UMq%WH~)$0Wwh zM83PKy>yIN?zkInB&;PH+I!O2AK#D ziC)+rK> zMd;}D?XjR{7@*XB71A~ryvXJ1P99ifi^HLZbq z&B5Yjy-jZAR^;j!PL`%si2}f~Ejg6?;eDdo9J|$v8la*W!^K<LoarhVYaJ1N1eCJ z0NtP-At$bw85#hZ$c(Q^D2(wQU0Q|mzsQjjjHn&MzZdNfoQ7W_Lb+lKq>#t3`WKUf zjnqMeioLF%^S%BENCyI$xW#)yKbbN>LgFJ8g#VKcrxWlEM-3*7c`9P0CR zC=J+$;}zS6nlb!i5=#><7uwx-OwkxYoiST|($XN?3v-q-rC>}H8@;0GddB^lA4M|v z?=rsD9|tK%e@`cmKr)*)fY;(A%D=-EkGQ?hrR-~M-KGp3*ELue&l%w{hm?j5enLmal8JNeNc$^q#P=)=D zB)Dhgz#!|SkvyI31*Y_Q$s{9nyKsq8!2W!BYs_x%nWpYaw)!hGxo}^c*>`jT(D^xSL? zl~SRS)==-4?zs)>{Epd;zCiC>ujwoa9SL&BiA9jnnQEPORJPizDQA-`5@CJQuuFaP zAEeLVg$p0?@Ln>@6haD-Epxu%J)dULqW; zm;;OcnS;2a-3P4l0ffwicmoL|l$t7CVM`S{w>1sJcaj{{?mT<%&ITao#V}$PS*Pj` zV=Xbvg~GWT0{PhTrp4`EcCFuij_c3n&5qgV`KvTVG@Wy2%HnDDf4UC(lR5Jv6zg}j zVvkJ5+Z{Q`oO5g|N8n^1LROkYBWFA~OFQ$ew9>7_Rjay@q=MauM|;qsyOT4E-bq1r z1BO(}c7rkp&aazF}nHk{q2f8o` zoV33>7;PptjG$_1UEE?YQiYXA)gQF4%Rj$w-qLDNe!>3-aO3))??K^7B)5LaiKh9} z-TTC|(NNlmyjr$95v@LC#VS`t%lo!T`z1+-Sv}Jw61ub2ZvMQiBQ`4$sL-LA#8nI0 z`j;RzCcZr)-=-Zfn@(`|Y$(6cGC?LuhuYB(F`+{W=b7UQP(6@5Mnt|vz_IGAyV`aiav1>hI zIrBbbT%HQ`c?%}C2br6!(5DexopB^i5O*D>UBcTUGx{mT*vQijbkq#DkkAmjF^sA` z)eq1<+Wk%pDE@t46Ch^lKue_ZH!u1hz-wF78UtmAfNq6Ki;rAco+uAimu|62M>`ZT zrIQ}y=B;B}#A;+I8kv{39M7CcNV0zLhAW2-LEf^3I=j6d-TXCJu+5-}!?WZIn1FNt z{MoI|*#XpdK9hCUFIDC+nL112EjQjhkV zg#msC?FENBI+ee;jYkP#Omj^+=;xFE98{gWbHOf#X6wt=Q0ps{NX6=7V2 zL^RoT=nhviUjnpSz&#~#aEo;LQG9*c!!v?#d=6w!t#s>6&VD#=0B_cvv{@;|6daL{bDV3+wv@0!}5{YIB; z0dIsAS3VLLYjhX(9Iyh;P)amU==>LfSJY2)$-qo*Fp7fA?DT zQ8EhF`aAlHgxwQ++Ae@#6mZfaR8;qOeca&V0HP5>l&pTJuP!tt#dyJYlHu_@bJS*v zT73JIikU3AT@t)PDfl?=2}f^KL(L7-#*J5+7ni%~dtSSbcC1(-Xb~5#f+AP4KfH!W zo6c)2YGM83&xvIBf2a&DSDs})kX1sgLsM%a8&oo}t!iUx@@4L^CiNokwngN;G@qY{ zav<4sYn@EqexKYtjK;(cb?lBtY^rv}ysksg!bF2#@tJx)I~-K8t_Oe55f%Te`*o z=0J%%Uwh$;d;Ak*@LDKm{YtO?cxSd0db>&t!XwkZwsQ&_{7mTgu;xu7gfZ%t@-r3_ zoQ%oIx4K=;%XBSU?Lx(COlU6kvtqUaz?L(M4NNn)eb#{KOYZHX+tARs@F_kEOQZHS zZ8zqkK?;T{Eh4n6pp+x+JHo_Gke6ddGAW60dq3Hw4#PUb%v_gLaS^5uX z-LHKY&hQ6@!S-4dvojtyWy>MgT&>(n44C-9W*4*Fz-5x|5lH|uW zvV+xG!yz_%o90?&hju#=B%%C^{2#BAxD5Fl@T!P{+U;FYg8qz#+l7EQz)*F6uTZlO z!;>evi5jj1>%R@~5yZr&5GLf{4M)IU!e$pL<24yF-$VM5ths*8N9zBCR8wSbCu~?* z64BkNW7Ed8I&CSyW0aj))8;a8#qi01$>%s^HuZ%4k}&f(c8#d^dd1WmE~RdN7(BGa z$~~`7$QboTmHPG;Q{(BXyQx%u&d|6jWL)xX^xy|(>ZzYU3b)mBo3?Y&6De8-iJhgjatMe`lbdN|)d!BW3dPS@pcu=`t|L*2 zQ#4^ed^$eH^GOlfk!%a{=Kye}g@fyvjS7&G;kSh6d*UtQ z55HnX=u%3Q#E+5J6hpG9gLx7(SB>dbe}~J?ILqaY&mi;X|2p3$T78)R^0y+mUTM1E zg$1B2-$si7xgcQ?O2o4AWrNxyJY_N zZKsm8GrAhWMek8{0(^EN)>ac#=lf|d!ht`sG$;DizWZ|i8#DmXIiV@HhnU{=Aq$iZ z>(~b@m!Tg~G4J>|xi0|-Hj?TNso@Dp@zh>OW82#_gZmFEiH4Ani-bhp<0@_HRW|`G ztisDXLk+WbW)u_W#H$bf=8Xc#q|-mn%H(-LqV!cq<(*2#IRZJ@6S!4HH7twuJ1H^0 zYfY-=sF<&I8Vf2#Ug&$QRIqXZTn{%yulvi5J>mz`yN!LLTTc%c=<9cKmT#)6N1jKHd*8-&1c1`Ro6u9D;|I+Q zKRrx`@(G}KtYnaNzefxXElX$}%GgBl7l9^&fH^)i0O}68OQYBa4zvi@%1#pJ@9@ZU zOM6ilOqk=hSiqJq#G3LMyVdmktfG|^CU!*iUK6ei?t`+=T(fCKNuRd4!L*;wV>V1P zy3?{ENjP7+WLlSGeIiKU4Ynn`2FAi7p&kra0{mCHTO9Aie*3k`w9YnCB~|b~!)mR% zDkFK-FA^9ntwdfO@zUSWj6HdYZ{Om#d1bbNoYhtkyxo#smnF_A37!KaU@AqzV5;}m zKuhkW9LkJN*dTpT{RbgfRb1ty*{J*>ALw0q6q{p0;nT8XYLNQnh>~DaqRs)%y4oR> zs>zs$NjWSu&2wKw2qqMw?h|V^M_d*0X-;WUg$>7>ror!cb+|Zc$#oVkbGOG$HD4celw8Q#0E$ z+KHIh+azZ}#;SrkH~#=S|BJgyr4os9FN~h9t;#AL(}X3=yvQ1L^R8NA!5jsVl9i6G z?IoRP(#4-7vG^xRET?n}`8N)rOseiQWwWd-UZSU{P zAoW78Ysz0rHN0`{Dn5~)iSKQHOcvOm^5^~>Jf-+eoP$h)9cOQqZz+7t2L6>gYFIxm zLEe<6)Y*S3U@Yb|6?~?->k^%Bz3kbu_WtJ^=z<88u+-!!p3#I0Eb4XBmII$)Y4-0u zFhXaVZi*AD2|~)k0dw8F29Eu)NAWYeaRf!V;63!EwyF=0S1LG#F(nIKh0R4SWf9Xk zhn^m?AZ+ONVTKE>y#!q3&&wSTW75ES0+inN1_z}@6;T3-irS>UdBOtRzQ@(n6>mfM zofosdTJpWCvC_Fp1RL=6{?f-7f&CMV_92-33x-w751j*pNk8-LMrgY=Bl>>+v|icR z^)RjI3ASus4_d>l)2-eKn$%NwAXWXFS%7tvS;tipzYp2V(Xum7`!uRUggcQUZl zl0#)8v+?C?Qjun%QlgcWz%EvlId2?I00ccr;V`qGb8Mmqnb8At zS}j6LC1m_wykDUUpzu+^$ktTn#}Acw*YaIY4|sZVl#qt809a~adG-G8q_yI+6m7(+ zo;UX#FNBiLVHZS=xw1&wPMYcvf)PJpO&}=^E+sALUX|_<6By4fPZ^o=MIP6R^d$;Z zQgIio55Xz4SbfNuPxD|-bIr=5sTH8*PKQQbL$A6Fr#MYMS5#fJT_C*;R(*iOX#e$b z_g`QP0L_X_l(z+mjn-nh6JOi?<$YLtR`0WtKyERQws6P6G=Ue@FL_K0VQf*hy}YBf zT$k*Q=B1m)g=z_QRER5JjD_fP&}4j})@+u6Ad+26cUQd9)HARd~b8wHVZ`<|6 zw%MRbCbrSoHYaLq+qRu16WeBE+qTU{ZJ(X@J-+ALd;bTsjy1nov+n!6&a0=k>sH`4 z9u^Hwdc~DSF<`s_@tk%!Uafw}!2ZJC1RAhW03^KCzfVfuXJe$}P#Zb%T>mw>A!OZ;wv|KSjf+ zgXfsch>9SWkQtg3etabeswmR6F3~*RKNi2>E5jzauH9W3EwXjfnJ~kcD!6tFM7hC2 zl?5!i$Ck($mLK@=HihwA9~Ec~2W zExbqUpK-|w(ImS&_93>?aK+^lv4d9DlaPcl_=SrU>exRjdo3o$gcPG2$KU8BT*$2F zDpg@8V4(AVV!daCwi(d}%7{ASyf+VvhVX|SCC>rtp?E%S%K-h!t0w8Y{4Em|nN)@c z&mi2&3aeN0gN{d7~Ci4WL-%lhaUN7qsH-=HDUWH{?O7r@sz*IBe zuqB!a)^|CqNaMvBq^tM71C)nxr>BLz?Pp$|^lvq3iW#sVRlW(u`lHsPB#bAsh#szG z+&9GVgW?Tb-{T_K6?;_X)xHw2YDo~NF$_~*%HN#c-W}%THB{i2NXSGfHE$U<2snvq z-AK=0rr^n{+Fr{eC<(bwX`fBFHwmb>Qdl(F+Y+~vyvC_GZhwT$Peju(ufS>mdx(u% zj&~?!g=`Sp)NdxJ_E4@X#+0T3!B;tRq-{HP^-DT>?{(aWC}akJGL0p(8{Brx?xsB) z5zKW&-)JML@xu1bb7u0uqWa5u{QAPZ^Zodb8fD6pQXpXHkvN>gErZI!A^PX`^OW^{ zg*n-trP%`@D_FW3=Z6c?vzJPd55aKX_qyTM_dc1j8i*Gl4-LqnM$Uxlh2i(KglYb` zGO5jg*B5HdPW1j|ugeoSpO{2asYT3i__h8OZxSlR-kGonn0s~?6a~x-j~Y*u%4!^i zH|X&e477k%xaJ}^T3ogZ2S>~XyV}NHan+?UZY`MhC@Qm~Qz3X|q^i1S>|dclOA7k* z#Ii8v-DlAlHPbPFf)5xFV?QwlJz##rRpe%}PZqYZW)3lSoSyx*e{Cz5F>i9BlP;>Vj zEYQit(KOiSc#cmH3en(63&nCkcDa-!<}pAhJ!x2N;r$HH7pX#Cn_&3#6g zQ&@#t%Rke(WMMLf_)AuDy5@plqr@#DM%J`vejJ zsfe!jY*}t3jS@|riwTD1=>BZI4tKbO^J>D3op|#)Q~bdY!}T-?h&W0Rwbi1K2U1fb zr`pk^KF;rxFco0^Sz!5&Zd!HmB`Hu`#Bz}?!0{a5q&O~mss>d%VVE2z>QthtmV$>h zw}svbF*!rk>Yg#IVO__~UGp6oWtZV{n2o2F+>@>Go8}W6Y58Lr=DDg3* z6;hve=$OclEWBE|aw)m68aEX&ZEys{nbE=fnYxP@O@Gg}_*cWTjl!Rr zF<5paAXk=`wYWKt^yWYlb=tLbrTuH1sC>r)U|x6gz{@f#bJiBV*Y;^tj234&Qh|In>_tJ&rIj3CKgO%jCQ2=|b@ur9zu zRwz{Pw>CR{f!~MR7gr3asYuMzdj2n8r9X_*dZh~K80wucenKIOh&Fmj71ph`xH_%$ z96oyJR3f#K>wyaT_+rHjRP<2u|A77tHlTd+>)&6#SLO(W+sq&`;6C!u`~{NQ4H}-B z5iK2yx#?Dtbp#U`ZHU+G79(lH*|q)`U*B%$^RTv@^Y{;rr-}V(19R zb**EeZ@r#$!_2QxR7FGm%dZE;F7y?UJ&kE;kNg3sEZC!}wCHq#994$NWP=j42QF0O z-+6yU+kGL6vGkAf5);wp@$NcNjY4q>Owsa=@wYR$_l7#{cUlwbxgovB`FTm_=qg7M z2Y0sAeDB5*nIEPru=G^HjBh{UT_IPZr8xktF}KHUUw1YMPhi8a@QZthBDp)5cC~)W z8&)`m(01&HDMUwx>VuWm4&Ng9l}#I&bpBMYov~ThOvPcfUS&7e?^PSbgB~-Ixhw+U z%gJCS1=epB7Xwu0^hUJf4{#>*JBdxmqyXf{mHdbK79T)mUn=;+90D7?Y5m5X%+&8g zT~_W+S>=*vA46kDbBi&h6Is%*6LE_>P!t2A{jEHz((7RH~>)p8%mD(RYB+Yf>kr0RrVXdpA?wYSa;s!95{KAWTwx>C_^8Kw^J@ix=L zA2<1|4p1fx^~A325w*D&2DU{4D+imR+(DxGhQatPBnC7z+O-XAX&gJT&<-Ysy`(a8aH?arFVDRL3@_Ni#TBw2A0 z`p#%&7$6P3cI3F5Ny;sHyC5|;Kn}Heb3F2*unBj4de13VIW53gLY}ckj4?~sC=gCa zlo`F#q8!Gc@zEre>NC#9qA?A7&R?wy^$mB9qR0lMIvNj7!QF`C1pt_s82Xd1BD`jp ztJ=zngjNN@?}S4O;*I0Kr6+X}F&G zrB#a`JDO$!3lhsq?6ySJYy>TVvQLM)=x2D_9>}E-#_`C!)IT3<-{lUM<%HB4OVFlR z&$JQ7*g0UF=@=y9$69Kl&S7k&5D@?;&}xfx{-dWzV}plz=XV*mnN3*e?S|EB%&{vu zX}Zgv-s;*mQ|Sn~%yXu)bg^fEh!C>0{rGtuDm-)nQ58zI$KG=wei*2Y+asiG=)@dC zUTrY;RTXH-YUdx}E6l4MxZK+JQsb#(X|B$hilMUJ|9M?>`>&;;-k+_W`J89p*O_3dwuD+~6xYBqF z+YNocp7;rJ2OOaYX0rf8piny!#jY;aBd^p_*n#URF7HWT{77okd8&*P;WY*d5hB}5Mcct&3TK6vzUdE?lqxu_KN^v0WI^L!)ZMW2-6|QqI zKfx*ur9!yPxSv5Kx@1Q^oDD4wZ7(YSR@n{(GiPokf38kByTnUX3*b_q{3j4}&u$8d2S z9oGVsk#XIQKkx_-d%ZzI)TCylBVVjpy;f&p@GFp5b_N*Ns$=ay!C$|Q3p-G6@CgI1 zV!z0d6yZDzPCbR#i2wY3xun4|;ZR=87o-mQA}BX@6<=WARXsWHXvtXsC!~B>SYTI6 zV&NUhHY}Q`ZPGUU>Q@CNc8}DjL4s>`b5G~udG>wqc&gum#QzS5k7Qg=gfbQo2FgCi zzpBqKshI$Zvdpg*(AF#@Uw8<*E6upx!CdxrwpVcULc>5I9a~t(E;p2|7!!1{t{4k3 z+WZ#Svwo1H$bbpu@M$Sql*kU0$m>dZ7TLu_ccf(YPeDeMuI{6ji%Fr>^Y^njdZ#e= zVbI^A%c>qEaWF#Mb3Y{04=zkk)@&FEcjPI&y_?Um? zM_;n7t-mw<185OGDQR75@Z|i_XW-te5RE|yg?3%$F8F8*+e~KoX zOvgNynqOiqvX_bkxhp}`4=?$BS3pv*vW~l8zE=K%N0Yq)hvx4v#UBg!IZc&k))|rY z6IAC6raItoP3NW0-3M!d*x`+_X``n>&MGn?*<}qf?NE^^Z%N6bL+WtYm9rK#mhzth zKUPD;G=a4^dF01&{`tQspV*=p?QQ3GLDNOg^ZmD*Ui_cGG84kbh_a1KZ z!BVdry#_|pZoOl;ZLkn$TBlzO-Lk9NA~_Z$eo+g^?%^Xv8ROpSWc?7{+vXY@xinc*ANP#Yx;9_+KcfNSvHd|Hv`qz#Igjz;E{tZ+d5{;Meg>2)RKGzLsWn-PQnHdP(Ztdz^Ll50;#Uhu?;gJi^#gK z4C%dKjb&r&-5S;x%&R2Z!bqn=2qv&Iv^`24;%XJn3JrYH#NUI{pd8a;4#tx)@t)gATc*lQjLn?m#damw55Kpxe9%TrC}s`$wbQh zK0$INaQ;L+tLs1Tt7*lEv(>7s|123%p1VlQ3Ei2tupJa8qv1xV|B0zblJpo3WdA!0 z@M%xo9-+428yU`V(HH6#Y+*{6hpu->*}&n}8~7?EZ%m0$c4@p%h(uap>Hnkn6>g5wVe4;QwGP z_MNBAVDne1sm^C^LRmrCMN9J@5u%)fU~y7SKp8@Jq*^LDOm4G4yL`xjk7noaZiN8?n}H`HZXu!7DK{iXpq1dHK~+E2?Rm$UTN z&18yREdo~Lzum|>JEmWB^10nWGj50{bB^lflez~eeu2^@F^;|Zqd8_x9j0G9;d8-d z4EUGG`^QSf<$eUgrR30tD31JLd>LPc7jSFzyv$0UfvuXPLjuIL3kQ__jL0E`y`%LgcWlB|wl2;ZQd|-=W_l$)xN1XOIiuj zO(*Y6au`Y*SO095TYP!6HI%2J3annD&-|h#^wuCNO*z0^_U3E+2D2TO+qx$C;R<^D>FngP_s zd!-Lp&xKuV@{h}tH#izmb8CH9`L~wGp{mzD+n1aP*R$>(p=V&fqvBb z7A;T-z_a_A3c~;&Z$wOw`bza4=6T}w(@b0yOHIY@GJcWD%vuKWGm!xq#`WxcfKoSu zdI0e*)%(YEU0m^q@4Hjj^|3)E$I&biS`hdM@g)jtw##(~H0>XrQf>`xkgg$oJ8fMR! z0f6WuivMKe%DF)h*FYw*m_gFbkeK*1f7({WtRODxT0*vVD?ESFIf{D!CR7{-$1{9Z z+1mb=7HZWX(5>n}a_3%A{ymDJX2JEOAfnie6_!@umd8m6o1y2)ZmI1J+tAWRIU&_g zvbTVduG4OChc7P~GIVx6X02C4`(ui9gsFo#$$f56bM8NbTjLn@HQvWei!7k!2xRZx zSPN^Sl~(?@NVF+{Bdgu_G)q7+OZCiSu6cnxVrxm{#ggU3-{ZrXMpRdoYg)4~t-`IB zxNqbv>lzN-0eHl$RvU(4d084JzlZe}%&bkK&*Ego*^QJp<0%DjCYDA5!?p}3Ie>i{ zA48uMu-QKVwe=h(i5aOrH0`FO^Y5!J2i<(+FzSMjSk)KSH$u)8={lAqk6C5v{1AGB z-6M7Q%Mws+xgK|0m7F3Y3;AB6{ozrY)r{7{2&U#X(Yq`O3d49wo4T2P&?tS{w;`Cr zzfPJOZw1r#gHLgYVmx$Gug~1Mnx7uSu%T$f%*}_3zhXf(3V5wCEiJc`z{ub0O7>mf~7BWf=&ncEJ_lVY+>@kI5QL``(s14~_nYYV^C;5t^{KThx-z`fq0z zWi$86l4CJ>4VW&xLqzBD9Gw?7ZTP8OK8*v8MfNsVis@<~1H<5_E(XLr46$qru(V>O z2pAUoJ5b`V=?rCqr^Mz(EB!o zxLlfGzo)4>%$&JfxrtRc;Wyy>3`LdH+R`Im;*P#v&)w@*2Sj!l&MQ8Y-$34IJ#&lQ zjAE(qaamW^l4HN<;WcVzC6sntqdLG=Kug!`E$L&m_&b+!zPBCZ5(l5fRa zm}9|gIAwiSh#~htbZyaCx0<_4S_aFO2P`fQL9cYS!i_08t5Q;=SHAzoP>82f3QS0i zk`e9einVh727|h4sV7` zm{FIe@gK5J16~M=bTmV7;;K%6TO6)=!Y22gKpNb5Id`*@}}iy z%)oG3_7;(KglipAeKN_ot0*A1M^SUI-7Rahx;0(n<=wcNSYt8eJugwO#lpC~<|;mh zeU&eb!#Vfji_3-vBJM{;g?VEqQ)3N6e}mXuOVpU*86C>o<8oXXZhf=29vuS*Dr6Tk z>BGqt)@P-d)BOpZQer7zZcz{jb_?u}jw*b)oyuw?H}=(Bd( z!Y|3Yg@cD5v(qWZ{wH+EJc=uX7}Um#e3AUaL|PsT9Hi53($h*@Zd7cM_4{@@U2QCS z7<-%pAfd=u1MVE|Mu%X;r|-|4=g8T{%jzX3qN#{K6@H89MQ4}7|2n#){WdY}{G>6g z&JdQ=nfc`5oC}tCCs2W7*9rp}JZhMM z;&w{MYP-uX~` zYyGO8<6gm8v4sa4sb3@Ojj0}xsS|wR3U$J22mB?$@#dsb(SDGTeeS~497kBm=?6*< z!Y1we#?7#-7mFFp8bl}fz(QiY=T$pzI!XPpB#^Gig$cX!c=Hw+H`1yaZ&4sAO zZo#LrBtPSW7(5j=@FMMyZ$ip<4ZG+r&2RElM+bTucCK-)HmR>%-9Za(PlHs+L@ND* znSJ;k^!pc&+%q)hnmYz`PQ}*=<@LHj(i5z_jlI-*wNe?W8yM=K#AX^!2Tz2%L{RTZDs+q@JKA1o-nU)HbDiktq% zkLx36T~nL9Q8gMQ9WR?VuO>%U9PhDj_E0~}t-4WV6%=f%2`-fo&~5}mE(fF6fAiY6 z(>So|YmLL8xwdC;XF&EI6yBIvERf6&npiG8IMSe!ev@RvMwEnUTEcC~93$GUn|7fl zvC_2LvH#8VYmI|(wfp>M>(vi6y!>P09FEY}?D?#WMo!;anY_AUDAtGwh*-kZ`RIxi zzw7ST8wZLy`lC4}5_4$Qoq&3e+ zmGT}o92H%xdbK;u>gz{-#~q&F610o-ZTDnpX-JgpO=_Ie-V+CRre)yhPk8k+R2N>f zFYTV9fVE*dFWLU0H+gu6pLkQhn8i7QB;IEOXSGuHe(=jrNJ|ghUh*!q*@#%UkT>Hy21Gt`KQ8E2d7YM5s1aJArh?PB^ob6; zLb7Dfk?M15qfM7{u!4eG^VuE4NK`!a{RT7=f3(;UuH^boWS6SOS%f(q@9|hFQ49XX zvTUNFGvE1*TbIwmyfYsQlrtw3)Zvd7)?#`_% zNC$jJ(l?So;*1<8+U>xBk2ib14 zd~sd0?Rc#^>Ih5H(Pm^W$W{MZLR>*Z@%%<{-SO5N6=Ya3)kse`L^2EsSt69&%@CwA zcl(V+C-CH_sqaK$pW^44ew!GQS(*{!5Xo!_M$d`2*!LEI?8t72&)4ciQ%h9lRUaV& z-z#dpIQENuWgaWLafG2JU+1h4CKPe?ut_2P3wP|y;SYgc&eAV~l_e3cra&?31AC>+ zI2(3Yjiq=5gnbn8iQ6-;GKokZ-J!kp|4V5L^Lxohq-N1p$>|ZcIZQ+I7o_QtY^QLY zDpT$BHe8UncycB-4W6z{e66!W_9r*}qjQSCK<|`?i*s8w<~gdtqr0hS2A+H~oV#(E z%6m48NN^g@0jY`=of=t34?r7RB6+sd(qmdh03P!llyEM zO+OqSI2t!};k4_}u$+7gTxNcPxKxYq$t-7qRr5tbVcwLe@Bt!Gisb2X_G?%pDL;IS_MSK_(fKF?!ZGbgbxdbAt^t03W z!A!2~PdCU`OK33nw%ZNu0K!al(Ij5(UnCSES;3r{o@_>PfWe9x=;+eg0+__Uu&+?8 zh<-jPS`2BuP0A^*EzOz;DT7PswQRi6frv0hsgGLvOE_%!bL(ic0;+deO*>?_7%&mF zzO=P98x0)>S{KVT!<23Lnl8_3u_sxbh70Ug+DH*=f#mG?QgTs{eQ+(z7r;!d2lm%N z^LT;fZboxoySCdq`RN(teKqD%y5rJzPH6k{^pr{0sO?x(8$`Uy_A5^ffIh11lmA|h z9pHH2t?^JRK9Klblsx+@J;*UQB(RA}f>MEfnc<1{F(D0t;Tx=CY)8+Br-c)cM-xH3rW-qKIjJ9X1 z#So=rTlNWhp%V=4h8ji-f;6z^1+E550>=8|BbNvJ?IRO%0ge+>7HTp%T#pFo;l;So z*DhI{=yZZ!&ly1`knypSsLikeqv8yFptJz;QgDWI(+EqK;$nHA-&#&h%2n)Wl5IlV~(g`CTm z%|NydN(loE(KJhsIJ<*-ClCHVfo2x>9gP|Rl28^k_d~-)u!mo=ezu3ABTXXtHgQ`0 zJ}%FN9f{w;+0Z=l7@K0Al1bE=qgM`wr0ag!%sh@_XM3z}T&~JO*A+Z_$!hB8amtXh^3k!LX z!IYXESd_Lw4?J6UkP2V*{J94Reswmm3TTIVxDJwxJ1HS+Y-|IS7NqD%bXYkQ{OPBN zW6jL58uk{A41Y;%itaqvN94_L?AG9Bde|(pEO=QO5f5T4BMMbC(rr$mZDLFm&OUF_ z^*U-_a~Uj?%A=nhn3@_S)g>vg_VQ;2(=F*_O00_9$lrq|YV|{KW-Xik0oX?9_TRVe z70AE0?1g!5T8-DP5<(NtrT;+)a}j+gvbUl#J^cgmrBtZjF2R7b@v0?c6+};*LFZ#Y zR~73(JaqYGZ{0BZ?&~1A=tlo8-Ki!K^imIltSi!&H}1V@-b$Y}{e) z8?Vc;-<ih6`qHRepDaSSWj-X58@D!-)=(6cHe&|Fat;Bm5WyhX3wDGI2 z9k4b=wne1$@vQJ|eS8C&R)1eGDZs8>tMc0jtJbt+Yx%U2;S}N6C^aZa<03z3Vytwy z#wl`{CS(;&=gx-rd)o+1fLt+JBz8S?%z%Iym>yQ;k2q`a{v$&wY;Ba!VURJ?_Le@y zM#z}R9VY?33LGNg>0eoYL1t(Pp)mzm|40BV1sU2{X%5I?y5gFc%ZXDd5Q=D*Vm- ztY3Xq)lkEEFszi4mb+t9eXEp?&zrWs$0o`;F1Da|J;pmsc$-U0K(xd=I)<`_U0rk& z{^Vl`)$?x~=IT{OJxqzdn=uHeI(|YoM4}?xngEr1!z_>nCt<2xC#{I7jE>#ov;w;n z!wSzsJM6L_Z1*R`j5E_#zfv4kt>l822i$Un%ocnL9`i+gzs9=y!rP|i4YSq5k` zk_ZUr*wvfHscPh|#%&m5=fzryKA8U}NH^zpmE}VWvv_g|FG0JTbJjzP`MyM;$?!BB z9s3i4ZVFGZXR7c$6mi2`>U33C`m*2$qN)Fk%O*$32AN#!?0}$B*?y;iJ$9Q22tDyy z@F~fSEQHViEPO5H6Vcn&BSlmm-eW3CoTn1I3!j<0%-8(T0JXb> z3xAA1Qs?bz|95_cXWkg*^{J+$gf~SD_te7Kf8&~TTib%IStH`kbcZ;fDn9H$u*5!N zjtSp8rlFDea#Iw-$XKi3D>ru1)tahVou~HE6D%lANU;W)<}4SV{jWI_z@2<2ogy1y;wWjBS2?GVNdp zaE0J&2YBk&CWL*9zcQ(2xs$GwV`u76=AKv0DS{aP;c8vCQ05g$>Sy4~HetFvaIaI5W%vWZHL}bGM51?j9WaXJ+?2H! zPH3@mwb=lHKKA97U54^J&^FqHokaIc*Zk(A@6QP?Y^X7JoddK&wC^HJ}7Gv^wx+HgPmAt25Kv42|HoJLS!kvDm6E#Sm> zue679#pJ^tE9^e+enYG&Q=2~sxfK>F`wMe0x`-6Ya3lheo3iHBwQ^JY)B^SznD{d0 zaKfe=|2#l~_aDHfdBHp+x?|;uzgk_yUnipvjy_ecyqSQCME~D3r=0=F|8fr%WRcl2 zHyXZ|+oNpd*^3-ytmrZNmHhZnsgcxU3`&Xj=zf|Nx142PtIjJn^Hxaci+M(ZppHCs zPJ?&TZ9uleM^DMiNkakGy=`H|9J2|sX$;RVZ_6uiOC|{-k;-xN#|+(G)@VqX==CZWyvcXeSnp-dip{WZyYWBK`IE^Oii}l zW4DXhiO2bUu8$V`D@`t>QHU)`a&jju+>1v-*|oB0!g?bA(iQ-d@^?=1?>*^911%^|m-%JtNScIR$@XGpAP26w8Gn zR`4rXHsWg5__TE&0N}}~ljPc0j0+GYQL8Q?zXr;^piu)frb7r`s>ymv|yt$j)5J<53EN z!2Gb3l*%f02L@1*Wxp5y#6Z+(rOmi-#potb8@oUTg5P4*Bt~EVw~QF}y028Rau2r( z!|3tKu#Vdw_w!^ejUkBBWUUv(PVka{_9^pi4QLq>8+E$7C`Ut_{W#y%evA`|aaW6W z{gp!^5`Cw+571Upv7{R`+VZEbH!{HSKKYc@@OC2WB8+T{PvCI0oc7F}1Ml(T(k`sx zacF%vg04hufzKlcZY&yeLW4W>itjlW#zk#+&0SbRlo}{5@sb4g;KCpHuk;m;<#K$Vrbm2$eG( zk34R|$muz?bk6x|@r?4wMe0u2FW*odTF#xl>l$^J!E5uGl_6)GnV^_f?a(VS>k+4% zp@Kesw(bwO6_V@Zc~^+oiEwocN5Z|C?!(4u;I?+7pxLJEW~6=Rh*CM&e0?_l4w2kG zs5Uc56Ymu7MOkl^sAmnbLPFMsMr^&3lanKg4@Rji`?fwp0|vePDFfLk0mrP1R}}Tz7s@gl>M<`!QmXuT?`wt6wCS| zQk9H6yL#+pqnW1tmFOBd(Wfw*ze)oTr}$NCrb$2G0gt4m&Sjr zeY8l7Zc8qn-^CYz4Se}uEDoElOpk&s!?)+3bH0=fFXRghSbdt{?|%LJ4-_+0{3!j( z#tjIq<3%%0RoY8Zc47?EGdjHDU0VVA*#HXK-|a3dPnf~A+&_S|*3it`pbm#7vs`o~ z9=TG(INLmRgAKy(>vvreV|in;m;RVq7I$3HN6nb>Ne$>NQZ$!!#T1t-tRF~apaGcwKwQGtsF*`VMI2fj ztvdC}y4??!u7GjRtM41uF*k^l(9cIO=LnwdRxIt%76MH#!$z|WO&eE~Iy!o)Tbi`} zg2M07HRMw%YQ}q)Qpt%fBzT|A>LhX~cI(>~2zqGSp{*L~68f#rF>_#JZ*J0f{!`m5 z)B32}&Du48-2e}Z3V&hyVLo#4FO*hUfd?jnOft0;Io*a(>4`Dx;}OfC!DVyNMwyHz zr3w;n=^4bJ;38vWRsm3eOCNJ1-Brp}vr`^QOKoT%pxs^`l!h&voERNq>S!%ucPOKQD6C02Yy*$dd@Y)JA*8E4u34O7}#_0Y125 zB>w_qNjDMW7mJ;dqx!A5STaM@2wz?k#KB=Pl~y&Ob%PEqYVc`W7!n-p)!&eFj1b4^ z5<-uK?*ez?D;ilQr0f%dzK28#7Hl<^2e!iAS8!m#;~*f;Qr;yI-3-+79#a2KY8v=5 z^zX@~9;%qTcN^^9e7Vca>7-cO|NX9@mj<BdTIeUpvc^TSem})3Db~#q~8u>4MWd=Gf30`p6+#9g6KDN`x{){4Lv(C4t6;5a*4-V4IYuFOeIH8TYkP8cT>1Dmbl$O_eHv}`D> z88wl5c%DOWsxUUT-sF^#8g%Jb^wD9TlHY9*A(r(qMsbF=$jBPnpK05~s81X7KW0XOpy{ zo}ey_(m!T6=GBa+OkJxHZZ4$8PFQrVsu5bUx9FU$yiMg7T@y+m0HSesbrZv0`?(bJ zH$ZF95a%}2A9Ne(+`12{5igh%>d2MuW?s76iH8@Ba9wuT#(H>yDGSVKwL8XhbTy-KOGs)IEx2w$w`J_^I!~W}#S|-NBG%`9f zR@@}UV}sq9mXu6e#hfv_TfYw8Mt_$>Ty?{!X_5F>YB5R-Ry&vXXvsp0f9wgf8Cfmr zRJOnkP5)`kbh=~=kF7T-6PGtfMPm99QC;7-V1Q@r zepsyNx*s$5U(P%!tZWRqPS~^w9WNy&Hc2}MUFdYGm@t!L;4e|AXDKOv5XTb5zWk-p zn~!j9r@oLuEf|Jx=ENHv|4Qxq8QT0-mox2l=+tK zXLs$t0Z5U4Rz0cjU~KDyMT;WNQy6@_6<^mpl?#KHFooC*$>$YUX3xfQ{=v-+{?ap9 zXI{^Y)Y#OWu8>tcnD*8L_AqF1j{_rb`WhtH%xW?sZU(UwX1=NQQ;e~qgQ+QX zep4frlM48hSk8uzss*EItQv0CECe<~x4abk65^FIxplrQb4i{UREp~E1xV4~w$86o zAyxE4FnJ+hR_3{@K1lo-oh(*YJV$>X^85ASlbBB5h85E*L{`iZnLnblCeU^WZx${D(zm z9?K6{WUQ8MESAtUl+P}<@7Cc4>O2PTVEZ(3$29^VZ+aVcqDq^KiYF|8NoNIb-(==s zO}uUj&Z;u^Q;7m>wf1ebHtr$JZgT~+B^lfna6`qVjO~I~(w3_AeA+_gy1C0>%PBfA zZ!kF?1aht%WxlXKhioseP_PWP`bx#(-= zKLFkvlIiTUadHLlJk`ey%)(sO5HB;`Qu!sK6YJb9&*43wE7nAcmU27l;Yiz8N=d$@ zM@^>iWjG<)0`)?m=ugN*Bp0&yXPGALzp2hE!)p9;x&+SAhOs!%3(zC^hbA6{{VK^ zT^k>Rwmhg(cscf&k4Y`N4-rCAxaB6N#)4&ZU=o~fGa;}0QEOC*J{N3=f@G`cfvDyN z**OB|5G?!9S&kl5lwG8JlH>-~>Br(RF=UNrC-c`-+V5CUs{^=$JzF*pM^NQvi)v`V z??14=N$;copf&H!tdN4N(O^!)omXUEIB`)-{!S>Wyliinf<6q;on#f0nq3Y$_4!$1;U7ZzpZlWd_<#(=Uwu^MxcuK(VSwqOLJ}42QTcZf` zaN)YpfEC?&$(v_`69U9)t`SKBKlwljF75qmB1y_8hdz7ES43=&Y18HajcdqD29*HO z;=mdrGc!83%4KEmQaERt+XA~ZbAj2pY!t*vLltI}t8ZWzWSrZKE!r$RK)>&>h;(ZM zZJEVccWa=`T}{{NP$dK1o!Yw|W*v;SA!9FszKET6Bz7EoOCLT}_8$ikM?-*N(=QpZ z+y~|ZKf2nB=by_Vu+TiWi>ibD7LxdGPvrA zcW~QBg0(fiHYUN};CjhBokqPiM!X^F#kcRkq&UwKCaN;yi)IvP8Ejw|pbuO&! zbPdMFt{=5ZNAN0`ukf%r@ng-TR0XTgI3gnZ^aKz zWAhTfG@$X;U@cACK1~^tq$rEz{{&K0*x{dn>UPMg0emb-)qjKu1(Ml^FBi-Z=*zST zQU^@|HzB4w`cxzk8YCz;f-K8cQhX~@qswl~CSj)z;%wpIvo`1!H{w#F2Se>hc*3S- z?Hc#g_j-sQsGiU9Y}#`-NhN8kJXuj>bffw9r;v#@>)sbuB7@q`jDNuZEGecuQX%7z zRJw9^-r9xe=FGvUkWvZ&xM?a|$H3duwo-Lto>iCjz;uf`^Ss9@J}a_P*@R**L3Vto zgFM+r&q)!BEg9f+#4`CA)zreHNpB!6{Tj!oV5%=SG$l%}tL8#gif~fm2}fdb0-w+3 zrHDuWwZyx=1~Qj;aEf9zNnf-KOjYuzzjTv8YaPdj*7zzxO^z)UQPf=c29L5BSl@5@ z7dllPmtl1Qz27^hspK|3u}%>ZBznnGjzFS`c#d{pTuwH-^9&gg?TR>?x1S+u5C#ZK zBb2!Lh9PuDGo%n!(5Lpr(Yj)xlV`SzZzy^<Z4TEOfYp=L9BGvRdDZl9EL#|5H(I z`ZPu?Xll zAD!j4_O0^~e!EVIt=goT`T7rj&#ym0Yfr|XWkflx_cwuSO;~#NW3}4{RqPS%jtOk8 z$`O81897NrT@Wgfob6gmWI=3rrEMSxRIt}<7T;IpeDOj7&*q;+k+DxtsO8rG)(qg+ zNB;xJ=x1?e?@2JpYf4m8Dy-W;rj|v^T6&DT*8TbpUE|>(CcE6*kN`zsUX6E=TOK5_ ztmExlvZRo27w0Vs;o#(^ESG^#NG705r|NH22^Yy9Ubr#`;lM;zWGcgo>)nr_OM0T> zD2QSAW~QryPLn+S5;5t~Bh9}+vCMIx0Z$vu?a2;NK-kUQ75E-aHgjFX#Epa_R?qVm z8#)qbY&qkw*q_=0mOI1eZpY$e*`pRFSYmd^o^n?4pxH(;BehT37(~-v=f;DRtNPq- zr5T|MP=<3Yck(WqBuIN;^Q5k4Dmx^P{vgPN!aV7lpXd^4x9m|aZ|#kO*7j73kn`O; zP+@tcERrp6DgpyIMJlhM9pEH>)mWR!Fg#A+zPhPXzeOcTZ?-nB~8-dJdqqEXO zp-S+}t4KE^bfKlZ1oq5ByiCGFLKU^btEWchS4!NC=o{=NCzL`BaHm~#JIvG>*MP4S zek+~_KuWnutB#_=E)Yr9IfLb`de3s^Q`C2Ws|lBHwJbxecAB6iY%fA-4!nsEaN#9T z9->t@j8NZ2v4WYa1cU8sy-YMJ_73|cc2+!R&D1v=qC|@a^O((oZl}g&&(E<)T#z?3qoC2$EcL7j&QCsn4r>G-C^W zY-NU{6U+mDuHBvp?p7nK(*JXE;>g3Ty$Lc=w-{3Y4^wZ!6xY^uZ8vmqPjHvu?oN;( z!Gbk3?(XjHE`i1gE{(gpySux4AV|phxU0_j-scZ=?drK}uerv&#+Yu8yAS)Sm`(Z} zl55DBmA7PRe@U#Gbp{_&l30L=ep$QyrYsZg zOZOcT(OTt>%XR1=JAWz{^I0$&jsC(>yIs*FR1w2=p^gK-d= z7<&t<`w5W;V&(J|8BEfnqxwg&JIAJ6_z@U(h`c8?X%rV<4j-Zyu>^lu7b@9 z$$kwB=m{0&TAbi{OvaYgbuc=FZQ9Q*N+P}=V5{>I6%P6gKMF3)n`S@bR5&GcW2vxA zmN8Bt@s#r_C=K9QzR>E}XVcqi=u&B#Q@PE%<+9*`j=9z2%%ZdmAG`15R zN5OPp$S^+J4daZS($)RuJ8iaC_oMwki^mCybtAqTomQCd-rVWkr<`^un9qK#!atc9 z;T&txD8OU#A_=^U30fQQEj}KlItXL}U5k~Ur+qFdygWy4U!^Cer%$E+^+EOzT)f)Q zSYsFqIb69I`t0Cj#H}KXZln+*!!|&aR&(4T$1vKsyc?}=>|H|%ccu#ZmQKmGP*fCWFW=g0UqJ?P*1RQ>x4&fnv`?v3`- z9ufbr{~VUHVPfThN9isiB+}+ugOBf=y~C%KgWs>hH7zqRnR;sQi@pT+$yXLwt!2L? zH&5vx%)~ptLQ}a7TpGG%6b$Cd@}{b;5UP|tMF%Rly=k}$QMEz){{WD>r?kv-d3H6E zsZCbea`steSS)8O$1i$Mfzfv>cA(4@OYqGRj*aKO=wGd5=f&;klNt?Ubf^|`j}MENqV9Rh|yYD z^23($8Ahz7>~*m50`11Q)>*k76kF7px$L7`v$#ms*;Q9M)HsbDAT_Ts;2IQ#=Pr~F z+*8sEzo@mGgSnY(M)Dw;bq|E)C}7{}I>&q_F`jcDQ3vRt>*pZZ-@NE7`%S`K>rQ(7 z1LR!jA2D;<_KxIJmd3eW!~(f+O3-fIcjM(NAEcYwenZkU;E1XVKLHa8St4;R0>n_Z zoi&2TP{~KDB?_TsqA_!+m6KnPjUJr-BHxr+jvhO>=EdPS*|M~F?|sfLHAETpMVt_+ zMT2{vE~JVZo^Dtd?~NoZv$=FKq_0~q{tdnq07b#yc!7|1; z6qqhRIoQ`?4o5fb5`L);Kb$--&3@*7cf)Khw*<~KL?&h*jO%}ll+e(0DaE4thSwq3 zuDEscf%l^6&BJzF2B85yrKfxiy_oMy++m2K!W-`gSck0F%=91Hqc<>YW|DBM@=NA^ z9dow1y~!mK{tsUoRxq-fptra%Y8IW+=LTlX<&e)w6Wgv^9Vi`ka4?^Y;XlAvF2ExD z8=N_zgPaaPhEaC;xWTIs04)_f8Wevl;~`oZo4AH^RqFHkPA9xVgSy^dv^hTFiD0wL z&7J_!1GDwA?@>`q1))6p6~&(x46x}QA`LalF&lJORw0q6Y2vAGFxr>?A`H^>!@D_kBK>jm<&54`1v~!6 z?!QqYN|?;y)7L}rQHlo8pgMD3k96LQuUperRK-(pKI#$!S}PTTLgd!=Y=R-Z%_| z%m6^?0;cx+$Z=A@V<7%2^UnW3?Wbf9v>h@(QXQBweW(pP;1K8Unzmsq*hJu zxrWB#Nem8~ZO0Y3VAS?i!>|OFK*xj~=I5K_ zuMjY&`oiuUF7gfoM%Au*HYZL4^Y;zY zuW+ltsXS3%5A+f^nUiW!D;LpLKkukzYGZZ@yy(fEx?*<6Nyi9V_ZsV_Wlf{Ko{xa< zxDLtvrV1q)ql6sTTMz+5qrBqF0M#Q5x|h|etiX>TcoxnF(aAK#DW#9?qTCo z3KyY0rz4K$2($RB^fRpq6Zt!Qj9AVP+HDbykEGbfV_yNyyMM-W)7|i8Yv((iaz{g+ znZju_Q*vAaEpEE5P7KZWYUSU{ZBh{UGV;p3co4z2n*Yl?o>ZUhaN+?L?*}a?gI-tK)8f}ElsZo%i+}iu(bTE5+MJ1_9 zeI1%X5taZ^3@!+=bgRHWWe2x=NWuD;Z0pk`D7fw6!4c$VtIm8M+b8Qq-3@uPFI22t zdWmcFQ=I{+pi<{JZCl%IkA62sXXkL`a7)T0xu>UBlJO}gXp_UwU#kzXT)RT_t}$(F zMkZB1+pDT(c@Qw21`~A)n%anFu<(o3Rd`ZH6 zFCZGh7hdicLT4fcS(|vmZiu29uqu^Jtpw^%foUHIYm~|Lb17|MWjv87qvPEr;C8m;<^M{{4UsHp(mQb5h#_~ zL>@I3N^u5&r_k^=8}F*R2%MhU=P)2nsxGm|0k8&pxOi4al{BWMDz`-YI+Bn5D`q~lgiPLyj0+WHA_?#&?lk6eWhk+GvKRzW%{_^YMnP$$8daWwIr3Y~|OW+P5BO4VSg*@o+3afn*z=UTn?} zjV0oY(8eq`%?&@{Lt%2Nu~r_c*%%=@KGaq=@aG9*7eQM ze`hmsC?;C0D@2Q8iJ7%%{j7&vOW@bfV-}S68_$HyWbs3X}akV|@R0Usf3A{(!^CVsEY~lnJ#!Y9IcIX)#acoMT z`-lv9%~vf8xt?SDp9%AdH-(qsGmBm275)jS9i3SPwm73p4lXeRr1|o^9DxTrb^+XAc7Jb3| zRBW(0njnX3^b2saS8lGII{PdeMxB2M)Lqpvj?zhB zXPA^uza7C3m5!K?VJR)!51rgSgK1bK>~pt3byOW$=aF05{uxqVYUI$wnbUCF31 z^=vs>35+sPYtw~Z<7C=IGnqYKxPlsqoX!Jn!b)Ld&O4GJ%Juu`-zx5a>iL~<*`}1y zy4JI>xTxG2z0M6WEn5QZ8P~lBRa!r< zu_S|iLo5-Rw2nE0xvZ#RU3(I)=qSFNZo%>`&+bYh?Y>LfEQV{EKRFmiM)=+FZ*YZ5 zrX)rQaXDToJLN+sM;a0QKKje!!}$?g>u;5zK#Bxb4jrVVK_PCpZoYjL#tbDLgJ!Pp z0}p@k|05Y>#sd|5L_YN|7I}6x&N1KZS-7wA5Izc71AE{y~_F`cA&C;8ZsKx{48* zIjG>M62CpigD+vVFkK$u)UYtFn)XK}w}||omzzwR6r|_O9mrh%=X3*>M(h0#2B8R@ z(E`z!HvLNi*i5%T|HH=7D)woZB}QVZy^eqE#7Vdw^}L(fo~-Sh9XI1=oNkm|1FCzT z*io%tvDdMYK!yBo+#f%+H3q$7v&y1}#;9jldiuu!p=v&jjygh5ArOPBUOkBJP~Lv2 zjp=yzNwY63>>@-ohD&eDk&a+wj<9~Yfo&{^4J0iXPipab)A~<*8u^*!T|e2u1EbAy z%A^OpBg-Pg2+Pl>^w-LxQ(u~gR=2x?!Wc3k=MY(u$k-J-tv z!~d9X^A6B`wL9`)+6k4$l1--()5>F@!mmM|UI(A>$Rix6!fC{}U)kN4yK`-#%ws|b zy>fN7b<=wjq|*w_n#9t7*UvpPVN-shr@(riU*DHkd?_0w4aN>wW7eyXq@U1Vvl+vE z#`t9D5ihpK>Ao(V--EJ)4Y%d>WE!*Sypr+v^P6O6TKDb6i>W2frnwJN< z#B8rR`s;6_T{+yY84CP7vHoT025ee~XZ;_XQ0h5T&ff_dzcQ*dqxb|BdSEDR+gyZ| zy}b&?D<|lpy2_XPzghE31vhZvMv5mTVGDlkXB?Ivq?!6GjGTJA^vbK6vTXZXygE4@ zp~7sWmN*8JJ(1G5AEZaZpliUeR{gE}Uis{t5YTKsW#qOv2nSQtiIRP<_dTvS=+A(c zXaZd4kKmFp-)z$47`p>dqb@rPri#^TFJo?`=%S}YD1RNr7O$wq-8gGY)78XsPX3Z? zIpK{qGLH7*gheat7j`Bd4Np!o=!H-8&wKxi?r7NGf298#TZRX)syj-ivX(Qz4nm$- zm;3K#2)v7yh5Dv&&o$E?-DQ=>Thl*tW*U(2Ij^bupeR(5DzYC*I14Pp^~omViET@y zs}l9mHHiGWr#~bo44QvmztKG*O z-qy*Bu&oVH9ld8^rL~SW$>*y7{fogcFrgiQ-y%N|)-#8HbtT(#p8FYyW|GlKNca>N z4<07T7X@n`3#PZd^rn!HuLd~havwdWE_sgO(D8Lr&ryLH#pn(Z;1AIEQR&s5hiM~= zn0I@XQgOlKwhh|>NgD!q6MraSwSjbo7s5xmH*i^nrYh~MoN{#~=!Gdb(*3v%HbsQi zN%$DWjCI7%oD{oN(7p$DqO6J%_ETb-&uYpahVgyaWmhyuo?G592x|QwL`iP;QW6{i zjl{@QmA$S?sx+Nbf)ambbeyaUrc)-WohgUJ&VtGUnVPJXwX+H_Xafo7(85{c&v<^S ztj<3|buef9)s@->;vcxgo{MRou_l)}Mpd;hP?{qG z9YlY6udf*;%HY{uiZRG~h)G(Li=r?Y4Egf1A$%Yh!5JchE8S&Bf;hg)XS+t*1W06s~IpmH*P!4r1T1Rt9?F&MPk_C5BI1} zW398yhg7$hSK2?epyq@+e!_9s-t)RR>K z&mVt5-R6@>SJv)z*#}@?IoX#25QlWJR4((Yk7%JfUB>#(WZkniK)tS7Kv2t6MZ^zx zl)${qXCJANudKMk0}C^}qK>oC`N$T(qWWJ0u$7OwumEm$OG5pmi4inBcRku*?E=f0 zE(%owccL9*XQ8ifdV`wRJD)As4pf8J5M?bB6s6cKKI!#TkY>gYi^jnE$k&yI*ord7 zTgvp-_>zBM8%E%25>IBh$~&`6Mt2ya>9DSr`RuDO&_~B@e*!yHv%*pNH$eGQFj0`L zlSl;g;f4cuHVFl%?xlZ7XW0cu*?^?`SK&y+EUApprXBM6Fncnp=_Jj=mhdO39zupm z*T8if3{@$;TTd7Z7vw3u+Us_kPyw%6aue9fT5HT3j=|&HrT#4VZUn7&D%!AjKlDMxD zw%NdE8^$QrRw6Vuky}{a{0WD5Dtzvwk6xC9c&!d=*6y*e=(J27BF*XQ=k$E}cx40} zG#dt2m5B@#tfN-m+%rSZ0ZdBxdZ{F889<&__TL|Cc+A_!J0`hM48SLI6oIE)c$ybz zo`q%22$UZi_wdvg78tE8r|ch)G8uq;k9HK~5Mw^gxa5AS`qSLD~s$*WV-o&1>3cepC4wAZIL^jNN2b> z3Ah=V%8t+nN1EYq;c+cJEP%60*M$>bEdR3(3H29aydehNHgnwSzCj!{O?l#6}yn@E^CLsfZ8=*#C| zO5A>iwuNsb*nELt7&6USgf9NmWG||J-#g8sFQ?yMl#P;K-jkdD|ADRtVjP0p zo`A7<3lUhu=8sDtOk>&mN_%GyjjkO{24+a+!Yn&;xnsm{d>5t65pyct{Gyg5-C#{$ z7Qm6dgTweyh?WhU)+BrR2}%U$PYjPdT4;ir-QC;dmZP;63cR7;-Kss*hMzZ?j^%`_ z)$i$7P_3+D!-jyK;H<8xw^a#N!IC}(hulOh4qspOSr0-+Zma=3>~)-16}c=^2c|8T zG-y^d5ET!CgvoX)_hDHgvd!Y&nq&1mLhDy#4;~53!SMDWJ)_kRLbIQ(M^>b>MoEp6 zAO8Ui)I}gS+qXiP7azhXXXqF@oVqZ5pQu~l+pUaoNJDKJi%g^AHa2ps;)od=8(9^zyakg(=W#b5s|=SSEd?;IW&?9_>Q=D2NM@eUQEjA<(RveJyE)T;4yr zq)WAJSh<-J=T>@EJX5{6S!0;|4mbcxvh(idDlsQbt4wP;Gz)5^n^ZTfl!y)&K9M!w z!vCjG=ohPTWl`slZn5TJ=EMCs#`^?gyMhd~J!_wWUL{@`53~bvE2!f`R|a*}pLFZ) z-(#8C@Vv9m++%O8_3ZJ_y^i*H#h(3IGZ3AGQN=o>*KO6404_2sJ^ z7*?ago1aqBv0}INu;gc0ViL&xLM&B4R6wzOA7v(9}4>X&?I)?7MX8h`)r`;5LraE>y3W|{u`yvjA~2HRWq9zWk&`} z{IK$Q^0zc|eKJ;!(`@Hm%2vrAj(?I5_;YJ>@DHFY$l_Tb&;SBj_RyfHR3Z6z&qLc1 z^emvjj+tUHrPQ69PyFM0U zFhK5e-hh{iP0PQdqu98O;#Js0$0p$y7ZE((pS4*u=h7{lJgD5Z90pxQ5h&gEhNRF$ zI^nYq?t;Y}nC?qSCD19N8PjgOagTXsLsp4NT{7ex)c?@(qaA+ZU8GAT;CI;hl zy+rDX;%P4mc|W0(3PmG~xn)#I=ODbI&b{OlAlbiz(zc~7De_j9q&{sEq=s2Ua1*Su z%wOAUI~?KRL~G(lk5OakIqWUZZc~AE(4?{b1_=%^htp)-z92&80U2errT!J~caOH& z$K#b78)~K&TzLdmza*$xT{0V2{#8*hubNh4!Z68R->moouM5|5cXaLvb*)6;?DZi_ z;$IWE1@W{oF@Djlj$(Wx4Q9A`MZ6`r2s_4$qFbS0htujp$z>M@)-B;-nLT|m{RMAz zaU!zpzQ2(#zzF1Vyel$Fc9(*!Z;otN3Tf<1dm3fwCgq;81IO%~BRf2uKX_Tg5WrHY zUp;?*NA*b_>G}xs;;SjI3OVy1_|}qotUqA(pBkf*>zICXYd@}(kOBi)e4NtFa{ zd5drnhZxFcb{=nRF72jgV|!LceZNDF>{Zf(?Y`nk76Dfl@WHPp;-ui=^a+OY98X30dIPnPy^SAN*LBepjuK+x+B{K##>od{mirV4$ zZpjYLS*Jh8b&2h6geukWyoEEo48bw7eL*Hz#FT>6EVF@kFalh|cu$Ux5VEyJ)|V$GrO=Sk|M(_B6=f4mY+ZoHdXgH02W`w? z$@RP>Oqmf=H8uAzw6RssrsHHyy9QaU3q@5^YxtCBPux;&wF_4~M2I*TSDwt%iKcBn z#65)Cf zc{V=&Gh)&t*|$5kU=6o14C0$ACec)70orz7H0~duEj7s&^C8J@3#-f2^{G6j)Gzzh z5>&irO%r4DrL@)HuDaS)a;lnVd7EjAO)&Bg(D*srD?WH!O!G#xiGY8_nF1cHbm}r1 z85yf(Ljiz`8Jkxm5*MvnXoirSTIjWu7nOs#!fA$s8F+_g3~+%>*>_G95!ig>?J-GH%;-^4Deh)Igi8hT4CG3smti`rPcArEg~kXA!gP2EQW{Hb1v^ zukFAnI_2E%J>mb-Jm_7JG`{hmVX8Kn(p#}|e!pp9?b@F^!HF96JGjiJ6))=-l~nmq_>`nRbEwt^d1`y{I`3a9k z!w%s^q!th@E^Ch{ja7|Jd!xM`uwstWben39dK9Vod(SzRs1{0Sg^uMU5urebnL5g6 zNzv>QzB_CPU1OE-incg`?Cv;e92GorY?j=C2V>elfF8Ef$df^Zd7CrB`oaY<`6DD4spa)C6h&{w&~u;lzom8#aruWN(oO04mY1jfic3wCOHNT5`+%NwC?3y+kyJ*JC6l^(0{|+W=F9uh< z&yhliDoB2|W)6KHJDFwe4nOw#KeFLp+Qq`+Me}!LSV;+u_WSpBVnl|xcl4fPDH;=R z$$$3y3;jO;$uB1*Z`iI>7LEQ95C8Hx$F~2zTRk|rO%!gmEi_>i4IUImRgE98v3X%! zbUx)7(G1*3Sp52VPlM9jfL}|S8Vk@6=esSoK^XrvuK|9;{*}DAB;+~d8pis|x-Tb3 zC^K~FiwttCX@P!z-%zy0@`==s2@fY5=s8&h-qZNM5x_SJ9|KS1QURVBIa>A$<~db|kZREwR+&bH_>xRh)$RP`KYIOh{XB7`6BDY$1 z%_8$jW^H6sO-rd!)*=UmrM1VNK@9p7n(+Z?bb8w*Vm4T0rCB2PNjL@Vsa~($0s&D3f(+=QphRy=RVJ550h3?Du4_fl)HIA z1;;$mQ+8_D*Pr0u3tJbqL~TDpAD@+h5qCcbg+X^^I*h+TX{jibw=7Kzty#*<5+sUG zxo!g;a5#;%U@oCo?NL^N2B`A~#92^r8dBGetxBZJB4&{6h(}W|B2t@j-0ycP4w#u) z?Pz(+bB*e#(K3y!Y3n7YM~gMp*XV9SvEU4$aXR{r{Su3u%Q9n5h>&s zs7z+qP1TOm2}PD*S!B+?oc|t|K7fToSsi_sMV%3@$9OjU!qQeayuAt(vJQ)kt>dhh#6UU0X3SuDx(2+of&Nl0=6^tv?M}4G&gOIIYKoeQb}F8 zrKkXW$@T(Qe1<>}Ynm8Mfa_FBl0{f$G{Y@6H$xo;cknm#wmb{ISV|R5@y9*AC}5fXl9=^7&F>ZWUG7|!S(&rTDY_djx1olbO0C!|KXYCX zG777V&NW`x`EQA$h*R(s<&|^4{gi3!`;q4(!FIpERn8i-N*Gtl;CWEi1WL#09UOld zjN-0Pu63+8Kj~wkk(5&qM4?|}40E{kHd<@a#j}nbp4~`Zd^~5K&dM#EM^QA6%#%=U zcwylM?GCjr&pMQXXLclgF^kQm>X!rQu*{bBri|#?&Sbkld?Mq{`t;tgI4Ie11rZ&T zIakgM7vvp{w&M`_$b*+oIV&gSD;}Uskr=s#1!a!Rr+}MpEbn3mp z5IrIRvoE-5ChkZX56O>rHg;8iipjMj?u5!b@CvTDO9#SmNo40?>$b?xw6;-P)Vfq% z9d6LSdFzNRvBN!gy)U@QLibSXc~Dj*H9=u!yr z=w=uo0v?^Urzp4`<*`#2!Svn`< zh*^Yg>Al6yxEV{-DhE@&Dnx(h0TlIR`H}s;hia>Iv&`7W97!9jh6fV-Pa$iP1F%ol zX%una11&1lJMck;mUf_FMMDV7sP4h-UrLE%jsr!O+V5HU*d{ZOW$%I2Q)pyL@fIdZ zO>m7|4BVRpPWkZ|{i_EXm-QHEXSkFjyGXQ+)>ChSs*2e1RG$>j)4T@82wJ;@og90= zt0nMwGoBF|RG_Eqo0%!8DMBUEL3woIGALC7TVa9QK=8Ndjf4a&$Mmgax;36WDnPBA z5uML#4|&G2rv9*bHip5)TmF|lD{tC5pfz@>UL&LZ#+ErHfJsfr(&D$ivVD22fdYMC z#WhV$^6G?JlnnIhSxf9NnQu%NrUQYnq@%K!oPrPF+Es(wXocq%8G)G15WB>iJ+{p) zJgbk9`6$KHkDwz}AX-qC{I!1F7tF>K@RhPrBJ0U#!lw;S`HP&Ff~u}YK=lzf)5~lV zXbHya*GCS*DskAlc4=0#M0~DG!a>o#C3f}AZE)VWS?FDrfHRwzqNOXV&^U{;9I0pc zcTgd9)cz?p-B>bLdu8)2YlWascOlDd&hU8UlTsZoylkoS8W}H6=$`86Edh)0pAh0U zpRtK0hKzD9#eV?Il()#~thEou8Zq!vRA5)k$Z07*w<4TJOCp~YF8x`Y)&pBG6`yJU!`qdQo#Ugd|88o(9L zJ?cR#f%dguj{3$Zf2(6wq(`ky89ulS5yfqw0uARqTF{kHYm3{uMaTp`H|ctSk{ay( zRH zI=_s?4ljE*#@V4LvX;a?y;^+if*2$bFcep${~4_Y_Sa2mB#RP&3FOFe&72R%72Fa< z3(zQw8Te|U&#+&@&Xu7vccbSv>=MH4JkiuLiCXktIcD-Y$TY9E{oV&{#^fU*BNBp5!v z8y~|-YuN1|>xo&F=MwH0^v~dMwxy9%Cip&2R9V$RF+dA$BbkrbTgIPl+lKD?!Na%- zETQzE!ymmfCmza~@~u_Jq+C2aal|Bg^YI;<2HH3B??EFj3d7Utz|nn(O>GUzqdaRU zrN*$jznm-5#z>=|cZhC92|(oCi!J1;d3vmJUKmlzv>j**a0a(mW&c4B3)J`p03ZvE z5HnK6o^SVj$Y0y=gz1ka3kZ*_>`x+}aM~F%wyHwWD;y~hhkd_+?(&v-DAl+*rFUby z=iX~PjfWn(KKrN+3gL}Uu;Om>5lDV163yBKQ^3wzYMkK1PW(iF=$s7(Yo)xUYY}dr_X% z1Q+5tvGNSvhj&{{;#jBltqO)!ek~nA8ARDWF|vUxGVwm&{s+(pOCf8yeX++UCT7c>;bJo|r20Cd2GD`rLMJ8Y&_zQC4Z>IE+*=+%pb(dK8$4YP3IViQ4!y_5A{ zfv}n6EA_@qV>XLY6vUxuWeU$j*j^5BB{0tCh+iec{8;lHXV?RZvaD4049k%@yH?YX zpCZQ>mpJEp0z!VaQw#f-Nrh^th6lHWJ4>V5wMOr5ArB6XLeSgYLg1}>bgHV0JzM68 zQ=^fp`K>d1bI0Sd$9lgq^e~(ksw-ZUC-1QM8hn%dIZE$pRc|Us;6w2p zug25QoXDj`opDaJOoutDfF9O@aSUogRD@GYsz|-jBx8CQSU`FsII`xH9-H-?6yZEy zVb-y4f$Lg3w)Fttlguc@S#G~ZL^Magg3jwWx}&56yUe{?mfsz-D7nBuaKB}%J)0so zgk6dKqJjBI0`pUOMhG~Q00P0$P}yMb?R;Uk7D=4YLBX!ToqY}LneFtUs)Gbujvpgv z^;OKmXO>B<_LOQv&6fygeb|Hy;k@M}lYmB7#KOL&0gQ{%N`bD(Y)~h;h?PQf^0PyI)I#Wbkp*=b(OmPTKP@L+>qQx6S~Wuk;F zvu9?>nlE~qzqQX9{YKaua6cw#T1bC*;av^FAKKHv5X!tYl8wNR==ky?UwhM!gT8Y7T0Zp4>^A=en8m@5|;w6t?wuXZt78La; zrqX+zGo#XbBX~NP6fbwD|2Fy`auQ?tIF=!6N?x3by*Poerul6P5pA?95IFoAbUV*U zt*=j2;Wx4+*|Ezx2O*3rw4o=h!O})cGpjN(5N`xMMD{zNmzSgl+t>ew5@{2D)AW)h zs%-TXkT6s@e3#>e;j)$U?JxC6BWm1%J}5sU3Om@Ur?8#)3w{laG4pYP2KtFiO)^KL%r7&Gw=FU}9$4bMxB1l_bA@s!*vQ@BFL&yP8X z`#SobglRjdqR;j4x1Ghib`8(OzFiC2t^9P5P*X9I8e38BZh5p3@ZW~OnPGkj2OjcuZK7F|=(?fpB{v^TAY)4Rt zWpb2#H{ADvMupu4*3k!#6<2z23D;u()rMbYEG_k?Kpel((C!>yJ&+*LsX7wE(Oqzf z{7^VDbk#(UYvsc+02Y|o#vS}4I~%J=Umiw8(?5_Cj7_>SAZ#S!4Jv0F5x+`U4u-ZD zuwZ)L9#oI1g`|oEu5s`bjg`M={ss4_Up~nip~)#oR-AY7>Ck8a-q5Zb{sDXhFu$|i zM2rj_#ZLsR!KgBgi-Z(zpcvTC+VT!ve`e)=xUC+;7lVQ@_5Ntdu^Oyao?@`f(T&{* z%k(QJBqc}lN$Z}mFzAX$-<&$E8cL>Fm2_Um;V~=Uc!pk({(PJIcf_}IkSii#wle0( zDsfq_u(#rk7RqqLpSr`S+)W#N|8XgD!?OFe&H$0vU4FenzMl`7;}~>ihIp(I_to< z{>RL2(aAmHk`=T~Z&G+eF%vXeR-Za!a~p>3lfYzL>(WnzzvFvm^CU*mY?X! z*(Vb_!wc|hdpH`Y17cA)jEvK7;k)4%L)Xr*h!#wxOGkF1aNY*otgv-ZRPcRkrtVMb zpXqsmnze3j?sT75jI$yC0Pc+bOoPjJ^h=RILY)N$eYOCI9`8^30J{MmY}`C9UDv?e z0=xz|EUApizPgRF_Z1#n}1zNfqSe)~% zw-LYoO8lo?z#>sJI%|Aj;VjgH05rU0Q$Uf{_7Nw zqZ=EyE!ST;OSKGIsq^vP&|#56QVEfW5x$ura1^(3C);ckBzw|{?cKM`27y#uwlH0~ zI4^4EkPFt)jW2?JIF*8#cHD-FO8LL5;b5!e)uYRH>6!h!PK3oSZ}VXUPSUdfwAa*H zpa@vyte8k|XsopN9l9QcfcAkcu^n{KrX}X|7}Ds>*K|cq3uiq)qHbbLbTu~z)y*{imgI2n7~h}z zQ#JP3wdS6CtvMe|S66Uc!*cB0Mdg`CX!U5cscRDbc){#_CaA08iCgyw_6XgR@~DyL zCcvo-*7?t_|Elp)S{ORken;7Nv(nI>u?SF`=0tZR5VySR#i*CfNu393paq9O7wnu#80B0q`LUxBw*rchV>69L9l zmJxg{S#8^$Gcsq&Yt@?(RirM2uw*FL%^%@&*R_8~B%oIK;Pw2jRLbS7eGZvPkYe_9i$R(WP=D?MAq!9of9;`OvUt^olNI2M&c*bP53JjY(erXoEp}+PtvKvn;9&+MNZ)p4m zSHs(G`e1@oz}WbXBx^d4POmwzuLS?{m+6}m3ew0UaECFR+!B{5;y2@zxANhH{X$8O z^EiB&l>F+il(%T@&@fCs>@Ii(VnsLcn}L}sll!$NO(;q|Gr0|D4`?;4kxZ9Yjvg)1+U@L+#f#=%Nx}MBs@1ZDJq29>7+O zgfE2g8O%#4P!*ZDCCJ>wO}v!)NW0gExG*ql0)!bynx?=-49I&?#{>Dn2N9k8M+VBw zlT<7aK}Sa$Z`7d9kex-@vR_D|EFNdwn**KaxX5M?wx+|Oem{+2GmAPVQ<${ZSR}Hp zFj@~gs~7VW*EKVshQI_&FJQ7=RjI*qAMLVbyg$>^YwTnABc;MfNosH1$=riwYFHC%lU3Q#{mqv4DviC-BtQ9N&`cMe0& z(^IfR{o(2^dPcT{tJgSFfW_jcOWR`96brM)ej&naI(l+T7(5B(J44ws9LPW8>erYl zsI&eBtUasbUIybkRXu zSvdip)RcINz`}G*trfzGpD*{=_F|7lC}UpWd*}3_j-3jK?BjqgR3co z1}{*!;LMaE@nGPrOgT-eH8`Bo_p<9o>1PFn6Ua3vMc!`!(5#NmX2UqvPlTuC@eZ^q z(+u*6EhnXL($>@8KszA$3s9HrXhri=(M&G~Phu(RpnFeHj!#+faSn_nV-}ewnte!a zrhVeoU208~!?K`pI95_OY6=V&&%WP$TS_pVRP;U)A((ob^|u2O!c5BWw8}tO)Z_cj zJIh~(r_A!mcqxzBXo(%>uu*^LTt3EFF0Y5pR@C{-}yI~L!7mF^icyLFU<{0*iul* z$e5iatAl`3BZ_sAMDG)H{0t`$0aW%&sxnL&DSXq6_{@*Ei*%?(=+$XOy)L9pQdOp| z=Dz?MZ52HJ4^-AJ(2x-L#i@B$M3!p^?AYM=C%q)sQ)sgT$P6@wJ@fv_k>ZKeAEFKq zY>^#NLbEt_bMC9#ZkB?(_#bgpbPd3IQw&()f#&H!?D)kV-TS|Ryrl8O)Nxf7jJ+XE zEAp0+#<_KrQ`Imn0Nzc|D;D5U@G5ciadkb^cr*fFT3x9N=h&J)DS{O6Av?A;L%Oi; zob5fw+QR3|n@Y={QVXHtip?jVTGNtHxqNXddc?kvSsCMGl!Z@iAxmvry8#dOsXCetaH59i{7Q5T(r9BhqO7d!2~BN_()3)GSaT4-0;~ z2T@ji8$8P~{tKx2w}laYHjKZ!y!W>k&E*4_`y%cN?M`@UXrdO_IDz4jWlp|bA@IjT zN=%%MylC3w(|uu02~prOnz;HDJ=+2CTL`Eu(q!pn7bK{s4a)aqDQgUYDZi2ktK-4G zyy3D&OPaAy0smS3#wW6po9|FkhFBz{6TVH#ekZA&QOo6W$%fxMW*kaM0a?%@Ai8B+ zPwPXO#{NY}wNjLGU@?fV>h4gFi1c(#m!|Q1r|ir?Y3mHbJKHd(E31l!r1gS(?%IXQ z?!lYt)h*#osTRT(MY0bFB04qNAL@O#D79WsY3t8dmn4e{BfLoIl%!!Pfh^nSw4Xmj z5knY!!i){^t?gQd_7(1G1#mZtpW-f_Zb0?LJSjT;JEdirz$brg4Zy+Gq^Gb)Cfexf zQMiN{VeX3wJ>s?YzHEO{>&M`QNEO}_STeNZ^tA4~zz_n(Z|R{(lS!BUOu;Cd9!+n9 zT1a6N6fs9FQ@qJK;4=M5t>d6}7$ zE0Ov$v<^-}RBb}0q-l|yzZoMu-NBi@a^cSAnPvNOA3}q?P4MU4u=BQXLOb^xrduQa zj}X@029x!P)~(1Lm;@`%R0I_3D9-W^hA6mP!Kd1s6(pUrr5ezGd%LOq7Sm;KhUB)A zg{#yVnnMQ*U_Vw`xdDX*xNk`Gr4B~CrIsUTbDFe^Zwh26v5^+7)eeb!yWvXDSnvn@ z8J|dZ;<4@2B^iJB%&S8Rs zGK}^vIyI37QL>f^;i{}$JNg$)S9Exde@TbI%^P|Tacc#P4V(wt8I*L;e4_O;+o4c6 zI=f4&EjTx=x@U_m8(3)m3e-tBIYvlSHXzr*@n2+IWx^jWz*V*8F#)9HE^uA>ZBM>* z2pp1(xw;zbW#0p)T-nzJj#IhTKJyN}i3!)0ril@2yY~`D=Ki?A6?*jQg@YkPU2Gfh z`Nprc$T$Z@!NgwkUa*B`2|3}-HDxyYDlb1)ZJS~+w@5{mWkn#}3 ze7OApuI=U!^L*rS-U-*~+J?`>R2 zZl`R;qk0`dg|gla4Cz}&VApijzN2S$4Xy}IaF)z3d=}@Gbd+c&}8X!pJ+0eJ{oUK|zIe`EJn&-zA!g*_W^_T$b z=sK+}p{R=9P%ZkHQXN{5BFf%a+i&2J%ZLhyp6aleCfDt4NEJ9- z!zWh{0TmhQ~z+uz4=MP3?P6-wAJhSzSwiv*?#L+LJa{f_?8)uy|29@1|YyVjqfAYu~kZtcqC-^GgrH&@o z?3>P5I5cC>^K)>y{BNcd&6&RL8BkKSZg-1P2^Hw?ejSPyAlJ26 zWdd_M`9L&lilwqXNLlHYY6{i=nG!OF)wH&}|+a!0y3JfFE+UL#2zXj?MIgoQLSVVJJJW38 zePl&=-n6Zb;4Hf82!C4R*~jJRTqeZ>4qfRqkI~OEMb?q#Dtea*8T0IG?vt$Mg1Fo7 z0%az3=;PcTX5Uu@q z$9*+%_!@BqT$wtUiLu@;@1BS z^SdBctje$Ka}SAMypNNEm{P;sh0~sZ6?VBKBJHr&)v&>YAS>8rkknQ&75zp^UTlff z^z}?Iy1vkkWUI)q(^u>DAsF0%Q~6MHWEcT4U1I)>C%G;-9ef^0ya~-QKqsrn`4^xK zc@Uv*%ZE)QSCl=<9_(56x$wg}P#`vugae*fR@EiZ3)QQa5aoY@Gtd=M+_mX7UL&N{ z$@h80BMsPNb0 z3m-yMGZb?Ya&JeRG7+LyYrKUzbKH=a6;eCpDIOx@t`$c0Ym*DJY*Yv*O9v~!)!pgX z&m{3-F`YN)ij=w9DhKV`o8C&szehQzx5iJ?A-{yN5Y;>e8d~#d**yXoHckO$cjyaM zy)#}};!Rvf^Zm-=i^V5DHe73^pa!TW&SXuqxAfnPB-ZPO-bw)hV0c1H6pSzK7E0# z+{y#;>Q8&LZrgT)XBNQ|uCElc(^@*m0fsP83QLw0(f!)LcQdgr4I*|B#=-$%nM_z* z7f$63k%j4F20jv#FS10Yw-=x!QXMD|j%g0!AfoWgpIv_pdB~aQB02eSsdnn=rvoyh zMbz7?O!?xP`&!1L8*VRXNyb_!^qDzS?gT~`{X7;FQ+g2x3ql~s5l)(7VX%C9%AhS< zC!sQ8V-QIKAQ)rsrZXD_U!Ir<94sVYqsO$mi9gxfPE#2i@lXz(eU1;srP5d1f7+DpyUBKB=$Vp?g=~FjdAXHo}q2b`saOzRy8)aGktJLTkVKK%h=)E&*TYscZ$?Cw-8+tN)S`4&Y(YAdX|Q%p1`% zH?}?K_b+4m3ux%WKR1{y-MRJJfNA9AvSn)d%M6>2po+5+|pYprzjJBL=o*r3^C&VGxmQCcZ~-9q%83lWJp>UtsAy;0Aa?ZS zs+fC7sGV@ACJ>D()`s(Zc;$qL%A~g~>3rNS*m`Z|8YBp_bnUo9p%fvJN;~W<_6u~5 zO?%b^VX+pqRqUPFcaUH7e@Q!{MPa>&M&-4kxlKlYL@auwmNoqpv;{Vj(U<@9X$D*9 zZaZaX9EV7v=x&pPG&yWo z@+%{OIEWXi`4;I=ns)z9CYpJz+1sw?Irz1wi-@Hs^+r9Gzfw@CJfS}!LA(#D2bI?4 za~~9{H3K)xUT!Z9ADtSOc*iY3lE4?b=a`i`NnD(A$qN0=M=k$*vMVJhin3p%F+6$V zlBh1vRrisdJ{%<1(|+P6(3N$zb$esz0Uf|JvTd$}3md7Hj&;ulA>1B{z~2ZO)1(!R zr%{J6*uZrI7k{Y__+$Y&WVj;8HY!WmY85d=nF#YKk?D6aD`x5aAJQtCqN35*&P|sT zQ>i45mgNAM{c=CtGLMZ(fXcWjRQ6o6z6mc#+?>7(9L+#QwDyGMS8rdt^Kf*(GFUb1 z0@2sFIKY-@4Meh69CA&Cn>tfj40?4AiHHi1hH_hw11GmCvX*0>$mbuKYJ3laZoj_) zTUy!rdB-B~_z93Uo;z5hdnLcRJ4M$ELH)QR)+}uom!(J{@(?1rmI~--6cAT-XeN$c zoKwZ}Hm)p3F}JLGM#m7^yZ=olu92=dDlxX~=B#=%hUhKZH)hXP+|NQY28Y!dPyuF} zT4Xay5HK_p8-pxIDB$mPQ;=k*I3jO4>Gvv+W=+ku#;-uJyaY1%8C;FZ1*=?lF2#8kdYp$=Hhl{6%cruR(1~I+hP&} zskv!cZ&J1k5MR!(8K#v$pR^o?{kM2<`F6gdQ;V`{S6!LOLb^QqCE~-m#g*50E20HgvuM$XY0N7&n#Ie!wX*5g*dD-ac*EWQca!y z&Uyc656j4|M%T5m8@Dm+aGx{0@DZ|LUEeh&SPC<;*Tb z_310+cBa8qU?x)nNr;9^Ms9Yj)?=%47+=0Pfm{Ulq=rLjZ^NDzF#Qy@D6FnhfW1CV z;%pw%*&xU|9Y?dx?fq6DOqb=6IBPG_YD6gZ5s!3#duB(glo zKVq^Xtj$T)002WmYznCKDspp?u{m&+c#h}?`z`&WkXQoCV_H&l@!|ta`1R4|d$bWT z6=Uu&4=_ehMj^$~Hmp`j(Nb1PNw=|yQsY+Tb%8|^|X6WqxVk~q&o znuI2saZT26pCQi~IdO1*VRnnFJ=?*i%Wj5#!Kycg0(_Hb!G)kRp}Z;KtdME#4ogO0 zP0OBfW@WWfInj+>AGwYqxSqQ*Tl{(YJ=e~|_o!k6FDaXXrFfY>t$2_uw49p%?4SIl5qnkM zZVlE_RRvcnv%Q3=qdnC^&z}`oT+z|v+gG0)fqfD-7FO?E7Z!WmLe%!_@27OjsoNJt zT9Tz)zM2tXZXW|T{{oU8O6savBRcaJf2&c`bj`)&F_(mo*_@_y{{;{~NwYdUfIhxj zx(wx|QpCMn%GV>1(EkhYyexa@5BLk1s2cmT^beZ%*;~;VPEtpEv@GUhaonR_oL)*1 z+q$P~uiT&&J)5-54%Ky5 z{Xg`*5p+pLTcUz>FU=OEdK0%yzR)EyDKwK%G!XGz7?^X=0>4KpN1d?*$ggM-{Wd<> zRW5#a61n#7;IH2cvwVqc&V&UyY7Uw^N>3S!6fm`&h!rY)WqT!%lDuxQlr;iOUd@j7 zcqbO&*uF9Gn^Z=3&6Wk4_l%aoJIC;2Xkbs`yaCh@jV8Z&bMcF(qRnkP7QpOEbbyum- z%|9QJ)8L2LHQcXP+ZfkEo7U$oJT-1D%DMjHM})Qk+VVC*%|}|! zZk%+!8T~0T_;?=}B%WcuFmx-|r!4TaY9aTCK3+#8byc@vkp+;aXDXIX@|#~cWd{;n z;-qY**^ZTx_o$X6n+*)|vKJ83tXaM-Yj`53tTlQYf}!OQZ9MwaXJ+MMf)&)$cmklq zB;!h-49g3J#z%KQdeJ`7|JqatAhJ6Qt|29j8SSzyCWZZ2D5X*@l>pyoI0~bh9)hBd z4Wc#cBa1%IzOM}`ITy|3Yd(Zp8V(!R$t?l0g4bpd@ByL~;s zV1fJ7Kz$aD$w99!X+a!1-1Z(iEu0xs=UDKz>WL!Gc#B?Mjm5kNmpfz6_%0uN+V)G@ zKfHZL^Z)C-0qL+h5v$W0B+@u?;T#SfKq>9Bf5`|nuUogkfxs($iX*Yb#ap5PPi;YkIhND>+7xk|>{C+8?aKO2{l5~wMn#G7~sXZD0>npFwzFM@!TBHb;K zxw-euW5ri9ntoB|DnyY&3|BQI83MUpq%{h2w7S+vnv3|Cgd>n(PRkO05y;9}H5u6P zg6JAl+qT2CKX^aV^SZA>lC;jgfH9KiMXOWXCf44@Hk~uIgVNLWPotUW)@@)bz4}KR zWhNH=bwB-pjG+FdqP~3jeRq}p8iS+x64ygC*^O1#7<&j=TIe~fY3obOzei`L16mTQ z=$42zPX|;%-}IBu4S#VP0a0F-|3l})1h!d3u-~Xd942D$4CR;|T44yOfLF9an~l-9 zB1x8pO~Q{+PF+xms_s|hzbh)b6Frqu5n?=Ri~AKWSB%?Je1%-=r9oZcjGPp!Kh>~;6Nc|OPjC903jHeAh9^ypKGmrWbu|S^BcP+ zQS}y!5mCe+ES6e zQEbNUbK07~NnUzVn+LnIs0maztsm-SS~=xr^F5YNT~FnBNA^7=gp1PAazjrQI<&Oc zoc?(f#HLFinugIA}li-v4-q z?dCtqZ**j(dfudflzm$zs0mnk3wOcm4+8@bn5196$}-RQPEYJ!AcBjmw664h-GwOh zZ~nwHs!QTS=1`wd8e4N*V?XgYzWKuv#!8r*@CKGb7)3q!YSsYJn**$P2}sEp8lx+Q zP(d_3unVG--sF!gAf`6H@hW_rYBZz>7-y}ZkS&AUs*1D0<$+(=KM}tG19*?V7}mh; zma0GfOs*1NWR19`I)ZscAAV{7Pmce#`}*Y_xS!cQ4dLs5)^(DuRB-tCO*qidn{3rd zNYA{fuIH@zoc0;5N?~P551Jk$PJ0k;!TQv%=%4t=1P1ueT)P6?}HQL}DDiK!~RSnwq=4-W0 zU0gGIiZY_MM|xV1j<+)WDCAI3NK$Pz16BQG*O$tC&7vN8Zh=j>n$K}ouUNtb?{sGB zaaBNWuC5Fj4H6!t8AWfAU_7!!9^di2Pbl_1s;rHLsfm-9C%OC-oLA#qY+hB|J@srj zhNZ0IAA4LsgIM}`t>i?P5|#`S%0H%2l|tonIYWAPNBm3g)lvSiGpUca-qR9skbNW> zrnUi0v4DaIKwThr-xo1TKZuGFvy;DLuQH#1?oTLl2{qekYkXSQBv)Id%bh>MX_oe| zTO=kl7A6XfNks;6?G`=up0_egjLfz zrrw_4c_og_Nqe%1SkWX@wQTuo=QqF8T|+mBF|a$Or8Z3;g{fE1j^d_+kx zKp*Zq3Z_wt{0sOAP=x{VUJNqgJ1SO-&1%s#s3#$Ei6eYigpl`aCdLQ~@WZS4R)6)# z$D6IP@c9ZSf>G2y{B5yLM9ueza3PnEN1yp7{O6bduKA4n7J+0F5o9}Opa#dFxO|%vE2J12h?(ny8-aGhl zTRh0+pm9G~N?!|EZ|N+$Qpip7QMiF9D0#P{wCc|q2~Q7tOD`3@COdB7!_hZs;zV3( z$0V#yn7*|vx(e4AsA}#Dja5eZG*MI>x46VRYL&SKRxs}Alv(peYWeLDF2N?x-R=i1 z@sm2LlvZ?)pT%>(SqDft%bLx7)~4(j$S=oiLA>WzK{QE+uE`e$5zL)=X98 zyTRQ&{4dB)hj(|+#PcL>7{>gpLHn64z%te}|A6R}VoK$jl9b#34(q1%f}bTjws(}< z)8;D*`&lTG6A(8E-ic31QSUGvy?~ikuFmggsO%(oJ7{cT8a?KX7N-5 zaN^b$!o|CpsK?Xw)1Z7S2kj*v9A+%)N8zZxiT9lGGq^=QO_DZk)VdnE+5XnuLtB8t zv#v2y9ngVO{RD-eS2Qah3r^L0*E#0?mM}7Ai_$+Ec(GoOpy`5-g#8c(Z9ySk;@eBC z_H!i17kTccLjJ_cB*$C9@ts~!A2)>tDvE1k~X(BRE(VAs-;Uv20~X|!F|6) z(y^OdfoCbh8|⩔pfw&vWe^Us8>Pe&2ETFPXHm*GO;2Xm6MHT39lpFLXve}iq-=7 zz2h1uYlAIlftu==)<>eAU*rSw7B9%M3vE+J@g}{5XJ-!b@Ms(IyZ2EzK{2O$6qc&V zstqY*qLH$0*06ia{BsRzciep?j{RW`@lE7K!_iPH>eblCQKlM3Rz_h}rP(?oC*NQyT1R3s5%_L8&jti zxDXmzJ`T^oQ6UY~(=g9Mq#x>6U9Y(dPt1Ecg(K z{zsSE+d)DqyMu4iBrq|nyTZ{=qf*Tw?cY-!`S94x-m=MqX>j`Eh6u^Ke|$_0&}PgD zlj%NjqK1)MAg@GhXpyWo=m;j)v`kTip@6qi+fx6NKxrnsX>UG|%ScGR(hqaa7C-wP zKbW4+Kk*a>{+yk@d`@M6FSqxsdm{axJ+Mw^`wl_KlK6=3Uw{FvqCHkaC2zO8#EmpS zuQ^|ZZd}Ml{ zh{u3_VfR3%I*nS#Ypjxr{4Z!nBJ(Va4e~xm68|i|IByW-+rvWp=*d%H%&ohTtNX}R zh=ayYk-ztVEq^?{d*wi z*1UA~o-%kK?hZ#PB3jTm3g{|FwdHlP#zb}et88pIr zvagN0SjpA{^s;)GkIT1OWYK%YIcT}sSq!hHrbK<78~f0z>t_}8U6B$jd2Z9(dmNpO zB@$k}Ca|&yl@%c@IAk*pfbHx{U@CBkWzDJYGj+IW$0_ZuColn#uV;3*Al zwt@M|K>9Yw=xv%*FjE7%CRVuZKW4I2C3y)d3iC3XV%xTw@Q96}rvw5wldh5kpOi%o z6qQ?k3CWk;Fs1*_?RE<7P_!$nze*pw<|H->k^oRThY%l8IjQtJzW}#vpABnfIrhuvM7$b}%l?`G@b$8?0 zdbrZ^^?jY?n~Ro;CU0#qQH&xZvZ4LYkfW=ylV${sY0U4xF#*x7&QNFeuKXSug$=qa z(WK%`sv%!0ly zUh20R7WV9x^{v>$Cuhx0tEMXkXe@-0V-qOl`%Q)KA52Y*)li&109NLPlDBE31T4K) zWK|{h>7G?^)#$p{b3fTu zyLiC{l_>rNWPCd(yrR*fy8-+9AtTe(oibc4Em58adtDd2JpU_1-BJa+!r!9eZa4(w z;+%P+T$xffeMteF5~FgS2-I%R#$at(6fM6dKWl#WmkZ>MHV;X0wFsQ$=?)XhZ@<)$ zZND?lKXto(id!LqZ{Lrg$N+QzVQ4z}P%u8j<_fe)p0pEdkkMLuAUP{0H<)Ks(6p?F z1O@6My}Rd^ulE3E^f4`7!!;4=%_J+h)S#Vp`GnlAx$zzpbRO@oQTCAY8@)|W`dM*7 zsy4=j)g4>J-N|s!Scf9zV+ATv+M=~U0(?Ub&}wt}V)A~Z2LyjbTULa}a5|ZF?J3#! z@RK$HWAE@EAHQaU;%9YzklVGSow-OD;+DQEC;tCw9IVcfz!@O1}O^ek+o%Lsq&2r*JIfEYmM;*yk|Qu=Amh zH&YqKj3h41(hGZglzC-ZE>p(ux%OB1NuT`-)lvldA zEv&hh8nkW44pdT;=tIHl^h+vm3#2v9Uq)i%D$ARL&3cHXRo4ePq7!obl)4~A3rjm4 zXk`rpl4h&m*4F%UF>qbj@wJ2lva0rMnNts4eGXu)6f5R`{^E*;M6gTUtoI#H(EG6w z!LlPre$j5oJrpCw=DIMfcaKPs_o^#pEOLSscK_EejM2Q)T$kHCiSheFf!$Ep!zgIm8kbc+vAQD>Ckw7mQA9! z4U2X@=XVsXFMU*N>?~rF7zJx2Op4aX$!)`CW_vj4?@Ph!_@$ZnUC;e-# zqXRk?Dqe{VhgOnXV?FxTaj;1~%Lp>*NY!amdi6?}`I*Eev1%*4>(O3$^sE05o(WIM zxY5Q1mPZrvn08$AMcoiIO8BZ$+G+-uAf}6>qYpuQ5_O!olXFNnOc_R89i}w9Q7yhn ziwwGsa=1P5%>LNi5faui)&w1RvE;*j8t#eZTxRkz1twQdP%9T&%(@rl4lb6O!qh;2 zGQ|lCp!<0p+*a-TblWlNv((mUc6W)+F*Z+pdL&pxu>{P%L#W#g#O=l?siG z69HdTTB6H%r7-2P)>AlQ;XRq{BqR|Ui>9>!YwCBS0@tc-v>9EQz98D-HaCL&RJCyi zH-p&EQM4F9-4rm7H&fSSb?80VW$$<1x%p?c#xc~FOLqg)p$YV1@gF9IwP*c{VdI{J zN(M=H{fTO7_23g4#rcVUn?%D;R zCl7@F^sq(d=`lg|yGPRi9jze+Txo|?w#t!j1nkXV-{j`~twH>Ddrs> zqD|Ku!la3VmK`xbR8mw5yLXVlWwCc_3Tx_~sBws+Qf<_VfvQ!Fl)A`6)9#2G=)zI% znjH~UB%P4BamV5jyDZ6`?j17~`jJA5RcmCceK@MUMXiNy+Kv4rND@bOe!1tKjs5V; z=+}9%nnq(&Dt24F*oG|+A?5sl0BqO=TZNP4O5q{W=pyVxaTr7s&Kn0=ptGKF2ACZB zz(MAR%XOImemK|9r7g?&@-^OEAwkQq1O<-N!Y6~6!HIndNN5fQfIYQ<*{{72_@K~O zX4K{C3d^7A16$dYNG^RPve~RK7>p88e1xXQArar{A&;LpozeUEcma0dFa9bEk#|q!eLg`!b z@48t9D4+lU-L8>KtEbzPscj3xWXQ48hP&%5F?T9FjsMUm$XtM`*D3ShX1>QW$4q6)LC@%e2O74@b3gXG<$ zXLtMaA4ZG0Wc0Y79iKofu9*KYZn?H##`Dyx>Zg1U(BVj2+w>gf;CYHzrj`6k?j zs##lH>lAu+N|s(hQ96LzD@ zHkX$eA=9$$VKOxcJ=0c+vF@H3(6wRb2k$ASuMGMm*OM(CX-T zblq&{Fc;=*eU&r)Ood_v-n{`Gs><$>4DMT=#MmNj%Lbvr6OL>k1bU~1uJeF;0So}E zI{8+G^{&!`(q~%#@SjrgAwM_sxF4hVr1W@K;~*qVmvZ*8tQw#ItP1l5z?0-3tZCr{ z{G@|`>_mbMzw45IL-g@lMFT2emJ_kQgzlDh*P-~2SDX1D$(QHZr)epO59PPW&uS0C zBDTHoD>dfcw7q{3I*hv{jC&7A=0&3uZUTJ$K`ltmxIgqg=@IhoPaGO*Aa*Cp{^Wm- zB@g-z0I!YGQk!6cQ{j_ZtDA1p5SdKIt#(^=?f@pG2N(Tsja-`89HA!Kf$!aME>XF- z)9l6^v0Kc%bVLN)%gPj8k%`>SiCF7z?d?|iW#|>igLXQYo>PgHz#A&a|&%3kP zGqTIcp^!({tU3`y3|gDN`seV2g4v}W!fUE-4w_oW!K}N&S>pJRU5ECFMRdLM%N<>J z7-Z(zN-11u&#zwN*8t7$mcQwg2IF^*mZ@owzGK;=HI)kjJ4Pq9oaKtwH=4HMpY`H4 zSY=>dMZaMDbV{IBujvjws)Ga^^1|Q41ewBB%cDe#%l1HaH|X9o)l}eAP7z@dVxyH- z*KDyq(})9bal-esp$h4&7Q==NrbCg%&#qL@yYz^wdG^CS8l5a}X;TOKIC=cv`e;kNqa`SjfH6(QTE6bp$VN0t&TcSSAq@b5@fd?ZLKh~qgAPKA?hWrpxLTfT zgv#sQYDTH)x_#N%pcSI#Mog;DE;U46`S~KKSX+P5q@2DCEkq_8fqu&?=6Oux4_!D! zKU}~ftgpHy9RNoNA~`b+EKzFm&1(-i58U4)bbd0W{)wmUJu104&QslX)+u7OfH2NR z;X;R9@u3$@D@nt4zy_)S;S`!RSL%$N;)cQ6%I%UvBn>tA!rLgxQ-!}xipYVlab8hY z1mVZ>?a{x+49e$z^CxVKW-L{kW>wY0-Rr*76!60(dpJ_hAR!A8<+KfJ83C%Yme#Lb zrd(0hpopSNnYsrjDV(=d-slpt=|0RdLJfiw<#>iOU*)>W#dh#zkc+wvK5{)ih3X)V z>-KwEtVKCTpGy^rHYH9dhHVXY^6G5vtGkFJ)~p1o!UX_e<&rkR+o*Q#kd&LZv=XT7 zKDXH?yvlaI$onJp$}(|*R@Ju=JM+Vp_}b@Ul-4pz)HWh0ywiL%)g%Jy06O=qa1F$X z51HHB_5P4dh!rc6?(QC~73jh(%U946-E5kUSVlBnSo>-v683|STz>vYmH{S$ga=*W z${)69`R>0nY%$v)Rp(^K#o#V;P|mLB{{p%P3OkT4`@*-seb=YKLZ~0}h%M}oAWxAH z&#+uW;SGq_GNbvk+at6qd|7JO_Xs&RPIZpK8r|`~wzwTJmwE1^UpEL;$97c-UmZDB znqa)D=lj{FR|^Z8$3;4YA&JzNcPB3Xk`i&DMoh-OW5ScDHW(XFCk9MaQU4(0e74YbqpNpSv;0%*?O!l4cD;sr0% zNmq_o*0#4BOgCn})hoDV;)WO`M- zhLm@y2A0E~JB$07Z}}kU&&TH-GW{~*Abg@W9T@;Tn`3I5y<#`C@DgqFP*zSIYNrV7Rj zAARqEA7c#HecAWU7(`ZO#|f;IL>jAV)pm%!txW0kQk}sjA}26>!JN1R5nICd_ z!?_wQ1>RGjjChDqeHI$Nr68~@ONC`nH#5`H#+jywFPkLdBp~aV6919mF$t33Ytnjg zZt-#{n!M)g&n_ankW|UBqi+j1UAhr}0jL=2372<^WB!W&hp}^tj&uvVb;Y*XK_{K0 zV!LD8wr$(CZQJe`72CGWPWL|f&)EAvx96rV>Y~P2->Prnedl~;IOPoM@P6tYb-GJ% z?p{PEbgj__ckAgl|H0ANj;a+lx)d%LS3Y(jx*rAAhT7fTCxC_6m45)FeH76e)hkpR zOX}J0JpUC4TyrTSXiDW!!Qt;ZGwn~K5l&g|rF8R=qc~M_4I#ZT$<+yxQ7E!0J7BV? z&2!BR4xjx&gbwXijbV+;nq98Hu%l|Mvv|v`v0S=dA~M?0K7_l?1Ar5)a?G7}gYg*#ABR8GM_8Fq-ZOu_B z)-~rAer4TQeNMC4uh=wsH=mEF%GkVtZXp(EZn`Je&4@}oyJj7g;|5L#FX?`vAt#^0 zXd8-vEq8HZN*d5q->x)5N8H3^ec-TNsP;G1*nxt=LfEVwCgL-T4$ju|VaETEk_gQm zta}uERt*sG0T`At9X^!~2meG}=(D#7OStK-k)4tjs9M#ZAaoft(m}1fB0H^td)^H( zaXx8nI%OG|H;WzIuW_cHw21Z!^S0LT;q`mi>huX;zH|IHCDs%Lx>4iEQrGl`j~SCY z5G;b0m2yqfLX|47W+=r>1L7Zn-=}fae+z)(1$Hj#a(hISS((A~k+?2dMn@6PBI0Su z(!kG_OD#9KgWG~Jr4fm9gd$ar>`|trGo-fQ9@+4;QZP^GyUaQQczU#XEVP=tGNc+) zNs~9|EH|ED;_^@;+W>n3S(SyYsMWga`NMoT!M?|B4jBZCr(eM=P*97ZysPdkDp zo{6#lw^VZ5T#R*7c?2~DJyY5ILLizb6JXo+8oEMf3_H7lcTmhFd~>$YzF2g%k-Yfx zWxYft_k20XN)4v-%e7_rl`^@O}@QYYw_c+N+N4xekTDYJ7G%p*m*9GB>UYM3&LefZ{%n84&tlKh850 zDQ)|U*UCa4s@9otKFIb*YpjO=X0G+SqE-=ak@T2!D-xn}5TOJZOx++JG7MflSzVdh zox&Z0yI^pH&AEoQVH)o!26{GPz#`PDKVlSl`1_Cl<`zFxq1)B^oL;pAjeo|_)9rxgs~rxkN`I{z^hg9CXW}C;^8^?3T+#)?((+Z3w~#D#aoop<3wc(+t4{o6f-{0pInvnm2+IY1U}@bF zPTG%b`1}MmVr0p6;Yp$1Ln?gMq2AzcIKZfff7$x~+b`xQ=DY&JWCEb-3N@cHVdr9{ zS3~{*Q0?ZG31CAwxg0ZlstGma1T zgs?5AqX{W_VSCg*;v8&fq^!u1O`}|jYCZ@zz*1>j6Zz0xKyAPVIqaXgXP9RLwavMN$LYaDBdE*TlVnYVMdA7E<&IYqY{I>G@d@oz=c0^9Q)I}6^*a~O9FTX$GGCGxR|(P6Ymg220C?LIZ61+ z+GBn^H~|Nm=akvjRoq6=9eml#0Y4Rq3-~=sJS;)K<+-QaX3<+Q1ZUb6Ya=!A8RMcu zywYugrNZ2-aE*yEiRu0YUXP%#x#@+!6ZOOYcS!dPvDMk7e-at(h5$fuPF|4$m70?; z(u^LP#%c7mU0hPc6zHtQyrthrtA9n7(Tg1rT#+FU?w>rJmN(ud3>H*vP7oODn@*x2 z$2z>duQuR%A##Nx~wUuy}mQ z?q9ylx#v-neV>>5t&e9Dv^ zjD0@0!$%u$^w<@WTS^|_QfoZIKLNQ69FsK6 z(654+Xz3q8^xq?~6??V2xg|zPZbR!nL0vIBgX)M+;5b&W3AWBoptuw@WV;S{3Mkx< zP^Hf$na<7qnY-&y=O>#=r}WI82swI2sbBHc#I_~WeZ&%MU2#reLwTjKeF*(1VqpnW zID?S@S@ViCZrA%6EW=I_4L2|7PB8pA@GyT68VWiTskWy(w^pfZ#%yHcNR7$!CCeL~ zBi?+HGdy*`t*P6l7_eSZs+lq_*DSH@!+oomXD!{68~78TQV}iPQR<37WGRpDie>C* z?4r@d!ob7JcpAK-pM;vo$W_%cT?LScdX43gs(J2(AH>!E9ix?snr-L+6I^~)A5<(5 zq8PisuA8Gmo?~X|`H+q>H!Cg1lyiWCzrO(M(;WLz^AQ^xsqA?8Q*^Ei_>xg2IXASlDalS#datk$Li0 zsBcX<>F)VekG3KUXXuv(`IGuy&`n)qw^Wl5Fz`ro<4aT-4qZjRDJgopI=DcJGkH-?5eYtdK< z)p^M=MlE+>OvK$ky<%4KB#sp--0{}^lET=;6qw;4pZX+y25bd=>gkNQ!4z#Zjb8+5 zQJ)#1dIv`y@Bae`QM~99Af%jn)2x=w{*q>OBO?ZiPc;$4IcwiVbOh8UqCHY5z0g0) z$>xz%6VvezaE+C5F#dq;w<*WFriu^HPCVYXvHHZX=Bn10v~1lr?uEZTr^4?aon$pq zSWhAgQBLil=EdD>%Ez_lfhb6oG`P{s#c*T!)9rlj>}>*CG)^H;NgSGck&r z{fOylzc?6Zz$Tog<^0ysxCQitav<9QDC?P%K2pP(Xb8W*)hlpJLbIWi!U|lIr z)mBG-e-6s4vV&1#7`!$)s_+Pn?T54g)*9(Jd7>E&G;!8Y^)Cml>~aTcI%#Py+?W&q ztLJNt6@r^BdziS+`+Qv{#Ue|DYIkh=?pBB%^dU5sJx4C$vs}zq4E3*FgHaCl*R@%(Eb5HqhkANrRU8@wn8qWa#7wT=4~Li?46pK=PQAM z9-cGwqG`Y*YwNJ7yV)-J<9ha<>M$u-RE4*un$ZhJmlIZ!dva%Kd7k3p&-=l zTSTQ18#FL`@<;{&HR27h7>y~rHRseA^lnt)FgbvMto-s18nV6R9w$9{Ul1t6_gc)0 z>p8u2>^b!j3I}L_Y^qGE=}trO+-ss>VIy0irm>)2D(v8$0+!h8yx^JH^98E--`EQ5 zWj$U*3`A}ApG*Cjgw+=fb8S4TE524zaiNVHb?otI1rm5^te>8^`%_*At8buuFmjz&w{EMA)R%h)q ze1qa$x_+A$yv}Buj55>-x%+zC@6Z;v+I$YW0E%?Z%&@4QZs$pY=esV=lbJpsd7x)A z4Ah4Pz=3C*0Kx^peoZ37lyyQ9WI>>WPl4g%d`ZMr9 za_ANWRDH|4zZeXXS{64CJO(LF43Fibo?TAUx3H(sE!Td4jQdP@yTlQZYg39FjE8M- zEid%)jtc6*rbpQM13rSO6fcc(9wCY^uyjzHa1hGX?Q0|*XaRbm+a3xu)4t+Uf}wbf zDkk;|4tK$lYu6hlYc2sOTI9x#IyH7_yhAp#YY+);$b(L|vV(Q_)YSV}e)H6ll`K76 zbkX!lx776#2wks^gLPV^U=1y-^lK!1u!?hT#Nb(~1){8rQ$mH#%(|16Okn|f5Wyv= z_wDw6hGh$@JbK(_MhCTSmR@6bS!Ll)JXRi&w#_B26rR&EGOC3Z4V(@g9kJ75h%Xa;r_p_Yf%;gHxY46iHD*Y>2|e!2lj9q^|UO zNoxrzisxCruh2PXcP`&kgTf!r!VzuN)h_3iEx^utDq{J{gz3YQVHmktVKm_0ki2s7 zF{ZU%&XN8kej2nOx&mb`MsD+rEd6TZ=qt_NuISQmQxEGPNE&J{SGBFdzetzW(zgiU zU~?0^8QORd%9EJhLdfupPc<5@wa%i#D^0uV-)I|@`wvv#d13I+P~CAQ29kvf91(;= z_7}942;}#3qqXD2|CL&8jS7Yd=aaSm=@93o7U;Bl?yaT?OHsW0tM&*zm236uWpd~egL&4E?!BYg}D&xM9ko^i^qA;@!ddccku~N6#KLuERUNxYWy8ls%kjMe5U*jeygyveD=tkJC zZ4<+j{PMcLWWb{%iLc_!YlF$PLo!UY5Dln?A&2i(6)@qd?O-7w?`N|58?lZIR_XdO zn%WlR#Tmruy6EEV7LX!}1VvP>xFma@*M5%K!cL{#YrjHWj6q!d<&8qhm9SsegZ+C3 zK`Vep))gD_9rbtI{QYr&5l*Qz_#bW$f;XtqTjDDav&RpmJo5v3`jZ||7fQv2*kEFg z6Ax5&7uV>4RO<XIq&;0Ls4%0C@bs67R+1srSi;HeWc*uQ; ziPDL|Xdj`uYkh#Svml*AQ2EC))Rd?!`iQK(+KH^>!lzU z)k8bWzam4qsv+o_N{tcB7iYS%H}y!9np}{hVIc^@GYwPlOR8_R(FMYaTVZ>_{?!x# zqPkClfgXk0 zK?Es+m-PTw(^4ZknHRF8Q4cb174ULqSCdTbc1 z^YKItoG^L!Nj{N5@UnZ=5h8%RW`s#SDlJKm^%SdWH!Z5waaBLXzB4?%#n+}ND~H8} zGT?BjJK3Wq*xaZg3>FM`FLwqDXLI<++JMKt7{A3&m^MpTEnj{yd8X9SR)i4t81B!a^1nYn^YTAV@(^HJl_kJ>*tU(;bxY06% z8nOakQ7&hEh}^C2;Q|MsiHb!_yC0%fpxkG%E^)D9`FF512HI{43%cQEu#ZX&3(MM! z3cX+xH=gt*@MAbRUwTC?0uw~3SwWt^3d@bgrdRdwzs6-~b6(gC`4mloFr=QKLJ#{( zyjbk&gHss$SYUZ50))x(6mQitvGaG*6qU!)FfGp3f*R@0v3s|F%kuk9(ghwsZcWNK zqX@@}rw&kUUvzyFB6tz5vLmtbV=OT#Ky^-R<_TVWh`-)VY zQy*eLsmA#|!GH}TTSij~5!C8xL|FzE5@btPz@pmUGE1pdr%&jE%@}3Z{Tfl4!wMS2 znu?FQz^8j?6jSK~Pho)oSKn-FXOTpE72DbA2cUd7Z9E_f}qg{Xy-&eX@Q$ z*{FXJqwm!L`>j#BbnXagI;+;Kc_GMsVqApbh1_x|PTXZIY0@g5l@9Y;5gsyM`5(7D zmTpZlLrGH`@c6RM1oRjM&)Pjc{h^vnNEpdTyB5KNzyYD-?A_q-3K2{aEBEkAiB;0A z0foR?MrI0k4` z^O-Xqvr+Bz65U&-U$SN4YzlN-eeNj=eG%0V!P1mz@oeleAI}>{ZENSKGX#N=F2SL@ zUIQrVJu=mt^5FWLK)Au}Q0d%Nel!0#8<`5Q+f>4)0&kO}{7QnkS`akllZbMnHp77D z2zF3?>Ny!*LtmkP!=~>XY-r9RAOV~rHU4ByJ;wAI$-1HlccB5%gEy-{QGIj<{RUI| zL1ViP?t)u2h2L2Lvlxb>Ql0UEfY(1>cFFIw$}cM1taa^M5f_oc-FpUCV|OvmIr?AXk(b?)3Iy3RmDW)^ZsH?DNUPr<(Tt%@dp(#B zB(VWgT;3&VZJ=}12@a`noL=S<=F$uRiLPbY$TYRstA*WO;?DMR4d~so>n& z;JK^qI)~~}gReqrROPmg`-5@7)Tn+h_g}LK-^7&SnMA1*eix-ftvACq`-m)N9a>AN z{JY<<0{;VJER?XB6Bl|29@=-*%joAU28ek#+;cviNgHJwSNs7;)0Gbn6>B{AG(nKzchoGWVut@pbfx7Es8G~ve8m$w$VRB+0G?~&BQq| zYuv7>?{9?x+=xDM_*p{DabPZ<9&oTk0v5-Ln4=1pn;!ZCb=g(oAd+xTg}qS)kg>MxotB0*TX`I-+|7#8rd?_XKm9L^88Bls$i+!8JX zPZ&2?7h;{Qz708Cc;Y3_m++hL(wi11#z;X5R9yVn-@$6dx(P)CP^}I4hpS{;ddS|4 zHbofIhTX)CHViLgKl;64Mcpe~MyS-qmXXKhTCkH%=RIuOT;X4s=O;Y%jM9phkN;Bt zD?9Q*VLsUqYBTCH{qr)Z@HD|Bp;0I7a*N#a@KSrhk-ov^SkGverBrcK3QJhvB!_72 zG>UHCf`mKEcfw&3!2{qBQt%K0q`uRgI+5*h3P9^Wu8uqoqs0*{irvSwnoL@~$RDRbdw1 zV$34OPqerP7osoPt{PL@O{IFTC>_TzR-ii)5orM;0tKL6HzhD#*AMBtAHspX3n7Ik zPPO17gW{P|9ZenTEwVJtbev`wm|Q`oaTNCKcoM!j%H(h97W3@Ej7cZj7|mU*9t?G` zX3I)9`}CglH-Kt?Z>GuE?CH3&he!tfNFVP@Lw_j_|E;FX5S3DcIvXu!W#H zUCLcldxg4?r#0c-SYCEH*zRV_%`|)l)Y2Q`dWDlK{)(FJO?<^i(hTczuWTF(OxEVS7 zePST=!E1LcKQOC#o1wD@>X~rSzK8Bz&H;Uw z7t{?l=j>b7jYn2)2SrN@p7_2$~W zC;B-F4?_PFZm=-QUF_jx>{#Wgk?SxpkHxn?g{u5TeUu$uR9yCyJJYGpSnk%j&`}~$ z7cJw66+rS;Y`o$}-+$IBu3q22Z}8K=UV-u}MUp+`6)s~~;c;2s##BSx@%f3j`gZwW zZ-8_#y$tLw57zR=V^0ISdj#va)duG@69G5kLc@2uN*NqMI5DzVMos|vPtqug*^=mHBOjZ=4q*Bxp)&gA6g&t%k)k#T+#6)r1O-x~=g`d2n#FT?EPkTU*$x!ln}A>-iue zSg|i15iMhv8?6V-6tU(B50(X_=L~}joL3}dL&b#uzN3+PbrB=3p$HgpPXA2HGvyf8 zg-0S<_!@_KKnjhsvVkX@vMK96Dxr5lPyyk2Uz1(q9!0DHqu35`YKP0;|hfaFK1e zuETEo8wjk|;F6j0)VhmM!rXOCfT^$X*j!FK$ReSm2dmhC7iHl?IC7+3^VtBNEgIJhcXQ)Uk_7 zX=XC`)Da6lHKt(LoX*B*U$k-ZP8{TZ0fU#R`sPzibu+uC)CPKEa}N7YjR$6~KguEi z*nxhfmUuVG7lgf}p{UU4aXH!>W=c{^kZoP;Mrb_aL(xblc?uMoLXBsvj&a|>ILK0U zao#KTM;Y%3IHYgVV!V@f;7S>m>G6PTvGsZ=Wcum+tk>ROL0l(h1a_L6X~=T}cBm#F zYM)@mArs+=)ff_OoOoi$`I z&K%d|%biN9ueNIR67-5NeB`10ZK8lZu#IS%=UQ>>(Vg)V=X!PV6XicYP^*=#4wzcP z{$nH>fmrnBO1=dg>UfSUC~tLwCqneI)b_CGFnc_;5KJYP1{P{TNtDi8@+OzbwNJ6y zcDtF~ghG1-6B2Xnowtk~vNR1#^%^}ytN%l!h~`+&9Q9@JEgAuSQkG?E6!SH&vFVe9 zIu?d{hf(fn@ZsQ~q=RO2gJ08D&Ic}M1(^7^{1fv$ne;+MV!o}tvnnpmEoLq-Q%rW- z;F3sr8KzR9xEN(#*9=G-emsjxu%FW%G=Jb;(}^OXMW+8ohCLpv(m<6nx!5W!d$!Q(jtg_X zMG-ljU}K*CHTO?*pKeB9X{gv?8=9Uy?FQapai#z znL9FSS?A01QFxQEbUEu9z33z?2RlgvSjM|Sj(<=|Jk6zhcbX6E2l)2Ih67 zB~GRJfg_mA*FNs~xu;N#CBqQQl~$Ay0mbVMg)6IXy+4YNCl4ifZw&wTL%;X>gM(ikvxWT`a}fIX5YQs%I=Jdtu6FFRQZqos zAqpP$12L0+h;CfpplO6W1C`P>U&9JV9P=^l_o(#8s8v8};AQacX`LiH7P9+9Mdv<0tAU2s^p^89S5ag>6@nqZPDTR)-(u^$$ z4-cI35%A*I*}?if`FI`|)nN}JAQD@iGr@H4nRhowSaJEbA>vLhn8(p)ASsvVTq@xj zokx1`0V4UDpJKhRNoU?S6df)x`$v6>NOlP5l;vn>;8```J5|FYP1V)Gt<90~q-mQo zCJUWDRfWaKgb0Kdg)b_Kalny;uyO^jEDSx4j2Y37^nb)4YEVb$@a~LR$TXVs%?Fh= zPduCId6u-b8n>Vsw-%T;^F!(kmP;FbQ6XI7yj(HmwR4X$&Lb1yA`qOp$_P2q4D1z2 zCwyS|%6xlSQ`O~oPg%lwb&nNyk%PnO-u&!qOz$qR#5Hwfy7BD@qo+N`torYm&VMNw%i85hZ4}=1x^h!OAeor&% zCvzE{Iz(NQLwCqS!h&B#B~=BKVO~2uD`|377xM&h)UgGs-$LZT5doBKbnTd=s%JJk z`U5z!Nz0?2GvT{)Fe_xG9v76JrJw%+T(bSE&0C4833p?9B*nfeTX(C?Ot)CsYBTmS zZs}88VlDBQ(vK38t{YpR!EjFcxMyZI@(VpYF{t^xZ(()4(@Rwxuny;+tGzdxUx+oV z_}Bx3t6Gfs%=Ea&bu^F`k!OP;oax3eGK!UGqttM7Cyf=D1F)&Bdvpk(oYTYB z_Il6PEg~U8kE!|2tYo>lw`_tr-DNF3MWJfmh;us7Oh|wD+XE6T%2QSVrAlUQ}~DG7O*<&xGk%kTi&MVSCgsgC-B9{ zb*fdjP{MAAovh|!uEbsxEiCw`nOccfP)O|oX7lpl`H~5Z$uprA#@a+TbE_7&= znhzy{8a4)TqNRl^)+SpGTZB2v{1@dzBohv+Nf)*Z`MjcZN#g}ac`+PY{3bIR$Ld-S z^|1iX(u=jqM?yz%-bKgJn}qfCJTt;O+5!compf5EtdMuUg{T5QYgsYT_UVC%L6iXZx2`<`m;Ejm8R^f1j@DN5$N~y_Ip6jcR*T#J?o!nNw2Nm zxHcsLSN0JlR7<7Lhuj&_I8ro2VxZkog3$drW!aZmm1nAZYd(I}?d zD*k=H{+Rt|lK4U81UpvM4T^vkEYG#PM(zZWCXahbB`}bzH3E!Cn$Lc&=Ot`-WtT3j zq{43HyvHi&bS#wxEg$`WA*oqn1)zg>t10PuZ9_=i;<@URc8L$c)*XL_ohTH zzUwHguWT1tCGemTMr24d$*12wqz6wSW3(@MJZB}?7G8u+C<~XX>C##1A*xiA5HuBa zhAZ?gUFewd2#!MeX1JDZE{U(_8Y!T19h5NNaz~hMF$DsD=Ii4$J5k8Vw+V|5|L+PhK{I4?L%kZHH6uExa$9`J(eFDo(ppFX`zILqI*o@Zu!d_e6+nqt8HE|mXlK}Nf6wLgaOz0zP?l-Mp znl%Fws8RT>ZCJ7wL~s!4bo;trcC>`4zd|}ryoMN+l^ur5fzq}20FF+HYVO&j-y}j> z4KI;aEzd{;kx9yp-5mz`!e@Ww|GS?F!P{OmR<;HKlp8hE*GLKCb&MSQrrtqUtVly; zEY!nA(;?;j3dRsXRA;fb6mrb~@_zs&48BxEj6!-l#ebc22b3EE=(6KAtQ9^~q$<2K zazh0E>m3d*(&Mts!chC)LjcS#AXcD<9mReiXoP0GOziPPrIaS7la!E7vw%Q# z9!rXmQ9HXx#c=J_Vy<6NbnnYr?ypXR|X-m=*#>*00s*HN-!wkez6&A5cAr@}h zCC`D(_ucZ0dyRKvA3H_s{xYotw(j-&vj0}$hZwH=hvbv-9&*+f<4G)qvpd})wacXJHuGu)N+f+nT~IvVFp54@zm6i7uD z>@b8djet7>+3wd--fz@)L&j5K%^U*2HXz8~Dj;XCZpw$^UWR_O-vh)VkN_*wo}V55 zLc2W4|A<;x+fcNROh-jLjO>&`Q1LM!WYfu^S*0EAMCSsS&(In!(bqa0jLSwOHcv#6 z9PNLqs<~tFJ%K!L1g&7L*dK7uAYu1*v}S5E*1*-_axY6MmmL;ljZDuaO@dmQ7YF}5 zOE-$+Aj5;LWh~6{6_$?T$%ZS}RJ;x2Y9rbcT__E=v08^+#Ct|7vP%oQtD`gQu*ewu zNR#A(Z-VL4R4nlh!5Xz&jrtg!hs?Bt`G^;mY3;k@+J4h{IJ3(a%xi2Yo4np$&)1k!oz@T5ZDssT%3-H8VjeR+-)7pvFy}WVD!8Aq)Y)_28AfKvVw2yEB^t8wC z^ZjRq!gJSPW@1en`mq8vWZbBHfx0U3gD!4Fn#_w{L`1HQKQ9m4W4l$#K-#;mbw5q0 zqfxs%imj}6sKg{n9m`{kZU=U4^5zo%-6b8+b$&i+`Xz8Asnn zX|>NM`-ePxraUkG$H@^BNBCM$5Kb9hQmJ$9$9Gwi3HH6tB<{DUXs^dhlmo=JT7AtR z4(xDw`b7vZbwZj?_JDRt3@mMxHm~6zGD}h?=&Q};%Y9k%+7VZW;6hpcWE0NyF?E_n zmk(l1Go?ZHLtR!eTWo~?G1-47p?!i!u}3+B8m!~vTxL7r3V#fpfV&ncc(P_&cF9f0 zC|+=fM>YNPP!6OXp84CrNn9@3b_hMI&;MwEqiGChPA%;{);o++(zg~DS3#@)_5I4j znDB}Q3GH&W4@2yIW@^eJahjUBKs+*RoC=%!M~6| zKKY^^t0%1@Qfq6Lv}|*DnZi6pT%ny69?GS>JQIVcaN4qh!0Wcqb8U7jN>Tc-c06P} zZ;@yVggf<%t+Le4=8l(mwlb^4~l19Zu32LT3qq;|(3G=QnMm#eh!G{vs_A+&XG~ zuygllr=8T5Bl37RSmsdIEi^=SLe{f8v{CFT64Q1@s4-+SIxmA#qcD zHniUHkXm0wJ(wUAj6-Y(f1EL*fmXlOsYhWNwasLEFlTRA@)QP9{>!g)41z#eBcG_Z8=M8pM?3tHhZH zD!om0mkS!|x~`&9m|y(=|5bYdYN7f_!QAk-VNHj?&8M#29`1TQ&BwAF(F_!*@%=TU zV9bH!AAEUJhORI`8*4~Ag$zyv{dqkdY|Z8;H)BC(YwSGeT|y&HlwTNX7sybP>LgVh z*Z_EFlzH0{d4%e>h_jI>t`Bkg9wGq&=EfzQ@6229U05GT?B~=F!CGcMWv+P%cq-#v zGjymoEPp@PsrLVJ|JVKkDrf;Y%c;`yMTxfmkiAhNYrSK5xum_5Pm~vDS^=?!kN3K2 zEhto!q0@!Mo?DTgx46&9zSk+sblb}-vnbG;KC3!bpxzm(cB^t7VDF^XR1K(VPmT47 z^+=vswioTlJhCa2K%0slu$|njjNnbh|&I)&Qt^gNh;n7c)6Hy)@o?dEYp$ zVx7DxnkSg>G>-y405VIA z;-I>em5C2e^C0$X=OTC@<=_mg>#)+{(MI*d2^z~cKxaahJz3SO`c9oH?2m2^^_`w? zpUDVl)EFR~>sx7#nf)sfXuEV@SK5&+_}(oq59p@b!szoL4bj?>-9dwCYnv=}nMQns ziU8O{K8b^srxulqO~ig|T865=#ZX9084K0c5%Zs_v_(aybnCk_bdEt(ZW!5N<{OIZ z8I*M1MPxihMwTlon*Z%Ym!D3x5N$sP2d&=0I zWqrEBE#R%qG)~RjFmjex{d_ibX*cJ@5$WdFrvNJqcH4TU&g}p~XIA-W0nA5UCe}JjlQOBY#!&5I{XV{E3X2XA9iJ+&70R=CrkANH^~hjM3^& zM^8jeFCA2FCyEQZs7p|?+f^uLDl!O_mz-strD0w6_`CB!N7keYUc6n5m}%EnSWg}W z#qqsN$=xBvo~#>-0xPz9P7SC#DY%ZR4WGwC1DCC{?%$H-t-KH!X{Kp!sh?3@?tJ zi^~OdCCwB>j;bkJH$`uxaB=Rmq(Rk5W8%!3H%9u5RO!9hk`DMy8;e5wmKx3n=^En9 zD9@T8qGeUtEn)pO*_Jg%k&Q=+r4jF8v+m-cxbl3>K5ogh#u#(Fik&wbs-{Cl?;+PT4A?hx&Okqs)A6v%2B@L`3Vx4ppu9)IbA8v82F&L}Oi|py2}ZF^hmy z#A>Rsz0c6%2y}|TP5uR!>atJb2QTV#7-O?;i3OFIl-4Lyj#-)Wdf^f#i*roRj?tII z%PT=wk9r7MU6_2JWmLYxNm(~DBfAnkJt!vb6O1Gr9@Jv49Eiisce?m}(jR`rW_h{|^wjv5{$p|Mmnjcl5%6CVqkB_;p5%lq$EpPF-klbHG( zpcW4}LvQqV7|Ljas!r>$WgL6udVlZFcm6Y0xVY&2^Vg)>__UazgnAweN@@-WYhbIu z!q}kTu0P#{!hSyxyt%9GLK}sch zze2SE?HKR0_L5GY0I~cyHf+JSTq!jO&xD0V~%_s?pcW)}``% z%ekI*5YDf3t_{?sJfq{1pTqnd4BA_)?1-V#9w8pkyI+|z6<9kYs?!csD^R^vWtOWb z7xhO8NF*OdN}T}ov2jkV^@5r#l)>8S08wH~yqzOPpBPGyBh<45{EaD&p&B=EN=JwW z^7fc2GR3;R&B@SRld^5NRoQO8EKC(NaJF{oh7W6jB!2S9>I*y^Os%ulSYaL0!cH88 z;(-2_fTK-HQG-+5_Y^k0#x<-z6!uhtA#=84_ zIG1vXLh#|$e8tEp1+isS&rQALZ|JIFoqayV+NPKegR6vM4^co(`FO->dlHcXv&3A* zbSA}_*vahL7{V?cX+&H>-Sx0jx;1?%9S8F1fKkq#6)Sk=8hC8uq*5ec5e+p=bylPg zQ+F4mehW^z<{AS^Nh!7Y_cHX)X5_q#PJ@6%q=Ops?7K1~@b&boOjn{U7@agn#uz|S z4o;3B>ojQy*J52CbV4*yrfSZnTT^#O)OIv=*kIim26WpH!ZaZ}XrXF>6kpNTG_tyk zXD+Op7wSZ>8hv?Yjly)!y<@yaPmYWdsPHal`41qf*C?!1zxwmXe?79WVJU?J|4IMk zzuKSq54%VI0KVWOKR(;ve;)su_y<7uSLO<#gyJl>F8QzL&(r_kkEE%}Y9GvB8+Z~l9n{0DHKxq4M(BmL(|HuV6(h0gw+ z{J)c?YETemDN+aSQ9w0^uNaZJtCP6Oj7=_Pl6jM%Y&Kz53a1ubzYI-jTqInOVQ`;b zt2>B^&5q1M521PG19U<);vu+=c&U(H7y=Bbt}Job3d*=Ot~_Qe1&t#J*f%IQMgZTscIq@4QWwVY08&y%`a6&#i#6Awah*Cl=IXhPUZua zTDQlGk+QN-u`W&{R;Wzp-E*qRvk^Uv-gQQoM5GXC7sH!>uoG`wDH#b?G_KkxV^gdzy@7P^M2w-t9V#{i4kL zb3&}#`dc-O3!5+F8}my+7Y;-odx_u@$~kO*LTB%AR2DJsgk%d1~|E6Et0A*d#o-Jt26olU0L8@5GiiY8~`o(yP}l$@Aa&)Hzp*{CKg_< zbwyH>^Jy%x_VyZc@IQ#&tj$I)H#AIW)^$pde}*!;WgsQkqAhh$pW}7d&HD!uDkli= znl3N(&YRkilOc~-U?oPmgd+OAe4-D)J4;-7OjD<^xYbo@8ML;SXeoI$S*ASdjHwGN zL{6<@kp1T93QeuamC(V?vt|)0hO)xN7ypn=vg-ah`kzWUfS|0SILQD?yW{a3T``U( zP}_AV;RB|G(t}>mypXvi7af>$oywDriNtZt_&SJY7p?me?Wz@&lUD1@_-zB|V3#i$ zEffmA5{`k%7j#%k*mFXhdPD7E)Azhz4sM!@;C#+pt6EU59K2!@S>rUO&7^yLol7t# zG}XE)n&N0VYnduZ&9+3p2vYCAL^aheMO><=1I7i*KH?}`oA51X#!x{0pxNUY8(dDs z*VR;D!zmhg=ucIXz@`cNW84Vmp=hZ!)a${qhpFs^*N*0@L~agr9le2x)>RzQ-Kpvf zmk4 z#WbZd*D9)`VDlVj{X=9GZ?=SHGi%yi^p^;fQ46^3^rZ~;7w`+tW5$;rO6_x@6jB~y z=o`>5bv9vK7uDuDUI{wTW!>;Z>=p%A$KzWzhp0V>Z4`O?=~5jiMm?#Hgu^Uwajc#R zyihzMRQ_5&#$hZ(1fXt86<=pdifg$U{R$ng%$URG*_F9%*H!QeTMcq6 z2w1AMC#Mo?ac8=#o)vf6^Z}hu5ycA7%21b6aBav^ZgzF#vT9f( zew>kDlfT)#^gVP%Y^w$|^*IEEn+^Z$%7B2TnZo83*dRJw z1bs^x1hqj8MXifzSjBcP>=UpL3kX7-N_whFrysdXg&b-sZN&6(WJ+FSy5A6OHsVaX zCj9ClK3JEu8SK~~INy?@3ULUwz}~`&tF7uaoR^OXpXHLs(80uJLfE}VTsfd-1%5I> z5;BTXde+F$`nS;)vyXRTX<8j9EXxECt*g4{8rUMMrXiAP?ztD66&JyhPFr2e+e57o z%`s^4Jaw>v9~>t0tXSFl(gwiL?2$RbCt%d#@2Ac;AS74~K4KIETO!Pv^gSb&NiHV_ zA@uD#S$ENWkoopiJm9o9qOXdaR;;a39af)UvUh@=y;C&or$x7T2(m1Pr?7jyY1abD z&b0gHrAn=wYlb6Zpw+eUDV6?vUW_4jXrOcXxMpNFeZCPSyF&eYj8eZE9-G)YQzH zUaPx*{qGmT|B`p1=uhEGdS0O$8d6DXOw?Meo&yw64xuJ|Tis5v+{~(U_Qcd|c96Al z+u4%)0}}DdoA_afZSY8hT>5Mx1N_yJN?nF&qP_PKxtSr6v~>cK3J>%65dNm9kQa*? z;=KH0qw4+;w^S59G0C&q0d7W-?tM!z8ZwF*lDst<$WTtSjP3nC1obenx`{#*0mEqC z={A%U4~DtYSh8kQFs*E)sE`@G(ZkdCkxaXC3TTh%#ygE}IbI${;+har->7-OhO#qG zxiydl#@w>FyM43;=%`E;%~tr;LlzjFvP*W_MCdR`EiiLe2u;{kxKw?tFP&Ae4!5C=52Bwc{7{k<4vy}}vdf~XE$)&(G*vHp}QjQo{?n2`*tsfy+SVygGx8x<%R^Ur1SQsTvQM?(cY`W4bV{QU26C z>qvBa5bEA+488Dsd9W^aP;8>eQSx~Hn8gz2R@tkeJ+v7$#w~#|<&7P!%8bO;)w6;q z9g;l*?W2jHP*T%I_@TBl)mFq7z)k!GZsvnra4YYzs<=o1Y${#?dbMd9H#_KjH9z-z z3i6-&Lla8xw3tOFQ%$9{_DN(Z3J)jm;A8eY?JySa-$Wm7d!C)!^9vg-D50*^<{J6L z$W6KD{EfXl)xppT%87oKVYL`l+E_IzeNt6!hytxqSCR+0r$Qwx8^fB3L4ruqM^#o9 zUP}qhkWkj%jvCt~{{Y@1)+974oZg!L%(DdAu7%C4 zWH0wYC;;@C+cz^`Q{&fyuCh`x<-z%QhgAYvzJQ+r>w(SBi!JT)ZFUuk4s2n|mIc+e zp+ZkAo~D|Cd^kTE9@!=X*B5Jje@Z{YsJNl&v@jYSrEFy!H|&zR%(BjQt#nqkGtSew zc$z^T*39M??^@-N$yK27AmsQ!#7~cat$bpFmq@tCrdAjpb3YFL-ROL2ne}ii%G_o8 zoubk~?ndJKT_i-3U;NCBO2nF{>db#p*7{ikcCKMCwl38jT}4-mMDsDOx|xYoo^~G= zau*qz4Q%dHB@b2ZnTT^kU{#~%Y?lOcd_jEiSPUOo6jfDK6Lz`?IKBS{73%`gw%b+b zMwttZ#MY2p!t`K{RNwmat_C5zQJ{JE3J~%>i_qN>r>~a@=+*kW{9dak{F{4i%vzEYo1c`TC5-B6hl!?oVr;)gjN4zZQm! z8b-jX^-A$PVOo@I`Mfz>ytGWz+OF|MeBqyatxymeL`Y;`U@Rse0#zl?&Isb=S{v_c z=9R;FJ8?ZskD2hPGw!6#kdg!5>C7HpJ*n$YH+D-K$boa~b!BK12_fnB*`g-pd3+%} z`4U+wO1etwhq@l*q2^JsxnF}|suy}UUfC-Ec4wt4&*AJ5YHhxLU>gOzp-%+i`d2JzgQ!XgGanYnYfr9V^?~JHT62)Ktzj zP8!(E6P>4wdgKps$jv}0QpcFxJ_=pUF87$7#@=wH7HN4A3`{+&{gpk;IG&#J{X*jGr5ZgVvLyUg1C33UVnyn%UA64f zyd>&}qWXBn(k1i?h2;*M!koIOR@boI%I)l)P=kd-2Eie~gje~+w+wzHaIXjNhy?RY zCfJ>;ARzd=AFzH&PDFOEblPmYikqyld~w=wi|+z46-Wph!1`6(luL2E>QNukG!p&` zr*5<0aKK~`w&0C!K94mWGmO?S14eLPZ|CXNlw^3tchXrALM=}PpP8Ev2o{AEI7VRS zQ%C}7>=IuPOp^y4)5^aJUEr`T&d2x zCro?Yb}0ISzyUaj%KV0k8lw`ahD%!5X3pCml|^#&-AOp$g{Xy;*upQq$MHEC_I9Oa zCP`C*(C^^hGRBGcMI;o< z)=$*k7TLU?m+6L=(UEGL5Xap4@^jt}W3!MYi#iKo~CUg9ppvh6(RE3>=U)o1=y6n z!LrQsRr8g;yo-cxn-nkkmM-lU=b~inN7buQ(OA|cw=5nk3QItNzL*8flgNGML=qIW zrk76%o&+aU>%MM8EHco(k0%?BbRRwY&fst7QtC}}J1d~61y2jsuni1dWk_IMJW0wR z>;+#B<+wXh1|?sCQ;yy~ZwC+Czb&$OW)Z2w&`^O0L zj$KHYb5Ov6&*-ApFjLp(2iOlMU=vbAezo*dJwU;UHr^X$#WfHjI|@e@?Ag2P;+?(3 zxaq?`a8eK}$AZpYp9gryq*+u_cQ4|l-TK9jRsb3(rS~f?)$OxRv8uvo|4Jru=Q#LN2nbKH#$JC zRMt3v4L2*mrTZ!h!~U1PLJ2rikeVwj?6NCQ00xIM$BsAP@dN%}R~Oza@0Vq}HCLN? z$-pK@+9TW|H_$;>l z&F+e)6|F{pD(;%X$V&hXFRDWC?>or=mC-5HdKFn1OVKT&XsX^O?#n{9PUN(_cD7-o zC9`3+H+k}hGj#SOVj^YJ2IRu202ElJ&a?=}O++R%%4`n-Z+iCg zDzG*!Gi5y|{TK_X9`A%3N6_{c?J0XyRTs5UkNMNTjXks;uISDrjL45*d^ydSr3RC` z*eUlwRM8S&Fb8ba>HLN1)--w%?<^&OGYsDyN@p7=`m9;W8 z`aWR5Z!P2Q>%sGOct{C8#!N{7A~HMbN{gDR$|iZT91+T`@>f8wOZI8pi#V|$L;p5I zQ8-~QE`m&x!e5~as-kezvD3_Pd}*{7p%CxCzY`R(H(|&)$y2P`o~?zk17YK4?Qv-- zLdMK=tEyEQ5&^J{*!uLc5)v3y!r=Wnvnv&XX=mT_@=QA?hCjSMKWjm|eDw2YghP5!H z*Xi?Dp+Bh?MS0cZ+7RW1h47I()PKvA?S<26mzH`X6Z)h1$G@Y%<8}`c_njzax26Z} z&bb`E!G9GiM;J*Q34Zt#nVx}=D)%la6F?C?pNIBz7E$*FZW(0qsjGC3TO|gn`z;_# zp5H!%Ku)dTc#@lF=brrJo0&~F05NgdOH((mdyx`l3;-`!dmgn$bSCK65naB`-@qb< zYh|{3qy5T+@J34no5%iuOk#?Z0D1BcgBhG52OQl`TZed5aIq~)`9J#)4)L+LsZukH zrJTB_=LCzS6|cNUPc;I?%+)O*d9_ZL5^eayCwU_@Xt86kS1QBjbtERk)deP3t%cdw z$BI#F;ND8gF?XV|)$UkWg@JyI%IcH2FOqrDZKmGCyF~sKMg~^4dA@wV!`zNSujo3e z4+M|L%IeDreR}Cu#Oyu6&6nESLI$OV#}RACKeIMOr4b5t6LK5@@9V%b*ydfUk3?xg zrjip#;kRCwM>#VabwLx_zH3uK# z{RO1AX&|=g@Cu5?O25kY!XSq7yHIBfS+g(f5vDNY6SdA4driD~4{~u-z$a@ZE2j%) zKVbZg4EQ*g)}VWp^at$M;^MvK~48lbxk@$oh2j75Xrkb zF0QiSeTH)CEn$qNYanLp{YzJGMK5lrNB&{cTUx{iqEZW_l|J2M+NmF=ayzGp)#Z^> zFOF>9xS@@9&?0KAmk${M^I}Zk45jm*FhoKuMGM-Duf@re-sV|uneN|GZ%O~1SzWU( zt_^8M(U5l+ba~Ge#MZoV8U}VTfk7F2XanmoY=_%s=4iPKE^eKwrWS`E_!Mf|d6lh8 z8JQaQ#t{RRLSff4PU;h%Y+c_AC0Iv9D{y1Kcn6X~8)o@V-ph;8LRYeN!mYe$2Hc{7 z2nQ3q1P`9|lCP>VadzG_K*1s6k-V8cs?z(ye(=Q=(~qL{-crSo?=}+G+%MLR zKfW;EvopDti70*y%kw{^yF5|JL3;g~xe$sq2X9PC-W7t|=DaTqp3%n9$2Z&%aV|iZ z++6euR?TYET@M#mo&@Hd;32io@Bf=I)sKJakGiss!-8j%;Bm&Wkd$U%<3E5w;R6kn zmBgvo4AfosCDX&GYpL;`Gvx{7P1LY$z0|=b?hIKU~Rk?zjUoD+-?p-j69FqI$ z#0dj|+D<~Sf9F#HREQNZ)-1yd2Dm%KqoOp%&N zkN^SE$VdF2&*nBhi__cdNhTl~~bC}$W9 z8Y};>b6FK4(CE!lCpk@C)U1!aTV!1~c6yoC%CC3L^p8$`j}NUc#?3sh;hMmQn&u6I zCoq66-EK-OSidKT5=Ugg==<;fUt39dMJ0J=p%4)Qnk76DlP$d@_z3;;Ks2wPR<}T# z19-+7C!*vYuHN`NFm1DnP#`TVh~W*MxmkbImp3_NPPfQKFDsn=7m5Ss4tPaLdVKWq z2cK=1plc8PxrCFo=ghI*+%yT===WZ)|3(x~ZB%RMBkT90Ni86-0ua_ywpO$vpzy^P z&l+kEz|--S?JwDvS~C4mjp%li0Ih*ej`d87Zi`?f*_-Pe6FO$6F!~6sAiHN!%M|Vl zF;aA;WXacH@UvW}vw|S2YWj-33j%<7v7RRI3YO4ip3eefXr;5M-|iVmvS_2MTSrGj zO^sTAR52oR#Ivy1s0H^!CQqi-GuVYM1)W7ov%CaxDP9= zHBdu{L4{JtCTzpAbrPs&l$|C^J9x zDh{r`JLr0TG(w6lXs7*c@9>&Ru}T%o-R=~sBdVcxr=+AmG8Ifno);HaUGMw{0CDl# z_C0*Yw;MJ2(j4^$;asu)S64Q2wFp*`l{cHKctzCH^WdZI2g(me|3a3=&m)C_)(Xf- zO$wwr^TakbUpQnHj~(=i;9{{9ANycC=kArSZGN*MQ9)!rCq=)a)zlbE#fb733BK-qd#4=@Xe2kD*}ZS$api`N7G66mIKy*iA+=1CeRI zaKPD@{SFUmh`bgLKWCIA^-ry`g)%isP1v=WWW}h2-#A^UQ0RHo@d^QK!BqpXt1Y!q z*PyfPEof&HPy=%LmF{tZ_!1su1Bmfet*eAxQ3)Hr#X^AJL>s&30CScKvp>vOq0A`YQS**XZ3?;!;&>2RNc3|CQgWs^PPX#AR#E;@siT z#0I&GO{ZsXgshY<#hDztgwwL4g>VMZ(?SEQGlfZjo=%+yU#OY|?))DNdUwd6(|-W_ zd1i%5HWJA8RTD=|Oh?3RC00?DrWfjnUn~|@j@vHyANx-YLPI_gd&pXAeP7i%@PXyz@oR+B$X=<=4gjpsw*Jx-Ha#O26W zZvM!+0DpJ7|Au0t9FYxwkr=oB1|Jh>Krk)-;~J@)iZ%oL(1?&!482A9a~dM-a9xTS zCrjYD@GQS98z_f+G%Z)xxjJCU;@hR@frll2J@M>WRfXRCWs^(0kXv7Gr9Q8zXJYm~ zEl^cdui5c*FS}5?*f5-OZ%YjGtEg^R-8?_+Jd!<2QI2^S;&yg7*Hjz?0{8WxZG++X zY9dnkqm-J1guI5r;2*j4T844(+R{N8nJf2dsii2I( znfzD%Y>iE*ub;h-%-TX3vQV=f@m%=YF{vd?XpNO#J zjwQ{7D_ooahbFi7W*oKlA{EaO9W?_p9jWYgeO|Iq+@)n*R>ZOl`L!EbWrH^!o(msY z;(TEO0U!Pgh(m$0KIBWnU->}{U2v=YY%S{ z1@8l4v_TOapEz%SSkZKA56M&?LKq$tJ|?h>aXxy4WoTmz*cr4){8DWMsO4V0a%*;=S=j)NvS`0jzePI>oMJvJS z#f%Mu&p^(%%`WClsy!|~Ct_6mfpcV1BjW{Q(~VR|Po-9+qMx^wzp&5HHOLS7=wS*C zT-x9ItitKFwMY)N%E+ixZuckr*R-Rgty-6p(hm__PfVu=&0pmhbl)J;vjK~d{Ts#e zgR&RCti0)T1@K7oRH11%>%FeQG!>0>-eR%aWp^+rW=^sglK7jKXy zffuA*o#EW_VV-X*A;MjThp&`E@lW}C>mWJPpjb=b6}X)MGvG?+n;-*L7Uh;mVWNO< z#zHlCQNi5lBxeOEm&LqU-(b#X!jo)IoK}HDFo~nEtDhAp@rOvi&{|}s{s9a`0{5C$ z2B4=^-2-SM+$cBrkw=oDj-2wjd?eLkdV|<*6%Pw4@|yb1zHMS`W1xy#SwWV`{*he+ zaNi8?Ix~UTYEb1W`pQK;+7Ue`)}9SGWzizk%^(^~2eHJpsb$^1$GZOaV+&`^*87%qI~8UljT7;M-Nkv5kQO`l(`n)rd3V5SozB=O!DJYrO)1!yD3e~Z zyGT@cI=YiJ_4mcJ$}b0gxV=rBB*wnvmu#Ip71T4WbhYy}=&Fb5au#TIACT4178QTy zsDuaf212GZ*2_YRRas+-+EFJdWxl-D#TRV?CQ)Lw^G{CUulP)|rmu2gFn0-i;*Q!q+8z6<;|jsn1W z+7I0L_J#uCT$-dP*M-t*$mX4I2wUu^&&cj>|Lpuvi6#J^-pw^ai$%@GAXuvGPa@zs zQquB0Gy8SV)pqeO5ew->mxn8Ar~Q~CEplEnvkGq5XC<5jL=a*;7j{&5+$&fCOifKcR zo$F9P5R^A~x`vfemxUcGq(=cu`xa90H+w*yB1k%-x8sU!Nz06yA4|y8Rk1PwZi`-Wu-CSyr{ zm~TF`>DIO4pob7xB^xTyhQvnosmJXJmK6u4d}g(wIR_6TCEUbDtWOz)d{M8fiZ0{C z2u0$evkPYwCPKvi&n8J5gjx1E6sV*z;Akliuj-SU>4-amM%}294(9fkJr`t)V*>m9 zeQhih(me(X7z+m>L5z-?%_7kYU7Ioxl7t@J%%&1s>=rsj(d^i~=3=hE|Kw&O^h{SKOX>LpL`S_5T^ATVBi&AG zlyUe)TVJD%VAM|js{dirFR9pDD1X3}Tww|gD)tM?v@RN)#JTs|Hw4i;&0vvJ&IPQH z7&ctGMk}(BAZd%qjnnlai3tNooDeaA#-lG$vzIW;%sG7((G8e;oU^+Jg%FYzCi$M2 zMB-p#s#1%jiOnpu7utHh{15RZit}jdpeti3u!u?Sw!X5GOn2#X#E;=G>A zFZniICDy#ejplsZz9}OySe)@tpYFe|zmaoRT%&V}%RW!T=38$FcByjRR9hPnD0d2S=GqR>TX~bM zMKD&>;`VUrP9Jd3MV;*|j#ps!=G%k<^ZQrH%28@_39s}7 z1@x*3Q>(-zE?ouP@mfY&KMbbvA4d+u72XYZvL0JnmWyAQXRwZ(%^s09v!8dkw zI2CoHa=c4k6IO}QLs~mJ619A;>!yy!wz0Rsg>`W&JdwKtO>sj$muIw=YUx|YA zB+pn98Q7A+mO^}F2!UIg#Upsn(sH?&pM6EU&Vc!|c?Pq6p4 z9YUm%-yiY+k%@iy-+l#D8(EnG5f_fYoc2N{jX1iS>cG#V#w*Uz@sn|^*(@q$5+1ee z*dSe787D54K4(_A;*tKSZ{D%gv#tEQo5>4A+}##e7rIx%;BZ)rI_zmzyAOxRZo6WA zmU9coMjr&h+b-UXiNQX%TNpgP#9O$oyCz_Z%U}zS0TOA+O`Jq38jB(=zr=l1 zB9Rm5(Mcp)8LxYign9V~W4XK_OXTV;Xm1cEgZ#ExH-DB;h-~=ZKvi>|oX{}QK zQfu$dp&Q(ca;8)rh&-#$4=P)Pzj) zr`(r9Nh~KmWnzn-fZ=YSUTw;%eD9~uar+>Qwf0y|<5~|d36SrIwI0z3#fTZ_$6d+4 z8{LRA>Jj>`LCD4WWD^HVRq$X@_fR62-?Nu^J2ltJ(6t7-KKTNR&0ooK=#Z}CM=FRy zw=ysBzR+^Z<-GnY*_t+T$aow$)2VAxxP*P#6rq6M_7eSQmOHOIMy5%iwaZN2-LKp9 zxOi6EcQj8d=j@Tydd&$>gR;D|a(YstYDep1sYO%ml{NKRG23MF;*6?DnrV@j=z6+_ zO(b0Y`j8kHGI=#FLv_K*+pXm?m1;hJOQ=HE^uNJ6{c7-rn%|Kw$}}xqCM?@f5KyS3 z(PxcNqQ#C!gn?W(fmR||WJA?FGyLWhSbPY_9NDP+aLl%T5uW-Zi~_oV*e=x)=fd30(IURYQ47aYbR z#T1>EqmRi%xAM%>V$YSbA~ zx=cPp&67r&GIv3c02_bsyY$~>(uEbRy_7duk{5S+1*fAFt+DSzA^N3XUxSmgYW*fi zv5P^*M&GKn4TLW5Z@2^}1#tq8vH`M!LK!D5R0b)(>!&YrC zT{G8h^wFJ<0ts)F+a*$(>+n}wFP;fN$cR&c2Wl3D?`9{!kt_lsZ0|wy$e2io9SzS# z-ZHRfv~PkUcXsf@uOiVuZ+il&s#(5VvJjKw;H5CFqR^F$qRkuaQrRb@?5=Q zslK$v?jiuTm89SvXyT7fK~tZ9dy^fGk+@-B(Mp99onW4BZROWsEzKLiFF4VOciVOO zkJv5hWyc~Ltu>QRMR9a~>Vsn#b-HA~`*{sodbS|rmDmHKoHy-e@?SkF8~bR6Y0feC z1luvU;Qlu4!EepqV7sCVk%P6v!1WGB@;D8PgHXE>7f4fz%0z42eIioJoTrfdrTTns ze5RrBFN+W`B2CzqQ_-yiI7*CN`<*AUnq-KJ6+Kb^I@@zLOu8_ie<%KT5wlzBnNiVe z0>%ZASo|6yuL)N_-1EIy5BeiJ)uo%B&?farAG_!pPfzz>@sX1gBf9vYfM8sGKBu-@ ziripzhm<9~@3PfuN3=sYLXzao@lBs6$R9Bz7P(QaI@?7QxCoF~tH)(==d9W2$vDe2 z#Y8M$a(XOKyDqi*SCis1t00%s3n_(Xj#p;etS6f*?sfwZGoaEy2`?FvhbO+mHVUw3@bjHtuzx#c|O4E?Q~rsBZJU z&z69OLsKPi4U_&+P(+QKz3(84gDA$C=AVe8`u+l5l+7hC1! zr!Y0#YswqfAkpv7DbJdsbQ2mE9GUxu8Wub{(#Nt3cQd|Ej877gM0+rEnRtVuxN;T* z?KD$?6(d3ha+eom^S6Ji2gxGL7U%-LT7?2xTie_Ymk`X;WquahD_}~^|^-JwTmT)TXkmop5zmTVxul) z)OYm)v@asgh?~Ab<@i8tx`E?vjY*6rgy&^(`T9It9~Hmg2=Mj}QZh8T@NLPzYFv{J z>Y9eKr#Dwjg8053cnM-tQ>1aYbc!;f=3Dg57kW%TO;3UUO4RF`Es`4B{lYU-k%B3$ z(O^wtEIYBHCcSk`(oLCh`Uimf-vC=rzE~Ail*9`My~-A;x<_JV?2JNS}l`YS;V`=*hy}^pGjs$K3+U^`k_C*4l ziET^7hR=sUF*cnK`>hxc8(Da*xm$6;m(ac?czMiYbE1Hx=B||4k>panb=n%Vx`@3+ z>nurQfHmIg=~HcVtYYg!g%pX~WVTrWF6L)~4R*al5_=MUS&lxA&@0U5j9uH3#6O`J zvCBaS)j{6PePC}3sWe-8!G}sRB%MQXinYyXuF8GjfWw6ycJ`s9R&YO=r?HF8E{3Px z@6CKpqJ;HEY8rNtM4dD+cj4W~K84H>2A_1wzh;}Y^dopql8A(*w2)OAxfl;_4oA$F zrZ4?a)pa4=hU}EZQ8DvI%PI@NEV6rK?5+hz4cI`e6RyytGntA(rE6>0yokLsICq;; z8=Q+~6V?2LZY^8v!tCcWAdjaZ^WGYfLaC2SA`ww+wRj|rbs?`X$h7oz!|Ax-PaCMQ zNpef#URHEL?eib1`Y+it5YK*E(yX^%XD&>dN|XR7o+o$=4uqgx+*?gXh{d^r_nhd8 z<&#mz9|<^sA~obiWk_RSQiQN#o<=C^%p8cDg|a2Z8cyNFQayfD2Q0McJVO z`Bq~fD9;C}RI*wP?FLogD4tuSFtTuJ-sD=!#?k?3GRK0nQdE_d^Xm!bXsE@{^3fm?i&=bYE@c#O0xYZFyiXKsoitR zORlmO2&<`F(Oy>`qg+PmJrP1a$P-nUW5?bz-u)%DvDxs4sm?w^v4gMavjR5l>?N${_&e`~R5teMtVBm6$cCm3yk7 z-8N?P4m}(!&e3jI!Ozui*luAmPda@ZHtt1mL03In=l<43qq^TA`IShabg?T|Q~e1S zP}cS1ZRcM3_?NcFW0+h3nv)|Uy^1FA28ab!^4U!K!bPLGU4eB(7s(@{K0p4j`&VdZ zaf6TSXf*C$BSWh*NI%R^^&+0AAd@eI93kbR7R}ltR;i;5aI^d9?d8b>x)i#2^epS- zoI9WoIoxwTBMMQN@rfzL=gQLa!e<2FEx6vN{66?jvApA&I(7@-#5jV zhbw`dnZ_IcZwp|5pn8|5Y_lS_p}&9Qw{XOl(D&bS>`V*lukYNgEjCr1JnStOtm_P- z_Eh6|o}f%bU%y{^l?F`;F5bO*;lWqQ&rVZaO~DRVn`CdTY$D67_Gh=bQ!)3%vX6a$yoQE@H#Sg; z%t)NlzDd>L#X8{2X@USgrOjsGAc-5u8WOcX9GqrvQ?qM!?>kp2zcdtkpIg1ejtO4Z zhYo6#lydTKNO7WD@otE~u;{ab@&ka1X0|0>8*I{Cm8c{Q4$wH&i&wBPtWn@QmZTtd z8b{5G{Tj!bs3c>Zq*_}lWK?}7foZOXMsm4!ea4@d4y2yoYo-En#{K@i=ZZl*%EYFL z-Pbvgw2ChI5?ms*6VU#vvCVt`%N zp^TBIsxO_S?Tm+e9E)_1t2|bmu)BtQvOm>4H#-O`y$D*m-Bgno)IYC2A#MaTdJ>9y zc3i1-!F_Wuj|ix3RjKpQan^zDMnv)$dJf=hqQOK&t;56TTSxoO+(0)NvEfNLEItx+ z$p!TGrLxe6ndlQ>iuy<&w8FY(W(ln!ANflH=RzR4?MzQr<-Nv`x| zKYIVbDMXFJ0nf(0K=+vS{WCRT&U^8n8i6vG(jj&)%rz;P`)jYCO<4Ca8~gsF3J3p- z1HPjM1JQ(bX{kDkphd6#5M+ZNrDR(Rk~eNS08pI$3h!kUXxOJv*E$qBFrp-)L4LrG zq4^mP>KwN;Ri*Gow6;G|Z{KPE0T^0XtwV9xkV6>1?JqTDAuQaJiy&0;^DD~!#nmpu zp(u6lbi1_^Lml0(zb@M4(;XuDX$gi0a6){Hxb9XJc9Ro-nb2`YlWYGu&c0=Zl-Zp| zHBU}gXYiPFJIzw%K_}d(EP7bRWx3`@^w~>jr@vD|3(;!&6J5~SUa&1&YdwD*aN|Us z5i7#A>CFci5jqf3nolP`yT^t z=|(cr6>wm8cmev1ddKD@*P0`u{iL;mBdZFB*8Q2W17I9wR1w0l_5!-TLDmGVUDd=S7cVm zQDXA^s#PEs&7aTih-iMfSk_);CxeN3am8Hy>n$pLsO|xS#ZDNR)0JhT5-$95%gK6* z#+uc|{l4T_Y(~Nh>4y@R?MXUi+y}jSpw)d|Ddkg+ZL_uI&9YpfP$1%bQbsebkP=go zK+o{MzE1EVL0%H_F0q-i&gO8w>M{z%RP{a(aYEZoL00YfvMkZ~*R&z?ud(wCi6zai zIZ4=FeT9xG=lY!4Z9TM$SQZB;txdG8TYH250K7~p26~VwLw8#$O=x3qZ*rp+EP+$9 zw-_2R@=*|e6pfwH$Pb2Y!Y!VA*J7(;S76bQ(ViccMzjb6L0oq|V$k4IMTq3eko?gW zg6OWn5qra+WDaLFiyC4d6oH-qR9G)iDnvP1j?G~&v)qqy>w=jYYqm8 z1}&zjb7*aYWw!dwC1^;vZ>t{?zj#NZk=STYRei&;QfY6p2t%R%KEnTB=QSW9dXy_B z9ONBfK&=!V_Tc9SNJAktVg9g))wSp5*smo%@w*KKOa&U}@us{j3HSNl`iiK=l>}Hg zy7EiixTn6JA>UCyR*$R^eIlSK zZ5;S2)d@k+$nPgJhi%6e_6-@RdJdO1d&%KxU-d9Z5?CfaA*$%0mt9&!SM~Ev5}HbK z=#iDyB?-1fS5X}IyB`VW){*h$qX-H`UF$MGn?^m^Xk@o}+MjUqVg(cf;!@5BBH~jO zWY0uzz--+^5XY_oQlx_Uuii)QeUfLF((kz*RtPA8yUe7H#7{JU?uxs~(v&{k$(MDm;)^ znE+^qM+pbSUk}+FyMFUUO;&o?Gtx9YAxm+ulf!nf9KhKt0@*Q*XoMcyy7{F3$9e4b zK_koJb63HmFN@+N;X!&Q^2<68Yg?)yy&W}JUIXi8KY^ON>Ho$(UkUq4;xG5nJ8Ad0 z3TWBSzK`W3jN=IRSNg$=%a==RCA?!aFLE_iUIm!B z^HZTeWf!)UK46n^Gbh$dNkg%hYYCz#nJZxfc5m}1OaODCE7qw^FmzEHM~RWvGe#{S zQ$n9&|8q=TSuPwkh|sj15-(ZoE$gBXx69eB>nY(7JZec{W5;XQk%dZ_hM!(&oRztj z!aSckg?>1V)x*jcS5fFA@~(Bc8q);%f4dRnt+1l7@qIfX0`R4+VM;Bvg<)ffzL_R{ zv2alK=3qP5Ko_J6Nm*0Z^$if=rA{|j3ms7KRMMT3C9O5ht@l7~RSUIU#+5^z6KQO^ z`Rn{&O_bk8ie)eg3z}t_8BMzVStHK&P|st+4vDCJ&p_%RUN@ z%^Mf=KvQ5P@KhUfk1!X?_6BCSF%!u=vCG4hyxjEI2<59`Sk$}0SH8aFf;SOJDElrr zLHw;reVVH5*YTlz0vJv2l#>~w7@{?EjBBL&apYEWJ$$D*kC!zSB5gn|LL3jExNOx) z-1O@Pma8XS+82qYMY#G`siyKq*J+Ys6A_G*PMA^6~52QcOzE(x+?Q4fgjr&$SpD;A0a-KiWNyq zcxQF4*d_>4vx~*Bm@Agrd<$HiO?mtWkc^ZeG=t}N|5uSWj}0z<>#um%s`vu4LN5$N ztbxFI=bkidHOM}#I4ExCcf7k1W=Yr+58p#h9p^;21jy-NrMK5q+_ke|x$Ktl1WmTC zOf*_+nLfkitrx~vBHazwk&km{Z=Nz)1>(qr`SB;C9 zv&NZzrw&bJ{2#vFDLT@2?ZU0tww;bDwv&$SirKNv?vBk)#kOtRwr!__j{DnLd#rE$ zM|;;{ozxgLs-E|`=RM~&msGk0g)RTjNU>U)LR|hthom;H`KvZbX;M!9QilU{6DN}- zuWsOHcoZOchr)iK^Bipx{QoXm#Qw8rk%WNxT(sng+W%+KGBMAIZ9ByjnKXaM(a^c3 zjV+=hfv6Rx`EZL8m5z0Sen z`EYfw`x+aws^l6&)n7hc$U9F4o%_i7z@tw@kmVgUVbDG&YT5eybvjf35CtkYf^RV zgsNOEGrR;S+Twkq3yU)Gv|T5WmgZz5jWq*f6m^%mAE`hwpjH;8zRazXWWj11;kMCC zJ_Fo7v0y|O9<9XWn1=2A#7}MN(tOi-PeMgz>0g)wvxAl`X4AcYWwVaR|78AGQmmA_ zWxmqHa9OYJ+QnzSMLf+n4}Q#@lU4wQhHIY*e(KB8yVywDax0N%OTU-aA(z?8huP<( zGg%?)tcCn=Axn`f^{>}0hJ=*^^J1m4=MX{{A%EbJP!3AwH!B|3f=qW5&9;b5{Y?X>7EDK=NZRN=;-W9>U1uhCJE_S9QUx^I9k z-|*xW>CfDoCiS{)Kv~I!O)6!lS;%Ly=HSoA52{NnnuZG6A@JUzrWCd1{P_(}AZk)Q z+m}j1FPTpl`^G{4)79~~sWS+hWpQ8_Pd>U5cHq-ZD2J`*Qi#Vpr)V?7W4-sR)HDA2 z-}}b}vYNHOYWaYy+GXU#Hk-`jkjlq%E+Ke53(s(gUNPwVe^k^sIQQb95)_ZFfu=y+ zW-h|xaQ_ljM=w57UIj$#HH~BSXiU_vnUASBp@I{(OMS~)alC*QNzUUxuB=|V@N~8L zVQPjWaI5VDN!r1D{sCQE}r#qwEM65Uk)j zBP(6L2#cuXJPDKonIOea+Wv`!fFG8IZaa)bXGIaZ2xsAr66>BCX%o+N$Y9K-$uh{J zmDW^H$7koyu!$c2>bybGl6}yeW#%>{>S#bv4KFy>Yw-A!{of^ip}BvFF&V;M1`Jy# zuHv?7#q9Y+g(}g{(>OKqmv|f~yIuC>o!h0p2wfZTsh|UC#LO+0z7Dxo1SNwiBd4o3 zX;ID^kCKyKVCi4jbp^F2l@H|QKk5&`KICqmru2|iXP`w=K}GV)rk^Tz7)iy=wk}=h zI?c~)Y$@;LSoOK_@6zS9T|F}pkwoP{h@JQ7ew9X;ic`^v_T(qH2d?ms@a|453;h0# zh}0GZAEQUrfn9kk(S<&i6l^&?%^4j(B48tG1(_9ngpEQ5E6=X?%eTz)PT65wz9x~C zbI~1Nn&90&#=I#$>Biy&~R8^@Qx=s+{pULjL*9-ge$1Pf9pUc z=_-;RCz_E4k~Z;PjjOSwia5z0t0NKh2!z`}SJynk!TizFi1NCENTtAr>$L3&1t7(m z5xYXCiX_^+UP?qLcl;=RhfTX`5g8aR*5@X*t0M-LYX$GIyE*-eIUxE}@?o7kC3bj6 zsuZ-j{82VR>9*74@>s~GgnJG!uTv{A79V82kqyZcwmEK^Y)dkdKbv-;r&d4t{Cz zU%4!bzabta9-GZR43$*Npk%4d&PLNdUSZNmfla+TAtj}tyt?U5sOT%1*(g9q#&8L! zubNJ$-QBqRv{l77a>?E@5mkv@%YNKX2`oAv^M(4PaNlqit;|nXD1e;61H5&9cUYzH zE38Xq%G-osT!2(n z72a$|H{Csy%nl@n3*?f0gxml78E7xcA){ubRix{sHtx!5o*}e3l*rm^y)E_O6#; zwG9^VB+O-l5Yf4NWNe)xUc@ZVv1D4gS8QIUHf_;ZGhS6?E0i-9!xw=b-Swy5S~%j} zwXLs6?!?2hh>Li;`2I+?v;q5$yB*E$Q4r3Ce%1FYtPDq-P;QSoTRQ?H3R5ypyHEag z&dt*wHl73Crtd`ifdNKNw~usalQ$pnZ%H=k6eV8gMNRTAVUzn-pN-_Gt01;eJ)x0xTt1%&WYo#=Hu$IG5fh0D^kpzjS$t1x7O&z!{b&vXr+_B!fK zPOymZ6xSJQip&OBfR3#oZ4P70RW#X-=$hQ$1ohf#LY6`pxW(=lP!&k|{2-ab7r8MZ zs^ryA;V6U341%QAPUxf+yXVghYg`cy;mYPXzBekJZ93(O1J)YsP=>GKN_J1!zvt+z z!zSXl^J*xYT3o0b(+}^CTNr@I6jo}+crV;nCeWUYzlj4*fmr$JlLZZ<2GXG^`S-E1 zA*g%~PYjzrrQgmrsNeVOGGI-?^uE7a4Zgw4^Kr*DuDo<3aK*+pQ{sRW$F80&histV^#Q|BR<&>4vkOGmGZsXoU6b0REOmuqa zP>ym!`o{^)?6fS8_-9_?noSDpS3v~^ja(X`^&c6cjy5b-otlR$o6Kn@%yZS!}lgog~uzgQTUVuWN@{?VvD z$Nj2UAr-{9b)nFM*4>w~jtv}(9(?G-&*yii^XV<&VizLf9B?TV?@MrSo`=I{rp!9* zk@hzvRyWqXqg6Qdhge>&=-j=d6J%!{AA^~PD^Mci^Ke}pQFsiww!eaTnk;_gun+CEIfTn;rI#%8^Y_TAK`C~k-*umt_agh z#X2&|Q!leWu&O<~pC&#^hm_HwSGUk^BNr(7Ql3|`Lro2>_k3Sw4#rjU^?8*TPhBon z->?H+Ko5sYKz!&D5me#W;D&4Kn|QGfPV~0YcbfO*eJh2|jb)d3O5`8dox?@vRpd}5 z3k>GWbK|XFRU?I*?BIPG7fhP5wK|@0{EH-*Dh^$tdnbGpx6V5zRXapc$3h_+aqFY% zP!d$Q!W5NbpthJh7JVc&wScCZt&1@Fjq3cmNLT23D(qtVdXQ+zU$Tjqm$3)&Co80D zLzRsH!Fg)fTS$(DAfs`rS-q4xW(Y3{p!zgpqsy*CpS4}yUDEikU7#W9p=}C}WZ1e~ z#Jq@T7-^j$Cnl1DUJ5ErHdp9DQD$es7buzEyC})$$UY;HW2J$o?T<+cqGC#5cAu$G z2TjEC(UVkSf-3*(D94fz)XQ$AS(_J?$VKje?`mG$l9u$&U zOh-rTQ|`x$Lqo%Mh@90SkKxKBqA7i{p?cz44x~qG7l3j=Cm&;dH`#8?zfc@vES%O$ zuy~d}gWZEg=euAX=acaqnC-sIAxT3%>tY1TtgOtoM2)7!k~prgxy28Z+anreoWjaQ zxU@cAL}JC=;rPQhvyq9(!goLwZX-;Og_keQzq)NVFTB^z4c2sBpg|+KmYp3ov_(4^ zhf|VXiKnBX0I!=;#RCyK#Q zk|S8JitBjK>oIWsgW(Bj)q28A&5rj!Rp?;K!6Er$2*ZftG=`zWjZu3V(_V6R=PLjOx*VkY;dcb|18RzjD#qUJZ6; zQ?<8cbRBBh)7icvF-IWF=2dqyN@Jm0KHg@SA=cYPCY)!2DDvu@<2Nv)=)X}r>kZOZ zydmKi3)sNXwz@?7);0)WsE*L85fl^BRY%Z=o3yx@|EUqDeJGXsyVMCVT&U1QTdbcPJVX+kwNPH{YjR>YkT1Lv5dB;qsCGeh^`DzGs-X|8y!p&%B8o{0A}@{STndEAR~S6IvIubqO@= z`3HbvOu688^T|0FW=F(X$a}~5AHvu>lGsppa)gDQ@vB*ru%Cdi>xXVIH0=)}vw2(R z`8eniyZx962;I38hMHd7E5MpsF*epQfte6tX^tTD`;2T)j0@%Rrbd$^g)wl2KPHKe zn?{t+Hq${bXd3Uz#1Y#w)!I?@5?HZJ%O3w~oQ{4TL;eiLytCjKR&MR-;K`C5?lvx< z=7oVrJHRUaT(iK?Jw{BL6Km78 zXC9OtLDqK6*-KjEXr*Gt+za*%O@~Ft<4skK3PBH8m4k_@o&5S3a@|hz){O#SK0~iM zHS{v40gRra9dFqaJ%DrP9=;6RHZ9WZzg$oItRgcy-J!m=$Hx3+7wY>z$bKFw{`UZT ze8JKFh_SKFud+VA>$#MJMv0;5woCdM3{8R)Vg0k<8Rx(({nDi91G5Rn$JoI8DhsMQ z46!Fo!pa}#(JXuux6F5Zu^9GIvI0OjTr%OpYJ7v?pyBdXZI~-AbUE1_VRph+CUj9QC-v^#tvs z>r*#AH9%~GUnWGY0Utr=gS(!x9m~7wXzBq$>mWV5yzBna@+XJ}i4^WqVl|s~ja@*M zkVEwA6p{^@2L=^>q;rRAGLvE8Gk+&5n9VB)lo+wI2+x)GR!~xi#jW#UlInuqb4UBH zv-nSg*l!Ob*dnmnbV1o-lok%FX>-t&zDHFang~rI>XAVu-{5n|)ee(_NCIc!0fvfz zO7r0&qH(_@gK=$&d=k31?KM0TE?@#SAdr^e9{>kI=x@c+9EIY-vJ{t13k<*=KxS!4 zTp>0|m_}9}BHmu88fOvSoNUk7IbLI}EmkKH87fdH$b_wj@q3ZE5YV3ID+dzem~IFE zWP9yyrE})~L3nQdz4KF#we~0r{;=4LtS+oBugme#YzPT<%}h)&`NE#W(cc%iSyos@ z#`s&eIRd>x_7qE-nzXc0u*$MjoT+LWPvrl+l!W4!Ts7+7 zb>o7AF?iK`LQDuT08CiW)Fr*)3L7U*O@Rf^RYcd8iL$rXaHM&u*oV?9jNApKdfCW} zrr$N>(yI@(a!BFL+Ltd-E_yaEBnCC-K!Gpg-};&F6<|5YUNhXuxvR#rLe`iQ+EXO~ zFmQnd*AUaB3*#HOO^>_tn>+`b_w`x~V)a zqH}P5n;3lFL4KbEj)z$tXO z0|Oj#p@iqt<7ubT*w(rCrxfQS2PrT5BWCZdpTgDgeFHLXaEMQBD)|tDM5~#KM63;_ z=xCvW8iz)Zmy1vFT8t(cck6({+EC;+_w+I~0ZU1>!ORyE<9>y)|oJZS*B^ikRpZ(7aPyaUTCf z=9>n_m0A>(20^B8sVy^`;y#V46m?xgj~xegce1u`%*A!q{v?7e!<^un!QzY|x=?uB z-{%jYO$xQeF;rVy?!Hxl@Tp^xm3l>RCRFV+X{^jTrW{-~FD}yoaj07cFnZ8Bx0WAz zAVYH%!FLJ%0k0A|CBLuGTik-ojf)QtE1F>Hpdz;?k<3f|a`cQ_% zJCUSNO+$veo207z+-^&QZx!cVE;KA?mF(sc+D=?jb3@?=#E`IPG6t35Lb0vaD&;vq zfmy6Am=;YoRfeE~!X9=JxV>ivU1~0<_|_4U0tEHuEdT39#lfQEe*g&o>eP9Z81kS? zz<*vO53e#beT6Q{uYCUiq(x3oK8XJT6y!X({*C=PH}n7fra-f#qkn;E+&=)Y+S$$} zjjl4w!T0|@fBxsTxNW1Er6~$yvO&;TsdOOvZ0o`5^l1#oM9C|Sp}ds;WdNxH?IVl= zBY8oTbmT5Wi5SzwIDU?Kh$ost-TuX&QR<)sc4P<<@lOs}@XI>|4Q(KT@g9xTPc5%m z7$35d6id*~A6$S{=j1PIM^hCTL9#r6Dx9*>oO{F;28Kl8?_JWHc^Qpa2}#Vv{u8ox zn$a#uN@&HnQ*DHXgNA1&QV@4wXt^?HTV_i9n@&0UU*1LbxDHnP zj7$bG1F95tcQKhHIyc;a7R+Saq_629r9gxt=$BZ3t?Rg5uZ6V>6Fp+$u7N?GsS zj$zi2qkjPHoutXZu^~T#BEkSEp^h=yq`$fEp^F$-PS|<{##pRvjxN)pQ)Y3Pyspgm zD#h8#2Oth$Y==0A9e5-fO*HW+5T!sNTYg8E%$il60f4O|>#tb)KN5we3~Rs!*aIPo z;qKg5YE?R0dfMT~rgz;=ziEr9B=&Z&Z`5B}&`&1XQfzbkf5Y3e1$#u6Yb?!Vyd`5+ zm`7|QfWD8JY|a6`+Rh<9K`83OMyP;=4t$EjM{g$=@H?ZCOj?g~DQ2ND>>X%!%;Wx& z!|&1G5TtLyRB=>ibm%we=0*hC8`Q8u)W3hkw`dcJFr>WLaKx5D2sr2MAJ|~ z9DUz>n2WKT5|UIMghPT= zn4&qs6E&tjEi-5VPDZ^}hmvA4hZ1FoksGL=h)oJ9$4BuToL zE|aALGJew9QYuZWWGP*xm1|>wSm)#IDLUG zIdkv8f7k9VoO^_qBqMuog;|w@Q@BU6`n~O7j=(M7dKer-tklknl0uuR32nLoCl-f| z^pw6fDc`@x&-|nxkK3-s zpEvMZd7f=~&z-4WhxU3l12uK!!SZ>oIT9T|6C->BlR>aNva?Rz*Xbq1^;mWM?uz#G zHzpWnZ%D}@p6&7bK+5&?@wVDuRe2{^7A%vq8pHWbw%s+>yI7;?K(*UN6RlHtyQhP2 zrYg2p&m(Ez1v%}EkQYi!%y`$ke>7Y@DpdJQCMi-H3zh82-x+>Cv;HWzH$|}i(BV`p zjy)RRx4%BST85tVnaS+Ct)Fngidr+l8~ZKe`(Yad>C)ouk37pnM=PRX4RXnmBtKkp|bnm5ykMFeM{G)RBfo@$(u-J_iuu z_Lg$u^L#Vvyb(dY4X_fU2YHk)ccp!&@g*$?iOdlcGSk#7$YacfR>ezBd^*c5!6tzj4wWOx*yt*HK925ev0n#lf0@@T-Q9Uq-=#%%$vGXMR_F z24t#|R#Z?css&CBiVK?1=Owdr21v{bTq~T9ca++6t{}qK`SWRc1yHC4*sXqMX|s+2 zNYE7(n7X_=NS%wv?OvwQ)n`o0_!m&!lzq{xz?0sBL@y}zs(nibMbXN`YX^)o9P7>k zT7e-{N%vvzl-G&Eom-Q@9ANyXn20uix*;R;hubd|Ev{2upz&Qu&1uHn`l9gs#SI2 zH;GB0jO9PK95}XwEx+b`B9oPkS$x@{mW`G-7czd>hw#zn2IRI!p-*t*qz{nz!N629 zqzNERZMSA>TDTCM9=lW#>W8m*P|9l{A_O#$kng&~ffeIkcx6Qw%JK|#l6ytknPN<` zYvoyC5X1F;c*081<>uw-PyN0Q=Kh13%}8>*^IPe^W7%FG6e(J?lC3uGJC-5Wqx^B^ z$|-t=uBLlwg?s~6s|XvtQclB4%S5Ho*|h(Jichw7Bt)GLXoAmjFk1GbDj|EIU;;mF`+tTB(9Xt3RakzgfvsYbEHTpMb_sVq zC9i*J<7F@dP*(nvkf4rjX>bP5769JSw3&$a%8G`sjcC6<2%FeU{s>FXugEOx!JJo; z2hgp$i)fOd)TN+Fx5SPO3yAqt`}{5cvt!@b(=d=@$sM{@f)L!0bjCxcSwY6KR14d+ z??)w4$6GE>s5u2AG9HnF(z8we zq>fi(4KS8LV4?1(L5HB{zYhMaHAX4{=*=>JH=`3DU>=K&eY_y(rE`#jwA;=z#@VJV z=9htt(PUbIYt)?1_*%+2(aVO?*t8Hl9%=^qIyCz_c^3-D%vBc04c?ongn1*R&Q;wR zyB*ksxE7+ZLzF`yMX@b}3C$hHuQWwh@`&X<0#}qYkyJ$2cdhVy_}TVV*^-9apWPYv z6cRbq_8}s=K-{&0z;yN|U%QaK(L+kSI14>I!6#*Sh8VQ&)A$!DMwsz92zW3y^RLvU z^6a)uE7py}lKrbQ+6YVlbyb6^AmeH=J(j{Y$V`{3^a~WV7$Q~$pI&n61Ye$7!Te5` zcPdBZc%r~lPiMpW_(x(EhBDW~Vi5VAGaLA|&P!0ml$Euysl>1QzUtKXv#r)|r(PRL zv?ZRyDuPrch=#mMsfDEcwv_pI11T8?{ZEwV%wgtht1V>UsF#Bw{3~9XnKLUI zMI6(;Qw7Y#6<%>Ik(;U#Vp(`~$4g;d@Zhjwj54MDB3VEln-F|otzC?tngp(*f+ReW znKY8~h#asP{*())T#0lYLdSOb*b8W|6t;M-QF^7B&@2+>?@PfNAw!f(ovIThh$aMCNe#=~i1 z(HBI{uMS;EoJIs9Hb@ZKkt_5Z%(iIER1*2qW2{7TR_dms2*eVjiD>7FI4f)oUB%94 z)r|do`d2i1WewY4u;6`xu^TYtyPRa>l@Z^^%nRwXyF?z2@O$YMCy$fq7XyhXti~32O{) z?a7`D&I;E{U(&&3qGFr&r*4K8k4~+s2~9n}&Ue3~P3D1=Yb{?dHI=9Y-9M4fy$}Ws z=Cm1=+BPOylMoeX)&v1#JdKqMkT^Q_RxTS<-8ax>#wHt8MwHNuZAD(Us_n`eG8#s_W9x4a@yHjwL4T?0B9AP zE!x)reszV3q21VBzeEO?YS?%74`B1ZlX^GQD1GDU27yw8M>V|TXe*r9cC{1( z^(!k+ud})`j2@vce+C$xIq#RnQ$} zq`>(*SZiq>zV8$lIG6r1Gl_>o*CzIaz^rzFF~1s0`z^^HO~vNNFv+jS zB4X@W^ekiz^wW#fr`bl;6@!bM@Yhya1`Ed@sw=uthl>RgB@XnH9hB9$ORsvG7wkc9 z(GPO)=tLGmUS5==Lw`Dw5Y4%JyNeQ}mp7KVeZ`+X;wKEwDS1e;2nBwfW<0dR@ZQlj zX&__=NE>7wn3!R~TyZ6Kzw<@}zvb+^&34-+wMTO1d`0a-Il5v_<*8p)j)o$7PyqkJ z0ZC~ou-6_W5MggL@UWyfb2xKBd_&%))y$lsmMxusFmlVA2kDI(SU<@FoMj^&PV0Ii z?n)sG?no@(;j?t96hPZEYV1%+LoeBlWE@OX40?4rx=HvRSvw=^|DE&w;Ti2N&>IbO zygN$mS|%%59B|e_R8IioDp$SnZ%>wJBizG(%||{<6z`np-Bm(2ff%gLgQsvKABK0& zd|4+J(Mog&lItREW+$Z5#Sf*43C`Ng<92=XTnUx{kkn{jb2>;m3>y6mg#ZJ5weOY+ zAL;Fo=^5$0+!E;sYnM(bu!IvsdKa0~2jfFD0~Scn80UTVEL8{h{MOEzoO8DyXBj1t z+PiQ}V9`pt;P}m&oH-}O1w+JxZL7EBJN@WtDpDXDGliVviG;#a%|H#TFkie*8#V4_ zoS5+F<#xz#MMR&NXj9I`(cGoKXMjwqS5*&5_X8#_>0j#1NCd-CPAG-7Q=d6D1F*OG zU0EHN}i0R?hAyD;_fQ*5dByc9mWp1rry^DTW?br+Noc>p3wD=0lKWXZe>#kq!HIei z$Rxp{fBrWwg%9iY_6r(GZ*?@&mqMV9G>KbgEIH%@i`^t-SuUEwAVLzMQ^R^jEWfcS zuR{0*%BnW4Nj#&DppcL;z9hqK1~GCj(X#1l4+`FT9ROS2~+xuEAa@O;9je!H@z0(kNM{olF!XCvK%=OWA($lZ{+PYjjem>Rd+QT=dr z`8{?4b24IgHQ+8M}*XEKR9?5GG7ynS37m9y@F4HFhV%&<4p}ON$qIOwM3%#dI zltyb#gXF4IYZNbdWeY&p(ruZrAqYEp+%nH_6%`Y#f}J)Oi`6)H z0k7hHcTZdd+n_y>$tx-5jt(UR+&p_I5-+OEQ4dq#9N*3ue)gAQCci#fILBvTlc2Nr zb4!I2J6dW{jEw4Nbm>iY6xn>4g-ss7mvoh7De?9Z;a!D>3Y0`vo7w9g;2Xsa(l=#Kr?_! zvrh27y1sz*WtgB+?m4)*yM^Uq!15r_OaXGK`A@)~udJh_joIPP(46=LSDWuA%7;S# z8V2wqm}em_h>O0lNoy;egS#!a)~`2zYU&!X@0>4Zmj9*Iq9{w~m1m}1#hy^8um1I* z6sGeGdIDmGUsUfy9w8IE-$lW?qhPiV26K-}_lnYORGa&gBU%B&d8kRanL?UdA_5v* zZrUIJ&eA9gTb5gm0~)sp^2T)>Aj;H5%Q&@;WI$f9MahQAsBFt>G^d8SeP0v*CQ3*y z^;_io9}|n_5fy&uzNv^AGQa?~rAmyCzRbE46)@bd?3|8MZsG2H=`&8eM4$gF9XLWG zp0gU7Iyy|>(?cro-E-(~i~~FOuqs3U$S;WWmA1K^(Ya&2p3T zY^?iPG4aemq^=79tBliF8c|tFW1rE^OXLOe?k1ldB6Gc>BscOy_h`NM51 z*qwVK#){InPkQ8F>`a(v;5{+KXzhx5WFcpy@<-x?avbbB&t1LWxccA4oW=K_pkVwP zmO|wsp*^quj$f5$T+D|TkLGW-aQ%oE(K{R#Hzg;6abENgHk8cGw_d_%X^c~U@C__o z-55k?JHigpV}&t1YP-GL9OVIPWA|SgN1R1P1xLKyVu%=dZkQ#Otj+XapE3^_=)AE| z124R~>-(eI@eImL3TIIPEtSLn07jn$hQ66qz67xNZ)3B;^E`4$%}aVAm*0GcFCRo~ z*kPWwu^Fm2gs3PVDD5RncSLR;#{1%9_3uc)JI z8e!J0pPYC8T{L*nQL-xQ^7Yqi=Hom|O|>&DL|K@I@+WkI2O9tHe&ehW^pHoAU|6B{ zg-hLBJxkRo?JCn;Y{T{h4{5NEBh6#Cmp{P6xY7*{3-E(cDR#m))tOQBMRZHkk{}wS zUIYpFWPp;R6PfBekdnS{kqkK7ZI#3}X*cxoqgd++x|Xt1&5N>_*s2r{Lg}{t{7n!l z>3q=A`?pqkAFuEs7&b;P@ljl!1=}xYpSUg|REc$iM^Ne9vxS%Fozef=w)bK}?3!5yP+0F(55|GA zdYET+#UC~slHZktPTw0p&KJzT%NZk@88Gc@^)5>Fi z9&|>d>iOHPPph5PXqhAQxva68F|Hyl)>&|}zvltCl4lC}*$_pJaQ5cU3p^zq4oOH= z^aTl9m3$>px|Tn&&MG)IfgdWsG;Y6;6|2%&sp27{x?P%K&CD#UUr-glcNqbdL;e*~ z!|FkmOG|JQeHox(Ya;FSwF|LHBItO8OSUt*rYc6eScQ(X-5{KUAVTt(4unOOX6UM< z+}?uS+h?&%hL7A-B7b{rjXk1Fb`WCTzKOObq#G=Pad*CKZKEG3Y=#;VQs|CrbK~f$la4;+`E0he(vT-xX~f`9V=PFiI+#2 zX&ckw1p^4filmQ`zWc$cYxL9WEbT25v<6ptG5)#DcNb@0?_SgTZK{b_S9l+_tK#wp zpZt@zt&xA`Sh4#Zk~np~sKi3EK$}~Kxvw|$mfG1<)Za}S0a8$jR0T7fvc211OTy&^p%qV7;e_TNg z*x|=ISu*RNhmudLU})d5KjbP-hor4!VD2bz{R$SSd{=yYAXh(6Jn-9`RrlublU{+~P5u9&1n78{gdt_J0 zpw0lSv#Eg?igz#U<({rMe6=OLAuHE8Men{d< z=4_KV8TG~ng@tgW5Q#PDie^-sZ-1D+79nA*G@7ATL&c1CT9=|=O%&=3q5XMwnw%spN$biib-`a~9Ar z(>;>=Wx+#&p??6i{KZSHA?PcjL^lku8TU+z9T_PaO~A9k>Y{N?-wa{>Ofeb*CD&ak zI-a56=&hS+wr_~%+72)cc@n3oZGD+G!jQne)lxxE1`tO3tbxm9$JYuy;>xMC&F&Vp zdnR?Bzq6@nu0wkI8AktVhrC!uZo^T&{#n-ZCUhds8AyrlNwY#N?G?Gs*RZfJnf`za4<-Ju767SJ z{@8@lKz|V)qioS{FYgT&W|>A+YL!5$KX<6<2kzG91|$SZTH7&;$&{W^WYI@`>zX!*NH-*BFIdzxx|y zs+dct3|%G9HLs`n167d@x3Yh(L$1pYxbn#(gW+7n>?owJRQCbe^$Y`>Rr#R6(OP7+ z;M*~b5@cP4coqoT&p>_#8Yi36x?)x*EFg1X&r!!Ch$m%mmbuGYbNP$Ngp(J;m4D$U zFhCeKVz_^V8|QP|@!ko%II!2;|NKlqd@;|_fuj*@g)FTfut}tRy<%{tDdFgy{@d)kZ`k=4I;Pqm!x;-&{*EDM* zG+T3etxYVY3ek<#)MI_+m@k&RoV^7E$Cp*?S3wBYl7xS5)vReDwA`{>vHM~W zrwVvcDTifA&2b#WS4A0UOjyS=<&3vO|QXCmh^}zeVuW97jvydGkYh3L-GTV|+7e0dLZ% z4d%`}$WOmX80#x{czK_LcNi1oY0BJ4qb5#4_MxS4eYb^rYzv%fn@3YE)O736K6FxP z51xDGj#vFe0#*E$g6VYb?)vyyz#d+|Egb0*!w#*O){`+CGw!+5JyuQF)EmtZa!T?H z^&nt|w)78zp$>`t11%IS5a-$`Y;s^-^)&31hSp#Uuv1JXW9e_M|KdFqT*U!_(e7A- zMSD`tRbJi6PNJ&Q0A(bRHtd4kdV4UB;z~QaJTu9w$ow3*0aw|!v_Qv)(qw*9mVL$<4|vwwlQamT zs$!4wr?i+1YY|Q8fgG&hNpIs;F12KbSre{hCPV9lySa3`Hn9A7Eca9ho+2Jis7kbu1_q< zDn3v?cR}w;ljTn7w^{k6FZKe#G7|u!O=z#VL8sV3$2(@UX}HY3G%Oe%xaDL}UEy<# z5@p-}T~~9slUnesr;aN3gtNR-$d`fZ5ubwk;>Sl!VL2bcAvvUzJXf&Up3Nvv+Isx zXf^_)+$N=ZOTHQN_sMH8DS&%q!+1AC-Qh!j8g>4=sT~3@axIU{dtkK1cIUyOqk~ee!*DIPwB@S1( zYlS2=K=dfCeIntzV@2yk|K-A)0 z75|IPV#oh7%~%zrsky>}nH`g$6vx+SZR&=`7gRv2Mf1SASroDqmlv7%RN`*EV0imo zLk}AfmM3MO+Bksd^$|Rxju^$vpSQFnKfzkUqn5Y3C*Ro#(Q2FVZ6!tVSDd0Fb2ljw z>5tG`@5fTjGR<~eA#Tw%ZteC%qJIFicITDA3Viq_72z=UkiB>mw1zARL&e1Q&o9*b z2D;7WAApUZg2RIQ-*avrl73O8W!G50*!m`3t~9P6zox8XVOM^l(hS{l9d{~=Si5Tr z{!R}Bw2!s)SZAI8PUnH0Um#|@%h!UYtZOPJuFH*DnQl?NM+SMO5Jxk9 z0ci`YL^5R}QBZrY%)YO7SFziHro?CuGG~7%NKCk8`i${k|4SG}{+d97)F~($&JBad zL=H<8JS8xJbQ4n4AYzH`4}_|{T$#z&b1_%y@0PJ`)8XsVK4Wbvp15XmJ4U(S5(f;S z{8URxFK2A{%I1{nd~te40)VN&W0oA0)yJ}@G0~$5jRWf9<78PBOlHnfWvNc)hNePl zg|KdZ8$){Z)VpQstx|@(!5Klu7{T`*@Be+WXZ}tR%*nv^Ed$jidD@rFJSM~hNxHKl zjIy*3%bO;CzwECefy6On5JSsCNyzA}uyScX2YrOns6UR)E?xU2hFHwfj>d6( z0EMy!->9F0AiB>~a?>uLp{CwVk@ zC*Rg1hoD8IIQqD|fwT_Vyth590pEAk$D5$2V!p_v_ZuKNMsY!9(DxN1BV^Ll5nKDV zTCCjxz!Wo{I$~sJoQbVX;egg++GZ{LN(bscy{5--1f<)1_4G7t=;bAqut{c-ar*U_ zQlS{ph|>)!=Clz-csiBx)A$V%a%zq!(!46iD)f~t>f$&)lr@X$)6X&jyzOE~Q(BwZ z+I-1w*v7M8v(HR@?R~Sg_G6OhD@fTAXbgNrNf_-Rh*d05-=N{?!VH;7*?8t7M;Tkx zig5@6!cm2mg2n{|B;G+@3P2^kU zOKxqZM7>jAC*at&0WD^_@H>TMl6;++LHyz?Xy#-c7r9b{+CR-$pD@^DZ;1N04*C$-DC5^<H1?&KuCg7TFp@mDXD5|8e!o*Nhp@9yuhkH0b%taA5)Qa0gyMa8kOYr1iQ6I=r%5Zs;M?%F`(?lkTa+%>ob_r~4b-QC^Ylk8#7oc!n9 z%&fWMqHFb9wTkYp`rhw-p3Sny|MBrcBMrN@^B-1+?o$42@~CGyefBEd-Hp=0EXb^q z_01M6jFvuj^ob_oM1oZ1oIbh&^d9Z$=hPvUa1HcnM^vP9WKT2Vr?j$$V_T&g8YENY z!JIKyRb?MHtIyI|y}sY4Lp&e+W0`Z<^Y!4kFQHSt{v^XHWk8u;yfV%vp&-Xvc2wK; zg?^viwpHHVjjNPLOo?(MXIAZ)-6T50xa|$5w#3RBg%1^;g1CJTwcPkaQtbBZ8ZO>M z&r-E|MW3XwG@|+#O+?~@{tqC|`@Y=DfFIZtll^=1@0P#XwBZJ_9?PuO%eiHDJ{C6J zirNge*V`~Iku}IXlfsMBA`8_L6{-2-577LVICaV^bVOIw^=VI1dy}kPEb~Lw z+l89ok%Gz(T#stc0%9MGbPEO1Det_+C>Qt!;lP|IBe@s>r;Kq>vR*`!sBF-r=iW8u)v75> z-V~U+20uml8gsdL4ZxMSL3{OpS)lT*zrG%RV-cy*#`!(vY!e%Yk@LJR6Lz#htnZEU zyVLB}^AZons=qC~YF86xB~;m}4Ln_};Staco12nau|cVal6M8CE_2TC=!{s`z2bs9JpU`CBJt1loI}@Br$1C zps_%~k^2c@Lj{jMpw+qa#|=6lk-_^}1y1YTOVtN1;=8@i;I2SO=T#R+TkT8dZW6Qnp=P!LY$*CKfUs-PC+?Eg900 zaubfj+0cl+91ji^MiBqc(Vm{VQ>OeVSWno# zngbeUQ+I`zgir848DhW;4oBtxRycWXC%xd&QMgVbe> z$gqv8%@4sJuQP29q>NFB^X<3x%+V`6LK$F>@UmNElwpm4?;q-Sk$0xqAWD7M*^T`C zbIC#bm|E$8$L6U0#lrIbA^BiN6!}KPpf;O|1~(uU&q3=pz5b8myf=!0VMkG|_nq(eVqxjfpMT^I_D>uY20=-^{sV9zc#Q0}3ZO8ZJQ^}?x+VSl(T7G_ z;~lhNgqXaPGz@8mIHCwccf;#_EfQ%;Q0spGRelb!Q8VEQq8YlUTh-(k$0%9NAHB|aAe=Q*6>?t=LjzvA!rSOff)~p&_ zY18R6@y=>jp{>WyBBF3u+(eT2S%ncu;?t|_t8gHF-3==))ONw#;4VSQi`iM*-mWzw zzx|H#d*Wc8*{r+^a?`Hz*sLUZOHx&LM7vp;@2?RXIemYNkI9bq+A^jiO92mJ3i}Ww z^$~FeT*q-tR(~w#>nVl`YpCD&chY&R@qJ<1T1Tn|OM4JcgqqP+cDXqpR_-E>Mb4)- zSAyjyBYB?VMypStxz~WLra*@0?ZApo8`#RVq)Vj7O;H~W_=B%PtqsYG`CRX+wiooj zF{^pD5JHzCDqMQJ1+pF+@0cv=y-`3Y#eTbox#6o`&#W2sXfu<5W*1{HgG#MyEGd#O zudeKujNbf8DUa=t*jcg??2POu#aj-#(xRTZQpSYd@kn@b81@z53%M&@+gs3(7(G>r zQWojB!CZ`{PgaD@&-goOW6tvV!ZM&RVGsI>~GxUAp3}U@7Va3x!C#TX2}6v*2|kO?j@Zyxy2z z1*mQjb*tQ2_f4+!fg84>-6q<1+rB?s8&aNwRyHZcD{d&yrSvGA2MH=9HRUT4ckXHm zh-`!@lxugaMvL@F?H&QX-OqijOW7~)qCG@)D8Uc)O`>2AAs`&Ley7dEia*Xb9v5QGp-=w#m#*riUfyGA#-X> zBc_|V?V~uYhx{+f+EOXHl#`b0oJ@N?Sl_a^_onKHWrTT%Dm&v1Oc~6JJT7o$4$i5Y zdRhWRblErK3rb4h*E9lH;*zOPGbl&LWZ{W&w~GD7T~QV)tBTU%12@?IJx8@})I{Ex zRG2TRlw}XTgl4NBe?>33Q*t-JXSjfpw{f~PPOqp17*pvi`ag}*G4TVzpDRAvo^jCZ!UW#9gEcr%TxLOw{X&l9zbn|c7}8Op1Pv{MloAf ze@xu{3O68)N0*?1#u2=14S9iSx$P=&SI2Yc{4o-v`f>2v-d2z*r?eNXsfIn@DeqzB z>2A~B&HjBh(Y8tXY(>`v%Vp~5JTdzq`aAit!QIxmN>jiBz9HeX@MxFCd2N%?2Q7`5 z=!1n!(Kx_Uzg`R17{f@`1SYk-+rTv{6TSXfmqptL*|CVz^v$)XkK?<27bT~kX3 zqxT1%KxWi{2`?22_d(y!5^|q5#4Y~g*tUfGXOsPEC>-%KkO3`++R19*Iy57g7_H3v z3qenlzr7mVHcGO459kcpQdEHTY?A_sUz5e5HB^Cb7$0=y3k~4O$t*8Gny#3nA`YKx z7r(~NRoa*$3KA9jQaH%>*bGz6GP`L%-+LM23%I`#{NuI z*5DLZ5cnf;(I9|IQ3|29Puq{U@fAHt=Gxa@0|EbRktmcPiFseZK2>STc=-0Z*#06N zsV;JSlIut0ER&^_OU$OlWm<~&P->*@CQ+=fXHwP7CgS=E#46@oUfej5M`1E?$P8ux zNtvzKTP7%RNWRo|EA6|YqiSXbzbTCsPg;48?clQ)LBEs{D!kSh&u%;OtNONitVMz2 zHjQb!rn)JqFce}r{*I5?ERk8(>V&%r9Z!9K1?ys2k$p<$%!asUZG+afh|aI5nq0aV z_l&?p14~WTU;V-Qa4FuYqV$CrQkNrYF#2n^dHRbevhvDALCBdz#ag; zZSDLgtJgA+nR-Ki{J#9X?oZ$E?8i^%@1y;HHA-g{i4}w=+?@A?~ zKT~g4kKec64}SZd{j~LdaOb}VKfV3`zCOx6&HIgyLZrOo(vjggKLQK%JmFux z63M$>$%dL(dAyIJF`tn!g*MGv!j0ev&sDYmWio45Qw})LE|)qfKmRogRpe9myL{O1 zb~F{X;*-6a?E3L9a;)J0}>zvtYkX2el zVTaI<(U}qn{At1<6q1?dfRMo2kL%WST%EuiV@)Jz724Qd09QO>Eqeu=zB^V|Npb;y zO>?EXm7XczU`bED`u&?I?kS%c3Laqsl68#}sl%;T$$&er+_+;z_0PHR*0kfGT&_jc z=;`XwE);hgRU0ejtqkLjX=r(s4UUs8^d~c9WSl*mwn_E88#)bF)XSN%)W$+HM7U%Q z#`8%S{7P}Uvzn!ccjH+{({38PHjYjJanOi8XM(5+58_nfqII5qpFk43(@q?G^F3k> zpP`~!>=oOO)tq~L0=v!CIFP^^>e5z2+KBg}+9&Gq5FzF?M zaSbIKf#G_Xe%Ku#Db`oaRDKSb@d9QY8rCaZZBspsMRNFI@gilhe(n=iSa-N$ zDKSJImn$5gV{Ki(nJ!2c*P4zN?FL2un|%RXxT1p?%DuspfikLGAS8tVuABCY9~~!C zvHzPbX%aq+mwwh5lnJc5UBqj+I5!QF-;cW zymp(1pQ(>c9#PAl0Fjji?Vya?4VDm4j?$S0&Co#R>wD`Ak1IEtFWoy_%kv`alPp}Z zbfkd+AU|tZdCEY7S18JtP*Rcin<1&r&pi10z~L5~o5M5?@gSa%#6VrJMuQIjQ4dw# zg$se_xTH%RtU5DZcx3u`qXob9NA%m5e1Z2T)9N3L=B>|Dng8FiqrsPmGVm| z<{)*I^OoA(X%9x8G~;FTka1$N$CN6M&K}kPtMjJBRShVC8=>nq^{23^^6$#KD*R)M zvwFGE^P2yPp{Q{$a7|CxiptLHXbkw=jWwfCN^on}z)#RADVijq^7>19&}Bvm!g?p6 zmhgog4l4fY$%3#q6_Afu%v5ZguwIO>*w!f?#>9nZLm{p4>AW`K& z?^wH(YwpXWQAdQK1MauK?U;saXa#3kBD)1#Fiy|LJLT5u7*%##Z{^o9ep7M(EU6Xp6(`cr@F9b} zjgA8C+)1RuWZSy|Ku#zPR7V8oea%|WgSH#5g1)TTUN1BylxUlu)MC@tNfIr_JI6UT zbhSYstdkL3>MJ!rG1n=mr! z@~Q8=+oOogr}V40OmCEnUn-ced9ChJBa^zqDcLi!o;}U9N%*1Wx+4xmZ9=$?+I-)e z8j4_fY6Nes5K&D$e^AhwU_(v)IwXUKqpMn#nV(!|kjqz@gQrF$EYZH)7WScny7p;w z^GFJWeR3jG{@R(4xEEe`<8IvsPc|ER4QIiST%<7|nXN`B zLA#?PYgJMClk*96{%Dj8X9D*hz>g`qS^fOz0h1XL*75fiT2X&XjWpi^FjA?qXkDtv=}b8s|H`80oBw$u!FXJ~24BWM0HQ>S={J`JPf3ClQUk7I z@uM2BL!kAd<{N2(_EJHq#cofip2`FiT5raVT^La5GZ42@B>@AZ(p;MCNQrs914iSt z%oQR{3l3I4AV$->J&7JBLK?gYV^H4gTS~Oj>lRO8;!b9+mapF8PQHnknWkPa-_;3- zn9aQEde4T*k%HT*^p!t+9Cps%4)^ON@(w$W8_cWAN_iiN8(xIn1OJ5SJr#5aTx%z& z9BZo=RF?G;SMbbJKQi<-&A_i(C0RNzm{Bnl?uP9E!!Bu8pJ$OtE^Xz)z7?-SbVjP- zC04?YKhkZKf;c&9R9ekhD$4r1Vzl*;iJRN|&ki8_rdZBDz2nQ9?5h#)54E5t#}$%!`KZeZPV!XY(ST_xiK zkJ@CyV?B}z9D6a+k9Mu(qJ$vw9F)P2ZR>5rAC!=)E>%Rn(uib;;SiuEm0uw{NC#PB zIvVY2mMF{)@6Gjg+&7+Cr?X{^)^)jr69D|CsfEU(HQ0pWl8lJ#WWXg_Bm zUO&%8(q%t1m*fRNe#^bPyh4o!;Y?Z|$q`&83T#-FeZJu-46RPIT25)+TTj|tD~HwQ z!Wt4*(NZS2rD!qmuZu=+FRSs_F#W0wHpd!1+xF-MSYrs}L^72#=c7IZvJa4-YkgLP`kY6J@n7~1`4 zOB`ZTAGx12!Wxdzqk3sb$Qlt%y<+qx^-wtALhYv^hzyn?q#K%bAz1RF%QAI!^f*z> zaRqO|^OU88HXX^DKQEOrCZz04v*Q_;qTaDBJ&bd&!J7VZBY`=ZHMn)7I)j*uDRGZa zD$DA)eV4lSaeg5zt0Q-rRk;vcOW#??Y2i-fA{~YADKAMStk(Dxi(8kY^A)P#-jBFW zddG1|T8{;feB=G1bsHr`Ko09_&36f4Ej1*WSnR4IQBd2WjG_eKs5~j%uPe(OeuQ-v z$Z6H|@k`xHHv^EUkHOX;!r;xy%=RC9r`-!JZ7&f3zJ19w<6P+S0-TN3QnitLeAeU* z1uR?yocwMEvk&*ExE_PIqs(;GZrn+Jbo|mD*5eYF=bqohs1YlfYZ|(KCz%$FzG~%< z@>pD^SNHK3HzWa2$(B5vVVmU}wOCed9ypc^lB7(Ie-x$m zdT#!A{sAbY1IM5vD2#cDOsG{NbE@-(B&1PLO?<4gtzS#icoCnyNTkqV=Qqqb1G&Tq zQc%&v=~cE@OW9l0BvNCz%z`k2XkWB?E=xdD)3@HH!#-^Tt;Z3uoHp&robyk1|D!KT zK|KLgvCNm!Kr*keD6xGqaiO{&^3f;?PqzFy@h$?4OX?ogg7}Fn@Vo`L!Q#%~ zqY&=}*B@E60ZxV<2%vy-ga;|r?zBRPve&YKX?Y6d+D%7hm9^^!L3|4l0Bd#FY-sqHjNL<7~eMW0ea*g2Z)L)mpEQK36S3tIMg<~BT9^knA z;5Tg8l^elP%q4fNssS$YxCXr+UXt(veg%g-J6bFl=gQQGcXWcIjk;BhM}v zsmREaBKKHWU|=%LF!+q^;gi!U`Q$a2rwdu6qt`(tu6`c^Gkbf&%E*Hu^BP<<2>u#= z-sA7X7mkFPu}PLlP2RGG;vKG!HjFv0*@O2=sCW`FS0_Znp)jXz znbwugI{Cp0;1t9Qj?qJD-*WvKJ=x`^P$_46qB*NqgK||&R6ISqV;(4;c3f|F82`rP z9>cl&ppp3f+*l87Q!mczlU+Qrrg(g>p>5v8M_f+C!i8&eAY+eRw9Ul?5kHx*BdY8Y zVZZMUZEopY9i1{M#0gWdi`Y|f><`=RI~ng+*PbBL^SCH}xj^WD&SG1}ppU}nSLFQg z!*&&Pl+2u8JtkD;65ASDrnZ8ER#XGdwl7!f^HXl`k~k)9lC-+To9B2;_NrE~CjWU`*d)V{ujlFb`0{ddlq;Yi4D`O1T#-KE@<)Ui-dycl#?oLdLqc!|CTc1&z(Cd=0={lv%z+aKdFF?9&gcnB;W# zg;PX#!}nTDW6r{wiH+RT{1-K~{J?xOKi#U~y^(TFUz+kw5`)UI6)k?(} zhw~og6f?Yd&E1$8wM;NeP$(H~3mGgx$g(Z6g!(yXymw^TQ&+a>5zt<9#R_rRrai;i zG#^|w0fMT@q_+878iBUw>BSzwr+!2T9IWxSL^e#=N05PJ`WWDliw5y&t6oSu>PY?J z$TQrazD6-rhfH`GJE7rRRqCE!a;RkOz5kjYiSFWQC1SG*b_3GwJY`}=jrGD@Ec`Cz zka3pGYotv16yTHNd>W2Oa5Ik-K39sM?w+1QuvM#aIkEj5t${cWJ)wtR{oAlN7Bdqe zA2o zQ;WBWzqlm`8n7p8zplX7L3fuH>2R2vRw^ghf|328^V=guwTMa(%F&aq(U#8tSa*PM+nLL(e} zy~l-sjsO)weeaK`m!IrSU;8P25xyhwr#wz7yc_;b@7P1KOEOaY`UMOUM0AzJ2b2pP z2?pLKpK9$E3S$Y;oqmL&2VcYuvpY~%RzET})^Bz4=ey&Wc6d^G1}AZ-AEY8$F&uQ& z4;Sr6AxKJlPS4SBiR@4RR!3+Ut$V*~>C2MndT@;pt+crJ|6(Pgo!4^33Ree@sL~`S z+cEqap;7GT;{0qQ86=%s77%TNU!H`!Nm$e3szr%m(EVOF_hQb!4cg-u8Hf%`jU;xv zd;>LqcFfOrnSpTW&7NSrq+TBLGW#nKtp>xhp+u>HAJ+DIJM5UIOVp531zI`3U}f3) zP-Psc`WD*X=8inzPtW3D_yyJk&7oqpXBB>N8h-%9R5{5hiU!O^r;=gD z@oX4;Hc-RQZ!on$$v}OjyNtv}JT)<3u_1HGr$LFhKv$J(htdIXucw`kd&31;tdTST z4A#{lnEYu0cND{9*!W{R!vZu4pV$gg-mmPAds?tCn{Z8^7?V?<+VsrP6|PwA7VmLM z3Y+{=E#%24KaUz|VHqrFPZa;Lu}~N9#1|&Lg%~A_l{&&;kqBPwTE@!@LS-ay2~)2Y4BXt4)5*504?cSy;qPYPdUOMEyz^ zP7eGy1$ypi|7g^EE$bTTjYtczDY%oo^W**r$B?0}UqW+@{R5>&cnKkP9}=K3R581k_MMa7(pQ(W*0`5TA~=vkqc9kJQA8$5e( zl$Oh(YVgb{r}t*n8Fdd5ZhO`VBDAmSCO0JlZ~{a0_R{Zz5k$wC>}fga_LC?wwpwT* zVQy!v?!gH5hL>E>z0G_=Zb{$v?hxifwfvuc_a?UeY{ERSI+wsh^&yWU~w}R5rpBd8*d%Vp8!Y9 z@&lB+nJflmlutq06lqYpfYu762beKdym|R=)6<^#Qo}i8eLQ4lfmLbiVH0yM%lueY zpQfv29N6U-0j0o`_7C8mg8IA$$rOijGk7e)Q$`Z0!mNGAzf!0G&}K*S`~i&`DFRcZ zx>f#lRHn@C2gIU9E)-+Ruj!b*mUTdT#CgDGG@VndhMJbR+TS4uho(ek#`pFo zNeMIZ&pk|5I=Hd#yU;Ia!kDY3>m3ar$Rt2MU~0%mlMnhDZUww z0d+1At5^wzjUTs(DDnARI22jOzoc;uR*Bj;O(kNESOgWDTr@Sw$iFf@gV&BIsv;z} zQX$jedYSbp0E|;~eFLY0Mrr^umnjL4q7kDu)iSGoJtQH9oQWCUY$<>6+VykM1o!yEf!=KJ$@mLFH*o zC<{K}>0pUluuIJ$4X|dtxRJ~r`u*u}L~@ogK}0VlJYy|3R^h#l6nu-C58G_^JCYr+ zG4CcUMLJ)8fg$K!!>7GlN4um$scyJa%nSpdA!lMx8q<-cMRr{5Q^ipCnC~DSJ2}sF zasQxgUeJtB1Reoa0#a+H5^*jMBCnJE^X&2(Juh<+bdag*w{wRAAD)}$^|(AAQpi)8 zvrv!l1I=2boHDsqTf61@k(4c5>bm(WeZvidscA-YzuLN739i)6DZpWwo@} zxbR_+qSUA>$JuQ(F5IP2mL$Gok#+{x zd@7l$d=V2D`_&n>qpeH2D6x*Qa%~NU74Ac%X=8JW2vW3pn@JZypC)(lgDx9dy+WW@ zqg?IuEC!c6LoabJ(PRjzB>Ui}=_vS8uoFuWMOu$w$?3O;-6Vx1o~ts1!;$#zQRY99l?3`wq;@fnr=n8fmPGBX9g4AN7zULLH)=|Qcx_>dXc zk4aSdc0xan?Mcztyiz>556N#PV1mbc$2ZA7P~xT&(3HH>2w@EL-gbC2k+c)PJB%fV z;rQR2@fX?Qk7<=EcN>FmH+6+Snb`Au_b*Y$#T*(}M9+AX`BH<&(`6Q z>4PL812V9}{e1+W^`@SpcT7~UCiy$uuP<*|QJG-4WLH0UC!Qs~8;l{5sC@KE{DsuFsQr|J~6>=R|%=t#+y>y#o{kUKPBlsMhT zFl8Y=;ud{K5!_CRyV-z!z({KQ4*>h`?g<+ z2Uev*%&#IH>clDiZC?OaEfSl8GIAmLKEi@e*_*7b@<$WoT_n4$r@g*eG4XA7tO8P8 zuY@OLMW{xPI|O-;{7g|2)aKfJ-{Gzc?x(lOYJRk6O=ueEo-qo)zq*MeS^%Y`?gLm_ z=4P;woLp}+UyR`Hn{PdLN8vYDGK6}`&qz!6%ucJX(gIz3To_ei$qap{=D+N|$`AAl zKU{CNFWljCXnzR#L=;y1-V|&vK?a$}(>8al92T^BDA=$-zv^rd&X86MWn|A^8#3c5 z#^*ak;i3$nS%(+kUMycrB;=9(VzgzY{b|MoLM`V1N^Q_!^q5wQW15mEnsyL&CNGwE zt*c?R*@>@fsM2k_Gnjkd3j5i~b|&~v?l)52*r=wrRUDX|1{c}RJ#n6JX{c84KT+X! z5~jk%D9_OPP~INCbF(W_Cqe+3-k6aRxA{1TP9id}@U}QjOg0a6Apu|#;v9cSG53)i zP1fx&m6)q(K&BpR4tFC5rZkhRcP4H7T@ZYX0iy}FSi>O4*^VzqV+Cw(m7&8KRryFX zC%rq3z9Oxx5ymxwtgp%{2{ouI2iDz@JDSt?AmeZerez)0-e=wGq&}cQ3d%bvs!UGv zw8G5MdZyRgD0GdOf-_QN3UJxR4Q3OzV8LRW`zQF>iE1B&0@7W~>H~NGiD3>Qrd|3H z#D#T5pc(|4NJjQ8pnE@O67zVnl#E?7rNm}=FRX#?c-;h*qy0yAxmV^}<=(0iP)UVa z-mitqPSRCXSJM#3{anjpt-QHZq&hkKGfI`H#OcFqQ@beX0If@o+Y(`THlj-Lf;Dog zQ(0#X{ez&Tg-dJjoJU8a?SQ&z7%MUJ4etoHbC~n>OP2}Xd9ABll<%VBXuz-TwAh8g ze1Uyii7WHa@yP_t1JOGa$0EXZwx*a{1JVW;q5$EeruGn(t=2$!;>nEz@oEJ^7M34c zEW7S6V7{R4IkfB4L{DNkn0ABH&l;HbCB29IeXKbkVNZ<+Kj{#yc_tgyOfiQ=aN}fC zzl3J%i8J5AcE6`Am1`HHQ$}TuWY^zHTFCIH ziJl)DahqY*7tU`3WQ%{aV@cxQN1WuF%B+>Bq{qk~gLMcG2B5^+L`Oqme5!}KH6HGW zJ)0J3Sp%xXNi5Qs=bKTtEPy&@LG=1chQsh#gVu-u5ROqzOzKc5BAKBL_+sNcBaLxA z|3vB7F&%pPael%EL#>O0JzYA=IducFcqq6-tdU#$z(}6H6BuS25@DT52)^8dskkp} z!jW6vCDOh6Vtt~)k$2cB2DRxDDiiqyqw|B5a(j5qY=m{XA%OL|N&V3KIS4w|g7;I{ zwF#0aU{8$TsZ(~5LHt8#XC*5NeeF*$J+=Knr8_B3sFFgiad9}*7JH;a zQ+2%U52Jxc)L=i$?WDP~4kLOwW>g|(yVumIr{ecf#D8RADiIwyCD^uj3?Y$2!DF|& z5?ZK9>0V-uKHhXU>5bU6JCz$&7#X=al|F}Zt6MHV-VBn-TB8~-f8mtbjbfyyX(crI zA(FZ3_^x}h*f&5gByDHX?9$3<@)|uuk93;`4sJqV@p)9mM-^n`UGkKU8KNg=B2yIQTMa%=3Nc!dBL^hp+`Vpz*B_ zH4X`L!9g6T;kY7i)c`K6R+SOLP+xIeYc5+|2bSx|3h8R}n_ygKJ?|5NigxK_o&uo* z)lan-;r$p=TE3@l2=EV)a&D{>!15LQa(!ylU3ovjxo+heX*hZj) z+yTj}zhqgmgg|Ib$&afT0hFkwQXyrwflKUX$93}gnJBnV^e(c>Ex+21425j1 zlvu3+4W|AMi!AAVvN8VE-F6T)gn1`$uruI{m=nX zE2&1FkzCD8GM?oCSCpF>HAaf{AcnrmHn#nf5A9l#hC}WZ9pXL-nWFA}Ce*Q>Rpr+M z-e+8=Wwu``a7zyX6&_gmv(DV4DS~uu|6#5DM$s>|l>VJ-57j35CPpRPe4CsHJ#Dey zFx3vS+1#{S)M_=QcQb79!Ys_6Xp!kK_4hn5jKLr@QM{zC9bB1X${GWh#8Gl68arV; z=UA3wJ21|gX|F_$Z#K(M@X=3w8_L@*f_(yL>m`yH*}QjSxVyMMCZ@2OtF<}f(kRG9M?BU<}= z(U6bCY6qMp3^>y?$A1L=60muiE#cb`9G<}^U#(g2)(dG1*)JC)a3T_vGvg6T5d_d%r*f_3v`~rohyZ{wL72i-;GSw#+>iGb8@_9q@uovuC(QT zoa6=^RCzGo7z;PrInd4il&zn?5%&`XSt~u2_Zf{WD0@unHM??(jjOR3ZNk>YZH|+Hib<+b?48f$D zgect`QJfrwzHb0zF~7pfpIU@cwc^z zZ+shEnJtb2VIOES{xSR8Jdtok0l#ciuCfn{mz%Zl-|jnxyn)$a!YabA`4~0jsQ~&- zSYr&knsPF<=a_oF7V#skG{7r^3)hb{x6$JGU!i}Wz>J8)j&*l-VTG%yo6%nn%n8TK zFoh^E>9yT^WbK8V}THNbH1uJ=(3*b}8uO!_SR zR&C*C)kB(ArpkE-H(q05 zV3hW-*WC9cv}aRu-mz19hJuy$(Asa?_rU+`1{*~PQjA2Wre_gx2Rs!S9Nh~ssmAv- zmT6e>mgv4#CG0JG>5MNkMgm`R`f^j6wWJy_?MEaI(;+g-Xx*l^)fbgUa>F>?WeLVT z{B81qv8Ot|J09Bhk<_H7SAv?B@PGR80X^m!++afI2vX&GYoLq2T2{kojd54bOwbhd zzxVNKi3s%ZBeSliMuGbYUvW<0ct@ZviA8q|hwwVY(YrI_au7Gyw78Q(a1;FPFe!D? zK(&)(mTfTdH(Y>_t$l&PEVOfsnu?&1^9nibi7Eut)R-KrirO|cW+lr~*E(ii2DwVY z6GpZI@;gMR-uEupu6%L{)xK4494m^&{J zls~W$^Mg`^W5~O8H8PNVe3O6?wo!q<`{)q#k6AcmTOxl)IsTC?XXlVV$L=jj zzvE}^PkN$Xo;{My9+o?Lwy(`EQ4a2t{{XIql(cJBbm05~^FBNe5*oB94d3$ixuH<; zqSO~dLUQ**Y+WN`pzq1mauM}peaN8`vSJ;GJmMBF!NF|crK&eI49yBx11}xZB*pZ5 z)@G8WK!YT&pHEQz+-J!?JCv0nevClAFc<+bYHM~*zh9<8z=e_Ye7s^D3uYxV!yH!P zB~lbQKJES2Sg~W{PaL2^HkYXaD+^s^`Q_0%7dnM@Bs(x&x#>*uqPTq*dkK6)%)s_d z;KyKGxv0V_g#1<|?1k>1#!hVNxOV)7E)$IbJ*h6qhR2kBCP&=w#=F$a_+~D7uW?D5 zVRrE8r7{xh?hXX3;=)OU`?Wy>3zpI}Uqko0IUB##5I*CJLeH^f>eb?H^W!iXnXa}P z(r)twOH2?kbpkpZK2lVA#K1TW5SGhNK!bWeqmY=3(>JtYZn&R8M3pJMlPJ>NDr>AL zYdj$HD|OO6E#K~9apZT@PR9c|_-;)_gHA>^e3h%2T=#)Tf2NPi0siAwKQPCT*g98& zL(X9jnrw}~l49e7Xn%nXHYaHBcXYKsI7H@5Q_;#fQCS^Xv z0Y8s(3)O9M;I()_X`v_t-#93hL@{q`pKRu0+stbhbyBG=ovN=@)`UYBoj8F}pB>cS zY&K#W6nok1!i2wzxBsVV)s=U|uCPLC?xUP^2VZWT13B~&$12p3si-24np`a`d&z*M zJZB5TAPNvT2mwMX1~S!_RZP8fJ$`wg#<;AX)Esvje=$m=yZk=!51{Uk-R~G&TtL$% zrS~toWFhqwruN&{_97=}s(o=@up_Kd?S|P$xdpzOvyJFg++o9&mW>X~x1X-McV7Kx z^*?^~_(S^%o|{nBp$u-j$;E4s$Ch6v4{vDFveA~!&kq(oxckZJxc=eR4~4Tf34?1qsQ}1GOj#x%u*n*luq7PD4^?sGK8B;jXsi{mSlWx#gN!YG!heHVM zxQfBUMWRERyjJ_<9`1(ItIffo``O&NEJJC#A?5z<$G8=*40u@|v_MgpqR-QShO8+C zul#i(-G)OTaMqNc;vazKmpXn8llsi%-HC>sfC){_P-KGQHta%NT8AQ|tKPm~ z*)9R+7pw(#eEUhbg_2kQFBy8T)T~9lQRv7Ai>p0)E1`hizw9(Ln0UVI?SDZ>yIVjU_Asi7U>clToslr@@7fid(BVZkP%d@PT?>ej*v8w)jL%x0Skj_1Fn5+o?|&=MG4|W zet>zG00eDbiNg#PH|Qid<25u|X9+@%Pu!_u=PhNTN`xTPTE_&Y4*|_*e3L@gBh@K6 zLMmorhpgDM6Wu{erEJx`i+RUxBJD2MT{wC7l#L+N6c{=(LzUPcX79M}^g?GHu9(0& zj@EqL?-750*HE&J1_^}qhPlU~z>)o5l%AuSiwnXe^LU?XXu}4_(^~XeDT#Y9pv>qe zkYza2S|14U20wWI`Y`WpNkEm$P#*KO^p9Y(zbvvvb=5pAxrNC79;CZpxVvEjR-gH^#sUcyB2KOZg$0*+$EJ>`r2NaMXFCJFdYVbJCmsz6 z1JV<&kl$2KQA59O5`#Ot&4X$E9M`+Y4rtut2VZ-^yycX9K}x|HI)}NTxkzPjT{`7q zTW8msUd)LjQD}w%cb#ka07$SL`!}dZfV9PleBo!VV&5wuG$D>u?3koM1b) zj2(!`OVBZ)43p3jKlw4&q)0=*x-y8%*24#E)<8u$kHy2CW@>~OUWgXC=(nULH+1U( zPxw-*Ep$jnX1*X~-&Y+Ouw)mk4rGQaKC_q7P6J2=d zce{7?+aI{Z213=kQ>m(%(jn=ViQ!0tRrlWjlwWAPowrJ(686(N89H3`sje(h3%hd) zQj+j0PfnFXw)S|QZm%J>4w~(qK%3uVQN@jnvI*_*&^lEEzVjVQ-c1Gs=*>_z34Wvr zYpA0DxxUVAwXl0|zUJs?1rACR^n`d@E(*a6<709tVmD_IdW1hcwyL(_i zy3d;@3wYq~Y12Ej%m`e-b39?q3vz5fWqz{kpS#lE=|<}~@?wyv%Qa|@FH^>AX9Dq0 zA!D=>_w>m`K%$jv>`UQRtN1k!<09CqG5fun|w86`l3VO&R>6gq>-%I0jKfl0FM> z(G;SNPfpQLJ8@5PzPEuH$r!}eK*y5{pDZvHd`k>2lONWd;iYLwT(1tF_5Ieh8VscRj0G_M%J91yPPM&xm5hSVofo zKiLA16lz9DznOvYC_0~J!lD@?QKjOcWK(Pv`**!mzVo0eei&d;Gw_k6KPy}l`YIur zL7uLr(4X>FsdvTr`mz9koeV7dqX4w2C!okD+Tc3n5$9kI-Rwo=l!|h`6VpP+_aOy= zw_2gK?BX8qW7*twbu3m%M(Fx5_%C2R#AJa_+nie8*t|KSDbJ_MYb?nvcOftNnp+pF zx{!*zYG>MGMz1K>ZQIARR33KfEoB@aEIGz@R+m<9`056ggqO@^1$pQ?YFJ2F7yR04 zb4gn*X!{=kRo`MspuWqSVd$Xd!Zyil$%Oov>Iudr;@2QcqGH7; zokjulH{|CJQVPdcrXGB6;erxV4T7Jw+GbEb;-%tYvcuT|LyC3oMpLW$Bia!tN;*P% z*pYgPj;u^$!;U|}7o6pP5>#Xyw&ogX>E!Q3eLS7G{hQxa$ z>wjw(fJ2uKjnNsY4%{c%f|+|5lQTC67?Iw$i!Z1;yXCv-C~hl4EdVihl!E}6x9NuyI)>`mi}jLd=Y|kA*{OEjbWo*kD9gGt^PrzBiCp_ zlwG)^;ffVxlCf^%8+9-0*3UvX5S=wUK1oADbmKjz( z9v8RBfNZ4lTuDL=5%t+rO@>-FHX0K-mP;iRF;J%T!tLsk(tF^ zpnTj|SbC@lvct5m1_VPZJY@q);|a& z?&*HD#8MnKbTmIU@*6Xd(p4el@|w(Mx_d8F)@qU9BB60@cpi{ttX6k-x?|mE&J&+6 z0n)`<>dy~;e0E4?r=E`&PxtoC#UQdS$9?Xc-7sxQlSJ)P`bAlZ+Q+qXL^2#lf2z$j z*_!>7uJK=gmdUDrT*chLdWY|WnFHB6`3%3JpEi~83ceA4xT#RWs_JhYqn3O24U~2M zt3Q)R)`O(*JNE3maMQHwD1`kT)z!kg2nCvC;V>&6Y4ycC89a^s4}!*3 z)fR8d#@0onB3==eWz_?RrPv(fg%QTK)h+5S>Y*#+ya{Hi0t6rBg!5{=Fv-o&)QL!n zt30qpoJmJ1m}wQR*1x5LM9kk$;~S8)or^x@L}kwrR-#MScZ@s(~!)#C=!OzzKsDH(qg?)In9^1}A6h4>&s$n;xm51N^#9 zgI*(kx^x^5(PMu_SWIp7j?F45NWD5;eA&ng-VdFV^rq{zFc&qdxpJvA>0pm3uNzV! zL)#(-4lhpezrRT&6v@Y_$JOcaFO?kV?L1yoLrcUH9~M(^PT`R3@hl^oD-dDYlnEX( zzLq7iO&^()%bXUjEeloVJ&VvfwhD9%Aw{Iw!fX_-QH*vsf?J29($77kQ>v@Y)~DHr zR*o7&3_ZSKjN5`~(ox@1LDqPBDxTYu>FcWm+8-Ylk>T|sWPH0<_4QsoPJ}(OMg~yK zKJZQrJ_l2$8rXg=EACR|aTG9dSDof5|C#8sP{dSIIP{v>Gzbiy6ySeGCt9}>t>I8R zb%45SJB%n*1%2>=q%ZmMv)W2}C%ssE=-@)WxTiO`DW%@qyL9mnhIfse(A*H!W9l_# zk}_~R@eN;z+G-p9esQDps#I{^rVOFeGtQcxx5Ae4e4}repE0XZb+ZtOZ$ImmUYlTL zonzB)wB)GxxMsIt`SgpY;LYqIOj)2uHYkj&2&M{R2rG^A$Gm|E?{SF0QL(($QjWy~ zbRrlYNxa!uw8fh+AFwOb3?Q7#ewLnQ*{U!HO#cWJ;rdIQ0bLaej|n~G()ZcY-Lr&b zLBN$ximQuCYY*i9ie$3&N=NWquUf z6yswhV!BiZ?846zE3f4!z7c-J)QI@T1e;{x`T?q#G6>el%RF>WFjTMfe z*@HSn?1$=YHua*rtYWpy>ms;Bg$nWc{Kob_LlTn*kE7K$#CFeLiyw~bRnHvIW}+$< z?f$-eSPk!w^US#Pu&gcRX`W{+EEkGf^Fv8}xY?cRDPk`4C@$P_ z2pZOv-jqnptl@Y{7$J8elRx>idj8z=lR^iN`5!=^yo-VYKFHAc``?0Kk*xo#9S9Gp zTrmkmHl^E5{wpGeLh34wo4{?hPN$=>47v3)oY~KF@5rxfotmy?KKdgoP31Z}$f|t+`@@wYLle&S&)k;fY(*kG`zq zHXh%3uU}@+J71@V7KTy)NFqTl_?}(eTZOl)M%s_m;u}$R+OHHE2j{Hoow&|-O5FUJ zrZMPPmW-M<3XGasT1vT`v79SnyfxW=L7m<=6$z7L>x&uZV%->UUFHX9;&Ka7kJOfD z0fZhvhxMZE(SrQjxa9;Rp;SLZrNvM}Z*TJ4whInKlJ*BU&_JF_0d~R|g7P!-icU2J z(@L5N+mbiZ-jlnRzQg!KZl`ul#&Ne8j7gI8nwShWHaZW!{y~3~i;YfH*p=n)IN1N{ zS$~i zC?CWd@By~26fMG7u5p?RP9P6zQnEz-i|ySBZ$VG{Zx8bwi%lsDUlej>T*k_)>`>z} zMvB6>A<*rpkRtk8br@y`$#}Sb0A+b^KA1erpG%`>VfpWdzHC4%w5w1HYECT7Dp}Kj6w!a-C#3jg{qd3gZ_r6;X}i&j4mODD;+P?^03Y3Vm*zKu{?lnFx0{_#zuMWyk~va{FRx~B-?4yOufv}=#m6 z+@BhcJ+QrK7(}B~#MZx^=`*W&4faODG8}(KdKAs=77@GY%70t6L}A3|6Lz+6;8HTVYxvM$sVN_s;r&qmTE`n=-eM+07dSXMt}<5u<5Uk+nTZ=2bqXIF)@M z|M_zZ^5jw56=NcO2hS?hZF;J|Fa0Ai3@~Sv<`@X!dPe-BA52ji@B-&$TSz)-4N-b@ zwwFwg)PJ-LCof6f1QY1OnsL*T=9zL4_Xt zktLSjy8EP&8lw8sCk2vOpo-J_+s4+y6i| z{bFT(?9QMKrZkXmE>%0xAhg`GU#5*BMXb=Flzyzu{;!r;A;_zw({s?ViQHO_ZQZIR z(1LYv*hvRgoq*hNlSK-E4*ds^7ecEpQ~H~>p-mN7-bAX|xNP(LQoDR}Qc$^gAn`Nv zB(mZ#!F{yX%)>&h`-RYnjBYdFhpE&GyTuF<(E8kmmCACI|YSV9NJ4Gt7f&FQxSuD#G z_TB_V4d3`;0(|&3H+IkO!$4S(_NyB|My1;-w&1H&uLKZfUJ$CDoR74ohTv!$vww<` zP!CBK2mTq_3}0E^#e5|y!*o)*UY!yMtmH8!o-;%bWlB_f^KoM<&zVOkzB@l3o#4%* z?C!okU-vE9OYr7*bs%Z2uIYv&P~h;4iEgbf0)H1(9EhdO+gnek*WwCU--X2%0d%5i z7YO6d9h-54-jI{^)+67g#Y*^b6Vgsb+T(hOE`0SxyVe72>_OgJkf5)^i0eQ7J8 zrEg-#)9!&M_L3!D67&AZ`|TU=l1rN z2odSFGSIDNwl!-(IA4{@hEzVHa%gGpi=ta#IB&H4vWb%IU(ZF%E@LhORGN4XF}u22 z79M6qc(N_em-oopFRZ?({r|J?U;ZaIq78NA!Lie*%Xk@PRklht-?-PK+OcGv-8)lB z@)H;+_jJo7(6`F!sVwj^GUJbR-o>#Z@@oY-sY;e*qV5L2+v48$BJOL;6Mthb(|%8G zzX>W3<{wb6C$0q*@~H{aN$Qp>W`(2jRdEe9>Sm*Fl9o)wX@Rw#v&ONtcCPwz_Osn8$+OZecuVUH^;<)O#0( z{rjr^>Zeh+t%9#VJUD~#-Hr%5+VvSSX{n8wcM;j4=+>m!7j?5x zyeLByx+tGA=Tf2EMvx>@n#k)3wA5O^xNox_z{W6~k>mEd;+}liw{fwvuggJVgpy#~ z7%VW(2rCz>bQi77qm7I{h1`C1-`*HxZ=(?$+d6r*LBun0Dq5-mzk}u(l5dWXB41$b zu%I5O*^^(zyN>V+k@F09tKU^v2|$Gb1p=$fo{@~!?(Z+i2K7s^Rhqppo-rIKt_>i` zI{KSi4JN8BNkw{A)Y|qs zbb@93@!~h|Uvbd**A<{e{&4O{L~E}lO;&*nJ88IE+_n)ksdmnhqdqp-gxw`y5(v zV z*W1#$)B`OO)b;)fqO|NwstU`YAe|GaF^JETIv6bEW0F$jg`8nKW;rC`JL;3Wz+6jK99`hkhm?zHlykdInAp3JDohYKDXN6CXD33ByvlLfVd=M6DO3 zRasgM8IaM`z7(LYc0O9|otM2%_ZJUF9E6d@#0D`9dr#!x5v&{8$a75ep0uBoqQ^OrPbwdpx$|Te})rh`UR?qAbTd6C$8ulE(-?0BKh9DE-nDToqChb{Zt6jGt z$rA5=1;OZ{-N^4KvCm@#NGtcQf_C@%<&uV{%Kg!XxEQ$;n#;}opDR5Y4hTcJVsymW z((|W0HYG2YPN&4`q6(AGp`vERE!gH>U4whyKTdzB+8t_1#Pz#|Jcd{$u?(v+xNqQ$ zn~STnx}LxiAq+x>QNW8#aAVcxrQWkRtt4#rN8V<;B|(Wz>hO;IC_MIjWc3Jh^>0f; z$NXY(=hVHl>G5~`stb)0nqKaUts*$>#uCn#V%=QM;X0-3TfPIf8a~UbQ~rrFs}DjA za8D(3{#m;bxbwOmh&gh_OnF(A1FdflvAjJh$cdlL{$gQ~uG~gW!G-_rQ(`wB+ZL8{ zo3}E8B^!+GtQX|ESizGwXZ}QRG+I&vD*5YH1ZQbkcJml>{oujK_M0Qz)17nhUiRQ#Kwf#}4AX3@CIPFpzSSl(9}Y#`ab6OerATme;l^u7>`z_3h+ zGG-%CoVj^ZdyT%si9pX8=lk`+C+mlo2h|T49c22VYeBHmZ3{}_g({9CA#WNx#%~~+ z&)n&x@ekN9l2l&aOzi}7%aYI2o|$v!{OWMk?OnOge@AJpHAr9}zefi->=mnZnVxZW zu@2ULvqRA{_63woc|Sll&MZW;ocXiw9R5cgx zV+7J!Tl_h#U=b*k1oNG(f;LW2?c5&3_gQ?}qKragQe3^O<+oJWoCA@m?-wUl`_lpk zR{=`kL~mAzonO8NzHb1I3(^&P zOgzD;I!pZN-y~Y|757D^>-O;1H+2~O4K2n+-9GZ0OF*C>{(VklwOEz(mEPfMXdG}Y?D zgif$+>=hw3?VA6e06uc{)v@G8$CTY)Wl<}G`Ti*av#>Ih>7L(W)>!U#)sCWyeuG0R z><3eldTbrqLj0L-aj-^iP@F0z9-U!Owg~#AD@shEuIH%!w>{mye*g+Tp+pWYPoWaP z^68lKkKdK-!KHL)7RQD;e89QlW4yXbi4D-UsP)%57|C}1t>BfuFEu&jE$0k;eIL`0L83Sa2V^&zJFK!C-b}k`3oVO~Ryy=#F z&+XYY1O?SttB4#sp9RDTcQi>U9alW!C;5;=icOS%h@t&3@`6<+wXeqCkH$xDOb>3C zLWbb3w%H=2idEXzba@`Dm#5X?uLr)#xgXPr7xFg^Du8-*K))xzA!{;KzSuaCT<(WMFo(&c#W`r9zt~jZ>Q{Fg2TmUB?>PiR}#M_SlRn5|e?rD{S@l zf`dUdz4d>{yRC8V6ZHs^w~2Cu{04{n7?Q=WZncbO(5X8{d-?K213rCdrjjc^N~ojK zVT`_Rbb*QGkP)kkocaeq{x1atPy^q~i~=NOW*JQ-A~zF%iiYV!VFCBmSgmQz_NVpX zj8|KH=-j@aX*_nKI2>{mMnKmYFpvJohSVuWg+~)n_IG?|q(5vc9@t8qjLqls4?xYD zP~E)^8^Xt+e2Qv1cVj}JuNTgfK$7$858T9}1nFJO+Dks=XDIo-Zr7TKmL6Hu`@IN1j^O?Z#-zm`JX!{829ZVoA z*!FYjSvS35*4iX$bMnfa>R+)71VhB7*G41?`0Q}rV%AdL{9QXk(^{DkA$gRBI!H{6 z6d%Y`aq^IDM$eqD3Xa*Z;n#CttbREE2wy$#DToYTef*96?+{>tZ33UGB?nd7O`_@g zUgCDuFI%l}eA<8@$Vx z4Jkdw>!A|DOd)lml`m(~Edlv$lalBP9*FWb2o)nV#K#46m}~CQd9bwJ2Bi=c8DX|t z3ay80d3jeL>*tWUGx^T%r{z}LY^YPM+2r;L0K{mhzVuqDdXmO3j=O3xezTo!B2{wA z4Nc7QBNTALP<3MzD*4AT`0UCg&q;_4C3jvIZ$yDdZF1Ufx)H{v0}fZY zW+(|2N*Ow;UeoQ#^#1g^^m_rFmDRWsm)`O!|4cxkb3NwaZkDi5&-Xz6goy6n>o>{J zFOwf@%cG3tO3885GWJajVI$J{;V*f>C-!c$I?CT@$(GJDNtTmQYrE|%*ra&2^G%gv z^udSUpXQ$HYIcCc<=+Wwm@Flw;o03g%mX_r*ZY6yybNj5$~U=P ziaO~qzsRMxYue1f?*c?G-n8ehAK=jq>Zjaw@maH>4-ts$_+7RwL0Z^)hot{mF(i~V z9wqD{SW10M4!!JRvQV+F{UPE2LBZKjZBg@O6A!%~P*?r-Kb-H6?+4IHPoYO>c#^hD zNzb==RDULYxbqy4$HT+i^Eisn48M(L?3AK#yKkC{ zAMT2-&28y2!>#iZ7kt|iajPj}Wi{!N47PVQ>m=4GLFt3_m6=1_e_bnZ*j-8f_7F_mu z%Rgm+^`}QUIkif{0J$4pmp;7i(d@^FIn;#PaKB-LAO8TT$vsp3#k$YwCdqB!|KLWI z;7OsU)Cf&oEy6}MX2}>j>>mT}@a}bumM2+wySrW_g-dx4MVpTWR{7LzZ!|Uk8WdgD zI&XG>83cbgR10iKNN>0hxU-^ZFGpRsr8K!U1fu@>2Y}{)8;ONyG%iV$`V;35e&cMj zl^zQE#L%?x_tlX6dGKV&%o;pxphHh>m!d6Z2ug9Id#BqwQklCH_&_UHyRI#fTw}`X zwt*sXRCVg-vctmbiNWjr9c@!jL@AOM6AfovF-%3KqG~+hMBZxO(0$v2r9A+(K;zi_ zNe+71axuUjK?rF@*rx`beyB_M-A{gw(mg`pwOadK6SH(yNWRzTCj};*hUAc<^qIz# z>)zkEYF?B9--&WwJj6-$hmGEHwm=7*fk8bY>f8{Ozm40bf7?~P`vvE zWyUg9twY_Z{$Mpg)aoCAa;SEYb{q;4VUnPbHFa(st1C_&9ZfAxEz-c zIb+2U2aeC0$iCY?Sn2dJPDzswCe=Kf*R1OT=A#rkyggTcLOZBqbP8b`@QL@JyD%>G z670ZS%f^m#L8&AWRy}1SlvxONU}{o$xq;tdyRBHiRaj0x3z!@r=>izi>T<+=4uPzI zd+CCa=SS>gp+?p5E!wNV9nHs$mZ*)aGLeQi2612m&UF6$f}}>Ta;Cd%X;oQ`4rR}T zGNI$~afQ)@Xvw_?SCpEB`y71Vu?p|9MXd89yFd@9;G{+6E6E=9umMSvREX7d#0Av_ zQ*C<;5`guTq0=5<5fa&bZXf3h7&Y(2Mcwu zOnb`HCtkIJG{UZn22n#1y)-k$>%gu{wOtA5Q~e*-l&NxVv*-Nv9hG#l0wO4SbUpqy z{q3(2Co}si`0wQc(taxAf}Nvy+n14q!jGePa_ zPtFTN_k(41qh_wVm7^9j4<3Gk>A`K=x&cVr$0nwVvaxfe*qY1`2gI7bexUst^`?>9 zp9PGoX>dB8bRUS}`_z<3tP4k*Z9N1{yynLrr9m0e>T=ZKEj42$sQUYcKW2o<4n2K# z)k{6mC>m5cIv+6&5x`H(S|$Rv;(Ko5E`Cr~Y(;$wp$?@G0z-=MIqXLUrTD2saILq8 zzG#k3uigt2;URwHRGm=AtKJ5WP!4wPSC2qX`^>S7I!r6ts z`f#aqYa6PXlX)sA!0dR=E~|#)?KA%Fvs&DGER9fPMHz`kvJ4W!hen?B`Yipf9XHWW z8!lCG@ZD+_9WCUbp0xK-qmTUY^eMsf-|V~(&SOjmKzNfZyCAYnI6_1T-4yBoZKez5@L{8>X6JYk-VoN0uq5r>(U8NHt-Y{PxQbeNjm*<% zAvb3rQAHarAzi#%9z0=z^>KKMH50Dt>@~RsR=vnt;*-Xl2tMkWQQuUK?*+?~^Dz!MwK_r;%D!7o*Tj~HhAyz`9XIKrGis82rPh6&veAiHE?0zZhU?hY> zSx8IGn`*GRO~aJ59d;~$T}K?+a8c0c&UT(4GsO+lPtj^(akl&6fBs#Bp92Jbv9(b* z_aHR)mCByNfwi2X!N6svv>R7h6wOqAvD_GT#7VjOs{J825#HZ&sET8C)ymy5bTpiNU6$@!i- z$KRPVgxMKh@Jpb!7SDXK&vJb$@Jp9*#W`NQa##SYB~MVSCnO<*{NP+>aW-bM>5>m< zAN4l+#Nt|I5X+Y|(9|8+DkJis{W8t!XsEp5x>9n5dkiq+WyE2|4wR zZO)S!D`IxPp6w`JI-~@Xoei?wH~@~vr(xxPJ%9(>6+#?m@?PsPgSxTJ$t9 z3j+srBwM}W6zm_>&P-;5G6QMP8rarQPa)^mx?N;5%%RQH@HOG7WglA-`@p8E^9+q0 zW-_ETpP3tf&uDzy*<0ceTu^DNj#^bWj5mEoA2!|4T=(@C&)<}2#nj0;;Ok<|CpkdF zwp2*?{^EvFN9$($Tw`imb({;E%b~}@4n?+GcQV(Fx5z5LVzk=7>weKJ8CC~G%9YKl0(_w^z~`I7A!-Y~{-dsQhCMi1?K#}2{dm$Id+jUMWO zFupNE&vJ@|G0$pDQMN+;26QPGrLJ_jWEcFqBaU>5L&NaIN7!T2v$i3B;F-&Zf&cO6 zjB>4305QgC;!DOW+`<&ln2OGv&Jjw$;k>6fGPxcVcMm08qhzZl>>dg3UnZ6nC1owq zD@gG(dW`lzfS7N$>O+DqNUC9Es8~RK?Kn#es5K5Jo_+}TMFCU>VhLpfzd;wHyKB}| zfq`Z(XDyV}p%`N~(KAlue<1zr{YD zuu62y3@lGej$-ejxgT9!gN0EPo95Hm-2&W6x<)OmCLaOR0#?JBYf!g5`Da+wwfZl5=-rHz6 z#l;^*SZwV&V|9iJP$LQn`HWC1C7kg!D2pbs8?w$T*mOcFOXZN@cOI|alXsu5j z7_-1n-Ll|x@Ba&3e{hhtKQK!}XhI%hs2cG(4JiA9R{dBQ<-6Xh?V1 z*QQQk*3_F@jk2s2HAHl>`UV%_r+NI54gK2jl-AA?$?NwMfZ`(?)Q{8UQGZGezyuq9 zrq0Eht&3OQ&X@d%RYnw5RK3;qSCUF{$x?!?zvKJND5Ji^XOMWRinA$6_ZhZ~DO(dj z?;-E_;|qLi=C19dK{PaInMpUv@I@Xw3-Q1*EZy36lg*PD=1L4hu5v~bI+l}Gq7H7&NRs_c8veuO2m;dTM>%qXZKd4524Ii<_)Afo>W;@E=?ybR0J<5W zvNRlUFn3^f1XzS8Fq%5+Mfg(p@0<>3oAaTOuS)7a`4F3p1`ZfDIZtZw%+HRW)2+h) z@>y5#l&mH68;+A^@G+GR{(z4~N@`2Qdt{Xg=Ut}>z#gsThfS~d*jL!E{Yfx{B2qLu z%w#}LXzIwS6Mxnc7!>@Nwg+?Z^O2FQy5e(BJ~Gp4((b8XQhR6Z=*}md1j>^1U6NH^ zfsZv=_6V$T!G8T84aq3v-T|T6QL&ac%SblRA;5Q~IiiOSAL^;|sG&g@Aio#1ADV?PPCMUEKO_1?emVb|&sE%P2_dz^i4 zeby-L2BHLU9zjWZBPHs3?vjDTT=3}2*fd>)A6Lg7vdkaJas=-^7dh!Jo8(0eQhhiK z^DS~=WG;z@fA^u3nrRzL=$D2h+MwAY^w0NoUNMRu!_`b|KJV+_*XC?n2U;b;p@L2Z zxY0Ih3(FJi(e6k%7a-63Q3t)dFYHUo1}&-Z1wJb(61=A4pG>p z1kIP&!dmbnItZe<+-$gE`T~#Ht0}OQU2ZFSMA|4lm|-*?c)gCyF)P$VjZpsbhB8N{ z8=f~YEE_8cWn)F7iRMM^J;nshqo61z!>T5+KQwI9^a5qhO)i{^+`OyD-v3GJW06p_ zV@vx*AU0I`|DKh3h3ao=#t^0~zL!ntBj1<4Qg-$>2L})tu3RW79+t5;VT+Hkf}59$ zF}{o?bzbc~V-+64Tx$s={1#i<+2p=J9~(st;tXww)=>&~e3x)~zrH-FVwF`)reHr~ zgN@h5*V_wtOCPrjdx&m7aq@;bnSx;G&3q5c>$qC0%jrohFSZHejllzCE7qa)F^rDoPlc^zHRDl z$4Nx)>w?$0wiPPFq%;sy+v>m#yJXCc);H-Yrn0bm5*s)@u1G~rt ztpak?@}pQKz56lEK0|E--RDFntEA461Nqx0d1aBkyr2Kv)fd$4$#1t)i%+dC3 zoIuI1j_n90@v43f;g-jJ+K*JHtfL`)tc+1LRaf30I1%W7RDE3C{Iq9_lwHLTnS`d; z6ij7i+p`)xFAfj*fm*u}gM{ax^u5tELLICaM5HcXEhzL}oNm+E`p5x^Yu58?wz?0o zs{)qpkZ0w59XAHVB9{Tb_Sz|lQqEQHQ$%tyq<8&aQ924H6~=guB_oR+>pj$nY5cWm zt}_v;&92g*I;D}6ay+WPjdO>=V2Ivj6K!!M)xx$ zvv$r#1Z2(7&LKtVuL%a4)p3CQgaZX*nowH=j(UY~@$Q6p4;iK!nRjWrWq>PF#f*2t z@f-D>HiIrvlN2-U=vXHlg<@E-7%wK)6a|kYF8)9ITA`dy^R{OB#>W6I(Dwb1O_$B0 zndv(kAO=Z*!}T%zT*jwy{qR*W*}YOW!&|-*UbHjjr)ZSZSE|yk8`>Kj%MrYEJp5ie zu)~BkAN*TfFVXFURMFwZf^O@H+)ga<1cdwRmc1cwWGyUVq}aVOC47YWy0LF`Ck@I4 zPrG~sC^!%`ZPk{KDum(T6IXO{M6BYqzf$KrV-kTCB4B~S%f+E|&y?{s%oS7*UY{~u z@DEoLzbT(EPvY;~9b$HqbZ8idh{-;d`s+)N8Dfh{MG!yvD0LSvW1I?-`%A^W#|vtI z-6IW2yb2Kw(J@x>E;_6T1Y`5NudPduYaeeDd3H#FN`IDAPnr>dgQMZ2KOIpQ*K*aY zF8!E_D3`!!^Crdhx`O)AeG!Y<(K+T7xJJYbmWH8R;O`No{dIRhT1)JBQE{E8&A~R^ zL(5lPPUY=>=P&UC{+j4;{oV489F6OBn}o<}3@Onl1+>vuS0 zZs)n(KY(Pf?!Q{92`n&X=lqy*w^)?-VyqzmS;3$6wFTFoY$KR$ZL zhgOy}DWC${bg33gTBj3l^w=6xuI+B(*q*Y6?!3pE8J6U#aEGq)k|6hSge$S1QOl+= zQRl7xil5|x$cW|bpbGYUUBcMVl_(rwb*%m$7#mX31s$PMXQ?doPpvvM@nu6AA#WyM*q zNQ~`ep^KO~eJ=Irf9~h4c-1+g@T4BMg{; zE{JAIUWR2pBw)d_+F(b*UOE^y1MRCU=!u?4pZxF6s)K9I??!oSuyq$ z3Y1;cq9VO*jp3-Vf$5S{y)@o{{uN867-(-b8g7-SILjSi16OTRU*8i>9Nf%nuH&m{ zBL7oX%&h5Q`)A%nY3%uO^2i62y+lLov<1`2Xg~J@nu^TcuPq#r8Wk76bz=%xGV*lf zGTTOe=;<`n4xIW;?1k6>-Zz~}$V{33x4`qdzM=-5q0*!DDmoU>6rPoAzE$iM$!P~W zdJ$%_ePmwBy&xTnx6uUY^{J2c@P+FLi+#+YN+I58%(n=37BB={z%}8HlY)O?kU-ek zj$Ji}>3J-r`E}HjbzI|tdUFAJQ7wI1U+W|1BZ*F=T5G}b51br9qryMcPBH-f-3|Ss zmS3=Rzvt@j4D8mFbEhIF6{Nf;7le30hhq(IG57?4{ zDU-ESlFZxH^W0Q{OB~v9zb#t&TcKCO@HN-a@bUIJHUTkYoGgRJ&< z`=tzv(R9$wD7(7s`B#xghZx%FJLtAF$KFh;+aS|Jf8-T_Ie^LG@>A-9+x-L%UKUkL zZvfSS9UG6U?=v<35SiPr%mTz=Ji=?yqHlcRORf&;sYso%JQtkyM}Pb9M82X@*>Yt% z`bp~h!86C?(Tadbz`Hp+pZqF#32TUM1kSDXbVGN*hA`704a8Ha44bXOB>hDRlDl?? z6|8b9W^%V3o(3 zZO-gIF(?(JWRP8++78*Df%R^{nPOF^sC#QLD|Xk<--qrklz?C2x+AwZBoCFs5HoY1 zEbsm+%G#J`eWI8ZN5#?%q++G0gJPiLe#>9Z+Q*Ql=~wuO^V$;WvSF4!RY=kNOmY3n zmJ185Yz?sO(<6tt4Q!t!&TfQFeY(~LTV@nWZR9u6{lWwwBE3*%K}@^j_b4eS1tDp9 z97nBcbHSb9Pv$DD&ty5>y|8tkrSxcrUq4pb={B-1T2uvTvmixGL+{yV&{oZO;1_jM z7Q~oWRsR8y$?`}0i&FqwXpNZoZ;8m1wQ%#I2I?7b5^Aa&4^l!4`~N0E7(Sl4K=%HK z3!Kqpj$wUdZyZ(i2GpgM&}L+Ca>bHkKBVRlW>B^arfe{OqlFU*y|$UI5J0S1h3pFf zEe-FLEaq^?q+VvJYjvDU8RV)EsW}vFO|E$>>~sMu+RU>-1WgErK>1f1n-eTSSpDv= z!Go|}u8p=?Znod2hUBy&&3!DRs!LnQNDf?`!T;Gh$9(MeKPx;;2#;Wm_>A-pGi@qo zp8Cal?s6!eT@Z*4$Nke+uZ>7HuK*pL&0im5eZWY#5vCS>z?vAZv^VNo2JUW&rvdo1 zYJo_dC~ZkA6nTtX2fvRVB#6P`fTCZP3g*bM3-;rS2X>0h}U z)d1ylv92zVP7z;!MgN6|(%=`?$tYF!VMi1(U8s5bJ;JFcr@)<0qUOh66;|iqu#ZMI zGkEXev7axi%@UsOiP|w#?;`Ii`YGOFlbNxKO+k+0Ve28sIkzOc-%1KU zY%~}&^fLlz<(T@XM1nbLwFGj0>Z7i>6|>mVZom4_aIz94-;4~@mGI3~YcpMUm;C`2 z9|=a79%n-C&h51y9_N)hzBd<%T9it`RPlQU!LM!;&rkt$@oRneo^l=;S@)W~tpdt~ zaW+e3)%0Q%Er>8+bfNaqsF-r-iaSU$Y;?c!gD0hZMIeMb-JJYk!5JlcseWSfsP5JD zBSsf7-2hTK5xN6#+cu{X6>;+$lcw+Cx{CgYg05}FaEq%s7tZ>F(8xf*azTNA0its+ zep6x9mxc}t2F6J>sz9pBZ{l##^9i|qkL3I`=!Yfg&kN@+E0omqAO8WAetT&8oBm~C z_Dv5S^Y{zlzZg=2e7!)K+yS0?R*J^d;uiHE`a{GD!&cU?q|p9968N1>E+}W*xd=Mj zWShgX#{&AU_ufVl$Q5peU7rWrk#N(o7(@|HJ`oTnI0TMt6(qp_pg_!5sQ4bSoh9;B z*M3nlrX}bzp%uQ<_?1-t+)=W$s|Q+-u#pOp^+5i4%~PD3?PuD{N)1pyE>L(svJ?kG zX$m4dBG^XAB^>=8NxC5ledV=InL@gze8 zCPK6&P%Y7OnE%4hfs|~&EE@LZs^q|mq+r4>PiEHInWhAfM)y52BpQH~WKqb(4%#_z zWr~Qms85sXurD%IIw<5)@!3J5=T{I)_q6W{_|c8lw**2OK5t)DEiXs2oqueXJ_ldz zgI|b=@GAKqAVqk2x-5MR+$l?*k}5Csl*Wi9UDp^PD})f_6>0dz>i%dK#z#EwhTL6# ziWnjooQoYHm74Yt>P_r*3^fYn;pws2RCKWH9gB4 zkE>ATngWlSMG%`__ptUG3isXnCFA&iGgtEqmSp5s^7sv-*-WhrunwZ-=t4`Lj+%5M zw8kPkLQ^4VoxLfL3zZbw+Iplld~uI`jhXYmjhWbXCbrSBZQFKcVp|>C zwrxyoJCn>L&(8aP>sjmDC;P09yRNFP`}+M6PqGx~U!95o*4yAi4`N_sGD#1V*uJtT z4N!H(;vMhp-4IGS!nJXPek4%*L(_{MgYhw8Y;RBGpJe|o0uNKHg3`R;3=u=KlHcdZ zAin<(K-RUyrrojnk9eqgbo1aJr0{3V-;wbB{o7_JlqUq)V@98u<4>r9ucUvW|L$mn60LXZ5dRLYyEB2&T8}y@7R*thE?Cm3@VFpk`&otGdF?xB z^157JnoW!va#Y~dOBNp00kaE0rA1A2xy>5cj%hP&h+sm^%wrQ6QObQ6y|n765)AQ8NA`%boz4jjaZKXAs5Zz!`1ItbYzp~( zNs^YICYk_Y4aL>>QvT#e>MniR(Wx?udfOzM#1h%BS^Pu1|GycRk;Yc-5faoj+GTeK}Km{Dd8J;)41U| zIL$!A4omi$!z}DUsHk(bU9Z?gU67w+Ze8EemlTj@si>YZ3u z=`k@9Qyy5S;<(EGlAC7lXPc)G-IvA$XHJevQEFB2L{BTn^G;}Xgj8rgYlg2y)cpha z-&T6Sg1@0#Ev$wDY)$+Z?peF9`Jw0goie%6)$a#_4K??rU+kJ5S*IEGBKUe5?E=xS z`=a`!{Ea*L~KoYnJ zY9~5wHIW`JYpct_LgqhCR6nm7+%fB3>AG9dY$bV}Z@wh#V-1UA18Y(z_6?L+h}!tv z)17cdOP!vO_U&Mt=&RH5`9snLZ@p(f(0vTxwpo0!B1fv~*=caybar2Hi*~RjyLmpO z4wkl>>6H1w~|jn`s3NR?U$eX7QQCnsk!ioJZx)|R#4Z;02xjOg5A@L)tQn_W-^vd z#f7_Yg46d3>fXM=c6}x8_A{dn@vM1CALBb^7lqM9t_HoW@?{DJ^P->idRcZeCl9MIGRF45xMuD;T#J%|oAy#H*tWk5e=Xd!5E23(%$} z6UT>Wd@P99j@{Ld^ipf60Hh9S{$>nG8ygi_oeGcvF(^Adp_gdr<660S_Bth4e(5x< zzoYEy>cQb=vA&fkhFr=g4HD@O9ic7>K6opVsmX6Avz#buGP0WXoJWqCLSJ&TnEe~s zlO^W4)96WR&frW8k<)G&C)6ml&r6_AtD=(@S#t#bU4iS0H1ZfeHsIb&qwrh{9j7IE z$N29Hc|9(?BVoTrIX5zo*BnuKlfU2YO;gRdOa}KKfMt{k3}2~lBUpFC6EJHSro#?J zHq@M6>hzs6d@g4yhD{w#`v-FmrQb7~trZhgy2|-s^JA>|pN@3kJ_4f|7}Z;2Nxquf z(>BW5?h*!FOj7~q%4x)$9!7dGghz^RPo`^1w(OE8HgM$a*9l9tm zP0rPv%#HB_C(?)(;}d_f25Gd|#<=IG8r7JzICT>14o?PG?$gDso zTB=c#cH)n0;=m2|jCwE#(r^`2rMITWV)QL6Jbw+EUTagx0}8K3f@P{B{`Z&O^Ogk< zGul5}tb>dmJtSbI@V;#gYVyxrpKr|jRAs~`{&PLyz-#7|OS8zdh>rN|vxD<5kXLZul;=5j|GkKN84 z+rOI=9q};?PuSF!(aubon-DoCapOgal5$Ip5pVD1pn6wAVNprh5aw>!Bd=FuEJQbU z4%lq3sYnFcIpwl)0NyPKH0)BY-yPn(BpfMd`}-QGAz&sI5loCs7+d%=wm>4*LhIIk zrg1H{;KOhv4YVkZX4xs$EKak`9e0$BB`LIPq99Edls`Y8(f11i8MJwUvI}Nh?yvB0 zVvK=}rYWo0%`Og-Ygk0zd&ZGr@R;FFsV4=Yq@yGxH`}6CvoVX1TE_Euv`?!a{D4J% z*t4ipzF5LNIM;p@L`vX;4KpoI@_?3|$lVYmjnCnN{ zqsg#S1LIi^F7FIH*6N0%gvxuJVADt!?UfhSPH}^p3haJi$z9P(^6UpqhBh=M>kOXB zNL0Olg-yyZbshPdjo-Aj`T3Wq(G;aedD729c|MeU@q(WmiOJ`{(@TOdXMG#yQ#^GK zhphjAp>vAAP~U78it2nx=$S))vdzcANWx%QAiw?go#N+B6aFsaJ;jW-tueQF#?wQk zes)23|D7I?D}07GPW)*od*^2|FdN>(vsH2anL}alMsb8FKJPNw`K2>?CI$dTwH(PT zq-mg1;Zd6FE%n>QHBpEBmBlyx6RH7VR+%Sp#465`Puo~^%t(<_1+}DErFk+=GR*sL ztDkOn=Pp6Siujn`C*-tJcExI{=IQm)@Ff7~w-&0=?)=9n%Z0JX?Fp)-FnSF1q+n=( zkZ6BNzx-oeIP&*kBg*ktnZX}cR%8DN5@zbghmpDY)&BlKI?8!uMsz(rO!jQPm&iRD zxO$Ima_4n(cdlV$VW*^GTxu97YHLYMbuBBgf z=W%;a%nL2zX@oenk6gZlj~NqUt#rbCR9F8~?wLnPCsTv!ZU+F9cr-9?4Q0{1jeMj1 zuvt;X`_=}=hGX z7e{9tr#*RMZ+p-8HE7{Wc>Ty+NitIVB!x90fI%d+s4ZvBL2_p?m;BO%>Z1hlc??l~ zXYc>s-oUPcv9H7xH?*X9Ftxmk8=N<=8)ZwbtK7cC9tsoyj!Av6z2Nz5mGgm8)%a}s zGR$P0%x@o?w%F%%L~)SEOL)dMmw4dDq^X9jYlwM?jT>MZsM$myOhD??VT zPful!L%t0?yniv$*?lG1R+EVvCcQ|@3psb8&w8ch2{{)PJkT7!#cOv)P23WGV~)Jj zjrFJykM%5;Q3Bn(3+n{wT3-=^4u$Xpx$y%hFggwMk7(Gs2t(Fjql<8P*D2)8(Uf3a zLX8{Bo@^apqXtqFo=!}s3_iYa=@*0K2J)Vz81O=AzEae)=AlhSh4ag{q6A}&fKHqA zWsM&>e5htv{?Co7@-b`(S;lO5E$m8@abZc|u(ym!F$0asUmQFys6*%nT~WWGhx`^z zK#J$D=9DxqJqZTZnwEXtXv-xV$s<*3n>uaFJvp#Y4CEQ?82vgS=k=r$+H|u;#$Gy> zIm%bVl&)O$ZTbe4U)ZQ}4Y7qcYY!2rkt)R;X|-h`Yc(v+2Vod)Iv?JH9ymZ^%Rr7U znl+rp^^X#!Sy+<#!;%NjfXUOW8zME5RT~rHbYxM+SzVJA= z^lH|q%klJ*0x$9xIKJ&8{fMA~kXXce`?u-c=vDdlw4XXfw&quc`!%?lZ&715%c>jX zsnK=6&5*9u!?J8GV+&vdxnn%=%0=!b&~>nq|&9Qe@E7>Xcg}K zbbbgqh*i>nB~7Vf5$7R{XJW}@A&M$-m`6MsaRykdfGC~K^xK4R1e^dp{cRDj|%ebn|QAMSp4_T)Q!~A^+DhHw@BS`r!Wts zPs#%V1e7762e52`_Y#ItSbgvW<=1Dm#uKU^w%M}F84dD$90*j4CiQ}ykK`4gM3)N$ z>)>1Q?G$&Q>)6W2$F6z~au*pMI+gd`7Z#y7s0y|qs*X+;GqA*;dhJagf1{9^Up=4S zv%$P2u)vRe;oPhxH_;RBh07*oldoT&or0KnZ(|xA>O@}l8b3~ZeQ&_>Z^i)Q7b+R( z_F!^n)$2*SSsTrvP$VH$6NsncD)+c$IE9(ymwuR?v@EM}DB!2P!X%DicTD>Vk9B#{ zz!LRZ*~t`r=@q12tF+c?aZ_%TR;x9BH>deBAJVxu{j$_}&n*jo5NB=TZgK>oz+;KO z6o{=g=VLHOaUy(1Koq-9bEH-2_$-~I2C|Dpn)fXHa=)3l8+5K?Qjg?7Dk6TvzISR9 zPLr{0JEPaxOzcLzV@1y&BucOyZ1?$rI(oI2<0fOj(nCundPs@gABu=A2T;#_>)BDecBTh+#l-g^xdnO#j=$dahxKV_|bl%j~r)}mt!>`w+krqgjl3x zW9)Xv=$h4K}e5l;^uRbysB5nplB*xgIxZXK$gOas57X;NfSGaPl z{o*7|(x|qUzlO*NV=Q_1P6YVj3fN2Pdboh`BKoxaS%DB+aPWZq5F<4~$Dk+Sp`u2P zVYxDH0|JxH6{O8e*Wg*7P%7KHN%$oq(p{>9$d12>&dSSLskjdBWnns*pel;^9HptM zg;#j7Hb*yFGmVtzj0`2lt*=>awVAoJwr-wTP?4>D5Kpw!Zan4RN#6f=vt@Uae_MMR zLia`JkM61Pkj8ssX1}o$O313}bjZ}mt&1<_0c#Qyt zsdxle1au~xj-CgFy1#QM!l;KCQfYZ7z-l})hXqfgQjz2KV=M46KRJL2V_w8ODMK2o$bdC8`Uk=Vx~u` zjb`dI+Yy|y3_fBE$x**2BAQA_2$?`QkgDo!YhQofK0B;0PPsr7BK2W#S9!=B>QiT; z9_2+R-8QTPflT+l7!aoL0mo|`YE{N@f~~wd_r7Ol7Yr_)c3*N9h;z5WeGISWT?$T< z^zhE1=b;W?cHq#jqvJiUMc(s=NtIgwZ({C z22oPT=Rzpgn%FXMfo*9 zi8zR4ky_lJ`maVW>gZ(v;r}p!-u$GXdhUpnoFB*@EaG+XAb*fWV{4FaBAjro6G<1M zH-6q91V?f8jhn$0&Pws-baU}e*obnrHd~ag4sS_u5H?e7o>%=<&AUhY5No!58s1Kd zn|&yztrbO@`SN71fhIa_c!VP3!pYZy0d17t}?Pf$+ zsLBwOU3f%o#N+dx1_`1z4K5*bjZ7dg#lY%S)fABGiG>Nv;hS(@74dxu04uWf51^33 z38p^0e0S-GW}kM9#_9}d#HY~d*LzUk6ECxsBnKO`E7#Eq9T@rPov3hYa>t}J@?2A5 zIXe-1G7?R^{b%2o^CNhYn%w)DDQe$Y7^UlQdo2&FU^c7U#(N>le*hayf*(-6%YQyg z+)n--)#7`!Jvz=270nf$W6iKTTVZa-RzWdv5v6tU#R8fj*SKfPbib(`E8AGpRO_TCL)u#pc_+X5 zXt{}B8O;$67=|0$J+6Qzk=xy!7_m%li#(JAGSmGzy&vBkeE?+T2WTmeX>ae7W_`&puFG-CQNRwx&bRlhT6mesowZ$m!Et zD7xMBoIFoqI1}DVodDD$|LVGyI5wBwhh-oXzf}nMrNIyn$Ou@9|zeZQP z(!hGUh(wN>JSDAyfQzxmC+$DZ3cdGTTJB_im0to84-^V>%9Am;-c-9NpXa}9jW{#{a7nDQR3JH~w&AC-`Di{PxUYCgN^nh<() z@KeURU}~qq8xjK+oUZ|FNR6|iF3derRqTIelUr5Dgq6|4he<0$2woWPSl;)Sv z{SrnOtRozQT0Ew+x(lOSDW?zY%u@XG{mSC~Gxe-F@3{_uJ6C)6{6F)!XVs1p-{OKa zZ>TR|Mx$t5Fwz*AtZPG?1L%HT_=1pDK36bd?YF~# z(q;G8QBR&A@Z49pii2Ogx!Ekiq8E-)OJ^HiBm`-gF8T!D3BT-gtF&dr!L5AM)WBtT zn-IbW9dGj~&bWSv{_ACy6p3|oiwH{Y*SDPL7b4KQWVTu<;)5Z#HCaBfATle`O4C?4 zK_1DXl+_dZ5Aob}QkeJ;@sx|b-wcu)o<|l+j>|!tClZ!vEp{amr_s>K7IEz@(`w=_ zcg-SKKO^z~c`O_Sbo)xif@&=`TlKalYIk2>KMX#-A+$q|=H6MM&#wOo9Rgoe%CpH% zN+)bX@Tbc0qZn%0woXyxT6rxV!ICS{1x;$x-Yqxd9j`Ga#O33eK)Yl^HQ@7tB6u)h zO$oRk%h8M7-{SN(-1!tqieE3}R+9uzK=(;J105M){!2Uy{zE(u#Fvc!OFT#ZOFS=8 z9;lsYTR(}XS(g&xrzerv7c-3fC<>t<8+K<;{(qj*{+~Q15k8BXGu{{dZYpVq^{uj) z&GL%2vQcaKiGQ+P~9Pm&AW>D?tIjL3A-_zV4;f;@gLK%+R8%J{vke z<`L|@Bbzu3e2^t535>4}DXFp>!S^3h78}qDmTL4!eTVqYwY&%C?f@F?A*~YBQUOj9ToQH?W8jl~F#5XFn(eG?{P`?;hy-ZFRnF9F~J3 z$D>i$K8GT<&MSk+--G3c(Z09_4D8$B5c?Y4GNsN|4FM9)VR%r^M%(Q656#^?9MS&s zk}IATn>DwW6z$zs6Qe-7Z1y-jbvV8EUhu{Q;dLpWP-nafZNYlKtE9 zO65br;nsf@&xmMy;f>Afny7EMW6JQ z5`0X@A;EotU2g=ZR)1NKT#st>f$^_F7^2E|=t3V@lg*$<_|3}aKfv?%ekU+Dy}En9 zhqY(FBso<(HyoyWvhKuV#he9B(H*54TKvMX2)^Wyf$K|4RREI%41K49Apu0PZAFPHDZcmuST+Dm)9hY7?+8ow(TH_iDt9H)~l@6op3j`TEr7g zk6f!9zmbB7v{6{?g1^K%USaIBib1BN{F@*Z%Ag|LPrmNq7D}{&@PwX(W06G`Mrp(r z?rAS^zZRyR=aYCUDV1IGEx-(jp)LHEcoLWV|A?pcId6otg-9P95Lrm2or(^QFFu7Z zkh6C@fo-X)kD3a;3h!JNlHcKP~w6`)_eOTN2OVJCF%}!;n(3 z(XvCxq45u2E#klJuY}%NsU@iuNAPx%g*zx4#8Ti|ca#VouVW{xA#bAnH~<-W#jLcZ za^a^)!2BB#RhA2E78h{|KuE^!Ljt41z^66uQ)3fKMv;~ke5?)E@REkMoUBO! zgZ;24L?@?0n>N96B6r?EUb2k>GzpI%JWUclOMkk!z|Kd0(0{;#^Mj2PY7c6z*wH?5 z5iOQ{lTY)1@H52ynFE|Q=l>JJ1+ciXo6@nZXHRTonMq<{OgT$I0(KOl3tzMtutS@Z+q&7wb_Fob zLbKae4R>5)z{*_gc?y?IjX-WNiwy;iiODA*7rNug>v3R?GU$qBod>sj_J48?8E+X5 zkyE=gla^G5K0QR54BD(SbbOgOP_y{(3XG0Z@RgngHL%7oQ!y+F$e;(k0#}K)L1mPB zI%r8HQTP+s>5Gmpu}?X4t4-U-`;rZtmr*bw`#0tR&R38J=cZXP1&-Z^-iM3XWJ3SxkAw`6WeB7rQm&|Yvv#IRFC zOAV9Z2HFxUlDAS>8CXd&g#SOZA;dJ5W+{tQ&1Y6ZF^Bp20EfjuBOD8riu7A*3(Rqb zIbDsxlEcW*j$tY#^#%$lB?VXV0z)fxVN}PPnqWtdk@Jyd(ZzCLRTmu_EkqCsUON9} zsxsR01B<314;FfBlBZpidzw%&Nrq#iW(XucAH`4F3jK!$3o)E+9IifWuXYd};>PP^ z-q*L(e!s3cGW_U^8IU9df%EuDO2|~FnjbiHa@+J&NnlZT3Mr+C){<`(~f$GP>UM-M$tklV&s97^fr)RP< zUGg&>Xys+jv|EdmeI#HOGT25+K&P=-)s2$&78_f%9-l<^8GSDu*r|CRO&CprgaduK zee6}N&?c7NW6cIM?HX8=yLFM2EBm@&O9>wnmirKmgGUJGvY~dt!uq$gmm8>~d_K>b z6aM=-Rons&FHkstLr!~0qk2TD(&n%5zXnVSZOJB;;a@I44Rk_Oy4E0t##CKCLeKKT zyA7AVHnP@ObgiLgf1Y4NR7Tykb`h&9@Xdp zLw5U?$h>=GHQlzdP{&>t#6u=`b4DF1HEtlvLt8s`iG#&P!Keswj@z zm+G$@z>1g1EXh&k2Oty_bvEnf_dNv}V^@(tN!h5w`#x>)mtX=+?;$%JcjZSgc`<EKpxvBuduFHAehpHAP{BhcHQ9 z+gP~@vVX9(kU`?8iYi%+W>>O6gMy<4w(? zbvvUGoLNNba0cRp_w7YlQbUXf1|~-~k4CCLm=vCJa8V4yz`v=Wr8nKh9?H%s_QY+* zYThX>vG6b=dAuekM&6?>J}cmd>nR&?71_Wk`*Jwv5}#6o4ov(V7wu#>YnA=;Q*R1e z-khl{=5q=$BseVyUFUv9(DB;H}R&Iyt}{;nYcrx;tSvf}-?64+H=h{V49wQZZh z!Hi-fzl!6Wnyt$Z16s~baH795B`)kYGMY{N9{sPPmuOU}d$YnGI1trJ_c6#QOor&1 zef)kfP%_SJkQ)ibP14%evKkuV)>% zP_86#D;D1{UUwNv5Aawh$Zl@WUnRCWK)41@@UCK7y?c9gYSvHt-iXM!o|!XoDw_3H z2T3Jg0QHR3xU_EP&;^c81vD0!X&a0@1}Em|$Pq~wj&lRGr~kJlUbE8sH!R+>DfNRI zL&~&Nav2Oiw0=3G2)PHT3f`}+wVO5*h>U_auRvuxGwPmm1JahF82H>dnP2UhVbr4`o)%N!KVHVEJGJCG%(8frK6$H&h?d7z3ZmMOYfm`Z*kGBpSyD#Jb z#%7*mF4Lp44I96GTzpAE{v32VIpfF8(jbMwlRw&;=&QXIDZ*^lu^djNVwC^AnJ*Nb)iZ^#l3O+ z7_E+sUSMMJA95O$CXLC*H0>C-1j%6I0N13iokxXe;n=80-%Qrf2-dUIvktMo6{{Qm zv8ozsrfluNAX^}AtBvU=BmAt7*!A)AZ>kdG%Jp`<2Ra89RL{i80_)0x2ynU&%B~Uh zw4BCSkGoOXWnqN?yUk=@iQAC$(@6|%hJY-}?!`9bWlOFf*6t&|JWJ5h(EP=X0^N0@ zV>2=gLh0=jp0b_jc}N$9F;|3>hMtGNE3r80DSXn?1^rOzYfmQZs{WxyXwDzJH=NLu zuA1KF=+IYsk+jO#>aeY=%?d9EM~nuz-F>H_msq_gRo@eg1Bva#7pq&vz7Nb;R(6Wl zy-p;ThQRKm6V@G;>&3J#AYaN9+`~*x*alv(v&Cd8Kl+v8$6Dv_pXw6ck5s>GJdV88V1B@9sZ>q4l?zdRu2Jv9~e@^GtkRq}rG){9r#pMXEhm{G!LhDCghNt2ixd!TCS zU}OQN{UI;*J6gvkbSh$gml(mPz$RA=j7dc71=B`kqAf2XoPI^j`Wh_Ev?T*sl-i{`NTHRkNzWlP~d$>T8ItM5JQG5u6!>2CJYDYR#u9>ZSz9ZaA7A&!OGo2?lJiN*dpGpRg2*%ek>x z<3ap~$#p`X=oBK1=>bQ81*w{svbe5GXsp&0z_Rk=)8!H_LsZ>yh$)@-9 z8nz33=u~6Q=XVGFfImceXJ)mt_$O5N*H3H%zNxl>pumOKd{1n(ufYx`%8ddOiT9Mv z)5KUgFw@oXGd3%xyu99scNWP^xTEqBd6rhF_7d?=tblauN=k;-K06mE5)CLlQgTNu z+jLFU9GP7++wDe1#!F{)t_O@Q@I;ZUELcWKO9i{S)Mg(U#%i~?%(eT;JClVL&A2c{ zr|a+@{Oo~%Xt6@rna=y-%hMa>&rV%9zdo$7i8qHtBu()7V)3R?JNr;Z#b@0*BX zlTKP&EvZ`mjf(Gv!9O_Qp9NI2X1MKD_Q%u#@cU$=h+WzCMzJ8v9_ggAp~!-@2iK4u zYQqO4@aYx7)9PpN(rxRLD&$dZbV^i$mAnNTDYBOOVN;4fN!kX^h913ub+-vlAVDuT zepm~(!COi*Q%#DW-~-FrVxt7YNPC1)^=RFnso3&sC}kg(1x95k1lxg{C`NTHuie&a zX5wTonLx3c0i6ejY#tFF2APX+!w(1Fn;g$?QTaH$r3g?BB83|ei_|xiQ}NJFpX-8Y zZO#I$D&8$w%`jNFaYQ&bGfRW~Wl#8-GH4tq#!?it1YwXqd$iMmr4tGVP6MfKlPP09 zU813}Ue->CPRhngZ6X#0_JmRovqV;Ehs?c+lWHkP0U_lalKRu&R0dsSu&N@P| zl!f2YZFZa!7mO%yP1rvkGA4LG-GDfaVEDeTM7zcYao@s6!A*R(2Rckl2raro6h?D{ z=3ko`)3qjAHxL2JlrlNS+aJWYt|n;eQ$#u?>j6-@N$X(CXlj%G0W|%)#(-vcBnC2A zGH7WFU4|{d5jSjp6-Mj{F zz%ze`b#MTBCT$U_jRLmvAAqQP`)`~Vl=}XXQTiD4Vq;}2=h}Y&owU~zaE*~(*ygf! zfPVnLshB7{{Kp!2?Be38F@O96u=)3_12k!!F(CxD^*Y)h&&N09-1(b0VxmKQMlY!J z2~Q+f)-0xFyC3at>Z?TasD|S>etQm%xuRXz=vOOyf@>=Zwn0V=4*O|LU=;8g*+d4g zsk`dAw&zVz$gr(1Qj=&nI{~n=oUN$T2w{=ZI}j(X)(k@UnKdIgDul8x-|VZTYO(Rx z!3Zs;J}}V2>4-|;AZhP!n4H(v!DaZ0o(Wxno*KEYf+I&;b)Mx`w6oVmTG2YcGn33&~DHW-cH$h{cX~nwQVFfL#g@-N6f4_t!j(Lj8R=cpyBtUJv1MPCS+qYIWFG zxHe#)V5u1&jsM?sQ1Ty1zu)Yqz*zQ*wm-^YM(3`NLE1^LNTVa9ZPMbJ_zCHgh7f*^ z_FPBWE_>-XV%Tm>`ad(=_I4a;s!6FmICzbUf%hDGrR4UoO0m4i=E5 z-bnK!hmP3&ZPJ`|2MSR|{&LxX%@4?pQzcyX@qC>i%9=(KDsR4D6oOh8G)PAO6=#M6 z&I5;gVwcP&n)UXx`*E?k#|>CufkK-`Cp&C7=7g&Xw#)Yz-=Y>1omVJ60ypAim*`$j zy?W%(L)zwqwMv<16CikbQ&il};36kgwl}%prM0E;jyEjOfeePqlan`h@X?tnGc+GE-ok5>z zGVx3vrRadH$^J%75DloEgKy*jZ^KWTO{uFCv*LJFWqV>$^!RCEhfDKkjxXTr=Im9= z+VwQ1w<3aXMvJlGU1Y(lKG|WQ>aHo3=$>)omZzbLaiNCtsT+JSw^+vX5oawg=W?2P z_X+j#_#Rzqk1D7!7&PfUgT}I){Wt%MEc(lL;*Ua>pk+`^+I=}_H;_p@_9^4fD0yAm zFL5f`0tdbnmyMgp9t|6vSxdfH^bZ{{Ibbg0XD`h0-pPLLUi;ECONXoNC z5+bRha(@rAUY&D1dx;e9xcTb&5D2O3hrFb>w$zAB`{7&91f`>7sbe0iMm9_i4ptF# zURBbD0C~iiX&a*2boh}YPuu9`$UMuWMHd#0wHU(g&+nN2Ei*v0qs+ojTS^ap)1Vg{ zm*b^*Le$YKJMsu1`S+U;dwx?pyru@(m|AUBQwT_|2V-Cir|g4P;;)&l9pJrNcsIG? zOZNgqWH+zdNQj!vxVOgkZ#DgV;@|QamXV)N!hS9iJEt?_ znD71~j$Nlx_t$S&R~aGgRR&`=>8%j?mfYF|;(_f>&7>C=Cdi?2^d1YJjyN$hbCLc$ z<-4kJ_RLqk>e?R3sJuzcs(LH~OmMlQ^y{IAHC0<`RJ$ZbF$@Bf6b$^0Ft$rz^piI$ zJ#V|PmmM`c+tDGxCGOL(CDbrPeK60jv2Bz4)>X?C{lBJv8=M)1~V>E5gX+r+ppUCgaLNL0& zK>8*e#RWQ7rZ(f{n>sEyPGz;2?Q(MAKw~M3Wmy?Db&#F)Oq-KhjCnzQu(>aq>$rjb zHS9X&efk_*ec&R~W+E%St9f2cg6?W7OkGjXhbF zr_?`}T=pi%IiAe=&|LXx5DXED%v$HY?t2It;D97Gn>jh*4IukhCR8ML4IAGWCDVKyb|DU6$XiZy1AjEBkdKAA zLU~@WuF@WFyG%V5THLK55I})ZEZ&RJz>$@h7YjZTc9S0!7uc``1T|>F^_Kk(Qeesr z!;Y=~sQz~%vr=*EW&v`c4$-59FXh?MWh(6OQYijv8S%@SRJPt#BBIH8mWibHdaGEW zX0jV9!a-<0C)Dm?%#&iWXT@tDCFPiinxxkYA@$5!;fkaov7&D6E8hOm+zih40V@Lo zrrlCIpIV{nL3*i_)>gMAV}05#Iftz|w7x1?J*B1&xm(fV8UUtv%{QmW>Q zX04UJ!r)dV)3_NbI!}4|P=h?VhMY5Vzs&@am^JJP5cNlgh3CjY&#^YyVqw)}mD(~bAYW~ZA zi~PL%p2WNFU`$%2*4K07_PE`wH6X|iD*{}?$*{s}#~&D9=*?XFYV+WJ1>Kc_GjYp1 zph&5S)kwYpwt7*2>&++#^ALBhy+lBx%JffHJ;N__Uz*YR4APq-a%2WD5>^VST~5g? zaj%gJ2=0CEXUMb1I^Ft9 zCYhC!>sc)5T$J?Cw3#v*6IpA1+KI+4OM=`9n-2pj)5%V*wp>?Qf}26?^#rsm}i!e=+q?k7sFFkfBPhHOa9ZSpz(tmlPS==1PU!e79$D zH*EkTu)Kg@n^fmhLsX%4mfxlr_pl9@)Rdtmzd~#n1tW8Won$5RngI$C^X76;DLnbh zo^mAfm?A&7EeNX6RhQjFx(-CFU>Vg+nFMr{{4k5Y3iSQ|Yw;tqUre~r&qcnD?dae( z;j89S%@680I7*3nPtEmMq5M;u3o`tws;3`LFFpxs?d%? zCwY+qLmmhS3npP9R*EL%>9n(*cce|Rh$sgCV?>Rt$Z#qIOXkjDI4K+O(Ih<-E}M6+ zt>9z!n0%(PXyveb9B?p*cyTAI+_fl8 z$Yb}OZDj=R3I$RL)E8hvx?&>2=p#dywqTW|k>%Hm^dawp&x229czwD8z?Yar1#h4v z+A1hcKyt!MjXJoNZjug}3zaDO`l>Uy*%#cdun}3LPGdpGz}Z^d{G{FY3p4$4OXYYm z$Kb9?wwPgFq5_oFChm%2=pwpAYE(kpXW)S!_ydg!WN>d{3&fk)ye&tsl3h*;hr6vi z=;4A7u4)*AR!_!U?!3LnIg)u!O)3dx_}iG3J}Z70;VHnP1+Ew^`x1j!nDuV_wQx?k z5dmJatxwhKX;{dOGH1ul?_w}c^7RwcB2i#;u!2QXmD9cajno{zBr`npv<+E~H z8O!P;&J7k$uG}=4)@gapj@upaFCPAN0C>BPev8BxGnkRWO(vDfY6I^!uuJOp(W3wD z+ZcwX=`-P*IB4bnv!M^xZj3w_xVP3aMud^7DD~2KUhB&!7GtXRg&R1VNHf8W;XEa9 z6r@Eji9iR$nb=oPb*(u|#{D#?;s#!{(3^7DnFA4xN4vcn`}Jh4zsh$-$?KU69Hq&o z^I^Cx6-dZp$Q2(9+{V==(40ZI?d4%&MW@2FW3ym5=O*?V3OeG5ao30k6dy-^7ME4l z0-9o~+6Xgye)fNJJ;p`OZUjIM-A+MimH(&|jS|CgzoWBM3H~fMoJq_>)Fh#!Te0l7 zb$udG+Ds{2liJe&YOKfVO@I~Zg+(bVD>$+(V z_A_vbOL0umZVD^f6$2;KxD#_@2RAEcL*jTVXnP;09RK$sxF|p^)M@XH!zTuWcX@MRV0;rH z->WE$ZCA5I+xs-HwujTR->_(gbkm*FA$Lj!uccXjT^D8*$#(tR0yUNeKM;|5jJ?Xy zQbClvr^IQTN0KE)_B4z@99om=g}Ma>s$Y7Dz|W6D@npseE)4*QU`2|=szDJm1Pn47 z%=1gp)dEqHJm~qO7=!YjnwLU7aK%%gy3cq_EYkw{>MDEPEG@Q*%V}<db__$LsU1|lI3}=rA#(m`FBn?Je5Siz2ndrsJP{Y&ui!4RWRsl-n96ShKu{n z!`Ks#WDJIZiv)x**XA#y8mX0X+#@}h(frA7vMuMpi6_O12peAyxE21Ux-M_&-e9i- zaH>EsVw5p-$R3IhF*bq}ow~+m9lU}F4%JjruDTNVvm5;n9Y*uq`6yZpzrTNA=d{&u zaYRSHzZ9SC+}6O78ke(i-X|1Tzm_M2=qWAYZt8i1qdP8CY$Sj5eqp`KhhFmn+UCT$%P0ZUr&?@0;O5oUbx>!57ZD0ak6(a?h_ z$oLu-|3mPeexX%aUoP zu$5CDy@~f2e>6r3>*nd)QcvK0@K8BaWpve$7g4Ry=#bzTh`A~e;4$N9H1m&zNaZJ= zWkLh?zBNL+&mW@AamfL=HC@}6!*au`yztw>=uDfjduNnNFrdN`;Q}=C-r|oO1Tc63 zIoa*KI?2|(u#+zSM2kydLgTdEv~a%jy`45{1YFjpU{IHlZI2{D7VO}Y(>5%};IWpD z(04J@yw-#FNH$6HL&Y^S!8~m}-ad{l3^(ynCRqP@Yfi#lu^Qt|f_gcrJao%R4N-?* z_f$CO;AF;VyzyiDI2pcUw++(zyGYVI?kXAMe#}q1@sh49V_Igx_k(NHDftPQqY`HK3|7grlgjZVbQ{m&2iZbi=r}4T9 zTtvB4QuNFwuN@bzVy2uya8X(^MQegm0pO;Pm)3`P@PzPZ;0Ihmz_xz|2Om)+N2%E)Z9Xlw|DneFn%fbCen^7_~HuSWv~06x78Z_q(@Ql8@XJL zA^9{4U)3a!mL_Z(fu`}(MS{l)MZ|@%sOV%u3*&hpw$fk9&;zHA6!I}Y=AiF=2E*u~ zmdhUcBaNh+MEekjcbvx;e+Scvkr84UL?)))r$8}Rqh{tFv$Vn|rHEh#*GcR?kEmYS zPi7;!(&zC{A%$cU)H0Rqo491;2uda^!B{iA@37V% z4-Y=xoLBd;43t)p1>yo0%e6JWS8+{ z1tVi9lI1Zx2s4X6*hqx&NHJfrP5r>?%$nA6!2^#w&|@qW<>78j8)F)2tycH{*>^H! z)3n~{VU%=S-7s`7NDoZ@h+w+Uo6StZ$M`zo3E>r>%!N1lVhPp2d^Xgb9_5#zOc1CD znsHkf@hLjcbnwNv!400BacwytIU)W?LZ$s0RCF^ykupBTDoxmAwN2mEfHKW5HWlEa zwb0w@(Eg;j4C5bpXCuN{1YLVA0mhl#Vr>kf8n`c zHk7N66fb#6r=qCmfzd6tv0r_cMeLnP>tlP9`WET_PmYK2l1Pvi(cIJ!urLJiKoLoqDiXtv#%{zV(@YVB?PfHe3q+$`u=8SI*wLwxQ*;e2 zX89WQlbzZ(AlEkHOKYwx;n*sG4$NzBZoa9l8m$PaYE7ffG>kzO3j~RKG zXSSj4?XewjwdE(*)<)?gO+prRyGP`m4A86k=03zCCPd1yc4$!`@9O~u>-X0pXlAXdbD(8`RIO5+llL{9G21u7vj z!T2r?l&u#-stTIFx;{cvG=)-nx_CvRsPVWxHF|;u zgb`N;3wS4*PlnT%fM0qJkkRMt++A(}&Rq>X{-5ZU9Uzk`JU^z+5+HYFxp_7tVt&pK zz+;C2H@b!La8Wu1dJ;XpXcmq_-xIE%s6%2(FJn_m6=gQryzJL#bP23(nGeB5wqeO2qU<{Rve3oX8tg9o0*#pw!>Jo>UO$}N96rs52d&JUgrjaJHYnNlqK zkbn>7{x{&Y)g$$!#a}y)EG5vpQmo9J_e3Uq~q_QXAQh9)AVeQ#{F}4 z6V@QCS;tJ$hx$2%%4M>HjCAg^&|FAHH;nQnT#2HEf$LuY&0oOq6QeM475<6y0R_*r z(=1*=fm$-l$&d>A4`aQcZS-TurSJenFi(tSf8zYxs@|sJ3)`WAf}9$S3#8N)? zSi|>joS2Ygq8Pjn5?!H|CHxeoMv^%FGuJooaT=VQZ21bZrqYyai>r_l_^`r1rfly{ zLq8S(c?rP--OMeXs{0(dB#NXwyhgOsKIwKFFN-h(Gn&(e74wW=~_xDsom{7%R+w5yn{UQ;S? zqe_f+?6JLt329OB^xFUrm|g$_^|B^bHnksc{vYy+_rD;o9be#o6;?E`acn)SptkT- z=_pVLo)Z69ll)-a!ObG?D*GW<@4yd4_L$5(tvI9~$bjx~U9%@+QjpZ}o^ z-9cMo+Z&sKHWS^ExNqmH@9rOIwda-cVQ)CYou6T@-9!f@i-SKzCGZFG3-@(}60M70 zDG?ZK|0B_6V88d0ijVF=yLDUC0iqG8;67?_v{Xc|ZkoK*6XSIi+VKH!SVmSZal9`J z5jMz{0t@rn0I&-N*p0~fj0^PCHdF$W6E06qNjAayu#YS3YSg2D;xaeT!mZCrM8eqX{YQR2oK3WBxHE&G|`WeZfFm=dHWn&EW3WV{pJYUpkkB-2?E9VpN4 zPq1}Vu~!^|Ah@cJJikUm4n2YQvhV1G*f(f(hdzKa=8*`9SYsZQ3`>(&H$Jyjf??DSxo}^e=z3#1<~Oya5JZv?qbk7f+H0LFYdw^LTwBPEG68Dm{@P;18SnbezmxTj~5 zncJ;xLKT8|6IP8Tc?^lEV&6iInoKipVxRL@$@QdR5OzO} z8yRqr`Tj!f)%+)hTb*5Wb7O_IZ4fywK>Zx-2m*=?PD1ZGPOCY=)kxjbs{*r)0VFC zbxm17_~t{>kXwIRXw1eu;ig*=yq-fTj%XU zhi)t(QJNC+Ek9Dg-fXxB7^&V45v1Sw9+V4XysylRdN(flCzv z3BaQZC3H*nC&gynq-8=z7dXJHa%ssz~%`U7QmWq=W4XqR52W6{(M?X_3k-%Nc$d37~-M zD&Dh*kn>X90iyJk-i8`Dcn`DdSVQlW0@Taqs-L~ny6u`CVXp#FYV8(5Ob(9R)M#fn z1U7ep@=f2q4S%TXBz}p0{+{^N<(mE6U+T5HJ0@8D;rZY0YV}Y^Xl0yRD$w&TdD=%4 zlQ&zs;6fL;%n2PIwsv6(^cTfT;L{GNX`q4+xQ`x;EV>M zrHznYFN=)h*ya#r|L}}7jK{YG|I+LVLJRO20OR!(1g}5E8@@keJaT=AjC?34buV`- z6XQ>2ki4nKN)w>4E$EV@)nGy}^)U4LE|Sq%m5C^}#4sAP0G#ga$d^1VMZ>E4YGVHH5xVqm_b5Swe=x0=gQ(U2AEu3W zDYgFP>!7bX;c55csNnx9ziYuu1$u(EQaazoIMO0zd7gb1oO{IjudnnKs}Od5UTG&l zFHcfijN;p-LfJP|JJWoT9f4$G@*IUt{Q~7@KX{>E(+lYS>-!gG&w5$q|M*-m120&3)M(ajINL36CcVxoduJRe$1yu3~`SpcBf7)aKJIc zvVJd>U#}+#vcgy zs5*wH8jBdh4=tMkMX#nfu7nLiO)cuPA3Qy@&$w%=cn1EY?zf{F7j>lJTw=f`z6MlC z`aJCT8l-@el2Z{km>jj}Rq&M}w+|5mZAMua#7YhSo0RR&`rX}q_!r=lG0_pdEZ`%i zExVX(>vas)5P-eo&+NZ-J;!kUZYx3FH8(xi=CKIN4+P3h8jI@A&5ne5b8xtCVFPOH zyfeR(ZKr;>U(Vfo78mP|E_OF^1Mo0dz=yP#wXzppBh628ZP9#{8UIf_FyXq{W3pjq zZml-LI82ftUErfW?`GU3LxfPM>QQ$8hi2{Y&q@12lJ77!NbfIwx28F=N$3F;XR{6g zU22ndrTqr(TuCp4yJ*0@o-ZI1UJf74DBj$eV08+a-$99XscaMe76#4DiL<+Og@h*& z7lw}3C(Czl4`}*;r2s+Cv)vP+F?QdV%ujU-($M?`f(-xVhS>dPt-4vz9L&ZT6p}n* zJl|khN6D<91lCyl@=vD4~T{YOG#*U2-#EKC<_oM$Xa;IQ-*I(;& zj$GuD)yD+EUy~K!RflDcGr7K?)IpUl_!99aM{OWlc&@iE^9~kF_caQ!9S?vm+yM=! zEeCGoOI5Qs5;Fq!GgAKpQ$0gY; zLI^vm33UQ07L{bT%+gE~DpdSBL*I^VD-h`-lrZU0?v$0!ojWwpAEOoSe%8?w(ZIZ@ zBAURK*cpMZTFg0TPFTBxIg3Y%z^TgS{%+m6Kmc-K?6{cWWjYSli@k0HJ8i3U?(9Fs za6&u?-O430-;pQjwf=r?Ehz0-9yEA}DEg*vV6eK`Wp0<4+k57e29KIlGL2P(rSUc4 zcfb=7J|-$o;9a%rM-Rxv0EwtASV6OWTq?pBu}W=}PAT&^KbqHqq9Uo3pMe%NpA6b# zewRuipZ}z0s^b(vLs)CIAdjJSo-2|5o6)w4`0*|%i@=e$sZfZXhuMm$##LY!o-x&a z_y_8HBko{jM!d=yUkWsgz4jsQ{KMji)YAEkx_v3Ea+^OprjiqI0d9aKu9{O$W1dxJ%6c zSL!xso8Vg&{3bW*4!Uo4?ze--s$2}|Z)*%%mabt}I!VQ)&qoEpxB zS;*^d z&xVQ|tV0-{SOv@G(ZYQGDSDbGz3HyP9gdNjb~C#v3L5%)dlg2yTB zyp$;Jt))z^;`x>>epotlu&Hn98SPQrEE+Kb!c{DCj~H`={(&<&@~efW-={ zq;hV{+coD%h8j~yItmf38d3YacvGI(HFSR>LeM<483qyoSpCJTm~9n9MfnQOx#Y`C zg+lVMAmlF%l5O>cF>mML*HdLvLNS5A0FN(P!s3wx;p za8zsgNS2SLr0H_Hu<2_>h%F_4wAu27j z_7B~^xq&t0nA3--Gvm)Q9ft_crA8&C=f;iEsF62vhzCaV_z$*%UU^JuRh$_`jSnI^ zxe=Z;WglnC>fjnp={}?aB$eK8#0%_Eq9r2(V!4K5yHwoEQmnz1^j`VK)E247)a0kM zffPatCPFb7(a$T~4+Wb#t#WytVkHv;rzFzks%{YX2X(j^ls`Mvi-67fljd2JJtWPuD`PV|+2*?;~ zcp0apVPP+F_{Y}20K5chIG!;|q9SO_Uw~yIuNhuv#V2J6tT;6imA{s^m^Y`_dQ2P#~q(j#&?AVHLb1@+voq?{;- zZb5RMS*N1lq{O^-0lvY%gP&4gp{m>L2J=ew5jzaCFnvo;jEbh;<|F;#_IWwSy^$~s z$OR?~V_OR9Wg`-N8JzM)izaDX>{DXi5&aQ}Aj8D})59xjte_Pyae(Xi6iVaC#$Gh*q75frK{y@?HT~pNuwf`(d-uUhOu`4pp?XeH&rbvhgDrC0?LyYsQ_78n` zQO2cB(^Q@8<1`T%9Jsb76$msFCmlY!R3eQUlzK)(&|C=*W?@KeVB*jgsaF%7EiI1s z&vHTDC2g656(7vwo|VQ!u(I2QU$~ES9K3bMM%ksISYq1P?_P6?ZM3KG$o1kR)g!H& zCi{$7h{L7SQtDjgeJqVtIK#a|sEy&PT)n`g zRUn1VSdI{NO(QBnq%#s@|D^dbwZ%yF#{=iRBU(xeVsXGXMzKJ!=XgowLTJZ6#jy$Z z3T#?}^OA|)2JRD9P^1k3M35u4ljI9myOLtO^u#B})XrnfCJ%!HZkG?%?oU!~F9jk9 zZ9dredwJN~ow6a~V65Tz&@#fx>YarGPwTz|ywKv>H|X_go-+9Dw`Dc$l)R5auMv}~ zz3lDSt6Lmd2pcP7nLGAZMCbQ=je1qPX+T-UcfLt!r+_i)0A;&g62yT9&H2X%WoMqU zb}J}?w(Z@C&%VpDv_5iJ{(hF%bzO`~ah%(cQV|epGVbhf%T{GxfnD#6tW8Zvnz7Qa zF=>#e(AM1ifL#tFw7i7gtkt;c+L%TJkTS?56>v6=+*pox?dwz^rBF2k1j^VnqPCJ5$4}R+%mrBz}~8O zoa&)f^|&CE1|<^C^Jn%5nYVtRw~1Dn@H93)MbngQADOM7{e@p5x|*AtNdKg33zlv{ zHsLG7=`~KVc*BdGc_EbMJ5)S|Rz@84m??HD!oRXYNO_p&*7|xWbr zO2oP#S7t&*uM21OJnfxjcG4jPfg9e3#xld9+JkEtcMRsIJFdhOH*XOB*sJPztI2Ki ztIFv4rS?T%y-J9R>_;W$iX8Fp#|*#Yw56xG42qm8R8i&!mj^_d#=ph%F>(lO`)F^9 ztRhywv!GJ$BD#q~nAUZ?qP$XHz821RLy#gA6`7Ey(;_Mp%FLi9KY>7;-IOl;-_RIt4i+&_3IARs_dOwDZsFKCdN9;pH(+>oQr3 z^q_KWes_ZAM3rfcuD)0stFG`1>rVr00!rodJA!3gRd(-~#(cr`a0{dZSzWCf?K9X+ zGmiSj>bo7wDI3i|FWi>}^?Ks>lE0IKP-nqr!W}nUd^+$(MO|SNq8zn^X~z4Oi+qa= zYVEz7UHRA_-?G>XyFnslr(p92L)3% zE0!=DFm`WadSqu6PU@rb^o9_Np_nyt?$mkLZmFj8EVgSy!TFl0m3`?jF`@&RQ>Sz6 zC!BuzpKi-c+RGDfq+rf_#7VKM_!JT`1{tBLO108t+DoAvzB#I5qdG!UQ%5K)JqwoN z(dko9p9{L$Bw$ZYFQJ)e=#G)0Mosrm)%tDDKZmNu^-PUCG!@Hb=y-gvpulH?1_^#J($)Z|xD&rcYhtbtsE^yp79FVgc6}w> z;cxN7Ha~ENH@V1FO?LHI+?KDz5^MeZxu#bW-lChsYi7D3%Lh7$`T_2oNfb@)BB zz%nsF!&>?nL0ddcbV`P~vAvb-@hP3xuh7FfpBZ3E5==S*XFvqJVf`%Uxc0@jHw8X8 zM_u)b6(82syqMAEF#2|@$YL7TAD=_xbwWaWeEsEyw;)WYMl$a^mV9Sdh)NjIRIZ#H z2mF$|3uUITo@6X~`;M0=J!!J(*WI^{_1o^`FX=G4W2A(^Q*zA#(IIS11r!a=0o564 zM`3ySUpad7{Fvj|k{s15Mk<1{OA{>vOotAVI|fq)&E&1Nzf=-^w@WK*?B}Dm5BOEN zRkYn|zo3JDp-vEC?5A4DEr3KG{#k~*LcURLiGa!Cuo_0AFW9Wx`TmFj{;DhjAGlT7 z8Da~us1fOoqBxlpf=&(HdVW1-<-hN@Tta>2{>rT#;Jx}s;NR2t36pj-&#V;l9W0Nw zdr;b>K1OKl>4zT2pW6Ol67jK=t!X%>u!;w*S{gnL`7zQ<2@Y zHxpF_Yrh1lgOqh%UtItDO;xqdJ*0db>4yx=J^j@awHah7R{InjbG2iJ1x;PbScJX>qdD4Cw&Ey+t<%r#%8FF;b4XJUGG=lICeF z-tDS_w2;bl-Aq2>ed8BdhtQ1IWAL1C%b2t9epm^{y1ZvFy7T6o!Q<1a(ml=V*=%vcffdaht^WSLHC zuDbr+lYcjeUAaGzrmD-kQOJDb_0;HzTE*gZf>endd>aXLuCnOMRxzRi{U|WfkJKsp ziG%%7t@&5-97RI0A|dXxS^*aOGcgK61Xs_tQDoTH37NbOb(;@!4CPF32B1nV#$N#0 zg$0T6H%m2cZBxK7U+xm-Nr-d&Wv$K#lim8n06j4hylrZ)slV2JA)Lk5Y}tTcM9Wdw zWhIEq9_j4D2I5^W_mQ-*Cq<@n-Msj7;Z{^kF}8z(OkngR>$9X3tS_E1ppQC#P6kAO zGnyLCWOp&)KCas@)2@$>;>(_e;kM&xQe^M{ppk;urmowSm3$1 zYA9cwn6DgYl{G|uchuF~#|m!G&=6*RjtptGTbOR|@!gMCXWQcrv@jyM#2}S|6Ovjs z?A>;KgB1*(K=)|k;=f^1$K@5Yp9w!1rA?eA3m*eTR~E@~H&+N`1m1CpW!0y2h~j`mx+*w9TnZaaaCZIs_v=7qC7-Qw+zHGJYFBy`|f?Kk1mY?>!1NB5Ge z-GiWaJ?pky0V$BRUt_~t!scDNcSQ&>Ox89!k&~FTg9i}-&`k-?=$Pnxgx3J>+rDOF zo~6hAX(cV(I_*O`9K~RhDhpy?{Rc_wEM2tm|5JG!Q> z7uxFamAOVXg?g)UGp@h-Gr##{>}kL)ijsLD&r*_NCybBH7%84Ei=a9C8HpvJsNzf# zJKj%U?i(&3cxc9Cxp0I5$S~g7M~>ER2y4^(P18IVPErm=v?3JU330YD4y+b{F%Pg@ zRab-0XrTWnJ+500Rn-z_>tM*i;`{Cy${F5D(shMB8CKDkS;m99JE}g{QT;nP38rV& z$&5VEk=jP;?Hrhu?Yiu+ad)OvF`?lYnT4GpbB^nt2( z==0|IM(Uv1MK%+{-^0M-&U5$?g);4>@P{hS`%I*nuyWin-YGnuc$^c(yWL&x0Q!_L zTLQ4!%zRfZ5XQTXK~DM!CE_iUC~UUgBR#qynAIdD#f6v0o3O>ik}Rr1#;99D4;Vc+ zWo-~xit=T`IrSn`OA8hBB|Z8G!~y<7Pc5ImA)vV%k==xEvjI|y*j z_ul7nqID|*5LNHA?e(j=6@PKOa4M=r09W6jKO$9>N^t05*ow#q@{eocJ4|dLG?b=uam9rxfI~}2~aOtiD|36 zpB6})uIBo1u!0Bxm+w_Vy8YP55RM1ks|A4uxHB)dm2mUWcJt7c{0wSInmo{ zRV-|5#wEEUZNGd*P%w*^btWQy!{eFU=V~byBU_U@wsu7RYu9qiCC+H`{hs^J{@3-X z=ZwDqm(S;xujBjiYqGq7iR4Lts=qEwJ+=J>Xn#IFc-4QKnZMt;{I4%g-Y0^#-(2{A z0ekp!KbDE4KF8j@@crpK=-N8?x83O`$ZMu?uj>%wX}}(hSAjp(T+9oK#F)r?#6guA zj)jnJQNfv6o;X zA$H9A=&_SBUk#pts2vtQ2lK5G;N-5cF7y!wzgM%tfPN+VcW)*zt?R>lkIl)!Nh+`) zKAPr{)pKaU;HeZUlo5`u#oSCHUY&UzIt|+h%Rs|iqJxStlL7V)8I=}-(XqguYj&X9 z|1CN`Fo%yAL{&Xmm+dm&IX-bJBqB?YtedKW3-BoFj-WN7*uIU#n3RBPY*~uQK;Bbz zTOea2q|R$G=On#grN?DpPY{4MMp3~qyb~S4=VeSv&*%0VPGP8U^^)!>`l*^tdjjbm zb+<8#n64|G)UdU};23n=Cy`(_cTAMjbOYUFLybo=y~;hAsr7zI7O56SM0A_RNV{S1 z4jOT6^u!Dk!5{w^(PYV%5)#ikuxP+ejYG^g5)vg2ZTE|-Hm&>GqoW?KQEsXeoEZ~? zuCw)J6vsSD@WYk=zu9_tDYVq+{4>_Z`!fq#-UAXpi;K3~d3}2uuNDw=s+!X&5u)u2 zvvZy06W`SR;`y2Nms!C@ zoOuwU())h?S#n$i5C(;9r6z7kU!5Bfw7x{ICAbnFMcbvrSHh~$f?2yVZFWx*&r+6w zc+)UKE7@+G_JQ9GXV6R4@q&?!0FdOMxQ_kQ$(*zj)MM;hD~EldY~9>c9vsu6kQ6ls zxiknNN@t5Au^A;}b%2yd%w?y*tdI6(g6kR@7~j3F8w&L^!}5JH{-f_;WFVe$bqAY) z0DIPW7MZLC>4J&&D~z)xgpN$CsPhi*mZ-=lV`9up4IIm(TECL_FQjdE#-;2SM*;7J zJB{yL@#c8H%R0ROsyh6{^%pR}i8s41?42sa-cVMY_!n@2VVda#N4|-d(!8)GH@j~6 z*7+qmpFu7y8Ep%q*W3Ul)NUcI<3|+Fl=aufG$ScHyfE}(hxRwA^+3pK^eJnlP*+9I zs9e9*898C4c``PA>ZY<3%1Oy7gVcBqJHfhb-|m}jXuw%+XS~flR>XuHHL#!hId0sf zx5J^8ewg(AYD`w(C9+R+M|((JbU5Z*2rF(wvVDtxya{Xuh3V2`YqIJq^mp~lJse=u zVLDAPsQCM*>+w3UVYLL7<@;aoeJCEFt>Ng5g|+!HrP2S*rJLO6|2mwuSvu zp{y1^KeZ0@?jitiFBMHRMOrai_j!KDX~;PA>r}XFIW6_Mr#MnN+N>{7LpnW}WZ>+# z)7OFUF*Dk;)vc}XVQ1m4+N$k8G!H<71#s%QXdS=JU&kwd|JtMX&pa7xCL?}P{0<(h3Nbby$}NfY8b2)O1Qc0Q~^2NZ-S+7+F_+OAhA?#hyC74dg3+wHH>&( zCuBCUsG6u$OY+Gv>Tpqa3L)m+e$Omr>6v!968K*sMwg;u`9X9=3*A`lVjD zQ(_WW0XlATLz80%t%zhDVt&vKT`i;BTTLjBNBAX|5h=}-D}z)F%xFWuwMFf;9*ffm z+z;%u3?E~`)NHX*OiNrqk6-Ik{GgfSd&G6rFi{@1dY}|-z>f$Mtb1PXN%9LBga{I*-{I7|7 zTazCf$w^2jAKvI>`GfM#jPgJXH=WjCwV*eXBrud3A|@6ZbhoOHY7?J0F!wRkhkl5t zkivW`_UE`XQ%%+hWzVqVvQ@_*{i{&GUaF7_1HwDQKoZDdmg!c!Rh;e0_dIzN6XQ4n5FZZIX73Ml`^`h0DRyy0nl}j&G59MA7R^2 ze`%Hiz8is0{yj@`!Tk3(*$b2O;wSsU&9s2dbBFMLxTA0DS&IjQrVz?mQOUhzNToxUx1Y&^+yHiSEHNgQhr=*ePABYz6h)YiT&7@3|$QXws6w2el^*Q{$C`o}=8Ti73;@GM-{0vNBA z`{1*Wq2JNS&>Z~_4&Lf;AO8Y+VbFV|s$9Qk%Aow-2_0e;yL8$BaL`dn*856O(I9EA z{Ro;12a&*SmfyuSr?%d2I9Yv26~Ah9oWm$nK(iVjA_L$B;t_1}bbk=3uAmU$G)4!O z;U@5FxcR6k4yG(!hc!t}q!@vV6sA<`Lc6D#1J({$bVA#Cm&8q%`B;a{*SU!aZIZw> z=n`gR+6hPTGv!htV%a~rmS@FU5yx&mtLa?6rLvsunC-3!cVb0gGf48m?z=WoFPH0H zhh*^;pW`4TV^lW1kMQdy*_-!UVoo4b8~^utGkZy32K?4>=Jj?cqGl80A4;r4RK`u5!T2L{&h-LQfhU5y{ui? z3sB+?D@E+osFBY!2rJ5yWET1Oi5JO^g9CN*abI}!9i8r~kyR6#{0KT>F|%13M6^wt zKb3hGoZ&VI#4dN+AG;Dfvg=MbXPWuee&dw;i*TiB;}|?_MsCsWy#!B8-rI^qRE?!; zUGJrUE^uxJssnGpxm4I zH2fra*UN(p3vu7_w4fF<$R?Z zjyyFzx&rE-bAZRG4?GZ>q6a3P5fp+$WC7>2Lc|DD2^h}Ib*!QPP{@?-~ zm#G{H0bDf(_7N53Iu0w3cbNfpyLno+nXI=N>N+Ltw)`CF4rqGa!i5aZ2#_EA42!Tv z>&Km5#ZRqafovbHSs7@wRJ9G>nJ`Fys|)~B!~Pu4ZrXC9&Z4oPRiu<4=|)DwW?g(i zcrjXYs^K=7?n~+%Gu@-ASl$hW@f7#10KOz!Ux=uUR%i68WkYqC4uaCH^$iVfTQ8`3 zGXLw;JmiyCb>hx&IBbiZ)5iJG0qWqmt`zk|7uEjaZWdcm;5|@$%C^~H-=CI0%WzKQ z!B%7&UnLjo3GXehwdZ-19#51w2H}$ndIWp#1KlmE`*^5ryu7Lt+Ghuf?=mq)&yIGy z+tpY#?XLCj!*tzR;ZYMidDD3=i$kURiU+)el-n}Ne>gX+eqNdJ)ATdpgU+uysnN?t zAL0Gr*V%|@G2e+v9X)4-UiKmnS3tc)<8*(xYEmXyTZk%j-4mtXMIo{}eR8o(LK-&u z#n#t&cN1wXuMr0}y@*N8M07aYhw3mohlqy3Z0E)OP?F zcwx%e-y$81Ry4EuJ_|lFatpQ&oV?9n3`m9ZjD4V+DQw{gGC$FXW}xc}cL9MxO%!0q z8{oRp+yVR^^>907LsM0yke7tSZ*sH_#mgM3-eTp#-*X)(B@4LVkZQtZ8}v`*nnItD z=jAo)7!qk>-aeG1=4c)4YxOr6tICR)A5}}k^gIi?ny#78<2#~|cfKClMdI6)%r{~4 z1U5sme&jsbTmlw3UrxCnfhsKk&Eyu~QNmvSm) zYbH@l>e!b(!0C5?F#fIGkpk2uXPUWkEY9??w-UcPM+|bxpbO@2&#KK^v&R77KiuDH@y!sG(edQuhtB6`rx(yaO93FL)KVw3 z;CNKO`iXO{st3JpCH6Q0UVhTnOELG9!_jZS?S#F$%D4szSuHG|Y_4D3I?N(C%h!d$ z)N^rPw3^3>72t9e7@3)FKxWiOa`|ST37`;s2rOhgYl-@zFGHNjHT`w5u-9HZKojrvWo@dQs%Pr1h^D-^E5vZF=U2 zPIVF#u`T@Ui>0yTvmY2rkT4mZ$xVwAMTR|wsjPUcYJkz+6}v2RcM4-E1ip=+veHm5 zqYN2kMN|M~QgLN99iR0CUmUrBb;o2ABKWl`Re7U@oo_~`B(W6IUwuaY{}FbUL5;Ot zmktDXcXxNU#-VX{cXt{H(73xhjcagsm&V=Q-KC-Feul5+eZHw0sri?jR8oj?5;nFY9K}{J_55Nn&G^|)%^okNyM6hg%7dQTX%_?H_6hX zt|LD3wNsG`uFH&akZRO--{;ZX3)13Nr3MBsMpl7}0~w1|Ki>n=h?(tu#ufsiiBjvR zQpt0f_2<^z_ocOh*3S@Y$Kz$&@y%<*6}(^J$@fWUC{$5}oMTgH#Fv16&ZYLToC}`w zHlusEXG)edZ^DYtF|>C?Zn2iyPROZfo+)bII-E6gf-kgKsX zoyi0KcxVmdZ>%I=@7aA}WlPP|?u<-D@Wq(b8oxyt%6SU($V+zh7uU+t_lFP13P4kR z6n`XWX)J(=1risKn8)kQ@XUDIj)EO|kKgmVvjPoaXPH z=3#JuAGP6A)rrg4Qk)B~7dB9B&{)Ct8nc%qagnl?M2N?73gBB?bn7-JbQyUt;BjOw zqDwgNdbf^<8V&KJ}Y^ z?VY}>Ei%tV6Y~ILaNY8*+R**C0evY<)Pb))7uBC*)7(A0k)p?F{l+ZRpw|2E(wE&z z=x3}9>VL90HDA6NfQF?oQhq7_+spKTm02JxRqPEl_ zb+U4mHQ%J$238r0TD9s8Bt1*Ws+x}S1FRBl1z69OfJ%p@)?IccB7@$0Q63}qw(3rD8yz@u`}k(bhP%M zpHa+jOr1L+HbEE}{RIkl#Uu(AOK+UR)lKyYg`xnPhdl=+ z|F+88nD)4XS2c*H&{nO{ROq4QFYb(awzO;M&%gw6jE2^Ir#V|6C(uIbV<+bw@Z6;V z#CxKV_uMa-1<7P+ZSyd2Ivb`#HTnEKb`*V*w_Xbd1%BG%{CgVy!ChAaf2jZd5gp)u zuYB{J{?F{lmyTcMuV1kKp5R4~d@ew7fQ#?!e`ZHN50AZm!TWo9NV@f5{`*Jl=Q9#+ z{{IgpjAPeDSjcL6^~^~1R9#_zj{e%8L zm*4+uj#9;Vc83XGg-dc}M*F)$WIPTFwDiRoT)3C(aTd+gyjuST^E|L7{31?O`G)!*fLMmoPpdW)pp}TPV;fpTXc`MZ6j(f> zel8Bt(EV(Tlrk4vOA2LskQ z+6FmUz@^bA6B8k=5}3;9FOjkuCFhEC#4(K1a}ki5Y6_@^m9%D*@I}%026|UmI$pNnAVo z?5#jDs%NX)NVm}Gyc0fOpQh`}(*j0sd{&PJk*YdE1l(?rN$jhy#cC1UlkdOPlL zN{Ee9%kLYV#6vRJ1oRFATk~v|T0jqk$2c%IDMBk%AR0xJ=-~5PsN%ScW5izso0?g2 zIb-f`t_Y<==%OS`a%P#44H8>kk2gSC(Y-ixf zvU|25lqc6({b|f8G|9c2hm5`C5;+saI&zE)iO8U8DRCBW2tKO-8pOYFRgZ|Xa;oI) zty>8UOeT8`wVmDWXHi}6bB5%*>qN;u#491)G6aV={2b8q>A@&$)1HQmM~Ul_x(DFZ zsUoMlBW~mCUn{Y0ci8NnJAsR9cfA)BsLcGv9HuDuBJ#zT1C3@`U?ArSa~G=U?5G0i;cOU zt+Wu(>Oa;r<`81ErB>FoWLk)+{LR>P*QGx#>rr{G-Hyjlm_Dhp^r*bF^N=($qGRd& zMLv4xrL18-IR6g2Oh?W!`RySVH>oPkAJ>zlvc3f_zq-xkAkm>_7um^?nA-3#KfUfC z?_aqZ!PZ^CGdVxMX=05~-l!Dymz6^xO!o2J=QYe{L)J*#yNlb+Quqpd$2ag0g9?-ORE9DnER;SL!?fE8q0>Y>$7KW zK(v}*6jBU5PI}k3jbH9Jlf&e#Ax`I=uXl3I32OA;a(28pkio0AZpxaj^Ce9)npfFv zZO+wSW`{@oGm>~bV0wyQHkVZ)$V(jxwaiu|*kWxn=`PvM{Kr<{(4^fkx-!{iawU%% z(ZRYN1{e`=X^EQ^)gIxu{E`@35pQQ9pZU7|o$q&yMn=eO3tm5d&`&MF`!k5J*+blO zydoAn4&QzeQLCJ4YZ=1@YesKR+SODRGuaE|t*Ld)cCnJ+qp)1&54Z8Vw-d`a^7UrG zwxcoLP%o~xKtQ1lIQY)^JF#NA&bmHQVBic4uR>yVHvTa91=)<#1nT>YZ64&Ph%0*k z!McP7T^kuT8l03r@WZVR{Cn!L=55q6M9iC~zY5w26&;U1MXCJmU#4nb2KA8$k7D)W zhilwe0pG}`ak|w4h+3ma8w5=enQ2;;3U!h{vDiwqd#-6J2L_ z@s>c0XhwB$6n+0$BpZCHBsgR@SLto{Ua{625lyyG zjlN~|W@wQx2%2h0GZ~0a1uOM8Q4Hp$!P;jrK*qJ&)*+B1eJg)$p=-XnW>+#WvZV8j zKg?f?chGFj2am!gwP&1rA=jFRUV{do8%9@_M3%E3V(2C#&D*xDm@YwDz<9`RQaq(ZOj>Qp2Ja6s29P* zgP+^J_%?5k&>*RpNwM5esdBAwVK)-`c!GS?yhRL$(p|Lu9D|^n)*}Umuhf+~>4~Zx zM$B&sdWunb^^CTv?Wi6LU!BCkZeTF9N^Erf>SxXgkgZc%RE*?amRN(?{o>nU@4rhf z7kcJgQkIX&=X6OixgVr&veN%!tIFGAAzM#k7$MH0zR!qw6vx~}P#ofD!$ zaqaSemg6zVc!3R-1#Nlzv|E}HTi#N5+iyPuP9TYKn+^?-cA0GL4auSmNehK{AX4z& zAca{$zfEU*&Z0mUk146RH1VFyrBXIggbG6p&_6bx#w^h)dNd#slUuHbu4563Z)%h+ z-{Lhwyb5n^8Wcj$qG5i+j*@e*XZT^rNxC*T+q)97fY$+?YTZ=J9|K!FCsu zO^+>VK2}4NsjQ~UK3GSiQz)85nr~s*PGF^FM7bLCMIVnTpvho^;&>%5IQwQb3V~eM$a)fh9O3e+u3)Xo{ z*M&UAxOu6YAP$n)H=Xu!d=3PN`l6bUei?lKPh&rrB6f~oJEZ+uy%T<8d<)-TXIVsc zpP3SR;o>h%K44ulBA=3-9W_yG-zYF~8CE|NXNvSC62=-vw?Vg&z}ovZ5|)t}*mQRT zQi`9o!x>oDBJ+K2=IvHPdtiiHI0OAOs|HN?=rRX(+1uGDB$`An8O3;A%%G z2d9Y^2d{1t!Zd`zG|YFUVsHAe&la~|sFrA&qbUE$q6wE_{GzypWfudC><+kv0DCT# z+iSI|&3q`U-@MJDA@z7c*`C~?Va_c}&*7 zCRxTfPW333!1BY~%j9sK_oN$K7&9PAZk*5)>RTV;^V1R@1QL2z%UR}fQleEsKTNSw z(!uzxes7ErvD%bMu7b74!!@5A{0uWrvkS0Z;3pvVo*r1Q=&8%P1;G`O94E~X0%R!w&A-?GnQdIjy9OSL|6 z39GLufT$nMhlI?0`AKXZ@d0;61=y<=mcK7rS^mzoq_Y|LuhUp;zv+=Cz!~~ZtD#JF;_qC=w9OClqYK0>W;ObdVaGt7Khfc(m zR(uS0uV0GBH0ABmme0GMtlCHcKjZk`;%uF|%WqvyI`ny^eeW5WVX7XBx{paxw&z4h zaRySb=iNONxz>1$ZZU1DMvPfsAXxuEi-j|Ak~lvs82={nb?2aHUH!BsH#Yuz`EMDB zhz)0BxPL$;*I#tP1UxJAE4_9KztZQN2j9bgk#YTj)95uF@s+`69^liHDqwhBNj;)I7)wive6VNnn+_+fZ3H$0$FVh+`Ys9H$agmhlT-Ac zownI%pwuYp0068 z>0zNTOJ=0iqKs0dLkek-G1K8z)@*)Q`(IDue8X9B7jVNnQnZ$ByUzE5g<>+D1bfW< zgQRBP=G!r2QoVhFkV7ykpKtFE^}xBSK+uNYEHtS^H2-^Ay6C)J>ot}-Me6xVZDt#$ zDSK?Q-RaRcZwLG}agx)4R6V75dH)fpz-TfLegz|YirGv3rr zt(M~*QyuGZ(&T_;ISlGMC<6ShoTgrPeMVkZ15KM$+z-*VJU%5EZ7Xaw^n7hBR%7Bd2aXSZ~#H$$2-Vi7~A#z^uD66f^R8ajH-O?&D{)sa=E&>u@Gd5Y1CvF}0z zs3s;wI*jq=Hdi#8z$fzwwlCIcAoi?MHU9;5sho2XO$`?yFyas+oX{fss;jd9w!7aK zcJ*^+_h0!BzD-AnUdOJ+ME_3wk)Pa1b@m)5946+89V0a}l?A#+W)nk%0Pu3>ieE^A z*Yz$02ccQOW1y{*1#OT(8_zx4hC}LB874k8AAP@%WF2F9^$UwlHa5<=Y+Q;52TRr9 zUH*LAME+Bg07*Ke%QfvjS9-YUf$}K2m|+HdFL~WdwZ@PoHJdk?dVWO{nYEGIAMg-H zh`V_DDvU!h;EX*Jilg*LUxhuos_zUs@ny{`l8xtzLwhs=hxf|F&k7Ddu#>2(jJ9f-B==iAI?Q zblei1Dj|lNwvVS8X+dPBA)Y$7Bp&cq&^(eYmnIxV<)5Ag3ulh5KE5Md8~Ny-{l@KR z3rWf&Pogm(lQ5=3{m9`v=Rs7K^|TN|^7K~)&-1+@?a=nziv|6lHhkpN1H+#E`h_xN zcS#Q}`xQcEBw88?e^*t>^{j@A24hSP0s1vMGEq!gd;cPSHz;^54K7hA4mwZ!-apow z&}VK#a?jOds`cmKi%#RT1UK{;1WSa;*iZ0q4GT&!c3Sxo+K~v!>162y9qoc^>FdC8 zlPn{+=AFlGg-4^EQUUq-Pz0Nj9t%|Dl<5E@l$ryZ3scYmZNEQrL3z`*sIwzUmq|l@ zU9f_T^oWr+(M4xXTd`-?TF<)t={Esj6JLb#VxT#=jua7dSB>{h_N{(80e^B_55`WaVm$rg_TaOS`yg z{5?nS=}bpL0ghwt?>6FjX6XyNcmj6>#p)e)Sa&enTBB{wkIxjNdhux^4*SKj7Adi5-V8ZFI2?WpSAtHEV8NhY7) zrO`9wd=La8xj{qkj+5fx9QFPvjWSfcGsmz)QHqIx(YxYb`XJeSF#u>4*XfYu{yy{TXM4P<9s|3p zdU)NUQBwMcH$i1#>Dvh|Kr{s5tTi-LzlH_52&U;?M)muHJbb(bkCt;X$)&#*ISopG z*ZMNC>WZ`j>FITe>tz1v)K(Fj5yP#!z+Bb&g+uG{0a&~NAS&#P>AQgz=#-OZz=0kW z2|+s)*n6&2OEJzzc!)1;P=yMQ)yk2VXzj)WGW+D>tu8c_mwhMmME+0I$%EDc$Q*H7pB59)jprU z#5&VYHtQ~qq;!V7J5e(*e z9}Zv1tgHLsZ9)!yzZI#^NiyRn(~8D*jtEdFFX`C+k~!uKvx~{(6Qxd$oq6$5kufa| zqHNVs-**a6DN*pU1V3m012|u^(}?(aM=VUqRZU3J>*7D-cq`)(%x`=^{I9Mm$REVY zNqNr1AcR>V122z|WI)p59#5pvb9)r4rfx)inLGOsvu(5n0nK%4)IPgD;=ff3igK`=Q*L2v0tWPyCT)Go}pLCOr5oI}K)kr1V2m!X$t&f)M|T(Y9# zqB9n5>7DNvzDv=^CVjX{3|~Y$6bbuHfNX!(cz0}bQU-TOLiQB!@}v`3S7njh(c<)R z<2YJgUgzYeQK^A!5kh*6yYdV6c&oWEun($S7>OD^*G2-zU>9j-Ehkh<0KV* ziOpH;$iV;}L=MeH-mGbIHz3J7!L3E(L9tVf;mLPk#X1G|H2~Hp6Fjx?;<9(byEz+a zd6fHE7y^{?VV)VSD$3&6&R3^gt>h(&*Fg%>cP93~;Rhbi8I2-Qe_oH$j)1o7pS_I6VK?2y$57Un9bsz-|7mC%oY=R^6S19yU8 z&QE(xK0#Hf-_h@}st{sPlLnLclKG}4-&w%}Qh-7?cjs3|<;>eZ+UMBZRewnTdq`%$ zgkqT_C88vtBgUT36|MQe%EDf>wZkY;PXkz}ta~Znw>!aDq9Ty`6g%qG4l@RyJLux1 z9p!YFmJwJ<^TW_Z=Ix-?Qc!Z4l783C?DtV zwsslm;UUE(BlU~)yy92S#6`XalpG`NeD0d~-;*}zQ99m(z!PTrMIARYc;PGqa@)e@ z{2dTd|~C=t3dEaQt#3jaHAC>Y!alf~dufl)IGACUBW&e0W%}RXrVJheG7HHpIp_ zvF&`(5?-qyk_p!9LQZ&j2;72uRI8(0_~3ape?d=ykwRA>7&4jkcdrz0_Mqkj7gc34 z%mx5wl!Cf#mPk3usb{$?t4a-!1L=+&P<8row~|vJbWA9pan7H& zy)AcYX|?lVboJqtXg+iDj%BPCR{QSq|Fe&Ihvq8z2hj87R{8hh->3iFnpZ3z>VC~T z?YAdED{JfBb(R)ZF~2`9HMJUfl1$6{Z>e6JO%L+xot<4z>|)iK0(= z)Vt$%Nt86tgdpeDprNZg(s!&f2d%=ZA`ep$3P{x=Cj^Q*Mu~@ixSMP>Go!PK3 zG`w!fim)fK&r`4W9&&0!_#c4$0nmT9gc+E%J$_G|rj_xu8(du>YSOnI-4Y+@cE{uNc>xKFMdNSl~J3Uz)_YQI~w^@nT01bMVye!~@K z2xH8W^_M~;}Y~1YD*b~dP@b{oZNUld%@Aq zT5?AKPOGyN8c|AG&hx18Sk-oc9fe_l7^ewAse|)oB)lHyU7CO~)1h604vLy;hhk{K z1dF%oRvoOepFuR#hz~=#&aB{)z2CslUFgtQJ)zau!Od{)&wvgit^gr!h-Sx_wf3Ur zzl#*JXwn<{><|o%#@28$LC{ixW+^BpNQ}q6>@Scf-Play0|p9)6rZi32M4(#VKb|i z4$h@>9+TvJ_HNfpb@DzH=D}iR!OWWM60maz?67S!;b&CnZa&c`{mmi%HlT@IuqYqW| z$;JkzBjF#iV;35;-)RtI!DVlIW%~=1bjN2I;=7#e31mOrw zGJ^e}N0*jnjMk+eNsU}q_U9uc{ zHKO30g^Eo({509qv(eIZSW{el!dWxR+~udFw(7k$n!)vfcGb&Xb)Nfecur3dJV+kj zYeLE~zNwpfI5mEv9Ttc0ghzjECS@37Z$Tk`n$DF9-7p9dD_ zi=I%`J4Qhb%EdjLkey#SLEqcp^`}CxDpuqr81EVWXZzN#RYIPfx`QBnO z(NoPyNzZiAgo?}`yegX(N!`tcJ8G|$+aiybTD^*zlF8ua)sL(*%m}N!%k=ec~$*5@vFiK zj5EO`Gj%6~4IIc=0o5a~JkY{=h*gsj5VWr9c!1cTM8HV z`_IW24y0%aotP7{sJJ*|bbXtwZ>BqXn@Wa2*n#Lyez#!8Cwi(>0#W;Q&VB3F5UoaE z`56q^kDBu%5&@C`Fz2Rx@kI>bo7=ZL>C%=Ao9UHEFJn$uXdAK-nXZqlN-=Ifm)LUT z6Q4zrl)nN1N?KAXHn#yj`ToU8B(rXV&ojm!52A zd37yH&T={%!R86dZc*9b=sxW&1V#(%IDa-{EV+BuIN>B`3b4XT79y zVR0W&-8oIpND?ik(L>3NUa8|@RDpvT1pGz@3^5~%S-#$jq&)dL-U-o!Su*y$&I{ad zD&uE}z90o{6P-mLy+6gy8F4ltdV0~#(k?ag0hkY${7`<{$lHTm^t|h14k5_?l-DY z!@!fp*RvV`tQw`Z?VHT*fC&`h(r&HI*v;r${PJWnFzLHy1G1u9GK`$ zWahQehM*TkopWB=yu>6?xC9Z7qqrs9sOGFXtdJVjm%g5| zt$d2HNWkvaURtkay4w#pGc><7#-Wox$-y;Da@V7G1E$^vR^!XeB>KKI8=y5myk_D|L(IP8r#rQW4V9O{z5tA7VH$ zXl+>ug98^jM}}r2P1J^_`~F+T?{C}Gt}&2Y*G4DSyZKVmDP8_KWUiQ|0r3z*XPLU? z84VFGcL*kD$zt_92gvjD_R0k(Ee<)#(s4#om)aqPq_xf|oo(u#P%d(?b(NWY{fgrp zVVmNM5SQJ}X~f__Y7CUXhTF6p9^MxV)9aBgl-m;eDKP1g9msZezKNSG82BLjOuF`{3w1{SA7I2Z7^|f0^eEOvZvk6ttZK z#RPZQYOXRx4wh%lh}(Af^kN0978DM^(I(MY879(fnM1s0v&5T9j}x`aZipQ_PuF#m z71?|jvZtPIcHh>~iZeH}DmX@*Bb7BF|&H#|-e2nEWm&;lQa@p*HX1&h&J;^%vvc zZYX|4*7lnW-)io}^&U#b1~C@1-kzMAfB{D0{zolgf+Qac=0qMxU~O1aejAs#0*)1E zDE3Wr`BNgY7&=(&KeOBguj52AUBZ(w67Im2RJlcRtQr|is%*h*(4QbvjV!gbUE~+L zpV&ufY?|lEARM-;tKCTVzBk6`rV(#?E~v*$6Na~6GS@N~wCG)W=6S0*P^2#PWr{%* zi=7FtC%WP~hl8JETXYMQRxjxe#$+nX+@%`I>zeegk?yHaSR)K{^J$FQ!y;gDN$A|X zXZT$v<(g##;%@2smd<>;lX7T#nz>k)^OU7fCJ0Wx1M5QWyiw9oDD{E@XHcfjdbQaeA6az^OPm$8;Pc2#C?zYY0I zdRyt&9rmJ6>3}DTB(hf3W>HaRmw>A(loTtt=f|*0n1SN>+}+@crERuE7$GNe%8WDQqE{3)Jp2doy!tR!uPf04l^TmeJO&*^h_C zn190iTj6KuTUGlhohFBWsW{9#WSpl>=}c7q~J7MWEWWYG!2$$x8GyNu@>Gc_?+^8DBoKLRaenP8G5k~n$ILl5{HPNNbjxp(V%V|*RQdJy-p$uJo(SD1c#$WTUJ(&qY{9_n7 z?y97;IYXq}7 zfj>%mA#KVTK_zOQsmp&bHmdDQG#&0X%H6Q4yf$h+fuJJJ+|ivKAnumNp!e^Lx1PQ9 z?M;7EZ^7GiX3>qBm<)BP11N=a6Q#r{t3Sjn%+x#~2>`CxEy%bShYP78)1qe)AtSPJ z%1$qia^59NWkj;nGZg%BRjxL$Q4Pzg81^ zQ-7E{lZ)s-8o#4?*;#n99bySW-;Bgv4P;!K5)@UsgLK%MUMpiR>%csK<@HDe8{U3ZXT5J-n02w_{Co0?@Ws zPO4ptqgVe(dhR+PMCw(!_!$rCX0#ICms24uz-r1mv6TZhx%=xMk(2bVH{6MVbm;I1_pQG)7#f zBZhQkQrl7wdkUmJ6C~{>AgaM9i|=&{jjU6#CK_GXn~pLsWR=sBLByRg)w*zlzny;w za?$N*lKO7ne_`!{;GdAn_szND%t5;=sip2IIq=9N%|@uy&{Jq_#Cmgl(2;tQu^_wXF!Z6vjgd0w`+}X zAl#!Xy69k31rDUcL8!Z9Kug~_MBUKNc!~*Q5vopWm0`{0WZI2JVzI>|9_ zj6M-*Cv*iCHDITQ)I6J!x7!sN*)cLzPL02GH1?7hmylYFjJ%-QY@BdlFI|Oypry+H z`WtWhKqT4=p0sxj!(RHrV7jgsyOYB!LjLsM`L_Y$8FG3HtQ~m^B4-a>!@@*2Jrclk z1S*z_mf3Extk;--0DAgc>>1axvJ432xVdwTxzLv>gz(|}6cG%_e%U0U!^MwP?&1%j zV&4Y#4SJ3(Ai(kPU*ir?k#`l0<<4QUm--vJe#R@n%y$))8+rzDz(|kD(?#?l&6hUL zr^NR{Urh5iq$~W+eAx=!ks=i|&1s1_(M<()T@1K2DJZEAEd^aCAUXcYlymh^&rUZc zBY<{`XX4|vF|Kr}ET^pn3R|joOj-M|CDM9{J!Bz68awMawiOimaA!fPR0k5hu;aPB zMDx95X0rCnOZI(AFNAzXa2bPaI5XOhH^o&U@5peIY~zY zN`>CyeUHLK!HQDt;r>h!bb9l-D?OtIVj21J-BEzhTuD{@bxoF8rnSrR2!oQ%l=zS? z>4PJr*?_UvTa(RFkz$SN)-;Flpy zQ(DJuy->hOimvvw7B4my46$h+4EwU8K3r%dQHF1CQcYNOfxV_$rC{cvG&iO`0%Ust z>g6xTKM}M3y>QW-qW0fV4qH$zXzeLoJWgIJA7tQc@mMmn@9FokwwQ$O@uT4Uf>DE? zphhbMw)(%Be5Mxa2=L>(G4g(9d^*oUv_z$jSKkCAVT)2cCsgEK^;1gi&S0oe=$O(! z=XmUWw@PG#9CaCfP5FamA-*$HvDqJ9Q1Gn}(xp|x3`d%Zrsjg!M`OMPu0NoJx67Mu z-6zz8Zcp7hUm23v=!VQUXX#YsKBtAPsLow&Xw(7GXn%3tFeRHPGu^i5I^P{J#wM{qhrLl447M9aW~zQVZ#b<166ZMXMy-fIIFid6Lb73^HhbQ6315w)BK!B z%_5{0kg(;nQ{-MZ4S9h%vx;Zb+|#ZUG6hsL9P?$CIjkAAsmxROWt0o*gsTO>(GG%{ z?8g&&Pp7t@zn9U&hAxLHo9T)UR_(Ya==c)mMt9QXHM0Vu>*t5>zxXzBbTk*s-8~w$ z$-FxZ#FM&++DnV{|0GKgHn>u*%x#A{w0|OcSF`){rVwek_E;*3n4~F20L;Ss zDjRx5p2ICg&plx@F3GyP)`q{-QbKoTLV>kt zxcXkbDe8}kDN8dw0JDDk2&@aTa^8;7fK1x#_|BAz{5m|&P}Vx*>+SXA&Fz<+H=lH zlgSQ>`D6&ZrCZbB5aw7_!nawT&3g(U`Om4{ zSG2`1v>gAI&Ur%kV8&XWe)T*``}vWd+eLQNix=_Z0c=-j8s{54T}EkXe6{oRwTpJ| z8JmcvY4?#G{{YPY%6VfTI@EnN%g0guImUgDBuLXZf2+ziw(A^8a_phg+Nnqup@(yi zVF{#6eiu(aOP{`HBxBM)MDy&E#lFk4B(Uw)Ktv~(vxZlTzjtVhUuHyOKqgrWW3jVz zS(UZ+pNM&hM9%s2UmC`FNaZ^qE0+|`ceF>zcyIi`Hfha=<5AlNw7$y)iI#s?6iW_& zco8C+Oj_4Pr0hFz_FA_=CSNJ7N^#y8Rk+yA=DhNf}%MIy|1 z@b8CB7S4I~ALq7c=6i>_cJ_7s=b)nKxtt;&@mq!_Q{}n^EoPQ1*xwL zegiM^SYC|dj9q$)Hjoe*Wh}`VK~*GT)yy}jQA^|11J+}KXqdJRp4Czd&4P3P01*E5 z%p#!C%7=c&*87nZ{$4%HacK+I;eMnGHjpG29pilT$2>RjV7N6bKY1_xYI41;%V_SU zi0l2$PTxWdOnG+V6&wuiu^#rLFOL6(%dH!E7qlhx0s zW~nZPQ-XKLDa_sJ&+fH)vX)Z+OZ#Zx+o(}%ed16FnbJu9JrlN5j`fb+5nFgj$rKwx zwTUQ&)_~YK+RqK}v`Q-0tcnd_N^E#vE7qH;;Mn;$4v5TZ0^hsTEVjlSx6&?I+hj)f zH5WQ$mA3_SH2OJc;7Agmg5X7fr%E;(Ai5E;~~PTf9!=y5*~cNq)7{(SJiUX`Zgd5RvX+`8o75%bd)-$ zV?M;);3H$;ZbT3$3Ta_l6NOXZK>oWIq{3<# z6E})U!#z7280+02HFaB_O@bNea6?4abQ2MZ9p3z3b|nLwP5coM&gCE)9I{9Rx=vbzA-V|r=noVWQRkm} zZ={uLZ^X4eutqZ-1#3^O!HN2CMq+hIkh<+{97)^|M{DZ;c-Xy?r*5nCl+Oi>xbFbC_ey1onp{tOgV%V_z?kbJ%<*Al;?0A}_gdio_BBdk(+&1?pGqWWJV}RJiup9DJgr36O9~lpMp+x$8c43$`Mc_=5D{u1(I}s z0np0qI%pe1!LBOg*P8@0H#j`pZIwupU}bG$c#@GvhyFk{JMLa2+?I9 zQLHxllkSC1BteJ%AIos>-JT+6XsupxI(HE25dyqb6fjh8 zVxqrP-JKgj&>ZklYDw^tRVe}o*!Arua+cdf#P$m+3w)@J55V-*QPe5u=1miX%T^Rl zgG{|jDKnHBufci*@`sg**~?nQj3qoi68+C%kiHbrO}+mB!npr;>%_Ose*w)CrtEfz zj`HOdVg!=(U`L25`#oBhRn-I^ZjRTCY&m8u|Ms75v051Ip|E;(7a~0@bb0h9iBxqs z!UuF4v)#0NPf&pE1NQb7;u@v*J5b79K7%;(YD1|EXKt((+@Nc6q?9=UJV{7C+BxiJ7<3^-A5*~shJ+fl5Bd% z_y2a1O>1)*YH;ACTK|ImDOJKSD^%UHUfDXESx~W=FKFY|m(4U(TZJM()BLnREd0Fc zZ)}Nj2gOZd88*Z+m7&bdqaRVyr8W_bupr064Bv@vsSqmsooJ5S5ZsoM;TvcIUwkc` z>X#Y7=x0RO+7Ci$QXg2%#D(A!DM)2C6c^1S$DrCIh&CX^8*8x1iZSs|Qh}M}%du{# z=s(8e@r-|_#CUP7GIvy8J0%PAc@dL? zjL{3VYUX+hFET?uLRY=|$EDVQjL)1xJW(4|O+Bs>xaKaVrJol?Uny~IxC+d?Rs9ZW z;18Cn#rPv$zzi_R^~}bL+|%CbvwDVgM*pc-PG!bM_Rcb2&10o8^9Hr^QIOeNaSn%B zlxoH;Ise)N6v@20ESelNC?t!7USA_<(pS2^$W45O^ zZC6JW;>vbV&Yz|)Hu0EHqPu8ncv;oo@O$*i?`)9gX1gj(bBnItJ z8B+$8m9Qfw#^mT9#nPr~`L?^R~tz_S%S(!9xrUC-}3Ga2as&og6ZRwMrWegJYNOnTU+iOJr$U#_^rC4Q?? zM<2s2`xzy0N=N$47Jvzg%f$?Ehlg7+OPSLu{aQ=XI80WY7D&q6+q)dx(=cjwx93jT zHq4`sSHNwSZMkcii+26bxj3 zrQe~%badw60XWXvK0Q}EzjZzR1>CB)h-$ryD<=G?*nmXU{#!C3z}ZK;4V!^l*>pr9 zl=`F2s91Ur#Ax0`bw43QL>4o#T#?)~Kw}{@JTZRXu>-aZrrUD&&(wMQ1pdJ0DM6)G zCgYK2mXf8$rKiy;WT+y;KBX@6oupF6@5(kmZdrdQ4}?`pD12f?VRWgO8m0U$R!FO` zc|_R2W3RejSlrE(gnaHCr?AE}T;HV_WmT8>Rcav*`H@D+

8<5inUMC!XD6-i~5s zqm|6bvTw`TVdpiI%nyTVAfrZ4%ICmvwmax!;laJVLWw8Qw@avi#vZCobY33Rhj!Zx zBd{9A5ana==tKS8xI3Z)p4 zsi*Ih;BDtl+A+}<%_YM7V~i4ei^}74f9Gjmgz$NeD6i}4VjoIiyJ2I9*AGbYV>`Ip z%!|c|pC7Y3kH)Y;tEzvagBBGZx1Ejf3nlOQjO?6}^oKxjxWYXC#eT`Qb@30H6gRlG zip1p*aa_#>XFv>*Hk@*0{e!>=QwM z<>ni!ivucAn?g|rM-NXxj%X5sA~7dhQh$uD|YR}v1j#wNhIJ_w3Ew<#g$OuYe`EXO-CvFnvbtYKL}vi|C^ zQ*&Gj5uN;l*%X^296D*F_pP zyvuahG20b)S~03x>q>}^Wn8^fXBz6Y2VoWVLX|+{+d7K)pqIeCkU}Cn8+iF=xLmRjyo&q#>)%iq7_LX)Q z>^GuJQD|seX(W8pmgpKx^xxHPxEy%D5`#JmQpxMayogz;kJ!Cn1sb%-N5tmm-uPnH zRhCa)O8+fUETgpRR9d)nZeUmTi7`Hj*`L1UzZc-^9q5;K4WmkC6)%(qjhc*`Bu^8r z9GyfcwJ28;%zD`b<7r*Olxp_hm9cAXs&kykO_q9q%Bs=ezLa%-h;0J{=5OeED%R#Y z_(jO_W5{@?3d>pTPvLJ3k~?lScf(tX9{@#-iyyE$A~TK!Al~XuFtpZH;a(=%p);zB zuLRUw6*qb;zAh(99oUNtw#zbJYX9nJIG}>eUb76A#8rRh&aO|YkW-SLMV+Q+mEu~n z=sRasCgrI;n;n3AFFA%sWA_|Fpx}n^V#ifJAYQ(1INtygj2(9S9>D~c{<|qt53%K5 z>o;V}`HJYgklfF#_6gvXDcjGugFYd%(oE1HsM}DwQ*)y-rFt?(bwQ^;uR)EFb4Hie zY86OhI(Wrs65Ivl&+94SnPTBPmRiTvSR2hnsf;N8(n7JQc{dlKV^D~;uf+-rZRJ<%>nv9{c|a0}b)wrOQk+4Y zB1}z_wx84J;l*pMD_3ejp->kT@{ynBCQ=N#;rfOmQ~zoIr};N@0zEK4X=@XJ((_Mk?Z<(KAj@a&lLiUl2cdOgoEQ0j z_o(s^HW3G?;*6XXXUl-@poDVyOJ>kAeEPJc5*tkeBGEO2%y?|#i_uPPsy$F1V;`nRQrBYzLbW!QTjD05;+>V`=Sog^Z|BFKd z1x<=~F1%xM5-!VQCg(9>cg#NfCiC0CD^=Jj@{ZjFYb-LtC$^m$<9dxgyjH&39qM3w zur~*kU?M3F<=2Gbl8S}w z#2@pH0rRVDI{SR4K8GA06RU-jwXnjCIKuC>5B6q5m6ibF%Dl7&1iIN?6!oi$fi7%c zNGK^&iyE+OY%O^|TP3=cXF^_@Al3;sJ2YK{`e#ZmKBvJRt&C|$qJhuKBW^5$@&5boKFY_|Bsf%PA

>MOHCKBDI~m8hwwueYq+$IAg-v#a68<&aQn!(4E+e!RK>0++SYw=tcV^71a;<KWR(n?jY}B0DlZ71D(s(t%*5~)wu=jl z_yqPtyl#!wKxxu>xW)E#?u9S6tTogd`%+5WnOo)I&3fB_of_^+Sn2-cJ2K1ID$|vg zngwKF#k_j=A8N$%9!))ONq7@U369|oL-m?zp~AA2C2LJaLgUa%_mt@b%EAVX6BNdEf%Mg|XpC(Gx#$|# zeX5n62WjAh1A&Jdy(MwcWDg+%@}6GvFVQ-N%G>u^dg1iuS}RB$aG*cgaCP>Z;opjy z=1Xv=bDYyN+iBZ~dz(9Q4?++iJ9Q|}ad77&exXMH!mBC<6Q?{om8v&Xi#Zq869G`m zJ(=Rm$P!~A^ID__6)3Gea^4g88f}u4-FE7uCSqw-A0E4H&CCk0V%BP~9auYXN^YhT zRp4dgn4!RFUo4TSZ>7uG7Dzq|o9v~Jw`6*hZs~Bpt=7RnOS;57lR`sR7N@*}D!UdqO=)Du) z2;-v$tZk=3tIkrO)3)6Pdspqe%~@3+hD_1bq+HAJw_r^Sg(M2}cibqg|3XDUuRj~= z`Dg^1m?>#wt)H*yS+#IM1(&X7cW>`4X3)Ubtl~M2=G-M*r^CRZDwQTXYC-ync{Zv% zvQ%flV_$?|r?>jTjUk!q0tb}1M4)3mIDS2Gdg*mn`tJH)7qc$%v2+3Ep2){H!P(FV z=0b2~voAgpRlyS@zG`&pQ$S)Ux~~0u7oK|+s;(nZ02V5qaR7Z4QCLbIl&0(CEy&JZ zXZco{_>|2~w^bcO$vQ=jk2I-uJe>lMs{>WXPPvadIPk=FQxg~A zyn$o<4xS;R7BsqUfRWRXj<*zH<yzEj94`G0pRAZJ}`)t1nK8|$@e@#@Hvs&{2d0R3^8jtv8%F#?s zk@Unt8^?B-I!RfA+xD5JRp7Lo8W(32i)w>XhkC4Wv8WaaLsqLa>9AMRn$c>;ipC$J zkakX(UZn4>c>!V?{*j7)$SEJnMyINd*i_DUA;`$pk5w>f8@PFKo#KU+O+#M_exeZs zv!YV4o2_&uZP)Qv7xO-_a(jF)^^{uw#XP_&TF zIwRIw6QdJ{2#qU`ImDc)xq%gM39TPM#(42g9m4c_kwZ-Dq7CnF8if%K`2T0Idka}IKO~`QSPe5H8U@3M zwSE>fv_8Ke03Udw3z(G=%+%OoSJEh>X(l_=U38=^8x~wPRh$NQ<5je624_;KPU|x2 zp-ci8xb2#csS$3}r^0?a*vVzYB_Hbg3qWHe0yuo(9h02y=UzLwVoehV z7Sc9x549ioGG}TQf-*vAyv&h22Py%_H}FToTt<@X7Ces8q#df$WisvVbPj0<4scSp z?9IH_`@)#;%EhN=m?M`AbO_dF6d8|9Rb!W{$qk_zS(lY5{d@5+`-259?Y$WbW$Ty3Q-cQ z{VbzeytMIg-0#(^@d;bVVd_P0#H5}9#wr}3*3l9auXIyu`92Uwrt$MRH_P8C3N3#9 zx7)v`B~&?wSPe^u^|2|j&zG*y!}siRBLX zWC0#i=V#?yA3#93EWdI$NZ4ruS(ro>I7Sp$&{CK( z_RxCYq)V7=ZPoDPi{b)|Vk62cL z9s%`g9qnBqcRYMU)8_bPHWPkara08gQRN*a=U%Uvrk#wCMz8DBS~kpyDn~}=qG;pauM{MP4qWIL|{O+`rnyBF)0j;Wp zR;gH2neBN+QF{}{&_4j!eudGsKZzX?D$C{D(;OtyyFMU(L1s%Y=*)2Him+g_;bjGp z-d^M)Lr7KmRw_T(h^0N@TC}q=Yw4XLW1wU4MraCv1@CwZzvQgzsgFT$>08BbQSQPC z4?IrSaH?`9QMtJ>QHv|A79S2_p7$jBQU>}TRGyErQ=x8vfqhtw#OJ@eBXx_-qIRfYR~hNQ0*H`nTQfNA{sKg)+tB0mnZ6r}?w9DZm4IX$q8^--kDNd=C4_jG- zgQm4Hk}pE`NbI&{^kFg>j{5}lq)t9dBKIiIR6~fn<(Bbe^6Gspl$EL#4P*Q^WAI0Y zk`bTeOT{~3z3-_zhvj9G+Y;(=u$rbpEgIIL(A`|jE9MvyOS9rC56B`EtU;tKRgMW= zHT(ro6Qg>YI=E+V6-3n2C|0iG`j(n{IYNfPW;Qp(X6$H3weOHbB*v2VyMryscGkDA z!~W$jwNIb%{*>D6vS==!EXN1q6W;t!2n3yw_ z(|SD&PlPl+5!;}wwKr~~t`;tr9F2|wdo4tz9NZ+Z{J+ViMD)>;bb2Hg8bFHk!HTZ^ zY$UN|_#Sg-u^JUZ@7d|cucL;1-R`+R&SUCOYF<+#@d0tSmrGW9ANqLKr!L2us~Qh{ z*?O-*-+p>ec-A@GUBHp=9hHW9wVodwQx5M#8Up=LqV}U^js(!?5wr({Rzbz$Uq4iR zHe7I;GbNIm~?1eE*@yWR#ML=_&?fTd}HwQNn?gX$H3q>*yo1=)SBI#)7P_usAuZBlP zo#GA?&pha#j<@m6RXz>OVfzKjROQhf+Nd~>(u=9&QE9s9EBRSdQ=KMdpoKT^d!YnM z*PR6+hA^d!-Q0}HlZ$LYL{$UYD|TvHQ>*J|$}0B`3cS&ZR%l)-T2j{fPO+$FPC^@x zqR*5C(m1F6`L${kJ9w|k-jH*}R#T{=EuD&92)W}Xbm(Px5s`bH+8sk&VVJx%Wwb?9 zH0XRIPXlk%QWHUjn=T0hfe<++GirE>9t6u1Agn=m_@kJVhx>Z8dU0$BO|Z$GIU=DQ;BcrO9&@B z-OMj@>}^lkN&AhFFM@P+4WO5;{_afB*+54N@d0);F)YYAjb$gad^Fbpz!@>dL#|QH zgF)yFZ1oinLt%U1!Y{Xi(nduOy>n8s3}FT9obBW%+b-#p^n6l%9%ZuYxFF0DkZEs) zf9J3CJKm0O{yMaHd(oCojuQwPT3}_g!;|C{002@IT|1zj&vxK1l+UsNu;Prw{$%iwdsS^PJ-s@fW7th?KZ4m zIUafsJ~Qf(G_QdGIDr3JfTB53Y~OVTb&cp-<#p=Vw&4;1uwrRwq~zT@KtaL%53fO( z+^RwXpsv(-9gc)`s#ri6g*Arnm0p1yXcLbVltJ$HP|^*FJ(PhGod0N-= z^f`d^g{>0LDiCED3byLrRPRbIL5{oV`k4IV z5O4ix1Fjk-z|g%K-MD=BMfIPK&L8)GeCGby&Hpr)(VbsUsSA+d0NP=TH>GCYS+G9&}a9!Z@db){7f%e*ah>%Nxbd~!6dcB4#c zF2I!@}*nfpEVZ=eItVnqor$;=PY<35Bt1vee9TK{_C zBM6*}Qd7#5V_?#ovOiH{3RH05QkY4#bE6^}`yBmmK1I+sK&BXMa&Sz4JRMtEhT?wl zkbMs34p@J1Ed?Ho@8QCY(x>5-de!p0zzAit9(>XjDcx&)?q+0Z4(l%Rr%>MEt%9qx z5{QcjV@K`+6`;9@%%kre-jd)=*Hn>(<~Q_)VQ*0yS&Kpd+bxyA8RVo9JuS`A55sw% z(Nbu8-mG-p1tS}Ld|c?rS|Y)_1Z5rE7d6cN znx*w=8ex;h=r7o3T~(?gO^o499s*20rBPchq5iI5$WLgVxQ||APpAqtK9bf*t}hGX z=t?(PAbaZ}{4%&Cc5O^|^g6v7J~{*?x*hbzy{?CKrWoV%{`)^x@qxpnfLnLYvP}u` z7@OdQePGiYbI%w%Fv3W2i0^#9aEKDQ4VuRzugI7E?b+7uJ+Maf9(p&3G9SZp{^3m> zJ^;GP^+h>Wgm~VTmAMgLB{=Ww>5c1WLa>j&Drd1x`#1dG(J`uS`vu5J3~Z$K!H@46 zc~Lg(Rp|X29Jn(0#{9bbA6q3&j=Afo>&Q{pE9>pBCr_-R>(rK@vYImdH2faHvYI=$b5M3Ff%l4ccmx|V31muEwzV6 z%x%WXq!Oc#fS&x4yAnFESf~B#+u(q-XtZP@|BPu`zmL{iA4VHg~L_Rj=~{ zqLj3KS`>RYVyv{OW#RMY`d&h~lP^oRE6h_`>W|>oYUeR@tQ{js%rmlw*E%1WV)5ym zHd$2DkkDgq@zi~EJ=YXS#fcX$vN9103iAHeANa*uN1p9of{#dtTc7) zmP-tx(Yd+XpatnpVXEPs5Xs9|wL}+7Qn2?|MjCA+cM%}0GtwwO86V|hibQ|sz6`iW z^)pA)T|y}*4qXNw>*d$aF(z+Y%xKk&(Yf0QQ>0(ST8bAmdqZ4i!7n`JN-21ir~VD! z9BTWXv)(z5Zn!y`Kkt&CNkxAxH0Xy@eKzvNeA!`^at1qSA6W2nV0jx47%wY!a%Frk zEK-4oo%M>``wIVkCXQJ%TUQ$8B0@B!nOk&|;DQSo&n93r85YJ8)BbFP1KUFT7)syCm+wF2&uw1*V1zp=OHsoFmyV3DYO6fS1E7m`q&-a`v7&9A#mV8-sWbih! z#m+i4a7Psni{tunNF-h$Hl{_!PEGq>zkkMlHg!`KM2s?i7gFPGRul6l<0eXCUgs6fDqpxYmd_p>A5@jcVxWIs+=u zZ@s7&bc^^^8b#sXjkTSI@v9vA?NCb5EQO9x6V@fIo6EI|%jfwelIjw1ciN-W18lvg zA9iw@d0=ShH7|4vI;hYImZ<&f^b}bYT8&@JnEUc%?rB-|n41x9Lp!(8tu|Vt!21#lim+K^AH?x{=e=>{X{Q#Pp2RVO=x((rTF zbP#0AP%jV~iYHVs#vMThS;c(wGEG`Zy_WmV2w`V(*5tl6$GYNvd(lE#a#O~?A@_&b zOaPHCdnOO?`K|Yrf#p;cm_RzJ!|k3W1cuj4c)m5`w|jDZT|9z+th@YDnx$t#fCyeD z8eUTW>P$W*GG&S2kNl^8yitF++mNkqtR0s~`-Tb5KHC~bG9&epv`2x~YF1UM;bsG; z4-018oWYUqfokMf(PjWV^5w89lt4*AMNDZG9{nyeQ^!7FC$Cn(r#qV^8?;qb(eBCIfeJV7obu?#XnSXKWzNOjdkW6h}nmZ~c!*oN!vbqk0a5|4gL^nA0-LPQG zUVxwo&T^BpYo6Rit@zlrT@EYdzT|ho4UQCvqu~u|*ba4FL)Wz-N7h3r2}J~1RRZd= zGu1hIL-fLvaghGuR%$xL@P8_~tMi)vaF7fmEup+V!q0WWQ36LE-ibH+B)!1{ra zG$O_ysi=X%D#Jq_5CipT~zGFET2UWkZ_A>_412b>BK?~!Sfv}il#Dh@{ zKYRaSSuTUd0T<$wn*9tr7!T$4Bj`@RLM45-zm=h-ULRV$^|EpwpXrK~dHDiHbV-|m zSCddeU%?wxU)bzaM4&#?1G)c&=8kro8ujb)SvXfM-@0VmsithNO@ypZltSUip;c{y zdQK6qn+_OwRmI~l$_>&vY7_r|jZ*rD&T#xSr)gG{kboT3b@pfTV*4eUWQOhBtP3z+ z%TLL&x9~>ZM5HK!H@PwQZ5_dbwAoov@p5?PY%7EFDP#q}LI19cdP4)8gV!yN22tLO zG~Drc@n@R`l0ouz^qggK(RAgpY%7t}xg;A*3ZwQPd+I@EPK5MxQ7r=cMkIl*>5-A7 z&@>}1;BEG3QV{Qo$<@mUhsCEoT=0oZVM)GqgqCu=JVuwGD3XXd+N_&b*gB7rX^{yu ziF?W|$QEWTc8beYuTp0bwkwNl4z-(@=20^hFAlb&!QZkeKQe6Oe!m_$_qqCLuO(eE z|LOtNtm6J@NlNdJXfxMz3o=>Tw`i{X2MVrH5&#!o}sF88uK{ zN>ZRb_?^z}TRyp2`T40lVStVzX+pzvv3+K2sN7_9s3-|3mmumQB%(X!+DM)7V#WM& zIeaOu8|?BX&!%!ou;ZFIRN7TX*?g0r!Pc}-Cy&bhlqO*`YKumITySnhj@)v5tLwGk z>Gd|%CLoxjZ9OiiG7Agy0>9nv9C_wLgLG>VWtWH2j z&p*Pea}_CNtTXFZ!t>2c4!0i=RvTnPDI5yWSOfRu{sj=J)vRo8&|qoU{O0<%;r&06 z0-JqgLR9l&%QdjYABy|w(J3bOIv&M?_5{lp>5xx#_%2)|KK7ei)KHD+R-W(qHyGVn zfnC{eR&1k(@O6#efuM&C1Zs=%8HRXZu*Z$S{Ca1#M|Aji44A9}{*+n^bRM`^Ulr5= z8v+t^tr&w1`gQ`64N5bWFi%3;w}2WM`<8en*Q>n_=(?(-M^?4rETHt#xL|bapt|=I zM+!cIL3FC2dO%O@49O58YOOO&8my%hYz6fp^M{GZv}F!)G_k|{mCGekkIz{3JBh|n z;ce%jLgN+dZG5M)9S?Eq?6qKd+mk(wlMTz#p1~4Q2frigO=UY4@{^&q>2e2*>vSRH zzU~>(I$QqJRoN*P*Ul!$TZsB8)SJsed_`6FLRvLLq5=O$EupohE0Q|XcI@on&F{#6 z*6~lw=B}l+2v%cpAfEMdwIY#;Ua9+3dCI3oYlu;dE=9>8)k?$MXPQKd zhM(~;KS$kBk+MQlpRg6~^4cORz%8l9IbGkJ^Z^ zO@^37|Dz(pff6r?iO0JH{Wt%6PWg(@h{FKhzkmqx$jZ*zNC=wfclf_sLg)ZY?+Kq_ z7w^Qm>K2yns>EfJK<6mJw|vTb8c=&KZiQ2t5igMEjBnH}qP>MUCI!iQNQ@hos9tzI zXDgv2r2!9W=Td)TDNx>|LYb&U`>rP1sd8cDkLfv-AUVQQ;Y(*dHQ#;jo?e*AYJ(Hb z^cYi;lT2Wa4zE)~fdGM~bGp0od9$}!0uHpop6*Da8{BPLBt+7Up)2a1f3SxW0(w{* zejL{%+I%79Ao@cV%;r~zqMNM;L5ji|N0A{ULI94LA2P_Y=d(k%=>vSo1O_&ynGji0 zStH$%9i9+Bh@_`^)8~izs_(DHeiAyue8%miVfzb6l81f7fLA2Rygn*-s}|Dg9ub$z zDfN#)MoeMj{ajWT*uSrFhcJ6#h?KtqqL~^VPOLxLvDeaCiTCLxruUh@u>G@#d7)$w zYHWf`EgXN49^2NWd>nQ%n$Hgz18Wx1RgENzEkMaenWv^aaoE3F&~q|vEYrt z_JG1zy@%{;M48^Hq*u#C=mjl7jZqJz?B04PD5Dwef*;LfHIIG}58x^U-ZEW6KK_t6C&a}ng)(0pslA7mx-d03 zD)E6>vF1pfOC@`v53a^9AxtJ28!t?kfMdm0Ls{YD`49S%lyY;aAh6zr$pVc@lr?M$ zgF@~GXK0I-$&!!g1Sf+#Q$O=mHD4R29{#}2T?=kuKLVTYhFdl6OW-d&PSo@%*py{W zuc5j&wPFHh?#XuV(>#A=@(<%?6OSXEQw@$M%b>?wQgJHw2^GqrX(kX)2^gBKUf@>Z zdo-NgMS1}b?|+Nd1F*JTNF&(h(qKmuD)b{bvCdUlO4dUwEO*_vBsRy$TWWCnOoe}~ z*4JK0oaZ&PbQHeSo;(nmaKhlYC;&0Hp;f87HBva5(ZwjtxRcPPh$89qc?YuXN>^ z^bVBaB(ss3$MEf)8L&4Z6Do=RO6x1Pt-}147%)*3 z@Mx9ALWtJQiobw?P%(4{->sql!2SUji`DdkJVsDdqjI+j*ll3=n&ooz{NHF?4`GF- zs{sbqoO6G{abkQyw(lgdhCBY~cr7r64cS3*vH#%=AmnrndO~x8WU4Qi+P*KF+MrY7 zUuGx~(ycym&cWLpa?sVCp0f9$A!~RsVE*E*#V)IY_bbpH3vawil}WS=|3I!8dPe>$ z&v#Pc@Lah>oHwH_6d4WcO+jR7)aXUaT@d~5UV^fT0xkrGh%RO117rQcoU!-0D}sD|MqKHKlV z9~_(|uv%4R|Dpp&)^2Tz-20$8xIwcL`;)HNhQ|e(!@_Wb$TQ5jO{r*IYGSD+udNvI z6^CV$#FZqdBTNUy3$uE5W3jjjy#sdH%~J$D}7Q|_kZ_| zfN5^>ZuePR2=Q;~Vf#qu3`AEKA9t<_sof(LJ*{3*9|eWTcUbaIBd!0$uN4rXDdAV# z2^k)G&xEpK_f|$uO19yi1B#Z_XwE;Ib;Gu1?bMA}~ zLBpwjf2L1Okp2R&INad@K=26uGT0fO44I2W+lciVl+nfN z8n#{365Az=$UnaetU<3J8RrN`{>JZoiQOrZtIz|L7R_js6xSLHjOG^*B9SC znwmY{Ibhu%If9Dh2pmVaO>x3w;+IQHYKxkL+hXXSU>Fn+I{x@%f>=p1?i{!x$Oj)I zH!uOMggfK&uot?7M-RV^zR(_dSp7{#@F-ARZ(EY7IrJ&*(PAl>mbBEXnw(Iwi`g)f zQQ4&W#^-i=yP#%W6<57usB5kL(TusiTF&RX>=)ski_8To8X>ns`UQfL8bPNMQSL^x zQH|Bi-dA4E!ge<^E^)Z@1mdxL;|kqs#7kb_yy-02rvxo8Qzi~XD4A+24F!4nTxjd6 z#N|GDrL`NROyX0-^e+COHVoN_p&(>9!r3Rx0%#OqyKsHLq6HIwR3it)h#^9m{p$s@ zulfXw{27~&vO6vyOG98H`?`Q%&2H|OilB#-7;_!?@&Z$Xq3ev(r%fN4DK^Z8m zLk;`yTBg+1dOd31iLc<6!8|!Ijl4h>K`(UADn9E`rIPjPFO@6yJRal#-iH`X_%LmJ zqO-ONFm0&tdZn;Erp`JuNZmw; z26$d{P1>&zOqCwvoRgFjj!O`C9vLPrV#uG>e#;BZkVC7#9~5>RpGVsr{Hl zzhK-fdAq|9BmEqv5L3NS>s$=V!>KS?fJlTiEk+y78HPPAf$dbJ2H{H;_lA^qDkX7HSHmY&~ z&IG8Kt1oFcK|cqnVpOK6qh51W{wVC#lc<&vWd5^0D=MwMyX79kkg`=@$oI7VNLbAI zDx^H*Zm;1S_K>dUX1}WyI6u==p)VIC#_H^mwxLd^IzCiTH{WbojeFWR%hDN7XBg!c z>fD3JFvPD?=J_L0RC3a$VrlRZ(-PKUD#emBqgKK(;e%YO`o-_mN_+rH8P4a5B^2-G zUagm5l$stwHx5;aXVI<9Brn$iiM-v9x{2zbnv7WU#ere!Kv$ASj_c7mZrqq60${$K z8-xEqD5K$g`_VV-j;>!5x8QHH!id08>UW>fD$AY#$(0=Q&xVpaSGwwfuGv2a0Ci}Q z6e>~5*IrKu`_t9bf)g(kqB_a#D14PvX;WRt}h zr=E_JL5zmk4@J(|xI)fj^o))n+ZHk*y-7;Ceq zLKq5Y^5QLwx3y&c8d^0bATyy>en11XKMJdWoazuyqvo3xleU# zoWeXve>7A?<>FjZ@+l33pUeWcTf{MexlCfxV+4r-Umva~C9q%i_CqPdq+b4Y6yU=8FnXUz1_7;ps#qK0|F^xH2i`XbJsz zRxZ9rxg`Pz@1OE7*A(WZq7-+@eXyxH(0-~zENR`iJHs&8Rek3r$P-lnuKil*8O3|r z_l5gBk%*r=G2L-k9pEBf_1d?>sTSSy%$diB8KB%J@+`R$3*%MQO)bq99gEYN*s5}>NLBRfrNyultPe!=r%}mRon)999C#4}O5Xi{2GN5rn=e_nKkiDDCen1J{Y3)hKc|qC8V)aNGT;m5E&QA^|OyMa(;% z_J&XiE=q2KSW6r3O^!7O3q_-YK5qYdi;cwvLPUCq8lT=J>ZT=r9y6xPs$Rnq_MV?D zjQbhGlM|AKh~#`986IA6YRq^^?sNjb_Pc5@-dVexbIXQUtgYJCsm2 zaGUP&M1)eq=;UVHlF2aKN!-K+wAQzhrd#}v?0Vc?H{esTIF92YCAIIkgqnw$ZVBWNkK7$&1G{{ZN zGk!)&^Tc!7eihmmUpmPS@Kiaxe(<|SFcDrZ;^A`71P`CZdxrm*+o)e)J_mw7>DMn? zuP1>8DG1Us!%s9}LDf*<$(;OPLP-NcBP#fF%-Jd_*E|nxSxqg1M0{_2NW^n?z8Asv z6mW17Fy^zRA$DR51HVxb5E4?b?|y;xfft{0GWy%m2U+~C0Kt?vYqHeph}N8}J_7lS zYHv?1CtKLX))ZsYrx!k00(D*!T$rpHQgW?tfqj})cBn$o4g|XI zsO@l;p56ZE6#V(N!#JcON%Tvrp;L9J%R3a7+J|bmyCp|=ggJrfTy{QRQ&?svucPmy zWfi-sbthlc(J7yc{J>h!lrDYVgLQQGux|VJ-jnw>D(97L&15LvP$}zKeOLP|G6E(O zg%u+a956nA7DoLhDsj8^8#fq<2;J&?T*#tbg=`4^`wRbs8Jo~U@?k%p(!Rq&ii_Mw zoIgSSb8>t1Mka_lZeQP2|3ECs#h=gq-=CD{X*wxjkwFX0f8zfF#J{5u&zeEpDqxjN zso8^n@%jG^kN@Y9@P$)VV^W`9#Pj@UHsT00 zKV=1~P26s?sFLV(dBXQRF2S+dw$m`;(;7w-N)otI@J}%tm+3(vuz|FLhE1~~nTb0- zDdLa!*YFzs`+~!<$uEqu^-(f=8ML@kJdClqwpaaT*7eD{#~r%n0D&Ay~`gBzp(O+idu9~HpmT$eQ3_v=V>oc8k5lgZDc+W#onp|tF- z5QSEjhmJci<{Y$cO&C+1r3{~A)z}4BID*N=-HGd-k;8GVIODcR!VMujg^gfh=D&%G z0;Rlbd5gwJQS$1F_sv4#vb&EaLt21ssNzg>V4J2-T^9i_u}YJes9=s`#5VOrYQ~EK z!zoAQin^`guo&p42&O%!A)19PO!UDp@(2d>*D0P8%z9r6=X=yB!vJpeIeXmeM_tL= zgs?=lG|41d&(zQ!SOLB0c(25-6?MA-Mq|+Cr}ASDbhZ$q(7h?X+U4PiVBckwHzxHEc&v7Kd!G6YveI zU(GEMQSC4Ml>!@h2aktiNy&ccVpi{y>S!FXal<+i1@*Hb;OiSz@ie(N!iVrU%_f6r zte3ZK3oT8(Gaw+Mz%O;$a7yA@p+w0K0?Z_Mh9rXqOFB?%pym7LNHm^7CwNN(*BX~x zP#81|a#ju^Y~Z3!3TBZ;Y0ywjfMO*Ds=Z9K{ne;!@S{{=G`^4A7~;0e+>@`BVax(F z7~c^CIpjRF#_=zpA!y)UiuSEXVID{v!ts3Z?WzpWU0*@(mO4-HUAquIPLbGH%+kug61FY`;vmc-Vr&)=Q%%?hE zzqjow_>w9SAmorKqO&Y7qJg>)Acg+RjuZll{aQ4C<%BXGv7b&fxQV4`-n}Z}O7}~S zbrXLrtg)j>BX}>P1SaA}2xGBFfkr8o!O#4Z%6-Xe_DWTlLJdP@tOg2e!>`&~5k>O| z!*)~#P|*aAecjj5T9jB2l<27>(L|U}y~ulfi>8V~lU%0zxG{yRBMHS=4_yTxFW#pF zmy~qP(x4&?yI-*Fa14YzWVh>!Cod>C-+wj5(?pP8UhTAIZixqHmlxUt>&u1$TB7x~ z7YF&_GvPSzmbvkrjveB@==C3rKFtAV01~+*5GgtM)e?^%xV$ zW@iZipE({Yq&B+kqddz(7^CitoHSzX4QMb35_ukLEqWD%6Cc;oY~db7-F#9nZR{C> zn}Bdd+_)tlo8$Xj4Zh6NHMAQllhjgbaQ3osfBdmU9EQLz+w$Z@{2Ruo^3PsdE1C493;w}QD9sX zbf8&c^%o$c<>^~1j9bq7wAQ6igVpF`z-pY8Jf*W67-KB2eLy`58_% zN@06dJ`7qDwYPo8eBGz{%XZ}g9j|yf%5f?A!kB9%hETS`#t;`;H}ka?xpbGtWb%V7 z<)mZhA4s3-o%AW^f8yRTl43ggz7rT>!r}jH6cDTi7DU-y8RNocB9~zzh(zc{ zt3ff7RwoCv!9ngZ$XtV!Rg}4%E1dFT*huL+wf_Q@jMxrcB#bBYP^t!S5OZ{6iqV*^ z5!%ZJje3uMg@E5d-D>E>rJh&vDY#N<1u7ZQoBd%rw?V74~zs@cXp`ZY%Ht#yO0 zb1qDra~cc?op0s)7ywXs?rrAnrbbs6lvEw1G+Q!zgf6hpIEL!h%>u(HhEpmrNZV5` zNbBlWIJRHrJ(K$6>HDRbyy1kvK~17s^UfCYLBtu~$aEKZ$!Ov*3t#Z^TaKtCE&*XbwH;;kj=1P@C%CvCaFDdxVkR1ThXa?)t zd;S^m=yc_ZgehU5Vea^42v=+P*IjsMh@W<7=(d9u_|b!u><7o(ejXU4u|2Ev(ohb@ z;Bim|Zo+oqQgZNpfU6>l8~zU?2pq-?=U|2lk%=)fWI8T3XWV`N?&4S$-7p5>V14ry zErjfR|L5pE(`!{Ljy}5f>v6%fQCeCgt`wyqOmMjST$Tpp?4aWIZJw`UtJ0R%HlAUzB8@e2&YV za*k#c3lLj$BEucY(Z|}knzGCUA*B&I>|&7{OSL)78N^T3KdOxC=C=`;Lh?+aE&6E^j&r@diD8YvR7LJX*o9GN=#n) z65`)g32|^DVip71QO$Vbg%iYn0FbNDM1|)@v4;@m*i1E0e<80Bea860yKgQ{X!BG)!O zXGGuf_8(t4=l z9_*-_JfwG|ZS)!72wj}PE>n_my!(;{x@mZ4X~#n+6fazP)WAQdTd z<5NUjce{ty@_NgSr}rJ3JtzO~2-h{BdD@N9yezio=u>$Lva{EK-f3*3OIBLcw0arQ z8%67s&_M<9bG&5&i6M@G4s9?!kF18>z|ZcW5?G?!8fabrOC?6RL^g2r>9tZ3fZ zMNrvHmyN!DzS-_PQg!nKJxh6sac33+!&2??O9z4YPy_C73j(Kw{3gCj(X#wvLbIEEjdi4&-{R zcBK$SBc7E3Q+QPP`+8T)&G)*mTSYTvJzeF}e`B{0>W5Ujl|eRGJy7M9+r|D`@{JT~ zPB=UHL-LQJftb9xJ@^I30fwz=uUJ&I+f%eZ3W$L&YL{?33Rzf=~uoolnip=nb#jT^yOErqaZj3M6s zd8@l7brhbv4OoB&h_P3RhGKQ;ojGnWO279vLy^j<>4@hT9)=7)4gE-3`f0WAA=mO6 zEuZnyc9IhRs98W-DZ@|NpJkYdC~l2E@ZL>W2v*g>Nz=f8v>yz#CLutY*Eu!s8-L55$IT9n{Zw9lOFtGyC;4_uYQc zVPOsj$5wf?>1bD3Sg4l3?Oj~~zTA&yXZiQR_EG zW37QHu>X+NFqbz_FRn4E>|-R(BL+)RgO{=eV6S%QrkoW9Z%&^GQ0m>qBq+LW4;^Th z(ymMen|aTF;>CUKXEbLlD+P6R;q`c6t1s}}%M_KF)27U^%4x8N$gt@a9%RzdgWJ~t{e4Tu?%aT_IHN_~4ojSN!$+}`OD*-eO9tb%g2tl7L)& zn84kTJYA1LX_Ia34l~A+aie^5qO$-(ZLPXzHr5`zp3Gfa8TGTR^$nUD$S3t`X%X!D z%MW*%vJ{BvwjUY|4U=DzP?T#8`6&Yvd@}$)N{o>B_ zkOplLRt@2~+JCCtAT4FI-HEN_)Q-;BS^`Zv9`k$qr>_)%^D3)+cg58GjlEUA&L3fU z(p4}UUIU2iL0Fw;I^F&!E|6yzk=4!2n~|&!F}@b--0x#R~3nt$%O{;o|nFP$$akIt>E)EEsZ!_$WrJaaa| z7Muak%#c*0j!$9|PT%6`R((ZNBQR|4QiM}7CEZ7UyBa=rJ%eaP2JkV0Rt*qr(S%qP zLaNs}gg1@z13)u{UAM(Z6`P_P*`ojcTds3vKaq1-n@~r=v{mlzVMn8x3m+^5QWygr zw&MoMOuXp(scRO3Y?&<>+sqS#%*>koOIxRNMHeB<0)+4!-)z+yu?!QK@2oZjx|xO# z0Se%<`R}hz0*bpLES{E%pziLxE~QWSaWW83bhr()UItQNW`}B|{8J?CoGGQ`ZW)al zHKv36wrdz0rer1)GW_&S-ub4rvroI&JxN1G?)^yG4WDRiZje;dZcOS&Zm)TEe-3mM zQLIt1b*tm;^R!cnKl&>XRV)zNbPlB&$f@G%@}1G0JBIgG@RTH>j>D^Nj*-6};K6?M z3g55$5^a+Aioa@XZ^l zjvA(JA!CqJTQummA$8kw&mb}@%Iyn*xDU}McDiHg5_vg?pT^mTw2V%=%R5}DS8kE& zO$XVqWGd|L`O%YDb9aq4;={m!*o67&upQgGrx^&1a}^oip2K`e^#2tsd=b<|gB#JA zFPN{tlVK(0{+16=_|5;j@UHfD9D9o}T&*(AIiy*498=TTJW5*)@J)lqis+ZuI-Q+b zdwZ4ga3kz4waU~kBD$_J_)f#%6~INb+Oa2(xuv3gNat?enSFxiMNZ$vV)(G6y>6vZ zZLbc#My~~ZbRv=@??_MU_h+ib2>umx4t>$rfic=HARC*KM(SxbQr}XGVpgGrhb7;e z&`p$(*Hm*eN-`q;)XX2JXGVu+FI(Lq+$`IF0i*m937nLRr^Jy&UXyw=zS`b7goxk8vyghBUjz`z9;%r)AD-w~pcg~nFpB4+_Fq2VICvCHsr)V?PaU$@ zdH$V?tofr4qU#h&_6Ox_JEM!ptDD!<%|A)9J5~sebPEf;(z8KoE=j9z!J}RZo?T`t z$0v){U#aMP&3F{9f*pxr6PI=(`*3mN(MMxi{NrX}8f?i43LyJqH6@M8XUV$|ewa+e zoR=9n*!~6Z#!;EpS%|mXhRidjRGq3^z{`~P!OdH0Ce`l@lP6Qr9V9tT!IbFv>T5ci zt|>=l3ETVbK$qFS#_L-XX=>EgLp~5fp0i+Axxx~_P&1z-e-EB^u0jar`3@4U6i;40 zQ$&isc!jPE6XxR1eR>QNmO#C+b-E(TueI)}JnV-Z)HccM7ux;Bet5UTVb?MtNnxV&((~X z{|R1moKhAXqXAcUrtX(zl}VO>8mh7$6o{RBFFZx6oFY~f(^%@*BxPau>PLTY4;B1g zq`V}m1=Fc(gmg$i1au3;6tYNS0iD~iYXy%!thXu_>PExQp7Xs@}ejhpFjxD(b zY$B4@7VxH5azXk)PCQ9;u8+FQGpbX}CbgNcgN0}`f84409nVSjSMTP=@zp$mm_S|3 z`JI!^DirS8nT2Kix$QX+k^q}y8^vd$<-G+rbk>O)oep$a=-@Q_3`Tf17qHr>M_1?Q!D zM%?-6l(22tSmc9MXbcSv`iKyZrk*i6+;w+eYc%&DcB#$(K?*hvLN-Q($k>Q&^}V^~I3mfU?w zf#o?1D(uXc7F$p9N?o7S6n=CYQKy5)qFlGyKA1^&tG0;Q3?`8 z1242a#xSl9)Oe!p{3GFaPj*OSp77XCQ{X1NDU4SGk(QEATo{ELQ;=N)=Q+70S)=BW zlacH@pT?I_=4*yKYa}d^t|j|mM@oL<85!+ekQyOXV`G4ckQN1uIFzJrc73I$7vGgb z82t_m5(pb!aRd6HeVOWga={FoCz}1GH2n%^u0h+PjL$OoFK$0x_ zU?v%TDGSZKfljgr@c3ohl9X?&gi=LPYyXG7`(Yy4#s*iyvQeuXT=lEnmHHl` zG?~~p@p?|!Y1QFaZwN}3K450N+yYIwA$H zXz9_noam;j`U`=wAXlj zBF%Fv(uNsMi3-5F-s@{?3|YRsIV_qA7iuSSO4dnjZ>N9U9T0snHx#P7Nf)Q*4W}+6 z&OZlLGNq0^`R84>UQGsLMO&1T8M=mZ@Mm@PV;YTmkE3LHQ?oK&+IofZx5%$z&OYMk z-PJvIQhx+2!yT9n77pmHHKJb8r6s*R#6FWWgiApw{Auc=k`MW$P#Xr1k9PXj9v zRRv-!bhKsj+j=#R>|=q(YJ*JQSF|-$B*Vky{U9No68$@=rn7{7;8^uaFl#v!F1nz0 zP~ef3<9U4N^K}HKG@w*!CH9L96(MqjzxCIffTH;F?ovGcLZ)1*_++ML7nN!o{{lvu zyX|xH>H+2!cnr$=7r;yxoN=ALKnhvSQaP%Ti!kWjp-}73HvX0&6&14C(h@+3;#>>P z1uIi!*mhBGJ-2;|#~nDq?@F8t%PwWCt;N+X)LDEf>w?2GNnoDd(q1QLQM@^xuu8ke z&4OVX&R)m!o%6b{h(p0G;KRu5)LahSPf#@rym&j43Xr9KQV&ej1Ayb|u zfZs#GW3`g0jZTj_seN?S_ZTlbtZhSkIHGLg$^YcoO(kk0ksvm2rfLlrV|ftuj%gUI2865aZyz1dVq_Hstw; zdrYj=qQGYA2ioIOEflSee<6T@P_2|d!<^T^();<8GG;nr&oy2gyfovuP`Qf$n)M9$ zWRFWAU3D2!jgI7R%~VFM=4_@s1<5?T3lVLV^7^YC!qhU{TvLLX)*4Qz>JPqfBU~4T z1GC2|{_#O)BBdOq+LUM!Z^0)|;`L;DJJRzPQT*vU0mH@A2rbwm}K0+6b zQ1`JYtyihv1~#4Y;u3{OqX!(fa%b7Ell(=QsmJ5tGV|`BGrhRr4WdkSpi6hX$N7gZ zvqN%Cu`yg$VdrkAiT@-W5lhGRZx_wxO0@y@RC8zbhPsGaMmn!JMjeyFR|Hl!UL2%L zb$TFg2_r7>tk0g03}6+HS@GH%dOvAUg_1MRw0&w>6&WYd;Hj6BuF}AD?lil{vcxrr zR)XNDYPsQr#ptY9t9#}IR#3kb?xgLGsi|IK7`jBe+qUo7Vj^`+eulzKUVjo zyK&JMxY;7|xfF47S`cSQQo!8GV{1LofW)h>7r*xHwL6`LzM1Cl=rUDj!$KEWXWzu!`V4*@`3v~)L#BN7lcDh2ij_J4Y zr|~D$w(m-|Teux^b{C(j2OQvmXmYyI&^y2M#!A1?#g*N~i zZ!_K)yrr6~Z?_Eo;6^AX+=Tcd?gU`(=Q*EIAt*I9g$gVsX4Q@u_w4TZvI@%|pYpql z*^YPg=AXjVP(a|%h`ZV36_mjT>LZ=oY7CrmQRn1=satyJ?)8^@ZJ+O9Ho1})wfE@U{1PH{2 zmQ=daH`1S1ol$k=XH1*0R<)usZM5ze0FN9CHCpeto^B#M(rGFjhJ%GGEXc00yeFl# zti=_Z;LE7$jQthRA`SX)O?~t_ag#CElv-|yd`c_KpLXtAT@rv{nl%HD?f~rY7ye>+ zp?afH9_sH~38UjpsFekIA>MaMkQw!x9{~;U6rmxeKM-)eE5nP^m`E@gpp|Y0TIm;D z{zxdGgjFy8M7OSdR;1H3N&mzDPto9EJE9fyintBJM$ku78rdH|CZFcej$p&`*nn9Z zB%Zqd+)P?uA+UwmmVN)ZS+G7_Q7B2pQ#2{vKf2~p6R%9@MD$S=>fQ13 z1#SeP`U=xq7Q4FdQzsqU54W<%u!lH}k{?rz0WL(0PX4=Z_Jc+b@8Qklc{l9VJ!Q9w z%Fb8l{#<0t>P`)6$aKw&jON>zbk)|u?}hCOu%)>rtUgvbIn5H=HcS*~DyDf@4)9v_ zCAK6YH6Qn9rhwJFKA7@_pVm0P*aER~Z;Wy~#iIH%CSu53Amp4|c=T#ru>47O6JGmd zIu>EdPTj@Mh@+VZxNQ0`T6Q?g6>JU1$*fI82OMBjjKSxYQB6x28lW2Vyldud6U?0% z^J$@z6pyCg4+2ZSZVvz9X3@!Dyk>?A9FVr2fep|vl6O>1i-Ni3KDi;nG$H$~Q~fr% zA(UzL=Ur0DiYaf;mO$R@YFDlE`7Q1Ombjs|agcuM#!;e5jFW z^M$q24LQZ61*GP>)zS4CQ^|E1mk;;+bad&f?R4TDQEys)3o)v^%D5%7)iYeIy=R}; zX#VVf#;Cm^a_>iz{NbK|a_n`!QLKtfq-;nWXtBevR@xY9H2{^m5&&*4nbbyNQG z`3EHSgzT@gm`YmU%UU-tV!iF7n1A@ojb)Y^T9;z#v9BR zfGmw(f2QVqySnz&6N_-u>yemNSS@JNy^k97X-t4#$-dXst5D0L(OtEyFu+w#;)qg2 zU`)bl*IDg%+>oFLb(bGv5Q<8ZX+WLv-8Fb)!IYDH55BNRuol}h`127K1WyL?`)CCs zc%u8W-^vRCb)*-=Uv4zPAX;gT(x}_Ne^qY1R!JLLJuw{+w=PNO-I8 zmRy+9=J`ah_%bjOgySz?&6PqJ8Ak#y`TKuOUb8`yD7Ghey4t5I?XEN@Ts8j%1fuFX zKasKM(YN`%(fuhL9bLd2{C-kGzZfGv6waplchx{^@w7LU4ts!nPROJ$4Q5{n#qf%w2-ZPHPsq`hiTH|h z$O@AK`V(*h$cH8onh{feOsXdb4QWIK0pX-R>^J)~1MDG|1iZNQbd~5+8zqd$LyBn0 zb)5hFd+-1M&4d%(z+8w#s5K$NwNm%Z$NLiF-r0Mfl{J{(py^K1QV<)O)UWcweS_B? z@t<<{oKAu8Gt=-~3UVs+({hjCQP-`-$y!aA-P2((v2HtQIht{_?^r3W-LctY*ek1p zBTlcZgd)M!;bF|%T(Lpv!Q287=rHeYD=BhAE3E~mEGZiK6}mZXYB3Sv6pR!`7gDT2 z%o12T&0->((J~pQvWAK3*fhP4shu`KU>~{prvDixRTELC7B;ZHbuAgqtWh$s39*Ab z5QP$UV}6XlKS2S?+S~;d_?=E&4(M#t8Hg;EUL1T6B$RyRndnA z8xQVnCP#j@$8I+CCPRIzBTW*L+Y{bbnM6jfH=^h`8dYv)fSeM&V_@?w)>1co)A?c9 zFWbl0f;H;5C|;C!=78?s6frIH63K^eW!cUVxiJ*Zc8a5Y2wj3x4bxi9H2>i=4O9;R z$uH_0Hk?CvzMmFOPvj9r8kF!Q1O~EpN^lxt*spc}cwpcRs^;_*rNS|$xH^S@i5l1L zxLh{qv78Y%eHE`2mILaFmW9uJFVvIelieH!&7M1E>Bt*NI!UTvpcM1af{g1L+qoNy z-uLFG*IiNO`gzm{dl#LVdS<{Cb*n@f%wNA)HcPnTEE~g~u7zMAc_jpBYF1Mma4U4l0v-fE^|k$PC*$`H zQVF-@Gg#Fc)RM2lXi;w%p5A&?l_QZ~8EFF1oXO!gJF1lkw?L(eX7Pln@{*Z_hfau& zhCbnKg$Zx3f`Wg8*)>7+xdJ9?WJpP`AH!Xah{dtAEM71|6)+Poym}6h&q)b?ND3sr z<6>LX`_&}=R%}5Osj8_p4Un=ILi@~KM&H!;o7zYoYg*8ypGd`W8IXLyglYAj>KdRU zvV;hgk#@xd303uY%fE!T&FqTI(CF|ZxIDwY!dIiddptN zEnMe7h^$%LRz!ORgawS^QHNI}iX%97o5dlAygQ}Pd^R8U+!~`DIiA{jN~o*5FpbU0 zSa;q(upJTGa!92*_i}y#F#os&-N;cT@T`{~;o=l*je`f&M9!5wFP#^owd${c3uiER zp1-I?ATfB|6odSb^|s;*kFfO8z|KxBkACBkcZcf`VgZqQ-FHsFZ9V_u#HOcyTnSvA z45RRCh3~f&R_hPcbuLHLXa!8NS{s08>bJ>gqOT=CyKQUO-~09Q%s9H7V9>g zKxa^AoF^lEP&W{uGn$>`%$j8b&ps7VCW$@;Zv6CDX2gXmWJ~_;Ke4-Eo_pqW=k3jP z`9FfpxW7^RoxSt@Q=sVxr5#4A9j0xV3N=ad$$)~1EVt*H#h<+iGGXouVh-Lc%ymV%GCl3v`6K1&WGR%3q*~qgPWlel@{n=i zZJM}MT4YP}!DLE2L>*&(VfLDu~x=L_>)Ds&W8x3}qIX)&>fW?()s zykvbu9RgV!?Z7RZ45k&jfZllzu`I9pdFs!&!}Y2%$gNn=#zksLBV*1jng$}OFVF6~ zGFda=MsjK7)yCM)U$fRcn1Xus>W3sGn*I!wa1|@mnxwU-X93CIg3asnlbqyCzl&o# zW;zd|c_K{(uFfiaa<7BW=>)4e#jWe=AVjmSW@^xVmW7{KO7?Mpg;z1M5k^a#uKw_e zVo75O+QVvjf0?vs^!eAX8-B=GugnPZva7j*bWyA4O zr9x1S8bHXK`^-RtQq9f?;V+p-E6TPAF=wh5Y?_HYS zzR_c5OK%ohr*7GKkSPS>)hS}km8t7HBRZ1gRkx_(*v8R|xKC~B$RY~MDQ9MfPfV$V zb0bsClvTa{lvP-tyBoeAitz-!w<9V&mI?4>AKYo!yICE|=-ni|lP0j&heHWrv zs|RQt)}>%n3hwqJeUvNyX;93Hz08iNvh)|AhjT1yaVRR#NyhAWFl&F5{UzBCY9`Jq zMr6IZB~?Udd#WXE6>nAR_4UJy^|n0m7;j;P9gnDDG}v=lq~g7Lf!#9KdB9uS+k}94 zf0G6rvx!xEcyUIuYPfn|4Kf=_1W>VCZ+`e^uM7lYyZmzUpp>>r?S@>e9vUisj!whWnad&w#^ns%9C*UR5!f zxqEtB?D9$?CVyCJ-X%uX&b~E#O^o!AT1<3H=pjq(9qh9vM?RMOEkK=6KC-$=b?8LX z$CowbITS%wOI-(}`_C9@DWYX}jEjQj;ugi3Q!Dc`o&N!@y)8&7Jx(f>AkWB-@mu(S z4Q%1YY7?ja74*QMXBJCNiH#wp!qn`tzA+4j^fneA&*hKUrqJZz0LpjDf4))l@KWVT z`uxSu)x#JYe*xsZ9tRfvQP|^_#v4^*#*_bl-?Fj*U%9ZlDxCMZ?3|a^Fm0ai8tV4N zrp)!!L$;q`ILL~l_9;1mX~E6(yQw$+n2VC?nU}SN&e2D#m8TB*N)Q!28)8J+aD8O8nRtN9Ug0UcrX^P+r$;vo$6XPexS(gMH0;nbe8610e9 z#NEt8lJa>RjW5^FXf2K*q9X`HC3wkRXl_dnt3STZ%UXH%XwomM&YFLtf7!Ip+-{rg z+tnptjH0ciWaMhoAtop^E5^8J<{abU$~b1wOj={-GQu@Lg$S2BWIjfQaE;59W2_gA zO+4{vRNArSr<*pEP-L`f%Zo=p$pA9qbjHv10F(;{2S2%IY0$5)h__uHBIY0kWY8D{ zE2wvQGul`Ag;RRe&C`p@eV(s8Qatg){hb04qGfmrvlgw&wOUB@h0HTkaEZeo?C0Ay zVTwVLB-+mHZ~>jLlAETRu}c(9g<3Xpi)`Wv^refjX->^rbE1ty-)Z7+Qw@qFZ!52O z9Wu@UmECqmy7JjNj}b*12GEd@WR4o$9z>+8>42Pev|n{F`cP;*MAaSFBMLg@zNeM( z`+2#^RC6V?nC3TGhx+AV4)Swcp*}LVmJn>ErTrUMtJdcP zzg;q*=$p?o99XiM?6McsGyv}q$`I0CyYau*8Q9wqb4BLTsKW1qzMrYnVrOg(q1`fuo`8+yh68m5~YmHDmGOf&ts2srw}X>U-C>jHdda zaQhG#LHs60=!(4c(Tygoe3RGvYg-H3FGPRxH{>eOvi4SSEUiRqoTD6FgB6rSP=%f1 z-jD8*gM=8x^+i!~BTX|hi6^$p_KC0xCZd?j&XB5_Ne6f!2s~w%;)o&rkrqN43KZ#t z5SfoK;|oi;ZP$g^k|iS~t8nxY zb-?3;S&R}Q9>kIYjxegxg83!KOO-SLUg!|$ZnQ|#0f<%5u5G6Do(eBYKZ*-I42+`s ztLS9R^Lv!QZVphSabjPVx;F%>L$OBNPqG*b9M>iJ%U~o>!#@^T6Ff|p(l)j-U>x(; z+zUFPLx;DfO`0yIFG?!)VFh?SK@Et47(reV~y(awVXo`{GrDXc1*2`(gUf29^@RbCGN>f9R?F* zyGs`aKWD!1o^CN>eaobtvYbEVGdkG+vw@tY3r!;>w zK^ag?KEA?*?TnAsFs;0 z^P5HD;gq+{RZnChF6##1!zE_YsOysGHkoNHFV`iQFuV_910WorG|d!D<~4HCP1r@F z)P{a~&FS8QRgPP)q_e02r@6w-**$}u#B)GXwS@U6zrw(3M`?Iz9TuZ(k#Hsia!X;VJdvt#i<^FVkte zBLA5lOeNFzRFa1)=4GYUyp<>uz_whd@}6dqK=|;CuurLxk5o(*Qp4os%H zHP?itX}@@n=75&@FKFl0V}$7?tb(9VNe3S>v}XJPtsBN-5Xv~o+Nat}y+^mWEsRVg zL$N{+`o$r}4feVo4I&oiXzPiAk%A~DI^zxd3%tfzhEx>q9FbLwS39EVs{7b)hK(ll zCYo+2Jq$ldZ}L-}b*o90)(DVltXeHRUm6ic25oOt0DY&Q^Y^{C*%wd;YmT~0AEbs1 zu8>mKR2%o0s5rS+bPnHSU=8^Id!A8W6R+N7|EZ0zB6@{&iM-PYN)-j_Ropuw1!xjh5cX9foNl+Dvit$HtHxI zhWz>IoZZS+i@aK&)BV+D`jq1^s{V{89TjKXy%XTmSjkZxfEfP>a0nT7>NHqBI;E6qbh*3k0_TgpWcBn|m<4+UVTO4_foUseGVvlzTLvBWN z)v06-tNCYkO`egc{x!P<2iN0#T1dQ7E4)9V_U=--r%k0`%VlH}7-@C4IYK7K5$ zkdLRHvpt@X}*QB-DJl4DAk#7 zMk}{OU$OhPl#nz+Hwr)DQRJzy)IEBLdBBvxMC+(g`YU>?(&pY$LI*R;e9lH^JK-tU zRb#XONs9TJjv*hziT~Bl%M!k!aSQ0h3lS| zT&_?$dJVufx1BK3INR|Q(D0yn5;46+lutD2oYrVKmOb8#h}QHVSvKn2G4n7(o62FE zKHkumR|x5nQeZdj3qbDu1u!_XXZ=iT>xY^7+z_L&v(;O#H26+zlan3shYTWPHZ(cX zl}0_T!&48e7?CYBw?u5GB+>iLuKgTy;4RwG)~k$cphNY@#g6{NFqpT< z?|oiDqwj>0n2~7V3qq`mAafFVD_9a~>p8i_z7UqQsMb$$9*dI?zhBF5vfpYC%@?z+dPsOdoM@DOCD0gue~ z9>WD1>$9f9De36eF%8?NFP)6KdUvNE8^zO8XBYj?0z1ePdshb)eb%E%RnuMOx;eOi z0S%=icz35NA%N|6Dy{ZWq0(i7E3zEFYF4n;FaFxiQGNZ7jAD57*5;%uevUjG#vFc$ zwlU%w2MldF{vM0ypilJP?okXH!NOw&u&Oe?gfjMfi+G<_07;^grAbiJ##Y`mu3evq zsty(kl$s?aD0VCtqNljfLJd1~!^=8N_56%#8pq#@^&$OiPKHU>h1e5EF^nIj$I3JK zhw8sFwm-l9GtdsN$b&lhvrN}Tmut~Hy)Mh(bD>CbfvxWBc!?nxhNiipWO*a(GHBAd z-=kOP3vt&uP1nq~qGH2^-*SHenOqOspUj6*WH3EM!Uj6`DNj^b@0!+Ww!ZKXgGTvu zwwS$d;YV`JZHh&}a0@{Zu>Upn8MEVA{Ct??za!GXnPqe^3zWdnZ3u zv67U!yvO9Ro!}3L2*V{7g+p3jt!Bc&7W1mid|I1|M=|9O)n#F#5M6`jPl^Q%R-vXo zhiAjmFgd#}^`p3U$$)*oP(*^g-l0%GHI)*NPBMwUX2g-W(m=fuftUrTEZPs}d!?aX zDn#~E{_PwntCrLzW|%D2k`B6U&`_~#C|V*N}FT2J&JL)$EyQEk^VA?(@R@UqEhW>qDXf{0yVK2h=}kOQy|XFb_&$=7CEP zsn7A3=(A}(a!lWC>SvfIOcDD3!mYLQMFO>+5#h)26U{?|{XKlhA4OO7)v3osw4Bj7I9mR%6wm`yv{nJ+oTg#!lK|D;XkP`Fl~phi~g)0>0B6z zxI+J-TX_GaTj6!#$`h6k#_2G2<0d2KUK;zKOA=e+Q)~B8bLgX!$Mxz_?V#O-KHMij zhc(RVDx*N1eFyMJxh;O@079Xblb4))pnPPBvpTwNlLYEu$(oG=POvrvA`o&DR)v9q znh>6Z15ItKtGMmy|3D(fsWs%|fo`61S=A!!v>Se3MXq-q#afKCk4BS)^j|=kxDUOn zM%hFu%O{JdB%=zb$R^yRg@@2)G;$j?RPxup8k0x@^Wxyl?*E}%@E>$bEq8Pz9=GkI z(+nTp{!$j%k6lkP4Mvk`CX{BJM0`oLK>rWkx=yroW}uz~!i0u?_QY(&B$Cvizkp1b z`xX@06x^ikLw|yDkmqFCH;&%NI$8te@{yR+OStGrPbLYr%~Xe9Kp2VcKN0sBppgA9 z-lF;+ymjQJE__TF^4?muW>&iT;ZZgNopaIB1?6!@VdKgcR-b;yq+FEoMXdu?j{W+- zbjuZ!j_4eTq}-2cvC^ZvWlthw%%FS>#)_D(ERtECj{{y#5aGqiQ-)zg2nipPAA}9R3nM1`o z$YT4z5O>zltazd|?&lfVc-^9l%CJ-m*@e0PokneIn3mqHY>$;^IuyeR%f!5;TKJtC zH0)xr562L5l#UBC(Xfb`w5eV9Z;eZSEM}MA(4%w0+`cLhjrE)AW%aoT`OW8GqI3XSsmV)U#;U#w=Ld7*3fb)Cp}iMU$qn5?Y414JXv{&TCA z5uUzP0QOaeQsQ_xS;rYlJ0_<9yF5nq8=jgBY>;a&(8<0|kyS?Qxvyaozr?DXcK;dJ z$fZ~*G81G|n9DrLB~vGm2H!JYqCgHJ_MIJKZEXD!(ZKrb7IA@o!1{Da$;_FckJfjE z;J__836-R+iF?i#i=_cJ{g8HL1{*i?h{-Y~NxWdrvO2gBn)$d+1I&~B=ThKyXk_IL zpc=pdwu8!sGy6{o^nKz0J~V?XCk#(M{1ya7-oUFlJr`aW#YT&=snmo$gJ)CowOR29 z86V<*rVx;RdFSAk5~mRthkN1Hm5fk^t#n8%qST$^<|OCKoi9^w@|tiZG87v^px4-( z5!Ld57h!+G$gv#G*XmxQ>@j)PLALRog32MEUqnVCXRfHa_uXN+MmC3k!1uF&!6{4DPyf+V z^_QJc1uq#eFWAuesy1?UQO%aARb{e~F;vQY(+DiDOWm;Z&Db68|8@y{33J%&^0^2+ zD!pdpTKn-DAyKrJ=}7mJ(UcVc_S)mHTBntS{Gv-vVZ$N#sSXz;a69C7G{~M~tAV}9 zNW6WU9dwsT#1@At?`;=RO`eu2@=@T@#JaPhJ$3)R5N?Zex9@g{o{6zv_BU)BkexM6 zbE*nEKZu22VOJS@i}pZ&kkB%Qq%EP5u1Yj);?9)2WsOz3bi6Eyoc}qTlu2J!yeque zL1a8jJP+64nq5VsT{&2zn6Dpt>pS4Kj&ME^Ca8X7GvCuQM;6HhbrWVd7}oz<`vRBk zC!t=_+7S{0)I#=3cxyNIa0KRNaWJRPQp1nN%dFMcwAM~GBnO%xc`uA0-1I3AJ=TqG z<&DyNU%skt4^0S;D9N~QUsy#ZBE#>p>1EbSkOa`iD<&z~XWQ{s4@`6_fykHJXqIrA zxM}K@gP4}i@=DZ66SPXBT$C+ZkE7m94wUwRKbBAkkJ>@pU(Y2mEc{wndC!GWZjvgnsdb-{ zBz%qhG6{VBjD5iTX#tbpee3pTo`SiSwAG=y&Kf12vTI`)2j=<+=9YJN-@ea@eMCt^vee0Q`-)NGrBWnPbD%1a0Etmlpq&zF&) za}3C!JB@~3*S*~^kP@M2*ez;kfV6qB7S*f(tw5eXKTnu-r9PbGaAa8Vn)ls0cA0M& zR4xj}2r?^!2(7n=Wgh8tV93=qG@6AAzL3GCrz&x-8T|QK8yr#Nbr#B9v`_;99EG7; zdSSnUZ3#-khU4Mdga*LrUhKP90lT%T@IjWZ$D!C#i~o=!wf`eUnLGa_Mc#>c{~<+O z{~<*HwQM&Z(=ClHE`bE#Sfx!HWl5Z#0+VxD*v(~(*Lj`{}TIj#^aYDRZz<8RZ$s;fXs!<^!WsmL*|lb z;*9}=vhr>I`sJ4~I8DbR*7>qh_v?s>n$6|;eX@(g2uPimW9N>I8(@N`>k%4^=yLX_ z#3gE*VJlX0w@nyqJ`LT5lE@H&`pi$77Bi0Xt*!Eo;|N%2>?yBM_$=2~QT z{XYUZHVIYBfqF|QMUrww9U&qe7(hr^G)P>XlHP+NFuM0; z+(5Rm*FARn8S5Kg;<&F&!w=;H2(3Ft!Pr}-3u4YjT+lC2D}>YCuXDt<$FcwtdRG&s zbwRCrN*fRx(pt8pW&{2Q)j3igT|Si&DYbE4w<)rrKBv)2M`TE|>o9zfDhFm<<4*Sz zC@Z&l=(IPs7(4%xk}hBZx_81)7!kPh3gR=ee6|~M`np+>beo2#^@)7E$|PgJul#JN zIEWgGTTL&lwFq7y55AB|qO!WRnuOLz3W6jr$U}~qi|zIyh2CF0t$ykE^`>?p>CB4Z zOz8zepM}LCwa6?l-c16@6Z%DZIN>C8rj8aJC$x}klaU0eyj z;!+N8TW75I8B+I8CmY1PhE4!N;F@3Z#5aJ1N`;rJvtq^IjLFknkr7tf+@ zpzB4t5uP(2-9p8^dzOSFvfQEQBL~^W@}N+P$fqBG`1z|bjgtfXJb(qDMaKXQWPL53w!RR-YOys z!9AuSL#~5w*0`DOX{~sW8j^+njEn0OGxtOZLlX8drp}TOeEHzZU?Q|RxeSSiD;ajiA^q7VWEG&qw(#KL zWZ=}P>ZuFTMamYAwk+N00<>Kq^$SFL4Z~BXnFvhW3;fJ<8Zg7G2=vQgHq?p@HuN^U z^`Q?N4W3cVZ5eER-`nJD+3;6=Ot&6W>xeaH2cnI&3xGc;^%=M7g<%h45rNl@3Fzzp z&+rVO6|#@m-3nfJQ#9>fa7i(s`knRU>N!H z0|T~G8mWOER+}(sa3T&%{oXI+s$zboO)Gf)GZ@seyQc6VN1OsZl#G)D5u0I)Mmv`a z8kj7gC?wsOQf@-o(sSlWniW*Ma1f|#e3Df0M1dOGh^Hs_6mn6(gE~6+pntBrLn57F z>{a?uRni>`5ALeYDMo=@JzZWENWc8L@$(sy#V^{b?nxg5I=CV8JoLOMTDi(`TU*s5 zWtu>)tY>HUe>84iqHe4Av-pkld;$r!-br7-;k$m_ul2_-_F z(NFy_rN=MmiiuuiT6-(0ePgX%Mhp;S0#DirXbsjB!&zuPi9md()l?0tY|E%wW`Kzr zl*&tH^WdEyvdU~v6SZ8bw*#XYC!C&XDeXN+=jVg4+J?{lk5|cP;!_Oee`w!~hJH0R z>68E*66Um+g4=F^bh=S0U}2_A&G(GT)yP7VsGzMOKWzD^<@Qp{XmH7P-ZD>EzoexR~$)%Q&I zRb9q=yy)uyGh!_&{Q;`noO>Z_`B{rC)LqqibAeQ_?<#Z$`R6YXPJiZI*HrXnN0wER zRE(DQADnM}mFDMKzl#iwGXBN~+t~eShIujeK==U-dR=xr;61(Eld{hT2;4%}$}EUuPOe*x#FT}9C)ywpmV z7!d1d{%vrI*e&=Tf`Ud7cc)7`c*jp+yC*^CTLM$4jvqPvW{4Op9wMMW{15x#FKkq# z!^(F1g}}LXSQ@1dx23)CHny^tPFFvyu;p$^m5d9bC3vvlVFizsWfJ7oAv2{;iT5Ba zLD9@^mpI3su28CD@f_GjEzUzAKixkvv#O11pN+nhl5(dY56ASYMEA81>`pr7+)=LcR4fD^kL2|>#GX=cqSQw&ji;3Fuib7`vWmlLN}+{b=XDV z1CA1*BD;4=`k3G3O(o7FC}Y4eRs~*!9eZBy%}}Be3Zv>ZrSqbd-E=R<;{2790F%ja zaUZ30zynfm(F3f)O#0(!q_I}4*+~XVzv8+@<8(|m-oG;HWmTa~4=d9}@E5QG?ggo}b+SVJZUZ|p8TF0+ zgYw@o5R;f%!E?A*a>t+gYb9>!mJSjDl#v+(=c8#o>}An6uG^e%*R z%}v^?Wv4ywzLcO0`Q%If%|O$W#12S9LC?|SyBy&HO>n0 zBQR9@`jUIDRrbbMZ;G#Vsqu=BkukaRC9V;!`&WuNjct+LJIqihR@XXt!C~qx{UWiJ z5;8s_4j7zn<@}k-D0V+Sm#yP8!n5`}+wG(u;F2`K1@=x&{dGNiNF=(D_;E1x486Fq zhf7fW#xfiX-lAwir^e@_p{+ddIMxDE8Ko%V&;~sXw$8e^=ISB6_NEyiE1j zs91_3oqZIinoxfAi-+*Ftfsr6EV1|!lhP7n%r*U4Q)U$@r!qUq#OWGt$&_~`?&wku z!!D2s?jLfZz;ja8&CEcnKur&diTeXi91b_pY_42>c>0nrn@qn+F|k%fByWTtfMKU? z>Vd7P9tBxec@Z5*J-ut`;x^0@iNRFR(C_y-BMBZX=A7-)itX#oj9esp(ls0FWa(X^@RqHEhYC;bNmlF40(AB=*raBfTX%b z3PjX2Y!7Faufl;Gw9EK7`Sy)d^mpF+OX6QZcINwsR;z?GGkU1!0rMJsrZ9*%g<#4C z9p81E0t>t?S^2;RLbvY+;;a3F;t(6GR+EqT)82Jxrw_ne={~duw)P47$P8yakq%NC z0tgO|kb%P)sMk&oTq#kFYhor!pc@)szGburVVpoG6JPiKGGGI}NH@@cMeEY|w-1Q7 zp>yA-ORs72$jxb49iPJa87ewhF0J8|!o3!+(r$B1Ae7_b8@Eh4(9FSgpO?ukqo3C8 z-J+Iw0Q(MuRhH9bOHZ6)a8pz`mizG{_y;F*)cE)}zm#$xn6EHX*3%MC!Hw zA@HadvsKC%1=*^qC$?U)I#TMm$8Y!XwkeK-@H&oo(o{930({u~+k%mjW{J73E9{Ch zv6I;~G58%i;IatBNSA}o(*->#pxx1IU<|Wo^%8`sM<_h=xKdc|JO+C3^3->Oa7q`0 zUdz-yqf0#^DQTq{DOry9CZxQKb|X+A;(oPxHXn5WxHgM#GQ&k@z(vvw1xf&_a?nE% zY?%}S$xN;XDi}v6Y87|um8ml`Mkl5+Y^Yu!leg7pyxO2m1w{=hN-5TgW<)phc0!tY zK-c85kw(o1M0E$!3jx98q#_zdxliq9muy(CK}4x;`2+30OQF9A7&-NV|GM={sP`~>_5>Y7(#@90p(a?A0cudKZq)`IwA}C{)k4wYk#o(TfZ?3 z3L+~c?4Y>GX{L7+!!@^b61PaElZ(M*pJk~VjFT0Sz9>0vt5`6m56zP1fyp?hnlc!F zl?82*V{}_f;=H9!DX4mgCqS}t=&C?LNa++J!C|{*ukI(${SjHtzh_R z-wqWG-MHmT1|fX7CR7#KI8PnOQ)e=~u&1VgULR=J?a$Q!GXT8C5DWZxq;Uk+#~_Tu z$P>BuAt#X}0(z@j3fT6S8??=!>?;^9c2Kvp6)#0qZ_qeL7x7-X4*R+zdrEjG4S5Rh zc9~BVD0UQIzF2?HUeK^!Aykrreoc8y-H_afRGMnoHLWErnLY;-Fh|aCM`^0 zste838mxM$Bj+$`AcHFAsj{gl2Q)?Hbx)DTtZ)+ZrNNe=(T2{FUDI*{>@M`3^FO3p zk=Zx^cs{vXU-Vw7a;Yvl%&WmDYC1GMwt9{lQw*PayR0^BpnwD;TUd6~#-Tp&jZLi4 z7+cNWD-~)htBhIjqOpjH3)l|}tfjzJJ&xDp7Jj|}Hz}J%k$ps~7Q$cdmMzcIuTbrO zqTFM`4pV~4MWzC4u2p0vcU!Ndh^Xe^H?Y9B)$vtLJFVl8sc!V(t2B8Mt;u{-*_*6VUOO@RakWx5(Rl*=C1aI7TP85o z_H$-hFc_M!N}Xo{j-pXDwiGq0jCFT@|141ySG81!Y2d1z@dAnD9{c4OZ9d${1zy4u zVC_^rA>9=`UscU{P34DmmhL@e`EKFuqII96eYFCTCe_*l{aT|o@qR2Q(r`g&&Fve7 z*1M(RcO4TxohzNL`Cbf4qmOrB9-C^>1P@X|SNBU*W5l%@bq-qn`V3cK`Du%#E+g+P zd#))YU+9*n^!iO!D4j-OS~{u-bjp{S(Glz^vZW!8NeARs2X1p<))dQB(I5pqY6xhM zR;MWqE9_Le)u+~5Y7KUKV4YHxEwS2>?k16lI<@K8?Y_1w|m3ZsaCLg-4|%x1@`2@};yz<|?Hw3-m3^qSqsR6sJ`?+Sbk7+=hd8?fd4p6Wz;u7c8zI5~}9& zl6lV?Br)T8sw%S=0!6DUihk(44i3^HsHlLYb>R9b>OJhmD(H5ZDa$|Ey-o2h4HUU7xw%B3GG=O0WJU13a*U)Xxr=tDjDlYV z-?zhr$L;)7ECOQ)ALwJGi8yc`16_Xj%xPDn?Cw%$L+Ek1rvUAt=(+q$CiQ-;t^4uO zh-)ZNoeY&cMO0{BD?jb(AefB{Z(@^k4giN+)TTu+R%^iB;@Fke=K`p7yHdP`ZN-37 zVj`M3*?q?{MGMyLGb~!b^myXv=@*@k@&=C4UT&yk$hr%yhTsxVFH?T@u zTR8m2dVQXz-Fqema4nC-v49Y<^oyObdwG7Jytcd<_yK>6W9Y4dTMmN5k zSG*@+^UAw1Gn^Dg7Z-v`Wfh@54Tn`J!&&HnxZivzdfYR7G?%kh<<>IXVxu~;h}#qN zWXG=Kxu{TMsje&9PP@M@_`(;|O~r!e=1)+4b^(m6Alyr;)XASrqOuJTrB$}^sA2fz zBR|JA^Pv~0|990GK>tXHDC}V1t05Uv?462@cZ`Fc*dv~iu)b@mUI!j2tHa__M#iBU zr$09ZsOYnNdqVW(j-?op)jglujN6%qi(f<2&_IE>SHSl6prVh&`!blZiY%%^2epZ1|O!Q zgX&RWR@uw`9OpO>BHtRwGsrMhswuj6V@ z==;H!VF8DcEUx-DmeIs=L!0s?4$5wdYC@yiIl_84?(3 z5B7_M*w_XT^uRu4@MY`*F~<>)7yv14Cank|Ho!0dLxCZItU z88_81LE!wp&xoyDdJ`auUq^k0^D<4)J8%;~`=QHptsg%17x2&W&|8`f;}ZXebi#e^ zPdfKx4rMV+?(a3b^E59H6_Ys(z9e*0OR>TNIxxf(gx35&FbHRZ=@o@GqINeZRa<)9 z)BYYSzJ?KMqu;fle5k*IOU|`euHBvxDOII% zpbG=gvt&`aKtd|2P*prR2^ejhLXk=<0CYsGj$5zknFB|c4JzyMZvOFt$cU-Mhi_w2 zbfs7zUs=Z*ArUF5ZvcRNsA3mOL_kb|^1$uktl? zvS4IrMi>q<7=o>pSfTIhMzMV}#hO=K_d$h>l-frm1{|`;PPTQfQ@H#Tmv%cl`*u+T zwvc~N^WP=7Z&)EDD!Z&nJI%|6e~>%mT_{kW*@KpR;}Y*!F>=F3m%B-3E}c*R*_1Ws zlRq#fY8Q59C)2;JaWfFTP1nBy$H605Ep3eOrYMM@rL{Ehp6eOgc1J~^bsDVC%4>tF zT{LAr16QY5y~w*_rXr^vZ7IXWKyU1TX*9#GTWry$#7or`UqaJg9?R2&@hyn`iS=r) z#1iSu3!yNlYnh*zAQddG${dl_xkwCreeP4Y0b)%?ZF<1k_K4Srv~E z%OaIV-y6uuBSkW>)^1+vImpBwpNffZ$u|KdG?dPNJ>{k*K{}`TKfBlv>$KVtl88;f zA%e^*aoa6;@H5_0WeHR1Xx8lRaEjs%>x;JZJqN_W?o`jpGlv?!D{ZQK$ixk^9M*B) z2cVKTrrzFKMU%r#`doA|p8pX`<47$o#w#bJQ~sX*)idB|)Ju|r1N6#Nn$m6a(C5|U z9cgQ9=W#X#0}*2wfX%QT1HQ**aFPP3`f}%Soxjt)8E_s`NZf@3AT~01cYfjoxNTq-N8tPp9G(J`9w2=^O3NtM|WCaaDuL>Czem z=4w8w?UlqP(r(6yz16*hn`?u2>FQ%7DnmsR;hnMB)6wVxztT-!73Ar$9&PHr-HvBZ z8@&-fQ&S74?X-KwN*@^TP-kaI4wKpf9&bE?1DX{rvCDjh$pD3Os+4nu1`_5gu^1y2 zK$xReL66fO^0^jpdU&;grHtOa+r`jrrb)AB zdAiM4YSkY~iLEnS82X)~a{KLmNE1>_nk?-`zRI!3Vzk+%#d9j(V7=ubj;Ak6scVmo zps(^{;ob^twA^_XVgTu@TKRHaT(X}VxYwJpfTK2cH-J)z?t5xOl zn-SgPAh~juhTUnsU_?0Y6{Mq-!W`uOTlC?&cs6NDsHRyDIX}>FfxMGv5!QgAuje&Q z#UZuhb7i>g*(Yr-o=JQRrTNxAy6LO1vJTL@x1#wCmx)zF&{c|z0RdJS#=fNW)+-fR zQiG4ze5LbhEXH!eNT1gjn7VE3XbROGR?nFx$W|43#6# znjFUrZ`nK@0q(=Ko2})d^N*H!Z=~HAo{v2@~sz%TfUAU zy{?^li<3oZLOJgiU6;s~JY8of*ON^-y}4jv=1_a7XIPFO9*s(YucCHP5 ztJ?VAqu}T8K5B_>iA*46jd` zn)(N!4p4r!4P^<*>jL6)A zzhdd=dHox^Z7+R@XB|zES@gOjF}MCu{1h^!rF<7v`LXH$isAMb@EVGTYouE0)jNdy zk3@vi>?=gz^Iq0GkF+g~Ose5t!q&wjqZ4L9PlaVYG$Lj6j@36-BV3`cMFlIXE#4OFY(WuB4YL=DqAKqNREs zvdCVcWY2tm?1m3PPC~53%qcvc0=Wl%M6zx&FRRz?jOQnDX^=`JCE7i~Uq)i~fYGvu z9N-Mpo+^~T^HJfyLu@khTv(;U|M3Gs(~UhK&~va$ju@sEcUHsd zHN3rp|CygndGc9YdHZx1`uYF) zzdWl>N;A@Y0KM}+WyO?7-^Sm*-}@>5`TzYi);a@LyDx;omMll7YJY06TuanUwft`iNP5( zG!L|)HtrwrR*GV-R<$E-GF6y9OC&x76khp_DXmg%qvCSpXzDqv@iacN8O^x|J>*!a zGf%MEm_b{^fO4p$vs$@Q{&1FMTt0!7TWqz)r+Dlkv%yK2ILJ}c9Did^R_PD>g&?cM zT#J-(tej!0YuGnoa)+pf#O-BV5T!+f^{Z^YPf$0U4F zmn6ZVl(sFn%xiM6vS|IMWLb+$>ONR#snQcOznRE9>v9b>Vm#QnCOSQ}U*d9(QHo10 zJlvF`5KrktNYLUKP12!yNAA{MaF^B?&qtq4aH^)cww@uSBM!RHS2()a>G=FlVG!v|1mZAP;cJGH$i}BBB?%c zmq&&V1R*q43A+CUkh8nS1Jr_t6d_%)Q?3h_Tw{)8f4J@mSBeCl~WDg!O5-L@8FGlo$2kLYn-S0T3gnrR6Z!G$pZ13)GIMcB*lH%paR|-!d z$)9m&PnT2SkVqDq-lBHNEV)oEU4U1gPcMW_G#5KO666Nwl1XDwhhD@+uqctiC|*jA zNCsSmr>?KG)dk8WAi7X1W#y__Jzgu0=`R5NpQQucIS$85dy#;c-&~}CYJ@bb5G|}o z_2sJPrd|f?ntQzczTEPu$g$v;4pns53T6mRvNL8@cP;!rOzkNjGvh^8K^vh3@qt9l z+$?V3HAlgX%5D|ygo@yHruS%XXyb$e9Z7aCLsIDIswNNX0C;B4e5HJ?$b=4Vb8SkP zdx_x)?Vl804wQLstSai*-EWUHJ8sYgjND`4DV2N5L9L9DK}9Q&M2`7sY^c^LUGZL# zFt#{k2*K7~whx^Vc(JyA`xgRG)lGR7B(ZpEHCqo^Js=7&2~Tp#Z*oTK8$WIaVFsV= zgD-O|x-4ltno^A4ZQKdo=TF1^w6=0Vv&f&gHhRl?Zl0kKj+n%N@;Jsx=IFK25yLR; z0aPyIc^DSBGwU=x8m3>E%s(5d#r`yIsnu0~E5&hKdWhVnAux35X#^Q4n$9m`!5jZX zuI)4Cn?9Wl>JrKNkAjW3z6uW^24T5>J!rDdVo-ts1%_0zn&EOS9yv41r)}REGZbUV zf?p=w6T500W#uRJj3FFf>q2Ay`J}sh_bY-IF<#2k!v!>qDVA8d7koYV#`aNB5%DgS zCk(@U>7sXz!2E#~R99Y}!hrzTrhRvanh7>zciMwD$ag=RuDhtKP{Kx_T#nXR}h}qZ#rO0zJyfIPOOrj(wu4bTrHSN3(=7W?>~AULuFM%|Vb# z)V-IXR<8v0^ZRO6fv%~1QFTGjlZRbxJ^pDcxizRH?Vih;| zf~uxzGO{l^4c7G+-$pRL5LweNWbEIcYcagJJ;!WDtG3+UAYup<4)rnnJLfgo1T9XH z5@bsH76i184LlhlDY7N&fmJ6Se@?_&uea%>VIX?9rRE3fR;P84rjhnhflA%4;BJ;0&8qHLsg*4ovl4z8e1 zN~u%xmt^Qw>ka?cngi^kC$f3xJ-F4v&>s5Nf1~gA6(FaVEO$XLm?_0O9lC3U+nU-T zW8OnjcOfuWA`Bb~tQuy|BiVJ8ajxb0{QTDV1HT5XSED%&upTnJi$M9l zO+H^33r*~f{c9IJGIA=VmjgenfEIjcjUA~??jMNfkLEoj2c3NUtTlk4T zf}{oKXx)b)E;!SX`+V2t8;p z@=J{;NMuOW4aa3?B8vZL1>xSKli+(y*hjU`;L2thay|KjloZ zF9_HVOqKWY)?zR4-r$R`{{L>7K*%2^!VBHUBQR`U@tK(RvNT){PwiXRSZZ7HLVp37 zb{E|ql$3g$hoBTF6>ThPpOh6DrPHE}?Q&zcgnRh*^#Sme0PW0Mm@68#exna7qa9P%ISJG40+m6^%|x9lEISvqh`{w1~+OT zwaRc27yl-YlmS^nO{}@BUuSsY?!Uf-BLq zrhnX=P3Fq3I?43zDOGE`>_7YS?VqC;sZr5nZ_ydT&^DCsm$>J=t(8C-c7z{+OR%dL zJ)*)+C3r)1owd_};y9vcSkFKz>QDpO* z3u`_s*9ylK<{qA59|9>~O)^-C$(48v%oyLiP5xn-n4w=Nk|?oSirfW)Zogy0QEJKH z@Yb5x5EIbVo->IFj*Ft)wYpUzsmWx2&+SV1Dd6AHf!wCzs!UB;2n1 z+?}o%#HDBr#;))TD2dUA@fzeJGzfM)muKErX&mXnmZmc0e@6M*kH&8mokmSVQQ*Q#0|Tu<1N=NjBQowR7C$Z(V6T*Iw-HpQ_GL?^PoXk!UWq;L$b;TQ!5JlNb(^c7hyI`lmJwC9Y^f#h>Yw@{)!D}*WD+K?~V6MK&H<;V9ym8u=Q9FLZ-s(X0I;U%p6I1qG=t+ zyz0US(Ym|Roc7UYxhDAPxP53l>Z6xHPz1itK4JN!5+ zZ6VSHUtRt4$JkQk^U9}CNvd{-A3g1sU9X;ZRjeGJ>(e-4PCWf~i=eZX(BK_a(PY|G zbZ{kT0qJf-KMGS9fEpaj6`MqovPx)t4g2-fw{!w=8wOz_R_~J_3|!0&&@k;5*L$d+ zNFN~?5FrN3V#g8TE}K(cKYAK$qka1f5QAhqNru|I0ms7eTqu0;jet^HQ@rq+4L|xN zD*Ys6H|7QfYS`x&d*aU-QitkiP-WD7oyo&mo^u2IUR<$NOt$DpG`TLMKJZ6zA54QQ zeWcRq-vDrPo-qiV-kKFOuz04}4s^aA*8NPNK0v_5Y;Dig*RVzbJA%L=zGs3U@yZ(h zJsfx_dYaxE%hwNdp}dE?o!Fqbuef1MV>sQ=J!p9(k9i0yw6^Ex85}p*V>*T(>yHa@ zG6XQniWNZJbrLf;z_rTK$tszfQqytOStzn+o;0X!BlkkCGZ~PcgR1bXphZjrLasx? z4M-iHBBB^ znR^F}3ZHaj!HCxvI2qzd`1AdHTj=uex&hJGy;}%(!ROn0?{|lu`0Il6Wn_$K^k=UI z57EIxp5ro$YE>;t5&+fVQZ=^i6?AGmH*puD<~g)^z!F+BiEphASjuUdeW7D}r-%JIdRe$+-!MSP;GX;I=z3Tf%S{*(F^92~T)*1h94!UcTPZs4W)W0pNhv zSM_?|!~UsI960*jHL6?Mn8`@hWE`Bc(}C>{TAyk1(t=xRW;d*cvujBY+q4Gj&;&P; z5|J<~$qAD~rec6|b}XwKnxEbhR%!Dpnv=3%q}sMRa%B#bV!p&h{1icL*OQ{m96fp9 zKg=NPE{GS5zh~&O8wEBjV0?uf=dnWG*9=SF9%m?+;2l% zf$&-yV|w#~YsPb&!pCi{cPUnh6%jiMO0MThRWLZOXZubn3hT=uzk5HdaF=9TPr3&m zRq-kSDhQ;jZC2Pow$9H79ClEMG)F<4K2cg&7ULsJLSs)vaQog*h$3WN2pIDClAi^z z_f}}^*O8AI-R?A39(~Hrh`u13_&a#cJ@RjN3{2Bdz5B1*<{EIsz773E~ zaw3q%V7=N~4(&{}Cn*7Fo)<+Q^EB)!Rdj$URy7Hs+C1~yr!gmjidt<7CREKu(V%Sw z0S-l!%{aVTShz-2x^YTCaj(WU_YBnjlMNyRy?C7`>%p5T>YyAtG({vv3TQ ziIf9_*R@%q@IBF%%MAY%&1EqUuCN+4*DPzw z@{bi?9I)yuMmF;H6^4P$;lau?VaErmR zU!XsQC3x}%{%<;W%2S8)M5m|D5)YNiLZyc*LL2SYP{gTS%wNC(gELs-EsS;IeS`x9 z_bI=iR+-QyL)24zvTv=S{T5mG%WqOcIEK(A=#Zdb&hqaT?u;SVBcG@gu}J7ghrSX| zJmcz$1h#!z;eoNCA|&Hij!(pUsh^6$zOYYbXtny1XTWakY7PfQUh8k^WR`*E>r6pT zik1!^nNc8WORPN?sG%l&`uk3^54J-a%wnddxE7a*s;zK6Z>c@F#gwDn5>+Ia_78DC zaAcQKRr3!B%j@y%48BU^Fa)KuA1XRiG!13IQR@EIGGL#*|Cb{rK)^-D7X(BRE_F1B zJEmY8eZ54eYb^d&26o@QX7M_@U$@n!;F?MTss!1@VYcA0-hC1=5H=N^qg{??V|?pd zce)0v?Y{v#Cb%xI8R%i!{|;P8c9Vx>;-s%so7wWpbV?V=)}D zBd9WJPlZ!=fnRbx2_>5F7mg3k>XU^1d!|iQr7j$srlyAsLw~^q_)@@}A(lc@smqNz zW_5+ji5VyUv=9?@o#$uojRqgzJt%=wXL2iQEmYMWqWlt8*Se~k-?Rpc zcsBM^0X~*Q&{c&T++R1Z_z5RprS*#E7?)#2P5<5`)a~FJ1KwD#6~Iw5Ro!^oVK2;7 zhff3E&q^5e1H!Ddot6|VQ_kd8l_R3H67ifo#$AF+S-UILHI5n1gCN}cXO~tbzA5Wx zGTTcZ@$jy!=Ail=%u|9l+e&tMy<0~|gM0!e3?pv=_{4O`XNGZBWw5{=)X%SagBfG= zd7b4iU~*B>4hs9EIiZ`I9n)M98r*ohNC(Oe6`uJ6UjI5tG;@s5w!YUyaHqgIHWY}3 zaglIV3?5E(@s+s54Fj1|*;z+_DfT;R3s_&xh_twabrrk3#<%LIX?>(yKWAeYe+4n> zK_tz)9z;Q~yA+A}j4JQg%BLh8=K8)i`+#6WDWn2%S&NS&TCaIa5sZl1oLHqZjDn8s z1e`ZAa~O46UVe(;u?KWVbRl6F@xdhlGmE&zihK@p;9bX|jx?e(msDmAH;-h=PNtQALswkq*=4E#}Z?*KJ5q&@Ehnk$h?7 zvAD8hQUgR4tmhZodThwo=LCOvJN$^mHgL|utrD8CRCL0pFWQZa#fUjZQvrFa-hA&T zuK>1PjWK{tJtwPl&J{zSn%vc->ayFMp`7)YK^uypjemgn5(zhCUl6DS-1^+$tosVL z)sO#>jieGRgl*Vq@X$rUPoF5`7&gR~dT8KHL_@Ws#NQwJ%z&5~YHX_Nk52FzT)z;5 zZP#x;x2bEnZqDtgfRB5cm5pMm)RD|hsU|CFDJI?98IGKac)>d|p>=^>*$fNG@W>}t zk|7wZ)XSR8o!U$9-l*?dTK3RVZVHHA8scIljRpJ#X!S%}0HWfDm`ZV5T^IWu&?0nZ zAx;#wc8@tYAtqD_fY4c+t4;Ws1~?qo!Sa`F^v*H-8^(%5cxu&cc1dqo?qY2I!itIw z@+_;P1cks}=WdCt`3sIBth(F0f4c|)IeN?YUz&dbGT+Y3-|7AWO7kC^KGK{5ww>GZhvQ@Lq-O`97N`-rPU{h5Y4%ks{yW5Fag7ipD&Eira^h~p0%a(>%TJ9= zTRr6ya-kY%BO7FrebXX^P<#R64h9?O2~xI?JloXI#s~pqL@c=n9bn$`Rs(6+O1b3l zo5E4-*)Cjw)`)P}=tx$_AoqxC7~^9}Q0NLL2k=-FUcpmn5^n+4C2KNPgq~>hf7-WB zl7u1c4$zquM`iEgoWrJKR?w1;YVK+5wke*a5#>3MeZIbtZKxSwF1uoc%Tab}1{^cA z&eCdCaG42#QZYOOG=1u8ki;7(LvAzrdJkmweM=Z21w~BaMR82Wx}n|eJHZ`5b&TwT zvU5@{Kh#W+dJxP+4AEEY8W%L_$5Ik$NPrb#a|3V}4 zE%8d~*KBY;!Xt7CsjY>h%@8x?fHK?PC_>a5+efaQX~;OK@XpNU;Nh3VNYPCDjyX^? zW;tY?5lB;72y!mHHVrqPAf_B$LSj~);Vw`|fk12*rKJHa8>&aT5Wr-Uu4~S+G-8y0 z3HR_=azj6lVMXsWX}BOX4uoK66r2rSaZVoxl7_c4RYJJlM~X-*49G?iq~xS?AT*GI zN?0Te#cNKDh-*mpL!ns09{T*yHX<-mw4J>h`FDza zOiK9mMwwz8Hl`#CW~8+oXm#cc*(KBV3A#(t%i?L^KWuW(M{WO_%gpbLkk5+8aAHB5 zz^qojrA>e1E!Z@ll>)Y1QTD~n;QKFF$-&ljsk?X&RrnUWtY7D-a@MNrIh$Qy&lvJq z*_ZH+cNREj7;X+6LbTB)jhaB%IYtO-{M>zvitG-86Ex1qqrJH(#d%k4ow430$wY}t$7YX1)rD=`@)`sXt z0I_)lSQVoPWups;`CC>DQ%E&r;v~4Sru51iXUp2dx{mII0WysXFOD%24_#wLQ#Us#E~Zk(Ic=<+IGXo67;>9n zk%rVKBb`(8;ZAcZBc-XqHIQ4@npL1<BiaC2<$ebmIvJXqslkdD}_2c`o1ieHlkxFFTV&PkickII1iFr=v_X~gh)?Qu7-IoVi&VYNeT`|X)GyR`ZgTC@_n-tJ5LaEm+F&^N zk%*erQkn8}g9|Nmgrv7{rcJ9$aVp@c%S8Pa&${U%c^iv1tT+CG1jj{-#nP~5XNZ1t zSex}CPoSwD>dWbeP!IPE$R#;I=xgF&^evST))zc31!eFYYayjZ-!_v3H3hW|*DbTU zk6qw8l6wuQ2{-ac4`VDS$JkwDoE!Yq>;y9cD+~IRjnKBj$y{5QcFT5uDH%iKzZpDO zf3z<T0n*`1qWX@h21E`XrVVgRyK}D2&zUj1V>yP_=zKE;h-`L$#BGMt_qvh(KQL3_Zqv?lv0{9J<^sb@qTk`cEL>3dMwQb zWvjxDr(b3(+AKr!EvH6wt8fhu2gWu=^?VYHxO}KTdoNa1Hpf?~pt;=8)WSV$7ck2I z#oK#;HI;mg{{cb~0)&njG*UD`fB*p^M5XuMr56PR=^%)x6zNSsiXuu;M0!y=2!x`9 z-lca?q((rj{|meO-Q9Qh`+IHg|1poxO_+P;%xBI$Gjr~_a~+~9t21y{bD*Ru{_>DC zFXSQP)9lOYN%zK+93fu*v6ll4V#Ob|4Cx!Z50^Lm(rR7fl(ubN($8aY_0!4U!}MPw zBqGsnE0Th^r*EIr^p}2;)WC17{^hHBrJ+7|NZON;>+FxM-d|1&of*A+EcD`!e7$Rt z`=<8rxzSR&#GSnT$E}nXWFJkOnJS4MHtJB}DAZqiKlb}b^yTtDCJ{?czo**n{ZVM+ z>YWCv=bEId%whaQE^4^uG%K=H?h<=pv1{y))ARLBL`iM3&h@zsuL&koM}hCIG8(aS z`1?pUusEPD&fA?AVD56kv7ecF!d2Wb6S7b^F62cVu0OBuLR<9bHf#2x3n^rBQJVI+qp?Z;GIU<%qf{dM^E4l;4fc~QcKr5 z5}r)bj-abw_OF4E$pfc15oex^O1!#bFIgv$dh<+no-gC&$cH_LDGai1hNx@{)%TEE zKVAL`iVGRfiZZQcEO~RcNLjx(lC8(F-7&U0RenS5YJXtSD3l^bpS%RMF*ua_q;RXE zGqCCPoDEACx6u)m=7$q;>oxNym*}H0Z<8Let_s^|9KM#J;0%hkVYjYG<|x%j%a~A^ z6aF|Waf*5&nX>E*7!7O>-Z1Qx#%Xpj5b-{MuZ|4PCZ;M)puce4&W{`i4@fy>7Of$R}R6dvEc_?8lQ<7US(xq~LiwVC{`Hb4UgHF@4WDP|auPuA=~N zM8y@K2e4x+`R5_(+SfHMXdMogZ%OdKnKY-Dcdkj{lGBI4D?T>1V#KNCvnH;!rYGf| zNj*%!!SL%WdfbAy4{MbM-83-#6vRhr8#K>zsCoKRF6mtXvP*O9(w#fNPN?+bn67Mw z4lxPf$wF;+|DkTT#0=XCv*l)~WS78uuH~D|l?-L`SFD*dooRw4oh@4_CGuLc9B`(v z8gDIIa`673>HsF>*-Q zU%Ss5t~RLDO?|)%T*k56XyyC(%JiihsJ;s0J{LZ~*%x-oFy?XXMX;QgC)*uIsRa#@ z`D-#}vWjMCg|jtXq^oH-A~rKIgJVW_UEdvjpk&W8Qc4plY=hBuJ6Yh?L-lsE! z_T~-a2*wLil6H60M95B&X9|88CEL!IX~ue;o@QF1IMl1~%J@WJy4KdLY1;KUE%Iar zb{a~Zeh+&62sMk9AsUE8ZUfeUUcOqwKf8J4m3e^_EMn-W5eNOV$CpeuftOjtr`@lb zJw`+ho3cBnJh{k1S?|$jHTCY4U#PC@rK4pt^tIGm%aTP%Dor7#C(n0v2N zY~~7i-Kz|W>m1J;rB-UpgXLW0w>M5g*EzaU4|C+W#bV~m{Ri2_4ULn@ALzZIwOwEi zNp1>4)m$7-nfEPxhK4)srqO3MjkiZbJ~SEWU&C}Ro;;Ees8pMu26R|{2l4BL_ zI}-VJpIrZsjeTZ$se208UhK2x-i?NMRv5M7DO<|D1oKF@I&j z%d!CSSf`jYE9Fi5Q#o_*bQ`Q2Pm_`aI2xAa3)fkBzKh5&_2OBFl$@$+?m2%YCauSq zH}XC&N?IZP#3TFp04{?_=VN3S24tipO|&M?gf)#Y6WAqdSx@;@n@T^thGkt%i{i74 zRAjyRh)R{O0XKJ|s_5Y%3yn{&qOY-D3?{sJ|b zi<0^%-THG~DaXM`ggdYE74onpnmBEXS-=*Bkj*zLtiz`^L|mz-k)GO3${`t{G! z);bvrqDs#M7obIEwF~LuG%DxE8R^FAH_#c|XPldzoiHxxS8>XNyq!UlIu2~&Sbx|8M1TGl%5OjodvVyh}tO)FkE zoAI81FEIMnx9Qz{ND;5lsE#-A3dkNUQ}rX`xWZ!=yOiO`0l(z9sg3&I*M1+z=*!pY zhMxrJ0k3d4%mJ%gY3F9GxcK>%>t{HFGH~BbcqelH(gfyS|I<)&Gmd6;Xl)}gREstC z;yr`huONmqiq>f^-eS=j{f{<@wFl*EOhJP@%5R1H2`%RDQ$M{CmwpmzDM1q(UKFrl zVdMtpXyr*>jIO^`MW8x4!+eswAxvT+-_ba-k<>`DmL!oG_nQ21>YCT#h9O3@i7@Y_ zSp7AqSihm(;lGCDu>I)!8Q@Zz)PUQk=T zgiL_(`Q(V#JexN;o`fw|YFLKZ^ty<|Hh|a*X$D4L?YWiN=5QCh0YqNxDsioks}X!U zg$Pcw=U-``aYD0pZ8Tk0s{Txs_IP1bLbqhX?@>jKYPl%0nYe17ZfXW-TP#x9K~Azn z5_LG)Pw|KhsawyRD|j!1BXxTXprV;kllzPxG>AN3G%DQ4ai>YLmhR<*OOOZBP5z#kea(3E6_XQ?w{-b+-MR9 zY?ZnGWCYh#F%djWns8T5z%>kVG$Q&HPt{n$tI&McDg14mn`q($U!~Z<>7LV<6ebXY zzFpQb@*GL$Ui0&1U0@FT5I$#8>iJQQO?itu%Qw}(2-%h6m}8O3;QK)`c=%(Iwj)C( zHqzJJz-E%!N*J|LP;NG*DN)9xjoy4V(q5(|AO{wT?~3as8Gi6V#BQVTk1Kri z#O*=7v6)h_;p{Gbv#YA)YWHb^`aJxIKfK}yG(W{|oW!Yme{>`ij<}aCH5-=J5Ga54 z;mU)XUY;*`)xmk;JxFfZc@-6&hlS=L+8-}PPBt-A^V!~x=#drbg`Rj!gD_x95xx_B z`)#6en2_WL)to8)p_XHGIXO%Hma84Y1$4V|G4vH>*`KZ2u=72#Z$C-7N@i%ZlSz0e z&p%ZE{PqedYi0EggtBx)e)PPQS!AIRQ4OTm$lv<@GuLJD6}mMorjVjsecqskccFc% z{^X#I6+!hw9e!Uy&F4>ONt@WQj*Bqet>Vvu$_SWF<+>TNfzH)#n=%{{rlhR1wK|dT z>@v>($#s+2k6pTvJ;cJ9N6xE`fp1_NM!Bzl1<{q;PG4ldl2tcCTv|xEW>O#0B&lug z_ykpdPr7x8sE5UjCO%G8zrAC+nFL2Nn%I-ca^ez2++l59v4`xTv3HUTM;ROhc-vSz zUapGeZY;N)k48T@PDUi{o@y;meAj!gJ2k7E@7kJsI46qd{e6qF+1ELXJMpMPDLYGq>%%A9^x>vXM+A$3`+4UeMaQfzme3zlhy=7buI9 zLVJ&~)iY*`A~KbgSRQyfXXM0bzCIRqoFtL8i~I6jLmJP9b6R5;5*xNdL8*LRi}Wim zv?oiD_UEXB%}aRW->g0>y+ruJ^v5F8XWT1SU&)sxK|Frt6#cp@8xe1%Nr#=S`}Ooa zbxD^Rlv8%^o05QCi+tZXXjiUo0A_MaW?k9Mr^}5MhIHYaJfoZ+xNOV%j?eOHbMp%% zw{Medx)+Vw8*%u8Uv+U4WA;tr}hj1-dOCcLXPO$It`(|qfp zPm7&51)1MSJnjP~o$}|n&t0jqoKJEOF?XM_k&Le3S>$3~GK%PKtP5p_45>fzHCuo9 z{MpFjUEjx_ySI6Pt!A&-oj5E1TJcDYn{G;GS>=qbwNT_p*rLna(BrI7i3hu92b@~h zNf#~;HdDn()fDU~Sodb;zMEV+L>`PCVkM#AKWD3O+F{U~X$A6`GgV=T59G7bxiLOf`k7*xz737$~oH@cL7aezCVTlpKd<R-+ z=@Mf{c@T4__Wun~06 z(rm_e`I@R$)5kL6PuXI^it=83^Q9FppKF^`KAdYiv+1o*+!s*gluI=1@Qx$i;o(Bp zJJ}7}0Au!?3liI1D=F)vUMF*_Zpe+ODP8P6MX6kfS&3(8J9K%@S3KbmF5})P4xZ)>i4Mg1r1n=LZ)Xt!2sgKG@=YI=1y1b}!g$CNQ zM~GR@G1OwYItvo-2z2b?^O}l>&!-Fs4qF(SkIp?5?u^w_cloe{ty#0$p+d`2;RV;|fQyBvUMIodC)C7k zq+-8<{xl77!G#ZTgZdL8*V=&R0i3RPX!WfXzpe243QFi>^H^a%|G`CQezD@L?w1;p z;;Rq#PFcV1aPnoPdg>W_%Ij2wkeN3yCKk3#T`T8ge&8u_`)F`$7WCMa=C2^{(A}{c zFJ0__RYrV3@GHy9>0USHJ1jhH=H0?nhSH3K3s*I+KmL4~_>MpU5HNZy8kZ3xUWc?O z-LTk$+z>AR@L+qSCZR5F;jsZMPu@M^LU!fiAt~QuwJIL^yEfwD558!AcuS2a1WvxS zd{WYlX1JjFB2^A>L)47m;qnPM+tKW_-B~R&E3s%1g2lXoV^y>6j-<^ShU@xYL1F1^ ztEZxB(x&!kknB@ieEfCqo6%>IqFD!uRt?$)(s2@|9#drig)cQUGG9R~DeFh#!{fC&T z8MEIbe!EXq9z8diCRfgxVlzr_-WJZUS{L#3PChq8^y27zb7NOPD$Qt>fqG}+nh1Z~ z?IY(juc-v2h_=*BbCcS>z2AINO;+7ksOyf?^I;1k4d}wXYDW5RdVhcS_~ys6{xL0hM4lG;<<$YP=uLy7sE z7mwpEHN7W(g7&`=VYQyw2Ijf8ie^5ih#cOlF#tubn+-rSxKsz^o9`AF=%#y@QN3s)f*0t#JBRQr#dsB1JEUK~$cF9BsA=Csdlrf=A_m_X<5y&VA$~WtTxS z%u;MK?6Yz>ztKTLp`7$Y)l#8SO!=;wd%f9d+wQY}F%g-`g%Xx0zP939HVkn)w?9c4 zR_W6lo8>TcNPcJtXKiz!FdAog}Mn&4*t5Cf%_8K%g{!}aa_ zb!>sbJ5k`#SxFNUP=>;z+Cj6u(Mp1<6lRx~4V%;PV4!Amr1-6Z-K&0&=&9PLr(_=m z5ib|yMhh=D_3zXT3|hOumb#L}NrO4b#EI?+H+{~0Sg>;?#MUty7OGvMTR6)2Mc|?sHW+WP=f(3%SUbGvw+aQyl%e5-s)h)gG0( z*R6QBZ++bafT-bnsQFBY@%Gl%yM>)5`?$h|a^+-O)G%U>Ls z^@LV=U`pq$2fv@~5X1kE?Lwkc*F}SI!tBgwpRJB1`pLy~ceDv+$ zG_!TOL&0gMDyxVUU$iEmr!#q3>}o|$ypc{{9?^;bm(#0>;CFNRkJ0qg#8(;?tHwg-U#8>| zSy?;PE$J-M8zI(t^B?n(4sAHV#+xtmC^eDaxzuggaUJ=NAM`Ql3N_fUMyDdJV*^N% z(!u#~$^hBUUa&$2vhK^<0nnsugUQu6 zudY35F;a(ckHOO+`IheK3lO7-JN$wf43CK0A+DWL#RK|s%2I15sm5jrkz$k``O=`B^#(Q>3(HIo_sd9?-1CIw9*bky@#8b|E%=E-aAD9LgJ zNjpj)fr;m@UuBj&nOA;={3Bm`NnMt#cjfAzMsZc{InD8);;|vS+C9vJ zC)au&w${Vqsp{(!P-MC*M^L_{DEVATR4llIZ}m0kQeT~R+9PHN)4~N{PnFuS3rTcc z=iBQdE6JQ6J^WM_F3aiqq#;kQhWhiax0mG!PpT2yBRX4Dx&6o7`b3XCfxmr_jB%

bhfr%`C+S;VJ3C@eq&XIBYM=T9yecY|Kd$SM@x&9cFINZs9jHu=#FxTN>ipkQ z2uy1~*0h}|ah){UsZ7kX6x1&hPwaOneBUwt^3-+t=O|LeN%A^1u|wJtl>=p`U5~zX zA_`o$6ydv!S}k=5$~ zS(itx;&3dzZc$=&pY2)wlg@4)dPX?1%GfAZwfxF`RZX7e8Dqpdos+4DiSKST5$Q8M z4*f*H?y;cWg<^Fp$Zy?O{_AWAk$aButR& zdOGte)f9N(v_4Z`F2@wcNMcZhh`yENSwgrsurET=4c)-R0?VB=3~AA=C!@O-vr+m~ zpm)58l$NicwSdF3D4q$?J9~E9!i-gMQ5MS90X5BDxe>3fv{)}{;1zNy3#Qc5l;#8; zUf4-ooHw?(cm3RF6*(Zi6yu`}2y}rGe~x&fd-Oi7N|=fPPi#0K>F{ml(_dV#<(sQi zPsdd6uzUp>`7f#QzXPN)S@hm^Fe9tT2c&4i{YNMC^`4<4pAzQiV7cWn9OD-vGcEa0 zR8QguBQc5O@}xaW+L??c=5xoQZp4W;7-v!6zfB-fpx|BMN^_N0Kh^kID(9->1N-rG zlcFtV+bTd3@GjBy_Q=z!)%#!*;q!_6iKWRYp<78<5PTu4#J3HTLnz9U) zyIb!jq?Q*YzVMz`?@khXPun+sNawrT zYq@fI_RTC5f1%&(gl)iUWK`|Bd$d1SiVEsjIRqgF3Bh*+w7&KDZT7BI-mZK^>QLF4;f45F` z7O_{EC~OG0NrqE>5b83T_sRBR$5Z#^ZQDmDXatts&c*C-_IcP{te)<@4OMMP|JW=5 zzxz~H-81^A@1vn}M1vN|%BE`ki=PhHbiX(J{U-0{x$|hrNX3s5Wz83cJzn&x`?We1 z^c>zz-Soe>7Zs;cBD5~X;(zwl5{=$e?d8E|rwG87X~ADXmi`)tic(0G9o~FcyC}$Z zwG3*>5%^`{hKrB)u=^*P7Ri+=`M7gdj|*oq7TbjgN3@K{%*tSaq_-Ag@3;)vrt8^G zvTsMQ$UXAbmSMRS8kj>Ao8n65kaV%uGTUL#VQG=UYMCk~yGF0A<5TEIOrXJo9g3a^ zH!v^%Z7rPr%;BUoqtLTLeB>ldn7#;SqRByz!&EAjdr2PQ`fBcERM8WZfc2KpkQOfr zUdLBEUzh!yQpRLORxfcEE+@>Sr+tNqyKDHVK;6>(*;g-1+f!Gl1<;Q_-<8Uvq4jxm z?<7On5eO@t6hta;gvL(mnna3pdbY`S%5#Kba-;gO`AaEJX|7v0YeV@Y7ag04$`)_5 z0=3=c?OE83DNH!_cK9nu&y64g_#pplT?xFWeAmP+dH5crEPDcF1)ViwKCHWLxR8AI zCu=Vru4R+X&Dpz`EkV0;S=sWK2eqlzaIGG%Z)W{m#h?8IyrF5H;%LO;dHbaMnyDVmPh~M8)8+HE+l_t@j5_-5QE1zolCMU|c zp*kfG75O4!)~kU~F2cK3bgkerZMU zD6kuBJ}-49ajg2l#VBvYxKF8eUwom)vYSd%&$_dh_){=AsU>1Wq=m*hKjP8-;yJGl z)5{s;O^bA|qYWX*`hqrrOEdS$)1^GfqU1%BXi{z}JGI&LrBfM54_@rDIwxIzv9?IY z&cm$Lm?pb?ut>#G<3{;O3Ja;NjU+5Vqf1nqe zn{%5|uu_CNU+`q)YGoYP(C(hv-P)BFtB~A`OB<0S7TR~h7)W~lvxno2t8#vC>U!>+ zbY&WP^MygTNgG$ycQ|=ml&}4j9H)ZH9f_;*>lbnNRJgUB?L(0_6*HXa>ox8(#II$O z5qI6(8tRl@>1;50B~rgwI$4zGfj$yqtY2Po=1TY@ol$1<2QsZICt0+p*wfG4^5uI9 z6Dkc^vf_J+(?33BNw`U8o%I%h*g{T&4m1~ff$ zltEq$Ir+gvjEHW@q(OVv4 z4}DsfWD~J^+LnL%2({~YVWV@}MuO9usp z-}PvF6(*a zm)v}ZD9y*L@RE?(fcJCRhd0g_jLFkh?w=KCERm)2rF-^|U{upgQsm3`0qPAjH9~jc ziM(r}LhdkNVM+9e-7`hg)6^Z0^jLUqaJV8&pVW0&i@?MSDO2E$GeZOfHEEmE$k{#NF8-Eo zN_W$A(0%_5KIOMaJK+&oCkyJu^YP-$haObVp+@C#EpMi@e3kwBW9h@V#& zp=Yp2Y(TB6P}Ox|{pg}|LON!JIg+g-wJNDyaD_MI*>LR(Jte9t$FS!|!mifVTi)MF zJq4@dy~11-x(Gjl)G*8+vYFD*p5{Dj9KQjyj>)mZxzb&#Ucx2XI?{Gau z`Y{v_q4u9{_4kEub{`gi4Q7=yI!Wc7pyE29hWC+T`W(IlH;klPfbo{eq+Qviz>}$j3y5XA7AOeINTrP8nrDbN-CU-8$san;!f!Ng*HW>x(Z)Wjx7m zhXe-;)tFaIzbpMbk#G#tb{-SG)N{nb_%=84rL`nOyoJ9R`{a5+aO@mqhUPOF^T5p| zhT=eS@3?gurWA%o8gXjYd{(yMdl`|pdWTZ|BXU4F>6dL#X?_{QwWLSFcoSVthSKj| zNTY+3vVQ=pU|t?|>qDEoEz2+x^-{b1g|bSo}4jaU8+^%aKjh|ImCLedu)=F!d9%YQsQ36O zYi)(lg4Gn%nfsjYg-(~F$rKI#)7h=JW-q2+J9nEM9X_LkGZ-T<(igx`=3t&sZIPV& z{yk)a-t@MIkas=0jO4c{WkM;^;C{q+v$Xob&} zV{}z35Y5{#$8Op<=mpA|*u#4_)AXuT+SyU2^ImIls0Hqs{*lOi=&Zv8$gk+(^2f*` z^3e=Cr$?GHqUX>-F;~11OW@Z9W)(@?$v5BfRZqUMr6F^AVmxGPESj1-N<&j3YI&*G z+E?gKhB1iWZ6s(m)3|Gwh8NV%M!#duEj|`sui80K!FgUvmnT22M{IuB8SS0Obo()_ zJKLDIr@6^1L@&?uW%eR-0;COo-o$)ud)g$<`dLUro)Psk=9D>C&5Bt$ck{W9i^(&X!7?bSMI!gE-s1T0!nRM^YEgjz;Uk z`AkSpy%b?t)qiKAK*1G7caL*>+IBW(rUXNd>F~U<&=+%iF}v61POhV0B8vQYj}hL$ z>-H9y;XKtkdtv@uwwt7Q66#$@b|Ve6b8Zw_HG_FFe{?;N3Ux%o%J9%ze$&%7q?Obx zQS1`UrLjv8OX*5+vrmhmPofkP$kG&EN4Fv^2CPR5Imb(dvjSq3L{cT&r!)FZGN(vo zN5l%u%_OCTu6E#d6LaLX{I%mwm+PiMyF)2NXpQ;WUnAO6Bs7Cv^?hQ zCujiYe|)I%N^zBcIrYY5{$u1dIz%6XH|LOpFztm`NkzG03ppiA!A*6#k%UmgCVKPX z=vpnP(ebeswPucULqg&cK_CbGK=-5-i*CA;e}w$GdH=o9)b+#MLKlpl=vP+>qErm~ zlU9r0-DZV8PtSiMJAKQz>D*oZ={g0`4%xxrcecXQtTCa<((L!)p zZJxSK;y$oS{v+`56;wlioT}(6$eqy%cC5{KKOPc)C*zp+-WcW9g|#oZxy_{Xv$5Ev zQ(YeS{(t@tcrV!7Z>UyqmH!iv4*%o-R*!uJb+3ON1wlxNK*S&t5C{Y%bYuT-KM)k| z|LjBPMtrCl{=d?{3r%Pj{4)H1#-|0l6?iGP4h*gf^J5L%)Wl{+V?dp#t(#bzC{|8lMrbhhco4#hoQs5tqA8k{PL@@K66=ot z!3OGfBM3O;CJu?}Ms9Q?+}e;HI2ZvBDaIpRagdBQ$W}MfE9Ef72F#pY@AG{cCdo_!YD#Uo&5O`Q_8U7Wlaz_u(sb z#OtVFxwio;kPrQ8J7e`9Kl<%Vx!fR_3lF=TCeZrq`hA!DecNwm z^v5G+TOl%yrzj^{v3GMS3%$Qf$p51-fWNqzVlEWZ*N$omWk2gHY;(5Y|55%s|Fn-E zq==wzMbqKXz1`5Ud&&0H zwEoM4{W;e z({G2Dl3}1=hFL06&;BR&_x(6UOX)qh1Sn2krs;{8`RR6OF`}Di9 z{Yr>AYRpD6jL?qkE%MUVK)N+TL9v**XxNAlV$eb)7@00)mIipUrM0M? zgBOS(;ea{NPhMsRrr%Am6^sdL!D`EL^>?urgBWMY*VFC^{elkojlMcMQwimcgQW*x z2&(XS4OVvwDHima|-@IYdW6&M*L%Lt|T1(JW0e*hoGDGzc3AxmiC zApbL3iGIHT%kP){0sI!QO$@4E4PMfX7Lw}e_Z#2DVf&?#1T_qf?B^PC0H4r;oo#~I z5K(LeLQuh2ZbGe2BijAMj4&Q6{Bz!CAAT2BOO}hHg^SRQDt-a1B^Y%TV8<1q*M~m+ zJf(f7-^SHQ%jnhyN$94a!$Z;}1%d0!wdLoq{1tvT+Kn1Upn=>{Mi5Bh$pyczbAPjZ z9CU^fA)|zn#c|D$qBD~plyqW&^p*`;tnAOj2i%S_Mym}p7Xi_x!p^qvv@q$p(<=Tv zc|gLx<#)1*G$HAT(AEkRO|p#I@?0gVu&e98pl1o)2bSN4xYf-{LdMF_!d2RY-7vpl zqk+MxWBb+6bFn|y#Ru^FHPO9zE)iL%bU3!S8^#Al2(>{xJBOe8gBn)a1nIkpf#b0=s;ujpzefK9 z_|Re+a9jk|jS@B!4ijmE5OC}_{?Sc8)Fb=w%U-}mLJ@S~P}vTO#%rH{NX~z0>~B6_ z9X_pu-B5%UzhL|dn(+ID75qkjlL|Z6jxHfV&c66JmvSe@NOt8h&8<-O#OOP*xanlL}Enis}jGlRc*KkCH#ssD1jFO-*=0AXi){ z5-ta~!hw5<%x$7kI9fD81Kl6}Q+;s&pOLPcg1!??PYWq-!xGc5&Jck!Nno3rfNLXj zyYWM6|H1YEK3GJKqL-GjpPZ{C64Td-?hQvkHSLH0DDxAb_TkSdV?1IRIfKBc2(CB{ zq!l?TvxPC8sP-qs{?X(E)9+K^np5J+YG%|9Mq0|E8F0v^1_|$vuxUjef5AUW{!m+f zv-|)G3O7phabk?jA><4#*NigPXcBb=(+~WpiNPY`Kt`bUQlP0oM7Umj=$cpAF?!eA< zVSo=1nZRlO8^#0pn;>XrC)_m}26V9&4mNuTVX291pb}V(g+r+!94ZhIe@rn27Y7i( zYC&#jvieISXQaV%c%Tdyi4@d|7_&i&^7uE50Q}5Gq*gE&G?LX-7EB+FOxK|3YoM4> zgXq4*NdNSzdf)QfFmXy;J*3bQTBuMrq)`!TeUnk99UIt!(o%wGt1Vx2`L~Auo3{Vy z(?1Rl;42~kCt#_>Y9)i!fneukur^`)v;3@XOqn8L;}tuj*{46se`iGp@HZL|GAdk6 zvY?(I?4}gxcp%0<5}iqn2ngre2!zmgTa*9rs(0V?@r=4Ms75?AK9;eM9IHbCKCS^J z$ib(Z!C6EYl5W~BDRV!l{cn@aE{G5DwWk5YNbOvXX!A_22x?Ml@812J1?W)r!T=0p{L}1DfEB`_JVMaAF<|$`?(QF#zYo9c zC5#?~&XlI$P{-JW!w9q>k48oYb*}iAKA#Blw>BQYhcyv{ zXCkm!>S&Q>q)i(%LmkwkfY5435IQI})fly;S>a&T%?>cCiHiI?2jG49(O6+3#@+zv z3^{5u7LujP)e{1Z(|}kvBQ_h6?hRb&ZP@-7SVHv=#AEj1Z#F;^8nKOS=>BdB-4<{V z4x7*k!)buiHIOzhF#SNDO%z6#8hzVn*){$yrl`lX+rvA zu$&1Y^909K~$)X)te(trfQKXv`J-whuRGyx5#MimDzZboARRKYg1Fl&FLjx>@! zg0YMm7?9|uVt`Q)MTkYuY3v6)ryhK(3GKu0hBdrooM}WhhJq|#aEYiQJ)|LJ&DgkD z#AYjG`UO{G!!_V`#a1`g6$b<2d?<3L^tYPm0sI%>KuwAsHDC>a>TjmV>V}GRV`s>@ z0%Ty85UiFe*5lQY?_%<2;RDOxY(n6uA+k5Y{q4vNQbvYOR+&avLJ$%Zjh0bIThfAN zx|%%x&9MKJ^I!hDZ~0w}9C(Vd5Y$`@njR=d3<*@iHfX>}!a)5U(5)9J;cgIzLrKGe z-~TG@p9S{ew_$t28T$`m%R*T}G?4f<#Fi{tI1ujI0nPNsY(!$qx{>kz0n6WcO&!#= z4<8uOIY=PDtb#;_YbydRgGZu*(Qb;ci~x9#KQxmDMihMLx#acd|AoLmb^i00efUWC zW=Jmy%&nV3ClZoQh9-0|y5g`N-CQ;}xCkB*^g!ZDJ1vm>@U7@f!|?ui^B9O zgJ)l&3G$fZO{h63RyRtD-WL#Ic}zn)l$%cfucv(1@qy{1XCY8}Fto9g5gtQ+cfy_reFJ-_8|?gOxU8=o-LHfp8BTHXsJv(1b2+gHJ0WN@*~+ zD53OH5ZN%Uo=`}?9P7K!-|QU@Oy4~myVcC7+Xe@^c}oi1bQ2BNfNyqjWp-dUyU_il zsLfUsp#uoNBV@Z^I3+|N`qST){IC6TVER~@CPpnXR{t)jzbb+*5X7NKVbjgE)dnhy zNG0{B<9G$qS4X;F`l&=Nh3TZD1K16h{PRrja$P9qUGzAOOQ{ z6m}`?@;A%;OVbYEdr(j?guu6=u^a8sQYx;QW=5SBC_DxUjR5PaFb0x<;VtA?!5?YD z0etlFKvZu8rnCb_2tz_?C>S(Z>4_*Z@vM!iV4Y}ailo<%Xnt@d?!)gyle9wm{b89c zXjxU*j3%o{G>D`dBuj}ciMe#aMF9Ps1Jz%Y*@wT?$;hFJmBAsTLm>T85RpbKrvg|; z6Vgb=I@?O;7_+xq^cSArjg?D6f)h#C9Q_d&_sH4B4Y#rmp|>>-Qc5@H4wnUSQlYryW(=p11iQ2`#`I zFGSDC4(sAnYQI<9Kg$F3b1lw1Ia@Hqf=sh$y09FlF8I#Zd4-(uI@4zi0f;RCH!Ne& z1X>`ZfZY$o$D;dbQNXNfE(%ScK?7_5f6DyJFZ=X4ahM)e7^)jF_mUAv)QZQUvYL0a z&i2c+K}v8CP!nrF8^l!+YZ(iZ?M9bqBFpet_aI0a4kC<)|3%clRRqwFq_7M{&%A&T zIv|-8;0#5yPCGWJi?I;#el`?xypt<4oHZSfiR-|)#=?M1tN#B*;lI^#VEP~;MRZR) zl0gL|6os|9iH%YJ^uK8J%~b&KH)yzY+t3N*(2aJ8R0Mdo6i9RW;Wha`^aAiB1ERQu zfZ$LQ64#CFSBK^(X={J8g8vZsH#`TcT)2@D^+!(eTD0pMBapQsk|XjgE*dC?24YbJ zT1>wtW=<15r;h25#>_#m{gCg-&)PTsE&)_mbUp49wx8VwkBskzY~mnLMT~Yg5M6_8 z1wn*EAtivlv>~_JAnr}b(r(EAqVr$c4&a|VEjg$5p70ffA#`F1oj}j}5x!svF`uTQ zf4-Li`e$~=$w^MevFwPyH~v_rz;E#tlxy(99Y3~+@1FX0P5-^*zV(BNI*^=!sCW$u z4+!EGF_I(}vf&hx5d-5?#<~R{GuqLh2&gq45~v2=ltmIzg932a*(mUA3uKm(qLCES z1j1OULL1aDIw}~3b{KsJ?3M~F4dA3q41(MEy8Bi-;Y;C39a9^7gZDE~$Fzi<3- zbrh%#i36NgGz#!xbJP-Z-L(g5?Kj}3KKq^@xq%07;X&?gSXU~@jLJA2j`@1gf!Nre z6aM>bAM5%8y#+#*go8`NG37THiQ5@%fNUozMv|XY{vf`#6^uZUaur9T%P5hcE)d`r zlqi2{DE|x3eaF8azEQ$jtAc04Ah-hav)%mY;ZJ`l^Am{n;UjckFnR>QfZ?L74O`k) z`)ed0fIV>hj6xb-IVM|(B zw{DHR{|dVIE1I!Sf3pQH(ug78QEtkJgb;*`8kqLOFJiP$A4`zt5^BMw9|G$}VBLw~ z87fFZ7+AX9q39#1I1((~h5({IQiniV3S69;-`CUojwcc;6%Lt`Lc+G!w#l|G^R-jn)UTAk55Eno z+lYd8!0&Hy0}Da0!cy2QHS8t@ zD{v=CBnH_;inY}ITSfb(kDqW`;(t$=s2m>m!~-FBAmjxMju4MFAgqK121*ZLvV(&V z@UV?GBmsvN*)Om^=6ZBPO1goE9UyLaBrqou#$kckw#eVv?!$KxS}J&kV|N?Q-x}^L z!Ml6~&6%Ob{KP)il}!D;^!Hm8;CLjaP1X+A&;aiMkX)<<_BlWHt_wz2Tig^(^Nz&y ze_Jp74aUDzzmFe=B7(cWLRB?E7mx7<3g8w`4&?au}O7-qYKx*-NSU@fZ&oSZ_B4P8HJw+#tG%?NNad zno(t4C_)St2#0-ZMF9L5bYn9J2$2+rV**G>!WFTbV{hNL0nhHhgm4hx1K6p1H?VL6 z`Vj^k05tJn2haV6wgB)W9yUqd zuIsV-lBV=H)P0$F7hH40pK4R=LGa%-`37nK&~qPtGz_@svjt?@(PB4MF+_DVSy2LB zjXxsopZWmsw-T_j!+yT6W}bL>%qU<28xV0C%BoWsf;xJxd;dcKLJj{=?4P3k?H2$( z@-0YLX~}te&bfH0mI3gBKp>_C=GuhZ!ox(m|3BWo1Rm<{`+qPPj0`5EsfMN+H8L2Q zYLtE7sZ>H#wq$D&vL`#CvXnKV%~nxS7);i|Sc*TnXUMdMPMgM~l0Ptt}GKZ+=>PYi_PTMHDM67XT_ z{(Z0O0;+F_Q!V~PJPcK&gKe%yl~Xa&O}p-IV!A8@$tW8tb1&0RT>|B=SOM^fa{Cf- z>_(xnBHekWExaVLCS)KByoD^{s)A8e77^#brLVxzmQ498C*O2`sf_*9`%J^rYJ6qQ zID3}wLA}N9b)QceU>Iw?M&3)L{}<~v0Dfte(5rjnWvgYSc}6I+B);0zJ53w19hcxK z`U{=>6-*}h!$at!@%#zOqL{1m?%-gE6Ems4jtY`(8c0m97vE3e@Yh{1!585|T;4)- zI}gnaw}pZQ-()?h0IUe3!O{>{M8OqMP|}sCzi$3dBhJ+Pe|l$mlz(Xjz@H0W#~sz7 zzVcJR!wNGQ{;QT~FB@!l1@C`i*O+z(txGJY!Ylbut~DrnC`?utLw_aNR+tpg^iw!M`I8cmwE<#|plcv=3m-oeX{1OeRkHTF?Mlec*Qh=b&IN15x#0=3SnG z0`PGgXTLxoR<;ExVlVix(kqay4UlFokpj3#bCrl8J0bG|-iQoyUtS0Q9}Lf3d{fr? zDDi#s<@EDT^V6FVx1#p&z4y^_D*cy3`wRLEbs`ypzX(p})QJ^AIC3MpsGJZOy*#-8 z&ZOZb{{zEGOewYY^2d}7vrzxSpyh^JF6D*1` z*7fg^0Th_3Uk_L2hRHTU*-{_;M~;_o5CPR^P~aCMMFP(gra~|_D`+;FoJ*o>n~Q{ zqy}0PL`bKqy|-FhqI;I6h>?4TGaZ@^ZFwOwDK1lEy3GVg{suN|bvOviW+-&T4SPNOGaT zU4cJ@LgELrBJj#DLyE89gWwT5k4S6?suJXuRpM^`ciB8l@Gs1^6jeSd3R}BNGu|K4 zPl2ki6UswGTG-LCFp)`plra~=UE{B@{VDJnR0WFfxAH6tMZdy;`p4Ek_W~FJN#F3Q zmLR`^t>Bi#bEFB~(hl#rvHW5>(Twl?I2||llrQGRfo(rW?oX0}A&4qh3b`pVrn678 z@{OVb%P@s>DjfSh}qGitG@md6~q(8y9G_t=n2jGVz z3seaH{t$6Cj95AGa3yJyRQ!2))c(|p34Y|z+OF0@+_l@Ib`K3eq#wyS^&VXnY^_A- zE6_I41h)!;d*pBY{E5Qc>frD z1Ad)Yk~mD;PZXd)3YuW8TqqV+d|D(f#<|ArKk>l;A(_e_b)kjDm)4zs_|2(ec9ggQ zaoYAIS&u+7z>|Rs4AgpRz|(-)SrXsBz05>^q>D4DBX*+(c&Ios)$_&M-yh;C)NIKp*{ z>dMa2pQ7~}BHzEvM86K3UyIHxhYP3>1h~;+kwpGbg`O5~Mg?3+^WVw_(4XWb76oD< zJf!s;M06c8txANSZxE{qr$=B~8nOL)1Vvs#1)Nx^Cqkp37D!KuF5YE{9J>?(87+nH3gK{ZJTzCp#H&VzesGxGvq`qNvQ!5XYeP8zm4Xf{t2KT4z~)!xkDgif6{tR5Rpzu zui)LZ`%iEF4HKM%MF$%4^#V}4(Sz;uN8Kt?x5ag)HBTugNmA< zpvK8KH>SgiG`UoZ^E+Nl-S=XEi+EEA^<|#jsncT?Q}vcUbKYPRlTtc6U;Jl@m-Ga{ zpYgdu_l+K)w?M1my*i_CG`LYuLsA51-L1YCufIH0zO@4Q=lj76!ieR%ko;-_IF)dt z65RAtr4Nft2H_@_w#NBJ_BSD!mfx5UI$nimRN(ueC|50r3-9)PBiwj2UhF(9(~nRY zi4ssjum2swT=N&OJj_h%;m_6bw@Bb)}$ zxYU6QI1l8+M`PS071lW6$#5K54@&2SyRRTkt{{{f{4IswaQN#N0QeIl`d=VJmS@Sp zRMyXfxCnO&ya;F{1w=={$HBUgLYgEm+oQ_V{!YE^jF*pQ4IVI_&NCWjXjga94M^Za ziw0-XrA!7JNlZs-lN)2HrxpPIurk5UPwcg*>}ov;-G|K{)0cVh>ZW&lGp)kME_`ym zIZV((mTyZQy1Bi*_SP>6mfQ*tcK&O`@Ra8iGxos^fcv;r}V8uT{ zh4n??=ygO{9>N4C(wZ9~&N6?`U}=2*jZgr5Y;!eI_O+G`%YR)K7-xt=C@MM%L zg&D#MG)i_Uu>T?s6MX8?Qzz!Hauu$Nc$33Nn7Dv$iNxwnBrte^V*yX&1KIoFXmRPB ze`N;fenGcdGg(!-*fKZ1HzrcVs9uC#12YUH1U6z^SqW~nD7SK4`qDZ7%0E-{e-Y&W zjQGP$mU#5%z`~hBAWeqxA70Vh$aI44nQDANj^(EJErm}af)d77X zLl;y@Akg680GUYB1Njona~Dv}hzzRfHUj@Ap3DoL|0M%V%~uSE8U^76qDe+n=r}h@ zC73i32_>lJ&3quqQb@p$0qVWEP*8XZGX_kW%5-bEQ%J64W^5RU2g?U$5M){W<>&+O z!$nWJ@Voo1d#bn9JsqUwp^B&|8M2IuC9|Ld)0%;a@vnLNONM`V$khD6>coV|AyfxM z?ZGP^Vxbx+T7lpXz#u?$TsbC?8#NJxnB@JT)z6PO0RQJ-UizB=e8~;zJ{{$3Wt(4g z7PZo)`a54qkC`c*saJ2{T|1yEymXr1Ny@bO&vK-{K)fPw3L1KNeVj_b+%)4Dz3B3! zo_nAR-S}U+9GLKjibxw^K+(kfI%I_&k{pg;J-_vHpZ#GDsF4Peu1f$5LK-iL%*#xY zW*C4}jqe!zOO^TVA%H(K0_9?W1`bqUk|BB+a1QORAuf9AWC7F7fMdGhtH4<`n2K@0 z>mW-(#eLWOpTJ`p9#=I)fxn1N4NS!VJE03R351LBiAyhm$lr^@gdbT5foIfU*woRL z5h8t61Y;#xob%r|SxUc5!&8Yh;UiV}k${&$u?dt4Awc&xxi5vt|9}X9Pd`>-lSV5YW$V%zX#iUYupdc;Wa?!4;N+XOtOKH&dzySh`Kj`_+DNqUXleK4!w zLs=&8Oo^GgUykjr>}}dF@KP3OG4sl$HR<)5t49kRZa>k#(9}(E{_sE0{l|Y|+I#`IOAVmXJz3|<5!G^-I&?r*T zdQV*JMf00r-0#cbXEeLoSAnxvv-*^8z6utsY;>iK_4Td$7d-;- zceYG-Zk?=mx7^99m^qhprGcY;p?9Fuzf<|qYGbNz(QlkArQ9KJ0v{AX z01k(&0M+o`3~~k$jg&-8BJnhE(E)R21PNozltB7YmOlXfjA*=31<5a*xe80Gz-3TG zTpLlPp(|S{@Np2*!@P?C0h}jbt_0^%olewlMgx&<{sl6p4?<#Oe|0k8fRh2FpB4d!19>Ty_y@@W`nwqhg>&mpgTP`u zSax?dcr)gG=N3qeNNGmnNk)_R_v|eBJ5c^;%RAzZO0odO-N#+&FsCaUnD@Dj+5TJN`vodJNKc#%SK*9YfspehWZQXM~0cB-={ z9dV6`d(n4-OnmqK7vBE)Cv(yztQ?j4=5Crk1aD+4aF0 z;PUN$26YWsN7eXzft>K}zI`GZs3Qn?M+tyyQGo3Mdiga=dO5s*6&Juy2d5r-Um(5F zAWN~4H1;bBbBu<0#^}d?hTtDiV-A4bEF!=}bE|V5@p|3(^S+W=mQQn4YYHvIt}w^o zUwxPpFCtJE-K-BWRKzy>Bk=6dz7RAmE#w*u*Ut?FIWuH!d@GcY!MenPS6>-pTAv7! zq9!CQ7!{{Vaxoyus^Q}zL`sJh>sg`eS%|C+1QmTyN(WXHy&OT9)+ZQ+prZQJ;C;0O z6;_eMVIr>OP+r-qU7uv*z&SVA@`DBXGCj>q@E?jc8lA1-=U-7|iLB5TkqN|0a}rwg zUS}sx0#5}qiGRhCBVm3WGN$c;MWQuU(|KL$pKPl^g1n&odS)PVJ{4r{!i$)$WgMvY zyu2Z1g8who<9{{>;LioGdmts!2M$;~JS=1@xt)z5F4r&RPI4yy%YFJ+i2?j16F5;& z2Q3y3kyV1_bHkKtpfuWxeYGf=C{mHZGJ*L9e-vS&27OTl3f7m_n)udE;hR@V<}xW4 zIT3~`kTgzGIV+65++M!Uyhtl{7#$8zt3$b$qh3EQDR)2^Q$z+L6{4wxKnffb-L^3R zR*pdC0}h9!i38wI_lKi3K&%9=Fa!f)89+E8BQ39=8+R15pG-w$_~ZB~$ijLUgPHz_ zDu`YZeE>dAIuZxUD3Z_PT#)L0P??XPLuYj`4l3qL0zVyEb zFaX#s!CE&5-qsX0A}`EZK=DKWNSqA-Yz5c~FG*>>y$l8*qY`$po}^Ms@YBcU zvnFgD!>84WxJ2V7wTRMzf>YighrhJ%RB5nZxE%WhIhj7#v$hF<+<(A|1pYx(j7kiY(QU`ON4&ml3 z3BA4Yoe@4mQupS1ms~WKsr~T&3ZgZcB(4gdWFfWIU^2@wqoIc?sW=yH4DCmOm&pBB zS6c-}CWt@_CNyiqTC}qZM3HDdQX1I!YQhfJ5$V+kX--m__TNJMzk37&FcFGmgQ3Lu z@O@MfWp&Kj6_|cVG1xUSm$JVtcifjL1wfxjt3WAo;QBOBnN&zW70TdSNeQeJTqeOE z#bjzfMo;3EaB`NK®U-v z4`yZ$*hT&#g~5+p{j_LI)05Y^qwfm@ht43E^CRPXW%3$OfuXn-IKjAqAiInn0r=6_z(%}rHM*5Y*TfR! zz{6cYsarD2z5Dq1*WH#2Aj>S9^hd4!8U6wInbD=KCVV9UM{KMNd<~dHKnyb(+|>hu zG?u~ek4*sh+bmMI7m{ZMh;#dKClMtcj!Gz8hKx7v_`anVGNb7I`pATCX4 z!)H*jC2q5R=MA7gS^s{X7Fj|^fr4FbRGcfQs#gyRdw?N8jf0qjuS=_3T^LWx=zTx_#u_(wF$(bHcRxIxC6`TqwNTG_F0S zbSo_4WHM8?9FKU)Z7{TN_VldxKXLfK#)WBjDxquzbVOC_mK5YCM(r?9%a7%oK z8a7ZBE)axS|2;oT{LZvHddNZ*l1&pSzYg9)g<3_!@l>7|ga5_VPfG;AC$iQe3nOs+ zYS02UJVXr!bDtNd=+y_1D%sEinn*khU9N`fUn1MTGQc$Y_;h^&2=yomB)Gw`bdLK| zNEAaIm8Ohq)+9B*DrLU;YxL-nC1PrR6ugC(golvQE)dXgqIe}dU03oxn6bztX$mi6 zY{@jghYo;W6pF}z;49d%eQX3e3*Kc#&G<;~_wW3R?*M$9m3QYkv)E6PmuJe60orIt zEJ*qIS3G~?hY3CeUN(Q8-T(dQqJI-XKn-@04Q8zV-_U1*zdWt@xmE!Dx9?NNYgN}b zI?KXe(t)e(6W>SL%Y`|g3*m1ze3SF%$o=VkCi-*3XWF-T8%W7sT?{<8K2wt0UnJ|K z1mR8X>91ihApd5W#DA&EMraNo$tZ&eFA@Vry7&yOM8=ov=1qd+8|HQe1ZpjRB$((2 zqcVdrhBZY0S{$ODAjo$@p#pWG#)JGD&osb4$RGOc*Cl-c=oeNYCe<(qDo$C6hz>*D z_dTVe3nz0UZ2U!B1F^2pP=+iRch2RBzyv?T0B6LDQwhehKEr|lp>cm`289ULn_z06 zaQ`B9vXja1;8I4S}5(DFPb#~)!4xCFsNvYlA$t>6qhuLfAcaxpBcdX1+w+w ztU)nw<%3K!`WTVcut@%j(BCxs>Ar#G0TIj{!Y+4F*|i+=d5c|EQf(`oMmwLo{}%%M zVtEubV03@@xCSXb8kQeI3W!vg>PIT+V~doRsq()|4dCzB7YPgn6)Q0;E12`wpi?(% z!~57RP~f{YreKUzVRTTljSXCB`qP+vdlR6KZPh?lMk5b5!ssEy@@R3vODFLh1V3=S zaV5s6q7IB`YLFfbQ^gr`;*1YggL5X3HcAqtz{NonSUm^|1NWf7mu=es_`jn1+roYp z1lUA_u8Fh%evkgO9^~e}`buim=(*jW+7up+n%qB|9G0ec_=fbSy!dhr63Ye5{c?4aXeiqSH0_%nET=Cf`jL2*XgsrU0=VUg1=k-*XldML zdvQ6`zOnrqR{(uFD|P@T(#(Ty=0>uf$GBD6HVv|~gIc#>|G)=Ar~geyOtbHHy~)l* zXQ;zQTqvehk1%Qe85Cr5t%o-=S8O=&_xxwBe)b7-#l!oF>b(VR6@+Xh`{2fxSMuRE zH2%=DLCDv2d3;)7b#K% z0a|!E94vc4LM-sZ5kR>8&&vYvFRUOmUqIPtpeE{}R#cQ&J?XBQu4_HXq}SIFtV}?S zRdBI1xWESlFoRf3U=4v#f8z6Ro-mak9f9cQ!LNS?A?x7+Yd~Tohpgq#Q}~~60`S8& zC3)_Jj30KqJ5jU`8VCYcB9P<&jEyd;Fapk2OLW!5D1nQDewN`My8Ej9Pv%A>!SxT| z!#qy;O2-|{Rm&py2Q~os1*$6#2_JD=>zvmklzPI2K6?Jc`w7>Hr+;{JS-%4CH>XFy z+}(O2@1!|F(-QLR+Hhs<jEqX{v~f}PX{bAc=hpQ6&yoAn7%txc5CN6yizJHI6bsG%6N5U zE%&xFOBvMfIRVK7HQl>zSY_s+AuqPpeYt_20R~%@|qz?w* ztKbm_jT53|tLZh7?o=Pbtpr^MjN_JA%4Nl%!smO)g(tsfX$jw%_J$0uQfPiB>u>Ob zqVk`?9dpQMlN53-|+v1LeV$zmmU23gRuPuqzOOB|Ji>~ z+Bb%O=y&;m{Qo8Rr3$i@p9R9g#>NI^Wo2Vw{s&>a%z+euDgQ zAU4r~bhlvOGJPuDiPk$?&AYMpDIq;n7Rgd1H^ zkS*!CF@jxl(~RA$gi7`nL%qzGS%Fu2M+n=wB(>NG2Zv_!2C`V_+Uje(3|};R8Jo41 z)2xjLoad%Buis|3jleOWvYom((>~+c^J=RU3~iAYlDM$O=Wg_6 zKEu_79_6CQ_hi>gM)|(c5~|6s9^mSEqrF*cy+G*>^^3vos!yu`x!@WrmK{mKmr&!Ph!WMs4B4vbLx(yE}PZ;JJ9 zk}Q2HrhFF_FTdbF(SAgh|9Y`-gxMF!J^4+J!>y#EjRAlTzLRT zDhm|0R=K>MZ<+Ky=d~p*O!Wn6ry3-=XHDS97lEa;_ZLX=saxvp@;3198$(?Q z@i(F^65_6%`Jh{L_tP*1$!@)UIv&4*ruaGzvtL z#S>UX6ug^TKc7rXjN_f6_IP9|+1g}FPDeU;T(y0g$Kx+oJ-$!4!mRJ)q6M<(DLb4M zx2t~4*>fk?gC}K|5hu4yaSmjkyvBF1G*DspqjHORw^UPcbu&ty^5rJWYReM0(WfWl z!#Cc&_H_0Z+F}|RQM4B3V;92fQ|2k2RknHPBRf8ecZYLljeW@I2d}f(IKSxu^pQnh z#mOg6c2!9~Da#!foC}R!sW3=$wkXedB_YnU`HGa7IR_?C7KUnT(CXsWUu`^M|4@8sbBzZz486T#Hp! zqtB<^u4$BWbjr-!U@;u}dHVJpwIt=pPjrSlMqofMaHP}knQX9p7V;7AsY~-O-s%B; z-DZU)%6u!HuUPZjNenh-A-hIJ@e&KRjrcm^_lSZ!DHSSq-QG<|-)2fAVb;jB<3q-J4N4(|!kRz%L#Kg+&kbAtZE1uY-eu1#Qge3QR z3Ly0uG|z-po8%YzGppG@P4|0Lv_AFl!Meiw=8bf7J0CkgT?rK<`A|IN<93z0arVEw zK3Twd|J79Jjmv}U9s8*YcFn4uBl$OjHcij*g`tG^p88;BHFnP_Hz^3BtG}Y>QJC_* zixWuct@??j^Nky-rAJEUb`2kta+5B3IG0nkOVUYf@mBY_C#6*qsW;cjvftRhTl(b< zouknfRaMm%lG1JoP*3>;(dkS@jlC03*OrxpG~P<7ka1kmj@xeUS~Wo_!=s}u3M5=> z+O5T`rRU1fGO07#AF)Lwy4ZKl5;?^7KEmozJv(X-dt!syVg!Mt}|r4 z!`4GD$Z3nS>0B};PSVZ}SbYlRuBaeesP*}@U}taX9`|*~(%|*Dv5~gEJmsf@E6+y- z`ARm%ov=fimpxkl!Q1rB>U-TC0{lrbvJbrNRfLoV<@8FvK=vPg*vRhYea}p)vqMlY zY!~{&!i4sX7e2n9gc4&rN$Ixio$6^DJ7=g=7SW zNt}>?b;40iN!2SfZImZpqWnvl*})JLOA=A3(dk)3u$-W=(MH>{Rx*b#4t} z=i1@CdUn_tAyZ{76={DY$WV8;Q|3V1);-&%Z&pZZu6Gcs%FWs|o)fgAZ9AuLO_Apo zgrHzx@m(n;U6~ifWp9O01rOprW!zjn|9NDc$>_aYdcfSu*gDnXvQGoOA9Fc^kgp83 ze%!cjo$!qhnmz^=m0|5o*=|m#<`^OTj#^pT{WXVq8sA5+*dnM9eCEB=yuZ3HaR)(8La(0#CPSw;d#^Pw@o02=Mt>N<*A%N#?uW%o#>}` z-URCp4MvxZziqp~Fw2q_-rl_+9>;4DlJ2srY`aKL2+}GU=-;qTkouKfx1=l&T5SI4 z-rUjq%6zwQRF9N0TIA%yIp?IpT@HIg`_l~SPG^tT**MvYwC#@ACtGh$mE`5o&%4ul z*bZfo^h~EGBsjG^UZUa7@WRa9iUlu=OPN;5>wF$YUNvZUKR%=OQFPZjZo^0}zQ><$ z-P|%cZ?sWn$5?kKuM(exX6QD(rp<3f$`fFVpPOSLVtd_G9yoPDoCY}Y$ zm-0o=8AV(YX}rC~qn5w3Y@?!|mYZyXNJv__jGieGdK;4=-+Q!2B9*Fc+W!p zb(6tWqu3*<+@u5B(u584A89FRReH4NKN!}0qSj!hK+J;NoVq_S8!c#Byrn2x5S!kF*r#CWMu z>3!DLJ9iknN%?xD2BhxWGIG`1_M9Vo34?9i)F2Ee!r|2>7F+T$>iNepGv_vHy`qZk zzS;YF5jT2wn`$<$wtR7wJTT4OY2#Cn$Z$9!#=rYOOTJi4nR~Lujf7;VJtUQvReiWV z`Pghll9}*1myKMBPdy`otK5dW0!^Pqw8)3o>}+*dwd>}~%2fZ9CuI;!T$jVa!Ali2 z53w>&#Jz+RoVZtUKQWJclez(MnA&-_{d#b^*y;)2Pll%GbEY?KJFTt@ns*%~IvC4( zavhCHUH2dpR~-I1fj`-+;6RJa5fAxS83J4%S4!rt6xCCx9tjASf2&tGH++A!$+r8N z8Els85^`f@B~TYhj%u*`GtrH?k1TJWGaNNbwZ9IryzN*UL1Vr2RB+VV`o@;UOzk9p z>SwF+tF52LeNU|^Pb|*8%)j*`b>+@bHgnjBcl;H<9b&szN>~+}!VI)pw`WHMxisEe z_o5?`1!`R7e{MRu(9UuDA-Ae|6D#M{!^Qz*$FZF)$e6KvrkDdYPG?iDw+3Oy&H>|d z^YZ(-;+zo8aL*cp0fRy9)B&yN0pA9Vb8hfrf~e=|S0s5E9u^;C&wQG=aY*V`9$_DAX14wV8gf53OMm{UPHjw< z)NQrt#~8O}39${f>(^h?8oZ2rwbtqG1x`=vEvhpx?-U8YX8p3H(swPFauZv2Bn_S$ zMs&hQ5VMbBj65o-Whx@Ytmtc*Dsvraqx?lHO6=^ip%ygghrD5R)#4pG+fGIv@F_jU zxNToK{9%8qm+>2!)su~kW7mc+%8EXWwGEjte2{ayW;J=2bo1@p^+U6AJ2Cv2VF3!k z%g$hLbv!LkJ9hO2dF#Dh-PQBWNO=cLXxzidjS+#+11GN*Tl?7^nyeoiF~+ZwZpjun z#&I%n@rFY@_x5WE#kHQ7IMypHc&I`L(;t^tzs0;J6#256UTfu}3&-wZg*Pm1`ANE$$;|3|uud*B#TT+bd4CyMISH zWTTts^NXuXHr~PNz6vQm@7-#ce27BdKj7c|P>C*C*AyJJE=92 z=LWO0HgtA0jc&ASds!Q(eD3w^^|VUYtb&D^8ytrh4K*FZ`|e5wT#n&0I0)mgetKZh zaaL;3PX$aFf#R%b*DYrq4#2)Z60=qrm{*qTPsOv%e1RZiO_0r#E8^jsiWu5j@8ue8 z#G<3ki^M`H4#69Os)h!y#va0nGj7yK>8Hueulu-~|IxW-7n|5g2N&Y?b-eM+O5y4@Y}8 z&1x&D=uJ-_k+plc`PJfX>(G@J5qnan*`&R03Gqd4e>%T zZkZlfdu-uZnjeEP@}?dhFQfJ3(ZQ)PWu0s(KB+dN=sm8w-tqn!0(hWYU%wT2rmMqjDg6Co&3ovA<9Rw2~*NaJbs4t|C0 z1~>iURlTYn&mT@dd2~KXl6oKJdfOvq{$(0^{bZES=1%L4z5Q#C43_k8(>)aSR>z!f zMCVv`TpAM{yC&BW#M&c&GJ{34@zvS;@Yrs{VN!g7z^Akj;YN$(R}SybZhk!%4@I21 zRb)KB=}L!yMVm}c)S7$hy%FtGX9NeaYFa4S&?ab6NHHsKJC)Q#!3ylvn7-D z9j2^mgC-njk~$<+Z4^JHRtsHZBOzC}S>uY3jW_+{ z=F=ak7V*7CH)F=J_H4%130bTM1R$14A~9#vL$+a)56v62i?I|XHD)B0hZXJ2$H`;ErJwovUmv?JwKDj2Tz@t9R%wBqfj(0Wk7cDxl0QUd z1e&QH4oN7TY%|Iac<&S%?8o{%A7Nc?w`xSW%LUyre9LR*dL$3DIkYtO)Q-id`!Jb= zne}^e6UmP6BU-c~6rEm1x%NaITq7!V% z8mZ{)Az-G?C{xGe^F9#QSsXKps^PtU|3fMvzV%@M0e(_pL|o;B!OPRPXb1y>8U8>^ z5oU*bnY1{~>$KEL?W>A1W+HGKTZvNbgw541iY2{yzJBREM(jX=Fmo5_2M+xE{$tX?yu#do|} z>v9BRmPcbdhs=AE)Cp1O8pq@}w?CabVj!(!`+VPf?$@N1&pftFb53CHh$JrFJaj^& z>AJx%;iAB{)Q}{fD)ISdQYI#0uKuWOIa+^*XC(5-5?+7{1N@ve3IVg554x$|GJsl7gix6$6k3OT46 zSk>&e+PJnatYp(84EVh#4?WJ%9%WbpphSDPA4w&-8I zJKx-Vx?qR;+G8Q?=~a5vD2b!VH~6onp0YX3A+@9UdML~dWMg%|Q8j;3`RcuKVSXS7 zd$-Dh30bzy@Knf*s7#Em-VHu}?gLt0@jUxom>OtPq`CyTCHCo90_B_ zXf9v1w`x3=J9I96K-R{nidL;FvyZ^2Y`7=PuP{gmllX9KN7q?e(u!4kr3~dxxQ3Tn zc&_Cay>`F9e=r_lsd_S7nOtho8t3Fut4-iZ?%{lJO3Dxp50p7syfJ<6gY}cCdw822 z+^=ZnJQGfAYrLIgGAz$qn|wgBr=vr{oc&@#NJ3&nb!nR)q?ouisjY5BdSmoT0rAm6 z$tLIUQlpR{sH1Q^gY#B%M#AD6t28#2d0tk7afG19r}UF`Nrj+Hec08&jd5dC<*9tu z^=(ISSG@|qz@F`^KnpyiGCbP z$SrrfSeqi(6U=XMn)Z}1A>~B(T(@^qmpx3dJE1dWDki;nz-L=n@ZAx2Q9b2&caQlm zklU?lgXv-iJ|8POh4_{ud;u70%o%2E#0+Jk}(`x8Ng9R0( z2g&uUY|56vuI9P^Xj|b2|Dro;Q1)k!uN~thrfsk?CFq4&ksm*5b>P==cpDQQQG9Kn zD9yk3fS_CR%d-Akp_|@>f6N^C{D`4>RCXQ0+w_|FD%o4x-;Sxg2x^k+G;l`BZdTB( zd*Ni;m+Kd@eLbh|yE{#SUA<2DjE%+hFG4jBrh9a!s}`OdAXL8}(j2^jwH1_T+g4gz zrjmO(d!}<0H4G73x8a%VoR7pnC8p-MhT~(MB-qYg>8Yo3oSuO(#yipnWRT49#DPu7iyJP%?)j0=y`0LuZWy^r?=^IY2k+)XD`)U z8&O>QkPt(qscR*yYCY!j$kZ=k40WoQcksrlkh$sC*w~Wxn%o4gFOUsZ8y?NKa#*)K zOims~B2~vylDs-j3wE$ZB+OUKZiV+!u9{SI&r%4l*l#RIu1wke=I|BYcYaWf-R-R9 zo)s0=HiPzP;ep~nqWcs3!b_R-1@4uU71wTxTejaDHAc+$hONR(J?App5`P=Q*f+4& z;UL$@UIKC_B&RkOtGCwCfAB)S#FmVb_??ifbiOZ;H36+zjh|bCM(>JJ29no#Zs|l? z@ntuAKWjZj$gFuT&2{l!54z*BY9L#P9!H+ja7>t4;sG}4(qT`59EYv5Cj_&zU3GH0 zN3X$z%{-#5vFbv)L~HDI^Ms9+c*b3Wqc8!E5{4ttctjMAQ5;@@+c=hS(H;hb12o5QZe*p~(? zA+buFdshvWJL++rY%pu`HZ6Zy@3bTH(5AuLtX4Gs9S_sravuMbE$x@W&r3HeFnJa- z=%!z-aLVs(&A2W@ySRMhEJ4a?norozgxKvjHVngzBPCm7 zTya|W#WnqnUPYD;Y|nXKs4qlM3VmS4dXf{xFdPuOb}gh#MmNX6tV}$;gsVA`7J05f z*NcB!m3>3=^-#g&dBdGgQkBH+ZpFg*jV^NUF_SV3Y4vC2F-{^GbMdle?S~q#us>#e z`Mk7Z47-86lsSPVtV!Lu=khVBy@-diN%GhSVG#6fdC9#QSc@F_S1-CUpabsV<0E5+ zDubO8kt`|k<%ew&8^#TF&$A;~{Q5lESw(R^lE$o308Dyo zVNu64p<*bc;Y+bjT?%clE{9N+%>!9ITNSw+<>&HSQodiWAqi&gTXwx#IeH zn#LaqbvdXCuMr@gZVt_0xo0u@-pg?V+hHvypU5M!mwJsuj$rOjcn$5{NC>kHus+-A z=`Sz74o|nwp|yIRlpDyfk9W2v2ibVhj*g4mf3WSc%Xz24*w-&`t6y4mi@c*<){X2d zYq67*FCA}B+oV|CaM1W*<4QIg8{4f6sM9_HsS9?}V@Uxkc^e+uHO8l~-c4VJF%&X_ zZe(3G7LtP9yb5~kO_rK9ZI|6MJIcLQTwu^}*1{v_E+_9-7jNl^w z3Ej>QmW@7_=G)qHM`lO%IU%7u-P)1n&Tw)J_N>AY%94vFnAl9V`f+r;xet(Kh0F=P2K zciUv*B$c0fQ*9qC;&oQhab8|^tAYsR5pjs6YT%)b0g%=DD6R{#+eA%sdBtfsudeF4 zl$doVE4B@nr1G~$Qnw5;S30z@2IM=B504gF?8@$S;Tdu;{T0DCKrxF=3J)TR=i6^T z=G@cwpLrGY)VkLKBm**k~G&&;kJ}b?{0tSd*DqMZPl@tvejTqP{>VFbrm%r z$cYmJ$R6I+7ImCw1QPS(f_TL$L@uu}w^g}4p`kqRmdq8=+x6Lq<=A*vzgJJgu!c@T z+tI>?nUKaqE(u*Qsiu;y+o2IDg)hP@((jP3noemvitQfPs@1J(J=)gW zWjm09(8x22FCDldCKBPg4p|v%(_WslB~hi{#Mwf?vRe+RCpTz$ll!fijQySMBfA&b zsg*6mIt9^EA+xvq3^Z8ei}xoC1bNzwb+{b7+3HT8yQTh+c5ID&w3<})|eD4h@WAC!X1Q$b(Q?*M?62=yWbyg-^^?bjI?G|z?U+jZDh|rWv zn8UKy)O(~`Q&eDyucx1jZ)?7WWzUJ&SwD@UIk7xD8Eq=|S)Gg0gQk3$pI9k4ewY4I6B>4@}&ju98o`=ole4CX{6@e`*L7%6lP%FOFE2e{XS{Xl!?sk1aNf^$ zmbeN{LVecGp$#)v`(JIAIo{;9={|qmexcX(XTlt~dHN%V{WTW`B4e9cs3f_V+!$E$ znFx1%E-U-XXzC{5WM4g1YyB&dK%3;zR>|v4kJJ{jfnDGD!Wzz? zB?Y8}`$$xW%*?rD2%<%1pYAR`-*?1P^aypjQRI5$7f5c77IZ?IP4ZK#qg<`}l>+Ln z?HSu71e>PBH7dfZ`+I^hGtxdD4%nuYn4JtyPpA7dp3*+MRnTCm1wGzm?8K(p=hw5( z2T7e(z5L|l(~Z_MeDlB$wzoN84YsNCUjOd zIjmDMG>VkmlB_Tyb;*q~p`z@o`H^p3x&L-|B~>e`=aqo>vkOhrr&P|!s&E9IUXa+H zxG>*#{f*CDYp&VQY=M&aYM+IBGW##AJS^t@$?}q;M8;0TimlR$i#U_g2!{u(>@%y6Xdku!^e&j-)~!nyjP?hOLr>C+E&*SC_j8FEb%tOvfDDU2@=W*b5>0;GhNW1q?qpPoPzcOa` z)9G}7DAmXJW(=TBEE>ZmEiiy3-7hBos z5vLmuirS2Ix<*kS1q^5%l5?Ha<&+*NZD5`DP=E6{v+u@0XlkCx_D zn%GmaU9qNln+D2;Ow5PxK5kZ2w|-NW<99@T_+(F;q=5VvNcx zuQz6GyE)3`d8(R2he#Xr57d%)S!UkUuaKh}`_M5d*uBKyL`h~vBMaHMH6(N_Oc0gN z_~^J|wA7>a+FL96dV*Z{Pz#kSNcEkprWDe~RI8~$qf80!B=+*MebpIVa!&GFd5Wh8 z2g2rLY*X=7*OkclAjh?vW<3S8xvTQdj=OesWW=akeZc2`Aidj+@6P?}Jp4kDH{xV( zw_+Brmcd%&xqfeu)tB+2djvVR@6T}wf zR+NqLN7`Rj6no$-Usm=(MO8AOdy9A1&Q@#@OV^1{)cXdT2mT*jZyD59+r|%~#c6}P zd$HhB+&xHJtOWu^3lw*^0KqlEB}lR2l;R~&iU*2YQ=~wFQr!A%p7(us_CGtjnM~$< zI`^k@<@)J4r3gq19&ceEt_%5jqyk78S&IdwnS?nO}k}Dd{7TYq0cQmP_9xBO58@|^01nZ(nV6W?Do~Jn}`K41EI1Hr2P-^cXNnnsw>qeqhofTVlF1yDPb=8;l(2Dd2oc>u#b^#u zi6?4L_I>*0xm?W%V%{-dKf&?W1 z9_HC`=<+Nqu1-w#pREFX5IEYdsiy6!IP8o6V0lIxagBg=Qs*l<)IY&+zaOe&Eu3+# z*yM<68;Zz)&w7O8YQB=BCNjx8tIrc!iWIHbK-(-GXs(*Yd$-$f>T3$b-Dq2*3VaVO zcd>K2Pm>99O0nM+pUJr_wqp@9OAv~7F47jD5pO6voJYmm^PFU0$lU}Nww$%8mn-2l zW0leO%^T^Gve;%Mu2T7Hl~pQ1AXppS;azY>tJF+u5Q!N0ez)@53ZYciydxinrm}-v zF~z**Qssbk@6FtK2R-dfmtL}(^X5TvcLoiIPLa5>1^ycCOkgFic@U%z#|{m_Kd*hm zA*gcfHzbA1$4``)AVmue%FSqcH)6l*{$qBO_fy52GemzrL!Y_a$y`7k;=iH)OMS+T zi*NWC7-DmT7-Z>MN_gby5@LpLZeMW7EGa*qYuL^B#CE~A?i`elLJRdK&suMc+wp8( zX52SN@8sP-)q@x<_L$z(G<4h#k5b)~(TE5QtB=@il;ZGwmdO%a7J;?bqCm0!_(w|N z4TQfZLL|cfMFOXu!65vsK)Rbl*DO;24Mqz$K4jB(8OC@5keWZ=e7zVBS*c{>uYRy; z7ix3;baL4GJa;2m)Ml+?Z64?nv1%sbcg?@Ub-Nw%bE8SUsw`f@zn)!qb^3&A{`Kk2 z#cCv!YJnj{EW$Tu+i0=&T2~wjtBz`vv>KD{fM53FTE~F$=>u$T)JZ2zO9e;Xuy34y zs%jOV{H1=Z=i$O7A2v%uQLy=`i}#_bP?KDU)z7cdzQ-u?s*>yO_!Q(g!ud*?MIPiN zJ6_w#-{ktd-S7r7A|ARDMJ@0y1MAHv8`7&L2C=kxuzN!IG;$ z%-c3Ks1hMWnNe^j$!4Z{`IXQK?)R0^!p|mclF-F~S$Z!iFHh7baM~5vL15r?swK1N zhD)NK5sk}}$N`F>T&c{f(`s5F^5z0WT;0NQZ*dq28;Po_h5yGo5hrz7i9%ez?WJJ0~4DiYRo!F+%f{pbj_RS5eO znCd*1<6Ewn@TKiOJAJXqMzf2a0gVP$t;^J;lk>^o`SN?w`+(1>xI60DZMP7^2FI&H zxL7;1XU5K-kk~}OeXsxWY&oTJqSyHW6hQDg9|d0564bi9EEAzggY2A!M?+Gj5qK#l zF_J-evYnnu(NP{!CF8sG>R=~^lZ8B(^knh^=-&gMGBMXk=*y|R01ImMe*->_baw*$ zSjkpM2x~CisrrpNfc8+cCSFg;O&%%_Pf2bzXm9(H2kz9@#%fU$;iW1Cgns)3m?_Ps z*retu)FcJ-;i>Tmnza>dK5`Y*(QASId_J4f6mzA9Byyk>^(!fuE6qSa)E=HkLg|`a z?*l}+3cxvVK-}BhFqR%i74OYb*ti&mp!4NwG z;YoU;X2_rNadi=F01f+=mB9@*u=smBAH}2KpHHuP8thSSAe0-{tWdi&;ucM|ZUx6*XDJWAGL+(T|2JpK zd1?(dC0=zOiu*py^pd{kOmJsbq6$bwht7P>lyRbj6jJI8`5O9-TA-s5HIA|>a4>Na zrX%^mrRe&53Z^(;nqA&anIm4|MEjJQ|I0aeaq2049&&uHolD^${9WP+I4grEg`Hd$ zRlY}gT@np7;FqS*^PETE*W?#WHHcSb&%VKgG7ho~x{O?(qz5$sm~~-Mj;z2l)1Sk8 z2DhMDoa;UpF=J+zVvd$5+~r;iI<+wq^$f?Rqhy>tgq-HJ1@LYovAs$jolXinRSJhs zmu0YMx`Mx(yN)R`5C(H-MJ4o#XSRwnCiX3@@YAZ`aMClBn1NtqOQ*mF5=%p+K1&&H zrq&_ptrK<1LAp=SZgj;whtOPKTRs=j6?p*9-T7at1;_|FOJ_hWqT7k7X`M;$gMG`U z1cX+4VZj5E<*MH6FBzNFn(`A@evc`&uAQk$_5nRFlbvqGNZIMiMh}XKZl(Psn{+qn>c^MwQ#?@CWp!cvZH^%`&)`>3l#gC>ikQEv@_?oY@o?-TPEBO{Wvejf!53C~XJ{CrRrmz|<;a<+KNY0xZqxWJ`>U)U` zN}eW6#X*MtMIXyZG-cZ^ZjzqA_OLg#tX79+@^m4EE5)|s z`eS&Gdpzk{yRuq~&Z!=)GZB|FUiyptqEAN1+X(s(5oR1Ze<@D^FqD_Zfd2N#-)|H| zpCyJVXOGTQu|F0ITpM~k&#wOgLlTz$xB=11+>~WYD`h!krer?;ZT?AZSawwDr<9IT z;w-^6y5s%?jGzL%g{`!%zFq6Iq{kK(DbAMREDWXrrl*`bdg={x17@;N41}suj={Bx z97TLtp8!O3sF2NIxE-NnLA86poP_TdcxF$kWD+1nt>YOaF*_FnFN*#yyhQcpf-Da#p(VZ3UgM1Rj&e-KQ+9_Ka&1LK_h`XDHTJwuu=YqjC-?qh) z65boaKX>?*8E{#R2PyY_HG8MM=Bx9^G~RC73cTl?^e%R}Sj1iXsuGY%SGXDTu_84^ z5SHH4qHYDKoH`b;@$?SAJ;3B@>BmE8K3FU&{KV3+fQ<+&hLLl-(sr^Q2>lc!y~^B`FWMSAS-{qD6-5SQKjL}iZW6FmlvQGDB7OT7j-%EBFm zmN!3wM^B!jUhbdY;z)%`GUz|{y+_T2)c>ISXoB0h+4RImUoFE~ru0iru5EjE2!>s& zoC9a4&uklErZ>Dly&`?SzDLegi`qmAh;lI)Kcp3=Y-3XRQoU$rXm z;XLubH}&q@OanRN#Aee>?z7>K9rcn9hh5}tS@LLDX0i)er!D@<;i9V{oNk0w61ktK z0&m;yK@Oegl~wO1$;+}N!?Ye^M~E$-SFOBYcdsI);&N@OiG1F|DGSsy_#ojbj^9>6 z!-hY>#jvl66+ah-6EZn^oYkntW$8&^(IKp%|ApAOV5$lo8d!Fl$J2aW*_)iZIYD(B zc;M0RYbo-!Kx?;*)DV_)8fwy9cp;VY=Bn3X`i>`kn0*z4J2L;p9iGfJNoMIGkVDZ0 zejk6UApGhYqUAzhRb!EKRcj00@>+IB?8Q_LeHPi;A?N)My`T@MPx{s%LmFr5qb}loHm*PyIpBwI8{`%3{mC2s?OA zD}Yh~?Eq(*gf}ARR~Mqh@e#-wV*9l7sAxx#*-}bcHO7ypC!qSKux?7!d?J1Y^C4CQ zIfOrzpZA_~A@YO%3e;)*7Qy4`qc7Oh|Ht5~4&q>V<+5{cx%6!FO8!(;J05ARZ5WK^5|Cm2$p;S6)YA0(&Fgmc>OD z57fotBL8`kbl}+xMVh3YorjAy-bJM?ZPQ%|oQL0Bq4Dg&beC98HcT~nSCeRd&Qj0- zJD!KUWtf_RiH=FtdGF3Sic(aXJL*iKMgT|e*W_yKeutGQiPX$)IzaftDJwvA6_{Y2 zmgFk#;$&U|&bS*nyi!wvbCS=V9Z_R(6ObL-BW_X2;&O5s1%B=plplLg2pnd)h@LhAtvvsOj7XAYm(|dSk?0zsAu6ak|eHmQX;KQu!S0>nnR8jJUA2u2C``Z;IIqv*V|CnYfKel2It5bSZG;Lj=!2u>_{AIY=hXxhm{Sw~nF?P;( z3sPAv`dRX!@7W97ZOfUWF&Z%wZ5=j>Bl(bT+1*4Ne59?78D7b2$(xm^{CK+FW*%4{ z|AJmfvqDX!{{K!D5HtlcE;;Ygx8-Dlm^{PZZaKdp`x>_`c?8_tueE*336cLhi3|L& zs#mGV_XSGKj4PK0AU~JI7R~k&XRx6T$$VAC0y{O-<|gv3snjm~_%qyPAj(ekcw}P* z#5s9djhNAPONvz1&{U`Di^Jj&vIL!48&OfR>xpGIs$E-TBj}UNW83k*Jl{{AG3N(U zRB`ZOKN2wE$Q}bhlFgtPB>6Nsi{UO*6!b3o z*%kcCqGtNYpUlKB*_GJ^F7g^F7nEI+Ctr~!mK8}NVpEqtjtFU>UP85k0WzM4Ure1C ze;{0|e)URKs6Bpqab%&46%u@E9Sx1D>e=`(f-7&dn;sLex2T*Ybystooj0D=-Ayvu z_{WT7qeIiA!b|+ZdcMlW1Y?GqyocYp`pZxZJx`5F#g(x}DdSKXWp{7SKueeZo#xH+UD zrj)Ky<8l~Wbk%-Gs^D^{8~%VIo#kr1GR(xu)~5|zsH}Zz)fW+p z@;+DiD?n#qTdg|cs*7h{mrgB2E{MX5tVndMEQ^z8l;kFz6+1}X;Y(%Bzj2op`X zjz&A1sNFptG8yOPkYda$FHt$z z@_FG!uA1+JTw-6A=WzuH{YaQ*?;@oow=H}&Wk~t3fJ2Z}XJ@B~Fmov<+jeMjE%<1F9$<$vJ zzpnI$PUUq=JD#RyU(TF<*^pdu<;F=I+16U;e4^_$tcG%37#e!On(~FG7Yyl#J>Pb! z#?sg`3KtlPG))Cw=@O7)hXSqGzOVa;C%^X6jAe&)@OTz(tn(KDMo9_gQKeii^O_-Z z>CttMiccoh5;-b@xQ*G_`-2^_#AW&|1p-Q1hLY`|F%pz??;g3?lFmCfg(dTeX$$vBFOR=ff@AE-rwR`F8tXQbW!4M+4tD0qK_pqzpIjF^x^z+_u!hH#j1QNJz}tKk&S8Q{n2Ga3OVh+R5IZBXNex3ml^zo<^tdHtB=(N9(@K zi%5EN@cP41rOQVd#tKrJhKuf2wAE>>(Zrwxy#|?RBpajGqe%&NQZ(RCDhvQ%PBpL#d9C zND?IL;kCI4&Q(U%)v#B!X+%{xJR}j9WnC|LmZ0gFl(MI>4N5cq!Ez1L>D94L(*8{) ze%~MXc*~gF>pnxk2wAhtReMHoTDvKk9sFtw1Sx`5+j6rIVW=8asTaW$Z7?En>1Bng zjT<;9qm7=eWAy}r-_z&Oc&4p26$(_I5GrM^uqe&PYx9L(83CGH)EtTw}`jp?H`=8->^B zpZR$H!RiGg2=`VLT?Sg-pFWjPC&~$W6%5xT)liAn(fd<>$zb{=?h$jR{c3|%g;%Q^TXg7*)nXGW=u8%iN292uA6 z!B^pZ6qK&{T_w(n`*B&vHg7|W@ob+pdn!pGus&~`XRD<3zv35oT424hyC{{-&7i?x zMnp6xfAQerOT-zbv8i1l{Od=3a4h}lF_P0+eJw$4r*w$u65p`WR8&C$dG^**LzSCk zFaSDpE@og@`>0QGsW!99M3y7mIf|xl_Do{3X+g0j3==M@5)HVoE&%7xG+dYXPy_!S zfh*bCFoA1;n>qg4JqV>`daCACaC1Ri`l(OcG!{o)Es8Z0p6*joPFXdQBjXIH2z*kU ziE2@mSsB0tjs@`mCh6JxJ>h&^q>Yl`aQ+$g6saoE;OwEgH~$=@vOeQ;&pm3GeV2YX z)a0O3+^InY*ZCq|fF2G&s)>U(uj4Ps4s_DC)U&Q*M^BS({!%H;bAr=>N?&now(+2- zD3NMgt~L928uA#SrJ*hT_l!y_7wsiM5_tF}4J7uN>)u-`gE40gk>u7~4?|A4zB>N* z!ovp*()u@r%I~u({r;fhhrYOa7g}Dzbj|XkSB{$c;Fk#Zl;DZ1HjVe@)(e4bUsSv% z_AFIjIK!Z-9pJ;JN8e-xW}E!$SG?O~ctAW}`Kt(S{Sp_U0-&4LD_2{c@r;z6N!fCl z%2+2}<4|`*!;9`@66^)Y0eZ9E>misp7fQ6B$49AWr^@4MU+kd&zvN#WjdZhdeX67j2TF|D4u| z{&8bXdVNzk=aSNWXW87cik>Q{=QPlgZr_~=o3w&Q)1~YCRG-S&D8)C;JeLHgRYKQ{jc;YnG+F4d)-CiC`s7-h*cO4x%pnTB$bnZ+I*Q21hSD)6XT4Mbc zL^!Ir30LL&k9cbSU-6XTeZ5_xSFm7bV5PY^Mm_b7Ja(+u-tb*P#HAM1h3&1l$o$vm z_#gE&{$KS})u#F%EG&j%zs+_5wG*#V{P3&VP9dwb)ln+eeucoDTKtUZYO$YZ3?~SQ zvUegpU%no!R3?MQq5vz=gk!X9OR7R|&(tT_I#+kRn~U45mjsx=x98!yJl}JsPOq!k zM5d3OHR$g1Je<|lCQn({i3!;g{c=izGwpUsHRV7K@ija0X3A}Hm^z2wI@|dZ20z+? zg#TZT$K?Mw9@F_70D}A?1^%dD5W`Q&jFON5_<)me_XI7?G&NObrsw?d)RG#b88L-$ zL9)lfT*wSomr+oWL`QE87M*W09-Y-;^5m&WOX5n>)d73uFiK$SAU3ws04+df{gb@g zMbr7MeJy~LeyW`>j%E9>y=LN2o!bOR<2{=>*mn_FUkSt?JH3;n`dsC)yF6015If38 zOVc5wt^OuP&xS-y-6wRW1!469TCK^s3E#ymSCGE`HR(lOC#uYz6 z{=rgqiVug&v#UL747J**!utH}U#V03BVa)s^3zklC* zkzgu8I?D#3`<+mqoJ_lqYslRB2gHvN_#qg|{Ma@$4wFRuB8(}dKVeuWc*bi_~o z#ur6StDTv1c#hhPT8c>2*oXgZhkvAsQfd&eGVZ_bsuwn{AJjB#O$zm|C-KzkZX$nQ*k?>8#5% zbSd@(^LktP=&-LIL(Q`{9@Ynyj-H`Ky`1mrQhb=vp#;7BN(vhSq)WqY)sLBLa0_?l zZwx|AR>ul=Iq4>^Dsg!HUIrluxrF8LH~N44g$S;#~YS` zD)1S581>I(la7iPeA)yMr(dZwi{!Cub(8+Ys9AtwQ{yFNwr1ujX`$|s<|5A$5MG;k zKA6Sna^)=)&i5y>=(kb?<7|!Yo&NB3gO@lHUUU1!UFGXuo=DFu+(OyWU{-ZU$EB*k z_&0NJjy95b9f7&_yRdh;^au7Uu^uKh$!tF2WVa>)*82Vg;UNp3h@D1vb4Xu(qUr5M z8DoLnD=1MeZ!UQx_ZPAfn-kG5>$m|~!aNI!Fqfky!QUh2UR)2uqe<+9&^t^=BV51L zS_{a(dK|s!8Nw=2F4>wa+Pqbjx$E1*dZDQ+@PR<%wmRbl!GuO zTqz!n_K2004I8!1H4EnT;01(IwQPOZ@O*PZQ#lyO8`P?fd?5YF<)$hFrCY70X22e# zV!)B3Dl-;-YtsNI`)ou_L_{lSfzY7ySn7QOlt&&Y&<2*3DUz44B9~a!w2<8(8O+%M@2?_I?UAZ9$2Sel|NS+`F^k}KsBb$#HqiPl<3pO`)9yVZzUOEm{ z5__Q@jLfk$DZt71_I1EUVZwl@#c<#yqDWfZZbRZw1wU??wELn4pJyJ2y_pW!j)mtw z2--Guo!1(?D^pfy1Y=JB*VkHYW-*yOlZbbIbn5y9Uj`9ta0Y&GaluAVL-*iVxVSRn zy-zvZVkDTbmHK0lqFf_8LKN93k!mWOMb}{_xm*)sd95-(1%YN(AH|mcKZ@-hQszH-NRA@>O7o64}^U*D@ z-7Y1R<0oFZigVF_YIu~Xi=Pp?P;~#Ts~`SRd`EfBMl#rQw@fUxy+QH0FXiF_18r%J z`n#hF1e3}!?<9FGXS|n8;y}BX?;hEdQ0Tq|TlhZwvk09#bY)q*mrd|TLZRigSG!1% za)?Zo1FyR?9%$s#Mh047r&GqBvJiX@#rr>>#c%W*lcJgogpLoD6SuFs1LY>-;hOAFuv4J=t$i`H8zq>xff3y zxReUoaMmXgT46Lrr`*miy%9IS!xCg>^(2o?Aop zoh(DevuF+HGlIhVkFW-RTHn%R;+KiS|A}9gCX{mp(uK@vJ^f$$vSJ{U#G33;grl=6 zBO!&_Iu*>43ArYJkOxDs<2$rN_n-AAsnB2(&g}kI3~tqlR#E&uwY?c$^7-rIA>4zo z8g60gL)ou=7oIjT%(;v31?-}?UrrJw65x2>L*0mA`MnexLd-wB`YER+S_Bch}}V#+yPgPJu~vI!I-5Df8RnDtH4xj4`Xy^uJtroCN)Y7QQ^XhCEE+nL%ZYXZty70j{v zSz?os1bnvn%(P`UY`GdWBIk7Wa_D<;i{|^gIj*mOkvUe0ZTY(gej4)@fBRGAIEd4d zXT2LQRgR~FT`dMr(PI~AZiP{EU+L*j1R~!CkcpkNBBXI)4|whi(Cii7HnX`<*|yM^ z9iK0PdkXpIUNj$>)=CFOG=W&@9gyeFSWD#QtG9K83C4kkrd#%0o`=uowcGrHOOi4? zHioVqdb=u_PzJ&N_qSIuTaAySV;oqNkU?lCwWKcyjgimo#~YPu0GMoYIOA?+PbH7Tcy+cGTYM8p;W zoE~DJ^GJZ<@qOi(0qKB}=c$S|l2^(~qMQ^~Q)Y8M^db<0db;E|30RXz3}1+Z_sl+U z0x8kagW3BxN2<{)J_o=cJ3wJJWEmGbh(3BmqJoW$;NOtw0Hw=^Eqz&7*WI@rY-G#B zatu{rBCGGv&J876&iH00bQGOCE*D~y&wo*E_%hr%P~;~ z?sMF5Jb>JLQC!K6VX0PkriAsHx%&9IC{$9_?E_spggwSQJ>v{{c-_ALc!}rLKq;jX z)P9sKN@ul~q(@8JvOK4_UJG-0AwBVERb+P_i`)AaS88dAX*X(1C)sk?pjCV!juBY( z$D&Bicm|sh7bZOM1JbIkL4F|u)s-lrJTZJk>+4CX(%uwQKmRx^m(7PO0QpS(U3&aG z@I&`Cf-O_1VA-iM!%}y`EyRFO%)FN{GKOYp!eCF&a=C1!g*KsXn8iht#*p#tl*eBI zymfoZOOpZBxhDtofuGRz{@$Mhm6@9*qE#PGA%)Z8BiUm1fSbZof?#+hg(tA#==-4r z7|Zc)t(k=E%DEI9^x1{_cebe@S0@8&FaM=8Pau!q#@{`*1NJ~n=xP`-RGWbxisxX z4NqQ{LVv`2I5Oho6gm@)u)nY9X{JSFUKbY}fd+8<_ZFhn5!;HlE7{m)e)qEjEuPh< z>~z2X^2=o1xn^gHG^vGF?OVb_~xZusBL|h*|ZepNs`i5iN8X_~d;qvl>YpS>3 zkx3NY-NmgKQK3KLO}680H2v8^?lKYT>IXBB3aus_%+eDVm2wz|?s_e-M8G;k%%w~7 z%WXG{td(J(Htje@Iic?Q`oanVcHusn^MCrrZX`wL?LSx{mo2R&2T>{nmWJvVe|uG` zk_e;T{=GurT1dBd_Ui&-mJUP)+6;r6wgrzhzYA9als$sdCydxjWm7vy{yx&ExmzO;2PBEO(=_F&d`VxGPTKCNxc zo*EFvxK>@Bp|`4|qq3(=@TTMwq7Bd`y$!ntA>I!`VCZ^WGEI>)lb!RtP@`H5m~#X8R=tFSq0)eG*k^=EFi_zEB_wpP{B0EV0w+gPR0^?qAS#5KuZ?HZsWY zR1SR>YF1zFKZ%W$n6RtjaJ*Z!^!9O=X!!$hnL%=L{gSJKrgVdK0Z`i%HmBW6F=Vai zYmZec%g(ry-TS8FB~c;p=N?mccT-wU{Si~7SUP1%B~~~StZ2Cxd!Yw!npP0+zMZXFuPlZOTLQ?294A6XEVx_4HScv+I_rRbx3F4*tPP& zOxGtoFE}fW#*9iG)EFm1B_{U%0vC2vv5p#;A^$zmKfZHUb?@0mzh`hxHb?Jpl$Ns+j=E@sOyHCDu4Sy&f3m<37wghIY7YS;Lari={dIgVwSh zaw_<7Fu9uG;o%O6ZOQZ5c)bHr{|HGw@w9#`g$|B|l?H9FL}7B}yNH$8*we6QMf|Ke zN`rccciFZq9X*E|{oeoSi-{^ExEmeIM)JR*xdJzCPuywMW4{3OY7b=be^1J#kpHW+ zz{4f5{duEdOKY=^fv~Dk>(H{Be0nSWg+0{@*HO=0Tu3mSabCK{6I5#b693(Qza~5p zGiMT14V~M_zG*5RqNm$oCP)|h1NUHvLW-T3zQJ!d6y&{1E#!^I>u+?Ajx;0RkU5S8 zXLu|)27RhL)^p`b`^m?}^$y25R`)I6la@^`W#QHegaNc>t>sO@8jLZZH1OAFY&L8H zabbS!waLXwwUB3RPpNnr-wKcCE>!YJh4$a2)=-HgHw&>7mUeGh|4PkXkY4INV_peN z-*`m#p|MAO>Nxu&JN7adAHzEE(QFk0_gF6Y$SgYI$2xsb(aK9dG(G9LL>E`fn{KCq+=GA6h`abPq zScAnCG_}W!WLb*OOeG`9JL4ZGiCSSWKK+rU^R|&=eyMH@3Y<aCVl|QM)jx4j)jp-6Yf-BvN=PX$+G5Z(qA?L>HT)Z|2y2UuDZPmbUcPgpu=9ai{F7k#o*I!b5A_QbEzh{TG7 zlZA0E-UhqObbQ*~Sc-_~WrrzU!h#q_6WZfEM;=MpiWg6%W9q+)O3>wLwp;d&$gU>y?UFQkvD1omD`V?{qxN0ZPr5oO#Z!r6{N)Fu= zY5^rx4vFLUYq{F$t53+MaIO1J3OdHnK&ZRHo~|_SdhD~CnBC=tT(%di9ve7wydxd< z9Phm2eFJ~Vzg6wxlxDJNUIY$%Z{ovAs*espa9dupFPcQt8M53BuXq_&meEB)-CQZG zoq*@4Js&9zG>_^6hTm~mc0ra40h}dJS%b6iMh>w)mp6u-f>x;{yWdJa^-8T=wLh}D z(3p_=R!tDe;S^qQJ2s^JA|thG?le5FX2y`d0hbOYu7{N+jU-`oKQ9|3`(@qBV>alx z>tD{n3zSYW|D>$LsmvAKHcHf=L}M1=`?hKBdR{~~iq==DNc932Ad{Pr$2vq<(Dt_W zZ^OObS2j#bP;+f^UKtf#hhM1x*)(WG4A3VyxgQu?E=Lipra`DVG5wr(*c3q#0A`o^ z*PR(H#zBy*U5GrfZ~@R{O;&Ft=<3(`|EWcuG635(I3Zn-ugZR-z4E3^>z}ZpF5(49 zfHLQ??_#Y^=IX0=nyC_ywg8;i6rNH#;c07A87|VD=CYOb8c-6^xL1LHmZgKAPbE~U z5Foay>umaDy;IM|oj>-Q;@FjGI!E$~lbV=ka)Z@&??ZeyQIhRYwAk?&4G>C|6743` zT*YKpj?2C0=%LXu{(>O>`hzA9uZ5fe@qjf~cej<{aw$Z4=(zRqD}s+E%CMWPl`^mc zfl0VyR2c@~UA-_O#TI95xk=%e$B8~^TmmF3GT40xgx%Ce_Ii&1eTL0S3&U=g8(M_$ zEz*ZwWNEcA?@Mkc!bacvpK9ON-j@$IigkS*`hU;oDxC9EU#UxY`kbeJW{cM`lJQ|7 zP|=bNN9Q|9|EGH;^1t0H zvHxfH%9$nJN=AAOJ_`)GACN!Q9Gp{7>PvVS_H;ddmb_TtT^`^Y4&91xs_TZT6s#k* zL>4j3wveu!d{VE(HDeXGC}>z{GV3ip*G`yH;AikeM=Pwnj02axeK&ZcD*D34c|Vmu zOif|Vu!+Ee^$b2H^0I$hH8+4)giTy2rR&&#nWy@-N!9|zk#$$bZ9 zZ@jWT09USJ^K6X^ZB+3Fb7VZ?v>KsXvE2~h;~F~bZuxnJ+^4nEl=KH?zv++eQVIwm z+~hdgX{4*(@LQ1xF@};GK*YRdH_jYn;Bq8QMYh*wq`6fbba`U(TAF3s8)NyXo$3fO zO0Jz%M_}c_yIHIk+!3OkCkXih`*N*)`I#=Nuct79jLza=}HgU93@>`0EPSQyEbaaKz)$?3ELOv;l zT>WKi5uUzyfnKyZ$kOTiTQR4B6@$S#mH)#!%rPqm!oeiU)pc|}3mg#D*R1bV5_U$n z8{tY-uF@vHzEe4T7PI#+e->4vGiM^a&U7ZeUxZ(-#D0OH8bi+`CX8dnjXwxZ@zF;b zJvR6m`PF`Pep{jjVsHA2e+f*c$0^L+2Ci3z*hK+~_^|RX-`3hBgY(|{ip~Wy@g%jSA-UIQ5IsGoEhu*I4QrM;hw=;V34@4KJ45&EDl(4 zLh9lO^?0DYCh6Id%j}kM3+&OQ!1AdR06KW?=52evpnpL7nT}4YRVQUt9un&)$4)S> zqx8@uNRX7D^f68UBtAfvv$ij<%^2tHbb(e|Z|!a-Mx(IK8>?WPNn-1Ri~$-jPsMp6 zo^eK@H%GnkFX-nmOjBiRr0{?H{ z!3*k=@!**C+rO?FFIAlSm0I=1j5>k6gk4hw0T=VxjQh6t6}(_@Sp9Qzv#l4Qd9y7x};{Xq1C zO^@;GCW}$Xcy=kCsAhm-AKzB4uR)0^rXGPIhk|+7+Ab4i(Y998@r9R9^f2!=Us+h7 z1PjS$ZyIqe?;w^-!9Uj+`?hB{m$}E{Uty!5D)d9L);haHR^deG>-6K`KZo*WL?Vz0 zzt@|~D&%hAratCJRB_Nf^SQTsPgdeI8U;6D$tFNXx$_GMA;nA9LF)*7uY0P>_+aV) zTx${hcRkcYzh9CJ{vVfmUsyhvtG_3Bp5!{fE2mTFp`i<~wfV*B3e2paZ;$h2Q1?60 zhnN${Z~0qFsAf^_eXme)DBoD*u=SWWbmb>Xy`o3^PRX{afK?4(P{-L2bFf40+y>7owA^0`9?hXI6zaC9OJ1L zPk3lD!wK1ELNTG*7kbZ4mHLE|iI3N`tdw zF5jo!TTC(z(}qch?!eYt3^sWM_`xDQDdsyDy6f3^LFKMeS6h6MzXo9-*jFhP_Ws+u z|0c?*@7})@^hxpTELib{kmZmq-f5CVy)A;5k2&q`fX^l`2zp3c%kPORLwI1AbFAVV zI|6^+G9uZHC+Z@n!TX|oXtE<~PkxTgeDSY|TlC%G<1q=I?|zs!*lDZzVmip^DHH;X z*0FRF!pcjrqmny%rmf~@Z2V{2?2}$Ry0|hhLU9NwrTv2?z0C&o##tnxm;FmH0M z`P0K1P}fzM>6YDQMO#Io>2-Hgdp{DvsuXIPXdAZM!o0(ZJWEB34P%dKmvYH|7bMZ@~NlH4SPcfjhCS&j8vD{Yr+kG@czOow8@G4;wD)RSswPWC zBBJXdHDw!geAtM>db8KJYPwV~DsBFZvtZjNuljLZ1HY3)BdY{-8 z^nOtaS}BGxD2Z=g*=Sc2F+WYPmixX)UZ5-~?(E~gb|k^!`{y{nSh_5osNqLd_yKEW z_x|QZr^Gk*!w)B(-839pMYng8hABkiZKsN}hPf}-N40F+T}agjVae5D9O)FVB}?Ee zPf4%tBYc?}`Nb@?ziqBmLO-`nPk*z^Sv0&loC`J~{4iB{a&)3W)1(zl`sJIeWsth$Hd_0^e^tJA|Ls*G8}72boe}EXi<<|^$;Jr zw_jGN^JF9t$?v8QC*Euqg7SyOi^-RltIP>MZSa6^)dOmr^uj{+R}d8d#9sM*=x$1s zW7fw>RoD8>z~1XxZ^PZJjRI#6m+=6ks?@omA8&AP*GZS>iGdhE?r7n!Gf}ji$I&#; zd4u;{fe~~6dnkR*ruuF+77!|RvhPdBO_#aE$uv7_QN_vM2D0=W8wKbu1X|}yUyrhaS4q}e%T@L6ecaY%-}kvP=x%zX*90%z~h;H7k|)gk(hM!7at&Cckz??HOj z8sj=V1@79etw5gd9Tx?3BHp*|mRMPtizzi&&6Fl{z-r4l9v066)xUp|k!_S|o<&_`fI67g2JeD_13tX|L|om35?bgOe7;FW8(JZ`~wI zp;tppBcVU9a+P-EC{D>SO$JB{Z57xqYe5Lef-Z)ggx3HZtGWP1DjPG)=zCV(>^3+M zF*plt{9ja^bx<1(6zzk1iv))jFAl-oB}nj6Tml4#Qlz*;afhPCf)#fu+7hG?yg>^s zP_z^%u6_C5d-LS4%+6$Hv$H!ld+#~-cSJ6$OVse;eq75}_x(;VTHkjDrz;Qpw!Mth z{R60M88tCSs!Ig_VA1Bhv@cwZ$fj#RRFqo=B%a8D@(&?3VK$T-#aZs_O{vH7nF!dFr2!F>^sEufF4Bk_ia*k@Gklo#0$UhT=j`~`{w#26x2l@m~R$Qd|!UvU3OX^ zBGVtab)luW+WiHg^yG}hudl|D<}Kf?*}Dv~E~~qXI@#uN_J@R645i6wzw}IJ-^B;k3L}opZ%DF?26_*xs+Ec`v(wxRX~@a ze*bttC9bg)CtLH0p3K+trlM(NCH=^AsnQ1%_T__}SrEOCbKe1_({8uC7@AZ~)^*@E zpCmR}FvYo#1&NEgTnJ7{i`!`kCtG5A+~*dsxC45L_r#^%DOh5AIG(AnS{puw?&R&7 z{H#Q$)n+qTpFjWPQ$AO(xsy&t(tPQxXS+SYgI?LO-J51mxrV2?xqaXHzLkprXFO^B zqXHy$C}ed#PZrL%*1^NJ!{`T0EL#G&?gzSV)0HN#5m$Mf+XC>P6qG{BK4ZoaG}f8XlLTq&MP z1t%9zekPDqBfqL-U%8?yo$GaDqok! zRyqa#cDhf{fG^fpLdGbP)XF_Fr(_X`%?nLN`S z^#=>QQU&Jb)*yY7NZ7COHfzhXdL2q_$!`?{l4U-5eMbeOe?a;)xuR&=}uGDcnFrS0BTxY&D?WSK@*pbZw(JyNUGmq3@|x!e_UNt-7ylJgjh6118+Oldmo`e-7c zS6F`bk*C4aflf?1k>PBUq*MInQii$s@7|E};cMI38`A3_BU&{0HJDjtTZ*7Toyp_= zvEd3Qrc2NlVtEDg#ai~pA1A)qC*g9)xVSlJy1fc8R%LCwJ3}SLy zeOm`c}u?%j-TQY&F?-PX*PKC z&=6AK#&$VX=f)arkY1YMQZtK*=I+O*@Rv+*ks|VNMm$D-?Hj&%Z4Hk&)88Q{gL2T7 zqEJ#ukHRGKJhInvZwfMKQ~2L(x6OOf@;cNuXvoDIoTZG4f|C~<9e5_9&NP$wKNYx74$g^${%*KR#ucAoP? z=*Q2^U3CG$2HLFdW|@6u+2Hj>DD>)HKi*h~f2Ea=?Fny-df$zh*`P^YKjJFIB`7!3 z;u);2Kda*JX7H`0BT!A6*Sy#T7hgi~Ylypcl(cQ7`-O?aNa&jDyr#=@5EWnJke(R7 zdC&D`yfyaU!_#_Yn&sP7>zXRcZLO}91%X#?-#>icODwZx+hAb!_Fr)kyfDGq`cqF(=hjzom~5wMK^4~=%fxt`(zcCN zi~A4IUCX?k23sBM%+I!>aeMHpGvvjjcXsuf2mY4AP1)Oby?>c@LOb{93>EKpSA_gQ zp1o?5p3x^MoXe;Ubz)NrsMmedOaT)}(9a2;o2=`(wGb2#Jz3ABjk*ZP51$Ne6=@qE zc=Bmx%;v$>WM;oJ(9&e%9pv!#%h?APOi(fJp(1=FeIqccOhrZK>Z*J+2~>0_H&DL^ zihcI{1J_H2^H68!8*AUPVDX|;DLrf<tl`SU0 zBX$3BrmWoX`hJc=-1AS9c6mT>JCyZjXlEa<+A~J+m4ZyqSkY;b%58W0Q2EC_bRgsZ z8&vnda_Z1gb^l*b-O11_>CaO^rvDpMhxxyP>aH<)X-hDqKk_|!kpIpVr*wNt3$!4R zEM?L-{4NquCkp>CF!~R$HH(B!h+?X-hkNJVz)4LG(=5A6?Q;ZQ$M;n)eO$Gq*s-Nm$#L`7=E{70O~%pz%ode7s38KaHGlA z0=?ksxp=`UbN=v*lU6l&LzG!H)kO_BExTXz5`E;aaoEm8l|~{I8{I5IIHU~H6jm~b zG^2ws7yn2^fGOuPpy`Te%&KOhzN^+f;j68B=A06=V+u)f6-e67**2%fgn835S#@3|Z>L0|kj|h7Gu!wINKAd2?VK<@_6N z2u_Vyf-UD8`dOi4)fjU1cJ|9#y+d~sO*3UPZWB$_7bkRMb!#ZnZ_z+_VUSr4OO=*L zyXAg5B?d5(E?v`!Oo?X!ZbvEd)jdD5f|VK_afZ~nU)X_03oAg=wySBm9OncfR4O5H zHMsEifqRv&cAQe4cEI-x^oc;=zE-fdk>a76$>9#yd%DM($mM+n^WQTs)}8Db47JZ6 z_b4=fY%DUxgvBz@g?}>SS&7RhrO=PtJ>Cg-Kb%c9Vi_meOp8EAcLld~>BTR25YcY6 zyJB5D&XpwgW;z$gmLvA?**?#CPk|92wv^reWv+mCI|h=&R~J1*)w&|3M87@d*|DSY zW)|L6d^EPU{c_DoA)WJk^1i+6B_^C=X!@vPS$`hq_SjI^^C(QYvleb=tg ztddfJV5*fx#3N49-Qxj1Ak3X~sW<5MTuk+<9aEwIvV?dpWc5bgXvQ}ILd*qU%G<9p zs#~$tr;5}%V&79!z#EtAh1t>uCUYk`s;kH^idQ3DmOPqyCh+KitN3jFP?7#DHJeGZ zy@>ftB%MgFK$m)>l_@Tp95mc25$(NNQQ6zqffJLbm?v95Zbol+*&egwPHt30Z)Fu4z=MH3SVt$&><5QYDAH6Y1ljBWsW2gR$g6@QiRcpFP6zFs#<7~ z-C4KMPUQPF=R5{R>=Hd)ret3;gsozP9!_=D!*@K;s7G51nyCqj>!`uYB^c^sHK^d2 zOAE+cEW@B6hlHi+>qW8Bgq=GiL|(B_tE`lqri+$Ht?Tf5;v^_2D5;0smiE41uq?WNuz=!3f8xLgX!smC57iA0YA~oPWf(N{M>6 z{H9(Z@T66R{P||6^O6WCh2Zk0l9tr_aK2o;Y!cng`C-pH{R3Q6p%*mTY%wz_R0wmm zEy+tU{MVvrOIeARanke1kQum_AV?PcLNO$OKRD^!X>t8=!HG?4Z&XAX%%tU<^>Q9( zwx2F*P9h4Y5w^wmo8_FwKGEl5vy5$6oqm?{CzmVRKyzTm$rsS@2%oNpMsKLB&(xn< zZxK$)YD_jXL7%wPX+zhd+KB6qBD;b>ClVb7KyJ5a>;CafncO3*8WPKPFl(`#LBA|Y zx?-!}q^BW%d(zu1d|hg9=?Rh#DCv5!*aXT?Wte4B+@JI`_(6Jmrxq|XeWCsSMZ^3k zkPnk}v5uH~QXL`vG7o)gmm{OGy}xKEA1=J?d+o?^1|}ta;|urYgzYvGrni$tpDHeS zcWUV?`pLe&&eFN8pbEO~4D?VP-CeBKltB+(P1?d(k!?Z(=klT=d|@WGt(pXXYB`&C zA3euQI?wb!J~mB5qobA|=DR}%9u;TuIJrU$e-RKIDmhizJpTt^NCIlvP32Xt_M@+u zuRP;6sVj0`}VTVg&c)MygfGPFHm}HDQ|zz5asV%4MG;#>Ee8=cX4j zZLzT=mOXRWgBP<%O$EV?KNp@q~a&43)5iUV2WO!3a3HOGRGV3)Ds(cMQbxczo% z9L<5j$%{9!9)W+qVZE*l`6@t^F$++wBYTeo*lG_`@bd@mOO!?a4h~#qr5EMsVRZNm zb~O2mrp$3@rCV+z>!N(H4Usi%!sH6QG#%@mzPUAhm5&H$fQ$j*KL9?P=;bsbr1eyF zLMx8#^5Ro3M13INPQ;d z{{X}y>lIg&g`7HnpX0)nozhk=^ZH$0tAIS>#7vR`e>!1i9gLifzp{!9Fa}Db|z@fhysp~`?cZv2WD&?0UsirR+03UY#LG43~z8A zm6!pq9=V{B-`i#+sf0@#r2bc(j8!r;ck!Wu@5{5#-T_r#tiMCENz>0t{RL35!3;b6 zzB|dr7^vGLIcSA4fG5N*#R>M}%=gGiV_j)e4h){P#$`&c@GtTcj1#|KLT*1lvH;x>TRe|KaPo&m6VN@oD$Y03XdO~i+GniygrW>^6D7 z9=qij+2GMUAX1pe^iJE(C53~(wSM-7OU)5HG$l5XfUote3#VJZDaX<52~=Q0*R;Ui{%Jb3el0Phgn5j`UAB)z4vkalN;sg4&lNd@uaLE zN9?qu9P?##4Ud&hl$BZ!_l9&yU!JD|vCFOP!FE_RnA26S{&q^G&WW@3`q@XjxSuPSLQyM&9 zRdWGiA*$q{*)5v^Cqb~8h1h-eOha=A=H{1pQ%W~MV(V4^gV7hkhdbjYTA<==F>^TQ zy&>`?&?`}EQgnB;z{wdQp$UNa?uVYo`nDo*c!4_#cZ}J5S z%l+_dIB{fJi7}g19G>7+1`Pt%leHv7wGJ0uIs99c<3CciBmPzD&#AdW2 zvhbnJpj&LV_!0XjNxszhu9^EtGO~XsM}zHlIejO=FmK-OzS6*c>$p$I`fsMiQ_8_p zg%-T}a4e8Dbdma#0(0skG2sb?0x#y$y7-?{K9xICFk7BRe+m3;LLpJQWJ__X#WqM8 z8kaH0!=Z8sAJcZ2nY4TIjH?GnLv4?_GU^#u6D$ONolup?Q;IMDbNc@; z+ErEG-ww41Ga|De=(?R#KH3c345wmxxT@7oy{E_2+`4X%PkmXluLpigxG7`sw^O1b zj+qr0w;&^se-KcsA13<7VJGtQO}%OGg1r`_Ytc?)LWnJ$rv@NzdtF%iA)zB>>>k1k z5FV$8*@@M1vFv4m3b*>y>$9ZDUd)R^-w$T4UmlyO?h`zbQU6mE0c6I~_zi-T!K9D$ z;VPjn_gV;g9*NSSsElC8YnVKTl)i&b!t=3;Qo1hu5@SN0mu6|UR$NR5NGYD@UH3D? z$=_mBamlQ*qKw{FkQrARLa$2|aW95wD_P%l%M}d5qXXHDUWPO5!(_6?XxFK~nzv)R z4XgZ4Sw+XKDjB_!%q^0rf%!T#%Rx0^r9Ryb$Y0;Q=Cb2KpQKHe+CR-`W$$pAu8cO} z76vUex5#@p>(3Uh*4LDLg}wc)OAC*je#uV^nr1B>Hu~(c*w2X+Mz(g`YR`K@$T{<@ z=90)Il0SOmZ2z4!I_-Y%@9DZ3Ep?gWYyEzu6eo2il>4hT>t-5@`TAStqU#dgm7}2U zcAEvY6|%Owb|9|g!KgVzEn|#!)k3{lF&w{8t+^RNCZ?CPYRTMpvu}Vil<^?!x*11t zvg@^RSBLv1fb~q}m2we5vT*R7p$n$)p!;ZjGN$KU8B?urGWTb0DUmg@RI5U5mbqoz zOfntXO)YT?g&dpZ#7W3UH72E(8)2q=ugQ%7%YC_-9^7UuU|tvzsb;4eetQj|mn4e9 zpXB#^FDYB31I_?z()tHg3@s4Tyu!Qm3Z{R6U)~cRsW%74Lq7)6y5Wu1#nv><#PK`` zYmqiqiTXL7?=)yXq9aDFb)1+IGEEGbwY{}}Tp5JlF60=)F(jui3@-y_zZ^k|h|#Mv zLk;cL!o@f)eQiw7Dphf8doKKpzd;?qU$^`#nG(7wG{~2gei*QQj&7P$X&VpL`-)i< zZuYrke(sLs_Oi~tjz&=16^ScR`|HAmBvqD&VYzTBzQ|hxyCub!Hh3eZwHOPIHUkpE7cZKy=akhIt2byq<(qK%+QcKYT=hR&vI(DmF5mh~p|!SG>7sFM!J3r)%p> zqyycTIOiGI4`p9fx1T)cQv)2Ti|F78Qj9j|~M;_6en-(Y%zQo;GV z?H17VhYt9VfX813vvahc1OijzKox`R^StZe=v9J1OmlmM^rgE21DuQO>`VD8sN=bOegT)pW3r1L%~k~U zq8XpTUVGV9apFckQ5VxD3!OiAloGO|3YF)u}K1 zBS^yDy@nI;+%t2_pM-1l0q2?-ALT`v2G79YxC?rP2GN_lc2IQ^=(>a*5|Vb~oDKrj zf6^cH)KPdy{r;TyXfr9zMK77&9R!v)sl>H^$g?h4(p91Yzd5Q&7s`IXRg)`BS z^vrEJL;VJKMs=FY1FdUdb#yx8`G`v!Wx38SC3 zkD|m2b$otM$MBwGR4$Y2uH!1v4BWEcx{>zpY6?TYu9?XUNN) zL7-Jm|1u+o=PWGq@bxl+yrWog7wVE%of=LCLw;>iIsMHzAE(HDmWu8}xt;AvN2)S?t#w#h z1TdyrcChnMrQmHJK#-i=P3KX3Gv&$NsFi=sJ3*y7cbQX!Cc*m*yFjuroRmzZ8eSgy zVb|$9g}WGfnC~XH$Ry3^m4VxBuzp5&4X|EkvWP`Luri_1;gWAP;uC~#=XvST~3aWZ@tjJNePd%nAnSZ&^3ur-9)hc)X zvE{JxWB_<-!69DeZlFYlY6WGV=|mfBvq;UbDelIVY$Cc*Fju;#GO9{x)1u{Ibp1Uu z`58ZqsOnvkkKvIp^tNI(bM2^LpTkqz$%rk6O z^X8~&p27<8ZTnhX?UbOt`P9Y*Tab^=@p&>@MVq}RDSeibHBL;=j;;zW%d|g2j=S2( zvLXWc;o^~&b>BB6_w*y2aVpv~16FQ*YSW*=3ncqboWXOJ-`D1ya^BWzip>Y@t^&IS zO=mjjRfkf{nzQaHR8?T649M~hm}KQR85g2phzYVOV+cG9^Dot78@oU?Hme$dfcViY zq@S$KUtEy@6-l-DVYf4?Oqd=&<4*&@X&vmXjBgKBa_nUygxAXkzwWlJAvxZHLSVp9 z6}G?TvE|s%^)A9Dq(w?;)jGH0d^;cSaNxJ4OhbIR&G($o{sDqvxh$;cZb?n^ma0Fd z20VPb;MhhPqrIZCe8Vn^ugFbC?AD++;=($w6%Bqx&xn#dUuW6w9w&Bnkq?y{c$6<2R zN2c`9QNlDoA8?9*T+B&*n|r(8XF8VpxIx)JsYAtgtP3C}TblCAXqgaH3l=~sMA`+} z?aJI_(Rc|It3vAKDCeCe8?$OUwge};cy`!B0(q zO$ZWh0@KTehRIWNldfr=83Vkc|zrsn%& zYp)mfUsdzu^idAZC(iQ~@g6qK61>K{iNg*SS_Aj2`iw3ntQ4!asQ3s9+KXkOvdY<= z_7=Hw?D03CGV7_p87_NA2Dwkf1bu)PTlr?1`177d^mNk*u)d>Ho0M-2;7@AKF0?`n z)29f0=;?yN_er@^-cvuS0+Vn0>{KVVd~;Su!y`1z=qt7FuM(ACiwT6!w%)IE5&DL9 z94gTp3n0~A>6#=6y<$baky&I#7q8yAJf7$V@-EGv|NDcJ_gNFCG2m6R2otBtG1kv~ zLnh(W&+|BlD(vrAmawoDdtc^Fii;tA+$W(IaP|@oyZ8YFC%d8qV)nP1lY+23`8z4Y z*{DYUwxERszQrJC@)-p^z1S0T|B+x4UG%mq*;VCzB;_@!$xeP6P-Z>61eRawe&>ah zh#=Jhoysk+Cl$Tc?)tfto@QP@A!MGJ52GlZ@^tf>&sQ*c5fDYQQ}WS3^*lxL0YU|5 zJa%5);UZ1-o07{4kA@%G`F-C0 z$8?v96I^t12MSY8A0Ef!M^d&nFoXpge)v$lW>liZF#J_b0>uMd(&_kwVCH~HRD|ao zIE!VvsKy1Ij# zewz-Ya8*ifB;T+2a1PLFEM6=h_I=l}L>4)V_Uv%0OU>j?4Al zgZiL;^2eaLGBJ^?L{A|8dyj7p*)hj=_eOEb6|%1*r9(KG_~jm*gRW{Pq#w|xF`y&1 zUrG2EAm{k29UpuegEMiYy7YklsY>bli`xPWtZH=hZD75adKsVDcdegs*kl-$aHxQ3tBo9D9LmS7V-ZXJS?Q)D2x z_~uu7)&Bqy?_Mrm10u9Qb%8~Lne>~{Si_Hp_f^`i75ue9sekgB$a%wjZ0YqRtXx8@ z`>KW5uiCAO10zN=+Szv^SoBftvIpstx1X^mlmtVxgIC%yl*1>gbn_{yQ^#HO(|7 zq^TORhAg(LHX$9JbG!gC;uFO$intXYfrWF_p{yI1Db*fTq7oIUrez(~NQY72N?w9m!` z$_%&>t$JQ#J$0)uJ6`lQMdV2FMVOV9si@j&Y?>g*`^d!Kx*kBG_DTJ4J!71p@R+v!)J-4P zR3jL+_8#$Z1e>5}Y_(4@w~;>I}3tC%hSOxDI2F7eRA?w@g(a?H! z#`CC-fHII4pO4DI+fDc~Kzu2x!enJva$qh8hlu?YwRl-#qq1AiJdx5rVN%9B>(Fby zx(@IC+PyB!k&a*%4IBm1;63ptGEcI~WKk)VMl^3W=QjEOHdg8jC@NpcRfzT+Yp?&X z02?#b+R|EiT!er15MP5d2OOzOlJ{+nCWIpf&jj!8jQOIiZ0OA|D>bHOLmnl@Mjvk{;(4UY~U2xaMQj{oL zq57Z7I7}6f@}K)JMCBZ4bf{iT z))W^N66sE#p+xlY06Qt9vdFE9%HQLIU_QpZxuZNpQoK34*;u5`AB=s_8CXStfKukx#tQ{9ybml`i!qXRKBIvgc(G;3O zZL^@+;Y6$?#o~+%qB&;i!C*c8N@1sQDR<`DKz&2IZv^i{P7NypI^SJIrUCKI7NKHo z;+>QcWPSp{)<%gJ^?2Mrcp1**7S3b!S6D3r4dOB$TDC{>+Pw8@V!ID9Hm51D0TXSUr zKq2n1;oeeoQD(xy=;bFYeyG8#FhLhv_%g9?`HOJ-CN~gM?To>yl;%ZI>Bv<=xNVDM za*BIUC?VVM{=q6gUuR$rGw=0W*i)B;z4=#uH$KTO^NLX47W$(=dsQ)dQ7;s@UJJQ*B4GNV_mj= zN#srqQy#dOcAx((HYKy~V`X%6xJ$@w{`0thNbGWZ#6md>*c6BC0c|vJf%zvXtuBeu zzRVomM)E@jf|IwuIFe84kihqj<=0G{~ww%18f=^uGCielQ%O)Yn@(jifPg?q;lMgvlXIaw43KOLe zc&*hEc;{{KGe>zPO%rQfn6jkuzRo(xS&>9)flF?+%FU6^=p;{JB!0k*XOj!stOIaR z+|Ja5CXx#N`XEvI^NByWvs;fzOZtbt7s8!6n2}*lI~s2*#T6fF#V4Qd-IHm_dZj@# zA2iMm)NzBq{wy-4tb1}>EbuFZy${Us*=pF7lVKvPZg$lY1wx|W3lDm{E7W0d&5B{&<$1jBMk zK0hwkW$g2Hz2t~z@w^Jy1{7jvuu; zNL$I##XHT@yyKB ze;uCPE03wmOe1e+z;!!E`!M|$%XOqMH(f`@fHbsZI6o&lH1xNB z?L4oV&uRq*^(r;OCdX0g7}d(Uo=q@qoQCO0RVHa-c~M-CuQef3jRfN3;fYF_o+X_p z8aL%8?YApUURcSi+R;xUH8juAkO9jN^`>l5`M-AF>;@XCewolCJ#yQJjFSKqw(89^ zHi|#Z+2zI`J*TSTjRA}ytW7t>U9>4^=lA?eN?m0i^z0+gv6b__%r$1NSN;JFG@O!s zD+xDUD`g|uefr(L|30e?1Ul>vbdM1ErJ^~P34PPy48(@MQkngZ5u8Cpxa&(>|pLabt^Yj?{-|ZxK zILN3%$UG|~bUR&!_t8H@WuWU+Tema5BqmPYw|wj$Aj$}3#B*frc5hV5nu{46Sf~Sy zVtPu6j$_r1xvn5Y%K~Hn$pVKr4Fma~gl1aJ+q~)sl`Zq z42P8SD8kcMe{?ld3gcxU-oiAC9&OQIJKU88x%L&jMI#Axepzd1Ak;=UewlrzPVz0A zGv`ThzOj1I;e_EkntLDUikU&Sm#%LN@UF=HYslOH`%g2#MnPHp)ZNc|XK+jErfy~{ z29;JnK)lr3!9*sHyQUefTB?J>dJim8|s6PzvRIfB3`0+-K5>;Nwf@in7iH zY)G9d(v?n7Dy;KZDRS61-SkQmszjsM-f)Fl=)sb@%PK2Sq`mc2iZc+MzjQTbqY~c~ z=&O#v6Vje64-)IVG9C)L%ch)Y9ZB?9fTx*TqNBmR_{sEB1O)QXfM{&ZtJJv4_%8PD z;`oc2613;lM}^XUUb877C0QKXZc*<%r|ewXbyuYPCgiHp@UX1emDd4#mAcRTV9#c1 zmWp6~D%+8qZ7A}88pXoVsZj*|vCEQnzg80nC20N*9%=_zL(=Y%5)=_$uHIlwLk)Jm z$56AV9zz6kapPr1q-koiVI;cJ>+y!fmsWo+#`y>6SD(+fhzXIb71n&yeRvQ@qx~}L z&BR&y}b_!0vV~t4Ot^5f$SYxTTY>fg}@it2=7n5r7 zFB8)FCar&f@O(A<5wv^})nt9`M-XSei)vw^zIsg# z1LkDA51elVeZIZ+Jw}hAa_=4t3=~QCMw1MN3Zk30|L+dmvt7>P;LK^T3!6DxaGqA^}346 zki9ddM)rXoHaqv_7f(C*4hFwv$>O$b+BR2M1`&aIk>%!kAm zZt2vRUid(HKWkO8A-XFgSe#JjwB(l+292J2(xv$C0~OvIy{)BCsYi%E;l773X(^M( zlh1!h=SWAMDsh!HZ2tqy`eQqcsO5~d_Q(1B@z(S5=op6@BbPw92<~`=6ZPt1^i1wO zbm|kEb-lVku2=O$Wm}Ie_3XFjPVFKXwt~o;I}ur77eeaotqaSM9#>%8-Fmb`%IYkG zJY%(l$oYD(mx*=C?5p^V$_qOd`MY3a38)vy`55xwP;MHW(E?5)D<;&#*A!=EJ1lLq z{D`fJ0<~g=nC!1tov?M}L+%%ta9W+79f1)P&kXwuMsHq)y|A7}Fj8|YiVFGXBm$>d z8-d{&c%I@B$sY$1{3=O_i~_>I?m%bu`VXFSskQhEI#HGRoAs^wao^+7PY9nczEz+z z!@g2@*IN5~*B>>Dd?UUEp&SVXmN_~ruH`y;yhCqLjE%k`)z9pwW~TZ;f!1sRV)8=z zf-&rwRLOj~t3Qm`?THF>76&w2qs@8EJQ-_%+VHi+%uZMg3vPxKn$9na^@-k2IE36& z$M^^$?P@6OAQYE`Y)ig@caTCRr46s-wEV4cx~qhPKq#8BELLIS<=u)80tWD>95X15 zzQ)!BWq_R!vmc*SIw-kOdpqZH4Rj+Nmf>-l1D0RZah9t&(HqC<(M801)t5a`SpN%QG%m>;4Q{jj2ofR+DYg&B()vARb;&K~{%o?sB@4u=_S> z(ni2b!hXNx(2BJS%`(AmuBQlvL5g-_R@!I)jBf4+v{6sdnts}HVQzHwtWSz>o-;d( zKn;3`tIbx2?tJC#M1dR&F>Jbw^7<;v4qm-_Ni}op&g4&1Tr>zz5#)f{*T*2ua-Uu= zN-pMsCl?|rooGnG*aWX9HiCf-_>S}bqXEF9bDwF}h}hyFc2ykx#}2}+b=~f}e$X`& zi-w8@8Tr89W8I+hMP@|oZyZLJBsuZ%ldN4YPYr6~KAciCO6x5{_}CYSPeWm8biNfL zUv;#bU6prW@l<0O%YV$*Q>6^u?`}#BvvuB6twhEn^n{x^1+06|S3!0Szqnosbr&T$tlc;XIo_h?pN(-7&mU1XRk zq`u_HP9K-#{qJNhs(2LAXo?58*I1NRxO4lf0U%M7ec5?k?t)u^%;yZY0WGS?J+#e4 z%5m(;?$W6Xb1dY#lDEKEd^=pe*r>Q>ZXqdfB5Z2lC4O^uVc+QB(PfbMjSaIma#hw^ z=xL@XOLlE5A6BiVX#uLYeQIu)4_jeIA}l;EA3we%kA5zi&n&*3FDKI81s9fWTH7i@ zMVEzCQTcY0lWdzlh>B$Wzojt=XJlsi zxeNxmenwr-OO@J13Og^A@RL&H%KFNxHkFpx&~Lvg`t=7d-$y9tWO?4xvfT=k7;|`d zt`^RNIrEAXLcOO9HX~P>7miB!>0e6z^jSsRhH?`!NevCraq=^v^GfKvR6Y~Q;=tKl zKeyp*2q(<(?HgpXsRX4f2x1kn*^MhC6+~Z# zmuHxgacp%ohaFU6?ijfB%N46gQt5m#ScQM8MQgW#nFD zA5`n7S~Vw|<3PdMLm~T-dsx+Ye=2F=LD}p?c`0Y@BC0_GpJ8ieRko}ZrH8C{JcLFZ zA!xJkypy$mheWH@(<8mrue*MhAT_f$ivg(=jNFV(t=^9BwPS3eP*(&qkV4aXT4bG9J|aK_~s1c8$v~u9UL|E%Wt-cH&1DupITBOhAw8J zEWgmCeiwehEXCRZPT9#i{jsSsca{vTXPrt0`z*8~)W0T@(}*E#u`y;?7x86q|8wd$ z5Kz1$<0a!IZjKU}WIW?RE1((>hoatspbe40nUALFJL?rViWWv6)atZ*UnZu{wIms# z^3fXkFYhd|wpg?6QW`okEVK{)wt|Y5HBe4z7-Z_S&DQ;=Oq6CD% z-ESfEN`g?d?%hp!8iYp3O$#f8Dd#@)9x6W5^ zMtwNx*-vMLp4;$scl>H!U#Oz6ZRP>N&w@~T+RokbN4$`Y(&Wb8Nh9`{t(d-}6eoqj zceKHyy?WrXx)s!MQD^1HSCMNZ$8KkkbL^mLk|QuamGLS?-=25<%&M06^iqwGnKoH& z|5<{B3cj3TwK+w|=C4H@9YRDRT|jDg%_gQ2q_JPjnX<%sKm;uai+T9X5qp9&GBF<{ z;`-guS0_+wcK8xqf4T#hRA$an~1sWtH7oQ^=)F-CSXw;6A8_-CS9rZNvjbfUJ? zY6Vb(Tp_vf(NKXOG(oWvSs6{U{%fbO+?_&$vn|&3cg^r&?-7%kS3skc~hVZHh3YP=D31cm5mydYQ@QhPt?uTjpxmax9xAXLC$U(lQgF0 zE*u#xp`bI`P~p@;te2Jo=r8Nt;`PPL&uHf}`BJ$Wcx)4%gaL&*XU|baIPt`BB%U+F zKM$w1P5uz$dG`a(hF5xE0y(FeTpA_1E_I}PWz(c>nUv+b;2axJr#S7<17Frh3MCEGiPrnquSXz@G+&Po{P8D^*q-uX zI63#{o@((B{hi0xpg`hltCB5hIq0bn_B;}@Hk7zlW9zgQ$LoKRYXS(hSHJkLVoSzW zbmxShqikZZyaRk`HMw6RKg?n~(GPz*RG{l`oxb_y!N@|Fx*qY{`35KpSPk8hx&3g(^srXwGPkcM~oEA z(!$;u$%4g8)8=x{2I3EFGFBa=*6&{}m6Mq{X0rr2n>kckf$@WlZp5C|3Lk-Hj+9Pv z_^#kHB|g$fOeMe*8E>%t+pySq!FxKrFUxV1RJ-HN-rTXA9 z;%>p+N^zI_&Ap%Xt}VY||?0UD^raxut3Ld$zcx4FgvaHJBkFKUy)LIjQe&4*oo!pf*OCTaG#E@?1AR zF)eaP;ggo_^GG-?hE&2Z53TszUzh3(&Y~WcV>Ao2-*hGkT2OY(_Md`xs)~$;{sa^9 zLtKQG8-4Ck^iD!ar8FqMeP{IuhLB*)lgR;(*X z9Q7TPl&&#W6~N+QwZsKU=GK6ewO_GhETXAhCjEMq!hHp|i3J%y(R`_*gS!2C|gf2xc|LA|4-$^X_k?!?t=&CG+g>B^q>>8_k#M?V)lXj9f+0ylO#%=3O2 zff_~24?}(SNd(Wb6YCEf_GANrbQYKbNj`gJ8Jaehk3WO%-vD=B3sOYjWEb0jXJqG6RKweq)p z#&r;y=!!4wcIcYeT^`SUg5>6$Wj(5C>Sy< zIT5Q?Oc-e(NMl!I{*D@It7>Q6%wpJ!p;61FJqt#K&`wHkjK-Q$CK{paIv5~tNR~#V z6q$kGcRc6QWjbZrL}3qxXgslaap3Q`AdhivF*dwy1V&tsss>ZRF2%ypgC`Eh5?yE$ z)8_NBI7$BnMalmQMP;N(2=<6#q&PkNnZaod3rGw8@XG2Y<|03Nr3=NPpv}j3WE(xn zV{vY%R|OEw3}9X&Rh3s#$%x*007P?(Cwl(Prba}EjVY_7Q|ed_i%>?B>pR0}co#UO~& z-mP|G36J7yoE8)DVT%prTdy4%r$AQALrFB+{|iw$jLzGjyGe$9n1BqO$383x&1sCE zU{m%kX44|%NKxnR=%@{HHBnmtZkC~8Ikhn@U3!?I*HoXq*Dv#(;r;Urvd2;x2NciTQ<#=gw4E1@d& z-ef_s*T=B1gVpJ;RpHodLqAFkSdRo}XjvJFN{RIH-hU%{@8O_Kcq`9kM%>hYt}*)i^>^x1bv@ zLJripmVN~(@_BM%9zDndx`fZ%hFCg~*R<4PXUl2MOA<@)Qi~KxF`phQf}j*)8S>$y zBc6Rx!xp*R2S^#*3wyVnQq9rb9uF+B$7ag?^O!+KSyfAitcH)LKlC~LLXQv%*_gO1af)p`hQ)aEk4gx2AmTs*CXCGb= z4)uWX<@V-4uW}V?7 zjB^Tk6ditK?1r63=Qa%$+B9SO$cE;sx{yj0z`!`kq&0nmr{+w2&hhD_zWx4(EV422 zI^$*xOw`ic)}4G%5N<%zQ>6u==HRrQ*A3`EFod0ta#9Kg`1pnoh(M6*^1o4&a1gE- zHK1bn8e(lx2y;)uPaJ)kD*qED=<20(wvo z*F#C4J)kyktbyVbvWmmTQl&ZP*R&X{1V{BTU`J`+CE&{%Eu3{kKcTGP0$TvJR3 zoas_O`MmxEAcFHc3~*XX)7Dt+wJ}-G8J7SEo1Is}Gr4&tSrqP2oU`JDDwJ7j-}v2? zF2YaVfDHY}Y|hJQQb^QWF}#QUv|pOzTH>%A{M;*D8-JXM8FcEKPCV=;v0*{;vJ}IJ zY)t8Wj|}qkw=z;PC_ZQy8FxWBpHICuHlHup2#{pi6{yvh`zF!hQQ)x+2}cxB@MDmW zhnX!^4K0Tk@Mz0z^a(`YA)l~vfTrF7r;A}pZoSqVcw}?c)la=XGkRa+Iv|C~-q8FY zjnN+F%Iv>~W%P`hpP$Nr{ZF^QY&m)oFA+m7-slk6K{KqAuwf7778B1C@(Y50S$?K> zGO-0SY`sep+og0e$x(FMG5iCFfm7&Bm;vc9Dnol3tU2$PI(01IOfqsmaQ=mGX5S`r zPWeB81`SCl_O<=d^s*(H4vKwM=;fY$r$pz^F?DOlQ?5knn}3jnaOKmKN43voF|M_m z1?+}mePZG^+v=L#4;-f;*?p{MkKu#!N%|M|O2nVLQiQ@@75{;~Sk?YF z?A0V{S9Mq`^Sb=uu+{Vo-F*(g;LV?yV}rd)8KVc7rUP>ex7t{k(|2ty*2hdEcKYr4 zi85)?ihQ%O&$osVuiE1giPadTdo>6G+pcH$sG1W`Rw^KkMIc!`uKD0l8xu?`62O1I zrYzWfRD9J!I@W$<<>Vc^oP$equcNt5gMwSSe^p&%gY%A&rB8GictLTf!wWIM+py}^ zCjIp2W4AWu6`YwB?UXa{N>wyl;1E?*mx97?PDzs@>=fK{9_v^hSp+6iB@d*Z-Jlt2 zNm&E)9%BWA$C_ZH1NwA*Ale+!m{CNO?ohKvF8k*%%c3o>C}u7)K!(AUBI5pkCEkSp zjhW3R(({oVn);RIRWdYV<9-(t+_WD1#d&o_V`-G&76BzG@1U!PX5E=o%T-wv+;!QVm51}^)TSR=5(TA!)F!{&u+cO z+5JtE@q<TwRZ+)p+3qIt{!^}PtH-OJMM0zX)g`F`#n<$coA9k{Hx&bRh$`e!VJ{o#c{^w8S z)S)=n{9D9Ta0K2Si{vNS(J7xs)Yoi-RvNPNc_AARQ;aJ1pGH8JAteDCE3fM!SSGR- z{TnqYvDOO1RDOtj@!YyGU&2B}oLm#0K3YY+n6`zz{N+^el`<$SI&bezoVdN^{Zu>E z<*(Y`^baX=UFW4I8lA8Fq3Ut6&bit1^PcsoD0{(50*RF>PR%sf%WVdqr; zdA)n1$)9?ag6z=TiMCs6WF0ph8%9kb~V#29C$b z2wk;@LkL|gPG4Al(R$F^tBmL;x+w~N5CDS%jk<%tEpw?^mFDk@>VD{qV%0yL|rb&se4hsPtzpthXx7 zR~j@(fSWs;Hd)E@1-e=++WIwQl?}chhFM-sVh_Bh;o-KEO~+)iLs`hXy4#!ONl>-v z+TN~x{|^F@*`H|GBINfe!LAcnTU!Sp>a5LG!I>9ZNu2Se<;hVG&IIe96Og~WBRx1+ zNkXP+y;sjYB3b%vHFkeL4s)t~M^k;U`Yi2UuHfol!na&Ui^*_mMoRP#z#2#gDV|Yg z)VrZrkR6X#QsBC1OHZIX?@%u1eO(wL(9>`8@j5vSswUoDMmj@Vs!SHWQmzF$NJz>s z_GZl+K9-scLR1sE9t(3eh}m=Z2*f;uSaI(s;WYUta!bipZgkh7uCe&OhaoW|_J`)= zC3!YjdezNUd>xV<7Cgsl|{yW=#o>!EzDAE}qfBSnh6@mkJVgs#vXVTD30}Jar{wJUD`sN4oT|&&)|6xvI$7?VN{EUg_DBP;zefPM zq5Va%Sgc_BsFg!4(YS~eoJ>X{^=s%tL6`r{=LRO{UsYoa4O}4FiyK}t-}KpEYdAR3 z8Ubol52+iaS@1+F(Quwd@<+$)Wm=+6j24+>m}|ASnJ+xpz^Aggh60d?q73|I3ZWGF z2{53Zl8rZtaP&$oG)7*3WNXp@8fFlvZEJP0lx*f*id@iHOn|=YoFJ?*)94wzY!aVi zBBe9?BU8}!XacsMqG?dAz?K6tMV@*iGk81ud%B0UL8J~!Q%h5Up8qLT)2Y#ui3Q&9 zN~-)-tR9Tl&=VJN6-BZjY19v-GF5OpqXw-7@4HhX|2h0;QMq6vc*fez?SESum)T;*MJtarH<&IG2Gy>S<&~-)niJ z3WFOaJ@k^dtmrDmbdFu$L!vJE`EPSoJhye5EeS5^ygTA&Rf9t_VWSA+JjWK+t&Gq{ z>YCD1N#lCc^3M9^+KST{B8FS#bE4kNp85D^P_TS&_W{H~A;f7}SYRZbB~(7rJfnTS zM+(So(UseY48?jdw!aNS=D6(ZjufCB?h{to9vGHGPFMGy zu2Q!$YbCcaUhq|TA;Rn7v-m+@?8zx7f5U0*=!C$kdn=Q~M_K1as~#@#p1W1di1m5c zZnm|xIRC@QL`9<5H!%pyT18Y<|HxcS>L)?#1gk$F8d4~#w3|(Mvg-qqJ&ASGoSTK( zRH|tsPk`uM?z`ALf+UGi9QD z#1=$s%_OTAZ)IJ|@TJ*SB{e_Z26;B8nR^Yx=224pacbZkP;O-|_{A znm|9#HUh=)expwJt$|dc11KxZAK?&~5D<*^wVDz6=KgH?zyarXMpa-TD7YeBgdtdSjmK2*CnPrYIK@_QAt3zO9($a#Fu0;B;Ssdp4}V2UAY4Z>F#) z?BRJV`HK)OlJ8+?w9U~ct6}ErU9jL&)n6&n6mNy>N^w@&gC~EpeJwrY7IpYSxzv4( z!^O~;bRzKQVXu*f|vrqr^_%5yd27ftM5q%@xl6z!6yZC^z zN{RoWaNwlpfCIsOS!x2UGMp@5yOQ?gYIZ!MV{a{(OnW6~y5cg{d19)m@mxGj--@Zp z#3i7;bQT_zm$G!n!;3BjT3AS@SJ2Q(XM9zUo2Lp`2eHAwX#hM5VhBvF;-p%eTdCnJ zDScnGVq~HRZKLxubE5LL7Ax5$lM#-3`iyR)BK;o%Jy7s}{0V5S(g)w4^8oS$A)-SD zndDwqlEVK0UjDmgEZQJ*%ps5N3e;RFfu%2_%Pq8-81$Q=N*0y0#Ed@)v4~6E6J11B zLF%nNBeVA?!$}o7m1(oGs^gGUd9M1eYOxhnxs~lo^!7d||58c3 zdHMGs>4HtMjIY)Uhl8)YTBm$ir~>_fu0TAMtj6XY^MsNACKG7XGhwTXT$!%Olo96& zZWhbFNh}9O5a~Eo9fIH`8T1$1$3W?I4#|nsZ?}&MaW^_VC8~ACW?G^q&f?3|gW6`F3Y5g*E4(^tt!; zdrih9q?bEo)y9mVR9tA*S&ZGdU>8Vc+BNm3{;3hX?E8ljB)&D3^a{Sl&!Y zmd1<)XVy*oYSUt7nXi_ME#3Ub5_}Ywyg=dxJ<)(PN#!QTZE6mQk}UGT;9v81yKi4W zefUrt8~J|LpSXMT*pUV#1LKtJyU`c~B8|M5A5OkgW|t^6eq?jBCE1?~d+iE1iSliQ z1ZoxecHO?s?US$|+iyje!x|R!;m3`<5y)>4D&L;SE8Gf}OC@#Qv3_O{1`P;Wo{0a; z@*>e58a=ozQb)!Wo=uM`qFC43S}5Z_XJU07@~56Fk~;q&T%Zp{SeLkGH$@$m%6@yd z+GbCY0MZ27Y><`C>!^y)Jtr%*5ZT5BO6k?3V~|^ET=8On220{97g6(c+tT1Xa=XiF+9$t;S$`T#lk6p_tk^+(C*MY zQqo}ZekTNtp+R$~CExTe?|g|AgRu(NRJliX_q_}qk0U;PsoyM*tOkcM>O&7h zXHdUI>_bEpIhh?Y{X@5ezxBcAsm!ys=b5_VPa{|A(QsH7*fmj}lQBPH?R@k2$z~`9 zq8*~Zf88>o2{Dq4MTOGRsmNRidLH_9`6BH%tpww#&*XdfjL`Xe6k(Y^kVxn823S8! z%MFU&F&#J0CPr0w2R6OxltyRJcsA{NETsjtee#@vb~(GkQmb~MyrwDw$IUiyMysJ| zRy=>EB8RN7<`MEM)FY}UCdhngS={b8=b0g{k@7y62Mzou$jcyZ0HZQ`q;?CE7Azkc z_4aI8s7vzt2FY5GC3*$nl=uGjYx$j(wX{*W&0oP3Fap(od0xrN^D@cCw`G-6)@q{s za=K3{gcLz#;fFyOZt+L9@>$>a1lN4;dXzxveVpxT%Be(rm6HhW5T*_uzFBB!?j^57 zt=bT^2(F5?89|vm)KbRJ(qkzFuFt?=GVeG7?*YO@6xRObuy!E-joH$}qsl$-Qhxbq z`c;F8aen^)(1{~^|F=#Y^?&Qcuddq%M&XE#5BW-?^xcH)QoLf%^=G5e`EW5RD41y7 zNjEofizS@c+@?vtSlKhqeRB<CiKM%fe4Q1ga@O6 z-JRmi@hQY%9lV>bG)>qPqtn618H5F-mdkr=&s__c9l==U1m5z!oFH8}_S#N1NML;#yTqJ9D9vw|wMxQBix9 zH0KRp;hq!2jh->LbtPyzrKGOpA3*#0C}U8RziiP6$DBrhG(e%7CscF$Z|(0 z><<k!bNNU6}fE*W~WRpLjDjAxwflm9%0B!Qbg;taL-|5r~He+gj=(_}KmJXTqZM z*}Zyc6K;2}uiWIHE+Dzo>%>qC5nrhpWL&(p(0W8Ruc+p-Q@6s;8PPV}0S@BYa5M*5 z49*u*?Io22;Qh&6p9_dhf^Am@Tgy$IXvi+>NAlYtQl@Zr;>e-hiyS{j?J4lQ=oT-2 zbp8*)xGNQLE0_EurK7|AQjgB22Sr$!btSLP%|-Osu3QR_Hk;~?s3k6~x0;F}zwuI( zQ@(9Imy?+5A3t`_lNx?q-eeM|B5y_`a;PsomziLIM8r*Hm@yiHOl5I!xYweG>ZCa2 zYJgbKw9r}Yj6};E)?8(|!wRD43;93K*8*DDoW&ErTKOD;GqyC(75|LpK7^)qZL>=! z(&#EvwYcULO>(i)Otm9SR`hUjx>^VASv()Z7@`est4to-JMa9Ld0>bV9KkLPzrk{` zzNJUk7n%C)t1_-uq7jRG_D?Lv&hEk>4 zNYz&A`u{_6YBL0toT`y6m<&~`I|dfSxbspH#JK8WPM>B={_SodO8MKZ1v2_;{I#@d z@p-L&0oQhD@|2~^XHc8ot$SH`(ye=)lL> z!TM*{6iTu6p=gHpTU*c@jbS~o+fA_Izxh>fT2?hO3AkMIX?jdTPhec|m=wq@nheW3G@Y)>K z?~$||?3NDUh@1LFclZdQ;RU8oc!$U@n^~tykovL;hpQKEJVTwrGh}f8*Ex@(qFb?Q zHa+j23a6}^IO(2tlw zHD8T?FO|R;DO!oEC%VP&GQ**oHxnm#6(uRFIyo*(#7}W5(!2DN1b&|3(#lkt>JwhT z1z9;VPSzOvI=)*?dQ_5dn61BG;8ha!4ZY^u5T+=v6>N~k`~%3S{Q1o+O?}F{?h?x# z5)!=Rcl0`h=do;WuEJMw(8G!lBCG=g274H2$u!TOK!R~PS3TThJ^X zN_T!J3Mu$OZ&>k9m{u8sVP^-@*-MiDwN3ooD1vSi^dh+OeLgtF3r*;GXI$A|JkAw? z#to;L%~n1%iR0FVW(Qpt+&U%KC%VhJ2H8-<;mK`O{l^lRr^yS9wnFhZN}n@GCk^dy zQOheuwA4>^6z}T`7SV!RIjI2WIVHIFt&XaLGoo8v+0`jDXS2}EXl1A7;Xe1G1m-J6 zbpMxGV5M3gr))56#fv=M^l4mZ*!$RbLwpxy$~s$Y)4QrSf^yV;Xl?6!xQIw{|gmq=dP2@1T3{X;l(!Yhn!@2Gvy^*Lw_NmB|2rNDq(0g^ix4jChT3M zrRrN9C6By5rFS{#U&0-}{K;R{_eHwjFFmk{y$qaUIcTtS7a?h#^ZwR5@z3W=NjmK1 z*+nyK%eI&uECd7DG=lugJ@C(;PAB{y-{xwA-@u6k8P5xqn5#!IT7b4RYkZIUDn-WU zoOZ;`I}U|zrv{%MbFp=&3pI7zha3d)c((@wq5kz8f)?Xn$My z^VXn)y7Rd(JQcB)Ez-FtsvBWLr7HRVrPz=YhYi4(h&COuM259>?Jov5GA+1!tfMt2~gt5 zX%R);sX0gTX0o8Oa^iJX)t-0uLK&YO9CL}Z+=DaPL~=s8hzEFxF^L+H{cgxN3)$F> z=fE4viE9&{1EbwqFG&q7G>TGeu2dQFZ}re6@k6XN#IJa;s2?6`=;KC9AYlU-sS-46 zWN*uxB~*id4$CWzBcfgA<!lxb>EV(i z8COaq#x)I$0Q;333ZxOYUuRQeU(~6&gwnd6P~goS%fmn+JEP*s*X%m;`?hjV%5T^y zAt`^$!_;vIA>NxI)R~OyTG;#Pq!hb_rXH<4b1Cg;Y25)bY=}nD(;{=A)v7Xs@E+Ab z_h=Fq19!6{1CU=r8rT?)1w`pxgg1EV&4SbJ!NhCL&+?OEHy2zqS|)=Iy*wZ@yUVid zT)gxwZ*xH_`Xq3XmiER64Xrm&3&?o5IjdphCwyBZuAFxmit1D*Thh11%Yd-eMG>Lu zW;3Fwr!V-d!X}juZ4Qn#W%o}$LkiItH&HCdtT0cLcG5l0?`ng#^PlDpko3;DLAYZV?0!O7}dO+%}1{{VEWuwPc*>~2)` z)>OXhBon-8;_$fmZl-cRttCzpNUDj2luNjgospX z<}sevSXNc!EGb@KiuEm*9i}X!&Bf5Z`7T^{oCR)}vc*sLE&6fR9yaULv)>H$riZsz zJ=|!Fw=NG+p?1Cf17HE{ZgqVemOd(LXg!f6yNR*1J$v}Gpk&$^kamUI_aLp&AaeI! z<^1kPnO7t7R2ole=V!bb?!DE6Rkv5LY`g3-a`#ke%$V3&Y43a2-rj0O>EM6N!S5k( z^yf;_<0_zU$(9h-m{;hGLC{_)NI;GO*tAku2MqKrsZ#nkm0+N|R zYFr=|6I7mm8})={K$&li6?xP!!dIak&3j`&>QJ8v{Q=aJhQg*5i7Z^kA9$P}Ksw9` z;k~bO8e_*GWKo(scU85ys*Y2bUN>r)Go2Siz(g#Du~4 zu8FyqM@U7N4}3g2uQo%z(A>`4+QOp??F|TM4aO{Js}PAhYehqx6o`$dXyG+&7czX1 zH2et8%AgbrNGFtvKfzhJQLr|zqX`prUE7V55i<_Nn;>rMHVC0Ie5tMc_;B%9l;j0% z+!Dhc#fzp}h8}T0l{E7A-AS0my~(EW7mxT%pf?n>mwuoB^4Wi`IB3F&ua&NLD`(pC zbxAMpSRnjH5$rc(O*rY=Ye&B3rUdqz`%`l?w_Vu1n?@o6q6}5CT2sWndOt>DJ$ak= zcw8KP1QFds^=SIjt%^~eIrlE{ELhO72UwK1*s4f*^!)vF!q1vHuH*g0#=jN%?gW4B za4&PVe+!z!ZaVFr%5>A)5_6iP+F|eabn5##4PVbP)Q?-xy-5t3O~8f)0|S5s0AXN( zh|m|%!T+C4faMaLTtvm;+|+-0H7jni14{Y_0zmrr0x_(A0IzT9^_3r*KK#qIhfq|*}@9itQmaj45SW)zJftLM212MFN1AuFDsfsPB zt2k%H)f~0xC>YHn_-oqB{3bZv%jA-)(WokoV-ogh;mVzD-E{Fb5D_>z@J-EX`m&x7 zP~DBDhapYF82RY2>u~BDp@sSBt!gb=MZ$nECotn!e>6*|4*?#ay&Z^yHIuHuBzhmv zH>jsmDRSHM{P-NxVZ>gewk-`$boCJW84IQ3Bym z{y=lqvFZu7_ITb$OK_eJD)z4)t`bA3@rzK*pKd0I7AT^;9xAXb%RZe@AWYnp09f$! ze%mM*-Vf_ky@2}KXW7XxYJTC<-d7_YBqRpsx5#x2;1Lv%dBjWBXxDel<-fjyQyH$A zf0G`9Alj7bC>FQiIm$U0wl8R*{$3PVF{jk?a+G`QJoZ{!o9oW zE=m+9sePm46Jz_daph=#gc;$t?v8$8v)RMw0f#}M#mJlb7EL)v_8f?&-bZb;)=NNX zy72zRH-nn_pw@eg*7b5}@n~!xtjL`KnqQV^i6R?INaw54ez2m>dsz5Axz-=O49C4- zkq@HEo|?%bl9@C*dLd+ms=;(x_}ICJ8|KA%5Oqw(H?%hQIgxW3BP1zkBz}dYZ27Yyf})$V9=J(-iFY1Edxe{|W(s7#|0=rPw~%AM|mn@Z}PA8zc&=MaHe|F-Np z3X`KKwF1}2pt3yps~UE+Tl|FvDT3)@nl_JJP5|B6W(%?l!pKr;E?qVZ8~I=caVlxY>PWB!9LaBm z!biaoVauq|h*2tHa(Lh4?Pn&b`c+fL`HNH7DtrP3jGP2Nrg)&}5MYHK3=OeJPpa!1AeaE0wP`l)JE0Dkzji@XD)gC z<66v+2udB999BOoGGx*yWlqcjGaDE|zL>ayEnz%8X7s$x;rrAA!)VC2lt_UJ$8-jw?5`#brV7O+x3@aGbT?H(CmVWgRC++)=4* z{2>m7&uPU>tR#UhJUOV09SzpimP)d4^_O7)&AF;npqmQAz}ZFoSz0bzjyOg?aY9wN zhfclA@eN_v?=e%Dwu+{rOEdmZQ~st$=NO!M7?c*2Vd^Io~I^#={X~03x4t ztGsArLq-?D;(MGaJW8r=Hjly#+EUi(s*Ml7gis9JT4^Nxz$}BjyK&5 zfZCsHgL9~LLgtzta+c$(dE&o|UiNIdgsG&HKiwoa9#>((d2%cKBDx8qx6<15eqX^8 zN9U|i{$R=H9+EhE49HiP)uPke+IKdE7R#YM_eVHH>gPIUg-A6z6&7P(i zzjUGCqoJpP)>kIXP&@%~u;xCl{jV74Y)aZ#+x+z6YH{ZaCr{vF$y#>X#^0hsw%V%Y#=xTef-=>jjw96*+ z%xV;z2rXI$4tCmg{Zv??=}xmUN_?030e|1U!%B5X&@7p&R)kMMgjlxDHFdFJJ2SJ1yuS6u7f&*7RSh@434x#a za>=>>>-QAG>+)eOxx12nbquCR-mhBr@O3_0f-mN2Q7~!7M$`NNVeNz<6;{hkgdZ{- zH%PzaN|0`)TOJ9$R~AHPzDY}ClPv-B;&rR5t7|ewfAt3)P5ex6xoAnx^-HG{JACphZGyEv^Ywlg0Us)oV3qm1g|@`c=Lu!n)$>NRbBxK+J-~_ z;aZgQnpTNqXWGyvY=n$0zh4AV_+sL?m%R`%1TVrF%V7wt0l@fZgj6IYsKmh|`S9DO zLo5KQKdXOKnxN;yCWL=_Fmf2Um2XsTH-iIG1@lBjuz~`fP=pTId$_eGxk_eUoJzc_1?71??sYRfa#lRT1$YKo%OEe2R|WgTJ6r ze=L^=`ezLNFiluV7(zpdjE{#BSxYt*njZ}ISObEPfOM6o@Q-{GSOZgObf{rJ#7DzI z;wwV1S$Gb=2-p6FL27a9us!fZ!fr5?m|Ne~NSndkU*Yt_(A>o@u2Mud!T>O6bETlr zZm*-M)yn|A4S@A;<}RZ>$6AT}zbu?nzL#~HN2NV+>3%B4KYiqUh{+oa`L)`NgbMH? z9G8~&K*8W?)JOoGGJU~Ebry7G6@f3GeJ1k#ijvuib;DKksi+usA7cZrXQ1?wfn9ov z7tzQiB0tI&MkCrjVY;YSRtAd}{Y&j(V;jG6S*WuB-U}xVt%zk1Yno~46wa72kI2uC zYi^lY>l+becmOM}F$;hK=O*udaqlDN_os!$WIuPbG&Yl&0=JwH{X<vX z#A;Ai3#XTSnoO$?Phg9fEV`*+xc(C>?{G3enTidM9=;bv!yp1s4iC^3$JZ6NxCz5= zjw{X;WcWt>{rrziFkw*JXOn>iMW&s#ejDaQ!Of@QOj%~HaJ|ODUzh0=oOijTTg)&g z68Y@6_WvHstb4;ZtoyezFVZ>4kP#4m6Iu|MoWuY{=&*2jQFEF~Ec?G}#r!zaTkn)| z7aG%*wd*L2YE&-N`OdtD7>d_rRpWGQf~|u*S@uvR*OfJ-iG!p8_mvP%NGfM$IO0|b zZ%NAU`)( zVC9$oUR_tGJ@V3aS@G2EZWoU=EP1(db@zcAgs=~EaDqmD9|W@&Z-hW!Wp2`o+hTt3 zf8`g|vlB)saZABtbS^{$s@G-82XNF!&f1q3p!PPxOoz;@?jXFKp`;8j#V`b~B=_V0 zA(&+;p~>Zh_a3uW#w$wILzK1uT3R-TN6H^VE{#lGAV3m=fo@l#!waAmM`sjF%-3ox zxC-l1C~C#&)j}Gei|}5Mk8$}x1FT6MVp6 z9)LX9;Y#Yt^@lo#bdmWsH94JE8 zFiu=8pCF!1O{MN%2euEYvm-&@p9W?mKNJm2`Zt5Ex&h~Y^pw4XUz^TZKMZ=7^B7~y zr>N)iAQ`h5Q&q*T_tHHLMvk{q!BoomcUXKLI8z0GFISO7DM^*6+g2d9S>y=_ znh_5^V{#p);Zc+KvPs7~FW!-5awfw#RMxQRkQNVv&H2^+zBgv)t*g0bdBx0QrrEsX z*MVjRgQY}XK|Q-iRtrV)YLK;QuGecXnYM$9w|OW(Z7492%A-23c};|kmR^yQx&8W{ z6)#z&XN-<%q7*Hc%m`vC92TC8@|Tq0^J`mGcKunNv>0?4Ue8K%YKJ69s9CFj?FNQ( zmksGqPC)WN5kMV5r*)#EK1Q;0zv0C}tClwtnB(7=Y&IKoCW4Dxtvk@Iz!#8`F_1vy zujC^Mb4Zf6MrZ@?jlpr@+h3n#%gZ&A@Wm^Bt(YKIF!8|oSgOG|g=QM3B-6)ZM^W=z z->g5FmuI)rqE!VxiKID>`5lJ4WSh#ruf*IH+Kx=^si?$zEP4&R!6+9uNWwF}mcz!# zX0okW41CvR9Jul?Z0Hnw{5W1sJ=L8m+u3luz23KcDh2(haTWUbYmNjdBNHo6Pl;=qPCamTWD-v`!2&J^e~uu(MuOCiN(RCsY3qjJRIGvW6jCy64Wyt{DbjIn>k<#|Bd7>XF)bTcZ)k&SKyo_cO>WYIiU^a z&&3xrOGk{&Fk*3|j(G{tH8Y!%q*I4ZPRSSiOWd0eo;GjYd=_bPC%u zRKFz8>L)2QGshbP*LohT!Kls2R0b+VZ9j~SeB9?Ce)ek{3fCSRaRMO2$R3H$?<4~_ zKNHbM@UMI4s2}i~dsmScrdT+^9rJs+lYFd?LFD~5=iIxlrDm;B^DK@X0<^gbKW%6j zM$m}}LlGnkb=BImxfGeOqhw}_?_AQcJ-(V1^QtEJ)67u(7P0s~O@v{J62bsHk@)h{ z74Rj$&DL#tZaJbOjK|Ei+e8!8+hz)nt$>^wDcMd9;Q6YO-zJ5$5B$>Tjpz{(;@@BO z&1SD1_KP*r3QroI#_53$mKz!F@Y2(;z2TLPLNG4)?eLn~aAJHGF2Io#9-&Phr5+A2 ziR=N_>TU`VPNStJ&@dX6pP5*nF#97Zb^2-ZsuLrLX*jYlI!!TYE*1d}C%RT`qP7sb z11O@#U>oAY&uSZ35;53!aSVe2n0=TI@263JQ|3XImi6`$$zmPLWh`C+*L@f54Z3*z z4uS(o-=3QObd&9mud6BrlUXVXoCkgAQ5vwL?MAq6$Ja~W0%Z{9HzKycLV-(otai&0 zebIrzsn(nE;Dd9F7Rk^#fu8|+X8`yY1PwwY5h{s_0Vi^4SQ>l)6(ah@S6I12`QeNK zZ#`Gd<0?`u)Q|@RY}{(`LP)|lI3eWfV!ARMdf%9FpXTL~W|e1Xut5FJcIyuR^eN!~ zp7K(`wNsHx06c)qr+)y*3R!d=H#%=HX4^#`e%s;Llzp={Skk!^wp%;ka~SQxq$E+? zavEYdq?04D+JBcEhD`d)@)r8Xo5#WRe53}vOAPS2&3zC3Ap**Q1~p|Q{@jAL2B}uRBu6%Z})chvN zP`a1?rV|0n&!Cw?{|TZD>*4x0!6PW1E^5+kok zutfVkm*R;}6>l(0#8d|+g-b;^z_Gw@01gXJOn?*)59AwhiR}JmknPlAIo^c4d^3nN zh;TT`xG;uU6adZTPSzsFtd#(&N;AG6#LU+T&T^(Fh1dNtd@;3=S~L`seNS3}tgHjm zm;ah*6%O8Ah4()vZ}*~QMDa@~5iVwd-}s}F&-eo}zsjXmiQk$P-WOH2If3%|lQk`u zY~kPtod6vDE%XJ17tbd23<&Nb?|o}Ppj}GY&AjS+C{R+wz5S{i;46b)!Y|;rFI}g- zzaTn=L$!?+_*q`Uwi}@B9Mb?p%1-u$GL8R+aS9_HSCt-hoP%a5+s347JaH2*rdOPz zF)6gj{CUUZCFCD~y}@q>NfG9aJvuoV&+6XS{)}Y!qoaJcRciEEr}KoYoeOxa_0W=Z z&T$FJLSU+qqm=XSCLOP|xZk3wGhYsPEvl6M4reP8l7g=T!iQ{7`1pi4mUN_E01pJD z41_gb_aA4f!z1dpYQYY%Uee~@F9a2Lbpv!@vu%$V1NW$cgdA5XYXcJWKbVFN zbS;Zh&L!?l^2!_N`mU23E6nxOZElNyoXDIyPtiP%>^${npr4C})!Atq>Cw`oRRj z3}HY4I8lF$Hv_{?G?7i5v+|wyuVhB!?9C_h72-C4W38AnYPtXXW@-e-hv97zT{hsP zQ$<5xH@ziL)AYhw2TccOjqn%$&27eWQH!1&Xvq4lU40psP=oDSyt$7^nnOYTO&1|q zBucDY)Y@QDL@bq$9j3MG!}K?YTxz+Xny%e*=I@3-D-tiFV(8R}ozc`d5Bak$tATa2gGrerfQ z2fli#lIQQz-Cpn@70}o%w{)rj5sn%9KC2i6*CiLWSzfs1y$97|CI_fYvQHYDJF*U=`wmbOQ5_fCY%wY7n-42#% zf2lb_{La=gsZqWrx=JcvI`3G-{xrN8YZIs|LLEr=ILV3q6T8Q&mi!?wcj6&Ii)n>T z?C98++h3sl>xZOrNGjixMNF&J&e0aB+bpb8*W>}5nf~}cfH+S6DJ-%#*C>l&b>y`C z^N7d2D#XS^lq9~X*>~4tBE_U2{H5zGi4sGFnCjtNIOB`w9T~VPHs06?0mV0a-f%%A z<0LO*KS2a^deB;EW!^F3>BaH$rrs^$i>2)=AH>2!1Z6qPSl0rzo^e_-w;=%RkEjf563cB}^ygzEpHxa^3FI&P6S0%KV1c}2M z-f+6?`zOWshJqvEj%81>gt|8v`rMWXGO=fE(TxjAbq!6lABS5x4h2X((lKTjo!kFE z0O3F$ziq-S++6y<=*i)Mx)G#qy=AnEN2=l^C_ywnSKHP~@Cj7vdq4Lhx6A_sVic>w z3l8nxAOH%p7JmSth&Jf=jy|@87PC5VSRwxa--hM>O)WIQ(!`594D_P}r?cZBQJ$n= z*OZLV$8ka7@H!W(IJx`jhR7rM$iZ|YeUS8b%{axtW&)!@$|d-6STI0)KyC+`y_eFS}oG=1@HX+kG-E-S#O zN2GQ+(GHK1pxc7@>gXuappoa+e)>bQ2>vi)KG;-fJ0|a~;vhDJ!x|0t!OB3Dt10aex0;_;cH-R8;_s@XTE1x-L zo4;&Er|wtu#A?*gV@rq;AAGBz{r><=_w&J%LkZt2kUABfjDNK^vF(G>NcR+IqVb9-8sFY)odo-3}iC%mSsQL~8hXhg^NA z1Hc+i0X*O%DKBY65IqA9*Ignuh0q)3{kZa?r9(l)qU$*i2K2*4<8IqNvGMA*YKb;JrxcY8~0K$K(dQ&lZD4c372gz z2^}fSFFUZixAqJdvbl_f1fWfE+ylrY%1~{c+G)Yj*>b|JB!D!!-6%Ll!sY-`@q0r_brZi z_nI$HwBEEs*zHlYw=mYqyAR;8NWYgjI@q<+WAOkiZn~N+d(bsU!K>0{?KYd|90!Sv^ zd7knkogFtjk*?rQip&pLPR8*2H*uf>iL1YV)DgLVmr5QHVOCA^9N7v67neG~B_r%& ztg6i!!*5OVK2QoD)WDN1k6u`2Z%AuvK0b&@CZW@xuP=SzKmdiI_dVoqT-;%|iCHgq zk0W^GP#u$c@EEnJs#W?WRafT*OA0PjCXuxLbIn0$g87-lZF79YQl%0Ud^oDrSLX&J zvo?~RN+mpwJ}jvfedqW3)<#&z&Tm8?0C>&O^HoXaWN4KH zcu3qeV}&#jboe?ao2EruX4p>y7Jga;GBV2QD1aQ=-C%h@R2p`TQfZezdH(nsX@bZL zJi~dl0QL$og6Y_t-YdhY@o6kD(iYsSUN97UO~vOhg$t69y`@E=JmT^`5*?DX)5~0! zD^ObbgjJjzuPs3c5)|3q_dHx;KoiirFOR+?G8%`O39YlItg8j*jonVdZR>HWeUC`| zKg$-i5YGJE_dx zHGjC9ehq$cM|uK4&(`C+oD9`fpKL|KrjFV#=3_PyE>TX;j5`atY)Rnpg`KGILLVB) z*ibnxNzeTHF5Qbr1%CU$;iwJV8tVct09!@!pC8n5xqp{ScOcBDbo3Hs8`GX~SCCPq z2e`mDk0zyZ_er(}IcPhjeR;2*u&&O=`TV}wsjRRFi0KT1K^igVd1`SLk{gwkuIrcI zZA?|z9gt?RhyWc>kLqP0#;aAjE4CkLmfB9B0~|;IZ+y7SNZkQDTfZkTb#Eq@lL4KHhkk} zQ-XsK3{o_?YbvEc8}@wQCWI?_5X(o)sNkuXNCH|_=H1Hg9TT?XmM4=axl_Y1s1Xh} z?x3R)PnsYd5cT>XFt2%>e|%fE$doOU@tP4u*#!RpIIDxw^EUX*)l;4DddR@~R=+aK zjF@nGyIMbBFs16lK-$e5M;I#Bz+C@w$9D+PtK% z+$5gk-VElAQGy^S6j`j>MfYISP)noK!3%xa5J6NZ0>N?mTM!T!(1$JQrw;lO>zX=* z)$Vxr`9>A+S2*_xwglRZ`1H6rZ30E(GzD}ctS_)KQDr+$u-U!g;SnOpkI0!*y!Lj` z*#7t}nkrGP*cIUeTg~!BN`lBJrp`3DG~V~cpO(iH&E`TzBY+uf+?Zrc@2C^x8x#~A zB2ZBMa@12oCcp#3!LK-S?1nrbARSYt@D=l302-110LSQh^#gm-{txe)54DtC8LKt9 zfrI{Yuu$1Pht3v2G-&p|vOzjgp^1%1SB-)B+xlTRT5jRt?qRt|)E;w5rmI7>-0_N) zV65L8xAqi1YwJ->Gv1$S%t98=mwdI6evArcJyhMmT z1Mxhg*XxH5fOz3pcjBFEFYEO48h~ige(ZW8NIG2zB08q~fLQdX{zE=DgT?|f&8obI zcYvfGl-PRp`@fu3zlcITz&Ay8f@5eEq6G(F=AAS8M68Li=*x_gF~$jL3aGXh4Eg^6 zNqfVn>%SReS6GA6bad_kql7ekJ&o}5GI>m;xb{-ev!Fc^-74nJ_0~w~y*Q0qKBj~7 z9NJBt8@2+!g9;w@SbUsd})h7cDLl3cZ_`&7;{XN=aKsV z0Am3GV=XwElM&{J9w50eEEW9APu{pBg@rYBq4$L-qEs3q?rRX|NnBrP{mdw03ks44!-e5K`%3=o!o467 z;35Fw`N}4`P*n3f ztg#zNe(8~7)RM0~clF8dpR~{0oHDUB?I&=?2?hBR=LnICwm6PM3yR490E~h&i^gWz zCbl0i`NDaVo=Gkc$F|CHo*%XbSmc@MUgHe{trVX*Va83P=AVD-DBQovr9hbBGzjI8 zxu#vdW5pexoN|dCOt0V<@s}64)h?nl;CrcsHpeLOIYt7GH|RMVbC!2sMAl?5E(J=a zgz(mTF*7E46xRhnm z0tIJG2Nl(X&dAYP94yhgs0~1aV4L-o#jtZ0Zv!}`Nr~LoSS6x#N@>mEAFAYBfg_^b zZ6vII1E<0nkg$ef~{bn1N`IL@206{=U?1-NZAO%(ieyP{{<-|aU#QK>-qKyy} zYvq}eHn29y9>M^nynx-&@J01T@OQS|BL z{{XS`axbY2JpyS@X0D7K?KvWgQt2-%R!5)@DG(6=MSPavMkpFVcdE-`TnhcDGpNx@ zJJv6DUdXXe2;m-gj!YL>h!G7Of4|W_jw+CvMMzwiryXgso*-Y-09uJFoI+mrPmF>T zjyHaX+F<^J`}RsJ+T+Vr8W4R*9*mf=3aYLjK?@tT;5+i^YT-2|r0d)&aiOGxLWge* zWWrPiR4o=#vnwF$Q#6VJ>^SRgZoQ7<91CJwm&tY^pT9sFWpvC63p123_ihaKiG>KWI;mIV4a*?7NJ$^5_k>&RVmJd|Y$H<7 z(Fg^%Y3BxmFaQ`jAhJm~1KPVPY(?_q96r1h3B|d8I9Li^=BX5-u{XCZIiV0GB_T~D zW>dii5VFw0b=~(J{AfmC4ymTKFE_gqiHweE7@^`+0S46a5@7&QB7Sq?ul++WKb|`nTO4QrP=EoPB{!V!H2ezdQ2bH()IL z=Eq;lt$Zh4{Nc42HRWciOw(oof%Kh$LX_CsOa;3RmlOeMKsy(LRG5l9j}06>)HQJ)IvwY_X-)n*v1S0+;s%`SAA<8pl$H>J*eiH!*N2&{wlY zZ>rt5 z0f%#l>Y|{Iz@s;T9d|UjwDf*Cngn-UItd_dopp*5=dvQCk}0wGsksa!Y9^I#-9l7P z&zlBK(H}17(nQq_izxXwLlJ032=6Yn$T;4P2qLm<5h%wG)FfGeq?(oX?jn!l3?+`P zE`#R~%o;}(ry*q74q|Q9r{@jLq3sNgO%jS$6)!VL zAStbfX8!udt#^jbn@ky5R6%8ZVj&YD8dIhGpG$DWKtsxm7ol@jojQX{&lL7#D4Xem zsL(-PAmphKAPOp2rPqv9&2(r0FceKO=hRlZ2%$OD*e-|GFx3)SG$otzVU?8zs&_{5 zY_x2WpSIVI%xdF-d$8xWsd1O1H{Ax9>)s+2su86;U!kvgXkft6QRt>Qawt%5o^Dgw ziVR4AYC%)M2B>6M!IsP*6cTt&;NRjUwzr5;l==GFJkoTLbrQQ{tOuPH4#sS>gFAx_ z@&zq?d0~r{P?1`6*6`5SiZ2jN+)jds!`P&7m$fqp2!$jzPm?O}XB$dGMxFd&sO{DA znZxH3EE)x=d8~BD51W9(lW&9Djs(_X3L$Ux766BB{gzG->B5 zm(|%@4=5+E7`wJAP7RF^TiLwQXFX-m)8y7R*eoCyh(xo)i!yA55k9L4h45>%?gLG- zzJ5=p>=;MoP9B?Khs%=h1e8h+^EX;h(gjn1g=Vtjf=zp`fMwoe1YU=bD`f#r zGsXznvGscY0E=6RnlHOP+MnmLLn^FxO}u{^a_5}E7AAwFZ(n%eEPxbOXq!4WJHQ1E zm1vS*9(9Q#`%$GrX%_QX=3-VWrSJ&eR%kK%H((LkU|9T<#|n$$8wt2>&@Azdi-(ut zV35`S00I)uI_nx~9G%fyAL#8oS&=!t%2h? zZS0uzT+~LbfY?tjW-G_BO@OMqRbHz7AMnNz=nmwDlolSD(?3&#SKRl8s%kMFk652J zv{mf&hsT6ej~jPBf*_-;(SzWqK#vyu8MJ8FCz_j?NuPBu;%^^H$r}y6epd&Ez=VHc zk?FJ;Uw)j3k7ZAy54$WqGp2mJ>8tL0z<>{7dEI*6FJ(nrM;h-ujQW%J`t&%L_WKr5dpE zS|^`BIW@}?cmVJK2f_6w+6f|XFEAkO1zXzU1sGkv)0ZE+H5gyUEo)UO{{T=%<^EkG zOhKju0o3XGcP7{riN{OmL?|}r`)_&VC2l;wWv%sJG?@1kVw)-og{V5_aU$rsobpsr$x63 z^JO0owF3sXgvOcHCLJjMdHvt@zQbkWapVYhE>&|Kjag8Ie743#qa|` zSJm->?l+S}h-h9`G*UE!0?R!lY{NNWI!X|wNMGvE+`r4DDAT#(W0F-4Zg1Y_OSfhu zT1@b;iUIrN)=fzelX?}j4>$%bf-s_$dfU~>?FY3Hk=XQfgMnz2Xnm9b90NL4qvFto zcjkDQ#}fF65;4e+YzvH5a?}tDK_k*?gNj-K22x$L7@gu=NC*t-(3JC zSIZCT=-j`{r9k5a4TH(?h&*mqP|r~EAf1`5hY7fZN?SXu4StJ4C*-;fcLb}7;ZvfIihox| z<^D}18B|iRSHA=FMuou^wSG)N$=^W<*H3>{1g*FXE8wmnNv%?(XU4yqt2r}S8EHJ; z{*G$1iv>`A1KNk2U(q7~a1U#Q^9piTSpcaS@+~>LQL~K2Q#O)1xOw|Nu7g<%X#4Hg zlz)xq4yqIa{8t)A!s=3ws%0~3RJ$q#hn;5iK2`>4@_Kyz5<(R%1fUqZ3_1KgqynfP zE;G(Z@OWH&=88Bd9^p<7JBQG13+^pFpI$WVJdr*R9my*Do`cX9uY(zt^*txBr5`8o zTYQStL2E{`YwJ|iz*i_cgAc018RYl$)qq)m$D;3Q3q@zv;wk|&ca|N zkF<986JDQj1@V36gZL5pf(6;Ux^53-*aA%eg@nd5G~F2+KydfI5Qa+EBMTHnB588z zHQ}(6VwLZ}!va~hq#!~FNH@$;wMMf#l^l0ZT$jRZGz1E27k%#W%Y2R!?Hg!x^7?tZ z_)XA-oe+qaB$n7ztv2s)CozT zS~JD@!Wg|;0(3e=ke+KB?S&`dEOsLPK9YPNc8BST#wp5u82AN01_y1}fZ95<_rROs zN`MFfeX8cU^w^vK04+NB`Z^Sq#R{~iO8CGh>b(^y5IP)5)NsI|2I)2FaiDEhNI(VG z%Uz}}`XPpgS4mC$xO*8VJOv0IesLcTNWxrzE3Ixhwgo5I7}0Lp(;Ds7Ym)^h5hcCe z7JxX#06=OT*9tm>%tHi0pvt&U*72)fnJxz;LI4_R)4vWK7-Jh~lyK0788E>0Vm4cC z>6Zt9nXPCmzdD?>_c5-ESQ-z51s9ka{?0jF{}*8|ois}cJ&O?yh7uq}5;QlfkbvV^K%)S9YneurFA#8i zrgeW)`}j||Nt-L+xBvkH*{VF{BDfL#r=Y6OoZ%T7C^Vd~v%YX5fQ`bj9z}Qa zm#=|6&F|ZL$7Z3nEj-**oNGCsFMA4_w4Aj2Sc@EHB&WdgqLR0(c7?2wE0EkUUja=L;gl$dVVD0~b~# zq9F&6P{QD7xk5LMn!& zAk$ZNHT>J&4SOrU{{Ru`n$QB24i87c{V*Gs`E-faG7{*a4U<&9@;Bz^_>!e$0$W4$ zWZN&9TkqffFgXL+4iOO2I(Neh?4X({b`S(z?7{ZZi-U?gESMTiVmHH{Fh!VabA$4W`V?uKaR^jwMFT`TSjR?9x7>Ng%u*6vS&kPMI#6DUnr}|c zQ?62RSwFTN`>s-c2AcWE#BE^eVQ9M%F7RY!2M9nBD@1y3M4S6HtTl9n(e5SM6eVH{ z2n6t8Xxf1%iV$ilz9uNQ@wNd)6`NX}#M4YgYiJ@XbaA*XJ=aone5eXM#kjFrP!fa( zofwUJ$BHThfE}c5!AtS34&WghK+~T>x~W;Mi$Yl&rs0j6bP1%lfi))RL^oMsEsd1e zTQRi>5T*n*3MGSC;2>$g7CY+w^LfG$*ZVg0=Ly*q6pDNvv2@aXNFkur2{)}|vR3#? zn5NNR3xlBsw_qVeyfN&|8mL9o0d!k|Vm)`x#1#xYm@xFl2?oNVtFwPWbUf(~_QZdD zx%mXd#IH@9kg(GJ{228VI_Sf*$i8z}x-EmX@RWY}7oS8MP|-YWpFPNNAu&ZQNl`1m zj4xROvFa2ipzFUw!(kXXQvvD(1E&8tDGkd*5~Fn)65;tfxeZ;XMW`LuMfK^XIy0i!C? zO%c+{N6t!#Y&k$1P63BA7kz!iJBWdPD?NB7`SexM(~aN&+-abKc?V!f^0)mekaVfy63Ws6dun^{T5W!2z2XN`GR8@wGBAab)5s8Fh z1Vcm(1I@zy6hRy}e5ohT(7d3F%En8mWdyOoT_Pzdq6yu8*c@O*N~bQ&FQY94f`%$e zh}YZVVWd*X%Szj+vMDAKB+fLE7(5Ez;BP^Q5wcCCQ(F3er=xQJ06LO)?*9M~@4ufv zLf~<^(0~9NUGOlg>R@rw1ben9pGAVPpt9)P9Z*GT2)C~3%&mVF zhFrp)4?CDXLzIvrZCI2%;d;|kcR~v^o?vm_p);3u$84WU+aQ7k4?V;|Qj2=KqefVv zf-c&C+L90uX}V?wd|1#lzmeih1?vCuy)Y-nYIst(Lh7aw>8{siRh|< zNlH`X`e+~_RgerCZ3B5EGxgAWZLEX+kkw5{Q$==SV3=l9f(0N)=Obsss0x7!>V9$& zV|xb=EWjfoE7H(}cz1=&(HD5;!ZiT+$A-pZ0nI|ZS2XF!0ylDgLB_&DRuH;(QTil3 zsj9Pd#F>Qw8{38c`0B@GA*Ivd9>>;ekx*J}8Fo$L>tn*ffkC)0aFIp-0DiENW`SzH zzTeb=xqqEWZcAHzkniB*yZRyC;cy$dLnG37!c)nDJMPt!Mw3$^)dKT0!dITI@^<69 zd#dpFRK+%(x4;dtsDzFB02RL7P%Ma-$=oL6(glS&v4N1|K!jY^j3CvQc|uY{Ski#* z6ne*m3Rs2M;Q4Tx{{T>pRnTB8Ly)u*$N(NSoy=mgSTI2FDTEi+Fy_)WP)YF8 zGiehD#OPQSc}jqD(<%tgq0|Ur4eZt|A)au80CZGg;fQM`nn9IX4c+sPdw#J3kqR)l z+r_%_xN9QRsya2FXS@XHtU%t4>Awv8F`U%X^K+m3Z~BlMm-*Dc%rbUge@cp$zEa?P zxlD3wVxcr9&v-g20aYZRJo6K1BF%tT%MqVAlL3(jX3agt>PulrNo0@L=pfVp_PMEH za2ktdh3Cic8Ywc;p-z-b@%$GAJ1R@Hkp^fkcp>{@}jOZTi_)30o)L3zzNUg@XNV*P#%6jk7A|dz#zw9vH zTB@*~q#-<*q#iUXu+XJGac%&-l>kb#_tqQ#001M&7YRdDa`^p^Jz*)M=~z(P@L_j~ zti$yBIM@;aprHX!tK`8%PyhxcDE-f@#bEx0*zEohTx>`QpSlfTDhFH%XjoMT#<-ZE zstQWM@Q9C*!=yYSjeH0u{r><-hUNZsEh;aSPMdPy=`Yb;O<0C|#*yy&$N5c2nz}p> zjNcljMUg5K3fY{V{+%H_bTWkU89SP?LV*M!kny=gg!x%8>CxHaJO}y{a|qDw!V0jd zm_rSsYYM82TaRrJDil58D@d4*X}$O@@rCd}2ePo!$h&ug$LSOr(Eyu>-rQQt{{YD& zXGdix#yVD8tYUsLh7{QM6p#{uJKHkLGB)`^i75$A@1_&J1q%p!8zeOzm_&~Hf>sIYi;5XX~Tx{-49>T53c2ACvW;I8X>22bjIkVSCMyCH%}9^)$A%Nl0g^X3MJzTXvKZr`$Lo zNLb2@3TRGq=}&t_*qW8v9xiV!=eZ3HJb{rrw-my{>pksh^>M0j5kd;IVY1^eD-}ei z#;@JREvom~NzzL>?pE(^*RQ4Ah`0fy(P<{bxI08J6ctGTpbKs+j(}4kD;hjIm_w*e zX40m`3q}I~Vz3C*P52HN6XKf56yLgT;+ZK5Ye@SWawhCy45SuGDebp|J|mQ>KQSCZ ztBIgh1qB&*CR|}y+Hhz9VCfurBHl$K;IF)p%6vs7Sr!_wH-*!T^0s~M`#pb2hUNbN z;8LRjCfxy{Sdqx71Q`Sn0S(@C`rx1USgIB)_h0kQC4VM5sS z6VBIh5_ysmxM_#Q23)FLo<`O1m&Y*lrBZY<0Y;nGqaDcmgiUQzNm|xVe`yeywGgW6 z91OY)N#J%Vb$q56gN2a*n;f+~OkbpX2GuHyOJ|HxXi}-#xCZVEH-Adgq&;}jscWDS7qGR%xAn3{VDbL)pstU3J^3eEdneHJ{PZwm z(wo!r#t+hlis7I&tr?_XPIMOl3IJ%pAA}Lh0Fj`6`0d8hoFxzqd)XX;y}7b5Oj*mCJC8<6BvN=5gKL8Smy5}PS(c1#-j5L$z#gBs+vD^y<_USS$0gz}I? z6h|sH;A{~h`7LyM$awJK0vCZOn>X(mBo;*Iy?FWogH$L0J~Z<-xAFy0G%FH2a2}*& zC=eq6`wrlwzg5V9aM!x^a*iBQ&_RGZ=)o{RgaHcIUoW=_V}Jx8XLq|Vq{D@3C@%Ug z=5S*VWvl=Pz(WzDN*<^Q9FKTWRW-p?`Bx7j!t4MBKsV^hy5a&c$v|sw4120RfFsbe z+Md6p!*c%sI*^Zh*K0d^pFnv+fU^*yL17me_Ab4ytQflc7)o9GH2_RPi!knc`$XQ7 ztMt@D<3mxb2oKegCyrxuHmyMJzOwalg(0mjDZ9Fb&OHt7Hh=?X$YrWW8rp!bKmw{5 ziWL;2%vB#7elnG|1q0dz9}*bsQ^82IO-_H76Otu0=txtIf|mqvIkEzLYI|Q;K>z~; z^O}!xR>;|;hn5<``l#3}muLjvjqffWfDBPY=}GLS@Y2!f8Njf*b~0lD3KE*fM@d%r z!Exi1kP@c5q*P7x-N`Q zbf-$LxEgbtz%S8Ok@YZLN8f&zCtqh-1P(xXyj}Ud=p}*zs~^rvI;e3uavJFBWSMP? zHDQLTEY;2#KznMkz3sjID@{-l1rQw|F^&>FdZ_?x@-H)D?zsbgrFj!H+x%*W$WW=r zaKqu8WdIoIea~59eK3TL@ekno!3wI<%R{14cy?vI#$YJ{(vepPd5^{ASy@}UIBG3C-0t0=AszIE*t#q zF0O#tU9Z#2I$N*VfwJl5vG2-5MorldQ_dQy01;I%t`a=fZY>-Y!gUHf%aHtVA{#J# zU7Ent7m`-ky(Yu&f&KRKMkGUS)zJ!gU&(;gc6D1ma&c%DekO$#749rt3d_R=fm%FV zRj77~(0#dt4ftHZNJJ@0UE=tta&WL40DL#xGHT%@ro2*@2hpO&>|{+%kadQz-UAy; zzOIbt`|9!gXc{Fg!V$F%NUfwi_q;?3azo#=NAJct0YneOaR=H3dn5B6ng(eNTtF>t zw^a9!S3qgy717cI-=vA6L>wkgvK{UOeQ`m7EL)|YIn1xo5+kxu3*g3+@Yz>}!p0~! zi#Q@TMw&LQHX6gZreocXA)kutP){LK(SC^Us!UpP;~R#4YNn48nP4U%!>{PS@iv@ z`gIM<{OVeLy0`XEx6&nY_mmxgSHNv?fX56e0TgtOkL#3zr@EQ|D3B4v^f$b*;z&IG z7{sq9!6Q#OH`4-dUXjGj8h4GwkZ21kIDPY(Gxw6a6c3AwL7*zWjEP>NFCdp9(YGPU zCi6o2L;$EyN6Cpmkhpy@Ffe@$`_R|W@vt@Mggd!DacDb8FV~gMuX>NNx_=lK61oqu zP5vGWG&%aT&VT>`u2IkSSa=wKms7;Qoa^M6B62X~wab&8OV zh-#8!L4t-R&?xvt=Z~OJ5*nx0lHeT?DxuLK z5-ZZo9FYpBR<0HKN_QPTfx*yLE_}!K?^{cVQPe>D?+`#yuiCxKR5042(LduH%&V*s ziO@?og^|T;M-G~QdSFRuG6>xf6}aQ=Eghl#H4V%B>PYKtw;A>JpIPlN0IuRNO18=fRGttOL7laeh95b2TzQn~1v8kBlUN;S~UH)&xj9f$+B< zN%vr8O*_Y8B^~pPwxPB~0CkjkHM~+8a;}EL0P?XiMFHF0N5FJ!!FG{I1YQT^=f*v@ zfINVpYkGlMtWA`P0T6+{1uI$SyuE^v@b?2Rk{bA3_!EA&lh!7;^S1Ae+?WG90h~k8 z82}AAgcvaa8bDD^N6~~r&>0c4KvF*O{S@tk28w{Tj~S;CPNkP)0VJh3xoUMxg#&Pr z=!4@IxeqlIRSyTthy%5aBZxrj-cfQQ;}yaU8qtSoMYr-CAAs-B5MUOaaL^8o>A{qg zydh2~e7($j>pjd07*Sf#+}ykpo2z6ybbFZ+>tJ+g(rCv7yXFqBvHt*tZ1Q~J({H;P zzm@xNRJ=Vyd&E8i1XZ$i+{TTJg=t7g^Ps-d%V7h{u)cG+pVs?;y z8li5SXocl)@mmv9Sm4ocOe`P@t3g$`ygPNF)Vghn-?!B1oLZ=YkK-%o)Kp~ltiLx3 zay%pq^z?6US^mq{^we%&=TiRw6p&kFlh4psCp14MGkA++L(;TQzJKPTAKA@8nS4I) z(3Ip{2c~xdkmxn`1LMvbwv7Yn4*qa~X1I&(Fw44xXz{(1CXONkb8hla=Fvwj?8GA! z9evJb?aJx*iyYH~ElM&xL#OB=Fl8_i<(w0Sm((13=a z`L@$p-FIMDx84LHFhn{`P%Zk_q=XJL67fK>p82aAdz>1vHr`fD4P`E-stWHUlBAx5HWctjkeLTMCItD%9j z=*{f^0Pg<);`qnQDyE3W;%V2W^tiL}U7%}B9TScLX}2*4Y#u%1deV;TYul`pwQO~w z5EPp6zT!SK4+NqSCePOch|MLkc8?H;$<^Y+GY=J|U5w z;Ey0tX}1h=D;}zT%zooGwV{2_>ImGw&ZPcM&zd#U#M{OZ(cF0-F7}$5{c=W8(b7h! zf|O%5J~Cqe+QX|E^71emg_*1*0%_$DglIzR!7Ko$G9gh%w_ zR2I!6O&>@wfpG*XPV}PsFNREIc-3qW$6dmh9 zyQ~$Dc({ZbjR<&Kg&ClmA8&pdn#=FwVMs5E;rHcOfYF^dM_5@BwPS-3pPWD*B^yWe z!J)fQVOYD^c|vCIqb;g8kW>{n-m!(jrbN0tIkM#*i59jVA7|(M}_>6sQ{K2!eMVp_5+(39K3|j*Fb&o$MuTfYMeh)0>%o`h*0hmcvx1nVxd)^oP&~io$Ua( z%NV@`1hBo(Jc@z+LK~O))RR4@++*hJ_P&I)1D(NEuU;^qRUsmoa5Q-Fa2(2@12ET4 zfYw{17OG{%vwQnvMnYkMy#OfiN9ZgQfkPcwRe?fzzyuUDLO{{xoifee5b97vNe$bMWqY1d zdBsJMMj=PY0IIpOIJ5)uan~5*#9oY*g<21nMgWxk)5l=O3TwFQ`_b^4O%d}?c;rlw zjnR5hi5F1WjohDhlQePQt{^^{j^#$;H%)ssc34z4Mb%an)igO{Nr8C zkl5Ck;{O1|upt(_IM}R+vhUV{hfvVvB6cOE1+SeRzL!{ZQm!8>j~F2kV@ccGbNZ1Z z)pgP*a^KP!AecJQyw`h7l*6c`!;f*U!#Wrqe5 zp;v-;0&vz1!Dtm}pz9^NgH%=)xN5w@Pe7>p4j>>7@I(OGy1#59=xwTw-k@|u`MC~L z-d(8GN}Dfxj5$C9fH@9ESnnl=`_QTE0QE6?JEGFk_OlStMbtu|-4*5ER|i(>#R6~| z4(ymFyoIGFD4M>&ZsQ-AtVgBr=F3`RX*?Uoa-t||EwrLoD%X4K3u{+Yb&18J;S zf)4d`%%?%B@bXbL0+}8ux(yT?7iAw2N%`V<1yv+jyeKc!Q2>^wX(kAQD%^y{*%}OF z&zlEA$H)5d9R2?QF*al&&?mqy8AU)=%(MZ*Oe(o=9a@@D0tc7r{@dIAN*kB?)W64> zt^B6`hiF%T@nKlQt^~f;+=fd|IB3>^8lyw^IG`G5Wd_TEp&@_@u+)e@H8N(8>rKpUH%Q^YqaVF3MrzwNq?GiYYL)?i^h_vp}G#5 zQ@A+padrn{>vMSnLWDt4kP%t0;*hZm?Phs6Jy96>FijljQm<#3^43s*$x4F~EAN<$ z@?952e6k0X3=)u`j0aA%9%d+282nO%4AT(2Eot{iA-BC3VRS$e~ zL;3`qfl7iUN@Y8$>EinX$`!O2L#0 zDH9j9u*f11=tZ|RW>+#q)CG5n3QhSc$Rlyz(Rq{abT5@9o-m_2+Jsxu8<>ueZNp2V zIdc3&EWSY5sJC9sYCQB^WIV-c5ye{RU%=QNMJB!HIQc)Ne%*~@{sFaO7fDJU&!iE? zkwH&j0;=c2He+R8N5l1NKrAYQDX%}n;Ftjc1I~;Jh6(=wB5MwfJ;vRShFu(JAn;Z$l#aJRS5N< zU19(llYA_ahF*SPNJfCALstGc z$R%7Z5E10_3Ie3ZqL1!lP(c=u1zI~7SiKtPCglZN>^U_Zg{{dHhhEvY5(797L_Sei zk(c=b&D)=?;(b5addtPnw;213N5l8U$8i9b#nC&1US>#`n&I;E@rWv<5{QfW9CQ6Y zhtQhT*UrWH{Ve)5ZCvP%o{dsZIUXPnp1cntQM%?08e3?Hj(`?-c-MnU4uKMc_#5gYM9p^bp1v2CXdVZP^_Kz9O@%(xTDaplPLVq{$_^5Dy?7APVLq;MQDspY~&{53xK zrnH6t%PNBQ#~l9vSL^8oTcSW|Q5RGmIAlhsLT?yTO%O|z5@Ap+bzRUe7)Y*<1P63S zk^_V}P%X3MK~?&JQ7ByUvvzV*e)dNWH{fWCeC!(xC6ss@M9d2p?G8hk)JI@g?3 zw+`vlY;DknYo#W>##*lv6;)MUu4}&-~@!VHkN({0NI(8kRA;3Who%J z`&OUM3x!FQM{m*7n5&=KIS`GFwA({co#2q zzegb-?&8M&!S7bp#XNxaN< zcH(PPfOmX8tg^%3ivP@Y1ZI}O%?VAv)ML=-C!QGM_M}<9Tkc6TBqM*8F-Rx5QAbQN zxd-uGWT37k9jyHugz%Jg&UEkp^`_qTmiZ-HaFJlb!yT`sNK!}9 zU7Q>P2d!KcrB4e>wBnn4XoO!7RWqsDMJo6E59&gL870-JMEK2;*xOOJ zO0e;aVNhnV|KJqbUL__$Ckw;weusB6REB1zkG*q~6uPW^mf9btzp!+K>D1`?31`6@u6RRVAqH3z(+JDUYpcGp(p?#Jo=>s@w5-*lX?}`t`>vFhrZAm$dec> zFAHmu#Umye+>f?w3waNjMauFoFIkKlzi+sTp|uXuG$x+i%vKj4FjE%HeyVp+kvK

O4^vJo)Iz@aQ|V*QN`Y#_BBJ$;Yb{jwMr9T5E~Qj{8i&-do3 zjn%I_R?Q#c!#r7EzKQ+~r0o^!i?MPTi%zO!p&N*eCbyk-HdEA+HQ7pw39{8lLi(7_ zUSl^|zwsq+9erw5JAw^?AT-U_rG?8pJHF%vHotgy2ENE@rh$w11V3#|LDOlG5?MtI zZF`QY;Wh3(#!A==D-`WGqVN0E`u z&e$+LI?o6+Kg@IHWKOZR6SdU7Kx7k;@gi6|+4>~*;-wfyp;SgXSW$C&EyRfl&94g^ zt{e(GbFOWIu~ptd)T1Y&_75krNUR);0pd9LCMQ{scZG>zl z372GVp1=5`uyj9UMq`}0rac#C_A&w>c!D`W{Y-BUTCzGYMouVH)jjCKwk+yjD#jdq zG5c-dlcq9A@=te)1d$*e0W7GU)H{dZR!Yx`?CC;D4g)|rdT7hdOQo{7<@{No91poC zflAzOhb{`ARf8YDT?>sIRGVW1Gcd;Y)qLd7+|y{9Ueg7@O6v}rXi2$6HLis3i&&M@ zeXrh#oyA4D)S0cT5#5u@Iq$f9u7-OR_ogT*)X>bPEta1!hbmf`d9-uhzqCytbvM+Q zJ`$Hsn3HZI^?yq@S4~W_hCLW&R|Cb|;BH3h1ZnAk^KN#3d%Jp4S?PScnG6-G0 z;VV?MC{( ze`4hFZfe7W<6ldZ+$ywQ7U1Gui9HtFOe_jD1ci3~P&E#VinoM+xnkUO;zF2lZBmuT zL58w~<~4<7Sz-g(p{T^!^?d1JoAm#^u>RX#{dx3n2UXm+q_PBF5e!%+(J#-7 z`JueOEsF2|!Y3FMnT!an-)F8?7Tn8_gr(Cn#43u%46rx2fM#FA~R(_fCEFacV8U;xsbsA@HYRd`y#NZXBMdG zLX12)<#;6qQElCRTXP+MDGtZ}a#$^)GW`xYoQ@6J=PahlDqrHtYT-nT{r0RNKrdyei%Gl=k&G;me)vja zl@>pPN<60POO zzFxMCeS()wqs1#_7bxVh^9x@;)xBV7h6&9RE*8jS*n^&i^b%3p7~SE8 zF#nm|^^XcGz;nR=gByTd=YZD-2_%HDmZcfZqSSGPL#q)l7*uZC{UdJ}u=XF$3AO@{7g> z=-2U494j+J-Gsz8{P=`%ze$8DN>Vn=|0FEeDP;e;BhGOLir(5jE2n)|Hy>DARLrf8 zG~1&8%)jK-B}Vc1<|w23&fmrpjT`hIU@Cjcv7BrsUvq~W+0zthNAbr1I}CTk$+UU* z>qWX%2 z;#{Ix-ohio7st?8q8Nkyeq>ilbtSdo+1C^DJ{l7xw!Aqr2|)kH!OAmfl2^xc=5H_3 zehehAJ7J;bEZrptsB`|_&i(27qe1-O?m<@|t1E?JE|`x6hm35#^A!b{IA+9CaARY3 z433Ji8{5p3;q2RA4}gZ3H98qP?3wOCq+53EN_dsN4f7)C zH4_jLv+PqHBKQU<JFAlk)*cu|N{OrrQ>e*=o)OVD3b3rz34U+}S3cq;U)1*h zV7(m2doR)M-N*ImBQ-yk<)GiWekFITO4JLAff4+O zd>_wGE9*(QaMLB`aNi%wG08Xk@8HAuUN@xF+tAoRpfA`+df7H*Ed*0qy&O)jQHf#} z$0(0Z_y%@`l^bs>=&9@TR>k`)$L3p{cY<_jI)X)%wkKs58}AOu!w~q4EnF(M5&{wr zO_oLv{{LVW#?(lK!DM%gl4QY2oDOir?`QJbn-v3^Pzw2RgRW`|fDsUy@5ozOEB0_+ ziq5;z0D5M^k^b%^(X{m_9ux4x@<9}su4H38du~Ib)Tp_V534a4mrX&*D)j?ECL+0H zWa{RnU%g{j0-h+X#t;W-XY>XXayvMVM@q)8C#w_4B$Y6i?as|n0H<&m?Y`n85Ux_Y z?v8qHKsj`1jm0!`3@EfbYxX=PTF9pr0 z1I#%xe2Jer?&nzgrTC++CGh)C9aVq`J7e9#vaPe~7$wCuzRW~MR$8VtIiuGZb7d3v zdwf~O7u&M6G?fyGIrd=$+7cmNj3)LjM?L!lK4CXoU6@EFAG?ccr8A|D@a2rLu%T*c z49onwYp;8ndQ6wsxyjV*8iGM}go~6_-TDT-0oSvT=OQ@JC8U-U{()XUzPU`5uP~j&X z>wSh>8f0Ji;NPE;7xZGJYLIK(-G1hZtjaiz6Mz`UXJ4th5~(9u3v-(uxFn+68S~ov zZ3m&K)y#UB`zyWH)Ec)4HEzr0z~KR8D&p(7lRYFBd+HXIgOS|IT3!dq zGPJqx3CyRjynN6MUnp^R^%L+5wk3{jGw+6*eDR@90gbHkoKGs~&50;I$4&u#)Ztj7 z=?f{YYT?JQ@3noa`eAZp#~ufeO>542<^H!u1cR!_x0B3((n6`#h00TQPI%>RGNML5 z-|;KE)gyiMGJ`zp*KRRcm4V>gksQe^TvVsqlzzgJ(HQWRweWuc32D%u+WDg=A9zI1 z=${e4ex)EJ!0k}TWUu_^Zy}o}JbzK|{FjT-o>v?-=V*S09HA*K+(sz19zW1QSux0{ zs`N5hpztqU6oebl{5la$BXKOpyD-m)Rj<{QW6XX3ytG7v2B+-BoL+6X~ z2&a~JT6zvjlSKZRHSmkLCDoSvzMQ=8d!$PfqfGAy2V)idKOCJ8SHEJ^#&@bM=l_{{ zX!4Obi9Y-@bERuFJGQETcgfd&1^5?y+#S18s`5py@K)?Nn3c~mcWeRteULHB`d7Y+ zyEhdkT<%+}d(^n^0F9OQ--hDl2hhu7ttbH;TQdm1B!MN>BB@ z7#t#2G_zG_B$UN^s|tRa{gGwd=Hb7r2GD9L;+JA+q^}pG8?OiEkOt5RiQ1Skd{O~- zR}y`0-C?Q6r1-pGd{aarE=xo;bS5wGCLp7U8rTE?y#W%on9<6|j>2h)HX*eN#9wP( z!$!FU+Vb4u5W{J-JVxJToiAKnYk%WxUd9^Wu?&gL-@m#-{aaG3q<`sb;zhv6A+3e{g6Q`s@$T@wpFjSB!3*yLniUO8^;rw0N# zoI$DWZ9)ih&-F8ERCFMK!UC^|yLsYoY_?#E=RhK<9GV}#sQ2ks*v+(zUcOnFq|y&> z=4gI(lR)oy;*iJ)`%9<{)_3`lBOH(!`kBxZ34chk76b#n|4{$fzWWAEzzl6}9`J_7m?`0;8~EZ$`o;vcQ~wTw8pYvDp4LU+w?9 z^!A_W-@TZ=j^4NK1@sM}q*jAv{Bv2{I`6_`l& z&O^V29&d-mY0k$pD-MY6m^v2Hdd@G(y2~ysh{?TszsdRbSnS+*Ksf%)=wK~MN#hmO z{gh8U0A+V~$KZPPmcRN*``cx~9095DR5iwyyQcc$re&F}ee#9+;p7yvmg~5LsP7mT zJs}c&UJgslpUHcXH)#-PWPFlMD1yW-lmYZOas#v0s50?#S1k21*$Fp7v-?4^Z<4|e z+$giRj<+u?3BI*&;aXXsA{ehz=yr#+>^sPAev+}xCI?<%O7AkRjvw;GA1W$EM|qyR zV=#_5&}+#Qb`Wd1`}Ad!g%@l83u1P_;@6VvUnB)Wfn|FM}{9# zgO8v&CvCpVKVFBa%AfV|gpp6Xm}Rp@1dqLM6b%zydtr5I=3=dz{^C!uv;EQGaDsGz zZjX>-2IdXEI4XI0LT`_QA=mC#7g!nvGAD{WZM$lZ7X1(47?isj)^op~V?w>nTx3={ z{%k#SF&<#ehSJ97R$3xu2zGFgwS6 zh=Y}>yN@K$S|X24hYYq}7k<`dPRX(qk`LU5qb%0G$p;p)mYZH*Ee6?m0f~vTBKICf ztkC1$VH{ zIIabf2Z|qqr*Y)=B-uU~+yTa#p6fgS6 zw~v%D{{fg5vmSC+8a3@6F*tPUE+0(tzJ&<*QYSFnJ=Vib%hEf7cU&eOW+8Epuu>HS z1X{4>8N3Xz3#}Ve7+nDjpAi1ZfkQZ#3y>(>+s_2z>~WdrD}$YUj!Pfe@N%8uEC|AF zlP=sa4KcTmLw^`ArubPl#t%Dh#A6O>jD$9MqWEQ=zn-Q>ke!9MPv5+HH?>Lc!zVA8 zkN+306Uo+IBV#E3)s9|1PX5ZWuOLiwb6eQVZ*r}NKHzqOKR?94#4%wE>&G^^+ZzK8 zJncTb4>k@5wPUQ1US7W_CINSJK6$SreR^<4e6o`=TbWr;3@>V_Vbe&6*mt~1Vnp4; z*Q`|O8Rs;>u)|X~sma-NP{V5n%$8){gK~7p{m2@&*t*4}qPieGAO9xDLhOafj_4r( zfE8Mw213Rfw|eNe%M?l?Q(0UgIZB+f`I587iN`gDq3t7<4wOn0`Tlsv ztgOOoZ-=1QSMr|Tb?)2Gr6%C>)SUkTi1fJvTwhW+d`T=)+EqSnf|Fsm2;`iztmic( zk@3rm`TRTd;0a&II~|5xlVhAnvA<>io}*cpG6&n%JbE+xhPlS4g(2?$0a`vwnm5@K zkfl=x3hU{E+Le+?QU++!B&fM@$!b+Hm)rbpjlf*{zXL>a<2SnU9j4ofaGwX`(y`_k z9EX*K+C^)jKPN4!J$0<$Ou-$3LWz>`qZGa7-EE1ajycNQSec3K=-I;qU+rBBk?bgsyKWIm`fzg(Jas z@O{*`3%ah-oUXjbo34e#mK4vlO~#Q+0wP+b6hU7EcFK-$oNmjbi?CC0Umd!fDpaD8 z5SoL?M^d(UMP~Nw{-eXkR7Jyd@Go7VOm%#3SZkltvJ^p^QvlK8X-3bAH;p7P9^)j* z+=_?=XnBKpy+v#(s;B&L4{!y=sRU4MYsTCfnfPI8=*pbDAOOU}QsT|`mi5z40$8b3 zW9$c{=*fbh3`Q~zrSe%iWb?HHHKe&`G%q9>q}(#hdnd6^2R(ouY+>(h-Wr;Kj7^Q2 z*bhCsUwI`=BAsZ_NlI9bj<&A#fNm1J{Vr8tnpPf244U$CkHNYslgBgwM+jDI=4l(9RNkRHGnN>iT6jf%A_q&jG% z$<`ndqh+qDgOQVcd5uC&a|`ipxY$ykvAmbi`x&G~^}_LEsr}v)IHB78t2T#6sZ~>D zPsOL7?umd2s^iC+R9ZC5b^|7_q?oM@m8#N*N4gIJtaDvi_YQJp3Z7&*VwF#yOuM`! zeAHm>rK9EMv;Ni-B;+g-%Gtc&4E|QEy%F39oM-)H`bhl)SDAXU^Au02(RK#$#|^Cc z-Mvs@GdreK#0)pi$V-s2%B_5xX=WLpfegC2?wRPJxe9-a=bp~lLO-DQZXym2Vko}R z?BpMSI4DS2B(C)aD za$!qf*Dd{ZNk`3mau6VL(1Shdr6TX9VrI|kRn6M@1<%VmOzzc{s%*_ zIi|?y3^b~8#TnV~Hz)nUz@qgKoqcpEd9UAkMY3n{7JrCi(O94W?Lih z{Z^PF9HKNuH#Hi}cxEr^vQ3WF2aHQV`B9*SNgW(!>8=wVG0nXlsZF2UoT=|9f>vbJ zbh!bAEkdXPX5e>sY?A>cie!rqRYYxu-dKKo>Kod^hPApuF`tA_=BTqb#|tpjIOnrx zWVn=pYR(eraht|8E|?D#IIQbE3}_>4W$q+cM!-P^>pLLEnM0TqcQ}c~N{Ig=BRU3K zyQS@0esm`bMP`;tQD8@YBUK^84 zr(Z4x=qD`3_&_O_J|9s{w@kWldtQBh$5@OLUKKqg|9cO>r9=c>*Zp%2vDkt`bQL@Y zEg6D8CT9hQT}|X`l6Ycnf(C=&G(1 ze5_)7fxa2zxC>7$Kg%$Ug>rMn^G5z5IfTLAwI>x=3yZgywUf3-4=SgZ5g00KWi?A; zu{1iqqmWS-jo!78l=9a*fZDLpO{rN3lbG`&CpoaJj@$ekzK=j)L(i$xv!tGyfX78dYNtTu3?RSA2kkTsyyg z&2A}d#DcP}MQ{vm4?T1MMaeoY^sO4bca?d2H58`9Bb)|tqWnYd?h*u~(IEXc++JjJ z0i`25E|{*ym0?~mrZry1VlhsK<(0^GYkpnBHu5A07cSf4zOn%3ER$r_oz9T(?#v)Ic3iD<5mfm zY_GYMT&D`fG}K4V=$>;{q#nl%no&Xaf*g3`vCiGoUu)n$I+t9soiS62!Ja@pO4_Hz zl_C+1*NYD9067K~k`->=KQ|fw_gJBXx5rF~A}DmUy$g0Wo zGxbRZ*pztp_;4erK@hP@FW%_l=b99b7Zd20^xn$(nmkl1ij}<+|3Z&vXUcw5fXdyf zF|_Y3irduDe6VKc-bKy)-IL7^+XQJ#Nc>-5`=ZEwLsVe65^eAmK1s9aakYM$t9x`B zYX ziHE4O$v?*b<}^~CC`>(dqJ2PcpwNgDRHm%O?XUmgahSIyX4)`X`3R(1;Ox++Px@r5 zI9Wj1+bil~7$W!?f8=y7Y@6ktn9b9_;EvGXJ2w<+Xc^`ZMQ;8_dBGr|)#?E(ik7Hs zIKvHLf+2L zw~MTj?~lE43$BX-X^=m9Jy6FmU!n^K9ZMCHP)zpR0{@Vw!GhOfRalRvdeJgY@23mR z>BJJw_FR&WD=VQf6513_Xz=X|;dlrGiac$icD@Q})2u4|iKvFx33oTB+K*byKs?#- z2UhJK4<3fFY$SfvUbWe?yfijoK!-tFnh>?2c(=C^%mZZm8t|IwsZ^5T?X>n(7u%iP z=^Upd-3f9N=q-o@n+>(OAkogG$v(EJ z8()@JTdyNbUJdS9V?T=>z6DMYM{SH*!YC2}Vx;^!(pG0EO;K8+|YG4`>n z-7f6#n0r(tu%gu@X04R9u)r=_We-Kvz%l1lzt}3@P(vwu z&r~n>@BASbs3%$jRX0#q{%WrY@ryuv8vCfw@={&C3PdPi=$`IFx~tw!FEh%f@g@>? zi1~-T)4Wa>pbeH9#f^)5Y@GP&^>`6Z9%NmX4vk_JVWQd1{gr+o*A;oF!&B6MAcpnO zib5)nhGaO&PhX^S{Ib?{G~`hhAFN92*XAK20|`zDUz0+2?6Ynr#1LjRHvI10y9I5m zIRqwzy52Mntl-ZDAv#dQV9%gxw<8QGI4%<3FT7}+Pt!^dNvE&oNdSLuQHsm>tRguI9o;U|91Hcw*xTMu&Mi2m5ltIA{r!Umm2cOm|Cf!^8V zsIPWOzn*C-glzc8?)nXV0#5AjCA|eKK*fLkMg7k)eEG@v=+Ve_3H(QP_>ZzqUARF|;jUxpy0L~CokVBVkMcXnF2NejGx;>Kk3CM{UMiPyDGH5Y!5t0B(NW%s z(2L1Y`IDGIUSXTSmaRt!nqLlJaQh$2KAU=6^g9#nfawZJW4bEZJj)rw^6Jb*(xLI) zsp=3xESdWL&0&Munlcl`IM`kRW_6PPclvH*db=?QguEUH+F`-0Xy)e=UxqpBs-$d* zZ!BJ(6VIYRp9U5A?Ue{0Ezhms=yoN_DO%L`WU|$Y5c0dWUvkzpNuA5SHn-}o18TuN zGZ}}DdRT)ov4#C#2K~!Fr+kg$HsU#cMaiUV5i_Ih>k&3Gk?jkwkcrvtbEVyVTA;2^ zT-=cXXbXg@ht(n`PZ}Di415>Dmt+*6&&gi^I z+5cn^IXC{i?f>q_lv*wTzYPCR7WvMd7>)rZ^iLv&l>x~c3+EiU0ko@B;4|ST-O@V> z;ACnZ89q?if%LI02B-^z-v=TF269NB+rQA_I2n#VWAS&iOa@XEj>khWUaWdk{$HNO zVFX4Z#>dM}+6f}TPmf_&lbiqs^Ko7TF-(Mf>l`#>-kqi#NPdyS*2>Lm{l4SzZ$JY{ zIh^1J-Ot~&#G$UVK@e-A*xHmmFeU^v82R=LdUE#ZX4=w4oAXoCjq7WKRmOu z7Yu%BHZ&R3vzYXbLm-z}oH@U|j^`4(PW5Nh#S#%Os)=y%xVzJd)uvp4V$y7s`1=)5 zt=Vtt&ukp?>{wqmq!L@uO%m*t=5S?BZn$*5u55j`{$r6LR$typB7!M8lyNT9@5Y_ z?ncHk1OY{lVtBmbxl=>a{5Bn-P%8^Mabg#!`5-$~{BXF$t>)8XHF@{`eJ{gOwpMf` z)fAh?&5{{%nf^0n_CAHhE#1oq`_azeunbj^^Rt$OQWGPEG%B@Yvk?lU;mhy|Po><- zM31R3y~?afiu`e1wy(Fm&fJ}GT6a4{EVlb*=WFPXznvT zGZUywYW*4Ci_Iu~xT6hjZvBKL#0QMCyD?Z~SCp+=)&UMInsdWBHYA1yc~fUXNMMoF zi_PONpWWE*;U6#3)@Xo2@I)(LM{k$amX3UuL7$bG5PmMsR2;`;a4Owb+;#X5plew{ zla!;8t{%22(te5xIqk5a!blkLqnqDOpAq2sHE6s5GlJ2hT2zP~^`Wb+Ppw~;vb~d2 z_5zY7D?HC%=Kr-2YeDIQ&|0H_CBxGTj;8z6fD4(bS4d*f+o*jFC=rCa&VyIH&jDaS zUiNeExL?m>KtF$RUu2f$uVFGX#`EoGZ_pn3uF99j;51}n@<%pOP`>Ffz}(>}$w&O1 z14Xg&z|(F?bDk*n+ma=g2dPj)xo_iA{ww*tq4{|!g|0U}k*pOi^edKi9BmV)Jonsmo|&Y4#Fmcc&| zqaF~_0*r|qVa$2=prkL2U6561d@FY;A}CbM5}vOtY9agW7$0!DB%t|4-Q|wyuMKXF z8i$MM_9Vm!`K`BL&_@fS7l+6E_>X z<{P#o2y03D+xOP#09`GcuH^87w#E(?>L6u{6l5L12;-M+*)1KgCgzEf+V7YL_6qI- zJ3+78v{{Es8*y~g!aD?yXlvBo)e{ZQt(wB|JhF{RKH76lf=Ng5&IovJCL7WP`1+p+OKhzCcS-P@@>J2)8yUc%gK*WmQ|e%DvbAVup2Eq5@_ zvvjvV;;*C_J!p6pmm;HpAt(Ww+is$ZOuT*wVe{j18Mhtv#F_4#WI&KUH=TH&f=W_Q zG4m6iXbUS@`fX|;OJ!G)Cre}HjikGO;m=Z#U_!3rCX~rdLYS8G!^BoYBBs5;aZ9!TRZoN;1zeUtSq9&*jGpb>|5D8RSrFA*GHgxrm< zN|phPtV00nV`pPV+W-n_t>PxM@p6SzN$G4jufESfsfh7N>t}RE>RLf1k!7VZ(A0aE z{6|RCqiboX@GLXNk2QJU&ExO|0V*hcHQ(V=z4-U~qhn7XmE_X<_*&-MA(vGF0K~Wa zT*?ik1;Bo>o7e{<1$q5;j{a>>l8C+f)j{r6_bZ%pF}jDy)+mIQ=~c;ZVy^8W6zw_g z^S2L2r~d#C+k2Y7bALr#wYKq#-j(45jPr&mG@=pud9gpX^L-lBQnbhI} zd&w17a|}WmTM2`^>0zd|vV1R_)D4M1Jmg;a6%rKm)Fw_WM>OlPYVG1ynYxWmPv)_h zzs)aMzlG6$+dgN3(v@33k-$L!c53L}j#C*tPCy%L8xLQB0~oPB z!ghoZA;n}l=)&H&tN3gN&`c!Ye$@{{=ahwXZuq;1@fy&nwBu!>xiD%8i&dm4oI((d zQmpQZflK#rB);uY!0)@KC%7GJ8lrghON=ds8n)`6;fodqus7VsAMaE#$(_22Lb1YH z4eCV0X=}2AA({bH@$bk^XIMaG#PK9~!VFF*c|4NWtJvpKG%AVapc`?q5}I8(O<$S; z{T%brFD%sV~@f1^*6-IN71;Z1*_(Yx3!kv8P9BV_6QvzL_|A7%)f3zzV|{^^vWEG~2)i z$Ii1T?!z1kLq7?+k#HplR<*a*sfX+UnW@KThl&*|hR;DwcNDg)M&$jo&KnOjXna$e zF08T7?+TR7FdTDg8krC*mE%)R$?xad0477sa@V2mv_gQ1fv=K_pmghrcDxU<4gikj zxN^j4R0c+emy7&v7ui)C^<*SXt8TKA&>*NIUn%nP=i^q@Dd77kyT zQr~F?b>Z_)wAy%}RD#8&rYS8w0C2g5s^s-Vu)V*-vkFZ z?-NLlMM!J#o(XGwjIGGjRa+0~ZixD6@og`00wak|W*g}aeBQU`d+9R7z}T&}^YSs3 zUK<|k4T2B=Xnu1>eq4yR&Gg0NpAuj4Dl|I5y6M_>WuEG=YI;FcA_cX~B=VKrrBVuB z1@;QRDph0PkaK*JzMyg8YZsj%%>I&=f-}9-TTi+4DVC`x7Rs1$74)Hl)!|%l=IFZ& zSrP>(wscBB0$b74_QByoz59oZVBtb`DPKnaM{B|9H}A+jat6d~#gES!TZ${r|28vsAc@%f0KW2egv%Qo& zh~m&tjEB+3Z=zR|aCg+up_A~N3169bL-NwLsB_Y|AuM%=V0%0f@^W}kGVhqB?jBdm zrJveq$#Xb2f|WwfI|)m!Sve(4${)xxokUbgOkhuxQqclb5;LSoIwKHpd0&S;@<;dI z!Z7z|2z7X2$j2jO6fMgy*7TZLSlI_hKiFun(r7((&iTO&J;xzO#5|!5FZX-LH%k1J z40l*>iUQ9W@cm}}$tuETYJMa~-%x*fse;{)%bU>p@~oJrIY{Q>1ymS3Hm`atX=(V4 zn@dn-lTP3@u^=yNS$Q)^$!@#5xzNTM(*ACsWsRJ(4=X7iN52UBx7=?)2ps&uk)0dQ zd+jzGW;REea|5u^i4yKjdhokipFVCGIZePQHT`|6V{FZyr3qa9c~$kdB}>+K`XdPoyl)z^X1K@Bvs_;;n+8-=u*OnAeSlH5~#LuXVh~u#T8#X z%&Ufwp2&#sL;5-*zRTU%o(WDjALqeKuH)hq>?m+Mb@f-pq4$Ll8himxDKE`|~%X zwfvOWV|jnsJ6Rx3H-haGuIP;Uo5zK*{v<88Q?#It&VGIFX?hJ+E3FUrZq&>v>1#it z_%g+7I3i>G_k=jXPOJ7iU*?$6d{NXydCNp($3J>6vWkSD0N0cvoA3&(62eTp>iknt zH{65`f$XDW|GJ98mDM}2YVxcZK!Pb~7X4cB*VFIe)neXqBEiF7OGbB#xZAC)=ZA}M zp|?tjdLv{J#|{+hv?M7vr+P?9(`8-}0)%yb&1k|Wrj!49Tk<2;yFOma1EWBBwGosh ziFmUUA{rv=aE3YAiPa9iBr$LcKgnUeYR5i-epQKa&i7o3O@Yt^8QGt0+$=E3E(O5)o1Laoy7CmcPtFW&+4iaYY6l-e+~_&nh`ewm|p4?RxqG;w)4&*NjN zFsGf%&>uf%?lKVoy~CNEAjMANQSf@vUL(MXspt##;Z|=Cy+;KqL}WvUDQ_Qn416B3 zKX0U{_r@$~QL`7x#K>%L$4_mwBEj8HAq7sWiF9rLCTxq1x}woXyofDUO0=R<6EvgG zMqxe3%o_z}b3J$fNpOlHK1*`khAj;k%`=*Yl|o0hmL}b9G|}NU%?7{*xhL=pSD0M!q6PtNtUA4r+&6iNq=;WW{4tQP3d6zfa<~Zn(g%83ieJUPKt(9BT+=Up4q|tK;J}M!-!7G&A0#^Q+m+_bwhb!Z zw|D>o({-uu#(xcw&3Y(C5Jl!^y5TId?I_<&OK(0_lDjdcapZT@C~;W`7iqr%OvO;C z9i^REybm@%?XF*Asnj6qUHeRsCWkjRT>LjBXnTQkE^bWzTe+M3iLhCO(j+9&&VEJE zP4hW2l@yeKS9&!%7U`?-e^}tm#A7R$_4l%~*3A_$8?Vd#L`)nWbtCgs?Gj*o;{L)o zkUAtqM}qW4fHQ$H+_>ArRsvQOJS`_r$zqYPSU$bSr}KbWSZOWH@^EH6stVgnzie5Wi_I(kQFr1)0xhpLRQ2V{4dc znX*1ay*R0hu7lNMlBBSvCP_}rvK}nXV?j}pA( zlmg6@%;EL-K1EgRx?>UU{{RQl#9upq8ctfoL%kw5xd>BnPAvH9pSp&QJ5XM^u-lcT zhx_q0c+EK&qkL5h(YQyTMsv+cmCt}B=MoCBoYl^2;>>R$?;!7F!_cnwt3I6Vr3dj- zPSLZf@kZyzD`mw%t>K@gi&<*t%|vfT71y*YwHvVWy#Q$2iEcj#68D(wJKC6#mzI;V zCBDp~z_)+9+E|7(f*{nEeTWXH=p<11S>+UZ<$29NNmVAVw*HO&mF3xqMLxO7S44p! zWLFtAmi!&OO6fHaaNvztGB=or$_Bd~euzaqqp)XEu7*hjWg=2+1zTY;y*MG+b|2iO zGx3f2YBBTP)UG4Eohh*B00Yh;UZb3YZ@LaSKcstL#K2zVe0^+RoFaf>qi+G4h*}G1 zqLs;zK+r(M#Gj)WLFvxOc_`D3R2c0Ek1!x)Cdnrm2yC0} zylh<{un!H;w`*zTELF_fDtahDK6M*X!heXJK$INmlCGm1p9)tTHa~p`;Mnb!4CB>c^)@&T}NbC`5WP<3+`ae1D4D$|)0H{|yC z8n%nIy$g=Nx@K2Ci*;#g_0LhcTfyPTT@)C$(->n=p$7$p;t51t85Gx&n|>ydePTdX zNq_~DPP9XEOcVQ*pIJO|#T`gu4Uy5wC;!7?#>%KVnr%H6?6KB)IBf%_HSVMx)G4Zg z0uh5v;c6{u=`uc?ZMZ!29)`g&>{0=W0IXw$8u){{Yssb$Y4!7lsA&ox>&x zjjsvqL1%>5#T!^)F}lkn-m#VKlr3^P<)Nukv4@Z0CMsTI7^3$(6b6 z7P8HU=WLuRT0YLG8e-r2%4|XBbY!B$B77Sj1LII|JOi}_;Edg-NebsW=*IdL&Zmfw zb5tfhmSLQ+9t_&1y9s?LMsIy9m@iR4!;qjJrgmmPiv5+Ibd=0e{q584;v1HRLTKs$ zX&Oq^^>5Z%x@gPNeb&xm54lx8@vh9OX79%GcKD!1H1X}|@;o-?5Ycp)$G4#LiGtgg zxQf!`BR;H@JG%6YNioqxmypz7q}Z*Upj8|*=p%YI${!X@-TVvItn}vQ)DOC7rK;<1 zALT%F!+re7@j&`&pxbpEdmr!pWX*yr_X=hI`bA1`mm0I|3&p7Y-&aiRPWMwo>6{EZ z<)*$4yL*deReA8Jms}G^q@2ZB$YId(-|S6DfdVbRk zpgcWlz#>;FzRdn~Kc)&d&PT}DaW87H=vzohPw22ysQ6}wg*)uYF)NO5?%tC>e4%PG z-rP+v5IDrwLnfOiGlYuJWfI=vqZcnneIS~;L|5fZt6;B^=y&HE-)MvZzj3!#q<$Ku z>M}D0opJ*!Hso}J{1ffnVl;9r zqN1T8s>^Xfbvd?3RVKr-Ze@=1sm59hVqst`OSlN})+- zsgV$zFFhR<2z?Tl1OmjU=Dj;ha*ZVNsSDv|`Iwd;D*<1I!{-hL7K{_Z0`s{h21{Zv zDo?Y0%Yog(iN4W1@r=pCMR^?1A22aX1!`mwEqS6F$4g-`zK11dK^aFPQh6$?_ru$X zcFj@~5M8O`c-IsN?ro7OeEI|+>SVEMwQBw+Ep?4G50Y5VgKnSYYKc7qWxFwM$fkpVhLM<*Vc&3H} zc5toGH%&YzKW+Uc8<+W%kcgnf@a+0h{OB{Z6JBuIz!*bI1e$!}-4c`_qlE-#$(`Fl zND7YPB78ruXVqfDh=3_WyFXk2eo5vRtHInsA{`2p99@LG(~Je<5AWJy0Kls2{l2ZT-!P&k z^oXK8AK}^{>>xS|+7vxk+x1xGQpK7B{{Vl$;lqUl>-{DJa{mA>k@jm>jZm6fU29@% z5v0nfM*t~8*Qd~4*7TDI^#${Bf}!UV7T;m|W~f_%#*JuCr2YPSSFGGJQ((B9GsoN# zfW{-HjBKw5#U+h8US_A(m^1{mVqP}lXHE&Q$Rbokd8|fs!wDS;TC-Zhr!C=49>>}$ zMj>`g^xn0iX=vv0c7>y=oc$ejnlrXeQlL%jPW6I_iYCO)Sv|56+b@jMpCaW|6bc?0 zxWI>kOSNBVaWsJB;Rk>K_zaIakXOqv*qFFxG!_)$kGIQq^^WNtNrY!l4{(4tZH>qV zu1_F|HW`jB1Z86ANy1zoCwvzn8GtIs^j8#u)f>0nz z*v11SffsN zBfS>i2C+JVjdJ)VsPW46tH|wE)Y>Wip_;GTSSf7L&>c&>c&L549$VJ8g}kJ^Cr_91 z*=c{8I-f)f{%_RllK|2rA0xlUAkp5h+W3(87*ViTEi<5l@AIGRy?;$c<^FXqIK^FH z04q@*Fj(aop{us6vpZLyNE87qVN4$;SbzWnKmZ4z%_4whXqzeTNQmzhZV;x8h&z?w z!m@=;N;OTZt{wul5Tj_+DTr%mK`hD?Y}ZX7!9sv`ZsSq9rxhUV6;zzZeUqn45E%Y7 zh@6NmLbvG*QY!>vs-g4Ah@S1s*&xjug?020i%+JG?;_O43ULJsrRc<`^ikK5?|Cg`H6?4x)XN6fH}nQEKQ_&{oVp?_ab^_RhI0WN=E5 z8w;VgSzf?lKodX(EMcrxt*6tFIAE6CYJHbNh4(P7M(HxkdI3*ihesB2$eQxO0a#?e znK&aY3WCKZ?sz|dHXkOq8J)0N>O@6iCtNX#uu8TA;KLP7QupSQ^PR)wLw|ynOEMoW zFe6JuLr1&BnX?c{sU$iY!_6|)9^N1i5b|I&0|8qE6dx#GSzHexvQR*JSAKB~ZTeL~ z5jG+va4jD$G6eA+`rB~p@J&KnXk{M892R6Ds(bj-$ZcgPMtwG86 zFC2IhxFPJg`6=`O1M@1l8zfh!d0lWF15^hE1=cF2KwW#0;2SlD&Q#H*7NOdXvk3B$ zp>-UhkHEr`5paXYkqaO$At6;Ih+HU^i;))-q(BsWYzskVT2!iKKp+I#Jj6brB8?-D zT+%ZhP!Niy%$f^pIx*0YSI+TErV1ED(XYQaKv+1{0LnoGW4x*Oq$Hq$+=(d5r6S1q z-N*soP})oMS+SBi1w97+;Ep@g6zq!*MtU{^^sMk8w!_;vAvSJ7M&b${JIL^eTtDS=M;_hsFqUvR^p zn4*A4trhg;DgOXZrU)4f*0YOM*GSWA>-ugtFY@UM47Tc}T1|1ru*obGd4UmhZ>0l0Mwqj*e9fbdcvLWF8Nyp=p=scUx$AW6Jgh1p;PXl}Px zS=j#ovQQr|z-xFVvOurpftjPx#_PLYCtLK?svVvtYhF%J%I>8Bw3Mns*tZ!vD9Wh}wRt{TcBenUGM!bL+oW=Yi!TJ)~OYxhO5@cm!V4_y_vk9g`C@HD4 zK;SO%gySWkQQnZoUm*;g!Lx*J!gcyTDL@;F8L{73IZFIS5EH#T0oH5jP11Ta@+#DL zU>4e827=y#pLqq&;81djb!2Hhc8iO`&i1kRBxH4UP#NbDfRH!t%k1Jb~5@%*dlH)y3o zrF6O%39fTe=~Ru&%f;6)1H zC<3bh#zQ?sPsTRuBNqoyItOzPgwlcd*vfX-{u+c?9L+|w2FQ+UO1yle9S1*;3jifaP6UmqVvX--#yucZOf*Fv3^3FTIHAB4 zu_LV8f&y~YC*Y<2VCz5KQH0{B*ONfHatR6S|<*)fB z)DVfJ)6*WN(X=z7IY;Nxu-1=H;@0zV3ppCTjjWBd}>2s&P}q#RLXf!|6C5Fw{V@h$+Sq8GCM zqYgo*iXUo5n^JsbvjKX4s1fisOcYbBiObqiX}A~wV~Hu?s`?>0l(u0}s^24~=JMh~ z#KY^rnldCV2E{;*m_s%67Cm=*Q-EolhPV8*=90DSH3 z5Y0A$x1n|_ZT5J@8h+@kXHU$#Oc1uqd=5N-M(~^uI7}$?-u!(PEMg#`2f>u&yUvPc zf&$)xsiOBQHJ~s79*7%O_Z{C7kydb;UBkj;3y`6U^N4qC#7hB#o#-MF77pFx2K*R7 z-A1FX;6XuqM$}Mc>0d4@_9m%B4{;AZ5i>w4*5S&w{&I>6(#1a5cg=5j^nK-J*-}Aj zI2=q({1*LpQP;ECf+SbG0B+C(b+;eZ-grwwDb)*TE|{M?WMJ3GGw+Hme`)&owX*inaR;;_@AgmpQIm61LOnv$Po&3HxI#)T*v`59$|ku z{)^Z2oNiy|QoQ-!?`UKB#5)COR>1J8>)usG7LQ7bV!>q!tJQJErE~3*W)M68ken)9 zka46k`8FGvOGF}|EYP~PWVM2}+z{TeyzT~oiAU87`O7onKvAB>2YyTxX{SGRNW_-@ z7?U^Xo)piw(?LE_pIgt{1~?qFCLn1QxY1~(qt!z*{XR+F-_BM66|mf@v$<~S0lm@= z{AUs7?8SVo!fW8_5-7!-a+WVQV3a@C^@xA76+v#*{)a5xR`2wuahdLMYo@WATF{ACh@8}&V5G$r8@Y)0v z2i&is5wG7%J1dP;>OP&l^CFGxhg2GlpXp$i*oCJ zCX;3=1Br>~uje0-icUleq-i;VfXvc_lFG}Kvg)8 zf4((p)@&4Bm5++x00I#qtS=X7#~Lo;K}`i^=D!)Nc<968h~Uy`v^`tf^N{=I514rI zd4~QW*sC76xs^UTgmv!Im;~?#|rJ4Uu2E2 zAk)Cn>py)$afZK~C?f)olWTCK6k#5PGb-B0svl|!dIndcEuTm9gyE^xesGk6IO*8k zTm%3$9glk7=Qd$(>h}j4Ji!8r4ZF@0Byj^H;WZt&+NJc9{&=Y#s)&aEgdtETi{`(uHCU9taRXDAXE+yUp-@9s~&0!A~y3r~`Q!-+;ng zN;Kvn&;_7#uUkb6G}QD)5tSk#g_N+~z+gJuXrd2sX64kf%t@Z^hG;@1W6&@`c8I9x zOH>3I;{j{^C7cPULLt26Y554CZoF!BxJ(&5Gq;&e{{W9aN&?b~HKj1@tX2WCM{X43 zGhm>CH#ayODt}Mijm!MHLtKAf^ZJ{teWwg<|JI1 z0!u+giFKzaMrfkhcEB&5;jIdk!{E2!K5$UVjo%V2+Wcb?ROJXR6atCk)-zj}2&bwR z0e3N&Km%{Bnw;~N46$n7(L*%%d&Y4z8@jy(2#D_0y3?Fd7mRMj&`j;@VfgfOJ0KSRf3QKmaSZLASlYvOu@( zta-oV6y`5RJq?9k&qiSc6}vZsU0LHUC*frL%!1HW3=-3z4M$T{$9~I~M5L_9=sFox6W=lv}mF* zR};FzI>&j0A`m`+Kd1b zCr;~WLNh`t2@#_EW3p>r%0o?jo2ztw6`HQk0O9dIg17`pAH9itbb^|1n1441_=gdBc(Pk0@Ebh6LX+ zE>BI6yoEGYOdRkF(kK>*zFEFxovC36A<*l(yvG#*sqzdbH$Y!ORS}0ip|_Z8dk7 z9YGFADH^P65T3FWeov@39JA`d=+#!RoUOIIL;mE?8ep-ilK{7CN6JrRSb_bH?HNI zfwrFAD`E)xaglGhmGi(nxG-UP#R&>G4dYcxoe>KPZG2|SH3*^|j>2f%95ShS(Na6( zG2mLG;0rINKNtl#p`Y-7`IekQ>m0x(wg<{z0P9%Rgu~p=fFRzcK zv@&P}M~#oQelUXQG4xYS!w{yKSOlmsL^Y^}x8ml&D& zQ;dy! zlxuFl99aQKm~TL~??}UqdjdG(`~=_$|$KR43dFsaH>M zw1}A4Ay8sPs|xEH`p_kMCYGTXSE2Mb5-LLlV5S1!MV}}VS$m*#E^Lvp`Fe>Oc)MA?jE)AGuoCpJegHr8s zK80b?1L!Rn0T%f*KahRz69P(gC)_XG2d8csKxQYn@iBhyV+a%3V zz&)>%2>})c(x_3fa#6SLL_c=|NFd?P4H_1YoJdZi@^bh)-)&=1lw9Kw)}-eATUUw#_G5Tu`Hr& zuvC=4LepRyG(%{Ioz6MCl?t9#yOanT>jl=h3DndOXtwJr#7L=wI}SW*^Dami4U&>5 zEk7sF5^HgA8y9CK?$FPwY4QEtaU68SmfA6RulGv%Y^ z{{Z!Ixqp{QFcc*rx)F~ZgJ!w6s6KD zB6zjyDi=YUFqeg3Dc_@iUJt4VWQ(d|vF%uD8*UA#$6WMzj(Lt3>2xCW!upBKaPEES)J!vuOzA7>Ow-9-(K zDaib&ff09#IKI zX_|1IlNmG`4=^d7Fw(lhdKn{)(7~8igE%I5K-VOvcr4|()J)kw zVP@1j{tBhv$q8bf~DARSOBIFt2ih}}P#}I;fh?W#AM`)AIJy{=1 zUqUo}`^d9O$@Aby>Ai2Kab++YHd3I?#GK|Lbx==yk72C+o9S&2UT(whzsnB9rdFrP zI%k%+fWQyT4F3R6<@7z7IN<%o{0jqlq0uOMQ2aP>7Rh4(vTZS{nPP76Mi=L!-dZ%b z4XJx4GHaWbnnV>mIp+Nk^ezh>eav7UTF>6-e;-21O2F_QqiN0Afj)U}w_$-%rdN|2 zfz@3NTN|l4jJG6LwvZMK)I)f9g?bumAX~LvxcfTTu&=-vG0RSWTTw9y3nQBF)DO5f z9Ty`{uvt9fZX3Ypw^0#TJOoouI4ap0&sO*~*{gv2T)0z#USo%76m26x&*E@HH(^pH1CY)1FFH4e3-dnWCW35D7Kr`$2G5SS#T1Fdt8fsEWe1r$xBl@+jKC*20=CPdAcP0B{b&1=X0^G-ar9+yiw+0BLZ8(q~F+N zVxV-5LqG+Gr$;Fi0PH}Aguf;`_PmvF*hqJOT$nAC)-@h~4D*iU8VU*<7ekMI;S%e; zPr-0~yj)EqIE&;sSa@Z}ImnRcICSZWam0qr3omUA7GsJmZ19M1pV)#XakB zc^}5(Y%vB4Tf_sHM(o6yfKUS0XhW|V0JAQNkApYOUg9lP(bPUj^wYU;9cByDkJ}x1 zv{A@xO&+}WfgKZ_NwRuwr+hFs06=4?vTR7zOh3UIu)*LSM^~6_yQ->B6pUHo%y&>a z`V>N6F~L$%+G$>~V;y(2F`(CyIjV9BYI=Q){_mnTOKI#PE}H9Eb3;wlJ7*+2!2qj6 zs3VKl)&MDJi}_3i9V8tnl~RVzrTPU`05xiDp8|O^mK-p#*PBCdofB``a#V?MRYKED znXkxd0#T~GD&II=M>RiSVfg<5>f>_%05Xu1Qi)CW2q(gQ4oPFT0fdgjnu;A9Rn^#< zJY%?A16Zli0n^SgJ5vsmX-$Lq`jY9y>lwj&F3zAwMlTI`KEgGz zNbC6ZpHQg#&>t==1rd!k^+*nl&x`fH_Xu^~6iQ+GRkRML9vpeLYFO|#UHG_g)(|M* zRMX_i1t>JA8XswusP!7{hl_)Gc7Y%P)CQgr?-=r_7KH3ZQ|Peq2e=jeh591|J7hGV ziSUVl!T>=400000006;*YG|S#08hC802-ac*hL2HdGGLXl+$7rXgAk3?(zi~#MAYU z)hn$4ZKOos)SIo-+^Yhiw-0K)IqW@+q}{?Mw^?$!6iqnIHuitIMd5R;Wm8>8n^<0E2C}>QH5+q zICqd20uU99FN`Fn@YLXMv9z1G-2-EqiiJdO_2(RlClspyj}Gy}2&yCv-jl{BU;+&y zDu4j0zA@c%NEc17dmdolk>RFj@wn5SNK)}dG1{?|qL?iRLYs`hX^W4m6&7*d#tokg zpbaDNH?QOp_B}c}-+F5i!fBhb5d`vlzrwok2N4E8g!+pjQB>@B(eKlSN{bMyLB6>3 z0T+I^9va^9&IE`Dc4@_9@9)gEeKsV*jDN3P5TL;suXB}Z4j4k}ka5`D+mQ&z*`XI0=lr$|=Xux%< zStuGA;K9=hX%!#?bj_RIYG`HTU^gP|G~`&Sm6}DVDNAr)MK92MUm=sLHtQx1<^7MG zxqv8+)y1cVZQS9Y6p7eqy~4h9c_dAZJiv<_Sv_o?+x}MWPXOVc1h5J8p;@GZ|ctY+?En=MvN-dl7pL7WH^Tblifusna zyYD=HGG4IrQl|)O3@s{1poP)H##3yQRNQVc84!~<5_0jNQ_p393A|U@hrdQplylM3fZ9{F^05NUfl=4IGnD_9X?mVp}kg@y*a7Yyx3gPoqQn zbjC)MlFhipfj9}}3ae&`tiEc6qy&%h<})COMG~yxydk!@={5m}(z0M~n)V6IRD7MYZg@2#+DwE{ zv?IOd-Gn94+h9|CFbcba0E!&C(Y71c(|K{b2NVNk+~^!uK^XzBKzi8i7Q2(a`KX)R z05j(phDxd-6i^CNA;A4kk?J1!a2);QUgCWLT$ zl--R#InTx){mlxLvUDO)yvSB0)IwlF7!5E6H}Qglq)lX@aj*(rQl}Sy`eXz`ElktE zn4;?=9nn_wQJa#uekQ4*useqM0ZEBM9lA&mClVm|&kA!CL)aDNgPOFFti1;r3e&AEi3(;;A$ffs9n zq5(BK1H~RUzP~_Ra=_{NvabZjW%tu60whRHc{uEkp?MgGh=OF9PTwj;Y$OjQ?)Q{} zqNWtd6yFZ<0x*rIpg}-ktUMn0Vo~sPiJFX|S~MOPNb`EfoG)7de#R}DS4PmF&nC;-|fULHv)kT8L)NSI7v#W)o}Xb0O5orrmZPmDlVFsKU{3U zga+DGUSK!-rV+GFv}=3T7z-EzZG<#Y2CE3yHMK5@gIsDRW<3cgnu?MV?t_w8Js*l>)cwx9{br_dyk^+K#u0IdOXJqukR z8%pdtbIv?ml?{1>8WJ9PhiX)BQAlinP~SM--%AFBr05DI!;M&Um9X{i!6nmkkN*0>V`;d?+1OR&inGGC(tFQ;80R8y}B^XR6prcP) z&)UDfZZvm(&-*`_ooxkFl)`L~@nzZ%F2kU^butC=-BzKpwyikVq2ahir7)+cR{~K)-;RBd zZGHs_^7Mu9by4>?I%zdf6V94^Wu&tKTX{HmOW-iae3vLaz{5!<`<-vQJ*&q#^N7H0 zpxX2#d3aUAdxlX`gXf5N>!TGBuryCA<~4p78z&2CoC557Tr5OEVwX^ZBzNNz10j*U z0oez2m-wszSO$PSe79$N2tQZ%7di)!>bF#7;IBUoL#*zZ2T zqB?5g){_80fG9K$1ziUG;L?yM07(!#SIysy0f0o*hpip@5yLkVCrpPIEvz>&(c;wb*U%Nx00N2x52Q?cpmeAx zDOiCkg9Q%(h{WEJJ!9u#Ke3@216t!zAlw@imA7i+@`yC5LS^30_lKbiPACndRFBeH z0mK-jx<6A5a-yOdRy!T&EXc|cP(%oBy)S1nfUdG=pwvRLvjne5N}`6P;SPE+@>8`b zaVICY(vkjLL1thZheiza~(DQ(YNf2I$n7*DP^ael>X%8~w-+(3t5=}0K zWn8jLIHnfiXvx--uvFPIr94T7fpMm(Ce96>F|p*DZq;7e+uGbXdhfm<3_2uy;~BsM zdjM`8K90lEqDm0o4&E83N(;GYVUTr`v{50$z2EI-xoFZM&>(D_%VWX5mwwy3iPXv< zH-KGk*6${u$bql|s4llRhk+g<(sfDT_m0NqJqH1Pg#?UffP7-dLdM;;dg+NlR8D%H zj=W+r6TZ+^tM|)lKc zRXTtb+vef21!NoOLu%2Z9b+;~MLQ&g*IS8QLO)4p3%0v(=V(oP)NkZ{1tDmEV`E=) zc|U@A%>%G`O=P4f3K0Pok2tzC^vCS!{NvL&Wc0)+@|P|>(pg0?t%aix4pMKOI=>W6 zU?rv~*}7|fTe#@ia1|=++PDV9q*1XScw{uGtfz%yj@`gSvD=~$78R9;(?ZCil>n9z zGgvGH5HUam>aFcV~;yqxCa&`b5;OWx$1M)9RJqMwrnv)6ipcw!FmvV2; zPJ(z@pdf`^4lRu+h?Nq?2FBt;twL`~ZuLGfj^bnffEJCDnb%1eiodIt7KF0&WHf0W z7~x}65Yi7QqDD!qfPhVS1S80j-P|9B9HT_UJ_ctVSKY~I!y%!Gt*^1Q97E8?wA+-F z$?bOFYTBgRu-vXR-<5D`1TbjPjN9Jpum8FwZ->@Y%~xCj6{DXK4)cM(2`abWT=pE z;R+7+cfX|?0YH|jsI3Gx`@txon^g+x#%k*x@ef)9Ex>F|8qXnXLUc7Y5;eGAcWybV zFe|m2^N97+0d-hwYnB&I6F@p9g(>3{Cqf`;8l%Q*6%=F&jEA4v!qrs(rDJ;&j#ARF zMhtaL2Q1&y#04Md15vH6BB7Q407D_-pQ6|v+R-XBT1V$bJ5oi%WR@D~z4sk0uGwUi z@&kR=7C%5-HBeRZ*CsB2_y8hs17{CXh{!y!b#8BTSB-VB-YkeMFwzm;&TntsM4$#KeR^PK(bs-u&pqc4==b zLbJAxxaWYPxK;MYP?)OT1YqAXrvb7$}L;W;NIW?B=si zo0SmIn|jdo^NRtM6<5oN_Y|Vgj+!)6e)4TZkI4e6gUn|^TnVT$o?*P0bHM-BL3JMD(A;$fLLP`_y<=H;GME4rS4W&`Q;)C?$w2xHX+H{8gm7AU zR<)6OAz(KTioJX?HCITag0N<{o_R921OWseHyqo*h5}LoM{70QX)E|4p(3b@$CCho zLhY7j*N?G4bkci!#9CR50BPVMc>oy)jeJUgC>E;NGYF_nl>jc{hko&#d5n_>ax^=H zO{{l%+jGa33sg3gq^iIctf6sTZ)E^1?|ZZcTvVnOEsRi%ASKTOy-0NLt9)R9F=`^F z@W5fE>uN(qHx;TH&L(#N+k&X=PoDJ_#t*fp>#$CIi>4#p3y}(Jl zn!pJNWFXr!<-=qVKT|1@!Dz}#Xw(4iJe_y433pwnGsAHv{X&y|2|~pH`Irt$a-_Lj zPa>M$3lRB$Uoc(sM7Rv7W*Q>yX?2T#f?k#2Bo{>a#T$W^GNHYPV?AYuA2h)ffC7ik zAqQPV)M#ajK$kWtXOv78LdQYPEH2=v

v_8(q+w(W^l$sG8)h>Q;#UF{4UdB=-e09cZ|LlS!BuAZ&PWz$C%w zduoIN60v1MZ5t?Oz@`rEGgvb(rl?4E@C7$9f`dzQxk%PYVa3;p#D#{udhpZ7@wMM2@Arkrf(2QVRqyWLdg;IGXI5OsJNl(?{uQ@^_ag zPBs>W6j0J*t1?&Q)d<;iy2Em!khfQhRO96O2}8&rNPWebF^2)%R6#F6^sFWTUgnmrb9Pn2`b^j0P%FZVzZm$% z8Ka<;9~oCOA=7Y_RC^pZ<|5ef(nsD64?aKrHQYZ4%y0RGEp*<#9&q+}o=Sk3r9*zq z2_`+t3OGvk3q3?qFh?ATo^jITQ82{0hf6Os3p@UoTH@?2TGYu z%FG%nOCj(OCzVW3>^6bz(gw|D_m_T+LsIkrc6!DoD14fc4H*h1`;7}m)JjeuHRt2# z!@v4fQcI5>GQ2Lny@2}beZgO^sm;Bi-!lRb*H*j@(s?_U0E|4KK@FCZpF=k3;uL%k z4?kuk$f&y8YC-{BTnTh?WlkEQW4VlrlX#Ad-DM3(2v?C6zBA#TjlfO2;k>#qlZmi_ zSf2HOTTfsp(2)hd8FnYH(zFvt(M@_FS+&Z<@^2D~>;*ck9|STY8+Pm zB3dWhn0Sbh32DkT^{i|=r}}Xx&oIm2CKN&*9c4X0t`I}i2X~S8i!~IhWf9HMWx}L3 z==rRwaYxb-y^us^p!Zo6+Ai;iu5S zSRk9;c3x1ysN{aQ0eA+n(CH(n`T8iZk3r>)U=jw9Z5RTx0}PsV2)$N z61Nk?303L}&CCmT)dCTvKHs6$f`lkq>3jLatT1GRI8v1PFj_EV_@L*5=M4y$ZMA%F zH}=C6QDN*8c=Di42|!b_vk0#MO|&{l`@vi@$ifeXiRAcaT)k;~4i9d=n(>lzmhm}& z$HN7LmsH_F-XcQ}Ci&@DYeM9hR&_nc?3b(ZRWY zmq?66b%U^ao_u5CD67+;K2bUaY*qLS2bIb(>EE1g-PzpHY_myNWRjhf*!|ct*`0+w zuF`fFte&Yl*f=quB|JAddKVYW zo%L41@+UISR94k@-N=Cu1-sZmjSeVJLO6kVhOou38PW5hqtgpSN>Vx2$CZ_dvR3_?-*DU=SkYF1NZ=SYm~Bk*0Dc1qgoOB;Hf)dy>i_~v zwWbqDaDFmXOh{mg^T@@0^vDhM1WmCH;RtV+NV2i?UUw55&>I09fDbZai+jsR~|p0#-#FAecVidN=juyvsh4Yx{3+=CNi_mf}AU?m3{rJAgw3c63T*+ z0Z$<}-=~^juV};23Z5j>P%js&fcPQ5bQaBbZadD$B(NC{wdBYjLa-&T0zEXi zTy7(zV{-ypHZ;<40Gy((xsYhxDGqe;m7{sELA>R8%d z$R2s;6=p+r22*!Y#Wt{l287c{P3q!=;8|^imz5Gn0XnOJKYf7i1gV9l4_tq98w=!9 z(RWjP2glSYmIOkH>l@vA*h0I61DJ6PZMbadzDQtWj`o5NSzbu z`m1g?(PrjU9lCoMXv2&lYD-8iqkhC|mJ^T|iJgFbu$vO0XjpJ>Ip7G>5<{s%ZKkB&cSLp)SpQ zj9SlL5aH8N2l_+Uzi|^v4=s|vxDIVGrhL-`@Z-##G>-j@6^r(nC z0?8JozJ98?z#Rmm#Q6RX*BbM_i#Ia#r9^`o;~g{WzEZ@#Q;c-yiS%@=NEQKC>>o$H zQM7skZVHJ7quc{Az*syk(seeiu(RVQOQ>sBg!(nLaJls4AZizCB0ojD?i9N*@dXj+n7NRVHX1wJrZyjg z0IO4j$8%~0(>2&3uXwMbFjveo5&TXFs;K}x{{Th?<^EkG?>9Ac9|&7oYhqbUnW3a>U>^QBOcg3Z~{H>~;pDP!a7??W{zt zFHnjCZ)mrMN6iYr?4S^`>)svV?X5#p35XQlvQ}2R;4ZOBE4G>YmJsb&%1dMg(3_jU zik5aQ*I?T}HdiD2<#@uUzPOc5#WhdZxYWoQ@fJWeK5*cWPZ@{Z{eCpE0J|!Pr{}nB zoD1ts(|YaSoGY`snHAzHs=_yzSO?~sQP`-PW%Ypx#dbZf!F60AvFq$}fCKG^pe1^R z7HD7Rlx`z`rpAsAT9E*9qYGg>rvcoAcKA=VUT+`2rc{nm*BJ4%(}|zH&FJ=RrW5*r(?$h|Hvd z?L9>f->u$;Q8ExVuMGt56a>w^?$sJ^P)g@8tgJ@`L{gjV!^Noq#FbWU-Q0YjC&{Q% zf>}eEtlU9$HWa#ajH}i|0WI$kYUKwlDK)WbaB3HIsk7gA`#$$K5C;HYn}QiMR#~GfP#V6 zKL}8f#kaG};yb~|RYFa>w(Tpt*I;ba4JZ%`45Aexrmi7JwNf zHRb|%3Y2u{O#}+%u>k2n7Qfr-2vPvMXx=4|ds`vN^Ii9N7?Tq#6etA+AYkHAb#4!X zG&ur|s)*>^qLn_boM~B7qT25kjTTeFCbR}1A_j=;$t#qJkgrUR%oYlxanfpPMCsh0 z%^V6;9r*EpQ!!CS!Bh_warj7)s;Gd{?_n|+im(VF2wOFW^qkt8!Z2;nLSbq^k+!HS z+C6dg>0-CC)WYjQuc8sf7+P3}@D3@}s8%7Q0uKe|4t;GTCd4|oy)ld%sd7N80VGFx zJvoq^Isl=#UVS7&%q+)xh)MqdmLZ%erJ%zV)I1DQ*{-(*(0m7JCBswqD8Lj(;6$D7 zZB%Znt$?D4vMH5gq6&LvKEa+>9(77k4OXX|2fP4U#j9Pr*V_V$=~TOBl|rR_V=DI1 z3fLYD0{3ReU{MyX7)euafFRIBM27G$EMTamNKmS+UHAd8s6eF!bzDm_uwWoN3<*wP z?9o$+db9+2#MQ@@2-{^dn37RevbAcw-<%K@KrjPVZ@YTpR3%{{2oa^Dbc2T;=kSdc zgKxTHofiobJ@qwpQ$=y%HgzFk7l0uew!}nDRU$TRroCmZSr*D^1Hkcd3q!JI1E9tB zw+M21KsL5RM!n*Y7iJaG!CHX0QRW1!DcE%C{SV?)08N1sh?sAQDyQ zOT3>biqO zqUwS0aFFp9b_iEzpP4;KkrBlwF%i0G zF5OkeI_pY61=_#Sfw_N|OJh(D253-a<#oNGyc{;o2x~x+sIZjZ(fv3>=X36sd}VJ} zRvL}r*bUjN1w;u#b!d1iIgVkX3jo7biYh)aXRs{+0Xo1W=O|_hLIZ44xejI_3il!(yPM94Yk+nm@Oiii+tGz>{f68^oTILa2i@y7S{*5s-rDB( ztOoQQPbwks@_upZWlMKm0;SOVa&27^ZZtL$yETJ#L!L*qV*_B9c?T0j5+ca|03Sb~ zk=Bi2((nt5IS*Ee0b358V*b}?_)37=gRBp%!4OO-Lusr6(jmrXz!41t=jaR2wXJ~X zTK@o(6ew(zOJ$ZpuHeb_e<%yXva(_|Nm4K&;s~?5n3}1tLRmsLq&FQNC?pyIAt_B) zF3yQ(p;4u+r@R(?LV}CfR)h;Au2sm~Vq0L+k#E=p01T%b0k9SgN`)OhburH-Jz~wX zPU=|m=)r<@4k@!svjr*R)mE!Cua{)$(hNWCt*=lj} zY>cZ^8cR?COU-X4pd~2`1PN#*32`jb%F!4?qJO`SfL{Q zB+^%^7Mh!Hz~I(LXe^ikbT*R#-pUXm04i*exw=M-Fa%0EX^dP_vb(ML}(@ z#`B71`QR-y<3N6hiOC0`1L7&yL{a#Knm zK$t8AOs9?gE$DvHz(@|X7YG4+75YCQnG71%zA<<}RyEvbprWMe0Cq_pVGcorut5X5 z$c@DHAw$=#HY5(+g=)yu4W=%b(>r4K}n!~w-z(2+3Bj?+^@)YhEZF))a$+zEI~ zim8^ihn|%!^O1XJasm68Uw;Dai<+rcO<-W|V@-T7AFKz90q9|apWg_3$hfpiGL&aHP=+*}~Sm4@A1HmuRSD%1h|JQ+q=gEN4^FYyi~Dl{AXMf$M!-V)BSyJRVXiLr7Mx{@b~#u4 zEQpQKAiQIaLjWG{KsE*_ZaT%PQs)4asOoUuL3(a!Kci4NGi7@=xt*L}&QSW;8za4h z9+wZIn(aog8Nw~*r}y5EfG9gI6tFaW{{SHlIRSvscBJ|u&k883MFKJ7id_Qp4@p*_MBWekQe6~K+?rA@HdC)c zld6X8J?0xv2B1^7k+|xiW>>+e+Eje#zBrKpvtNV0TYjJEeQ*W>tq73rsvnF3rm$#Psr#81@g^2i$oO+c zoXj_X1vTJi875A#qW1z#1pON|~luONE8Z;`FWF>$V;0DR6mc+jR0HqTGw3G;`xpygv$F!AEAfPYrqNkb z!Q5M=5}3`Kk4#VsFS9zCC~XP!?W~Umd%#u#zaLaaB7N{G1b%V_67raa&KlAbL%Ytg zDC)q}L=V~XK7hM`mfl6{8beE}0v{yJdE*-DRpUcBMK>9C+hC;%bLnI*L;^$6c-Qb+ zwQ0M6tc5wl`Z6~!^650tMnSI|W2aA?Sn{EOL=6@?JVOA0DzFS_`>y5r4?XzqvPa>u z68$O{2i6h;U+p`MGNx1t6NnlgEM&tLPy`2)*S0sTLXwmUO?)p4jWa5fF#Ip>T%Cey4l;H)QWP<&dSm);`{#7nIt?7raS<=O_N ze_-OSdWOI?NZt!q+L0@L!vialBc`=?=hiFB3$@hf=I=L$QsNyduF;@1XUtnroIpID&9f)i@BP058@15Sbt#p=93J~79= zfPnW3WQ7^bQ%GK#BLD>w`eSv~1-b>KP4sil6|6lF$UT%7zOYP3_)vsW(!wpqL&^bZq;S@b9x`P`s^aght31aN5;#_pi)liD zm&PRaphS!(Bz&|Szy_YVGt-nGlNwc1Tkj4y;5HaQj+EJE5xr)x&V=k}BG06tHQO&zwOqeKAmvtF-yorllgCcczRngXed71tZP4An7aSk(sO zmYJ2l7sBx z)5z@Yq2h7+f2H^Sj*ZLw+DzFL7>~UF05)CTw*1?Td;uJ>5#&}cw+S3_TKcC))_-^) zF%iiPT|zX8q;aKT6g$~W;g9V_1UQ!u(*b~gVeRDj$rvIn*bKLL)vs~0NqS&GXxtCW z?;#oj7=%?cB58e@Z+Fg8v*Uk5U?d)wt>pY*3Z8HH06vLuh|pC5;HvA(pTE`q1Y9qZ`DBIE zb**y;l?(+W#bLL~xb#TT4I;Exdh@(Woll>zOn!pUfI1v0kjK!pi-N}FTBRK3Y}%l2 z+9Khj$rc*BcHcNRC<3vhO(M8!ph$=Xbxkv-B}oL}m`&qp%fF#Q6h#HBaIV?s9@lgA zK8u=fNrtVW2hG9zQj!oA6qR9B&ZIV%KK_S2VHQe+dMTK(PK^z_zaV+sE{uz4^oDN| z!Bp%490~<~52tArn);_l$$)eVkZ}`Zjh8EJd#6v^0wa)?C>3^4XR_lp^Bp8bNSdCo zv67Cpm%^j1#&eL+B|SeG{{TsgS6F(3+Me-yA}MM#V)#MHTIXK`+Ru#q>K$sMT>k)* zk}?841wZHdIyW!!=>&X~trP)N)i1LKRy2PKB2&Xw!{~S^{IKEo&v+}P5I$}sZP;ag zXiO!PpJ3lI7&S+*2|xy6fDyv7>ieicX;8DH5CW8v6hJ+qGh1@2Dg~ryH%i#G!!sZ} zGl0OVp`ze_fHEslOB66hoc+rc$!Mk^1nF#f&E!n4bSTD<2*pRdZuM>e`AUb_J>uyz zJPkj-adWP^uAQ2-cZ+K0ouZy>wTj(H78FOvv&V5&rLHQ{1Rk0+@Wr+YQQZQV=G|d* z>$u7dhK(!pl9E0*5Jr$KgMk)Esqci1uBzg^L=!F@tVIsZvfXT?Y@_(jurw6|OW^2z zmB5UH(#eUalR}1XDB5ZU2{n{05$~A)09qs1LZ^w)X}pAi$)dm-2g8Q1&<@ZinthOe zyU6Ij5O)6eEdwpFP`nI87CXyfJ7ItlidciWq`6BCNJCLV7kWl}ae%FjGynt!2COln z(vB{H0Hhr*@?)D~grugKL}3|OZ9&bnXFAinGh=PFdoV=kLsxzANB1IN1XjakSQ<9J zR>J8i1kphl-KN7JSZvtikViym(m<^RkgEiLhv?K$-(uHP=u)~DKnzo`R1eO{( zi+&YDmlBQd%bc42#YlO7&U54njzj_&-CgFYZ@>|`sK^lul(nizk5Q%W6p~0M0&i`P zBM9Y3RGO)@1EA{WurMcuU=HX&pwXP~lz>m*xABIdOrY9eu8^WV#t^Lvor_wOnghlP z$47Dq*lZGbGX&Z(-mL*5HIF3S6madRk^nZ3&7jV-+}5D7QQA|MGt zVunaKndJr)axnX1Bm=9<1M(U9TxO(PS8d>X{{V;Yv;Jl*uLf%(^2j}3IID$sRodBi zR$$_EKQR)iwhSXEew?7vj1M|92;e>+=>Rt`^64>QsEGRzjp})oq6g{oU8jS4_3*|UwO81f~A%L4Ty-s6{NBN9YBpB?;-{T zs*pkieXZ^grvibqXF#2E2le2Y8y%O?zZ${R{*$#9*htW$G3h04c&zmutt!4^K_=)h z4H9YKsiy2%e4C<0i>ZCIZ(Tq^l6N@LGYNrq+iNL3K1ar!vuSDDgX!r zt@>7Hg5QK>8ROv2IL#E%qslcj*N<38)MhQz&<_G`JIgr%8|2ME2CqKvrj70-$DO+o z@rLv`^8~p_ZUkzh#8x!>?H<#bL)G(-tV?IWjS=ZTIYfl53t@yhg@zKb-V+EkiYhn( zPNi?oG-&}yg1y;A@j3KyaNY=~Kq!LF+$V*AQ<6$b2Y^js!%zTfNufjpu4*BddJHWW zPmFJK)E3LHU&GR3iULG6o#;vWM@bjJa87E60`V2@yE}*_ zM5@J|2SyR}=NJlNlvOFw+^Pt~LWIFkh=ASTTy0|H7eL$Pl%!%VqNc)dj^F^`rX>}~ zO?3vyRP5csB%q)H2X|^Can&$mML}#jNxb$qA!LWHR z*_Vyb8^)14^l;qXH=vtV9XpYwXER8U^w3T3TP3uY7;03I zaHt~g$&5e60W60{w(u(C=(lTKJq&S9sO$h_kp%9Xmsu2&H|`!An$0@{`v8Vw6-FEhQHJT!h_KO^-?##2F}28GrJBzAlYWdQ3J zhVbwysPI6VVL_I-d1_QLtAGNvAXgl{!d!wCLX@A2cK%=Qm3ItxvPWXs`N>^fZ?s3g&MLoqJw?XR{xl51%4&a(-+-DVWT0;E8G~}`c zSXIz`y1;-|{X=kiL08)bN&Jq$8IAfGyN}4vxvggA6eXH@>2P)oA&TxSp$YIXWv*U` zMx?309Xhu>>LY+!1!%nn02@V*!5{CuHiy#tW_Ro^`0^ii6zNX#a8*=0?dQ3ZeQinpiQnrbZ$J>Zp)1&fDKjQqBsFGfGUA~zB12u_)X|M-*zCI zW2VQjQ)jan<=hfO?PoJV3F!8SGAb8u7*DALgip#XFj*9U69R0o8=-EU7|q1VC-;i? z5+)+cLQ^EI7ut_8ICpmI%uV_gOk(E6Vo)66u;2w6!ot+V#Iov@_<{-4Ob22Rh1kA9 z_862H9|a$_S%wrF9wkR6t-`xB_nc3qkH!wXG+M3l)%|mSu!>Dg6z=)CKIS(uL$Io> z=G{#?;Op%$Cxduluneq6Q~_Zwau=gwC!=3j&b6cV=)$n`R^ss`-+e(B@s~$FG5zHY zy=H>h$?2e~0-7hr10RSEo%|QHnJO$;F+O2H`F&tB$N3RLg}PsFpzLG^iPQ8ScdQ_! zr7LjoJbrTXB`TgJ0b=pY3G!(!muz9~7>O!?``Csluw1rC-AF-+wU0Hd+)s^)ctN%$ zd76i-b?JDsr@SN_F!ebiKadJ0G<@TVGK#~VkQSjK`PsdLq~FC z0F&(mZ#k^cakQ+JH2 z+BP2={d0%k=txQ!DTC(i;p4_P)lSigqt*%1@;m_Wz|R-@MWk+D=29$zWeN?C3K8-n z^!)@Qo%wSnm_r(ng1QS_V+!#)r~nI0#)UB%tEYN+ey88OifBD3PruMbQ6u12Mg<3> zFfTx<5;E5Ky=075hjH0K2qJiKM1g9jYQFxA%L+oN8f8;*Vek<;Qv^FWjk6^>(h@?8 z5i@0m5rYz%?kSKMNnoHC<;FZf@1SEr_A}=wcLGRbTBD>LdB-*JB;F3qpL>s2&YWU4 zQ(!mrwwE#-6aiZ_Uf~^dB5EfDy4c=UtW(n8S4QmFf}Ifwsah@8mwE2Y2dPp5?L_tT z5?sxZ4z?4yuS!^|7}gXa%4LWA<{l}p;RryfgL)L$KcA_5gAFCzeU3 z{UWo-r$Ei}n7_$EAA|Iw4Z;G*SO67YS#3MA4VI7xX#*Aq0PHA53mp{G>BEi7x&yW# zhY&fCNNfdxt|DxAvEqGpwB9f7i`EBx-7a;iR5~N}PoUTBDG4XaAJ6awUqLYzz%)Nr zAdpNIn_UOXlR@SL0~W)+K8%(+#-t#wg4Y;kq>>}yG@mEX*7}+U<}2dw7?GDr(`mnZ zliPU|-(ZNJd_hoTFcAjS346K6>fytXz}I8CONXroZSxJ}MM?lhWc`?AIFXkj3O>zc z8-r2-U+DO5U**!#c-U$P8-U$!*7IF7^c|1|)xQ81H)|h~hn1hF2sePe%X>+sv&I~Z zyZ3yKxvzy&I{by08H8f>otF zl`SIF#SUW$V~`-^EkmNFe&vxpj8M(nq=7v-hAHhUf#axZKNA$7wMmk%NGa{%L$T;I zZSgKWrkC4xzoPh=WV;j9?)?6VhO6!%bty9d1mNJB}jB@PF!7VNLIiDKoA2!0fc}-rKEY55f^buMy^IzkdNaAtZ+#-QAqd| z^NKn1`JvrYplAd3@pCEwo*=Z=}CLpr;;GpO9Z^nsdB4 z_Y=gE&Q+^PWQcc0Jmkx;;UpQ}icQk%EG?p>0f?2A0#_gnlF3P6NPD$eh1eS(Q50P%ypl03*Q2Feuij@pj1Km#?UfC=Z%cq_vqp`~dw z5HMJIe2EF?^zdU-BbuB(EB7hKEPyP!$a6)Y+8V+Vk}8|rix4~BeX7g!C@3R)t@fT4 z&ls;0fT3v3+H0<0kbtOEK~!j$Lo%<-frR%lx1hn-1AM%KC*L>heo~Mpl1l;}Fq_?n z>>ro(-x%ZC(!V6r$A7-2f1>w|vln%1A0rd(f>;E2{4&M+IR>x!Kzw*-`fqRO_}stE zr7%PVF3*QQMf2_?pNTP=gz!py)bLK`+-cBt`W|7;;;LEA{TU4!M-;5!J}SU~+v9b( zxC2Dug$oV7u=SXc#5i6HGNCzZ=3E+{8o+ERSemg0-lxVYs`bGbgirt~0<`OoLm0dg zYDGc>8qkJl4#1&Z4}gL8`Vul4K_lGI)(^{E6(O{|4Oy)6a`KW3yIb59uK*S8F%t7@?AQO%Y9lq`=_N5y?J)2(P1JIij|$ ztL){MeN`R{vwJZ8V!-L6Lq>o#g{!RS8aotslLKmKK8S_#tMnfOQ__e{i`Arkn=!1pGA~bGMOd^KSTzHO>pGRPc4M_zy}Zpc)QKBhN-8VpOYIW0BJs!;ylV=E49I#L0pzq=5Ur@o%1E zfus83QOh8eqC%_5D=}e2cMja?pUwmF2M=F$z5*W}(ZR$s}QM zHse{7wrTvJmj?pawZOe<6mO5bVC?SD2ZEHI!8N?B_kTx{j3x|Dk`ReBof`{@oB*j6 zTPoGtzoGTDfV03xg3PMTyDrs2YvGC5PyjU=tyg$5{QE11i(B8EPoslCMtTAG%Fr@$ zgn&8??z@R2Ne-%cvYIs9=5ZcHGz>1uE#1}%D5}R)u!@xtckk$UlpzvVWhHao9bm>~ zHrnB#(d!}>LCg?o*cU^U_0Sv8fuT_G!$4rIAON5Mh-m|72IvVKLxte82LavHX>(LO z*WzN=@&c;3G5R37z!7z`Ez}tIEA&(If!zU>062p))7s@SRt@<8e_-v*EntHg)w~wRX*8}wf@E3W(Tf^xQAZigIZV024h)4)3KL!Uh z_>$~v@B*J%XSlxzE7Ji=hkB-EAjF13?@AK}YG4(KZt6UguT{?LRrRd_3Is#ODRK~B zD!-VU1@oV~V)SOSLo_R;pq027HCn_D-kiYMUhrA%;2g^E5S**LVXgKfuiqq0q#YDf zY24hC9|m)SZ9a~N&K+G(#VINVwWC;;vi9?-BhqR~tmtB(yQG5CspP=Atr*%m($7|& z@twt*_CypylIGYA!3bNZSHWSdB1aFE7#*v#@@ar(sm<_&aru*2;7H3}-Qs00LQiS{ z5ZN@xEoqS0!C3+d{W=#8x-ZQ=$m+ED*KYBo~95b}j9`NU;njDa2Sve3 z>9qhBtPywwC`fVIgQ?@1G8#RLv1_)TIApZwt)MVI1FPm_)G;)s%OTWt&E*uQNs8!* zYBPQ&9+g__L>4RGe?g8iju>PiV~q@9-!rKINR0L_dvSo^QkdR`QAmk-hD>(=&9;r! zCyzHapkiX^3jQ#?mhJ+f>mqUwS%@A~A;f$Y50lZK0JIK-bk}#zeHa);#c@ods^Vo3 zyj&phj14s;cT?l#jB;VDC}fb3Yd_k5#teZ#Kn0`vIyW!!=?V0_38E(x6s8SA06n`O zgFZUFlg!Q4XOetFy>?tQ+K`M%@@Jl$f4v;wiufi40(XkGXh2k>(qOo&$)hyU6MGpN zH3BuLFPp0GS}^UTX;I=R(|fzdTQgRIitKmlW%G{=aEKhb3G`93nEp|@ctVq%xKxsw zUGpna%ZNC^dO;X|hebfp{2#evizqybKdFa`W=5&5&2-ZCW5)185>IaLQE>c72>p8N zMpfaoKgoj_w8=O;dkG~rJCr82kbdG@YtNn5M)phQ4L>@vuSYJR#WHeV*p4pdxysAOr zX!{HiYDk5lK3=~~w!%)Z13$wk6&Xr2%= zX?2$)W<6HoU}7UiybjllNMlhFKblX@L6T)l(lj=CawXgff;xQ=`((h}v}{LwD6IFJ zutsSwJPHqY(<^7U@w?_Kx(~{I9!gB4XW0LwCg0s=&@n`+~Nov;H1^J@}~DJVjd#;4)P+Ezi(B?aKr$C4zntX_7f z;}tVg$v_umDlj43FQ@gy<%*5((R+J2paQ-LlISRonhAieB;UVEXl>sT_hW(f(N^_JHaG;F&FxsHa zrGR02ygZ2>gJS7KxV34jFm-UYUme71tx~3_CDT4}A2d}5TNzEutR7lR1K zHiO%w4VumGFXo$urRV_c^@elzw4$OKGeRc&hgQ=gc;K$U%|A%w0rcYv(Ow7KFw1I? zHoO3bTfG>f221^1=5XlqFZ0=D^jYVaAyw#@l&NCs&zxH*Vg;cO)#o5l zAl1<8CBf<9HJsK{Rp>Lc6JBvcPuKvihe5w=y7wo`7!>^F0S1ED&{96}{{R@0PzbGg?S*B+wT>;z+kBm*dl$&j{1mj=%L??Cv?P8 zjSq)I-=OH?m}B7#w=t65b?9rd&G#S z&x}A9Vs9M~7y;28jt@wg!z1O7&P?NNeT56QwSs}{6-ol~Q48w~j1m}xViL_d7X_+9 zYeJ#{rP#{=_kSI*%uN&*gc=5_KIAYs2?p^Yl9p zb#Z0(G#aXy{ITRB+^1+I_l}t5G)juj=-zCfMD$%vbU&sH52HuOSMiTmN4@b#T7I|~ z9EKSxA=CB6epO7cNkiB>k?&c6h?-)m*;o#7Z+%x3%w4H_P9_gpu2Mu%tr-_k5 z-x?$fcTY##F?tuOpyQwfcW`CD3gnGKB&q@234k#L1=X7C4u0j69vA_jTC_0mIL;VF zm}uxJ^v8@U4OXo)<}NlWS9uK|wmCb=d$RlwR_iK}9o%IcL|3T2%H(Q8z&tcwg~qV+R_z12Cowv%4w`njqEc!Q z$WVYC-ogxY&e#p2dZ7H`mEsi2>jCe8zG04~G<(B-5CZu5!`G+@BT>-}`)cDGuuWtH zg%7xGah8v*xKnEt8{g0klw|2}_=oe3nwk9C%_;B3AXkU=;GhMucZX@h6Ht=SI$c@g z4QOkHZ6ne&@i4>{>LL}R>^Dq3?2y)S^9^XH1h$TnZs|xKX)#32g*%pmLK|b8nB*(- zPx*j&A5DXLr)K|TuLWgC@3wU$C_{#Ukr=pEp(I{anJCAWsKgy z{lnI3Y8Lw&Z)Dt~g{rO*fbO2%i{7zh679((L<*;&sg3D1_KD#N1J;ZHDkVTHV44f3 z36YR$@ftbrJ>%`5z#`3dgJHNhA%m9CCTXkT$9WwX5gMu;q4A1DOc|qv3#3c%&$Yr2 z6;l35)?pOv$XG`}2=7>7AbrLStOI8z{9tp7?<{AK<>h_l0gs+A7^iD*LCkR?Y4i*o zFPspFQL*E!AKN$$(xj#H_TEcE8sI#@uafv#fG9ygBWX`ZlOg5`l<#i%^|x~@QWA#B zZdLsKup!%ag-QY+lYHfHUYiU)uoum@cNbBR4T@Hc&EQdyk}$6HqrTIYj`o6(8tR-s zhc~AN!{E4NY{`8Oj$o=4H-Sep!wEr!*67RUL?T^zmbruqLqAyoMVt>YRN2jXNdY2fnCG!K)-W62Z%|N%0uVp zm-O@P1X0a)hnU>aI7LtiXQXaFIDyHM0|4~jpG4u6M%Bjiux1!6p$d|fv4zg_`gPE^ou#wEqLtds4b_Z&3MW(fsPE3WH5 z*?Rtfjm!MXNS!Cs^+w!pqRq_tp&BSa!{-k$g{X9b>No9(wt*MRvDu`@ZE;tv#zbfU zluAEj%E@(nFXmvyi5^{~~bFUJi)nB^(G&g+Pc=7)1 zh`8Hv@LTbOUQ`|ti9^Cnd;DC3qC9d+;^_}?E;lkQ;9Q|^#us%IiQ#}|6IWA!F;m_8 z$vQb2dYb)yjEt<%Hn8w}!D%%FdqB*%r70ef*x>~L5mHdn*5PO>gnIy7`}^PHVIRlP z048d>4vd=g+HZMM?3O^v9mLnpO|lMvc*lQ1w@_-B0p(mkUoIfTPYB~Cy0}6Q6cV2% zR!gka-*oxkMVpw~e@P=$(vHij9mniPs*P3m^bp2|*GbfnS3K z8hvXe*YH)?9cq;ET^I-jRsC|h!Ik<)W)fC_1kzFbnO}cG_hP|8V7|78@C_avRImfy zY}Qo)AWl&~8Cfo~=7&gu0}q^2SqTMLI03$<9g+}*;=@=WKvC`;(Y<2=Q=z&evBh4v z?TiR5X=^WBs~Rw2P-AkAQ4C` z4!>*^X`XI7YxEd|M22h?cs%_p=D?XDa)Cm5j|LL*ObE@|cKYA*!3`v&I*rJ+nb2eq6&rsNZBIXPL}fpcH3BMRM9K zyVL|NMSJ^XGf8%!o~8ubtvE#Z(7LaZH>0v26+z?>bT)@lJUBAe5au=U>sb%?00+Gp-qb2Vit zEs!pR+};O7yR&Ze6KCeiWPE(D7*zMy5~;YRsrwfexF0?u$Ofm*98wADVfTMuh${dW zWl8qjphbn$=Z~5G^W{oVUmDdk8AK7?D zwi=%=z)p$`HbG6(u#NVcRDSur-gd7?H9!i5b%4+uk}kmj6~FlqzykGSqw%Upn(bj{di*%WNE1X03$?H z?%c05SXW!@7^}B@#ts=lc8MSYH#)e@R?mcy3nB?7`-UZyued}m!NV_yNYyHA27yyk z709$AK~D%@&P#sOLtT(01gr6y`yYUfh)~^Nw+Nc~AvOXSRx$X;FzuYqwLF`SpnXYs z0&E5Vab$I*$ro)iSP{jxkCzw;7$sIVRjIgq;W^9hVv8kD)vUA%P8zPwqCq6Da9LUi zR8kZP8cB>+(HXVSMP&zC#2Is`8nLFNPOXLo#OntMTqe#daH!uYZdb9s*{kO+PQyJC z`%8Dl#(HI7MyY-6xK&XAklIiPS#|fsiA7;o1POqly*V<)tJ-!56%?+qK`8mcgTXYj zcLlmfw&{27Ypev4HSZC9D09a$fypTj#K|B;x-b-Aqk5@9d}2RWEXFWwnjAR;=HlZg zDn!6Y2~<9F{U5w>f3x@WOYT`nj}*{D2PQJ~$(pQ(zHA!`TF$AFRpv%YM7q61|8& zITYfZlD+8l_b~}3+6xQi3G~7Ki`x)GS$xOnQ~2XiZbF2PhyjO0DEUwR{;+Oe=F%rh z4}ti8F#LgyJ(cw@Jm$?HO12fzy|>0A)>LFDi5+R*+a;10iB!-7up(fXf=3{sBsJ%( z9IzHB=}?*o70VX4)DXM@cG0|31ox&xljghb@(GAstWcm76oG?@Mb)`iNhib#HmWy9 zy_gss#^a<^)QQu%GrK+%s5|lF z5lo1s8wFT+tB$~J2&$ulOTC1~MbbDRh9PX%>xQwN+-^XC+n|KO=;N~uLvLvH%ZET7 zVDW+i*Xd?z^YXNI|Gn7*OBP0b=92txXB}G|h%Tz{0ixVDi1-+4K{^MSy|;keDSWDccm&wH00B z`*+PBrO5r>CJ_~0m`XtC0-(6gSem=K3I>{KtSZZ>Qtg^m3YGDN0csImm?6y4*C95? z%xh04-Vba_0Adh;AzNMCFm2!rgi&psmb;q4fk^5@Vu|n&fx6Qgk?{GQso|k#&>@*u zV|RZiCyzLV>oyn!lF<<_mpTQ=GY7H`ghEV3x9T2OyaC3!GngJ5n4f1B9f+7V0nj0G zgZ&Q5192rvQ?iLE5S59h$-`dp6Om}hMFyDc?sF4B86FLrwSN1{AsYn*X=`66j6~5b zNCUE1q{4I! zsK((-y|BFi>7<&oUNX3yh{t&pAHGvAWbFqj4Ll_B1jYq7AQHGTr_r68!d9ta-J|0R zddzO~#Dn+4N~2@eLZv+ci&tLaSFs{);{~^@J-F3N+Qt@cbCK z6i^hPu{(`de9P=jG40jBBHU&)0XH1^nWFMe)jcwUq(l+KE(*{fhA7n~XK)-Rj0#iY zze@5py`iH-5D)^TuS@U=T!18$q+MkCU6tzk1>UHJ@awBg^_v4*?BhY&rJ=ge@b}ug z&xt;!*gTJu0h+eU?!+k|TzG2}uiUZHrjWYUNQP^H3HE2*;$^eSMwbIDY!jobsqF@B z=c7(NYXQT877FOW-?^h$Z<310KFYdmxCpbm48ve;w80Z zXuZi0)`2BaVJW|(`h17ZXWcCL$XstW8iP>m2JF^PQ3FDBaPU@h9&e(&0Yq4c=WCa)Ag@R5ppB)-2bo>;u1G5(Dcs;vhprX$lBILWU3n zg5c+ziXZ`0jYR#6mAWkz_b5^^4@OsE^`H@xW)0~2#KbGyh<@%B%MG4D>_&Jz+%}QW zg>C(&+-$s~s)`5Q>o!^)DV5&Z=J%`$^c_zsG4S$!aj55x*Ifdo(EDN#=oIUBQ;uJtMF%VG1H@iA zvk+nxn|TlIFpjz=YAh8*X1s73xkxoyQ4n?4=r$$kpOugY-SLFq!1}wnn-P5mZe$?hthhE4M+n>N^dg%(Vb4X>IXNv^78!)=pC7%}9=X{Rg33B{;hZ7*Vr@t5N|vG!?JR*3IjoOm>$@YouDfg zLv;Xf_DF@62eLsQV&PP364ffZtI4x?{)QG&4fy-xnO)+c3k1*z#yW9HvexW?CTb^{ zafEQ$l|uB@E}F%_+o|=oO_HOJtS;sQK_e5V&L{RDXbdio0Im(w8t;+Q5?w7M%kJzs zG>}0+CY&!>8ukqW&y*i*5L5v>hbX%RRHRwNGnG&+n$e?JRZ0f3b|awz&f?ctK(vCf z8aDW>GM|YMJ3tLGQ^T0T!$gV-#3y}|PterJC87c13-^3-^f)^2rh~C1Om6Ne8k+7a zzP|9UuL2wU3-e`1GNV{zMN7PCr^%cLZ~?L_w=BpEAR>l}t4BG!RpleP51k9Z^@=hX zEky4UBj@Lm{9xFSe#icwOXF;ShG{+E&DvJDMft{Gx?HR_kyK+1HG*AQtE1E3)4)9v z2gUw_jm!MHMuLSlDOQtQaFp8qC?6zhIaAAqlYqsCyx-gYO;-Eje)xq@cP&@P&F>lH zdg$S<8h4$&&^rnh4Zxxr!DAc3K}8BG7iI=%a)NAuS9%Cew=|X?RbkkdqrPF>RFQ~+ z%~P~_b&a~zbPLp>Zjv_;2NiQp48u0;8k!cSwC3FjghgK9OTt`R&9$~X^r>&0i<^6p z58TGQ@DA9yt18K?44uqM*TUU?uygD|p@&|7d|~UO>7r4i#sM0U;DHnY;-%G~JUPRu z*T6LhX0cHS!@`WLHtOc$_6_4!pkDT15wr;dF zyCLom?4KA-4#A>Pr_kZKlIC&vsJtl0q6{DfI*4hC?IS=6Rw%C3<_DH>t;O_rxEopm zTS?M@Tp{P^Du{*+4f&@0U>7E%LV@Zq@ZlLSJ7K3tNHG*KNtu0vkx9U68*V4+gr%K_ zWhM{1lj%#aAg1e>Y;bZ>GOO6GObo*IYG%1_j^>={^;(!{AjJ8@;@~r+t%22+aI+ZE z(SnwI>~kl*g_a&*rthY)#NTIPC4_F{;}6Fc1%b+g5JBd$pcVqKmJ1RF4Z<~DdXQTk z8B+PcASpoP5=5n%Omt;96jNq0pAWIkYK?d8T81&~n8-X9Jp>{tARrefHOJ%Rm7}4? z{RkXf6cBAzYNa)W0BH^|n}Ia!Mq}N-4JkmQBoI%WxUYdu0qICFdkdVULCit`*FY%0 zMvSyOt1r<`$)bcDB^r*HG{So3I!{okP#xX|%Hbp}cu&oSV>@6aL(JNIV>JAP*I~8; z>v`VzPUb#h&zu7Np$^m2yw@W5tM(?qFbX|vTBOQ`8hEF=Jb5yUnIzRQqy~Yzi^2+^ zhLQ3#{9^6@02CzLG%eHi%>zmrCScgr9*jzT8LkWLM*q^T0|{#$_T&svj;oi0|hKaXtb>787r*4qFTzcgsNZm=lxjMC=6$&8gzJ z8j#HGNq**jePO8vARN=IBibF_uq9s4N{e+Cw!t=PR|Ge zz*58wg(i{N?A>?yzor03s3v^i4S$J>-g@ zmxvX!SicN4HP9p0!+pd4@(<&v;a~cGJuk1s8^4>8>o6jYw7BlNbvd zCRCz~HSwP~3Vk*ik}i9u`5|#b=+NOAfppvCBplFu@HykHQ#Z-Bj@SGgNUG#?D{gCiDZN2 z3J0gbgsXGe2ZU@s=o@mA8{H0v1n=9<6xghUlTdUz3EWm;dkd%v3NkT{1ehC$4e$^p z=#S8IR42wEwLKFl!c!^Cn;aWoc;$+M*pVO-birZ)$y{;@WXKCb@=6^Dq7M0p+pz6r zA0;sTQZhib4_jC03&G2Dsi)3?XX6A#81(aqj6`xW#(T)i82QM{8SepD3xKQ!`pN5= zcS3`-_Ho2UB0jR^lVw2#29`e~j+IDx5}!&O$jce;0eCFMQYVBhJ-lC3KvCZ^ggSdL z;aI^+5 z;_OftfB+r?C`WIKJ||BX0ayzBU@HM!TStv5O@tu%#f}|-UA~84KWuv0+=qf4c``D_ zd-?+KayCZ#$k`i+oiP)lWMal0`o9RpyhIn!2T*y#Ym^OLf~-TcMr*g>2{H5sXy*Qi zr9wffO+&m3ho?kHk{vY6WLgWcDEY^(;rpcX1F5hVVC1cevIXAQF>0_;g56mB+T4A`>^oK(k_Hqdr-iYexEGrIS*63t~9HZDWKn&dv{`xmB z^650lM%34hvD2p(D5yXY13- zXzbV)4j^cJvJzIVAb@hcdu2^ZL?r_2UWMUtge9eD9}8cV$#+w6Lez~a?)AywW!14s zxwm2r{mU2C=8Y1aTMBqwDT1wP2a8wT?-`cBCDxL5UvP4B?E_N3uyH;uMKBFgH_Qg_ zup(ajh5^a4?G0-0&#dyw@7GDu&E9Vgt;D94U8$fdr_5J8lme#p*3U3=8y(ahx+gc; zh#_SI5pR`z_Xj*L$my;SG`lek&5F0k6qBYvBs)ckLsT=~@?-I?qWA>oie#IO^Z>ht1j=?i#6Y`=sn!^|Ew z-GWEU(e}8}+jLgcv_uo57v&|}u0=z`#qo0F3Idb?u9u}-gC%Mx&5;P#3fx#x%$N}! zXma@P3j5?c@;2!To0{_ESOaTXg2Dsi-YUrfPHCpu6RRJb5LQ+@1LX);dNTU&z*q4W zAIRk=8!Nv{#f|)!nx>5T*)+I-`pY6y1yTm%4^gqXZo0tg1COJ{!riQ81LV+`IUdBV zNIugD*6vp}XpjhU=*CDzo1V}ku!D+oN0^X~F&+ILz|fL9Hj4{UIM;HtQ7hx7tv?vk zvZPX&D4ZR+?G>1Lh!7s;S|@DMOc%r|2+u!DnPSzk(FaMioMD)Wfoy^DDA;c{^obXy zk7Q3ySo0uWMXpNu65t+*jxTzmZQ28s!HpEs80F!QCY zprl;Y-h|Bv{{U5rG*QfJ?o>Y}Qev-BHc`X9`7%q@b&Yp~Ht@_ZB?}<~P=e_Qb6M)& zsdycvU2^QHy6!Yhf=a>SfU;`}sRe(P-bLNWueua0n~I%m|e-SRfG=?DvH| z&aX-#SyfeF980ik&Q`A#ed7`1SP6py_zcBWv?0tmATI!u3T###sXWl+rI4!ia$hK8 z!LRY>@sHg!kK&a-I33u@rT+j>8uN%m9!{e6i}|K|KBLB=v<2bT0mjbuhlLdj?;u?n zCiL^53F`_Q^gmzXTujaSE&6^YTuvJT00eaTE_&jqe;`f6*SY?`!}K8C0pfx7{RbMg ztO%MfK@YwWK#}M>579sS@`G~!05+4BMFu16&+}Cs>uvLH42>`jpgJqJmBm5U!aBpF z=)&vp}RM3b;_GP8tIZDrup<|sF&YMrh1cA~v#O*ZImntjwB-S7s-X~u* zOKPsy=MV{k?szm_xg^!2#*}Hj>kWSa>}&;7C7`uL(x`S0N=*@eL`>K1^pUVLT&RlR z7~mMm0Bgg(u-O<1LZupY(v0Q8KCIZNlFvr>0^DPVhO>r@*~b_ zX=83P(Wb9vA`<4-(;ZglF7fffY~G5Yw^umm#IvZIZ!mM}dOV2_*~=UjOMrL@(Y0#u zFf^;j4la))&zyB^cmM%-00H7)&R`b?lxY_0KJ{xD*>%I2V#<1|YISz+xfhYEzC^-c zsL66PL4rHhE&%Lp$!9dx?g}3`!_`AGaVqQsRnq8v980`_<*VWgz0tTNtp|(Sb>Y{>8nQ=FRd!QpuW!5& z7LG%RoN%ysve7{oVD5X~0|`RLO$>GKI0K-Rc%K>jP(P?K%15=TTBOxixDOP>B|uk2 zR($8)Rz+JI_+t*80k>^k%^s`o=n+60A;W18S$O6>eZw<)_Qh$6-yM5-xieT05_%ed zNq-sIidWw*@ES}dTU(Zc&luX^^m!Du5RvhY1qVPXU9W?rb0BnVi}JX| zM$9h?jb$YDC)#fR07D&EBuXJeg+k8Ea0^Cu#hbUcBD>g;~0;t;Wipn0FyX5O;7Pm&e0R# z0Iz@m^ceSMAGtsQsM+#a^ehm4UH~KJo6--AONcajp~WjNE1h$smPU|(1y0`LF>#La-ZR{%G~MZ0ftozP_!03|8Qogy3#s{PkD zBV{W7b46%PNb=|VU;D%%#}+iT7Vqz!t`$GFy1>YPr|*lqWi?jnFaH328<+WXh}8-; z8VKz*tIBr*Ju*C`s(~~iNFPJs7gy|*zPGqK`cu3qbRl#cnKc*TL`zNjdB)6&Yk&$s zW!eB9bC?SvaDg3!Ii|1xEe&NE^I9C4Vj!zRiF8Y$YYPb0k46#55lxid0ZIc^z9=jr z@)`SxbjF0`sBP(+nIu}m4M-sH5Z^NdbMH-V@0aE8_)s1Z0mS9b_1 z$2U^@lzwt10HIa(8|HTdTL_ia)vfoQa>cFScR-dp-<;Cvsy0(nub07;1#vGzbU<4$ zb`Xy)9Z|KlubgtcHMj+}6$e$^@UlXdaSx0H(DO?VC=1jlymu<4Lk|=J@o!94m9W|1 z;S1#_oY7EavtUW*9P{mk*aWhNlN*(mhZq4W6wuel&^3=GLocyM?aIX_fWgCV1ImUg zFTgRfA?1VTTgIldPY=?i)EM(y&{JG-Krxk8?T0ag7Y|S&K&7E>^HJLbL5-kA&~3#O zto8=6K{jZ^d&S=%$r_KXWpp~XMX(dH>nF$p2BM;kktZ=N4vG27K-R{vFKuvAAb2__oK*}$A*^1g@(U)h3OYf0s!C5gH@2Dk+AA);Lc_lAf-AyAJ0k7JTJNiubbvTff_k_y~!L zJ*4Iqpi#1??F-=%2;uB(u>g~>(2#q8j-f*!Py#+K_PE90916-I&>tMd9Pox?LFdND z$BZ9LZ-xODMR+KtI{P;UV>f{E7~av)lX@>J1{u;VQX8!>)JF&aL&lAJToGteDA<|f z`){Sy2j_~c%XfLDiH>O3yc-b)gl9qSewk5KTE|q|J-D@Wat~xt8l*zUZZ%tHz>Gmd zT+@?s`mBl$004))m~OTm*qt}LxceHPfCU3wRnbCUptF&i5d>(r<05O#2@%%rarcdY z^WenmyC#im=N!e=5CNoE2AzA6m<{rUn0N)>aJq4a0aO5@+Oxk%jtEGCna!)pJ>fp7 z7-Y?&2e$YzwG9~y5`Ys)-ERrHLALU5+0b)D#qOJ@OLBWx*UlEMnu?7yNV|CmYY*lq z8EOcIg!`~ACBzDV7^D)Wt`i{G5hyAF<;e&OvowVtV3IJmu9=aidg%>UQxWfcB^J(# zlS~3*yDs#!LybvI?Y~5kuyGc93-*2GP#wznje|j9wpGBN2}Ox6$%*q87cJcySh_xy z+{zOQkt1o#hq~LaYzbN|YZg4T7&HUjYsna*LRN*SV!0l5I41$zVBl+p_6h=stkJ3y$iVEV8LglXH~TO~1gyfbEH}~I!}F`CIvK0|nfZi}MXT2B$y8HC zP&mqhBTrayVivO^)g7-?;S$jaPEX)dqvqn{9zhb&Kv^DIxL!*`xllw6+ott1cr9n! zv!c5}bZGicQVLixI77a3Y!XKnNEBzV8s9LsOaKwosMrXGwUqR5kPE|r026)4c|3-! zA2=)a*sCCtl;>yAO9RkT25_$M`euXWBUG2iaQ%TvK}WDV;g2IWkRff7H{3yWZ9}s4 z4tE@45`eKEJriGH!5~^vH9V+?ud@Y`67+3vLL zC@SZ-hC(gt;Eq!tw`=^xN{K6hIlyxbD7I;7I!8z6-c(UBVZh`T<9EMmFi3Y%LcOV>xpCC1DY&_u<-a^GP z1q8IFCm~WxSSe}j=htkEjXh&lD0Mg7S)mUcN>oSZ2g(3v8YZ88F%oPZ3L!Sn=L67X zdKsXENu@pDs6hnzW;l1*?tU$)=aU)Pzr~vrGl@`J8@1W^dB>qj8w3fa6d7xV zvx1b{v3A;DUd#x|+u<81dTR~s<8Ua!Kv)M(JnR6%!D@z&V-W3x5^X%O=1rUWow*t- z*duO_nePV;%w%sMh@>Fm1R5$z%n`V^DYQKB5kRB9Mhx24LcSZIAf3~b&6381R>pvU zT+_fA5YT}{p8R1e^wp7A*fz1G?g%iLACEc?#p92az$&i*!3!cx@MH0ezo|-EAe_z^ zHi{9dh$1{Z!I>B`_Dnwkxf=@`1G4xee_ZQ?L}Gv*9#K4)UlUlS0A#a8?=MHhjy{|Q zA}9(#Rf?{H-ju+sXI-cx)3EawI2gs!Ct<4YH4znQ)C$nVq00Jo^dF`Zmn!A@z zRN8qxPu~!TXvBlaEhmJ*C3JHXCUiQEVdf6qvxRpwC(qFCj{C|WBjH|TLse5CwgT*Q zPm?swWKgIP28gCK=yeCxU1j+Vs<&mX@O1jgDZb)iTxuH);3jPsNeFXzpEzYijl;4# z8m^e<=OiW~ct-%b%b^bdrqu3EGAXj4$|WAYFj9a(3M;-VM(9hFGm8^}9ozAebo)Wy zi0_2oK9qsP3gWP5Ex;0-L}uLr=ss}LNg=lY>l?ae$UT!HB+)_MuJXy(Svv$^ItNY> z;&S}p*)~CN7ttVUAjs`F;=q;&0IvWhi_Tk(}ekyn6q5a~$$rE@^8$eMcy%*YvtX~=3JuQ=Q!dDo%u~?)pJS;c?MzFB8 zGe%7nO3pz9>LvlP07C3vAo~nT3@?I@+bPEg4UZC|lUCtf0_M&<(PQy~U=0SVR^4CM z3(!Pp)Y6^bHzU%8XQl2gL|gSGiRq5A`VKJs1!xoG(QG8ZBp-AAG43i|fhfS=I@TQ7v_>8>XUIn`)5jk@QBQXBd&H2who+ zqwawOEJZ+ma>Ys%qMEQ@#swpL%O&IhzHke$&bXN=tvfCTruEwhX_-Jm;Zy7#aSbRp*0=LX#v&J`Wxo=N;$hcM9bo7wRtzj_;+@U;_2C*L{v$6mh zR4l$QlA?rcp_bMPTx0>ESXLfbVH+cY%?*>VN8SvS;Hm1%@md4pH@9qibhy|1*@t4NfI}3nq6j1l9Xs+aeGuPSVE*RkGdYe|Aao)^_ zm_8fFE5#j0copVo)+Xd6hOK6$(uJch79{q40Ucim(FTbN#5abxF`*>3iXV}3fvM-H zev?|q6=(hqL}1a22<-?$mYUAQ=~-t((kh5+0v~e)!YZTaEpD+rOu_-G0c8)_mg|;p zZo96R-W37i4J`$rKO;BdiG&ce*zE;Da{mApfWA5tu{rMy)3q8TFUNrPxP(YMdd7m9 zqJ0i0(=(=0^rp1Qn(Ov4@HMkp3$R^)2_jgbcGH*j-ZqKQiiIw&u;PLGHxDM2`7xpa z*r%A@ZPrVIob1(5%W_ju-tKy;dwm=z5I1o{M z6WpX#r?&aSz&iq{xb{#qw+q1KJAx>x{a+jto-2u3YAh zAjE$^z)-mK3K+FknEeP7g;paD_y<0K*usvXqp|%lL}_F$%{~)%>#XwB1a!41+E-nl zPicFgl=!bdgSxOW&=0!dl3tr!5^L{1hmKOQpllRjYaD0gk6WMv+RU$Y4t<^c57os0 z4=TXNw>6J!Bwr8HS)nZqo&aNBQ1$f#vvik$F+`^TB~sCz9sd9U5EqPK0E5s^7)jd6 zQUa(ScMpJI4cNzL@NOOC2JjBnCb%2R;PGB;C_}+qkKNBly&Kc|WxkQX=&CjS!xpc= z2^NI_JbYq=O;?X$Pr4!lZwL?R>0g6Ff1n49gH0Gii13{yxBFC`#W3-H*I^dB7XWE}(b7WREQ_)mC4f-&!C$M6Cn);VZfc%Jv{&8zxpb~JL zY3N9&!JPhcFvW3%3}`!cmHq%o28hIQYaN13Rd%nx<22m4I}IMy+nn=OB90yo%y_QAP-mr7NSfJ0FL+BaI>LT(j-T7V3O=n{hCev|(Ic4y(| z#tue>dp3>9rRD>~Z7Dmy_+#>M>_ygugR-9(?6>4pGywn{CBcD^G=v_KYL{(XYY1%T zCvkbm2aNPaam}rX3Y9!y-%d+wq)r-&nfsPW;mUFwdeV`lOhVm7bq9)&)b*IYMQoxM zdT1WjZ1f)&kocDt*XX5y_|kk#vYp-PyS`={i*=Yf>v-hEw!^~7R<92?;}2EiD6z(d zsrIzCBp{Lr+I?hvb<2*!T~P3IZXa$~>j2PvI%P0-UeHC_&=G{#lC(2|@i@*7W}J6?}qzCdEw z+kCELq}r+DSdCxc#48Fq$N*UEuK-vg4(SX-dfr#Qj&xOFX5kjA&ee3g*9?`m( z)q(iRW@(z)kpv-8Q$KzE4b4%&2?}?2@ssCwN5HW`HM)Z2E78RT6k?-b@?lGCb#4tQ z8|v+KkO8k4v~>mF&QV%*F{K^|OTo=k2&d*r&x_0_dD@BwL}3sd-az?B-Xs(TwROyM zfuWNj9urHwwSJ7GzKfKZ?GfM;PVp)Z08DiIy}jn0Q}W``xiq}42}ea{7QOu}3lvc= zwV5S?mvbJS5IBtWsssZuDS2EZE5CI&&VQ-(#Yc-@6*tA@=JPHjv~$!K22t z?vtCV&18ZT*A&2qN`wG7==)3vt)zA?S%bWojsQFgKJeKe`DqJP4w3o7jRxSjg@Dm@ zM_Blqu;hjKDc1rT!4`r7BY2mC*$hIc(^OFXj8r)P0A7LQdHHZssT61pY>3&j9(2io zQKRmLmf&%~?CKp(p4IvjM2Y!VeW&$ctCVvZ5$KJBHHW*Z5me30yycn=ze5B+z!3L(8>~+;Wj_1m1_RuPQ|R=H!)f%PR;QS^cds5OM- zK~`5sz(eu$KE`@1k6_V)`{OeqbkYW_)t4R5$*e&Qt?n-ENXa#T0q_BY2ijOrKzDgB z{&^AJkc}EMnXlWYvI%MmqhWA?nU9ULb@RMTGRR1W78^#sgA8QbATTF{a;{}5yVg5) zWT_^ppnwK|00Txj6{((GK=q#I8N#1S0gYDu9-Prs0SU21y(8PLf-0*iE$mlLv2Z)4 zCLt-<+x3H?)riT?1($<#kN>hhsu>U zd_4ymCV(AUK^`)hGAK|2zXpukWzN<+DLfCHBwVu9UYk|uZPwf2`Sww10c}x^?9%h1sN>f?5CE99=gB6e^)WU1#Ij?(z1PRu7n|g0o4moAMUjjY>}vTf8_)-b_0NSZv-4 z6L=R?Ejt`Xd>-Ricw%Jz{aLlv@o}Rd=TZ%>)2|ap9uP^8&b$fsuU?EuJ8_ zol!BQi@>AhoxrSkFhJ1U@ssV`Fw%={#hBZf@0f!gY;TJn#kH}aCe}@ooahLa1WJ28 zh@2LJE#ZrQ^VI1=){cL{~7cXyGuLqE~~0LCh}&`LiK^i*zN<%d4V9HsG~;kqMnI0z)9c% zE1p$n5y~k}g|;2wVN61jQ476LnXL~F`rc^K%! zJ+N%23<4CFWs9LJ##bO~uJF3Vo7yo)yyk>edLcZUi9vzzRr}>EHX*U-)b?&nb^?f% zo;0+4;B8=LQ*=PqtkxU^cW~XGf--XiSB-Bk3bg3_WG%@=nh!;eik|bwy=^K}LWwDY zZK=>I&~DonTzlR`K?)S;Cqn9Bw>$P2LwPjUDQ9EK7R1`QHR8~j6n3J9=&f8m4a9wm z$bn6To6lylIWY-Mlh2%Dgpez!2$CzN=ie7ofG;rx$Newsy?rd)6|? zs08jzK3f1*nhOC1>>P1Ljj~$`>FPE&1@Q=P|7z(5&P zjn}Qqp~RE5b`3}n3FY&T^K(m%K{$dd+;YR$L}m}0Py@U&J2P#r3@WPzjofHKz?03f zIoFu}1C1LMrXh$^^;Qb%Q`sM?1+g2T`c+?$fx4;{v$22D^XCXEPj&F80m1r!2?K{hZF zCqyB$%}Qz;%?7~|Rr;tN{<4B2RrJA~Py#^t$c0`Bf+VLjI`@6ztg|{Zs|Ls#!YH9f z$*ov*9ZB?;eg!&P7Ho~Rn{(r=qCrTb8v>a{C)}xr>iA%Ysbxh#;T?_m!U&%*Bmlk- zcx>oesw;EmfTz;Mon2HQ08aB4vaF^Ah-mkM^l}+?<3&leJY?e+Q_9^K4L9)0I|+gv zK?gzbm_<>MK@+0W(dmOME~lY9k3ZI99(nkkRNhCCwU-iYNWlV}oq*?2+3m!RwL(x8 zC`;|YHz!FBA^i~>m-%#n7S)1ikFmuAE)qC=yFS_8h-lpNGkMkfQu}87FUB6HbVMhv zv&+XE@H9B0uL*{0EOkM!KopkuSW{d?>Ig`QS7t6Wfq|$jdsRGW$CW@TMUh5{+q?yG z%ytN_-TK*l;b;w_d(0%*iZ)`2sYaV9!3kAWd>u=jGlmPLEO=jqduep z62VWCJgvK|;3z^@YP!JEs3km+HCxr%?*=~HXJ^Al3d$r)7n9ja;8cm)x1i*z6)?cO=@m8ds5farJVRXPZU zJ@i2GU_rLxblE|-V)vNxzQrtSR69JU-vB@(Lp){RJ2pRjsUIRLaM9qc+MLY~V{(DG zr;J{3%DpNrUAO8E6WZfORRj*13{^+Tyt73Z`k|r1;2^_9`>Cpl{9**jhkoG=X$l`ODxFaY#>Y+r#J`iFSd1Q**k< z?8NGlV5KLOz_jd8-jo{K2jUGf!~}Fr?y-nD20%iFBc}=0Y{E&lf*9&uJk4D%&P3Qz z6`-aOW59%<%~<1(L&>%s-OQN?xjhqWLk8)c?ZO%W-~>2ktv(H9y0&7GJeDRjZKcDzUNgUr=HYNa)!lssa$4&Z_k0jk~M)+##W zAPog;vy#MVHcBj|VC^xwrqGnw@IyXT>B*`l-e`Re`X}f_rgRT#(uz-5x(@6`Qnmm; zDUZT9l89E|%dKFjTgP9h?e^<6z9VBi>@-0hpQA49wZ(-WHU^w%ZODj`9rZk1Uqwo% z0YThCi)JJJ#U`pP3OWL9ZVO^AK!kd=9$nzVFe1y-+=O*E^wI}Tb+&920?g>*C;jG`BR)(4Y7(i?82A1+L#ijvr4r(R!FnQTye;pHZ`|uuHCC>f^P4VkWOYrH+;Dlx zLzlz`rqwYmK}81E)Gpf(d2{|$0N9Wc(>51L9+;Xav`<;c1B^T9Rf$JFik{zy05A*c zzA*y7!5bV>0o5GbzqmyP$AFXIG3wo_0Y#RW2V7ZDs0l{30}=7VB=4XQ$ZXesewSct zxy&|5)4mD36aw1_g&;zzbe9GM^;bIL52L+1atTVjr6WJHDb+y7um-b#?w&G&4S3>X zHod_PLbV?`Qa7ib(nIyfmN>!+h-w?2viXx;+F(+AnAsMc{*l>$tjfD* zsaBK4K5=0PH3d->ApVX5l_OXpQVJp;IRdmcxk#4y%ERTtsh~92x6Etz;(R@9HS~MI zuY?LvriW;g;q{&kZEwKs@iNi1M5Lq!%3rzko^4CVDOv>B(VArCdHp~%YZiPq866sBw&y)eFHdZ4-^?gAHsS^TSsQmod zMq5%gTjOtx57uyf@OTrwxG$)uAjQB3mBkgoq9XN$Jfb2ww~w@_0s6TT(6}jnOSBAU zj6o*;BamFbEVEMAr)VLGhOMSzgk;jqQi;E^1#|aQ^pFXXd~FR%o^WNYIfxHw5*K*{ zFR?C0P5tt^Q<5{AY83M4sN5Iu@M2r(?HN$#o#6*OzUa;G5n@I|(k(IGnYDp-o%23M zCo~i^5D$Wb^3F4o=>Yr5uN%hs=TH>Lnf3$PNnc;k!MT5zOF(Kfot|X7#f@O2O@`=- zyajHn^cW7S!zzELIQjSQYv&*dVGk(YzHr$qf(?IL=LFk##+y$f3WvrM9*p%Zc>vY; zWXx!B)#84FY{a6GS!r_KS=J&h9^35KUo6W00Jf=|d3 zT`<$?PGD3bz5t0#Vt{RVxyYV_qPs#XsQJeo5|Tjh6&6sqrdivv~M}`eA|+B1rG3Z`&dxp%aEL z0UMONTyl`v?m_~bREN=JT+_@nv59?Y-_HuWZb^@({&gS-l&4zp*BCCpyZDPlG5 znSs#(zxFi~)Gpp}0YsF5v@%`3-S+@d&=cI`yy*61v){!Xs5{4c7eCSaV`$Gx7V>Am z7&_}}xDtp)G%pK{QR}iK9aC}KPk0DbB%N&cZfg>n-v_PgcMmQ&%n@g&%wIT0bOuQ! zo0LBA#0QJce>x~bM$CB2p*2KGD%{n=e*}6A50!Cm^cmZWz0_l~oBsgCR=@%Zr8v99 z7;?p6fut36ry7H_FRBO?P2@L*SRP0KCTs>k;ac{@e222*k2VJ&Qk>T4Q_e(~NHG@5 zpr^k$9_SpA278&ic<7DCB6Ms;`NOEYcn8u58OmoB(AY{n(RpSxYgH2j64?=3)uZhABN&M{@}d!Utrk^K*G9NW_SBsL~pi;4?#5?UB0e z=A2+&0#zLXfzjYFX;QdZznzRgB<)wt$VgdP8u$io5JSjg z;wS?|I7u`2pQI#-$M`T4^TE?24G8$8A-&_RKAlphaDDT2=K73uZazIv9 z_>Xvqqol`a6}oV~7f0F7*8HYMAw=Uw?9RT<1uFip(K3N(yR~$moQRmyXU#VJOa{uK z2^f@(B4ef#0GNpEPgumULkF}BGfB@GZWLPj$&oFL=!mbaXGK^a?SkY*Jso+mH}s}` z)ytf$=FAiBnRLS_~bk}uFWN&qD&IMnH^ zJB%9^Z3Pg9k)Jpe1V$s{1sZ9@2&>h5fK$>#FUTrC8Sle()&PR0rPtDOghSsfGRO4E zyrYTqj>i&}D(zpV0?|t4JjIR%fOH2=5pfYoY%Aip{YSB%Q?JL!FaYYlGegi|{0Kgt zO-+|rLNb~^Bk0+@BP%Ukz@BiV=oh1ay!)kaK6A=;2sS@wH{6xV146Hiwzy}~D`WAG z4oSx7j>iFVD1a+p0Kbf>?czNN3cQXCU11PaYD;SPJ$)bsnk$OBl%VpnD6|HbaefvT z5DcJf&w9!E#xDS+3W^f!&$J?9HU&8MK2R}2Z8~{-iqH_#gCZ~iu4@2>_|sJTP}5uL zA4;4M^qAO?>6l{p^I#%rL}R#)TS}VrK(5A`&tT}NngM!qBCiA=vI~O}I2V{S8CA%2 zfGZULI%ARuKdi59@#)qMl3i1wbnB$IDpEeGq*phRITaV}(P0Tq{L1!Lf*x zcZljDl}pveEP2A{m@Qfb;3t1L{o(-X{S3*>CeDTFD{AQxB$yK8s@te#- zucDvOvAKVjNc(lG#;8p#uC=i>j8pYgA^-s>TJ(N~jW>VTR^Nvx{P_z*B-2_R?iUy_ z^d1Axe%MnDN9eR*Cq+%n7hEpw(4ZsQrQ4XWCVY_C0&ih%RqFyM?pbjs7Lqp*7ea1g*o;eH3e<~d>|!yBg|9AtQ22(RHOv_VW#UplFY0bKI|e<~TGR8~B7uc6($~Ir@5_vtRLl*L28ynT`pvF? zm1$RLQ9Fh8g&@))GPIj(i;c>b5kwI+Eeal)xB)^bBmDU(G6Dh4P( z+MhDu4H9a+pr26gBCd9<#N`;ep^493ITMdNlOYOtQLjH01^YT6b>-=M!Fooa+YTa~|9zG93Yr>((wnM z02muLkP80*u(#*$>J!Eq4xh^NvAZ-AZ^nI=Epf7sNbnQ!mKc8oo_PU2#wlS+fWrF$ ze&0bZWZWXaCJL_igLE8;ge0ySYh=ARXGi3AD?1uT~%@WBMA*DEi9 za=inF*g};J#xgb93}6bD2JuN;wLXte?>BDp>I==sP$W=f3=}?c9$`){G9D=x}*np58285Z>jB|Tw z0-ar87zvibtS?kOtBA6NQ*x%OL}g4ShJKO?1)wA$y<_;}6|7x>QUbWj6Ci@N0mI`A zYXRbjZjJ6k->o=}W!4@po=v1ANgIF??K`dGi1`LBY+FM>$#I%N;Q+xUq-jeqlzFj2 zUZkBj-08_^0Ma5nMD8z%3m)i&1u4dxo9#!KK(|G;Tif)mS$@J4^-Pp`_EJ#wTncnu zQE})gDiaFewQ!tMP1(cqm97TVC~4|Z8W{2V@bHkGQ_A8Yg5%Wt4Cs)P5Q7&i04k`< zQr|u@z@vcPfrt#*WZ%$D4%E~PU9+uz3=S!+@Sk^)buh%7pf99!iA40{kuMlBhj;O= zX2qzwO`;+wkRp>0jF%z_G#fk)Ye&*Per1b(ZBya;-SU1Ly8;c^6u627P}KsqLHpna zn=P<6dIHUX_rrcQ&@$ET>GBxC$45jo-IUke!J9K8vxk9RbiQ!Ey1KMs+f7{%9%c_b zp)?(Buj2w>eUxtNuhv|wp2&r<6eN9OMT6e$Qm)%R%ZB15YZG#+3IzhN`Y2Sh13|@$ zrES9tyH#tc5iY~!#WB@QBLK(*NWz(85hFw!i>1`~$kw%`VNxJMXr3~tJR!-oCio%o zjBiyiH8&NasaisU4Bjx7NUL683RVN8$&*Z;%(Q?+X*-l8d2HyE0QMc+hK#5vgIxkm z2j36GiAPduqP|uM#SyZ23)gP&lOb1uO#c9Q{{T4nd`qDSeIOscUUX|*sE9N??=r@L zs0ylAYO23DsNM|+lRu$ja{mA>l8TCv4AAgiS6?ov`>xMEphJid?H(O!?j-u+|a zWEu*RDm4h(d|-qroRu99g(fX>KPU*I=n+=U7!+pGhZIK;C2J5O*0?!DH%KGAT_I&5 zG|^PuiL7{OMgT#zN`wooIa#ThtE31BC_)MtKn@FpoS;jL3rJv}-zc7^kGHn+0ePmwS+<<=W77GG1BJPMqlXn9%YT)+Ex$b!>VucV+d-Z@f2&=W-*-meI z#V$b3`F_a(Fx|Em+|tWM*nPNZ@Di=%Qij-+^@J2$FfSw_Mx)MSuV$M9&D|jp`#(cg zGQa>F`?fwYz#wYpM#XYh;}Y6sDazMD1@M;*Og0x;Y8_ESxO?^CN%IC)#**Qif&LcG z@ad-hg+vITLDqJJ4!ZDW(QIt5Ad6Q=1=|2-Xc2S+i>!a{0wREwMJ%%%M_b+4CkbDM zHNm=4i5h4Lqvr!TEe(8`4^8tS7J(3t6+YM){!$T$pp6Mo3Rei&pjSXc3TjoP8;act zkE%hPHVqsZM(8CP2>^L#yw(ec?C2O& z26@Zy2{0kXfvY#BZ!dZs$mpOH#UhTfPja&r0vWSWIQ?Ek?FV{%gM8v9Nz(T`1+w~I zSjB=!4g&AshCh)|MKA({VMM`gdYDdhKNu!JsZw}?67v^~62C4GC~ZSQCh4ak;SaAc z5NtLoX>y{8Fn?rF1G`;IjQ&`Qss)8OF8PKRA?y=OZPUqtm3CxNBWz+-7~!;l8DTU5 z4H0*eD+>}Tf`FhFp7ZWt9W~?Do-VVUz!%Vhs9mRjjH;c`Za~A}G4eQ1T8$_WBCN>! zi$Y6DXJzAumbpP45}B|eHHq7WQ>e0_cyHv&<)VP10-#TXV!%>@B6Q8;O`vB$qzwYI z4$WDf5(P$peheN`p5+fQgnW-1!Z)G13Z^fo$*f<27Nd%QDvEs~Gm6&$Th@p_UE+bd z6f)si@IX8&uj2uzt`XVxco6?%a5n@5E_xJ20n3m)~BTW`<=)4Xr_-d@SEDqWiSCvobv8;8JZ z$8NHPjKp?Y2ckqU_4)S!uPQAqLj^R^0XAq|=oveKj$anfB)={54-BMOh+!J^M!VK- z#Np^^6DhiEjv)sXb5i9Rd!<7|Le$i#gBcc#i(tgQhaT9Yd!9O}Z<7NNK6w!R%(tu^ zdI6zX;PG%cuETxPJFeLJ%7abS{Oi3@%q^i)rh zNK@=z#sYF7d-Iaf(wxclfuWO4Y(Eza&p^?kAgH5B+)89zQsW;Zm7z6GwZ=LK>$=75 z;Nk}+dgO!*VE8vhU{OV|c3_eN71|gUfE4J)D)>7DhLkA2apXGZN_ID)vsmCsRDs(K zzlh;Adu6%Jywi;qwTZh`UQ}ia?DH_%YzK z3DBN;Pcst_$DV2xYp6i3Iv@lLgtoeZ^_4O`>$>;XR}BO$qt4M7*E*D;`BB|@SSMcDYw_sLe#P20)=*8$3{yruy> zhg@0EOo0}T7jUi3waIL72gw?eQs}~+xRbg&7Es)9XG&TPBp8Rv_i(w9vbTZ-8hM=u zShFn4B#51jo@IPx)Ue|_Vve7T9J#;(16)!G^7n^FeWHL?fW{5+jvcfVTCnByjg$Z! zXa)pgX*H33H=fKwfCMyPoqui3Si3d{s8bd8FeM@^*r$<@ATTeY;u1QqK8FUxY4R2l z>=@u`X9=kmY957zz2#d~(H^$Didr-*x)$A~lyrlXbfctnDUINwyE~Lccc*}KcMFJg zcbDKk?EStU&UKv+=iB@P#&6Cs$9V4NCQE?7p5=(yUlZlRYK5c_)=An;VDF?&jZML5 z0gdLOTP0c#ziEd5qP4%oLnYd2_O=fG?JZEaQ+g112DPj4_RBfe5Us3o>8WI~Bvym2 z9vNBwOZb~M)!5_w%)ff^jmlO&kaye!uL(rcVsUtRxwIX2u}Q_gNRlm36$$f;mjx&v zvue9+-+%9ZBxk7$c?kTs2s0r=NNyPs2fl4wtMKyjAk%cRdFItA*8}PkeVQPcmF*-D zvE8D#O;BP!1^Zd>PVHlY9ExxIyeSC{Wb!wLcn3dvQR#jIBigwXIWFkfM_Lj!vmyAY z8g8@R2%7OA7GY)5i*G%>+XpG+(y1BOo=1rvbL)tLz-O3dE}6aNRS2VKy237Sf}#S0 zUWBpR}S zqp!6@KRmL9qXJRBvq!yZJPr}(4>?w6O&4=!U0Y{#&@`MPr}({(2#+Bgpv`W`?dcGg zh}mEo2Ov7YQcoEjtr)3A15rLX()!hsXA07y-a*_DuuK?z_GlUVHG1DI>%%`3AKgd- z!m3VXy7{Pb(JXZ84;#rul>Lav{fir8N%hkfW}Q+5NSny)s-i`bxB}9S#4UJ~Fx|ea zcw`GQmOS9R{Q78(*sf}A5uorLBjq*w86H~_opEen~HymAo03ty7n5RE)(53T~ee1AjuniyV3TOQu zAKd$Eh0eRDg;W?*VH7*{j~yPfNNqDiFeL;0(SE9(i}Pp6Ozy|qfBKH?rkUcoB&N+R z6>oLuP*ynSUXVND$btwNv&xX`+H89?8xY;fQ---*#YXw&-}Lk>v_zUE*BaW;T<~$| z6|43=2fN=k%CX;mW3BUKMH%>kDxz5Q3SuK4Oj5)GE%9s2Vam(9J^ID*CfPhy=%4Oz zRT0O($JKL~qNj}fN`eEOo09Za>@SLh-#rhYw^RM7rio$+8-wu=GF&($>T!wtG!7r# z>CiFo)BMM9l;Vh8wd07#mWs^zu!6~#6;;QYxP2bAH*FRpuH&MQ4)30h9(rzlrABhs zW)a;QZ|FgV=#F_RDEpL=h}B_!o@teJE}mJ_3-{0hgq{k>@LBLG)DD@iPoqtO)26JX zL-)y)*`=hRt@RU2KhaGPyWueiN%7J%A7)e0R2)uM&1`H-0NKa*OCPZ@^q$>`hv3sT z;lf-Nr*9Ho%8)jdV6~tJ{%%W#9Bn)0@y;8u(kgro7x#nkeY@U_ApmW7UV!)UwI&uaWk@+4u53v3|z^;Q8hX;ihW#cd~cvIo_qt zpQ>-MoW3p_Rjda+FY@8l8|6@HS#xadYQKN$vBaxZm4F4c1w3MAAPrEl#o3|+xqwY? z<5NIExO)4ne33>`8(EWe=A`0@uakRpc9o7!+}xBN`f|`4lt4*-aXBdaRt6vy6pqSZ8@$Ya*diZ{qUJ@ zVRemWeq;W|oKxElo(n+ue*k|z`DKr<=)(+|vR*)5e*2YBqS|=KoIc8V$I7(m#4@=I z#L}A(ME+$*mj(?t4vA1N>&;@g-vxy*<}rI0Rn&8FW}Pnp*s8e4I=#z8^nQnI1Qe)Y z6YF(c`o-xwvixbTNH6`7rJCk=gdZPy&Zmu~9OxE%m7RC`W*iG~0A^P3eD;;TDYBlShsDUPFMys`VU1_t?`kfL=Kit1d3&Zr(+c%quSdpYC z0i8j@a>N0-O^)+dQSgBgNk@nVHhlD}DmG;ZmyD-12Gk{0I?j!ltWW{GF#?Y+t@OghdP-9&3Z)Oejb>Nrr%Cq0`hv$dJX2z>gMazyvMGr&@ofuI9=J2 zAf}nZvgq;d%@CXFY2ex9>_!PIt%i!zzvTG9Zu4TZBf&|B4b|nI7!S@qDhgEL8E1-w z*r}RKg`^CnFnp_opUu857k!HODnE(T1ic46${678DB@gd<#_Y`@>Lp`01{KDr>%1u zIZ63LN#+4A=8SeC4aMxtL9QQ%@%UXx%yUa9tWel&<(j!b@?++z#GN7k5t?!g>U@=A z32#x37lZKEG~ZipQ8PLdQ)j2BJWt$;mmY)n0PvJKvO5zEbT4N0fdF+%Vc%Ab^X>Ep z8`LK=`t$dw$f;iyRCJVJ1Uczy7l0f!@9|&EfA6Q|G=r0-v8jq0{l0a_8`8+9NIQj_ zpiSM6{=RkjyVvd{)r5;l9Io4&zCF7~P*_}>wTn)&AC3vYngOVsUpDrpGqDldR^ZLQ z`yr3A%sz1Srw0O0oM$&*a3&?Ke`D5wOEuPRXH96r zPYlAlqP2a~t4D)Ve{hntW4Y{jB4+gOl&&I zz;DdQ#Wq%us&0SsSZXg9==jH#hOkTDvmXJ`j1U=^xlS1fkXT|jkRJ`Ez5t=%D%Bvj zi$VRK(c6N~ad!~}BJIN-%JKRnB+FAFIKX~%mI@GXbaume&|ZZHKgnmwa_WUxyginB zj-Mi+y10m`&xJ9e4&bSK?vo29TKG%9(c|8tP}ks&o*iJ*6jHV&wc)YFE2u|+B*o>m z7@>F`vDehXo8}VyLAr=K;f9+;8~rCGFZoQ5Rc@5bVc_O`Km)J;gn0j(m(j(hAElMd zAWB=Cqsr$_33Wxu;Z|fUn-cB+q4000rw9RH#V2+-fKlkyw#2 z-tC4(-9e2dXU?c?F>-)~QRTsr>nxgc*FItn1&=rSJn!`bv3Zm5u$-FpO3KyR+k4n= z%Mt1W<^0WT%P8pk7;Kuhb@TyMEPl`Q`p+#0x3^y81R;Dxp~eq8$bjZtt){k5-8qo2 z+AG8ar{)ndshS9Mh3>5hlAO^6+P^`^=@j<6lQW#1UxGTE#eR2%NlZr5n|{3=Fp$K8 zbN6uxnaU~BtZVVp#Dey#v!}=?HhV44l^Hoyo^dwrY;x<9|Pqf8u}}2 zNrj$fCr)~3fc-2|{zrJfR0jUh@7PtQT6%8%Mw^w$OxQ=^3!@0K*cRWA_tWqsH)>;9 zg2+e>&x&`@>Kz_H7*b8?G44{Vky;T38o+6N&q0dFC-nr0C#!`r8E{GTb`Wa=JQL zgH>Czw}m>{@Ox~c**VUo=}s5bcnMqGe76=AGUzs~bYGsy-mhl1fD7~rPTK(#?a zDNm3x5<}s-J4sq=JD8unDiS!4+|HD>70BvC)zvl)q_iKM5cXW|hdP>R^N#5iuT`X;M*S+T7{h@9J!Ay_U1gA3@XF|GktP7r4XFy0(HP!a0WNXwZBE*2<%>mGXAzwSzr;Jw9*luD%{=}EO=X|W8 zKL23g`O6yN_0K;n;*-=K)r2~I`_Er#TP(v&lKORLZYtVr(VJ{K>eYk1fv*pJzbXv8 zm~GfME5#VYnzyRhK9T54dQ>uOHMn2<9qm4FJ5v{7?aMKk2(;Q3^q}L-;7^%+-*w#% zJkOtgzrW~7x~Pq}p~>LETD-vJkorGl>N8O(~$fzL0|2Tu-Gy2yxo_*=uVAmk#Z4tFlggj@O;< zx9xCN$qI%2k&^f>_P}|{X}&GZFJY@L)IYZ6BD}K53rW&xydM-xzwz29bG;yQQS7 zqBBocMeWRJU0{&%xQfBFO-)BupNG8@rog#jucC;J=p$p>7Xh8wTBhcDLYf5GTI+^W znsrmMC*pkKiBVbeYWGaviY6*T*aJF_-TC1esQgEC0Es7#W5z2%iZ0-=rKSHzu?bRy}Xs@~#&!7m6J^&g8b z6%xB(S4+8H3VQOF4^-%8w#|IylbNSwsPg_uhzM$`&GxNt2V0jo0&?AwT*gnK1YvOCx zRJE!|%PrnXPS*czY-l*XtuS^=8ja1LU`Vwhvwe_(Q^7Zi4p&0Y1IccRuOnR@D63kB zk`n^2YwO8fHS z-U<5HN7bzV+)$!SOVQZe+I?6FCd|2O-$?qbQ z`w+MMmpe7K8vF#G1eV_n^I0*gy_PYjr*nnfD+;`)ebCo2sw*6 za~PE|As}=dC(euWm<|O$Q`%r|L3{&e#K-|w#<7K#n)^U*@)|XlrajB__l1P*# z_Z8P*DU{yK(sSOBkJX7{u#D}k=+w^8Q5jY;{=}vi1V6EijQXiogOvv>Hs(Nd=8Wno ze3AD#mY`IC75{+{e1_K(aqPE&p@rta<<;8Ch|{!%8UhRre1p1vE86>DdH9AeDA|L( z>py^#t^ZwJ6#VWcFIW^^;G69#L-13a1J*6V^PtEN_PrdX{{d`Yy^DBGZ;_l8z@936 zXWeceSqZk9Ul$CjlW`wb2?RZ-Tj8{~+0cKM+nsZ9z-R!r)>>2?8EKFV|6a*n<+}K{w6(_7&|lmo&*0(`mB>bH|6ugK>+g!_Vl-KY{VXL_Ye0I7UqH~mRZ@X#Tt_IM zH)Hs-Da@R(5-DZCq8O@~t8PL`rNP>4Y;ipBO(F&rXo#eOG2b} zKQ0@fGE5Bcu(7~2g{IYBaXH$51tp*ef=tPn@P$qCi?R-Qg&bZ?Ayzhj(NGKi%^m>) zzu>rMpf5XQ9=i3gMlRIRYo3p_R!x!UzDryQnYPWM8eozB&9^~NpBIQ0WVXfw6U39^ z{0|_Z8@Ci%KHmf1*;SB7llr@Z){2K_QE>e5n};$$3=2c!hv{YpOpc$Bx3Pp*Z9N7~ z>tg5+2se6diy;#@n=j30m(KCaUul>$1#=Jb4f9np9&uyM>W6nT`4C|gsg?Bh^E^$? z@=cm(@~lv+a$cb(1n$0uqR9EL1nkj)7&z9f6-W&-uWIMy>M^B$GYa!SC zX;Em;!C{Cej!&wTZBiCJR|%kbqfXwO2f=B3u^Z}w7s=(kXLYssVuiTCDCEIu3l!3! zc5@hH<(|==MwAVZpp;s~Z02;Vy3m z3f|-!zOFp=hdRp8KL#l)vRbi{8|UR-r@ncP{``*eK5p(ey?VAOgy zCs(SOe1d5DzkGnU)L+tbK5NQGIw1CfS{s`b`T<>?JxHYsDxVgYU^%G5r#`$TnV9)D zgzc0c&9t3+tRE+-V~D&erM75&tB)D`gheSNjdIeC2g-sZ#$2&8CHM_hMn&AsMiO|c zl&HqpF!)9*DK2J>%`c=JWEcm~rDd3Vr)ud!xr2Nh!D$V$F5@z{V3E1#_ zNAL5fV#Dr9xxc8HgXkkIAq(nC(DrUYV8DLveeiLFE}wVr6y7TR-QJEtW&aT%XCME` z^ff^jJls}|iK!L^pPzQE>8^d}Uv?L*G+=oUr$sJajuj;>eeH4=26y9B`?z-K*JJ(n z>$`ueg4|cE82l{BA4~(kyr_nXaRimUcU5><0DPDsMmV*-E(u?C06@Djw_hYNCI!A5 zkEyQ)VWST+506rLq%=RK1EluHJ{>U8$-8$p2K7m)O`{`eQOA_}d`jj&c7D9E`s==r$q~3#n+eL5YZl% z7>)vKbT3?0l`DK?LmP=z4Z^|g^7t}*oho07XgdsDea~}T79S5MsHO598S+m$pkz{t z$K`U?h-L(e3anoeQQ#9iEJa)|?>Po5(yuLu; zv-;;Ftfru#yDr=H!*tZw$%;8$_Kd6)kWwj?PTd)&Ow+Sulm7tFHF!Cp)r!R4j}-b` zm4FB1<^kNdEBE*-apuYd-`_l$|A8LTij1#G40Eu{upqzaJX$}RSo^$t<@JvfwB}f1 zbE5lgw|a-XDz3hQ;MAp|F?+T6Ua2hz0Q(#M?`v2lK`UN4vf6m}HJ%P>rmEXx0WaN* z8I2Y0I$;E~q)S|nMrLwO_KC?!Vw~Gf*e`Z+<6yst1-v^Z$Epn~Ra$I1!?Y1-N}i<^ z^uBhiyt3@Rjr%1KiA>h_jvb8~v1BF6W#EY&+bpl@W844z3l#&Gz+A!_-me>js0L8YHJx$Qm%@6_or=7}Sk&v4*T4R?`JcKj!g>nN z3GCi!G#V8I5qynFKMBxZ>;Af3H94DQngmLz8!jr2rWw|4KmPR?y*f@opvi<+W4qET zTJhZs9|qt*qx-YX$G5?h>v6`Z6u9MvSFH}X2#t!n`)sZ_Bb}M9ov_ZEPMn*7k@Mr@ zjob9c;rEe@x9PZI6fLX5`5N~<4-^2)@+lOt_J5NULtm70_9oVf2a-0e5>NN+JNK@? z@PBm$SB1stSL1oH>9YC!}oC-w$rSdN_aTJujDM&={Gc%>hMw2pC&RY0M1oOCvoj zH1MTEpQWKMCa5<%)q8%7z5m`zq5zTLuqkqjrFk2Fc7I;q#R5-tT5k4>@Y{xN2GtaO zfy_R?w3hT_0~n>a%Ww7y5&fs~Ofjkc`buz)7kJ#K@52(CzR=M0MV;6tld!E6Bf9h>8|tlIW4`aB><^oHgSndg z=4@a%w`?v8isvbr%(Qtpi~~*1+jW?(vMKl#x?RMW)~y>O{1Zl{$)wabe?Q2%nUKcS<6|3%XS$}}42vN6L?~Lv5g8B4Liu?zZv7>4 z`c)2QEtdc@-Ve~g&~NNmg=McNp6Wyv19rqDaWDQhw3q*v^#s)k154^GikWoo{Czaq zhc8^$GK1^>`PI$BNi1?a;Qs)|TqorKeAk)smZK@lo5}dJn~hF5qG3GvZg>FNz2|KEG~=QGHA#KF{CGd5B$XR^vkUFA_zzaijDxq z&tHV)$4_C{obI3D;p69db;qMA#Erl@vzfVH8r1LOYRnGS5rU0J#~(Uh-%g%g|8#gL zVZZZlllZ*q757bo>@Vx3yTt5|zqtPaIKG?~II;%9Sv|hIdF0M_aNZxXnGq_q243hwP}e9b`y~yzVJ!NNH(}9zRkS_l1}UtgA6~7` zoiBjRl=|ioj)z~&%c_m>!{q=VB)eMsHE(1;Q-L;IsuKMp;uuOab&pQtoco%#fIw^< z+w`fiTa!Y$Yd&+5nVS{f*7&pA@El!B7eHe=d=806ks>{%#c2|Jk9V^_o!y-*e}#vs zuIuEC=^w4nXXbkqDOs(^cWAHeJhi)y+&}ZgYKO8)Zt~+I`g63?3uLub-=eF86AVF- z00kH9bw^dSX}k^{SChgX*=S`_3W{qX3IaXaqT@Jb!~V#|SE*FWT^=9n%(AQ!mD}^# zVgm^l0D>2xas>1&!aN6k>U^b2AQJ5{!OeyQMHBLx{hMgfk<&&^&NYfvzczeu%>znz zD1M%z)R3y3J#Ke=2)Zn*0YV?8*$xFz!PcTWl*dbXw2UiVqy0W&y5&y_0-_jVCvt~) zz7nV`HKq`?{HOGOpmE2@Z&Mb9kOjhWI-0UQF^vv1nRD@OPbJ9}`m@u4-4U*AYX4Ql zwG0r?r6uEQvU-7Tin+;Z%NDQY@r>3kV{9w=T=R8oCc2M^kNn)cm729c8VE1ZrLKV* z1jG=gp4lftsW>kG0|0s1a|1_Z=NffPiU-~>b2A{MLK8N^ym+>2a-n^M_<5Wu4FY*L ztAx+WP`iG;QDa6prW267oXw0U5#9WyiMvVVyuGr}`$zY$IAm|QS_i$RmlY4fac-8Q zDztzWq3aqzTA-Av+PbRI&6{0H+x_d?jq6Q%1!_c;a^vG0l)R~hq>fv`&^OHc*pepL zjd0UkE8ce;nWu$~hkLdP?{Dby-;%F{%LUhT5r^(Yiygg!^DD$ZwAJ*U>T9p>3kQ1N z1vYI_XvneZkG3P!aXjg?PRJ^_co)lmlT2nSb`_x}*qozn;h(a~<(mA0J#9A>CV(bI zlsm6d(aHw3Ddm>oXYJ%)#9tH2bxeP&>p!433jcE|&R=@+$uI!%7qBq?gr1st>@{_B{v#n9ma}q3E=X*k_2X8E{gPUH<-REi=%Nn}4Js8P1;7&GQ?XoyLmdg)X`!x-a>2ajeV5xd0(xh-z{CCbYwgU#>ZRRr zrr-w(r&HWlUJ>u-Z8w(UzcG1ht?gqSns2r z7u5Z$oocuOs3)r}JKfHY!_sUBq%Xr~M>KR(oc;^t5(5ZzKE|9iocms&j|GWqQ?^y>J zDTYAarkIwZj2}ASm5L2i^Q_;o(!(J*VMjOK59y=NDN5An_Ijae5hC&?fueE?z(8ai z6CZmOO|%iCi&mDBle-q@3{F{iIBlf=k7`-IO~a5*TIn-@yg?|u1U)pXeY}ts{!a$@ zi%>K*6UByUzOOjSoc18l+3BKcfL1`K&BlxPGflM5J0b3j3;v2Cx?6^rTYkCe;Zfy{ z2nn9{;wcH)ju4?%5Ah|h=BPwHSuUxSDdiwXN3J#9aAPQO+WUkkcaf}vMK^%D=1s&A z2`96z)&j&PUxpFV4&x@Yljd2hr`2LyL`cHgT`NRRhQ|=W^kgmq!<=+R`SM6q(ZvpQ zy%BV#t({1-I0uDFJO$6exq4|pAAp>y8ZbyIW^^t8T`(oKF+9ibshd@p-e;H2U=*k} z5T~;@0kdEDCLnUj9j9;jIVF?6TrFxtbz=t;uZe#F66W^v@xuhi9LlUJfa;+~fB=&S z11TahHMW)%1UIL^M}js|uo{5KDX_=q0g%|SLMq3Wq3T%lLtQG$XNtWA$OtJk~Caca%6ZU4|;3iF1_?aU8%M!ibp=_W6yi<{lWK^l>Lb_jB@a1 zJp)gUv>_jYllrqn?9G=##5NMfw>XNJUBTxv#OslH0&7WUTj|muJ4pEVcX<&n{uO#k zeZj8#VfuYlR&n|bY%(l6JE<7 zF!>{llYK?(U-;||t8hRFy}Isg!v$8+eYW_fj9$mNWqol6`07j22chw3A{B=`x&3cw zFB&74I?OCpu5N~6-9wgc2}kVR*%h36wE#xK$SWh)^G|b9G;{sDFdI9QdG)nVTUm-A zbf;^62H%kBbSd$rJg>orY1n2$@#x*qqCybH7}yHUHXmOn7{sDXkY@YP4SyDG&CTN) zY3&)nKlIQsFe0&75q+O@#z=>RPM8hc)7*lv{vI1!EQ%(!ax~i+$@6f~GWQC`ti?EC zr|_|^6z-|x*~IrP-R@Ra7=Cnw9`umWJpuXX3UmY9uNmTTkxnsaTGJ_c%5}*bg77Ok zx9M(4gdN@eLu4|(TI?@>Hvyl)iKlVMT5(i$)0;OjK&6AO`f(DWOaIqg;Jq-5)I1E{ zM==o^(yQ}vf5u4Os7`OV0FQ_xp34PIbcs*RWqj8Ul;BhJgzUHRzm*$Att^SeZa=`U zfdkJF(!&?2Ts$`Rdiu|TAHPUhXUDB<&E|S_aWbqY1Y`wy1o6~7#HlPe;(wfiP`D-< z^jfCv0d~_%))PYCZKvY68Zz6S{j(nYHjTGrxenCQRJxnsZ(G4cvlXF^_CE~psHufg zjO?9tJqGdtR-ZbUcF(@MgWFpifs$yud>^3^rht5;SA{WM23<8 z$B;R(?=FEl#7KlK!MAP#S;ML6rdyE_sUEp|WME8_=#C`X6xx>m6^t}cJP9}8xdcO$ z*;)3>#zd)NVi+3sU#|1;90u1p8P}aHuc$vgC?I54t4Vq%B_)4sh4_)+j#4%1(8adft<_>^( zz_+G4lXw3*|IdJ^CYW3 z)LXSE*UtZssW)XPi`RW;((9EaRg?@(OJ(YC?Z^g|o%5u>s4eSR{$%GF`;z`Jd)QbT zV8$rxTTox|JcBI;0QPZ47tg?1`11F-5sfm`u~Gnht)a~sZ(fD#H!duJAVbsp4Bbiv z^GK)rUW8Rc|9ALOIhlWIamL3kf>%!+AC=#m1?LS&V`~*r5f-XLvJ?`hd&u*Dj?eI5 zNn_1tjiD6Xii}@(moy8S zu=_5mXSfze>R2le&@;dC(w)){8h+|{h`s75ZTPausCm5Nd+4UpwR4hJieNJM)3Hf0sn;&PBZ!A z!}!Mzz#VA4=05=Z)YN}GqzrKC{SKO0RC$5}^p`xrNB?J$bM$|&ClcD!IhSCnUov5_ zEVTOUTVE9xBB&#&Bygksw;HmXmsPI5!nENYN7y+4MIu*-#Z|jv{gasl0lotM`F{XJ zqiI~m#(hK~LVY>^TX;&{FrMl<%`}e05R+5p-rE95Ur+7Tf>l{ zDLetZQ@GUu828Ih5xtF^AEqTd`7=0!(qRD?pF%;&U6UOqJIi;)rearQE9)$rPzf2q z7dsdbElJwQJ?>XI72e-NGdGEMY~Yj5_8!6Gno1hM?d+Z%8gfmSK0Y)PGGE$rKg&uK zcd_k;ycG480s|?R^?rUwEtSXvKP&p#f*$bR6)3y>7@e%KRfZrdp`d#Q-0a_N{>)?GTJaM!MdQ_;dp_`oveX^as9sb?F7?iTvzxEiyp$@T6f@e!=7u0 zPjSM)V!@GJV5P8Ai^O#%q&PptpB&k|Q29+xLeB!U_Tn8sm_}W9HPn0b!h0eBo(v6G zA63X%k{t}~%Erp{V-x)ALwS=RjthDoHjQ2O?Lm5T^|IbNkU9+fxh*&uHtXJe_l_{Uw3-iulY`3mt*Ro!34xnFhH4(2s1A>xdQEoqaf|A1 z>A`xE-gI3~qlwu%6JDx<0xcv64L%O-nx=s$~orsnqd>)ZcP+GMO7`xdi-eR4OSx0r_TrfBDrqbg^u6^{YQg7`lBcf0g8~R*2dsyT+MGZ0 zl@96k32)L-VbCeugdAMX+Mia`;5n*(R~!r=M;GTJfAvu%@D($QxZsHsn8{fwA^ zzFfXpB19VCg;6GwK6)9!ZJy|Ll9(Z@oBeLsUc=H>`dU$>;(vdASkDB5{a>yB-dWq#Y{vLgKdF9BpA9wEeu+{U zQc}2LI@MxCOXRJ@mjX;u>gnFI>!TarlOQJv2xMkIysakz+2D)#sQ$!6^e#S6YiNr; z{*5#)i~56j8w|TvSUrs@IhPMQFeX@0y;@MvYS-wUtQ8wYWom3t7d5@C=aU!Q{|{hVCd%gsXR5n5UffAWV0;-T z$mH+0(Oj1d$uuCGNOeqd^$=gaOQBJ@p7+&ur!*1X>a;T!BA&?f7>QSRv7P6b zsbW~0J{WZN%sJgGtYL;*lstTLK^(Hr(yad_9~I@f*nSlg?98{Ee>b`gwopQB3;iVv zxABPw!87HDveHc=Su&$x84%LXG`%8$g!W$`iucgQC3|E#k^n<=2Z6;6APN6YgFIra z`WMglfET$8UahMG2E2z#f?;SQ! zA~AMcj@*K``%P?NM@zXb*xtAaL>o%~g-OnBVaU&oZO{!A z#g8Y)6jWLc{9kr#8n{Xxu#Cb;1ax=16!ZhhM98^^NMbjvh92{+kRfRwzGRw>TsC^b zJXmjsQ#s$y)<~8Vx@Y}#k(Q;-)pI$o(V?E6L}9dUhVgL>1>-onZvIU!#}a1d4bL}0xL?j$A`(uI@_gW%@M5V(RFRB z!@1?8#~hL927IUxn?HCIqpnZHPh~qG@5Q?yneS3<4-%k0P&r|N2E(wWIa> zDy;p1==ERJuM%D&*x=i{l@Ij`3NFFG-rY=z!G&%oOW(KtQ0i33?-=svXRV!AZw(cJ zxle2L&{r<3060+Xux;&Hs%E8gyg)6P27LZx_5ddLWj}oHJ)S9<;=rEo>m036Q8J`K zAUxaIL`?919rXS#(NeGD)f36D7I4%tVQwX=5a>>n(IfhMK%31fYohNg?eLY!oj0V9 zOP56*3YF~c%R5{tFG$)%q0pho{}hh5Tjx?}r4(h~?qy*A|B}$tY5xC9=q3NZ68h9v z&~jM}edjB|N#ENKpTvyJ05brEQqC1}zf(V*J)B zGJZ%bJS(?AU1HyPc+x@&l6BD|BF1I|sx|gG?EWEgg`pG4s4G}n}aK)4YXv8HA$NA{ogN9E#rVQKfU$8iAATEmV6qqzUOhkP5S|)bf8}(bUAp zwBywCCRN)tVT+*=kH9t;Gp$@gL|#j&pvQu+UaA6tI8iRi;Yxk8mK)VyrSG(LB$r@G z)t^5@XH+4zESZeH$)@^8Fl~WWxAk>cWbZEk*Ro*z;crch3eO%qmMh5AyI-tTjOx68 z_E23P>5<>G`R^~@T(ENG85mCJssEbmlN1i^y1q4Y8&jlX%|HQ~#abj0yBQ`%ekPkV z&H(@=;l?1ex;(|DrsS_=9LRS0Xi2I7LO8=!>_QR6;hw)LsN`Rfs1RfSVVM%xXWt@8 z&fcGM2Qa10xeIZb3NG1Y>w2BNV1#G_pd;dd(-lfMb7pS6>da6<6d+L1q=D*0kE#@P zKZcS=kq7WbMEA|o7FaY;!Abuto_D6bkDQ8$JIR|#mJq02UdMj6pruu4&_Hz5>}O1h zh0a%Nz>mj9n(|pJ7#w>Ok%kYi3W-BD10_^Eij>ca2plP1wc=93_fqK(svs% z1;Ey-i&@ar_WSGEYm&GBeSTJvJMWA>-D_rLb@@&aW~wTQZ>bac@oV1KY*`UiP4oxC zN6P45%Z^m%6T@DB z&VO10naqRj7VQ~^obvaF*CA!5iB*k&wqU^m{PT5@P}sIKrj9tFAUWwC>{Ylr@*vtr zNNrE5SIGvM%Y&eV_5VV2pQX;ZaaRjb$dXRkKRFuj8tN1X)!>gYMpQOX+l%$eY|O9~jcP~gJ)DW%x5PTrp+s}E zyV2)b73JlNFG1>vNg9ccSISRK=2Q!9qM-wKeUPR9{3)IeC@|xn!BpYEJ0i!=sAbh# z!^1I^DnBKnx~0uqWQn9#CwZsRbQif~iFu-V1%8Mit&2_e7kd^Q69Pptn}e&`KUUuK z;ou)RX9b>V-OOR|V~l$;xfl=;;W78+Z>}3?COPY?Qf2S-l^UZmSVl6X3R?s&W1VPv zL#Y#X!RbiZ)Lp{)xnASS_?;cgKqWO%S(OW0i(4-nZZ4SJ}70ng`0T{zq zYaxnP(2*xn)p_9&AAEJ$qNP+dUs75S3Z9Ot#j^z5p!w$s*vdQnr~0O1;5}f!y@wy( zf@J~-ENA`{|e&TogkFNohnNPSK(twD)`m?~z>rgnvclb%%5R%QoO*JV*`prr-W z+UWf%*+miqqP~xX*YKe6 z_&5_Idh)%0l8%T2(E|lq?H8f8bpZNnh?a+$DyMmkf-5GuyQ@+Z#<~=~z;R|~Kh8>a zP{EsLvi}xc z>X7{9)78qF8YD-@Y+-3^9!8{+>`JA&fQ=)fsub!&g~@>B0oZo|4c*1K+vUF$8WReJ zhuw~s;%D^pL7$l0Q47oUTJLupym>Svk9u?sAFiS%ic;q)UaFTECtwAPK@e%gd7CjJ z#2hG}WQm8jJ^Z~)NfK*>O0vhsBp~i}fR-#D=|Lt;W(Px3K6KnVtcbqZ$>egk=X@+S z;omq9f0_Lh#4#P7(7UF=P912M6S_x4;-YTY-|=RCfHg`!J~y#Pt=`bDz}St%hkxms z^J;85P$c|{Ks?%|kDwuvInm;kdn!F153F=d#&m|(5!$y@c?Xe@ zf=LlQpnkg|Fa%&y8|;ya`e|^9iPYWmDvQi&rvv&!|2T8X)Y_-YN2R5Y%qY#%@qmw` z`#vXQEYtUS^1t%SV59_M4`~Ytce{R~`jJe*)qXgdD%_2vFLGQ|ywhiMJD7!(OT~yJ z@s+-(qe|!yNZQ+n{2QINpC)wtWOlfGQk1$ctX6YAi%t84>Rlt3G zoOl(CV1~Kv%dEt~#!`GWYZP7jRt1$Zc64G*HDiShTq7VHah4Hh3`lTVJY{jIw$JwE z@S^v7t&Wb)atpMpJT*NrlkqnEq&PZyS5o`k3hLtkBkck)PUKeyh4^qQE1bA6_#di_ zb(2bAG~k!_@g~DBICFa+{?xh@>8q%stTAY`EnP3cfT*>L957QIH{V&~`s-HwZtirG zK8-idzIOpdqhc4eS!ZA!{2kG(UqzZe0~q0v)K5T%aYUTFD|@{@f^98FK1^>XBUWh`y83`I$ z$1XnZl-B>al59=0LMQ^xseyCy=x#nNVkTMVF*CP=%U!#svb<235WOYUF;&J@W!S z`^nnzIb4aZze%7*tL|)qybg4OP@&}SguFdzL?@K_8S?{x_n;oM{$KQ2XR4%7di2cr%;L1?cLd%uMnJ?;znoc*+j30iQOzwjGVIe9r) zU2^rJ4Gj;tmGMq){X&4!aVh8i*S)mqMfQzEd#Fq*7Tu^AS&-T`N0fyv=4aYLxxe}B zguMz>8l)Ln;-BmOEUiQQPlxsoHibP6(8lui@|co~o4o<$5=|=?LD{Q#s}M#F-oa|l zmomj+1Gfs1=ER!OGvM?HIys=J&RVeb5odWu84}V7T1Up=tqWm8nnW?BRln0H-i3Y8 z>)iW$E{BJK65>(~(sV)R2V+5z}>1i}948)lh} zhHSw6)0>{C1%hPs>;{Y#%n7_w;U&k3T7v-6A2#(tYSF?!(3X;Odw^HhwxN+=(33NN zgC;@A`JjLnvjZ!lMA-Sg(=h`UO1J=UpPAwf@EjXKZmM88@H0yl2`6v$sG`dZ$TdWG zkKEbw;CVan?=ia}>))44(yP_kpYZ=b0MS4$zi(C^MH3hqaHs`-)E|=_MXCo?wt;Hi zVWA9`!AQ0uSfXRT5@VZLk__>2rFalqJ|Dw&sNwkTi-XSFdu+pa~UR zssT5tPdFkE4sLuOmxccTTDXv512FBZFFRBtvF|H*bd-R3Xlpm^XPpzOv zBpa9cw3Y)1F%!w3`Pk4kvR4oy%rqha2$ z6vPFplueLH7tIV3ZX-~Evdqpz#S6_^ro*_pzX1sd(3rdXm#B?4J^9YCg&!^*@7^gzReL_R{M^?AY8!=1HvJn*U0%U(cnuhr79)r*#L{^+jaz{t zqz6Gt&no0D&_F_0U5!VKo^TeA2(r=HUO4rMHi+iU*N<7|0edP6VTa$3fHXwoiKBLD z?k|3EONy7LV95IBJ-ZgKMMl0c4^?S)@cApeT=hcjP2F{@Zpbts;a?vZbzKR|F2-1M z(SW0UJ2u_+yXSC$Xd6cgWITGn5x^_aZ3SR^`fE~9sSXi{zI{G1dPTjYT0=Bz;}o!w z#o7vCg!CVp1uXypIW>-ML2Njp?fG!SUI#@TvJ{iA!G>cnHU#Yr1jkBw#i(g1M2W8n z^aEIB=~kz_ESV7=k%tY#B7#VZVxF?@WdfJ4P5lj!1eCxnFZ7UZU**!0fs(sa^i5M4 z6$gOFYMm2M){oKf!=Jb3PY1l5whf)902d$>jIQYNb;Q7&{L0n3FST&~Ou&`dpe~WZn8hxdrKP0}G$4-L{mUQ-Vw59k z)mG@^k^LkFqK=OrU!Eh0905c5zknX`QKJt7uiq=uPGGOJ(^jvHV-*PRd`7^S*lM9- z5TXS&I%6Kr>oru=9)JY#hQ00(>_DnGS6EXs1QZn|iK-s(fQ_0)8&1QF#G3^TvFPMo zcyY+**q3@T6)t<`1LlEyD1>>CtRbO5b|d2Uz@Mjh-L?RHS=` z9bGLp+lpE|h-xjVTja*3SkoKlfmQ*A>)*Hw8pe*5IoDS0X;yyI^$d&`wLJG#AQCQ=MEV|zL? z&&CckY}ch7MBfCSaF>c4rDVitYI}Z+Pk}H2Eh%8pba#wd%hbT21>X7_Qo`{#K)Q$o z-BxJ1GF0nDYXCM_u(ucoywu>QL#K02L~w)(Aq2h;85z;Yj0y4!Y1xUyTnSu;vO--9 zc)qFX1BFcs^pt=#an+SMQc@ZwQFxs1GUg2YD9)cjS?v6N`#V{#m=)MK; z+MU8Pb)o0i^ki;d<JoZNPG{{R`Ecb4W4aX*St zChwlPh*<|WW7V>A5EB-FtqDjXA}o%E%*a69s4)k593mfVfFL)vt?@D@?lTf;BhaQc zLkL2NZWq$JvjxnLTD-;0GK2At!dBoX>aEt$EAOd&(9*CU1Z7+X=nPD6rVpt356NQR z47~=A>xF_~mgDC&;a>Q}*c;|V==+Q1CIulNX4}Kj+_^M&NuU5z%s$ynsB1KV>!Fm| zZX~(n!k1yAPRsF;dPp`z00A)3aRfd2VnhajI_~$5#6?1t1xgCl!@`^f20X8z>-=Y5 zt{2(HcHKo0YiFr~suyOc(YrJ&;V~}7L|Om@AT(a%#HMO8WGa@g;})l*2DKOqR&4qn zw5l>Lw-gKPc`|;<6KQOC&U?c~%D%@*y7zT6U%%tPs*0`AxDQh)@<0OXYkQLgaUH`@ z?hcpEJ>b!8Es5hv0*8bhvuUf)FhfLIJz&bfuZ2Ve9|+%gm2sr%3@fGsYy-!vq={6& zXu(j5Cd9xJSTCu)8b(hzBL`{h?A+g*o-k=3fH^P#=qBojl9Wi5?j8JTWweTc?FkCt zSDPq;7*t-ROD1{%jDUtI(O(|2n@hx-Wuv{XpmbfSk_BF&bopig=793pkrts=+3JiM{Q9F+ud)A-0@qb5lDizZhao zo%{SvOFZKuNe(8BXOa}wyPK)f>=ER(tEn>o0R6BelqQ)b@d&17vLXZE+^Y|S;m5w~ ze0>)Aavgw_(EwuHJJG z7KId8=!F&6HU&ljpn?~bquwsFLd1n^CkC97C~Zs%2?-O+(8VF7O5oLK9Apw~ zgtzx%m{&3{Q=#nK%`L{$T*I=zYXM?JV{YG*?dR(d28P$V%dacGU;r%uEYWE9iQRS9 zWOWZ>x0xlpotx!g9aV0BzxDo%jm!MHMvB#mion~WJ)s$Er%eKTUq$zS`;vYM^Ke)p zjZsY{7hX&zLd@X>)%53cfu>*qQ~+p)eK*A4{1^bw{ zK@U-Z`sS9^IgUOy&J^U{SVH%mY{lyQCBu&|kgo+PMN%pD*jaFh#rrunP%g^*bk1t+{5$#i*+ z2m%dN^mi70&T*gw8%4w3YoMvlxO+!@4|tGpfS5LJ0U;WA!ObrrP(s`KFf!QTg?<4E}nXD`~Wb|VcdTanp!;scnwYU z-s296__PQ24^89!V{j~!-t>7kYc<%?jV*i|jBu*dc1u(S_TwS3V8#Jwe3*{+<8Lk5C{t$mT9E-&qVW?a3!#f8- zIZmHAZ4CbaoBsfuxw$hyr-oPX<4Lz+f=0DK0|$mEP26ILh|f53y0n2yqv#Z9$3N-w z{+~bT^ZuVd>GE0Ll>Y!mM&qH zGNAR3QXWEU}`uCZ!mTTCQNT2t1sctK_1 zig!c@@plCk9k8s2TLP4?`D(zxkeqVr1wlbpG41*Itm#Aa# z80#QCJ{yyThTv_Gq)uuYZ*O7E;i@$Ns>2|pP>6cSAMXxaXo8W_+uWxDyU`7x8uxB4 z)sZktiE0zB{R4YGbo?A4_$QYD(;kK8ygBu+5s4W(Zjil?qcdomi-dj>`-7#0WINoJ3k! zZ1&{#rG^9`BFJ_o8C}n`PzpM&jtT7-sGttLAH2vCWTXTV25#*v%HvD0g*=a+J;37q z*GKGQo9JO6FOfxhaB@7_2^N#K{!5!L_-#ch9;rSvVjyIg?g)UYna;o)0bL0nFuKZ& zfk?VvI)vA)Oa-Y{{>o7NVRb~jlyA(#fhmwHz2bT&+DpUl^m>MB#ZaJ4_(Vs@pHKWTt>4_hLUG7gRtoUD$Fe2>6-K}Z zW@hws@wL*cz8|RLru3Qz!XkV>Mn4V@fmAUON2We#X4Xbp-xsVpjj)qMCs3MOjg6qI zHD8r}nph1~Of9;n6A1>1^ScT8!+IlBNH@YJbUY#x5&Jk7NaI7rG=5xd7B^lY9|)=^O5ZPI;|xSgS=a)b~}N7U!%4eXiCHEE*ouEEl?lI{WC(s_K??rgKxZ& z^mfqkW`>=Qj81O5;0A}`+}Dg~ZNfTzGw6^KpsRwr<2y}rH-S<}-^w{*2uuAVvmJvELU8(@8z=Zn0O?p0xb)mmsKv9^j$OpLlxA>$tpzog)q)Hg!Pcz5)^ zSs$bbw~4ZABTm&MlDZ;-&*DDzr>t~dP5n3%grvPtIp+}+dVM|Jo`RI}U}?l^h>`G! zp9z|0z*|A6(o?6_=_nZx^$4%CybvP?00BJ!00u8M=rvFy8C-l}AVdxaIH3~RF*pFi z&jmDoaC!d#n{f3vinWFcphr@nPEzBSk-!q5JwUMAHJuNLjG}ywGqE95?N`n^z|bfG z=fDAr0Rpc--y#qY(*eHmfKbuWJQq=X4|D$Om!lwwG3P#lMJfd$P)W7c-_jAef0syz zWI*Uu04<|Qf-@Ty#R>p27J*dyHfp~LZzJ^I7$omXs9m-uyqdzN z?|J){QJ%u^b`B^Gs%1-uBi^RM&Fk&N3)q^OUr;07J`dQdWASiwgvyXGKEMa5mM3h! zdS5tRiT9H_{hnf5SA-2@v%KCq#3H3qP?n&P!2^^cLR}7SfWwC%k^qao7w0;mQUgzh zwD1GA7O>$Bb#~K6msyn~#oIWo`WFXgLo5*yJP!|Cg)^dENUJ*WBb2V_MAb5cV#mP*AUg8l`ycPX-v}Np8}>o_hA7PddC@;S{Ns5=0ze^l z2L};SGAfFjZ_|6$f1vbd`_EZgccwswM2?!SzwiY9GMw7qbYI^;(R%)ojm!MnPZ3Zl zO?+qe)Sf;XO-UxONjISK;V&=%R}AIa2h0_moWSxYW-yRKCPyIb5zRud}L01toz z4Jtz*&_pHQ;Prsx;K1F1K}L-k%x<$uIzob=sx}xCBfO=t?Du=~hE7-6Wm1|QPoY|K z#UUf7VcctUqc&ZalgML0lnRmr0TKk7$&xMULTv52H}Q+1BN^c#`0EXzV0_X5>!W^v zwB{va4z?{C==jOH^%Ie#&1)Zf=o@(;;DJ10Rn;np0wAI$Z=PfG03KWKR>KximGqGD z@@is>pxlzsfT6k^m>OIGK&0{=+(78Gm0IAHj+WZpDLfs!!_Br#QE3y4^g5ziI;N{j zt2cVKf6+rxLFS=_G(v2snuTNuVXU2+rL^j=qSG+UjAE&l8%N!NVqtqOU~r;!2G0q5uZ5-zV-!H{Lh?DEn+kf z4C9Y5k{s)`TPqH2dDjCGIt;iJDtXpQTlY>GQ_|2_@

EtBpX9g$!oGxwh0d1K;3# zc&`=(Vgae*ZyraSMSuz-+Q?^?(HyJB0p7M?1A3OR8@!&Z)y<7zb$i|4V}2JCY-MgA z$_j>$A4R1AgpYU-p68}Lc$AR{rcDaolQaTX0HSF^m1i(E*f!%u@+x?^emir5?MU#4 zdogV!0OAK?sFuf>5NgZRz1u~Gj7|__FUx>AddD8_*QRt=|bb(|?fNM#TMWK&-muV@bY+0%y)I1TE> z$;BaV{&Mw)vXG>@fO(qUD7lI-&~yVe$Jn1k)af7~dn9~s(8TG#H=_YWD=nB@dGN|W zp|xVB@HUaMTPKKV^Oe+*+1*9yjsCc|mjtKn14pEI#n2AoTc0MkrF(GLLEKD_k>~Dx z2)vU5<$9|AajZVZKekWhSB;Ww7_#TJ>pUiYO``T-tR0iTZ6g)5a#iOLF;| zd46$;KDzcB(XQbaL6)&>h?vt(@VMn`Fgaa`Q8nBQavuVNa`x~w+#i2F78h}rBe{PR zO0*(I>%FQ>3YU_tVVewECz>D*D&R!0$u_{FCcWPgom#bc2}v!m61i@jL2fnYt>+Ag zw0t0+xsIemN2iNQok&kOmxy55Cf7_SF)k%_7e$;WjDDm{!Jt%UiqCmB7j3Z+k|?%0 zwZ^DwN_7e5$#i%ysykJHqP=j5h=3chdmcmZ0NC2;EK0)H#_WozXKVwTTs>can$Z+W zY;OtecLtiIG)JMN$}DKn0S?(`rx|VljzY2$F5Xw^T7Gp@M3uqMUqWoZmITR%bD@Uis@M%RI77BpY`tZf= zc@i-df)QMM%ZS=m)Y`*h_pOM!{%WJ%^m^V7O=VM#hc5i(bMaV?L1$f80AsHoN<{{x zF#}mHL$F=5Q2XJG^9gb~*kje+ZzZ5aL3Bs&5P5(dnTQ1jo7_-HReG)gnx;wkAm3-( z14<|b^^S$;65J{7;zm5WP0rQJooq;;qp;jGNW06z(}4}sMTDnTV^d#{3l)Z?{33Yy zBU2WFY#kwv_JUvr2($%$?rWjMNIJ0!qf0zo2BKX`oqh)IoDclunFD2Ur%QlNGZ(zm zMMy*EHyRKi%r1?+{RW}%L=SrCJ!IT^0|Rzgeb2TpC`&YH`yF@&@t;xmc>&6oOB}en z`+dQ>S4NKE!WPAjUKq!#^P1!$sEhUhzRm(?U#Sht{F+3R zoC3I@3*ljtxP#H0DnfIu2C2#e5Mx2)_gKN$HY0-y@K3>t;{!@ysF3=SS>RRtU{WF`k@58qP*Co9dn;6Noz8K?LJ6i9X)&mi!# zUtjhz68rjspbESUMIs_;AEE%L9x30dVG3f@`oF?5Gel$C>-Yyj?gl--AHZ=^P(e?B zPuCf3>ihmW5Li|m{+W%-{F+cmhHA-Y>x!+Qg?4|IIT}vn9`G-bh};JKh5ax_fI$Fp-a zwv0LDuZm}|wsTc0@qwTnBVDJ*=iU%yX$>~RYp?)5Rl^U7K_G*{+(4YWhCW9G(tL#W z2R@!N-c1{Mydko;K$4#sx{{P9^zsH-qdyWk1d!X+(t@+s#}h=aeY>PB<-V3aPDm$-;v5 zbp+N%5@J^8vA}6Y{Nn&_e#=XJG8$JE5S^_W< zdi-1*mszo`FPs(XW58iOV!#T3rdi{-jpcM}-;Lx&(E~1f&!gzLp*_B_42m#=R3Fx3 z6>h zR4g|~hKJ(-cz|qKxM{&RN*G;R;$peT1Jd`;#d0?D&Hn&Q#^wG^B~8d{f?UiTh@a;k zcV@^imTd=%nwPy6zs(NbjZCZ{{XiVZM4EkW$q#(t5x%Y(N#|T4mcqV zYdKdFPUBl%ugjeFSzZ$QxQtm%wY&F^c<2TaDXPKv!N~y3f=77KWjNYYK0YzctFSM9 z*VZA$!X0__u4E2FZ3Q&@WjeuX-5};MyDwVcq)>bj;rPb}a7$~wYXZUYV-iL4ewuGY7kJ3QmE)7t!T2#6 z;1`B;H{sqs2HkJL@r5f5E|T{S0>RozWtZr!n2$CO$O!uO(0UCs0<=#pin~+N=NN|S`V_*&If1-qu$3wRKV|J0o(~y zIkQ6&kg%!ZNt#z_#D9&e1~&G9t%N+VpvB<{;7|^yaCw+Gl?hNR@OES6a3>*7&}grH zV9gW^0IIIwZjQBAQWIO5e!$3Y< zf}|Ia6_gk4 z;PPw~A#8@{-W^OQJBrt5W689;Zx*t&AhrO0>&R~m$wa~u4vGlJW+p1qR_v7GQiG=x zNKX|sSP^`ea}8u{AfdH2*Te)iUR8I(7Z4zXB|1J9zwAB%DClO0ZSv$ z1G5#(c&AEg5wCX@R4Nh~dW;*;)y7PIPhEr3@21O-{XLLDlq?72_k%DuJD(uD^C#2v zyLZQ(=bTufzjQ1tXKOM40OejPpuh!cNxVl!WuaPVQH;}a_CB6;0Mbz(P3H3Az#ADA zdNv)NFdwZQik2HsahD?s?xCd(aryO)Ii(VydW^3%n)ee_$brj9J|pKeZlG3-ghrD0 z!es|oSPP-oH1TvetyBO6wRA*qiW?KnV^rDT9LkrAb?X18M2wZQG-km$em^MPVFO4n~3JY2Ri&AgSnCl4H(O-&@g)FJ&V$p<2qiFjN zLh}McUXVhp>Qkx)(-B$;NYGst$5qplMIugBzz0_y%_{RC&_yW3r@Y$E$)*S}KiMBR zdU>9*kZsb1Pc!JRy-kTKZP8`%lHYP$b|cvPy50K~>V%M4-dp@0N0 zX8j|^;cZrU3bqjqR2gxUfC4bD`&oL{B;h2LQ5tCb!_GJ0M@SJCB?&J~GT-sa^rQuB zfV{^7c{42=qh;ta%sUQ|O!0>Q05P9Ulftm%SwYodb#fh)QlsnlJ|HZe7zIlK}{&W!OX7YUY{8{K^bMobrcpzmxj73aYWR#ELPAo3YgGzRTv`2CcD=JCLlB~wALtqL)2h?xTHwkL+&oDN0)Fl)&Xi8F?WtIm1+o|2AeAZ z9>Acr2S9w8qCmY7`a-*t=&cpGsv01zi)oeaf4WMi?%qC?u1d5jM2c@J);%_M5lA*S zSSULn7|fcXA7*rGwJ6Sfp^XWRt5t#|(urljBe+G>MvIM!upCj?)O`u@1Y2ER;XPn1 zatO1MnX7T6z*UdZ30eMbzMTQwg|whB7_G%oA6HHZXh72?9k0D>7?99in}Mio)bG>% z@3#+p^C*x$&-N^}Y1J(dkth-Ez?Kg5dj0m`0y`$=fC$oya=TRJ%8>=^UYG_*5gMR{ ztcrNe{{WGz12hPbhTGE&K2`Q5PGmk>-XWQN5X1&39cwQOGejZ;4e`uuvZRj52*X9| z<1Ry8bO>zZ;kFwYySo(Es_!YKrCR)Ff_)GyircCv2s%`Ch<(`Tf`BD=Bcq7PJ=9>` z5R=SPD&-9!p%)n~_|^iD=FZ`KNsCVD0R$LefOMPBFnKdzAi=w;vS7E!5olAvuQi;& zi%Zs34Bm@wB#f+6pjkIBsiG*u8lD0L&R8Lr9rCWu_>4O@vo&7mEh5?>BU2@+8k zmf}Rf9hh14p1=b*cW)BsIVA+BZi2eaA zb#%ylV7_-S!HCm>zEfBv&U?HM=$LflHU#JxRP8>Fw;9ZDNN5EWQ@OOSXJ)RsOY??n zhe6kZ)D}uIFfDZT&)EL}zEQ~&p2mZI$b@f4u6Csngo0EBWWcQvw6O&h z7BZQk^r)FgP~*;mg2}*b#d&0ca;GFL|f^sfdSPMO?@JMK9?|o z1dysALc5#5lAa?Nq>iAbc*E-iw)CKil;*XBHnOx-`HA_)1Ob(rAP9*?xnE(D#Z>`& z7p6gw*v3#o)I~gF67p}}vrHE6M-9T?ZFz}Pazo{<mG0Doz=_nwtUfKnXRn%sd@|*{Ivdn)V19Dj8_J~qLmCpvgeVLJ3roSnraqeQOF?=PLS zNZ8Q*<}I)w{j=&AfGnMF&8^wJ17qyGz$U)4#@lr+HPX7QH?$syd$38aL zG)*6KEy-E&K*>R~);~a3S;=hKLzfag4QoDCAQ ze7LX_UbNMk!tVll7=9U=B)J*a;Jiy-5q($Ez>2mb(q zGB_wjvG!2?Ka%AN*8&Q7ML(6+q!PcE2R%3+fb@U$QMrGUNP%%LV5$RTcEU?GRRr_2 zFcQbwJ9~iMm4^5q3SHyYFJzz+L?Lah*@+hgy{QoeYf5*EIo&EUCV=P8{7T`P&~A>$ zUq1v3A91aVinZZ9VO&_W_z-wcFH(9ft5}7v#pLmdy=F>ru5;0lY}(06rcf^e8Ke4BJoOK zwTQS8UWA|GAW{3&ge4FGOStDXaobD4>22?{2>JmYPW?#yyvETvHem*pSBa z=1e^OYi~+KDkhgW0hXbF8Up!;(oPdEBU9rdEIvvBbw<*ri4_iw4|IB|H5>`IC(KJ6 zAP|Jzi+TzLDUTc3Qqab2N!3V@~=DKQjx!JRhc_4cWKeLg2vm=siNQ3ozoKX@!?X zp&F^z7XqWKiO}g10Wg+~=`uvnE%Zs7=reka7$Oo|^MTc<*U$zGZ_hlm&CValabogM z81Ulbdgqg&!wkf;`H$Z#zn>H&fvf@WDU1txKyNS3}n9sC`_n2pn6v8PB72+-k4#QtC7%lF8bkFWkkhL z&2dhZxDvk(3ZO!>eeCN*Qf3E>4%kRDS}?R88bo;mOE1n4~f_i3Fg} z9cHHM1~QfouiNFjUQ|+21Pb_`vS1n&91t^|Hej;QT`QIk2bMA&>h&sZE0&YXY_* zl6q6a>n*Ov6>auz_keRKR75|3cjPgiWtyac;8lL_(O;`YHvULgp@9q{QqH?P9<_>E zl|gk656LlfD#p33bbE6`o3T$}!C`&O8Tee1$h39+ zewI|hC*WssTBCb%uOFiKyb9_np%d~N9+;SgI>G{%XI@7;kCV<;M!*gOc|hI3MAMos z`@AEvHP;Wwhrkb<($K=Z=c3JDqqtPMs_FZ&o0*Xv6T>+qyc^9v7?&c5dJ^ozf3TE# zz8@GHx(Co)iBqAO#2>(U%b~8`RDJ&dj6PmBOik6^hMj9R$YDK{^zk{A%aUlOo?&+H zZV;mf-~g-W1M!MRh(~~U8qn@N$66sGlZtgRkm(eL=beXt866p{0fh=Ib+%=qYeWg_ zATNsGo~j_4B5@x%bMEMIr!UWOWr@|V)v*xx!GC~)AtRu7IdUk_P-?Ttw*2cHP01X$ z(!X z1^6>_%IQ^yn5tqy5gI2-LfPI7@@_i@+L`aJc zGgRIXog(gu^G1uzG~ZANLA*lin{fp+8F66p_&py=yf|B0^*g*-trjUkz7GxC{)>rtU?qJ92b?p1_C@JM{wYbZ;5aj zHF_NBshZjq;0y5Q1g}-n(BNHUeg!7pV{1U)d8*f^fn7vYng#EoyizVOT%a@$D)^YK znA)0mDnsCjpSb@3d>X*0qGTB9%lFkXh8+GJ+-g|5n)DLZCPn>5CNqEshJcKrm-2EC+0M)Zr~U~9V= zOwe@~q%V-eIE&L1f=5oim>?^JIgg(HamcBi)HG9moxx|^*H-phz00f~WDi6jwlc2? zyjg4nBvE9LoPL>8)dsmkpfo)%cy`$kCn3P8{PYPkxn3*5MrVfhnRrZr>U-4qG)t&>8ul`r~>Syzd=;gkud<2@4<={Dt2PT zinkw@8A!cyWg?c2#MTMjE=qzjvtg|1t83uK18An_j3z{JES&(v(gNr`}p7kedw8OC}bLI2BD$}?tFhy2Ic-uB#@{P;Zw}4 z#D-v4kcQtt8NL2Eq&MSl#x8FGqzmN$*&E@+u;|A@3WV^9^D-~}&m{zSJT-jGmk$w|uy_-t$Xs>_I3E^Zff>W1N1LzXHiSuv z83Ke#&`**T14>HYLwc#x=rfS<0tNz&JiwD=kg7mWN#`rgf=WP5@Lla3wv)8-ItHq2 zoaX+4EFwUyXM#;>p0MZTiUnvJL{I2Hk=;dRhK zm2iq^ffJ~IEn-Cj)|k+~5VzwMSHPAO17%Dm^@rsRax{=ditAa$DA(bH9e||1aD-za zQg%(0)A5^*lueX;#-4tDxIXX<*z9*NXX4$J2)EvHq+wle)Q*VySQnt}u za~P(`0E!mvbSti9L$FkH!9W%;wZrHXqT9Q8(J+tV7`hB14JD=CD4zy*v;%1i5V=Pz zWNsv&(`a`AG?fCWktA$9`Z!vmHo)HcLvM@&J}7THbQ0Yp?t2$%G%kyErQR#TaB(W8 zCF8t)6_?s@6!13s`c4Xf5U8i3(|YDwpEQ`TNCL(dvnk-yCrv;#wi__w!89bOK^HGE zM07nAF$zQ|CrgADjHZPIRlP%o{S;6m(AxM3j$KnAL5TIzX)mM}@cqS=k~&(FIE`@pQ}kkVCpr5buS> z##M#HFdzfXY{&K|CZSc*g=`Fi%z{{_K~KIY`cg?>n#@8_*TAD6W^-HThLZW-f2Mzo z@$tWt>7-@*a&cUC1))_+=q5g@x3(1x#4nkV=T^UmC%gSK{fqqP`xp7eNTK)t0Ppn> zZeQfmIYS)OsI!GbXM+2q1H)2Xpu3jC!L8*=q~|d3))UQ`);Tci&9rBsfaGF1tkkW@ zCr6l8?f^vycs}VfLYJTt%fEnkH88LPkl@KMN}!3Q!+j6t+t46Y*y2X6yntv9agW9f z=im}5x&z)d;PMkCt%GFul>3Dm+O909$_C~rWjyrN?y*~Y^fEh$?;7ftG;= zRW**Nl};@vmc10TaqsL7Sm=7d=(^S!k60E<)NcPyb@2D9v!5=3nnK=DZv;8!|>4<_nP z<4v1Lm|E)uk`r1~d$|GleG>Pi7l)jLgNjg4-Dv72_MJ>rwNDv=I(j2u!5W=GFH^71 z6kt?(d-$)z2oIaPubF*2`g7_NQbP#8$}DGGE?At91yBiL-QrswvD5s4ACvl!kleq? zq%oI@SMYrjkSWT9o`6^FgrY?Jk;P{}hGNd9F90gn3xPyLV~M!XL39o4YnNmmf-ygm z842Y|F0FA|k%1Ak_yzha$qbyw-7wfLVlW4EC+GNu5fn{{j98b7>b_s$Jcls|q%MF8 zudEY`Y9P@*M-sOmsA{j3ewQHy!2z3;#D!~$T@PO_Vjp-fVKfhUyefDGf!r&v1M5HI zXB}Mq!nFG1L4$RT>V84#f5QvZ_Q|BdAG$)e82^hn8Fn;Q&0f1gfnnHI^SBd?KD? zFCuF<61ar~iR5kLk*i%xO_h)V==0@X5+D;mTE@HqI^jWB1XV;(h1{9@-}m|&-t4K? zC_0uKvKqqQQ4tVF$`!X<$i)RPy6S;Itr|Z{bj37mg#xO8=(r%vFeN@H2E{L|M-T`` z)pRcO?Z!q2(g>zn@c`752Uw2EY}7|qf->S4d8AQyX=q#)tD^eAdK1y}0BBk~!UR@B zLeQkxyXG}lB(H&L*bj%^6G7vnifM>7OXm$$kU$y}de-lwG26;^;!lyws^|-wk*D=E z1*$$P_^C+{@_>p0E9G~Cuo5Oxnj8wp)+q3*Fg<{Dk#d>QVwdiQgM#l2SS@;F(vUbQ zIfTXw;V6~?4y%5J-RI>Q`2+01Esz>98{0sMw_b2O+SwvyBmp#0nsZ;5tPoQ*r9g?O zYX=-M9RNU@o?6ZY!KepmrR*$@cxRitBZM?aUpxT7Ap!*j5fSTnLx-F&8htwK#?b8P zS(fdbudk+0_MX_6sZRSx?HO5cFDe!2kv|w7Mu+U*^#~Z;zssbFOQJ0({FrIV$X}Wg z(w#Bo05{|{6e?{Z`EZdifsq>vZi2K#}8qZt!nm z4AoGBw{ak+02oF(c46QE4Nwn=u4dv@H+V(SzBe9*Rn|$N85YGngU`}DqOK4@peas_ zZb_s+EXXGTtrBp-EQb^b824e7k%{P99=E*PGDW2uiq^-%zTDeCuuuZ7!mSGobH5NT zlv1bMF-#|R0w(Z96Jj``qz;V;psCy`#*B@0g^D*$U)!yOun$AOIF*3Nf~plOrSpi{ z3DiJDLqJ3mc!YpMgl;KP{9tfbfl-UJ)lkR85~~`PK^=(`e(^hy3Xl;X0zjB1*R*=V z>Z6aG{4ROtK_*7BPi;PZPZ=-b{ovaN;FC>2X*iS&qYNTeloMSZ879SJN1_5lP< znE=*z_xI`05oWK-x%|ec+2IA!_iJ*|yfH0JORZv@Pv~~gn2@b(6Kyi19 zHMqOGQz+iz)&z&*UZgmsxD|IT?i6Up#}m7ib_!35t0Tpf{|E$F2!qrs$6Qa;_zuLkh$n zui-b_uYq~XBcVD5+G3?Uco=h4Xt?Q~8e&@L32mj;2f6a8cA@oM`v(2kK@qv{Urmup z)PWBjY$269_fm;J9dc%%CR1^}3=;4wl6@`__fQ58Nx6=X$UAW>uH*@Acf5;5 zqrVYQADpZ1%2k&H7>I%KjS*L(eIZPsn$+$7>2PMwgKkox1<3wuhJ{1WE|;6jWK~py zl*k9;jM@@s*h4{X>8nGyuR-cdehzmR35MStYPca1be8m85;GU9Kzz6Nng z@7p)H#DG{Rr>wP$onTql6Ge`g4!stf7m+IdNWPLOf&C){H;^ge)D`#+3I?H@qbc%6 z{)WNGQD~(y_LTg4Upez&;0l{Km!NlVvi4g${e)B`qY7za+Ac83t&c<3YvMcJwqTXK zVlGucQ?(!!u0Wk$Ab67o(8sUOqrZGTdAOtT|BjS{_+q%`3>ER{K4JOL+XAUgHgZ2J zB?B6aq6wHfZQH%pA5QRcNP^CJpkH5=4hx=r1un=l><2(#YFO>?zRy}Cp)@6wxu(); ztP$a!MsdC4FM2zQJ|S0>^{DH_wyHj`4;-|r;L)nKZBcA5wh%!D>;?rh-LbK&!b24`&`K`0 zKwDElcX9gF*<)Nu=>ZcIf(E6KCCb1zF>++-)?K!^UH<^?|IKhr3ED)v=#VzWaT}Tp z%nEL#RxC72bDS$V-f?fjENu-Llqt`Zh?3By`aq{~^V@vn?Xfq!XcmnAD`A^KVZo8H z7;C=0YBQ?@n_wYf>xclz6@bVgbe&|!PaP1%__6%%T5hfBz2t@AQ#i&^oaFgb_Ie$y zSuBPGrrR&lo|RpNoi2x(?@whB6P_xmj|mLl+xu;3!71dY0Xw;h_R@X^xj4j|^sLPD z++}4lgk*WgHx+KrTRL2z&^^E2fl6sA{r6~tIvSkWDS%3^^9eF(ZOx{LMpm2z%Zl_+ zWsNY*;eh?8v+O{ksJ%BB=7VxfK@|m_%o}Q=cSoXEn^;2-6X-<2U@YP1<}VdcsKyPU zkAp*dSr+Sj>^fcKJAz>>4b_*S@F@3#6tZgNTQBzi=`DD3Q1yrXyt+l<^{E_MJZ8jPU^QCBH3 zZl;}G?^~+2f)~iq8jw5MrV&cK&@KSUc}9Z*O$SX*ZZ?rUumtJ{a#1jOuW%yq=q_|J zNNjhDpi9IMv6*`7){0`U`D@Z}wU3Wj0vgp&_p9h1;QE^Y2AK5&K8awc(y>x3F4JM_ zb{;c%FhV=L>Xp3WCS2zA)S+*TNmYo0IBl>MzVVv|v}t11kn%8Dw{%wn%o03S$vj_< z@EAqCGJwMq?K*{Uuz!Psg(%wU_`OMG4#^GoeN}be|GPp> zT^i}yzHC91#%^MnpJ_hvg;-3^lo8iae7!GDzwWFCG2EoNvQbb`Zf>r}U`vOT8YJ_) zm_B1rM1n7^AIc|lLILiA|JmzX>9zw zVp^q2@cOufYK1(K2gHbcVaE}|Y9>gTQRPCWIq>P;NV{{s8E z_%hS3%DpI++1@2+84LW0sT*al8%a!5iy%umi-^8`{gRlRd;1~^_&>dyzb^_#x^)e5 zJ__Qhl91h(>Wb@+{&}iD?F}g`MwN&uiE42t&EhX%C)Uw5XZyn^ouTW7F6L=b@LB!{<(!nulyfieQ@t@m)3usSumXSo=1vV zZ8qaoNLLK3Ok#hUd)PO#2j!JW1UC`9nF;hn8Z|9(?;K7$7sU71PR^hYg*mr2uI-w9 zzFW6n7N4;22DCNi#dE+ZV*Lkyb4dRl=!H|qJLv!T50Jil6ZkA?;M^}uz@%REyw4(0 zN@9&ZfAcXC#FNi*{0M?o7v3XeK{%bAA+MQP|MK9=M9m($Uf9#uUfqCd4D{@(oR{C8 z%dnqaH~%-o!RDO4X?;CPV^>5v-nojFOYUOtRlfq!zuiG&00y6AkFUDp#!|=o_{PE) zrEh6gglyNAjc|>5C|Y3~rV=Lp!Y`DeF5@&q@D#pp+*E^H?y8IRVjI+FMZWqZT|e5{ zIsKX^nf28>KvnGK9}p+os>VNnc&hgiW{>tDy-KvB6UcW{nn&kLF3T&%+eu;~7IE(3Em7EeI&Ulu) zD;b=AA3Rk^ko2bxQIfZC|Ahw=u4rZHan5sTR$X1O904Kv@(*A_YsBopwRaH{ioy8B zQF1KS04{UQrz~=wEB*l#+DHLRUbxcdgwh({UAtE_;4mTHRg&poIC1t33Zyd-=}ljR3EK;)@TBp0 zrTuNzdmFXugDX5Jag5Lsv|7LXL6~!dXmN;8%64SOgE$aSz69a>iuZe2wF#wxRvIf zYSr^)xvLA8>c_SobX6tA2PllJsuMwZ^)o0aj7GDEjMbft|HOLUVwz)Ds28%4v8^jjw^}mDIgZuIy1P-P!%4@e-;mP# zDEF$b_3;zr|H+mMrH>^P2na63kQo5lt{L~N3&=2Y=E~V?oaA7Hu9d&FJ-y21>wVi^ zGR1*UlRJyv&(w=gGLe66O44DxBldtMP0Ld@0%sadq;JTTAU``xdf&`p76U>t+eq1a z=oyvN!(h9*UdkSw@%W+0V=+lT+e|y47&-o?1PbgxaP;3sl9xAp*g%T?4R&`oqg7bi zRRJKC;n0v#eUsd|h@(Pfss|C^9XNYmgqda@IRnbcQY%R)lJ@k2jh>8_7up~oE^O*U@28QxEs7F#RO)dWV zoKMo`vGHi5&t!&{O+4cIxR8F&%lgJA_24^v4*!NLccOK}t?v}#Lx9@o%;YYGO*cZn zNHXQDLha8OiSrv9ZNkyDL35U{MpWLYA4*c903^cg==rOu0v9e#DQ0Mq;)yL)`s(Eb zA)U;B+%O*^?z3AAIN};h??i|d0QCo*^cJmapj5T5R~@C6q`#7T^$3mG@5@QryJv|p zk)ZIA)!;P5_YNASxYBODwr~_BNCu%!oRJP!Co*($C!1d62|0_KFAc<%)N zI7YWfp4-*R1Qk3)^+B*0>j0RJG}>e+vfd&40Jgt=ym1aLBNc8f+HhdHFxOM&EZEp56Jf7B{8JJjFoFkrOT)WHWuReh#0Z zUnS-Po&n-E+rMd&$W^Q;N;|FGh7#d&6qd5L>=)r;I-Lq)i4s&i3+8j50RReR)f22T zxf$!}Wjq7UPl(Ty=watB{-sJg)Ojnbf28<4&)9T2gTEUde(e{En3<9c)wa-95an^; zUl)>Gr<)RKCgXq7R!(BpYb1?6>;=Ng?l&ek4qW<``1{PQ3B^mR@FensD0Wch-{@ek zA4*?dApoTc+IF#OzQdag3=H5k5$o&8CzIV)iN46iBvZSr-1O?~jGo^O1yxm#r0#2? z0L}bkCqDPN*F=$!2X$ebm=-tq@z9LLMxw3D>cF=Z*FkPq;?0D=n9E=cc&0m9wh0?M z&1+5bR9YDi3TiZ;+Y^mXD%4yO4rK96(um98BMnqc?MydnWb46yfL zcK#)Bwz-mkV@2+TQWY-L*ehvEClE4D^lP-21HFMk?EmQ`oJAFE!yaobeg~P1QBR(mw@AkM{YDtb3jELiJG9zZ;HTzYoZS zcr@_2VcH<{#W=<8xT>(BpIs#Uv5d>usd{ixZq3AH7!E4~i=vB%+mIbc#n0g1s|Wpr zP;oYOq5gGQ#@bVyVq3MQuN)y9HXs$HSYt&8#J~ymRpLz1XM)ly1AXe)nyglLZZ&Lo zh06mkp7`kuYytQ?XPa7$=0btVFlL8MIK&-wk;*dl|uRD{)(x!U}pQPahAF23I7B9 zUY0dW*-{JGk^clmG$v4a4)*NM$O9D&0>aT?!NA2#cV%Wk+2h3Y)H%9@EHkSw_BPRZ zL|~s7RaV9hUQqN&D@FMD8Q|*R^M)J2J&QJGfi;V^qmzMn^?*hdvL zxt4C=hb?Lvk;3i;)*7)( zf~CFGvOLcGK6t$u31$kzgLJy<@J-ed1#8#8w>5rk3qqI3`%%$g?ed%_d#+VNRT)k| z9k%sdXnd1;nzy?_W=77hdwnwsng#KQ%RZUmw;+4mQ9;6_fV3ifK5yT`)4D&A&r{nZ z_pP_gcy@fHOhVn}CU^Wmeis!-*UlNkd5^vWS~Eotup$U|(W_N%O_t8EPVkTyH|waydV#Og(dNS?X`Aylgblh zo~Dv;JA%eMxFw{>AT20MaZKz=C~}B-%iYXo@q2Iay2-JOontKARfND$%YI@pW9Wsl zI*BIZ9-L0EpxkO4o|5-c>C_;vdpMxA#8hF=_f^Hu+uws98RS5vEh< zpsf&CR~%|jTL9pty0-9zJ(lrCjWY9xMPES*(a8qrCuFbyx)8m4}g&kX1 zFc8z6_9g-uC7&xyn~eAk6K{liwi|{dLaf8fzWj&-Z4N|(^h!?9zwaPPL(#bmZ`0K$ zi2g{Ld8br!rN7T)N#u*ZC7QOy=CP8BhH1Xic}M^5y~pg=EOkELiYM6;eJT{zRxIhR zEt`H3^u!VagMJ+pi@1X~QK3N=6zB5hcA^ppWSe=`>b$RNQcw+SfQPs@s@5-`nyPho zvCaCHu_aHdN%Fg-N}9}qeG_~z|37!{b$jc{|2U+j2iR}0S*j6)!27#giJ zrgcVD!iC2hpS=Id2%7<&bD;#`e?+deG7Z@&jd5V)vW@*DQ(JaG8xjCZ%b13dOPCP< z1EkbFJ%@ZCZhKLeccSTH?u+jHzAh%?_B0Gvkm)wO)Pt9IIP{PuI?=W54h0sa8}cN~ zl}zpTa;@KCKmw|NyU}W5{%@}v# z5-D5VQ}8tlZjU8cu4)}Y2X`3p%VM~q=9HFP41Pw=GxV#jaT--~wRimsfE)?YJ5l%H zZdnEQCp{lSspXv$k21DcYm7&Pj)|Kkxaen3{)5F+nHB3Rq&6C4CSi0|c6&WEi(L6a z>l|(&kTZusdXZ|kra(2v7!rr9jEhb!UDkbf3{6IUvy4TQ(OUO-sFXD?tc>q#1&y(W zR&1VGep;X3(u|bCG6?cxLV*?t>}~>47b5&~RBJGPFc|&5!wSO7kfGi@@^{}RrA^;N z-G69(^uPjREx}wVkq(OSSHvXT07>W*+HHYH2AujZJ^O|HYNr3B3dpBQQozf={5`&t zI&vpXN$Pd$PC0tZ`NTHQaGpC1eqfbH+a9HW zQuuq!ZX4_?_XCv>n||vgbPCqHebi{!FKK%*21AUdk#!;Y-4EETgFuFDd6rG?q?o&O znG5ADVcqYP{sAuHo8sR{_nFnoYJxD*!%dm&W=dt4Mwye760<6Kr?O5d;8O_a0LzQNr=b}-->tmK&D4l)!c&U8V`5q0aB@D$^v@vT@W5`%U92K!!951! zI;_H$)VQ@;rZ6xHh2KcVvo4eL>Zb9vIF`?O&2#@h05QQuvrxG%uTH~5f`Cqy(>^Y} z@q(6MHsdM$GQ_N2@^0k#BorxcaFml^U=V$W9R0<0HG;q=rPa@ze8?5&7;it}`Hu;E zSxk$})h?^4l}+WM?hXjLA=bRMU?MWjicaQHw=xYgsR#bTZ0BS{?1MZtwl0gtG|=D*#)KY2r`P0efU%iDp?k)kQHEKhfz2RL6r!03j`9o^lA$Z4lxsZgh~j;rf4;Y#jF}ZRQm}t;w)!58M~kL|@La<&{gVczu{F##IR3&T)C=sYuJ| z*1opwl~xEdjV=rN=?Ow9vY#Id`fD;f&iWYz;|qWLd(&#U13|ctf5mdOSSbX2qDLqY zlCG4OnmD?e0*5~3mF!B$s}AYp!TGmO6gjiM5upn(5TNElZ#)ePvHhTa)k$H2p4dB1U_JgODfiB>)Jd3?*q~OB zC5mjS22Fna?FQ+4vpyxeSb*S~HCeq@FFatz0cWfDy`VkGHAAW~hjwj$cvErNW-u~lhKXX|FJUUNPHeXG+e%F4H&5E#E99{C-}V-FiZuso5) ze$8C57n`bO66zqn%v8I=W~3sL4sHD_k9F4Gz@@}6VqQnQ`11mMX{E2ZA-L}}6T>&D zu+B!AvAVGzEFlCjRDsqE1m>UOK$AW1B-LX$XC5|#yhyKhs7Acs)g?kw z_Re?2dV>k7%XP$4n$TjRS|uyPnqPKMvF~MK2T71)lwT(aetRVyR}0MgY-&-cRMX1I z>#*^0>1gv5b1bx}g2s(*C=MB&a?_n4mZ^jvS1roENMH-~CT&{n6OvRTydFhK$eDr$ z5?CuyEskV)Z2}y6r(EZ{m*5;rh{P-^Q#pX6bofasjn|QcT=kU%%=!|?o4;GY#?&fL z8<$0aC@&VlPGm-xA`J~rSQL@Ih_wtRT$H;NIHMJJWROIj?Lk$Mb8vcXw{KHeU=`gn z)q_Mbpgd-K1zIjb2}-zVmus0SNkJg>6~BZr@B!U$&${OVWpt)Kf=)(GyorM_RcF_%Li*qf>{|%Rub$v z94NFFjm3jW_Bnj-bw$iH$E>7tZ5e}#5GG!v-#W#?>^>(YFd2{aGB=n7d9eb4bhdz1BRD_;Yb!fyBqOmwX@x`2oh zm!p$obJ>4u8!0B{k2T&k>pQT-=NlS8`61!=@(-MV5P#& ze*lPVsD_+IB>9xJ`7bYpVv(p@cMx}6`S-sH_Jo*5+A)8c^PElaa9gXd?#e%nEIzgU zRhX%IrScZ$f{;t`c+OV9ZRcY92N(d`<-zO+Uuf3S2CwGz%m2thq&(vc(n(!)PpMMh z;+B6;E!EW#XnIn|E#gP6? zHm-X2k`mf(ab(fWJypC&Q%mlb>vYIUTuTvu=L_}YW`GrOtmBf7qLl5KVRi#OvecLW zKFz!CY0aPQp4CMb%-WxJKzTSw74A%NOoL#;`wQNsbLba|%xxaa?>3IHDV2|S`t^M+Fpi=b?F5nN%sDOE_h&lyuU2mkY7) z9+VB5b3k4G?A3tJA#Kx*%#qWtuco?VRl^SOrn+=NTp_FV=Ws(Tff&7);t18v$hCoGOn6pEhS&6<0=^$Sd>~ao?d*Si6BE+bWw%m zt6~P@JX9jw!IONU8J0G{6ac1Oi3pmCT>*iDDwj!4_a0z?Ut#SmFU+!apdx3P3az;_ z1CIeJyIwL)r_pH+fMnQ3n1ee{)`(PDXUgm{5@30MJ%wDs?5K z{u<$K07p?W4AsQFui#oTq{?P9jZ8sV>FG&nXo`WGggs-Z5$dSTZsQ#_3O{g4moDCa zE2FK_kc{WNYWyPWhn7AzP{1}LZrt|7txVzGb~0Bz!7J&%0Qdv=6G)b}ppQ^%rn*T% za_m{p3k#_0Qf!8EC3sS!M$GyFf(^rxf48``QtypD2+1552>PvvgOXJTC}{XFS5t| z@pYeu2&4+dScqz8$$+j{*-IC~&|GrlKN_#G`3E}8W#MW;-noD|;EC9SIzuw9C1m%GVK&f_ci zP%MpF#4-d?3ZHb$^1>C1XJc8)~k`#B=BU7!Py#$X=|nrf-;}x$n6pcl~jL(%+41K9 z^t}rW)_W`qLLsH$x~lw?)M4XbZDYo^c23t2HmyuzPK!blZOb zYyyY=)AO?8oA`DxG;9FfT!sK$)H&KRg!a+ZpLVvV$tQQ3AZ=Dmdl2YtTtsCSvQlBf zz6#LHgem#CX5{>J}h2xn1BfPyYc zHW1?>E39-Z+o<=#vd>Pzy)?pI+(dp_@x8A-ol;e~?jH?=&k?4}9z^`q84vt58g=YM zOOd!D_~^3WN4`J{C98f(2WsDbC<-3AarNQ-e+6s`4@Rw7d;jY%>^hLL0XGphIaF2e zRq^4Has~G7?-inT5to4lB-DNrrBe&gZ!u?%hDhNj$6a3 zN2iLttxO(5V#-jE*60qNCjmAq!|zDnZVy(*uOg(e|%`tVklJAqIU+%~Yupa5l>!%JUem{Te%N`V?kb9G-BaOiJ45 z5kK!hr5tNi$G8h{!vb(PxS8u%j{sa71%!%ShG4jspu9Cc^b#{$G#sIWMK%(P5M{mo4b0&q5 z*w$~&8Y5_G4~I;P5)uEOj~F324*>lEnkwD#WNj`TF$=SXEf|_WEzRVVhtD#>$-(ID z$I!(;NrBx+K_B6M!>x2k?L^oQDpFoIQ=DDMkum;%=&?d^;#hhR3e+t3gU-P)QNOc6 zPmbfK$_1w{?068glx`#icv-G<%fZEzqq$`+E%p)O!MHkNfxuVW0Q?p1@0o4bBXB2h zvvSEtr8?QET_Kwc9qmmsF%VTlr}8AcpM3oI^#7mXW=W4a-;W7JuGt>AO{X8h57z`J z8Q-T`Z*GvYImPXrQ)qWL@r*G_DG_5$VNNvugQc)T7i_foK9u~B zh`i(?1F+|1#E}^7=Z$c@v$`z$jF#?GnONtNA6{S<-;Rz{4(L_jn!M9X%505_9xV-I zK6I@&kBSA&Tz7ykr6Z^QEx?4_2XMT=S=cJW4Z1j4_SnTo%SS&u|w@&|IB z#mGb)+A&7XO5~nCbF(X$;R2o$?WJs2A`o)VQg_&_wI5yQ24-zxhl#c^N)l>Z;|(p;s+j4djQ7L2D$j_< z98|zy5z*v}kd>AuI|?o%`gUqdE<%!0L;Q};w!ib)5=!Kgj@NZr(m~OZ;BLzA&2;nc zC3}t>d6j6ZNdA!`y@zdtR7$b|_` zz694-?`!2-2Gm*HT5aLxkS(>5YO;viFD}B|-6+HbHm1iWo37hk%>RODlg1@!jqx4E zo985?WzT6hHUvRv+{7qt9esk%EX>T&k%!0&P9Fw)8p^==qdSN5z7g+02YL_^Lln$j zCWo8tzNQc>CtRppPK=BG`}C)n!&^1(1Oa7T>d|*)M++3qN*eSQOx}eHG7l(EKM}rw zwspD$)>sJznD}&8f$EhOQWpeB&RwGH&&uj*;!Ic%02ovn79s}-+vI+OM>USV(7Nzt z7Bigbf5)_^xD-n|4H6B{>r$Mw7GK1#BsNxswT&O(`<4HV z(KIhX-ow(TfJ)nbA6j)6CmuuBppV*v^3zj&`b$`GWO*lVcbVjBNy@Tyyn>@&)V-of z$WYZX*7CmTXe(KTZh>1YDlZxZHYIYrBBAPhqgH%8CW~T%Ocy|Q7nBaFK__$9L;}GC z)?F;NK6I?JTR;nVyiMD@5 z%Yv!V2$aey8Ag~TU5QmUzp7~d25F*uQnNw`k)zOPZL)mEcT6IOq6;EPjggysqB9}E zi)9|lNA${8_JC>gf?;fePuK`%Gj~L=7ED6~J8lEDmN9@Ie=2XNjguilH>96!3ZN^E zh7HClRfF5N(unk{VNyqeEb^`|`kA76Lty*`e`C0U9xxsV2wP?{E@Ms_mBvykjvd4m(sqc(CICo-enE-vI)$r4cB=y0NRgcr zx^5LpSPGPp0xI=?;T8DQUu`srDrPyfJuD@zw-VO=((U20wq=WtLknATd5bW+%sZ>^yhbYfi{1b_t;P!q-YFW(YH3m za{E!93K_3(8Pl7Pc}1BVAGw@+5W}N8NYVQ8HR;eV{KcM&mG7KL@6pWpnK|JqO%LC!p6Q2#723&o;7saD{C*UvX#KF~Oj+PuV;cmahP_q|YM^c;DOcdZcYV&AFP^2ID%HGf4_AZYpdKIf;}2 zAV-09hlK9_?*0h>CX+rHb9{hSBC4dzl|Pi0{Z{r--cBjvzI4tkGxvHcso?2Fef*xpIQ4ELG1&Yu4zXPlh=RE6|TLiMx;Ktz7`4FfNeQGf37k- z#T`)aN24h;cbWJHKwF$#>*{(865_i0=5Q;K>+}>zqbJkjcaB`{Ikq9FwvTk2MRpqF zV=Yibq%%o$VI12UyQ7kc6N4>RCsVvJ`%PMC1BEBg7qX7#<5T>!Es0b~e@vSH9iVS| zzOfRC0l%*A<81ZKY&a{dFn{`>hQ9GvgZ{^Q$+ zk##rt)5i557xR5B`5$7@>ql2VC#M<{$_y2U%26YU!%1q{F=L$6%WYoHYx0i#IVc#lym#knQC%00yuKX zq;efZDeHr05Q*@X?Rd&-T~^`xxJc;Gx3gP^Kx zGi`;YXezPt`^S&XH~pLRJRvlSUFwF^k(P9#C|8LI&Qccq{^SQPE zym&d2ct|`<@ImB;6%M;vC@(N5q2cx}Y;#Jfi zG)dzGo9v#cF{g7Ra##riyS*XKVI^V5WTL6TLeb@Zfc{)H^!`{Eprd|=yhaHd@ zIGjRpe|V#VFX)2Yq2IO2@A~AY1#rU#SJ;cqCs0shfahY5ZC@5ah>vmshA4~}=;Yv` z;Bx5mg$A4T8z(3_Dpl}g+hfLm;4fVeN>oEpJ`EZ$0SLNC)YU#TXG)#wC`HGL5 z)(R!%(7;u!Ly$rapKL4>Mhc9kQ(;6X!y+6;Tt7Ou={WLFd3gDp##j~yipZ7f&^5ED1=<#&n zNWHE26p8+ZdpTUMhz6bF73V~Dx&hA`sem^u#gING0a>Ojkr*CV5+C18y%0!hk&RI)gt(F%lEWhIr9>0obO2e>y zar|2QMBnB>aZ<#mdyh?l+|{wozvto<$Yz+5665MTOzcz1>&=9!Hd$>1!Mcu`n9TEi zdz2VjI7#X7d>5Y3BqCJZ%gZBl40cskI6(J9bFD9t*o2bH?@dk*Y&u#@yXGfLh~^Yr zwq(loQwyB%o$t&#zGUCWcxmxWXU7z5u*|v+-6d;9f-74&S6AHhfFGkgi zXuIzz$|Y~jQdyN<4|k{A3aRqUMtr_XGTm4d;vsfmI{098`9ez~ia1&3hba5F=*(a- zM&9fA*RW=QoQ|Ixq2F&rD}vroPDBl(?#LfR6V*)>2*cuaA9?tq5?GYaIXCQh>g7;C zw?(NRaq!{@py+HO)%?e!Sj{3At=wV?+fobPr7-uv5<{3=ZuMnFy*d&F&GE5ZGqCF4 zB8%e1H_V;2NXwVAFABXjWIPVKTdCD=5|q}jS-S|Xst>#WLrg-2$E6mb+JCdN$*hUN9v21^0;;s9oX_0#xr ze%N`Gkcd_i#5ikknKS+s0e1?^5Kr#aDZ8^a`l1=z3o_N%fwbAQh>>CMp(YRz|*e(U+N`g4M)%K(l>Iik}5Npq$Lb*?PJa9}Wx zrmRDV3$03NDE(eVh8WhCfW&igbs=ezw4Uxb@>Q(l0I3WeOrh|2LUJuehfQ8lMW+gF z8ria#>vOxlB-Lywdgsg=ViKD;ekxJ&0-f=X-O~7;9XQqQ7f*y*Xf`!kS3*#40XXO*-KOA{3lugF>H?#nvhNnzfst@J1{({>R!^3F?2r?C6*sG|H*+?o%~gD{t2S0e)c_5;=#| zTlwz09lIj9`8AfBmVyI(TQ`+NTE*L8*p*}A0 zs01nXwofTm@wS?5=*{biI^5_QOmSqL^D<70xD>Pl`#T9JGxk~NOF8u!)Cs6Z5iTGW z-F21^cf7T+EXx9Fz#r6<`X4j53=Y8bT_vyhKM2$Y07J?{wwsDHk(g4rmGRc=t6w3*7Ca&A_KIfCc%r z$pWnwD}V^ZUYwV0Y77KLfN6sNe6PR;Qd>TYRHJ>oK(qAB8+K}DqLPv{-rOa*>ggag zbe3A9jCJ7Qana~VQJ9oLt_6Y|^IX!Fv!HY`kD1g(f6D}ODXl#XlGDCIk^!VmlG$X; zlVmT1&p&kkZdTi67Cg4Qvt!;SPU|VZ3Nvg$M@iT4^-B~B2j*~X}>oYE+9zNEPGxR9L8(qYPO7nyQ*Vf zQ`bqpxF8|`rrj1k!)62+W#_3M2{Y%ss_m4nJZS?m%XJRlUokOGMx38RhyN#s8U|SxlD0q>s5%N{GiZ&g?W$s_l zk1`y(+&sOz|I46GD=>a^vw!sMdjn4ZSgldIu%mQcDilETveZex+iMMXA2WO2st9>W zQd>GFwYv&L&e(WB$|TpM$2xmaKRNj);J^JGrJc-LK+U$wAFmgwIEB7lzHK8AKy7Dl zrp(nuuTEg;1EPdAQXG0wu?G~^h`#Rdp2RrS~1pLc;OvfxrZZU<7R20aav3NmCd zz9S@g7x*?OS=aj_ZD)*`v?)K^?aTXfPN(5hB@F52SE1IQCD(&Wpk)c^-iPD|^A~Z8 z@0?KBb1LaSynFSB7#Y8abmBb5VjA6ZD~!D45-U{$lYf4?NYvhRvbi1P(NlIsiCY*l zW3h0Ffa@T!ZUAf_X#9*Q$ed~4#=Ng4ccFFcpOrR9X%8l;IL=!W(t5EJr{)4jiq5qD za_IK*kjIPcd>yvjF!i=aqs!^2Tn^}%2N!8drqCMw1&zj_kg7cust@}UoM%%f-(s#m^N<6eP`0jye4n^ z3nyA#;kXiy2;b+S2k==?)iJiDID@Y>iQ$tJSY1wFoFZxJ3*p^957;A=>Bn|82Wyu8 z=rtihxRwh7*;MD(Dxp{s562#z8xy>aK!I|9SZP7Aah>N{%pydVWx>?@?VXo&`&3MEaCvs?~74t7j`(aY

Pz z#B?E^aZ|aB>SShAf*T8oHB+%XBNgGd-%Xgbx(M<461*G=w?nVDtG+q57zZ)Ep!EM; z3mrqt|3lMR#x?nd{d*e&Mvv~Uks7M@8viqkN|`7?(8!mNuN zvDSA1eM{xv3P#I`JEX_bYMaezRZsadRhO>RD8WL*zivcf%3H(LvxEJ04%GR1J;PApg4M&1`8ApuVbgGLn4f-4ik0>h#23R#&rI8$ymAk^fd)9*%bLy_Svbq z)*U=M*1lOd$jaGCZCteSqF@7Ixe*~G!UIQ1I-_@kbP@X9WaL*Pyc1QRrz})>F;-c* z3U`n*EmG2elKV^Ny!rZ5(Su+DwiumDwbs^Z|8m?g7^{qU0(W@w`@TYkt*>yff4JHd z^i#S*YX}CsY8+rR6H@bjd|Rn7OH*+@*7l3~cGDp$>=8|kyxLB#$xDV+&EK{dV>);kw0 z@M$j$dzZ~ivgl7269;X1Ra?$_dV#+)Si@b!Ttd%|yd=b>G+UJFr+MzF z|M*qGnq2_(4~*>DA?bn@<(L|U&kddfrteo}IXMY%(|d<&lMsR)=!?>>!Ann+VzqV2 z_sq^8FT=4%Vt44HA*MgTQ-n9pyP|@F3SiR`pyez5{Eip89aZ^;XlT@!oIQ!IjJ%HVnGj?ymO9eg-&B8a_{9L)=caL9c5 zH;bDEiV%AS#AftK@oYA@sPNn}P*)Nwb64Ye(ZI$}k`%CeSFF0bOyZdh{;c`fh!u*C1;rwK?iF9<&RIpk4#%~+BZnl0@R6D zUW5k~SxwVG5MZ^WmRHAxcwG6AKt`2jgOD9 zpmz8L|IW&s{Qnm`fZD*vVzj4P4_opx`%=zlhVjRNKL)BU*LYTNS{*tVU+q875Pv~l zaZKk=<03DtANPzhqDiC*wUuVDKSrm~H;c z9jjj|NoUb5wJ!K8?8Ab)lIq$df!cJ~cz6`yn2gJ+l7BJC_h}vHY@6(+eS< zP`pF)h9`}T?~pJiYXYneJET$^<>#p2TBlsZ4oQ5P@`zo-)49?+TU00;p9RDk>ER&dU) zXze|ga?P^MxGhb(xm;4Y9_%i(AGsOEVReT9X|x|^Z;iI+WCcXrZ^=k8KY?ENiCKIn z1%;ev&=@XE;s>2Pd@gMe_N>oORpBV>C)G3Vbhmr12iFTjk>2tTLh;LcCbE8(ApIxL ziOu<$I4-n(=?&0MU5az!|9k`>!36}5<2Hyn4T=RKC0GLSbw7_D17@?AQ3onuM^t7z z=OO2O^080#xDbuppSM8?h@RN*AM#`_7yJ+4{+IGUz!QQ1_X$<-lnVWLDlO5%KT2c)|E($(RMdgkcS0NGJo8h~af@G?#;D3!2PxXE5y2gCXW&Zm-U7h)t^RfK9@>}I z_{)7zfO;>G=k3*z`@XY%jdhy*-LrYlK}S4LPR>L{viZ4DsBd_`ENctXQc$oRufMCI zQ-sbC)@(U;(ojwF1htg+N`sP1S(t&>l2?l?Ft{P_BFIZn;l&JX zqQDQ;u1Em7WYB~v69P?y%KMj7b1PQ+`2hPI2|j744jhgQzonPw374NEU%Oe5Y~=fG z22_!tT_c?5e(E`HDPzS}%2ug-Mki2TJ8uutcD8Yx3L6re5#n9W?~?HH!^eZ<(64e_ zV5_(hn_4r?TXMLoJW%9G8G%^Upxe09g@74|kiRcwiM5qbemaGZhconRFZx=C{!89s z{`q`7QaNi3u_iPZN0iWsj99LHQ*w@_!e!P`?Eom_b*PnY7|0Fvi1BAz!1!4?9-#cN z=iA>UzUOEEyJK~!$&KxP)7ttZPRu0BYoe%qi4X5E53=K4v-5fAlH~RvHB2rue7Oog zGu7x!;OGB5;rx;09C$bML_v}V;t*nw@!C6OIOzpmc=ZOgJbL9uevsWo{h=*^;}vS%IpxYyab^)EW*w80ouqfRA|K( zhre4)Dzv=3tlB>^2CRIz3{z4%)ITp{W$7hEc`kO)u&Jk=9a8>&wG8-+{*jV$`GeVO z7`kuy-mg#Rr4)J_z9z`f6u6bKt~5mhg+)wcI5l_Vi9i1~cY&jMI`*$WmK_YKwI=Y5 zsRiLaJf{F*rjvj(@(O@#*5Fg{5%x0OP55xyK0jAEj z0%NbLzRJ^wT%O?^M;cyyqU&O45-5xc5{j?VO`1U3J;BU*S1u1=D-0suKQ+0kKa@jl z?;oP!&{FB0TZywF2pNAxyGpH&DjU2%eUb8i%&cBVfOqgnxjK4c>J(>4-4fN?E!7wS zQft}6*UuJX$4&7(%e^*Ct?tXv)V^-WT-E|3&n&&pOun)tcc8kPXRz`!)`9eiTbx0y zqdIGTHA5<(FmW8EZM;8LZf%1cdy#nQxM|`)l(yBD>0get0&rpmW*yo4$;%NScB=;Y z%cQAfgCtBu`vF>y{}MJ%iTA+-UfNU(P?AZpqC+TjDfr5s2(2m2a%5JGE$39V;PLN3dPmIj#evSwOpp z9}y%8qw3)j1EUxGuy>x(!Y=y-?Ylc&`KS04OxwKuG{-<}=uL8aDoi`|lycPnkidEX zq2#r3`S%R_gBuJ@#5G|E6sB3cUjyAR1Q+)$At52sbwh-Z)A$kE zSbq$=H+#77qpbsT|6S51)XWW_7PhZ4`wOu6h~Yb#@$On8rV)p_sBFztRWIPTRE`6S z!cY(>b#$=I7N1`A8;)BP0zJn!zxU8q27rDMrVV5YWq#E77wSNve>t_czw{Rk+=c(|`c z_BX94*+_@QVoM;d{Brr-3n$A<%w^`-2iE(wp!n>M?*z{;?NMVV>g6$a1F4S&Pfk;g zDnDFm5uNKyQPhZ#PqrLptK;#+ z&)vuXxleyhM-z`LQ;)`1!f~{Ci`?w+w%`V{lp8G3F$P4!PF$(v9^T>MOyaoT49fG~ zs)v2Omi*WHhx&I1ZyggYS)^kezf$pU(VZ)di~lgescw9r_vhgAOd~DR9eoKG`pWGy z1&;w|N!crIzC%|t9=Kgy(9z_|zBeN70Q^OZcZv{?@oiMPBzIe#=QM zjzyv91oo)9#cH28V0C;_dS;ki-6pGVzxWTm|0s6!CzVBKTds2fPTMF2-2Od5GA`r0 zn~_c2wI{TLya2Jo-VQ43YASDr6l`OXVCZTtef{VQMS47YU2`q=uO-3hNM!{Lg#G+H zk+>c^SXBY-@0Q2DvgXR~%qSGu26AMZm}AfS*S%$W-b~C0xe9%PD@dzUwek1ZtL{>G z(oQOON2_xN@Q9pYMl!?nz`%UFmNy^e`<*AA#ZFSZ!5a7+X$BQO9!szPIFP8Pk6$vz z9V}IQShNikJL-yJDHD1fm8*}U%JILlp^mlt&XWo)@TlET%G^mOk68lUC28{)phxOJ- z|4sDXr>cAvE~lQg7q2{cl#=JvtYCI;7h{SMw;p~!mkUokwO^M$?1RUZO z;qL-oD|}H`ggxiakBEvRgJWycwQ2^6H3$&VhPNysxgidfT+6#Yfj?O;5>?VWZ_{cI z%)m>pps7JDw;A&KK6q3^%nl=nIykLRKkHWRRy+VIDrHV79%1aX((NnMD!avV{CMa` zOJL6Qel_6TQ59hEvjTbZ5abt(pB50$Kst-yx{SnXg7R&9EF{USe4Jnp@s)?jmKO2V zU7!M_ya>LCeF)5DYraem?so&^O(D9zMNu}Sj)JUi)fH00Zm~{STLaJ>M!Sr#j& z61dmSE%Sl;#b_%lT=zGtC$c4!N05VoI=B8bo6ogz-}5cvxwJ&^H61d{>d=>D*i(Ex zGsZS!lrRMv`vd6Z+w#W{GIJG<<@=3B?+3X3G=~C67yQRX`;lR9bIPqS>9mL%Lw7Dx^RbdzS-T8XR?r} za%$x(6(!q7@t=wvye=fz=;)@HCILz&hfKCuOl$7hrgDTj8V=cR@RBNdN5x7C1VnBEe5ny+{y3#V-k*bvqDHB-G{;a5(Rht8#IDpJ>%zzsUl9@&U9slrDM%?S4tCNm%yt`) zj{bBRmh~SX{Eef{I*&m9Crj}1MtYEL@nXXk$a?I+roDerGhC4w={ zY!@cL$rnhSP8d%oLwfuRJ=$?+na8h29;-W>g51}d8OcbOwzds5l4JlnwxfO9sJT;H zE=lBtK-HWa5Q#k6rNE_TePs{YbJwhy_&91Yh9j`CXl5GqzL}C_My6V$<(qjBx|{Rk z(jkOI?~3$~%}qdr7vH>Qb)6^aXr+e$-NP;xsLKH@J-0oLlTP%-l9RNWS?1FWmDX}6 z9WTWy+S?DQ&f5kK5C-A$! z2_Cj)C!UbSB?^e^{|4u@QM&YE*Cy3M`BtNkmZ;hFC0w>v#8oKggJOhSthxJqa7|lz zX2)i|@`55jsMEN)KAj!~2HtrGNrNMC5&~N~|D}@%z|wAZgYgRmdt4Uy3S5I}wpHp8 z=5%CmOxuYauZvFSyO%}tI<3m=xA?up_vb>gfAH?_Q4z?G&RTr8orId$9@ML0A&2D& zT7?Ta+p~caczO>#lBFO15_j@rh9%)h{|ET?u8_LCmVbf?QXNtCmOn}D#uakq=x|TC zv`&%tBSiQ6)2ac!=gD)!yjILkyVJxKw+SVgyzWy84O|=`yyfINWZ3e#<>Yvc(tP0n z6oU$)P`>dds0E-PTL8zO#I?G`b&3L|H{VVcbrjYq#`0qx;u4~Z@lM3*ZRtq@FEAc0 zguHiK4YI>Nc>ckatnI6=WK95T){wzPkK{_waX0?OP{S`72Tb5dRb(6I=6ViBPxr9iWiTkhkVc6ua zfof&5RL_aPMB+`qx+yV6B{T8E&Fj@Jy=+em6_G)qxa;33&aL$;M&xXw)muX4Rl*wO z`l0a9NTG=B`^5ttb8$)HXTUe@;fe+JZ{{ZTM@`*_;8X!=I$lhV3Z$09%2M*(<=^#ZV|Ka|tVbkk`QiimFBVf*iwL^yOd{rbW7cT&f41#}^L!T`!1*T}F05c;{y2 zTMF0x+$6S}D^zwrhlyfGU@*D8BLA#R*o1Yhk({}ZWptpVwfU5nKtVmyr%wa?Qo}~0 zpb}Ew%ya@dGvpJfZp5h5noc6YtM56}cI~c_*3U&}1i4CkhS<-hFkpWm5a2`x)&d-; z$wYs?7aG5LV_736#E?JCot%GGQ^mwP1H?EvG^#9+Sx8k$_#@_nn&RpA9)O2`{o(Hq zu*xv+ITVl#Eo*F6&6RpSgWxRqeJ_AgEbWouf^n;WON{P=LFBXI#pvbqOtWBV$~^M|B`eUR>)yFKee?qDGVX8kPuD< z%z=7e9S8oE3B0<6T%PuYZ8B$b5y~GD(c$`B{V-?nz+8Wk3vU~+@T1>Xfb7U_1Li0mILLj?Ki(b0_Ka-2Y5cv)tZzAHd>a*y>eZ)t%HkyMJl{M z!VTNX$j*4>{r-qR^G8j*0kZ>QlZ3LsvSvchBYdqB;|n!0mJDa2>>u}woF9*m!g$`e zjs721KbcM4>isc+_QhVG{0B(Ff1_ye=QioEsslhY6w zN-BHNZ=KPi@nwbeTz7HOeQvv!-%&qgwZrWhIzU>en3jTLE?F3 zB0Fn7065Ic@B3Z2>M<}y}xnGe!0_r|nI zp8|h?Xi=z$rNOB=_#L4s3$Vp#`0H%fUc|epG92SwQnuF#jN!{m;;l9cy0>c6Kfgz9 z5k0qMc)m51(3g0}4|HI8fm(6rHAKCY8?8;L&jVP_jrwBxDrOV#@azUTcV337O7t{KFp)SX+r!D7Em|5B4m&>K8jG@Hqc-~}P3!yuZ zp*WOY8C{~eNxJ0k%Em@8Ex0GTy0tgBMullUj%4h%!)C%bI=OF!UQSe8Q5Y` z;85g8rx!T5LewNFJqLJHyn|b3W2cp`X%3wli^rt8Z&;&cC|Va37t z>CU8C)lHiFR{g2KKx+Mgwy;eiwtXR}C7^o!lFz(<3CwsEMlaSfuEmy&K;p-^0<`Ha z(Z&uAX8gDpNLAB7c(kutiQh0%4gsv9&J2eyOM>&%xFG40p>i=z-k5tviKmviDlEtZ--Dq=BA9iEMNTvl`#om)=dVB&G14dp`a-oGnE%Qj- z%~IS4Kt4j&=?Z=MQBJlC*n!-@)+sC}MT8Bj7Bxp~p|g`th4A$f@mQ?MkBy z>cza9fXOn!J^&1#)(Gisp z$G-dhek8e52N+QV6e^~L3S`nyU?~MW#W6a3pK<*i0X$K&dE)qot<>;gw&zW;{W!D? zKAke({jh%HV-p=hXwCIgSdq0}bIgmGYbFIff%?U96i;rtc|kqX%F?D?0v+3^+MqR| z+cYm8L40P+j;Q`M2v1^!>u-befrH7ts{4`fz^HE}p#pLMC}Dt-D8WrQY73SA$uQ_! zcBe_pFZP6@vlx1X(OCx)Wpi{I*HdIR1>7S>z-I%P_)L@o5UDUpPK_yB9u|f`8(+rI&pyJZMMJug=A<; z$?RPw$AM0Hs%_g3I&@EGu$j_2z%s{TQaWdUo~e!hY-g?qf<1wjqZ?9$pl8bPmw18nNDv^@feLzUM`a?6a{BtgoE_ z`h?9PlPRJr3eCgkE`$3$!C`xuPofk3*Ooo%`-d@XI|ew!r-Lv&9=k$3ic!MPn!HL7 zLaf`qIXe92<IRU9Z4rN$NxE$8NPE- z;i`3k!bVA%jyb6RB*+8y6mpltVpzgRf6)GZJ&RNKy~laHc#^F)@`%b<)eILTw?UCm zs05fZ7|(7W6nXDjKi#u&-Pvl*oH+nZTw)r!j&`|cjAYsB4Z4g7^s`bA@#8umxXN{S zH%jdJ?n8edzrsBLuICVY6H>w*7>zNyZ0FmeK6BD{aHjj`sbEX_tWta3;+WGn zK*n8ySt&$Tr}^Cu?pCsyq6A}aXu^H@`%;UolxUB=i2m8o}_(!FQ+CWpJ; zIw^^}7h46qNVZJ(I7hIq9i2cS#^oYQ!8T%UO+St+V9+`N{*o--@N>1eoz_me^taod zXW~=}A2t8F{y1G+P>)MG6y@uPuh^Em8j)ayF-QUT26ylq#ByJcTPCN3YA#yLcD~^H zHYoBk*Gt7?_&hk^dF78QvG|s6Tvc~fH?F%VXclw|m!)D3Z@^gCc+Wvaz2sWZs0@HM z6_Bp^?n8_*#v4G9?OU6!C@d=wOteRF`+TrLQ_FjL$%FCAs{b$=q!_9r0$viP9#3X* zjIEb8)Y<_8ya4OUNTGpseg?GoMSTG*URxo-Y`fYYs9vBG#Ocx+~_gm1)H?92ohZyrbsM66Fc#JFH z^r{La%`82)>P-G#xET`qIlm zR07u{y3=~;PGk=m3dK zO?`8p0|wY?z1=AOCFTKU+6QabrB}0y6X`I!&VQ%D@stfkyEOB6G5G{k27^e>%?q3A zC1Kt|_Q4An&Y z+k`mj#H$Yyq1QH)Cw9HasUWi0TulM)F{U4oN%%(lenF{hEozT5<; zF?g0mIzPp@wwS^>06GJH6JsxG9q1eEO0Qnu3$v0#6gpR8^kXnpqt|5bOlhGrW|Oe~ zqG(I0W2MnU+T&T$h?^mDO)cij8|4n~nD-FS}^eRn*C0)j=sx+!ovwm z06MWy*FHBs)YRHVKmb0PD}em$N{^)MOrNyd24kPE7+l&O`tEHm2$rNb`JvX(yY_k% zj~Gm7vQ=POR#U!O3msG|K)H!JIRXF zSVo{qEGkd|kZ*e(U^ayH6cOM&yo@2o4Gn`Ds8uZx0u7_0K!0_TY4mkbtX2#~l9p@) zfEQBp%ss%91q|k50AlIXy3v>~{51$dR}21ziZ{~WJ5^W7EtABIekCrXlIy8{eWfK0 zXA3y*F3T#QBKv|>|C7T7_7Jo3z)NaQw9I)+XW%6@Nufq4wiO3@hJfP*?Txo~noJld zu5Uo1|L-?}?Oh>}Z62NMb_g;avjF0*EF8W}5;uo{CccQI;;=i!o>}xVzl#6_hbcO~ z+ur`w3yQ-2ntR-O7WoB(4!g#=;6K1_%-ExUq3E;g`~OkHVJhhq^hj>wRD}9w&Goa} zQM2%z{u~?)X=MLYGqn;p7ck|76C5ez<7=+BkrseaV`=yuMj^B@&vtcX>eSIMBENM|a7W{Jn^= z>%#KB`D(0aOP|G?0@mmz`!bMOOIL6EX4GiQ<67{^Z*?%IdV^8@?v_;smjY9f*CG68 zuJ}%mO4e_B%4JHPCw~F*@OyL7ij5IUeCpSGS_0Y5PKsanrC8o~-(|s$ZaxowWK7HJ zf~c1DhfZ^$b*#l*wl*Yvu@HqyFvnlM2hj|I+}Rk*BFN1U2Lq?^8vs)5;qyX$^<(yV zfcJP+wcqESWr>4(lYhrtcq1Z0<@FH%rjjNm`6*@Zgq$7EpR`vysH2U^Xx&E!t!{O_ z4>SaQ*N^8usx)R#t*uQqJlC&m(4da*HtVRAjhSK|gsi71hW zAuGwFwogx;COKnCY5yQ!N6llVIJ37CcUGk}X*hXNV3-L1P>FdkI_% zXsXg+&PdEZ$+kRT7(@PyLOcp^s_XIP-ATKdbTA0F8=+9;IA2cm1{Idf1&1eBkMcUq z+|&JU$pol6L$GWZ4Hc(8wsebqQPq8uT4iFBif(*MSIm%4($#a}FC7S_ktIuc*zN;? z?1gj}P%=ZHNmf??5B&Hv|tThTqA*`URi%?hs3U`xZu_)X23>Hcp}%bI zly`G<#B1aKbQ>!t#t+G~hOJJcl@kc;=B=h_k*(AStV^}vw|!`k%+|!77(ey(qf^UA z`aXXiI*iBY0k9eNwi(eN-Tykk(({%*G2%u#FhS)Oq}a#gLthb-_cTTd;3W0^T!Ka8 z$gRLgyNrYCMnZ`)lph|E@}w(s=!XT}aryH!P!lx&xxNQ(BE~m92)>TLDNn$&bj``r z{zO1z0b&|K8vD#acTRrK6H9Pg!vXk^_I2Mr-1T~OV#9^T9~~D#teELG1leF;(EpMw z9DXW;iIl>+H~>W68g+>9p2kQ-c3UOG3+T!gjhG>0$_7e#xz&ZE!Ltj-vLOu4U|B%E zhSE9StMAW(7VAk#uh@#aVx>r7=vFfU6<^E(WSKR=Hk_jidwp*;+BEY)o($VQPTvwD zqgE&$HqeoLlQ?D`9`EDg3sjFv$rIW;=N}5^e`bGX0{fuka3Mx?@m-R8juCUzP!GF@ z2QyE?Ue;g_bKeCZxG_Rmg;=gvASRde79Rb;MywY?RbLtP+HYRExFrE!c+9>aBA$JSB%ICa5hB&h<;f=$IT|a58*GCFf2Qf2`Y*8R3m;6p z!aZ#nC1LJkYpP7USF!NMKRx~B-9Ga!uW)uw)G!=7U*s^}@+AR@nm~&CtNVpje>PF@ z#~C#$6j@niHi1?zbnsAB+C`>7?;XoeJs#obk#6oAZiHAv=n zaa3QoO0V``^!?$M5vLEl>+u%4QU#W_G(T|h!1XxlG)f*eoiK{0-k;N|jYsDEIlC#n zqwE|Qkl_rSE~xE`4o4iFf8t-`bBfr+cB<#z59rPl_?yWet;xdvLZJW`ER;@`=pd01 z!Re`?)g{s}nF&us;|9vZB+LsKe;8aGGLi`AvGx)NJ%7k-t8UvkUkio5I>uugT40z=HmmEmzhfX891Sg;cx#jlH z)GALH4Nh_+KM{0$9TGp47mm0B>?+hZjS_OwuF1f1*8o41gT;N zgk@1L@Z)4mQz-qU5AMVA3pB=;O{je5g*jPg_JxPuccUeb&}|weXX1yqx99aqQytpXtK3T`lrIC?Nyfg~+En18V%`A;Esa)nI}Dh=Wc!qphUx6p{jzG=V|GZ~WY%_TVa5Y_>U7S`2@wIU5=V3vBonBB$(W$X+G@~6~`;#3*a0u9o%%_sXXpjv6 zz#9MXvKt4c?-B;x@=I10x7#tw-P9OR$80fs$n9$eo(Oz?&rR$jw0LUv{6|>u&i&=q z_0@}CS}I@T)P*UPNtAAf`_3(-aXdEUq)la@rZQ~b_zc5;FvW3HJmoD7{sT~K&xI|! z{)%-4Y%)EBUk1f*aGt;Vto!9ojSQL}yNGSK03yOGGkLykj9q4J_i%RZ znI9MGmSNl^5L`oB<7^r?O5r&m%y{zCiww=B4CbwY4@pF2G%Lcdk2L@Nvmp4bX&bi$ zGJMTkVw=8C>HfB#*&0adjeau%25G0^g$RH9$ivoqKVNj8b{@}hntAeNPN== z1ZkV*W|qV$rZzU_Wak;R+}O!t*SNCP38eUbZvC{`D{W-q6?~Js2GfKrDK>CzTP3`o zGKFZ=bx^XT*xHVErQWK2&*0RwF>rl&U0BP=G;q=L)81>A)({Y+fKXD8k)h z$zR}ZSYUnC9Q|5{aEeV?*6=#?Ebx0Pwbhd=50*rwhmF>Bj@U4QG7!6LfIV(Ph>*8E z+_8=U1y_HjP^YnA+zYN5fr-S!xt99#inS(HGku|KOW!Be;@Xx_;^AMQKRHHxoN5@_ zTg(Zf@Q@dky{6~_p-5>F+o-S=BiiF>TlaHRw}3%Ei#utRTT4nLk@Gn}7e)Bi7D^2_shfMft7sO6QJ z*ZiBtlGKX*Y8(daeER1F{`|p$r5dG1&9&!diJFvH@IyLP^8#u?)p!9P#tjufC-JYB z^qFuO0gForvQx1?(3=XM>9Zkr7cBO^(21VoRZ36=Bz$0V zOKg)uy$Al0Q5{eFD{*F0JpMgdRE;`!3P<6fsW8wMeUka|6;|!Cn)MRx6q{nNmdraI zJTjaghngYVxQl+@`{K3)X3i{Km4i~x&{AJPoF`tJf}B^Jh`R(87HkRhc#V52&l`P2 z*Pi=11)q3t-1zfZ>K<4@q!_xTml!fI6?M;+pCEfrJ$C*%;p9jEC}F#rFNeRMof*}N zM9J^HCpVGy&pGStF0uTVd{5xv#yF!N?FyzJdqD-G25*xfpnQ;KL`6p=?~&T8Hk_rS z1yS@ssw()KHR&8~8iJ!NDlCS_T03uSnK#50o@f%!Nef<%R`Sh*_l-X+klSzR^=^&F zJKd-4yQRf%?sd!62*ac&y`Gc3gm$zxS6S!=PIkG?Sg|SJTRjXBe!z6lL~AhEe;ed4)EaecRVm6YV#( zj4j=nWwOD>5W|wl%%`F%Td7it5(TQryNb3;njoIH-7h0YPJE z(&^%JYeW8!`4Ih~2kW(ysEVnYr(d%^K-moYDbp3=uC}Rz_S_{%yW8uLzI4!#G4F#5 z_B)#I%D=c<)XoA7Fj$t*-k(G%H3qUt6R^T`Harnl^p;m7F+F;dGU*{-<&k6%zZlDl zPq6S^LEc~&q*fcrZ?iC6vS2z9KMX{ALRd2aw;|9zhs*0}Ir7|$8EZ!TgHqM%aK?fJ z^5Ph;-CdoTJi=?dU3YRzW9uar1v;hg!a?~=PoETE5w|=jje(j`yUS@fjDM!WN4Oui zvun-88qdD^P?un=Dea@v*2Aoy7mGTTc|PeqrL%lxyn-zCcfGRZWF~lmKR-sNZ0iRg z&|IiP568?n$X!pxVGx#r0|LCpp096tCO%NjNV5>v8Z?-W5NSh5MU#yB=}IL}z{DlSorJp#l< zGoaTnE{~${yhm{wz^s<7Z*S-gztpzK@nu9%Vk{sLf^ruukAmL9zEJk8#8Z z;T5*DF=Ocm%BQnpOK4`<{PT-+QDwV$pL{>J&d0%v8p5BUF8Dq2BF5`-Y-H$_v#F@i z))LN{UZmi>(ua!lnoMDQGQijwP>dJ5H5s>+3pR{uXpcN+E(wmz*J2d6I5U)=IM0X4 zQVmF)Vbh8AQP8vABM1kg5KG*e? zq6ziWLv6;w5a+ivQm$6;A<%3Z&MVwb@ps_jO4u#&B)LE#f_y?qjhknlPWF>f35}*I z=#agu+__pDqUc-t@4ktf#>I;c=Mg^E1Z;<92p<%-6Uk!s#u89Q!X2?+8;Fi)rajr_ zJzg++oNgOp&)_eTlxNNA(_@uzeOoYZ>RRxs=4+4G%W_oK(s+-#p>VX@2fy=u1X|BY zki0F|z=;)XVKFuKcy%(gxUoq>T^e;jG-AR;%NsGarcjkH{M$@DTYS;(D#-hza$#o#o;Qz=3tW>;;F_~%RbMV=@BbVgxy zzs}0(-j&NH$D8lZmOkeF8;lZ9(c3nzWiXh+AnL+IP@#Q$-;oN(er+o?G`glg6yd!$ z#LGmeNO%z$Dvv8xRI-Z(%hPAdmmIy>06wMS<6q(WDq>KgCI_`djzxUm{hb!E*iX@| zv2{L+!ibQ^IrDk={-Z79RlE1yPzj&*J(HyC_5eOfai^Tg0+{dCg0WF7yD4~Nm}V!G zH`u-!Ol?DDm6N{p$8)QAEpv1^ z2ec0!x2O%>o%9(gDp^EUEZ7~K^vDA>$7AJAKxr0Q zXmj-hrQ$n5`~ZdlwOEG3xM$7{?@yxt1E^wi=qZ;S8_IUFaf-0#Opti62v)_EgpsdH ztnT|ip82~?w!K>~iaUyNfFs#YX^Vt>Y&?@+P7@%J`g=oNE<(4*^Ez8wsG zBa*{LtWk+H%t zN;Dy_0j_DOR_sZyBV&1mB%T#65v#P(39nhfw7D4xCE7Qd^FH$??WLcS&z@0DTW(~y z#^ma+=BcDwb}_KJa|dG*)``_( zPsmUV^o{o}w-0lG@9t$-aywC@Y#42qqI3QjKxr+fHVSWzdVz}aL!)1Lx*kj+(1~8; zZm`0aG~*`YFYFWY-h+9LKtE(&=W{<%6TqkIro)Bi1fNsJco9Pq26{11ZccQIc?<&+ z8(RuU8s0sDv2eIpNW@_$;rd04;&^4|1AZF*Yp7M3-z}QIV6!2z_@;B+-AQPE!LMiY zxpdZlfK@{<{5=8lR>k)Ck-muHnlku|xk$+}C}gSmrrfvtV7eFGiHbAi zm(g$-sOaTW4yU!NYLInxNz(}Xo-~f++##>@{-op{9IPH~=ZIerg z9^_RJA{I=^xZ}cuP4$8%u1Gqc>;F;q7Ex`zeH(5PTmk`t6nBT>F2SWhaV;*ztvD2d zyIYI9LxJM%Qlz*PcXx^w{)hKlXL5#TvPXN6wRW~V_jCWQYg+hlOK%{o)iNlP<|=mJ zmt{}YysZs_Wxt+{>Ys}-BeB&u#pH1?Vl1SWR&R_#;%8j!PDkG4s7efPQeODCKJWZO z=tyF3_a^^ZvOzC(&DY|H5uO?lK@72POFg}yT3`bs=}LSFau_Xf2+q~pDy&&{JsS@c ze7R3g9B9n-;^^*1L^%;ypPtd9Q`e$5RZ!H3S!d+;u^FKae2@VknIW+5v^lhi8LIZy zulOeC4jfE?Jv}H=rp)>#R6osZ9A?~DZHl|37g4&A@E*Ckr>GYY@$l~RZSSY^g%Ffw zQkAX;cQa*50Z@?_+lFfJocaOiYk6e7FdG`q2}DNWk3_*7w3r$f(TmAfzhfCyYLMMn zwGj17CcRs=1Rz6VN6_h-V;|Npy8YFaEofD0rS6smaLKTBr9%CE1B&v%4d?0(`9hQA zwhe#IJ|vwW;LGLTrR-YRdewXWh!anvJ>`3uUl&JbxG&smEibu5H2S=x3Nq>wXE#BK z{o9TA54<}}w`)d#LoKbxzF@x-9v(lgEjpzA3hAk`JN*S5rS{N$=$oUO2XkG zv=rL4Ze9rrU55r^bLE7pbiFQO)<#=(dyVt&pZU^ZNvh0L%{yp`z;wDxP9gFulIcD^ zx1hu20?XhT8F7XBAG%}J&#_=N{jh^c#7=g=kq*Qee9s4~2AG3!5K4PfwTZEZQA+-cV9f;fF;T@V#S7{pC?cQ&4t;Rk6ku}4 zZG!t{Dy4u;5j+<1nmW%V#K!C;T5;yqYYu3JG4)Tbdc2iv?-V}mC)1x~KB z4G!O3rMHa$Ro42%I-bogTOfgC?FMq}R}jK;1!4MR4NL?QrZ5Glf0|CAhdZ7=mi;qh zU787}@JT)kvlSYa(Ne~AFPaz_pfVw6O%Cn5z)hU-QT|9FV3RcsmA%AE_OwfWQAV*! zAa|0Odjgc$XzQ5Kic)U|OVrc(KVdgrxg}YueZ$uD_$br*B*w*d$SMKBX(A*A`vab?R`a24X5)~x-hwrWrIwcde*c^c!ZU2FmC$L*XiKA^_Si_o za0lJsuLcJ%VoazrT~pAMvrqhO?^}gQCfkSP;n&s=YROb|C|-nF*grK7`vfmIFfowY z;F>I57Yf_cV(nVEKEwCY1OZaMYY{G62@ zPig4k{Sf>K$2E&>zz0wqKLnV&jue|iH~CF>o1*TT61{81RE=vC4FtyAw2Y%3u5B|h zQ9trgo9I&h=0vZ&6XOJ*KFv$iImUa1D)FmMPXx;Cg?dVxJtiHbXtVcTDHtoyQ7Ii_ zDd_#Cf<|B;#a)ifOTtlBhOn?>_+5h#OpV1Qm1V{n5q9x!FV7{P>?0yJ`VQ(DhRP}B z6&pAeIeFVs)z;S5k>X|CS(H^m9tKPu3s~Mo{J>;V$KwhA-f3d9>_}tLd%xFutL-*x zqGX8DNhW8Vat2Gowimu&oMfg0=K~}L#ztJd+idC~A3U=j2CFODfRs3As^Wm?L<6(5 zFK7h9zfIp@RN;cqt#`Y7SB-T1Z}H z|2O&WZ&;&SW?gTQ_WwR-cv237vx__`5EQz$C8;F4q5d*IM}z1!HS=KF0^2cYvuP5s zJk;O#horU%4}OvP?n^&7WObov3(Jw{^$S;)t~mx zka2|~B7vwG_cnI>LimY^N>$ASJkkUmcv3l1>YQliB#uC?$0R&?AMI}Kb zRJFCX<1jC0{)6F9oVw^D)UgQx6wds>GAWXn80$iQu^xPF7sC9w$mbGPX#F2RAf!-E z5hE?7w}EK0)s7vf)oGoT&H<4x6>$$pVT*Za=#)KU?iLa_p&M)=L z`o$Jh9?LxZY|44Hmit=If+E{<8b!6s0;XdGZG|uwd|q=gEYaEVfhCpk`nhA#1jL;~ zL-|@rx&)t_SY`nsU^nVz`ZE^<=@Wo9Lp3ZJb6RtL>2ddYgQ&Yk0M*NieeHoO91yA; zfLn&{iJ`MqAobWi`XpwKFhvV2D!E=t8tHclh|;h(TrL$$u78Kt1yRHrg^pc#B~9h1YRt}7{& zPkey>Q2!w)&hLgCRQ7gfmqJ zxx?}KCi=EwNYl{&y)fP@k?XiG#tU-^L-Bu94R0)XX)R%J1$Ynv5hS{TjE5lYQ!vde zW_zNQAy22e{BtOA7LLh=`2l7^jG21mgjnJt2DbM=Fz!tY`x`>vE|^{e}~4r7&Jo3Yq$fmAmbR1%FtIpWTSeqcTRuaIc31ULfU| zzu^Dx@ezYAmA0w+U7hUNBq9{6Yz8)`aFromTY)U(#(MznWE+*xWRk2_5w5Gd#)Yfq5p3?lfspvjhH-iFf0G*Twf{}YJuwhe0srRv z_lHr*wB2=|nvOg1I^{P%Va{&`ZUx`-^dTl9OugZ_{S2*)k7WLJ{|p2ZAnl|)tYaM= z8k`a@Ix9%fs7V+#uph3Qa8>pOtET$y^<#W3$6(<+VtWE{{Y`zZ6C`?2!gI?kTaVHn2ru%ulOk9`0i#9=%1rpz5 z#_CBVbHCXc9C(R`+FTRFc~$U_$RsJc_Rz)(P&by!gNbijBVs3?D0e>lBff}LCPar^ zpRi&yGBD(m3J88Oo%6L(XeRHF52a_Yp03k_FP%$$oSv;Z7lz#1|79iaUV@m|76?{| zr)l-XFoUK@cj_EoBs8@El}nSgvU}sI(-sTe^N-E`zUMKRd$R*yRf#mr=>oLVI@rce zTnHgl((kG{ydC1P_W2V53p@#mH~?&Rw*KJ-5*>-zRG5oM+ks{*pDO#Hl-+?Ym5_Ly zw_V_V3GYtRt>F7liZPDXF1;aKQX;o7)4%B6V?XDwGF{;84*qNqJC!G~ z(a4D})-lm5*On|NDRx8)y7<{)Eb1Vl)W~cr<#SZ}Q1AZ_;dfG=x|IJe2LX_|NE^}X zy>pL!!$ks~9O7`UoTfY4|3I!vmW)kznvK{g>Pk9kibD~p36Z?_u?-CjsCi6@2rIolqtr!ei;pwyy#JS)2Dnc-sgYSvdvI_ zd>092e85)Z6KjR(Qtg&5!mpNL-s+!GL26G|Jc z?F3e`iPQfM*Ofn9*y{6H2zZN&&jZ%q4wATNc$GI1O;At6XqIggYZ*4#%B~vLVxOnu z72hd}81=0no6QXl8rT`jV7EZR19=hBdWhJ$n<&56qd-4YjXd)B&T7}G-J`kddIpSS zw6>`@1x1ipl|?a3Y1S=Qq+pc$%Vi?cL+4fO?q@0$r`@}2V9bJ;`)6m>L&SjNdKSsf zu2U?Rs8X-tFeu&`dwBZeU%4I+6OptcO-cZ0!;=63othyT?cy!uUwX8=-7Ryn4F9&x zpk~rKs975J$$|R2!Nr+~PoG7Z=6QGR{^}QMFOBjS#I3mUwXI_0++;7vXs6UyIKtKK zi_u1{=!6BIsSg&~kC6$IrUK(eTG4BZYWYojde{TQCoK|>P@f>sqt6?bT?>x%57}=X znx`GgtF!`6(VBAbOZ=VtME37hCG&A;9zg+s{u0bTs*dX1hHx>YP+FQ7=$`j}$fwvo zruNiZ2N`+!2Z>`; z9OOs(kJ;^&i6n|(9iHe*%1C!H-C^XNGC97@DiYDHke4&L9vF?63FUNdw-4N?&koFAdv`o; zDlfB&j50+Bm$=3%>{I=l$r9`KM~q-w2gQ{r7p;oksKK_aGrm-hI$3y3MRsLwU?U=r z$ppQ2r6Wy>GBM8xVRJz_v`sCMl)*qD1BD^gwhg0!=kXUqd%L_ZDCgV5Yt;X@HfkpF zQSuU-oth}9=<%5z#Rooz;73 zm3#Erc>UJx!)d0Y@N#I6!k&Ku0Qf%q4_7KjF_{`y&oJbsl^-c$WGW+_%x>$B;;DG0>I)8YK# zGX(p9BrXsuc`VyDDF3mCanaKAgyK$G;h`73<83$btgz^9la*2>-qCL}0x;4rD&Hg}&E)O#ZyM409LtkV@qHDgzcf zF+r!bo)+1>jFgvy3pm<-VAF)>XhhwX4f~NfHqloLN?a2L(QynYwXPB0&7>4nF$FWG z`vKXaoF-b=#(w~AYdgde$Lm!FO6#QFTze=E;tpDXy^mqz$I58ap9PCief?pxp7&0l zU`!vFJuz}6f*@GAU0}GKAH{M^e(@G}$$pF^m+lHe=`RaqB1cX$pMPfe`NXrH9v1)% z%B%Up+}VG-uOv40pOjp@=)3;7Y+J5J-`|A4OSLdRI!7(V1o`pfU4_NhCmnohALelE zeS^y0`ufnTy$?WEVJkL>EX@G4c>{x zSOWp;h~LdzF#q8_@6_kfd?>s-=g-$sYd5bqkGxG-aSdDSaUw!fFP#b&Z!-6>`P@6P z_w@zE1yo^z(h=|hVOr=bzE6$zhaY*R6!|-$oS4R_v&WT-;!7^+tLwsM2#O**XX=fMh&8F)L{lkZ40iHK8!vgCEliYgmjmQ(`@qr&6+4Xb z35Iw)wsTNL&dZ3`fS}!=w{K=5r8ws#W}ylD`(&xVY-#8sgj&PR`Ca5&JKov`irj7d zxu+C6fFw-02Q8nL%0(82_@li4RhaDZA;HY~f7&S7Hs|8Pue6SFrtiSL43`>`9X$a= zV(-*xmkirIuMYyJs>gtg{FTe`P82FUt9;e~47pG4TqGFMf<=YJRDLJ;4yyzxGBBgD zs9(HPGibO@W(E_cfWE{gnqk;nRE>f78%9rR_^oa_l%$5c8AL*zda0CK9R4_num4lO zU%h;bBm%+IF5Q@eTe8X{qL$a?1-D0)2teIl*xDY@2Z1h^4q<$aWDitElkzjQ2ahU4 zHJ9FigoelR(L_?Re}wvOx*SQ>pops!eqS5`Dq0aNh*j%Y4hU-W5hin>O5JbX*HN({ zZnQ4vDbG-9n572R+Ezm%e!`VX2J%YmLVq}rhz!BtBZbr}-MI}iat8Ztob&VK*NEtY z0Q(l~YA74Vh^lAU#hDo3X94A+v7$cYz?7Nhz+@oISQ*w{maM_&6U!;%(IcEJtc)8k zuPfeF?6nnLp+976TBwrn!?lKv;(<;!6YI{6 z7Fk0^*#{Z({{Xuivjum!ajJ{wgd02Hl390vIN*74Qi~^uO0fU8pZQ)Nm`y$?|NgDV z^7a4BxasnkJ55-*{{c8TBy8t}6zvdx$U2k9X{%o92=aHg;Whsu_YW-9ikIp<$?0Ht4{4bsaqg<`+%Ty_o{f z4_VxA&X-S!lk1csXb^3dS37iP(2u26g73n%yL@a}=VjZpF z=opR{?01jMDOv^|#nUZHixQ!V0%pifx}FF%<2Hz=wDItjj>a!YR)1>^X*2%bz5~EJ zC})`P4$#`XP^Xx!9bdU+%4IEoN=Yg(uD~a8`O>v${DL!{-24_|iyr8bmrUGFpF^2R zq;TR!wmH$J?TuCOX5(o@2ffu9Yc>Rntx0iZ1Cvw)b;dCU{^0pZ?a-i%ODdBK#t1i_ zaUL?^Lql6WJJkKE7|JYwNZv+eC5|it9Tjt@Oo-)_ma1#e=+SL?-E@4f4*L~6ReH+I zPV$`Ik(MI}`*g-Ek9It_CBF3g|`X@rFj&wOSDX!71o7{CJ~DK5gUH>s}4 zZ%2mEd9af}K4M%|iCEHl>h$D_6ac&I&vtWTi&a)#H!oQr67 zaRaROumnd9 z1e*mJf6lT;GBlF^Vsx5oZxJOAf#qFgs+kqNXX-BL3lDD3CuZ*4Vc+j3!(tNAFvT%xouIE`1?2AXVqAZae^j07%g5 z;`9|k|B6&pYo01m)8xzqT9_BH9VT@PCvp8kNsU~CNhVAGc<)|^DIjW+rLaTwXjavM zJTOyIZ|JP*?BkFFb2P(Ruo9m3M7vhM2@lq{;8VgKL@W@7L#j6Duab%(8E-gWkVu%m zH@k(r45~Gux5*kl6ZHhgu_qovF+iP0HlfXn5KvDwg)Pna5|d3(EM7}c-eL#s6NNHo zC!DpQu(964aJ6SYbB^j*HxjOocIR<=g2GdI@@~HcxW7qlfiYN!G5FTV+gdrni-D*NQpTszc=@4bZVTMAX zli}ZwdDw&cVXH&5M{=}7n;mTm?(ve!7e|WQfMf<1=D;E;K3fJ-{1iF@*t~2IbakK6 z)qyd6yX?(*GSD-Me+LAj>Z%R;Q~#j6M$%>a{U9G5!*V<{sbe2?Vqxzji9L?*dSKKFZbt;Dg~EGglO@ZH8^A= zmd28&jxF_Xrr|4#Y0u&aE%&&7Y3E>mXQnv(FAjF2CZ}88R{4O4BH6c-q>_z}sG4e` z-a1qwHJ%g-!@nxz7lNiz7D~|I@R^_jD)0&_ULc;DV|-Zq12<`xU=2_nyx@0!LQ|;; z&L2wl2@i&R{RH^5HJ1LUYxZ2Sn~G_OUp)BNH*`vTCF76DMs-nUX)60II#$Uoi6BfK z+6rqa-=UXp?SfE$Ry>f- zhLa5dB3%g8*^&$MSIm5UqKOD;hbP%C#I|KdERp5j@s#W2he)Tb@N1ADj$xm(~UOD~rB z5u^GEgcD=;Ee8Xkhw+CtGb4t%M#}H|4ME)ZuPQxGJM^l;KViO0^k2;GSHEv^khAdZ zf+5nERGP!OfZx>UflaaaS0XW3znLs++!*|0m{6%^_$45#?!h035dQ^fIsz}=X=DK; z6I6#+X;m3Voa17mqH|gw=08-PMM%3=6zg@k z5}}#XAFzmoSx2byAu_ccL{+4gH$4@Ls)3&@L)zq>h4}=8{qZoF!E(q$JGBzM+&OvW zAsQ`TTte9rM2W+p-?Fa^0er#@F8+?63aR$v_Y(f?VE+La_Xkzu@o0V556O$WTyF-Q z2akdh8*_AN91!%_GfAIVo5AGP-T+R)VAQomDhMDG*(odB^APm ziyk?XDl(*o1hEvg8pfIdn)2M1+lGC3e<8czfC;JTif`*y#qVIqTvv37w_0k`ap3t0 zR5t9bkq4D&O{8y6>PmQJ$pUjOQt^vw~sh z=$zmAjJeU5f3cB%tDny|!nYTT7Tt^u*&U!?SR=dPTk&2({FTbS^Aj1?SrMnfRF)WA zRkP(0s2T`AU-Y88j!ANQ5iO$`4)VV3Ar83ma341OsfcSB7W1bzIl5` z8Td_h{z%xmm)yXt6s@|UVL;88OuPiOky_oqQ7 zri;g(DkNiM8XUjmW1nxey1uWvET9@{P8<>O+3D7RWcjib1h*d-;oOQqkKC+fT+-vd z*GF-)Odx3V_| zJjdsIRA>%%YfL88#*f?g*~HO;gqAt}FPAUV)C5kz{g6>$+4+i;pAuDsMBlmpL)G$O z{GQu8(PB-|O<^R+#*+u^1o_grbyFQ*&`h&QlBn9o9q?L(iwRaZo4QH2JXGkN=Xv-Q zR0iDjH}<1>n_!lb1&z)n2$FC#w4)+z3_%gMB9>nQ{2tY|XZP)xCFk(vg7@|jPu3vs z%lzBED-WD^v@(ZNp-61Rzw|#yt%1>cEgpWw}bunK%^PlH)ww(nup)clWs0^ z%d--pyekiPIC?nnHIBJKC54#G;I4lg;k;W&wjw$=CjCpZVbRrmwG0j>7hdVs>!R2Y>kbjTZS%QB!(es7x zf6wczXNfmb^;Yj}Ef|-^I5W#0W{XeYxBA_{B7VRbwQy#~-#Ox0N*6sOk^j#7SE8PL zCxhr~iw=Hx2ZQc_&bQ%>Nis77R`o#l%Xk16}G02Ac0uRle~zVZ^T^irNPZF z?)y2aT9iJ{y>5(wRf5t_jGK?u~oBA0Oe;xKD_#DdCH2=KKHG=&E{Jgc#L5)z^ zA8|wROgqgRgzmt{Fq+I)D7((ic0-ApxpLDX($iV|&<$DtV8dMgqHFW+OFd;V1;Y5v zn=Dks5-pn8&Qs`9tx7qMV~lIz4AT}~oQwlsvqohU8$Xk|6*c0_$`QAx>tVIobIa*I zU@0x&^8#}3g^AXZ+q&%}5G|yDNF>;?KR&fre+DOg?=|y(;fm}?h03l(UQb7jAPX_Z z1DP?VGl87cu)|g7OYQ0*aAu{$sT)6YU=v9R0Cphlgz^?y`*wg67Or}#3kotTB~V=J zdOS-)m^rlmCY>9GLZ~E)+k3cVVc(b$IyJ27sCgoSYBZFonyi9nCI->6vGQl*XOn0F z%v8E8!!zT%zhcZ3m-Fr+#%6P}$&O9@F*ZOhf_G}2d1O6T)Wtz?{fuUe^i&=tfbU!P z$SSE`HXB!ys#}GuhuToPs94JFw4dE1jq)r4h}AkF*y;uXGZ-$ff;qrK1bpD{KYck* z&hyaosWm?0S#psAg1Q+|_9i4wQ4?&DGGsrk>cwXx7xN*%M%TQToPh>4@&kJH+5qmJ zl3wq0Y?MS5?wXP(DW*#N%neYK+z$?MrN1~fU20sM1%@UomxJZZc;m1>!(?}_5wm+B ze+|n(Ok@V73#57g;B%C?%P1l>`oBDibl&o)A1JmBAJKw?{(d$^ACmAh-zp6PsCBZ; z?Xy&ZKlY4#(eW8|_tC_F(eEQ(a7`kCG`6j60%ayrn28ALp#nGSH!Xek-lWlGEFCeI zM8}MEZil2j_u)3Gb{Z!3eaFS3W-r}uC3Z&kAnX3h-caYW!qV8DuWEg?VOd8t5sPZ0 z?N(3%mjvf0(I7OBuM!8d?&uMn!GY|!aJsVN)XUcgM=SyP^8N3!tos)sfE3>t}I-mu=OZ3XpV0Qh)J>pl5V<<72U$UM;kt)k$ z>ZMPAGHv1^YKF7h6Z&K__3}XpEuQbhd$jaj)j%)WR{q^JqBg9drPXt5Nx$H_2H$rX zpT2u&qDa6w(Xh(i<1od+UobT*0iXmM6(U#Mswy;5ji2(nhu)T!l&Ibc`vSFELhha} zG!2gf4bE6tp-k>b>wG^x4b)1`mYAD0Kr%$5+&mAF{*+3mXoJl-xwd0-B9SjQZ*clp`GB6rhxyKQmoE(x?LFqc{VK~GB+8T4Q^BM#}Y?FLDYhINu*4jY+GGt&9> zTGj-ff|T4We~v%Esc~W0{RxOhnklb;N{%xij+w(S7m1v(^@jq-Ssfd1J4Z!`<=>#% zIYz!0imm+6X#5&*7YcfP9^{gVX2U?2=+e%{$w`s7HnYE1_lTDCfNeCM%6X+A$tdG- zKq(N&$SSo1QYKAr#7!VO6>I(vu#WuZO<@}Ph}A1=k9%r_Rp+ZYC zzj+gNtxD{{TprIhKhg&~t_xDV-ic+nr>36RW9s5GFfHdxvQK60b;I*1@yH2PkBX#bb6@g4uuSXJ0h#H5L=l_CR4Wo#i*Y-Z z^w!JE33n;+xY}V#(+89c97QPk1-bP^7KDFv>BSPtV#UF>C&aQf`NdokL6kqvnm1qq z$yoTE8G&RWf8+*+mdTcI-L5;kN^|8`&Ey^u*{qZ;5Xw6x;>P$)u=Z$57_N%wBmBTe*s9$5;r+GSUXxHu#Zp zl35jkc%thd@2=j%`I4HU@^21d2g~70pk{GIEYju3AIKr``=0Ovq?;@BBQ@HB`#ALA zkibYIhzQ(2qg%87>qsS&VCPnA36DVOGIl8ug*qTi`HY*ZQ)tg%O2l@#nH%L-_oiU z-v_{H;2rjoSbgC<&4}!e&s(uEnR>s3wLa`1Q^ve7BYd$68*kcJmI)bL&04=a5q^Sm z_oZx*^r|M$#q-$XGAFa*_bYjf&9=-AArQ9cmJ1;NB2VM&NCb<1+-^@PyL*I5q4VySa^7v7uzhoJpNcq^nI8hQU~uw&GU5 z$9r%zg6>NREi%P|Zi#t|rQXqD{S+cx?Im@LeCa>rWSpwPa6vS<9b2G3|wSeDkK@mpH?_{!2EZ4k0um?c5-OJ zR`HAcno!H8JwE$amK$82B6RRAPKsg6zaGPIejlwqO%TS+sN*#TZKwY|A$-FfQF|3d zoL8&-LTZFsby8Iu_+;_>%974li{#p66u*uy@luoL9Uk8h4HckvT5^2V(W#zHCxK1< zsJDv97mPCjLuYTy+?h;-QLfHPZA>YV2pLX8teZ$ZqR7ER%Jt9_7b|DK$pF zb<>m2*kvD^k2YR*|3?FBdy`YJ{HVK?tTRQvaS$N93g*Cr$*j)vrGkGx;MO7d(dZ;k zKK93BYrDv}Pol*{7gFpF8$FxQ{bQJ$qEaFN8aeb@4*(StIXwb5h;ExSL%fQoyY?ny zc&K`qdyc!D{{wWwaX}p`p+uY{xZPzZ#B#5;9vIjN6J!G5+DD{IwgknVggHLy3H45?#Wt486aP(Zm@8 z#CvilliHcjb3WBiR0ye`ZBg`5!U7>i#iBJ-Zf5FWln^zM_-PYHKt&g(-a!dYyBoG^_&-}puD*ltm-(muCYg#2#Ud>6VuK!@GVBTzF&gen8a^eG znbhF#U@}Qi7<7F9+@1#-$QO>H2I6?Ni8BT2A}WW8+5Cu4`W?RTMzjPrjsWT0Dv~wp zM5wKnN!=1VXMa9ept;S*wSJ_K11r|EMb|OSo~&Wb9ipr`3!=gR!&ceZ;-Lj|URZUi z*I(zrFUSPACDKW!!ir|U2>U!SkQn+lF;r7k;J5NXBCItGl>MSA!Ta6$7n zmqVZS_Y+MZ6JmBOtQt3LS?7pm)ANI0Ybo}Szt?=4Ik^+O=+$teHa;dU!wQb89;n?; zPhUu`5Gx`eQ+?RuW@|ja%o04&!%<~}iWLMZ$WsxB#9_xHDTO>pfrzC8Hi&ZKk#Qdt zO}IVZdGi9-2b?eu*X4r}_3_pnwprjK5&B_w+m;0zA!xH*iIJbO5wdiMzd^agzL?g{ zsU4PcCyJQpeG%x>4DzxeTgBM^rw0c=8k5HytF=kkFWGDVF2KWhLm$&HuCGK&mDzSg z^#~IXl`kM$I}KoQ$_nxakee0QNKY5!xcCGe&*B#tBGm1Rf3Fz%UMtL2wdMzW?2T~7 zNt%)fTYwGFbGm1v%NQKBqz?C6rUT~t3fZCa>J?H4#t~j`ciuFr;PxZuC$lIpYlMcm z;h0fa*9c>sq78_sw68uHL9q-3@_gsqEU5}n&evU6pVNq@cB`GgG|eoxu%X&h{MQ0O zR7T9NWdd6xpT^IGZ#IX-YtCAz+0_?!ArPKrI&S7JQD)u>LXkJyPU#ih@uY z_o)J9qQnv*syH}@F%aH@x}mq1XUuf)t$F{NRd?zlu^BChvs@X7J~Kfc!^f&Ml00Km z{+;3Us?6RN2Z|9c0I!^F{xzHDP78Eg?-PuO1Szv+d3_3%k-LG|Yj{!-3<9v3E?!jU z2>Vx!U5-I$G;b;S$aA=w3H9UC`A@`MN52Q+Fn%{w#Tn7Mj(A^qz=vdS(1UkYCA+E% zq~1dg;qGeg0mh%)TB}V7P*OeTncP~f(gh+Nerv{djtT^NnRpFBMFbxBCFjZgta9>Y zDSuisKX4AYWs?JG{&!Iae&y`rG~_Y%e0C0@RbwV1N8zyjmt1HGcyQZVHJJ$kFngI3 zCZ(Q8f<~oOscywyDN@n?1LW;KAAf*KW}2HXPTu%`CmA4v7DWhs7g_Z9TNL>Svdr8<<*+%suqs!p%ke zRVL#ex{bIYTEeNdr<4j$bnGFuXU!GX zU*RnqF_!-Tl5bi)LxvCbRF2>rb$?eS(IAmus+}~v;Vmj0)F@kIMy7Y1loCKOjczYp zyDqDSg?qzQGKIzx106Zn3oIp~P>CK&T-VQ5txJ`yEIN)??2s23iav7%=Um!ABo@P# zt*_RC@o4!}Un%_GD5VP7){!pf?tisY7nsi8tHJCRYNe>CL^!2>`Rb^&y%GrFmj9sg2Ho17i9kf zAf0lWEOc^Hf$l=fqR=6#R52W1g0VSgAA1QV)mWtvYpyT5%uQ8iXdzh~SL!9?s=k}a zY>?$dTFA8=i;@{%*&I+)G9B%Q1_(Gi0>0OylxM>)!l?eUwuy%80;3|APP<^ZAuW_n zqCnuvqciFU)W4HI;8|SJZu~gV<*bkxEksR0*>bhSj07j91R#o;;fkTU)FH- zP=Nrl#ODb2ubv6Y1q{^jk!jkEH8_!-QT{HtI2G-mI>Vwhy`BYMqhC4dTJEKKHxY0! zPy&^8xm&JlVO8`gn{K_-Fl6B70w+@O)U`NTHapcwfxl9#!*M7v&kQ-Tqgk31EIxWV zI^Ncm=FQi{8ySF3SC)d;RJc1bNrX4A6VRCM?{Q#Vmbf(G)o1aCA5MHR%`S-0kY^R@ zllyM812ej99z`Qp!7XacY|&Z_V5Ve4C>mlIdfBvlON+{*A!+wXkn7$#QShZKM~>+9 z__|RVNwWSY2~V;YuGCFd<)=p=W(D9~OI&s;Pf5ph&mVmIgm1ECpO7OsdK2j*!NkMn z=++e+NL?DjdrwqqA=|Slf1^;Hw1|I9^nV6Cm7}Hm3a>k4r(ESR%9fML4*$%hF5i!# zC)}*$Wweuy9qQ*10(jsc7^Sy%v(^=f!e@|Ut=74?qF9NvwM{OS?pjJB3q;7Ao^bzH zzMxe)Mh6FC$dk$F1!;_$pf>%cR6n`DPJN39Twox57Gca zP0pXZ2U>Sba6OgT2|agerR7+8Vg+cuFDTMJ}Y&Jnx`=kVd9 zCIv72jZU*9%xhD1L*Dx?CL=6^T^Dxv-gUA_rYRJG*iG@R+}HDU^D*08)Y5l65*MTj zRJq6hEB44v?L&nS*Z}1jh|)U2rwy4I19*Ms8#j_%WX>+Klm z2uCDz-duwD;Fhw_@)7CZehvM5MwdWcpe5CNj#g7ZaJyov%BK>|4CWDuZ%_HPYdwYU zLvE(;M#B$)5>zbNp=J9lMYYkVQi<#cWY+vJ15Z1??CM&gdYd~fjXp!D-)Jz1vUXlf zX(9M5%p?-~tRu3XPpzEjLU;{NN|gzr#{lGxwHspHeAuc@(WkZb8lLBLcf09snbnN5 zE;mr8cR%hV=$_F{=Tmr0`xmKMtWF%?KwLpiI4(|^M3edKIZ=7x=+Co*qx$N-wCjwm zC#$r>IW`mnb%x@J-aL6~JJYAa1%;?;y}{RQtE5oC;nk7jym#(V?hYL)9(oM;^YeAU zUI1&sSwqWacwh~My@aD1{o#z#^g=%qJ5ETgDprbpibNQysbr@9XpX)Ugjpck()K~S3^Q5S!VA?N=0PJV>s3M#*)}Ca}F=EN{7e7C+YwF>%lZwa80q^)jRS!U{6z?Vwa&OPkWD# zu=;viGLmWp?nSg=GnvEggQeT z8;;wAc$3%IPj>>j$*!fN{!3e7-enQaD^ds3zF@7|^&1&34OAO-T-5hg;vAiw8e~mr zFS3^^ze^M>a1v=chq4loZ1ak-Q@UKpJp6*<;zsQzOvjQbq@e)74}m<>ybsfB4G;IX z6{Gi|#JxC$<>RWYZ}c)E4*m)5wD@WR3KWj1F*%euU_rclymVj^`U;}YBIl6(F$DkG zadbTKhLK~Tn2%fn`EnWpT!{9|_52>jl*<%k7P=eZi5aV6P1uT~=tEC3zN0k_0z01& z{6o*KDDO1iqE={6D;vD#@`pzyel=^d%g5w$r$Z19d{^0;O36zk%{4^fzFr8AF**ct zDDooN(Y(_$l*A-S*V~IqQUZrnMwN`VAi>7ONR2> z-A6t(rTVi7D2&+mMybjzkq%?H_RN0UC_f0K5 z><@?|fjDaBL*FdUBOE*4X#0W ziZ-56NO=T*%z_9dpE&*JKso<@1PRKXW?rQikw2 zL2%jtz@j(@Z$Ve#kU>GOxxmzx1MrLX$2hvz6CY}bH@g zzz-*aalp$Z>*@KUDAJ&E7}?=s+Vx4wXi6|GXhU*)b~ioUkXCfd`nEy}7F|C^&z&vg zD&k=cPWCDbqrHHy1Sua%M$4C@+>UhY0I!vAU;N?vDHTG!yax;D48$y}(@)CY3&a@} zxNziD>91n-w3;Cv1tH2?KTIp_8Fl>YOgL!l0CdY4zk{r3dgWU!r>d-y+{l#QM%Q=C z6r`4fGueYb&lBZ0gJ|q3g;AZN%rXz}2l z=%ouMS~X4F@FIcw(WySX<0OLpOa3YrA231dDIK03<{9G2HHbByX@iOVZ2_~>cb?jh z^P$gtzuXzYF6d**G1sZ1#^2wXG_AE7KS5tfmelH{*Zy`OP9B@9uIGPbr)Es#c7?>C zXo4vO(qle3tEPn5Rd4oLh4x5%q*5jyKe77|Z#qknzMuqm*h$3m7kxnjvGby%rqus3 z-PY*o0Yx2)IiCm=&OK zgXa$EmY;Tb1YS=QY-URri23GA3pCf~K6Bin-Qz3ziHcDiQvR>RSqdn3^4Q+ODEJ}C zs~2X_(3!XFNzbh~Q;oZDtSn*0mXLhpKl(-6jS? z=}n+ap%fh@;=76@_#m_PCgH1ob4kg4WP`Y8F&bTfA(Cq)6=MBvV{S1BE_6$jpPAqt zXgItmvkYTYe)Er9>;t4yQ3snd|8$a2EMq)p&i zxPZ7q6MSY5&sn8h6DHYvI%HORXHxzjs@^Inj<#zXof!s);O=fgg9RPj-Ccu2AZXCR z-8Jao?(P~S2~MyO+}$0XP2TT6*?rQ7UDZ|H>t2_-`XUrpUOB%wozO0D+1pwXASN`# zCFpr4%BB5Isc?Zuvi=&Z3><#i3&bue-w{T$TXx|mh zNUBBIoa*86gpm9;=>p!dHdD!+M@%37(z>DaTGD#tFBaA-6;xN(; zP!#5elp!hdZzj&w!60{DXMPW;_6FXfy&HgYKb7uV5KHpZLsxII@nT)-YIs}N`|x}f%dh9V)uM$|Sm5QNDn(h8!u?UQmoOxe zGK!NsEix#To55e)>bqL~BuX;bfey_SSs$Y@;+9iBr1LIPvy3(_%2wn{?|%UF9KJv! zB>mj2XcTi?f3xr~9Q+!1fyZHR2s@};1z|-D2D>TBFFEKoor(8(7bD<3;X9T&Kx68e!*dAL_w3ID1bSr zI#tJ>`auEHCV7`11H(J03+p-yYAp}Nh#I4K?iV?7l=v& z^P)0!aihsEVy_^*T&xWNpb$g?Q#WUT!y4ngz0W+k+Y`p|5{xW)hXVb~r;l2;{{U^f zDYi*c9IZ5+`KdJxyBVo+50&mFit0A(pSDnnwdla4*(8qS{XiAyvhvZCEwbLIK-b*_5;Y`_g6Q>WPXNgu-TE&*GGX)| z(e}@D>DCPti9Pr4X))E^NF1xOoWV$$0`WX0IrcIx2lN?44)PwJCn19@#bqJq`0lG7 zZDCWGQ9*cac2@l~xSI$z=Jh34mCW*_4C{n<@!K3l;^=x#4#0CAyi@=RR+}ZrvP6xV zz$`4b3=1*zXp=@|X>aNs6_T!TX0 z+v(1n(T34M!_^Gut$Qt&&Ei!>9TV?QA^Jm#sl>nu^!L5FQUpg%KdE^=c8R~l#T?8Z z0Xe@aR~QM>f4E!YV$e}D&ETMWu1?gp#0_B;vS_c6qGT$91bp1K52xZ{!51cWHvQ2E z#RV8g?-3ggXKR{cLXAHL#bL@udf<}48JXs4E-yx;R#%6hNq9=Gp^qeR- z9Gy#&;+y2spF>|}>Vha~GpNyu{}d#$;1%kIzTb-ByB%2X;td@F01ofRVBs%nHnq7C zCLd`pO29mt>2_&4ypAs7S?DRnoH>kD3otLtJ2tk$J^G&rfspC+fyO? za7~Wdpv*iOqIW4ahe`40k@4T6%{khn36BW#+!vj}rNn)59dm&@oR5Hk^7VAh(pf%8 z`xC$WyZ0I$T`H93iAl7W>3KPG`I+(zjvEFnR!gaozzSEYprxx;t`ScD2*s1d1OSjT zwPSN6Di^S`KZ9;uU$&k%kw9@98ZvPLE)ZWDN=6SIOV6}1s4Oj7>zX%)8lp?QtG!Ir zLv29ebI;`x&z9P9Ebs3k7)jE!2x!!5r+uK&lw4)r1H%aDK)Hz7a*QZbm(QF2>fZP% z15HSVG|lHJ{tw*Or_ID$#RvYJ@dSwgHTSxfBb3E*5cfM+UphhjCu!Qoz0!bgW2AbP*rM|YT=QtQ^lAq#4a9@Bd z!OWl1vtVe(FiNaFDrE0#382zFRvQkpWWQ|FQKH$`%!BY^mG|PAkrCIiq95 z%c#vaUU$Gi9Cla=Wh-1JiMu&s1L%1HDrYJx+Ttr>sS~H_;Owk^uB)WLP-NkERqNm5 ze9&<=$p(^J~WdI@YS{``nYrlLk1ZX!f&wG$fk)Vg_|*&b_=Eq}mEkpevX< zx_`~@g1c>SX{?nC|Ck}NR83K``fc%?fD#~j0!86f9#w)B&Cak#$i4$|Jx*;Gg^z&{ z{8y=K{ATxqhed!5r7i)=T_crrHZc%=C+hmZ_A*D0c{1V3#ycH4KKe z&n=ySsY4?ny$MUjbrSY7DAX^R@>c6MtF%-FXd0ze|Is-R?OW!SH>pE1Qx<`vO5h}m z+~PZeQMYp^sVBOJo8yV^z^hj7A+(Beuexg4BrAPmA|wQ76suRt-=XgtL^i23#yLO! z(Te``2Q|;1bWW0N1=)o#k#W@qMC{cHx;CZ`E|nF^!QdlnVD2{Af3u4%97??Ls3ztA z?A8zsec;2F7|m3iv9pYQVtNcM_lw+gEdTIX<^H`UMSNlf@UbaO=ooQf4WU_AVrMYZ z{DD*k2^<9TTM3OXj-Jh)b*seirz~umzUz-EyP@Z@v8?zod$fN@gcz*zY|b4uCc?!v zS^ijn(l&*`VE%oLF` z`Z)SHVvxjp)PEhD>}9oo`SVB*;Al*Y@$e|1CZ0JM!o@YRf120ymn}cxMs!s#hPiEX zJ+}O>$IioR*1y*w25Njnp7eEjDM$0rc(SgYqu>n~mIU51uC~@@qv~V&X6+5rAC?>a z{SQzG_)4V){9N%)g(RUN%vU$Vl(2}(=geqcQd^u-mwmG94?tXJE-$-McWQxd$$d?i z&8)%>oUIZc69o*>WjG&7*3nx^I8SB^44Wr!c>arkp|z(Qh?4@MZ|ZYl^$=Qp3r+ti z9`e1DVfq~!+#qraihH5kD2T`Af}lp#A}qRu>8!2KV1Wv<_c3ahZhlr`@RuTu>oCH# zCnB*R0yymBk1*Ns>=AUp*UKn58IKP z9^{g`TCl~euIxFN5mItkD19A{aF3du6cSZovp#v(9wDXV?GekeqWAR==E6aYBT5(` zRoDpr;3>l&y$SBt>Ku@~&_DR-@NYukQ*4G~pty+s&0GDjA-MAQwwdnv1y>FWEB$UF zl~(L2W8y{Kb#^emD@NEN?LSWbT97y3LGJ6z^ziItSd-GsPlqgO(Ccg4Z z+lU7d2m)iG^kAg0Kc(zl2Lf6c^;`sm zU2t*xUDzACi$t-Rd^gT3r)Kr}uvkY~G{$LT9`#`Wxgxds zD!fR%-VEhZtDu+B*FK(l!1C%LxiwNR9u?eSNauT1IoI_oE%xAhvaMsRQpfg*vxC0; zDrQhMoTWvN#RJJx(;`k^U4OIsCbkVTWXJVq*A1p*yiLsficw)J@rr|OlMMa25?f}1 zbfIKxUt32uKJK(8BN~#S{RU7vy9dBv@B`a~5Fr6PEs;QfJSW~WlbGm&t>us&Qp7IVG_MZiEDrN zjS*FhS4%DMS7>T{u$!jmHQ_~M{hJtODoT?2YyV9`rV6Cyq|-henV2CSQb7J|&Y6S# zI>sFnPZ9eCy;Qg#Uea9CB@VIscGQcC!lVZaXSZdH@-GsfUd5awrYsh4S^71|dM+ZH z7PY3tLA;#%L)`G$gld6HoQ7keD-Fj_qHFUbU%{0~#lRwLz^{GX65J>$O!ap`N*^5i z&+09857k*i)*`#~-~1(FAViBTU0@kK6rg^LfKr{2)V9vAX^tLQh4KPU0$XaEcSF(gWN#Voec{&AUsL{^*H;lL z*`H#*T>dUZz%|g~m!YN|gNKE64)u}chLDTO>rw9ycfDsXg8#(zP~Z?5P0Dk7`8IA9 zlK+xVB0RU4x1>Mmhx~;3ILbzIhBZ;mtUSy24TE?-D!IPlTPN*X`_sJ{HmO3-YcWpI z^k(=GA995^mPieuVf6wLJVTBpnJZ#otQGBN%XfVq*xc{$&}MGb#c(9N2O9Z>+>v$4 z>u^hYocRjTkenLA)%d!1(<%gm2IsJ*c)#(cQVKH%4J7h8A;b3Ql4EEFJ)I!_BPR`9 z6C>ml+uy52#dh7s8}Om5N{E&hD+Lt|nQ#e-FN9(O(GGGYnPe*$kts-FV&SIM>imLD z=vb7I;^3lOMD|`%grq}CAXe);Ha~LeW2m~j6)#FEmq3dHU4WwI06J#aC|p0$H3z=} zr9~{w##m<#8NM6xy5GeY_oNNV5c<0V4r*A>W|jj#f? z!wHej$Kp~$q=8Kmf(P991N9@3y~i7cvZPhXRHYV0iApb&Yz~o(<~zPG_u83pvkMcB zw*-I}m1gTuu%~?t@QzI&lr$yPGs(8JZV5d4oO@ginxCf7Sr?K0IXbbV@hi{`=f19F z5mazgrY(<@04{J#K!S1&;{vOhDAXH9Wg%qbF@|fGoWfE^XZM3B2oKMV!y7+4e=j)M z5=xA6^LtWLg7oZjo>e?I~X-=zdH5-i^2Jrm_%Tc)pO z!Ja1(k@E=+LA-23PgZk<$b1%xR?i!!z4r&DNA1mw0}coCIL0pTCuP}!GK25>FdPr= znE;_eTL$SU4N_R-56(L&N6Z3Yk#StbeeBWK+##`SLxsl<$uUC9gM?7}xYm-!(d$hf zFqq;bcxl!_g_l&!!0uN}4qO1CMl3NV?PYD>db>0?K>*e6rpV(*q}D3NUi7@L@Xb75 zzT>NE5>j+xuBn#;Lb_b^b^8oR7%#Ts+t*2gmm|L3Wxj?o3&N8y-eE~1Vdg$sSf&3y z;Z}5tQ%1iM=GY)vob^LM(@G!q@P!W`LS$B^PBpDiVT&=HNkNjpuOuUgBgnTB&16-6 zw^iyH8C1osdqxU|dnb!kRO?i)(*}+>rDhoYB~KZv+gS$h<~SM+?dCF#i=744ASH-t zip|(&D8R%e@7cA=dkZeKsG}mr3qD7-M;1#48j(mu{)jQXp=^S4yt?6tR>;sgHNKtQ zgEQSRwf*$I;Or!{V%{Ou2=Rx2b07cjf*9`iAFL%G*(nfgIB3LLTRd^Q6i!TK&mzu- zX~xK{#iU#F6T4Qq06?2!Z(KWp*l&kiaZL~=sW#6sAfg*6O|m=A66`V0n7)p**D z%?Y^nTXGnsaeed&Aynt5#pX3$?s_XbBu}QHb=L+{Vlm!_UC^{M2S1THkm9EV%KyL> z2JTG&`kD3Ne>Xi`ZnRisXo(<^ESJjFDRO-^G$al0U#-I$gmj^!ZMI?Dq|E@ZR?f{b z(y};?;C>FxbDl*7{x&nozsS5DuWHfa@k}|zh=_2(;uaLiAs9&s1kC?+zO;CZGYRSp zx4nu!pG<6CbP>@%l}sF@)B-xq&fi`0x8FwK*Yprdzq6xJhhYOYEei5pp-vgRQ5z&k z6QKkWe-#8npJpIpZj8t7B)_VG0ON9sl~1md=)`#NP%J(xa%u+&&wSP@r7J867`TYb zDFo|!Tb>y-xVa2^?y~UJBf}}ZR{i(YRMCfIAh!gS*Vm*YzN0gjTGTq7U-|SN4r0{B znn$?A>B#3Hxd?S7BrzI5+^H9NsD2q?_wh>JLL$)`pxMwAxu3|TK7pvplR1A6*8l*2p-7uX{paanv1lQ;gaQSj1a*x^Z&sP`9Iib72bMym*+9NPQJKVCCj zQ3Y>T7#;>8G1NsW18Xrr6P({T(dv#>My^@~;oIYlzc?*c4=J37f4+8^330e2K2+4R zqU+?W&oQftoF)9WGZmhniGi^FCEpe4B5@+Fc`W4NN+LFAf>3zD6b98V_^Wpx7Om z`Tq2RYpx#tQwV%r!lxzXQjl5(&o}9EZ5g{0(ZA%Py*_TI6g*|mF!kND-|%bYBhI@A zF*xq+BGzdx*l!%@F%0+2XVm0GtT!XYSZW^YT?iBNK58@WCq)WZWLPXW#A>2BC3~f> zhpFz)KSURL3i$B5_%8A2(!8DqpEb(-FdQ|Py$2Ca}%^6a1qK-iYMm9OZ)5 zEWt(=%-Ik7)0>0w8ge;}zG6b@DrZM;WAHf!KgQ$e85Z@PzW#GV6ku)cORLmQPWm|g z*L_h|z%8LCjzpN@!4)Qg!+Zmh-^`zJW?G%}!7o;aGcuv!C)e$RAxZ+OQnT0@v#yF~ z{TX_V*CPv=?}-7JnxZWn?3lDuC>aK&{C*d%hoQw44|bdH-Fo)^_GNL$F?JWgp&V#R zdFBr@jwhB(>8tAbT0Z6@gd(-n={ZM-<_G3rkLP@7!?#`9HJ9;brc0gmgP~na9AhK3 zN|Mj+$M)ki!i}=}{i2tms_{vr+hRi;@MTmQK4die3{sp@!7M1+>n#wzsT9QE8?pZ(ghO zH{qcxxNwzdC}p^dY=Ylq#@OJ=Zj9q?EKcS-TQ_;D<@NsiG`5 zD4vxU)D3IK9n}S1AsM@>-BIB4A6~;!1;3eVn*&}k!PFGF?o1MH9Yg9l+p)e5mv-q7JFRs(W6@18mZ`Cwe%ci)J{l$csu zHJE#J>^%csMlyhEJ0e6xM!F2cPSN6JB3sYf`U(=UaX1GYKh>mS&nNuDuS_WkOrWwq=#H)Z+z3R8vB zZ*qYMJI)6GV8vMzo2Bi1^Sf-xX1>V%s7Vj4Ix^s|Ih$#)b6oo#kdoFC?xVHI*M{J! z_~BE&ZxxB(2GDg*<=Zs`B7&xBBt;c{62&xrS9gAar<(6uBhD}zQ@YZ6`Eu>!7I^dY zDJIZV!HwM2x-uyO)n^N-3>f~SVquFmb5g*dagXhM{n|@Zarz|~|JE=X2Qnm``?|<; z1Ifw}@H#ab1hen6pWTS3K!|}?p-D)LWoJxV-%;t8tgB}A94q)t3S&QPhaJZJNyJo@ zylY;FaV%S`hJm?;KqIYVn!jBO{Sn@r!pAWp)7wKS4+$xVyKbLj z#pXXy7(hYp?LCTwZ~Pvu)A#;SFx1%$nf76fF#dXvZ2z4YK3CIv|wQves?|XT@Y@WRhAX3gS=Y8)FRFTR{cPq-mE-f}D-xCJ(OG=MZw6!3$!y{9V)XNc{UhZv z!lKSyY^^Y^i&@4J36`D(FNvt3X~%i#$bEVDmZ!nKWu~;W)`jc2e>0Fkj1wr1=)5bC zF=n%AoX7w7Cq}TM`)6O%3<=jrqbYy!o6rQp=RQMK;;+^*esbAFt}{h`?`5O1#)MT> z+^rP7xcz={44@^cfhct&){<%a%)G-wL8;%WiHIZB8soaZ-4PuO_w~k5<&I-U1brV?$O3HJmproPVgO@0>lx8v*x@ zp=MvwNVLQ@Glr1_ovgI~OWU17sHueUIW{i#7Vgv`?Y*BF?Vp%Jbu6)9HsnMmkK<3X zt*dq%#IC2namJr&p0bE~{GRna($X*IxGCe-h=CThg-{1y0eA9lvzk-s7&{^D+V(T_ zq&^Tv1K#bgccF_hn(+#c=FrAK?7`xDy*xMyL3HKePx4p}MN~?W=Q>|LEq*DZi!KW6 zDbu+4$VM8uUtJEFxt3_wvEUTuSn`C$evDQTT{qkCAp!(+;<^j{w0(i4vqL zNp9Irmh%Y-CUblEy}S=RW_+#pT1q8e3uCd`pzY zWb$?b0ieZSb(vV=}^QVazb<=X*zRF=NS6`gw zsl2yZ=+j$Bliaoz!77u0Fp%Rk&+yG5h7Xl4(Y~7* z1AE6Ao*MWoLrhcGw!I~Fh1Xz*C~4x@F;4Lo4pGrxBod17KqCJrn6?A-mV^T$^oex( z@B#f8IJ?sC*;=2>Aw%ZOJzb&*_*qY|4fAydBBWgIb8%Yj|KzHZR-k zi%4=72#ah*|9UrcNp7B(X<nR7Wr9>CRgm0Uhh&)5b_ zNh5d01ysT~(crYte*`RWl3ISFqHTq+wCetrT%BX@{&+bIb4JsR&AURlP}~y~@WZv{+UzVL4OHgK(D0bLKhD3P zDU=$egOMMD>=5ugk;ogyy}p<_)#F0Tf{Au?Xi!&HSNQm1RV}ns^fu{&H`lGXn7(uo zP6e*~8KK81B}o7l@~vN1d>k~5kaGPr2x}AC&C>)h*TXw#?3!wD>4vx zZh&V(NN1)*Oixa}#l?E!sZT;#^l*MB$zaA=3bi~420S;Xj>PGe0;rP`WWZ>{Q72&_ zOks8xMs)@pJpGCu7h;0uHaaA9tz3~@G4ym@6ypMQ_ZhE&!(kTXW6nGIT4XBN62io` z5@B>Ps}zcsNq&?(qZEo;VdK1wIv-o_Tfj_no1r)=!n=F7IA&J-@`@gTqq5-Ic26p8u39ZDH^;1iY328tqx zrQq$ba&<<1uoa7 zqgzF6gBfGLw}aXN*WG0j1}=A14yt@&+_SUxarlas4tfcI0qt1^p3^P)=}f^7cX?;Q z*KZ1Y3^PM77p-8Rcyb)JH(p1wM)Y>2G8_cd$ylJ7&#egMql}cOm5FU~j}2_rNi0VS za&%7ka#K6|iCxawK_NDYu1s*MVHFetEi5yNvEA?VmXE#v16)7yCZ!XIeBM8sRX6q&uQC!<7ro38?|d{O!Wb%&Q|5B=|cv^Nv;ZLx;(Un z%&HP>iE(4c)|Sfpf}$i<{jSu2LRcGMvWuBtYfDS#i9vB8>lr=+5=D7icNhUP8*f=R za=JqjvbH3+4|nlHPrhYilwe8IgH`%*SXqU7ZvMQYQI;&VcG~Rr$13kumqrsB+w$54 zTm+XZOvWHhNLSlx5gjr>KIX5%8)RD<)2^#}DuzznZx~^R&?n!P{>|`v5o7WC6jc{B zVKn6*cc5x{=P!E)*enDLgX(|!X@}xbPh>0YuuB(Itfw78N%I}BEN)1HO)GtD}b~8h#Dss^9yNeS&B~)y)xe8Mg!>tv@ z+4Q3uJJ!p@t`$c`vvg(Rb`U>N*cxU@#b}Cy+HE=aNwn z_`7tp{Vx}E7>42zowqN#M@TM4qI&hie!=;=d>jOaTH6}~nPyAs1BgYhp9aAG17zDk zn+I)VgB)8=t3DUR`|HnkE=g7N){G%v5RmgV=ta% z6<_K5g1{av2RQKtL*=qUf`VGaicwNC2Rac7w_|v1$q6-Rxo_78{R(S!j{}wHh)>rT zkg>Ol&AIbFg+s##Hfj^}oO$#EdrQSNjG>Ewu@8 z+(#0#!U_pWz$*a1AAAPrmhbbkv(;<&>vjzx)sdn6TJuk!j=Y1v7#ZWV-b|DP;Fy2q zu*WRK(^X^YK*4+t_1EO#Uo!8<7`1ec06? z*4bag^bv<8>v;a03R1GRz(_3INY7H%_{T-cR5@6T#WfW2b20Rc9@=yl%c!VofG}|{ zT~ZMkB37Y=kVMMDd3p4Gbbh2`-udeGbL#rwsoGH%0;U+@8Rd!I3GYSCcaocAW@hZ* z;Y#-g;lWF?sf1~^(91?9n6kEEGBoVQBCWO_(9$kukHKHy=s_h8h{OU9%B(UaEbV^m zDrSseYE+mky~4qe7Ug|+8hwPODlRBSiJcJbZAK`xoA6kX=SyJf@iI%aAp9Rd?ceaB z`$Dn}7J!G(31fIi7II8n*}CIwy4waFucPF;Mm;9b-5}%VT8m$K$;8w4y63v3`C5Q0HV62H)Bh<^q#IUIJ{kfGU8soQ5il`;*Vr!)D zTGBOnJ<%{%8(3o&rPq1huU-xdK2-Bp`G&8OT4JIYLps)gE;dYEf~Y0Izr?i#+)4ed zWSlY%i>TNJ8#Z`OxS1qtF0UpzrKoJHRI%o!I9yPveGtWk>}J2Lz%ZK=4Wea53CKO2 z#G!-Y9#~47_(gSaTDHJOzj5ZAHaG@Bgy!O2NvJAb8WwCG8t5WR0E0Aq-I<***>cV? z{~n*Px<2S)$2I%->OzlXkIN8=GfMA5mn^!mOFbz=>*v(D zZl*CoO{k}SRHe$ftcPU8)_)k1vQZ~dMhx74#i#q~7-Nh~U^|6a9CvOY!K5SDBQ?Bo z#bkblkHCD}_m*{PKF5XAT2p$C-n3(61kV`k3{a8ta5EFTjrRk{*>Z`UFxVob)XYgn z!wj*BU&-=ZF%OH@@v3!sEr8*vRlT~~O1Tr#8q*(?A*QousZ`pH7y?AgqmuOx?3Q?WC>VLZ6wL<3nZbw=8_D6;eSYIrK`R&ez)$~MwSWikS@9&Is^ua`}s(S#LpOrC+NO^{!~JbCEI+0 zgx25@Aob?%RiYe9NxDYV*j`w*_XrK>Z&0hFVX1=9KKd|^g3_yjqYVx0-^x>T7oA>Yo>2Q4+5 zD=HIKQ-x-h&tyZH@Fq4{7xzPq*kQT;t}k~JUbVUZ0ZJ2-zjf5~JxN?eFl(V!su0}A z(ETVDsry~hrqy;LYY*8TJG$$?PtkLSYh?bc@iTQXvCM9O5L3RxI#;)Dzp?u*{1rVS zeV4NzW57~;7Ie}1*E}Gw3U|HRwAcKFifj}p7%$MH>rZ}oQC$O2W8EcsYa>|(m&FCr z*XMpILr%oxcWcYp{w@(jjO(qu{pt0U6d}+HvrlZ}&L!0xZWEd8h4j{-addi_gpXL^{>|E41t*?hMB($g-r=(MpX6;cJ&DO<Yi(%KZ+o^Do`^#={henQ@$eol)tMjwp|Xp|YEAshMuaN~U#7 zcy>TdfPX87dSz)&lmFwWWLYo({qoCI|A^O@ISsXjnvwY50=7| z!m@8Oly%DvoMDOi{NHUz+48BeyU>T?Ab6}raA*0oO6s&)L1(+p)$F9c^L1y&Xh7Et0@|sX32|PS@+-N+cK=*%PI%C6 z!_@^qy*M(`D(n5&Jhc%7B5xH-^BB$4;^IqDlkmCRo$4xgbl%RpPoo)%3il?gWrXf8 zhMN3XRdp2bP?Pv#4x6)E`d{E{@g$H9b>!|w$+z1NaT6iovmKxGs?fsIGo&6l;*|(+ zl}$mU^oP2l|(=SlKJ;y~h+mmg^AE&e#>SE&T zfe%5YZH00;l@eVoUSOS>sd<+@6A=QvFzx!=M0PbXIe{ZO)*7-u3=C#9< zBH9CWR3l7(>`+#ekA#(a5PEglksJbGDDq0ocPbyC46XO@~iv@$;7~ z3Qs7un{uveSwU@!(l@g43ado!wW_@vk-HyO@0e`nc>nJCb295o{hYNG;ehSa?i3N( z@NJ@88! zVsRS|#0tLqaMKqdyO&`dY}5zGDPd)|QICbB626B54*D+f>jz>e;pboGZLBCsCl7rS zi&Eyj!6r4BJ<3IgJ)AHzw9yNHS2aCJfKLtR)m#bamePNO1Ht_uW0*}|pXV&_$mm+e zs|PLOfVc4(!X~zq>0IYP3|pLCyc$M^O+*>KZCOuJa1@H}F&iwFx68Yy_R@Lr&)*ry zV&kiO`C|pdL%ml;6>!X3k4-Nbl4#2Q?!NA;MvH{Vz zu-$#6eCZJh0_PV=b)RHxcm&}-zCkqnQ*RZx;5n9vWv6HUOP0BngTJD_ZRkk07&HPq z%p75&W-k};UB-M#KV8-94%0LlrjZaGgx;h1lb)>Gw6?)vlW23jJvP`_#y+N6GZ}D&w1_ z3)0i~{P&(O!W2YsvFenVUpErnHCg(fJ`0W@qaSD}X1qtJ$XB?EhM)+K{0E3%!z&i< z7t|Yz=MWw9+DKm9zdZ+FPE=s^l?vt!<%W`ybU6(HuWevK|O0k*7!MSjMA_FL`87E?NrMgK&->h7Cl6V~Cn-qM4}&BltzTiR8oFn)w* zellx7(Dx_ygRtpZ14nkf*dJ06Dlz&{mIEdKho;rRe(U45_tGHzdVkKeQf;FEBZ?Ll zOFcTZHLW4LZT4>9Ltj*aUC?B_Xz7&qmNq;`*CMK@Pt7NAxn;LVZe$OGbT$!UVR4aQ zN^)*}hoIw7RzxV{WD6-_T$asCwgSN#8S`6lw@*U0%t*JzHCJ`w(A8Cp3O>{`Am&iB zAm-B7Tpb0IcPLBFzWMOk66*_NtLs85@8rElKo90f#qNRd)qC#+xI$%tfD(&;i(zUd zo@MBiuOB&!Dm>j`I2vAo_RL$W!`f6N6WjV&$|u3M%>=9Yj5-rT9_K7nSygHuA=_;& zejPdCDBoFCM|oAaZ~wS|V_VCtU*nfi4E3w=Sf(t12SM1Adt{yUE9xf(F`VgfWGH~zBPEH)GEJy<_ zSJ$z_!a`?8^~`)a(EPqc1~usZw&sL4gX|qRiWtMpe*8t$gyv*O)?7UA-D(71>qk`` zNr~$DM=$x^`$b+me}smFD0Ft$kg27_#Yq$y<=LMn!_Kl6e#Xl@WaJ=Iv6};ohT=6J zdT>r>-^o4Gd_THb!t}^Szg);6!a$Edp&LAu8y+*5Cdw%~l#H-;svIm>_L)pli+oiR zqEs^PCv4!inHM2SvlI~{-H}p*i68GI=}l;e*iwD}PJPmtI|mpm=4`bDl?OpShn>cl zFf+~|UA;oK~FNY%11o72);iW2=H&Kcv-|USiW09&rVw@Q%rtueR0%?IneESh1BB+G;&v&y44$4?^}zf+ znh8>;5h^(kuzSQ6im+9#Gb;@vPJZ#9?yXP0YI{NGN?eV{&+t~NQ~TGS;-B>Q3+;!$|JF z!*6&2NtJ{t`Flu;6s5x8$rHKsjbtbRp*DIwZTIvUZZ_ymh z>bb9Z%GLxOEzE0|BYD^pGR0#y9gKs(vcF_D=F&kc0_?gp{-D52XUB=PwEg{uqaqN5 zf+Z=}g~&tG2PS);UM<1jW)0zN3^#iCk(9|o#sr>TcjZMzOA^v#dkx^ zp1VLoJW9}@GgV~fz8Q+Q{9{8y?vpAvoSKX4pOMTH@3WaQF(96Ns^=Rs}ZjzthdN+^#c`GWQE&fW3BY9Ws zNW`*7Ag)Dh({c7QnS?0= zw#b}3%f(L1YVN5^O_stH&oKtT{UL@vZ=HG3KG?wy(ChNaG8(_0|8AoNfgkd{yFXK- z1{+O!rDHKtGupTai8MMV&EZN>hhUejb5~?QDi$Qyd#s$_8>)Wy7Jx>_S2+mYkW^y} z;+`UU4@|LghO%@e7{e_{1-p~EybBA2)`!!0@a0v-wl!(e}uxhmW9l(b^y^uc} ze$&q(utWc9g{FzqhCqyvfVJ9?K-2$QYVi$!S>+8W1X3GzAASr(IixjDQjdye&nro6 zy8?~5vB;RdTmRbif^>GSq-ZWA$Y`Gy`#$QgQ}?89>$nu65af}LCy?SN=VA*xX` zpMPZT{$OSc8z+f>!t^PsByN$Iuvlp-3WoD`p6K7iQSXdK3hpA4QR511SNdCIrG4yJ zE?`J9-)Fx07nS+FFzV}rBG404oLd7N3>7By-AI>t`YN}M(HO}Kj`@Ksgj_1R5HJh` zAiaYRDE;5?ONR%8(z-{!66~}E@;*#oCmM*vB8^v=y~kr)*!H8Zxg=y^b#q?CBbL!E z)*dlnDhNt$9HI)_n&71%>iDAk)6Iql*xcA)n!Xl`IO};$0lfUPkZ$rU~O1R z>IAoNqGrvDPBoAa9SEmx(8b8dI~Mo)t+Gp9i<0Nv4f*Jk9~Cu<1da`Mta)=f?U*h_ zuu}c~xE%`#+F4&XIxTjRi$MO-1lBqLhIOb!PO!Trv+}j3M#!(YhYJB)pt|tAZ7PCQ z$IoWq6*Gwte~^H z`}}{>V(E27h-%=<$A}MDtfUIFdsyYB&bHaDJse>;u8}6t+IH{0h-`mTHb!*eNy4aM zQX=mkg$L$ZnyYe$L4wUz%BKGWA`gS#ll1;iAwr#FDiD_XrVw%eB6F-(SZe$$dv=8` zvQ8zqSC8<`0Gul=bJHK$V7p?kO%cF?menJOkU?*ei&rELq?XgC$T?ax1&EB(b)0IXlZg?MTX2`*2o@T^79}`epo- ze&jz_E8@cG`V;}~s0Yfk$VvlZmC7H z+szRxz1(rk1Qkmafm6b4wzJY)+#r9^%E7m}%$ushPelOd zW?;?Xn~E&AAQ#exH6jj{+F$khju-4OfLsUgB}5stkHp<%zmEG=m97hu=Oxh7(HD3D zw!$M!)WHTr#d}_>f7ASbl%4fcTW_@WL-644?k>eOxD^QQF2$ulp%iF>yHhAdf@_iD z?pEC0y->Wx>C5-t`wzUo@0pyL%sKmc_FDV19t>of6t!`2$Kt}LK)=J?h_Zqq$gIx@ z*r$ozh~?XUp^C#MB5eMC2~(rP5f}sEmY@f}Pr3`A>tF%G-%kdy7Ar?r2_K}?f4Gpy ze~_Msy~=mWEmd-6DE(m#1SSL1?8K?5jndr|n5rQt-wH$a7IQ^TW0vEv%X+2X;wtm9 z?ZXSIL|n4)US&A@^?KsuEnbV;kJR$!AMJw@wx z#-ESpm!xe(U378c$NhPNd5m0vHc(Gxiq7K5GvIx#@h3=GM}%s>Z}4|o#JcV_2jS2` zNG6Br45h(4)_52eD1I!O2ki^a$S1DQGr1Y;i-tMse}J4o<|MJ=r=e{cO9aZ+i{rcYgrAH|GZkm}PcZi2=&D^7z`&mn7Z=qY*8aZ^U zrGQmStp_gm863rs$I5F;NRKV$*%9T=BO`=`hr8hp?UR8kuSeB%E9V}9L{VK`-DF}X zZCM?PN1f&cQ+C7>ai;;Hz=p)cV#0ddswf?-(7lM#X(*w$No3<>?*J30Q~sBhi24%c1S-1!9GFx03ip4z=7Dm!K4BG+Bx4JPD4n z6KS2Ne_qgfbswtOC5s~L0mHJxAz^I)EA@B=lDz{t2wHI0OiI?NsN%*{JvC95Co#@4 z)Z#t-prBTOfCwkBzKsWDDGnRTu=0H^s@uIog#zd7aUuMSm`pda(QKY}sJ4Y}Vi5T2a;lj>%1puL7tT+xO!WJ2|sv1 zwy%|BS9rqi2Nv${*LcM#C#0MZ+q>%^oY=I&ZpAF; zPXa?!j;dZbc`1A73Zza>)G50}B-AQ?#ArvRoQg7nsHX8Qmrt0GkMInK577b7cmOBF zWzY>RdohGrMT=xjWfvxMF$pjI^fMYzVficMaB(^!xTYRqv+g%^>6eUDH#-eG^?UL~ z7G0Z2+J4Kdl;WZX@{C;u4|UGG4wgBcIyGA(#)QdBTw-JOP!3JU2M$4}LlR57l(XFa z2xn_v9Ob+MW0Ij8@Baj+Mkq(kOt4d{_l}&XC%)x(t}0quTP(3RXDIA6N^~q77?L)} z0Rb(*waQ9TSCUk;r+78@F=JJCOuZ?YN@+P_mQWlXB!#Dl z!|L0EHTc8lxD;5HB7%5%T5)e!dqXVTMJ|N#?_4n8E1mpD_4JCEP9RTDb11C`Ar=}B zYaijZ0MUG&Yg^WWLPrQ~{xpyKz!L^ior_H0lf#7fzeAAy{U0B2HKxDKx#6+~n1<99r0lAXkfHWMVxA zI8c~fCnYN>7@LCzgCHcR(Fg9XW`Gt3;{8My#q?C4knZb`q6VNVoz`5<)hid31L<}= z`74nrge{jc@A~hfI6oF1(0*V230;gAVV>r!+4x*_^UQMD*J-nh0M*0Oi3sHz#eXAP zn71}>3Tna@M_K6Qpz60P4b~Q(dATD_+QPkvTPJZW%C$jjx6WV<*WNXwUz zr`a0%vKmQ`*paZx{+p$#--%&lk&4#t7aWX$C+IiQ_|(g1x3O?G5s0mV3~7+UYRRjf z0`_0Lax+)NGvdUmp7cihxG~MZLJR?`hsTv!7Lf=BH4 zxV%@ms@x7RF|I&7Ue;K7{s)ns4L(hHKQ5LWORnJ1WW0P3IjkCXCJ#U5xYYJe-q

{Z8G3{q6+kF!65nK}?wEx(vT1j1Pc|Q1FveJidwrSVBxCM_U{+p_9ZLb}DrLvK ziADNRLuUQQD`aleyg9%KS&qn4cwSoh?@?^gOwWI|Bnb zlmhmd^Cl)3+=>e-n}2XhMW0+IR7IL!eXl~6mVIU*7FZZl#w{Z{L9xi14OZ-&I-f9p z4E_gjTG?UGQ_f3Oge>+1zeCY=3w6D??`K{={!M4bK3;Jns0X+XlQG1%+_S~`g136T zhDI-hfEw7kzHz~8W~mI=38A5bo;;tncPh-SdVX=$mJB|hz)Br#Jl&Y1_9a9Qb;RS` zzkeVjUe+Awr?a9vCVd-TOEuy3*19{JVhZ(LU$*?~B1musTm8UwF1YE5m{1;8bdw;m z&ih71)=z<8_)s=YYEFGeFDYzFoh54Q3qlAQ(G)QY-wKz>(ml;r-*$|82n>`&m=*o; zff(ektHxdGxKNWDg;o%G=W$%>@&z=tdN`W7s-i_~PJwlNG~uWC=C6Kk)`tZhA>&dj zr3I`^wD~jBT33`wD8sn5m1<#QvN%WkuP1GkxH`AW)yTDEYkjt~^XV(eM_W!m?@Ji2 zh{NvuO^e_poDmlW!3_WxotpA+0fEF2@~n~83NkOd;{){ZA~LvoTmI)z; zjd!XYsk3LQbcL77cI~$=9DtPR5wOEO=}RH|)gq~htGy?iL#67taAY3u9J2?66!(T| zrtxPqndUoBvy?2Bg4a*vQmcC2Ctc?kv1^{mC;j;;z&6uQ^m3Cq23%q#U zrobl$^vku5MVVeS*yx-+-dT_P{w&|8V@ON!ixj5pa- zo(YD7l^j%{wp_CcVS9cqZ{Ly#q&h^5{;sOTth;Px{cGn50mV?F{Ew5G;)e`X~NRwfLJW%$#!bV2E^V57i}1*!Qx*zQaCh)N&EGbrHZQIFK$>8B1q@ z0w{@mYE8yw+huwZCn&aJh$Z-{NO_jtL`SPs&eX65f^kzviXTGv}ih2`NNhdT1b zl6l5>o7`M0kJ?vfK2FviwoEsMlXAnd2-kQBHP&coFspVZ5~;XlMe6b$RQgqbCOi zM+*BOD-1jB}k)u;!f_rHab=tM<2v!nmy+fWvg!ZVHeXa)7hFh@Yb}Ykny&a;{1O$Uf8~ zGEU zzgMyeoyhr57-PsFQ3wiGx%5;b)!sxcIc4vV;!Z0jNk}W;`A@PE!#|D2q@_a4&`V)*YmY0QuQIj~q!EhIcZcjSA1+qcqhEhs%o29pGC4<56B0z&Kqm zFKihNgOKse8tsdo&uobdG3e`$_t2Cd-XEy0Q7t2b@vBDU!YFyODw^#1Xjzedzjmeo z#u~<@4?=HQ{g!3XvI)@XdfnS)`(JqRlBi2axfaqt;xLWvlM@kDed@Ja9(=K~1hoah zcsF_B$4Df5w=rm2=I?!Ek;5_|hU82QxIFbaw%P;{}ZqY1%S57QBy; z*s<{<@t^S}SB^#}NkwBJ}3OW zdgzBdD~4RhO3EsbD>2c=Wh`ZWVCLDE+AoI2$*O&fd=Ee~((kE91(%aGM5g{y(NFT* zpHiUM)6FSSJKL{BLsf_>vAOS&qSIFoSdy}tFnrO#PrM*I!TD-C8Ybl8!04qZ7av6` zt5cleO{4Lfk3O?elB7q2GvgNQ(F<}VXmY6^U1lFz8CS_D1S|%m|!9T zAxjLuS(gW8MaD~Wi%aXO?QvZA{T3#CUH_%T%cL7SUMqNpRlz&z5XCKQ1eOoTTsl9J zIs^k(jzEZJeHMYzdI{m2CkUJ*y$QnmFbq`OuBu+?4xfpi&hdut1exu zq-92=_BmXVB~UHM@&lUHikhy`qwaHUm@rUew`O5Y6r~Q>Y4Lj_MKDS7_o^UzDgL~s zUUqNC0lziEyx0ZPK)oX+^2o`x;VG(-A)u8LDT6y`wlAWVu01tfmSfx0g_t)^W3IaQ9j&nS1`U)NQZy{Cn;=W6~ zPtTwK3$n1I=h=tA)$in$hI2JTX%JUF*FKryz~Z5Sb0hSdR)Y5vh^4NrS7%|EI*6R* zZUEXF8MQY!HIFW+HXra0@Wd-ZM~zE8U9QMB@Vd&ouEd;XD8XKH)iss$-wbZ}JsK4V zj$H4^OFZj%st3RfgX?j`=o~(D65O_3MwBIm&U7knm_|FBG$SibyKH8^3N98uz`^P~ zm{y5~mc89e;NUl?uW)PQDU=27h7-Zh{_KzPQvU$pW2PiPqp(Tw{AO&O-=Ej*SA==@ zSi(!HcC;z^Aks5zUTOsUt+Xsb5_8eDM90Pu!O&oV{=6COA~Cg&T@{LeADSMPFQ@&w z23rsYr?u)&jxi`|poK+OXAu-0EQAY$+^?@N=Dmu$VfxMJy$mktw*tKY+26GH1X=yO zgoflpHL^KF2_?YmG7+phoX1?bPD!bl53^OoidBtAL3<+6Lw40E!?yFMy@^e0og zZdUFS%0&*0JinQSfS}z#_ye8mb-}MAtPIu4>~;aNsdFVb9xo+c0%( zP4@xV+mmra#NZYQ1-hP%(d_Ce$a&!~KUEbBIt%htxdc=X1?4vFDnApYoDKwVx*qji z!JcVSBxLyR^sWf!jgOX39;V(lt?{H?A(;;gU*VBO*I=e zmmM^?GxgK#{kqpKD~NPzIBWokp0TckCkL=Z%y?p@{OllpT;+ zhs2d7hk_6kJGg`cd*Bs45*$G#Z?mh3P$Ij5f%@<^D7p|N^4x2~?fEO1F^BXq86Y0V zBuk(Y$wp6z2GOUKuyLP?ufIxpi2jdFC0dL76_5CJuy^f2*J`8LFOalU%#~w@t3hvS zbvcmKh-i@0$#2wbi>xVXuuyZw^GLpaz1PNWi7a7<3$P!RZOM3oy(tPnCq)6CMa3F(lf9%qe89OIJ_M~p>$=kqaRvQ9NY%;vtl>_q`0&_Y z+nG9VBC13S99I8a=*Kj~?xW-}2UyAfb!I1bgYV#F@~Dz;S>hYpE0fQ$Y%j#`#UtIZM6zpGG;8dT4F|%o{Qv{?5vgUk;Wb}=A&a&OAEAoqj47`oAT zwlZdL*jvfr6EhIx6v91Eb*)9SC&FHqn~DwX2JR_HI_ zFKV4%u`bW}jVqNZ9Se$R&zSS7a6DwalR&wQQ=lpj!G*|0Z|w%cvtsdpcHM^yN^stX=vY> ze?wQ7^0`-A&cC*kqC}GC5LKh4U4|O|tQI6FN|5LXB$B6s1(vGSUbnM8sLdIpAu|FcA~Rv7abrv683#-O{r@CZ=sn`SZ2lKKo}x0hEuKUes!({|KOBpk z)l7-eOI8PGv+^aeF$lVl3!2j1r6d?_$L?TqQWvZnSaACMa1@_z;Mlq2bIhS7u(A2Z z2;VDUh4x70#E%3RQc($JUH;)EpkZ$YVdW?aGfji`8iugwXqr1|Z0XvpZs#XgT;%L(P_B1%-kU>n7UZ%}O65p0A zZdjN=RJZs~CNXQ!=yYFD0KK!UIl8{K&ViZVPyjg<>1F~H1Hv%8m84M3?q zlyOPRO#tF$vd^5O7+5hF%yXR$uU&~j6CCGGV;P#>XP@y@Z?c)o@mP;JVEO#&vZx|k zP#uJ5AuH6Uwg3ajj*v9M0<*Vk@InoY0MTs$)&=t2_Io-d?LuY+t?VUvePacPrwAhh zRJd>6sW<7?Fn0X*-lNHS&uE>)AG3PX<9+z!7gukwx;vx9uK(M38+J8#p6>K(t^#mt z&h_0?$WV6?iz;)7-&y!eGW;VUusf1T;_ZC?Cmn5pI@NywT(>w|;2kRnMzmr;HYP3KT#oqK`agma{ce9Qiew z67?g~7(bIZ_`Ek{})=u>uvya=6%HQGr>Ai1kldE53>Bm1NGUZ`6u_YlMb6&hKPRF-$1 z8(XR#5>XGBR%#tD7iM~Uf70Y&87(O97rwe$uuI}=&XtpfqW`py$bD1hz3V$ict2zW zE-YjZHFOfv>l5O4Sd<7xZR;88HlMWa+Wa4o?y*S~%Ir-1=c>)eyvL*Z>yD{AW<&4-Je{)5j|uM2tq0A~M{w!N16zLuW9mTtb5b{)Q2 zG$#JPD!woBM3g_{WO$Nhl$Xz+`~&m@XwimBt~fB5bS!3HmD=jL@K=*6U1WQnC;gn; zcuSxa=Ru@fcFwh3umMh9QLaExsKgE&!10|u877g`{EHl?rYikFau!S;^Roa0dB4KwoVE2o0C?u-lU(C}p38 z?-j?Z_eJW?lU1j-Qp zh~3t{_`)iPfju5amMO!z@3QRjvA2B?n}{_b7og5~LcZ^E%*|)YdHvw!KCHH}$bbOq zI-~F*jgv#A1%?p9<}z z+g=9*gEPg&uSM&{->58@KUe?lPPQZo{{8a|-0&Rp?U4L?MVs*7p2|@D3AxEbavw4) zTMx;VP|0d9)E&kIx`3}Qn}Z0w@%#nV)Set+6mv8a6sm@dM}mKUmczA)B3@#V`bxiJ zm@j_BLw`OcJncd0XUdJ(KEnX}NMJ-Fu*tBt9cHa=a8#bh4u0WsG-!V&MaI;|QP#U3 zWuPT4;_SU^tR!}@APx2iZ>!>V+ON$nL^7bd>t_g4WKM#K!fU+p4jJu$C(6^`sF-dU z)IV&0)R)QseDYV7pnks7vLHx==5p}m9 zii~oqrb&RtmxmIkdAs1ycNEu}OXI$Y(2CZWFep_R9g7hG0>^!Vy!E`!FlDUKGTQi^#d}n8m(t~vp)eX4?;AW+ocg~jz)P1JBXNsN%Y%4QbhQw z(g$FR08iaNrjMnGX*2#5JjWcITmPA9J6D4tVdUYa#Lc?)ha~Z;)1p}N{yd&7>g;3R zUEeiJ9=WDbH6A?Z?bqM=a>u;!w1rXk_r0OL!LJwJzHc{_1T7YDF1Nqu1Q6Elo40!_ zOb253qlD~q>m|AW0Q}P-MnQo)al}k7rh1=rD2~U^v5>FLKOb;fn;ZrQWyGF7P!C=v zlCqKiwaP1>79Q>R2Y8GJu#={~Yd5(Nk6J!t3Nr9}jm3Jm(Yui)unk=jZsxlqw;H$k z75v)8npIh0Z<*rPaY(T8zQOiQ*4|LGiKX21sUQE27^F1Co|AaKBm&uU?A#uUzRgL= z7~{oOy>)+|r=E6^{SV-hE8-G0X7uAcVfeYWn-Ik+-v$M$xbtMa`~y2@Fk398wU9Lj#(zr6!~TkR0gIh0^Ax2=GF9;CMDD$#aX5PjkcE6Qd=`27jgR%^Pdw+ zWwMzDw_o3agjNl> zUVSa=*D5^1ZD}$aU>>F>gjTv}H(JxxHlIn(P<5m9+){R~ zr8A~8Ul(=@?Vq{ZDEr)k+RFarLrs!jJtyHK3QUB=TFJBmh|`Dwtfub zoQej8)Ezy0{h1_Rf+Xkw4OfDV9lBkvND~R+vJ~cJJL_tdDcZ&Lr)XSg-a(Q1{udgz zWVh5mih*XCfbdw{&L29G^{yq+nKzOi;YBLtP*zYj~FlswhQD|a61VlSR zOAF$Rb_u>)lJ+rb3DnL~uF4NX5gWBSO_#4e?qDY3h9L_k%Yu%%zvw$P0Nfm&5gPDU zQ$jm0RUb<*oGZ2h7RHi=jx4UU6*;v|WR=TAR!}q`V>LH^@AiAyWdjxZbW!w} zJCpZ%@lZ?X5JmDXRAc*Fw4P|8C-bb1BZpyCJPvrb9H z4NTTKQ39i<6+)5#ByW%{MR4%9)p}^=^4EX}YwyLY&{&^-t=vL@a#5h64~iB^{PxtU@e z%+s{;bzivGPD1kC;8rbBM?*5|odSoQsB zNu{7)8WlP_!eY^&(i(Cf+_<~conq5UoPFN=d*%bOl~ZI{{&WCQB`>tQk0#E=@37tK zq9~=i4e`32Nv4K2T7ZuUcR`_3N?QBV$K8%?lBD#A*Oj!BX6lP?8qA4Q5gJuaX%$YY zdZe+qwm%aURVV4_N|VlN=Fsm#&e~CYgQHc6dFqGWzenQZKce}Z<=e)L5SfGbaN%NFI{VY` zDIV2Y!hn9CK|JSR+}^x=Dxl!xmp&@)a_fom(>q5%Ax^rukjU;;LhiO2SuM)B#kWIo z@!}rGeKj1uQEl9ARfkQhh|r&f=>T8w{gcR$5qj|S$8Vfn8hiM_*-_tEm=g^v_B`TG z-V=$f>a+_gQ&J&FfsU=2|2N?$j90k3^>5V0O6AFlK2Sb#va@~LACMs@Fb=-22`?dR zeZkPMy*_UoztcH+OH3=K)m*ZA7fnd$$RH-?b$;xC`~xc}`?%oK zcIHZbPZluN{7r-?!U9Q~RbF(%&Yc(xN!N~}3z<)*G2&m;e*phi*-jt^mFRaEgc{X_ zvCdsY@mDy|aH62887t4w9d=QYWs<3RDjDURh2+4$aVqCN~s`Pkd{2VNyq!%)U!i zBBEX6P_mFl!qdcMr-*LYmavp+zS&1+1q6}OM#?gHu14q3cEwm^SyP2;UjWeJL0%kx z<|&pMFuXIO80hUAJU{)8b+Hay))}6BLn(TQ_&!qGqW=}nj)*;rgiGK9wVK4I2YPQE zU1k$e#|#rS98R#ec%$oM%ItBqJs{J6sdxD#?>mTv9n;T6pZ4)cB^-UySZIJgQGKs5 z2E!C|DaXV|iLK_TQq*E=sX;{ z_k9vZ0C>?~oj;>zRHgiVWy0!B6*pdNQYQ{(ONc(aNaNAu0--BRy^To8aTfHmJJ!(i zd}_$>tb`SsA8}P=CgFARBrvm^Nx%Io3EzPzgd;*u!Ycg=Fg@L+cAelyy5&UNy@?p7 zC0LIaIwjO*@7$~OhmNc<#9TCU&<0IN8X>@r>#svBWuYcR#O1ppRFue@4C?DXAk5ju zSBd!}c0T_NYnjjC;mJ%nLDqC&%1tpclykNBxfB)N?daFafI2_G8>*tKog5aS`Raam zQ(Ktrpox0UaAIS{5K29dii?of11Up8eJ=($C3vjy0ZuetTvnoUs^*_)T%>}w5&=u~ z8*fqw2y2?YcpJIZAJmm>V#*c$c$8Z>tQqiWPYrt;$~oOdx>hoj&kKyK{uXdBKz#)_ z*lG?(5}2m|QMo5Ie}M9~DL&LbQS&ZCphVvQW+Hww35x^-&{gl;8by4G`eE<%#H?@ z#=TCF*87SjhE`&V^!zHwMA2bomtKc#Ml68N1@THWMc58q8DUO3pPFZ&WKk_!LvCHM zXzz8Mu*e;hlz4G-%fneKx5sVj-h54p#JwOxM`glf4DGUa+%w;UBS3jr$KCz?5)nxo z=Qn_5_GuF|*>qZ_bY(OG`230^q zUu46~Lt}$^N%r=ZdR`x4$Z80oOo50xil5HL5sMjd(C3i5w);`(ZC3iA?t4W58a}fS zO`{>)AdZx#i<^WUug0%>Y7=8TD)6|zEMGx0R#1oSmg)D*6Vcs2!1@2K z!0m@iAXv{i?>%h=b-B9QM6TOi_urZ| zE$eNdPmK~Le94oPV`V8|H?ko5Y)YX3CIDwC`Lc2kZaJPGHb?8V(-)s+<}@U{m|{9n z;?mgoE%sQ>(_Nh(8Y1r#vo2n_2YE1($ukz26+XT>8UkqZhH}Gut)u~!SQ!2}np=ei-|ISex=jA8>aA>wkc{MUsadn;xPb&-d!tMbz#@behu#^ASZ|Og z6&eOfrd28g_=gKldW+SF>*-y;?->OoD03Y8Q6b5y{6dup(mJ(FaXHtG~? z(EX-^9c_K3!=H*kle-yoK`s3A5vS7a!V!EUL4!IqMHtLe)EroB1CDP81jhOv8d$Jq zjhby)oT_IayAT^X-V0ZY9(>pXCjT_}ERuHmoxLO}Jl9BRkaV^5s4c5Ye()V#={rK? zKQa2d80-(pDc?L~n7Y&Kr#ca-S@Q94m@okXtW0QaNVHdE$bR_!Q#M72TplrM%JsNXdvRsH0oJd+`|UF-%U%JZVx?J6yiw zw|Q%+UCvK+j_7~!H&Ly&2T$o`THJ1NTrHy|w9fduhBD_+x zAQ1LbI4~Ctb;``*O^e}zb^v9U$rp7*DqWE|JB=Zy2!}bq%HAI zW+yyl0qC*qr|9$epi+PsxTD8`+A^39)15B=h@s>YZ-5i7V6d*7^6@4nD#&v#O9-Ia zltP_@3|4J-NJyI8_}qzJD}z55UrVU{-k}?kNJl4eFdW4@0`C{73@54`QYJz^({gKZ zHzp*I(ap>E;v%NjHO51q^|n%d>Z~khXj5W8ZfC^TcC;#gD<#5@%7=D6*}gnN`f9b5 zYdFK)PIjXpsc~QIV-m+EQ$wbl5&PiK7j5lnB;6>?m}B`-o-2i-SQ5w3$W%frk}SF# zT^-e}!?gzmj@mG8my0+ACyl5Rq!e$10JKb^2wYw86gg1_QD0@5SXg5 zqBX4r!_eHiz#l)(UvnICbHbsR#$a8mA|keBt1&$=D0o<+Gr_ONQLzaO)yB>_XqH>9 zkVoUaMzQ?@`@6!Q?YN#X!j&dV7$C$<@KKH?ar6SumQhtXfyZW(@Ge6x)&T+l-q6SG zq@+_3oA;SKU%TH5Oy0L!e=;Vj8=(2j!l;F0tChz?8IWgvvrzv3$%DQFYxNW-qX2v6plegkvP!by0s)XRN1*p7ZmJt*O#SZ zP28mg&6;>PIHH9z|Gh7HQx@eyJ#m6%+f8h(%EYjM13u9L=(f&_QravSR*$*l_lzRb3HwHHX1LC#bpP_8}Kb-`3xf=_d5&Mqy&a6b@$ zL7)tPYe^(Efq<=1N%gMNTi84FRL%bYnmw;G1J&<*R}PM&%+CkaR`p7$AA&r2MnC@m zfT)eWiT2N5dv_`wQW45G%y5cHCBORzsM;eilXAVx<}ZqzBspYm_d{SxVM0kz%> z^;q|BH%=2>Q8My;%c9DHg5D}&r+l^tFHq1cH|h>pj#(2=0UkmTe#=oHwsR%AM4QWA zQ`51siGd2|H>$)xbla8T&+>fr()M4A81QVVmGY$F>q}gR|HZuy=ZYjbPuU<$V*-2(LwCPUXpw2p`>h4-C0_~YkI*#)->qSG0(@1piaR1AA zJyb{u<@%G`D%(z%!XEEiBysf(glN1^)Zpz*j6JQ-v^5?k(N1tWIO!~pENc9;4`FMK)L3?_m(XOQ!eKKGN-}t4 zT-cfUBJ(?93tv*8m6D zBBCW1bDoP%T78eK#+1?0FaOgMc?wi80Dqcj9HaZf;~kMp+Ha<>u8qVW^1&+V#CAkB zS}iF8a|!80Zq_&Bc#Pvro@8khn|`_KGeB+)aKzUvKl60qZP1)o(7wZ>H|5;W!F;A_ zZx-*`tW_S$2S}w*32}B%o)3xCl{eMw#2(*`Bw@8R8}!00jliHSD=4TBm!d6iu=x1h z@Hx8VNW_7WmlhEv6tR)~{l}h+B5;zbNjsbjAr_C_0cFZlV!nZJ(AMgI9hn5`)6Q8|y0#^(C_Q5)rGP4cia5wgO&UZ5jF6mt6$(?Vr}3&Z zE>By@mcW!@k@ZFllJR(jkM}>K3g(wC{IsYU9tmAp!#iNIOj{;*!NW@G+jfExLuJc9 zl-~kF5n0w+zmE4Vd;&%X)+9rj<_b>b2TQ7oi(-R35uh4<5tRs#<3kcGWt4J5gmWwt zE%qn{(i4jTJC;sEy*oswqhYJxc)AQ=w~Ny*a8aVb+|j1zLZx76 z%BS8q9>qfOqo=*e6(D=h z2Lvlao`nCfQX_@=PvyhfnV|v2ZDGkpS{u7B!xE<=vtP*>0i?F{uVF% zctwBDr>L8*N+#G{OE7F?#pnYbCz5GaYH5cBQYR;~%^OFmd)giG}e4w}&X(OWr}{^6hj z^?>fhO}_|&)?s@6o0o8G%l8COM2;ZCMX3uJS?lm*X|RS~#tkEkaU4rvZGZB1Q`G+p zqJ|mmLAKQ+ZOAFVD8xFFWiaYW;;RF==t{wDRfSKI+gQGw`JGylP(P?tl& zKvC1tpaM>k$%z{wkzEFRh`0_yzjq|aCTCq$6U(*1#dP{NB`bkC_;G@ zYLRNR##*PS!ObRa9;GsJAkh>oJ`y!+!DYn-PZ3>aEGvOZ)T61KzQ5IGYK0qbsFLFMs-?T5Zsx0%Q-l zVD(1GfTU5sbh{{a0b5?9%baWH^fLI*Tg4!RNGsM)P`%F~&@|!6ki}`>f+x3il588} zWoomk`(#QkNru@ba;QsL_4H4%ZS7x$v_zmC1?Pz4O91YQT8whO!HM&4l0)346`!qC z$}B9KD&H&Dv0~j{;n=1QCBxcC&Q8LV1OByfcaWgFXPuy4od3%^=ALsc1+%{I-W-~q z0ND>C`4Tu^Lizmd9FS%2_`@AOSeiQl<|bEagM=)`TU0y51$rY{+Rn{~NY*%2OX_o1MIc2&p z6E~bVaK2>anfNa?DT^L$N~&7K+4%69+@ikF~&u> z?-Ns7-Rsuu#%mgJI*fC1I!+YOh`?`~NZZmO*iJ(c1Pf*x-XZ3_d_`4M7GN+}$051`F=)?!nzcaM!^DBm{Sd z;1Dc9I**$K5(N)wxsomAKo$D?N2Gdwb-7!{5L}C)TDqp)@as zS0Rva4N*VwG(Y+gctwZ?zikn^?ASuNUOE?WI_#8OjrnQ-`VjbfhCi97^{fBfF>RpB zw7OJE{ATFQhLsJ5l4|kKO2sMpe}E6dxp&+vthwx}1Z!jqsqceTQXI(pG6WibCat|- z258^^4ro$lKR&-$eh*#{D$d3Cw{a**KMsnRX}Ol1Ll&QT*+n#q-iU`Zb97V3$x#C% z1mFA`A^VUh7u~_uQ)4c|?+sw@WF04HL3kS5i6-48#Ya~h9QzY(36sQZVxhe#@4vKM zMC)8ze9YP#)vN=06O|)jqQ{1$Q4~V*_ZhS9NBKr zVyXZ*T~}>k1VB@R$#M*}Lw$2Oz{TpeKT;_(p=RRbE-Q84=8>UHI!_kMH~^i=oZi7_ zUgv*+?1p8g4$#`4K;2Z#>fB5G3vU7Oc_jU6>!zP^cuqD?#uTJ6JAd|=^1lBAc+s() zY5hb%KhFGE3V!K7|jiJe%i@{~R z4K~I;M;NS-CSe&2*!dI4k(4I&5PXjgOk!J~4VBDumpnRx)+Wj}mv!A{IB%k;=?x?V z;Co@4Ed%#Iy}$f<2gvc(7)>wj88flGvjOM6kYmb?=fyq0$b6N|r|utFG+rtnJ>=LP z9Y1Zh(ydflo_0RJ10Fv0DD;i_Dpe*E7lCk6+y7;?P-K zN4py+m7d*=RPHrE${zP*%}E#6>m5-po#I+ze+Vf)sp&G4YO1d8sz-t1LfT!<7bgtO zuPk{NS?-kodvRp$F4CCr=2^OHvC+DIeU)VHS*5*>3cJG1wcJBv?ZEkApj|LeV<`CK zx=09KsJf)>XP^a2$~xXygt=DWF7)Ia7oW+H(IoQ`1xz?tCoZXfoNZSZ{Xs~%FTcT2 z_`Gvnk#Wp)TQ?&;)`}^l<{p?qOzQ8?V~a2C@$vaKFi<7~HyZ7ntjwkXeM#)x{U^#3 zp8j~T1kLNCd80WU@?1U?%?G3FI+sQdBoO5Sd7AL&l?$`@zuc0?mK_uK6W|CGR{@EI zoN=CWaiMW{oE8s~cXP^t6?bnax49E9?*?%0fpVYAthqY0L?|Ov02hN>z>e~gKX}Gn znsnD#*Jr^B=_q0uX4Cdh7~co7P;_fpH-g_2876fby)1hO)Fg(pZ^NQQGM*mka^s$+ zcpGtX8|S7yOFCXB3BOBSc}o9JfsTKU_pNYK{B@EGnbp+8X_KndbR~V3dzN z`Vm>+#Mj@?I27CPbvdYE+9_w`5i5L087Da%>{x6Hr5gr8nU?X;!!MGKFtBtUDQ|&M zxdDeADUOHiTZd2&Cb*nWtZW;hQtqfnIgQ%(vBz*2K#X?%HqLO#W)ai=27gmuhn zipy|j{yH7!UU~!Ti&6t=>J6d0H9I-BHizgl<1qs8?xkBT?*8p_a!(@yn+=6S>4#4i z_k};}em$D2B0O1d>%$!pZj%i{JcvgD5aSVq?n_3G37>t+agMCE>?yl6wvOkR+#J2~ z-{B|?5dM~oN-$4k@ck&ONgIHa;_mr_Kv{FHp>165q&QmN zM{FlkGA#)Y`8xKM-5_IC1)-_3N@*M#D^w!==kTe(#avX}aVP62H;C^3eUMCWfGz_P zz9_Taddhk=jYd9J2m1wL1mK6~MlAnCTT+=*TC2C7`Rlu))B*@Sg#Ai*Q(J^BepKH~ zLQ<9WS*>7Uz%u@L*rRyn{hg+cZ3hsGI3mn`6&@`70|5ETps@P*;ecS(z5i-a zW$p_=u%V1IR!DJQFxS2JD<$9JWJDbz1$NgNsn#^98K=n;qip#3BN=r>-I$Wa05g^f zR-Gn9bLJkI-^NGgT+m!p;@8g@Bs6*_w<`z=4_O0m_%xD0N&^_bAB}!Z*R(@Q~UAz zs0rI)tk&Y>(>KP;+zEfKZ!>k(`K63-|7`Y)N4B4CdbK+swrkIE%1^|Mr_h zuNXqQq(x6KNwYX+1pF|?f*R?{+I+)U9r?OWg}F$3{N^5Q$sz0X;EnX;eg+_0T6UHp&sgPiu;EMS|42(T` ztm5(j#z-hjx})%fIqD_JxcR8ceXbs&^9ELTolvS6qGc6H9AH_}x0bL9?1OoS$~ZJd z5@5Fpy=~lQhXoBqN|PmHD_MZ zd~6({$e#V?-igH1c765Ke_Z0h%d6*xLNq;JLI_zA=IuhV-70-klBqj))oR1Zm?j5n zYAHgWtnO1LTJ04aU~KHnwTWQm zqZ(emAMQy`7Ail}j5pEBO@A#CD>2l6{7-kFAEp;S+%q~z3grn0fXd<>t{Dp7hV%x< z4pd1x==`x5*x>4X7{>r~%l|0H>+bBJlZoKxzuhL|yyljf8-(=;^*#T`j(9904}8QM zG4rLs9DZ8#sRiy$h=!C_e*a)s(aIsr#BP;C`pFk$0Hd>6-abCoi&xGs_sByp5|*S} zbl63uA#q{Nm7h^FSJ6>T932^sm#JktKE`m1rx@R40;7zIE{S3jxpWAgUACS46(S`i zqfjIbcA``c4TZ*_XhvP$6mXi)5L>TzWiR!5P}Vd-dB-_PEUtnO|Bm0P`_aUHj9cHu67! z0szQQzrW&uJQ#ulrw(w$mqP!57V_J$r<_{}CEv^eL&4g3HgFjd^)?a!t8dKg<3Tww zL;mJEq^Q#>N&o@@D=L<;_99Eb`1s6<$R@G|0yF}@5goQxlo=tZBF1(J@)aZD#TrJ- z^s=pMyr$q!(w)hKKj?7c03lUHl?{I6qs0(w^>r71DQ6tn_UY%CvXry1rKV456oX+Gt8CsmNL|!FOAbrGYOUEE4gZdNw z;vW~UmH~(Ykar&0a^P^3EGF@ZAh@Iz2px%}pw&wfrT7k>-K=>GO0o{Qf-4k(5KhvSb= zpZY1;QKVX%xX^ychbVk%Mo1`AxVhgELD$~#AdY5LA%p<%aR-#`Wz-fxGo`|M6ms%m zNzbIf{2t6ZyrA=JcB1}Yp-17Y__~xro!s`r25+}Z^k+@q`1r#489Wvbfg}7R{S;o& z-2ipsW?_7hR9RU%ZO%h?2TO_=IqS`+uRFAWmNU@REl%E+#z5AsIx4ag#FKZ#CRZMa zf^W|ZrU&9J6W8o61OC(`=zJ0S6;mQr-r|q&SM6kDUJ;0JN7L@kE|1fbnYOfr8^n8W z;nzgU@f%l2YLVl{f6>)J;bWP>2{_Y_XSB5}Vt3(2$+c^JM3rYsN zX~ukCAY&*`ryLgwZR(_iVW75r(1h(YPE*Nbgee<&lm`zAw`>^dbuTR(Zb6SC;xjLc zBx`1rYt?=Up}=o^rhVOT;k*40U}JyAeDr-D%K+dle8jNd0_K#2b_#SM5HI-QpCTN4M9Xzh8rUJH&*sjZ@}D=7rYpzfeJkSbf5=ZNg~VF!nQ1b?8G4bB03x%Z7G^6xvUzS5GMu%?*nRqmc8# zzWjB^?aS+RGBV>@KwX?L>bThhLs_a@#bUNg&X21hN@HDXlQvQ@T;%naUG=pz8XRjP z-j$>gW~8+lbBY0eJOkW)N|)l1%3$2&-!Y52CctK%qa{;UtdXr0xuNrP6Yvx@LE%49 z7k51~;g5R*LbiVQIn?N#EI&%H?Qp(fB*cts%$afymg1BT&Y5dvCnGF1GZHcg8QPcW z=Tc}g!Q2z#^!DzQ-WX(mQYQ$hO+fP4OC6{KT4Ca9oK!J~pPS3igw&=jt1=L`c&wr{ z#me#^gl~=r87p=*p>IddD24yLL*Ekd5wb5?^_YAM=UEP)kEWQZ?TvL>cSr{*w^@yF^+;jD5q4G;bX*nu@3d#5>Ht%G|!inh&Rf9I|Cdt z#@73GDOLc6?E%&PWPIsq?jd($MPbUuQ&*<>!9?A&k8}lMy5H-PCS5Eq_c`CJ!hdGR zi{xXDxCdJMUVcflJV+|+_BC7oU8{SGPBpT-M-GK>s^$q(ceXy9ldXqM3P;_ZY3$T4 z*oh4#*OHm7qmRgyZkC&Y-O1xA`X+6C!Y6psU~N9R`F8*_TRhz4%}$B^C@zQQqvPt zM#TH2XE?;`qFq|!p~-Zzi4UX1U~XZE6hUd3gL!M!*aD-Rp`KFia0b5DphrgKH37tj zbmS)4w5N^&jy{el7sQICEQWqcA^?~zeO{@{NV)6AFZWcr7i!UDN*()_)lqkIjO_uj zV$@{&KA@alX|9g{j+&gP44!VUSex_%XXv622ebgDJ|A2&i?j&|nKQKf>W5owiH6EA zQzX5}Ig6xWJ~pLn6U2nSNK~$)(LEqjH=Iu*v*4iMoyo@Z0WF7g`k|}o809wh5xKC@6%mM*nTD?50{ceb}O-1(n0u*Vc)EmInR2_D!Q2T@S zAC5PK=c916=^KeD715kI zi5%WKc%YJmmGly60Et%)yImJdzF|q#gEQJ%aV*qm4IpzF?9OS26Tc^NkMM5BkNBnnUF^%xmy#r`gr|T`jvsO@Mg#Ivw4FB8Sr| zcbqo~<}5&iYb`hNjIdC<)chUsv(~B7hJ}s$FF|TX&qV6o=TKOBRmzauR92p%RPCEy zKizPR$chYd6$@nlPIz7D>KyMr7TTDsp){peNScR-Q=``+)msjYm{RLITvwN zJ?Ifp{WH;F%~yYCfrEaM7u;Mo{)TaP^NUf+z4m2#EXSkR`%xwWJxnWlew$Uv)==_N zenj9#57p4dTWZRr<0UPWt==?n*c-Kku-wG}RwQI}MeUqko;bp4v~ugQG*Yd>#*&+D z@yu`ffonMU>1sS=BvxINzpQ-sHs9VXD!$>xJQ=$|@yaM>BE&8s_;RM_26Vwp3Z)R@ zffQBHD9BKXncET5M2XL;4ZJjd|C5p$8C(pS*KdbDzLp`0RxF6K;v-Y0mJU+Eob3KQ zMYh9*j^rbZi7@t}apsuixev$RDu1N+aGl(0ZNm;Vj2~x3`Ys6cK@NUxqzDp@p^@I# zM>RK&`vSKVqW%Z~l(KFz3#Z<#gryiLcpTUy+=ukimKk-b>#7ssb`OznaKy7-?YZk~ zlm~u?L~+K-<=p&WcxBrgzl$)%%I%8CO`&+{JEwe1Ar28F4pi}e^~<7E!J9RvfRNt# zlZgZF{Ob5ICR7ArN{VD4l=%;kvoK2iX>sA@0hLm-__naBA&~$t*;x6rbzj- zVMGm9E~7(xp~NaLlH1Pa;YQ@eL60+M*-~X{dcTR8WS#@YRH(%^hqTns7?&P^fgSPzBjiQka;txC<84{ZLbpL^Q%as&lM66houQ%^w z6;%kpn;H3)#r+h8?9*1Pf$~M>Na1^4L>J9enKc76Webf%ong>BNe9bYa_Pg&*zZ9} zv7HEe3L2d^;WkHZl>QD1@?81mHXk(Ai%^AM<@`cL%%Jb0Jzu&x%V!Y*Ut6j9NP2P! z#z`*_V$)Oa0A^R5_=oRckpKnaJk40qoIROB630!X2BQ544@q^6VH@aoTc2q=jlvPN z%zoG1RsdLf^=uj{&VyqkWbXhpBfFresl}vkJ6BB?*#AjvTLqP127}7HG(yVo2)j&@#VEG82@04GQNU{y^Z6oXdQEGj2UinYyCXGtQ6>VT4_m~`i7 zjN&LKNFyp^DQG!qp6st15>9N-m#u&u7|;Cbd@#q^^fg&%1@2-%{|l8mpPV!WJK>O9 zXIc+MFHshcqak2%&QrJ!%xDPI9t zn41xXIXapRIzeY)=AYnm!l%N~?E)s5ER8>-&eR=fVy*AP|5$jeyNYv%>XfW7+?m!ce%J{f%(VvD-?t6j8X*xqMK^_5F04t%dhSzVjl$oq73aVryX67-p zKJF(A2!x1BVFO_|q@EGjc)xJ7suP}~=Xdlrp|5z`)J&Ue1c ziAD|TZbJe#t#H#xa^<`dp3Y+$!r`Z=H@|iMDA2+1?MG;NzjvW$NmmqRL~-CW1r?=i zo_Zn@DYLYTYAUNLp2ZnC^QRc)EF`OXdt`&SMM}16#38ECp1C^zNODCo*?>I)AONZy zV#&vJ#nkiw_UKL4J3t;uXCam}Ulv^N!cG=g%!wcj%I}}$dgC;)EkO`gtDWIH9u=RA zTJrg~1WVY+>fWEu`-M^|ZQYTcIw=YT5bt6E@7U7JDdC#x>M@LFoOI=b#K5v9;R4H) zlx~wmJT;CV49v~1qsrXc(ESggmLONMar7>QVN%t#(6i!S;E;EJU8 zm#A%J2CaWDs~^IHpYA*yn~e>!MP5deB8Gi@>_f#wxO$;?S)?boScgX!#s0w>FI_Pe zy4M=$^4~=#zbh7NHqt$rpF^Y~K(h47ght%SZ!j!El6myR(DY&pISShXKm4uwqj$I+ zduM62QV0LAEMQ&)5as{6>Lsmoyl4OWVj63x0|cxIzUxP76-Sf@+0( z%p=y^JO-67I@Pg={vWka73qR+y|NP44!*kEgjkON*-&LK&{VxLB;okg1eYs1jm!L9 zW=@-NBnDckv(@8m&NX}ZJog9U@G?55j zl=8EOd(}HaT<%I{uN{ASflz+t{ode3lq#p$Fq{OvX#Fe0{6Sqi05a)tL>P%+N<{(p zR+J{)4BZL_*N0@U#hXS#Md-1TYKI8r3!Wz-rGb}67F+h$NbTMB>-bS9+Nj?`j*Ne5 z>am&&BMxjsC_nr%;D2c(=Ct4`^+C8FOHih^AcHGN_k7~JB<;JUgPWk73Z9IT?GFun zzE3q~wSWEr0^DP4AoqJ3dq1e~zvF*y#`z{paP);5vjb_(*vqs@r4&0CIBCN{8X5J?<4_~2t z7>h2(jy@&4+G*OR<4|K|Rx9%up=C%ipWCRoQk!?f4`|B3m)Qr@cR)krJZVk7awRT% zQZO8J_4g2|J8cJdjssLxFhN&$Cf}Wa=`Hu~3fepw+*x_bS?O$Uxs^?h=L6A1SwN^> z{lJEGB577l-DZ*mo}z1-M68>#$Je~0IsFkA*Qkh3_^8;)F~+E#U~npUzV#&Tx&UTr zC9yz=X)cc$ZALb5mW3~jo{^(W!(qrscL4uALWqH9B;IBwodF<*2Q4nW(%ehP3pqY^ zMgy^Z^?ZLI!c1BW3G0_GR4KoWF|IFnaXMb<(88CU8Dv{1qL(0Z4!9f)wM)yw{hP91 zBZ&l;hOdiQarkJH5KEf61aWUe@*=SAsS*#bs3+Snv5KMRroy6myaPxCg-XgdAM#N# zNh+km-u7XtQS^qjO=QeVCUdjBx}#znVMN}o(W?mJm5jt)HTN|mQ+g74EJEe}O))eY zUdNpLa(oLg1huOsL;qOy)kMY>p-LEAS(g%o0%r=WcqCboXL-=63L>C5bSCJOg_Nly zU7JVtzeXu5CW+*ID8v6Y>A}V24Dh~LlsE(qc!&pc#PEEE1 z%D}hXJF{wHfKl6oCFZgEOj?LbuUcwOy1$ zR$WY!)K(;bOLy>oqBXB`^SqPC%c9C^pQ2>nTsKzqMV-+Pv#31raZwP;tk@U{l*Fj~ z$!qeV28wywYA_t*3q}@27<#DMHZC8JF{Co&(qZ6tb*FYRDGDp5ld$P;~W& zK4Qk9bbDtwM2pR((01;U;d|wc--q&SJV1W6;@lU$e>NLwCn`Bc;G05jSrnUjKbMdR1b8)^eUr2%$>12!gx&ljcFY9=VcGYYU+G7VIeLRN-;d zt;3ZEiJdlMsn*#w=DyBs_aN3UU4$@TcMC}+e;!KZ2+A_#p2f}F&R577A=r#vUV}T^ z`sOa$GKR2q6Vo-voii6p+`6`0RJgH7gxX{T6uG&jH9{}gL-B-*C)|?Feq5Pr8WfNu z+SOc9I1{4Zkvmq^hw)ZbMy}^BhG!6py0qo%noeUb#;vmYJ*rtC0UvWzN+2v#C^Dh8 zoE7en#M+s`lSxoaQt`Iddm@QJtM~Vi)>I;NLgrx3=5uf2^Ik+$t>_1OC-1qitFRKW zy-KHNwAkCYUqx^}-+>Q&h;!>1wYG;|BQNN$Ma*!l-2}Mc;5%h}Fy*Y<_*iodcyFYi zXWdw{XeC`41Y-4$lzZpYCljM@3^ykrDnV)r@{OCVLSlemO0{jdKJ8&Wv?S^j_LEm7 zkq|dVpa?LlVWPqXF@VHeLa`1eVX}tmV0P-A_MSMo$~H;FZb=CkEnf38P7(>IMpFGY z%%RWt4K;5m9Op}yaB%wD%_bxNJDb%IE{1aIK1bx?PJW!kH#mcr6cdxG(@Q%dPmP(s zNee=Bp>{4O>U_jr6@@yN&h8Oo11gaTpE|@~lCt=7KeWSx zg6;000gEfQ$YQK)|>+>rqvC`B#oCUh2A0Yq$V*;avOI>>nWVdr`_Q zUi8E>@&5rhXFus)fOdH*l3J$k&&rfqF;(!VjV(3wFs{dk;T^Z$GtK>$`eNSi^q-Om z`poqCBQ+EyTx|qV!CEfP<&zv=OHDSsL-1+T9}wr@3fmm9sq+jjlpoVdvBt||`Sx)W z3oJv_zsH6;yx8qe$>q7D;&FW@z+SFNe;@x?HOZ$%pM(H*YT3`q=wZXnk)gv!n1FA^ z{dsp@$Y`Vc#=pmFF7kAGN0BKOT=MBH-RJV(2kCx*3W^?5YgkRLJ;QNi>QM@P+&jP~wxxal1#gI2yaUpH({U1w+rL!8#^#v*W>J&B$rUb|bye|GG^ zy}36pofFO>NMjgy--%LF>-MYPSmJF1w+NnA&Pk9!GBLj~JW)~M7)@NgH=N^-pWDd@ zqvPzTLxR?rP#U!iiRqRZAF9WhBz3&1Qr9O&@n=dFq6ygT8NoB({>Ar+lMzhE?u&=t zgCUS=uITY;kxzduqy7Q9?wWbE&E#H;AC(lW7RPF|uY+hjC^mmmDV8asO5Sewa;%^- z`qk%y9RU8uI_bD`rDi`0@TFmozErGki6)p&Eo02HK-$kZ(c3~d;RHo^Jc+7!X!Xvr zz5`+ppTi+)n0Kao-z3yV@#b0YtuUk1{sCOoNF*6deum1o+2Ah?7`K(5UtQqeD;|2aetK9V{gX(~jWd>oCtcAxsy75ygs{^X=y;)ov6N4GP38T# z4~ZA)!r{{I)n2=Zjdg^Xsq1GD4vFqRfXngmOC6wsEbTZxHh9yVvzfs)sp|-t9tDo( zKHYy4L5qSno}X=5>uh#!728rmzsJ%8A6tMmMR zpf(N7;I=ONQlE)qyH0fjg#@IUE6|!)FO?-Mgc@bDYaa;o0SZ$l2sNYBy!GfpkER@ib@_rQfgs=L z{n!X9;pS8CI;9UB+h5QH;kCNK)RTwbyOY7@(tCd+=*dQTeO&;VVQ7&m5&@)0tkP32 z$lN_%Y0G5%(Kk0yVyz37BMzxVlmP$VgIv6L&7}8Zf8{d&ByBK%RHVqHeE3`>1UBVV zs}KP$_%^&&cTvJ4^tm{NA~DkXkBv}ZeoDbZpQQ*Rq*dB*EmR!?rmKEYM@cGWSh4~q zm*Ox~cKGc!LsP+ICftr&F-Yz>t;~TbT4-ZJTVZy&39QG0;~$RB%8V%b zh2s>iq22B(K?5qM#rzdOR;6RA6dkZidh{^O!#5192E_U`pIlR=3mIA<_CG+ptlVU{ zI5r?ptN4OZt>29FkVvsGL(y;e_rkyfW{~^Ax#y#tRg&Vz#bcb#hHgxV(`=pC%Yv0h zd(Oa3M8vHB9utJjOSe97nzo;~)`5atOA$cMbM>>{qW=Qi^l zTP<>DNzaJaXT`I6FxoM-g>&1~)MwYX@|V+CgH{d2T{EAEPQ`37Djdej2JHgB`I3rj zLV~%)R|}hm+qA5*?-1zkOO(BiyM!7-@-(sYrIEdCN6a zJEiZ@(cr^F5E_i#Kug2DX%w))jjth=Jd5O)i{2O9BhcrO=|EJ4AjOb1Yy+ypX{@`1 zrD9KPirUw#(qSgyUy(yfW#e31Y-bBLz>}DCC2Hxkwe(cZKEDI@KrZX@mFaesZ>Eb< zK_-}ag)7kuDDXK6gU9KYT}t7?f9h%*mC5E{#;q8}Zj9N;R^NCw7z=0ZxMEp=Wpn z;yMI^P;`Y2q)np<%?4yO8aGCYR}eh5EmW=qS&x$t(B*NjK|SeR|VZ`w5|0&m*SuB0_*mes?~uz%h``f;RZl(L%<;%iufnR{m^+Ih}KlQpFGN5Qexd zIt$gl9QWF+us^C9bOF0`iC?nq*lAF(GKoRo@Ur&@60GJlrZgVZ{sSeZDryAh)Y;Bv z)9c(+e9cHvh3}8;E44q9YIq3XtZY#Y{m@hf69e$V@rmRM9sUFUI>U;DdO}3a{IJ805QZAwDPUVq0dZ#50 z6r}nj0Il#5#pE%@tG5f-GP!ccUsC~WT~B-+cA0-H9(kh%s}2tbc?5Gqe@tWQm1~c4 zaT?f=&{eQ9gpD3b=%*z-P9)Z@V92c`AJJ~cdWRG%x>t#d*zP^q&pj3jud)@T#qIkO>71DDpAR+>1p`vRW?ZPLmgC^ zYjKuQu5Ewr@r4XRXG*I^8X=abz%OTdg#zw25sp_aX49<9Rdnk93ruB^jc1)r`evqc z$|E(iF>L?%4?t4C8{zQyD3SK`R@ASs#t}%!_)PhG=RM}p%7w^WE-Bzo$ z?IOoCr_J{G#?8|KxF7dvJMcm*St5ceA{gdS@FL&=$yW<{xC5|vu57SUdX1#}J0)b| zIcR6~tB2s&2Adp>ii1+e&o4jO|4~jE^MlH|v}@)d>{4$FM?h3D5O|0}xUQCbMDaS# zPP=tG`UJ~d=-R*$xqT%M5{mqW(-lJsXzkZ5&bzT~1_H#`p8ay=C9@14aTj(78udF~ zuli|^KJv2WqaPC6==R>9VGXuKO zBaaB}OvKM$R{rI?X+~5Yp577hyo5Vpt!0NvfXB1VpPprXw;2fprTAWSv7;E=-9>N@ z)*4aAfaTeNQJF6^-V(T=@`#g`l=X7I9pH#?M0ALh&j)54*ZTI~*y7X&0oer5N`15T zpdabCK-~L(fQSGq5nCSh7(PT=3G8433n=xG*Ln^3m3&X&VdCZ$zRU@XW#aUMMv5Y^ z4>?Gnc*KZ^2Hvk8@KOpacpKR|th1djCYjz!TK-OqEZtHbf5cOvewA5YdSl@neAcLC zI$=}?IG$y9nFw2h5mq7ABobIWq=qU-rPjUUM(u{IW=sxKcSE!#vtU=|_cBHyZ)s&I za4-IfyUdq{l;i@OA4(p@dDJo$MZIU@Z#tDSu0RwYj;^zaz=wPENaow~&p$fwOkf3R z;=50zTPXY=u`_UdywmY-Zt4Z~(P#L4JE#;v4p}(*xl>+vuFT1=P2I+%(g%?@jk?0Q zTuFzC)C<=(l~3-!>R?F%_#=-r?9OOFcGgVxt3o@<-e2NZVC`8`UEeR=4$ncT&u%5v zLNc;V01TBD(gSiM>{s`xFnFT^hUYF~20XkgHBtgovHZw{g-E9sNj;xrF{j?t9e%Ta zkpDDg1#C3>KG^a8ePu^7=4_HZKVL8<#PebSvv&foV2!=4u-_A zZIQPmoH~6(l0C0fK#pN>J{FT9O?soDRYL%clV?F0)AB{Ad5CKH>2wkqi;YxG&a1}W z#>biVZ*#W6G`OED6YDNW^tbFZ_+Lj&v_AcL+nJ|mqi2Wu+nDLGY%_tMDS&bO@8iNc zzPj3A-=o==fVS8jd4~vuPf~p_NM1{suS}|)DAGtA9osY>}p;79Mx_5zbQdaY2ZpYl* z3B63n?~~K(`WeS<;R_r|CF;b~+&fy8)_FQ+$rU`v8bK0gGg!8o71aGY9yF_mId5O) z7iN@U5vz&GpZ0Veusb^&eZWi;((hWd2|zVx!RTZgs z!-dxLIoRw*Huu3r{L195ir07VdR9%%^Ker+UPkKC|B{jC}gQ%j_Ta>j=3g8xTf-N{!s{}Kb1|m@c3}l=9+&hEGRV5NFwg~ z8wGwGSu(FRjr3FuHuJ)vu&=WtCG|qA8P*ylD2bM+G8ojLRPB=>Qy=rS*}PJ1cElc$ znG!$v^VR&oAv{!L%bBE;^RADu2{8jPCfpn47K{3zH_goFmpaHVGr7p8F|Ju0nxH0sOJfUVkSek1h~S=HtPqg3a*;+jM|1{J5uJ-Dc5+Y{F-oJB z!X=NUIh9+0 z?}%W2Am>HnY-KKjxkeZBK5a7dL*-^1H|3!R4qqLmq+L`>5La@w`~DuR%rZ~eQ?T3mX0HXw8Xp#A1%}~e2$FJ0E$m^0%K|R*!Qr<+Mh1I4Io4DI3Mq1~3 z#1Xt%@2yVZiU9`zTn9b5Abh7Y&S$hxKw&kLg3Rme{XG<3$y_F;ucLv2b)QMCODRV{ zaZ0mLrygU+2*yyD2q0yv*BoySiP*N7nyyT=Z@|iJEADsqBYUxMr~*(IDeJxd23+}s zNd8wl@q8qBNHg0ueKiIxiOC87RZ1#PwP_B45*DSuo+h>z$;bwZ3k)Gh2ebOZ|I_n* zw1RazvOu-%M5vR_mb!uS>4kMCIySNT3OjPtbs+X%8QO)(!dN3x&^bT*7yUESY`eU- z(H{ez*@ui&qGlTziSmcc;#y%j0_rtpmwL%wgV0R4Ax8{oo$h_Kel1lo=T84gMAi4DFcddB{|a)Q6RCC!)!TNIQs! zEJGbAqFXYPWC4p&J;#$&ssABdpkQ|`c>Ib5&j16eicFmt=_qvi|GYGr5EwohL1{?w zH$GCDh*p0#tqIRqEPA-v_+Z_FO22vxM_4|1?W{^4ojIDGsL6_VMxIJLyp8z}(bmJEN&1dySL-W+uh{VX>J{3cRQHkx1So}6*rFYu2G z?pM7K4ve|2zh9VQMGs-%VBA?~#m4RrzkO8ngiVSd4fmROSPWt0kWV^r5 zt5Bp{-wsj^l%dJ+7h`44R(uuToar%nP%+sX$IUkqWdYVXf(%rezpxUH{N5bP$&8B^ z?8eKcgt-x>in1ap9lic}Ac%gx0`14vOCz1NuRv=+2huIlr(rVeY=qUT6nr=@eJZ@- zODDH8sA2ABX(8>&o<0}Ew8vqHiSqm8F|Jx5EUc*n4Slo@A6(SQ_P`r}gl+(J0j)Y7 zZ<{4fwXtBbKAmI87CNcoYX9rEh;`uvGi*qGEfH?(LSd^f*=t+ss0lsFC60%*C!`jj zN|zC;@MyI0AU&lTx@uGyn2=(YiW0D`+~wZKhR|;EEZtKZW4bW(G6oYtg=!L~t{uOB z=C|wgvz7RR>|3E`wfYJzwg03?k;^rVC2@l+7iFrev%?RXt@ZBFP@4b&3*M3Ify_Z-g=70jHAWm9?eg;br0zlD!g=7<#zQH{C zW(yaFb2=1K+yotAM{VK{=|^+QKg3_2&>;MDb4w}swq?g}mrJKP+Is$kfP&f_xr@iJ zRG<_BKHmauViW+VL(O{*C1d%0_=#}IiqAN?odi(uPd;?BFbvVv5|FNwhJ?Q9_gVP+ z`|tkzi9&?Kv22VZf0L_J1$PKexn~vnYOjl@3Y5)Z1VG61UP zF+j%$SE+XNV=9XH#BG8&a)hr~gg92wFG$&xkeID56OnD|jkR_<@p`&1diH~I;=9~8 zS#isqM{A!jZ>Mj+O+%1stPK^I(}S)E0SFX3dWK#P4tT8KbI4!3Yt8=fi;m8QZ&xD9 zXTgp*?3)DfG+@!1KWOD16r{_oe8=~-3#?eEMG4wA^51q-m~p5%U+}dfv@rDPxSgL_ z_or&OYY;efRf`^%S+#I>V3OT!m>3sFXa)MWhBBauJQqFgZo|hRVF;23htqJWJreZ6 zLJtDLXcB5aeX@v+_-gLb$*P*M^ahwXt~$^m&P*E{y=U=|1M>#yXGKRp2K|QzQ>wfH z#bV-d>r!=!{;c}88~Vxu+6fvgHy6xSn0^=$c=NLWaIACE8-zbdjlOR4SS1rVuUTLy z`XLD7XGkQ7qY?M|2;I2pAXm&#w(Bx9yxR;5ZyNnK0WWa+&SoUgF>zw>bm}%;iT|si zV}|#2p2`f2ZT5fWJ9CVSyaOPLA86c+nH5_X0j*vnw4)=uQ%L-D!(-H0lJJ9^PPz|k zmo!DT3FH;W?8Q+1j(%6H`J^DG(UXU9^Y8K0PCwwcp@TjdfJAy6ein51?&(iR_$2Sv z^?CJKQaHlsoUC50ozLui%RUkbrdQmYy-~e0yFJ>+-ro_|)SLNGLn1 ztR*|MVBk4p*uCVP_-+*d^GP8c!@wCb3jx;9ASR4Rl5@ovwpEE-(1eMMza;n$Yg;df zF?DpGxcV>6d%MRPn*SBAm3{4YMf6Nnb$DyP{Z=8)J%vVVnDFBNCvhpJNIRHW&8#n9 zU+)RXIrh@w}@guR!R#(BLLPVF7Uk1TX_Ue?~5`(Er;ztb|A{f|if^7@F3;?LpG{WOq57mLLir5n`$-KygeiAZbT+^S`oJL?_Y zwJ9Gg5C6s-Mh|w!nzZ_s-$%y1Rju_SEsoB%LWUayTN|re$oUfEwUZ}oD29c?KMOYo z5R4@wKz9$#ikSdMW)O)}1w2Am>^X(5V@(ZNg3gOFnQ zlfETru@||rds`Oli#L_(e#ea`9K7$WvXtDU zkd+R#1lDWa7^yX>jI9j`Ir5OG8T4o}w56&~#{m{oeLU4g3$Xvd%#;Rfgybi^>ccPC z`VKZ|##XmUuA+wEEmmBVrCU#o^F`5%E!{g_R*`!yvq~CZkMAG$gNer|IQo5lP)`16 zNxWBuSvJ@1Ot)?rx(BV{5^s7wnRWp6d%t0KV?AUw>tJD|Fag^B;HmvH66zeSQTeBq z!*v5eEQO9G^bGH_PM}G<@5oMgSrJE3g8GF`T=;w`hPd0oN-kzcVMgHpN7q|L#nE+L z+uhK(HSX^265QP-NN@=5?(R--2{i5w!JS~i-Q6L0f|H;7dB4;DtVW$wjj9@})?Rzg zYu<@l(H>N8`#vPHC@~Sh^`GOg!si226WdJrmOT&D=Fk*bGXWGH$Q{X%CBLkYx*5!37o6nB(+who z(6rMF8mqq~uvm-&F&3~v3PNVvA*cONfT$&nKL|zwoJRut1fvMNDi=#F`=<=^IL*S_ z(TeP#eO-fPz^#n=C`Tbs-g>OcvN`^Vj3G(sj4>~Ot=n%@ej`a-o|ePrsmrn(@uyws z1_4DWpmC}8I?`S^E}EQ^8e6b(i(m@{y@Ok~0ee%_wBHx8JIgRy?1)>m2OL9RuEvBs zy18>@sV^ZTc^5iRAPbXi);x12G>JiK0W?z`W63~^t_I!}(aDkABG{xCI28aWt}JMy z!pOc~H);V%zaEf1DT-^|QM0s7LlK_B(Ak2$9dVpMvowsON>#7d;E$zrxqTtNA%6mB~=v9-G* z23K#0@^YTg8<^7yGJINyv|wQq8lkJyE+)Z; zr9d=JhZ=mN1=kr+s}xU*e9N$STT9NL7T{(G-?^z=v!~$fBdPBzv3MomJQ~_XrpXDWmvQ26IY*WE+f0z1K5FJzx5gE3)sSk2F%=}Fb&%r3wua6+GafkSt z`9Rx`h^nhCzsU0hRb6idTwj#$eRpL25+G3yt|Lznlr=Wi+V-+A+<6ETJSk;7hIT!4 z&Cb;n+#IiohjjRkHrkl2hIqvE4Vhb-`ANL#Gk4)sybcrrIx}`@Ms3Y_*D`j|94m;N|z- zeaYntizqw%$U`3|ObkXCA=P#lhInnrhh_R$b{Bs*iYFcO_#{G@q<$zT>QtaBC=Ywk z4vGYR+bb?lbUWZE2q=R1H8qaOkS`=mFhpq}+3gi9!^T~CLsljR-zZpp{`BcW)`-D8D@fSfGN~5ARX`>YAqwLge<;R)pO za3w6%qA9jHGqnS(DWK*w&CQymIODRgXzs%17!qH8#6t_#=Iq}8^j{frh$$DxZy)=Z z1^M@!?-7AB)6e+-01~hc=|eLk0y3 z`l9dggi9#5jNXDv9^Z({1Im;EbWd`rTX8>Q9IzPzt{CNe%NWq5c z89!6k`-&6>U4e=>$FoMAGzPU58|f4Y7<_W`4!lfasvKk$gnEBM5bo-PI6m65gfXi>1{79Gs?ARsGXS;8R9VF{9{*M}h@U-82}Bi@{f-#g z&~Q$?O(hALMxqU9o#ml+eoa4LQ^Xe2M)`L0^sYz3N36}H>3i_ev}A+#4MPzyn(@$% zY0sN>uYO0-FfeCChcLPeSPS2~8gLH5WlRzOnDcH+n#U}={~uzF3^jK)SOCXeY&&1{aO2WlOM!O7E>smu^T^FVb-^yaFHQYxtj=*lG8;5^3MQs9@9Z z7*Fph3OdPDU*`{UCo?-MIt73Tx0g?&I5H;+K0i^=<&_Fc@jSSiX=t*iTnR z1CJarOYV|uD7Sk6#15ZCh5bLUB#P&?fuyqCcbd^ee}+*!yyGsM9lAEe@gUy`yr!m{ zW@;1HMK=9*Y&Jq=woknUc%^(^GoeMlN6Kznz?6eXVJ!5=B9hd7Euv7g3O(lqbnFl6 zpO?@lk};KN>J|4DDqH+r0Z)xU!D(GswF0I12}GZ{Sl@>URiQJxN6tJ437!mxr@nL- zuAbrOglQfI63+GS9*|ax9#p%^U5-ypn}=J*WgLz-iH34@jsabYto1mcvbs{2mSTA-pUV|UQ}EKHeesS#WG-1GMDa8ck94@IxIt|Dn@0C(J%nWXQ) zDS^q9!Y@r0qz2i)*#hpS=qyD;=&pW$4?OLnd#K+<;|q=Xg`j!=dbE;TDGTL%_vl15 zj!H0otMMqfcNL=17#nQl=JDEEs}gtdyL6iujBk}?ssGM~$7-R999c$0&T&%oCxSiF zx5KpDajJnS*-@-YfOk61BPqoGF<=#38~@`&Z`7lB^7uY1TCQEe9}jEDk~eTVQXEpl z^TEL}`g^~^;9!f8VbFjW+XRN9q+md69VQN})ckwrRQyTe@6*%I`QnyR-241oNnmo( zAiA;AJ8b>gdYx6Zy|(^jOTa%s6F>i;c!!9c0gNt0Qpn^p41Yko&a+TUpli%IB)}w2 zG*p-Y>1BrqBN*)@>Az<5^h6BwAxh?u1|i%`XbS0PRE&L!L=Gb)4LwP{7YZ!pyCgs| zh@C+8Er@+k1aGLpyJ}!XCOzN#46y*Iqr=(v6eds1EXHXQ?8H@e`9#8AgRv=@bKN*oqq%cKDc0LZEaT%j7k4)KmNtJcrsV32d zVU+vrBN~?ze3}5#=b)dsvw4%$8UN%C{)(hxQnr2*nht7=J{8;>|DfErs(ZUUk&rLv zY$yr@%ieSB4rv{-e&xZ6a@v%UVf5pOL}q5gja9@3X#dQSuZQgw=VZ5YFi-m z`i#v02{X~-P zh-c5n)}6YfrN75}G_6Sl~0UEqt+NfRPV}K$55soq2g!W6`eS#$y<_*7oN^u z9Vsl|pM2-{=>MXq)DF{xPWmXK{PpKG7a55Q6RPuSiT?D1;?YlZQ;(-?SCB(`X=LE7 z+m1WXVF{2qRH&K&-(o(at>$1>%{1pHzRU%W$^bCOONUxS-!m;0n&9YZzsoC$p`+%1qz*EqzmBx-tvHEse zGiyo|iUdLeToI-y>s5XR)YF$aFR3O#o5*K!-&wG~uB!xRXceshme(Y{x06Z32=&pf za)>J02u<59_onudlywYO7wApnpy_nvqYWcS1RFjRP%+x*x}$*h9Ft?S4VIwT0x z+US=jSo}dr6s9NuX@g&J!bGtc3qjw`<`9ys;PAep z)JB%;hFaLBE^m^&lN!nDv1tLe*IAXrGG@-UwZ#S?#HEyGKVna#)^4H*?Y^Ks4XQcl z$KO;fU){G60)acV$e5}Ou-;KmiE)8Pz6@xl4sGhtU8ooxAe8z6Q%&6nE_MW~Z7(zZ zx?m|Dw~jg6ld$(zY9(~oE=?AyqtqK9lc)n%_81c?nJ5aK1Dzs=18V|oGypMw3bR{P z3TPf%qP}~c%CNcPeDqYaub*m#PY&g+5^)ncmmYyg?cf)ZK>ykDI~~|q=#j%u%=(%f ztU`$+rXyGpaQuI{KLoIBG(cZE&T*1Boh2|@`*$PO42SD^i@#2v?|q$9;|parYJh;p z!ImxVC3CoEZl7&huEM{)MGS zBJF|3eL~3+YpPTvR8$bGT_&hrQg#isfsBmes~>w3*Hyl31y;0#92qe@p^%AXZ=dA1 zVCzEEYrPEF%3_)^Ll+taA~) z3YDsTz4fh#6~RTQ-kEKzLq-f>c;g4#}WYnIsA3K_1rc&K!~*mmCz zwnrHHb{slUaqruwPkLd&Ky8q(ZnR}>AyM8 zZWnD>3@~plDcTEGe{Xv^S%OQ#5p-8#qrBP#|;v?*!gefpg z1NgZr{{UxB0}st(h2CV)|F|gG?mqyRhWvQoz>>KAtodJ8ZF3QkPNlnI*{cI1l#kCJ z_JD$6`h& zMQml{$FTqx8B}eoYL4`pseBQ!o(B76JrwEr%8l|NCwpYhcU46VA%q1*g?*JW>*%&t zD|lC9cWG$ope3ljKZ|Ie^vY`M0X((I9ad)eG6O&Ku{s1JL*EqG$s`Lh9iv``>54d| zlci(=T-_?ybwt#LJ7(etjG%V{WdM|jX+uiFD^{}g=Jb6r`5aHblKbKyqX008rsOT^#{Y&&mmS*MtgBzlsaLz`Tx<2Ko^oN-`08*1t{w z^I4U?agM)pdTy*>BvlIk1IX&PQ+qqQoFTlZQuEOE8{x?b7}^eIlXm?))I|SD4O+?< zZu#aeP=6rh0Ivyy3{_ z4qXA1O<}r_!Du6F=vhVaWLlTLn!W14BY)x6>l(b2O23gr5qKO=_h6E@Z*H1z`|4IS z_7~`%S)I)$T4)FV@V0WZ?NyUfAx7q?E&_J(-CU3X#OJ->&(9$YVzGGjuaj z_DQpG=~OWZm1P!|Xd?(u+Yh?8iOb(TY$=}%4O}ln-r32rjmwk}+$Y}7r3OA!v(1Z4 zBr~>m_rgI~VZ>I1$e8r#c)z#8W%68KHWDaugjEVrDofqM6_gI$MJY*AYV=y`F{yx zQNik$KAou~**EQWs}`-D1%o?mh&XBJRl7&hnWvH@fH^0GV_?MuPYI$Z5heUj0}AfK z6O_Avjjxze3SvXW{yiJAYyfk3^a?WVCM*LITsk70_?jUn1xqp965{NB;NWbUiUQgc zYG;~Z&viT=#)mR0DccJR8&!Jm3o~P205CDR2r=FlN;gOP?}_^3)Q~)mR3os|iD2oCdy;wIoJ^7JSw3-IMIPyI!B+Ho%t3S{u4j8}ov0V5WVWAL` z)HekCjiXh6*sU`Bj2H?6drIWcN1<(Pn7;7j`^g{;5$Sbi*o&YQlFc=;g>6voABNr% zQ$+g^cs#p~i-mB#VDlcMFlj~{@e?Gb3hvHFRQdonDE+nwX2`x1Qmy6J3IvuE1zNUi zZ1LtTh4{Z_@&qSKxcmxhG?Tj__7VZ1_0ZJ@eY-Q{GP}?_&4hz!=Upe8u@+296mIhE zq(AogqY!rHJfb6Etsg$hzz$$>ZOuq}f%RoK7E`U^eS)q4ZI!^!kchwbvwWDoPyWZX2GNgc;LcCOB8K0%1ld1ig<>DY zMRT^E_-{pfZHkqU^i$mw#=Rg)K~xmFXF&dye_Q+l;QSH%7D0EP7$P4T$T!e5v~22D zbnBjIA}bkw0nIvYzBz1MO>&`3O60O-vlwa#CD60H#Z!O*!oNx@GygPy74mK#lx^hi zymrN?+HHKYK_uaTtuk?;j5>i*8TNy8)%ka6c`(x!7ph8}qTrE~^w0I|v6gFhC{`IO zJXF5LSVcBU!!W=@L}Bp2p3{%N0z+zx1xjCa^=S^&@DhkLA(D=XdZZQ%Zoy(8A1)FW zbZBKpqad>ba9_IY84>>vlWr3?w5o^AS<32XL_`LryGO(-&xHdVmBY7#gV^FXfc>$w7gyhpac zP4* z(feYAON|)~iEaELLJnrk$j?+&1&v%P_)9!S{Z-}I6mZoFzP069eL1VYA2LXz=)+6L zq%eoUks2O_EVZ|oGP#x3e=6(&W?o;D)9?yYhIqsFOk#nXDDm`Ns(G?ONNtemKvAc5 z2E*A;Ao$;VE>y>q*1C^XbT7Fp+zkF87@3uy zx>~v8OPj8K(@6wye+Jd|@<^FD!7EDk(`8@;4K%5r(Gpfvw2CEY7O3h4WD>XQ_v2U0 zs#(gx>&M85x1iUfpNvaaC*T=7WpLxSVbfMws^$EmodOW@A-gdY15%{!1couN#oyG0 zssk-V1z$gecy?%_*e7)%X2oIh{G@Wxu}fcCMIpV0HnI?egeSBG@{SpZv`I|rwX->) zLuHp}5Hd!GEBRGOHc(I$F5WY7i}JgzOzWksa#8yjhOd;&l^3e8tOO%ZQNNwwbJKPr zu5O^0G{XTpr-L*7pdhk{-+0tMKsc|6 ztVI5hra^E98{(elzvC2+4jKq2pz|RQ=CWKl{AxH3^Q>@N|MSoRAuI}Nh}iFyEQd|4 zFmV`>f-cutyw1vKiq|MuZFXX%#qg>PG}TP+|MAxO5{0HF``Cq7Egs{4-?2L7cqHTt z>g@r!2_k=IJcOCC;K8$ztK{OL8jA}F-yOJkjx6xV*~2OOCHfEO*--I6F}|^rMdd0A zd#y@59~~H{*KK2+b#@Pm(SXeMd6+#n9~kTe@IybRY8s^ohWa|(2GNcmt#mO?JT(;r z>ev3g>J<_5sweZ`x>o;5kAMIACtP?XnZB~J%_XmD9kgPM$PE+_eC{2*K|4ow%m1h1VpW8goNjh3p(nk7#OYw^sj7n&s zcgNSSt@d%(*2{-AstU-pg;BuCnkBX*3CMi2O^Ras%k)G440Q(@-ee-)!&N?dVM<4CvA>^|O%9OONW2jE^vZw@Gy)3a&oU5IR4;~ZAM6@$o zt<$(b>1=tlbD7n7GKL_ppWmTWaYdPNI2N3K1?_(Lr1HS#xr>N}9Xi8Iw)<@dXHtn^ z$6LJs4f#%Zb3t8?kex_(5-1p#=V$IPU?_Snr@?LZh*grc6`#$(Ievg@FZN)RPlMC} zPg57gBw-lBz~HWJG2k0@b2C0+jAGJW;as$3C^^;;G=u1aIm7( z8YeoBuyQvH1I&$e6Ods<$W^@f!q%}w<|lVsiRf)Rag#{jV4%#ZhB&zO8RIMwpjtkq zC_TWH>~{74gkf14##;2@Ce`hy^rWUp`OyRfcc)*g}pgVV2a*1jW9Y z7}vv(`wxALyRm!tuk&%^ckz1Ac&NCyUjvUS17r6)Q|Ev97%_Sr160R)R`QfuckU9v zV=c9r3$LFD7Fwu?&wKv=Vq4NL#l9z<@*r@m{+{Nm8l{_;*szK{98_=jEnbJlDJGup z$y=V*k+O9C{p4R-+5iS-&EX+{tOm!N=u;6e2-9+E&olDfCAFOb22k1&9H4buh)))X<~TL2YQV`VM0rnL%iU=-*#- zDHL)w{LwsQ3Q{_IvMyN`lSa3 zgyXako#hOL5UGHV#^#Kz8i8UVQJ|D}p!TO0saf}(*YL)iAUvJbA3wfm0}OPAH2ZJ{EW7C!h)9f57o+(b5_5xP&&hsfT~&sJrc_4>_f@Z6eT0 zdczs+Q$in}AT45)uWXxG=)uxd6e-*P-<~LKhSfL-zk=g46|&3tC*R;7iH_z43CpNb`-PwiAw#)MdG zj8ulsiKq#EFZr}o-{l0Rrpoi7FY|(1fYIoiJm5MW0^uY;+%Ao|YilIuV-F1RqErww zM4Lscc{jpH*NVKvZ5v&^`JdESzo5@IyXl)l)|Hc$V6!Dx!(=OR09txI`WigZIy6vj zs#v(hdA=KYd0H^3rM$`~iK1IuJwby5kLU$?`axZyUt$&1hNF#y!m$lS{CFS}Kf)KO zx9Y!Tb%m&iEPU+NrO5K;<%aO9<9I0Rt<(|Y>R8pT9u9MzBa6?Di9&u^G&r@V&N0V) zBV{sMO3D$7ZJh?M;J;T>7VV_J`a?mHpV9DyFm1GvFDQyL$jF_R=9wg?aIWs|IIYyT z$r_4X)4Pjl9E|YK#o`eagjDbbr_QMLizkzswv!Dj|?EsD6)kQ09RIRUJSWIy)ly~c1q<#Cj`@Bv9Ccwo!?xL_Zm z8q5%~y+3V0eGXf&eHu0oZAd?j7Tvp(i#QTr@Kw0Z0R;+pVn$@VS$xK@__Sn@1V3J9rgUW&5o3Y}vQdtIYKx3)24-0vqQ3!4U zuQ?q)vg~l*5!DF9Q?G8sLvS!^0k^dj6rV$_`wS+)Sz@bA@#&m8!#kQu!9o|VkC;E! zx8)c7NR{m$Vc^QG2qs^iT`eRLW+`72qUTFzmgXpXwarZ$%h4qUyx#eu)G^r%5Ks6Y z*f6R;rC7rlBIF zqu1*F5JLK)=U&U33IcjVz|D|QPiQK|iJ_q_bpr)MXfaw={qd3xtQ64wH}cgiNUL5Q z8_p{Sh^j{Ipa1=U%%#MT{)u+1DBAJl2N0EAQPMC^kd`9s;0)N6` z2&(A8a9*;hC5fDN5Tf1o>($>x7K#vFg~9x-xF0h?R97%_u9Lqk$seo(PK!>VQ>tAn z=eM55f3Mq~A;Uobt@gKHg5E5(AYkA#GnOu??OSvt`zH#+gykK)NeZ}dv<;2NVWu#K z64qfr!K4$0zQ|b1KR~<_8?_axb6^wv&Wp)umu(w}I0;tHTuOe8dxL*Ul9iXWP>TSociX*>?1x`MCU^Vj|7Y9U5VIlw;@o1AvJ;3`}Q&y6sIyx!dc zA6}psAd1_fFOBVsK5{u<7kPp}4nkPEjZfI2H=`kMPEx(?IGlnHs^Pl#80w*T|eA=|<$q!Z4B{{RC1%4X=Ss zD9cuTPHXaKKhc6)M+*=YMPwd{c;CfX$jz1?--3f+Rrf_K$7dpE5@<1h@&U4fL6 z>|)W%nEFxhU1I}v96`m|Ev2adcAWiv$OQixu@`*wJ;PIbc%zuOQNAmY0hm%6}}9$+i}@zNDbQ1-b@HP?k5gA?{)K^_N5uZ4XJF_vQhr%BLYbdway z%`ndi{)PPG+N*g%Qi8+#*c;Y=#jRCk1?mFqHCbPZo}lfCBMOhnR{Q6p_^CAPW`0B0 z%3)|3Akv<2fUlGa^ zR0{bCe~R1~s}@wEUDRn6NOp0zRQ?R3`u(q$QCyS4R|zd2ZCu;uc?}so=$r5-5ZSc> zS{xH#wfqlPkF!aKsA{M`m;c6z)mgxbiK1PewC-7^ZfAf|OY8W)Cc}`gHt54KYD|Ru zNev(C%g;d)@LBnLDIE&D6oWlfN2|^?Bb5`scIAuy>wWnF$uw@(SK>B8al!RkM=Wu+ zEmiu%Afv=WqRNyWOs}+4W(K$dEEQe=8385wu=XJzJl&r>gEwBg1}r0BA`Aa$EZc3a z1=Y9g$d)dzuD(yH047I5?#Z?^uDBo5O|vH>1M*2KI!{lRKuTK3g7AM(`v8bh28nJ} znvhrzc+dZ~ih~X(Cn(ByGVxPB+5HVWO)x9&ic^pOJ{G$n6m|eKUqJVzWBt~1^B{(xOOoM1ET>Kvc^4M#yS}DwlZ|NJ3Ef@pu(ZoUW zEMw)5eOy3IH#F?^doG>|ZZ}JnNZ30K`a;$={7K{36xFuqhDpvdeIwOFzn*}6lr02u z?LqCfWD`BC7-jl}K?wlfG>$hTNv3@T6c9x-NM^~X{Ov&edc6o1tuI|pe}+^>20@EP zU{!ewYjUFvUN}*{`RG0Df$tYqo_g8lfOkrSSQoTL3T!^?C?6|YC=pcL5;%MT>sb;- z4zS}G85-fBqr^~uN1Pc6g+nDb%a!T*6;AF{1+6-)|GJ#3{$a6EH3H~*wT}E36Y@WtPTj(Pt6Msg5obeS2s~Gq zmvE_GRZ=^aZzsEANeMpG2d0WW+`G+M;1O%l zw!?e_d$etz zg&%RVjzT9NzRyZPMqq4wncbd`TqT0F1sJv+o3@0BLJR!Af`45538%`gp8{X@rUu>3 zs{&3R`?r#TbgA$E05U$c*=RpB08JtWOCD7QcJ==Nxwf(Cu_vC-CQ=yS7~f3#YM`;_ zi&^xe9Wnmj!6zi45esJDFs^jygumv1;Ui)G0HIxg;sR1zkQ`J@I`mUNw)2HbpdAyQ zVc6e*tfd|k*BtYpe}Fr%^6W`qEa_V#+WPiP1crLwr7i7jTlDkBp@vBPl)uSrbe97G zsP(>I5}w!M9q%;Lp@>!Vr~H9Oy3BH%%yZsx{8L|$3KW&fFwK&53mXUFOn_I)UD%$u z)M|d>squf}l>AOS^0{|5EzcjopRafm`Z+c=uZNZUYs8T>6j;fKj=$r0^}s@gy*-3u z5HbMy(eyUb!k-Lr>zDm!vT_5;i^25P!P3atYH?2KBJ--TShp3Z%3Q%+N7bMw5x>qx z00P0bZsBPwluW1K-9B%fN3w6PnFA{hsh`H*UnmZ*^HMjVkGuAS_JeGET!^owumnLR zWg+MH&#q()bHh)LA;w6^H?>BFaZs?3ll1^?aAQB_U*Si>&R`Ezk*#A4?ZxYM7ooV8 zU}84-I?=X`+fgf-`I#QJ$4ZkgV!x_QKI2l^w+?eLnp3@ao%n-i$zVtlr*41miTb|4 z{5N%cejw! zkoV&V$Q&Hv#>)%vjAgoq=ODEWR1}8?6^@AT!mYBJEeg9hd=492--m`jLtnMr9fqB? zjI};&uaPXE*8m6>%t*AKGZ$fg>EIlqJ&n#gF@-GjiP*53oO*0vh$os{u?T{Og-L&W zsz6wRefNGgTeSwNz>m)HkTK3C;(diW<{8Q%%}?$BbBS(CQ=xYB&Mh5O2+|_ zIKqu7u*_w_D-DZ@DxDER!*jGQr=+NMNI@@sNaXfUr?>O_cSMMX)IcO+xL?_|{q-Ew zTdqT*+M<)S_!WS(Jn{IX%!`A`ZlB(=x7=jypbfapnA$37xA*M4E+dcD9+4$V4&Z~k zR@Djq;N2bp@)Ut*xGot)On)Kh8U=3p`RZSM#f~OyjQqSeQI7(L11~YHl1WhsShgu7 zc7RimSx7R*cigt)$|P#p`$CP;H<(r!2B@N4bW+Mc7F3wI7kk2BViQt97 z(;#Y?=BwfD)aeCv(_QW3Ai{6ebzLx(yTNTL?)c3B-S0r>^KXp*WuMo%;Xw0_*pvou z!^Y8j`I}Z!+`16`Lc~3Re&C$K*u{Lu-Ox#Aw80BOK@)2GgD82XGOc%^x@_f@h}lLc zXZht4)J7^0oK997FAxu7YAnvE+#pay1g9s&j;adLmSa}|u78y-kVP7a3y_6h@sYHm zZ0*Xl?c3x@vj)xBo-C$Sgdsu8^FL*E^0(A{#Ka+9VLD@Gj+auyLDOI#Uqneo)_;G9 zbu2*%=4A;hYNG8ml<|`o;0*+*O-;ae)#q|;pjv;@qg($VdmODu@$=f)Exqmw|DH=9 zurj?WBYxsalcSw7*4zL{;sa zykkLa7<7Wu%Ybh_c#!Ev(dvi{g$oNaCr?p9pJAGiAu)Kt(LXl%n!AgQmuZW8ZLcdD8}Cs z)12tZp}!?z>hTn1ye$dgYY)&rjnY^59svI@3Mn_d5sOTSa|+%%RKA5ZzFN862%lK| z(y!-MkSJ)BC+ixr_amK~j21#U%P#TTjPiAua zNYOGDQ);VbAGgLVQXSG?F?bV|e)i7+!}jg{YQjZDHTrPRvC;Nd!WGDB+I1~BK) zPqLg!2UrqCIgGRHoG*~bjn$sM_K?al1%v5?{7Fn}2{L~K*E|l61NVVf@KECs%cm8* ze;0h8bFfP%UvB#u6CWSe^lbnZ*H-&03DZj5TBW)D>3D^=9-(CL^-`@QhMvbL))O9-D&m zJaWSJ`oUXhPd59!h5Ak7SK`7^nS3Ilo5Vh9$03G64y!}z*h}&=Sq*yuqJ-DjcZ*aO zB%M`V_La$k`ow{;lgzc{K()&Ez!Hi7ekZ9bhekdG@P(w>+>0&pBUWYYLi(y3{6D1` zI=<()=lsHJXw0m%w|?m2fof=6VB*W#Cm~!5AU1zwomIOEqSgdx-j0Qf{9PhHakER_ zq9b)Wf`?%?y@Qh}ITe$k=IX72*Vft)-zweoTH?oWqbt*ZgqGal?Nv7mWK(3HHhJCp z;UdUWwN$aj{k24Yg+DFLLFPev<3fTe0q|5LfB2%eF_Sn~pUE{yGCBsx035l_yggr=f$E8ur33`J=m+%3w{~0jYeDP0kHT&{jaDWF z0J7q}?}Sle$)d*hMk@mD8I>?e#U*-?9gX{fSX^O<)e@UCEGieL3fJ5)29O@}4aM*B zMXG?cOps2glbjW+XQD2Xlf|65R9m)Xqdy#tokyj-IZ|t5=APGTTp-VOeILUJ&l$5< z(f7oTRk&^x->EU1UEZESn~N4U!l3HMrgMz2PQbb3MR?`p+xvrU)uJBku>KFG+3<{O$cf{ z5@iO-eNINbX?ywL$d11awCv-3QAmeWQe3I~M?|n1W`~6C0^8c!Wp4ol z39;pOr2hbeDg41k!^letJ8DYbS(?ML&H^cRc)_^CnQiZi90{NTRW$jHVCf9SVO=(< z`1%f-MSg|QBwKZJhjJ9=7kw99a&vh^GEiyGCABAyS+yTtuZ3JeE-$XZ~*F)F=F~&%K_Zg1iTW3C=8wEBcVV(cp}2c;u1Za}Beey3SG&gZw{ZN_e*?zy+w~H^Mp~VROL-EH|@`AIRYx9geOAWf#*PE5;_d6A4=J5sOBOVlu}d7ZQ#1Ee)<`h8f1eeiCH?H`2$h_ zI5RBp_S*9~!lOszc?2>>Lc4sfFs2}jr;K3y_Ynj)K>nCNOa9;F8Xj+S6t^*yufWT6 zpgG8Y;_S(<)AL>@nqj)|Len!raYZhO2|lXwkE@Ax>&_c*uJt|;gk79EFt0bX>)HLV zJcT_C(A&M9{8UPmwZ@Gic>X&c8fQBU$(`xbUD{d%sL$cvFfliKw1$}`f`0YjvIEpLXE5Wlij;&}6 zq(m=JzJ3QOO4sZq05Y4}Kk0I77W*snCCj{Vb`APu7^f1$UxG7HcF=6s$m2a^lgLyx zycO6#siq)Evq{FVz*L=&FidAg)b{{F)ujrt_X8Ls2k?Gz@ikaADWAgcdV}hMBPsUO zu=VP4?^DZ-*LUk5M?px1RgKLH&J_OqXd#u4_ovZ!@%1M?syWY__RXFUtD9l!!D4x_N0J-j zsbX5&4wU_-CBMfeAoopvN1%r+alm}yIyGgwipm{OkirDft-D_7BGl_xJ<1`U0f*-% zJk{j0shK=FA@>Hed56!y6KZ|##3uf?pxLEdG^DKeJ_y^dDnWl1CFUs64vrAw9ZPIm z(NZ!3!ZwSX(qOvuKL9zD`-IILHLSAJXxvBGbC9aEu*+Y1?s4P7nAp|?sJnwLhgb2= zug)g0r$2u*NAK&iGH6;Ob=!T^?Z(V4Bp6WXVPCt2Rj#5UiP$&vp`dPd9@d~Ln^4HY zm_>5lv?vv=>BG0)Zwd;T)Y`Ur#PO*Zc|=@|>cWgV1?z+NmIL7}Ff>smTy6FA(L&{w zCi+}sRe1>A841|uF~J*xZ9f$4P-==+yIF&?5hHjWYL(=%p`{6ll5vlD6r<+z*eT8f zi@bLR*tPJK$YKfn4pMVtVF*wo-t-wN<=T~ltaI{PlSS& z?lzy$WmUs;cV=x5rToyh2>vY9-|v<*qwA$wMetRsBw+0%x);u-t*cr@v%~h&HxhNY}^c^y)z=QDJw$!i+o^5D5Gpfl|s$sxvO6_#J1jj zIWbq0uE6-An)58jlyctjCU~F*n2kxi+bg~_BzDjrc1r$$w6X7B%@DqXxqsqQq$hFY z3L+!Jw;j}d?j`P4-bgw@DMsn}aIc(hOFRF?ZQoo`cp$-J9V=8tLo=&RGLR4xRg>Og zxppaLAYkztD$EX8;npuy_uV2x45n9pgD(XWyN&d5%6l`uutx!ReA>s)8GUO~wL%}kC!VXCv+z~=M>y~n z=5&7_$e8%U&CQLwuIS~oZ!V;U8^ThMS}PpvBMdWN({t19Ou$beX(HH~TsF%@_rVNV z*kT@P)$Xm?Jlx0}=`>MAGtKa8`-1|JWkVFF3q{_#=0f_*{hR0ReyKDu^Q0dv8tWX3 zH0B_0Z;+yJ#bY{Z|8>cia6XML)}~dc`rD-!n=cE#hG7A^Kg_28z5$*-I5Mz$Uy;qn_gVm1%C=Su8n`BYe);prJh8*$ zhv&<7*^8qzV+I@ucl#webkw`AI{*70q*nfg#oF5U-BG*u{%jmek|*zcB)Cm8|@!?3w*BqLbF z?!#ELFX9Rl9Pvqzob^otSIJ1Bq;-o`laa=S8md_s;usu3TP2 z8BvCA;T5lohlz1c+^oLz zlfiB$dD*v#rmv~u>cj2xek9K$sYDSx^#u&|$Kym3US5~NU%B4o>3IJ+_Frl0jOSrt zZ#@v~dGtXeLOdBbwF@tDs=Rm_|C(Z+d4W}j?Ar4f8gi8)viS0>u8Q@swAOcgC5GD% zEBg@#Yoj3<{}Sk@?15bV5WL9u!k+IV!Z)JcOXKgEQR;qnB0}?K5*8gD?t^~w^otqZ zZTKwVmB^*lRRBu6@fnpfK$bOAD4==#M2rlBK%E=4<(_IA3{t7+6>j}z2t3K1e%R)- zBxa$ii!_?zi5o&{awbE%792K1>9gMY98B|$r&t!hr)rqd#~X};m-hcL^;SV~bzK{6 zcjNBRc;l|Yf~9c@?(PsYKyYu|9fG^NySoMV;1(bR3vT%i?|y5&s1W=!5t*L~{=pqukT%ef`>4MG(3M*Hb^R$K&!V za|3_;@D1ggd`unpH~^#DgVomdP@@?JurWqd?QO)N2Z)Jn$0l*v`UA+xkxtk@;yt4F zV+_yFc{y35i#iKQzmP6w5(SM_j#pm5W2BA>ns{Xym7b9nk`JupeN^6VComQKL+^jGQhshV&o$5kUwuzb5J3285+bI#Y2Wnd<|zveh1y~!7J1@7lC;P($9z@J8T5Jj6AInnvaa8a2V!Hh{bNY&WqHAEcokmAwkv?>B+G)TW^KYhHjG+WME<)}i5IKey z<-M8oCbTw#NM z07%)GsTTkMHmbzh3JWAY7m*`bg2a=q3Y6f1xOX~@vc`iI0^Z0G-D@wlTU#Y&Ziv6Mw)V+W&fuOSbL zKg3NOfho8%2&l8P@1~F3Q=?o1t**yuXKV|zmWL#7A-l|1CKLJ5M!IgvSF%WX^!`KR zv%ln?CVr_r5D4&me;SzKQ&V5}@f}KFJ+=VZQn^2&Br>h^FY$ow&qlUwyS%kvcUw=- zy66ZLF{N`s7?E*qKL$~dNC3WjV0lzT{J-jSOgi8mDc?>s(JVE)&bqOY`|+$6jzHv} z$T^JZ+8@LgV2henp@#4XL!^b&&S2LaEmipGay46CZbx!mGjnT5Z0NKM!Gb9K!rU2pA1K&V3 z=;@0If7ng`|H1~9{`bT%8Iy0kn`b;n=-I`<3RB>vN7mnn&8__Rz zhVa?wS;QFnqF)*9w$Vv-=-aWe8FFgTWmY~p*X0o&XNCXzn_sUK6)N;G+B^Xmbw_u`flA`JTf=R>m&26T9YDqWQNW~fv zDPgOGPI#6xuPJtP_(UFU1_1_5+;hYxIG_==h^H9tZW}PlBiarDKKVPbIREkSoWswa zCBOe2;$GPaIbemXBQ9){P zb}_ZY5sBO>UHi?f@#6Wqmm%Ez61alUlfZrdbKl=p1?{AEbHkF&?5=qR8WFC%{_Mhq z)fIwF87VYuOMBkxH;u7b*;$H6rXp+(Z?Uu7&71!u>P(EwzA$J!dr zE}qN3@Faly4w)G=^9aD!*SvsFv-F35>iu5-2SA18cXf#}Xz>`3t{1^L= zOQH=Q0SnSb@2KPY+F_QMA6&XggDHvC;T9uDAcd7_2lsB)S-T{gI~2FhK$B&35PJVZ zL#5yQo)8B|a*ls{c~a=t%72c&Ei0GiUB}+@EjgyctEsL$w1GdMC;I$-cU1$dt;2R= z*yNG<%voYYfhb>OA2WWg#sGu7cCtB@It%D?_oOXMTa*q&Hc_6i+RjrFA&R)ZGIgH3 zRMy96kL_ZK#xS^-mZz~>z%$7w`z^Do1PbL(_Nn4iB}|y6#@CoA&?Cs}QG+4*CR$svhKA;~Fug5f4js6NFar~OZyDJ^P?NsIP z`hS26+>0x|jWupUEep#23nv^#gkTOVcsi-Gm)*#~B?C1A$+FHoJz6WYkSS4is;Sq-+YnFXJL(YLhd=;drYagVi#*W!QA8BZ5 zUh%bkN2<2Ft={+9Bc6FIhM7%g;X?8iTvx~7zx{i0>H9RQK-n0lV<{6oxEl*DkP}i^Y831r9e9%;>l=G@I-eZHVnPw4-_59_La1I451W>d1*EU4CX@ zvAMgxx296XwM>~&mdf7?j}T_oCUII25&wZ=#Trv z#`l_Dm#^$B?_^{0FwKX**O-3P>aymk{4%~|<7360HbD8#6w4$0NuU8cfxXNK+>|06 zwW@P*r31xVU%h?VO%Fj(rN0W>jbY(YZOeeQHu^ANfhFHZ&^nx#uN){wiSGG=Z7{%y95vHAPK; zyu(?E72&F%ptTHg*z227`f(?W_)c;P407`rdfEF?qWk%1=i~b%z>)Dwc!uN`incf4 zf7?$plBJ=j^YxK%%sapLCHckbk2aEj1fHa#i_pR0zwJI^r~-v@w=72V>FL;?;j$Q2 zMc^J+mT-|U&qyk*V!Q%7ACQN*UM=wK@-n^>#hoJUFy2lH@ zF;nVsGAmHN3YNtMXzI*DtykhA)TrXr)6t zV@;&qn$C!^M@O#xiECvp0lSltPKjKyb!B69t+rzUQ|l2#1o{patnKY5PA-~|#0bw9 zliimv;IkjIm3yy<(GP}~{{hyxm`kLmEdt-N{3xgarrrGLOeC?}zTUu)GN6qhVF*V^q|$yL zdpV$zEBBD}u zE9e%^)<#x_GGjxv5Pn@x$oon=!5wN3kKn$tBxYQj3U^`x4yV$>c2@Z=aX`!a9UN)gGORw z1lw_sV=gt=qtUl2XDeht>;a}SW?n;9j&Yy)Ma57(oG-MK#U2rh%SX;xF;q-611;M1 ziXr5MKpMxVaZdQH8XcyV5T7I;qqu5(^|G{dkYP!9e}13qv@ZSRUFw#hkm1vy)r?Vp zz7%z>AIYjn4|TK_pN;#zMX^~w50N&E;s!m6PBno??QgDEjAnPSA~OWrTbWW(1)0(6 zg3DNE{>^uil^pgYu+PS>pprb~b9qKc%xAIyyV)Td&(9QiMu0zdg0+3d3Ka7{O$p&A ztK$Z&ewo24*5Z=Q0n8P-{ZLCE<%G9JM;RHN;|aILYm5ur;Y>^Eh|(i^r#S%%WALOI zb)ZQxo8$XWA2gQo`1M!F<8G7yMYIgXnZpmlLTW|s38WNBW_5VZ4poIo%2J$W#+Bg% z40Z9zCk3fmpQz1e$s-dnA+O;x0&Ya&xMT!!C!PbWZq{b#*!ck+T3rDG6l(rEfL3YHd=h+WrP# z^(!Q~?5!hsx~G9~v&ri*)?((7J+ZAiP!)hIKPRd`WONY)*beF*Lci4l%0W$({w$b+ z0$&KRyjSbDIa>&NKk!)YUhPztY7(fFuH!(;W+(%Go$By5Nx~5fSqcK-$sh9W2$9GRk8lFKt_GohM80rMwJRv|0Dqg%pf#;&ESi#wSWc@T z+aLg~Gu0u3o&Xih@yIc>UXy_;0tj>W57Hnc27ol&FP1R0+jV;qj|ld`-~2pc}?HeFEXx;z>6kHpN<`W?VI53}N~)z7$k| z8B_>^_c}Jn|7tvZgt@_K6~&aFBhc3${L{dt>RLUtl!VkH9b(L*acipLEg( z1m_~uow~yS854ULQtQm}zML#LpM(oU`2=qdPMcA8X+WW@%yo+mTf>moAeHT}$Vq-^ zHD@~O=oK2FgqTIj$7ENUrk}Bi2?J}sP$$~*R;KTaeuaOg5PNQv+)QEKV}ti*3hE*Z zkp-~V-`+H9!;lfoh-?UWoZDy*A3JszmUn(M;V>Sh)_?nSzVz(+?YkapL4YqaOHzp= zTl~}vA2PL(su-4$-@#M)I<^{=Fn;wv^GbF!a71WXba&8B+-6tV{$EBw0gBF3$257m zlrid(2>?RLlBsaUx(6?rDs-#e+y98o)|#UoxtpxI(|h+R+jNswedB89faf0@luie( z0XP2J8C(TpATwd@KhC-^|5X+C#V=$0QQYvVg{ETV`L7lejyFfB<;Z$#X(aee71+gU z$Fd(#1}XA~U!b3SQ=fxVIkx_#{&$~NGMWoyR0#^_OltYS&UN+DFO$Tr%fxNCL$-}` zZ7Ddi^m%e!)Jb$zC&kGAg%W&@RFJCN;x^GO(W)M(qSS{pM=jVqu$(RGoENeyBD3k3 zkv|or&lG_1gH({2NwGa}vB%Q+hXSoK)5(JA!3f}%xZ{@#EpnShvxGOpP|V;(@+nyl zA_K*o8|ncqZ+ZmQN9>z8SR!X!+WJ`^6qYYUo%U(qmebREVkRyaicoSk< zqfD#ym@~Y1&PXSclp?avl&is1mspp4BD-tCgr2GLvX5gW9=9V~7G);(K`aISC;gj1 z_!7v@A)04rBC9(Ptyp+f@22`2-gj=u-zrLad!ZlUQi}G5?^DBIAILhd7x!qfQHK{5?IT$&-* zyb^TCHrkiT-DD=cq%Z|S03FJyPq&(k%Bq+M1qrj$If^F?NatB(K@mge{!SOEkaS-z zg(q3I??cZox7yz-%=;0B8!(zLg|Xd)E=gFh-6NfAW3SFmhCB}ourXGh(st&5V19(h zzx#4bQRom_Zr0qQH*SzjlJH(#4ne$2>ZT8@%;HJP)*2Qw#>K(N6Q{?TVn7-q+6X7% za>&4}eKjEt375|hbitv=6ZYW-vpZ5f=+VU;M7N@ z3?Zv@_N;Q0T_^MgRo*17nN1hwDHLp=Ld~DdwQWIBggcO)^$)WNeQrn=SerB1GuLQ$ zUcO}Boo;Iv4j`Fi{Pl*~?0)u4EVoe5Jd;K^QIWyy#|LNBcK>iuu0FAo7jP~=Xk zISUCzjQG{ugNSM((KP_7$BOc7Mf2)TmHlom94YGo zbVg`{W4A-PPZ}O;fWH2#Wcp%Nj*y$Eu5{;Jzr^=f0iiLHYl{VcLklwdM01yDyPGMo zOH+LFN?X3nn`J^nA@t#jfh^bDZdud09zS_Jv|QcKzj5?e^y%>TSU$Zx;44Cnnk7Ec zVEpObJLM61;@||wuA@2zYZVb3PoP4HAE2E7o+F1`>xV|wT=|*-->I)3l%|dW8s;WG zn03*c*2ajRH^_-udZXfefYBTSF$Gg8o7JW zKhdxkof@hu(7`|OpeS6sh@7{|MkYwyY-6PR8%u_;B7;Y*W zn1F*)o$mw{%}lCAV(=Av-vON|30&DR59^S@+wJ$ zZjwaxJx#*`a-4B~0KGcA7i0JyWp-t#F9IEbeEo`Or}FT&{z}{JUdIzJvGm|+W}kw9 zeB)B#UtwPpCxvsPN7e<|572YDp5Vzgs;)8Y!D*qAZCuHSDstXxam_NJ}yMT{dZ6aAc41e$o7(gDNtUTGtE_$H%88VAqJ&m&0#pd z+k>cFbx%()vDf~$A;Jx!fi^%rtR`PirWAQs{ApeNyzMgUyNNo4TU7S)WS0W1;WH+E zzavjg>=CM=eP+5tS)~l1-mc5ih+P4H^bDZoP?vCt@Moku5lgB?;M=xUKMgi2`Dh&X z9#2!g%L!}kn4*TQ!gk&v%bAxT)Yw8z|!Y7FUDGl6l+$s#($#7##^ z9FnA=Fzs2G8E}|nr`4G zid+~5Oqa)Wr=>ymMEX>ptTKYSVSKuv_w|6^h7nPs&s7I-a9LUX*lbBfstFThP6CjhM$_r^vsVA;PTHoUq*H~#b{ z0}A5)g>-EI0Lb#tm&!1E0iY8-h9Z9N2hVo6W;qpC>98Z>&{I4FpDe|8UFSn?+ZvR$ zC*7(fXpE$U$r7{m?>FCCt%?Hn3s6`L$wkmSAS)DLv&k#)3MuC#wTIhQg*%fAZp0f5 z6&dv(Gy&OO_vCk3j-Tq|tC@gee0f8=YjUV|K)q)>x3pi4f2nb(u&LMqBrNBsdJ0-=4IpkCADcj3# z_?)V#DYOQ4vuT5xBy?^J-lndWenb5%Ee$c9$W;g<Oj`uDL4~Pv*JXz9=VS*mR^N zTOJ87j5I}QGW7F(#>~Giu=<3;>6>D0uiu7^ZiSR)o2?;f$g~S|Uv&zbw{fTgBby>b zQVpp|(XxMUR!h%D4)bSvM{s9g*~BLwzI^h5ThHMj>US(i#ZNdG8=vCIS=!<0I-+<` zpsArBTzE}DMklVQL^sl1wo{4K+#mBs0dW7kEOI7e;7c0B9T#sw%w&C4b3K}yT z_lh~^0l)$Yqoysd#l1Iv2wga0Obr~o95GCay(!t6R8S&wK9A6T%uUc$rXmV8ZRCW4 zg7sOsVsqIzW*cFSGsa5jH*2xVtm*e-=3^fy!A-pK{tOSGn&ll{p3ic2eyer4sO9mf za#OVbW$i@<`#~<#1;5BxApbWt&J5ij{7NRR@2UEmK>`*@u2nK_SF*%SGew4IHP#Q+ z_SL$*gohQ{nfoYV+JS{f7*nE&v*K)qW8Il$C z-{nvgL>2la^QebjHBJjCb`O_rsTn>88;kLk@leSWw?-;x2Cgew!V}1%{(`}QaG7}U zB=2(Q`8AeA1>2WPr78Yc^9Ptxn|_SK-!umBu<{E9(hS&Rm>}DC^50(O-$pjS$1sGZ z3E&LN4qtm4G}HvX7*NBcr11y(=Gg%wn>;qSW|<@9CNU+&0=`qMSPRuG zUn&L|CC4r8f7CX7NnIHS0rcWeU^1E-uVw;~%-eRHTuzF7W=ha;tJUi*DA0a==pI8? z*Bo}&7i)6FniKJPS@(xUrhDQruF@)(S!wA2WkMXUlQqsl`V@~lXQ670A4W(Ja4MYJ zy}~$BOz0BQ^%sEMYmjHs^Wm?oNT64@X)3;sZ2kbN5!uLxAaUytXrDo^hjn~@Agmzq zf+EI~c@XjvMg7xwaB?w3A8W!ZRgypqAuDTSbI=kb$y1W}gUZAUe+~8X%Ju>FpL$1H zd~*;lJ6$om1O|xkt6c|tQ^+m=9{_}j8Jr@J|A4k2I)Y0Y;ep+zkVO)L;gAS%9el9_ zHyHjn^jeIHg!z2t>c@Ub$T^V6prf>a8ZGt1PKaX^8_9Nwyr@hmGmzpK=FZY?i$o;Zk&axVt?8WALSfI^)qS;Zm@mX&0)5MfgMv!eHaZb_?#dTx3@ za=}7!q%H@F7F8e-m*{5=SEAm#3Vf;``wdOB1ORZ@XvZYzf`}Xt2e7i}eHyKXkxPs|`TF%%BxD$QNZ%6u6`4%S@tw~s>-P93UYOE2;G9` zWC<@zR8)+zz?ps~9h>X**B>lJjl+<~kb7Q+`8lEyYbO4Oe>wl%c@-OezyMwdh?sj` zfybKBKg!aoj_T%97^!q=X&A+JM)|Dof%v|EOyn^NMP$`-8wP?J;p%A-r%m^9yTO#b z=(t|=9|kyS7YSGqJlGWE7ii7ItB-wF45@6xC2+#%+HfgGSs*Vo%HVO2^N2uj^p|8J z&>38Vs4oRKGa^hIpAz^1U#F)#HO-0N>e>u3Hvh%QSOwZQ<;C-Or>} zPih7G4j)=>al-N{AGI zR^GYp_TM^t&v zbhSWVViEf%tj4x+Ae$o-wJrSS!j{Ng2gL-74cD8iCRZk$u5$-vnAUKHD}^ZeJX_1- zcYh_6;k)j-=S)1R3V^ue=WLVLog&N!Dk6Tf((~T)gR2u83sFQq*(Jj{)&p(`%=af4 z9&j9AN&whQikSa6v6%M9p$!<3I3vg(bOXG3kgDxMlDsin8D-@7%m?urh6oTBj92-n zShSly+4j$xCDpR**7D{bOupcni*i0*4KyuTYv%grwFD>?yx)@Lxu^Z8?aHGx9H3wk z*8I>!^xq>~<>3U#G0r&4D*=nHmpkGvGdwC|1)8-~9=y?(&+q`7En^)1q`-%-8wx1P zfBhOhh6Y0Itrc&b<#-6RFMLh7i2%l4?~^+J0|*@GN1fJ1ak3uAY(-C9laQJtxW&?v z&i9*a+j@=4mE-hL*KZa|RTE?~ebd_OLQ%}g_wD6U6+lwY3ky#JT~ky?q#4!U%_X3> zZQHIdA`a3mtL(-q8SHX^ASkg{_OaM)nqc(&$PAT}Z z$nOeiX4PM9m2?90O1;M9t^IU^OwnozXy=Px_daEY<+-=SLk~3fo35jzV7Q2BfL1i2 z#P1){1cD7weYkmPl=kNZ8pz5016h3NGf@da4O3hqA4;y~7Pz?*6TEojq2?TU;9i~{2Q@Y*6I0b6K- zZ`Wuzgm?nU+{%o-75g&B7M-Rh}cih2z5Ea!?A7Njv z$ns)&=pUK85$U_EPxW}1CNw45ui5Y`1#g$P9A_P&b7Z2iN8m?9BOyGjTm7V+-#aVCL zK&=|&XE={5?;)H(H1qAIw}%;>{Osqv$!m=aX4mzXykrEr%K@90@QonPtiahBYcI5~ z6rE9tJ|kB?V>H3u7D8yO-@%t=J=&Uo+oL5@>1(TX90oL<{sNM(&AG;mx}7GGc__Z> zR7vYZ+!fU!JR_9#p)jD5>Iq6TBQgrqCB{%e^l&h@LRQ3Aha;U=)gH9lQN;!<=Uae( zl)=_C-u`oPG?E{RirVT)oSEuTW{bXw=zAf#p(ZXJjdQd>PK!v3e`|s3EBVqXOi@ms5`dfEx z??ddqQ2YY+KmPl$%V>c58oxDWgMko`gn^`Q!gEzXkreBShsD<(7!WaM=w8 zD@hsMZ76f#!??O?3PjUp0c|RbAT^bp0KZNF)8({Kq#bweXJ+YsuG7zD*@l~~XUAHb znsO617d4L02Y9be%p=}k$J&lheNFU7hjlDck4d zGutZ+S}msWoSw3k3tQy^d_@X>g=9{4ICjwK<%qP+u&p)LiQC#76&W2`^M)-Gj=2Ak zy$)@~XMkzEO89fT>cr{&fB1vi`Jpn*F}Z5#9C4N#bhNmn&gqwxw!GiJhLe2F3|w1Q z>{eQ;)i%Ug))l|NlStj;nxyF7BV(8^Gq*3V^gb@3^Qc_kHlV6HL~GJ-WTmZq3RX1P zLvHaKJF|?%LS{1Ryop(j^cz4uC|O3)uKe-(%CzG6UQJ1s2%3eJ#t0LxD*KPy9wuuN z(j}%%J-5HPYCQG-QPg07emSMAx;lY2&gM`bH+K z$S^T8&3AvxeS?YBu95myKFw~~{e;6B<+8!ATq+j|FfeG>X{LUkuI-Z))EvKOAmilj z|4k!3tmgO09Cd||GQKz~HHnla=4ptrdH1$_CO|$m+b{VT%`r&aNh_#(`r0q7#P%-i zANoA#@DuaORE8tqTc$8rdY*2d@t2SJk*#-5I^zVM zsH0!5C5oPfp{qg@0b@ot5B0XP(Rrjm<8pV$88?7JE?-A$b60p2o=C1=dc%?k(<}_) zi-?#V5xz|PIO;&3c1s9%hA2@Ot2Z>_ar=iu{XE&q1wTD9($;$Mj4)V3(l5gjUPlCf z==Az*F38bW_~Da-8V%y7?0+K%sG*`{q1Z6&kg91j_ivo>odzo?{*zMS2Pbd6D?x#- z)Ct!?Qu%zon{U1GyFe;5`~#Nf-T5n3GJ<^1bkiVq|KGJjyj4Ug3W9HRkLYiECU1>S zag1@3Ug*Wh&GAkdx*LCgjnKas>d+(o_7#A)I#aAXNfwkH8L(mNq`6;T( z9|7B_SYKw;x--#8-JRy2rlAs)Av1Fxry zhu~W!T1h4|$G(^#<&e@EW8$`b4ZzFmrdca3womt%nG7n+vhZQ88k3UBS7+>TQCeMe zCMvVw-8NiuW4h|4X9frw0z(tv{dA(-S|4bu&d}&QK&T%{DRd!S0EwIvD|#F(yg>10 z>9&ylhJcGT`Vw_o-G9F{E%O;sbo7TnbfJcO3W*Emfz9E>i6z`Nf~B4y`Ayx7QMzUD z!S2(b!*2jS?5W}a+`B$sJCQ%IE+5ru!<&3>(X?)Pyda9`nxb3y=psLY8*zdb&X|r$ zfwTEEj=NKQ-|98UTMYB1xAFgbt?S%|4M*_P>&5DX%OXaKJ(vTv0bN zVnbNazptO+ta!*%6%UwT>_q~t{*R(TSB%dR>AInAz@D`GXAEnoCH5=%ki`{s-S@|V zus)tA%u;xzZ^#@Kq2CUXeFs8o6eX0+tQt&trQ=4lPN$d1z z+rCzyW$_`vo*9{b(b1^hUivqdV@DhcoL<^tt;PtGUEC`tgr7}JfR<<*SKX?a>G4x9 zQ7A5Uo+EJ~V!7(gB!5dQ&A`V*qV1-1(Y4_aDVa%+gWs!l4ieIDqHb}T4N~^HzxPzO zBJ%TG;%7w3Q&Cp!UoDB~D7G0QgAJH$(B!Jg6o?OPJ8{i0q4bYu3WPV#p^A;50vwLt{ld}B%gE2)08Pc zwNllQ1Cl2X3$6IOoK6$IH&mGJOZYpVL>*X!zi)ey)!v4P-kA6V>BXqjnk%_v)rH6y zKWmMK@=t~RAW%3RJ#U{4MHw zld%4)Ty^8@mFutzr268v9AH5IDhW@^0l%=$G(cxL2MC}jI4NDj?Nz-y!(l@mAEwnmgc?tcLO zY5W)eUs$`4W3||graX1qA-?axoGNn6h_~d^U792Ysk0{Iad@$QLAbvrn@9oxbswQ@ z{#z9wJdbG4&P0J<63x?dWB_FZ>RbQo0Xj46iovK4=4mMpVW}*KvpX{$<_~0}#i1#F z7HVgi4Dm}5Eq?`4X&=pb)y6C$-SIA~o#hQ5QDO5GmE2o2M7BwZ9c85#92ym+vF{j; zKvXTsZLkEiBJHs?p|6+$?<0rV4Et%D<5$SigG5(Isc>IG{>#CV(MH0=$M_PF==!c_ zrX8~dDLWjIeUN|7Stww%hn#2L%Cl@W7(U+Q?t^LNw*o!Mb1En8$4dN83;#l_hgPUB z*Rvu1iey<_&-mGaVAMT0-y{6C`oEM;bv&Xc1|*5u33Z;ORM)$thkRj&UGyDJl27xT zQRUf!{-u&(oUulXF;4>@o+lF`=$ zr*bb`zk0DXM}zxim_|lUKo-6qsi?jGm_Qnv1c_B0{r1}eW7xQ1@aBd+i9KU^C$^WA zUOx0~T0xVs6QnX4Ti$F+vh>~IA?4eX^&A38uC$h;CmCEpHBibVLb}AFz)$e9&~8kx3H;tF`mZ)6I)j3^B$}^NV}2(sJ;A zXF?5JB99tR>umpy)hwAKl}So>yf}`w9`xxj{Judq48`@OFcvIUA^)94IMrB&NnH&q zfya%#1iBU`_FfRum6&(L@&{M_{XXAQzXc5J{kw6O#U$-GoYDi(<%p zbBWSOJ{%Gl5w(ZvTaFvV!}A%xAmW%ul4<_%tmY;n3Ev1}JFY(S6e){1!pym*>evJh z-}uNF0@vwIc9D``vu=xvoTnqxqM7T`@9q0mwpfJWSt41sA^SoE?B5UsN(+ z97xCLfxAm7{tW*)M2;3T6zV@r=l(F71WSH@JvH(f*=|AHvt}EdkM*PChhoq&k%PM} zY4J^{#3Bzc1h!mLh12HhI1lq@gjf-ps<`4nY*HYyDl7{6&nuqK_Ttt*Ybmf*_X^Fn z{v3-m)~JVMGUbXUo^XDYL;yPw7d80smQf%nUE(l96HoxiD~V+DW~_Ssa1t&eTPd?# zsQ25*Lr{FcYChJeFhx%}ouK^ikji|Nl^V(<2!li>OlO}L*)@=-nD-i%i@Y0J1aA!2 zUE~FjQzZrDW4w{np{yf9@2t3%4m|tiFj7|M2N%TfRj^geJh_dNRc!NtERy`mnsX@F zkzh5xt)pZVnkYcEmgi97PiInf=U)xWt>_fMT>w)4gv-*hx-wx|Sbc+PAYTD3oD)SY z8KJ-s43Ji;V(DErKT?IrNdZ5I_In-|9#9_{P0K zS&{y=llVrj{=owjhhDdr^h&dq)5wEHCQ|8-?ydn^4M9C&*J#b?<9PXVy0;a&)W6+7 zA3n>4pdVvLlG{mC{P=~#*_QiO@HBEb%@-oJ;DtlB-N;?e39xqTF8HWPHv(dJLbwg3gP$gmwshy5LD{0b-zZ;#7vQA~5r6&;GxHnt+xt9OUx^ zT%Ii}4&7>~3JRxE!y{+a5AEx`9bXS^#+*Y=)>{hxhslYvoTYmf!PV^eUGhSd`PMA< z#xj4!ekc^rpIef|ubv{TPMH|FL6j^1gyKwprGZO$eO#R2#u$vjCX2NF8;7_rb~lPV zG6DkczUUMA&wZCV%o^@7Q2=XVtL z+Pu}`JId%#Bgm=#l*!3UGE2;iEy`ndeyrgUDz0lc>pQg#qy(D&5?%A0l$Kaoc$B!j zb)Q_qs3nI5*9!c39~3Ur?9o2}j^Jgf;8jM?vIMr>l|+olMN{i`o6?iHzDttOU64I6 zusAbuIwQkQIc3cim~;Y{Z({$ZeE^sR!m?R}tG8?2RW)^bE7@6#{(<7RvP`n z066`lNu*k2zR9KN1p#J=(m6atD@!cTDV2tVtlkvSk4`}pZnIb&OwZ?f(mzzQqOmayzxJI9R-&Y^op_L9 ze=EkaMN-K!z-&f7KX^XR4-AnDwZ_0)-m9LM%wc1!3VL_?4KnDen%!GHqW%>B)5z>G ziaw4g`Si}<_4yxwxPfB#gKUptpECb>odnC~kfV95zBj4WwvfM1lvIPCVQ`#`#bA!A zPIj{&I)@HX?Ad@P98UF(8@HOl+Dbz4cb>3?QGhF$=zywxaWdSXckiqF!Z;L!U@G+$_@D^Esy@5R}aD% zSp1ep>`|l-kCT8hs$i^{5GQ@O$)0pIIEtq5$>eVq`@e|ZWN|?EB+EqLc3ln}CB?{3 z>#RZeT{M)Orl9kc*3y^;97OzeIj-+s`VO>}TjhXuYl`CEHW(-ccvr4qNl3Z0c#v>G z^OVhpBc1$aIMRLdeNBLV+0xZgd$g^~N_~qF0apF&wKTV#z9CxeCGh)lXeA7Y*{|M? zCcZ46%!x2=&rE~zh;1xswreQb)D8KZB)n0A$G7vIg2?-XyGd^Y={8o{ERXp&Q;esUt;PCXx0 z5Do2+D?gA?6LU1fw6l1?prWMN$_oLI!p@MT6$yciHpMs{il)+A{gF>p}q-{ z{tlO?W_;h7C`C+a(F&}Qn!Pyf=4Bk%xReRf6*Lt7U~wC>-K1Z5)Q%9 z<;~QOtZ_WS-szrKB9(CrJSusBcybRifd>3J_Xr7?)em%}23zjMv|6A@JSYza1wsbb zc;zPE=2!@%piw@0o_~*7!8W!jTH5XSFUk19t{_*Go7?#6U6&a?c>s$|EOvSP@MmdH zxat1$rj6JiR7Bg?yErLIknu~XS75S`l9tU4yX{o+kMD~?%i3U#hD_UyFAW_WjN`J% zCq=V)U}Q1AJ)8=W_+xT!nx@hO5x?Aqzxz8caQB}O|L#Hm{aUl@>FdNNF%kSu}-^A;sa>%>%>bXiV#|uI5?ZJLt zEni92Qjb5w{{TP#%UHCzEfMGmk7a-WyAf!M)nk1qzIZ03$FXCa+HsOZgHkZfcq!``kl#3400zkc+213kedXF)$ z`%>7+HtLfr0xt8MASuL*f)N>`e0hA>ViTraA9#%#B7B`dWD^X{Dac?aVl1BXG_&WI z<(iVO-ujs{uW-I%KPPMwfzPrj1DDb-0Vu)rfG18V!mbBK_>7@VFe8gr`R|D3L&NSO zNQ%XV=idAFw%xfowg=e3{Vkbnd;R^Y^o`+T4vxnJE{KfjFcmwW>2L`d3%sFJ@(|W? zwZQLV-0U_Ke}?l9osi3-su!di&Z?5i{#aH*rw{pfK}~FLo({8P|2EQ5qzGgFioGpT?iq zdG8DANoah&>2g8=C@dWq>P@60Rr*oH`$Rp{_4AK@?1ba!}Ronbb9@DqLVR#4RNZsgS|j%xeEHteNN5TgvejnKPuQW z>HbX;y*`<#fcn7@xZ1}i@KZPJFN|Z7V)U%CboEv_qmi7NGvWJtwNGpo6Fd->?LGI) zjOVKZd>np(%FGd3csLh*Tz|7BEUln&?J0wqqC=VWspHKH#;@fzudGp0wb3!k6DugT zDL#A#7Ir9`sgwn+2YpD~ko8l0tM_mJyo|{BNNutG8jG5uDCSz+-`n1xD#j#XREuct zDd4eSj)zc#jf_`O>46WI`8T&-SKqCO!s1W^?i|r>XAUDB^()>mRzL}YC6+WHAOXsGyqF$MDaZFF zXU2i9H#$&=04NGh(mM8hEE*^M$rE~41`&tvbV5-l8bFq;XD9mOx6C?T6G zE2+8mrrU!}G453vDXBjonC~G(5KsqpyPkCdYkZ~sU1oyN+A)eg?;%lE;93YW*$4`p zd1=(~F*g9%gu>@0->8z2QzZQ!_<-|b3d{2W_TcpWgo8>x^)Lf(s4WB}j7t@pS~$ck z2NPn!ge-c6to%d!JNW{Qdyx-lJ>&0&L;2Q=_U42~%D{6HA}=dYjbesu&EjeO)2ta6 zTk9lfUck=LnV=JMkn7DqQaIsjU3h^n;{(O_ICXlcDv`S0=wbplw-j8*{D?dg4twt@ zW%kd4BpWO=tZrlkAtq4G<70wrU`4g%!Q=v`7F@*2?`VfC_e1Z?-#q6*%Ti(SrQaV@6&RRR|L#gHv&}~hzQfuD zn4NYB#jXtC%9!?CeIq8_Vy22h=OULs+DspKkxLG`O2UlTw(0EZ8Hp3}SEk~y1~A~a z!fm{RZ=q*Pggw_dPyM@xv5Y*(va_VaT!m5MS4{Y;@kKa*6zV^{+?B*60~Rq6hC=a- znludiz_iS}_*o|xF%9gXypOyZrPzgDjo`U09p(?{j^-ZMndF26ohYc>m<0l7k8K9?php*TX1)mhT!f}+=`dt?oM$n zP)czr?oKy-zki?PG*{-q%3RNLk9&CRST8VOH%Y^hDT7ToB}`R9L(;bK zvq``j9z5Dn$Em}mLo4Nw#bU%012<_tb)c5Bn^XJGrNl-Ytqn|#U` zUC5lyQE*G(0M`#N#PhT2MPQ#8h&^#Xc7MOvOJO{<9+Pa~XGZOR=#*KbE6>a!PT@oYk;kooWpx@Ymxw znL6-Sh~enC8Cu)>`6&l3-x5X!{pyjbR%Pf=soNbLMmup)3!M2*ykhz3d5QGOwC_b+ zI;2Pj?K&aGHRx9BDz;)e)V!?KlRU4qbQd^B;~?_+_07Xp;sQa`-aLY!e(aQx+r|V!P;z z-Y)MOU`Bx50nZQ$rei_(kLe4~6_9%m9uGu6W2>{^7ninCi{W$OXQ{%8d$e=DQtK?SL^`zYUr$={0qJ zb>s=KJf4UXD&*N;a=IRLETGaD=Quu;#|$i3;X6WMDAWJKuOrj%2r^akIA$zf3BSb^ z&rMw$jvc1t)DRc^F$*2BNhN}6e;88l_+WL~lr3;Kw5?2xBXJd@Pyhfxir`82;AgT) z@n`*phZp4YbN&L}@OOdNp;z~pnCJZ`f`>OX%2nt%F(Sg%TO5=0AQA#gT@((_mlo#DpG(E(wkFd>5MTQoqE?w1fZ_ZAMCw=Pkejz{N0ND#*|83WUT7y(-0ZnCoK z45x~a8mY2DhAy2~ou79oq(Gv}X#f5BK{tdXhy$4Kp6XSw(5FgJd z#bc-6aH_RL4BIdqR4vseNemvKUqvaqbyHvoCO`GrxX#+V1zwEFUXVnSC}fpO*uLdJ zHC0DVMl$yKW{LHgf^|$iPLW9jAEYpms~$#5SZD>Xz<39!-;SBSsOhK|`FxN{N0H9u z>s-MJn>_E=5Mmv0ReWS@!z>skVdbF5CL}g0aFqRV*2(Sa$Y7I;tuyL7K#doJOlj{W z`fh;=x{|QrEIgoBgh=@tVzf)i&RtVt;E~9?0gPJ0-zkSDT7(01?^iThEr%D+*S64xzX120y{R5mi8shN@GzDLi;Ff0@7cPdh1-f! zO8a}Jw2678M11h^`-CU^N9VUYrbm;drJ(3HxhYgoI7O}YY`_MA`4%BS=*_V)_c(3Q z-a54G15af{2hf5#G@%JIWNc2BO(pinxy{lKK(KYnNE!DjiEt0j+tBa*zDeZYwmME& zs$h&>x#W#@wr8QEBE_@vS=z&JH!FjKdTH1{>``>3B0{=#hRJ^sL(02goU4^(rS0Y- zn&6f&<7HEeRH*0a3cccR6T9J>{10v?5fNuH`d+GNnj%nDTiSwzZB}+Z@?R0H)Sr9PA9aomb|rUh)I9)^*LQ zxN0V>h7{!Mi7Nw3%Sk9r_|Czd=~MG)b5J#WLmE`LHeD^ zMVuw5K3LfA!(V{sTYB5y0<4xyKYb3NQLhyo7@2bXJ*LG%VDXzTTR09cdZrex2OV2i zFtlhxP3`_usM6NSe;#D&CAMYK)o>d2>+#~}5IJb1MymJVCovf^uhpfN%Ak zJcvKCMp8ru80d!h^L2EPw3rBrTptOQJXRpq7Pk@MerP>-uhIXuTH-Wx;V`nx8KrBe zUR=zqFn{aRqth24bAgrViU-v1;9TPUvV&9zua3 z)G_{`{mkTC+?R{&R}MexJ(P#Xwuh36KQrcm^>B8!WOcmm!??v=DxC;%S8X_9aH+7o zD`q6sALg5FTre`wPXwyD^jQ!Q7v>lD;3(s|Mp0tEwcGVSc1HMr+ZOL$UDdf%t@kUp% zf_9bVc|n+THo`mghciC74MC;@+Di&dv%?z0u3V2fM~5FcOXpvc}t z3lr*~dnb9uLQy`02Dqbc3;ulzXT&<|biw)S0Kp9o)sqTr9}BeOuu@;%yo&P4?2;Uf zJGm~fYbhWXaYiQ2>T5MI4G!vUu8D$Z;}neO^?U?YQ>erq2;Zk}7aqoRsd?h-1x!Q< z^m!?D>Tb~FriY^{by-z!MjGJPclhTtYcJ9*+ufso+=Q_dU-lcELg|AO#bR%@@VU$@ zXA;Hm;T2cc65}{t9pHJ`&Fg&_IW#>e50EH>jP1iQhMR{W8p(dEmTfKljTzjbOUxy3 z5gSaa`4u?>6_iE=y1`W(-hUGF`H(6u+-424;!u^0@?{}27&Zu(ZbnU`IZrhFR=5+f z4~DV!LKb=X`Giknc#Wn1+S`TWN1-J9*n4IC@4oPS8-k)vsNIdy7m9uSItawWQ^T`` zw|;!Cy^*}Zw(!qSwODqvgZknh4)}P|=Q6TfdXe;~ht(Uuh!QadZ8a!K7qD|j@UmQa zr~NF>C6#}#%gX2L5c8QW)&fiC*50pU+wy%!`7=wDf~ycz{BEkzFryqJCz<%r2y#F3yagK+V2*o++Sq*!Wb`jKt_9!^ zni|Wq&)lT)-ZZMcrryNL(uhV56lOJ$BvT}5%&Y70+&@?1lLJEv@W)h{cSpER50yUX zj2;bE2a$=PBYcLGXkjn!)fNY29jlVlByawtpa?~1f=ezv6>(QWQVIfzOzK6O*nz&@ zz;{Pafg9rlMEKh=V86~+5ZHes3_+Z1kGiCcImO6D7CNBx7R~+(aAC;3REPKAQc^;d zztR8DQ2UC=xp&gG0mms02X`NTH!hx;cn3Tw+kxU{57uc^CoSJ&G$SgM?45LSFv*z6=w@$J-FGzywcQ;Ef;HMcav zL|zaYvAzrjSU_qCY~Z0vm*{%P=u|VlMwL}5m9yy*k1CI%q0&hb2zla+xKynIZ%!VgZ|+i`-lmSdN5@PoS4(ANU{Ag*5r z#tYx%XXN0|b^TqiD;_*+#WPLIOE42+b1|r~u(T^5{#mqMf=c+0f>0)1sEA9 z5~byN%FdYw`m_j@?f28+YjWF%Pt-jX;oAz;BC)b3RBGphy*uyHcJ3hG6XWEt21z*# zF*=|TBG!d{8#|(s(Sfl)ASZIR#b@!{*eGPNpEq9C69Rf^FlUQ|Rm(IZO)@YCpyz*f zEMxDk+owGd@%kM13EV;_MfEy zXnqmd#r80|OdkCF*no_DIq}VV|aD_r8{4D z!C@ueHr6L1>ucH1=^w?KxMjmsHVW|2^)8l%!shRkU)`;6+!*Fn!kf2|H7VFB<3A@| zmCX8>re3I(o!b zAi9Z-(3V96pv7lyq=bq;U$`ERPoT#);JskQ^xcvSdfkizy)f}WEkL9TUrP6Zey*8DYan#DC?K~L zxqwNHTQKt_;fX6#XZecfo6jwPX;W_8|KTnJnl-E}=4h53B+wsVf01-g@yh;LLnCgp z{?>1D%0|CxgnJjw%GxWK4oN!yG91NzDPJT&aW%X0Vx@As7EGct_3LeGXf1@lJxhdr~K~8 zkoE`1zkqGw(Ho|hi)R(T+86In4)%18Th{4kui)$lV72NGo)kVts^HB@g1oZpbZx|gO819yS3W(aVwrQlnJI}B@B#;VyybK zrqejIy(6c&&eg(&!$)Bckes3tdfVsKGfBUEu>A4fyefQsfLz zVHPXnZVbk1i7k$&+nLwbQR2x$B?ohay_1_p!cvT1m;H@CE_zUS+Ni+QM$p*?BvD`n zJ1{Y%E!_y15=L@@A)pgNR?jDG(_1vgbWHBbFZh zHb35A#lwJ_jQZ-+zzau(=(OHdOqH|yIxo`9&7*ZBa#p@~=lOCK`%fbF8>Oec)SKW- zgq66MeRlF1A92&K_6!fTQ* zKy82$2Gmx_sISe@Jy2(43e0B+Q>2*ZQVcZRX%QKJRSEB6Gq_GFi8*dX04 zcUDRgYR_}l)DNF`5dS2I)PJzwRsY_;I z8SpDVOf_%G=Xx|pWn^dHnXXaEMUX}l1C>y|1CwB&pY*B%j>Xs%jl6O3&WPFf45MU$ z$pW<%6*=1TSQ?UF%*L9!_pl<_>QQ9ghP_~zF>i60Vkg@146I>_88U_LqfF)(cy>wP zLp;q#mthH7vo&VDZBz;3Gh!ZbG;Y=&Nov73M7(@v8*Bneb_rEAu{6FMRt8K`iaw6O zDRe^_&v0Z|8)-%6mV>tivHV{E)^omat@yg{h=;ISqwb4OX%4z2TIrM!qeIAE&-0Y{${ z+E~~S*tZ{sR#!}lIPS!NNoY^PZcRV3eK>~?_a&6~S@RNI7Qb9r?DE@Kx}T*Nx0CY7 zMb?k&_4Y~$>)AK|M@aQU>Lxk!O9BiX|2g^K%a?SrG!!Z-WN0x;gngL9U1(el^_kT0 zq-7y!IqeYNiAb0F13bqL|3dlB!J%h>e)Gp!c_a4lYG>)PkMZ%_6Wo~Jbp4p^3nUu= zZF8L1NV>GeYe_UeJJ0^)2$NvZtFD*u6p?k70WEy8Japs8MXgjtPq1T!+ z1j`wm)9({%3SU#c^!%^DA5VbtEWr3&#ZJdjtb4hBR6B}?KjEb* zdf``Hg7pYGaZhtj-WxTIA4{)L@Ci#&3I6+~Nw9k=Myx){u{3qaiF71l2ZLG?(uBWY zQgW0L9nzPpq^saJwJBmiR_lbeAOs;W_<8R{uuc3YvD~OYrw<2`LLn@WyxT6juNF-N zc+_RJRz?{Ni%m>Aw1gYy?3<>w`iN|hh|aSL3Z8HrF#q7vFYRw?QVdn(gAc`pdEDR? zE?|Y;b#>P{4E<(8oTCzyB26ih9a98y1DDoVOub+~ZuD7k56MBEG6{CwZThCuXOl2uY7C31X-Hp>#EIcHrmP|LB#JCUs17M4}s7=1?SR*a^SMf-Fl@bQd zcvk}Pm1qVxkG35#YPK_r_=7oH2yB1~hq{)vy(ela?ZbBrNVOpy1S`5@k9cWv-i={S z-Dr#(FKv%lWd&fjewx%B!~xM|_|;eM1Zls1jf$rL8<%Ss1Pv1G&0%YA;Tbe6(52|S<>mBJWU7|RScW2(*43UL2$N8 z2ba@PypQ`GO3gq;i-m<18I|~yd{6;k^o~5Dq)VkrBBXQ^hjTok5=K7pA7F@x1SoSi zehDS}>4Ck9e9tRBcZODZyigpbJn)lqPuQla%3OVl}u*hT$H-21=9mOotymt9qdv|K?Jj(ac3Q24sPN`! zAXykv?Y%CM`sF&~sKSm{SvFs>aD0LlyUIc9?SW%q(}+`}6&1tNdFb+%IDkrQ>C{tA z5%DRLPL#Po_+vyyD=#1l>6U7}7X`Euj}n&ygOD6lS&xHxwG!)ula^wNtoel}ZqFQV zQ{sd1Ih+=v2#AN9Ct@~2M{BfP8J~>*OnMis4h1eO&-Icy9AL)^mk*PpqGAh&`xii8 zJ?AG~=YZ(MmGg*%R4?DJ%IQZp0F&`SW4BS<;+to5Agrd1u|#BQ>{4v(EW8a>Uq7QXZ_z&mM17E?nGgSNo4opXrr%c$dH)5*g zEYD}C!14FL z02*%MKmzNTY?=@g8;mqmtQ92CUA~~7k zcTp_}&_qWB$)`PlG)glCV^?VDh?UUICw(zm_UX5A?LUelWX0YIEr0`MMU{>DyJ^_+ zIjc3wR|`;EJK?Jx49*AEsxlwmcAeO0h61+)PdG?%3t!YBAJg?v&}R|q=fdmFCvbLl z7GfiemLJV_913krVp^Q&A0zWQoI)nZL40-KX9;UqiFc%|7yDfCgoy{{P8`_ngP?B< zPI+5#9Tpui^27@0`9V3#1FYzHWLqUhBH2|*l~AQ9|Js!xBLikK9hbU=I8)`Y4+=3h(7|NO<@uBgNcAG4ID0ep%JeD{SlHSKRxm6>mT z52tfL1EeNYvelqfBQ;94!@}Ku9)wyTep?tp;xkOVE*z!k3WYeS?XpoW+okqn0{0q>Gy) zniI6Vqk-=zQ9Oc0MT9Sj8(p=d6v37~({vpp#-CX&P)NA(2YnM$d}gDAH9e#GS!U47bjEA;g?Mvv zLYK(9Gz`d4e&ktAS^e6EZ9?fspv(RxfII!)k7SzF1lG2Hora$-_Dg+mwH2Z$i=&-{F zTX$51b0aXfQ4$r&|DAbG9!Qxg(n;QoFP2?}Jk#+oyK?!=EFg6f*6nm*vZ-LbDGa&e z<6`{Aw~)apXP*P7zkp-&829gm<)LBJj2Vkl@`PCZJR>&F2qDgn zXnUYO$K&@6hh~o^<~gw({sfXUQjtFCw->{k@Aci6YGEM{mEAx?@G8~W*YGQQgKbgc`QJUHkKx48O>goyR}v{&^#r-G zXB0$3(C&;Av(sG+*Za=l@4w$~AMUOFD*Kdq{Hm#D1|#w11Y`e?Rjb(y<|kr~5 z$HFQZR`wJ_wKy)8Kf}^IwN}XT-!5X;#zaN1a8od7cJ5dVcd8P(0A-3*V-FBCLCL%X z^M+$sXbk=r@mu}h%Xq|Vi#1ukoYAJrcl|!?MH1YgNF3WF&5NbaXl{iqQ8Vf3G$#Oe zaD-~uV}Xw*h2PmDj%U#?x~P>-czZz4i2S?eKH}mZn2m85SJsYIs-1dY7T5(8;p0^Rf3y)0tjCgPiD9+=9y`d~5u=qZr0sIHzX>`aG z5e;KmIJhuMl7^QE`|!vTA?G$e-o+SDD%CnvNO>vj;_lK2ZFeG?`(d3H5?wo@^of7s zDkVax**V5x_7`bW8H&nx?WelB!BZ~|Uw~P^D1B^%d9_0$Ny`*{U^MUx0M5*~b|?+@Pu907Viv0iwF4hK)SoaKXh(tF z+alOrvhtV0)WI{JzWC92zr072D)JEiyMYcJ)R>IP&TiRbW4F^_r1bzGqg1QR-IIe zqynShgC$N(4&h#0%(>1-7A*(kZxL&BXxp_&Mf6yGQVykE5+bXel|wHXs|7x_YGri(-&a2#`(aUqIT4l?r-iYv*3<%pwYKS`T< z&vJh&_4Gyihb0vWZCQ56ph0*%3piWRoK~rMgHW#Wuf?9yDL$#gPrv)0PDMW}1Vw^0 z86=xsJv7#oi40_hJt7amfJcuK15%P>??r$-UkEu#q&z;@VO#L{;U~>R=hd3+xciSC z%xSMj>itORMGo=cXZwZy1tWqA7qfhI(bS#^Emm?(yH6!f*b4H-$_IEzN|o)&JlBH5 zHi;1NYq3dd#F^f6t(Vg#yR=@qVwJ>kGaWNS?B3qFO%3YmY`oh-!W%)90A%KkyGZmE z6^f}%ZO`rvVG2+rM6&!{4-QG!@SUb&LvhVZ!xgM8Mi#g;lXHYvo9wuySkwg)fL$o} zVWY#dvIWUMI`ugdGqoAy^RxRZUYMoccSf-sX5oDbf*crV4#9~KwBW}XAT~W`;tVlk8@iw_%h!9bEmhJ5he{h(d*LARaO^SJ1-%E3BP4vT$IDvTZVtdqRpqzdX;k z4=>NJwJK50E$#0j)?o^Q4O5wQL1I6QI^9^;KF+01 zWBAqPR>!^qj7%yL?6aI&tSnN;n(v&^p91hu#G=~{wHCSumlybvjBuHsx zZ`Fo=kYGVeH2=PJ;4LB_Mz!p-6-|hC)7?u>?9HoVOWYIo)tS7{vUcN>p*s9+Qt%7M zhd=PeU$D@j5%K#aJz7P2qdN8zYFmhpu3<7n^4Y~+`HU`h!!nAZsdO(E0Qx^mzoH7* zK68+!780xQS}fI!04%jYt$)hHV>qX}WlOjz!ZflbDJ7XCH4dETKiBoaP$m~SMu9vZ zdAMwt(HyGPY~Br))Rh*yPabW<75F(HFSmcLsfExid+&v<2n&8kzvGBzj}eMQ0jtfB z5-EHO?qu`1*Q<0Wf+n0Vm4+l>n={UWJ|T7p;J!E`)6!r8j3{V9 z=6>1O({QiKPeK&QG6AXz-YZEtSweI3 zIERvnQl~$E*z4NxBmqfFwZn{1EU+j03Ekd=+2R`<7H9~rV_qrBrbdf@>vQE$Q$zA_ zF8gD~Xg`<?uclTF&o#0*GKNfBDEj^O18-aT{AdxeL_)b?ac_={if!r~AtZYS4O7^(14B||o@aGPkigt-g z591e7)ah8{MUf35Zi#*7I;(G;vUW+xn~R(sv39GGar2=mV51{)T_9`N>%?Dx%s<92 z=8f?qc;0_xe;Bb#r3pNF&HuM~P`N-}x^rT~Y-hTaJ>nSm%4j5E+Zk5Y*DlicRFrFW z+DskNNG^w3G@Idyo5}xB{|i8v3MymUPrbS3AmFg2omC_F4sPZ{&Qr4OrEb7sXolC5 zJUBmB%6pb@Z`c68)Z%|pAH`*zx0(^aP@Hv2V*e7aGHw|X9?UA zavptQ<<|jbjV6Wn5Sz8WMI%Q=Bk$e27=cuAuFsDiUTr~II2aOna0<8u)B+ze22zO4 zlt@&4AiqGCZnfonyOZ=wY^Ag@Y=hth`VWCx3Z2(Ck(cQxvPIb=@Xln08qiK+Sn3FT zLD^tQ$`kRhN!lCh_;&w_k+z;EgW>1}&JBX_kj;w-Jf&1?5L%1H;4!zI(a-TSlmQ=g zIGhug>*zT|(&g`NsOSl%eApULc(=?MqX!PUBJ^lt*Xv}-1E4l5qO%Jn)}ofR5Au(z z_=UuZ(HzMt$oEegvDz`Cv)7rwQL&?h*{&>92WuAhL}O7-TeVZyf0cI_g(#y zJtX5}owy{IT-R=6u}PwZTY0gcYHweQ-d4fw`mzmiXo>tw12W8p44Io8W(;A9R+0>O$@ z6!VJY6mQ0Ju*er|SK-g3M0hqO0eqcYm*NDeUICfG>=39nw@Q{FM2cClS}`|FTe}7W z86q)vQNCtJUqEpi60yGE6oQ?XBu1oRCrVB=52{1tR`n&SwI#ghcajEFZsn-zwu{kU zXz#sc#l;+!tg5In5NwciG2Gey^|WvYS`q?WhW#`b*N-e;11sCI_cd1=(_F* zG*lut~Noi4HF6$QlX#Vn!afJpaLUBI#Ap z=jXDWOTwRzi6nR#2Ory8zxNk(;UvuT81Npd z4EbOwS^tY7J0x&uvUxN)S6?jP>w5+tP$-^ye)#)K&m$zh#~|Y$su^Nv)_0=kBdOxy zHcFJ3|LD4DHu3vkSeTJ;j%7g83(3TJX)&UI_NFGBMHK5ju~_7s^SWq){;$1WC#4b2 zwHB_^riNG8I7Q^$@9p;jh#sJ?K{Y|Pm44Sm_w}%j%;dV+0^7tNPR)*beSUMQvVp!6 zlQ`7IEm52O^591pkGLjX!oq?hMSq2)+Nxz>61VLmW5e*id;cbDLJdX^`8~SzDK*t5 z6|3r!h_@hF5eW=y0t==m>p(8T^Pr~lT(|VlE)6L)%cTX7mLN~&8lbA@dGH*hlQV7Y znVPS5x|k@1_(%j7pgkWsj2IbeKF=z95WiOpq~ZlLd{Ml4qwBD>0}T}7_>_UC8!4x? zX&RR2dcW=RkPl%xzS}o0W=_qPO>GtaqwCZ(oBofkW4Utu|8(8ET8iwF@cwLXi~h>E z&CumW;0%E;(mSq~TBe(J)^+&zJ!*~=Y8e`IqP4y7#qi+x5n!iM=ro}oo`0Y?xBe;2 zKI^8GMkXHCAtuWuT+>D-Rv*;|&+Hph;(pkJsgUWYDM8W9jzt7@%Y5b0lpF$&)}}25 z!LO)<8Ge&KAxO=vmR@%}-OT+d4wO#u%r3zC0tXQ=EzU-Y@jtrG_A=BEIU!^nX&+ac zJk!h3EbIBfA7-EQE46$-V1eGW}MPB<>5CvkV3L4QhsB>YJ&x5ZU48c4BBQkxAs zjA;k%4@2~Sbe%k|>D#69*S?oPql8C$$~*LwF0=()hp%M`g$b$&AP$@F4#Mg(SmgPo ze{_FJSh>m9z!TdrC_m7#f~Hg{rk)XGpIq3rOUsJVpe_Um@20-9%@)7mbuPgGvj5?A zXy!Z<`T&I)hc~=#@zJHXs9r9%*w(l%IpZ{)Ua|;oKwhtLpsG_jp2kCM!K$5XtrcS; z)rt$T>N4e%&Mxb>Q1YDLhd;{^{;!u$5t9Vf0nVkC@8X(m9d}d^L3cPLN%0&|P`fss zQsPHvuaEkoThshY$UAVCXthhnvy08a)Sk#!y5rWTPk;(vXH>H*{({tDf`Z9g+;55E z$^fWQ^SDpU%t5yQV*P5$8Pi%2yL7&Z*h?n;+vqNEXj(qg0zQD~FF@fh;PZc(SNV=Ejd{#V z!OQe+9MysF`o1|PBnNk0eaj4uvWQ)pRxmCiCGbSTRO{D>u&o)RbFW-m6{kIJXV~v@ zo@+_7{yBme-tX3_4rk+ z{6&=zj2X9}OsNq$Y#NuCyvRsx|Dz+$#&k_9_sxUU$=qRxD`gM+vsilMhN@%+^9f!+ z5ET)<-}JFypLM6Vf@iKtv3)#!XoR|e5$V8Q7s!aIh94Nh-iHJTJ-GL2`@%UBYC8_f zsR|j^+~W#N3kJ217$%RAt@f_4;13X3EQI1u=k`d*14nohsOzYF+|*7?=RziUYutsT zd8w#NWUvm}9QUFKRzEU0fd=6DL=UT#VMJ63*DZx`%S6x+tV~MHxw2d1uLI%{s9ZMA zZ4r~m=%@?2u)kU@Jyxah{2GQsFIgyz;S%a;8HFChDBNAj}kQ-KsPy!*V4?H!g_&?(A(w2Lq(XL<9H<8kio#?L%@E{{p>1eoy~yEUGI1pa)F?Q+ z1nqJ$I%slhP#6>U#y4;ZzIZBm_5r)p^O-ICMHDI>dSi9)>dM`#l9~^+{v~#YZk=53a+3(>C=P^?a=DY;19}P zna-IsG0~|PkbjEDu!HQOWNKp7LTxm*zTXYQs!@7~cax?|&=t9DQlEb7LZa}d<(`i> z;qw&sG-owCJaJJyVlFRgT0ix(TMXwR^VE)7T0aKv`U}Ec?1hEmptA`r0 zVeiVg$B%l50AWb&8N*z$q@W3#RP(B$&YjGzAvE9d9Y2LI;9@4L(>}Q!C6p_qU`Zsz zt7XHw7ZG{?J^VV}_aM&A*TjF9YK~d>d-P9PYLJ7J zueM3j%mRD;19$4QL`@C;ggoxNWo%YjO{CboA{>=5nknE4C`*D|X(Vy)_xF)Nd#Yqz zgz?dK9bQ}6%ISTA_k;G|(pm0-95aCh(0U_p9K8bD$#BlN^0b-DhcQJVc!$zP^A;uf zWvuQ5-I-1XJsPB*r5El9jq;J!0def$29p{Q-u}u@J*5JONDRCP3Gk$W;oNc{!oZ_M zL7Y#qG6BrmL#O*j!N44ha53}O3B+;nXhHj{Fa`o~teMl5$K5N%t`yaiaHSW)+}?Yn z2fx>4FrZ2@o84!cF_h^W3HMHz7LxI2!Ay8G&xG5cb5lBotL7jl)^ZsYVt_YHB;9$I zC`WoN|GTu2A3tH$v@vWAMWgFRc$m(OT}N*)H`gmBdy=lg=Bjy`koMw&e7; zeRinCGWkdAazKA%z9%~OeE=Su{{_@{i02#3$X~$Qxfk^RJ`3a5mQzg_xc+#F)8He9 zym0|;!+4-W41V9&{(Apsoj>&=dmGvz&ioXJf_7*NSoGOY-L{IGkSi#n9(#Kwnm|el zd(a9xg{iB>&;82M8jJwMjGJ$J(z)xs_(*pGymv1+MI;u&@$Izn$I}bu8V$YuGr1|l zFuvnemP`0$uBhsT^51|tNA7Rwe965<7O0cOC6%a1kh9U9~!Orb7kM#5mT%j z)OOyR$bm^N?K#LqSJ|o{F=(ETs(=Hap!o7e^TERNqZ85)EeroaKxY4qr>$*V1CSxX zT8XPd(a+iswb0hwC)dS00#qUl4TSY8Fop#PIAd(n-B}d zs~tZ3h5K$d4}@?Qb19zu#_+{TsC#Pl(vYcKmcH3BwtC+Ye7;&bsS2S*pJ^+x+w{Mi z&b29yT5Ye~i&F^3prcg3t+68>Bq-j-s_5350!ULlb!{-IG%xnLj1n8)bt01QupdR^ za8<4C1?}(dw=!Z;4H$efd@xfKuxYAid%drt(#R%jm@B~&8&rNL%f02^xf5lZMagUuE?k!_ay))A;bocEoNjBY8`sqs*+sO(ZaU z1%AmsW`S)l3N(cT*`LJ4;nCK?zHxiHdU1{qudv4e?Ly@jf1*jBPyG=B%p*2dq@Vpjc+vcpfecncL8!7`ZAGZ2_zWA-N6J$?6z+wnLQCa@?wfrNRs%mg=*q)xW3IcqXI#N4p|LQ6gWx-Gu zH&Vbh)>wZ?Ky5a+S=U~=K^g89;NU<(9gS78>==ia2fC&bZY{6RUvrwher|)+S~(8C z3agretINr?D7yqT>1L=|V9Nxdm&x#b0b$6Ju${aLd0roYW1y1;uZ$0<)+DIHLL=G_ zdRU4ivT@t4`>}3G@Z>SPY1x5d>rXCC?1Dtpr+)$FgT0)O2p3{DuA4DF!3>c!ctmSB zLLs8<97cblI*O&9K4OO0WE8QmaCM=`!ehDMmf40b&}pk%);C8>&gyBI-rlq~daSl( z*f+aTNEm1Xk3t?Tgxg4n;iEc_--lg}+JDoy$Tov@VMi4$2ER8@h{_rfR4d+hK*!}kBWD2Wf&U%k?6(eDIiTV0_?w`b3UQNP${_RolFa_kpq48JMjpaR`q1^im zuws$Q>^de%njrNGK9rEsr|;TQUOpn-3BHu+(~KHGdtU%tqT+wYeN8QqRvw2#`E)Bm zuITaW4)ZwrJG;xVj(R9~jEV3Bz5^gsHixkkf|rhJk!nw>g@`#hs^q=Tu0dFcBA)*b*MJ zpkW_DoFai&`+9ar1g+fJz_YhSAi@!WI5u1BI+oQKoDc~vGGo5DFzsb|QvpNH9&ed! zf$uEU!cWi(9PTWl6GZ&hTNnKo=GS1A&fj{!wQ_khxB)p*ZL*XaZE)fsE(HDde#J{g zW*bJm+ztfs;yt_vL%ZhNp|j*Ls|a`9Y~R=#+1;UZE8xbUjxu7x>QU?Lw3#%XT`zM> zkNm0Ed9c2Mbbz~W0eJk{y6cEco>%ZAE(P|q(D&FU`d%24plaDZ31WvC z<50led@oh2F_JR?%CcQjwO?->HJ7TDq6H@|cokudk_N%O-^lu2mWdTurOxZo75MT3 z!YhaEZ9EN6%;*t-izGNFvbw5yH4hySj?QC z-1NjYMo}11`1bsSUSd`-P(_$$TLhiZ!S&Yy5Q#|XL4o*TlA;3F*aYV4D)IiRLSU~v zBg(RF)hUiQWUJ-eWSaz=94T}e5H)xeqjr!(t?NNSY%t)5#wMr6%jY@Uskm80j1~nt z8mWdym3Qt0FafhU443I~5vs6DIvU8$IUBK_wTzMXC!vgZpLG7$V~C}O`XR|#1~g`9 z&qQ0bfntI_!91EYs~n$-&Qzp0%y7^l&57298oT6vqAsUT^49lNl46nKVcTtQDG`c9 zBaVijz1M8I9<8&&ss3l15gD0O8d;(C${V5sOX%!nBn1$z3YjKu95>GP5Qydr-c&b- z^)xg#U>K}S4X$O(B4NI>Nz;ljn&Q`ehEi}uQ|M1DyepJ}t%9w04+=yy8;W&R?*m!5|8xHlQoZUv{#)R<|g6>k;QVtM+mh;A%jiI&m59L zJ86o=$-Il7&p3U$;9VZ96D?vF1xlo)=lHlI>UWADxE-S(XAD2cL$nT&!KJi93X<=r zR_leZQzeSQ+KjasypPdZ$oJ8~Wvwy{tDs12Vde;q<>Yc1`Ew^~SYKE|1~t0-k@}C^ zQ3VFV!jEo$-i@s>EY{Z4Q)fWAH@P%YnW!8FX{Xf#~GN`S^ee``25+qo#;_mKFX>fOUFYZo(26rh^C|10<6nBRr#Y>^Z zol@MP?LOK2C+FVtpY!6*eVZ9(GApxYE!O%zpQo?^ul)=!=hP<_-Ap=~Tn2TMfQLvc zHUGn@jZnNu@uw(m?VPdc{VszzSmb~q=A_RMU zPNx1A-&@o50TA~jQRchU;-kPq=g-_c0%gyC#ae`RZNqt1+*f8Pj;7pSEoD@D-HqC2^w6-K6CI|gv=q*v@51CCfEw4$S;y^CLN>W>A;Cr|OyI(`zh z2uLzet&#KYj@j&Dp6i0FqkRJeS6FKK66P?*CtdK{9t)sDq!n9MQp824zb#<{UUgGdw198?25APjbjaHK--&WxRC(R|~Usu{cW&H2xsLNxpJ#2p`j^&gbm!QkII zwOE=7!v&s0R-o3LL(DGi9jW5x_$YPcpwX0%p#+P3ax_{#BQ-dBXm7L^C#RW?e|UCDB=)#fT)$9g&{)o33Sn!T=G8__D12;+$TON#n3r0<_JQOHR_iohAy!Qnxw-JS1j-og*qz92`--`OW zfN@1b=bK~#TucPBdLgb;)FbXj^xwt|tA&AXW1T2R9+IPT`0O8xzmiXd#4*{+OlXsr zW7_ic>J+^-ACtg~l8=>tgI%nW-la&T**I4p6*Zu}Mc5ySlEX?ZvhTPp#Mp+Kx^qnG z!T^O-IGOX)}>U!Q!VkO^3+_K|JtcmXIcm^AcrL z$*=~aTx+9xWdU;VN9O=RryJ|uqqW5Lx(~EOY~mxDS$!H|imf+6Vy0^hu{ffo2{laK zcxuM1dLk=fG3?dm*v|v|E5DXK?dC9I9D!CrK zBduKks2HCb$bihpsKZ|k$<@lTGYH2~kr*p+7RT(Gb~?Lt;m$i7-o;PgaR|ja_BgZe z$S3LuLeJZ$ttA$g1D=N4p%j)RWs73eIE^^AB&gyvlXrv>| z4)M(X-fiOW_yR|a{Y_tGJz5(FI3?{4A&TA6{07%lnle<#eX=S{Ukv9iC+@nIuy?WV8&uUg_Baw#za0Nz)!YE3JGktyh;d z>rc{k6)m%xZmKpE5Y0!4Di+RCLVOgJY~|i26?|3-%fO1?c?y366dUuU^z^ zt4Dmn8YKjp-tg$nE1#CebHP+U-;7U`z3uBw-nln2zfwZQ>nldPJ{jpqU2Y4hAmhB4 znR6+N)^|RTZ{K_NE9k%4*tsJ`t`DzLY1|%dX7+eW5fuVGvA+$MXVKA38!7D=Xql)I z4;I$^MH`LU0p?YQ{dJ)RB>@?ywDYlomVOb})oF$mYstM)d?X1R0Ehu>i-&eo-~_jq zBDxmJQXWzF8eLgm>dP{iFn8=8q9tk-hhztf$LbW+I}9j1oaG)n?vB>t@f#eW^IKEW~0-<-mui z8&k)Cc-Jg^7yyyqzhVWe&^XN|`53M@zAVTw1eEv~rikid4Cc;K=n8cAkKf(Nrpjl6 za;?!9S@;SXr<%iC$d{o@i~V+c${+^hL1XqT-Ze{gQ1iw4d^mU?`4$o3;c~Y(AW184 ztv)8r93xL{#C91j8xP={s!UFYfQ@Z>W4T~gK|n(S19@!l62#;po_=!;Lc*4>3co=YSWF1fP;4#L|1&pF|$ito*;{lj! z?HQhc@B~l&GDVGXN;k|@lo8$=ZevWi()|ouKBj2OOTXa?j-j$5QD(KqS#tTv1K`6- zYlR`;H|u{q6nYHoR`6gYc21jBthKxl!2nlNqCG9};UVgb4!fOmh$R1QePKoIk#Lg1 z1GNjDPkmfasD;9R`aI~pEsCr<{aXZnZ3ZC9-^{xczv#;gU+>=?7St(@f|6m?Eexf< z(NG2E!lap*69YcHv}*U?@YzZXwdLD-j>PP{tj5bGIc2SjG@UT(5Nl3Ak@7;c2zp%gdlK`v0P+zW9!>(I0eKjwrOyPCfJ zL87HeFWt~|*pOVvBMl#~+u3JHYlkvApvYYzUKKWH;O=hp`knfU#ocRiHmGf0HG+v5KOe zMBeI;Y@OQzIF*WDcuu?pwiWilNri>>sr~-M|N2c^MSa9TPUZdR^SAtk(*Ys_o7Kpo znbeH@Ckx|UADT1 zAPCQ!2Pe_Nh1jh{w@XdxIF-ZIuYu2|ttJJ}K{Iw?6o4Z4I#>{(vQX0annSEkQfUy< z$%?aP8K_%`%r>3eb(<{9C>y{Ue`#4%FV-p)Z(+mbj){M$SJ`CecWfY@ zC|X5`d?@(+cJ>*$|3*^|4-=sMxfc9HMzE(OO{sXOPl*>mWQdj*tN(L@UsilMZ7Z_p zU^;*oWwFNtT^hoLijZ>@r0fa41@k%=H)~}?PNajoLgn;3F+tK z3FBw1V~?z<_FsSmEi2t_F~LJp6Bv}#2RR5n z^ZtVmNxd3#g7-@jIvY!}Bh*%nyol$pN5$AMyjv%0d$$-z$0hNrDb#)~mN(ZwR|$-# z@Eti$agM0O_#8l4PUdzeWozrc$S`kPcb-H)gYaJ!kclh|%1LF@9UHL=BDyLZB*zy* zmU)!Mq9%-4=D)KYL^S#sGvt2Fx3TABd%y7}+$bWFyAOQl@gVm(pMi!hOQnX_0e^Ie zsnlT?mmH;{HDf-=6qVr{KuVUB(s4phdRhViNRiRDm!kstDL5q~a{ZI{-h2b6>tShd z;ojS862?CpDIFH#qkM8wqznqMjy@5rJ_}mfzp5h96rs-F9CbIOMY+qinTc!f@27XA z-RbyHkl_nW8mz6ej({o5zl^?qo?2Wa9;|F3lJPP>lkx$hqlx$iJCm&<8X*vv#TzVD zYSaYEFiRH8Y?dcYyS58gJ)!dnut?c~5=WPLIxiKh*3 zd*(GUcy*yY^z9G0Nmf%bMzCj4JT)It#dduEuL;c;pYN!c?En^)JYUa$xX@}P6)j@# zj1b#ZtC9&^Q4ll@y_Us${wdp#38-PCRW4>b=&b6_O$Z`CpDZr__6V@sTA23dvO=Us zd|Nw~=cXm-6nk*CApNtma8y*APP};2d6Bgr9tmT?RZEz%jRS_FSot4IUhnDwC`t`E_4PlT=YU+pR zfRRm8bg}k|ul-zL4ZT=jdz5vw0D{tsl$dn@gap_!nxKpER(C;IJjIhN47;B1z42XI zAlp%F$RXCR9dxhVrVlOTH#H@Zrb>xHV(WlhMcKp=MCjl)yY)E!#U}5^c)v08goMfDS3*9=+$0$(Ee+H()%_t>rNd$hh5^s__miVbXDbBM z6$E#@-rKx*DU`aaobw|oI2m66z*_vl{2^t6jKCo=$M?rpDT42 zktQD!2ou@N2~TOTIJ*CvUs-8?jhfRpjQ#Al;FsClYBt{10m%^`)Gi;PFP{;S zN)s2=Ma{r8&AXR(DVhzwNSQ4Tc;<(kc900q&uG>qy4?FC;-XxJ=bZe`ZQ!RH?ZAEG zO6QQs5>lTRqnFe$R(BftoUN^GBmzpQIDXUFjI<|&h1{sU9dfLgkaKVnd z)L6ZUrnp2D`A_3)MJtq;RoDIMy+DbFK{79L&(NRquGeS;ByzP@+QN~QUiwW8#%zsKX@n{p=F1D7B`51!sjMK|ohz=$Z1bHhH0b${GV-J6IuXJMRqae}TG+~4pcclW zC5o}3Om*83*! ztJvT3-zjcwj^er)%}x{*7vmsdmX=2fD}K1m4m6 z9WX|8R#708TS&Xg^_d4g0E_1$CDD0-B4OVMQ7mLEfcfPnk_#RSO;~oli4)1zPGSj; zzCrN3?IzRR4&=k5npjc1e>GB|jL@(_@^@bPBxTxkKE9z|vH+5*2e-khs;}4`0tm5g zCwELNO^2r`nwr9ISjs`N1F6f(l5*wL9>qKbm#=AR(GopqpfxDdH019ga}vxKMqG0SR|A z*BTdbVSG82&tKDi2bI#YAXB~7$I&0*8Q>2qFH-DQWdDG+^qHP@z>AuK*If|yyKHlo znD%I>!>E;nrcg{t>Min`Bml|{-mlFYTehM$QWfd&!}p(b0nq+3fnW4Dy^+UG26H;? zK;^OK*r22*+ej>JMArFx0~sb&owy*$KVhu2dLFm|X4YhP)M)=&u~=q?8^W8 z5r%7&XaI^fj8;(&^q{L~r>6j#STTEZd7(DTT)hAB`!_5;2wUwp?p9x@a7gL7<+i4G;E;7TDf(SM)9AZp&=ub-xT^)cK;12&-caIxJQ)30=vkxLrQ)_I=zBU++2ft;TlzUzr1#^AXO#|&@t+EoP`Q#( zh_;ktCfffrHmMMtQ2o@Ux+mALW_jw!&pW zqr3!0lmxcVG$3z?PIfit`ee!P^r#30Su>kpwGk-RL<$(;m@;qwG|o8yYqw}nn=0$J z8`!vK(X3^~vP$Qu>W zJp55q9K=bHXd=c^e0mf?u^!*VWfg6sW-&W?_g?_}GZ;_@aFumW%KXCwhDU5V_&%Kz z14fIA1n~-DsjXP)<+X}B3{~RU5`CE#X}-QM;XPa`I)CQpfduiS|KQzf z>R4vWoiSn3rcCC}+yX1qI|=J=#EABAPZ5H?hX+!a2SNJUm3aL2xD zxCs4%1Eg`PjQ+CjCa)@pOZWi)?#W=MB%q&-UUn%M)jYWp5={5&V9Lu7{@VSp@bBwR zDPN=ml*~~4_|U4Nxu5pHqTH!VutgI9fqb!wuX^hfw}WiUo(m~5B%{D=EA2Cal{2RY*hui%OGgwB4W4S+hL=ov7C*{9H^n|9`m!&rl3HE)* zX^uAZRC|$(?5{v`vc=lh_KTwOh=o# zmjPdfq=aw->x00cLq_ggP2`d#5uO-z!%bpCo*J9jVa8ySgZUs=_-9jlF2G>%*YG+? zKxrT*bKz&Y{m&ZgX9UunWt@Dj60XYhE37K$Lh7c|J)Od(!-O30!e&paZ z3;^^>Mmplm5L^Hxhwxt1HG>XeU=rktHEug!hFRoW;~HvivFYls7)<)Qf$`*qE%QsO z0;kHd(p5hiq|9Dc2F`}IOaCTm-?*z^6wUfk$_b1GD#!D-Givs>81@Kd?N3ED%Ne;y z&gyR|_s`B1R|~kIp$O|K^aEm+`Fh!95d-)`WZF}Jcswm_E#*V#F?Ew#oopmF&_KQ= zp^&jKLS{4(p{bUH0sSRnUM@bqi$0pyK)7f6V)NDWGIIwQdyOmP-5dR%*x`k(q?=!9 zG41pFl+cYv>-uAV%4!7K-Pt&nExXi-X0g!xBja7~i5TYqGg(-k5k+IU1)Mp2mamUV zgq%3R^f3AXes%!RWu!kjB^ggi>RD_UQIMh>`f`@=-o~|YRrzCmqF|QKFf^L06ZJfu zr8vOL94Erq=h;Q+vpp;i@!{{b97@lBi(3qB+7EocDDVyQMn4@WU1k_Dc?qw8R<%~u z@b%JXF_Vl*Z67`|)^bpCe*gi&=KJGL%ikh)+^#5M?sGk4QF5i4$s#C7G!?0Mf#cEuR#lBv`Zen=w8W4aMi zrmFL%OOT9aq1{g!3UyEHd4}N`8k#gG%X%^}JR2a^u}jTbUmAR(OJjiIl|b)5bw3a; z0Hqoul*283gpr4x_lDln6w5U1dtg4NR_S1bQ?3q9+s!4PiGX{jq;<8g@W?e)oW%Uue{o_;S=?47wW56P^`q)(8NHm zUUgKIK+ud-jY&8fZ(w`&$J3^>aMD>2Oio2SC0y7?f?6cp6ivnRDfh8t(oNhs@_~1F z5a{BTn||3CNmMj-OO}!Q=@@BasR_I5fY+GmpPB~jld$f z!xxQ0nk6gaY&Ht(J6=GxSU9uq6yJ87F-iy01hmve4rOg>IUT3WTqFM8Rfp+hGpin& z-LBv1^5J%7=nCoU4e^nq-qil-=>I8s)FsIq_v;&1*5vQTt~hFvXOD$@wFPXa)NaC= zy|_GN)Jz7dU>U_ek=6>ZLw|ZBF%>h$Lt`sqVvW#mhDvycw#-k* zz}&_+D#-ETggJ#IQb`Ia>~*%U1W!2I&^VL4v1OW#eGGcqJs1HopqTyIC~uC}Yri8S zu{>_0nb(vv!~PK#U9e4S)!8-qYyLywYi}MDesQ`VGZ8{`Eji8sAJ6O*59{%5Tmi$Z zm_=Tiku^!$_n%0r-A!a~x}U6Ch*1kc5?Nf<3?Anf7s#ii<2xUfdI5ayS`2` zl$lY|AI=5-)cm=3U(4Np%Vs$MQDVJFVAxhN@(1;gu1WwU z*+);Cz;NKq}+K9R9vnxnnD$mR(BqNW>njM{Uy{l#=&-?8U=JuX~1 zhYF))9Qt^~O>|%v-HsLNcxsy?K34Xm3#{H#_J*<0WdtMs;nQY6HQ`I2lEG*)(rwLO zA%M3qb?U@J12A<*M%#(O&1Y;@%z?W>%NA?#VC3MV{NE8@z>bfRe7MSOcot)d?jg&w z^q@dDa5057FLm&*?dQG%aqf{RI7$s8QnK@UV|g;s@|I-XM<81N9*gFTk6cYE!3{PZ z_JVMLEKwKlRE$bcRXOEWv*H$1tg<|ttTyC z*e#T5LxESa@U-C>IlmGn&rAQ~SsHFxt-hjpcZD#jVrsiH4hQmgTa1wBq-nZhg%B7W zcJIC*B#oig41Hc~=eZ{TeymF09Om3-uGkUSo6P1P)>JNy~WdJcQjSo&_b#LU z#W-)Q&?h?PJaM09##ucdu7n6o5%4^qNG-Me9Mnpr&`eZq=zBUDlb8lwE& zBDktIl(ZR-B043LDq!?Mt0GvM+U)EIN$-Vy2rQ+Mv}l%~djjq;+((3>QSy?o5V-0O zO$OWXD{cS$30ZFxj-))^0sHAJnjN z72a8Js)1;Tf+{FQB&R_Wh5Y47aaZY}gfo7Wt){-DOy&`3KVWFMt6*)~E{~yiA!EW= zRFQtWHl~pkv~Q?Fr&KYRJmO0t9*i$lNhslpcARCi$Wb5#j|w3;lmVO=MwfGC3VQl# zKCOjI4l_tz$fMIl_v0gIWCamGgIP8J22(=sj+aop0*nREzl{;wT7G`0E7X%d`tl?M{2aVaxxUM^_%|DWSI6lqh>F!1{`oRM3Oqm}SHf&!z>&JAeQ@pCGFF*nLqj zo>W>;b#r%jEuK@DjIq`BOxpa{76-s37-v10JFlR8nd({1b@l^}q;Yu-v8?d>%jKxi z_XnQ*@hUY#-sg805mCa%&0)f!LD|s~SgMVlSJ=@GL zHPZL6{IuDf^n`3aOtX&&r~M?bwOo3JE5sarBS=;^(9_ zSibWs8|ZteDQjIa*#5nHvzgjSQ_u!m1l?N+J$LNmul4MdjwcUXNw_|VI_!HA&o>`N zjsbi0NpIViQ-TDYV~GufPaiEBEsA;>8fn)kSik_;W7@w(zMb_=v|OpbMLto*Emnve zca2&ttCH3nV~+RPbzveKu{F+L08`Wt)@Z5shPZE1W*b)X5M6t9P_WboDf&&y8IHwL zeYCqS4TeSs)O77MsKv8J=b{AZx#%n(9-hBUpJz;#PkwsO$Qy0C)!!8O$B~!`#In4UaY!-im%nNGZ7o9?edI8zT&=X)CObYD2N=Hq; z3&f=C{OSQ#w#H-16Vg6z&oENX(A0fECl?=#2`=M7= z!sjT+KS3)IBNEX)uZd8kP_8HqtW%_@_=p;1%x zg4{aAVQWo{iF9RwPOF?KCT`8DIX0nw7q9pl>G75RpB|sgzdSx`bGv^$zONpvT>B04 z@b6WWSYE=k!^sKDq6F%=5Sni|QA-a9JkU`r)ZL1;aV7b;#Zt<+3UV{i+TZtWG`Ggz zBP_5$w>p#Ym)W#_5|~DV$3}oUx9Ar+h~WiHr=xZ3y38HAcovG1S}9AGlh4~hY7;%Y z7Udd9IhZ9xBy_oae?OcP@P#T)WM}ZmdY3WaZ;&sIpzwcye9$oHKF^S>b9)PF%fJD1#gX)QH=^%p`N(h=ZQ@?fiw zX=q7D#u7b{40;y9XU+ z5%Z`v2qc zh5g&(n}%Sv_5r7Vn}=rJo2sG@tShytw;>GHU51nehjOzE`A%~P!Nn!DOAV1tkGo32 zQHN%hy~OA9MlGl*6xC{~sDnS+B*-NrmrOjOM(CEht;(MWwdsEKFBuik4&T$DA4VwE zKo15NwShR(lTrRw`c+ozY>_>Wq3AEVekSLs=m#9 z3pUq^|BuH<`X7&v`@bIF>i-vy&!ofY}nPtKlj1Uh>`NGfM1@--(`Xfx3*a z)KWXX$LHfHAQAcY6YR}%YfW8Y5aE3C%lnLxQh^LJXT}}1cWBM2JKhij_{^s*7YYZZ?l_G7?dkkx^amx_ z5o)>AjQg|34vE9lmrEYA#1}3P?ac>bgavP22kY9)&uP-UiQ5&})gH+RX4YJJdAWz~ z2Mu_{GxK3L5z)_BiT-x6{4^=68vo)pA1CKX2XU(Vdlf+_%wMW@9LUrvGHVWKq>7W+ zV_?ehn{U$F6IA6zW0em)M^*sY85HGi0;+p-~EV>`|`z= zK5JF)*L$i08Vwq^>H6T;K*qH)+q?7@mM9g4$z+YvqN*qd2}?6F%>i7>r0G|amx|)d zWBylMUDvEY1$e(F;qDb8Kt+y1VJJZ=lgME5FTgZ-7L@Xd{#NySqT!qrrwJi81bx^}S(c;(hpHCseGb6gQg*cQX#{`@?9w1{Q2S$63BwqCL2uCRm zT0Tk!mKXp~P^B%v@AH5VX?$EW3yCGZsTJy>vBG;26{fgEy)Z0?o(W&AL$8nVoh<7O z_3j@GA#B2O36n`G<$FHyXbpLt{C>A}D86L6E?F??*~073f&@lHZB~sYJQ4IdO0o%S zcULKZt;1M|)=$^gk3cq@@+flDv6;NryymW%sQKuT$MRHxHKLj{bO^$Iqe)i?8q~ym z+_S2ePY)j6f`zRVZy#4p;q>i;YJp@Dh9%`vsggIGjXMfDpdgj59wjL-7#Vx%b$H(J zBpIJZ2!V(H9s5}-8sQhFZw}sjlD_QItw=-5K0-ue$?MYp#9rs&h1wg)U~c zTQ&BN(`j+RS7;`ij>P6W)j$L=MO_8JiC>6J{k%O^PK5CAbBU_m$T8IDNxC@Wu?Mpp zmGR-58xrn(NVY$x;56UZnDSp6jAd(;tJOF9$C(^Y=sY91p`W3A;14}%tG)Dg22 z!SJ;)O64EM>(Ky?&E;ad4U;iVJ4S2${h!KY(TOzG;TfG^x~6^~ zCM@o#ji@$YDu7Ij5=99;XjuDeEX6yt!tB^gly0b$n+MNIkYR=ge3jpLXYHhELgpWoN6+WXR z{rE}Nk}Q#MorS$4974(ackZ{+|A-Bec*$1P60|ilDTeI*tbZJ$JLGVUVHMHO7NPZ^ zxoPOB)N}^?vCn;fy0OC=AgY8$nfEV~PYF*f9K}+49!*Q%&M8s`gun;?z#VmTuAw73 z(~a~%j7G9rh?sxbRQ)z1Bjr&@$x`X@?%m-gy}g{-y}P`f7D!4~pl;1+C+wq0E)6D; zq@@U16HVE8!$(O8OAtEd)ArqVDUq&tOzKVcxC!J5-DHOZpqTCVNoshbTLc6jNB+Fs z8-^Ou!^QFBFp?inpZ@|7JjWYTt%6@gKBRmRhRENh2V4!15G>aXG6q|2^mPx(ezA|J z3`X5SbARlrKmVBYUkwLhNQs&5z|V z>~9O^$aPo36!+$Jq>1wecjYgo;%=UBC`?*R1I?0<%xzKkYczIez zS3iIn8ao@tuO`YZQ4^m$1fUbgQ7IVOt481|F)0G7qOl)gp9RtEH{ihyZ|Dn5f+bcq3$ zhc)nlr)MKuR}g*eCf-71b2}a?J{-BaHX+p!p~&ilM?b}15SGJ|3)haHTOy~5Akr$O zq-n?&77PSE=PD1QOU8TVD2l#;x_Qc#06@1?VS^(at85HZ;f<892>KaDH#2AsihM-X z#D`E+7$87c>I|CU(kBxA9=;O^uaDiI3i`7yv#Ipm%9S(l_z}ktK08xcE%_9i+)u3D zTe0~miA#J?;kbE{k(BQ6I6uh=0NOxu=~Y0F66`HafwwNB(h+n*PB2&rMhrWl6#u#Il|eF{|)m6 zP1pSk<{R<&56nlIDJN6ItKKgqn?n@e^k!Od|3ze9w8HuK|Kajs{nzCi`nSvXxGF;8{m13g`;W`l^1YyN;X{YkmG$vID}F6W{^Vp2_V5)DY=wh*0$$q@pe3)6>TfHpk4F~OGGjy_n9#l0)w{*r`MZiaKZ%t4* zihKeB7{|tzO^<@HEL!EtbiE*$J}XVQa9H_>P|{fGXX!WAG>~VJOALk)Ft&o47r~;X zg#M}|#wiM;Fq=l+=`b4O|I!Yf$7Ka<{mJ>}Pk5a1QgrA;UiK|) zyeZU-eWgk3trTLkQ&;fA^VI#%(nWC#RsdwH@IKgT#CVUiKf-l|R}7mh%kT1Ou%UoZ zO7_W=ldd@&&5tiH0;OabdpM&oEU#REI9L^gQ>#Ik)4sk|m zhl;wp>a=?OmLb{;MAnxAAxy#%;9?ETe^%^XRLS$KAy@47XLC2aCsymzqxpmD(d0h5 zZ?3dixbY^dBumvc?gp3e+U9pm+YQXkVsAcS*x`5LR({+uZjWdzN-?w-S-D+mPcpt2 zi4>!uKN<}5ICdc$73lGXZDTgFlxFa?L&}bT`SSArxQTgt&vsrDGdKv^W8(q9CQ zr_pEJpRKE#V&6nju9#vc2l5GSCrGL}27S?GtE%G{B*H@JN|!X`M7|0|Wz%8(FveBPt8#4YjwW)zI7_17rol5L@N1a8F|_L@on!paJ3+TifUMQ^c3N>8g4*{>rC-2 zBzFn+1=&`vA(6UJV@w2Ar^ zUybf(&^ZdaUmVXo*uOIv~2kUeP`h! zXxsLWeXr%Dw9J@qQVzHD(S2dvRcAXmQN;>yZYPg+ks)UYLTRW5<#9{!|G`R}E}vk86y zk05-J8ClDktA{~!MX>kZ8J{OF_vW|-RAZXPH+uF>{cntvx=Q$9DB*j5+ANgFEVYbz z_&QsNXSHrHjGuOnhLhcuz1V_9PEVpmfwlFOr(4ye;RZEw95%PBhyBc8y?*`X%{)x%$nzt&2vKN{O1#q>kK&6L&bkW#}Lklq<-a?RW*MmhAvvRo>=5P5+UZeaS8FlI`*%MQAtFErQ8xKWn774aIWKL z2x_a=7udC&{86)OytW-U)0 z4raqX{WRNqC~;|X;B=8#f+ohS5AsGxdk(oRbj}wNf%Q>Y{g~rG?Lgg1WbJ8x2GoR@ zqbdaexaY$-feeFj##(Teu<~zLhngaP$e))dm(*pBH@?&34d8l^xrzg(Dws?}#*aJ` z`Pl~vL{raw9zy={yY??2utCm^vK2T0Uy2l6>0ULAz|VeQ-Rn+mS))*wDw4AlRbo1} zE|q3gSsZaS7<3fp&In1|ps*(9EGMh`wSAQ6L9xSeh`vgRW6O!r0Mv8Fw-M#2(=GUM zFrAz#{byrN3Q2w_l{HQRJR4EeBx8LVMrn*CR>({%{3uBY(b91I^sN!uAE5A23ZX5jbam@X>%>uo&+d*ws^;OT*r=tycA8s+ zcPSe={LgJ?((oBue=3KpZ~0=jga8&;O;&|;W#ePlCVD+TuXElI1xRdT0E9{=sdjZi z;>5cBzJce-Gm#$-Xg-0W4b&W#>f9RSB6+3AT2?V5=}S{#3GF1+ZNAkaj?aHkdrEoI}iWRsWBp65hP#WZPlg?ygP1keZ9dKkpOXOK=E zH5M}P*#$$<)i3U*y%#tjZfM^H=qkB29kr)%Ck(>k%zu|jz{HJAoy#}BE{T1YiybK5+x)=Y~^ zUW0#~iyf3cmJPF1aAV@qX|B|rYd#+1#jlhzM43?hCBk?8xQuR02n4nBQv6wIq|UN< z_G?E>%5DybN5j+JXsreXeTc6ZG8C2o!z}^J((GIBI!GPF`#hp9;yF4!K?V4hj%y)+GFo;l}7{!JF1r`%4~k37;sy{{?L0q@1okr(y1;^0w)qdIb!LG8I zkQ7ve(Mq=S=ci;cO{b;Y(c5P42ox48gj^lVAfIb68*-C=NdcRFGldR?K{ z9$I4FA;{Uy@?x_!I|PoqT9?>AUvhjaWD|L}kYIZEQ*R1WTgyXI7DrY_{io#EMWj^IrJ7U-tX){a=W`^sQ3m6WttY6+X6R zaCCZ26d4By1_;Hbn`SrZosgf%UUba!iwz>N%JhP-)47L=(O;@an<9*e+E?M^@5v4Hmr@G8xPOM0q!s@4YD)h{k!|r zODQc~L(-b?jUjAA6QGY~^yI+=*r(7 z0gvHFnD*agm;Hp%ed!+45&xdaIx6h2@f+0@LJGFy;-A=2cavqS6k&rAjTE|Kp*tdH z^%mnrvhvvXLuro`4?Nx{DwUU|bmD?PpT9zAi-xP8eNDFLb!AsI__M?06kl3Y{Yimv zW%RNH`Wq4|bsh6L=CJ88>|*w9&+t?K_WRCip12*nm$C=X$?_M-pwh`RT$%AdBQ@{J zAJzG;kahP@G;g8J8w;^lTedmN0so4-Y4SEBBgj@$d<$T;n-8vtWwl?_MuO->QHxXO z1QrpOi5+!|e$D=}BXP&YuK-Oh44bJTY4cnUJoV;r$$t4HD$S15e(?m%Qv3qp`hAVb zD=QAAkW)j`L}Mj(Q(QwTBcJ%9O!?3Otwjk3|td&;kwe9 zO$O$3Xz7U?Mhrf@;wjhu-R>tl=luN)JfD~z^nNn}H+TKdmW>LL{N0{8SfAu>SWb|< zG^+%c894J~4eU0lHzde%(B6({YpXvB8j6dgfbF%AD*P&K&#yRueiG^{xA_a#`hvXc zS*dM|*D2QzEdsO@2mLw^^H!N@{_iQM?>>D~^v^r%i(Qc+3|W{rp4we#jD^hrkKG7F z)V)-E6h(%H!(jvQ&lli$b?VGMVv>M>9oph$%ln`a7o!x zqmz_{iaJCr9BPk&=*R*KTbVk$M(}@8GtIC-PDn;PjeQt`AyFYbtkv)zeqg5ylx4RL zf=nAc>z*w9>oTMt&1^rd2$LekR$F(NQZJw<`Zmg@OTRXX0BpvWP53#({yuZDKm=w& zO)0U%ieI+MU*)#oTi>%9ic8G&JwA~CQW!&Xcr0K*UaWd-|Ls@q-x49w$rk;5spWMT z=m!q2{UBX(yzmfOCHm5Z=zpu?D##iwrX|qVED{FPMZ|6(`Dx>Ma|!q6C#FOO)F4dS z3QQKyXo~Z6ss$u4)%L6kn#r;TiAUV??eZ)49)g2|?*`Mm7;o!ofkgNDy5i}X89Zqq zb8n_!h8c~OnS^BKV}*pRehi7aBQ_95CVED^uW$Ie2N}y(av+?a{k9l8JWLWoWHeIo z^V0X*47FzNo)3KH8!C@9PWZf+p?ZoFDC@!*c*CN~oNsc}|E+L{_sWf}h5p5^Do=Fw9C!kl22T{TOcFQtd=bPcic<8Sp1h1_40eo81q~w^9_8 zhrlHM;)Fa15M1J9APX`i|Jd+(TqPJ)xW)x?df+9YNL00@mN8J!7II@%(tG1XL;-~; z0~$lE)J$_+r67)m{i#8Vu(=8JdxL7!2ze%OBZJdQl4=l5p@4)dwi8zm?}OMkhE$U- zU0bb=?v?Vl1QYAjJbyv++hXy`_{W)%K6f^o@;=a1P-?5_axfS12+?;YJ!Y}GnTQ8+ z6k5y1k?g;SJr-k693vhEc-QmL2xN*ny7NcsKy>(af-Ea3_LyMEI8#Q;zGFr&Zjl}9Zo`86@32O*xMRj$Y)`5fd&Sqs~ox)x0c;S*LoJBGAhW6#R6G`6j+{*aGMv3Dm_)e|2W$U{KmqKLuJjet%O;e>tR z0Mp6maz6Aado=opz7T%6>8&c*rg4Ws`~@%NI|o4%(F(%vim~iIPv$72{CCW6WOe6G zR&GG@i9aqc-0s}5NycF-=#nJs5*$AWsh$WE#O9-B2Q}=pbu-OtJ@5#P*=mga8XG=5 zQwQ{;exGn}DkhyZB-24&$HbX#pHE+9>1~VALHFB+mHY7(og9=W)uTYr1H$7kf1Cj6 z0_flslx>4z(4a`=gm}TbN3TZ|>rhx|C^eRqaR|;`u~KZHbHNb6#*#$EoUo_z%X5^L zY2vM>wC@wcjNwx#WXc?Br=jL_>Y?~d+kF?#fpNH!Dk@-Xm>LZudvQ#MT+mWoMyvFV znbX0BzKGCs{$OK=B@=1%3h@p_m5x28%+1K&`ns4}L|(SteLViN4}y!T&ebnq^kPs* z7f6MfC20L+yJqur>-3yqie{w@5lCuoo|p5?Wtf0IG^Of$zOo$Q*{I{*hwHet$z->h zm1;K6eWo)fCYeoQH?T}qzPJdRC$T@2vP(K%@O2$=$Z)?zLmkfb+p_hh*#O)*ow7Gn zW!m#JTmGo|OZiP2xmw(o6uYN}-y*G|_mN(JhHT^v`;T>j9Y=U2X`fBI(I_0K%*68a z{Rxbri06>}R@(biWA#5s&QF#L`DY9>qPtMyGDOQ9y(PBka+`hO)N|pFNV*F$ER%3~)E?-5x z8YuDD``qa7w#FToYR4Z2;?std$7sDp8+uMM7t!9c@o54HoH3q!7@Z7bJId{xCU@c_ z)1u7=u1m%dmu)^?Q22u5mhK@JHFT%Q*UBEMB^N=M{^_LKtb>8w@KI1g(tEL(Q z4M!;iF`9hWqv{or1Z#KLwYwOZ%XygEC`Kw_mw#mC|CB(0zJ!YtFReebijklz8Xcb` z|9guZWjU$G-Z0ZL^p_l_n&P^YTBRY{mhdw*%5wS6f;@`Pfu>Tq{>qpArp6(Uv|h!}nk3A9K6d*ZZCM>s4e5Zc~-9b?`HLQ**n+q>~+IzA1?HLVucj zz11u0-7mU$-LFiPq^PmniT4}?QmOc+5(`rEkaXLGZtTWZ^=~nAI2oO_aE;3`&;5E6 zvVU%YxaB2-Vg8^KMa#%|QaK8N=?&z=n^f@p07$Xqu3a7HpoJeSKfpySah z;w!B|0(+5G{WvA7l{aCLoXkog5VcCQXN52{9iRuB!I*n?N*w?OuNU7VP1M{@WCTVZ z64+z%5V%_6#S#1bd=|GsnIwQU21`9&a>=;0%hW~RYUO8GLQ=ljG%tQo;#*iHfG?1P zMFB>*x+M6zJDxpf4z_dbJD?{dp2LBcH5P;eI!Vm0^x^9qcdg_PsyUp&DPCE%4$?hr zotu1yWhU(Cp2(%a6t<7gC@GsF&3{Q+nhGlD`haSPj51$!5R7rnu107v=L4xi9BMVJ zNhLz#RWmb4Yw*jWFT*aeA2I*!;|~!dS|xNcqaw~8Xz#tXr=#noMgx4s@Nbm1S|6Y7 z{%GSpPVlr1(9C=LbCXgQ1^7E^W|l-)aV1X284WZF=EAPBXT{j2ZT)c@3u%~G{wG(-{^zqRF{rQ+l(((4nF+ux-%Dzm@V!cW&%l=3>-?ANc& zJ3fyT2b!UGb`FltGUiRFfF%y4&B&h@p-sN0Jo^t27tjl+!1!w>HU`GSu}c<}DCk4g zuJ9ppMdO*;uR_7L^i8ZurnKbt51$9W5&e};6m*!aWPRpP`9Y{QEHP=Ttin{x|A+y$K{W*8(V|610#k3yRPO%J#X-e14|Q4z_^`7AtsVY>cY5PK)$ZbL(8;(Hmn63^Ne_U z@MutLQ9KN&9d_?<24u#IaVmLk?IkmrGz+KYKhw`pB@&PuUKa@ccptQ~ylB`B-Tst7 zr`&aY!?>oNl+9W0dql3xfenih<*13E4jAG14H9Y+Bz*HruiP39i{H5Ehvys~P^L{d z*iDSlso?R*!tGUNK{~^q>D^S>SRuJBI6It-}23-TrN=;b16pntxj(QSm>Elgv3TI3;?xl=ufaaPL~M8Q=#Gjv@3j$ zGOTnT>t}1~#UwuHuVl-nCf-*t+Rph&_{2u4^P?OEWva5vI`;Ih3^Jh(BQJ#b2_*}D zx_0w?_*l~_-tLwjrfuPYq7fm9LS%m{(Fh!kpwRt{UkE(B%|tuodSy%KFF_zm^^t1M z?SrO?6wWwWfC;4fHS$@gp65%5o{b?U%RK+shA0D`?8y-Kx>WY;& zt4i`Igw%A)rp6Rk0dm6|9j(b=pPUR zP>t<@OpMlLb+-D{rbEAok3pJRQJ7+3e?1a@X>XzOYHkuuxPyu24~qE3<_NC>M+J+Y z=H?GkeWL&>A6n0KilsTpQQ?rFVXTgep|zgX4N|L(%yF4bK9Y;)>)Ln);^nY6!Ckmy zZE*}NEgDYN{Y+0YPPMY&l-***Q3*j;Ni-MACkmh<+ljx1$&#^)G+5oUi~kjOPKX&C z+`H4ico}5UACsj|m{tOVFyBdr6 zR^V@j3si5*`w1OYTHn+YNJ(UiG|GTrk@ zw~0y1y?FYSb~r2pmzWedGus!jC&Z@o3VdSuA z_4qBdad6Blc4P{u3jn3<7)fAB{3Q7qCLQOp%eDMXv|X6t*(`ePTvz#>$R;R6WccF) zpd2Vx#v)%S6k&obS8PG7*g4_$!d$oUDOK+|U| zbGy_56u7mM2RNFE!Q2sKk2iv}+)3r?*w==E+e*>*SZ02nfsqG09v@;Aae>-@XC!G$ z4^jV!0((QUwh9_Ks-8=mavh4L$T=nJd~RZRq$kl1RyXs~GTzIeFKjz`B$C4xBf$ob zNpAOEfeYI}Eke1=IH(Z6>MKjSC^maliWLp=@+b7!q+Utt=JC?%NI&!~Uik>V{+b)k z(DbkH%M1dNO5m#q-YI5>+aur03h^^Mxx`OuD?Q7ml((okYnS(#UY$=4AD#hf-j@I? z^mlL$O1H8d-4w!VJP$q`S3YJuC$jSl%Nq`i$>FuJXiIM_#IbBX{(F3X-kZ^gyo)lNg2{n&eZQKIlk4BOTBTBohnitdVMk6V zEMs$?m?p*cif68a!v?3AC!pyjro+AR-H3Wt@T~tAFJGaKSri^g9jyUw!#kekMUj{7 zZZIKFMs5g0T@|k`ZdW09DBK@!nDoXY+@#ggk=bcNbdrb*d2&skO+q%6XZp#At zXLcqid-Mr4ye441PRSQ)mH>KHr}Hr9UT;$=&SK5^jtZAEtt!74Z)U;sb|NwO!f@I} z1Ih~{X*H5%*5sJu1%Uq`Wk~@7OOV8zeKpRoDPYd%H0Pk#b6HGk@q2WxntbZzuV=nT zDJb{`R;&oA06oJdUWS;?43z6NtQ1@Q<6%BC<6oBpqBj^iG#^xg5iFbOvGkXcAB8d;5ij=+GOb0FNrMbHGd} zp8XS;)8F=AL7%l@3CEP{6~Ou>SHx$df*r0RP*RWM9p)&KdmNF=rnn(0927Ev!> zqp|s3g-`2#?$;SJxfbb8Y(FXgxMCIABpE=R%Pqw#F%V;Hl1c$i+I#lYv|V^4rNLCi zI0UDGeQuVi=OtO_wJu#^uYi|to4#rG<~R>=J{*{}fIL=Z`SLB82d)Upj2+9xq|yf zSLZl9Dy}Lu?*cwdy8j0-C(JxL6=+6Wb}5=9 zd{3$XfgD;HGCS~-#uhLTjD$Dd-ssQ>$2*v3M7>Y#F7wi6l%N<4^wD#JGwL@D;I$Fb0rfS@6 ze5fR>kQN^ebe1l7NG2NFTTqFNF}bnLlq_*A;mW5IX0?jJ0!{L~ox@{lj&iJdjp;nG znx_|4Zlk|Q%sofnQrx)(-~xOYK12=Bs{yEWNAvpmc;vw3MC}?*c#*C=JKFCK2aQe@ z;)N!8a@a;^bCo-&^<0;KvK5J_-bZcpd(v^n@=@r);gJ;=+3(TJ#17CkV?v9!F8E^& zjRA=tL&zIu`6%AQ4$m>9ZVVLkZ$tx&$@`#GwJ;yVWbwNdFI48_x5Lj;qI=52l6Hn& zi{SZ^@wzTRt59$Hb;=>%Ga|EGglv7;(gjgeXisFYW;$IKWg1_BG& z#BNzyiY}CM{2<0>e0Sx5r>a0Wryl#K_n_p>z36Iv^=2obyJAZ*7}EX64xedK+uIhO z-R~GSpj0H>xomzje`8;9m&M&=FSC>D?c&_e1w2&c<&$;w5KISxL$*oQ;?OzuWoZ20 zR;uG1H1^WqSikMkR8~B$IPt|qcfd*%qb#7kAB)Ko^~4xdpgkrt)pW?e{^~Z7%PaL)<4}5s-Q(65wKp4J520cIg za`NPOasAh#y885nu0Q*~-S4M=ZCsb0_U%irhEIjRd%F7n=L&@r-nfQGY*Eom8Q8j}FM3U7M>?4ofVcjr!0NVE{uu=gt+ptub* zovGP;eQAA95aFz_B`2s^iu7J~TLx!a@UKU@!Vf)cJ-n87I>o8kAq7I>${Q?DBj7su z!)L}YsXF$Ia288~5z7_=K{6@+Ad;c6pKq7IxDyP(bZVW-iN z^?T`Vs(n@;*Wiej!T$Hh)&@H{^Y*+4@IyQ;+PZ9qjR>&MDqP)X{)kfKTt0t>RbjS< zYW4AwbhZV+9rWA!&9}NO=`*bBgfO+O(5H@lznjZxwnM#+PrXL-0*gD)_-_1Jk97|*&b)z@@ig6E%Prs-ee}~p&wW6{n!QYNwuGpEJbq(}ph8z40dX8hMF`A~i10{lNjM z67eckX+(lTmU3f6jPI?ZnB?}CMgFvK3btHfcMCUeZq)$mZHSXbEqHKuc-6Y@4E_&XkgjZ!$+bt#u406WD%v1Ahaw zro0koYU@l87pqbGcjdD^9M}hxI_s&v&dBC5Hvb zD&|B9=7eSDdPFU?0$Wt$cZ129ul^qz)_$!cq5hlu7u(EW8PAqgex=3 znN<)oi=mSVAy%obB9Yhk$&!wa;)#rSQeV3oSk;qA zJ4$7Sqf#b40`eVW;xr5t5dY&>Qk>t&NTS`~&pU{)(UBGf9%5s5nB^3Y-_iw?LcC_* z(a~v`V=Q?pZ#SS6zsk^BZi2OWb?*2gX8>`ZH#~nn@RmutA0qz^)r-6|K|f$=k{jv315c~?LpV&w$XjRh-*0`7LA0DX-1#}OoZlZ=XxD*P0EI17-e zd_pd?T-eQ3^thScqVUbVh^6!+n>9xxfaGTa3&YvGURhZJtI_#kQv(dGg-OwBF=LQP zE@+)e@b*xLxdR@5)vZQ57{I&Xh980Tfoo&rSpjQ{4q<-Xrp_ zX#zOY`;E&u$_|bT8MiZ_azHFNBtrcx18XAedG5L-wwtpc;T4VR=z~mIJ{=HF1JJ>cvMsabMhA zxL#y{3I)3trmk$UrN6&G%d`W88Q1F);PzDNu&1C`;ft-PI z*fR2j$-XhvEsFdsGS#Zu!DGiCMdY0#jjX^Z^@F$IuJMtz*mFq!Fsk?uX@`_XEFX5?$_Ad5(wD z?nIwer;1(4`>_9woG~&j{pfA71d>A*9qf2uf$9chz;v+!2?=lZ4j)zh8EDY%`tigT zvgQ?8Uq-rP)xIxEK$gh!G&>aOL___bPPAkJZ&jMBoSb@)GbC+4Xx>Bhz?M1b)gF>i z;*xTCjtJ)S8B@L$p0OUxB6I7WS-t8W!#AfSVTM2`$%F)xmE-{cb7Ek%xL-N^ip1x==3L*9Mz4zGN>Af}I67s< zMR|J=;;s%c(wnTuZvv2B-+D`djWgs; z$aNrB8L#V2{&O2psao@Jzlf~Lj-jY!c)o(D`LHR3 ze=NuxUnfxI$FA|n;~%B1q`q3t^xf8L6;q*rfv{WdP#Q&#rbg)VvT%52FAE|wUz^1v z6k1!M4<9(*N2}NrjAl>+^^rRX^srU85TX0Glh#`fIpD^-FeSN}&3HY1uGaw*e+^KB zQYeZj0RyjHrvN^oxYR5s&+?0*J~Gp(&MhN^pkAi@1Di^n_9}2s+*HFskVwJc!^jYb z85%s7Ruw8NPyMX3t-!H^*7m|7R@0vrVlM&1I55|z8{V=9yzA~J!^q{6zx(>w9Yq-MKxdHUAJ0ft6f>$DkKGHhB5ag~ZGfGr@H zh3gaZX<5Egtc*Tu_rw*8QP;B_o56PSWX@iP{j4XK`Z5Y0x;6#)Gx zN~>0W#EyTq^zso4$1WPZCAn3^xBpwJhpF(Bze|PV3{Mb-Cfn z=nJsz_b)F=?EK(itiNxLA19cjE-_Vjl(IG}M)#!Co{?@2lkuOlIXU#3k5Ib;akNLN za(2qGOpVGh7TL42XzI&4lQ4L2-z+LF-?Lr(jrsR~w`S}?x#in1%mXI_*>3X|I&zux zl(`S)1AX2{-EwbYs2v+~jezCpwwP3fc+$xId~n@>(#Q7EIXtWbNG$XDLPNUbq20Q9s&e`ZS)at=nFN zb(y_@-i}Tla41Tk_fE*coIgFs>AiW(d4;Qg!NXo zCQoMUjpQ+Q`e1dwW92k_#9$oS8#z&u4>R z#lvG{loorbC7aGv5nqitMO6%k;O#2nwOtGPp-;bB4*t8`{TXjc@kK1ykJJIc?N+MN%ZW+^DjQb93X~E#&Iv%hKM@AuTiClkkIF5U&pWHYKNacHKSLJV{!8-PU5^{?NUlb zhot2{m}P;?5WVQA4RjI&Ld}e!-_`Z038P^II7;K#Z@qP+)=S?3>9=grY25zSz-WKz z4>`Rsk3m_3z}h`?FM*N2oN@vcJ4;B;51(P-7#Zx+r`LC6JdBL8*q6e)Wi(eaI0&ID z43lKiZb3p(XeWG^U+x>y@7sSoPrn7Hd{dC(7d$%D$X%vSg!Ync+#2?mu{s+W z^%h?<)3bjtH1*?GPZP=45F!(@JT)KPF@PW0);>T*Iy^ES@gryNYFsj>388Da`+*{X&nyn5DA!jv&;NsFjg3?6O*jzB8^gDtF z-U`;(Rgu4*YfYQU$Wh6QCct|(UKah0eg^Nolqr%Bd;>y{G#aI`#Cx?!gQDJ~`rZ@UtyKDeC_KddI-5w4afGSKbH!#VAWt>B!fh=rKIp z&|GiE;mpByO$iyEHmk!566f?^1K9UUZ6Vug46Nz$nbx23Uy;2OIe@6n}N2ud=mBp<|gQi#k(0Jx+1nB&SKUnJlv zh2x$eK?QYqLaV$}l1|rk$WXPuWIFMk97{m5qb3B#;AP_AdBE0V(fX-l`^ppPkFc-jj|9Te7IOvRC8ym^k`P2dq*;<7ANZ)HH$4HXA}3) zEyU(+azzhMUwP#ds*xvCkdcr!d;MxQqOqCZZc-}~E-JAsOYml4ZcuMG_%LWmTbzJh zpUiaYbjV({t1!yGNGKGK8f#G*J=9iC(J=aJ7jk5l9 z<_O>e%hy~w8tqkSrrulZ4tcD2f0V=(xfN&TOcGBb<=xPCU#I}*TG{cJC~wMc4cb<} z^ML4q1$}3|@`q5eTFKXdARxY(#iMs?*FI4e1J2A*dR~xUGP_-fLAYpDk2X-qu_Epb zw*Zq960MwbCNHNTFX7oo_SJ#Bh8F7m*Ah9S6~3=L6MC4w)N~UDIGk6~G^MN7JMqmQ z!!qkl96VZjw{8}Ws`9sa{!$Nw$;v8x0I3`seLwV5`aomxthS7gLBV5!BTB0H#YS_ zAT&u?ckHg=sY__M%#=`AGyQ6f?Ou`lz{+!grr zH|eZ6vQ|fn1eLU2H*L3FW2owP%4$Nvcc`veUf>2TZQi4)@oWh}#u+BTAE@DtH|gDM zgEB4H@TD1{8awPlwjX3UGLQ%>8=Z}=%@}01cDK$0Pkb&JI4XGMx%d;S8+9m?_O`l) zbF@5l!pIiR+Xu$GCB=aoyll+%i0)f1@c zPmOhP5il%j^d7;Ki0s4A&WKAxQihB5!my!weh8)}@>ics!1OOkq;n5htMmok=F7He z__K4IbwNR2XPq0G*UysI6;0*{?NWEc%^a%K2i}z1e-GKrA#eF4&$dC!08^&#{1(ui zm#vc*WBvgR{#8ih1k-Th45QLpaOYk~E9MdZpARAfWGbHn7SJfgm^UG@w@X6MzWcp5 z2$YmhSL$ugYj6dsDSlkx+uDwogW{}_M(hDm`h*#(WvI+(>#gox2IT~eEpmyih{cH7)Vu+Lxzv z(3mI`UxXK~KWQ(hqN~JxVg6xP-36v2y9BD@fpax&;I;i0;Z_G?to8YrZgIw;04;W z2#e3CIGj(V;=XXi^K~vWfP|8DBF7aU6Jsv&re;lSj*AUG*YVVnK>Ai#O};}$yk?}O zM1FaWGJSx`>X^>eEvmB)t=a-R3Cza<&`qyAa>pX?0Mreta_F@UOqbW{;~qtW7aGzu zTdLj3-fzF25|>t0FwPOeAJ%ihWiyQASDb<2jQ!aP4lXO1-M4ZK7v;ld)>iL*w{K9l zDOf5oI>?RPSy2fPZZd14>gSh1k2datapmda+|v`_U;V66wvLG;o*+G8mDEQJ0T?hk zFg4w6J27~oXIRQ{`4tCi@T?m`XuXvW1}H>vE4T^VFf<)4VT|J3O)yj+!jMGuWgQ>u z#cN`kSORRC{{U`}g7}KK>%5m}*azy4ACOqqzw;)Q-gl?vg~ky`e{FZ~&T)+T@mVvA zk?ZoY3(`^%5v3}LvpXo)*BWeI5B7gHiH+4lXGgX~Vr;31`$!j+Mqhy?^vHwpkLiWw ziK)CR#aU1SR7J&|mUPA39mSaFEZeR%c3FLUA-waKbkd24=1}&2nC;-UZ=ZPk9>q&p zfib2(lUjTRyrj(kF4HiZCcv_mYlM`2>h_%S&uH+rE{#K%7$Bj)d=Bz4|2R4KlY>5m zDmS!ohY0Iyz}4ULds{Z4TMBus*!Por-ERT~3KM9B-dO2#u%1v_kiRZ{Whhbm4t0>n zAugyyUdH;p5otP&U4#kA{;(pB)+xFc=gT8#euSxBGK%|;fpzdSn4bDNBU6=qm{gX{j`4=GHfY*odA#Lz?hq8|E8 z{A$WekuM0#gpiJp!+bMnDIj_PeaKFAy?M83q++q5G5w-Gw_Q>YC^p=sF;i|{WW3N1 zNI*dc;@BWBBvSH_mjy`-sLP#3rknDSI>YihXiYej?}bRKwjKnve=~8t78Q0oTKE7e zxWu!ejOftN{`iw2EaA_hRyhy=3!vtKHsd>!76$x`9ow`zQN&`R^%mL+69!PzWA5!A z;L0f^x3?3q)IOn@55otsi5T7JQwSM@Rw6ETV@Vm~B?+I}yY^VxBHD*mU;Y)?bT5zY zMX?Z9SXZhqH&Cc3BC*AyE?UX!Qp>(I7I-Ohz!?>)u_J3$#$3PElUBBHGjZKnMmTF% zI1i6Ow0m4d4#J+IC>(K}_XAI_pKV z{izHMGd|qo$i}qkgbiZ z(m3_L^$1t{*OadEA7Hp_b0~-{tT4qzcoW)aR-jHum1L56^2jgCDjOH(*E6|w_%;8h zN$}%^Dyu9(m@qBR<)P{qR4t)oi6TCmx^4j=v zKe6vT$fwh5YO}LMgifppGNyFx-m7hv*6jO;u4^Z*vCOn>18Lq#wMt)?(kLn4^Sn%n zhYP#*tyyVLsX(wUZh~KvVQHw{x)#$2ae6VNK)p^6Y(-5%5JBd^k zq8DwX$^4y{v?(}Ol@DSJrxU#$rN ztnX749KTv>w2*^AbL2h09n*?9hH3OW9JoO`Uzj}f z%2ilBhyn~hZ`e3WZen)93s=ScxGxh^`3N}{N*Sfe-LQR_K(j30%paNZ6=Xs2c*HKk z*7W&~M*28A!I#KK$_{#q?jPyIXM(NTFw%SQMI@DMu)SN(=1*fg zG%B){L*mAdc?PslvY)aZc7K{)jiIiEXN`LC#5E#qCaw9wV1*LIR;~hyjGIIeueaT} z*or_9STIddw~`jh(TiAFbDxcGIYRO79Ej_(v163CJNTn9wb)dmXKd}y#y@e8bP&&J zoFx^wR0Ht?g|qzW_=`z7H7Nb0_>K*;XPSrt&)=5sD}QY`40Kl!d2Lxz6)J;c|5HH2 zcuAXN(P93}po?H`3{>M*Mh3aF+6s2HdUMWsC$J-cv=wX5UUleL=e?v>7j9$f}!m+gPvBCOI)Xg&^Uh*?Z@`RT8D1~##Cz5m4}oIhaw%z z#MKXx6Z-VgR}xR>ve4@iApXe8FSWEy9?ir*8I%01ClTH^fjDB~+Ki|dSXmS}5R#6; znjdK%<1rOqcuf&kYyN9e&O|2~0LamVrgF3}wnjYm+om0J=ouFQrfIWf9wDusQyjt- z|B>~v0q{*kwuqIqumLok&rwf+lj>wcxY&k>H(%O(&y4Q7{B_wgIKHFpIYxnFKu<_2 zr@(iUk{P5?SHX~V5I1Wrq0ZSOV=}WU(6_6^Oz1p6EsxW0d(gP5B^oSSmttA1v00_c z4Kb&zOw;xu%%QY2$w~H^HltQ7?+y9!Mb!^J8Gl$cZuDXPcQpXqAeo1H9rmZJhrUiL z;PY2rnTn8|!`d1Qcadw>fY&_**uQ$mhD6&YeH|2Wxt*!UxZ}R%G17}v>||isc|x~` zdZpq~I31J`Kn|n5vtRFMw}-fRrJh;C$iPsH;rl(^dMRuQdR=hy&myV2s9zF_4bv95 z-#5{nxmbXBDw$Zsvv^TuF{;i1n7d^j!r36OO%LhfrSijA*`^mRvK&izH=T-_i>O{k z`#Q?~szriCpbU#D-_2-aZ}OwH+U||(dnj4P9R7M|)PWf##z=AO=B+RTbJr`qZXBr- zpX8)7lrv1w{VbH8Z?LBNtc?gWFj?JB4a+xnWdei48xj%J95tnEG==rSJ^|6T`A#{K zH<9~0_E?4viq;n6rfq+sPW!>StLpn;^6KJbb#w%bl}%u^Bah)-q+&g_cT!Z--VJ9d zI*knUDc4yM_3zM`{ddF?=1Uy(SD{eYWu@It6^5zwom}gVqv}@r&hP0N`^o>k@V|$5 z7TL;D$C2@gY{aYrPJ$mw&+M`@0RR9L0KfzO2N+5aEo;uc`M&Xa554Xsy=s7`_Gz%M z;aT5*0GuzCk6~5+FT4Duinh7YZue1rRnwrD_}tr5k_M~qc!wYhZ`350 zD)A@4MuD^`jp&nwkx-0IqO^xqhhW>F(2+v-q!EM`MYG;Vz6B>9mlKOt&AIeA;M|KT zC9_CI6hxcK{&D`j?d8{`<8x8)bqW{3>b*Z~aiSWNE-lnm4Pzs?oK_fkBqZ@Di6J zX#ssaoww1uSgIlZ=J5M;tp{arw6wa@l;b1;U6Bk=8MMXyZrJP>WB&Q{%quidZj_XO zuD%N)PL>HohIRa6!VV1h^^Ni3>v@WV2Yb8Lc+_SY({SkM6HoUp|KtB(%^ z?dVMKdga+R_b=kE-cE|^8=a0Y7Fy?H@;}BJxvs+}>L8u%X>x^dXYiTi=!_x5+WH0s zQ(ipqC~z<$50WINv|;w+VT!m z{ z9!8Ev<(Ef*cd?^uWx>ak6nu`0L^}N@cetO_i%qX4CzXHnxIr9nz*NCJ?aFszwoQ=m z!`Mf5m0wxm$;CYfdo?NRXQ86LBw;r~#gP22Ws!JnFle3D5GN9z9h~6xwL>tNy;840ur7nxUi{Bj9haJ2myLc1{iL5BuAeT?!rF=xjO>Z!Yr((vQy?bsP zXE~p}!X#{1BJl7rnuWgLiPkDw?jWf@9MSdGGmkHmz(b&bDa>$$@cE1QQuD0M;hzc0 zqy!wj!IKBw{9y|H-WHfZ#7y)rX~jqS|HIf@1;y2MQM=tu1C3kb?(P~axVuYmYb;1` zcXtnN!QDd$!QCymI|L69>^r>we=g4DxmlNMSM6H0*W7cCXAFXX=p5Wm1I@|MQJ^aY zod}p0Td`f2P)GW6?n=P()N2RIh0sv!F~a<0{2P}8Zd0KaoQhvo5yedK-_pT}LN$qa z@20E-;#{@oU1k@829m<4ypP}hOOT>V-X_?fuWpnbt1I4H4q*7a(tAbpA=XTf6Y~;@ zGae-(5#fq*kH(Q3iZBi5N9Q1LJcxZ3a{7t6`lUtk6wAz78+5`^QdsUIc%4@|hbRSw zkKG=}ZR;U&p@5_%AEH11@<_e6vr{EdSMCj&sDhWe<2d~j{QIB037k_ghgJi2=`0i0 z5t@`jyx)kyohl)o7XiC0U3(^d9BWfpzcUGW%r87*Mchc-B`>d*Xznm1 zvi^tIU+_nVt_9|d>fqJJyKBJDwnWn6jhgk2Q;U@>+*wP%yW5CIZ6j>fGJ+cG>ql0% zaol6p*nS7@z^jjRvi}2!kF*bQfC{B}Vk+wik`;qk;5IvYXt7K5wpsrOY&JAqWskf2 z>O3{l94LrHH)DVPRx#(=7T)OsBcg?j*CwPIjHc+xh@+r%WA9aXX`?c0uCCHGjAW3| zrO+VDE4Yj#okb@-8quc5?m-{6F!qpnc$kNok>u9+eZBlY)WC>$4nXRZ zQW@)k7)ggAUMS?`7{7~&#CxL({iu-c`+XFjfm?RD2x73|VDIYN6t;-;A{sCxC!pZc zzaxRCxqe&nUXS;*j^ zLLLd0)P>E(+=}Dww+VRBB#GNde|zFGKzg{f- z4k|EzX>Ak`HqFo!DnhEw@s~LFp^@=K_?Ji=y5`jV2agxrNc^#|7uAz@ch}KUr{j4l zYO?%hy9$;|%=}G`QnMPH^YI{VbAxFf93<3hDhuz5Xr`0z8?J8SArUEZD|!H@2s|8? z+RX1gb;+U=r!?Q6;U?JCHfC84Dk>=z(C6

{#yX?U=>A~nWx16=eee4pX&Oz~TQwn}rNx@J|Y+o!G8%QS>Ct-V(h0za44*H@A z&zDQb7UHp*(gB>uk^Tiw^Rrz-?MaDP#TRhF&dXHkG0 zH`TL3@GR`vy^d2H-PGMsIfok zD2lq^6AF;;Maea${|1i9`0SF=BKh1;BL1Io0~3-1!u;M>HaiA0LBPDaJDSC4EQ1z} zdGqWUP(yji(XBPyyN2U=Fe`5TOnpY~8csk^Dt>3HH?zap| zrKZ$sH)`$bx#K?8PT06lWZxW+hbs9(89IPj;R%+~Qn2(txODaq34F4-e0TIQdH(px zwD_Bj?i5v`QDP(d;Hh!^=Tnze-Q5CTIL0de9!NfmoKvzuKZ>hTbHq`^(9f;0A1%wc^vsEP=s8>vI0bejpsuvMPT1{xh6 z)w;wZjKkP|*3xH7ZqHL(IB8-0A^HG1?LmYY@E(sXL$;y1bc2HB1Uq~{l3Lg5hSJHy zz}qKTzQ+z9IsID!tXX$!TrB?Qqz$Ub&QI2d-}l6k>_8x+SES-Njvt#_*3maRnb>z_ z2FQjOyzzVLMOb)@?mxv@doW?NU%prxU5p1gi_#{6?=k# zmD8NY%2BUE;bSA2xi_zAPA3~AsoK@ob&(IJ2l^q-RZ6i0Mb#~BUrLO6?=l2;Z=NBz z>fhhEffqFdU6yj%v1xq_hWnV8pWEk~#xifc1qHv3-$mZzrB+Nqq*AiQ4EfUI6A9yN zr@a3NtT81R41p|^e%7@eBgN2Uw;S)f4$(IKK6OdC{W0lqy0nbXC7&C%j;!=F+G@46 z`<&&fewYgzyM)Vig}ufYtKxg%APKwFyeFG-Vp~L6_{}S3FXZUhzVz z(xo#(%2?eN*r1ZWU_xdkvTKuKe$yDfs-;>Z3CH#>IeZ@?G_LVrXhgZQPrfSGX|l(6 zfE73lsId;hL6v~Cko_>MK}aG`1ES@r$$mz8V(jZA2f}R+C^1R9J3y`| zUwcNM)B)d8i5N=sB6`8C+F0KhnfLU)yX`RGEE9)o55U%jOqRF|*Rnk6g$0bt*8kc) z4l;_QQr1%J)M78Gn&M@ow4id=M4)Bzq7 z@y(|j2%?hu3{cofd;-&yRYB=8G2on<$b*3!#KWF4`rB?gbsKe3H;VxP-Y3cW2K|^? z%*l@kP0So4i723Ngdxqlv9K(BL!R}6Of6GPgcKe{qdlmF+49Vvv-VogG`?0WMx%d# zhJV8YUoIe(9mi;`Bkdk00%e=Vz^XxB3fxwFAIy#i3TB&8~qfIL8 zo(9|U^8WR3-GEegYCpKUfx4BlkQmad5ENz8MvYM_RFr5eg!){A^;{M8^4*of?6yl5 zj|UqLTWOhA4*z?(4W<^KN22WUvhGQSJ`k>Y$^8>_lm*u4kfiMG8SgWiJOiQ<)B6=i zvyNph7q_M$`r&SYBeUe7r`UQ*AoRXPtI(1XCRPc;4e7h3;~}PvkWiOYq@PPCyV|B! zfM+qQk@re_qim&^8UZ@r2=q^vK zj<>h3uD&g^+}_zRg%!>IM8*xjjif*{f+`>5%fvThqS^^qET>CdCE(F7(j9K>+M*GS zSV*x{h-KK1(S70EMXvt^xGDRpi_9+Vh|OL+ce5pIn?oGV&(hovda+@)Q| zNKinRI+CrVPBdh$9RPP5YS)2`%UgK!dxaxh-H`1PNm&40cZG;JiYIcv_tH=eIv4Wq zeSu!H%8WBn2;G*M7%zar9c{vK`e)y*Ufc_5Q76bz2Z!Tw|ONwqDWhdXyxQoX|%UGUy@#x{4%-43N)xw@^_3cK1svpJeHYO&j+b zL*Vb~PFS5JuhDvRH+ofZRoNS)GW>o9iaQkYO_(3mV;Mf%2qSp7uLq7&HF$r)@hb@R zkYYH?;hk2QZ-D_vMTgbx&}E;d_`bj#R>=ijrRh_A)k_(!okJRHxoRlvj&GAPpy?2S z7=Fu3ZrMH{mi$d98D|3EGT52)a{;G%<}n3=JbjAwxWaKAN?xiQCYl=Z?OLMm*BC4* zMj|gIHR1&dOgPMv>bp%2Yaq^0g-7Ed-m%(eMiOM0y1Sr_LPc7@ z&YGX=Eg)BMgtnK4t?$#FxuF}Dy!Gqc*B=8+_>w&e->tYa?C7+%tl~+$y5i^#NDst)IrE|l`kiPEy!n}!Fyxelq-7R*NjJn6fimfT<_;6fqj4Raxh}M{VG-6 z8P;!yA8JjPA$-IFR1lZiY>=8fe+SQFdH$yUNfB=@Rr|NdzYffd&`IN}h%KKYV~mzC z6$60&_?fP>Jg5zHb*T=|I^tz&dP_uR-D<^gZ`OWTaPA{(S_`S75;nJoaTfJ~_&R<$P?5@3QYwoVRbN8JU$a~4@?~wd$i4bk zr6O2SwmDgclcA_dSLIXm4jfJN$;#OCdb#*}PIRqR7v`!+u}dQ<$gl!Ao^dFut;H-x z22&djL@5I=Q^bXp5zVEDhyIhAZkKm21TCTPb?=cVX`_60@A>Hbe}JuHX8X=X|88TB zN=LR>G2sSC^CqOTurp(?qUsvbk*181SaDF9E|UCG@9<%b4H#Z z$wh#PD&;(6^-W_ou=U_I<3L4)HyE)1$XjHpCmYVRD?CynmSJto+4}^gh zgLo2@N%0$%ORX971g8fG-m^&ne(;4-w*n2FzK+k@L9la3r_619S4~gmTA-O^d;4PR zyv;CLN$1H(GejJ39$co45#n|4&8h562xZo#p)C8FcnxUHXhpcbSi3(XFE4h`lDiv59teXCGb@%c8qD;pHoY{>GFtvdeWUi>g+|-D4^{ zdY~l0CHy@9B;F+ z#SnKEn$tHi$`J*(+ZR+Ktnw=sy@m>bh+|yJ_9+5lxERiXww8-1KK!Bx9uDk|8$$7` z1n?x9z2fDgPO$rkL^txj?F@RwFmJ|NE1=K8x{fBKAiCEuo#XWg?GA-Z^(NvBo= z{azvX;+D3&Gjae&~kot7bOp1JgkyW^Xc0XFgk}e|D^3-48EOl(& zVl>T00gJDnKtIG47%+GS9Dvx=0TCfr%qt4WA(bn>LHEQx;yl;`tkZVZE^m}cK>`7p zBnSpzMoj%(?-6C6M({qoJa1C(w6xx?Dv4^G&}jT}0_qe+F2|o-wZy5?8B8Ok442Cl zK1v@d)u}L0G2G1A{mRoGH-ic$1c}{9*m58HuvntuuO+TV|T|EWvY_PYmVyQ((YWA7&K=?)4p>z{i(IwV|6n=nU1W*-Rn<+8(iTk3{Wb zg66FjGP~UIo%6vXysbRIzIjumHnv91T)1A;@Ix7)!hopU#ahlhTIr<`%+VxQfV#b0 zENrcG$mP2oHH5iz@!tSpItzT1R1a~t%MkuY%MfHa8_u5;G@U+%`|eXV&x!9|g+=s- zdDl;omM#YstriKWJVR z!b3NHy7k4loK9jSQTRot^m59u3l9idtG6IohIOOG7j6rKss6J3Ztyb)z)_k?GkDP4 z5PSw|DaST2L}ULOGIdSXmdhIWvB%c*wGo+ELvX=X$>59ew>wE&ti!*V5|SLXl)9I{ z3S*(xSQ604RkIFE7aEPeh*03sOgY7O*DXIu(Y-unh|m93v8& zBaEJ`D~dqRC#iR3r`y*iCYi!#s>Cgn#&X+*{IOxu=zKSdPKd3s*;(&0y!dhD%Pz#O z`{Cr?q}yF}kP+tAYLM?j-D+6KP9@Ox4sx!WytGd6s`b|G1NruW4$nX#GB`ZJLxtjYS2>ekOsecpr4mVVz%vb9B2lxKj;_l_jI!8A-jO!Rn%VoLwXBE+9Pm@B zYH_oL|AU5N7NV){7;emDxAV=s6zBK)>sN!JM+yJrDkr4m)+8d)&%4i4{WHVb0cS51 zH7NPkRGjozIcBeT|H+Tjn9Z^w{8fKRRw7BzJ{9&4i6pRhHNiAp$`D;Kezjvwh4 zpOHCK8#q-<=e&1gq^|z~Vum#$;01;x836|N7JmIkda(N-l#qQOm|^AG+Ml8BAwHQN7f~E8rHWFU+9mPHEzE>3+Ms zMbaUX#t)n3AJDdE%x9YrhI1(n(dwPuOP*bHKN0JT0WrcBN1}uk;e^sGMM}LSwU2UH z)c{O5Q?6XW7#}p8-llrq^APMLlQGzWLXUe+r7Wv|^w=1yXfT(gE_e_biXVQMnBqzD zDII;FTR`W5Gv5My4vNPf(XD_sH{(-Sp+?&whtTFXX4))0A_1s}*GT8#evfSW4f|R2 zRHVASP1>8t(0H-J{7YZxKxG!CbB5!G7=Da#JW?wMG=0kwH*f!tID(EKR@%}O3gq_W@3$B%nhRtf12ddtrQwcW;$ zsC`EV#xz1R`T)|K6UrbkMc$PlDUjUiPW&b-C$uO1Kp2=zCRulL!E=glCGAxC<5vbA=)p?K~$Sr3ybMIH)zN`d(K}370&0o zuxJq)LI6b5zh**tdNI-as@l9djJ`NUT|Bb(&^|$$?Y(wpv6oIymIy;xE9^HSKh3>Z z@W_NP{H80ZWvdJy!@ovay?uD1%uW*znU}&JnV^!^K2tOgHi_fo3&Z+lq2=vrbeQ(9 zUnNh4V5oq1M^XT)NHPXvDSTuK-T0+T7>?WLjc@l)7n)~qDM&NNCWI2U#TrB;EzMN&^a{qrBBzt* zs%;>3LJV*w;jBhkh8e@VsyLd%)K>2MXA#WNh&L~XzD5NCgQx*E7+$Tit^iD})Wa9k zB`#Az6iW;F#Y;l!-$+E@%`KPfsBD;`Yb=Km4jhj-qldU~mknoM7Cevb9spZHjy+A- z=J_(02TtuQs{7c2z_kgbc_1$p6ira0UQ6k>9~%$+>CbW_E(y}LL|EooxLV9|M+~}* z=zjLQJr*NcW`hufS=?`uCpCl>!dd1#1Q|e%DLxVnA>|st#Ub%!;2a&N3xV`3h_ghkZzYP80q+SSj|6h$=`>t9;5n*oUtV9D*7;o_*qFjy!rUli0-##QBiYcT3p8 zz6%3$IU%pLCZ_o};g;=TStot7>qlUF6C+(wEAEctz_AHX#!9TW&u}BzX&+V_4+ICF;xEsTC07OYtvhhnU(R|c~X`d zTh&{TU*~Ho?@oqZsYU%8i7^nuH${Yy2_;ynAcdRR*7#Ti;UX#6qgy7|sPuLW^vJ?0 zhkBrHAkhfVW7V>N0!8JmWIEMe8o>`iP;Y)$MspMw0RaFJ>fdC!5(^phg{_%)goi4p z^jZtoA_|(ydwI?8aKe$H-n;fl%$o0ig!6VlTS#0grHQPBBj!p~D8BiSjw5KaO@a2O z`Z^S&KN7Ph$j;W9@QajB*&TmF_>C#zd{s_s6J!$Ej>bTzTCV8GwTDf|;(4_C75ZOo zR8Zr`{qdapt^fbKa6s_Cbui3I-PpW(1pfa2yO`tRul^69{qBMDOXI&AttHaVi(IsE zZq{XXFRb3&`pD)ahkA`ZAQ}#NUiSO?nR4*!&o|DqI|<^yU4eTzCg}t8MyOV-!Ha{o zGwSSBrg*lE1}k_NvMyf= zuNIH)CovU~>H}qD!nT+b^J%o(RS&qv2^a66ZehMj7?09rWZ%$HY<<4uO{k6~R0D#KYUVHB&R zZxn6)riE$U4O0G2?*M!m%Bpe8eGf+uUjB8JE3|RtlIYpg+c`TLXZ{uZ->b`3aC-W< z(f8NbMC)yeKI7|MYO2vD68~tp7LDAG2N(7gW!bkOh9s<*IKCHCy|0n=z;||$=a54X zf9<26r}R1l=`T;nX%Z=`>e7C%Ntx6OE>WQu0P)5vC&^8?!gH(z}Qhw zXqqi%+~*_6#450n=eyvxL=NYE@IRX!mPs^>EO{XgJn!Sv#fc;+xqyieTVn`kPPJFP zQ;}9^*JXZvY{UL0L!%r(e}wfdwTPnf{Kqg&#(Qnre=N|-7&J-ZjLrba)i=T5vPBqp z5Z?;SEo$L_l#&?>MD6voiYn2I>$a}%H_!h8Sep<54HD{u(m zyF-}`7vE*kCSS5d7MGPSxP~HS_cq6Or81HG`WygBZ84$1OnM zv7z|+p1i)&YUgCz+}H{x5v#A)S}^X&mn?Fw7MdIHL(~TN9!brm4b!U`bSO(dA#A;_ zp%B%5j@EQyiHgAf>2PepT;$&D^D^hmjpM%oSv7YC`~8bXyrL|;;T;$0)CRfdDVg25 zqm;Ye+GeMpuA8RnWmXdA#-p9^iE#Q&&nq*(0<7Lq29)~9gT9K{f0Wa41(mRWD~Up$ z%dmiz!ek^=bFU5O6F++mqt~r9crm+*f1dzz10>(b*KoX?kZrAnt&siR#ZLc0QFL-r zZd85=UycT_{p2&(3uG%tKZFxVO8@G;3y2Txe=@fbf(UuAeMLBF*GB;V^ z$1W~ml768+(1m5W!L?lYL2AE0+zQ_5+|RNSNQ`vLoK5c!G!r)8Ici)M)&DhRR!)?yOdy!UyIG@h zQI5WKrg{O>Ao-M(ZiJ1UD+_Grj0}~r?am^g*|A1e$7dq(HQ&wsqI2>vO?{`h{NLXt z%LyArsMiCjC;&debT@Z{LHIrP_>xkPaslf(6h0sQfar3^G>oR~fzk+5{ju@Ko)PgQ z|474^!X(n zsqkn(L^MluFp1LVRlsxZBbOO#70QaT#h8&8{&@m$myh>yqVT6F?u!i^LgC4!3oV+= zMEoy+1Gf#0}sby@m=Qfv&}!tdn6ua~Ds+(@ z0D(jXY2^e!;Rff4a_XAgnwrdr$t3%0 zA9$9K=`Z+phFW{wh{gg?IBF!g;g7Uxyv(P|n>33rRCDn_gsfg;1rA z(I>2Dy8sgXG1}}$p{nbSW4{&MiWFdM_v;^9`%CMkux2+jy>$h9B>ALnUe>uWqSEGi z2y6NJiPT!NL?XW4!q9Pf2mwj#rdaJ?^z?dS&-E1T4Q~&Y7@*n5nqs`r0*4eZGeWu> zj2K7G#%ebqcIh2Tw(k0gs=W`g7IP>N4!u|{g8$?>$(7W^tVZmw9Ub2^q@E!{hp}1_N!hIBIY)*hf`qAEexT>tJV&TH*`8Mhn8#6? z5v_m#ogjt5%w>2*-JM1FDJjW;)Eux#Xa3Z%l;mkrbZ89VjE~|I zBM~-};0l(71j7W$~vt1XC4JrJ$Ny`DHg;sI%U~M=-q`6EB_)r76S;DD&h0nt@ft&W~iX$Ar+`pNAOa15XnOO`9!G^ znYwt6>U$gWBjIhp0V-bUeP^y#k3oZOls9=k@a=@E%uUpADDnoOybWLr)6{SGcf-ud zS#2I7wj!n_)a|hpEy4U&(Eh@%$D{-GmMDT8TlxAVlXg>?jeh4IAor=N_O@NG2;nBc z;bBmN>COcbo^K!&LoVGTMI8$3fBI(z*3n*R>|hZ|sLj4uwK|t{zbAPRd?dv2I)&6a zs_^?xYHgqd!=on(AXxlaC&~#a=9DE&Qb1zh_kj1`==tPJ%!0SY2nfDRejsPiw-JM_g>uUQbcr_?!Ulx7{t=QcP!$W7F{D)_g7on_Q$! z?X2}x3_k&r(3un4(H7xxjcN)~#a3)YLSu+fYB7(xXOu97jfox8H|1=5w55M1f*#;y zL>JoXb`rZMl$DM34?H%w$1@eB^Qz37;K4K|Mx_a zF(FzZ;h$S7NTj7bVIwxR-UxHXI@)QM2R(GH@TI(dbVO{b?2;}F7euezerIVlsRU|*o_i{yy5yNl z2HCeDY{*oyy%c9ew^r1C`_{vEn;{NVFpIg4Al0MD_2*qN!el|x^p zZg=28YKWGD7O=~f-RLlEliKrlq}b-glu$LA{^!2RQ}!TQrR? zHlrBke_OueFiB>A`l;|qyS_$IKG1;?YkyC%!w3I589u&n9lNxy@uTzM)LYMvcVcKy zAxy%THCt_cu& z)wzdRm6-?`Mb03_!oEj}hTxMD#~_=ayUJJBM`W^@4>9mq(kjQB_U~bmF&ybpZwci0 z=sxlPM!Q~Xw@B{yjMeA>h;9U*Tt6vGTT3QRDCG{zFlt1-Re50ZleC@TCLZ? z5*EfjBn3k-{cv55|00Cehi8Ie0=E_KkH2VuOGj}M`f_BLSo@t~bdVs}t(e_{E7yF? zSfH-@V63);|G?IR_92bY=c__nX1~$+AJlJl-E`R|=wNuMu-HK3mRExL^Qw51&sasq zB%LJWMSL2Xi&=Bw>kWw27$3;p5!2vu)OU?6Iu7zUV$VMtMR||Oi`T8P7WQApUw!Zl zkH~5JaaQn0L^KDNN)4(wYWe&;yaDt2MQ}eI*B&zv2E&k%9kR!vQqc0it9<{+1w^gs zPXP*ksjd%9g%ir4M-Yh+Xfq5q+c>%z86MH%dVlEzD2nW$$UGuGs?KsfZ``7i1LVD3 z4Q*v6Q)|lyo2O@S4M7o6YU^aWn^^8iwQ0ydRlZ>eT=7H71`r}79yu~{Im^uU{ijq3 zln3(qxo>&9>EqTi{q2U$p(g00+VK^$Ngu^HfCno)-+~oZK|cnT1=z)2k!}dC3oc)8 ze;ltKm&-2ENfChsaK%b)L$%CN)rj04U8QCV!~X*yB3z&}e)*wnEeFIn7QN`{8`Wf7 z)m5f56>cE2a%Z-`@8(ZlseWG>oX1M)$X7B}9fOHxP4hp2huWJWTi1s0_QLc78RYAo z=1Q`C--xY8FOg+?Q=lILMsG&42n_Z+MG+>3hI1L@;3VNZ9XCds55{Iy2L*tSFkafjMiL}`z7Pkl#)}pLxtr8@2CQV8+-&I%z-j9+f zYD257lZOMfTYPb>K_^rTk|#!j?J8J8KnnC90Cuw=SH&47yk#1gZX{CCNxTRVDZO$c z0k=7@11vK(Bf8B0o2DfVQDU}BaHedzc=xtnxusJ|c&W8~|F;9_C|`SyZ&w{Evhhc?dDX-}GB0 zefkWGSq}ohmqSG9NubV0@;I?nmIY6<(vdpS17GFb$>|RMus@4&0k`~&L(%JuY`+}f z#h9-85N6bfTX{p&EE&2a-3EgDpoz&nOmwTC2p(<8r`Ra&+MK;f1uoo`Sq0I%o#g`x z3vWdHu~Qz!0lq{k8ru#b_6DC|a>cVJU)i@a>K7(60~@DJ96tSkvPII8klNF?N1a{X z;p+q~OI_)eXYE#MVymBI5mFGNU+BOi(}#(4akqF#J=ZZvYOB2v&K>pNqZ0u6Z^VNA zlj8pMsSFgWFka$n8~k)mVgPa5kaxS4#G(HbWH|quw}PB{&M9_a>)5?)7Xf`wb%~Q% zSaR6FsV5>hl0z@w5Z+BUY`Oe9Sn*ThFege~bXpH0hb88P&x(Yrz4UNo^Cuz%>jZ?@ zMkt&2zJvPBJ*`?g(d)|ERR5$`V=T z31~pWTHYNneotV%LzTEAG43Do84h<{xgQATkw$q>N1d&;V6s=HN5eaiIv5kuB#|*J4M>TISD6Y2Vc7}3nYKYx zUNjAT;iFe(wgm-6G;#bo*cC`@yh>Ty@!VprN8HGBHt&f?_cdm@Obiaa?W>Tkr=W4% z?8<+Up;0muu@vkRT$C174w5!1VgE+Dl7nP+KvGNVwY}I%6|U7}M)P_zHBnUm1DId8 zB{X&Qq4G5w;3pg|1z9krs1VWuU{Gl{gM+c=F&wZ_9#Su7DIC`TBLf+vbn%IMB*{y4 zRq5)hVUB*iV|GGWll#Kmc*CN7SC;y!0ZgFTxHa2N#)7(Gh@Q8yp#6V5VI1AAW~wrHy9>s=?1Zkn7Rp7C=&%x@kt53Dc$=OK7|M#Ve z@8WxRFt;Y66Awr``E{+_|}GhjGw zVfoa&HZ7mtb0o^bgZhp)SZ?8OhQ6H{v+AjFgx`!sxd#KWqWiyLj5ix1^W<1`K%^Vg{1(9pzJe zz@IloG(p95kt)|8Yq6{}(*6p6<@96)%d8sx9{Hm8SLMjOD`(Zt{%`-W`qmgcra}~1 zo!Vj~I80%sv#tATFtXjsO!7OJ$6hd7k5u+53!jq0NH4b5>~R`5{|O$20)QWIjUh!J zxHx>UYYuXOwG3(U6cg`+x1BQ0w_e%#Eb+}4#Kq67RP)&5X#R1#9ts02H4Q-4urV1s z$WXCU6|#75f)H9qjk_u09d@@@yOWk<=UXq z%d34|N?}2&Q@74&^>6aU7R6$8NtQYML8HE-fZ%D+P&>X}`s7Ss*GJuhKyH4mI`;Fn zWW)P&7Q4TgpU5$E^&r#2U52Rx#7c4XO}yBlri~7&)R|TfGO3o(kxj9sb7__AARhSG zD&7jPF_a<&K>9oaQ~Tqn3DX#MJLISq*KIa;la1SiIgLR|S5{kU143+w#~Qnl#g4ZE zlK$eo;rChUTJ%eC2p}d-_!3jSN4H98 z^WMXgq=C-?%h)ymgIBf1y)S+f=fE@?Z!Fxs9q&m4JvnjY{`05o3P#TwUy67hd!i$Z zFiZenh-TJeLexhPjNkof&(#3Af+MHA<)YzSj`?Db^agQu-D`+pVeFeG`4k%6J#0P4 z+m}7M#y|)cz9&+OQ$JL}AHG+=JUYO+dSmdHSEg0j1{qRAEYP(^QU*2DEEq#LSgkJ< z*Dr!^Qd(+}G{EF_iu}C=E%gpf$ISd#>#eRmuudXUnLi%9AA1@{_LjQLJx1)o1p#!$ zkAyyGna=ROCB2s(*;>H>Fo8l0C{%a?xPCyi`)~B`8-vJw&y)$+gTpa6hUN) zU1sif43lTMG+@SOexv&RWdNotwCddsH9oPz1_!<2IP<-?M^Kbxi(i^wfp~lb#pY}3 z?H3;j_lglMsz+JE??8AttoqENp608$T@5PgO150Ag)nNZZJd4gfMkwNT}F=XI!|o% zuMBC%!J6gN^gDu$knt1(>O- z3xe0}jij#-7qb&WEA{*krQ&{{co1f%h6nKuS~$m3-W%9ZjTTzYiJ1IN)qE{q%U8r6 zlFpHRfmcO}>2fSR}WazB9Rv>4$7G z*JhH#&8HYwWPzXIe|*(30L1Vi%jwm5j;?#|7qyua}%!8KSCLo%J|_1>oX{3i+4t_C;&BZkgZhz;RVq<_yX>){7Hl{K~cBu zejPl6om5J86*Y7sNQd$k`3C>4T{Agj`9k3#to~M^=Y+qF^c&ZyqvWIsWb#w3ua+TM zwqQ+Ii410HO`o}Z6Vvwk;Oy8a5M4LN^}xHj(8&4{{b-ypl#h~&SUG5&<10Kzp_-&) z>QJ4m>C)HjXfI{{bqHEkkzJ~tko#QBO8|z;J610 z3yj`y@$m%WbC<0%F@UzsiYkEJ?|>~Pff@>B@xShdjWh!7ojFCJ5OdwJhDx5$cJJ<) zb!chwPjnNnAj(lQWSFE8JO7fzKh-$jTp_7Jzsfc&hzde!b{!l-xvz``x@eFV z>t`!pZ(rM+k7@4ACV%|%dK}`^bVvtm?+X<>cn;wozF3{il}Znk&OE*q4E%SI1=SFG z{68$61w&L_+qQ>+p}U)*hK8ZLQ$o5sq$MPz8M-?KfuXxWK#*>vk&y0?6r|CQ`+2{= zFnji1YhCL&j}r_aQbIhW2H=95Gfb~L!~+3frb@ic_-DTRzyPdiL$W|zaD64{$?CUi zcmx%BYi!8|RL)Ir*@KdymWY1DI*>o9K$MEw0W(O6Eh6xRfoUWwrNYypz}YsmgrRBv z?UzRz$=sdC%ODB2R1@0Zrn7Kb3mxeI^xV-0LYwvg5%nywRhig>dwcizn22u0($ShB zi2;y{XykDGtNM8GAN>TJ*t` z+CNsrGp*b?b6a!@}sSfX?!u za&HTaHxfuVniuy5?x9uA@Jow8K_7FJ>?fS zlo$dgwB%c6ra5EL?O4)F^tsr9YSB<;oO*k^Ss&R7EeudWJbYn?h0k9J*-%un=szDW zBt`#8j)wLnWWQIw;_;(j0PkM=lXkR4jj4ge^H}WA#~DIVG@)Olti1z=k0uweyWg9F z@fs^p9WkQ{X=f^TBO`rfcMvvntRZu6q_vF5Xc5&*V=b&dh-IJuql7}pk8sipochA` zN7+DJAruM8sWfR%1lTqNU4A(|0JrmG)ZbC(EYH?y48U>oB;of1p+d|DZ+$)g0cx;a zhU#i}ov!bPqq-(>OgxM}3~$46*+YrA@apP(rPr>9l4vA$5C!cVsG0RAgp?g<+S1$$ z*SiLSB+2gI+yxxIQbCuS;;+p$^h_9DrXjbHT$u}|qW3+6Ruhg|C)kyBL>o%k84di7 ze&)eKk$K)(npB^f{qjwyqA@jFVJN%EpD>i>>oLW!HBXf^rBcloZG>}eWafaEt5Ma2 zbt3}Tp!}o~GEsoS_4EOE9e(rTFAHG$!HjT!=m} zu4W%NqdO!3a>cC(sl_Fvar{2tD=4qVS|E^vWzj{Ljf9r7^5WKRQ!~8rN;Ac*0ShBr zv_$N;U0*ZAgp?+~#YUuKQOez;00Awg>iX*W6zzEwpM{oEDG|z*zpyWG&IRmRusbrM zj4kCEV`dZTKsMvSkU%Yq6P1(fUPhrH4B2ukhd!5RB68RoAgE2`q==O^Q0uYG<7q$X zBk#)o4Bq|*H@dczuL3|ZEXb_`|c zl|LS(8?FZWfN!;!GG8YcPS<4faSUKiAt6P_Gh@(|?CI?d!grQjvnelQh&@=4R7%QxS3R)VTqpoeU? z8!@-1DOmpXy4{rRdKAGEtY%r5@uX(E!g&q0iM??O;(dAD2!#f`>l`0lA-{1lgKCWb zO*4i5DUlE^ej=MFD|#k~v9#wTzViPQ`r-9fGVW$0U1E6nE68+d${j5yYt~Z&TFk*B zPETX{w5mN=xj@0yRen(G>g{VaJHX7Z>sbH!g@vsiM~dRoS`ZVJT66Z&5@|1@ys-3I zG*$7BTa)vTp!%*8QucrmOqN3gM0ucJVXP+2n9BQeygz!oKWp7)+JOkY&^;X+%|K4? zSWl6d2dHI5d#RkCgd*b3-A_Y zuDS)~3HiHWvw#eSeFQ;*nPA018Z^pqh1C+{p3P+V}|9 z&$@Y+2?G^q>^Bp$rhM?t5Uu1&IID9DWmKETl*P)5=>3evTsU=!)I0Lcc++a*r1sA1 zg7y9)h75`09PBJAA}qUh61mpAr&bDY1uc+j?7w{q^5y(3L4*9 zFQrekc`H30&eA!A4!LPH`kIJneIP8Anjz2bGjIs$ub1HV)@a^}FpyUBf0X=1IJk#h z9`k+W1F5OyuqYQdSe2LW&4Po_;odsFCPkW0&bfn%FCmms(~vp1idK%|GDkE z?bN~h^|aFibO6a~Nf;kZ$A?WUMopJJOXs%cN7nx@ef$5_aq0NG?e%~G1oD0{8f`&^ zQIlBl_3TW#?*tP;aW)_%Pl_bdS&O?Sa09i)t3Zz z?NPn!@5-Kto{_5w;+FQ#p$juzq}D?oA-XZO%U*EIML3v9v9tX)Y~4tTUPtf`knSJc z%^%GCA*>B0CkS+LcEcpag3-SNga3RThj6!{#?qhVU70?S$@`;{y;j~OvuVAA_{PwE zQOHOe_KZNC{miM>w*HGSyL0AYboP?0DbPt)%E$l7`s1LzcKh>B+AHG_6_VI*`|cLl zu<>jIB?07o$pD#S24r=nE$Y9^f>@rI=a;~1<^|8E9Vxg*qK9mVz8L6mb0yZp2EpwW zsEpcN6y*MD|MG3ORW~Xi5)y6!PLOy%>GLymU;~KFGUq?c9%ErOaP4M^68oSYzw#r4 z0?ma1;T~sob0+o6w%hEjCsVUX{x8?&4I~s5>FW@kHoriA%W_#H5(d$m$7!|QlDlM} z?&|5?XG>j?ZixqY0+!f=o6NxRh6x`db%VhY{%x=QASYb8G?!P7d|;Rbsv(Hou|B~Y zWkQk|&*$~Xor{Fi(h~{j3zMQ6f>neo^7}0kMM8*XL<10ME{BePU8G80YCgJI9h0tJ z+>W?L+iQ1_k7J8dD#;=ckbAnCr2XM zA}#ctd3as&CnX02$Cut2#G0;u#JJI!5p~~d;k-BA%{No%&9Op_g=Jiu(PfF zk>$ysm&*+h0ssL=An5+onvb#PTQR;N7J$`tscSt%0Ih*#EF4#}TmAhXnk4`>UN`df zOCy<42CDdsZ-1BGh+d3;bS->W<1R6h2#F5O|GSMszlDB}u&>%?j(s;&5|^Xy%XSwj za)^0K1~#meDfHJ(fqqt;&icZ2WYbu0c@)(K)@YtuLJ-arQti2j>zxJbIY@^x_}f_D z0ue%W46ZI?4eB-$PNW4c&tRV+AE6Vsl$WM%>q+gFghB|A57LNynRkbtHu$1Eo1{ z^JyewZp^KPGRhLKja8jb4jaxUk&5C@MYiwz8jicQC;H5Ne=h5B%%8nnag`ry_)AKD z;US_sx?58ei}^tf|$$s2^8$D6blQ5 zjK#>bs4AA%d@vgME*o@3bXH2m9j(FYZ3VtX&k^z2jr;M&CBGoaKpv9l%-=SJSVR(v z#R?I|IogF~QLDs|%i+rEPMF{em)l zIG(8ZeIll7$ZU*nESSM8H0%3;edEwkhZ{HswW7XukI3PT?ptbi`^r!;@~1t_h!-;V z_5e1QP|-eIZ6(v-t0+G}a@H>C$T6Ye3*vvQ>sQ2K^?VvRE`@290#dr8_vtZr&3`7l z7b?s8$_6}W-d-|DJ){IZkn_L&6HyyzUKy-Gqz)K)*JzO)vrSX>bTwN)yH=L)4?ySU zmN}`5MSqnOcro{exK&pFUJuJ&rZ9kxe(y2=bD0jX3q5LmWS0YZZ^GE*&mSJpt5|dk z1v7Usv#j(f?D|==S+5=N^DWb?$EQ-Mm{6qp4;-=cl65--?(Q#ROP!|D6?u8N~=wP-Q(s%A2JLi$mM2E1q;{A!ufJ}&k zv_0^Q)_D?t)=wr^_whwf9fOb=V>a=xL~ejhgp|I#cKbPSBD7?qw?#MSRe_2m4Inab z`wKyeo*j{CB{DxE{V%8sxCz^a&y>*e6Amut^q7)|8qF@n-)HsV(JV}+fw)B_eXiR+ zM|m$TkDrs-C7}$6dmD8RV2BjBV|DO9j4m$J^f1R?6 zsfEz>o9rRI81D=Sj*6U+=;XtHDrwb`;o-O9h(L`rKM~=2!h#^^jq5rU9FKJ43ys0S zkB%xeuX7Q8tZgtI{5ZJ4U*PIK*RafYH4EnejAil&2@9C+!IFBGY$RqvsP z_eu3#p4%vM3xK$?rkb(6M8Ow;SP$W^T08H(FKU?|_BkQHn#+VWj-X(EY3G^hUA1$) zmG~x(FfiIvq~m8IJ{wY107Ds>l7)YVW;xL9mN-@6hwy7V{Ez7|VzDmYw!tReWK<4z zv);1?>pOezuqBvA)szlHLl^KDGRbHz^3dkv5N85e-};UhIgB=l*nLm&MPJ8|UAD=} z=%$`_C0K0uSqeklqmYWt(&s~&-Yhn#@AXg7dKE#6{ODZzSP*zIaONZYd-q^(YY^-x zbx&Cs3&0LpbQW24SGIn0IDb7orI-pDGjI4m!y{+%mbU`ovSYs5)_I8D+bD ze6j-Koo+k{A(gJ1bg^h-Eq}h<1$l%G=~ed1RtMZ2qv$EKepnXqGrPcE28O3DtT?y% zPLkRXbrmb+UPtTx1E}eSvx#k*3=87JQUJ2LeI?jAI2y>XL1&BQQd86;Q`y;gX)j_0 z5kjgw?!U}yr2siC{wvr3*a?~}n%I}`(doFuI3t9DFcm1Kah7F90!bq}3Tcsc0K_${ zKN=qhr$T4or^gYDTPzv? zW;m+73qqss_NT+jl(Hs+r&@|hLFh03D zvXC2C9hOpzBYM(aLJMO)9&4Mz?Gdtn?*5z<@PcD5kKNx@<4lkUp7`uY zXAxW2t29WW*_n!&e5b}hljcKQix#TD&R@M*HY5O-7@EMfUq-bR)!r+sBgppkqhJxk z`HYs}KlVmRQ_<-VOPs_@qrXDG1}ZWYEffl0Fh{8`E$Q*4bl4@yIcVqxv`At3V3#xT zm^jOpx)az3xx+i6N%yH!Car)OBT}_kZKzS>;VH_i>#pdS5$e`IP4QZGW3Cq-Uc-k9 ze|9XQS(sRfiH;=9U4S3AnXA)crP*_ah$C3@s$W?DTUm-HSp8?iV`=|*$ZKiTtdO3J zoow;s&gl-S^<|)|Szxb`d)6foam})Z@Bk3fR#e4*L_P!N{k)InQ}Pn47U&UO2UNK= z8+Dm_Gh{9FLHg4=S8%NP?E_petngs~3#USrZL2aywAxz(6Dgl6XCNAzoMcRU0*(KX zNNQgv;@7Wst4a78+~WA^+Ks?UH$I}IR;_VN?&t)}M{h~tn}hR*uLQSQhQ@6KBRRXU z?rV@6SyeiV9G`jI&I=lel|4CqNs@QAWZ7c}Lj(@Pd?+hmzC9`e#o@!Jt+!6483R$D z1&JKLSQN$utZ_rJUZhL$@H7UgBXmxwfu~p$Sm>6e^!ajP; znU(4Qj4TNgR4PwV2j*g*F^C;1znu0t#H6}W@Fh(kAp1jjRCN45K+Z@@N^!{>Y;@x% zQr-e*n|#z=Z8uzixiQmAPN)q(MU@&adpe|2h3}s(qgn-riegOQKIPLIg@Z zoOw33q_{Vj8qGBaOw!JCZ}?0bH;xEZX)6c>2Bt9CbF>C3&~aRZ6h!?Xp{P=n-FEYe zJ#;x5D~Lgu5`^#55tc*iZR%vlTpa+qZcch*u`KP|??p{xs>Q6>R+h4@BJ%5eOGZ~Ao*o9LSK^sw(&A0R><_?nx1cWaYeTJ+_1l(zN8mFUl}7i6z0zp)ZNb_-SDt%hB?IO(?0-2q{Aa8B*1(TGfsQA>as9;Ec1CX2#ACIK+ zIyTb*3zjSv`ZbGywwmC_7K--AtLR3PvZBy*3IW$ClPV0qA%fpLuK=Rde7D^9 z$xk7&X$>c8I|NSv@;Fe5w?n%UdYr;&5d{@fO)|4+A|iTxjYLw{>?kVEH@^9+ENVFF zPlLiVx)%t(5mQ4KX5f9_uPdW)2un+6c7px(pe(wctH-c7qQ$b0vG&I)9BOn3NM=d# za@wu3o+29P33KuhU{q$-h>!|X^Om1Rg<9byM#mk}!nnY+N-~6Hb(pMrB{+P<>C)Fx z-p^>;P&Va$%NXZ=^2m$M*rgso51AuP<9{q$f=^&dE!TU}Zswolp~n9J1_s>r;xt^# z1)o`~img@9zYa)lJigGlL)oCGc!7JCriavJw*zLEau#&{2?)%mt8N3H@-z4bXH*j3 z!!@^|KqPePrpbx06>SM?hdd(JKHb=yga)f|lTKFtOpbq#g z2pCNn^U+2-XgWty3Ri1KqcYrYf=x7Hw2}#Wln+MpIv z>|JL1_8ZIivyz%$_>!cbe*f0R`LfLALp4* zku7*>?;#?SlI`&DoMk^Kg?|VY=OBW{SNoA&LJhBY9SD86;CdjM$cf|fjC|u9X>Q&O zAn&el*8neNS@Q=QW!Ahoj-%Aa0Lv~k7&GgHnZL_wDqkbHT+tUZavvz zTo(h=tkv(nns*HF0p(*vTZ#5PMzewRJ+Q{-YpcMjL0XWWx*li^z);(eW zhYqPUL}oH*oN`|=!?jng(%99tpibioE>-u^TetRRHM1UfPLnXjtK`1R;nl*UiyU_# zcrx}ChR)g^wN61eL#&BljGmiYrYZR1ockuIpzROaEX^j2qO4ag0C6W)2RC+B;5L}&?IAj zaiy@!BI8&a4=#^mjrM^wyATEj7C|5iH*Wa$0iH}5LYnj7q)>Fs$kVp4kYiFh)K2Zj zla3^t*@1i|;DQF7wjPmd4^m@ZyAT2#_x*=nOo3zzR=djv^IGFy%1BMS&Uq9EK!htW^4^knh;G~YO-~j{0R{wv1 zfdi4NJ66eA%h&mkQZzUAVReV}aXlGJF1x<}S4s&)ghB^x@@{HjbozZWsK5m$pWLa}iC9qH)IJ5a6TxY5!3rg?)p<%?>MUkTJ__RuH?=$@ zvvhAK3Ht2j9=o1+3Mp?x4tAy{(l40JP~X0iWyRd#tJfe)$d-1{RWOFVg~m^@Ji>0C zd{C??7Tu>^pWEPmgwFfbV6w{hjMA7^0~VU&$9F_@7k=p62{1?X?4K%vaQda$I%T_} z!jIlPE0MLi#p#Wn82i1aNR@=27E~^f-yFOlLSY=;W_UZ5RA)f!4RkB&_Vct6d z@auXA3G7ZCqy1qP-RTkDWMyk9FrCLYa)^6Fp{E<9JBZy^PMQ#!B0#%_@y7n0GTXjP zw@+fiKIdl0Z0)D+c83;}Q5j#nL92e478dG9IfO$XX$X1jGB~cVy^LWAmD2YoQ(iVi zcWMPy*>>Y5?fGS>vGzunAJ(80{o?UFQ`38hjcM1vZsFbu~)4PIK|6$Y5V&KRRSX_ z5myVPm;g~)NrMJ8`T;5zSLZ6W)}-=t&9s_FcYMt27vsuQi?UnA#F|e0Hxr@#rj)Ci z4PO_OZ#%<}6@lpo=tJnH-54$st&a6~_1tD{ht#}~h-hk_taFRV6=2xExqa2U%Rg~YQ{*sJUlr><$!HtwoTE1Sx z-3i$d^-riefs+tq78p&g^=H8S2wj8n4y{`m8>qQyKmOyPz=**ITTI% zk7wHvqeyu}o;wp%B#>h1kQeXYw7$D&-c?8LEpj5_5EMxV{XT47oUAF))Zk+cozBGP z2#K$e;&;q-4IOBTjKz(tEe?}4X2|UeMsMMvGSJAhXOnkIM`Tsl1+Y7ZcX}?8?EAePIQL|Jh`4% zvpoji`4<$?!I;St#LyfNUK&qq|v@x*pFg$Xel| z1<2xA$RH{Lip$!Meh5<4@G8IE6M5}Fa;$T$J8e-K40!5uduXalp=s@Hfv6s**)?D#O%brFGJZZ|!JDZDz^gaEMro2|+1HnV6+u7nih-U-gE zU@fo+T$7fuMx|S);?qAmlMb=ulhH?+@|i_91VC~=+^ZWQ3?mb`By5+EmaEI<%J?em zly!W`c#QriU0;>9e}rA~?(bHf8Q0MJ6w)xS5H z@-s!V!D_c%Ewt9+v z+YLd~#4kx$Ht+T~+{`{^#omzh-;hUz5vtt~A}31d3PD2PVC1&Q4YNY_+A%B6(nH1BE5fr^8bs#aQH+bx5Ax8w z<`0mh58=b0lcTW>;=Z$RFQHw-ypH4*)3N;$;_qWK@!<<7leX#ly|o&x^oX?_vllux z(pmx^$O}{KVm`(`Euh31C%g?opSfZ|ZoKHd!p=<^q93{@lYJU-02#ho%Pj8t5Mr5G zXp)SXsqxJRI>IrXJ1i0R855@GI0q_w{4%baS_X*c*7=-q?Cy*MZi8H!YYkt?QfTOC zYOzKx^c?Zc4t9;28+YqI0+T{wMdyb-DC*AXEJ&vanSwH1O5;l$e>tkAiuN~#~MYvyMolBnX(CbkUM`OnYruGp7tUTws zP;)7J@M4(?ge%24O-0D&?W@r!S1*$7W7N}d+Cf5i<^6-y6`@6@&vr%$PCq1QUVEAM zhJ|Al#*LWvhWv40#yamz0b)%nYySYA+7B;(u41-+^GNaHYrNK{`a~Azt*RSr)85MA zDQLddpLzAB>cv4|yVJtnWy`XIz|6Q()I4#BS|Jzqm!EDV@6#MLFP-*obPFHoN!J441viQJ?m8jh4i&{4QSxQ`c=Tw8L#5feJXlxcX6NuFT4Lf^& z-4Ee$*r(>rOmt|WD(Aum0(uXTCnnvnn|FpE0hq#Ec9bgmQAT>>kDW&^(H}lsb-hPzgU~+ zfuSoJ;=eCYG; zawjqYyEHtZ=s0qyTjw12`;bXn1+{YnFf}Fi7R7&1%lUR41z>t2p0{^j%0$l*mIp`A zXbJRYBmUg##le&7?&Tt7#2;w3Q_JKvSb*sqg@~Ve{5nHHqb{)ffl0`K6pOoxGw@vV ziN|Iv4WgQXlXr&YO(z<+F8fBee%7$vxe7_+GG8+B17Y}g5}B{q-I#*tVs1x~q1@vs zp__Dsp-a9OB-B#9;ipN#{U2!YT@mX(iYpSZ+6lu$Q1VkWLcyKaVos^_k$moi`hN)1WSb~ zDYh!Eg4jzFwIZI-3|cg80_$%fl+#Etexl|uE5djbLP>Y^U0ea&s`Q@MtQn^h6yHR2 zto0ut!A*!!7e)AQYlP=Z)6E9|8ZdDb5y?hg`6vIPz&`ckU_sUfQSBe(yd0T&jy^me zp)e#XoiqL2t1N-E?(3JkDUzzJdim!jq2w8%uzmAP(SRtz&*s+iD769em}m|gb(cD- zu<;Ac`R>0Tnn(%x5!nPcrrN9dWOQ2rI1Sc2439VBm*vI45U890cFn*piYE*ecv~I4 zRc|Hq^3&_`1+)(i5!ujeT+=(9{@F6h>>Kb-czPYJ=m-PpGbB8Jh=yM3^4L8d*+dMC zjP#I=o3oJaX3td8%jkF;6VnJ}NdMWRu<$q*gUl{?cNf1w<}Ed}Ml}!FcL)8P5&qGh z(-m)FfOaXAFkrV&9fAZDcR1vu+&?Yf6I&7u4@d5K&d?a&}BG{CIR7%DrL(6^uM&q&a zJTuZuA~salU1VMlZ@_Pwo$LmEf?3i$(YtXQJ`(a?NZPjQ~9UF+c>K*Sr=)oRQ=n@jTZ;SGZ-&3%&?t2{ojVlb|{AC*yT9pN9xW z9u5=Wu*TUC30&W3;r}q%h}S24Xd{?Pex7D?%@woMz^&yFxc4X^?TYNStpz-VA<*+} zCsW03Q6#zl($A8v^(tN@wH5GmBib*_=Xw3BJHKzGBGeCpvg@{57Q-iiji z58}}oRTK=i`5XIRBGDL$J;WPT%(j<6(K=&g5D$p_ovqgCtl%Q6i(nU5fwl9UKKUYO z=GgHxfKuF$0Y_4LmkS5K;!l*Jcwa#vXeA|*wMNpDF;XgoAP zjeAn@w+s~xHCE>*$je0>JqB4XMAPcYew8YX8YH2z#J4We$I=qY<4Zi++B{=HjM(T2k^Z2g9%!q0dl z?mNXN04QPCwxf->BqgEw%SMs{gj@&RZ)AGfErv`S`9Gqr`1mn7$i&ySPUjC1jcm-_ zcu6$e$OTAyAxXDsL7fj_SYX_F!XcUNvKnUVm8th6MFAKCE3DN5n~Gj5pQvfld>2B$ zO}xLb3*30qSU)IJw~p-kZJ#%s)c?njZmvKH+BpnonAx$YN`*#Je0UbZh9B4DC;`O+ z=n@s~bOr@Q4*#$17pkOt`Qx0! zKo3OMH!CffWF+DK444Y7gOI6iTXdFOHfu^!2iDF|Eb&_UzGkU2r!aieB*-*1kjVryfm^> z0%kOycP?!j%ky4nhVz?5s8!GAQVDbedNu`_SGU%xp0{?RsVKO1wW)c}0r%=Yv8GE( zfsF`n1NFyvUbst>H3CC}%AndsibH+uW))vw;wb_vKIUB2$gjk_6Rvsl>VX>|=6ut( za!8yKP7XioEBV#`Ty8ge5;^L}iD*H^^YkYTyJ(!=uG_MTbD~{sDu86OW?sC-?M@V` z@`>5YZ#2~ia10SV58+d=TsoBQI^k=+wNf&`?$Jf=#nNt%(xTqT`Xr1YYa`z*rhG+!%K49 zM8n=7c+fO=GW&f}o8RC2L1-`Re^eO)e;@Ix*qs8hdp1K(N&I!#AzY7d!oo5qfA#j| zT4ym$_P69JUQwfVq1c-jx8I~8n&MRLFPX^c_4&Ck4WS=2Bnr}=EWIFi=#^I{AP&d= zN&UWv4aC!8m-Ve=KB>Z>T?PiwoR?`(f!WzcVSv9|v3(w*MK`59>>c`-kA$J=>4vw~ z*g@%BYe5hpQk7S~Zh?W%16xeih}%~T=~lJBZkH(hB)Y;;X@214;Cj+Y9+?_XaT`V= zal5D^dDKmEaZye(t72>w6W)-H3~6x2Ro|^6?_5D zfxyc))mso(qBRkHvW}!IZ06FWygq7*adcFgDv0L|@Tkt21etdL2-HmZGCEEgQV~Xz^c^2xl*X?Or1BJNiU34l+Jt%o5$s>CzON zKq+Zi%Hlv!qfFzR4Gv-HA60zY5X1@&r`kY041lf~LPB8`(29OAAW%$*JhDe!=daWZ zJFf1RKPADW&a%;flv+ouVDth+W*x5Zh z7A+a9j($O_l};8lkqCF@F6Zgh#A*UWf*px|gmheN&(^qH*6? zY(xD9|OS4)t{WlVSTSu|MGnuC^?2!Q;iy`>LWeHna zBD&}yL3j5+nEa@SzXV3Cp;EZweAcZjVJ{BrA?M3zWh;DkzNe5!2j=VE55;53NPgZ! zps+p-*q4$S$F#nqS$EG6uE_2x1f=#fs)uPLsouU*{y z@3R+St!$Evq>G6ii#_<~scBix=y-u)I-UcHa&8@)%*lATW-fNA4ElA|5;0Cj#-3g;gj-j=LuzI zO++8oL;{O$X+etWwMp4}QA_ziv`XyVk3_5psA_!Vowk(1bd3N7IX%5LV8f4|Mwt?V zI&6d??=jMfZ-q(UwtxuQeks~}iasp(eBDh5z7(A<71^hGnGtVr@dR_3LlIJ!)9~?XR%KpbY})<>Ce`OezPge*FBjvmDS04D)nF>trtY;R1!=pwqM z_vZXBoY&LsH+{b#Xr;SJK`gSlbMh!yMd>A-=HoAzID39?f#p8{yQEi^E)C3u9%Su> zd)4&f{;rwCQuqD^)2wb^P4V3N@1-)P!@KtD0fSJHyGk`yH}Vg=DL0R9Zsa#Wwe}A= zVOw;N2nz4LTC{NlJicP*irsr&!WEe!3(j~E&l~};I8?N&KnUBo2d}Adn>t11jF0C?>?6-;a z1J4OxZRWl=B`Abg_9&->bs9dnF5>QFtMFmXUsCvm_V3uBn*RXZraHyA3;gE?8|7=7 z7GchUqfR(u(Yhom(U(8Avzs{GFL5!X_|S!a7W;F9@x~D!|B#%Ny~>G8sm>xPFJBrSn~Bro z8-&;k1y)e{VY^gh$pL1g>1TPeDhv;HG*RW=Me_IZGCERQ9LrCzfjW8t2qI$SJc0G!gbe~LwiDn$f3~^cbQeqXb7KEfH0Jm1P@2^lIJs*uau>f<)Ol#L`PNocs^yE z{&$I9p+<Rp+F&3fFh(Gca2w}7;T&IYZ#RJ9m*NQX`jwGX#GrhY~7q&9oN4SLHd~sP9 zyjIfn^rLngAn-J*Zk8hF2#=fM+li1Epb<*<3g-hLzyW|6l=%-xuree$1cHG@4!je= z*DY1!Rcxvormn^Dv48rcUvev%Ms1Zj>6b_$TIR?kyxN0CY+Ox;B@*hCut`Na=nLkD zd9MQ12%L>?CeB3R39~pEG8k1Rn)`B46BD||%H=?)49L`O6)xe7a{ zTW63ta1Atx_70$`$Q4nEa>TwnwLHUAArH!%C1yVB;%QBS-B8^ba^f&TMtnKajWvHAzU_} z77%1EC1n?>^dN;r;l+(~K7IT6tNO3c>AkrRXB(o-`hJ8t>nn#7`QHdtp1rlL7g-Z$ z*d6Py-i*#I!QA#>TJKN_1#&}blf4WWzFf=MZlb6Rl(s-Xs5OUNT|w5CaRkfSs>%4R z7^!;+DR|XYG0}niIvOf{Z`V#D@_uOnoZF?5kZ9_F@W(!=IfZJ4CwZJEl(g8}319Wg zoVJR^=>XqiZLdrQtwB46o&OqZ{#%@}$eK`Ah;GqMM8ET_O}K_Ky(RTnhBp+o^r$Xe z5<02QtQA?Nd(%jqx{V+E?qg5uqez=NDSFX~>_^`)pwG8aT&$3e^({8qLrq``hW6L- z*W38ICTc$JtbG1nQQpfINut?-?Bn2>Sqy@5N{|6r?g;3OmqVZZcR_i*cWkK+&8k)h&Rl-EAzZt1n2kJ zp2lnYP(HhE93n0)+#uTJ%#<#A5U;{MO zoOm_f-J>)0fD|=3cz4af5FHDvpiC{{G#H1xg|)~PDB%`+?2oHh3OjlOJ29ds10>~X zADwxc!SXf9A=5fT5;`zdSK3UU4!fEbG;TRrWum4tJ*Qh+^K#Q?OB3>txX@Hs?N!9p z>UMH8OtS1Zfc_+})g!vy1c{JyuXOu{H?TRH|Cr%W;aJ(UDk}!exjIrp{M@-!>0p{MN=t@j4gFv z#l$kp*f#*d9*X{~N-!7be3Xgv$u6sU ze>E}zIJ5akah2#21($F$Y%B5Wb-1hmhT{5iM8>~ejDqp_({704n#DYDBu$Btq+CnQ zgsUtB2+>R9U1G>MlZ4nZM7QPC4VkJXeYQaA1TbrbS*kto-1Z(>%G(^x{5;rm=(Af! z5;|9#PHG#Z<7cEy-AWM;ccg4@HiQ7Lg)mOHd`ev(au;$g0si+=LE;u)CBN$B=4`XZN& z1X_~4w>nKYH0#f11k-Tn#6^b#q*@ftY~t4ZK1IV42R|Ny)CRLv7*I?3-Kp*u!ShJ+ z#IzSUiy?+5&?7wp0_LG;M;h@R4Z<+C%Av}K+5hmh@U*ufmu9y-+cTqb@6BJ{)#igQ zJ}#VQJtWTG!mhKiPx|bKxHl7i6{zg3omwyx@KJfNlD|RjobMws zZDv471}{#`VKgpYqUB}%VPw^mKjePr-9$gmoLcb_KO3vaM`!RGYYTGU9i>Eyz;~%5 zqITS=pB;~^_#yb$Y(G9LL5Sc5oTC1jNq5BW6i!vC`zJ{73`|!J4Zkd_e{)*HNu^#c z6kq}Bihs|0xI~TonBj!R(cu#Z|wC!{+ZPsOfv`1x< z^?M%8WnJ!l5J;^eq=Q5T@C5r^STtx!GA$xxV$6p;dUUUOFOdOAQqWm!c+RZ@Kh>Vc z!4umEh=x&;Ze^3N1oeuj4c?vHW?)g1Lk^~dTFR8v5*wBCbte+AKETpxM7Tdk=i^3A z{KaJR<(py540q7{-2sim^4{RdZ>+8ptAhp}aH%cb719tq0L3Ue+RCD;9>S+SM zLgktNBNN!8MXWNMY|$Bx^1nPzs+B068>F0c#sv1+zOXm;ztk_E>TP0QdeXN+6xvW_ zN<5DbXc2v`k|KmmZ)nnC*I^4R#jGnTm9HZ15O$}Q08P}@b*e$jV%uMpNn$A#QN%|T zPKz{!<%(@}pZJIgRbz{Ftg#fk`cgV}v2+Ad)jt?IYb76NqoB@bY*-eF z0%?lkGslb025o%TEKPkqWz{vaLApRn1aH4&LpA?^@`>F|*bC3L$j7i!DFoFE^n6 zqw;&y3&0WNuDP_$IwG9Ze!6!kC+hIGEGDL?-zxlDWAC$W|F;#IJZ?@B14GN&C(3_c ztrXC3=8~~(+ItJd;nGLl&d*VKI8=RIttR|EG`1A)xFa?(;sBDn!${a{D(Ey3`BlQQ zByq?*9LK|rLhL3il=#;V-d+}b@SGpW5tfdauZ90Q0YAci4PpGml2e~aop6kT-oEg- zScVXak!xw8qhYu%pcM`Z$RkVbjm^kbD)!1Bq*GaM@l_;Oi}KHt>3i~i z{}YbQ8+(xVa;Sge>5|QhVuYS5oV&9$18UjY=WgCpiI@zIrL-(A2@-dBacN=LF4E6L zepSMM5>+BWFFsClWZf?Ov}aZtdY)T*v!6~(Bhc|Q7ya%#pYeY1;xEX7!smd&Z5{4x zJcG~1Xu~T5=O={ABg0be;=wY5hZ-Pc4^mJ6tqJ4JqzDio!y~5PaXF3WJt)Pnc;F#N zZesuo-h>WtmK+9<-nQcb#J7uCYeM99MeJ(kuBimBd3dOv_<*867o`Os)=LCRu{f`~ zgw!!1w^uRjHnP$@{I}i6muU5G4(784mX{8}B`LG*e--qe8z_k*ooRZOf0&znY3w2= zHpTmNkw5k!?nr!)Zc6Qitz$>=BVD=e{AQp}(mG7T?^}&?8$3P*e<^khY=Kt41MR@r z$3q)-eLz)FlWN}mwovjBtt_`D^L_Q6BM{Y}y(4`&)OOS7B{WZ<`3*s6-2A%@Q$*Q4 zx(vg+3HeCVoOX-$JAosuc-knz(_G`SrdwP2Vrr|$-m0j7JdU@JGo6W2y=Y$&Iq$j4 z4jKp@fd%sl)_21Mj*SzF3i~N(ShJM$a)MeOogWe=(_2yeOI+jgxv&*9(oVq-6FH@d`O6@*w|2Jc4*i0g1Hlz#R!c zxJeO$-r-(3o%bH#$!Gx4lKTEzn-hRk%~+s8`bmmJ{NslEuHZTS{P4)YLBYH^$6lL*Ynw599USA)Xp;^$b}SUjWYeSM$9bEkFo~;vK9tDH{P8^Ljh4j9zD4VoW_Rf( z4LnMrLXw&Ur#p&^EEdHi>+EjkA7+&3@A(v3iMK-dhD79}kp>3+7pyCYQJ6^?b(dZ0 z=uo+ZzoDNUi&4a;N%ror>?Kg5!uwY#zMXelLl|ocv+Frd(S3&!3HEI(hnq5NU_8R5 zO+OH}&n7f)!*4q;pL*$%CHA@>1f{h<)D)1T$M}NXd(Bl?i>_LZoZk~i2l5&Ew96F>H}tgwy6`Nz2px&13w}ZSOSth z5xFjxy}@M4i~xd4Q`e(7eCXYOKhA~mqW`jK0whLTO$fNXk1ZCrQ?z7K`)ctg=p&na7rrb*X0pCtD2EU(Zuuhi>nl_hz|glEIw6>*v9F@4 zx|@p)e~$zWgL&X*$Vk&s-T8uaFB4ocp5|tB_}>`9nQaHva@+wc?~W7fuF6V3L0*X- zV;n9Bd1;k(H-)2MNw6DQdCcQ)U5h$Pe}m%a-hQ>eE2bd409m!Z_jS||qAojZDt z?%m`^E_^OhQF8$jiiay*OKy)m)5@8`y=CaPFEzWQ)i$V@#??OJo@sKTAlX$eRS>z# z!m4K?%wI7Iw8stx%g&#vwPLH+n1~ z@ZWo4b|l#NglyIt`cH6=k(#feWG3ieRLORP#_1kZIrm=88Dv!<4 zJnbR<>EZ|kBcjyh_>HOL4WZ^*_m6RuCI4|N>lUkztbI$f0iFfOD!XUkspG6uQM2ZH zLt|M`ZC_uz=?;V4H@DgL5!9qB%6=II)2*#u0=ieof}VF|JAZ7U(u6AR_d^)0p-KI(sU^mQbfvgMtPZb7 z$Qg#F+L!DsQ1!ZWU^3vZZ$ubaVR@R?=lKxj96a(o? zBD4O0u3eIhp8c-oB#oNpuW+pYX4iiFF+paDG54-9`OkH>3FyrbFv%UW+Q-7KL8;N< zMlsB*$?o8kcIJ>OmOD8H5@HIy;_cS{*`pF?zD~n;&@K;Zf(bSU4#zsyM7$o~HR{yx zt`sk541BXn*itoM@Z}|HnodaBK`YQ{VEJj*1$Af`<#q3_vrj$fX|_27BcVr;M?9QOGAKfter`gak+ z=Ml1JfK?mMbhJW3Pe=(CA9Yn9R*zkPtTh^g;)R#itc@C7z3T$#`|7>w0W$3ek-db{ z_tlDXsnu{zR{TKu0V}M;`d8c30qRBx3Kj3Zn~KH)<&|8eyv<#EM|DUxqK*!3dlMd# zb=nM>Br>KHBrl7<4dLVAn%=|Q2MmiCRg-sQBdLA-@FqQFXFgTm^7+i~$8@kzZYQW2 zywq2a7qG$e^3vtI@%Zb`yXSFdja-5uPiOs-2(N>zb2oDLt!6bI)+w=cZl{=Xl z41FPfiraq+q#nCM&6t2bFD4P!2_qzbY+}}9X>PC1^EV`iMN3gm491nYy#Be&JK$bf z@I3MtOA$k_r4O`Xl%DbmICc7_^5>RqOKckVU9u=ExoqebuLlLP_5vc*ZYlW@Hmej3 zPpoLl-n!ykY}>E5)}v?6IKO1mG{RGRF*$tvzQ`@eyv6&gin+uQ9;bk`Eoe3n zm)fTqVpWVdGqh$MVts|N$72VB%NWzG#z)S z;bWZMVXF=KU5>F_oh8;wU+_@rXqqYAa>sF%1~s=S6ZeDnW$n+1oI#^?bjL$j}oWyvKafafC;J^&^kY{sUlv zqwLGrZ~08vrJ-Rj)x^HZKOMSMo3<{&Ta{1KB5K0)G>V}8As4OgK?6z%Ns|@-Za1r* z9!s9WqRV(wo0=?0MG>|B#Nz~aI>xE2+=@FvW7le29(t4}QbtTX#Gr%*tE@z#N}-u z$Ki4isa7QyzCeJELK;AmPZ3TA`?#Bi6j(*K2pO(n|0ykKtNTD#2n9n68mHMJ@|du0wp9C!fvj^#G4pnCm@e+5_^VUP*MfB#;E9d zatu1aKl?a%m}~Nz*0@kj{Ds?M$BP})DM_j%TkXC|Rqhe>8<#3UXvZzi>!Vf>!(v}T zX>wvNbAxglaFat5N3(+yJKg$=A4#+s!^EL9{@FL$V#iYAZ}uQqW4(JeniKClOptXz z^jxu4qp9gw(=M{IuY$f$g3dS1Qz^3eS95TUk`x)pvl;lOs=pQ2)_{878(2D)@nOQy z7WJ585hp%xL_drU?j(XUv`bRK`yM5M5-BY3y_)`a&tDT+FC(7INI4uE&Yx^h{hdC$ zK7-N%f9kF-9s7d^wpIcvR=`MntT*vX)?3D-Z)T z8YyCJ*sr&`j7U624zA#iJ>dpSAA<+p*eC_@*XZB1J*lOI42MD^sXO z^(ky~b*Th}NelT7k^>bOBXuh~*EAM3(IFHZ4y`-)_}pXPJU7d;+-{N?uZ;r%g$>ZEFR2&D_MPMiH}U(7-!(KVO_Ue%n@PQj1QikR z!qyr#_s-?u;h)%)lRcBCO@0k5>ZeV9BNCOlC}U$v?1+1JVpPM(;KY((qlXmHRlt( z?OfzJS?~wA>Nk6_U8EQC&9CG2DOkSUwY=^eVF1k;BMk^hSAMZSn9mDS)NA>he8)h` z7zWFx_@IprU{rxA#~Py!hHOL5DW>bxqqTKw?>DR*BkW@-1RJFjs;V{7YdExdH!p=H zI6b284S&XxLQA3HukR{44hn#_LKj@-7Yz@$z^d)(?fLj>yxm|!8AKzJ}`?dgy36cnkAkm!9Lw%b>f7yu@!fEw;3f@JRC z(9nqs9rFjF*eoose%FOAX;#jzShhX|x!h$iw|?B0yAj70L1P zwJEYfO|S1g^p((QawZ*F_9T*8eC)m;U{NkO#($skDM0Cv9o$2hPbgDaiGk=q64Tr#lKeNWY^4+=6*5K^XdRr&z4IM5@ zJUnUs)o8LSp^18OlzqLp{+P~UkHZ6L#u*c7gOG^5mrQNsX~I-ct`e9Hlu7%6oDKyn zC)--RM;5d#JN=DR!MW$`A&>V{c_LPc&Us$fBC4`D>VJSeo^|>U%c^F`F?MX;jbJ@9 zGs4^9oh_7&LC2>XZXgQ&F>S!^G#@7{ozwqwEb+IvX=M-oP(0e(NVaq3ZL$nekRYIc zZNhQ5FP?&KmSRRzW5%P$1RWWjLZ}X;$YQPChW@w_WM_-X$${VDyIxuz8)sQE^OE*0 zxLt!zsB@%$k^1iO1o8-Yw5C4EB)meA5xwID@25+b8B7>HqR6YvM13CjUlhhDPD7WOKMfc**g_=(1`g=!ws0)+-9_8sJPwPL3o>?x;~R3T?M7Jwxm? z1Vv=nTzttwpnR||@A*;GypDBU#b@KWJK?4oLZv1{tPsl(2=I({>eGv)NF7RMx{vSo z79zOn$kEOWFJ_ALMceq6A%VGbyLmU3vIYB$^2RNTa)iyKN1S=nXVf?CPTTN+=fq<_ z${S0bF*&i*G#2e0E9kw$=dd2HZkvzla;n^q7Z{zI-DZsG+Q^Q2b0la&uR5{p_yjS1 zP&6?waWrfX`3|^vP?y_qSD-ZW@_PNqDx@BHLLKigU4XKGF*6<-$5L`7gQQY}bhPJ@Bu)0ASLeRZ{^2)2h@OL4;pKvX4RhIXYaV zcd{oXT3$Xt--MxbD21NLGf7q zaUW|-VCr9f+(Bga8@Z&yAltYeR-UASB*pLKW-49O9@(5Z{Md>8fOvO%>DX?-w{?r8SAC;Uc;A&0R5Qf_Fz_Eku6w8Mx(Et?| zuTqTP<6<8ixAzur(gBXSNYJLd6VVMp&@bGCP2}J@knx;ICg6l6n?U5VqY^7~&PcO8 z|9^n0nii58e~{xLy`m4XGUmI^k#YRQD&I|5pUXU_WmIG=H-nA(9P#tXlZt+NJM>V5 zFEFQ~XmT1S56@I5t~0_y9{m*#?az<@7Kd~vC*M_3%uSN-?#Po2bZY`?r9_6?_11v0B!?{-CR1YKgRP-E7U(sE~^ z2u0-=c@riH5@#9coDUvp-MsgB`n*}ZkJ=D%8x%MZBAi(x>8<_2ZaY1|Wp_RKYgYtB zS`+@+Bqv@2r&@AUqHET|4W^U9)8*waijbJ7wVX8K@D}Hr z3`BH2Wj8?-qLbpvpr0|O-l_yjZx2JH&R9ymr%-&bpXx6CDEPpa!B0t%Px_ZnfYk+4 z)=3$5JEpN^KPOW1+4s8ti7{|PlHmegh_ia&l&EPG92Vu1qyjJ5!s~dQuPe$ZRp0`0 z=h_M;{rscuB@pC-5Yu|kSkhrO#=zk(j_QJlHDA=Gxs0e3TXscpx$^Z# zEMM#dFU7q4Fa1PlM(!mDwe05r7&+^RHu0nv%o@B z4+PLL#hu7$U>uvnDCWEjrBh4uK@M(hG-lN71@*g*m(%Xyg#pf#DK2~99~_8*T)lV^Il<-u5%M6Wen3-%Px`g> z)5nmF@V0XUki5}^#W)A@+j!hxw*`SIEMJb)YAQ63FXC0sUy(=iUwt+;*Fbk=HK?z; z@`O-Hzv^Y|Ejox_>HYo@dRq)iSy;ZqS0vI^BxKGLTS$32L(0^zc>SamKDYP(xe)p2 zSja%B@fWR?YxIx8|010v8vhQ$%jHb%y(Jdod6l58^{{}?Z%W31i}*(BJlxB0UX%0SH2bANLl^K9!p#SDGLfEKpgPX_1sy`iPH8hLtp^Zf|u z{AVd-HLldQiS>4;Po8P(1Ulzqb7Kv z-9k2Bio1c7h9@hBn|fIiuvwWJFhT#eVcj9!`(&BV>ZDm|hG{x1nT*^Lb3D``DRrEG z>~~$r?aBypE_eB?^sTft^N~QnwBs+5F&6+{GOy(D1anu{y3F&&76e}TiCbiwoU6&g z+OO4#CALuPQh%yEV=M=aF}T<5ccNQ#L0eV;ys3a%A011?q5d)#40ZAop4!#PEIs(M z;B}J!R%4p_Fhz1Cf!$Mj@yN>{V%bT{L8z$2&sEC+yAw^1gaft zQL09?bap#rS6I6vx;c{-V8v-qYGP24`%b_qS`sVyF|`KX7>6Z)aBuN7+{7n5G0A_s z4Le%nq~xq)Vz~|+Cfr`>ok8rsH%W@G6r=BN$ydxN@o_d>v{Ufb#OVo5?les5(Sb(w zg!@B-__sRB40?hC&1Av|g|{C<`F`cNs4nlJ6j2O(Stoq7qh6QF4xpRCk~<_A=ZB5b zrmfTAS?cchei1H$4dfrP=SmNhtcG$b%*0M=w~k=YYwpKf#s4I-?Ewd8w{qkJ+uLar0k(83U*d{CL4sRA z2G4gr+hM@Xfak)0<6hk?m;J*i9il2>I4=RYDi%Hd&qO=?AL96ALGgbMWzLVk28Lq% z5FN6!j4^7DS(#^hHv>V^R=pw&;KcGiZh>nxzB^7B=EOv@llLe~(t3;zd-2VXd!pPF zorLe<{wlq9*-FL|+kRo2g)u0&S~q+)$nzG(rkv0gRh>5$#s0c-tlxB;(LZf5* z+=5qRQWc9rSQHzV4SJ&CjE`zGp^BHs{<`M8G>iI8!B8Q}SIqOu*`AjJkwX8wXEDcs za7Iv{snaA5@t)peG(m1dm7RI|Q;tCZpfZG(gGzM^Ax9cD%>D|MC`7z}AgZpAatKrQ zPL{Uztt*c|gXV8WX%A5gPJAD=M&1L{l7Y|}JV1Gj>r{BP+E1kFP1S(RnSR# zlJ=nZ-N_Z4l?w~cos9&jLSYVCeUt}d#YVBq z+6q!uXPuhi=gUYB5(H#WYVZ@iDpgTs=)7ty-k~E|!0k$r&L?EW(_oA zO^J-TvN&RCg*;4+?sqS=7T+Lj(%XYxyZxTZqzP1eNLX=-v#w8@=SwF;rrT{;47i)U zywetO`}3lkr+Ld>8wT+H{EAj5E=t$ghEY)1L=?X}jPEd#9y$n01Xq5>oBvuI?DB~% zAx0m|?a!u#>f7I({mw`QzoqEZ=V`+KkFNigK0tj1kfoTm8B;bbUZzT_qdZA^c-QUP zmM861rPH}7SZq*y2yOxrPa-{2kW6-7#GAx7Mryiz#I!_-Eu7OgUALYuUUf`+2ZY<@yxUL3q{>G9+V0*tV2 zru3DHs6uRUi2Cc{xR}(UJZvQ-L1q!A>{wUvk1nqUDP?0moti#B>~ZR7g=+5vbZER6 zcYXRXTF8`f?(&z`9c%L%DfdoLGNvv354YkIPt=+i73D15qUmd!v}=x^zE&LZU!CZQ z18os*HU*x4W#66K@ika@%4LFmXxvSjhjrqw${JDbi7R_CSTGsb#T8nyb-b)NP31t5 zc<&cA?WID#rKEObcXapZ(O_|>RN>hMARrR@*8{2)3KTz=*ZQ0WEBaWZ6ULsD)BSat zy}f^s^qB1CJiPBUPIwVl;x6ZOc7))Hxpq;&jcGsRBA_0Ksr z&ynJyCrwVI0GODN!cj^Dq74Ru<55C#HVfv<)8oK<5X333H#e2>4< zeGS+FfU8IcUq2t}63}DrkJHS)Wo^aa;x6uoxcK799twbfKDKmEJke!I#8USF-CHPi z7b>ZZG&hf77CCnzO2t&r@UjX<#0Ea~YbQVr+V}K^l1zx9(+t-4IC6tbZX}|04ZN?j zP%#~*l2#$jA<0dW8biCi&dYW4*+acPW9D+p>|utsEyF~g)ijSEGpnq)wM3eqa}Zll-B zw|l0&LG$cDlyzW$b(x2)$kB&(#vyfrZ#UoX+nz#GkE!*aFDfW&3R%9w!+NCb1UL+qb^IS4;HqpsGBz2D^MgU1#rkb3=a(N1UgwLAhJm zan~0}#j~8y^St|brg00rr4q))#rys+C=FVKJPAUyTj^|W@73E)>6%4?pKiUVxzEvMK%EUVLfl6XS1AtQ`!Hd zsi8uJWa$*V->wXYNv8;cB2fqbSdpuy=MIqshLtSc zOu|*)4KE1K3l?|j1h=O&Qpt2dGZE8sblkZP-tn)=$j=sjR7EfjRdMONmb8(^m=SwMVy_Ih=V4ViWa~ zY@apm*>YMb8q>cV^Bqo$ZnC&b_qw|Ga!J zGRF~UUK{Dt8kxGcp{PwS)c`R*5NK!VZDKwp;HNDEEs&n~iR0sZfXiAhw91&XH=H1O zpSrk1w)M}{8W*1~RAF@%Pf-&1xIuy0ldiE~rbfP)IIqnt)A4F-^Jt?-yVo=6$jch9 z8AfaNL%eM)`}i#X1B5gnQ1DhqPT3)~W8z-pk*RK|q>alsAFRy`J1s*gdv$OkW6w7@ z*hT(6z5&LtDP9xKt|#NMUbAmxn_LYV@Z=m~EX`@$pyjw!w7%Q7*!>b4-Sv^^(N>>M z;~}OWbvb>#Y4v6po8z6eM5jOmSVv_o<#}C`p%}ePNxkM^;GV}TM+FMM2(h_GodO;Q z3Ir;Y(;Wr!Vfe`EXlheWyq50y&hlfMB}be|gB_zI1~xO(JLshaz#ax&hOyW(TefU7^7viSPeW*LLq^{<_#8quDw(Lap1=NToE+R*uK ziuznMDb>r4Gw|J`vtP_6o$_AdKityGB0jIa1{mLPLWXv^llPpfPe1k2Tx6? zZLp129^{(pM*PzAi*Dy^nBu&WPC(OSYT1xndqt)b`6aE3fmc#5zfboAW|@8Hi)|Yd zF{#M@^oc3RAkN@A{6omAYdKY0IjD;4vMVX;vNk@e`Gtt>k@L6PzBZjc@pI(<5C=Ku+Gt(4}b7! zvGZNKtJ^}>KxwF-$KdwzVMWgl^1O`8P`>1PsP1bkvh*gOfj^QS^oP1lud~;uDIc~E z1dEb+p8U_+^^E@XLINLhW{Qc`PV6GiDGeWIZw7MCZ)pXxItN>PGQn@}PLHD(igm2| zPVwtXq*i6N?=}7nbqvZ!jEJAoN^SRN$B!&8+FXxC8Pi+0<35Kaeg2iP8I5b_zX4B7Z6{gjJz8l{Afd)rzV`B}f)yKamh!EgaV1uTvGELpvLUGP zEPkQ1XmV;nVRijXtQuM!W5S*w2>O@IIL~R!*hq%n_Dl0GD=f-0E8rGhNa~k@f{8f$oeot?beB>2?u$k)#YX$H+xuGAv`{F7_{SUsfe9{3DT`{P($nmI3BRRkF*K8Lk}i^U50$#R(Q_xd{Alb2qN zm`9mbJN{LcQz=hmfpSjI3lZw^;;O0ZPadYsncJX1YHtX(A!~~ZS|-HY>)et}Z<8<2 zE#^~>N5ve-`vrf^wy0jxix4oDoJZgo6N!>*N*qip@N}sO`n*GzWd=x54@ceB@J7gb z5AjYaInc+u#w<#$xn<%A6B$^bOP1Cf(1q<*aA#ToS?%QK1jv+Hnesz-%nQ{7fl8Gb z@AKD?2shN}bxr8;>&e(ZGdA_%zz<~yz+dkB>dfoHrOUOn}EzrtW;v@ zH=qJf7nUXK7@ZlKwGm+88)h(!4>g%hb`bNRnYE;)g52UG1BMEvW^nf&n;Xno#_r-z zsH9TSp4_wX_h?I>!FXi0EYmpM-uSD10vdE%?6emM7%O+7X9qK^Kgx?gDq1KjCid1u zZ3=e&-VY<+R)mugnX&I{mD~Vk;87D$BtdNoosKK|>}c(C_g|G(7=*4U1WRA0$q)fe z#I*A->!5=!nPc&pwQ1p$>X>CQeWr`f7~=bap6)i_lSf4r9#oWlFZoXf%g$^fFi}WI z{W%t&saM?iYG~4sqy)w_Fr6IYWCWnl)D!3P{3S=E1JW&t>uIBgll7Rhyq|aUxUSd993>b=dl$^XE^if(u0zPlc#Tc z^JdeK%DT5H(-}dsAfa+)$*jnq*1(eXly~DryL6Vzcl`k`O%BB+@OC6>^*Fjx)g;H6 zf^U2juB8Kp%}Da4a?a7sAkU;P3}brI5s)O~hv4dRrZZNhz*&*Pl{f~x<mJ}JGGl8tI>`j|zbayK81(WZ1*Dvz8MLNEZc zh^%uvl9JHE<-0z4>Mt;TWcdZTJeL-AjpOQhmnx&l6w zXq8+z-DLlOY281T1mnd^DhL38nLoeD3y6~CQ2MpmOrHdZu1Rt`jN;LOR&iG!-IGM2 zV?ZdDf-HBdOHFIti8?XO9fV4`YtyQWQTyKCX%F*e@>=*vGCuBY4tOEc&4Ew5NVcyC z5Xmml^KR%WOg@3XEH-&UB*Dzn`(d76ssQqJZ0?u-5hZ&H%uPS*S%%3C&>%3PrEYSl zBeN_4#IG^GGew1M_MIZ^4+1##QI0t#q4QSciTYn5RTzb5OGn)dQp&Fz`Xdw%1!)l0 zg<f-*6EBwzFQjmhb$>QSJ*A$tCThOg5HUUfu|&!r%Gdr2db z<{Mv^{?L>?>K@ToH1=VOw*}}g)YU|jiy=EjrA_IAg|T4<)ystBQ+k6;q+%SM zO$goHJ?>eJlA1@fvuXX4NVlSu65!9m2q`j)3}!lj(u859=tQqH0$m4PYk6c1{>@rp zJ}zC9*#qzsfsJ926*Zsr(S`xXz9@F=d{a^O3MMJkqHL7I59quXvS&1V9oX7qo~c;BY{^=NG(*b z&#HTEx}P$1^efg#1VFaC1S+_At$NPYmnFsf%CDEhd#BWpwW3`dwd&y@SLrwD>uMc? zQ?C&hk*xI*_WQ~u6|Wz9ZwHV85J|WHrB~*e-T%R?r?EYx$75xrGv2@}sh`J`O#49_ zA_?!O4n^oTiVf;~wE+@g>9S0Ma(=hls6mnIM++W!$AoFgtm5P+d!Uy&U%BXbKvrS! zWt~4umTvA5JG3s$Y-?C4;_p_{n}ebI?9|AH_S~!dhf%#M7&%l zQ4X^Ux(SuC>%JX{{ts|=A`niX2*FEw^76!ET*W{~-r-XsR#cRpa_rvz`nUg_5QcL? zn^qQ5qM?8nnYz{Ct|v=5U->Pna}4hwO3nYEahTuNgz-RX_GYN$6&k(cS3AURyS49p z+;FTUn@6%Qr^?&gc%N6OO&m72D5QEKXS)$vneoyDXp4x_**@yfrbn{yFq);`m~*k_ zRU%6{sHLrIn`J!NbvpKJ=-5jujza12K3AYHKKxdW*HB-n@Q2H%s0TjPJw<$^3*L)w zO7U0|aTm#Ui5SaY@Wmy2wQqXX|Bp25*T76)3_;}3okUauZbP?842=qFsHy4!i4Ca8x~LYZac8k zjTr)}0J!ykMLy%KewqG$y2^<5E@4G>fpb*bxK1;YYz{q)pEfeiL`I?QIU=tQR|}J^5O?RlwPGK{@V_8PWL$p^dPd_i(0Y9fK$?l zNbow7;M$fsE{NV!t#+FbjoDhf7fzvwkTrnbMi^QiLz9yBP+#^FA8Dpp%*5e>OcvLjG@2GJsP6{#ZX3BOxk@f zh$S5J*OP4Y&2u_M4$@Ii5Qa%@9@3HTfOH~f@qx$#>Ctv|Ss1)xO+s;!Vg~H8w|3`o z8|A*L159q`6Iy&QgVS zK3Kl$fE-PhDer7q@czb*bX zBFy|4{DYOaqgcTKuj4B2U5*hZYqTHBif3ZIXlT>I9xB&Gha6bOoX`a2hCJ02jAA^` zSNj1TvlbaBcpjU;6a%e@n&cEwBlC@ z%x}O9MyGRz#Lg&~D zK=)h&0Pimd)#7ntgt{=AexMRBK%R2mIp&hRzq0G$kE#=d^Rglu@^`nQ{sSn!6V6l& za9iB{m2BSx$`IU&+m(xqE+%;uD?}-$?K;<0_1jY%JMB$MjnX^)P*yl~w2`q=p_hn& z>=~6becqRQnlrsU#@e1zvS2C&p1{DAKF$TNM6-NTj)upc^Gj%*z0+((at4A5pQzN3 z&J_t^C2zrIQiE6%n6Q*p>LM3-d&p@rP?m+i%z^$*>GxLOR!!O)9H3iYNDk8LW*0fB zK12X}*0W~FyU};0&k=%p9|ST-7`f#KYGPnK1vV}#Q8%2nV~Ziy`QGA@+z~2`q!I=C zr70lp2}>M=?C0$5iug$8vRJ6xN6wVQ85$~K8KDNdHWvdi8P3`Cp4ZuXNO(UV{!j|q zE%@&p5`LSik2e&vq-elsrX&Y(x@<-aGJr*C@uFrKaHE<0vpp+E&Jpu;5ll6cZZ%l@V zC}xytJFRJ2$4s({;pr;OxD2aA5nUb>C)dm*Bu|6C-em%c`R2U5O_56Iac*S4ov^3Q z?*nanC^*-khF-=kvMSBbWSb6QRXRWdKLF`|#qLJ4qE1zXv?eb}f8}da#``0U)>9?^ zFVldYGt=`EUkgY=Tk1PN8PS| z3Vw90zGeHhzZ*(f=_vG}SS-)^iPaTCpZa#v6Ote|DcX}_LwOZ{&>|WbA~5>u6{}yu z1ian@aJ&&87%$4Una|lh4~seL;UU%mJ|Q1}yt`-mXTF705nqM^P22|l$V+&Zx$F-e zg2h771s+I{Dzbd9*UzGfiwukL0!vZ4Uz6Q>*+{(A;Nj0cjTmjhta5UnRMOBF%uU{FL1N+(iyByaqL2r*?XI3YwZ{V;_Zq7YItaA^LiP?@y!(<}A@(y!0-Syv9zNh*R zpz)IC_?-JJ@Fei~`u_E8KTvfb274bhBu8tf%8&Hbrzc(zWSTlvVAuq-YPxfAx-Z0E zjFNftNrqO(#hHsmjS$e-hge~E8HW8hk84ARkeuu#;08CAEj@66^Q(rqpi7tRJ7oj!)b}EuoR6SaOSLdq_up zY<=BUrp%Ia#vJvn-Z7m$HWerlSlfg=_q`s^STf)*an*!d$+{P$!qG_R$1K()9)c6@e$xpvI(VpyRI+(-iGpuYS|?OyiZRoNs3*mL zTtDY{2Vw+PDRRe2Ip}TdBOtN;>Jv8oTK>rqO|}v_(dbB+yvWg}{^cV#@gOx3ubaU> z86hEs-$iU`*G5fMfLZ)7yy68SSVwV{4r~I0!rUJ4^FmXo6;W4IL|x*L4fWZ!0K63~ zVYu$$UwkAe&hL43G~u`H;sdQ)tgS}FT0+-YKj z;3@P}@zg2o1e8N;$nWr7zIfl|wBX#s7SCHAce=xKNXjua8*U;uRt!Pb7Mc1{lcb+~Fa#LBAn6OAKzRYj#;nf#BOAazeIfEEH1Z#$?@e?*^P*e07qoGGYe4;tFv7 zYNcF%K@#jz)THlC|@gIE{>i zg5?8!OAMesy&C~4M~FszBdlTdB6;+Dg-Eht81|B|fOMb3;K@85CU6w%F*Ga3c#FxB zVtwR>mml{%nf3a18joJ#dG^3di#h{bIqH?d)7HXcP`P0<_JfL$p*ZC(?9KK1%uDo0 zwu(Md3+?*R4Mmqev0NR&Jep-PcYH#G8cl7!gmiXIZ&O@RInyVA-;@epJkh*s&eIas zrzy!I7B?S|k*tJ>x`JNE@UKeK$DTsbyw8Wx|>Mii-4ET+=z%VdkK>i;?z4Z5Qh72^h_M}%G+EH z%R{35M1e;OE@3yn=O;IX{ZbP7~5Z1E&;sYCJ(o1tOk+)CPGm^w3L zsBV}h?W-=A;eMrr*NjkmDrR@9@2Zdz79hfd^97=&thxQg`_X#a-zRNxHWa%;idj?+ zQVui8j&c#f8ES{a<_OyJ86%$ss**n;g(|u~B3mN2J0o2*4T;aoFNHr4kW{|X$BY^d zaXqaH!fV(I(E%DoMp|@mo!6no4mZ(mTg@+PlS>{xHE`^WD9LA{j>)#MUMr2{0i1qm z*1ZBs5{jj@hg%Ax=+TwHGIpvbytOD?9rd-g+5(O?E#j`7+YEV9M5kZBAq;JbMt~C}+(A z?4t2^%#9#9I0Eg!Lo&fJYcfX$H?jFN0J}}fxWu!}Tpt(mphbK}pM63FpucX;M{;xi z`ZNAnkzpZH*;;mk`JRD;7KF4GK-)6!C()XQ)Shnlt;%LgsbU0#zh{bs<8G(=Wk|9f zg6~qCNaU?0<56xFpj*xjz`2<8!4X32@)#S|m3-#uIu_br08U|5@8vS2VqdK6@RTV;UJg~SOkkL z-kIdddx!ah)w=@r&7oa@-l|qNO@{N3!wFRuOx7yZEn(YJg0{{MKvHX{kbvp32~gN4 z-rUDF-{p+FpU;yFOdly2!kv3$Fcxuv)~DzX_5TS{iYzIygAp*i&9I`s$f=e&Qx(652*RBw9D;<73D$Q_E3g8ucUr3D7D2BXgUBu5KumqT} ze;r|w=!X}~MSKTgx73E~G>rT4bfhEJkIu*KqZ^S6w4c&rV4x%hTs7B9kC{WYa~Tgc z`W=Rn0NVylXtU|1WrSWw=8Q?G8pgUI%dQDEbgiNKop78B!kpq)f*u7}f!`aEhmp&AE_) z1f^kJI7Qdyd*$EC6q%tU!JZcJz_L<^g)Da6AzG+{VJV6xcGDp(oH{;w;Hvro`R@2M^JJDf>>EHYmHUyYi!V8`kdcPu( z*Lp{tD%elD2ze9PV0S<*G-(uf#B5;km>TIx!qcQ_kziOwBId$cj9D^bu~NN~n*mLw z=yeVFzqxb80J5Ib%-&&axeY15T|N%|`y#P{JzH`#{8)Lh6=c5RP231E)kK@6QpEk6 zce&q_E6bEviHCUH>5%b3MXVs%GcXwgxoo>Qj*BZ27()o?^acA4eeRD_=A;ty`Aw4# zbYDIRjOHjW-(!q5sUc;mX7M!G;EjBYXI{XAx5M3fJ-*#qatne!9Ld}za^<%LSK8TlaT zFolc>i87SA za`@(Mv+(JL$HdmY+1)fCG+H z376f9DCg6GQ!l$rdvr$$(ra(&C*E>*5U>G%7_iDp{3_%y?57VXV|untFz4dYqSi7D z>ijvxii~i9jT-M;AABJ-^+byLQHEy5O_>!f+QI$>q9mmo77<9@EL$ZTqjQ6S=OoPkW!M`#4>bB%{f}I|roCVoxL9jyRJ^{Qq+$ajl0JOz4aHjzH`K79IXV7s#1v#ny`u>1IH0Dm z)n;r@#%w^m%)9#-Q8|PixYx+TVkK81|J1`8DQdbMfAzF`xGH)k_i59w;q`U$>+4@) zn(U?MbvekTZZ*FiCKw40vVRdaVtGd1hlQS}Np1!_(k6%dYHPIojVIpeD1v_a2k0;` z-v&w&YYxX_O4QdLyuTl#vgv;5{|Cs{pf1Xm>Ym%Cnn>%gs)}m-ZCi#;cO$<4MYxs^ z&-+%e$Ni7p9XRm!Wq6f$<>+sX_*bXa`7t?q!ePo)P#6H2<$Kfx7646|A2YoD;j2}` z(`^bw`f)I!sK3fyZE0G#t+YSE<<+GiEEzz&1$tEjpMo?Fik4H}yF^p4(*Qj*6_uex z2{Y;E)3MIpYS{ck-$YsHmYQhdy)O^;ruiA;u!)ARZ+ylfQ0cJ65iOwv8P$b%lCz$L z+gKNFS8Pw6YDN40E`lK!R95z!m4vvr(-TxVts>FOoM)0!`SL5~A|waBZthNu^+jy@ z!{ahxf8?mr6%z}E%Y8Zg>tY*rWXfITDFTq2WH}9|=!Snu>uXB^B8<_&l@TnQ9s*`4 zc)G@lCeVV_BqP>v=MQ#dI@mL@;rUKrfG4YJ3XW*Q=vn!VfarCj9~!O1#~xE{Lew zitYHwR)N<@bk*s!wkKYnCbBMl|7%Je)Ne%|@7UWX1Q*FAcT67Ar}uq%-c61nxHR@CG^G zy~`LzFDY(znvXPL*0bt!CgUILwV|dohJK0tctT@ z`Ao(kCm<#AqVD5o^jn%x%#!tC#*fiXo20+4c3c%bVDJ6BxeWn>s{`P9r8_~(aU9F% zSKo|$+^F;n;cuNP9G9O)0{J!6lqbgPmNDfK#f14Qy2};e_FxPNHra_Q0Q+ha4U7j^ z;F#g`JFh?bakwzvKFk{_C{sx{FBQBjyMEI7Sxez{FL^iR8!OsJ+)VuVM9!MWIEZx_ zj@rd*1=%V+LjhIo0_V4A#LV3$I<&va&pV1796A}=gl?sfqwUq1qGc4u9yf=>EOQ@T zb7#bv%Q-S8j_&-*K7Ar1K7gmH}OJ5m>RdmmMEBx{O%;fFBD7pJ|ZK8eoB(a_*7gm>)9u5 znK`I(`A3>cj+!JJgi|*hW)J7>`53~Dh08u=y@+fkggt@q%P)Q{wh(c4Nui=@;o5Al ziDz|UztHiSdER}D+E{TF?!epG&v;lpXuzrzs_-$2rb=P&{2zd(GIe!$VM=1iEDR0K z=_qLD-rkgigCz}+D3JVLlRrw|>g>zta^BH0^YM>s%OJj^UK%FB@kkQ}Y|%T9J|znM zmoN}MlD|AfFa+eG!3n!Pr9|GrVhH^j@_2ybb|W(u;BH*iuJgCA0y&f5OSZEu>oX4s zTU_#GS{c|%slENNoi-#gMYG6CJ~p33=ct z5pq%FqRu|65wha9#N3z5DaNt)sOPisnDph|q!znzfxM+FO>FttBfax%5{arG8pa)m zukZVDO{VyFMs*ojK+C}=(Sm+mluviJ(`A#Q5~s8AeKW4fcPo4ed{v3xaazzx@?()M zJ~KZR%{dh!oFdYt0>py;-n*~kCk;{>%Ss&njW3ocJ&(yfP1e(Ua9^YZNd8*<2Uw*} zmP?x9a{Jv;|Iz@-L7G>iKXO5DsNrW^ET zWRu1}0M;C7Gavcitc2H@p9cQebj+2|RL*<+K&1k`Tk1-NLsWOC*OhbB`CMXLl9R;T zEofHr<^A+wxQ^@Qv`+!7sX$`QLYfUF(Ub7qv9H^JQWL_HMNif5P@)^tDNcwR!NO$N z%3ETUweq16XJlOO7aHwj-|37QSwu@2e3>S+-~|hFKB~oq>A%4(T_A&f!Gu$hZ!>;w zDxu7!=X~RDXt%zIUdR6_OZq&up@5(;$Yp#WC#az|;tiTFm17uobO5HhDLdJfp{Ku`a``K7>KK0>1y7cfyC1`y!t zsV<1(Am#=7B`a5&f=P$S5@VEc#XMiHKHd-Demsi!dd>vKyhz|JL zyha*!<1mop6~9IrgYf%meahBgnm~?!)i5+lRlwtQmW{lXZMd7)6G{h(^BKR%?jOn3 z+=Cx<_L*)-@zWE3_nbaCzA26_1pY-^0I0-g!NbRnJ3w`@~bEO?t> zyjCYH2I3vVh?UXwzpO~RbQvwm$gyJ8v?mec4?uyi|1?F zdVu0KGB+7F%}8x7pH*O?Uy_r(xv~rf;z`ZP8S%)z|H$0WDqq4=Ph)l^4Q*k|fF=Wh;)L#q))I|h?pLaUs!EN?tn1zP?t&$`TM9VGj^&Lv2yQlxG{iONzZ8hHm>-G#F4P7`nBxV8@IwM#q>XL;BVWuM_)g;W~ zxIZvzGOoIbayBckV-9G?`N>E3Gr)T7Iq3CKOJ#(bw7W}kaq=b5l-;Duxj7vU0IOxV zq1zuNQCFz8|ICA)$iHJ=^Qsmf0Fub2CT~`wtI)yJ!JYhPeuWMw1PeWuzn?>^wh`zr zn!Bzcz98fhoz7zt4o1F}-C!56dMHR+t`T+_5ztWBiTzOl&71_)g)1V+sMo_;_;=AW ziYxO;SG%)Z8gwv6%FjYgce+AH`J1XllDjFf!`zJFKBW!Z9D7tYnGOpskLYGqwZ?p~ za-%e$rmMWf+OS=2zFF}-Y&ee3q9)i^Aq1rBm6&g*`ZtW|YM^(O09@i@w2k+-vwm(9 znEgjO&N$&}qWfF-&6; z${a$A>B8Nz^!>J()4pYpA^RC)e@?E#G{A5<>zU7EuSV+ae?y)(wuxD5?hByd9{!v3 zUrHxO_ZGwgUGqec9@lo~*2pIu*W^>AA9fu9gBUGBwDb5J8df(;P%OIW z$bRV4PDV+;id{?kiK;+}jej%-$A^pEJ&|PoPMyl2oDIZM{Lr>}$U)9pxHot%@Kx)M zmEBy-iElS_-wi|SQwYtw`DY(%$~ z$vl+JY_yAi-kb=UmD|%sk`!f-Rzztr7ypUQyopdOE=NW!4u#{XXwnw%-0XQ{f*Y#a zF5`Jh^47pzs43mOvhq7wZb`~e94+o<9zHozL{hg0kL6sHdUM_`R9wstu0om7kx~S% zep++U)KLR{r2NUWGz_`6GdceNB%cyKo9;{gPbi$OB}Y6u-z9zAQJmskly}!*&&PG} z$O))`y(}ULNMQ=G&DJVK|u2Q>oFXa3d2~_rt=!! zLS`k9Q=Dfl9wGjtyjupQ>huniv*5%2*^DNMF;e|jG^MhMzxlu4lM8-?+unQXNPZ;KXN!#vgIM7d8_pV;XCqZ z(%Qx1ZobJ%FCmnuRi=QRsqQdUb!kcu4o4~%^?JTVR<`Hv#cUw^x@3=}@KN@eJp)7B z;Hfi|0IhA@>#qKNmqBJkN0A0OWDJ?=k~=e`_Y^a{TXFA(t#WIGdkjtef=FQ3(-?L~zaADI& zTS)k0{6eZ&F2;5e97{5?moe!*LXhP5r;qMY07%pSbps9AJ;%2J znYD6PB11actzUGtgasc@P!-V5%BCaNnE!eM#kf}ACIG2!Vht%+N>D0Szg7dvdE$uS zwn!RNr863V%02q+Mg(xd9YleIFCRnh0qlfO(kHyUCZvMQRmLoVgE&R9qFR!ec zDQ@--8&E$|!4Jn@X?NUf-v*iSctmVilPC&zXBAc|yi8w?dxRIIO)4F3BmJB`cmQII zK-0s@DywJ|_;f#nA;{TdMxi$8o=kW7v*Vb_h)5q1{~j#pl>OA%iHJunbgb+tX1Dv8 z6ix!FBf8WT4AsV~qI&^;q?ys)kTDPKWee`p)=c@?NjjB6Cqc7I@JLTcOj?v2eXmiJ z`Hf5tc&Tvnmk=io%NjMFMD~AFgSR4m2})MiRxLFHjX6v0QLyyE1OX#)yt#Uh~pAW-`t)fPJejFm8_{7xt+ zoSGE_yg~`Sd%2JVuw%@AYEjYcurY>_|AKC&ik@x_*Xb+g!L`?92f@*_cn3TVZ@`;O zmlA>sn$i@_hUNeP;?A-s3sx1)O%oLl)Uz6-vIioa1xLaPpu1v0Fe+}Y?n>z#PL8S< z^5P9EQc!xY(Mnt1=Y$IWa5+4i4@tB}A=c84GSh+Pa-_$YC7eb#mG=En2)g13{#n#WlWo8)M)|($eTTIPp7$m!4l%2fvSP<;@ zTYFC{V?1PjNLqV2(9!HK;h*wx@_tjX6{n!-`j6>j_WL(utuYcIcf6Lc0n)QI)c71p z9r*jKoT0(n@d1rxN+Hh-be5@dJ*h7xFLwFgWKZb>nktUqhiHq!^k|@5!r`;7aV?FF z*U4}Dg~Ui>f+P>>5#aZs@!M|PaJapZaBJEAhH||&>8W5$sjw5iT^AcQ&-*6x$R@a{ z)Cz%m!+`rxy}CTJ^q3&pX9B$#M@5neYWFu}N=iSo8;Abh5#*^)X}BQ(0Q5KLl_(d% zJq4?-1UD4kiXbqUhp*}cayEyfs)=VA61Y!wH!q zC;u`Oo*~2M9V>-iYRlvbU@{g2(|!6q_F)^Bt8>FNbd$K1;=mFW?pk>oX=jD>Ci*PY zfP|9yEKESkC3e_%*or}QGR1UEFsDhvGX-n@k%8QgG|64W4^J5kQe{`dS{Oq1YAnkS z|4`^>Suc|fYGKTBipQ=sJ$z2#(?`H2(d9*LOUJ*)nbfTYsIyzzG>eA$4 z#qX%MFk~H-h|R1Yw!OL^|5N;!Foc_=ZkgF6gCg^T!}(^?ut)3Eh};;yA#e8t5c~uq z->&wQ7fz8p4&Dz9Kr4P@v+*ja379A37!{+7Nj$Z8(!519(Ze>`F}YB$K`*XP%vV)n z0mRe{poD%ICY2t$-jWhfL2iO$jQ#HZ2Z*E!YY}7_nZ$0su9pv>vR=BlCQ2-N%djXM zZ9RmX{fGj1dZBvzJ-kR9v0^uA@Y@O?5kQ8FTNFq%FKxANMG@a(1DK|lue%@WI^-;} z4L^324-g?7%R4A9U_YmdU`w+UdE!D+O{DuCcfP#>CQ7p>`v#nqN4m;}V!EJ}j^c3` zNe{P{jsU1CbMTN7fg9&&WAsE16whf6Bb`8)m7H$qISz_v0>v zjle0&cCz9`HQ-jc91Fl4C+(Nk=Kjh4(T{O&Z%CREQNM`JX((nMmN~Gh?cqrC<`koc z>GXynd$<^0mE@hFXC}lLO^wj8WYnK9`^Aw!YF1|i4T!`lv#9O*ig)(p z4k)A&NXo=l8J(-+`$eeszLRUpmJ`U2+m{zSHCw({ix> zBg21zg0sCaU@HQV)ph7QWI{IZ2S8_CLnX>k48Z&Y6jtS7NEnfH?}d6p9il8{NO8la@(;*B@zhvo91X>YsJoQIQVIRo=?v;yCz1I{gv_G; zLvBS4-3c^=45shEvb5)ij5n-7Mcw3GAP?%up7X`#CifeS`iPe#pBhb#(uU;XmyIl1@j$V zM!r!^P1Qz1;1^8%8fsPy0pf2McSd~?sFn_4Yx8G{q%(4bqe)6EC!B$BX~nLg&ILsZDZUc+_+h(; zip1A2=F&4=EJ_-}FsCP@xi?5o=6k>fP;INPzq_ixq`F@+x+Y6o0KXw(EU&} zw01KL)pH$ubO;+Vb6@#8TM)IvlIILhM(`<~zIU_5b?l&NDVbw2zm7gC5hQ~=3;u$h z^l_f6cG++$vth`mE`S<-`yp?%zT&H05?uIO#?FSKB;G`h0v%?H115i+H`_&+Lm>M6 zY`&i7A*k9?ROaZ$V&4o*=M;v&asTm`70+c`5zRa|$OqEz%? z$z41QmgN1I=5@pWggwZx|H35m+7ZH(Oom4@D1?W#SG`HepWo%lGbkkB{g=H!Hzg@Usm!yEnAO674R_7--_`&j@Im)rJU%^s!!bV7#ki`d6yj1 zO>qmq5~)4jsv60=jmr60n&-Pv?d-A`LcdVd+CTxe7UUAWk#y8`{>zBlVvmLrK60Md zFAa-SK;i@Xm#qreDXg|I6a^bKBu^qu`!EgZM&f*u#AEuWaC13{s)M<_HEjel*OBcz zKzrM1eTgGRW-~C*MoTh~F=q5F780f&eU<{%8bS_9#q{1Te3=a!!Kesq&T?8^(n*4F)(F03k;}@iS{hO2RZo>u7?pe90AHfrS&qdb0MP9D<}z0ytWWgVfOC^OuyDC z4cIcW`M8}4yaMBaoM4iPi!IdrAzUSs1omcmG5Ctm(5f#5_{6o-{+MckZ%v#xv{L2` z_?KHn9eXE^s}4kD7P<}!$wFbm1+rh7-6YEs zJ2U#A3+Cf^_s?Cukx1B$A3}8_d|1RWgRgqT;CJc=sevyp$b!^^gr?nx2w&d2=xc7T zXaB8Xabb?&q6(kg`1pTl9_K;9PLsat>($kEUczeCo<>;gW96CBkMMo-W00tY(0vw9Py~I z!t$;LD_1es-PmETcG;vaP>KPUY?CD>!eXDii?)MM>>nVG1>uH9`VO$0*569OUpzS; zHnf!NMPWvG7QoJR0c0vT9}MkcDp6j;Ftp{VBT_6QW6-oJhi3V)wGeQ znDH9EFj6mb0?Gt%aPeD}v@k6pX~a7=Nsr_X8vQkUDQuLInE4R3^_Nj{j@F!O_LYpd zC;JGW{EMQD_kw%E_uoT|bm5is8EX#4C|@SMusKp^eF{9v@ zN!n@!=C_!A1SAK)6^hYqsM3apfAL9i+#;0Bj5wpH>@~0qxPREEyAhVl+~ZWcCu;^? zXh}C0yZj{+#jVJT{iVs>I$H>Modp3)PCIX-Z*G{%-s}4`&Xdiw6p4gxYWR;BNKWe^ zmc6RmYwW$@3YG=$<5~D49NJkhcV1I&(>$94TKQ;CA&q)#X>DHnnO#Si8pl*?tCa!oN3oI$BO{ojy?tF+0tUVqx=#G%Rf*yqZ+y6y*=gAC$a*yW z5N}u@-;5p~MDTW34uY^uzpw6>0}tB{r`hJV*qE;p;7MQOVs;f$f532@++4UZkdh5b z?~9_mC(_;vOnvSQdG>%reFNUVadTi@viYD`d|~zHb%@~4n(3e4*%*i4zMPGCXc0Jm zMl0Yv-A(wekuJ`s&!AjY)Ayd``sdCU@D)-+92iZ4hfnp-9C?~l9Cr`2Wr+Cwv5Mv| zZr(-Xp9j!wq&K^=HdT&pHiA8R2YvvlPYl?z!Q^fE0juZrVk}QIY`z_4EIDqicN|li1m=yn!Gu43>$CTD=@ngg!;2>C5MoEk4 zhutN>9Y2P-xrtW}f_S;X3VoJ)dR)JK!$l zkM`7!uN-=F)ILHm%-_@2kr+#FTn=GS*>RA^$)D{KIxz4Q$;sBJ-z;EhMwo9pIT|Nk$>$7ZpqAP{0B&J4CYUZBmen> zFBoC~mBIl)-bk<>BUk#|0HdrGTMDKn7w2EAv6a6t&=w^lx;#fkZp5HFmjge*gL!=$ zFIw+I8uLjKRSo79Q+m(Q%yI4{$$mr?n)+UjtL z0FAe(db2cQ?{D1=`H}?Y{CzzfpoDU#r~T@yMDFB12HAc5y+Xqb*BDOcu|=4zb$B2T zeuLWO{CDU1FQkB0(JjQM__N8xySxAKMlH^Ck3NaVhjrR=8*6uo5_Q1`xSx6<=~UH$ zPXzmtt51*Ap;mrnfraM72x6|%g%&U%x-8Hwb6c>^qA_@Z3C+yFzUY`=i0P+gIY!Ek zd~5M4W3BB-*clN;pIO-OljW@3*VUibDwfLT7ELYRo2BD9 z7~qcZ`YvADMk!g9%DD$_(Ojv5H2Y8Xxu|SAE8cS!9yLn#lHBhe=-s)c!T0~Lxgzd} zjLf}LXQBBW$uynQ`W~<5-DY5f(5E`M7x#GJ&fdMU$$z-f2;BW=Np~!mzH$a?&q`fO zSKA5trdP7Gu_hi$>o8~_Co>h^p#(r;+sQ`eWQF?6Pwor=V`DI@AjGYLB~xQWnP5U- zv-*x~zPR*UEP^KRNV2nH*im8`qM&y+* z_^=rc?*QxpD5fR=<2((0G`N-l#q5JBSu%n7+Di-G6`oVc7pTT%$bx;sQ0ft3UtmG@Z(XX9A;PkBgReCZRsR zOa)n~tgjkhM{!2ze2h9dm_|yn7bFlmhVZO$UAm7t<4Sind5(6UlE{Y@FWyd`x1@I3 z4~52^syC;FbAlgKR7+`5*r=tKW5;0%7BPo{<>&OqQ)^4G0= zxsu4xujAia9ca?0ZJJ^wF>lyUuzlJ|W7yD6NEh#^G))I~=|RLpXL3!*8D2KSEvBfi zusbHHE__-cc#<_Zp@P%;HuHrN4-YIM3DYx(74e&r(UH@QcfAlPf?ai%6-%X`ZTWhn zn#d1-x}V&M6{4}jQ^&3jOx{_6E-dq{Nj;%Y0@KRm4Gt(N zW_-WwW1zzbI}Zu@YXU%`d4GPy6y9GoFxxK34y+13Co_LgH2*Tg#CF_Hd(vo-9sOD1v(&LX1v?P#gAM!M1MpCV0xI zy}AXx`Ou%_E8k#xZu#Q&$=rV&Ymq41$#qf^>w(=rK;LHJhM;Aq=#5k^ony{64eFEs zv+adm%%&9HVnc=FP5Ps7(hHx6Wfp@TlYOt8xHz{l0Bt_y#gFM)ZC5 z=Ud&?lc)oh)qFUM;;lkgnJDAs&sz%%jlarPwGK(_an_)bHV>kW;>Rw8A!;0&TiFZu zMRfd|o38^$BK30>)ENtoH8L^#yv3RkNb@67*mfEH@#xc<_0*)A@MZF!kH*Zx!1!CK4 zS->bx?Bee^EngLPQmi#iK>yciq0N!^J>DR1JUsg;^n(}_?f>CCHFmWU#SG4KT%XgL zYEkDFBES}pVqI0rb3lwdUInwyY{{0ydDY3}1K|*cb}a&1z(-3*&Q>wt#2KDTg4~`i z!ASNZfD}DLD9bs_Jj?g3b=`3>H+J=`*a**LlnxFRnEtC}{ig_N{c%!0lA2Y}$5s&c zFr>qPFPS*Aq1~MKt$=UlJhH~~ z6HZ|^f%6-g@X4F4-_1;jWv&}5XAQ$xM1_SgqXqltwPAw-AjQwt=Sx?|6JS6Liz|j% z1QA7v)O+vhm@N{;?k}{`i$|CM1p2YY!Lj$(q%l-&UQ1kIu--(5GI?L5eM?O4{JC-G zaU22IYdJ4JFLVcSfRGuKa|Pctk?gpsaxptt_{IX$vcIM}kfi~GYPV3(XXP#<0!fvB zPC3-O0yGT0mKlSqLXA2M%cU($WErTkRO&wbCMp;{}MzF^nJ74fT4_ z*V-(bV%yTl8Mnz%5_iceJ1Y+W)-aN>4|RATU)Oe835D_kFFhqTN>3+yG25-(DSW>+F$oaOuCD)ml zskUd^gi6NDw5?I-7y9o_fDB^!;uI1Hf$bYKfmYL&7`|0R7^Lgs>lruB7Q)pXrsWj- zc8nWcnezwDplm9_Ls3(LF?Ff@UO&+m;oOJtl_roE5ns=r+7txpWC_fm=Vuzz$oE1Q znvJJ`i?w?lRYuU_<{u#7cYpbBKu9BSvtJ~OpGT7%Idj%W`QUK^i~8!ohEn`7lme@c3WwjL#&g8E z=kSbs9>X;};2Gi|k`BFWTncAP=;}yYDhG-(SDe1x+Tq0#(%IUp+e5)3AudPCCOMj< z*eYy8tjddRfe%62MPdQK`UZP3OHGNd^ z5JJQ-FY_uE%>Rq6g~H=ho1{cW_4Gm}!i&&WG2^Khhe3Sj7~p86lsP|@pV>skP}*hW zAx+a{#;P*pAjHI4Bmi5El&fJ6SC}-AMzS;|YUAuc)^$O3nYRSsRFP;bGvTRwOwsy~ zt*Nai|F^6?%BRk?v|Bfh#Gjn?v+rGl;DNoso|XAoED`N{iHBCn_z>~hddjFCmxYV6 z-LKLG#(Lc|=-4H(t4z*Zd_$)QQwCy)u#yz*n0vP#ENi+2$6~+Ti9f}hsd&nTnN;GX z48AfL`JdT!s)kk$gYRt~QWY)dc1{smV%eZ36m#4Q2Dvkb>N!S=N+@%Il@PB|09qfQ z%+GM2fQ!#oK1_q0=`_J-URq-HS9&zG3lZ1 z+CYoxKVronZ*9}jyDjUoEQGLuTj9z(NU>~`uVK=+*ZL*wAAh#hb7Kz+U+=AIt^o4R zBu%<&HHu|i>%e^@#Q{!Cef3@lstdV75aLaO!Rhf$MK!4SBbI2;St}1+)opLwqe`Nw#4+xtJ*y?t#8}X1P)Hk~X;~_; zIASS0S}e^}f@i5tn-Rfzy)lhiJ+4^_Lr-(HXI(&5l~78$5Vth?zV((xhTT10p%rU7 zHxpusjJVfF>T-i80H83A$3_;1vBpI9oBGmHM9T4Fyj!d$84!Y8Ta?g*fYiP{!e#jr zgDtY3qZz}hi&vutPsu;bNiK*&=Fvk{0RpxAfJf{q>Qs!dqpl9nibDdrecJwsvBZ`f zlEcL;wMW~zM!dOB@P#r4nF&(awOXx4(n)HZLxsbE40>_G9Q z=TZHfF*~6oqd^tu-^@@CP5zFwK5y1fB=K6nPWQTBJyK2wMfSp3x}!0qH*D^GRo$z; z+x$lHgH_naZ0_>E|NZtwL|r#7Xtlg za&&F*SQ7L8RqNDMx0SRBf_{+B4l9&DSTZOQ3u;P1uM8!D>auN)wy)05r^~6+a1_xK zRiu2LJIhDhXsgaDsu5ekY+YL7nv8JP8f+rY2igsvcYG(}vcOc9T`x8Gw$l5zS<=3y zs^6b&@H(oJLw^za143bg=Rbh+{-{mz=Vug$t7$2o=glhX zm8gXCPCEY@s%}udTisBqGTpH2@QYfN*Uy>9#=mUNNtrBNN4U{R!+GUd-ZiV)4j!js*bmHA?!d(d-XVxoHrmYz z?4+KK73;m`^0tYh`ivWP;{0ch224_Lgjmgl?#`?ZBV=7!T(@iq?r$v62)wnIHK(4p zCY)=w;})kBdSTkWt()BO4$^C>j?Jxiuxq2+Q4>JuJk^n)QSu*xs)la&RWg)OB0nz+ zLAvN6_e=%n#_s^U?>@v=c;nOL%t=LY=icn{5yUmDaf$%|a)W0P(8C*_>k~**6+x}q zIcVCa_NF11G|%t173WjZj8^9;AvN|+1#>(E(OQajomSkR{CcNDHlGIO#jc| zU&;L%pMQ=6TNe=qR6wF_>F>fmB>w^!t~8`+w0JUOtSVU(|9_PIRaBeb_r(h*!QI_L za4inSn&9qE@s{FN+#1~7-Cc^i1TQTVE$$R66!${=^8NkKc*i)G=O!a#jprg4JA3bE ztvNq4)+Pl>*2p_D;PI)yX!pN~R}#~U+H0BwpgT>jZwd_5Sh>g9QQ?UWK*uUr(UkCL z-rD~gsY7RVt$Pf|mIyT`x5JbY9y{66_k7(HQ2cz}W<1@C!+m={`6AOvK8YAOfV>SN z2G#cfK97p>cdQ3}(s_32ZXuA7|EXRKXT!ysc&0z=3z&S?$$KjUlKx3_7K76Z<)xci znAxa|&wMB_ZPp@PVfFX48XpMSQyN;Su8FSmeCB#fh?1QDmFfQD7yhPWL21#Wq*KvH z;FM4m;6WdR{^OPT$9BUPCG|hRi$L-J|C!mv6)*f!!W|$)vM+(1G0TLJE&*PGf9zaX z$<%*GsCtulKrwF~*=pH=m3<>brcJ#R4r6xEu5?s;%6AyiPd^)D*+?W=0|V2Nj}H;n z6#|yL#U=Cyii44vI6P1 z2u|5K+85E?yT8b+35|bIKngBB18M;#cPIqJYRm*0k+nHR4tYG>!A7m#J z%QCSbQKnzWSi;YE|5=+OeMr#xs>SpovAhKtDh8`>&<_)&UC>X7r$6)1jS}VRM0t`q ztv_{cUpYb$N;to6El)45H~oOk&=K`aG~sNqvmt<0Ju!-AcX{BB#IHCU_tqh~(0nxj zu@}w%kU4%^9XsU>yWK&#bf>ld{v?~=@A zu<)S%77#uK1`ZZ?M&Z~!d0m2Ty%%JT{K$f4+nnvg@T*BVtOk~p-fa#2Dp~JtCM-GO z2|Y>7;km(8|4fKLmw*rIO%aYWP(K6UG=`}GL15LbMTK^Y(P{@=SF*xp@;dYf_8q!mR+JNmwMA+0@b{ceHxOroq=p^&t%W41eCYz5e2KmYdo~=B)rGZh2 zDDv6LNoV|_Y%+UVF_aiPWsWnVl`>plb9xO7TU%m+Q`AS`SzTqNGn3Ewf>_bFYnEz zKS?PR4}`+gbODajQkLpJ_V&Ues~WBA(VlFt35fFt!`}-NZ0Q9%=m6ek!Ajq1mwcWc z#s}i5+LeK{&J-uE`Wm$U9 z&e!%pdB-xF$oQW+(2{Jf`%)-14P77UYKgr~HL(JE*Z9|pWQZ7&X^!Z(vgSQUZJ8N! z12ViHtlSNy8+TqI6IHgA8ZaGn?$!);W#Vi~WCD$i_UM5vP<6vhyW}2;%iLUvPkAgG z-*QnE%c~yj0=2}jALb2UJ@SW;MiwSP({TNxSvEe6mbz@GFp9WM?6$52gpOw1ASD}> zfW+)V&DzWy=>iprXNhD`yDi!~f+cKl=A`>iyg>&p}akbEH1gwU0-elav2^-3*yxzMcP^~3S z`!nNw#QEed!(J(iirg)n%XplcDo!$jRH9r+=Ms=E?_+~3LsFI>VOM5RlpMrz(!<#= zCEyoTHs1$-;{V>_2AZPcEywboN5*#-s_^LHMdbtlUOM^!adIZoGqCbSEnvTZei}Et zfTfl|?pp+EpXvwvL-}M$Rcp{J1q)WIq~ev^ogs(t(1&Y2mD5oU7jTU3`I9*s!7}Ac zS6hmC3emWeqIr$3u5Q3q7-#gTnyw`Ig1AAt7>XTD&m$ysx)LI?|FYJYi4HuGIU%1^ zhGifSFJPE@aNkG3Gys281YH5k@R{|$O)~2~2Z~gvcA%DL>43i5CvPno#C3QWhCdZ6 z1SVz|m`+Z5BZ6FEP8=j}l09@MlW(TpzCnO7OUy{J$$W{3%mDP86Ya7F2M5DiL1rIv z4H~){5`T6#Sz2oaqgRSs6uat#?YCcRz_v~gWurfPBWDGP1_H7f`nJG|?Zgf!{pILL z$Vrcv=B8#c!_I2$7ddlz$oUD(6cNSxmU9xG0RaE#@jr0&6SMIQy1Agh@g0 z=WPvq2bsyh3h)_9du;SRUP=mkZGGky0oAnaee;i|EgFy!l9>%w=q}WeHYhcYx%_wS zZ}rg^PAJQIhysz`WVh~+n*eSW+80uC3Kh~-4g;(oyu9w6wXa(Ue)1`+b|wk1N<+K9 z4Oe!;h)eL|cRGF<5EscMnh2pFxbQ2HW>DxFQ;zj3@%CO0t|`U{0KfvuNoUQhNq6j!Galw%+@)fF#O{%<4fhC zX6K09IDQ*3KD~uJhwFq7G8G9-Y1h>w#A2mSUpNg1WTSdw-6E35GzWkx@)<9l<(TV; z$|1}(SzJrrqRC~yC}xI+3cJ?BW;Z}OowG3ZlH0+oan*egFhO;v2PYJ@!@|Z6lOV+C<<*F?k4}CR7EG9M zj$Omf!@{a)0Rr-LZaIy*=k$u=)^XPI@95Iyjzu( zq5{}miWBjg`8<(YRgk*S(VB?c5YP@Fg{*Cv_)?<}`hMfM4vJaF&S$r)D++a1;~GVa z6$OZ8%77KnHKvbA`C{ZQ|Lej->pKf$C_lp{MF<*R^fuHSE8EOC zDxSZK(l+pmN64Wnz?C%u6HMEW-&<7oKi{T(mhh<9MgKk~kaXZDZ6KQ^;krgFm#t>b zY055zP8jilm$i0N%7s<4=wk*Qoe1{>|Fc>-Rhr(?UZ*PA_NMEf1HK|et z=5M_AIypCDh2i;9eFU#6e@W5>LXlP+)myiuLO*NrN|j46efgcYuTx2TPiAJ=WIgXSZ zJ3izl`Gnuz9;!Wais7O`*U`gwYe5*HXy-(7TNH(LTgYr>*lbloL2}Ze`i_qP>~TVQ zCpM}Bm0nO!6qliQWX^)P6|PWxAvqSSImk_+q0t6+#c%?80gAAV5ir=mG|x7)4=b&8 z*Ff_|eJgS%ASyu_39@vV-WMck^G_eKxP`}|ae;2GQfob3}sKfG=9D?3P7D613 zBk4`pIuF(-u;6ACp~<0+Ukr`KWRJ&*8x0H^{Ll;2#!%b-If`NnzqX^+vh@1ljuUhx zPq@D~{7!uEuOasLm-ENrFLmJspR8e8r4srX7K=Ccp?D%2mEj(y(6nIkQR7sZf1-K; zIwrQXf%o&WB>@1V!TO1{fxPaf0M`!dTEkptBT{WA=wZ}(o`^MllV-9{0kn!=r^7V- zuB2v{dzX`Hj=>s%T+BdD3}cHoCCrj}Wu!~xB4d;WuFPZ8o_G%~QB*e+Mhk#)qUNV@ zX^f9PAyy`fqV&z=H_Z;QHi#zAFbPVQg}BpJRXGuaR9S-KfEALD4!6ze1oY?r*^l6T zIJZ9Pj$G7{O|?*7MJQ26!>m;~Zl{^}S7IUnVjfUfLJ>LikwRBU+x+JUaRAnNrO+d1 z9)cR&KW^fcrlDz7vT-faE@jDG6>2Z(*i)BO+q`48~I{`?1c z`tau;;C|}vAK;?kWk1~g|NfkR69ko7@VcoIm@g!= zeHdzhf2_g!^V6>okdt9p%}v=gh0DPvj8+o!*=I}_=)rLD$${gp3^ZDR|Kf-KzFzU| zQ@w=Tps@4qcj{IFT93tA7-e{n?i0sz`$W8)i+F_E4$?!Lc-L>z) zgFXz;4e`H=sUB>3*_SMYZ2a>Zi66t!i_Qq_aEN|!Rq$oiSk0XNUH&Gh>EeGFY|bGC z@DC9$kOOqlHM^W}H1}y!N&$`yrvHd^wS>P7e5+YQ8}!3OrL!Yz5qO{dg%2LblIjw$ zorb;j?jsByynLy??l)C5AJ} zO&sN&dO@K~pmmV_-R4o4T2}#D%me{HG5=oK0Z-p?WXRn1RaEp3)*PQGC8cTcs7Re@ zl=+Cf0PbNIyVB326CzE^g3bCH>hi)lWj}c=HF%^yEBByoS%;E+sEKBq0R%TpznjVq zA9#04XoI-D(get?+Uy}D8LNd4fI{kcUjjSAzYr9j75HlwSzLzp{~v5)s)vkoN0OTV z4PXW$_|Q4Jf*Le9m6IO2%y2=C$$H%})ff3k?L94HRDbh#lXk9(qkJApJ@E9J{~8aF zqwwK7ICW{5%ec7oIm6q5Fv+ZOXN%r~%}|1j<+H5*?$Jf^XIzaqg4b~32yziiUI+ao zhTuTgR{5`cpZQ0AB1!VB%E&REdk2=A2d4uWzfyQ77MkT-#Oi!jVa|N-qMdjy1hAtmQzDG^zc=WG&Gqa;i&k$|#GH!JW&+lf9qiTR6%KFtrHOe(QQNpe% zXflzIgZ2<)yo!WT=?BSuCS5y7q-Z74egnss!@>R%R=#1=K~EBY`=P&rVRS4J#4;N# zk|~)%?1NziRr{QANvc%|AE`i*DWehtU2;#j2_>bf)kh@a&rP&~qAR5-K=*BxC(-wU zbvS`?{SHQ4?9;s+oZ`EM%Y78WSaetc&PTiZfTfeaQ?)ceZ3bt4-Gp~l!)ou9Yp6|s z40bkkNeVw-rbGrK-TQs3;AGgjf14gZ!pEYr!E4EO$Ab=NS2$Xr{fdJYauz!S(OrJ- zFGu=cSBS4Vi4EU|=M_i1;xOnhn*I1YAf zYpc??S*B1}2Zw%-&^Y?;bz%;fmuk>YC~JtCrYQZ<486lQ%MPkm?ONJ+yMyY|@ICG~ z##%yyPJ{uWGTwoSL-e(LXiA5cXH_dePhRinCY%ri4kV7ce9fAuXqJj}xnIT$JO8a0 zwaw$&YAZxs`;KhX9<~L=6lU_x%^=B+p$baeufK^KJk-I0GVddwPQ2nQR3&H4)lQnQaG@Nr9G0f!JMt&6qWMr`5_u*< zKLiuDDz8oje=G?#eDiwF1YfNr(KnWra~J$~c^)SiLslMsb?6%=V>*E7$AA*fdnn!e zpMokTh?%b3D{{R|6`W%IF{_UQc>*!<6iF%yum!tgtZTqJ6!=vA#VgrSVV)qYT8A6Q zB;6OsYvQR%#y)Hgb=bn0XJA)}olsIYXm6M&cb&ZCgOSOOkPwTHXZP;dg2=run~bG5 z@+oquBEXR1* zQ{Rwq|6UDixR}rZ+6;&I_K-8bPn=_~(V{gzK+g=)wF)iT8>2Kk8J5lYs_k!CI*?-9 zVW-oKG_3YmUhPYw#O>C4MAC;Lv_-p|!ZN;ds zOn+q9i!^oI^analtjhv24P>cY(%c>KzN_#!9@x;cRcU%zO(MC5G@Wt;iD8q7|&8ct(`dHH$i&gZn$>)x>L1 z?KO@s&wOw)jIQ~a{l8W~HOQ(4^Y|oyP#7N_woIdH91>_=g;ItoMD5ITK?OuZ5o;XD zd7GQq-6U}^O*!p|Y;)nG}~qgeWLO z6NF1qt8L#CwjlxJmJ-(<=-bp{X(#;Ut7-sW^<`}luqVLDe=&YedrF_6F|vP;*hAHpUSNM zI~>y9dGjM|k+aL;95VG;vcJ-=y_Eg?O&L|P-c(XLM7?6Sj~&%Y5+;4xt)4(5-|yJnB>nw7>AnJ57IoUaI|j`Pp9d``Dlc$*?bYG za9pgq7>vaY&lk)XcvymW0nyGqIxQuIqK;j3`B~Py(2&&zzK*xG0x?HxZ=RG#-4OWWXIB(V|Rgn9t(>SPP?`h@3B(gP(MrckE`L4x8cM_(% zU*(2Q9$8Ob@->K+L0YC!iM&l-TvS_6v%Hzo@zJ}C0JO^dQJ7R)Nht`lSlfOms6>*< zReTdM$!SRFJ1NKy87hek4v)M6Lch{rMpfXdf7)4l$>HJAYkn(3M15y9sK0NPxF=Ea zsCmKi`+q`;|0%t`sv18Mg9TKPuE${SHJ9{_<~?}LRLa01#P}vT8qU@Vi8CnSDEzWMY3O)+Yv>Fak$= zWv5$VxPkT;@h7c6BZq2WD=uH8i{Lnc9WC63AWuO&PTOp|_+fUBSF@@?RTyRbU$O;1 z7pl8a6Z(pc@Eqd)9M}&J^?uLs#}S8f5S-(YB%^7WPEJaa7S3c!)P$Y%YpS@-U5c6i zz{YCjR^gca7lTOzQq3O-=*CGiH9+bF!Z7id1C=qm^uzjC}55nN&di@ z4w&c8lgp?!IRZznShK(&;M*I;?g?!R3Oqs(dcFl z9f$}q$ovJlWu4wNNN;+hAdg{Uj`9+fnpcC!Dhmk@n^6#xDjO$MmjzM@D0QE2gnlhX zlZv!8>H0CkP;2RcFsQl$B7RVCVOtM=$-RK1gI}E`6rsamW+<+QzfWsSn2;=OcJxXM zd1Zgho@JG{AXody!0-~SydAl|v@leZ7p@Dl|0Sd;Y-PiUBP^|Q6RI zvZg?^jykfnF3jIDvwlsva60oM9WHhUW2`*hSBpAdE|% z>L+vB)8G1~oF-%z=_}|p+E$Q{Mw_dEFmmPWK*^BV<-r6WkT1E>l4j-!YK)~!xq4__ zTeJr1w^r9TakIvXNTM=0E^fN)`flepfA;q*G#xk;2yl< z8mok~(jOUmywq>VHZsxDb6-nvEX}8XN1zS93@GJmY%*lj@~()gB^q0?&ap~>sjXJkGjtL~-T~5qW}9IZP@0i(FiHR&RHxkeB$|+6tX65(F4V;-RrNw`OPY{5 zR8hb*?=5OMH&kf{=GA9?!RE3Z1{x+oS%`6A#x2U6BsXDT>oE}|;(#9$_^XFJO8)oH zPzR;~Dg#3Ld%hr{w1RXmkMU0dRBSENVfTa7O(;l?h!mfiBc zT6twDgWcVxih>_1=s|gr44p3G$ovYTA#mBnnSe2OF)B#%$+oP3mIUfKLEcq-q0e|2 zlTNJYzL`4BxKU|#4WxV2#&&j)CckYcd${ueh}v4!>W=S>)I{b-o7C^a*Q}S`@fn#D zyPv$ilcsc~r*F;SmnVBdFjbS}SZ4AU;=w_u5=P@yOF$4h zn~fb|Q8E$9-)cv5NO>x}OC(}R68UW@53U$4hs0C}v(?sa z*=+_=zJq&QFhMv*vDn9FuZly6KzOml32^^hx|u*`vOM(FC=qWFDF}U8mdu;uP|%#- z9L#ZYM!dX{CQBeF+}pJ;j$P_79UVd%Cw<165*JQC?e@2+m|?tqx7wHhDjHzH@;1by>|KukMqb&0DB5~>s8@fmw*RmY5Toiii1LG38Ag=_?#!`G~ zGjvgeYpEZx27_V-o~N--eqgTcRA4@G7jgMM-Jlz~Njba^*BNiT^6gmt*Z~lvi0;>t zRqrZ6*=^|XP4wL6-Q|ijryg0eNsr<#K$PGSpnOanZHf#*WSQw5V+7ZEz{ar+E&7KUm#um@a_|Gv0$@N&q(YxD)4i|>It=v{Ao z5rXRD8%!?6!l#&N_o7eaKcB*tzZ^~e7`$gK!Y3&yQAJhkbo}^VjNR7cQ!!1kgZy59 ziFh!)Pe;&g?<*~gxbW%&@AkAZjxC?@-2fy)RVt0IIfAz&l3x+3W!UpcNRgpFnby=Q zrmK(-CzJS+2LV!~1G(OghPHwXhTeJfc$e!h1>fI}qsw)KDp%O#kNwws{SJmI#Qy`l zd5s-zdvFTk0Rw^3Lpa|q&I zzlvqD8Ruj3YRcl_MM)~<&iZ^FQIeaIbqq2m#zDf0b#zp@!2?VQ<5g4@jWxp(K9R?o zEIq6cf*HJXo~pUnF3+wCemy?}_)PU+`S1UJr}0%ldyNNP^a_DQdb&uYTTC1tZR&*F zpNd;?aTxTGuSsAal3LWk&V9U?mD=+qB`AjU#6SJ!9;oR6Do;c0+yw?Jl`$=q$#=$+ zix9Q39$A}EA*&Iv^!j8TCo3JMSCiJ3jHxA5V1`XZH7fdutTdhV^sH+H88fF*aP1!; z;3|@t7o3NfEq!08*)KZ6(&><%2mPFZ%qtYSz#X=TH1XN|S{wO?r$hiU-ljV$VTHNY zorvfwXpKRQUF`9tBGLJYKJNPJ1>ZP#w+M&`%cb(RSy{Ee=`T2j`>^ZEm=R{Qwl<}aSL{%@swc*yRK z3AO(K4P(#YZ%%ms0W1>!V1HV&`a6U}$;qLwMSBr!7(waX`48Zg@Tcd~^6uX=x;yWG zfbOy9jW;J3|4(`S|5ZNyf6A}ihAw;>M&N^yQNv$HSVLgLKI|EKJRUU!Y{joAbkMzC% zox55kWLtlzT({X>J&w1q#WY9}&rg}bECLbhV>>3`&vc`#x6Y2JJ|Y3dq%u8s7uTMC zB=LfO_Ojj&*sTdh1s?SJQ>?wTJ^H9si!qA~S(=6TUKM=Y`G~S_knGEoksL~)w?UqP)s|CwS=yk+?Py^7E6+*wf0 zv`qrRO>iYZb0(X*uRuD$G6%418k3gJC8I`r_At1Irg{H{oT(ThNsScOQn%_?I|I`~ z^>Sio*F__F)uS=l_ci6j#G;xe@`<+jV^TCw(v>`@&dcj`V9%h;XXKoW&TV&1sWLI= zd8(w#yLV&!o?pM1qjPk7=Ee(q?agws91u77&kLj(Rnm-(0@a+e>Zf1sFi(;YQ9->7 z39q)D|0mV|{9Mcx7T2^x7copGJCX6-$3(GY_x#B>LnxON3%@ceH4JcbVx)NV&sF^` z(B6?y^4u?(w^=DOUsP{wrCIYENeKBqeBs(iA<+EuFeV)ygx2%NA~!jWYW3jYyY@IC zI?-0js8Nv=g!+}xKY;(nad91G!&R`NtCJ{(af%i;N~Qa@L;q z!DLH!$(fGRqdcW9UJ8tak&kp0=5--&dx&6)4H?9GUckL+jS{w9K3iZD#g9^jd?Xl! z>GxKM?@5XzM^7{|>S7$^B5*tvJ`zkOH_U^nmn=FE%2)E@mZwPdsZN(R&lll0p>in( z(Xr*orr}RpD_Wt1`uGJilh>STw;#rg|D_k-8;CM;5>yBPR1c@kzK z9i<@b}i0z+5sW{4YC6{9t}8#}*j z1vxvt>C0Iy5c3|phKI{x=+32>_@=hx zXE}fs_p2B7yT*Du`t@gkj&#F53P5+ul7WEEAXN5MCrORqwW0?(7~RJrYTn0b*v{^3 zlYo_BJQ7AU7(gYoM#3dDXLuyZBSY-*!fZgfrjzz2s>5u-W)*FGpoS8n#h#+hE|npx zQ@Ow}{+HXragoExcu}1XAo*i{6tr%VIc&wlYhM~nQ$cvC9 zwGNKbS}TXFQ(~${v+ZR1MF1WhXeR&iig{-$iIT=^JStm;DY?ZC{Vt&d2yP*5;1j+l zgXRQ_30Uq=P@s#$ zzuizyAV}AkkJBu;%0rHt!e>rNC>v=iSE1AzQEV0Z!RGMfyu%-l{DyIPAJ4q|f=9T? zf~k1~djGa)D`((fxGE;-`nLX?{M=bhAkl}H3!h&AocHJ6FMs86g$>4~t<@tQQX6n*m!X^t65h>ok=3`uhk$oob z*dK~P6^Jv^^ZBAv)=h|~{A zqeU9fFmx&N<;Ab!z@z`}&OsuY#Ix=rY)~^GUVrdVfAmd92gy+!R&hqHqkg}V=Bu)D z>e>18gUsM(s7W4Kw=1#Pk1hk`SH7m1PkD(K$wzrzi;Hu^jCc}sn-pg#yly|jgL`1_ zd}3hw?;!!(J`{ctj$S5>g&wDGQPNxKkiiKAlVs$ww<14|UrpdrZf>w9i1lu=Rb3~Mu7CE~-y#X3y9X4EDKKr^Hs-dzB(kI}?WBz>VFC?Fn zoBdeGT>sGXsTz_>`wmCE;3fWfEh8st9qr;%vm^t%Lc%&-u3kyu^BOBl^DcS+ip<(M z=BpM&9qw4MKYQCBVmnTmKXqWsPIT}wA$K`9f+;tJVbt6ANrKp!`l0l-e_oi_LB^}AQ zaEX65D&sHpe^U=&mEPyAMB0CAlvkJ9qOYrayUog2OBA+<>-)vI&dZJ23Nojp5Dm{R zP}h7^$tFME5chy^FmCrC;jV$gavl5o2&m9AnmAN?RnZG%`RTHOMgXA6A<{*Hzd?qK zxrOYrnU5BNTey)bhE;0Z5v!y7R87ne3L=FozP=r+EM4RWl{UQoTvQ?#72~)OxQxW$ zg{xf9K0PputKJds)_oZKwVP!1H-bE4NP`2m^AYVzj^ILNP}hx7?!>)-d}b4*Y2y9o zz3pI^eB96bEc_)LRQe{(iZTSA+JSu6s{^`EWc0s2n-w3s*$Ah}=v#BwfY|9H&YT0i z!mscJ6yRe<8_rp@5IeA|oYV)Bpb?Jt)!bbOD~oD&M_7o*?RYbn`FlN>?m6fd)j@V8 zC!3UV@Swq2vOQ%N37XAitImJ;Rkod^&ny?f89D4PQc$U(96pObd{nMzLVmT2Y&_z1 znlLv9kVd{;!?v$~PIiF$GvIrN(pHI-eW>2~s%2Lb(nT8;8ifE$=p0l3z*KSNrtyF2 zSZCl#$`2HhGj#b3{pLxelwU&&RL(meL%?1Vg-%>|CA6NSng#67+M~1LzziS7wFRT4 z4wqKD^InMsWh5E^ zQMBAkRn&r{=1Afc6|s*lI^xq&1*{!(t^@~;fP6dYZdM{^1t5Y`h8)|CslH3T+*DER1eET{@JvQ5v)RLd(PV7CK)KvL0E_WAl79ev)I{WWx+r3ahw~df zL6B~MA5THElr$K#x}+rMYi29Lsh&u4AS4T8eEKElI0-%9Ny`^ndd+^i+SbX) zpesR1EWMl^Zv<+mkCz7O47>^q(mvisk+IYfwSxa$<@TnhGwUOMd*zq}t`DWE6&@!j zB}9hmCS7A?7(uiY$V^n0hD+h!#i;sU%iHSlsV#Eup5AC4^Cdvy{LkRhN*{6!-? zsSJ83;A}$M948Q7WRg`C%z^nywJ^~lDHj^Fyj@FNw*$a0TOwy~d&k6MJ6MA6plWW$ zYMsaoYWg!clfWkqA!;u7l39IIhm+6i3#P9I6Q{0x^GKqd*)19$v6zz6VtTM>AEBe$ zI0iNZ#7^-tBJleC#$LqOMG|81{bzKQeA0*J!8$7aYqz-4p0j{7gOE39OOs7#-U9d} zHJiDw(|YipfQnyt)6;d5@@*1QC-3$-rF^MAi2x99E+3U+WOp~O%*?k2X4&THbudv` z-)echMN@87AyW1mr`QXb%p(u-@9@2;UujFt842N`gzfmbCrHSlny@pE?6v%K0G^@|T7k4{B?|jfCfX*;cC*KaaM>^n zw~*i&pgZM*&j#~Eu(^3CuxPL<=&r~m^tQm}|JJ?&AQv{9Td_B(URd2g|L6UwEb$ER zr%WJqYs%oQ*446B3xkij*kM9Lw;}5JL?E%@ohA6+X*l5er(XZdYLY=hb)b^Ws%Lr3ke= zqh;-qnv9+sC3B?=^pqAir>>pE}8GhJu!bUg!Dqg#?eE;N{U;) zC8xk5?qUD|mCM$_j~(tWC@gwbg;k?_#@2)S*JEd_#^?@-wCGcXL9=s!97_42q+5|D z&MKCmyOHq)MdV=oy0bYDL$^Ws%w*Z(^eeYW)7>bc2gRO~%fOF5Oz1bfP`N|&EY^^u z=?}5&KBCv*yM%-{ISxL$avC%mvP*9$3Xf$Kej#%on^;!Utz@cVO&P3T`Y|r4&NW~X z&KR3f)tW)U4CQsRkv@z9iGoJF%M)ERRPIR1o*=VW_G{bXh1|FEK5G$lH9R%xGaph2 zJ*rhue=~m*IQE`|isN_|pMjlw|5eo@B;b@0mt$@mb8GL#}D`_#wO~NnvQ`JoKJnlr*&nD^jGPovNK*Iyhen$F^gcpUWyeU8K)lNibetX9(xh$<>#iCD2WWs zW3ksw!I!R%q+$nRUJ^c&xZ<5NN0d8fFvN*p`y$gZY~Zs56%RWweF|amlFf;tVy3D- z_UYTdmjh;_JXHxkga4Zc$3})sBst51#^2hrGmjxi`)KkTJ{QY{35jZmRF89zS75bB z#?rhCieyviV0%dY(^?OD+DtN5zMudE& zL;`Ap7OaDRh7l9KIFh+8+;H~|Ne>IfrFT0-%zhJAq4Y}l4G7!#V+b!DeSRbT+p&CY zfSB`gU`#wjseJLlT!n)8i>VBed@hwyyo^xPj<(k>6&lpdF41&G!kOg@(n`aCN1hZr z(3V6jCkwBM7SrZy8`yDe!_c%PbeWxp6U~R?2mLzJ=oFU~wj>->2uIPyzOrlOB*f$M z^0hc-hd*>pp4gaC@PmdWw&6=mW-87kSm}kWs@Ab4WI7?`3fj7Bi&TV`^SI1U$DNjT zu-NiR2!uIlD);6b?exIoFsN7newnR(09gygz$)3w>OmO+4GZ@0oQ>)c8dsvK=7{4` zI=Y7+#Ifydpu>lq%5e3KSAz-g@d1@!Ky{(z9txE~q{z`m&mJE;_6bE~7tI^lb@KF# zit30|wjQ-`bWI>7PH%IEN8$_m#FjQUZyX505^Tke+duz=JR3?@Sz=td28bgBY1%lP zj6OrES6(u4+T!T~ovDb-ZAxceS;Ul_HI~4j?VXN2Elc<$M?L7Vz$2w46q+kAS+*-w zm}!OJ29CsDmIuc0-YuHWoTQV+BN4Yuq+e^Jt`&=j>28VqpzX);#{-T6__<9#n zFFufszuMrd!Y}SNqQXP$vE_D7*_WV7z>*ixI5BbDY4N0S1J_UE!{jRp2gazMd0^ENG8#vs zSTgB914T7#xwy~iX%RN=uW+2{FH4Vd^3Wlx*#Zz2&ZMTx<_&V=ZNDZl%KE*>VT}dN za@L1Opvm3h{hyvO5pAv zj#?Ty_wlH$iwk6avG07u+kJ>!iyU9V&{_N52j4EyT$Zhmo7%00GMH&+?M}5buy> z1Ic;Pk~WWIb>J3)hA-G6TIx5ub!C5d5062opv_x9hFe5e<#HIv1x#~3 z`N5F{@k=a6qwoBliyELW3K#frfC0OTMQMp^cIRO_aZ}Dg85`7zsi5Bv{`Srk%XSyN zl-&DTZbSg9R*ps-*=c=JxUE?+6nmLlY((SCO$bhp({4eTF;$C<3nVX{XHbtY2o*a~ z0-qMKb>I?86ZIe2UhX&02Ezg(6UOtJ$Yyk(x#^|cE)@Eb8Lo1;-#B+TABWpd;Mn+= z#)+>nULEg&^sv!Zop@HyL)d;MbY<3`?GdmH^$CtF%U*)j6T&q*J>2EK*@>2Wqh44_ zPeeZzNS_qbj~rGrb@OE5=OIviTly|_GFWj?ee#>6#Tf_7EOdTOTesatS0W)_eO^!V zwC%Y;n?8^>AUu#Af5Yl_G4xbX2e_QUSu2aTAIDQvGT}$ALRgAb;jhVbvZA(2HMcmQ zd@ugcp|(z`nd@-M<%X-83ZyEe{}!kHjIeMSoa9o}8KF~lEb5?d0ye+oMm#eL(})H{E}r`h(~6Jd-}W_huiZgR7>fsQ z(lXFw?yJG}&b6K@_0Y&82Ahf)d7RrijjL5fvs`>4bZOiJqUg|mgWD45K3ip1X*tDY zz1xy)$Y73eE<|g`D3q;2WuMf979Up09dtd==t#E_f>V5MPpj{Lc$iPxZ+p#XK0}$< zAf@$2#5%D*R#8`{v?QE43JAhIoghl<5FDD0Y~p;G`qP^M$Sq77Qv00w>00XEY8JlzXLN0 z{dw{4-`2`fOR&=UL`!A;jTD7RF$9@*la7e$67&|x5Ntt&;x))dMmZYH%LNdx!p3o~ zVAX_t(ZSzp1rTR0xCVNILAI$?1W20JVXN;7e|%U3HIekvB~kJG5vE1|vry1<^AE80 z-_VM?&@km7Vw!!B8KHlTG6|F&7tf{5b+stbW6AIi{UV^cM`nKjq(_B|8X5j-gt37f z)L(}AxSgCQ@34DW?{Fl97^fu(h_=Ve2o@1sj9%cnRh2H#Z^w-*4FbQ$ruK>Z1yK?6 z2!<^bvse+Sv^1X8un8zoA$6{K?3~^00$+=?TkR8d4&RWA?c}cjOLPCA=|A{}!q-My zQY|tv^Rh=t`-&5Va>0k~Q|FFeitNzmw;S7xb}+S*z+&~_Q~>5Z0106k6jaQFwJjv+ z@}nY86~nfue_Msi78E>BqoSbi4zEeqOhE^p76he3Jf~gdT{~A@9 zf5t=E@_p<)UdaRov_6UOm?QjhfG~=O0QT@dnAm7a*!~g!0GL^kYyQCrp(a4lr#gFc*H!>3}Z*^ISIj1fwEf3r61wKHK{T zIA!>s>Q0LYPYW=kplZjKR{d?G%?QI@-jqjZ%N;J2md_T}oHT&WiaubwV_wsc+g&tk z7`2?;p8W_TeVV|02XZ1HQYyd0w^Wo>q|+I25I;glkP7dZ?g|c6m$gN5v|+`ws~VL0 z$F14=;!!5OHJ}aQmZ)+FoJu*MB7CXi3owDn}doA_cpTv zM+J<}(?snSME1f3&R|1s5I;C3SmF*Y8(eVeyj^#0}>I^xb!B45M{SYW6<TG z2p-%W5?q42y95%P|MH)6?tQ*b{j$17jT$v}%{BMj-)a(2Df~V7+^yed9pgCqNbkoZ zaGn?C-~9(j`nug%f-N@70?v{``6!M@OpI}wsTpfk5LYDyfdEs3t_=fX^eg*YtC)_O5_AQ#9O! zYRXhVxrQnirM={UhzxUOeaHAc)b98nfmzIOt zHmG0mDQTHw6Xa;4s*fav@2su@W6`}ZKN@qE@-E21hZldlQw62%u&-I)e5>oYff1oQ zdK`<H|~SRmis__()h^(wKL}G0jQaqyo7{x({jfs zzE^31N<=PbRgA3(?G6|3_-v#e%o7W<+zQk72(DV*AuGWZf!0ZQ=mJ=@075AJpm0+~ zjP~DF#7w)DV7A_?pdqj;KFi^LnuB7GU2P_7->TPLU?Gvboq#|dHL}O(SH^%FAAjh- z3n8N)>{p*mVQHAbIz1YPiYUX;ZyR0%U0$siZMA4VCN^lD6%QznbWP9eC)Jm)Uuza{ z{{iSz)UT>lP3me6K?PhNw%?+D)QD$C%H{sV;u3up!gQy8+HF%?W(Aqxb)bU$I5NkI&%*$H9kCzN?IIr!35%Um zF9~7?{pHmI7KS+QHl-(Io}=j`{qoXmDBj0Xl+f>PBW@Exf71w+wpP8G1}vM-yG94} zKpjVRJnc&fA<8sG=56=`L_ZR!{AB!QQ#KCpc7kiU`eLlh5soNK<~ncrR90kzmA{jN zI(mTc5#h}-LNDymCMr;UZTKs?!}oO*^(Y`)CJo_O3lH+cSIqI?#~t$q3MAqJFN_-2 z!#&al0K?4%nn|Z1HdaM`sxl8u|2fGY?1-H}avft7 zvxAixqg#Prazne5sLrYz5`rvP&;4*IFC~(j$3!g%C-RTgpf z&~^`BO!Ui}@?Xf`!Hajt?4zhi8((5efA+2*XR9;+1OYj=e?(BQzLO-eq--zfjVj_# zMQy7FN+#$ii^9d1>S4^W&4CJjFZFi|rSUsn;n#c}pwL&%_v3GWwqyW=wio3dPd`{u z11W9-^!ist(twYK*GO72XvpW9(iS>RA%K%+CCV}RM}+cca?Pti=xrG0jN!`tKyx7D z6-{}nE&+|?Iu{R&XNb4&C&?~k=yFps@L2vJMcJ)T#8GmF-m};}M9mKC5Gibmvse>9 z9B0gF|X@--aO~;U_>yl#{;b{x5L*PX`VC z@Q?Z6`~l=IQCC$;3~s=wn~&I>x}zLIFBpQtGcC`L7V8zpL(ZEIGO*;7tiE(2w;R zPLeHMXR3zn@^q!?I0(ryVjO#{Z$y(nFlR)g*XE((H%POrX%X3S)+NG3$^qW;$&Na_kC)-lcbC!( z%-`e$s18Cy{e_PM;w$0gs!$I7cnPQpyhfbOA!j5qTqElTbpm}X+lucVgoAVBnB1EO zMl@CqQfUK$M?xJS3ZgG5-bDH&X{g5?%HLEm&OR8>(5Eo&qZMvwQvS+scn80yF!mX6 zXU-t!br=HZ7`0r5rYQ>yQ9)LTh^9GzG!f8F0p$mOo90YbXoP!``B4z;;D<^6E~Spf zp+B`wU1lq!7UGiw**UL)AnWLRFyyKW z^(6!U1gL4uaHqMtSf=OuIVBDJ19%s4diA)8jm>Xn zDC)*hM|b;r7G_psf9-xN2^>HGJKIiw4VIMuHaSGGepw(1f=Vggg#Vz&?qhuyiDvkq zH4K(Nx6d)}+%9x3*FvZID%1b!ev-3tW7_FwrT&VB8mRNmUfpP$O3hDcD`1qkMrxeF zIb`N@+$oyaMYNW_EuiHZhojel31Tmzgi@eW(;4D}OZ))R{6@DW6a}eZ?b>*uPuK*%8D5gQd6CU} zFC$kXQHJ!YTK}77l1&ywG0^4M)qC88CxyE+6&J7kbM^uTv zVt3}5g8*FCjOSCrKLZGc>R7&1!gT*mjgULUL-~MkKbQro|M#0JT=uz0$XiitFLKhUnBbUlN3NyCN_PCUmCEyodN{L z{Q@NPW;(yDOB(t2>3)_B7FCY;e)oQFh?yIV7G8JF+L!-(6HM$u8a@zrv-vMXG;uTI z8$({TFn`j5#l2}p@x>_jmGSYUcXtz?BC}1CGZmm)J*dZfeSO~_p$8-L@*ks1NQrRE zqt5e$S%c6T|GZ-x zLFb6V85k!1**ZGAAI0~6F!m()=-(jsv?TjDe6$Iz)cj7kKuj!l!3T|uko>ZXfDi2R zT*qbGmhQpcpwUa|@-azl@+eE%98yj*3hq3ATb6icf7`KA=Fq&O_D=qiPyCeT*9dQH z5^qqzrEj%3y;3wHIqwM-iKNc4&9MhJMrq~FbvS8xycM+oqoRCfR~_n9Xl7HjU>|@~ zy7V!%J~`^@e2m&Q*yiZ(&xv=ACUO}oQUbU0c(BhNMULFE6DW@F=X4yZHc8Az5hJNd zd2&%?ozoR(dYXU-iob_;rX7dZS1sn5a=gm9P|I@__Ow5S)D1pGZrv-64JX(psrx&Vja{>$|n^ zvM0Wp?L8i;#K$5*balbNLeujG1J8yaiv|l71R%cI4zr(Y$b@)*@A|Gv!T6Kko99<{ zq`Gg$OWcdIq4dXU&}C z=RB;jSJ9w!8u`=DGC-q(93@q5QZ_j-mn+KP!;#1yb2&RN_852hI9com+y+X+&ukT} zBb#1eg%H0WsSg3sOXb-HaM-DG{A+WrY0PuOxJzc_P3Kc8plGFJ91fI(XF3VkHEth? zuzbMK;n#h%m9ws1;F?efEnCzS!@;FQKp@1Ce)H#X>j+W*e8e4GAu=Hd*?K+94a1&p z{fNMyI)bi|epsGZAz?v1b;BqYQLqWL0~%jp$hJzFMS?cshZm9!?( zQ#tz6itVW-EJlXXxHR%7s|ghf%5*g9n-SvpLsytaDax4ze{~2HMSD68$B)>J2sv7M zDNFJv$VFS{`UaZ%$>5M*Kp}|2L<@`u#9)8$d<~88vNeG9G6()99^jEZqD6h=6p3WS z4ho=`<`dh}JQk58W$5t9lQZsV%qRos^td|Z&fQoenL--Z^`v?u<1NkXLj^OL3po#< zDi!(0Y!moeg>nFTdj`d(_v2}&=+_}hxPkB_x2$^86*mmBuZv6h9)lI4T!Gl=*l)NU zH_tBZDBJ~bWriFdJLm}itAe?twMKx&zg*EpLgRqkP){?rZ`a|_aH3@0qo2d|X3df% z?2JHuzP_V2tT53N>DBR9@`r<-(0q5a4qKc2dmV4oYK(J5ENG-KrK*Juq3#g=7W2)u zQ*<>xrZ?CGzAfZ_jDy*w{A%o89BObRtcTQ=hwyWw<*1kR*71K59+9v_z#?V%v^ADn zD&9+dkr_ebGfvVY5|#NFpRf4M4R3TNuD=b#W+~91?ULQTsNt;N+HDHS)rWckI%`8l z18>k4sK55b*ar|fmas_?^M_vV| zZhPa?28aw+mlP)i9OA0Q6@k3dN-}f%^kc^pHV2rYkkj|1-)MLc7!s6HaiUE!#T}=> z(uYkvd}?TfG;X!QX;j)JpiM+uRSV{GAdIFwet(~}uF{;2m%NtftnX2v<5z5qG&!RP zTpf%ZPAA9Vvt1!fW%=^aF*UsDk@g<|s&&6n$1z6ekIwyNU5H3+B(nN>v>{|m<6M66 zb+-Ky>w`KZKZwxNyJei7TUaIVMXFhSZ}Ssd*aUU?pBZ8d17s#=@Y4>-g+athTh86j z%5A>7cwJ~(Mh~qq>=27opcLh<*fK9Lm^mzK95MMK!bPNO3C3@LU?MnkY03mRzgfgsqd8+AUa_N9$w$y)Jt08v zwk0MAaB#<>nne48@{riwgCNWSC%f`O+D%1!Y%1Oq^8h9kl z7c$#Rq>(fsF->%=&|{w)H0CnnUXC-`+Ni243glQCt@y!x2l-oy1yL?ON|cR1qD&=;W&?=R`*> zcNf3=>@7`{UQ3cQFS4?;i#`?3c(WPI6uU7&NKdI9U^#=U4J*XVPkdc&dd+UIVh`@o)@7uYVQQMc`xSDc_6Id%kKhBJd zJe`k>a(b2152MMi!9ZGm5>hk>?5|R!`P;wkm<`tHk@H})80X#ya(m#(=IpJLvXp;T zwxLobisrw+arb(O{x_{HpH4P{T2D}1+6qSu73@0)=r`byjmSt_Qj1u)cEa!`W6CLq z`1rk4Man27`N_8?+UiQQTl%6cC5X<43%+&chpT-$|EWBK&e2GUXsSRY*8=UEVxImNvotAieTY1Px=G9=pi~ zEB2wurQ_S%6QpUl?Y+R~bj511;5k@-dN#Zq$tRv}Z+tJ?tNQHhv)qtcTI`_}&~DsV zP@%Ht?F?h{=U%Lme*lt8zI+lwU#)9`p@W6GK6^e4n-JM1yxYrBcMAxm4`gX5PbE!^ z+zbA4kGrQ<1{OeR##hyKFmew>vgl$A`@IJ;- zw=Y(&hTHwQJh+_o-k%e<-Si0{j#uCst~@gnj99$vnMPEPf0r9_v-Sk53PY}w22@$5 z1KSH2j@-Cj{gl9_3w-?h>x0(EvRm_qc#Uq&*RyBQo-CGV_9U_N+7J|Vs$QFw)Kgj! zX%{O-nV4~8)bgjZ>i}xX96l@5E*!h*nM<8EF|>t z&@(kvyz(sUo%qkWLxajVT}J2nXg@T~U)NJ4_NZ1QkKq*4-ZR-l(uiy3r~FtUZ!49~e2W9z6#^9XK-E{gvGQK{^)c!g--080 zq)TE+NaP8j<=ujOAoj$vMYh+RK8rD%IJ)gX0+x~ap>uKCgysYM$P%%^n0Q%l1`SV` zWjCuY2TVhwfagGEfUjJIr;txXc|nIRR3CX47Z0U3O)r@nwuNayLG4u2r3-F8a-yaqn{yeLc-!sECgr7!c+>oLU|`Gj1~1- z!jrhUCjS7!kA%t+zWWRD(Qq8pI7B1w)C-6Ckqk#0HhcUsVv0IIY1^NDRQuktw%f5i z{~#xdAf=n^w}Y;^td7CRsy)UwW!r5_${Qws=8-4(qM`eBkDr^kuT{18(%F)ZGHC;C z>GgD=;edYM^s-LRY%}9jNAJiVA7$h?HyRNiMnQ4j1lkSx{bv~T%g(bqNqXb&~BO6b#{dUq`5bBh-l{fF01W4R@kF*{||HerA*glwUo&} ztI}GDcg&mjt_kV_X9x99#{P}vW$v**QlE--ROC4FRsI10g~e4Y9?t1Iih`dR?#>yR zJK~SY)v~WUly3qSHyppnQ_>ZR84DL#5f*Je3B9xjWLHe(4~hou;O8$JIm_JJTtp#f zbqk8sd(5eEMI6u%G9N51ORLjBEtxQ{RjM(qamVb5y!lb%rrk1sHCglQ=0 zBEAt{G@P2{L6E%7h2Q9B)fd6kXr`j(y^dxaIt}toNzZgm!{3T0m%84>zhO24eTha) zsrs4m@pv@|{UJ`+R`9Oe=W)-OdaO_$dvkFGaV^$j8@oly)(M$gQH{X_I3#s&4U4oBYV0nTaXrF6inz zb4>4Uv{>_nZXC`s79v7H3vpb+)Bq-HvSeJI2dae!2F2Z<7}?(?sE82qkdQNmEG?V8 z4*Dq5;Fm(V9f5b|xLj0Na+=!*16)*ONduE>677HzS*&0`p1A&C|F78SxN;K8E0;wV zR@X9jgZ0g8YL!Y$i5AWkXiz_Xk6x6@!2^;g)=Tlbmiaw6K~5?b%6IKGn1^*9r;MdB zfDuj12iA4N05)$eKuo>JkdyW^7?`Y!*~Vs%(w>jK=q6>nF|0sSRCnK*w|UOfe&jWR zG)veJd`=}2UkqOx2d-Y$f1fF2e{;UoNl5uJE8o(wP%lDlC#rDvP>4Vyn!m8C<&&;T z1X@mf20!iLxQ7O5{#NENt0>A#5WlyvvtFNmf90su8-w`xA;<7?sN5c=R!ybKd-{Em zU$Bqi;7c@J7qn{w$xXRp^#dP^MTphT5M|&sfy{zm2duEn5T=9gcl0{W2VDIih=YRX z-PeQ3SVJCo^cXE*Tc?;@u1mb>vr~Tj4uF~2{zV=Hh=N)(i#Nk1k>!#@p9V}k$vC2%j` z4Og_1+s(qKnUj{zZBmPP1|N@kg*%hPpGc4pY#THRfTJYXwWf(ogc1Pe77PB7st(T- zN#Y?QqdL9BZwv1Ic&%!SmH+K)2PNVI#&$$ zKg00}WYZ>U*jvPo7#Vo-Tp6nva3I23SaRP?#$X7Az`@%H$Y9gaUh8DE{seuNN8;JW z1Y#(PMzTT?>JDOyw~SF5vh?vAhJ4$JKly6?YE2y%fFew`9wLmx;V2&5K=eX1os7nq zw2A>K@9Zw|Tojy<)>Ec~mf|Md!f4Dohi<_z)>6xI^7nT8tsy8ohBwvKN1Pf|JtW3t zoLg`-6lBGLa`}PZ3aWABS;JfM5j?X5gdpJb_V1FgXspv#I^{*P;@WqEAn|v>`%CgY zcw5(%ltFccZG`%&otv(|mW@lBYG!-C7mBE4-#hQ)vt-frs&vfr*KQ#a~vdGT^Es>>f^Sk&*rNBl;IU=}Ejr2WoD#N)wfdZjTaRSj!83-1+od zNMa}jVKa|WO)fa1V7A02fO4JW=BT-I&}EhBB#_xLwMv|0U|SZG2XY{9Xn*&!CY%Se zLGm%f@1@mb$Ts<}!I#KL+uY6i&NNC`QkXi@;P=h7-p`-C)LTC^ZsuMd#mPMaZm&b$ ztzsZxu^Kg@79WFQ0<{a!f!_F%SPWPAL;OBHab$krqj@WYl+_Cy(saJN!1mgBZ@hLl z$0-U~?0;4lad0s3p(_WnI4t-V@K9=7x|Iu`Y38J#rc)dmML|^(q}TGM=AQA>pGK2S zC*oUd!lm8rhx#cAoT86Sf^sAYI;Tt~Fk&ZZ;ek}D7fgwKNC{{mDr8ibt2IHgilCmW zgcq|Z{&GS)ChqA`Iu~@U=am*Pkw*XQS&y~}gUS#;6KIQ!{3owk&#$cnTF7F9Dh`$J zewjsr5^hyDDg0XmdLdGwl=`4tgU!?v{eWfbFmtdxmA|qr&omR+yVI~=uHt0hbtOS5 z*3jj!1-^KKfK1LTsmI}t1FV)%#7(YE59XTS zMZ~5Lw`a;Z_ZXOVb|N*es{n;+!)vl5t0M45%M=#?B2M?*Rrw9Z!Tzg+Z>352aRO`( zJPQXVGiZpAc|Y8x8(6-Ax9R%I5oy(wD7<_mG2a6VRiy`CI_RL5d*V3ceE>(J!`lDJ zh0X@lx*Z5tm_52~mXdm4b**nJ8{cK7>7Z^wuSvX(nzxUiqk7*#&(!i8t91-gUg&8^ z^+lnw%MVi8{5KAE&PB$wGRWv#pSF-wv}y<56o!ay=fx2Le!aEe`2#2+ohv>0aegX1o~f^G zoo0VRQ5XpySF{D#W=%`!8kW2hQ{u<3sNl~bpg%%|eG2&zC{0cw%o{Sxf4bV_K_7oT z9V7*XXa=m^#>X}wcLFRnhXt3o|F+xeO&EDFxDE~VqcDc4A{-9FX|QXMAW8o3=nL`q zd`c09Q%g$&ulzo?L2S0|6i+xK4W~g`!Y;#3$Z(fNBLvUUhi>Pgf)ONS2->Y1(CrW-Wu|F@%+LYp)ZLn>aErx4<-f{Xjyx5aeXO zk2PI3Dmr+qhegRgy921T?&aDtp{uo$l-kKcMF{F1x%uFl5TR8R1m7M|peWm_6bM=f zfOoNUu;IVP<;W{HxS=1#Kw9pS&NS9KJZ$-|0K~-)colJa&)oKvDN!c$#91qmI;E)m z3=wsiQWAbIQU6`YwStI8lFq>Ag^18SfymviM99hPxsVeb9gRFWzQCBBGYRjl?(@^< zc-h%1C9+ez6uzC{TVv1$)-GkBLY~1 zW`=k0dt#IU_}cQ`qr4TYia~*OHy0>HXg^DzAx=}FX*%-hMLS1Gag}y!pu^qY4$PUB zDP)4_H?ixZDVLp zeKuqI5l}qU)?)u_hZ}-ywUQ0^{RtHd^e55ls@v7c2lXef_=opr38|!jxapZpEPHMZ_?cc-dAEy&4~>Yh2|$%UYQ7`ZVr&2Oq&qZ;{z{zyM67=i>;UzRjxf7)C(vQ zR^x=;*}=f`;Y%EX8=kdyH3Vn{q`0N(71wx!R00>6A!o8C4N!{}`b1Pro1-JR2qOYR z?voF-kY}$LOZvN$aAGQ7jz1lslsevE>ar-w`ad@7<9@9)*iDw;H?Qmy{W{a}!D4i6 zKVecj_*+REC^l7H3wNP6v&x1JmMxTGi*hp7JY`vA3a6*(*G9IM8LgN-T%-#N#z<8J zJ}2n5RU%^*)y_j`oDQ@>$@!+wu^x05uTBOZkbafXq+|`EbyIZVRQAPFj3i%;X|{!_;At|cX6Mq09p>_T|dEUVGGYr zy`TUDVUt;}2&71alRY zAgBS^ZxFw-Jph-*NT`sK{*Q9d9ZbL7_=XVeDggFDq!R_nh>)~!@mhhlgZCEk@AwqW zCwXhO=?F`_=@noOUzf2p(EZ%G9C>pLneS{ho2%@q0F%nl~D*h(`~Q zM%pD$S^?$Pu^PCzi&HM9+L+9G>e*2viYx3buW0_SQ*>AAhCYF+okK?4v3}>Z;c`r4 zTnk(wKu^ZGf?UX>p7PMqLSuMJ{`zij~J%F570=UOjIEBXAQZwi_+Jy z()ULi9~z*S94i$%R-5@NN}><_^YGD?F&&>D!BtpSAGoAydSj+dVm>%EcDr-nrD)av z*1<(MA#KTySCla<;+EM~Zxb8A{}T^H`SwjzQ?9}J_Ts-9MD>mCL57@mH_0mu<1`jP zM2_+gKy0$ThPOMKCh~f!hZzU@!jkt>%5TuGrQ?Bvy3H=w#CvjfV;1=sS4+aD%tgQ) zrYI1ib`(2E(+Hhvj_?< znnsOdoyMvCh=57h$J?F}y1n*i?swdCmQP_G{7Q>8KYazoFKU~&|NNbNhN)c+a{c|a zyiN+!TB5{;ZI;JgJ1jll`}MjJ_s=%p8kHgKw-g(}cb7C}>Gp?YjFYv|PA8Hl4qud` z*F}uF-*=ay!24x>T&-hCnNW6OhLej!zC?nm-acp8RUXZ5t1{y7d_=p-WA8?~6|<-} z+pt(+Een z{%!AvqWaV#ZeWjpXEwgqbcqR5E&Hvy7S~7=_W!4o_q*)Z+I!fJYhBPG1%Nyh<$em1 z^fBiKx?~IPp|y!3Ep0?wt|GT<%Bc9(qFk!3qvnXqsF99HKRJ>VwC|%T-^M;_!Z;Up zs4K-;LAb9&LYT?r0=oY(VZ^T42W zo~!E)hZargtlbyv-7Jm&r-tro`vxROb^4@%w%tlC_UVP*ECEZXg+$ZF$KO}hjl$uQQIx=`SKlAHa zkkQ9aDLR1(PpSCeX)^(}8?yeQuq1>TIkhn0NBc)(HwI6!j&W51&o0`$QdHA4h^4Cv z1*d0SEf|*p@K-0hvx8pJh$zjwul4Vnd!X+EFQFy3SG?`{92QK|(>EBjF$5(!B@hjw zdU5K9f-Whh?7GO$tqxuJi-vQh# z?gXT@%TDT5W>R_}_y#$DV~FIXy;u;t*5_Ni{t~wu5R$cbH*{I~^pVI_m&$t>qZ(Qz zLN^(@Nr%Z$0GXEeAem4Hu3Du$QDg7=&{KY~5vxx%@5#06frN*8C}k0IfXl6g1x|RM z`}9yD+rD9;_8lJy3ONr22>j^DE4&bDI;QLYSn1?y9>i^Q|KGQKbL8id;lwh6X6^i! z{f!7$r>MWfx@M~$+l9B7D2o#f>J z+kn;|`G6@yihkExpicEx>v*qJgndKPjv%5pqrdM?e+|Q|rT|o@nAc%;lI=Rg!kb2y zbI-+SnzOVW!I)k}*Zg30vjEu2?j1JORe zlM3Y;S{2Cm0?$Z#|Im&v$OYrZ(84qd-bcUjy|WdNMn=Tuy&d|` zBQvMdM~WN~C0SX(UM`d!(qcpFh{)-KV=)KCMQ$N4ECtUMO`;u8#auu&04V+jS~hP8 zTxyi7ul;Qr$=KTMRe4RN>3Vu93=$k_k)`FSuXD2VxDm*uaklUSVwS(QRax=3QheM5 z0|Ed6=4m${TAB|S=CA=Jrjj}b7#KVX>m!j&_>(4Q8~+uXwDebBg!vhYoIx43Hdv1$@6G(#`{$m=XEx%5vhP!e*;kyxu3bU3K4^} zhrXy_?53S0q!C4+lk@?Cpu&`oT%6ko|5V`sc3GQaxC*f5EDNv@TKyLP4vz@MCmW6K zlRrpgM#~oaCwYdhH}qs_DO%GP%tz_1J zc0S~%6SR`~A~_lp%E2QIzbMBxZuDw@F9Dpyt?`tTIqL4Lz10x8?(5zJOao=)! z56st5>ouPpn{xGKoN3}j4TRno0Y-94Rn?oLGWLHa}m9dq8opj3?;%i5ZcBg z`N}r)eIAI{rg(5!A$pM^yPxBiV5Cre8*JVxJ}t@@cIJZ!01pw|k31t`Oj@?(w>zx> zl3E$s?Yzw9^`)RULC;q?+?$Z@0KsNfYj$w7yZsmjT2yP0q@9Ga(p9`b-RGxmDWW}$ z0?zpAZbE__1N!#b6`KVSweZdaNPaaWdaJewZ20AyQFsZ3p{<;v046Wh93lqg+!WF! zOk8;Qo7Pa{laMuJ*aCTT1|LNTKJ9X$L8AasZ2!^#q)=$Lq=a#+W5KaA=8n#W1b^XY zU~@On_qVXe?g#vNd7d0cPvaw$Q93}U+b8s;=3$K<$PNI87ErQGUpu{(^@#MNlo0GN zB)1dBP2HNzt}g&BkqQS{RL0dR)#1>Her{tx?coI+1fkEs&D(5ZSWhfE0D%~lyT78i= zdu#L;{}uEQIpBxCP`(;TwpZyQD)}dwlFxGE1Orn*?GZYEWyOSF6^` zC&icZ`+`<-2f9Qey&vAD4*@LxYFt@u%4Mv$dE{o)bEH83J1b7Pm(gyWu>wQRoLrTd zHg5I5YpAxcuWLeni&Q^j7{DuRPZ#3Y#!!HtHo;F1E%#w`Xssb@Pz*r-P{w`q z8P)~X-0d|Yf`|so4aaOXa;F@kk-K;}b|SMSa45^4J5NyS03=0~=e@w&=ZVyuuV2b| zb}3WMgN$O4ZQ;{m$U!BU$y8%D;Fj|pjdB@+W!`(;&*H=G>k(bohpNSaUr@}rg?ENQ zQ^;CbGVUOu1etsUACey-+vU<^O>t3y%Tw<{%fyeb>6|24NU1!=QbEdcHxCMz(|u{!UDeRn zo%`C_1K+(e7fYZtBAs`{R(MZ0T?l%JpjqjfxZ|ItGKi`(nn(6xh4ire>`fB(2IpEM zXeabfKvc=J&oeh4f*QiSt-=9kR0sl#_Ca6dpY~tgf z?nyA;)U8v$&kM>%$eM6EyBTWmNml3s>E}OB$A(mXiLMJXWDWdP6!udDI#EnGcv=Sd z^g=wA_c~+*8Y)!T<$b~d;PKuE(E!^3xR_P_xj-Dw@NhLfZt5e({65Ce#7YgbRlDKHr` ze6?|P$Yw(DiqKS^n zv(yq^iqQNI0IU6X`~Pg$lE;2DXk>JvkCph+26MN1c6~MS$ok@^>F&`b$rr?OEzKBY*8sJd&!5ui>3;zmIV}{K zBjw4|b$*M~r4R~4Dp1g*FAQp?oV2t^9mgf8b8B_9pY*3!GIAgNchW^HTRh)_7|yN{W)3K3k0vK#!{I8rfSGVIEwSpsyyg`g+T*6xKb?8{7QS64CV7wOpd z9)cDt%z^NeA_#?{Y@q)r zwWrQ){NqdhWQv^vlu+l%nD@gX)u$}=%jq#e1iQTlbjL1m|4Jq)pc?VpUclpa6rEI^ z)WgyJaM*cZ!L1Jy2i{xdqsgYLRZq=DtD3=qjmZM~d#Lz$yK?52YowDd<-BA@b*%?z z7upV+%A3IYnGand-VuodEq&zZBge1`A{MSu2f5M%8i}f)C z!4E2-9N|+Rr05ewp08g*Cjm+M3O!$*#Q5t@V)t#_t$EMM`m*zT`1I2z0F?|0$>A4q zoW)iky-ADn?tPyW_bZ1({b|c8CSA<1Y{)@oq`VCq?Vu%em(X`8>N)^F%#eaa`Zj48 zf%w#ox=B{Wn?9}QY-2Q)Hz7g<)9r1*&KGQtyaO7k5Qn*oNhif`cwYKrh?kg{LILNcVgU_aV#Kk9TjoOPnCj@J}Gk$lRR+lYxgK^#$I`RQz=gig|H zjH_q=vBE<-(xoX;W1tbI#@K?4Q+&;T+p*0u7u)w_)a5-oJdv+V_;K-jsw0r5je-}r z>vSqDWvP+ZO!esyoFA*;s{ZHrile>vpu8t{h|)5D`?rS@^b_l5>U~0Ze4NlWIbEnn z5lSRvBSEIE{x1OIX@5l_J{$%=LvM&RbAB`5MPD1u=aojib0lBW6&&%r5a?4&{m0^Q zC#N)sY4PA;Vz*c<~iX&<_>;l06%(a;NzMJVrCT#y=o7FOl+tre6>YpLH@?#gWiHhipF7tjc5asb6^9$CSpRbxgZSD6uk5*`>$TMLQ{g zn-xpyU(~dC<&a9kEmSL5*ff^w4FVq?NX;}ktEeGY2~T4p z3n&XL$md_uqSUAa_#LH;65<^QF|1<{I<^H8o0RSs-<=uOl(K^h;b717=d6=>JGz|_ zeeEbo<6>QP<@*yutd@A?KkZ*{S^bxrFWWmJhOi!IcK4kiRGG)ui9dSgnZX1$Qlt7k zW7l0_tloJ4!^VxdE`yUO1<`q@3gvl}`P~my)h$7?AEQs)>9P9~s!o{A7}Auz*|oP= z(;pO>ZDntHMU5-yef3mJ!ZZU)HXq+dVAEG0AES-G5F{BFIJ=1F~0@w06lR{PHEb3d94G z)I3jPt9>-G+;d1m(tVP_dP|)$(7gzey2I2$vYTsU=tJ9@2G4a1SCP@ zQ?=6uY_F=SbTUA?S#w6vrpmEl#VXD7lO~meaqZy>b7feW<`WyIB40PVz&*J>#i8O3 zoIY^Yfs(eBWc_kE%L`puxtFz%Yd8DQD3$%BA4=L%M@(xai&mm1^*s(zU3|feDnS?< za+M`8>VS#OXRUhi{vr{!27XK5jSo}3dbapOV^kAb-U=e-s=G$XkI-SaW6Ag4tVHYC zMG4l^wSQJGJ$c#T`{jur!L89dfc=IGmEm+zSicp5Rx1L~Ra9`%3rm)PQcjQk@i`KZ zzHqZmTW!+Mb0VpGsW`>MaAIcN>MPM7H+{Np)?`eLpj?grJoz#zi?)fU zy81992p+{{t~77%)q7syt9fz0qJ7a;-qkwSU^Vo`i>$DXF{!SIm6!w``YrbNtCe{7 zs#tYf?mrj0s9-Y;15?b#Z|!FjuK&5H+A25ky;XVn`X|TrJN7?Ub}UP9%`x8F{@?kV zblq9v;FToV&sXYZO$6kvxR-|N*N%DgA0r=rKy8OR7s4U0y&{dGE?dtRI3 zdz|T9I8+SIrx-#jZ44MQh`9>KQNo~&izUza^vsGO)isC?<2V9#Gr*Rq@KU*~sDeeK z6MV_O9mAIC;Jlh?KE`o$DL@5JqosSubb1Af)XXYjD<&TO)a@v0`*A7>f|$4g@yfv8 z3G{9xyFTB+ERqT5MeMax0}{TyuAi_cOhs|wYG+r{siwZnMr6z?+~T!|HKwO@L_bYq zrsB;|sqkFDH>9xANBuznYnbdEzST&Fs&SrKn&9rJyTvN8Y<;&P!aAOu>;Fy9&_4K) z_G}f~9Utpo92PY;#XZmkJVE5&p$6sl_V5*D{CH2{AC$x`P0A9T8hdezm&LF|n_(I^ z6E5xOv%*i`46QwRJmCd0R4Dz@a+Ji^MHobw+~@y&aCi&1WeCW5ddnl}2hrN6+1|;s zs<`u3q_uu`_>N4fu6J=rv>b4dNpGwqy{~1hWQ((p{s=vF=uRqIP^DhYTsqtyX2CDk zq?6ZNr!3#W2Ce0Xs2ec0aKJMgU468Vam2F4BGDjlXy+_zvP?OTM4_9hC+bz*ZrB4P zf?s`vD@WCUpFFLc-)ksxjCyvSB04!?8{#>Nv#gl>iI)^Gzgw9#P0zDN;@ai?IYh1P zA#ZY8v^t6QM8m-H;gZ&TXyRgu!*i?`_fUvJK%kIEjL&4O38aZF^S+HbnEU3`7-L+y+TZf~7?KIOD;DbXL^>0xeyadAJB(Us^(%lPGeRBT>)Lz;OkhYh3_AOf=3Z)Q+p3~l5c`10gLF@~JCSG!HIXL;2#9}0VDY3BFV z&24ZUifQ9STdT-|(05pS^xe_u`8ZJ-0Ym9zzUsw9PPr%8bfUSShWQ>!>~~QPwHiuC zDcaKQAm%pfL{s3%!J!Tnl1xh9wTw?g@2C~pTTD+WV?p_<{{H=ZQ1Q67g5}PTl(Dd1 zqR@o=cZnz~Y=oNlXi#ExS`=1;6gbq#HQMC!wj1$AECrKcfs3FBpqUb^gzAD>+ay+u z^18NpY-301vbI_~Mu~gTkf(buZ~M%FWp`p(X~ypu7e=$L08+U4Ddnnd;e!;BtC!CA za22DY5;i-dOWj6!Tn}r?U5;{OrB9VoUfs2$DbJPfq*n(W2CcklC8YaCc<(kI3=`=q zOOXH8}*YMQ#spDZSDg-yHY@0)?t zVu+1_hZaJD)Nmjyr3!mT=sC6Q7Map9U575#2whomE@IS>80TvyJ8 z-1)misdYxI8k7I9Y$wj>R(vEQQ3OW&b9MfaPg~L678Aa32~YEsfY5b25WT^^gko5IPCz_$JxRdldtF5)MCJ z|FH4#0v)#6BP;k`NR3G;2XR0PLyF{F49igff{5WhdCukzybzK_*Ad7G!wiqc0mi>o z8Mq+Kz`E;C-Qv@E!;|2Hrd6SFhil0g#;RRJvp$yH-O*AvkOM2eLqLWZg_ayE^D!DT zM-5T2UYeYOJ3a*TW<`3)+|2;VM;q(COHo|Ybx9_ADkFf=O+#X74+t*GEXv2xb7J4$ z%m7JkT9Efc&L^vj{#aNRQlRK!U@Auaii!Y0ae|H1H&~`v-3?2mUfrru$swy#xyM;+ z<|2O0IV#JLJU3RGgt?TM%%~Zr06lmE60&}(#T7r)u?V~(V+5QV&qwT42FSebW&Xhm z*XOrjPiWDr(m?Z%uYfF)4To zK5{V9#>FA%+n$JD=2hC?VK}WrDqsZVQfcl{bH_`m5mOI6xY@uI=dYvW-KLEU%Y+|1$tQ(=Yz>Mz4(qQKf^2FkRL(E|t`BF{1#WoMJ`kleUO?4XA>&yCv zr{tHw;5kp)ia2_kEoaGqKN-nS`7;Zc7U;sKAsFCupW|Pk{Jiq*-6p#uGz{uph0rZu z&K)6X#w9<<^e>nalFL6Pn|N-vK#GtNA6jkiY?jj9B*E~}`SKykbu>M^D?dvFOq(Fg zX(@ao9w<=RU&D1)G9VKiyU#a7y1mUb*4;)#aq%E4LNBd~mRA3On=KGL+D2yiq7v`X z15o3vgL(Boc8eOl=>}BZV^ay!N2KW_rZOz>NcTDip__Ib_j5dSs2Y}52Td!OGE%O# zPg;UDyNqc$JqwY!y}LHxDT)V^hbkJpjxW(&2dS6D{)H)Y>X}>{osgllkMvKHCJ3&U;DJjfnHPMOpE21TQFuEtlQ3^ z&-ViL{@~di{a?$a{+%V)P?YR+fO^JdMd@#Qt-B742s9Y)BHrT5-o`<79j&WFQ1104 zLhf#CUpLlbl3#f9OnJTlc`yu$-3f~}BC%rdL6B_JXCLksIFU&=DNdW5`%_GJO+fsz zjW-nn9V~4~tJs4%FaRGGvv3{XHi6a{WEK2tq60|G3PV*uy`tyCUOiE(K4XR#A0DAm zUeZowJnKp&&~Twsa_?u-`wop4PG zPS%6BFy>lSw+-@bjRN!E^v~>Ik{OfwCv=FdWM1 z^Ed(l{8l}g1GD)Ts;)rjrBHa*0x|0QBMV|1K= zn2BTclq^ajm^dm+!}~qm?R--zUOo{xpaIIWqI~O#@s7e5t0fLOiB(nOjiE$q{7`LN zpU$Hj+)v%h8@5oe&<;(#lo85y$Iq&M?&hfrwd#x za4GaD7sCECg{g%r^6sbIjjg2F@q1;uJ2!a@Vcw9ut{+DAuiLpkMPTle{cy}nUs=nA z2QRU{$J~OR`YWT|M-tP)l6#3^3PkV|sH`UKAF(s87Q-|URO}yeeaI$4P9XB;oSQrY zQt3Ap;ZZ;3&^s>-ik13%(2-*ubJox9>4|$c-laVyCP+;udEC+-<~mF&sbH8_BCBEA z-vmclc}#(G?bxge?T11x0h6u@l6JqKTNG)f&*_3yDatWV!yli9Dm=$gg7|Cva~nlq z?v+5n6+xI_ML)Hu;gaGCBz32(Y?!oFe3cP4ekCm&Yimf}>zWQmOP+x-J7RXyFk7X~ zEl{Cobi#tTzhjv|JY(kmc;JR3W5J2Tc&DOJu2|3Urv{*GDc9&AYN=Cqzyx%w?q}%d z$+}s7nXqfHTqI}VHoy~sB@K{C9JB1dUEu{&W!HPL+?WHzik1sAE5^~2m=uY&iU`p7 z^V`JPdjz($X6nmQ&+pMIE;(h!;6HqS{%8L+NFevy0+xkJ4~DKs(@TwbKA+k@4)nIa zZVl>&YuWH2j;@CTj&$r5eXTvbOf{7K3!r}u5s>R-;N{Xec*$q|&-#B+0YflKT`5~g=YW& literal 0 HcmV?d00001 From 3639de9e8a042fd137043f3d21c70c10c41ad400 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 8 Apr 2026 21:41:24 +0200 Subject: [PATCH 44/57] chore: fix github workflow check with new --batch output --- .github/workflows/build.yml | 73 +++++++++++++++++++++++++++++++++++-- 1 file changed, 70 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index efd33cd..d632100 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,21 +25,81 @@ jobs: mv spectre-meltdown-checker.sh dist/ - name: check direct execution run: | + set -x expected=$(cat .github/workflows/expected_cve_count) cd dist - nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l) + + json=$(sudo ./spectre-meltdown-checker.sh --batch json || true) + + # Validate JSON is well-formed (and show it if not) + echo "$json" | jq . >/dev/null || { + echo "Invalid JSON produced by spectre-meltdown-checker.sh" + echo "$json" + exit 1 + } + + # Validate required keys exist + for key in meta system cpu cpu_microcode vulnerabilities; do + echo "$json" | jq -e ".$key" >/dev/null || { + echo "Missing top-level key: $key" + echo "$json" | jq . + exit 1 + } + done + + # Use -r to get raw scalars (no quotes) + fmtver=$(echo "$json" | jq -r '.meta.format_version // empty') + if [ "$fmtver" != "1" ]; then + echo "Unexpected format_version: $fmtver" + echo "$json" | jq . + exit 1 + fi + + run_as_root=$(echo "$json" | jq -r '.meta.run_as_root // empty') + if [ "$run_as_root" != "true" ]; then + echo "Expected run_as_root=true, got: $run_as_root" + echo "$json" | jq . + exit 1 + fi + + mocked=$(echo "$json" | jq -r '.meta.mocked // "false"') + if [ "$mocked" = "true" ]; then + echo "mocked=true must never appear in production" + echo "$json" | jq . + exit 1 + fi + + # Count CVEs robustly (as a number) + nb=$(echo "$json" | jq -r '[.vulnerabilities[].cve] | length') if [ "$nb" -ne "$expected" ]; then echo "Invalid number of CVEs reported: $nb instead of $expected" + echo "$json" | jq '.vulnerabilities[].cve' exit 1 else echo "OK $nb CVEs reported" fi + + # Validate json-terse backward compatibility + nb_terse=$(sudo ./spectre-meltdown-checker.sh --batch json-terse | jq -r 'map(.CVE) | length') + if [ "$nb_terse" -ne "$expected" ]; then + echo "json-terse backward compat broken: $nb_terse CVEs instead of $expected" + exit 1 + else + echo "OK json-terse backward compat: $nb_terse CVEs" + fi - name: check docker compose run execution run: | expected=$(cat .github/workflows/expected_cve_count) cd dist docker compose build - nb=$(docker compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l) + json=$(docker compose run --rm spectre-meltdown-checker --batch json || true) + echo "$json" | jq . > /dev/null + fmtver=$(echo "$json" | jq '.meta.format_version') + if [ "$fmtver" != "1" ]; then + echo "Unexpected format_version: $fmtver" + exit 1 + fi + nb=$(echo "$json" | jq '.vulnerabilities[].cve' | wc -l) if [ "$nb" -ne "$expected" ]; then echo "Invalid number of CVEs reported: $nb instead of $expected" exit 1 @@ -51,7 +111,14 @@ jobs: expected=$(cat .github/workflows/expected_cve_count) cd dist docker build -t spectre-meltdown-checker . - nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l) + json=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json || true) + echo "$json" | jq . > /dev/null + fmtver=$(echo "$json" | jq '.meta.format_version') + if [ "$fmtver" != "1" ]; then + echo "Unexpected format_version: $fmtver" + exit 1 + fi + nb=$(echo "$json" | jq '.vulnerabilities[].cve' | wc -l) if [ "$nb" -ne "$expected" ]; then echo "Invalid number of CVEs reported: $nb instead of $expected" exit 1 From be0f2d20d21d50772a0e662d8ff2419d414f5c3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 8 Apr 2026 21:41:55 +0200 Subject: [PATCH 45/57] fix: remove misleading explain on correctly mitigated SLS --- src/vulns-helpers/check_sls.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/vulns-helpers/check_sls.sh b/src/vulns-helpers/check_sls.sh index 5301637..b640a8e 100644 --- a/src/vulns-helpers/check_sls.sh +++ b/src/vulns-helpers/check_sls.sh @@ -258,9 +258,6 @@ check_CVE_0000_0001_linux() { # --- verdict (x86_64) --- if [ "$_sls_config" = 1 ] || [ "$_sls_heuristic" = 1 ]; then pvulnstatus "$cve" OK "kernel compiled with SLS mitigation" - explain "Your kernel was compiled with CONFIG_MITIGATION_SLS=y (or CONFIG_SLS=y on kernels before 6.8),\n" \ - "which enables the GCC flag -mharden-sls=all to insert INT3 instructions after unconditional\n" \ - "control flow changes, blocking straight-line speculation." elif [ "$_sls_config" = 0 ] || [ "$_sls_heuristic" = 0 ]; then pvulnstatus "$cve" VULN "kernel not compiled with SLS mitigation" explain "Recompile your kernel with CONFIG_MITIGATION_SLS=y (or CONFIG_SLS=y on kernels before 6.8).\n" \ From f0fb59310ea5bdab4a49e6f36edbf5fdf342ed11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 8 Apr 2026 21:42:19 +0200 Subject: [PATCH 46/57] fix: add a missing pstatus to CVE-2023-20588 check --- src/vulns/CVE-2018-3615.sh.rej | 31 +++++++++++++++++++++++++++++++ src/vulns/CVE-2023-20588.sh | 10 +++++++++- 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 src/vulns/CVE-2018-3615.sh.rej diff --git a/src/vulns/CVE-2018-3615.sh.rej b/src/vulns/CVE-2018-3615.sh.rej new file mode 100644 index 0000000..709b9f6 --- /dev/null +++ b/src/vulns/CVE-2018-3615.sh.rej @@ -0,0 +1,31 @@ +--- src/vulns/CVE-2018-3615.sh ++++ src/vulns/CVE-2018-3615.sh +@@ -8,15 +8,10 @@ check_CVE_2018_3615() { + pr_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m" + + pr_info_nol "* CPU microcode mitigates the vulnerability: " +- if { [ "$cap_flush_cmd" = 1 ] || { [ "$g_msr_locked_down" = 1 ] && [ "$cap_l1df" = 1 ]; }; } && [ "$cap_sgx" = 1 ]; then +- # no easy way to detect a fixed SGX but we know that +- # microcodes that have the FLUSH_CMD MSR also have the +- # fixed SGX (for CPUs that support it), because Intel +- # delivered fixed microcodes for both issues at the same time +- # +- # if the system we're running on is locked down (no way to write MSRs), +- # make the assumption that if the L1D flush CPUID bit is set, probably +- # that FLUSH_CMD MSR is here too ++ if [ "$cap_l1df" = 1 ] && [ "$cap_sgx" = 1 ]; then ++ # the L1D flush CPUID bit indicates that the microcode supports L1D flushing, ++ # and microcodes that have this also have the fixed SGX (for CPUs that support it), ++ # because Intel delivered fixed microcodes for both issues at the same time + pstatus green YES + elif [ "$cap_sgx" = 1 ]; then + pstatus red NO +@@ -27,7 +22,7 @@ check_CVE_2018_3615() { + if ! is_cpu_affected "$cve"; then + # override status & msg in case CPU is not vulnerable after all + pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" +- elif [ "$cap_flush_cmd" = 1 ] || { [ "$g_msr_locked_down" = 1 ] && [ "$cap_l1df" = 1 ]; }; then ++ elif [ "$cap_l1df" = 1 ]; then + pvulnstatus "$cve" OK "your CPU microcode mitigates the vulnerability" + else + pvulnstatus "$cve" VULN "your CPU supports SGX and the microcode is not up to date" diff --git a/src/vulns/CVE-2023-20588.sh b/src/vulns/CVE-2023-20588.sh index 5c0b5f4..3013c67 100644 --- a/src/vulns/CVE-2023-20588.sh +++ b/src/vulns/CVE-2023-20588.sh @@ -122,8 +122,16 @@ check_CVE_2023_20588_linux() { pstatus blue N/A "not testable in no-runtime mode" fi - pr_info_nol "* SMT (Simultaneous Multi-Threading) status: " + pr_info_nol "* SMT (Simultaneous Multi-Threading) is enabled: " is_cpu_smt_enabled + smt_ret=$? + if [ "$smt_ret" = 0 ]; then + pstatus yellow YES + elif [ "$smt_ret" = 2 ]; then + pstatus yellow UNKNOWN + else + pstatus green NO + fi elif [ "$sys_interface_available" = 0 ]; then msg="/sys vulnerability interface use forced, but it's not available!" status=UNK From ff42393fa63e16c1e888e8ee884733ffe9b77293 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 8 Apr 2026 21:57:03 +0200 Subject: [PATCH 47/57] new batch mode docs, add doc/ to -build branch --- .github/workflows/build.yml | 5 +- DEVELOPMENT.md | 26 +- dist/README.md | 10 +- dist/{ => doc}/FAQ.md | 2 +- .../doc/UNSUPPORTED_CVE_LIST.md | 2 +- dist/doc/batch_json.md | 391 ++++++++++++++++++ dist/doc/batch_json.schema.json | 382 +++++++++++++++++ dist/doc/batch_nrpe.md | 149 +++++++ dist/doc/batch_prometheus.md | 377 +++++++++++++++++ src/main.sh | 4 +- src/vulns/CVE-2017-5715.sh | 2 +- src/vulns/CVE-2017-5753.sh | 4 +- src/vulns/CVE-2018-3640.sh | 2 +- 13 files changed, 1330 insertions(+), 26 deletions(-) rename dist/{ => doc}/FAQ.md (98%) rename UNSUPPORTED_CVE_LIST.md => dist/doc/UNSUPPORTED_CVE_LIST.md (99%) create mode 100644 dist/doc/batch_json.md create mode 100644 dist/doc/batch_json.schema.json create mode 100644 dist/doc/batch_nrpe.md create mode 100644 dist/doc/batch_prometheus.md diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d632100..3e5ff26 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -159,15 +159,18 @@ jobs: fi - name: create a pull request to ${{ github.ref_name }}-build run: | + # all the files in dist/* and .github/* must be moved as is to the -build branch root, move them out for now: tmpdir=$(mktemp -d) mv ./dist/* .github $tmpdir/ rm -rf ./dist + git fetch origin ${{ github.ref_name }}-build git checkout -f ${{ github.ref_name }}-build mv $tmpdir/* . - rm -rf src/ + rm -rf src/ scripts/ img/ mkdir -p .github rsync -vaP --delete $tmpdir/.github/ .github/ + git add --all echo =#=#= DIFF CACHED git diff --cached diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index 8d54875..e844947 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -19,7 +19,7 @@ Even though the Linux `sysfs` hierarchy (`/sys/devices/system/cpu/vulnerabilitie - **Independent of kernel knowledge**: A given kernel only understands vulnerabilities known at compile time. This script's detection logic is maintained independently, so it can identify gaps a kernel doesn't yet know about. - **Detailed prerequisite breakdown**: Mitigating a vulnerability can involve multiple layers (microcode, host kernel, hypervisor, guest kernel, software). The script shows exactly which pieces are in place and which are missing. -- **Offline kernel analysis**: The script can inspect a kernel image before it is booted (`--kernel`, `--config`, `--map`), verifying it carries the expected mitigations. +- **No-runtime kernel analysis**: The script can inspect a kernel image before it is booted (`--kernel`, `--config`, `--map`), verifying it carries the expected mitigations. - **Backport-aware**: It detects actual capabilities rather than checking version strings, so it works correctly with vendor kernels that silently backport or forward-port patches. - **Covers gaps in sysfs**: Some vulnerabilities (e.g. Zenbleed) are not reported through `sysfs` at all. @@ -159,7 +159,7 @@ This works because the kernel always has direct access to CPUID (it doesn't need **Rules:** - This is strictly a fallback: `read_cpuid` via `/dev/cpu/N/cpuid` remains the primary method. - Only use it when `read_cpuid` returned `READ_CPUID_RET_ERR` (device unavailable), **never** when it returned `READ_CPUID_RET_KO` (device available but bit is 0 β€” meaning the CPU/hypervisor explicitly reports the feature as absent). -- Only in live mode (`$opt_live = 1`), since `/proc/cpuinfo` is not available in offline mode. +- Only in live mode (`$opt_runtime = 1`), since `/proc/cpuinfo` is not available in no-runtime mode. - Only for CPUID bits that the kernel exposes as `/proc/cpuinfo` flags. Not all bits have a corresponding flag β€” only those listed in the kernel's `capflags.c`. If a bit has no `/proc/cpuinfo` flag, no fallback is possible. - The fallback depends on the running kernel being recent enough to know about the CPUID bit in question. An older kernel won't expose a flag it doesn't know about, so the fallback will silently not trigger β€” which is fine (we just stay at UNKNOWN, same as the ERR case without fallback). @@ -182,7 +182,7 @@ read_cpuid 0x7 0x0 $EDX 31 1 1 ret=$? if [ $ret = $READ_CPUID_RET_OK ]; then cap_ssbd='Intel SSBD' -elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_live" = 1 ]; then +elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_runtime" = 1 ]; then # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo if grep ^flags "$g_procfs/cpuinfo" | grep -qw ssbd; then cap_ssbd='Intel SSBD (cpuinfo)' @@ -197,7 +197,7 @@ When the fallback sets a `cap_*` variable, append ` (cpuinfo)` to the value stri When a CPU is not explicitly known to be unaffected by a vulnerability, assume that it is affected. This conservative default has been the right call since the early Spectre/Meltdown days and remains sound. -### 6. Offline mode +### 6. No-runtime mode The script can analyze a non-running kernel via `--kernel`, `--config`, `--map` flags, allowing verification before deployment. @@ -388,18 +388,18 @@ This is where the real detection lives. Check for mitigations at each layer: fi ``` - Each source may independently be unavailable (offline mode without the file, or stripped kernel), so check all that are present. A match in any one confirms kernel support. + Each source may independently be unavailable (no-runtime mode without the file, or stripped kernel), so check all that are present. A match in any one confirms kernel support. -- **Runtime state** (live mode only): Read MSRs, check cpuinfo flags, parse dmesg, inspect debugfs. All runtime-only checks β€” including `/proc/cpuinfo` flags β€” must be guarded by `if [ "$opt_live" = 1 ]`, both when collecting the evidence in Phase 2 and when using it in Phase 4. In Phase 4, use explicit live/offline branches so that live-only variables (e.g. cpuinfo flags, MSR values) are never referenced in the offline path. +- **Runtime state** (live mode only): Read MSRs, check cpuinfo flags, parse dmesg, inspect debugfs. All runtime-only checks β€” including `/proc/cpuinfo` flags β€” must be guarded by `if [ "$opt_runtime" = 1 ]`, both when collecting the evidence in Phase 2 and when using it in Phase 4. In Phase 4, use explicit live/no-runtime branches so that live-only variables (e.g. cpuinfo flags, MSR values) are never referenced in the no-runtime path. ```sh - if [ "$opt_live" = 1 ]; then + if [ "$opt_runtime" = 1 ]; then read_msr 0xADDRESS ret=$? if [ "$ret" = "$READ_MSR_RET_OK" ]; then # check specific bits in ret_read_msr_value_lo / ret_read_msr_value_hi fi else - pstatus blue N/A "not testable in offline mode" + pstatus blue N/A "not testable in no-runtime mode" fi ``` @@ -490,15 +490,15 @@ four categories of information that the script consumes in different modes: 1. **Sysfs messages** β€” every version of the string the kernel has ever produced for `/sys/devices/system/cpu/vulnerabilities/`. Used in live mode to parse the - kernel's own assessment, and in offline mode to grep for known strings in `$g_kernel`. + kernel's own assessment, and in no-runtime mode to grep for known strings in `$g_kernel`. 2. **Kconfig option names** β€” every `CONFIG_*` symbol that enables or controls the - mitigation. Used in offline mode to check `$opt_config`. Kconfig names change over + mitigation. Used in no-runtime mode to check `$opt_config`. Kconfig names change over time (e.g. `CONFIG_GDS_FORCE_MITIGATION` β†’ `CONFIG_MITIGATION_GDS_FORCE` β†’ `CONFIG_MITIGATION_GDS`), and vendor kernels may use their own names, so all variants must be catalogued. 3. **Kernel function names** β€” functions introduced specifically for the mitigation (e.g. `gds_select_mitigation`, `gds_apply_mitigation`, `l1tf_select_mitigation`). Used in - offline mode to check `$opt_map` (System.map): the presence of a mitigation function + no-runtime mode to check `$opt_map` (System.map): the presence of a mitigation function proves the kernel was compiled with the mitigation code, even if the config file is unavailable. 4. **CPU affection logic** β€” the complete algorithm the kernel uses to decide whether a @@ -776,7 +776,7 @@ CVEs that need VMM context should call `check_has_vmm` early in their `_linux()` - The new CVE appears in the `vulnerabilities` array with correct `cve`, `name`, `aliases`, `cpu_affected`, `status`, `vulnerable`, `info`, `sysfs_status`, and `sysfs_message` fields. - If new `cap_*` variables were added in `check_cpu()`, they appear in `cpu.capabilities` (see Step 2 JSON note). - Run with `--batch json-terse` as well to verify backward-compatible output. -7. **Test offline**: Run with `--kernel`/`--config`/`--map` pointing to a kernel image and verify the offline code path reports correctly. +7. **Test no-runtime**: Run with `--kernel`/`--config`/`--map` pointing to a kernel image and verify the no-runtime code path reports correctly. 8. **Test `--variant` and `--cve`**: Run with `--variant ` and `--cve CVE-YYYY-NNNNN` separately to confirm both selection methods work and produce the same output. 9. **Lint**: Run `shellcheck` on the monolithic script and fix any warnings. @@ -784,7 +784,7 @@ CVEs that need VMM context should call `check_has_vmm` early in their `_linux()` - **Never hardcode kernel or microcode versions** - detect capabilities directly (design principles 2 and 3). Exception: when a microcode fix has no detectable indicator, hardcode fixing versions per CPU (see principle 3). - **Assume affected by default** - only mark a CPU as unaffected when there is positive evidence (design principle 4). -- **Always handle both live and offline modes** - use `$opt_live` to branch, and print `N/A "not testable in offline mode"` for runtime-only checks when offline. +- **Always handle both live and no-runtime modes** - use `$opt_runtime` to branch, and print `N/A "not testable in no-runtime mode"` for runtime-only checks when in no-runtime mode. - **Use `explain()`** when reporting VULN to give actionable remediation advice (see "Cross-Cutting Features" above). - **Handle `--paranoid` and `--vmm`** when the CVE has stricter mitigation tiers or VMM-specific aspects (see "Cross-Cutting Features" above). - **Keep JSON output in sync** - when adding new `cap_*` variables, add them to `_build_json_cpu()` in `src/libs/250_output_emitters.sh` (see Step 2 JSON note above). Per-CVE fields are handled automatically. diff --git a/dist/README.md b/dist/README.md index 8ed34b4..69d176f 100644 --- a/dist/README.md +++ b/dist/README.md @@ -214,17 +214,17 @@ A race condition in the branch predictor update mechanism of Intel processors (C Several transient execution CVEs are not covered by this tool, for various reasons (duplicates, only affecting non-supported hardware or OS, theoretical with no known exploitation, etc.). The complete list along with the reason for each exclusion is available in the -[UNSUPPORTED_CVE_LIST.md](https://github.com/speed47/spectre-meltdown-checker/blob/source/UNSUPPORTED_CVE_LIST.md) file. +[UNSUPPORTED_CVE_LIST.md](doc/UNSUPPORTED_CVE_LIST.md) file. ## Scope Supported operating systems: - Linux (all versions, flavors and distros) -- FreeBSD, NetBSD, DragonFlyBSD and derivatives (others BSDs are [not supported](FAQ.md#which-bsd-oses-are-supported)) +- FreeBSD, NetBSD, DragonFlyBSD and derivatives (others BSDs are [not supported](doc/FAQ.md#which-bsd-oses-are-supported)) -For Linux systems, the tool will detect mitigations, including backported non-vanilla patches, regardless of the advertised kernel version number and the distribution (such as Debian, Ubuntu, CentOS, RHEL, Fedora, openSUSE, Arch, ...), it also works if you've compiled your own kernel. More information [here](FAQ.md#how-does-this-script-work). +For Linux systems, the tool will detect mitigations, including backported non-vanilla patches, regardless of the advertised kernel version number and the distribution (such as Debian, Ubuntu, CentOS, RHEL, Fedora, openSUSE, Arch, ...), it also works if you've compiled your own kernel. More information [here](doc/FAQ.md#how-does-this-script-work). -Other operating systems such as MacOS, Windows, ESXi, etc. [will never be supported](FAQ.md#why-is-my-os-not-supported). +Other operating systems such as MacOS, Windows, ESXi, etc. [will never be supported](doc/FAQ.md#why-is-my-os-not-supported). Supported architectures: - `x86` (32 bits) @@ -236,7 +236,7 @@ Supported architectures: What is the purpose of this tool? Why was it written? How can it be useful to me? How does it work? What can I expect from it? -All these questions (and more) have detailed answers in the [FAQ](FAQ.md), please have a look! +All these questions (and more) have detailed answers in the [FAQ](doc/FAQ.md), please have a look! ## Operating modes diff --git a/dist/FAQ.md b/dist/doc/FAQ.md similarity index 98% rename from dist/FAQ.md rename to dist/doc/FAQ.md index af0922e..246902c 100644 --- a/dist/FAQ.md +++ b/dist/doc/FAQ.md @@ -85,7 +85,7 @@ However I see a few reasons why this script might still be useful to you, and th - The script can be pointed at a kernel image, and will deep dive into it, telling you if this kernel will mitigate vulnerabilities that might be present on your system. This is a good way to verify before booting a new kernel, that it'll mitigate the vulnerabilities you expect it to, especially if you modified a few config options around these topics. -- The script will also work regardless of the custom patches that might be integrated in the kernel you're running (or you're pointing it to, in offline mode), and completely ignores the advertised kernel version, to tell whether a given kernel mitigates vulnerabilities. This is especially useful for non-vanilla kernel, where patches might be backported, sometimes silently (this has already happened, too). +- The script will also work regardless of the custom patches that might be integrated in the kernel you're running (or you're pointing it to, in no-runtime mode), and completely ignores the advertised kernel version, to tell whether a given kernel mitigates vulnerabilities. This is especially useful for non-vanilla kernel, where patches might be backported, sometimes silently (this has already happened, too). - Educational purposes: the script gives interesting insights about a vulnerability, and how the different parts of the system work together to mitigate it. diff --git a/UNSUPPORTED_CVE_LIST.md b/dist/doc/UNSUPPORTED_CVE_LIST.md similarity index 99% rename from UNSUPPORTED_CVE_LIST.md rename to dist/doc/UNSUPPORTED_CVE_LIST.md index 12330b9..03c9d60 100644 --- a/UNSUPPORTED_CVE_LIST.md +++ b/dist/doc/UNSUPPORTED_CVE_LIST.md @@ -81,7 +81,7 @@ ARM processors may speculatively execute instructions past unconditional control VUSec researchers demonstrated that the original BHI mitigation (disabling unprivileged eBPF) was insufficient: 1,511 native kernel gadgets exist that allow exploiting Branch History Injection without eBPF, leaking arbitrary kernel memory at ~3.5 kB/sec on Intel CPUs. -**Why out of scope:** CVE-2024-2201 is not a new hardware vulnerability β€” it is the same BHI hardware bug as CVE-2022-0002, but proves that eBPF restriction alone was never sufficient. The required mitigations are identical: `BHI_DIS_S` hardware control (MSR `IA32_SPEC_CTRL` bit 10), software BHB clearing loop at syscall entry and VM exit, or retpoline with RRSBA disabled. These are all already detected by this tool's CVE-2017-5715 (Spectre V2) checks, which parse the `BHI:` suffix from `/sys/devices/system/cpu/vulnerabilities/spectre_v2` and check for `CONFIG_MITIGATION_SPECTRE_BHI` in offline mode. No new sysfs entry, MSR, kernel config option, or boot parameter was introduced for this CVE. +**Why out of scope:** CVE-2024-2201 is not a new hardware vulnerability β€” it is the same BHI hardware bug as CVE-2022-0002, but proves that eBPF restriction alone was never sufficient. The required mitigations are identical: `BHI_DIS_S` hardware control (MSR `IA32_SPEC_CTRL` bit 10), software BHB clearing loop at syscall entry and VM exit, or retpoline with RRSBA disabled. These are all already detected by this tool's CVE-2017-5715 (Spectre V2) checks, which parse the `BHI:` suffix from `/sys/devices/system/cpu/vulnerabilities/spectre_v2` and check for `CONFIG_MITIGATION_SPECTRE_BHI` in no-runtime mode. No new sysfs entry, MSR, kernel config option, or boot parameter was introduced for this CVE. ## CVE-2020-0549 β€” L1D Eviction Sampling (CacheOut) diff --git a/dist/doc/batch_json.md b/dist/doc/batch_json.md new file mode 100644 index 0000000..f6224a4 --- /dev/null +++ b/dist/doc/batch_json.md @@ -0,0 +1,391 @@ +# JSON Output Format + +`--batch json` emits a single, self-contained JSON object that describes the +scan environment and the result of every CVE check. You can feed it to your +monitoring system, to a SIEM, to a time-series database, you name it. + +```sh +sudo ./spectre-meltdown-checker.sh --batch json | jq . +``` + +## Top-level schema + +``` +{ + "meta": { ... }, // Run metadata and flags + "system": { ... }, // Kernel and host context + "cpu": { ... }, // CPU hardware identification + "cpu_microcode": { ... }, // Microcode version and status + "vulnerabilities": [ ... ] // One object per checked CVE +} +``` + +`format_version` in `meta` is an integer that will be incremented on +backward-incompatible schema changes. The current value is **1**. + +## Section reference + +### `meta` + +Run metadata. Always present. + +| Field | Type | Values | Meaning | +|---|---|---|---| +| `script_version` | string | e.g. `"25.30.0250400123"` | Script version | +| `format_version` | integer | `1` | JSON schema version; incremented on breaking changes | +| `timestamp` | string | ISO 8601 UTC, e.g. `"2025-04-07T12:00:00Z"` | When the scan started | +| `os` | string | e.g. `"Linux"`, `"FreeBSD"` | Output of `uname -s` | +| `mode` | string | `"live"` / `"no-runtime"` / `"no-hw"` / `"hw-only"` | Operating mode (see [modes](README.md#operating-modes)) | +| `run_as_root` | boolean | | Whether the script ran as root. Non-root scans skip MSR reads and may miss mitigations | +| `reduced_accuracy` | boolean | | Kernel image, config, or System.map was missing; some checks fall back to weaker heuristics | +| `paranoid` | boolean | | `--paranoid` mode: stricter criteria (e.g. requires SMT disabled, IBPB always-on) | +| `sysfs_only` | boolean | | `--sysfs-only`: only the kernel's own sysfs report was used, not independent detection | +| `extra` | boolean | | `--extra`: additional experimental checks were enabled | +| `mocked` | boolean | | One or more CPU values were overridden for testing. Results do **not** reflect the real system | + +**Example:** +```json +"meta": { + "script_version": "25.30.025040123", + "format_version": 1, + "timestamp": "2025-04-07T12:00:00Z", + "os": "Linux", + "mode": "live", + "run_as_root": true, + "reduced_accuracy": false, + "paranoid": false, + "sysfs_only": false, + "extra": false, + "mocked": false +} +``` + +**Important flags for fleet operators:** + +- `run_as_root: false` means the scan was incomplete. Treat results as lower + confidence. Alert separately: results may be missing or wrong. +- `sysfs_only: true` means the script trusted the kernel's self-report without + independent verification. Some older kernels misreport their mitigation + status. Do not use `--sysfs-only` for production fleet monitoring. +- `paranoid: true` raises the bar: only compare `vulnerable` counts across + hosts with the same `paranoid` value. +- `mocked: true` must never appear on a production host. If it does, every + downstream result is fabricated. + +--- + +### `system` + +Kernel and host environment. Always present. + +| Field | Type | Values | Meaning | +|---|---|---|---| +| `kernel_release` | string \| null | e.g. `"6.1.0-21-amd64"` | Output of `uname -r` (null in no-runtime, no-hw, and hw-only modes) | +| `kernel_version` | string \| null | e.g. `"#1 SMP Debian …"` | Output of `uname -v` (null in no-runtime, no-hw, and hw-only modes) | +| `kernel_arch` | string \| null | e.g. `"x86_64"` | Output of `uname -m` (null in no-runtime, no-hw, and hw-only modes) | +| `kernel_image` | string \| null | e.g. `"/boot/vmlinuz-6.1.0-21-amd64"` | Path passed via `--kernel`, or null if not specified | +| `kernel_config` | string \| null | | Path passed via `--config`, or null | +| `kernel_version_string` | string \| null | | Kernel version banner extracted from the image | +| `kernel_cmdline` | string \| null | | Kernel command line from `/proc/cmdline` (live mode) or the image | +| `cpu_count` | integer \| null | | Number of logical CPUs detected | +| `smt_enabled` | boolean \| null | | Whether SMT (HyperThreading) is currently active; null if undeterminable | +| `hypervisor_host` | boolean \| null | | Whether this machine is detected as a VM host (running KVM, Xen, VMware, etc.) | +| `hypervisor_host_reason` | string \| null | | Human-readable explanation of why `hypervisor_host` was set | + +**`hypervisor_host`** materially changes the risk profile of several CVEs. +L1TF (CVE-2018-3646) and MDS (CVE-2018-12126/12130/12127) are significantly +more severe on hypervisor hosts because they can be exploited across VM +boundaries by a malicious guest. Prioritise remediation where +`hypervisor_host: true`. + +--- + +### `cpu` + +CPU hardware identification. `null` when `--no-hw` is active. + +The object uses `arch` as a discriminator: `"x86"` for Intel/AMD/Hygon CPUs, +`"arm"` for ARM/Cavium/Phytium. Arch-specific fields live under a matching +sub-object (`cpu.x86` or `cpu.arm`), so consumers never see irrelevant null +fields from the other architecture. + +#### Common fields + +| Field | Type | Values | Meaning | +|---|---|---|---| +| `arch` | string | `"x86"` / `"arm"` | CPU architecture family; determines which sub-object is present | +| `vendor` | string \| null | e.g. `"GenuineIntel"`, `"ARM"` | CPU vendor string | +| `friendly_name` | string \| null | e.g. `"Intel(R) Core(TM) i7-9700K CPU @ 3.60GHz"` | Human-readable CPU model | + +#### `cpu.x86` (present when `arch == "x86"`) + +| Field | Type | Values | Meaning | +|---|---|---|---| +| `family` | integer \| null | | CPU family number | +| `model` | integer \| null | | CPU model number | +| `stepping` | integer \| null | | CPU stepping number | +| `cpuid` | string \| null | hex, e.g. `"0x000906ed"` | Full CPUID leaf 1 EAX value | +| `platform_id` | integer \| null | | Intel platform ID (from MSR 0x17); null on AMD | +| `hybrid` | boolean \| null | | Whether this is a hybrid CPU (P-cores + E-cores, e.g. Alder Lake) | +| `codename` | string \| null | e.g. `"Coffee Lake"` | Intel CPU codename; null on AMD | +| `capabilities` | object | | CPU feature flags (see below) | + +#### `cpu.arm` (present when `arch == "arm"`) + +| Field | Type | Values | Meaning | +|---|---|---|---| +| `part_list` | string \| null | e.g. `"0xd0b 0xd05"` | Space-separated ARM part numbers across cores (big.LITTLE may have several) | +| `arch_list` | string \| null | e.g. `"8 8"` | Space-separated ARM architecture levels across cores | +| `capabilities` | object | | ARM-specific capability flags (currently empty; reserved for future use) | + +#### `cpu.x86.capabilities` + +Each capability is a **tri-state**: `true` (present), `false` (absent), or +`null` (not applicable or could not be read, e.g. when not root or on AMD for +Intel-specific features). + +| Capability | Meaning | +|---|---| +| `spec_ctrl` | SPEC_CTRL MSR (Intel: ibrs + ibpb via WRMSR; required for many mitigations) | +| `ibrs` | Indirect Branch Restricted Speculation | +| `ibpb` | Indirect Branch Prediction Barrier | +| `ibpb_ret` | IBPB on return (enhanced form) | +| `stibp` | Single Thread Indirect Branch Predictors | +| `ssbd` | Speculative Store Bypass Disable | +| `l1d_flush` | L1D cache flush instruction | +| `md_clear` | VERW clears CPU buffers (MDS mitigation) | +| `arch_capabilities` | IA32_ARCH_CAPABILITIES MSR is present | +| `rdcl_no` | Not susceptible to RDCL (Meltdown-like attacks) | +| `ibrs_all` | Enhanced IBRS always-on mode supported | +| `rsba` | RSB may use return predictions from outside the RSB | +| `l1dflush_no` | Not susceptible to L1D flush side-channel | +| `ssb_no` | Not susceptible to Speculative Store Bypass | +| `mds_no` | Not susceptible to MDS | +| `taa_no` | Not susceptible to TSX Asynchronous Abort | +| `pschange_msc_no` | Page-size-change MSC not susceptible | +| `tsx_ctrl_msr` | TSX_CTRL MSR is present | +| `tsx_ctrl_rtm_disable` | RTM disabled via TSX_CTRL | +| `tsx_ctrl_cpuid_clear` | CPUID HLE/RTM bits cleared via TSX_CTRL | +| `gds_ctrl` | GDS_CTRL MSR present (GDS mitigation control) | +| `gds_no` | Not susceptible to Gather Data Sampling | +| `gds_mitg_dis` | GDS mitigation disabled | +| `gds_mitg_lock` | GDS mitigation locked | +| `rfds_no` | Not susceptible to Register File Data Sampling | +| `rfds_clear` | VERW clears register file stale data | +| `its_no` | Not susceptible to Indirect Target Selection | +| `sbdr_ssdp_no` | Not susceptible to SBDR/SSDP | +| `fbsdp_no` | Not susceptible to FBSDP | +| `psdp_no` | Not susceptible to PSDP | +| `fb_clear` | Fill buffer cleared on idle/C6 | +| `rtm` | Restricted Transactional Memory (TSX RTM) present | +| `tsx_force_abort` | TSX_FORCE_ABORT MSR present | +| `tsx_force_abort_rtm_disable` | RTM disabled via TSX_FORCE_ABORT | +| `tsx_force_abort_cpuid_clear` | CPUID RTM cleared via TSX_FORCE_ABORT | +| `sgx` | Software Guard Extensions present | +| `srbds` | SRBDS affected | +| `srbds_on` | SRBDS mitigation active | +| `amd_ssb_no` | AMD: not susceptible to Speculative Store Bypass | +| `hygon_ssb_no` | Hygon: not susceptible to Speculative Store Bypass | +| `ipred` | Indirect Predictor Barrier support | +| `rrsba` | Restricted RSB Alternate (Intel Retbleed mitigation) | +| `bhi` | Branch History Injection mitigation support | +| `tsa_sq_no` | Not susceptible to TSA-SQ | +| `tsa_l1_no` | Not susceptible to TSA-L1 | +| `verw_clear` | VERW clears CPU buffers | +| `autoibrs` | AMD AutoIBRS (equivalent to enhanced IBRS on Intel) | +| `sbpb` | Selective Branch Predictor Barrier (AMD Inception mitigation) | +| `avx2` | AVX2 supported (relevant to Downfall / GDS) | +| `avx512` | AVX-512 supported (relevant to Downfall / GDS) | + +--- + +### `cpu_microcode` + +Microcode version and status. `null` under the same conditions as `cpu`. + +| Field | Type | Values | Meaning | +|---|---|---|---| +| `installed_version` | string \| null | hex, e.g. `"0xf4"` | Currently running microcode revision | +| `latest_version` | string \| null | hex | Latest known-good version in the firmware database; null if CPU is not in the database | +| `microcode_up_to_date` | boolean \| null | | Whether `installed_version == latest_version`; null if either is unavailable | +| `is_blacklisted` | boolean | | Whether the installed microcode is known to cause instability and must be rolled back | +| `message` | string \| null | | Human-readable note from the firmware database (e.g. changelog excerpt) | +| `db_source` | string \| null | | Which database was used (e.g. `"Intel-SA"`, `"MCExtractor"`) | +| `db_info` | string \| null | | Database revision or date | + +**`is_blacklisted: true`** means the installed microcode is known to cause +system instability or incorrect behaviour. Treat this as a P1 incident: roll +back to the previous microcode immediately. + +**`microcode_up_to_date: false`** means a newer microcode is available. This +does not necessarily mean the system is vulnerable (the current microcode may +still include all required mitigations), but warrants investigation. + +--- + +### `vulnerabilities` + +Array of CVE check results. One object per checked CVE, in check order. +Empty array (`[]`) if no CVEs were checked (unusual; would require `--cve` +with an unknown CVE ID). + +| Field | Type | Values | Meaning | +|---|---|---|---| +| `cve` | string | e.g. `"CVE-2017-5753"` | CVE identifier | +| `name` | string | e.g. `"SPECTRE VARIANT 1"` | Short key name used in batch formats | +| `aliases` | string \| null | e.g. `"Spectre Variant 1, bounds check bypass"` | Full name including all known aliases | +| `cpu_affected` | boolean | | Whether this CPU's hardware design is affected by this CVE | +| `status` | string | `"OK"` / `"VULN"` / `"UNK"` | Check outcome (see below) | +| `vulnerable` | boolean \| null | `false` / `true` / `null` | `false`=OK, `true`=VULN, `null`=UNK | +| `info` | string | | Human-readable description of the specific mitigation state or reason | +| `sysfs_status` | string \| null | `"OK"` / `"VULN"` / `"UNK"` / null | Status as reported by the kernel via `/sys/devices/system/cpu/vulnerabilities/`; null if sysfs was not consulted for this CVE | +| `sysfs_message` | string \| null | | Raw text from the sysfs file (e.g. `"Mitigation: PTI"`); null if sysfs was not consulted | + +#### Status values + +| `status` | `vulnerable` | Meaning | +|---|---|---| +| `"OK"` | `false` | CPU is unaffected by design, or all required mitigations are in place | +| `"VULN"` | `true` | CPU is affected and mitigations are missing or insufficient | +| `"UNK"` | `null` | The script could not determine the status (missing kernel info, insufficient privileges, or no detection logic for this platform) | + +#### `cpu_affected` explained + +`cpu_affected: false` with `status: "OK"` means the CPU hardware is +architecturally immune, no patch was ever needed. + +`cpu_affected: true` with `status: "OK"` means the hardware has the weakness +but all required mitigations (kernel, microcode, or both) are in place. + +This distinction matters for fleet auditing: filter on `cpu_affected: true` to +see only systems where mitigation effort was actually required and confirmed. + +#### `sysfs_status` vs `status` + +`sysfs_status` is the raw kernel self-report. `status` is the script's +independent assessment, which may differ: + +- The script may **upgrade** a sysfs `"VULN"` to `"OK"` when it detects a + silent backport that the kernel doesn't know about. +- The script may **downgrade** a sysfs `"OK"` to `"VULN"` when it detects an + incomplete mitigation the kernel doesn't flag (e.g. L1TF on a hypervisor + host with SMT still enabled, or TSA in `user` mode on a VMM host). +- `sysfs_status` is `null` when the kernel has no sysfs entry for this CVE + (older kernels, or CVEs not yet tracked by the kernel). + +Always use `status` / `vulnerable` for alerting. Use `sysfs_status` for +diagnostics and audit trails. + +**Example:** +```json +{ + "cve": "CVE-2017-5715", + "name": "SPECTRE VARIANT 2", + "aliases": "Spectre Variant 2, branch target injection", + "cpu_affected": true, + "status": "OK", + "vulnerable": false, + "info": "Full generic retpoline is mitigating the vulnerability", + "sysfs_status": "OK", + "sysfs_message": "Mitigation: Retpolines; IBPB: conditional; IBRS_FW; STIBP: conditional; RSB filling; PBRSB-eIBRS: Not affected; BHI: Not affected" +} +``` + +--- + +## Exit codes + +The script exits with: + +| Code | Meaning | +|---|---| +| `0` | All checked CVEs are `OK` | +| `2` | At least one CVE is `VULN` | +| `3` | No CVEs are `VULN`, but at least one is `UNK` | + +These exit codes are the same in all batch modes and in interactive mode. +Use them in combination with the JSON body for reliable alerting. + +--- + +## Caveats and edge cases + +**No-runtime mode (`--no-runtime`)** +`system.kernel_release`, `kernel_version`, and `kernel_arch` are null (those +come from `uname`, which reports the running kernel, not the inspected one). +`meta.mode: "no-runtime"` signals this. `system.kernel_image` and +`system.kernel_version_string` carry the inspected image path and banner +instead. + +**No-hardware mode (`--no-hw`)** +`cpu` and `cpu_microcode` are null. CVE checks that rely on hardware +capability detection (`cap_*` flags, MSR reads) will report `status: "UNK"`. +`cpu_affected` will be `false` for all CVEs (cannot determine affection without +hardware info). `meta.mode: "no-hw"` signals this. + +**Hardware-only mode (`--hw-only`)** +Only CPU information and per-CVE affectedness are reported. No kernel +inspection is performed, so vulnerability mitigations are not checked. +`meta.mode: "hw-only"` signals this. + +**`--sysfs-only`** +The script trusts the kernel's sysfs report without running independent +detection. `meta.sysfs_only: true` flags this. Some older kernels misreport +their status. Do not use for production fleet monitoring. + +**`--paranoid`** +Enables defense-in-depth checks beyond the security community consensus. +A `status: "OK"` under `paranoid: true` means a higher bar was met. Do not +compare results across hosts with different `paranoid` values. + +**`reduced_accuracy`** +Set when the kernel image, config file, or System.map could not be read. +Some checks fall back to weaker heuristics and may report `"UNK"` for CVEs +that are actually mitigated. + +**Non-x86 architectures (ARM, ARM64)** +On ARM, `cpu.arch` is `"arm"` and the `cpu.arm` sub-object carries `part_list` +and `arch_list`. The x86-specific sub-object is absent (no null noise). +`cpu.arm.capabilities` is currently empty; ARM-specific flags will be added +there as needed. + +**`mocked: true`** +Must never appear on a production host. If it does, the results are +fabricated and every downstream alert is unreliable. + +--- + +## Schema stability + +`meta.format_version` is incremented on backward-incompatible changes (field +removal or type change). Additive changes (new fields) do not increment the +version; consumers must tolerate unknown fields. + +Recommended practice: check `format_version == 1` at parse time and reject +or alert on any other value until you have tested compatibility with the new +version. + +--- + +## Migration from `json-terse` + +The legacy `--batch json-terse` format emits a flat array of objects: + +```json +[ + {"NAME": "SPECTRE VARIANT 1", "CVE": "CVE-2017-5753", "VULNERABLE": false, "INFOS": "..."}, + ... +] +``` + +It carries no system, CPU, or microcode context. It has no sysfs data. It +uses uppercase field names. + +To migrate: + +1. Replace `--batch json-terse` with `--batch json`. +2. The equivalent of the old `VULNERABLE` field is `vulnerabilities[].vulnerable`. +3. The equivalent of the old `INFOS` field is `vulnerabilities[].info`. +4. The equivalent of the old `NAME` field is `vulnerabilities[].name`. +5. The old format is still available as `--batch json-terse` for transition + periods. diff --git a/dist/doc/batch_json.schema.json b/dist/doc/batch_json.schema.json new file mode 100644 index 0000000..75e4f71 --- /dev/null +++ b/dist/doc/batch_json.schema.json @@ -0,0 +1,382 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://github.com/speed47/spectre-meltdown-checker/dist/batch_json.schema.json", + "title": "spectre-meltdown-checker --batch json output", + "description": "Schema for the comprehensive JSON output produced by spectre-meltdown-checker.sh --batch json. format_version 1.", + "type": "object", + "required": ["meta", "system", "cpu", "cpu_microcode", "vulnerabilities"], + "additionalProperties": false, + "properties": { + + "meta": { + "description": "Run metadata and option flags.", + "type": "object", + "required": [ + "script_version", "format_version", "timestamp", "os", "mode", + "run_as_root", "reduced_accuracy", "paranoid", "sysfs_only", + "extra", "mocked" + ], + "additionalProperties": false, + "properties": { + "script_version": { + "description": "Script version string, e.g. '25.30.0250400123'.", + "type": ["string", "null"] + }, + "format_version": { + "description": "JSON schema version. Incremented on backward-incompatible changes. Current value: 1.", + "type": "integer", + "const": 1 + }, + "timestamp": { + "description": "ISO 8601 UTC timestamp of when the scan started, e.g. '2025-04-07T12:00:00Z'.", + "type": ["string", "null"] + }, + "os": { + "description": "Operating system name from uname -s, e.g. 'Linux', 'FreeBSD'.", + "type": ["string", "null"] + }, + "mode": { + "description": "Operating mode: 'live' (default), 'no-runtime' (--no-runtime), 'no-hw' (--no-hw), or 'hw-only' (--hw-only).", + "type": "string", + "enum": ["live", "no-runtime", "no-hw", "hw-only"] + }, + "run_as_root": { + "description": "Whether the script ran as root. Non-root scans skip MSR reads and may produce incomplete or inaccurate results.", + "type": "boolean" + }, + "reduced_accuracy": { + "description": "True when the kernel image, config, or System.map was missing. Some checks fall back to weaker heuristics.", + "type": ["boolean", "null"] + }, + "paranoid": { + "description": "True when --paranoid was set: stricter criteria (e.g. requires SMT disabled, IBPB always-on).", + "type": "boolean" + }, + "sysfs_only": { + "description": "True when --sysfs-only was set: the script trusted the kernel's own sysfs report without independent detection.", + "type": "boolean" + }, + "extra": { + "description": "True when --extra was set: additional experimental checks were enabled.", + "type": "boolean" + }, + "mocked": { + "description": "True when one or more CPU values were overridden for testing. Results do NOT reflect the real system.", + "type": ["boolean", "null"] + } + } + }, + + "system": { + "description": "Kernel and host environment context.", + "type": ["object", "null"], + "required": [ + "kernel_release", "kernel_version", "kernel_arch", + "kernel_image", "kernel_config", "kernel_version_string", + "kernel_cmdline", "cpu_count", "smt_enabled", + "hypervisor_host", "hypervisor_host_reason" + ], + "additionalProperties": false, + "properties": { + "kernel_release": { + "description": "Output of uname -r (live mode only), e.g. '6.1.0-21-amd64'. Null in other modes.", + "type": ["string", "null"] + }, + "kernel_version": { + "description": "Output of uname -v (live mode only), e.g. '#1 SMP Debian …'. Null in other modes.", + "type": ["string", "null"] + }, + "kernel_arch": { + "description": "Output of uname -m (live mode only), e.g. 'x86_64'. Null in other modes.", + "type": ["string", "null"] + }, + "kernel_image": { + "description": "Path to the kernel image passed via --kernel. Null in live mode.", + "type": ["string", "null"] + }, + "kernel_config": { + "description": "Path to the kernel config passed via --config. Null if not provided.", + "type": ["string", "null"] + }, + "kernel_version_string": { + "description": "Kernel version banner extracted from the image. Null if unavailable.", + "type": ["string", "null"] + }, + "kernel_cmdline": { + "description": "Kernel command line from /proc/cmdline (live mode) or the image. Null if unavailable.", + "type": ["string", "null"] + }, + "cpu_count": { + "description": "Number of logical CPUs detected (max core ID + 1). Null if undeterminable.", + "type": ["integer", "null"], + "minimum": 1 + }, + "smt_enabled": { + "description": "Whether SMT (HyperThreading) is currently enabled. Null if the script could not determine the state.", + "type": ["boolean", "null"] + }, + "hypervisor_host": { + "description": "Whether this machine is detected as a VM host (running KVM, Xen, VMware, etc.). Null if undeterminable.", + "type": ["boolean", "null"] + }, + "hypervisor_host_reason": { + "description": "Human-readable explanation of why hypervisor_host was set. Null if hypervisor_host is false or null.", + "type": ["string", "null"] + } + } + }, + + "cpu": { + "description": "CPU hardware identification. Null when --no-hw is active. Contains an 'arch' discriminator ('x86' or 'arm') and a matching arch-specific sub-object with identification fields and capabilities.", + "oneOf": [ + { "type": "null" }, + { + "type": "object", + "description": "x86 CPU (Intel, AMD, Hygon).", + "required": ["arch", "vendor", "friendly_name", "x86"], + "additionalProperties": false, + "properties": { + "arch": { "type": "string", "const": "x86" }, + "vendor": { + "description": "CPU vendor string: 'GenuineIntel', 'AuthenticAMD', or 'HygonGenuine'.", + "type": ["string", "null"] + }, + "friendly_name": { + "description": "Human-readable CPU model from /proc/cpuinfo, e.g. 'Intel(R) Core(TM) i7-9700K CPU @ 3.60GHz'.", + "type": ["string", "null"] + }, + "x86": { + "type": "object", + "required": ["family", "model", "stepping", "cpuid", "platform_id", "hybrid", "codename", "capabilities"], + "additionalProperties": false, + "properties": { + "family": { + "description": "CPU family number.", + "type": ["integer", "null"] + }, + "model": { + "description": "CPU model number.", + "type": ["integer", "null"] + }, + "stepping": { + "description": "CPU stepping number.", + "type": ["integer", "null"] + }, + "cpuid": { + "description": "Full CPUID leaf 1 EAX value as a hex string, e.g. '0x000906ed'.", + "type": ["string", "null"], + "pattern": "^0x[0-9a-f]+$" + }, + "platform_id": { + "description": "Intel platform ID from MSR 0x17. Null on AMD.", + "type": ["integer", "null"] + }, + "hybrid": { + "description": "Whether this is a hybrid CPU (P-cores + E-cores, e.g. Alder Lake). Null if undeterminable.", + "type": ["boolean", "null"] + }, + "codename": { + "description": "Intel CPU codename, e.g. 'Coffee Lake'. Null on AMD.", + "type": ["string", "null"] + }, + "capabilities": { + "description": "CPU feature flags detected via CPUID and MSR reads. Each value is true (present), false (absent), or null (not applicable or could not be read).", + "type": "object", + "additionalProperties": false, + "properties": { + "spec_ctrl": { "type": ["boolean", "null"], "description": "SPEC_CTRL MSR present (Intel; enables IBRS + IBPB via WRMSR)" }, + "ibrs": { "type": ["boolean", "null"], "description": "Indirect Branch Restricted Speculation" }, + "ibpb": { "type": ["boolean", "null"], "description": "Indirect Branch Prediction Barrier" }, + "ibpb_ret": { "type": ["boolean", "null"], "description": "IBPB on return (enhanced form)" }, + "stibp": { "type": ["boolean", "null"], "description": "Single Thread Indirect Branch Predictors" }, + "ssbd": { "type": ["boolean", "null"], "description": "Speculative Store Bypass Disable" }, + "l1d_flush": { "type": ["boolean", "null"], "description": "L1D cache flush instruction" }, + "md_clear": { "type": ["boolean", "null"], "description": "VERW clears CPU buffers (MDS mitigation)" }, + "arch_capabilities": { "type": ["boolean", "null"], "description": "IA32_ARCH_CAPABILITIES MSR is present" }, + "rdcl_no": { "type": ["boolean", "null"], "description": "Not susceptible to RDCL (Meltdown-like attacks)" }, + "ibrs_all": { "type": ["boolean", "null"], "description": "Enhanced IBRS always-on mode supported" }, + "rsba": { "type": ["boolean", "null"], "description": "RSB may use return predictions from outside the RSB" }, + "l1dflush_no": { "type": ["boolean", "null"], "description": "Not susceptible to L1D flush side-channel" }, + "ssb_no": { "type": ["boolean", "null"], "description": "Not susceptible to Speculative Store Bypass" }, + "mds_no": { "type": ["boolean", "null"], "description": "Not susceptible to MDS" }, + "taa_no": { "type": ["boolean", "null"], "description": "Not susceptible to TSX Asynchronous Abort" }, + "pschange_msc_no": { "type": ["boolean", "null"], "description": "Page-size-change MSC not susceptible" }, + "tsx_ctrl_msr": { "type": ["boolean", "null"], "description": "TSX_CTRL MSR is present" }, + "tsx_ctrl_rtm_disable": { "type": ["boolean", "null"], "description": "RTM disabled via TSX_CTRL" }, + "tsx_ctrl_cpuid_clear": { "type": ["boolean", "null"], "description": "CPUID HLE/RTM bits cleared via TSX_CTRL" }, + "gds_ctrl": { "type": ["boolean", "null"], "description": "GDS_CTRL MSR present" }, + "gds_no": { "type": ["boolean", "null"], "description": "Not susceptible to Gather Data Sampling" }, + "gds_mitg_dis": { "type": ["boolean", "null"], "description": "GDS mitigation disabled" }, + "gds_mitg_lock": { "type": ["boolean", "null"], "description": "GDS mitigation locked" }, + "rfds_no": { "type": ["boolean", "null"], "description": "Not susceptible to Register File Data Sampling" }, + "rfds_clear": { "type": ["boolean", "null"], "description": "VERW clears register file stale data" }, + "its_no": { "type": ["boolean", "null"], "description": "Not susceptible to Indirect Target Selection" }, + "sbdr_ssdp_no": { "type": ["boolean", "null"], "description": "Not susceptible to SBDR/SSDP" }, + "fbsdp_no": { "type": ["boolean", "null"], "description": "Not susceptible to FBSDP" }, + "psdp_no": { "type": ["boolean", "null"], "description": "Not susceptible to PSDP" }, + "fb_clear": { "type": ["boolean", "null"], "description": "Fill buffer cleared on idle/C6" }, + "rtm": { "type": ["boolean", "null"], "description": "Restricted Transactional Memory (TSX RTM) present" }, + "tsx_force_abort": { "type": ["boolean", "null"], "description": "TSX_FORCE_ABORT MSR present" }, + "tsx_force_abort_rtm_disable": { "type": ["boolean", "null"], "description": "RTM disabled via TSX_FORCE_ABORT" }, + "tsx_force_abort_cpuid_clear": { "type": ["boolean", "null"], "description": "CPUID RTM cleared via TSX_FORCE_ABORT" }, + "sgx": { "type": ["boolean", "null"], "description": "Software Guard Extensions present" }, + "srbds": { "type": ["boolean", "null"], "description": "SRBDS affected" }, + "srbds_on": { "type": ["boolean", "null"], "description": "SRBDS mitigation active" }, + "amd_ssb_no": { "type": ["boolean", "null"], "description": "AMD: not susceptible to Speculative Store Bypass" }, + "hygon_ssb_no": { "type": ["boolean", "null"], "description": "Hygon: not susceptible to Speculative Store Bypass" }, + "ipred": { "type": ["boolean", "null"], "description": "Indirect Predictor Barrier support" }, + "rrsba": { "type": ["boolean", "null"], "description": "Restricted RSB Alternate (Intel Retbleed mitigation)" }, + "bhi": { "type": ["boolean", "null"], "description": "Branch History Injection mitigation support" }, + "tsa_sq_no": { "type": ["boolean", "null"], "description": "Not susceptible to TSA-SQ" }, + "tsa_l1_no": { "type": ["boolean", "null"], "description": "Not susceptible to TSA-L1" }, + "verw_clear": { "type": ["boolean", "null"], "description": "VERW clears CPU buffers" }, + "autoibrs": { "type": ["boolean", "null"], "description": "AMD AutoIBRS (equivalent to enhanced IBRS on Intel)" }, + "sbpb": { "type": ["boolean", "null"], "description": "Selective Branch Predictor Barrier (AMD Inception mitigation)" }, + "avx2": { "type": ["boolean", "null"], "description": "AVX2 supported (relevant to Downfall / GDS)" }, + "avx512": { "type": ["boolean", "null"], "description": "AVX-512 supported (relevant to Downfall / GDS)" } + } + } + } + } + } + }, + { + "type": "object", + "description": "ARM CPU (ARM, Cavium, Phytium).", + "required": ["arch", "vendor", "friendly_name", "arm"], + "additionalProperties": false, + "properties": { + "arch": { "type": "string", "const": "arm" }, + "vendor": { + "description": "CPU vendor string: 'ARM', 'CAVIUM', or 'PHYTIUM'.", + "type": ["string", "null"] + }, + "friendly_name": { + "description": "Human-readable CPU model, e.g. 'ARM v8 model 0xd0b'.", + "type": ["string", "null"] + }, + "arm": { + "type": "object", + "required": ["part_list", "arch_list", "capabilities"], + "additionalProperties": false, + "properties": { + "part_list": { + "description": "Space-separated list of ARM part numbers detected across cores, e.g. '0xd0b 0xd05' (big.LITTLE).", + "type": ["string", "null"] + }, + "arch_list": { + "description": "Space-separated list of ARM architecture levels detected across cores, e.g. '8 8'.", + "type": ["string", "null"] + }, + "capabilities": { + "description": "ARM-specific CPU capability flags. Currently empty; reserved for future use.", + "type": "object", + "additionalProperties": false, + "properties": {} + } + } + } + } + } + ] + }, + + "cpu_microcode": { + "description": "Microcode version and firmware database status. Null under the same conditions as cpu.", + "type": ["object", "null"], + "required": [ + "installed_version", "latest_version", "microcode_up_to_date", + "is_blacklisted", "message", "db_source", "db_info" + ], + "additionalProperties": false, + "properties": { + "installed_version": { + "description": "Currently running microcode revision as a hex string, e.g. '0xf4'. Null if unreadable.", + "type": ["string", "null"], + "pattern": "^0x[0-9a-f]+$" + }, + "latest_version": { + "description": "Latest known-good microcode version from the firmware database, as a hex string. Null if the CPU is not in the database.", + "type": ["string", "null"], + "pattern": "^0x[0-9a-f]+$" + }, + "microcode_up_to_date": { + "description": "True when installed_version equals latest_version. Null if either is unavailable.", + "type": ["boolean", "null"] + }, + "is_blacklisted": { + "description": "True when the installed microcode is known to cause instability and must be rolled back immediately.", + "type": "boolean" + }, + "message": { + "description": "Human-readable note from the firmware database (e.g. changelog excerpt). Null if absent.", + "type": ["string", "null"] + }, + "db_source": { + "description": "Which firmware database was used, e.g. 'Intel-SA', 'MCExtractor'. Null if unavailable.", + "type": ["string", "null"] + }, + "db_info": { + "description": "Firmware database revision or date string. Null if unavailable.", + "type": ["string", "null"] + } + } + }, + + "vulnerabilities": { + "description": "Array of CVE check results, one per checked CVE, in check order.", + "type": "array", + "items": { + "type": "object", + "required": [ + "cve", "name", "aliases", "cpu_affected", + "status", "vulnerable", "info", + "sysfs_status", "sysfs_message" + ], + "additionalProperties": false, + "properties": { + "cve": { + "description": "CVE identifier, e.g. 'CVE-2017-5753'. May be 'CVE-0000-0001' for non-CVE checks such as SLS.", + "type": "string", + "pattern": "^CVE-[0-9]{4}-[0-9]+$" + }, + "name": { + "description": "Short key name used across batch formats, e.g. 'SPECTRE VARIANT 1'.", + "type": "string" + }, + "aliases": { + "description": "Full name including all known aliases, e.g. 'Spectre Variant 1, bounds check bypass'. Null if not in the registry.", + "type": ["string", "null"] + }, + "cpu_affected": { + "description": "Whether this CPU's hardware design is affected by this CVE. False when hardware is architecturally immune.", + "type": "boolean" + }, + "status": { + "description": "Check outcome: 'OK'=not vulnerable or unaffected, 'VULN'=vulnerable, 'UNK'=could not determine.", + "type": "string", + "enum": ["OK", "VULN", "UNK"] + }, + "vulnerable": { + "description": "Boolean encoding of status: false=OK, true=VULN, null=UNK.", + "type": ["boolean", "null"] + }, + "info": { + "description": "Human-readable description of the specific mitigation state or reason for the verdict.", + "type": "string" + }, + "sysfs_status": { + "description": "Status as reported by the kernel via /sys/devices/system/cpu/vulnerabilities/. Null if sysfs was not consulted for this CVE (older kernels, or CVE not tracked by the kernel).", + "type": ["string", "null"], + "enum": ["OK", "VULN", "UNK", null] + }, + "sysfs_message": { + "description": "Raw text from the sysfs vulnerability file, e.g. 'Mitigation: PTI'. Null if sysfs was not consulted.", + "type": ["string", "null"] + } + } + } + } + + } +} diff --git a/dist/doc/batch_nrpe.md b/dist/doc/batch_nrpe.md new file mode 100644 index 0000000..5a669a2 --- /dev/null +++ b/dist/doc/batch_nrpe.md @@ -0,0 +1,149 @@ +# NRPE Output Format + +`--batch nrpe` produces output that conforms to the +[Nagios Plugin Development Guidelines](https://nagios-plugins.org/doc/guidelines.html), +making it directly consumable by Nagios, Icinga, Zabbix (via NRPE), and +compatible monitoring stacks. + +```sh +sudo ./spectre-meltdown-checker.sh --batch nrpe +``` + +## Output structure + +The plugin emits one mandatory status line followed by optional long output: + +``` +STATUS: summary | checked=N vulnerable=N unknown=N +NOTE: ... ← context notes (when applicable) +[CRITICAL] CVE-XXXX-YYYY (NAME): description +[UNKNOWN] CVE-XXXX-YYYY (NAME): description +``` + +### Line 1 (status line) + +Always present. Parsed by every Nagios-compatible monitoring system. + +``` +STATUS: summary | perfdata +``` + +| Field | Values | Meaning | +|---|---|---| +| `STATUS` | `OK` / `CRITICAL` / `UNKNOWN` | Overall check outcome (see below) | +| `summary` | human-readable string | Count and CVE IDs of affected checks | +| `perfdata` | `checked=N vulnerable=N unknown=N` | Machine-readable counters for graphing | + +#### Status values + +| Status | Exit code | Condition | +|---|---|---| +| `OK` | `0` | All CVE checks passed | +| `CRITICAL` | `2` | At least one CVE is vulnerable | +| `UNKNOWN` | `3` | No VULN found, but at least one check is inconclusive **or** the script was not run as root and found apparent vulnerabilities (see below) | + +#### Summary format + +| Condition | Summary | +|---|---| +| All OK | `All N CVE checks passed` | +| VULN only | `N/T CVE(s) vulnerable: CVE-A CVE-B ...` | +| VULN + UNK | `N/T CVE(s) vulnerable: CVE-A CVE-B ..., M inconclusive` | +| UNK only | `N/T CVE checks inconclusive` | +| Non-root + VULN | `N/T CVE(s) appear vulnerable (unconfirmed, not root): CVE-A ...` | + +### Lines 2+ (long output) + +Shown in the detail/extended info view of most monitoring frontends. +Never parsed by the monitoring core; safe to add or reorder. + +#### Context notes + +Printed before per-CVE details when applicable: + +| Note | Condition | +|---|---| +| `NOTE: paranoid mode active, stricter mitigation requirements applied` | `--paranoid` was used | +| `NOTE: hypervisor host detected (reason); L1TF/MDS severity is elevated` | System is a VM host (KVM, Xen, VMware…) | +| `NOTE: not a hypervisor host` | System is confirmed not a VM host | +| `NOTE: not running as root; MSR reads skipped, results may be incomplete` | Script ran without root privileges | + +#### Per-CVE detail lines + +One line per non-OK CVE. VULN entries (`[CRITICAL]`) appear before UNK +entries (`[UNKNOWN]`); within each group the order follows the CVE registry. + +``` +[CRITICAL] CVE-XXXX-YYYY (SHORT NAME): mitigation status description +[UNKNOWN] CVE-XXXX-YYYY (SHORT NAME): reason check was inconclusive +``` + +## Exit codes + +| Code | Nagios meaning | Condition | +|---|---|---| +| `0` | OK | All checked CVEs are mitigated or hardware-unaffected | +| `2` | CRITICAL | At least one CVE is vulnerable (script ran as root) | +| `3` | UNKNOWN | At least one check inconclusive, or apparent VULN found without root | +| `255` | - | Script error (bad arguments, unsupported platform) | + +Exit code `1` (WARNING) is not used; there is no "degraded but acceptable" +state for CPU vulnerability mitigations. + +## Non-root behaviour + +Running without root privileges skips MSR reads and limits access to some +kernel interfaces. When the script finds apparent vulnerabilities without root: + +- The status word becomes `UNKNOWN` instead of `CRITICAL` +- The exit code is `3` instead of `2` +- The summary says `appear vulnerable (unconfirmed, not root)` +- A `NOTE: not running as root` line is added to the long output + +**Recommendation:** always run with `sudo` for authoritative results. A +`CRITICAL` from a root-run scan is a confirmed vulnerability; an `UNKNOWN` +from a non-root scan is a signal to investigate further. + +## Hypervisor hosts + +When `NOTE: hypervisor host detected` is present, L1TF (CVE-2018-3646) and +MDS (CVE-2018-12126/12130/12127) carry significantly higher risk because +they can be exploited across VM boundaries by a malicious guest. Prioritise +remediation on these hosts. + +## Examples + +**All mitigated (root):** +``` +OK: All 31 CVE checks passed | checked=31 vulnerable=0 unknown=0 +NOTE: not a hypervisor host +``` +Exit: `0` + +**Two CVEs vulnerable (root):** +``` +CRITICAL: 2/31 CVE(s) vulnerable: CVE-2018-3615 CVE-2019-11135 | checked=31 vulnerable=2 unknown=0 +NOTE: not a hypervisor host +[CRITICAL] CVE-2018-3615 (L1TF SGX): your CPU supports SGX and the microcode is not up to date +[CRITICAL] CVE-2019-11135 (TAA): Your kernel doesn't support TAA mitigation, update it +``` +Exit: `2` + +**Apparent vulnerabilities, non-root scan:** +``` +UNKNOWN: 2/31 CVE(s) appear vulnerable (unconfirmed, not root): CVE-2018-3615 CVE-2019-11135 | checked=31 vulnerable=2 unknown=0 +NOTE: not a hypervisor host +NOTE: not running as root; MSR reads skipped, results may be incomplete +[CRITICAL] CVE-2018-3615 (L1TF SGX): your CPU supports SGX and the microcode is not up to date +[CRITICAL] CVE-2019-11135 (TAA): Your kernel doesn't support TAA mitigation, update it +``` +Exit: `3` + +**Inconclusive checks, paranoid mode, VMM host:** +``` +UNKNOWN: 3/31 CVE checks inconclusive | checked=31 vulnerable=0 unknown=3 +NOTE: paranoid mode active, stricter mitigation requirements applied +NOTE: hypervisor host detected (kvm); L1TF/MDS severity is elevated +[UNKNOWN] CVE-2018-3646 (L1TF VMM): SMT is enabled on a hypervisor host, not mitigated under paranoid mode +``` +Exit: `3` diff --git a/dist/doc/batch_prometheus.md b/dist/doc/batch_prometheus.md new file mode 100644 index 0000000..353b4fa --- /dev/null +++ b/dist/doc/batch_prometheus.md @@ -0,0 +1,377 @@ +# Prometheus Batch Mode + +`--batch prometheus` emits Prometheus text-format metrics that can be fed into any +Prometheus-compatible monitoring stack. It is designed for **fleet-scale security +monitoring**: run the script periodically on every host, push the output to a +Prometheus Pushgateway (or drop it into a node_exporter textfile directory), then +alert and dashboard from Prometheus/Grafana like any other infrastructure metric. + +--- + +## Quick start + +### Pushgateway (recommended for cron/batch fleet scans) + +```sh +#!/bin/sh +PUSHGATEWAY="http://pushgateway.internal:9091" +INSTANCE=$(hostname -f) + +spectre-meltdown-checker.sh --batch prometheus \ + | curl --silent --show-error --data-binary @- \ + "${PUSHGATEWAY}/metrics/job/smc/instance/${INSTANCE}" +``` + +Run this as root via cron or a systemd timer on every host. The Pushgateway +retains the last pushed value, so Prometheus scrapes it on its own schedule. +A stale-data alert (`smc_last_scan_timestamp_seconds`) catches hosts that stopped +reporting. + +### node_exporter textfile collector + +```sh +#!/bin/sh +TEXTFILE_DIR="/var/lib/node_exporter/textfile_collector" +TMP="${TEXTFILE_DIR}/smc.prom.$$" + +spectre-meltdown-checker.sh --batch prometheus > "$TMP" +mv "$TMP" "${TEXTFILE_DIR}/smc.prom" +``` + +The atomic `mv` prevents node_exporter from reading a partially written file. +node_exporter must be started with `--collector.textfile.directory` pointing at +`TEXTFILE_DIR`. + +--- + +## Metric reference + +All metric names are prefixed `smc_` (spectre-meltdown-checker). All metrics +are **gauges**: they represent the state at the time of the scan, not a running +counter. + +--- + +### `smc_build_info` + +Script metadata. Always value `1`; all data is in labels. + +| Label | Values | Meaning | +|---|---|---| +| `version` | string | Script version (e.g. `25.30.0250400123`) | +| `mode` | `live` / `offline` | `live` = running on the active kernel; `offline` = inspecting a kernel image | +| `run_as_root` | `true` / `false` | Whether the script ran as root. Non-root scans skip MSR reads and may miss mitigations | +| `paranoid` | `true` / `false` | `--paranoid` mode: stricter criteria (e.g. requires SMT disabled) | +| `sysfs_only` | `true` / `false` | `--sysfs-only` mode: only the kernel's own sysfs report was used, not independent detection | +| `reduced_accuracy` | `true` / `false` | Kernel information was incomplete (no kernel image, config, or map); some checks may be less precise | +| `mocked` | `true` / `false` | Debug/test mode: CPU values were overridden. Results do **not** reflect the real system | + +**Example:** +``` +smc_build_info{version="25.30.0250400123",mode="live",run_as_root="true",paranoid="false",sysfs_only="false",reduced_accuracy="false",mocked="false"} 1 +``` + +**Important labels for fleet operators:** + +- `run_as_root="false"` means the scan was incomplete. Treat those results as + lower confidence and alert separately. +- `sysfs_only="true"` means the script trusted the kernel's self-report without + independent verification. The kernel may be wrong about its own mitigation + status (known to happen on older kernels). +- `paranoid="true"` raises the bar: a host with `paranoid="true"` and + `vulnerable_count=0` is held to a higher standard than one with `paranoid="false"`. + Do not compare counts across hosts with different `paranoid` values. +- `mocked="true"` must never appear on a production host; if it does, the results + are fabricated and every downstream alert is unreliable. + +--- + +### `smc_system_info` + +Operating system and kernel metadata. Always value `1`. + +Absent in offline mode when neither `uname -r` nor `uname -m` is available. + +| Label | Values | Meaning | +|---|---|---| +| `kernel_release` | string | Output of `uname -r` (live mode only) | +| `kernel_arch` | string | Output of `uname -m` (live mode only) | +| `hypervisor_host` | `true` / `false` | Whether this machine is detected as a hypervisor host (running KVM, Xen, VMware, etc.) | + +**Example:** +``` +smc_system_info{kernel_release="5.15.0-100-generic",kernel_arch="x86_64",hypervisor_host="false"} 1 +``` + +**`hypervisor_host`** materially changes the risk profile of several CVEs. +L1TF (CVE-2018-3646) and MDS (CVE-2018-12126/12130/12127) are significantly more +severe on hypervisor hosts because they can be exploited across VM boundaries by +a malicious guest. Always prioritise remediation on hosts where +`hypervisor_host="true"`. + +--- + +### `smc_cpu_info` + +CPU hardware and microcode metadata. Always value `1`. Absent when `--no-hw` +is used. + +| Label | Values | Meaning | +|---|---|---| +| `vendor` | string | CPU vendor (e.g. `Intel`, `AuthenticAMD`) | +| `model` | string | CPU friendly name from `/proc/cpuinfo` | +| `family` | integer string | CPU family number | +| `model_id` | integer string | CPU model number | +| `stepping` | integer string | CPU stepping number | +| `cpuid` | hex string | Full CPUID value (e.g. `0x000906ed`); absent on some ARM CPUs | +| `codename` | string | Intel CPU codename (e.g. `Coffee Lake`); absent on AMD and ARM | +| `smt` | `true` / `false` | Whether SMT (HyperThreading) is currently enabled | +| `microcode` | hex string | Installed microcode version (e.g. `0xf4`) | +| `microcode_latest` | hex string | Latest known-good microcode version from the firmware database | +| `microcode_up_to_date` | `true` / `false` | Whether `microcode == microcode_latest` | +| `microcode_blacklisted` | `true` / `false` | Whether the installed microcode is known to cause problems and should be rolled back | + +**Example:** +``` +smc_cpu_info{vendor="Intel",model="Intel(R) Core(TM) i7-9700K CPU @ 3.60GHz",family="6",model_id="158",stepping="13",cpuid="0x000906ed",codename="Coffee Lake",smt="true",microcode="0xf4",microcode_latest="0xf4",microcode_up_to_date="true",microcode_blacklisted="false"} 1 +``` + +**Microcode labels:** + +- `microcode_up_to_date="false"` means a newer microcode is available in the + firmware database. This does not necessarily mean the system is vulnerable + (the current microcode may still provide all required mitigations), but it + warrants investigation. +- `microcode_blacklisted="true"` means the installed microcode is known to + cause system instability or incorrect behaviour and must be rolled back + immediately. Treat this as a P1 incident. +- `microcode_latest` may be absent if the CPU is not in the firmware database + (very new, very old, or exotic CPUs). + +**`smt`** affects the risk level of several CVEs (MDS, L1TF). For those CVEs, +full mitigation requires disabling SMT in addition to kernel and microcode updates. +The script accounts for this in its status assessment; use this label to audit +which hosts still have SMT enabled. + +--- + +### `smc_vulnerability_status` + +One time series per CVE. The **numeric value** encodes the check result: + +| Value | Meaning | +|---|---| +| `0` | Not vulnerable (CPU is unaffected by design, or all required mitigations are in place) | +| `1` | Vulnerable (mitigations are missing or insufficient) | +| `2` | Unknown (the script could not determine the status, e.g. due to missing kernel info or insufficient privileges) | + +| Label | Values | Meaning | +|---|---|---| +| `cve` | CVE ID string | The CVE identifier (e.g. `CVE-2017-5753`) | +| `name` | string | Human-readable CVE name and aliases (e.g. `Spectre Variant 1, bounds check bypass`) | +| `cpu_affected` | `true` / `false` | Whether this CPU's hardware design is concerned by this CVE | + +**Example:** +``` +smc_vulnerability_status{cve="CVE-2017-5753",name="Spectre Variant 1, bounds check bypass",cpu_affected="true"} 0 +smc_vulnerability_status{cve="CVE-2017-5715",name="Spectre Variant 2, branch target injection",cpu_affected="true"} 1 +smc_vulnerability_status{cve="CVE-2022-29900",name="Retbleed, arbitrary speculative code execution with return instructions (AMD)",cpu_affected="false"} 0 +``` + +**`cpu_affected` explained:** + +A value of `0` with `cpu_affected="false"` means the CPU hardware is architecturally +immune to this CVE, no patch was needed or applied. + +A value of `0` with `cpu_affected="true"` means the CPU has the hardware weakness +but all required mitigations (kernel, microcode, or both) are in place. + +This distinction is important when auditing a fleet: if you need to verify that +all at-risk systems are patched, filter on `cpu_affected="true"` to exclude +hardware-immune systems from the analysis. + +--- + +### `smc_vulnerable_count` + +Number of CVEs with status `1` (vulnerable) in this scan. Value is `0` when +no CVEs are vulnerable. + +--- + +### `smc_unknown_count` + +Number of CVEs with status `2` (unknown) in this scan. A non-zero value +typically means the scan lacked sufficient privileges or kernel information. +Treat unknown the same as vulnerable for alerting purposes. + +--- + +### `smc_last_scan_timestamp_seconds` + +Unix timestamp (seconds since epoch) when the scan completed. Use this to +detect hosts that have stopped reporting. + +--- + +## Alerting rules + +```yaml +groups: + - name: spectre_meltdown_checker + rules: + + # Fire when any CVE is confirmed vulnerable + - alert: SMCVulnerable + expr: smc_vulnerable_count > 0 + for: 0m + labels: + severity: critical + annotations: + summary: "{{ $labels.instance }} has {{ $value }} vulnerable CVE(s)" + description: > + Run spectre-meltdown-checker.sh interactively on {{ $labels.instance }} + for remediation guidance. + + # Fire when status is unknown (usually means scan ran without root) + - alert: SMCUnknown + expr: smc_unknown_count > 0 + for: 0m + labels: + severity: warning + annotations: + summary: "{{ $labels.instance }} has {{ $value }} CVE(s) with unknown status" + description: > + Ensure the checker runs as root on {{ $labels.instance }}. + + # Fire when a host stops reporting (scan not run in 8 days) + - alert: SMCScanStale + expr: time() - smc_last_scan_timestamp_seconds > 8 * 86400 + for: 0m + labels: + severity: warning + annotations: + summary: "{{ $labels.instance }} has not reported scan results in 8 days" + + # Fire when installed microcode is known-bad + - alert: SMCMicrocodeBlacklisted + expr: smc_cpu_info{microcode_blacklisted="true"} == 1 + for: 0m + labels: + severity: critical + annotations: + summary: "{{ $labels.instance }} is running blacklisted microcode" + description: > + The installed microcode ({{ $labels.microcode }}) is known to cause + instability. Roll back to the previous version immediately. + + # Fire when scan ran without root (results may be incomplete) + - alert: SMCScanNotRoot + expr: smc_build_info{run_as_root="false"} == 1 + for: 0m + labels: + severity: warning + annotations: + summary: "{{ $labels.instance }} scan ran without root privileges" + + # Fire when mocked data is detected on a production host + - alert: SMCScanMocked + expr: smc_build_info{mocked="true"} == 1 + for: 0m + labels: + severity: critical + annotations: + summary: "{{ $labels.instance }} scan results are mocked and unreliable" +``` + +--- + +## Useful PromQL queries + +```promql +# All vulnerable CVEs across the fleet +smc_vulnerability_status == 1 + +# Vulnerable CVEs on hosts that are also hypervisor hosts (highest priority) +smc_vulnerability_status == 1 + * on(instance) group_left(hypervisor_host) + smc_system_info{hypervisor_host="true"} + +# Vulnerable CVEs on affected CPUs only (excludes hardware-immune systems) +smc_vulnerability_status{cpu_affected="true"} == 1 + +# Fleet-wide: how many hosts are vulnerable to each CVE +count by (cve, name) (smc_vulnerability_status == 1) + +# Hosts with outdated microcode, with CPU model context +smc_cpu_info{microcode_up_to_date="false"} + +# Hosts with SMT still enabled (relevant for MDS/L1TF remediation) +smc_cpu_info{smt="true"} + +# For a specific CVE: hosts affected by hardware but fully mitigated +smc_vulnerability_status{cve="CVE-2018-3646", cpu_affected="true"} == 0 + +# Proportion of fleet that is fully clean (no vulnerable, no unknown) +( + count(smc_vulnerable_count == 0 and smc_unknown_count == 0) + / + count(smc_vulnerable_count >= 0) +) + +# Hosts where scan ran without root, results less reliable +smc_build_info{run_as_root="false"} + +# Hosts with sysfs_only mode, independent detection was skipped +smc_build_info{sysfs_only="true"} + +# Vulnerable CVEs joined with kernel release for patch tracking +smc_vulnerability_status == 1 + * on(instance) group_left(kernel_release) + smc_system_info + +# Vulnerable CVEs joined with CPU model and microcode version +smc_vulnerability_status == 1 + * on(instance) group_left(vendor, model, microcode, microcode_up_to_date) + smc_cpu_info +``` + +--- + +## Caveats and edge cases + +**Offline mode (`--kernel`)** +`smc_system_info` will have no `kernel_release` or `kernel_arch` labels (those +come from `uname`, which reports the running kernel, not the inspected one). +`mode="offline"` in `smc_build_info` signals this. Offline mode is primarily +useful for pre-deployment auditing, not fleet runtime monitoring. + +**`--no-hw`** +`smc_cpu_info` is not emitted. CPU and microcode labels are absent from all +queries. CVE checks that rely on hardware capability detection (`cap_*` flags, +MSR reads) will report `unknown` status. + +**`--sysfs-only`** +The script trusts the kernel's sysfs report (`/sys/devices/system/cpu/vulnerabilities/`) +without running its own independent detection. Some older kernels are known to +misreport their mitigation status. `sysfs_only="true"` in `smc_build_info` +flags this condition. Do not use `--sysfs-only` for production fleet monitoring. + +**`--paranoid`** +Enables defense-in-depth checks beyond the security community consensus (e.g. +requires SMT to be disabled, IBPB always-on). A host is only `vulnerable_count=0` +under `paranoid` if it meets this higher bar. Do not compare `vulnerable_count` +across hosts with different `paranoid` values. + +**`reduced_accuracy`** +Set when the kernel image, config file, or System.map could not be read. Some +checks fall back to weaker heuristics and may report `unknown` for CVEs that are +actually mitigated. This typically happens when the script runs without root or +on a kernel with an inaccessible image. + +**Label stability** +Prometheus identifies time series by their full label set. If a script upgrade +adds or renames a label (e.g. a new `smc_cpu_info` label is added for a new CVE), +Prometheus will create a new time series and the old one will become stale. Plan +for this in long-retention dashboards by using `group_left` joins rather than +hardcoding label matchers. diff --git a/src/main.sh b/src/main.sh index 52e0b60..9fb42e0 100644 --- a/src/main.sh +++ b/src/main.sh @@ -166,7 +166,9 @@ fi if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "prometheus" ]; then prom_run_as_root='false' [ "$(id -u)" -eq 0 ] && prom_run_as_root='true' - if [ "$opt_no_hw" = 1 ]; then + if [ "$opt_hw_only" = 1 ]; then + prom_mode='hw-only' + elif [ "$opt_no_hw" = 1 ]; then prom_mode='no-hw' elif [ "$opt_runtime" = 0 ]; then prom_mode='no-runtime' diff --git a/src/vulns/CVE-2017-5715.sh b/src/vulns/CVE-2017-5715.sh index 8fecf0a..24b0b15 100644 --- a/src/vulns/CVE-2017-5715.sh +++ b/src/vulns/CVE-2017-5715.sh @@ -1157,7 +1157,7 @@ check_CVE_2017_5715_linux() { elif [ "$g_ibpb_enabled" = 2 ] && [ "$smt_enabled" != 0 ]; then pvulnstatus "$cve" OK "Full IBPB is mitigating the vulnerability" - # Offline mode fallback + # No-runtime mode fallback elif [ "$opt_runtime" != 1 ]; then if [ "$retpoline" = 1 ] && [ -n "$g_ibpb_supported" ]; then pvulnstatus "$cve" OK "no-runtime mode: kernel supports retpoline + IBPB to mitigate the vulnerability" diff --git a/src/vulns/CVE-2017-5753.sh b/src/vulns/CVE-2017-5753.sh index f4ed40a..6750f7e 100644 --- a/src/vulns/CVE-2017-5753.sh +++ b/src/vulns/CVE-2017-5753.sh @@ -62,7 +62,7 @@ check_CVE_2017_5753_linux() { # Primary detection: grep for sysfs mitigation strings in the kernel binary. # The string "__user pointer sanitization" is present in all kernel versions # that have spectre_v1 sysfs support (x86 v4.16+, ARM64 v5.2+, ARM32 v5.17+), - # including RHEL "Load fences" variants. This is cheap and works offline. + # including RHEL "Load fences" variants. This is cheap and works in no-runtime mode. pr_info_nol "* Kernel has spectre_v1 mitigation (kernel image): " v1_kernel_mitigated='' v1_kernel_mitigated_err='' @@ -98,7 +98,7 @@ check_CVE_2017_5753_linux() { # Fallback for v4.15-era kernels: binary pattern matching for array_index_mask_nospec(). # The sysfs mitigation strings were not present in the kernel image until v4.16 (x86) # and v5.2 (ARM64), but the actual mitigation code landed in v4.15 (x86) and v4.16 (ARM64). - # For offline analysis of these old kernels, match the specific instruction patterns. + # For no-runtime analysis of these old kernels, match the specific instruction patterns. if [ -z "$v1_kernel_mitigated" ]; then pr_info_nol "* Kernel has array_index_mask_nospec (v4.15 binary pattern): " # vanilla: look for the Linus' mask aka array_index_mask_nospec() diff --git a/src/vulns/CVE-2018-3640.sh b/src/vulns/CVE-2018-3640.sh index 3d3ec7d..32d6bab 100644 --- a/src/vulns/CVE-2018-3640.sh +++ b/src/vulns/CVE-2018-3640.sh @@ -12,7 +12,7 @@ check_CVE_2018_3640() { msg='' # Detect whether the target kernel is ARM64, for both live and no-runtime modes. - # In offline cross-inspection (x86 host, ARM kernel), cpu_vendor reflects the host, + # In no-runtime cross-inspection (x86 host, ARM kernel), cpu_vendor reflects the host, # so also check for arm64_sys_ symbols (same pattern used in CVE-2018-3639). is_arm64_kernel=0 if [ "$cpu_vendor" = ARM ] || [ "$cpu_vendor" = CAVIUM ] || [ "$cpu_vendor" = PHYTIUM ]; then From 98ec067aef42dbad7e1daf7547402d22f99fcc3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 8 Apr 2026 22:27:30 +0200 Subject: [PATCH 48/57] enh: rework json/prom output to better split x86/arm --- DEVELOPMENT.md | 4 +- src/libs/250_output_emitters.sh | 190 +++++++++++++++++++------------- 2 files changed, 113 insertions(+), 81 deletions(-) diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index e844947..a407fbc 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -116,9 +116,9 @@ The entire tool is a single bash script with no external script dependencies. Ke Two JSON formats are available via `--batch`: - **`--batch json`** (comprehensive): A top-level object with five sections: - - `meta` β€” script version, format version, timestamp, run mode flags (`run_as_root`, `reduced_accuracy`, `mocked`, `paranoid`, `sysfs_only`, `no_hw`, `extra`) + - `meta` β€” script version, format version, timestamp, run mode flags (`run_as_root`, `reduced_accuracy`, `mocked`, `paranoid`, `sysfs_only`, `extra`) - `system` β€” kernel release/version/arch/cmdline, CPU count, SMT status, hypervisor host detection - - `cpu` β€” vendor, model name, family/model/stepping, CPUID, codename, ARM fields (`arm_part_list`, `arm_arch_list`), plus a `capabilities` sub-object containing all `cap_*` hardware flags as booleans/nulls/strings + - `cpu` β€” `arch` discriminator (`x86` or `arm`), vendor, friendly name, then an arch-specific sub-object (`cpu.x86` or `cpu.arm`) with identification fields (family/model/stepping/CPUID/codename for x86; part\_list/arch\_list for ARM) and a `capabilities` sub-object containing hardware flags as booleans/nulls - `cpu_microcode` β€” `installed_version`, `latest_version`, `microcode_up_to_date`, `is_blacklisted`, firmware DB source/info - `vulnerabilities` β€” array of per-CVE objects: `cve`, `name`, `aliases`, `cpu_affected`, `status`, `vulnerable`, `info`, `sysfs_status`, `sysfs_message` diff --git a/src/libs/250_output_emitters.sh b/src/libs/250_output_emitters.sh index 622d4d3..c77fce8 100644 --- a/src/libs/250_output_emitters.sh +++ b/src/libs/250_output_emitters.sh @@ -68,7 +68,9 @@ _json_bool() { _build_json_meta() { local timestamp mode timestamp=$(date -u '+%Y-%m-%dT%H:%M:%SZ' 2>/dev/null || echo "unknown") - if [ "$opt_no_hw" = 1 ]; then + if [ "$opt_hw_only" = 1 ]; then + mode="hw-only" + elif [ "$opt_no_hw" = 1 ]; then mode="no-hw" elif [ "$opt_runtime" = 0 ]; then mode="no-runtime" @@ -81,7 +83,7 @@ _build_json_meta() { else run_as_root='false' fi - g_json_meta=$(printf '{"script_version":%s,"format_version":1,"timestamp":%s,"os":%s,"mode":"%s","run_as_root":%s,"reduced_accuracy":%s,"paranoid":%s,"sysfs_only":%s,"no_hw":%s,"extra":%s}' \ + g_json_meta=$(printf '{"script_version":%s,"format_version":1,"timestamp":%s,"os":%s,"mode":"%s","run_as_root":%s,"reduced_accuracy":%s,"paranoid":%s,"sysfs_only":%s,"extra":%s}' \ "$(_json_str "$VERSION")" \ "$(_json_str "$timestamp")" \ "$(_json_str "$g_os")" \ @@ -90,7 +92,6 @@ _build_json_meta() { "$(_json_bool "${g_bad_accuracy:-0}")" \ "$(_json_bool "$opt_paranoid")" \ "$(_json_bool "$opt_sysfs_only")" \ - "$(_json_bool "$opt_no_hw")" \ "$(_json_bool "$opt_extra")") } @@ -134,87 +135,107 @@ _build_json_system() { # Sets: g_json_cpu # shellcheck disable=SC2034 _build_json_cpu() { - local cpuid_hex ucode_hex codename caps + local cpuid_hex codename caps arch_sub arch_type if [ -n "${cpu_cpuid:-}" ]; then cpuid_hex=$(printf '0x%08x' "$cpu_cpuid") else cpuid_hex='' fi - if [ -n "${cpu_ucode:-}" ]; then - ucode_hex=$(printf '0x%x' "$cpu_ucode") - else - ucode_hex='' - fi codename='' if is_intel; then codename=$(get_intel_codename 2>/dev/null || true) fi - # Build capabilities sub-object - caps=$(printf '{"spec_ctrl":%s,"ibrs":%s,"ibpb":%s,"ibpb_ret":%s,"stibp":%s,"ssbd":%s,"l1d_flush":%s,"md_clear":%s,"arch_capabilities":%s,"rdcl_no":%s,"ibrs_all":%s,"rsba":%s,"l1dflush_no":%s,"ssb_no":%s,"mds_no":%s,"taa_no":%s,"pschange_msc_no":%s,"tsx_ctrl_msr":%s,"tsx_ctrl_rtm_disable":%s,"tsx_ctrl_cpuid_clear":%s,"gds_ctrl":%s,"gds_no":%s,"gds_mitg_dis":%s,"gds_mitg_lock":%s,"rfds_no":%s,"rfds_clear":%s,"its_no":%s,"sbdr_ssdp_no":%s,"fbsdp_no":%s,"psdp_no":%s,"fb_clear":%s,"rtm":%s,"tsx_force_abort":%s,"tsx_force_abort_rtm_disable":%s,"tsx_force_abort_cpuid_clear":%s,"sgx":%s,"srbds":%s,"srbds_on":%s,"amd_ssb_no":%s,"hygon_ssb_no":%s,"ipred":%s,"rrsba":%s,"bhi":%s,"tsa_sq_no":%s,"tsa_l1_no":%s,"verw_clear":%s,"autoibrs":%s,"sbpb":%s,"avx2":%s,"avx512":%s}' \ - "$(_json_cap "${cap_spec_ctrl:-}")" \ - "$(_json_cap "${cap_ibrs:-}")" \ - "$(_json_cap "${cap_ibpb:-}")" \ - "$(_json_cap "${cap_ibpb_ret:-}")" \ - "$(_json_cap "${cap_stibp:-}")" \ - "$(_json_cap "${cap_ssbd:-}")" \ - "$(_json_cap "${cap_l1df:-}")" \ - "$(_json_cap "${cap_md_clear:-}")" \ - "$(_json_cap "${cap_arch_capabilities:-}")" \ - "$(_json_cap "${cap_rdcl_no:-}")" \ - "$(_json_cap "${cap_ibrs_all:-}")" \ - "$(_json_cap "${cap_rsba:-}")" \ - "$(_json_cap "${cap_l1dflush_no:-}")" \ - "$(_json_cap "${cap_ssb_no:-}")" \ - "$(_json_cap "${cap_mds_no:-}")" \ - "$(_json_cap "${cap_taa_no:-}")" \ - "$(_json_cap "${cap_pschange_msc_no:-}")" \ - "$(_json_cap "${cap_tsx_ctrl_msr:-}")" \ - "$(_json_cap "${cap_tsx_ctrl_rtm_disable:-}")" \ - "$(_json_cap "${cap_tsx_ctrl_cpuid_clear:-}")" \ - "$(_json_cap "${cap_gds_ctrl:-}")" \ - "$(_json_cap "${cap_gds_no:-}")" \ - "$(_json_cap "${cap_gds_mitg_dis:-}")" \ - "$(_json_cap "${cap_gds_mitg_lock:-}")" \ - "$(_json_cap "${cap_rfds_no:-}")" \ - "$(_json_cap "${cap_rfds_clear:-}")" \ - "$(_json_cap "${cap_its_no:-}")" \ - "$(_json_cap "${cap_sbdr_ssdp_no:-}")" \ - "$(_json_cap "${cap_fbsdp_no:-}")" \ - "$(_json_cap "${cap_psdp_no:-}")" \ - "$(_json_cap "${cap_fb_clear:-}")" \ - "$(_json_cap "${cap_rtm:-}")" \ - "$(_json_cap "${cap_tsx_force_abort:-}")" \ - "$(_json_cap "${cap_tsx_force_abort_rtm_disable:-}")" \ - "$(_json_cap "${cap_tsx_force_abort_cpuid_clear:-}")" \ - "$(_json_cap "${cap_sgx:-}")" \ - "$(_json_cap "${cap_srbds:-}")" \ - "$(_json_cap "${cap_srbds_on:-}")" \ - "$(_json_cap "${cap_amd_ssb_no:-}")" \ - "$(_json_cap "${cap_hygon_ssb_no:-}")" \ - "$(_json_cap "${cap_ipred:-}")" \ - "$(_json_cap "${cap_rrsba:-}")" \ - "$(_json_cap "${cap_bhi:-}")" \ - "$(_json_cap "${cap_tsa_sq_no:-}")" \ - "$(_json_cap "${cap_tsa_l1_no:-}")" \ - "$(_json_cap "${cap_verw_clear:-}")" \ - "$(_json_cap "${cap_autoibrs:-}")" \ - "$(_json_cap "${cap_sbpb:-}")" \ - "$(_json_cap "${cap_avx2:-}")" \ - "$(_json_cap "${cap_avx512:-}")") - g_json_cpu=$(printf '{"vendor":%s,"friendly_name":%s,"family":%s,"model":%s,"stepping":%s,"cpuid":%s,"platform_id":%s,"hybrid":%s,"codename":%s,"arm_part_list":%s,"arm_arch_list":%s,"capabilities":%s}' \ - "$(_json_str "${cpu_vendor:-}")" \ - "$(_json_str "${cpu_friendly_name:-}")" \ - "$(_json_num "${cpu_family:-}")" \ - "$(_json_num "${cpu_model:-}")" \ - "$(_json_num "${cpu_stepping:-}")" \ - "$(_json_str "$cpuid_hex")" \ - "$(_json_num "${cpu_platformid:-}")" \ - "$(_json_bool "${cpu_hybrid:-}")" \ - "$(_json_str "$codename")" \ - "$(_json_str "${cpu_part_list:-}")" \ - "$(_json_str "${cpu_arch_list:-}")" \ - "$caps") + # Determine architecture type and build the arch-specific sub-object + case "${cpu_vendor:-}" in + GenuineIntel | AuthenticAMD | HygonGenuine) + arch_type='x86' + # Build x86 capabilities sub-object + caps=$(printf '{"spec_ctrl":%s,"ibrs":%s,"ibpb":%s,"ibpb_ret":%s,"stibp":%s,"ssbd":%s,"l1d_flush":%s,"md_clear":%s,"arch_capabilities":%s,"rdcl_no":%s,"ibrs_all":%s,"rsba":%s,"l1dflush_no":%s,"ssb_no":%s,"mds_no":%s,"taa_no":%s,"pschange_msc_no":%s,"tsx_ctrl_msr":%s,"tsx_ctrl_rtm_disable":%s,"tsx_ctrl_cpuid_clear":%s,"gds_ctrl":%s,"gds_no":%s,"gds_mitg_dis":%s,"gds_mitg_lock":%s,"rfds_no":%s,"rfds_clear":%s,"its_no":%s,"sbdr_ssdp_no":%s,"fbsdp_no":%s,"psdp_no":%s,"fb_clear":%s,"rtm":%s,"tsx_force_abort":%s,"tsx_force_abort_rtm_disable":%s,"tsx_force_abort_cpuid_clear":%s,"sgx":%s,"srbds":%s,"srbds_on":%s,"amd_ssb_no":%s,"hygon_ssb_no":%s,"ipred":%s,"rrsba":%s,"bhi":%s,"tsa_sq_no":%s,"tsa_l1_no":%s,"verw_clear":%s,"autoibrs":%s,"sbpb":%s,"avx2":%s,"avx512":%s}' \ + "$(_json_cap "${cap_spec_ctrl:-}")" \ + "$(_json_cap "${cap_ibrs:-}")" \ + "$(_json_cap "${cap_ibpb:-}")" \ + "$(_json_cap "${cap_ibpb_ret:-}")" \ + "$(_json_cap "${cap_stibp:-}")" \ + "$(_json_cap "${cap_ssbd:-}")" \ + "$(_json_cap "${cap_l1df:-}")" \ + "$(_json_cap "${cap_md_clear:-}")" \ + "$(_json_cap "${cap_arch_capabilities:-}")" \ + "$(_json_cap "${cap_rdcl_no:-}")" \ + "$(_json_cap "${cap_ibrs_all:-}")" \ + "$(_json_cap "${cap_rsba:-}")" \ + "$(_json_cap "${cap_l1dflush_no:-}")" \ + "$(_json_cap "${cap_ssb_no:-}")" \ + "$(_json_cap "${cap_mds_no:-}")" \ + "$(_json_cap "${cap_taa_no:-}")" \ + "$(_json_cap "${cap_pschange_msc_no:-}")" \ + "$(_json_cap "${cap_tsx_ctrl_msr:-}")" \ + "$(_json_cap "${cap_tsx_ctrl_rtm_disable:-}")" \ + "$(_json_cap "${cap_tsx_ctrl_cpuid_clear:-}")" \ + "$(_json_cap "${cap_gds_ctrl:-}")" \ + "$(_json_cap "${cap_gds_no:-}")" \ + "$(_json_cap "${cap_gds_mitg_dis:-}")" \ + "$(_json_cap "${cap_gds_mitg_lock:-}")" \ + "$(_json_cap "${cap_rfds_no:-}")" \ + "$(_json_cap "${cap_rfds_clear:-}")" \ + "$(_json_cap "${cap_its_no:-}")" \ + "$(_json_cap "${cap_sbdr_ssdp_no:-}")" \ + "$(_json_cap "${cap_fbsdp_no:-}")" \ + "$(_json_cap "${cap_psdp_no:-}")" \ + "$(_json_cap "${cap_fb_clear:-}")" \ + "$(_json_cap "${cap_rtm:-}")" \ + "$(_json_cap "${cap_tsx_force_abort:-}")" \ + "$(_json_cap "${cap_tsx_force_abort_rtm_disable:-}")" \ + "$(_json_cap "${cap_tsx_force_abort_cpuid_clear:-}")" \ + "$(_json_cap "${cap_sgx:-}")" \ + "$(_json_cap "${cap_srbds:-}")" \ + "$(_json_cap "${cap_srbds_on:-}")" \ + "$(_json_cap "${cap_amd_ssb_no:-}")" \ + "$(_json_cap "${cap_hygon_ssb_no:-}")" \ + "$(_json_cap "${cap_ipred:-}")" \ + "$(_json_cap "${cap_rrsba:-}")" \ + "$(_json_cap "${cap_bhi:-}")" \ + "$(_json_cap "${cap_tsa_sq_no:-}")" \ + "$(_json_cap "${cap_tsa_l1_no:-}")" \ + "$(_json_cap "${cap_verw_clear:-}")" \ + "$(_json_cap "${cap_autoibrs:-}")" \ + "$(_json_cap "${cap_sbpb:-}")" \ + "$(_json_cap "${cap_avx2:-}")" \ + "$(_json_cap "${cap_avx512:-}")") + arch_sub=$(printf '{"family":%s,"model":%s,"stepping":%s,"cpuid":%s,"platform_id":%s,"hybrid":%s,"codename":%s,"capabilities":%s}' \ + "$(_json_num "${cpu_family:-}")" \ + "$(_json_num "${cpu_model:-}")" \ + "$(_json_num "${cpu_stepping:-}")" \ + "$(_json_str "$cpuid_hex")" \ + "$(_json_num "${cpu_platformid:-}")" \ + "$(_json_bool "${cpu_hybrid:-}")" \ + "$(_json_str "$codename")" \ + "$caps") + ;; + ARM | CAVIUM | PHYTIUM) + arch_type='arm' + arch_sub=$(printf '{"part_list":%s,"arch_list":%s,"capabilities":{}}' \ + "$(_json_str "${cpu_part_list:-}")" \ + "$(_json_str "${cpu_arch_list:-}")") + ;; + *) + arch_type='' + arch_sub='' + ;; + esac + + if [ -n "$arch_type" ]; then + g_json_cpu=$(printf '{"arch":"%s","vendor":%s,"friendly_name":%s,"%s":%s}' \ + "$arch_type" \ + "$(_json_str "${cpu_vendor:-}")" \ + "$(_json_str "${cpu_friendly_name:-}")" \ + "$arch_type" \ + "$arch_sub") + else + g_json_cpu=$(printf '{"arch":null,"vendor":%s,"friendly_name":%s}' \ + "$(_json_str "${cpu_vendor:-}")" \ + "$(_json_str "${cpu_friendly_name:-}")") + fi } # Build the "cpu_microcode" section of the comprehensive JSON output @@ -443,11 +464,22 @@ _build_prometheus_cpu_info() { cpu_labels='' [ -n "${cpu_vendor:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}vendor=\"$(_prom_escape "$cpu_vendor")\"" [ -n "${cpu_friendly_name:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}model=\"$(_prom_escape "$cpu_friendly_name")\"" - [ -n "${cpu_family:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}family=\"$cpu_family\"" - [ -n "${cpu_model:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}model_id=\"$cpu_model\"" - [ -n "${cpu_stepping:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}stepping=\"$cpu_stepping\"" - [ -n "$cpuid_hex" ] && cpu_labels="${cpu_labels:+$cpu_labels,}cpuid=\"$cpuid_hex\"" - [ -n "$codename" ] && cpu_labels="${cpu_labels:+$cpu_labels,}codename=\"$(_prom_escape "$codename")\"" + # arch-specific labels + case "${cpu_vendor:-}" in + GenuineIntel | AuthenticAMD | HygonGenuine) + cpu_labels="${cpu_labels:+$cpu_labels,}arch=\"x86\"" + [ -n "${cpu_family:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}family=\"$cpu_family\"" + [ -n "${cpu_model:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}model_id=\"$cpu_model\"" + [ -n "${cpu_stepping:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}stepping=\"$cpu_stepping\"" + [ -n "$cpuid_hex" ] && cpu_labels="${cpu_labels:+$cpu_labels,}cpuid=\"$cpuid_hex\"" + [ -n "$codename" ] && cpu_labels="${cpu_labels:+$cpu_labels,}codename=\"$(_prom_escape "$codename")\"" + ;; + ARM | CAVIUM | PHYTIUM) + cpu_labels="${cpu_labels:+$cpu_labels,}arch=\"arm\"" + [ -n "${cpu_part_list:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}part_list=\"$(_prom_escape "$cpu_part_list")\"" + [ -n "${cpu_arch_list:-}" ] && cpu_labels="${cpu_labels:+$cpu_labels,}arch_list=\"$(_prom_escape "$cpu_arch_list")\"" + ;; + esac [ -n "$smt_val" ] && cpu_labels="${cpu_labels:+$cpu_labels,}smt=\"$smt_val\"" [ -n "$ucode_hex" ] && cpu_labels="${cpu_labels:+$cpu_labels,}microcode=\"$ucode_hex\"" [ -n "$ucode_latest_hex" ] && cpu_labels="${cpu_labels:+$cpu_labels,}microcode_latest=\"$ucode_latest_hex\"" From de853fc8017d7bcd2f1b2f339ac3553b2d8b2908 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 8 Apr 2026 23:00:40 +0200 Subject: [PATCH 49/57] chore: fix build workflow --- .github/workflows/build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3e5ff26..5e11026 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -166,6 +166,7 @@ jobs: git fetch origin ${{ github.ref_name }}-build git checkout -f ${{ github.ref_name }}-build + rm -rf doc/ mv $tmpdir/* . rm -rf src/ scripts/ img/ mkdir -p .github From e110706df8dc94b0c9bec50713e2e467879c6760 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Fri, 10 Apr 2026 18:37:14 +0200 Subject: [PATCH 50/57] enh: factorize is_arch_kernel --- DEVELOPMENT.md | 15 +++++++++++++++ src/main.sh | 5 +++++ src/vulns/CVE-2017-5715.sh | 2 +- src/vulns/CVE-2018-3639.sh | 8 ++++---- src/vulns/CVE-2018-3640.sh | 18 ++---------------- 5 files changed, 27 insertions(+), 21 deletions(-) diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index a407fbc..bcbd45a 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -105,6 +105,7 @@ The entire tool is a single bash script with no external script dependencies. Ke - **Output/logging functions** (~line 253): `pr_warn`, `pr_info`, `pr_verbose`, `pr_debug`, `explain`, `pstatus`, `pvulnstatus` - verbosity-aware output with color support - **CPU detection** (~line 2171): `parse_cpu_details`, `is_intel`/`is_amd`/`is_hygon`, `read_cpuid`, `read_msr`, `is_cpu_smt_enabled` - hardware identification via CPUID/MSR registers +- **Kernel architecture detection** (`src/libs/365_kernel_arch.sh`): `is_arm64_kernel`/`is_x86_kernel` - detects the target kernel's architecture (not the host CPU) using kernel artifacts (System.map symbols, kconfig, kernel image), with `cpu_vendor` as a fast path for live mode. Results are cached in `g_kernel_arch`. Use these helpers to guard arch-specific kernel/kconfig/System.map checks and to select the appropriate verdict messages - **Microcode database** (embedded): Intel/AMD microcode version lookup via `read_mcedb`/`read_inteldb`; updated automatically via `.github/workflows/autoupdate.yml` - **Kernel analysis** (~line 1568): `extract_kernel`, `try_decompress` - extracts and inspects kernel images (handles gzip, bzip2, xz, lz4, zstd compression) - **Vulnerability checks**: 19 `check_CVE__()` functions, each with `_linux()` and `_bsd()` variants. Uses whitelist logic (assumes affected unless proven otherwise) @@ -390,6 +391,19 @@ This is where the real detection lives. Check for mitigations at each layer: Each source may independently be unavailable (no-runtime mode without the file, or stripped kernel), so check all that are present. A match in any one confirms kernel support. + **Architecture awareness:** Kernel symbols, kconfig options, and kernel-image strings are architecture-specific. An x86 host may be inspecting an ARM64 kernel (or vice versa) in offline mode, so always guard arch-specific checks with `is_arm64_kernel` or `is_x86_kernel` from `src/libs/365_kernel_arch.sh`. This prevents searching for irrelevant strings (e.g. x86 `spec_store_bypass` in an ARM64 kernel image) and ensures verdict messages and `explain` text match the target architecture (e.g. "update CPU microcode" for x86 vs "update firmware for SMCCC ARCH_WORKAROUND_2" for ARM). Example: + ```sh + # x86-specific kernel image search: skip on ARM64 kernels + if [ -n "$g_kernel" ] && ! is_arm64_kernel; then + mitigation=$("${opt_arch_prefix}strings" "$g_kernel" | grep x86_specific_string) + fi + # ARM64-specific System.map search: skip on x86 kernels + if [ -n "$opt_map" ] && is_arm64_kernel; then + mitigation=$(grep -w arm64_mitigation_function "$opt_map") + fi + ``` + The same applies to Phase 4 verdict messages: when the explanation or remediation advice differs between architectures (e.g. "CPU microcode update" vs "firmware/kernel update"), branch on `is_arm64_kernel`/`is_x86_kernel` rather than on `cpu_vendor`, because `cpu_vendor` reflects the host, not the target kernel. + - **Runtime state** (live mode only): Read MSRs, check cpuinfo flags, parse dmesg, inspect debugfs. All runtime-only checks β€” including `/proc/cpuinfo` flags β€” must be guarded by `if [ "$opt_runtime" = 1 ]`, both when collecting the evidence in Phase 2 and when using it in Phase 4. In Phase 4, use explicit live/no-runtime branches so that live-only variables (e.g. cpuinfo flags, MSR values) are never referenced in the no-runtime path. ```sh if [ "$opt_runtime" = 1 ]; then @@ -789,6 +803,7 @@ CVEs that need VMM context should call `check_has_vmm` early in their `_linux()` - **Handle `--paranoid` and `--vmm`** when the CVE has stricter mitigation tiers or VMM-specific aspects (see "Cross-Cutting Features" above). - **Keep JSON output in sync** - when adding new `cap_*` variables, add them to `_build_json_cpu()` in `src/libs/250_output_emitters.sh` (see Step 2 JSON note above). Per-CVE fields are handled automatically. - **All indentation must use 4 spaces** (CI enforces this via `fmt-check`; the vim modeline `et` enables expandtab). +- **Guard arch-specific checks with `is_arm64_kernel`/`is_x86_kernel`** - kernel image strings, kconfig symbols, and System.map functions are architecture-specific. Use the helpers from `src/libs/365_kernel_arch.sh` to avoid searching for irrelevant symbols and to select correct verdict messages. Never use `cpu_vendor` to branch on architecture in Phase 2/4 β€” it reflects the host, not the target kernel being inspected. - **Stay POSIX-compatible** - no bashisms, no GNU-only flags in portable code paths. ## Function documentation headers diff --git a/src/main.sh b/src/main.sh index 9fb42e0..1f8d546 100644 --- a/src/main.sh +++ b/src/main.sh @@ -2,6 +2,11 @@ check_kernel_info +# Detect arch mismatch between host CPU and target kernel (e.g. x86 host +# inspecting an ARM kernel): force no-hw mode so CPUID/MSR/sysfs reads +# from the host don't pollute the results. +check_kernel_cpu_arch_mismatch + # Build JSON meta and system sections early (after kernel info is resolved) if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "json" ]; then _build_json_meta diff --git a/src/vulns/CVE-2017-5715.sh b/src/vulns/CVE-2017-5715.sh index 24b0b15..88b4f81 100644 --- a/src/vulns/CVE-2017-5715.sh +++ b/src/vulns/CVE-2017-5715.sh @@ -903,7 +903,7 @@ check_CVE_2017_5715_linux() { # ARM branch predictor hardening (unchanged) if [ -n "$bp_harden" ]; then pvulnstatus "$cve" OK "Branch predictor hardening mitigates the vulnerability" - elif [ -z "$bp_harden" ] && [ "$cpu_vendor" = ARM ]; then + elif [ -z "$bp_harden" ] && is_arm64_kernel; then pvulnstatus "$cve" VULN "Branch predictor hardening is needed to mitigate the vulnerability" explain "Your kernel has not been compiled with the CONFIG_UNMAP_KERNEL_AT_EL0 option, recompile it with this option enabled." diff --git a/src/vulns/CVE-2018-3639.sh b/src/vulns/CVE-2018-3639.sh index 6211653..5948ff6 100644 --- a/src/vulns/CVE-2018-3639.sh +++ b/src/vulns/CVE-2018-3639.sh @@ -25,12 +25,12 @@ check_CVE_2018_3639_linux() { fi fi # arm64 kernels can have cpu_show_spec_store_bypass with ARM64_SSBD, so exclude them - if [ -z "$kernel_ssb" ] && [ -n "$g_kernel" ] && ! grep -q 'arm64_sys_' "$g_kernel"; then + if [ -z "$kernel_ssb" ] && [ -n "$g_kernel" ] && ! is_arm64_kernel; then kernel_ssb=$("${opt_arch_prefix}strings" "$g_kernel" | grep spec_store_bypass | head -n1) [ -n "$kernel_ssb" ] && kernel_ssb="found $kernel_ssb in kernel" fi # arm64 kernels can have cpu_show_spec_store_bypass with ARM64_SSBD, so exclude them - if [ -z "$kernel_ssb" ] && [ -n "$opt_map" ] && ! grep -q 'arm64_sys_' "$opt_map"; then + if [ -z "$kernel_ssb" ] && [ -n "$opt_map" ] && ! is_arm64_kernel; then kernel_ssb=$(grep spec_store_bypass "$opt_map" | awk '{print $3}' | head -n1) [ -n "$kernel_ssb" ] && kernel_ssb="found $kernel_ssb in System.map" fi @@ -121,7 +121,7 @@ check_CVE_2018_3639_linux() { fi else if [ -n "$kernel_ssb" ]; then - if [ "$cpu_vendor" = ARM ] || [ "$cpu_vendor" = CAVIUM ] || [ "$cpu_vendor" = PHYTIUM ]; then + if is_arm64_kernel; then pvulnstatus "$cve" VULN "no SSB mitigation is active on your system" explain "ARM CPUs mitigate SSB either through a hardware SSBS bit (ARMv8.5+ CPUs) or through firmware support for SMCCC ARCH_WORKAROUND_2. Your kernel reports SSB status but neither mechanism appears to be active. For CPUs predating ARMv8.5 (such as Cortex-A57 or Cortex-A72), check with your board or SoC vendor for a firmware update that provides SMCCC ARCH_WORKAROUND_2 support." else @@ -129,7 +129,7 @@ check_CVE_2018_3639_linux() { explain "Your kernel is recent enough to use the CPU microcode features for mitigation, but your CPU microcode doesn't actually provide the necessary features for the kernel to use. The microcode of your CPU hence needs to be upgraded. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section)." fi else - if [ "$cpu_vendor" = ARM ] || [ "$cpu_vendor" = CAVIUM ] || [ "$cpu_vendor" = PHYTIUM ]; then + if is_arm64_kernel; then pvulnstatus "$cve" VULN "your kernel and firmware do not support SSB mitigation" explain "ARM SSB mitigation requires kernel support (CONFIG_ARM64_SSBD) combined with either a hardware SSBS bit (ARMv8.5+ CPUs) or firmware support for SMCCC ARCH_WORKAROUND_2. Ensure you are running a recent kernel compiled with CONFIG_ARM64_SSBD. For CPUs predating ARMv8.5, also check with your board or SoC vendor for a firmware update providing SMCCC ARCH_WORKAROUND_2 support." else diff --git a/src/vulns/CVE-2018-3640.sh b/src/vulns/CVE-2018-3640.sh index 32d6bab..88d5da3 100644 --- a/src/vulns/CVE-2018-3640.sh +++ b/src/vulns/CVE-2018-3640.sh @@ -3,7 +3,7 @@ # CVE-2018-3640, Variant 3a, Rogue System Register Read check_CVE_2018_3640() { - local status sys_interface_available msg cve is_arm64_kernel arm_v3a_mitigation + local status sys_interface_available msg cve arm_v3a_mitigation cve='CVE-2018-3640' pr_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m" @@ -11,21 +11,7 @@ check_CVE_2018_3640() { sys_interface_available=0 msg='' - # Detect whether the target kernel is ARM64, for both live and no-runtime modes. - # In no-runtime cross-inspection (x86 host, ARM kernel), cpu_vendor reflects the host, - # so also check for arm64_sys_ symbols (same pattern used in CVE-2018-3639). - is_arm64_kernel=0 - if [ "$cpu_vendor" = ARM ] || [ "$cpu_vendor" = CAVIUM ] || [ "$cpu_vendor" = PHYTIUM ]; then - is_arm64_kernel=1 - elif [ -n "$opt_map" ] && grep -q 'arm64_sys_' "$opt_map" 2>/dev/null; then - is_arm64_kernel=1 - elif [ -n "$g_kernel" ] && grep -q 'arm64_sys_' "$g_kernel" 2>/dev/null; then - is_arm64_kernel=1 - elif [ -n "$opt_config" ] && grep -qw 'CONFIG_ARM64=y' "$opt_config" 2>/dev/null; then - is_arm64_kernel=1 - fi - - if [ "$is_arm64_kernel" = 1 ]; then + if is_arm64_kernel; then # ARM64: mitigation is via an EL2 indirect trampoline (spectre_v3a_enable_mitigation), # applied automatically at boot for affected CPUs (Cortex-A57, Cortex-A72). # No microcode update is involved. From f7ba617e16706db822205fe59ba1a11e4f954093 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Fri, 10 Apr 2026 18:37:32 +0200 Subject: [PATCH 51/57] enh: guard x86/arm specific checks in kernel/cpu for the proper arch --- DEVELOPMENT.md | 31 +- src/libs/360_cpu_smt.sh | 22 + src/libs/365_kernel_arch.sh | 120 ++++ src/vulns-helpers/check_mds.sh | 80 +-- src/vulns-helpers/check_mmio.sh | 96 +-- src/vulns-helpers/check_sls.sh | 13 +- src/vulns/CVE-2017-5715.sh | 1134 ++++++++++++++++--------------- src/vulns/CVE-2017-5754.sh | 5 +- src/vulns/CVE-2018-12207.sh | 2 +- src/vulns/CVE-2018-3639.sh | 12 +- src/vulns/CVE-2018-3640.sh | 2 +- src/vulns/CVE-2019-11135.sh | 2 +- src/vulns/CVE-2020-0543.sh | 2 +- src/vulns/CVE-2022-40982.sh | 10 +- src/vulns/CVE-2023-20588.sh | 4 +- src/vulns/CVE-2023-28746.sh | 8 +- src/vulns/CVE-2024-28956.sh | 6 +- src/vulns/CVE-2024-36350.sh | 6 +- src/vulns/CVE-2024-36357.sh | 6 +- src/vulns/CVE-2025-40300.sh | 6 +- 20 files changed, 874 insertions(+), 693 deletions(-) create mode 100644 src/libs/365_kernel_arch.sh diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index bcbd45a..72d7470 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -105,7 +105,8 @@ The entire tool is a single bash script with no external script dependencies. Ke - **Output/logging functions** (~line 253): `pr_warn`, `pr_info`, `pr_verbose`, `pr_debug`, `explain`, `pstatus`, `pvulnstatus` - verbosity-aware output with color support - **CPU detection** (~line 2171): `parse_cpu_details`, `is_intel`/`is_amd`/`is_hygon`, `read_cpuid`, `read_msr`, `is_cpu_smt_enabled` - hardware identification via CPUID/MSR registers -- **Kernel architecture detection** (`src/libs/365_kernel_arch.sh`): `is_arm64_kernel`/`is_x86_kernel` - detects the target kernel's architecture (not the host CPU) using kernel artifacts (System.map symbols, kconfig, kernel image), with `cpu_vendor` as a fast path for live mode. Results are cached in `g_kernel_arch`. Use these helpers to guard arch-specific kernel/kconfig/System.map checks and to select the appropriate verdict messages +- **Kernel architecture detection** (`src/libs/365_kernel_arch.sh`): `is_arm_kernel`/`is_x86_kernel` - detects the target kernel's architecture (not the host CPU) using kernel artifacts (System.map symbols, kconfig, kernel image), with `cpu_vendor` as a fast path for live mode. Results are cached in `g_kernel_arch`. Use these helpers to guard arch-specific kernel/kconfig/System.map checks and to select the appropriate verdict messages +- **CPU architecture detection** (`src/libs/360_cpu_smt.sh`): `is_x86_cpu`/`is_arm_cpu` - detects the host CPU's architecture via `cpu_vendor`. Use these to gate hardware operations (CPUID, MSR, microcode). Always use positive logic: `if is_x86_cpu` (not `if ! is_arm_cpu`) - **Microcode database** (embedded): Intel/AMD microcode version lookup via `read_mcedb`/`read_inteldb`; updated automatically via `.github/workflows/autoupdate.yml` - **Kernel analysis** (~line 1568): `extract_kernel`, `try_decompress` - extracts and inspects kernel images (handles gzip, bzip2, xz, lz4, zstd compression) - **Vulnerability checks**: 19 `check_CVE__()` functions, each with `_linux()` and `_bsd()` variants. Uses whitelist logic (assumes affected unless proven otherwise) @@ -391,18 +392,30 @@ This is where the real detection lives. Check for mitigations at each layer: Each source may independently be unavailable (no-runtime mode without the file, or stripped kernel), so check all that are present. A match in any one confirms kernel support. - **Architecture awareness:** Kernel symbols, kconfig options, and kernel-image strings are architecture-specific. An x86 host may be inspecting an ARM64 kernel (or vice versa) in offline mode, so always guard arch-specific checks with `is_arm64_kernel` or `is_x86_kernel` from `src/libs/365_kernel_arch.sh`. This prevents searching for irrelevant strings (e.g. x86 `spec_store_bypass` in an ARM64 kernel image) and ensures verdict messages and `explain` text match the target architecture (e.g. "update CPU microcode" for x86 vs "update firmware for SMCCC ARCH_WORKAROUND_2" for ARM). Example: + **Architecture awareness:** Kernel symbols, kconfig options, and kernel-image strings are architecture-specific. An x86 host may be inspecting an ARM kernel (or vice versa) in offline mode, so always use positive-logic arch guards from `src/libs/365_kernel_arch.sh` and `src/libs/360_cpu_smt.sh`. This prevents searching for irrelevant strings (e.g. x86 `spec_store_bypass` in an ARM kernel image) and ensures verdict messages and `explain` text match the target architecture (e.g. "update CPU microcode" for x86 vs "update firmware for SMCCC ARCH_WORKAROUND_2" for ARM). + + Use **positive logic** β€” always `if is_x86_kernel` (not `if ! is_arm_kernel`) and `if is_x86_cpu` (not `if ! is_arm_cpu`). This ensures unknown architectures (MIPS, RISC-V, PowerPC) are handled safely by defaulting to "skip" rather than "execute." + + Two sets of helpers serve different purposes: + - **`is_x86_kernel`/`is_arm_kernel`**: Gate kernel artifact checks (kernel image strings, kconfig, System.map). + - **`is_x86_cpu`/`is_arm_cpu`**: Gate hardware operations (CPUID, MSR, `/proc/cpuinfo` flags). + + Example: ```sh - # x86-specific kernel image search: skip on ARM64 kernels - if [ -n "$g_kernel" ] && ! is_arm64_kernel; then + # x86-specific kernel image search + if [ -n "$g_kernel" ] && is_x86_kernel; then mitigation=$("${opt_arch_prefix}strings" "$g_kernel" | grep x86_specific_string) fi - # ARM64-specific System.map search: skip on x86 kernels - if [ -n "$opt_map" ] && is_arm64_kernel; then - mitigation=$(grep -w arm64_mitigation_function "$opt_map") + # ARM-specific System.map search + if [ -n "$opt_map" ] && is_arm_kernel; then + mitigation=$(grep -w arm_mitigation_function "$opt_map") + fi + # x86-specific hardware read + if is_x86_cpu; then + read_cpuid 0x7 0x0 "$EDX" 26 1 1 fi ``` - The same applies to Phase 4 verdict messages: when the explanation or remediation advice differs between architectures (e.g. "CPU microcode update" vs "firmware/kernel update"), branch on `is_arm64_kernel`/`is_x86_kernel` rather than on `cpu_vendor`, because `cpu_vendor` reflects the host, not the target kernel. + The same applies to Phase 4 verdict messages: when the explanation or remediation advice differs between architectures (e.g. "CPU microcode update" vs "firmware/kernel update"), branch on `is_arm_kernel`/`is_x86_kernel` rather than on `cpu_vendor`, because `cpu_vendor` reflects the host, not the target kernel. - **Runtime state** (live mode only): Read MSRs, check cpuinfo flags, parse dmesg, inspect debugfs. All runtime-only checks β€” including `/proc/cpuinfo` flags β€” must be guarded by `if [ "$opt_runtime" = 1 ]`, both when collecting the evidence in Phase 2 and when using it in Phase 4. In Phase 4, use explicit live/no-runtime branches so that live-only variables (e.g. cpuinfo flags, MSR values) are never referenced in the no-runtime path. ```sh @@ -803,7 +816,7 @@ CVEs that need VMM context should call `check_has_vmm` early in their `_linux()` - **Handle `--paranoid` and `--vmm`** when the CVE has stricter mitigation tiers or VMM-specific aspects (see "Cross-Cutting Features" above). - **Keep JSON output in sync** - when adding new `cap_*` variables, add them to `_build_json_cpu()` in `src/libs/250_output_emitters.sh` (see Step 2 JSON note above). Per-CVE fields are handled automatically. - **All indentation must use 4 spaces** (CI enforces this via `fmt-check`; the vim modeline `et` enables expandtab). -- **Guard arch-specific checks with `is_arm64_kernel`/`is_x86_kernel`** - kernel image strings, kconfig symbols, and System.map functions are architecture-specific. Use the helpers from `src/libs/365_kernel_arch.sh` to avoid searching for irrelevant symbols and to select correct verdict messages. Never use `cpu_vendor` to branch on architecture in Phase 2/4 β€” it reflects the host, not the target kernel being inspected. +- **Guard arch-specific checks with positive logic** β€” use `is_x86_kernel`/`is_arm_kernel` for kernel artifact checks, `is_x86_cpu`/`is_arm_cpu` for hardware operations. Always use positive form (`if is_x86_cpu`, not `if ! is_arm_cpu`) so unknown architectures default to "skip." Never use `cpu_vendor` to branch on architecture in Phase 2/4 β€” it reflects the host, not the target kernel being inspected. - **Stay POSIX-compatible** - no bashisms, no GNU-only flags in portable code paths. ## Function documentation headers diff --git a/src/libs/360_cpu_smt.sh b/src/libs/360_cpu_smt.sh index 3a1f8eb..e7f9d31 100644 --- a/src/libs/360_cpu_smt.sh +++ b/src/libs/360_cpu_smt.sh @@ -21,6 +21,28 @@ is_intel() { return 1 } +# Check whether the host CPU is x86/x86_64. +# Use this to gate CPUID, MSR, and microcode operations. +# Returns: 0 if x86, 1 otherwise +is_x86_cpu() { + parse_cpu_details + case "$cpu_vendor" in + GenuineIntel | AuthenticAMD | HygonGenuine | CentaurHauls | Shanghai) return 0 ;; + esac + return 1 +} + +# Check whether the host CPU is ARM/ARM64. +# Use this to gate ARM-specific hardware checks. +# Returns: 0 if ARM, 1 otherwise +is_arm_cpu() { + parse_cpu_details + case "$cpu_vendor" in + ARM | CAVIUM | PHYTIUM) return 0 ;; + esac + return 1 +} + # Check whether SMT (HyperThreading) is enabled on the system # Returns: 0 if SMT enabled, 1 otherwise is_cpu_smt_enabled() { diff --git a/src/libs/365_kernel_arch.sh b/src/libs/365_kernel_arch.sh new file mode 100644 index 0000000..5a80c64 --- /dev/null +++ b/src/libs/365_kernel_arch.sh @@ -0,0 +1,120 @@ +# vim: set ts=4 sw=4 sts=4 et: +############################### +# Kernel architecture detection helpers. +# Detects the target kernel's architecture regardless of the host system, +# enabling correct behavior in offline cross-inspection (e.g. x86 host +# analyzing an ARM kernel image or System.map). + +# Global cache; populated by _detect_kernel_arch on first call. +# Values: 'arm', 'x86', 'unknown' +g_kernel_arch='' + +# Internal: populate g_kernel_arch using all available information sources, +# in order from most to least reliable. +_detect_kernel_arch() { + # Return immediately if already detected + [ -n "$g_kernel_arch" ] && return 0 + + # arm64_sys_ is the ARM64 syscall table symbol prefix; present in any + # ARM64 System.map (or /proc/kallsyms) and in the kernel image itself. + # sys_call_table + vector_swi is the ARM (32-bit) equivalent. + if [ -n "$opt_map" ]; then + if grep -q 'arm64_sys_' "$opt_map" 2>/dev/null; then + g_kernel_arch='arm' + return 0 + fi + if grep -q ' vector_swi$' "$opt_map" 2>/dev/null; then + g_kernel_arch='arm' + return 0 + fi + fi + if [ -n "$g_kernel" ]; then + if grep -q 'arm64_sys_' "$g_kernel" 2>/dev/null; then + g_kernel_arch='arm' + return 0 + fi + fi + + # Kconfig is definitive when available + if [ -n "$opt_config" ]; then + if grep -qE '^CONFIG_(ARM64|ARM)=y' "$opt_config" 2>/dev/null; then + g_kernel_arch='arm' + return 0 + fi + if grep -qE '^CONFIG_X86(_64)?=y' "$opt_config" 2>/dev/null; then + g_kernel_arch='x86' + return 0 + fi + fi + + # Cross-compilation prefix as a last resort (e.g. --arch-prefix aarch64-linux-gnu-) + case "${opt_arch_prefix:-}" in + aarch64-* | arm64-* | arm-* | armv*-) + g_kernel_arch='arm' + return 0 + ;; + x86_64-* | i686-* | i?86-*) + g_kernel_arch='x86' + return 0 + ;; + esac + + # Last resort: if no artifacts identified the arch, assume the target + # kernel matches the host CPU. This covers live mode when no kernel + # image, config, or System.map is available. + if is_x86_cpu; then + g_kernel_arch='x86' + return 0 + fi + if is_arm_cpu; then + g_kernel_arch='arm' + return 0 + fi + + g_kernel_arch='unknown' + return 0 +} + +# Return 0 (true) if the target kernel is ARM (32 or 64-bit), 1 otherwise. +is_arm_kernel() { + _detect_kernel_arch + [ "$g_kernel_arch" = 'arm' ] +} + +# Return 0 (true) if the target kernel is x86/x86_64, 1 otherwise. +is_x86_kernel() { + _detect_kernel_arch + [ "$g_kernel_arch" = 'x86' ] +} + +# Compare the target kernel's architecture against the host CPU. +# If they differ, hardware reads (CPUID, MSR, sysfs) would reflect the host, +# not the target kernel β€” force no-hw mode to avoid misleading results. +# Sets: g_mode (when mismatch detected) +# Callers: src/main.sh (after check_kernel_info, before check_cpu) +check_kernel_cpu_arch_mismatch() { + local host_arch + _detect_kernel_arch + + host_arch='unknown' + if is_x86_cpu; then + host_arch='x86' + elif is_arm_cpu; then + host_arch='arm' + fi + + # Unsupported CPU architecture (MIPS, RISC-V, PowerPC, ...): force no-hw + # since we have no hardware-level checks for these platforms + if [ "$host_arch" = 'unknown' ]; then + pr_warn "Unsupported CPU architecture (vendor: $cpu_vendor), forcing no-hw mode" + g_mode='no-hw' + return 0 + fi + + # If kernel arch is unknown, we can't tell if there's a mismatch + [ "$g_kernel_arch" = 'unknown' ] && return 0 + [ "$host_arch" = "$g_kernel_arch" ] && return 0 + + pr_warn "Target kernel architecture ($g_kernel_arch) differs from host CPU ($host_arch), forcing no-hw mode" + g_mode='no-hw' +} diff --git a/src/vulns-helpers/check_mds.sh b/src/vulns-helpers/check_mds.sh index 6fcb72f..09b273e 100644 --- a/src/vulns-helpers/check_mds.sh +++ b/src/vulns-helpers/check_mds.sh @@ -132,50 +132,54 @@ check_mds_linux() { fi if [ "$opt_sysfs_only" != 1 ]; then - pr_info_nol "* Kernel supports using MD_CLEAR mitigation: " + # MDS is Intel-only; skip x86-specific kernel/cpuinfo checks on non-x86 kernels kernel_md_clear='' - kernel_md_clear_can_tell=1 - if [ "$opt_runtime" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw md_clear; then - kernel_md_clear="md_clear found in $g_procfs/cpuinfo" - pstatus green YES "$kernel_md_clear" - fi - if [ -z "$kernel_md_clear" ]; then - if ! command -v "${opt_arch_prefix}strings" >/dev/null 2>&1; then - kernel_md_clear_can_tell=0 - elif [ -n "$g_kernel_err" ]; then - kernel_md_clear_can_tell=0 - elif "${opt_arch_prefix}strings" "$g_kernel" | grep -q 'Clear CPU buffers'; then - pr_debug "md_clear: found 'Clear CPU buffers' string in kernel image" - kernel_md_clear='found md_clear implementation evidence in kernel image' + kernel_md_clear_can_tell=0 + if is_x86_kernel; then + pr_info_nol "* Kernel supports using MD_CLEAR mitigation: " + kernel_md_clear_can_tell=1 + if [ "$opt_runtime" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw md_clear; then + kernel_md_clear="md_clear found in $g_procfs/cpuinfo" pstatus green YES "$kernel_md_clear" fi - fi - if [ -z "$kernel_md_clear" ]; then - if [ "$kernel_md_clear_can_tell" = 1 ]; then - pstatus yellow NO - else - pstatus yellow UNKNOWN + if [ -z "$kernel_md_clear" ]; then + if ! command -v "${opt_arch_prefix}strings" >/dev/null 2>&1; then + kernel_md_clear_can_tell=0 + elif [ -n "$g_kernel_err" ]; then + kernel_md_clear_can_tell=0 + elif "${opt_arch_prefix}strings" "$g_kernel" | grep -q 'Clear CPU buffers'; then + pr_debug "md_clear: found 'Clear CPU buffers' string in kernel image" + kernel_md_clear='found md_clear implementation evidence in kernel image' + pstatus green YES "$kernel_md_clear" + fi + fi + if [ -z "$kernel_md_clear" ]; then + if [ "$kernel_md_clear_can_tell" = 1 ]; then + pstatus yellow NO + else + pstatus yellow UNKNOWN + fi fi - fi - if [ "$opt_runtime" = 1 ] && [ "$sys_interface_available" = 1 ]; then - pr_info_nol "* Kernel mitigation is enabled and active: " - if echo "$ret_sys_interface_check_fullmsg" | grep -qi ^mitigation; then - mds_mitigated=1 - pstatus green YES - else - mds_mitigated=0 - pstatus yellow NO + if [ "$opt_runtime" = 1 ] && [ "$sys_interface_available" = 1 ]; then + pr_info_nol "* Kernel mitigation is enabled and active: " + if echo "$ret_sys_interface_check_fullmsg" | grep -qi ^mitigation; then + mds_mitigated=1 + pstatus green YES + else + mds_mitigated=0 + pstatus yellow NO + fi + pr_info_nol "* SMT is either mitigated or disabled: " + if echo "$ret_sys_interface_check_fullmsg" | grep -Eq 'SMT (disabled|mitigated)'; then + mds_smt_mitigated=1 + pstatus green YES + else + mds_smt_mitigated=0 + pstatus yellow NO + fi fi - pr_info_nol "* SMT is either mitigated or disabled: " - if echo "$ret_sys_interface_check_fullmsg" | grep -Eq 'SMT (disabled|mitigated)'; then - mds_smt_mitigated=1 - pstatus green YES - else - mds_smt_mitigated=0 - pstatus yellow NO - fi - fi + fi # is_x86_kernel elif [ "$sys_interface_available" = 0 ]; then # we have no sysfs but were asked to use it only! msg="/sys vulnerability interface use forced, but it's not available!" diff --git a/src/vulns-helpers/check_mmio.sh b/src/vulns-helpers/check_mmio.sh index 683c2d5..122462b 100644 --- a/src/vulns-helpers/check_mmio.sh +++ b/src/vulns-helpers/check_mmio.sh @@ -125,61 +125,65 @@ check_mmio_linux() { fi if [ "$opt_sysfs_only" != 1 ]; then - pr_info_nol "* Kernel supports MMIO Stale Data mitigation: " + # MMIO Stale Data is Intel-only; skip x86-specific kernel/MSR checks on non-x86 kernels kernel_mmio='' - kernel_mmio_can_tell=1 - if [ -n "$g_kernel_err" ]; then - kernel_mmio_can_tell=0 - elif grep -q 'mmio_stale_data' "$g_kernel" 2>/dev/null; then - pr_debug "mmio: found 'mmio_stale_data' string in kernel image" - kernel_mmio='found MMIO Stale Data mitigation evidence in kernel image' - pstatus green YES "$kernel_mmio" - fi - if [ -z "$kernel_mmio" ] && [ -n "$opt_config" ] && grep -q '^CONFIG_MITIGATION_MMIO_STALE_DATA=y' "$opt_config"; then - kernel_mmio='found MMIO Stale Data mitigation config option enabled' - pstatus green YES "$kernel_mmio" - fi - if [ -z "$kernel_mmio" ] && [ -n "$opt_map" ]; then - if grep -qE 'mmio_select_mitigation|cpu_show_mmio_stale_data' "$opt_map"; then - kernel_mmio='found MMIO Stale Data mitigation function in System.map' + kernel_mmio_can_tell=0 + if is_x86_kernel; then + pr_info_nol "* Kernel supports MMIO Stale Data mitigation: " + kernel_mmio_can_tell=1 + if [ -n "$g_kernel_err" ]; then + kernel_mmio_can_tell=0 + elif grep -q 'mmio_stale_data' "$g_kernel" 2>/dev/null; then + pr_debug "mmio: found 'mmio_stale_data' string in kernel image" + kernel_mmio='found MMIO Stale Data mitigation evidence in kernel image' pstatus green YES "$kernel_mmio" fi - fi - if [ -z "$kernel_mmio" ]; then - if [ "$kernel_mmio_can_tell" = 1 ]; then - pstatus yellow NO - else + if [ -z "$kernel_mmio" ] && [ -n "$opt_config" ] && grep -q '^CONFIG_MITIGATION_MMIO_STALE_DATA=y' "$opt_config"; then + kernel_mmio='found MMIO Stale Data mitigation config option enabled' + pstatus green YES "$kernel_mmio" + fi + if [ -z "$kernel_mmio" ] && [ -n "$opt_map" ]; then + if grep -qE 'mmio_select_mitigation|cpu_show_mmio_stale_data' "$opt_map"; then + kernel_mmio='found MMIO Stale Data mitigation function in System.map' + pstatus green YES "$kernel_mmio" + fi + fi + if [ -z "$kernel_mmio" ]; then + if [ "$kernel_mmio_can_tell" = 1 ]; then + pstatus yellow NO + else + pstatus yellow UNKNOWN + fi + fi + + pr_info_nol "* CPU microcode supports Fill Buffer clearing: " + if [ "$cap_fb_clear" = -1 ]; then pstatus yellow UNKNOWN - fi - fi - - pr_info_nol "* CPU microcode supports Fill Buffer clearing: " - if [ "$cap_fb_clear" = -1 ]; then - pstatus yellow UNKNOWN - elif [ "$cap_fb_clear" = 1 ]; then - pstatus green YES - else - pstatus yellow NO - fi - - if [ "$opt_runtime" = 1 ] && [ "$sys_interface_available" = 1 ]; then - pr_info_nol "* Kernel mitigation is enabled and active: " - if echo "$ret_sys_interface_check_fullmsg" | grep -qi ^mitigation; then - mmio_mitigated=1 + elif [ "$cap_fb_clear" = 1 ]; then pstatus green YES else - mmio_mitigated=0 pstatus yellow NO fi - pr_info_nol "* SMT is either mitigated or disabled: " - if echo "$ret_sys_interface_check_fullmsg" | grep -Eq 'SMT (disabled|mitigated)'; then - mmio_smt_mitigated=1 - pstatus green YES - else - mmio_smt_mitigated=0 - pstatus yellow NO + + if [ "$opt_runtime" = 1 ] && [ "$sys_interface_available" = 1 ]; then + pr_info_nol "* Kernel mitigation is enabled and active: " + if echo "$ret_sys_interface_check_fullmsg" | grep -qi ^mitigation; then + mmio_mitigated=1 + pstatus green YES + else + mmio_mitigated=0 + pstatus yellow NO + fi + pr_info_nol "* SMT is either mitigated or disabled: " + if echo "$ret_sys_interface_check_fullmsg" | grep -Eq 'SMT (disabled|mitigated)'; then + mmio_smt_mitigated=1 + pstatus green YES + else + mmio_smt_mitigated=0 + pstatus yellow NO + fi fi - fi + fi # is_x86_kernel elif [ "$sys_interface_available" = 0 ]; then # we have no sysfs but were asked to use it only! msg="/sys vulnerability interface use forced, but it's not available!" diff --git a/src/vulns-helpers/check_sls.sh b/src/vulns-helpers/check_sls.sh index b640a8e..058949a 100644 --- a/src/vulns-helpers/check_sls.sh +++ b/src/vulns-helpers/check_sls.sh @@ -173,10 +173,8 @@ check_CVE_0000_0001_linux() { return fi - # --- arm64: no kernel mitigation available --- - local _sls_arch - _sls_arch=$(uname -m 2>/dev/null || echo unknown) - if echo "$_sls_arch" | grep -qw 'aarch64'; then + # --- ARM: no kernel mitigation available --- + if is_arm_kernel; then pvulnstatus "$cve" VULN "no kernel mitigation available for arm64 SLS (CVE-2020-13844)" explain "Your ARM processor is affected by Straight-Line Speculation (CVE-2020-13844).\n" \ "GCC and Clang support -mharden-sls=all for aarch64, which inserts SB (Speculation Barrier)\n" \ @@ -186,7 +184,12 @@ check_CVE_0000_0001_linux() { return fi - # --- method 1: kernel config check (x86_64) --- + # --- x86: config check and binary heuristic --- + if ! is_x86_kernel; then + pvulnstatus "$cve" UNK "SLS mitigation detection not supported for this kernel architecture" + return + fi + local _sls_config='' if [ -n "$opt_config" ] && [ -r "$opt_config" ]; then pr_info_nol " * Kernel compiled with SLS mitigation: " diff --git a/src/vulns/CVE-2017-5715.sh b/src/vulns/CVE-2017-5715.sh index 88b4f81..eb1fc33 100644 --- a/src/vulns/CVE-2017-5715.sh +++ b/src/vulns/CVE-2017-5715.sh @@ -256,631 +256,643 @@ check_CVE_2017_5715_linux() { v2_vuln_module='' v2_is_autoibrs=0 - pr_info "* Mitigation 1" + # Mitigation 1 (IBRS/IBPB) and Mitigation 3 (sub-mitigations) are x86-only. + # On ARM64, only Mitigation 2 (branch predictor hardening) is relevant. + if is_x86_kernel; then - g_ibrs_can_tell=0 - g_ibrs_supported='' - g_ibrs_enabled='' - g_ibpb_can_tell=0 - g_ibpb_supported='' - g_ibpb_enabled='' + pr_info "* Mitigation 1" - if [ "$opt_runtime" = 1 ]; then - # in live mode, we can check for the ibrs_enabled file in debugfs - # all versions of the patches have it (NOT the case of IBPB or KPTI) - g_ibrs_can_tell=1 - mount_debugfs - for dir in \ - $DEBUGFS_BASE \ - $DEBUGFS_BASE/x86 \ - "$g_procfs/sys/kernel"; do - if [ -e "$dir/ibrs_enabled" ]; then - # if the file is there, we have IBRS compiled-in - # $DEBUGFS_BASE/ibrs_enabled: vanilla - # $DEBUGFS_BASE/x86/ibrs_enabled: Red Hat (see https://access.redhat.com/articles/3311301) - # /proc/sys/kernel/ibrs_enabled: OpenSUSE tumbleweed - g_specex_knob_dir=$dir - g_ibrs_supported="$dir/ibrs_enabled exists" - g_ibrs_enabled=$(cat "$dir/ibrs_enabled" 2>/dev/null) - pr_debug "ibrs: found $dir/ibrs_enabled=$g_ibrs_enabled" - # if ibrs_enabled is there, ibpb_enabled will be in the same dir - if [ -e "$dir/ibpb_enabled" ]; then - # if the file is there, we have IBPB compiled-in (see note above for IBRS) - g_ibpb_supported="$dir/ibpb_enabled exists" - g_ibpb_enabled=$(cat "$dir/ibpb_enabled" 2>/dev/null) - pr_debug "ibpb: found $dir/ibpb_enabled=$g_ibpb_enabled" - else - pr_debug "ibpb: $dir/ibpb_enabled file doesn't exist" - fi - break - else - pr_debug "ibrs: $dir/ibrs_enabled file doesn't exist" - fi - done - # on some newer kernels, the spec_ctrl_ibrs flag in "$g_procfs/cpuinfo" - # is set when ibrs has been administratively enabled (usually from cmdline) - # which in that case means ibrs is supported *and* enabled for kernel & user - # as per the ibrs patch series v3 - if [ -z "$g_ibrs_supported" ]; then - if grep ^flags "$g_procfs/cpuinfo" | grep -qw spec_ctrl_ibrs; then - pr_debug "ibrs: found spec_ctrl_ibrs flag in $g_procfs/cpuinfo" - g_ibrs_supported="spec_ctrl_ibrs flag in $g_procfs/cpuinfo" - # enabled=2 -> kernel & user - g_ibrs_enabled=2 - # XXX and what about ibpb ? - fi - fi - if [ -n "$ret_sys_interface_check_fullmsg" ]; then - # when IBPB is enabled on 4.15+, we can see it in sysfs - if echo "$ret_sys_interface_check_fullmsg" | grep -q 'IBPB'; then - pr_debug "ibpb: found enabled in sysfs" - [ -z "$g_ibpb_supported" ] && g_ibpb_supported='IBPB found enabled in sysfs' - [ -z "$g_ibpb_enabled" ] && g_ibpb_enabled=1 - fi - # when IBRS_FW is enabled on 4.15+, we can see it in sysfs - if echo "$ret_sys_interface_check_fullmsg" | grep -q '[,;] IBRS_FW'; then - pr_debug "ibrs: found IBRS_FW in sysfs" - [ -z "$g_ibrs_supported" ] && g_ibrs_supported='found IBRS_FW in sysfs' - g_ibrs_fw_enabled=1 - fi - # when IBRS is enabled on 4.15+, we can see it in sysfs - # on a more recent kernel, classic "IBRS" is not even longer an option, because of the performance impact. - # only "Enhanced IBRS" is available (on CPUs with the IBRS_ALL flag) - if echo "$ret_sys_interface_check_fullmsg" | grep -q -e '\' -e 'Indirect Branch Restricted Speculation'; then - pr_debug "ibrs: found IBRS in sysfs" - [ -z "$g_ibrs_supported" ] && g_ibrs_supported='found IBRS in sysfs' - [ -z "$g_ibrs_enabled" ] && g_ibrs_enabled=3 - fi - # checking for 'Enhanced IBRS' in sysfs, enabled on CPUs with IBRS_ALL - if echo "$ret_sys_interface_check_fullmsg" | grep -q -e 'Enhanced IBRS'; then - [ -z "$g_ibrs_supported" ] && g_ibrs_supported='found Enhanced IBRS in sysfs' - # 4 isn't actually a valid value of the now extinct "g_ibrs_enabled" flag file, - # that only went from 0 to 3, so we use 4 as "enhanced ibrs is enabled" - g_ibrs_enabled=4 - fi - fi - # in live mode, if ibrs or ibpb is supported and we didn't find these are enabled, then they are not - [ -n "$g_ibrs_supported" ] && [ -z "$g_ibrs_enabled" ] && g_ibrs_enabled=0 - [ -n "$g_ibpb_supported" ] && [ -z "$g_ibpb_enabled" ] && g_ibpb_enabled=0 - fi - if [ -z "$g_ibrs_supported" ]; then - check_redhat_canonical_spectre - if [ "$g_redhat_canonical_spectre" = 1 ]; then - g_ibrs_supported="Red Hat/Ubuntu variant" - g_ibpb_supported="Red Hat/Ubuntu variant" - fi - fi - if [ -z "$g_ibrs_supported" ] && [ -n "$g_kernel" ]; then - if ! command -v "${opt_arch_prefix}strings" >/dev/null 2>&1; then - : - else + g_ibrs_can_tell=0 + g_ibrs_supported='' + g_ibrs_enabled='' + g_ibpb_can_tell=0 + g_ibpb_supported='' + g_ibpb_enabled='' + + if [ "$opt_runtime" = 1 ]; then + # in live mode, we can check for the ibrs_enabled file in debugfs + # all versions of the patches have it (NOT the case of IBPB or KPTI) g_ibrs_can_tell=1 - g_ibrs_supported=$("${opt_arch_prefix}strings" "$g_kernel" | grep -Fw -e '[,;] IBRS_FW' | head -n1) - if [ -n "$g_ibrs_supported" ]; then - pr_debug "ibrs: found ibrs evidence in kernel image ($g_ibrs_supported)" - g_ibrs_supported="found '$g_ibrs_supported' in kernel image" + mount_debugfs + for dir in \ + $DEBUGFS_BASE \ + $DEBUGFS_BASE/x86 \ + "$g_procfs/sys/kernel"; do + if [ -e "$dir/ibrs_enabled" ]; then + # if the file is there, we have IBRS compiled-in + # $DEBUGFS_BASE/ibrs_enabled: vanilla + # $DEBUGFS_BASE/x86/ibrs_enabled: Red Hat (see https://access.redhat.com/articles/3311301) + # /proc/sys/kernel/ibrs_enabled: OpenSUSE tumbleweed + g_specex_knob_dir=$dir + g_ibrs_supported="$dir/ibrs_enabled exists" + g_ibrs_enabled=$(cat "$dir/ibrs_enabled" 2>/dev/null) + pr_debug "ibrs: found $dir/ibrs_enabled=$g_ibrs_enabled" + # if ibrs_enabled is there, ibpb_enabled will be in the same dir + if [ -e "$dir/ibpb_enabled" ]; then + # if the file is there, we have IBPB compiled-in (see note above for IBRS) + g_ibpb_supported="$dir/ibpb_enabled exists" + g_ibpb_enabled=$(cat "$dir/ibpb_enabled" 2>/dev/null) + pr_debug "ibpb: found $dir/ibpb_enabled=$g_ibpb_enabled" + else + pr_debug "ibpb: $dir/ibpb_enabled file doesn't exist" + fi + break + else + pr_debug "ibrs: $dir/ibrs_enabled file doesn't exist" + fi + done + # on some newer kernels, the spec_ctrl_ibrs flag in "$g_procfs/cpuinfo" + # is set when ibrs has been administratively enabled (usually from cmdline) + # which in that case means ibrs is supported *and* enabled for kernel & user + # as per the ibrs patch series v3 + if [ -z "$g_ibrs_supported" ]; then + if grep ^flags "$g_procfs/cpuinfo" | grep -qw spec_ctrl_ibrs; then + pr_debug "ibrs: found spec_ctrl_ibrs flag in $g_procfs/cpuinfo" + g_ibrs_supported="spec_ctrl_ibrs flag in $g_procfs/cpuinfo" + # enabled=2 -> kernel & user + g_ibrs_enabled=2 + # XXX and what about ibpb ? + fi + fi + if [ -n "$ret_sys_interface_check_fullmsg" ]; then + # when IBPB is enabled on 4.15+, we can see it in sysfs + if echo "$ret_sys_interface_check_fullmsg" | grep -q 'IBPB'; then + pr_debug "ibpb: found enabled in sysfs" + [ -z "$g_ibpb_supported" ] && g_ibpb_supported='IBPB found enabled in sysfs' + [ -z "$g_ibpb_enabled" ] && g_ibpb_enabled=1 + fi + # when IBRS_FW is enabled on 4.15+, we can see it in sysfs + if echo "$ret_sys_interface_check_fullmsg" | grep -q '[,;] IBRS_FW'; then + pr_debug "ibrs: found IBRS_FW in sysfs" + [ -z "$g_ibrs_supported" ] && g_ibrs_supported='found IBRS_FW in sysfs' + g_ibrs_fw_enabled=1 + fi + # when IBRS is enabled on 4.15+, we can see it in sysfs + # on a more recent kernel, classic "IBRS" is not even longer an option, because of the performance impact. + # only "Enhanced IBRS" is available (on CPUs with the IBRS_ALL flag) + if echo "$ret_sys_interface_check_fullmsg" | grep -q -e '\' -e 'Indirect Branch Restricted Speculation'; then + pr_debug "ibrs: found IBRS in sysfs" + [ -z "$g_ibrs_supported" ] && g_ibrs_supported='found IBRS in sysfs' + [ -z "$g_ibrs_enabled" ] && g_ibrs_enabled=3 + fi + # checking for 'Enhanced IBRS' in sysfs, enabled on CPUs with IBRS_ALL + if echo "$ret_sys_interface_check_fullmsg" | grep -q -e 'Enhanced IBRS'; then + [ -z "$g_ibrs_supported" ] && g_ibrs_supported='found Enhanced IBRS in sysfs' + # 4 isn't actually a valid value of the now extinct "g_ibrs_enabled" flag file, + # that only went from 0 to 3, so we use 4 as "enhanced ibrs is enabled" + g_ibrs_enabled=4 + fi + fi + # in live mode, if ibrs or ibpb is supported and we didn't find these are enabled, then they are not + [ -n "$g_ibrs_supported" ] && [ -z "$g_ibrs_enabled" ] && g_ibrs_enabled=0 + [ -n "$g_ibpb_supported" ] && [ -z "$g_ibpb_enabled" ] && g_ibpb_enabled=0 + fi + if [ -z "$g_ibrs_supported" ]; then + check_redhat_canonical_spectre + if [ "$g_redhat_canonical_spectre" = 1 ]; then + g_ibrs_supported="Red Hat/Ubuntu variant" + g_ibpb_supported="Red Hat/Ubuntu variant" fi fi - fi - if [ -z "$g_ibrs_supported" ] && [ -n "$opt_map" ]; then - g_ibrs_can_tell=1 - if grep -q spec_ctrl "$opt_map"; then - g_ibrs_supported="found spec_ctrl in symbols file" - pr_debug "ibrs: found '*spec_ctrl*' symbol in $opt_map" - elif grep -q -e spectre_v2_select_mitigation -e spectre_v2_apply_mitigation "$opt_map"; then - # spectre_v2_select_mitigation exists since v4.15; split into - # spectre_v2_select_mitigation + spectre_v2_apply_mitigation in v6.16 - g_ibrs_supported="found spectre_v2 mitigation function in symbols file" - pr_debug "ibrs: found spectre_v2_*_mitigation symbol in $opt_map" - fi - fi - # CONFIG_CPU_IBRS_ENTRY (v5.19) / CONFIG_MITIGATION_IBRS_ENTRY (v6.9): kernel IBRS on entry - if [ -z "$g_ibrs_supported" ] && [ -n "$opt_config" ] && [ -r "$opt_config" ]; then - g_ibrs_can_tell=1 - if grep -q '^CONFIG_\(CPU_\|MITIGATION_\)IBRS_ENTRY=y' "$opt_config"; then - g_ibrs_supported="CONFIG_CPU_IBRS_ENTRY/CONFIG_MITIGATION_IBRS_ENTRY found in kernel config" - pr_debug "ibrs: found IBRS entry config option in $opt_config" - fi - fi - # recent (4.15) vanilla kernels have IBPB but not IBRS, and without the debugfs tunables of Red Hat - # we can detect it directly in the image - if [ -z "$g_ibpb_supported" ] && [ -n "$g_kernel" ]; then - if ! command -v "${opt_arch_prefix}strings" >/dev/null 2>&1; then - : - else - g_ibpb_can_tell=1 - g_ibpb_supported=$("${opt_arch_prefix}strings" "$g_kernel" | grep -Fw -e 'ibpb' -e ', IBPB' | head -n1) - if [ -n "$g_ibpb_supported" ]; then - pr_debug "ibpb: found ibpb evidence in kernel image ($g_ibpb_supported)" - g_ibpb_supported="found '$g_ibpb_supported' in kernel image" + if [ -z "$g_ibrs_supported" ] && [ -n "$g_kernel" ]; then + if ! command -v "${opt_arch_prefix}strings" >/dev/null 2>&1; then + : + else + g_ibrs_can_tell=1 + g_ibrs_supported=$("${opt_arch_prefix}strings" "$g_kernel" | grep -Fw -e '[,;] IBRS_FW' | head -n1) + if [ -n "$g_ibrs_supported" ]; then + pr_debug "ibrs: found ibrs evidence in kernel image ($g_ibrs_supported)" + g_ibrs_supported="found '$g_ibrs_supported' in kernel image" + fi fi fi - fi - - pr_info_nol " * Kernel is compiled with IBRS support: " - if [ -z "$g_ibrs_supported" ]; then - if [ "$g_ibrs_can_tell" = 1 ]; then - pstatus yellow NO - else - # problem obtaining/inspecting kernel or strings not installed, but if the later is true, - # then readelf is not installed either (both in binutils) which makes the former true, so - # either way g_kernel_err should be set - pstatus yellow UNKNOWN "couldn't check ($g_kernel_err)" + if [ -z "$g_ibrs_supported" ] && [ -n "$opt_map" ]; then + g_ibrs_can_tell=1 + if grep -q spec_ctrl "$opt_map"; then + g_ibrs_supported="found spec_ctrl in symbols file" + pr_debug "ibrs: found '*spec_ctrl*' symbol in $opt_map" + elif grep -q -e spectre_v2_select_mitigation -e spectre_v2_apply_mitigation "$opt_map"; then + # spectre_v2_select_mitigation exists since v4.15; split into + # spectre_v2_select_mitigation + spectre_v2_apply_mitigation in v6.16 + g_ibrs_supported="found spectre_v2 mitigation function in symbols file" + pr_debug "ibrs: found spectre_v2_*_mitigation symbol in $opt_map" + fi fi - else - if [ "$opt_verbose" -ge 2 ]; then - pstatus green YES "$g_ibrs_supported" - else - pstatus green YES + # CONFIG_CPU_IBRS_ENTRY (v5.19) / CONFIG_MITIGATION_IBRS_ENTRY (v6.9): kernel IBRS on entry + if [ -z "$g_ibrs_supported" ] && [ -n "$opt_config" ] && [ -r "$opt_config" ]; then + g_ibrs_can_tell=1 + if grep -q '^CONFIG_\(CPU_\|MITIGATION_\)IBRS_ENTRY=y' "$opt_config"; then + g_ibrs_supported="CONFIG_CPU_IBRS_ENTRY/CONFIG_MITIGATION_IBRS_ENTRY found in kernel config" + pr_debug "ibrs: found IBRS entry config option in $opt_config" + fi + fi + # recent (4.15) vanilla kernels have IBPB but not IBRS, and without the debugfs tunables of Red Hat + # we can detect it directly in the image + if [ -z "$g_ibpb_supported" ] && [ -n "$g_kernel" ]; then + if ! command -v "${opt_arch_prefix}strings" >/dev/null 2>&1; then + : + else + g_ibpb_can_tell=1 + g_ibpb_supported=$("${opt_arch_prefix}strings" "$g_kernel" | grep -Fw -e 'ibpb' -e ', IBPB' | head -n1) + if [ -n "$g_ibpb_supported" ]; then + pr_debug "ibpb: found ibpb evidence in kernel image ($g_ibpb_supported)" + g_ibpb_supported="found '$g_ibpb_supported' in kernel image" + fi + fi fi - fi - pr_info_nol " * IBRS enabled and active: " - if [ "$opt_runtime" = 1 ]; then - if [ "$g_ibpb_enabled" = 2 ]; then - # if ibpb=2, ibrs is forcefully=0 - pstatus blue NO "IBPB used instead of IBRS in all kernel entrypoints" + pr_info_nol " * Kernel is compiled with IBRS support: " + if [ -z "$g_ibrs_supported" ]; then + if [ "$g_ibrs_can_tell" = 1 ]; then + pstatus yellow NO + else + # problem obtaining/inspecting kernel or strings not installed, but if the later is true, + # then readelf is not installed either (both in binutils) which makes the former true, so + # either way g_kernel_err should be set + pstatus yellow UNKNOWN "couldn't check ($g_kernel_err)" + fi else - # 0 means disabled - # 1 is enabled only for kernel space - # 2 is enabled for kernel and user space - # 3 is enabled - # 4 is enhanced ibrs enabled - case "$g_ibrs_enabled" in - 0) - if [ "$g_ibrs_fw_enabled" = 1 ]; then - pstatus blue YES "for firmware code only" + if [ "$opt_verbose" -ge 2 ]; then + pstatus green YES "$g_ibrs_supported" + else + pstatus green YES + fi + fi + + pr_info_nol " * IBRS enabled and active: " + if [ "$opt_runtime" = 1 ]; then + if [ "$g_ibpb_enabled" = 2 ]; then + # if ibpb=2, ibrs is forcefully=0 + pstatus blue NO "IBPB used instead of IBRS in all kernel entrypoints" + else + # 0 means disabled + # 1 is enabled only for kernel space + # 2 is enabled for kernel and user space + # 3 is enabled + # 4 is enhanced ibrs enabled + case "$g_ibrs_enabled" in + 0) + if [ "$g_ibrs_fw_enabled" = 1 ]; then + pstatus blue YES "for firmware code only" + else + pstatus yellow NO + fi + ;; + 1) if [ "$g_ibrs_fw_enabled" = 1 ]; then pstatus green YES "for kernel space and firmware code"; else pstatus green YES "for kernel space"; fi ;; + 2) if [ "$g_ibrs_fw_enabled" = 1 ]; then pstatus green YES "for kernel, user space, and firmware code"; else pstatus green YES "for both kernel and user space"; fi ;; + 3) if [ "$g_ibrs_fw_enabled" = 1 ]; then pstatus green YES "for kernel and firmware code"; else pstatus green YES; fi ;; + 4) pstatus green YES "Enhanced flavor, performance impact will be greatly reduced" ;; + *) if [ "$cap_ibrs" != 'SPEC_CTRL' ] && [ "$cap_ibrs" != 'IBRS_SUPPORT' ] && [ "$cap_spec_ctrl" != -1 ]; then + pstatus yellow NO + pr_debug "ibrs: known cpu not supporting SPEC-CTRL or IBRS" + else + pstatus yellow UNKNOWN + fi ;; + esac + fi + else + pstatus blue N/A "not testable in no-runtime mode" + fi + + pr_info_nol " * Kernel is compiled with IBPB support: " + if [ -z "$g_ibpb_supported" ]; then + if [ "$g_ibpb_can_tell" = 1 ]; then + pstatus yellow NO + else + # if we're in no-runtime mode without System.map, we can't really know + pstatus yellow UNKNOWN "in no-runtime mode, we need the kernel image to be able to tell" + fi + else + if [ "$opt_verbose" -ge 2 ]; then + pstatus green YES "$g_ibpb_supported" + else + pstatus green YES + fi + fi + + pr_info_nol " * IBPB enabled and active: " + if [ "$opt_runtime" = 1 ]; then + case "$g_ibpb_enabled" in + "") + if [ "$g_ibrs_supported" = 1 ]; then + pstatus yellow UNKNOWN else pstatus yellow NO fi ;; - 1) if [ "$g_ibrs_fw_enabled" = 1 ]; then pstatus green YES "for kernel space and firmware code"; else pstatus green YES "for kernel space"; fi ;; - 2) if [ "$g_ibrs_fw_enabled" = 1 ]; then pstatus green YES "for kernel, user space, and firmware code"; else pstatus green YES "for both kernel and user space"; fi ;; - 3) if [ "$g_ibrs_fw_enabled" = 1 ]; then pstatus green YES "for kernel and firmware code"; else pstatus green YES; fi ;; - 4) pstatus green YES "Enhanced flavor, performance impact will be greatly reduced" ;; - *) if [ "$cap_ibrs" != 'SPEC_CTRL' ] && [ "$cap_ibrs" != 'IBRS_SUPPORT' ] && [ "$cap_spec_ctrl" != -1 ]; then + 0) pstatus yellow NO - pr_debug "ibrs: known cpu not supporting SPEC-CTRL or IBRS" - else - pstatus yellow UNKNOWN - fi ;; + ;; + 1) pstatus green YES ;; + 2) pstatus green YES "IBPB used instead of IBRS in all kernel entrypoints" ;; + *) pstatus yellow UNKNOWN ;; esac - fi - else - pstatus blue N/A "not testable in no-runtime mode" - fi - - pr_info_nol " * Kernel is compiled with IBPB support: " - if [ -z "$g_ibpb_supported" ]; then - if [ "$g_ibpb_can_tell" = 1 ]; then - pstatus yellow NO else - # if we're in no-runtime mode without System.map, we can't really know - pstatus yellow UNKNOWN "in no-runtime mode, we need the kernel image to be able to tell" + pstatus blue N/A "not testable in no-runtime mode" fi - else - if [ "$opt_verbose" -ge 2 ]; then - pstatus green YES "$g_ibpb_supported" - else - pstatus green YES - fi - fi - pr_info_nol " * IBPB enabled and active: " - if [ "$opt_runtime" = 1 ]; then - case "$g_ibpb_enabled" in - "") - if [ "$g_ibrs_supported" = 1 ]; then - pstatus yellow UNKNOWN - else - pstatus yellow NO - fi - ;; - 0) - pstatus yellow NO - ;; - 1) pstatus green YES ;; - 2) pstatus green YES "IBPB used instead of IBRS in all kernel entrypoints" ;; - *) pstatus yellow UNKNOWN ;; - esac - else - pstatus blue N/A "not testable in no-runtime mode" - fi + fi # is_x86_kernel (Mitigation 1) - pr_info "* Mitigation 2" - pr_info_nol " * Kernel has branch predictor hardening (arm): " bp_harden_can_tell=0 bp_harden='' - if [ -r "$opt_config" ]; then - bp_harden_can_tell=1 - bp_harden=$(grep -w 'CONFIG_HARDEN_BRANCH_PREDICTOR=y' "$opt_config") - if [ -n "$bp_harden" ]; then - pstatus green YES - pr_debug "bp_harden: found '$bp_harden' in $opt_config" - fi - fi - if [ -z "$bp_harden" ] && [ -n "$opt_map" ]; then - bp_harden_can_tell=1 - bp_harden=$(grep -w bp_hardening_data "$opt_map") - if [ -n "$bp_harden" ]; then - pstatus green YES - pr_debug "bp_harden: found '$bp_harden' in $opt_map" - fi - fi - if [ -z "$bp_harden" ]; then - if [ "$bp_harden_can_tell" = 1 ]; then - pstatus yellow NO - else - pstatus yellow UNKNOWN - fi - fi - - pr_info_nol " * Kernel compiled with retpoline option: " - # We check the RETPOLINE kernel options - retpoline=0 - if [ -r "$opt_config" ]; then - if grep -q '^CONFIG_\(MITIGATION_\)\?RETPOLINE=y' "$opt_config"; then - pstatus green YES - retpoline=1 - # shellcheck disable=SC2046 - pr_debug 'retpoline: found '$(grep '^CONFIG_\(MITIGATION_\)\?RETPOLINE' "$opt_config")" in $opt_config" - else - pstatus yellow NO - fi - else - pstatus yellow UNKNOWN "couldn't read your kernel configuration" - fi - - if [ "$retpoline" = 1 ]; then - # Now check if the compiler used to compile the kernel knows how to insert retpolines in generated asm - # For gcc, this is -mindirect-branch=thunk-extern (detected by the kernel makefiles) - # See gcc commit https://github.com/hjl-tools/gcc/commit/23b517d4a67c02d3ef80b6109218f2aadad7bd79 - # In latest retpoline LKML patches, the noretpoline_setup symbol exists only if CONFIG_MITIGATION_RETPOLINE is set - # *AND* if the compiler is retpoline-compliant, so look for that symbol. The name of this kernel config - # option before version 6.9-rc1 is CONFIG_RETPOLINE. - # - # if there is "retpoline" in the file and NOT "minimal", then it's full retpoline - # (works for vanilla and Red Hat variants) - # - # since 5.15.28, this is now "Retpolines" as the implementation was switched to a generic one, - # so we look for both "retpoline" and "retpolines" - if [ "$opt_runtime" = 1 ] && [ -n "$ret_sys_interface_check_fullmsg" ]; then - if echo "$ret_sys_interface_check_fullmsg" | grep -qwi -e retpoline -e retpolines; then - if echo "$ret_sys_interface_check_fullmsg" | grep -qwi minimal; then - retpoline_compiler=0 - retpoline_compiler_reason="kernel reports minimal retpoline compilation" - else - retpoline_compiler=1 - retpoline_compiler_reason="kernel reports full retpoline compilation" - fi - fi - elif [ -n "$opt_map" ]; then - # look for the symbol - if grep -qw noretpoline_setup "$opt_map"; then - retpoline_compiler=1 - retpoline_compiler_reason="noretpoline_setup symbol found in System.map" - fi - elif [ -n "$g_kernel" ]; then - # look for the symbol - if command -v "${opt_arch_prefix}nm" >/dev/null 2>&1; then - # the proper way: use nm and look for the symbol - if "${opt_arch_prefix}nm" "$g_kernel" 2>/dev/null | grep -qw 'noretpoline_setup'; then - retpoline_compiler=1 - retpoline_compiler_reason="noretpoline_setup found in kernel symbols" - fi - elif grep -q noretpoline_setup "$g_kernel"; then - # if we don't have nm, nevermind, the symbol name is long enough to not have - # any false positive using good old grep directly on the binary - retpoline_compiler=1 - retpoline_compiler_reason="noretpoline_setup found in kernel" - fi - fi - if [ -n "$retpoline_compiler" ]; then - pr_info_nol " * Kernel compiled with a retpoline-aware compiler: " - if [ "$retpoline_compiler" = 1 ]; then - if [ -n "$retpoline_compiler_reason" ]; then - pstatus green YES "$retpoline_compiler_reason" - else - pstatus green YES - fi - else - if [ -n "$retpoline_compiler_reason" ]; then - pstatus red NO "$retpoline_compiler_reason" - else - pstatus red NO - fi - fi - fi - fi - - # only Red Hat has a tunable to disable it on runtime - retp_enabled=-1 - if [ "$opt_runtime" = 1 ]; then - if [ -e "$g_specex_knob_dir/retp_enabled" ]; then - retp_enabled=$(cat "$g_specex_knob_dir/retp_enabled" 2>/dev/null) - pr_debug "retpoline: found $g_specex_knob_dir/retp_enabled=$retp_enabled" - pr_info_nol " * Retpoline is enabled: " - if [ "$retp_enabled" = 1 ]; then + if is_arm_kernel; then + pr_info "* Mitigation 2" + pr_info_nol " * Kernel has branch predictor hardening (arm): " + if [ -r "$opt_config" ]; then + bp_harden_can_tell=1 + bp_harden=$(grep -w 'CONFIG_HARDEN_BRANCH_PREDICTOR=y' "$opt_config") + if [ -n "$bp_harden" ]; then pstatus green YES + pr_debug "bp_harden: found '$bp_harden' in $opt_config" + fi + fi + if [ -z "$bp_harden" ] && [ -n "$opt_map" ]; then + bp_harden_can_tell=1 + bp_harden=$(grep -w bp_hardening_data "$opt_map") + if [ -n "$bp_harden" ]; then + pstatus green YES + pr_debug "bp_harden: found '$bp_harden' in $opt_map" + fi + fi + if [ -z "$bp_harden" ]; then + if [ "$bp_harden_can_tell" = 1 ]; then + pstatus yellow NO + else + pstatus yellow UNKNOWN + fi + fi + fi + + if is_x86_kernel; then + + pr_info_nol " * Kernel compiled with retpoline option: " + # We check the RETPOLINE kernel options + retpoline=0 + if [ -r "$opt_config" ]; then + if grep -q '^CONFIG_\(MITIGATION_\)\?RETPOLINE=y' "$opt_config"; then + pstatus green YES + retpoline=1 + # shellcheck disable=SC2046 + pr_debug 'retpoline: found '$(grep '^CONFIG_\(MITIGATION_\)\?RETPOLINE' "$opt_config")" in $opt_config" else pstatus yellow NO fi - fi - fi - - # only for information, in verbose mode - if [ "$opt_verbose" -ge 2 ]; then - pr_info_nol " * Local gcc is retpoline-aware: " - if command -v gcc >/dev/null 2>&1; then - if [ -n "$(gcc -mindirect-branch=thunk-extern --version 2>&1 >/dev/null)" ]; then - pstatus blue NO - else - pstatus green YES - fi else - pstatus blue NO "gcc is not installed" + pstatus yellow UNKNOWN "couldn't read your kernel configuration" fi - fi - if is_vulnerable_to_empty_rsb || [ "$opt_verbose" -ge 2 ]; then - pr_info_nol " * Kernel supports RSB filling: " - rsb_filling=0 - if [ "$opt_runtime" = 1 ] && [ "$opt_no_sysfs" != 1 ]; then - # if we're live and we aren't denied looking into /sys, let's do it - if echo "$ret_sys_interface_check_fullmsg" | grep -qw RSB; then - rsb_filling=1 - pstatus green YES + if [ "$retpoline" = 1 ]; then + # Now check if the compiler used to compile the kernel knows how to insert retpolines in generated asm + # For gcc, this is -mindirect-branch=thunk-extern (detected by the kernel makefiles) + # See gcc commit https://github.com/hjl-tools/gcc/commit/23b517d4a67c02d3ef80b6109218f2aadad7bd79 + # In latest retpoline LKML patches, the noretpoline_setup symbol exists only if CONFIG_MITIGATION_RETPOLINE is set + # *AND* if the compiler is retpoline-compliant, so look for that symbol. The name of this kernel config + # option before version 6.9-rc1 is CONFIG_RETPOLINE. + # + # if there is "retpoline" in the file and NOT "minimal", then it's full retpoline + # (works for vanilla and Red Hat variants) + # + # since 5.15.28, this is now "Retpolines" as the implementation was switched to a generic one, + # so we look for both "retpoline" and "retpolines" + if [ "$opt_runtime" = 1 ] && [ -n "$ret_sys_interface_check_fullmsg" ]; then + if echo "$ret_sys_interface_check_fullmsg" | grep -qwi -e retpoline -e retpolines; then + if echo "$ret_sys_interface_check_fullmsg" | grep -qwi minimal; then + retpoline_compiler=0 + retpoline_compiler_reason="kernel reports minimal retpoline compilation" + else + retpoline_compiler=1 + retpoline_compiler_reason="kernel reports full retpoline compilation" + fi + fi + elif [ -n "$opt_map" ]; then + # look for the symbol + if grep -qw noretpoline_setup "$opt_map"; then + retpoline_compiler=1 + retpoline_compiler_reason="noretpoline_setup symbol found in System.map" + fi + elif [ -n "$g_kernel" ]; then + # look for the symbol + if command -v "${opt_arch_prefix}nm" >/dev/null 2>&1; then + # the proper way: use nm and look for the symbol + if "${opt_arch_prefix}nm" "$g_kernel" 2>/dev/null | grep -qw 'noretpoline_setup'; then + retpoline_compiler=1 + retpoline_compiler_reason="noretpoline_setup found in kernel symbols" + fi + elif grep -q noretpoline_setup "$g_kernel"; then + # if we don't have nm, nevermind, the symbol name is long enough to not have + # any false positive using good old grep directly on the binary + retpoline_compiler=1 + retpoline_compiler_reason="noretpoline_setup found in kernel" + fi + fi + if [ -n "$retpoline_compiler" ]; then + pr_info_nol " * Kernel compiled with a retpoline-aware compiler: " + if [ "$retpoline_compiler" = 1 ]; then + if [ -n "$retpoline_compiler_reason" ]; then + pstatus green YES "$retpoline_compiler_reason" + else + pstatus green YES + fi + else + if [ -n "$retpoline_compiler_reason" ]; then + pstatus red NO "$retpoline_compiler_reason" + else + pstatus red NO + fi + fi fi fi - if [ "$rsb_filling" = 0 ]; then - # Red Hat kernels (RHEL 6/7/8) stuff RSB on context switch as part of - # their retpoline implementation when retp_enabled=1, but don't use the - # upstream X86_FEATURE_RSB_CTXSW flag or "Filling RSB on context switch" - # string. Detect this via the RHEL-specific debugfs knob. - # See https://bugzilla.redhat.com/show_bug.cgi?id=1616245#c8 - if [ "$retp_enabled" = 1 ]; then - rsb_filling=1 - pstatus green YES "Red Hat kernel with retpoline enabled includes RSB filling" - elif [ -n "$g_kernel_err" ]; then - pstatus yellow UNKNOWN "couldn't check ($g_kernel_err)" - else - if grep -qw -e 'Filling RSB on context switch' "$g_kernel"; then - rsb_filling=1 + + # only Red Hat has a tunable to disable it on runtime + retp_enabled=-1 + if [ "$opt_runtime" = 1 ]; then + if [ -e "$g_specex_knob_dir/retp_enabled" ]; then + retp_enabled=$(cat "$g_specex_knob_dir/retp_enabled" 2>/dev/null) + pr_debug "retpoline: found $g_specex_knob_dir/retp_enabled=$retp_enabled" + pr_info_nol " * Retpoline is enabled: " + if [ "$retp_enabled" = 1 ]; then pstatus green YES else - rsb_filling=0 pstatus yellow NO fi fi fi - fi - # Mitigation 3: derive structured mitigation variables for the verdict. - # These are set from sysfs fields (when available) with hardware fallbacks. - pr_info "* Mitigation 3 (sub-mitigations)" - - # --- v2_base_mode: which base Spectre v2 mitigation is active --- - pr_info_nol " * Base Spectre v2 mitigation mode: " - if [ -n "$ret_sys_interface_check_fullmsg" ]; then - # Parse from sysfs (handle all mainline, stable, and RHEL variants) - case "$ret_sys_interface_check_fullmsg" in - *"Enhanced / Automatic IBRS + LFENCE"* | *"Enhanced IBRS + LFENCE"*) v2_base_mode=eibrs_lfence ;; - *"Enhanced / Automatic IBRS + Retpolines"* | *"Enhanced IBRS + Retpolines"*) v2_base_mode=eibrs_retpoline ;; - *"Enhanced / Automatic IBRS"* | *"Enhanced IBRS"*) v2_base_mode=eibrs ;; - *"Mitigation: IBRS (kernel and user space)"*) v2_base_mode=ibrs ;; - *"Mitigation: IBRS (kernel)"*) v2_base_mode=ibrs ;; - *"Mitigation: IBRS"*) v2_base_mode=ibrs ;; - *"Mitigation: Retpolines"* | *"Full generic retpoline"* | *"Full retpoline"* | *"Full AMD retpoline"*) v2_base_mode=retpoline ;; - *"Vulnerable: LFENCE"* | *"Mitigation: LFENCE"*) v2_base_mode=lfence ;; - *"Vulnerable"*) v2_base_mode=none ;; - *) v2_base_mode=unknown ;; - esac - fi - # Fallback to existing variables if sysfs didn't provide a base mode - if [ -z "$v2_base_mode" ] || [ "$v2_base_mode" = "unknown" ]; then - if [ "$g_ibrs_enabled" = 4 ]; then - v2_base_mode=eibrs - elif [ -n "$g_ibrs_enabled" ] && [ "$g_ibrs_enabled" -ge 1 ] 2>/dev/null; then - v2_base_mode=ibrs - elif [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ]; then - v2_base_mode=retpoline - elif [ "$retpoline" = 1 ]; then - v2_base_mode=retpoline - fi - fi - case "$v2_base_mode" in - eibrs) pstatus green "Enhanced / Automatic IBRS" ;; - eibrs_lfence) pstatus green "Enhanced / Automatic IBRS + LFENCE" ;; - eibrs_retpoline) pstatus green "Enhanced / Automatic IBRS + Retpolines" ;; - ibrs) pstatus green "IBRS" ;; - retpoline) pstatus green "Retpolines" ;; - lfence) pstatus red "LFENCE (insufficient)" ;; - none) pstatus yellow "None" ;; - *) pstatus yellow UNKNOWN ;; - esac - - # --- v2_is_autoibrs: AMD AutoIBRS vs Intel eIBRS --- - case "$v2_base_mode" in - eibrs | eibrs_lfence | eibrs_retpoline) - if [ "$cap_autoibrs" = 1 ] || { (is_amd || is_hygon) && [ "$cap_ibrs_all" != 1 ]; }; then - v2_is_autoibrs=1 + # only for information, in verbose mode + if [ "$opt_verbose" -ge 2 ]; then + pr_info_nol " * Local gcc is retpoline-aware: " + if command -v gcc >/dev/null 2>&1; then + if [ -n "$(gcc -mindirect-branch=thunk-extern --version 2>&1 >/dev/null)" ]; then + pstatus blue NO + else + pstatus green YES + fi + else + pstatus blue NO "gcc is not installed" fi - ;; - esac + fi - # --- v2_ibpb_mode --- - pr_info_nol " * IBPB mode: " - if [ -n "$ret_sys_interface_check_fullmsg" ]; then - case "$ret_sys_interface_check_fullmsg" in - *"IBPB: always-on"*) v2_ibpb_mode=always-on ;; - *"IBPB: conditional"*) v2_ibpb_mode=conditional ;; - *"IBPB: disabled"*) v2_ibpb_mode=disabled ;; - *", IBPB"* | *"; IBPB"*) v2_ibpb_mode=conditional ;; - *) v2_ibpb_mode=disabled ;; + if is_vulnerable_to_empty_rsb || [ "$opt_verbose" -ge 2 ]; then + pr_info_nol " * Kernel supports RSB filling: " + rsb_filling=0 + if [ "$opt_runtime" = 1 ] && [ "$opt_no_sysfs" != 1 ]; then + # if we're live and we aren't denied looking into /sys, let's do it + if echo "$ret_sys_interface_check_fullmsg" | grep -qw RSB; then + rsb_filling=1 + pstatus green YES + fi + fi + if [ "$rsb_filling" = 0 ]; then + # Red Hat kernels (RHEL 6/7/8) stuff RSB on context switch as part of + # their retpoline implementation when retp_enabled=1, but don't use the + # upstream X86_FEATURE_RSB_CTXSW flag or "Filling RSB on context switch" + # string. Detect this via the RHEL-specific debugfs knob. + # See https://bugzilla.redhat.com/show_bug.cgi?id=1616245#c8 + if [ "$retp_enabled" = 1 ]; then + rsb_filling=1 + pstatus green YES "Red Hat kernel with retpoline enabled includes RSB filling" + elif [ -n "$g_kernel_err" ]; then + pstatus yellow UNKNOWN "couldn't check ($g_kernel_err)" + else + if grep -qw -e 'Filling RSB on context switch' "$g_kernel"; then + rsb_filling=1 + pstatus green YES + else + rsb_filling=0 + pstatus yellow NO + fi + fi + fi + fi + + # Mitigation 3: derive structured mitigation variables for the verdict. + # These are set from sysfs fields (when available) with hardware fallbacks. + pr_info "* Mitigation 3 (sub-mitigations)" + + # --- v2_base_mode: which base Spectre v2 mitigation is active --- + pr_info_nol " * Base Spectre v2 mitigation mode: " + if [ -n "$ret_sys_interface_check_fullmsg" ]; then + # Parse from sysfs (handle all mainline, stable, and RHEL variants) + case "$ret_sys_interface_check_fullmsg" in + *"Enhanced / Automatic IBRS + LFENCE"* | *"Enhanced IBRS + LFENCE"*) v2_base_mode=eibrs_lfence ;; + *"Enhanced / Automatic IBRS + Retpolines"* | *"Enhanced IBRS + Retpolines"*) v2_base_mode=eibrs_retpoline ;; + *"Enhanced / Automatic IBRS"* | *"Enhanced IBRS"*) v2_base_mode=eibrs ;; + *"Mitigation: IBRS (kernel and user space)"*) v2_base_mode=ibrs ;; + *"Mitigation: IBRS (kernel)"*) v2_base_mode=ibrs ;; + *"Mitigation: IBRS"*) v2_base_mode=ibrs ;; + *"Mitigation: Retpolines"* | *"Full generic retpoline"* | *"Full retpoline"* | *"Full AMD retpoline"*) v2_base_mode=retpoline ;; + *"Vulnerable: LFENCE"* | *"Mitigation: LFENCE"*) v2_base_mode=lfence ;; + *"Vulnerable"*) v2_base_mode=none ;; + *) v2_base_mode=unknown ;; + esac + fi + # Fallback to existing variables if sysfs didn't provide a base mode + if [ -z "$v2_base_mode" ] || [ "$v2_base_mode" = "unknown" ]; then + if [ "$g_ibrs_enabled" = 4 ]; then + v2_base_mode=eibrs + elif [ -n "$g_ibrs_enabled" ] && [ "$g_ibrs_enabled" -ge 1 ] 2>/dev/null; then + v2_base_mode=ibrs + elif [ "$retpoline" = 1 ] && [ "$retpoline_compiler" = 1 ]; then + v2_base_mode=retpoline + elif [ "$retpoline" = 1 ]; then + v2_base_mode=retpoline + fi + fi + case "$v2_base_mode" in + eibrs) pstatus green "Enhanced / Automatic IBRS" ;; + eibrs_lfence) pstatus green "Enhanced / Automatic IBRS + LFENCE" ;; + eibrs_retpoline) pstatus green "Enhanced / Automatic IBRS + Retpolines" ;; + ibrs) pstatus green "IBRS" ;; + retpoline) pstatus green "Retpolines" ;; + lfence) pstatus red "LFENCE (insufficient)" ;; + none) pstatus yellow "None" ;; + *) pstatus yellow UNKNOWN ;; esac - elif [ "$opt_runtime" = 1 ]; then - case "$g_ibpb_enabled" in - 2) v2_ibpb_mode=always-on ;; - 1) v2_ibpb_mode=conditional ;; - 0) v2_ibpb_mode=disabled ;; - *) v2_ibpb_mode=unknown ;; + + # --- v2_is_autoibrs: AMD AutoIBRS vs Intel eIBRS --- + case "$v2_base_mode" in + eibrs | eibrs_lfence | eibrs_retpoline) + if [ "$cap_autoibrs" = 1 ] || { (is_amd || is_hygon) && [ "$cap_ibrs_all" != 1 ]; }; then + v2_is_autoibrs=1 + fi + ;; esac - else - v2_ibpb_mode=unknown - fi - case "$v2_ibpb_mode" in - always-on) pstatus green YES "always-on" ;; - conditional) pstatus green YES "conditional" ;; - disabled) pstatus yellow NO "disabled" ;; - *) pstatus yellow UNKNOWN ;; - esac - # --- SMT state (used in STIBP inference and verdict) --- - is_cpu_smt_enabled - smt_enabled=$? - # smt_enabled: 0=enabled, 1=disabled, 2=unknown + # --- v2_ibpb_mode --- + pr_info_nol " * IBPB mode: " + if [ -n "$ret_sys_interface_check_fullmsg" ]; then + case "$ret_sys_interface_check_fullmsg" in + *"IBPB: always-on"*) v2_ibpb_mode=always-on ;; + *"IBPB: conditional"*) v2_ibpb_mode=conditional ;; + *"IBPB: disabled"*) v2_ibpb_mode=disabled ;; + *", IBPB"* | *"; IBPB"*) v2_ibpb_mode=conditional ;; + *) v2_ibpb_mode=disabled ;; + esac + elif [ "$opt_runtime" = 1 ]; then + case "$g_ibpb_enabled" in + 2) v2_ibpb_mode=always-on ;; + 1) v2_ibpb_mode=conditional ;; + 0) v2_ibpb_mode=disabled ;; + *) v2_ibpb_mode=unknown ;; + esac + else + v2_ibpb_mode=unknown + fi + case "$v2_ibpb_mode" in + always-on) pstatus green YES "always-on" ;; + conditional) pstatus green YES "conditional" ;; + disabled) pstatus yellow NO "disabled" ;; + *) pstatus yellow UNKNOWN ;; + esac - # --- v2_stibp_status --- - pr_info_nol " * STIBP status: " - if [ -n "$ret_sys_interface_check_fullmsg" ]; then - case "$ret_sys_interface_check_fullmsg" in - *"STIBP: always-on"*) v2_stibp_status=always-on ;; - *"STIBP: forced"*) v2_stibp_status=forced ;; - *"STIBP: conditional"*) v2_stibp_status=conditional ;; - *"STIBP: disabled"*) v2_stibp_status=disabled ;; - *", STIBP"* | *"; STIBP"*) v2_stibp_status=forced ;; - *) - # No STIBP field: Intel eIBRS suppresses it (implicit cross-thread protection) + # --- SMT state (used in STIBP inference and verdict) --- + is_cpu_smt_enabled + smt_enabled=$? + # smt_enabled: 0=enabled, 1=disabled, 2=unknown + + # --- v2_stibp_status --- + pr_info_nol " * STIBP status: " + if [ -n "$ret_sys_interface_check_fullmsg" ]; then + case "$ret_sys_interface_check_fullmsg" in + *"STIBP: always-on"*) v2_stibp_status=always-on ;; + *"STIBP: forced"*) v2_stibp_status=forced ;; + *"STIBP: conditional"*) v2_stibp_status=conditional ;; + *"STIBP: disabled"*) v2_stibp_status=disabled ;; + *", STIBP"* | *"; STIBP"*) v2_stibp_status=forced ;; + *) + # No STIBP field: Intel eIBRS suppresses it (implicit cross-thread protection) + case "$v2_base_mode" in + eibrs | eibrs_lfence | eibrs_retpoline) + if [ "$v2_is_autoibrs" != 1 ]; then + v2_stibp_status=eibrs-implicit + else + v2_stibp_status=unknown + fi + ;; + *) v2_stibp_status=unknown ;; + esac + ;; + esac + else + # No sysfs: use hardware capability + context to infer STIBP status + if [ "$smt_enabled" != 0 ]; then + # SMT disabled or unknown: STIBP is not needed + v2_stibp_status=not-needed + else case "$v2_base_mode" in eibrs | eibrs_lfence | eibrs_retpoline) if [ "$v2_is_autoibrs" != 1 ]; then + # Intel eIBRS provides implicit cross-thread protection v2_stibp_status=eibrs-implicit - else + elif [ -n "$cap_stibp" ]; then + # AMD AutoIBRS: CPU supports STIBP but can't confirm runtime state v2_stibp_status=unknown + else + # No STIBP support on this CPU + v2_stibp_status=unavailable + fi + ;; + *) + if [ -n "$cap_stibp" ]; then + # CPU supports STIBP but can't confirm runtime state without sysfs + v2_stibp_status=unknown + else + # CPU does not support STIBP at all + v2_stibp_status=unavailable fi ;; - *) v2_stibp_status=unknown ;; esac - ;; - esac - else - # No sysfs: use hardware capability + context to infer STIBP status - if [ "$smt_enabled" != 0 ]; then - # SMT disabled or unknown: STIBP is not needed - v2_stibp_status=not-needed - else - case "$v2_base_mode" in - eibrs | eibrs_lfence | eibrs_retpoline) - if [ "$v2_is_autoibrs" != 1 ]; then - # Intel eIBRS provides implicit cross-thread protection - v2_stibp_status=eibrs-implicit - elif [ -n "$cap_stibp" ]; then - # AMD AutoIBRS: CPU supports STIBP but can't confirm runtime state - v2_stibp_status=unknown - else - # No STIBP support on this CPU - v2_stibp_status=unavailable - fi - ;; - *) - if [ -n "$cap_stibp" ]; then - # CPU supports STIBP but can't confirm runtime state without sysfs - v2_stibp_status=unknown - else - # CPU does not support STIBP at all - v2_stibp_status=unavailable - fi - ;; - esac + fi fi - fi - case "$v2_stibp_status" in - always-on) pstatus green YES "always-on" ;; - forced) pstatus green YES "forced" ;; - conditional) pstatus green YES "conditional" ;; - eibrs-implicit) pstatus green YES "implicit via eIBRS" ;; - not-needed) pstatus green YES "not needed (SMT disabled)" ;; - unavailable) pstatus red NO "CPU does not support STIBP" ;; - disabled) pstatus yellow NO "disabled" ;; - *) pstatus yellow UNKNOWN ;; - esac + case "$v2_stibp_status" in + always-on) pstatus green YES "always-on" ;; + forced) pstatus green YES "forced" ;; + conditional) pstatus green YES "conditional" ;; + eibrs-implicit) pstatus green YES "implicit via eIBRS" ;; + not-needed) pstatus green YES "not needed (SMT disabled)" ;; + unavailable) pstatus red NO "CPU does not support STIBP" ;; + disabled) pstatus yellow NO "disabled" ;; + *) pstatus yellow UNKNOWN ;; + esac - # --- v2_pbrsb_status (only relevant for eIBRS) --- - case "$v2_base_mode" in - eibrs | eibrs_lfence | eibrs_retpoline) - pr_info_nol " * PBRSB-eIBRS mitigation: " - if [ -n "$ret_sys_interface_check_fullmsg" ]; then - case "$ret_sys_interface_check_fullmsg" in - *"PBRSB-eIBRS: Not affected"*) v2_pbrsb_status=not-affected ;; - *"PBRSB-eIBRS: SW sequence"*) v2_pbrsb_status=sw-sequence ;; - *"PBRSB-eIBRS: Vulnerable"*) v2_pbrsb_status=vulnerable ;; - *) v2_pbrsb_status=unknown ;; - esac - elif [ "$opt_runtime" != 1 ] && [ -n "$g_kernel" ]; then - if grep -q 'PBRSB-eIBRS' "$g_kernel" 2>/dev/null; then - v2_pbrsb_status=sw-sequence + # --- v2_pbrsb_status (only relevant for eIBRS) --- + case "$v2_base_mode" in + eibrs | eibrs_lfence | eibrs_retpoline) + pr_info_nol " * PBRSB-eIBRS mitigation: " + if [ -n "$ret_sys_interface_check_fullmsg" ]; then + case "$ret_sys_interface_check_fullmsg" in + *"PBRSB-eIBRS: Not affected"*) v2_pbrsb_status=not-affected ;; + *"PBRSB-eIBRS: SW sequence"*) v2_pbrsb_status=sw-sequence ;; + *"PBRSB-eIBRS: Vulnerable"*) v2_pbrsb_status=vulnerable ;; + *) v2_pbrsb_status=unknown ;; + esac + elif [ "$opt_runtime" != 1 ] && [ -n "$g_kernel" ]; then + if grep -q 'PBRSB-eIBRS' "$g_kernel" 2>/dev/null; then + v2_pbrsb_status=sw-sequence + else + v2_pbrsb_status=unknown + fi else v2_pbrsb_status=unknown fi - else - v2_pbrsb_status=unknown - fi - case "$v2_pbrsb_status" in - not-affected) pstatus green "Not affected" ;; - sw-sequence) pstatus green "SW sequence" ;; - vulnerable) pstatus red "Vulnerable" ;; - *) pstatus yellow UNKNOWN ;; - esac - ;; - *) v2_pbrsb_status=n/a ;; - esac - - # --- v2_bhi_status --- - pr_info_nol " * BHI mitigation: " - if [ -n "$ret_sys_interface_check_fullmsg" ]; then - case "$ret_sys_interface_check_fullmsg" in - *"BHI: Not affected"*) v2_bhi_status=not-affected ;; - *"BHI: BHI_DIS_S"*) v2_bhi_status=bhi_dis_s ;; - *"BHI: SW loop"*) v2_bhi_status=sw-loop ;; - *"BHI: Retpoline"*) v2_bhi_status=retpoline ;; - *"BHI: Vulnerable, KVM: SW loop"*) v2_bhi_status=vuln-kvm-loop ;; - *"BHI: Vulnerable"*) v2_bhi_status=vulnerable ;; - *) v2_bhi_status=unknown ;; + case "$v2_pbrsb_status" in + not-affected) pstatus green "Not affected" ;; + sw-sequence) pstatus green "SW sequence" ;; + vulnerable) pstatus red "Vulnerable" ;; + *) pstatus yellow UNKNOWN ;; + esac + ;; + *) v2_pbrsb_status=n/a ;; esac - elif [ "$opt_runtime" != 1 ] && [ -n "$opt_config" ] && [ -r "$opt_config" ]; then - if grep -q '^CONFIG_\(MITIGATION_\)\?SPECTRE_BHI' "$opt_config"; then - if [ "$cap_bhi" = 1 ]; then - v2_bhi_status=bhi_dis_s + + # --- v2_bhi_status --- + pr_info_nol " * BHI mitigation: " + if [ -n "$ret_sys_interface_check_fullmsg" ]; then + case "$ret_sys_interface_check_fullmsg" in + *"BHI: Not affected"*) v2_bhi_status=not-affected ;; + *"BHI: BHI_DIS_S"*) v2_bhi_status=bhi_dis_s ;; + *"BHI: SW loop"*) v2_bhi_status=sw-loop ;; + *"BHI: Retpoline"*) v2_bhi_status=retpoline ;; + *"BHI: Vulnerable, KVM: SW loop"*) v2_bhi_status=vuln-kvm-loop ;; + *"BHI: Vulnerable"*) v2_bhi_status=vulnerable ;; + *) v2_bhi_status=unknown ;; + esac + elif [ "$opt_runtime" != 1 ] && [ -n "$opt_config" ] && [ -r "$opt_config" ]; then + if grep -q '^CONFIG_\(MITIGATION_\)\?SPECTRE_BHI' "$opt_config"; then + if [ "$cap_bhi" = 1 ]; then + v2_bhi_status=bhi_dis_s + else + v2_bhi_status=sw-loop + fi else - v2_bhi_status=sw-loop + v2_bhi_status=unknown fi else v2_bhi_status=unknown fi - else - v2_bhi_status=unknown - fi - case "$v2_bhi_status" in - not-affected) pstatus green "Not affected" ;; - bhi_dis_s) pstatus green "BHI_DIS_S (hardware)" ;; - sw-loop) pstatus green "SW loop" ;; - retpoline) pstatus green "Retpoline" ;; - vuln-kvm-loop) pstatus yellow "Vulnerable (KVM: SW loop)" ;; - vulnerable) pstatus red "Vulnerable" ;; - *) pstatus yellow UNKNOWN ;; - esac + case "$v2_bhi_status" in + not-affected) pstatus green "Not affected" ;; + bhi_dis_s) pstatus green "BHI_DIS_S (hardware)" ;; + sw-loop) pstatus green "SW loop" ;; + retpoline) pstatus green "Retpoline" ;; + vuln-kvm-loop) pstatus yellow "Vulnerable (KVM: SW loop)" ;; + vulnerable) pstatus red "Vulnerable" ;; + *) pstatus yellow UNKNOWN ;; + esac - # --- v2_vuln_module --- - if [ "$opt_runtime" = 1 ] && [ -n "$ret_sys_interface_check_fullmsg" ]; then - pr_info_nol " * Non-retpoline module loaded: " - if echo "$ret_sys_interface_check_fullmsg" | grep -q 'vulnerable module loaded'; then - v2_vuln_module=1 - pstatus red YES - else - v2_vuln_module=0 - pstatus green NO + # --- v2_vuln_module --- + if [ "$opt_runtime" = 1 ] && [ -n "$ret_sys_interface_check_fullmsg" ]; then + pr_info_nol " * Non-retpoline module loaded: " + if echo "$ret_sys_interface_check_fullmsg" | grep -q 'vulnerable module loaded'; then + v2_vuln_module=1 + pstatus red YES + else + v2_vuln_module=0 + pstatus green NO + fi fi - fi + + fi # is_x86_kernel (retpoline + Mitigation 3) elif [ "$sys_interface_available" = 0 ]; then # we have no sysfs but were asked to use it only! @@ -903,9 +915,9 @@ check_CVE_2017_5715_linux() { # ARM branch predictor hardening (unchanged) if [ -n "$bp_harden" ]; then pvulnstatus "$cve" OK "Branch predictor hardening mitigates the vulnerability" - elif [ -z "$bp_harden" ] && is_arm64_kernel; then + elif [ -z "$bp_harden" ] && is_arm_kernel; then pvulnstatus "$cve" VULN "Branch predictor hardening is needed to mitigate the vulnerability" - explain "Your kernel has not been compiled with the CONFIG_UNMAP_KERNEL_AT_EL0 option, recompile it with this option enabled." + explain "Your kernel does not have branch predictor hardening. On kernels v5.10+, this code is compiled unconditionally so you may need a newer kernel. On older kernels (v4.16 to v5.9), recompile with the CONFIG_HARDEN_BRANCH_PREDICTOR option enabled." # LFENCE-only is always VULN (reclassified in v5.17) elif [ "$v2_base_mode" = "lfence" ]; then diff --git a/src/vulns/CVE-2017-5754.sh b/src/vulns/CVE-2017-5754.sh index 2eb4f88..8376197 100644 --- a/src/vulns/CVE-2017-5754.sh +++ b/src/vulns/CVE-2017-5754.sh @@ -153,7 +153,10 @@ check_CVE_2017_5754_linux() { pstatus blue N/A "not testable in no-runtime mode" fi - pti_performance_check + # PCID/INVPCID are x86-only CPU features + if is_x86_cpu; then + pti_performance_check + fi elif [ "$sys_interface_available" = 0 ]; then # we have no sysfs but were asked to use it only! diff --git a/src/vulns/CVE-2018-12207.sh b/src/vulns/CVE-2018-12207.sh index 4300965..2a072b8 100644 --- a/src/vulns/CVE-2018-12207.sh +++ b/src/vulns/CVE-2018-12207.sh @@ -24,7 +24,7 @@ check_CVE_2018_12207_linux() { if [ -n "$g_kernel_err" ]; then kernel_itlbmh_err="$g_kernel_err" # commit 5219505fcbb640e273a0d51c19c38de0100ec5a9 - elif grep -q 'itlb_multihit' "$g_kernel"; then + elif is_x86_kernel && grep -q 'itlb_multihit' "$g_kernel"; then kernel_itlbmh="found itlb_multihit in kernel image" fi if [ -n "$kernel_itlbmh" ]; then diff --git a/src/vulns/CVE-2018-3639.sh b/src/vulns/CVE-2018-3639.sh index 5948ff6..3762904 100644 --- a/src/vulns/CVE-2018-3639.sh +++ b/src/vulns/CVE-2018-3639.sh @@ -24,13 +24,13 @@ check_CVE_2018_3639_linux() { pr_debug "found Speculation.Store.Bypass: in $g_procfs/self/status" fi fi - # arm64 kernels can have cpu_show_spec_store_bypass with ARM64_SSBD, so exclude them - if [ -z "$kernel_ssb" ] && [ -n "$g_kernel" ] && ! is_arm64_kernel; then + # spec_store_bypass is x86-specific; ARM kernels use ARM64_SSBD instead + if [ -z "$kernel_ssb" ] && [ -n "$g_kernel" ] && is_x86_kernel; then kernel_ssb=$("${opt_arch_prefix}strings" "$g_kernel" | grep spec_store_bypass | head -n1) [ -n "$kernel_ssb" ] && kernel_ssb="found $kernel_ssb in kernel" fi - # arm64 kernels can have cpu_show_spec_store_bypass with ARM64_SSBD, so exclude them - if [ -z "$kernel_ssb" ] && [ -n "$opt_map" ] && ! is_arm64_kernel; then + # spec_store_bypass is x86-specific; ARM kernels use ARM64_SSBD instead + if [ -z "$kernel_ssb" ] && [ -n "$opt_map" ] && is_x86_kernel; then kernel_ssb=$(grep spec_store_bypass "$opt_map" | awk '{print $3}' | head -n1) [ -n "$kernel_ssb" ] && kernel_ssb="found $kernel_ssb in System.map" fi @@ -121,7 +121,7 @@ check_CVE_2018_3639_linux() { fi else if [ -n "$kernel_ssb" ]; then - if is_arm64_kernel; then + if is_arm_kernel; then pvulnstatus "$cve" VULN "no SSB mitigation is active on your system" explain "ARM CPUs mitigate SSB either through a hardware SSBS bit (ARMv8.5+ CPUs) or through firmware support for SMCCC ARCH_WORKAROUND_2. Your kernel reports SSB status but neither mechanism appears to be active. For CPUs predating ARMv8.5 (such as Cortex-A57 or Cortex-A72), check with your board or SoC vendor for a firmware update that provides SMCCC ARCH_WORKAROUND_2 support." else @@ -129,7 +129,7 @@ check_CVE_2018_3639_linux() { explain "Your kernel is recent enough to use the CPU microcode features for mitigation, but your CPU microcode doesn't actually provide the necessary features for the kernel to use. The microcode of your CPU hence needs to be upgraded. This is usually done at boot time by your kernel (the upgrade is not persistent across reboots which is why it's done at each boot). If you're using a distro, make sure you are up to date, as microcode updates are usually shipped alongside with the distro kernel. Availability of a microcode update for you CPU model depends on your CPU vendor. You can usually find out online if a microcode update is available for your CPU by searching for your CPUID (indicated in the Hardware Check section)." fi else - if is_arm64_kernel; then + if is_arm_kernel; then pvulnstatus "$cve" VULN "your kernel and firmware do not support SSB mitigation" explain "ARM SSB mitigation requires kernel support (CONFIG_ARM64_SSBD) combined with either a hardware SSBS bit (ARMv8.5+ CPUs) or firmware support for SMCCC ARCH_WORKAROUND_2. Ensure you are running a recent kernel compiled with CONFIG_ARM64_SSBD. For CPUs predating ARMv8.5, also check with your board or SoC vendor for a firmware update providing SMCCC ARCH_WORKAROUND_2 support." else diff --git a/src/vulns/CVE-2018-3640.sh b/src/vulns/CVE-2018-3640.sh index 88d5da3..cceeffc 100644 --- a/src/vulns/CVE-2018-3640.sh +++ b/src/vulns/CVE-2018-3640.sh @@ -11,7 +11,7 @@ check_CVE_2018_3640() { sys_interface_available=0 msg='' - if is_arm64_kernel; then + if is_arm_kernel; then # ARM64: mitigation is via an EL2 indirect trampoline (spectre_v3a_enable_mitigation), # applied automatically at boot for affected CPUs (Cortex-A57, Cortex-A72). # No microcode update is involved. diff --git a/src/vulns/CVE-2019-11135.sh b/src/vulns/CVE-2019-11135.sh index 2d72ce1..96fcdcd 100644 --- a/src/vulns/CVE-2019-11135.sh +++ b/src/vulns/CVE-2019-11135.sh @@ -21,7 +21,7 @@ check_CVE_2019_11135_linux() { kernel_taa='' if [ -n "$g_kernel_err" ]; then kernel_taa_err="$g_kernel_err" - elif grep -q 'tsx_async_abort' "$g_kernel"; then + elif is_x86_kernel && grep -q 'tsx_async_abort' "$g_kernel"; then kernel_taa="found tsx_async_abort in kernel image" fi if [ -n "$kernel_taa" ]; then diff --git a/src/vulns/CVE-2020-0543.sh b/src/vulns/CVE-2020-0543.sh index 894361b..195de65 100644 --- a/src/vulns/CVE-2020-0543.sh +++ b/src/vulns/CVE-2020-0543.sh @@ -21,7 +21,7 @@ check_CVE_2020_0543_linux() { kernel_srbds='' if [ -n "$g_kernel_err" ]; then kernel_srbds_err="$g_kernel_err" - elif grep -q 'Dependent on hypervisor' "$g_kernel"; then + elif is_x86_kernel && grep -q 'Dependent on hypervisor' "$g_kernel"; then kernel_srbds="found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation" fi if [ -n "$kernel_srbds" ]; then diff --git a/src/vulns/CVE-2022-40982.sh b/src/vulns/CVE-2022-40982.sh index 954ca44..b23279b 100644 --- a/src/vulns/CVE-2022-40982.sh +++ b/src/vulns/CVE-2022-40982.sh @@ -119,17 +119,17 @@ check_CVE_2022_40982_linux() { kernel_gds_err='' if [ -n "$g_kernel_err" ]; then kernel_gds_err="$g_kernel_err" - elif grep -q 'gather_data_sampling' "$g_kernel"; then + elif is_x86_kernel && grep -q 'gather_data_sampling' "$g_kernel"; then kernel_gds="found gather_data_sampling in kernel image" fi - if [ -z "$kernel_gds" ] && [ -r "$opt_config" ]; then + if [ -z "$kernel_gds" ] && is_x86_kernel && [ -r "$opt_config" ]; then if grep -q '^CONFIG_GDS_FORCE_MITIGATION=y' "$opt_config" || grep -q '^CONFIG_MITIGATION_GDS_FORCE=y' "$opt_config" || grep -q '^CONFIG_MITIGATION_GDS=y' "$opt_config"; then kernel_gds="GDS mitigation config option found enabled in kernel config" fi fi - if [ -z "$kernel_gds" ] && [ -n "$opt_map" ]; then + if [ -z "$kernel_gds" ] && is_x86_kernel && [ -n "$opt_map" ]; then if grep -q 'gds_select_mitigation' "$opt_map"; then kernel_gds="found gds_select_mitigation in System.map" fi @@ -152,10 +152,10 @@ check_CVE_2022_40982_linux() { if [ "$dmesgret" -eq 0 ]; then kernel_avx_disabled="AVX disabled by the kernel (dmesg)" pstatus green YES "$kernel_avx_disabled" - elif [ "$cap_avx2" = 0 ]; then + elif [ "$cap_avx2" = 0 ] && is_x86_cpu; then # Find out by ourselves # cpuinfo says we don't have AVX2, query - # the CPU directly about AVX2 support + # the CPU directly about AVX2 support (x86-only) read_cpuid 0x7 0x0 "$EBX" 5 1 1 ret=$? if [ "$ret" -eq "$READ_CPUID_RET_OK" ]; then diff --git a/src/vulns/CVE-2023-20588.sh b/src/vulns/CVE-2023-20588.sh index 3013c67..ce1e466 100644 --- a/src/vulns/CVE-2023-20588.sh +++ b/src/vulns/CVE-2023-20588.sh @@ -88,10 +88,10 @@ check_CVE_2023_20588_linux() { kernel_mitigated='' if [ -n "$g_kernel_err" ]; then pstatus yellow UNKNOWN "$g_kernel_err" - elif grep -q 'amd_clear_divider' "$g_kernel"; then + elif is_x86_kernel && grep -q 'amd_clear_divider' "$g_kernel"; then kernel_mitigated="found amd_clear_divider in kernel image" pstatus green YES "$kernel_mitigated" - elif [ -n "$opt_map" ] && grep -q 'amd_clear_divider' "$opt_map"; then + elif is_x86_kernel && [ -n "$opt_map" ] && grep -q 'amd_clear_divider' "$opt_map"; then kernel_mitigated="found amd_clear_divider in System.map" pstatus green YES "$kernel_mitigated" else diff --git a/src/vulns/CVE-2023-28746.sh b/src/vulns/CVE-2023-28746.sh index 70a54e8..922404b 100644 --- a/src/vulns/CVE-2023-28746.sh +++ b/src/vulns/CVE-2023-28746.sh @@ -83,17 +83,17 @@ check_CVE_2023_28746_linux() { kernel_rfds_err='' if [ -n "$g_kernel_err" ]; then kernel_rfds_err="$g_kernel_err" - elif grep -q 'Clear Register File' "$g_kernel"; then + elif is_x86_kernel && grep -q 'Clear Register File' "$g_kernel"; then kernel_rfds="found 'Clear Register File' string in kernel image" - elif grep -q 'reg_file_data_sampling' "$g_kernel"; then + elif is_x86_kernel && grep -q 'reg_file_data_sampling' "$g_kernel"; then kernel_rfds="found reg_file_data_sampling in kernel image" fi - if [ -z "$kernel_rfds" ] && [ -r "$opt_config" ]; then + if [ -z "$kernel_rfds" ] && is_x86_kernel && [ -r "$opt_config" ]; then if grep -q '^CONFIG_MITIGATION_RFDS=y' "$opt_config"; then kernel_rfds="RFDS mitigation config option found enabled in kernel config" fi fi - if [ -z "$kernel_rfds" ] && [ -n "$opt_map" ]; then + if [ -z "$kernel_rfds" ] && is_x86_kernel && [ -n "$opt_map" ]; then if grep -q 'rfds_select_mitigation' "$opt_map"; then kernel_rfds="found rfds_select_mitigation in System.map" fi diff --git a/src/vulns/CVE-2024-28956.sh b/src/vulns/CVE-2024-28956.sh index 0b869f4..804f2bd 100644 --- a/src/vulns/CVE-2024-28956.sh +++ b/src/vulns/CVE-2024-28956.sh @@ -92,15 +92,15 @@ check_CVE_2024_28956_linux() { kernel_its_err='' if [ -n "$g_kernel_err" ]; then kernel_its_err="$g_kernel_err" - elif grep -q 'indirect_target_selection' "$g_kernel"; then + elif is_x86_kernel && grep -q 'indirect_target_selection' "$g_kernel"; then kernel_its="found indirect_target_selection in kernel image" fi - if [ -z "$kernel_its" ] && [ -r "$opt_config" ]; then + if [ -z "$kernel_its" ] && is_x86_kernel && [ -r "$opt_config" ]; then if grep -q '^CONFIG_MITIGATION_ITS=y' "$opt_config"; then kernel_its="ITS mitigation config option found enabled in kernel config" fi fi - if [ -z "$kernel_its" ] && [ -n "$opt_map" ]; then + if [ -z "$kernel_its" ] && is_x86_kernel && [ -n "$opt_map" ]; then if grep -q 'its_select_mitigation' "$opt_map"; then kernel_its="found its_select_mitigation in System.map" fi diff --git a/src/vulns/CVE-2024-36350.sh b/src/vulns/CVE-2024-36350.sh index 89cbe2e..e656714 100644 --- a/src/vulns/CVE-2024-36350.sh +++ b/src/vulns/CVE-2024-36350.sh @@ -72,15 +72,15 @@ check_CVE_2024_36350_linux() { if [ -n "$g_kernel_err" ]; then kernel_tsa_err="$g_kernel_err" # commit d8010d4ba43e: "Transient Scheduler Attacks:" is printed by tsa_select_mitigation() - elif grep -q 'Transient Scheduler Attacks' "$g_kernel"; then + elif is_x86_kernel && grep -q 'Transient Scheduler Attacks' "$g_kernel"; then kernel_tsa="found TSA mitigation message in kernel image" fi - if [ -z "$kernel_tsa" ] && [ -r "$opt_config" ]; then + if [ -z "$kernel_tsa" ] && is_x86_kernel && [ -r "$opt_config" ]; then if grep -q '^CONFIG_MITIGATION_TSA=y' "$opt_config"; then kernel_tsa="CONFIG_MITIGATION_TSA=y found in kernel config" fi fi - if [ -z "$kernel_tsa" ] && [ -n "$opt_map" ]; then + if [ -z "$kernel_tsa" ] && is_x86_kernel && [ -n "$opt_map" ]; then if grep -q 'tsa_select_mitigation' "$opt_map"; then kernel_tsa="found tsa_select_mitigation in System.map" fi diff --git a/src/vulns/CVE-2024-36357.sh b/src/vulns/CVE-2024-36357.sh index dc0e0fa..ec38d38 100644 --- a/src/vulns/CVE-2024-36357.sh +++ b/src/vulns/CVE-2024-36357.sh @@ -72,15 +72,15 @@ check_CVE_2024_36357_linux() { if [ -n "$g_kernel_err" ]; then kernel_tsa_err="$g_kernel_err" # commit d8010d4ba43e: "Transient Scheduler Attacks:" is printed by tsa_select_mitigation() - elif grep -q 'Transient Scheduler Attacks' "$g_kernel"; then + elif is_x86_kernel && grep -q 'Transient Scheduler Attacks' "$g_kernel"; then kernel_tsa="found TSA mitigation message in kernel image" fi - if [ -z "$kernel_tsa" ] && [ -r "$opt_config" ]; then + if [ -z "$kernel_tsa" ] && is_x86_kernel && [ -r "$opt_config" ]; then if grep -q '^CONFIG_MITIGATION_TSA=y' "$opt_config"; then kernel_tsa="CONFIG_MITIGATION_TSA=y found in kernel config" fi fi - if [ -z "$kernel_tsa" ] && [ -n "$opt_map" ]; then + if [ -z "$kernel_tsa" ] && is_x86_kernel && [ -n "$opt_map" ]; then if grep -q 'tsa_select_mitigation' "$opt_map"; then kernel_tsa="found tsa_select_mitigation in System.map" fi diff --git a/src/vulns/CVE-2025-40300.sh b/src/vulns/CVE-2025-40300.sh index b8d153a..a0959af 100644 --- a/src/vulns/CVE-2025-40300.sh +++ b/src/vulns/CVE-2025-40300.sh @@ -85,15 +85,15 @@ check_CVE_2025_40300_linux() { kernel_vmscape_err='' if [ -n "$g_kernel_err" ]; then kernel_vmscape_err="$g_kernel_err" - elif grep -q 'vmscape' "$g_kernel"; then + elif is_x86_kernel && grep -q 'vmscape' "$g_kernel"; then kernel_vmscape="found vmscape in kernel image" fi - if [ -z "$kernel_vmscape" ] && [ -r "$opt_config" ]; then + if [ -z "$kernel_vmscape" ] && is_x86_kernel && [ -r "$opt_config" ]; then if grep -q '^CONFIG_MITIGATION_VMSCAPE=y' "$opt_config"; then kernel_vmscape="VMScape mitigation config option found enabled in kernel config" fi fi - if [ -z "$kernel_vmscape" ] && [ -n "$opt_map" ]; then + if [ -z "$kernel_vmscape" ] && is_x86_kernel && [ -n "$opt_map" ]; then if grep -q 'vmscape_select_mitigation' "$opt_map"; then kernel_vmscape="found vmscape_select_mitigation in System.map" fi From e67c9e42653c2d6b50f54caa6f513d38ca50d59a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Fri, 10 Apr 2026 19:26:46 +0200 Subject: [PATCH 52/57] enh: use g_mode to explicitly save/load the current running mode --- DEVELOPMENT.md | 14 +-- dist/doc/batch_prometheus.md | 18 ++-- src/libs/002_core_globals.sh | 7 ++ src/libs/230_util_optparse.sh | 13 +++ src/libs/250_output_emitters.sh | 17 +-- src/libs/400_hw_check.sh | 26 ++--- src/main.sh | 34 +++--- src/vulns-helpers/check_mds.sh | 12 +-- src/vulns-helpers/check_mmio.sh | 4 +- src/vulns/CVE-2017-5715.sh | 24 ++--- src/vulns/CVE-2017-5753.sh | 186 +++++++++++++++----------------- src/vulns/CVE-2017-5754.sh | 6 +- src/vulns/CVE-2018-12207.sh | 4 +- src/vulns/CVE-2018-3620.sh | 4 +- src/vulns/CVE-2018-3639.sh | 6 +- src/vulns/CVE-2018-3646.sh | 21 ++-- src/vulns/CVE-2019-11135.sh | 4 +- src/vulns/CVE-2020-0543.sh | 6 +- src/vulns/CVE-2022-29900.sh | 4 +- src/vulns/CVE-2022-29901.sh | 4 +- src/vulns/CVE-2022-40982.sh | 2 +- src/vulns/CVE-2023-20588.sh | 4 +- src/vulns/CVE-2023-20593.sh | 4 +- src/vulns/CVE-2023-28746.sh | 4 +- 24 files changed, 218 insertions(+), 210 deletions(-) diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index 72d7470..82af7bd 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -118,7 +118,7 @@ The entire tool is a single bash script with no external script dependencies. Ke Two JSON formats are available via `--batch`: - **`--batch json`** (comprehensive): A top-level object with five sections: - - `meta` β€” script version, format version, timestamp, run mode flags (`run_as_root`, `reduced_accuracy`, `mocked`, `paranoid`, `sysfs_only`, `extra`) + - `meta` β€” script version, format version, timestamp, `mode` (`live`, `no-runtime`, `no-hw`, `hw-only`), run mode flags (`run_as_root`, `reduced_accuracy`, `mocked`, `paranoid`, `sysfs_only`, `extra`) - `system` β€” kernel release/version/arch/cmdline, CPU count, SMT status, hypervisor host detection - `cpu` β€” `arch` discriminator (`x86` or `arm`), vendor, friendly name, then an arch-specific sub-object (`cpu.x86` or `cpu.arm`) with identification fields (family/model/stepping/CPUID/codename for x86; part\_list/arch\_list for ARM) and a `capabilities` sub-object containing hardware flags as booleans/nulls - `cpu_microcode` β€” `installed_version`, `latest_version`, `microcode_up_to_date`, `is_blacklisted`, firmware DB source/info @@ -161,7 +161,7 @@ This works because the kernel always has direct access to CPUID (it doesn't need **Rules:** - This is strictly a fallback: `read_cpuid` via `/dev/cpu/N/cpuid` remains the primary method. - Only use it when `read_cpuid` returned `READ_CPUID_RET_ERR` (device unavailable), **never** when it returned `READ_CPUID_RET_KO` (device available but bit is 0 β€” meaning the CPU/hypervisor explicitly reports the feature as absent). -- Only in live mode (`$opt_runtime = 1`), since `/proc/cpuinfo` is not available in no-runtime mode. +- Only in live mode (`$g_mode = live`), since `/proc/cpuinfo` is not available in other modes. - Only for CPUID bits that the kernel exposes as `/proc/cpuinfo` flags. Not all bits have a corresponding flag β€” only those listed in the kernel's `capflags.c`. If a bit has no `/proc/cpuinfo` flag, no fallback is possible. - The fallback depends on the running kernel being recent enough to know about the CPUID bit in question. An older kernel won't expose a flag it doesn't know about, so the fallback will silently not trigger β€” which is fine (we just stay at UNKNOWN, same as the ERR case without fallback). @@ -184,7 +184,7 @@ read_cpuid 0x7 0x0 $EDX 31 1 1 ret=$? if [ $ret = $READ_CPUID_RET_OK ]; then cap_ssbd='Intel SSBD' -elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_runtime" = 1 ]; then +elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$g_mode" = live ]; then # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo if grep ^flags "$g_procfs/cpuinfo" | grep -qw ssbd; then cap_ssbd='Intel SSBD (cpuinfo)' @@ -417,16 +417,16 @@ This is where the real detection lives. Check for mitigations at each layer: ``` The same applies to Phase 4 verdict messages: when the explanation or remediation advice differs between architectures (e.g. "CPU microcode update" vs "firmware/kernel update"), branch on `is_arm_kernel`/`is_x86_kernel` rather than on `cpu_vendor`, because `cpu_vendor` reflects the host, not the target kernel. -- **Runtime state** (live mode only): Read MSRs, check cpuinfo flags, parse dmesg, inspect debugfs. All runtime-only checks β€” including `/proc/cpuinfo` flags β€” must be guarded by `if [ "$opt_runtime" = 1 ]`, both when collecting the evidence in Phase 2 and when using it in Phase 4. In Phase 4, use explicit live/no-runtime branches so that live-only variables (e.g. cpuinfo flags, MSR values) are never referenced in the no-runtime path. +- **Runtime state** (live mode only): Read MSRs, check cpuinfo flags, parse dmesg, inspect debugfs. All runtime-only checks β€” including `/proc/cpuinfo` flags β€” must be guarded by `if [ "$g_mode" = live ]`, both when collecting the evidence in Phase 2 and when using it in Phase 4. In Phase 4, use explicit live/non-live branches so that live-only variables (e.g. cpuinfo flags, MSR values) are never referenced in the non-live path. ```sh - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then read_msr 0xADDRESS ret=$? if [ "$ret" = "$READ_MSR_RET_OK" ]; then # check specific bits in ret_read_msr_value_lo / ret_read_msr_value_hi fi else - pstatus blue N/A "not testable in no-runtime mode" + pstatus blue N/A "not testable in non-live mode" fi ``` @@ -811,7 +811,7 @@ CVEs that need VMM context should call `check_has_vmm` early in their `_linux()` - **Never hardcode kernel or microcode versions** - detect capabilities directly (design principles 2 and 3). Exception: when a microcode fix has no detectable indicator, hardcode fixing versions per CPU (see principle 3). - **Assume affected by default** - only mark a CPU as unaffected when there is positive evidence (design principle 4). -- **Always handle both live and no-runtime modes** - use `$opt_runtime` to branch, and print `N/A "not testable in no-runtime mode"` for runtime-only checks when in no-runtime mode. +- **Always handle both live and non-live modes** β€” use `$g_mode` to branch (`if [ "$g_mode" = live ]`), and print `N/A "not testable in non-live mode"` for runtime-only checks when not in live mode. Inside CVE checks, `live` is the only mode with runtime access (hw-only skips the CVE loop). Outside CVE checks (e.g. `check_cpu`), use the `has_runtime` helper which returns true for both `live` and `hw-only`. - **Use `explain()`** when reporting VULN to give actionable remediation advice (see "Cross-Cutting Features" above). - **Handle `--paranoid` and `--vmm`** when the CVE has stricter mitigation tiers or VMM-specific aspects (see "Cross-Cutting Features" above). - **Keep JSON output in sync** - when adding new `cap_*` variables, add them to `_build_json_cpu()` in `src/libs/250_output_emitters.sh` (see Step 2 JSON note above). Per-CVE fields are handled automatically. diff --git a/dist/doc/batch_prometheus.md b/dist/doc/batch_prometheus.md index 353b4fa..cd13c5a 100644 --- a/dist/doc/batch_prometheus.md +++ b/dist/doc/batch_prometheus.md @@ -59,7 +59,7 @@ Script metadata. Always value `1`; all data is in labels. | Label | Values | Meaning | |---|---|---| | `version` | string | Script version (e.g. `25.30.0250400123`) | -| `mode` | `live` / `offline` | `live` = running on the active kernel; `offline` = inspecting a kernel image | +| `mode` | `live` / `no-runtime` / `no-hw` / `hw-only` | Operating mode (see below) | | `run_as_root` | `true` / `false` | Whether the script ran as root. Non-root scans skip MSR reads and may miss mitigations | | `paranoid` | `true` / `false` | `--paranoid` mode: stricter criteria (e.g. requires SMT disabled) | | `sysfs_only` | `true` / `false` | `--sysfs-only` mode: only the kernel's own sysfs report was used, not independent detection | @@ -340,16 +340,22 @@ smc_vulnerability_status == 1 ## Caveats and edge cases -**Offline mode (`--kernel`)** +**No-runtime mode (`--no-runtime`)** `smc_system_info` will have no `kernel_release` or `kernel_arch` labels (those come from `uname`, which reports the running kernel, not the inspected one). -`mode="offline"` in `smc_build_info` signals this. Offline mode is primarily -useful for pre-deployment auditing, not fleet runtime monitoring. +`mode="no-runtime"` in `smc_build_info` signals this. No-runtime mode is +primarily useful for pre-deployment auditing, not fleet runtime monitoring. -**`--no-hw`** +**No-hardware mode (`--no-hw`)** `smc_cpu_info` is not emitted. CPU and microcode labels are absent from all queries. CVE checks that rely on hardware capability detection (`cap_*` flags, -MSR reads) will report `unknown` status. +MSR reads) will report `unknown` status. `mode="no-hw"` in `smc_build_info` +signals this. + +**Hardware-only mode (`--hw-only`)** +Only hardware detection is performed; CVE checks are skipped. `smc_cpu_info` +is emitted but no `smc_vuln` metrics appear. `mode="hw-only"` in +`smc_build_info` signals this. **`--sysfs-only`** The script trusts the kernel's sysfs report (`/sys/devices/system/cpu/vulnerabilities/`) diff --git a/src/libs/002_core_globals.sh b/src/libs/002_core_globals.sh index ab5f7f6..96d8710 100644 --- a/src/libs/002_core_globals.sh +++ b/src/libs/002_core_globals.sh @@ -125,6 +125,13 @@ opt_vmm=-1 opt_allow_msr_write=0 opt_cpu=0 opt_explain=0 +# Canonical run mode, set at the end of option parsing. +# Values: live, no-runtime, no-hw, hw-only +g_mode='live' + +# Return 0 (true) if runtime state is accessible (procfs, sysfs, dmesg, debugfs). +# True in live and hw-only modes; false in no-runtime and no-hw modes. +has_runtime() { [ "$g_mode" = live ] || [ "$g_mode" = hw-only ]; } opt_paranoid=0 opt_extra=0 opt_mock=0 diff --git a/src/libs/230_util_optparse.sh b/src/libs/230_util_optparse.sh index d40b04f..b327209 100644 --- a/src/libs/230_util_optparse.sh +++ b/src/libs/230_util_optparse.sh @@ -344,3 +344,16 @@ if [ "$opt_runtime" = 0 ] && [ -z "$opt_kernel" ] && [ -z "$opt_config" ] && [ - pr_warn "Option --no-runtime requires at least one of --kernel, --config, or --map" exit 255 fi + +# Derive the canonical run mode from the option flags. +# Modes: live (default), no-runtime (--no-runtime), no-hw (--no-hw), hw-only (--hw-only) +# shellcheck disable=SC2034 +if [ "$opt_hw_only" = 1 ]; then + g_mode='hw-only' +elif [ "$opt_no_hw" = 1 ]; then + g_mode='no-hw' +elif [ "$opt_runtime" = 0 ]; then + g_mode='no-runtime' +else + g_mode='live' +fi diff --git a/src/libs/250_output_emitters.sh b/src/libs/250_output_emitters.sh index c77fce8..b75db13 100644 --- a/src/libs/250_output_emitters.sh +++ b/src/libs/250_output_emitters.sh @@ -66,17 +66,8 @@ _json_bool() { # Sets: g_json_meta # shellcheck disable=SC2034 _build_json_meta() { - local timestamp mode + local timestamp timestamp=$(date -u '+%Y-%m-%dT%H:%M:%SZ' 2>/dev/null || echo "unknown") - if [ "$opt_hw_only" = 1 ]; then - mode="hw-only" - elif [ "$opt_no_hw" = 1 ]; then - mode="no-hw" - elif [ "$opt_runtime" = 0 ]; then - mode="no-runtime" - else - mode="live" - fi local run_as_root if [ "$(id -u)" -eq 0 ]; then run_as_root='true' @@ -87,7 +78,7 @@ _build_json_meta() { "$(_json_str "$VERSION")" \ "$(_json_str "$timestamp")" \ "$(_json_str "$g_os")" \ - "$mode" \ + "$g_mode" \ "$run_as_root" \ "$(_json_bool "${g_bad_accuracy:-0}")" \ "$(_json_bool "$opt_paranoid")" \ @@ -100,7 +91,7 @@ _build_json_meta() { # shellcheck disable=SC2034 _build_json_system() { local kernel_release kernel_version kernel_arch smt_val - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then kernel_release=$(uname -r) kernel_version=$(uname -v) kernel_arch=$(uname -m) @@ -404,7 +395,7 @@ _emit_prometheus() { # shellcheck disable=SC2034 _build_prometheus_system_info() { local kernel_release kernel_arch hypervisor_host sys_labels - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then kernel_release=$(uname -r 2>/dev/null || true) kernel_arch=$(uname -m 2>/dev/null || true) else diff --git a/src/libs/400_hw_check.sh b/src/libs/400_hw_check.sh index f923b36..66b6d1e 100644 --- a/src/libs/400_hw_check.sh +++ b/src/libs/400_hw_check.sh @@ -18,7 +18,7 @@ if [ "$g_os" = Darwin ] || [ "$g_os" = VMkernel ]; then fi # check for mode selection inconsistency -if [ "$opt_hw_only" = 1 ]; then +if [ "$g_mode" = hw-only ]; then if [ "$opt_cve_all" = 0 ]; then show_usage echo "$0: error: incompatible modes specified, --hw-only vs --variant" >&2 @@ -89,7 +89,7 @@ if [ "$opt_cpu" != all ] && [ "$opt_cpu" -gt "$g_max_core_id" ]; then exit 255 fi -if [ "$opt_runtime" = 1 ]; then +if has_runtime; then pr_info "Checking for vulnerabilities on current system" # try to find the image of the current running kernel @@ -226,7 +226,7 @@ if [ -e "$opt_kernel" ]; then if ! command -v "${opt_arch_prefix}readelf" >/dev/null 2>&1; then pr_debug "readelf not found" g_kernel_err="missing '${opt_arch_prefix}readelf' tool, please install it, usually it's in the 'binutils' package" - elif [ "$opt_sysfs_only" = 1 ] || [ "$opt_hw_only" = 1 ]; then + elif [ "$opt_sysfs_only" = 1 ] || [ "$g_mode" = hw-only ]; then g_kernel_err='kernel image decompression skipped' else extract_kernel "$opt_kernel" @@ -251,7 +251,7 @@ else fi if [ -n "$g_kernel_version" ]; then # in live mode, check if the img we found is the correct one - if [ "$opt_runtime" = 1 ]; then + if has_runtime; then pr_verbose "Kernel image is \033[35m$g_kernel_version" if ! echo "$g_kernel_version" | grep -qF "$(uname -r)"; then pr_warn "Possible discrepancy between your running kernel '$(uname -r)' and the image '$g_kernel_version' we found ($opt_kernel), results might be incorrect" @@ -283,7 +283,7 @@ sys_interface_check() { msg='' ret_sys_interface_check_fullmsg='' - if [ "$opt_runtime" = 1 ] && [ "$opt_no_sysfs" = 0 ] && [ -r "$file" ]; then + if has_runtime && [ "$opt_no_sysfs" = 0 ] && [ -r "$file" ]; then : else g_mockme=$(printf "%b\n%b" "$g_mockme" "SMC_MOCK_SYSFS_$(basename "$file")_RET=1") @@ -352,7 +352,7 @@ sys_interface_check() { check_kernel_info() { local config_display pr_info "\033[1;34mKernel information\033[0m" - if [ "$opt_runtime" = 1 ]; then + if has_runtime; then pr_info "* Kernel is \033[35m$g_os $(uname -r) $(uname -v) $(uname -m)\033[0m" elif [ -n "$g_kernel_version" ]; then pr_info "* Kernel is \033[35m$g_kernel_version\033[0m" @@ -456,7 +456,7 @@ check_cpu() { ret=invalid pstatus yellow NO "unknown CPU" fi - if [ -z "$cap_ibrs" ] && [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_runtime" = 1 ]; then + if [ -z "$cap_ibrs" ] && [ $ret = $READ_CPUID_RET_ERR ] && has_runtime; then # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo if grep ^flags "$g_procfs/cpuinfo" | grep -qw ibrs; then cap_ibrs='IBRS (cpuinfo)' @@ -533,7 +533,7 @@ check_cpu() { if [ $ret = $READ_CPUID_RET_OK ]; then cap_ibpb='IBPB_SUPPORT' pstatus green YES "IBPB_SUPPORT feature bit" - elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_runtime" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw ibpb; then + elif [ $ret = $READ_CPUID_RET_ERR ] && has_runtime && grep ^flags "$g_procfs/cpuinfo" | grep -qw ibpb; then # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo cap_ibpb='IBPB (cpuinfo)' pstatus green YES "ibpb flag in $g_procfs/cpuinfo" @@ -604,7 +604,7 @@ check_cpu() { ret=invalid pstatus yellow UNKNOWN "unknown CPU" fi - if [ -z "$cap_stibp" ] && [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_runtime" = 1 ]; then + if [ -z "$cap_stibp" ] && [ $ret = $READ_CPUID_RET_ERR ] && has_runtime; then # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo if grep ^flags "$g_procfs/cpuinfo" | grep -qw stibp; then cap_stibp='STIBP (cpuinfo)' @@ -676,7 +676,7 @@ check_cpu() { fi fi - if [ -z "$cap_ssbd" ] && [ "$ret24" = $READ_CPUID_RET_ERR ] && [ "$ret25" = $READ_CPUID_RET_ERR ] && [ "$opt_runtime" = 1 ]; then + if [ -z "$cap_ssbd" ] && [ "$ret24" = $READ_CPUID_RET_ERR ] && [ "$ret25" = $READ_CPUID_RET_ERR ] && has_runtime; then # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo if grep ^flags "$g_procfs/cpuinfo" | grep -qw ssbd; then cap_ssbd='SSBD (cpuinfo)' @@ -740,7 +740,7 @@ check_cpu() { if [ $ret = $READ_CPUID_RET_OK ]; then pstatus green YES "L1D flush feature bit" cap_l1df=1 - elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_runtime" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw flush_l1d; then + elif [ $ret = $READ_CPUID_RET_ERR ] && has_runtime && grep ^flags "$g_procfs/cpuinfo" | grep -qw flush_l1d; then # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo pstatus green YES "flush_l1d flag in $g_procfs/cpuinfo" cap_l1df=1 @@ -760,7 +760,7 @@ check_cpu() { if [ $ret = $READ_CPUID_RET_OK ]; then cap_md_clear=1 pstatus green YES "MD_CLEAR feature bit" - elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_runtime" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw md_clear; then + elif [ $ret = $READ_CPUID_RET_ERR ] && has_runtime && grep ^flags "$g_procfs/cpuinfo" | grep -qw md_clear; then # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo cap_md_clear=1 pstatus green YES "md_clear flag in $g_procfs/cpuinfo" @@ -830,7 +830,7 @@ check_cpu() { if [ $ret = $READ_CPUID_RET_OK ]; then pstatus green YES cap_arch_capabilities=1 - elif [ $ret = $READ_CPUID_RET_ERR ] && [ "$opt_runtime" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw arch_capabilities; then + elif [ $ret = $READ_CPUID_RET_ERR ] && has_runtime && grep ^flags "$g_procfs/cpuinfo" | grep -qw arch_capabilities; then # CPUID device unavailable (e.g. in a VM): fall back to /proc/cpuinfo pstatus green YES "arch_capabilities flag in $g_procfs/cpuinfo" cap_arch_capabilities=1 diff --git a/src/main.sh b/src/main.sh index 1f8d546..6be69cb 100644 --- a/src/main.sh +++ b/src/main.sh @@ -14,7 +14,7 @@ fi pr_info -if [ "$opt_no_hw" = 0 ] && [ -z "$opt_arch_prefix" ]; then +if [ "$g_mode" != no-hw ] && [ -z "$opt_arch_prefix" ]; then pr_info "\033[1;34mHardware check\033[0m" check_cpu check_cpu_vulnerabilities @@ -24,7 +24,7 @@ fi # Build JSON system/cpu/microcode sections (after check_cpu has populated cap_* vars and VMM detection) if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "json" ]; then _build_json_system - if [ "$opt_no_hw" = 0 ] && [ -z "$opt_arch_prefix" ]; then + if [ "$g_mode" != no-hw ] && [ -z "$opt_arch_prefix" ]; then _build_json_cpu _build_json_cpu_microcode fi @@ -33,18 +33,22 @@ fi # Build Prometheus info metric lines (same timing requirement as JSON builders above) if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "prometheus" ]; then _build_prometheus_system_info - if [ "$opt_no_hw" = 0 ] && [ -z "$opt_arch_prefix" ]; then + if [ "$g_mode" != no-hw ] && [ -z "$opt_arch_prefix" ]; then _build_prometheus_cpu_info fi fi -# now run the checks the user asked for -for cve in $g_supported_cve_list; do - if [ "$opt_cve_all" = 1 ] || echo "$opt_cve_list" | grep -qw "$cve"; then - check_"$(echo "$cve" | tr - _)" - pr_info - fi -done +# now run the checks the user asked for (hw-only mode skips CVE checks) +if [ "$g_mode" = hw-only ]; then + pr_info "Hardware-only mode, skipping vulnerability checks" +else + for cve in $g_supported_cve_list; do + if [ "$opt_cve_all" = 1 ] || echo "$opt_cve_list" | grep -qw "$cve"; then + check_"$(echo "$cve" | tr - _)" + pr_info + fi + done +fi # g_mode != hw-only if [ -n "$g_final_summary" ]; then pr_info "> \033[46m\033[30mSUMMARY:\033[0m$g_final_summary" @@ -171,15 +175,7 @@ fi if [ "$opt_batch" = 1 ] && [ "$opt_batch_format" = "prometheus" ]; then prom_run_as_root='false' [ "$(id -u)" -eq 0 ] && prom_run_as_root='true' - if [ "$opt_hw_only" = 1 ]; then - prom_mode='hw-only' - elif [ "$opt_no_hw" = 1 ]; then - prom_mode='no-hw' - elif [ "$opt_runtime" = 0 ]; then - prom_mode='no-runtime' - else - prom_mode='live' - fi + prom_mode="$g_mode" prom_paranoid='false' [ "$opt_paranoid" = 1 ] && prom_paranoid='true' prom_sysfs_only='false' diff --git a/src/vulns-helpers/check_mds.sh b/src/vulns-helpers/check_mds.sh index 09b273e..e45c27b 100644 --- a/src/vulns-helpers/check_mds.sh +++ b/src/vulns-helpers/check_mds.sh @@ -3,7 +3,7 @@ check_mds_bsd() { local kernel_md_clear kernel_smt_allowed kernel_mds_enabled kernel_mds_state pr_info_nol "* Kernel supports using MD_CLEAR mitigation: " - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then if sysctl hw.mds_disable >/dev/null 2>&1; then pstatus green YES kernel_md_clear=1 @@ -76,7 +76,7 @@ check_mds_bsd() { else if [ "$cap_md_clear" = 1 ]; then if [ "$kernel_md_clear" = 1 ]; then - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then # mitigation must also be enabled if [ "$kernel_mds_enabled" -ge 1 ]; then if [ "$opt_paranoid" != 1 ] || [ "$kernel_smt_allowed" = 0 ]; then @@ -95,7 +95,7 @@ check_mds_bsd() { pvulnstatus "$cve" VULN "Your microcode supports mitigation, but your kernel doesn't, upgrade it to mitigate the vulnerability" fi else - if [ "$kernel_md_clear" = 1 ] && [ "$opt_runtime" = 1 ]; then + if [ "$kernel_md_clear" = 1 ] && [ "$g_mode" = live ]; then # no MD_CLEAR in microcode, but FreeBSD may still have software-only mitigation active case "$kernel_mds_state" in software*) @@ -138,7 +138,7 @@ check_mds_linux() { if is_x86_kernel; then pr_info_nol "* Kernel supports using MD_CLEAR mitigation: " kernel_md_clear_can_tell=1 - if [ "$opt_runtime" = 1 ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw md_clear; then + if [ "$g_mode" = live ] && grep ^flags "$g_procfs/cpuinfo" | grep -qw md_clear; then kernel_md_clear="md_clear found in $g_procfs/cpuinfo" pstatus green YES "$kernel_md_clear" fi @@ -161,7 +161,7 @@ check_mds_linux() { fi fi - if [ "$opt_runtime" = 1 ] && [ "$sys_interface_available" = 1 ]; then + if [ "$g_mode" = live ] && [ "$sys_interface_available" = 1 ]; then pr_info_nol "* Kernel mitigation is enabled and active: " if echo "$ret_sys_interface_check_fullmsg" | grep -qi ^mitigation; then mds_mitigated=1 @@ -194,7 +194,7 @@ check_mds_linux() { # compute mystatus and mymsg from our own logic if [ "$cap_md_clear" = 1 ]; then if [ -n "$kernel_md_clear" ]; then - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then # mitigation must also be enabled if [ "$mds_mitigated" = 1 ]; then if [ "$opt_paranoid" != 1 ] || [ "$mds_smt_mitigated" = 1 ]; then diff --git a/src/vulns-helpers/check_mmio.sh b/src/vulns-helpers/check_mmio.sh index 122462b..c567cda 100644 --- a/src/vulns-helpers/check_mmio.sh +++ b/src/vulns-helpers/check_mmio.sh @@ -165,7 +165,7 @@ check_mmio_linux() { pstatus yellow NO fi - if [ "$opt_runtime" = 1 ] && [ "$sys_interface_available" = 1 ]; then + if [ "$g_mode" = live ] && [ "$sys_interface_available" = 1 ]; then pr_info_nol "* Kernel mitigation is enabled and active: " if echo "$ret_sys_interface_check_fullmsg" | grep -qi ^mitigation; then mmio_mitigated=1 @@ -198,7 +198,7 @@ check_mmio_linux() { # compute mystatus and mymsg from our own logic if [ "$cap_fb_clear" = 1 ]; then if [ -n "$kernel_mmio" ]; then - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then # mitigation must also be enabled if [ "$mmio_mitigated" = 1 ]; then if [ "$opt_paranoid" != 1 ] || [ "$mmio_smt_mitigated" = 1 ]; then diff --git a/src/vulns/CVE-2017-5715.sh b/src/vulns/CVE-2017-5715.sh index eb1fc33..d672bb3 100644 --- a/src/vulns/CVE-2017-5715.sh +++ b/src/vulns/CVE-2017-5715.sh @@ -269,7 +269,7 @@ check_CVE_2017_5715_linux() { g_ibpb_supported='' g_ibpb_enabled='' - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then # in live mode, we can check for the ibrs_enabled file in debugfs # all versions of the patches have it (NOT the case of IBPB or KPTI) g_ibrs_can_tell=1 @@ -420,7 +420,7 @@ check_CVE_2017_5715_linux() { fi pr_info_nol " * IBRS enabled and active: " - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then if [ "$g_ibpb_enabled" = 2 ]; then # if ibpb=2, ibrs is forcefully=0 pstatus blue NO "IBPB used instead of IBRS in all kernel entrypoints" @@ -471,7 +471,7 @@ check_CVE_2017_5715_linux() { fi pr_info_nol " * IBPB enabled and active: " - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then case "$g_ibpb_enabled" in "") if [ "$g_ibrs_supported" = 1 ]; then @@ -554,7 +554,7 @@ check_CVE_2017_5715_linux() { # # since 5.15.28, this is now "Retpolines" as the implementation was switched to a generic one, # so we look for both "retpoline" and "retpolines" - if [ "$opt_runtime" = 1 ] && [ -n "$ret_sys_interface_check_fullmsg" ]; then + if [ "$g_mode" = live ] && [ -n "$ret_sys_interface_check_fullmsg" ]; then if echo "$ret_sys_interface_check_fullmsg" | grep -qwi -e retpoline -e retpolines; then if echo "$ret_sys_interface_check_fullmsg" | grep -qwi minimal; then retpoline_compiler=0 @@ -605,7 +605,7 @@ check_CVE_2017_5715_linux() { # only Red Hat has a tunable to disable it on runtime retp_enabled=-1 - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then if [ -e "$g_specex_knob_dir/retp_enabled" ]; then retp_enabled=$(cat "$g_specex_knob_dir/retp_enabled" 2>/dev/null) pr_debug "retpoline: found $g_specex_knob_dir/retp_enabled=$retp_enabled" @@ -635,7 +635,7 @@ check_CVE_2017_5715_linux() { if is_vulnerable_to_empty_rsb || [ "$opt_verbose" -ge 2 ]; then pr_info_nol " * Kernel supports RSB filling: " rsb_filling=0 - if [ "$opt_runtime" = 1 ] && [ "$opt_no_sysfs" != 1 ]; then + if [ "$g_mode" = live ] && [ "$opt_no_sysfs" != 1 ]; then # if we're live and we aren't denied looking into /sys, let's do it if echo "$ret_sys_interface_check_fullmsg" | grep -qw RSB; then rsb_filling=1 @@ -728,7 +728,7 @@ check_CVE_2017_5715_linux() { *", IBPB"* | *"; IBPB"*) v2_ibpb_mode=conditional ;; *) v2_ibpb_mode=disabled ;; esac - elif [ "$opt_runtime" = 1 ]; then + elif [ "$g_mode" = live ]; then case "$g_ibpb_enabled" in 2) v2_ibpb_mode=always-on ;; 1) v2_ibpb_mode=conditional ;; @@ -826,7 +826,7 @@ check_CVE_2017_5715_linux() { *"PBRSB-eIBRS: Vulnerable"*) v2_pbrsb_status=vulnerable ;; *) v2_pbrsb_status=unknown ;; esac - elif [ "$opt_runtime" != 1 ] && [ -n "$g_kernel" ]; then + elif [ "$g_mode" != live ] && [ -n "$g_kernel" ]; then if grep -q 'PBRSB-eIBRS' "$g_kernel" 2>/dev/null; then v2_pbrsb_status=sw-sequence else @@ -857,7 +857,7 @@ check_CVE_2017_5715_linux() { *"BHI: Vulnerable"*) v2_bhi_status=vulnerable ;; *) v2_bhi_status=unknown ;; esac - elif [ "$opt_runtime" != 1 ] && [ -n "$opt_config" ] && [ -r "$opt_config" ]; then + elif [ "$g_mode" != live ] && [ -n "$opt_config" ] && [ -r "$opt_config" ]; then if grep -q '^CONFIG_\(MITIGATION_\)\?SPECTRE_BHI' "$opt_config"; then if [ "$cap_bhi" = 1 ]; then v2_bhi_status=bhi_dis_s @@ -881,7 +881,7 @@ check_CVE_2017_5715_linux() { esac # --- v2_vuln_module --- - if [ "$opt_runtime" = 1 ] && [ -n "$ret_sys_interface_check_fullmsg" ]; then + if [ "$g_mode" = live ] && [ -n "$ret_sys_interface_check_fullmsg" ]; then pr_info_nol " * Non-retpoline module loaded: " if echo "$ret_sys_interface_check_fullmsg" | grep -q 'vulnerable module loaded'; then v2_vuln_module=1 @@ -982,7 +982,7 @@ check_CVE_2017_5715_linux() { if [ -n "${SMC_MOCK_UNPRIVILEGED_BPF_DISABLED:-}" ]; then _ebpf_disabled="$SMC_MOCK_UNPRIVILEGED_BPF_DISABLED" g_mocked=1 - elif [ "$opt_runtime" = 1 ] && [ -r "$g_procfs/sys/kernel/unprivileged_bpf_disabled" ]; then + elif [ "$g_mode" = live ] && [ -r "$g_procfs/sys/kernel/unprivileged_bpf_disabled" ]; then _ebpf_disabled=$(cat "$g_procfs/sys/kernel/unprivileged_bpf_disabled" 2>/dev/null) g_mockme=$(printf "%b\n%b" "$g_mockme" "SMC_MOCK_UNPRIVILEGED_BPF_DISABLED='$_ebpf_disabled'") fi @@ -1170,7 +1170,7 @@ check_CVE_2017_5715_linux() { pvulnstatus "$cve" OK "Full IBPB is mitigating the vulnerability" # No-runtime mode fallback - elif [ "$opt_runtime" != 1 ]; then + elif [ "$g_mode" != live ]; then if [ "$retpoline" = 1 ] && [ -n "$g_ibpb_supported" ]; then pvulnstatus "$cve" OK "no-runtime mode: kernel supports retpoline + IBPB to mitigate the vulnerability" elif [ -n "$g_ibrs_supported" ] && [ -n "$g_ibpb_supported" ]; then diff --git a/src/vulns/CVE-2017-5753.sh b/src/vulns/CVE-2017-5753.sh index 6750f7e..57dcf0a 100644 --- a/src/vulns/CVE-2017-5753.sh +++ b/src/vulns/CVE-2017-5753.sh @@ -101,60 +101,48 @@ check_CVE_2017_5753_linux() { # For no-runtime analysis of these old kernels, match the specific instruction patterns. if [ -z "$v1_kernel_mitigated" ]; then pr_info_nol "* Kernel has array_index_mask_nospec (v4.15 binary pattern): " - # vanilla: look for the Linus' mask aka array_index_mask_nospec() - # that is inlined at least in raw_copy_from_user (__get_user_X symbols) - #mov PER_CPU_VAR(current_task), %_ASM_DX - #cmp TASK_addr_limit(%_ASM_DX),%_ASM_AX - #jae bad_get_user - # /* array_index_mask_nospec() are the 2 opcodes that follow */ - #+sbb %_ASM_DX, %_ASM_DX - #+and %_ASM_DX, %_ASM_AX - #ASM_STAC - # x86 64bits: jae(0x0f 0x83 0x?? 0x?? 0x?? 0x??) sbb(0x48 0x19 0xd2) and(0x48 0x21 0xd0) - # x86 32bits: cmp(0x3b 0x82 0x?? 0x?? 0x00 0x00) jae(0x73 0x??) sbb(0x19 0xd2) and(0x21 0xd0) - # - # arm32 - ##ifdef CONFIG_THUMB2_KERNEL - ##define CSDB ".inst.w 0xf3af8014" - ##else - ##define CSDB ".inst 0xe320f014" e320f014 - ##endif - #asm volatile( - # "cmp %1, %2\n" e1500003 - #" sbc %0, %1, %1\n" e0c03000 - #CSDB - #: "=r" (mask) - #: "r" (idx), "Ir" (sz) - #: "cc"); - # - # http://git.arm.linux.org.uk/cgit/linux-arm.git/commit/?h=spectre&id=a78d156587931a2c3b354534aa772febf6c9e855 v1_mask_nospec='' if [ -n "$g_kernel_err" ]; then pstatus yellow UNKNOWN "couldn't check ($g_kernel_err)" - elif ! command -v perl >/dev/null 2>&1; then - pstatus yellow UNKNOWN "missing 'perl' binary, please install it" - else - perl -ne '/\x0f\x83....\x48\x19\xd2\x48\x21\xd0/ and $found++; END { exit($found ? 0 : 1) }' "$g_kernel" - ret=$? - if [ "$ret" -eq 0 ]; then - pstatus green YES "x86 64 bits array_index_mask_nospec()" - v1_mask_nospec="x86 64 bits array_index_mask_nospec" + elif is_x86_kernel; then + # x86: binary pattern matching for array_index_mask_nospec() + # x86 64bits: jae(0x0f 0x83 ....) sbb(0x48 0x19 0xd2) and(0x48 0x21 0xd0) + # x86 32bits: cmp(0x3b 0x82 .. .. 0x00 0x00) jae(0x73 ..) sbb(0x19 0xd2) and(0x21 0xd0) + if ! command -v perl >/dev/null 2>&1; then + pstatus yellow UNKNOWN "missing 'perl' binary, please install it" else - perl -ne '/\x3b\x82..\x00\x00\x73.\x19\xd2\x21\xd0/ and $found++; END { exit($found ? 0 : 1) }' "$g_kernel" + perl -ne '/\x0f\x83....\x48\x19\xd2\x48\x21\xd0/ and $found++; END { exit($found ? 0 : 1) }' "$g_kernel" ret=$? if [ "$ret" -eq 0 ]; then - pstatus green YES "x86 32 bits array_index_mask_nospec()" - v1_mask_nospec="x86 32 bits array_index_mask_nospec" + pstatus green YES "x86 64 bits array_index_mask_nospec()" + v1_mask_nospec="x86 64 bits array_index_mask_nospec" else - ret=$("${opt_arch_prefix}objdump" "$g_objdump_options" "$g_kernel" | grep -w -e f3af8014 -e e320f014 -B2 | grep -B1 -w sbc | grep -w -c cmp) - if [ "$ret" -gt 0 ]; then - pstatus green YES "$ret occurrence(s) found of arm 32 bits array_index_mask_nospec()" - v1_mask_nospec="arm 32 bits array_index_mask_nospec" + perl -ne '/\x3b\x82..\x00\x00\x73.\x19\xd2\x21\xd0/ and $found++; END { exit($found ? 0 : 1) }' "$g_kernel" + ret=$? + if [ "$ret" -eq 0 ]; then + pstatus green YES "x86 32 bits array_index_mask_nospec()" + v1_mask_nospec="x86 32 bits array_index_mask_nospec" else pstatus yellow NO fi fi fi + elif is_arm_kernel; then + # arm32: match CSDB instruction (0xf3af8014 Thumb2 or 0xe320f014 ARM) preceded by sbc+cmp + # http://git.arm.linux.org.uk/cgit/linux-arm.git/commit/?h=spectre&id=a78d156587931a2c3b354534aa772febf6c9e855 + if ! command -v "${opt_arch_prefix}objdump" >/dev/null 2>&1; then + pstatus yellow UNKNOWN "missing '${opt_arch_prefix}objdump' tool, please install it, usually it's in the binutils package" + else + ret=$("${opt_arch_prefix}objdump" "$g_objdump_options" "$g_kernel" | grep -w -e f3af8014 -e e320f014 -B2 | grep -B1 -w sbc | grep -w -c cmp) + if [ "$ret" -gt 0 ]; then + pstatus green YES "$ret occurrence(s) found of arm 32 bits array_index_mask_nospec()" + v1_mask_nospec="arm 32 bits array_index_mask_nospec" + else + pstatus yellow NO + fi + fi + else + pstatus yellow NO fi fi @@ -172,67 +160,69 @@ check_CVE_2017_5753_linux() { pstatus yellow NO fi - pr_info_nol "* Kernel has mask_nospec64 (arm64): " - #.macro mask_nospec64, idx, limit, tmp - #sub \tmp, \idx, \limit - #bic \tmp, \tmp, \idx - #and \idx, \idx, \tmp, asr #63 - #csdb - #.endm - #$ aarch64-linux-gnu-objdump -d vmlinux | grep -w bic -A1 -B1 | grep -w sub -A2 | grep -w and -B2 - #ffffff8008082e44: cb190353 sub x19, x26, x25 - #ffffff8008082e48: 8a3a0273 bic x19, x19, x26 - #ffffff8008082e4c: 8a93ff5a and x26, x26, x19, asr #63 - #ffffff8008082e50: d503229f hint #0x14 - # /!\ can also just be "csdb" instead of "hint #0x14" for native objdump - # - # if we already have a detection, don't bother disassembling the kernel, the answer is no. - if [ -n "$v1_kernel_mitigated" ] || [ -n "$v1_mask_nospec" ] || [ "$g_redhat_canonical_spectre" -gt 0 ]; then - pstatus yellow NO - elif [ -n "$g_kernel_err" ]; then - pstatus yellow UNKNOWN "couldn't check ($g_kernel_err)" - elif ! command -v perl >/dev/null 2>&1; then - pstatus yellow UNKNOWN "missing 'perl' binary, please install it" - elif ! command -v "${opt_arch_prefix}objdump" >/dev/null 2>&1; then - pstatus yellow UNKNOWN "missing '${opt_arch_prefix}objdump' tool, please install it, usually it's in the binutils package" - else - "${opt_arch_prefix}objdump" "$g_objdump_options" "$g_kernel" | perl -ne 'push @r, $_; /\s(hint|csdb)\s/ && $r[0]=~/\ssub\s+(x\d+)/ && $r[1]=~/\sbic\s+$1,\s+$1,/ && $r[2]=~/\sand\s/ && exit(9); shift @r if @r>3' - ret=$? - if [ "$ret" -eq 9 ]; then - pstatus green YES "mask_nospec64 macro is present and used" - v1_mask_nospec="arm64 mask_nospec64" - else + if is_arm_kernel; then + pr_info_nol "* Kernel has mask_nospec64 (arm64): " + #.macro mask_nospec64, idx, limit, tmp + #sub \tmp, \idx, \limit + #bic \tmp, \tmp, \idx + #and \idx, \idx, \tmp, asr #63 + #csdb + #.endm + #$ aarch64-linux-gnu-objdump -d vmlinux | grep -w bic -A1 -B1 | grep -w sub -A2 | grep -w and -B2 + #ffffff8008082e44: cb190353 sub x19, x26, x25 + #ffffff8008082e48: 8a3a0273 bic x19, x19, x26 + #ffffff8008082e4c: 8a93ff5a and x26, x26, x19, asr #63 + #ffffff8008082e50: d503229f hint #0x14 + # /!\ can also just be "csdb" instead of "hint #0x14" for native objdump + # + # if we already have a detection, don't bother disassembling the kernel, the answer is no. + if [ -n "$v1_kernel_mitigated" ] || [ -n "$v1_mask_nospec" ] || [ "$g_redhat_canonical_spectre" -gt 0 ]; then pstatus yellow NO + elif [ -n "$g_kernel_err" ]; then + pstatus yellow UNKNOWN "couldn't check ($g_kernel_err)" + elif ! command -v perl >/dev/null 2>&1; then + pstatus yellow UNKNOWN "missing 'perl' binary, please install it" + elif ! command -v "${opt_arch_prefix}objdump" >/dev/null 2>&1; then + pstatus yellow UNKNOWN "missing '${opt_arch_prefix}objdump' tool, please install it, usually it's in the binutils package" + else + "${opt_arch_prefix}objdump" "$g_objdump_options" "$g_kernel" | perl -ne 'push @r, $_; /\s(hint|csdb)\s/ && $r[0]=~/\ssub\s+(x\d+)/ && $r[1]=~/\sbic\s+$1,\s+$1,/ && $r[2]=~/\sand\s/ && exit(9); shift @r if @r>3' + ret=$? + if [ "$ret" -eq 9 ]; then + pstatus green YES "mask_nospec64 macro is present and used" + v1_mask_nospec="arm64 mask_nospec64" + else + pstatus yellow NO + fi fi - fi - pr_info_nol "* Kernel has array_index_nospec (arm64): " - # in 4.19+ kernels, the mask_nospec64 asm64 macro is replaced by array_index_nospec, defined in nospec.h, and used in invoke_syscall() - # ffffff8008090a4c: 2a0203e2 mov w2, w2 - # ffffff8008090a50: eb0200bf cmp x5, x2 - # ffffff8008090a54: da1f03e2 ngc x2, xzr - # ffffff8008090a58: d503229f hint #0x14 - # /!\ can also just be "csdb" instead of "hint #0x14" for native objdump - # - # if we already have a detection, don't bother disassembling the kernel, the answer is no. - if [ -n "$v1_kernel_mitigated" ] || [ -n "$v1_mask_nospec" ] || [ "$g_redhat_canonical_spectre" -gt 0 ]; then - pstatus yellow NO - elif [ -n "$g_kernel_err" ]; then - pstatus yellow UNKNOWN "couldn't check ($g_kernel_err)" - elif ! command -v perl >/dev/null 2>&1; then - pstatus yellow UNKNOWN "missing 'perl' binary, please install it" - elif ! command -v "${opt_arch_prefix}objdump" >/dev/null 2>&1; then - pstatus yellow UNKNOWN "missing '${opt_arch_prefix}objdump' tool, please install it, usually it's in the binutils package" - else - "${opt_arch_prefix}objdump" "$g_objdump_options" "$g_kernel" | perl -ne 'push @r, $_; /\s(hint|csdb)\s/ && $r[0]=~/\smov\s+(w\d+),\s+(w\d+)/ && $r[1]=~/\scmp\s+(x\d+),\s+(x\d+)/ && $r[2]=~/\sngc\s+$2,/ && exit(9); shift @r if @r>3' - ret=$? - if [ "$ret" -eq 9 ]; then - pstatus green YES "array_index_nospec macro is present and used" - v1_mask_nospec="arm64 array_index_nospec" - else + pr_info_nol "* Kernel has array_index_nospec (arm64): " + # in 4.19+ kernels, the mask_nospec64 asm64 macro is replaced by array_index_nospec, defined in nospec.h, and used in invoke_syscall() + # ffffff8008090a4c: 2a0203e2 mov w2, w2 + # ffffff8008090a50: eb0200bf cmp x5, x2 + # ffffff8008090a54: da1f03e2 ngc x2, xzr + # ffffff8008090a58: d503229f hint #0x14 + # /!\ can also just be "csdb" instead of "hint #0x14" for native objdump + # + # if we already have a detection, don't bother disassembling the kernel, the answer is no. + if [ -n "$v1_kernel_mitigated" ] || [ -n "$v1_mask_nospec" ] || [ "$g_redhat_canonical_spectre" -gt 0 ]; then pstatus yellow NO + elif [ -n "$g_kernel_err" ]; then + pstatus yellow UNKNOWN "couldn't check ($g_kernel_err)" + elif ! command -v perl >/dev/null 2>&1; then + pstatus yellow UNKNOWN "missing 'perl' binary, please install it" + elif ! command -v "${opt_arch_prefix}objdump" >/dev/null 2>&1; then + pstatus yellow UNKNOWN "missing '${opt_arch_prefix}objdump' tool, please install it, usually it's in the binutils package" + else + "${opt_arch_prefix}objdump" "$g_objdump_options" "$g_kernel" | perl -ne 'push @r, $_; /\s(hint|csdb)\s/ && $r[0]=~/\smov\s+(w\d+),\s+(w\d+)/ && $r[1]=~/\scmp\s+(x\d+),\s+(x\d+)/ && $r[2]=~/\sngc\s+$2,/ && exit(9); shift @r if @r>3' + ret=$? + if [ "$ret" -eq 9 ]; then + pstatus green YES "array_index_nospec macro is present and used" + v1_mask_nospec="arm64 array_index_nospec" + else + pstatus yellow NO + fi fi - fi + fi # is_arm_kernel elif [ "$sys_interface_available" = 0 ]; then msg="/sys vulnerability interface use forced, but it's not available!" diff --git a/src/vulns/CVE-2017-5754.sh b/src/vulns/CVE-2017-5754.sh index 8376197..bbb6b17 100644 --- a/src/vulns/CVE-2017-5754.sh +++ b/src/vulns/CVE-2017-5754.sh @@ -104,7 +104,7 @@ check_CVE_2017_5754_linux() { mount_debugfs pr_info_nol " * PTI enabled and active: " - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then dmesg_grep="Kernel/User page tables isolation: enabled" dmesg_grep="$dmesg_grep|Kernel page table isolation enabled" dmesg_grep="$dmesg_grep|x86/pti: Unmapping kernel while in userspace" @@ -170,7 +170,7 @@ check_CVE_2017_5754_linux() { is_xen_dom0 && xen_pv_domo=1 is_xen_domU && xen_pv_domu=1 - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then # checking whether we're running under Xen PV 64 bits. If yes, we are affected by affected_variant3 # (unless we are a Dom0) pr_info_nol "* Running as a Xen PV DomU: " @@ -186,7 +186,7 @@ check_CVE_2017_5754_linux() { pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" elif [ -z "$msg" ]; then # if msg is empty, sysfs check didn't fill it, rely on our own test - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then if [ "$kpti_enabled" = 1 ]; then pvulnstatus "$cve" OK "PTI mitigates the vulnerability" elif [ "$xen_pv_domo" = 1 ]; then diff --git a/src/vulns/CVE-2018-12207.sh b/src/vulns/CVE-2018-12207.sh index 2a072b8..10b2904 100644 --- a/src/vulns/CVE-2018-12207.sh +++ b/src/vulns/CVE-2018-12207.sh @@ -36,7 +36,7 @@ check_CVE_2018_12207_linux() { fi pr_info_nol "* iTLB Multihit mitigation enabled and active: " - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then if [ -n "$ret_sys_interface_check_fullmsg" ]; then if echo "$ret_sys_interface_check_fullmsg" | grep -qF 'Mitigation'; then pstatus green YES "$ret_sys_interface_check_fullmsg" @@ -63,7 +63,7 @@ check_CVE_2018_12207_linux() { elif [ -z "$msg" ]; then # if msg is empty, sysfs check didn't fill it, rely on our own test if [ "$opt_sysfs_only" != 1 ]; then - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then # if we're in live mode and $msg is empty, sysfs file is not there so kernel is too old pvulnstatus "$cve" VULN "Your kernel doesn't support iTLB Multihit mitigation, update it" else diff --git a/src/vulns/CVE-2018-3620.sh b/src/vulns/CVE-2018-3620.sh index 26737e1..58370d5 100644 --- a/src/vulns/CVE-2018-3620.sh +++ b/src/vulns/CVE-2018-3620.sh @@ -37,7 +37,7 @@ check_CVE_2018_3620_linux() { fi pr_info_nol "* PTE inversion enabled and active: " - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then if [ -n "$ret_sys_interface_check_fullmsg" ]; then if echo "$ret_sys_interface_check_fullmsg" | grep -q 'Mitigation: PTE Inversion'; then pstatus green YES @@ -66,7 +66,7 @@ check_CVE_2018_3620_linux() { # if msg is empty, sysfs check didn't fill it, rely on our own test if [ "$opt_sysfs_only" != 1 ]; then if [ "$pteinv_supported" = 1 ]; then - if [ "$pteinv_active" = 1 ] || [ "$opt_runtime" != 1 ]; then + if [ "$pteinv_active" = 1 ] || [ "$g_mode" != live ]; then pvulnstatus "$cve" OK "PTE inversion mitigates the vulnerability" else pvulnstatus "$cve" VULN "Your kernel supports PTE inversion but it doesn't seem to be enabled" diff --git a/src/vulns/CVE-2018-3639.sh b/src/vulns/CVE-2018-3639.sh index 3762904..f6ca26f 100644 --- a/src/vulns/CVE-2018-3639.sh +++ b/src/vulns/CVE-2018-3639.sh @@ -18,7 +18,7 @@ check_CVE_2018_3639_linux() { fi if [ "$opt_sysfs_only" != 1 ]; then pr_info_nol "* Kernel supports disabling speculative store bypass (SSB): " - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then if grep -Eq 'Speculation.?Store.?Bypass:' "$g_procfs/self/status" 2>/dev/null; then kernel_ssb="found in $g_procfs/self/status" pr_debug "found Speculation.Store.Bypass: in $g_procfs/self/status" @@ -57,7 +57,7 @@ check_CVE_2018_3639_linux() { fi kernel_ssbd_enabled=-1 - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then # https://elixir.bootlin.com/linux/v5.0/source/fs/proc/array.c#L340 pr_info_nol "* SSB mitigation is enabled and active: " if grep -Eq 'Speculation.?Store.?Bypass:[[:space:]]+thread' "$g_procfs/self/status" 2>/dev/null; then @@ -106,7 +106,7 @@ check_CVE_2018_3639_linux() { # if msg is empty, sysfs check didn't fill it, rely on our own test if [ -n "$cap_ssbd" ]; then if [ -n "$kernel_ssb" ]; then - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then if [ "$kernel_ssbd_enabled" -gt 0 ]; then pvulnstatus "$cve" OK "your CPU and kernel both support SSBD and mitigation is enabled" else diff --git a/src/vulns/CVE-2018-3646.sh b/src/vulns/CVE-2018-3646.sh index dd70ca9..20f1fef 100644 --- a/src/vulns/CVE-2018-3646.sh +++ b/src/vulns/CVE-2018-3646.sh @@ -69,14 +69,19 @@ check_CVE_2018_3646_linux() { pr_info "* Mitigation 1 (KVM)" pr_info_nol " * EPT is disabled: " ept_disabled=-1 - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then if ! [ -r "$SYS_MODULE_BASE/kvm_intel/parameters/ept" ]; then pstatus blue N/A "the kvm_intel module is not loaded" - elif [ "$(cat "$SYS_MODULE_BASE/kvm_intel/parameters/ept")" = N ]; then - pstatus green YES - ept_disabled=1 else - pstatus yellow NO + ept_value="$(cat "$SYS_MODULE_BASE/kvm_intel/parameters/ept" 2>/dev/null || echo ERROR)" + if [ "$ept_value" = N ]; then + pstatus green YES + ept_disabled=1 + elif [ "$ept_value" = ERROR ]; then + pstatus yellow UNK "Couldn't read $SYS_MODULE_BASE/kvm_intel/parameters/ept" + else + pstatus yellow NO + fi fi else pstatus blue N/A "not testable in no-runtime mode" @@ -84,7 +89,7 @@ check_CVE_2018_3646_linux() { pr_info "* Mitigation 2" pr_info_nol " * L1D flush is supported by kernel: " - if [ "$opt_runtime" = 1 ] && grep -qw flush_l1d "$g_procfs/cpuinfo"; then + if [ "$g_mode" = live ] && grep -qw flush_l1d "$g_procfs/cpuinfo"; then l1d_kernel="found flush_l1d in $g_procfs/cpuinfo" fi if [ -z "$l1d_kernel" ]; then @@ -106,7 +111,7 @@ check_CVE_2018_3646_linux() { fi pr_info_nol " * L1D flush enabled: " - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then if [ -n "$ret_sys_interface_check_fullmsg" ]; then # vanilla: VMX: $l1dstatus, SMT $smtstatus # Red Hat: VMX: SMT $smtstatus, L1D $l1dstatus @@ -156,7 +161,7 @@ check_CVE_2018_3646_linux() { fi pr_info_nol " * Hardware-backed L1D flush supported: " - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then if grep -qw flush_l1d "$g_procfs/cpuinfo" || [ -n "$l1d_xen_hardware" ]; then pstatus green YES "performance impact of the mitigation will be greatly reduced" else diff --git a/src/vulns/CVE-2019-11135.sh b/src/vulns/CVE-2019-11135.sh index 96fcdcd..0781bd5 100644 --- a/src/vulns/CVE-2019-11135.sh +++ b/src/vulns/CVE-2019-11135.sh @@ -33,7 +33,7 @@ check_CVE_2019_11135_linux() { fi pr_info_nol "* TAA mitigation enabled and active: " - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then if [ -n "$ret_sys_interface_check_fullmsg" ]; then if echo "$ret_sys_interface_check_fullmsg" | grep -qE '^Mitigation'; then pstatus green YES "$ret_sys_interface_check_fullmsg" @@ -57,7 +57,7 @@ check_CVE_2019_11135_linux() { pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" elif [ -z "$msg" ]; then # if msg is empty, sysfs check didn't fill it, rely on our own test - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then # if we're in live mode and $msg is empty, sysfs file is not there so kernel is too old pvulnstatus "$cve" VULN "Your kernel doesn't support TAA mitigation, update it" else diff --git a/src/vulns/CVE-2020-0543.sh b/src/vulns/CVE-2020-0543.sh index 195de65..75607f0 100644 --- a/src/vulns/CVE-2020-0543.sh +++ b/src/vulns/CVE-2020-0543.sh @@ -32,7 +32,7 @@ check_CVE_2020_0543_linux() { pstatus yellow NO fi pr_info_nol "* SRBDS mitigation control is enabled and active: " - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then if [ -n "$ret_sys_interface_check_fullmsg" ]; then if echo "$ret_sys_interface_check_fullmsg" | grep -qE '^Mitigation'; then pstatus green YES "$ret_sys_interface_check_fullmsg" @@ -61,7 +61,7 @@ check_CVE_2020_0543_linux() { # SRBDS mitigation control is enabled if [ -z "$msg" ]; then # if msg is empty, sysfs check didn't fill it, rely on our own test - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then # if we're in live mode and $msg is empty, sysfs file is not there so kernel is too old pvulnstatus "$cve" OK "Your microcode is up to date for SRBDS mitigation control. The kernel needs to be updated" fi @@ -75,7 +75,7 @@ check_CVE_2020_0543_linux() { elif [ "$cap_srbds_on" = 0 ]; then # SRBDS mitigation control is disabled if [ -z "$msg" ]; then - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then # if we're in live mode and $msg is empty, sysfs file is not there so kernel is too old pvulnstatus "$cve" VULN "Your microcode is up to date for SRBDS mitigation control. The kernel needs to be updated. Mitigation is disabled" fi diff --git a/src/vulns/CVE-2022-29900.sh b/src/vulns/CVE-2022-29900.sh index 5728142..ebb83a0 100644 --- a/src/vulns/CVE-2022-29900.sh +++ b/src/vulns/CVE-2022-29900.sh @@ -174,7 +174,7 @@ check_CVE_2022_29900_linux() { # Zen/Zen+/Zen2: check IBPB microcode support and SMT if [ "$cpu_family" = $((0x17)) ]; then pr_info_nol "* CPU supports IBPB: " - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then if [ -n "$cap_ibpb" ]; then pstatus green YES "$cap_ibpb" else @@ -217,7 +217,7 @@ check_CVE_2022_29900_linux() { "doesn't fully protect cross-thread speculation." elif [ -z "$kernel_unret" ] && [ -z "$kernel_ibpb_entry" ]; then pvulnstatus "$cve" VULN "Your kernel doesn't have either UNRET_ENTRY or IBPB_ENTRY compiled-in" - elif [ "$smt_enabled" = 0 ] && [ -z "$cap_ibpb" ] && [ "$opt_runtime" = 1 ]; then + elif [ "$smt_enabled" = 0 ] && [ -z "$cap_ibpb" ] && [ "$g_mode" = live ]; then pvulnstatus "$cve" VULN "SMT is enabled and your microcode doesn't support IBPB" explain "Update your CPU microcode to get IBPB support, or disable SMT by adding\n" \ "\`nosmt\` to your kernel command line." diff --git a/src/vulns/CVE-2022-29901.sh b/src/vulns/CVE-2022-29901.sh index b712556..069b8c3 100644 --- a/src/vulns/CVE-2022-29901.sh +++ b/src/vulns/CVE-2022-29901.sh @@ -84,7 +84,7 @@ check_CVE_2022_29901_linux() { fi pr_info_nol "* CPU supports Enhanced IBRS (IBRS_ALL): " - if [ "$opt_runtime" = 1 ] || [ "$cap_ibrs_all" != -1 ]; then + if [ "$g_mode" = live ] || [ "$cap_ibrs_all" != -1 ]; then if [ "$cap_ibrs_all" = 1 ]; then pstatus green YES elif [ "$cap_ibrs_all" = 0 ]; then @@ -97,7 +97,7 @@ check_CVE_2022_29901_linux() { fi pr_info_nol "* CPU has RSB Alternate Behavior (RSBA): " - if [ "$opt_runtime" = 1 ] || [ "$cap_rsba" != -1 ]; then + if [ "$g_mode" = live ] || [ "$cap_rsba" != -1 ]; then if [ "$cap_rsba" = 1 ]; then pstatus yellow YES "this CPU is affected by RSB underflow" elif [ "$cap_rsba" = 0 ]; then diff --git a/src/vulns/CVE-2022-40982.sh b/src/vulns/CVE-2022-40982.sh index b23279b..60e5abc 100644 --- a/src/vulns/CVE-2022-40982.sh +++ b/src/vulns/CVE-2022-40982.sh @@ -145,7 +145,7 @@ check_CVE_2022_40982_linux() { if [ -n "$kernel_gds" ]; then pr_info_nol "* Kernel has disabled AVX as a mitigation: " - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then # Check dmesg message to see whether AVX has been disabled dmesg_grep 'Microcode update needed! Disabling AVX as mitigation' dmesgret=$? diff --git a/src/vulns/CVE-2023-20588.sh b/src/vulns/CVE-2023-20588.sh index ce1e466..9af287f 100644 --- a/src/vulns/CVE-2023-20588.sh +++ b/src/vulns/CVE-2023-20588.sh @@ -101,7 +101,7 @@ check_CVE_2023_20588_linux() { pr_info_nol "* DIV0 mitigation enabled and active: " cpuinfo_div0='' dmesg_div0='' - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then if [ -e "$g_procfs/cpuinfo" ] && grep -qw 'div0' "$g_procfs/cpuinfo" 2>/dev/null; then cpuinfo_div0=1 pstatus green YES "div0 found in $g_procfs/cpuinfo bug flags" @@ -141,7 +141,7 @@ check_CVE_2023_20588_linux() { pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" elif [ -z "$msg" ]; then if [ "$opt_sysfs_only" != 1 ]; then - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then # live mode: cpuinfo div0 flag is the strongest proof the mitigation is active if [ "$cpuinfo_div0" = 1 ] || [ "$dmesg_div0" = 1 ]; then _cve_2023_20588_pvulnstatus_smt diff --git a/src/vulns/CVE-2023-20593.sh b/src/vulns/CVE-2023-20593.sh index 26b46cf..93012b7 100644 --- a/src/vulns/CVE-2023-20593.sh +++ b/src/vulns/CVE-2023-20593.sh @@ -28,7 +28,7 @@ check_CVE_2023_20593_linux() { pstatus yellow NO fi pr_info_nol "* Zenbleed kernel mitigation enabled and active: " - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then # read the DE_CFG MSR, we want to check the 9th bit # don't do it on non-Zen2 AMD CPUs or later, aka Family 17h, # as the behavior could be unknown on others @@ -82,7 +82,7 @@ check_CVE_2023_20593_linux() { elif [ -z "$msg" ]; then # if msg is empty, sysfs check didn't fill it, rely on our own test zenbleed_print_vuln=0 - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then if [ "$fp_backup_fix" = 1 ] && [ "$ucode_zenbleed" = 1 ]; then # this should never happen, but if it does, it's interesting to know pvulnstatus "$cve" OK "Both your CPU microcode and kernel are mitigating Zenbleed" diff --git a/src/vulns/CVE-2023-28746.sh b/src/vulns/CVE-2023-28746.sh index 922404b..f571a4a 100644 --- a/src/vulns/CVE-2023-28746.sh +++ b/src/vulns/CVE-2023-28746.sh @@ -106,7 +106,7 @@ check_CVE_2023_28746_linux() { pstatus yellow NO fi - if [ "$opt_runtime" = 1 ] && [ "$sys_interface_available" = 1 ]; then + if [ "$g_mode" = live ] && [ "$sys_interface_available" = 1 ]; then pr_info_nol "* RFDS mitigation is enabled and active: " if echo "$ret_sys_interface_check_fullmsg" | grep -qi '^Mitigation'; then rfds_mitigated=1 @@ -129,7 +129,7 @@ check_CVE_2023_28746_linux() { if [ "$opt_sysfs_only" != 1 ]; then if [ "$cap_rfds_clear" = 1 ]; then if [ -n "$kernel_rfds" ]; then - if [ "$opt_runtime" = 1 ]; then + if [ "$g_mode" = live ]; then if [ "$rfds_mitigated" = 1 ]; then pvulnstatus "$cve" OK "Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled" else From 48454a534451e922c3e13e696f98cd07b6459fdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Fri, 10 Apr 2026 19:50:15 +0200 Subject: [PATCH 53/57] fix: remove useless checks under ARM for CVE-2023-28746 --- DEVELOPMENT.md | 11 +++--- src/vulns/CVE-2023-28746.sh | 70 ++++++++++++++++++++----------------- 2 files changed, 43 insertions(+), 38 deletions(-) diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index 82af7bd..a736e81 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -105,8 +105,8 @@ The entire tool is a single bash script with no external script dependencies. Ke - **Output/logging functions** (~line 253): `pr_warn`, `pr_info`, `pr_verbose`, `pr_debug`, `explain`, `pstatus`, `pvulnstatus` - verbosity-aware output with color support - **CPU detection** (~line 2171): `parse_cpu_details`, `is_intel`/`is_amd`/`is_hygon`, `read_cpuid`, `read_msr`, `is_cpu_smt_enabled` - hardware identification via CPUID/MSR registers -- **Kernel architecture detection** (`src/libs/365_kernel_arch.sh`): `is_arm_kernel`/`is_x86_kernel` - detects the target kernel's architecture (not the host CPU) using kernel artifacts (System.map symbols, kconfig, kernel image), with `cpu_vendor` as a fast path for live mode. Results are cached in `g_kernel_arch`. Use these helpers to guard arch-specific kernel/kconfig/System.map checks and to select the appropriate verdict messages -- **CPU architecture detection** (`src/libs/360_cpu_smt.sh`): `is_x86_cpu`/`is_arm_cpu` - detects the host CPU's architecture via `cpu_vendor`. Use these to gate hardware operations (CPUID, MSR, microcode). Always use positive logic: `if is_x86_cpu` (not `if ! is_arm_cpu`) +- **Kernel architecture detection** (`src/libs/365_kernel_arch.sh`): `is_arm_kernel`/`is_x86_kernel` - detects the **target kernel's** architecture (not the host CPU) using kernel artifacts (System.map symbols, kconfig, kernel image), with `cpu_vendor` as a fast path for live mode. Results are cached in `g_kernel_arch`. Use these helpers to guard arch-specific kernel/kconfig/System.map checks and to select the appropriate verdict messages. In no-hw mode, the target kernel may differ from the host CPU architecture. +- **CPU architecture detection** (`src/libs/360_cpu_smt.sh`): `is_x86_cpu`/`is_arm_cpu` - detects the **host CPU's** architecture via `cpu_vendor`. Use these to gate hardware operations (CPUID, MSR, microcode) that require the physical CPU to be present. Always use positive logic: `if is_x86_cpu` (not `if ! is_arm_cpu`). These two sets of helpers are independent β€” a vuln check may need both, each guarding different lines. - **Microcode database** (embedded): Intel/AMD microcode version lookup via `read_mcedb`/`read_inteldb`; updated automatically via `.github/workflows/autoupdate.yml` - **Kernel analysis** (~line 1568): `extract_kernel`, `try_decompress` - extracts and inspects kernel images (handles gzip, bzip2, xz, lz4, zstd compression) - **Vulnerability checks**: 19 `check_CVE__()` functions, each with `_linux()` and `_bsd()` variants. Uses whitelist logic (assumes affected unless proven otherwise) @@ -396,9 +396,10 @@ This is where the real detection lives. Check for mitigations at each layer: Use **positive logic** β€” always `if is_x86_kernel` (not `if ! is_arm_kernel`) and `if is_x86_cpu` (not `if ! is_arm_cpu`). This ensures unknown architectures (MIPS, RISC-V, PowerPC) are handled safely by defaulting to "skip" rather than "execute." - Two sets of helpers serve different purposes: - - **`is_x86_kernel`/`is_arm_kernel`**: Gate kernel artifact checks (kernel image strings, kconfig, System.map). - - **`is_x86_cpu`/`is_arm_cpu`**: Gate hardware operations (CPUID, MSR, `/proc/cpuinfo` flags). + Two sets of helpers serve different purposes β€” in no-hw mode the host CPU and the kernel being inspected can be different architectures, so the correct guard depends on what is being checked: + - **`is_x86_kernel`/`is_arm_kernel`**: Gate checks that inspect **kernel artifacts** (kernel image strings, kconfig, System.map). These detect the architecture of the target kernel, not the host, so they work correctly in offline/no-hw mode when analyzing a foreign kernel. + - **`is_x86_cpu`/`is_arm_cpu`**: Gate **hardware operations** that require the host CPU to be a given architecture (CPUID, MSR reads, `/proc/cpuinfo` flags, microcode version checks). These always reflect the running host CPU. + - Within a single vuln check, you may need **both** guards independently β€” e.g. `is_x86_cpu` for the microcode/MSR check and `is_x86_kernel` for the kernel image grep, not one wrapping the other. Example: ```sh diff --git a/src/vulns/CVE-2023-28746.sh b/src/vulns/CVE-2023-28746.sh index f571a4a..d79018a 100644 --- a/src/vulns/CVE-2023-28746.sh +++ b/src/vulns/CVE-2023-28746.sh @@ -69,44 +69,48 @@ check_CVE_2023_28746_linux() { fi if [ "$opt_sysfs_only" != 1 ]; then - pr_info_nol "* CPU microcode mitigates the vulnerability: " - if [ "$cap_rfds_clear" = 1 ]; then - pstatus green YES "RFDS_CLEAR capability indicated by microcode" - elif [ "$cap_rfds_clear" = 0 ]; then - pstatus yellow NO - else - pstatus yellow UNKNOWN "couldn't read MSR" - fi - - pr_info_nol "* Kernel supports RFDS mitigation (VERW on transitions): " - kernel_rfds='' - kernel_rfds_err='' - if [ -n "$g_kernel_err" ]; then - kernel_rfds_err="$g_kernel_err" - elif is_x86_kernel && grep -q 'Clear Register File' "$g_kernel"; then - kernel_rfds="found 'Clear Register File' string in kernel image" - elif is_x86_kernel && grep -q 'reg_file_data_sampling' "$g_kernel"; then - kernel_rfds="found reg_file_data_sampling in kernel image" - fi - if [ -z "$kernel_rfds" ] && is_x86_kernel && [ -r "$opt_config" ]; then - if grep -q '^CONFIG_MITIGATION_RFDS=y' "$opt_config"; then - kernel_rfds="RFDS mitigation config option found enabled in kernel config" + if is_x86_cpu; then + pr_info_nol "* CPU microcode mitigates the vulnerability: " + if [ "$cap_rfds_clear" = 1 ]; then + pstatus green YES "RFDS_CLEAR capability indicated by microcode" + elif [ "$cap_rfds_clear" = 0 ]; then + pstatus yellow NO + else + pstatus yellow UNKNOWN "couldn't read MSR" fi fi - if [ -z "$kernel_rfds" ] && is_x86_kernel && [ -n "$opt_map" ]; then - if grep -q 'rfds_select_mitigation' "$opt_map"; then - kernel_rfds="found rfds_select_mitigation in System.map" + + if is_x86_kernel; then + pr_info_nol "* Kernel supports RFDS mitigation (VERW on transitions): " + kernel_rfds='' + kernel_rfds_err='' + if [ -n "$g_kernel_err" ]; then + kernel_rfds_err="$g_kernel_err" + elif grep -q 'Clear Register File' "$g_kernel"; then + kernel_rfds="found 'Clear Register File' string in kernel image" + elif grep -q 'reg_file_data_sampling' "$g_kernel"; then + kernel_rfds="found reg_file_data_sampling in kernel image" + fi + if [ -z "$kernel_rfds" ] && [ -r "$opt_config" ]; then + if grep -q '^CONFIG_MITIGATION_RFDS=y' "$opt_config"; then + kernel_rfds="RFDS mitigation config option found enabled in kernel config" + fi + fi + if [ -z "$kernel_rfds" ] && [ -n "$opt_map" ]; then + if grep -q 'rfds_select_mitigation' "$opt_map"; then + kernel_rfds="found rfds_select_mitigation in System.map" + fi + fi + if [ -n "$kernel_rfds" ]; then + pstatus green YES "$kernel_rfds" + elif [ -n "$kernel_rfds_err" ]; then + pstatus yellow UNKNOWN "$kernel_rfds_err" + else + pstatus yellow NO fi fi - if [ -n "$kernel_rfds" ]; then - pstatus green YES "$kernel_rfds" - elif [ -n "$kernel_rfds_err" ]; then - pstatus yellow UNKNOWN "$kernel_rfds_err" - else - pstatus yellow NO - fi - if [ "$g_mode" = live ] && [ "$sys_interface_available" = 1 ]; then + if is_x86_cpu && [ "$g_mode" = live ] && [ "$sys_interface_available" = 1 ]; then pr_info_nol "* RFDS mitigation is enabled and active: " if echo "$ret_sys_interface_check_fullmsg" | grep -qi '^Mitigation'; then rfds_mitigated=1 From 048ce5b6a2e31e2ffb789c04eb5f8e356732325f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Sat, 18 Apr 2026 10:56:21 +0000 Subject: [PATCH 54/57] enh: add FPDSS check for AMD Zen1/Zen+ (CVE-2025-54505) --- .github/workflows/daily_vuln_scan_prompt.md | 199 ++++++++++++++++++++ .github/workflows/expected_cve_count | 2 +- .github/workflows/vuln-scan.yml | 129 +++++++++++++ DEVELOPMENT.md | 7 +- dist/README.md | 6 + src/libs/002_core_globals.sh | 7 + src/libs/200_cpu_affected.sh | 21 ++- src/libs/230_util_optparse.sh | 6 +- src/vulns/CVE-2025-54505.sh | 151 +++++++++++++++ 9 files changed, 520 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/daily_vuln_scan_prompt.md create mode 100644 .github/workflows/vuln-scan.yml create mode 100644 src/vulns/CVE-2025-54505.sh diff --git a/.github/workflows/daily_vuln_scan_prompt.md b/.github/workflows/daily_vuln_scan_prompt.md new file mode 100644 index 0000000..7c4eeda --- /dev/null +++ b/.github/workflows/daily_vuln_scan_prompt.md @@ -0,0 +1,199 @@ +# Daily transient-execution vulnerability scan + +You are a scheduled agent running inside a GitHub Actions job. Your job +is to audit public news/advisory sources for **transient-execution and +CPU side-channel vulnerabilities** that may need to be added to +**spectre-meltdown-checker** (this repository). + +## What counts as "relevant" + +spectre-meltdown-checker detects, reports, and suggests mitigations for +CPU vulnerabilities such as: Spectre v1/v2/v4, Meltdown, Foreshadow/L1TF, +MDS (ZombieLoad/RIDL/Fallout), TAA, SRBDS, iTLB Multihit, Zenbleed, +Downfall (GDS), Retbleed, Inception, SRSO, BHI, RFDS, Reptar, FP-DSS, +and any similar microarchitectural side-channel or speculative-execution +issue on x86 (Intel/AMD) or ARM CPUs. It also surfaces related hardware +mitigation features (SMAP/SMEP/UMIP/IBPB/eIBRS/STIBP…) when they gate +the remediation for a tracked CVE. + +It does **not** track generic software CVEs, GPU driver bugs, networking +stacks, filesystem bugs, userspace crypto issues, or unrelated kernel +subsystems. + +## Inputs handed to you by the workflow + +- Working directory: the repo root (`/github/workspace` in Actions, or + wherever `actions/checkout` placed it). You may `grep` the repo to + check whether a CVE or codename is already covered. +- `state/seen.json` β€” memory carried over from the previous run, with + shape: + + ```json + { + "last_run": "2026-04-17T08:00:12Z", + "seen": { + "": { "bucket": "unrelated", "seen_at": "2026-04-17T08:00:12Z", "source": "phoronix" }, + "": { "bucket": "tocheck", "seen_at": "2026-04-17T08:00:12Z", "source": "oss-sec", "cve": "CVE-2026-1234" } + } + } + ``` + + On the very first run, or when the prior artifact has expired, + the file exists but `seen` is empty and `last_run` is `null`. + +- Environment: `SCAN_DATE` (ISO-8601 timestamp of the run start, set by + the workflow). Treat this as "now" for all time-window decisions. + +## Time window + +This is a belt-and-suspenders design β€” use **both** mechanisms: + +1. **Primary: stable-id dedup.** If an item's stable identifier (see + below) is already present in `state.seen`, skip it entirely β€” it + was classified on a previous day. +2. **Secondary: 25-hour window.** Among *new* items, prefer those whose + publication/update timestamp is within the last 25 h relative to + `SCAN_DATE`. This bounds work when the prior artifact expired + (90-day retention) or when `last_run` is stale (missed runs). + If `last_run` is older than 25 h, widen the window to + `now - last_run + 1h` so no items are lost across missed runs. +3. Items without a parseable timestamp: include them (fail-safe). + +## Sources to poll + +Fetch each URL with +`curl -sS -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36" -L --max-time 20`. +On non-2xx or timeout, record the failure in the run summary and +continue β€” do not abort. + +### RSS / Atom feeds (primary β€” parse feed timestamps) + +| Short name | URL | +|-----------------|-----| +| phoronix | https://www.phoronix.com/rss.php | +| oss-sec | https://seclists.org/rss/oss-sec.rss | +| lwn | https://lwn.net/headlines/newrss | +| project-zero | https://googleprojectzero.blogspot.com/feeds/posts/default | +| vusec | https://www.vusec.net/feed/ | +| comsec-eth | https://comsec.ethz.ch/category/news/feed/ | +| msrc | https://msrc.microsoft.com/update-guide/rss | +| cisa | https://www.cisa.gov/cybersecurity-advisories/all.xml | +| cert-cc | https://www.kb.cert.org/vuls/atomfeed/ | + +### HTML pages (no RSS β€” fetch, extract dated entries) + +| Short name | URL | +|-----------------|-----| +| intel-psirt | https://www.intel.com/content/www/us/en/security-center/default.html | +| amd-psirt | https://www.amd.com/en/resources/product-security.html | +| arm-spec | https://developer.arm.com/Arm%20Security%20Center/Speculative%20Processor%20Vulnerability | +| transient-fail | https://transient.fail/ | + +For HTML pages: look for advisory tables or listings with dates. Extract +the advisory title, permalink, and date. If a page has no dates at all, +compare its content against `state.seen` β€” any new advisory IDs not yet +classified count as "new this run". + +## Stable identifier per source + +Use the first available of these, in order, as the dedup key: + +1. Vendor advisory ID (`INTEL-SA-01234`, `AMD-SB-7001`, `ARM-2024-0042`, + `VU#123456`, `CVE-YYYY-NNNNN`) +2. RSS `` / Atom `` +3. Permalink URL (``) + +Always also record the permalink URL in the output file so a human can +click through. + +## Classification rules + +For each **new** item (not in `state.seen`) that passes the time window, +pick exactly one bucket: + +- **toimplement** β€” a clearly-identified new transient-execution / CPU + side-channel vulnerability in scope, **and not already covered by + this repo**. Verify the second half by grepping the repo for the CVE + ID *and* the codename before classifying; if either matches existing + code, demote to `tocheck`. +- **tocheck** β€” plausibly in-scope but ambiguous: mitigation-only + feature (LASS, IBT, APIC-virt, etc.); item seemingly already + implemented but worth confirming scope; unclear applicability + (e.g. embedded-only ARM SKU); CVE-ID pending; contradictory info + across sources. State clearly what would resolve the ambiguity. +- **unrelated** β€” everything else. + +Tie-breakers: prefer `tocheck` over `unrelated` when uncertain. Prefer +`tocheck` over `toimplement` when the CVE ID is still "reserved" / +"pending" β€” false positives in `toimplement` waste human time more than +false positives in `tocheck`. + +## Outputs + +Compute `TODAY=$(date -u -d "$SCAN_DATE" +%F)`. Write these files under +the repo root, overwriting if they already exist (they shouldn't unless +the workflow re-ran the same day): + +- `rss_${TODAY}_toimplement.md` +- `rss_${TODAY}_tocheck.md` +- `rss_${TODAY}_unrelated.md` + +Each file uses level-2 headers per source short-name, then one bullet +per item: the stable ID (if any), the permalink URL, and 1–2 sentences. +Keep entries terse β€” a human skims these daily. + +```markdown +## oss-sec +- **CVE-2026-1234** β€” https://www.openwall.com/lists/oss-security/2026/04/18/3 + New Intel transient-execution bug "Foo" disclosed today; affects + Redwood Cove cores, microcode fix pending. Not yet covered by this + repo (grepped for CVE-2026-1234 and "Foo" β€” no matches). + +## phoronix +- https://www.phoronix.com/news/Some-Article + Linux 7.2 drops a compiler-target flag; unrelated to CPU side channels. +``` + +If a bucket has no items, write the file with a single line +`(no new items in this window)` so it is obvious the job ran. + +### Run summary + +Append this block to the **tocheck** file (creating it if empty): + +```markdown +## Run summary +- SCAN_DATE: +- window cutoff: +- prior state size: entries, last_run= +- per-source new item counts: phoronix=, oss-sec=, lwn=, ... +- fetch failures: +- total classified this run: toimplement=, tocheck=, unrelated= +``` + +### State update + +Rewrite `state/seen.json` with: + +- `last_run` = `SCAN_DATE` +- `seen` = union of (pruned prior `seen`) βˆͺ (all items classified this + run, keyed by stable ID, with `{bucket, seen_at=SCAN_DATE, source, cve?}`) + +Pruning (keep state bounded): drop any entry whose `seen_at` is older +than 30 days before `SCAN_DATE`. The workflow step also does this as +a safety net, but do it here too so the in-memory view is consistent. + +## Guardrails + +- Do NOT modify any repo source code. Only write the three markdown + output files and `state/seen.json`. +- Do NOT create commits, branches, or PRs. +- Do NOT call any tool that posts externally (Slack, GitHub comments, + issues, email, etc.). +- Do NOT follow links off-site for deeper investigation unless strictly + needed to resolve a `tocheck` ambiguity β€” budget of at most 5 such + follow-ups per run. +- If a source returns unexpectedly large content, truncate to the first + ~200 items before parsing. +- If total runtime exceeds 15 minutes, finish whatever you can, + write partial outputs, and note it in the run summary. diff --git a/.github/workflows/expected_cve_count b/.github/workflows/expected_cve_count index e85087a..f5c8955 100644 --- a/.github/workflows/expected_cve_count +++ b/.github/workflows/expected_cve_count @@ -1 +1 @@ -31 +32 diff --git a/.github/workflows/vuln-scan.yml b/.github/workflows/vuln-scan.yml new file mode 100644 index 0000000..62ca910 --- /dev/null +++ b/.github/workflows/vuln-scan.yml @@ -0,0 +1,129 @@ +name: Online search for vulns + +on: + schedule: + - cron: '42 8 * * *' + workflow_dispatch: {} # allow manual trigger + +permissions: + contents: read + actions: read # needed to list/download previous run artifacts + id-token: write # needed to mint OIDC token + +concurrency: + group: vuln-scan + cancel-in-progress: true + +jobs: + scan: + runs-on: ubuntu-latest + timeout-minutes: 20 + + steps: + - name: Checkout repository (for grep-based dedup against existing checks) + uses: actions/checkout@v5 + with: + fetch-depth: 1 + persist-credentials: false + + # ---- Load previous state --------------------------------------------- + # Find the most recent successful run of THIS workflow (other than the + # current one) and pull its `vuln-scan-state` artifact. On the very + # first run there will be none β€” that's fine, we start empty. + - name: Find previous successful run id + id: prev + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + set -e + run_id=$(gh run list \ + --workflow="${{ github.workflow }}" \ + --status=success \ + --limit 1 \ + --json databaseId \ + --jq '.[0].databaseId // empty') + echo "run_id=${run_id}" >> "$GITHUB_OUTPUT" + if [ -n "$run_id" ]; then + echo "Found previous successful run: $run_id" + else + echo "No previous successful run β€” starting from empty state." + fi + + - name: Download previous state artifact + if: steps.prev.outputs.run_id != '' + uses: actions/download-artifact@v4 + continue-on-error: true # tolerate retention expiry + with: + name: vuln-scan-state + path: state/ + run-id: ${{ steps.prev.outputs.run_id }} + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Ensure state file exists + run: | + mkdir -p state + if [ ! -f state/seen.json ]; then + echo '{"last_run": null, "seen": {}}' > state/seen.json + echo "Initialized empty state." + fi + echo "State size: $(wc -c < state/seen.json) bytes" + + # ---- Run the scan ---------------------------------------------------- + # Runs Claude Code against daily_vuln_scan_prompt.md. + # That prompt file fully specifies: sources to poll, how to read + # state/seen.json, the 25-hour window, the output files to write, + # and how to rewrite state/seen.json at the end of the run. + - name: Research for online mentions of new vulns + id: scan + uses: anthropics/claude-code-action@v1 + env: + SCAN_DATE: ${{ github.run_started_at }} + with: + claude_args: | + --model claude-opus-4-7 --allowedTools "Read,Write,Edit,Bash,Grep,Glob,WebFetch" + prompt: | + Read the full task instructions from .github/workflows/daily_vuln_scan_prompt.md and execute them end-to-end. That file fully specifies: sources to poll, how to read and update state/seen.json, the 25-hour window, which rss_YYYY-MM-DD_*.md files to write, and the run guardrails. Use $SCAN_DATE (env var) as "now" for time-window decisions. + claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} + + - name: Upload Claude execution log + if: ${{ always() && steps.scan.outputs.execution_file != '' }} + uses: actions/upload-artifact@v4 + with: + name: claude-execution-log-${{ github.run_id }} + path: ${{ steps.scan.outputs.execution_file }} + retention-days: 30 + if-no-files-found: warn + + # ---- Persist outputs ------------------------------------------------- + - name: Prune state (keep only entries from the last 30 days) + run: | + python3 - <<'PY' + import json, datetime, pathlib + p = pathlib.Path("state/seen.json") + data = json.loads(p.read_text()) + cutoff = (datetime.datetime.utcnow() - datetime.timedelta(days=30)).isoformat() + before = len(data.get("seen", {})) + data["seen"] = { + k: v for k, v in data.get("seen", {}).items() + if v.get("seen_at", "9999") >= cutoff + } + after = len(data["seen"]) + p.write_text(json.dumps(data, indent=2, sort_keys=True)) + print(f"Pruned state: {before} -> {after} entries") + PY + + - name: Upload new state artifact + uses: actions/upload-artifact@v4 + with: + name: vuln-scan-state + path: state/seen.json + retention-days: 90 + if-no-files-found: error + + - name: Upload daily report + uses: actions/upload-artifact@v4 + with: + name: vuln-scan-report-${{ github.run_id }} + path: rss_*.md + retention-days: 90 + if-no-files-found: warn diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index a736e81..6043177 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -291,7 +291,12 @@ Before writing code, verify the CVE meets the inclusion criteria (see "CVE Inclu ### Step 1: Create the Vulnerability File -Create `src/vulns/CVE-YYYY-NNNNN.sh`. The file header must follow this exact format: +Create `src/vulns/CVE-YYYY-NNNNN.sh`. When no real CVE applies, two placeholder ranges are reserved: + +- **`CVE-0000-NNNN`** β€” permanent placeholder for supplementary `--extra`-only checks that will never receive a real CVE (e.g. SLS / compile-time hardening). +- **`CVE-9999-NNNN`** β€” temporary placeholder for real vulnerabilities awaiting CVE assignment. Once the real CVE is issued, rename the file, the registry entry, the `--variant` alias, and the function symbols across the codebase. + +The file header must follow this exact format: - **Line 1**: vim modeline (`# vim: set ts=4 sw=4 sts=4 et:`) - **Line 2**: 31 `#` characters (`###############################`) diff --git a/dist/README.md b/dist/README.md index 69d176f..3f50fe9 100644 --- a/dist/README.md +++ b/dist/README.md @@ -38,6 +38,7 @@ CVE | Name | Aliases [CVE-2024-36357](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357) | Transient Scheduler Attack, L1 | TSA-L1 [CVE-2025-40300](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40300) | VM-Exit Stale Branch Prediction | VMScape [CVE-2024-45332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45332) | Branch Privilege Injection | BPI +[CVE-2025-54505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54505) | AMD Zen1 Floating-Point Divider Stale Data Leak | FPDSS ## Am I at risk? @@ -77,6 +78,7 @@ CVE-2024-36350 (TSA-SQ) | πŸ’₯ | πŸ’₯ (1) | πŸ’₯ | πŸ’₯ (1) | Microcode + kernel CVE-2024-36357 (TSA-L1) | πŸ’₯ | πŸ’₯ (1) | πŸ’₯ | πŸ’₯ (1) | Microcode + kernel update CVE-2025-40300 (VMScape) | βœ… | βœ… | πŸ’₯ | βœ… | Kernel update (IBPB on VM-exit) CVE-2024-45332 (BPI) | πŸ’₯ | βœ… | πŸ’₯ | βœ… | Microcode update +CVE-2025-54505 (FPDSS) | πŸ’₯ | πŸ’₯ | πŸ’₯ | πŸ’₯ | Kernel update > πŸ’₯ Data can be leaked across this boundary. @@ -207,6 +209,10 @@ After a guest VM exits to the host, stale branch predictions from the guest can A race condition in the branch predictor update mechanism of Intel processors (Coffee Lake through Raptor Lake, plus some server and Atom parts) allows user-space branch predictions to briefly influence kernel-space speculative execution, undermining eIBRS and IBPB protections. This means systems relying solely on eIBRS for Spectre V2 mitigation may not be fully protected without the microcode fix. Mitigation requires a microcode update (intel-microcode 20250512+) that fixes the asynchronous branch predictor update timing so that eIBRS and IBPB work as originally intended. No kernel changes are required. Performance impact is negligible. +**CVE-2025-54505 β€” AMD Zen1 Floating-Point Divider Stale Data Leak (FPDSS)** + +On AMD Zen1 and Zen+ processors (EPYC 7001, EPYC Embedded 3000, Athlon 3000 with Radeon, Ryzen 3000 with Radeon, Ryzen PRO 3000 with Radeon Vega), the hardware floating-point divider can retain partial quotient data from previous operations. Under certain circumstances, those results can be leaked to another thread sharing the same divider, crossing any privilege boundary. This was assigned CVE-2025-54505 and published by AMD as AMD-SB-7053 on 2026-04-17. Mitigation requires a kernel update (mainline commit e55d98e77561, "x86/CPU: Fix FPDSS on Zen1", Linux 7.1) that sets bit 9 (ZEN1_DENORM_FIX_BIT) of MSR 0xc0011028 (MSR_AMD64_FP_CFG) unconditionally on every Zen1 CPU at boot, disabling the hardware optimization responsible for the leak. No microcode update is required: the chicken bit is present in Zen1 silicon from the factory and is independent of microcode revision. Performance impact is limited to a small reduction in floating-point divide throughput, which is why AMD does not enable the bit by default in hardware. +

HW8X5=yHUsR|Xm zfDU-`Y6`u`D1+L_BrgB)j!BVN%d5^>_8~J@$9)}e2Zz=LNT2F-QCd9isu65B5z($zt!Y2p zCAFh_x`S$yCKA*Mt(4=Jfps!*_YwHe4VZYkMrMO5IZIMhNHn-MB=7){XGALTO_~iy zU#vqV8Ql4z^F6K;{2gdUDK$Brw@mF~k>!biQ*M+<*lBQ6y>(a3gplc2I)uB<%zWU) zH%l>!Fhs)(3-wK@(?&UuJE|EJlb4WMyI+`L?i-}$3)|fXY+lqzf(EG-^O@A5Lbr4T z@=Vx{SJ2ut+Q-E*-}r(WpV;>Ci`U){y7w+s>!vjScpY4i%l}lTVW?jfQ7TogjHU>{ zb9K>6X57xO4=oB@@ETt(0nhAc4l|d3#cu@;fE@Ft-}y5#o~ydL&3&46E-RSv_^N(< zs5?d6szEFjAVg!_7k&JAs$pDym(->BtK)AmN|C~L4Pg^X&nNBF@#HoIUI0I|G~K5c zTT|4nukshX8D&c76t9J=K|IW}CQH16hyLA8pj2v-ms5e@&LhvrHF1Wp+>nx;gO=NG z4lrk_Fl2{F%}GTLXo!0&dAK*)LR`<=>`E&z)E6aDBsPUMh6m^2sSaiXaoQA0F^D|D z={+_f+gXT9DfmAB#@jZe8ZSVoEAxfAqsHOM-SkH1-z3x@$EoRnf87i}KSgp-9dT_P zKcGjkRXi+1DD4QiAGa@Q7D>yA;hgD&Gl$=;UOPd!)AGkbrWc}@ zG0Fr4JA@38)r6+EF+=3|a$VfjrOI#9#y!m#&;v(DZmM9al|Mup2`zUN4M+~6Yy;y_ zY6e5L;>Jpx1cZKHa-=B%z zt0mHe^Tojl%2#VI*^JjL*M8#@d-vK8>j)%0qt;K%sJV?Yw#zREFXuGRFM0q-F$F?` zar{Mj4EN;7Kr_MUyIP-TlxU7jpT0lx-0eKjja+AEq2_Mk(VRz`ISn7zTu$BjcIBM^ z`Ht4Ea%|uySlkZV-&~Q~(1n_e28AWtrczFv-acj9DS{VHS9Ck?Lff~rp_b(}X{Lo{ zSA+(?mshvi=vQ}S-43`O-m1dy{$~voJfMa5Y;&Vc69ul2k;j)TZ&w}FRcP_E*T0Wo zBmm#8!x!^f;)QUsoba*T%&)=PcN0AN#MBm;-kzOr1NZsPUD8a0w1m@vE$walmK3%xDnMfDs(53ga#8~xJx%5ZF;4B`1c8*%V zweMx+f_(KfQO3GJDnXIUK26;Yxu3W=Y6uz9P%l}j#k+Sw(_h_KllOclC^jmhU3TVJ zV~rOBEfL|?^pE~Irxnw3?JHJJX5GI;+oeIu6ci=25df6}CB_lv<18FJcxrj3v{`j~ zo2vT~(!w)^%r{DAAO`GO%@L-;;Hmab86sdcOQXODFbX7}m8g63ToOXN~Pw1 zXxHk^87-``8PGfDPK*g|(Vw`}V4`MSAhp=eH5|Oy?Zo<0Mw^Lo<-nu`1@y0v|Fu=I*j7eb%2j>T_!1M*I^HPe` zzy$pv9!*w`+*agSyFOK^S7QIZaSgK)11vwh%(`!L|I(4s~<@AjY`YN zQyIKa7kUlsFdYqZDSpsXsr;VusMqqti7^Gu@w+9yrJ`mv){sa&m;1%B$*vu!Qc3{M zJNBv2{gh6uk10U621!&Wc#Zf;@M9zAUJGJE+Cz*%H*|~qZh~b2he>MdMbvV~1U=0- zp(DC+N~yuMBKlCfVu*nm@(RzD3#7PT4Y-$gJf^4h{c-%tb?SjU$A3G6*}|(j5s%{@ z3WCJDc6)8A90yD9OHHoe|3Nh~h?GGWQ}u@9csuQNi3_#KcBp>#U_S7m#{26k^lE6l zJTA?#7N%fyJVa|ssAZt*k13{W>mKlJeU_(MDMLCgHq|oL_DnUTs~+v==)Z@sU#QY% zdotnW-6uTgpy_Q6dxbOa2q%Qc9@5wBz_Vd-b6s17adUXmB<;K3G9sz6iPhx6&LlRR z7tC3mti4Xw2{~fU=p4^{e)oM{z_(XOWRg6zLMNP{*`7tR z*Epk2zR-n2lX>~GNKd?11imMJzXy2NH8$rW*QUa0wJ1}p<2z3x9KX;&Ap}Ecdth_9 z0PXNprS;YG5(QtzB$2+X7nVEh`)Y4>*X4_oP$}?w8c+8_@Wt6yx;>bo4v2BWZ6>$9 z%oh09ObIbNwF0puF?RGyx8z(o3T-XldGekEQ$|1BJ!EmoxYRmN^8VXP-(^qLpkw<1 zC;VwenEgXp3R1l*P{5AT*AhciMST|o+ei}yrAl(5UckGO$j_oB5UVR)jEZ%(PASa z;atG4r>$3>o}%8SJ`T!qBzb`!eu3-}~uF`U>t-tI0;Bwt=T=Gxhju zlKof~TNgAmP3B04mQ~i+Ph^DcnpJWp%(hDZCG3L&&kR&zTd)AslexHQ^3xt2Og*M?rv#LJ z0lFg5%l3zU-Rn2>qz@nX`*)PR9p_Viy2FR$!AhMj{CYRU@!ku}D3^&Mt%LyLnuJLt z1>#cL(nyS{!@?b7Ctip8HM$Z>`mVNci^tQfbE?)U?@@e5J~ZqVj}{LtS^r7D+iui0 zY0bV|4Or_PZ4P5{qcH))%po_e5&;@O2#XEE*Ad2p4R459pcq#pOZh+`tltH+22Av~ zEnihTm|T3A8=MFmElciR^DY&a|DN~sFf&Xv0a=lf0DVdwD!-L6AXVN_Z#DPhQ{4W1 zo1=h;!m00bwiKr*tz`Qb<)>{5HQY2GE_?#U;0J{3kZ##>aKI(xOepYGc=KiGFP)md z+Ga1u_y1JJPA zsruJ0Y*H5VnN+QTa4kM@dg+jzGJqRTg7J9@A4xe0v6qEHh6KC(&^eJUhgx1_G1OyRxqwPlp-)Y}G!|O} zpWsouOJA)`KZ7~Ng{hc}6U5p|q|#gNFIYnrmY5gF@bakNI$5kk12`?2WAs9mIPzMk zOGbNtW{EX7IPU`yFe?#Xdpe={tft5+qL`b~u*sAn%kxNk(lJ5J2|k~As54ydi;EFN zoH|%@36)ViC#Bc3bU7O>w)c^PxW?DaeYeNHk)(1of=kHCvzw?mpEPgFqhpPiVYjIE-?N;X5T(ATjEnIP(UX4cgf`2)ER4LR%bcX#(!jQY6nEf zSRyW)nMZejyNnr~v#lL&JfrCua~C8<(a=R!{)m(1Qm?5t<$sW#N?9JEnsILH3Q=b5 z@Wg|EklOujT5B{&N=SUhBIWvzbaT{X@i*{8G1LxO=emw)a6x6OG|f zPs?jH{{Ay5iwkuiZRL(Fi=LJ)taY`~nm4!3S_o~W;U*w%jiJk0g)95^NSI#T_-=8w zFgN09K??Q&2TaLH=6#9mPx*=HOjm3=RJWxRgYhUTp^`3K(NerWJBNVv}hTSkjiqe<@>_D9QUJI_|n3j3VW*?s>s=XMUsW z9Vt>P^*y}fQ0dunq4ImzDu?_^530k&7wt+8-qTS&6Q1i1*NgEOj`1BendghUpr3!y z4h!~^b!W6@vvFlw-{U#nS_uP|x-n;Xqyd}4eLDp(+if~JGCGtlL}4!?z~GHuB4Lyh z$qnrB&?TM0l7Wp*JYyb?_stpvC#dGsr^uNwge0V6)+<)sEH4or%V@sZu6pB=aj2#C zqM==k^?Y$=vPic6<9ALI974BXY;JPCY|moZH+DiVV!vY%VXkI)DKRB8BL%raH2_162{z>1}8ki7k6TfICcys4CQYTCwubua_>fZ*^{U z{+h=d^Rs$LekQxl`!^a)Dj($2jG{XB&^X>A+hQjn+Rf4&9sPj^UU+-6wy*`Jp{8ew z8RbN3&GroKZVHNEWgdnBfYC*Rh$-|CD2v0zu)_wq0m3YZPw(8qn*XPTv*8Bf?q+^KZ~N1C5PBy`Xe@K>XOr4 z5;B=V>GUu^p%lgpSrc`ufr0A|d#k)ne}^^dAniG!H)Wgea8l4?SP9LR{AWbd>=z{o zSjl3SF+Iy+u5yJed%k1siz}Q#hy)@{C1GE(0(s#|cVD8iVA(W7#fYilE07K9q0-f` zkLNA_HtbANBDvkAqC4kaU4KSaAA#^!#0lu0$?@{(3$wVk!*sLW)#@)xRKIr}%o>kX z*wxO;AS)u6cl$!EAz1*6r94ewN+(v=e~GvgQRB6BV9*~W^f$RIyV@@FA(wN`B0PsG z86qfrvv5%6+Q?NU+->9cIEv*2m#-fXMzh!wC|UUrl1>BSc8Yv*K?S)Cwdu4D>hf8B zFbbne;S6a3`LR-s!)>JeMV-~2fycVWv(A4%_&p(pHm;8)bYcZNby^-%E#mL0U}r7+ zhP8G3`ig&?gF1-->?3NC&w^=gCZ2~zqa^Gn(nKct>DSCVtn*xxH_iJpg0TMkIgzHh zL)k%U{jX;1CQDGHv&9<;2VC3_e@@^Dyk-M~!Q@`(Z6BNWRgz9H6CDXolf##>x`n@S zVd!GX3nAgM@w1unZu$)fww`y`B%An8%2Oo3g3#|EJ#zgOz3vW$LFc(NQ}}%m^S2m= zKH^7QO$>grKBQ#Wsqi8??81}#pr}`XXz0lp`_b1snnNYtNG!@E?8K;DbKBPlm=Tb@ zH#}J8DOj^wcVh+jivvX3jw)CK@xwg`Wa*(}?AiKA#UlHQ$DQkSR-ur1$c9GEUe*?g zr6H?ka9?*YxqT6dmk`4hDngDajtg?_u8*y=L&D8-wMNce1LqN06(#n}QGFFnZ)xeu zwCX2qud5{*3EP$i_y_g>txL`8HNID@`QB=o_-M*bCGcq5Z0vb?RbDts82{t3KS1)E z^-#6)FmUYxK>$1R8NPlx!V&rC2akOm{|AXv>3KUirmQ3)O&rWvPeGBB4A4xGcY=#) z-ao$+4xac+7%S0er%R?->w%F4y}Sc9KhpfHm!)!U?obg9+dq;R>IkIy3ot81AjlAX zRT%&6hwulycX^@g|D!1V}Oe~qbtf@sz-y4+5y3u}7OLX;ioe;I9c$Qr#u7SubkWMM|I|Iet zMk;&Px7snU4$TR>5uhd1f%TG{ML8uzvM=L++;J9w0WXrN8a=X~!|^A%t=g$9utX0-@s z+pWPA3%!YT1SA%5I0aJyZa`@L2jizd}tg!?Ho$n zVzFk2+d9EF?}JemdT!MuI@!aQAByxN=}I74lIJAGspBAAHgCnkv^%=Dw?b3A9sW`#0~llKP?o1E&eX_tTj;ELS9|c2RiDe7puE_^ znE)X>_Ki9Z9OE@^(b*?mW=hdg(?^ibm0Mt3e4Ae|#;oHu9%~#IU22l~K+m_q2n66- zv94SXK~IHtPggTN)-8TZjKcfQoBL_4Sf%*mG}^3_B(x>7*?6%tA(S@$6Qp{~AZHi; zwfVW0rn5-zPo&UO%-?xs14XW{x1u1^(CFc=T#8Qe;&HOT5n$zEiTpO;xdIN0XCM<+ z|1%ISUP=cWkeXt~D^vgT7E>R8*uwAVWA&@7gd0!J3Snyt3cm;QWrqSzPiuD$zh4~B zBujKKSED;lkm20o^QJlIA)Yus>##8weK>R?nW}? ztSEEC9e*wXf*60X{x!RDGGg#;UwXDR>b<)VG%qSqzr_96dwIUL(kvB-P|e`8_ky-;Vy(1JfiJ&*^kAzwkS<*pRTty2sXD2_!d| zT6Z#x)@J3*kIEh;yYs=Qm|XKMIqW(~B~#hjQ653K~ke=fJ4L*E|iBs7q@T zwer%I7V}t9yK{8~*h5NwR-H6C>6( z1o7@`5Hzzd(d{}~Qy4R{1;*PF0yhRh;YwW6WMVBW#sOvMJWHov&DY<*K`?MI%UT}q z;izfno5|AY9rsfl?#NM|8|XB7ZguS;ZkLk5|9^NhOJO9OqG_vx`PeC!xAz8%?0z`C zagaXD#n54S(_aDhx5g6*zmaEtEmOpX>k~CI_*vDnTf^fziLW8(r=>#?=reHU+81aY zd{;1YLYFZ)inf{#WLNOEeqF~$HT)S|3N8OnwX6N1?g(#T5dWH+$=sp{8qqIZTb@IsKSpGb6wlUVeD=GNT9pyzA-`2%S*bCFKJD6h<@}uIHPsPPtH2npcan+6FHE)+wX&px`Kv-Z zZ3QikfDexas{YQE)_Xy6L*!8-%@E==Ev>ySL?7Km`fa zo0?*Q@Kz6PEZ^gmiy}VU_O?U}EeyQC14*;JRY=9v2~4Tk4_+Dld zO>&XmS0)mYy08LizL-y*%EJG^KB~z9{jj#$Iunc7*_gTe=sYT~fjpnTd#lULRmN?Q zWJusF6YFoQnoSu{9`jBsLe43RhO&uRNX%oV=^aph#wT+WmptN+`X z)h7=b=2a^Zq<0k&+O#yaqWIP)_nOz@Y$4!UkgDE7!KA4Y#YO&EP>AZdg0gMiR_^AF z7`YMWXwy~s%Og%l?b3tVrFzTFc*Rv&UF_X-g`wE4ka7>rum|ITeEkKtVk0~O?-O6` zrQ*HxrQrYihTabqCw?usZDJT$(r#cyZr0f~Kp^V$**Z42?@7d{dm$OMt<9MSymA}? z5&Uc^m8+8Gg}cFbS|h4rd9?J9dNmeH%~H?P?vE*n=(DjR4VhhPL_q7!teDqH_4C_6 zaq#&waXIfG1?6+eTR@-n$*y|*o0s9s9mi7jJL2E>E$e<{Bd|@OzzHHsp=pr@8};|s ztBqe4bP*;->(LH}PnDQ%x?=5)yll8hP}M1Jng|xz218+>cAM>+KNr-d75l}i?^n`> zq^OJFiBVy0p9@{r=$g~_WL~Aos>}=7JRWKhe^V#;47d$3LfF+C*OPDWuz(N7|IV#U z^d1yjGm7(?ee0}`10xi>a4AvKLPi`}N~WruC#gQZuIo57W;ty~y6qlt}Q?hHNSFJSRY6WM94Zc;uS1DEz^ zqvK4rKJE~$X|@-pBVKf=W4<*3n`~xpjD?1JN#jU~z)voEIWF&}%kL7T3FEiJEl?hE z+n4+B@#Mu$a&@G?02T}Qqom%YkB?7^s@?^Hzyd4dL2TDPdkLsa0&HpCEhzu3!%Lqw zixLT+3v#@e9|k?^3Y<{7ylLrkft?-`xw8POWxP5>&=L|jMxL-$D1_3jxs#OiqF+zV zmf6bYkh#4SIgCEkB0>93XVYiwXeyN;Qi7dfFPcN^U=g3FuL;%;RHfTi1^BzH#NbD= zirAfHP%Y*tBnT5e72wxZ3uwuPR5Nmp$SDZm^&_iit=-L`T0uz9hbnw>_&Tbcrx(Lr zE&0}aH}G3YU=rz6CRQUW*aFD-n!|myr=`BsFL6or2~fg;voGD!#97W55rgk2tDa$fBm}? z!KfnhJS)kVPk?mFbQ{d>uN(0WMk9A!Lgh+cDa|2;cwXHFlhZX$ss#@QcIr+mIpvPl zvy!v4)TO^&@&Jp@U~dDqNv zNcLtO$%#R4fbyn=*v5laXGhM)(h#fZ)pu3@R*}Wd)pu7q{xfHa=t|m4KKN5b)3Mfc zFQ4^@;zM}{d-qqV84VtHkJ&WYBYXh!o|o%ah+PTH4*Mw#0xo z5KJ9M#`m?Bh_}j8YxJd-l(jHvFuY3OSAWN_)W_n8jd%!_-tibJ4njE&z)Zvs?T{7G zY?rxq>h=0okq)+-=>6GyGifIbSbiQc_?I{`kFR(|1~%l?4(}y*KZ3b#wf;Ll1Y=ZM!f4d=hP6l&9afc}Mdv+?}`?-r73m3)~C&GxcZ> ztUj@ffX`l%y?G2lY#zp#Yp^#JRQmHTwm>To&PAG;eZ1qM&Fd{!(rsbdoAh*wGN19IKJTE-RqPpGZSYM9Nj_6_T7(8%%t_#{XGr zq*cDS*>U!DghzsS_%fn%X)zR?x9efSn%1aH^lGe`_4T)+#N>s~#p!K4rvg+q5WP_X ztr~0X44;_T&Wa^SLU42xlU?So`R+Jk$%nOBrvD(TC?7Zey?CVAN{M@?S zpnEOZ+S+yk?-z|AJR`>JEK}@WPnaD5qK6$zx_FzD$sFBida1wcH#KzLOKo*f4F_ls z*+2w6Y{sGK0xldQPIC0_UVGyp1l+JdlZFX#()wM>=z%%;j>Jq$UZi9WmNBKpZ3haG zq~UAFajPqa6?|(U_Z@h-TLwX$G4sz%KRhh#Iq~!D!HFwMXiq-9H=DO)+IIjNlt3`5 z>}YdQ=)Ri|yX|UmhH>Nl*Xn@r8!%`lSxEq&bi6gU1}5+t8M0&8%q97;OwTnnJ^-U> zV77llj?J915HvsI_ld+dh%&zu(f7C-`5S_zh;-wGJvtPDOq+$O**huYtq+|mHOkTu z7_DhhgbY^ixuDb@*5+OxIEnf>k)inl$|B#1x3LKzNnwx!a+HF^(mxK2c&= zkA=JCjJS}csg@aJ6CyIq2fIe0XPUuzbU$%iZZe^PHf_FFjDM&BgJ6mycD;(*B%f1a z-M(cCpSj7!Y%gRH%}S!W*5%7GthR{o!y@tSdtdzu29~I|vdInM)|Sr4n#s(wy`{V# zTuKQae_GDUmFe^~GbX6Olm_y#RR@-Z6^FoMOAWF%GiVdp6Uw^FaWybUWyjx&tJy@suHd6U3RtFx!ae0}?@Zb{;ED5Hpt z9BUy0ISA>QI9!rw-jO~`o&OCdwOnS;l8$48I7!RM3RgxYppxYR(X$mbFCwwnJMq@U zQSr+ly}}ezJ@A#D$Mw6HmwIfF|AF21hjmoo3w|ccL(`GQ&)ey;<#hTCq)b-`@10gt z^nmkD`;0qRW@yZ=bMxgAVxeVJO0_{EcQsh^M-Z#NiKWy-y9x?XAyi0jZ-!F7*Am9n z8c0r~z{$mY(60c@a@24@Mj`pR@J=meKpo$=W*wLVtlsgxC8@ru+8@+T(iLtV*pp0zoF*0@=Tn@aDS zo;)H=8vkm;`HZkjW)k82b15;EQYT{T=WzKb!LD21g{J=LRa5usl~8IT#^+v+L~6xg zFVz%B>$KBJ9keqF!Q-hM%>|T-SkTa+|6VnA}rCYnsnbYJcuHjL$&d$`A zx7h;iMGiS(^ai%CM%edJM|};6mTH9UK9^K#pvZEtV z#WzAuxF4XJ{L;n(+?+0r_eBG<-_@sfJMhGJKOw1q+5Dkr=(jAr8O7#`D?-Afkx=^od1`Pdxymrd$coqs$be8-Jj+V_$dN9q zZt~O!VovCPc~%s=@iomhz$zB+ooiXCQYIbww}gQQOn+~+;uK4CuIj4pCD5J!FLgvC z8qIqDrlCW9QiDi4!&nLMv2F90^R9L&#liM8n;Xww&ngXK)O3|yLJ&58cRN3ayKy=7 zVs3!N?eQK%S7N_p%pV!N`#&)Ww6Lvf*G8YD$eSQGbekVfaY{ z%U!oMP5&S*vLAO{Lmm)~$C~^0O1wa}afalBVBOX_kvN5~2(_=g+gtey;?LC+s~`SB zs-FA14xG?cLRea3N-X+nRu-4^=50j4Zo4BOrKjylDBe8jJ(8vRxI@rn!{CiR1{ z-((SX?+6YE=X$3TlE4ocZa7{gyPbg&j#C7vunQ=nqjc-yL{El|x{fAX7mz7`0meRa z->LB=*LTL7{DYJm1A?cIuf6tS9xVaTtKu#c;zCP~6)2221*mpy|2W^9I)H9Ob`j zE?4yd@5tjHq&M%Bvvm#8(P%_NBKydQgkgK_-9KZSIh)J8Uh8lS^@pA5kFopZYCIKx zT~De*izI0ppS$P?d{e4pzZK_(+CFCuPtGuvD^810lsdhrDefe8W2gV9@DXZnlj>lE zUwqSbSz(Fui0H;Eu+RVWkGb*d5*gB1x2xLpL;2RNgG=;+UWTAndjg5M2i8g@`WcvwPne<)P3G7ljGV)F#Um~_CV1a31;49je`FA{ zyd|0>>GkF&Dv9@gL3@r`ukxg{h-$&GvT`voZ?!L)nLh@l znXwkhODH!3$5*ny53km6BqDe^!d2;zFTDC2g3v^BTsB)JDunaGZ*pDvY^|Ep5hre> z_uH!+qg+kX&U2Mm%^dnkt8e<_E!0<6DPkvq<9qT`?X-Kvh#h$&69z9$Z^0j%N<9c+ zh04To$I87H(^h^5WXD&9+jGl>owe8(H<#kt)#v>5UrmN~(y=E3s+P@=Bd33W;#CFr zMe*I1+p-$-OL6c?Y2RFF_xxJ_lcDU?uESz_WCXR!xVN@1Rk6&k%(-lvL2!Khr;dqU zhScVXZHJk{N6C_>FGk`uux7{K2qrZGFIU;mJ`mgkubPF_p1o>WHrNOfZ?5XaTLA~| zxs{}-cn;SX=jfjcUh6zY2wywAeONB^!lEKbBr#>LTxpHA8T-F{U1sGL}D};NF6CQpVYOnX%9!kG1x* z^952EXoozw25Uy5dfhraU^3`JIO`ymRi`)vZ|VVYEXEeNtq|-OUg|(#5?(yiT%(-E zJ`~>@pxCTJ4HKBoz<b^xAg{LUpFBbw2#Ae=Buv~4H*p+7l#q!0m`*kL)IT4CMj z)#;P%!mF80bxHq5An@6jH`QhDoG9?%Z$u1DldzoW+b88^vce5^>O$)$mVkHU&u^Ff z4Cg8-5OM|W|haOv_T#I}O=MP{IY zVq21RX!}auyG8P8fLeHVfAqCrSw7c$&vJwxj!PQK;rfEW)^+2i{1P>>#LFBiZm&(Exr5cm4KYR$gO1QS^-v2B;8TzO2G z8O_QIGt0Zh^g6b(P?DXU)shsO6S|hdo@vE|fbABVwoY<;6)P3_AIAtYrv|2C_6~1= z;yboTEXnbOnxN+9OQ-_%3#%M;Cbny~z&$lAEFwA+qdy;CdL2QW+<$}{PlTPe0b*7k zbr&7h`RJSmxMN-whuOy^4_h}_NfY;@r~Kh%?mpI$BYG35yA!{IguvYH)s>ox>xSca+j+P&=xrr=pPqZ8MeQjf`*l3EOPi!m&af3wfN6=fZ1aew7Sj(`;5)5>} z%GT65vdLW!#uX2kx~T!Io1>|Pw#!U8>N->r)o z^hvWTa=Wx^%lq-d0*lfsIxTwr!K*JI(jH-93&LL_0(6ZB<8Pc1u`6nR<55DySvG9x zkYZ2P4Ou;|oOXlRrUlmyqpAFywM~mihYV`cHPHERXgt@TvUOfQEm4SdP_YcngA(^m z)6#jlYNRYLwex{duAtA4wza7%0<~Z$WibL<)yGM@oX`nl>jyDdkF8xoSC!Yl0gML< zL;c!;Ih-sX-iX{KtI?YM3ufCG#$*e|FueUBM25V>&Qid^4VqLSu@#~(a-cygFv)}Z z8E&LlWHksWb8&EM4wvSrQ;g9$!TZ6$rlBXPrMaAy=q$=2q^}npA_?@aLSR2nMZ-_37M;h)okII4PS(xDe$r)71iYUE{5tWZz(=Nee75NDbmsH05n*jGafy^UEl zXEOvcZ3uh%{@Rq+f5H|>L}9Bjp3+D(si%pY?L$a@p9Kb3vcs;*X|)y2MV&});}T)$ zF9?e3UeAq$tKn;^b&2|nePHRI_to@Sx6}DGTcIZVXBf+yve28kr^J$@hqT~l8{eU3 zqYiJRp1-M+w3bH2s8qth-fj>JhvjcbYngi%|%A~Q&$qb%JHWrg;C34i%O5jJnkJvvb|qnM!O z{|ybbx%{n(Y_?gSIT*vO>O9L@BO4OejBc+o==tGJXpEURGF1|=GNeUB5yux zVaHazBb}5fm?q43-{1XLxVI@(;OT$!Z*e)#?IkM-eEaN5P?&(9-m>Mzv*1%MMBo;j zejKa;6iSj@5jr1 z?Wb?C+?79}Wq}GPxvkrph^1To2U(|vB;bnfOx)gFKXW8UE~V@>97^r)Z4Usk)8m-(UA9r8qR4~kCn;{ zM*6&8au$mw+43D;OSF|=KownrIG9^H>A#Bl6lqKTs!!qs1J^~BDHxu|?%;(RbZMzf zeGHz>#h3<<^xrs~&|C_tiGN7 z8DV)>DqZgdd^R~tMhwncpg`)Essf>}aNTBn;ISGUWdPkY5^UFO&(%(90~rRjEIkW2 z$z{2rq%{b!%1271TIbHmM7q_F{~fEkLsYk+5+f7rrmsY&M5y^^Qw;l2PJL+ohlE1H zOp4I{9vj)wc?E)**!y@$`2=k2mPXiH;|6%N zbg8=xH~Ll#_YpA3FZcjqVKT_zsCgSws)1QtsuYn~BO+u7v|oS#;T6u}!B}rXy7M-V z%eei$a)RjveOaeQ&OxE{5rrDGn&){!o?PLJW`{ZAM}GgF)-t;oe=~K#tT*rgZB@j2 zJ^m9oz4@kGknOC|9X3;mVhk^%ohsr)iT)Df9oTWe29-Ad(@EXeemND=USRBHP zi7RmskcGLw3_b>yp~ZcNw8T*0Ir*72o{iClaJZCdo%eD}jN{NH2KUl}*EJ8c3T^NT z^42~=}K%TI}y<_d41absy9m`mXmt|_#M*Pgb!0MZYyzlA+|1u>) zeR@*lnya_W+5X6#|L+g$qF>*1&eU`330EHlv;7%7|G$1<2n|-B;0MZgO!%+H)#uhB zf?oi=efo{nwK4*>ZwzOg`$Zn!*6zU%eQs7<9M0PhM1NDN#|wYKYR$HP7p3CWt;S!= z-y(@D>tYyuM;E+C7C!V_(HO};L)D{lNGHqF2}STXPIgqJl5h zLQae{4EYzt{WZ^7apEV6u}Qf&i6zh^8V4$}zjligq8On5!17Qy(Q5AR+57?S2~%_( zO9)H*E$Y%(ht~b3+)Y*W!>&qnGq>|Oiodo;{0)VcG-$Oc2~i(*Pc!eSAUTlcB$cvD;y!f*ljvR}NU!tq1+RirYhszZOjVKoY7X!QS7M)B91| zArD>?2&yHaCNeU+UMqgpFFmq^Gw{B`o4J_k=(Uc@1g}fHvR-{_vx;teCH_M@UN+Lt zVuC+-W;1(=q_I;8EDVbY9HN)!mAaX>R&Tc7|7<;ly|sITpbRI%JueRpbI`;cf1KQD z+4?U{LHnqjl~qG*r;6i~eRWS9DH5$W<+xCpI4C&FvlJ<)$Dr-xaZ5p^i>39KFJ|UU zsyf){t@~hqU|A*{Z~dnlE6|EGr@u0(yDCl%AOhBqrQDoV z@~5!SZXk)X@{jCKtqRx#)OSUQdi?IKiRZ@I#0UM_sH0EAVdhq@-N3|-iXakKcWE>@ zM7>XzyAk?x{fd60uDx0Ck3+B7iq2HH$7PcwRXz5f6;{k`e-B`W))&+LKFijLtzVpd zEhMFO9gnycuO1{0=q0z&Q`y&C9rx3R&#EHO61 z$)P>EcW|ELR63$9nECu@0Afu zrr>7VrEer9W>#_UM5T~_$RT0YVf*K#F&P96k)6+*03oAEJ43)?D_p*LO)!HIlYsP|Nf#T1@&5sPUhstcKGxYMEKY8JzXhZs>H}pj-6QUy1>LJ{Ocf|uKz9vYQ)gRc>kiG;hz|N3B<8_b>5 z;pI$D{m?|F!HdG4n5||L{i|L@n-7n4AFGjKZu1$a( zp(kQ?ijQYsC`VA1=synm2JnyU#0b~JikT{+-qE^F$c#_XZu&{h9lY;KR2;c zb@2tTLu!Yt9}SPC(&?Wh><5w*Cq&Ck_bOi$dA$m&$YAc)is5(3(;nQGUS%cLcyHjS zl*8O$wn;b&7UfDB8WK%HR4-drZkl>71s;WEg4_+-O-Qx9h4v;FI`!h}+JsXvHGS!l zi7q*sI?#b+FFzC#FV^>M?#?rAYzAXF@=Uw8HW^+D@}u+N8=9@C@vHjS7u*~wYp@B& z2m8?MSDF_qZ`UcN(g%k?W%qgysJD48NYqW=2xVxKF16cdi{xQZLSimr zA_eFo!LfvnzNE_ZavgB-m`fr{X<9j^Bc0+7@xyR}vB7QuZ*aOLz$t#KXQuTB+xAKu z)jri`fDsB|%=Trq@GEti%|S;g0(COi;+|#B!*!3kp^7j3>-rMGw*M(!`O zM^g?|U&fP~rLTCN{3yPxtA3X6qmMOr*{c@#c*|c>pL@Q9^FW{xMO6HcX&9BFrxa}A(MKlhTQiw#X0iY zuAVgZjr{-y?rj9<2S>70ZR3(E;N1J>@=XPjct%T%-klPnaKA}zv=KhQ(QIY1r^k191{`LJgR@f! zHe*LTnLaYPz~PI3=Oi;nd+oQk zmX2uPv1{=hG{`$661NGj-#9azVm}Ty?;<>HWy2o`cs2chct3kKTx5|8H29d~FBH)+ zrU*&<=BP^tw?9J76|tfltp^{i5_wnOiU)Utv~e`}a$FFA@H>%p?B?qESDG2vK4{={^?z9Aa zgj=<-Bd*UXk=;T6Uag>6#+NT>IW(l+Nr|D@?P(<1JJ2J%yC%S=>;We@B4zrOPn(O2 zdqYgMhnY74ny^-m@ioN{SznB13JqeEi1?>;k^HEimtkdq{1B~|h6zie=@K8G@S=;e zE??B9lTjcphay>@!JylqBt}K-={dwc`hW5iHnXOB!ecZmU~(I|KCXY`X!^`})`5?$ zY7PQ^*3N)Fi?z7C7)h9jUV8zFrQ9?`FWutz)7=q=ni9qlP&t9ek5fF8$^e+PNX{86<;Y=YH!k1 zBFK30Cv{tERN$3?gDI{=L`0Qeu_4sDd(tzVnk~b zMGzAR4&7mAH$44Y+>gF5VZH2kVBjF+Rs7c`@te-;qeyuRrcegM!F=U+kynJ$?4{S) z_tf8KMQQ6-ug@1@{5X#YH_EpQC~by;zes&u7Z}LG6q5%NvRa46k5|a2YLKbZX-;WGjTB9v zUepE{HcN*VTb9-bVf{QSowAvCQv~GZ>Nfm9|I~MYHgbmoToKT$Z^~1t+&vH~#i|dG zH!1zI^fz>-iwK=%-s`qSuI%)8u^+L?ksDraeM3%zKv+Fv2`>#O!vEzZWPNO9cuX{3 z*Lsymuff`-oV+MxxDnmX^>JhsR+!GfTaoc>@F!O&1X6}-2XeP&k$q2JsW)7}I;6y-XbD-LLQ zQw0AZ<|>gh=nrFS%)-r6Vb!9Ko~$(j$8cJ4v0B9gc^bYuxgQXjHDD5P0Z@oPOG?4p zNWa-S3$0&t+(CiCM_tF%%e&ULs|B0;Q&SXn(;Mo~FJPwvCNh-nSoN@OLA>8d3F}fg zzJXvJj%?S>@uk2a;?it--d8hdrhFZaExdd}dEKMzTih<=BI$^JEZOqGi}bFf;@=*M z%R!7J|uTJS4LFMb%led#xIu8IlZ-Hm@(CBAf0ECG0@(gkH4%FS9u%=V{yA)gah zPxoW8I}9k_tv+0qZTMi-i(4*Sz-qQNRR9jGIa}Kzs&dCLB}x}6;wn-fNVI4MR<{$p z>B-@DCIhv`X6IbdOfP=)nU9UF|8daIxYR?*3PC-cmF-_V1``>$h`1AH89Y?;0v)iwuW_XidykVPZ*Ur0YiSZQ<98&&KfNWFTX* zjl(PR$d-yaIa+^|JFrSJWy>Q5qu2w7DrM zK+r|(KS;*9(joVa-N42r?(3kF>YGv}%LMzCi~gFrOBlAQVlpvpnORu9p>^ye_v4;m zxZ&#HKpeg_CCm8#V(P7qo9B7oy}$h@Ygl)!JFe@zj`Me<+XPSTY5EbyF(=0`o%oQIZzz$bDPX>s z{2TohToUg?EJ+r4JToUsMQoR|eXtgq8KlYaDTj0U1CQ&sDO@ux3W{#MA@V$SzryqO z_1!=wOZkPd@NmZ_f+EkhJ#Ee7L6Dr~FOs$n@N}9ivI4xgi-f1|l`3tp0 z9;Zkt(7o@Em;S;b>#<*W=VnQ3yXkk_v^1ACm>R%?EaS13DN$=y>>wW3uKJTOi{%zY zD0YRb@=1G(RgpuvcgFg9G{JGyBxodE&1P?VK(s?pR`KpOMx z0P*Pee85%p-jF~ca$h$jY;w%bb!xk$`V^=6x`?EaT#>L=0G}lF>%ZDlw z{oa!Z7Sj$^ZWQqK zop$3ldUyJ=-${C8?2iK>YE|C}$nT2(xXC%BS~IMmpWaQwM_%%`-Mt8Wd%sq^@t#J7 zCI4WQ^aHed@&(79NXXyqti>mcZvwCIxv5%7{ z*7Qrn*RKc8?>ZXdj9;sWH$(3l?&b%KZN7xSBypp(qZ1X!ek(wf(;bV8Vw%Ze-_94{ zDb^jM8_7GNhr0bJ!={$!Rm-H?2~lwXf%|Eq{gOz6f#7Ga*fXU(loE~e#v{K(oe97~ zX5baw+`te||3-)rOe_zx-0*di=t8)g#N^LHJ_@{uhzNr5)(B1Oag_OQ9&Q_bz#*Z= z0od5T7gJ|H?P>GmWaIy5B-*a1a1eOlC+e&Iz-0`{0BmDR*12{Ade7Ol!Z>hZs6)*S z$B7D;6n|~KO8zn@_jBzk*X&Xbhg`Yn zoxt-V>hLp75C6H7kbKkr=+b0DkLxuJh})LlSiCgWtR&ghRizz!Y~ilw2ln?&@{tw3 zygVR(M(M zLvkhvqlszAp|p5_MF&xXh&=F#J=j^-@>KW%OG>JL*Jh%C0F)R(D8Q>z9lX@MC7ZwW z^BQ8D!l{N+)h+z_3dRh~$*#>7Rx! z;Sq~(hQ=>!>p;qyI0F8a2A35Hg317c@vag)!Ejk!kEJ!xBX#J&_0O+AHq4(Txgo%<9)PaAveH7`a zTGyh|owS(@T|ECE$S=~Jr_F*fPY#8r6Y6eq+AN$5X@f}D*gRFLABH~9g+ercfm(CM zem5?T-WjGaSz@}oz4x?K^n8ljyZo2$8>>_#X^9Z>#UR zGb*o#6mA}?>H{Aslb^XyK+1^|G%4M}d5`n$TA8$hnyF&>(t!&J`eR(bSt7sMOj8%h z-$z<_d#49!G(0(yeUXX=ztmz}bvr%=>XR@xD_TnF5p8JH#Cut>bc&9;XyXgirC^{_ zKdh{SEX#Ud`y?OLc}yS~IWW~zI?a=K%||_NM=W}YXv05g7%~#X-yyNKLlFzdCs2iC zl&M~OBD?k|i?X@*)iVsSRc%Z=yrMlI_ zUJhdz!>uJEo4kc&Y6P?=?~PeaY#EXpv?nFEZuvUm>p9`-Y9slOm5 zu^toLr&<#t`2NC}EAYS2{6% z#hd4tF~Dj4v%Nh>Mgk6qird;yG;t-xF?AbH8QxZ4SsFO1(!LI`9CQl;e=*ihT>oQfRe;^ zKkG4BzX?16Ml~nLoUF`KYzpOA(sYzUfU%Rr<68Vrr0GK9mKn4|?#E+U6jxRM*Xb#w zu4(w>Fvdh~123B1+$}tE?|r_!crhA@cK3^_#93qEIm`q-PJ2D|NSQF~r!(KZZgc9D zO77h}h0uv9;N)bPtC~E{Lq<~DFx7@Wu1oLRHn|q>umMvh&dL7raO4R1_=h8%ZzM(# z#%`HX8rjCkpbfGSKd7l!`~}O<(8mm^?wi_&k>~H0Ycki^&u9OjG#cF`KYjju!14pl zz43qfm!?8E5{zolJK0blckT1dTGkyScBiz=n(t`4szAKQ*&l_!&MRaJEwgt!XEXmL=P|;sX4N3AOS#M z<$R&;Db{vfJRH=t->y1~_76%;-|%NxtOINBdQ9bb`)+@r*B^d}CcZx{&mYlhCfIE% zY$SIO(QG_2UxF*Lg7eo&fr*YZLi1c4%M*T!G>Z)hWRnm!E0t9Pp$H)z+3`^pj+ z^@nGs)I>5W+G6gqPM4|9EB@}{vwaz%Wo?GHDIhf{?$&oH<^DJ3)@%l?b}{a@N* zSry^S@MuYy0WMQ|I@5f^B>#}bxn^nW2kK$BW`D!yQV@LLb>ZmW>M-`$b>zIr&hqHj ze*O!Wun`+zJq`OWk24zZ{Bp~`K@BsCn+Ho_1os+FHi5aXXG>%tMGfPvQUcUtOaOnE z|0km16?l=-i(x5qU588HM#VMb-!&2EfcTB=1&iBtr|VaWoCC$A_SCt4F|~G`CFhco zbY)+D(sad{OC{(rdvtO6hPk%-398WEZz8^SiZFfRn@Jp#N_c&+=;{lV}q3&pnfyi7hGyfg9plNTKNv}7_psgnHqA_fF z?dqyU`C&b`!Hh(xfbVyM4pEjMA2dQq}lWTx5mDe@F} zAlA>M$doAG!vtW5JBUU898W1iD0OF^9D4X#su<$5V=~F4yylFwas4<-Sk+y|-cYH^ zOh3(9inJu+MKR_L)S(c08z?4FR^H5(p*@b3k4$d|&=(?QF}xbcKHjO5(r+_TzK4k* zr4ChbJ?fMs>u;)e0AJan zvMnEApx>;=)MoVV+Amd@&^668!N;nBJ16 z`FOakA^8@e`6i0u$1S3S-7d9aHUT=qWeTamleV9cr~3!xbgh?9hdIps(-6iUNJ?@e zxB&qLmefpQWOGz9@D?Jd5*tKi2~l}P{xQdE!3OA~BmC1x1W?!o$74KD$uXnc>iT+B zvNYm;1)+|lGuP03mGew$J^n*~;~=P3W6DvOn6PwA39KTLr9yxe_F=0^TDUes(1D4Y zps)r{u|y@L?Xe02Aq>^1GtlEBR4hx_+5%SdgDa>*EEEpi?+i0E8-uj)E!btH+F)%k zbp*v${XZzFM;m7q6X5TEB$kmkP=yJ(hLSH)bHZ|fqj1vJp}MT1R9D_yA42F;zRSB7p?o?Hdtp}(Axt%xzXLw5zbE>j8eTQeCICdyyu#ZD=!SVT*&vj`XHn&u8F#jhP}Ig}Go_c~%*} z^o6s+WaG*gdJH7uP99FDLXTlTCrxeJ=lZk|KwF*iH0$<1ox0upk&MuX+l!z>HtQcj zD%J9?M2!onq10PbjDqNc=;UNlxxv-1mO%sA$Q!&i>E@z}dEzKe`oV|}i^#a1`3;Qu zlX^SF1j~tj;z>ptpb2#@LUkr(b+;;Xa*^3gjof1cGIMExWuV4x*tK2>4q}8xi}cym zC@)@2Io$*22-6H~W4i5DW>5DL$UT-Ti}v)YgSVZ-+r8i#q@&mh1FLQU(JIWkzt&5Z zZYuU@SU(+QRsP;0^cyF9byAf$%Z1rpY&iE>i(Hh=3;6&l|I(nuUoKkv@s3m!KgWom@D zeV-OKu}v~#!>DP?hWkG#PRP|XEkh6`ouvB<_g#{jS-?E1A8n>tk6)kK zt$tqOo2mZN--NW9vguCRaL3Q58zPB*rq3t3@5`gMh#UFREi1#Sktw)aT6FlH3rPPT zjY~gXU*Y5f^XwE=8Wpz&IF@Np|L`R*v2jPxq~|<@dtt}5^oP-aV~LmC9r93)Hcvwz zziK$cB=j+YB_+SFygtIeS<8ECropl!@EPnf1%wOs`{`|Y8?Km+PXFePf3@Y5Ze|yk zW+)oslsw*`_fu$UsF2Fy+?iL3T{(4f7&+k3OL<5d^SXU1<>JsYe(OR0~6NbE_}2=6#aM@YqGQO)Ab1 z`!34D!;IQXO?^~K<(pAzdIFl-y?kWUI-5x-DL2bD*^_ zM$e^HGuD+{*-_NKX*#09v1o2v^G?wNbyW+;Qpgl1cpo=X)Elri4({y8{qe20W9*FT zlYOzJprv!~SJin$aYjK(y-c^v-uXn6@;bwx?f z_;&gSGO(<+vE-{+{7a4|HI->D(JU({L8JU9)lbHEF0B8tE=cngKS{e#6C(xjhIU}6wM5>=~j#U_B z#UVN=Jl-%xKPTkCkW;;J#cUlSloPYt2=hhh`&-e)zH@z$QG0nE!wVV$GVx&D0T|VV0 z40?es?;lG_K76%!;$+@P@>+pg8UjSta`3aOdHHN1GJJl3nUvy?7HWqq2A-`gGf}Ld zAc+}KTz)qR=C3j)GZi8hrobl-)ek)f&K?FZjM93L;pB$E=mGRcr zyIO{nSdKSj&q-`PNfeskZ$jN=H`l4+?wv#ANIZ%yIaN)~lpF8VhCdv(Qa8r%M&wz}N8-2%A-*dehK?4g#> zr_K#}qHw-)RoBo5#k&W9Ysp<|an9$$_h(%vIR3cFM(;zt={cc?#LL>R2Fl;)dboZY z=+DOsU#cSjAN-he?z%U8-S)NYNJ2aH4x*5pe5CR}e1%xTvt9s49;_=>>x`qoiG-g_ z%)7VPjHYkELnhNPJ}1`%FIPX|WJ`Nom@A)Ron&$r1XsqDuNOtvRO<^bm1?Qu-w9(T z@zkm;(v6G7_)QX+j2$m-Z$T3#08M@aqZP><$jU(W(3tP9;mK(YFo&B_=KORUWWg6L?Ugpdp2gOIi{4I0n=F;!liHYYm#37iTlF`$#yTJnQ8=5Q z z`o~_jFD08GVh+{^A%>GDP7~%#D`PXR9W}tuW(G-*FTu6P8}jY`HVi>E_-JwRd!!<5 zR}NPyf;({rdJi@7)Uj)R*=&hu?O!hMlelfjM{q9a20zA8o^;Z+ws3RA(|M2dSI%)e z)VK`nob~}z`d550o$E^PwHakkTx}Ubu^*6qx@%W8@UG~MDuY*(eMg8g!e3ocXVzQC!L8c*foL4fa?kfoO#F8C8a*(+>RIU1#5!yM`^CY zu}y#r2T7)ihfyod(SQ>`C9Tc*m!D&fM(EttdZ0*q_XF9P}`Mn$HXBliQQe>cN7tWnjzW%@$a z4Cih-p2W|}jAZ`D6~^6ItphHC+iA(%xlU%u6w!<$lZr|8|ix7n+g$_^B=ns(M%tZy=s+|PHMj$H>I|3LvuB$X={SCaqWOwOb!2Ky|3d3dbhV2)$j$X^j2J8}z{ zbBsf2#P3DcgVf-^T$w*A>KzBXkEjvCqiLhX0UY1K12iNB!*&+Omjg^vS5)Gw<+`1D z=36w_=(Xdh!=@RQp1o@m*UqbOp1(T9-n8M1T_pUAtW@ zb)?b&m$uL-IZy9Au|dDBrpLpCv!xtO$>G}Ije;Ok0?M`d!H2dcl z9l$c=&tevl#Hznq0QjaSOVrARFaD@5#SYa=94icJ#jf4XGi$C*7!M~NZ=)a5Xj&MS z(@^oQu35C|Do6$&y2vTU_0uI9xqct_?+W;(4_=JXMt_N+Jb4!%;a#y>CLJOqmfCDt zK2&o;QgzsM?YObYH_vJkLfh~@t}b50k&1%BcW^0>1HDiqww^kLTfqJ;sXzS9{*@XV zQPba4&;VkN*#+{R(qb)8)Q%2NvZHb zE4RY2GEG<~a3^$6?n1R{72ooz;pF7u54_%#6fD4Yt2;z_;488(Cw2=79in5~F%tpL zA=``qzeGf6okZgLFMEX&?DcJ&&z2iAz&ZG3*c+!sG6P9hxZuFCYz|s(m&HMTF|DDb zIl2mQlV6+x!%JD@__sB+nf?sNhw*}(%L5xYGG1?$hUoL{ zPrxjwqUaSCDljCL@3cumz`79prQ+wPm)i0>G0~FKlT>aqTM&F^*X(_F&}7M{cIf!b zftZUuvndI*s!RT;v>Hd3623^K(I?ZjKBaT#F1Y3U$v54AbNBak`8_O?Ct6e^YnSVD<%auyiBSNYd zd52$0y^-3JY zXFXtOS>8fz4an$waB!_jR=WQ9KPbW5UET}eTDjEmQ85Z+dZX~A1ao3-@Hd&Q>e6VA zZL4Z$#H*(Em>AWloy2b*W)X$=-olZ;T0g?|6)0Hoxuy1@yu#Z2*?twGua=%{s+PU*I~obf#xQTRh82oAE>FwFfb%CN$lhZst>|~+d&k0m1%p9ezuL+HtVk?* zqqtjuBa?>w5ERclNnI`=FVmojAp3n2i%9XvW?96U#U)#&3vSvf&5c&3rtn>~ARmEr z``UFwd8seUOAWizh4^f$ly`$vEH`Zb0zbNFw+;a{P10rYpM({ylHc%U%@I37S@m73 zgPLfOmZdq`!{PscK2Ac)FwHAIaY0IBd6jj}dm$$e6UCY>>0*&*Z^)LS?gdN37NR#D zT#!L1$`_4*kf!XN7NGD-!bBfW7AuBgd&?W1<7os&beE*H216RxZw$jge1n+teHN_+ zn!E4$K=9EOy-GIwhbXu9^K!ysPnsiRzOX^VxYlV<`8T)kfhH$gPz|Y1Aj-C{Nw~Vk zN+-a55}VUbwE4f_!$ane?VF-U(;&H)VJ3r*hc=nk=CKlm%8bvH^S|8aLh+k;LnGb( zo!`wXV0QW?;|1MCfr@|s^rlKo6B#}WscCT^b&{X+;;g)S@W=iV3jp~fJhcN44(do5Fz9u%vj|kaxajf`uX}ULG zt0sdnv?&m`0X9@?ac04dL`whOv_XOj6sHb`jn*M@lj-XB_-evA?MTLzeO;|8{-;nU;ss(DfXeosvxrzPJD3aBh0Ld=0#6 zV*C$^Gyq>8Iatk>ac+OK);K=7$MwTvT=$p=G$;u(!%t-~IUjX_d6#||?%$iee8&(L z5b*rDah6Fn`e3_gLnBFP2yzd|zYg`uf5L#Ao*zG>se(&W!f(2a{z2KQctVP#dRr72 z3C>&|YajZa50*8My8FKFe^CCG1pUbn8B;BCT}}^JxduLjL>t#4d(r|%BCzjk=IUJ* zn;6?<$|)s3ZDF-1+nw~eZeK4wghY+?xei`mK@L3vc|1W2srP{-$lX6D4I;ECGyF+F z3Ybhu{B}B~X^u>6nUbad7v{9oORI51*8IGyOBFaNT$XOGYDr@Gd!NlJTDxfZ+p?TL zg+9sobUtTFvomerD+$(qyfZB5;p3VhSNeijK}4#NCM^}l5g?sDT3laq&eTB_+7WKl z(P9>VOtb?2LCK_6F7L&-X@?39k(54)<@W`8+JI(8b0LevEPtigE!DN=mye~~4}ncT zY2-{9kkn-P+|Ov)IwEc1cA49%+c#3FZ3U|DRlp6qPFga!r0LwLcB3wbx-|m{E9T9I zP>1bgVSLEA#r5uK`Mp%>S)%Xe&P`LF7UwT_YhRal42#Ff!ZpebL6i`=dO&XfXGk32 z3R#U!^v_QVEo8fXkN)VF8(piPLWZrQHBU9~)4l;AC7_AAV&`4F@nvkz)};LCyylJ+ z_3g742vyU>Sp`}`9GN3nR6fHRWDYflQxhW<~vpvwwL;q&3Qit&+c7w!GfO z3JyPyMX*ILV-4Ic2T17Q^b{*>|6DqdIpvx1pRaH9*#tTh&lo?2@?opJaLvZR$7a58Gg3`MeT8B<5BqJg6 zB#smb)?|h{US16i!oNdRURqB7&+_+r@t`)=VEuE++_#0r3&ped`5bbxqE~bHWrfAyU?B;!ZS*tJNe?ZsySBK<>c7hFN03n=zH@Qc7wcC8H^d}_reUQUYf|C-#Zi<8wz z)kH)74d8Ii6V0aa%NDJS+EB5vrk+H)0_JLj+Pgx#K4=q&6v8r2`7?6Jhefl}H4`JZRoC%6@C~mo zS#9b7DW(P9{c-5NCB>=Mb&r(aTJ|}lM$ciLa$yrVQVDcct@+w5NE>A{sC4z-U5y$y z7aUfR9!DCESA@|kjJ710>+0>aUI7=TC&Kh(X?H=gJ=)3;Qr8)QEFb7Su-u4)FmiG6 z=eOxucHN^+o}?c<0rcj$*^hXEy7Gm4V(|j*$RV;zKBVih+P>BP+>~J%+yyKvm?Cbp zLp`2t0A?R;e+Oj18rpR<;tcdD>}@`9viQG7)k$j$YAbW)<^kkmp?R!jW0g9U{HuBe zFYz*%C7O7K16}!(sqk*?>VC93E(kEP`L8Tso3mq^Mivjw=ft7+$!N3+=2Z3;JN_-`bwgS!yT9CC3?i2`ZMc*Dp6gkq|7 zA*H#qCXcS;Z;j?=h~ys0>GL#`8ANS_Kdn*l^nBO6t@@*>6q#bY#t#sv~{J1jX=Aa%CiL(sVQ}O?d$~!(1FIx`hDMFV$ zK`(YT2u7TiTF0sok18qyd)A+jb`O>EZ9?VL1pj$7zPj7Q{huAs_sSFmyCNukUJT2?0h?FzyN2LfT#R6!%0Kq|~y?`X^XGB^2Sj z0#&WW8sV?@fMmXgI+f1m=^y4rM9#}%HVqxK%#t{)oC5WMk%b<{ztn93D>#Arc{$zz zeiyG&zF!qeSgikS1$GKEN@H_MSi3=~^HrEj7=P5)4Y)M4pFsGDEyP}L?73EqAnQgf z4H0O-J0pFX1Jd6e`8N$PmGU&ZsE+XOADn$I%T1sXp7=%%<%#KcF1oSh30iFA8)fR9 zQeD(@p$^RxmGXw{0STe1vyLSxYW=U+Xn8f1E)zXssA?&XJjg@|Oe^d{yBe(rkp*)2 zVF-J05cf;J{Ai}(@=c-7E*&4dq*dj{<>a@TR4{a~lQjzFj}NlQ)(UdNDzRP*O;MZU{|Dd@N0)u)8DKMDWfe#!iNFSba`wlcJ6%*7gx(`?!5+@y_*Y?rBH|`( z<(~|inb~PIY8g=PMdk+6aRR9S%?~kJxr5hHNmuq6o&fA7U{UtIYL*OGq|P17XQ*6k z98O5##t`qjw?Q=`T|kZO0B2Q?CcQqe8l~+x@AYLCm3=4fJ4sy?Dlgv-6tn=r*5WBS zk=^4a=LU!|hF9k_Mp)5_sZLrWlM>J6odBdTHZNriSfBgn`uB|d|EAc-R?kY|DgOy-ULyo zbm(%4zej9dajGThw6SCtm;WB0sW9J_gv;z6!PR~rGb0CsI=StP^y71Vzn_EClr|OT zgr2oOygl}`R9bl2LAK&nu0J6MiPZ3eSF7pd*PL7$kv)Q^FqeQC^i-f`h;_GNIl)aF z^HA8;`D3jK1y(5@IS8;c+#0Ro*S@F#Nm_MqyUD-Jo3oO^bq}x!eX)p)7ORqx3|s~! z8JT5>zL91cjxIdDy140k;GcdD9q&z@ouICJQ_Y{~5|uPpcHd~U5iS|}IWiTUnD!mj zmInr7Lc5`;q#=yt7*{qK>5DU?@$(2phH911mevHRb_>M>UN)3Bzx1Mico6Cu)`>14 z5`C0RE>bnuA{=6FZgXyoeuQ!D<0HC2x8ziH}(9%xA}T?p~fIKtTU#<1Q+ z%Ky#GdfprHdT|JlYFEKAmqnyKl8Nh~6{*~|gDF+3>TyDa=8>%W z>!P`~Li6Q|j_8Mk>2&!b$0~1ep2;3^D8SVHkzI+W!y^e0U^(0>qx7?siPhsDl-Ect zig!)0ZoQ6jhsV;Ilcma&@z4irk^PxgMU?m>de%W=|C*~R{S)r-sb^Da#973~>BDk^ zpJ9>4OXsHHG*c#zL5M~uEs{t?TO1gc3K5K2p`DR1`gQh>IwSvB+%0z;QRzYnI4Hy# ze!&0Sn_Ae(oTwCsl|=zK)|T?8XqU_w;W^ZM_B4dprk_H2zidvjgh3~3mFh&Oqkq`N?$UWPJNu)@F3&c3ktoju zYm8$mqGdgW7J~ZQJ#qb&3PG}N*8(!{5OZ~Ns_Vd-HY-Xe|9r!OFuN4Rn{g?>#8u zGwmTGBv+u2q8F*MIW-PN7I6Rhk9em^pUmjSx292jg>A&e>k%FTM+jyeb z{uI(z$w0n;anw8vZyzldkxF>mkKt$d%h{eVug-b^h?&F5ln+~4>`&l z398Fg?0gOWeh%2!i3xi|MR%pw4tZ+&$Wsy4ptw9 zKUn(t5Ie5Ml^G|9L5z;@y7_M&ZY&!A9F16|`H977hoNwZ?qB!)~n;at2>0?r*> zkep9{9nz4+>1H;rASuRW<-SPts!sv2#+#lht(yWY+CMRVlS&or`AU;~XH#&cw|~m|MgobJjQx=qhGv z0WA3C`HlTyw=J{i%!u#BXla7o`?xit?$%8uXU%=?)d=(|w(k&X2)w)3ai7z?JPtWI zg8cVwOD6lq<{mHVt9@@M?j-~hQ z9V-^;cFu~wy~;7eWh6B1b^s^F_StwLty|1{(DvHe@*dyH-(slG-V?6*OVRfIknu|C zu-Tdv?EHUF^0F4TlKt8pJ(T!loj7P+znuhtX}>!+%$NK2AwNbEzMHuG&;~6!xtlYg zDirQY_skl1@0ZCEcD(I&3v0zmN-Gu*hz*4T09rsn?h9OT-=kfo)CNUeBd#N?T1lKD zYOb9{{C`kz(_E4H-8>phq zC)9dm7aWFVXaIb%$ETWti{Cu1iY$j*+tp3kcx?tgR6zK&`e!U{VaT<$xPMdn+K{oW znySYKiiHL|gUczt+zEj)_~NDRtYuBM35U67S+F%LoN++eVC2lkfax|wD2X2X;e11; zx>oy9(|?yd-^Yg3c@L6dkys+K5n+v3O3ihqF%NbSPGT#rOf@_xL@FxKjR}>s0|Ds0 zT&dSjibVAqJDLaW$kZynU%M~;PL`BkhR@IB$@bJDT@?{zy6zMrr%yQXouxDh2?Y4x z1_5+2t&AM@k|nOsIis4& z9VE{j1?wL4L*zej16m_aTxJnaqd3oGV*0?VhByb}kN%%_VPU9H46zS{jFrnIb{%x) zPAbgq@|$)TD+}wqrNh0HgQ;ke7;r zg#y&g+XS+@1A)+)PlF{?^6s@>YY%yOAH(H_utKQQkx@r35{lhfMC*C|m-m_Bul=@h z#sUf5o;X^6Ig)gVkBP#1xHc#>+l>hjE8AN5SG7HA86eEylQmLro=O$ltq%e)2neC^ z9k+>5Kv8oA0by>EN8-V1C_x@VlvRO#bkQa6UaG3|U*N2Fp8%6fhYOXkMYwo=8lgU1 zJH414y#0C@d=~?8Dtq&qYQ%P(o?7rjd=WP5x2EB}JAF5*Ff|WaYv$zlebx%kvpQGF z&z1y-YNt((<*sDgxFfLy;97MX$}epAHv98@naCJL&J?b_D=vPqt)~FJ(m_Usn|BM^ z*2Txa1E`hdfFcfeZhIg^Al+y zusYE?gl4=c&F8J7@~phT{(QC@-k;|E)`P0-4=R{%1J+tu{A|Fll{PGvO@Bu6?^{Qo zeCWSHYAaq{+Y&_#yq+R?y{CzbYdZ=wJ$fria`7yjcXW19UCk=lv(R~$fSt;0oX!HB zhHFn@6LcjNA{P`EUj?ShFox~}>)95&OJtg0vUyPx8<#WumP7W!_)xE3)ti)yqC;(U zVniI@@#Sv*CR>aO-N#p{CpoeQz)I`wFZWp{Ob1>qAQ= zwt+e@ztKnL6;BrsE-ZxU4t`eYZTmqw^nWObkcf?&>Edf)W~OeI=EvHNMV$;^*KQ#6V=_6DUtQVC-jL#@o`M~wrR0k( z4dxa`+nj=Q7U@WR_C!kgoNWq1-&5KIngpsr6abx5;4H_+_C$nAGC$oDIGXuQ3l~m= z?l5Z2_&WvyPNkO~BLmPju5CvpZ1!)DI3OydenE?$yzkw%R4r)|nX~&3HsP92Y3baD z(d2)VC72>`!=8m;Ld}2{ANe0lKLxmNFI;9S0l}f6djYo|O^C6dy+1=pTfdN7gJdO!!498?8PmDE3q_I+uQT0lSfMx_OLdu_n2HGmlCvkhamN zAh=TZ;5uB0Jr7$xR#5LB1oqNQj(tGBX`E8)d4B9h6zYjv{B_o-Jx1iORe*50qhBJl+9x?!aX(mra+y4 z)fA~$P4xUA9@=)KNDP_v$Yi|1pWlGzV#qI-zw$c^#?9N*sAFf{^DS_ifQI**HEr54 z2&}K@_wiscYsUdpW)>^H{AfXH{8#I!{J%G4xS-{E-hbeii4gxpyArI=8`Jt%f36}p z1$IMmQNF=a9u`$_m&W(x)cI74|Mnl0fk4x{YwjY#xGck$^vG_im;@5Lgx7XruzT!{ z@eK?M3mC@?M>vffkIk5N_yEHoCOc1PC@@u;Ra!_VJ57?dtz3VO?SFY874GlmvZqq{ zh!>l#9lI4%>VlY6os#q~w3+po%5J_tRcX=e3+zM~(YJvaL=N+?*lh=eMaY17JPX1=N;FLpD{twjzwRG5LL zsFC_6u{ve$Vr&hk@iHoo?r1kSLqWE0gRF&r& z(8w8d9ch7OPpXro-}a*tm@btC%h#eZo&Ht$J4c?UA8(MF?a_{|l_}b1pQ}Ikewcf- z%+eDP4>q%FwuL792XPp9s|<(4#XSoT=Xr&zedt8%tVTGd5~HHYm`{b3?;07JrN+dT zr3nwQCMv(mE;@ON{h#V-Ch&XLuhhwftG6lYcb`(VMb_k?9M$srxdCO?cNUwyW6~6K z^oxn7&@RLrwuq5J4s9P{BZTvx?m9h@b6NnwK54%%M%1&ij4vdPfYM!U_mMS)V? zec=RgRfotZq}Gr$6EM+F-P-~h-Gb$qRncT4tb-2qaO)1z@p5>O^qWe%-!E7knUI+Y z9aZUIFF7ajODiOILW-W74=^iI4VJ#kegACu7F=GqCR4Y`h29qhQTtM(-QN9uU89;$zVj%b&g2ihNSoAtW9WA((+dcB)+=AGT6|+jPpxrEclS?3lj#S((4UnB zlDQpzkt0r-&=a7!I)ouz{p$yczGRI92k>p0I`ie(b1R+NMgm8>`B05)y0T50lwY{> z#GO9=QYTckef-b~l?N)4g~gnjr+r7-2u-#xGRo*tW;7U}yLhn&j4OYi_)!emKi#^I zEQGA)MdOa25b1O6xvSK+)FnlI9GN=9#yXn?i8t7rzR=U6J@e^+smX}oVW7Fu@Mu>f zrv4AFR+KoEI64ZPm%N?c{K$=R;;QTLo4b7}`A(8GW0?ZSZM=M#az!XAeA5(}e)d^Z zZ+DJHew_?@Aaf4a3wed7`}=!Jn`$tgWB>ZW24?VIho{#W1)j7W#>ZJAu*X{Y3#stS z$}S4nWB@%Az(@2p>Xj3 zF?AL|ZFCD8rbsDL+_g9ar?|Vj6I=^{poQWTTHM{GxCIX$XmKde7D8|+UZ50r>7Vbr z_s;w?gc)X%ut`pK_w0F}=cQO&W%2~4i8a}mA8fBqE{R;XmuE;Wn$5`vtAVenFb)2O6u9oxjzbLwDVV71_ zF*-a2f=2-H_{$R^x~h2A66Fc^&7q}6^n`WkkO7}sXkUUaeqRf z@lB$lE5Wm$a;@~@8v+O1G?RK|$(+bW;U=#lf-_WRt>3cHny@yt>ZW#WZoPqWz6b`| z(cry=@(aVQw z3&POJX3<;3gqC-W^qk=P$CT%5?}Y1F?Fmjr*NSNV{OIsETA+P+a9K!ibNmwwUYsbu z$6g>dU09ze%_(l<;@)xpn)!-eeT?Ik|Lho#eM} zO|ACI@=}UqQpM6YpZPVYLezfEPdW<5(T1ykvL=OEH`k$mQG)1kp6>i|7bgxd8aF(H zm^KFMvvmf@6z_$}*81X1w;eDNkG8%6V;RLurCCx`s@%ZG)@l!;j0)%u=8chuif{Ud zJf{PEp;s_0Hl6B#@UbL)PW|*jh-+#u3@&ogSdJ+(@F0N{17bj+J&b9u>q42Mv&e^d zwV@X^A5XrKidau4)cDkbQCo_Mg2NFoP?h=u1kzavMCz902kg5!!8=^)N^5?kY*{x3&k1#vqx93Nj`v})k~ z21D2yl5H7@kOcO`3a5p=>^4qM(yhWjfb1;v&D9rTY=_&W1YS2tn>3bP;(f7m%vGSv zp17>feV4emBOUZiseS57srEfXUo{bxF!UHFcE$8wR=H!KtPW8$%b zIm7p3vmyo$8LD<(56~Zx zi6$D|KJ%q$&ZC(mNxf`y>%h)UV@=xR+>&xt*nFa%qcaCc$K!f8` zF~oc9$$g+sihATc#34Rh>`n6P0J6968Nks@i~%8l>$MiH;of5t5tz@|l*j8O%z^&9 zTI5>6yfifY``N7puwF0$^R`;?6|(eb{1F_}{1_6`Tn9)C0SuWwHB4YhXC@{-)K0#T z?k}_9ajnu>DE$}x5%rd=;gBHc!p{b7s2is7LbX%hHSGskdqD+du)cWrl=12Ti)*x% zE&TSO!8!yXjnC&#kY5d#z6!C$mgNTcuQ*agPTSkO$W9AqgvzwURXF3PTv%Gd}L!^;kiP8Ufq>Af0!E zH;7iv1`0+Cg5Y77)A##d48l&26dtA?v_RfJD4$vz*5rHZo(Og8;vr{D(*qaM95F=w zuknHI+(VV2*!b4;JHTp&&Dgh}3v%0oe3u8>PApH;2=>;g=ZB|Re1>8c$jY$y_{2p8NYQ1&ylEzrl0+j=LRpTqq;h=e} z6egZBdtd;QfC_HyPPho?KR~U(SXTOTW7m7CbnW=ps^Vg{w#a7EA(x$%@nl3|(rUoF zYTQ)yUE5SgPgMLprAx8#0HDwYwA&wkbxuFf$))OKF!&cmB+`YT+02)S9@z+gTH`bm zYY_37X6Y7f3pnO}Ge|A)WK>n;n5Uf2V`Rf^e`IdBRGnBUP;c972)wLI`F6REZ_6aq zcXA2=j0^gJ6unPrMV4thPLX8>_n&0Ke{TSTPH#je1AO;^4sb7x1CefM1kUn#Wr%K? z!ie*G_FzZ7?eyKkhh>$oe3-HUL{ACr%lcdB3B>8VCnrPmWX2 z6lk>4pBqZul)Zi9%lw*E%0<&tvxLsZ;rZ4MRIz!Gu`5b~=4$^)=Q&ZdVn0Ra5VRZE zhP|mEm@}RNj=aM$1idq(j~bk$t(iT^5B*Qu@q&Hijm;%z^X-+o=n7NR)a^W#B~bNd zQyc~0g1#RB-kJsd^s{Q;zqsgH90+mdX>(Vdmyh;c9ti-w5yczu+Nmb1pL|k zJx}^YtuxDmtgAZq!RRXXyz1k0@3htRzL`=TVOnR0Lg0;_K<(11>k;vuwR5q!|INgg zhi}oDDn<3;N-LH%H-S64lRyNWkO1ZUq1N3+^=&8P~omDQ7JUiK+iOQ$_nEMZR>y4>m zVTm8}iM3dhI5lhdI0#veSGesKsh+Z*#l(L%m@3`lr&0L=FNFF8DKh$oNr~pri(ssZ z6P0IPI10@w?^Pdr^|NKYms9I=q#czX%R3mdwH%$w3%keRVIGEsy_{*X&AoWCa5OZH z%*fT0|0Ji@uW%xiy>3+5OiEpTe=2bYQ2<&bxs)z!eeQEK-l_#|G1mu0mp`$@=u}W18Y=tZjO4`SN+qM{&=1u3!nr zFeJqE3OyNZ%NidYmEvrwtA+W>%U|Q_!M(q`baOw;B>ML&oDfgF?V3ooTtaULhHGN z2KWJ@Ex#^05qzNNJd~=+b>PA}E6X%$hvS$H!^6vu-1`1 zuD5czvRKxRb=0x{kEP{=IwnIbjgvTMn!W57L4d%dW%g1-3tk|4VzSP6z2u+@^Ght6NH14SDZ+}jL! zwjj32Lb$_?@=uHxNN~5f3FBX4OCuS`9(uM^f^^_}m+?GmS+b1X0^FY(sP6&u$rjb&h_smBp*`$#Kk|X_r;v_T};X1gubOPO?mW! zO1wf}&!73I6T9<^{PxNcWPDW(KesDS2AW|t--+!ki(2xHuX)<5&yp^i{*|=cB^Wn zxkE&2oPoKi&lU)w@;B^UB1_4D-@&y~?=e)=(|9Oe)HOrpb9e=gJM70uUZZU({*?a8 z2w-bMPdw5%Heh=xtLF)pXB#@Zz7nhqm#6FLHx z9_AnPg7R>F%GluiyJp&*ZyewgfI!~na${+;CJ}%k?3QNIBBx6~5g{)`y~SL7zR`!g z9Xoa;fxC#*5Wf@Dw*1p3HoaPo)_kZj84ze9VckkIRZY`D%bsb+tMq}o2%4q*$j)!? zW&DP<`HgUC(VLb7H&=mW#Jk;d$jV&qIPLp&ubISxV?=AeNTFrkZdcxAlrkLow9v63 zqq&#{hAydms$;5VA5$l=#??%(=)rGy5OOvY%BMOlg7{j+~31#b}J zQ4$5w+_3#J{ZZN^4e)_UmQbobnJXbM#;txM^Zc}#b-mO29KxVRS>_s-v)kOBZc(N3z1*?IC zDq0m|uQiQ_-JV}Er#z_4rQnlEB5mVykdNx$1OxqE`tI~sIZhlbtgRc7eun4_jVT7c z8_aMYDURlhA$;xRxPqNTE0~6|y2W_yeDJnK0?>y`>lX4-P&oi-AxEaw?f*S?$G)1N zm2@=w?LM%jh0o@>Mocqhz>hf{&e~YMVY2NbU=kPPbGU-T^W8@P7Gp~HWS2WP_?H)N za$+~!j_#EY5w#unOvNnMv@buaqWy#$kBU=G#im2GIQw$WTZp^cCf~k&vPhy`(k|VL zyc-|$i8WuE@!=QS@#>vTOig1GxOpGqtiPxjsBz|wrwZWKj7jkVoj&f2xV?Db24>+4 zHV@n+QCa5CFXbqkHb%*hL=$ZUgApHJvYKU3+Pjw+mkhpc-Cz3V+a$3JniZh*cKhu~ zeY^!zKo*i!kz+7+H)b9L2nn=!GQW_IUvIpqAWzM@)+jkU{qzp5%DqAHbqDB}9MkJJ zgk?PJ8eN%YlFk*7^%*|V8_EnYZB80PAd?;pMKe)NNvkTwc0_U7Pjqc;s)*A+#;Yoc zTD2o98a9{_Yvn)X0OR2u1k|B-M(q1i9Yof7ed98-TE{?`&YCWhwPyc5usqZF&sf~( zpY)*6yBW?9T~*p0(c@OCc>Oe_2mr9sJD~)m8MMi_L-~_5Gz4n#=pVT2xkuF6&0y(? zf5fD-oypyHq3l|8FB{9x%hG0^jLGF6%(*i)E>Lzb%KM7~YUgxs>*ZjRTv>dzzYD-4 zClCu)-64~{V7Pk{(`+2P>sh*jIVYSor5WSalDk@ubVYujFpB;pTx0uyXL6B=|CmCB&)xl!w;3C~ zsgNETz(WQlekoZ1R&+Ga&mi7eBzdjEz}L(fZz}X~XfzVrDISIIC{a^2z~;=XNo&@@ zSeCCv^O5_Ei0+bBI7^Jw?A&g5@4H?Oj|htS0yQcwVsc|Pno8KSXUoK&-)Tp`#(^`(C$JvFV$ny;Q7F$(yb0Xb15I;@FIa;FZd` zdJ6iZ=UcOR7bzOlJ7lH;9mR!;-Qm?Qi8e)b+#evYhR9@TB>U)}V!Dk4VB=JsNXx%jsdmn{eS zlF!z&#Cj>o17EAzV17@p_n5X!gaWS$S%_;;mpHFs(l%X#VPLuGZ82%UZr4oq2*UUbyRX#`3|jyqX6z zI4&Wtzv1+DyC3D-@rL};;TYk2P0g= z1%EL1O~s)5=)N8}U9T8@L%*@Tv2<&{u{aWGxxKj&LziJ=YB44b>1aSx+_WA9@7wz` z<39dyZ=>7__Cjx$Kn<377KcSc&r+XDfwOdVTA65*(vnY@tj>4hu*qvQ8faP`Ik(*X z;!s}F5tGpK&^~ZettwTQ+5&=Qpu@@VOa6)uotLG1K~F`$Ui^bRqw0=*M+uBkx=6`I zqNEY%${>o$!&b;`&qNsxq^jtquthQ2Ga_tGzwZ{@5g!~t&2lyU^~(-?ARi5x&Hzki;X z!g&*hx{V~$4M5EC8+$Giy_z3x^JXOdY>Ape-3x{gNg=|yjvLCQ4{lyekYPNV{zaAr z`qLk;)>CD6ND=~{H^#Rggcy) z`2L~r!=r*V-!Bi%u*CXrz>Q&4KXCp~>FfY4)fYww64mHTZvFnBpL{o130}VuAnQ zVW##UgV-?0&}jaJT$AvLAmu3;MYUcN>1ZlA zYx!k6*%AL(g{klJBy4RarlUKYywsGjz$Ao`?7YZY-!MCSq?#ZZm``5my0KZE^#d1| zT)n?mwmC9l<=$~p7O~^OWSrdHi;T^7RVliEN-7_C!LBj7*uLz`ml_i)Vod7&+ zI9p*r){((R8%1&_Vbr+7n4=LTK;ZEm1A%3-oQ0TfSpePizxT49(VvjD^}T%j$lGy1 zzT7lkYh`%3Xa^5ZYc zS8JuVyx1}ZKWt&iQHXZKC-WG0Ol_zDa!_)8p}6%feDbYYW=|8l2|G#bk5m$t+%?t@ z;o?LhjsH9v8+mhxaili)+u4;8sWFd28)ZxgmsqJ>v_9N z8&&m!u2W@USL+aAzH(#x)jnh@FhYdfI0aQkd}pTiwGyWV|1w?%Ghw8cun77w6vSH* zTYtK?)77&E1xRxCy32L#wB*4L923;O=s8GXv9@_DROr;l7Ad_E{jL2pM+RY}$tKq>QMN|(pj@j^ciF0lyqndLVEdRIhv z^O`ZkV?dn=?;sX7sMDDu{}~L#!ngfFJDt(Nk9DpJ?%AXqr{WKP!Us@wZkU>C3^J%S zFFgqfXVEey=mazR zGbU>@-Pn&UQWv>;=#-m2S3?T{PmK@W_-Rp(AT#kFELP04lyTL!FIey0oJk@X=`_Oj zte-Aq5?v_;H(A3QD2OKo+8?vT72W(LwwHHBPRjv34~j85B~VGdc*a~5`jfobHKCx1 z603U;L@bs6Jh=!;5%}?dj%t&V$<^vnwy`|>J?RF^P_~HV^7j;FQiPj3);b8ju0d?~ zpApxl1=-gvPmMP5>`8Bb%4F8BaULahy+zYIun)I&=SYZT9kmG#qBoSyZA$dQ{C%su z+x8W(KbHC5&k#!7Yv)7rg*YS`ICqe*-W$oMnHYH(A5kBM&AO4@)URPZQI;l+I-!P_ zDy{GxscPs-ev(_vN#Lyig4_^$xui_msQg6lQJ=y(U4QY=7eO4kOM|WpK&bx7Q0g#I zcg0i#;&B;~rcDrQCB~fUy|5*(bn`YtsyRxtp^f4)S8ZFW^530rTzM=d00qgK zl9Fh-*`f39dZ^RuR0bQebJJasQhAoRlY8azCR~eEK+8h zXT0Z9DkDo=49LnNb~B2{_t6nV5LujnNK?aBG@u-~LQ458T)2e<;bW%IFBick;Gjv->)dSyNL})#GF$ z028mkB(@DXq6_REd|;y9*K)m&xWOSoj46cv=~2Q5Qm!9=C;-rW@j6DAs&omkdOqWu zAL#>@W_Y-dbZumRTGRF((nm*dACI*)i7S8cGiJ)czOi_!<2t?kooHo*j_thU+loU) zSg7cS2>(-@uwkbF-=yczjBSqg2k-Ef$^+t4Dp;e5dcb) z7dJ9awZbG!gu_%=qTzaA7>L^Ah!&}}JnSO#w{aNFi8pW3ply)+1+p_t%r4P`Iu0hu zD3Vq0agdWzbDgdxLns#Q6C|wU<9m#kV*jE%zW9rBS$+L(aPZ`!5`!^l%z={o)I1N!6{a>G#ja2vIm&*IQpkT>P-5Np0@q;q5OJ$52r@ z=8TVHMIc)RCfr|o4S8`ch7Sj>MIr04_inEQd#ji?n%ake@amHcGEOR zTYpiU%0HS@a)(W%-Uirj0GCP61j|0)%7$W8Bq=6jqF{CiMcb=<^k#B58Xi8xGxzMY zl;jNzW%eASZE59IP&TWG6-a(Q&QmWX3lSOYPDf4k)!=y|JF8bDP=ei(mCn9;#liIi z`HPagAph?fEvi%h4lL0YDR|qGCBv5d7U`peQ*9&)87Q(YblJ85_6*!xN`^@#Okger?VMx@P23~#jF(>u7O z)W{sVGi1@TpC+-7S=u%(QiP9~WhN`{tuGbX*tz>++NWJYB-)w>rZ^k4LhgV`g_Dws z%y!qU^b@6VW~eou-2K9j?Dale5ql*P!3Uy-?=2(Z=LvoJWtjL-@3#)BN_6 zh8J*re+1IF&5O{2utgOX5mF51v{8NMEo+TF#2c%J^X)57n_G`!{^OiWt zGMsqxkfpo;7F9b;n!NkGR4Y@2C|oRkV6?)8k9|>D&GCL^4z724_^aq4^?8t6)|&IkwCAh!YAAUIkwf&=@gz8VS~A5 zck5L}1%bls^q`AFppyad^RKybUDq%r6vw+cJn8{NMV6(aXI;KZ=56&p5gvCDH}UHs`FQ_`z}9n$nz z@ZY=|)uL}1Q-1S75YgMz&Ky9SV{l|QB8{a_j}sZ#F*;xq??}vIkrx&DC3UE5t;gk2 zWlqq1x!Z3JZ^amr$m+-xbe?QE&4ee*x@xy%FQ~UrhssdJYvCp`m?8VvJIoDvm~8>d z%^9O#M=nt*DUo@ib_wC@nu}Qpm0V+7vPWd{ROba7`?iyWKXsV8_;-roAvVMuZu6Lv zqUY+e{|{#tf#=MB+M#ls*ZQ(rfMYL`ud}CbD`%#dl>G~o+&ng14ewkE%Qi`EzIY%H zU5J*ToG}Mxd{pj0_`Xk?YK7coJiP`z;Ky?wl-VX+17GHRp_*4WxxPePT@G6Vb2N2K zSY$%-k;oVQeRiBl`Lsv;Y(?nvQ)W5*D^q=*qpm&9+GyoP>f_Vvu7@K7t$)&GH3Ck0 zjP_~qnU@gG@%j*XT9OuNgPCVu*D45n4;H~qx$T@O>zMt`^LtajpU&o z`fpv$vK*X+4}l@C;B7MId1FM^Co9IKSeF9g>T&25;)MG=9g{Z1nOWB+4?4`SKh(%?dbV~Z&zBPJD*-Ec3-gfw~JKQ1?R@0(2HMEo0_$KpZ- z%wg%=(#}5)6jm2ApvhK6wJvJ@-}#U0=QW$ielSDhB!^Mb4wArd+Xt7>MD~JbEH_;t zD~+xJS0I_Gd$Iq-PQ=D|7%%1%vj(m@fcziR4&0XCK3<;m8cok5OWQ`Gg}MeR8?4eMFKUMa3fT`u=B%#N7h{2qwOeD%rDOPo>ABB zGGrA`|G6=kap@;mPV;?QMf({kju$2(g)E`iC|2CVlnoS&sTM!veGNR9F`NXi4JA zac)Yyqs_+~bxRYS?LGc(7?)QlW~ljfWoaFdXte2@YFbybBYdb;)A_}Mt>LlodtB!3?vrL0n1Y;UlC zcfg!Z{KR>Kp!hh@W74&0*Amc`F3fz-{ z%cGZ6o)B&ItMrez(@GxVbN<9>MA`Ic;B)5!G?GHUehvsv5rsd0uzZi@8T0&1l%WGG z!@_@Wv1(rWFUs>5>1V4l6G+e}lXrqI*_iJi`1xM-R;~)+ z=JC>8UD}HZwLaqGBs+JpI@!AW=Lt>zxs-(#4a|IqFDvE?-aV@ff~&5Xuqy_!iO zH!)W0FN1^16CzzMPL&1{$zuOKAH z%<;8*d$3}9{5@^j9X>bx?XB5n!K9_G^l;>r03)~HI%A>$6I}jQ+75`S**3ia({(Qx z0Zo^fyh~8ZeHY}v)YhdULZW=rw$-=pm${d&=j*ONzW^5-e=YlcM0<}2tUp3*!de{d zn1Ek5vP_TkNwF5oMDf?yNR&SwB8urBZ684Lg)52ucK4lX+Hfyq~X z>k#{sJ$eBB;<9_@w~DW8bMgD$bjov%vrTmJof^bE*X1ekn;zD7>*7osQ;E23i{=$a z#(eywSKQ}~%^ro|XC!8C5o|SNb%n@tj7<99d!cQ-6);$}xt8nO`aYWV>5kcSi*C0N zWZDSpKGI^}Jq&P9b~{hNL9Od3{Az{jwR$%0yrTi=8;$HUBb8Ou2*D&|X!AGwtIUC< z58QRs`Mw>F@DwGdnX##vogUP2&L-Mt?uC&G1o(P;CUGhXPsAV*r`^MTATDhK?B$)& znzDzFLM#)k+rh)cPRB_Esg9fwagYXq4bset3`e;-s6RZ^iTF94vjz6HNEDw^&n={d zIM?>DOUX(($LzetY~Tiosvc&W(?R{1^ImdU7(Ivqi{2fJ!SI-quJ%)57y@0oT+a=k zu?|)_sScY@QgO|Qal_LQ4S=(;V~-(^#ZV@z>%%Q2eG?=15)q)J7$xsKF=!JLsWgnc zN9aq4o!bXuPYS%w)oiTm8yKlk3l@m(S{(EG1bl?M~>pvkz4%))raTq$!u!>wr z59(?8a3F5?KV2WLc1jKjhRK9xYD}*K(iP%4k*{;UfeswK(Kk1+IUc?774*f?*L>|u zb@#it)G*GcVe;imoTGcc|L;^!Wd69>XL#e-vSL+=o)0^=h(Jc(|gQhS65^7e|uWdjL>k1ujZEV2NffWOA*>#!FYE zskGw93)_XCmlBdw*API-SE_VxiD{>BlAwO{eQAgGdx4#3dpgbID#iA1f&l9v1u_*G zG!w=KlPbt_&Mqkrvu7PJp*wtQs)6PE?;7rbMhoW68E<^ayY@9Yf+~nsF(LM@?1wO$ z*o{3|!nJ)fz7D$*C%ms=>I?XVH0>Ry^}_uyA8edm=ju%d$p=@?z{?V^!$Zq;Y7=ZD zk?VR{7>QB)J@$Aus85>waN*A?rcR&>HIoNMmE=uzKSafDq4Qzi%!k~~4gMhPTBQq` zDjYl9(3HMx08E1aM}sC43yZ8!q460bSkv=Ul^RX9qSq_z2NQy@zp%>f9qOfRcph-< zOev&89{`F1FYkm{g@ei933|q(pAD)#7mM)$!Fxm&rr5h0W?)3CStiCc(5{eIt4O4S z#}Yv2xC1*<{~c606lho?=*N^zw_N`PKNX_P`Z=jBHbvOnD&4=H>Pp=Oz1Cwxy{k5} zADHlgf^2s=2tHwo+f4=ia#e+VqB)ZKcfSU@huy+k;C~u};x=|kc0zt}wkb&_>*>HU zA~4h_9YlTw1326KtOqwVLxLz1N=Ds} zztuE9WO9QH{J-=Ija=+;=Z_SS$%7|!)Duw4F638BWrg?;7n;0b%A>PKft zIK6zR)u%@a-DoOJl2(`AoESZ3{yTSQB_)?C5G59d9%-=pk}{1vow*I`C}a^61$-k*rL%YYSum zr=vphvo{0EQ&`FFb}3HBKE={Jo$_NmgE{B5PBCbhVtio%`*VxPE!Eb=$JA;-h>LC{ z?y5-DSHj4a^$LQrlD>OmcHYn;=nDNooq=-U9LBc_H360xp4+qXcjj0a^Yg8gJK{&qwF=I81?c7Jdz`Zcz%$&34)ivLrTo)4U!38)S*hr*+{! zz>_*K5qwcA{!WC`d*oA=MSZ`6));i2|Gch!JA+0dF0 zPE%}#&m0CZoxA6aF{)bubZ%I_69aR#nZ^{1iT1F~>7nXhoJxY6^z*N{{oiBeLy#!& z?hE407dx_8YvsymG-ou@G@|y%3~o}UO`?4qCXVAuXh^DLB6h6lCN8Qn=uY0WRM{Cx z$wv;Lg&c$^rYcX7U<^byu`PWv+e!%cag^->2Z41YhN;wOJ{gwUd&(^pYmpEDY&y2d zVbO`fG@he_rZ4m9JX&GLz+v`i4BRS0uSrSg>1M?luT$LdAROav|BYn!EoCK6Pl11& z9=upgE=(-V=GHmiZC#W31LFjmQEU@dlzCUrA=)3p38F-EY6f#mtvRn;QB0HA@lHQn zN4i!H2rQ1yDMedji$|-@-&5o*c<=0i63Rx-Eq3)KpV85#y7WEto3nMS(obh`Gt5R4 z(rl&iI7u@L$-0q8vc68e5nsPSR3u|#(H>Jew;0hG*AU6(hJC2OBojU-ul}z52}fn( z`Eoe$^5;+lCXJ;2kPon}Am#k@*akp0%PaWe27-|j7Z(*S%sspc;9uow7IeL3fg8C=EM5{X zM;qT@i@Cv+SEYJuc8LnsVI6@{C8~-ahQMkJX_JL3vgX0nSPq@k3pmE!!diRsLOBb# zfjG+(t&yj~&7}z|^|z^q$}Vp*u`IlmFs}{eG+IV-wjZ@0BglhO-gY+NXnH}rJv=zC z$RbafP4D0zxXVRs-P_WzR2?h~?*jBsO$lHqx-yZdN=F+yudj2~I^{KZM6Z>Ob^>#m z1iUIKIyO*aVk48ob;A-Vne8T5)qW>xW^bezfQM`KikGe*oj=nbd|PF_U{VuP(Wn-_ zs!ZlFam$B)M+#k|70iYfI@EQ~(nwZ=xsOc0vLZS1#KWkW6+-(a80_vxjD+WSm-*2` zbC+A>1A7g({k{beb+juG?q$4UdRY$_8r4`?>h73`y{s{zNmCq-6qM_th)_~|aGGEl z#!so(gq{B4w&AdQH%?wLY6s9%rk%A7D^&ed&wLz+@M>orG9h9Ez!PTN3s;ndZ;dKE zm5x_Y`)FWWw9jbSm01>WaKb&MeyNZQ%ZgCHZH#3SAxAd3$4@u>FSpQ^W}mdj@YN&G zc`n|*xqCSpM0U3{uUF31f{lw_)L+eJ=whwU&g4?jvJJ-Y z#?_vBBv(GV{<@*oLQ@g6m(~U^Bta#qtfRsD+7tfmUDi0(ATKUEw!Q-lh<+}!gX!#R z+b}{+eZOGl7Y|tnyuct;OI(25ATcr-CDaWcI&O;Yt?PXSJz+r{lWT z)>yopCjNG9PBQ&~g6s83m;O$z+a+0?=*LeH*BMKn_%;2B%B0 zv~lJM`99*&Rntz3c1aoc4Nkv~_*}2J|J58ijp?zi{hqvR(}>e77NeO&IMT3tQA~{M z3~pt7PrcLOl$s|0YXZ@Y!4$ahV3_NrX#M6oW_hITOsD4U>ogQYSUqytv*jsv_)y2WoUs-EwcVP+9Kv!hXbZYbxvAW@<->b#{^SU*jAXvEOlck2> z>F7{9O*{0+LM1@KOO}g?e1Eo4UF0Us!=pBu)36(?LFRz(%JOALVkR=pihh$n{-IId z#fOqomD?3RNUvDqb$8jv;I!31syP+9Peqo}N8>h1_e^Z^oQ5h&>H5jT`0QJjbf(Ul;>V6o)hB-i8jC7fU2Run+xqW zmtS^U&5`8Qlq;}z*RuSUoW49I%5CC~izyo`20ELrtx0EyCQS5!c(ux1FqSMdFgpHJ z=3(XDxD)FV{>?e zCyNz&4BXg}s7Vm_-0Y#A8F6q-7#`*tcQU%FrdE3`LuEyQ*FI97N0xIE^EH-C+h2tW-nrz-QDX#Wtp=+&2)yA@S`H;xx9tFiLy6nKGM)gd<)z&s z@?$1aA+DA#)lxK0oWeWo?~FYp&dCC!lL5(*Dq`Z1vBgBpag#C-r7r?bw#a=RraR2# z(}b0HrOLsrxYhh`xccu0)lKFQQ&)G9Lj;tnrqT1tSb9Sr};;+1*%&i0n;U)unYW*_Vgyb0n1Z`M}Gec-`Nc%0?L6 zO~TSbB(V%kadH?a%}uA3sY|*mM(8mk%e38y(iu`OV#2W(jO*PMd2cvKjQbe3({i7b-+bVQEXHxGh*^n$IvZ;^DeuEm#cb9GLb#AqSR{ z2RqEKR`Gr&Kg=jDxj34ZiwZQ+2ETN*b7#X-Yr!WxL^=V$ntG%^F(}e+Tt(3%?o%#t z4;s2-29i$-T=h?s7{6ANxg~vtP1Q;%KOe`(TR*X1Sh7^_lE1BE(*^mftG+!8-eDrG|8!?5lsHsze5)@kz%>z97@$?liOLsiumcRJh*OX*lr^U_Mq=Y5 zj$Ew_CZmmobabZvj)?Ham;u{-NA}J~c(?Q9AGDo}Dz9G>c=SYODK!Zl49vdOWd7T{ zRo*7V&8KTn0qw?wyxu4&H8uK~g;L!&-qd0nJ^Vp5Ty14GhLHjv6vU_2_IRYo6V z1}DYy0I9N=y^iO?F6=n3&hmqoDRw>@{2uryo{@2~(qb35{u$o=zB5_`Dxn%Vx8?AP zUOZZ*OpS}CL&Vr#ZxA}?owa@!-S}ouyT$Fcj^P5r^5{^YR5>^EW=Oz}AIQ(g9em?Kw``1yW zO>*Pdj`e|b0}4Mw8!(eaUN5SqWKo{#CxTDE-mlG(-}W%&-2+lV0iT?2Khq3OWD~!9 zI(hYDEMjsvu}0?GBHbtR+%3vvR%*jQSL*tN>ua<-# zjR04HYGb%T`;+g`M#ptV{x+xlZ28B81)IS0w?aIXhGQBjo-)G*%DwLBCGIZ^faO@H zcyx@}sWs(^cowP!)(@PZP-@VbNB8lB3`DE?^O9J0ot?!`wiwLe1?D<=0}K2x!YsaJ4>W#h6s; zAU~W9dqYzT9tcll_TVD&)nC5sY>boW3wU~0R-Gi~mCgX*f3Pyb4OC1!)fygua5({6 zXSW>Jv#W>XOXT~w$0% z^i%u6>$sUkteCx0oPY+u%GA3;K< z3))yyjm@;_t7@AA_BDdtkv`OXo(9!|i;Bp|md#HTd_FqgQbOeo!Ed4VJsyDpGQ`9S z&0`7QJ;~TKZvErpIP&!?8DjWF^nlg%>lPEp0n`Z0iD8~7!PlUM(Eg`UKz`)amxA-NV;bjN9aWy> znlJyLkk`=U@AB6C`W`ZL-CD=t(KMQ(jdwWq{AK?Od3r89mULA*UdoW75TF9c+15ND zOJ?J8twLg=orTMPPpmrUbDe{2Z^OAwyB^lFBnrll;Tn0`wWfj-^1c3OMnaA5L$NYs zHgDtZu5f>GdB&>$&cX4`aKNZoh?a;p@|Oz&jg=*;K^YA!Xay+I;FVTJLcY4AbYd6K zy2^!dmL_IBm5>ic0t!v6(X@_%;q@svl@)FpvrljCgXew z&OkJMM}vte{kW7A7m;s@A}te7T37`=X%c1Vo>U?PO!hUi?hjvxs6SimaVx%rVGCwB zjw*Uiw?O$y9I`m4$+$uv4(T;VnHPp4RUWE0@trG1;LjYNeZG3kcJLie*_+tg-dgDzAJM=?!Srj8d=S!Y3RV<&>rOPA3k2EFEBmUTBkB=>$ z9W;Erd7Y3tTy?ip9BO7>qm`lIeiAI~vgc$fO!Y)aoZcyZOZ3bYbeXK*Udm2cHWH;Y zv0@cms5GWGD$hK(KBx6{(h;qTd3S3pwJcYE))Zk^K+4Cd$y(lHauWjEl)ppfx+z`l>l>kya5;aUqlM53G zt9UUcUM~s$(FdwieRU>>Ku2^l&{Egs@wR474(SYp8XTo6e;swATdP*d?4FYTJH(J% zRW$QAHE=%ubqB!pt2JFr>|fFLsvWIBklNi3<5T4b zX_2;ebi?_)I+(2CM<10Hshtp-orLM%pq0hZu!@JH6X2}L34mGeRd1KqBoS-RZnAGL06mfP@kiqyxH6JC0VX1jOG8ef>1LMy?`55|p| z68+4N>~VzB=nVc%M7_IrO3)CtpfojFZ7qs_1MiJMRRnwOr;_NW@TPZ!VJ&<IZe@-qj^Vth zl$Kb#asdzRU|9U}=Uab_;^A_k43RWsUq}|Rrheq9b z+GyMp-i|w_y1A35F+S3N`BhdotexE^8a?Co;f+bJ*|*nbH=(j%_q*j0FBLiLafFRq zZ)n5M1;O}?-7I#S=_+k0=Q)g+rIjr&CwYcUArLuxeo>U^aQnX>WOD42y>_or?=V9# zDIZRz;AjBM#okEWSY%sEkrtyH!uMf>*vg)t=6xzTQWI6-h!2hZSh?PcM@k7L>|Dnb z!hdBZ+5PU+=i(9~PUKva*fU}8L$iF=#FQW^qh9dD^;%i?mt2e&JEId$-MJ^uH|Ht~ zP2t>dfqt8@njDeIrwY?<>Klww%VVs&i5&I}R@|EWLzQisx#n5!X^v%Cj?Ot251pco zB$^R7Z;|kgp^jdsJ?CWo={Hzi#s`Ms*9zfJSBGvSPLMLR8yBow5T~6mp;;ttABiWt zbK&@F3Q2P85fG^(JaD7v)KjOrG`I<;}UAtxyn{0(6`(f z;vWe8rb1qkdAp#*W5uoccKzB+@|{I(0&>dEO7-xbh~PuBn>khO$q zEG3zpg5`o3;!lxG9VxBPZOB|kMU3DJ^y9GWT0Q4&1KYHG>mASFEUhiP`b3pCB^)Nr z6^I*u$8?@p&7zG3hPLgn)P^ zePLRZ#j68dT#fEN`#@yFgUT~H9bVVO@7{XskXNoJbN!poGuSNzd*Im*%4ff#?s)~R zz)h;G$+>lUGnJZfc;;GWHy19eFQm0HNa*yP{u4Zr0I3W|B7WHGh z!S31TD||HJO%#HY^ry*5Av6VUkq(_Nd3z1y_}N0GiCb-0_13X&IFR2v$GU^YX&f@J zI(r&-kK%38yIv3fnfd*2kdEf(QMAJ&qUss zhlA>@kDIQDsj&lCo5fBzm)V+xgV8S}$;~{6pj7VXnY`BDWb+yxCrfz={MahDpo_H; zb{)%-+yfOEurhDftImmeT;)J5`j*WYRnkCkzg#KUHi`SM6_+>KY0N98k& zQyBp03CzYifpVM#|LLUBgX=mYto5fs)9h0rhU}Tjj#G2Iw;vDH*C~XOBpg<2=~y-W zusT0Dn4KeEbw1l_{Va%)p)oNi9v+M;fgnJS&i5r4j}D}Z3gk`BEIKxuJsM3dK8u{?qzBPKa1$tTN z(Q$(RL16*qKBo|lM-h`*x^9s1>I0_{)rhLbCwEwl+xI=$v-IJc!nXPS_J0CMVwcwI zMAqv@Y+Q7T|8VW4-!lv;GIvFYrg#3~3toO>I_#@eS-(EBSO_uSGz+F75m!{P>9Y{R zy+Hehp5wmnN^uM&lcnz@bGP-V{Hm4b9rBn`TXt4qhu#H`IhOya`YOGJ@+Y^@pem5K zQsP85rT|G@p&){FTsM9g?%H@6eRt|K4wHo^sr=LD11SfA2H4QSh9cqvRe!NFm>^?d zN6cB3w69;adt>!j+a&L)x%+^8*gbYPN>Cx#g1rSCX>Mr(^luESraP z#`YF&&rRqOWc`P6yzgg!STs1iKh(~LuPl?*iT&j4Q?dygeQU#|AENh+xAfGgShnj& z88y!^BX1uceqF29@+po&1zqmdd9Awi-cnWnYtrjF@&I)4+GDz=7pU-yV)m5*(HH8_ zTPY*7CfX8^YZ3#m>OhdE>2xSWKWBQGIAp0T8#DrXBr}f$vi^Qm>}}mhvXaYM-WD)a z?>B@oe6RyBb-THGS3_gm$8% zj4~_NPG$*6M~86<|KpL~Y>P)WLUjqDy_WzpSH5SH)zo;|^2PIFp~z2PeJX(C67OA4 z97y&;6*oQ(!d2GdQQkO`M4Gzjn-_9wr1hkeJeAL26ZK@(fl_iImFhe)GC zZNj7b!$P=lb^V9c)$P*EmK3}bvhr~BG4KN!l+@#Wh@?7sXv)LkvS=UUdk>ev_=h7$ z5ewga0GqPR3f@d;g1VkqHY(G9zMN8P$O=Ycbg?am_4@-2gkYFwPXp1E%d%Jl#k1c{ z_o0WYjHQkmTu14RJ*PiRB~5N=21F0ywvSBpeLX%yTUmPlePOB!+}HuFRAa=RFvmBF zcByaN6SSGoVDD}+u?}zKtesvk8A;s8vS@{@lzzF=`cENnSDZuY^T^2M^i=@2OAw~b zNjZcm1~DnYASlb!Ofzu5kATpYWlc^{NLN)?<*Vp4lj5&8pkZQgIv|>>l_l!F0IW|Gn5!;+E z&_js|a~7-V&9)U!s923o8wUxxgX4e=jT5tv0 zedTJ8MShU}qE4IS_IGj+oV@<^wunG|3uUXMA4H_(wR3tao~QeXqJYLtgu6bEx6}Xz zAp81tZ?wj~jVxF21tJ;8#12Nt0qYZZP56d^@a^G8U7TY?-tJ9&AwaX zyouB#l=4G-40y48$mxh}Lxf+eV69?ePYLe-ZqgjZj$i$XZ#FdM1f(g?)F1Tc)p|I9 zX37!McTZ6lYt$1l>e4JsO9p|JZoa4-d(InDwbj?vd3hC_pz;C_fMDx4xz$)D zyf^CTUS4(8mQfT+8Yis?!%pw({hln0R3^|E@3YPow`Oe%?J)*yCfouANTfAu$}=xi znt6yew|AmSUTfy@RslpPX>@d2l#dG1RW=ms(C+z$ z-}@XQpk^sJ4@nKbD0_-Ija$&&@Cs;hgkX}X&CMA9qIK9`Yde$}A>PM^S4aD)a^L@h z;_!Dc^aq>g$!DQbsX|;_&6F>|cuCDT(FU`ByPrYL4mja_7e z=eJR=mRlIN;ianx$<8Cg&qFQ}R2X>phOD~Qdbl}Lm&ORY82vkx`laq_hp0&hGY`q&Ijwz(rjUCl|`LOV}nX ztzIr?pT`bORRR?TqEMXCXK1~$7IE;nmRW-6jf6Xi%N7A1H8tb2etaJsc!jn~j-y}_ zw>|JcVtazYhxh{tKhhM6(6}+&M2kOq_Z&%%I!rSBDRgdqN#EIoa+>EIsV$+`PG$_ML5BcEjlZ_i#{we!P~{6LkV{%^8= z@XOjLo!y3WTR?2H0#Y#ycS%%DArSP+e=E47j^~Y4uAsxT<-4O<%*BpE!1OF6I6zT+ zXl#B2HID6qAxFkmxtih%emR1|U}BRG6=(AEAN_ihnCi}hi=DOrJv!`Yz=loYX|wq# z^ptP6Sza{O%&}#G-OgDax68ihWU6DXwmx&ADTp2H&SiK8se9ks+Vdy-KTwd2l0od~ zypat>Jm)BOFJiFBQ(mKu;--4*$u(v(M7Xz^KNJ(Kx%;dtbE1Ce5cE>$s?yK6!*jIp8J=RxI%uCj{7p=HN$m}>yKzE1#ZGjkFo-uwyELI&B71Rw9WQ8`2WQoHX2 z0~n&B>xq~pqCQiG^ByXX@ZH@)Dqyd$2 zp~491^qywJyf?WoqOAv(20mC7r88!9_D+z68zWKG+W1f~98j08kIb3lan}o#ElNM9 zW*Or;be~$#KDCs{J<%*-x9FW3jJ!4SE=m4mQYTVv%Tahu2u{aXEIj+dXO@6ra#bfv zr#48njaM)G)@aEomSd!&9-XSn($b&IgozJBWq*l0yZ(bi>Suff96NJHdw3Ds}tyTesgwtoqOZDx>AA; z)YL=+W;H+d)bha-grTB;0xDR`&wqWAm<$`m91PT2aO4~QYLr4^&uUrvH9%TDcl^`0 zOi{;iAAW@HU{4C`1oR=4OFS@*g0khv(%1nz&v$I``q2;B{L1D$lx`$NhSbE6zEJ7l_r^_nL4O%gIw(@v(@6IdJJ917=?^hmU{ zcIAYk@7**pnA_xWTQ42o^emZU0%g!*T|G^7?#VVgUbK%L%paBG`{yA2era3{W8?J_ zOpkWu-|LKna*nm{zWFq??V1XvGXxy1R_E!x#+P(oNa9V)(ZB_N8;PJMr>}>*qv$!K&{93dE5G`i#Yf;WZ^d=S8PK~GVuJ!pwp?0 zDC06w{4u+QD6PAjr0H?2o0$0vH#&?vJ%+l~#1xIxQgPS;W27GI$|J=Khd=wkA3^xw!*ZfhRDdZC(f zWZH0(-&&-jzJSm%t>I(7=;

## Unsupported CVEs diff --git a/src/libs/002_core_globals.sh b/src/libs/002_core_globals.sh index 96d8710..9eb257d 100644 --- a/src/libs/002_core_globals.sh +++ b/src/libs/002_core_globals.sh @@ -153,6 +153,12 @@ g_smc_cpu_info_line='' # CVE Registry: single source of truth for all CVE metadata. # Fields: cve_id|json_key_name|affected_var_suffix|complete_name_and_aliases +# +# Two ranges of placeholder IDs are reserved when no real CVE applies: +# CVE-0000-NNNN: permanent placeholder for supplementary checks (--extra only) +# that will never receive a real CVE (e.g. SLS, compile-time hardening). +# CVE-9999-NNNN: temporary placeholder for real vulnerabilities awaiting CVE +# assignment. Rename across the codebase once the real CVE is issued. readonly CVE_REGISTRY=' CVE-2017-5753|SPECTRE VARIANT 1|variant1|Spectre Variant 1, bounds check bypass CVE-2017-5715|SPECTRE VARIANT 2|variant2|Spectre Variant 2, branch target injection @@ -186,6 +192,7 @@ CVE-2025-40300|VMSCAPE|vmscape|VMScape, VM-exit stale branch prediction CVE-2023-28746|RFDS|rfds|Register File Data Sampling (RFDS) CVE-2024-45332|BPI|bpi|Branch Privilege Injection (BPI) CVE-0000-0001|SLS|sls|Straight-Line Speculation (SLS) +CVE-2025-54505|FPDSS|fpdss|FPDSS, AMD Zen1 Floating-Point Divider Stale Data Leak ' # Derive the supported CVE list from the registry diff --git a/src/libs/200_cpu_affected.sh b/src/libs/200_cpu_affected.sh index 10ca4eb..0439102 100644 --- a/src/libs/200_cpu_affected.sh +++ b/src/libs/200_cpu_affected.sh @@ -106,8 +106,9 @@ is_cpu_affected() { affected_srbds='' affected_mmio='' affected_sls='' - # DIV0, Zenbleed and Inception are all AMD specific, look for "is_amd" below: + # DIV0, FPDSS, Zenbleed and Inception are all AMD specific, look for "is_amd" below: _set_immune div0 + _set_immune fpdss _set_immune zenbleed _set_immune inception # TSA is AMD specific (Zen 3/4), look for "is_amd" below: @@ -605,13 +606,23 @@ is_cpu_affected() { fi _set_immune variantl1tf - # DIV0 (Zen1 only) + # DIV0 (Zen1/Zen+) # 77245f1c3c64 (v6.5, initial model list): family 0x17 models 0x00-0x2f, 0x50-0x5f - # bfff3c6692ce (v6.8): moved to init_amd_zen1(), unconditional for all Zen1 - # All Zen1 CPUs are family 0x17, models 0x00-0x2f and 0x50-0x5f + # bfff3c6692ce (v6.8): moved to init_amd_zen1(), unconditional for all ZEN1-flagged CPUs + # The kernel's X86_FEATURE_ZEN1 covers family 0x17 models 0x00-0x2f and 0x50-0x5f, + # which spans both Zen1 (Summit Ridge, Naples, Raven Ridge, Snowy Owl) and Zen+ + # (Pinnacle Ridge, Picasso, Dali, Colfax) products -- all using the same divider silicon. amd_legacy_erratum "$(amd_model_range 0x17 0x00 0x0 0x2f 0xf)" && _set_vuln div0 amd_legacy_erratum "$(amd_model_range 0x17 0x50 0x0 0x5f 0xf)" && _set_vuln div0 + # FPDSS: same Zen1/Zen+ cohort as DIV0 (both applied unconditionally in init_amd_zen1()). + # e55d98e77561 (v7.1): unconditional in init_amd_zen1(); CVE-2025-54505 / AMD-SB-7053. + # AMD-SB-7053 only enumerates a subset (EPYC 7001, EPYC Embedded 3000, Athlon/Ryzen 3000 + # with Radeon, Ryzen PRO 3000 with Radeon Vega), but the kernel mitigates the full + # ZEN1 cohort, so we flag all of it to match the kernel's behavior. + # shellcheck disable=SC2154 + [ "$affected_div0" = 0 ] && _set_vuln fpdss + # Zenbleed amd_legacy_erratum "$(amd_model_range 0x17 0x30 0x0 0x4f 0xf)" && _set_vuln zenbleed amd_legacy_erratum "$(amd_model_range 0x17 0x60 0x0 0x7f 0xf)" && _set_vuln zenbleed @@ -821,7 +832,7 @@ is_cpu_affected() { pr_debug "is_cpu_affected: final results: variant1=$affected_variant1 variant2=$affected_variant2 variant3=$affected_variant3 variant3a=$affected_variant3a" pr_debug "is_cpu_affected: final results: variant4=$affected_variant4 variantl1tf=$affected_variantl1tf msbds=$affected_msbds mfbds=$affected_mfbds" pr_debug "is_cpu_affected: final results: mlpds=$affected_mlpds mdsum=$affected_mdsum taa=$affected_taa itlbmh=$affected_itlbmh srbds=$affected_srbds" - pr_debug "is_cpu_affected: final results: div0=$affected_div0 zenbleed=$affected_zenbleed inception=$affected_inception retbleed=$affected_retbleed tsa=$affected_tsa downfall=$affected_downfall reptar=$affected_reptar rfds=$affected_rfds its=$affected_its" + pr_debug "is_cpu_affected: final results: div0=$affected_div0 fpdss=$affected_fpdss zenbleed=$affected_zenbleed inception=$affected_inception retbleed=$affected_retbleed tsa=$affected_tsa downfall=$affected_downfall reptar=$affected_reptar rfds=$affected_rfds its=$affected_its" pr_debug "is_cpu_affected: final results: vmscape=$affected_vmscape bpi=$affected_bpi sls=$affected_sls mmio=$affected_mmio" } affected_variantl1tf_sgx="$affected_variantl1tf" diff --git a/src/libs/230_util_optparse.sh b/src/libs/230_util_optparse.sh index b327209..dda0f8b 100644 --- a/src/libs/230_util_optparse.sh +++ b/src/libs/230_util_optparse.sh @@ -170,7 +170,7 @@ while [ -n "${1:-}" ]; do case "$2" in help) echo "The following parameters are supported for --variant (can be used multiple times):" - echo "1, 2, 3, 3a, 4, msbds, mfbds, mlpds, mdsum, l1tf, taa, mcepsc, srbds, mmio, sbdr, sbds, drpw, div0, zenbleed, downfall, retbleed, inception, reptar, rfds, tsa, tsa-sq, tsa-l1, its, vmscape, bpi, sls" + echo "1, 2, 3, 3a, 4, msbds, mfbds, mlpds, mdsum, l1tf, taa, mcepsc, srbds, mmio, sbdr, sbds, drpw, div0, fpdss, zenbleed, downfall, retbleed, inception, reptar, rfds, tsa, tsa-sq, tsa-l1, its, vmscape, bpi, sls" exit 0 ;; 1) @@ -245,6 +245,10 @@ while [ -n "${1:-}" ]; do opt_cve_list="$opt_cve_list CVE-2023-20588" opt_cve_all=0 ;; + fpdss) + opt_cve_list="$opt_cve_list CVE-2025-54505" + opt_cve_all=0 + ;; zenbleed) opt_cve_list="$opt_cve_list CVE-2023-20593" opt_cve_all=0 diff --git a/src/vulns/CVE-2025-54505.sh b/src/vulns/CVE-2025-54505.sh new file mode 100644 index 0000000..f7b29d1 --- /dev/null +++ b/src/vulns/CVE-2025-54505.sh @@ -0,0 +1,151 @@ +# vim: set ts=4 sw=4 sts=4 et: +############################### +# CVE-2025-54505, FPDSS, AMD Zen1 Floating-Point Divider Stale Data Leak + +check_CVE_2025_54505() { + check_cve 'CVE-2025-54505' +} + +# Print remediation advice for FPDSS when reporting VULN +# Callers: check_CVE_2025_54505_linux +_cve_2025_54505_explain_fix() { + explain "Update your kernel to one that carries commit e55d98e77561 (\"x86/CPU: Fix FPDSS on Zen1\", mainline Linux 7.1),\n " \ + "or the equivalent backport from your distribution. The kernel sets bit 9 of MSR 0xc0011028 unconditionally on\n " \ + "every Zen1 CPU at boot, which disables the hardware optimization responsible for the leak.\n " \ + "To manually mitigate the issue right now, you may use the following command:\n " \ + "\`wrmsr -a 0xc0011028 \$((\$(rdmsr -c 0xc0011028) | (1<<9)))\`,\n " \ + "however note that this manual mitigation will only be active until the next reboot.\n " \ + "No microcode update is required: the chicken bit is present on every Zen1 CPU." +} + +check_CVE_2025_54505_linux() { + local status sys_interface_available msg kernel_mitigated dmesg_fpdss msr_fpdss ret + status=UNK + sys_interface_available=0 + msg='' + # No sysfs interface exists for this vulnerability (no /sys/devices/system/cpu/vulnerabilities/fpdss). + # sys_interface_available stays 0. + # + # Kernel source inventory for FPDSS, traced via git blame: + # + # --- sysfs messages --- + # none: this vulnerability has no sysfs entry + # + # --- Kconfig symbols --- + # none: the mitigation is unconditional, not configurable (no CONFIG_* knob) + # + # --- kernel functions (for $opt_map / System.map) --- + # none: the fix is two inline lines in init_amd_zen1(), no dedicated function + # + # --- dmesg --- + # e55d98e77561 (v7.1, initial fix): "AMD Zen1 FPDSS bug detected, enabling mitigation." + # (printed via pr_notice_once on every Zen1 CPU) + # + # --- /proc/cpuinfo bugs field --- + # none: no X86_BUG_FPDSS flag defined; no cpuinfo exposure + # + # --- MSR --- + # e55d98e77561 (v7.1): MSR_AMD64_FP_CFG = 0xc0011028, bit 9 = ZEN1_DENORM_FIX_BIT + # kernel calls msr_set_bit() unconditionally on any Zen1 CPU in init_amd_zen1(). + # The bit is present in Zen1 silicon independently of microcode (no microcode + # revision gate in the kernel, unlike Zenbleed which uses amd_zenbleed_microcode[]). + # + # --- CPU affection logic (for is_cpu_affected) --- + # e55d98e77561 (v7.1): applied unconditionally in init_amd_zen1(), i.e. all Zen1 + # AMD: family 0x17 models 0x00-0x2f, 0x50-0x5f (same cohort as DIV0) + # vendor scope: AMD only (Zen1 microarchitecture) + # + # --- stable backports --- + # as of this writing, no stable/LTS backport has landed; only mainline (Linux 7.1). + + if [ "$opt_sysfs_only" != 1 ]; then + pr_info_nol "* Kernel supports FPDSS mitigation: " + kernel_mitigated='' + if [ -n "$g_kernel_err" ]; then + pstatus yellow UNKNOWN "$g_kernel_err" + elif is_x86_kernel && grep -q 'AMD Zen1 FPDSS bug detected' "$g_kernel"; then + kernel_mitigated="found FPDSS mitigation message in kernel image" + pstatus green YES "$kernel_mitigated" + else + pstatus yellow NO + fi + + pr_info_nol "* FPDSS mitigation enabled and active: " + msr_fpdss='' + dmesg_fpdss='' + if [ "$g_mode" = live ] && is_x86_cpu && is_cpu_affected "$cve"; then + # guard with is_cpu_affected to avoid #GP on non-Zen1 CPUs where 0xc0011028 is undefined + read_msr 0xc0011028 + ret=$? + if [ "$ret" = "$READ_MSR_RET_OK" ]; then + if [ $((ret_read_msr_value_lo >> 9 & 1)) -eq 1 ]; then + msr_fpdss=1 + pstatus green YES "ZEN1_DENORM_FIX_BIT set in FP_CFG MSR" + else + msr_fpdss=0 + pstatus yellow NO "ZEN1_DENORM_FIX_BIT is cleared in FP_CFG MSR" + fi + else + # MSR unreadable (lockdown, no msr module, etc.): fall back to dmesg + dmesg_grep 'AMD Zen1 FPDSS bug detected' + ret=$? + if [ "$ret" -eq 0 ]; then + dmesg_fpdss=1 + pstatus green YES "FPDSS mitigation message found in dmesg" + elif [ "$ret" -eq 2 ]; then + pstatus yellow UNKNOWN "couldn't read MSR and dmesg is truncated" + else + pstatus yellow UNKNOWN "couldn't read MSR and no FPDSS message in dmesg" + fi + fi + elif [ "$g_mode" = live ]; then + pstatus blue N/A "CPU is incompatible" + else + pstatus blue N/A "not testable in no-runtime mode" + fi + elif [ "$sys_interface_available" = 0 ]; then + msg="/sys vulnerability interface use forced, but it's not available!" + status=UNK + fi + + if ! is_cpu_affected "$cve"; then + pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" + elif [ -z "$msg" ]; then + if [ "$opt_sysfs_only" != 1 ]; then + if [ "$g_mode" = live ]; then + if [ "$msr_fpdss" = 1 ] || [ "$dmesg_fpdss" = 1 ]; then + pvulnstatus "$cve" OK "ZEN1_DENORM_FIX_BIT is set in FP_CFG MSR, mitigation is active" + elif [ "$msr_fpdss" = 0 ]; then + pvulnstatus "$cve" VULN "ZEN1_DENORM_FIX_BIT is cleared in FP_CFG MSR, FPDSS can leak data between threads" + _cve_2025_54505_explain_fix + elif [ -n "$kernel_mitigated" ]; then + # MSR unreadable at runtime, but kernel image carries the mitigation code + # and init_amd_zen1() sets the bit unconditionally, so mitigation is active + pvulnstatus "$cve" OK "kernel image carries FPDSS mitigation code (init_amd_zen1 sets the MSR bit unconditionally at boot)" + else + pvulnstatus "$cve" VULN "your kernel doesn't support FPDSS mitigation" + _cve_2025_54505_explain_fix + fi + else + if [ -n "$kernel_mitigated" ]; then + pvulnstatus "$cve" OK "Mitigation: FPDSS message found in kernel image" + else + pvulnstatus "$cve" VULN "your kernel doesn't support FPDSS mitigation" + _cve_2025_54505_explain_fix + fi + fi + else + pvulnstatus "$cve" "$status" "no sysfs interface available for this CVE, use --no-sysfs to check" + fi + else + pvulnstatus "$cve" "$status" "$msg" + fi +} + +check_CVE_2025_54505_bsd() { + if ! is_cpu_affected "$cve"; then + pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected" + else + pvulnstatus "$cve" UNK "your CPU is affected, but mitigation detection has not yet been implemented for BSD in this script" + fi +} From 6732eb141b4d943c18dabc97c5b75ca63011b17c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Sun, 19 Apr 2026 12:49:17 +0200 Subject: [PATCH 55/57] doc: CVE-2018-3665 (Lazy FP State Restore (LazyFP)), unsupported --- dist/doc/UNSUPPORTED_CVE_LIST.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/dist/doc/UNSUPPORTED_CVE_LIST.md b/dist/doc/UNSUPPORTED_CVE_LIST.md index 03c9d60..1c25a72 100644 --- a/dist/doc/UNSUPPORTED_CVE_LIST.md +++ b/dist/doc/UNSUPPORTED_CVE_LIST.md @@ -124,6 +124,17 @@ A branch predictor initialization issue specific to Intel's Lion Cove microarchi These CVEs are real vulnerabilities, but no kernel or microcode fix has been issued, the mitigation is delegated to individual software, or the fix is not detectable by this tool. +## CVE-2018-3665 β€” Lazy FP State Restore (LazyFP) + +- **Advisory:** [INTEL-SA-00145](https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/lazy-fp-state-restore.html) +- **Research paper:** [LazyFP: Leaking FPU Register State using Microarchitectural Side-Channels (Stecklina & Prescher, 2018)](https://arxiv.org/abs/1806.07480) +- **Affected CPUs:** Intel Core family (Sandy Bridge through Kaby Lake) when lazy FPU switching is in use +- **CVSS:** 4.3 (Medium) + +Intel CPUs using lazy FPU state switching may speculatively expose another process's FPU/SSE/AVX register contents (including AES round keys and other cryptographic material) across context switches. The `#NM` (device-not-available) exception normally used to trigger lazy restore is delivered late enough that dependent instructions can transiently execute against the stale FPU state before the fault squashes them. + +**Why out of scope:** The Linux mitigation is to use eager FPU save/restore, which was already the default on Intel CPUs with XSAVEOPT well before disclosure, and was then hard-enforced upstream by the removal of all lazy FPU code in Linux 4.14 (Andy Lutomirski's "x86/fpu: Hard-disable lazy FPU mode" cleanup). There is no `/sys/devices/system/cpu/vulnerabilities/` entry, no CPUID flag, no MSR, and no kernel config option that reflects this mitigation β€” detection on a running kernel would require hardcoding kernel version ranges, which is against this tool's design principles (same rationale as CVE-2019-15902). In practice, any supported kernel today is eager-FPU-only, and CPUs advertising XSAVEOPT/XSAVES cannot enter the vulnerable lazy-switching mode regardless of kernel configuration. + ## CVE-2018-9056 β€” BranchScope - **Issue:** [#169](https://github.com/speed47/spectre-meltdown-checker/issues/169) From 1bb33d5cf2230a4ee112aad98f317a9365edd744 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 20 Apr 2026 12:53:36 +0200 Subject: [PATCH 56/57] chore: remove from test branch workflows that must live on master --- .github/workflows/autoupdate.yml | 36 ---- .github/workflows/daily_vuln_scan_prompt.md | 199 -------------------- .github/workflows/stale.yml | 33 ---- .github/workflows/vuln-scan.yml | 129 ------------- 4 files changed, 397 deletions(-) delete mode 100644 .github/workflows/autoupdate.yml delete mode 100644 .github/workflows/daily_vuln_scan_prompt.md delete mode 100644 .github/workflows/stale.yml delete mode 100644 .github/workflows/vuln-scan.yml diff --git a/.github/workflows/autoupdate.yml b/.github/workflows/autoupdate.yml deleted file mode 100644 index 290f01e..0000000 --- a/.github/workflows/autoupdate.yml +++ /dev/null @@ -1,36 +0,0 @@ -name: autoupdate - -on: - workflow_dispatch: - schedule: - - cron: '42 9 * * *' - -permissions: - pull-requests: write - -jobs: - autoupdate: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Install prerequisites - run: sudo apt-get update && sudo apt-get install -y --no-install-recommends iucode-tool sqlite3 unzip - - name: Update microcode versions - run: ./spectre-meltdown-checker.sh --update-builtin-fwdb - - name: Check git diff - id: diff - run: | - echo change="$(git diff spectre-meltdown-checker.sh | awk '/MCEDB/ { if(V) { print V" to "$4; exit } else { V=$4 } }')" >> "$GITHUB_OUTPUT" - echo nbdiff="$(git diff spectre-meltdown-checker.sh | grep -cE -- '^\+# [AI],')" >> "$GITHUB_OUTPUT" - git diff - cat "$GITHUB_OUTPUT" - - name: Create Pull Request if needed - if: steps.diff.outputs.nbdiff != '0' - uses: peter-evans/create-pull-request@v7 - with: - branch: autoupdate-fwdb - commit-message: "update: fwdb from ${{ steps.diff.outputs.change }}, ${{ steps.diff.outputs.nbdiff }} microcode changes" - title: "[Auto] Update fwdb from ${{ steps.diff.outputs.change }}" - body: | - Automated PR to update fwdb from ${{ steps.diff.outputs.change }} - Detected ${{ steps.diff.outputs.nbdiff }} microcode changes diff --git a/.github/workflows/daily_vuln_scan_prompt.md b/.github/workflows/daily_vuln_scan_prompt.md deleted file mode 100644 index 7c4eeda..0000000 --- a/.github/workflows/daily_vuln_scan_prompt.md +++ /dev/null @@ -1,199 +0,0 @@ -# Daily transient-execution vulnerability scan - -You are a scheduled agent running inside a GitHub Actions job. Your job -is to audit public news/advisory sources for **transient-execution and -CPU side-channel vulnerabilities** that may need to be added to -**spectre-meltdown-checker** (this repository). - -## What counts as "relevant" - -spectre-meltdown-checker detects, reports, and suggests mitigations for -CPU vulnerabilities such as: Spectre v1/v2/v4, Meltdown, Foreshadow/L1TF, -MDS (ZombieLoad/RIDL/Fallout), TAA, SRBDS, iTLB Multihit, Zenbleed, -Downfall (GDS), Retbleed, Inception, SRSO, BHI, RFDS, Reptar, FP-DSS, -and any similar microarchitectural side-channel or speculative-execution -issue on x86 (Intel/AMD) or ARM CPUs. It also surfaces related hardware -mitigation features (SMAP/SMEP/UMIP/IBPB/eIBRS/STIBP…) when they gate -the remediation for a tracked CVE. - -It does **not** track generic software CVEs, GPU driver bugs, networking -stacks, filesystem bugs, userspace crypto issues, or unrelated kernel -subsystems. - -## Inputs handed to you by the workflow - -- Working directory: the repo root (`/github/workspace` in Actions, or - wherever `actions/checkout` placed it). You may `grep` the repo to - check whether a CVE or codename is already covered. -- `state/seen.json` β€” memory carried over from the previous run, with - shape: - - ```json - { - "last_run": "2026-04-17T08:00:12Z", - "seen": { - "": { "bucket": "unrelated", "seen_at": "2026-04-17T08:00:12Z", "source": "phoronix" }, - "": { "bucket": "tocheck", "seen_at": "2026-04-17T08:00:12Z", "source": "oss-sec", "cve": "CVE-2026-1234" } - } - } - ``` - - On the very first run, or when the prior artifact has expired, - the file exists but `seen` is empty and `last_run` is `null`. - -- Environment: `SCAN_DATE` (ISO-8601 timestamp of the run start, set by - the workflow). Treat this as "now" for all time-window decisions. - -## Time window - -This is a belt-and-suspenders design β€” use **both** mechanisms: - -1. **Primary: stable-id dedup.** If an item's stable identifier (see - below) is already present in `state.seen`, skip it entirely β€” it - was classified on a previous day. -2. **Secondary: 25-hour window.** Among *new* items, prefer those whose - publication/update timestamp is within the last 25 h relative to - `SCAN_DATE`. This bounds work when the prior artifact expired - (90-day retention) or when `last_run` is stale (missed runs). - If `last_run` is older than 25 h, widen the window to - `now - last_run + 1h` so no items are lost across missed runs. -3. Items without a parseable timestamp: include them (fail-safe). - -## Sources to poll - -Fetch each URL with -`curl -sS -A "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36" -L --max-time 20`. -On non-2xx or timeout, record the failure in the run summary and -continue β€” do not abort. - -### RSS / Atom feeds (primary β€” parse feed timestamps) - -| Short name | URL | -|-----------------|-----| -| phoronix | https://www.phoronix.com/rss.php | -| oss-sec | https://seclists.org/rss/oss-sec.rss | -| lwn | https://lwn.net/headlines/newrss | -| project-zero | https://googleprojectzero.blogspot.com/feeds/posts/default | -| vusec | https://www.vusec.net/feed/ | -| comsec-eth | https://comsec.ethz.ch/category/news/feed/ | -| msrc | https://msrc.microsoft.com/update-guide/rss | -| cisa | https://www.cisa.gov/cybersecurity-advisories/all.xml | -| cert-cc | https://www.kb.cert.org/vuls/atomfeed/ | - -### HTML pages (no RSS β€” fetch, extract dated entries) - -| Short name | URL | -|-----------------|-----| -| intel-psirt | https://www.intel.com/content/www/us/en/security-center/default.html | -| amd-psirt | https://www.amd.com/en/resources/product-security.html | -| arm-spec | https://developer.arm.com/Arm%20Security%20Center/Speculative%20Processor%20Vulnerability | -| transient-fail | https://transient.fail/ | - -For HTML pages: look for advisory tables or listings with dates. Extract -the advisory title, permalink, and date. If a page has no dates at all, -compare its content against `state.seen` β€” any new advisory IDs not yet -classified count as "new this run". - -## Stable identifier per source - -Use the first available of these, in order, as the dedup key: - -1. Vendor advisory ID (`INTEL-SA-01234`, `AMD-SB-7001`, `ARM-2024-0042`, - `VU#123456`, `CVE-YYYY-NNNNN`) -2. RSS `` / Atom `` -3. Permalink URL (``) - -Always also record the permalink URL in the output file so a human can -click through. - -## Classification rules - -For each **new** item (not in `state.seen`) that passes the time window, -pick exactly one bucket: - -- **toimplement** β€” a clearly-identified new transient-execution / CPU - side-channel vulnerability in scope, **and not already covered by - this repo**. Verify the second half by grepping the repo for the CVE - ID *and* the codename before classifying; if either matches existing - code, demote to `tocheck`. -- **tocheck** β€” plausibly in-scope but ambiguous: mitigation-only - feature (LASS, IBT, APIC-virt, etc.); item seemingly already - implemented but worth confirming scope; unclear applicability - (e.g. embedded-only ARM SKU); CVE-ID pending; contradictory info - across sources. State clearly what would resolve the ambiguity. -- **unrelated** β€” everything else. - -Tie-breakers: prefer `tocheck` over `unrelated` when uncertain. Prefer -`tocheck` over `toimplement` when the CVE ID is still "reserved" / -"pending" β€” false positives in `toimplement` waste human time more than -false positives in `tocheck`. - -## Outputs - -Compute `TODAY=$(date -u -d "$SCAN_DATE" +%F)`. Write these files under -the repo root, overwriting if they already exist (they shouldn't unless -the workflow re-ran the same day): - -- `rss_${TODAY}_toimplement.md` -- `rss_${TODAY}_tocheck.md` -- `rss_${TODAY}_unrelated.md` - -Each file uses level-2 headers per source short-name, then one bullet -per item: the stable ID (if any), the permalink URL, and 1–2 sentences. -Keep entries terse β€” a human skims these daily. - -```markdown -## oss-sec -- **CVE-2026-1234** β€” https://www.openwall.com/lists/oss-security/2026/04/18/3 - New Intel transient-execution bug "Foo" disclosed today; affects - Redwood Cove cores, microcode fix pending. Not yet covered by this - repo (grepped for CVE-2026-1234 and "Foo" β€” no matches). - -## phoronix -- https://www.phoronix.com/news/Some-Article - Linux 7.2 drops a compiler-target flag; unrelated to CPU side channels. -``` - -If a bucket has no items, write the file with a single line -`(no new items in this window)` so it is obvious the job ran. - -### Run summary - -Append this block to the **tocheck** file (creating it if empty): - -```markdown -## Run summary -- SCAN_DATE: -- window cutoff: -- prior state size: entries, last_run= -- per-source new item counts: phoronix=, oss-sec=, lwn=, ... -- fetch failures: -- total classified this run: toimplement=, tocheck=, unrelated= -``` - -### State update - -Rewrite `state/seen.json` with: - -- `last_run` = `SCAN_DATE` -- `seen` = union of (pruned prior `seen`) βˆͺ (all items classified this - run, keyed by stable ID, with `{bucket, seen_at=SCAN_DATE, source, cve?}`) - -Pruning (keep state bounded): drop any entry whose `seen_at` is older -than 30 days before `SCAN_DATE`. The workflow step also does this as -a safety net, but do it here too so the in-memory view is consistent. - -## Guardrails - -- Do NOT modify any repo source code. Only write the three markdown - output files and `state/seen.json`. -- Do NOT create commits, branches, or PRs. -- Do NOT call any tool that posts externally (Slack, GitHub comments, - issues, email, etc.). -- Do NOT follow links off-site for deeper investigation unless strictly - needed to resolve a `tocheck` ambiguity β€” budget of at most 5 such - follow-ups per run. -- If a source returns unexpectedly large content, truncate to the first - ~200 items before parsing. -- If total runtime exceeds 15 minutes, finish whatever you can, - write partial outputs, and note it in the run summary. diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml deleted file mode 100644 index 8444230..0000000 --- a/.github/workflows/stale.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: 'Manage stale issues and PRs' - -on: - schedule: - - cron: '37 7 * * *' - workflow_dispatch: - inputs: - action: - description: "dry-run" - required: true - default: "dryrun" - type: choice - options: - - dryrun - - apply - -permissions: - issues: write - pull-requests: write - -jobs: - stale: - runs-on: ubuntu-latest - steps: - - uses: actions/stale@v10 - with: - any-of-labels: 'needs-more-info,answered' - labels-to-remove-when-unstale: 'needs-more-info,answered' - days-before-stale: 30 - days-before-close: 7 - stale-issue-label: stale - remove-stale-when-updated: true - debug-only: ${{ case(inputs.action == 'dryrun', true, false) }} diff --git a/.github/workflows/vuln-scan.yml b/.github/workflows/vuln-scan.yml deleted file mode 100644 index 62ca910..0000000 --- a/.github/workflows/vuln-scan.yml +++ /dev/null @@ -1,129 +0,0 @@ -name: Online search for vulns - -on: - schedule: - - cron: '42 8 * * *' - workflow_dispatch: {} # allow manual trigger - -permissions: - contents: read - actions: read # needed to list/download previous run artifacts - id-token: write # needed to mint OIDC token - -concurrency: - group: vuln-scan - cancel-in-progress: true - -jobs: - scan: - runs-on: ubuntu-latest - timeout-minutes: 20 - - steps: - - name: Checkout repository (for grep-based dedup against existing checks) - uses: actions/checkout@v5 - with: - fetch-depth: 1 - persist-credentials: false - - # ---- Load previous state --------------------------------------------- - # Find the most recent successful run of THIS workflow (other than the - # current one) and pull its `vuln-scan-state` artifact. On the very - # first run there will be none β€” that's fine, we start empty. - - name: Find previous successful run id - id: prev - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - set -e - run_id=$(gh run list \ - --workflow="${{ github.workflow }}" \ - --status=success \ - --limit 1 \ - --json databaseId \ - --jq '.[0].databaseId // empty') - echo "run_id=${run_id}" >> "$GITHUB_OUTPUT" - if [ -n "$run_id" ]; then - echo "Found previous successful run: $run_id" - else - echo "No previous successful run β€” starting from empty state." - fi - - - name: Download previous state artifact - if: steps.prev.outputs.run_id != '' - uses: actions/download-artifact@v4 - continue-on-error: true # tolerate retention expiry - with: - name: vuln-scan-state - path: state/ - run-id: ${{ steps.prev.outputs.run_id }} - github-token: ${{ secrets.GITHUB_TOKEN }} - - - name: Ensure state file exists - run: | - mkdir -p state - if [ ! -f state/seen.json ]; then - echo '{"last_run": null, "seen": {}}' > state/seen.json - echo "Initialized empty state." - fi - echo "State size: $(wc -c < state/seen.json) bytes" - - # ---- Run the scan ---------------------------------------------------- - # Runs Claude Code against daily_vuln_scan_prompt.md. - # That prompt file fully specifies: sources to poll, how to read - # state/seen.json, the 25-hour window, the output files to write, - # and how to rewrite state/seen.json at the end of the run. - - name: Research for online mentions of new vulns - id: scan - uses: anthropics/claude-code-action@v1 - env: - SCAN_DATE: ${{ github.run_started_at }} - with: - claude_args: | - --model claude-opus-4-7 --allowedTools "Read,Write,Edit,Bash,Grep,Glob,WebFetch" - prompt: | - Read the full task instructions from .github/workflows/daily_vuln_scan_prompt.md and execute them end-to-end. That file fully specifies: sources to poll, how to read and update state/seen.json, the 25-hour window, which rss_YYYY-MM-DD_*.md files to write, and the run guardrails. Use $SCAN_DATE (env var) as "now" for time-window decisions. - claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} - - - name: Upload Claude execution log - if: ${{ always() && steps.scan.outputs.execution_file != '' }} - uses: actions/upload-artifact@v4 - with: - name: claude-execution-log-${{ github.run_id }} - path: ${{ steps.scan.outputs.execution_file }} - retention-days: 30 - if-no-files-found: warn - - # ---- Persist outputs ------------------------------------------------- - - name: Prune state (keep only entries from the last 30 days) - run: | - python3 - <<'PY' - import json, datetime, pathlib - p = pathlib.Path("state/seen.json") - data = json.loads(p.read_text()) - cutoff = (datetime.datetime.utcnow() - datetime.timedelta(days=30)).isoformat() - before = len(data.get("seen", {})) - data["seen"] = { - k: v for k, v in data.get("seen", {}).items() - if v.get("seen_at", "9999") >= cutoff - } - after = len(data["seen"]) - p.write_text(json.dumps(data, indent=2, sort_keys=True)) - print(f"Pruned state: {before} -> {after} entries") - PY - - - name: Upload new state artifact - uses: actions/upload-artifact@v4 - with: - name: vuln-scan-state - path: state/seen.json - retention-days: 90 - if-no-files-found: error - - - name: Upload daily report - uses: actions/upload-artifact@v4 - with: - name: vuln-scan-report-${{ github.run_id }} - path: rss_*.md - retention-days: 90 - if-no-files-found: warn From e2d110a3b56d416498f219e9d1eb279e15f4dac2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Mon, 20 Apr 2026 12:47:43 +0200 Subject: [PATCH 57/57] doc: update output formats doc + normalize json to bool --- dist/doc/batch_json.md | 8 +++-- dist/doc/batch_json.schema.json | 14 ++++---- dist/doc/batch_nrpe.md | 9 +++-- dist/doc/batch_prometheus.md | 62 ++++++++++++++++++++++++--------- src/libs/250_output_emitters.sh | 25 +++++++++---- 5 files changed, 83 insertions(+), 35 deletions(-) diff --git a/dist/doc/batch_json.md b/dist/doc/batch_json.md index f6224a4..a76cceb 100644 --- a/dist/doc/batch_json.md +++ b/dist/doc/batch_json.md @@ -102,7 +102,9 @@ boundaries by a malicious guest. Prioritise remediation where ### `cpu` -CPU hardware identification. `null` when `--no-hw` is active. +CPU hardware identification. `null` when `--no-hw` is active, or when +`--arch-prefix` is set (host CPU info is then suppressed to avoid mixing +with a different-arch target kernel). The object uses `arch` as a discriminator: `"x86"` for Intel/AMD/Hygon CPUs, `"arm"` for ARM/Cavium/Phytium. Arch-specific fields live under a matching @@ -140,7 +142,7 @@ fields from the other architecture. #### `cpu.x86.capabilities` -Each capability is a **tri-state**: `true` (present), `false` (absent), or +Every capability is a **tri-state**: `true` (present), `false` (absent), or `null` (not applicable or could not be read, e.g. when not root or on AMD for Intel-specific features). @@ -238,7 +240,7 @@ with an unknown CVE ID). | `status` | string | `"OK"` / `"VULN"` / `"UNK"` | Check outcome (see below) | | `vulnerable` | boolean \| null | `false` / `true` / `null` | `false`=OK, `true`=VULN, `null`=UNK | | `info` | string | | Human-readable description of the specific mitigation state or reason | -| `sysfs_status` | string \| null | `"OK"` / `"VULN"` / `"UNK"` / null | Status as reported by the kernel via `/sys/devices/system/cpu/vulnerabilities/`; null if sysfs was not consulted for this CVE | +| `sysfs_status` | string \| null | `"OK"` / `"VULN"` / `"UNK"` / null | Status as reported by the kernel via `/sys/devices/system/cpu/vulnerabilities/`; null if sysfs was not consulted for this CVE, or if the CVE's check read sysfs in silent/quiet mode (raw message is still captured in `sysfs_message`) | | `sysfs_message` | string \| null | | Raw text from the sysfs file (e.g. `"Mitigation: PTI"`); null if sysfs was not consulted | #### Status values diff --git a/dist/doc/batch_json.schema.json b/dist/doc/batch_json.schema.json index 75e4f71..eee0c66 100644 --- a/dist/doc/batch_json.schema.json +++ b/dist/doc/batch_json.schema.json @@ -127,7 +127,7 @@ }, "cpu": { - "description": "CPU hardware identification. Null when --no-hw is active. Contains an 'arch' discriminator ('x86' or 'arm') and a matching arch-specific sub-object with identification fields and capabilities.", + "description": "CPU hardware identification. Null when --no-hw is active or when --arch-prefix is set (host CPU info is then suppressed to avoid mixing with a different-arch target kernel). Contains an 'arch' discriminator ('x86' or 'arm') and a matching arch-specific sub-object with identification fields and capabilities.", "oneOf": [ { "type": "null" }, { @@ -180,16 +180,16 @@ "type": ["string", "null"] }, "capabilities": { - "description": "CPU feature flags detected via CPUID and MSR reads. Each value is true (present), false (absent), or null (not applicable or could not be read).", + "description": "CPU feature flags detected via CPUID and MSR reads. Every value is tri-state: true=present, false=absent, null=not applicable or unreadable.", "type": "object", "additionalProperties": false, "properties": { "spec_ctrl": { "type": ["boolean", "null"], "description": "SPEC_CTRL MSR present (Intel; enables IBRS + IBPB via WRMSR)" }, - "ibrs": { "type": ["boolean", "null"], "description": "Indirect Branch Restricted Speculation" }, - "ibpb": { "type": ["boolean", "null"], "description": "Indirect Branch Prediction Barrier" }, + "ibrs": { "type": ["boolean", "null"], "description": "IBRS supported (via SPEC_CTRL, IBRS_SUPPORT, or cpuinfo fallback)" }, + "ibpb": { "type": ["boolean", "null"], "description": "IBPB supported (via SPEC_CTRL, IBPB_SUPPORT, or cpuinfo fallback)" }, "ibpb_ret": { "type": ["boolean", "null"], "description": "IBPB on return (enhanced form)" }, - "stibp": { "type": ["boolean", "null"], "description": "Single Thread Indirect Branch Predictors" }, - "ssbd": { "type": ["boolean", "null"], "description": "Speculative Store Bypass Disable" }, + "stibp": { "type": ["boolean", "null"], "description": "STIBP supported (Intel/AMD/HYGON or cpuinfo fallback)" }, + "ssbd": { "type": ["boolean", "null"], "description": "SSBD supported (SPEC_CTRL, VIRT_SPEC_CTRL, non-architectural MSR, or cpuinfo fallback)" }, "l1d_flush": { "type": ["boolean", "null"], "description": "L1D cache flush instruction" }, "md_clear": { "type": ["boolean", "null"], "description": "VERW clears CPU buffers (MDS mitigation)" }, "arch_capabilities": { "type": ["boolean", "null"], "description": "IA32_ARCH_CAPABILITIES MSR is present" }, @@ -231,7 +231,7 @@ "tsa_l1_no": { "type": ["boolean", "null"], "description": "Not susceptible to TSA-L1" }, "verw_clear": { "type": ["boolean", "null"], "description": "VERW clears CPU buffers" }, "autoibrs": { "type": ["boolean", "null"], "description": "AMD AutoIBRS (equivalent to enhanced IBRS on Intel)" }, - "sbpb": { "type": ["boolean", "null"], "description": "Selective Branch Predictor Barrier (AMD Inception mitigation)" }, + "sbpb": { "type": ["boolean", "null"], "description": "Selective Branch Predictor Barrier (AMD Inception mitigation): true if PRED_CMD MSR SBPB bit write succeeded; false if write failed; null if not verifiable (non-root, CPUID error, or CPU does not report SBPB support)" }, "avx2": { "type": ["boolean", "null"], "description": "AVX2 supported (relevant to Downfall / GDS)" }, "avx512": { "type": ["boolean", "null"], "description": "AVX-512 supported (relevant to Downfall / GDS)" } } diff --git a/dist/doc/batch_nrpe.md b/dist/doc/batch_nrpe.md index 5a669a2..bbc3da7 100644 --- a/dist/doc/batch_nrpe.md +++ b/dist/doc/batch_nrpe.md @@ -51,6 +51,7 @@ STATUS: summary | perfdata | VULN + UNK | `N/T CVE(s) vulnerable: CVE-A CVE-B ..., M inconclusive` | | UNK only | `N/T CVE checks inconclusive` | | Non-root + VULN | `N/T CVE(s) appear vulnerable (unconfirmed, not root): CVE-A ...` | +| Non-root + VULN + UNK | `N/T CVE(s) appear vulnerable (unconfirmed, not root): CVE-A ..., M inconclusive` | ### Lines 2+ (long output) @@ -59,15 +60,19 @@ Never parsed by the monitoring core; safe to add or reorder. #### Context notes -Printed before per-CVE details when applicable: +Printed before per-CVE details when applicable. Notes are emitted in this +order when more than one applies: | Note | Condition | |---|---| | `NOTE: paranoid mode active, stricter mitigation requirements applied` | `--paranoid` was used | -| `NOTE: hypervisor host detected (reason); L1TF/MDS severity is elevated` | System is a VM host (KVM, Xen, VMware…) | +| `NOTE: hypervisor host detected (reason); L1TF/MDS severity is elevated` | System is detected as a VM host (KVM, Xen, VMware…) | | `NOTE: not a hypervisor host` | System is confirmed not a VM host | | `NOTE: not running as root; MSR reads skipped, results may be incomplete` | Script ran without root privileges | +When VMM detection did not run (e.g. `--no-hw`), neither the +`hypervisor host detected` nor the `not a hypervisor host` note is printed. + #### Per-CVE detail lines One line per non-OK CVE. VULN entries (`[CRITICAL]`) appear before UNK diff --git a/dist/doc/batch_prometheus.md b/dist/doc/batch_prometheus.md index cd13c5a..75b7d27 100644 --- a/dist/doc/batch_prometheus.md +++ b/dist/doc/batch_prometheus.md @@ -90,13 +90,16 @@ smc_build_info{version="25.30.0250400123",mode="live",run_as_root="true",paranoi Operating system and kernel metadata. Always value `1`. -Absent in offline mode when neither `uname -r` nor `uname -m` is available. +Absent entirely when none of `kernel_release`, `kernel_arch`, or +`hypervisor_host` can be determined (e.g. non-live mode with no VMM detection). +Each label is emitted only when its value is known; missing labels are +omitted rather than set to an empty string. | Label | Values | Meaning | |---|---|---| -| `kernel_release` | string | Output of `uname -r` (live mode only) | -| `kernel_arch` | string | Output of `uname -m` (live mode only) | -| `hypervisor_host` | `true` / `false` | Whether this machine is detected as a hypervisor host (running KVM, Xen, VMware, etc.) | +| `kernel_release` | string | Output of `uname -r`; emitted only in live mode | +| `kernel_arch` | string | Output of `uname -m`; emitted only in live mode | +| `hypervisor_host` | `true` / `false` | Whether this machine is detected as a hypervisor host (running KVM, Xen, VMware, etc.); absent when VMM detection did not run (e.g. `--no-hw`) | **Example:** ``` @@ -114,26 +117,47 @@ a malicious guest. Always prioritise remediation on hosts where ### `smc_cpu_info` CPU hardware and microcode metadata. Always value `1`. Absent when `--no-hw` -is used. +is used or when `--arch-prefix` is set (host CPU info is suppressed to avoid +mixing with a different-arch target kernel). + +Common labels (always emitted when the data is available): | Label | Values | Meaning | |---|---|---| -| `vendor` | string | CPU vendor (e.g. `Intel`, `AuthenticAMD`) | +| `vendor` | string | CPU vendor (e.g. `GenuineIntel`, `AuthenticAMD`, `HygonGenuine`, `ARM`) | | `model` | string | CPU friendly name from `/proc/cpuinfo` | +| `arch` | `x86` / `arm` | Architecture family; determines which arch-specific labels follow | +| `smt` | `true` / `false` | Whether SMT (HyperThreading) is currently enabled; absent if undeterminable | +| `microcode` | hex string | Installed microcode version (e.g. `0xf4`); absent if unreadable | +| `microcode_latest` | hex string | Latest known-good microcode version from the firmware database; absent if the CPU is not in the database | +| `microcode_up_to_date` | `true` / `false` | Whether `microcode == microcode_latest`; absent if either is unavailable | +| `microcode_blacklisted` | `true` / `false` | Whether the installed microcode is known to cause problems and should be rolled back; emitted whenever `microcode` is emitted | + +x86-only labels (emitted when `arch="x86"`): + +| Label | Values | Meaning | +|---|---|---| | `family` | integer string | CPU family number | | `model_id` | integer string | CPU model number | | `stepping` | integer string | CPU stepping number | -| `cpuid` | hex string | Full CPUID value (e.g. `0x000906ed`); absent on some ARM CPUs | -| `codename` | string | Intel CPU codename (e.g. `Coffee Lake`); absent on AMD and ARM | -| `smt` | `true` / `false` | Whether SMT (HyperThreading) is currently enabled | -| `microcode` | hex string | Installed microcode version (e.g. `0xf4`) | -| `microcode_latest` | hex string | Latest known-good microcode version from the firmware database | -| `microcode_up_to_date` | `true` / `false` | Whether `microcode == microcode_latest` | -| `microcode_blacklisted` | `true` / `false` | Whether the installed microcode is known to cause problems and should be rolled back | +| `cpuid` | hex string | Full CPUID value (e.g. `0x000906ed`) | +| `codename` | string | Intel CPU codename (e.g. `Coffee Lake`); absent on AMD/Hygon | -**Example:** +ARM-only labels (emitted when `arch="arm"`): + +| Label | Values | Meaning | +|---|---|---| +| `part_list` | string | Space-separated list of ARM part numbers across cores (e.g. `0xd0b 0xd05` on big.LITTLE) | +| `arch_list` | string | Space-separated list of ARM architecture levels across cores (e.g. `8 8`) | + +**x86 example:** ``` -smc_cpu_info{vendor="Intel",model="Intel(R) Core(TM) i7-9700K CPU @ 3.60GHz",family="6",model_id="158",stepping="13",cpuid="0x000906ed",codename="Coffee Lake",smt="true",microcode="0xf4",microcode_latest="0xf4",microcode_up_to_date="true",microcode_blacklisted="false"} 1 +smc_cpu_info{vendor="GenuineIntel",model="Intel(R) Core(TM) i7-9700K CPU @ 3.60GHz",arch="x86",family="6",model_id="158",stepping="13",cpuid="0x000906ed",codename="Coffee Lake",smt="true",microcode="0xf4",microcode_latest="0xf4",microcode_up_to_date="true",microcode_blacklisted="false"} 1 +``` + +**ARM example:** +``` +smc_cpu_info{vendor="ARM",model="ARM v8 model 0xd0b",arch="arm",part_list="0xd0b 0xd05",arch_list="8 8",smt="false"} 1 ``` **Microcode labels:** @@ -352,9 +376,15 @@ queries. CVE checks that rely on hardware capability detection (`cap_*` flags, MSR reads) will report `unknown` status. `mode="no-hw"` in `smc_build_info` signals this. +**Cross-arch inspection (`--arch-prefix`)** +When a cross-arch toolchain prefix is passed, the script suppresses the host +CPU metadata so it does not get mixed with data from a different-arch target +kernel: `smc_cpu_info` is not emitted, the same as under `--no-hw`. + **Hardware-only mode (`--hw-only`)** Only hardware detection is performed; CVE checks are skipped. `smc_cpu_info` -is emitted but no `smc_vuln` metrics appear. `mode="hw-only"` in +is emitted but no `smc_vulnerability_status` metrics appear (and +`smc_vulnerable_count` / `smc_unknown_count` are `0`). `mode="hw-only"` in `smc_build_info` signals this. **`--sysfs-only`** diff --git a/src/libs/250_output_emitters.sh b/src/libs/250_output_emitters.sh index b75db13..1c8db79 100644 --- a/src/libs/250_output_emitters.sh +++ b/src/libs/250_output_emitters.sh @@ -15,15 +15,17 @@ _prom_escape() { printf '%s' "$1" | sed -e 's/\\/\\\\/g' -e 's/"/\\"/g' | tr '\n' ' ' } -# Convert a shell capability value to a JSON token -# Args: $1=value (1=true, 0=false, -1/empty=null, other string=quoted string) -# Prints: JSON token +# Convert a shell capability value to a JSON boolean token +# Args: $1=value (1=true, 0=false, -1/empty=null, any other non-empty string=true) +# Prints: JSON token (true/false/null) +# Note: capability variables can be set to arbitrary strings internally to carry +# detection-path context (e.g. cap_ssbd='Intel SSBD'); for the JSON output those +# are normalized to true so consumers see a clean boolean | null type. _json_cap() { case "${1:-}" in - 1) printf 'true' ;; 0) printf 'false' ;; -1 | '') printf 'null' ;; - *) printf '"%s"' "$(_json_escape "$1")" ;; + *) printf 'true' ;; esac } @@ -126,7 +128,7 @@ _build_json_system() { # Sets: g_json_cpu # shellcheck disable=SC2034 _build_json_cpu() { - local cpuid_hex codename caps arch_sub arch_type + local cpuid_hex codename caps arch_sub arch_type sbpb_norm if [ -n "${cpu_cpuid:-}" ]; then cpuid_hex=$(printf '0x%08x' "$cpu_cpuid") else @@ -137,6 +139,15 @@ _build_json_cpu() { codename=$(get_intel_codename 2>/dev/null || true) fi + # cap_sbpb uses non-standard encoding (1=YES, 2=NO, 3=UNKNOWN) because the + # CVE-2023-20569 check distinguishes the unknown case. Normalize for JSON. + case "${cap_sbpb:-}" in + 1) sbpb_norm=1 ;; + 2) sbpb_norm=0 ;; + 3) sbpb_norm=-1 ;; + *) sbpb_norm='' ;; + esac + # Determine architecture type and build the arch-specific sub-object case "${cpu_vendor:-}" in GenuineIntel | AuthenticAMD | HygonGenuine) @@ -190,7 +201,7 @@ _build_json_cpu() { "$(_json_cap "${cap_tsa_l1_no:-}")" \ "$(_json_cap "${cap_verw_clear:-}")" \ "$(_json_cap "${cap_autoibrs:-}")" \ - "$(_json_cap "${cap_sbpb:-}")" \ + "$(_json_cap "$sbpb_norm")" \ "$(_json_cap "${cap_avx2:-}")" \ "$(_json_cap "${cap_avx512:-}")") arch_sub=$(printf '{"family":%s,"model":%s,"stepping":%s,"cpuid":%s,"platform_id":%s,"hybrid":%s,"codename":%s,"capabilities":%s}' \