From 6d9767db422d422522f0986e6cb4c7667bc60d93 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Mon, 3 Apr 2023 00:39:13 +0200 Subject: [PATCH 001/401] Add SOCKS4 support to CI --- .github/workflows/tests.yml | 20 ++++++++++++++++++-- src/main.rs | 2 +- src/setup.rs | 17 ++++------------- tests/proxy.rs | 15 +++++++++------ 4 files changed, 32 insertions(+), 22 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a3a6945..3b8c34f 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -21,6 +21,22 @@ jobs: with: command: test args: --no-run - - env: + - name: Populate .env + env: DOTENV: ${{ secrets.DOTENV }} - run: echo "$DOTENV" > .env && sudo -E /home/runner/.cargo/bin/cargo test + run: echo "$DOTENV" > .env + - name: Set up runner SSH key + run: >- + set -o allexport && + source .env && + set +o allexport && + mkdir ~/.ssh && + echo "$TEST_SERVER_PRIVATE_SSH_KEY" > ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa + - name: Run tests + run: >- + set -o allexport && + source .env && + set +o allexport && + ssh -N -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -D 1080 "$TEST_SERVER_SSH_DST" & + while ! nc -z 127.0.0.1 1080; do sleep 1; done && + sudo -E /home/runner/.cargo/bin/cargo test diff --git a/src/main.rs b/src/main.rs index 8b9dcd3..ac67753 100644 --- a/src/main.rs +++ b/src/main.rs @@ -89,7 +89,7 @@ fn main() -> ExitCode { Ok(()) })() { log::error!("{e}"); - std::process::exit(1); + return ExitCode::FAILURE; }; ExitCode::SUCCESS diff --git a/src/setup.rs b/src/setup.rs index c977e0c..0f36b7b 100644 --- a/src/setup.rs +++ b/src/setup.rs @@ -298,19 +298,10 @@ impl Setup { } pub fn drop_privileges(&self) -> Result<(), Error> { - let gid_str = match std::env::var("SUDO_GID") { - Ok(uid_str) => uid_str, - _ => String::from("65535"), - }; - let gid = gid_str.parse::()?; - nix::unistd::setgid(nix::unistd::Gid::from_raw(gid))?; - - let uid_str = match std::env::var("SUDO_UID") { - Ok(uid_str) => uid_str, - _ => String::from("65535"), - }; - let uid = uid_str.parse::()?; - nix::unistd::setuid(nix::unistd::Uid::from_raw(uid))?; + // 65534 is usually the nobody user. Even in cases it is not, it is safer to use this ID + // than running with UID and GID 0. + nix::unistd::setgid(nix::unistd::Gid::from_raw(65534))?; + nix::unistd::setuid(nix::unistd::Uid::from_raw(65534))?; Ok(()) } diff --git a/tests/proxy.rs b/tests/proxy.rs index 00128db..82589d7 100644 --- a/tests/proxy.rs +++ b/tests/proxy.rs @@ -3,6 +3,8 @@ mod tests { extern crate reqwest; use std::env; + use std::net::IpAddr; + use std::str::FromStr; use fork::Fork; use nix::sys::signal; @@ -64,12 +66,13 @@ mod tests { continue; } - let mut setup = Setup::new( - TUN_TEST_DEVICE, - &test.proxy.addr.ip(), - get_default_cidrs(), - false, - ); + let bypass_ip = match env::var("BYPASS_IP") { + Err(_) => test.proxy.addr.ip(), + Ok(ip_str) => IpAddr::from_str(ip_str.as_str()).unwrap(), + }; + + let mut setup = + Setup::new(TUN_TEST_DEVICE, &bypass_ip, get_default_cidrs(), false); setup.configure().unwrap(); match fork::fork() { From 0be39345a8856a93e2a9f381b8c9c544d7101b29 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Mon, 3 Apr 2023 20:31:31 +0200 Subject: [PATCH 002/401] Improve handling of half-open connections --- src/tun2proxy.rs | 202 +++++++++++++++++++++++++++-------------------- 1 file changed, 115 insertions(+), 87 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index e6453c8..a2c9ebb 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -8,6 +8,7 @@ use mio::unix::SourceFd; use mio::{Events, Interest, Poll, Token}; use smoltcp::iface::{Config, Interface, SocketHandle, SocketSet}; use smoltcp::phy::{Device, Medium, RxToken, TunTapInterface, TxToken}; +use smoltcp::socket::tcp::State; use smoltcp::socket::{tcp, udp}; use smoltcp::time::Instant; use smoltcp::wire::{IpCidr, IpProtocol, Ipv4Packet, Ipv6Packet, TcpPacket, UdpPacket}; @@ -15,7 +16,7 @@ use std::collections::{HashMap, HashSet}; use std::convert::{From, TryFrom}; use std::io::{Read, Write}; use std::net::Shutdown::Both; -use std::net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr}; +use std::net::{IpAddr, Ipv4Addr, Ipv6Addr, Shutdown, SocketAddr}; use std::os::unix::io::AsRawFd; use std::rc::Rc; use std::str::FromStr; @@ -204,14 +205,15 @@ fn connection_tuple(frame: &[u8]) -> Option<(Connection, bool, usize, usize)> { } } -const WRITE_CLOSED: u8 = 1; +const SERVER_WRITE_CLOSED: u8 = 1; +const CLIENT_WRITE_CLOSED: u8 = 2; struct ConnectionState { smoltcp_handle: SocketHandle, mio_stream: TcpStream, token: Token, handler: Box, - smoltcp_socket_state: u8, + close_state: u8, } pub(crate) trait TcpProxy { @@ -330,42 +332,75 @@ impl<'a> TunToProxy<'a> { None } - fn tunsocket_read_and_forward(&mut self, connection: &Connection) -> Result<(), Error> { - if let Some(state) = self.connections.get_mut(connection) { - let closed = { + fn check_change_close_state(&mut self, connection: &Connection) -> Result<(), Error> { + let state = self + .connections + .get_mut(connection) + .ok_or("connection does not exist")?; + let mut closed_ends = 0; + if (state.close_state & SERVER_WRITE_CLOSED) == SERVER_WRITE_CLOSED { + //info!("Server write closed"); + let event = state.handler.peek_data(OutgoingDirection::ToClient); + if event.buffer.is_empty() { + //info!("Server write closed and consumed"); let socket = self.sockets.get_mut::(state.smoltcp_handle); - let mut error = Ok(()); - while socket.can_recv() && error.is_ok() { - socket.recv(|data| { - let event = IncomingDataEvent { - direction: IncomingDirection::FromClient, - buffer: data, - }; - error = state.handler.push_data(event); + socket.close(); + closed_ends += 1; + } + } - (data.len(), ()) - })?; - } + if (state.close_state & CLIENT_WRITE_CLOSED) == CLIENT_WRITE_CLOSED { + //info!("Client write closed"); + let event = state.handler.peek_data(OutgoingDirection::ToServer); + if event.buffer.is_empty() { + //info!("Client write closed and consumed"); + _ = state.mio_stream.shutdown(Shutdown::Write); + closed_ends += 1; + } + } - match error { - Ok(_) => socket.state() == tcp::State::CloseWait, - Err(e) => { - log::error!("{e}"); - true - } - } - }; + if closed_ends == 2 { + self.remove_connection(connection)?; + } + Ok(()) + } + + fn tunsocket_read_and_forward(&mut self, connection: &Connection) -> Result<(), Error> { + // Scope for mutable borrow of self. + { + let state = self + .connections + .get_mut(connection) + .ok_or("connection does not exist")?; + let socket = self.sockets.get_mut::(state.smoltcp_handle); + let mut error = Ok(()); + while socket.can_recv() && error.is_ok() { + socket.recv(|data| { + let event = IncomingDataEvent { + direction: IncomingDirection::FromClient, + buffer: data, + }; + error = state.handler.push_data(event); + (data.len(), ()) + })?; + } + + if !socket.may_recv() + && socket.state() != State::Listen + && socket.state() != State::SynSent + && socket.state() != State::SynReceived + { + // We cannot yet close the write end of the mio stream here because we may still + // need to send data. + state.close_state |= CLIENT_WRITE_CLOSED; + } // Expect ACKs etc. from smoltcp sockets. self.expect_smoltcp_send()?; - - if closed { - let e = "connection not exist"; - let connection_state = self.connections.get_mut(connection).ok_or(e)?; - connection_state.mio_stream.shutdown(Both)?; - self.remove_connection(connection)?; - } } + + self.check_change_close_state(connection)?; + Ok(()) } @@ -417,7 +452,7 @@ impl<'a> TunToProxy<'a> { mio_stream: client, token, handler, - smoltcp_socket_state: 0, + close_state: 0, }; self.token_to_connection @@ -491,6 +526,7 @@ impl<'a> TunToProxy<'a> { if let Some(state) = self.connections.get_mut(connection) { let event = state.handler.peek_data(OutgoingDirection::ToServer); if event.buffer.is_empty() { + self.check_change_close_state(connection)?; return Ok(()); } let result = state.mio_stream.write(event.buffer); @@ -510,51 +546,52 @@ impl<'a> TunToProxy<'a> { } fn write_to_client(&mut self, token: Token, connection: &Connection) -> Result<(), Error> { - loop { - if let Some(state) = self.connections.get_mut(connection) { - let socket_state = state.smoltcp_socket_state; - let socket_handle = state.smoltcp_handle; - let event = state.handler.peek_data(OutgoingDirection::ToClient); - let buflen = event.buffer.len(); - let consumed; - { - let socket = self.sockets.get_mut::(socket_handle); - if socket.may_send() { - if let Some(virtdns) = &mut self.options.virtdns { - // Unwrapping is fine because every smoltcp socket is bound to an. - virtdns.touch_ip(&IpAddr::from(socket.local_endpoint().unwrap().addr)); - } - consumed = socket.send_slice(event.buffer)?; - state - .handler - .consume_data(OutgoingDirection::ToClient, consumed); - self.expect_smoltcp_send()?; - if consumed < buflen { - self.write_sockets.insert(token); - break; - } else { - self.write_sockets.remove(&token); - if consumed == 0 { - break; - } - } - } else { - break; - } - } + while let Some(state) = self.connections.get_mut(connection) { + let socket_handle = state.smoltcp_handle; + let event = state.handler.peek_data(OutgoingDirection::ToClient); + let buflen = event.buffer.len(); + let consumed; + { let socket = self.sockets.get_mut::(socket_handle); - // Closing and removing the connection here may work in practice but is actually not - // correct. Only the write end was closed but we could still read from it! - // TODO: Fix and test half-open connection scenarios as mentioned in the README. - // TODO: Investigate how half-closed connections from the other end are handled. - if socket_state & WRITE_CLOSED != 0 && consumed == buflen { - socket.close(); + if socket.may_send() { + if let Some(virtdns) = &mut self.options.virtdns { + // Unwrapping is fine because every smoltcp socket is bound to an. + virtdns.touch_ip(&IpAddr::from(socket.local_endpoint().unwrap().addr)); + } + consumed = socket.send_slice(event.buffer)?; + state + .handler + .consume_data(OutgoingDirection::ToClient, consumed); self.expect_smoltcp_send()?; - self.write_sockets.remove(&token); - self.remove_connection(connection)?; + if consumed < buflen { + self.write_sockets.insert(token); + break; + } else { + self.write_sockets.remove(&token); + if consumed == 0 { + break; + } + } + } else { break; } } + + self.check_change_close_state(connection)?; + + /*let socket = self.sockets.get_mut::(socket_handle); + // Closing and removing the connection here may work in practice but is actually not + // correct. Only the write end was closed but we could still read from it! + // TODO: Fix and test half-open connection scenarios as mentioned in the README. + // TODO: Investigate how half-closed connections from the other end are handled. + if socket_state & SERVER_WRITE_CLOSED != 0 && consumed == buflen { + info!("WRCL"); + socket.close(); + self.expect_smoltcp_send()?; + self.write_sockets.remove(&token); + self.remove_connection(connection)?; + break; + }*/ } Ok(()) } @@ -612,18 +649,6 @@ impl<'a> TunToProxy<'a> { } }; - if read == 0 { - { - let socket = self.sockets.get_mut::( - self.connections.get(&connection).ok_or(e)?.smoltcp_handle, - ); - socket.close(); - } - self.expect_smoltcp_send()?; - self.remove_connection(&connection.clone())?; - return Ok(()); - } - let data = vecbuf.as_slice(); let data_event = IncomingDataEvent { direction: IncomingDirection::FromServer, @@ -642,8 +667,11 @@ impl<'a> TunToProxy<'a> { self.remove_connection(&connection.clone())?; return Ok(()); } - if event.is_read_closed() { - state.smoltcp_socket_state |= WRITE_CLOSED; + + if read == 0 || event.is_read_closed() { + state.close_state |= SERVER_WRITE_CLOSED; + self.check_change_close_state(&connection)?; + self.expect_smoltcp_send()?; } } From 10a674d1c913d0bb172ab6de94a1c587bca0df62 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Tue, 4 Apr 2023 00:18:50 +0200 Subject: [PATCH 003/401] Fix CPU spikes due to always-writable event and improve half-open connection handling --- src/http.rs | 19 +++++- src/socks5.rs | 19 +++++- src/tun2proxy.rs | 164 +++++++++++++++++++++++++++++++---------------- 3 files changed, 143 insertions(+), 59 deletions(-) diff --git a/src/http.rs b/src/http.rs index 0a5278a..0a5b320 100644 --- a/src/http.rs +++ b/src/http.rs @@ -1,7 +1,7 @@ use crate::error::Error; use crate::tun2proxy::{ - Connection, ConnectionManager, IncomingDataEvent, IncomingDirection, OutgoingDataEvent, - OutgoingDirection, TcpProxy, + Connection, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, + OutgoingDataEvent, OutgoingDirection, TcpProxy, }; use crate::Credentials; use base64::Engine; @@ -160,6 +160,21 @@ impl TcpProxy for HttpConnection { fn connection_established(&self) -> bool { self.state == HttpState::Established } + + fn have_data(&mut self, dir: Direction) -> bool { + match dir { + Direction::Incoming(incoming) => match incoming { + IncomingDirection::FromServer => self.server_inbuf.len() > 0, + IncomingDirection::FromClient => { + self.client_inbuf.len() > 0 || self.data_buf.len() > 0 + } + }, + Direction::Outgoing(outgoing) => match outgoing { + OutgoingDirection::ToServer => self.server_outbuf.len() > 0, + OutgoingDirection::ToClient => self.client_outbuf.len() > 0, + }, + } + } } pub(crate) struct HttpManager { diff --git a/src/socks5.rs b/src/socks5.rs index a4296af..c6d8c0a 100644 --- a/src/socks5.rs +++ b/src/socks5.rs @@ -1,7 +1,7 @@ use crate::error::Error; use crate::tun2proxy::{ - Connection, ConnectionManager, DestinationHost, IncomingDataEvent, IncomingDirection, - OutgoingDataEvent, OutgoingDirection, TcpProxy, + Connection, ConnectionManager, DestinationHost, Direction, IncomingDataEvent, + IncomingDirection, OutgoingDataEvent, OutgoingDirection, TcpProxy, }; use crate::Credentials; use smoltcp::wire::IpProtocol; @@ -368,6 +368,21 @@ impl TcpProxy for SocksConnection { fn connection_established(&self) -> bool { self.state == SocksState::Established } + + fn have_data(&mut self, dir: Direction) -> bool { + match dir { + Direction::Incoming(incoming) => match incoming { + IncomingDirection::FromServer => self.server_inbuf.len() > 0, + IncomingDirection::FromClient => { + self.client_inbuf.len() > 0 || self.data_buf.len() > 0 + } + }, + Direction::Outgoing(outgoing) => match outgoing { + OutgoingDirection::ToServer => self.server_outbuf.len() > 0, + OutgoingDirection::ToClient => self.client_outbuf.len() > 0, + }, + } + } } pub struct SocksManager { diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index a2c9ebb..e0ea424 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -21,7 +21,7 @@ use std::os::unix::io::AsRawFd; use std::rc::Rc; use std::str::FromStr; -#[derive(Hash, Clone, Eq, PartialEq)] +#[derive(Hash, Clone, Eq, PartialEq, Debug)] pub(crate) enum DestinationHost { Address(IpAddr), Hostname(String), @@ -36,7 +36,7 @@ impl std::fmt::Display for DestinationHost { } } -#[derive(Hash, Clone, Eq, PartialEq)] +#[derive(Hash, Clone, Eq, PartialEq, Debug)] pub(crate) struct Destination { pub(crate) host: DestinationHost, pub(crate) port: u16, @@ -74,7 +74,7 @@ impl std::fmt::Display for Destination { } } -#[derive(Hash, Clone, Eq, PartialEq)] +#[derive(Hash, Clone, Eq, PartialEq, Debug)] pub(crate) struct Connection { pub(crate) src: SocketAddr, pub(crate) dst: Destination, @@ -107,6 +107,12 @@ pub(crate) enum OutgoingDirection { ToClient, } +#[derive(Eq, PartialEq, Debug)] +pub(crate) enum Direction { + Incoming(IncomingDirection), + Outgoing(OutgoingDirection), +} + #[allow(dead_code)] pub(crate) enum ConnectionEvent<'a> { NewConnection(&'a Connection), @@ -214,6 +220,8 @@ struct ConnectionState { token: Token, handler: Box, close_state: u8, + wait_read: bool, + wait_write: bool, } pub(crate) trait TcpProxy { @@ -221,6 +229,7 @@ pub(crate) trait TcpProxy { fn consume_data(&mut self, dir: OutgoingDirection, size: usize); fn peek_data(&mut self, dir: OutgoingDirection) -> OutgoingDataEvent; fn connection_established(&self) -> bool; + fn have_data(&mut self, dir: Direction) -> bool; } pub(crate) trait ConnectionManager { @@ -314,12 +323,12 @@ impl<'a> TunToProxy<'a> { } fn remove_connection(&mut self, connection: &Connection) -> Result<(), Error> { - let e = "connection not exist"; - let mut conn = self.connections.remove(connection).ok_or(e)?; - let token = &conn.token; - self.token_to_connection.remove(token); - self.poll.registry().deregister(&mut conn.mio_stream)?; - info!("CLOSE {}", connection); + if let Some(mut conn) = self.connections.remove(connection) { + let token = &conn.token; + self.token_to_connection.remove(token); + _ = self.poll.registry().deregister(&mut conn.mio_stream); + info!("CLOSE {}", connection); + } Ok(()) } @@ -333,30 +342,35 @@ impl<'a> TunToProxy<'a> { } fn check_change_close_state(&mut self, connection: &Connection) -> Result<(), Error> { - let state = self - .connections - .get_mut(connection) - .ok_or("connection does not exist")?; + let state = self.connections.get_mut(connection); + if state.is_none() { + return Ok(()); + } + let state = state.unwrap(); let mut closed_ends = 0; - if (state.close_state & SERVER_WRITE_CLOSED) == SERVER_WRITE_CLOSED { - //info!("Server write closed"); - let event = state.handler.peek_data(OutgoingDirection::ToClient); - if event.buffer.is_empty() { - //info!("Server write closed and consumed"); - let socket = self.sockets.get_mut::(state.smoltcp_handle); - socket.close(); - closed_ends += 1; - } + if (state.close_state & SERVER_WRITE_CLOSED) == SERVER_WRITE_CLOSED + && !state + .handler + .have_data(Direction::Incoming(IncomingDirection::FromServer)) + && !state + .handler + .have_data(Direction::Outgoing(OutgoingDirection::ToClient)) + { + let socket = self.sockets.get_mut::(state.smoltcp_handle); + socket.close(); + closed_ends += 1; } - if (state.close_state & CLIENT_WRITE_CLOSED) == CLIENT_WRITE_CLOSED { - //info!("Client write closed"); - let event = state.handler.peek_data(OutgoingDirection::ToServer); - if event.buffer.is_empty() { - //info!("Client write closed and consumed"); - _ = state.mio_stream.shutdown(Shutdown::Write); - closed_ends += 1; - } + if (state.close_state & CLIENT_WRITE_CLOSED) == CLIENT_WRITE_CLOSED + && !state + .handler + .have_data(Direction::Incoming(IncomingDirection::FromClient)) + && !state + .handler + .have_data(Direction::Outgoing(OutgoingDirection::ToServer)) + { + _ = state.mio_stream.shutdown(Shutdown::Write); + closed_ends += 1; } if closed_ends == 2 { @@ -368,10 +382,11 @@ impl<'a> TunToProxy<'a> { fn tunsocket_read_and_forward(&mut self, connection: &Connection) -> Result<(), Error> { // Scope for mutable borrow of self. { - let state = self - .connections - .get_mut(connection) - .ok_or("connection does not exist")?; + let state = self.connections.get_mut(connection); + if state.is_none() { + return Ok(()); + } + let state = state.unwrap(); let socket = self.sockets.get_mut::(state.smoltcp_handle); let mut error = Ok(()); while socket.can_recv() && error.is_ok() { @@ -404,6 +419,38 @@ impl<'a> TunToProxy<'a> { Ok(()) } + // Update the poll registry depending on the connection's event interests. + fn update_mio_socket_interest(&mut self, connection: &Connection) -> Result<(), Error> { + let state = self + .connections + .get_mut(connection) + .ok_or("connection not found")?; + + // Maybe we did not listen for any events before. Therefore, just swallow the error. + _ = self.poll.registry().deregister(&mut state.mio_stream); + + // If we do not wait for read or write events, we do not need to register them. + if !state.wait_read && !state.wait_write { + return Ok(()); + } + + // This ugliness is due to the way Interest is implemented (as a NonZeroU8 wrapper). + let interest; + if state.wait_read && !state.wait_write { + interest = Interest::READABLE; + } else if state.wait_write && !state.wait_read { + interest = Interest::WRITABLE; + } else { + interest = Interest::READABLE | Interest::WRITABLE; + } + + self.poll + .registry() + .register(&mut state.mio_stream, state.token, interest)?; + Ok(()) + } + + // A raw packet was received on the tunnel interface. fn receive_tun(&mut self, frame: &mut [u8]) -> Result<(), Error> { if let Some((connection, first_packet, _payload_offset, _payload_size)) = connection_tuple(frame) @@ -453,6 +500,8 @@ impl<'a> TunToProxy<'a> { token, handler, close_state: 0, + wait_read: true, + wait_write: false, }; self.token_to_connection @@ -460,7 +509,7 @@ impl<'a> TunToProxy<'a> { self.poll.registry().register( &mut state.mio_stream, token, - Interest::READABLE | Interest::WRITABLE, + Interest::READABLE, )?; self.connections.insert(resolved_conn.clone(), state); @@ -525,23 +574,33 @@ impl<'a> TunToProxy<'a> { fn write_to_server(&mut self, connection: &Connection) -> Result<(), Error> { if let Some(state) = self.connections.get_mut(connection) { let event = state.handler.peek_data(OutgoingDirection::ToServer); - if event.buffer.is_empty() { + let buffer_size = event.buffer.len(); + if buffer_size == 0 { + state.wait_write = false; + self.update_mio_socket_interest(connection)?; self.check_change_close_state(connection)?; return Ok(()); } let result = state.mio_stream.write(event.buffer); match result { - Ok(consumed) => { + Ok(written) => { state .handler - .consume_data(OutgoingDirection::ToServer, consumed); + .consume_data(OutgoingDirection::ToServer, written); + state.wait_write = written < buffer_size; + self.update_mio_socket_interest(connection)?; } Err(error) if error.kind() != std::io::ErrorKind::WouldBlock => { return Err(error.into()); } - _ => {} + _ => { + // WOULDBLOCK case + state.wait_write = true; + self.update_mio_socket_interest(connection)?; + } } } + self.check_change_close_state(connection)?; Ok(()) } @@ -578,20 +637,6 @@ impl<'a> TunToProxy<'a> { } self.check_change_close_state(connection)?; - - /*let socket = self.sockets.get_mut::(socket_handle); - // Closing and removing the connection here may work in practice but is actually not - // correct. Only the write end was closed but we could still read from it! - // TODO: Fix and test half-open connection scenarios as mentioned in the README. - // TODO: Investigate how half-closed connections from the other end are handled. - if socket_state & SERVER_WRITE_CLOSED != 0 && consumed == buflen { - info!("WRCL"); - socket.close(); - self.expect_smoltcp_send()?; - self.write_sockets.remove(&token); - self.remove_connection(connection)?; - break; - }*/ } Ok(()) } @@ -669,7 +714,9 @@ impl<'a> TunToProxy<'a> { } if read == 0 || event.is_read_closed() { + state.wait_read = false; state.close_state |= SERVER_WRITE_CLOSED; + self.update_mio_socket_interest(&connection)?; self.check_change_close_state(&connection)?; self.expect_smoltcp_send()?; } @@ -678,15 +725,21 @@ impl<'a> TunToProxy<'a> { // We have read from the proxy server and pushed the data to the connection handler. // Thus, expect data to be processed (e.g. decapsulated) and forwarded to the client. self.write_to_client(event.token(), &connection)?; + + // The connection handler could have produced data that is to be written to the + // server. + self.write_to_server(&connection)?; } + if event.is_writable() { self.write_to_server(&connection)?; } + Ok(()) })() .or_else(|error| { - self.remove_connection(&connection)?; log::error! {"{error}"} + self.remove_connection(&connection)?; Ok(()) }) } @@ -695,7 +748,6 @@ impl<'a> TunToProxy<'a> { pub(crate) fn run(&mut self) -> Result<(), Error> { let mut events = Events::with_capacity(1024); - loop { match self.poll.poll(&mut events, None) { Ok(()) => { @@ -711,6 +763,8 @@ impl<'a> TunToProxy<'a> { Err(e) => { if e.kind() != std::io::ErrorKind::Interrupted { return Err(e.into()); + } else { + log::warn!("Poll interrupted") } } } From 7818829760f9e10c6c6799bf551f3d7bfa55dbab Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Tue, 4 Apr 2023 00:19:41 +0200 Subject: [PATCH 004/401] Apply clippy fixes --- src/http.rs | 8 ++++---- src/socks5.rs | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/http.rs b/src/http.rs index 0a5b320..a51f153 100644 --- a/src/http.rs +++ b/src/http.rs @@ -164,14 +164,14 @@ impl TcpProxy for HttpConnection { fn have_data(&mut self, dir: Direction) -> bool { match dir { Direction::Incoming(incoming) => match incoming { - IncomingDirection::FromServer => self.server_inbuf.len() > 0, + IncomingDirection::FromServer => !self.server_inbuf.is_empty(), IncomingDirection::FromClient => { - self.client_inbuf.len() > 0 || self.data_buf.len() > 0 + !self.client_inbuf.is_empty() || !self.data_buf.is_empty() } }, Direction::Outgoing(outgoing) => match outgoing { - OutgoingDirection::ToServer => self.server_outbuf.len() > 0, - OutgoingDirection::ToClient => self.client_outbuf.len() > 0, + OutgoingDirection::ToServer => !self.server_outbuf.is_empty(), + OutgoingDirection::ToClient => !self.client_outbuf.is_empty(), }, } } diff --git a/src/socks5.rs b/src/socks5.rs index c6d8c0a..7448146 100644 --- a/src/socks5.rs +++ b/src/socks5.rs @@ -372,14 +372,14 @@ impl TcpProxy for SocksConnection { fn have_data(&mut self, dir: Direction) -> bool { match dir { Direction::Incoming(incoming) => match incoming { - IncomingDirection::FromServer => self.server_inbuf.len() > 0, + IncomingDirection::FromServer => !self.server_inbuf.is_empty(), IncomingDirection::FromClient => { - self.client_inbuf.len() > 0 || self.data_buf.len() > 0 + !self.client_inbuf.is_empty() || !self.data_buf.is_empty() } }, Direction::Outgoing(outgoing) => match outgoing { - OutgoingDirection::ToServer => self.server_outbuf.len() > 0, - OutgoingDirection::ToClient => self.client_outbuf.len() > 0, + OutgoingDirection::ToServer => !self.server_outbuf.is_empty(), + OutgoingDirection::ToClient => !self.client_outbuf.is_empty(), }, } } From 44122f3c689af4fe72c55674cb567ffd2fa75106 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Tue, 4 Apr 2023 10:17:13 +0200 Subject: [PATCH 005/401] Improve performance by increasing smoltcp socket buffer size --- src/tun2proxy.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index e0ea424..8af1c25 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -481,8 +481,8 @@ impl<'a> TunToProxy<'a> { manager.new_connection(&resolved_conn, manager.clone())? { let mut socket = tcp::Socket::new( - tcp::SocketBuffer::new(vec![0; 4096]), - tcp::SocketBuffer::new(vec![0; 4096]), + tcp::SocketBuffer::new(vec![0; 1024 * 128]), + tcp::SocketBuffer::new(vec![0; 1024 * 128]), ); socket.set_ack_delay(None); let dst = SocketAddr::try_from(dst)?; From 3fc112fc2ce7e49dbb8ad6451960dde469081f89 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Mon, 10 Apr 2023 09:58:17 +0800 Subject: [PATCH 006/401] update for smoltcp --- .cargo/config.toml | 5 +++++ src/tun2proxy.rs | 22 +++++++++++++--------- 2 files changed, 18 insertions(+), 9 deletions(-) create mode 100644 .cargo/config.toml diff --git a/.cargo/config.toml b/.cargo/config.toml new file mode 100644 index 0000000..8d5aed6 --- /dev/null +++ b/.cargo/config.toml @@ -0,0 +1,5 @@ +[registries.cratees-io] +protocol = "sparse" + +[build] +target = ["x86_64-unknown-linux-gnu"] diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 8af1c25..b98f03a 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -132,8 +132,8 @@ fn get_transport_info( transport_offset: usize, packet: &[u8], ) -> Option<((u16, u16), bool, usize, usize)> { - if proto == IpProtocol::Udp { - match UdpPacket::new_checked(packet) { + match proto { + IpProtocol::Udp => match UdpPacket::new_checked(packet) { Ok(result) => Some(( (result.src_port(), result.dst_port()), false, @@ -141,9 +141,8 @@ fn get_transport_info( packet.len() - 8, )), Err(_) => None, - } - } else if proto == IpProtocol::Tcp { - match TcpPacket::new_checked(packet) { + }, + IpProtocol::Tcp => match TcpPacket::new_checked(packet) { Ok(result) => Some(( (result.src_port(), result.dst_port()), result.syn() && !result.ack(), @@ -151,9 +150,8 @@ fn get_transport_info( packet.len(), )), Err(_) => None, - } - } else { - None + }, + _ => None, } } @@ -271,7 +269,13 @@ impl<'a> TunToProxy<'a> { Interest::READABLE, )?; - let config = Config::new(); + let config = match tun.capabilities().medium { + Medium::Ethernet => Config::new( + smoltcp::wire::EthernetAddress([0x02, 0x00, 0x00, 0x00, 0x00, 0x01]).into(), + ), + Medium::Ip => Config::new(smoltcp::wire::HardwareAddress::Ip), + Medium::Ieee802154 => todo!(), + }; let mut virt = VirtualTunDevice::new(tun.capabilities()); let gateway4: Ipv4Addr = Ipv4Addr::from_str("0.0.0.1")?; let gateway6: Ipv6Addr = Ipv6Addr::from_str("::1")?; From 14279a482cfe2e7bebb7687dd9af3946d2f5d379 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Mon, 10 Apr 2023 12:09:30 +0800 Subject: [PATCH 007/401] Turn off target type --- .cargo/config.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cargo/config.toml b/.cargo/config.toml index 8d5aed6..f61d106 100644 --- a/.cargo/config.toml +++ b/.cargo/config.toml @@ -2,4 +2,4 @@ protocol = "sparse" [build] -target = ["x86_64-unknown-linux-gnu"] +#target = ["x86_64-unknown-linux-gnu"] From 1a53e2bb525ffd52c9bb21363b967cc308ad3bc4 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Mon, 10 Apr 2023 10:31:41 +0200 Subject: [PATCH 008/401] Fix sparse index in cargo config --- .cargo/config.toml | 2 +- .gitignore | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.cargo/config.toml b/.cargo/config.toml index f61d106..332ab99 100644 --- a/.cargo/config.toml +++ b/.cargo/config.toml @@ -1,4 +1,4 @@ -[registries.cratees-io] +[registries.crates-io] protocol = "sparse" [build] diff --git a/.gitignore b/.gitignore index e0711ee..4ac1fec 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,7 @@ tmp/ *.secret *.iml !/.github +!/.cargo /target Cargo.lock manual-test.sh From 2cf7c9cdea25d66f8bc2a17ad3ef23c6d3734bbb Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Mon, 10 Apr 2023 10:34:30 +0200 Subject: [PATCH 009/401] Add label for testing pull requests in CI --- .github/workflows/tests.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3b8c34f..3e00ff3 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -3,6 +3,8 @@ on: types: [submitted] push: workflow_dispatch: + pull_request_target: + types: [labeled] name: Integration Tests @@ -10,6 +12,7 @@ jobs: proxy_tests: name: Proxy Tests runs-on: ubuntu-latest + if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'safe to test') steps: - uses: actions/checkout@v2 - uses: actions-rs/toolchain@v1 From 70cea8e11f6c857b657cb8cc143c6f3062d5c312 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Mon, 10 Apr 2023 10:57:41 +0200 Subject: [PATCH 010/401] Add manual tests for half open connections --- README.md | 1 - .../half-open-close-client/client.py | 12 ++++++++++++ .../half-open-close-client/server.py | 16 ++++++++++++++++ .../half-open-close-server/client.py | 12 ++++++++++++ .../half-open-close-server/server.py | 15 +++++++++++++++ 5 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 tests/manual-tests/half-open-close-client/client.py create mode 100644 tests/manual-tests/half-open-close-client/server.py create mode 100644 tests/manual-tests/half-open-close-server/client.py create mode 100644 tests/manual-tests/half-open-close-server/server.py diff --git a/README.md b/README.md index 6fed771..89c256f 100644 --- a/README.md +++ b/README.md @@ -114,7 +114,6 @@ or through `ip -6 route del default`, which causes the `libc` resolver (and othe requests for IPv6 addresses. ## TODO -- Improve handling of half-open connections - Increase error robustness (reduce `unwrap` and `expect` usage) - UDP support for SOCKS - Native support for proxying DNS over TCP or TLS diff --git a/tests/manual-tests/half-open-close-client/client.py b/tests/manual-tests/half-open-close-client/client.py new file mode 100644 index 0000000..c6fbd10 --- /dev/null +++ b/tests/manual-tests/half-open-close-client/client.py @@ -0,0 +1,12 @@ +import socket +import time + +with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s: + s.connect(('116.203.215.166', 1337)) + s.sendall('I am closing the write end, but I can still receive data'.encode()) + s.shutdown(socket.SHUT_WR) + while True: + data = s.recv(1024) + if not data: + break + print(data.decode()) diff --git a/tests/manual-tests/half-open-close-client/server.py b/tests/manual-tests/half-open-close-client/server.py new file mode 100644 index 0000000..5f7d949 --- /dev/null +++ b/tests/manual-tests/half-open-close-client/server.py @@ -0,0 +1,16 @@ +import socket +import time + +with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s: + s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + s.bind(('0.0.0.0', 1337)) + s.listen() + conn, addr = s.accept() + with conn: + while True: + data = conn.recv(1024) + if not data: + break + print(data.decode()) + time.sleep(3) + conn.sendall('This will still be received by the client that has closed its write end'.encode()) diff --git a/tests/manual-tests/half-open-close-server/client.py b/tests/manual-tests/half-open-close-server/client.py new file mode 100644 index 0000000..1e05fee --- /dev/null +++ b/tests/manual-tests/half-open-close-server/client.py @@ -0,0 +1,12 @@ +import socket +import time + +with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s: + s.connect(('116.203.215.166', 1337)) + while True: + data = s.recv(1024) + if not data: + break + print(data.decode()) + time.sleep(3) + s.sendall('Message after server write end close'.encode()) diff --git a/tests/manual-tests/half-open-close-server/server.py b/tests/manual-tests/half-open-close-server/server.py new file mode 100644 index 0000000..a1acb4a --- /dev/null +++ b/tests/manual-tests/half-open-close-server/server.py @@ -0,0 +1,15 @@ +import socket + +with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s: + s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + s.bind(('0.0.0.0', 1337)) + s.listen() + conn, addr = s.accept() + with conn: + conn.sendall('I am closing the write end, but I can still receive data'.encode()) + conn.shutdown(socket.SHUT_WR) + while True: + data = conn.recv(1024) + if not data: + break + print(data.decode()) From fd48be5febf85df1eaece06ee6be41fe54294aee Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Mon, 10 Apr 2023 11:05:06 +0200 Subject: [PATCH 011/401] Parameterize IP addresses in manual tests --- tests/manual-tests/half-open-close-client/client.py | 5 ++++- tests/manual-tests/half-open-close-server/client.py | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/manual-tests/half-open-close-client/client.py b/tests/manual-tests/half-open-close-client/client.py index c6fbd10..e8bce02 100644 --- a/tests/manual-tests/half-open-close-client/client.py +++ b/tests/manual-tests/half-open-close-client/client.py @@ -1,8 +1,11 @@ import socket import time +import sys with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s: - s.connect(('116.203.215.166', 1337)) + ip, port = sys.argv[1].split(':', 1) + port = int(port) + s.connect((ip, port)) s.sendall('I am closing the write end, but I can still receive data'.encode()) s.shutdown(socket.SHUT_WR) while True: diff --git a/tests/manual-tests/half-open-close-server/client.py b/tests/manual-tests/half-open-close-server/client.py index 1e05fee..dfbed38 100644 --- a/tests/manual-tests/half-open-close-server/client.py +++ b/tests/manual-tests/half-open-close-server/client.py @@ -1,8 +1,11 @@ import socket +import sys import time with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s: - s.connect(('116.203.215.166', 1337)) + ip, port = sys.argv[1].split(':', 1) + port = int(port) + s.connect((ip, port)) while True: data = s.recv(1024) if not data: From c0cff1da580097b0ae1d6b1b1d72f765af7da634 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Mon, 10 Apr 2023 18:26:32 +0800 Subject: [PATCH 012/401] refine SocksAddressType --- src/socks5.rs | 70 ++++++++++++++++++++++++++++----------------------- 1 file changed, 39 insertions(+), 31 deletions(-) diff --git a/src/socks5.rs b/src/socks5.rs index 7448146..76889fa 100644 --- a/src/socks5.rs +++ b/src/socks5.rs @@ -6,6 +6,7 @@ use crate::tun2proxy::{ use crate::Credentials; use smoltcp::wire::IpProtocol; use std::collections::VecDeque; +use std::convert::TryFrom; use std::net::{IpAddr, SocketAddr}; use std::rc::Rc; @@ -22,13 +23,31 @@ enum SocksState { } #[repr(u8)] -#[derive(Copy, Clone)] +#[derive(Copy, Clone, PartialEq, Debug)] enum SocksAddressType { Ipv4 = 1, DomainName = 3, Ipv6 = 4, } +impl TryFrom for SocksAddressType { + type Error = Error; + fn try_from(value: u8) -> Result { + match value { + 1 => Ok(SocksAddressType::Ipv4), + 3 => Ok(SocksAddressType::DomainName), + 4 => Ok(SocksAddressType::Ipv6), + _ => Err(format!("Unknown address type: {}", value).into()), + } + } +} + +impl From for u8 { + fn from(value: SocksAddressType) -> Self { + value as u8 + } +} + #[derive(Copy, Clone)] pub enum SocksVersion { V4 = 4, @@ -82,11 +101,11 @@ impl SocksConnection { let mut result = Self { connection: connection.clone(), state: SocksState::ServerHello, - client_inbuf: Default::default(), - server_inbuf: Default::default(), - client_outbuf: Default::default(), - server_outbuf: Default::default(), - data_buf: Default::default(), + client_inbuf: VecDeque::default(), + server_inbuf: VecDeque::default(), + client_outbuf: VecDeque::default(), + server_outbuf: VecDeque::default(), + data_buf: VecDeque::default(), manager, version, }; @@ -235,29 +254,18 @@ impl SocksConnection { return Err("SOCKS5 connection unsuccessful.".into()); } - if atyp != SocksAddressType::Ipv4 as u8 - && atyp != SocksAddressType::Ipv6 as u8 - && atyp != SocksAddressType::DomainName as u8 - { - return Err("SOCKS5 server replied with unrecognized address type.".into()); - } - - if atyp == SocksAddressType::DomainName as u8 && self.server_inbuf.len() < 5 { - return Ok(()); - } - - if atyp == SocksAddressType::DomainName as u8 - && self.server_inbuf.len() < 7 + (self.server_inbuf[4] as usize) - { - return Ok(()); - } - - let message_length = if atyp == SocksAddressType::Ipv4 as u8 { - 10 - } else if atyp == SocksAddressType::Ipv6 as u8 { - 22 - } else { - 7 + (self.server_inbuf[4] as usize) + let message_length = match SocksAddressType::try_from(atyp)? { + SocksAddressType::DomainName => { + if self.server_inbuf.len() < 5 { + return Ok(()); + } + if self.server_inbuf.len() < 7 + (self.server_inbuf[4] as usize) { + return Ok(()); + } + 7 + (self.server_inbuf[4] as usize) + } + SocksAddressType::Ipv4 => 10, + SocksAddressType::Ipv6 => 22, }; self.server_inbuf.drain(0..message_length); @@ -277,7 +285,7 @@ impl SocksConnection { } else { SocksAddressType::Ipv6 }; - self.server_outbuf.extend(&[cmd as u8]); + self.server_outbuf.extend(&[u8::from(cmd)]); match dst_ip { IpAddr::V4(ip) => self.server_outbuf.extend(ip.octets().as_ref()), IpAddr::V6(ip) => self.server_outbuf.extend(ip.octets().as_ref()), @@ -285,7 +293,7 @@ impl SocksConnection { } DestinationHost::Hostname(host) => { self.server_outbuf - .extend(&[SocksAddressType::DomainName as u8, host.len() as u8]); + .extend(&[u8::from(SocksAddressType::DomainName), host.len() as u8]); self.server_outbuf.extend(host.as_bytes()); } } From b669b9de2290e5ad89d1293b5bdf099a4aea67b8 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Mon, 10 Apr 2023 20:48:01 +0200 Subject: [PATCH 013/401] Remove unnecessary integer suffix --- src/setup.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/setup.rs b/src/setup.rs index 0f36b7b..5d9b1fe 100644 --- a/src/setup.rs +++ b/src/setup.rs @@ -173,7 +173,7 @@ impl Setup { let fd = nix::fcntl::open( "/tmp/tun2proxy-resolv.conf", nix::fcntl::OFlag::O_RDWR | nix::fcntl::OFlag::O_CLOEXEC | nix::fcntl::OFlag::O_CREAT, - nix::sys::stat::Mode::from_bits(0o644_u32).unwrap(), + nix::sys::stat::Mode::from_bits(0o644).unwrap(), )?; let data = "nameserver 198.18.0.1\n".as_bytes(); let mut written = 0; @@ -183,7 +183,7 @@ impl Setup { } written += nix::unistd::write(fd, &data[written..])?; } - nix::sys::stat::fchmod(fd, nix::sys::stat::Mode::from_bits(0o444_u32).unwrap())?; + nix::sys::stat::fchmod(fd, nix::sys::stat::Mode::from_bits(0o444).unwrap())?; let source = format!("/proc/self/fd/{}", fd); nix::mount::mount( source.as_str().into(), From cb1babebd4db4b5fc0ba4a0218368f056eff0847 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Mon, 10 Apr 2023 20:59:54 +0200 Subject: [PATCH 014/401] Only include setup feature on Linux --- src/main.rs | 35 ++++++++++++++++++++--------------- src/setup.rs | 2 ++ 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/src/main.rs b/src/main.rs index ac67753..d62913f 100644 --- a/src/main.rs +++ b/src/main.rs @@ -5,10 +5,12 @@ use std::net::IpAddr; use std::process::ExitCode; use tun2proxy::error::Error; -use tun2proxy::setup::{get_default_cidrs, Setup}; use tun2proxy::Options; use tun2proxy::{main_entry, Proxy}; +#[cfg(target_os = "linux")] +use tun2proxy::setup::{get_default_cidrs, Setup}; + /// Tunnel interface to proxy #[derive(Parser)] #[command(author, version, about = "Tunnel interface to proxy.", long_about = None)] @@ -66,22 +68,25 @@ fn main() -> ExitCode { } if let Err(e) = (|| -> Result<(), Error> { - let mut setup: Setup; - if args.setup == Some(ArgSetup::Auto) { - let bypass_tun_ip = match args.setup_ip { - Some(addr) => addr, - None => args.proxy.addr.ip(), - }; - setup = Setup::new( - &args.tun, - &bypass_tun_ip, - get_default_cidrs(), - args.setup_ip.is_some(), - ); + #[cfg(target_os = "linux")] + { + let mut setup: Setup; + if args.setup == Some(ArgSetup::Auto) { + let bypass_tun_ip = match args.setup_ip { + Some(addr) => addr, + None => args.proxy.addr.ip(), + }; + setup = Setup::new( + &args.tun, + &bypass_tun_ip, + get_default_cidrs(), + args.setup_ip.is_some(), + ); - setup.configure()?; + setup.configure()?; - setup.drop_privileges()?; + setup.drop_privileges()?; + } } main_entry(&args.tun, &args.proxy, options)?; diff --git a/src/setup.rs b/src/setup.rs index 5d9b1fe..e01b9da 100644 --- a/src/setup.rs +++ b/src/setup.rs @@ -1,3 +1,5 @@ +#![cfg(target_os = "linux")] + use crate::error::Error; use smoltcp::wire::IpCidr; use std::convert::TryFrom; From 94373082838ad4fdb23a159f6e64fc2e57b38b82 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Mon, 10 Apr 2023 21:37:20 +0200 Subject: [PATCH 015/401] Support building for Android --- Cargo.toml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Cargo.toml b/Cargo.toml index bc2826a..76e744a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -4,6 +4,9 @@ edition = "2018" name = "tun2proxy" version = "0.1.1" +[lib] +crate-type = ["cdylib", "lib"] + [dependencies] base64 = { version = "0.21" } clap = { version = "4.1", features = ["derive"] } From 500f6ef21f781d6d0a6286edfcac4de741c96fbf Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Mon, 10 Apr 2023 23:24:53 +0200 Subject: [PATCH 016/401] Add file descriptor support --- Cargo.toml | 2 +- src/lib.rs | 19 +++++++++++++++++-- src/main.rs | 5 +++-- src/tun2proxy.rs | 11 ++++++++--- tests/proxy.rs | 4 ++-- 5 files changed, 31 insertions(+), 10 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 76e744a..2e85def 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,7 +20,7 @@ log = "0.4" mio = { version = "0.8", features = ["os-poll", "net", "os-ext"] } nix = { version = "0.26", features = ["process", "signal"] } prctl = "1.0" -smoltcp = { version = "0.9", git = "https://github.com/smoltcp-rs/smoltcp.git", features = ["std"] } +smoltcp = { version = "0.9", git = "https://github.com/blechschmidt/smoltcp", branch = "android", features = ["std"] } thiserror = "1.0" url = "2.3" diff --git a/src/lib.rs b/src/lib.rs index 5c2ad60..1f167a2 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -18,6 +18,11 @@ pub struct Proxy { pub credentials: Option, } +pub enum NetworkInterface { + Named(String), + Fd(std::os::fd::RawFd), +} + impl Proxy { pub fn from_url(s: &str) -> Result { let e = format!("`{s}` is not a valid proxy URL"); @@ -83,6 +88,7 @@ impl std::fmt::Display for ProxyType { #[derive(Default)] pub struct Options { virtdns: Option, + mtu: Option, } impl Options { @@ -94,6 +100,11 @@ impl Options { self.virtdns = Some(virtdns::VirtualDns::new()); self } + + pub fn with_mtu(mut self, mtu: usize) -> Self { + self.mtu = Some(mtu); + self + } } #[derive(Default, Clone, Debug)] @@ -111,8 +122,12 @@ impl Credentials { } } -pub fn main_entry(tun: &str, proxy: &Proxy, options: Options) -> Result<(), Error> { - let mut ttp = TunToProxy::new(tun, options)?; +pub fn main_entry( + interface: &NetworkInterface, + proxy: &Proxy, + options: Options, +) -> Result<(), Error> { + let mut ttp = TunToProxy::new(interface, options)?; match proxy.proxy_type { ProxyType::Socks4 => { ttp.add_connection_manager(SocksManager::new( diff --git a/src/main.rs b/src/main.rs index d62913f..166012c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -5,8 +5,8 @@ use std::net::IpAddr; use std::process::ExitCode; use tun2proxy::error::Error; -use tun2proxy::Options; use tun2proxy::{main_entry, Proxy}; +use tun2proxy::{NetworkInterface, Options}; #[cfg(target_os = "linux")] use tun2proxy::setup::{get_default_cidrs, Setup}; @@ -89,7 +89,8 @@ fn main() -> ExitCode { } } - main_entry(&args.tun, &args.proxy, options)?; + let interface = NetworkInterface::Named(args.tun); + main_entry(&interface, &args.proxy, options)?; Ok(()) })() { diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index b98f03a..3940e3a 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -1,6 +1,6 @@ use crate::error::Error; use crate::virtdevice::VirtualTunDevice; -use crate::{Credentials, Options}; +use crate::{Credentials, NetworkInterface, Options}; use log::{error, info}; use mio::event::Event; use mio::net::TcpStream; @@ -260,8 +260,13 @@ pub(crate) struct TunToProxy<'a> { } impl<'a> TunToProxy<'a> { - pub(crate) fn new(interface: &str, options: Options) -> Result { - let tun = TunTapInterface::new(interface, Medium::Ip)?; + pub(crate) fn new(interface: &NetworkInterface, options: Options) -> Result { + let tun = match interface { + NetworkInterface::Named(name) => TunTapInterface::new(name.as_str(), Medium::Ip)?, + NetworkInterface::Fd(fd) => { + TunTapInterface::from_fd(*fd, Medium::Ip, options.mtu.unwrap_or(1500))? + } + }; let poll = Poll::new()?; poll.registry().register( &mut SourceFd(&tun.as_raw_fd()), diff --git a/tests/proxy.rs b/tests/proxy.rs index 82589d7..8e1f71c 100644 --- a/tests/proxy.rs +++ b/tests/proxy.rs @@ -12,7 +12,7 @@ mod tests { use serial_test::serial; use tun2proxy::setup::{get_default_cidrs, Setup}; - use tun2proxy::{main_entry, Options, Proxy, ProxyType}; + use tun2proxy::{main_entry, NetworkInterface, Options, Proxy, ProxyType}; #[derive(Clone, Debug)] struct Test { @@ -85,7 +85,7 @@ mod tests { Ok(Fork::Child) => { prctl::set_death_signal(signal::SIGINT as isize).unwrap(); let _ = main_entry( - TUN_TEST_DEVICE, + &NetworkInterface::Named(TUN_TEST_DEVICE.into()), &test.proxy, Options::new().with_virtual_dns(), ); From fb3ad33b53b12028ffbac8b5e466d024357802a9 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Thu, 13 Apr 2023 21:54:02 +0200 Subject: [PATCH 017/401] Add file descriptor and MTU to CLI arguments --- src/main.rs | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/main.rs b/src/main.rs index 166012c..43b128e 100644 --- a/src/main.rs +++ b/src/main.rs @@ -19,6 +19,14 @@ struct Args { #[arg(short, long, value_name = "name", default_value = "tun0")] tun: String, + /// File descriptor of the tun interface + #[arg(long, value_name = "fd")] + tun_fd: Option, + + /// MTU of the tun interface (only with tunnel file descriptor) + #[arg(long, value_name = "mtu", default_value = "1500")] + tun_mtu: usize, + /// Proxy URL in the form proto://[username[:password]@]host:port #[arg(short, long, value_parser = Proxy::from_url, value_name = "URL")] proxy: Proxy, @@ -67,6 +75,14 @@ fn main() -> ExitCode { options = options.with_virtual_dns(); } + let interface = match args.tun_fd { + None => NetworkInterface::Named(args.tun.clone()), + Some(fd) => { + options = options.with_mtu(args.tun_mtu); + NetworkInterface::Fd(fd) + } + }; + if let Err(e) = (|| -> Result<(), Error> { #[cfg(target_os = "linux")] { @@ -89,7 +105,6 @@ fn main() -> ExitCode { } } - let interface = NetworkInterface::Named(args.tun); main_entry(&interface, &args.proxy, options)?; Ok(()) From 62a04229db7c9570d650f708961b7a8ae56d0545 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Fri, 14 Apr 2023 17:27:37 +0800 Subject: [PATCH 018/401] shutdown function --- src/lib.rs | 4 ++++ src/tun2proxy.rs | 21 ++++++++++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/src/lib.rs b/src/lib.rs index 1f167a2..c0a5c30 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -149,3 +149,7 @@ pub fn main_entry( } ttp.run() } + +pub fn shutdown() -> Result<(), Error> { + TunToProxy::shutdown() +} diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 3940e3a..4e17711 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -244,6 +244,9 @@ pub(crate) trait ConnectionManager { const TCP_TOKEN: Token = Token(0); const UDP_TOKEN: Token = Token(1); +const EXIT_TOKEN: Token = Token(34255); + +const EXIT_LISTENER: &str = "127.0.0.1:34255"; pub(crate) struct TunToProxy<'a> { tun: TunTapInterface, @@ -257,6 +260,7 @@ pub(crate) struct TunToProxy<'a> { device: VirtualTunDevice, options: Options, write_sockets: HashSet, + _exit_listener: mio::net::TcpListener, } impl<'a> TunToProxy<'a> { @@ -274,6 +278,10 @@ impl<'a> TunToProxy<'a> { Interest::READABLE, )?; + let mut _exit_listener = mio::net::TcpListener::bind(EXIT_LISTENER.parse()?)?; + poll.registry() + .register(&mut _exit_listener, EXIT_TOKEN, Interest::READABLE)?; + let config = match tun.capabilities().medium { Medium::Ethernet => Config::new( smoltcp::wire::EthernetAddress([0x02, 0x00, 0x00, 0x00, 0x00, 0x01]).into(), @@ -305,6 +313,7 @@ impl<'a> TunToProxy<'a> { device: virt, options, write_sockets: HashSet::default(), + _exit_listener, }; Ok(tun) } @@ -762,6 +771,10 @@ impl<'a> TunToProxy<'a> { Ok(()) => { for event in events.iter() { match event.token() { + EXIT_TOKEN => { + log::info!("exiting..."); + return Ok(()); + } TCP_TOKEN => self.tun_event(event)?, UDP_TOKEN => self.udp_event(event), _ => self.mio_socket_event(event)?, @@ -773,10 +786,16 @@ impl<'a> TunToProxy<'a> { if e.kind() != std::io::ErrorKind::Interrupted { return Err(e.into()); } else { - log::warn!("Poll interrupted") + log::warn!("Poll interrupted: {e}") } } } } } + + pub(crate) fn shutdown() -> Result<(), Error> { + let addr: SocketAddr = EXIT_LISTENER.parse()?; + let _ = std::net::TcpStream::connect(addr)?; + Ok(()) + } } From 7442abece583b19ac21e8e858a70c665d25d0403 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Fri, 14 Apr 2023 18:44:41 +0800 Subject: [PATCH 019/401] integrate to android --- Cargo.toml | 4 +++ src/android.rs | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++ src/error.rs | 7 +++++ src/lib.rs | 1 + 4 files changed, 86 insertions(+) create mode 100644 src/android.rs diff --git a/Cargo.toml b/Cargo.toml index 2e85def..095ed9b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -24,6 +24,10 @@ smoltcp = { version = "0.9", git = "https://github.com/blechschmidt/smoltcp", br thiserror = "1.0" url = "2.3" +[target.'cfg(target_os="android")'.dependencies] +android_logger = "0.13" +jni = { version = "0.21", default-features = false } + [dev-dependencies] ctor = "0.1" reqwest = { version = "0.11", features = ["blocking", "json"] } diff --git a/src/android.rs b/src/android.rs new file mode 100644 index 0000000..ea7f165 --- /dev/null +++ b/src/android.rs @@ -0,0 +1,74 @@ +#![cfg(target_os = "android")] + +use crate::{error::Error, main_entry, shutdown, NetworkInterface, Options, Proxy}; +use jni::{ + objects::{JClass, JString}, + sys::{jboolean, jint}, + JNIEnv, +}; + +/// # Safety +/// +/// Running tun2proxy +#[no_mangle] +pub unsafe extern "C" fn Java_com_github_shadowsocks_bg_Tun2proxy_run( + mut env: JNIEnv, + _clazz: JClass, + proxy_url: JString, + tun_fd: jint, + tun_mtu: jint, + verbose: jboolean, +) -> jint { + let log_level = if verbose != 0 { "trace" } else { "info" }; + let filter_str = &format!("off,tun2proxy={log_level}"); + let filter = android_logger::FilterBuilder::new() + .parse(filter_str) + .build(); + android_logger::init_once( + android_logger::Config::default() + .with_tag("tun2proxy") + .with_max_level(log::LevelFilter::Trace) + .with_filter(filter), + ); + + let mut block = || -> Result<(), Error> { + let proxy_url = get_java_string(&mut env, &proxy_url)?; + let proxy = Proxy::from_url(proxy_url)?; + + let addr = proxy.addr; + let proxy_type = proxy.proxy_type; + log::info!("Proxy {proxy_type} server: {addr}"); + + let options = Options::new().with_virtual_dns().with_mtu(tun_mtu as usize); + + let interface = NetworkInterface::Fd(tun_fd); + _ = main_entry(&interface, &proxy, options)?; + Ok::<(), Error>(()) + }; + if let Err(error) = block() { + log::error!("failed to run tun2proxy with error: {:?}", error); + } + 0 +} + +/// # Safety +/// +/// Shutdown tun2proxy +#[no_mangle] +pub unsafe extern "C" fn Java_com_github_shadowsocks_bg_Tun2proxy_stop( + _env: JNIEnv, + _clazz: JClass, +) -> jint { + if let Err(e) = shutdown() { + log::error!("failed to shutdown tun2proxy with error: {:?}", e); + 1 + } else { + 0 + } +} + +unsafe fn get_java_string<'a>(env: &'a mut JNIEnv, string: &'a JString) -> Result<&'a str, Error> { + let str_ptr = env.get_string(string)?.as_ptr(); + let s: &str = std::ffi::CStr::from_ptr(str_ptr).to_str()?; + Ok(s) +} diff --git a/src/error.rs b/src/error.rs index 0b48fcd..de014e8 100644 --- a/src/error.rs +++ b/src/error.rs @@ -27,6 +27,13 @@ pub enum Error { #[error("smoltcp::socket::tcp::SendError {0:?}")] Send(#[from] smoltcp::socket::tcp::SendError), + #[error("std::str::Utf8Error {0:?}")] + Utf8(#[from] std::str::Utf8Error), + + #[cfg(target_os = "android")] + #[error("jni::errors::Error {0:?}")] + Jni(#[from] jni::errors::Error), + #[error("&str {0}")] Str(String), diff --git a/src/lib.rs b/src/lib.rs index c0a5c30..6f5a740 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -3,6 +3,7 @@ use crate::socks5::SocksVersion; use crate::{http::HttpManager, socks5::SocksManager, tun2proxy::TunToProxy}; use std::net::{SocketAddr, ToSocketAddrs}; +mod android; pub mod error; mod http; pub mod setup; From cba6ba7318a7f3d41143326c1a72916cb2fd587d Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sat, 15 Apr 2023 11:46:54 +0800 Subject: [PATCH 020/401] new_token function --- src/tun2proxy.rs | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 4e17711..7ceb256 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -244,7 +244,7 @@ pub(crate) trait ConnectionManager { const TCP_TOKEN: Token = Token(0); const UDP_TOKEN: Token = Token(1); -const EXIT_TOKEN: Token = Token(34255); +const EXIT_TOKEN: Token = Token(2); const EXIT_LISTENER: &str = "127.0.0.1:34255"; @@ -306,7 +306,7 @@ impl<'a> TunToProxy<'a> { poll, iface, connections: HashMap::default(), - next_token: 2, + next_token: usize::from(EXIT_TOKEN) + 1, token_to_connection: HashMap::default(), connection_managers: Vec::default(), sockets: SocketSet::new([]), @@ -318,6 +318,12 @@ impl<'a> TunToProxy<'a> { Ok(tun) } + fn new_token(&mut self) -> Token { + let token = Token(self.next_token); + self.next_token += 1; + token + } + pub(crate) fn add_connection_manager(&mut self, manager: Rc) { self.connection_managers.push(manager); } @@ -509,8 +515,7 @@ impl<'a> TunToProxy<'a> { let client = TcpStream::connect(server)?; - let token = Token(self.next_token); - self.next_token += 1; + let token = self.new_token(); let mut state = ConnectionState { smoltcp_handle: handle, From f67d8b23a866161b82788a9775ad1969ed35f017 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Sat, 15 Apr 2023 12:08:20 +0200 Subject: [PATCH 021/401] Beautify SOCKS implementation --- src/socks5.rs | 42 ++++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/src/socks5.rs b/src/socks5.rs index 76889fa..333db04 100644 --- a/src/socks5.rs +++ b/src/socks5.rs @@ -1,14 +1,16 @@ +use std::collections::VecDeque; +use std::convert::TryFrom; +use std::net::{IpAddr, SocketAddr}; +use std::rc::Rc; + +use smoltcp::wire::IpProtocol; + use crate::error::Error; use crate::tun2proxy::{ Connection, ConnectionManager, DestinationHost, Direction, IncomingDataEvent, IncomingDirection, OutgoingDataEvent, OutgoingDirection, TcpProxy, }; use crate::Credentials; -use smoltcp::wire::IpProtocol; -use std::collections::VecDeque; -use std::convert::TryFrom; -use std::net::{IpAddr, SocketAddr}; -use std::rc::Rc; #[derive(Eq, PartialEq, Debug)] #[allow(dead_code)] @@ -48,12 +50,22 @@ impl From for u8 { } } -#[derive(Copy, Clone)] +#[repr(u8)] +#[derive(Copy, Clone, PartialEq, Debug)] pub enum SocksVersion { V4 = 4, V5 = 5, } +#[repr(u8)] +#[derive(Copy, Clone, PartialEq, Debug)] +#[allow(dead_code)] +pub enum SocksCommand { + Connect = 1, + Bind = 2, + UdpAssociate = 3, +} + #[allow(dead_code)] enum SocksAuthentication { None = 0, @@ -118,8 +130,8 @@ impl SocksConnection { match self.version { SocksVersion::V4 => { self.server_outbuf.extend(&[ - 4u8, - 1, + self.version as u8, + SocksCommand::Connect as u8, (self.connection.dst.port >> 8) as u8, (self.connection.dst.port & 0xff) as u8, ]); @@ -152,11 +164,17 @@ impl SocksConnection { SocksVersion::V5 => { if credentials.is_some() { - self.server_outbuf - .extend(&[5u8, 1, SocksAuthentication::Password as u8]); + self.server_outbuf.extend(&[ + self.version as u8, + SocksCommand::Connect as u8, + SocksAuthentication::Password as u8, + ]); } else { - self.server_outbuf - .extend(&[5u8, 1, SocksAuthentication::None as u8]); + self.server_outbuf.extend(&[ + self.version as u8, + SocksCommand::Connect as u8, + SocksAuthentication::None as u8, + ]); } } } From 42878c29fdf67742919bf9155fa0f09f07e818cb Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Sat, 15 Apr 2023 12:10:30 +0200 Subject: [PATCH 022/401] Rename SOCKS module --- src/lib.rs | 6 +++--- src/{socks5.rs => socks.rs} | 0 2 files changed, 3 insertions(+), 3 deletions(-) rename src/{socks5.rs => socks.rs} (100%) diff --git a/src/lib.rs b/src/lib.rs index 5c2ad60..bf4c69a 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,12 +1,12 @@ use crate::error::Error; -use crate::socks5::SocksVersion; -use crate::{http::HttpManager, socks5::SocksManager, tun2proxy::TunToProxy}; +use crate::socks::SocksVersion; +use crate::{http::HttpManager, socks::SocksManager, tun2proxy::TunToProxy}; use std::net::{SocketAddr, ToSocketAddrs}; pub mod error; mod http; pub mod setup; -mod socks5; +mod socks; mod tun2proxy; mod virtdevice; mod virtdns; diff --git a/src/socks5.rs b/src/socks.rs similarity index 100% rename from src/socks5.rs rename to src/socks.rs From d94cc9066304c5fbcd66bf077384e68598e477be Mon Sep 17 00:00:00 2001 From: Antonio Cheong Date: Sun, 16 Apr 2023 14:23:52 +0800 Subject: [PATCH 023/401] Fix #20 There was regression of https://github.com/blechschmidt/tun2proxy/commit/b8a08871d05bf4f2107fc4f5d4f1fe05c9e7cd06 --- src/setup.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/setup.rs b/src/setup.rs index e01b9da..7728d0f 100644 --- a/src/setup.rs +++ b/src/setup.rs @@ -8,7 +8,7 @@ use std::ffi::OsStr; use std::io::BufRead; use std::net::{IpAddr, Ipv4Addr, Ipv6Addr}; -use std::os::fd::RawFd; +use std::os::unix::io::RawFd; use std::process::{Command, Output}; From b838583bf1ba0844badb6bf6ce75ce082f7c7548 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Sun, 16 Apr 2023 10:28:52 +0200 Subject: [PATCH 024/401] Add sudo to automatic setup example in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 89c256f..f425692 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ describing the manual setup, except that a bind mount is used to overlay the `/e You would then run the tool as follows: ```bash -./target/release/tun2proxy --setup auto --proxy "socks5://1.2.3.4:1080" +sudo ./target/release/tun2proxy --setup auto --proxy "socks5://1.2.3.4:1080" ``` Apart from SOCKS5, SOCKS4 and HTTP are supported. From 0027c5ac4e36d5c765dd8c22ce4e18df47e2ba2f Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Mon, 17 Apr 2023 22:37:39 +0200 Subject: [PATCH 025/401] Use smoltcp origin after feature merge --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 095ed9b..67bf2ee 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,7 +20,7 @@ log = "0.4" mio = { version = "0.8", features = ["os-poll", "net", "os-ext"] } nix = { version = "0.26", features = ["process", "signal"] } prctl = "1.0" -smoltcp = { version = "0.9", git = "https://github.com/blechschmidt/smoltcp", branch = "android", features = ["std"] } +smoltcp = { version = "0.9", git = "https://github.com/smoltcp-rs/smoltcp", features = ["std"] } thiserror = "1.0" url = "2.3" From 034417f5251622522aca80860bc0b7c1d7401e06 Mon Sep 17 00:00:00 2001 From: Antonio Date: Sun, 23 Apr 2023 20:32:09 +0800 Subject: [PATCH 026/401] Fix #29 --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 67bf2ee..addd019 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,7 +20,7 @@ log = "0.4" mio = { version = "0.8", features = ["os-poll", "net", "os-ext"] } nix = { version = "0.26", features = ["process", "signal"] } prctl = "1.0" -smoltcp = { version = "0.9", git = "https://github.com/smoltcp-rs/smoltcp", features = ["std"] } +smoltcp = { version = "0.9.1", git = "https://github.com/smoltcp-rs/smoltcp", features = ["std", "phy-tuntap_interface"] } thiserror = "1.0" url = "2.3" From 5e218c2130e4c891d9e7ec29c41b6f2554f684aa Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Thu, 27 Apr 2023 22:41:54 +0200 Subject: [PATCH 027/401] Use pipe for exiting --- src/android.rs | 29 ++++++++++++++++++++++------- src/lib.rs | 15 ++++++++++----- src/tun2proxy.rs | 29 ++++++++++++++--------------- 3 files changed, 46 insertions(+), 27 deletions(-) diff --git a/src/android.rs b/src/android.rs index ea7f165..4f642c8 100644 --- a/src/android.rs +++ b/src/android.rs @@ -1,12 +1,15 @@ #![cfg(target_os = "android")] -use crate::{error::Error, main_entry, shutdown, NetworkInterface, Options, Proxy}; +use crate::tun2proxy::TunToProxy; +use crate::{error::Error, tun_to_proxy, NetworkInterface, Options, Proxy}; use jni::{ objects::{JClass, JString}, sys::{jboolean, jint}, JNIEnv, }; +static mut TUN_TO_PROXY: Option = None; + /// # Safety /// /// Running tun2proxy @@ -42,7 +45,11 @@ pub unsafe extern "C" fn Java_com_github_shadowsocks_bg_Tun2proxy_run( let options = Options::new().with_virtual_dns().with_mtu(tun_mtu as usize); let interface = NetworkInterface::Fd(tun_fd); - _ = main_entry(&interface, &proxy, options)?; + let tun2proxy = tun_to_proxy(&interface, &proxy, options)?; + TUN_TO_PROXY = Some(tun2proxy); + if let Some(tun2proxy) = &mut TUN_TO_PROXY { + tun2proxy.run()?; + } Ok::<(), Error>(()) }; if let Err(error) = block() { @@ -59,11 +66,19 @@ pub unsafe extern "C" fn Java_com_github_shadowsocks_bg_Tun2proxy_stop( _env: JNIEnv, _clazz: JClass, ) -> jint { - if let Err(e) = shutdown() { - log::error!("failed to shutdown tun2proxy with error: {:?}", e); - 1 - } else { - 0 + match &mut TUN_TO_PROXY { + None => { + log::error!("tun2proxy not started"); + 1 + } + Some(tun2proxy) => { + if let Err(e) = tun2proxy.shutdown() { + log::error!("failed to shutdown tun2proxy with error: {:?}", e); + 1 + } else { + 0 + } + } } } diff --git a/src/lib.rs b/src/lib.rs index 3f24b92..1c8bb00 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -123,11 +123,11 @@ impl Credentials { } } -pub fn main_entry( +pub fn tun_to_proxy<'a>( interface: &NetworkInterface, proxy: &Proxy, options: Options, -) -> Result<(), Error> { +) -> Result, Error> { let mut ttp = TunToProxy::new(interface, options)?; match proxy.proxy_type { ProxyType::Socks4 => { @@ -148,9 +148,14 @@ pub fn main_entry( ttp.add_connection_manager(HttpManager::new(proxy.addr, proxy.credentials.clone())); } } - ttp.run() + Ok(ttp) } -pub fn shutdown() -> Result<(), Error> { - TunToProxy::shutdown() +pub fn main_entry( + interface: &NetworkInterface, + proxy: &Proxy, + options: Options, +) -> Result<(), Error> { + let ttp = tun_to_proxy(interface, proxy, options); + ttp?.run() } diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 7ceb256..402759b 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -242,13 +242,11 @@ pub(crate) trait ConnectionManager { fn get_credentials(&self) -> &Option; } -const TCP_TOKEN: Token = Token(0); +const TUN_TOKEN: Token = Token(0); const UDP_TOKEN: Token = Token(1); const EXIT_TOKEN: Token = Token(2); -const EXIT_LISTENER: &str = "127.0.0.1:34255"; - -pub(crate) struct TunToProxy<'a> { +pub struct TunToProxy<'a> { tun: TunTapInterface, poll: Poll, iface: Interface, @@ -260,11 +258,12 @@ pub(crate) struct TunToProxy<'a> { device: VirtualTunDevice, options: Options, write_sockets: HashSet, - _exit_listener: mio::net::TcpListener, + _exit_receiver: mio::unix::pipe::Receiver, + exit_sender: mio::unix::pipe::Sender, } impl<'a> TunToProxy<'a> { - pub(crate) fn new(interface: &NetworkInterface, options: Options) -> Result { + pub fn new(interface: &NetworkInterface, options: Options) -> Result { let tun = match interface { NetworkInterface::Named(name) => TunTapInterface::new(name.as_str(), Medium::Ip)?, NetworkInterface::Fd(fd) => { @@ -274,13 +273,13 @@ impl<'a> TunToProxy<'a> { let poll = Poll::new()?; poll.registry().register( &mut SourceFd(&tun.as_raw_fd()), - TCP_TOKEN, + TUN_TOKEN, Interest::READABLE, )?; - let mut _exit_listener = mio::net::TcpListener::bind(EXIT_LISTENER.parse()?)?; + let (exit_sender, mut exit_receiver) = mio::unix::pipe::new()?; poll.registry() - .register(&mut _exit_listener, EXIT_TOKEN, Interest::READABLE)?; + .register(&mut exit_receiver, EXIT_TOKEN, Interest::READABLE)?; let config = match tun.capabilities().medium { Medium::Ethernet => Config::new( @@ -313,7 +312,8 @@ impl<'a> TunToProxy<'a> { device: virt, options, write_sockets: HashSet::default(), - _exit_listener, + _exit_receiver: exit_receiver, + exit_sender, }; Ok(tun) } @@ -769,7 +769,7 @@ impl<'a> TunToProxy<'a> { fn udp_event(&mut self, _event: &Event) {} - pub(crate) fn run(&mut self) -> Result<(), Error> { + pub fn run(&mut self) -> Result<(), Error> { let mut events = Events::with_capacity(1024); loop { match self.poll.poll(&mut events, None) { @@ -780,7 +780,7 @@ impl<'a> TunToProxy<'a> { log::info!("exiting..."); return Ok(()); } - TCP_TOKEN => self.tun_event(event)?, + TUN_TOKEN => self.tun_event(event)?, UDP_TOKEN => self.udp_event(event), _ => self.mio_socket_event(event)?, } @@ -798,9 +798,8 @@ impl<'a> TunToProxy<'a> { } } - pub(crate) fn shutdown() -> Result<(), Error> { - let addr: SocketAddr = EXIT_LISTENER.parse()?; - let _ = std::net::TcpStream::connect(addr)?; + pub fn shutdown(&mut self) -> Result<(), Error> { + self.exit_sender.write_all(&[1])?; Ok(()) } } From ad72147ff40320af145550018a18d4000bc41e86 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Thu, 27 Apr 2023 22:42:34 +0200 Subject: [PATCH 028/401] Free memory of closed connections --- src/socks.rs | 14 +++++++------- src/stream.rs | 50 ++++++++++++++++++++++++++++++++++++++++++++++++ src/tun2proxy.rs | 1 + 3 files changed, 58 insertions(+), 7 deletions(-) create mode 100644 src/stream.rs diff --git a/src/socks.rs b/src/socks.rs index 333db04..c848310 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -100,8 +100,8 @@ pub(crate) struct SocksConnection { client_outbuf: VecDeque, server_outbuf: VecDeque, data_buf: VecDeque, - manager: Rc, version: SocksVersion, + credentials: Option, } impl SocksConnection { @@ -118,15 +118,15 @@ impl SocksConnection { client_outbuf: VecDeque::default(), server_outbuf: VecDeque::default(), data_buf: VecDeque::default(), - manager, version, + credentials: manager.get_credentials().clone(), }; result.send_client_hello()?; Ok(result) } fn send_client_hello(&mut self) -> Result<(), Error> { - let credentials = self.manager.get_credentials(); + let credentials = &self.credentials; match self.version { SocksVersion::V4 => { self.server_outbuf.extend(&[ @@ -207,15 +207,15 @@ impl SocksConnection { return Err("SOCKS5 server replied with an unexpected version.".into()); } - if self.server_inbuf[1] != 0 && self.manager.get_credentials().is_none() - || self.server_inbuf[1] != 2 && self.manager.get_credentials().is_some() + if self.server_inbuf[1] != 0 && self.credentials.is_none() + || self.server_inbuf[1] != 2 && self.credentials.is_some() { return Err("SOCKS5 server requires an unsupported authentication method.".into()); } self.server_inbuf.drain(0..2); - if self.manager.get_credentials().is_some() { + if self.credentials.is_some() { self.state = SocksState::SendAuthData; } else { self.state = SocksState::SendRequest; @@ -232,7 +232,7 @@ impl SocksConnection { fn send_auth_data(&mut self) -> Result<(), Error> { let tmp = Credentials::default(); - let credentials = self.manager.get_credentials().as_ref().unwrap_or(&tmp); + let credentials = self.credentials.as_ref().unwrap_or(&tmp); self.server_outbuf .extend(&[1u8, credentials.username.len() as u8]); self.server_outbuf.extend(&credentials.username); diff --git a/src/stream.rs b/src/stream.rs new file mode 100644 index 0000000..6527fdc --- /dev/null +++ b/src/stream.rs @@ -0,0 +1,50 @@ +use std::collections::VecDeque; +use std::io::{Read, Write}; +use mio::net::TcpStream; +use crate::error::Error; + +struct Stream { + write_buf: VecDeque, +} + +impl Stream { + pub fn writable_bytes(&self) -> usize { + return self.write_buf.len(); + } + + pub fn read_data(&mut self, data: &[u8]) { + + } + + pub fn forward(&mut self, tcp_stream: &mut TcpStream) { + //tcp_stream.write() + } + + /*pub fn read(&mut self, tcp_socket: &mut smoltcp::socket::Socket::Tcp) { + //tcp_socket.read() + }*/ +} + +struct DnsProxy { + query: Vec, + response: Option>, +} + +impl DnsProxy { + pub fn receive_query(payload: &[u8]) -> Result { + if payload.len() > 0xffff { + return Err("DNS payload too large".into()); + } + Ok(Self { + query: Vec::from(payload), + response: None, + }) + } + + pub fn get_response(&self) -> Result, Error> { + Ok(match &self.response { + None => None, + Some(bytes) => Some(bytes.as_slice()) + }) + } +} \ No newline at end of file diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 402759b..ec984b4 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -350,6 +350,7 @@ impl<'a> TunToProxy<'a> { if let Some(mut conn) = self.connections.remove(connection) { let token = &conn.token; self.token_to_connection.remove(token); + self.sockets.remove(conn.smoltcp_handle); _ = self.poll.registry().deregister(&mut conn.mio_stream); info!("CLOSE {}", connection); } From fb28783598a680d7cfed1166487ca2167f464b7c Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Thu, 27 Apr 2023 23:02:13 +0200 Subject: [PATCH 029/401] Remove file that should not have been committed --- src/stream.rs | 50 -------------------------------------------------- 1 file changed, 50 deletions(-) delete mode 100644 src/stream.rs diff --git a/src/stream.rs b/src/stream.rs deleted file mode 100644 index 6527fdc..0000000 --- a/src/stream.rs +++ /dev/null @@ -1,50 +0,0 @@ -use std::collections::VecDeque; -use std::io::{Read, Write}; -use mio::net::TcpStream; -use crate::error::Error; - -struct Stream { - write_buf: VecDeque, -} - -impl Stream { - pub fn writable_bytes(&self) -> usize { - return self.write_buf.len(); - } - - pub fn read_data(&mut self, data: &[u8]) { - - } - - pub fn forward(&mut self, tcp_stream: &mut TcpStream) { - //tcp_stream.write() - } - - /*pub fn read(&mut self, tcp_socket: &mut smoltcp::socket::Socket::Tcp) { - //tcp_socket.read() - }*/ -} - -struct DnsProxy { - query: Vec, - response: Option>, -} - -impl DnsProxy { - pub fn receive_query(payload: &[u8]) -> Result { - if payload.len() > 0xffff { - return Err("DNS payload too large".into()); - } - Ok(Self { - query: Vec::from(payload), - response: None, - }) - } - - pub fn get_response(&self) -> Result, Error> { - Ok(match &self.response { - None => None, - Some(bytes) => Some(bytes.as_slice()) - }) - } -} \ No newline at end of file From e5d1cfbef182170a6ddf452502a5e32b4ec78a58 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Thu, 18 May 2023 18:34:15 +0800 Subject: [PATCH 030/401] Reqwest without openssl (#8) --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index addd019..b5fcb1b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -30,6 +30,6 @@ jni = { version = "0.21", default-features = false } [dev-dependencies] ctor = "0.1" -reqwest = { version = "0.11", features = ["blocking", "json"] } +reqwest = { version = "0.11", default-features = false, features = ["blocking", "json", "rustls-tls"] } serial_test = "1.0" test-log = "0.2" From 75bfdcc95a5515e88dd04f9f6ca5999d28f81803 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Sat, 27 May 2023 10:28:35 +0200 Subject: [PATCH 031/401] Support authentication without credentials if credentials are provided --- src/socks.rs | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/socks.rs b/src/socks.rs index c848310..87b3944 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -166,13 +166,14 @@ impl SocksConnection { if credentials.is_some() { self.server_outbuf.extend(&[ self.version as u8, - SocksCommand::Connect as u8, + 2u8, + SocksAuthentication::None as u8, SocksAuthentication::Password as u8, ]); } else { self.server_outbuf.extend(&[ self.version as u8, - SocksCommand::Connect as u8, + 1u8, SocksAuthentication::None as u8, ]); } @@ -207,15 +208,19 @@ impl SocksConnection { return Err("SOCKS5 server replied with an unexpected version.".into()); } - if self.server_inbuf[1] != 0 && self.credentials.is_none() - || self.server_inbuf[1] != 2 && self.credentials.is_some() + let auth_method = self.server_inbuf[1]; + + if auth_method != SocksAuthentication::None as u8 && self.credentials.is_none() + || (auth_method != SocksAuthentication::None as u8 + && auth_method != SocksAuthentication::Password as u8) + && self.credentials.is_some() { return Err("SOCKS5 server requires an unsupported authentication method.".into()); } self.server_inbuf.drain(0..2); - if self.credentials.is_some() { + if auth_method == SocksAuthentication::Password as u8 { self.state = SocksState::SendAuthData; } else { self.state = SocksState::SendRequest; From 6767076a6b3b1126b03dca99ec1df9eb98de9117 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Wed, 31 May 2023 18:25:24 +0200 Subject: [PATCH 032/401] Implement GFW bypass (see issue #35) --- src/socks.rs | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/socks.rs b/src/socks.rs index 87b3944..69b6cab 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -69,7 +69,11 @@ pub enum SocksCommand { #[allow(dead_code)] enum SocksAuthentication { None = 0, + GssApi = 1, Password = 2, + ChallengeHandshake = 3, + Unassigned = 4, + Unassigned100 = 100, } #[allow(dead_code)] @@ -163,18 +167,24 @@ impl SocksConnection { } SocksVersion::V5 => { + // Providing unassigned methods is supposed to bypass China's GFW. + // For details, refer to https://github.com/blechschmidt/tun2proxy/issues/35. if credentials.is_some() { self.server_outbuf.extend(&[ self.version as u8, - 2u8, + 4u8, SocksAuthentication::None as u8, SocksAuthentication::Password as u8, + SocksAuthentication::Unassigned as u8, + SocksAuthentication::Unassigned100 as u8, ]); } else { self.server_outbuf.extend(&[ self.version as u8, - 1u8, + 3u8, SocksAuthentication::None as u8, + SocksAuthentication::Unassigned as u8, + SocksAuthentication::Unassigned100 as u8, ]); } } From 86429ee8eb8cb97a375fb95e55cc32c6beca98bc Mon Sep 17 00:00:00 2001 From: Jorge Alejandro Jimenez Luna Date: Thu, 22 Jun 2023 13:09:36 -0400 Subject: [PATCH 033/401] Initial support digest auth scheme --- Cargo.toml | 3 + src/error.rs | 6 + src/http.rs | 328 ++++++++++++++++++++++++++++++++++++++--------- src/lib.rs | 8 +- src/socks.rs | 12 +- src/tun2proxy.rs | 31 ++++- 6 files changed, 321 insertions(+), 67 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index b5fcb1b..f4c2830 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -23,6 +23,9 @@ prctl = "1.0" smoltcp = { version = "0.9.1", git = "https://github.com/smoltcp-rs/smoltcp", features = ["std", "phy-tuntap_interface"] } thiserror = "1.0" url = "2.3" +digest_auth = "0.3.1" +httparse = "1.8.0" +unicase = "2.6.0" [target.'cfg(target_os="android")'.dependencies] android_logger = "0.13" diff --git a/src/error.rs b/src/error.rs index de014e8..dbfe962 100644 --- a/src/error.rs +++ b/src/error.rs @@ -48,6 +48,12 @@ pub enum Error { #[error("std::num::ParseIntError {0:?}")] IntParseError(#[from] std::num::ParseIntError), + + #[error("httparse::Error {0}")] + HttpError(#[from] httparse::Error), + + #[error("digest_auth::Error {0}")] + DigestAuthError(#[from] digest_auth::Error), } impl From<&str> for Error { diff --git a/src/http.rs b/src/http.rs index a51f153..ba0decb 100644 --- a/src/http.rs +++ b/src/http.rs @@ -1,24 +1,41 @@ use crate::error::Error; use crate::tun2proxy::{ - Connection, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, + Connection, ConnectionManager, Destination, Direction, IncomingDataEvent, IncomingDirection, OutgoingDataEvent, OutgoingDirection, TcpProxy, }; use crate::Credentials; use base64::Engine; +use httparse::Response; use smoltcp::wire::IpProtocol; -use std::collections::VecDeque; +use std::cell::RefCell; +use std::collections::hash_map::RandomState; +use std::collections::{HashMap, VecDeque}; +use std::iter::FromIterator; use std::net::SocketAddr; use std::rc::Rc; +use std::str; +use unicase::UniCase; + +#[derive(Eq, PartialEq, Debug)] +#[allow(dead_code)] +enum AuthenticationScheme { + None, + Basic, + Digest, +} #[derive(Eq, PartialEq, Debug)] #[allow(dead_code)] enum HttpState { SendRequest, - ExpectStatusCode, + ExpectResponseHeaders, ExpectResponse, + Reset, Established, } +pub(crate) type DigestState = digest_auth::WwwAuthenticateHeader; + pub struct HttpConnection { state: HttpState, client_inbuf: VecDeque, @@ -27,82 +44,264 @@ pub struct HttpConnection { server_outbuf: VecDeque, data_buf: VecDeque, crlf_state: u8, + counter: usize, + skip: usize, + digest_state: Rc>>, + before: bool, + credentials: Option, + destination: Destination, } -impl HttpConnection { - fn new(connection: &Connection, manager: Rc) -> Self { - let mut server_outbuf: VecDeque = VecDeque::new(); - { - let credentials = manager.get_credentials(); - server_outbuf.extend(b"CONNECT ".iter()); - server_outbuf.extend(connection.dst.to_string().as_bytes()); - server_outbuf.extend(b" HTTP/1.1\r\nHost: ".iter()); - server_outbuf.extend(connection.dst.to_string().as_bytes()); - server_outbuf.extend(b"\r\n".iter()); - if let Some(credentials) = credentials { - server_outbuf.extend(b"Proxy-Authorization: Basic "); - let mut auth_plain = credentials.username.clone(); - auth_plain.extend(b":".iter()); - auth_plain.extend(&credentials.password); - let auth_b64 = base64::engine::general_purpose::STANDARD.encode(auth_plain); - server_outbuf.extend(auth_b64.as_bytes().iter()); - server_outbuf.extend(b"\r\n".iter()); - } - server_outbuf.extend(b"\r\n".iter()); - } +static PROXY_AUTHENTICATE: &str = "Proxy-Authenticate"; +static PROXY_AUTHORIZATION: &str = "Proxy-Authorization"; +static CONNECTION: &str = "Connection"; +static TRANSFER_ENCODING: &str = "Transfer-Encoding"; +static CONTENT_LENGTH: &str = "Content-Length"; - Self { - state: HttpState::ExpectStatusCode, +impl HttpConnection { + fn new( + connection: &Connection, + manager: Rc, + digest_state: Rc>>, + ) -> Result { + let mut res = Self { + state: HttpState::ExpectResponseHeaders, client_inbuf: Default::default(), server_inbuf: Default::default(), client_outbuf: Default::default(), - server_outbuf, + server_outbuf: Default::default(), data_buf: Default::default(), - crlf_state: Default::default(), + skip: 0, + counter: 0, + crlf_state: 0, + digest_state, + before: false, + credentials: manager.get_credentials().clone(), + destination: connection.dst.clone(), + }; + + res.send_tunnel_request()?; + Ok(res) + } + + fn send_tunnel_request(&mut self) -> Result<(), Error> { + self.server_outbuf.extend(b"CONNECT "); + self.server_outbuf + .extend(self.destination.to_string().as_bytes()); + self.server_outbuf.extend(b" HTTP/1.1\r\nHost: "); + self.server_outbuf + .extend(self.destination.to_string().as_bytes()); + self.server_outbuf.extend(b"\r\n"); + + self.send_auth_data(if self.digest_state.borrow().is_none() { + AuthenticationScheme::Basic + } else { + AuthenticationScheme::Digest + })?; + + self.server_outbuf.extend(b"\r\n"); + Ok(()) + } + + fn send_auth_data(&mut self, scheme: AuthenticationScheme) -> Result<(), Error> { + let Some(credentials) = &self.credentials else { + return Ok(()); + }; + + match scheme { + AuthenticationScheme::Digest => { + let uri = format!("{}:{}", self.destination.host, self.destination.port); + + let context = digest_auth::AuthContext::new_with_method( + &credentials.username, + &credentials.password, + &uri, + Option::<&'_ [u8]>::None, + digest_auth::HttpMethod::CONNECT, + ); + + let mut state = self.digest_state.borrow_mut(); + let response = state.as_mut().unwrap().respond(&context)?; + + self.server_outbuf.extend( + format!( + "{}: {}\r\n", + PROXY_AUTHORIZATION, + response.to_header_string() + ) + .as_bytes(), + ); + } + AuthenticationScheme::Basic => { + let cred = format!("{}:{}", credentials.username, credentials.password); + let auth_b64 = base64::engine::general_purpose::STANDARD.encode(cred); + self.server_outbuf + .extend(format!("{}: Basic {}\r\n", PROXY_AUTHORIZATION, auth_b64).as_bytes()); + } + AuthenticationScheme::None => {} } + + Ok(()) } fn state_change(&mut self) -> Result<(), Error> { - let http_len = "HTTP/1.1 200".len(); match self.state { - HttpState::ExpectStatusCode if self.server_inbuf.len() > http_len => { - let status_line: Vec = - self.server_inbuf.range(0..http_len + 1).copied().collect(); - let slice = &status_line.as_slice()[0.."HTTP/1.1 2".len()]; - if slice != b"HTTP/1.1 2" && slice != b"HTTP/1.0 2" - || self.server_inbuf[http_len] != b' ' - { - let status_str = String::from_utf8_lossy(&status_line.as_slice()[0..http_len]); - let e = - format!("Expected success status code. Server replied with {status_str}."); - return Err(e.into()); - } - self.state = HttpState::ExpectResponse; - return self.state_change(); - } - HttpState::ExpectResponse => { - let mut counter = 0usize; - for b_ref in self.server_inbuf.iter() { - let b = *b_ref; + HttpState::ExpectResponseHeaders => { + while self.counter < self.server_inbuf.len() { + let b = self.server_inbuf[self.counter]; if b == b'\n' { self.crlf_state += 1; } else if b != b'\r' { self.crlf_state = 0; } - counter += 1; + self.counter += 1; if self.crlf_state == 2 { - self.server_inbuf.drain(0..counter); - - self.server_outbuf.append(&mut self.data_buf); - self.data_buf.clear(); - - self.state = HttpState::Established; - return self.state_change(); + break; } } - self.server_inbuf.drain(0..counter); + if self.crlf_state != 2 { + // Waiting for the end of the headers yet + return Ok(()); + } + + self.counter = 0; + self.crlf_state = 0; + + let mut headers = [httparse::EMPTY_HEADER; 16]; + let mut res = Response::new(&mut headers); + + // First make the buffer contiguous + let slice = self.server_inbuf.make_contiguous(); + let status = res.parse(slice)?; + if status.is_partial() { + // TODO: Optimize in order to detect 200 + return Ok(()); + } + let len = status.unwrap(); + let status_code = res.code.unwrap(); + let version = res.version.unwrap(); + + if status_code == 200 { + // Connection successful + self.state = HttpState::Established; + self.server_inbuf.clear(); + + self.server_outbuf.append(&mut self.data_buf); + self.data_buf.clear(); + + return self.state_change(); + } + + if status_code != 407 { + let e = + format!("Expected success status code. Server replied with {status_code} [Reason: {}].", res.reason.unwrap()); + return Err(e.into()); + } + + let headers_map: HashMap, &[u8], RandomState> = + HashMap::from_iter(headers.map(|x| (UniCase::new(x.name), x.value))); + + let Some(auth_data) = headers_map.get(&UniCase::new(PROXY_AUTHENTICATE)) else { + return Err("Proxy requires auth but doesn't send it datails".into()); + }; + + if !auth_data[..6].eq_ignore_ascii_case(b"digest") { + // Fail to auth and the scheme isn't in the + // supported auth method schemes + return Err("Bad credentials".into()); + } + + // Analize challenge params + let data = str::from_utf8(auth_data)?; + let state = digest_auth::parse(data)?; + if self.before && !state.stale { + return Err("Bad credentials".into()); + } + + // Update the digest state + self.digest_state.replace(Some(state)); + self.before = true; + + let closed = match headers_map.get(&UniCase::new(CONNECTION)) { + Some(conn_header) => conn_header.eq_ignore_ascii_case(b"close"), + None => false, + }; + + if closed || version == 0 { + // Close mio stream connection and reset it + // Reset all the buffers + self.server_inbuf.clear(); + self.server_outbuf.clear(); + self.send_tunnel_request()?; + + self.state = HttpState::Reset; + return Ok(()); + } + + // The HTTP/1.1 expected to be keep alive waiting for the next frame so, we must + // compute the lenght of the response in order to detect the next frame (response) + // [RFC-9112](https://datatracker.ietf.org/doc/html/rfc9112#body.content-length) + + // Transfer-Encoding isn't supported yet + if let Some(_) = headers_map.get(&UniCase::new(TRANSFER_ENCODING)) { + unimplemented!("Header Transfer-Encoding not supported"); + } + + let content_length = match headers_map.get(&UniCase::new(CONTENT_LENGTH)) { + Some(v) => { + let value = str::from_utf8(v)?; + + // https://www.rfc-editor.org/rfc/rfc9110#section-5.6.1 + match value.parse::() { + Ok(x) => x, + Err(_) => { + let mut it = value.split(',').map(|x| x.parse::()); + let f = it.next().unwrap()?; + for k in it { + if k? != f { + return Err("Malformed response".into()); + } + } + f + } + } + } + None => { + // Close the connection by information miss + self.server_inbuf.clear(); + self.server_outbuf.clear(); + self.send_tunnel_request()?; + + self.state = HttpState::Reset; + return Ok(()); + } + }; + + // Handshake state + self.state = HttpState::ExpectResponse; + self.skip = content_length + len; + + return self.state_change(); + } + HttpState::ExpectResponse => { + if self.skip > 0 { + let cnt = self.skip.min(self.server_inbuf.len()); + self.server_inbuf.drain(..cnt); + self.skip -= cnt; + } + + if self.skip == 0 { + // Expected to the server_inbuff to be empty + + // self.server_outbuf.append(&mut self.data_buf); + // self.data_buf.clear(); + self.send_tunnel_request()?; + self.state = HttpState::ExpectResponseHeaders; + + return self.state_change(); + } } HttpState::Established => { self.client_outbuf.extend(self.server_inbuf.iter()); @@ -110,6 +309,9 @@ impl HttpConnection { self.server_inbuf.clear(); self.client_inbuf.clear(); } + HttpState::Reset => { + self.state = HttpState::ExpectResponseHeaders; + } _ => {} } Ok(()) @@ -175,11 +377,16 @@ impl TcpProxy for HttpConnection { }, } } + + fn reset_connection(&self) -> bool { + self.state == HttpState::Reset + } } pub(crate) struct HttpManager { server: SocketAddr, credentials: Option, + digest_state: Rc>>, } impl ConnectionManager for HttpManager { @@ -195,7 +402,11 @@ impl ConnectionManager for HttpManager { if connection.proto != IpProtocol::Tcp { return Ok(None); } - Ok(Some(Box::new(HttpConnection::new(connection, manager)))) + Ok(Some(Box::new(HttpConnection::new( + connection, + manager, + self.digest_state.clone(), + )?))) } fn close_connection(&self, _: &Connection) {} @@ -214,6 +425,7 @@ impl HttpManager { Rc::new(Self { server, credentials, + digest_state: Rc::new(RefCell::new(None)), }) } } diff --git a/src/lib.rs b/src/lib.rs index 1c8bb00..6d65302 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -110,15 +110,15 @@ impl Options { #[derive(Default, Clone, Debug)] pub struct Credentials { - pub(crate) username: Vec, - pub(crate) password: Vec, + pub(crate) username: String, + pub(crate) password: String, } impl Credentials { pub fn new(username: &str, password: &str) -> Self { Self { - username: username.as_bytes().to_vec(), - password: password.as_bytes().to_vec(), + username: String::from(username), + password: String::from(password), } } } diff --git a/src/socks.rs b/src/socks.rs index 69b6cab..ed1b477 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -156,10 +156,10 @@ impl SocksConnection { } self.server_outbuf.extend(ip_vec); if let Some(credentials) = credentials { - self.server_outbuf.extend(&credentials.username); + self.server_outbuf.extend(credentials.username.as_bytes()); if !credentials.password.is_empty() { self.server_outbuf.push_back(b':'); - self.server_outbuf.extend(&credentials.password); + self.server_outbuf.extend(credentials.password.as_bytes()); } } self.server_outbuf.push_back(0); @@ -250,10 +250,10 @@ impl SocksConnection { let credentials = self.credentials.as_ref().unwrap_or(&tmp); self.server_outbuf .extend(&[1u8, credentials.username.len() as u8]); - self.server_outbuf.extend(&credentials.username); + self.server_outbuf.extend(credentials.username.as_bytes()); self.server_outbuf .extend(&[credentials.password.len() as u8]); - self.server_outbuf.extend(&credentials.password); + self.server_outbuf.extend(credentials.password.as_bytes()); self.state = SocksState::ReceiveAuthResponse; self.state_change() } @@ -424,6 +424,10 @@ impl TcpProxy for SocksConnection { }, } } + + fn reset_connection(&self) -> bool { + false + } } pub struct SocksManager { diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index ec984b4..876377e 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -228,6 +228,7 @@ pub(crate) trait TcpProxy { fn peek_data(&mut self, dir: OutgoingDirection) -> OutgoingDataEvent; fn connection_established(&self) -> bool; fn have_data(&mut self, dir: Direction) -> bool; + fn reset_connection(&self) -> bool; } pub(crate) trait ConnectionManager { @@ -291,7 +292,7 @@ impl<'a> TunToProxy<'a> { let mut virt = VirtualTunDevice::new(tun.capabilities()); let gateway4: Ipv4Addr = Ipv4Addr::from_str("0.0.0.1")?; let gateway6: Ipv6Addr = Ipv6Addr::from_str("::1")?; - let mut iface = Interface::new(config, &mut virt); + let mut iface = Interface::new(config, &mut virt, smoltcp::time::Instant::now()); iface.update_ip_addrs(|ip_addrs| { ip_addrs.push(IpCidr::new(gateway4.into(), 0)).unwrap(); ip_addrs.push(IpCidr::new(gateway6.into(), 0)).unwrap() @@ -699,6 +700,10 @@ impl<'a> TunToProxy<'a> { return Ok(()); } let connection = conn_ref.unwrap().clone(); + let server = self + .get_connection_manager(&connection) + .unwrap() + .get_server(); (|| -> Result<(), Error> { if event.is_readable() || event.is_read_closed() { @@ -737,6 +742,30 @@ impl<'a> TunToProxy<'a> { return Ok(()); } + // The handler request for reset the server connection + if state.handler.reset_connection() { + // Closes the connection with the proxy + state.mio_stream.shutdown(Both)?; + + info!("RESETED {}", connection); + + // TODO: Improve the call upstairs + state.mio_stream = TcpStream::connect(server)?; + + _ = self.poll.registry().deregister(&mut state.mio_stream); + self.poll.registry().register( + &mut state.mio_stream, + state.token, + Interest::WRITABLE, + )?; + + state.wait_read = true; + state.wait_write = true; + state.close_state = 0; + + return Ok(()); + } + if read == 0 || event.is_read_closed() { state.wait_read = false; state.close_state |= SERVER_WRITE_CLOSED; From 45dae7926314df387a5d02cb5a03b1f3e7b5ff8b Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Fri, 30 Jun 2023 21:14:28 +0200 Subject: [PATCH 034/401] Update smoltcp to version 0.10.0 --- Cargo.toml | 2 +- src/tun2proxy.rs | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index b5fcb1b..297c289 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,7 +20,7 @@ log = "0.4" mio = { version = "0.8", features = ["os-poll", "net", "os-ext"] } nix = { version = "0.26", features = ["process", "signal"] } prctl = "1.0" -smoltcp = { version = "0.9.1", git = "https://github.com/smoltcp-rs/smoltcp", features = ["std", "phy-tuntap_interface"] } +smoltcp = { version = "0.10.0", features = ["std", "phy-tuntap_interface"] } thiserror = "1.0" url = "2.3" diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index ec984b4..6f1c3d8 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -9,6 +9,7 @@ use mio::{Events, Interest, Poll, Token}; use smoltcp::iface::{Config, Interface, SocketHandle, SocketSet}; use smoltcp::phy::{Device, Medium, RxToken, TunTapInterface, TxToken}; use smoltcp::socket::tcp::State; +use smoltcp::socket::udp::UdpMetadata; use smoltcp::socket::{tcp, udp}; use smoltcp::time::Instant; use smoltcp::wire::{IpCidr, IpProtocol, Ipv4Packet, Ipv6Packet, TcpPacket, UdpPacket}; @@ -291,7 +292,7 @@ impl<'a> TunToProxy<'a> { let mut virt = VirtualTunDevice::new(tun.capabilities()); let gateway4: Ipv4Addr = Ipv4Addr::from_str("0.0.0.1")?; let gateway6: Ipv6Addr = Ipv6Addr::from_str("::1")?; - let mut iface = Interface::new(config, &mut virt); + let mut iface = Interface::new(config, &mut virt, Instant::now()); iface.update_ip_addrs(|ip_addrs| { ip_addrs.push(IpCidr::new(gateway4.into(), 0)).unwrap(); ip_addrs.push(IpCidr::new(gateway6.into(), 0)).unwrap() @@ -576,7 +577,10 @@ impl<'a> TunToProxy<'a> { let dst = SocketAddr::try_from(dst)?; socket.bind(dst)?; socket - .send_slice(response.as_slice(), resolved_conn.src.into()) + .send_slice( + response.as_slice(), + UdpMetadata::from(resolved_conn.src), + ) .expect("failed to send DNS response"); let handle = self.sockets.add(socket); self.expect_smoltcp_send()?; From 1dc827e84c8f0f4289809fe698a967fb9c910925 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Fri, 30 Jun 2023 21:21:40 +0200 Subject: [PATCH 035/401] Apply clippy suggestions --- src/http.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/http.rs b/src/http.rs index ba0decb..8e75d5c 100644 --- a/src/http.rs +++ b/src/http.rs @@ -245,7 +245,7 @@ impl HttpConnection { // [RFC-9112](https://datatracker.ietf.org/doc/html/rfc9112#body.content-length) // Transfer-Encoding isn't supported yet - if let Some(_) = headers_map.get(&UniCase::new(TRANSFER_ENCODING)) { + if headers_map.get(&UniCase::new(TRANSFER_ENCODING)).is_some() { unimplemented!("Header Transfer-Encoding not supported"); } From a292be4bd8d0836b333f0ff29eab53125487a14e Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Sat, 1 Jul 2023 22:17:25 +0200 Subject: [PATCH 036/401] Update README --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index f425692..bc3ab83 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,14 @@ # tun2proxy A tunnel interface for HTTP and SOCKS proxies on Linux based on [smoltcp](https://github.com/smoltcp-rs/smoltcp). +## Features +- HTTP proxy support (unauthenticated, basic and digest auth) +- SOCKS4 and SOCKS5 support (unauthenticated, username/password auth) +- SOCKS4a and SOCKS5h support (through the virtual DNS feature) +- Minimal configuration setup for routing all traffic +- IPv4 and IPv6 support +- GFW evasion mechanism for certain use cases (see [issue #35](https://github.com/blechschmidt/tun2proxy/issues/35)) + ## Build Clone the repository and `cd` into the project folder. Then run the following: ``` From 3e26675919877d834bb2e15482c0b60cfb07734a Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Sun, 2 Jul 2023 23:02:08 +0200 Subject: [PATCH 037/401] Support seamless digest auth with Connection: close (see PR #44) --- src/http.rs | 1 + src/tun2proxy.rs | 14 ++++---------- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/src/http.rs b/src/http.rs index 8e75d5c..3db3787 100644 --- a/src/http.rs +++ b/src/http.rs @@ -311,6 +311,7 @@ impl HttpConnection { } HttpState::Reset => { self.state = HttpState::ExpectResponseHeaders; + return self.state_change(); } _ => {} } diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 58b47ce..6bc9529 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -748,24 +748,18 @@ impl<'a> TunToProxy<'a> { // The handler request for reset the server connection if state.handler.reset_connection() { + _ = self.poll.registry().deregister(&mut state.mio_stream); // Closes the connection with the proxy state.mio_stream.shutdown(Both)?; - info!("RESETED {}", connection); + info!("RESET {}", connection); - // TODO: Improve the call upstairs state.mio_stream = TcpStream::connect(server)?; - _ = self.poll.registry().deregister(&mut state.mio_stream); - self.poll.registry().register( - &mut state.mio_stream, - state.token, - Interest::WRITABLE, - )?; - state.wait_read = true; state.wait_write = true; - state.close_state = 0; + + self.update_mio_socket_interest(&connection)?; return Ok(()); } From ab9f8011f047443d0f6df1342abfaa5ccc7e401e Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Fri, 21 Jul 2023 14:42:55 +0800 Subject: [PATCH 038/401] Update dependencies --- Cargo.toml | 14 +++++++------- src/error.rs | 14 +++++--------- 2 files changed, 12 insertions(+), 16 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 6ebe9c2..cedd349 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -9,12 +9,14 @@ crate-type = ["cdylib", "lib"] [dependencies] base64 = { version = "0.21" } -clap = { version = "4.1", features = ["derive"] } -ctrlc = "3.2" +clap = { version = "4.3", features = ["derive"] } +ctrlc = "3.4" +digest_auth = "0.3.1" dotenvy = "0.15" env_logger = "0.10" fork = "0.1" hashlink = "0.8" +httparse = "1.8.0" libc = "0.2" log = "0.4" mio = { version = "0.8", features = ["os-poll", "net", "os-ext"] } @@ -22,17 +24,15 @@ nix = { version = "0.26", features = ["process", "signal"] } prctl = "1.0" smoltcp = { version = "0.10.0", features = ["std", "phy-tuntap_interface"] } thiserror = "1.0" -url = "2.3" -digest_auth = "0.3.1" -httparse = "1.8.0" unicase = "2.6.0" +url = "2.4" [target.'cfg(target_os="android")'.dependencies] android_logger = "0.13" jni = { version = "0.21", default-features = false } [dev-dependencies] -ctor = "0.1" +ctor = "0.2" reqwest = { version = "0.11", default-features = false, features = ["blocking", "json", "rustls-tls"] } -serial_test = "1.0" +serial_test = "2.0" test-log = "0.2" diff --git a/src/error.rs b/src/error.rs index dbfe962..86596f4 100644 --- a/src/error.rs +++ b/src/error.rs @@ -34,15 +34,9 @@ pub enum Error { #[error("jni::errors::Error {0:?}")] Jni(#[from] jni::errors::Error), - #[error("&str {0}")] - Str(String), - - #[error("String {0}")] + #[error("{0}")] String(String), - #[error("&String {0}")] - RefString(String), - #[error("nix::errno::Errno {0:?}")] OSError(#[from] nix::errno::Errno), @@ -58,7 +52,7 @@ pub enum Error { impl From<&str> for Error { fn from(err: &str) -> Self { - Self::Str(err.to_string()) + Self::String(err.to_string()) } } @@ -70,6 +64,8 @@ impl From for Error { impl From<&String> for Error { fn from(err: &String) -> Self { - Self::RefString(err.to_string()) + Self::String(err.to_string()) } } + +pub type Result = std::result::Result; From c61b6c74cddbc0a8511925a2c08a52159823f879 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sun, 23 Jul 2023 02:03:15 +0800 Subject: [PATCH 039/401] swith socks5-impl --- Cargo.toml | 1 + README.md | 7 ++- src/android.rs | 3 +- src/http.rs | 49 ++++++++------- src/lib.rs | 29 +++------ src/main.rs | 24 +++----- src/setup.rs | 25 ++++---- src/socks.rs | 124 ++++++++++--------------------------- src/tun2proxy.rs | 154 ++++++++++++++-------------------------------- src/virtdevice.rs | 9 +-- src/virtdns.rs | 39 ++++++------ 11 files changed, 163 insertions(+), 301 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index cedd349..11adae6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -23,6 +23,7 @@ mio = { version = "0.8", features = ["os-poll", "net", "os-ext"] } nix = { version = "0.26", features = ["process", "signal"] } prctl = "1.0" smoltcp = { version = "0.10.0", features = ["std", "phy-tuntap_interface"] } +socks5-impl = { version = "0.4", default-features = false } thiserror = "1.0" unicase = "2.6.0" url = "2.4" diff --git a/README.md b/README.md index bc3ab83..1925a4e 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ Apart from SOCKS5, SOCKS4 and HTTP are supported. Note that if your proxy is a non-global IP address (e.g. because the proxy is provided by some tunneling tool running locally), you will additionally need to provide the public IP address of the server through which the traffic is -actually tunneled. In such a case, the tool will tell you to specify the address through `--setup-ip
` if you +actually tunneled. In such a case, the tool will tell you to specify the address through `--bypass-ip
` if you wish to make use of the automated setup feature. ## Manual Setup @@ -40,6 +40,7 @@ A standard setup, which would route all traffic from your system through the tun PROXY_TYPE=SOCKS5 PROXY_IP=1.2.3.4 PROXY_PORT=1080 +BYPASS_IP=123.45.67.89 # Create a tunnel interface named tun0 which your user can bind to, # so we don't need to run tun2proxy as root. @@ -48,7 +49,7 @@ sudo ip link set tun0 up # To prevent a routing loop, we add a route to the proxy server that behaves # like the default route. -sudo ip route add "$PROXY_IP" $(ip route | grep '^default' | cut -d ' ' -f 2-) +sudo ip route add "$BYPASS_IP" $(ip route | grep '^default' | cut -d ' ' -f 2-) # Route all your traffic through tun0 without interfering with the default route. sudo ip route add 128.0.0.0/1 dev tun0 @@ -92,7 +93,7 @@ Options: -p, --proxy Proxy URL in the form proto://[username[:password]@]host:port -d, --dns DNS handling [default: virtual] [possible values: virtual, none] -s, --setup Routing and system setup [possible values: auto] - --setup-ip Public proxy IP used in routing setup + --bypass-ip Public proxy IP used in routing setup which should bypassing the tunnel -h, --help Print help -V, --version Print version ``` diff --git a/src/android.rs b/src/android.rs index 4f642c8..02d4e5b 100644 --- a/src/android.rs +++ b/src/android.rs @@ -1,7 +1,6 @@ #![cfg(target_os = "android")] -use crate::tun2proxy::TunToProxy; -use crate::{error::Error, tun_to_proxy, NetworkInterface, Options, Proxy}; +use crate::{error::Error, tun2proxy::TunToProxy, tun_to_proxy, NetworkInterface, Options, Proxy}; use jni::{ objects::{JClass, JString}, sys::{jboolean, jint}, diff --git a/src/http.rs b/src/http.rs index 3db3787..d5ff54f 100644 --- a/src/http.rs +++ b/src/http.rs @@ -1,19 +1,22 @@ -use crate::error::Error; -use crate::tun2proxy::{ - Connection, ConnectionManager, Destination, Direction, IncomingDataEvent, IncomingDirection, - OutgoingDataEvent, OutgoingDirection, TcpProxy, +use crate::{ + error::Error, + tun2proxy::{ + Connection, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, + OutgoingDataEvent, OutgoingDirection, TcpProxy, + }, }; -use crate::Credentials; use base64::Engine; use httparse::Response; use smoltcp::wire::IpProtocol; -use std::cell::RefCell; -use std::collections::hash_map::RandomState; -use std::collections::{HashMap, VecDeque}; -use std::iter::FromIterator; -use std::net::SocketAddr; -use std::rc::Rc; -use std::str; +use socks5_impl::protocol::{Address, UserKey}; +use std::{ + cell::RefCell, + collections::{hash_map::RandomState, HashMap, VecDeque}, + iter::FromIterator, + net::SocketAddr, + rc::Rc, + str, +}; use unicase::UniCase; #[derive(Eq, PartialEq, Debug)] @@ -48,8 +51,8 @@ pub struct HttpConnection { skip: usize, digest_state: Rc>>, before: bool, - credentials: Option, - destination: Destination, + credentials: Option, + destination: Address, } static PROXY_AUTHENTICATE: &str = "Proxy-Authenticate"; @@ -66,11 +69,11 @@ impl HttpConnection { ) -> Result { let mut res = Self { state: HttpState::ExpectResponseHeaders, - client_inbuf: Default::default(), - server_inbuf: Default::default(), - client_outbuf: Default::default(), - server_outbuf: Default::default(), - data_buf: Default::default(), + client_inbuf: VecDeque::default(), + server_inbuf: VecDeque::default(), + client_outbuf: VecDeque::default(), + server_outbuf: VecDeque::default(), + data_buf: VecDeque::default(), skip: 0, counter: 0, crlf_state: 0, @@ -110,7 +113,7 @@ impl HttpConnection { match scheme { AuthenticationScheme::Digest => { - let uri = format!("{}:{}", self.destination.host, self.destination.port); + let uri = self.destination.to_string(); let context = digest_auth::AuthContext::new_with_method( &credentials.username, @@ -386,7 +389,7 @@ impl TcpProxy for HttpConnection { pub(crate) struct HttpManager { server: SocketAddr, - credentials: Option, + credentials: Option, digest_state: Rc>>, } @@ -416,13 +419,13 @@ impl ConnectionManager for HttpManager { self.server } - fn get_credentials(&self) -> &Option { + fn get_credentials(&self) -> &Option { &self.credentials } } impl HttpManager { - pub fn new(server: SocketAddr, credentials: Option) -> Rc { + pub fn new(server: SocketAddr, credentials: Option) -> Rc { Rc::new(Self { server, credentials, diff --git a/src/lib.rs b/src/lib.rs index 6d65302..2c743c0 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,6 +1,8 @@ -use crate::error::Error; -use crate::socks::SocksVersion; -use crate::{http::HttpManager, socks::SocksManager, tun2proxy::TunToProxy}; +use crate::{ + error::Error, http::HttpManager, socks::SocksManager, socks::SocksVersion, + tun2proxy::TunToProxy, +}; +use socks5_impl::protocol::UserKey; use std::net::{SocketAddr, ToSocketAddrs}; mod android; @@ -16,7 +18,7 @@ mod virtdns; pub struct Proxy { pub proxy_type: ProxyType, pub addr: SocketAddr, - pub credentials: Option, + pub credentials: Option, } pub enum NetworkInterface { @@ -48,7 +50,7 @@ impl Proxy { } else { let username = String::from(url.username()); let password = String::from(url.password().unwrap_or("")); - Some(Credentials::new(&username, &password)) + Some(UserKey::new(username, password)) }; let scheme = url.scheme(); @@ -94,7 +96,7 @@ pub struct Options { impl Options { pub fn new() -> Self { - Default::default() + Options::default() } pub fn with_virtual_dns(mut self) -> Self { @@ -108,21 +110,6 @@ impl Options { } } -#[derive(Default, Clone, Debug)] -pub struct Credentials { - pub(crate) username: String, - pub(crate) password: String, -} - -impl Credentials { - pub fn new(username: &str, password: &str) -> Self { - Self { - username: String::from(username), - password: String::from(password), - } - } -} - pub fn tun_to_proxy<'a>( interface: &NetworkInterface, proxy: &Proxy, diff --git a/src/main.rs b/src/main.rs index 43b128e..bcf8519 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,12 +1,7 @@ use clap::Parser; use env_logger::Env; - -use std::net::IpAddr; -use std::process::ExitCode; - -use tun2proxy::error::Error; -use tun2proxy::{main_entry, Proxy}; -use tun2proxy::{NetworkInterface, Options}; +use std::{net::IpAddr, process::ExitCode}; +use tun2proxy::{error::Error, main_entry, NetworkInterface, Options, Proxy}; #[cfg(target_os = "linux")] use tun2proxy::setup::{get_default_cidrs, Setup}; @@ -45,9 +40,9 @@ struct Args { #[arg(short, long, value_name = "method", value_enum)] setup: Option, - /// Public proxy IP used in routing setup + /// Public proxy IP used in routing setup which should bypassing the tunnel #[arg(long, value_name = "IP")] - setup_ip: Option, + bypass_ip: Option, } #[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, clap::ValueEnum)] @@ -83,12 +78,12 @@ fn main() -> ExitCode { } }; - if let Err(e) = (|| -> Result<(), Error> { + let block = || -> Result<(), Error> { #[cfg(target_os = "linux")] { let mut setup: Setup; if args.setup == Some(ArgSetup::Auto) { - let bypass_tun_ip = match args.setup_ip { + let bypass_tun_ip = match args.bypass_ip { Some(addr) => addr, None => args.proxy.addr.ip(), }; @@ -96,7 +91,7 @@ fn main() -> ExitCode { &args.tun, &bypass_tun_ip, get_default_cidrs(), - args.setup_ip.is_some(), + args.bypass_ip.is_some(), ); setup.configure()?; @@ -108,10 +103,11 @@ fn main() -> ExitCode { main_entry(&interface, &args.proxy, options)?; Ok(()) - })() { + }; + if let Err(e) = block() { log::error!("{e}"); return ExitCode::FAILURE; - }; + } ExitCode::SUCCESS } diff --git a/src/setup.rs b/src/setup.rs index 7728d0f..8838ab3 100644 --- a/src/setup.rs +++ b/src/setup.rs @@ -1,20 +1,17 @@ #![cfg(target_os = "linux")] use crate::error::Error; -use smoltcp::wire::IpCidr; -use std::convert::TryFrom; - -use std::ffi::OsStr; -use std::io::BufRead; -use std::net::{IpAddr, Ipv4Addr, Ipv6Addr}; - -use std::os::unix::io::RawFd; - -use std::process::{Command, Output}; - -use std::str::FromStr; - use fork::Fork; +use smoltcp::wire::IpCidr; +use std::{ + convert::TryFrom, + ffi::OsStr, + io::BufRead, + net::{IpAddr, Ipv4Addr, Ipv6Addr}, + os::unix::io::RawFd, + process::{Command, Output}, + str::FromStr, +}; #[derive(Clone)] pub struct Setup { @@ -320,7 +317,7 @@ impl Setup { if self.tunnel_bypass_addr.is_loopback() && !self.allow_private { log::warn!( "The proxy address {} is a loopback address. You may need to manually \ - provide --setup-ip to specify the server IP bypassing the tunnel", + provide --bypass-ip to specify the server IP bypassing the tunnel", self.tunnel_bypass_addr ) } diff --git a/src/socks.rs b/src/socks.rs index ed1b477..cb460f8 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -1,16 +1,13 @@ -use std::collections::VecDeque; -use std::convert::TryFrom; -use std::net::{IpAddr, SocketAddr}; -use std::rc::Rc; - -use smoltcp::wire::IpProtocol; - -use crate::error::Error; -use crate::tun2proxy::{ - Connection, ConnectionManager, DestinationHost, Direction, IncomingDataEvent, - IncomingDirection, OutgoingDataEvent, OutgoingDirection, TcpProxy, +use crate::{ + error::Error, + tun2proxy::{ + Connection, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, + OutgoingDataEvent, OutgoingDirection, TcpProxy, + }, }; -use crate::Credentials; +use smoltcp::wire::IpProtocol; +use socks5_impl::protocol::{self, Address, AddressType, UserKey}; +use std::{collections::VecDeque, convert::TryFrom, net::SocketAddr, rc::Rc}; #[derive(Eq, PartialEq, Debug)] #[allow(dead_code)] @@ -24,32 +21,6 @@ enum SocksState { Established, } -#[repr(u8)] -#[derive(Copy, Clone, PartialEq, Debug)] -enum SocksAddressType { - Ipv4 = 1, - DomainName = 3, - Ipv6 = 4, -} - -impl TryFrom for SocksAddressType { - type Error = Error; - fn try_from(value: u8) -> Result { - match value { - 1 => Ok(SocksAddressType::Ipv4), - 3 => Ok(SocksAddressType::DomainName), - 4 => Ok(SocksAddressType::Ipv6), - _ => Err(format!("Unknown address type: {}", value).into()), - } - } -} - -impl From for u8 { - fn from(value: SocksAddressType) -> Self { - value as u8 - } -} - #[repr(u8)] #[derive(Copy, Clone, PartialEq, Debug)] pub enum SocksVersion { @@ -57,15 +28,6 @@ pub enum SocksVersion { V5 = 5, } -#[repr(u8)] -#[derive(Copy, Clone, PartialEq, Debug)] -#[allow(dead_code)] -pub enum SocksCommand { - Connect = 1, - Bind = 2, - UdpAssociate = 3, -} - #[allow(dead_code)] enum SocksAuthentication { None = 0, @@ -105,7 +67,7 @@ pub(crate) struct SocksConnection { server_outbuf: VecDeque, data_buf: VecDeque, version: SocksVersion, - credentials: Option, + credentials: Option, } impl SocksConnection { @@ -133,22 +95,20 @@ impl SocksConnection { let credentials = &self.credentials; match self.version { SocksVersion::V4 => { - self.server_outbuf.extend(&[ - self.version as u8, - SocksCommand::Connect as u8, - (self.connection.dst.port >> 8) as u8, - (self.connection.dst.port & 0xff) as u8, - ]); + self.server_outbuf + .extend(&[self.version as u8, protocol::Command::Connect.into()]); + self.server_outbuf + .extend(self.connection.dst.port().to_be_bytes()); let mut ip_vec = Vec::::new(); let mut name_vec = Vec::::new(); - match &self.connection.dst.host { - DestinationHost::Address(dst_ip) => { - match dst_ip { - IpAddr::V4(ip) => ip_vec.extend(ip.octets().as_ref()), - IpAddr::V6(_) => return Err("SOCKS4 does not support IPv6".into()), - }; + match &self.connection.dst { + Address::SocketAddress(SocketAddr::V4(addr)) => { + ip_vec.extend(addr.ip().octets().as_ref()); } - DestinationHost::Hostname(host) => { + Address::SocketAddress(SocketAddr::V6(_)) => { + return Err("SOCKS4 does not support IPv6".into()); + } + Address::DomainAddress(host, _) => { ip_vec.extend(&[0, 0, 0, host.len() as u8]); name_vec.extend(host.as_bytes()); name_vec.push(0); @@ -246,7 +206,7 @@ impl SocksConnection { } fn send_auth_data(&mut self) -> Result<(), Error> { - let tmp = Credentials::default(); + let tmp = UserKey::default(); let credentials = self.credentials.as_ref().unwrap_or(&tmp); self.server_outbuf .extend(&[1u8, credentials.username.len() as u8]); @@ -287,8 +247,8 @@ impl SocksConnection { return Err("SOCKS5 connection unsuccessful.".into()); } - let message_length = match SocksAddressType::try_from(atyp)? { - SocksAddressType::DomainName => { + let message_length = match AddressType::try_from(atyp)? { + AddressType::Domain => { if self.server_inbuf.len() < 5 { return Ok(()); } @@ -297,8 +257,8 @@ impl SocksConnection { } 7 + (self.server_inbuf[4] as usize) } - SocksAddressType::Ipv4 => 10, - SocksAddressType::Ipv6 => 22, + AddressType::IPv4 => 10, + AddressType::IPv6 => 22, }; self.server_inbuf.drain(0..message_length); @@ -310,30 +270,8 @@ impl SocksConnection { } fn send_request(&mut self) -> Result<(), Error> { - self.server_outbuf.extend(&[5u8, 1, 0]); - match &self.connection.dst.host { - DestinationHost::Address(dst_ip) => { - let cmd = if dst_ip.is_ipv4() { - SocksAddressType::Ipv4 - } else { - SocksAddressType::Ipv6 - }; - self.server_outbuf.extend(&[u8::from(cmd)]); - match dst_ip { - IpAddr::V4(ip) => self.server_outbuf.extend(ip.octets().as_ref()), - IpAddr::V6(ip) => self.server_outbuf.extend(ip.octets().as_ref()), - }; - } - DestinationHost::Hostname(host) => { - self.server_outbuf - .extend(&[u8::from(SocksAddressType::DomainName), host.len() as u8]); - self.server_outbuf.extend(host.as_bytes()); - } - } - self.server_outbuf.extend(&[ - (self.connection.dst.port >> 8) as u8, - (self.connection.dst.port & 0xff) as u8, - ]); + protocol::Request::new(protocol::Command::Connect, self.connection.dst.clone()) + .write_to_stream(&mut self.server_outbuf)?; self.state = SocksState::ReceiveResponse; self.state_change() } @@ -432,7 +370,7 @@ impl TcpProxy for SocksConnection { pub struct SocksManager { server: SocketAddr, - credentials: Option, + credentials: Option, version: SocksVersion, } @@ -462,7 +400,7 @@ impl ConnectionManager for SocksManager { self.server } - fn get_credentials(&self) -> &Option { + fn get_credentials(&self) -> &Option { &self.credentials } } @@ -471,7 +409,7 @@ impl SocksManager { pub fn new( server: SocketAddr, version: SocksVersion, - credentials: Option, + credentials: Option, ) -> Rc { Rc::new(Self { server, diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 6bc9529..d5af74a 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -1,91 +1,35 @@ -use crate::error::Error; -use crate::virtdevice::VirtualTunDevice; -use crate::{Credentials, NetworkInterface, Options}; -use log::{error, info}; -use mio::event::Event; -use mio::net::TcpStream; -use mio::unix::SourceFd; -use mio::{Events, Interest, Poll, Token}; -use smoltcp::iface::{Config, Interface, SocketHandle, SocketSet}; -use smoltcp::phy::{Device, Medium, RxToken, TunTapInterface, TxToken}; -use smoltcp::socket::tcp::State; -use smoltcp::socket::udp::UdpMetadata; -use smoltcp::socket::{tcp, udp}; -use smoltcp::time::Instant; -use smoltcp::wire::{IpCidr, IpProtocol, Ipv4Packet, Ipv6Packet, TcpPacket, UdpPacket}; -use std::collections::{HashMap, HashSet}; -use std::convert::{From, TryFrom}; -use std::io::{Read, Write}; -use std::net::Shutdown::Both; -use std::net::{IpAddr, Ipv4Addr, Ipv6Addr, Shutdown, SocketAddr}; -use std::os::unix::io::AsRawFd; -use std::rc::Rc; -use std::str::FromStr; - -#[derive(Hash, Clone, Eq, PartialEq, Debug)] -pub(crate) enum DestinationHost { - Address(IpAddr), - Hostname(String), -} - -impl std::fmt::Display for DestinationHost { - fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { - match self { - DestinationHost::Address(addr) => addr.fmt(f), - DestinationHost::Hostname(name) => name.fmt(f), - } - } -} - -#[derive(Hash, Clone, Eq, PartialEq, Debug)] -pub(crate) struct Destination { - pub(crate) host: DestinationHost, - pub(crate) port: u16, -} - -impl TryFrom for SocketAddr { - type Error = Error; - fn try_from(value: Destination) -> Result { - let ip = match value.host { - DestinationHost::Address(addr) => addr, - DestinationHost::Hostname(e) => { - return Err(e.into()); - } - }; - Ok(SocketAddr::new(ip, value.port)) - } -} - -impl From for Destination { - fn from(addr: SocketAddr) -> Self { - Self { - host: DestinationHost::Address(addr.ip()), - port: addr.port(), - } - } -} - -impl std::fmt::Display for Destination { - fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { - if let DestinationHost::Address(IpAddr::V6(addr)) = self.host { - write!(f, "[{}]:{}", addr, self.port) - } else { - write!(f, "{}:{}", self.host, self.port) - } - } -} +use crate::{error::Error, virtdevice::VirtualTunDevice, NetworkInterface, Options}; +use mio::{event::Event, net::TcpStream, unix::SourceFd, Events, Interest, Poll, Token}; +use smoltcp::{ + iface::{Config, Interface, SocketHandle, SocketSet}, + phy::{Device, Medium, RxToken, TunTapInterface, TxToken}, + socket::{tcp, tcp::State, udp, udp::UdpMetadata}, + time::Instant, + wire::{IpCidr, IpProtocol, Ipv4Packet, Ipv6Packet, TcpPacket, UdpPacket}, +}; +use socks5_impl::protocol::{Address, UserKey}; +use std::{ + collections::{HashMap, HashSet}, + convert::{From, TryFrom}, + io::{Read, Write}, + net::{IpAddr, Ipv4Addr, Ipv6Addr, Shutdown, Shutdown::Both, SocketAddr}, + os::unix::io::AsRawFd, + rc::Rc, + str::FromStr, +}; #[derive(Hash, Clone, Eq, PartialEq, Debug)] pub(crate) struct Connection { pub(crate) src: SocketAddr, - pub(crate) dst: Destination, + pub(crate) dst: Address, pub(crate) proto: IpProtocol, } impl Connection { fn to_named(&self, name: String) -> Self { let mut result = self.clone(); - result.dst.host = DestinationHost::Hostname(name); + result.dst = Address::from((name, result.dst.port())); + log::trace!("Replace dst \"{}\" -> \"{}\"", self.dst, result.dst); result } } @@ -160,7 +104,7 @@ fn connection_tuple(frame: &[u8]) -> Option<(Connection, bool, usize, usize)> { if let Ok(packet) = Ipv4Packet::new_checked(frame) { let proto = packet.next_header(); - let mut a: [u8; 4] = Default::default(); + let mut a = [0_u8; 4]; a.copy_from_slice(packet.src_addr().as_bytes()); let src_addr = IpAddr::from(a); a.copy_from_slice(packet.dst_addr().as_bytes()); @@ -187,7 +131,7 @@ fn connection_tuple(frame: &[u8]) -> Option<(Connection, bool, usize, usize)> { // TODO: Support extension headers. let proto = packet.next_header(); - let mut a: [u8; 16] = Default::default(); + let mut a = [0_u8; 16]; a.copy_from_slice(packet.src_addr().as_bytes()); let src_addr = IpAddr::from(a); a.copy_from_slice(packet.dst_addr().as_bytes()); @@ -241,7 +185,7 @@ pub(crate) trait ConnectionManager { ) -> Result>, Error>; fn close_connection(&self, connection: &Connection); fn get_server(&self) -> SocketAddr; - fn get_credentials(&self) -> &Option; + fn get_credentials(&self) -> &Option; } const TUN_TOKEN: Token = Token(0); @@ -354,7 +298,7 @@ impl<'a> TunToProxy<'a> { self.token_to_connection.remove(token); self.sockets.remove(conn.smoltcp_handle); _ = self.poll.registry().deregister(&mut conn.mio_stream); - info!("CLOSE {}", connection); + log::info!("CLOSE {}", connection); } Ok(()) } @@ -479,9 +423,7 @@ impl<'a> TunToProxy<'a> { // A raw packet was received on the tunnel interface. fn receive_tun(&mut self, frame: &mut [u8]) -> Result<(), Error> { - if let Some((connection, first_packet, _payload_offset, _payload_size)) = - connection_tuple(frame) - { + if let Some((connection, first_packet, offset, size)) = connection_tuple(frame) { let resolved_conn = match &mut self.options.virtdns { None => connection.clone(), Some(virt_dns) => { @@ -494,7 +436,7 @@ impl<'a> TunToProxy<'a> { } }; let dst = connection.dst; - (|| -> Result<(), Error> { + let handler = || -> Result<(), Error> { if resolved_conn.proto == IpProtocol::Tcp { let cm = self.get_connection_manager(&resolved_conn); if cm.is_none() { @@ -540,7 +482,7 @@ impl<'a> TunToProxy<'a> { self.connections.insert(resolved_conn.clone(), state); - info!("CONNECT {}", resolved_conn,); + log::info!("CONNECT {}", resolved_conn,); break; } } @@ -562,9 +504,9 @@ impl<'a> TunToProxy<'a> { // The connection handler builds up the connection or encapsulates the data. // Therefore, we now expect it to write data to the server. self.write_to_server(&resolved_conn)?; - } else if resolved_conn.proto == IpProtocol::Udp && resolved_conn.dst.port == 53 { + } else if resolved_conn.proto == IpProtocol::Udp && resolved_conn.dst.port() == 53 { if let Some(virtual_dns) = &mut self.options.virtdns { - let payload = &frame[_payload_offset.._payload_offset + _payload_size]; + let payload = &frame[offset..offset + size]; if let Some(response) = virtual_dns.receive_query(payload) { let rx_buffer = udp::PacketBuffer::new( vec![udp::PacketMetadata::EMPTY], @@ -590,12 +532,11 @@ impl<'a> TunToProxy<'a> { } // Otherwise, UDP is not yet supported. } - Ok(()) - })() - .or_else(|error| { - log::error! {"{error}"} Ok::<(), Error>(()) - })?; + }; + if let Err(error) = handler() { + log::error!("{}", error); + } } Ok(()) } @@ -709,7 +650,7 @@ impl<'a> TunToProxy<'a> { .unwrap() .get_server(); - (|| -> Result<(), Error> { + let mut block = || -> Result<(), Error> { if event.is_readable() || event.is_read_closed() { { let state = self.connections.get_mut(&connection).ok_or(e)?; @@ -721,7 +662,7 @@ impl<'a> TunToProxy<'a> { Ok(read_result) => read_result, Err(error) => { if error.kind() != std::io::ErrorKind::WouldBlock { - error!("Read from proxy: {}", error); + log::error!("Read from proxy: {}", error); } vecbuf.len() } @@ -752,7 +693,7 @@ impl<'a> TunToProxy<'a> { // Closes the connection with the proxy state.mio_stream.shutdown(Both)?; - info!("RESET {}", connection); + log::info!("RESET {}", connection); state.mio_stream = TcpStream::connect(server)?; @@ -785,14 +726,13 @@ impl<'a> TunToProxy<'a> { if event.is_writable() { self.write_to_server(&connection)?; } - - Ok(()) - })() - .or_else(|error| { - log::error! {"{error}"} + Ok::<(), Error>(()) + }; + if let Err(error) = block() { + log::error!("{}", error); self.remove_connection(&connection)?; - Ok(()) - }) + } + Ok(()) } fn udp_event(&mut self, _event: &Event) {} @@ -816,10 +756,10 @@ impl<'a> TunToProxy<'a> { self.send_to_smoltcp()?; } Err(e) => { - if e.kind() != std::io::ErrorKind::Interrupted { - return Err(e.into()); + if e.kind() == std::io::ErrorKind::Interrupted { + log::warn!("Poll interrupted: \"{e}\", ignored, continue polling"); } else { - log::warn!("Poll interrupted: {e}") + return Err(e.into()); } } } diff --git a/src/virtdevice.rs b/src/virtdevice.rs index c215159..fc862d9 100644 --- a/src/virtdevice.rs +++ b/src/virtdevice.rs @@ -1,6 +1,7 @@ -use smoltcp::phy; -use smoltcp::phy::{Device, DeviceCapabilities}; -use smoltcp::time::Instant; +use smoltcp::{ + phy::{self, Device, DeviceCapabilities}, + time::Instant, +}; #[derive(Default)] pub struct VirtualTunDevice { @@ -72,7 +73,7 @@ impl VirtualTunDevice { pub fn new(capabilities: DeviceCapabilities) -> Self { Self { capabilities, - ..Default::default() + ..VirtualTunDevice::default() } } } diff --git a/src/virtdns.rs b/src/virtdns.rs index 83a07fe..1da5c54 100644 --- a/src/virtdns.rs +++ b/src/virtdns.rs @@ -1,11 +1,12 @@ -use hashlink::linked_hash_map::RawEntryMut; -use hashlink::LruCache; +use hashlink::{linked_hash_map::RawEntryMut, LruCache}; use smoltcp::wire::Ipv4Cidr; -use std::collections::HashMap; -use std::convert::{TryFrom, TryInto}; -use std::net::{IpAddr, Ipv4Addr, Ipv6Addr}; -use std::str::FromStr; -use std::time::{Duration, Instant}; +use std::{ + collections::HashMap, + convert::{TryFrom, TryInto}, + net::{IpAddr, Ipv4Addr, Ipv6Addr}, + str::FromStr, + time::{Duration, Instant}, +}; const DNS_TTL: u8 = 30; // TTL in DNS replies in seconds const MAPPING_TIMEOUT: u64 = 60; // Mapping timeout in seconds @@ -43,7 +44,7 @@ impl Default for VirtualDns { Self { next_addr: start_addr.into(), - name_to_ip: Default::default(), + name_to_ip: HashMap::default(), network_addr: IpAddr::try_from(cidr.network().address().into_address()).unwrap(), broadcast_addr: IpAddr::try_from(cidr.broadcast().unwrap().into_address()).unwrap(), lru_cache: LruCache::new_unbounded(), @@ -53,7 +54,7 @@ impl Default for VirtualDns { impl VirtualDns { pub fn new() -> Self { - Default::default() + VirtualDns::default() } pub fn receive_query(&mut self, data: &[u8]) -> Option> { @@ -66,18 +67,17 @@ impl VirtualDns { // bit 7: Message is not truncated (0) // bit 8: Recursion desired (1) let is_supported_query = (data[2] & 0b11111011) == 0b00000001; - let num_queries = (data[4] as u16) << 8 | data[5] as u16; + let num_queries = u16::from_be_bytes(data[4..6].try_into().ok()?); if !is_supported_query || num_queries != 1 { return None; } - let result = VirtualDns::parse_qname(data, 12); - let (qname, offset) = result?; + let (qname, offset) = VirtualDns::parse_qname(data, 12)?; if offset + 3 >= data.len() { return None; } - let qtype = (data[offset] as u16) << 8 | data[offset + 1] as u16; - let qclass = (data[offset + 2] as u16) << 8 | data[offset + 3] as u16; + let qtype = u16::from_be_bytes(data[offset..offset + 2].try_into().ok()?); + let qclass = u16::from_be_bytes(data[offset + 2..offset + 4].try_into().ok()?); if qtype != DnsRecordType::A as u16 && qtype != DnsRecordType::AAAA as u16 || qclass != DnsClass::IN as u16 @@ -121,7 +121,7 @@ impl VirtualDns { 0, 0, 0, DNS_TTL, // TTL 0, 4, // Data length: 4 bytes ]); - match ip as IpAddr { + match ip { IpAddr::V4(ip) => response.extend(ip.octets().as_ref()), IpAddr::V6(ip) => response.extend(ip.octets().as_ref()), }; @@ -191,11 +191,10 @@ impl VirtualDns { let now = Instant::now(); loop { - let p = self.lru_cache.iter().next(); - if p.is_none() { - break; - } - let (ip, entry) = p.unwrap(); + let (ip, entry) = match self.lru_cache.iter().next() { + None => break, + Some((ip, entry)) => (ip, entry), + }; if now > entry.expiry { let name = entry.name.clone(); self.lru_cache.remove(&ip.clone()); From 6e81e78dfb2c638cecf3341aab7939fed6af6ab5 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Mon, 24 Jul 2023 16:33:45 +0800 Subject: [PATCH 040/401] socks5 respones --- src/socks.rs | 47 +++++++++++++++-------------------------------- 1 file changed, 15 insertions(+), 32 deletions(-) diff --git a/src/socks.rs b/src/socks.rs index cb460f8..47e755e 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -6,8 +6,8 @@ use crate::{ }, }; use smoltcp::wire::IpProtocol; -use socks5_impl::protocol::{self, Address, AddressType, UserKey}; -use std::{collections::VecDeque, convert::TryFrom, net::SocketAddr, rc::Rc}; +use socks5_impl::protocol::{self, Address, UserKey}; +use std::{collections::VecDeque, net::SocketAddr, rc::Rc}; #[derive(Eq, PartialEq, Debug)] #[allow(dead_code)] @@ -231,37 +231,20 @@ impl SocksConnection { } fn receive_connection_status(&mut self) -> Result<(), Error> { - if self.server_inbuf.len() < 4 { - return Ok(()); - } - let ver = self.server_inbuf[0]; - let rep = self.server_inbuf[1]; - let _rsv = self.server_inbuf[2]; - let atyp = self.server_inbuf[3]; - - if ver != 5 { - return Err("SOCKS5 server replied with an unexpected version.".into()); - } - - if rep != 0 { - return Err("SOCKS5 connection unsuccessful.".into()); - } - - let message_length = match AddressType::try_from(atyp)? { - AddressType::Domain => { - if self.server_inbuf.len() < 5 { - return Ok(()); - } - if self.server_inbuf.len() < 7 + (self.server_inbuf[4] as usize) { - return Ok(()); - } - 7 + (self.server_inbuf[4] as usize) + let response = protocol::Response::rebuild_from_stream(&mut self.server_inbuf); + if let Err(e) = &response { + if e.kind() == std::io::ErrorKind::UnexpectedEof { + log::trace!("Waiting for more data \"{}\"...", e); + return Ok(()); + } else { + return Err(e.to_string().into()); } - AddressType::IPv4 => 10, - AddressType::IPv6 => 22, - }; - - self.server_inbuf.drain(0..message_length); + } + let response = response?; + if response.reply != protocol::Reply::Succeeded { + return Err(format!("SOCKS connection failed: {}", response.reply).into()); + } + assert!(self.server_inbuf.is_empty()); self.server_outbuf.append(&mut self.data_buf); self.data_buf.clear(); From a00f4b1a8b2e6c883d29dadb342600c718764e11 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Mon, 24 Jul 2023 20:35:29 +0800 Subject: [PATCH 041/401] socks5 stuff --- src/socks.rs | 108 +++++++++++++++++---------------------------------- 1 file changed, 36 insertions(+), 72 deletions(-) diff --git a/src/socks.rs b/src/socks.rs index 47e755e..3c84b20 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -6,7 +6,7 @@ use crate::{ }, }; use smoltcp::wire::IpProtocol; -use socks5_impl::protocol::{self, Address, UserKey}; +use socks5_impl::protocol::{self, handshake, password_method, Address, AuthMethod, UserKey}; use std::{collections::VecDeque, net::SocketAddr, rc::Rc}; #[derive(Eq, PartialEq, Debug)] @@ -28,36 +28,6 @@ pub enum SocksVersion { V5 = 5, } -#[allow(dead_code)] -enum SocksAuthentication { - None = 0, - GssApi = 1, - Password = 2, - ChallengeHandshake = 3, - Unassigned = 4, - Unassigned100 = 100, -} - -#[allow(dead_code)] -#[repr(u8)] -#[derive(Debug, Eq, PartialEq)] -enum SocksReplies { - Succeeded, - GeneralFailure, - ConnectionDisallowed, - NetworkUnreachable, - ConnectionRefused, - TtlExpired, - CommandUnsupported, - AddressUnsupported, -} - -impl std::fmt::Display for SocksReplies { - fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result { - write!(f, "{:?}", self) - } -} - pub(crate) struct SocksConnection { connection: Connection, state: SocksState, @@ -129,24 +99,15 @@ impl SocksConnection { SocksVersion::V5 => { // Providing unassigned methods is supposed to bypass China's GFW. // For details, refer to https://github.com/blechschmidt/tun2proxy/issues/35. + let mut methods = vec![ + AuthMethod::NoAuth, + AuthMethod::from(4_u8), + AuthMethod::from(100_u8), + ]; if credentials.is_some() { - self.server_outbuf.extend(&[ - self.version as u8, - 4u8, - SocksAuthentication::None as u8, - SocksAuthentication::Password as u8, - SocksAuthentication::Unassigned as u8, - SocksAuthentication::Unassigned100 as u8, - ]); - } else { - self.server_outbuf.extend(&[ - self.version as u8, - 3u8, - SocksAuthentication::None as u8, - SocksAuthentication::Unassigned as u8, - SocksAuthentication::Unassigned100 as u8, - ]); + methods.push(AuthMethod::UserPass); } + handshake::Request::new(methods).write_to_stream(&mut self.server_outbuf)?; } } self.state = SocksState::ServerHello; @@ -171,26 +132,26 @@ impl SocksConnection { } fn receive_server_hello_socks5(&mut self) -> Result<(), Error> { - if self.server_inbuf.len() < 2 { - return Ok(()); - } - if self.server_inbuf[0] != 5 { - return Err("SOCKS5 server replied with an unexpected version.".into()); + let response = handshake::Response::rebuild_from_stream(&mut self.server_inbuf); + if let Err(e) = &response { + if e.kind() == std::io::ErrorKind::UnexpectedEof { + log::trace!("receive_server_hello_socks5 need more data \"{}\"...", e); + return Ok(()); + } else { + return Err(e.to_string().into()); + } } + let respones = response?; + let auth_method = respones.method; - let auth_method = self.server_inbuf[1]; - - if auth_method != SocksAuthentication::None as u8 && self.credentials.is_none() - || (auth_method != SocksAuthentication::None as u8 - && auth_method != SocksAuthentication::Password as u8) + if auth_method != AuthMethod::NoAuth && self.credentials.is_none() + || (auth_method != AuthMethod::NoAuth && auth_method != AuthMethod::UserPass) && self.credentials.is_some() { return Err("SOCKS5 server requires an unsupported authentication method.".into()); } - self.server_inbuf.drain(0..2); - - if auth_method == SocksAuthentication::Password as u8 { + if auth_method == AuthMethod::UserPass { self.state = SocksState::SendAuthData; } else { self.state = SocksState::SendRequest; @@ -208,24 +169,27 @@ impl SocksConnection { fn send_auth_data(&mut self) -> Result<(), Error> { let tmp = UserKey::default(); let credentials = self.credentials.as_ref().unwrap_or(&tmp); - self.server_outbuf - .extend(&[1u8, credentials.username.len() as u8]); - self.server_outbuf.extend(credentials.username.as_bytes()); - self.server_outbuf - .extend(&[credentials.password.len() as u8]); - self.server_outbuf.extend(credentials.password.as_bytes()); + let request = password_method::Request::new(&credentials.username, &credentials.password); + request.write_to_stream(&mut self.server_outbuf)?; self.state = SocksState::ReceiveAuthResponse; self.state_change() } fn receive_auth_data(&mut self) -> Result<(), Error> { - if self.server_inbuf.len() < 2 { - return Ok(()); + let response = password_method::Response::rebuild_from_stream(&mut self.server_inbuf); + if let Err(e) = &response { + if e.kind() == std::io::ErrorKind::UnexpectedEof { + log::trace!("receive_auth_data need more data \"{}\"...", e); + return Ok(()); + } else { + return Err(e.to_string().into()); + } } - if self.server_inbuf[0] != 1 || self.server_inbuf[1] != 0 { - return Err("SOCKS authentication failed.".into()); + assert!(self.server_inbuf.is_empty()); + let response = response?; + if response.status != password_method::Status::Succeeded { + return Err(format!("SOCKS authentication failed: {:?}", response.status).into()); } - self.server_inbuf.drain(0..2); self.state = SocksState::SendRequest; self.state_change() } @@ -234,7 +198,7 @@ impl SocksConnection { let response = protocol::Response::rebuild_from_stream(&mut self.server_inbuf); if let Err(e) = &response { if e.kind() == std::io::ErrorKind::UnexpectedEof { - log::trace!("Waiting for more data \"{}\"...", e); + log::trace!("receive_connection_status need more data \"{}\"...", e); return Ok(()); } else { return Err(e.to_string().into()); From 8d835dc96db3b2771d29ace6ec2fa1afa8774e81 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Wed, 26 Jul 2023 07:01:48 +0800 Subject: [PATCH 042/401] Unexpected comsuming (#48) --- Cargo.toml | 8 ++++++-- src/socks.rs | 22 +++++++++++++--------- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 11adae6..25a01d5 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -23,7 +23,7 @@ mio = { version = "0.8", features = ["os-poll", "net", "os-ext"] } nix = { version = "0.26", features = ["process", "signal"] } prctl = "1.0" smoltcp = { version = "0.10.0", features = ["std", "phy-tuntap_interface"] } -socks5-impl = { version = "0.4", default-features = false } +socks5-impl = { version = "0.5", default-features = false } thiserror = "1.0" unicase = "2.6.0" url = "2.4" @@ -34,6 +34,10 @@ jni = { version = "0.21", default-features = false } [dev-dependencies] ctor = "0.2" -reqwest = { version = "0.11", default-features = false, features = ["blocking", "json", "rustls-tls"] } +reqwest = { version = "0.11", default-features = false, features = [ + "blocking", + "json", + "rustls-tls", +] } serial_test = "2.0" test-log = "0.2" diff --git a/src/socks.rs b/src/socks.rs index 3c84b20..6c57f26 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -6,7 +6,9 @@ use crate::{ }, }; use smoltcp::wire::IpProtocol; -use socks5_impl::protocol::{self, handshake, password_method, Address, AuthMethod, UserKey}; +use socks5_impl::protocol::{ + self, handshake, password_method, Address, AuthMethod, StreamOperation, UserKey, +}; use std::{collections::VecDeque, net::SocketAddr, rc::Rc}; #[derive(Eq, PartialEq, Debug)] @@ -132,16 +134,17 @@ impl SocksConnection { } fn receive_server_hello_socks5(&mut self) -> Result<(), Error> { - let response = handshake::Response::rebuild_from_stream(&mut self.server_inbuf); + let response = handshake::Response::retrieve_from_stream(&mut self.server_inbuf.clone()); if let Err(e) = &response { if e.kind() == std::io::ErrorKind::UnexpectedEof { - log::trace!("receive_server_hello_socks5 need more data \"{}\"...", e); + log::trace!("receive_server_hello_socks5 needs more data \"{}\"...", e); return Ok(()); } else { return Err(e.to_string().into()); } } let respones = response?; + self.server_inbuf.drain(0..respones.len()); let auth_method = respones.method; if auth_method != AuthMethod::NoAuth && self.credentials.is_none() @@ -176,17 +179,18 @@ impl SocksConnection { } fn receive_auth_data(&mut self) -> Result<(), Error> { - let response = password_method::Response::rebuild_from_stream(&mut self.server_inbuf); + use password_method::Response; + let response = Response::retrieve_from_stream(&mut self.server_inbuf.clone()); if let Err(e) = &response { if e.kind() == std::io::ErrorKind::UnexpectedEof { - log::trace!("receive_auth_data need more data \"{}\"...", e); + log::trace!("receive_auth_data needs more data \"{}\"...", e); return Ok(()); } else { return Err(e.to_string().into()); } } - assert!(self.server_inbuf.is_empty()); let response = response?; + self.server_inbuf.drain(0..response.len()); if response.status != password_method::Status::Succeeded { return Err(format!("SOCKS authentication failed: {:?}", response.status).into()); } @@ -195,20 +199,20 @@ impl SocksConnection { } fn receive_connection_status(&mut self) -> Result<(), Error> { - let response = protocol::Response::rebuild_from_stream(&mut self.server_inbuf); + let response = protocol::Response::retrieve_from_stream(&mut self.server_inbuf.clone()); if let Err(e) = &response { if e.kind() == std::io::ErrorKind::UnexpectedEof { - log::trace!("receive_connection_status need more data \"{}\"...", e); + log::trace!("receive_connection_status needs more data \"{}\"...", e); return Ok(()); } else { return Err(e.to_string().into()); } } let response = response?; + self.server_inbuf.drain(0..response.len()); if response.reply != protocol::Reply::Succeeded { return Err(format!("SOCKS connection failed: {}", response.reply).into()); } - assert!(self.server_inbuf.is_empty()); self.server_outbuf.append(&mut self.data_buf); self.data_buf.clear(); From 1031f586f7ccf1e65de8857767e6dbd07472f330 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sat, 5 Aug 2023 15:52:32 +0800 Subject: [PATCH 043/401] Refine code logic --- .gitignore | 1 + src/error.rs | 3 + src/http.rs | 42 ++-- src/lib.rs | 47 ++-- src/socks.rs | 196 ++++++++-------- src/tun2proxy.rs | 594 +++++++++++++++++++++++------------------------ 6 files changed, 435 insertions(+), 448 deletions(-) diff --git a/.gitignore b/.gitignore index 4ac1fec..bc020c7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +examples/ build/ tmp/ .* diff --git a/src/error.rs b/src/error.rs index 86596f4..1a57783 100644 --- a/src/error.rs +++ b/src/error.rs @@ -27,6 +27,9 @@ pub enum Error { #[error("smoltcp::socket::tcp::SendError {0:?}")] Send(#[from] smoltcp::socket::tcp::SendError), + #[error("smoltcp::wire::Error {0:?}")] + Wire(#[from] smoltcp::wire::Error), + #[error("std::str::Utf8Error {0:?}")] Utf8(#[from] std::str::Utf8Error), diff --git a/src/http.rs b/src/http.rs index d5ff54f..5c5d76b 100644 --- a/src/http.rs +++ b/src/http.rs @@ -1,7 +1,7 @@ use crate::{ error::Error, tun2proxy::{ - Connection, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, + ConnectionInfo, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, OutgoingDataEvent, OutgoingDirection, TcpProxy, }, }; @@ -63,8 +63,8 @@ static CONTENT_LENGTH: &str = "Content-Length"; impl HttpConnection { fn new( - connection: &Connection, - manager: Rc, + info: &ConnectionInfo, + credentials: Option, digest_state: Rc>>, ) -> Result { let mut res = Self { @@ -79,8 +79,8 @@ impl HttpConnection { crlf_state: 0, digest_state, before: false, - credentials: manager.get_credentials().clone(), - destination: connection.dst.clone(), + credentials, + destination: info.dst.clone(), }; res.send_tunnel_request()?; @@ -394,28 +394,24 @@ pub(crate) struct HttpManager { } impl ConnectionManager for HttpManager { - fn handles_connection(&self, connection: &Connection) -> bool { - connection.proto == IpProtocol::Tcp + fn handles_connection(&self, info: &ConnectionInfo) -> bool { + info.protocol == IpProtocol::Tcp } - fn new_connection( - &self, - connection: &Connection, - manager: Rc, - ) -> Result>, Error> { - if connection.proto != IpProtocol::Tcp { - return Ok(None); + fn new_tcp_proxy(&self, info: &ConnectionInfo) -> Result, Error> { + if info.protocol != IpProtocol::Tcp { + return Err("Invalid protocol".into()); } - Ok(Some(Box::new(HttpConnection::new( - connection, - manager, + Ok(Box::new(HttpConnection::new( + info, + self.credentials.clone(), self.digest_state.clone(), - )?))) + )?)) } - fn close_connection(&self, _: &Connection) {} + fn close_connection(&self, _: &ConnectionInfo) {} - fn get_server(&self) -> SocketAddr { + fn get_server_addr(&self) -> SocketAddr { self.server } @@ -425,11 +421,11 @@ impl ConnectionManager for HttpManager { } impl HttpManager { - pub fn new(server: SocketAddr, credentials: Option) -> Rc { - Rc::new(Self { + pub fn new(server: SocketAddr, credentials: Option) -> Self { + Self { server, credentials, digest_state: Rc::new(RefCell::new(None)), - }) + } } } diff --git a/src/lib.rs b/src/lib.rs index 2c743c0..98f69c6 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,9 +1,10 @@ -use crate::{ - error::Error, http::HttpManager, socks::SocksManager, socks::SocksVersion, - tun2proxy::TunToProxy, +use crate::{error::Error, http::HttpManager, socks::SocksProxyManager, tun2proxy::TunToProxy}; +use socks5_impl::protocol::{UserKey, Version}; +use std::{ + net::{SocketAddr, ToSocketAddrs}, + rc::Rc, }; -use socks5_impl::protocol::UserKey; -use std::net::{SocketAddr, ToSocketAddrs}; +use tun2proxy::ConnectionManager; mod android; pub mod error; @@ -90,7 +91,7 @@ impl std::fmt::Display for ProxyType { #[derive(Default)] pub struct Options { - virtdns: Option, + virtual_dns: Option, mtu: Option, } @@ -100,7 +101,7 @@ impl Options { } pub fn with_virtual_dns(mut self) -> Self { - self.virtdns = Some(virtdns::VirtualDns::new()); + self.virtual_dns = Some(virtdns::VirtualDns::new()); self } @@ -116,25 +117,18 @@ pub fn tun_to_proxy<'a>( options: Options, ) -> Result, Error> { let mut ttp = TunToProxy::new(interface, options)?; - match proxy.proxy_type { - ProxyType::Socks4 => { - ttp.add_connection_manager(SocksManager::new( - proxy.addr, - SocksVersion::V4, - proxy.credentials.clone(), - )); - } - ProxyType::Socks5 => { - ttp.add_connection_manager(SocksManager::new( - proxy.addr, - SocksVersion::V5, - proxy.credentials.clone(), - )); - } + let credentials = proxy.credentials.clone(); + let server = proxy.addr; + let mgr = match proxy.proxy_type { + ProxyType::Socks4 => Rc::new(SocksProxyManager::new(server, Version::V4, credentials)) + as Rc, + ProxyType::Socks5 => Rc::new(SocksProxyManager::new(server, Version::V5, credentials)) + as Rc, ProxyType::Http => { - ttp.add_connection_manager(HttpManager::new(proxy.addr, proxy.credentials.clone())); + Rc::new(HttpManager::new(server, credentials)) as Rc } - } + }; + ttp.add_connection_manager(mgr); Ok(ttp) } @@ -143,6 +137,7 @@ pub fn main_entry( proxy: &Proxy, options: Options, ) -> Result<(), Error> { - let ttp = tun_to_proxy(interface, proxy, options); - ttp?.run() + let mut ttp = tun_to_proxy(interface, proxy, options)?; + ttp.run()?; + Ok(()) } diff --git a/src/socks.rs b/src/socks.rs index 6c57f26..d5fd6ad 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -1,15 +1,15 @@ use crate::{ error::Error, tun2proxy::{ - Connection, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, + ConnectionInfo, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, OutgoingDataEvent, OutgoingDirection, TcpProxy, }, }; use smoltcp::wire::IpProtocol; use socks5_impl::protocol::{ - self, handshake, password_method, Address, AuthMethod, StreamOperation, UserKey, + self, handshake, password_method, Address, AuthMethod, StreamOperation, UserKey, Version, }; -use std::{collections::VecDeque, net::SocketAddr, rc::Rc}; +use std::{collections::VecDeque, net::SocketAddr}; #[derive(Eq, PartialEq, Debug)] #[allow(dead_code)] @@ -23,33 +23,28 @@ enum SocksState { Established, } -#[repr(u8)] -#[derive(Copy, Clone, PartialEq, Debug)] -pub enum SocksVersion { - V4 = 4, - V5 = 5, -} - -pub(crate) struct SocksConnection { - connection: Connection, +struct SocksProxyImpl { + info: ConnectionInfo, state: SocksState, client_inbuf: VecDeque, server_inbuf: VecDeque, client_outbuf: VecDeque, server_outbuf: VecDeque, data_buf: VecDeque, - version: SocksVersion, + version: Version, credentials: Option, + command: protocol::Command, + udp_relay_addr: Option
, } -impl SocksConnection { +impl SocksProxyImpl { pub fn new( - connection: &Connection, - manager: Rc, - version: SocksVersion, + info: &ConnectionInfo, + credentials: Option, + version: Version, ) -> Result { let mut result = Self { - connection: connection.clone(), + info: info.clone(), state: SocksState::ServerHello, client_inbuf: VecDeque::default(), server_inbuf: VecDeque::default(), @@ -57,59 +52,71 @@ impl SocksConnection { server_outbuf: VecDeque::default(), data_buf: VecDeque::default(), version, - credentials: manager.get_credentials().clone(), + credentials, + command: protocol::Command::Connect, + udp_relay_addr: None, }; result.send_client_hello()?; Ok(result) } - fn send_client_hello(&mut self) -> Result<(), Error> { + fn send_client_hello_socks4(&mut self) -> Result<(), Error> { let credentials = &self.credentials; - match self.version { - SocksVersion::V4 => { - self.server_outbuf - .extend(&[self.version as u8, protocol::Command::Connect.into()]); - self.server_outbuf - .extend(self.connection.dst.port().to_be_bytes()); - let mut ip_vec = Vec::::new(); - let mut name_vec = Vec::::new(); - match &self.connection.dst { - Address::SocketAddress(SocketAddr::V4(addr)) => { - ip_vec.extend(addr.ip().octets().as_ref()); - } - Address::SocketAddress(SocketAddr::V6(_)) => { - return Err("SOCKS4 does not support IPv6".into()); - } - Address::DomainAddress(host, _) => { - ip_vec.extend(&[0, 0, 0, host.len() as u8]); - name_vec.extend(host.as_bytes()); - name_vec.push(0); - } - } - self.server_outbuf.extend(ip_vec); - if let Some(credentials) = credentials { - self.server_outbuf.extend(credentials.username.as_bytes()); - if !credentials.password.is_empty() { - self.server_outbuf.push_back(b':'); - self.server_outbuf.extend(credentials.password.as_bytes()); - } - } - self.server_outbuf.push_back(0); - self.server_outbuf.extend(name_vec); + self.server_outbuf + .extend(&[self.version as u8, protocol::Command::Connect.into()]); + self.server_outbuf + .extend(self.info.dst.port().to_be_bytes()); + let mut ip_vec = Vec::::new(); + let mut name_vec = Vec::::new(); + match &self.info.dst { + Address::SocketAddress(SocketAddr::V4(addr)) => { + ip_vec.extend(addr.ip().octets().as_ref()); } + Address::SocketAddress(SocketAddr::V6(_)) => { + return Err("SOCKS4 does not support IPv6".into()); + } + Address::DomainAddress(host, _) => { + ip_vec.extend(&[0, 0, 0, host.len() as u8]); + name_vec.extend(host.as_bytes()); + name_vec.push(0); + } + } + self.server_outbuf.extend(ip_vec); + if let Some(credentials) = credentials { + self.server_outbuf.extend(credentials.username.as_bytes()); + if !credentials.password.is_empty() { + self.server_outbuf.push_back(b':'); + self.server_outbuf.extend(credentials.password.as_bytes()); + } + } + self.server_outbuf.push_back(0); + self.server_outbuf.extend(name_vec); + Ok(()) + } - SocksVersion::V5 => { - // Providing unassigned methods is supposed to bypass China's GFW. - // For details, refer to https://github.com/blechschmidt/tun2proxy/issues/35. - let mut methods = vec![ - AuthMethod::NoAuth, - AuthMethod::from(4_u8), - AuthMethod::from(100_u8), - ]; - if credentials.is_some() { - methods.push(AuthMethod::UserPass); - } - handshake::Request::new(methods).write_to_stream(&mut self.server_outbuf)?; + fn send_client_hello_socks5(&mut self) -> Result<(), Error> { + let credentials = &self.credentials; + // Providing unassigned methods is supposed to bypass China's GFW. + // For details, refer to https://github.com/blechschmidt/tun2proxy/issues/35. + let mut methods = vec![ + AuthMethod::NoAuth, + AuthMethod::from(4_u8), + AuthMethod::from(100_u8), + ]; + if credentials.is_some() { + methods.push(AuthMethod::UserPass); + } + handshake::Request::new(methods).write_to_stream(&mut self.server_outbuf)?; + Ok(()) + } + + fn send_client_hello(&mut self) -> Result<(), Error> { + match self.version { + Version::V4 => { + self.send_client_hello_socks4()?; + } + Version::V5 => { + self.send_client_hello_socks5()?; } } self.state = SocksState::ServerHello; @@ -164,8 +171,8 @@ impl SocksConnection { fn receive_server_hello(&mut self) -> Result<(), Error> { match self.version { - SocksVersion::V4 => self.receive_server_hello_socks4(), - SocksVersion::V5 => self.receive_server_hello_socks5(), + Version::V4 => self.receive_server_hello_socks4(), + Version::V5 => self.receive_server_hello_socks5(), } } @@ -213,6 +220,12 @@ impl SocksConnection { if response.reply != protocol::Reply::Succeeded { return Err(format!("SOCKS connection failed: {}", response.reply).into()); } + + if self.command == protocol::Command::UdpAssociate { + log::info!("UDP packet destination: {}", response.address); + self.udp_relay_addr = Some(response.address); + } + self.server_outbuf.append(&mut self.data_buf); self.data_buf.clear(); @@ -220,8 +233,9 @@ impl SocksConnection { self.state_change() } - fn send_request(&mut self) -> Result<(), Error> { - protocol::Request::new(protocol::Command::Connect, self.connection.dst.clone()) + fn send_request_socks5(&mut self) -> Result<(), Error> { + // self.server_outbuf.extend(&[self.version as u8, self.command as u8, 0]); + protocol::Request::new(protocol::Command::Connect, self.info.dst.clone()) .write_to_stream(&mut self.server_outbuf)?; self.state = SocksState::ReceiveResponse; self.state_change() @@ -243,7 +257,7 @@ impl SocksConnection { SocksState::ReceiveAuthResponse => self.receive_auth_data(), - SocksState::SendRequest => self.send_request(), + SocksState::SendRequest => self.send_request_socks5(), SocksState::ReceiveResponse => self.receive_connection_status(), @@ -254,7 +268,7 @@ impl SocksConnection { } } -impl TcpProxy for SocksConnection { +impl TcpProxy for SocksProxyImpl { fn push_data(&mut self, event: IncomingDataEvent<'_>) -> Result<(), Error> { let direction = event.direction; let buffer = event.buffer; @@ -319,35 +333,31 @@ impl TcpProxy for SocksConnection { } } -pub struct SocksManager { +pub(crate) struct SocksProxyManager { server: SocketAddr, credentials: Option, - version: SocksVersion, + version: Version, } -impl ConnectionManager for SocksManager { - fn handles_connection(&self, connection: &Connection) -> bool { - connection.proto == IpProtocol::Tcp +impl ConnectionManager for SocksProxyManager { + fn handles_connection(&self, info: &ConnectionInfo) -> bool { + info.protocol == IpProtocol::Tcp } - fn new_connection( - &self, - connection: &Connection, - manager: Rc, - ) -> Result>, Error> { - if connection.proto != IpProtocol::Tcp { - return Ok(None); + fn new_tcp_proxy(&self, info: &ConnectionInfo) -> Result, Error> { + if info.protocol != IpProtocol::Tcp { + return Err("Invalid protocol".into()); } - Ok(Some(Box::new(SocksConnection::new( - connection, - manager, + Ok(Box::new(SocksProxyImpl::new( + info, + self.credentials.clone(), self.version, - )?))) + )?)) } - fn close_connection(&self, _: &Connection) {} + fn close_connection(&self, _: &ConnectionInfo) {} - fn get_server(&self) -> SocketAddr { + fn get_server_addr(&self) -> SocketAddr { self.server } @@ -356,16 +366,12 @@ impl ConnectionManager for SocksManager { } } -impl SocksManager { - pub fn new( - server: SocketAddr, - version: SocksVersion, - credentials: Option, - ) -> Rc { - Rc::new(Self { +impl SocksProxyManager { + pub(crate) fn new(server: SocketAddr, version: Version, credentials: Option) -> Self { + Self { server, credentials, version, - }) + } } } diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index d5af74a..29675e2 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -1,11 +1,11 @@ -use crate::{error::Error, virtdevice::VirtualTunDevice, NetworkInterface, Options}; +use crate::{error::Error, error::Result, virtdevice::VirtualTunDevice, NetworkInterface, Options}; use mio::{event::Event, net::TcpStream, unix::SourceFd, Events, Interest, Poll, Token}; use smoltcp::{ iface::{Config, Interface, SocketHandle, SocketSet}, phy::{Device, Medium, RxToken, TunTapInterface, TxToken}, socket::{tcp, tcp::State, udp, udp::UdpMetadata}, time::Instant, - wire::{IpCidr, IpProtocol, Ipv4Packet, Ipv6Packet, TcpPacket, UdpPacket}, + wire::{IpCidr, IpProtocol, Ipv4Packet, Ipv6Packet, TcpPacket, UdpPacket, UDP_HEADER_LEN}, }; use socks5_impl::protocol::{Address, UserKey}; use std::{ @@ -19,24 +19,40 @@ use std::{ }; #[derive(Hash, Clone, Eq, PartialEq, Debug)] -pub(crate) struct Connection { +pub(crate) struct ConnectionInfo { pub(crate) src: SocketAddr, pub(crate) dst: Address, - pub(crate) proto: IpProtocol, + pub(crate) protocol: IpProtocol, } -impl Connection { +impl Default for ConnectionInfo { + fn default() -> Self { + Self { + src: SocketAddr::new(Ipv4Addr::UNSPECIFIED.into(), 0), + dst: Address::unspecified(), + protocol: IpProtocol::Tcp, + } + } +} + +impl ConnectionInfo { + #[allow(dead_code)] + pub fn new(src: SocketAddr, dst: Address, protocol: IpProtocol) -> Self { + Self { src, dst, protocol } + } + fn to_named(&self, name: String) -> Self { let mut result = self.clone(); result.dst = Address::from((name, result.dst.port())); - log::trace!("Replace dst \"{}\" -> \"{}\"", self.dst, result.dst); + // let p = self.protocol; + // log::trace!("{p} replace dst \"{}\" -> \"{}\"", self.dst, result.dst); result } } -impl std::fmt::Display for Connection { +impl std::fmt::Display for ConnectionInfo { fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result { - write!(f, "{} -> {}", self.src, self.dst) + write!(f, "{} {} -> {}", self.protocol, self.src, self.dst) } } @@ -60,10 +76,11 @@ pub(crate) enum Direction { #[allow(dead_code)] pub(crate) enum ConnectionEvent<'a> { - NewConnection(&'a Connection), - ConnectionClosed(&'a Connection), + NewConnection(&'a ConnectionInfo), + ConnectionClosed(&'a ConnectionInfo), } +#[derive(Debug)] pub(crate) struct DataEvent<'a, T> { pub(crate) direction: T, pub(crate) buffer: &'a [u8], @@ -73,95 +90,87 @@ pub(crate) type IncomingDataEvent<'a> = DataEvent<'a, IncomingDirection>; pub(crate) type OutgoingDataEvent<'a> = DataEvent<'a, OutgoingDirection>; fn get_transport_info( - proto: IpProtocol, + protocol: IpProtocol, transport_offset: usize, packet: &[u8], -) -> Option<((u16, u16), bool, usize, usize)> { - match proto { - IpProtocol::Udp => match UdpPacket::new_checked(packet) { - Ok(result) => Some(( - (result.src_port(), result.dst_port()), - false, - transport_offset + 8, - packet.len() - 8, - )), - Err(_) => None, - }, - IpProtocol::Tcp => match TcpPacket::new_checked(packet) { - Ok(result) => Some(( - (result.src_port(), result.dst_port()), - result.syn() && !result.ack(), - transport_offset + result.header_len() as usize, - packet.len(), - )), - Err(_) => None, - }, - _ => None, +) -> Result<((u16, u16), bool, usize, usize)> { + match protocol { + IpProtocol::Udp => UdpPacket::new_checked(packet) + .map(|result| { + ( + (result.src_port(), result.dst_port()), + false, + transport_offset + UDP_HEADER_LEN, + packet.len() - UDP_HEADER_LEN, + ) + }) + .map_err(|e| e.into()), + IpProtocol::Tcp => TcpPacket::new_checked(packet) + .map(|result| { + ( + (result.src_port(), result.dst_port()), + result.syn() && !result.ack(), + transport_offset + result.header_len() as usize, + packet.len(), + ) + }) + .map_err(|e| e.into()), + _ => Err(format!("Unsupported protocol {protocol}").into()), } } -fn connection_tuple(frame: &[u8]) -> Option<(Connection, bool, usize, usize)> { +fn connection_tuple(frame: &[u8]) -> Result<(ConnectionInfo, bool, usize, usize)> { if let Ok(packet) = Ipv4Packet::new_checked(frame) { - let proto = packet.next_header(); + let protocol = packet.next_header(); let mut a = [0_u8; 4]; a.copy_from_slice(packet.src_addr().as_bytes()); let src_addr = IpAddr::from(a); a.copy_from_slice(packet.dst_addr().as_bytes()); let dst_addr = IpAddr::from(a); + let header_len = packet.header_len().into(); - return if let Some((ports, first_packet, payload_offset, payload_size)) = get_transport_info( - proto, - packet.header_len().into(), - &frame[packet.header_len().into()..], - ) { - let connection = Connection { - src: SocketAddr::new(src_addr, ports.0), - dst: SocketAddr::new(dst_addr, ports.1).into(), - proto, - }; - Some((connection, first_packet, payload_offset, payload_size)) - } else { - None + let (ports, first_packet, payload_offset, payload_size) = + get_transport_info(protocol, header_len, &frame[header_len..])?; + let info = ConnectionInfo { + src: SocketAddr::new(src_addr, ports.0), + dst: SocketAddr::new(dst_addr, ports.1).into(), + protocol, }; + return Ok((info, first_packet, payload_offset, payload_size)); } - match Ipv6Packet::new_checked(frame) { - Ok(packet) => { - // TODO: Support extension headers. - let proto = packet.next_header(); + if let Ok(packet) = Ipv6Packet::new_checked(frame) { + // TODO: Support extension headers. + let protocol = packet.next_header(); - let mut a = [0_u8; 16]; - a.copy_from_slice(packet.src_addr().as_bytes()); - let src_addr = IpAddr::from(a); - a.copy_from_slice(packet.dst_addr().as_bytes()); - let dst_addr = IpAddr::from(a); + let mut a = [0_u8; 16]; + a.copy_from_slice(packet.src_addr().as_bytes()); + let src_addr = IpAddr::from(a); + a.copy_from_slice(packet.dst_addr().as_bytes()); + let dst_addr = IpAddr::from(a); + let header_len = packet.header_len(); - if let Some((ports, first_packet, payload_offset, payload_size)) = - get_transport_info(proto, packet.header_len(), &frame[packet.header_len()..]) - { - let connection = Connection { - src: SocketAddr::new(src_addr, ports.0), - dst: SocketAddr::new(dst_addr, ports.1).into(), - proto, - }; - Some((connection, first_packet, payload_offset, payload_size)) - } else { - None - } - } - _ => None, + let (ports, first_packet, payload_offset, payload_size) = + get_transport_info(protocol, header_len, &frame[header_len..])?; + let info = ConnectionInfo { + src: SocketAddr::new(src_addr, ports.0), + dst: SocketAddr::new(dst_addr, ports.1).into(), + protocol, + }; + return Ok((info, first_packet, payload_offset, payload_size)); } + Err("Neither IPv6 nor IPv4 packet".into()) } const SERVER_WRITE_CLOSED: u8 = 1; const CLIENT_WRITE_CLOSED: u8 = 2; -struct ConnectionState { - smoltcp_handle: SocketHandle, +struct TcpConnectState { + smoltcp_handle: Option, mio_stream: TcpStream, token: Token, - handler: Box, + tcp_proxy_handler: Box, close_state: u8, wait_read: bool, wait_write: bool, @@ -176,30 +185,30 @@ pub(crate) trait TcpProxy { fn reset_connection(&self) -> bool; } +pub(crate) trait UdpProxy { + fn send_frame(&mut self, destination: &Address, frame: &[u8]) -> Result<(), Error>; + fn receive_frame(&mut self, source: &SocketAddr, frame: &[u8]) -> Result<(), Error>; +} + pub(crate) trait ConnectionManager { - fn handles_connection(&self, connection: &Connection) -> bool; - fn new_connection( - &self, - connection: &Connection, - manager: Rc, - ) -> Result>, Error>; - fn close_connection(&self, connection: &Connection); - fn get_server(&self) -> SocketAddr; + fn handles_connection(&self, info: &ConnectionInfo) -> bool; + fn new_tcp_proxy(&self, info: &ConnectionInfo) -> Result, Error>; + fn close_connection(&self, info: &ConnectionInfo); + fn get_server_addr(&self) -> SocketAddr; fn get_credentials(&self) -> &Option; } const TUN_TOKEN: Token = Token(0); -const UDP_TOKEN: Token = Token(1); const EXIT_TOKEN: Token = Token(2); pub struct TunToProxy<'a> { tun: TunTapInterface, poll: Poll, iface: Interface, - connections: HashMap, + connection_map: HashMap, connection_managers: Vec>, next_token: usize, - token_to_connection: HashMap, + token_to_info: HashMap, sockets: SocketSet<'a>, device: VirtualTunDevice, options: Options, @@ -234,10 +243,10 @@ impl<'a> TunToProxy<'a> { Medium::Ip => Config::new(smoltcp::wire::HardwareAddress::Ip), Medium::Ieee802154 => todo!(), }; - let mut virt = VirtualTunDevice::new(tun.capabilities()); + let mut device = VirtualTunDevice::new(tun.capabilities()); let gateway4: Ipv4Addr = Ipv4Addr::from_str("0.0.0.1")?; let gateway6: Ipv6Addr = Ipv6Addr::from_str("::1")?; - let mut iface = Interface::new(config, &mut virt, Instant::now()); + let mut iface = Interface::new(config, &mut device, Instant::now()); iface.update_ip_addrs(|ip_addrs| { ip_addrs.push(IpCidr::new(gateway4.into(), 0)).unwrap(); ip_addrs.push(IpCidr::new(gateway6.into(), 0)).unwrap() @@ -250,12 +259,12 @@ impl<'a> TunToProxy<'a> { tun, poll, iface, - connections: HashMap::default(), + connection_map: HashMap::default(), next_token: usize::from(EXIT_TOKEN) + 1, - token_to_connection: HashMap::default(), + token_to_info: HashMap::default(), connection_managers: Vec::default(), sockets: SocketSet::new([]), - device: virt, + device, options, write_sockets: HashSet::default(), _exit_receiver: exit_receiver, @@ -292,28 +301,34 @@ impl<'a> TunToProxy<'a> { Ok(()) } - fn remove_connection(&mut self, connection: &Connection) -> Result<(), Error> { - if let Some(mut conn) = self.connections.remove(connection) { + fn remove_connection(&mut self, info: &ConnectionInfo) -> Result<(), Error> { + if let Some(mut conn) = self.connection_map.remove(info) { + _ = conn.mio_stream.shutdown(Both); + if let Some(handle) = conn.smoltcp_handle { + let socket = self.sockets.get_mut::(handle); + socket.close(); + self.sockets.remove(handle); + } + self.expect_smoltcp_send()?; let token = &conn.token; - self.token_to_connection.remove(token); - self.sockets.remove(conn.smoltcp_handle); + self.token_to_info.remove(token); _ = self.poll.registry().deregister(&mut conn.mio_stream); - log::info!("CLOSE {}", connection); + log::info!("CLOSE {}", info); } Ok(()) } - fn get_connection_manager(&self, connection: &Connection) -> Option> { + fn get_connection_manager(&self, info: &ConnectionInfo) -> Option> { for manager in self.connection_managers.iter() { - if manager.handles_connection(connection) { + if manager.handles_connection(info) { return Some(manager.clone()); } } None } - fn check_change_close_state(&mut self, connection: &Connection) -> Result<(), Error> { - let state = self.connections.get_mut(connection); + fn check_change_close_state(&mut self, info: &ConnectionInfo) -> Result<(), Error> { + let state = self.connection_map.get_mut(info); if state.is_none() { return Ok(()); } @@ -321,23 +336,25 @@ impl<'a> TunToProxy<'a> { let mut closed_ends = 0; if (state.close_state & SERVER_WRITE_CLOSED) == SERVER_WRITE_CLOSED && !state - .handler + .tcp_proxy_handler .have_data(Direction::Incoming(IncomingDirection::FromServer)) && !state - .handler + .tcp_proxy_handler .have_data(Direction::Outgoing(OutgoingDirection::ToClient)) { - let socket = self.sockets.get_mut::(state.smoltcp_handle); - socket.close(); + if let Some(socket_handle) = state.smoltcp_handle { + let socket = self.sockets.get_mut::(socket_handle); + socket.close(); + } closed_ends += 1; } if (state.close_state & CLIENT_WRITE_CLOSED) == CLIENT_WRITE_CLOSED && !state - .handler + .tcp_proxy_handler .have_data(Direction::Incoming(IncomingDirection::FromClient)) && !state - .handler + .tcp_proxy_handler .have_data(Direction::Outgoing(OutgoingDirection::ToServer)) { _ = state.mio_stream.shutdown(Shutdown::Write); @@ -345,20 +362,22 @@ impl<'a> TunToProxy<'a> { } if closed_ends == 2 { - self.remove_connection(connection)?; + self.remove_connection(info)?; } Ok(()) } - fn tunsocket_read_and_forward(&mut self, connection: &Connection) -> Result<(), Error> { + fn tunsocket_read_and_forward(&mut self, info: &ConnectionInfo) -> Result<(), Error> { // Scope for mutable borrow of self. { - let state = self.connections.get_mut(connection); - if state.is_none() { - return Ok(()); - } - let state = state.unwrap(); - let socket = self.sockets.get_mut::(state.smoltcp_handle); + let state = match self.connection_map.get_mut(info) { + Some(state) => state, + None => return Ok(()), + }; + let socket = match state.smoltcp_handle { + Some(handle) => self.sockets.get_mut::(handle), + None => return Ok(()), + }; let mut error = Ok(()); while socket.can_recv() && error.is_ok() { socket.recv(|data| { @@ -366,7 +385,7 @@ impl<'a> TunToProxy<'a> { direction: IncomingDirection::FromClient, buffer: data, }; - error = state.handler.push_data(event); + error = state.tcp_proxy_handler.push_data(event); (data.len(), ()) })?; } @@ -385,20 +404,14 @@ impl<'a> TunToProxy<'a> { self.expect_smoltcp_send()?; } - self.check_change_close_state(connection)?; + self.check_change_close_state(info)?; Ok(()) } - // Update the poll registry depending on the connection's event interests. - fn update_mio_socket_interest(&mut self, connection: &Connection) -> Result<(), Error> { - let state = self - .connections - .get_mut(connection) - .ok_or("connection not found")?; - + fn update_mio_socket_interest(poll: &mut Poll, state: &mut TcpConnectState) -> Result<()> { // Maybe we did not listen for any events before. Therefore, just swallow the error. - _ = self.poll.registry().deregister(&mut state.mio_stream); + _ = poll.registry().deregister(&mut state.mio_stream); // If we do not wait for read or write events, we do not need to register them. if !state.wait_read && !state.wait_write { @@ -415,150 +428,131 @@ impl<'a> TunToProxy<'a> { interest = Interest::READABLE | Interest::WRITABLE; } - self.poll - .registry() + poll.registry() .register(&mut state.mio_stream, state.token, interest)?; Ok(()) } // A raw packet was received on the tunnel interface. fn receive_tun(&mut self, frame: &mut [u8]) -> Result<(), Error> { - if let Some((connection, first_packet, offset, size)) = connection_tuple(frame) { - let resolved_conn = match &mut self.options.virtdns { - None => connection.clone(), - Some(virt_dns) => { - let ip = SocketAddr::try_from(connection.dst.clone())?.ip(); - virt_dns.touch_ip(&ip); - match virt_dns.resolve_ip(&ip) { - None => connection.clone(), - Some(name) => connection.to_named(name.clone()), + let mut handler = || -> Result<(), Error> { + let (info, first_packet, payload_offset, payload_size) = connection_tuple(frame)?; + let dst = SocketAddr::try_from(&info.dst)?; + let connection_info = match &mut self.options.virtual_dns { + None => info.clone(), + Some(virtual_dns) => { + let dst_ip = dst.ip(); + virtual_dns.touch_ip(&dst_ip); + match virtual_dns.resolve_ip(&dst_ip) { + None => info.clone(), + Some(name) => info.to_named(name.clone()), } } }; - let dst = connection.dst; - let handler = || -> Result<(), Error> { - if resolved_conn.proto == IpProtocol::Tcp { - let cm = self.get_connection_manager(&resolved_conn); - if cm.is_none() { - log::trace!("no connect manager"); - return Ok(()); + log::trace!("{} ({})", connection_info, dst); + if connection_info.protocol == IpProtocol::Tcp { + let server_addr = self + .get_connection_manager(&connection_info) + .ok_or("get_connection_manager")? + .get_server_addr(); + if first_packet { + if let Some(manager) = self.connection_managers.iter_mut().next() { + let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info)?; + let mut socket = tcp::Socket::new( + tcp::SocketBuffer::new(vec![0; 1024 * 128]), + tcp::SocketBuffer::new(vec![0; 1024 * 128]), + ); + socket.set_ack_delay(None); + socket.listen(dst)?; + let handle = self.sockets.add(socket); + + let mut client = TcpStream::connect(server_addr)?; + let token = self.new_token(); + let i = Interest::READABLE; + self.poll.registry().register(&mut client, token, i)?; + + let state = TcpConnectState { + smoltcp_handle: Some(handle), + mio_stream: client, + token, + tcp_proxy_handler, + close_state: 0, + wait_read: true, + wait_write: false, + }; + self.connection_map.insert(connection_info.clone(), state); + + self.token_to_info.insert(token, connection_info.clone()); + + // log::info!("CONNECT {} ({})", connection_info, dst); } - let server = cm.unwrap().get_server(); - if first_packet { - for manager in self.connection_managers.iter_mut() { - if let Some(handler) = - manager.new_connection(&resolved_conn, manager.clone())? - { - let mut socket = tcp::Socket::new( - tcp::SocketBuffer::new(vec![0; 1024 * 128]), - tcp::SocketBuffer::new(vec![0; 1024 * 128]), - ); - socket.set_ack_delay(None); - let dst = SocketAddr::try_from(dst)?; - socket.listen(dst)?; - let handle = self.sockets.add(socket); - - let client = TcpStream::connect(server)?; - - let token = self.new_token(); - - let mut state = ConnectionState { - smoltcp_handle: handle, - mio_stream: client, - token, - handler, - close_state: 0, - wait_read: true, - wait_write: false, - }; - - self.token_to_connection - .insert(token, resolved_conn.clone()); - self.poll.registry().register( - &mut state.mio_stream, - token, - Interest::READABLE, - )?; - - self.connections.insert(resolved_conn.clone(), state); - - log::info!("CONNECT {}", resolved_conn,); - break; - } - } - } else if !self.connections.contains_key(&resolved_conn) { - return Ok(()); - } - - // Inject the packet to advance the smoltcp socket state - self.device.inject_packet(frame); - - // Having advanced the socket state, we expect the socket to ACK - // Exfiltrate the response packets generated by the socket and inject them - // into the tunnel interface. - self.expect_smoltcp_send()?; - - // Read from the smoltcp socket and push the data to the connection handler. - self.tunsocket_read_and_forward(&resolved_conn)?; - - // The connection handler builds up the connection or encapsulates the data. - // Therefore, we now expect it to write data to the server. - self.write_to_server(&resolved_conn)?; - } else if resolved_conn.proto == IpProtocol::Udp && resolved_conn.dst.port() == 53 { - if let Some(virtual_dns) = &mut self.options.virtdns { - let payload = &frame[offset..offset + size]; - if let Some(response) = virtual_dns.receive_query(payload) { - let rx_buffer = udp::PacketBuffer::new( - vec![udp::PacketMetadata::EMPTY], - vec![0; 4096], - ); - let tx_buffer = udp::PacketBuffer::new( - vec![udp::PacketMetadata::EMPTY], - vec![0; 4096], - ); - let mut socket = udp::Socket::new(rx_buffer, tx_buffer); - let dst = SocketAddr::try_from(dst)?; - socket.bind(dst)?; - socket - .send_slice( - response.as_slice(), - UdpMetadata::from(resolved_conn.src), - ) - .expect("failed to send DNS response"); - let handle = self.sockets.add(socket); - self.expect_smoltcp_send()?; - self.sockets.remove(handle); - } - } - // Otherwise, UDP is not yet supported. + } else if !self.connection_map.contains_key(&connection_info) { + return Ok(()); } - Ok::<(), Error>(()) - }; - if let Err(error) = handler() { - log::error!("{}", error); + + // Inject the packet to advance the smoltcp socket state + self.device.inject_packet(frame); + + // Having advanced the socket state, we expect the socket to ACK + // Exfiltrate the response packets generated by the socket and inject them + // into the tunnel interface. + self.expect_smoltcp_send()?; + + // Read from the smoltcp socket and push the data to the connection handler. + self.tunsocket_read_and_forward(&connection_info)?; + + // The connection handler builds up the connection or encapsulates the data. + // Therefore, we now expect it to write data to the server. + self.write_to_server(&connection_info)?; + } else if connection_info.protocol == IpProtocol::Udp { + let port = connection_info.dst.port(); + if let (Some(virtual_dns), true) = (&mut self.options.virtual_dns, port == 53) { + let payload = &frame[payload_offset..payload_offset + payload_size]; + if let Some(response) = virtual_dns.receive_query(payload) { + let rx_buffer = + udp::PacketBuffer::new(vec![udp::PacketMetadata::EMPTY], vec![0; 4096]); + let tx_buffer = + udp::PacketBuffer::new(vec![udp::PacketMetadata::EMPTY], vec![0; 4096]); + let mut socket = udp::Socket::new(rx_buffer, tx_buffer); + socket.bind(dst)?; + socket + .send_slice(response.as_slice(), UdpMetadata::from(connection_info.src)) + .expect("failed to send DNS response"); + let handle = self.sockets.add(socket); + self.expect_smoltcp_send()?; + self.sockets.remove(handle); + } + } + // Otherwise, UDP is not yet supported. } + Ok::<(), Error>(()) + }; + if let Err(error) = handler() { + log::error!("{}", error); } Ok(()) } - fn write_to_server(&mut self, connection: &Connection) -> Result<(), Error> { - if let Some(state) = self.connections.get_mut(connection) { - let event = state.handler.peek_data(OutgoingDirection::ToServer); + fn write_to_server(&mut self, info: &ConnectionInfo) -> Result<(), Error> { + if let Some(state) = self.connection_map.get_mut(info) { + let event = state + .tcp_proxy_handler + .peek_data(OutgoingDirection::ToServer); let buffer_size = event.buffer.len(); if buffer_size == 0 { state.wait_write = false; - self.update_mio_socket_interest(connection)?; - self.check_change_close_state(connection)?; + Self::update_mio_socket_interest(&mut self.poll, state)?; + self.check_change_close_state(info)?; return Ok(()); } let result = state.mio_stream.write(event.buffer); match result { Ok(written) => { state - .handler + .tcp_proxy_handler .consume_data(OutgoingDirection::ToServer, written); state.wait_write = written < buffer_size; - self.update_mio_socket_interest(connection)?; + Self::update_mio_socket_interest(&mut self.poll, state)?; } Err(error) if error.kind() != std::io::ErrorKind::WouldBlock => { return Err(error.into()); @@ -566,30 +560,35 @@ impl<'a> TunToProxy<'a> { _ => { // WOULDBLOCK case state.wait_write = true; - self.update_mio_socket_interest(connection)?; + Self::update_mio_socket_interest(&mut self.poll, state)?; } } } - self.check_change_close_state(connection)?; + self.check_change_close_state(info)?; Ok(()) } - fn write_to_client(&mut self, token: Token, connection: &Connection) -> Result<(), Error> { - while let Some(state) = self.connections.get_mut(connection) { - let socket_handle = state.smoltcp_handle; - let event = state.handler.peek_data(OutgoingDirection::ToClient); + fn write_to_client(&mut self, token: Token, info: &ConnectionInfo) -> Result<(), Error> { + while let Some(state) = self.connection_map.get_mut(info) { + let socket_handle = match state.smoltcp_handle { + Some(handle) => handle, + None => break, + }; + let event = state + .tcp_proxy_handler + .peek_data(OutgoingDirection::ToClient); let buflen = event.buffer.len(); let consumed; { let socket = self.sockets.get_mut::(socket_handle); if socket.may_send() { - if let Some(virtdns) = &mut self.options.virtdns { + if let Some(virtual_dns) = &mut self.options.virtual_dns { // Unwrapping is fine because every smoltcp socket is bound to an. - virtdns.touch_ip(&IpAddr::from(socket.local_endpoint().unwrap().addr)); + virtual_dns.touch_ip(&IpAddr::from(socket.local_endpoint().unwrap().addr)); } consumed = socket.send_slice(event.buffer)?; state - .handler + .tcp_proxy_handler .consume_data(OutgoingDirection::ToClient, consumed); self.expect_smoltcp_send()?; if consumed < buflen { @@ -606,7 +605,7 @@ impl<'a> TunToProxy<'a> { } } - self.check_change_close_state(connection)?; + self.check_change_close_state(info)?; } Ok(()) } @@ -623,7 +622,7 @@ impl<'a> TunToProxy<'a> { fn send_to_smoltcp(&mut self) -> Result<(), Error> { let cloned = self.write_sockets.clone(); for token in cloned.iter() { - if let Some(connection) = self.token_to_connection.get(token) { + if let Some(connection) = self.token_to_info.get(token) { let connection = connection.clone(); if let Err(error) = self.write_to_client(*token, &connection) { self.remove_connection(&connection)?; @@ -636,24 +635,26 @@ impl<'a> TunToProxy<'a> { fn mio_socket_event(&mut self, event: &Event) -> Result<(), Error> { let e = "connection not found"; - let conn_ref = self.token_to_connection.get(&event.token()); - // We may have closed the connection in an earlier iteration over the poll - // events, e.g. because an event through the tunnel interface indicated that the connection - // should be closed. - if conn_ref.is_none() { - log::trace!("{e}"); - return Ok(()); - } - let connection = conn_ref.unwrap().clone(); + let conn_info = match self.token_to_info.get(&event.token()) { + Some(conn_info) => conn_info.clone(), + None => { + // We may have closed the connection in an earlier iteration over the poll events, + // e.g. because an event through the tunnel interface indicated that the connection + // should be closed. + log::trace!("{e}"); + return Ok(()); + } + }; + let server = self - .get_connection_manager(&connection) - .unwrap() - .get_server(); + .get_connection_manager(&conn_info) + .ok_or(e)? + .get_server_addr(); let mut block = || -> Result<(), Error> { if event.is_readable() || event.is_read_closed() { { - let state = self.connections.get_mut(&connection).ok_or(e)?; + let state = self.connection_map.get_mut(&conn_info).ok_or(e)?; // TODO: Move this reading process to its own function. let mut vecbuf = Vec::::new(); @@ -673,34 +674,26 @@ impl<'a> TunToProxy<'a> { direction: IncomingDirection::FromServer, buffer: &data[0..read], }; - if let Err(error) = state.handler.push_data(data_event) { - state.mio_stream.shutdown(Both)?; - { - let socket = self.sockets.get_mut::( - self.connections.get(&connection).ok_or(e)?.smoltcp_handle, - ); - socket.close(); - } - self.expect_smoltcp_send()?; - log::error! {"{error}"} - self.remove_connection(&connection.clone())?; + if let Err(error) = state.tcp_proxy_handler.push_data(data_event) { + log::error!("{}", error); + self.remove_connection(&conn_info.clone())?; return Ok(()); } // The handler request for reset the server connection - if state.handler.reset_connection() { + if state.tcp_proxy_handler.reset_connection() { _ = self.poll.registry().deregister(&mut state.mio_stream); // Closes the connection with the proxy state.mio_stream.shutdown(Both)?; - log::info!("RESET {}", connection); + log::info!("RESET {}", conn_info); state.mio_stream = TcpStream::connect(server)?; state.wait_read = true; state.wait_write = true; - self.update_mio_socket_interest(&connection)?; + Self::update_mio_socket_interest(&mut self.poll, state)?; return Ok(()); } @@ -708,61 +701,54 @@ impl<'a> TunToProxy<'a> { if read == 0 || event.is_read_closed() { state.wait_read = false; state.close_state |= SERVER_WRITE_CLOSED; - self.update_mio_socket_interest(&connection)?; - self.check_change_close_state(&connection)?; + Self::update_mio_socket_interest(&mut self.poll, state)?; + self.check_change_close_state(&conn_info)?; self.expect_smoltcp_send()?; } } // We have read from the proxy server and pushed the data to the connection handler. // Thus, expect data to be processed (e.g. decapsulated) and forwarded to the client. - self.write_to_client(event.token(), &connection)?; + self.write_to_client(event.token(), &conn_info)?; // The connection handler could have produced data that is to be written to the // server. - self.write_to_server(&connection)?; + self.write_to_server(&conn_info)?; } if event.is_writable() { - self.write_to_server(&connection)?; + self.write_to_server(&conn_info)?; } Ok::<(), Error>(()) }; if let Err(error) = block() { log::error!("{}", error); - self.remove_connection(&connection)?; + self.remove_connection(&conn_info)?; } Ok(()) } - fn udp_event(&mut self, _event: &Event) {} - pub fn run(&mut self) -> Result<(), Error> { let mut events = Events::with_capacity(1024); loop { - match self.poll.poll(&mut events, None) { - Ok(()) => { - for event in events.iter() { - match event.token() { - EXIT_TOKEN => { - log::info!("exiting..."); - return Ok(()); - } - TUN_TOKEN => self.tun_event(event)?, - UDP_TOKEN => self.udp_event(event), - _ => self.mio_socket_event(event)?, - } - } - self.send_to_smoltcp()?; + if let Err(err) = self.poll.poll(&mut events, None) { + if err.kind() == std::io::ErrorKind::Interrupted { + log::warn!("Poll interrupted: \"{err}\", ignored, continue polling"); + continue; } - Err(e) => { - if e.kind() == std::io::ErrorKind::Interrupted { - log::warn!("Poll interrupted: \"{e}\", ignored, continue polling"); - } else { - return Err(e.into()); + return Err(err.into()); + } + for event in events.iter() { + match event.token() { + EXIT_TOKEN => { + log::info!("Exiting tun2proxy..."); + return Ok(()); } + TUN_TOKEN => self.tun_event(event)?, + _ => self.mio_socket_event(event)?, } } + self.send_to_smoltcp()?; } } From 4ebd019cb520292868b565418fd834e1c6fb0b66 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sat, 5 Aug 2023 22:32:57 +0800 Subject: [PATCH 044/401] minor changes --- src/socks.rs | 9 --------- 1 file changed, 9 deletions(-) diff --git a/src/socks.rs b/src/socks.rs index d5fd6ad..a8e4fde 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -33,8 +33,6 @@ struct SocksProxyImpl { data_buf: VecDeque, version: Version, credentials: Option, - command: protocol::Command, - udp_relay_addr: Option
, } impl SocksProxyImpl { @@ -53,8 +51,6 @@ impl SocksProxyImpl { data_buf: VecDeque::default(), version, credentials, - command: protocol::Command::Connect, - udp_relay_addr: None, }; result.send_client_hello()?; Ok(result) @@ -221,11 +217,6 @@ impl SocksProxyImpl { return Err(format!("SOCKS connection failed: {}", response.reply).into()); } - if self.command == protocol::Command::UdpAssociate { - log::info!("UDP packet destination: {}", response.address); - self.udp_relay_addr = Some(response.address); - } - self.server_outbuf.append(&mut self.data_buf); self.data_buf.clear(); From 5ce2e85919a65d3ac4024b72ea7a45a46911df09 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sun, 6 Aug 2023 11:42:19 +0800 Subject: [PATCH 045/401] trust-dns-proto import --- Cargo.toml | 1 + src/dns.rs | 104 +++++++++++++++++++++++++++++++++++++++++++++++++ src/lib.rs | 1 + src/virtdns.rs | 24 +++++++++++- 4 files changed, 128 insertions(+), 2 deletions(-) create mode 100644 src/dns.rs diff --git a/Cargo.toml b/Cargo.toml index 25a01d5..7752eee 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -25,6 +25,7 @@ prctl = "1.0" smoltcp = { version = "0.10.0", features = ["std", "phy-tuntap_interface"] } socks5-impl = { version = "0.5", default-features = false } thiserror = "1.0" +trust-dns-proto = "0.22" unicase = "2.6.0" url = "2.4" diff --git a/src/dns.rs b/src/dns.rs new file mode 100644 index 0000000..f4b2404 --- /dev/null +++ b/src/dns.rs @@ -0,0 +1,104 @@ +#![allow(dead_code)] + +use std::{net::IpAddr, str::FromStr}; +use trust_dns_proto::{ + op::{Message, ResponseCode}, + rr::{record_type::RecordType, Name, RData, Record}, +}; + +#[cfg(feature = "use-rand")] +pub fn build_dns_request( + domain: &str, + query_type: RecordType, + used_by_tcp: bool, +) -> Result, String> { + // [dependencies] + // rand = "0.8" + use rand::{rngs::StdRng, Rng, SeedableRng}; + use trust_dns_proto::op::{header::MessageType, op_code::OpCode, query::Query}; + let name = Name::from_str(domain).map_err(|e| e.to_string())?; + let query = Query::query(name, query_type); + let mut msg = Message::new(); + msg.add_query(query) + .set_id(StdRng::from_entropy().gen()) + .set_op_code(OpCode::Query) + .set_message_type(MessageType::Query) + .set_recursion_desired(true); + let mut msg_buf = msg.to_vec().map_err(|e| e.to_string())?; + if used_by_tcp { + let mut buf = (msg_buf.len() as u16).to_be_bytes().to_vec(); + buf.append(&mut msg_buf); + Ok(buf) + } else { + Ok(msg_buf) + } +} + +pub fn build_dns_response( + mut request: Message, + domain: &str, + ip: IpAddr, + ttl: u32, +) -> Result { + let record = match ip { + IpAddr::V4(ip) => { + let mut record = Record::with(Name::from_str(domain)?, RecordType::A, ttl); + record.set_data(Some(RData::A(ip))); + record + } + IpAddr::V6(ip) => { + let mut record = Record::with(Name::from_str(domain)?, RecordType::AAAA, ttl); + record.set_data(Some(RData::AAAA(ip))); + record + } + }; + request.add_answer(record); + Ok(request) +} + +pub fn extract_ipaddr_from_dns_message(message: &Message) -> Result { + if message.response_code() != ResponseCode::NoError { + return Err(format!("{:?}", message.response_code())); + } + let mut cname = None; + for answer in message.answers() { + match answer + .data() + .ok_or("DNS response not contains answer data")? + { + RData::A(addr) => { + return Ok(IpAddr::V4(*addr)); + } + RData::AAAA(addr) => { + return Ok(IpAddr::V6(*addr)); + } + RData::CNAME(name) => { + cname = Some(name.to_utf8()); + } + _ => {} + } + } + if let Some(cname) = cname { + return Err(cname); + } + Err(format!("{:?}", message.answers())) +} + +pub fn extract_domain_from_dns_message(message: &Message) -> Result { + let query = message.queries().get(0).ok_or("DnsRequest no query body")?; + let name = query.name().to_string(); + Ok(name) +} + +pub fn parse_data_to_dns_message(data: &[u8], used_by_tcp: bool) -> Result { + if used_by_tcp { + if data.len() < 2 { + return Err("invalid dns data".into()); + } + let len = u16::from_be_bytes([data[0], data[1]]) as usize; + let data = data.get(2..len + 2).ok_or("invalid dns data")?; + return parse_data_to_dns_message(data, false); + } + let message = Message::from_vec(data).map_err(|e| e.to_string())?; + Ok(message) +} diff --git a/src/lib.rs b/src/lib.rs index 98f69c6..84c3d11 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -7,6 +7,7 @@ use std::{ use tun2proxy::ConnectionManager; mod android; +mod dns; pub mod error; mod http; pub mod setup; diff --git a/src/virtdns.rs b/src/virtdns.rs index 1da5c54..0d13aa6 100644 --- a/src/virtdns.rs +++ b/src/virtdns.rs @@ -8,7 +8,6 @@ use std::{ time::{Duration, Instant}, }; -const DNS_TTL: u8 = 30; // TTL in DNS replies in seconds const MAPPING_TIMEOUT: u64 = 60; // Mapping timeout in seconds #[derive(Eq, PartialEq, Debug)] @@ -57,6 +56,23 @@ impl VirtualDns { VirtualDns::default() } + // /* + pub fn receive_query(&mut self, data: &[u8]) -> Option> { + use crate::dns; + let mut dns_block = || { + let message = dns::parse_data_to_dns_message(data, false)?; + let qname = dns::extract_domain_from_dns_message(&message)?; + if let Some(ip) = self.allocate_ip(qname.clone()) { + let message = dns::build_dns_response(message, &qname, ip, 5)?; + message.to_vec() + } else { + Err("Virtual IP space for DNS exhausted".into()) + } + }; + dns_block().ok() + } + // */ + /* pub fn receive_query(&mut self, data: &[u8]) -> Option> { if data.len() < 17 { return None; @@ -109,6 +125,8 @@ impl VirtualDns { response[8] = 0; response[9] = 0; + const DNS_TTL: u8 = 30; // TTL in DNS replies in seconds + // additional section response[10] = 0; response[11] = 0; @@ -138,7 +156,7 @@ impl VirtualDns { } Some(response) } - + // */ fn increment_ip(addr: IpAddr) -> Option { let mut ip_bytes = match addr as IpAddr { IpAddr::V4(ip) => Vec::::from(ip.octets()), @@ -239,6 +257,7 @@ impl VirtualDns { } } + /* /// Parse a non-root DNS qname at a specific offset and return the name along with its size. /// DNS packet parsing should be continued after the name. fn parse_qname(data: &[u8], mut offset: usize) -> Option<(String, usize)> { @@ -277,4 +296,5 @@ impl VirtualDns { Some((qname, offset)) } + // */ } From 30d7217374eb84cec8a8b6dec4484f08cd8bb49c Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sun, 6 Aug 2023 13:48:56 +0800 Subject: [PATCH 046/401] refine VirtualDns --- src/error.rs | 6 +++ src/lib.rs | 8 +++- src/tun2proxy.rs | 3 +- src/virtdns.rs | 116 ++++++++++++++++++++--------------------------- 4 files changed, 63 insertions(+), 70 deletions(-) diff --git a/src/error.rs b/src/error.rs index 1a57783..b0c916d 100644 --- a/src/error.rs +++ b/src/error.rs @@ -33,6 +33,12 @@ pub enum Error { #[error("std::str::Utf8Error {0:?}")] Utf8(#[from] std::str::Utf8Error), + #[error("TryFromSliceError {0:?}")] + TryFromSlice(#[from] std::array::TryFromSliceError), + + #[error("ProtoError {0:?}")] + ProtoError(#[from] trust_dns_proto::error::ProtoError), + #[cfg(target_os = "android")] #[error("jni::errors::Error {0:?}")] Jni(#[from] jni::errors::Error), diff --git a/src/lib.rs b/src/lib.rs index 84c3d11..9588a4f 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,10 +1,14 @@ -use crate::{error::Error, http::HttpManager, socks::SocksProxyManager, tun2proxy::TunToProxy}; +use crate::{ + error::Error, + http::HttpManager, + socks::SocksProxyManager, + tun2proxy::{ConnectionManager, TunToProxy}, +}; use socks5_impl::protocol::{UserKey, Version}; use std::{ net::{SocketAddr, ToSocketAddrs}, rc::Rc, }; -use tun2proxy::ConnectionManager; mod android; mod dns; diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 29675e2..8e99aff 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -508,7 +508,8 @@ impl<'a> TunToProxy<'a> { let port = connection_info.dst.port(); if let (Some(virtual_dns), true) = (&mut self.options.virtual_dns, port == 53) { let payload = &frame[payload_offset..payload_offset + payload_size]; - if let Some(response) = virtual_dns.receive_query(payload) { + let response = virtual_dns.receive_query(payload)?; + { let rx_buffer = udp::PacketBuffer::new(vec![udp::PacketMetadata::EMPTY], vec![0; 4096]); let tx_buffer = diff --git a/src/virtdns.rs b/src/virtdns.rs index 0d13aa6..6f8949a 100644 --- a/src/virtdns.rs +++ b/src/virtdns.rs @@ -1,3 +1,4 @@ +use crate::error::Result; use hashlink::{linked_hash_map::RawEntryMut, LruCache}; use smoltcp::wire::Ipv4Cidr; use std::{ @@ -10,19 +11,6 @@ use std::{ const MAPPING_TIMEOUT: u64 = 60; // Mapping timeout in seconds -#[derive(Eq, PartialEq, Debug)] -#[allow(dead_code, clippy::upper_case_acronyms)] -enum DnsRecordType { - A = 1, - AAAA = 28, -} - -#[derive(Eq, PartialEq, Debug)] -#[allow(dead_code)] -enum DnsClass { - IN = 1, -} - struct NameCacheEntry { name: String, expiry: Instant, @@ -57,25 +45,32 @@ impl VirtualDns { } // /* - pub fn receive_query(&mut self, data: &[u8]) -> Option> { + pub fn receive_query(&mut self, data: &[u8]) -> Result> { use crate::dns; - let mut dns_block = || { - let message = dns::parse_data_to_dns_message(data, false)?; - let qname = dns::extract_domain_from_dns_message(&message)?; - if let Some(ip) = self.allocate_ip(qname.clone()) { - let message = dns::build_dns_response(message, &qname, ip, 5)?; - message.to_vec() - } else { - Err("Virtual IP space for DNS exhausted".into()) - } - }; - dns_block().ok() + let message = dns::parse_data_to_dns_message(data, false)?; + let qname = dns::extract_domain_from_dns_message(&message)?; + let ip = self.allocate_ip(qname.clone())?; + let message = dns::build_dns_response(message, &qname, ip, 5)?; + Ok(message.to_vec()?) } // */ /* - pub fn receive_query(&mut self, data: &[u8]) -> Option> { + pub fn receive_query(&mut self, data: &[u8]) -> Result> { + #[derive(Eq, PartialEq, Debug)] + #[allow(dead_code, clippy::upper_case_acronyms)] + enum DnsRecordType { + A = 1, + AAAA = 28, + } + + #[derive(Eq, PartialEq, Debug)] + #[allow(dead_code)] + enum DnsClass { + IN = 1, + } + if data.len() < 17 { - return None; + return Err("Invalid DNS query".into()); } // bit 1: Message is a query (0) // bits 2 - 5: Standard query opcode (0) @@ -83,22 +78,22 @@ impl VirtualDns { // bit 7: Message is not truncated (0) // bit 8: Recursion desired (1) let is_supported_query = (data[2] & 0b11111011) == 0b00000001; - let num_queries = u16::from_be_bytes(data[4..6].try_into().ok()?); + let num_queries = u16::from_be_bytes(data[4..6].try_into()?); if !is_supported_query || num_queries != 1 { - return None; + return Err("Invalid DNS query".into()); } - let (qname, offset) = VirtualDns::parse_qname(data, 12)?; + let (qname, offset) = VirtualDns::parse_qname(data, 12).ok_or("parse_qname")?; if offset + 3 >= data.len() { - return None; + return Err("Invalid DNS query".into()); } - let qtype = u16::from_be_bytes(data[offset..offset + 2].try_into().ok()?); - let qclass = u16::from_be_bytes(data[offset + 2..offset + 4].try_into().ok()?); + let qtype = u16::from_be_bytes(data[offset..offset + 2].try_into()?); + let qclass = u16::from_be_bytes(data[offset + 2..offset + 4].try_into()?); if qtype != DnsRecordType::A as u16 && qtype != DnsRecordType::AAAA as u16 || qclass != DnsClass::IN as u16 { - return None; + return Err("Invalid DNS query".into()); } if qtype == DnsRecordType::A as u16 { @@ -131,7 +126,7 @@ impl VirtualDns { response[10] = 0; response[11] = 0; if qtype == DnsRecordType::A as u16 { - if let Some(ip) = self.allocate_ip(qname) { + if let Ok(ip) = self.allocate_ip(qname) { response.extend(&[ 0xc0, 0x0c, // Question name pointer 0, 1, // Record type: A @@ -154,10 +149,10 @@ impl VirtualDns { } else { response[7] = 0; // No answers } - Some(response) + Ok(response) } // */ - fn increment_ip(addr: IpAddr) -> Option { + fn increment_ip(addr: IpAddr) -> Result { let mut ip_bytes = match addr as IpAddr { IpAddr::V4(ip) => Vec::::from(ip.octets()), IpAddr::V6(ip) => Vec::::from(ip.octets()), @@ -176,36 +171,29 @@ impl VirtualDns { } } let addr = if addr.is_ipv4() { - let bytes: [u8; 4] = ip_bytes.as_slice().try_into().ok()?; + let bytes: [u8; 4] = ip_bytes.as_slice().try_into()?; IpAddr::V4(Ipv4Addr::from(bytes)) } else { - let bytes: [u8; 16] = ip_bytes.as_slice().try_into().ok()?; + let bytes: [u8; 16] = ip_bytes.as_slice().try_into()?; IpAddr::V6(Ipv6Addr::from(bytes)) }; - Some(addr) + Ok(addr) } // This is to be called whenever we receive or send a packet on the socket // which connects the tun interface to the client, so existing IP address to name // mappings to not expire as long as the connection is active. - pub fn touch_ip(&mut self, addr: &IpAddr) -> bool { - match self.lru_cache.get_mut(addr) { - None => false, - Some(entry) => { - entry.expiry = Instant::now() + Duration::from_secs(MAPPING_TIMEOUT); - true - } - } + pub fn touch_ip(&mut self, addr: &IpAddr) { + _ = self.lru_cache.get_mut(addr).map(|entry| { + entry.expiry = Instant::now() + Duration::from_secs(MAPPING_TIMEOUT); + }); } pub fn resolve_ip(&mut self, addr: &IpAddr) -> Option<&String> { - match self.lru_cache.get(addr) { - None => None, - Some(entry) => Some(&entry.name), - } + self.lru_cache.get(addr).map(|entry| &entry.name) } - fn allocate_ip(&mut self, name: String) -> Option { + fn allocate_ip(&mut self, name: String) -> Result { let now = Instant::now(); loop { @@ -223,9 +211,9 @@ impl VirtualDns { } if let Some(ip) = self.name_to_ip.get(&name) { - let result = Some(*ip); - self.touch_ip(&ip.clone()); - return result; + let ip = *ip; + self.touch_ip(&ip); + return Ok(ip); } let started_at = self.next_addr; @@ -235,16 +223,10 @@ impl VirtualDns { self.lru_cache.raw_entry_mut().from_key(&self.next_addr) { let expiry = Instant::now() + Duration::from_secs(MAPPING_TIMEOUT); - vacant.insert( - self.next_addr, - NameCacheEntry { - name: name.clone(), - expiry, - }, - ); - // e.insert(name.clone()); - self.name_to_ip.insert(name, self.next_addr); - return Some(self.next_addr); + let name0 = name.clone(); + vacant.insert(self.next_addr, NameCacheEntry { name, expiry }); + self.name_to_ip.insert(name0, self.next_addr); + return Ok(self.next_addr); } self.next_addr = Self::increment_ip(self.next_addr)?; if self.next_addr == self.broadcast_addr { @@ -252,7 +234,7 @@ impl VirtualDns { self.next_addr = self.network_addr; } if self.next_addr == started_at { - return None; + return Err("Virtual IP space for DNS exhausted".into()); } } } From 5bb4bbf022475f636fa70d9849abffe50013d2cd Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sun, 6 Aug 2023 21:36:00 +0800 Subject: [PATCH 047/401] remove raw dns parse code --- src/virtdns.rs | 140 ------------------------------------------------- 1 file changed, 140 deletions(-) diff --git a/src/virtdns.rs b/src/virtdns.rs index 6f8949a..9e13e05 100644 --- a/src/virtdns.rs +++ b/src/virtdns.rs @@ -44,7 +44,6 @@ impl VirtualDns { VirtualDns::default() } - // /* pub fn receive_query(&mut self, data: &[u8]) -> Result> { use crate::dns; let message = dns::parse_data_to_dns_message(data, false)?; @@ -53,105 +52,7 @@ impl VirtualDns { let message = dns::build_dns_response(message, &qname, ip, 5)?; Ok(message.to_vec()?) } - // */ - /* - pub fn receive_query(&mut self, data: &[u8]) -> Result> { - #[derive(Eq, PartialEq, Debug)] - #[allow(dead_code, clippy::upper_case_acronyms)] - enum DnsRecordType { - A = 1, - AAAA = 28, - } - #[derive(Eq, PartialEq, Debug)] - #[allow(dead_code)] - enum DnsClass { - IN = 1, - } - - if data.len() < 17 { - return Err("Invalid DNS query".into()); - } - // bit 1: Message is a query (0) - // bits 2 - 5: Standard query opcode (0) - // bit 6: Unused - // bit 7: Message is not truncated (0) - // bit 8: Recursion desired (1) - let is_supported_query = (data[2] & 0b11111011) == 0b00000001; - let num_queries = u16::from_be_bytes(data[4..6].try_into()?); - if !is_supported_query || num_queries != 1 { - return Err("Invalid DNS query".into()); - } - - let (qname, offset) = VirtualDns::parse_qname(data, 12).ok_or("parse_qname")?; - if offset + 3 >= data.len() { - return Err("Invalid DNS query".into()); - } - let qtype = u16::from_be_bytes(data[offset..offset + 2].try_into()?); - let qclass = u16::from_be_bytes(data[offset + 2..offset + 4].try_into()?); - - if qtype != DnsRecordType::A as u16 && qtype != DnsRecordType::AAAA as u16 - || qclass != DnsClass::IN as u16 - { - return Err("Invalid DNS query".into()); - } - - if qtype == DnsRecordType::A as u16 { - log::info!("DNS query: {}", qname); - } - - let mut response = Vec::::new(); - response.extend(&data[0..offset + 4]); - response[2] |= 0x80; // Message is a response - response[3] |= 0x80; // Recursion available - - // Record count of the answer section: - // We only send an answer record for A queries, assuming that IPv4 is supported everywhere. - // This way, we do not have to handle two IP spaces for the virtual DNS feature. - response[6] = 0; - response[7] = if qtype == DnsRecordType::A as u16 { - 1 - } else { - 0 - }; - - // Zero count of other sections: - // authority section - response[8] = 0; - response[9] = 0; - - const DNS_TTL: u8 = 30; // TTL in DNS replies in seconds - - // additional section - response[10] = 0; - response[11] = 0; - if qtype == DnsRecordType::A as u16 { - if let Ok(ip) = self.allocate_ip(qname) { - response.extend(&[ - 0xc0, 0x0c, // Question name pointer - 0, 1, // Record type: A - 0, 1, // Class: IN - 0, 0, 0, DNS_TTL, // TTL - 0, 4, // Data length: 4 bytes - ]); - match ip { - IpAddr::V4(ip) => response.extend(ip.octets().as_ref()), - IpAddr::V6(ip) => response.extend(ip.octets().as_ref()), - }; - } else { - log::error!("Virtual IP space for DNS exhausted"); - response[7] = 0; // No answers - - // Set rcode to SERVFAIL - response[3] &= 0xf0; - response[3] |= 2; - } - } else { - response[7] = 0; // No answers - } - Ok(response) - } - // */ fn increment_ip(addr: IpAddr) -> Result { let mut ip_bytes = match addr as IpAddr { IpAddr::V4(ip) => Vec::::from(ip.octets()), @@ -238,45 +139,4 @@ impl VirtualDns { } } } - - /* - /// Parse a non-root DNS qname at a specific offset and return the name along with its size. - /// DNS packet parsing should be continued after the name. - fn parse_qname(data: &[u8], mut offset: usize) -> Option<(String, usize)> { - // Since we only parse qnames and qnames can't point anywhere, - // we do not support pointers. (0xC0 is a bitmask for pointer detection.) - let label_type = data[offset] & 0xC0; - if label_type != 0x00 { - return None; - } - - let mut qname = String::from(""); - loop { - if offset >= data.len() { - return None; - } - let label_len = data[offset]; - if label_len == 0 { - if qname.is_empty() { - return None; - } - offset += 1; - break; - } - if !qname.is_empty() { - qname.push('.'); - } - for _ in 0..label_len { - offset += 1; - if offset >= data.len() { - return None; - } - qname.push(data[offset] as char); - } - offset += 1; - } - - Some((qname, offset)) - } - // */ } From 41feb84c29abf7f7619312a3bbc17634fed6ccef Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sun, 6 Aug 2023 22:39:00 +0800 Subject: [PATCH 048/401] publish script --- .github/workflows/publish-exe.yml | 11 ++++------- Cargo.toml | 2 +- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/.github/workflows/publish-exe.yml b/.github/workflows/publish-exe.yml index 918c177..8b19a38 100644 --- a/.github/workflows/publish-exe.yml +++ b/.github/workflows/publish-exe.yml @@ -1,7 +1,7 @@ on: push: - branches: [master] - workflow_dispatch: + tags: + - "*" name: Build and publish executable @@ -24,10 +24,7 @@ jobs: run: mkdir build && mv target/x86_64-unknown-linux-gnu/release/tun2proxy build/tun2proxy-x86_64 - name: Publish uses: softprops/action-gh-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - name: Automated build of ${{ github.sha }} files: build/* - draft: false - prerelease: true - body: This is an automated build of commit ${{ github.sha }}. - tag_name: r${{ github.sha }} \ No newline at end of file diff --git a/Cargo.toml b/Cargo.toml index 7752eee..a5ec577 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -2,7 +2,7 @@ authors = ["B. Blechschmidt"] edition = "2018" name = "tun2proxy" -version = "0.1.1" +version = "0.1.2" [lib] crate-type = ["cdylib", "lib"] From c8b13fc4044764243e78138ab0f1a1d2c2bd3de0 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Mon, 7 Aug 2023 12:29:36 +0800 Subject: [PATCH 049/401] receive_tun --- src/tun2proxy.rs | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 8e99aff..46608e5 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -449,15 +449,19 @@ impl<'a> TunToProxy<'a> { } } }; - log::trace!("{} ({})", connection_info, dst); if connection_info.protocol == IpProtocol::Tcp { let server_addr = self .get_connection_manager(&connection_info) .ok_or("get_connection_manager")? .get_server_addr(); if first_packet { - if let Some(manager) = self.connection_managers.iter_mut().next() { - let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info)?; + let mut done = false; + for manager in self.connection_managers.iter_mut() { + let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info); + if tcp_proxy_handler.is_err() { + continue; + } + let tcp_proxy_handler = tcp_proxy_handler?; let mut socket = tcp::Socket::new( tcp::SocketBuffer::new(vec![0; 1024 * 128]), tcp::SocketBuffer::new(vec![0; 1024 * 128]), @@ -484,10 +488,18 @@ impl<'a> TunToProxy<'a> { self.token_to_info.insert(token, connection_info.clone()); - // log::info!("CONNECT {} ({})", connection_info, dst); + log::info!("Connect done {} ({})", connection_info, dst); + done = true; + break; + } + if !done { + log::debug!("No connection manager for {} ({})", connection_info, dst); } } else if !self.connection_map.contains_key(&connection_info) { + log::debug!("Not found {} ({})", connection_info, dst); return Ok(()); + } else { + log::trace!("Subsequent packet {} ({})", connection_info, dst); } // Inject the packet to advance the smoltcp socket state @@ -505,6 +517,7 @@ impl<'a> TunToProxy<'a> { // Therefore, we now expect it to write data to the server. self.write_to_server(&connection_info)?; } else if connection_info.protocol == IpProtocol::Udp { + log::trace!("{} ({})", connection_info, dst); let port = connection_info.dst.port(); if let (Some(virtual_dns), true) = (&mut self.options.virtual_dns, port == 53) { let payload = &frame[payload_offset..payload_offset + payload_size]; @@ -525,6 +538,8 @@ impl<'a> TunToProxy<'a> { } } // Otherwise, UDP is not yet supported. + } else { + log::warn!("Unsupported protocol: {} ({})", connection_info, dst); } Ok::<(), Error>(()) }; From 3b9207fb7af0620c445909f8f84e6da93007c2c6 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Tue, 8 Aug 2023 09:16:57 +0800 Subject: [PATCH 050/401] fixing get_transport_info --- src/tun2proxy.rs | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 46608e5..bd68a76 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -107,15 +107,16 @@ fn get_transport_info( .map_err(|e| e.into()), IpProtocol::Tcp => TcpPacket::new_checked(packet) .map(|result| { + let header_len = result.header_len() as usize; ( (result.src_port(), result.dst_port()), result.syn() && !result.ack(), - transport_offset + result.header_len() as usize, - packet.len(), + transport_offset + header_len, + packet.len() - header_len, ) }) .map_err(|e| e.into()), - _ => Err(format!("Unsupported protocol {protocol}").into()), + _ => Err(format!("Unsupported protocol {protocol} in IP packet").into()), } } From b92f2efd81fe41ac2f1e27fe9a2ee22fb26ef820 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Tue, 8 Aug 2023 09:20:43 +0800 Subject: [PATCH 051/401] remove .expect call --- src/error.rs | 3 +++ src/tun2proxy.rs | 5 ++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/error.rs b/src/error.rs index b0c916d..bae52ba 100644 --- a/src/error.rs +++ b/src/error.rs @@ -27,6 +27,9 @@ pub enum Error { #[error("smoltcp::socket::tcp::SendError {0:?}")] Send(#[from] smoltcp::socket::tcp::SendError), + #[error("smoltcp::socket::udp::SendError {0:?}")] + UdpSend(#[from] smoltcp::socket::udp::SendError), + #[error("smoltcp::wire::Error {0:?}")] Wire(#[from] smoltcp::wire::Error), diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index bd68a76..b2dd44a 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -530,9 +530,8 @@ impl<'a> TunToProxy<'a> { udp::PacketBuffer::new(vec![udp::PacketMetadata::EMPTY], vec![0; 4096]); let mut socket = udp::Socket::new(rx_buffer, tx_buffer); socket.bind(dst)?; - socket - .send_slice(response.as_slice(), UdpMetadata::from(connection_info.src)) - .expect("failed to send DNS response"); + let meta = UdpMetadata::from(connection_info.src); + socket.send_slice(response.as_slice(), meta)?; let handle = self.sockets.add(socket); self.expect_smoltcp_send()?; self.sockets.remove(handle); From 4d9b10fd1c27e9045a1308d202c5fa9ef4350803 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Tue, 8 Aug 2023 11:37:24 +0800 Subject: [PATCH 052/401] verbosity parameter --- src/main.rs | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/src/main.rs b/src/main.rs index bcf8519..ad86438 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,5 +1,4 @@ use clap::Parser; -use env_logger::Env; use std::{net::IpAddr, process::ExitCode}; use tun2proxy::{error::Error, main_entry, NetworkInterface, Options, Proxy}; @@ -43,6 +42,10 @@ struct Args { /// Public proxy IP used in routing setup which should bypassing the tunnel #[arg(long, value_name = "IP")] bypass_ip: Option, + + /// Verbosity level + #[arg(short, long, value_name = "level", value_enum, default_value = "info")] + verbosity: ArgVerbosity, } #[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, clap::ValueEnum)] @@ -56,11 +59,23 @@ enum ArgSetup { Auto, } +#[derive(Debug, Copy, Clone, PartialEq, Eq, PartialOrd, Ord, clap::ValueEnum)] +enum ArgVerbosity { + Off, + Error, + Warn, + Info, + Debug, + Trace, +} + fn main() -> ExitCode { dotenvy::dotenv().ok(); - env_logger::Builder::from_env(Env::default().default_filter_or("info")).init(); let args = Args::parse(); + let default = format!("{}={:?}", module_path!(), args.verbosity); + env_logger::Builder::from_env(env_logger::Env::default().default_filter_or(default)).init(); + let addr = args.proxy.addr; let proxy_type = args.proxy.proxy_type; log::info!("Proxy {proxy_type} server: {addr}"); From ff9c258fbd68ccfa60521f76fdea999b1ef3623e Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Tue, 8 Aug 2023 23:45:16 +0800 Subject: [PATCH 053/401] re-formatting with max_width = 120 --- rustfmt.toml | 1 + src/android.rs | 9 ++------- src/dns.rs | 18 +++--------------- src/http.rs | 31 ++++++++++++------------------- src/lib.rs | 17 +++++------------ src/main.rs | 15 ++------------- src/setup.rs | 46 +++++++--------------------------------------- src/socks.rs | 32 +++++++++----------------------- src/tun2proxy.rs | 43 +++++++++++++------------------------------ src/virtdns.rs | 4 +--- tests/proxy.rs | 39 +++++++++------------------------------ 11 files changed, 64 insertions(+), 191 deletions(-) create mode 100644 rustfmt.toml diff --git a/rustfmt.toml b/rustfmt.toml new file mode 100644 index 0000000..7530651 --- /dev/null +++ b/rustfmt.toml @@ -0,0 +1 @@ +max_width = 120 diff --git a/src/android.rs b/src/android.rs index 02d4e5b..b1b6ca2 100644 --- a/src/android.rs +++ b/src/android.rs @@ -23,9 +23,7 @@ pub unsafe extern "C" fn Java_com_github_shadowsocks_bg_Tun2proxy_run( ) -> jint { let log_level = if verbose != 0 { "trace" } else { "info" }; let filter_str = &format!("off,tun2proxy={log_level}"); - let filter = android_logger::FilterBuilder::new() - .parse(filter_str) - .build(); + let filter = android_logger::FilterBuilder::new().parse(filter_str).build(); android_logger::init_once( android_logger::Config::default() .with_tag("tun2proxy") @@ -61,10 +59,7 @@ pub unsafe extern "C" fn Java_com_github_shadowsocks_bg_Tun2proxy_run( /// /// Shutdown tun2proxy #[no_mangle] -pub unsafe extern "C" fn Java_com_github_shadowsocks_bg_Tun2proxy_stop( - _env: JNIEnv, - _clazz: JClass, -) -> jint { +pub unsafe extern "C" fn Java_com_github_shadowsocks_bg_Tun2proxy_stop(_env: JNIEnv, _: JClass) -> jint { match &mut TUN_TO_PROXY { None => { log::error!("tun2proxy not started"); diff --git a/src/dns.rs b/src/dns.rs index f4b2404..2ae1528 100644 --- a/src/dns.rs +++ b/src/dns.rs @@ -7,11 +7,7 @@ use trust_dns_proto::{ }; #[cfg(feature = "use-rand")] -pub fn build_dns_request( - domain: &str, - query_type: RecordType, - used_by_tcp: bool, -) -> Result, String> { +pub fn build_dns_request(domain: &str, query_type: RecordType, used_by_tcp: bool) -> Result, String> { // [dependencies] // rand = "0.8" use rand::{rngs::StdRng, Rng, SeedableRng}; @@ -34,12 +30,7 @@ pub fn build_dns_request( } } -pub fn build_dns_response( - mut request: Message, - domain: &str, - ip: IpAddr, - ttl: u32, -) -> Result { +pub fn build_dns_response(mut request: Message, domain: &str, ip: IpAddr, ttl: u32) -> Result { let record = match ip { IpAddr::V4(ip) => { let mut record = Record::with(Name::from_str(domain)?, RecordType::A, ttl); @@ -62,10 +53,7 @@ pub fn extract_ipaddr_from_dns_message(message: &Message) -> Result { return Ok(IpAddr::V4(*addr)); } diff --git a/src/http.rs b/src/http.rs index 5c5d76b..b7ddfce 100644 --- a/src/http.rs +++ b/src/http.rs @@ -1,8 +1,8 @@ use crate::{ error::Error, tun2proxy::{ - ConnectionInfo, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, - OutgoingDataEvent, OutgoingDirection, TcpProxy, + ConnectionInfo, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, OutgoingDataEvent, + OutgoingDirection, TcpProxy, }, }; use base64::Engine; @@ -89,11 +89,9 @@ impl HttpConnection { fn send_tunnel_request(&mut self) -> Result<(), Error> { self.server_outbuf.extend(b"CONNECT "); - self.server_outbuf - .extend(self.destination.to_string().as_bytes()); + self.server_outbuf.extend(self.destination.to_string().as_bytes()); self.server_outbuf.extend(b" HTTP/1.1\r\nHost: "); - self.server_outbuf - .extend(self.destination.to_string().as_bytes()); + self.server_outbuf.extend(self.destination.to_string().as_bytes()); self.server_outbuf.extend(b"\r\n"); self.send_auth_data(if self.digest_state.borrow().is_none() { @@ -126,14 +124,8 @@ impl HttpConnection { let mut state = self.digest_state.borrow_mut(); let response = state.as_mut().unwrap().respond(&context)?; - self.server_outbuf.extend( - format!( - "{}: {}\r\n", - PROXY_AUTHORIZATION, - response.to_header_string() - ) - .as_bytes(), - ); + self.server_outbuf + .extend(format!("{}: {}\r\n", PROXY_AUTHORIZATION, response.to_header_string()).as_bytes()); } AuthenticationScheme::Basic => { let cred = format!("{}:{}", credentials.username, credentials.password); @@ -198,8 +190,11 @@ impl HttpConnection { } if status_code != 407 { - let e = - format!("Expected success status code. Server replied with {status_code} [Reason: {}].", res.reason.unwrap()); + let e = format!( + "Expected success status code. Server replied with {} [Reason: {}].", + status_code, + res.reason.unwrap() + ); return Err(e.into()); } @@ -371,9 +366,7 @@ impl TcpProxy for HttpConnection { match dir { Direction::Incoming(incoming) => match incoming { IncomingDirection::FromServer => !self.server_inbuf.is_empty(), - IncomingDirection::FromClient => { - !self.client_inbuf.is_empty() || !self.data_buf.is_empty() - } + IncomingDirection::FromClient => !self.client_inbuf.is_empty() || !self.data_buf.is_empty(), }, Direction::Outgoing(outgoing) => match outgoing { OutgoingDirection::ToServer => !self.server_outbuf.is_empty(), diff --git a/src/lib.rs b/src/lib.rs index 9588a4f..01ea7ba 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -124,24 +124,17 @@ pub fn tun_to_proxy<'a>( let mut ttp = TunToProxy::new(interface, options)?; let credentials = proxy.credentials.clone(); let server = proxy.addr; + #[rustfmt::skip] let mgr = match proxy.proxy_type { - ProxyType::Socks4 => Rc::new(SocksProxyManager::new(server, Version::V4, credentials)) - as Rc, - ProxyType::Socks5 => Rc::new(SocksProxyManager::new(server, Version::V5, credentials)) - as Rc, - ProxyType::Http => { - Rc::new(HttpManager::new(server, credentials)) as Rc - } + ProxyType::Socks4 => Rc::new(SocksProxyManager::new(server, Version::V4, credentials)) as Rc, + ProxyType::Socks5 => Rc::new(SocksProxyManager::new(server, Version::V5, credentials)) as Rc, + ProxyType::Http => Rc::new(HttpManager::new(server, credentials)) as Rc, }; ttp.add_connection_manager(mgr); Ok(ttp) } -pub fn main_entry( - interface: &NetworkInterface, - proxy: &Proxy, - options: Options, -) -> Result<(), Error> { +pub fn main_entry(interface: &NetworkInterface, proxy: &Proxy, options: Options) -> Result<(), Error> { let mut ttp = tun_to_proxy(interface, proxy, options)?; ttp.run()?; Ok(()) diff --git a/src/main.rs b/src/main.rs index ad86438..1502599 100644 --- a/src/main.rs +++ b/src/main.rs @@ -26,13 +26,7 @@ struct Args { proxy: Proxy, /// DNS handling - #[arg( - short, - long, - value_name = "method", - value_enum, - default_value = "virtual" - )] + #[arg(short, long, value_name = "method", value_enum, default_value = "virtual")] dns: ArgDns, /// Routing and system setup @@ -102,12 +96,7 @@ fn main() -> ExitCode { Some(addr) => addr, None => args.proxy.addr.ip(), }; - setup = Setup::new( - &args.tun, - &bypass_tun_ip, - get_default_cidrs(), - args.bypass_ip.is_some(), - ); + setup = Setup::new(&args.tun, &bypass_tun_ip, get_default_cidrs(), args.bypass_ip.is_some()); setup.configure()?; diff --git a/src/setup.rs b/src/setup.rs index 8838ab3..c273ea5 100644 --- a/src/setup.rs +++ b/src/setup.rs @@ -59,13 +59,7 @@ where cmdline.append(&mut args); let command = cmdline.as_slice().join(" "); match String::from_utf8(output.stderr.clone()) { - Ok(output) => Err(format!( - "[{}] Command `{}` failed: {}", - nix::unistd::getpid(), - command, - output - ) - .into()), + Ok(output) => Err(format!("[{}] Command `{}` failed: {}", nix::unistd::getpid(), command, output).into()), Err(_) => Err(format!( "Command `{:?}` failed with exit code {}", command, @@ -126,14 +120,7 @@ impl Setup { } let (addr_str, prefix_len_str) = match dst_str.split_once(['/']) { - None => ( - dst_str, - if self.tunnel_bypass_addr.is_ipv6() { - "128" - } else { - "32" - }, - ), + None => (dst_str, if self.tunnel_bypass_addr.is_ipv6() { "128" } else { "32" }), Some((addr_str, prefix_len_str)) => (addr_str, prefix_len_str), }; @@ -215,13 +202,8 @@ impl Setup { fn shutdown(&mut self) -> Result<(), Error> { self.set_up = false; - log::info!( - "[{}] Restoring network configuration", - nix::unistd::getpid() - ); - let _ = Command::new("ip") - .args(["link", "del", self.tun.as_str()]) - .output(); + log::info!("[{}] Restoring network configuration", nix::unistd::getpid()); + let _ = Command::new("ip").args(["link", "del", self.tun.as_str()]).output(); if self.delete_proxy_route { let _ = Command::new("ip") .args(["route", "del", self.tunnel_bypass_addr.to_string().as_str()]) @@ -235,15 +217,7 @@ impl Setup { if let Err(e) = (|| -> Result<(), Error> { nix::unistd::close(read_from_child)?; run_iproute( - [ - "ip", - "tuntap", - "add", - "name", - self.tun.as_str(), - "mode", - "tun", - ], + ["ip", "tuntap", "add", "name", self.tun.as_str(), "mode", "tun"], "failed to create tunnel device", true, )?; @@ -306,10 +280,7 @@ impl Setup { } pub fn configure(&mut self) -> Result<(), Error> { - log::info!( - "[{}] Setting up network configuration", - nix::unistd::getpid() - ); + log::info!("[{}] Setting up network configuration", nix::unistd::getpid()); if nix::unistd::getuid() != 0.into() { return Err("Automatic setup requires root privileges".into()); } @@ -345,10 +316,7 @@ impl Setup { } pub fn restore(&mut self) -> Result<(), Error> { - nix::sys::signal::kill( - nix::unistd::Pid::from_raw(self.child), - nix::sys::signal::SIGINT, - )?; + nix::sys::signal::kill(nix::unistd::Pid::from_raw(self.child), nix::sys::signal::SIGINT)?; nix::sys::wait::waitpid(nix::unistd::Pid::from_raw(self.child), None)?; Ok(()) } diff --git a/src/socks.rs b/src/socks.rs index a8e4fde..9888415 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -1,14 +1,12 @@ use crate::{ error::Error, tun2proxy::{ - ConnectionInfo, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, - OutgoingDataEvent, OutgoingDirection, TcpProxy, + ConnectionInfo, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, OutgoingDataEvent, + OutgoingDirection, TcpProxy, }, }; use smoltcp::wire::IpProtocol; -use socks5_impl::protocol::{ - self, handshake, password_method, Address, AuthMethod, StreamOperation, UserKey, Version, -}; +use socks5_impl::protocol::{self, handshake, password_method, Address, AuthMethod, StreamOperation, UserKey, Version}; use std::{collections::VecDeque, net::SocketAddr}; #[derive(Eq, PartialEq, Debug)] @@ -36,11 +34,7 @@ struct SocksProxyImpl { } impl SocksProxyImpl { - pub fn new( - info: &ConnectionInfo, - credentials: Option, - version: Version, - ) -> Result { + fn new(info: &ConnectionInfo, credentials: Option, version: Version) -> Result { let mut result = Self { info: info.clone(), state: SocksState::ServerHello, @@ -60,8 +54,7 @@ impl SocksProxyImpl { let credentials = &self.credentials; self.server_outbuf .extend(&[self.version as u8, protocol::Command::Connect.into()]); - self.server_outbuf - .extend(self.info.dst.port().to_be_bytes()); + self.server_outbuf.extend(self.info.dst.port().to_be_bytes()); let mut ip_vec = Vec::::new(); let mut name_vec = Vec::::new(); match &self.info.dst { @@ -94,11 +87,7 @@ impl SocksProxyImpl { let credentials = &self.credentials; // Providing unassigned methods is supposed to bypass China's GFW. // For details, refer to https://github.com/blechschmidt/tun2proxy/issues/35. - let mut methods = vec![ - AuthMethod::NoAuth, - AuthMethod::from(4_u8), - AuthMethod::from(100_u8), - ]; + let mut methods = vec![AuthMethod::NoAuth, AuthMethod::from(4_u8), AuthMethod::from(100_u8)]; if credentials.is_some() { methods.push(AuthMethod::UserPass); } @@ -151,8 +140,7 @@ impl SocksProxyImpl { let auth_method = respones.method; if auth_method != AuthMethod::NoAuth && self.credentials.is_none() - || (auth_method != AuthMethod::NoAuth && auth_method != AuthMethod::UserPass) - && self.credentials.is_some() + || (auth_method != AuthMethod::NoAuth && auth_method != AuthMethod::UserPass) && self.credentials.is_some() { return Err("SOCKS5 server requires an unsupported authentication method.".into()); } @@ -240,7 +228,7 @@ impl SocksProxyImpl { Ok(()) } - pub fn state_change(&mut self) -> Result<(), Error> { + fn state_change(&mut self) -> Result<(), Error> { match self.state { SocksState::ServerHello => self.receive_server_hello(), @@ -308,9 +296,7 @@ impl TcpProxy for SocksProxyImpl { match dir { Direction::Incoming(incoming) => match incoming { IncomingDirection::FromServer => !self.server_inbuf.is_empty(), - IncomingDirection::FromClient => { - !self.client_inbuf.is_empty() || !self.data_buf.is_empty() - } + IncomingDirection::FromClient => !self.client_inbuf.is_empty() || !self.data_buf.is_empty(), }, Direction::Outgoing(outgoing) => match outgoing { OutgoingDirection::ToServer => !self.server_outbuf.is_empty(), diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index b2dd44a..1a39e4d 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -222,25 +222,19 @@ impl<'a> TunToProxy<'a> { pub fn new(interface: &NetworkInterface, options: Options) -> Result { let tun = match interface { NetworkInterface::Named(name) => TunTapInterface::new(name.as_str(), Medium::Ip)?, - NetworkInterface::Fd(fd) => { - TunTapInterface::from_fd(*fd, Medium::Ip, options.mtu.unwrap_or(1500))? - } + NetworkInterface::Fd(fd) => TunTapInterface::from_fd(*fd, Medium::Ip, options.mtu.unwrap_or(1500))?, }; let poll = Poll::new()?; - poll.registry().register( - &mut SourceFd(&tun.as_raw_fd()), - TUN_TOKEN, - Interest::READABLE, - )?; + poll.registry() + .register(&mut SourceFd(&tun.as_raw_fd()), TUN_TOKEN, Interest::READABLE)?; let (exit_sender, mut exit_receiver) = mio::unix::pipe::new()?; poll.registry() .register(&mut exit_receiver, EXIT_TOKEN, Interest::READABLE)?; + #[rustfmt::skip] let config = match tun.capabilities().medium { - Medium::Ethernet => Config::new( - smoltcp::wire::EthernetAddress([0x02, 0x00, 0x00, 0x00, 0x00, 0x01]).into(), - ), + Medium::Ethernet => Config::new(smoltcp::wire::EthernetAddress([0x02, 0x00, 0x00, 0x00, 0x00, 0x01]).into()), Medium::Ip => Config::new(smoltcp::wire::HardwareAddress::Ip), Medium::Ieee802154 => todo!(), }; @@ -285,8 +279,7 @@ impl<'a> TunToProxy<'a> { } fn expect_smoltcp_send(&mut self) -> Result<(), Error> { - self.iface - .poll(Instant::now(), &mut self.device, &mut self.sockets); + self.iface.poll(Instant::now(), &mut self.device, &mut self.sockets); while let Some(vec) = self.device.exfiltrate_packet() { let slice = vec.as_slice(); @@ -314,7 +307,7 @@ impl<'a> TunToProxy<'a> { let token = &conn.token; self.token_to_info.remove(token); _ = self.poll.registry().deregister(&mut conn.mio_stream); - log::info!("CLOSE {}", info); + log::info!("Close {}", info); } Ok(()) } @@ -429,8 +422,7 @@ impl<'a> TunToProxy<'a> { interest = Interest::READABLE | Interest::WRITABLE; } - poll.registry() - .register(&mut state.mio_stream, state.token, interest)?; + poll.registry().register(&mut state.mio_stream, state.token, interest)?; Ok(()) } @@ -524,10 +516,8 @@ impl<'a> TunToProxy<'a> { let payload = &frame[payload_offset..payload_offset + payload_size]; let response = virtual_dns.receive_query(payload)?; { - let rx_buffer = - udp::PacketBuffer::new(vec![udp::PacketMetadata::EMPTY], vec![0; 4096]); - let tx_buffer = - udp::PacketBuffer::new(vec![udp::PacketMetadata::EMPTY], vec![0; 4096]); + let rx_buffer = udp::PacketBuffer::new(vec![udp::PacketMetadata::EMPTY], vec![0; 4096]); + let tx_buffer = udp::PacketBuffer::new(vec![udp::PacketMetadata::EMPTY], vec![0; 4096]); let mut socket = udp::Socket::new(rx_buffer, tx_buffer); socket.bind(dst)?; let meta = UdpMetadata::from(connection_info.src); @@ -551,9 +541,7 @@ impl<'a> TunToProxy<'a> { fn write_to_server(&mut self, info: &ConnectionInfo) -> Result<(), Error> { if let Some(state) = self.connection_map.get_mut(info) { - let event = state - .tcp_proxy_handler - .peek_data(OutgoingDirection::ToServer); + let event = state.tcp_proxy_handler.peek_data(OutgoingDirection::ToServer); let buffer_size = event.buffer.len(); if buffer_size == 0 { state.wait_write = false; @@ -590,9 +578,7 @@ impl<'a> TunToProxy<'a> { Some(handle) => handle, None => break, }; - let event = state - .tcp_proxy_handler - .peek_data(OutgoingDirection::ToClient); + let event = state.tcp_proxy_handler.peek_data(OutgoingDirection::ToClient); let buflen = event.buffer.len(); let consumed; { @@ -662,10 +648,7 @@ impl<'a> TunToProxy<'a> { } }; - let server = self - .get_connection_manager(&conn_info) - .ok_or(e)? - .get_server_addr(); + let server = self.get_connection_manager(&conn_info).ok_or(e)?.get_server_addr(); let mut block = || -> Result<(), Error> { if event.is_readable() || event.is_read_closed() { diff --git a/src/virtdns.rs b/src/virtdns.rs index 9e13e05..148b45c 100644 --- a/src/virtdns.rs +++ b/src/virtdns.rs @@ -120,9 +120,7 @@ impl VirtualDns { let started_at = self.next_addr; loop { - if let RawEntryMut::Vacant(vacant) = - self.lru_cache.raw_entry_mut().from_key(&self.next_addr) - { + if let RawEntryMut::Vacant(vacant) = self.lru_cache.raw_entry_mut().from_key(&self.next_addr) { let expiry = Instant::now() + Duration::from_secs(MAPPING_TIMEOUT); let name0 = name.clone(); vacant.insert(self.next_addr, NameCacheEntry { name, expiry }); diff --git a/tests/proxy.rs b/tests/proxy.rs index 8e1f71c..a7274a2 100644 --- a/tests/proxy.rs +++ b/tests/proxy.rs @@ -22,8 +22,7 @@ mod tests { static TUN_TEST_DEVICE: &str = "tun0"; fn proxy_from_env(env_var: &str) -> Result { - let url = - env::var(env_var).map_err(|_| format!("{env_var} environment variable not found"))?; + let url = env::var(env_var).map_err(|_| format!("{env_var} environment variable not found"))?; Proxy::from_url(url.as_str()).map_err(|_| format!("{env_var} URL cannot be parsed")) } @@ -71,15 +70,13 @@ mod tests { Ok(ip_str) => IpAddr::from_str(ip_str.as_str()).unwrap(), }; - let mut setup = - Setup::new(TUN_TEST_DEVICE, &bypass_ip, get_default_cidrs(), false); + let mut setup = Setup::new(TUN_TEST_DEVICE, &bypass_ip, get_default_cidrs(), false); setup.configure().unwrap(); match fork::fork() { Ok(Fork::Parent(child)) => { test_function(); - signal::kill(Pid::from_raw(child), signal::SIGINT) - .expect("failed to kill child"); + signal::kill(Pid::from_raw(child), signal::SIGINT).expect("failed to kill child"); setup.restore().unwrap(); } Ok(Fork::Child) => { @@ -109,59 +106,41 @@ mod tests { #[test_log::test] fn test_socks4() { require_var("SOCKS4_SERVER"); - run_test( - |test| test.proxy.proxy_type == ProxyType::Socks4, - request_ip_host_http, - ) + run_test(|test| test.proxy.proxy_type == ProxyType::Socks4, request_ip_host_http) } #[serial] #[test_log::test] fn test_socks5() { require_var("SOCKS5_SERVER"); - run_test( - |test| test.proxy.proxy_type == ProxyType::Socks5, - request_ip_host_http, - ) + run_test(|test| test.proxy.proxy_type == ProxyType::Socks5, request_ip_host_http) } #[serial] #[test_log::test] fn test_http() { require_var("HTTP_SERVER"); - run_test( - |test| test.proxy.proxy_type == ProxyType::Http, - request_ip_host_http, - ) + run_test(|test| test.proxy.proxy_type == ProxyType::Http, request_ip_host_http) } #[serial] #[test_log::test] fn test_socks4_dns() { require_var("SOCKS4_SERVER"); - run_test( - |test| test.proxy.proxy_type == ProxyType::Socks4, - request_example_https, - ) + run_test(|test| test.proxy.proxy_type == ProxyType::Socks4, request_example_https) } #[serial] #[test_log::test] fn test_socks5_dns() { require_var("SOCKS5_SERVER"); - run_test( - |test| test.proxy.proxy_type == ProxyType::Socks5, - request_example_https, - ) + run_test(|test| test.proxy.proxy_type == ProxyType::Socks5, request_example_https) } #[serial] #[test_log::test] fn test_http_dns() { require_var("HTTP_SERVER"); - run_test( - |test| test.proxy.proxy_type == ProxyType::Http, - request_example_https, - ) + run_test(|test| test.proxy.proxy_type == ProxyType::Http, request_example_https) } } From 3720c41a6b96db807e841b026c45ab807f22ca87 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Wed, 9 Aug 2023 00:02:33 +0800 Subject: [PATCH 054/401] minor changes --- src/socks.rs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/socks.rs b/src/socks.rs index 9888415..3c71e2a 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -87,7 +87,12 @@ impl SocksProxyImpl { let credentials = &self.credentials; // Providing unassigned methods is supposed to bypass China's GFW. // For details, refer to https://github.com/blechschmidt/tun2proxy/issues/35. - let mut methods = vec![AuthMethod::NoAuth, AuthMethod::from(4_u8), AuthMethod::from(100_u8)]; + #[rustfmt::skip] + let mut methods = vec![ + AuthMethod::NoAuth, + AuthMethod::from(4_u8), + AuthMethod::from(100_u8), + ]; if credentials.is_some() { methods.push(AuthMethod::UserPass); } From ca5b550e44395a43e2812f15739fa05b15ecb28d Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Wed, 9 Aug 2023 00:38:32 +0800 Subject: [PATCH 055/401] reformatting code --- src/tun2proxy.rs | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 1a39e4d..87d88df 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -413,14 +413,12 @@ impl<'a> TunToProxy<'a> { } // This ugliness is due to the way Interest is implemented (as a NonZeroU8 wrapper). - let interest; - if state.wait_read && !state.wait_write { - interest = Interest::READABLE; - } else if state.wait_write && !state.wait_read { - interest = Interest::WRITABLE; - } else { - interest = Interest::READABLE | Interest::WRITABLE; - } + let interest = match (state.wait_read, state.wait_write) { + (true, false) => Interest::READABLE, + (false, true) => Interest::WRITABLE, + (true, true) => Interest::READABLE | Interest::WRITABLE, + (false, false) => Interest::READABLE | Interest::WRITABLE, + }; poll.registry().register(&mut state.mio_stream, state.token, interest)?; Ok(()) From 64ab4b503c45901242455a86613da892e8c63944 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Wed, 9 Aug 2023 14:31:33 +0800 Subject: [PATCH 056/401] minor changes --- src/tun2proxy.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 87d88df..1bb0170 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -416,8 +416,7 @@ impl<'a> TunToProxy<'a> { let interest = match (state.wait_read, state.wait_write) { (true, false) => Interest::READABLE, (false, true) => Interest::WRITABLE, - (true, true) => Interest::READABLE | Interest::WRITABLE, - (false, false) => Interest::READABLE | Interest::WRITABLE, + _ => Interest::READABLE | Interest::WRITABLE, }; poll.registry().register(&mut state.mio_stream, state.token, interest)?; From 855aaa04faf3ca67072f768e298cd00fababe778 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Wed, 9 Aug 2023 16:50:59 +0800 Subject: [PATCH 057/401] read code --- src/socks.rs | 15 +++++++-------- src/tun2proxy.rs | 20 ++++++++++---------- src/virtdevice.rs | 1 + 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/src/socks.rs b/src/socks.rs index 3c71e2a..ec4bf39 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -194,6 +194,13 @@ impl SocksProxyImpl { self.state_change() } + fn send_request_socks5(&mut self) -> Result<(), Error> { + protocol::Request::new(protocol::Command::Connect, self.info.dst.clone()) + .write_to_stream(&mut self.server_outbuf)?; + self.state = SocksState::ReceiveResponse; + self.state_change() + } + fn receive_connection_status(&mut self) -> Result<(), Error> { let response = protocol::Response::retrieve_from_stream(&mut self.server_inbuf.clone()); if let Err(e) = &response { @@ -217,14 +224,6 @@ impl SocksProxyImpl { self.state_change() } - fn send_request_socks5(&mut self) -> Result<(), Error> { - // self.server_outbuf.extend(&[self.version as u8, self.command as u8, 0]); - protocol::Request::new(protocol::Command::Connect, self.info.dst.clone()) - .write_to_stream(&mut self.server_outbuf)?; - self.state = SocksState::ReceiveResponse; - self.state_change() - } - fn relay_traffic(&mut self) -> Result<(), Error> { self.client_outbuf.extend(self.server_inbuf.iter()); self.server_outbuf.extend(self.client_inbuf.iter()); diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 1bb0170..8be7f06 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -12,7 +12,7 @@ use std::{ collections::{HashMap, HashSet}, convert::{From, TryFrom}, io::{Read, Write}, - net::{IpAddr, Ipv4Addr, Ipv6Addr, Shutdown, Shutdown::Both, SocketAddr}, + net::{IpAddr, Ipv4Addr, Ipv6Addr, Shutdown, SocketAddr}, os::unix::io::AsRawFd, rc::Rc, str::FromStr, @@ -278,6 +278,7 @@ impl<'a> TunToProxy<'a> { self.connection_managers.push(manager); } + /// Read data from virtual device (remote server) and inject it into tun interface. fn expect_smoltcp_send(&mut self) -> Result<(), Error> { self.iface.poll(Instant::now(), &mut self.device, &mut self.sockets); @@ -297,7 +298,7 @@ impl<'a> TunToProxy<'a> { fn remove_connection(&mut self, info: &ConnectionInfo) -> Result<(), Error> { if let Some(mut conn) = self.connection_map.remove(info) { - _ = conn.mio_stream.shutdown(Both); + _ = conn.mio_stream.shutdown(Shutdown::Both); if let Some(handle) = conn.smoltcp_handle { let socket = self.sockets.get_mut::(handle); socket.close(); @@ -322,11 +323,10 @@ impl<'a> TunToProxy<'a> { } fn check_change_close_state(&mut self, info: &ConnectionInfo) -> Result<(), Error> { - let state = self.connection_map.get_mut(info); - if state.is_none() { - return Ok(()); - } - let state = state.unwrap(); + let state = match self.connection_map.get_mut(info) { + None => return Ok(()), + Some(state) => state, + }; let mut closed_ends = 0; if (state.close_state & SERVER_WRITE_CLOSED) == SERVER_WRITE_CLOSED && !state @@ -492,7 +492,7 @@ impl<'a> TunToProxy<'a> { log::trace!("Subsequent packet {} ({})", connection_info, dst); } - // Inject the packet to advance the smoltcp socket state + // Inject the packet to advance the remote proxy server smoltcp socket state self.device.inject_packet(frame); // Having advanced the socket state, we expect the socket to ACK @@ -509,8 +509,8 @@ impl<'a> TunToProxy<'a> { } else if connection_info.protocol == IpProtocol::Udp { log::trace!("{} ({})", connection_info, dst); let port = connection_info.dst.port(); + let payload = &frame[payload_offset..payload_offset + payload_size]; if let (Some(virtual_dns), true) = (&mut self.options.virtual_dns, port == 53) { - let payload = &frame[payload_offset..payload_offset + payload_size]; let response = virtual_dns.receive_query(payload)?; { let rx_buffer = udp::PacketBuffer::new(vec![udp::PacketMetadata::EMPTY], vec![0; 4096]); @@ -680,7 +680,7 @@ impl<'a> TunToProxy<'a> { if state.tcp_proxy_handler.reset_connection() { _ = self.poll.registry().deregister(&mut state.mio_stream); // Closes the connection with the proxy - state.mio_stream.shutdown(Both)?; + state.mio_stream.shutdown(Shutdown::Both)?; log::info!("RESET {}", conn_info); diff --git a/src/virtdevice.rs b/src/virtdevice.rs index fc862d9..721466c 100644 --- a/src/virtdevice.rs +++ b/src/virtdevice.rs @@ -3,6 +3,7 @@ use smoltcp::{ time::Instant, }; +/// Virtual device representing the remote proxy server. #[derive(Default)] pub struct VirtualTunDevice { capabilities: DeviceCapabilities, From 507def8f294236a1019f0e14e27cf3a7ae720a80 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Thu, 10 Aug 2023 11:18:15 +0800 Subject: [PATCH 058/401] create_new_tcp_proxy_connection --- src/tun2proxy.rs | 64 ++++++++++++++++++++++++++++++------------------ 1 file changed, 40 insertions(+), 24 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 8be7f06..e33f43b 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -452,31 +452,12 @@ impl<'a> TunToProxy<'a> { continue; } let tcp_proxy_handler = tcp_proxy_handler?; - let mut socket = tcp::Socket::new( - tcp::SocketBuffer::new(vec![0; 1024 * 128]), - tcp::SocketBuffer::new(vec![0; 1024 * 128]), - ); - socket.set_ack_delay(None); - socket.listen(dst)?; - let handle = self.sockets.add(socket); - - let mut client = TcpStream::connect(server_addr)?; - let token = self.new_token(); - let i = Interest::READABLE; - self.poll.registry().register(&mut client, token, i)?; - - let state = TcpConnectState { - smoltcp_handle: Some(handle), - mio_stream: client, - token, + self.create_new_tcp_proxy_connection( + server_addr, + dst, tcp_proxy_handler, - close_state: 0, - wait_read: true, - wait_write: false, - }; - self.connection_map.insert(connection_info.clone(), state); - - self.token_to_info.insert(token, connection_info.clone()); + connection_info.clone(), + )?; log::info!("Connect done {} ({})", connection_info, dst); done = true; @@ -536,6 +517,41 @@ impl<'a> TunToProxy<'a> { Ok(()) } + fn create_new_tcp_proxy_connection( + &mut self, + server_addr: SocketAddr, + dst: SocketAddr, + tcp_proxy_handler: Box, + connection_info: ConnectionInfo, + ) -> Result<()> { + let mut socket = tcp::Socket::new( + tcp::SocketBuffer::new(vec![0; 1024 * 128]), + tcp::SocketBuffer::new(vec![0; 1024 * 128]), + ); + socket.set_ack_delay(None); + socket.listen(dst)?; + let handle = self.sockets.add(socket); + + let mut client = TcpStream::connect(server_addr)?; + let token = self.new_token(); + let i = Interest::READABLE; + self.poll.registry().register(&mut client, token, i)?; + + let state = TcpConnectState { + smoltcp_handle: Some(handle), + mio_stream: client, + token, + tcp_proxy_handler, + close_state: 0, + wait_read: true, + wait_write: false, + }; + self.connection_map.insert(connection_info.clone(), state); + + self.token_to_info.insert(token, connection_info.clone()); + Ok(()) + } + fn write_to_server(&mut self, info: &ConnectionInfo) -> Result<(), Error> { if let Some(state) = self.connection_map.get_mut(info) { let event = state.tcp_proxy_handler.peek_data(OutgoingDirection::ToServer); From 94835c41a4f45583a631b1e21f376ca89794838f Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Thu, 10 Aug 2023 12:57:35 +0800 Subject: [PATCH 059/401] UDP Associate --- src/http.rs | 2 +- src/socks.rs | 26 ++++++++++++++++++++------ src/tun2proxy.rs | 12 +++++++++--- 3 files changed, 30 insertions(+), 10 deletions(-) diff --git a/src/http.rs b/src/http.rs index b7ddfce..d3ca650 100644 --- a/src/http.rs +++ b/src/http.rs @@ -391,7 +391,7 @@ impl ConnectionManager for HttpManager { info.protocol == IpProtocol::Tcp } - fn new_tcp_proxy(&self, info: &ConnectionInfo) -> Result, Error> { + fn new_tcp_proxy(&self, info: &ConnectionInfo, _: bool) -> Result, Error> { if info.protocol != IpProtocol::Tcp { return Err("Invalid protocol".into()); } diff --git a/src/socks.rs b/src/socks.rs index ec4bf39..4d01125 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -1,5 +1,5 @@ use crate::{ - error::Error, + error::{Error, Result}, tun2proxy::{ ConnectionInfo, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, OutgoingDataEvent, OutgoingDirection, TcpProxy, @@ -7,7 +7,7 @@ use crate::{ }; use smoltcp::wire::IpProtocol; use socks5_impl::protocol::{self, handshake, password_method, Address, AuthMethod, StreamOperation, UserKey, Version}; -use std::{collections::VecDeque, net::SocketAddr}; +use std::{collections::VecDeque, convert::TryFrom, net::SocketAddr}; #[derive(Eq, PartialEq, Debug)] #[allow(dead_code)] @@ -31,10 +31,17 @@ struct SocksProxyImpl { data_buf: VecDeque, version: Version, credentials: Option, + command: protocol::Command, + udp_associate: Option, } impl SocksProxyImpl { - fn new(info: &ConnectionInfo, credentials: Option, version: Version) -> Result { + fn new( + info: &ConnectionInfo, + credentials: Option, + version: Version, + command: protocol::Command, + ) -> Result { let mut result = Self { info: info.clone(), state: SocksState::ServerHello, @@ -45,6 +52,8 @@ impl SocksProxyImpl { data_buf: VecDeque::default(), version, credentials, + command, + udp_associate: None, }; result.send_client_hello()?; Ok(result) @@ -195,8 +204,7 @@ impl SocksProxyImpl { } fn send_request_socks5(&mut self) -> Result<(), Error> { - protocol::Request::new(protocol::Command::Connect, self.info.dst.clone()) - .write_to_stream(&mut self.server_outbuf)?; + protocol::Request::new(self.command, self.info.dst.clone()).write_to_stream(&mut self.server_outbuf)?; self.state = SocksState::ReceiveResponse; self.state_change() } @@ -216,6 +224,9 @@ impl SocksProxyImpl { if response.reply != protocol::Reply::Succeeded { return Err(format!("SOCKS connection failed: {}", response.reply).into()); } + if self.command == protocol::Command::UdpAssociate { + self.udp_associate = Some(SocketAddr::try_from(response.address)?); + } self.server_outbuf.append(&mut self.data_buf); self.data_buf.clear(); @@ -325,14 +336,17 @@ impl ConnectionManager for SocksProxyManager { info.protocol == IpProtocol::Tcp } - fn new_tcp_proxy(&self, info: &ConnectionInfo) -> Result, Error> { + fn new_tcp_proxy(&self, info: &ConnectionInfo, udp_associate: bool) -> Result> { if info.protocol != IpProtocol::Tcp { return Err("Invalid protocol".into()); } + use socks5_impl::protocol::Command::{Connect, UdpAssociate}; + let command = if udp_associate { UdpAssociate } else { Connect }; Ok(Box::new(SocksProxyImpl::new( info, self.credentials.clone(), self.version, + command, )?)) } diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index e33f43b..0cabacf 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -193,7 +193,7 @@ pub(crate) trait UdpProxy { pub(crate) trait ConnectionManager { fn handles_connection(&self, info: &ConnectionInfo) -> bool; - fn new_tcp_proxy(&self, info: &ConnectionInfo) -> Result, Error>; + fn new_tcp_proxy(&self, info: &ConnectionInfo, udp_associate: bool) -> Result, Error>; fn close_connection(&self, info: &ConnectionInfo); fn get_server_addr(&self) -> SocketAddr; fn get_credentials(&self) -> &Option; @@ -447,7 +447,7 @@ impl<'a> TunToProxy<'a> { if first_packet { let mut done = false; for manager in self.connection_managers.iter_mut() { - let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info); + let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info, false); if tcp_proxy_handler.is_err() { continue; } @@ -504,8 +504,14 @@ impl<'a> TunToProxy<'a> { self.expect_smoltcp_send()?; self.sockets.remove(handle); } + } else { + // Another UDP packet + let cm = self.get_connection_manager(&connection_info); + if cm.is_none() { + return Ok(()); + } + // TODO: Handle UDP packets } - // Otherwise, UDP is not yet supported. } else { log::warn!("Unsupported protocol: {} ({})", connection_info, dst); } From 489d5fec001baee6d5fc29fab403cb00aa8d7988 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Thu, 10 Aug 2023 14:17:07 +0800 Subject: [PATCH 060/401] ConnectionInfo --- src/http.rs | 16 ++++++++++------ src/socks.rs | 4 ++++ src/tun2proxy.rs | 22 +++++++++++----------- 3 files changed, 25 insertions(+), 17 deletions(-) diff --git a/src/http.rs b/src/http.rs index d3ca650..05f72d4 100644 --- a/src/http.rs +++ b/src/http.rs @@ -8,7 +8,7 @@ use crate::{ use base64::Engine; use httparse::Response; use smoltcp::wire::IpProtocol; -use socks5_impl::protocol::{Address, UserKey}; +use socks5_impl::protocol::UserKey; use std::{ cell::RefCell, collections::{hash_map::RandomState, HashMap, VecDeque}, @@ -52,7 +52,7 @@ pub struct HttpConnection { digest_state: Rc>>, before: bool, credentials: Option, - destination: Address, + info: ConnectionInfo, } static PROXY_AUTHENTICATE: &str = "Proxy-Authenticate"; @@ -80,7 +80,7 @@ impl HttpConnection { digest_state, before: false, credentials, - destination: info.dst.clone(), + info: info.clone(), }; res.send_tunnel_request()?; @@ -89,9 +89,9 @@ impl HttpConnection { fn send_tunnel_request(&mut self) -> Result<(), Error> { self.server_outbuf.extend(b"CONNECT "); - self.server_outbuf.extend(self.destination.to_string().as_bytes()); + self.server_outbuf.extend(self.info.dst.to_string().as_bytes()); self.server_outbuf.extend(b" HTTP/1.1\r\nHost: "); - self.server_outbuf.extend(self.destination.to_string().as_bytes()); + self.server_outbuf.extend(self.info.dst.to_string().as_bytes()); self.server_outbuf.extend(b"\r\n"); self.send_auth_data(if self.digest_state.borrow().is_none() { @@ -111,7 +111,7 @@ impl HttpConnection { match scheme { AuthenticationScheme::Digest => { - let uri = self.destination.to_string(); + let uri = self.info.dst.to_string(); let context = digest_auth::AuthContext::new_with_method( &credentials.username, @@ -318,6 +318,10 @@ impl HttpConnection { } impl TcpProxy for HttpConnection { + fn get_connection_info(&self) -> &ConnectionInfo { + &self.info + } + fn push_data(&mut self, event: IncomingDataEvent<'_>) -> Result<(), Error> { let direction = event.direction; let buffer = event.buffer; diff --git a/src/socks.rs b/src/socks.rs index 4d01125..02b893d 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -263,6 +263,10 @@ impl SocksProxyImpl { } impl TcpProxy for SocksProxyImpl { + fn get_connection_info(&self) -> &ConnectionInfo { + &self.info + } + fn push_data(&mut self, event: IncomingDataEvent<'_>) -> Result<(), Error> { let direction = event.direction; let buffer = event.buffer; diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 0cabacf..33743b5 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -18,7 +18,7 @@ use std::{ str::FromStr, }; -#[derive(Hash, Clone, Eq, PartialEq, Debug)] +#[derive(Hash, Clone, Eq, PartialEq, PartialOrd, Ord, Debug)] pub(crate) struct ConnectionInfo { pub(crate) src: SocketAddr, pub(crate) dst: Address, @@ -36,7 +36,6 @@ impl Default for ConnectionInfo { } impl ConnectionInfo { - #[allow(dead_code)] pub fn new(src: SocketAddr, dst: Address, protocol: IpProtocol) -> Self { Self { src, dst, protocol } } @@ -133,11 +132,11 @@ fn connection_tuple(frame: &[u8]) -> Result<(ConnectionInfo, bool, usize, usize) let (ports, first_packet, payload_offset, payload_size) = get_transport_info(protocol, header_len, &frame[header_len..])?; - let info = ConnectionInfo { - src: SocketAddr::new(src_addr, ports.0), - dst: SocketAddr::new(dst_addr, ports.1).into(), + let info = ConnectionInfo::new( + SocketAddr::new(src_addr, ports.0), + SocketAddr::new(dst_addr, ports.1).into(), protocol, - }; + ); return Ok((info, first_packet, payload_offset, payload_size)); } @@ -154,11 +153,11 @@ fn connection_tuple(frame: &[u8]) -> Result<(ConnectionInfo, bool, usize, usize) let (ports, first_packet, payload_offset, payload_size) = get_transport_info(protocol, header_len, &frame[header_len..])?; - let info = ConnectionInfo { - src: SocketAddr::new(src_addr, ports.0), - dst: SocketAddr::new(dst_addr, ports.1).into(), + let info = ConnectionInfo::new( + SocketAddr::new(src_addr, ports.0), + SocketAddr::new(dst_addr, ports.1).into(), protocol, - }; + ); return Ok((info, first_packet, payload_offset, payload_size)); } Err("Neither IPv6 nor IPv4 packet".into()) @@ -178,6 +177,7 @@ struct TcpConnectState { } pub(crate) trait TcpProxy { + fn get_connection_info(&self) -> &ConnectionInfo; fn push_data(&mut self, event: IncomingDataEvent<'_>) -> Result<(), Error>; fn consume_data(&mut self, dir: OutgoingDirection, size: usize); fn peek_data(&mut self, dir: OutgoingDirection) -> OutgoingDataEvent; @@ -193,7 +193,7 @@ pub(crate) trait UdpProxy { pub(crate) trait ConnectionManager { fn handles_connection(&self, info: &ConnectionInfo) -> bool; - fn new_tcp_proxy(&self, info: &ConnectionInfo, udp_associate: bool) -> Result, Error>; + fn new_tcp_proxy(&self, info: &ConnectionInfo, udp_associate: bool) -> Result>; fn close_connection(&self, info: &ConnectionInfo); fn get_server_addr(&self) -> SocketAddr; fn get_credentials(&self) -> &Option; From 57851f029e0bbdf3dae89fc02ac175d7120b4ea1 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Fri, 11 Aug 2023 01:13:22 +0800 Subject: [PATCH 061/401] token_to_info removed --- src/tun2proxy.rs | 54 ++++++++++++++++++++++++++++-------------------- 1 file changed, 32 insertions(+), 22 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 33743b5..e54e7cd 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -209,7 +209,6 @@ pub struct TunToProxy<'a> { connection_map: HashMap, connection_managers: Vec>, next_token: usize, - token_to_info: HashMap, sockets: SocketSet<'a>, device: VirtualTunDevice, options: Options, @@ -256,7 +255,6 @@ impl<'a> TunToProxy<'a> { iface, connection_map: HashMap::default(), next_token: usize::from(EXIT_TOKEN) + 1, - token_to_info: HashMap::default(), connection_managers: Vec::default(), sockets: SocketSet::new([]), device, @@ -296,18 +294,27 @@ impl<'a> TunToProxy<'a> { Ok(()) } + fn find_info_by_token(&self, token: Token) -> Option<&ConnectionInfo> { + self.connection_map + .iter() + .find_map(|(info, state)| if state.token == token { Some(info) } else { None }) + } + + /// Destroy connection state machine fn remove_connection(&mut self, info: &ConnectionInfo) -> Result<(), Error> { - if let Some(mut conn) = self.connection_map.remove(info) { - _ = conn.mio_stream.shutdown(Shutdown::Both); - if let Some(handle) = conn.smoltcp_handle { + if let Some(mut state) = self.connection_map.remove(info) { + _ = state.mio_stream.shutdown(Shutdown::Both); + if let Some(handle) = state.smoltcp_handle { let socket = self.sockets.get_mut::(handle); socket.close(); self.sockets.remove(handle); } + + // FIXME: Does this line should be moved up to the beginning of this function? self.expect_smoltcp_send()?; - let token = &conn.token; - self.token_to_info.remove(token); - _ = self.poll.registry().deregister(&mut conn.mio_stream); + + _ = self.poll.registry().deregister(&mut state.mio_stream); + log::info!("Close {}", info); } Ok(()) @@ -322,10 +329,11 @@ impl<'a> TunToProxy<'a> { None } + /// Scan connection state machine and check if any connection should be closed. fn check_change_close_state(&mut self, info: &ConnectionInfo) -> Result<(), Error> { let state = match self.connection_map.get_mut(info) { - None => return Ok(()), Some(state) => state, + None => return Ok(()), }; let mut closed_ends = 0; if (state.close_state & SERVER_WRITE_CLOSED) == SERVER_WRITE_CLOSED @@ -336,8 +344,9 @@ impl<'a> TunToProxy<'a> { .tcp_proxy_handler .have_data(Direction::Outgoing(OutgoingDirection::ToClient)) { - if let Some(socket_handle) = state.smoltcp_handle { - let socket = self.sockets.get_mut::(socket_handle); + if let Some(handle) = state.smoltcp_handle { + // Close tun interface + let socket = self.sockets.get_mut::(handle); socket.close(); } closed_ends += 1; @@ -351,17 +360,20 @@ impl<'a> TunToProxy<'a> { .tcp_proxy_handler .have_data(Direction::Outgoing(OutgoingDirection::ToServer)) { + // Close remote server _ = state.mio_stream.shutdown(Shutdown::Write); closed_ends += 1; } if closed_ends == 2 { + // Close connection state machine self.remove_connection(info)?; } Ok(()) } fn tunsocket_read_and_forward(&mut self, info: &ConnectionInfo) -> Result<(), Error> { + // 1. Read data from tun and write to proxy handler (remote server). // Scope for mutable borrow of self. { let state = match self.connection_map.get_mut(info) { @@ -393,10 +405,10 @@ impl<'a> TunToProxy<'a> { // need to send data. state.close_state |= CLIENT_WRITE_CLOSED; } - - // Expect ACKs etc. from smoltcp sockets. - self.expect_smoltcp_send()?; } + // 2. Write data from proxy handler (remote server) to tun. + // Expect ACKs etc. from smoltcp sockets. + self.expect_smoltcp_send()?; self.check_change_close_state(info)?; @@ -554,7 +566,6 @@ impl<'a> TunToProxy<'a> { }; self.connection_map.insert(connection_info.clone(), state); - self.token_to_info.insert(token, connection_info.clone()); Ok(()) } @@ -593,7 +604,7 @@ impl<'a> TunToProxy<'a> { fn write_to_client(&mut self, token: Token, info: &ConnectionInfo) -> Result<(), Error> { while let Some(state) = self.connection_map.get_mut(info) { - let socket_handle = match state.smoltcp_handle { + let handle = match state.smoltcp_handle { Some(handle) => handle, None => break, }; @@ -601,7 +612,7 @@ impl<'a> TunToProxy<'a> { let buflen = event.buffer.len(); let consumed; { - let socket = self.sockets.get_mut::(socket_handle); + let socket = self.sockets.get_mut::(handle); if socket.may_send() { if let Some(virtual_dns) = &mut self.options.virtual_dns { // Unwrapping is fine because every smoltcp socket is bound to an. @@ -641,11 +652,10 @@ impl<'a> TunToProxy<'a> { } fn send_to_smoltcp(&mut self) -> Result<(), Error> { - let cloned = self.write_sockets.clone(); - for token in cloned.iter() { - if let Some(connection) = self.token_to_info.get(token) { + for token in self.write_sockets.clone().into_iter() { + if let Some(connection) = self.find_info_by_token(token) { let connection = connection.clone(); - if let Err(error) = self.write_to_client(*token, &connection) { + if let Err(error) = self.write_to_client(token, &connection) { self.remove_connection(&connection)?; log::error!("Write to client: {}: ", error); } @@ -656,7 +666,7 @@ impl<'a> TunToProxy<'a> { fn mio_socket_event(&mut self, event: &Event) -> Result<(), Error> { let e = "connection not found"; - let conn_info = match self.token_to_info.get(&event.token()) { + let conn_info = match self.find_info_by_token(event.token()) { Some(conn_info) => conn_info.clone(), None => { // We may have closed the connection in an earlier iteration over the poll events, From d00a18c8650bda19de400bc730a14c5c98b72ea8 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Fri, 11 Aug 2023 15:06:21 +0800 Subject: [PATCH 062/401] create_new_tcp_connection_state --- src/tun2proxy.rs | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index e54e7cd..4bdf1a8 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -464,12 +464,8 @@ impl<'a> TunToProxy<'a> { continue; } let tcp_proxy_handler = tcp_proxy_handler?; - self.create_new_tcp_proxy_connection( - server_addr, - dst, - tcp_proxy_handler, - connection_info.clone(), - )?; + let state = self.create_new_tcp_connection_state(server_addr, dst, tcp_proxy_handler)?; + self.connection_map.insert(connection_info.clone(), state); log::info!("Connect done {} ({})", connection_info, dst); done = true; @@ -518,10 +514,16 @@ impl<'a> TunToProxy<'a> { } } else { // Another UDP packet - let cm = self.get_connection_manager(&connection_info); - if cm.is_none() { + let manager = self.get_connection_manager(&connection_info); + if manager.is_none() { return Ok(()); } + let manager = manager.ok_or("")?; + let server_addr = manager.get_server_addr(); + let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info, true)?; + let state = self.create_new_tcp_connection_state(server_addr, dst, tcp_proxy_handler)?; + self.connection_map.insert(connection_info.clone(), state); + // TODO: Handle UDP packets } } else { @@ -535,13 +537,12 @@ impl<'a> TunToProxy<'a> { Ok(()) } - fn create_new_tcp_proxy_connection( + fn create_new_tcp_connection_state( &mut self, server_addr: SocketAddr, dst: SocketAddr, tcp_proxy_handler: Box, - connection_info: ConnectionInfo, - ) -> Result<()> { + ) -> Result { let mut socket = tcp::Socket::new( tcp::SocketBuffer::new(vec![0; 1024 * 128]), tcp::SocketBuffer::new(vec![0; 1024 * 128]), @@ -564,9 +565,7 @@ impl<'a> TunToProxy<'a> { wait_read: true, wait_write: false, }; - self.connection_map.insert(connection_info.clone(), state); - - Ok(()) + Ok(state) } fn write_to_server(&mut self, info: &ConnectionInfo) -> Result<(), Error> { From 46ca342aba1a5ba285645a289916a5479f4102f1 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Fri, 11 Aug 2023 15:33:04 +0800 Subject: [PATCH 063/401] connection_managers renamed to connection_manager --- src/http.rs | 4 ---- src/lib.rs | 2 +- src/socks.rs | 8 ------- src/tun2proxy.rs | 62 +++++++++++++++--------------------------------- 4 files changed, 20 insertions(+), 56 deletions(-) diff --git a/src/http.rs b/src/http.rs index 05f72d4..880e3da 100644 --- a/src/http.rs +++ b/src/http.rs @@ -391,10 +391,6 @@ pub(crate) struct HttpManager { } impl ConnectionManager for HttpManager { - fn handles_connection(&self, info: &ConnectionInfo) -> bool { - info.protocol == IpProtocol::Tcp - } - fn new_tcp_proxy(&self, info: &ConnectionInfo, _: bool) -> Result, Error> { if info.protocol != IpProtocol::Tcp { return Err("Invalid protocol".into()); diff --git a/src/lib.rs b/src/lib.rs index 01ea7ba..bdbf7a0 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -130,7 +130,7 @@ pub fn tun_to_proxy<'a>( ProxyType::Socks5 => Rc::new(SocksProxyManager::new(server, Version::V5, credentials)) as Rc, ProxyType::Http => Rc::new(HttpManager::new(server, credentials)) as Rc, }; - ttp.add_connection_manager(mgr); + ttp.set_connection_manager(Some(mgr)); Ok(ttp) } diff --git a/src/socks.rs b/src/socks.rs index 02b893d..7847025 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -5,7 +5,6 @@ use crate::{ OutgoingDirection, TcpProxy, }, }; -use smoltcp::wire::IpProtocol; use socks5_impl::protocol::{self, handshake, password_method, Address, AuthMethod, StreamOperation, UserKey, Version}; use std::{collections::VecDeque, convert::TryFrom, net::SocketAddr}; @@ -336,14 +335,7 @@ pub(crate) struct SocksProxyManager { } impl ConnectionManager for SocksProxyManager { - fn handles_connection(&self, info: &ConnectionInfo) -> bool { - info.protocol == IpProtocol::Tcp - } - fn new_tcp_proxy(&self, info: &ConnectionInfo, udp_associate: bool) -> Result> { - if info.protocol != IpProtocol::Tcp { - return Err("Invalid protocol".into()); - } use socks5_impl::protocol::Command::{Connect, UdpAssociate}; let command = if udp_associate { UdpAssociate } else { Connect }; Ok(Box::new(SocksProxyImpl::new( diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 4bdf1a8..83b57c3 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -192,7 +192,6 @@ pub(crate) trait UdpProxy { } pub(crate) trait ConnectionManager { - fn handles_connection(&self, info: &ConnectionInfo) -> bool; fn new_tcp_proxy(&self, info: &ConnectionInfo, udp_associate: bool) -> Result>; fn close_connection(&self, info: &ConnectionInfo); fn get_server_addr(&self) -> SocketAddr; @@ -207,7 +206,7 @@ pub struct TunToProxy<'a> { poll: Poll, iface: Interface, connection_map: HashMap, - connection_managers: Vec>, + connection_manager: Option>, next_token: usize, sockets: SocketSet<'a>, device: VirtualTunDevice, @@ -255,7 +254,7 @@ impl<'a> TunToProxy<'a> { iface, connection_map: HashMap::default(), next_token: usize::from(EXIT_TOKEN) + 1, - connection_managers: Vec::default(), + connection_manager: None, sockets: SocketSet::new([]), device, options, @@ -272,8 +271,8 @@ impl<'a> TunToProxy<'a> { token } - pub(crate) fn add_connection_manager(&mut self, manager: Rc) { - self.connection_managers.push(manager); + pub(crate) fn set_connection_manager(&mut self, manager: Option>) { + self.connection_manager = manager; } /// Read data from virtual device (remote server) and inject it into tun interface. @@ -320,13 +319,8 @@ impl<'a> TunToProxy<'a> { Ok(()) } - fn get_connection_manager(&self, info: &ConnectionInfo) -> Option> { - for manager in self.connection_managers.iter() { - if manager.handles_connection(info) { - return Some(manager.clone()); - } - } - None + fn get_connection_manager(&self) -> Option> { + self.connection_manager.clone() } /// Scan connection state machine and check if any connection should be closed. @@ -451,29 +445,17 @@ impl<'a> TunToProxy<'a> { } } }; - if connection_info.protocol == IpProtocol::Tcp { - let server_addr = self - .get_connection_manager(&connection_info) - .ok_or("get_connection_manager")? - .get_server_addr(); - if first_packet { - let mut done = false; - for manager in self.connection_managers.iter_mut() { - let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info, false); - if tcp_proxy_handler.is_err() { - continue; - } - let tcp_proxy_handler = tcp_proxy_handler?; - let state = self.create_new_tcp_connection_state(server_addr, dst, tcp_proxy_handler)?; - self.connection_map.insert(connection_info.clone(), state); - log::info!("Connect done {} ({})", connection_info, dst); - done = true; - break; - } - if !done { - log::debug!("No connection manager for {} ({})", connection_info, dst); - } + let manager = self.get_connection_manager().ok_or("get connection manager")?; + let server_addr = manager.get_server_addr(); + + if connection_info.protocol == IpProtocol::Tcp { + if first_packet { + let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info, false)?; + let state = self.create_new_tcp_connection_state(server_addr, dst, tcp_proxy_handler)?; + self.connection_map.insert(connection_info.clone(), state); + + log::info!("Connect done {} ({})", connection_info, dst); } else if !self.connection_map.contains_key(&connection_info) { log::debug!("Not found {} ({})", connection_info, dst); return Ok(()); @@ -514,12 +496,6 @@ impl<'a> TunToProxy<'a> { } } else { // Another UDP packet - let manager = self.get_connection_manager(&connection_info); - if manager.is_none() { - return Ok(()); - } - let manager = manager.ok_or("")?; - let server_addr = manager.get_server_addr(); let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info, true)?; let state = self.create_new_tcp_connection_state(server_addr, dst, tcp_proxy_handler)?; self.connection_map.insert(connection_info.clone(), state); @@ -664,19 +640,19 @@ impl<'a> TunToProxy<'a> { } fn mio_socket_event(&mut self, event: &Event) -> Result<(), Error> { - let e = "connection not found"; let conn_info = match self.find_info_by_token(event.token()) { Some(conn_info) => conn_info.clone(), None => { // We may have closed the connection in an earlier iteration over the poll events, // e.g. because an event through the tunnel interface indicated that the connection // should be closed. - log::trace!("{e}"); + log::trace!("Connection info not found"); return Ok(()); } }; - let server = self.get_connection_manager(&conn_info).ok_or(e)?.get_server_addr(); + let e = "connection manager not found"; + let server = self.get_connection_manager().ok_or(e)?.get_server_addr(); let mut block = || -> Result<(), Error> { if event.is_readable() || event.is_read_closed() { From da87fa8d5a606649f467d05635cff1497e2985e8 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Fri, 11 Aug 2023 19:18:18 +0800 Subject: [PATCH 064/401] UDP associate --- src/http.rs | 4 ++++ src/socks.rs | 8 +++++++- src/tun2proxy.rs | 28 +++++++++++++++++++++++----- 3 files changed, 34 insertions(+), 6 deletions(-) diff --git a/src/http.rs b/src/http.rs index 880e3da..cdbeca2 100644 --- a/src/http.rs +++ b/src/http.rs @@ -382,6 +382,10 @@ impl TcpProxy for HttpConnection { fn reset_connection(&self) -> bool { self.state == HttpState::Reset } + + fn get_udp_associate(&self) -> Option { + None + } } pub(crate) struct HttpManager { diff --git a/src/socks.rs b/src/socks.rs index 7847025..a1af57c 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -224,7 +224,9 @@ impl SocksProxyImpl { return Err(format!("SOCKS connection failed: {}", response.reply).into()); } if self.command == protocol::Command::UdpAssociate { - self.udp_associate = Some(SocketAddr::try_from(response.address)?); + self.udp_associate = Some(SocketAddr::try_from(&response.address)?); + assert!(self.data_buf.is_empty()); + log::debug!("UDP associate: {}", response.address); } self.server_outbuf.append(&mut self.data_buf); @@ -326,6 +328,10 @@ impl TcpProxy for SocksProxyImpl { fn reset_connection(&self) -> bool { false } + + fn get_udp_associate(&self) -> Option { + self.udp_associate + } } pub(crate) struct SocksProxyManager { diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 83b57c3..687392c 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -7,7 +7,7 @@ use smoltcp::{ time::Instant, wire::{IpCidr, IpProtocol, Ipv4Packet, Ipv6Packet, TcpPacket, UdpPacket, UDP_HEADER_LEN}, }; -use socks5_impl::protocol::{Address, UserKey}; +use socks5_impl::protocol::{Address, StreamOperation, UdpHeader, UserKey}; use std::{ collections::{HashMap, HashSet}, convert::{From, TryFrom}, @@ -184,6 +184,7 @@ pub(crate) trait TcpProxy { fn connection_established(&self) -> bool; fn have_data(&mut self, dir: Direction) -> bool; fn reset_connection(&self) -> bool; + fn get_udp_associate(&self) -> Option; } pub(crate) trait UdpProxy { @@ -496,11 +497,28 @@ impl<'a> TunToProxy<'a> { } } else { // Another UDP packet - let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info, true)?; - let state = self.create_new_tcp_connection_state(server_addr, dst, tcp_proxy_handler)?; - self.connection_map.insert(connection_info.clone(), state); + if !self.connection_map.contains_key(&connection_info) { + log::trace!("New UDP connection {} ({})", connection_info, dst); + let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info, true)?; + let state = self.create_new_tcp_connection_state(server_addr, dst, tcp_proxy_handler)?; + self.connection_map.insert(connection_info.clone(), state); + } - // TODO: Handle UDP packets + self.expect_smoltcp_send()?; + self.tunsocket_read_and_forward(&connection_info)?; + self.write_to_server(&connection_info)?; + + let mut s5_udp_data = Vec::::new(); + UdpHeader::new(0, connection_info.dst.clone()).write_to_stream(&mut s5_udp_data)?; + s5_udp_data.extend_from_slice(payload); + + let state = self.connection_map.get(&connection_info).ok_or("udp associate state")?; + if let Some(udp_associate) = state.tcp_proxy_handler.get_udp_associate() { + log::debug!("UDP associate address: {}", udp_associate); + // Send packets via UDP associate... + } else { + // UDP associate tunnel not ready yet, we must cache the packet... + } } } else { log::warn!("Unsupported protocol: {} ({})", connection_info, dst); From 30420059cc737884a4aa34b9a7bd1fa05ba5a698 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Fri, 11 Aug 2023 22:54:20 +0800 Subject: [PATCH 065/401] send_udp_packet --- src/socks.rs | 16 ++++++---------- src/tun2proxy.rs | 25 ++++++++++++++----------- 2 files changed, 20 insertions(+), 21 deletions(-) diff --git a/src/socks.rs b/src/socks.rs index a1af57c..3e4a7a9 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -158,11 +158,11 @@ impl SocksProxyImpl { return Err("SOCKS5 server requires an unsupported authentication method.".into()); } - if auth_method == AuthMethod::UserPass { - self.state = SocksState::SendAuthData; + self.state = if auth_method == AuthMethod::UserPass { + SocksState::SendAuthData } else { - self.state = SocksState::SendRequest; - } + SocksState::SendRequest + }; self.state_change() } @@ -344,12 +344,8 @@ impl ConnectionManager for SocksProxyManager { fn new_tcp_proxy(&self, info: &ConnectionInfo, udp_associate: bool) -> Result> { use socks5_impl::protocol::Command::{Connect, UdpAssociate}; let command = if udp_associate { UdpAssociate } else { Connect }; - Ok(Box::new(SocksProxyImpl::new( - info, - self.credentials.clone(), - self.version, - command, - )?)) + let credentials = self.credentials.clone(); + Ok(Box::new(SocksProxyImpl::new(info, credentials, self.version, command)?)) } fn close_connection(&self, _: &ConnectionInfo) {} diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 687392c..22e538f 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -484,17 +484,7 @@ impl<'a> TunToProxy<'a> { let payload = &frame[payload_offset..payload_offset + payload_size]; if let (Some(virtual_dns), true) = (&mut self.options.virtual_dns, port == 53) { let response = virtual_dns.receive_query(payload)?; - { - let rx_buffer = udp::PacketBuffer::new(vec![udp::PacketMetadata::EMPTY], vec![0; 4096]); - let tx_buffer = udp::PacketBuffer::new(vec![udp::PacketMetadata::EMPTY], vec![0; 4096]); - let mut socket = udp::Socket::new(rx_buffer, tx_buffer); - socket.bind(dst)?; - let meta = UdpMetadata::from(connection_info.src); - socket.send_slice(response.as_slice(), meta)?; - let handle = self.sockets.add(socket); - self.expect_smoltcp_send()?; - self.sockets.remove(handle); - } + self.send_udp_packet(dst, connection_info.src, response.as_slice())?; } else { // Another UDP packet if !self.connection_map.contains_key(&connection_info) { @@ -516,6 +506,7 @@ impl<'a> TunToProxy<'a> { if let Some(udp_associate) = state.tcp_proxy_handler.get_udp_associate() { log::debug!("UDP associate address: {}", udp_associate); // Send packets via UDP associate... + // self.send_udp_packet(connection_info.src, udp_associate, &s5_udp_data)?; } else { // UDP associate tunnel not ready yet, we must cache the packet... } @@ -562,6 +553,18 @@ impl<'a> TunToProxy<'a> { Ok(state) } + fn send_udp_packet(&mut self, src: SocketAddr, dst: SocketAddr, data: &[u8]) -> Result<()> { + let rx_buffer = udp::PacketBuffer::new(vec![udp::PacketMetadata::EMPTY], vec![0; 4096]); + let tx_buffer = udp::PacketBuffer::new(vec![udp::PacketMetadata::EMPTY], vec![0; 4096]); + let mut socket = udp::Socket::new(rx_buffer, tx_buffer); + socket.bind(src)?; + socket.send_slice(data, UdpMetadata::from(dst))?; + let handle = self.sockets.add(socket); + self.expect_smoltcp_send()?; + self.sockets.remove(handle); + Ok(()) + } + fn write_to_server(&mut self, info: &ConnectionInfo) -> Result<(), Error> { if let Some(state) = self.connection_map.get_mut(info) { let event = state.tcp_proxy_handler.peek_data(OutgoingDirection::ToServer); From 119c9fef994423e63b3c86b199f80fe8d9cb950e Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Wed, 16 Aug 2023 12:18:42 +0800 Subject: [PATCH 066/401] deal with Unsupported protocol --- src/tun2proxy.rs | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 22e538f..ea1078d 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -433,7 +433,12 @@ impl<'a> TunToProxy<'a> { // A raw packet was received on the tunnel interface. fn receive_tun(&mut self, frame: &mut [u8]) -> Result<(), Error> { let mut handler = || -> Result<(), Error> { - let (info, first_packet, payload_offset, payload_size) = connection_tuple(frame)?; + let result = connection_tuple(frame); + if let Err(error) = result { + log::info!("{}, ignored", error); + return Ok(()); + } + let (info, _first_packet, payload_offset, payload_size) = result?; let dst = SocketAddr::try_from(&info.dst)?; let connection_info = match &mut self.options.virtual_dns { None => info.clone(), @@ -451,7 +456,7 @@ impl<'a> TunToProxy<'a> { let server_addr = manager.get_server_addr(); if connection_info.protocol == IpProtocol::Tcp { - if first_packet { + if _first_packet { let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info, false)?; let state = self.create_new_tcp_connection_state(server_addr, dst, tcp_proxy_handler)?; self.connection_map.insert(connection_info.clone(), state); From 334514cfc1cce511f5557c1037cdf6d5fa5b283c Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Fri, 18 Aug 2023 09:40:16 +0800 Subject: [PATCH 067/401] clearup_expired_udp_associate --- src/tun2proxy.rs | 47 ++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 44 insertions(+), 3 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index ea1078d..bf16cb9 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -166,6 +166,8 @@ fn connection_tuple(frame: &[u8]) -> Result<(ConnectionInfo, bool, usize, usize) const SERVER_WRITE_CLOSED: u8 = 1; const CLIENT_WRITE_CLOSED: u8 = 2; +const UDP_ASSO_TIMEOUT: u64 = 5; // seconds + struct TcpConnectState { smoltcp_handle: Option, mio_stream: TcpStream, @@ -174,6 +176,7 @@ struct TcpConnectState { close_state: u8, wait_read: bool, wait_write: bool, + expiry: Option<::std::time::Instant>, } pub(crate) trait TcpProxy { @@ -458,7 +461,7 @@ impl<'a> TunToProxy<'a> { if connection_info.protocol == IpProtocol::Tcp { if _first_packet { let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info, false)?; - let state = self.create_new_tcp_connection_state(server_addr, dst, tcp_proxy_handler)?; + let state = self.create_new_tcp_connection_state(server_addr, dst, tcp_proxy_handler, false)?; self.connection_map.insert(connection_info.clone(), state); log::info!("Connect done {} ({})", connection_info, dst); @@ -495,7 +498,7 @@ impl<'a> TunToProxy<'a> { if !self.connection_map.contains_key(&connection_info) { log::trace!("New UDP connection {} ({})", connection_info, dst); let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info, true)?; - let state = self.create_new_tcp_connection_state(server_addr, dst, tcp_proxy_handler)?; + let state = self.create_new_tcp_connection_state(server_addr, dst, tcp_proxy_handler, true)?; self.connection_map.insert(connection_info.clone(), state); } @@ -507,7 +510,13 @@ impl<'a> TunToProxy<'a> { UdpHeader::new(0, connection_info.dst.clone()).write_to_stream(&mut s5_udp_data)?; s5_udp_data.extend_from_slice(payload); - let state = self.connection_map.get(&connection_info).ok_or("udp associate state")?; + let state = self + .connection_map + .get_mut(&connection_info) + .ok_or("udp associate state")?; + assert!(state.expiry.is_some()); + state.expiry = Some(Self::udp_associate_timeout()); + if let Some(udp_associate) = state.tcp_proxy_handler.get_udp_associate() { log::debug!("UDP associate address: {}", udp_associate); // Send packets via UDP associate... @@ -532,6 +541,7 @@ impl<'a> TunToProxy<'a> { server_addr: SocketAddr, dst: SocketAddr, tcp_proxy_handler: Box, + udp_associate: bool, ) -> Result { let mut socket = tcp::Socket::new( tcp::SocketBuffer::new(vec![0; 1024 * 128]), @@ -546,6 +556,11 @@ impl<'a> TunToProxy<'a> { let i = Interest::READABLE; self.poll.registry().register(&mut client, token, i)?; + let expiry = if udp_associate { + Some(Self::udp_associate_timeout()) + } else { + None + }; let state = TcpConnectState { smoltcp_handle: Some(handle), mio_stream: client, @@ -554,10 +569,35 @@ impl<'a> TunToProxy<'a> { close_state: 0, wait_read: true, wait_write: false, + expiry, }; Ok(state) } + fn udp_associate_timeout() -> ::std::time::Instant { + ::std::time::Instant::now() + ::std::time::Duration::from_secs(UDP_ASSO_TIMEOUT) + } + + fn udp_associate_timeout_expired(&self, info: &ConnectionInfo) -> bool { + if let Some(state) = self.connection_map.get(info) { + if let Some(expiry) = state.expiry { + return expiry < ::std::time::Instant::now(); + } + } + false + } + + fn clearup_expired_udp_associate(&mut self) -> Result<()> { + let keys = self.connection_map.keys().map(|key| key.clone()).collect::>(); + for key in keys { + if self.udp_associate_timeout_expired(&key) { + log::debug!("UDP associate timeout: {}", key); + self.remove_connection(&key)?; + } + } + Ok(()) + } + fn send_udp_packet(&mut self, src: SocketAddr, dst: SocketAddr, data: &[u8]) -> Result<()> { let rx_buffer = udp::PacketBuffer::new(vec![udp::PacketMetadata::EMPTY], vec![0; 4096]); let tx_buffer = udp::PacketBuffer::new(vec![udp::PacketMetadata::EMPTY], vec![0; 4096]); @@ -778,6 +818,7 @@ impl<'a> TunToProxy<'a> { } } self.send_to_smoltcp()?; + self.clearup_expired_udp_associate()?; } } From b019ace2e15a1164765510906258067c84c5cc97 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Fri, 18 Aug 2023 09:43:18 +0800 Subject: [PATCH 068/401] minor changes --- src/tun2proxy.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index bf16cb9..df0f87d 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -588,7 +588,7 @@ impl<'a> TunToProxy<'a> { } fn clearup_expired_udp_associate(&mut self) -> Result<()> { - let keys = self.connection_map.keys().map(|key| key.clone()).collect::>(); + let keys = self.connection_map.keys().cloned().collect::>(); for key in keys { if self.udp_associate_timeout_expired(&key) { log::debug!("UDP associate timeout: {}", key); From 01157915b3895c4b45a2fb6fdea342c1faf71479 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sat, 19 Aug 2023 21:33:43 +0800 Subject: [PATCH 069/401] UDP proxy completed --- src/socks.rs | 6 +-- src/tun2proxy.rs | 138 ++++++++++++++++++++++++++++++++++++----------- 2 files changed, 111 insertions(+), 33 deletions(-) diff --git a/src/socks.rs b/src/socks.rs index 3e4a7a9..4dbc091 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -142,7 +142,7 @@ impl SocksProxyImpl { let response = handshake::Response::retrieve_from_stream(&mut self.server_inbuf.clone()); if let Err(e) = &response { if e.kind() == std::io::ErrorKind::UnexpectedEof { - log::trace!("receive_server_hello_socks5 needs more data \"{}\"...", e); + // log::trace!("receive_server_hello_socks5 needs more data \"{}\"...", e); return Ok(()); } else { return Err(e.to_string().into()); @@ -212,7 +212,7 @@ impl SocksProxyImpl { let response = protocol::Response::retrieve_from_stream(&mut self.server_inbuf.clone()); if let Err(e) = &response { if e.kind() == std::io::ErrorKind::UnexpectedEof { - log::trace!("receive_connection_status needs more data \"{}\"...", e); + // log::trace!("receive_connection_status needs more data \"{}\"...", e); return Ok(()); } else { return Err(e.to_string().into()); @@ -226,7 +226,7 @@ impl SocksProxyImpl { if self.command == protocol::Command::UdpAssociate { self.udp_associate = Some(SocketAddr::try_from(&response.address)?); assert!(self.data_buf.is_empty()); - log::debug!("UDP associate: {}", response.address); + // log::debug!("UDP associate: {}", response.address); } self.server_outbuf.append(&mut self.data_buf); diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index df0f87d..a537a3b 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -1,5 +1,5 @@ use crate::{error::Error, error::Result, virtdevice::VirtualTunDevice, NetworkInterface, Options}; -use mio::{event::Event, net::TcpStream, unix::SourceFd, Events, Interest, Poll, Token}; +use mio::{event::Event, net::TcpStream, net::UdpSocket, unix::SourceFd, Events, Interest, Poll, Token}; use smoltcp::{ iface::{Config, Interface, SocketHandle, SocketSet}, phy::{Device, Medium, RxToken, TunTapInterface, TxToken}, @@ -166,7 +166,7 @@ fn connection_tuple(frame: &[u8]) -> Result<(ConnectionInfo, bool, usize, usize) const SERVER_WRITE_CLOSED: u8 = 1; const CLIENT_WRITE_CLOSED: u8 = 2; -const UDP_ASSO_TIMEOUT: u64 = 5; // seconds +const UDP_ASSO_TIMEOUT: u64 = 10; // seconds struct TcpConnectState { smoltcp_handle: Option, @@ -177,6 +177,10 @@ struct TcpConnectState { wait_read: bool, wait_write: bool, expiry: Option<::std::time::Instant>, + udp_socket: Option, + udp_token: Option, + udp_origin_dst: Option, + udp_data_cache: Option>, } pub(crate) trait TcpProxy { @@ -303,6 +307,17 @@ impl<'a> TunToProxy<'a> { .find_map(|(info, state)| if state.token == token { Some(info) } else { None }) } + fn find_info_by_udp_token(&self, token: Token) -> Option<&ConnectionInfo> { + self.connection_map.iter().find_map(|(info, state)| { + if let Some(udp_token) = state.udp_token { + if udp_token == token { + return Some(info); + } + } + None + }) + } + /// Destroy connection state machine fn remove_connection(&mut self, info: &ConnectionInfo) -> Result<(), Error> { if let Some(mut state) = self.connection_map.remove(info) { @@ -316,7 +331,16 @@ impl<'a> TunToProxy<'a> { // FIXME: Does this line should be moved up to the beginning of this function? self.expect_smoltcp_send()?; - _ = self.poll.registry().deregister(&mut state.mio_stream); + if let Err(e) = self.poll.registry().deregister(&mut state.mio_stream) { + // FIXME: The function `deregister` will frequently fail for unknown reasons. + log::debug!("{}", e); + } + + if let Some(mut udp_socket) = state.udp_socket { + if let Err(e) = self.poll.registry().deregister(&mut udp_socket) { + log::debug!("{}", e); + } + } log::info!("Close {}", info); } @@ -442,14 +466,14 @@ impl<'a> TunToProxy<'a> { return Ok(()); } let (info, _first_packet, payload_offset, payload_size) = result?; - let dst = SocketAddr::try_from(&info.dst)?; + let origin_dst = SocketAddr::try_from(&info.dst)?; let connection_info = match &mut self.options.virtual_dns { - None => info.clone(), + None => info, Some(virtual_dns) => { - let dst_ip = dst.ip(); + let dst_ip = origin_dst.ip(); virtual_dns.touch_ip(&dst_ip); match virtual_dns.resolve_ip(&dst_ip) { - None => info.clone(), + None => info, Some(name) => info.to_named(name.clone()), } } @@ -461,15 +485,16 @@ impl<'a> TunToProxy<'a> { if connection_info.protocol == IpProtocol::Tcp { if _first_packet { let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info, false)?; - let state = self.create_new_tcp_connection_state(server_addr, dst, tcp_proxy_handler, false)?; + #[rustfmt::skip] + let state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, false)?; self.connection_map.insert(connection_info.clone(), state); - log::info!("Connect done {} ({})", connection_info, dst); + log::info!("Connect done {} ({})", connection_info, origin_dst); } else if !self.connection_map.contains_key(&connection_info) { - log::debug!("Not found {} ({})", connection_info, dst); + // log::debug!("Drop middle session {} ({})", connection_info, origin_dst); return Ok(()); } else { - log::trace!("Subsequent packet {} ({})", connection_info, dst); + // log::trace!("Subsequent packet {} ({})", connection_info, origin_dst); } // Inject the packet to advance the remote proxy server smoltcp socket state @@ -487,46 +512,51 @@ impl<'a> TunToProxy<'a> { // Therefore, we now expect it to write data to the server. self.write_to_server(&connection_info)?; } else if connection_info.protocol == IpProtocol::Udp { - log::trace!("{} ({})", connection_info, dst); let port = connection_info.dst.port(); let payload = &frame[payload_offset..payload_offset + payload_size]; if let (Some(virtual_dns), true) = (&mut self.options.virtual_dns, port == 53) { + log::info!("DNS query via virtual DNS {} ({})", connection_info, origin_dst); let response = virtual_dns.receive_query(payload)?; - self.send_udp_packet(dst, connection_info.src, response.as_slice())?; + self.send_udp_packet_to_client(origin_dst, connection_info.src, response.as_slice())?; } else { // Another UDP packet if !self.connection_map.contains_key(&connection_info) { - log::trace!("New UDP connection {} ({})", connection_info, dst); + log::info!("UDP associate session {} ({})", connection_info, origin_dst); let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info, true)?; - let state = self.create_new_tcp_connection_state(server_addr, dst, tcp_proxy_handler, true)?; + #[rustfmt::skip] + let mut state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, true)?; + state.udp_origin_dst = Some(origin_dst); self.connection_map.insert(connection_info.clone(), state); + + self.expect_smoltcp_send()?; + self.tunsocket_read_and_forward(&connection_info)?; + self.write_to_server(&connection_info)?; + } else { + // log::trace!("Subsequent udp packet {} ({})", connection_info, origin_dst); } - self.expect_smoltcp_send()?; - self.tunsocket_read_and_forward(&connection_info)?; - self.write_to_server(&connection_info)?; + let err = "udp associate state not find"; + let state = self.connection_map.get_mut(&connection_info).ok_or(err)?; + assert!(state.expiry.is_some()); + state.expiry = Some(Self::udp_associate_timeout()); + // Add SOCKS5 UDP header to the incoming data let mut s5_udp_data = Vec::::new(); UdpHeader::new(0, connection_info.dst.clone()).write_to_stream(&mut s5_udp_data)?; s5_udp_data.extend_from_slice(payload); - let state = self - .connection_map - .get_mut(&connection_info) - .ok_or("udp associate state")?; - assert!(state.expiry.is_some()); - state.expiry = Some(Self::udp_associate_timeout()); - if let Some(udp_associate) = state.tcp_proxy_handler.get_udp_associate() { - log::debug!("UDP associate address: {}", udp_associate); - // Send packets via UDP associate... - // self.send_udp_packet(connection_info.src, udp_associate, &s5_udp_data)?; + // UDP associate session has been established, we can send packets directly... + if let Some(socket) = state.udp_socket.as_ref() { + socket.send_to(&s5_udp_data, udp_associate)?; + } } else { // UDP associate tunnel not ready yet, we must cache the packet... + state.udp_data_cache = Some(s5_udp_data); } } } else { - log::warn!("Unsupported protocol: {} ({})", connection_info, dst); + log::warn!("Unsupported protocol: {} ({})", connection_info, origin_dst); } Ok::<(), Error>(()) }; @@ -561,6 +591,16 @@ impl<'a> TunToProxy<'a> { } else { None }; + + let (udp_socket, udp_token) = if udp_associate { + let addr = (Ipv4Addr::UNSPECIFIED, 0).into(); + let mut socket = UdpSocket::bind(addr)?; + let token = self.new_token(); + self.poll.registry().register(&mut socket, token, Interest::READABLE)?; + (Some(socket), Some(token)) + } else { + (None, None) + }; let state = TcpConnectState { smoltcp_handle: Some(handle), mio_stream: client, @@ -570,6 +610,10 @@ impl<'a> TunToProxy<'a> { wait_read: true, wait_write: false, expiry, + udp_socket, + udp_token, + udp_origin_dst: None, + udp_data_cache: None, }; Ok(state) } @@ -598,7 +642,7 @@ impl<'a> TunToProxy<'a> { Ok(()) } - fn send_udp_packet(&mut self, src: SocketAddr, dst: SocketAddr, data: &[u8]) -> Result<()> { + fn send_udp_packet_to_client(&mut self, src: SocketAddr, dst: SocketAddr, data: &[u8]) -> Result<()> { let rx_buffer = udp::PacketBuffer::new(vec![udp::PacketMetadata::EMPTY], vec![0; 4096]); let tx_buffer = udp::PacketBuffer::new(vec![udp::PacketMetadata::EMPTY], vec![0; 4096]); let mut socket = udp::Socket::new(rx_buffer, tx_buffer); @@ -706,6 +750,27 @@ impl<'a> TunToProxy<'a> { } fn mio_socket_event(&mut self, event: &Event) -> Result<(), Error> { + if let Some(info) = self.find_info_by_udp_token(event.token()) { + let info = info.clone(); + let err = "udp connection state not found"; + let state = self.connection_map.get_mut(&info).ok_or(err)?; + state.expiry = Some(Self::udp_associate_timeout()); + if let Some(udp_socket) = state.udp_socket.as_ref() { + let mut buf = [0; 1 << 16]; + // Receive UDP packet from remote SOCKS5 server + let (packet_size, _svr_addr) = udp_socket.recv_from(&mut buf)?; + + let buf = buf[..packet_size].to_vec(); + let header = UdpHeader::retrieve_from_stream(&mut &buf[..])?; + + // Write to client + let src = state.udp_origin_dst.ok_or("udp address")?; + self.send_udp_packet_to_client(src, info.src, &buf[header.len()..])?; + } + + return Ok(()); + } + let conn_info = match self.find_info_by_token(event.token()) { Some(conn_info) => conn_info.clone(), None => { @@ -723,6 +788,7 @@ impl<'a> TunToProxy<'a> { let mut block = || -> Result<(), Error> { if event.is_readable() || event.is_read_closed() { { + let e = "connection state not found"; let state = self.connection_map.get_mut(&conn_info).ok_or(e)?; // TODO: Move this reading process to its own function. @@ -783,6 +849,18 @@ impl<'a> TunToProxy<'a> { // The connection handler could have produced data that is to be written to the // server. self.write_to_server(&conn_info)?; + + // Try to send the first UDP packet to remote SOCKS5 server for UDP associate session + if let Some(state) = self.connection_map.get_mut(&conn_info) { + if let Some(udp_socket) = state.udp_socket.as_ref() { + if let Some(addr) = state.tcp_proxy_handler.get_udp_associate() { + // Take ownership of udp_data_cache + if let Some(buf) = state.udp_data_cache.take() { + udp_socket.send_to(&buf, addr)?; + } + } + } + } } if event.is_writable() { From 60b9683facd10a6f7309420252b23d7a600b8bd0 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sun, 20 Aug 2023 12:13:28 +0800 Subject: [PATCH 070/401] dns query from remote server --- src/dns.rs | 19 ++++++++++++++++++- src/tun2proxy.rs | 14 +++++++++++--- 2 files changed, 29 insertions(+), 4 deletions(-) diff --git a/src/dns.rs b/src/dns.rs index 2ae1528..8aefd03 100644 --- a/src/dns.rs +++ b/src/dns.rs @@ -1,6 +1,9 @@ #![allow(dead_code)] -use std::{net::IpAddr, str::FromStr}; +use std::{ + net::{IpAddr, Ipv4Addr, SocketAddr}, + str::FromStr, +}; use trust_dns_proto::{ op::{Message, ResponseCode}, rr::{record_type::RecordType, Name, RData, Record}, @@ -90,3 +93,17 @@ pub fn parse_data_to_dns_message(data: &[u8], used_by_tcp: bool) -> Result bool { + fn is_benchmarking(addr: &Ipv4Addr) -> bool { + addr.octets()[0] == 198 && (addr.octets()[1] & 0xfe) == 18 + } + fn addr_v4_is_private(addr: &Ipv4Addr) -> bool { + is_benchmarking(addr) || addr.is_private() || addr.is_loopback() || addr.is_link_local() + } + match addr { + SocketAddr::V4(addr) => addr_v4_is_private(addr.ip()), + SocketAddr::V6(_) => false, + } +} diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index a537a3b..f4c0854 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -1,4 +1,4 @@ -use crate::{error::Error, error::Result, virtdevice::VirtualTunDevice, NetworkInterface, Options}; +use crate::{dns, error::Error, error::Result, virtdevice::VirtualTunDevice, NetworkInterface, Options}; use mio::{event::Event, net::TcpStream, net::UdpSocket, unix::SourceFd, Events, Interest, Poll, Token}; use smoltcp::{ iface::{Config, Interface, SocketHandle, SocketSet}, @@ -468,7 +468,15 @@ impl<'a> TunToProxy<'a> { let (info, _first_packet, payload_offset, payload_size) = result?; let origin_dst = SocketAddr::try_from(&info.dst)?; let connection_info = match &mut self.options.virtual_dns { - None => info, + None => { + let mut info = info; + let port = origin_dst.port(); + if port == 53 && info.protocol == IpProtocol::Udp && dns::addr_is_private(&origin_dst) { + let dns_addr: SocketAddr = "8.8.8.8:53".parse()?; // TODO: Configurable + info.dst = Address::from(dns_addr); + } + info + } Some(virtual_dns) => { let dst_ip = origin_dst.ip(); virtual_dns.touch_ip(&dst_ip); @@ -798,7 +806,7 @@ impl<'a> TunToProxy<'a> { Ok(read_result) => read_result, Err(error) => { if error.kind() != std::io::ErrorKind::WouldBlock { - log::error!("Read from proxy: {}", error); + log::error!("{} Read from proxy: {}", conn_info.dst, error); } vecbuf.len() } From 6439cc7b4314f119f6633fcc3eb02d44b2878440 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sun, 20 Aug 2023 13:29:36 +0800 Subject: [PATCH 071/401] dns::remove_ipv6_entries --- src/dns.rs | 6 ++++++ src/tun2proxy.rs | 10 +++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/dns.rs b/src/dns.rs index 8aefd03..33be70c 100644 --- a/src/dns.rs +++ b/src/dns.rs @@ -50,6 +50,12 @@ pub fn build_dns_response(mut request: Message, domain: &str, ip: IpAddr, ttl: u Ok(request) } +pub fn remove_ipv6_entries(message: &mut Message) { + message + .answers_mut() + .retain(|answer| !matches!(answer.data(), Some(RData::AAAA(_)))); +} + pub fn extract_ipaddr_from_dns_message(message: &Message) -> Result { if message.response_code() != ResponseCode::NoError { return Err(format!("{:?}", message.response_code())); diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index f4c0854..d68abdb 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -771,9 +771,17 @@ impl<'a> TunToProxy<'a> { let buf = buf[..packet_size].to_vec(); let header = UdpHeader::retrieve_from_stream(&mut &buf[..])?; + let buf = if info.dst.port() == 53 { + let mut message = dns::parse_data_to_dns_message(&buf[header.len()..], false)?; + dns::remove_ipv6_entries(&mut message); // TODO: Configurable + message.to_vec()? + } else { + buf[header.len()..].to_vec() + }; + // Write to client let src = state.udp_origin_dst.ok_or("udp address")?; - self.send_udp_packet_to_client(src, info.src, &buf[header.len()..])?; + self.send_udp_packet_to_client(src, info.src, &buf)?; } return Ok(()); From d5b76c18cc05bb14e481b383bcc48a60c58f042a Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Sun, 20 Aug 2023 17:27:22 +0200 Subject: [PATCH 072/401] Fix UDP associate address --- src/socks.rs | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/socks.rs b/src/socks.rs index 4dbc091..9d61f47 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -203,7 +203,13 @@ impl SocksProxyImpl { } fn send_request_socks5(&mut self) -> Result<(), Error> { - protocol::Request::new(self.command, self.info.dst.clone()).write_to_stream(&mut self.server_outbuf)?; + use socks5_impl::protocol::Command::UdpAssociate; + let addr = if self.command == UdpAssociate { + Address::unspecified() + } else { + self.info.dst.clone() + }; + protocol::Request::new(self.command, addr).write_to_stream(&mut self.server_outbuf)?; self.state = SocksState::ReceiveResponse; self.state_change() } From 5301cf8d3787e14edff3454a63491a8f0ff49f4d Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Sun, 20 Aug 2023 18:20:47 +0200 Subject: [PATCH 073/401] Add dual stack DNS lookup test --- tests/manual-tests/test-ds-dns-lookup.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 tests/manual-tests/test-ds-dns-lookup.py diff --git a/tests/manual-tests/test-ds-dns-lookup.py b/tests/manual-tests/test-ds-dns-lookup.py new file mode 100644 index 0000000..1354be9 --- /dev/null +++ b/tests/manual-tests/test-ds-dns-lookup.py @@ -0,0 +1,13 @@ +import dns.message +import socket + +s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) +s.bind(('0.0.0.0', 0)) + +s.sendto(dns.message.make_query('example.org', 'A').to_wire(), ('8.8.8.8', 53)) +s.sendto(dns.message.make_query('example.org', 'AAAA').to_wire(), ('8.8.8.8', 53)) + +data, _ = s.recvfrom(0xffff) +print(dns.message.from_wire(data)) +data, _ = s.recvfrom(0xffff) +print(dns.message.from_wire(data)) From b0e275ec0805e8b6a3b99cbdcadd1bde36ccd069 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Sun, 20 Aug 2023 18:51:15 +0200 Subject: [PATCH 074/401] Use LinkedList as UDP packet cache --- src/tun2proxy.rs | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index d68abdb..a289cdd 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -17,6 +17,7 @@ use std::{ rc::Rc, str::FromStr, }; +use std::collections::LinkedList; #[derive(Hash, Clone, Eq, PartialEq, PartialOrd, Ord, Debug)] pub(crate) struct ConnectionInfo { @@ -180,7 +181,7 @@ struct TcpConnectState { udp_socket: Option, udp_token: Option, udp_origin_dst: Option, - udp_data_cache: Option>, + udp_data_cache: LinkedList>, } pub(crate) trait TcpProxy { @@ -540,6 +541,7 @@ impl<'a> TunToProxy<'a> { self.tunsocket_read_and_forward(&connection_info)?; self.write_to_server(&connection_info)?; } else { + log::info!("Subsequent udp packet {} ({})", connection_info, origin_dst); // log::trace!("Subsequent udp packet {} ({})", connection_info, origin_dst); } @@ -559,8 +561,9 @@ impl<'a> TunToProxy<'a> { socket.send_to(&s5_udp_data, udp_associate)?; } } else { + log::info!("Cache udp packet {} ({})", connection_info, origin_dst); // UDP associate tunnel not ready yet, we must cache the packet... - state.udp_data_cache = Some(s5_udp_data); + state.udp_data_cache.push_back(s5_udp_data); } } } else { @@ -621,7 +624,7 @@ impl<'a> TunToProxy<'a> { udp_socket, udp_token, udp_origin_dst: None, - udp_data_cache: None, + udp_data_cache: LinkedList::new(), }; Ok(state) } @@ -871,7 +874,7 @@ impl<'a> TunToProxy<'a> { if let Some(udp_socket) = state.udp_socket.as_ref() { if let Some(addr) = state.tcp_proxy_handler.get_udp_associate() { // Take ownership of udp_data_cache - if let Some(buf) = state.udp_data_cache.take() { + while let Some(buf) = state.udp_data_cache.pop_front(){ udp_socket.send_to(&buf, addr)?; } } From aa059e0dd5773cedc87fdd847f72c9457ef785c5 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Sun, 20 Aug 2023 18:54:02 +0200 Subject: [PATCH 075/401] Format correctly --- src/tun2proxy.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index a289cdd..fc5119f 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -8,6 +8,7 @@ use smoltcp::{ wire::{IpCidr, IpProtocol, Ipv4Packet, Ipv6Packet, TcpPacket, UdpPacket, UDP_HEADER_LEN}, }; use socks5_impl::protocol::{Address, StreamOperation, UdpHeader, UserKey}; +use std::collections::LinkedList; use std::{ collections::{HashMap, HashSet}, convert::{From, TryFrom}, @@ -17,7 +18,6 @@ use std::{ rc::Rc, str::FromStr, }; -use std::collections::LinkedList; #[derive(Hash, Clone, Eq, PartialEq, PartialOrd, Ord, Debug)] pub(crate) struct ConnectionInfo { @@ -874,7 +874,7 @@ impl<'a> TunToProxy<'a> { if let Some(udp_socket) = state.udp_socket.as_ref() { if let Some(addr) = state.tcp_proxy_handler.get_udp_associate() { // Take ownership of udp_data_cache - while let Some(buf) = state.udp_data_cache.pop_front(){ + while let Some(buf) = state.udp_data_cache.pop_front() { udp_socket.send_to(&buf, addr)?; } } From b244286e4d80e6fbb24d82ac7beba3d8c19a2c5c Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Sun, 20 Aug 2023 19:36:59 +0200 Subject: [PATCH 076/401] Fix handling of multiple packets per event --- src/tun2proxy.rs | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index fc5119f..a8b3782 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -541,8 +541,7 @@ impl<'a> TunToProxy<'a> { self.tunsocket_read_and_forward(&connection_info)?; self.write_to_server(&connection_info)?; } else { - log::info!("Subsequent udp packet {} ({})", connection_info, origin_dst); - // log::trace!("Subsequent udp packet {} ({})", connection_info, origin_dst); + log::trace!("Subsequent udp packet {} ({})", connection_info, origin_dst); } let err = "udp associate state not find"; @@ -561,8 +560,8 @@ impl<'a> TunToProxy<'a> { socket.send_to(&s5_udp_data, udp_associate)?; } } else { - log::info!("Cache udp packet {} ({})", connection_info, origin_dst); // UDP associate tunnel not ready yet, we must cache the packet... + log::trace!("Cache udp packet {} ({})", connection_info, origin_dst); state.udp_data_cache.push_back(s5_udp_data); } } @@ -766,25 +765,31 @@ impl<'a> TunToProxy<'a> { let err = "udp connection state not found"; let state = self.connection_map.get_mut(&info).ok_or(err)?; state.expiry = Some(Self::udp_associate_timeout()); + let src = state.udp_origin_dst.ok_or("udp address")?; + let mut to_send: LinkedList> = LinkedList::new(); if let Some(udp_socket) = state.udp_socket.as_ref() { let mut buf = [0; 1 << 16]; // Receive UDP packet from remote SOCKS5 server - let (packet_size, _svr_addr) = udp_socket.recv_from(&mut buf)?; + while let Ok((packet_size, _svr_addr)) = udp_socket.recv_from(&mut buf) { + let buf = buf[..packet_size].to_vec(); + let header = UdpHeader::retrieve_from_stream(&mut &buf[..])?; - let buf = buf[..packet_size].to_vec(); - let header = UdpHeader::retrieve_from_stream(&mut &buf[..])?; + let buf = if info.dst.port() == 53 { + let mut message = dns::parse_data_to_dns_message(&buf[header.len()..], false)?; + dns::remove_ipv6_entries(&mut message); // TODO: Configurable + message.to_vec()? + } else { + buf[header.len()..].to_vec() + }; - let buf = if info.dst.port() == 53 { - let mut message = dns::parse_data_to_dns_message(&buf[header.len()..], false)?; - dns::remove_ipv6_entries(&mut message); // TODO: Configurable - message.to_vec()? - } else { - buf[header.len()..].to_vec() - }; + // Escape the borrow checker madness + to_send.push_back(buf); + } + } - // Write to client - let src = state.udp_origin_dst.ok_or("udp address")?; - self.send_udp_packet_to_client(src, info.src, &buf)?; + // Write to client + while let Some(packet) = to_send.pop_front() { + self.send_udp_packet_to_client(src, info.src, &packet)?; } return Ok(()); From 3543472c38bf8cc419f2b06bc7aac9ab58c9b3dd Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Sun, 20 Aug 2023 19:58:30 +0200 Subject: [PATCH 077/401] Update README with UDP info --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1925a4e..0f76187 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ A tunnel interface for HTTP and SOCKS proxies on Linux based on [smoltcp](https: - Minimal configuration setup for routing all traffic - IPv4 and IPv6 support - GFW evasion mechanism for certain use cases (see [issue #35](https://github.com/blechschmidt/tun2proxy/issues/35)) +- SOCKS5 UDP support ## Build Clone the repository and `cd` into the project folder. Then run the following: @@ -124,5 +125,4 @@ requests for IPv6 addresses. ## TODO - Increase error robustness (reduce `unwrap` and `expect` usage) -- UDP support for SOCKS - Native support for proxying DNS over TCP or TLS From 0f67dd698110e0f3b541a8a57936b560d56c1810 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Sun, 20 Aug 2023 20:01:02 +0200 Subject: [PATCH 078/401] Remove error robustness todo Excessive expect and unwrap usage has been dealt with. --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 0f76187..4b89238 100644 --- a/README.md +++ b/README.md @@ -124,5 +124,4 @@ or through `ip -6 route del default`, which causes the `libc` resolver (and othe requests for IPv6 addresses. ## TODO -- Increase error robustness (reduce `unwrap` and `expect` usage) - Native support for proxying DNS over TCP or TLS From 3c09c2699ddca2759115aa4083996d4020db8985 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Mon, 21 Aug 2023 16:08:48 +0800 Subject: [PATCH 079/401] refine code --- src/socks.rs | 3 +-- src/tun2proxy.rs | 23 +++++++++++++---------- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/src/socks.rs b/src/socks.rs index 9d61f47..ee65501 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -203,8 +203,7 @@ impl SocksProxyImpl { } fn send_request_socks5(&mut self) -> Result<(), Error> { - use socks5_impl::protocol::Command::UdpAssociate; - let addr = if self.command == UdpAssociate { + let addr = if self.command == protocol::Command::UdpAssociate { Address::unspecified() } else { self.info.dst.clone() diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index a8b3782..2ccc97e 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -168,6 +168,7 @@ const SERVER_WRITE_CLOSED: u8 = 1; const CLIENT_WRITE_CLOSED: u8 = 2; const UDP_ASSO_TIMEOUT: u64 = 10; // seconds +const DNS_PORT: u16 = 53; struct TcpConnectState { smoltcp_handle: Option, @@ -334,12 +335,12 @@ impl<'a> TunToProxy<'a> { if let Err(e) = self.poll.registry().deregister(&mut state.mio_stream) { // FIXME: The function `deregister` will frequently fail for unknown reasons. - log::debug!("{}", e); + log::trace!("{}", e); } if let Some(mut udp_socket) = state.udp_socket { if let Err(e) = self.poll.registry().deregister(&mut udp_socket) { - log::debug!("{}", e); + log::trace!("{}", e); } } @@ -440,7 +441,9 @@ impl<'a> TunToProxy<'a> { fn update_mio_socket_interest(poll: &mut Poll, state: &mut TcpConnectState) -> Result<()> { // Maybe we did not listen for any events before. Therefore, just swallow the error. - _ = poll.registry().deregister(&mut state.mio_stream); + if let Err(err) = poll.registry().deregister(&mut state.mio_stream) { + log::trace!("{}", err); + } // If we do not wait for read or write events, we do not need to register them. if !state.wait_read && !state.wait_write { @@ -472,7 +475,7 @@ impl<'a> TunToProxy<'a> { None => { let mut info = info; let port = origin_dst.port(); - if port == 53 && info.protocol == IpProtocol::Udp && dns::addr_is_private(&origin_dst) { + if port == DNS_PORT && info.protocol == IpProtocol::Udp && dns::addr_is_private(&origin_dst) { let dns_addr: SocketAddr = "8.8.8.8:53".parse()?; // TODO: Configurable info.dst = Address::from(dns_addr); } @@ -523,7 +526,7 @@ impl<'a> TunToProxy<'a> { } else if connection_info.protocol == IpProtocol::Udp { let port = connection_info.dst.port(); let payload = &frame[payload_offset..payload_offset + payload_size]; - if let (Some(virtual_dns), true) = (&mut self.options.virtual_dns, port == 53) { + if let (Some(virtual_dns), true) = (&mut self.options.virtual_dns, port == DNS_PORT) { log::info!("DNS query via virtual DNS {} ({})", connection_info, origin_dst); let response = virtual_dns.receive_query(payload)?; self.send_udp_packet_to_client(origin_dst, connection_info.src, response.as_slice())?; @@ -560,7 +563,7 @@ impl<'a> TunToProxy<'a> { socket.send_to(&s5_udp_data, udp_associate)?; } } else { - // UDP associate tunnel not ready yet, we must cache the packet... + // UDP associate tunnel not ready yet, we must cache the packets... log::trace!("Cache udp packet {} ({})", connection_info, origin_dst); state.udp_data_cache.push_back(s5_udp_data); } @@ -645,7 +648,7 @@ impl<'a> TunToProxy<'a> { let keys = self.connection_map.keys().cloned().collect::>(); for key in keys { if self.udp_associate_timeout_expired(&key) { - log::debug!("UDP associate timeout: {}", key); + log::trace!("UDP associate timeout: {}", key); self.remove_connection(&key)?; } } @@ -765,7 +768,6 @@ impl<'a> TunToProxy<'a> { let err = "udp connection state not found"; let state = self.connection_map.get_mut(&info).ok_or(err)?; state.expiry = Some(Self::udp_associate_timeout()); - let src = state.udp_origin_dst.ok_or("udp address")?; let mut to_send: LinkedList> = LinkedList::new(); if let Some(udp_socket) = state.udp_socket.as_ref() { let mut buf = [0; 1 << 16]; @@ -774,7 +776,7 @@ impl<'a> TunToProxy<'a> { let buf = buf[..packet_size].to_vec(); let header = UdpHeader::retrieve_from_stream(&mut &buf[..])?; - let buf = if info.dst.port() == 53 { + let buf = if info.dst.port() == DNS_PORT { let mut message = dns::parse_data_to_dns_message(&buf[header.len()..], false)?; dns::remove_ipv6_entries(&mut message); // TODO: Configurable message.to_vec()? @@ -788,6 +790,7 @@ impl<'a> TunToProxy<'a> { } // Write to client + let src = state.udp_origin_dst.ok_or("udp address")?; while let Some(packet) = to_send.pop_front() { self.send_udp_packet_to_client(src, info.src, &packet)?; } @@ -878,7 +881,7 @@ impl<'a> TunToProxy<'a> { if let Some(state) = self.connection_map.get_mut(&conn_info) { if let Some(udp_socket) = state.udp_socket.as_ref() { if let Some(addr) = state.tcp_proxy_handler.get_udp_associate() { - // Take ownership of udp_data_cache + // Consume udp_data_cache data while let Some(buf) = state.udp_data_cache.pop_front() { udp_socket.send_to(&buf, addr)?; } From 17566451cf3523a3ae23a136b9dad917ad379613 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Mon, 21 Aug 2023 17:01:07 +0800 Subject: [PATCH 080/401] remove trait UdpProxy --- src/tun2proxy.rs | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 2ccc97e..c405486 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -196,11 +196,6 @@ pub(crate) trait TcpProxy { fn get_udp_associate(&self) -> Option; } -pub(crate) trait UdpProxy { - fn send_frame(&mut self, destination: &Address, frame: &[u8]) -> Result<(), Error>; - fn receive_frame(&mut self, source: &SocketAddr, frame: &[u8]) -> Result<(), Error>; -} - pub(crate) trait ConnectionManager { fn new_tcp_proxy(&self, info: &ConnectionInfo, udp_associate: bool) -> Result>; fn close_connection(&self, info: &ConnectionInfo); From 10ade804885c2516b869f7f534189cd9079c2a77 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Mon, 21 Aug 2023 17:14:33 +0800 Subject: [PATCH 081/401] Bump 0.1.4 --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index a5ec577..cff8d93 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -2,7 +2,7 @@ authors = ["B. Blechschmidt"] edition = "2018" name = "tun2proxy" -version = "0.1.2" +version = "0.1.4" [lib] crate-type = ["cdylib", "lib"] From 89aeffe19529577c7aa8221209e1105412eb5144 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Mon, 21 Aug 2023 19:58:13 +0800 Subject: [PATCH 082/401] dns over tcp --- src/lib.rs | 8 ++++++++ src/main.rs | 8 ++++++++ src/tun2proxy.rs | 24 ++++++++++++++++++++++++ 3 files changed, 40 insertions(+) diff --git a/src/lib.rs b/src/lib.rs index bdbf7a0..d21d99b 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -98,6 +98,7 @@ impl std::fmt::Display for ProxyType { pub struct Options { virtual_dns: Option, mtu: Option, + dns_over_tcp: bool, } impl Options { @@ -107,6 +108,13 @@ impl Options { pub fn with_virtual_dns(mut self) -> Self { self.virtual_dns = Some(virtdns::VirtualDns::new()); + self.dns_over_tcp = false; + self + } + + pub fn with_dns_over_tcp(mut self) -> Self { + self.dns_over_tcp = true; + self.virtual_dns = None; self } diff --git a/src/main.rs b/src/main.rs index 1502599..6047dd9 100644 --- a/src/main.rs +++ b/src/main.rs @@ -40,6 +40,10 @@ struct Args { /// Verbosity level #[arg(short, long, value_name = "level", value_enum, default_value = "info")] verbosity: ArgVerbosity, + + /// DNS over TCP + #[arg(long)] + dns_over_tcp: bool, } #[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, clap::ValueEnum)] @@ -79,6 +83,10 @@ fn main() -> ExitCode { options = options.with_virtual_dns(); } + if args.dns_over_tcp { + options = options.with_dns_over_tcp(); + } + let interface = match args.tun_fd { None => NetworkInterface::Named(args.tun.clone()), Some(fd) => { diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index c405486..67574c7 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -527,6 +527,30 @@ impl<'a> TunToProxy<'a> { self.send_udp_packet_to_client(origin_dst, connection_info.src, response.as_slice())?; } else { // Another UDP packet + if self.options.dns_over_tcp && port == DNS_PORT { + if !self.connection_map.contains_key(&connection_info) { + log::info!("DNS over TCP {} ({})", connection_info, origin_dst); + let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info, false)?; + #[rustfmt::skip] + let state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, false)?; + self.connection_map.insert(connection_info.clone(), state); + } else { + log::trace!("Subsequent dns over tcp packet {} ({})", connection_info, origin_dst); + } + + let len = payload.len() as u16; + let mut buf = Vec::with_capacity(2 + len as usize); + buf.extend_from_slice(&len.to_be_bytes()); + buf.extend_from_slice(payload); + + // TODO: Build an IP packet and inject it into the device. + self.device.inject_packet(&buf); + + self.expect_smoltcp_send()?; + self.tunsocket_read_and_forward(&connection_info)?; + self.write_to_server(&connection_info)?; + return Ok(()); + } if !self.connection_map.contains_key(&connection_info) { log::info!("UDP associate session {} ({})", connection_info, origin_dst); let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info, true)?; From d42d3a8287a8049f5bed1ee2095a0603d7509f97 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Tue, 22 Aug 2023 10:44:46 +0800 Subject: [PATCH 083/401] extract dns logic to separate functions --- src/tun2proxy.rs | 89 ++++++++++++++++++++++++++---------------------- 1 file changed, 48 insertions(+), 41 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index c405486..10d17a5 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -757,40 +757,57 @@ impl<'a> TunToProxy<'a> { Ok(()) } - fn mio_socket_event(&mut self, event: &Event) -> Result<(), Error> { - if let Some(info) = self.find_info_by_udp_token(event.token()) { - let info = info.clone(); - let err = "udp connection state not found"; - let state = self.connection_map.get_mut(&info).ok_or(err)?; - state.expiry = Some(Self::udp_associate_timeout()); - let mut to_send: LinkedList> = LinkedList::new(); + fn receive_udp_packet_and_write_to_client(&mut self, info: &ConnectionInfo) -> Result<()> { + let err = "udp connection state not found"; + let state = self.connection_map.get_mut(info).ok_or(err)?; + state.expiry = Some(Self::udp_associate_timeout()); + let mut to_send: LinkedList> = LinkedList::new(); + if let Some(udp_socket) = state.udp_socket.as_ref() { + let mut buf = [0; 1 << 16]; + // Receive UDP packet from remote SOCKS5 server + while let Ok((packet_size, _svr_addr)) = udp_socket.recv_from(&mut buf) { + let buf = buf[..packet_size].to_vec(); + let header = UdpHeader::retrieve_from_stream(&mut &buf[..])?; + + let buf = if info.dst.port() == DNS_PORT { + let mut message = dns::parse_data_to_dns_message(&buf[header.len()..], false)?; + dns::remove_ipv6_entries(&mut message); // TODO: Configurable + message.to_vec()? + } else { + buf[header.len()..].to_vec() + }; + + // Escape the borrow checker madness + to_send.push_back(buf); + } + } + + // Write to client + let src = state.udp_origin_dst.ok_or("udp address")?; + while let Some(packet) = to_send.pop_front() { + self.send_udp_packet_to_client(src, info.src, &packet)?; + } + Ok(()) + } + + fn comsume_cached_udp_packets(&mut self, info: &ConnectionInfo) -> Result<()> { + // Try to send the first UDP packets to remote SOCKS5 server for UDP associate session + if let Some(state) = self.connection_map.get_mut(info) { if let Some(udp_socket) = state.udp_socket.as_ref() { - let mut buf = [0; 1 << 16]; - // Receive UDP packet from remote SOCKS5 server - while let Ok((packet_size, _svr_addr)) = udp_socket.recv_from(&mut buf) { - let buf = buf[..packet_size].to_vec(); - let header = UdpHeader::retrieve_from_stream(&mut &buf[..])?; - - let buf = if info.dst.port() == DNS_PORT { - let mut message = dns::parse_data_to_dns_message(&buf[header.len()..], false)?; - dns::remove_ipv6_entries(&mut message); // TODO: Configurable - message.to_vec()? - } else { - buf[header.len()..].to_vec() - }; - - // Escape the borrow checker madness - to_send.push_back(buf); + if let Some(addr) = state.tcp_proxy_handler.get_udp_associate() { + // Consume udp_data_cache data + while let Some(buf) = state.udp_data_cache.pop_front() { + udp_socket.send_to(&buf, addr)?; + } } } + } + Ok(()) + } - // Write to client - let src = state.udp_origin_dst.ok_or("udp address")?; - while let Some(packet) = to_send.pop_front() { - self.send_udp_packet_to_client(src, info.src, &packet)?; - } - - return Ok(()); + fn mio_socket_event(&mut self, event: &Event) -> Result<(), Error> { + if let Some(info) = self.find_info_by_udp_token(event.token()) { + return self.receive_udp_packet_and_write_to_client(&info.clone()); } let conn_info = match self.find_info_by_token(event.token()) { @@ -872,17 +889,7 @@ impl<'a> TunToProxy<'a> { // server. self.write_to_server(&conn_info)?; - // Try to send the first UDP packet to remote SOCKS5 server for UDP associate session - if let Some(state) = self.connection_map.get_mut(&conn_info) { - if let Some(udp_socket) = state.udp_socket.as_ref() { - if let Some(addr) = state.tcp_proxy_handler.get_udp_associate() { - // Consume udp_data_cache data - while let Some(buf) = state.udp_data_cache.pop_front() { - udp_socket.send_to(&buf, addr)?; - } - } - } - } + self.comsume_cached_udp_packets(&conn_info)?; } if event.is_writable() { From 0f3903f45500b9ed34a76a4ea123d517453e35e6 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Tue, 22 Aug 2023 11:19:58 +0800 Subject: [PATCH 084/401] deal_with_incoming_udp_packets --- src/tun2proxy.rs | 81 +++++++++++++++++++++++++++--------------------- 1 file changed, 46 insertions(+), 35 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 10d17a5..8888b2c 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -456,6 +456,51 @@ impl<'a> TunToProxy<'a> { Ok(()) } + fn deal_with_incoming_udp_packets( + &mut self, + manager: &Rc, + info: &ConnectionInfo, + origin_dst: SocketAddr, + payload: &[u8], + ) -> Result<()> { + if !self.connection_map.contains_key(info) { + log::info!("UDP associate session {} ({})", info, origin_dst); + let tcp_proxy_handler = manager.new_tcp_proxy(info, true)?; + let server_addr = manager.get_server_addr(); + let mut state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, true)?; + state.udp_origin_dst = Some(origin_dst); + self.connection_map.insert(info.clone(), state); + + self.expect_smoltcp_send()?; + self.tunsocket_read_and_forward(info)?; + self.write_to_server(info)?; + } else { + log::trace!("Subsequent udp packet {} ({})", info, origin_dst); + } + + let err = "udp associate state not find"; + let state = self.connection_map.get_mut(info).ok_or(err)?; + assert!(state.expiry.is_some()); + state.expiry = Some(Self::udp_associate_timeout()); + + // Add SOCKS5 UDP header to the incoming data + let mut s5_udp_data = Vec::::new(); + UdpHeader::new(0, info.dst.clone()).write_to_stream(&mut s5_udp_data)?; + s5_udp_data.extend_from_slice(payload); + + if let Some(udp_associate) = state.tcp_proxy_handler.get_udp_associate() { + // UDP associate session has been established, we can send packets directly... + if let Some(socket) = state.udp_socket.as_ref() { + socket.send_to(&s5_udp_data, udp_associate)?; + } + } else { + // UDP associate tunnel not ready yet, we must cache the packets... + log::trace!("Cache udp packet {} ({})", info, origin_dst); + state.udp_data_cache.push_back(s5_udp_data); + } + Ok(()) + } + // A raw packet was received on the tunnel interface. fn receive_tun(&mut self, frame: &mut [u8]) -> Result<(), Error> { let mut handler = || -> Result<(), Error> { @@ -527,41 +572,7 @@ impl<'a> TunToProxy<'a> { self.send_udp_packet_to_client(origin_dst, connection_info.src, response.as_slice())?; } else { // Another UDP packet - if !self.connection_map.contains_key(&connection_info) { - log::info!("UDP associate session {} ({})", connection_info, origin_dst); - let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info, true)?; - #[rustfmt::skip] - let mut state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, true)?; - state.udp_origin_dst = Some(origin_dst); - self.connection_map.insert(connection_info.clone(), state); - - self.expect_smoltcp_send()?; - self.tunsocket_read_and_forward(&connection_info)?; - self.write_to_server(&connection_info)?; - } else { - log::trace!("Subsequent udp packet {} ({})", connection_info, origin_dst); - } - - let err = "udp associate state not find"; - let state = self.connection_map.get_mut(&connection_info).ok_or(err)?; - assert!(state.expiry.is_some()); - state.expiry = Some(Self::udp_associate_timeout()); - - // Add SOCKS5 UDP header to the incoming data - let mut s5_udp_data = Vec::::new(); - UdpHeader::new(0, connection_info.dst.clone()).write_to_stream(&mut s5_udp_data)?; - s5_udp_data.extend_from_slice(payload); - - if let Some(udp_associate) = state.tcp_proxy_handler.get_udp_associate() { - // UDP associate session has been established, we can send packets directly... - if let Some(socket) = state.udp_socket.as_ref() { - socket.send_to(&s5_udp_data, udp_associate)?; - } - } else { - // UDP associate tunnel not ready yet, we must cache the packets... - log::trace!("Cache udp packet {} ({})", connection_info, origin_dst); - state.udp_data_cache.push_back(s5_udp_data); - } + self.deal_with_incoming_udp_packets(&manager, &connection_info, origin_dst, payload)?; } } else { log::warn!("Unsupported protocol: {} ({})", connection_info, origin_dst); From 40f8870033401a480d9afba5378013efc7a70441 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Tue, 22 Aug 2023 12:14:14 +0800 Subject: [PATCH 085/401] preprocess_origin_connection_info --- src/tun2proxy.rs | 44 +++++++++++++++++++++++++------------------- 1 file changed, 25 insertions(+), 19 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 8888b2c..848267e 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -456,6 +456,30 @@ impl<'a> TunToProxy<'a> { Ok(()) } + fn preprocess_origin_connection_info(&mut self, info: ConnectionInfo) -> Result { + let origin_dst = SocketAddr::try_from(&info.dst)?; + let connection_info = match &mut self.options.virtual_dns { + None => { + let mut info = info; + let port = origin_dst.port(); + if port == DNS_PORT && info.protocol == IpProtocol::Udp && dns::addr_is_private(&origin_dst) { + let dns_addr: SocketAddr = "8.8.8.8:53".parse()?; // TODO: Configurable + info.dst = Address::from(dns_addr); + } + info + } + Some(virtual_dns) => { + let dst_ip = origin_dst.ip(); + virtual_dns.touch_ip(&dst_ip); + match virtual_dns.resolve_ip(&dst_ip) { + None => info, + Some(name) => info.to_named(name.clone()), + } + } + }; + Ok(connection_info) + } + fn deal_with_incoming_udp_packets( &mut self, manager: &Rc, @@ -511,25 +535,7 @@ impl<'a> TunToProxy<'a> { } let (info, _first_packet, payload_offset, payload_size) = result?; let origin_dst = SocketAddr::try_from(&info.dst)?; - let connection_info = match &mut self.options.virtual_dns { - None => { - let mut info = info; - let port = origin_dst.port(); - if port == DNS_PORT && info.protocol == IpProtocol::Udp && dns::addr_is_private(&origin_dst) { - let dns_addr: SocketAddr = "8.8.8.8:53".parse()?; // TODO: Configurable - info.dst = Address::from(dns_addr); - } - info - } - Some(virtual_dns) => { - let dst_ip = origin_dst.ip(); - virtual_dns.touch_ip(&dst_ip); - match virtual_dns.resolve_ip(&dst_ip) { - None => info, - Some(name) => info.to_named(name.clone()), - } - } - }; + let connection_info = self.preprocess_origin_connection_info(info)?; let manager = self.get_connection_manager().ok_or("get connection manager")?; let server_addr = manager.get_server_addr(); From fb86172ecc9795aa2fcdaa449836c7ef97f6348d Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Tue, 22 Aug 2023 12:59:31 +0800 Subject: [PATCH 086/401] refine code --- src/tun2proxy.rs | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 848267e..27e8635 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -480,7 +480,7 @@ impl<'a> TunToProxy<'a> { Ok(connection_info) } - fn deal_with_incoming_udp_packets( + fn process_incoming_udp_packets( &mut self, manager: &Rc, info: &ConnectionInfo, @@ -538,13 +538,12 @@ impl<'a> TunToProxy<'a> { let connection_info = self.preprocess_origin_connection_info(info)?; let manager = self.get_connection_manager().ok_or("get connection manager")?; - let server_addr = manager.get_server_addr(); if connection_info.protocol == IpProtocol::Tcp { if _first_packet { let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info, false)?; - #[rustfmt::skip] - let state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, false)?; + let server = manager.get_server_addr(); + let state = self.create_new_tcp_connection_state(server, origin_dst, tcp_proxy_handler, false)?; self.connection_map.insert(connection_info.clone(), state); log::info!("Connect done {} ({})", connection_info, origin_dst); @@ -578,7 +577,7 @@ impl<'a> TunToProxy<'a> { self.send_udp_packet_to_client(origin_dst, connection_info.src, response.as_slice())?; } else { // Another UDP packet - self.deal_with_incoming_udp_packets(&manager, &connection_info, origin_dst, payload)?; + self.process_incoming_udp_packets(&manager, &connection_info, origin_dst, payload)?; } } else { log::warn!("Unsupported protocol: {} ({})", connection_info, origin_dst); From b2505dcfd7268e057e8c2bf313976c4a440f4a4b Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Tue, 22 Aug 2023 17:20:35 +0800 Subject: [PATCH 087/401] udp_acco_expiry --- src/tun2proxy.rs | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 27e8635..d71944d 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -178,7 +178,7 @@ struct TcpConnectState { close_state: u8, wait_read: bool, wait_write: bool, - expiry: Option<::std::time::Instant>, + udp_acco_expiry: Option<::std::time::Instant>, udp_socket: Option, udp_token: Option, udp_origin_dst: Option, @@ -504,8 +504,8 @@ impl<'a> TunToProxy<'a> { let err = "udp associate state not find"; let state = self.connection_map.get_mut(info).ok_or(err)?; - assert!(state.expiry.is_some()); - state.expiry = Some(Self::udp_associate_timeout()); + assert!(state.udp_acco_expiry.is_some()); + state.udp_acco_expiry = Some(Self::udp_associate_timeout()); // Add SOCKS5 UDP header to the incoming data let mut s5_udp_data = Vec::::new(); @@ -633,7 +633,7 @@ impl<'a> TunToProxy<'a> { close_state: 0, wait_read: true, wait_write: false, - expiry, + udp_acco_expiry: expiry, udp_socket, udp_token, udp_origin_dst: None, @@ -648,7 +648,7 @@ impl<'a> TunToProxy<'a> { fn udp_associate_timeout_expired(&self, info: &ConnectionInfo) -> bool { if let Some(state) = self.connection_map.get(info) { - if let Some(expiry) = state.expiry { + if let Some(expiry) = state.udp_acco_expiry { return expiry < ::std::time::Instant::now(); } } @@ -776,7 +776,8 @@ impl<'a> TunToProxy<'a> { fn receive_udp_packet_and_write_to_client(&mut self, info: &ConnectionInfo) -> Result<()> { let err = "udp connection state not found"; let state = self.connection_map.get_mut(info).ok_or(err)?; - state.expiry = Some(Self::udp_associate_timeout()); + assert!(state.udp_acco_expiry.is_some()); + state.udp_acco_expiry = Some(Self::udp_associate_timeout()); let mut to_send: LinkedList> = LinkedList::new(); if let Some(udp_socket) = state.udp_socket.as_ref() { let mut buf = [0; 1 << 16]; From df7ecfd6a92fe12359ddef7a6bca1b0704ec9e0d Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Tue, 22 Aug 2023 17:57:59 +0800 Subject: [PATCH 088/401] minor changes --- src/tun2proxy.rs | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 511ca42..e9776c8 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -496,6 +496,10 @@ impl<'a> TunToProxy<'a> { let server_addr = manager.get_server_addr(); let state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, false)?; self.connection_map.insert(info.clone(), state); + + self.expect_smoltcp_send()?; + self.tunsocket_read_and_forward(info)?; + self.write_to_server(info)?; } else { log::trace!("DNS over TCP subsequent packet {} ({})", info, origin_dst); } @@ -506,12 +510,16 @@ impl<'a> TunToProxy<'a> { buf.extend_from_slice(&len.to_be_bytes()); buf.extend_from_slice(payload); - // FIXME: Build an IP packet with TCP and inject it into the device. - self.device.inject_packet(&buf); + let err = "udp over tcp state not find"; + let state = self.connection_map.get_mut(info).ok_or(err)?; + if state.tcp_proxy_handler.connection_established() { + _ = state.mio_stream.write(&buf)?; + } else { + // FIXME: Build an IP packet with TCP and inject it into the device, + // or cache them and send them when the connection is established? + self.device.inject_packet(&buf); + } - self.expect_smoltcp_send()?; - self.tunsocket_read_and_forward(info)?; - self.write_to_server(info)?; return Ok(()); } From 1f5586b880b36ca003ee80cd3d47eb570b185901 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Tue, 22 Aug 2023 18:21:38 +0800 Subject: [PATCH 089/401] udp_over_tcp_data_cache --- src/tun2proxy.rs | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index e9776c8..de2167d 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -183,6 +183,8 @@ struct TcpConnectState { udp_token: Option, udp_origin_dst: Option, udp_data_cache: LinkedList>, + udp_over_tcp_expiry: Option<::std::time::Instant>, + udp_over_tcp_data_cache: LinkedList>, } pub(crate) trait TcpProxy { @@ -488,7 +490,7 @@ impl<'a> TunToProxy<'a> { payload: &[u8], ) -> Result<()> { if self.options.dns_over_tcp && origin_dst.port() == DNS_PORT { - dns::parse_data_to_dns_message(payload, false)?; + _ = dns::parse_data_to_dns_message(payload, false)?; if !self.connection_map.contains_key(info) { log::info!("DNS over TCP {} ({})", info, origin_dst); @@ -512,12 +514,14 @@ impl<'a> TunToProxy<'a> { let err = "udp over tcp state not find"; let state = self.connection_map.get_mut(info).ok_or(err)?; + state.udp_over_tcp_expiry = Some(Self::common_udp_life_timeout()); if state.tcp_proxy_handler.connection_established() { _ = state.mio_stream.write(&buf)?; } else { // FIXME: Build an IP packet with TCP and inject it into the device, // or cache them and send them when the connection is established? - self.device.inject_packet(&buf); + // self.device.inject_packet(&buf); + state.udp_over_tcp_data_cache.push_back(buf); } return Ok(()); @@ -541,7 +545,7 @@ impl<'a> TunToProxy<'a> { let err = "udp associate state not find"; let state = self.connection_map.get_mut(info).ok_or(err)?; assert!(state.udp_acco_expiry.is_some()); - state.udp_acco_expiry = Some(Self::udp_associate_timeout()); + state.udp_acco_expiry = Some(Self::common_udp_life_timeout()); // Add SOCKS5 UDP header to the incoming data let mut s5_udp_data = Vec::::new(); @@ -647,7 +651,7 @@ impl<'a> TunToProxy<'a> { self.poll.registry().register(&mut client, token, i)?; let expiry = if udp_associate { - Some(Self::udp_associate_timeout()) + Some(Self::common_udp_life_timeout()) } else { None }; @@ -674,11 +678,13 @@ impl<'a> TunToProxy<'a> { udp_token, udp_origin_dst: None, udp_data_cache: LinkedList::new(), + udp_over_tcp_expiry: None, + udp_over_tcp_data_cache: LinkedList::new(), }; Ok(state) } - fn udp_associate_timeout() -> ::std::time::Instant { + fn common_udp_life_timeout() -> ::std::time::Instant { ::std::time::Instant::now() + ::std::time::Duration::from_secs(UDP_ASSO_TIMEOUT) } @@ -813,7 +819,7 @@ impl<'a> TunToProxy<'a> { let err = "udp connection state not found"; let state = self.connection_map.get_mut(info).ok_or(err)?; assert!(state.udp_acco_expiry.is_some()); - state.udp_acco_expiry = Some(Self::udp_associate_timeout()); + state.udp_acco_expiry = Some(Self::common_udp_life_timeout()); let mut to_send: LinkedList> = LinkedList::new(); if let Some(udp_socket) = state.udp_socket.as_ref() { let mut buf = [0; 1 << 16]; From 49dca1b535cbfa616709ac2d467389835b88b4de Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Tue, 22 Aug 2023 18:32:10 +0800 Subject: [PATCH 090/401] process_incoming_udp_packets_dns_over_tcp --- src/tun2proxy.rs | 89 +++++++++++++++++++++++++++--------------------- 1 file changed, 50 insertions(+), 39 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index de2167d..f305323 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -482,6 +482,50 @@ impl<'a> TunToProxy<'a> { Ok(connection_info) } + fn process_incoming_udp_packets_dns_over_tcp( + &mut self, + manager: &Rc, + info: &ConnectionInfo, + origin_dst: SocketAddr, + payload: &[u8], + ) -> Result<()> { + _ = dns::parse_data_to_dns_message(payload, false)?; + + if !self.connection_map.contains_key(info) { + log::info!("DNS over TCP {} ({})", info, origin_dst); + let tcp_proxy_handler = manager.new_tcp_proxy(info, false)?; + let server_addr = manager.get_server_addr(); + let state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, false)?; + self.connection_map.insert(info.clone(), state); + + self.expect_smoltcp_send()?; + self.tunsocket_read_and_forward(info)?; + self.write_to_server(info)?; + } else { + log::trace!("DNS over TCP subsequent packet {} ({})", info, origin_dst); + } + + // Insert the DNS message length in front of the payload + let len = u16::try_from(payload.len())?; + let mut buf = Vec::with_capacity(2 + usize::from(len)); + buf.extend_from_slice(&len.to_be_bytes()); + buf.extend_from_slice(payload); + + let err = "udp over tcp state not find"; + let state = self.connection_map.get_mut(info).ok_or(err)?; + state.udp_over_tcp_expiry = Some(Self::common_udp_life_timeout()); + if state.tcp_proxy_handler.connection_established() { + _ = state.mio_stream.write(&buf)?; + } else { + // FIXME: Build an IP packet with TCP and inject it into the device, + // or cache them and send them when the connection is established? + // self.device.inject_packet(&buf); + state.udp_over_tcp_data_cache.push_back(buf); + } + + Ok(()) + } + fn process_incoming_udp_packets( &mut self, manager: &Rc, @@ -489,44 +533,6 @@ impl<'a> TunToProxy<'a> { origin_dst: SocketAddr, payload: &[u8], ) -> Result<()> { - if self.options.dns_over_tcp && origin_dst.port() == DNS_PORT { - _ = dns::parse_data_to_dns_message(payload, false)?; - - if !self.connection_map.contains_key(info) { - log::info!("DNS over TCP {} ({})", info, origin_dst); - let tcp_proxy_handler = manager.new_tcp_proxy(info, false)?; - let server_addr = manager.get_server_addr(); - let state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, false)?; - self.connection_map.insert(info.clone(), state); - - self.expect_smoltcp_send()?; - self.tunsocket_read_and_forward(info)?; - self.write_to_server(info)?; - } else { - log::trace!("DNS over TCP subsequent packet {} ({})", info, origin_dst); - } - - // Insert the DNS message length in front of the payload - let len = u16::try_from(payload.len())?; - let mut buf = Vec::with_capacity(2 + usize::from(len)); - buf.extend_from_slice(&len.to_be_bytes()); - buf.extend_from_slice(payload); - - let err = "udp over tcp state not find"; - let state = self.connection_map.get_mut(info).ok_or(err)?; - state.udp_over_tcp_expiry = Some(Self::common_udp_life_timeout()); - if state.tcp_proxy_handler.connection_established() { - _ = state.mio_stream.write(&buf)?; - } else { - // FIXME: Build an IP packet with TCP and inject it into the device, - // or cache them and send them when the connection is established? - // self.device.inject_packet(&buf); - state.udp_over_tcp_data_cache.push_back(buf); - } - - return Ok(()); - } - if !self.connection_map.contains_key(info) { log::info!("UDP associate session {} ({})", info, origin_dst); let tcp_proxy_handler = manager.new_tcp_proxy(info, true)?; @@ -617,7 +623,12 @@ impl<'a> TunToProxy<'a> { self.send_udp_packet_to_client(origin_dst, connection_info.src, response.as_slice())?; } else { // Another UDP packet - self.process_incoming_udp_packets(&manager, &connection_info, origin_dst, payload)?; + if self.options.dns_over_tcp && origin_dst.port() == DNS_PORT { + let info = &connection_info; + self.process_incoming_udp_packets_dns_over_tcp(&manager, info, origin_dst, payload)?; + } else { + self.process_incoming_udp_packets(&manager, &connection_info, origin_dst, payload)?; + } } } else { log::warn!("Unsupported protocol: {} ({})", connection_info, origin_dst); From 2211ec6d7a3585846e8b17155917aace2da63c3b Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Tue, 22 Aug 2023 18:43:45 +0800 Subject: [PATCH 091/401] renaming --- src/tun2proxy.rs | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index f305323..60fac3f 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -581,23 +581,23 @@ impl<'a> TunToProxy<'a> { } let (info, _first_packet, payload_offset, payload_size) = result?; let origin_dst = SocketAddr::try_from(&info.dst)?; - let connection_info = self.preprocess_origin_connection_info(info)?; + let info = self.preprocess_origin_connection_info(info)?; let manager = self.get_connection_manager().ok_or("get connection manager")?; - if connection_info.protocol == IpProtocol::Tcp { + if info.protocol == IpProtocol::Tcp { if _first_packet { - let tcp_proxy_handler = manager.new_tcp_proxy(&connection_info, false)?; + let tcp_proxy_handler = manager.new_tcp_proxy(&info, false)?; let server = manager.get_server_addr(); let state = self.create_new_tcp_connection_state(server, origin_dst, tcp_proxy_handler, false)?; - self.connection_map.insert(connection_info.clone(), state); + self.connection_map.insert(info.clone(), state); - log::info!("Connect done {} ({})", connection_info, origin_dst); - } else if !self.connection_map.contains_key(&connection_info) { - // log::debug!("Drop middle session {} ({})", connection_info, origin_dst); + log::info!("Connect done {} ({})", info, origin_dst); + } else if !self.connection_map.contains_key(&info) { + // log::debug!("Drop middle session {} ({})", info, origin_dst); return Ok(()); } else { - // log::trace!("Subsequent packet {} ({})", connection_info, origin_dst); + // log::trace!("Subsequent packet {} ({})", info, origin_dst); } // Inject the packet to advance the remote proxy server smoltcp socket state @@ -609,29 +609,28 @@ impl<'a> TunToProxy<'a> { self.expect_smoltcp_send()?; // Read from the smoltcp socket and push the data to the connection handler. - self.tunsocket_read_and_forward(&connection_info)?; + self.tunsocket_read_and_forward(&info)?; // The connection handler builds up the connection or encapsulates the data. // Therefore, we now expect it to write data to the server. - self.write_to_server(&connection_info)?; - } else if connection_info.protocol == IpProtocol::Udp { - let port = connection_info.dst.port(); + self.write_to_server(&info)?; + } else if info.protocol == IpProtocol::Udp { + let port = info.dst.port(); let payload = &frame[payload_offset..payload_offset + payload_size]; if let (Some(virtual_dns), true) = (&mut self.options.virtual_dns, port == DNS_PORT) { - log::info!("DNS query via virtual DNS {} ({})", connection_info, origin_dst); + log::info!("DNS query via virtual DNS {} ({})", info, origin_dst); let response = virtual_dns.receive_query(payload)?; - self.send_udp_packet_to_client(origin_dst, connection_info.src, response.as_slice())?; + self.send_udp_packet_to_client(origin_dst, info.src, response.as_slice())?; } else { // Another UDP packet if self.options.dns_over_tcp && origin_dst.port() == DNS_PORT { - let info = &connection_info; - self.process_incoming_udp_packets_dns_over_tcp(&manager, info, origin_dst, payload)?; + self.process_incoming_udp_packets_dns_over_tcp(&manager, &info, origin_dst, payload)?; } else { - self.process_incoming_udp_packets(&manager, &connection_info, origin_dst, payload)?; + self.process_incoming_udp_packets(&manager, &info, origin_dst, payload)?; } } } else { - log::warn!("Unsupported protocol: {} ({})", connection_info, origin_dst); + log::warn!("Unsupported protocol: {} ({})", info, origin_dst); } Ok::<(), Error>(()) }; From 9880741dc1168eaa6ad1f79f7e9e1528ae36e6b7 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Tue, 22 Aug 2023 18:55:44 +0800 Subject: [PATCH 092/401] consume_cached_dns_over_tcp_packets --- src/tun2proxy.rs | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 60fac3f..2a4aa47 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -526,6 +526,15 @@ impl<'a> TunToProxy<'a> { Ok(()) } + fn consume_cached_dns_over_tcp_packets(&mut self, info: &ConnectionInfo) -> Result<()> { + if let Some(state) = self.connection_map.get_mut(info) { + while let Some(buf) = state.udp_over_tcp_data_cache.pop_front() { + _ = state.mio_stream.write(&buf)?; + } + } + Ok(()) + } + fn process_incoming_udp_packets( &mut self, manager: &Rc, @@ -859,7 +868,7 @@ impl<'a> TunToProxy<'a> { Ok(()) } - fn comsume_cached_udp_packets(&mut self, info: &ConnectionInfo) -> Result<()> { + fn consume_cached_udp_packets(&mut self, info: &ConnectionInfo) -> Result<()> { // Try to send the first UDP packets to remote SOCKS5 server for UDP associate session if let Some(state) = self.connection_map.get_mut(info) { if let Some(udp_socket) = state.udp_socket.as_ref() { @@ -958,7 +967,8 @@ impl<'a> TunToProxy<'a> { // server. self.write_to_server(&conn_info)?; - self.comsume_cached_udp_packets(&conn_info)?; + self.consume_cached_dns_over_tcp_packets(&conn_info)?; + self.consume_cached_udp_packets(&conn_info)?; } if event.is_writable() { From d7d69ce927f59cdd13f9379fed6a8ab85e1ae625 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Tue, 22 Aug 2023 23:43:27 +0800 Subject: [PATCH 093/401] receive_dns_over_tcp_packet_and_write_to_client --- src/main.rs | 2 +- src/tun2proxy.rs | 84 ++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 83 insertions(+), 3 deletions(-) diff --git a/src/main.rs b/src/main.rs index 6047dd9..dc749c4 100644 --- a/src/main.rs +++ b/src/main.rs @@ -41,7 +41,7 @@ struct Args { #[arg(short, long, value_name = "level", value_enum, default_value = "info")] verbosity: ArgVerbosity, - /// DNS over TCP + /// Enable DNS over TCP #[arg(long)] dns_over_tcp: bool, } diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 2a4aa47..d33cb8c 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -8,7 +8,7 @@ use smoltcp::{ wire::{IpCidr, IpProtocol, Ipv4Packet, Ipv6Packet, TcpPacket, UdpPacket, UDP_HEADER_LEN}, }; use socks5_impl::protocol::{Address, StreamOperation, UdpHeader, UserKey}; -use std::collections::LinkedList; +use std::{collections::LinkedList, convert::TryInto}; use std::{ collections::{HashMap, HashSet}, convert::{From, TryFrom}, @@ -535,6 +535,77 @@ impl<'a> TunToProxy<'a> { Ok(()) } + fn receive_dns_over_tcp_packet_and_write_to_client(&mut self, info: &ConnectionInfo) -> Result<()> { + let err = "udp connection state not found"; + let state = self.connection_map.get_mut(info).ok_or(err)?; + assert!(state.udp_over_tcp_expiry.is_some()); + state.udp_over_tcp_expiry = Some(Self::common_udp_life_timeout()); + + let mut buf = Vec::::new(); + let read = match state.mio_stream.read_to_end(&mut buf) { + Ok(read_result) => read_result, + Err(error) => { + if error.kind() != std::io::ErrorKind::WouldBlock { + log::error!("{} Read from proxy: {}", info.dst, error); + } + buf.len() + } + }; + if read == 0 { + return Ok(()); + } + let mut buf = buf[..read].to_vec(); + let mut to_send: LinkedList> = LinkedList::new(); + loop { + if buf.len() < 2 { + break; + } + let len = u16::from_be_bytes([buf[0], buf[1]]) as usize; + if buf.len() < len + 2 { + break; + } + let data = buf[2..len + 2].to_vec(); + + let message = dns::parse_data_to_dns_message(&data, false)?; + let name = dns::extract_domain_from_dns_message(&message)?; + let ip = dns::extract_ipaddr_from_dns_message(&message)?; + log::trace!("DNS over TCP ======== {} -> {}", name, ip); + + to_send.push_back(data); + if len + 2 == buf.len() { + break; + } + buf = buf[len + 2..].to_vec(); + } + + // Write to client + let src = info.dst.clone().try_into()?; + while let Some(packet) = to_send.pop_front() { + self.send_udp_packet_to_client(src, info.src, &packet)?; + } + Ok(()) + } + + fn udp_over_tcp_timeout_expired(&self, info: &ConnectionInfo) -> bool { + if let Some(state) = self.connection_map.get(info) { + if let Some(expiry) = state.udp_over_tcp_expiry { + return expiry < ::std::time::Instant::now(); + } + } + false + } + + fn clearup_expired_udp_over_tcp(&mut self) -> Result<()> { + let keys = self.connection_map.keys().cloned().collect::>(); + for key in keys { + if self.udp_over_tcp_timeout_expired(&key) { + log::trace!("UDP over TCP timeout: {}", key); + self.remove_connection(&key)?; + } + } + Ok(()) + } + fn process_incoming_udp_packets( &mut self, manager: &Rc, @@ -904,7 +975,15 @@ impl<'a> TunToProxy<'a> { let mut block = || -> Result<(), Error> { if event.is_readable() || event.is_read_closed() { - { + let established = self + .connection_map + .get(&conn_info) + .ok_or("")? + .tcp_proxy_handler + .connection_established(); + if self.options.dns_over_tcp && conn_info.dst.port() == DNS_PORT && established { + self.receive_dns_over_tcp_packet_and_write_to_client(&conn_info)?; + } else { let e = "connection state not found"; let state = self.connection_map.get_mut(&conn_info).ok_or(e)?; @@ -1005,6 +1084,7 @@ impl<'a> TunToProxy<'a> { } self.send_to_smoltcp()?; self.clearup_expired_udp_associate()?; + self.clearup_expired_udp_over_tcp()?; } } From 3b5f803da89c30bc6f7e6204092c7cfafdaf5f35 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Tue, 22 Aug 2023 18:36:51 +0200 Subject: [PATCH 094/401] Get first version of DNS over TCP to work --- src/tun2proxy.rs | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index d33cb8c..bb6c532 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -514,15 +514,12 @@ impl<'a> TunToProxy<'a> { let err = "udp over tcp state not find"; let state = self.connection_map.get_mut(info).ok_or(err)?; state.udp_over_tcp_expiry = Some(Self::common_udp_life_timeout()); - if state.tcp_proxy_handler.connection_established() { - _ = state.mio_stream.write(&buf)?; - } else { - // FIXME: Build an IP packet with TCP and inject it into the device, - // or cache them and send them when the connection is established? - // self.device.inject_packet(&buf); - state.udp_over_tcp_data_cache.push_back(buf); - } + let data_event = IncomingDataEvent { + direction: IncomingDirection::FromClient, + buffer: &buf, + }; + state.tcp_proxy_handler.push_data(data_event)?; Ok(()) } From edb775941e66fbd010fc3511c42d93ac90707b62 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Tue, 22 Aug 2023 22:18:15 +0200 Subject: [PATCH 095/401] Support multiple DNS queries with DNS over TCP --- src/tun2proxy.rs | 58 +++++++++++++++++++++++++++++++----------------- 1 file changed, 38 insertions(+), 20 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index bb6c532..bb5592e 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -8,7 +8,7 @@ use smoltcp::{ wire::{IpCidr, IpProtocol, Ipv4Packet, Ipv6Packet, TcpPacket, UdpPacket, UDP_HEADER_LEN}, }; use socks5_impl::protocol::{Address, StreamOperation, UdpHeader, UserKey}; -use std::{collections::LinkedList, convert::TryInto}; +use std::collections::LinkedList; use std::{ collections::{HashMap, HashSet}, convert::{From, TryFrom}, @@ -185,6 +185,7 @@ struct TcpConnectState { udp_data_cache: LinkedList>, udp_over_tcp_expiry: Option<::std::time::Instant>, udp_over_tcp_data_cache: LinkedList>, + is_tcp_dns: bool, } pub(crate) trait TcpProxy { @@ -461,15 +462,7 @@ impl<'a> TunToProxy<'a> { fn preprocess_origin_connection_info(&mut self, info: ConnectionInfo) -> Result { let origin_dst = SocketAddr::try_from(&info.dst)?; let connection_info = match &mut self.options.virtual_dns { - None => { - let mut info = info; - let port = origin_dst.port(); - if port == DNS_PORT && info.protocol == IpProtocol::Udp && dns::addr_is_private(&origin_dst) { - let dns_addr: SocketAddr = "8.8.8.8:53".parse()?; // TODO: Configurable - info.dst = Address::from(dns_addr); - } - info - } + None => info, Some(virtual_dns) => { let dst_ip = origin_dst.ip(); virtual_dns.touch_ip(&dst_ip); @@ -485,17 +478,25 @@ impl<'a> TunToProxy<'a> { fn process_incoming_udp_packets_dns_over_tcp( &mut self, manager: &Rc, - info: &ConnectionInfo, + original_info: &ConnectionInfo, origin_dst: SocketAddr, payload: &[u8], ) -> Result<()> { _ = dns::parse_data_to_dns_message(payload, false)?; + let mut new_info = original_info.clone(); + let dns_addr: SocketAddr = "8.8.8.8:53".parse()?; + new_info.dst = Address::from(dns_addr); + + let info = &new_info; if !self.connection_map.contains_key(info) { log::info!("DNS over TCP {} ({})", info, origin_dst); + let tcp_proxy_handler = manager.new_tcp_proxy(info, false)?; let server_addr = manager.get_server_addr(); - let state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, false)?; + let mut state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, false)?; + state.is_tcp_dns = true; + state.udp_origin_dst = Some(SocketAddr::try_from(original_info.dst.clone())?); self.connection_map.insert(info.clone(), state); self.expect_smoltcp_send()?; @@ -538,20 +539,33 @@ impl<'a> TunToProxy<'a> { assert!(state.udp_over_tcp_expiry.is_some()); state.udp_over_tcp_expiry = Some(Self::common_udp_life_timeout()); - let mut buf = Vec::::new(); - let read = match state.mio_stream.read_to_end(&mut buf) { + // Code similar to the code in parent function. TODO: Cleanup. + let mut vecbuf = Vec::::new(); + let read_result = state.mio_stream.read_to_end(&mut vecbuf); + let read = match read_result { Ok(read_result) => read_result, Err(error) => { if error.kind() != std::io::ErrorKind::WouldBlock { log::error!("{} Read from proxy: {}", info.dst, error); } - buf.len() + vecbuf.len() } }; - if read == 0 { + + let data = vecbuf.as_slice(); + let data_event = IncomingDataEvent { + direction: IncomingDirection::FromServer, + buffer: &data[0..read], + }; + if let Err(error) = state.tcp_proxy_handler.push_data(data_event) { + log::error!("{}", error); + self.remove_connection(&info.clone())?; return Ok(()); } - let mut buf = buf[..read].to_vec(); + + let dns_event = state.tcp_proxy_handler.peek_data(OutgoingDirection::ToClient); + + let mut buf = dns_event.buffer.to_vec(); let mut to_send: LinkedList> = LinkedList::new(); loop { if buf.len() < 2 { @@ -566,8 +580,10 @@ impl<'a> TunToProxy<'a> { let message = dns::parse_data_to_dns_message(&data, false)?; let name = dns::extract_domain_from_dns_message(&message)?; let ip = dns::extract_ipaddr_from_dns_message(&message)?; - log::trace!("DNS over TCP ======== {} -> {}", name, ip); - + log::info!("DNS over TCP ======== {} -> {}", name, ip); + state + .tcp_proxy_handler + .consume_data(OutgoingDirection::ToClient, len + 2); to_send.push_back(data); if len + 2 == buf.len() { break; @@ -576,7 +592,7 @@ impl<'a> TunToProxy<'a> { } // Write to client - let src = info.dst.clone().try_into()?; + let src = state.udp_origin_dst.ok_or("Expected UDP addr")?; while let Some(packet) = to_send.pop_front() { self.send_udp_packet_to_client(src, info.src, &packet)?; } @@ -767,6 +783,7 @@ impl<'a> TunToProxy<'a> { udp_data_cache: LinkedList::new(), udp_over_tcp_expiry: None, udp_over_tcp_data_cache: LinkedList::new(), + is_tcp_dns: false, }; Ok(state) } @@ -980,6 +997,7 @@ impl<'a> TunToProxy<'a> { .connection_established(); if self.options.dns_over_tcp && conn_info.dst.port() == DNS_PORT && established { self.receive_dns_over_tcp_packet_and_write_to_client(&conn_info)?; + return Ok(()); } else { let e = "connection state not found"; let state = self.connection_map.get_mut(&conn_info).ok_or(e)?; From cdbed3ed9ba382838b0f4f3794a4013c92f9bcb9 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Tue, 22 Aug 2023 22:39:00 +0200 Subject: [PATCH 096/401] Do not allow errors in printing function to screw up DNS lookups --- src/dns.rs | 1 + src/tun2proxy.rs | 39 +++++++++++++++++++++++---------------- 2 files changed, 24 insertions(+), 16 deletions(-) diff --git a/src/dns.rs b/src/dns.rs index 33be70c..dbc7bfd 100644 --- a/src/dns.rs +++ b/src/dns.rs @@ -78,6 +78,7 @@ pub fn extract_ipaddr_from_dns_message(message: &Message) -> Result Result<(ConnectionInfo, bool, usize, usize) const SERVER_WRITE_CLOSED: u8 = 1; const CLIENT_WRITE_CLOSED: u8 = 2; -const UDP_ASSO_TIMEOUT: u64 = 10; // seconds +const UDP_ASSO_TIMEOUT: u64 = 10; +// seconds const DNS_PORT: u16 = 53; struct TcpConnectState { @@ -239,8 +242,8 @@ impl<'a> TunToProxy<'a> { .register(&mut exit_receiver, EXIT_TOKEN, Interest::READABLE)?; #[rustfmt::skip] - let config = match tun.capabilities().medium { - Medium::Ethernet => Config::new(smoltcp::wire::EthernetAddress([0x02, 0x00, 0x00, 0x00, 0x00, 0x01]).into()), + let config = match tun.capabilities().medium { + Medium::Ethernet => Config::new(smoltcp::wire::EthernetAddress([0x02, 0x00, 0x00, 0x00, 0x00, 0x01]).into()), Medium::Ip => Config::new(smoltcp::wire::HardwareAddress::Ip), Medium::Ieee802154 => todo!(), }; @@ -578,9 +581,13 @@ impl<'a> TunToProxy<'a> { let data = buf[2..len + 2].to_vec(); let message = dns::parse_data_to_dns_message(&data, false)?; - let name = dns::extract_domain_from_dns_message(&message)?; - let ip = dns::extract_ipaddr_from_dns_message(&message)?; - log::info!("DNS over TCP ======== {} -> {}", name, ip); + + if let (Ok(name), Ok(ip)) = ( + dns::extract_domain_from_dns_message(&message), + dns::extract_ipaddr_from_dns_message(&message), + ) { + log::info!("DNS over TCP ======== {} -> {}", name, ip); + } state .tcp_proxy_handler .consume_data(OutgoingDirection::ToClient, len + 2); From 72a00af0ed350c267241d4d20aa5e7d5b1c7bd0f Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Wed, 23 Aug 2023 09:28:11 +0800 Subject: [PATCH 097/401] re-format code --- src/dns.rs | 1 - src/tun2proxy.rs | 75 ++++++++++++++++++++---------------------------- 2 files changed, 31 insertions(+), 45 deletions(-) diff --git a/src/dns.rs b/src/dns.rs index dbc7bfd..33be70c 100644 --- a/src/dns.rs +++ b/src/dns.rs @@ -78,7 +78,6 @@ pub fn extract_ipaddr_from_dns_message(message: &Message) -> Result Result<(ConnectionInfo, bool, usize, usize) const SERVER_WRITE_CLOSED: u8 = 1; const CLIENT_WRITE_CLOSED: u8 = 2; -const UDP_ASSO_TIMEOUT: u64 = 10; -// seconds +const UDP_ASSO_TIMEOUT: u64 = 10; // seconds const DNS_PORT: u16 = 53; -struct TcpConnectState { +struct ConnectionState { smoltcp_handle: Option, mio_stream: TcpStream, token: Token, @@ -187,7 +184,6 @@ struct TcpConnectState { udp_origin_dst: Option, udp_data_cache: LinkedList>, udp_over_tcp_expiry: Option<::std::time::Instant>, - udp_over_tcp_data_cache: LinkedList>, is_tcp_dns: bool, } @@ -216,7 +212,7 @@ pub struct TunToProxy<'a> { tun: TunTapInterface, poll: Poll, iface: Interface, - connection_map: HashMap, + connection_map: HashMap, connection_manager: Option>, next_token: usize, sockets: SocketSet<'a>, @@ -242,7 +238,7 @@ impl<'a> TunToProxy<'a> { .register(&mut exit_receiver, EXIT_TOKEN, Interest::READABLE)?; #[rustfmt::skip] - let config = match tun.capabilities().medium { + let config = match tun.capabilities().medium { Medium::Ethernet => Config::new(smoltcp::wire::EthernetAddress([0x02, 0x00, 0x00, 0x00, 0x00, 0x01]).into()), Medium::Ip => Config::new(smoltcp::wire::HardwareAddress::Ip), Medium::Ieee802154 => todo!(), @@ -440,7 +436,7 @@ impl<'a> TunToProxy<'a> { Ok(()) } - fn update_mio_socket_interest(poll: &mut Poll, state: &mut TcpConnectState) -> Result<()> { + fn update_mio_socket_interest(poll: &mut Poll, state: &mut ConnectionState) -> Result<()> { // Maybe we did not listen for any events before. Therefore, just swallow the error. if let Err(err) = poll.registry().deregister(&mut state.mio_stream) { log::trace!("{}", err); @@ -478,7 +474,7 @@ impl<'a> TunToProxy<'a> { Ok(connection_info) } - fn process_incoming_udp_packets_dns_over_tcp( + fn process_incoming_dns_over_tcp_packets( &mut self, manager: &Rc, original_info: &ConnectionInfo, @@ -502,6 +498,7 @@ impl<'a> TunToProxy<'a> { state.udp_origin_dst = Some(SocketAddr::try_from(original_info.dst.clone())?); self.connection_map.insert(info.clone(), state); + // TODO: Move this 3 lines to the function end? self.expect_smoltcp_send()?; self.tunsocket_read_and_forward(info)?; self.write_to_server(info)?; @@ -527,15 +524,6 @@ impl<'a> TunToProxy<'a> { Ok(()) } - fn consume_cached_dns_over_tcp_packets(&mut self, info: &ConnectionInfo) -> Result<()> { - if let Some(state) = self.connection_map.get_mut(info) { - while let Some(buf) = state.udp_over_tcp_data_cache.pop_front() { - _ = state.mio_stream.write(&buf)?; - } - } - Ok(()) - } - fn receive_dns_over_tcp_packet_and_write_to_client(&mut self, info: &ConnectionInfo) -> Result<()> { let err = "udp connection state not found"; let state = self.connection_map.get_mut(info).ok_or(err)?; @@ -580,18 +568,19 @@ impl<'a> TunToProxy<'a> { } let data = buf[2..len + 2].to_vec(); - let message = dns::parse_data_to_dns_message(&data, false)?; + let mut message = dns::parse_data_to_dns_message(&data, false)?; + + let name = dns::extract_domain_from_dns_message(&message)?; + let ip = dns::extract_ipaddr_from_dns_message(&message); + log::info!("DNS over TCP query result: {} -> {:?}", name, ip); - if let (Ok(name), Ok(ip)) = ( - dns::extract_domain_from_dns_message(&message), - dns::extract_ipaddr_from_dns_message(&message), - ) { - log::info!("DNS over TCP ======== {} -> {}", name, ip); - } state .tcp_proxy_handler .consume_data(OutgoingDirection::ToClient, len + 2); - to_send.push_back(data); + + dns::remove_ipv6_entries(&mut message); // TODO: Configurable + + to_send.push_back(message.to_vec()?); if len + 2 == buf.len() { break; } @@ -615,7 +604,7 @@ impl<'a> TunToProxy<'a> { false } - fn clearup_expired_udp_over_tcp(&mut self) -> Result<()> { + fn clearup_expired_dns_over_tcp(&mut self) -> Result<()> { let keys = self.connection_map.keys().cloned().collect::>(); for key in keys { if self.udp_over_tcp_timeout_expired(&key) { @@ -724,7 +713,7 @@ impl<'a> TunToProxy<'a> { } else { // Another UDP packet if self.options.dns_over_tcp && origin_dst.port() == DNS_PORT { - self.process_incoming_udp_packets_dns_over_tcp(&manager, &info, origin_dst, payload)?; + self.process_incoming_dns_over_tcp_packets(&manager, &info, origin_dst, payload)?; } else { self.process_incoming_udp_packets(&manager, &info, origin_dst, payload)?; } @@ -746,7 +735,7 @@ impl<'a> TunToProxy<'a> { dst: SocketAddr, tcp_proxy_handler: Box, udp_associate: bool, - ) -> Result { + ) -> Result { let mut socket = tcp::Socket::new( tcp::SocketBuffer::new(vec![0; 1024 * 128]), tcp::SocketBuffer::new(vec![0; 1024 * 128]), @@ -775,7 +764,7 @@ impl<'a> TunToProxy<'a> { } else { (None, None) }; - let state = TcpConnectState { + let state = ConnectionState { smoltcp_handle: Some(handle), mio_stream: client, token, @@ -789,7 +778,6 @@ impl<'a> TunToProxy<'a> { udp_origin_dst: None, udp_data_cache: LinkedList::new(), udp_over_tcp_expiry: None, - udp_over_tcp_data_cache: LinkedList::new(), is_tcp_dns: false, }; Ok(state) @@ -1068,7 +1056,6 @@ impl<'a> TunToProxy<'a> { // server. self.write_to_server(&conn_info)?; - self.consume_cached_dns_over_tcp_packets(&conn_info)?; self.consume_cached_udp_packets(&conn_info)?; } @@ -1106,7 +1093,7 @@ impl<'a> TunToProxy<'a> { } self.send_to_smoltcp()?; self.clearup_expired_udp_associate()?; - self.clearup_expired_udp_over_tcp()?; + self.clearup_expired_dns_over_tcp()?; } } From d7861128f43a4e3f53e9cd8b2137fe5cdb1ee145 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Wed, 23 Aug 2023 10:35:21 +0800 Subject: [PATCH 098/401] IPv6 enabled --- src/lib.rs | 6 ++++++ src/main.rs | 16 ++++++++++++---- src/tun2proxy.rs | 11 ++++++----- 3 files changed, 24 insertions(+), 9 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index d21d99b..1e8f5e7 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -99,6 +99,7 @@ pub struct Options { virtual_dns: Option, mtu: Option, dns_over_tcp: bool, + ipv6_enabled: bool, } impl Options { @@ -118,6 +119,11 @@ impl Options { self } + pub fn with_ipv6(mut self) -> Self { + self.ipv6_enabled = true; + self + } + pub fn with_mtu(mut self, mtu: usize) -> Self { self.mtu = Some(mtu); self diff --git a/src/main.rs b/src/main.rs index dc749c4..70ab8e4 100644 --- a/src/main.rs +++ b/src/main.rs @@ -29,6 +29,14 @@ struct Args { #[arg(short, long, value_name = "method", value_enum, default_value = "virtual")] dns: ArgDns, + /// Enable DNS over TCP + #[arg(long)] + dns_over_tcp: bool, + + /// IPv6 enabled + #[arg(short = '6', long)] + ipv6_enabled: bool, + /// Routing and system setup #[arg(short, long, value_name = "method", value_enum)] setup: Option, @@ -40,10 +48,6 @@ struct Args { /// Verbosity level #[arg(short, long, value_name = "level", value_enum, default_value = "info")] verbosity: ArgVerbosity, - - /// Enable DNS over TCP - #[arg(long)] - dns_over_tcp: bool, } #[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, clap::ValueEnum)] @@ -87,6 +91,10 @@ fn main() -> ExitCode { options = options.with_dns_over_tcp(); } + if args.ipv6_enabled { + options = options.with_ipv6(); + } + let interface = match args.tun_fd { None => NetworkInterface::Named(args.tun.clone()), Some(fd) => { diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 2c0c22a..8c5d014 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -184,7 +184,6 @@ struct ConnectionState { udp_origin_dst: Option, udp_data_cache: LinkedList>, udp_over_tcp_expiry: Option<::std::time::Instant>, - is_tcp_dns: bool, } pub(crate) trait TcpProxy { @@ -494,7 +493,6 @@ impl<'a> TunToProxy<'a> { let tcp_proxy_handler = manager.new_tcp_proxy(info, false)?; let server_addr = manager.get_server_addr(); let mut state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, false)?; - state.is_tcp_dns = true; state.udp_origin_dst = Some(SocketAddr::try_from(original_info.dst.clone())?); self.connection_map.insert(info.clone(), state); @@ -578,7 +576,9 @@ impl<'a> TunToProxy<'a> { .tcp_proxy_handler .consume_data(OutgoingDirection::ToClient, len + 2); - dns::remove_ipv6_entries(&mut message); // TODO: Configurable + if !self.options.ipv6_enabled { + dns::remove_ipv6_entries(&mut message); + } to_send.push_back(message.to_vec()?); if len + 2 == buf.len() { @@ -778,7 +778,6 @@ impl<'a> TunToProxy<'a> { udp_origin_dst: None, udp_data_cache: LinkedList::new(), udp_over_tcp_expiry: None, - is_tcp_dns: false, }; Ok(state) } @@ -929,7 +928,9 @@ impl<'a> TunToProxy<'a> { let buf = if info.dst.port() == DNS_PORT { let mut message = dns::parse_data_to_dns_message(&buf[header.len()..], false)?; - dns::remove_ipv6_entries(&mut message); // TODO: Configurable + if !self.options.ipv6_enabled { + dns::remove_ipv6_entries(&mut message); + } message.to_vec()? } else { buf[header.len()..].to_vec() From 11d4e4a0dce82b1180f0d6803e149cd972f3e244 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Wed, 23 Aug 2023 10:45:37 +0800 Subject: [PATCH 099/401] minor changes --- src/lib.rs | 2 +- src/main.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 1e8f5e7..0b77eb0 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -119,7 +119,7 @@ impl Options { self } - pub fn with_ipv6(mut self) -> Self { + pub fn with_ipv6_enabled(mut self) -> Self { self.ipv6_enabled = true; self } diff --git a/src/main.rs b/src/main.rs index 70ab8e4..84ec63b 100644 --- a/src/main.rs +++ b/src/main.rs @@ -92,7 +92,7 @@ fn main() -> ExitCode { } if args.ipv6_enabled { - options = options.with_ipv6(); + options = options.with_ipv6_enabled(); } let interface = match args.tun_fd { From 4014c9891caea8acbcdcdaa0bdf7aaefc4527a9a Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Wed, 23 Aug 2023 10:58:27 +0800 Subject: [PATCH 100/401] Bump version 0.1.5 --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index cff8d93..81a9b74 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -2,7 +2,7 @@ authors = ["B. Blechschmidt"] edition = "2018" name = "tun2proxy" -version = "0.1.4" +version = "0.1.5" [lib] crate-type = ["cdylib", "lib"] From d04344238ae573cbcb04a39913b69a85683b6d9b Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Wed, 23 Aug 2023 14:06:02 +0800 Subject: [PATCH 101/401] update dependencies --- Cargo.toml | 10 +++++----- src/dns.rs | 8 ++++---- src/tun2proxy.rs | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 81a9b74..43b2b85 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,22 +11,22 @@ crate-type = ["cdylib", "lib"] base64 = { version = "0.21" } clap = { version = "4.3", features = ["derive"] } ctrlc = "3.4" -digest_auth = "0.3.1" +digest_auth = "0.3" dotenvy = "0.15" env_logger = "0.10" fork = "0.1" hashlink = "0.8" -httparse = "1.8.0" +httparse = "1.8" libc = "0.2" log = "0.4" mio = { version = "0.8", features = ["os-poll", "net", "os-ext"] } nix = { version = "0.26", features = ["process", "signal"] } prctl = "1.0" -smoltcp = { version = "0.10.0", features = ["std", "phy-tuntap_interface"] } +smoltcp = { version = "0.10", features = ["std", "phy-tuntap_interface"] } socks5-impl = { version = "0.5", default-features = false } thiserror = "1.0" -trust-dns-proto = "0.22" -unicase = "2.6.0" +trust-dns-proto = "0.23" +unicase = "2.7" url = "2.4" [target.'cfg(target_os="android")'.dependencies] diff --git a/src/dns.rs b/src/dns.rs index 33be70c..be95646 100644 --- a/src/dns.rs +++ b/src/dns.rs @@ -37,12 +37,12 @@ pub fn build_dns_response(mut request: Message, domain: &str, ip: IpAddr, ttl: u let record = match ip { IpAddr::V4(ip) => { let mut record = Record::with(Name::from_str(domain)?, RecordType::A, ttl); - record.set_data(Some(RData::A(ip))); + record.set_data(Some(RData::A(ip.into()))); record } IpAddr::V6(ip) => { let mut record = Record::with(Name::from_str(domain)?, RecordType::AAAA, ttl); - record.set_data(Some(RData::AAAA(ip))); + record.set_data(Some(RData::AAAA(ip.into()))); record } }; @@ -64,10 +64,10 @@ pub fn extract_ipaddr_from_dns_message(message: &Message) -> Result { - return Ok(IpAddr::V4(*addr)); + return Ok(IpAddr::V4((*addr).into())); } RData::AAAA(addr) => { - return Ok(IpAddr::V6(*addr)); + return Ok(IpAddr::V6((*addr).into())); } RData::CNAME(name) => { cname = Some(name.to_utf8()); diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 8c5d014..a88bb0b 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -570,7 +570,7 @@ impl<'a> TunToProxy<'a> { let name = dns::extract_domain_from_dns_message(&message)?; let ip = dns::extract_ipaddr_from_dns_message(&message); - log::info!("DNS over TCP query result: {} -> {:?}", name, ip); + log::trace!("DNS over TCP query result: {} -> {:?}", name, ip); state .tcp_proxy_handler From 02b85739cb9c152c71059a2a3378e0f0a012fe3f Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Wed, 23 Aug 2023 22:28:15 +0800 Subject: [PATCH 102/401] restore preprocess_origin_connection_info or --dns none can not work --- src/tun2proxy.rs | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index a88bb0b..260e76e 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -460,7 +460,15 @@ impl<'a> TunToProxy<'a> { fn preprocess_origin_connection_info(&mut self, info: ConnectionInfo) -> Result { let origin_dst = SocketAddr::try_from(&info.dst)?; let connection_info = match &mut self.options.virtual_dns { - None => info, + None => { + let mut info = info; + let port = origin_dst.port(); + if port == DNS_PORT && info.protocol == IpProtocol::Udp && dns::addr_is_private(&origin_dst) { + let dns_addr: SocketAddr = "8.8.8.8:53".parse()?; // TODO: Configurable + info.dst = Address::from(dns_addr); + } + info + } Some(virtual_dns) => { let dst_ip = origin_dst.ip(); virtual_dns.touch_ip(&dst_ip); @@ -476,16 +484,11 @@ impl<'a> TunToProxy<'a> { fn process_incoming_dns_over_tcp_packets( &mut self, manager: &Rc, - original_info: &ConnectionInfo, + info: &ConnectionInfo, origin_dst: SocketAddr, payload: &[u8], ) -> Result<()> { _ = dns::parse_data_to_dns_message(payload, false)?; - let mut new_info = original_info.clone(); - let dns_addr: SocketAddr = "8.8.8.8:53".parse()?; - new_info.dst = Address::from(dns_addr); - - let info = &new_info; if !self.connection_map.contains_key(info) { log::info!("DNS over TCP {} ({})", info, origin_dst); @@ -493,7 +496,7 @@ impl<'a> TunToProxy<'a> { let tcp_proxy_handler = manager.new_tcp_proxy(info, false)?; let server_addr = manager.get_server_addr(); let mut state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, false)?; - state.udp_origin_dst = Some(SocketAddr::try_from(original_info.dst.clone())?); + state.udp_origin_dst = Some(origin_dst); self.connection_map.insert(info.clone(), state); // TODO: Move this 3 lines to the function end? From dc7fc3990c275cc9c2f994f6e7723c34c8272c93 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Wed, 23 Aug 2023 22:57:27 +0800 Subject: [PATCH 103/401] cached origin dst address --- src/tun2proxy.rs | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 260e76e..01466cc 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -181,7 +181,7 @@ struct ConnectionState { udp_acco_expiry: Option<::std::time::Instant>, udp_socket: Option, udp_token: Option, - udp_origin_dst: Option, + origin_dst: SocketAddr, udp_data_cache: LinkedList>, udp_over_tcp_expiry: Option<::std::time::Instant>, } @@ -496,7 +496,6 @@ impl<'a> TunToProxy<'a> { let tcp_proxy_handler = manager.new_tcp_proxy(info, false)?; let server_addr = manager.get_server_addr(); let mut state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, false)?; - state.udp_origin_dst = Some(origin_dst); self.connection_map.insert(info.clone(), state); // TODO: Move this 3 lines to the function end? @@ -591,7 +590,7 @@ impl<'a> TunToProxy<'a> { } // Write to client - let src = state.udp_origin_dst.ok_or("Expected UDP addr")?; + let src = state.origin_dst; while let Some(packet) = to_send.pop_front() { self.send_udp_packet_to_client(src, info.src, &packet)?; } @@ -630,7 +629,6 @@ impl<'a> TunToProxy<'a> { let tcp_proxy_handler = manager.new_tcp_proxy(info, true)?; let server_addr = manager.get_server_addr(); let mut state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, true)?; - state.udp_origin_dst = Some(origin_dst); self.connection_map.insert(info.clone(), state); self.expect_smoltcp_send()?; @@ -778,7 +776,7 @@ impl<'a> TunToProxy<'a> { udp_acco_expiry: expiry, udp_socket, udp_token, - udp_origin_dst: None, + origin_dst: dst, udp_data_cache: LinkedList::new(), udp_over_tcp_expiry: None, }; @@ -945,7 +943,7 @@ impl<'a> TunToProxy<'a> { } // Write to client - let src = state.udp_origin_dst.ok_or("udp address")?; + let src = state.origin_dst; while let Some(packet) = to_send.pop_front() { self.send_udp_packet_to_client(src, info.src, &packet)?; } From eac0ee90eb8c8b3ac607d4d2816bd60b8fbb0dd9 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Wed, 23 Aug 2023 22:59:52 +0800 Subject: [PATCH 104/401] clippy fix --- src/tun2proxy.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 01466cc..0a13086 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -495,7 +495,7 @@ impl<'a> TunToProxy<'a> { let tcp_proxy_handler = manager.new_tcp_proxy(info, false)?; let server_addr = manager.get_server_addr(); - let mut state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, false)?; + let state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, false)?; self.connection_map.insert(info.clone(), state); // TODO: Move this 3 lines to the function end? @@ -628,7 +628,7 @@ impl<'a> TunToProxy<'a> { log::info!("UDP associate session {} ({})", info, origin_dst); let tcp_proxy_handler = manager.new_tcp_proxy(info, true)?; let server_addr = manager.get_server_addr(); - let mut state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, true)?; + let state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, true)?; self.connection_map.insert(info.clone(), state); self.expect_smoltcp_send()?; From c41f3c46a00fe78e1ec516c289d779312d2b9d55 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Wed, 23 Aug 2023 23:13:16 +0800 Subject: [PATCH 105/401] minor changes --- src/tun2proxy.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 0a13086..864de70 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -707,8 +707,9 @@ impl<'a> TunToProxy<'a> { } else if info.protocol == IpProtocol::Udp { let port = info.dst.port(); let payload = &frame[payload_offset..payload_offset + payload_size]; - if let (Some(virtual_dns), true) = (&mut self.options.virtual_dns, port == DNS_PORT) { + if self.options.virtual_dns.is_some() && port == DNS_PORT { log::info!("DNS query via virtual DNS {} ({})", info, origin_dst); + let virtual_dns = self.options.virtual_dns.as_mut().ok_or("")?; let response = virtual_dns.receive_query(payload)?; self.send_udp_packet_to_client(origin_dst, info.src, response.as_slice())?; } else { From 4b42413ab09866efda54c3c68416e13ed1efabde Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Wed, 23 Aug 2023 23:33:20 +0800 Subject: [PATCH 106/401] refine code --- src/tun2proxy.rs | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 864de70..ecdc62b 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -712,13 +712,10 @@ impl<'a> TunToProxy<'a> { let virtual_dns = self.options.virtual_dns.as_mut().ok_or("")?; let response = virtual_dns.receive_query(payload)?; self.send_udp_packet_to_client(origin_dst, info.src, response.as_slice())?; + } else if self.options.dns_over_tcp && port == DNS_PORT { + self.process_incoming_dns_over_tcp_packets(&manager, &info, origin_dst, payload)?; } else { - // Another UDP packet - if self.options.dns_over_tcp && origin_dst.port() == DNS_PORT { - self.process_incoming_dns_over_tcp_packets(&manager, &info, origin_dst, payload)?; - } else { - self.process_incoming_udp_packets(&manager, &info, origin_dst, payload)?; - } + self.process_incoming_udp_packets(&manager, &info, origin_dst, payload)?; } } else { log::warn!("Unsupported protocol: {} ({})", info, origin_dst); From bbb8d3b24443fce148b15705de95a994716ff215 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Thu, 31 Aug 2023 14:31:02 +0800 Subject: [PATCH 107/401] port to windows or macos (#61) --- .github/workflows/format-build.yml | 5 ++- Cargo.toml | 4 +- src/error.rs | 1 + src/lib.rs | 1 + src/main.rs | 8 +++- src/tun2proxy.rs | 59 ++++++++++++++++++++++++++---- src/virtdns.rs | 2 + tests/proxy.rs | 1 + 8 files changed, 69 insertions(+), 12 deletions(-) diff --git a/.github/workflows/format-build.yml b/.github/workflows/format-build.yml index 3079be2..9b76859 100644 --- a/.github/workflows/format-build.yml +++ b/.github/workflows/format-build.yml @@ -35,7 +35,10 @@ jobs: clippy: name: Clippy - runs-on: ubuntu-latest + strategy: + matrix: + os: [ubuntu-latest, macos-latest, windows-latest] + runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v2 - uses: actions-rs/toolchain@v1 diff --git a/Cargo.toml b/Cargo.toml index 43b2b85..4ca6380 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -14,7 +14,6 @@ ctrlc = "3.4" digest_auth = "0.3" dotenvy = "0.15" env_logger = "0.10" -fork = "0.1" hashlink = "0.8" httparse = "1.8" libc = "0.2" @@ -29,6 +28,9 @@ trust-dns-proto = "0.23" unicase = "2.7" url = "2.4" +[target.'cfg(target_family="unix")'.dependencies] +fork = "0.1" + [target.'cfg(target_os="android")'.dependencies] android_logger = "0.13" jni = { version = "0.21", default-features = false } diff --git a/src/error.rs b/src/error.rs index d45f0ee..18c625d 100644 --- a/src/error.rs +++ b/src/error.rs @@ -52,6 +52,7 @@ pub enum Error { #[error("{0}")] String(String), + #[cfg(target_family = "unix")] #[error("nix::errno::Errno {0:?}")] OSError(#[from] nix::errno::Errno), diff --git a/src/lib.rs b/src/lib.rs index 0b77eb0..eac2bbf 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -29,6 +29,7 @@ pub struct Proxy { pub enum NetworkInterface { Named(String), + #[cfg(target_family = "unix")] Fd(std::os::fd::RawFd), } diff --git a/src/main.rs b/src/main.rs index 84ec63b..e579f06 100644 --- a/src/main.rs +++ b/src/main.rs @@ -95,11 +95,15 @@ fn main() -> ExitCode { options = options.with_ipv6_enabled(); } + #[allow(unused_assignments)] let interface = match args.tun_fd { None => NetworkInterface::Named(args.tun.clone()), - Some(fd) => { + Some(_fd) => { options = options.with_mtu(args.tun_mtu); - NetworkInterface::Fd(fd) + #[cfg(not(target_family = "unix"))] + panic!("Not supported"); + #[cfg(target_family = "unix")] + NetworkInterface::Fd(_fd) } }; diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index ecdc62b..88c6fbc 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -1,20 +1,32 @@ +#![allow(dead_code)] + use crate::{dns, error::Error, error::Result, virtdevice::VirtualTunDevice, NetworkInterface, Options}; -use mio::{event::Event, net::TcpStream, net::UdpSocket, unix::SourceFd, Events, Interest, Poll, Token}; +#[cfg(target_family = "unix")] +use mio::unix::SourceFd; +use mio::{event::Event, net::TcpStream, net::UdpSocket, Events, Interest, Poll, Token}; +#[cfg(not(target_family = "unix"))] +use smoltcp::phy::DeviceCapabilities; +#[cfg(any(target_os = "macos", target_os = "ios"))] +use smoltcp::phy::RawSocket; +#[cfg(any(target_os = "linux", target_os = "android"))] +use smoltcp::phy::TunTapInterface; +#[cfg(target_family = "unix")] +use smoltcp::phy::{Device, Medium, RxToken, TxToken}; use smoltcp::{ iface::{Config, Interface, SocketHandle, SocketSet}, - phy::{Device, Medium, RxToken, TunTapInterface, TxToken}, socket::{tcp, tcp::State, udp, udp::UdpMetadata}, time::Instant, wire::{IpCidr, IpProtocol, Ipv4Packet, Ipv6Packet, TcpPacket, UdpPacket, UDP_HEADER_LEN}, }; use socks5_impl::protocol::{Address, StreamOperation, UdpHeader, UserKey}; use std::collections::LinkedList; +#[cfg(target_family = "unix")] +use std::os::unix::io::AsRawFd; use std::{ collections::{HashMap, HashSet}, convert::{From, TryFrom}, io::{Read, Write}, net::{IpAddr, Ipv4Addr, Ipv6Addr, Shutdown, SocketAddr}, - os::unix::io::AsRawFd, rc::Rc, str::FromStr, }; @@ -208,7 +220,10 @@ const TUN_TOKEN: Token = Token(0); const EXIT_TOKEN: Token = Token(2); pub struct TunToProxy<'a> { + #[cfg(any(target_os = "linux", target_os = "android"))] tun: TunTapInterface, + #[cfg(any(target_os = "macos", target_os = "ios"))] + tun: RawSocket, poll: Poll, iface: Interface, connection_map: HashMap, @@ -218,31 +233,53 @@ pub struct TunToProxy<'a> { device: VirtualTunDevice, options: Options, write_sockets: HashSet, + #[cfg(target_family = "unix")] _exit_receiver: mio::unix::pipe::Receiver, + #[cfg(target_family = "unix")] exit_sender: mio::unix::pipe::Sender, } impl<'a> TunToProxy<'a> { - pub fn new(interface: &NetworkInterface, options: Options) -> Result { - let tun = match interface { + pub fn new(_interface: &NetworkInterface, options: Options) -> Result { + #[cfg(any(target_os = "linux", target_os = "android"))] + let tun = match _interface { NetworkInterface::Named(name) => TunTapInterface::new(name.as_str(), Medium::Ip)?, NetworkInterface::Fd(fd) => TunTapInterface::from_fd(*fd, Medium::Ip, options.mtu.unwrap_or(1500))?, }; + + #[cfg(any(target_os = "macos", target_os = "ios"))] + let tun = match _interface { + NetworkInterface::Named(name) => RawSocket::new(name.as_str(), Medium::Ip)?, + NetworkInterface::Fd(_fd) => panic!("Not supported"), + }; + let poll = Poll::new()?; + + #[cfg(target_family = "unix")] poll.registry() .register(&mut SourceFd(&tun.as_raw_fd()), TUN_TOKEN, Interest::READABLE)?; + #[cfg(target_family = "unix")] let (exit_sender, mut exit_receiver) = mio::unix::pipe::new()?; + #[cfg(target_family = "unix")] poll.registry() .register(&mut exit_receiver, EXIT_TOKEN, Interest::READABLE)?; + #[cfg(target_family = "unix")] #[rustfmt::skip] let config = match tun.capabilities().medium { Medium::Ethernet => Config::new(smoltcp::wire::EthernetAddress([0x02, 0x00, 0x00, 0x00, 0x00, 0x01]).into()), Medium::Ip => Config::new(smoltcp::wire::HardwareAddress::Ip), Medium::Ieee802154 => todo!(), }; + #[cfg(not(target_family = "unix"))] + let config = Config::new(smoltcp::wire::HardwareAddress::Ip); + + #[cfg(target_family = "unix")] let mut device = VirtualTunDevice::new(tun.capabilities()); + #[cfg(not(target_family = "unix"))] + let mut device = VirtualTunDevice::new(DeviceCapabilities::default()); + let gateway4: Ipv4Addr = Ipv4Addr::from_str("0.0.0.1")?; let gateway6: Ipv6Addr = Ipv6Addr::from_str("::1")?; let mut iface = Interface::new(config, &mut device, Instant::now()); @@ -255,6 +292,7 @@ impl<'a> TunToProxy<'a> { iface.set_any_ip(true); let tun = Self { + #[cfg(target_family = "unix")] tun, poll, iface, @@ -265,7 +303,9 @@ impl<'a> TunToProxy<'a> { device, options, write_sockets: HashSet::default(), + #[cfg(target_family = "unix")] _exit_receiver: exit_receiver, + #[cfg(target_family = "unix")] exit_sender, }; Ok(tun) @@ -286,14 +326,15 @@ impl<'a> TunToProxy<'a> { self.iface.poll(Instant::now(), &mut self.device, &mut self.sockets); while let Some(vec) = self.device.exfiltrate_packet() { - let slice = vec.as_slice(); + let _slice = vec.as_slice(); // TODO: Actual write. Replace. + #[cfg(target_family = "unix")] self.tun .transmit(Instant::now()) .ok_or("tx token not available")? - .consume(slice.len(), |buf| { - buf[..].clone_from_slice(slice); + .consume(_slice.len(), |buf| { + buf[..].clone_from_slice(_slice); }); } Ok(()) @@ -892,6 +933,7 @@ impl<'a> TunToProxy<'a> { fn tun_event(&mut self, event: &Event) -> Result<(), Error> { if event.is_readable() { + #[cfg(target_family = "unix")] while let Some((rx_token, _)) = self.tun.receive(Instant::now()) { rx_token.consume(|frame| self.receive_tun(frame))?; } @@ -1098,6 +1140,7 @@ impl<'a> TunToProxy<'a> { } pub fn shutdown(&mut self) -> Result<(), Error> { + #[cfg(target_family = "unix")] self.exit_sender.write_all(&[1])?; Ok(()) } diff --git a/src/virtdns.rs b/src/virtdns.rs index 148b45c..eaed24b 100644 --- a/src/virtdns.rs +++ b/src/virtdns.rs @@ -1,3 +1,5 @@ +#![allow(dead_code)] + use crate::error::Result; use hashlink::{linked_hash_map::RawEntryMut, LruCache}; use smoltcp::wire::Ipv4Cidr; diff --git a/tests/proxy.rs b/tests/proxy.rs index a7274a2..3ced894 100644 --- a/tests/proxy.rs +++ b/tests/proxy.rs @@ -1,3 +1,4 @@ +#[cfg(target_os = "linux")] #[cfg(test)] mod tests { extern crate reqwest; From 0044756f78a1d8e3bc4c100a3e21e8bd1f1b01ca Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Thu, 31 Aug 2023 15:59:07 +0800 Subject: [PATCH 108/401] --dns-addr option --- README.md | 4 +--- src/lib.rs | 6 ++++++ src/main.rs | 31 ++++++++++++++++++++----------- src/tun2proxy.rs | 2 +- 4 files changed, 28 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 4b89238..09981ec 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ A tunnel interface for HTTP and SOCKS proxies on Linux based on [smoltcp](https: - IPv4 and IPv6 support - GFW evasion mechanism for certain use cases (see [issue #35](https://github.com/blechschmidt/tun2proxy/issues/35)) - SOCKS5 UDP support +- Native support for proxying DNS over TCP ## Build Clone the repository and `cd` into the project folder. Then run the following: @@ -122,6 +123,3 @@ asked to open connections to IPv6 destinations. In such a case, you can disable either through `sysctl -w net.ipv6.conf.all.disable_ipv6=1` and `sysctl -w net.ipv6.conf.default.disable_ipv6=1` or through `ip -6 route del default`, which causes the `libc` resolver (and other software) to not issue DNS AAAA requests for IPv6 addresses. - -## TODO -- Native support for proxying DNS over TCP or TLS diff --git a/src/lib.rs b/src/lib.rs index eac2bbf..4cbffa0 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -100,6 +100,7 @@ pub struct Options { virtual_dns: Option, mtu: Option, dns_over_tcp: bool, + dns_addr: Option, ipv6_enabled: bool, } @@ -120,6 +121,11 @@ impl Options { self } + pub fn with_dns_addr(mut self, addr: Option) -> Self { + self.dns_addr = addr; + self + } + pub fn with_ipv6_enabled(mut self) -> Self { self.ipv6_enabled = true; self diff --git a/src/main.rs b/src/main.rs index e579f06..c513d1d 100644 --- a/src/main.rs +++ b/src/main.rs @@ -25,13 +25,13 @@ struct Args { #[arg(short, long, value_parser = Proxy::from_url, value_name = "URL")] proxy: Proxy, - /// DNS handling - #[arg(short, long, value_name = "method", value_enum, default_value = "virtual")] + /// DNS handling strategy + #[arg(short, long, value_name = "strategy", value_enum, default_value = "virtual")] dns: ArgDns, - /// Enable DNS over TCP - #[arg(long)] - dns_over_tcp: bool, + /// DNS resolver address + #[arg(long, value_name = "IP", default_value = "8.8.8.8")] + dns_addr: IpAddr, /// IPv6 enabled #[arg(short = '6', long)] @@ -50,10 +50,15 @@ struct Args { verbosity: ArgVerbosity, } +/// DNS query handling strategy +/// - Virtual: Intercept DNS queries and resolve them locally with a fake IP address +/// - OverTcp: Use TCP to send DNS queries to the DNS server +/// - Direct: Looks as general UDP traffic but change the destination to the DNS server #[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, clap::ValueEnum)] enum ArgDns { Virtual, - None, + OverTcp, + Direct, } #[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, clap::ValueEnum)] @@ -83,13 +88,17 @@ fn main() -> ExitCode { log::info!("Proxy {proxy_type} server: {addr}"); let mut options = Options::new(); - if args.dns == ArgDns::Virtual { - options = options.with_virtual_dns(); + match args.dns { + ArgDns::Virtual => { + options = options.with_virtual_dns(); + } + ArgDns::OverTcp => { + options = options.with_dns_over_tcp(); + } + _ => {} } - if args.dns_over_tcp { - options = options.with_dns_over_tcp(); - } + options = options.with_dns_addr(Some(args.dns_addr)); if args.ipv6_enabled { options = options.with_ipv6_enabled(); diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 88c6fbc..b540053 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -505,7 +505,7 @@ impl<'a> TunToProxy<'a> { let mut info = info; let port = origin_dst.port(); if port == DNS_PORT && info.protocol == IpProtocol::Udp && dns::addr_is_private(&origin_dst) { - let dns_addr: SocketAddr = "8.8.8.8:53".parse()?; // TODO: Configurable + let dns_addr: SocketAddr = (self.options.dns_addr.ok_or("dns_addr")?, DNS_PORT).into(); info.dst = Address::from(dns_addr); } info From abcff395d83747b1b607d602e9c37d1f7da65647 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Thu, 31 Aug 2023 16:11:35 +0800 Subject: [PATCH 109/401] Bump version 0.1.6 --- Cargo.toml | 6 +++--- README.md | 19 ++++++++++++------- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 4ca6380..d86b722 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,8 +1,8 @@ [package] authors = ["B. Blechschmidt"] -edition = "2018" +edition = "2021" name = "tun2proxy" -version = "0.1.5" +version = "0.1.6" [lib] crate-type = ["cdylib", "lib"] @@ -19,7 +19,7 @@ httparse = "1.8" libc = "0.2" log = "0.4" mio = { version = "0.8", features = ["os-poll", "net", "os-ext"] } -nix = { version = "0.26", features = ["process", "signal"] } +nix = { version = "0.27", features = ["process", "signal"] } prctl = "1.0" smoltcp = { version = "0.10", features = ["std", "phy-tuntap_interface"] } socks5-impl = { version = "0.5", default-features = false } diff --git a/README.md b/README.md index 09981ec..4b245e0 100644 --- a/README.md +++ b/README.md @@ -91,13 +91,18 @@ Tunnel interface to proxy. Usage: tun2proxy [OPTIONS] --proxy Options: - -t, --tun Name of the tun interface [default: tun0] - -p, --proxy Proxy URL in the form proto://[username[:password]@]host:port - -d, --dns DNS handling [default: virtual] [possible values: virtual, none] - -s, --setup Routing and system setup [possible values: auto] - --bypass-ip Public proxy IP used in routing setup which should bypassing the tunnel - -h, --help Print help - -V, --version Print version + -t, --tun Name of the tun interface [default: tun0] + --tun-fd File descriptor of the tun interface + --tun-mtu MTU of the tun interface (only with tunnel file descriptor) [default: 1500] + -p, --proxy Proxy URL in the form proto://[username[:password]@]host:port + -d, --dns DNS handling strategy [default: virtual] [possible values: virtual, over-tcp, direct] + --dns-addr DNS resolver address [default: 8.8.8.8] + -6, --ipv6-enabled IPv6 enabled + -s, --setup Routing and system setup [possible values: auto] + --bypass-ip Public proxy IP used in routing setup which should bypassing the tunnel + -v, --verbosity Verbosity level [default: info] [possible values: off, error, warn, info, debug, trace] + -h, --help Print help + -V, --version Print version ``` Currently, tun2proxy supports HTTP, SOCKS4/SOCKS4a and SOCKS5. A proxy is supplied to the `--proxy` argument in the URL format. For example, an HTTP proxy at `1.2.3.4:3128` with a username of `john.doe` and a password of `secret` is From a17d9587d67127a305a81faba0f083d05501ef71 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Thu, 31 Aug 2023 16:35:37 +0800 Subject: [PATCH 110/401] dependencies issues --- Cargo.toml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index d86b722..4422225 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -9,7 +9,7 @@ crate-type = ["cdylib", "lib"] [dependencies] base64 = { version = "0.21" } -clap = { version = "4.3", features = ["derive"] } +clap = { version = "4.4", features = ["derive"] } ctrlc = "3.4" digest_auth = "0.3" dotenvy = "0.15" @@ -19,7 +19,13 @@ httparse = "1.8" libc = "0.2" log = "0.4" mio = { version = "0.8", features = ["os-poll", "net", "os-ext"] } -nix = { version = "0.27", features = ["process", "signal"] } +nix = { version = "0.27", features = [ + "process", + "signal", + "fs", + "mount", + "user", +] } prctl = "1.0" smoltcp = { version = "0.10", features = ["std", "phy-tuntap_interface"] } socks5-impl = { version = "0.5", default-features = false } From 0e3b45be4a3ae64042f55a7947233956b8c18918 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Thu, 31 Aug 2023 11:54:28 -0400 Subject: [PATCH 111/401] Publish script --- .github/workflows/format-build.yml | 2 + .github/workflows/install-cross.sh | 11 ++++ .github/workflows/publish-exe.yml | 81 ++++++++++++++++++++++++------ 3 files changed, 78 insertions(+), 16 deletions(-) create mode 100755 .github/workflows/install-cross.sh diff --git a/.github/workflows/format-build.yml b/.github/workflows/format-build.yml index 9b76859..6fefc0f 100644 --- a/.github/workflows/format-build.yml +++ b/.github/workflows/format-build.yml @@ -51,3 +51,5 @@ jobs: with: command: clippy args: -- -D warnings + - name: Build + run: cargo build --verbose diff --git a/.github/workflows/install-cross.sh b/.github/workflows/install-cross.sh new file mode 100755 index 0000000..95b5c04 --- /dev/null +++ b/.github/workflows/install-cross.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +curl -s https://api.github.com/repos/cross-rs/cross/releases/latest \ + | grep cross-x86_64-unknown-linux-gnu.tar.gz \ + | cut -d : -f 2,3 \ + | tr -d \" \ + | wget -qi - + +tar -zxvf cross-x86_64-unknown-linux-gnu.tar.gz -C /usr/bin +rm -f cross-x86_64-unknown-linux-gnu.tar.gz + diff --git a/.github/workflows/publish-exe.yml b/.github/workflows/publish-exe.yml index 8b19a38..c376706 100644 --- a/.github/workflows/publish-exe.yml +++ b/.github/workflows/publish-exe.yml @@ -3,28 +3,77 @@ on: tags: - "*" -name: Build and publish executable +name: Publish Releases jobs: build_publish: - name: Build and publish executable - runs-on: ubuntu-latest + name: Publishing Tasks + strategy: + matrix: + target: + - x86_64-unknown-linux-gnu + - x86_64-unknown-linux-musl + - i686-unknown-linux-musl + - aarch64-unknown-linux-gnu + - armv7-unknown-linux-gnueabihf + - x86_64-apple-darwin + - aarch64-apple-darwin + - x86_64-pc-windows-msvc + - i686-pc-windows-msvc + + include: + - target: x86_64-unknown-linux-gnu + host_os: ubuntu-latest + - target: x86_64-unknown-linux-musl + host_os: ubuntu-latest + - target: i686-unknown-linux-musl + host_os: ubuntu-latest + - target: aarch64-unknown-linux-gnu + host_os: ubuntu-latest + - target: armv7-unknown-linux-gnueabihf + host_os: ubuntu-latest + - target: x86_64-apple-darwin + host_os: macos-latest + - target: aarch64-apple-darwin + host_os: macos-latest + - target: x86_64-pc-windows-msvc + host_os: windows-latest + - target: i686-pc-windows-msvc + host_os: windows-latest + + runs-on: ${{ matrix.host_os }} steps: - - uses: actions/checkout@v2 - - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: stable - override: true - - uses: actions-rs/cargo@v1 - with: - command: build - args: --release --target x86_64-unknown-linux-gnu - - name: Rename - run: mkdir build && mv target/x86_64-unknown-linux-gnu/release/tun2proxy build/tun2proxy-x86_64 + - uses: actions/checkout@v3 + + - name: Prepare + shell: bash + run: | + mkdir publishdir + rustup target add ${{ matrix.target }} + if [[ "${{ matrix.host_os }}" == "ubuntu-latest" ]]; then + sudo .github/workflows/install-cross.sh + fi + + - name: Build + shell: bash + run: | + if [[ "${{ matrix.host_os }}" == "ubuntu-latest" ]]; then + cross build --all-features --release --target ${{ matrix.target }} + else + cargo build --all-features --release --target ${{ matrix.target }} + fi + if [[ "${{ matrix.host_os }}" == "windows-latest" ]]; then + powershell Compress-Archive -Path target/${{ matrix.target }}/release/tun2proxy.exe -DestinationPath publishdir/tun2proxy-${{ matrix.target }}.zip + elif [[ "${{ matrix.host_os }}" == "macos-latest" ]]; then + zip -j publishdir/tun2proxy-${{ matrix.target }}.zip target/${{ matrix.target }}/release/tun2proxy + elif [[ "${{ matrix.host_os }}" == "ubuntu-latest" ]]; then + zip -j publishdir/tun2proxy-${{ matrix.target }}.zip target/${{ matrix.target }}/release/tun2proxy + fi + - name: Publish uses: softprops/action-gh-release@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - files: build/* + files: publishdir/* + From 11995d525b3ca553b757229e0aea6b303c7aec2e Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Fri, 1 Sep 2023 11:17:12 +0800 Subject: [PATCH 112/401] dns_over_tcp_expiry --- src/tun2proxy.rs | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index b540053..4753180 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -195,7 +195,7 @@ struct ConnectionState { udp_token: Option, origin_dst: SocketAddr, udp_data_cache: LinkedList>, - udp_over_tcp_expiry: Option<::std::time::Instant>, + dns_over_tcp_expiry: Option<::std::time::Instant>, } pub(crate) trait TcpProxy { @@ -555,7 +555,7 @@ impl<'a> TunToProxy<'a> { let err = "udp over tcp state not find"; let state = self.connection_map.get_mut(info).ok_or(err)?; - state.udp_over_tcp_expiry = Some(Self::common_udp_life_timeout()); + state.dns_over_tcp_expiry = Some(Self::common_udp_life_timeout()); let data_event = IncomingDataEvent { direction: IncomingDirection::FromClient, @@ -568,8 +568,8 @@ impl<'a> TunToProxy<'a> { fn receive_dns_over_tcp_packet_and_write_to_client(&mut self, info: &ConnectionInfo) -> Result<()> { let err = "udp connection state not found"; let state = self.connection_map.get_mut(info).ok_or(err)?; - assert!(state.udp_over_tcp_expiry.is_some()); - state.udp_over_tcp_expiry = Some(Self::common_udp_life_timeout()); + assert!(state.dns_over_tcp_expiry.is_some()); + state.dns_over_tcp_expiry = Some(Self::common_udp_life_timeout()); // Code similar to the code in parent function. TODO: Cleanup. let mut vecbuf = Vec::::new(); @@ -638,9 +638,9 @@ impl<'a> TunToProxy<'a> { Ok(()) } - fn udp_over_tcp_timeout_expired(&self, info: &ConnectionInfo) -> bool { + fn dns_over_tcp_timeout_expired(&self, info: &ConnectionInfo) -> bool { if let Some(state) = self.connection_map.get(info) { - if let Some(expiry) = state.udp_over_tcp_expiry { + if let Some(expiry) = state.dns_over_tcp_expiry { return expiry < ::std::time::Instant::now(); } } @@ -650,8 +650,8 @@ impl<'a> TunToProxy<'a> { fn clearup_expired_dns_over_tcp(&mut self) -> Result<()> { let keys = self.connection_map.keys().cloned().collect::>(); for key in keys { - if self.udp_over_tcp_timeout_expired(&key) { - log::trace!("UDP over TCP timeout: {}", key); + if self.dns_over_tcp_timeout_expired(&key) { + log::trace!("DNS over TCP timeout: {}", key); self.remove_connection(&key)?; } } @@ -817,7 +817,7 @@ impl<'a> TunToProxy<'a> { udp_token, origin_dst: dst, udp_data_cache: LinkedList::new(), - udp_over_tcp_expiry: None, + dns_over_tcp_expiry: None, }; Ok(state) } From e5a645638a8d12b3b22779559caf4a3970e165d0 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Fri, 1 Sep 2023 11:28:06 +0800 Subject: [PATCH 113/401] rename TcpProxy to ProxyHandler --- src/http.rs | 6 ++--- src/socks.rs | 6 ++--- src/tun2proxy.rs | 64 ++++++++++++++++++++++-------------------------- 3 files changed, 35 insertions(+), 41 deletions(-) diff --git a/src/http.rs b/src/http.rs index cdbeca2..693650a 100644 --- a/src/http.rs +++ b/src/http.rs @@ -2,7 +2,7 @@ use crate::{ error::Error, tun2proxy::{ ConnectionInfo, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, OutgoingDataEvent, - OutgoingDirection, TcpProxy, + OutgoingDirection, ProxyHandler, }, }; use base64::Engine; @@ -317,7 +317,7 @@ impl HttpConnection { } } -impl TcpProxy for HttpConnection { +impl ProxyHandler for HttpConnection { fn get_connection_info(&self) -> &ConnectionInfo { &self.info } @@ -395,7 +395,7 @@ pub(crate) struct HttpManager { } impl ConnectionManager for HttpManager { - fn new_tcp_proxy(&self, info: &ConnectionInfo, _: bool) -> Result, Error> { + fn new_proxy_handler(&self, info: &ConnectionInfo, _: bool) -> Result, Error> { if info.protocol != IpProtocol::Tcp { return Err("Invalid protocol".into()); } diff --git a/src/socks.rs b/src/socks.rs index ee65501..5cb171b 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -2,7 +2,7 @@ use crate::{ error::{Error, Result}, tun2proxy::{ ConnectionInfo, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, OutgoingDataEvent, - OutgoingDirection, TcpProxy, + OutgoingDirection, ProxyHandler, }, }; use socks5_impl::protocol::{self, handshake, password_method, Address, AuthMethod, StreamOperation, UserKey, Version}; @@ -268,7 +268,7 @@ impl SocksProxyImpl { } } -impl TcpProxy for SocksProxyImpl { +impl ProxyHandler for SocksProxyImpl { fn get_connection_info(&self) -> &ConnectionInfo { &self.info } @@ -346,7 +346,7 @@ pub(crate) struct SocksProxyManager { } impl ConnectionManager for SocksProxyManager { - fn new_tcp_proxy(&self, info: &ConnectionInfo, udp_associate: bool) -> Result> { + fn new_proxy_handler(&self, info: &ConnectionInfo, udp_associate: bool) -> Result> { use socks5_impl::protocol::Command::{Connect, UdpAssociate}; let command = if udp_associate { UdpAssociate } else { Connect }; let credentials = self.credentials.clone(); diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 4753180..5a3ce45 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -186,7 +186,7 @@ struct ConnectionState { smoltcp_handle: Option, mio_stream: TcpStream, token: Token, - tcp_proxy_handler: Box, + proxy_handler: Box, close_state: u8, wait_read: bool, wait_write: bool, @@ -198,7 +198,7 @@ struct ConnectionState { dns_over_tcp_expiry: Option<::std::time::Instant>, } -pub(crate) trait TcpProxy { +pub(crate) trait ProxyHandler { fn get_connection_info(&self) -> &ConnectionInfo; fn push_data(&mut self, event: IncomingDataEvent<'_>) -> Result<(), Error>; fn consume_data(&mut self, dir: OutgoingDirection, size: usize); @@ -210,7 +210,7 @@ pub(crate) trait TcpProxy { } pub(crate) trait ConnectionManager { - fn new_tcp_proxy(&self, info: &ConnectionInfo, udp_associate: bool) -> Result>; + fn new_proxy_handler(&self, info: &ConnectionInfo, udp_associate: bool) -> Result>; fn close_connection(&self, info: &ConnectionInfo); fn get_server_addr(&self) -> SocketAddr; fn get_credentials(&self) -> &Option; @@ -399,10 +399,10 @@ impl<'a> TunToProxy<'a> { let mut closed_ends = 0; if (state.close_state & SERVER_WRITE_CLOSED) == SERVER_WRITE_CLOSED && !state - .tcp_proxy_handler + .proxy_handler .have_data(Direction::Incoming(IncomingDirection::FromServer)) && !state - .tcp_proxy_handler + .proxy_handler .have_data(Direction::Outgoing(OutgoingDirection::ToClient)) { if let Some(handle) = state.smoltcp_handle { @@ -415,10 +415,10 @@ impl<'a> TunToProxy<'a> { if (state.close_state & CLIENT_WRITE_CLOSED) == CLIENT_WRITE_CLOSED && !state - .tcp_proxy_handler + .proxy_handler .have_data(Direction::Incoming(IncomingDirection::FromClient)) && !state - .tcp_proxy_handler + .proxy_handler .have_data(Direction::Outgoing(OutgoingDirection::ToServer)) { // Close remote server @@ -452,7 +452,7 @@ impl<'a> TunToProxy<'a> { direction: IncomingDirection::FromClient, buffer: data, }; - error = state.tcp_proxy_handler.push_data(event); + error = state.proxy_handler.push_data(event); (data.len(), ()) })?; } @@ -534,9 +534,9 @@ impl<'a> TunToProxy<'a> { if !self.connection_map.contains_key(info) { log::info!("DNS over TCP {} ({})", info, origin_dst); - let tcp_proxy_handler = manager.new_tcp_proxy(info, false)?; + let proxy_handler = manager.new_proxy_handler(info, false)?; let server_addr = manager.get_server_addr(); - let state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, false)?; + let state = self.create_new_tcp_connection_state(server_addr, origin_dst, proxy_handler, false)?; self.connection_map.insert(info.clone(), state); // TODO: Move this 3 lines to the function end? @@ -561,7 +561,7 @@ impl<'a> TunToProxy<'a> { direction: IncomingDirection::FromClient, buffer: &buf, }; - state.tcp_proxy_handler.push_data(data_event)?; + state.proxy_handler.push_data(data_event)?; Ok(()) } @@ -589,13 +589,13 @@ impl<'a> TunToProxy<'a> { direction: IncomingDirection::FromServer, buffer: &data[0..read], }; - if let Err(error) = state.tcp_proxy_handler.push_data(data_event) { + if let Err(error) = state.proxy_handler.push_data(data_event) { log::error!("{}", error); self.remove_connection(&info.clone())?; return Ok(()); } - let dns_event = state.tcp_proxy_handler.peek_data(OutgoingDirection::ToClient); + let dns_event = state.proxy_handler.peek_data(OutgoingDirection::ToClient); let mut buf = dns_event.buffer.to_vec(); let mut to_send: LinkedList> = LinkedList::new(); @@ -615,9 +615,7 @@ impl<'a> TunToProxy<'a> { let ip = dns::extract_ipaddr_from_dns_message(&message); log::trace!("DNS over TCP query result: {} -> {:?}", name, ip); - state - .tcp_proxy_handler - .consume_data(OutgoingDirection::ToClient, len + 2); + state.proxy_handler.consume_data(OutgoingDirection::ToClient, len + 2); if !self.options.ipv6_enabled { dns::remove_ipv6_entries(&mut message); @@ -667,9 +665,9 @@ impl<'a> TunToProxy<'a> { ) -> Result<()> { if !self.connection_map.contains_key(info) { log::info!("UDP associate session {} ({})", info, origin_dst); - let tcp_proxy_handler = manager.new_tcp_proxy(info, true)?; + let proxy_handler = manager.new_proxy_handler(info, true)?; let server_addr = manager.get_server_addr(); - let state = self.create_new_tcp_connection_state(server_addr, origin_dst, tcp_proxy_handler, true)?; + let state = self.create_new_tcp_connection_state(server_addr, origin_dst, proxy_handler, true)?; self.connection_map.insert(info.clone(), state); self.expect_smoltcp_send()?; @@ -689,7 +687,7 @@ impl<'a> TunToProxy<'a> { UdpHeader::new(0, info.dst.clone()).write_to_stream(&mut s5_udp_data)?; s5_udp_data.extend_from_slice(payload); - if let Some(udp_associate) = state.tcp_proxy_handler.get_udp_associate() { + if let Some(udp_associate) = state.proxy_handler.get_udp_associate() { // UDP associate session has been established, we can send packets directly... if let Some(socket) = state.udp_socket.as_ref() { socket.send_to(&s5_udp_data, udp_associate)?; @@ -718,9 +716,9 @@ impl<'a> TunToProxy<'a> { if info.protocol == IpProtocol::Tcp { if _first_packet { - let tcp_proxy_handler = manager.new_tcp_proxy(&info, false)?; + let proxy_handler = manager.new_proxy_handler(&info, false)?; let server = manager.get_server_addr(); - let state = self.create_new_tcp_connection_state(server, origin_dst, tcp_proxy_handler, false)?; + let state = self.create_new_tcp_connection_state(server, origin_dst, proxy_handler, false)?; self.connection_map.insert(info.clone(), state); log::info!("Connect done {} ({})", info, origin_dst); @@ -773,7 +771,7 @@ impl<'a> TunToProxy<'a> { &mut self, server_addr: SocketAddr, dst: SocketAddr, - tcp_proxy_handler: Box, + proxy_handler: Box, udp_associate: bool, ) -> Result { let mut socket = tcp::Socket::new( @@ -808,7 +806,7 @@ impl<'a> TunToProxy<'a> { smoltcp_handle: Some(handle), mio_stream: client, token, - tcp_proxy_handler, + proxy_handler, close_state: 0, wait_read: true, wait_write: false, @@ -860,7 +858,7 @@ impl<'a> TunToProxy<'a> { fn write_to_server(&mut self, info: &ConnectionInfo) -> Result<(), Error> { if let Some(state) = self.connection_map.get_mut(info) { - let event = state.tcp_proxy_handler.peek_data(OutgoingDirection::ToServer); + let event = state.proxy_handler.peek_data(OutgoingDirection::ToServer); let buffer_size = event.buffer.len(); if buffer_size == 0 { state.wait_write = false; @@ -871,9 +869,7 @@ impl<'a> TunToProxy<'a> { let result = state.mio_stream.write(event.buffer); match result { Ok(written) => { - state - .tcp_proxy_handler - .consume_data(OutgoingDirection::ToServer, written); + state.proxy_handler.consume_data(OutgoingDirection::ToServer, written); state.wait_write = written < buffer_size; Self::update_mio_socket_interest(&mut self.poll, state)?; } @@ -897,7 +893,7 @@ impl<'a> TunToProxy<'a> { Some(handle) => handle, None => break, }; - let event = state.tcp_proxy_handler.peek_data(OutgoingDirection::ToClient); + let event = state.proxy_handler.peek_data(OutgoingDirection::ToClient); let buflen = event.buffer.len(); let consumed; { @@ -908,9 +904,7 @@ impl<'a> TunToProxy<'a> { virtual_dns.touch_ip(&IpAddr::from(socket.local_endpoint().unwrap().addr)); } consumed = socket.send_slice(event.buffer)?; - state - .tcp_proxy_handler - .consume_data(OutgoingDirection::ToClient, consumed); + state.proxy_handler.consume_data(OutgoingDirection::ToClient, consumed); self.expect_smoltcp_send()?; if consumed < buflen { self.write_sockets.insert(token); @@ -994,7 +988,7 @@ impl<'a> TunToProxy<'a> { // Try to send the first UDP packets to remote SOCKS5 server for UDP associate session if let Some(state) = self.connection_map.get_mut(info) { if let Some(udp_socket) = state.udp_socket.as_ref() { - if let Some(addr) = state.tcp_proxy_handler.get_udp_associate() { + if let Some(addr) = state.proxy_handler.get_udp_associate() { // Consume udp_data_cache data while let Some(buf) = state.udp_data_cache.pop_front() { udp_socket.send_to(&buf, addr)?; @@ -1030,7 +1024,7 @@ impl<'a> TunToProxy<'a> { .connection_map .get(&conn_info) .ok_or("")? - .tcp_proxy_handler + .proxy_handler .connection_established(); if self.options.dns_over_tcp && conn_info.dst.port() == DNS_PORT && established { self.receive_dns_over_tcp_packet_and_write_to_client(&conn_info)?; @@ -1057,14 +1051,14 @@ impl<'a> TunToProxy<'a> { direction: IncomingDirection::FromServer, buffer: &data[0..read], }; - if let Err(error) = state.tcp_proxy_handler.push_data(data_event) { + if let Err(error) = state.proxy_handler.push_data(data_event) { log::error!("{}", error); self.remove_connection(&conn_info.clone())?; return Ok(()); } // The handler request for reset the server connection - if state.tcp_proxy_handler.reset_connection() { + if state.proxy_handler.reset_connection() { _ = self.poll.registry().deregister(&mut state.mio_stream); // Closes the connection with the proxy state.mio_stream.shutdown(Shutdown::Both)?; From 5bd62d3101f0168fd16297a3873d6efbcb89d865 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sat, 2 Sep 2023 17:36:30 +0800 Subject: [PATCH 114/401] log::info adjustment --- src/socks.rs | 6 +++--- src/tun2proxy.rs | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/socks.rs b/src/socks.rs index 5cb171b..a8e3494 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -142,7 +142,7 @@ impl SocksProxyImpl { let response = handshake::Response::retrieve_from_stream(&mut self.server_inbuf.clone()); if let Err(e) = &response { if e.kind() == std::io::ErrorKind::UnexpectedEof { - // log::trace!("receive_server_hello_socks5 needs more data \"{}\"...", e); + log::trace!("receive_server_hello_socks5 needs more data \"{}\"...", e); return Ok(()); } else { return Err(e.to_string().into()); @@ -217,7 +217,7 @@ impl SocksProxyImpl { let response = protocol::Response::retrieve_from_stream(&mut self.server_inbuf.clone()); if let Err(e) = &response { if e.kind() == std::io::ErrorKind::UnexpectedEof { - // log::trace!("receive_connection_status needs more data \"{}\"...", e); + log::trace!("receive_connection_status needs more data \"{}\"...", e); return Ok(()); } else { return Err(e.to_string().into()); @@ -231,7 +231,7 @@ impl SocksProxyImpl { if self.command == protocol::Command::UdpAssociate { self.udp_associate = Some(SocketAddr::try_from(&response.address)?); assert!(self.data_buf.is_empty()); - // log::debug!("UDP associate: {}", response.address); + log::trace!("UDP associate recieved address {}", response.address); } self.server_outbuf.append(&mut self.data_buf); diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 5a3ce45..1b9a440 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -56,8 +56,8 @@ impl ConnectionInfo { fn to_named(&self, name: String) -> Self { let mut result = self.clone(); result.dst = Address::from((name, result.dst.port())); - // let p = self.protocol; - // log::trace!("{p} replace dst \"{}\" -> \"{}\"", self.dst, result.dst); + let p = self.protocol; + log::trace!("{p} replace dst \"{}\" -> \"{}\"", self.dst, result.dst); result } } @@ -705,7 +705,7 @@ impl<'a> TunToProxy<'a> { let mut handler = || -> Result<(), Error> { let result = connection_tuple(frame); if let Err(error) = result { - log::info!("{}, ignored", error); + log::debug!("{}, ignored", error); return Ok(()); } let (info, _first_packet, payload_offset, payload_size) = result?; @@ -723,10 +723,10 @@ impl<'a> TunToProxy<'a> { log::info!("Connect done {} ({})", info, origin_dst); } else if !self.connection_map.contains_key(&info) { - // log::debug!("Drop middle session {} ({})", info, origin_dst); + log::trace!("Drop middle session {} ({})", info, origin_dst); return Ok(()); } else { - // log::trace!("Subsequent packet {} ({})", info, origin_dst); + log::trace!("Subsequent packet {} ({})", info, origin_dst); } // Inject the packet to advance the remote proxy server smoltcp socket state @@ -940,8 +940,8 @@ impl<'a> TunToProxy<'a> { if let Some(connection) = self.find_info_by_token(token) { let connection = connection.clone(); if let Err(error) = self.write_to_client(token, &connection) { + log::error!("Write to client {}", error); self.remove_connection(&connection)?; - log::error!("Write to client: {}: ", error); } } } @@ -1112,7 +1112,7 @@ impl<'a> TunToProxy<'a> { loop { if let Err(err) = self.poll.poll(&mut events, None) { if err.kind() == std::io::ErrorKind::Interrupted { - log::warn!("Poll interrupted: \"{err}\", ignored, continue polling"); + log::debug!("Poll interrupted: \"{err}\", ignored, continue polling"); continue; } return Err(err.into()); From 538e40d05b96e1b7b83bdf59971268404b464af7 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sat, 2 Sep 2023 20:23:32 +0800 Subject: [PATCH 115/401] reading code --- src/http.rs | 2 +- src/socks.rs | 19 ++++++++----------- src/tun2proxy.rs | 30 +++++++++++------------------- 3 files changed, 20 insertions(+), 31 deletions(-) diff --git a/src/http.rs b/src/http.rs index 693650a..c33e2d0 100644 --- a/src/http.rs +++ b/src/http.rs @@ -401,7 +401,7 @@ impl ConnectionManager for HttpManager { } Ok(Box::new(HttpConnection::new( info, - self.credentials.clone(), + self.get_credentials().clone(), self.digest_state.clone(), )?)) } diff --git a/src/socks.rs b/src/socks.rs index a8e3494..0be1afb 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -274,8 +274,7 @@ impl ProxyHandler for SocksProxyImpl { } fn push_data(&mut self, event: IncomingDataEvent<'_>) -> Result<(), Error> { - let direction = event.direction; - let buffer = event.buffer; + let IncomingDataEvent { direction, buffer } = event; match direction { IncomingDirection::FromServer => { self.server_inbuf.extend(buffer.iter()); @@ -293,19 +292,17 @@ impl ProxyHandler for SocksProxyImpl { } fn consume_data(&mut self, dir: OutgoingDirection, size: usize) { - let buffer = if dir == OutgoingDirection::ToServer { - &mut self.server_outbuf - } else { - &mut self.client_outbuf + let buffer = match dir { + OutgoingDirection::ToServer => &mut self.server_outbuf, + OutgoingDirection::ToClient => &mut self.client_outbuf, }; buffer.drain(0..size); } fn peek_data(&mut self, dir: OutgoingDirection) -> OutgoingDataEvent { - let buffer = if dir == OutgoingDirection::ToServer { - &mut self.server_outbuf - } else { - &mut self.client_outbuf + let buffer = match dir { + OutgoingDirection::ToServer => &mut self.server_outbuf, + OutgoingDirection::ToClient => &mut self.client_outbuf, }; OutgoingDataEvent { direction: dir, @@ -349,7 +346,7 @@ impl ConnectionManager for SocksProxyManager { fn new_proxy_handler(&self, info: &ConnectionInfo, udp_associate: bool) -> Result> { use socks5_impl::protocol::Command::{Connect, UdpAssociate}; let command = if udp_associate { UdpAssociate } else { Connect }; - let credentials = self.credentials.clone(); + let credentials = self.get_credentials().clone(); Ok(Box::new(SocksProxyImpl::new(info, credentials, self.version, command)?)) } diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 1b9a440..4827827 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -56,8 +56,7 @@ impl ConnectionInfo { fn to_named(&self, name: String) -> Self { let mut result = self.clone(); result.dst = Address::from((name, result.dst.port())); - let p = self.protocol; - log::trace!("{p} replace dst \"{}\" -> \"{}\"", self.dst, result.dst); + log::trace!("{} replace dst \"{}\" -> \"{}\"", self.protocol, self.dst, result.dst); result } } @@ -68,31 +67,25 @@ impl std::fmt::Display for ConnectionInfo { } } -#[derive(Eq, PartialEq, Debug)] +#[derive(Clone, Copy, Eq, PartialEq, Debug)] pub(crate) enum IncomingDirection { FromServer, FromClient, } -#[derive(Eq, PartialEq, Debug)] +#[derive(Clone, Copy, Eq, PartialEq, Debug)] pub(crate) enum OutgoingDirection { ToServer, ToClient, } -#[derive(Eq, PartialEq, Debug)] +#[derive(Clone, Copy, Eq, PartialEq, Debug)] pub(crate) enum Direction { Incoming(IncomingDirection), Outgoing(OutgoingDirection), } -#[allow(dead_code)] -pub(crate) enum ConnectionEvent<'a> { - NewConnection(&'a ConnectionInfo), - ConnectionClosed(&'a ConnectionInfo), -} - -#[derive(Debug)] +#[derive(Clone, Eq, PartialEq, Debug)] pub(crate) struct DataEvent<'a, T> { pub(crate) direction: T, pub(crate) buffer: &'a [u8], @@ -190,10 +183,10 @@ struct ConnectionState { close_state: u8, wait_read: bool, wait_write: bool, + origin_dst: SocketAddr, udp_acco_expiry: Option<::std::time::Instant>, udp_socket: Option, udp_token: Option, - origin_dst: SocketAddr, udp_data_cache: LinkedList>, dns_over_tcp_expiry: Option<::std::time::Instant>, } @@ -217,7 +210,7 @@ pub(crate) trait ConnectionManager { } const TUN_TOKEN: Token = Token(0); -const EXIT_TOKEN: Token = Token(2); +const EXIT_TOKEN: Token = Token(1); pub struct TunToProxy<'a> { #[cfg(any(target_os = "linux", target_os = "android"))] @@ -228,7 +221,7 @@ pub struct TunToProxy<'a> { iface: Interface, connection_map: HashMap, connection_manager: Option>, - next_token: usize, + next_token_seed: usize, sockets: SocketSet<'a>, device: VirtualTunDevice, options: Options, @@ -297,7 +290,7 @@ impl<'a> TunToProxy<'a> { poll, iface, connection_map: HashMap::default(), - next_token: usize::from(EXIT_TOKEN) + 1, + next_token_seed: usize::from(EXIT_TOKEN), connection_manager: None, sockets: SocketSet::new([]), device, @@ -312,9 +305,8 @@ impl<'a> TunToProxy<'a> { } fn new_token(&mut self) -> Token { - let token = Token(self.next_token); - self.next_token += 1; - token + self.next_token_seed += 1; + Token(self.next_token_seed) } pub(crate) fn set_connection_manager(&mut self, manager: Option>) { From 2122cc0ba81dd803f6ee220f4a22587989dbccb2 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sat, 2 Sep 2023 20:39:58 +0800 Subject: [PATCH 116/401] useless close_connection removed --- src/http.rs | 2 -- src/socks.rs | 2 -- src/tun2proxy.rs | 1 - 3 files changed, 5 deletions(-) diff --git a/src/http.rs b/src/http.rs index c33e2d0..8aabf2f 100644 --- a/src/http.rs +++ b/src/http.rs @@ -406,8 +406,6 @@ impl ConnectionManager for HttpManager { )?)) } - fn close_connection(&self, _: &ConnectionInfo) {} - fn get_server_addr(&self) -> SocketAddr { self.server } diff --git a/src/socks.rs b/src/socks.rs index 0be1afb..216dd48 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -350,8 +350,6 @@ impl ConnectionManager for SocksProxyManager { Ok(Box::new(SocksProxyImpl::new(info, credentials, self.version, command)?)) } - fn close_connection(&self, _: &ConnectionInfo) {} - fn get_server_addr(&self) -> SocketAddr { self.server } diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 4827827..a8df375 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -204,7 +204,6 @@ pub(crate) trait ProxyHandler { pub(crate) trait ConnectionManager { fn new_proxy_handler(&self, info: &ConnectionInfo, udp_associate: bool) -> Result>; - fn close_connection(&self, info: &ConnectionInfo); fn get_server_addr(&self) -> SocketAddr; fn get_credentials(&self) -> &Option; } From 59fa5b155ed972d9521df567e7d2ff5d17ad82ca Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sat, 2 Sep 2023 21:26:58 +0800 Subject: [PATCH 117/401] get_credentials removed --- src/http.rs | 6 +----- src/socks.rs | 6 +----- src/tun2proxy.rs | 3 +-- 3 files changed, 3 insertions(+), 12 deletions(-) diff --git a/src/http.rs b/src/http.rs index 8aabf2f..4d3e5bb 100644 --- a/src/http.rs +++ b/src/http.rs @@ -401,7 +401,7 @@ impl ConnectionManager for HttpManager { } Ok(Box::new(HttpConnection::new( info, - self.get_credentials().clone(), + self.credentials.clone(), self.digest_state.clone(), )?)) } @@ -409,10 +409,6 @@ impl ConnectionManager for HttpManager { fn get_server_addr(&self) -> SocketAddr { self.server } - - fn get_credentials(&self) -> &Option { - &self.credentials - } } impl HttpManager { diff --git a/src/socks.rs b/src/socks.rs index 216dd48..7c62aa9 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -346,17 +346,13 @@ impl ConnectionManager for SocksProxyManager { fn new_proxy_handler(&self, info: &ConnectionInfo, udp_associate: bool) -> Result> { use socks5_impl::protocol::Command::{Connect, UdpAssociate}; let command = if udp_associate { UdpAssociate } else { Connect }; - let credentials = self.get_credentials().clone(); + let credentials = self.credentials.clone(); Ok(Box::new(SocksProxyImpl::new(info, credentials, self.version, command)?)) } fn get_server_addr(&self) -> SocketAddr { self.server } - - fn get_credentials(&self) -> &Option { - &self.credentials - } } impl SocksProxyManager { diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index a8df375..a2629c1 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -18,7 +18,7 @@ use smoltcp::{ time::Instant, wire::{IpCidr, IpProtocol, Ipv4Packet, Ipv6Packet, TcpPacket, UdpPacket, UDP_HEADER_LEN}, }; -use socks5_impl::protocol::{Address, StreamOperation, UdpHeader, UserKey}; +use socks5_impl::protocol::{Address, StreamOperation, UdpHeader}; use std::collections::LinkedList; #[cfg(target_family = "unix")] use std::os::unix::io::AsRawFd; @@ -205,7 +205,6 @@ pub(crate) trait ProxyHandler { pub(crate) trait ConnectionManager { fn new_proxy_handler(&self, info: &ConnectionInfo, udp_associate: bool) -> Result>; fn get_server_addr(&self) -> SocketAddr; - fn get_credentials(&self) -> &Option; } const TUN_TOKEN: Token = Token(0); From b8dab403e90763356d0bde7d5e76dbeeedb74ba9 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sun, 3 Sep 2023 10:40:40 +0800 Subject: [PATCH 118/401] reading code --- src/lib.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 4cbffa0..69d97c9 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -4,7 +4,7 @@ use crate::{ socks::SocksProxyManager, tun2proxy::{ConnectionManager, TunToProxy}, }; -use socks5_impl::protocol::{UserKey, Version}; +use socks5_impl::protocol::UserKey; use std::{ net::{SocketAddr, ToSocketAddrs}, rc::Rc, @@ -145,10 +145,10 @@ pub fn tun_to_proxy<'a>( let mut ttp = TunToProxy::new(interface, options)?; let credentials = proxy.credentials.clone(); let server = proxy.addr; - #[rustfmt::skip] + use socks5_impl::protocol::Version::{V4, V5}; let mgr = match proxy.proxy_type { - ProxyType::Socks4 => Rc::new(SocksProxyManager::new(server, Version::V4, credentials)) as Rc, - ProxyType::Socks5 => Rc::new(SocksProxyManager::new(server, Version::V5, credentials)) as Rc, + ProxyType::Socks4 => Rc::new(SocksProxyManager::new(server, V4, credentials)) as Rc, + ProxyType::Socks5 => Rc::new(SocksProxyManager::new(server, V5, credentials)) as Rc, ProxyType::Http => Rc::new(HttpManager::new(server, credentials)) as Rc, }; ttp.set_connection_manager(Some(mgr)); From 8b014322fc56b85e7b2689f5e03b17f312e717a4 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sun, 3 Sep 2023 11:31:41 +0800 Subject: [PATCH 119/401] Bump version 0.1.7 --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 4422225..416143f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -2,7 +2,7 @@ authors = ["B. Blechschmidt"] edition = "2021" name = "tun2proxy" -version = "0.1.6" +version = "0.1.7" [lib] crate-type = ["cdylib", "lib"] From ef6f67b97533539fe7056f73e56944022da8badd Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sun, 3 Sep 2023 18:20:02 +0800 Subject: [PATCH 120/401] remove_connection refactor --- src/tun2proxy.rs | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index a2629c1..a721a86 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -257,9 +257,8 @@ impl<'a> TunToProxy<'a> { .register(&mut exit_receiver, EXIT_TOKEN, Interest::READABLE)?; #[cfg(target_family = "unix")] - #[rustfmt::skip] let config = match tun.capabilities().medium { - Medium::Ethernet => Config::new(smoltcp::wire::EthernetAddress([0x02, 0x00, 0x00, 0x00, 0x00, 0x01]).into()), + Medium::Ethernet => Config::new(smoltcp::wire::EthernetAddress([0x02, 0, 0, 0, 0, 0x01]).into()), Medium::Ip => Config::new(smoltcp::wire::HardwareAddress::Ip), Medium::Ieee802154 => todo!(), }; @@ -350,16 +349,14 @@ impl<'a> TunToProxy<'a> { /// Destroy connection state machine fn remove_connection(&mut self, info: &ConnectionInfo) -> Result<(), Error> { if let Some(mut state) = self.connection_map.remove(info) { - _ = state.mio_stream.shutdown(Shutdown::Both); + self.expect_smoltcp_send()?; + if let Some(handle) = state.smoltcp_handle { let socket = self.sockets.get_mut::(handle); socket.close(); self.sockets.remove(handle); } - // FIXME: Does this line should be moved up to the beginning of this function? - self.expect_smoltcp_send()?; - if let Err(e) = self.poll.registry().deregister(&mut state.mio_stream) { // FIXME: The function `deregister` will frequently fail for unknown reasons. log::trace!("{}", e); @@ -371,6 +368,10 @@ impl<'a> TunToProxy<'a> { } } + if let Err(err) = state.mio_stream.shutdown(Shutdown::Both) { + log::debug!("Shutdown {} error \"{}\"", info, err); + } + log::info!("Close {}", info); } Ok(()) From f175813cc82105c0ef760a17383f4b3a7f7d2611 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sun, 3 Sep 2023 18:39:11 +0800 Subject: [PATCH 121/401] remove_connection refactor --- src/tun2proxy.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index a721a86..e3820ba 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -369,7 +369,7 @@ impl<'a> TunToProxy<'a> { } if let Err(err) = state.mio_stream.shutdown(Shutdown::Both) { - log::debug!("Shutdown {} error \"{}\"", info, err); + log::trace!("Shutdown {} error \"{}\"", info, err); } log::info!("Close {}", info); From c1b322a01e21e3698a59d0d67cc35fa1d8de2f34 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sun, 3 Sep 2023 19:08:20 +0800 Subject: [PATCH 122/401] log some errors --- src/tun2proxy.rs | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index e3820ba..ba71944 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -413,7 +413,9 @@ impl<'a> TunToProxy<'a> { .have_data(Direction::Outgoing(OutgoingDirection::ToServer)) { // Close remote server - _ = state.mio_stream.shutdown(Shutdown::Write); + if let Err(err) = state.mio_stream.shutdown(Shutdown::Write) { + log::trace!("Shutdown {} error \"{}\"", info, err); + } closed_ends += 1; } @@ -1050,9 +1052,13 @@ impl<'a> TunToProxy<'a> { // The handler request for reset the server connection if state.proxy_handler.reset_connection() { - _ = self.poll.registry().deregister(&mut state.mio_stream); + if let Err(err) = self.poll.registry().deregister(&mut state.mio_stream) { + log::trace!("{}", err); + } // Closes the connection with the proxy - state.mio_stream.shutdown(Shutdown::Both)?; + if let Err(err) = state.mio_stream.shutdown(Shutdown::Both) { + log::trace!("Shutdown error \"{}\"", err); + } log::info!("RESET {}", conn_info); From c723adce4f20166e0b7aa7534dac8da80e5449b9 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sun, 3 Sep 2023 22:27:37 +0800 Subject: [PATCH 123/401] reading code --- src/tun2proxy.rs | 33 +++++++++++++-------------------- 1 file changed, 13 insertions(+), 20 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index ba71944..46b6d68 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -176,7 +176,7 @@ const UDP_ASSO_TIMEOUT: u64 = 10; // seconds const DNS_PORT: u16 = 53; struct ConnectionState { - smoltcp_handle: Option, + smoltcp_handle: SocketHandle, mio_stream: TcpStream, token: Token, proxy_handler: Box, @@ -351,7 +351,8 @@ impl<'a> TunToProxy<'a> { if let Some(mut state) = self.connection_map.remove(info) { self.expect_smoltcp_send()?; - if let Some(handle) = state.smoltcp_handle { + { + let handle = state.smoltcp_handle; let socket = self.sockets.get_mut::(handle); socket.close(); self.sockets.remove(handle); @@ -369,7 +370,7 @@ impl<'a> TunToProxy<'a> { } if let Err(err) = state.mio_stream.shutdown(Shutdown::Both) { - log::trace!("Shutdown {} error \"{}\"", info, err); + log::trace!("Shutdown 0 {} error \"{}\"", info, err); } log::info!("Close {}", info); @@ -396,11 +397,10 @@ impl<'a> TunToProxy<'a> { .proxy_handler .have_data(Direction::Outgoing(OutgoingDirection::ToClient)) { - if let Some(handle) = state.smoltcp_handle { - // Close tun interface - let socket = self.sockets.get_mut::(handle); - socket.close(); - } + // Close tun interface + let socket = self.sockets.get_mut::(state.smoltcp_handle); + socket.close(); + closed_ends += 1; } @@ -414,7 +414,7 @@ impl<'a> TunToProxy<'a> { { // Close remote server if let Err(err) = state.mio_stream.shutdown(Shutdown::Write) { - log::trace!("Shutdown {} error \"{}\"", info, err); + log::trace!("Shutdown 1 {} error \"{}\"", info, err); } closed_ends += 1; } @@ -434,10 +434,7 @@ impl<'a> TunToProxy<'a> { Some(state) => state, None => return Ok(()), }; - let socket = match state.smoltcp_handle { - Some(handle) => self.sockets.get_mut::(handle), - None => return Ok(()), - }; + let socket = self.sockets.get_mut::(state.smoltcp_handle); let mut error = Ok(()); while socket.can_recv() && error.is_ok() { socket.recv(|data| { @@ -796,7 +793,7 @@ impl<'a> TunToProxy<'a> { (None, None) }; let state = ConnectionState { - smoltcp_handle: Some(handle), + smoltcp_handle: handle, mio_stream: client, token, proxy_handler, @@ -882,15 +879,11 @@ impl<'a> TunToProxy<'a> { fn write_to_client(&mut self, token: Token, info: &ConnectionInfo) -> Result<(), Error> { while let Some(state) = self.connection_map.get_mut(info) { - let handle = match state.smoltcp_handle { - Some(handle) => handle, - None => break, - }; let event = state.proxy_handler.peek_data(OutgoingDirection::ToClient); let buflen = event.buffer.len(); let consumed; { - let socket = self.sockets.get_mut::(handle); + let socket = self.sockets.get_mut::(state.smoltcp_handle); if socket.may_send() { if let Some(virtual_dns) = &mut self.options.virtual_dns { // Unwrapping is fine because every smoltcp socket is bound to an. @@ -1057,7 +1050,7 @@ impl<'a> TunToProxy<'a> { } // Closes the connection with the proxy if let Err(err) = state.mio_stream.shutdown(Shutdown::Both) { - log::trace!("Shutdown error \"{}\"", err); + log::trace!("Shutdown 2 error \"{}\"", err); } log::info!("RESET {}", conn_info); From cc46526af0e2e5dca61932fe222cc01e4a169c2f Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sun, 3 Sep 2023 23:04:54 +0800 Subject: [PATCH 124/401] process_incoming_tcp_packets --- src/tun2proxy.rs | 70 ++++++++++++++++++++++++++++-------------------- 1 file changed, 41 insertions(+), 29 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 46b6d68..75a36f9 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -690,6 +690,45 @@ impl<'a> TunToProxy<'a> { Ok(()) } + fn process_incoming_tcp_packets( + &mut self, + first_packet: bool, + manager: &Rc, + info: &ConnectionInfo, + origin_dst: SocketAddr, + frame: &[u8], + ) -> Result<()> { + if first_packet { + let proxy_handler = manager.new_proxy_handler(info, false)?; + let server = manager.get_server_addr(); + let state = self.create_new_tcp_connection_state(server, origin_dst, proxy_handler, false)?; + self.connection_map.insert(info.clone(), state); + + log::info!("Connect done {} ({})", info, origin_dst); + } else if !self.connection_map.contains_key(info) { + log::trace!("Drop middle session {} ({})", info, origin_dst); + return Ok(()); + } else { + log::trace!("Subsequent packet {} ({})", info, origin_dst); + } + + // Inject the packet to advance the remote proxy server smoltcp socket state + self.device.inject_packet(frame); + + // Having advanced the socket state, we expect the socket to ACK + // Exfiltrate the response packets generated by the socket and inject them + // into the tunnel interface. + self.expect_smoltcp_send()?; + + // Read from the smoltcp socket and push the data to the connection handler. + self.tunsocket_read_and_forward(info)?; + + // The connection handler builds up the connection or encapsulates the data. + // Therefore, we now expect it to write data to the server. + self.write_to_server(info)?; + Ok(()) + } + // A raw packet was received on the tunnel interface. fn receive_tun(&mut self, frame: &mut [u8]) -> Result<(), Error> { let mut handler = || -> Result<(), Error> { @@ -698,41 +737,14 @@ impl<'a> TunToProxy<'a> { log::debug!("{}, ignored", error); return Ok(()); } - let (info, _first_packet, payload_offset, payload_size) = result?; + let (info, first_packet, payload_offset, payload_size) = result?; let origin_dst = SocketAddr::try_from(&info.dst)?; let info = self.preprocess_origin_connection_info(info)?; let manager = self.get_connection_manager().ok_or("get connection manager")?; if info.protocol == IpProtocol::Tcp { - if _first_packet { - let proxy_handler = manager.new_proxy_handler(&info, false)?; - let server = manager.get_server_addr(); - let state = self.create_new_tcp_connection_state(server, origin_dst, proxy_handler, false)?; - self.connection_map.insert(info.clone(), state); - - log::info!("Connect done {} ({})", info, origin_dst); - } else if !self.connection_map.contains_key(&info) { - log::trace!("Drop middle session {} ({})", info, origin_dst); - return Ok(()); - } else { - log::trace!("Subsequent packet {} ({})", info, origin_dst); - } - - // Inject the packet to advance the remote proxy server smoltcp socket state - self.device.inject_packet(frame); - - // Having advanced the socket state, we expect the socket to ACK - // Exfiltrate the response packets generated by the socket and inject them - // into the tunnel interface. - self.expect_smoltcp_send()?; - - // Read from the smoltcp socket and push the data to the connection handler. - self.tunsocket_read_and_forward(&info)?; - - // The connection handler builds up the connection or encapsulates the data. - // Therefore, we now expect it to write data to the server. - self.write_to_server(&info)?; + self.process_incoming_tcp_packets(first_packet, &manager, &info, origin_dst, frame)?; } else if info.protocol == IpProtocol::Udp { let port = info.dst.port(); let payload = &frame[payload_offset..payload_offset + payload_size]; From b5d8f0ee48f120cf249010547d5dc7dcd56d2e1e Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Tue, 26 Sep 2023 18:25:59 +0800 Subject: [PATCH 125/401] EXIT_TRIGGER_TOKEN --- src/error.rs | 11 +++++- src/lib.rs | 6 ++++ src/main.rs | 8 ++++- src/tun2proxy.rs | 94 ++++++++++++++++++++++++++++++++++++++++++------ 4 files changed, 106 insertions(+), 13 deletions(-) diff --git a/src/error.rs b/src/error.rs index 18c625d..2e3d393 100644 --- a/src/error.rs +++ b/src/error.rs @@ -6,7 +6,7 @@ pub enum Error { #[error("ctrlc::Error {0:?}")] InterruptHandler(#[from] ctrlc::Error), - #[error("std::io::Error {0}")] + #[error(transparent)] Io(#[from] std::io::Error), #[error("TryFromIntError {0:?}")] @@ -84,4 +84,13 @@ impl From<&String> for Error { } } +impl From for std::io::Error { + fn from(err: Error) -> Self { + match err { + Error::Io(err) => err, + _ => std::io::Error::new(std::io::ErrorKind::Other, err), + } + } +} + pub type Result = std::result::Result; diff --git a/src/lib.rs b/src/lib.rs index 69d97c9..85e9768 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -102,6 +102,7 @@ pub struct Options { dns_over_tcp: bool, dns_addr: Option, ipv6_enabled: bool, + bypass_ip: Option, } impl Options { @@ -135,6 +136,11 @@ impl Options { self.mtu = Some(mtu); self } + + pub fn with_bypass_ip(mut self, ip: Option) -> Self { + self.bypass_ip = ip; + self + } } pub fn tun_to_proxy<'a>( diff --git a/src/main.rs b/src/main.rs index c513d1d..dfaae3d 100644 --- a/src/main.rs +++ b/src/main.rs @@ -110,12 +110,18 @@ fn main() -> ExitCode { Some(_fd) => { options = options.with_mtu(args.tun_mtu); #[cfg(not(target_family = "unix"))] - panic!("Not supported"); + panic!("Not supported file descriptor"); #[cfg(target_family = "unix")] NetworkInterface::Fd(_fd) } }; + let bypass_tun_ip = match args.bypass_ip { + Some(addr) => addr, + None => args.proxy.addr.ip(), + }; + options = options.with_bypass_ip(Some(bypass_tun_ip)); + let block = || -> Result<(), Error> { #[cfg(target_os = "linux")] { diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 75a36f9..c5c18d9 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -208,7 +208,9 @@ pub(crate) trait ConnectionManager { } const TUN_TOKEN: Token = Token(0); -const EXIT_TOKEN: Token = Token(1); +const PIPE_TOKEN: Token = Token(1); +const EXIT_TRIGGER_TOKEN: Token = Token(2); +const EXIT_TOKEN: Token = Token(10); pub struct TunToProxy<'a> { #[cfg(any(target_os = "linux", target_os = "android"))] @@ -225,9 +227,9 @@ pub struct TunToProxy<'a> { options: Options, write_sockets: HashSet, #[cfg(target_family = "unix")] - _exit_receiver: mio::unix::pipe::Receiver, + exit_receiver: mio::unix::pipe::Receiver, #[cfg(target_family = "unix")] - exit_sender: mio::unix::pipe::Sender, + exit_trigger: Option, } impl<'a> TunToProxy<'a> { @@ -251,7 +253,11 @@ impl<'a> TunToProxy<'a> { .register(&mut SourceFd(&tun.as_raw_fd()), TUN_TOKEN, Interest::READABLE)?; #[cfg(target_family = "unix")] - let (exit_sender, mut exit_receiver) = mio::unix::pipe::new()?; + let (mut exit_trigger, mut exit_receiver) = mio::unix::pipe::new()?; + + #[cfg(target_family = "unix")] + poll.registry() + .register(&mut exit_trigger, EXIT_TRIGGER_TOKEN, Interest::WRITABLE)?; #[cfg(target_family = "unix")] poll.registry() .register(&mut exit_receiver, EXIT_TOKEN, Interest::READABLE)?; @@ -294,9 +300,9 @@ impl<'a> TunToProxy<'a> { options, write_sockets: HashSet::default(), #[cfg(target_family = "unix")] - _exit_receiver: exit_receiver, + exit_receiver, #[cfg(target_family = "unix")] - exit_sender, + exit_trigger: Some(exit_trigger), }; Ok(tun) } @@ -704,7 +710,7 @@ impl<'a> TunToProxy<'a> { let state = self.create_new_tcp_connection_state(server, origin_dst, proxy_handler, false)?; self.connection_map.insert(info.clone(), state); - log::info!("Connect done {} ({})", info, origin_dst); + log::info!("{} ({})", info, origin_dst); } else if !self.connection_map.contains_key(info) { log::trace!("Drop middle session {} ({})", info, origin_dst); return Ok(()); @@ -933,6 +939,10 @@ impl<'a> TunToProxy<'a> { Ok(()) } + fn pipe_event(&mut self, _event: &Event) -> Result<(), Error> { + Ok(()) + } + fn send_to_smoltcp(&mut self) -> Result<(), Error> { for token in self.write_sockets.clone().into_iter() { if let Some(connection) = self.find_info_by_token(token) { @@ -1109,7 +1119,40 @@ impl<'a> TunToProxy<'a> { Ok(()) } + #[cfg(any(target_os = "linux", target_os = "macos"))] + fn prepare_exiting_signal_trigger(&mut self) -> Result<()> { + let mut exit_trigger = self.exit_trigger.take().ok_or("Already running")?; + ctrlc::set_handler(move || { + let mut count = 0; + loop { + match exit_trigger.write(b"EXIT") { + Ok(_) => { + log::trace!("Exit signal triggered successfully"); + break; + } + Err(err) if err.kind() == std::io::ErrorKind::WouldBlock => { + if count > 5 { + log::error!("Send exit signal failed 5 times, exit anyway"); + std::process::exit(1); + } + log::trace!("Send exit signal failed, retry in 1 second"); + std::thread::sleep(std::time::Duration::from_secs(1)); + count += 1; + } + Err(err) => { + println!("Failed to send exit signal: \"{}\"", err); + break; + } + } + } + })?; + Ok(()) + } + pub fn run(&mut self) -> Result<(), Error> { + #[cfg(any(target_os = "linux", target_os = "macos"))] + self.prepare_exiting_signal_trigger()?; + let mut events = Events::with_capacity(1024); loop { if let Err(err) = self.poll.poll(&mut events, None) { @@ -1122,10 +1165,16 @@ impl<'a> TunToProxy<'a> { for event in events.iter() { match event.token() { EXIT_TOKEN => { - log::info!("Exiting tun2proxy..."); - return Ok(()); + if self.exiting_event_handler()? { + return Ok(()); + } + } + EXIT_TRIGGER_TOKEN => { + #[cfg(target_family = "unix")] + log::trace!("Exiting trigger is ready, {:?}", self.exit_trigger); } TUN_TOKEN => self.tun_event(event)?, + PIPE_TOKEN => self.pipe_event(event)?, _ => self.mio_socket_event(event)?, } } @@ -1135,9 +1184,32 @@ impl<'a> TunToProxy<'a> { } } + #[cfg(target_family = "unix")] + fn exiting_event_handler(&mut self) -> Result { + let mut buffer = vec![0; 100]; + match self.exit_receiver.read(&mut buffer) { + Ok(size) => { + log::trace!("Received exit signal: {:?}", &buffer[..size]); + log::info!("Exiting tun2proxy..."); + Ok(true) + } + Err(err) if err.kind() == std::io::ErrorKind::WouldBlock => { + log::trace!("Exiting reciever is ready"); + Ok(false) + } + Err(err) => Err(err.into()), + } + } + + #[cfg(target_os = "windows")] + fn exiting_event_handler(&mut self) -> Result { + Ok(true) + } + + #[cfg(target_family = "unix")] pub fn shutdown(&mut self) -> Result<(), Error> { - #[cfg(target_family = "unix")] - self.exit_sender.write_all(&[1])?; + log::debug!("Shutdown tun2proxy..."); + _ = self.exit_trigger.as_mut().ok_or("Already triggered")?.write(b"EXIT")?; Ok(()) } } From d4568c4676cdc431a3098855012c5ae1f8154144 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Wed, 27 Sep 2023 19:27:19 +0800 Subject: [PATCH 126/401] read_data_from_tcp_stream --- src/tun2proxy.rs | 70 +++++++++++++++++++++++++----------------------- 1 file changed, 37 insertions(+), 33 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index c5c18d9..9218cb9 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -567,23 +567,11 @@ impl<'a> TunToProxy<'a> { assert!(state.dns_over_tcp_expiry.is_some()); state.dns_over_tcp_expiry = Some(Self::common_udp_life_timeout()); - // Code similar to the code in parent function. TODO: Cleanup. - let mut vecbuf = Vec::::new(); - let read_result = state.mio_stream.read_to_end(&mut vecbuf); - let read = match read_result { - Ok(read_result) => read_result, - Err(error) => { - if error.kind() != std::io::ErrorKind::WouldBlock { - log::error!("{} Read from proxy: {}", info.dst, error); - } - vecbuf.len() - } - }; + let vecbuf = Self::read_data_from_tcp_stream(&mut state.mio_stream, info)?; - let data = vecbuf.as_slice(); let data_event = IncomingDataEvent { direction: IncomingDirection::FromServer, - buffer: &data[0..read], + buffer: &vecbuf, }; if let Err(error) = state.proxy_handler.push_data(data_event) { log::error!("{}", error); @@ -881,14 +869,13 @@ impl<'a> TunToProxy<'a> { state.wait_write = written < buffer_size; Self::update_mio_socket_interest(&mut self.poll, state)?; } - Err(error) if error.kind() != std::io::ErrorKind::WouldBlock => { - return Err(error.into()); - } - _ => { - // WOULDBLOCK case + Err(error) if error.kind() == std::io::ErrorKind::WouldBlock => { state.wait_write = true; Self::update_mio_socket_interest(&mut self.poll, state)?; } + Err(error) => { + return Err(error.into()); + } } } self.check_change_close_state(info)?; @@ -1042,22 +1029,11 @@ impl<'a> TunToProxy<'a> { let state = self.connection_map.get_mut(&conn_info).ok_or(e)?; // TODO: Move this reading process to its own function. - let mut vecbuf = Vec::::new(); - let read_result = state.mio_stream.read_to_end(&mut vecbuf); - let read = match read_result { - Ok(read_result) => read_result, - Err(error) => { - if error.kind() != std::io::ErrorKind::WouldBlock { - log::error!("{} Read from proxy: {}", conn_info.dst, error); - } - vecbuf.len() - } - }; + let vecbuf = Self::read_data_from_tcp_stream(&mut state.mio_stream, &conn_info)?; - let data = vecbuf.as_slice(); let data_event = IncomingDataEvent { direction: IncomingDirection::FromServer, - buffer: &data[0..read], + buffer: &vecbuf, }; if let Err(error) = state.proxy_handler.push_data(data_event) { log::error!("{}", error); @@ -1087,7 +1063,7 @@ impl<'a> TunToProxy<'a> { return Ok(()); } - if read == 0 || event.is_read_closed() { + if vecbuf.len() == 0 || event.is_read_closed() { state.wait_read = false; state.close_state |= SERVER_WRITE_CLOSED; Self::update_mio_socket_interest(&mut self.poll, state)?; @@ -1119,6 +1095,34 @@ impl<'a> TunToProxy<'a> { Ok(()) } + fn read_data_from_tcp_stream(stream: &mut TcpStream, conn_info: &ConnectionInfo) -> Result> { + let mut vecbuf = Vec::::new(); + loop { + let mut tmp: [u8; 4096] = [0_u8; 4096]; + match stream.read(&mut tmp) { + Ok(0) => { + log::info!("{} closed", conn_info); + break; + } + Ok(read_result) => { + vecbuf.extend_from_slice(&tmp[0..read_result]); + } + Err(error) => { + if error.kind() == std::io::ErrorKind::WouldBlock { + // We have read all available data. + break; + } else if error.kind() == std::io::ErrorKind::Interrupted { + // Hardware or software interrupt, continue polling. + continue; + } else { + return Err(error.into()); + } + } + }; + } + Ok(vecbuf) + } + #[cfg(any(target_os = "linux", target_os = "macos"))] fn prepare_exiting_signal_trigger(&mut self) -> Result<()> { let mut exit_trigger = self.exit_trigger.take().ok_or("Already running")?; From a54e6ae23e34dbc30a04dbda5d0154bf9f70a9aa Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Wed, 27 Sep 2023 19:32:28 +0800 Subject: [PATCH 127/401] minor changes --- src/tun2proxy.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 9218cb9..5aeccbb 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -1063,7 +1063,7 @@ impl<'a> TunToProxy<'a> { return Ok(()); } - if vecbuf.len() == 0 || event.is_read_closed() { + if vecbuf.is_empty() || event.is_read_closed() { state.wait_read = false; state.close_state |= SERVER_WRITE_CLOSED; Self::update_mio_socket_interest(&mut self.poll, state)?; From 03aa70f3c2f82a2c0c57c857d252f473c9051981 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Wed, 27 Sep 2023 23:24:22 +0800 Subject: [PATCH 128/401] minor changes --- src/tun2proxy.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 5aeccbb..1ecdab7 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -567,7 +567,7 @@ impl<'a> TunToProxy<'a> { assert!(state.dns_over_tcp_expiry.is_some()); state.dns_over_tcp_expiry = Some(Self::common_udp_life_timeout()); - let vecbuf = Self::read_data_from_tcp_stream(&mut state.mio_stream, info)?; + let vecbuf = Self::read_data_from_tcp_stream(&mut state.mio_stream)?; let data_event = IncomingDataEvent { direction: IncomingDirection::FromServer, @@ -1029,7 +1029,7 @@ impl<'a> TunToProxy<'a> { let state = self.connection_map.get_mut(&conn_info).ok_or(e)?; // TODO: Move this reading process to its own function. - let vecbuf = Self::read_data_from_tcp_stream(&mut state.mio_stream, &conn_info)?; + let vecbuf = Self::read_data_from_tcp_stream(&mut state.mio_stream)?; let data_event = IncomingDataEvent { direction: IncomingDirection::FromServer, @@ -1095,13 +1095,13 @@ impl<'a> TunToProxy<'a> { Ok(()) } - fn read_data_from_tcp_stream(stream: &mut TcpStream, conn_info: &ConnectionInfo) -> Result> { + fn read_data_from_tcp_stream(stream: &mut TcpStream) -> Result> { let mut vecbuf = Vec::::new(); loop { let mut tmp: [u8; 4096] = [0_u8; 4096]; match stream.read(&mut tmp) { Ok(0) => { - log::info!("{} closed", conn_info); + // The tcp connection closed break; } Ok(read_result) => { From 05cb35fabb22369eceb6cfddbc5a9992e8758ad5 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Thu, 28 Sep 2023 11:48:54 +0800 Subject: [PATCH 129/401] read_data_from_tcp_stream for callback --- src/tun2proxy.rs | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 1ecdab7..f23d3dd 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -567,7 +567,11 @@ impl<'a> TunToProxy<'a> { assert!(state.dns_over_tcp_expiry.is_some()); state.dns_over_tcp_expiry = Some(Self::common_udp_life_timeout()); - let vecbuf = Self::read_data_from_tcp_stream(&mut state.mio_stream)?; + let mut vecbuf = vec![]; + Self::read_data_from_tcp_stream(&mut state.mio_stream, |data| { + vecbuf.extend_from_slice(data); + Ok(()) + })?; let data_event = IncomingDataEvent { direction: IncomingDirection::FromServer, @@ -1029,7 +1033,11 @@ impl<'a> TunToProxy<'a> { let state = self.connection_map.get_mut(&conn_info).ok_or(e)?; // TODO: Move this reading process to its own function. - let vecbuf = Self::read_data_from_tcp_stream(&mut state.mio_stream)?; + let mut vecbuf = vec![]; + Self::read_data_from_tcp_stream(&mut state.mio_stream, |data| { + vecbuf.extend_from_slice(data); + Ok(()) + })?; let data_event = IncomingDataEvent { direction: IncomingDirection::FromServer, @@ -1095,17 +1103,19 @@ impl<'a> TunToProxy<'a> { Ok(()) } - fn read_data_from_tcp_stream(stream: &mut TcpStream) -> Result> { - let mut vecbuf = Vec::::new(); + fn read_data_from_tcp_stream(stream: &mut TcpStream, mut callback: F) -> Result<()> + where + F: FnMut(&mut [u8]) -> Result<()>, + { + let mut tmp: [u8; 4096] = [0_u8; 4096]; loop { - let mut tmp: [u8; 4096] = [0_u8; 4096]; match stream.read(&mut tmp) { Ok(0) => { // The tcp connection closed break; } Ok(read_result) => { - vecbuf.extend_from_slice(&tmp[0..read_result]); + callback(&mut tmp[0..read_result])?; } Err(error) => { if error.kind() == std::io::ErrorKind::WouldBlock { @@ -1120,7 +1130,7 @@ impl<'a> TunToProxy<'a> { } }; } - Ok(vecbuf) + Ok(()) } #[cfg(any(target_os = "linux", target_os = "macos"))] From c0c7fda89120978272c6405320ee8fceca7bbb11 Mon Sep 17 00:00:00 2001 From: PaperDragon-SH <2678885646@qq.com> Date: Wed, 30 Aug 2023 14:59:54 +0800 Subject: [PATCH 130/401] docker support --- Dockerfile | 28 ++++++++++++++++++++++++++++ README.md | 24 ++++++++++++++++++++++++ docker/entrypoint.sh | 29 +++++++++++++++++++++++++++++ 3 files changed, 81 insertions(+) create mode 100644 Dockerfile create mode 100644 docker/entrypoint.sh diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..59479b6 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,28 @@ +#################################################################################################### +## Builder +#################################################################################################### +FROM rust:latest AS builder + +WORKDIR /worker +COPY ./ . +RUN cargo build --release --target x86_64-unknown-linux-gnu + + +#################################################################################################### +## Final image +#################################################################################################### +FROM ubuntu:latest +WORKDIR /app + +ENV TUN=tun0 +ENV PROXY= +ENV DNS=virtual +ENV MODE=auto +ENV BYPASS_IP= + +RUN apt update && apt install -y iproute2 curl && apt clean all + +COPY --from=builder /worker/target/x86_64-unknown-linux-gnu/release/tun2proxy /usr/bin/tun2proxy +COPY --from=builder /worker/docker/entrypoint.sh /app + +ENTRYPOINT ["/app/entrypoint.sh"] diff --git a/README.md b/README.md index 4b245e0..0c19917 100644 --- a/README.md +++ b/README.md @@ -108,6 +108,30 @@ Currently, tun2proxy supports HTTP, SOCKS4/SOCKS4a and SOCKS5. A proxy is suppli URL format. For example, an HTTP proxy at `1.2.3.4:3128` with a username of `john.doe` and a password of `secret` is supplied as `--proxy http://john.doe:secret@1.2.3.4:3128`. This works analogously to curl's `--proxy` argument. +## Docker Support + +```bash +docker run -d \ + -e PROXY=PROXY_TYPE://PROXY_IP:PROXY_PORT \ + -v /dev/net/tun:/dev/net/tun \ + --sysctl net.ipv6.conf.all.disable_ipv6=0 \ + --sysctl net.ipv6.conf.default.disable_ipv6=0 \ + --cap-add NET_ADMIN \ + --name tun2proxy \ + image:tags +``` + +Provide a network to another worker container. (share netns). + +```bash +docker run -it \ + -d \ + --network "container:tun2proxy" \ + worker-example:tags +``` + + + ## Configuration Tips ### DNS When DNS resolution is performed by a service on your machine or through a server in your local network, DNS resolution diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh new file mode 100644 index 0000000..a923180 --- /dev/null +++ b/docker/entrypoint.sh @@ -0,0 +1,29 @@ +#!/bin/bash + + +run() { + if [ -n "$BYPASS_IP" ]; then + BYPASS_IP="--bypass-ip $BYPASS_IP" + fi + + if [ -n "$DNS" ]; then + DNS="--dns $DNS" + fi + + if [ -n "$MODE" ]; then + MODE="--setup $MODE" + fi + + if [ -n "$PROXY" ]; then + PROXY="--proxy $PROXY" + fi + + if [ -n "$TUN" ]; then + TUN="--tun $TUN" + fi + + exec tun2proxy $TUN $PROXY $DNS $MODE $BYPASS_IP +} + + +run || echo "Runing ERROR!!" From fc4d29dd2e410461e6edcf09abd58e3a2d201a5d Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Sun, 1 Oct 2023 19:19:42 +0200 Subject: [PATCH 131/401] Make Docker entrypoint executable --- docker/entrypoint.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 docker/entrypoint.sh diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh old mode 100644 new mode 100755 From d75488f1d863ab4ef604e16e323b842890a592d9 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Sun, 1 Oct 2023 19:37:33 +0200 Subject: [PATCH 132/401] Improve Docker support description --- README.md | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 0c19917..691c7eb 100644 --- a/README.md +++ b/README.md @@ -109,6 +109,13 @@ URL format. For example, an HTTP proxy at `1.2.3.4:3128` with a username of `joh supplied as `--proxy http://john.doe:secret@1.2.3.4:3128`. This works analogously to curl's `--proxy` argument. ## Docker Support +Tun2proxy can serve as a proxy for other Docker containers. To make use of that feature, first build the image: + +```bash +docker build -t tun2proxy . +``` + +Next, start a container from the tun2proxy image: ```bash docker run -d \ @@ -118,20 +125,18 @@ docker run -d \ --sysctl net.ipv6.conf.default.disable_ipv6=0 \ --cap-add NET_ADMIN \ --name tun2proxy \ - image:tags + tun2proxy ``` -Provide a network to another worker container. (share netns). +You can then provide the running container's network to another worker container by sharing the network namespace: ```bash docker run -it \ -d \ --network "container:tun2proxy" \ - worker-example:tags + ubuntu:latest ``` - - ## Configuration Tips ### DNS When DNS resolution is performed by a service on your machine or through a server in your local network, DNS resolution From c1ea5f1af2772318addc6745106e2e0da09cfd79 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Tue, 3 Oct 2023 11:39:06 +0800 Subject: [PATCH 133/401] rename bypass_ip to bypass (#66) --- README.md | 2 +- docker/entrypoint.sh | 2 +- src/lib.rs | 6 +++--- src/main.rs | 12 ++++++------ src/tun2proxy.rs | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 691c7eb..db598a7 100644 --- a/README.md +++ b/README.md @@ -99,7 +99,7 @@ Options: --dns-addr DNS resolver address [default: 8.8.8.8] -6, --ipv6-enabled IPv6 enabled -s, --setup Routing and system setup [possible values: auto] - --bypass-ip Public proxy IP used in routing setup which should bypassing the tunnel + -b, --bypass Public proxy IP used in routing setup which should bypassing the tunnel -v, --verbosity Verbosity level [default: info] [possible values: off, error, warn, info, debug, trace] -h, --help Print help -V, --version Print version diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index a923180..f0e9e5c 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -3,7 +3,7 @@ run() { if [ -n "$BYPASS_IP" ]; then - BYPASS_IP="--bypass-ip $BYPASS_IP" + BYPASS_IP="--bypass $BYPASS_IP" fi if [ -n "$DNS" ]; then diff --git a/src/lib.rs b/src/lib.rs index 85e9768..537f0c2 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -102,7 +102,7 @@ pub struct Options { dns_over_tcp: bool, dns_addr: Option, ipv6_enabled: bool, - bypass_ip: Option, + bypass: Option, } impl Options { @@ -137,8 +137,8 @@ impl Options { self } - pub fn with_bypass_ip(mut self, ip: Option) -> Self { - self.bypass_ip = ip; + pub fn with_bypass(mut self, ip: Option) -> Self { + self.bypass = ip; self } } diff --git a/src/main.rs b/src/main.rs index dfaae3d..404c341 100644 --- a/src/main.rs +++ b/src/main.rs @@ -42,8 +42,8 @@ struct Args { setup: Option, /// Public proxy IP used in routing setup which should bypassing the tunnel - #[arg(long, value_name = "IP")] - bypass_ip: Option, + #[arg(short, long, value_name = "IP")] + bypass: Option, /// Verbosity level #[arg(short, long, value_name = "level", value_enum, default_value = "info")] @@ -116,22 +116,22 @@ fn main() -> ExitCode { } }; - let bypass_tun_ip = match args.bypass_ip { + let bypass_tun_ip = match args.bypass { Some(addr) => addr, None => args.proxy.addr.ip(), }; - options = options.with_bypass_ip(Some(bypass_tun_ip)); + options = options.with_bypass(Some(bypass_tun_ip)); let block = || -> Result<(), Error> { #[cfg(target_os = "linux")] { let mut setup: Setup; if args.setup == Some(ArgSetup::Auto) { - let bypass_tun_ip = match args.bypass_ip { + let bypass_tun_ip = match args.bypass { Some(addr) => addr, None => args.proxy.addr.ip(), }; - setup = Setup::new(&args.tun, &bypass_tun_ip, get_default_cidrs(), args.bypass_ip.is_some()); + setup = Setup::new(&args.tun, &bypass_tun_ip, get_default_cidrs(), args.bypass.is_some()); setup.configure()?; diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index f23d3dd..6ae46ba 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -1154,7 +1154,7 @@ impl<'a> TunToProxy<'a> { count += 1; } Err(err) => { - println!("Failed to send exit signal: \"{}\"", err); + log::error!("Failed to send exit signal: \"{}\"", err); break; } } From 61690145646848e1212f8579c718b91e2b66aed2 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Tue, 3 Oct 2023 14:20:16 +0800 Subject: [PATCH 134/401] Bump Version 0.1.8 --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 416143f..193efad 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -2,7 +2,7 @@ authors = ["B. Blechschmidt"] edition = "2021" name = "tun2proxy" -version = "0.1.7" +version = "0.1.8" [lib] crate-type = ["cdylib", "lib"] From cea0e0fa271d669d1af0770f6d8482bc7ea03814 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Sun, 8 Oct 2023 12:27:32 +0200 Subject: [PATCH 135/401] Resort to writing to /etc/resolv.conf directly if mount permissions are missing --- src/setup.rs | 42 +++++++++++++++++++++++++++++------------- 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/src/setup.rs b/src/setup.rs index c273ea5..a969649 100644 --- a/src/setup.rs +++ b/src/setup.rs @@ -155,12 +155,7 @@ impl Setup { Ok(false) } - fn setup_resolv_conf() -> Result<(), Error> { - let fd = nix::fcntl::open( - "/tmp/tun2proxy-resolv.conf", - nix::fcntl::OFlag::O_RDWR | nix::fcntl::OFlag::O_CLOEXEC | nix::fcntl::OFlag::O_CREAT, - nix::sys::stat::Mode::from_bits(0o644).unwrap(), - )?; + fn write_nameserver(fd: RawFd) -> Result<(), Error> { let data = "nameserver 198.18.0.1\n".as_bytes(); let mut written = 0; loop { @@ -170,14 +165,35 @@ impl Setup { written += nix::unistd::write(fd, &data[written..])?; } nix::sys::stat::fchmod(fd, nix::sys::stat::Mode::from_bits(0o444).unwrap())?; - let source = format!("/proc/self/fd/{}", fd); - nix::mount::mount( - source.as_str().into(), - "/etc/resolv.conf", - "".into(), - nix::mount::MsFlags::MS_BIND, - "".into(), + Ok(()) + } + + fn setup_resolv_conf() -> Result<(), Error> { + let mut fd = nix::fcntl::open( + "/tmp/tun2proxy-resolv.conf", + nix::fcntl::OFlag::O_RDWR | nix::fcntl::OFlag::O_CLOEXEC | nix::fcntl::OFlag::O_CREAT, + nix::sys::stat::Mode::from_bits(0o644).unwrap(), )?; + Self::write_nameserver(fd)?; + let source = format!("/proc/self/fd/{}", fd); + if Ok(()) + != nix::mount::mount( + source.as_str().into(), + "/etc/resolv.conf", + "".into(), + nix::mount::MsFlags::MS_BIND, + "".into(), + ) + { + log::warn!("failed to bind mount custom resolv.conf onto /etc/resolv.conf, resorting to direct write"); + nix::unistd::close(fd)?; + fd = nix::fcntl::open( + "/etc/resolv.conf", + nix::fcntl::OFlag::O_WRONLY | nix::fcntl::OFlag::O_CLOEXEC | nix::fcntl::OFlag::O_TRUNC, + nix::sys::stat::Mode::from_bits(0o644).unwrap(), + )?; + Self::write_nameserver(fd)?; + } nix::unistd::close(fd)?; Ok(()) } From 299b51667d719f960772b3435096ff336b91c733 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Sun, 8 Oct 2023 13:09:37 +0200 Subject: [PATCH 136/401] Restore /etc/resolv.conf if it was written directly --- src/setup.rs | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/src/setup.rs b/src/setup.rs index a969649..51e004f 100644 --- a/src/setup.rs +++ b/src/setup.rs @@ -6,6 +6,7 @@ use smoltcp::wire::IpCidr; use std::{ convert::TryFrom, ffi::OsStr, + fs, io::BufRead, net::{IpAddr, Ipv4Addr, Ipv6Addr}, os::unix::io::RawFd, @@ -22,6 +23,8 @@ pub struct Setup { set_up: bool, delete_proxy_route: bool, child: libc::pid_t, + unmount_resolvconf: bool, + restore_resolvconf_data: Option>, } pub fn get_default_cidrs() -> [IpCidr; 4] { @@ -86,6 +89,8 @@ impl Setup { set_up: false, delete_proxy_route: false, child: 0, + unmount_resolvconf: false, + restore_resolvconf_data: None, } } @@ -155,8 +160,7 @@ impl Setup { Ok(false) } - fn write_nameserver(fd: RawFd) -> Result<(), Error> { - let data = "nameserver 198.18.0.1\n".as_bytes(); + fn write_buffer_to_fd(fd: RawFd, data: &[u8]) -> Result<(), Error> { let mut written = 0; loop { if written >= data.len() { @@ -164,11 +168,17 @@ impl Setup { } written += nix::unistd::write(fd, &data[written..])?; } + Ok(()) + } + + fn write_nameserver(fd: RawFd) -> Result<(), Error> { + let data = "nameserver 198.18.0.1\n".as_bytes(); + Self::write_buffer_to_fd(fd, data)?; nix::sys::stat::fchmod(fd, nix::sys::stat::Mode::from_bits(0o444).unwrap())?; Ok(()) } - fn setup_resolv_conf() -> Result<(), Error> { + fn setup_resolv_conf(&mut self) -> Result<(), Error> { let mut fd = nix::fcntl::open( "/tmp/tun2proxy-resolv.conf", nix::fcntl::OFlag::O_RDWR | nix::fcntl::OFlag::O_CLOEXEC | nix::fcntl::OFlag::O_CREAT, @@ -187,12 +197,17 @@ impl Setup { { log::warn!("failed to bind mount custom resolv.conf onto /etc/resolv.conf, resorting to direct write"); nix::unistd::close(fd)?; + + self.restore_resolvconf_data = Some(fs::read("/etc/resolv.conf")?); + fd = nix::fcntl::open( "/etc/resolv.conf", nix::fcntl::OFlag::O_WRONLY | nix::fcntl::OFlag::O_CLOEXEC | nix::fcntl::OFlag::O_TRUNC, nix::sys::stat::Mode::from_bits(0o644).unwrap(), )?; Self::write_nameserver(fd)?; + } else { + self.unmount_resolvconf = true; } nix::unistd::close(fd)?; Ok(()) @@ -225,7 +240,12 @@ impl Setup { .args(["route", "del", self.tunnel_bypass_addr.to_string().as_str()]) .output(); } - nix::mount::umount("/etc/resolv.conf")?; + if self.unmount_resolvconf { + nix::mount::umount("/etc/resolv.conf")?; + } + if let Some(data) = &self.restore_resolvconf_data { + fs::write("/etc/resolv.conf", data)?; + } Ok(()) } @@ -250,7 +270,7 @@ impl Setup { let delete_proxy_route = self.route_proxy_address()?; self.delete_proxy_route = delete_proxy_route; - Self::setup_resolv_conf()?; + self.setup_resolv_conf()?; self.add_tunnel_routes()?; // Signal to child that we are done setting up everything. From b50cac82c07149b32bae8a128f2bad618dbab2d5 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Tue, 10 Oct 2023 14:22:33 +0800 Subject: [PATCH 137/401] Memory exhaustion (#69) --- src/http.rs | 10 +++++----- src/socks.rs | 10 +++++----- src/tun2proxy.rs | 25 ++++++++++++------------- 3 files changed, 22 insertions(+), 23 deletions(-) diff --git a/src/http.rs b/src/http.rs index 4d3e5bb..7ebd02e 100644 --- a/src/http.rs +++ b/src/http.rs @@ -366,15 +366,15 @@ impl ProxyHandler for HttpConnection { self.state == HttpState::Established } - fn have_data(&mut self, dir: Direction) -> bool { + fn data_len(&self, dir: Direction) -> usize { match dir { Direction::Incoming(incoming) => match incoming { - IncomingDirection::FromServer => !self.server_inbuf.is_empty(), - IncomingDirection::FromClient => !self.client_inbuf.is_empty() || !self.data_buf.is_empty(), + IncomingDirection::FromServer => self.server_inbuf.len(), + IncomingDirection::FromClient => self.client_inbuf.len().max(self.data_buf.len()), }, Direction::Outgoing(outgoing) => match outgoing { - OutgoingDirection::ToServer => !self.server_outbuf.is_empty(), - OutgoingDirection::ToClient => !self.client_outbuf.is_empty(), + OutgoingDirection::ToServer => self.server_outbuf.len(), + OutgoingDirection::ToClient => self.client_outbuf.len(), }, } } diff --git a/src/socks.rs b/src/socks.rs index 7c62aa9..c7b60aa 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -314,15 +314,15 @@ impl ProxyHandler for SocksProxyImpl { self.state == SocksState::Established } - fn have_data(&mut self, dir: Direction) -> bool { + fn data_len(&self, dir: Direction) -> usize { match dir { Direction::Incoming(incoming) => match incoming { - IncomingDirection::FromServer => !self.server_inbuf.is_empty(), - IncomingDirection::FromClient => !self.client_inbuf.is_empty() || !self.data_buf.is_empty(), + IncomingDirection::FromServer => self.server_inbuf.len(), + IncomingDirection::FromClient => self.client_inbuf.len().max(self.data_buf.len()), }, Direction::Outgoing(outgoing) => match outgoing { - OutgoingDirection::ToServer => !self.server_outbuf.is_empty(), - OutgoingDirection::ToClient => !self.client_outbuf.is_empty(), + OutgoingDirection::ToServer => self.server_outbuf.len(), + OutgoingDirection::ToClient => self.client_outbuf.len(), }, } } diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 6ae46ba..652631b 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -174,6 +174,7 @@ const CLIENT_WRITE_CLOSED: u8 = 2; const UDP_ASSO_TIMEOUT: u64 = 10; // seconds const DNS_PORT: u16 = 53; +const IP_PACKAGE_MAX_SIZE: usize = 0xFFFF; struct ConnectionState { smoltcp_handle: SocketHandle, @@ -197,7 +198,7 @@ pub(crate) trait ProxyHandler { fn consume_data(&mut self, dir: OutgoingDirection, size: usize); fn peek_data(&mut self, dir: OutgoingDirection) -> OutgoingDataEvent; fn connection_established(&self) -> bool; - fn have_data(&mut self, dir: Direction) -> bool; + fn data_len(&self, dir: Direction) -> usize; fn reset_connection(&self) -> bool; fn get_udp_associate(&self) -> Option; } @@ -395,13 +396,10 @@ impl<'a> TunToProxy<'a> { None => return Ok(()), }; let mut closed_ends = 0; + let handler = state.proxy_handler.as_ref(); if (state.close_state & SERVER_WRITE_CLOSED) == SERVER_WRITE_CLOSED - && !state - .proxy_handler - .have_data(Direction::Incoming(IncomingDirection::FromServer)) - && !state - .proxy_handler - .have_data(Direction::Outgoing(OutgoingDirection::ToClient)) + && handler.data_len(Direction::Incoming(IncomingDirection::FromServer)) == 0 + && handler.data_len(Direction::Outgoing(OutgoingDirection::ToClient)) == 0 { // Close tun interface let socket = self.sockets.get_mut::(state.smoltcp_handle); @@ -411,12 +409,8 @@ impl<'a> TunToProxy<'a> { } if (state.close_state & CLIENT_WRITE_CLOSED) == CLIENT_WRITE_CLOSED - && !state - .proxy_handler - .have_data(Direction::Incoming(IncomingDirection::FromClient)) - && !state - .proxy_handler - .have_data(Direction::Outgoing(OutgoingDirection::ToServer)) + && handler.data_len(Direction::Incoming(IncomingDirection::FromClient)) == 0 + && handler.data_len(Direction::Outgoing(OutgoingDirection::ToServer)) == 0 { // Close remote server if let Err(err) = state.mio_stream.shutdown(Shutdown::Write) { @@ -443,6 +437,11 @@ impl<'a> TunToProxy<'a> { let socket = self.sockets.get_mut::(state.smoltcp_handle); let mut error = Ok(()); while socket.can_recv() && error.is_ok() { + let dir = Direction::Outgoing(OutgoingDirection::ToServer); + if state.proxy_handler.data_len(dir) >= IP_PACKAGE_MAX_SIZE { + break; + } + socket.recv(|data| { let event = IncomingDataEvent { direction: IncomingDirection::FromClient, From 5d722fc2a3fe92e47f69dc427406b48675eb9171 Mon Sep 17 00:00:00 2001 From: PaperDragon-SH <2678885646@qq.com> Date: Tue, 10 Oct 2023 16:04:13 +0800 Subject: [PATCH 138/401] optimize docker --- Dockerfile | 1 + README.md | 17 ++++++++++++++--- docker/entrypoint.sh | 34 ++++++++++++++++++++-------------- 3 files changed, 35 insertions(+), 17 deletions(-) diff --git a/Dockerfile b/Dockerfile index 59479b6..912fdca 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,6 +19,7 @@ ENV PROXY= ENV DNS=virtual ENV MODE=auto ENV BYPASS_IP= +ENV VERBOSITY=info RUN apt update && apt install -y iproute2 curl && apt clean all diff --git a/README.md b/README.md index db598a7..b83837a 100644 --- a/README.md +++ b/README.md @@ -119,16 +119,27 @@ Next, start a container from the tun2proxy image: ```bash docker run -d \ - -e PROXY=PROXY_TYPE://PROXY_IP:PROXY_PORT \ + -e PROXY=proto://[username[:password]@]host:port \ -v /dev/net/tun:/dev/net/tun \ - --sysctl net.ipv6.conf.all.disable_ipv6=0 \ --sysctl net.ipv6.conf.default.disable_ipv6=0 \ --cap-add NET_ADMIN \ --name tun2proxy \ tun2proxy ``` -You can then provide the running container's network to another worker container by sharing the network namespace: +container env list + +| container env | Default | program option | mean | +| ------------- | ------- | ----------------------- | ------------------------------------------------------------ | +| TUN | tun0 | -t, --tun | Name of the tun interface [default: tun0] | +| PROXY | None | -p, --proxy | Proxy URL in the form proto://[username[:password]@]host:port | +| DNS | virtual | -d, --dns | DNS handling strategy [default: virtual] [possible values: virtual, over-tcp, direct] | +| MODE | auto | -s, --setup | Routing and system setup [possible values: auto] | +| BYPASS_IP | None | -b, --bypass | Public proxy IP used in routing setup which should bypassing the tunnel | +| VERBOSITY | info | -v, --verbosity | Verbosity level [default: info] [possible values: off, error, warn, info, debug, trace] | +| | | | | + +You can then provide the running container's network to another worker container by sharing the network namespace (like kubernetes sidecar): ```bash docker run -it \ diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index f0e9e5c..661380c 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -2,28 +2,34 @@ run() { - if [ -n "$BYPASS_IP" ]; then - BYPASS_IP="--bypass $BYPASS_IP" - fi - - if [ -n "$DNS" ]; then - DNS="--dns $DNS" - fi - - if [ -n "$MODE" ]; then - MODE="--setup $MODE" + if [ -n "$TUN" ]; then + TUN="--tun $TUN" fi if [ -n "$PROXY" ]; then PROXY="--proxy $PROXY" fi - if [ -n "$TUN" ]; then - TUN="--tun $TUN" + if [ -n "$DNS" ]; then + DNS="--dns $DNS" fi - exec tun2proxy $TUN $PROXY $DNS $MODE $BYPASS_IP + if [ -n "$BYPASS_IP" ]; then + BYPASS_IP="--bypass $BYPASS_IP" + fi + + if [ -n "$VERBOSITY" ]; then + VERBOSITY="-v $VERBOSITY" + fi + + if [ -n "$MODE" ]; then + MODE="--setup $MODE" + fi + + echo "Bootstrap ready!! Exec Command: tun2proxy $TUN $PROXY $DNS $VERBOSITY $MODE $BYPASS_IP $@" + + exec tun2proxy $TUN $PROXY $DNS $VERBOSITY $MODE $BYPASS_IP $@ } -run || echo "Runing ERROR!!" +run $@ || echo "Runing ERROR!!" From a9a562029f79cd72d183658b336f85c4754f759f Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Tue, 10 Oct 2023 21:04:11 +0200 Subject: [PATCH 139/401] Update LICENSE --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 9b5214e..80b3987 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) B. Blechschmidt and contributors +Copyright (c) @ssrlive, B. Blechschmidt and contributors Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From 989c42ee615a644f9f1d0c9681f2a34dec34d0c9 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Mon, 23 Oct 2023 09:44:27 +0800 Subject: [PATCH 140/401] Windows support (#72) --- .github/workflows/publish-exe.yml | 6 +- Cargo.toml | 14 + README.md | 4 +- build.rs | 84 +++++ src/lib.rs | 3 + src/main.rs | 24 +- src/tun2proxy.rs | 84 +++-- src/wintuninterface.rs | 551 ++++++++++++++++++++++++++++++ 8 files changed, 721 insertions(+), 49 deletions(-) create mode 100644 build.rs create mode 100644 src/wintuninterface.rs diff --git a/.github/workflows/publish-exe.yml b/.github/workflows/publish-exe.yml index c376706..7bad5a7 100644 --- a/.github/workflows/publish-exe.yml +++ b/.github/workflows/publish-exe.yml @@ -63,11 +63,11 @@ jobs: cargo build --all-features --release --target ${{ matrix.target }} fi if [[ "${{ matrix.host_os }}" == "windows-latest" ]]; then - powershell Compress-Archive -Path target/${{ matrix.target }}/release/tun2proxy.exe -DestinationPath publishdir/tun2proxy-${{ matrix.target }}.zip + powershell Compress-Archive -Path target/${{ matrix.target }}/release/tun2proxy.exe, README.md, target/${{ matrix.target }}/release/wintun.dll -DestinationPath publishdir/tun2proxy-${{ matrix.target }}.zip elif [[ "${{ matrix.host_os }}" == "macos-latest" ]]; then - zip -j publishdir/tun2proxy-${{ matrix.target }}.zip target/${{ matrix.target }}/release/tun2proxy + zip -j publishdir/tun2proxy-${{ matrix.target }}.zip target/${{ matrix.target }}/release/tun2proxy README.md elif [[ "${{ matrix.host_os }}" == "ubuntu-latest" ]]; then - zip -j publishdir/tun2proxy-${{ matrix.target }}.zip target/${{ matrix.target }}/release/tun2proxy + zip -j publishdir/tun2proxy-${{ matrix.target }}.zip target/${{ matrix.target }}/release/tun2proxy README.md fi - name: Publish diff --git a/Cargo.toml b/Cargo.toml index 193efad..416eb6c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -50,3 +50,17 @@ reqwest = { version = "0.11", default-features = false, features = [ ] } serial_test = "2.0" test-log = "0.2" + +[target.'cfg(target_os="windows")'.dependencies] +rand = "0.8" +windows = { version = "0.51", features = [ + "Win32_Storage_FileSystem", + "Win32_NetworkManagement_IpHelper", + "Win32_NetworkManagement_Ndis", + "Win32_Networking_WinSock", + "Win32_Foundation", +] } +wintun = { git = "https://github.com/ssrlive/wintun.git", branch = "main" } + +[build-dependencies] +serde_json = "1.0" diff --git a/README.md b/README.md index b83837a..cfa1450 100644 --- a/README.md +++ b/README.md @@ -98,7 +98,7 @@ Options: -d, --dns DNS handling strategy [default: virtual] [possible values: virtual, over-tcp, direct] --dns-addr DNS resolver address [default: 8.8.8.8] -6, --ipv6-enabled IPv6 enabled - -s, --setup Routing and system setup [possible values: auto] + -s, --setup Routing and system setup [default: none] [possible values: none, auto] -b, --bypass Public proxy IP used in routing setup which should bypassing the tunnel -v, --verbosity Verbosity level [default: info] [possible values: off, error, warn, info, debug, trace] -h, --help Print help @@ -134,7 +134,7 @@ container env list | TUN | tun0 | -t, --tun | Name of the tun interface [default: tun0] | | PROXY | None | -p, --proxy | Proxy URL in the form proto://[username[:password]@]host:port | | DNS | virtual | -d, --dns | DNS handling strategy [default: virtual] [possible values: virtual, over-tcp, direct] | -| MODE | auto | -s, --setup | Routing and system setup [possible values: auto] | +| MODE | auto | -s, --setup | Routing and system setup [default: none] [possible values: none, auto] | | BYPASS_IP | None | -b, --bypass | Public proxy IP used in routing setup which should bypassing the tunnel | | VERBOSITY | info | -v, --verbosity | Verbosity level [default: info] [possible values: off, error, warn, info, debug, trace] | | | | | | diff --git a/build.rs b/build.rs new file mode 100644 index 0000000..0c9159c --- /dev/null +++ b/build.rs @@ -0,0 +1,84 @@ +fn main() -> Result<(), Box> { + #[cfg(target_os = "windows")] + if let Ok(cargo_target_dir) = get_cargo_target_dir() { + let mut f = std::fs::File::create(cargo_target_dir.join("build.log"))?; + use std::io::Write; + f.write_all(format!("CARGO_TARGET_DIR: '{}'\r\n", cargo_target_dir.display()).as_bytes())?; + + // The wintun crate's root directory + let crate_dir = get_crate_dir("wintun")?; + + // The path to the DLL file, relative to the crate root, depending on the target architecture + let dll_path = get_wintun_bin_relative_path()?; + let src_path = crate_dir.join(dll_path); + + let dst_path = cargo_target_dir.join("wintun.dll"); + + f.write_all(format!("Source path: '{}'\r\n", src_path.display()).as_bytes())?; + f.write_all(format!("Target path: '{}'\r\n", dst_path.display()).as_bytes())?; + + // Copy to the target directory + if let Err(e) = std::fs::copy(src_path, &dst_path) { + f.write_all(format!("Failed to copy 'wintun.dll': {}\r\n", e).as_bytes())?; + } else { + f.write_all(format!("Copied 'wintun.dll' to '{}'\r\n", dst_path.display()).as_bytes())?; + } + } + Ok(()) +} + +#[allow(dead_code)] +fn get_cargo_target_dir() -> Result> { + let out_dir = std::path::PathBuf::from(std::env::var("OUT_DIR")?); + let profile = std::env::var("PROFILE")?; + let mut target_dir = None; + let mut sub_path = out_dir.as_path(); + while let Some(parent) = sub_path.parent() { + if parent.ends_with(&profile) { + target_dir = Some(parent); + break; + } + sub_path = parent; + } + Ok(target_dir.ok_or("not found")?.to_path_buf()) +} + +#[cfg(target_os = "windows")] +fn get_wintun_bin_relative_path() -> Result> { + let dll_path = if cfg!(target_arch = "x86") { + "wintun/bin/x86/wintun.dll" + } else if cfg!(target_arch = "x86_64") { + "wintun/bin/amd64/wintun.dll" + } else if cfg!(target_arch = "arm") { + "wintun/bin/arm/wintun.dll" + } else if cfg!(target_arch = "aarch64") { + "wintun/bin/arm64/wintun.dll" + } else { + return Err("Unsupported architecture".into()); + }; + Ok(dll_path.into()) +} + +#[allow(dead_code)] +fn get_crate_dir(crate_name: &str) -> Result> { + let output = std::process::Command::new("cargo") + .arg("metadata") + .arg("--format-version=1") + .output()?; + + let metadata = serde_json::from_slice::(&output.stdout)?; + let packages = metadata["packages"].as_array().ok_or("packages")?; + + let mut crate_dir = None; + + for package in packages { + let name = package["name"].as_str().ok_or("name")?; + if name == crate_name { + let path = package["manifest_path"].as_str().ok_or("manifest_path")?; + let path = std::path::PathBuf::from(path); + crate_dir = Some(path.parent().ok_or("parent")?.to_path_buf()); + break; + } + } + Ok(crate_dir.ok_or("crate_dir")?) +} diff --git a/src/lib.rs b/src/lib.rs index 537f0c2..00977dd 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -19,6 +19,8 @@ mod socks; mod tun2proxy; mod virtdevice; mod virtdns; +#[cfg(target_os = "windows")] +mod wintuninterface; #[derive(Clone, Debug)] pub struct Proxy { @@ -103,6 +105,7 @@ pub struct Options { dns_addr: Option, ipv6_enabled: bool, bypass: Option, + pub setup: bool, } impl Options { diff --git a/src/main.rs b/src/main.rs index 404c341..8f18e57 100644 --- a/src/main.rs +++ b/src/main.rs @@ -38,7 +38,7 @@ struct Args { ipv6_enabled: bool, /// Routing and system setup - #[arg(short, long, value_name = "method", value_enum)] + #[arg(short, long, value_name = "method", value_enum, default_value = if cfg!(target_os = "linux") { "none" } else { "auto" })] setup: Option, /// Public proxy IP used in routing setup which should bypassing the tunnel @@ -63,6 +63,7 @@ enum ArgDns { #[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, clap::ValueEnum)] enum ArgSetup { + None, Auto, } @@ -122,21 +123,20 @@ fn main() -> ExitCode { }; options = options.with_bypass(Some(bypass_tun_ip)); + options.setup = args.setup.map(|s| s == ArgSetup::Auto).unwrap_or(false); + let block = || -> Result<(), Error> { #[cfg(target_os = "linux")] - { - let mut setup: Setup; - if args.setup == Some(ArgSetup::Auto) { - let bypass_tun_ip = match args.bypass { - Some(addr) => addr, - None => args.proxy.addr.ip(), - }; - setup = Setup::new(&args.tun, &bypass_tun_ip, get_default_cidrs(), args.bypass.is_some()); + if options.setup { + let bypass_tun_ip = match args.bypass { + Some(addr) => addr, + None => args.proxy.addr.ip(), + }; + let mut setup = Setup::new(&args.tun, &bypass_tun_ip, get_default_cidrs(), args.bypass.is_some()); - setup.configure()?; + setup.configure()?; - setup.drop_privileges()?; - } + setup.drop_privileges()?; } main_entry(&interface, &args.proxy, options)?; diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 652631b..09bb7cb 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -1,19 +1,18 @@ #![allow(dead_code)] +#[cfg(target_os = "windows")] +use crate::wintuninterface::{self, NamedPipeSource, WinTunInterface}; use crate::{dns, error::Error, error::Result, virtdevice::VirtualTunDevice, NetworkInterface, Options}; #[cfg(target_family = "unix")] use mio::unix::SourceFd; use mio::{event::Event, net::TcpStream, net::UdpSocket, Events, Interest, Poll, Token}; -#[cfg(not(target_family = "unix"))] -use smoltcp::phy::DeviceCapabilities; #[cfg(any(target_os = "macos", target_os = "ios"))] use smoltcp::phy::RawSocket; #[cfg(any(target_os = "linux", target_os = "android"))] use smoltcp::phy::TunTapInterface; -#[cfg(target_family = "unix")] -use smoltcp::phy::{Device, Medium, RxToken, TxToken}; use smoltcp::{ iface::{Config, Interface, SocketHandle, SocketSet}, + phy::{Device, Medium, RxToken, TxToken}, socket::{tcp, tcp::State, udp, udp::UdpMetadata}, time::Instant, wire::{IpCidr, IpProtocol, Ipv4Packet, Ipv6Packet, TcpPacket, UdpPacket, UDP_HEADER_LEN}, @@ -218,6 +217,8 @@ pub struct TunToProxy<'a> { tun: TunTapInterface, #[cfg(any(target_os = "macos", target_os = "ios"))] tun: RawSocket, + #[cfg(target_os = "windows")] + tun: WinTunInterface, poll: Poll, iface: Interface, connection_map: HashMap, @@ -231,6 +232,10 @@ pub struct TunToProxy<'a> { exit_receiver: mio::unix::pipe::Receiver, #[cfg(target_family = "unix")] exit_trigger: Option, + #[cfg(target_os = "windows")] + exit_receiver: mio::windows::NamedPipe, + #[cfg(target_os = "windows")] + exit_trigger: Option, } impl<'a> TunToProxy<'a> { @@ -247,35 +252,47 @@ impl<'a> TunToProxy<'a> { NetworkInterface::Fd(_fd) => panic!("Not supported"), }; + #[cfg(target_os = "windows")] + let mut tun = match _interface { + NetworkInterface::Named(name) => WinTunInterface::new(name.as_str(), Medium::Ip)?, + }; + + #[cfg(target_os = "windows")] + if options.setup { + tun.setup_config(options.bypass, options.dns_addr)?; + } + let poll = Poll::new()?; #[cfg(target_family = "unix")] poll.registry() .register(&mut SourceFd(&tun.as_raw_fd()), TUN_TOKEN, Interest::READABLE)?; - #[cfg(target_family = "unix")] - let (mut exit_trigger, mut exit_receiver) = mio::unix::pipe::new()?; + #[cfg(target_os = "windows")] + { + let interest = Interest::READABLE | Interest::WRITABLE; + poll.registry().register(&mut tun, TUN_TOKEN, interest)?; + let mut pipe = NamedPipeSource(tun.pipe_client()); + poll.registry().register(&mut pipe, PIPE_TOKEN, interest)?; + } #[cfg(target_family = "unix")] + let (mut exit_trigger, mut exit_receiver) = mio::unix::pipe::new()?; + #[cfg(target_family = "windows")] + let (mut exit_trigger, mut exit_receiver) = wintuninterface::pipe()?; + poll.registry() .register(&mut exit_trigger, EXIT_TRIGGER_TOKEN, Interest::WRITABLE)?; - #[cfg(target_family = "unix")] poll.registry() .register(&mut exit_receiver, EXIT_TOKEN, Interest::READABLE)?; - #[cfg(target_family = "unix")] let config = match tun.capabilities().medium { Medium::Ethernet => Config::new(smoltcp::wire::EthernetAddress([0x02, 0, 0, 0, 0, 0x01]).into()), Medium::Ip => Config::new(smoltcp::wire::HardwareAddress::Ip), Medium::Ieee802154 => todo!(), }; - #[cfg(not(target_family = "unix"))] - let config = Config::new(smoltcp::wire::HardwareAddress::Ip); - #[cfg(target_family = "unix")] let mut device = VirtualTunDevice::new(tun.capabilities()); - #[cfg(not(target_family = "unix"))] - let mut device = VirtualTunDevice::new(DeviceCapabilities::default()); let gateway4: Ipv4Addr = Ipv4Addr::from_str("0.0.0.1")?; let gateway6: Ipv6Addr = Ipv6Addr::from_str("::1")?; @@ -289,7 +306,6 @@ impl<'a> TunToProxy<'a> { iface.set_any_ip(true); let tun = Self { - #[cfg(target_family = "unix")] tun, poll, iface, @@ -300,9 +316,7 @@ impl<'a> TunToProxy<'a> { device, options, write_sockets: HashSet::default(), - #[cfg(target_family = "unix")] exit_receiver, - #[cfg(target_family = "unix")] exit_trigger: Some(exit_trigger), }; Ok(tun) @@ -325,7 +339,6 @@ impl<'a> TunToProxy<'a> { let _slice = vec.as_slice(); // TODO: Actual write. Replace. - #[cfg(target_family = "unix")] self.tun .transmit(Instant::now()) .ok_or("tx token not available")? @@ -773,17 +786,24 @@ impl<'a> TunToProxy<'a> { proxy_handler: Box, udp_associate: bool, ) -> Result { + #[cfg(any(target_os = "linux", target_os = "android"))] let mut socket = tcp::Socket::new( tcp::SocketBuffer::new(vec![0; 1024 * 128]), tcp::SocketBuffer::new(vec![0; 1024 * 128]), ); + #[cfg(any(target_os = "ios", target_os = "macos", target_os = "windows"))] + let mut socket = tcp::Socket::new( + // TODO: Look into how the buffer size affects IP header length and fragmentation + tcp::SocketBuffer::new(vec![0; 1024 * 2]), + tcp::SocketBuffer::new(vec![0; 1024 * 2]), + ); socket.set_ack_delay(None); socket.listen(dst)?; let handle = self.sockets.add(socket); let mut client = TcpStream::connect(server_addr)?; let token = self.new_token(); - let i = Interest::READABLE; + let i = Interest::READABLE | Interest::WRITABLE; self.poll.registry().register(&mut client, token, i)?; let expiry = if udp_associate { @@ -808,7 +828,7 @@ impl<'a> TunToProxy<'a> { proxy_handler, close_state: 0, wait_read: true, - wait_write: false, + wait_write: true, udp_acco_expiry: expiry, udp_socket, udp_token, @@ -876,8 +896,8 @@ impl<'a> TunToProxy<'a> { state.wait_write = true; Self::update_mio_socket_interest(&mut self.poll, state)?; } - Err(error) => { - return Err(error.into()); + Err(_) => { + return Ok(()); } } } @@ -921,15 +941,23 @@ impl<'a> TunToProxy<'a> { fn tun_event(&mut self, event: &Event) -> Result<(), Error> { if event.is_readable() { - #[cfg(target_family = "unix")] while let Some((rx_token, _)) = self.tun.receive(Instant::now()) { rx_token.consume(|frame| self.receive_tun(frame))?; } } + #[cfg(target_os = "windows")] + if event.is_writable() { + // log::trace!("Tun writable"); + let tx_token = self.tun.transmit(Instant::now()).ok_or("tx token not available")?; + // Just consume the cached packets, do nothing else. + tx_token.consume(0, |_buf| {}); + } Ok(()) } fn pipe_event(&mut self, _event: &Event) -> Result<(), Error> { + #[cfg(target_os = "windows")] + self.tun.pipe_client_event(_event)?; Ok(()) } @@ -1132,7 +1160,7 @@ impl<'a> TunToProxy<'a> { Ok(()) } - #[cfg(any(target_os = "linux", target_os = "macos"))] + #[cfg(any(target_os = "windows", target_os = "linux", target_os = "macos"))] fn prepare_exiting_signal_trigger(&mut self) -> Result<()> { let mut exit_trigger = self.exit_trigger.take().ok_or("Already running")?; ctrlc::set_handler(move || { @@ -1163,7 +1191,7 @@ impl<'a> TunToProxy<'a> { } pub fn run(&mut self) -> Result<(), Error> { - #[cfg(any(target_os = "linux", target_os = "macos"))] + #[cfg(any(target_os = "windows", target_os = "linux", target_os = "macos"))] self.prepare_exiting_signal_trigger()?; let mut events = Events::with_capacity(1024); @@ -1183,7 +1211,6 @@ impl<'a> TunToProxy<'a> { } } EXIT_TRIGGER_TOKEN => { - #[cfg(target_family = "unix")] log::trace!("Exiting trigger is ready, {:?}", self.exit_trigger); } TUN_TOKEN => self.tun_event(event)?, @@ -1197,7 +1224,6 @@ impl<'a> TunToProxy<'a> { } } - #[cfg(target_family = "unix")] fn exiting_event_handler(&mut self) -> Result { let mut buffer = vec![0; 100]; match self.exit_receiver.read(&mut buffer) { @@ -1214,12 +1240,6 @@ impl<'a> TunToProxy<'a> { } } - #[cfg(target_os = "windows")] - fn exiting_event_handler(&mut self) -> Result { - Ok(true) - } - - #[cfg(target_family = "unix")] pub fn shutdown(&mut self) -> Result<(), Error> { log::debug!("Shutdown tun2proxy..."); _ = self.exit_trigger.as_mut().ok_or("Already triggered")?.write(b"EXIT")?; diff --git a/src/wintuninterface.rs b/src/wintuninterface.rs new file mode 100644 index 0000000..ab4e4eb --- /dev/null +++ b/src/wintuninterface.rs @@ -0,0 +1,551 @@ +use mio::{event, windows::NamedPipe, Interest, Registry, Token}; +use smoltcp::{ + phy::{self, Device, DeviceCapabilities, Medium}, + time::Instant, +}; +use std::{ + cell::RefCell, + fs::OpenOptions, + io::{self, Read, Write}, + net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr}, + os::windows::prelude::{FromRawHandle, IntoRawHandle, OpenOptionsExt}, + rc::Rc, + sync::{Arc, Mutex}, + thread::JoinHandle, + vec::Vec, +}; +use windows::{ + core::{GUID, PWSTR}, + Win32::{ + Foundation::{ERROR_BUFFER_OVERFLOW, WIN32_ERROR}, + NetworkManagement::{ + IpHelper::{ + GetAdaptersAddresses, SetInterfaceDnsSettings, DNS_INTERFACE_SETTINGS, DNS_INTERFACE_SETTINGS_VERSION1, + DNS_SETTING_NAMESERVER, GAA_FLAG_INCLUDE_GATEWAYS, GAA_FLAG_INCLUDE_PREFIX, IF_TYPE_ETHERNET_CSMACD, + IF_TYPE_IEEE80211, IP_ADAPTER_ADDRESSES_LH, + }, + Ndis::IfOperStatusUp, + }, + Networking::WinSock::{AF_INET, AF_INET6, AF_UNSPEC, SOCKADDR, SOCKADDR_IN, SOCKADDR_IN6}, + Storage::FileSystem::FILE_FLAG_OVERLAPPED, + }, +}; + +fn server() -> io::Result<(NamedPipe, String)> { + use rand::Rng; + let num: u64 = rand::thread_rng().gen(); + let name = format!(r"\\.\pipe\my-pipe-{}", num); + let pipe = NamedPipe::new(&name)?; + Ok((pipe, name)) +} + +fn client(name: &str) -> io::Result { + let mut opts = OpenOptions::new(); + opts.read(true).write(true).custom_flags(FILE_FLAG_OVERLAPPED.0); + let file = opts.open(name)?; + unsafe { Ok(NamedPipe::from_raw_handle(file.into_raw_handle())) } +} + +pub(crate) fn pipe() -> io::Result<(NamedPipe, NamedPipe)> { + let (pipe, name) = server()?; + Ok((pipe, client(&name)?)) +} + +/// A virtual TUN (IP) interface. +pub struct WinTunInterface { + wintun_session: Arc, + mtu: usize, + medium: Medium, + pipe_server: Rc>, + pipe_server_cache: Rc>>, + pipe_client: Arc>, + pipe_client_cache: Arc>>, + wintun_reader_thread: Option>, + old_gateway: Option, +} + +impl event::Source for WinTunInterface { + fn register(&mut self, registry: &Registry, token: Token, interests: Interest) -> io::Result<()> { + self.pipe_server.borrow_mut().register(registry, token, interests)?; + Ok(()) + } + + fn reregister(&mut self, registry: &Registry, token: Token, interests: Interest) -> io::Result<()> { + self.pipe_server.borrow_mut().reregister(registry, token, interests)?; + Ok(()) + } + + fn deregister(&mut self, registry: &Registry) -> io::Result<()> { + self.pipe_server.borrow_mut().deregister(registry)?; + Ok(()) + } +} + +impl WinTunInterface { + pub fn new(tun_name: &str, medium: Medium) -> io::Result { + let wintun = unsafe { wintun::load() }.map_err(|e| io::Error::new(io::ErrorKind::Other, e))?; + let guid = 324435345345345345_u128; + let adapter = match wintun::Adapter::open(&wintun, tun_name) { + Ok(a) => a, + Err(_) => wintun::Adapter::create(&wintun, tun_name, tun_name, Some(guid)) + .map_err(|e| io::Error::new(io::ErrorKind::Other, e))?, + }; + + let session = adapter + .start_session(wintun::MAX_RING_CAPACITY) + .map_err(|e| io::Error::new(io::ErrorKind::Other, e))?; + let wintun_session = Arc::new(session); + + let (pipe_server, pipe_client) = pipe()?; + + let pipe_client = Arc::new(Mutex::new(pipe_client)); + let pipe_client_cache = Arc::new(Mutex::new(Vec::new())); + + let mtu = adapter.get_mtu().map_err(|e| io::Error::new(io::ErrorKind::Other, e))?; + + let reader_session = wintun_session.clone(); + let pipe_client_clone = pipe_client.clone(); + let pipe_client_cache_clone = pipe_client_cache.clone(); + let reader_thread = std::thread::spawn(move || { + let block = || -> Result<(), Box> { + loop { + // Take the old data from pipe_client_cache and append the new data + let cached_data = pipe_client_cache_clone.lock()?.drain(..).collect::>(); + let bytes = if cached_data.len() >= mtu { + // if the cached data is greater than mtu, then sleep 1ms and return the data + std::thread::sleep(std::time::Duration::from_millis(1)); + cached_data + } else { + // read data from tunnel interface + let packet = reader_session.receive_blocking()?; + let bytes = packet.bytes().to_vec(); + // and append to the end of cached data + cached_data.into_iter().chain(bytes).collect::>() + }; + + if bytes.is_empty() { + continue; + } + let len = bytes.len(); + + // write data to named pipe_server + let result = { pipe_client_clone.lock()?.write(&bytes) }; + match result { + Ok(n) => { + if n < len { + log::trace!("Wintun pipe_client write data {} less than buffer {}", n, len); + pipe_client_cache_clone.lock()?.extend_from_slice(&bytes[n..]); + } + } + Err(err) if err.kind() == io::ErrorKind::WouldBlock => { + log::trace!("Wintun pipe_client write WouldBlock (1) len {}", len); + pipe_client_cache_clone.lock()?.extend_from_slice(&bytes); + } + Err(err) => log::error!("Wintun pipe_client write data len {} error \"{}\"", len, err), + } + } + }; + if let Err(err) = block() { + log::trace!("Reader {}", err); + } + }); + + Ok(WinTunInterface { + wintun_session, + mtu, + medium, + pipe_server: Rc::new(RefCell::new(pipe_server)), + pipe_server_cache: Rc::new(RefCell::new(Vec::new())), + pipe_client, + pipe_client_cache, + wintun_reader_thread: Some(reader_thread), + old_gateway: None, + }) + } + + pub fn pipe_client(&self) -> Arc> { + self.pipe_client.clone() + } + + pub fn pipe_client_event(&self, event: &event::Event) -> Result<(), io::Error> { + if event.is_readable() { + self.pipe_client_event_readable() + .map_err(|e| io::Error::new(io::ErrorKind::Other, e.to_string()))?; + } else if event.is_writable() { + self.pipe_client_event_writable() + .map_err(|e| io::Error::new(io::ErrorKind::Other, e.to_string()))?; + } + Ok(()) + } + + fn pipe_client_event_readable(&self) -> Result<(), Box> { + let mut reader = self.pipe_client.lock()?; + let mut buffer = vec![0; self.mtu]; + loop { + // some data arieved to pipe_client from pipe_server + match reader.read(&mut buffer[..]) { + Ok(len) => match self.wintun_session.allocate_send_packet(len as u16) { + Ok(mut write_pack) => { + write_pack.bytes_mut().copy_from_slice(&buffer[..len]); + // write data to tunnel interface + self.wintun_session.send_packet(write_pack); + } + Err(err) => { + log::error!("Wintun: failed to allocate send packet: {}", err); + } + }, + Err(err) if err.kind() == io::ErrorKind::WouldBlock => break, + Err(err) if err.kind() == io::ErrorKind::Interrupted => continue, + Err(err) => return Err(err.into()), + } + } + Ok(()) + } + + fn pipe_client_event_writable(&self) -> Result<(), Box> { + let cache = self.pipe_client_cache.lock()?.drain(..).collect::>(); + if cache.is_empty() { + return Ok(()); + } + let len = cache.len(); + let result = self.pipe_client.lock()?.write(&cache[..]); + match result { + Ok(n) => { + if n < len { + log::trace!("Wintun pipe_client write data {} less than buffer {}", n, len); + self.pipe_client_cache.lock()?.extend_from_slice(&cache[n..]); + } + } + Err(err) if err.kind() == io::ErrorKind::WouldBlock => { + log::trace!("Wintun pipe_client write WouldBlock (2) len {}", len); + self.pipe_client_cache.lock()?.extend_from_slice(&cache); + } + Err(err) => log::error!("Wintun pipe_client write data len {} error \"{}\"", len, err), + } + Ok(()) + } + + pub fn setup_config(&mut self, bypass_ip: Option, dns_addr: Option) -> Result<(), io::Error> { + let adapter = self.wintun_session.get_adapter(); + + // Setup the adapter's address/mask/gateway + let address = "10.1.0.33".parse::().unwrap(); + let mask = "255.255.255.0".parse::().unwrap(); + let gateway = "10.1.0.1".parse::().unwrap(); + adapter + .set_network_addresses_tuple(address, mask, Some(gateway)) + .map_err(|e| io::Error::new(io::ErrorKind::Other, e))?; + + // 1. Setup the adapter's DNS + let interface = GUID::from(adapter.get_guid()); + let dns = dns_addr.unwrap_or("8.8.8.8".parse::().unwrap()); + let dns2 = "8.8.4.4".parse::().unwrap(); + set_interface_dns_settings(interface, &[dns, dns2])?; + + // 2. Route all traffic to the adapter, here the destination is adapter's gateway + // command: `route add 0.0.0.0 mask 0.0.0.0 10.1.0.1 metric 6` + let unspecified = Ipv4Addr::UNSPECIFIED.to_string(); + let gateway = gateway.to_string(); + let args = &["add", &unspecified, "mask", &unspecified, &gateway, "metric", "6"]; + run_command("route", args)?; + log::info!("route {:?}", args); + + let old_gateways = get_active_network_interface_gateways()?; + // find ipv4 gateway address, or error return + let old_gateway = old_gateways + .iter() + .find(|addr| addr.is_ipv4()) + .ok_or_else(|| io::Error::new(io::ErrorKind::Other, "No ipv4 gateway found"))?; + let old_gateway = old_gateway.ip(); + self.old_gateway = Some(old_gateway); + + // 3. route the bypass ip to the old gateway + // command: `route add bypass_ip old_gateway metric 1` + if let Some(bypass_ip) = bypass_ip { + let args = &["add", &bypass_ip.to_string(), &old_gateway.to_string(), "metric", "1"]; + run_command("route", args)?; + log::info!("route {:?}", args); + } + + Ok(()) + } + + pub fn restore_config(&mut self) -> Result<(), io::Error> { + if self.old_gateway.is_none() { + return Ok(()); + } + let unspecified = Ipv4Addr::UNSPECIFIED.to_string(); + + // 1. Remove current adapter's route + // command: `route delete 0.0.0.0 mask 0.0.0.0` + let args = &["delete", &unspecified, "mask", &unspecified]; + run_command("route", args)?; + + // 2. Add back the old gateway route + // command: `route add 0.0.0.0 mask 0.0.0.0 old_gateway metric 200` + let old_gateway = self.old_gateway.take().unwrap().to_string(); + let args = &["add", &unspecified, "mask", &unspecified, &old_gateway, "metric", "200"]; + run_command("route", args)?; + + Ok(()) + } +} + +impl Drop for WinTunInterface { + fn drop(&mut self) { + if let Err(e) = self.restore_config() { + log::error!("Faild to unsetup config: {}", e); + } + if let Err(e) = self.wintun_session.shutdown() { + log::error!("phy: failed to shutdown interface: {}", e); + } + if let Some(thread) = self.wintun_reader_thread.take() { + if let Err(e) = thread.join() { + log::error!("phy: failed to join reader thread: {:?}", e); + } + } + } +} + +impl Device for WinTunInterface { + type RxToken<'a> = RxToken; + type TxToken<'a> = TxToken; + + fn capabilities(&self) -> DeviceCapabilities { + let mut v = DeviceCapabilities::default(); + v.max_transmission_unit = self.mtu; + v.medium = self.medium; + v + } + + fn receive(&mut self, _timestamp: Instant) -> Option<(Self::RxToken<'_>, Self::TxToken<'_>)> { + let mut buffer = vec![0; self.mtu]; + match self.pipe_server.borrow_mut().read(&mut buffer[..]) { + Ok(size) => { + buffer.resize(size, 0); + let rx = RxToken { buffer }; + let tx = TxToken { + pipe_server: self.pipe_server.clone(), + pipe_server_cache: self.pipe_server_cache.clone(), + }; + Some((rx, tx)) + } + Err(err) if err.kind() == io::ErrorKind::WouldBlock => None, + Err(err) => panic!("{}", err), + } + } + + fn transmit(&mut self, _timestamp: Instant) -> Option> { + Some(TxToken { + pipe_server: self.pipe_server.clone(), + pipe_server_cache: self.pipe_server_cache.clone(), + }) + } +} + +#[doc(hidden)] +pub struct RxToken { + buffer: Vec, +} + +impl phy::RxToken for RxToken { + fn consume(mut self, f: F) -> R + where + F: FnOnce(&mut [u8]) -> R, + { + f(&mut self.buffer[..]) + } +} + +#[doc(hidden)] +pub struct TxToken { + pipe_server: Rc>, + pipe_server_cache: Rc>>, +} + +impl phy::TxToken for TxToken { + fn consume(self, len: usize, f: F) -> R + where + F: FnOnce(&mut [u8]) -> R, + { + let mut buffer = vec![0; len]; + let result = f(&mut buffer); + + let buffer = self + .pipe_server_cache + .borrow_mut() + .drain(..) + .chain(buffer) + .collect::>(); + if buffer.is_empty() { + // log::trace!("Wintun TxToken (pipe_server) is empty"); + return result; + } + let len = buffer.len(); + + match self.pipe_server.borrow_mut().write(&buffer[..]) { + Ok(n) => { + if n < len { + log::trace!("Wintun TxToken (pipe_server) sent {} less than buffer len {}", n, len); + self.pipe_server_cache.borrow_mut().extend_from_slice(&buffer[n..]); + } + } + Err(err) if err.kind() == io::ErrorKind::WouldBlock => { + self.pipe_server_cache.borrow_mut().extend_from_slice(&buffer[..]); + log::trace!("Wintun TxToken (pipe_server) WouldBlock data len: {}", len) + } + Err(err) => log::error!("Wintun TxToken (pipe_server) len {} error \"{}\"", len, err), + } + result + } +} + +pub struct NamedPipeSource(pub Arc>); + +impl event::Source for NamedPipeSource { + fn register(&mut self, registry: &Registry, token: Token, interests: Interest) -> io::Result<()> { + self.0 + .lock() + .map_err(|e| io::Error::new(io::ErrorKind::Other, e.to_string()))? + .register(registry, token, interests) + } + + fn reregister(&mut self, registry: &Registry, token: Token, interests: Interest) -> io::Result<()> { + self.0 + .lock() + .map_err(|e| io::Error::new(io::ErrorKind::Other, e.to_string()))? + .reregister(registry, token, interests) + } + + fn deregister(&mut self, registry: &Registry) -> io::Result<()> { + self.0 + .lock() + .map_err(|e| io::Error::new(io::ErrorKind::Other, e.to_string()))? + .deregister(registry) + } +} + +pub(crate) fn run_command(command: &str, args: &[&str]) -> io::Result<()> { + let out = std::process::Command::new(command).args(args).output()?; + if !out.status.success() { + let err = String::from_utf8_lossy(if out.stderr.is_empty() { + &out.stdout + } else { + &out.stderr + }); + let info = format!("{} failed with: \"{}\"", command, err); + return Err(std::io::Error::new(std::io::ErrorKind::Other, info)); + } + Ok(()) +} + +pub(crate) fn set_interface_dns_settings(interface: GUID, dns: &[IpAddr]) -> io::Result<()> { + // format L"1.1.1.1 8.8.8.8", or L"1.1.1.1,8.8.8.8". + let dns = dns.iter().map(|ip| ip.to_string()).collect::>().join(","); + let dns = dns.encode_utf16().chain(std::iter::once(0)).collect::>(); + + let settings = DNS_INTERFACE_SETTINGS { + Version: DNS_INTERFACE_SETTINGS_VERSION1, + Flags: DNS_SETTING_NAMESERVER as _, + NameServer: PWSTR(dns.as_ptr() as _), + ..DNS_INTERFACE_SETTINGS::default() + }; + + unsafe { SetInterfaceDnsSettings(interface, &settings as *const _)? }; + Ok(()) +} + +pub(crate) fn get_active_network_interface_gateways() -> io::Result> { + let mut addrs = vec![]; + get_adapters_addresses(|adapter| { + if adapter.OperStatus == IfOperStatusUp + && [IF_TYPE_ETHERNET_CSMACD, IF_TYPE_IEEE80211].contains(&adapter.IfType) + { + let mut current_gateway = adapter.FirstGatewayAddress; + while !current_gateway.is_null() { + let gateway = unsafe { &*current_gateway }; + { + let sockaddr_ptr = gateway.Address.lpSockaddr; + let sockaddr = unsafe { &*(sockaddr_ptr as *const SOCKADDR) }; + let a = unsafe { sockaddr_to_socket_addr(sockaddr) }?; + addrs.push(a); + } + current_gateway = gateway.Next; + } + } + Ok(()) + })?; + Ok(addrs) +} + +pub(crate) fn get_adapters_addresses(mut callback: F) -> io::Result<()> +where + F: FnMut(IP_ADAPTER_ADDRESSES_LH) -> io::Result<()>, +{ + let mut size = 0; + let flags = GAA_FLAG_INCLUDE_PREFIX | GAA_FLAG_INCLUDE_GATEWAYS; + let family = AF_UNSPEC.0 as u32; + + // Make an initial call to GetAdaptersAddresses to get the + // size needed into the size variable + let result = unsafe { GetAdaptersAddresses(family, flags, None, None, &mut size) }; + + if WIN32_ERROR(result) != ERROR_BUFFER_OVERFLOW { + WIN32_ERROR(result).ok()?; + } + // Allocate memory for the buffer + let mut addresses: Vec = vec![0; (size + 4) as usize]; + + // Make a second call to GetAdaptersAddresses to get the actual data we want + let result = unsafe { + let addr = Some(addresses.as_mut_ptr() as *mut IP_ADAPTER_ADDRESSES_LH); + GetAdaptersAddresses(family, flags, None, addr, &mut size) + }; + + WIN32_ERROR(result).ok()?; + + // If successful, output some information from the data we received + let mut current_addresses = addresses.as_ptr() as *const IP_ADAPTER_ADDRESSES_LH; + while !current_addresses.is_null() { + unsafe { + callback(*current_addresses)?; + current_addresses = (*current_addresses).Next; + } + } + Ok(()) +} + +pub(crate) unsafe fn sockaddr_to_socket_addr(sock_addr: *const SOCKADDR) -> io::Result { + let address = match (*sock_addr).sa_family { + AF_INET => sockaddr_in_to_socket_addr(&*(sock_addr as *const SOCKADDR_IN)), + AF_INET6 => sockaddr_in6_to_socket_addr(&*(sock_addr as *const SOCKADDR_IN6)), + _ => return Err(io::Error::new(io::ErrorKind::Other, "Unsupported address type")), + }; + Ok(address) +} + +pub(crate) unsafe fn sockaddr_in_to_socket_addr(sockaddr_in: &SOCKADDR_IN) -> SocketAddr { + let ip = Ipv4Addr::new( + sockaddr_in.sin_addr.S_un.S_un_b.s_b1, + sockaddr_in.sin_addr.S_un.S_un_b.s_b2, + sockaddr_in.sin_addr.S_un.S_un_b.s_b3, + sockaddr_in.sin_addr.S_un.S_un_b.s_b4, + ); + let port = u16::from_be(sockaddr_in.sin_port); + SocketAddr::new(ip.into(), port) +} + +pub(crate) unsafe fn sockaddr_in6_to_socket_addr(sockaddr_in6: &SOCKADDR_IN6) -> SocketAddr { + let ip = IpAddr::V6(Ipv6Addr::new( + u16::from_be(sockaddr_in6.sin6_addr.u.Word[0]), + u16::from_be(sockaddr_in6.sin6_addr.u.Word[1]), + u16::from_be(sockaddr_in6.sin6_addr.u.Word[2]), + u16::from_be(sockaddr_in6.sin6_addr.u.Word[3]), + u16::from_be(sockaddr_in6.sin6_addr.u.Word[4]), + u16::from_be(sockaddr_in6.sin6_addr.u.Word[5]), + u16::from_be(sockaddr_in6.sin6_addr.u.Word[6]), + u16::from_be(sockaddr_in6.sin6_addr.u.Word[7]), + )); + let port = u16::from_be(sockaddr_in6.sin6_port); + SocketAddr::new(ip, port) +} From c6f9610eb320e6e0b9721e885da6f58619cba46a Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Mon, 23 Oct 2023 10:03:35 +0800 Subject: [PATCH 141/401] Bump version 0.1.9 --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 416eb6c..7fa53cf 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -2,7 +2,7 @@ authors = ["B. Blechschmidt"] edition = "2021" name = "tun2proxy" -version = "0.1.8" +version = "0.1.9" [lib] crate-type = ["cdylib", "lib"] From 9b27dd2df2ecaa0ed21c6c1e83883096e52b8572 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Mon, 23 Oct 2023 14:49:31 +0800 Subject: [PATCH 142/401] refine code --- src/main.rs | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/main.rs b/src/main.rs index 8f18e57..c680e85 100644 --- a/src/main.rs +++ b/src/main.rs @@ -128,14 +128,8 @@ fn main() -> ExitCode { let block = || -> Result<(), Error> { #[cfg(target_os = "linux")] if options.setup { - let bypass_tun_ip = match args.bypass { - Some(addr) => addr, - None => args.proxy.addr.ip(), - }; let mut setup = Setup::new(&args.tun, &bypass_tun_ip, get_default_cidrs(), args.bypass.is_some()); - setup.configure()?; - setup.drop_privileges()?; } From e08a0f683dd6cb7d5af2fb4c27ab9282992f51e7 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Sun, 29 Oct 2023 23:01:06 +0100 Subject: [PATCH 143/401] Allow multiple bypass IP addresses/CIDRs in routing setup See issue #73. --- Dockerfile | 13 ++------ README.md | 18 ++--------- docker/entrypoint.sh | 35 -------------------- src/lib.rs | 10 ++++-- src/main.rs | 38 ++++++++++++++-------- src/setup.rs | 73 +++++++++++++++++++++--------------------- src/tun2proxy.rs | 2 +- src/util.rs | 22 +++++++++++++ src/wintuninterface.rs | 9 ++++-- tests/proxy.rs | 15 ++++++--- 10 files changed, 112 insertions(+), 123 deletions(-) delete mode 100755 docker/entrypoint.sh create mode 100644 src/util.rs diff --git a/Dockerfile b/Dockerfile index 912fdca..114ef12 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,18 +12,9 @@ RUN cargo build --release --target x86_64-unknown-linux-gnu ## Final image #################################################################################################### FROM ubuntu:latest -WORKDIR /app -ENV TUN=tun0 -ENV PROXY= -ENV DNS=virtual -ENV MODE=auto -ENV BYPASS_IP= -ENV VERBOSITY=info - -RUN apt update && apt install -y iproute2 curl && apt clean all +RUN apt update && apt install -y iproute2 && apt clean all COPY --from=builder /worker/target/x86_64-unknown-linux-gnu/release/tun2proxy /usr/bin/tun2proxy -COPY --from=builder /worker/docker/entrypoint.sh /app -ENTRYPOINT ["/app/entrypoint.sh"] +ENTRYPOINT ["/usr/bin/tun2proxy", "--setup", "auto"] diff --git a/README.md b/README.md index cfa1450..78fb403 100644 --- a/README.md +++ b/README.md @@ -99,7 +99,7 @@ Options: --dns-addr DNS resolver address [default: 8.8.8.8] -6, --ipv6-enabled IPv6 enabled -s, --setup Routing and system setup [default: none] [possible values: none, auto] - -b, --bypass Public proxy IP used in routing setup which should bypassing the tunnel + -b, --bypass IPs and CIDRs used in routing setup which should bypass the tunnel -v, --verbosity Verbosity level [default: info] [possible values: off, error, warn, info, debug, trace] -h, --help Print help -V, --version Print version @@ -119,31 +119,17 @@ Next, start a container from the tun2proxy image: ```bash docker run -d \ - -e PROXY=proto://[username[:password]@]host:port \ -v /dev/net/tun:/dev/net/tun \ --sysctl net.ipv6.conf.default.disable_ipv6=0 \ --cap-add NET_ADMIN \ --name tun2proxy \ - tun2proxy + tun2proxy --proxy proto://[username[:password]@]host:port ``` -container env list - -| container env | Default | program option | mean | -| ------------- | ------- | ----------------------- | ------------------------------------------------------------ | -| TUN | tun0 | -t, --tun | Name of the tun interface [default: tun0] | -| PROXY | None | -p, --proxy | Proxy URL in the form proto://[username[:password]@]host:port | -| DNS | virtual | -d, --dns | DNS handling strategy [default: virtual] [possible values: virtual, over-tcp, direct] | -| MODE | auto | -s, --setup | Routing and system setup [default: none] [possible values: none, auto] | -| BYPASS_IP | None | -b, --bypass | Public proxy IP used in routing setup which should bypassing the tunnel | -| VERBOSITY | info | -v, --verbosity | Verbosity level [default: info] [possible values: off, error, warn, info, debug, trace] | -| | | | | - You can then provide the running container's network to another worker container by sharing the network namespace (like kubernetes sidecar): ```bash docker run -it \ - -d \ --network "container:tun2proxy" \ ubuntu:latest ``` diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh deleted file mode 100755 index 661380c..0000000 --- a/docker/entrypoint.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - - -run() { - if [ -n "$TUN" ]; then - TUN="--tun $TUN" - fi - - if [ -n "$PROXY" ]; then - PROXY="--proxy $PROXY" - fi - - if [ -n "$DNS" ]; then - DNS="--dns $DNS" - fi - - if [ -n "$BYPASS_IP" ]; then - BYPASS_IP="--bypass $BYPASS_IP" - fi - - if [ -n "$VERBOSITY" ]; then - VERBOSITY="-v $VERBOSITY" - fi - - if [ -n "$MODE" ]; then - MODE="--setup $MODE" - fi - - echo "Bootstrap ready!! Exec Command: tun2proxy $TUN $PROXY $DNS $VERBOSITY $MODE $BYPASS_IP $@" - - exec tun2proxy $TUN $PROXY $DNS $VERBOSITY $MODE $BYPASS_IP $@ -} - - -run $@ || echo "Runing ERROR!!" diff --git a/src/lib.rs b/src/lib.rs index 00977dd..285b5ed 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -4,6 +4,7 @@ use crate::{ socks::SocksProxyManager, tun2proxy::{ConnectionManager, TunToProxy}, }; +use smoltcp::wire::IpCidr; use socks5_impl::protocol::UserKey; use std::{ net::{SocketAddr, ToSocketAddrs}, @@ -17,6 +18,7 @@ mod http; pub mod setup; mod socks; mod tun2proxy; +pub mod util; mod virtdevice; mod virtdns; #[cfg(target_os = "windows")] @@ -104,8 +106,8 @@ pub struct Options { dns_over_tcp: bool, dns_addr: Option, ipv6_enabled: bool, - bypass: Option, pub setup: bool, + bypass: Vec, } impl Options { @@ -140,8 +142,10 @@ impl Options { self } - pub fn with_bypass(mut self, ip: Option) -> Self { - self.bypass = ip; + pub fn with_bypass_ips<'a>(mut self, bypass_ips: impl IntoIterator) -> Self { + for bypass_ip in bypass_ips { + self.bypass.push(*bypass_ip); + } self } } diff --git a/src/main.rs b/src/main.rs index c680e85..06d42c4 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,5 +1,7 @@ use clap::Parser; +use smoltcp::wire::IpCidr; use std::{net::IpAddr, process::ExitCode}; +use tun2proxy::util::str_to_cidr; use tun2proxy::{error::Error, main_entry, NetworkInterface, Options, Proxy}; #[cfg(target_os = "linux")] @@ -41,9 +43,9 @@ struct Args { #[arg(short, long, value_name = "method", value_enum, default_value = if cfg!(target_os = "linux") { "none" } else { "auto" })] setup: Option, - /// Public proxy IP used in routing setup which should bypassing the tunnel - #[arg(short, long, value_name = "IP")] - bypass: Option, + /// IPs used in routing setup which should bypass the tunnel + #[arg(short, long, value_name = "IP|CIDR")] + bypass: Vec, /// Verbosity level #[arg(short, long, value_name = "level", value_enum, default_value = "info")] @@ -53,7 +55,7 @@ struct Args { /// DNS query handling strategy /// - Virtual: Intercept DNS queries and resolve them locally with a fake IP address /// - OverTcp: Use TCP to send DNS queries to the DNS server -/// - Direct: Looks as general UDP traffic but change the destination to the DNS server +/// - Direct: Do not handle DNS by relying on DNS server bypassing #[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, clap::ValueEnum)] enum ArgDns { Virtual, @@ -117,20 +119,28 @@ fn main() -> ExitCode { } }; - let bypass_tun_ip = match args.bypass { - Some(addr) => addr, - None => args.proxy.addr.ip(), - }; - options = options.with_bypass(Some(bypass_tun_ip)); - options.setup = args.setup.map(|s| s == ArgSetup::Auto).unwrap_or(false); let block = || -> Result<(), Error> { + let mut bypass_ips = Vec::::new(); + for cidr_str in args.bypass { + bypass_ips.push(str_to_cidr(&cidr_str)?); + } + if bypass_ips.is_empty() { + let prefix_len = if args.proxy.addr.ip().is_ipv6() { 128 } else { 32 }; + bypass_ips.push(IpCidr::new(args.proxy.addr.ip().into(), prefix_len)) + } + + options = options.with_bypass_ips(&bypass_ips); + #[cfg(target_os = "linux")] - if options.setup { - let mut setup = Setup::new(&args.tun, &bypass_tun_ip, get_default_cidrs(), args.bypass.is_some()); - setup.configure()?; - setup.drop_privileges()?; + { + let mut setup: Setup; + if options.setup { + setup = Setup::new(&args.tun, bypass_ips, get_default_cidrs()); + setup.configure()?; + setup.drop_privileges()?; + } } main_entry(&interface, &args.proxy, options)?; diff --git a/src/setup.rs b/src/setup.rs index 51e004f..228653b 100644 --- a/src/setup.rs +++ b/src/setup.rs @@ -8,7 +8,7 @@ use std::{ ffi::OsStr, fs, io::BufRead, - net::{IpAddr, Ipv4Addr, Ipv6Addr}, + net::{Ipv4Addr, Ipv6Addr}, os::unix::io::RawFd, process::{Command, Output}, str::FromStr, @@ -17,11 +17,10 @@ use std::{ #[derive(Clone)] pub struct Setup { routes: Vec, - tunnel_bypass_addr: IpAddr, - allow_private: bool, + tunnel_bypass_addrs: Vec, tun: String, set_up: bool, - delete_proxy_route: bool, + delete_proxy_routes: Vec, child: libc::pid_t, unmount_resolvconf: bool, restore_resolvconf_data: Option>, @@ -76,35 +75,41 @@ where impl Setup { pub fn new( tun: impl Into, - tunnel_bypass_addr: &IpAddr, + tunnel_bypass_addrs: impl IntoIterator, routes: impl IntoIterator, - allow_private: bool, ) -> Self { let routes_cidr = routes.into_iter().collect(); + let bypass_cidrs = tunnel_bypass_addrs.into_iter().collect(); Self { tun: tun.into(), - tunnel_bypass_addr: *tunnel_bypass_addr, - allow_private, + tunnel_bypass_addrs: bypass_cidrs, routes: routes_cidr, set_up: false, - delete_proxy_route: false, + delete_proxy_routes: Vec::::new(), child: 0, unmount_resolvconf: false, restore_resolvconf_data: None, } } - fn route_proxy_address(&mut self) -> Result { - let route_show_args = if self.tunnel_bypass_addr.is_ipv6() { + fn bypass_cidr(cidr: &IpCidr) -> Result { + let is_ipv6 = match cidr { + IpCidr::Ipv4(_) => false, + IpCidr::Ipv6(_) => true, + }; + let route_show_args = if is_ipv6 { ["ip", "-6", "route", "show"] } else { ["ip", "-4", "route", "show"] }; - let routes = run_iproute(route_show_args, "failed to get routing table", true)?; + let routes = run_iproute( + route_show_args, + "failed to get routing table through the ip command", + true, + )?; let mut route_info = Vec::<(IpCidr, Vec)>::new(); - for line in routes.stdout.lines() { if line.is_err() { break; @@ -117,15 +122,11 @@ impl Setup { let mut split = line.split_whitespace(); let mut dst_str = split.next().unwrap(); if dst_str == "default" { - dst_str = if self.tunnel_bypass_addr.is_ipv6() { - "::/0" - } else { - "0.0.0.0/0" - } + dst_str = if is_ipv6 { "::/0" } else { "0.0.0.0/0" } } let (addr_str, prefix_len_str) = match dst_str.split_once(['/']) { - None => (dst_str, if self.tunnel_bypass_addr.is_ipv6() { "128" } else { "32" }), + None => (dst_str, if is_ipv6 { "128" } else { "32" }), Some((addr_str, prefix_len_str)) => (addr_str, prefix_len_str), }; @@ -140,19 +141,19 @@ impl Setup { // Sort routes by prefix length, the most specific route comes first. route_info.sort_by(|entry1, entry2| entry2.0.prefix_len().cmp(&entry1.0.prefix_len())); - for (cidr, route_components) in route_info { - if !cidr.contains_addr(&smoltcp::wire::IpAddress::from(self.tunnel_bypass_addr)) { + for (route_cidr, route_components) in route_info { + if !route_cidr.contains_subnet(cidr) { continue; } // The IP address is routed through a more specific route than the default route. // In this case, there is nothing to do. - if cidr.prefix_len() != 0 { + if route_cidr.prefix_len() != 0 { break; } let mut proxy_route = vec!["ip".into(), "route".into(), "add".into()]; - proxy_route.push(self.tunnel_bypass_addr.to_string()); + proxy_route.push(cidr.to_string()); proxy_route.extend(route_components.into_iter()); run_iproute(proxy_route, "failed to clone route for proxy", false)?; return Ok(true); @@ -235,14 +236,17 @@ impl Setup { self.set_up = false; log::info!("[{}] Restoring network configuration", nix::unistd::getpid()); let _ = Command::new("ip").args(["link", "del", self.tun.as_str()]).output(); - if self.delete_proxy_route { + + for cidr in &self.delete_proxy_routes { let _ = Command::new("ip") - .args(["route", "del", self.tunnel_bypass_addr.to_string().as_str()]) + .args(["route", "del", cidr.to_string().as_str()]) .output(); } + if self.unmount_resolvconf { nix::mount::umount("/etc/resolv.conf")?; } + if let Some(data) = &self.restore_resolvconf_data { fs::write("/etc/resolv.conf", data)?; } @@ -259,8 +263,6 @@ impl Setup { )?; self.set_up = true; - let _tun_name = self.tun.clone(); - let _proxy_ip = self.tunnel_bypass_addr; run_iproute( ["ip", "link", "set", self.tun.as_str(), "up"], @@ -268,8 +270,13 @@ impl Setup { true, )?; - let delete_proxy_route = self.route_proxy_address()?; - self.delete_proxy_route = delete_proxy_route; + let mut delete_proxy_route = Vec::::new(); + for cidr in &self.tunnel_bypass_addrs { + if Self::bypass_cidr(cidr)? { + delete_proxy_route.push(*cidr); + } + } + self.delete_proxy_routes = delete_proxy_route; self.setup_resolv_conf()?; self.add_tunnel_routes()?; @@ -321,14 +328,6 @@ impl Setup { return Err("Automatic setup requires root privileges".into()); } - if self.tunnel_bypass_addr.is_loopback() && !self.allow_private { - log::warn!( - "The proxy address {} is a loopback address. You may need to manually \ - provide --bypass-ip to specify the server IP bypassing the tunnel", - self.tunnel_bypass_addr - ) - } - let (read_from_child, write_to_parent) = nix::unistd::pipe()?; match fork::fork() { Ok(Fork::Child) => { diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 09bb7cb..8c4bdc5 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -259,7 +259,7 @@ impl<'a> TunToProxy<'a> { #[cfg(target_os = "windows")] if options.setup { - tun.setup_config(options.bypass, options.dns_addr)?; + tun.setup_config(&options.bypass, options.dns_addr)?; } let poll = Poll::new()?; diff --git a/src/util.rs b/src/util.rs new file mode 100644 index 0000000..dff0b53 --- /dev/null +++ b/src/util.rs @@ -0,0 +1,22 @@ +use crate::error::Error; +use smoltcp::wire::IpCidr; +use std::net::IpAddr; +use std::str::FromStr; + +pub fn str_to_cidr(s: &str) -> Result { + // IpCidr's FromString implementation requires the netmask to be specified. + // Try to parse as IP address without netmask before falling back. + match IpAddr::from_str(s) { + Err(_) => (), + Ok(cidr) => { + let prefix_len = if cidr.is_ipv4() { 32 } else { 128 }; + return Ok(IpCidr::new(cidr.into(), prefix_len)); + } + }; + + let cidr = IpCidr::from_str(s); + match cidr { + Err(()) => Err("Invalid CIDR: ".into()), + Ok(cidr) => Ok(cidr), + } +} diff --git a/src/wintuninterface.rs b/src/wintuninterface.rs index ab4e4eb..9706043 100644 --- a/src/wintuninterface.rs +++ b/src/wintuninterface.rs @@ -1,4 +1,5 @@ use mio::{event, windows::NamedPipe, Interest, Registry, Token}; +use smoltcp::wire::IpCidr; use smoltcp::{ phy::{self, Device, DeviceCapabilities, Medium}, time::Instant, @@ -225,7 +226,11 @@ impl WinTunInterface { Ok(()) } - pub fn setup_config(&mut self, bypass_ip: Option, dns_addr: Option) -> Result<(), io::Error> { + pub fn setup_config<'a>( + &mut self, + bypass_ips: impl IntoIterator, + dns_addr: Option, + ) -> Result<(), io::Error> { let adapter = self.wintun_session.get_adapter(); // Setup the adapter's address/mask/gateway @@ -261,7 +266,7 @@ impl WinTunInterface { // 3. route the bypass ip to the old gateway // command: `route add bypass_ip old_gateway metric 1` - if let Some(bypass_ip) = bypass_ip { + for bypass_ip in bypass_ips { let args = &["add", &bypass_ip.to_string(), &old_gateway.to_string(), "metric", "1"]; run_command("route", args)?; log::info!("route {:?}", args); diff --git a/tests/proxy.rs b/tests/proxy.rs index 3ced894..a2521ac 100644 --- a/tests/proxy.rs +++ b/tests/proxy.rs @@ -11,8 +11,10 @@ mod tests { use nix::sys::signal; use nix::unistd::Pid; use serial_test::serial; + use smoltcp::wire::IpCidr; use tun2proxy::setup::{get_default_cidrs, Setup}; + use tun2proxy::util::str_to_cidr; use tun2proxy::{main_entry, NetworkInterface, Options, Proxy, ProxyType}; #[derive(Clone, Debug)] @@ -66,12 +68,17 @@ mod tests { continue; } - let bypass_ip = match env::var("BYPASS_IP") { - Err(_) => test.proxy.addr.ip(), - Ok(ip_str) => IpAddr::from_str(ip_str.as_str()).unwrap(), + let mut bypass_ips = Vec::::new(); + + match env::var("BYPASS_IP") { + Err(_) => { + let prefix_len = if test.proxy.addr.ip().is_ipv6() { 128 } else { 32 }; + bypass_ips.push(IpCidr::new(test.proxy.addr.ip().into(), prefix_len)); + } + Ok(ip_str) => bypass_ips.push(str_to_cidr(&ip_str).expect("Invalid bypass IP")), }; - let mut setup = Setup::new(TUN_TEST_DEVICE, &bypass_ip, get_default_cidrs(), false); + let mut setup = Setup::new(TUN_TEST_DEVICE, bypass_ips, get_default_cidrs()); setup.configure().unwrap(); match fork::fork() { From 0ab52c623b2360dafc8344d6fbad874442929a6b Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Mon, 30 Oct 2023 20:44:28 +0100 Subject: [PATCH 144/401] Fix virtual DNS --- src/dns.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/dns.rs b/src/dns.rs index be95646..1c46dab 100644 --- a/src/dns.rs +++ b/src/dns.rs @@ -8,6 +8,7 @@ use trust_dns_proto::{ op::{Message, ResponseCode}, rr::{record_type::RecordType, Name, RData, Record}, }; +use trust_dns_proto::op::{Edns, MessageType}; #[cfg(feature = "use-rand")] pub fn build_dns_request(domain: &str, query_type: RecordType, used_by_tcp: bool) -> Result, String> { @@ -46,6 +47,7 @@ pub fn build_dns_response(mut request: Message, domain: &str, ip: IpAddr, ttl: u record } }; + request.set_message_type(MessageType::Response); request.add_answer(record); Ok(request) } From e3494d921cd61726bba631b34151f2ed4792b1ec Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Mon, 30 Oct 2023 20:48:01 +0100 Subject: [PATCH 145/401] Add comment for DNS fix --- src/dns.rs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/dns.rs b/src/dns.rs index 1c46dab..1d9ee61 100644 --- a/src/dns.rs +++ b/src/dns.rs @@ -4,11 +4,11 @@ use std::{ net::{IpAddr, Ipv4Addr, SocketAddr}, str::FromStr, }; +use trust_dns_proto::op::MessageType; use trust_dns_proto::{ op::{Message, ResponseCode}, rr::{record_type::RecordType, Name, RData, Record}, }; -use trust_dns_proto::op::{Edns, MessageType}; #[cfg(feature = "use-rand")] pub fn build_dns_request(domain: &str, query_type: RecordType, used_by_tcp: bool) -> Result, String> { @@ -47,7 +47,11 @@ pub fn build_dns_response(mut request: Message, domain: &str, ip: IpAddr, ttl: u record } }; + + // We must indicate that this message is a response. Otherwise, implementations may not + // recognize it. request.set_message_type(MessageType::Response); + request.add_answer(record); Ok(request) } From 980ae0172e96b56fce4a38511725a4f6977e7def Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Mon, 30 Oct 2023 22:57:16 +0100 Subject: [PATCH 146/401] Bump version 0.1.10 --- Cargo.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 7fa53cf..09db757 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,8 +1,8 @@ [package] -authors = ["B. Blechschmidt"] +authors = ["B. Blechschmidt", "ssrlive"] edition = "2021" name = "tun2proxy" -version = "0.1.9" +version = "0.1.10" [lib] crate-type = ["cdylib", "lib"] From 286ce0ca6d9aa8510d3dc635aabeffbc5c49ed43 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Fri, 3 Nov 2023 20:28:31 +0100 Subject: [PATCH 147/401] Add very basic and dirty iperf test --- tests/iperf/dante.conf | 24 ++++++++++++++++++++++++ tests/iperf/test.sh | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 tests/iperf/dante.conf create mode 100755 tests/iperf/test.sh diff --git a/tests/iperf/dante.conf b/tests/iperf/dante.conf new file mode 100644 index 0000000..b723f5b --- /dev/null +++ b/tests/iperf/dante.conf @@ -0,0 +1,24 @@ +# logoutput: /var/log/socks.log +internal: 10.0.0.3 +external: 10.0.0.3 +clientmethod: none +socksmethod: none +user.privileged: root +user.notprivileged: nobody + +client pass { + from: 0/0 to: 0/0 + log: error connect disconnect +} + +socks pass { + from: 0/0 to: 0/0 + command: bind connect udpassociate + log: error connect disconnect + socksmethod: none +} + +socks pass { + from: 0.0.0.0/0 to: 0.0.0.0/0 + command: bindreply udpreply +} diff --git a/tests/iperf/test.sh b/tests/iperf/test.sh new file mode 100755 index 0000000..29e1a6f --- /dev/null +++ b/tests/iperf/test.sh @@ -0,0 +1,39 @@ +netns="test" +dante="sockd" +tun2proxy="../../target/release/tun2proxy" + +ip netns add "$netns" + +ip link add veth0 type veth peer name veth0 netns "$netns" + +# Configure veth0 in default ns +ip addr add 10.0.0.2/24 dev veth0 +ip link set dev veth0 up + +# Configure veth0 in child ns +ip netns exec "$netns" ip addr add 10.0.0.3/24 dev veth0 +ip netns exec "$netns" ip addr add 10.0.0.4/24 dev veth0 +ip netns exec "$netns" ip link set dev veth0 up + +# Configure lo interface in child ns +ip netns exec "$netns" ip addr add 127.0.0.1/8 dev lo +ip netns exec "$netns" ip link set dev lo up + +echo "Starting Dante in background ..." +ip netns exec "$netns" "$dante" -f dante.conf & + +# Start iperf server in netns +ip netns exec "$netns" iperf -s -B 10.0.0.4 & + +sleep 1 + +# Prepare tun2proxy +ip tuntap add name tun0 mode tun +ip link set tun0 up +ip route add 10.0.0.4 dev tun0 +"$tun2proxy" --proxy socks5://10.0.0.3:1080 & + +# Run iperf client through tun2proxy +iperf -c 10.0.0.4 + +iperf -c 10.0.0.4 -R From c4ed29b234974224bc9a302e0fbe4caac6eea889 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Fri, 3 Nov 2023 22:45:27 +0100 Subject: [PATCH 148/401] Remove unnecessary SOCKS buffer --- src/socks.rs | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/src/socks.rs b/src/socks.rs index c7b60aa..4ec8570 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -27,7 +27,6 @@ struct SocksProxyImpl { server_inbuf: VecDeque, client_outbuf: VecDeque, server_outbuf: VecDeque, - data_buf: VecDeque, version: Version, credentials: Option, command: protocol::Command, @@ -48,7 +47,6 @@ impl SocksProxyImpl { server_inbuf: VecDeque::default(), client_outbuf: VecDeque::default(), server_outbuf: VecDeque::default(), - data_buf: VecDeque::default(), version, credentials, command, @@ -131,8 +129,6 @@ impl SocksProxyImpl { } self.server_inbuf.drain(0..8); - self.server_outbuf.append(&mut self.data_buf); - self.data_buf.clear(); self.state = SocksState::Established; self.state_change() @@ -230,13 +226,9 @@ impl SocksProxyImpl { } if self.command == protocol::Command::UdpAssociate { self.udp_associate = Some(SocketAddr::try_from(&response.address)?); - assert!(self.data_buf.is_empty()); log::trace!("UDP associate recieved address {}", response.address); } - self.server_outbuf.append(&mut self.data_buf); - self.data_buf.clear(); - self.state = SocksState::Established; self.state_change() } @@ -280,11 +272,7 @@ impl ProxyHandler for SocksProxyImpl { self.server_inbuf.extend(buffer.iter()); } IncomingDirection::FromClient => { - if self.state == SocksState::Established { - self.client_inbuf.extend(buffer.iter()); - } else { - self.data_buf.extend(buffer.iter()); - } + self.client_inbuf.extend(buffer.iter()); } } @@ -318,7 +306,7 @@ impl ProxyHandler for SocksProxyImpl { match dir { Direction::Incoming(incoming) => match incoming { IncomingDirection::FromServer => self.server_inbuf.len(), - IncomingDirection::FromClient => self.client_inbuf.len().max(self.data_buf.len()), + IncomingDirection::FromClient => self.client_inbuf.len(), }, Direction::Outgoing(outgoing) => match outgoing { OutgoingDirection::ToServer => self.server_outbuf.len(), From fe85ecd15c7e9598a720acd0620230eac904e1e8 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sat, 4 Nov 2023 12:28:38 +0800 Subject: [PATCH 149/401] iperf3 testing script --- tests/iperf/test.sh | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/tests/iperf/test.sh b/tests/iperf/test.sh index 29e1a6f..09fd0b4 100755 --- a/tests/iperf/test.sh +++ b/tests/iperf/test.sh @@ -1,6 +1,13 @@ +#!/bin/bash + +# sudo apt install iperf3 dante-server + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +echo $SCRIPT_DIR + netns="test" -dante="sockd" -tun2proxy="../../target/release/tun2proxy" +dante="danted" +tun2proxy="${SCRIPT_DIR}/../../target/release/tun2proxy" ip netns add "$netns" @@ -20,10 +27,10 @@ ip netns exec "$netns" ip addr add 127.0.0.1/8 dev lo ip netns exec "$netns" ip link set dev lo up echo "Starting Dante in background ..." -ip netns exec "$netns" "$dante" -f dante.conf & +ip netns exec "$netns" "$dante" -f ${SCRIPT_DIR}/dante.conf & -# Start iperf server in netns -ip netns exec "$netns" iperf -s -B 10.0.0.4 & +# Start iperf3 server in netns +ip netns exec "$netns" iperf3 -s -B 10.0.0.4 & sleep 1 @@ -34,6 +41,6 @@ ip route add 10.0.0.4 dev tun0 "$tun2proxy" --proxy socks5://10.0.0.3:1080 & # Run iperf client through tun2proxy -iperf -c 10.0.0.4 +iperf3 -c 10.0.0.4 -iperf -c 10.0.0.4 -R +iperf3 -c 10.0.0.4 -R From 9396db4a5221e0952436c4a86ce5c1b50be28293 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sat, 4 Nov 2023 14:34:47 +0800 Subject: [PATCH 150/401] test code --- src/tun2proxy.rs | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 8c4bdc5..6792490 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -189,6 +189,7 @@ struct ConnectionState { udp_token: Option, udp_data_cache: LinkedList>, dns_over_tcp_expiry: Option<::std::time::Instant>, + is_tcp_closed: bool, } pub(crate) trait ProxyHandler { @@ -580,7 +581,7 @@ impl<'a> TunToProxy<'a> { state.dns_over_tcp_expiry = Some(Self::common_udp_life_timeout()); let mut vecbuf = vec![]; - Self::read_data_from_tcp_stream(&mut state.mio_stream, |data| { + Self::read_data_from_tcp_stream(&mut state.mio_stream, &mut state.is_tcp_closed, |data| { vecbuf.extend_from_slice(data); Ok(()) })?; @@ -835,6 +836,7 @@ impl<'a> TunToProxy<'a> { origin_dst: dst, udp_data_cache: LinkedList::new(), dns_over_tcp_expiry: None, + is_tcp_closed: false, }; Ok(state) } @@ -852,13 +854,25 @@ impl<'a> TunToProxy<'a> { false } - fn clearup_expired_udp_associate(&mut self) -> Result<()> { + fn tcp_is_closed(&self, info: &ConnectionInfo) -> bool { + if let Some(state) = self.connection_map.get(info) { + return state.is_tcp_closed; + } + false + } + + fn clearup_expired_connection(&mut self) -> Result<()> { let keys = self.connection_map.keys().cloned().collect::>(); for key in keys { if self.udp_associate_timeout_expired(&key) { log::trace!("UDP associate timeout: {}", key); self.remove_connection(&key)?; } + + if self.tcp_is_closed(&key) { + log::trace!("TCP closed: {}", key); + self.remove_connection(&key)?; + } } Ok(()) } @@ -1061,7 +1075,7 @@ impl<'a> TunToProxy<'a> { // TODO: Move this reading process to its own function. let mut vecbuf = vec![]; - Self::read_data_from_tcp_stream(&mut state.mio_stream, |data| { + Self::read_data_from_tcp_stream(&mut state.mio_stream, &mut state.is_tcp_closed, |data| { vecbuf.extend_from_slice(data); Ok(()) })?; @@ -1130,7 +1144,7 @@ impl<'a> TunToProxy<'a> { Ok(()) } - fn read_data_from_tcp_stream(stream: &mut TcpStream, mut callback: F) -> Result<()> + fn read_data_from_tcp_stream(stream: &mut TcpStream, is_closed: &mut bool, mut callback: F) -> Result<()> where F: FnMut(&mut [u8]) -> Result<()>, { @@ -1139,6 +1153,7 @@ impl<'a> TunToProxy<'a> { match stream.read(&mut tmp) { Ok(0) => { // The tcp connection closed + *is_closed = true; break; } Ok(read_result) => { @@ -1219,7 +1234,7 @@ impl<'a> TunToProxy<'a> { } } self.send_to_smoltcp()?; - self.clearup_expired_udp_associate()?; + self.clearup_expired_connection()?; self.clearup_expired_dns_over_tcp()?; } } From 0e654eb4bd8444f8fab7aa321831734147d0e317 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Mon, 6 Nov 2023 20:03:40 +0800 Subject: [PATCH 151/401] Ctrlc issues (#75) --- Cargo.toml | 2 +- src/error.rs | 4 ++-- src/tun2proxy.rs | 55 ++++++++++++++++++++++++------------------------ tests/proxy.rs | 5 +---- 4 files changed, 32 insertions(+), 34 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 09db757..0b5f4e5 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,7 +10,7 @@ crate-type = ["cdylib", "lib"] [dependencies] base64 = { version = "0.21" } clap = { version = "4.4", features = ["derive"] } -ctrlc = "3.4" +ctrlc2 = { version = "3.5", features = ["termination"] } digest_auth = "0.3" dotenvy = "0.15" env_logger = "0.10" diff --git a/src/error.rs b/src/error.rs index 2e3d393..e2360ed 100644 --- a/src/error.rs +++ b/src/error.rs @@ -3,8 +3,8 @@ pub enum Error { #[error("std::ffi::NulError {0:?}")] Nul(#[from] std::ffi::NulError), - #[error("ctrlc::Error {0:?}")] - InterruptHandler(#[from] ctrlc::Error), + #[error("ctrlc2::Error {0:?}")] + InterruptHandler(#[from] ctrlc2::Error), #[error(transparent)] Io(#[from] std::io::Error), diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 6792490..994eeab 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -1176,53 +1176,50 @@ impl<'a> TunToProxy<'a> { } #[cfg(any(target_os = "windows", target_os = "linux", target_os = "macos"))] - fn prepare_exiting_signal_trigger(&mut self) -> Result<()> { + fn prepare_exiting_signal_trigger(&mut self) -> Result> { let mut exit_trigger = self.exit_trigger.take().ok_or("Already running")?; - ctrlc::set_handler(move || { - let mut count = 0; - loop { - match exit_trigger.write(b"EXIT") { - Ok(_) => { - log::trace!("Exit signal triggered successfully"); - break; - } - Err(err) if err.kind() == std::io::ErrorKind::WouldBlock => { - if count > 5 { - log::error!("Send exit signal failed 5 times, exit anyway"); - std::process::exit(1); - } - log::trace!("Send exit signal failed, retry in 1 second"); - std::thread::sleep(std::time::Duration::from_secs(1)); - count += 1; - } - Err(err) => { - log::error!("Failed to send exit signal: \"{}\"", err); - break; + let mut count = 0; + let handle = ctrlc2::set_handler(move || -> bool { + match exit_trigger.write(b"EXIT") { + Ok(_) => { + log::trace!("Exit signal triggered successfully"); + true + } + Err(err) if err.kind() == std::io::ErrorKind::WouldBlock => { + if count > 5 { + log::error!("Send exit signal failed 5 times, exit anyway"); + return true; // std::process::exit(1); } + count += 1; + false + } + Err(err) => { + log::error!("Failed to send exit signal: \"{}\"", err); + true } } })?; - Ok(()) + Ok(handle) } pub fn run(&mut self) -> Result<(), Error> { #[cfg(any(target_os = "windows", target_os = "linux", target_os = "macos"))] - self.prepare_exiting_signal_trigger()?; + let handle = self.prepare_exiting_signal_trigger()?; let mut events = Events::with_capacity(1024); - loop { + let ret = 'exit_point: loop { if let Err(err) = self.poll.poll(&mut events, None) { if err.kind() == std::io::ErrorKind::Interrupted { log::debug!("Poll interrupted: \"{err}\", ignored, continue polling"); continue; } - return Err(err.into()); + break 'exit_point Err(Error::from(err)); } for event in events.iter() { match event.token() { EXIT_TOKEN => { if self.exiting_event_handler()? { - return Ok(()); + break 'exit_point Ok(()); } } EXIT_TRIGGER_TOKEN => { @@ -1236,7 +1233,11 @@ impl<'a> TunToProxy<'a> { self.send_to_smoltcp()?; self.clearup_expired_connection()?; self.clearup_expired_dns_over_tcp()?; - } + }; + #[cfg(any(target_os = "windows", target_os = "linux", target_os = "macos"))] + handle.join().unwrap(); + log::trace!("{:?}", ret); + ret } fn exiting_event_handler(&mut self) -> Result { diff --git a/tests/proxy.rs b/tests/proxy.rs index a2521ac..4dcc043 100644 --- a/tests/proxy.rs +++ b/tests/proxy.rs @@ -3,15 +3,12 @@ mod tests { extern crate reqwest; - use std::env; - use std::net::IpAddr; - use std::str::FromStr; - use fork::Fork; use nix::sys::signal; use nix::unistd::Pid; use serial_test::serial; use smoltcp::wire::IpCidr; + use std::env; use tun2proxy::setup::{get_default_cidrs, Setup}; use tun2proxy::util::str_to_cidr; From 3879e0432792b7f53423fb3d15b0d704e5422a85 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Wed, 8 Nov 2023 13:35:44 +0800 Subject: [PATCH 152/401] minor reading issues --- src/tun2proxy.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 994eeab..b0613f1 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -1167,6 +1167,7 @@ impl<'a> TunToProxy<'a> { // Hardware or software interrupt, continue polling. continue; } else { + *is_closed = true; return Err(error.into()); } } From 67c2aa1a22b4e630a0532cb96fe463fbdc529e64 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Wed, 8 Nov 2023 21:14:22 +0100 Subject: [PATCH 153/401] Remove unnecessary buffer --- src/http.rs | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/src/http.rs b/src/http.rs index 7ebd02e..52b1b1d 100644 --- a/src/http.rs +++ b/src/http.rs @@ -45,7 +45,6 @@ pub struct HttpConnection { server_inbuf: VecDeque, client_outbuf: VecDeque, server_outbuf: VecDeque, - data_buf: VecDeque, crlf_state: u8, counter: usize, skip: usize, @@ -73,7 +72,6 @@ impl HttpConnection { server_inbuf: VecDeque::default(), client_outbuf: VecDeque::default(), server_outbuf: VecDeque::default(), - data_buf: VecDeque::default(), skip: 0, counter: 0, crlf_state: 0, @@ -182,10 +180,6 @@ impl HttpConnection { // Connection successful self.state = HttpState::Established; self.server_inbuf.clear(); - - self.server_outbuf.append(&mut self.data_buf); - self.data_buf.clear(); - return self.state_change(); } @@ -330,11 +324,7 @@ impl ProxyHandler for HttpConnection { self.server_inbuf.extend(buffer.iter()); } IncomingDirection::FromClient => { - if self.state == HttpState::Established { - self.client_inbuf.extend(buffer.iter()); - } else { - self.data_buf.extend(buffer.iter()); - } + self.client_inbuf.extend(buffer.iter()); } } @@ -370,7 +360,7 @@ impl ProxyHandler for HttpConnection { match dir { Direction::Incoming(incoming) => match incoming { IncomingDirection::FromServer => self.server_inbuf.len(), - IncomingDirection::FromClient => self.client_inbuf.len().max(self.data_buf.len()), + IncomingDirection::FromClient => self.client_inbuf.len(), }, Direction::Outgoing(outgoing) => match outgoing { OutgoingDirection::ToServer => self.server_outbuf.len(), From 07ec58532d2d18e6a241e6d2ed564636284b0023 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Thu, 9 Nov 2023 20:27:17 +0100 Subject: [PATCH 154/401] Add Docker publish action --- .github/workflows/publish-docker.yml | 48 ++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 .github/workflows/publish-docker.yml diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml new file mode 100644 index 0000000..ca6ae54 --- /dev/null +++ b/.github/workflows/publish-docker.yml @@ -0,0 +1,48 @@ +# +name: Create and publish a Docker image + +# Configures this workflow to run every time a change is pushed to the branch called `release`. +on: + push: + tags: [ 'v*.*.*' ] + +# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds. +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu. +jobs: + build-and-push-image: + runs-on: ubuntu-latest + # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. + permissions: + contents: read + packages: write + # + steps: + - name: Checkout repository + uses: actions/checkout@v4 + # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. + # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. + # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. + - name: Build and push Docker image + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} From 4016e401b2537086273c05de412bd084c127ae4f Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Thu, 9 Nov 2023 20:34:56 +0100 Subject: [PATCH 155/401] Only publish on semver tag --- .github/workflows/publish-exe.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-exe.yml b/.github/workflows/publish-exe.yml index 7bad5a7..477f267 100644 --- a/.github/workflows/publish-exe.yml +++ b/.github/workflows/publish-exe.yml @@ -1,7 +1,7 @@ on: push: tags: - - "*" + - "v*.*.*" name: Publish Releases From e5041e6d9ec5e19329215beb54a5f1ff8f1b6999 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Mon, 13 Nov 2023 12:02:19 +0800 Subject: [PATCH 156/401] Memory leak fixing (#77) * incoming packet with FIN or RST * read_server_n_write_proxy_handler * testing script * Interest::WRITABLE and continue_read * read_data_from_tcp_stream * logging hide * test * script iperf --- .github/workflows/format-build.yml | 18 ++++ src/tun2proxy.rs | 161 ++++++++++++++++++++++------- tests/iperf/dante.conf | 2 +- tests/iperf/test.sh | 8 +- 4 files changed, 148 insertions(+), 41 deletions(-) diff --git a/.github/workflows/format-build.yml b/.github/workflows/format-build.yml index 6fefc0f..9469bf9 100644 --- a/.github/workflows/format-build.yml +++ b/.github/workflows/format-build.yml @@ -53,3 +53,21 @@ jobs: args: -- -D warnings - name: Build run: cargo build --verbose + + iperf: + name: Iperf + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions-rs/toolchain@v1 + with: + profile: minimal + toolchain: stable + override: true + - uses: actions-rs/cargo@v1 + with: + command: build + args: --release + - run: sudo apt-get install -y iperf3 dante-server + - run: sudo systemctl stop danted + - run: sudo tests/iperf/test.sh diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index b0613f1..121f298 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -97,6 +97,7 @@ fn get_transport_info( protocol: IpProtocol, transport_offset: usize, packet: &[u8], + is_closed: &mut bool, ) -> Result<((u16, u16), bool, usize, usize)> { match protocol { IpProtocol::Udp => UdpPacket::new_checked(packet) @@ -111,6 +112,7 @@ fn get_transport_info( .map_err(|e| e.into()), IpProtocol::Tcp => TcpPacket::new_checked(packet) .map(|result| { + *is_closed = result.fin() || result.rst(); let header_len = result.header_len() as usize; ( (result.src_port(), result.dst_port()), @@ -124,7 +126,7 @@ fn get_transport_info( } } -fn connection_tuple(frame: &[u8]) -> Result<(ConnectionInfo, bool, usize, usize)> { +fn connection_tuple(frame: &[u8], is_closed: &mut bool) -> Result<(ConnectionInfo, bool, usize, usize)> { if let Ok(packet) = Ipv4Packet::new_checked(frame) { let protocol = packet.next_header(); @@ -136,7 +138,7 @@ fn connection_tuple(frame: &[u8]) -> Result<(ConnectionInfo, bool, usize, usize) let header_len = packet.header_len().into(); let (ports, first_packet, payload_offset, payload_size) = - get_transport_info(protocol, header_len, &frame[header_len..])?; + get_transport_info(protocol, header_len, &frame[header_len..], is_closed)?; let info = ConnectionInfo::new( SocketAddr::new(src_addr, ports.0), SocketAddr::new(dst_addr, ports.1).into(), @@ -157,7 +159,7 @@ fn connection_tuple(frame: &[u8]) -> Result<(ConnectionInfo, bool, usize, usize) let header_len = packet.header_len(); let (ports, first_packet, payload_offset, payload_size) = - get_transport_info(protocol, header_len, &frame[header_len..])?; + get_transport_info(protocol, header_len, &frame[header_len..], is_closed)?; let info = ConnectionInfo::new( SocketAddr::new(src_addr, ports.0), SocketAddr::new(dst_addr, ports.1).into(), @@ -190,6 +192,7 @@ struct ConnectionState { udp_data_cache: LinkedList>, dns_over_tcp_expiry: Option<::std::time::Instant>, is_tcp_closed: bool, + continue_read: bool, } pub(crate) trait ProxyHandler { @@ -265,16 +268,17 @@ impl<'a> TunToProxy<'a> { let poll = Poll::new()?; + let interests = Interest::READABLE | Interest::WRITABLE; + #[cfg(target_family = "unix")] poll.registry() - .register(&mut SourceFd(&tun.as_raw_fd()), TUN_TOKEN, Interest::READABLE)?; + .register(&mut SourceFd(&tun.as_raw_fd()), TUN_TOKEN, interests)?; #[cfg(target_os = "windows")] { - let interest = Interest::READABLE | Interest::WRITABLE; - poll.registry().register(&mut tun, TUN_TOKEN, interest)?; + poll.registry().register(&mut tun, TUN_TOKEN, interests)?; let mut pipe = NamedPipeSource(tun.pipe_client()); - poll.registry().register(&mut pipe, PIPE_TOKEN, interest)?; + poll.registry().register(&mut pipe, PIPE_TOKEN, interests)?; } #[cfg(target_family = "unix")] @@ -581,10 +585,15 @@ impl<'a> TunToProxy<'a> { state.dns_over_tcp_expiry = Some(Self::common_udp_life_timeout()); let mut vecbuf = vec![]; - Self::read_data_from_tcp_stream(&mut state.mio_stream, &mut state.is_tcp_closed, |data| { - vecbuf.extend_from_slice(data); - Ok(()) - })?; + Self::read_data_from_tcp_stream( + &mut state.mio_stream, + IP_PACKAGE_MAX_SIZE, + &mut state.is_tcp_closed, + |data| { + vecbuf.extend_from_slice(data); + Ok(()) + }, + )?; let data_event = IncomingDataEvent { direction: IncomingDirection::FromServer, @@ -708,6 +717,7 @@ impl<'a> TunToProxy<'a> { info: &ConnectionInfo, origin_dst: SocketAddr, frame: &[u8], + is_closed: bool, ) -> Result<()> { if first_packet { let proxy_handler = manager.new_proxy_handler(info, false)?; @@ -723,6 +733,10 @@ impl<'a> TunToProxy<'a> { log::trace!("Subsequent packet {} ({})", info, origin_dst); } + if let Some(state) = self.connection_map.get_mut(info) { + state.is_tcp_closed = is_closed; + } + // Inject the packet to advance the remote proxy server smoltcp socket state self.device.inject_packet(frame); @@ -743,7 +757,8 @@ impl<'a> TunToProxy<'a> { // A raw packet was received on the tunnel interface. fn receive_tun(&mut self, frame: &mut [u8]) -> Result<(), Error> { let mut handler = || -> Result<(), Error> { - let result = connection_tuple(frame); + let mut is_closed = false; + let result = connection_tuple(frame, &mut is_closed); if let Err(error) = result { log::debug!("{}, ignored", error); return Ok(()); @@ -755,7 +770,7 @@ impl<'a> TunToProxy<'a> { let manager = self.get_connection_manager().ok_or("get connection manager")?; if info.protocol == IpProtocol::Tcp { - self.process_incoming_tcp_packets(first_packet, &manager, &info, origin_dst, frame)?; + self.process_incoming_tcp_packets(first_packet, &manager, &info, origin_dst, frame, is_closed)?; } else if info.protocol == IpProtocol::Udp { let port = info.dst.port(); let payload = &frame[payload_offset..payload_offset + payload_size]; @@ -837,6 +852,7 @@ impl<'a> TunToProxy<'a> { udp_data_cache: LinkedList::new(), dns_over_tcp_expiry: None, is_tcp_closed: false, + continue_read: false, }; Ok(state) } @@ -919,7 +935,7 @@ impl<'a> TunToProxy<'a> { Ok(()) } - fn write_to_client(&mut self, token: Token, info: &ConnectionInfo) -> Result<(), Error> { + fn write_to_client(&mut self, info: &ConnectionInfo) -> Result<(), Error> { while let Some(state) = self.connection_map.get_mut(info) { let event = state.proxy_handler.peek_data(OutgoingDirection::ToClient); let buflen = event.buffer.len(); @@ -933,6 +949,7 @@ impl<'a> TunToProxy<'a> { } consumed = socket.send_slice(event.buffer)?; state.proxy_handler.consume_data(OutgoingDirection::ToClient, consumed); + let token = state.token; self.expect_smoltcp_send()?; if consumed < buflen { self.write_sockets.insert(token); @@ -959,6 +976,33 @@ impl<'a> TunToProxy<'a> { rx_token.consume(|frame| self.receive_tun(frame))?; } } + + if event.is_writable() { + let items = self + .connection_map + .iter() + .filter(|(_, state)| state.continue_read) + .map(|(info, _)| info.clone()) + .collect::>(); + for conn_info in items { + let (success, len) = self.read_server_n_write_proxy_handler(&conn_info)?; + if !success { + return Ok(()); + } + let e = "connection state not found"; + let state = self.connection_map.get_mut(&conn_info).ok_or(e)?; + + if len == 0 || event.is_read_closed() { + state.wait_read = false; + state.close_state |= SERVER_WRITE_CLOSED; + Self::update_mio_socket_interest(&mut self.poll, state)?; + self.check_change_close_state(&conn_info)?; + self.expect_smoltcp_send()?; + } + self.write_to_client(&conn_info)?; + } + } + #[cfg(target_os = "windows")] if event.is_writable() { // log::trace!("Tun writable"); @@ -979,7 +1023,7 @@ impl<'a> TunToProxy<'a> { for token in self.write_sockets.clone().into_iter() { if let Some(connection) = self.find_info_by_token(token) { let connection = connection.clone(); - if let Err(error) = self.write_to_client(token, &connection) { + if let Err(error) = self.write_to_client(&connection) { log::error!("Write to client {}", error); self.remove_connection(&connection)?; } @@ -1039,6 +1083,48 @@ impl<'a> TunToProxy<'a> { Ok(()) } + fn read_server_n_write_proxy_handler(&mut self, conn_info: &ConnectionInfo) -> Result<(bool, usize), Error> { + let e = "connection state not found"; + let state = self.connection_map.get_mut(conn_info).ok_or(e)?; + state.continue_read = false; + + let mut vecbuf = vec![]; + use std::io::{Error, ErrorKind}; + let r = Self::read_data_from_tcp_stream( + &mut state.mio_stream, + IP_PACKAGE_MAX_SIZE, + &mut state.is_tcp_closed, + |data| { + vecbuf.extend_from_slice(data); + if vecbuf.len() >= IP_PACKAGE_MAX_SIZE { + return Err(Error::new(ErrorKind::OutOfMemory, "IP_PACKAGE_MAX_SIZE exceeded")); + } + Ok(()) + }, + ); + let len = vecbuf.len(); + if let Err(error) = r { + if error.kind() == ErrorKind::OutOfMemory { + state.continue_read = true; + } else { + log::error!("{}", error); + self.remove_connection(conn_info)?; + return Ok((false, len)); + } + } + + let data_event = IncomingDataEvent { + direction: IncomingDirection::FromServer, + buffer: &vecbuf, + }; + if let Err(error) = state.proxy_handler.push_data(data_event) { + log::error!("{}", error); + self.remove_connection(conn_info)?; + return Ok((false, len)); + } + Ok((true, len)) + } + fn mio_socket_event(&mut self, event: &Event) -> Result<(), Error> { if let Some(info) = self.find_info_by_udp_token(event.token()) { return self.receive_udp_packet_and_write_to_client(&info.clone()); @@ -1070,26 +1156,14 @@ impl<'a> TunToProxy<'a> { self.receive_dns_over_tcp_packet_and_write_to_client(&conn_info)?; return Ok(()); } else { - let e = "connection state not found"; - let state = self.connection_map.get_mut(&conn_info).ok_or(e)?; - - // TODO: Move this reading process to its own function. - let mut vecbuf = vec![]; - Self::read_data_from_tcp_stream(&mut state.mio_stream, &mut state.is_tcp_closed, |data| { - vecbuf.extend_from_slice(data); - Ok(()) - })?; - - let data_event = IncomingDataEvent { - direction: IncomingDirection::FromServer, - buffer: &vecbuf, - }; - if let Err(error) = state.proxy_handler.push_data(data_event) { - log::error!("{}", error); - self.remove_connection(&conn_info.clone())?; + let (success, len) = self.read_server_n_write_proxy_handler(&conn_info)?; + if !success { return Ok(()); } + let e = "connection state not found"; + let state = self.connection_map.get_mut(&conn_info).ok_or(e)?; + // The handler request for reset the server connection if state.proxy_handler.reset_connection() { if let Err(err) = self.poll.registry().deregister(&mut state.mio_stream) { @@ -1112,7 +1186,7 @@ impl<'a> TunToProxy<'a> { return Ok(()); } - if vecbuf.is_empty() || event.is_read_closed() { + if len == 0 || event.is_read_closed() { state.wait_read = false; state.close_state |= SERVER_WRITE_CLOSED; Self::update_mio_socket_interest(&mut self.poll, state)?; @@ -1123,7 +1197,7 @@ impl<'a> TunToProxy<'a> { // We have read from the proxy server and pushed the data to the connection handler. // Thus, expect data to be processed (e.g. decapsulated) and forwarded to the client. - self.write_to_client(event.token(), &conn_info)?; + self.write_to_client(&conn_info)?; // The connection handler could have produced data that is to be written to the // server. @@ -1144,11 +1218,17 @@ impl<'a> TunToProxy<'a> { Ok(()) } - fn read_data_from_tcp_stream(stream: &mut TcpStream, is_closed: &mut bool, mut callback: F) -> Result<()> + fn read_data_from_tcp_stream( + stream: &mut dyn std::io::Read, + buffer_size: usize, + is_closed: &mut bool, + mut callback: F, + ) -> std::io::Result<()> where - F: FnMut(&mut [u8]) -> Result<()>, + F: FnMut(&mut [u8]) -> std::io::Result<()>, { - let mut tmp: [u8; 4096] = [0_u8; 4096]; + assert!(buffer_size > 0); + let mut tmp = vec![0_u8; buffer_size]; loop { match stream.read(&mut tmp) { Ok(0) => { @@ -1168,7 +1248,7 @@ impl<'a> TunToProxy<'a> { continue; } else { *is_closed = true; - return Err(error.into()); + return Err(error); } } }; @@ -1216,6 +1296,9 @@ impl<'a> TunToProxy<'a> { } break 'exit_point Err(Error::from(err)); } + + log::trace!("Polling events count {}", events.iter().count()); + for event in events.iter() { match event.token() { EXIT_TOKEN => { @@ -1234,6 +1317,8 @@ impl<'a> TunToProxy<'a> { self.send_to_smoltcp()?; self.clearup_expired_connection()?; self.clearup_expired_dns_over_tcp()?; + + log::trace!("connection count: {}", self.connection_map.len()); }; #[cfg(any(target_os = "windows", target_os = "linux", target_os = "macos"))] handle.join().unwrap(); diff --git a/tests/iperf/dante.conf b/tests/iperf/dante.conf index b723f5b..1970568 100644 --- a/tests/iperf/dante.conf +++ b/tests/iperf/dante.conf @@ -1,5 +1,5 @@ # logoutput: /var/log/socks.log -internal: 10.0.0.3 +internal: 10.0.0.3 port = 10800 external: 10.0.0.3 clientmethod: none socksmethod: none diff --git a/tests/iperf/test.sh b/tests/iperf/test.sh index 09fd0b4..6332152 100755 --- a/tests/iperf/test.sh +++ b/tests/iperf/test.sh @@ -1,6 +1,7 @@ #!/bin/bash # sudo apt install iperf3 dante-server +# sudo systemctl stop danted SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" echo $SCRIPT_DIR @@ -38,9 +39,12 @@ sleep 1 ip tuntap add name tun0 mode tun ip link set tun0 up ip route add 10.0.0.4 dev tun0 -"$tun2proxy" --proxy socks5://10.0.0.3:1080 & +"$tun2proxy" --proxy socks5://10.0.0.3:10800 & # Run iperf client through tun2proxy iperf3 -c 10.0.0.4 -iperf3 -c 10.0.0.4 -R +iperf3 -c 10.0.0.4 -R -P 10 + +# Clean up +# sudo sh -c "pkill tun2proxy; pkill iperf3; pkill danted; ip link del tun0; ip netns del test" From ebec547ccbee76b52e9cf90dd560378a4ec3b3dc Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Mon, 13 Nov 2023 12:57:29 +0800 Subject: [PATCH 157/401] Bump version 0.1.12 --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 0b5f4e5..8145f59 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -2,7 +2,7 @@ authors = ["B. Blechschmidt", "ssrlive"] edition = "2021" name = "tun2proxy" -version = "0.1.10" +version = "0.1.12" [lib] crate-type = ["cdylib", "lib"] From 97c4aa5137d0668c15dbbcf3909ec4d8304e6d9b Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Mon, 13 Nov 2023 20:30:24 +0800 Subject: [PATCH 158/401] rustfmt max_width = 140 --- rustfmt.toml | 2 +- src/http.rs | 10 +++------- src/lib.rs | 6 +----- src/setup.rs | 31 +++++-------------------------- src/socks.rs | 14 ++++---------- src/tun2proxy.rs | 38 +++++++++++++------------------------- src/wintuninterface.rs | 26 ++++++++------------------ 7 files changed, 35 insertions(+), 92 deletions(-) diff --git a/rustfmt.toml b/rustfmt.toml index 7530651..8449be0 100644 --- a/rustfmt.toml +++ b/rustfmt.toml @@ -1 +1 @@ -max_width = 120 +max_width = 140 diff --git a/src/http.rs b/src/http.rs index 52b1b1d..81b05c5 100644 --- a/src/http.rs +++ b/src/http.rs @@ -1,8 +1,8 @@ use crate::{ error::Error, tun2proxy::{ - ConnectionInfo, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, OutgoingDataEvent, - OutgoingDirection, ProxyHandler, + ConnectionInfo, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, OutgoingDataEvent, OutgoingDirection, + ProxyHandler, }, }; use base64::Engine; @@ -61,11 +61,7 @@ static TRANSFER_ENCODING: &str = "Transfer-Encoding"; static CONTENT_LENGTH: &str = "Content-Length"; impl HttpConnection { - fn new( - info: &ConnectionInfo, - credentials: Option, - digest_state: Rc>>, - ) -> Result { + fn new(info: &ConnectionInfo, credentials: Option, digest_state: Rc>>) -> Result { let mut res = Self { state: HttpState::ExpectResponseHeaders, client_inbuf: VecDeque::default(), diff --git a/src/lib.rs b/src/lib.rs index 285b5ed..ebbc32e 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -150,11 +150,7 @@ impl Options { } } -pub fn tun_to_proxy<'a>( - interface: &NetworkInterface, - proxy: &Proxy, - options: Options, -) -> Result, Error> { +pub fn tun_to_proxy<'a>(interface: &NetworkInterface, proxy: &Proxy, options: Options) -> Result, Error> { let mut ttp = TunToProxy::new(interface, options)?; let credentials = proxy.credentials.clone(); let server = proxy.addr; diff --git a/src/setup.rs b/src/setup.rs index 228653b..c3c69f1 100644 --- a/src/setup.rs +++ b/src/setup.rs @@ -62,12 +62,7 @@ where let command = cmdline.as_slice().join(" "); match String::from_utf8(output.stderr.clone()) { Ok(output) => Err(format!("[{}] Command `{}` failed: {}", nix::unistd::getpid(), command, output).into()), - Err(_) => Err(format!( - "Command `{:?}` failed with exit code {}", - command, - output.status.code().unwrap() - ) - .into()), + Err(_) => Err(format!("Command `{:?}` failed with exit code {}", command, output.status.code().unwrap()).into()), } } } @@ -103,11 +98,7 @@ impl Setup { ["ip", "-4", "route", "show"] }; - let routes = run_iproute( - route_show_args, - "failed to get routing table through the ip command", - true, - )?; + let routes = run_iproute(route_show_args, "failed to get routing table through the ip command", true)?; let mut route_info = Vec::<(IpCidr, Vec)>::new(); for line in routes.stdout.lines() { @@ -217,14 +208,7 @@ impl Setup { fn add_tunnel_routes(&self) -> Result<(), Error> { for route in &self.routes { run_iproute( - [ - "ip", - "route", - "add", - route.to_string().as_str(), - "dev", - self.tun.as_str(), - ], + ["ip", "route", "add", route.to_string().as_str(), "dev", self.tun.as_str()], "failed to add route", true, )?; @@ -238,9 +222,7 @@ impl Setup { let _ = Command::new("ip").args(["link", "del", self.tun.as_str()]).output(); for cidr in &self.delete_proxy_routes { - let _ = Command::new("ip") - .args(["route", "del", cidr.to_string().as_str()]) - .output(); + let _ = Command::new("ip").args(["route", "del", cidr.to_string().as_str()]).output(); } if self.unmount_resolvconf { @@ -297,10 +279,7 @@ impl Setup { loop { let res = fd.read_signal().unwrap().unwrap(); let signo = nix::sys::signal::Signal::try_from(res.ssi_signo as i32).unwrap(); - if signo == nix::sys::signal::SIGINT - || signo == nix::sys::signal::SIGTERM - || signo == nix::sys::signal::SIGQUIT - { + if signo == nix::sys::signal::SIGINT || signo == nix::sys::signal::SIGTERM || signo == nix::sys::signal::SIGQUIT { break; } } diff --git a/src/socks.rs b/src/socks.rs index 4ec8570..666eb11 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -1,8 +1,8 @@ use crate::{ error::{Error, Result}, tun2proxy::{ - ConnectionInfo, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, OutgoingDataEvent, - OutgoingDirection, ProxyHandler, + ConnectionInfo, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, OutgoingDataEvent, OutgoingDirection, + ProxyHandler, }, }; use socks5_impl::protocol::{self, handshake, password_method, Address, AuthMethod, StreamOperation, UserKey, Version}; @@ -34,12 +34,7 @@ struct SocksProxyImpl { } impl SocksProxyImpl { - fn new( - info: &ConnectionInfo, - credentials: Option, - version: Version, - command: protocol::Command, - ) -> Result { + fn new(info: &ConnectionInfo, credentials: Option, version: Version, command: protocol::Command) -> Result { let mut result = Self { info: info.clone(), state: SocksState::ServerHello, @@ -58,8 +53,7 @@ impl SocksProxyImpl { fn send_client_hello_socks4(&mut self) -> Result<(), Error> { let credentials = &self.credentials; - self.server_outbuf - .extend(&[self.version as u8, protocol::Command::Connect.into()]); + self.server_outbuf.extend(&[self.version as u8, protocol::Command::Connect.into()]); self.server_outbuf.extend(self.info.dst.port().to_be_bytes()); let mut ip_vec = Vec::::new(); let mut name_vec = Vec::::new(); diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index 121f298..fbad1bf 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -271,8 +271,7 @@ impl<'a> TunToProxy<'a> { let interests = Interest::READABLE | Interest::WRITABLE; #[cfg(target_family = "unix")] - poll.registry() - .register(&mut SourceFd(&tun.as_raw_fd()), TUN_TOKEN, interests)?; + poll.registry().register(&mut SourceFd(&tun.as_raw_fd()), TUN_TOKEN, interests)?; #[cfg(target_os = "windows")] { @@ -288,8 +287,7 @@ impl<'a> TunToProxy<'a> { poll.registry() .register(&mut exit_trigger, EXIT_TRIGGER_TOKEN, Interest::WRITABLE)?; - poll.registry() - .register(&mut exit_receiver, EXIT_TOKEN, Interest::READABLE)?; + poll.registry().register(&mut exit_receiver, EXIT_TOKEN, Interest::READABLE)?; let config = match tun.capabilities().medium { Medium::Ethernet => Config::new(smoltcp::wire::EthernetAddress([0x02, 0, 0, 0, 0, 0x01]).into()), @@ -585,15 +583,10 @@ impl<'a> TunToProxy<'a> { state.dns_over_tcp_expiry = Some(Self::common_udp_life_timeout()); let mut vecbuf = vec![]; - Self::read_data_from_tcp_stream( - &mut state.mio_stream, - IP_PACKAGE_MAX_SIZE, - &mut state.is_tcp_closed, - |data| { - vecbuf.extend_from_slice(data); - Ok(()) - }, - )?; + Self::read_data_from_tcp_stream(&mut state.mio_stream, IP_PACKAGE_MAX_SIZE, &mut state.is_tcp_closed, |data| { + vecbuf.extend_from_slice(data); + Ok(()) + })?; let data_event = IncomingDataEvent { direction: IncomingDirection::FromServer, @@ -1090,18 +1083,13 @@ impl<'a> TunToProxy<'a> { let mut vecbuf = vec![]; use std::io::{Error, ErrorKind}; - let r = Self::read_data_from_tcp_stream( - &mut state.mio_stream, - IP_PACKAGE_MAX_SIZE, - &mut state.is_tcp_closed, - |data| { - vecbuf.extend_from_slice(data); - if vecbuf.len() >= IP_PACKAGE_MAX_SIZE { - return Err(Error::new(ErrorKind::OutOfMemory, "IP_PACKAGE_MAX_SIZE exceeded")); - } - Ok(()) - }, - ); + let r = Self::read_data_from_tcp_stream(&mut state.mio_stream, IP_PACKAGE_MAX_SIZE, &mut state.is_tcp_closed, |data| { + vecbuf.extend_from_slice(data); + if vecbuf.len() >= IP_PACKAGE_MAX_SIZE { + return Err(Error::new(ErrorKind::OutOfMemory, "IP_PACKAGE_MAX_SIZE exceeded")); + } + Ok(()) + }); let len = vecbuf.len(); if let Err(error) = r { if error.kind() == ErrorKind::OutOfMemory { diff --git a/src/wintuninterface.rs b/src/wintuninterface.rs index 9706043..fe9abbe 100644 --- a/src/wintuninterface.rs +++ b/src/wintuninterface.rs @@ -22,8 +22,8 @@ use windows::{ NetworkManagement::{ IpHelper::{ GetAdaptersAddresses, SetInterfaceDnsSettings, DNS_INTERFACE_SETTINGS, DNS_INTERFACE_SETTINGS_VERSION1, - DNS_SETTING_NAMESERVER, GAA_FLAG_INCLUDE_GATEWAYS, GAA_FLAG_INCLUDE_PREFIX, IF_TYPE_ETHERNET_CSMACD, - IF_TYPE_IEEE80211, IP_ADAPTER_ADDRESSES_LH, + DNS_SETTING_NAMESERVER, GAA_FLAG_INCLUDE_GATEWAYS, GAA_FLAG_INCLUDE_PREFIX, IF_TYPE_ETHERNET_CSMACD, IF_TYPE_IEEE80211, + IP_ADAPTER_ADDRESSES_LH, }, Ndis::IfOperStatusUp, }, @@ -88,8 +88,9 @@ impl WinTunInterface { let guid = 324435345345345345_u128; let adapter = match wintun::Adapter::open(&wintun, tun_name) { Ok(a) => a, - Err(_) => wintun::Adapter::create(&wintun, tun_name, tun_name, Some(guid)) - .map_err(|e| io::Error::new(io::ErrorKind::Other, e))?, + Err(_) => { + wintun::Adapter::create(&wintun, tun_name, tun_name, Some(guid)).map_err(|e| io::Error::new(io::ErrorKind::Other, e))? + } }; let session = adapter @@ -376,12 +377,7 @@ impl phy::TxToken for TxToken { let mut buffer = vec![0; len]; let result = f(&mut buffer); - let buffer = self - .pipe_server_cache - .borrow_mut() - .drain(..) - .chain(buffer) - .collect::>(); + let buffer = self.pipe_server_cache.borrow_mut().drain(..).chain(buffer).collect::>(); if buffer.is_empty() { // log::trace!("Wintun TxToken (pipe_server) is empty"); return result; @@ -433,11 +429,7 @@ impl event::Source for NamedPipeSource { pub(crate) fn run_command(command: &str, args: &[&str]) -> io::Result<()> { let out = std::process::Command::new(command).args(args).output()?; if !out.status.success() { - let err = String::from_utf8_lossy(if out.stderr.is_empty() { - &out.stdout - } else { - &out.stderr - }); + let err = String::from_utf8_lossy(if out.stderr.is_empty() { &out.stdout } else { &out.stderr }); let info = format!("{} failed with: \"{}\"", command, err); return Err(std::io::Error::new(std::io::ErrorKind::Other, info)); } @@ -463,9 +455,7 @@ pub(crate) fn set_interface_dns_settings(interface: GUID, dns: &[IpAddr]) -> io: pub(crate) fn get_active_network_interface_gateways() -> io::Result> { let mut addrs = vec![]; get_adapters_addresses(|adapter| { - if adapter.OperStatus == IfOperStatusUp - && [IF_TYPE_ETHERNET_CSMACD, IF_TYPE_IEEE80211].contains(&adapter.IfType) - { + if adapter.OperStatus == IfOperStatusUp && [IF_TYPE_ETHERNET_CSMACD, IF_TYPE_IEEE80211].contains(&adapter.IfType) { let mut current_gateway = adapter.FirstGatewayAddress; while !current_gateway.is_null() { let gateway = unsafe { &*current_gateway }; From 2b3463c55c8b448dfbce77123263520d117a3dc0 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Sat, 18 Nov 2023 01:24:41 +0800 Subject: [PATCH 159/401] android issues --- .cargo/config.toml | 2 +- src/android.rs | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.cargo/config.toml b/.cargo/config.toml index 332ab99..cbfec78 100644 --- a/.cargo/config.toml +++ b/.cargo/config.toml @@ -2,4 +2,4 @@ protocol = "sparse" [build] -#target = ["x86_64-unknown-linux-gnu"] +# target = ["x86_64-unknown-linux-gnu", "aarch64-linux-android"] diff --git a/src/android.rs b/src/android.rs index b1b6ca2..41388c4 100644 --- a/src/android.rs +++ b/src/android.rs @@ -20,6 +20,7 @@ pub unsafe extern "C" fn Java_com_github_shadowsocks_bg_Tun2proxy_run( tun_fd: jint, tun_mtu: jint, verbose: jboolean, + dns_over_tcp: jboolean, ) -> jint { let log_level = if verbose != 0 { "trace" } else { "info" }; let filter_str = &format!("off,tun2proxy={log_level}"); @@ -39,7 +40,9 @@ pub unsafe extern "C" fn Java_com_github_shadowsocks_bg_Tun2proxy_run( let proxy_type = proxy.proxy_type; log::info!("Proxy {proxy_type} server: {addr}"); - let options = Options::new().with_virtual_dns().with_mtu(tun_mtu as usize); + let dns_addr = "8.8.8.8".parse::().unwrap(); + let options = Options::new().with_dns_addr(Some(dns_addr)).with_mtu(tun_mtu as usize); + let options = if dns_over_tcp != 0 { options.with_dns_over_tcp() } else { options }; let interface = NetworkInterface::Fd(tun_fd); let tun2proxy = tun_to_proxy(&interface, &proxy, options)?; From 0edd07479dccaae7335ea0fea2fc1e29bbc1108b Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Mon, 25 Dec 2023 23:10:13 +0800 Subject: [PATCH 160/401] upgrade dependencies --- Cargo.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 8145f59..2386a7a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -27,12 +27,12 @@ nix = { version = "0.27", features = [ "user", ] } prctl = "1.0" -smoltcp = { version = "0.10", features = ["std", "phy-tuntap_interface"] } +smoltcp = { version = "0.11", features = ["std", "phy-tuntap_interface"] } socks5-impl = { version = "0.5", default-features = false } thiserror = "1.0" trust-dns-proto = "0.23" unicase = "2.7" -url = "2.4" +url = "2.5" [target.'cfg(target_family="unix")'.dependencies] fork = "0.1" @@ -53,7 +53,7 @@ test-log = "0.2" [target.'cfg(target_os="windows")'.dependencies] rand = "0.8" -windows = { version = "0.51", features = [ +windows = { version = "0.52", features = [ "Win32_Storage_FileSystem", "Win32_NetworkManagement_IpHelper", "Win32_NetworkManagement_Ndis", From 61ed6d62c4b98a0959bc85618f0be6e45769483a Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Mon, 1 Jan 2024 14:40:50 +0800 Subject: [PATCH 161/401] clippy issues --- .github/workflows/format-build.yml | 4 ++++ src/dns.rs | 2 +- src/virtdns.rs | 6 +++--- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/format-build.yml b/.github/workflows/format-build.yml index 9469bf9..c45afe6 100644 --- a/.github/workflows/format-build.yml +++ b/.github/workflows/format-build.yml @@ -46,6 +46,10 @@ jobs: profile: minimal toolchain: stable override: true + - name: rustfmt + run: | + rustc --version + cargo fmt --all -- --check - run: rustup component add clippy - uses: actions-rs/cargo@v1 with: diff --git a/src/dns.rs b/src/dns.rs index 1d9ee61..2f95b22 100644 --- a/src/dns.rs +++ b/src/dns.rs @@ -88,7 +88,7 @@ pub fn extract_ipaddr_from_dns_message(message: &Message) -> Result Result { - let query = message.queries().get(0).ok_or("DnsRequest no query body")?; + let query = message.queries().first().ok_or("DnsRequest no query body")?; let name = query.name().to_string(); Ok(name) } diff --git a/src/virtdns.rs b/src/virtdns.rs index eaed24b..01f4363 100644 --- a/src/virtdns.rs +++ b/src/virtdns.rs @@ -5,7 +5,7 @@ use hashlink::{linked_hash_map::RawEntryMut, LruCache}; use smoltcp::wire::Ipv4Cidr; use std::{ collections::HashMap, - convert::{TryFrom, TryInto}, + convert::TryInto, net::{IpAddr, Ipv4Addr, Ipv6Addr}, str::FromStr, time::{Duration, Instant}, @@ -34,8 +34,8 @@ impl Default for VirtualDns { Self { next_addr: start_addr.into(), name_to_ip: HashMap::default(), - network_addr: IpAddr::try_from(cidr.network().address().into_address()).unwrap(), - broadcast_addr: IpAddr::try_from(cidr.broadcast().unwrap().into_address()).unwrap(), + network_addr: IpAddr::from(cidr.network().address().into_address()), + broadcast_addr: IpAddr::from(cidr.broadcast().unwrap().into_address()), lru_cache: LruCache::new_unbounded(), } } From 337619169e631e56eee829cdda74e75dec2e100e Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Fri, 12 Jan 2024 23:54:17 +0800 Subject: [PATCH 162/401] upgrade dependencies --- Cargo.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 2386a7a..5706b92 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -14,7 +14,7 @@ ctrlc2 = { version = "3.5", features = ["termination"] } digest_auth = "0.3" dotenvy = "0.15" env_logger = "0.10" -hashlink = "0.8" +hashlink = "0.9" httparse = "1.8" libc = "0.2" log = "0.4" @@ -48,7 +48,7 @@ reqwest = { version = "0.11", default-features = false, features = [ "json", "rustls-tls", ] } -serial_test = "2.0" +serial_test = "3.0" test-log = "0.2" [target.'cfg(target_os="windows")'.dependencies] @@ -60,7 +60,7 @@ windows = { version = "0.52", features = [ "Win32_Networking_WinSock", "Win32_Foundation", ] } -wintun = { git = "https://github.com/ssrlive/wintun.git", branch = "main" } +wintun = { version = "0.4", features = ["panic_on_unsent_packets"] } [build-dependencies] serde_json = "1.0" From 9c4fa4260a479b8c8affeed64b6f4c557819e653 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Thu, 1 Feb 2024 19:15:32 +0800 Subject: [PATCH 163/401] beginning async version (#84) --- .cargo/config.toml | 6 +- .github/workflows/format-build.yml | 77 -- .github/workflows/publish-docker.yml | 48 - .github/workflows/rust.yml | 26 + .github/workflows/tests.yml | 45 - .gitignore | 14 +- CHANGELOG.md | 12 - Cargo.toml | 65 +- Dockerfile | 20 - apple/readme.md | 21 + apple/tun2proxy.xcodeproj/project.pbxproj | 398 ++++++ apple/tun2proxy/Tun2proxyWrapper.h | 22 + apple/tun2proxy/Tun2proxyWrapper.m | 27 + apple/tun2proxy/tun2proxy.h | 18 + cbindgen.toml | 6 + scripts/dante.conf | 24 + scripts/iperf3.sh | 54 + scripts/linux.sh | 66 + scripts/rperf.sh | 83 ++ src/android.rs | 56 +- src/api.rs | 70 ++ src/args.rs | 198 +++ src/bin/main.rs | 83 ++ src/directions.rs | 28 + src/dns.rs | 45 +- src/dump_logger.rs | 71 ++ src/error.rs | 47 +- src/http.rs | 129 +- src/ios.rs | 41 + src/lib.rs | 587 ++++++--- src/main.rs | 156 --- src/proxy_handler.rs | 30 + src/session_info.rs | 53 + src/setup.rs | 337 ------ src/socks.rs | 161 +-- src/tun2proxy.rs | 1338 --------------------- src/util.rs | 22 - src/virtdevice.rs | 80 -- src/{virtdns.rs => virtual_dns.rs} | 47 +- src/wintuninterface.rs | 546 --------- tests/proxy.rs | 151 --- 41 files changed, 2022 insertions(+), 3286 deletions(-) delete mode 100644 .github/workflows/format-build.yml delete mode 100644 .github/workflows/publish-docker.yml create mode 100644 .github/workflows/rust.yml delete mode 100644 .github/workflows/tests.yml delete mode 100644 CHANGELOG.md delete mode 100644 Dockerfile create mode 100644 apple/readme.md create mode 100644 apple/tun2proxy.xcodeproj/project.pbxproj create mode 100644 apple/tun2proxy/Tun2proxyWrapper.h create mode 100644 apple/tun2proxy/Tun2proxyWrapper.m create mode 100644 apple/tun2proxy/tun2proxy.h create mode 100644 cbindgen.toml create mode 100644 scripts/dante.conf create mode 100755 scripts/iperf3.sh create mode 100755 scripts/linux.sh create mode 100755 scripts/rperf.sh create mode 100644 src/api.rs create mode 100644 src/args.rs create mode 100644 src/bin/main.rs create mode 100644 src/directions.rs create mode 100644 src/dump_logger.rs create mode 100644 src/ios.rs delete mode 100644 src/main.rs create mode 100644 src/proxy_handler.rs create mode 100644 src/session_info.rs delete mode 100644 src/setup.rs delete mode 100644 src/tun2proxy.rs delete mode 100644 src/util.rs delete mode 100644 src/virtdevice.rs rename src/{virtdns.rs => virtual_dns.rs} (72%) delete mode 100644 src/wintuninterface.rs delete mode 100644 tests/proxy.rs diff --git a/.cargo/config.toml b/.cargo/config.toml index cbfec78..df5b707 100644 --- a/.cargo/config.toml +++ b/.cargo/config.toml @@ -2,4 +2,8 @@ protocol = "sparse" [build] -# target = ["x86_64-unknown-linux-gnu", "aarch64-linux-android"] +# target = ["x86_64-unknown-linux-gnu"] +# target = ["aarch64-linux-android"] +# target = ["aarch64-apple-ios"] +# target = ["x86_64-pc-windows-msvc"] +# target = ["x86_64-apple-darwin"] diff --git a/.github/workflows/format-build.yml b/.github/workflows/format-build.yml deleted file mode 100644 index c45afe6..0000000 --- a/.github/workflows/format-build.yml +++ /dev/null @@ -1,77 +0,0 @@ -on: [push, pull_request] - -name: Build and Formatting Tests - -jobs: - check: - name: Check - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: stable - override: true - - uses: actions-rs/cargo@v1 - with: - command: check - - fmt: - name: Rustfmt - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: stable - override: true - - run: rustup component add rustfmt - - uses: actions-rs/cargo@v1 - with: - command: fmt - args: --all -- --check - - clippy: - name: Clippy - strategy: - matrix: - os: [ubuntu-latest, macos-latest, windows-latest] - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@v2 - - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: stable - override: true - - name: rustfmt - run: | - rustc --version - cargo fmt --all -- --check - - run: rustup component add clippy - - uses: actions-rs/cargo@v1 - with: - command: clippy - args: -- -D warnings - - name: Build - run: cargo build --verbose - - iperf: - name: Iperf - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: stable - override: true - - uses: actions-rs/cargo@v1 - with: - command: build - args: --release - - run: sudo apt-get install -y iperf3 dante-server - - run: sudo systemctl stop danted - - run: sudo tests/iperf/test.sh diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml deleted file mode 100644 index ca6ae54..0000000 --- a/.github/workflows/publish-docker.yml +++ /dev/null @@ -1,48 +0,0 @@ -# -name: Create and publish a Docker image - -# Configures this workflow to run every time a change is pushed to the branch called `release`. -on: - push: - tags: [ 'v*.*.*' ] - -# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds. -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} - -# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu. -jobs: - build-and-push-image: - runs-on: ubuntu-latest - # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. - permissions: - contents: read - packages: write - # - steps: - - name: Checkout repository - uses: actions/checkout@v4 - # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. - - name: Log in to the Container registry - uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. - # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. - # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. - - name: Build and push Docker image - uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 - with: - context: . - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml new file mode 100644 index 0000000..d66b58a --- /dev/null +++ b/.github/workflows/rust.yml @@ -0,0 +1,26 @@ +name: Push or PR + +on: + [push, pull_request] + +env: + CARGO_TERM_COLOR: always + +jobs: + build_n_test: + strategy: + matrix: + os: [ubuntu-latest, macos-latest, windows-latest] + + runs-on: ${{ matrix.os }} + + steps: + - uses: actions/checkout@v3 + - name: rustfmt + run: cargo fmt --all -- --check + - name: check + run: cargo check --verbose + - name: clippy + run: cargo clippy --all-targets --all-features -- -D warnings + - name: Build + run: cargo build --verbose --tests --all-features diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml deleted file mode 100644 index 3e00ff3..0000000 --- a/.github/workflows/tests.yml +++ /dev/null @@ -1,45 +0,0 @@ -on: - pull_request_review: - types: [submitted] - push: - workflow_dispatch: - pull_request_target: - types: [labeled] - -name: Integration Tests - -jobs: - proxy_tests: - name: Proxy Tests - runs-on: ubuntu-latest - if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'safe to test') - steps: - - uses: actions/checkout@v2 - - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: stable - override: true - - uses: actions-rs/cargo@v1 - with: - command: test - args: --no-run - - name: Populate .env - env: - DOTENV: ${{ secrets.DOTENV }} - run: echo "$DOTENV" > .env - - name: Set up runner SSH key - run: >- - set -o allexport && - source .env && - set +o allexport && - mkdir ~/.ssh && - echo "$TEST_SERVER_PRIVATE_SSH_KEY" > ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa - - name: Run tests - run: >- - set -o allexport && - source .env && - set +o allexport && - ssh -N -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -D 1080 "$TEST_SERVER_SSH_DST" & - while ! nc -z 127.0.0.1 1080; do sleep 1; done && - sudo -E /home/runner/.cargo/bin/cargo test diff --git a/.gitignore b/.gitignore index bc020c7..1706695 100644 --- a/.gitignore +++ b/.gitignore @@ -1,11 +1,9 @@ -examples/ +.env +project.xcworkspace/ +xcuserdata/ +.vscode/ +.VSCodeCounter/ build/ tmp/ -.* -*.secret -*.iml -!/.github -!/.cargo -/target Cargo.lock -manual-test.sh +target/ diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index fa6f162..0000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,12 +0,0 @@ -# Changelog for Tun2Proxy - -## 0.1.1 - -- Updated dependencies: - - `chrono`: v0.4, ready for next planned release ; - - `clap`: last version ; - - `mio`: v0.8 + rename renamed feature (os-util became os-ext) + some fixes due to removal of `TcpSocket` type ; - - `smoltcp`: set v0.8 but from crates.io, plus old reference could not work. -- Fixes: - - Removed typo from Cargo.toml ; - - Clippy. diff --git a/Cargo.toml b/Cargo.toml index 5706b92..fa9691f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,66 +1,43 @@ [package] -authors = ["B. Blechschmidt", "ssrlive"] -edition = "2021" name = "tun2proxy" -version = "0.1.12" +version = "0.2.0" +edition = "2021" +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [lib] -crate-type = ["cdylib", "lib"] +crate-type = ["staticlib", "cdylib", "lib"] [dependencies] +async-recursion = "1.0" +async-trait = "0.1" base64 = { version = "0.21" } -clap = { version = "4.4", features = ["derive"] } -ctrlc2 = { version = "3.5", features = ["termination"] } +chrono = "0.4" +clap = { version = "4.4", features = ["derive", "wrap_help", "color"] } +ctrlc2 = { version = "3.5", features = ["tokio", "termination"] } digest_auth = "0.3" dotenvy = "0.15" -env_logger = "0.10" +env_logger = "0.11" hashlink = "0.9" httparse = "1.8" -libc = "0.2" -log = "0.4" -mio = { version = "0.8", features = ["os-poll", "net", "os-ext"] } -nix = { version = "0.27", features = [ - "process", - "signal", - "fs", - "mount", - "user", -] } -prctl = "1.0" -smoltcp = { version = "0.11", features = ["std", "phy-tuntap_interface"] } -socks5-impl = { version = "0.5", default-features = false } +ipstack = { version = "0.0", features = ["log"] } +log = { version = "0.4", features = ["std"] } +socks5-impl = { version = "0.5" } thiserror = "1.0" +tokio = { version = "1.35", features = ["full"] } +tproxy-config = { version = "0.1", features = ["log"] } trust-dns-proto = "0.23" +tun2 = { version = "1.0", features = ["async"] } +udp-stream = { version = "0.0", default-features = false } unicase = "2.7" url = "2.5" -[target.'cfg(target_family="unix")'.dependencies] -fork = "0.1" - [target.'cfg(target_os="android")'.dependencies] android_logger = "0.13" jni = { version = "0.21", default-features = false } -[dev-dependencies] -ctor = "0.2" -reqwest = { version = "0.11", default-features = false, features = [ - "blocking", - "json", - "rustls-tls", -] } -serial_test = "3.0" -test-log = "0.2" - -[target.'cfg(target_os="windows")'.dependencies] -rand = "0.8" -windows = { version = "0.52", features = [ - "Win32_Storage_FileSystem", - "Win32_NetworkManagement_IpHelper", - "Win32_NetworkManagement_Ndis", - "Win32_Networking_WinSock", - "Win32_Foundation", -] } -wintun = { version = "0.4", features = ["panic_on_unsent_packets"] } - [build-dependencies] serde_json = "1.0" + +[[bin]] +name = "tun2proxy" +path = "src/bin/main.rs" diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 114ef12..0000000 --- a/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -#################################################################################################### -## Builder -#################################################################################################### -FROM rust:latest AS builder - -WORKDIR /worker -COPY ./ . -RUN cargo build --release --target x86_64-unknown-linux-gnu - - -#################################################################################################### -## Final image -#################################################################################################### -FROM ubuntu:latest - -RUN apt update && apt install -y iproute2 && apt clean all - -COPY --from=builder /worker/target/x86_64-unknown-linux-gnu/release/tun2proxy /usr/bin/tun2proxy - -ENTRYPOINT ["/usr/bin/tun2proxy", "--setup", "auto"] diff --git a/apple/readme.md b/apple/readme.md new file mode 100644 index 0000000..2baae5f --- /dev/null +++ b/apple/readme.md @@ -0,0 +1,21 @@ +Build iOS framework +---------------- + +# Install Rust build tools + +- Install Xcode Command Line Tools: `xcode-select --install` +- Install Rust programming language: `curl https://sh.rustup.rs -sSf | sh` +- Install iOS target support: `rustup target add aarch64-apple-ios aarch64-apple-ios-sim x86_64-apple-ios` +- Install cbindgen tool: `cargo install cbindgen` + +# Building iOS framework + +Due to an unknown reason at present, compiling Rust code inside Xcode fails, so you have to manually compile it. Please run the following command in zsh (or bash): +```bash +cd tun2proxy + +cargo build --release --target aarch64-apple-ios +cargo build --release --target x86_64-apple-ios +lipo -create target/aarch64-apple-ios/release/libtun2proxy.a target/x86_64-apple-ios/release/libtun2proxy.a -output target/libtun2proxy.a +cbindgen --config cbindgen.toml -l C -o target/tun2proxy-sys.h +``` diff --git a/apple/tun2proxy.xcodeproj/project.pbxproj b/apple/tun2proxy.xcodeproj/project.pbxproj new file mode 100644 index 0000000..6b8aa02 --- /dev/null +++ b/apple/tun2proxy.xcodeproj/project.pbxproj @@ -0,0 +1,398 @@ +// !$*UTF8*$! +{ + archiveVersion = 1; + classes = { + }; + objectVersion = 55; + objects = { + +/* Begin PBXBuildFile section */ + B648A35929F43D110045B334 /* Tun2proxyWrapper.m in Sources */ = {isa = PBXBuildFile; fileRef = B648A35829F43D110045B334 /* Tun2proxyWrapper.m */; }; + B648A35B29F43DDB0045B334 /* Tun2proxyWrapper.h in Headers */ = {isa = PBXBuildFile; fileRef = B648A35A29F43DDB0045B334 /* Tun2proxyWrapper.h */; settings = {ATTRIBUTES = (Public, ); }; }; + B692ACC929F7EA4C006BF04D /* libtun2proxy.a in Frameworks */ = {isa = PBXBuildFile; fileRef = B692ACC829F7EA4C006BF04D /* libtun2proxy.a */; }; + B6DE654429F4255A00468184 /* tun2proxy.h in Headers */ = {isa = PBXBuildFile; fileRef = B6DE654329F4255A00468184 /* tun2proxy.h */; settings = {ATTRIBUTES = (Public, ); }; }; +/* End PBXBuildFile section */ + +/* Begin PBXFileReference section */ + B648A35829F43D110045B334 /* Tun2proxyWrapper.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = Tun2proxyWrapper.m; sourceTree = ""; }; + B648A35A29F43DDB0045B334 /* Tun2proxyWrapper.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = Tun2proxyWrapper.h; sourceTree = ""; }; + B692ACC829F7EA4C006BF04D /* libtun2proxy.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libtun2proxy.a; path = ../target/libtun2proxy.a; sourceTree = ""; }; + B6DE654029F4255A00468184 /* tun2proxy.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = tun2proxy.framework; sourceTree = BUILT_PRODUCTS_DIR; }; + B6DE654329F4255A00468184 /* tun2proxy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = tun2proxy.h; sourceTree = ""; }; +/* End PBXFileReference section */ + +/* Begin PBXFrameworksBuildPhase section */ + B6DE653D29F4255A00468184 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + B692ACC929F7EA4C006BF04D /* libtun2proxy.a in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXFrameworksBuildPhase section */ + +/* Begin PBXGroup section */ + B692ACC729F7EA4C006BF04D /* Frameworks */ = { + isa = PBXGroup; + children = ( + B692ACC829F7EA4C006BF04D /* libtun2proxy.a */, + ); + name = Frameworks; + sourceTree = ""; + }; + B6DE653629F4255A00468184 = { + isa = PBXGroup; + children = ( + B6DE654229F4255A00468184 /* tun2proxy */, + B6DE654129F4255A00468184 /* Products */, + B692ACC729F7EA4C006BF04D /* Frameworks */, + ); + sourceTree = ""; + }; + B6DE654129F4255A00468184 /* Products */ = { + isa = PBXGroup; + children = ( + B6DE654029F4255A00468184 /* tun2proxy.framework */, + ); + name = Products; + sourceTree = ""; + }; + B6DE654229F4255A00468184 /* tun2proxy */ = { + isa = PBXGroup; + children = ( + B6DE654329F4255A00468184 /* tun2proxy.h */, + B648A35829F43D110045B334 /* Tun2proxyWrapper.m */, + B648A35A29F43DDB0045B334 /* Tun2proxyWrapper.h */, + ); + path = tun2proxy; + sourceTree = ""; + }; +/* End PBXGroup section */ + +/* Begin PBXHeadersBuildPhase section */ + B6DE653B29F4255A00468184 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + B648A35B29F43DDB0045B334 /* Tun2proxyWrapper.h in Headers */, + B6DE654429F4255A00468184 /* tun2proxy.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXHeadersBuildPhase section */ + +/* Begin PBXNativeTarget section */ + B6DE653F29F4255A00468184 /* tun2proxy */ = { + isa = PBXNativeTarget; + buildConfigurationList = B6DE654729F4255A00468184 /* Build configuration list for PBXNativeTarget "tun2proxy" */; + buildPhases = ( + B692ACB329F7E203006BF04D /* Run Script */, + B6DE653B29F4255A00468184 /* Headers */, + B6DE653C29F4255A00468184 /* Sources */, + B6DE653D29F4255A00468184 /* Frameworks */, + B6DE653E29F4255A00468184 /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = tun2proxy; + productName = tun2proxy; + productReference = B6DE654029F4255A00468184 /* tun2proxy.framework */; + productType = "com.apple.product-type.framework"; + }; +/* End PBXNativeTarget section */ + +/* Begin PBXProject section */ + B6DE653729F4255A00468184 /* Project object */ = { + isa = PBXProject; + attributes = { + BuildIndependentTargetsInParallel = 1; + LastUpgradeCheck = 1430; + TargetAttributes = { + B6DE653F29F4255A00468184 = { + CreatedOnToolsVersion = 13.2.1; + }; + }; + }; + buildConfigurationList = B6DE653A29F4255A00468184 /* Build configuration list for PBXProject "tun2proxy" */; + compatibilityVersion = "Xcode 13.0"; + developmentRegion = en; + hasScannedForEncodings = 0; + knownRegions = ( + en, + Base, + ); + mainGroup = B6DE653629F4255A00468184; + productRefGroup = B6DE654129F4255A00468184 /* Products */; + projectDirPath = ""; + projectRoot = ""; + targets = ( + B6DE653F29F4255A00468184 /* tun2proxy */, + ); + }; +/* End PBXProject section */ + +/* Begin PBXResourcesBuildPhase section */ + B6DE653E29F4255A00468184 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXResourcesBuildPhase section */ + +/* Begin PBXShellScriptBuildPhase section */ + B692ACB329F7E203006BF04D /* Run Script */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputFileListPaths = ( + ); + inputPaths = ( + ); + name = "Run Script"; + outputFileListPaths = ( + ); + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/bash; + shellScript = "set -e\nPATH=\"$PATH:${HOME}/.cargo/bin\"\nRUST_PROJ=${PROJECT_DIR}/..\ncd \"${RUST_PROJ}\"\ncargo build --release --target aarch64-apple-ios\ncargo build --release --target x86_64-apple-ios\nlipo -create target/aarch64-apple-ios/release/libtun2proxy.a target/x86_64-apple-ios/release/libtun2proxy.a -output target/libtun2proxy.a\ncbindgen --config cbindgen.toml -l C -o target/tun2proxy-sys.h\n"; + }; +/* End PBXShellScriptBuildPhase section */ + +/* Begin PBXSourcesBuildPhase section */ + B6DE653C29F4255A00468184 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + B648A35929F43D110045B334 /* Tun2proxyWrapper.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXSourcesBuildPhase section */ + +/* Begin XCBuildConfiguration section */ + B6DE654529F4255A00468184 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++17"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + CURRENT_PROJECT_VERSION = 1; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + IPHONEOS_DEPLOYMENT_TARGET = 11.0; + MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; + MTL_FAST_MATH = YES; + ONLY_ACTIVE_ARCH = YES; + SDKROOT = iphoneos; + VERSIONING_SYSTEM = "apple-generic"; + VERSION_INFO_PREFIX = ""; + }; + name = Debug; + }; + B6DE654629F4255A00468184 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++17"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + CURRENT_PROJECT_VERSION = 1; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + IPHONEOS_DEPLOYMENT_TARGET = 11.0; + MTL_ENABLE_DEBUG_INFO = NO; + MTL_FAST_MATH = YES; + SDKROOT = iphoneos; + VALIDATE_PRODUCT = YES; + VERSIONING_SYSTEM = "apple-generic"; + VERSION_INFO_PREFIX = ""; + }; + name = Release; + }; + B6DE654829F4255A00468184 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CODE_SIGN_IDENTITY = ""; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + DEFINES_MODULE = YES; + DEVELOPMENT_TEAM = ""; + DYLIB_COMPATIBILITY_VERSION = 1; + DYLIB_CURRENT_VERSION = 1; + DYLIB_INSTALL_NAME_BASE = "@rpath"; + ENABLE_BITCODE = NO; + ENABLE_MODULE_VERIFIER = YES; + GENERATE_INFOPLIST_FILE = YES; + HEADER_SEARCH_PATHS = ""; + INFOPLIST_KEY_NSHumanReadableCopyright = ""; + INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Frameworks"; + LD_RUNPATH_SEARCH_PATHS = ( + "$(inherited)", + "@executable_path/Frameworks", + "@loader_path/Frameworks", + ); + LIBRARY_SEARCH_PATHS = ( + ../target, + "$(PROJECT_DIR)/../target", + ); + MARKETING_VERSION = 1.0; + MODULE_VERIFIER_SUPPORTED_LANGUAGES = "objective-c objective-c++"; + MODULE_VERIFIER_SUPPORTED_LANGUAGE_STANDARDS = "gnu11 gnu++17"; + PRODUCT_BUNDLE_IDENTIFIER = com.ssrlive.tun2proxy; + PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)"; + SKIP_INSTALL = YES; + SWIFT_EMIT_LOC_STRINGS = YES; + TARGETED_DEVICE_FAMILY = "1,2"; + USER_HEADER_SEARCH_PATHS = ../target; + }; + name = Debug; + }; + B6DE654929F4255A00468184 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CODE_SIGN_IDENTITY = ""; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + DEFINES_MODULE = YES; + DEVELOPMENT_TEAM = ""; + DYLIB_COMPATIBILITY_VERSION = 1; + DYLIB_CURRENT_VERSION = 1; + DYLIB_INSTALL_NAME_BASE = "@rpath"; + ENABLE_BITCODE = NO; + ENABLE_MODULE_VERIFIER = YES; + GENERATE_INFOPLIST_FILE = YES; + HEADER_SEARCH_PATHS = ""; + INFOPLIST_KEY_NSHumanReadableCopyright = ""; + INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Frameworks"; + LD_RUNPATH_SEARCH_PATHS = ( + "$(inherited)", + "@executable_path/Frameworks", + "@loader_path/Frameworks", + ); + LIBRARY_SEARCH_PATHS = ( + ../target, + "$(PROJECT_DIR)/../target", + ); + MARKETING_VERSION = 1.0; + MODULE_VERIFIER_SUPPORTED_LANGUAGES = "objective-c objective-c++"; + MODULE_VERIFIER_SUPPORTED_LANGUAGE_STANDARDS = "gnu11 gnu++17"; + PRODUCT_BUNDLE_IDENTIFIER = com.ssrlive.tun2proxy; + PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)"; + SKIP_INSTALL = YES; + SWIFT_EMIT_LOC_STRINGS = YES; + TARGETED_DEVICE_FAMILY = "1,2"; + USER_HEADER_SEARCH_PATHS = ../target; + }; + name = Release; + }; +/* End XCBuildConfiguration section */ + +/* Begin XCConfigurationList section */ + B6DE653A29F4255A00468184 /* Build configuration list for PBXProject "tun2proxy" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + B6DE654529F4255A00468184 /* Debug */, + B6DE654629F4255A00468184 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + B6DE654729F4255A00468184 /* Build configuration list for PBXNativeTarget "tun2proxy" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + B6DE654829F4255A00468184 /* Debug */, + B6DE654929F4255A00468184 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; +/* End XCConfigurationList section */ + }; + rootObject = B6DE653729F4255A00468184 /* Project object */; +} diff --git a/apple/tun2proxy/Tun2proxyWrapper.h b/apple/tun2proxy/Tun2proxyWrapper.h new file mode 100644 index 0000000..70badfd --- /dev/null +++ b/apple/tun2proxy/Tun2proxyWrapper.h @@ -0,0 +1,22 @@ +// +// Tun2proxyWrapper.h +// tun2proxy +// +// Created by ssrlive on 2023/4/23. +// + +#ifndef Tun2proxyWrapper_h +#define Tun2proxyWrapper_h + +@interface Tun2proxyWrapper : NSObject + ++ (void)startWithConfig:(NSString *)proxy_url + tun_fd:(int)tun_fd + tun_mtu:(uint32_t)tun_mtu + dns_over_tcp:(bool)dns_over_tcp + verbose:(bool)verbose; ++ (void) shutdown; + +@end + +#endif /* Tun2proxyWrapper_h */ diff --git a/apple/tun2proxy/Tun2proxyWrapper.m b/apple/tun2proxy/Tun2proxyWrapper.m new file mode 100644 index 0000000..47b264b --- /dev/null +++ b/apple/tun2proxy/Tun2proxyWrapper.m @@ -0,0 +1,27 @@ +// +// Tun2proxyWrapper.m +// tun2proxy +// +// Created by ssrlive on 2023/4/23. +// + +#import + +#import "Tun2proxyWrapper.h" +#include "tun2proxy-sys.h" + +@implementation Tun2proxyWrapper + ++ (void)startWithConfig:(NSString *)proxy_url + tun_fd:(int)tun_fd + tun_mtu:(uint32_t)tun_mtu + dns_over_tcp:(bool)dns_over_tcp + verbose:(bool)verbose { + tun2proxy_run(proxy_url.UTF8String, tun_fd, tun_mtu, dns_over_tcp, verbose); +} + ++ (void)shutdown { + tun2proxy_stop(); +} + +@end diff --git a/apple/tun2proxy/tun2proxy.h b/apple/tun2proxy/tun2proxy.h new file mode 100644 index 0000000..d62e035 --- /dev/null +++ b/apple/tun2proxy/tun2proxy.h @@ -0,0 +1,18 @@ +// +// tun2proxy.h +// tun2proxy +// +// Created by tun2proxy on 2023/4/22. +// + +#import + +//! Project version number for tun2proxy. +FOUNDATION_EXPORT double tun2proxyVersionNumber; + +//! Project version string for tun2proxy. +FOUNDATION_EXPORT const unsigned char tun2proxyVersionString[]; + +// In this header, you should import all the public headers of your framework using statements like #import + +#import diff --git a/cbindgen.toml b/cbindgen.toml new file mode 100644 index 0000000..45a8d42 --- /dev/null +++ b/cbindgen.toml @@ -0,0 +1,6 @@ +[export] +include = ["tun2proxy_run", "tun2proxy_stop", "tun2proxy_set_log_callback"] +exclude = [ + "Java_com_github_shadowsocks_bg_Tun2proxy_run", + "Java_com_github_shadowsocks_bg_Tun2proxy_stop", +] diff --git a/scripts/dante.conf b/scripts/dante.conf new file mode 100644 index 0000000..dc91ad2 --- /dev/null +++ b/scripts/dante.conf @@ -0,0 +1,24 @@ +# logoutput: /var/log/socks.log +internal: 10.0.0.3 port = 10800 +external: 10.0.0.3 +clientmethod: none +socksmethod: none +user.privileged: root +user.notprivileged: nobody + +client pass { + from: 0/0 to: 0/0 + log: error connect disconnect +} + +socks pass { + from: 0/0 to: 0/0 + command: bind connect udpassociate + log: error connect disconnect + socksmethod: none +} + +socks pass { + from: 0.0.0.0/0 to: 0.0.0.0/0 + command: bindreply udpreply +} diff --git a/scripts/iperf3.sh b/scripts/iperf3.sh new file mode 100755 index 0000000..f491072 --- /dev/null +++ b/scripts/iperf3.sh @@ -0,0 +1,54 @@ +#!/bin/bash + +# sudo apt install iperf3 dante-server +# sudo systemctl stop danted + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +echo $SCRIPT_DIR + +netns="test" +dante="danted" +tun2proxy="${SCRIPT_DIR}/../target/release/tun2proxy" + +ip netns add "$netns" + +ip link add veth0 type veth peer name veth0 netns "$netns" + +# Configure veth0 in default ns +ip addr add 10.0.0.2/24 dev veth0 +ip link set dev veth0 up + +# Configure veth0 in child ns +ip netns exec "$netns" ip addr add 10.0.0.3/24 dev veth0 +ip netns exec "$netns" ip addr add 10.0.0.4/24 dev veth0 +ip netns exec "$netns" ip link set dev veth0 up + +# Configure lo interface in child ns +ip netns exec "$netns" ip addr add 127.0.0.1/8 dev lo +ip netns exec "$netns" ip link set dev lo up + +echo "Starting Dante in background ..." +ip netns exec "$netns" "$dante" -f ${SCRIPT_DIR}/dante.conf & + +# Start iperf3 server in netns +ip netns exec "$netns" iperf3 -s -B 10.0.0.4 & + +sleep 1 + +# Prepare tun2proxy +ip tuntap add name tun0 mode tun +ip link set tun0 up +ip route add 10.0.0.4 dev tun0 +"$tun2proxy" --proxy socks5://10.0.0.3:10800 -v off & + +sleep 3 + +# Run iperf client through tun2proxy +iperf3 -c 10.0.0.4 -P 10 -R + +sleep 3 + +iperf3 -c 10.0.0.4 -P 10 + +# Clean up +# sudo sh -c "pkill tun2proxy; pkill iperf3; pkill danted; ip link del tun0; ip netns del test" diff --git a/scripts/linux.sh b/scripts/linux.sh new file mode 100755 index 0000000..dc1d805 --- /dev/null +++ b/scripts/linux.sh @@ -0,0 +1,66 @@ +#! /usr/bin/bash -x + +# Please set the following parameters according to your environment +# BYPASS_IP=123.45.67.89 +PROXY_IP=127.0.0.1 +PROXY_PORT=1080 +PROXY_TYPE=SOCKS5 + +function core_function() { + local is_envonly="${1}" + local bypass_ip="${2}" + + sudo ip tuntap add name tun0 mode tun + sudo ip link set tun0 up + + sudo ip route add "${bypass_ip}" $(ip route | grep '^default' | cut -d ' ' -f 2-) + + sudo ip route add 128.0.0.0/1 dev tun0 + sudo ip route add 0.0.0.0/1 dev tun0 + + sudo ip route add ::/1 dev tun0 + sudo ip route add 8000::/1 dev tun0 + + sudo sh -c "echo nameserver 198.18.0.1 > /etc/resolv.conf" + + if [ "$is_envonly" = true ]; then + read -n 1 -s -r -p "Don't do anything. If you want to exit and clearup environment, press any key..." + echo "" + restore + else + trap 'echo "" && echo "tun2proxy exited with code: $?" && restore' EXIT + local SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + local APP_BIN_PATH="${SCRIPT_DIR}/../target/release/tun2proxy" + "${APP_BIN_PATH}" --tun tun0 --proxy "${PROXY_TYPE}://${PROXY_IP}:${PROXY_PORT}" -v trace + fi +} + +function restore() { + sudo ip link del tun0 + sudo systemctl restart systemd-resolved.service +} + +function main() { + local action=${1} + # [ -z ${1} ] && action="envonly" + + local bypass_ip=${2} + # [ -z ${2} ] && bypass_ip="123.45.67.89" + + case "${action}" in + envonly) + core_function true "${bypass_ip}" + ;; + tun2proxy) + core_function false "${bypass_ip}" + ;; + *) + echo "Arguments error! [${action}]" + echo "Usage: `basename $0` [envonly|tun2proxy] [bypass_ip]" + ;; + esac + + exit 0 +} + +main "$@" diff --git a/scripts/rperf.sh b/scripts/rperf.sh new file mode 100755 index 0000000..1f06986 --- /dev/null +++ b/scripts/rperf.sh @@ -0,0 +1,83 @@ +#!/bin/bash + +function install_rperf_bin() { + local rperf_bin_url="https://github.com/ssrlive/rperf/releases/latest/download/rperf-x86_64-unknown-linux-musl.zip" + local rperf_bin_zip_file="rperf-x86_64-unknown-linux-musl.zip" + + command -v rperf > /dev/null + if [ $? -ne 0 ]; then + echo "Downloading rperf binary ..." + wget "$rperf_bin_url" >/dev/null 2>&1 + unzip "$rperf_bin_zip_file" rperf -d /usr/local/bin/ >/dev/null 2>&1 + rm "$rperf_bin_zip_file" + fi + + rperf -h >/dev/null 2>&1 + if [ $? -ne 0 ]; then + echo "Failed to install rperf binary" + exit 1 + fi +} + +install_rperf_bin + +sudo apt install dante-server -y >/dev/null 2>&1 +sudo systemctl stop danted + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +# echo $SCRIPT_DIR + +netns="test" +dante="danted" +tun2proxy="${SCRIPT_DIR}/../target/release/tun2proxy" + +ip netns add "$netns" + +ip link add veth0 type veth peer name veth0 netns "$netns" + +# Configure veth0 in default ns +ip addr add 10.0.0.2/24 dev veth0 +ip link set dev veth0 up + +# Configure veth0 in child ns +ip netns exec "$netns" ip addr add 10.0.0.3/24 dev veth0 +ip netns exec "$netns" ip addr add 10.0.0.4/24 dev veth0 +ip netns exec "$netns" ip link set dev veth0 up + +# Configure lo interface in child ns +ip netns exec "$netns" ip addr add 127.0.0.1/8 dev lo +ip netns exec "$netns" ip link set dev lo up + +echo "Starting Dante in background ..." +ip netns exec "$netns" "$dante" -f ${SCRIPT_DIR}/dante.conf & + +# Start rperf server in netns +ip netns exec "$netns" rperf -s -B 10.0.0.4 & + +sleep 1 + +# Prepare tun2proxy +ip tuntap add name tun0 mode tun +ip link set tun0 up +ip route add 10.0.0.4 dev tun0 +"$tun2proxy" --proxy socks5://10.0.0.3:10800 -v off & + +sleep 3 + +# Run rperf client through tun2proxy +rperf -c 10.0.0.4 -v off -P 1 -r + +sleep 3 + +rperf -c 10.0.0.4 -v off -P 1 + +sleep 3 + +rperf -c 10.0.0.4 -v off -P 1 -u + +sleep 3 + +rperf -c 10.0.0.4 -v trace -P 1 -u -r + +# Clean up +# sudo sh -c "pkill tun2proxy; pkill rperf; pkill danted; ip link del tun0; ip netns del test" diff --git a/src/android.rs b/src/android.rs index 41388c4..cf86fd4 100644 --- a/src/android.rs +++ b/src/android.rs @@ -1,14 +1,16 @@ #![cfg(target_os = "android")] -use crate::{error::Error, tun2proxy::TunToProxy, tun_to_proxy, NetworkInterface, Options, Proxy}; +use crate::{ + args::{ArgDns, ArgProxy}, + error::{Error, Result}, + ArgVerbosity, Args, +}; use jni::{ objects::{JClass, JString}, sys::{jboolean, jint}, JNIEnv, }; -static mut TUN_TO_PROXY: Option = None; - /// # Safety /// /// Running tun2proxy @@ -22,8 +24,9 @@ pub unsafe extern "C" fn Java_com_github_shadowsocks_bg_Tun2proxy_run( verbose: jboolean, dns_over_tcp: jboolean, ) -> jint { - let log_level = if verbose != 0 { "trace" } else { "info" }; - let filter_str = &format!("off,tun2proxy={log_level}"); + let dns = if dns_over_tcp != 0 { ArgDns::OverTcp } else { ArgDns::Direct }; + let verbosity = if verbose != 0 { ArgVerbosity::Trace } else { ArgVerbosity::Info }; + let filter_str = &format!("off,tun2proxy={verbosity}"); let filter = android_logger::FilterBuilder::new().parse(filter_str).build(); android_logger::init_once( android_logger::Config::default() @@ -31,31 +34,11 @@ pub unsafe extern "C" fn Java_com_github_shadowsocks_bg_Tun2proxy_run( .with_max_level(log::LevelFilter::Trace) .with_filter(filter), ); + let proxy_url = get_java_string(&mut env, &proxy_url).unwrap(); + let proxy = ArgProxy::from_url(proxy_url).unwrap(); - let mut block = || -> Result<(), Error> { - let proxy_url = get_java_string(&mut env, &proxy_url)?; - let proxy = Proxy::from_url(proxy_url)?; - - let addr = proxy.addr; - let proxy_type = proxy.proxy_type; - log::info!("Proxy {proxy_type} server: {addr}"); - - let dns_addr = "8.8.8.8".parse::().unwrap(); - let options = Options::new().with_dns_addr(Some(dns_addr)).with_mtu(tun_mtu as usize); - let options = if dns_over_tcp != 0 { options.with_dns_over_tcp() } else { options }; - - let interface = NetworkInterface::Fd(tun_fd); - let tun2proxy = tun_to_proxy(&interface, &proxy, options)?; - TUN_TO_PROXY = Some(tun2proxy); - if let Some(tun2proxy) = &mut TUN_TO_PROXY { - tun2proxy.run()?; - } - Ok::<(), Error>(()) - }; - if let Err(error) = block() { - log::error!("failed to run tun2proxy with error: {:?}", error); - } - 0 + let args = Args::new(Some(tun_fd), proxy, dns, verbosity); + crate::api::tun2proxy_internal_run(args, tun_mtu as _) } /// # Safety @@ -63,20 +46,7 @@ pub unsafe extern "C" fn Java_com_github_shadowsocks_bg_Tun2proxy_run( /// Shutdown tun2proxy #[no_mangle] pub unsafe extern "C" fn Java_com_github_shadowsocks_bg_Tun2proxy_stop(_env: JNIEnv, _: JClass) -> jint { - match &mut TUN_TO_PROXY { - None => { - log::error!("tun2proxy not started"); - 1 - } - Some(tun2proxy) => { - if let Err(e) = tun2proxy.shutdown() { - log::error!("failed to shutdown tun2proxy with error: {:?}", e); - 1 - } else { - 0 - } - } - } + crate::api::tun2proxy_internal_stop() } unsafe fn get_java_string<'a>(env: &'a mut JNIEnv, string: &'a JString) -> Result<&'a str, Error> { diff --git a/src/api.rs b/src/api.rs new file mode 100644 index 0000000..4f7d3cf --- /dev/null +++ b/src/api.rs @@ -0,0 +1,70 @@ +#![cfg(any(target_os = "ios", target_os = "android"))] + +use crate::{Args, Builder, Quit}; +use std::{os::raw::c_int, sync::Arc}; + +static mut TUN_QUIT: Option> = None; + +pub(crate) fn tun2proxy_internal_run(args: Args, tun_mtu: usize) -> c_int { + if unsafe { TUN_QUIT.is_some() } { + log::error!("tun2proxy already started"); + return -1; + } + + let block = async move { + log::info!("Proxy {} server: {}", args.proxy.proxy_type, args.proxy.addr); + + let mut config = tun2::Configuration::default(); + config.raw_fd(args.tun_fd.ok_or(crate::Error::from("tun_fd"))?); + + let device = tun2::create_as_async(&config).map_err(std::io::Error::from)?; + + #[cfg(target_os = "android")] + let tun2proxy = Builder::new(device, args).mtu(tun_mtu).build(); + #[cfg(target_os = "ios")] + let tun2proxy = Builder::new(device, args).mtu(tun_mtu).build(); + let (join_handle, quit) = tun2proxy.start(); + + unsafe { TUN_QUIT = Some(Arc::new(quit)) }; + + join_handle.await + }; + + match tokio::runtime::Builder::new_multi_thread().enable_all().build() { + Err(_err) => { + log::error!("failed to create tokio runtime with error: {:?}", _err); + -1 + } + Ok(rt) => match rt.block_on(block) { + Ok(_) => 0, + Err(_err) => { + log::error!("failed to run tun2proxy with error: {:?}", _err); + -2 + } + }, + } +} + +pub(crate) fn tun2proxy_internal_stop() -> c_int { + let res = match unsafe { &TUN_QUIT } { + None => { + log::error!("tun2proxy not started"); + -1 + } + Some(tun_quit) => match tokio::runtime::Builder::new_multi_thread().enable_all().build() { + Err(_err) => { + log::error!("failed to create tokio runtime with error: {:?}", _err); + -2 + } + Ok(rt) => match rt.block_on(async move { tun_quit.trigger().await }) { + Ok(_) => 0, + Err(_err) => { + log::error!("failed to stop tun2proxy with error: {:?}", _err); + -3 + } + }, + }, + }; + unsafe { TUN_QUIT = None }; + res +} diff --git a/src/args.rs b/src/args.rs new file mode 100644 index 0000000..f112482 --- /dev/null +++ b/src/args.rs @@ -0,0 +1,198 @@ +use crate::{Error, Result}; +use socks5_impl::protocol::UserKey; +use std::net::{IpAddr, SocketAddr, ToSocketAddrs}; +use tproxy_config::TUN_NAME; + +#[derive(Debug, Clone, clap::Parser)] +#[command(author, version, about = "tun2proxy application.", long_about = None)] +pub struct Args { + /// Proxy URL in the form proto://[username[:password]@]host:port, + /// where proto is one of socks4, socks5, http. For example: + /// socks5://myname:password@127.0.0.1:1080 + #[arg(short, long, value_parser = ArgProxy::from_url, value_name = "URL")] + pub proxy: ArgProxy, + + /// Name of the tun interface + #[arg(short, long, value_name = "name", conflicts_with = "tun_fd", default_value = TUN_NAME)] + pub tun: String, + + /// File descriptor of the tun interface + #[arg(long, value_name = "fd", conflicts_with = "tun")] + pub tun_fd: Option, + + /// IPv6 enabled + #[arg(short = '6', long)] + pub ipv6_enabled: bool, + + #[cfg(target_os = "linux")] + #[arg(short, long)] + /// Routing and system setup, which decides whether to setup the routing and system configuration, + /// this option requires root privileges + pub setup: bool, + + /// DNS handling strategy + #[arg(short, long, value_name = "strategy", value_enum, default_value = "direct")] + pub dns: ArgDns, + + /// DNS resolver address + #[arg(long, value_name = "IP", default_value = "8.8.8.8")] + pub dns_addr: IpAddr, + + /// IPs used in routing setup which should bypass the tunnel + #[arg(short, long, value_name = "IP")] + pub bypass: Vec, + + /// Verbosity level + #[arg(short, long, value_name = "level", value_enum, default_value = "info")] + pub verbosity: ArgVerbosity, +} + +impl Default for Args { + fn default() -> Self { + Args { + proxy: ArgProxy::default(), + tun: TUN_NAME.to_string(), + tun_fd: None, + ipv6_enabled: false, + #[cfg(target_os = "linux")] + setup: false, + dns: ArgDns::default(), + dns_addr: "8.8.8.8".parse().unwrap(), + bypass: vec![], + verbosity: ArgVerbosity::Info, + } + } +} + +impl Args { + pub fn parse_args() -> Self { + use clap::Parser; + Self::parse() + } + + pub fn new(tun_fd: Option, proxy: ArgProxy, dns: ArgDns, verbosity: ArgVerbosity) -> Self { + Args { + proxy, + tun_fd, + dns, + verbosity, + ..Args::default() + } + } +} + +#[derive(Default, Debug, Copy, Clone, PartialEq, Eq, PartialOrd, Ord, clap::ValueEnum)] +pub enum ArgVerbosity { + Off, + Error, + Warn, + #[default] + Info, + Debug, + Trace, +} + +impl std::fmt::Display for ArgVerbosity { + fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result { + match self { + ArgVerbosity::Off => write!(f, "off"), + ArgVerbosity::Error => write!(f, "error"), + ArgVerbosity::Warn => write!(f, "warn"), + ArgVerbosity::Info => write!(f, "info"), + ArgVerbosity::Debug => write!(f, "debug"), + ArgVerbosity::Trace => write!(f, "trace"), + } + } +} + +/// DNS query handling strategy +/// - Virtual: Use a virtual DNS server to handle DNS queries, also known as Fake-IP mode +/// - OverTcp: Use TCP to send DNS queries to the DNS server +/// - Direct: Do not handle DNS by relying on DNS server bypassing +#[derive(Default, Debug, Copy, Clone, PartialEq, Eq, PartialOrd, Ord, clap::ValueEnum)] +pub enum ArgDns { + Virtual, + OverTcp, + #[default] + Direct, +} + +#[derive(Clone, Debug)] +pub struct ArgProxy { + pub proxy_type: ProxyType, + pub addr: SocketAddr, + pub credentials: Option, +} + +impl Default for ArgProxy { + fn default() -> Self { + ArgProxy { + proxy_type: ProxyType::Socks5, + addr: "127.0.0.1:1080".parse().unwrap(), + credentials: None, + } + } +} + +impl ArgProxy { + pub fn from_url(s: &str) -> Result { + let e = format!("`{s}` is not a valid proxy URL"); + let url = url::Url::parse(s).map_err(|_| Error::from(&e))?; + let e = format!("`{s}` does not contain a host"); + let host = url.host_str().ok_or(Error::from(e))?; + + let mut url_host = String::from(host); + let e = format!("`{s}` does not contain a port"); + let port = url.port().ok_or(Error::from(&e))?; + url_host.push(':'); + url_host.push_str(port.to_string().as_str()); + + let e = format!("`{host}` could not be resolved"); + let mut addr_iter = url_host.to_socket_addrs().map_err(|_| Error::from(&e))?; + + let e = format!("`{host}` does not resolve to a usable IP address"); + let addr = addr_iter.next().ok_or(Error::from(&e))?; + + let credentials = if url.username() == "" && url.password().is_none() { + None + } else { + let username = String::from(url.username()); + let password = String::from(url.password().unwrap_or("")); + Some(UserKey::new(username, password)) + }; + + let scheme = url.scheme(); + + let proxy_type = match url.scheme().to_ascii_lowercase().as_str() { + "socks4" => Some(ProxyType::Socks4), + "socks5" => Some(ProxyType::Socks5), + "http" => Some(ProxyType::Http), + _ => None, + } + .ok_or(Error::from(&format!("`{scheme}` is an invalid proxy type")))?; + + Ok(ArgProxy { + proxy_type, + addr, + credentials, + }) + } +} + +#[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, Debug, Default)] +pub enum ProxyType { + Socks4, + #[default] + Socks5, + Http, +} + +impl std::fmt::Display for ProxyType { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + match self { + ProxyType::Socks4 => write!(f, "socks4"), + ProxyType::Socks5 => write!(f, "socks5"), + ProxyType::Http => write!(f, "http"), + } + } +} diff --git a/src/bin/main.rs b/src/bin/main.rs new file mode 100644 index 0000000..f63e569 --- /dev/null +++ b/src/bin/main.rs @@ -0,0 +1,83 @@ +use tproxy_config::{TproxyArgs, TUN_GATEWAY, TUN_IPV4, TUN_NETMASK}; +use tun2::DEFAULT_MTU as MTU; +use tun2proxy::{Args, Builder}; + +#[tokio::main] +async fn main() -> Result<(), Box> { + dotenvy::dotenv().ok(); + let args = Args::parse_args(); + + let bypass_ips = args.bypass.clone(); + + // let default = format!("{}={:?}", module_path!(), args.verbosity); + let default = format!("{:?}", args.verbosity); + env_logger::Builder::from_env(env_logger::Env::default().default_filter_or(default)).init(); + + let mut config = tun2::Configuration::default(); + config.address(TUN_IPV4).netmask(TUN_NETMASK).mtu(MTU).up(); + config.destination(TUN_GATEWAY); + if let Some(tun_fd) = args.tun_fd { + config.raw_fd(tun_fd); + } else { + config.name(&args.tun); + } + + #[cfg(target_os = "linux")] + config.platform_config(|config| { + #[allow(deprecated)] + config.packet_information(true); + config.ensure_root_privileges(args.setup); + }); + + #[cfg(target_os = "windows")] + config.platform_config(|config| { + config.device_guid(Some(12324323423423434234_u128)); + }); + + #[allow(unused_variables)] + let mut tproxy_args = TproxyArgs::new() + .tun_dns(args.dns_addr) + .proxy_addr(args.proxy.addr) + .bypass_ips(&bypass_ips); + #[allow(unused_assignments)] + if args.tun_fd.is_none() { + tproxy_args = tproxy_args.tun_name(&args.tun); + } + + #[allow(unused_mut, unused_assignments, unused_variables)] + let mut setup = true; + + #[cfg(target_os = "linux")] + { + setup = args.setup; + if setup { + tproxy_config::tproxy_setup(&tproxy_args)?; + } + } + + let device = tun2::create_as_async(&config)?; + + #[cfg(any(target_os = "windows", target_os = "macos"))] + if setup { + tproxy_config::tproxy_setup(&tproxy_args)?; + } + + let tun2proxy = Builder::new(device, args).mtu(MTU).build(); + let (join_handle, quit) = tun2proxy.start(); + + ctrlc2::set_async_handler(async move { + quit.trigger().await.expect("quit error"); + }) + .await; + + if let Err(err) = join_handle.await { + log::trace!("main_entry error {}", err); + } + + #[cfg(any(target_os = "linux", target_os = "windows", target_os = "macos"))] + if setup { + tproxy_config::tproxy_remove(&tproxy_args)?; + } + + Ok(()) +} diff --git a/src/directions.rs b/src/directions.rs new file mode 100644 index 0000000..077d669 --- /dev/null +++ b/src/directions.rs @@ -0,0 +1,28 @@ +#![allow(dead_code)] + +#[derive(Clone, Copy, Eq, PartialEq, Debug)] +pub(crate) enum IncomingDirection { + FromServer, + FromClient, +} + +#[derive(Clone, Copy, Eq, PartialEq, Debug)] +pub(crate) enum OutgoingDirection { + ToServer, + ToClient, +} + +#[derive(Clone, Copy, Eq, PartialEq, Debug)] +pub(crate) enum Direction { + Incoming(IncomingDirection), + Outgoing(OutgoingDirection), +} + +#[derive(Clone, Eq, PartialEq, Debug)] +pub(crate) struct DataEvent<'a, T> { + pub(crate) direction: T, + pub(crate) buffer: &'a [u8], +} + +pub(crate) type IncomingDataEvent<'a> = DataEvent<'a, IncomingDirection>; +pub(crate) type OutgoingDataEvent<'a> = DataEvent<'a, OutgoingDirection>; diff --git a/src/dns.rs b/src/dns.rs index 2f95b22..a5ce30c 100644 --- a/src/dns.rs +++ b/src/dns.rs @@ -1,39 +1,10 @@ -#![allow(dead_code)] - -use std::{ - net::{IpAddr, Ipv4Addr, SocketAddr}, - str::FromStr, -}; +use std::{net::IpAddr, str::FromStr}; use trust_dns_proto::op::MessageType; use trust_dns_proto::{ op::{Message, ResponseCode}, rr::{record_type::RecordType, Name, RData, Record}, }; -#[cfg(feature = "use-rand")] -pub fn build_dns_request(domain: &str, query_type: RecordType, used_by_tcp: bool) -> Result, String> { - // [dependencies] - // rand = "0.8" - use rand::{rngs::StdRng, Rng, SeedableRng}; - use trust_dns_proto::op::{header::MessageType, op_code::OpCode, query::Query}; - let name = Name::from_str(domain).map_err(|e| e.to_string())?; - let query = Query::query(name, query_type); - let mut msg = Message::new(); - msg.add_query(query) - .set_id(StdRng::from_entropy().gen()) - .set_op_code(OpCode::Query) - .set_message_type(MessageType::Query) - .set_recursion_desired(true); - let mut msg_buf = msg.to_vec().map_err(|e| e.to_string())?; - if used_by_tcp { - let mut buf = (msg_buf.len() as u16).to_be_bytes().to_vec(); - buf.append(&mut msg_buf); - Ok(buf) - } else { - Ok(msg_buf) - } -} - pub fn build_dns_response(mut request: Message, domain: &str, ip: IpAddr, ttl: u32) -> Result { let record = match ip { IpAddr::V4(ip) => { @@ -105,17 +76,3 @@ pub fn parse_data_to_dns_message(data: &[u8], used_by_tcp: bool) -> Result bool { - fn is_benchmarking(addr: &Ipv4Addr) -> bool { - addr.octets()[0] == 198 && (addr.octets()[1] & 0xfe) == 18 - } - fn addr_v4_is_private(addr: &Ipv4Addr) -> bool { - is_benchmarking(addr) || addr.is_private() || addr.is_loopback() || addr.is_link_local() - } - match addr { - SocketAddr::V4(addr) => addr_v4_is_private(addr.ip()), - SocketAddr::V6(_) => false, - } -} diff --git a/src/dump_logger.rs b/src/dump_logger.rs new file mode 100644 index 0000000..d2426e1 --- /dev/null +++ b/src/dump_logger.rs @@ -0,0 +1,71 @@ +use std::{ + os::raw::{c_char, c_int, c_void}, + sync::Mutex, +}; + +pub(crate) static DUMP_CALLBACK: Mutex> = Mutex::new(None); + +/// # Safety +/// +/// set dump log info callback. +#[no_mangle] +pub unsafe extern "C" fn tun2proxy_set_log_callback( + callback: Option, + ctx: *mut c_void, +) { + *DUMP_CALLBACK.lock().unwrap() = Some(DumpCallback(callback, ctx)); +} + +#[derive(Clone)] +pub struct DumpCallback(Option, *mut c_void); + +impl DumpCallback { + unsafe fn call(self, dump_level: c_int, info: *const c_char) { + if let Some(cb) = self.0 { + cb(dump_level, info, self.1); + } + } +} + +unsafe impl Send for DumpCallback {} +unsafe impl Sync for DumpCallback {} + +#[derive(Debug, Clone, PartialEq, Eq, Default)] +pub struct DumpLogger {} + +impl log::Log for DumpLogger { + fn enabled(&self, metadata: &log::Metadata) -> bool { + metadata.level() <= log::Level::Trace + } + + fn log(&self, record: &log::Record) { + if self.enabled(record.metadata()) { + let current_crate_name = env!("CARGO_CRATE_NAME"); + if record.module_path().unwrap_or("").starts_with(current_crate_name) { + self.do_dump_log(record); + } + } + } + + fn flush(&self) {} +} + +impl DumpLogger { + fn do_dump_log(&self, record: &log::Record) { + let timestamp: chrono::DateTime = chrono::Local::now(); + let msg = format!( + "[{} {:<5} {}] - {}", + timestamp.format("%Y-%m-%d %H:%M:%S"), + record.level(), + record.module_path().unwrap_or(""), + record.args() + ); + let c_msg = std::ffi::CString::new(msg).unwrap(); + let ptr = c_msg.as_ptr(); + if let Some(cb) = DUMP_CALLBACK.lock().unwrap().clone() { + unsafe { + cb.call(record.level() as c_int, ptr); + } + } + } +} diff --git a/src/error.rs b/src/error.rs index e2360ed..caf26de 100644 --- a/src/error.rs +++ b/src/error.rs @@ -3,9 +3,6 @@ pub enum Error { #[error("std::ffi::NulError {0:?}")] Nul(#[from] std::ffi::NulError), - #[error("ctrlc2::Error {0:?}")] - InterruptHandler(#[from] ctrlc2::Error), - #[error(transparent)] Io(#[from] std::io::Error), @@ -15,35 +12,23 @@ pub enum Error { #[error("std::net::AddrParseError {0}")] AddrParse(#[from] std::net::AddrParseError), - #[error("smoltcp::iface::RouteTableFull {0:?}")] - RouteTableFull(#[from] smoltcp::iface::RouteTableFull), - - #[error("smoltcp::socket::tcp::RecvError {0:?}")] - Recv(#[from] smoltcp::socket::tcp::RecvError), - - #[error("smoltcp::socket::tcp::ListenError {0:?}")] - Listen(#[from] smoltcp::socket::tcp::ListenError), - - #[error("smoltcp::socket::udp::BindError {0:?}")] - Bind(#[from] smoltcp::socket::udp::BindError), - - #[error("smoltcp::socket::tcp::SendError {0:?}")] - Send(#[from] smoltcp::socket::tcp::SendError), - - #[error("smoltcp::socket::udp::SendError {0:?}")] - UdpSend(#[from] smoltcp::socket::udp::SendError), - - #[error("smoltcp::wire::Error {0:?}")] - Wire(#[from] smoltcp::wire::Error), - #[error("std::str::Utf8Error {0:?}")] Utf8(#[from] std::str::Utf8Error), #[error("TryFromSliceError {0:?}")] TryFromSlice(#[from] std::array::TryFromSliceError), - #[error("ProtoError {0:?}")] - ProtoError(#[from] trust_dns_proto::error::ProtoError), + #[error("IpStackError {0:?}")] + IpStack(#[from] ipstack::IpStackError), + + #[error("DnsProtoError {0:?}")] + DnsProto(#[from] trust_dns_proto::error::ProtoError), + + #[error("httparse::Error {0:?}")] + Httparse(#[from] httparse::Error), + + #[error("digest_auth::Error {0:?}")] + DigestAuth(#[from] digest_auth::Error), #[cfg(target_os = "android")] #[error("jni::errors::Error {0:?}")] @@ -52,18 +37,8 @@ pub enum Error { #[error("{0}")] String(String), - #[cfg(target_family = "unix")] - #[error("nix::errno::Errno {0:?}")] - OSError(#[from] nix::errno::Errno), - #[error("std::num::ParseIntError {0:?}")] IntParseError(#[from] std::num::ParseIntError), - - #[error("httparse::Error {0}")] - HttpError(#[from] httparse::Error), - - #[error("digest_auth::Error {0}")] - DigestAuthError(#[from] digest_auth::Error), } impl From<&str> for Error { diff --git a/src/http.rs b/src/http.rs index 81b05c5..c04f642 100644 --- a/src/http.rs +++ b/src/http.rs @@ -1,22 +1,20 @@ use crate::{ - error::Error, - tun2proxy::{ - ConnectionInfo, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, OutgoingDataEvent, OutgoingDirection, - ProxyHandler, - }, + directions::{IncomingDataEvent, IncomingDirection, OutgoingDataEvent, OutgoingDirection}, + error::{Error, Result}, + proxy_handler::{ProxyHandler, ProxyHandlerManager}, + session_info::{IpProtocol, SessionInfo}, }; use base64::Engine; use httparse::Response; -use smoltcp::wire::IpProtocol; use socks5_impl::protocol::UserKey; use std::{ - cell::RefCell, collections::{hash_map::RandomState, HashMap, VecDeque}, iter::FromIterator, net::SocketAddr, - rc::Rc, str, + sync::Arc, }; +use tokio::sync::Mutex; use unicase::UniCase; #[derive(Eq, PartialEq, Debug)] @@ -48,10 +46,11 @@ pub struct HttpConnection { crlf_state: u8, counter: usize, skip: usize, - digest_state: Rc>>, + digest_state: Arc>>, before: bool, credentials: Option, - info: ConnectionInfo, + info: SessionInfo, + domain_name: Option, } static PROXY_AUTHENTICATE: &str = "Proxy-Authenticate"; @@ -61,7 +60,12 @@ static TRANSFER_ENCODING: &str = "Transfer-Encoding"; static CONTENT_LENGTH: &str = "Content-Length"; impl HttpConnection { - fn new(info: &ConnectionInfo, credentials: Option, digest_state: Rc>>) -> Result { + async fn new( + info: SessionInfo, + domain_name: Option, + credentials: Option, + digest_state: Arc>>, + ) -> Result { let mut res = Self { state: HttpState::ExpectResponseHeaders, client_inbuf: VecDeque::default(), @@ -74,38 +78,50 @@ impl HttpConnection { digest_state, before: false, credentials, - info: info.clone(), + info, + domain_name, }; - res.send_tunnel_request()?; + res.send_tunnel_request().await?; Ok(res) } - fn send_tunnel_request(&mut self) -> Result<(), Error> { + async fn send_tunnel_request(&mut self) -> Result<(), Error> { + let host = if let Some(domain_name) = &self.domain_name { + format!("{}:{}", domain_name, self.info.dst.port()) + } else { + self.info.dst.to_string() + }; + self.server_outbuf.extend(b"CONNECT "); - self.server_outbuf.extend(self.info.dst.to_string().as_bytes()); + self.server_outbuf.extend(host.as_bytes()); self.server_outbuf.extend(b" HTTP/1.1\r\nHost: "); - self.server_outbuf.extend(self.info.dst.to_string().as_bytes()); + self.server_outbuf.extend(host.as_bytes()); self.server_outbuf.extend(b"\r\n"); - self.send_auth_data(if self.digest_state.borrow().is_none() { + let scheme = if self.digest_state.lock().await.is_none() { AuthenticationScheme::Basic } else { AuthenticationScheme::Digest - })?; + }; + self.send_auth_data(scheme).await?; self.server_outbuf.extend(b"\r\n"); Ok(()) } - fn send_auth_data(&mut self, scheme: AuthenticationScheme) -> Result<(), Error> { + async fn send_auth_data(&mut self, scheme: AuthenticationScheme) -> Result<()> { let Some(credentials) = &self.credentials else { return Ok(()); }; match scheme { AuthenticationScheme::Digest => { - let uri = self.info.dst.to_string(); + let uri = if let Some(domain_name) = &self.domain_name { + format!("{}:{}", domain_name, self.info.dst.port()) + } else { + self.info.dst.to_string() + }; let context = digest_auth::AuthContext::new_with_method( &credentials.username, @@ -115,8 +131,8 @@ impl HttpConnection { digest_auth::HttpMethod::CONNECT, ); - let mut state = self.digest_state.borrow_mut(); - let response = state.as_mut().unwrap().respond(&context)?; + let mut state = self.digest_state.lock().await; + let response = state.as_mut().unwrap().respond(&context).unwrap(); self.server_outbuf .extend(format!("{}: {}\r\n", PROXY_AUTHORIZATION, response.to_header_string()).as_bytes()); @@ -133,7 +149,8 @@ impl HttpConnection { Ok(()) } - fn state_change(&mut self) -> Result<(), Error> { + #[async_recursion::async_recursion] + async fn state_change(&mut self) -> Result<()> { match self.state { HttpState::ExpectResponseHeaders => { while self.counter < self.server_inbuf.len() { @@ -176,7 +193,7 @@ impl HttpConnection { // Connection successful self.state = HttpState::Established; self.server_inbuf.clear(); - return self.state_change(); + return self.state_change().await; } if status_code != 407 { @@ -209,7 +226,7 @@ impl HttpConnection { } // Update the digest state - self.digest_state.replace(Some(state)); + self.digest_state.lock().await.replace(state); self.before = true; let closed = match headers_map.get(&UniCase::new(CONNECTION)) { @@ -222,7 +239,7 @@ impl HttpConnection { // Reset all the buffers self.server_inbuf.clear(); self.server_outbuf.clear(); - self.send_tunnel_request()?; + self.send_tunnel_request().await?; self.state = HttpState::Reset; return Ok(()); @@ -260,7 +277,7 @@ impl HttpConnection { // Close the connection by information miss self.server_inbuf.clear(); self.server_outbuf.clear(); - self.send_tunnel_request()?; + self.send_tunnel_request().await?; self.state = HttpState::Reset; return Ok(()); @@ -271,7 +288,7 @@ impl HttpConnection { self.state = HttpState::ExpectResponse; self.skip = content_length + len; - return self.state_change(); + return self.state_change().await; } HttpState::ExpectResponse => { if self.skip > 0 { @@ -285,10 +302,10 @@ impl HttpConnection { // self.server_outbuf.append(&mut self.data_buf); // self.data_buf.clear(); - self.send_tunnel_request()?; + self.send_tunnel_request().await?; self.state = HttpState::ExpectResponseHeaders; - return self.state_change(); + return self.state_change().await; } } HttpState::Established => { @@ -299,7 +316,7 @@ impl HttpConnection { } HttpState::Reset => { self.state = HttpState::ExpectResponseHeaders; - return self.state_change(); + return self.state_change().await; } _ => {} } @@ -307,12 +324,17 @@ impl HttpConnection { } } +#[async_trait::async_trait] impl ProxyHandler for HttpConnection { - fn get_connection_info(&self) -> &ConnectionInfo { - &self.info + fn get_session_info(&self) -> SessionInfo { + self.info } - fn push_data(&mut self, event: IncomingDataEvent<'_>) -> Result<(), Error> { + fn get_domain_name(&self) -> Option { + self.domain_name.clone() + } + + async fn push_data(&mut self, event: IncomingDataEvent<'_>) -> std::io::Result<()> { let direction = event.direction; let buffer = event.buffer; match direction { @@ -324,7 +346,8 @@ impl ProxyHandler for HttpConnection { } } - self.state_change() + self.state_change().await?; + Ok(()) } fn consume_data(&mut self, dir: OutgoingDirection, size: usize) { @@ -352,16 +375,10 @@ impl ProxyHandler for HttpConnection { self.state == HttpState::Established } - fn data_len(&self, dir: Direction) -> usize { + fn data_len(&self, dir: OutgoingDirection) -> usize { match dir { - Direction::Incoming(incoming) => match incoming { - IncomingDirection::FromServer => self.server_inbuf.len(), - IncomingDirection::FromClient => self.client_inbuf.len(), - }, - Direction::Outgoing(outgoing) => match outgoing { - OutgoingDirection::ToServer => self.server_outbuf.len(), - OutgoingDirection::ToClient => self.client_outbuf.len(), - }, + OutgoingDirection::ToServer => self.server_outbuf.len(), + OutgoingDirection::ToClient => self.client_outbuf.len(), } } @@ -377,19 +394,23 @@ impl ProxyHandler for HttpConnection { pub(crate) struct HttpManager { server: SocketAddr, credentials: Option, - digest_state: Rc>>, + digest_state: Arc>>, } -impl ConnectionManager for HttpManager { - fn new_proxy_handler(&self, info: &ConnectionInfo, _: bool) -> Result, Error> { +#[async_trait::async_trait] +impl ProxyHandlerManager for HttpManager { + async fn new_proxy_handler( + &self, + info: SessionInfo, + domain_name: Option, + _udp_associate: bool, + ) -> std::io::Result>> { if info.protocol != IpProtocol::Tcp { - return Err("Invalid protocol".into()); + return Err(Error::from("Invalid protocol").into()); } - Ok(Box::new(HttpConnection::new( - info, - self.credentials.clone(), - self.digest_state.clone(), - )?)) + Ok(Arc::new(Mutex::new( + HttpConnection::new(info, domain_name, self.credentials.clone(), self.digest_state.clone()).await?, + ))) } fn get_server_addr(&self) -> SocketAddr { @@ -402,7 +423,7 @@ impl HttpManager { Self { server, credentials, - digest_state: Rc::new(RefCell::new(None)), + digest_state: Arc::new(Mutex::new(None)), } } } diff --git a/src/ios.rs b/src/ios.rs new file mode 100644 index 0000000..57ce04d --- /dev/null +++ b/src/ios.rs @@ -0,0 +1,41 @@ +#![cfg(target_os = "ios")] + +use crate::{ + args::{ArgDns, ArgProxy}, + ArgVerbosity, Args, +}; +use std::os::raw::{c_char, c_int, c_uint}; + +/// # Safety +/// +/// Run the tun2proxy component with some arguments. +#[no_mangle] +pub unsafe extern "C" fn tun2proxy_run( + proxy_url: *const c_char, + tun_fd: c_int, + tun_mtu: c_uint, + dns_over_tcp: c_char, + verbose: c_char, +) -> c_int { + use log::LevelFilter; + let log_level = if verbose != 0 { LevelFilter::Trace } else { LevelFilter::Info }; + log::set_max_level(log_level); + log::set_boxed_logger(Box::::default()).unwrap(); + + let dns = if dns_over_tcp != 0 { ArgDns::OverTcp } else { ArgDns::Direct }; + let verbosity = if verbose != 0 { ArgVerbosity::Trace } else { ArgVerbosity::Info }; + let proxy_url = std::ffi::CStr::from_ptr(proxy_url).to_str().unwrap(); + let proxy = ArgProxy::from_url(proxy_url).unwrap(); + + let args = Args::new(Some(tun_fd), proxy, dns, verbosity); + + crate::api::tun2proxy_internal_run(args, tun_mtu as _) +} + +/// # Safety +/// +/// Shutdown the tun2proxy component. +#[no_mangle] +pub unsafe extern "C" fn tun2proxy_stop() -> c_int { + crate::api::tun2proxy_internal_stop() +} diff --git a/src/lib.rs b/src/lib.rs index ebbc32e..dabc4a2 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,171 +1,472 @@ use crate::{ - error::Error, + args::ProxyType, + directions::{IncomingDataEvent, IncomingDirection, OutgoingDirection}, http::HttpManager, - socks::SocksProxyManager, - tun2proxy::{ConnectionManager, TunToProxy}, + session_info::{IpProtocol, SessionInfo}, + virtual_dns::VirtualDns, }; -use smoltcp::wire::IpCidr; -use socks5_impl::protocol::UserKey; -use std::{ - net::{SocketAddr, ToSocketAddrs}, - rc::Rc, +pub use clap; +use ipstack::stream::{IpStackStream, IpStackTcpStream, IpStackUdpStream}; +use proxy_handler::{ProxyHandler, ProxyHandlerManager}; +use socks::SocksProxyManager; +use std::{collections::VecDeque, future::Future, net::SocketAddr, pin::Pin, sync::Arc}; +use tokio::{ + io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt}, + net::TcpStream, + sync::{ + mpsc::{error::SendError, Receiver, Sender}, + Mutex, + }, +}; +use tproxy_config::is_private_ip; +use udp_stream::UdpStream; +pub use { + args::{ArgVerbosity, Args}, + error::{Error, Result}, }; mod android; +mod api; +mod args; +mod directions; mod dns; -pub mod error; +mod dump_logger; +mod error; mod http; -pub mod setup; +mod ios; +mod proxy_handler; +mod session_info; mod socks; -mod tun2proxy; -pub mod util; -mod virtdevice; -mod virtdns; -#[cfg(target_os = "windows")] -mod wintuninterface; +mod virtual_dns; -#[derive(Clone, Debug)] -pub struct Proxy { - pub proxy_type: ProxyType, - pub addr: SocketAddr, - pub credentials: Option, -} +const DNS_PORT: u16 = 53; -pub enum NetworkInterface { - Named(String), - #[cfg(target_family = "unix")] - Fd(std::os::fd::RawFd), -} +const MAX_SESSIONS: u64 = 200; -impl Proxy { - pub fn from_url(s: &str) -> Result { - let e = format!("`{s}` is not a valid proxy URL"); - let url = url::Url::parse(s).map_err(|_| Error::from(&e))?; - let e = format!("`{s}` does not contain a host"); - let host = url.host_str().ok_or(Error::from(e))?; +static TASK_COUNT: std::sync::atomic::AtomicU64 = std::sync::atomic::AtomicU64::new(0); +use std::sync::atomic::Ordering::Relaxed; - let mut url_host = String::from(host); - let e = format!("`{s}` does not contain a port"); - let port = url.port().ok_or(Error::from(&e))?; - url_host.push(':'); - url_host.push_str(port.to_string().as_str()); - - let e = format!("`{host}` could not be resolved"); - let mut addr_iter = url_host.to_socket_addrs().map_err(|_| Error::from(&e))?; - - let e = format!("`{host}` does not resolve to a usable IP address"); - let addr = addr_iter.next().ok_or(Error::from(&e))?; - - let credentials = if url.username() == "" && url.password().is_none() { - None - } else { - let username = String::from(url.username()); - let password = String::from(url.password().unwrap_or("")); - Some(UserKey::new(username, password)) - }; - - let scheme = url.scheme(); - - let proxy_type = match url.scheme().to_ascii_lowercase().as_str() { - "socks4" => Some(ProxyType::Socks4), - "socks5" => Some(ProxyType::Socks5), - "http" => Some(ProxyType::Http), - _ => None, - } - .ok_or(Error::from(&format!("`{scheme}` is an invalid proxy type")))?; - - Ok(Proxy { - proxy_type, - addr, - credentials, - }) - } -} - -#[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, Debug)] -pub enum ProxyType { - Socks4, - Socks5, - Http, -} - -impl std::fmt::Display for ProxyType { - fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { - match self { - ProxyType::Socks4 => write!(f, "socks4"), - ProxyType::Socks5 => write!(f, "socks5"), - ProxyType::Http => write!(f, "http"), - } - } -} - -#[derive(Default)] -pub struct Options { - virtual_dns: Option, +pub struct Builder { + device: D, mtu: Option, - dns_over_tcp: bool, - dns_addr: Option, - ipv6_enabled: bool, - pub setup: bool, - bypass: Vec, + args: Args, } -impl Options { - pub fn new() -> Self { - Options::default() +impl Builder { + pub fn new(device: D, args: Args) -> Self { + Builder { device, args, mtu: None } } - - pub fn with_virtual_dns(mut self) -> Self { - self.virtual_dns = Some(virtdns::VirtualDns::new()); - self.dns_over_tcp = false; - self - } - - pub fn with_dns_over_tcp(mut self) -> Self { - self.dns_over_tcp = true; - self.virtual_dns = None; - self - } - - pub fn with_dns_addr(mut self, addr: Option) -> Self { - self.dns_addr = addr; - self - } - - pub fn with_ipv6_enabled(mut self) -> Self { - self.ipv6_enabled = true; - self - } - - pub fn with_mtu(mut self, mtu: usize) -> Self { + pub fn mtu(mut self, mtu: usize) -> Self { self.mtu = Some(mtu); self } + pub fn build(self) -> Tun2Socks5> + Send + 'static> { + let (tx, rx) = tokio::sync::mpsc::channel::<()>(1); - pub fn with_bypass_ips<'a>(mut self, bypass_ips: impl IntoIterator) -> Self { - for bypass_ip in bypass_ips { - self.bypass.push(*bypass_ip); - } - self + Tun2Socks5(run(self.device, self.mtu.unwrap_or(1500), self.args, rx), tx) } } -pub fn tun_to_proxy<'a>(interface: &NetworkInterface, proxy: &Proxy, options: Options) -> Result, Error> { - let mut ttp = TunToProxy::new(interface, options)?; - let credentials = proxy.credentials.clone(); - let server = proxy.addr; - use socks5_impl::protocol::Version::{V4, V5}; - let mgr = match proxy.proxy_type { - ProxyType::Socks4 => Rc::new(SocksProxyManager::new(server, V4, credentials)) as Rc, - ProxyType::Socks5 => Rc::new(SocksProxyManager::new(server, V5, credentials)) as Rc, - ProxyType::Http => Rc::new(HttpManager::new(server, credentials)) as Rc, - }; - ttp.set_connection_manager(Some(mgr)); - Ok(ttp) +pub struct Tun2Socks5(F, Sender<()>); + +impl Tun2Socks5 +where + F::Output: Send, +{ + pub fn start(self) -> (JoinHandle, Quit) { + let r = tokio::spawn(self.0); + (JoinHandle(r), Quit(self.1)) + } } -pub fn main_entry(interface: &NetworkInterface, proxy: &Proxy, options: Options) -> Result<(), Error> { - let mut ttp = tun_to_proxy(interface, proxy, options)?; - ttp.run()?; +pub struct Quit(Sender<()>); + +impl Quit { + pub async fn trigger(&self) -> Result<(), SendError<()>> { + self.0.send(()).await + } +} + +#[repr(transparent)] +struct TokioJoinError(tokio::task::JoinError); + +impl From for crate::Result<()> { + fn from(value: TokioJoinError) -> Self { + Err(crate::Error::Io(value.0.into())) + } +} + +pub struct JoinHandle(tokio::task::JoinHandle); + +impl> Future for JoinHandle { + type Output = R; + + fn poll(mut self: std::pin::Pin<&mut Self>, cx: &mut std::task::Context<'_>) -> std::task::Poll { + match std::task::ready!(Pin::new(&mut self.0).poll(cx)) { + Ok(r) => std::task::Poll::Ready(r), + Err(e) => std::task::Poll::Ready(TokioJoinError(e).into()), + } + } +} + +pub async fn run(device: D, mtu: usize, args: Args, mut quit: Receiver<()>) -> crate::Result<()> +where + D: AsyncRead + AsyncWrite + Unpin + Send + 'static, +{ + let server_addr = args.proxy.addr; + let key = args.proxy.credentials.clone(); + let dns_addr = args.dns_addr; + let ipv6_enabled = args.ipv6_enabled; + let virtual_dns = if args.dns == args::ArgDns::Virtual { + Some(Arc::new(Mutex::new(VirtualDns::new()))) + } else { + None + }; + + use socks5_impl::protocol::Version::{V4, V5}; + let mgr = match args.proxy.proxy_type { + ProxyType::Socks5 => Arc::new(SocksProxyManager::new(server_addr, V5, key)) as Arc, + ProxyType::Socks4 => Arc::new(SocksProxyManager::new(server_addr, V4, key)) as Arc, + ProxyType::Http => Arc::new(HttpManager::new(server_addr, key)) as Arc, + }; + + let mut ipstack_config = ipstack::IpStackConfig::default(); + ipstack_config.mtu(mtu as _); + ipstack_config.tcp_timeout(std::time::Duration::from_secs(600)); // 10 minutes + ipstack_config.udp_timeout(std::time::Duration::from_secs(10)); // 10 seconds + + let mut ip_stack = ipstack::IpStack::new(ipstack_config, device); + + loop { + let virtual_dns = virtual_dns.clone(); + let ip_stack_stream = tokio::select! { + _ = quit.recv() => { + log::info!(""); + log::info!("Ctrl-C recieved, exiting..."); + break; + } + ip_stack_stream = ip_stack.accept() => { + ip_stack_stream? + } + }; + match ip_stack_stream { + IpStackStream::Tcp(tcp) => { + if TASK_COUNT.load(Relaxed) > MAX_SESSIONS { + log::warn!("Too many sessions that over {MAX_SESSIONS}, dropping new session"); + continue; + } + log::trace!("Session count {}", TASK_COUNT.fetch_add(1, Relaxed) + 1); + let info = SessionInfo::new(tcp.local_addr(), tcp.peer_addr(), IpProtocol::Tcp); + let domain_name = if let Some(virtual_dns) = &virtual_dns { + let mut virtual_dns = virtual_dns.lock().await; + virtual_dns.touch_ip(&tcp.peer_addr().ip()); + virtual_dns.resolve_ip(&tcp.peer_addr().ip()).cloned() + } else { + None + }; + let proxy_handler = mgr.new_proxy_handler(info, domain_name, false).await?; + tokio::spawn(async move { + if let Err(err) = handle_tcp_session(tcp, server_addr, proxy_handler).await { + log::error!("{} error \"{}\"", info, err); + } + log::trace!("Session count {}", TASK_COUNT.fetch_sub(1, Relaxed) - 1); + }); + } + IpStackStream::Udp(udp) => { + if TASK_COUNT.load(Relaxed) > MAX_SESSIONS { + log::warn!("Too many sessions that over {MAX_SESSIONS}, dropping new session"); + continue; + } + log::trace!("Session count {}", TASK_COUNT.fetch_add(1, Relaxed) + 1); + let mut info = SessionInfo::new(udp.local_addr(), udp.peer_addr(), IpProtocol::Udp); + if info.dst.port() == DNS_PORT { + if is_private_ip(info.dst.ip()) { + info.dst.set_ip(dns_addr); + } + if args.dns == args::ArgDns::OverTcp { + let proxy_handler = mgr.new_proxy_handler(info, None, false).await?; + tokio::spawn(async move { + if let Err(err) = handle_dns_over_tcp_session(udp, server_addr, proxy_handler, ipv6_enabled).await { + log::error!("{} error \"{}\"", info, err); + } + log::trace!("Session count {}", TASK_COUNT.fetch_sub(1, Relaxed) - 1); + }); + continue; + } + if args.dns == args::ArgDns::Virtual { + tokio::spawn(async move { + if let Some(virtual_dns) = virtual_dns { + if let Err(err) = handle_virtual_dns_session(udp, virtual_dns).await { + log::error!("{} error \"{}\"", info, err); + } + } + log::trace!("Session count {}", TASK_COUNT.fetch_sub(1, Relaxed) - 1); + }); + continue; + } + assert_eq!(args.dns, args::ArgDns::Direct); + } + let domain_name = if let Some(virtual_dns) = &virtual_dns { + let mut virtual_dns = virtual_dns.lock().await; + virtual_dns.touch_ip(&udp.peer_addr().ip()); + virtual_dns.resolve_ip(&udp.peer_addr().ip()).cloned() + } else { + None + }; + let proxy_handler = mgr.new_proxy_handler(info, domain_name, true).await?; + tokio::spawn(async move { + if let Err(err) = handle_udp_associate_session(udp, server_addr, proxy_handler, ipv6_enabled).await { + log::error!("{} error \"{}\"", info, err); + } + log::trace!("Session count {}", TASK_COUNT.fetch_sub(1, Relaxed) - 1); + }); + } + _ => { + log::trace!("Unknown transport"); + continue; + } + } + } Ok(()) } + +async fn handle_virtual_dns_session(mut udp: IpStackUdpStream, dns: Arc>) -> crate::Result<()> { + let mut buf = [0_u8; 4096]; + loop { + let len = udp.read(&mut buf).await?; + if len == 0 { + break; + } + let (msg, qname, ip) = dns.lock().await.generate_query(&buf[..len])?; + udp.write_all(&msg).await?; + log::debug!("Virtual DNS query: {} -> {}", qname, ip); + } + Ok(()) +} + +async fn handle_tcp_session( + tcp_stack: IpStackTcpStream, + server_addr: SocketAddr, + proxy_handler: Arc>, +) -> crate::Result<()> { + let mut server = TcpStream::connect(server_addr).await?; + + let session_info = proxy_handler.lock().await.get_session_info(); + log::info!("Beginning {}", session_info); + + let _ = handle_proxy_session(&mut server, proxy_handler).await?; + + let (mut t_rx, mut t_tx) = tokio::io::split(tcp_stack); + let (mut s_rx, mut s_tx) = tokio::io::split(server); + + let result = tokio::join! { + tokio::io::copy(&mut t_rx, &mut s_tx), + tokio::io::copy(&mut s_rx, &mut t_tx), + }; + let result = match result { + (Ok(t), Ok(s)) => Ok((t, s)), + (Err(e), _) | (_, Err(e)) => Err(e), + }; + + log::info!("Ending {} with {:?}", session_info, result); + + Ok(()) +} + +async fn handle_udp_associate_session( + mut udp_stack: IpStackUdpStream, + server_addr: SocketAddr, + proxy_handler: Arc>, + ipv6_enabled: bool, +) -> crate::Result<()> { + use socks5_impl::protocol::{Address, StreamOperation, UdpHeader}; + let mut server = TcpStream::connect(server_addr).await?; + let session_info = proxy_handler.lock().await.get_session_info(); + let domain_name = proxy_handler.lock().await.get_domain_name(); + log::info!("Beginning {}", session_info); + + let udp_addr = handle_proxy_session(&mut server, proxy_handler).await?; + let udp_addr = udp_addr.ok_or("udp associate failed")?; + + let mut udp_server = UdpStream::connect(udp_addr).await?; + + let mut buf1 = [0_u8; 4096]; + let mut buf2 = [0_u8; 4096]; + loop { + tokio::select! { + len = udp_stack.read(&mut buf1) => { + let len = len?; + if len == 0 { + break; + } + let buf1 = &buf1[..len]; + + let s5addr = if let Some(domain_name) = &domain_name { + Address::DomainAddress(domain_name.clone(), session_info.dst.port()) + } else { + session_info.dst.into() + }; + + // Add SOCKS5 UDP header to the incoming data + let mut s5_udp_data = Vec::::new(); + UdpHeader::new(0, s5addr).write_to_stream(&mut s5_udp_data)?; + s5_udp_data.extend_from_slice(buf1); + + udp_server.write_all(&s5_udp_data).await?; + } + len = udp_server.read(&mut buf2) => { + let len = len?; + if len == 0 { + break; + } + let buf2 = &buf2[..len]; + + // Remove SOCKS5 UDP header from the server data + let header = UdpHeader::retrieve_from_stream(&mut &buf2[..])?; + let data = &buf2[header.len()..]; + + let buf = if session_info.dst.port() == DNS_PORT { + let mut message = dns::parse_data_to_dns_message(data, false)?; + if !ipv6_enabled { + dns::remove_ipv6_entries(&mut message); + } + message.to_vec()? + } else { + data.to_vec() + }; + + udp_stack.write_all(&buf).await?; + } + } + } + + log::info!("Ending {}", session_info); + + Ok(()) +} + +async fn handle_dns_over_tcp_session( + mut udp_stack: IpStackUdpStream, + server_addr: SocketAddr, + proxy_handler: Arc>, + ipv6_enabled: bool, +) -> crate::Result<()> { + let mut server = TcpStream::connect(server_addr).await?; + + let session_info = proxy_handler.lock().await.get_session_info(); + log::info!("Beginning {}", session_info); + + let _ = handle_proxy_session(&mut server, proxy_handler).await?; + + let mut buf1 = [0_u8; 4096]; + let mut buf2 = [0_u8; 4096]; + loop { + tokio::select! { + len = udp_stack.read(&mut buf1) => { + let len = len?; + if len == 0 { + break; + } + let buf1 = &buf1[..len]; + + _ = dns::parse_data_to_dns_message(buf1, false)?; + + // Insert the DNS message length in front of the payload + let len = u16::try_from(buf1.len())?; + let mut buf = Vec::with_capacity(std::mem::size_of::() + usize::from(len)); + buf.extend_from_slice(&len.to_be_bytes()); + buf.extend_from_slice(buf1); + + server.write_all(&buf).await?; + } + len = server.read(&mut buf2) => { + let len = len?; + if len == 0 { + break; + } + let mut buf = buf2[..len].to_vec(); + + let mut to_send: VecDeque> = VecDeque::new(); + loop { + if buf.len() < 2 { + break; + } + let len = u16::from_be_bytes([buf[0], buf[1]]) as usize; + if buf.len() < len + 2 { + break; + } + + // remove the length field + let data = buf[2..len + 2].to_vec(); + + let mut message = dns::parse_data_to_dns_message(&data, false)?; + + let name = dns::extract_domain_from_dns_message(&message)?; + let ip = dns::extract_ipaddr_from_dns_message(&message); + log::trace!("DNS over TCP query result: {} -> {:?}", name, ip); + + if !ipv6_enabled { + dns::remove_ipv6_entries(&mut message); + } + + to_send.push_back(message.to_vec()?); + if len + 2 == buf.len() { + break; + } + buf = buf[len + 2..].to_vec(); + } + + while let Some(packet) = to_send.pop_front() { + udp_stack.write_all(&packet).await?; + } + } + } + } + + log::info!("Ending {}", session_info); + + Ok(()) +} + +async fn handle_proxy_session(server: &mut TcpStream, proxy_handler: Arc>) -> crate::Result> { + let mut launched = false; + let mut proxy_handler = proxy_handler.lock().await; + let dir = OutgoingDirection::ToServer; + + loop { + if proxy_handler.connection_established() { + break; + } + + if !launched { + let data = proxy_handler.peek_data(dir).buffer; + let len = data.len(); + if len == 0 { + return Err("proxy_handler launched went wrong".into()); + } + server.write_all(data).await?; + proxy_handler.consume_data(dir, len); + + launched = true; + } + + let mut buf = [0_u8; 4096]; + let len = server.read(&mut buf).await?; + if len == 0 { + return Err("server closed accidentially".into()); + } + let event = IncomingDataEvent { + direction: IncomingDirection::FromServer, + buffer: &buf[..len], + }; + proxy_handler.push_data(event).await?; + + let data = proxy_handler.peek_data(dir).buffer; + let len = data.len(); + if len > 0 { + server.write_all(data).await?; + proxy_handler.consume_data(dir, len); + } + } + Ok(proxy_handler.get_udp_associate()) +} diff --git a/src/main.rs b/src/main.rs deleted file mode 100644 index 06d42c4..0000000 --- a/src/main.rs +++ /dev/null @@ -1,156 +0,0 @@ -use clap::Parser; -use smoltcp::wire::IpCidr; -use std::{net::IpAddr, process::ExitCode}; -use tun2proxy::util::str_to_cidr; -use tun2proxy::{error::Error, main_entry, NetworkInterface, Options, Proxy}; - -#[cfg(target_os = "linux")] -use tun2proxy::setup::{get_default_cidrs, Setup}; - -/// Tunnel interface to proxy -#[derive(Parser)] -#[command(author, version, about = "Tunnel interface to proxy.", long_about = None)] -struct Args { - /// Name of the tun interface - #[arg(short, long, value_name = "name", default_value = "tun0")] - tun: String, - - /// File descriptor of the tun interface - #[arg(long, value_name = "fd")] - tun_fd: Option, - - /// MTU of the tun interface (only with tunnel file descriptor) - #[arg(long, value_name = "mtu", default_value = "1500")] - tun_mtu: usize, - - /// Proxy URL in the form proto://[username[:password]@]host:port - #[arg(short, long, value_parser = Proxy::from_url, value_name = "URL")] - proxy: Proxy, - - /// DNS handling strategy - #[arg(short, long, value_name = "strategy", value_enum, default_value = "virtual")] - dns: ArgDns, - - /// DNS resolver address - #[arg(long, value_name = "IP", default_value = "8.8.8.8")] - dns_addr: IpAddr, - - /// IPv6 enabled - #[arg(short = '6', long)] - ipv6_enabled: bool, - - /// Routing and system setup - #[arg(short, long, value_name = "method", value_enum, default_value = if cfg!(target_os = "linux") { "none" } else { "auto" })] - setup: Option, - - /// IPs used in routing setup which should bypass the tunnel - #[arg(short, long, value_name = "IP|CIDR")] - bypass: Vec, - - /// Verbosity level - #[arg(short, long, value_name = "level", value_enum, default_value = "info")] - verbosity: ArgVerbosity, -} - -/// DNS query handling strategy -/// - Virtual: Intercept DNS queries and resolve them locally with a fake IP address -/// - OverTcp: Use TCP to send DNS queries to the DNS server -/// - Direct: Do not handle DNS by relying on DNS server bypassing -#[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, clap::ValueEnum)] -enum ArgDns { - Virtual, - OverTcp, - Direct, -} - -#[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, clap::ValueEnum)] -enum ArgSetup { - None, - Auto, -} - -#[derive(Debug, Copy, Clone, PartialEq, Eq, PartialOrd, Ord, clap::ValueEnum)] -enum ArgVerbosity { - Off, - Error, - Warn, - Info, - Debug, - Trace, -} - -fn main() -> ExitCode { - dotenvy::dotenv().ok(); - let args = Args::parse(); - - let default = format!("{}={:?}", module_path!(), args.verbosity); - env_logger::Builder::from_env(env_logger::Env::default().default_filter_or(default)).init(); - - let addr = args.proxy.addr; - let proxy_type = args.proxy.proxy_type; - log::info!("Proxy {proxy_type} server: {addr}"); - - let mut options = Options::new(); - match args.dns { - ArgDns::Virtual => { - options = options.with_virtual_dns(); - } - ArgDns::OverTcp => { - options = options.with_dns_over_tcp(); - } - _ => {} - } - - options = options.with_dns_addr(Some(args.dns_addr)); - - if args.ipv6_enabled { - options = options.with_ipv6_enabled(); - } - - #[allow(unused_assignments)] - let interface = match args.tun_fd { - None => NetworkInterface::Named(args.tun.clone()), - Some(_fd) => { - options = options.with_mtu(args.tun_mtu); - #[cfg(not(target_family = "unix"))] - panic!("Not supported file descriptor"); - #[cfg(target_family = "unix")] - NetworkInterface::Fd(_fd) - } - }; - - options.setup = args.setup.map(|s| s == ArgSetup::Auto).unwrap_or(false); - - let block = || -> Result<(), Error> { - let mut bypass_ips = Vec::::new(); - for cidr_str in args.bypass { - bypass_ips.push(str_to_cidr(&cidr_str)?); - } - if bypass_ips.is_empty() { - let prefix_len = if args.proxy.addr.ip().is_ipv6() { 128 } else { 32 }; - bypass_ips.push(IpCidr::new(args.proxy.addr.ip().into(), prefix_len)) - } - - options = options.with_bypass_ips(&bypass_ips); - - #[cfg(target_os = "linux")] - { - let mut setup: Setup; - if options.setup { - setup = Setup::new(&args.tun, bypass_ips, get_default_cidrs()); - setup.configure()?; - setup.drop_privileges()?; - } - } - - main_entry(&interface, &args.proxy, options)?; - - Ok(()) - }; - if let Err(e) = block() { - log::error!("{e}"); - return ExitCode::FAILURE; - } - - ExitCode::SUCCESS -} diff --git a/src/proxy_handler.rs b/src/proxy_handler.rs new file mode 100644 index 0000000..5621347 --- /dev/null +++ b/src/proxy_handler.rs @@ -0,0 +1,30 @@ +use crate::{ + directions::{IncomingDataEvent, OutgoingDataEvent, OutgoingDirection}, + session_info::SessionInfo, +}; +use std::{net::SocketAddr, sync::Arc}; +use tokio::sync::Mutex; + +#[async_trait::async_trait] +pub(crate) trait ProxyHandler: Send + Sync { + fn get_session_info(&self) -> SessionInfo; + fn get_domain_name(&self) -> Option; + async fn push_data(&mut self, event: IncomingDataEvent<'_>) -> std::io::Result<()>; + fn consume_data(&mut self, dir: OutgoingDirection, size: usize); + fn peek_data(&mut self, dir: OutgoingDirection) -> OutgoingDataEvent; + fn connection_established(&self) -> bool; + fn data_len(&self, dir: OutgoingDirection) -> usize; + fn reset_connection(&self) -> bool; + fn get_udp_associate(&self) -> Option; +} + +#[async_trait::async_trait] +pub(crate) trait ProxyHandlerManager: Send + Sync { + async fn new_proxy_handler( + &self, + info: SessionInfo, + domain_name: Option, + udp_associate: bool, + ) -> std::io::Result>>; + fn get_server_addr(&self) -> SocketAddr; +} diff --git a/src/session_info.rs b/src/session_info.rs new file mode 100644 index 0000000..dc73cf9 --- /dev/null +++ b/src/session_info.rs @@ -0,0 +1,53 @@ +use std::net::{Ipv4Addr, SocketAddr}; + +#[allow(dead_code)] +#[derive(Hash, Copy, Clone, Eq, PartialEq, PartialOrd, Ord, Debug, Default)] +pub(crate) enum IpProtocol { + #[default] + Tcp, + Udp, + Icmp, + Other(u8), +} + +impl std::fmt::Display for IpProtocol { + fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result { + match self { + IpProtocol::Tcp => write!(f, "TCP"), + IpProtocol::Udp => write!(f, "UDP"), + IpProtocol::Icmp => write!(f, "ICMP"), + IpProtocol::Other(v) => write!(f, "Other({})", v), + } + } +} + +#[derive(Hash, Copy, Clone, Eq, PartialEq, PartialOrd, Ord, Debug)] +pub(crate) struct SessionInfo { + pub(crate) src: SocketAddr, + pub(crate) dst: SocketAddr, + pub(crate) protocol: IpProtocol, + id: u64, +} + +impl Default for SessionInfo { + fn default() -> Self { + let src = SocketAddr::new(Ipv4Addr::UNSPECIFIED.into(), 0); + let dst = SocketAddr::new(Ipv4Addr::UNSPECIFIED.into(), 0); + Self::new(src, dst, IpProtocol::Tcp) + } +} + +static SESSION_ID: std::sync::atomic::AtomicU64 = std::sync::atomic::AtomicU64::new(0); + +impl SessionInfo { + pub fn new(src: SocketAddr, dst: SocketAddr, protocol: IpProtocol) -> Self { + let id = SESSION_ID.fetch_add(1, std::sync::atomic::Ordering::Relaxed); + Self { src, dst, protocol, id } + } +} + +impl std::fmt::Display for SessionInfo { + fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result { + write!(f, "#{} {} {} -> {}", self.id, self.protocol, self.src, self.dst) + } +} diff --git a/src/setup.rs b/src/setup.rs deleted file mode 100644 index c3c69f1..0000000 --- a/src/setup.rs +++ /dev/null @@ -1,337 +0,0 @@ -#![cfg(target_os = "linux")] - -use crate::error::Error; -use fork::Fork; -use smoltcp::wire::IpCidr; -use std::{ - convert::TryFrom, - ffi::OsStr, - fs, - io::BufRead, - net::{Ipv4Addr, Ipv6Addr}, - os::unix::io::RawFd, - process::{Command, Output}, - str::FromStr, -}; - -#[derive(Clone)] -pub struct Setup { - routes: Vec, - tunnel_bypass_addrs: Vec, - tun: String, - set_up: bool, - delete_proxy_routes: Vec, - child: libc::pid_t, - unmount_resolvconf: bool, - restore_resolvconf_data: Option>, -} - -pub fn get_default_cidrs() -> [IpCidr; 4] { - [ - IpCidr::new(Ipv4Addr::from_str("0.0.0.0").unwrap().into(), 1), - IpCidr::new(Ipv4Addr::from_str("128.0.0.0").unwrap().into(), 1), - IpCidr::new(Ipv6Addr::from_str("::").unwrap().into(), 1), - IpCidr::new(Ipv6Addr::from_str("8000::").unwrap().into(), 1), - ] -} - -fn run_iproute(args: I, error: &str, require_success: bool) -> Result -where - I: IntoIterator, - S: AsRef, -{ - let mut command = Command::new(""); - for (i, arg) in args.into_iter().enumerate() { - if i == 0 { - command = Command::new(arg); - } else { - command.arg(arg); - } - } - - let e = Error::from(error); - let output = command.output().map_err(|_| e)?; - if !require_success || output.status.success() { - Ok(output) - } else { - let mut args: Vec<&str> = command.get_args().map(|x| x.to_str().unwrap()).collect(); - let program = command.get_program().to_str().unwrap(); - let mut cmdline = Vec::<&str>::new(); - cmdline.push(program); - cmdline.append(&mut args); - let command = cmdline.as_slice().join(" "); - match String::from_utf8(output.stderr.clone()) { - Ok(output) => Err(format!("[{}] Command `{}` failed: {}", nix::unistd::getpid(), command, output).into()), - Err(_) => Err(format!("Command `{:?}` failed with exit code {}", command, output.status.code().unwrap()).into()), - } - } -} - -impl Setup { - pub fn new( - tun: impl Into, - tunnel_bypass_addrs: impl IntoIterator, - routes: impl IntoIterator, - ) -> Self { - let routes_cidr = routes.into_iter().collect(); - let bypass_cidrs = tunnel_bypass_addrs.into_iter().collect(); - Self { - tun: tun.into(), - tunnel_bypass_addrs: bypass_cidrs, - routes: routes_cidr, - set_up: false, - delete_proxy_routes: Vec::::new(), - child: 0, - unmount_resolvconf: false, - restore_resolvconf_data: None, - } - } - - fn bypass_cidr(cidr: &IpCidr) -> Result { - let is_ipv6 = match cidr { - IpCidr::Ipv4(_) => false, - IpCidr::Ipv6(_) => true, - }; - let route_show_args = if is_ipv6 { - ["ip", "-6", "route", "show"] - } else { - ["ip", "-4", "route", "show"] - }; - - let routes = run_iproute(route_show_args, "failed to get routing table through the ip command", true)?; - - let mut route_info = Vec::<(IpCidr, Vec)>::new(); - for line in routes.stdout.lines() { - if line.is_err() { - break; - } - let line = line.unwrap(); - if line.starts_with([' ', '\t']) { - continue; - } - - let mut split = line.split_whitespace(); - let mut dst_str = split.next().unwrap(); - if dst_str == "default" { - dst_str = if is_ipv6 { "::/0" } else { "0.0.0.0/0" } - } - - let (addr_str, prefix_len_str) = match dst_str.split_once(['/']) { - None => (dst_str, if is_ipv6 { "128" } else { "32" }), - Some((addr_str, prefix_len_str)) => (addr_str, prefix_len_str), - }; - - let cidr: IpCidr = IpCidr::new( - std::net::IpAddr::from_str(addr_str).unwrap().into(), - u8::from_str(prefix_len_str).unwrap(), - ); - let route_components: Vec = split.map(String::from).collect(); - route_info.push((cidr, route_components)) - } - - // Sort routes by prefix length, the most specific route comes first. - route_info.sort_by(|entry1, entry2| entry2.0.prefix_len().cmp(&entry1.0.prefix_len())); - - for (route_cidr, route_components) in route_info { - if !route_cidr.contains_subnet(cidr) { - continue; - } - - // The IP address is routed through a more specific route than the default route. - // In this case, there is nothing to do. - if route_cidr.prefix_len() != 0 { - break; - } - - let mut proxy_route = vec!["ip".into(), "route".into(), "add".into()]; - proxy_route.push(cidr.to_string()); - proxy_route.extend(route_components.into_iter()); - run_iproute(proxy_route, "failed to clone route for proxy", false)?; - return Ok(true); - } - Ok(false) - } - - fn write_buffer_to_fd(fd: RawFd, data: &[u8]) -> Result<(), Error> { - let mut written = 0; - loop { - if written >= data.len() { - break; - } - written += nix::unistd::write(fd, &data[written..])?; - } - Ok(()) - } - - fn write_nameserver(fd: RawFd) -> Result<(), Error> { - let data = "nameserver 198.18.0.1\n".as_bytes(); - Self::write_buffer_to_fd(fd, data)?; - nix::sys::stat::fchmod(fd, nix::sys::stat::Mode::from_bits(0o444).unwrap())?; - Ok(()) - } - - fn setup_resolv_conf(&mut self) -> Result<(), Error> { - let mut fd = nix::fcntl::open( - "/tmp/tun2proxy-resolv.conf", - nix::fcntl::OFlag::O_RDWR | nix::fcntl::OFlag::O_CLOEXEC | nix::fcntl::OFlag::O_CREAT, - nix::sys::stat::Mode::from_bits(0o644).unwrap(), - )?; - Self::write_nameserver(fd)?; - let source = format!("/proc/self/fd/{}", fd); - if Ok(()) - != nix::mount::mount( - source.as_str().into(), - "/etc/resolv.conf", - "".into(), - nix::mount::MsFlags::MS_BIND, - "".into(), - ) - { - log::warn!("failed to bind mount custom resolv.conf onto /etc/resolv.conf, resorting to direct write"); - nix::unistd::close(fd)?; - - self.restore_resolvconf_data = Some(fs::read("/etc/resolv.conf")?); - - fd = nix::fcntl::open( - "/etc/resolv.conf", - nix::fcntl::OFlag::O_WRONLY | nix::fcntl::OFlag::O_CLOEXEC | nix::fcntl::OFlag::O_TRUNC, - nix::sys::stat::Mode::from_bits(0o644).unwrap(), - )?; - Self::write_nameserver(fd)?; - } else { - self.unmount_resolvconf = true; - } - nix::unistd::close(fd)?; - Ok(()) - } - - fn add_tunnel_routes(&self) -> Result<(), Error> { - for route in &self.routes { - run_iproute( - ["ip", "route", "add", route.to_string().as_str(), "dev", self.tun.as_str()], - "failed to add route", - true, - )?; - } - Ok(()) - } - - fn shutdown(&mut self) -> Result<(), Error> { - self.set_up = false; - log::info!("[{}] Restoring network configuration", nix::unistd::getpid()); - let _ = Command::new("ip").args(["link", "del", self.tun.as_str()]).output(); - - for cidr in &self.delete_proxy_routes { - let _ = Command::new("ip").args(["route", "del", cidr.to_string().as_str()]).output(); - } - - if self.unmount_resolvconf { - nix::mount::umount("/etc/resolv.conf")?; - } - - if let Some(data) = &self.restore_resolvconf_data { - fs::write("/etc/resolv.conf", data)?; - } - Ok(()) - } - - fn setup_and_handle_signals(&mut self, read_from_child: RawFd, write_to_parent: RawFd) { - if let Err(e) = (|| -> Result<(), Error> { - nix::unistd::close(read_from_child)?; - run_iproute( - ["ip", "tuntap", "add", "name", self.tun.as_str(), "mode", "tun"], - "failed to create tunnel device", - true, - )?; - - self.set_up = true; - - run_iproute( - ["ip", "link", "set", self.tun.as_str(), "up"], - "failed to bring up tunnel device", - true, - )?; - - let mut delete_proxy_route = Vec::::new(); - for cidr in &self.tunnel_bypass_addrs { - if Self::bypass_cidr(cidr)? { - delete_proxy_route.push(*cidr); - } - } - self.delete_proxy_routes = delete_proxy_route; - self.setup_resolv_conf()?; - self.add_tunnel_routes()?; - - // Signal to child that we are done setting up everything. - if nix::unistd::write(write_to_parent, &[1])? != 1 { - return Err("Failed to write to pipe".into()); - } - nix::unistd::close(write_to_parent)?; - - // Now wait for the termination signals. - let mut mask = nix::sys::signal::SigSet::empty(); - mask.add(nix::sys::signal::SIGINT); - mask.add(nix::sys::signal::SIGTERM); - mask.add(nix::sys::signal::SIGQUIT); - mask.thread_block().unwrap(); - - let mut fd = nix::sys::signalfd::SignalFd::new(&mask).unwrap(); - loop { - let res = fd.read_signal().unwrap().unwrap(); - let signo = nix::sys::signal::Signal::try_from(res.ssi_signo as i32).unwrap(); - if signo == nix::sys::signal::SIGINT || signo == nix::sys::signal::SIGTERM || signo == nix::sys::signal::SIGQUIT { - break; - } - } - - self.shutdown()?; - Ok(()) - })() { - log::error!("{e}"); - self.shutdown().unwrap(); - }; - } - - pub fn drop_privileges(&self) -> Result<(), Error> { - // 65534 is usually the nobody user. Even in cases it is not, it is safer to use this ID - // than running with UID and GID 0. - nix::unistd::setgid(nix::unistd::Gid::from_raw(65534))?; - nix::unistd::setuid(nix::unistd::Uid::from_raw(65534))?; - - Ok(()) - } - - pub fn configure(&mut self) -> Result<(), Error> { - log::info!("[{}] Setting up network configuration", nix::unistd::getpid()); - if nix::unistd::getuid() != 0.into() { - return Err("Automatic setup requires root privileges".into()); - } - - let (read_from_child, write_to_parent) = nix::unistd::pipe()?; - match fork::fork() { - Ok(Fork::Child) => { - prctl::set_death_signal(nix::sys::signal::SIGINT as isize).unwrap(); - self.setup_and_handle_signals(read_from_child, write_to_parent); - std::process::exit(0); - } - Ok(Fork::Parent(child)) => { - self.child = child; - nix::unistd::close(write_to_parent)?; - let mut buf = [0]; - if nix::unistd::read(read_from_child, &mut buf)? != 1 { - return Err("Failed to read from pipe".into()); - } - nix::unistd::close(read_from_child)?; - - Ok(()) - } - _ => Err("Failed to fork".into()), - } - } - - pub fn restore(&mut self) -> Result<(), Error> { - nix::sys::signal::kill(nix::unistd::Pid::from_raw(self.child), nix::sys::signal::SIGINT)?; - nix::sys::wait::waitpid(nix::unistd::Pid::from_raw(self.child), None)?; - Ok(()) - } -} diff --git a/src/socks.rs b/src/socks.rs index 666eb11..90a6bcd 100644 --- a/src/socks.rs +++ b/src/socks.rs @@ -1,15 +1,14 @@ use crate::{ + directions::{IncomingDataEvent, IncomingDirection, OutgoingDataEvent, OutgoingDirection}, error::{Error, Result}, - tun2proxy::{ - ConnectionInfo, ConnectionManager, Direction, IncomingDataEvent, IncomingDirection, OutgoingDataEvent, OutgoingDirection, - ProxyHandler, - }, + proxy_handler::{ProxyHandler, ProxyHandlerManager}, + session_info::SessionInfo, }; use socks5_impl::protocol::{self, handshake, password_method, Address, AuthMethod, StreamOperation, UserKey, Version}; -use std::{collections::VecDeque, convert::TryFrom, net::SocketAddr}; +use std::{collections::VecDeque, net::SocketAddr, sync::Arc}; +use tokio::sync::Mutex; #[derive(Eq, PartialEq, Debug)] -#[allow(dead_code)] enum SocksState { ClientHello, ServerHello, @@ -21,7 +20,8 @@ enum SocksState { } struct SocksProxyImpl { - info: ConnectionInfo, + info: SessionInfo, + domain_name: Option, state: SocksState, client_inbuf: VecDeque, server_inbuf: VecDeque, @@ -34,10 +34,17 @@ struct SocksProxyImpl { } impl SocksProxyImpl { - fn new(info: &ConnectionInfo, credentials: Option, version: Version, command: protocol::Command) -> Result { + fn new( + info: SessionInfo, + domain_name: Option, + credentials: Option, + version: Version, + command: protocol::Command, + ) -> Result { let mut result = Self { - info: info.clone(), - state: SocksState::ServerHello, + info, + domain_name, + state: SocksState::ClientHello, client_inbuf: VecDeque::default(), server_inbuf: VecDeque::default(), client_outbuf: VecDeque::default(), @@ -58,16 +65,17 @@ impl SocksProxyImpl { let mut ip_vec = Vec::::new(); let mut name_vec = Vec::::new(); match &self.info.dst { - Address::SocketAddress(SocketAddr::V4(addr)) => { - ip_vec.extend(addr.ip().octets().as_ref()); + SocketAddr::V4(addr) => { + if let Some(host) = &self.domain_name { + ip_vec.extend(&[0, 0, 0, host.len() as u8]); + name_vec.extend(host.as_bytes()); + name_vec.push(0); + } else { + ip_vec.extend(addr.ip().octets().as_ref()); + } } - Address::SocketAddress(SocketAddr::V6(_)) => { - return Err("SOCKS4 does not support IPv6".into()); - } - Address::DomainAddress(host, _) => { - ip_vec.extend(&[0, 0, 0, host.len() as u8]); - name_vec.extend(host.as_bytes()); - name_vec.push(0); + SocketAddr::V6(addr) => { + return Err(format!("SOCKS4 does not support IPv6: {}", addr).into()); } } self.server_outbuf.extend(ip_vec); @@ -85,14 +93,7 @@ impl SocksProxyImpl { fn send_client_hello_socks5(&mut self) -> Result<(), Error> { let credentials = &self.credentials; - // Providing unassigned methods is supposed to bypass China's GFW. - // For details, refer to https://github.com/blechschmidt/tun2proxy/issues/35. - #[rustfmt::skip] - let mut methods = vec![ - AuthMethod::NoAuth, - AuthMethod::from(4_u8), - AuthMethod::from(100_u8), - ]; + let mut methods = vec![AuthMethod::NoAuth, AuthMethod::from(4_u8), AuthMethod::from(100_u8)]; if credentials.is_some() { methods.push(AuthMethod::UserPass); } @@ -113,29 +114,29 @@ impl SocksProxyImpl { Ok(()) } - fn receive_server_hello_socks4(&mut self) -> Result<(), Error> { + fn receive_server_hello_socks4(&mut self) -> std::io::Result<()> { if self.server_inbuf.len() < 8 { return Ok(()); } if self.server_inbuf[1] != 0x5a { - return Err("SOCKS4 server replied with an unexpected reply code.".into()); + return Err(crate::Error::from("SOCKS4 server replied with an unexpected reply code.").into()); } self.server_inbuf.drain(0..8); self.state = SocksState::Established; - self.state_change() + Ok(()) } - fn receive_server_hello_socks5(&mut self) -> Result<(), Error> { + fn receive_server_hello_socks5(&mut self) -> std::io::Result<()> { let response = handshake::Response::retrieve_from_stream(&mut self.server_inbuf.clone()); - if let Err(e) = &response { + if let Err(e) = response { if e.kind() == std::io::ErrorKind::UnexpectedEof { log::trace!("receive_server_hello_socks5 needs more data \"{}\"...", e); return Ok(()); } else { - return Err(e.to_string().into()); + return Err(e); } } let respones = response?; @@ -145,7 +146,7 @@ impl SocksProxyImpl { if auth_method != AuthMethod::NoAuth && self.credentials.is_none() || (auth_method != AuthMethod::NoAuth && auth_method != AuthMethod::UserPass) && self.credentials.is_some() { - return Err("SOCKS5 server requires an unsupported authentication method.".into()); + return Err(crate::Error::from("SOCKS5 server requires an unsupported authentication method.").into()); } self.state = if auth_method == AuthMethod::UserPass { @@ -156,75 +157,77 @@ impl SocksProxyImpl { self.state_change() } - fn receive_server_hello(&mut self) -> Result<(), Error> { + fn receive_server_hello(&mut self) -> std::io::Result<()> { match self.version { Version::V4 => self.receive_server_hello_socks4(), Version::V5 => self.receive_server_hello_socks5(), } } - fn send_auth_data(&mut self) -> Result<(), Error> { + fn send_auth_data(&mut self) -> std::io::Result<()> { let tmp = UserKey::default(); let credentials = self.credentials.as_ref().unwrap_or(&tmp); let request = password_method::Request::new(&credentials.username, &credentials.password); request.write_to_stream(&mut self.server_outbuf)?; self.state = SocksState::ReceiveAuthResponse; - self.state_change() + Ok(()) } - fn receive_auth_data(&mut self) -> Result<(), Error> { + fn receive_auth_data(&mut self) -> std::io::Result<()> { use password_method::Response; let response = Response::retrieve_from_stream(&mut self.server_inbuf.clone()); - if let Err(e) = &response { + if let Err(e) = response { if e.kind() == std::io::ErrorKind::UnexpectedEof { log::trace!("receive_auth_data needs more data \"{}\"...", e); return Ok(()); } else { - return Err(e.to_string().into()); + return Err(e); } } let response = response?; self.server_inbuf.drain(0..response.len()); if response.status != password_method::Status::Succeeded { - return Err(format!("SOCKS authentication failed: {:?}", response.status).into()); + return Err(crate::Error::from(format!("SOCKS authentication failed: {:?}", response.status)).into()); } self.state = SocksState::SendRequest; self.state_change() } - fn send_request_socks5(&mut self) -> Result<(), Error> { + fn send_request_socks5(&mut self) -> std::io::Result<()> { let addr = if self.command == protocol::Command::UdpAssociate { Address::unspecified() + } else if let Some(domain_name) = &self.domain_name { + Address::DomainAddress(domain_name.clone(), self.info.dst.port()) } else { - self.info.dst.clone() + self.info.dst.into() }; protocol::Request::new(self.command, addr).write_to_stream(&mut self.server_outbuf)?; self.state = SocksState::ReceiveResponse; - self.state_change() + Ok(()) } - fn receive_connection_status(&mut self) -> Result<(), Error> { + fn receive_connection_status(&mut self) -> std::io::Result<()> { let response = protocol::Response::retrieve_from_stream(&mut self.server_inbuf.clone()); - if let Err(e) = &response { + if let Err(e) = response { if e.kind() == std::io::ErrorKind::UnexpectedEof { log::trace!("receive_connection_status needs more data \"{}\"...", e); return Ok(()); } else { - return Err(e.to_string().into()); + return Err(e); } } let response = response?; self.server_inbuf.drain(0..response.len()); if response.reply != protocol::Reply::Succeeded { - return Err(format!("SOCKS connection failed: {}", response.reply).into()); + return Err(crate::Error::from(format!("SOCKS connection failed: {}", response.reply)).into()); } if self.command == protocol::Command::UdpAssociate { self.udp_associate = Some(SocketAddr::try_from(&response.address)?); - log::trace!("UDP associate recieved address {}", response.address); + // log::trace!("UDP associate recieved address {}", response.address); } self.state = SocksState::Established; - self.state_change() + Ok(()) } fn relay_traffic(&mut self) -> Result<(), Error> { @@ -235,31 +238,37 @@ impl SocksProxyImpl { Ok(()) } - fn state_change(&mut self) -> Result<(), Error> { + fn state_change(&mut self) -> std::io::Result<()> { match self.state { - SocksState::ServerHello => self.receive_server_hello(), + SocksState::ServerHello => self.receive_server_hello()?, - SocksState::SendAuthData => self.send_auth_data(), + SocksState::SendAuthData => self.send_auth_data()?, - SocksState::ReceiveAuthResponse => self.receive_auth_data(), + SocksState::ReceiveAuthResponse => self.receive_auth_data()?, - SocksState::SendRequest => self.send_request_socks5(), + SocksState::SendRequest => self.send_request_socks5()?, - SocksState::ReceiveResponse => self.receive_connection_status(), + SocksState::ReceiveResponse => self.receive_connection_status()?, - SocksState::Established => self.relay_traffic(), + SocksState::Established => self.relay_traffic()?, - _ => Ok(()), + _ => {} } + Ok(()) } } +#[async_trait::async_trait] impl ProxyHandler for SocksProxyImpl { - fn get_connection_info(&self) -> &ConnectionInfo { - &self.info + fn get_session_info(&self) -> SessionInfo { + self.info } - fn push_data(&mut self, event: IncomingDataEvent<'_>) -> Result<(), Error> { + fn get_domain_name(&self) -> Option { + self.domain_name.clone() + } + + async fn push_data(&mut self, event: IncomingDataEvent<'_>) -> std::io::Result<()> { let IncomingDataEvent { direction, buffer } = event; match direction { IncomingDirection::FromServer => { @@ -296,16 +305,10 @@ impl ProxyHandler for SocksProxyImpl { self.state == SocksState::Established } - fn data_len(&self, dir: Direction) -> usize { + fn data_len(&self, dir: OutgoingDirection) -> usize { match dir { - Direction::Incoming(incoming) => match incoming { - IncomingDirection::FromServer => self.server_inbuf.len(), - IncomingDirection::FromClient => self.client_inbuf.len(), - }, - Direction::Outgoing(outgoing) => match outgoing { - OutgoingDirection::ToServer => self.server_outbuf.len(), - OutgoingDirection::ToClient => self.client_outbuf.len(), - }, + OutgoingDirection::ToServer => self.server_outbuf.len(), + OutgoingDirection::ToClient => self.client_outbuf.len(), } } @@ -324,12 +327,24 @@ pub(crate) struct SocksProxyManager { version: Version, } -impl ConnectionManager for SocksProxyManager { - fn new_proxy_handler(&self, info: &ConnectionInfo, udp_associate: bool) -> Result> { +#[async_trait::async_trait] +impl ProxyHandlerManager for SocksProxyManager { + async fn new_proxy_handler( + &self, + info: SessionInfo, + domain_name: Option, + udp_associate: bool, + ) -> std::io::Result>> { use socks5_impl::protocol::Command::{Connect, UdpAssociate}; let command = if udp_associate { UdpAssociate } else { Connect }; let credentials = self.credentials.clone(); - Ok(Box::new(SocksProxyImpl::new(info, credentials, self.version, command)?)) + Ok(Arc::new(Mutex::new(SocksProxyImpl::new( + info, + domain_name, + credentials, + self.version, + command, + )?))) } fn get_server_addr(&self) -> SocketAddr { diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs deleted file mode 100644 index fbad1bf..0000000 --- a/src/tun2proxy.rs +++ /dev/null @@ -1,1338 +0,0 @@ -#![allow(dead_code)] - -#[cfg(target_os = "windows")] -use crate::wintuninterface::{self, NamedPipeSource, WinTunInterface}; -use crate::{dns, error::Error, error::Result, virtdevice::VirtualTunDevice, NetworkInterface, Options}; -#[cfg(target_family = "unix")] -use mio::unix::SourceFd; -use mio::{event::Event, net::TcpStream, net::UdpSocket, Events, Interest, Poll, Token}; -#[cfg(any(target_os = "macos", target_os = "ios"))] -use smoltcp::phy::RawSocket; -#[cfg(any(target_os = "linux", target_os = "android"))] -use smoltcp::phy::TunTapInterface; -use smoltcp::{ - iface::{Config, Interface, SocketHandle, SocketSet}, - phy::{Device, Medium, RxToken, TxToken}, - socket::{tcp, tcp::State, udp, udp::UdpMetadata}, - time::Instant, - wire::{IpCidr, IpProtocol, Ipv4Packet, Ipv6Packet, TcpPacket, UdpPacket, UDP_HEADER_LEN}, -}; -use socks5_impl::protocol::{Address, StreamOperation, UdpHeader}; -use std::collections::LinkedList; -#[cfg(target_family = "unix")] -use std::os::unix::io::AsRawFd; -use std::{ - collections::{HashMap, HashSet}, - convert::{From, TryFrom}, - io::{Read, Write}, - net::{IpAddr, Ipv4Addr, Ipv6Addr, Shutdown, SocketAddr}, - rc::Rc, - str::FromStr, -}; - -#[derive(Hash, Clone, Eq, PartialEq, PartialOrd, Ord, Debug)] -pub(crate) struct ConnectionInfo { - pub(crate) src: SocketAddr, - pub(crate) dst: Address, - pub(crate) protocol: IpProtocol, -} - -impl Default for ConnectionInfo { - fn default() -> Self { - Self { - src: SocketAddr::new(Ipv4Addr::UNSPECIFIED.into(), 0), - dst: Address::unspecified(), - protocol: IpProtocol::Tcp, - } - } -} - -impl ConnectionInfo { - pub fn new(src: SocketAddr, dst: Address, protocol: IpProtocol) -> Self { - Self { src, dst, protocol } - } - - fn to_named(&self, name: String) -> Self { - let mut result = self.clone(); - result.dst = Address::from((name, result.dst.port())); - log::trace!("{} replace dst \"{}\" -> \"{}\"", self.protocol, self.dst, result.dst); - result - } -} - -impl std::fmt::Display for ConnectionInfo { - fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result { - write!(f, "{} {} -> {}", self.protocol, self.src, self.dst) - } -} - -#[derive(Clone, Copy, Eq, PartialEq, Debug)] -pub(crate) enum IncomingDirection { - FromServer, - FromClient, -} - -#[derive(Clone, Copy, Eq, PartialEq, Debug)] -pub(crate) enum OutgoingDirection { - ToServer, - ToClient, -} - -#[derive(Clone, Copy, Eq, PartialEq, Debug)] -pub(crate) enum Direction { - Incoming(IncomingDirection), - Outgoing(OutgoingDirection), -} - -#[derive(Clone, Eq, PartialEq, Debug)] -pub(crate) struct DataEvent<'a, T> { - pub(crate) direction: T, - pub(crate) buffer: &'a [u8], -} - -pub(crate) type IncomingDataEvent<'a> = DataEvent<'a, IncomingDirection>; -pub(crate) type OutgoingDataEvent<'a> = DataEvent<'a, OutgoingDirection>; - -fn get_transport_info( - protocol: IpProtocol, - transport_offset: usize, - packet: &[u8], - is_closed: &mut bool, -) -> Result<((u16, u16), bool, usize, usize)> { - match protocol { - IpProtocol::Udp => UdpPacket::new_checked(packet) - .map(|result| { - ( - (result.src_port(), result.dst_port()), - false, - transport_offset + UDP_HEADER_LEN, - packet.len() - UDP_HEADER_LEN, - ) - }) - .map_err(|e| e.into()), - IpProtocol::Tcp => TcpPacket::new_checked(packet) - .map(|result| { - *is_closed = result.fin() || result.rst(); - let header_len = result.header_len() as usize; - ( - (result.src_port(), result.dst_port()), - result.syn() && !result.ack(), - transport_offset + header_len, - packet.len() - header_len, - ) - }) - .map_err(|e| e.into()), - _ => Err(format!("Unsupported protocol {protocol} in IP packet").into()), - } -} - -fn connection_tuple(frame: &[u8], is_closed: &mut bool) -> Result<(ConnectionInfo, bool, usize, usize)> { - if let Ok(packet) = Ipv4Packet::new_checked(frame) { - let protocol = packet.next_header(); - - let mut a = [0_u8; 4]; - a.copy_from_slice(packet.src_addr().as_bytes()); - let src_addr = IpAddr::from(a); - a.copy_from_slice(packet.dst_addr().as_bytes()); - let dst_addr = IpAddr::from(a); - let header_len = packet.header_len().into(); - - let (ports, first_packet, payload_offset, payload_size) = - get_transport_info(protocol, header_len, &frame[header_len..], is_closed)?; - let info = ConnectionInfo::new( - SocketAddr::new(src_addr, ports.0), - SocketAddr::new(dst_addr, ports.1).into(), - protocol, - ); - return Ok((info, first_packet, payload_offset, payload_size)); - } - - if let Ok(packet) = Ipv6Packet::new_checked(frame) { - // TODO: Support extension headers. - let protocol = packet.next_header(); - - let mut a = [0_u8; 16]; - a.copy_from_slice(packet.src_addr().as_bytes()); - let src_addr = IpAddr::from(a); - a.copy_from_slice(packet.dst_addr().as_bytes()); - let dst_addr = IpAddr::from(a); - let header_len = packet.header_len(); - - let (ports, first_packet, payload_offset, payload_size) = - get_transport_info(protocol, header_len, &frame[header_len..], is_closed)?; - let info = ConnectionInfo::new( - SocketAddr::new(src_addr, ports.0), - SocketAddr::new(dst_addr, ports.1).into(), - protocol, - ); - return Ok((info, first_packet, payload_offset, payload_size)); - } - Err("Neither IPv6 nor IPv4 packet".into()) -} - -const SERVER_WRITE_CLOSED: u8 = 1; -const CLIENT_WRITE_CLOSED: u8 = 2; - -const UDP_ASSO_TIMEOUT: u64 = 10; // seconds -const DNS_PORT: u16 = 53; -const IP_PACKAGE_MAX_SIZE: usize = 0xFFFF; - -struct ConnectionState { - smoltcp_handle: SocketHandle, - mio_stream: TcpStream, - token: Token, - proxy_handler: Box, - close_state: u8, - wait_read: bool, - wait_write: bool, - origin_dst: SocketAddr, - udp_acco_expiry: Option<::std::time::Instant>, - udp_socket: Option, - udp_token: Option, - udp_data_cache: LinkedList>, - dns_over_tcp_expiry: Option<::std::time::Instant>, - is_tcp_closed: bool, - continue_read: bool, -} - -pub(crate) trait ProxyHandler { - fn get_connection_info(&self) -> &ConnectionInfo; - fn push_data(&mut self, event: IncomingDataEvent<'_>) -> Result<(), Error>; - fn consume_data(&mut self, dir: OutgoingDirection, size: usize); - fn peek_data(&mut self, dir: OutgoingDirection) -> OutgoingDataEvent; - fn connection_established(&self) -> bool; - fn data_len(&self, dir: Direction) -> usize; - fn reset_connection(&self) -> bool; - fn get_udp_associate(&self) -> Option; -} - -pub(crate) trait ConnectionManager { - fn new_proxy_handler(&self, info: &ConnectionInfo, udp_associate: bool) -> Result>; - fn get_server_addr(&self) -> SocketAddr; -} - -const TUN_TOKEN: Token = Token(0); -const PIPE_TOKEN: Token = Token(1); -const EXIT_TRIGGER_TOKEN: Token = Token(2); -const EXIT_TOKEN: Token = Token(10); - -pub struct TunToProxy<'a> { - #[cfg(any(target_os = "linux", target_os = "android"))] - tun: TunTapInterface, - #[cfg(any(target_os = "macos", target_os = "ios"))] - tun: RawSocket, - #[cfg(target_os = "windows")] - tun: WinTunInterface, - poll: Poll, - iface: Interface, - connection_map: HashMap, - connection_manager: Option>, - next_token_seed: usize, - sockets: SocketSet<'a>, - device: VirtualTunDevice, - options: Options, - write_sockets: HashSet, - #[cfg(target_family = "unix")] - exit_receiver: mio::unix::pipe::Receiver, - #[cfg(target_family = "unix")] - exit_trigger: Option, - #[cfg(target_os = "windows")] - exit_receiver: mio::windows::NamedPipe, - #[cfg(target_os = "windows")] - exit_trigger: Option, -} - -impl<'a> TunToProxy<'a> { - pub fn new(_interface: &NetworkInterface, options: Options) -> Result { - #[cfg(any(target_os = "linux", target_os = "android"))] - let tun = match _interface { - NetworkInterface::Named(name) => TunTapInterface::new(name.as_str(), Medium::Ip)?, - NetworkInterface::Fd(fd) => TunTapInterface::from_fd(*fd, Medium::Ip, options.mtu.unwrap_or(1500))?, - }; - - #[cfg(any(target_os = "macos", target_os = "ios"))] - let tun = match _interface { - NetworkInterface::Named(name) => RawSocket::new(name.as_str(), Medium::Ip)?, - NetworkInterface::Fd(_fd) => panic!("Not supported"), - }; - - #[cfg(target_os = "windows")] - let mut tun = match _interface { - NetworkInterface::Named(name) => WinTunInterface::new(name.as_str(), Medium::Ip)?, - }; - - #[cfg(target_os = "windows")] - if options.setup { - tun.setup_config(&options.bypass, options.dns_addr)?; - } - - let poll = Poll::new()?; - - let interests = Interest::READABLE | Interest::WRITABLE; - - #[cfg(target_family = "unix")] - poll.registry().register(&mut SourceFd(&tun.as_raw_fd()), TUN_TOKEN, interests)?; - - #[cfg(target_os = "windows")] - { - poll.registry().register(&mut tun, TUN_TOKEN, interests)?; - let mut pipe = NamedPipeSource(tun.pipe_client()); - poll.registry().register(&mut pipe, PIPE_TOKEN, interests)?; - } - - #[cfg(target_family = "unix")] - let (mut exit_trigger, mut exit_receiver) = mio::unix::pipe::new()?; - #[cfg(target_family = "windows")] - let (mut exit_trigger, mut exit_receiver) = wintuninterface::pipe()?; - - poll.registry() - .register(&mut exit_trigger, EXIT_TRIGGER_TOKEN, Interest::WRITABLE)?; - poll.registry().register(&mut exit_receiver, EXIT_TOKEN, Interest::READABLE)?; - - let config = match tun.capabilities().medium { - Medium::Ethernet => Config::new(smoltcp::wire::EthernetAddress([0x02, 0, 0, 0, 0, 0x01]).into()), - Medium::Ip => Config::new(smoltcp::wire::HardwareAddress::Ip), - Medium::Ieee802154 => todo!(), - }; - - let mut device = VirtualTunDevice::new(tun.capabilities()); - - let gateway4: Ipv4Addr = Ipv4Addr::from_str("0.0.0.1")?; - let gateway6: Ipv6Addr = Ipv6Addr::from_str("::1")?; - let mut iface = Interface::new(config, &mut device, Instant::now()); - iface.update_ip_addrs(|ip_addrs| { - ip_addrs.push(IpCidr::new(gateway4.into(), 0)).unwrap(); - ip_addrs.push(IpCidr::new(gateway6.into(), 0)).unwrap() - }); - iface.routes_mut().add_default_ipv4_route(gateway4.into())?; - iface.routes_mut().add_default_ipv6_route(gateway6.into())?; - iface.set_any_ip(true); - - let tun = Self { - tun, - poll, - iface, - connection_map: HashMap::default(), - next_token_seed: usize::from(EXIT_TOKEN), - connection_manager: None, - sockets: SocketSet::new([]), - device, - options, - write_sockets: HashSet::default(), - exit_receiver, - exit_trigger: Some(exit_trigger), - }; - Ok(tun) - } - - fn new_token(&mut self) -> Token { - self.next_token_seed += 1; - Token(self.next_token_seed) - } - - pub(crate) fn set_connection_manager(&mut self, manager: Option>) { - self.connection_manager = manager; - } - - /// Read data from virtual device (remote server) and inject it into tun interface. - fn expect_smoltcp_send(&mut self) -> Result<(), Error> { - self.iface.poll(Instant::now(), &mut self.device, &mut self.sockets); - - while let Some(vec) = self.device.exfiltrate_packet() { - let _slice = vec.as_slice(); - - // TODO: Actual write. Replace. - self.tun - .transmit(Instant::now()) - .ok_or("tx token not available")? - .consume(_slice.len(), |buf| { - buf[..].clone_from_slice(_slice); - }); - } - Ok(()) - } - - fn find_info_by_token(&self, token: Token) -> Option<&ConnectionInfo> { - self.connection_map - .iter() - .find_map(|(info, state)| if state.token == token { Some(info) } else { None }) - } - - fn find_info_by_udp_token(&self, token: Token) -> Option<&ConnectionInfo> { - self.connection_map.iter().find_map(|(info, state)| { - if let Some(udp_token) = state.udp_token { - if udp_token == token { - return Some(info); - } - } - None - }) - } - - /// Destroy connection state machine - fn remove_connection(&mut self, info: &ConnectionInfo) -> Result<(), Error> { - if let Some(mut state) = self.connection_map.remove(info) { - self.expect_smoltcp_send()?; - - { - let handle = state.smoltcp_handle; - let socket = self.sockets.get_mut::(handle); - socket.close(); - self.sockets.remove(handle); - } - - if let Err(e) = self.poll.registry().deregister(&mut state.mio_stream) { - // FIXME: The function `deregister` will frequently fail for unknown reasons. - log::trace!("{}", e); - } - - if let Some(mut udp_socket) = state.udp_socket { - if let Err(e) = self.poll.registry().deregister(&mut udp_socket) { - log::trace!("{}", e); - } - } - - if let Err(err) = state.mio_stream.shutdown(Shutdown::Both) { - log::trace!("Shutdown 0 {} error \"{}\"", info, err); - } - - log::info!("Close {}", info); - } - Ok(()) - } - - fn get_connection_manager(&self) -> Option> { - self.connection_manager.clone() - } - - /// Scan connection state machine and check if any connection should be closed. - fn check_change_close_state(&mut self, info: &ConnectionInfo) -> Result<(), Error> { - let state = match self.connection_map.get_mut(info) { - Some(state) => state, - None => return Ok(()), - }; - let mut closed_ends = 0; - let handler = state.proxy_handler.as_ref(); - if (state.close_state & SERVER_WRITE_CLOSED) == SERVER_WRITE_CLOSED - && handler.data_len(Direction::Incoming(IncomingDirection::FromServer)) == 0 - && handler.data_len(Direction::Outgoing(OutgoingDirection::ToClient)) == 0 - { - // Close tun interface - let socket = self.sockets.get_mut::(state.smoltcp_handle); - socket.close(); - - closed_ends += 1; - } - - if (state.close_state & CLIENT_WRITE_CLOSED) == CLIENT_WRITE_CLOSED - && handler.data_len(Direction::Incoming(IncomingDirection::FromClient)) == 0 - && handler.data_len(Direction::Outgoing(OutgoingDirection::ToServer)) == 0 - { - // Close remote server - if let Err(err) = state.mio_stream.shutdown(Shutdown::Write) { - log::trace!("Shutdown 1 {} error \"{}\"", info, err); - } - closed_ends += 1; - } - - if closed_ends == 2 { - // Close connection state machine - self.remove_connection(info)?; - } - Ok(()) - } - - fn tunsocket_read_and_forward(&mut self, info: &ConnectionInfo) -> Result<(), Error> { - // 1. Read data from tun and write to proxy handler (remote server). - // Scope for mutable borrow of self. - { - let state = match self.connection_map.get_mut(info) { - Some(state) => state, - None => return Ok(()), - }; - let socket = self.sockets.get_mut::(state.smoltcp_handle); - let mut error = Ok(()); - while socket.can_recv() && error.is_ok() { - let dir = Direction::Outgoing(OutgoingDirection::ToServer); - if state.proxy_handler.data_len(dir) >= IP_PACKAGE_MAX_SIZE { - break; - } - - socket.recv(|data| { - let event = IncomingDataEvent { - direction: IncomingDirection::FromClient, - buffer: data, - }; - error = state.proxy_handler.push_data(event); - (data.len(), ()) - })?; - } - - if !socket.may_recv() - && socket.state() != State::Listen - && socket.state() != State::SynSent - && socket.state() != State::SynReceived - { - // We cannot yet close the write end of the mio stream here because we may still - // need to send data. - state.close_state |= CLIENT_WRITE_CLOSED; - } - } - // 2. Write data from proxy handler (remote server) to tun. - // Expect ACKs etc. from smoltcp sockets. - self.expect_smoltcp_send()?; - - self.check_change_close_state(info)?; - - Ok(()) - } - - fn update_mio_socket_interest(poll: &mut Poll, state: &mut ConnectionState) -> Result<()> { - // Maybe we did not listen for any events before. Therefore, just swallow the error. - if let Err(err) = poll.registry().deregister(&mut state.mio_stream) { - log::trace!("{}", err); - } - - // If we do not wait for read or write events, we do not need to register them. - if !state.wait_read && !state.wait_write { - return Ok(()); - } - - // This ugliness is due to the way Interest is implemented (as a NonZeroU8 wrapper). - let interest = match (state.wait_read, state.wait_write) { - (true, false) => Interest::READABLE, - (false, true) => Interest::WRITABLE, - _ => Interest::READABLE | Interest::WRITABLE, - }; - - poll.registry().register(&mut state.mio_stream, state.token, interest)?; - Ok(()) - } - - fn preprocess_origin_connection_info(&mut self, info: ConnectionInfo) -> Result { - let origin_dst = SocketAddr::try_from(&info.dst)?; - let connection_info = match &mut self.options.virtual_dns { - None => { - let mut info = info; - let port = origin_dst.port(); - if port == DNS_PORT && info.protocol == IpProtocol::Udp && dns::addr_is_private(&origin_dst) { - let dns_addr: SocketAddr = (self.options.dns_addr.ok_or("dns_addr")?, DNS_PORT).into(); - info.dst = Address::from(dns_addr); - } - info - } - Some(virtual_dns) => { - let dst_ip = origin_dst.ip(); - virtual_dns.touch_ip(&dst_ip); - match virtual_dns.resolve_ip(&dst_ip) { - None => info, - Some(name) => info.to_named(name.clone()), - } - } - }; - Ok(connection_info) - } - - fn process_incoming_dns_over_tcp_packets( - &mut self, - manager: &Rc, - info: &ConnectionInfo, - origin_dst: SocketAddr, - payload: &[u8], - ) -> Result<()> { - _ = dns::parse_data_to_dns_message(payload, false)?; - - if !self.connection_map.contains_key(info) { - log::info!("DNS over TCP {} ({})", info, origin_dst); - - let proxy_handler = manager.new_proxy_handler(info, false)?; - let server_addr = manager.get_server_addr(); - let state = self.create_new_tcp_connection_state(server_addr, origin_dst, proxy_handler, false)?; - self.connection_map.insert(info.clone(), state); - - // TODO: Move this 3 lines to the function end? - self.expect_smoltcp_send()?; - self.tunsocket_read_and_forward(info)?; - self.write_to_server(info)?; - } else { - log::trace!("DNS over TCP subsequent packet {} ({})", info, origin_dst); - } - - // Insert the DNS message length in front of the payload - let len = u16::try_from(payload.len())?; - let mut buf = Vec::with_capacity(2 + usize::from(len)); - buf.extend_from_slice(&len.to_be_bytes()); - buf.extend_from_slice(payload); - - let err = "udp over tcp state not find"; - let state = self.connection_map.get_mut(info).ok_or(err)?; - state.dns_over_tcp_expiry = Some(Self::common_udp_life_timeout()); - - let data_event = IncomingDataEvent { - direction: IncomingDirection::FromClient, - buffer: &buf, - }; - state.proxy_handler.push_data(data_event)?; - Ok(()) - } - - fn receive_dns_over_tcp_packet_and_write_to_client(&mut self, info: &ConnectionInfo) -> Result<()> { - let err = "udp connection state not found"; - let state = self.connection_map.get_mut(info).ok_or(err)?; - assert!(state.dns_over_tcp_expiry.is_some()); - state.dns_over_tcp_expiry = Some(Self::common_udp_life_timeout()); - - let mut vecbuf = vec![]; - Self::read_data_from_tcp_stream(&mut state.mio_stream, IP_PACKAGE_MAX_SIZE, &mut state.is_tcp_closed, |data| { - vecbuf.extend_from_slice(data); - Ok(()) - })?; - - let data_event = IncomingDataEvent { - direction: IncomingDirection::FromServer, - buffer: &vecbuf, - }; - if let Err(error) = state.proxy_handler.push_data(data_event) { - log::error!("{}", error); - self.remove_connection(&info.clone())?; - return Ok(()); - } - - let dns_event = state.proxy_handler.peek_data(OutgoingDirection::ToClient); - - let mut buf = dns_event.buffer.to_vec(); - let mut to_send: LinkedList> = LinkedList::new(); - loop { - if buf.len() < 2 { - break; - } - let len = u16::from_be_bytes([buf[0], buf[1]]) as usize; - if buf.len() < len + 2 { - break; - } - let data = buf[2..len + 2].to_vec(); - - let mut message = dns::parse_data_to_dns_message(&data, false)?; - - let name = dns::extract_domain_from_dns_message(&message)?; - let ip = dns::extract_ipaddr_from_dns_message(&message); - log::trace!("DNS over TCP query result: {} -> {:?}", name, ip); - - state.proxy_handler.consume_data(OutgoingDirection::ToClient, len + 2); - - if !self.options.ipv6_enabled { - dns::remove_ipv6_entries(&mut message); - } - - to_send.push_back(message.to_vec()?); - if len + 2 == buf.len() { - break; - } - buf = buf[len + 2..].to_vec(); - } - - // Write to client - let src = state.origin_dst; - while let Some(packet) = to_send.pop_front() { - self.send_udp_packet_to_client(src, info.src, &packet)?; - } - Ok(()) - } - - fn dns_over_tcp_timeout_expired(&self, info: &ConnectionInfo) -> bool { - if let Some(state) = self.connection_map.get(info) { - if let Some(expiry) = state.dns_over_tcp_expiry { - return expiry < ::std::time::Instant::now(); - } - } - false - } - - fn clearup_expired_dns_over_tcp(&mut self) -> Result<()> { - let keys = self.connection_map.keys().cloned().collect::>(); - for key in keys { - if self.dns_over_tcp_timeout_expired(&key) { - log::trace!("DNS over TCP timeout: {}", key); - self.remove_connection(&key)?; - } - } - Ok(()) - } - - fn process_incoming_udp_packets( - &mut self, - manager: &Rc, - info: &ConnectionInfo, - origin_dst: SocketAddr, - payload: &[u8], - ) -> Result<()> { - if !self.connection_map.contains_key(info) { - log::info!("UDP associate session {} ({})", info, origin_dst); - let proxy_handler = manager.new_proxy_handler(info, true)?; - let server_addr = manager.get_server_addr(); - let state = self.create_new_tcp_connection_state(server_addr, origin_dst, proxy_handler, true)?; - self.connection_map.insert(info.clone(), state); - - self.expect_smoltcp_send()?; - self.tunsocket_read_and_forward(info)?; - self.write_to_server(info)?; - } else { - log::trace!("Subsequent udp packet {} ({})", info, origin_dst); - } - - let err = "udp associate state not find"; - let state = self.connection_map.get_mut(info).ok_or(err)?; - assert!(state.udp_acco_expiry.is_some()); - state.udp_acco_expiry = Some(Self::common_udp_life_timeout()); - - // Add SOCKS5 UDP header to the incoming data - let mut s5_udp_data = Vec::::new(); - UdpHeader::new(0, info.dst.clone()).write_to_stream(&mut s5_udp_data)?; - s5_udp_data.extend_from_slice(payload); - - if let Some(udp_associate) = state.proxy_handler.get_udp_associate() { - // UDP associate session has been established, we can send packets directly... - if let Some(socket) = state.udp_socket.as_ref() { - socket.send_to(&s5_udp_data, udp_associate)?; - } - } else { - // UDP associate tunnel not ready yet, we must cache the packets... - log::trace!("Cache udp packet {} ({})", info, origin_dst); - state.udp_data_cache.push_back(s5_udp_data); - } - Ok(()) - } - - fn process_incoming_tcp_packets( - &mut self, - first_packet: bool, - manager: &Rc, - info: &ConnectionInfo, - origin_dst: SocketAddr, - frame: &[u8], - is_closed: bool, - ) -> Result<()> { - if first_packet { - let proxy_handler = manager.new_proxy_handler(info, false)?; - let server = manager.get_server_addr(); - let state = self.create_new_tcp_connection_state(server, origin_dst, proxy_handler, false)?; - self.connection_map.insert(info.clone(), state); - - log::info!("{} ({})", info, origin_dst); - } else if !self.connection_map.contains_key(info) { - log::trace!("Drop middle session {} ({})", info, origin_dst); - return Ok(()); - } else { - log::trace!("Subsequent packet {} ({})", info, origin_dst); - } - - if let Some(state) = self.connection_map.get_mut(info) { - state.is_tcp_closed = is_closed; - } - - // Inject the packet to advance the remote proxy server smoltcp socket state - self.device.inject_packet(frame); - - // Having advanced the socket state, we expect the socket to ACK - // Exfiltrate the response packets generated by the socket and inject them - // into the tunnel interface. - self.expect_smoltcp_send()?; - - // Read from the smoltcp socket and push the data to the connection handler. - self.tunsocket_read_and_forward(info)?; - - // The connection handler builds up the connection or encapsulates the data. - // Therefore, we now expect it to write data to the server. - self.write_to_server(info)?; - Ok(()) - } - - // A raw packet was received on the tunnel interface. - fn receive_tun(&mut self, frame: &mut [u8]) -> Result<(), Error> { - let mut handler = || -> Result<(), Error> { - let mut is_closed = false; - let result = connection_tuple(frame, &mut is_closed); - if let Err(error) = result { - log::debug!("{}, ignored", error); - return Ok(()); - } - let (info, first_packet, payload_offset, payload_size) = result?; - let origin_dst = SocketAddr::try_from(&info.dst)?; - let info = self.preprocess_origin_connection_info(info)?; - - let manager = self.get_connection_manager().ok_or("get connection manager")?; - - if info.protocol == IpProtocol::Tcp { - self.process_incoming_tcp_packets(first_packet, &manager, &info, origin_dst, frame, is_closed)?; - } else if info.protocol == IpProtocol::Udp { - let port = info.dst.port(); - let payload = &frame[payload_offset..payload_offset + payload_size]; - if self.options.virtual_dns.is_some() && port == DNS_PORT { - log::info!("DNS query via virtual DNS {} ({})", info, origin_dst); - let virtual_dns = self.options.virtual_dns.as_mut().ok_or("")?; - let response = virtual_dns.receive_query(payload)?; - self.send_udp_packet_to_client(origin_dst, info.src, response.as_slice())?; - } else if self.options.dns_over_tcp && port == DNS_PORT { - self.process_incoming_dns_over_tcp_packets(&manager, &info, origin_dst, payload)?; - } else { - self.process_incoming_udp_packets(&manager, &info, origin_dst, payload)?; - } - } else { - log::warn!("Unsupported protocol: {} ({})", info, origin_dst); - } - Ok::<(), Error>(()) - }; - if let Err(error) = handler() { - log::error!("{}", error); - } - Ok(()) - } - - fn create_new_tcp_connection_state( - &mut self, - server_addr: SocketAddr, - dst: SocketAddr, - proxy_handler: Box, - udp_associate: bool, - ) -> Result { - #[cfg(any(target_os = "linux", target_os = "android"))] - let mut socket = tcp::Socket::new( - tcp::SocketBuffer::new(vec![0; 1024 * 128]), - tcp::SocketBuffer::new(vec![0; 1024 * 128]), - ); - #[cfg(any(target_os = "ios", target_os = "macos", target_os = "windows"))] - let mut socket = tcp::Socket::new( - // TODO: Look into how the buffer size affects IP header length and fragmentation - tcp::SocketBuffer::new(vec![0; 1024 * 2]), - tcp::SocketBuffer::new(vec![0; 1024 * 2]), - ); - socket.set_ack_delay(None); - socket.listen(dst)?; - let handle = self.sockets.add(socket); - - let mut client = TcpStream::connect(server_addr)?; - let token = self.new_token(); - let i = Interest::READABLE | Interest::WRITABLE; - self.poll.registry().register(&mut client, token, i)?; - - let expiry = if udp_associate { - Some(Self::common_udp_life_timeout()) - } else { - None - }; - - let (udp_socket, udp_token) = if udp_associate { - let addr = (Ipv4Addr::UNSPECIFIED, 0).into(); - let mut socket = UdpSocket::bind(addr)?; - let token = self.new_token(); - self.poll.registry().register(&mut socket, token, Interest::READABLE)?; - (Some(socket), Some(token)) - } else { - (None, None) - }; - let state = ConnectionState { - smoltcp_handle: handle, - mio_stream: client, - token, - proxy_handler, - close_state: 0, - wait_read: true, - wait_write: true, - udp_acco_expiry: expiry, - udp_socket, - udp_token, - origin_dst: dst, - udp_data_cache: LinkedList::new(), - dns_over_tcp_expiry: None, - is_tcp_closed: false, - continue_read: false, - }; - Ok(state) - } - - fn common_udp_life_timeout() -> ::std::time::Instant { - ::std::time::Instant::now() + ::std::time::Duration::from_secs(UDP_ASSO_TIMEOUT) - } - - fn udp_associate_timeout_expired(&self, info: &ConnectionInfo) -> bool { - if let Some(state) = self.connection_map.get(info) { - if let Some(expiry) = state.udp_acco_expiry { - return expiry < ::std::time::Instant::now(); - } - } - false - } - - fn tcp_is_closed(&self, info: &ConnectionInfo) -> bool { - if let Some(state) = self.connection_map.get(info) { - return state.is_tcp_closed; - } - false - } - - fn clearup_expired_connection(&mut self) -> Result<()> { - let keys = self.connection_map.keys().cloned().collect::>(); - for key in keys { - if self.udp_associate_timeout_expired(&key) { - log::trace!("UDP associate timeout: {}", key); - self.remove_connection(&key)?; - } - - if self.tcp_is_closed(&key) { - log::trace!("TCP closed: {}", key); - self.remove_connection(&key)?; - } - } - Ok(()) - } - - fn send_udp_packet_to_client(&mut self, src: SocketAddr, dst: SocketAddr, data: &[u8]) -> Result<()> { - let rx_buffer = udp::PacketBuffer::new(vec![udp::PacketMetadata::EMPTY], vec![0; 4096]); - let tx_buffer = udp::PacketBuffer::new(vec![udp::PacketMetadata::EMPTY], vec![0; 4096]); - let mut socket = udp::Socket::new(rx_buffer, tx_buffer); - socket.bind(src)?; - socket.send_slice(data, UdpMetadata::from(dst))?; - let handle = self.sockets.add(socket); - self.expect_smoltcp_send()?; - self.sockets.remove(handle); - Ok(()) - } - - fn write_to_server(&mut self, info: &ConnectionInfo) -> Result<(), Error> { - if let Some(state) = self.connection_map.get_mut(info) { - let event = state.proxy_handler.peek_data(OutgoingDirection::ToServer); - let buffer_size = event.buffer.len(); - if buffer_size == 0 { - state.wait_write = false; - Self::update_mio_socket_interest(&mut self.poll, state)?; - self.check_change_close_state(info)?; - return Ok(()); - } - let result = state.mio_stream.write(event.buffer); - match result { - Ok(written) => { - state.proxy_handler.consume_data(OutgoingDirection::ToServer, written); - state.wait_write = written < buffer_size; - Self::update_mio_socket_interest(&mut self.poll, state)?; - } - Err(error) if error.kind() == std::io::ErrorKind::WouldBlock => { - state.wait_write = true; - Self::update_mio_socket_interest(&mut self.poll, state)?; - } - Err(_) => { - return Ok(()); - } - } - } - self.check_change_close_state(info)?; - Ok(()) - } - - fn write_to_client(&mut self, info: &ConnectionInfo) -> Result<(), Error> { - while let Some(state) = self.connection_map.get_mut(info) { - let event = state.proxy_handler.peek_data(OutgoingDirection::ToClient); - let buflen = event.buffer.len(); - let consumed; - { - let socket = self.sockets.get_mut::(state.smoltcp_handle); - if socket.may_send() { - if let Some(virtual_dns) = &mut self.options.virtual_dns { - // Unwrapping is fine because every smoltcp socket is bound to an. - virtual_dns.touch_ip(&IpAddr::from(socket.local_endpoint().unwrap().addr)); - } - consumed = socket.send_slice(event.buffer)?; - state.proxy_handler.consume_data(OutgoingDirection::ToClient, consumed); - let token = state.token; - self.expect_smoltcp_send()?; - if consumed < buflen { - self.write_sockets.insert(token); - break; - } else { - self.write_sockets.remove(&token); - if consumed == 0 { - break; - } - } - } else { - break; - } - } - - self.check_change_close_state(info)?; - } - Ok(()) - } - - fn tun_event(&mut self, event: &Event) -> Result<(), Error> { - if event.is_readable() { - while let Some((rx_token, _)) = self.tun.receive(Instant::now()) { - rx_token.consume(|frame| self.receive_tun(frame))?; - } - } - - if event.is_writable() { - let items = self - .connection_map - .iter() - .filter(|(_, state)| state.continue_read) - .map(|(info, _)| info.clone()) - .collect::>(); - for conn_info in items { - let (success, len) = self.read_server_n_write_proxy_handler(&conn_info)?; - if !success { - return Ok(()); - } - let e = "connection state not found"; - let state = self.connection_map.get_mut(&conn_info).ok_or(e)?; - - if len == 0 || event.is_read_closed() { - state.wait_read = false; - state.close_state |= SERVER_WRITE_CLOSED; - Self::update_mio_socket_interest(&mut self.poll, state)?; - self.check_change_close_state(&conn_info)?; - self.expect_smoltcp_send()?; - } - self.write_to_client(&conn_info)?; - } - } - - #[cfg(target_os = "windows")] - if event.is_writable() { - // log::trace!("Tun writable"); - let tx_token = self.tun.transmit(Instant::now()).ok_or("tx token not available")?; - // Just consume the cached packets, do nothing else. - tx_token.consume(0, |_buf| {}); - } - Ok(()) - } - - fn pipe_event(&mut self, _event: &Event) -> Result<(), Error> { - #[cfg(target_os = "windows")] - self.tun.pipe_client_event(_event)?; - Ok(()) - } - - fn send_to_smoltcp(&mut self) -> Result<(), Error> { - for token in self.write_sockets.clone().into_iter() { - if let Some(connection) = self.find_info_by_token(token) { - let connection = connection.clone(); - if let Err(error) = self.write_to_client(&connection) { - log::error!("Write to client {}", error); - self.remove_connection(&connection)?; - } - } - } - Ok(()) - } - - fn receive_udp_packet_and_write_to_client(&mut self, info: &ConnectionInfo) -> Result<()> { - let err = "udp connection state not found"; - let state = self.connection_map.get_mut(info).ok_or(err)?; - assert!(state.udp_acco_expiry.is_some()); - state.udp_acco_expiry = Some(Self::common_udp_life_timeout()); - let mut to_send: LinkedList> = LinkedList::new(); - if let Some(udp_socket) = state.udp_socket.as_ref() { - let mut buf = [0; 1 << 16]; - // Receive UDP packet from remote SOCKS5 server - while let Ok((packet_size, _svr_addr)) = udp_socket.recv_from(&mut buf) { - let buf = buf[..packet_size].to_vec(); - let header = UdpHeader::retrieve_from_stream(&mut &buf[..])?; - - let buf = if info.dst.port() == DNS_PORT { - let mut message = dns::parse_data_to_dns_message(&buf[header.len()..], false)?; - if !self.options.ipv6_enabled { - dns::remove_ipv6_entries(&mut message); - } - message.to_vec()? - } else { - buf[header.len()..].to_vec() - }; - - // Escape the borrow checker madness - to_send.push_back(buf); - } - } - - // Write to client - let src = state.origin_dst; - while let Some(packet) = to_send.pop_front() { - self.send_udp_packet_to_client(src, info.src, &packet)?; - } - Ok(()) - } - - fn consume_cached_udp_packets(&mut self, info: &ConnectionInfo) -> Result<()> { - // Try to send the first UDP packets to remote SOCKS5 server for UDP associate session - if let Some(state) = self.connection_map.get_mut(info) { - if let Some(udp_socket) = state.udp_socket.as_ref() { - if let Some(addr) = state.proxy_handler.get_udp_associate() { - // Consume udp_data_cache data - while let Some(buf) = state.udp_data_cache.pop_front() { - udp_socket.send_to(&buf, addr)?; - } - } - } - } - Ok(()) - } - - fn read_server_n_write_proxy_handler(&mut self, conn_info: &ConnectionInfo) -> Result<(bool, usize), Error> { - let e = "connection state not found"; - let state = self.connection_map.get_mut(conn_info).ok_or(e)?; - state.continue_read = false; - - let mut vecbuf = vec![]; - use std::io::{Error, ErrorKind}; - let r = Self::read_data_from_tcp_stream(&mut state.mio_stream, IP_PACKAGE_MAX_SIZE, &mut state.is_tcp_closed, |data| { - vecbuf.extend_from_slice(data); - if vecbuf.len() >= IP_PACKAGE_MAX_SIZE { - return Err(Error::new(ErrorKind::OutOfMemory, "IP_PACKAGE_MAX_SIZE exceeded")); - } - Ok(()) - }); - let len = vecbuf.len(); - if let Err(error) = r { - if error.kind() == ErrorKind::OutOfMemory { - state.continue_read = true; - } else { - log::error!("{}", error); - self.remove_connection(conn_info)?; - return Ok((false, len)); - } - } - - let data_event = IncomingDataEvent { - direction: IncomingDirection::FromServer, - buffer: &vecbuf, - }; - if let Err(error) = state.proxy_handler.push_data(data_event) { - log::error!("{}", error); - self.remove_connection(conn_info)?; - return Ok((false, len)); - } - Ok((true, len)) - } - - fn mio_socket_event(&mut self, event: &Event) -> Result<(), Error> { - if let Some(info) = self.find_info_by_udp_token(event.token()) { - return self.receive_udp_packet_and_write_to_client(&info.clone()); - } - - let conn_info = match self.find_info_by_token(event.token()) { - Some(conn_info) => conn_info.clone(), - None => { - // We may have closed the connection in an earlier iteration over the poll events, - // e.g. because an event through the tunnel interface indicated that the connection - // should be closed. - log::trace!("Connection info not found"); - return Ok(()); - } - }; - - let e = "connection manager not found"; - let server = self.get_connection_manager().ok_or(e)?.get_server_addr(); - - let mut block = || -> Result<(), Error> { - if event.is_readable() || event.is_read_closed() { - let established = self - .connection_map - .get(&conn_info) - .ok_or("")? - .proxy_handler - .connection_established(); - if self.options.dns_over_tcp && conn_info.dst.port() == DNS_PORT && established { - self.receive_dns_over_tcp_packet_and_write_to_client(&conn_info)?; - return Ok(()); - } else { - let (success, len) = self.read_server_n_write_proxy_handler(&conn_info)?; - if !success { - return Ok(()); - } - - let e = "connection state not found"; - let state = self.connection_map.get_mut(&conn_info).ok_or(e)?; - - // The handler request for reset the server connection - if state.proxy_handler.reset_connection() { - if let Err(err) = self.poll.registry().deregister(&mut state.mio_stream) { - log::trace!("{}", err); - } - // Closes the connection with the proxy - if let Err(err) = state.mio_stream.shutdown(Shutdown::Both) { - log::trace!("Shutdown 2 error \"{}\"", err); - } - - log::info!("RESET {}", conn_info); - - state.mio_stream = TcpStream::connect(server)?; - - state.wait_read = true; - state.wait_write = true; - - Self::update_mio_socket_interest(&mut self.poll, state)?; - - return Ok(()); - } - - if len == 0 || event.is_read_closed() { - state.wait_read = false; - state.close_state |= SERVER_WRITE_CLOSED; - Self::update_mio_socket_interest(&mut self.poll, state)?; - self.check_change_close_state(&conn_info)?; - self.expect_smoltcp_send()?; - } - } - - // We have read from the proxy server and pushed the data to the connection handler. - // Thus, expect data to be processed (e.g. decapsulated) and forwarded to the client. - self.write_to_client(&conn_info)?; - - // The connection handler could have produced data that is to be written to the - // server. - self.write_to_server(&conn_info)?; - - self.consume_cached_udp_packets(&conn_info)?; - } - - if event.is_writable() { - self.write_to_server(&conn_info)?; - } - Ok::<(), Error>(()) - }; - if let Err(error) = block() { - log::error!("{}", error); - self.remove_connection(&conn_info)?; - } - Ok(()) - } - - fn read_data_from_tcp_stream( - stream: &mut dyn std::io::Read, - buffer_size: usize, - is_closed: &mut bool, - mut callback: F, - ) -> std::io::Result<()> - where - F: FnMut(&mut [u8]) -> std::io::Result<()>, - { - assert!(buffer_size > 0); - let mut tmp = vec![0_u8; buffer_size]; - loop { - match stream.read(&mut tmp) { - Ok(0) => { - // The tcp connection closed - *is_closed = true; - break; - } - Ok(read_result) => { - callback(&mut tmp[0..read_result])?; - } - Err(error) => { - if error.kind() == std::io::ErrorKind::WouldBlock { - // We have read all available data. - break; - } else if error.kind() == std::io::ErrorKind::Interrupted { - // Hardware or software interrupt, continue polling. - continue; - } else { - *is_closed = true; - return Err(error); - } - } - }; - } - Ok(()) - } - - #[cfg(any(target_os = "windows", target_os = "linux", target_os = "macos"))] - fn prepare_exiting_signal_trigger(&mut self) -> Result> { - let mut exit_trigger = self.exit_trigger.take().ok_or("Already running")?; - let mut count = 0; - let handle = ctrlc2::set_handler(move || -> bool { - match exit_trigger.write(b"EXIT") { - Ok(_) => { - log::trace!("Exit signal triggered successfully"); - true - } - Err(err) if err.kind() == std::io::ErrorKind::WouldBlock => { - if count > 5 { - log::error!("Send exit signal failed 5 times, exit anyway"); - return true; // std::process::exit(1); - } - count += 1; - false - } - Err(err) => { - log::error!("Failed to send exit signal: \"{}\"", err); - true - } - } - })?; - Ok(handle) - } - - pub fn run(&mut self) -> Result<(), Error> { - #[cfg(any(target_os = "windows", target_os = "linux", target_os = "macos"))] - let handle = self.prepare_exiting_signal_trigger()?; - - let mut events = Events::with_capacity(1024); - let ret = 'exit_point: loop { - if let Err(err) = self.poll.poll(&mut events, None) { - if err.kind() == std::io::ErrorKind::Interrupted { - log::debug!("Poll interrupted: \"{err}\", ignored, continue polling"); - continue; - } - break 'exit_point Err(Error::from(err)); - } - - log::trace!("Polling events count {}", events.iter().count()); - - for event in events.iter() { - match event.token() { - EXIT_TOKEN => { - if self.exiting_event_handler()? { - break 'exit_point Ok(()); - } - } - EXIT_TRIGGER_TOKEN => { - log::trace!("Exiting trigger is ready, {:?}", self.exit_trigger); - } - TUN_TOKEN => self.tun_event(event)?, - PIPE_TOKEN => self.pipe_event(event)?, - _ => self.mio_socket_event(event)?, - } - } - self.send_to_smoltcp()?; - self.clearup_expired_connection()?; - self.clearup_expired_dns_over_tcp()?; - - log::trace!("connection count: {}", self.connection_map.len()); - }; - #[cfg(any(target_os = "windows", target_os = "linux", target_os = "macos"))] - handle.join().unwrap(); - log::trace!("{:?}", ret); - ret - } - - fn exiting_event_handler(&mut self) -> Result { - let mut buffer = vec![0; 100]; - match self.exit_receiver.read(&mut buffer) { - Ok(size) => { - log::trace!("Received exit signal: {:?}", &buffer[..size]); - log::info!("Exiting tun2proxy..."); - Ok(true) - } - Err(err) if err.kind() == std::io::ErrorKind::WouldBlock => { - log::trace!("Exiting reciever is ready"); - Ok(false) - } - Err(err) => Err(err.into()), - } - } - - pub fn shutdown(&mut self) -> Result<(), Error> { - log::debug!("Shutdown tun2proxy..."); - _ = self.exit_trigger.as_mut().ok_or("Already triggered")?.write(b"EXIT")?; - Ok(()) - } -} diff --git a/src/util.rs b/src/util.rs deleted file mode 100644 index dff0b53..0000000 --- a/src/util.rs +++ /dev/null @@ -1,22 +0,0 @@ -use crate::error::Error; -use smoltcp::wire::IpCidr; -use std::net::IpAddr; -use std::str::FromStr; - -pub fn str_to_cidr(s: &str) -> Result { - // IpCidr's FromString implementation requires the netmask to be specified. - // Try to parse as IP address without netmask before falling back. - match IpAddr::from_str(s) { - Err(_) => (), - Ok(cidr) => { - let prefix_len = if cidr.is_ipv4() { 32 } else { 128 }; - return Ok(IpCidr::new(cidr.into(), prefix_len)); - } - }; - - let cidr = IpCidr::from_str(s); - match cidr { - Err(()) => Err("Invalid CIDR: ".into()), - Ok(cidr) => Ok(cidr), - } -} diff --git a/src/virtdevice.rs b/src/virtdevice.rs deleted file mode 100644 index 721466c..0000000 --- a/src/virtdevice.rs +++ /dev/null @@ -1,80 +0,0 @@ -use smoltcp::{ - phy::{self, Device, DeviceCapabilities}, - time::Instant, -}; - -/// Virtual device representing the remote proxy server. -#[derive(Default)] -pub struct VirtualTunDevice { - capabilities: DeviceCapabilities, - inbuf: Vec>, - outbuf: Vec>, -} - -impl VirtualTunDevice { - pub fn inject_packet(&mut self, buffer: &[u8]) { - self.inbuf.push(buffer.to_vec()); - } - - pub fn exfiltrate_packet(&mut self) -> Option> { - self.outbuf.pop() - } -} - -pub struct VirtRxToken { - buffer: Vec, -} - -impl phy::RxToken for VirtRxToken { - fn consume(mut self, f: F) -> R - where - F: FnOnce(&mut [u8]) -> R, - { - f(&mut self.buffer[..]) - } -} - -pub struct VirtTxToken<'a>(&'a mut VirtualTunDevice); - -impl<'a> phy::TxToken for VirtTxToken<'a> { - fn consume(self, len: usize, f: F) -> R - where - F: FnOnce(&mut [u8]) -> R, - { - let mut buffer = vec![0; len]; - let result = f(&mut buffer); - self.0.outbuf.push(buffer); - result - } -} - -impl Device for VirtualTunDevice { - type RxToken<'a> = VirtRxToken; - type TxToken<'a> = VirtTxToken<'a>; - - fn receive(&mut self, _timestamp: Instant) -> Option<(Self::RxToken<'_>, Self::TxToken<'_>)> { - if let Some(buffer) = self.inbuf.pop() { - let rx = Self::RxToken { buffer }; - let tx = VirtTxToken(self); - return Some((rx, tx)); - } - None - } - - fn transmit(&mut self, _timestamp: Instant) -> Option> { - return Some(VirtTxToken(self)); - } - - fn capabilities(&self) -> DeviceCapabilities { - self.capabilities.clone() - } -} - -impl VirtualTunDevice { - pub fn new(capabilities: DeviceCapabilities) -> Self { - Self { - capabilities, - ..VirtualTunDevice::default() - } - } -} diff --git a/src/virtdns.rs b/src/virtual_dns.rs similarity index 72% rename from src/virtdns.rs rename to src/virtual_dns.rs index 01f4363..be32c71 100644 --- a/src/virtdns.rs +++ b/src/virtual_dns.rs @@ -1,8 +1,5 @@ -#![allow(dead_code)] - use crate::error::Result; use hashlink::{linked_hash_map::RawEntryMut, LruCache}; -use smoltcp::wire::Ipv4Cidr; use std::{ collections::HashMap, convert::TryInto, @@ -18,6 +15,9 @@ struct NameCacheEntry { expiry: Instant, } +/// A virtual DNS server which allocates IP addresses to clients. +/// The IP addresses are in the range of private IP addresses. +/// The DNS server is implemented as a LRU cache. pub struct VirtualDns { lru_cache: LruCache, name_to_ip: HashMap, @@ -29,13 +29,16 @@ pub struct VirtualDns { impl Default for VirtualDns { fn default() -> Self { let start_addr = Ipv4Addr::from_str("198.18.0.0").unwrap(); - let cidr = Ipv4Cidr::new(start_addr.into(), 15); + let prefix_len = 15; + + let network_addr = calculate_network_addr(start_addr, prefix_len); + let broadcast_addr = calculate_broadcast_addr(start_addr, prefix_len); Self { next_addr: start_addr.into(), name_to_ip: HashMap::default(), - network_addr: IpAddr::from(cidr.network().address().into_address()), - broadcast_addr: IpAddr::from(cidr.broadcast().unwrap().into_address()), + network_addr: IpAddr::from(network_addr), + broadcast_addr: IpAddr::from(broadcast_addr), lru_cache: LruCache::new_unbounded(), } } @@ -46,13 +49,14 @@ impl VirtualDns { VirtualDns::default() } - pub fn receive_query(&mut self, data: &[u8]) -> Result> { + /// Returns the DNS response to send back to the client. + pub fn generate_query(&mut self, data: &[u8]) -> Result<(Vec, String, IpAddr)> { use crate::dns; let message = dns::parse_data_to_dns_message(data, false)?; let qname = dns::extract_domain_from_dns_message(&message)?; let ip = self.allocate_ip(qname.clone())?; let message = dns::build_dns_response(message, &qname, ip, 5)?; - Ok(message.to_vec()?) + Ok((message.to_vec()?, qname, ip)) } fn increment_ip(addr: IpAddr) -> Result { @@ -140,3 +144,30 @@ impl VirtualDns { } } } + +fn calculate_network_addr(ip: std::net::Ipv4Addr, prefix_len: u8) -> std::net::Ipv4Addr { + let mask = (!0u32) << (32 - prefix_len); + let ip_u32 = u32::from_be_bytes(ip.octets()); + std::net::Ipv4Addr::from((ip_u32 & mask).to_be_bytes()) +} + +fn calculate_broadcast_addr(ip: std::net::Ipv4Addr, prefix_len: u8) -> std::net::Ipv4Addr { + let mask = (!0u32) >> prefix_len; + let ip_u32 = u32::from_be_bytes(ip.octets()); + std::net::Ipv4Addr::from((ip_u32 | mask).to_be_bytes()) +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_cidr_addr() { + let start_addr = Ipv4Addr::from_str("198.18.0.0").unwrap(); + let prefix_len = 15; + let network_addr = calculate_network_addr(start_addr, prefix_len); + let broadcast_addr = calculate_broadcast_addr(start_addr, prefix_len); + assert_eq!(network_addr, Ipv4Addr::from_str("198.18.0.0").unwrap()); + assert_eq!(broadcast_addr, Ipv4Addr::from_str("198.19.255.255").unwrap()); + } +} diff --git a/src/wintuninterface.rs b/src/wintuninterface.rs deleted file mode 100644 index fe9abbe..0000000 --- a/src/wintuninterface.rs +++ /dev/null @@ -1,546 +0,0 @@ -use mio::{event, windows::NamedPipe, Interest, Registry, Token}; -use smoltcp::wire::IpCidr; -use smoltcp::{ - phy::{self, Device, DeviceCapabilities, Medium}, - time::Instant, -}; -use std::{ - cell::RefCell, - fs::OpenOptions, - io::{self, Read, Write}, - net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr}, - os::windows::prelude::{FromRawHandle, IntoRawHandle, OpenOptionsExt}, - rc::Rc, - sync::{Arc, Mutex}, - thread::JoinHandle, - vec::Vec, -}; -use windows::{ - core::{GUID, PWSTR}, - Win32::{ - Foundation::{ERROR_BUFFER_OVERFLOW, WIN32_ERROR}, - NetworkManagement::{ - IpHelper::{ - GetAdaptersAddresses, SetInterfaceDnsSettings, DNS_INTERFACE_SETTINGS, DNS_INTERFACE_SETTINGS_VERSION1, - DNS_SETTING_NAMESERVER, GAA_FLAG_INCLUDE_GATEWAYS, GAA_FLAG_INCLUDE_PREFIX, IF_TYPE_ETHERNET_CSMACD, IF_TYPE_IEEE80211, - IP_ADAPTER_ADDRESSES_LH, - }, - Ndis::IfOperStatusUp, - }, - Networking::WinSock::{AF_INET, AF_INET6, AF_UNSPEC, SOCKADDR, SOCKADDR_IN, SOCKADDR_IN6}, - Storage::FileSystem::FILE_FLAG_OVERLAPPED, - }, -}; - -fn server() -> io::Result<(NamedPipe, String)> { - use rand::Rng; - let num: u64 = rand::thread_rng().gen(); - let name = format!(r"\\.\pipe\my-pipe-{}", num); - let pipe = NamedPipe::new(&name)?; - Ok((pipe, name)) -} - -fn client(name: &str) -> io::Result { - let mut opts = OpenOptions::new(); - opts.read(true).write(true).custom_flags(FILE_FLAG_OVERLAPPED.0); - let file = opts.open(name)?; - unsafe { Ok(NamedPipe::from_raw_handle(file.into_raw_handle())) } -} - -pub(crate) fn pipe() -> io::Result<(NamedPipe, NamedPipe)> { - let (pipe, name) = server()?; - Ok((pipe, client(&name)?)) -} - -/// A virtual TUN (IP) interface. -pub struct WinTunInterface { - wintun_session: Arc, - mtu: usize, - medium: Medium, - pipe_server: Rc>, - pipe_server_cache: Rc>>, - pipe_client: Arc>, - pipe_client_cache: Arc>>, - wintun_reader_thread: Option>, - old_gateway: Option, -} - -impl event::Source for WinTunInterface { - fn register(&mut self, registry: &Registry, token: Token, interests: Interest) -> io::Result<()> { - self.pipe_server.borrow_mut().register(registry, token, interests)?; - Ok(()) - } - - fn reregister(&mut self, registry: &Registry, token: Token, interests: Interest) -> io::Result<()> { - self.pipe_server.borrow_mut().reregister(registry, token, interests)?; - Ok(()) - } - - fn deregister(&mut self, registry: &Registry) -> io::Result<()> { - self.pipe_server.borrow_mut().deregister(registry)?; - Ok(()) - } -} - -impl WinTunInterface { - pub fn new(tun_name: &str, medium: Medium) -> io::Result { - let wintun = unsafe { wintun::load() }.map_err(|e| io::Error::new(io::ErrorKind::Other, e))?; - let guid = 324435345345345345_u128; - let adapter = match wintun::Adapter::open(&wintun, tun_name) { - Ok(a) => a, - Err(_) => { - wintun::Adapter::create(&wintun, tun_name, tun_name, Some(guid)).map_err(|e| io::Error::new(io::ErrorKind::Other, e))? - } - }; - - let session = adapter - .start_session(wintun::MAX_RING_CAPACITY) - .map_err(|e| io::Error::new(io::ErrorKind::Other, e))?; - let wintun_session = Arc::new(session); - - let (pipe_server, pipe_client) = pipe()?; - - let pipe_client = Arc::new(Mutex::new(pipe_client)); - let pipe_client_cache = Arc::new(Mutex::new(Vec::new())); - - let mtu = adapter.get_mtu().map_err(|e| io::Error::new(io::ErrorKind::Other, e))?; - - let reader_session = wintun_session.clone(); - let pipe_client_clone = pipe_client.clone(); - let pipe_client_cache_clone = pipe_client_cache.clone(); - let reader_thread = std::thread::spawn(move || { - let block = || -> Result<(), Box> { - loop { - // Take the old data from pipe_client_cache and append the new data - let cached_data = pipe_client_cache_clone.lock()?.drain(..).collect::>(); - let bytes = if cached_data.len() >= mtu { - // if the cached data is greater than mtu, then sleep 1ms and return the data - std::thread::sleep(std::time::Duration::from_millis(1)); - cached_data - } else { - // read data from tunnel interface - let packet = reader_session.receive_blocking()?; - let bytes = packet.bytes().to_vec(); - // and append to the end of cached data - cached_data.into_iter().chain(bytes).collect::>() - }; - - if bytes.is_empty() { - continue; - } - let len = bytes.len(); - - // write data to named pipe_server - let result = { pipe_client_clone.lock()?.write(&bytes) }; - match result { - Ok(n) => { - if n < len { - log::trace!("Wintun pipe_client write data {} less than buffer {}", n, len); - pipe_client_cache_clone.lock()?.extend_from_slice(&bytes[n..]); - } - } - Err(err) if err.kind() == io::ErrorKind::WouldBlock => { - log::trace!("Wintun pipe_client write WouldBlock (1) len {}", len); - pipe_client_cache_clone.lock()?.extend_from_slice(&bytes); - } - Err(err) => log::error!("Wintun pipe_client write data len {} error \"{}\"", len, err), - } - } - }; - if let Err(err) = block() { - log::trace!("Reader {}", err); - } - }); - - Ok(WinTunInterface { - wintun_session, - mtu, - medium, - pipe_server: Rc::new(RefCell::new(pipe_server)), - pipe_server_cache: Rc::new(RefCell::new(Vec::new())), - pipe_client, - pipe_client_cache, - wintun_reader_thread: Some(reader_thread), - old_gateway: None, - }) - } - - pub fn pipe_client(&self) -> Arc> { - self.pipe_client.clone() - } - - pub fn pipe_client_event(&self, event: &event::Event) -> Result<(), io::Error> { - if event.is_readable() { - self.pipe_client_event_readable() - .map_err(|e| io::Error::new(io::ErrorKind::Other, e.to_string()))?; - } else if event.is_writable() { - self.pipe_client_event_writable() - .map_err(|e| io::Error::new(io::ErrorKind::Other, e.to_string()))?; - } - Ok(()) - } - - fn pipe_client_event_readable(&self) -> Result<(), Box> { - let mut reader = self.pipe_client.lock()?; - let mut buffer = vec![0; self.mtu]; - loop { - // some data arieved to pipe_client from pipe_server - match reader.read(&mut buffer[..]) { - Ok(len) => match self.wintun_session.allocate_send_packet(len as u16) { - Ok(mut write_pack) => { - write_pack.bytes_mut().copy_from_slice(&buffer[..len]); - // write data to tunnel interface - self.wintun_session.send_packet(write_pack); - } - Err(err) => { - log::error!("Wintun: failed to allocate send packet: {}", err); - } - }, - Err(err) if err.kind() == io::ErrorKind::WouldBlock => break, - Err(err) if err.kind() == io::ErrorKind::Interrupted => continue, - Err(err) => return Err(err.into()), - } - } - Ok(()) - } - - fn pipe_client_event_writable(&self) -> Result<(), Box> { - let cache = self.pipe_client_cache.lock()?.drain(..).collect::>(); - if cache.is_empty() { - return Ok(()); - } - let len = cache.len(); - let result = self.pipe_client.lock()?.write(&cache[..]); - match result { - Ok(n) => { - if n < len { - log::trace!("Wintun pipe_client write data {} less than buffer {}", n, len); - self.pipe_client_cache.lock()?.extend_from_slice(&cache[n..]); - } - } - Err(err) if err.kind() == io::ErrorKind::WouldBlock => { - log::trace!("Wintun pipe_client write WouldBlock (2) len {}", len); - self.pipe_client_cache.lock()?.extend_from_slice(&cache); - } - Err(err) => log::error!("Wintun pipe_client write data len {} error \"{}\"", len, err), - } - Ok(()) - } - - pub fn setup_config<'a>( - &mut self, - bypass_ips: impl IntoIterator, - dns_addr: Option, - ) -> Result<(), io::Error> { - let adapter = self.wintun_session.get_adapter(); - - // Setup the adapter's address/mask/gateway - let address = "10.1.0.33".parse::().unwrap(); - let mask = "255.255.255.0".parse::().unwrap(); - let gateway = "10.1.0.1".parse::().unwrap(); - adapter - .set_network_addresses_tuple(address, mask, Some(gateway)) - .map_err(|e| io::Error::new(io::ErrorKind::Other, e))?; - - // 1. Setup the adapter's DNS - let interface = GUID::from(adapter.get_guid()); - let dns = dns_addr.unwrap_or("8.8.8.8".parse::().unwrap()); - let dns2 = "8.8.4.4".parse::().unwrap(); - set_interface_dns_settings(interface, &[dns, dns2])?; - - // 2. Route all traffic to the adapter, here the destination is adapter's gateway - // command: `route add 0.0.0.0 mask 0.0.0.0 10.1.0.1 metric 6` - let unspecified = Ipv4Addr::UNSPECIFIED.to_string(); - let gateway = gateway.to_string(); - let args = &["add", &unspecified, "mask", &unspecified, &gateway, "metric", "6"]; - run_command("route", args)?; - log::info!("route {:?}", args); - - let old_gateways = get_active_network_interface_gateways()?; - // find ipv4 gateway address, or error return - let old_gateway = old_gateways - .iter() - .find(|addr| addr.is_ipv4()) - .ok_or_else(|| io::Error::new(io::ErrorKind::Other, "No ipv4 gateway found"))?; - let old_gateway = old_gateway.ip(); - self.old_gateway = Some(old_gateway); - - // 3. route the bypass ip to the old gateway - // command: `route add bypass_ip old_gateway metric 1` - for bypass_ip in bypass_ips { - let args = &["add", &bypass_ip.to_string(), &old_gateway.to_string(), "metric", "1"]; - run_command("route", args)?; - log::info!("route {:?}", args); - } - - Ok(()) - } - - pub fn restore_config(&mut self) -> Result<(), io::Error> { - if self.old_gateway.is_none() { - return Ok(()); - } - let unspecified = Ipv4Addr::UNSPECIFIED.to_string(); - - // 1. Remove current adapter's route - // command: `route delete 0.0.0.0 mask 0.0.0.0` - let args = &["delete", &unspecified, "mask", &unspecified]; - run_command("route", args)?; - - // 2. Add back the old gateway route - // command: `route add 0.0.0.0 mask 0.0.0.0 old_gateway metric 200` - let old_gateway = self.old_gateway.take().unwrap().to_string(); - let args = &["add", &unspecified, "mask", &unspecified, &old_gateway, "metric", "200"]; - run_command("route", args)?; - - Ok(()) - } -} - -impl Drop for WinTunInterface { - fn drop(&mut self) { - if let Err(e) = self.restore_config() { - log::error!("Faild to unsetup config: {}", e); - } - if let Err(e) = self.wintun_session.shutdown() { - log::error!("phy: failed to shutdown interface: {}", e); - } - if let Some(thread) = self.wintun_reader_thread.take() { - if let Err(e) = thread.join() { - log::error!("phy: failed to join reader thread: {:?}", e); - } - } - } -} - -impl Device for WinTunInterface { - type RxToken<'a> = RxToken; - type TxToken<'a> = TxToken; - - fn capabilities(&self) -> DeviceCapabilities { - let mut v = DeviceCapabilities::default(); - v.max_transmission_unit = self.mtu; - v.medium = self.medium; - v - } - - fn receive(&mut self, _timestamp: Instant) -> Option<(Self::RxToken<'_>, Self::TxToken<'_>)> { - let mut buffer = vec![0; self.mtu]; - match self.pipe_server.borrow_mut().read(&mut buffer[..]) { - Ok(size) => { - buffer.resize(size, 0); - let rx = RxToken { buffer }; - let tx = TxToken { - pipe_server: self.pipe_server.clone(), - pipe_server_cache: self.pipe_server_cache.clone(), - }; - Some((rx, tx)) - } - Err(err) if err.kind() == io::ErrorKind::WouldBlock => None, - Err(err) => panic!("{}", err), - } - } - - fn transmit(&mut self, _timestamp: Instant) -> Option> { - Some(TxToken { - pipe_server: self.pipe_server.clone(), - pipe_server_cache: self.pipe_server_cache.clone(), - }) - } -} - -#[doc(hidden)] -pub struct RxToken { - buffer: Vec, -} - -impl phy::RxToken for RxToken { - fn consume(mut self, f: F) -> R - where - F: FnOnce(&mut [u8]) -> R, - { - f(&mut self.buffer[..]) - } -} - -#[doc(hidden)] -pub struct TxToken { - pipe_server: Rc>, - pipe_server_cache: Rc>>, -} - -impl phy::TxToken for TxToken { - fn consume(self, len: usize, f: F) -> R - where - F: FnOnce(&mut [u8]) -> R, - { - let mut buffer = vec![0; len]; - let result = f(&mut buffer); - - let buffer = self.pipe_server_cache.borrow_mut().drain(..).chain(buffer).collect::>(); - if buffer.is_empty() { - // log::trace!("Wintun TxToken (pipe_server) is empty"); - return result; - } - let len = buffer.len(); - - match self.pipe_server.borrow_mut().write(&buffer[..]) { - Ok(n) => { - if n < len { - log::trace!("Wintun TxToken (pipe_server) sent {} less than buffer len {}", n, len); - self.pipe_server_cache.borrow_mut().extend_from_slice(&buffer[n..]); - } - } - Err(err) if err.kind() == io::ErrorKind::WouldBlock => { - self.pipe_server_cache.borrow_mut().extend_from_slice(&buffer[..]); - log::trace!("Wintun TxToken (pipe_server) WouldBlock data len: {}", len) - } - Err(err) => log::error!("Wintun TxToken (pipe_server) len {} error \"{}\"", len, err), - } - result - } -} - -pub struct NamedPipeSource(pub Arc>); - -impl event::Source for NamedPipeSource { - fn register(&mut self, registry: &Registry, token: Token, interests: Interest) -> io::Result<()> { - self.0 - .lock() - .map_err(|e| io::Error::new(io::ErrorKind::Other, e.to_string()))? - .register(registry, token, interests) - } - - fn reregister(&mut self, registry: &Registry, token: Token, interests: Interest) -> io::Result<()> { - self.0 - .lock() - .map_err(|e| io::Error::new(io::ErrorKind::Other, e.to_string()))? - .reregister(registry, token, interests) - } - - fn deregister(&mut self, registry: &Registry) -> io::Result<()> { - self.0 - .lock() - .map_err(|e| io::Error::new(io::ErrorKind::Other, e.to_string()))? - .deregister(registry) - } -} - -pub(crate) fn run_command(command: &str, args: &[&str]) -> io::Result<()> { - let out = std::process::Command::new(command).args(args).output()?; - if !out.status.success() { - let err = String::from_utf8_lossy(if out.stderr.is_empty() { &out.stdout } else { &out.stderr }); - let info = format!("{} failed with: \"{}\"", command, err); - return Err(std::io::Error::new(std::io::ErrorKind::Other, info)); - } - Ok(()) -} - -pub(crate) fn set_interface_dns_settings(interface: GUID, dns: &[IpAddr]) -> io::Result<()> { - // format L"1.1.1.1 8.8.8.8", or L"1.1.1.1,8.8.8.8". - let dns = dns.iter().map(|ip| ip.to_string()).collect::>().join(","); - let dns = dns.encode_utf16().chain(std::iter::once(0)).collect::>(); - - let settings = DNS_INTERFACE_SETTINGS { - Version: DNS_INTERFACE_SETTINGS_VERSION1, - Flags: DNS_SETTING_NAMESERVER as _, - NameServer: PWSTR(dns.as_ptr() as _), - ..DNS_INTERFACE_SETTINGS::default() - }; - - unsafe { SetInterfaceDnsSettings(interface, &settings as *const _)? }; - Ok(()) -} - -pub(crate) fn get_active_network_interface_gateways() -> io::Result> { - let mut addrs = vec![]; - get_adapters_addresses(|adapter| { - if adapter.OperStatus == IfOperStatusUp && [IF_TYPE_ETHERNET_CSMACD, IF_TYPE_IEEE80211].contains(&adapter.IfType) { - let mut current_gateway = adapter.FirstGatewayAddress; - while !current_gateway.is_null() { - let gateway = unsafe { &*current_gateway }; - { - let sockaddr_ptr = gateway.Address.lpSockaddr; - let sockaddr = unsafe { &*(sockaddr_ptr as *const SOCKADDR) }; - let a = unsafe { sockaddr_to_socket_addr(sockaddr) }?; - addrs.push(a); - } - current_gateway = gateway.Next; - } - } - Ok(()) - })?; - Ok(addrs) -} - -pub(crate) fn get_adapters_addresses(mut callback: F) -> io::Result<()> -where - F: FnMut(IP_ADAPTER_ADDRESSES_LH) -> io::Result<()>, -{ - let mut size = 0; - let flags = GAA_FLAG_INCLUDE_PREFIX | GAA_FLAG_INCLUDE_GATEWAYS; - let family = AF_UNSPEC.0 as u32; - - // Make an initial call to GetAdaptersAddresses to get the - // size needed into the size variable - let result = unsafe { GetAdaptersAddresses(family, flags, None, None, &mut size) }; - - if WIN32_ERROR(result) != ERROR_BUFFER_OVERFLOW { - WIN32_ERROR(result).ok()?; - } - // Allocate memory for the buffer - let mut addresses: Vec = vec![0; (size + 4) as usize]; - - // Make a second call to GetAdaptersAddresses to get the actual data we want - let result = unsafe { - let addr = Some(addresses.as_mut_ptr() as *mut IP_ADAPTER_ADDRESSES_LH); - GetAdaptersAddresses(family, flags, None, addr, &mut size) - }; - - WIN32_ERROR(result).ok()?; - - // If successful, output some information from the data we received - let mut current_addresses = addresses.as_ptr() as *const IP_ADAPTER_ADDRESSES_LH; - while !current_addresses.is_null() { - unsafe { - callback(*current_addresses)?; - current_addresses = (*current_addresses).Next; - } - } - Ok(()) -} - -pub(crate) unsafe fn sockaddr_to_socket_addr(sock_addr: *const SOCKADDR) -> io::Result { - let address = match (*sock_addr).sa_family { - AF_INET => sockaddr_in_to_socket_addr(&*(sock_addr as *const SOCKADDR_IN)), - AF_INET6 => sockaddr_in6_to_socket_addr(&*(sock_addr as *const SOCKADDR_IN6)), - _ => return Err(io::Error::new(io::ErrorKind::Other, "Unsupported address type")), - }; - Ok(address) -} - -pub(crate) unsafe fn sockaddr_in_to_socket_addr(sockaddr_in: &SOCKADDR_IN) -> SocketAddr { - let ip = Ipv4Addr::new( - sockaddr_in.sin_addr.S_un.S_un_b.s_b1, - sockaddr_in.sin_addr.S_un.S_un_b.s_b2, - sockaddr_in.sin_addr.S_un.S_un_b.s_b3, - sockaddr_in.sin_addr.S_un.S_un_b.s_b4, - ); - let port = u16::from_be(sockaddr_in.sin_port); - SocketAddr::new(ip.into(), port) -} - -pub(crate) unsafe fn sockaddr_in6_to_socket_addr(sockaddr_in6: &SOCKADDR_IN6) -> SocketAddr { - let ip = IpAddr::V6(Ipv6Addr::new( - u16::from_be(sockaddr_in6.sin6_addr.u.Word[0]), - u16::from_be(sockaddr_in6.sin6_addr.u.Word[1]), - u16::from_be(sockaddr_in6.sin6_addr.u.Word[2]), - u16::from_be(sockaddr_in6.sin6_addr.u.Word[3]), - u16::from_be(sockaddr_in6.sin6_addr.u.Word[4]), - u16::from_be(sockaddr_in6.sin6_addr.u.Word[5]), - u16::from_be(sockaddr_in6.sin6_addr.u.Word[6]), - u16::from_be(sockaddr_in6.sin6_addr.u.Word[7]), - )); - let port = u16::from_be(sockaddr_in6.sin6_port); - SocketAddr::new(ip, port) -} diff --git a/tests/proxy.rs b/tests/proxy.rs deleted file mode 100644 index 4dcc043..0000000 --- a/tests/proxy.rs +++ /dev/null @@ -1,151 +0,0 @@ -#[cfg(target_os = "linux")] -#[cfg(test)] -mod tests { - extern crate reqwest; - - use fork::Fork; - use nix::sys::signal; - use nix::unistd::Pid; - use serial_test::serial; - use smoltcp::wire::IpCidr; - use std::env; - - use tun2proxy::setup::{get_default_cidrs, Setup}; - use tun2proxy::util::str_to_cidr; - use tun2proxy::{main_entry, NetworkInterface, Options, Proxy, ProxyType}; - - #[derive(Clone, Debug)] - struct Test { - proxy: Proxy, - } - - static TUN_TEST_DEVICE: &str = "tun0"; - - fn proxy_from_env(env_var: &str) -> Result { - let url = env::var(env_var).map_err(|_| format!("{env_var} environment variable not found"))?; - Proxy::from_url(url.as_str()).map_err(|_| format!("{env_var} URL cannot be parsed")) - } - - fn test_from_env(env_var: &str) -> Result { - let proxy = proxy_from_env(env_var)?; - Ok(Test { proxy }) - } - - fn tests() -> [Result; 3] { - [ - test_from_env("SOCKS4_SERVER"), - test_from_env("SOCKS5_SERVER"), - test_from_env("HTTP_SERVER"), - ] - } - - #[cfg(test)] - #[ctor::ctor] - fn init() { - dotenvy::dotenv().ok(); - } - - fn request_ip_host_http() { - reqwest::blocking::get("http://1.1.1.1").expect("failed to issue HTTP request"); - } - - fn request_example_https() { - reqwest::blocking::get("https://example.org").expect("failed to issue HTTPs request"); - } - - fn run_test(filter: F, test_function: T) - where - F: Fn(&Test) -> bool, - T: Fn(), - { - for potential_test in tests() { - match potential_test { - Ok(test) => { - if !filter(&test) { - continue; - } - - let mut bypass_ips = Vec::::new(); - - match env::var("BYPASS_IP") { - Err(_) => { - let prefix_len = if test.proxy.addr.ip().is_ipv6() { 128 } else { 32 }; - bypass_ips.push(IpCidr::new(test.proxy.addr.ip().into(), prefix_len)); - } - Ok(ip_str) => bypass_ips.push(str_to_cidr(&ip_str).expect("Invalid bypass IP")), - }; - - let mut setup = Setup::new(TUN_TEST_DEVICE, bypass_ips, get_default_cidrs()); - setup.configure().unwrap(); - - match fork::fork() { - Ok(Fork::Parent(child)) => { - test_function(); - signal::kill(Pid::from_raw(child), signal::SIGINT).expect("failed to kill child"); - setup.restore().unwrap(); - } - Ok(Fork::Child) => { - prctl::set_death_signal(signal::SIGINT as isize).unwrap(); - let _ = main_entry( - &NetworkInterface::Named(TUN_TEST_DEVICE.into()), - &test.proxy, - Options::new().with_virtual_dns(), - ); - std::process::exit(0); - } - Err(_) => panic!(), - } - } - Err(_) => { - continue; - } - } - } - } - - fn require_var(var: &str) { - env::var(var).unwrap_or_else(|_| panic!("{} environment variable required", var)); - } - - #[serial] - #[test_log::test] - fn test_socks4() { - require_var("SOCKS4_SERVER"); - run_test(|test| test.proxy.proxy_type == ProxyType::Socks4, request_ip_host_http) - } - - #[serial] - #[test_log::test] - fn test_socks5() { - require_var("SOCKS5_SERVER"); - run_test(|test| test.proxy.proxy_type == ProxyType::Socks5, request_ip_host_http) - } - - #[serial] - #[test_log::test] - fn test_http() { - require_var("HTTP_SERVER"); - run_test(|test| test.proxy.proxy_type == ProxyType::Http, request_ip_host_http) - } - - #[serial] - #[test_log::test] - fn test_socks4_dns() { - require_var("SOCKS4_SERVER"); - run_test(|test| test.proxy.proxy_type == ProxyType::Socks4, request_example_https) - } - - #[serial] - #[test_log::test] - fn test_socks5_dns() { - require_var("SOCKS5_SERVER"); - run_test(|test| test.proxy.proxy_type == ProxyType::Socks5, request_example_https) - } - - #[serial] - #[test_log::test] - fn test_http_dns() { - require_var("HTTP_SERVER"); - run_test(|test| test.proxy.proxy_type == ProxyType::Http, request_example_https) - } -} From 3e373677bc54b1dd16005d2884328b938762e82e Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Thu, 1 Feb 2024 19:48:19 +0800 Subject: [PATCH 164/401] release script issues --- .github/workflows/publish-exe.yml | 1 + .../tun2proxy-x86_64-pc-windows-msvc.zip | Bin 0 -> 2001891 bytes 2 files changed, 1 insertion(+) create mode 100644 publishdir/tun2proxy-x86_64-pc-windows-msvc.zip diff --git a/.github/workflows/publish-exe.yml b/.github/workflows/publish-exe.yml index 477f267..74c319f 100644 --- a/.github/workflows/publish-exe.yml +++ b/.github/workflows/publish-exe.yml @@ -63,6 +63,7 @@ jobs: cargo build --all-features --release --target ${{ matrix.target }} fi if [[ "${{ matrix.host_os }}" == "windows-latest" ]]; then + powershell Get-ChildItem -Path target/${{ matrix.target }}/release/tun2proxy.exe, README.md, target/${{ matrix.target }}/release/wintun.dll | ForEach-Object { $_.LastWriteTime = Get-Date } powershell Compress-Archive -Path target/${{ matrix.target }}/release/tun2proxy.exe, README.md, target/${{ matrix.target }}/release/wintun.dll -DestinationPath publishdir/tun2proxy-${{ matrix.target }}.zip elif [[ "${{ matrix.host_os }}" == "macos-latest" ]]; then zip -j publishdir/tun2proxy-${{ matrix.target }}.zip target/${{ matrix.target }}/release/tun2proxy README.md diff --git a/publishdir/tun2proxy-x86_64-pc-windows-msvc.zip b/publishdir/tun2proxy-x86_64-pc-windows-msvc.zip new file mode 100644 index 0000000000000000000000000000000000000000..acf205e5f1af5cb1f4af27c697f772d94b59db23 GIT binary patch literal 2001891 zcmV(*K;FMlO9KQH000080AQU#SWUA>0nBzA002Zs01W^D0CaV3GH`NlczG^mcxCLp zd3Y3M@;Kg;1Hut{f)aze5)?GZVekx|Gmt=!Ofas9cz|)$ES^N2k)VrCm<&nNHUu?- ztI@d1F6(+kF(H7#gkuu$LPW(o9_#iHSA%#2Q1Y#+_wAnUnMpFi{XEa_j~~xNdiw2p z>wVvPtLm+{s^0GWt15*=K@gJQe^-|vG{6=AIrz1we{Jx8$cPO?gjWWCOV zU7ZHM|9I2&^RP_sV?mxE+^{5Bn7Mf4je1#!aH23MVaUnCt>XpZ{oz#ht#_Ot*xAr+ z_!oaC2tq$zN52Zi(-^VfU!qW0s#nr4(f5|0!UNCe@& z=Z&|{zh0oRBMpQH;My=X5^i$$BmDpW9mzjQZWZkbqWxmKnC622wk>a1{$1|8!a2)1 zbJi7?Nu}S~fng-|xlul>*b=A!#c{Z+t4osK7wb!FuuvVgcKLWgx;|;KWZNmpst-WA z+Qjm``?4al_GzpqUeq(GBcb^v5dQV33xo!L^0Gl#m>;&dQ1T%}=fAG)GH z!UYIUZMYJUNNU9z8h~01g<`#r6{gb{G#Qd|Z0N(mW(=KSGQwR0 zyDMNsrDtmDmDXNWv0g1jShupc34xTwJL&RZEB5h^{fu$D)zTCj4G}Mrx`N~ULbc#L zmUk#r1f6rsjYuT7Tt^eOKh1BAQRn`Rrn-i8*D=S zXdy$47q_~?&JZt-jhLP)z6`|jbuvL_d&Wb(L7E6T(1fC)rhdfgPG6v7J#a06CLK-GX<#t*4CW#O z<~@XIJBrYiFm$a9RAHcxdv(xf5wz~87%gWr(0A_EdwoBGE*Av%#dsE z|AUsUXD#hE1oh>sp`}LAq!J4m%o1aDcK!>w_siK}mLFT#Y;p(?M8e zwSvvjDw~N+m55bR^Naaf?UFmR=N?KIa>aV@LZ|O=f>_oCX11g(DqcFLM9I5H&RZj{ z%e${g&U+5#3#(}7uSz%OPASDcftlqQC@C`T7P<;Dpu%%Sa^M-bQ}Wixfg08W>|Ic> zDReIfDxrJgI)Vb=hv6=->}SusFjH1qG*gAm%#=Qho+_ccMjWstHxid9Y}_EyaM9%F z(qX7A!Tz?Q^$9{KlQoTPLeoirM4|40kkX)NY(ZN6p}SZHx{%dDV5svoHMJfmzT#1w z_h9J&oCJm7a5_Ns<3RLJ_kFy`$W~ExB^1zYSng zgJmXL#wpfMvxmL{+XZ1nd)__b7&h_tKn0qSX@Mt5y+AK)ov0+S6X#8_i{+!Rad}FL zn8hlLA-35s&Zin66oD7uzI~`$?v$Ff%nQyq1%S$Y$%Gpp0qz+jLi4F+5!68b3AOT|3Vw%GS&#+J&lUD$h2s$lq zZqSE(XmiUY1x2znTg-x|X^yL40C{tv_l|i;Lb2@J6qE7poDGk0jFKHdN^uVaSGf`? zwT^C!&VyNh54j3N?pEFpsNhI~KNV#NA$nSi#1EP;Kv#09W zQu;6ypXWSU4BTrjT}7oCo-;x>n2Q%vae^3_VL`owq3$OJ&Snb+8&U!2bQLEsU+&aS zcOb{rk$zR@W&yPrFQ_$mNmFru2L#9QO6sCDl6rZuvwyu~edc5d!V~qNz}+zzJZpVq=r6>rX?J zpb4TaHboSd8T%-cBy~9n6#(#SUNJJAHo%c2NTn@oT|b~L)zXEDO~&AOD>M#3h7$lf zpeC#zf{T&&Y&d6li^__4NFi9Lf*8=WVujdSZPszrb1DL_1*xzwJsi>n(_jy`AWNT& zvCbUnf)Cz+qG4eIWpCI6CED1W;d<2~f643wZ&l{vG&cfDG!eAMQgPKX|ERd#CG*T3dTE>Ur_}R59Q?h*cU%evBz%qBg&O zn7*zjk*ye*SrOZGMZ9KH`tMmIwUlX*9e|BAT5_R_*hm@ECK+Z)Vz7T=t!-^m=n969 zm%=Z!D&SXbVtYbu5}&OK8}A%Gu&qrDjU>Xcc~z=#vfa=p5)pe?y=S@AmzX*uGZ(c0 z(1mzUv{#Xuw^uVING2~Tf0P+9Z3Wt{V%noP1Y868(^BMqw@P+MklYle)qhRckz^<; z@-79*t7Kipgbid;B_0K{mqBJ^ot-YLQ>gFxYqW=F9uu+ht!G+o5Y*`;W3#SgAffZ`f5!$%0dVmUubXphSy`N6C*{x)puB zS6@5Vd5v?f^V&IEYDb6GAL{C=Jt_1uUPgufg_q+(&*0_6P&Hocp-1pCB(xkaBSRH< z85AnTOH$|_ykv#$!pq>$t#}y_x)CqKLv!(x5xN2|384bKh#?nV5<`>m(m!+_UPgq@ z#7kOeJYL3xPR7g8p%HjV4rSnFSSSrIsiA>*=@&}G%h1rTp!;eEhJM0JO6WVhoDljC zUNS>%cu5a^h?i4ByYO;U=ykjt6WWTG<3o*j`9r84FDHjy#LKavHE}`N6DC^|+ZU<#8gW_$;L)Qm-)lt(B zm#I(*HdCw=4RQidhmC=qJlXq>>F7i(!haLQ5oljxQ!_`|O-_6Nx0#aqEFtNMt44om z;VLb8o*-08{;ioN77$0|#)V%OI?sjC@&$s(mW?VBGbWZ?+Tf1cLWa=sC5FN3iwc7^ zoML!q?P$F8Al>FUQ&(Z(zL6#~`i2TE+&8AzOg<*dg2!O>zL9pe_N}M>)Uj&&w12P# zvis4?buoq==ltOGo?H|?y+ys(XPQGG_8F`z+tfP29++yYgb?GLjquKoFGrg#NMdb`cD>oaTldmLB zwuU4CU!ijvlsP)5(PfU8zP6`QErlH1Kvss49Q9fNTzUG>Stv<_;RB0IgSJ$+ojzz{YdG>JbHhf zb!7E@jpRM?%qj9WqQRU%B8&X2m7gaZxd9&`PyZVX5o?OOUY>O zh+Oe}e}dFVFnc|-*d4JgP$QN=#>XF2RjFh68d)RN6a-M}usd$05&P&?R%6GtHi&su=vqu3-&+lEaYnP(sK8#T!+rpC~En7?GF)IsbiFHWYbYib0k-@7+M|1(6oOH z;M&MsdIarJHKh)bXm_EnF18|xQ@`o@AABwUBd!)l^vqvGX4tf{jVVq6t`BrkX?m0@ zoUEWN0RsnYLxNE(HxFOQRcI5UiEw1|Mb(r#LZURXh*&i>pwwY=+7rYvbwmWYnno`- z(y-;azK@qHe!jw!qsEiXS45ZMBR`>1Nn2vYVRxw&xV_F-d@OoY*JR#`6}2#b5-w>J zu08^NqGCnuo&iUypSyG7WSt$$c#Z=fkyKF`UsWNwfjUTh;s6#62J6@sj{o+F{wh@g zvy0gW3|$>Y=e2ET==MSD@30RD)n5nwE_%k^CZk*Z2=^nntA0Og_>tJVY?qH4;)ICG z;ruA50bcZ5M?vaRUMI_j%J0xdzXLmOCBK93v%LeMe)gQu?Vqz@WJky+Yxd@B*pqbV z2KE4~ubt0pWb!sIp9QcvdV@UuD!)@wCgS$L)w2CBKGU-OzwTXBYzWKxGzie<%$*aO zbci(pzqfFE1{=xZ9qKf9s8bunp|b$GkNwF!-O`_TcE#?G{CQvcbM@!e{zT1(Z(%{A z_Y|BJ$=__(j=Psy1u{Fc(8x=LFmN_aiPTk?!6zq@U#;`wpo)VS7FV`z7k1nJ9f@A2 zZ((5~_Q87^;_#JZCV58_Hr$S_djk7JsI$$ebI6CE*Aa9S3#?<6G5RAn>-GBcI=nmL z2uF8{GI(a zV79VLoV-)=A52~_xB)#i{s4ifZWf>-n{w5NI70cl3)uG3KEx$L2v z;fE>zGsgJr;gMx%haNLVmZ^^{tB>-OX&zseWqfAM49?EiC1pLj!X)J-3Pc9FJeh7~ zf#jNWSPZ-kB^wHGTit-!$QWu+&%!*@pFO7-?JM^=EHL}Dn-E4m47j{sNXli!$a<$p zYSMd<`3!Vw>yT`lA<~}a87e8$=SgFloeh{ktxd#w%3Th?FP06bHTB*cNx8Z}3VbY< z?E(;pG4(IX6+dWm{<7PxF0i}guJ-G!{yI}%+|ZX#&rF73>|xg=i11GYV!J>T@|F7} z?9*Eu`7CmZ^ZQXBTo5w*4KVtH zc4z6Y7=ZSC3H<_3`>R`}U-rO&9a3{!l1rJ{e-Add8iW3dw3D|u1zTJpsZ(w1vym>p zd?DF_l0TT{87YlvVI*M*5U7ler7|=K>Q!2bEE&ep`~?Y^F99y#h6r{LRDI*`uN{ab_7Nk^Ku2qS5l}jOh=YVt! zkWhcKE}U&NT|M$I>EB{q|CaQmf2lvv5#A@>9|PR5M=bi<=qXABC}hdsIoLDS-#N&0 zvIGJz=>jitffvg^0BbHR^tLU!u&1PX_mhk-frs!TCA0{BSo6JO$ouR>?-{;@mx5N~ zQlFxYo=(A`n2RA>WC}QK{`FuVJ@$HU_R)IGx=8fqk)d>vZ$0k161`{p z*5ke_Jn1D`+Z{UjN}2L)@_;Ns4h5GZGZA~DpHHtngkd8L7Ap3vADo$>7(CPbok?N< zGh291Nkd$LC_#mw%plZxfhO-1t}9Bk?@mX)$395KUBlMoLX76*BLBiHR`)FaC|fJa zg6yS}rP5}aqLK+lEnw5_o@8w*JZHQ(l3!2MRY?qfrDxspa~Nv}WJz%v^hiJK`?piZ z8?Zg|EA_D_d7%ZBCLBjgQsW3qjie2K*pQk6U20}W+b%uGOMzKlX7_48S!DLHhvJdh zBbV1``xliz+Q9p^#V8#ktri#lMY=&B3~L`XTW zv&+s(3eempAt_6v)ISF#!ETjcb)FNtc3d)^f2f&(0^OM+mVZwNep08*u^fQ_H2T>a z7~$S;hFQpztX1sBU?M@GU~2P7>J~xcmk_6qlawp6%|`!!#-b&41z9;FKsk8%+pK(^ zUS7z{*HL*n?b2aphr^>1N!~0qf0+cf8V7oifYxDBhHn!UdHV;K;13&Q4`Hz+L!Z=5 zlqUhU;vM(Eng&`Kb5iTh#NSU)a;*P5A7o@=2EyBENkYVWhB;Zgz)dg;rf3H_#tvwE z7D8oKqZ(?oe@qG;mQ91u^&sg;Azwq*B_MK;nj`21nONYxi`}%rOeA@WI59Q2)09dw zcYv6_ju~wHQ`v$ccfvg|cl+7wc|{XGSA4B_k@Gd+f)3(>4$cLhRGNJyU(;?p6^Z5T z3@%v*&_d{taKs(lyZry6gImX72lG0Ez6R_dG}Z(()cydjHbSnJu7~mq%Ld92lOYLYoK3iL4PNcCP>snm)D<9WyArevFCF!pra znML4Os+D}g-=VM`RTo9%=8?8DgS-bZwE=({2;6@8JEYNO#%>W=yj%pK2wIrj> z4b-Mmi@}H}!ANEy3S2G?xwvvcST3q3#*&M5Ly`o(-#93={SE)92XJ*`}uj;it>! z>5^hjm*e3n`P?IQMG?RSmuw`;a2efVHl_A53FgvU0*Q_h_7~rusy92Lmw<(Da|?{n z#-$>E*Yk<@p_TmS#4|IMT0Yaf(4FyCDx zP_jts$2>Ep{a4g@%og>+|MYb}l&s$UDN--~l-aZ=%n0wwGPUF-aYRwN^=J1KKbds}06X;U5%s_&w<OuHZ#Pos1LQg14EFl1_(G5Z zVqh5|Vt${?hFSbRTi2xvq1)jG!rts$WnPE&`QEOs&~~_U`Wn!NNyJj-=O#xeWyyhY zzR4&+>jny*Hwp?_0iG>lovc9nN*h+FJ57yjr@wG#3{Q1xzZDu4^hUi?89K~XOY~0S zsL;ux9ea+>v_|5m?$^PrPn~u3)akqq7BOcu!*Kb5bltteBfmO1OSEO{I5{zhn>J{; zAsrUDOs!~L_hb*d+S-n?ko;0QJ`=V`2kRWLrj98bM-TdfbF{;dIA4sjmc-VCB#!zz z@dkzo7iWE)wmNXn{apkkTL2W=r`6V@lAe|o*3d7!!o3wy>#e1~7WI6OxlU!b4yMM?nU#0Mne?0UL8ay>XQfFjp>Cit({sqDtM5yw* zNJ0hHS_cppy&X|#E?nDpdJkONE4^cy&x?=c!Bb-`dZQbC>ueCtzHw`AqBA9yN2sq|za^eR1Kxh^`M z)?*CD%h1cpMBskY{=lR^G_$_Zv<;hj(KiwBd*AOFp7bG5XP;I~vpH>cSRXFi*mr$+ z)yBT{@8Vwj7c6J|SI+rw9pk@!+K3m}uEyd-IQU-g`nXb;#B@GwCTZMzbTa39l1Rm8 z5~R~mkWK|b@{C6znqd(lhgpbTNd+OApm&3}${EIJ)x<0wXw|fU^|F4gW3shR`;Aec z(n5jG-4UyK&+B<4f9>v-ekhK2osbmYdQSWW61z_;cnbw~T4uPX-vO^Mh)c4ycZTES zGFJTe^O3BW$hXqH+Yb@rS=t*vGIenov>yL>sFRMUPR?!UyS$v*aAfwwCv9T z@!geS8eh-(1;w<#%nt7_bF|e9jQyoU-(N~`?=KzZ{iPHY@3UGvZp8*>PS?aH7nwOz zXjeHEO&ssNl7C@};PH@!1Ese>k_c=iVaCCtl`rq;8X95FcwD+EGbc1OjSQJAKMO>k z4T0#fw9CJV777ZZXP(UEC=FuGc*Cmx!ejOhkmS49xCj2 zMbj0ZXxBC2;>66qIiaUPON5C_FFRrLH6C?9xAfuqMJHrsy!5+aaJ=+md$|Y-c!uhj zSTBchbkO@=^;OLN>>dj|Fmh)9hePw!jUbq`*61C%z?`zAkw?kQmRDf>A2gzvEUX+a_-J9ZY}(<5mpXUJ6F4 z7}y9XU66<@mSOg$3z7@T3-Aox!1CF>2cQ%{!m{)6fMm@5JP&g}Z+7y@g@Q|Qf?-dY z=$+~0v*^ZI9Lq(BCi$)N6NUESuF__7#!UR5$ULi9 z=MNO0FT(Fz(L+98kLN|K{@SKr6U}?&r)pxSMuxWc<-Ewo?Y-nf(&Cr*c+A|d@1E=H z`G;3|4V?}VuUC$t&*WBmS6jhh%-X#(8R$x^hw4mqLhtgx`vq6!(*E5oN2X*JwO_KZ zAtRjb4yuRoyaygc+0Q-Mf6<7vY$%JIuJc`Qo!amFmJ(V1FI;2~E(`NoUL{E`(7{LSx+(`~?z>9i9jYG0L zlC;B5=#Ppar}1ac(a4u$uBG?V(1z^OJCD%;W+MQmo_3nOK~@f*amd2quT@(k63N=9 zPbPrY%Ik!1Qz1`v!;_Ix38atDgY@xY#`ln?Zb}aBH9t6N$muVHg(9B%k#zZ{x-a$p zB?X{yNH<+ctN72~r9h$6cPAQG0VeeJ}wT z8c*$XCNH>DQit7mrt!vf@NA>sPPvpM5NyT)ywWzT6g$~}Z=yNbe;}k;G^d2}@OA0o ztpB~Vz*inZ-ykd_<@f`_xV$0n%J%Jsyf|mEcfGUs{ORv{&r9KwBhaCrpCKdKt$1N& zzdO^V+y?^QP!e!mm$_s~nV+mj|@o{F4b z1OJ;yX{um=sF&Ah&z?hmU5(lMsuxNZ)wCaH=<|K}>cW5tXf!Q4&0i!-%FGm+n2+#% z>I$DwZ43^hMJnBjB*RlK(f$!eRP)(VuRwvO=Z{Ac1tlD9^X=Tj#c}kgzaG9cF`VM- z@9gp%M_GGJTp&J=iMzo5UBk8v1MXtkYq(gx3h}dE<+~VA9_|7+Kcd>eUP{w7Y$0GW zM6lcX*ybf>$X@gTj3tZ5^blN9(j@<8;PZq18aSVCW^tedAod2%=bPzJOQ-cv%S)Y{ zz1P5xxYwgwx{_k9N0(9gROUQ{J_XUG$QGJ;k0cliO*i&Ka>g;epNi|&f7QczIOb}L zZ1HV8P8lmZ>rTqf0tZ270^imuSJ?G*YMp`S9mb)8&(z-ngIp9NYH@O>Wt}=^rFEUk z$MIlP;X8;G;2|)6d;dV>?v@l&(Hld;eMk@YL4W+|Z%hWVBlDNKx3KOp$0uT+7eNbK ztlxz@mpt0Khf-Tg-*@9;XJSt>`AOFM_ zzHa!1Z1~w)-F^lYX>P~jPsN6uF^eomNHTdAJhjnO{qdiAMuj8Al5CNpxmG0z8#2wN zU8_OO@F|r3zwAPhIrHK7VM7OkMhqy{L$Rf$D zEE7KmsI2qvQK8W=Cd29q{qj-*Y^A!@zd%4auTz29J`9;iCvN~Zj{rM1aorAo^8x>X zKZxa&KCcdYdYtK1oJ_SAAm@u^9|^{h4P6SqJeVZ#*Cj&6DCROjUV;aS0s8nsWn|a%+NdL zVy$Hfo>O>BIS6tr$DJKIkBGt=(#8TOZkTOuL|=MrfG5(vi|o#)2g0_XIi6v_TQO_T zo8Y_mR~d?m@wWDq5w=CbXxf71kzwU+V9=VwsB=P>4MrbNO#hBK`tty{gkzrPB>x<} zg&-NQncP1;`o~b_sv5hIZ`1mgsUN7%GOuq+C#`P|{Xl(=dCPP=JhX0^x?9iI4vV2A zo~*G@2~@x$s1eV3PhI}!)bt|%oL-|3cQgJXRLJNL(b?9pvmg8=DW*S!?eFIp@ud`f zeYVHFKBt)1XS;QM)=j-gCmPJq9XXP+5Dbkj519RPbJ_QQXwOLRN?9+K99qYqYio36J5>+8{fol1UT1&{2)NRGR zKT$;^$K&E~#hM-~z62G0_nnzQjvxm&nwgQt??Nvm@&j8Fy0yo3r-!2la!kW6GEtnT zT?OjiY^KMHzX#g==SQpM9|u0Qf()}a%`f8%@1J9|@9TLMZiwhY@9pD+Y5DQD-}7XC zy}wWG`%2DCK({rB@(x>!ZIj9WL%Z2k*4?a~D}oel@MIAcK?R@Mnzo z*ZkLF1*bhgIwWj2Xx~F>9`p{7Ra6kNd_ikhk|LnChoLGt6s9c2Z1VYUElob5L^k;s zLgr2JZ=$y(pnpuy6QVRNQ_4r_4r0%nPHSee+Vpk%jKg8|d|QmeFo);C?PvvogN+?mm+CkmI!H>W-wnetm2YvQ^Y& z6rmZ6jwy9UmiEwpEe-cxe}<&pkDnb;XB2CX%t`9&com;M*%+lr;S(NlB+bziy-+D= ze|g2+?b!PR)d}k@n8Rdv-cb-O)gNdUsctQ|1~!tlzcUv!E;!&h20M3kc~S(3KMYdH zA}Ga$(JkF(ZE0>)OXt6+ueLKtYQaRDRbsXur+)`6`-Ah?!iskMfn)K_Hu1iH;^P;3 z@xRg_HIL4ReSN>hz472L)V98Sg!qr^9ls(G>FAsT?2att8~k4$NWw_lYdq)6_olrIS1mCkpi!r>!)LJHn-o5SJ^aV?7-z80cqb9} zr{?q51z3qa9R^S7{IwzasVL2KocW(TM41!M`M4Moaucs_I_1`r|4Dz%$TZ)=h4f;) zd6suOWrg4El&w8+iScfysCTeodC*b955)C$9xg{e59jFpJRITVJ5AI6I!E^(JIn$; zHbndD*}B)HfR`UdA;pg*d8 zsh@4GPxCjlPxZ6R^=Wz^>{I^@4xs#5>VKT|!}ApFpEh$(IyMB!X~+lZUmHt=u^4xc z-^^g9v?Mc^VXuk9o_n$fe`IzH-s9aO)_biZqFZmgq3^`ADCh*<#w)?`_Oa(ww|aL< z`=Fvq7ap1GdfhYJrKHpT5#qP{{!#dv?H{L+|7=85yqB*b&bguYzY5#;PIEd(?D!78 zD9|$!6U3%LsL*?!Z$0kX1n=pvIu|pY_R5#I@~|AJJ3Yx4gVjcV8GpQn-p4vWZ1f@Vj*WDn zu-2dWGAWMyB<8)Wbe!I_L7sP%XDUvL91jcV$QqfLvAw-XQO zEwkJ8kG9;1On?v+b z@e@;jjG3SWY#eFnW0uUgzUS-t-nVQv_m#xX*K?KhC13BjlDP8q7R1cg`)om9^Yxxv z5ZC**K?ZX0!_}C>1D^iW+tMtjQ=#8qfz{9X#yBmNPUHa1%mfyRaqEL&VlX~jlSYjB zAhW8VpoSHc8U=+=kmU7nE}aK=nm5K&x3nN(x7~Dm=oEz5|We^M2dt^AKyF!vfMv zeS^Yw6NNSV3iH;zr~0wSv$Hae`o?gzeY!`>B0uy3oYy$#(5vY~8+dfwQo6;Zs-4i3 z_S|z|X+MDPnNX^P6KSr+GL%@C8bE*$e$)@16|iTXp)N(0PBeJnf=?ixq*OcT>BnN( z{RCZ?bs|;Drb{3PE_vX|odmw!cQ6OSB{#dqYY){@gw0 z7XawYAM>^tn2x=e^x0h#V6&9cE^__l4`%TEF=kIlVSA$XW3(rrL2Q>+Md&PcgurJ{@!`1b+Shg4#(xn_d z3MsVLrMO4wRKEBlpz@v=-)}IOIxI=Fvgjlj7#_Z1%NhLG2Yd$0<4Q$`T|am@>~S!o z%#SChU!crrYoFMfZo#Il2cTkg$;(Jb)u-^Z!t+kz3+jv9yeg zQ{wL&xL`7~*A5PhwAb)`2cc*!Gt{JIK$p*b$h2Ci%PNuiuUZ2dU{Xr-dp z+|cmstYDE*uoHzx4BW~KU_$mFj`|A>0cvC1BbKp`@{$l~jEh2N(Q$0n?0(o5hwybY zuxPD1F}$SVL(aLCA0!FEB`OpMp$&qmgZ~vGI{1kY(ZSaRYX^tL=-@wus1D+{y7dlj z24742)!p~*hxak6zo`kkM`632Cb-rx+zy0mS+We_5INdh+UR$5>!N}_^9G)&vLg>TUnTq4~Z*xN(!**RQtqT(ji&Jcd^ms1H}LC+{4v|ScSGr2XF|41O8c;g{BT%*-inzYzVlu3 z7eKQoOUe+b`9HX*-*4=9v#y>KR)V3Y0k|@pPJGzY{v5W@xCJ?V{xRK#AcFI)A&5t0BfC;E`?U*zt2Y$KNUhwq z3*WFBJ08K?^P1W_Teh}071}qu|9W{}c2u7X4^jktL|?TNpqo~=MvV2yw;n$yFQ7ej zM*(<43iKD_TSJ#Gzi!!0K7DiS-Q>Nd4ODmMJIwpZ=@0hy{UTT|ar=NOUWP09mc+nT zTt3)~(y_N*mv24p#}d5`dVK-LE;@ZB*(`Q}Dfl_smuKrsM)-XMo&0?SOsv_4)U=a! z>0=LWvyA;8H>C^hoOcRUvvQ$3gbVNaN-9bB%sTdUSO3&~QfphP_lV^wXQ@Ug{T5>Htd5VZ(lUH@DT)zcPURU+Vzt0igZMHZJ_=(Fd*>iQrBE+C5om?rW4gJxdNL3PVWGk zu#cudCKf!!Oe&X5+{63jk~_71$E6EmeE?4coDU**4*LKsK0QByH{e#NFK&f8D3(2o zRs9Y0{S~ncKN;)diJdfPJeFO=LDw`}_z_K3h?AymY9;;J z0D*!+(Vn*kx>Dc_CXKR@(DSAM05YiZGGQPE0ALIzj)6%2L!fe4ry7||>mPGDX)_)T zGSrL>rUC&#cY)em=g77wt&U$|GduMVdSF%|wtR)6O)j1_3%v*VAP!(7Abzz$>tLE( z02;jgM*LbO19iYSiUBM;+?SQjmcHPh69M!Dw|rj;Kxd0-Q*qPhkmRYEwYGM!VFF0? zppa;t4WLD$)Y1<>D_xu9tZ-yPek86b=I=qPsh1{?M~UAH7do$}Nw0$<8w5k_?R&V` zRFS_Vi=u3NZXgR}PZJN8_4RwIhyjNhbYvzRN&Qy-nPF5Bwgi}S(wJ66G41JY@R1@> zRK}=P#I{NRd6|FTmFic~yI$k~>Cebc_dZ@dGknW7WPOrQKo%`9e2(ERT5gW?`>)hx zrH%%mG}0@$ulX6xu12P=>so&w{n&htJktK@^=;5qMi&qeE2^Hq=Z@2_9s6@MH};`@ zU&%IVYHveWLCof&Rb#){kyZ$Fve0|L@yYV!0j0;~+RAdSzh;tP&4sEnlv=A(vgeqDf54tL5sp$qnk)E$4xG>6D}vCw}e_mkfY$&IX-><@2B% zUvDk6IPn|ULeTjaJZ3K8+jz8potQ4jTh33wm!9OM1cfAA13@#rlsFM_+uQL_Rh#A+ zLz^DE{*kKw{7X}1ABzEe2MvOP+H=@k_yPr`AOn;rj@I^)%~?U~Ea);M>(#KYz~SL= zaVr7jaQ|#2M<$RXDf1i8)j!H4uD`!n4p zI$3|Rh}D^kPtXk32E&u~yWz>Ztj^H}wjZ{^lWX9K%$^+lRL8alpG=0XbV8TFKajeT zL3Dho*R4m0OcO*NgLuop@i0J$kk7&QV^&7Sc}T!{pfqR9smHVD$gSPI{~@Bj-TYB7 zyZNJF97E6bVZKN0&;=xBd@uqYHc8%2t@5F+u3$g55=5LYj5wTchb(iuR`4Rg)9EFn zPLJ~EoChR4lhiv<_)^@et1##+6xv7NFD%7vAygU?u7nl(0rS~OTGcBvgU(Ep zvkcB+9WZNJ_cE3RvXpI-u^cXABzsK8=)37b=QSu};NJscP8-2xES1X`3RgQM_rSB` zPBsL~@{M5>tcMJ40F~PBCHQl>z2f4+ii_u2g((xqgWv5#`s_Ci)ukkaGMOA@gpQ-F zXn2qza>=QwAHGk#neegBy`7u6v@B;&w2ySI{Y-yy)(7+?{bOB@wr=Kfq_8?~e57N0 zb~BeFCwua;fvs{gmm{$5E(fPh>LmV?C zC|7-yr);x4<@8mab_e?+PayPOL2E1Ti#(-hHPrw=bzWGQXg#~)vIabvp)GD2D@bFu zn*0-XC}s&4Rh^I$3q0a)JA8q# z-T!PG@HcFg@Ub@hv~;2DWAEK9d9^mcg(sbZ0TJ4=X>%DCIzS~?b>M|ng3aX`XG0BE zU%F!~`_OHpfZcu!lms+|Knws4Jj#~@IEELIAWH2?KripXLq$-^zKNqI|FvzL(esu7 z_8jF?QuEe8>1?)W0^Y|xv-#-~k zGw&^G$yV?%WW$9<*)I{nddc`02j~nP49^ z`T_C5Rlo-qr)aCPmh zmb@Bbape-=j?baMrd_~L*AkYhhAjpXJf`Yw$i4*qpi`1;kh<&DN_po!~oEv zfDfDi$M7N&M5*0}=+!FhiL;@W4hQekh7-OH;2ETg&NJ78iJ=b?l!eFOnHp3U9z$7B z--b0JG#~DO^-NiGJ6}3r$0_mai>T3Ezh$g3tbYI^eWY>m3xQhsrABM6Kz`}@e3Ie0 z!I|+lh0sTP=U_hl+C};yK-2fQkl$Lt9jGNVMDm*hiaEb!!B1tf$^Q5zn(aoSr7Q>N zRsV8TC0l+C>0u)7}|P_%f(!RVH3o zO{R(35XW!LI0x08~J$znue! z^wGw}Zv^TYKx%0(sHJc(y6G=cO)K_Au@mE`ta%u}u8ZWSnm-$>SjC@vv1fOmM3Y~6 z1}U0VXRuNKnXP5N^yl_0KGs~LV%W1!0;o+}#;}x7y(%AGSS7|n8dl%%n!cD-!gFox z--v|}hyh^W0v|jGa11XZL6q9tC-KD$2dp#84%h)=)2oje;$e zK9J&9;?LLNO4b`iv#S5#%_`!$O zpKa9np$XaemZyjx5QqT)0qMbFfMa+O38K_q8_D?r2dwkMhIfe{sFjug_T0n|IcMtp z;GkX%J9;Bvr*@SOzd#;Ub7+yqzD7Cr~oD*=U zIw#b=L!3aZfHk++!U@`9ofA5!7sCebB2J)@%&P5We?w4?5pmCd^dQ!vxygI~%L(bm zfa02e0*%_=JQidAG0_4Xg805FxjFR0bz_A$y3g03yumPkpyQ75$NQ4}I)5oUIGuj{ z+(rh(OCkFyu8N6O zTNn-sddPkjGp)YS>^TI+>sQ5F)v+(5LS>W@s?L(hpMT=$)+cxEnsk(`#&B#}0Wx zpcUKp*x5NR0@Yfd#SC5|C2x>TjXt}IO8CLNJh%>-_@Np$snm{|I_5Leq*`YafGAj} zrtSvMfA|0sqdq+4NgToOQ$A~aO3+)a;Dm+#gdZM@Z2AQ=R=4VBsSgj)M5_wX+mC;t zaA$iKFXC{3g>B(eOUzhY3UUkvGJ}3d7eerdD2Kz3dsZ7~GPn8|#Z~?I7b~!29>!a; zzlo860=s_vi-oP>Fuo)&LVr6%%c@uoh>BrR+y^k<0^>#^#Cm!~Lt+YZ$!p+}Zv&Tn zE%)L=3_u~?Y+;;??f&hLBxwiPRCGybwF+NL9djDXiAsG&xbAHes>CYYZ z(>Y@XOK}uQ!BQM=Vz3k`0~hQrT(BBkkXe!#PXhz%%$xzHZ)gPD=@Yw+8G_qkLL2^Q z3Cp{N-;}+mvo;0+6vpffoW6S;^kFY-K_AWtcAGKyL?d7EVN1T^b~-&n2#Q)*9jHrQ z5J{;;hKf#kT>ZEO#S(^siJ6|}%)~<5aZ`ehKIp>%LM)WCu(w19`sux{u8Cck>p@w+ z6Mwb}{EtwE*?Y(0SJ>{?N6SAtu^#HS&*0yr@aBbSVfnBKmr+tJB=s!d%Z_&H;!b_} z@b4(@goJ;4!h?gsdo3T@T5H3U=sB<~Q^J7C^9CTyqbA?>Xcqq5gMMYmx}cY6wd85! zse$xX;&c@QLcpDnpJ>yy_ULU;Pf;mkf76o~kYV!=gRg3;c$5~J(yh22nbQ&KNdmb5 zf}nm5QAE=zNRraf^^o|%#Stn{B7&N_%?ycApeqTAR5w8J%(QF6P=?0m`kz!iX&)5Z z(2#>zodg=H?=%U!ntGG9SN%hFXbUPLROpif_?u)u)CCDReOCaXIfzb8J^fV*{k*$f z4-Q?rh6kgxjr3&wc0DL`4truj18^M-ZsKkog9vaTNP`xlK&u#Nzuh{@um1s{=&mwY zon$adpde06_IU0n%=G*We!JDw)2QotZ5sw6s(=0qP+d+A*wi_!o!gB;{RP{}VGr%> z;ibm7uEmGPMfKOsGfp6vlGQlnT^-$ctPx7+zQ%JKsK!sb^fnIt9crw@+%~xm6QY1I zDD6RRWTsu}v#iF`ujy@U#~OhiYDlcc9k1zati&3Z#pqQ&WIN<#L97pn=VaAhZqyqp z#A?U)R_&wpEYGu1Z*2@#`!|E9wM$;jETKjgW=`G1YFufI=$F+{V{H#L?q)SkF-Eiv zYm`RuF7P!=SftD#V0JE^MXY{*V`u@a?~J?t&ka<+Sh^txE<#DgrU(k>D@T|%s6(Gt50a=F*HwY(tES+843nR&eCj{r2?2G2_zqK;TGjU z-D_Cgx{Z1l?!~(2##Ogt9o1d9QE&I6XY>ti5BWmb5&2wvi8w}2Up1{1FV^taJ@h4? z%7ov%#2l|LF?-+QZ^1CpO|S}Ym?SY|*hpX`QMNYP zD}7ic@bA#2itKv`^Pq()V7?{G^5yy1YE7&bdc^j|4v%ra?M?Bu}o-QF;dB&m7sQrU2lqk(KQeNa3da94xN6Q*|qP~Xy9dUA}P$a%srE!jz zoOjVOCre$;I^3_XhT&>n zjcV;SYiri`xinOOz-l`lwfOOK#WB?#5T7f`74NTV<3H4${70Y(e~9-t*0O6|4O}ry z1{WS`_F)M|mep0@RTk?PPr=x%np(fZ@%HI-~)mb|{xhw=i?#LoI_|?n|@DO?y?Psr`N?<|tGP^Ql|m{$Qocs7sB=w?X1X z2rPJ8*>g9(q5UH*8$skctOt{mv4LeS8Ccxl_)H}%>!i`dv;}Zc%2&Z(@T)M-)skP&o`WS`}4$Cx98iMT_fL_D%K|r$SZ3qIjTsUPtZ;Hw3W)G=JrYX z>ZKj7k-H{W96!KWam_%x>z5Cwt4GUDUz;sYtZ#CUnQF)HXo7WwgLKQeX&o?9>^O{+ zhLObvmBogbc1>EFm^L$QrrrA}c>=;? z%KfulN;x|84f|n@O$=-yTdwo4Smwu<_^DDthf92EIl_5AhhflwWj^6-z_6KNcQjzw z=-{1Py@wUzfN=|mG+jpnhH;ZdsizTF1opBU9C1aU9c~mFu^jjoe#1<^UxgD=Ag(eRs1&10Qs}zafH=%mOxG}i4u^63|*)8C(BweUB zqFUw+LUh_$d$jW!()N|CuES36}RYjf3s>a^nu~@pO zO?0W+Ntfz2xPbnl9%4^B;JQg?q>Xp z<;9?pLla>Pp@&h>n)fFA+eS!}HaoHHn3vYjK|C%`X48Ot-uSfkBttUrAV6d>L?| z#kPs)h^5|SNq(pOPyE%H255eW@KS34?)}6J z50i_lt-rHNe7MO`)*_Y-B(tys+n}Xd4B%@e#1}dsY{3@tCD>uMVl%pfz(I*)oh?kO zz;37%8jUZXYu1uccqi>K$m(j;>$Yb`tVc+1*Q9!q`!YPkn=k*Euhgf&eLhCU7`i+Y4QC5Gh`- z6R;G2GPq?3=D85&(L!%YSsV=x#9K;@$(tkTT{a4}lZoI1h~RA<`Ql5Y`NY64jNq^~ zFoKtj!X9_z4|tC15}|b>1wKYXe*y6*=O&~f#&s;0R&t^OfA5F&q9f$H8(fZ=KQCwk6_}-#0E`)W1z3Z)i{0igY zQDKcy*sI34kTk~c&=LkC9l#9i8XqtJ)V zOiyvXAa%jCPAe4cshgjKU`Co`hoAqTpDD0zm$Q)C@?4m4XG2#P&}5f(bJbYL&mCsq zk>qmbky?okjgT931MI@cZbIGk4a{suSmj60r)$!aY(D8lGxD$b%47yuc(nk+>r;i@) zP9JTGn9n8V`LwJ63=7vxj9h_t@Sw872z}Gx8d&u6fDQpxKM?OBMO@GZ*34EAS;5%yuCAAdA@tS!5qL#k8`E3h=WQ zV%h^26|x@>UsTL~JbsZ6exMD3w!?m>cz@YNl~BTL$bHO)EN6O+Qa)h6s69kEdNaX} zg>IA93GMAbPhM)XHbu~G2#pow&1Epve2%O#7o~JZN+6}ePHps^F zJ2x2hsiMqwMJ)l`4zUGdHIfiEzs&qi4n9Yyn#{&9S!nq7CT=lfD3YF6(*sbmS<5g5 zFZsZKP^IFS1J5CxlKiAbig)66{3^6q)!YE`DTq^>&+qaKg8d+RhafK!?98)a66R0M z#2jTX5U~{`!yfpp9d~%R?!IB>BZ!f+Yv!novL+A24FYXc6hONe?N@|AtB@8R`I=Fg zZf1MJ6vDcaFSlt+?;l3*s!Mk1{q@{}K^vs7zxj~lKVW~p`s0r+(hG$ zxkGzt(J&!&I;I8Ui;_<8k-I8Q3>09ILZ*TC+dZ(@T*M0SvGy$%OrTssW+V;rL%|=Q zU_EN^4XDet1*MP%unKlPybSCv?RqRL3zs3>C0JH$Ejtg(uE7m#r_DPXER{+Up42I; zC|EypjUKFjunYjtV3{tn*u!;e^eg~x8PDw*%$`&m)vjhw47|rNfM5TiS3MW;e$3wa z^~f4}*k$1TZ81FD#2zkW55F`Xw&BC4;Ng0(Mua!Vh=YtDApOJ^>RH!s83#V4us$&?H`998fVs!S-vC zypHZ#=#H8kvr}A5U#GIYBgwou1{>HV25zQP{pIAsLq~#e4Dpl797QY9r-x!YB>Z~r z*85Rpry_a)XmWvdjGKDh)x>4I0m^xWl~6$`uVEi#_a8_Qm)vkHi2Ew|!&|0z9HD<* zY7xKzA=D;^KteK;zz59R-YO{f0=*tCDcAE3y}z>bC=Nn+qU z@-V$d-^dip#uMUlj3>*@etdE1rH3W|!31&fQTPPR*0O=rS*c6k*DLT-arB2-(^km8P$n zE;oJE^k0i`GV*XTg5}d_PSo-#a1GL5xVr>mJ1fy3b*trQaJtpy==ufLWEYYP;9q1^ zv{>DYS%c+1sxK2uxaH+YK)1?#&rCUiM_L!4S2iXJ{zfe9FP0UivN$R3mX=`GY{4bi zHE?;;XIc$+8QNgDNjrP#Sb=@+SS|R~e=w20hbm6qfm4lX3&=KsoRREhq-E>C6UGoi zfBud>ZXFZt)j~2RfiHOl`BGiBX^c(qZ$h91Nz7}7K$%$fGAS6QG1%tqtpCC)qA$7! z28n?oluF3m^~ma&#*Xewmps*uOB!khG}ZdSbTD^3In*WficFoP7TFJ73E7pBe-q>J zz<&A$?GuzUQF;g$714iTCJhLu${_HU5b4pTePijJ_da7Qn#-tK>%ah$O6p3d#XhaA zf{t|1o)%&U&7mQJuW<_8!FKYsBx8L3*RVE}O#m}PT({hFD!QXr-c6VCl2a*8R(=m$ zC;l9|s9(2c$(4gFW=TV`iGpNr(5&Luk}_duvbAjr`)CUWN8Y~&w*t+itREj?s6#&d z3>b%7`7`*Y%SMss&!pec|5t1H|F(|^`==iuSnp>%kc2y$2=BC9ZFWl=PGPqBC%5Ml zrxZRRl*G*u;(r`!e5X&PVO`9s=E@+!K~@jC{-{#A`}BU@!SNxH}opc zZf1R+r`@EY>(0 zSin|f7}6m!^#`=Zx4Pu_&=;+nqL-5?dJ!{4Y4ZTV2C&mmZfm(IN_Lyc6usjQ(WWR5 z=%5*iEpm%7Y)U3SQN#8p$UiN_RK(G0@}lMR0QpPz=rbnMaWX5n8m(La{|p=mIBRsL zTfnqsXbGS>%1ut@Z0CCkW^&>%XfN?)zN~2%-UTM-G%_c(25Q+Ig+d{+$?ojzZYKt-*=i5|4O|LfeJ5mDDq+d0qUu@IR4=U**HJM| z#w9{bTY+nXnD!{HwdesrY``t0m28#OC_?{(mi#pY`s)K@fq9b-i}kHQecQw)-vLX zEF_oX0zhf(S|%P0?^>qa4i;1<6kr&6CR9?E)8FzN;IF)+d9S@lEbcsjPqD-)H#wU% zEbBPnsJHRez^y!q+fp#daiB!{4q;G%q%n4K@}VJ|U(xXD`?)+^7sa`BPUHbQt5Z&{K-S zR$+t{22YD=EI}@U_BmE|e2~er+yUcR9wpH&81XuUHe+;XrhP;Y@t6lek>txiMaN_6 zcsS}6Nm`Mu=tmT?oVcNnEan*WRkdG ziK>tAe+HrhGrMr#bL}rE#%HbG9S%3#4ph{`4Ih$Y0Azn{B83~aGc)-2Xi8jkQB~5S zOS;lzy9x?7T`P0x!jpI&M_=p6`_SxL&>0o)O*iCoLV8#}m+^Qni@>PrR+b!OLb!7g zO2sm>P^4a;Xm+YzH~=E@wcj$AjTm?!!K46B{w1scr``ml97YAqF;HJ_(X)A^n_c3R zCRDVbebh5)gSW1#rXO9a*PwH_?CV6XfWIL>%W_h{?-R|LJLuDS&`|x4VRz84#Za)C zK4WazzbA&4?jtA`!Kw=n8<&sw|1wtaA5PSJTeiEst1FUFEGd8p^$!3Ci>z{2*laru z7hENI^)AC~`+;7LmOTAkliBtem7R4CK)IC*(QKQBW*e?zy4ltNzqR)@li7w(O=jCe zgd@;NrQ}FN4niR0AaXaF%(mZ-iZW5$U38?mBGpB$`}@7e8{O zu0z8lBcl>xfaoOzj42GG#ZkyypeheNbq=V27UD87>w8|0iZ^a!lrRaMODB6^7 zOf1Q!(_qP;ejs^cu3$ZXj!@|NbGmDv?X`7t{KY@R#5G`LbveE!2n65eRMNp}_MQky zOk2xwkF9UHi)8h5G!gQ|txdLx+uQA!-bL0`5p10E!07I@dD8H^f`KOQ(ct9S0gu}I z!;il*)B@r?9`P>6%{msX#N9h$Yz5PgVO)+DSrP2K^I)T>P#_ZaeLkLYij@M`4RKk% zNGM)IJ4{kWw;BNtP6{YqP2AaX4X6-MlmGdibKjdclbNj8zdt^jH}Bo; z+;h)8+dcQ*Aq(4Bsa}#rGQ~4wSvEf&%%z8JEi#nj^QuPBgOGVNNGXKj0SOJ0NikYY3d(j2aub^ACx{(` zhg+j)><$PRAsIXRfwA+f^`fb4pB}<^X^{<>Fj`d;J;pVtmabAQF}H4xysBbjDcjq~ zUCYWPdmEZUELj73h|l0sYf-2J`nI(gh2(^>_bk4MlrW!Xt%flV=+nKEbzk-*;z<-@ ze%|Q(Vu};bRag~|Bh8go~0GkpwI z9W9}%*w67@$EPATmCUv+{=5skh*jN-@u@7~iH)((!45?QH!IXvWYYtB3J3PCi5xN8 z5q&y}U!b>7(yK;;`yuc&mvh#fh=O|LBzkbn=>+DE-iU9uGv<^&Oy*c&860oqe0k$B z@#wu<`6Pt#+uqnrYd`Q7a#S_XUo(_jVcOacq0 znPo5&0I<=l)sJL0+J<@LY!S3b1cWE|3j%cZo*pbB|LAIa5!q?V-8_L@NhK$;8)*wd z8{0BUkG1?V;o4Q!MqBxySMW82doJzhXc?%iP1`t-1&yFAXy|;-OYj+Pyp;0dhufbi zhtBWZS*+9jlXv7tAVrDT zA#e-zo94q>F24~;)^N<3No;CBvFG)+U9bC%%e=6^8zlTFh7aScj>Fq1{GsCoPx(nW ziZ;?wn(IiXD$-E}4kzISk7vChGGJ-kKi>8F7oK&^{#{%BMn=%zxGlqP>^FeC%5Btr zS#2vEfP3&X?)-VAN5hL~@7mzo9Rk{Of$+!M3U$7*p-}rIAc26TXE}lZ1J;g>Mqtdm z=Ih}I9Tu0QYKiehD;@-zIbl?qD>~Y`zuu0m^Lds%+p_=Uac_N5Sv28KXr$!6BJCeV z5+VOPPf!st8!?IqGEC+XZw%jJO- z0d)ZtP#4Qvasoxm^)H^zSN^Q0d^g|ku&uSw^Q7F95&4f5fE(&2{>r!7ZDY?9Sq}%q zc^rggfEoj2Dc9jb4F9h810*rSjYDkOWjZYx?$@Wz^yfADY9W6Mwawf zH?KQ*c)~2ud1laDa1V;jGrb_+y4%%SHOV)(WjQj;AK!_;gd4^yr?rE-JbiqOyDYh; z3+_@jG3IhExkkC0u_kk=;xcMKtgtVtc^qoiWj7PpjPMuLIrG`eoowbvXXX3FDldH^ zp2P_ad(s{3#!n6^g)INHj^T@MJf<@bd1IIpZ~jEQ`OU5FG+V(ld=x_>d-n8OW^`s< z$6Of4y589}ymN!gGq^r>XIQ&Q-1b_XFUuC#KCfT9DBJd|`f_ZysxQ})*uF8Axb}@z zn?`)ckmvN4e9N)w8(&Z{_f)k_#CMwKfVn=)qv{I~KPnXL2YAXCZ)K05Ll^h~Mbt%arq7OmtIa>7sHK*7Xz=$%oKogf z<;lGzk?}F5G~Qb>d>M);SI?BosJi>9I!El+FVI8Y&D_hOPTX&I6cVz0HZ$ zWt7ERWi~RETR&ziC|uN z5sB#jft_&PL4V;*woStrnbuz@Q=V_p|M3SWF)u!p{j%87Z9Z@q|HdwFb0U53H-f(d zdVTZC?7-Nj9%Xv@x7(jU_B$V#18m*>5BdnLgikiPe$QB z2Yo;3Gj2OrTFj}0xM#A0B@_MV8^ryGmsA?nwC8pUVgtaLvqJsH=ywC39nof%lgp#u zSlqk(GCn34=bf=>=m-ry?A)ZG!CCY<5#IzfwLyQWLHgSr2j~<1(hJv~*A?}0j9ypJ z{jd0GN_vn>fR%^wB6t|ji@DGE1lnDbJ39JJEXtw{*0Jlc)YtC{DOPze)S|i?tYuf| z-mB2BS6UI}Ba_;(=bn?%{~1`h_vkg1|Mk(S{Z?G}!u(1~z1{JP&x?}si>*c9KYkIc z=cR{|Db~7M`eprBXZx!SPui>euyY9XVT059$r}5i57`uzz_Lj^jyEIT820-v9s7a5 zl-xR4%gaKgr}l?}V?4@QfO7CC$2!#GXZLfa?B($hzh>;fSN7c2eeUk>bl$7-wL5s< zXph1Beb8UKgLmZi|6A}rPsRNj@_veWxD z*x!LZts-ytf_2qPe04jXsn))lC&k!&-=XcNzc(4YDOAz}zYp-Hu=xI`@_GL={wMO8 z{`S<|<<9q)`+j%!c(9i3@zT@!rFO=K$J)K^7#;-Vso|OJ%lLljw{sHYCEm>mAOGKy z?@`zHTfS2efEhXW`z9}KlC}0NI!M;BeR19C{o^R#2|j0-U!`}phI=*U-_3X@olgOW ze*b--&(8WuT=1V!fiOSwrx|;}$G2DbRcC)S2l1I#xc7z^a<9TC!BiA3WsW`rE0I%Y zm{ax!l;83A|@6LE_>o^qjFF&_O}t z6i(-Epa?TBmGVoeX;NwnN(GEX_)5WAIn=IS+heAeVwW|A{A}h*4Z!2qLSD{wM>aiz zbtuY5zebQ6tlh-#XW8!+^qx_AvU&&I(g$yMFwI8i=dam5TgnjJdGK@$-_j~;v&-=sgZ}qzyDYPsX`|K#2uVY#+&bz>6sNB9^ zQ{&CZBUpiNKzd4sKx&Oo1!vQPlFi8GvJnsoU#iE{l5lDb@|fi(BLwv=ySv-c9KbFT zU;{R=#xRP0+>kq&CIbeWj9H-2*D;;Kr}!tL^Z22lXBuYm9L8I_`Ex+OlV^!`Cl9%{ z2t!Wv4w@)5c+?7w)BbwPF|LI3npR*2=v<0`Ln+x9r)@{L5JQN|x2Ka#S)He>Uq3scWXHJ$h)P}hl<)=DGb8atzT}n{ zNXv^;kJ*AQ$IKcW$Cy2o*3-etoR8DB63^Ef>F#R02E83OUY_!&nS&*anI{6q)}wK| zAT8Cn-GC!Mp0*CvdS*YV5eVa>X3WP84nI``0dB2SBMKD>je(ka>f4Ir( zH_orNPH)|A-r++aXv-jrCNfk_6(JTFp^XqR5JMu!0ne=jPakN-8u_LL78fX!En zzl73pFPkF?l7PNg#%nRNRc#FqTk`^-1UaK0;lKt3>VW7pJ`BZ4f`xi0kw+;KvPoy! z3>qf<^mv(cH|J=yP}otF&Hz|nOwu~ zrRYElgxZ5q>B*;Mx>`n3(q+!1!;y3dB~fUm(6^A3QN`TbC{kl*Zv6>1k~5V>|BHiN zjlrjtvMhO_)RHBCIO!Ny%LGapB`JTiQx+lRF#4q3d5p{a%PI6Wgx(GyP@dwR+(Vy| z#1kgmx!nT+Yu(+Q{Qk4V`dBkCk0HY&ps5b5SpsiJiz}4m zzH@b-PVI}-%B{zD(otWubyTPs^hR=dn9^*)nTeJ<_AZ-3#QW_{1ZqgB^gfbp4XYdR$m@knHv5K?IXNDCCz96A_%(Ehu z@+KTCvRvNg$lFSJLpg-c(_70d1xukGYyiIX;3j%RFC?y%JSBZZs+0#wWsDw8Hb8Vb ziKXaW**vs>j;AT{0xHuKdJ5y@@rH0$sb@&&cl7F66S{-mDnd`n3$~tAg#Jn|!8#n~ z>na&I?yYDO4-m6P^W?KKEsP4~9<_kDvSF+OW{fIfpBy<;f67<~9)Vn-4Cu@=7>{~n zi(q^umleg>s6rNBEeOWEm8zhgpi;GC09=>{dQIlLcb?&@1I@`ssLzg38==l;wf0#X z7$M6>^H@|SxbPbx-dLmE!}~qgXmTMlsp79&Cj#O=W{;Qt^LrJ%3VJmJO+la&TY`aS zPp*OC_vBV#q>0cQq@UGN4juFise;5HTB_tnB*>>X3Pz~7(AgYG11g##INB{Ub^q_6 z{?Cf_f2{OBf?<~cek7WYjKvkbnct7zWTfnkH@-JHsyF5L@isyOh5ed;Ca#X+N(-jZ zPiecLfPRW9!8GLYR&m4L6%5pn8Tpk4FgUOS0 z-YV$uzNidx{75v&k;nYvXpqNFPx;T;U}lL;3V$8Y8ZeeN91VC_`Ih4&F{GZ8#=3kY zRKXYNxfoIvH@(4p8e+g5f!i~nHfiLQ_B^*X0WiU#Gmv{IfAtmJGfrg2qO z1yUoNW4JU9icDlaOMOzyc$6Y-tQXW|L(*wAt?0Hf{E_ppmFNxgM_1xP%x4pFt8A3M zGdLo~=AT5L%Nt4#O__b+-6LXCz7`m28en}0*LrE_(mmnD!-;I}=ga*f(2@MjE@fBT z0$CeZoK##O*nIbR-o(dnWCDz+mjpOY?^UB4gzSN~zKzX?oCy0>&L6=OQDtmA(cvZL8!lIgfTntGs&8;nxs|s7MQKVUn`6Af_xK zO_<-Jk091qASZ66zo;^yGr&`Gyns|LCYwc2c+FcmpKftXoy(Vj82-QV%TIC5?7 zPN#;NkRcl(Xy7?>EzAHto;EG@_8Kbky)->Sf`LH^Jl zR#z8*jZtH1^KS7QnM=>*t!&ce%-~_TPcKp-Zx>4%vmfExeE2~#tAF@M1gH4>EStZp zTepbOTsze^J)c5BU)_CR9;ZHlv+&g?(L>T0kkv8zuqKV31> z6}<(m>zU^-be#INR3OqiwW>B4&LIQY(%CO;Acn%~x1&Liqe1NC^wqtO2DjZ$4NgGi z;oa1X0iDS@4Iqo}Fl7}NXJ;uPB;Bt#)QOC=X-UEADKc&>OoZ(Lz&43sQ-kaA23_Eu z-U=@sadMK08!Z6bE9-1UIm;e%%1qp3^DNh}C0))hmb}4QlvL{l{GM};y@>EI7Po2%0F&=K6>Cy$~>akvhsag~h1*`QivI!o07etqfy z8m^!6{5LM52l?ExBzaszg~A-OI!v6uTnJn_YEP^-w8~j+n6*JeTV+*?WK^p-C_kv$ zDynwePV{T68hpRD!946(*q}8|2RQlO+17i^p%jRaam(q}lG>F@YAY4Cd{Z7vSql6I0Oa(xzm@s#^`waJ1C8Hp`|#H-!WQ_>SDY240e z1N@fpicNZSrKgj&lM&VNQLAE23Wt>3&zVm8eFz+T0CDW}dD98oZ=INkZPxp{V$-wE zieVT&c3&N@drw$4(yn<1)jap?6mnpeG?}`Aft?z-0}X6lIx;~KaWck|kumS3a4961 z2hilQu?P)~{hE9fjse`5KYucvy{Jsk)=?CLH`t}1(-Yu{mE)Va^RLcqmX6p75G0t3 zUUVngt9mVT!zAY!vFRpCu<;;QOT6ffUyiU(969tzoH(-9I&p+A4&Gy)oJK*W;(tCh ztz_hAcj<5xoJIvzj^UJ}<-<xny4zcQfhWj9AX4 zSlm@{kBi}?Q<)CqOiO1tQm4gI-JH5$j>6Uvm`ST_76@Sx0n3n<4aMsZUKixhpUcQ)5!oi*lUDJixQ=2Q(@PJ^ zaApBaOZwduF;C{{IlSXcvgx(m=34Sl@I3~N=0E0*-~n_q2yd9TEg0d7Vj@d?kJp+7@HkgQ@-Grc zLZ!&80vXH&5Rj;7raYH2&5~aM6iH(a(jf}KaKlrlU9M)cr_-Hjkp*qBd(s}Fe7#(skU!s#MCLt%!sWyNz4crn-LGknGtI{ znGyfJu2*IRPtuqfp(bgCnxvI#k}l^-+O-+6Hr|YIIn9WNEi;1BP4?VHwskTiNLlWQ z8IhWEo{+ZJeXz5KD$YqO-96=;`eA+LoSXJG=X@TVGvise_INeG-vVS>Uxa!?M zWv-e$8>L@$trf+Cx_Smf&U$`+*jgMabiG$6r zRrb+;gxNW{^U*9Zq3jf|gd-Bb2C{{#`Mo5B22~ zr~i<|OewDEk(qMNBRw}$KHShxGv)ZpVrI%s*~!e5%CFMm?33zCZTqB@l9Jdb`@aOB z>ZJoq9QMhwMEm3q`)9;*E_2u?OC0ve?VM?u!#-K!uurbw)P)ZFWJyx{WCG=DTBz2) zI2^;TjVsh{$&%}Wt&lPEih~g^rY2QIhyyk#NbJSLh;OocPflSm|LDkM7PB$@IEsn2 zOq^4^w0sr#k2+t@_BZo2zp_**8f>OU;j-$2fy`3+T__ch!|~)p$f6oRRV0g#4}Ut| zj%lf?#r#(r-r&noC^>4dgyxLz!G2FieX0l9ueWz}E}ahM)XV<$FC~XK_MxO*>ngs#Q~mZTd<7VTc~DL=XnR?^k6hFN&+6Mdwg6!o?Jy^r;U>rp=K=6%#J zcj*tT@T$MPoQy_0edvZibg#`PBet&h6UFL}(}X{~LW1#n1)mh%^jg38h2>N4Od^x| zP2cYfWcqe2gU6`7wa@fj*JpU+^lM&;Hb2?Z-q9-%dpy3j!N~Y69n!h8y1^}w4nWAO z;71+h=^09O)1P2o`vf^w%CtkzTil7*jdMm)sK1W9fVk+!DAAwdBX_ zmiT3YTjKTvx5UjOl0p{mrubQcy86M8E(%$hi~&9BbF#_Qi~j#F_{Hi=`^+zvzuZrL zv9{0iFFS!>u&L+p{XLeRoaB2+f6n>6&#q*>?Ug>Ty3hShD(~j6+Pm_zmTby?=~Hp| zdh;vhhdozGde4v6rsjvHgCA~7;D?p&y~Gb!cjAYzlilADKTPzUChd5FTQh}qz5m~m ztGB)EKkK(8tSdoCkKfcIU8x83BDZq=?~`~#Xdls74NIvBHm&+EXt{lfKdT^I_v2`xT7NctPc-vgA6mR0cuqv!E`y}UlcpY-6$dBW$8z(pDSNn3?a zdI4_s5(HNTLGrXBc@`}NZ1RV; zAe8`pG)J=NAuT$AaE63@Ihs9Ps8fZ6bbwbrS2EI~mw*ugov0bZa|FZyN|{r}BvMhv z$#<4@H8oy&2KUnN)Chz-vP%b2;P5zh6(>-5LmY)~VMJ7ANNrzJP-^*IDer97fd@H%Gvn7;~*L>{^KStjU~B zLshrwNNWqi?Yqf$42rx7%Y|Aq0V>Q8S+Kyme!y7hMgu*I_oo~*<78sgtBJvUiY6E4 z7#zL;2iE`#D>5(;mO9(Vu*NfM^EW$Lw?&4gAX7uImS-8QIw4=l zaWM{sNykdqL9r_FjnFXq2mAtWSE}b(GfkA^*LISJ2XSOicU6j zhh1vJiNKdj4>=@`2$LZg+;FkPOjGE&r|eIXn*qrbb|=io$gF+Y!L_8Y7ReGGcIsu| z;}NgCt;tE`XlXs*Xp$$!!}4HXC&K$0`j*tV>KxFW^TOS9u3MiQ)R=6G4#bbgh(Q4oQb-Z z#1+D{OB`@~!}2b2AO55>_cSZ_;j!GziQ{;r`6;cZstjZYFqyb~ynS4e9C1-$mgS?F zTatoTJqM2((6+T(pLDSu<~GtCkq^3zn*zvct<*i{bCiTV5|8bx7;*W#XhIX!h~(ST zHUp*=9aYd=0##JcoG~MIFZO*-G7~*8BJgBR-@;^8%WpzMTBJeJPU^tj?~zUN_TUk+ z{K+Ae{oVB=EwVEww}L7%AGnYq zU+q?b`wV<$_D|_+b0ev99V%k?dD3hc8m&fdW6nJBvoUPm%G={P-Aj5d*jds$;LbiY zHZLS%_b-4udfiBhrBH0N;vQD+LmOcWBzQjSFxyX7tloB2SGVhjs;b-#PJ9IWfe+>|h;sSBp8n>&@21MbX-UekQ28kBD}xHJ|U zDgMu$W5{F=^TCZ?9cPS?YrwmV9R)e`DAZR&4=mK5#>p^~JZpYGpV|p%?~s#qOBK62 zT(*<-FsdwI)Og*o?-VWeW}((%W>8X*R)hE)@{uBzWpc&C%SW-Xe-AyNoi?yNk2mUw zjwspY@cs10IA6)OS!2xa+ZxQp`PKD_&7wb zrbkn_VU(JvsK&SpX;>y;-MPwa5KqC)BOyR)_-nX5z4UT&yB>Quvb^Ru!VYlh4V{Il zN^hPul4cA(_Yj90mQcu-5$jKHQYb{fseY7+(xMDpycN_Ij+ekAFOsvKsdXiT70H)3 zZjh`FJaldlLXzJMKyC)tws(Zv(@OXCark3Y%eJuzF8{7DAe>-jNaVQPW0-M#?WERK0iF>be*1IIb8uC1*KET^wOK` z_Z)sNw%@l=RT-rhsCNXV(+Bg|Le@(86D>=R615nI_sJ)%ZIrDR3;wFMFvh9`e^r|r zQoCSPL(3U)E6@q?zp8=Q5;qX2$WoYjGjYDR2A~GL7ja}P|{kCgc5t;2c;`%dXtRh?350H6#16%Z4 zhBbW%NK4Z$2i18 zu`m2>nkRCU92$|j4rBPo7z^o>uXY%W>-7I-z-7d}6n5AR(Ed3#(0}}Vj4OJ~0lb|y zaxkAE@*6(#>%L8dyXZBP5^WeRESNr!TLhffeGuwdoi&;{Hy#O-%ox08gp-dO_f3<$ zcu;CXT&iA$k&S-D`wZ58r644D9oTJ$SElhlUcy@RwxKrN7EjVvp<%7|AvE9kc}}rb z`^YFhw*x$&P+JM<<=2+i@`IL>s{wCQ5Pwk%;I&R(8lrDuiN~_8IQ%q=JWu(*UF?Hi zuV|f|RqAIkxn-k#O0iZ`DPqwt{q##eHw}06lX#gIpLIQ(9??p09wR&+pU6=!Qjp(_ zyO0mu>77j3yBIlmu#+(IpK%gKF5a}79Qi0rE|M*8s1{CM&Qg_yhcS5KE^-MPnFrHD z95{D;NKw(FhrpSn2BX-gl>rD}bJ@_*sX ze-|0|V%&XAWq4qWrEYx@>ZaE_Q7=vsrpIJ`5h|LjEh^xTi%?&YwrCPQde$yNmBo}= zsNRoL?^E$4DDqLIw&-|yz4J$0x(s;5Zd0TJFg!D8h<9gr%CDh;DAJ!o7W$B0npLQE zL@^T!X+gHZ9$bKp+KRQv-RQ7hhBk=f;l<-E1GuDs%%s;sp^Ne4kAwCp!& z^#0_QtKh+XqmU%qst7i#Fe{*?whGb0(n_!PM>RuAzH{ zI(N1-9~}M}i>(iTZ6|q_Yr&?U9A-{vhC`=0zJ#wS-5q^C&8c>^KI2r$wxLl1APX(; zq=-}yG6NE+UN7t2&&Ww`>uomQ#GJxSY50h>$a-!71t6vHW`rS(Nk7A*Q2R3^G1hn9w98cp7Rv4b_xw;u(uH5TD2E_ILx}2OtWn3|he?&)PrZS=`L8 z8O*bZe6YMn>`^Ey{H>y&VpeXen0}1aT+P}r)2bHvh`OtX$1wG9*S$RNsh1dhA|AM_ zCy(2ys7LL0FVuFilpvP(7^uZl{uZc+-Z;}*uGS(MRI5ma_2XQwT9J&Us8pb@{_ri? z9iH-Av2Ge}BwM$BE04{a=Gb!%q&Y5X(ic3T>(elhp7ObTL}!g;+-)B5FQTSP@lBXV ziis9k_6>?T=M*uc%uMzs-$0M24g)j#=pAB4%dinX(ouQ@QRCJaHTu7FP~)FBDr)5J zGzBq&wD?iMR1woP<9OvJev`Jzrix>kwe)7*^k#cUv2T5vD~j`;usGS^px*JXf_ho0 zBX66ucZV?b5R;e|LWe!x5P;`hYG_)-WupAa`82l0L7ejqua%!L(OJ1aI=SSvo88e zLa)K*jyTVi+M@+%PRT*a+Q@!VX0+r3U&TuCI@xnXyn9_7I}(;-u_}23IW*yXSspj4 z@(`)=R0ab8Xp!+!J=#Y#37I1eB5eYBq)ueRqUdb#?dOcIa92`R=QJjPx}%R$!SzSN3^LX4~}WX${&Rt0<=(CI)et-i?z@Iw#n+U@G+OWfVq>- z#p-gn82X}xj*wy}O0lEptx)@2t`y@Q4GHCQUH265j4+|lG|5~knP*5E zI*gMrBn=&=v{^_CH3rl9fO29%<6bs@_0bs1Jc;J*!?38yaGPT?%x78oaQtK_0B()p z=lpl9tL`ey+3Qcjw$)c??oVSe$Ql9p6y2W1AqJiq0bzhAjBcP-%|HvDwFa6a-2sgk zYSI$X-})Hi&?3t`IMULp7M6?=(EY$ly`+R6dxTE=$K65F_*&# zT+1wokPps4)XPK<#z43L?@`Jb>8qRq#z18Rb<7zooY4ee_G{@Ltiag12lxTAB~Rog zUT_uG^v@f}7PwkgV22R$2!|h}TT7_CjOI-}Wu%`IsIe zh=2AP<=LO|$U-i}i}{~d=-ZwQCkt@J3D~yvPLbLw&AX-fQ|KX(=Ail2y{%@^CtS@J z^pIY>0SK?l*o&soh0=uU6ARLt(8M5WLhU(K%>?6`nJ>-EiECySy^*#vQ;lnsD?a*D ztKvgZakXMNeXR5rsr2O*3n82SMV0<6uF@HCl}?j4Q9UC5xVj4j6XT`sBB^_^J!aRT z?vAv*QFo)sbsulT?M2zxob(3@HQTV8k*osp}=`Vu={YNS-n*0@qzP^$fX()4My z#XG1jbKQxt*qn!)o;+DTh`@P5zPp;guqSU5zljTvx+H1$yv4COTjedigU_gA-%E33 z+8jGJXVx6s%g2?{z)PN)b2^9U9J_}F2Wn9vIxthr_P|J6(meDJ4$=Aggt!nLT!n-4 zPk)#!L`OPfH81X=%tf0yQfHdHWf0@)&PmAyJ3A>I;NP&@mWV1+=N*9m69Ru+Lv%Kg zC)hxZ5a43=$;zITrLAf4ds4o6frOi}m=_PaSb{J!ULfl!`&%-N3^Ck|(=-wSmAF== zJVP9U(p)8cScQ6pSh1I=YiC-`mjgKeT6)e$Uh!=LqDS*tv`5P+Qc_EZi|hBmpI4~W z@mq5UZ;Yh8uRUc2$nS2$fjQh1=Y{1L`Gs7rB6BUoF2852OKAN19dNmcwg*g*rJ1FW z@%cXyLCR<=4zGuojl})iY@IA+doA*^r~DuMzIZDtkz%z}ELtN*jI&K?DWMIW+hF$r z`R=%lk{|f>yHx$y$*()=zJ#)qE&l*_yyg1peWK+99J7eqAq#Z4jX0~#(%-f$kN;?Q z*%KLr`;>TP${4)C!?OIRUQ6ocZ6TJnj_+j&-^VKy_c@mA$Q1$Yvd{=);uRWtki4&j z%8RWj|LR=~L~|HkO}Qo~%v7O?Z=*TP1IhOig@J-X?Jo40>c(4)5NE~_;tW;+nCd}L z?m;+s8E@&H^4)R(6Qi{`1a!IGmWDPY6qH&;$qZHUn|uUcn&ejg%QTL20Ns!kYErdD1y?FNtDmF>u5&8z?5a^tXrC4YcJ(Th^J$eY z!|GpKg&HZX@--~hY84m<<%sd*vJOrDm>{T=o)z#E@PU~(k+Kocd0mMdG6SQ(ruU}M zgMzbr1ZQ;$XK660z$bnN(hYqrIGZ(ykM0I&MaGk$sX(|6tjbk#YrwdJnU;+{}~wcoK@Yp=V`>CsTCQ&!vqL4GXr3A z;=%^PTZreMbMZps+i2KP3aEK%PSIk9p-LfUYmcyR$|hC zq}Vf?-3d2dAPN(FgghSg)$r+gUaMIZN9rr%^seQs6TV-l?FndG&8t6To0KPvz8+1r z42%gZAg|E9n|#H{`=@_V)PeiGLXGqJ^#!tEwix`!uPv4(lLcTblm(2XINUIbDv{e#g#>vySJy3SIIg?Gr9YI-8Py$V{d>fwQL$3FXmomMQ4vw((QC5N;<-~ zNV?x8NV-5?ho`JO(<$jl94bjiOTwPW7_f1NcvDDRYRMj)`U#AwvEG-w<4p^g5Jeyq zH!l$BVxhDPw~2Wgg}O!`+SSofJqVls=~IOp+bUFVD(*p)iYHehSV9{S;1VC%1B#p> z8`T6(5fw`CIpDmqiQo(~oVNUn{&IH*+%>hY;G-&h1rP#k`W83XbchwH!*PVz(oam$&j;yS%D#-N27aUS@1GIYtmm``2` z8dX`wQ0~BoF~f?(?ZZ9gGkN8#ij`!;FnQ|`-<m61GB4Nbkh`i>%$}$~-gg^cKszH|9$D&6t?kJoPUgjwl32Mx( z6qo7-6I}Hl|7kmz{d%3~I`{A-KJOV;RU>be5L)x_2*;z9YatNC#!<%<5l<7A-E7R1m&lVv~dt>>~OM}yRC56HH<%?`^`sBpm#oIeNl=`W?*D_e~LiI(u5iKFF6sr~!;GVK& zm8U$9-<|U6tPP}a52eq(^|b2WNo9`|eM#!=Xf7s9w+A%+%I0>eZfLUV+P|Rc{%mz=D65?@q)#z4&=5RNsA}<70((n@6HhMO>lIsK$N`K!@|?Hc|c= z-Q<_sQOK`*U<2hIL%Ea3Py1E;C529wjLx?@|JOUoweOjYFX4^;-o(o%)TbLz%FLHX z^5M7pS?^`Xj!-^oSBhp*?UzWbe=kI2rH)xk30qJ5AFO9TJj)t5{mnt|rABP!|NZ{L zRSx?SaZ>ulv`qEyR?rg8;UF&OmL;pwZ6^GecPb)nz)f6BB#=%a{mt>mz z{k043FsT>vF>e0$cFD!SlFMG>ClOx2(QCMFybLgK)`ZmdPy#4H$2`oaqK;Q!ZBcoz2HX`nj(iL8YZL`szqw8idUy)S-OAn-{6&P zy+)S1>ruU#@e;Og)iaycYW6CBR{Hx9Pwp-Ks|M_q09QO$&1hJ}=CP}}8$7$Tnl7eQ zuiBFcBSDT$B$ko>gP7+r(N>?m8ZHunQ>)o)^3`h2^0bYN0p)PG?f5I4z^SdVy+^+_ zY^u^kbK)ncmSajz#|fMBY)2Qnay*eR*ImyGLRt-0f>LrTRgl*rJdwM4T(B3lTkAo5 z<%vQi);!GmN12}bUr|X7RQzt$Q_}*}*ce&MD8nL;6zf zrTvfEBl!t_?32O^tR6(_6y@7?D=YU9euB5%f4_5G+gsQ{i#!OA22k)0(&q$+hp%=J`Zk1FUD|Ks&S zQmgpE>jF(>3@vFAb7D@d)aqL==NJ1G^?F5fYJS0)Xuea!^Gh17>7vnI^^X_EbwgIm zWoJxtneu^a22XQwMDHbeDw|S8YQ}{g@71*R11VVuv@Wbg5hKnZFAaK zr6ng%*~{K(KRfI$^X$js_Op{m8zHH2=YzhFZIH&`Iq!{ioDaHcz1qXR)wzcq=Yy_V zJBH7>!zY|`r*^T=l3ncc=}|;3d+a>d>#t%9OOTDXLtm;?+86F2t@`2%iq-Td~Br|n}#pG0hs&O;v{uE;og zSnXg({lJOZ!j1+4v=)-aCm;fy0o~}yc55mG`~}EKC|HGlg<)f?Y77=c&+#9&+nd*K zNVE1^1GFH=0Lgx9d56v>`>o~OZ|}FpJ5DhHv!64VooD<>56%$%mKZdnMd#7s6P_f4 zHdFb&5%Iw=Re@!v+Puz%v=t1!v0Tc$*lIEK zYOvp%b4J=^VMIU{Y9{fd!PtW^a%qaw;1--9XJekw)m({O%OM9cSH70hL}&A%4GB~| zEsm;Z@(#W#*RsUZM2D~DZPXlrWv}=Ore(!fA-U+;_Kxt^2bTWC?v4RF(B7Nz-e1R1 zxU!3PHou1s5TRpLd%Fj}SLEaONQ6%r#&X$h>;R&Y3S(!E?6(Oboo0sY#i^t>)n;@Q zw&faw4`0Xe%=^4*#Yz{fQt|$;Kg}tvuUL`JM@fp^CG4u9eD6uV+$~lO?SCBWYRT=C zZ=vLKZL#Wm4f(i6MeNKdDhBe2oGttFFsIAx#KU5$G@QUzkl-`0nfy8WDzY9(9a^x$d!bAl|ZyIo)fAHn6FpiO@TtRIV)}uu?NFJM$CL#&Hdj^ zqmaX`5^`9RWuw><2OM+A@{8!xJVG2-9IhB?JAy}-KU&v5a?s($`*6Qmnh^ixeBt`m zBgA^8AUO_Mx_}xBSmB1BV;9ew%prqRcm?ig9rb&)o9+*YMbw&sJM2K$8jG|x^Xh66 zds@99rXGl)2M{CiX%WAm3K#(wrJul&%u=2qEyLve8`WU~6r}^;;$>$Ov628mD+NuCiU{)WYSdd zK{ujUc)S^-)lS{wa0kWdJe_Gp=1_gukcLxv;eZ-PO$77>wUWYIkRnio2`#{hjubJ& z4{JBC8~a!}R;PYEGY$pbC*~tRCr&Da13-XKT!fpY0P#eoWZL!MY)Y;U9W$jKY^g&% z?U&(N%*yuI>|M7EyR ziLG;`acn&K56g?_})v-T&0AQ1Ug zuu}v|p2B-(>d~ylK6QiVt{#Da^-tJTdKyW~<&2&B8H(@Hn|U?G4kRr@^&=m(hEjoa zrhKaCDekK0jFG(lQhL~9t|CDJ@(Cuc~gKC0iArDcz`#qYRq$(B>V|nf`ptUMYOm-g-2stq` z`$8&OWX;|hnY|1`upUDzt_R+Psay}MpgXDfA2ds=>5@w7H7JxbnXybeAAsX=xB0>! z$%Y8mW1_k|<=$^7!bYrf!l4+?m|tcyWsmMa{7qA20Q2iazV!lz4t$Gp#=@juMQmQ^ zIq-B6yrQN&jB^=iR76*-$B_*&%1|@8c_sqxR>(B2K^hL;7lADk`D>cUb2IF@t7fta zxSRE74!Bz+0e7c}gkLTJcm8_E1ZGtS+6qtN6_~^pfHq`EGaq@Ry`xC`3=EEjSxa|> zx!t!y4fE~jtk!I+w@M3L0db|Zfkjf(^*|-K($wwU;l?z@;8s5hj=chjN(Z7U9Q>Qo zKmp2LDl|^oL)H|cuB&)ikDPI!M-;;je?@4z8VExYR?W6A-pls zM0gaE<-B1I6T!gr=*s#uC*Q-)U}SF!W;k3uls!lCWv^HM`=>c%F)SAWFq*CzpvX0# zbws_^OLPFv$nQ*PmWrh9ihhK^ZDa7|Z;O8Ywxtg@-A@5+|D`BJ4spYoC@0=SU*4iG z=Az|!uINkji%MMZ+*s?-lrw%u8J?ogF~sG^Aue~l9Wl4Z{CGL#{w;DFnG-f79U~)i zRy8M>c6cGPPP_W~an%d^8~%1|ILvAHQ6opkfz-JS^}@T+5h?ifO2j07(RCq(mObX7 z=*Pw{x^3cL&#ES%3NJ?!OM21-JU>q@quf_e?w-)mw@Yn03f3|mm7Eka@ojJB;W1Bu z9AH@Ql}fTu$*OaCZ)dl}n7<0awe@o1cMa$(?l|>3{s0ftz=V_3e??!RZXECwTb^=| zI@$ChQCXKqIQr7KgVfKYLNxn5Ur$UtNS%9OZPrw0k7wPO89RGi=!%w^CGFGS@n+37 zc@z2-)084xW1BTsTAMYsdRVH6qfW9*b0NijVmUarOB0;VoZ%g5)8IE07a4lS1xfw`Q^IJ2&i9B!fl+j`pw%?G2&8akg3G#eKqCB7Jkmt_Ljt|^TimP73 zN;58zfR9vZ>H)n5N;VZ%+Bp>Q$%Lf|Tm0Hf0nfxu0j)8R_k2Kmy(sU+bBxjBiYDwT z^i2GqP}^0Q*FhQDit_&9iCh8C0HsJTm3n{U7=O4at7Tu(hr&(S{*D*1enrboFPD7o z*Qd5A=v)L{%e&Ncfm(V#$kO~9x22P-tw3Cg=GME?yHL)bqSPYoo0u4luKwD_Qp)s;mBJV`9eP1VQ-%WZtnjoFwLHc{Pu^)LleO`~( z4OajUE-i>L3rXe+;pVKCLlW0l!p+%%ju$-TKjBSD2Lh}XzkZHIBX8e9H1ei&Bcs6I_&z=N z3;6Rk6&lCn2g1)~wHy>zAAO?w{^2Q~1-$6zb3Z=`=tWkAIx2j_s;JPt$*w!Ek?Nd4 z738#xDDG6>aUIF)`?1t#4BkWDJ7PiltCo^+#odU>|CBVmp5JG{PRr~o+8v^ETAb)) zUw+^3w~Y6NbL4k|_nVYfX}C)CLiUzBeBoVajlI3EAkG~=DmtudowP6aQzk@OD3yRC zk5(_1$Rln+mPq<=-vWbPJJUH{JpsLU^ic7a@2Y-950x_=Q3mp<0wkhHe8ysqGDxZQ z_TxSTE>6Boeyou3(ZRUPFo%!amD?FI2k&2RaKIL8ms$<0$o)G%ovYBLLVLC-pK-~F zh>ZHVt$s3(ES+n)u4#=iS^IW&cGQSf-(8U&)kvXB?CjytC50L|fy}xHQ+9u1>w)j!Sn5jO?*|F9^5k@7z)4E2 z;j{VDqU3e=g1%EZHEv2;b+`Oaxk0k;>f3$L-MDVv*Lulzy64xjtVHY9(hM&hHJ4>3 ziPY&Ey|aBu{DaTLOJ-r3Z^IEHW+pCpNyV{x%CBT;U!+)^SzLM;wIWCJ2~eq6Ktc?V z!)i8zXK)NqSG9C^zlmS~23OzigTQn(H<44QkM}{ajXI;ehxb9$l26*)XHjDO3^tnE z@iQ+{{LFGJ>=}cvTIYzLsn4Zc9otBGUU&~ByWIi(nQboRg`Z8HDqqvWd*RchCo+(o z@ki5T1+K`+4Cd)~!|D9Ye1w7+Pvi{c+<3TJj#VG5VxBdeKw$j$X-6OlwTjXKV@c4C ziowAYAKk?@;}UyH%a%28FRy{WMM=?gET(FY@s$+X!`bwRp2ha+!XUL0Jr&1;=u2{k z@~3=$EE`XcmfHw|vsSR`>#woarHeJSvikSyAPiKu`U%&Yqb>i180$+Peu@Re&zvM~ga=RM^exGz*+2>eRW z%feh4y-JK8p&YL`qKdsWJIsv~m|*S3e^pKtLhBUjGSmunk@t$BR;Y`-`-fVgE_g?% z3w*~)P~m0iTi+fAHwW6M8G-g` z+%X6NV;SaLKwCBkZ`zXi{NM>hp>P}#Vx05}TynPWrjiLD!n2Eu73o~e0z=wY-X=cZ zWZ!l^-$YOiZ&MzhRUqLh@HQzb&XqbD2ARY~+FE{V<~N=td7C_C8~JdP%>=d+UZUy9 zOg4F!F|ml>WeJd|bcTs#@Fgq*%5B%vP=yhdZBR-ikfpzVz;cy z08~;2hrbHS>1dhyGFJ*5m;)2K)EU#kFc&Q{?KQDV@EsyB}reCW>?R<2^PX&ukD!Ll8-Cr6 zOPghuXEuCfEhdpm_7B{H%u}}|bID3qq(`dGS7N65oc+gaHh^$bl^NB`J@i3P7nn?WSg^>8r8hEKE z`kS^6LT|-AtPX`XLVJqSu=wt0ktfVsqYFukq9EB@=pie3@5vb<$;1TX2#4&-n}`WH zWX&59F~KLHlx#rZU6e6^T)=1$V#EUAzyk|tL~Os*wcK&vEMFyBbFU5@Mtx>e$u=9DI>raBK?Nhew5aw=3Q(b@<5wT6dQujhbR3%W{cwvV(wRX8U7y|<=2^7=dH zb+CXNke4hz22uvEAO428*>c7!tfBTC8$I#wvKnV*`Po0(i>iAy{!KwJxIWphN@r)8 z1h)|rkGWOr(Pg4N=|9NZoOMqh?PHt1dna)>jdiE&+cyRV6mA7&mPA&BuT(!8re zwg?HY;CbH%{}pRZ<4d~m4_r{YYJl5ietAoxS0INzvsXYLM{irols2bN&1#AqMrm#{ z$0U*`mm|G^A>a{i@{)qO5@*Cw0bgx?nA-Q3L(!`7a=z{6HCIE;J%6R75@L~Hj-pIb zG2lj>=1i);5~uvp%Vlx&asl-+*Y;X+q0)iW!(7US{h8FZnMTdDv~%}A&8DAjbI-pSOSoeJSDN4v!xDTM zzS^xA@FM^PIioq>cJs<>Ei54wyYH}n_S-UG2^9lk)M=jbAHfoUx-13%ipLihcj60B zm^*&i6~3H6%qJkM*4I(*EP#^ZOZF1neRCpxxsJ54)*J!bc5lA-$AY*H+$m!=e$0s5 z#y84TnWN(nCro`Md;`%CBd(S6Z8!H6TZls{*fUN~*hrbAVt|f1P4~YAaexnqOG#f` z%84&DZr)kk6~3Hp`vIV8^taS03yu`{@?S&wuDU4^Uk$Sy_{u%eiLYlU$!*^85#wv+ zEO8Ibio;h974X#t>91KAWPDX~zU}6%S6TQ%D(=al1oLjnBo(s(iBB(mB=`b+UE+&N zIq`+Y&7oIyg)e8@*#J;AdI>dZ!I5%4j*p*@)oC`SiYfe+C>I(65cLG5xXoD~GNSml zQu3^&#UTpWeYHFzDsN{*t>k>$&FSY_h(aoyWzgxarA$&W^ILpc^`RhYd~8N`IUl*O z6JLPA{9t-l_;P|^{$`Bb_A%791x^b3$_8FDN)qX-@)r*Jsyx9-UrQ*-ZI1hZ(KhE7 zjJEl|h(lWic1hKm^w+!y;Ak~L&bQs%jMZa?8L0#_63i1RlT-}QQKvcg13??$>yo~> zloMZQ-2C~>uJGk-yY|;(>_)$Nf0zwN3VdZPO>>#A&P&8suqrKvuZpwX4t(8CNp90k zRl`+6FNCjIc*O7(qyoO$ZS>d7130w0%lWpO7oTt83#quEof6Cp$|My7bku43-WPlU zzAo{_rJVReU+b|oB6!=>80O9oyb35r1^x4MOmZ@>-1SPr6 zm);X~f?l9b;Negwr~parbExXw?6;}$a=z{6y*^u=I7ehU+JBWYNyRMM@oC65rB2XG zm-ymRary)`ZXWOJQlD_NJp%x$M(?LiS#TuBm$gOuy3qyx=E;nrNxIt?ZfFk}(9B?!Pa5z@e1{FXhVeEPR*uEDT=! zd&d%rU!UAYTIMR|Mn$dW$Xr-1MXi3_&FXNbxpp`PpL1b9lDX_g7$CoHqqwD995Hi@ zU%xQld9cig>%n0!^y8a{auulW?bq@5S=RTN>ifU>`@*17%gI-kgZz@`QG;r54`S*6zqCSyHz79;d`C51=(jm4}!e^iR!4`2hdKm1vc zcW3V~+s{pN#p_3>l81Q%QQ~MqDdN9TPZsKt0{^4}EpGuA!P;CJ;&e|$Gs0CKnLK2=)<*9g)3RHBB+ z9Q0o@aI_Hfv{>p3oVs9+Le3$SI*YrOz#1N*d`%0UX7niD_pBgRu>Of~M#U9t z$GBYy`WG`@;^4n55bBa*gV15K&gTdjn1g-S7e5j}8za#kFJ#3$NI1%4!Ruh@qL#luDEoK)lmGIDH;p6AI&XIA-@5KJZ z#q@NO$ze%#MP%+iCraR*1rT z(n*DAL_cz%K9r1d@%$cvE&_6{E4Mw1dr?!ega4K4jz&y#^P46^(QWA?})MWUf@^hsh`hs(x2$pl&`>2 zuG_@^z$TvT(g}XuM_j7`LTtL11gXi}rO$8e7#gQ>6qzLlFi#6_EVwj!%+J$Z;kE-y z2k`5&g+{?wfpFV?Pf5hG-ficjPk&b~s} zHvRk|aVyH6qq3L&D>{JkCm9bya!%L6;LDj(YfgdzL_^tWgmgCTgnA+;a7BwD`OI@KpeYt=LdXCn z*RyTIT+st?6w#W{Mf43jV#{$-3!=8JCd2w{{ z=biD^_6ZDK5u2%T%W9pQ6G+#E<8j#a}tfbc-J$?Lkb|w~^P+0bz3ZK-YKq z4|Fuq4gQ;K>L27crskMU)F;2Ti~M(tsFS}+MAS)N#CM=a_-_3&v6|0z^d8?&?dTTY zNhR3v7b^*7>lUfx7eyZb=<1D=(tTOUJb10Nn9M?~nS~Y2bO>ZM$qyaK0^y7!Em8Ck zOOU}umGKTdW-xG(m_HlF{KAac>AT(RKagR3`*Mqo&6z}0AA3pskFs&kn*9f(eipMfme-b~f3S&&|<8$LGdu@9nkbfiFiBvy=Ybku^ zmM=iu;%wt@prz8L1(T?HSIb!{>$D?dS^Y=aS(kCvGm(`tH3VXrY6Etrd6Y?C03mPq zzX|V7yZMChZgDFzwcuM69UzDkDRu^yW61e3Sy}gx)q0GgTr?f-8|&jh~%S_h|e$+}E0jx?AkZ{4>qMpQ9}YJxm#zm>=iA z+4S&_OH-H-uL=1tR_0Ku{LD|N-`mY?JWglLi1Cy5uY1o=HhY1p+qOr)>j-Qo`u?ZeB`dL|E$`LODmt{PaX#fd&z3 z#0RNn-~HTNjej1iI0HNjt3|~rTjV)~YG^td(+ zMW*GncSILEKD?Ms>v1rx(Lpp!Y}B*nr9xw(d))KEJ!v>~goemnGLD9z^vqM!OD8H$ ziRwWF$16?=5Ule*&PjK*925xG1?iisL=96#1sZ&uB0~!aKpvMHd(ocj#`yNyV(p!6 zwYN2{y=`dkbdE%2B+a6C+ZPEe;)8i98L2A6%)|`%V4fPwFe5PoKA3NjQ&we|mY9K& z{FKTNtUcQSpi!}9F4pUc1i+>sCkAT+oab;=W5e8p8u7uLPYzuv#JPjDQ{pQ25{;RE zV4oZEaH8-6+kWb7jVc;qYgEyWn$F4Ole4^MO|aXcJe!8{%!Hx*QRkt&y@-bL2TEus z8P3^fDju77-$6WoN-@@REyK05{OF7in;Q0`S<94gyrX#c<*k{|N>)%oncX19}F3{8V7a zHCpCc?fHOOc`jTRtJNXTyO&qPrr7eTOZqNqZ3@XOtD9n@g=g5r3lq?iqW#zmglyzc z913{8ZgjpCJ>%D2sDlBXJ~c~@F=C-8?&I@BD6+38{2MO`#pm!-pPJ1=kq6$p8|GnK7|BfRnQiMs0McyEM~`NFjgNHew0o{0|yiNajB8Q zl@{aZ33K&G5>ESxMQojFSx#}$Bx)D%37FSXf^{wmOl8M`C}#yYu7VF(f@EKKv$gWS zz&?OU-&1DFP*q`uTXfQcH5KY-~|ijOXCULZ#jv|JusFGt^B06bgg-UsAG4!u8B zE%5M(_rH1E4p^~{_&G!^SfeWlSlQ1)z{DXeY1*sC3d!*XG*n$>TvX53r;+Xu1f)b7r6iY5X^;{Y5F`Z=Y1k#CySqUeq>*l< zq`SMN7Fd>zhu{C*^WwglduHa`@5KF{ne#cv^HWi?qmr*O+^5+jX7rHj$98li9vU`1 zzXtogr#qiZoPd@FAxhoe!HhQoC0f&Qa+ws_?wQ5(uiZiv(|5<%6_X&yHCs<`hiABK zC^I{`xKklHGp@pW(uOOk$2JFQfx8zWqw0oF`H%mh(`Nxl{aO>gGnlvYlT^Q-~uHIZu|1~hGVU1CIYYzoZp|vM_i+<%;_UW#u4l2wH)Dok|;R;p! zX-3)NrOi=a_TlcX`lqK8m=}eM>Jd+0pAoY6VY=;YiP9Xp6o2G5ZWj64G7s zZ5)62+@MDFtNOK~w$6*HPxlaaPdTluH9V(akco&D?OrQMd`gqL1Bpt-XF zKJ*TF^!GriW+gUYoT&F4;m`ti9va#y{6*Lnn>WWiQA zegcMFUu?<_*55q2w)JlrEPY3PUHkEuF?6*e%+&jHnPk#~R1z?$rYvK3w&3>IZeriruz@bk<-BB`}nV`|K=Xuuo)|C<=GXxAc^%lY;$n+N$Rv{QZGW zXE!dnE$(Az597rJk1NYzvnSSK@Z}#zu#~S98wj_!wLCz@6~~{j=Kf~B0H9sWO*3h- zbyMBYlEWfkZ1@*RZ9`H}zdq9NAxzToG+6Rf*&F-h5pY~Csm=$u(2lLk9i99w^@U&Q zIWDtqouK6zO!d9U_a?v?Ubj>!8ep=NyHM&!-q>T#zIR)UZ&BEOe^Yv_6?gqf$jtV8 zTc)<>{Noxoh+e5aV36-6FK%+(t*R{oy}I{}YlEJ~%DW$>p`xyR8MryK)zaU&8_V}1jQU%!bqf`pB)M6Hz3NwY-` zz$R=H9IlUIa_+^@JlyJ`AwB+eZjqHg4e%TU=Kh$LV>Qx9(4;MXki-Diq{@VU6 zUpIKzlN!BH^=|J!_`Yv@?1R(}_*%pIDeiEwOiy>5pT}m;l;Zt|*NrrT@|$9Go{Y-7 z$Ve^mNHn=_P{HB~@2BPQCJKSM#-EhVKQr!5*-o28b4W|C;5++XF{R;K=9tW2~P1l!#Z{cMM87f2>lz}n7PZP6bRl~j~(q@JMj}= zNS|;@Z-3rV&uz-;k7@63C%NU>lj0k?B(eSEbJ6nW0#v^1FDw)=r-%HR8B4iqWm)Yc z$t&cdy~&C7D$3#uSAkIjYIrp%K-qvzDhcZuX?h@5cp>>eEd8JW9CVF<9zr%!l9!As z3#|Dyk%`;!*c2Rr(G9^@GM7WQR*MEY)Zv%GcorBtWYpMLDO<~Lf+EU(2!ajVyWKX% zJ2JM~HWR%s+zky44GcY>9xV+@tX%7~f8BwF5B~Mj0oj`I1XO?QZ);V)#2d3w z#czhUf9g{HxiN%Z1{--u&mNyws8&78W@G-~iQSay#CgPTqSnuHNU&7y&RTrSAT;1n zlKW*Nz0$c@m2f`|EfxftDQXBGRgoV818RcD>kal(9^`z*iIV@>z0W#ub`ZSqSQ-!7 zSof&~sUMkr9+niJ+up0k8u9y~YOErHQ`o9|-K1pq7k&MqiOkg~(b~`>)&Q!FV&_N0 z_s+m{^h(=X3eF+W-fzmC$CIPa*@qh7SR3~d5y zF6?vH8E4<&=scf^t~~QQ988n7a1Jbq!y%pD)pd0}HgCiiV%#XQXt1qmUTzrs!r8SF#_3M>)8(s|rT09gL42@K zR(RyI#l<3q+zIN@H33G+jxHn7$#4v?HsMhi4_@I*DlWUI@1O38LQ<69_O`I!EQo6~ zuZlOhQhpiM)IAESH5klEUWlA3<69;Ht6;-Sqy_-mifvOrEXjar&Yn7dxzr@C&i0cP z{w(G3m9XnDn@nj)y8R_@t8xfu)aekW=~@yOLj$tw>l^}TaCI9D>n4ds>3>f~d&_dMy@SDR6kh)z`BAuF9cv|utsM84ZHSDH#T(=B zC<~5hz!v-SKb6Og2Xxdv{&IW$P2UrwI;KUHIiTf74Og&UW(vNwlVd)Mu?Hbbr3C54-Hg9*O!z^gf}!9$@~`Jxur#` zCXWTU3hUD{kH^OYfe1&@T`Gq^Cwe=+1>8`A%#$Z6CW*Eq4nzOI;U~l}8LEi9%H!Mv zKEA508%u1Do%(pVet{}{z_wRQA@%k~o&w*}<^8prF#V&y3`jf@q~x3GV{PJ|{W0cr zHTNnzsZuz*IOT350kg*Y?_Sx>$0%36 zWvp{XmiWNGN}BX6u`K`X zrH$}5#AZE=qKwPIX62-*7+3iZ5vAC+AI}CGrmh#Pm7Ye3HEmrD&LX7nmg(;wCuATO zIjg{?5OCZ~5l!UV|@+vN4 z7;J(+jEXmnL$M384g$oT;Pgx%b^!;xH_%#@1L*x_Kk5&VWf1)STPu`gVT%b>;0?dO zJ%mnrEs>zYk1zf)@geVN?DtT+0(-zMlvM&Fiui$S4BY)|zgs&7MPXq12Ml0Fh4{ez zTNHRumb;tKcsi7nM1MT0OAd*+>}C_Sdbpr(hC5y|)pHU)T(It;m;o^5=MZ=2i9rMzLm&hLo6=ry%KzzRLNXmH@}Q*pQo%&XtBWvZ6b;@3 zaH|E>^~UO<`*l3HrUQdwM(G~Xj-#rka{BNCVLpZJH%GO#Vkc;@tLsdKxU^ftot_rq zJU(kq8 zrI)&WWxwpvK5MN-S6i->#5pBPxi)3jrA~R_w#cVDk@VE|)2|)}+#lA4#2r3) zJ#5$#PkP02a4g_0D93StER^*~CuJQZamg9zmfys~#XEk^H+Q{q`#QLl^LD?%(AN9y zVt{07uw77I&5v0YH{35T+H3c|wd2L_G0A*S`=pV)L5{(UCqP!Y^(Ju}O3-uFVr{K2 z>k?1jp;FfZjXj<-f5a246s{k1OZn4`nwisYWGG3<%h-c@53}F2_jitE!KTiY(m8)S z^N6Jr-p@*ti{C9da#1M7BSh6T$@%cRZ+vuDZiR~X)N|~HX)&!+Rx`-?2`WUUvLytRry-XuAfU;X--NaM`-m|1M_p5jn@bUVD$R7n!0}iyu@I zA+h=qr3X5KrO_?seW~f{Hu5|L$fO=-b>P)M`Ld*Kk;MJcS=S0&%-y;wICo(ryW=A) z(6t|0d95hO*r7EOZTqb;v+kcu@pI0+`eb2mGmYe`=Og2%yAP?of&s4@8d|hj7-m|RhDD%yza>Z-bPf zf;}ZMHI>K>7{VSB98=KuyZSg<``wL!5l@iZ3juOU%la6!?te^)R`3}bk<74X6H+Ay zQDtA<7gC&YZOhpMwRll+~I-@D^M?cG2L zLXU1IUBHkBNeR=NjU=kU1oEQS?j+k-YEFrGh*lU}8&;P`cJ%4swkVQ*4a{!SL2i}3 z$Q4+ zKY261I@(+?=mt5Zm)MQCd#ajT4@a2r{{F&fuc|i5&%O;blu%ztJjxCwo9uqP`&4r` z-{Pr=JGbMcHZu3jPiisgb&QwwnukAPGUyb>l;`at4Oh_W4wV`V>TSi+uXw$u~I82CoD)oa%^#m2`C2NmSz8V;Z(57A1bNfW6R!+u$q4#vmsloKsuqZ zu6kkN*w`)2T0J>HMEPTA{|P*$HkS7yhs;f&k6l83lA9coolz6pzwi9|k|+r77JVeI zFimkn-dQ}KG>ZxWbu0q`-z-3|gju| zZA^W6g13}<23uaRe?IPHTT&1Ef+%P>tT_QRo*pS$cjy#W7~)DtWv^~*SQjH?^B|(A zw~@nPKRWT;MC11s<4m%R(Qtz^JMxNGlYB8{%WMm>&9?gcnfu5MbYWXM#g4lsXlSkU zZ$k>Dg+hq`I*8{YC#!>#OnQ#D4xizBj8)VCIg~6IcdikDy(#5S8+s$AE z$8L6XMe@iqiC|H-E$btW`+i#@sZ_56aU!v<-RH*ElJt@F@PYAja&{(Ba~e7B6T07`As!HJ9(b%cHN~ z3eB=v(04g)J${>CZNOW)h8Q$!@@d!eY5&T4m>(kTg|tR-FEG=hS~Ya5!U;G(^nLhH zWh6tp>EhHMbAkF(Z*+ni6m-r^=|mz)jWIg^JB@pBwEOjF)0j&1`1UnE7j^OT3+m*_ z$@usiHvu7QCr)ht#732P^IqEmLsHf|RmbSZ-ui#%pz?jIy`I21)h;U9dJ~0M*Ns*r$^s zK8R$j+BersNEMj|O!asIgs0O2OOs3ld(4YOYon9*XZRb17{)Hvp#A}`LnG(O@O z2sfjfXF({)S(RxWDK&R6_0MUU1@||E;Z6dT7|+W-!kZ7#=a}Y#sgF5?;j&y%w`bC~ zuggIA`+2l)G-i}te%jwA+}!;_P_#q~LbS%S4=(bc3seQ*ogOE*P*fQ)9crLiUI`gd zy90+)9B$U$X+?imJj$cBBA>|G5kf`~Km8qlyU z3W9P-?^Kj<8S3zg5vG%@d^$o?qqn??ld}s= z^;~;(TeLflCV0i0qKvCRz1gQp@~nXACPpT&ADX%ttDF-IO{H6+ZDi{z8UJth>0(ie zP&R&7xqrnAP~yJC`HRoESyuXtQ_&h zzDrDgVO57t{=;8lR`~^19nf9NiQhc(Ziwd`c?aiUY3iO|vm`!$Rf%(6S{XC7@#(gq zd--N!bu+h-Zh4d16!XGGVv{Zdao+O=baCHbgmLC_u{N6GIK-y-8zjA_RoAV7@ewKc zXxfi^xPWZtlJr8pz4ma63^m- zbk9GqG;|a3Mb07bc7fy1>z!Id4G4{oePalX0XeGEtDCURiWx2XVaMCq;E;rsOA`OPJLs-u8yzzHcj6Kn>+^?MBXh-mjR}cAKDMsRyIfbf)DvwoAo&BzkU?mU0dDUkS^~5ctjaL(#Ksa z-Knd^Lu1`Pu~iE-)bb&DInJQ5Dg8vd62x&=aTn>iO!j`m?z0nv8axAvMdX`Tf}Y6Z z7kzpK@qAso5yvNp{Wb}fmSC} zt*;n-L6P_`Hg#@u!@*$;1 zPYVCa`YBH!QwKehGoC2c!Xrp4VgL7I3~$_pQAJS8Y3SA!Lq3zEY4A1pfuj>N9=P}o zzG{#N%1$kg0%xhf-caKQTQ%MQj-g?v%I}qNSaZPlC6;>Jv#p?keY$82u4p8zvK6#v z$aGa$^!bkuZbKwqr@Z~RZ!Qc?Z)E0Wz z`IF`7iGm&DKZbzH2SdC#%ctGz=cS(CEm}{lucB_e)&@CxVG^Fsq>x*9ms>RH{@xRx zeas-%f%hPZ|6>5tIZsRIylV|8|3m@k5-H^ER1R|@L-&}p<*hVk;<4lw;*DhN{&;qY zPQ}0IsXa?UeI@diZ7XDU^Km7LxPC3fhFfFzN5Kn+C<6I01$ z;DCiekT{XNzqtSvj`zCmqu`ZG@AfD7Dmvzr?f9uO6^RO9r(r6Ntqajbpbkic+Ck{a zgf6EBol+rj;%Pj9Df!8~jj#Q>?#a5^6CG-!mR~L^kPVb*gSE|+- zwu#oSt;Nq9+8u?9Y+u+b<=%rC_EC3L+^kvx_DZA1d!~Q8AJyJqKM){VKf}2fqn|kK z&}skg&ugQ?tW@rkDOAK5J`qvKxd~wyk&R?UH!<~OkZF(5XHAeN4Br^RQho`JY9iNh{eY<R)FAniK_6rE≀S(+-LU{0?kga0tRf96_JTt6*zr5dQyc3D#n!E8`<&^1X$y zzL_|-_jCv)tcl0*Vvt{ND=6_d49U_}D6N=!9-KsB?fM_d9lrIVlH~8*{Uk|_@S4?D z1;n0I%*T0t{!z_Db1yU(ryd479bWwxrvk|RD^ltMgBMT7dG^d5Xbm5T0}$`NC7J-7 zGZ+#;*`LWr!cK%>byh72ppLq~T7a6D(3rE6XScgo5edh`VZ=DoaXF~L+g+`GN(596 zo>#`i?IK#vq)w7C6SuHVb~3ytUjW&46b9FT;M-Ad1x&MmFBzc5|LmWg8;~|+`6nLl zVjRNY@?S2g8sPe-ius<|X_bi1U!wEhWf4bJODc z;^1#nE{spnA9;sro&4Zw;lfWjlhYmJS#chx_fx?K>5;E0S-b0{cIZL@@tTnxRL9er zcvx-61F`xRDqA1A4CH@)IaJLk5wO!Zq9YW#Nw;vj=z`xpsU6FT} zHRuUX%@Pqa?V_Te{z5k`26>7(!8a{?OwPRztCDWFh(Vu~ZA#*H>lJm_v1I9zrfheyHE3}_aPINJK}Ws{G>h(3kqpGo8q8#JbBHY8!0$2Y%-SIZ^GwLoU zc2AecXxDsgHvLUUlq+>}b)Att5EF7q(Al}|TO+d~ch8C^Yp+UBZc_T=O_m%w3u4BD}pKJWj zJ>^-hc8Gk#wVRvz@$O&4Y1_3;8`zx3!c5pz<#SP!9mMg?l;$iXp{H3-CNq&qqq1sO zGYR7AZK{^{hNS$c0rXj6*KsHobp;hS`I0ETdDxOH-APkH>xSdh#Ro2iCW(3+%@KGK|aYcSRW$$h&ydt2JrXM|9@ZKA}zoT zAZhjj0m}*}^+=Qy@(#{XpI|(z&WX}YJa%vVujj6B%oTP|r<$MiX!Fc6e&BRDhOUUn zOM%y!reP0=>ZkA{H^tST4{Misb2kqwkCK2drr}7deUuldyK#oiKegTTectiORmo8v zehzY(84_oc-U}=36Y^*Kbxs-o^Qg!^#l1>EqRXTTJTz`Fdzcx%Fe$i!VyexHbAF?q zmrY#@{>TM;-zimyIG#5}4nNLniDVUPjeOxP(fS^kDSg922b2;)#SJf-qHI&8-GZk$ zaF3IUev*v6m$|Vy013qRp-P2*8UEy2G@QFW<)$?Q_9mZlI}GAwDD*^z?~K&AwsK$P zD-x~VJ(I!WK2`$hqR=j6JTNkpA1027VqT2A0Qlw~X~kAZwQU4Noboy>b7xtrr5|rH zT(u#;?}WRGQn~jtc37g{_+mxu03|h#G8&nQf$C!N>71uv@rH_fYQxof9MS`y8>*p**}^%dz@nX0uA^l*`LdC+ZyfU!qE6!^tF&8hfpIE`=Y z!F`=$Ult02Xzx^~z1dtIvJkyP~y)s41Ma!MhL+3HXF54w%>pa z=LT`hpk7LI;q8_cZcYy?Z(nJ0O5;C7Fl(F^d*!F^U6MG}=3}mM@bC2Q!>gPvdoWi! zMXsKCxmr9%9J=E+Utvl#ko5-wq>$g(wTpq8^*tb0Kn z-qxjsb!Cd+1dVw!Pi_qbd!C{1w)_Lf(JD<#_52#nn;vx8#!bb3;%KAVA+?fNOvXVB z@~P2)zt2UAnldeC3=a*nEq9g`I<&yMUOAzq{c(#0nmoK(33Z$9vO#MFXz^H*xfwSncM7L z(sGqAAC?Kb%cRbseSZ3PA=}aX2K+F2em2Mj&b5jZeh6Lh32vA~1Tf$(s_#8-q_Q zh7o#`A{?ZpNLJUAjDME4b~vU)0w;Afl7fUJ%LA8xYm-EXgG zTC6ktN);z}>Jq;*`SoyeFNn8tl|02g^Kep%<#uCm=qYqFpUV+*P|4~DKd3}EgWROZ z{~G!BVdB;CY1n37};fs2fLPUMp&;F4It4MsK?$cTJ+F9+W2*0b(t z$K230#E9m2)JsR5vm?B?%xbJN;GL?XxuL{~PYFXu3jfS<@C`#EdP;iO9vrUXXi2Vz=@Xn|$4 z_JP-DH1#aann&Ff4oa#(lzX_Knq<~-caX4)PZfn7O)D$^LzH`_Ewl3TvLS^LzO47*k7v*X4u74(@+w zI`Qnky1n{M2RsfTi>*CbOu3qu=9`1!O9SVbW+x0O_+sq3V9hzdA1V;1nGam*j2|3A zQ2mae8-t5G*h9s&@86#k!_fzoX`U@!T_zNNy>yER<$&a zXtzOJMb*C%b2+sRcY2ry^yj5RT_-JhTrAKN2E7}@Z24J`@QN1Ixx+T7!pZ!{V|hvK z>&J4lI_7&lYasaH*y8Tikp4UDAC+(M-L36PdPA*?zwsv^Q~ki7E+l*mba#u11^gmA ziTJSe1dY!lEI2Qh`_ac(^~c?x~S)o$NK2A+)uW$__(`bY614F%)h&h zwtucCSaZ0XGh447z+Q=Nomx7&y?l6iHhN73QT=-z({@;dp2`E<Wm-0FxkX*ozDDZ3v*u#njYFqBy!iCLpJdHeqb0J++4uCrKyE+chyB8`OH)Hq~Eh zct2X4n*Hho75@YqjqB7mY~hEM_9oQt1{M&XmJ-X9?vX5x-8R1svkfasWdEJzLnEon zB<#f@{S>~_^7C<)pz}z29q*W1A+nSQSh*4KhLLR(LdaP2VUGfq5sUoueT3;4G8e#_ z(EACKdF#}wx1!5wh*1MwJm`?rD;w>dm|rz)hr{$Udt(N1G=`*U9rlLcL@+lr>un6+ zO-@I${*ljX>pg%1%5%&*Xfs(d?N>!;pL~k#3lZRl;1x7)Vu!jGXCd7T=7DZrT&VDbpWAA zQ?6%3|Khgk`;me@*YwP1(mJMBCRWpI?M2sFWrW$Ucy9^z;wtiEP#B<{Ty zGZGLS6XkE-;5z`9wsTEScT{fCm9}vE7=vAXID~Ds?B5Zn`|ynFqMFbQ1#}!ryOJPW z8Xb|_RQZM@bCqpOqf@Ms#P|l30}@=0MGRd(Ako)GbOIbF_oM7B&xZvYH~}wDX!D&) zS`R!VUwZ3Oe}2)EC%Y5eNnO$BKTZ=)N1j*u^;(=QAxS8|-&cdqgOjl>d9)mlfSsT{ zz~`;7GVCcLRl}BOTqT~5IQ`n*OJgeRBs6TVH}oo9WxcL&Qmr3buJa4PKZkDo;m!O* z2X-}Ig@TtpEKjSNPsJ!~tY!)T!rR8B(7b-HZYy5u*{V()x;n5j8&4OtLh^+2*a0zZ zbOh2(IHtk%W(*rPW$*Nt%%cW7wa&Fu%BE6P_Sw@b6snsQl+7_pG0PQ_ng=Gw$`leS z6bcRWcI3@jG?D|-gKS!jDBj+?Ku^rG?cB|<^!MMKeO@3=^Y-*vnZaeyd?-D2&xSE0Bl z{q{Wn@+6F+Gre%&V}MwCZZ}Q7$>TM*WFKe8njyLhsUMIOdDg;-|7P-VOWhsI>}Asy zue#nJO?HDHotnwtCUJK>4mW4_#Sk#8Uo>M4(h7_Fhuio+*PjLS#D!EuBz}M z?PYJ{_!9$aGA`ee`g@5joEDQs{M6N%yZBB`@L3@!qw$QbiVpfwiwG5zMR{${$jklM16Bcf3vNuE#q|?XP4^>5Vyfs=8SDt`2=!E}fSp$6NT=?|=@cN@a^`v$ZV(&q)gtYz|pFDS-he%DKBjm-;5ra!zV} z6<<%^4)nE*2MSmGeK}{NTKx<1H%LcYFazXB=3=e}S9K{t({L<7hf$>%rE;U8M50E}Cus6$`VZUolRedy zlXr%zQ~lC^5|;K~4a%1GTO-B7z<2#kyeP>{EAAS0sVn{RALc}h^x@8C;syARHHn{1 zuW(=jq6^#Y>R|gYr`#X5&;>Tpbl3&<8b}Y0vsQeel`wAC=tX};!!dOqA(zg{j?Y$;C)q?sI zSp)tR8cz|r(MPxfL#v?_b5sFpW;nNAc!w`cFs|fnzC?fKFj}Ngvp*mRTg1ER*EGc& z3hoWa4x&)WEdIwE*%r3Xy~K`0lSeDdSOBvBF+N@ioY&-OrLdQs_UQKDUyf}09Z6l) ziV<7FTjA$H?KoJET<1-V5u;8i4A{TA6Vfhc$Zt`CDOPO|iR4ellB+w+*yHSDT3yXN zsA>31ir=iz=)|&!N_U8A z??%GmZwdd3ENz;j3G_Hj(^Z015o_uXWr0(-Os-!gN9l*q9cWZ{nBTpytuMuYa`Tg0 zx)8AP)2aT1wYBel?&+S$>oqYCC0C;1(R&c7Wi7mBE%>%%`NjGwd{o*DBo`@@=6X8H zqz|nVB(X0gspn5l`_wqzPx5FsMO2%RYd3L2tQ=hS4BKH>T{gkKf!6#ln&a%=vYkAo zQad`qS1#THEUsU)V2?MEqF|ntSl+8nYhP&IQy6%)aFr_wG2qneh@@OzW%BRsQh{KW z!CC6#E9Igl9F##HL>hU41Fa>8Zr;A!2C9i5`ImYXe*mPYzi0_XfH}MQ)rRtNXTiij zPznN#N)NjveDYF=5reil`e-Bu_<97?+eQGtBD)MreZL(yF?XhSIegd$LxWDr-9V4z zq>y&ui@RE>kQ3#gEwCZ_wwAXUIw}jP1fBgf?cp>+h_psEb3JkI9H=~blR z6rnKZ2%?`cKLBMq^M?!1mlB`D^duw9dY?Eg2r>-Z2mHAv{(H?w`ZqWoea-tT`#Ta3 zea9T!2U!Fzi3oco0=He04flrWvRvJzZZ&Y#MN%Al)p{NItW-#}L3%2sd8+Htl4#$m z3d=)ZKz4D_N<|lp#4zegoelo;MI2@KKciW* z99lF$MaJ3X2Fd9i06#Q8Th?~&^!CKMEb=tj*{W08*aTm6yy#Z^*#O}({#!+|aO0(8 zNgFD4f{IrrF97ONgEqYM@J$$BCQ@tpg7!^GxkUjc+$yE1dYUV9KdSEY_V12^YGM+< zdvh1;tR5q7T9dcE-Xb<({SEYz7BT`xap?1*whKKw*dMHe2AvQ(nqB=+h6Nk3#xH&t z?-xDhUrFP^^jhLM-siFp@b>t3eB*FUiRg->`}JGCKP=!*BH*&CwbmF%B=X=+PXTHz zJfM9^$+qjR!j~Oo_>6xgPuNOFulI{_?kmk=&Mlkgbo)Qt^F+Dv!*5#3ihFU<^McI9 z;aM#<%!=k>K|Up9YOSEu=4ll5Ki+aq2_b`Sx!|@sNlcDT%`HBoo^`4^wmB~E&uo*w zSd>ifDUGyaLwV8CpEt|Ja1u?3Mcm@Dm51IoCP=2qP}JbC4ZbT|A*+~@qfZ_n>r|lM z#Vy3G+`JMv5t-SMvT;Nx_95Tz62&Xw2YLP03ex{D17kQ-y3}+kyu0#qqnU=8F$RO~ z7>K(3?bASTZGThPG@SD;puHn@$N42*fq&^adRh>hy^J{_=C@1P323+kmZbi9@KR3e z)^lW2)JybI!aGqgwNxsRSQBm91 z%a#D9=ug^YHe$CQ7W2@P3LWH#A;+E%|H9re&az3qQunI*p|mBqg?57!>a!H|OZ{pT z@D6Ue?ILz?Vl~az4P~o?57WEbzd>;hO!Sa&x3l0&;7jPX?KALG{{&FzCX9*rCQnHB zIyV5btWSkX78W?$hZZ;+`kF1j>2?hp61*vFzD@E?fpzuv7}ZWl5cykFO6q;UjP$q= zYLuzt zCVd)9V+mh9vYSsb2>k9LUWJb`1Q}^8mgT8RO?mF4L z0|?TeYq}+6n?GX-qMCczSTJ%$aFo`U@W~o57Myttl<3?|tc$7f2{T}A&y)$)V&Yj2 z?m0-ov~eqNJF*VMSng@$q`LgbntR{x#+xB=@(Jf+;5oHbrsT4O-QI%?b5BK54vKD+ zI1VR$>$2DAhS$Vw)9iq0<#OqwmMa8?!QKM{wNj1m)>+%VLz88+uq9phf=M4K35R3U z%e0Z3ivlB;b;euUi%47&W={DG=F|}3UR*r6cj$9 zau+r7u6CTCkyS)Sa%e?e|BALeF^MG2Inp+yvSH zGmZDf*LOA44Tu7xu#XEF&ivE=HV6?YHYaR7PCTX0m|2&+$6`4d_o`N}x(o`2J`tU) z1PF_%Qv0!YS`DsuRF(%`18D~cvT0b%Ws+%Bdio0ArcOAp8qN&$mz+#lrQt_YGKmk~ z7<>!i8E&UYo-!Kjd~(CBxu?k1#9$>MeFx{H1V zEs&6s-y3`7p76$EhNpJ!DDFcN}-on z_FT3Osub^Yr?j`Y71x$oTa8NW?eOCIi;649thPnJU=^&hZT#~-ImNTC%Y2#1UdJT} zQKnK0c%#ZA>5KK1^&z3e_63vs7fa2ShAsh3ycEV4DFZR(KIChQruqtoCfy~@j%?GrL&(0d^G$6+e9T=me53;Fd+tF zVv9ap&u~@A0D!vis_@h(HnWH9{J)y_HnYEswLZC}-I5S%w?9L`{e@PAJ-zkK#=ipc zxh9P=!;AZN`a}+;(HZ0bwBJYZ)adUrdLmphwGUJ|kRB3?5mprwDKEm`D*8LN(z5K2 z8YX!Az(C2}{1#Ht9)HW;UoN%NoX7d(=Pn3rD364n`*TnWT@0}qBi@n-g(UxY2I(ih z(4BwjrO${pF@fEQ_LMoi=3l04fULvs#%MZB?a^Wm)MH!mtz2vbS%J9>7JYXto5zUG zM@j8JU+X15CK>~lnCwG-YI6v^`!?pRr{ui#fR+NTS9;)R;ChpC)Y*BB{5!cH#p?5> zOf+85Fu2-_^Z3ZsTT*%H$&I;Zg6qS~ZRh;;kI>ianRE-Ym{1>|k4bCCuRbUwQ30(k z@^3^+ExOx6NQ8Ie4{cgz$bGwtFKkaCh)xKC^DA_$K%>=DkC(rp49i|!JHJmzSA9rV zNkX!5l4!Cjq*v)q_vo1s?ja-joi3TuXTuOtiq|E9ux`>wRg*aB$q|HIQgWz-)I7?U zt6dBBkGllZY$AOr)a0Ws=A=GdP;TlrrtiHZv!H+L_{Y||-inlr7hMq*V~D8BTy+Uy zuy18OaF_4f(AWjGi(tk|upodK6v@$+pO=O2tsWlWzx9Xj zIKBT+Eg>F6NV{cLkdK(;o*@Hj>&P+^eQg&7F(VD@mJ|!FBg#!JOkA28%}xuDG^<)z zdG(&jYje>gU>!pwlOJyA0tA6g<1kue25uppwf0(B6L2VMv>hf@PA(APFBt~Q+PgGM$dVdK^|anr8+A8 zqp>?jO08gmc9X<0ZI~M(4p^2s1c;hd-^?OzJHywQ2&OQGZ=jDHDh<;ZrGeFFT-T!4 zG3vf`B#viFr;NWS_%$0Td;A3Oj5-=#W-Q3k{>6+c{>&J4l16_0n02defq;<^4Y`}< z(~1dVW_wZ*yj(%A)X7pSEBNgzoi7s3M4wJ{gwUCa0*otTstDS#3k(Ov58HST%iGc$ zr`qWZq|>#Oj=o!dX`6jkRdd_|?wj={-ScC0${V^oPoi3MxI6gUwm$2%B$cD?gR^@quT$GXa?as|`e!+&Itb?wu;RNuA2AL}fC^Df63EJh)W zx_#fD4`-t27C=tI5H&8wuU!d8vjfh5FcW8AZ&3^XI%%|N(G#kFnd$klu!C63y8jIn z@H*rxOJv^9xAa(1;1G|J6fUWOw;oEJd2^FMyF<+6x8%Y~?Fx5sc16!M>O|jT6s-_= z5>2TZ7IuGM7cj8-EKtluM?Vwp!NgSOV7C~#9-~9RTz>ONDeOKz9hP;rg6U@49?$1!?KF84?eucahbj^s6pU#9jwxEY%b)B zYL2JP9qQLra|R_^6QmlJDIqzE#S{vm3%WPIFnav7iAi`$^5WxXc@a-3e5WSF2gIWe ztQRR;;s|zCM4f5tDyd!Fn-)1etj>MjPiFV-n**c(21Z)*9npZT5m}K>!LS{40O@{6Z#>QYA~e!ajj}dg{5!ipHS;dgLrn`gu;IAqB*WgNY0^y3{)zY zN{yz34rH6ilcK>Hj|P_{=a*~vv3J!b#p_69$r31UdOD?3CwCH`Nic}MRue?uS2w;) z`X|4Iy#@Iv8}vsNCG4(2>@+f>H!@MI{eWv!vGzvs@Jvl`qyQU#%Ix_o+{^+==K)C@ zSwj)_Z(5$g7<@HHwb%|0kJjsfI5J%g#~>a@+Fa^c=AxY%p$b7DjcnZk@}#C2pn7t$ zstE&nDL`fi2C_~KBn17KV+0xm{LeSkqIV?bEOq4w7zWO=Pr#s5|BVUyrAh8s?7muP zE>I&z^9v>@nIfeq(XZ47OR;nDO6(jRApL9-IZR+zM#fL{%`+aNh+9cryyx&tCfVOG zUNM!8%f%Hn*x$0e_cS@ZnPdy-=JaMKYmXGMd!QMocTo-#h0~bLk?$yd+JfZ)*)e=uCofg4<(%LGtC79V6MxKb@kqur<&{Pgp)tx=8WkS zZCLkcw&MDi-x{qqv`muX0+&WpuRjsTLEyGUUhF_<99>iAh=B zIS%LWuWcnCYv**_tc^gNVCL;B#rw@j*OWNH&chP0U?@3=`!DY5>km5lb1*_!_*Ng{ z0=IU;F%2HUl*){9JMn)aowG|PS&Sot^DSvv-nlv1C4bn8{|iO(ZTCgzkG1V%8OJ}* z@-4JGJzv)6Y2{0W3#@*a4`60{&N_!5vK0@(WI5icN!i}TcxJQUGmM-P+xR=6Ts`jZ zoXwwP_%fTv_GB5J5AbaN^!&_{Bd!z)etw4SzBYt|vuL{o7V1uSwLPN{bNvkW1QaWWAzz24OhLD;pm{CzrmK6@|?kdFoiUMF#)k|31q<5w~uwv64w7x*R=nGYaQ0*0} z`c_m)ed`3p{g@KeKL{aku-5*9ZvLe>vz!3O4wsBa9xdS;7|@+^&I3dq-?Aq$Cpdq` zEgZWZQx9?$&07#lmqKQYdH;8GPajrQqjbIf-~adlURd5{|uAWb!dyuNlarN)(r>TQVol zGB>0Sf-khvNqjm@X{;3?4G_<*I0U*WxR}1jqak$UFEG+F7;(1Gu|`@RIGc5UuY; zRb+&Px&Qtz<8@h;CR2VW@@}mpV6aV{2obc}QYlKQRic!`yJnSPlO428o;|2<@=MIj z3Y$##7BtI5W1#9&loDD5P+|UPG3_26O#!}XtbDiZ#$Mf5iC9|GSBY4Xx1>Az8n}s8 zj8?gcg6=QVg_D=lwvk=<6;flVpf7Ii;bo$*EGpa8VDR)AsSb#^QN#V7)IMiNBinp{ z+Fz+@AM>n6-u{hd+FvF0pQK^wDsBH;)IRhmX#1F-h08`i;c1rSLul_(m5gjo7k+V{ zBaM}P8Z!TjFu)f|awOeiE@a8yL=`%ouH7OEO~o0HXU|idNEo1q63S;f%9bZ&7qjU3 zN84HbqwT)DI)wi=c*FFyLibfPuAV`H+s8sd(Ap=jE8mZa&$njyoxkm4;2(4JG4zl1 zwpzgF<*qn`&an)1j!FBgU;ZWl?zdDz)eFw_XYW>%5)dGNXnhmzl<2_9Xht z;2-Jy*Hta^mtpV8UzT(g_m@d8g80igavFabe-+AK7AT*U?9Ocv#FfXx3CyC}rH|DD zM*NsQ)`BB6F@z=bkLqs z1oUyHSgOaRV%l@}qE%6@>+r0Q!{@7^3uaJ#F)I{tUwxj#v$+r;(=l`W!Or{QY_r3+ zTq!AisBvH_*`n=;AJ0?V>igN4Ww!*&VrFLeLw03ft5^63OkrS~R$=SJug39p8F@b* zL?bj<#VAb8YvR0E_A1ur^N3cO zXXIA}Y`<9aC_TT@;I)Qdc04Dz=|bYyT?)S_B}l<|?6&^_BENi@%K48`o z&N4i}2rTnp1#xDt!${7uko+2YC>(zIBYyk10Q{=g@nfNuACfZv5D_&u{3yA8fCE_IA-epNiK$-)+;ipP;KB zLcb1-)3vXA_UiE6q{DYtUtRm-b@+AH!Jn#Y|0>;lkffuZj-Jns*1;d3`#wbbJnJ2y7}lP{d|O{r}wM#A-TURba=jXc;46%#n;v1dJ`$j|A!8rmj^vi zj-I-7n8~W$SoI^C$=vAQAm#0A6*mPZ2{*Yqs@-Vw;#z$Z1#WoOViW_-9`0mn%#B$d z@ju)8R-K;Cu)K#0K5_)Jo8~QDs&jCH3 zzB&j!PhTH7Ju6pe=(&4v5PBwD9g3c}4i1~1gFaE{>F#8jp5^<8L52Sg(Jq)2st)5+ z9TteHl*4Y!RY9n_B*z?8Q{1W4m^*!#Ox3%eLaGjvsJbxKh^oUlRkw_isXEM`s@Ti8 zR9Y|v&sP!}n5tZoM^1& zpI};kCv*9oEYr8X4CQySMBh^bjO2GRr|(s1viwf=mtREl?*m$*AF5UJ+nLiOzmrw+ zJ2?=2vtS4N>&1cS3ty4GU=1*)FBt@GyCMjE|8Sb6ZyB@#MOMKdL0|8qNMCs7^nEtP zh`v}0===5MGJU1QqbmBMIpgA#mgt8M6#B01Nb-w_O7vX~zXR)s#|O4ZKSW<1Y<`;% zxqcY9Orsx0BnQzCi-(2M4^+V0jK=h>?y)O?9 zLf@$->D$S@67vpMyH^jD>AUOiD8EA``X20OB)^orxRPBoRF+>U@vlmLahdbiel4Ky zplvGpb|v~Eq7r@A3=O!Spldq)DI3ix8*o2CIc%Lnf>8Evz4 z8M(Z6e?%j%1N#J#*Lw$tlGp$1-2!=?aX>Yn#haE_KA-jK*P{9CiPRwUeJwNc`D|0E zW!On4iyRKe4q>i}n*k1_h(d5u2b%{pbc1jAOZ?C^3l)n8( zkFfRaegCJ>b4-^o^eyfmI`?YP{=t255URFLk9_~|MzLo9u<4>8`-igwL+u~3E^5j8 z_A?cI8%^yW>IPn~v(M}7!vk;8*?)ER>-JN0_HnI!xbE&89ekZVx?TtW*_(CnC+qCf z({%RjYqihaZ`8rh)xp=|k8*;U(7cXxhjn+|=K2JS>TBrlb-TcAqqZQ zE*S4_im{a}0a+}35958JG5FUt4Fe`@>x)oEvDAo?3fCABAvK?!C8Giz(wW`dr5tRT z_5JeQ3zB)=Vbb{>HaFo+bA3PQ40b6k-RM&?zx{S<0)JDL-jl+ws?vM$i}w8T3yDf--F&SC7lX7 z@;vx7-{IMckv0zNR#E6AgcCZv8!(!6& z5emzbL48NtN_a#TzDU9st~vYxBVS@%`GQ^;{le^v<;cH=NxX~WM1WiqJYy#I%lY@x z3jFRZ+(DOkfZ*s;pA>Wuc|sWbsTqc?%PUS! zjC$5U!x!wAf6E0(SpC|>x6C8AxslrRu32d{ko{KpmIv_3qW|^nis<+1VI=w^Pg6z^ zSsy}>-+6tkt}a+R2W#_UU7%R~x7zN#vrjsd!LM8f4KPe~d$6PgCUgmQ|MJEBYp&{R zj`Fo5eWi0eNSq7c>n!S;PAB}35M`-avWdteXDU`51OG{STX%Y|QT{9Kxk6p4-4nn@ zWsMdfepz=eQ64`Xwc|&Dql-7zweO!0h%qa4vL*E^<4xB8lkm?l**++55WZt^Fn)cc z=5fyJ^Dhc4$44cwe9-4=&S>%r==!71fN|opaQSIcIn;ij0UQ_~ohDoft1KNt!SSgo zM2#uk(`guAr|Ul{JBRO@vyNuWBkw*L?XZom#C{~v5~a6VCzkHxv3nf2|Buk}4;@1t z+@qJeW5MXLA*}vX6|N1V{Gz6+r9xY8;M%&8y-NA;m*S%$PC4t%@lU58&RZXWelVU8 zzJ5(B(1!Q5hng>L*cKi>NFP44_%`r4q>-(oO9htVqe7pG-4W5pvpYO|=sx-e+CRsh zX;##F81xkj)Ing=&;`O9#lPdyn3`y6Wm~$O21=J$^ibRu^RUBOgR?s>k28{V$p%wb zOL;ahK~qICPQG}=3G-swN+7z4=3YePwHVDYr*5yuTk1d?g1MsT1}km6Y{js$v|y6S zyWvF^Ky`wUz$>S>3=iHpeWj@Tvb}|PcDXsnUN;680q^0|2y47ablf|$p|HFOw|2IY zQSu9%FyY0;@{2tFqPut@r79dfS-Nt*kk8c>w&LS_M}rad={%yo?mOB*S~!gNEfUZZ zyxF%bGElO5jOs_1qf&lDi#9}mzkKGT!O;q_uD`$VJqN;djo>gbh(E@4sep&)IoZb# z$Vl=vhXM~fL05VZ=~i>nt>L7r;H2ZnT=)XA6)rhoRfrGy?)kYGxz+7!RC?ld ziftfekPFHnS5gKz=i5s9t0sz37L7tUx(X(WHgr!qD#WY$q4vlY3bCQDRXSXYKm8Ba zuCZ!>y#&CtNIrz|Lp;MY-9RN>SwN>TXk+Dr#;cZ$1@M;o@uFx>U!|y{uUzz2Dmo5} zLZJ$$QmEW17a9eHyi0Jl^*K(vPejcd;yz(5xD=^eoIx{TjH^HO&s|Qp)SwZF4sp_S z($NBTM%eLY@>X!@($A{G@$`l#BOsQneNlfd`7w;<;iTia*@$%b)1P!MEg$k<)RS(k z49td&H zA;z=8^75H~g@@lGAB4iMYAF}0r9!ASaG`2sGoI(GV$CM>$`J7ANU}7%q$A0yAvPd} zA4#q%q+#YQRE>^7I64Nv=qR`ZN5&-0$VgX@jNeY5Zmz#nLPNAFBtdRfB?bS9)+7K6 zdA?mxVAKoze7lAMY1{Sb*upvAeR5k!`r#N`+resLK9b}MhG8Qs+l-@de3F9cr7%=@ ziOH#~Q(Lq!a8d00yj~Q?z~bIid;0!-7)l1G> zV-UY!Z~)KWzvT4ngvm15&HYDL;uhvNn6a`vJG0O%x~T)%VF8Jvq<&m#Y$bbeN-L_w z7vu)2%LE%+27qxqKyz+u+tM|B&RsK7o^uggbFI_oNrh_cHU+LFOM<(Q!^IaI?vYIZ zxA49F576%9pu7jF;V(XvUzEWMaF1bHL@`IKgg0z@zP#U9^?=wEEvGWH=UDv!-xNIz zuK=+etn%P@&CPYoR4+W;z$%ZMF6#!jn->+vpt*9O#2F-}ShW z(XP>A{33W9zn6*eiztZk`&+ZsQh&bF{azuwqwB4xL@74Nnoc)o0fN|G@|-Z*v&_-9 z*QB&pEVZ{^(_SsMHy_#)M4AQ9vPA-^h%eX*c{5a)r!Rmn*j%MRuD$@iU|lxJ1#(bTQpYQl_nIaTLJFVQ^pdy;0^MrfL2@Cna?&? z;A}&81<}2CMN-l!tyPo~PmQ4kcy?3WAX-n8Lp-T7-{H+04>QfJm-{=z8P>d^Jq>cS zy5f000u3uFXt1afUx>^r--vZGW?sSKFsF2;N#=1xie8lR7e(?52fT=J6^PbyFfP4* zhU|mQ?aX^~z3{>0b>=?UvE1wS6h2FPEG#QV^%o~_neY_CmKJ~L0Z3O$Y@ia<1{(Y| z#3BzsSLloAVWHB)9MpD(`CcSUJ8CgiGRB0+7bDZvuA(a|`?osRSg`uWy~r_BU+yHk zAJ&7R^Ra;g$)PH!OHHbkRHx@-kg~%=xUgoRuom%Dt683VnwSL_phU1D+~iRQZb$Vc zNUq7n+IuankV>q*c@W3ED?w(fhNxCY_cY<^$VYb4S7T++=o1jjKN!Qfk$+had>d4Y z1-NX>L22#cU2f-Tb8N*?w3aEs0(Ceb;9H)QQpf4_p>|Y?z*(z zR4JYQlsMo|CitL+gJFF)PFqe-r88xx)3Y}_<&$jR$n%`Tzs|CaKI!lr%1Sv71)8!` zKDCu(BNoHIo|B3>sp~tb?*B>@_c3=B_cczE?rW_1!%Futmte~%p63I)h>R`+N(}PotX?Tcnjg-bTlC|5- z%9!pgyR!L6>CMMSg!EfBG2ic&9{i2pFl88vCHJ+YKh(-R-q>xNK;Kh00; zIXs_$)>|-?YrP>5P&k)vA$K*gjxqik?*^5|gGputv}IerL+*{IQ>|3@9N7i8o{iypIs8qNmxeraml~HnJ6n{aRP97bFqu5sRqIiL8 z0fdpAt3*g~F}4-crc*>oaB;4iMZUcyu>h4!n`_}2!!L_Jq95pelUu?pXYit(c#-ce zPvvi#_+Av}?ler0)~Wt_PY*F=epHDyy!i z>#W+I-Zss@r;l0vdb*e_WSqdOK%3T$4vOF?Krr9ErG``)=5nl6mD{hB>w@K~m%Km< z7vNhU6pz*Z*j_>@JzA&z@CAGH89AQHp)Y_h*y2Z|0&8+GxUb|72&x1-%4-uSAd_q= zH{L=nODvNs%4E`WD|$5a<5m5jG1Xq-(VA*ou_;~|v%F|A1Awcn30!6Kqsd1$E1G;{ zv!f*!CGwq7u*ptLaE{Mq4N=xuaEcbF#l(^P3Z0|m z&qjdXX*)2*|Mnoyhp?Q&lV~7)b7=AKCQXVHVr}amMrRRD&FGPV6-Gfm75Fe! zwuxv4$c9DOBmA(ylm_;DH*N?mEPqK*wH7ol6+Zx5%6& za#T&qhAX@~GhehR4soc@$N1m(2h<&Hr`2YgdAC!h#tvKh=og&cWp*gDk<{zz44mF6 zN3R855<>^#^lw*R@%I46KzNrV*_Cx^6+YB|$qN9c%N$t4yClaREWX_>N6B{qw~Gl*X#jO)5pcD}CT z6SO{maJr&DL}i*^MWxX5Ymn&R-q1HOyD5~uDm^~b{f4qWv#a$P_O$UO1AQjnpZbZz zy8zaEC)r(;GJ6tWF)k6F9VuHK!*|cU&EdTz*6C?-!mc=_!a2NR?f{49fFtFkWBAqw zdZ4kv7xxhS|3lnHXW=%QXL_%D<5;pKD+QR_nl{zGgdKG8jW2G86G~2olI%$+;_zT% zdeud%l6+G7`tsTd7{9@ibty%2;kDReIefmASKxYiHChda0Z5j&KLK_fpa!f31JTy> z29j_fysRpj1{JLk*7z}n^jESw#`d?cRQzPIvRL?wtX%Byz-GyZ>9QTZ3Rs!ERtHTrRT^LI_nSIN7%5AFr3{-YEM>#ytJD|Ml z5-h>`{)7@&f^UFlRpUU<*hP<6TlfZVtZS_GKsO&+MP-PTy2Akwu`>M5^3n+fJaFY+ z7;6Coq;ENyQTyBlx;0LE+6yWIQzTP!Z5^I*v4bm0TjR;kqU}g(>C$aqhtGNpu&`-A zq*!e2jqmr9Gca@11rGz?2gu9IlyeL(L9)$_=RCp0s@OBochG6^N&zXY2lVg?H&e-i zIEiMTGwnUoI(c#w{an!o8&i_gwoyw`dMi4okE?+C29Tt#dkrM%@aHH=SG3`hFkN<**wegcAEW)0-Lr4-mWj#-l#GBJe z5|UVvq(?3UN$T(&N>Z@<)+Koo9f&}lkbZORoHLXYoozUd!o;6V!7JQMg-M=>a<1b+ z<*7Ug;)|L6JH38dInt_Qt_G

%U@^A~siLPpxK#1xbW(++R-|fZcaW+LhePWpfqDe; zgk(egggn84f<0reK$Mg8%8Y)Zk|a+=vpYTrE>E=sTY-EW_M7kEwIWZswb7WZ1+$4{ z{tWUod$)l+jewV+NTDLi(^u2EJh?`JJf-jE@|3t+BTuuJrD(FAf8_#zDG=MxI z3{m-C_40fN<%K*g|D4Zv@J209*d|->xkjEa|F#T~Qm5nsMC2&^Hj*c-zzSvvd7`KM z=lFa_&FSYmc&W(KcZncRGY^@V?>Op_%y&?e<~#U{@`OEO#h=l9N3TrHcUY3-iD;Jj zSqS~q0os^-$WK4TMXB|Z2ZQj^FfGaNbs$ekpBl(h{U@ZKpd!kX?D+zl751} zq@SQ??Dj86KhY~w`Uy*N{e(2@`$cehveckI=PSKD&Hq%rikkf_P5}*=P3qMjL7r+p zGLWZd;bm3HJgA8BH0lN}PoJlOJgxeO%hUXiH1bq9lNhLiKK@5TdCCKz0ptl`h|2AL zl;mj^lo#?e>@dj_zER5)w#m*rtdXac07QmJsk6#|AbBbqVk}QsfhF81FVFea5O~?~HUH$~g6K_r@Pe^J-o_^~D@-%OMXn7K-M<7o~ zHk2pi3Ca`pjD7YE$`gNOMxLl7$rI6R`8T2Vcj>J)`@8a1YDr3pA>!f&rv0}dNtf?1 zkR&U-tSZ^iic8YV*Kb$JdM`2`jKGZxE71Pyc?BB#Aet zlO!auB1!+Ufh1kB*X;gIbRYtGLgJx3A!ksYuzzeQt;hK*Gx9_wNuG#uzi$sNPyScf zFG!?&g;!8-@Itfw4(~N!HqWpR-U+chPEQR4?NoxT3^QS+Yy*>6nq&AWc(;{|Y6l#) z(YwJ^T?xNdd~KQuSXQC$Ih^ya}k>$^+$b%7bQxsu1ERx~+=gCV&e`47C% zBKZ)8f=#xOxi29f!l!h;EFF9ZAE1p{Vh@;*A-1IwD`t6JHO}K-(}nl-i3s26i|Huc zZ{K9K6+ggDq{2l}u!DRQy;bo06MSQS@hj5nqxqHSHR#kvWQP)vuP-Jb-_rS=s{zOt zA^DH+0D13}T2}ajmPv{|R#!f=*3rC!JP*Uce(Kr}9*lvm2FLMzj_5_T*ml3a>pUhh z+bI%6jsx-D09-y;@K?H^l5;ogP%YQUtl`JzrcjtxyRu;MS*g1*K1+!!!AmlOMJ2`I z{n9)hso+^D7U`%u7U^s7sMUX|wWrD#g62vRZP7^d3$jE5?J{DsNTR{ui>_6WS!W8! zc6D}2wbPf7<{aJ(?|>RjSt(7FK>@}=7FdiuQ<&?HEcgoc=(&@f$M-p{%^<(_`ks3K zD>*zX>{;N~a=NRV=k&_*fQO43pH0c3ei}eBvzN}3jslta2q=^*E)ku+E!$J&to$J+ zD;oU|)0yM=L6Yn&kE<5kaAo|i&zSaHzMYsQiex-boNIJ?FQ@aDyb&0Yjm(LSRBQZM z3el3egiUX7jDW_xi)tbCRWOVPA~kQrF9kn2Jp1YPb??wNl&^y~K+?xXLIZo%_Ip40 z=zEy5pDp{3D$qy-IvJLioPtf@MSvFOKBCQtrPL3l&z2ESFrgd(ngZj_89VsDj^QBb zJ5YC#KHH_yXTb9lj+8He`yZkgjO()o*LCm}$KIT)VZeAA6@AA2ppsj3cxG+Eg_5tw z;f<*xpT!sC0!c-i^(TI6Y-lB@um(wmfj_FIzOTmLs@7*P#);qea(*+(;kXaU^y!_@ zz{f`MXL@}GstmAm)wmK=+JdXNhJv2~@3RE;2n^A)Y(9ehCO@P;%ljrQeKrCKw1~Od zt5I-QgH}S_w$~9265p0yG=EZX(BW+(c~(!bA7-IvRr06$-;RsA4gI^|IRfuxb7!?% zsv~a5?}0S%Kf)5NI`cF#qv#}#!8sjEr<~>rtqvn- zJvBuq@uuK8=T)-SaTTSRrwhNiy70ro(kW*$$}yX0{Vh-cT=;YPRw9JR=o8n^BHY7WIQGS?4}&;u=J;I8jVh<*ZbtIioy=WDFKdQ%c`8<=ZU0!zi`-b6t@@CH5SB4D=xJ&P4J+}9Z<9wEz6$Lv0N&?`V0{l4pk zmS*eisg{$R-|*~h%E=|n5x5J?VCMM^AKQ3Lm*0>wD;P2n-VfhTetyGbXf@jWhGzoo zCzRhX1fLZA0HR8^eyAV^Ns~TNY(KB^t2E3O*7121DWSce9}1c};7#L2bKB&&)A`yc zWhH?GYlo0Gru5Okym3qX*SH@gF@+P#M47X>1Nabh0>i+qCl9@wIEygtjT`pW0!x9 z&FO0o+#WQ39V{+@Wg@hh>pKp5l2AGbPe4fHl5?enlmYT%r!*>wD{7ZRxd6q3w0~gt zXQ#Ah4`{OcHlgx)OM%1ttvi+LBL#M0Mi&CYSyB%niS4M;*h`MJx5IX39{_g1F1)iz zJhY1`jZJY*X-wB$*xidRE0A7nbB%-l=$!`{Fu^C&@o2ns}0dB_}pbK4Xo#H&m=SfNpg|}o1;OnCYO_L+ucMKgtB-$0<@`b_le&?!HXb_)W7i?Tih1U$cPbnL>9~}VPCGdM=D%gH5 zfD%@D_vdK&@g|WQW5EirjA#W>GHrpfqMv>Dc^lyytBJOW1bTTycEi@SxEh}57U09DKwtdD}*Qc*agTJ-nqZ?sWX)1 zu)p|sHf<qcSJ>{7yAi!BsdL^1YdbotoyH`RDmtyY`GA6 z!Ctv|{8ufAN7&j`=fgX8v+!i>n9FH!wwb zpZHBz8z1D2^RXb6D6T$NZA3=m9@?s#Zx|wh-EEjkhDjAt?>L-WV6VlGFS3s+)ZXjZ zM|>fR0H|&RLg|(8vDps)u=%?TuX=uSL-71ffY*lkivdtPBLGeO;MsoV!RD$A(-m;z?*->HY&Z-Qj{!B zUlAO=uK6R)Fn80jVg(ZgHGLF%tY+iI7ji1J+Khp;#nrp${KBl_>PGr8y|{WA{D_0# zSzr^4({iQId|g4ARceYvv=yhYBYal@`{QqZoW+l2IQ!?ki;GdkGTqlQ?Q1H1^+F)D z#*_FUFNL)ke&dB!@=lOGX8AaPU-G8IcTY_)zcfq>;umzNa2HGb2gon=P{JxVW6+k* zTQyDP7p)-W&wiiyg}(c|$?%rdMEtF!mq+CDzC(V&C&n-2V=CE%ka2$b&os_2yei|D zXFrIBU#N;u`d22c{{c^`ydTI!IzlY3q792T^>T&C@%$rR5A@9(Ao6dF<7&qf&vX}- z&~Yk%uYpH(JX2hqmrp|5OF~;@59m*T6)m46IOb?X&oey9R}LhONXq9Dd^D5b$@xrz zXR$8R^Z8M*c~*WDOrjsqGA8UUuAa-f`2}@ekizVV&a;Cg#(oml9BXgpF3KS|qFUM$ zd1ZCD{TWpFLjLW37;Zd!(E!7hH@3hFmanm*alFQd_>uGBinpym+RgC75*VY@JL7jS zrQ968(%n!A0B*xtX#B1~6e;B_`D(f0Sgzh%hvkSU7`FHvj0uX_;5Tl0Plf79R~XN- z^niLe`Th#O-)luK+caL0;$?r;%@}-;{{RKH&Pye5p+`(S^?`2U6jviIE$)XAiHOyE zpvmS3PzA0oM4Y?(!(fR1(5U1`I>=AF2~dI(fWNQ8@=g-fivC~nQv#*aS0`R^Y|z9j zRznR%pC6Bl$liLKe~aL!Ri3_s<{t}7WZrr$H1U>tntb%phtmh^;MmxWHe*-Fr+3svzX4oJBS;8XWRcus-| zg-PM@q`^h_QUs+2ld8KfM9&gBrlg;MU(Q5%L8*4VINU%#6>qd1n*1@LMsLw@DPN{LEDA!kEyi&VR)C%TQ*gdXIep8|4=jbv+qz0 z-m;pA)w%TYh#dbFA{C#QJfj#4h;^B!%CiTia;);IeEqA7MxId>p%hPvK}$2I>g3rg zY|0|Ua#I6M@MVLQ3BHtnL}AxwHZbBs*23~}%Eb=%GI_S}pm7acfi;%1=J4KM)*PMc zfB`v*Xv& zoNd73PvafClDBajKZ1|aV_e7){PVDeR8ggCZ=&D&P%3GP1Zj876qFdsuOG z68*@8g&V%bQB-gf_WB}ix4Z}w9omBS5LP;AuMETv5)pn|P;N~58R=aq>sXa@pN!$0%d0ZZ?XyWQ z4~+au1%=WbjN2&nG-+J5jN1nPW>`I!p+FG4cn}x}#2zlEhcfnnj`reeytGP5Lkuc4 zN{9CjV!}2r-cU|UX**y3*gaIuc$Nug9y>!_G!y4b9UDF6^#*z~2FAm=F4*{4S*GL{ zXb{P)zY2OdjXe;9`~7qd@6iv5Ww0){L-<((Nx0dC@`0NaVK=C_8gFBda}PxQ5+T3* zbgHbo{hUTbmHimMju9mcxJCvXN_RZy>-Wxuf-nqNcaY98wC-S9XF2&*ny_jTZsJ`0 zur`-C7cWYXhyDX|5Yt>%3*m$OC>2_R8I{pW7(0rTOnlVx#~mN3&xNY!leWhoc=EE! zVEJ1HahnD%#(-2FqPhmO&pIzA&$h}>en4D2m%?g^i?xEt#Xi(j{p`EXiF|cQm{(<7oLd`>{G}>FDY7rL^uY`(=jT<7pC4>B z@N*rW&UL2%F6Y88I^Ug3xWq>dmzRP-2J+evQZB+0D2A6rSoRw@%&jw!kHG&>v1^7_ ztZ{}~>?|s_4U0h`v0N*ZRjw9lTWz&~nmf{}q=|IkHarW{M4p9dBL52e>~y>!5pU%2 z55a2Fi<-y#KH0=r@?RD1N#7{qd$Jl z&v+r6VTo70tldwZ`7=7ZXf@c(e?3hL4hv)HQ{%ABLbE}2St(MSBaI%57*b!9N zMZ=$o8^KMi{0!qy;h{s=!PqwWjelz1pbpDx-J?a+qTT=Tx`|8DJb#BMb(8m6{%R`Hqe0UyjQ?atL&&FnVL*TU);Dy z(3fwOFGp?J&%XQU(oZmov*teog#V3n98RzPA>?jlcSxzmLY(iMMgzXJK%N#4! zhWafFq%p?-0eUmUPX@_Xsvwl2+5_zrKdWe`FEQ)t;GYcI>6$V=h^DC|6Yx=+q{iY)`JO7OYT~ovB#$}Uyz(=Os4&^s}^q2wa>cyD#r8)t?igiybuC~yR zTZ^k}0JJ#wIMh`!%5p{`t>TRcFfh(FfSp~>(kc#WKK!sWe@!!N%?diNQ@s-ZfGZL9 zt>bCJ^>j%iY}o5q(BqXl7+k4zK1u0(tkStl>3n~0L+69F&I75@bh+hw=K)J7ykl2c5he z`yE37L(@ih{Z9#iFc*)a4u@CtTp!~forjRWgZIx z5 zWpk*cmQH`&^n!j@phYefk{pXaaEcvjSj6p3C^Egcx`-02%=1B0oSh6VR%h+6$=SXK zLH+?)_ipWD$!rr!QEPR+ivW=L^Bq>;@sF_jvQq}zGuz!MK8jhZ-IpwOgNU?-7ExGz zW0E^HkfVb?JF~5*01LkF8n9nqt|(db)kCD4q5EGx0G{+6&TMl(9_S}jf?sSTtR)y% znVkZD<{GyM11;piRvYE#pHG9JFTsnR-@tcbeRfI~TRh|Yq3D20fU_|v=`Qg24tDun zDOszn@|9I6OhkAZA}?g6N64%+xKy)KP-DfH!}!ZQx=uGc1;Y9IRpL8rM=p99197)* zrPTvsMkI*cb-^I~z25&3>$$M&e*cEw*l)VMsy7j{R{mg2Dq97Z?xc^!|O>GD-)x&EqHJip0K31|Sf9F-4b9@E34sA0?;6Srk*z{8KhX zB+;wx?A5wS{IU-%p4S*(fzmXl=xWj9XrVUG(q}a}pK?`HK(k7+&5)EQ`Md*E1lV|y zGp|qO*D;Pt=1SqRmvExwWMLn`p`(Tb-@C>TG98Mk2r zk;>LR)QxmG=`p(Ah-aHxMq6td=u33l(L<|r*UYUnyJl_?l&gEF7i(-(9x6k9MQL2V z-d=e#l{tl#d1$h($$YaWFQVd@{L7-t9SY8M+;Iw(#kkkUtuVSL$XeWbTye>w6)mm3tO^FVFn0e6DNcnrh zk2JdcLMkpm1qSHnU4zWhMF+ylf)4b*L@Chq4gB{x zU6O)Oa~>>Kcrcj{-jomjrB+jTF>F2}<3!Zb66rFp{(HKXyve8!)5;0q4%^-%Gg53O zS_FP*rDaAQeV`A{;d3bdX+Qn$Lsw0Sv8P~bw@zyQVknQ`;CVAhet9xuie{k@10h?y za7c_>m9n=m5mh$|C(Sq;pZncl?D5?4`0@)l@Nvob395}sLcH*AOX*uqIyKcBwimc4 zvKIS-Mxw0(+W#=l+%8nsxcu=mzfH3^?}#gQS!>#x;9V`et2KG|q{%z8x=xdK1N84Q zYH%sXWRdycrH;?s#}>>~Tt(CQDtfGmy&S?-5Qg+ zF17Cde_~xSf09`Z81!O_etHm=Y6`59zdj5KzV9uz0RkF-JqX#PWD}MLdO{ahoAoP( z_KO{sP=~?$E#*8^ve5*KQ<&XGUl02$6p{cNXy|BnMQ;kd*f0M)16B^tHI|}GqBfYX z>{ZN>aTtszSWSNa)l|?SdJQ5-Ti>uceQk0VJa0|++y^GO{P!oY$`jSfyOqj*s4V){ zphd~$TZ5KA(f2G`LS23@zJwMtb~phwA3v|Oh^8&sJC?i@+}4ZG%8Mbg0mFuTN6;|= zqgBoTbsXQVxFBfm8bYhVCyni1*#^qn4-w8YAxy1fENtD6;ye?FdD}rcrOPEu$l)WB z4>y8J>ayC?UDAZCT!;s}#J(OUV{Y1>+{{Lo?=w7RB6`|m?>}3*)V>bmlU=?oqGyX$ z%sf2nj6k|0V@LCw@HXS1BV&v9Y4)kZgtcdOALj4*A&qP2H)6N1oSrQ)PWYBMOsKr7 zyS;XAY&KNb`GeT)I28Pn75rZ8Q3$F};gHW_ICO5lbjic#oGF0mk(O- z%}o$9T18(%Zd#+mx6$tTrmNG_)CS$nz8#yFz*Zv71!-SsTP9jt#oD@F*GXq4iW%Fe zvy88uR&31X%J@j6U;Ug^s<$g+o0Cd>BxdY(dNw3Lle4O!za$ur4f+OcDZ%bJ8hd|I zj?^=eMSHuzdIBhOW$vEUH*gW)(2-H2y_)6)=> zo4IRtzg+7EKxW@WJ2-fz6DONJ6){fy=7=V)jg(J&rF%KAcm$4dD2UwHSZ_=e91 zS_eu_xIO|;u|5v)j5QtWb3stZuRax|sGz-WGRD(f_H3}du2C0HgJ(#tT$$j0u-=OY zkge}O1seD0RIr^>NXn1u@qNK9!FHcFcE()y(_L~rl|L|g}it0h#`>5DAiMSm*uIdR4*Nb~PY`C73QBS$b7?X@j zRpRtAx)GCL_!|ICk$0pvfG5jek)_4E}K_CE)rZF0YiN|K`Z+W`I_JRB(%$n|{YdVZPP{<#IOZlIvDiSYB=%eD* z++P9lD(EkbeKME!W{WF-0V1j2cnL{w(u zBhY}#c~QuZvX0va2I^wg^zX+zBR}*=e(4{nDs}_$eN=>-%8&6?=_qG5J{HVBE2f&R zH<&<0TW_AHkf-m_`vop{ie94BEPTCLMnO=-DY|H>t_UBn$RdxzA`}}X`LVd%yaHL| zd0j-5e15!cy-DKhjkSli-rx}UdP7};7iVht^@iG}^@ie{+7@?iy{URU62GiOpfh|# zR2Jt|!7vfkdXxWnB!2m{%%thgtv7m%&v`yoMfKaUeN^m+;TQ5J{=GbyU(!{7q9Siv z$VW)>rtkAX@&=t~_2emJW+Id~myoaV$rxfLbXdXQ$a|>C8?3<7+|@ou@`m{wLEhY{ zFcY~FAp#b`dzW z&^0T!K14)j<0H_bls8Egk@)8^v!**IZ}dpM0(Di6-TBr&D#A_q2W%rr#(32-9^33Ii-vJgnwc!vtnh@fsC5(w8ixS@5N|_4t3?)K5(+l;v6Py4{yrpr^_gc#dBKe7 zsJwhxsxS#f!%BYqAkTq9tYM0+!&h%vIFlf(j7O*qh+v6j%1gNQ9Kw5IgY*~5E^~Wn z82x4X-y`WS%MhY{r9?9}5`qHlWKrlZ-8ya`*kOrT)7_)jUxLt?in=Jr<2~((Dr(L3 zm#Qi}E|$G4>~S%0hQa1%F}M{78>qmtgJOlp(VR!;uK;X1`lTtbjoRU|C!Qi6UF!WEr+XAy6 z3CV4z9yjt&#+%T675V3J%irTWiGr(OwWm-1Q8vEJy!r$Ov1()>8K6wGDm;_>iAm8i}68*j{1@A)UcfL9qDa z$3#KT%%zd&xwhD(>BCIC2a$l}u^28~cpF4mV3=<#K=dPJRTC zk)PU-XoJ~-{fJu8(;tD66T{Nq7m5D369#*Re$T~{qDEyu^7$gt->m7**^l(NT)8|| zMdDAtC#rZ2Lw~X#Zh9!3{gAZs-d?)wm22g_y?Cnuvnn!c5h~`)s`&YDiJ?|STc}kr zcDcc-*jE(_dP~?>%R;P*XTX3uvMP3zAEiV4;-lgCW6P4L?2E%5Ffjs7ih@6;FNwq- zKg>00I`)L^i)BkS`{LFEi4p9JRr%|%bS6-%m3?6iy%K{2?#a^9Sae;aWP6&{MVa>wb<-OP}R4Xz72y%S=np^@V8Z5C7b;mL8cu z%=PueyTb5CW^q*d`WrJ%l%tSYK~jqUq~b{S=+P-giM*eI5P1 zn!b+aGA1eP0TW4)9x5rOFEL1pJ?gey&(qmULL@~=;H2v7VfX8q3!{<`Z_GGBeSP1zHu=FZO^ z$A>u8om}r9qT9)3dJH?c>!z9QH4`zJ9zWXIGn@}k?ksP=D*?>@o!kpDao zNnTuV_eqTpX+YhPBeCcAk@j!kuf>JsoBKojwYq$Kio95Wmw>3IJ`@<2kP;F99q~ef zZpC8)BbgRI=9<-XiSrRcnDV1;SADW`N$%|ccBKl_$=If{HwE%{Q_**RGA>~* z#bDp81;GM3i!gHyUPQ{uvu~l2qKI5D`0AW*bX=0a!s6v4vc@F{H|G-SQli8~fqfDD z`7Gg3PsLMPRnR$pS?P|%FX-Wx2TWyN8H1PghA8+&bVuTsx&o7?4|U3)uSfkp9e`c>7uEXW?6`d(fBl^%O?Pg6(c^L&s+JsyuY67Zd#+xDw-1&UhO-ay{c6@= z{eBgLmYLO1vu7}?;nQD5XEoe7&tNqyon&S;d~RNd)$sGLI<^`{Vb3tPAI3}y!ymqx zQP~e;?l3X(MPtuMn;D5eUb@|+>CV|R^jH-i(CmkQ`!b^aFeE=628nRVQ0EodB7$OJ z4lN>2eL)O>iwpYvV+{;2S6e+cphoLk!(?8o91Dv)1C>iM{2)IIg;>J~F}5l1`GPY5 z&rrt~319$Ru%fY7P;+|vlec^Eeg!BN>O(q=@Y|74S67=HHQhOT zg&yOl&eq~XZ~iQ?MnN}>4q9g1TLp15O*h56$G(!u_ZS~2*eP>RP44!8fC644)p;0zqEm#MUdMY;c* z5^?`G&ZOzi?f>++oOUnsN8#^Rwv#{Vxf9awr3_WSN9~U3_v;%?^!xNs{eIs)2L1kA zb=$93MXT=#(eIBm{%`dA7sBrU?}$pjA2{{|^?Th-({Tt>8A7luF(0v?c~n?^lukTO-mx@8sJ5rt0i}A4F;YyCrOVAktrp4@CMiOW*4EO)P!sp_abg z1qMssQ`ebU`raxCvGldRe^TQE2VNJB{u86J?+qM%g7JaQi4o~P>ZHa8PMf0H_g>i& z$-amFB3jHf(xW{ic&9cWOg+im)Pozf_sG=qY6J1W6FSQT+o)mkJ-$)XC9B_tS|)6@ z9=k%>sByal7MEASSJp6sk8R37H|REMET`UKxnY~OQA5c2Mvb~;rl7#S4*f;c1-r}~ zp-Q--bNjWqH%Hp9H6ZM*F1^);Aw*H|J3jw;bHwwXW=(SiKg#`@9`RS)k*Z>Retn`! zgmC9S!`K74r+}^)Q#}QUVQwWv*^Q0@W+j|e7u_kOr*1b`32(mK%u49KJ;X}*MqLCe zVOaTLZXetiZvQZSLR9v_eb<>7@uo&|{%=CW^M7Vd_dH?yVCrp}eej;m9oq*(^Q8`Z zOv{&g{$pysRDn9Lm7i|EK%Xy_uI9FnWmlY*{Pct|^}0>X-yOrUh>vY?`C@XV45u_9 z!6`ie5z7-Tbq>LbVqyDhnB&^f0Hqp5KmK*dc&$17#;E39F8`b)mw(DGQ4&N?ty)!H z2lYy8iZ10Zpntq(k#fy~{PG=f`gY~|_R5dqm15Gwm7-_CDvMCsn-JDDTbh>d$Y@vR zn z8v}2ld~iu!ot_$-v6TGKe{iT9n==4C!SafAgO{l`zL2QYhw+^e)JDt-*2d2$HjJMx z;LY!#PiKquIhgRsq9tEXV8#`s7Q5DTBD*bJusN!D1^(@YH=xfH@P?#U|dc&2g9Jb*5<3sz`k1x2k z%I~-yCN#g;HPyoSH}rmR9$Rmx99!w4biFOyUE!FotLPL8iKn~5Z_U%)6>f4ratGIy zrsRdWFWelyF02;?%GQWbexyOUZnV`>&{_EKS~K(e%tQ0HDNu!^Z~N#!TKcw~@ANUI zZ`<*&;Ph>c-8)X-*7C#gaOvAV8D&V{7G3_fynhAfZyVLU^ZDCO?|!2B+mc~Coz36& zQ*LnnHkuOoNRT}3289O7KaC>TGsIFfL&NbazaHn;`HD9A63Q(M6Uc8*r3*16_$xVw z@XIZBiT=U_RNNdb8vh{hnGRVfg?J~6*iK(XDW?rDjR$=I)7O8lb@wHBy;;^;pgP?p z(W5Ihf&iq_`4znWT*?~4xH%X4oXPuS_~-ot33KsMDBQk1!m+ay413R zdH<=A`(FSIHW3C5Lv!!KWndTHb1h1JyNHsjOG5h%Nn-m(G4rVVyXe}}@Y6p8Kk_pp z4R9^%aC|d92|Kuq?=j+p@|k~} zb29Upf7&x#KJzg5KV1F-zyE=5beP%(QbNC;^VOWL50ahmRaLD_!rdd- zK4aWRFptx+=SbxCRGzcm;JN2@D*{%nnuam=F(ZO4uuY3YN5Lb*<Wm6Dx+9Sw~4TKC7ZA}brfOXr?~sZXI1#=xp;LL_^asrbxuft&|p*e$tb)jFAV&5 zGb*6LS%v>lZ-SrRfjek$WcVo$txbcUo@-WxfghrWz`ySZh94tSOyH-Glelp3zl>KC z`RG873jY-hetK83344nKKgE&cJ)^=;&z5lTPeV7`hU^gj8D-8tSUP)j82AGW{}}kB z!av8x_-7R3pV3k94|?2|J+1K%K4-li27bKtPmT$JA5XrSz)w!4(ox~?KZM{%hn2?v z0>Mx3z?}rWMS`EssWm>O!cWh|uZ4r3__N<-6qx#OQ8F&r0Z;`Fr4jTCc+kZ zGpwO5$=%|VauQ%;=z?8&AO^OL(t^pkz8ss=2d||w~lyf&Y$| zS_v(W#1CvE zjky~}C4mX95$tY&eTsl$J5*-F!qI|(He+!b?60m(vji@Lrylr}gHLB7Cg9EWC1|vb z-vfWv_rxVzhOb6?X-HT0JZLzRDVVA~OSPUcyIUChUvT}9dg1%ip{VDpiJGl1`u@;f zbWq!$aqFe(j|nahP=u@kD9tE@C|2IIzd%B*(xxku_{WWxj#u$|lNX6Mrkq{hbnUECyp*@d7!fs24PbzPjJ!_g;pL2l3lb zG~qIcb09uW0CmRb9 z8VyCams4HbHZ{o~zrXfxL9&mxcrVr`K%A|W)sH>AOko898DmNRtjm3 zM$t1L`*@z}?ZGBkA0t&cOwJwo>I3+8EJ%}KTn@M4ba45G!E_jw03sS(O$)$<1ASuZ zmtGaLPXc`=(B7U4cH$dEAGEZGUyZ9=P2=zN%mU!XTdzd^gs1x+Bu*T^fO8^@p+&Y1 zg|9XO#oucTmcQgmex1=aO7I55s(0WThVHdN57Mhubf*vumR}%!(NMGeG9mZbXaY~W z{iZlVd3NosEvTNUzuM%!oksckANW2oiu-mDrLE1KE1%KYneuJ&^+Dwof8sRFpEw!z zt#QDw&k?f6fQa>vftT=0gtwDD>@93}`wiy5A@;zH7Cy4_1Bb&fl+cfm#2>i?#m8ERNX!@&(lYKqzUi>c#s% zGqnF8e=3$&{Heb@sQOct0gT*d@TWq3QL7Jrm0maT`p_1>P{2#ZyL#~QE{2th395d) z(YigXQE{UV9`qZ5BG_**6-B{--XiF^`BW&*90UwxVZH|P(GnHp9=!D@_G%zIv2Apz zfyuzu{Mz>ySWNuOl2xcofcbg|+H&5}v&?0!ZQm<;YM{ex>@fcOdFu6`@jK?J9ily^ z`CHUI(bmt3zWJb5bm@bJ>pYv+(V=Rs*-PeYW&6xm%XY`Ie$trZOQ8vS6_X*`(Tarl z=(-#6Q4^=Mvs4FOp#~mi-)nXl!Fxs5vpWv5%c~X^4F+yuSf>Dz{B2ZB$I>UE!_bR`B*C2ZWiay;>>1pRG(M zY--PX{7;zL3l!t|>E|1a=SLynE#TC-PP$8^Hi1-ZmEQ%6T;Q6pcKDCZGc>hoi@^>L z?#JW%nYS~7ujTQFHDAlf=Q`(Wxj8*LU(03bk$o*fdZ&CXO_v1wTFmU-LH7FqI9&dp z-k*Bq7E93msnc{IM1*%}M0o3p8KsIjrIsm_!r2PYm+7eW>cz}W0ApMgFQ2W)wT($%ykx5WtFr4+q4-o~$)9-Y7koCf`g z(wt<7JWa-$IIkNF^ZEy)h}Z=&ZGgc9)xVaF@r-IX)5PYNASMdKk7ms8!3z3I@W>V{ z6zG%1pP_wtjC~ZbJ}jE-xB(lL9MD)<88rqf^Qg_1pi&oUrIzthAXt`}c4;$qX$|S} z>z}YOcY^0#bdSbjJi}vjrjm;t%s|AE`0XIfQ8Ow_emWoGE2W8moY}yQ2ZhpWX(5;| z0(uhyz2M(ev3;9Rno6%v#ijy4j5glRGtf?8kLVwf&#*NoKNM~{$EU&V+!PG=1wScB z5GNC!&fgS_r#P($=WG={LDu%y12gtevNFwN0@FO3u-I3ZT__buk@{oV9^WFhu`sVLnz zSCl+_maJqGHg^?ljjQ0ffj`5xd+aXMRV{(I44gSW+7-?f80pWR%XFgT$qTG}2&1!P*BA`fonQ$A`qbXe|53bM$ zN=1V&*2hn;b=b!r=j-}tEI0Jg0l(r9ixuWaB_@GS07Z$pIXIrbWBlj*(0P8C1ER21 zKJz_%9x++tgd^YU+lrF@-=9GLAZJ_U2WzPRX$!TB#(NT-~K zgax{IY76Dhu0LjMKAQG5_!8uQf2W5pC|6{SjNA*_qn7w3C_$qq4W&+B#b{8NQ944 zSM@a-OP$gql-^QUzc*R%{6aEow9T3M2;TH3EZGY$oYF&TCljcX5easocO`b>tbYir zGg;RIbXt4~CdOo^?;-kGQj2w6zWw%9vG&z5@?8(2$q-taNgk^*R=yU>KSDp_sViTt zR%3`#QZh@kKq(1?F;BFj|aonQv2bFN|!!4GW zSu2#bSoHj%zGhL=%Wc>K3XfjvZD3I5EeX%U6h4`cNr587U&;_xMe(up)7BbB;>s1855&>ep!kbEFkWfyG( zrqU3kG6YTd=l0oG`?h=bo+J8uI$cs+0}!Yofv8NI!d#fO=ZftcMBjK@;4G>M`iWY3 z)<&_md4OlH)q!jODK3aIP)My%I2}*E0ELmhuiruR&AwBi?~$|h^yQHfRgIYI=i0L= z1WHJIE2RdW_4Ia0^MK(FEA%dp)6p9qg5?2~(8+^y%;mu-E)TE;CJ)di?UEMRax>pe zg15qw@3=frI=M$L58x%r1Nftp2UwEJ1N;f{0RCum^`^N&@_@>-*^NKrsVn{LPMsSh z497?I)a&o;?2}M>goHyEWEPvdS(GM$1lTB)f}xTaF z3WUSRBw@)qdK%7}|B;%9snPo~H3~u!Xm!Ln9Lx0mJ)B-S_Y=K}mZS0nlofqFnAfUS zD>IOl5lZRKx$xzVxOq7{(O!45akqR8#KASE!TVJ);Kl&R16>JzPyxYxN)mjP^~`pd z*&xz|%0{~|tg-k=Oi`lU*Jv+pvcmQTSAbDAUn9Hj-pDO#GaUYcgWq1YlIV3V9^@W=6g9e8gOoWwP&dbUd$U%t zIZlxZFv;-@uYVM@HAZc#&$;R>N7}ebY^&c@$|kL|B&(!tTB%8z3ImxCP@nlUkJXlicM%%UmTG4vIDH45p6_9c+8bdR6yrYM^Zhww00Nu! z&ZZWz+c29Z*e22eZemYxHPy=TP*}`t$r2vl47}n5OPU2e1C~G^ZGFl3`M@$)=A}jd z6@5EFM@194;9Wv9@LZuX{*k#^mUSqT*OQ|5Tp~u910DWD0=m`-yC|0ra8Q^4adb)4 zASrqyVaEi_9mpbOkSl^#_U*caqBN(khS?tvEOY8VJB8IEjJn4CgR*~{**b0fB4Pte|B$>9p@w)4(NOcL2b$H_HV3WXM|&z z@q)n=10$Qn>Dx%+TMyf-@Q1wQtW=9(1}wqKLMl)U;#^=@JO;*wsb@0Iai6(PUCZ^kdboWl79+yHF8Zie}~k_rRApqK@I z;o_c=Rl>LKc&Bem;0`Bn81M^U0Fe4|3R@8XMRuIWLHyzjQ=<%P;M6wo3wZxfz$*N* ziSY|gahI@K(D4gSaSwtDv;1wWVt>o3VMgN@kdt5;5NxoGzs?4Wn#*cqCUak_b7vF0 zh_eF6m5@~LfN9{fT--|u*X}rkeomp@n-_zBwpekwQ0pYmY&!#AAB9p#$*Depl3nALcg z?IKO&PkHq6r<}{5a-IAs50XE)r6l=-Kjf~bg~%VQ&;cvKXZi9TQOX~*M=uj~&PI4H z%hH^U7xl1OI^rj`e<5vR2;XFGt5R6V4s!@1T)%0eaM?ZLpx*8QVilqdBVk}Hb{(&x zHbJ^X?T_(bZxb^&D2l|pDnoT&hU_F}o>o*v(JfBAUscf`t_A)XRcO#3CUrOH4;!4o zKQ7;pQ2k*%=?~jce*h80i66thT^~k&h+zzu7o!<1Ic>oNw$Qq2WznkCmf-IrA25i*NBJmd{x)b4O(aEhssni{Yd}#lk`LFOQ9dB zf;##!RWSBmgDTjkt2zC`se(j5t_o`OQx!YX@f7+YFb4XC6eIefwZV*js{R+5eyIN; z{ot=kKhpn#>4!>OOZ=awU%3hW%1;9Q%60TB527DiN{8QVSW0hY2?rIhGb9!x)V zVWc%up))>*!Z*Mn7Bx)8j(v7nBc=QbOxabn{G$F5fnn zkJ5D7@nGvm@{0%i;4wiwBsd6===}uG%ND}RI`7w*ZBg|1OZ2d_g8#k!e2eVHPZq13 z3x5gg{~`ruWAWTk5NWv$9 z$?p5aGe65x)ID38ot+HhS;#TjzB{tBeRqp0bQt5d2T#D> zQ$lIIR$(SNAp{^vL#AzeC~I-Ue1DR>{#v zb$D(=OdiX!Bw}_$sRC=V*x^A6(jJE7ol07L;3|Q&&`V&?@)|B^%LKf(uX=$ zflkfh75(wYa_ChJJI>aCcTw~53`#45l9Ot`oDIAi7z7pXaA{z?Hb0+uGX$dpnR16q>HPVnsc-{}Gs0eV;mg+vJD$tD+$V zMZ*wG3qKZKf=oERkjaF{CV@=2Z9kIA5D1XpkK{`dEB*zR&EQMJN&+($s8+G(!yZkfjR~xwNp?k04=S_sz++`xe1gZw;;x zFv(oLBe^h}CNDr)K+A?;^WqvMq&bqAIGDwlqYPiBI>6%Q#q*xoz85h}G28d*zo;cI zhR`xu@Bo{BWjv!d{i&d^bl+H;RDsoeW0Rx`tmqqiCPgp%FwSo{Sf#zhKDJoszYuI9 zg>pX+CaIiB68u~+c5q<7yF5h04??kvk%0>J{4?`I;&3cnv;$~SIAF^A`o z1H$Qr1p8+NKRlN06aCz7k#0VrZ`)S^UNPV zU)1E+Xp!Vsi=E^bQgi(o2+ye??3y28f->OH%8zhR`5Ik$61zXd(z)S!;x;aG|4ssy zA*7y|nM>ZqcKSdFL*eVC6MywIkXUsvR*oA$CRUU;9ZyAD%(9N;i-+cHj2n}ACSyVlONTLBqo_wqm;)dy*(V=&7Yc$t|03AXZ(r!z;EyD4#$iq zkdM|=O-xYK?I7a;vz5Z{M<$cAq2IvXj`=~EUJXZ%nhcT0>!8~Ors}Q8u721A*w=OA za%1Lm7qIwvH#=dOJ_+N+Fcuc#c>M9#5rb#5)5YnWxnI17y&OWUos9>Q!KEm7fu<-r z6jr)!%}FD*Q@^3-pXcRhhlwZUgr0wX(Rluu>I#*>>is5TX({e~n4(_z>Aa(_&t-id zDm528tMo{jQ9<<9iB;|?vkRx(J7cz((crAQcgCIf-8O5+oz9F#=epZwO}TH%)CcZy zW^8e;pFO4Mf!pt#Qsm6oL8nsDcQ(WYzrdS`=fdGJ52=vPhddeafyXof9}l8ij80di z&{8o97K0-)N@$@nC#x(wSV(?kh-A}^b@ zL9DIq<;r+p%%~M>Yry0R*mhbQ#o7%vSH=dBe)V%wvEE|F23JO{6N_au@T$C?v!taR zIt^EoSAzzEszqB~R}e};ZKa^E2HOFoiy4hBJO;LDE<_|4$Fr`xm~}lAzAaPYGBkfEo5#}31Ui%T z0TqVL^@JoCxKO$P*H`I^0=qDyOF_2qS(E+H$GQH6wt&s<&rWI29?%3Tm)QP6(f9&~ z_gnWMO`c+vu2jWYQdbPRBka3v_L5`mzzjwEpqT@9;hjz5AqWaG~fNZ zb_j!eYs2chAt$*Ne9-YL(0QeqNxAsEju~9l!O8YRpXBdH%}d?Z!#L!ny4&j281LcUWzUJgWleaW5Hr$c4s8kx`T?rqzR=r%9p3VKZ`6 z>^CDv7=K3?dTf8mj2`CsUQFA=MByz;j&O_xhfzIK-Z7EQ<;|xSBR$I$dJ3P_9BM>r zI(_W{8;nmuEee|{1>PEvH3oPYJ)s)RuHru!Ij<&Ses`!5=%Eug#rEO{>zgb^uQ>g2 z;3vy#K^M^Tq9n@P_mkcVlJ^msE~()}Pg;Etophq7r6pAKXqY4$>fBu4W{d;@dz&;1 z*4BBcF4~^Tn+_pkY!;aG2N3==z@2!8GJBhGK-gmPI^Ko?lT?Ig1!#v-Xy5F1!N_x zGA@#x^{fL2p(m@I|Uw#A52NJ*oBG>#S2^D zZ}~7?I7M@kH;C@uafO`pzK1-}eone2CA}bX(x>in8lq6K5l5IM zlyA;T|57ML`Q3~uN(>|H?D#N7;7^Q?(R8Om)Axy{o7gC-aTHbRC|)xeMbVR};17|m z%R(Jr^ojXAenYU`0A`n)(uLmnqR=}J9K~X)&^s$h^nt?|w+WaaEMrR`SClB~ZlTRm zH1-7BD#W(vKmofCWiF4Wo5&;Tz!W|PiVI{&wM4k(+R%(aj9qq zdw4%83a7v$I;Neqawe<^_thBXrm*%Bmoy^IC5=wO{S}D8W)Ooe;B#T^tssX-gB*3G zi10KTWvDCV!fa_Y$WYjd!4Ht3ut$U+1M$a2*+S)L5S=a%o!*~Oa%O>%3nPc589lLu zGqa_seY2(UN!hTNUIhXHR=9IvN|SKD$dPf72}@=l8PJIG(yFo#u*^<}cZbG6JK#z1 zo`W%=pmTU?fPw04fqGs)+ka!beZU^*WJl45*}k116OM}3dU3#Ku!1@deLdRW_dRFr zzPN&6L+|Om%H8M$CX{Bq<;tkbm2LvD8E|$x;9g(g7<%1S_nVHPw{LR4nhm^km1F2l z4el3UGypMty{XY%0Tn=Y+>(+94SXS91`CF(+gE~j9!g3qcOjPhN$_GkI<_$c9zl}c z#2?e)5hUqIO_G*xv=`4qVN$Wdk-kSLO~gK+YTPx&lY$uuAuP3>j6q(kwtmQA%E}bUO)BF}K@q?tcht?*Tm6 zhu-y*yF!A66n=f{mf%-9{F2=zT#A-&R!446|4}F{z>%*YF}ec>s?*1U$18kx)Z6YJ zY!ok67_AF7#KavN@Qx%+zRU;t@^yi?y=bf5cNFD|VZ0;#XTB%aeiK(P^q$jJxwnhf z4_wmhw{kN;kj@4P`iraELHFAQ*+WNeh4pmk9h=;*fh4$U=`Ir~$$q>Qqzczz3tqO9}-U}48Gq8wDl$m~_2<3sToG(HT63O7Dges1OR zGiZE+-{T@Q1IXDZTDN5n9rcF09#(~%N_P#Dq3eJ@FB&>&hkF(L7))~X-%O5{b2(a3 zmzDli(ejc0xcBIEZ0!$mE`Lv8mBVq)st>ucn=8Cto9h=_oCCJwq7c`OjkBn>K$zJ= zo0Ud-Z)NX3YeX*WQQ#1&ci27qg+P3PeZ39D2&iFTE9+~umyPLWbGDC6D)7u*731zhwvK$GRF$&Y0?i@!?V*oF?*)cG%Ef5) zjy5ziFt;70)?PlXo$AdI~pyp ziK}yb4F3%QbN{f(V9iG-3H$_WKY3f=CxmHn--vNdNt;+Gq>Y6-xlq^vRzE*lyhZ=m zEcwWOvSQOSpmR7_OR-DLIZnHFX8)#in&eE7A84iu_?2#>^5a|e;QyfS$grt4|8{4a zzp}&Tw|OUQ^zCSlh-rS85L4L5WF|*WI{RXrUtqXc9keOq5xhZ?MlHcnOAP0W%-(-ay zcw=_iRd{z_6GAJL;*EeVX;Fepnv*1EPTb}0uT@1TuBF zZ&v-dvBwvnjpmu~nh-3MevR)3K#IX$P`e4#QAZ;vV<|{#a79mS!gya#TSC#LF8^Gs%eSBgIO0xdM;pPM zItDpx*Ab}ijxwMEufs@_4I_QQKw&Ig1%;cJgc;t`M-9WXs>8F*>7un8JBL?eR^L7H zow{lVgx)|f&&D{8`R;nS`x{}oh}SEqt!HTPU8Q0HT&Cdc$N_e`-{wkd5i@tqP9*R7 zesBiM`;P#1;S1>6E-U&R@MZ4L7r;*SE0+)7kKM&nsj2My6%aL}h6nE!s%8;${}-R6 z;G?;#kVor=w)i(_QGe7>X;53=#)o7u@MMC&zLlNRMteG%uqe5tja_wDhA-uTV0dOm zu4O|g!V}yvbr>T2NIE`h88y2B2%`TH5i31A1}i;+DS1)GUM)(GrP6PNTFZLzDTMC8 zCrshX^lw4|pMlk_?t5*n`!pDc3t}ocZcsx~v z4gdgx`WPnU-(0%7M*S$*3SGPo7h6kFS0xi`WeI947}4T|zc4x7-xaST*F4(n-Ol25 zc!oOGomKomVXXTS%2zr!J-o| zm+u9K&-#_|W>DBVwmqQ(oz zJGgI@ZdeUBkhAnHh2AgD>-)uY*>gm9&1m@kf{+364Z03^yg;&I;o&)GQw{nrR1hIh z3{~V&2}%*0LI1@f(x`mp<7EBEkyL--5KGZOC<9!&1%)X~(#%gXAvlwo2P%+h&f_TZ zk3w8c-tVI4NY8b6SXLB%X{TJ9D-O=-5(Yn2TuabNe-0!0k0vEFA z*tYmN`4FWrmkP#}z&^0O35~!|n3!THc#Ppl!#LzWT(*wtTIL6(xcu_)cFa}7YZGkvShN3HV`u3ykbS{YjBzW(Ju?PMI zy&o6b8#1==ysHg>Stal4VKwh6#;3*86b#L~y81IqguJUWjKXYkVNl-HGqGhIsFys! z@~$2_FZ#TzJ&b)En-QGibI;?Uc~?K3VF@br*5lFVU45d_(4{Y=%c+k?op<#faII0^ z)pKKm@~$SC=Uug$=Uq*Kb|U3nZTiRn_xAgO;eP$GpuDTE-4~3fzdaUB-qrh!JxvYi z$?;g^ysOuLVlm6Rdc=x|3ZGE*bgcG2NT|BMyOvP(S|y=sgmkKpd`t+yAfGq8hfSv{ zl=cCCws}g`DDtN^-)E9P_1p44lOOco<$of7>I3(f>0WS0;4WNA-4HAIq-& z|0{oLmq$-Df9e<0gY&1ZU*7rrr4KDX(fp}b-5s1i^~w|IzsvHIoj>*4k1SgL)W?q< z{d4(K3zmh=pBk#&15{}&CF$4}QtDB`MPZ89v=yB~3N`596PvRDMr<`JT>eBwJ65&v z7OsuUavZNqNe&J1Ogtft5hy2Wv@`QX=>ahKwikhYVv;S;6ZcP^jmcvBN4TVqY(vn0 z!8CEu-S-@kPj7=&WVe%Rv5A;wMT-Pn2p^sPQH6Bp;A#x3fPD!lw=uKQNx7ABU=rdz zeh#_arrTOzG2IsD3TOt(C-WsP2QR+IsHYaHWI$gZ1%2$2rRHNFavUmGV+G&O)X|pa zJziP6;mKlNA3zX6;mk{wdn(B+JM1qE(MCt#AMVo8^$~obR4BiBGGk^9hIlVv+3R6r z24kiDq>=TC5)~jA>uuhuv7X6%h&+_itzr1jRI?F8E^g2DL%d~_Yz zCxTj*Kh%|1lne{S0@uAi{Y zxohyJ^HPlW2^vkkhD5V0v||{Wj==4YIBRbZeIv4zl$`h)^Rv`*A+unl4qp2Nmwzncr|k;5sKeuchVOu5&-r6|McAAj8GYd~BUolTKX z>iM%`Jw9D&xZm$OyI01Jzzw4RMsS|A1Ry3axP0gTKm@dV113%r>qoG3iN5hkF5h2W zzJ(wiCfS;4GYAtUm2OGf*R|+!M@EfC?;2O;1~=@KHn`H@b6djfb24fIx8n71KzzXy zhv%oS#v~+IyDeeXULYLh7d$b35Iq|ZUTHbIQ)frfkhk$Q$dAul{z9ul3-BK9l0-|y|^yv^Ao3IW&R`MTz!^5V7R$3t_5}ti>*1^qI_f>RSloD0q zfd@L+Q=gqOgs};PtvSI*<)=?aIMFVn^&E`B> z^8%NUgU^1j-s&Dxg{S-=WDmYxz`ka%qdge6CuVM#LmBokzrZ+KaStm@ivh;(=jp%4 za8D(_{aI8KH~_zlfCw3WP2Qbbkzus+HPWT>ZI$XlVZ7N|l+)n_aK`Ro?2z!xf#+M~ zt18(c;l7m&B?H;T)_J)?R-A8&l`d(bW}ono^7=?kd$#SaCOF(;vcO-P5ytf>>^zr&gTSNN}ffXaX0lE5;aC#gyROO||OBY3>i zHtFJ>itp9mM(>iYbV+w{di%?eMW6jbguw`v!b+?A)`PV`dc zgh~hKjJ;0juUh_HzE|f0tnE!sX>5|yH#RvC2fsi7`>}Bhe!X`DgfvPo;-lSjEY5wF zOQI_FI!9_OjsQA@0TkWbd^afv?iDP_G7n>TJCDNgYq;icb+<0a9{@ZzPzAgKS~;Z%FE0K1j#@>^9$+nd)aU%t|Pc?!Nj z_k>1og${Aw_3Z@W2Im+N2MU%KtJGxy-YTsDu*fdpxT2#Td*s`x({b424^8>2c6sPwYL{7;+G1rh@XqhyrPyb?}ylzB>XZEzdS@=;Fb66G>g2l zj?R8ZK0mCEJ|^smpP+ma3A#u_h`TBTU4NQ7^>S^}O$q+t){HHfSRlLBHw+ZyOGQ8C zjYpFp=6iMIx%~G}gWq%Ew`i}X7##nCB)Vq?d=u`;0YSfi_G~=vIchDs%KN$dH;4CU zq4XD=b?qMtl{tBS@t9D#UG!gPEj|*1xw=6|8vZ_RCMc2$-BjLjxNpFEl}f#b(8{k> z&G;NDL%k2sSkfKp6fJEYfSF!u0MUyRbzVEcc7HzRU~qn&i1`hY1Y2&ZU>iFG0vT%{ zkZ~0RGOn--z5gntI#vj&@SHjpcC`)+o=+Bfi#FIJRU8NHZkFpW0U*Jl_~u~I ziLePe8sk2l4Fw0XDz+>q4{`4;g$jWoFkI-=Jz4PpV~=@SkBhNK-`Or-K?3x|YhDL6 z4?6O#?)!=t=EboqWnEH#7ibT4IeGC;|FGkj#bQo(iq-P|44;eNMIfOpW`K7|IRMM3 z$#n!dln1A#=LnTQ0_EvKWXWN3`QZN|3<#_-J~1f(@f!}CSWhXhAlj)AXQ)YTh?ig< z!f2CV7GQ#M44C~QfnKGufLqY3`#p+<{JBYTMm3+l3EgS>?(L>b?0V(P+3ZVwH)UeK zs(dMDQ~pEvv;H*vGW#9=CD4_=JlzAn;4wG(0jlHjjRoT6qVGAM)m^UEy#ne6l656s zVr`69+qj(C2%mqE<;&qI7$?_d<;9pMSzH!XeY6Cca75uceWE|ZA;(DhMT6igM(T$F zF{*r}!SIHgHq{VUY~D==`7?~|dlpQ#6rqhMUtYBOX!y*!q4K$E$PakG%6fx-B&4lb z@jWfyPkgUelPIJ5O(39w>o@#=?7aziR8`V2+#M2VmT)^jFo=#(0wm*>2#$%MrXdZt zu^WOChzp7v;yMW3iVGO%G~{}{GmMI(j?AF1I)KaILI@z50CvJMY%T6T z0fhdl>YTfEcQ*9>|NncQf98>!zV|G3>eQ)Ir>ahsdSF){TP4UePtt-PgF&&NiCEM0`URAo)>glOQs5HhE6s01=l_|6Y1TscH_1qtlnf6HGbtf7-rKF% z-~@kb=zA$PCRF~DdR$_w<)Xn~>9^7XEok~b5E~*))T2Xk-_C3&oBL z;BDkx*jFR>ch{RxN3J>=gUw%F;$R*4hlxrEJByyeA;J6STKE1;_=@$68I4xsF9KGa zzlp`v*{8Z=DL77i%kt>jz49tddFqvy7n1(wTT$9j1HR{A3$9tj{@2Y@^p3D-AZR~) z()XUauTp*X@4@x>%2T-OF>?0Xt2yS5!f-s&=4f}^}Q)scDn9>E!s22%6!G1jh+y%q*yv@SMz{Ad?Ly>DgmSGho zLKJ*J+%f*96hDQJB{bQK*A9X4uEtk_bG3+HG?cK6#PuQk#)d}Ug^bmuSgbxY?J2FV zw9~r~JTusbneZUZNPTFIRt9L-D898T6<@}RFNX()`VjiA&L?!N&izs+M*tK7Q1|XY zs$X4!1lMnmQu-}nL!R zOD-RHYJ^+|zp_-~p) zXo+2UYL29zGv=eMju$zU5s&l^C~DQK6gXB%KZ_DLWj~)y)nCpsQRe#VGd2DsR0k(Q z<*E?gXc3%27yJ-1LIL>YRaTo;uB+w=j)|#n55NyD|2w;u)Bh9<{&49f&B;$!-3h_ z7i&kgZw-aXtjuAP`fv`;sxe(Q)>R9;--9q?cMn{j*d1pB#;9+GhViR|zUnQCti@sj zyD-b@tq*5dwzO@q2?0SO-xQn*vPQwVBnuyTOQso^)9{!PY5)j@45g7COH_DxBpF$#j z^&|)QgVocHVA^)nRU@#KO&;k3cthREu6*b@3)qt21n%PjPB9TqIZGV)CPQgq6QD9e zW;B4HpjAYnJzu>VAo42DW6E(?4c_LVUG|7tg72l(g+tgjHiSVL4z=A))|DnRsH+=p#W1YyhBB7u`N$$3!8sLSIJHKhP;Z&C>t09+Azbi(@i7rsS9-* zI4^1i_!p3O4s`1a@}a+f;um>fUu}a3FTg>9n6!}w$vM5W1lz@fVm9E6%L|_1@d1I8 zb?8voOa<`{t4B)leu1(CFzR++M>>)HT zzK)(mn^-gW=lo40t9ZB3g`??#Z=w z94^WK4(=a^l(=#6IeKXikPl~XoS!jupGWyK-y=-5)VX)V?geD3Gc<54W($lnwTm(= zOwIQqXKKGt$|E?)WC63GWdu(~e#)s|*-cEY@>$j`gPBGEz#?B$ciu#-9sec^dN1w6 zbh-hfAiJ|}55^+LT|zwv4rq~4s9A~wLgS|%`LAS6#FL^&{_|oi%7lYQSK`-2tGLzk z6!^NFg!YYi&q%ayi1on~sZJXxdtp?pCsQg83n zR+hH}PYCc5IVZg2Q}mPoQw_~|+dtw`i zyK+Ux5O>~+4j?XlMduLrAJ{&CvS@b`DseSJNp>}Oi~oE88n+O02QNVdc#W!XZ7dic zRrCL4Us(uN_7#O4P5(h(7v-CP%1s88xZK!s;fc)D4$PF!2HdqCa`D| z;DjCk)u!U0wUIvKXP6Ept^1K&uAdtEB8b2LCe?5H{p{l#M{~J~s>h355mmsxJats7 z*1VD_qO^94S%Fs%YgKnbfk=Q6Av;AfdUJB>OG0nJ;I2zEBCO6$r3kAp(1Qvvdw1v+ zXn9~~TRzRy@*vi-H@@XFv1QzFJJs@%RHNlBU8v95q(U;O~10Q>T5 z`lGE8#7Qto~lqvNowWSjd-=l#twi2gV0&#dB-E3`cW zV>2+?k&e%}c(qc6$4&K-oAl&po*DW>e zrxmLb*<8`3V^c=_mhxB!Gc)tx znoM=WW3)WmWh-sw14t@g&#p7e*B#}*R{L+u<7oeVI^I8S=Hn*AFUG26zHxV5*B4IR z!`wpk#o!lrUWwF#{(eG;l#B8W4)DV&$#KGgW!Lw)h6jpA?v>*K7eYsLj9WV9+V!og z;s8`Smvr-^9bTolP^cEcq@8&SRnu>ulxB%iX|`9HmLD$8XYq49GPHy7vr*IiI8&>Q z7-+MNOc5Tdvu&x^Vs};b%7I^@k;rC*>aNfwI$Nr?gx*H9)m!vp{0mB=L&pB^tR=xK zsWdm5XDSg(RwA;SIxWowU`qj5FU%5qhzPo(JTa50Id3_IH2m~480#v8zMyk?Y7V&f zP?fN)3nHDoE8&=Sl|!f=jd(7nZnYQza!*mZ)Di9P0*6kpS~JhF2;~L9h{C~5aHwCZ zVJ+=sGuEnlj!c2=rM@dF@FEx~$5qkWo`XsOocXFTj>yLy9L&=LErSURj2np7$-|_1 zTe1wwF;6?DCOxbkeGY9csn9tP`Z%)!bw7Ry#?k`muD3B97n#wG%bYZDXzd+#=aDM zrF}V9`!bn*xhJBjHZrv@BiWZ@Uus{DKFO3Gp=pH3^h;TR+x132gaXmii~>gvP=QOo z(pp$cEp#m33eJBR#P$=*M5v%x$q@u>85C8Jmvlfl&$qV%zN1^4hsh(hcnpYa(m2ShJGYwv4W{PfK-uoEIKA`wUcUoz)FYhNI zh@mo>jKLf^)W1NfNB}RB29Ng@7GT&7fW1HT@U=@=GohbP9-9jAPp_*37oFQ2Ke~iJ zj!nhrx8F_o2=nTMHFcyUD)=Zm5?bgcEXZRm^nex)x#S6{(8?4CwXl&|kbFm`OJ&EW z*SkR-Df?Qyvip~U+JZe^azniaIOdq_=~Dmc(!3ODe5w~*wgCy3RE^1vG{U?v!x$R9 zbDu%mSRmhL|5?L;JhfrEOCEU&BHAn61Z?Fq3@3K+L|C3dz`0QQ7Qd)0RQnuqS$CO(i$m(ndDZhe9f}EQ1*?G+y^D!e?ShrhE}o#taw?vl4A8hJ>n2A7{C!=GA0Uw4-e!NW9+^-eG5guSZyvp z1j9=gTEb>DTEb>b`3nH?4y;-nh$$J2B|lI_kEyKfAgKl+^SIB0Y`9Jg~T?bB#TmitDTfVOCmjB3FE}(WuHkia(zKY)T zGPN8VW^K7!+bs`aE$@Y0*j0m`_>m)IlgR8xE%!FH{Cr%?nXR-;p_M=+geD_P*xx;% zXoP}3n(DtFX|sMbLXa&d$nZLLgtUT6<`?v4fC;jmagg2LcFS+Fmd8i55k}Ci10P#-^67229AYj1SH*UEV#_bF5BKP!&|02?Ei0Kb>4Ves;o`V1UpdfbmzS_E z=c^itMMs)zi){nko7Enznoz2aJdZ6bag(uL#A}TUiOJ$eipr}j9hS@R>mih0W^p*Tm` zld_Jo{U((4;3(t6oW_GRB-hWI;yX<10LqMj4??wFDgB{DsNU$RXz95Q>E0!b+EsDH zG20F@-=5$Rhrcj*q`QA$@JJ7s`(TUXp09xT%D94ah$1pP z<>GEh1BK|3MO5`a63k_mIR-)#3xKg1J{a+N+K+efSYktJ1-y$7O2FguEw`Q%vbFH$ zunpp{VknQWICXVE1ELhj5-RCPiq}FazonJf0*ZsL==yzPjEOYpnqN=?_{L;|g0_m1 z*23R-!-KBNWPuWo!k4XCKmjN4HznKr=jjywGmAy7dz|97_?#f0EZ5`tfk6NRyj--m z2Y$;kBG+M@FCLnU_o#hwQm0O>(^0Hbr`G9ttW&2ctd4-aFt~UqJEz+7bPkOkTP-3| zR9S>!u>r$kD-4U1!tmC7D-5q>C%_<6>w&Be#I{?!h{v`Y`vz#$@CK0<+wNv_Y`X!L z^{>UbD@h*bZsZ~s=Wa|n8`qd}(^Qrxj_8{T>xe!+En!4!$7)!msCQ1a=CpW}K0a1M zscQ!7*EPfFm)^zo>yPXA#>9SI)My~9tr&Q|h2|J|I=LNs4G~IYE>x1hpp&|}n1Hq0 z2$lDJsMSz;+nAB_`Qq&hGSb--0_iBY8(|rZo3URvY)tTW z?s9%#5yJqs9x!ieNIxBa@!QK>qnwSKtrWUx(F|OK)k7b^BkELSrc>VG5!?H~A^#+`pB);B% zOF9+L&S{R<{PbgL&{+AJdZ*h+{W8*zT^@xwmRQ=6H8sQGa-^e`V2 zJPP0?!l+u%sn&uzqwHf;XQWnm?X@5)D`^`((2t7O!O!*ZGYU=vX|?noD@Q%>^G)OD zh48cH1MRdNJrjPep`RJ}6BLwbYd_GAvC(w+xsHDJCEQ@>2~x=1G{`vE!r?LPWhlh` z_tKvJKv(aeH6`jd7ktT7@ClxOQR)m%q=ngm9Uv-T^P*h|>R9A39CH^6_AsdhbjY!et_U1AcIUP+jhY6Vpsz zOpad3Ulv!}@%`Fu zeQeQDrh@7=DtI=iDBSOpvE~pwm^Wsx3ZTfbro!u~u>X{TLt*zJ9M~Z>3kIggsG%T- zO8PJFQA11ghBiHD)*nx{#%4OCzV}T=LhM4_o`SaDCoY9XKA9J9`*p%=MgVB|^~ivPkuWZCSH=Pt@-S{l1)(cp zvw+DA;YAvpPvr{S!+!@*gN2avi_ZaqfFRrjvFHUz6GwEKfEIx$c5)c!=^qukt!0lJz`u&~ko5_9h?!U~9|q)`Wk0um!BJ3YCx=?bXLz zVYsOR%U?^CP!CwKp3zQUasDPY%llNf4=;BF?$!pko+NAi^APrV3QTn0cWI(GzpG93 zhjVjzoJB>!A)-X=s#%3&+_`9|xs_UPUt3f(z1RsafVO6aLx={%Eb3RIuEdr?)|T#u zidrRQ3A^ls<#2z!5{oJdepK)LI)mH8kerCrxYg9VhlX)rk2Z|HbK~qCaeE2_NgZjD zLE64=pS=Dr-=A=O8qw1cwr-62*8NOhKPd32f4@I|{Y=Y=Uq4sgW?4Vit9cmxOUc~x zGh08m?uGSp{%vgir1QvNBdzP_d|W^IruE}qiJTD5CP0!a)UVVG8@Km&OVL-&Ic=>P zYXdK+v{Q#cbr8FOLjwslvtOk-mbM;& zwxW|vFP@>sh049qS~!Hb0HoqZ9C^Xk;Z{dNBfK(OUd0q1=%6~Nk~|Nnvb2!i%B-@q z5MScGnnCPd4gFe@MUSPq_{dm@C54PXA$bWIkI$sX-z!+XLRMrkHl`@pxBC8<+QLLS zH80H9cM#sZJ2kxBcQ11vXlH$Ze>S!s+<=hS{CzZI;u8F={uD6T5|jJib*jDRJKY{1 z_{Rs@S-+D}J=jDRCcbEcUsQK8V_625&H%E^7vJsr4X6`^5hV&fbD^vQuzglP%=Q#Tc6+ z@6l3v{B0U5TA{U3A4IoF{wD>QK@ttJ+j4n9bY~3*3t0$-;7q*E!~VqK@jt8hpD?16 zaYWe4Iy$fXo{h*429&UCVn$sv z8%c;P2`U1Vc|MT+$7fyJ>zs~^S?*hZ1{%`$Ci|CAEN~hVKF+X2_5jQ_I(}u$9 z|M6S5K7E!-hte!H4q>wd<65y7r|7X%K1FNq;!~s=O9(#V5`sr3X6l4z0w%099#b+@#E*7x;fYA5_x$cpa}?pf*!^6cOT82vh17 zu3dN(AhK1wl+d9 zx3$StX8V|aq9A&J!@c_Gtk&oum(jyeogSWiAL*f5qlXoLOr(cuMi15h-=l|*-?Pxe zH+Qx{59dCRNDo6T^Z)}?@4YjQ9%kIxL3&u0lpda(j7O6oeGJwfMMKuC9w>q|!Ag$q zG)+EE0fN9MKmX27PCnTW=YO-AH3*gez}axcD;!Op!uJ>pVs5i~ zC;W{haV8aUbSuv!o77?N95Ov zxiK4PVa@@hMNEjn+<)vNuQ(OPH2+1F5AS89R86ms)n2ukH*(&GmviYw7kia>z)?bP# ze$D55%wM`sePcvlmN*#=_qyX_v+BLYjH6fd_PX=-0&l^XO54g0QktyUpTO@inYxX~ z!_Mx|_-ohnF~&bjAAd6c$IJ=jZ`3=-9st(9Pdy*1MnC5OSo1CXiuo|Xm84<9Y*KGB7?jK&rG)7W8;{n zgv2;n?AWh)u@5j1wZ~N0em7{F_Ni|dQfwX4OaOtti_wJPZ!Q1bbddetZVx|vz3Ywi zu{P2R8Zl#tq z8rw}86?&!TX9dz2h}kq`5DzhK^JPvC3vh_(KK*HGaLr&;I1`6d#yhlt?wH@ij6bwX zDVcB8qD_sWIbCHlWrraDOnKDsQaY=CLwVg#AUqgQ@mI(2}A4C@Adc_ zw&X7RS#k|A!C!p__vcnHeeopl;Z!mg5~P!Wze7u47oU_P!rL49TfFX;%Ky&S-DHcq z6AuH)itK|*=IKxbP&bH1+MSPdJ75mMn6W8-K0foY`M3|~<3O_cC=KiLF*R(Nk3V#c zn-3fh_v#(BsZFQu-VDlqn@n!!>h!MKd>HU;6d8P1dH}x6DZE4eaWDsd13V+S8t`4)zl4ov>3>F>n*r>?;wCjZp2P5s*OPkraw*8Njgz&AsF(L)}a zGn%0%XYx$T_sjzbU)*fDkICFOZ$b++W?3G?vMiUO|2Y-Zvn+=J;>m>kLU5JQlR;xB z<*AWA*S3~o`8p%T@~K*JnBy?Iqv+K~_tKLq&vRr1_F`|*)c8_&yoZt;`A~eRXN^)kBXYAkFQKgms8pb(1MZ;n zr_$C^tQJ0Wl(#Hmy2EDmf&<5>5twUod^(x+(LK)jshBk|Q$1;$h7co#?l1~k&%6RT zYFPeUXjU0tPW`<7b3FJPPSplUzMswNn?J=DdCDk)8IPOQdlOo@hl(Klt$T6?uQoh6 zwW&K-IvQ)+KL{@j%xy6x`~8LHDK6RX&!@zD9JSRRvMj@ys##r|P`d;0XwHZa|Civg zIwRivtKi8y5qPv@zaP{5#U=aQJMh=Q^JGHpcIvm7oef*!oDEy7&W5*NiHvnB4B^sZ z^|VFkY&e@70SA2sYeM=|bKgzk3s`_vl?gLdM}x%=up{_l&W3OAKh~DB;jSy%&F{;` z3#z`h)@_xwo%ZoZ-i_zgn@81ldDzYk|HdB4eH%MG-zx@mp8l9~eGN3;!pp^Zl>L>MXsRofnbb<9XkrDO#dVa9+Hy((Jt0`g}5w z($teJ;QZ$KdZUxu$k)4LvMFD${b9uJiR9~DH2H+{^?E1&ihRAohc7!K4sj8=^ESmOMtO9qh|8=NEyZ90;3 z)g5bil3bWkF*qmRh8GfL{_b=M2UFk{GvrSI4MbA@WPu;M>`vWX z3*B*O+bFMy`D)peqbBUM(LMu5eTUA5N%HOfs{GD-*W`9Qzw;TFbvVEC&l7*M{LU{; zY&XBNG_j-kofXlc4uow#d46Zt#P;($pE|K~`JKNljnD6#WWFRQ_=ZfTz83RV*`j^| zwo~?YCa}Xpeis;BFkA>8Ir3H8_6%FFsRtb413iK318I-XA`KrM<#07+P+L9u09QrW zVk%6OS6ba2uLcN=0T(Bhr(M^fPJ*_ya!K}c>uzo{GYcGNe-4?BrtNL(UzmZN?Qyi8 ze%h*|LeLUng9?G6!%ca!aR&k82&r0LP+5Oky7jj5t?OW_>K}PE(<)3dpF;I~jI9a& zjX1OZA>`lKn_XgJ(fbdo?=L4aZ-4w-dJ}9l$nh|IzbfCwh&3)+;b{zWtF#6lV-1iH zCPD+aJi-g9YEa9Mo$TL8QbdSv*F z54f7m7E1DHtHbqb8n8s!@%$lirUKn~*|-V&`~_pe{t7HPIk|)Wv&bfd?%o)SZR*H< z7v(kUeV6xFTJF2NyOQ5`XRy%3qB(^9rG$@ z|GcG-jr-TBS6xK@7O$nC1NbRmskunaMZ>>T=as%z?^ppI7KIlv=Wi!GUrRw!9UxSf zdWCAyH@&{tYp;lQ*W+_lmBp&cj#c@Nv%4$gU;Rid2JQ_heg`HIxpWKV+#20ALPl36TM6<5Mc>JeQ5j;W1nO+L5g zkYcUp6TNk&34*qQ5XHs+%Ei0#hW!ByfL9C(jjVa*WX$!l8vQE0$_6avRi1yE9%uJ!z$q@asrQda zm|t;(KEKL8VSdX;u=&j&(SiA0@^|Q~W@bEjI>uX`rf(JDM zX!Fy2&z%GFJp(r-XJ`ictY(0=o9Bv0uZ@dH^~**sD})ERIE!J-7TXo=tC{R%g;0== z<;gz>G2ij|Wj;3?Rt#K=<5B;$CMlt`7th-8@rDuH4=UrN#MYsBbEbg<;qh@Nfv7|9 zRBWK?aDt0(KttaSQ0+$dTll@Siy6nRdQmryRlI01jtz(oiL-yS=G(P{IBRg8!zL^N zgTp+htyox6ua<{FiUdkL2UT#ePYx)~2CGG#Q~J>GvjTfmMh;Ad@nREaa7}c>4)$O7 zf6=w=$K@0$Z8_fIXU1HV7=ejU!qQs(j{dOMQNIW-6^gG>9Rg&t79%eGI}e-~J8+*C zSV38ndhXq36`jRCkK1VWGTKtpb#we_ud{vCFemHwcu>%PAWA#Q+!yG#JUfuB9=vF% z?R7gekP|^mwYvXY{<|L~npW@1XTOCIiyo5Zq@kBE`y*!6fQ5hlz-M9JB!5mJApp#% zn(-F=^M+9U!0n(#O_j$C2S*L)T!7B|tA6Ml1;FS8^_Fw#&z{i|^*H?*7*X*c*v^LG z{ndXabeXiTOz2D66iq4kNNNNGl_jC0nH>yaH$tfjx6}skC`7NqCg>G&q~K@h%2`nRD*8e`R0~R2A@n&h=`t|eqw{B( z6FdPM)YVt8I4R-zScv5nKggtEA*7NlUIs>HU!z#GTUbQ9NN5XXK7MReq3~F(D2>Z4 z0IeUaPqz(Z9Pm;ASsvjHVjdHNetpt$U(qkZqTK+63$`25_-GK0D-28^g_+W;&?_~G zc`XEJaHEq;DZb_4XyjDuBP{+)xVR7nd2p>eo>C$m0Sb_(uJTDgM=<>h7OZ6IQzGyAm%Rk0xGhT zfE%dkmScGLSE#&>f;i%2I$pCE)B<)U77C$F$Om0GNkICT{Rr3NEsp3|oH5ip(QA@& zhw~q7ELS){N>wr^KZCOKKzQ})N$UPQVs%C#u&GN8LN2VbB=JPmKE0DoJm8^XPLa)D z$xgjxPW7Qn_^9v1Jpu4}mZg)4j_8wWI6X;Qk&BpI=m2cmBB+dk1IEM4a`kwlB2N-O z4c@6i`qiQQ%tY6}BENH1xPl1px5~fVc6)L9hYs_@tlx+q{)O{Hsk8iW91v(K<;*H` z^7WfV>$m&>vKOC|C>JT?D~%Ikd|AsPp3)gkxXEttzaCwZ@IS^-ya_DO8P5W<)P8r7 zXMvMXjhPFct#LtIy=u>%M7ml33;Yk*_0#^NsF^ZS%i-Isdy$=YP&u8UN$k?RNxWnL|U8`t{wk zJ7mK&I$YZHVXv6Ak9vKDgw)P+%iO0;-17CDPI1dG9LdNeo?B+APhS|vEiXvqmQN&a zONTx(+srrzGsb!O-*m=VKAJPmq3})}N54A5ubjUz|8xFIe(d;v4jzmAy6n+7`E|lS zTajNWn?W<)$>=pQ-bZ`JVDpW9;2g^^7AW4#uRT-0nLiYk?jPL7#rxD$Os4qgB?1Yc_W0S$ou=QOjXsYa9M*fcK>L ztcB%xu&k&1J(5yN&C~4{v_R7zx)GYb`kzLluDas_So?p$pxWx7M&Miv&Ga`Z-Ur>> z4*EdRZ)O~(M%4$QIo;sP!A|bqo~(V2fR+Eu&?nv6l<7W9lKK@J2#;WYu-2l{tp<XV z(;`Vnkau_0^bInpsDN--*J-vVjjLXppCC8immk3g6Hu*|S1OvKLOngJ8Ulul=(iC$m z%Z_1a5AZ4vq3H`C!b{7z84ng6V|Fi^`2%8L+ z44vIj4k0?&tg(s`AqqYq?wH<=rPo%L(5$BZVThJnTX3$%tj}?Y3V})SY|mbaz6%+v zc^YUvF|?AlgL$<$ z-2tGK#QoAsk%B4f5|m@vwHaYPbAdUxbiO4+xv3#_z=x#sCMu{e1_M1l38HZEjFfQk zy(!@ej9>!~OxuwHg(w%q^!f^naGruMFnpb@zL+IEs0ZhTOU zysebAdZLY!&&{<()lz zxhfQ*tlA4*cxNjk6o6k~f-hW&%O z6zX{8g~WE`KOw*ID%CvCx(PsN9&-s_+td$N7|XL=nS(oo-4%Q@hX?chBrschZSCa( z=*1^j=CB!kIEQY<>2u{^{n!kO!oGg|B(X2f1B@Ymav>&%s?5PK4t8s%b!gF)5*Mae z-S5aSZCpa-hOV8;UY-%c1dBq3(nOCX&G4`$9S0L*sNsN-xSrF9|29ld#z4Z1ZwUB1 zfJqNXOM2dV{}@fvx-0(ZO6JM}25lD(sd1u15ZI z7$~J}ltPWj_hkYMHeVWpGt@{AMP(yupp5FFnp&2tl^)8fS|cksPhaP%Axj9%&P_$I zYt<7j`G$jNjK%aRB+6I+REhEXXge_NIqJ|F+`~3`z$C*m=7GCTKJ=UgJV|f@>+t}a zn3xSncHo-~rG-s^%BYypz;Z@kKogW%@7+R_N}p%3=`f2r%QvL1$M@3e!Xa!A8^WLr zhgxRSP?lEV?x<5vxn(i4+1jt}eE{9CC=F$Jeor>j^O1p$SU z5PDe-T4S4InNnFo)=@s(C|Lpi1%#ceE1Ba_;+K>s`WWetS^m@c8)=Z7%}YzLT|8C( zwHdP+5f}0Vj}Hj+U6sn%E2HIzi{$quC?&Xp$FqPj^TGV-(iDW2@8=|(DGF{LJRMta zkX@n0EdMLf0+3vA6@uCnRD}v|KY}xbZ%0TrREu59*r>k$2Mj{!TO}$RjOLI~-^33* z@vxj_aBYUSml@t()^KofP{R%@V0`)F@jeLINkZiwCIYcBkYEbOqg8wWKI$&5zj6sY zFlRuTumCd^!eFR^F2?m6Znqg?+zUA267djIvFS9tV^gw?VU&YGv5nLwbbrE!Y&0Asq-$O z@>RB$IRDzBSoqhzp`3rE&`}W%A6dXxXvM&jQJQk@F4!$OJoC7B#Y>hTTk32z>D5h8>iao3lN!QTmG*hF=^M6BmpRxw|aX~Dy!``XQ zD{l!N2;e31N_fd<>a>Sprtl+_}A}p2)29^Y`Mu`3*&{Ya98+%nJ2GtuCfTm4hu?}UG?pS}cO=3J&dT@b|9V#RR4{NAQY8{2` z+kfKwqa(1aWSjeAj@^ev5qTrh`F> zvBFm!Ft70C>=%i_QpowM);rr2_v}3(> zklqtz$rs)^7E9h_NBAuhL0e}N>IH+2{)YU4A8s(pj5_yjZ*XW9ByiJE{hh}$I^1gpr-3er->=r**@ z=sE>IW2G|ZuN;2jcX-d25yU%ZbZo{tQl_)`T}_%Xd4t0YAMr;kDBI39fImrKr^z?$r8eSAJspvfoO6YQMiVYyLO-ODeyh_D}t*d@N3W;R;7p z$vD~}$)@x2@as6nPIJfY7~<@P-EbBd1~zQa=|?^SD&8I!FLa{QPdvII&JX-+^~UHH=gZp<0|4nCY>ozoi(*T9?V?iCuW5H+dBv}|J7*|q59e^ z{V;JIG(hRFQDH32L4Psu=S|xPCw6HcySSxA0T_~&gBjVuKW=U_JC0y8>i3!0n<{4V zBZsjbE%)t%bDM4czIyaa^xbb(f6Po80h5I;j=#YTm;m_ya=!)sXP^b1&KvW~qv@zC zC>>x3vHOi7U>j{^20~QW=@?~V-#Mv4&CjW)wws(9d&$>tIkB10=glNcUqqX?V5IeG48MOqHZYK{(W;S->hB% z4e7UB`BcyUW|{TINfrkU{FOZD`RY{rtYR4`@s>5-i8o)he_@sNs{P$tDfj^fYZh^e z!Sl&e8Y>0;Y{21>$7ijZNg5U+gOz9DG7&Le1zW9*l=U0cb2yV^Fx5KuwPa5VrWw^~jS;p=|lDO-}iHkCB{moR*w2 zI#7?VPw`sQOoav~q7z|UyprsGSh3rUvU%pu# zK8?Ii0l8Yb+ZLWb9t_B2QCREt)k9Z(N<252~G50BNM2P|t*`-0bvwba4g zdMO^T4Da_YPTJ-BJuF>@SHySu95ohb?m%3#6;47FtoL8Ez+if!(hO5bG9yhmyWn5Z z`u%&;)%$?}h;hL`NqG$`>Z^N?=q2OmuZ{NC@9IGNl(5tO{)x1IRXgqD`uh{&SiNfq zM!y0)<{stO$_)Q6YqTOuD$C}$a8Gn+y^Z(=%~}H2g7=K^82(zxAF zc$hK&ofs?r8{$z}Eb*W2U9U&Raae-lIMf|0j>RZbi7Dj9%5>sC6jKv7 zIx#kQC#Xra(3y$xGR@&D(xESH-%G@YQJzDBp=%tfxI(WKx1Ywt)|+7Ssj}UQ~du3zVzb`K zXSvrS?eOBI>>t#s2l0M3N!pislxwo+!h=g#H9kAw@hFpX!Tt+UHpS?=-ZwmvmNZKxP(i@qQ# z6S52TsOuNOkFXf5&xYFY`$hb{x%K`1*8GAktH1%k-HafL*%aMH+b&^1K*8ATjo8cq zJzi?L7VVvTfZ}r6MUy)*o02?GnEX0*!+hGPc>EOD@a0orq`-W}WQnIYg7gGyf8=f# z*r#fnON3RayZwDw^}~E@-#my%kukY|01pBRC=&d=c^QCf`$BMZz~m6PeExAyANX+` z#RHY(u^UP8(~I8WZ}<)*JeVS}N^=3=0El2yn|OAKU3AcR=x-!Ssr=e&JMkAwh3cs! zL93tLpl8}p)dQe6tD1V;aL{eFe#PA5Hp7uXmBtn+Ux(#FXHG7NUUq7o;{d*52jK9End)AMW({&Hb;xt5f~ozAs_?o$kMCs(JjK>;LLc62{-s>G7NUUq7>R z>u+zu_&eQy)z#+lcdq~K3F~j`&z&B>x&QTl>|Fni3FGf{|5aC+$KSdBZ~u3~_z!h@ z{O11G-)ZTe=g0T}^n7|8fq(-q6N6xLl6ujOK_LBfHLjJCkPE`JcBwHb{Los4`BrY= zR8UN{(2ZOWXRjDRs*x5Rt^s=4`|o7E7^7=DUY~ZSH)*`G$hMH7%*5Z9F0}r>D(?5d zMb_Wz=M6UhHu7|#a9SkFSHKbIBmcQxU{NX_YG=)Yo%8__jO++B zDgOMSc=|@rgEkXAHK{K`_h$9y`4oCML!Ynq;t$`3H^MRgaBhT}260eb8Dbf>~=w!a76T=C|$KSMz>57=Gg0`bQ{U!FNjjME;+Uwwv zcH$40wjO`@w7BlLKF3NbKqs>TaIV6faZXB9h*6M;Mw%FnV9dB)ps=ayjt4Op;<&7d zjxY=(jUB}ZQ%?czr$#D&;nR@x{9{7>33bGdIN7`pvyOwf6E}{4RqWIoj1)Qc8}tZ# zc&iJKm&gAZ7k__r~6jnvAQbpvP~s&N{O8QJ9z678eGB_cTqziQ>Y%7DpY6og133Qqt1dYSh4`W z4cHRgVh?SB$~Jn*`0e~}Fte!Xb}l{`u4VD_3OLJSM71yAar~oVpI6yt=D0Z!;9>MICaq%tLZB%Lx3_SY*F#4gZXyfDG^2~}4nu1^= zzLrD9=ywLasDA})0!(Q{37BW|I>X2E%|+Y^Q#WUl#+iyuUqVPdRzpa4XaY%P>^ z7T>JjLfJDm-Vx|a9>c~){XBf|NDn&PRrfd}&%;Y-_2#US!X}|oV#AnpwPhGL9^%8m zTZHIF(4modd4dMp83;mbf)zHr=G+}V_@n^9b`$J%hk1IsAL))C zN=LQ`cW-$0Dhr5pKXDKrw*5LxV=`hg^t6W7n}2Ert>fXt;shrTlgswE|HWl$dhs#5 zhzh0`+o(i)@g{i|1yEZii+0(5d`YMe_GR_EbB#c8?U>))BQzWF@BSW~nK~p3Vo^hpfC|swntKC`B3r&UM8Y74I~_R%EjH13$a?-3{@@tF%~0d5#6HG zq>hAlcvK3`aoPe|+D&hr9Kq(q*nRp{*XP>QJ8AOa*ZKIXmXShI{j4$i(ugO#DFk6BwWtF!!7OFyG8B@GWih3+x225croILgfQblX>&1!GZ?cO|T`!UxL9Oz=;9&Z^2oTlPlz5WJ;K%GexPZkPAOB>THBU_eh)I(UBuAc>l>3&h}gESE= zvTbxYwByv8=zi}8bz$>h_`IH##yH97HTBGK%&ho3cIRfE(-Jl_5npnOSH27iZgj;i z%Qle4{Jr3Pofx}5cf0j>ek=8};_735X-^^Lm$n3lwd9``ljomKFm0(%{sO0cbo|KU zVGUwnCCb#I7=U08E2}P+d24DeMgb#RF^g4~E?far{1l%sK1K6&8I2eIIN3-qZTsluCRC4r`hwJ5}5_z$S!B$l-(J z&rt*HLiLp=!^Bs9GQ?hadZv@8Ju~Q8XMN7l5y!G&5^0T8ibe+7j8l zsYDuciZpou8EeOYNja??$0Ut$R$apv#0*-0END{NYvl>@^l6jh<>|~T_<;HmU3jIr zWT$2OGlHp}`E4uvv$3~LW3D-1OZ={hyKLxy7&~DZu|;s$6e{=A?bI+u5ZejffneND zE!b1A1^iEfBm3F{y)bY+hBz$R75Gjp+9531hIEm)L#TWK|ESxaD%!UJdY#dn`28Ql z-@HOp^e#sJtHeuoqA~_1sin*840pj7pf?<4&Ho+T|BI+xo=@LOL(SeSATk}ELEa9*9% zW1PLDi-Y4f^c?EOPSSvBQa|m=fQj^n1x>uM{Hm#jq=QuX1(0C$OYlMc8!jc#wjTX~ zi2!L^r^JV9hL?l+OH;(=%vWgU(ibY{z!KHXw$qNgWONl^{D(by*L2~+hfpa;e z&pYDiGu8@yPRXZl27R`e>GMLLeQ)dZ*%D8m^*Vim$0k$8=I!zpwFnC+P^R>gSa%?` z;G^h}#hxzxN!btd*`)sK5YT6r=}wIo%-5ZbX`I7^L}_L7Lqh z9Ic@hNSgf!h8A@!haqxCt90p|#Obn28KcV^h#|t4^U9LYmNF@kwg!}Gv{nB#uRA7L z-HA!+hV;5J)dfKAqhfUk%iiyaR<|d&XOM3-Zr5(SV~x72zg|vU9nLHBhJd>b8X?fd z21UO9qH=x>e2%6R976ThS-J>Ym^?oV+Gn7QW|B$bzlN8~rG_B-CzZ0}1Z7a~${oxU z7sjy%E(1?_Vz<`PJDbiGEng-`>dZy^Q~1zszM(?N%aTw1 z_~m*&^`1dfHUZ{;UO3lyMJe1h5jOJOQymx#cP5@mAdH92B@uJ@Cm9K>Q*9omxJ7FufgAzlQ?}`h2leUZ6RqY4O~UTIsbn z#hNPa6$be?M@L%lhsAITFF-2DYnU}$wC^Nmu0w(Ui3&gu4Pu>|9c&roe+X!13(Ggp zgN)+Z0S!j zr4LuK55JHk<#ON$%rV_1a69|(Ieu8<>NS1Ds9xYcwu#Vy1mkkCqR(nYpEMVp07cU-9F^vOC^DZH_1_Q00(a|0d{CtOg`>LrE27u& zh6CmBN6LkxQmB5H3r9iwXQL6Vm^T-=0RHHD;i#^GbKs9|7mn&CRAP|Z=xMyMK!5n7 z$AzPM1k&M;o)?blDO8?HoN5!%3*Vb&;QgD@ihGBFocuCkzzNElyMVm!&4R@RPJ$D2 zh3YHvh3Z=h0AqKZ2mjnVT#LjDvOJ2CFj0Mwv?Op(gX0JPL~&5+UHLY<-5z!gClASy zAgmU9Kv>Pyh1Jr}nP&Zu7*boB3CEy0SykoP#Z@y-FR7Y&MoHBij5@sTvRu0SQ%V9U zvRTez4_~Hfseu{ha%Q-FB72$7nIW*Y%qA>I=j3?@4D}Jhp)UQ*LS5!~wV>9XX|+43 z@L=wGxVjJ>gAg&G1-s&O_~W`W1gFbcQZ=_%Nmam6HMM(5)lEIZ?w)|y?qFVMLKX#L za*L}XmMT@vOH z?WHjm)4<)xunT$04~*7CLA8~%lPM|{hAG1jfYcBRlAdP&9evovesy7u;CTt7d}?+T z#_?HOU_ODbm{$j{i#@?p`sjr+8z)eh8;Y5vxTmR$=fDA8R+jOA>33mx8Q=tI>Y@*i z#N3r2NK)`pc{0${SjWheK(|-BfFy*mrN?22=3Ov%ZedMH>G8V#T|8^;T~bm}f8cpH z0yZLFZAq1{F6`b6xM=7yy+m>YFDd?vK|(C&(c#B%-{Z(JW~Aaf-NKYwAF!|ZIv5b zI8TRZ%K=bxaoR9on35(@`!FN*ZnjX^>=0go-*uzeS!T>9&vNqndr&PBB1Ig?71Riu zpL&{PK6#DC=@)12-;GC5 zz(FB%6)N!mp@WAPTGIZ6l`z!4lJ?Prc);xOfEmQdpt83{SP%M4gvG!cez%#nD#>vm zv<3Qo6w37pGtZ0p@jZvKO;4DzHUggjmLspHYC*sog;ra2k9q z#*2TTMVXAosV23*R%|^KtC$N*xRRC)NB{*}D&{y+aHe~CsuUbeIJ5=+b%aCP;n5{b zLxWily~l@>z6((;Demm=j;znkC3g%Ej>QvpNDYBqBmTWmU&^df?Z z+5qZi%r|{Fd&!t@`a*A8lUrk&+?2%0y>6Uoa!;A9Pj2O9`l6UOjxUP&n{f{_N55_( zo;L%ThWkFhD`O3}ZN2}UP#>m&DnF65a=Y=q&Hb1Cn*Os+wEtzs_}@K|{u}xD-~HA7 zmnCU}$@~2JC&g~o%){V2G8X=u0*bszId`J?Gb0QlQ5X20<8nJ>>dsZQq-NLU^8<>sgemkVD+DYZGx#j?d3`*iC5D^<gTDkj=<>#oDHrb)8r3obUgV(c(I!~S~p$M>O!>b->6NhDhyIQNaMZY*kOgKEdoR(eNmm7BHfqVvY>&B^d)6Awv z#t>LwWOQRdTn!wsY^R6m4usFf#{zTr_qz(>^)s%Dk(c!Fd&F41r|4MVAn4eA z(s8f!J?H@g6C$Xnx0Z(j?t*WjOhF8boE4F&hzUQ3#h-V3?Em&D!!Pl~!mc;$q*A<* zznl2CX1*#~_-`&syB(~o6EtJ#qmgr;#f6d(X*>rMN9h%M4YuA}UnBXgP& z9o%Y#(G_*kMGFQ)i~JcEU*s~QJ(hWhD<-1#fSa3PJnHrDkqNVTL(ljmXKF;Mtoo0ce6 z8V}f+?5rA-g$@Crof{;L86b^6#XpktQGXE8zX-a~oOE>mqK&)JNhi*~2o3%#@Ix@{ zU~1mnYb^$Po*(EgaHMnr97S59sjw?M#Xodp7dVuGSJ3a0c?C_R4#zwEU70Q3>KjDw zB4bS@Z@d0n2Rm&^onOuO=)Z?SjHNm-MQDA7|^u&v}bdVGplU`{Z=%)vOil zr4=;SI!CW{?pt(27yai^P`eh)BaLEF^Q;`)#O?cV^F0eU^1uHFnc|P4bgh%Q0q*<+Mpzj3?!Hg0MJ0vTJ*I;A-pseLw8q zU?^>#J&coxBX`>0h|KF}QM#WbI$~gG*dh14_b!Aj zdFOV`A+Oc@;4CDDv7^T07wut6=H!vNw#ez%gE5T#t{wruGmPIK;BUL}o5~-&PXGNS ze&3J3d5{dS0c|=GGvX`7J4vB>@CLw_SI+lf9`C>n%n0DAA46CJLv^-Cz6P+?=q;+9 zJ3qkyQ>?y^#xZ498=J>L|YwuH*zH#`r*W_j>7iit!TAc<-f_{*=elS zIC#eXzX8vl{jI{YrtW_Y9^DU$`!g|-0lmJwdCfptBr(JqC5bDm3ZYj za6Ae$g8lh-K+ay}?6-j#LT=c+of9&vv}b7Z-KATX@at{8Zv%x$#!9{?mak-xF$ z2CriC+9R?36?2?}z(6j9216~gC-N&eV=K5PvTE`~26pCdAy4EMZs8XyZ$;xCv+y^o z8^f_!q#WK@_>~t7{XXCqOz9x~prHnQPa4o4W{ljgn>TOQtdZb|gvv~mhsZ102f1z`7U@JOu-9vLK5y729d&=xwW1guUffu7{q_c3~++?MD@1->eX z9-(qQozGB>-vGEYAwyWO6h1}1hJQ$@plNsXLkl=>MZbcR?57tn+xx%%&HYY#7n149 z(AX$xw^12)4fFj&XU4<$2JaVTHSlUf6RQnRsCH{1ueQIQd#X&kK=)KRn;>Z4A6|=! z)?)V7Xwm2L(B^n=4ORUN-X$LR$oZuK);~1lq>bUedvV7T9g(}>45 zo1u*9yaby3vhcBP8S13715;FwsyI@>?EOZh1YVKnmo}do{f3FOmJ*;_m!VWtY z{LiK^|FdRc0aIbb{L{VCjXBvq`DUkB_f;zRN)Bb~(SzJ{KlhhBZ5R4We&ds%6o$Ad z`WfTbg1=-5_)B8T-n=IAm(-G!sp`m2pbE4at@g^;0Vq`+p8C`r;uYWviS%W54TGAP z+bj*Lp)w_O6E65I@#kmUf%>Qw`vxUk88CmJR-gEtmIKOl%;mf{*QT(|0VRr~=YvEs zW|QXjU@ng?;DY7?PR`y`V?WmD$7`&zM9X6SN>2bB=HD|uG=7`m%?~HSYk2-HX}L?gxY9Jr1rG5y7)hlYr1c1n(7) zi1p;hxCP$tjIN7=r*v-;{GtC<+;|#b9&~vj!C#GgXjyf;p(3W+RUeq5>2>}6nEGmE z5m#R^cQz6zrmrPEFTH6m9w@6Z9BL$sZ`O)G9|34~>DzoJcj^0Rax#~`17{j8eOENH z?69Wr1Z~G($b|~6`}ZZq*UM}ZP*v~bczoSgn24`G)N~eKsWr**70=IrG?1SSWch%R_}O8%Tn_%U@A~Z9+;XAM{wd>U zwct;?HGpB>Kow?YW{e*(epYYdXI6jOhctdhj^93cdICS|ZSb=R+c-a)o|K=BG4Zp5 zoS)sk5Bb@2;AiB=qAK_r-BD@`t@(ALnK_BRAU?kKefUjZXTaJPOwLeaYAN z6I(mAzSlOI)_1)8j9sA!dRKD!`RuLj$j?_dTIFYre^ldw*HD}K)@wu2FsFvcIPB5SjQVl`_+8qlg}$w}a0RyTKwJw3|N0Bs$h7dJD0^@L zq{o{m{xQdwzMu->aiB@?_-;M-P))L**mbAGQ=vKqI-H9~9&`OypuYAIg&r*=?&I|S zZW!3(tw7~pZ$Q;shf19auh%u%6C@;e0-&w)H#6uM2-gwwWWynWu`3o8mfiunEjOeN z?-`Pn zN;+C&u^1$||8{tDhwkTX1?5%T{k(sj1(MN`wI_5x?|x{mWB2oJdA$So^Ui|i;_m0= zA#_)-J%RgqpKjA(Bh}peZ)RWuIwOPmF1m{!YJdmVn7GjOK}pZd*K?Q0(BX9%?CqYj zX>VVqI{Ra)KzIj-d8t-?25LrVKa-ZAeH`qO_)xF-9>uac_4K=PD2$WZc)k<=2!Oqf z%CY^3ym&<^wRhB`+qxz@Kp%%6!(;lve_6evXEPw6_Y~gj)|u37nmQkv1q3Y9_qQ<) zA(stp{$?C7*Ij02|DFwiX_wV~4-EpJz?u{xG@C5LOA#nx$|1lDn*TAuJ9{iT`fd*lCpdTkZFfR){ve_e_J&M@_ZNczB z2UvKZB^Yy5LUnfjUV>e_YS86FE!Z>!lZK-&Ykdga#0YUAKmJu8BA+>&?TppvtqKox zv4%$h8qn)Q55S`r>WmP4cpq3EcGska-Qg}G**Tca*}WCqEA~*dfzboO`5VW>oWCz$ z&2K6)=Q%LjmH~qCJ5JJ)jUZ9fcV%7^*Eni$QblQG*T|Jjxv>oBXgN&YDlyp7)jt&e zO$|8a7u^`Rm|U(zJ^KI?h5^PKZO=eP=4mh%CW%i7k^{0~gD&G=n)*W$YuUSlqiUbiM$ zmo?44541?Dc9Wl9$$QQDNQPR<&=old zh`xX1`Z;_>%k}eT!K$xS>pNc5`YHNSO!NcyYU}6etN$D8=U_+_`>-fBS+!n$k?W_i zf6V&%?aKdute<0>|F5o}#O#>$bLrnNw0=rA{}ZJvP`s`)SE6k=R<^?^idl_??7 zWc`rf-RRmDwI4aP^x5ip201a;*v$RwMBTMJJIrbzhgrxmQ9besIV^Ne^Oerjtrr}A zVEGgqB>Rkb!oSi25EiKDhuGWLUAesICz2gmN+*jc_%R9xIt402MkX-~=qke5`)q(! zxv4OUXCZm_bFf=tZQT$}J&4QOeDY%x&Ke3ClG7-u&3#$@smXrldi5)Erb^3> zDtXzg(fu6ngSI-2?o|=G-@fTb)BX2-qI7>02S)I)xh353|0HDXq@5i_EVX#Zmx@#0PJR=7(!5POpmES=qj->j zkb4xjK9Whp7Dh(;vEI>m!{HQ-l63u9Kf z>E(;7xFIK6ar%WSUb-P#G20YT#RC}#OwQV9OVbqAh1Jou>n&lA+vU(HxO05A^i{Sz zpKYSgIa#sgE6yu0^uOsF^-t&P$^Pm7!5_A45de7V-&q3{-6Te!NVVWOlBGzMh4@i3 zHq{)=ql&0aFMWfxn|WUQwF;yOCW?d7R7_x>DP#+o0Q-+$5hnXrHRGB$ZxTj@RJ zvN5C?dFYhYoVdzJ|N3L{H?F(r{6ybhef{IcW73Zp4^O$p*glzNn_3*#z8HR>wfJ8) z3Zb!8fK3Upa+S1-)bU^*Yce7pn?6w+US`(O-AQxTv{!xVWm+#~*(t7o0WYI*-0(q7qS=7(9owpwA5Ri!JyjQ&0O_&+l0UR}@TTG#!3B|12 z1bM7n)G+^2(n7GXwL$#`w?2AB(g>E(LcZIeD*qrE?Pu5xOrcScI(*SOW_6F&@laRn zM`%$O_GzQtOh~bCX$XsYg?>JG%GHGV&=JeT`&EM##3r~tbQ_NQ)VPPT?>7cP)T0JL z)N?Np0dCg0IPK(6AATuL5OrEz$SI-iR>oMQJllFHvt4ZXFxCAcImC*_Z)`cAfR8xZ zayn@EVnetZ5v!)R9;+tX?n@I5quu)ai(=$QgnE*-|J9fof4w9!GmfcmYwvqfkQ#=l zrN)G-3F&i$LfJ%P*BCIsM$4vIj3g;*!}*EWFWbVC>@sV3k^wPz65XFc25=`4fgsf3xd>nKm)>im9=-aA~1501mrr`5*NVESCO2Pn;=UM}R zMDQPd-ADg?WslBvUn*$I4ik2enr6=CdrA+$|`3f}O~| zU-PCgtED%E_j(9K$ESbMpc&uugOV5vpyZpihq7io54IrdP!C}|KUB58q~*2rY$b2E zR`O2hspn1Ryl6;Cj|jG761OE*y#Ie|{=C)JA})LqZJ{dsNvBz23-pUgkEHh-f2 z>Y@27H2AAuaB=?X-&rgC)r)<-Ta179h=MTqB2q;ileJ|()lzctoS3b1|4ks6$v=x3H>Jq^t+r!(S%FVGCoshgQ&~Kk(2%{2@ zIE!3EvfcYJR|#P9%m3+b!bV#m;zlVIL!#23O@Qr!q1^2B$OCsu@9S(>KYrG z5N{~2~ zCm_*s;&N{H%>XgWkruB5hm!5e;9hp+p0WxaHSAc6@n803LoAmzQOB3kdAW4dVxq#or5R3 z!{PtMI){HOp)uEL@hI)S;zpJMj&S;CLE>y%YsW1P#LKln+GR_%VqWB8>VreWHLzIi zj_VG1uVU;?Id;$X9B0uv_rHJvz{_T5eywY`J@8F3ZCs%a0*^rH!XLPD?LJvwZ_Jn+ z0Tw`8a?_q6i^8VRhqO|&XcQx?6Ag9IGx~**s2S@i_k#9WtZB9Y-v+6d*^B#RKWlvsr7F^rv<30$x7w$<#ieQdU5nUDujX||L(9+H@` z*--?^T+KiGna(ZzN#5K!-k;=QdcywHpJ~lM`<%J_GUZI`&eriC1^=e$Hk~1z82dA3 z*91Fs#r$82!@SepdzaI14SNm(<`?C|xr2aY6z&4{fZ=Vha7z&M{{FfMvKT%9NQN(MJOi`0cj=m>82 zGM_SgCloz2xN&|~;Yl9hSnu7%8$tD@*(TQ^**9()fPJ%M&uKF*Xq7wMUHBSm-7Ex~ z*WTO-?AQ$2s<7{FC7~2{q`hkMANqlBDsLpalhCawVWPu_hEJmt)RiZ#qKg!6G6&C( zh~9C(dsKW!Bpm>3<*v|H6i7c;4prxzy1x~@FF+v+^3E6xmEwy+01y#c>-?*mI!AAZO(eUn%YLpb)RE|7+8lglzvTCrqxCeR!jU`#bPV=rhl^}7YrC+SH3%Q9KP9k&Y~}+mF%d}cYn6M z=qqXEZ;7$@FB~fS?kJEwXOpBAw7+BR80Q~nyB{e5PIKlr-sn&24~c}MXBdmsGQY5J zH_17=M$->Xx45p7!&~eC&mG5wf!f<_b`1^EJ%I1mThzMoP>#{lKEX^p)p!{a#3zt$ zE_VK#{|&apq1+9Y>p#-+dx=edBkgr6U)b~aOUob7oBS($xzV3KLYw_JK2KvSRo=?e zH$^tr*z;>0%79RJhjM>T%~-3sVkrfCO(D0#?w6twX}~_+&2%+Os;co9B*K4Z>ggM?rm{ zDuvvI6^Xw9n?g|*u+P!YsqDW2ss_@N;`bQ(4Z_dE@ke1|u;P+Qf1~*~8kEWBP}BiW zt#A^?rxeM;+0%jML`>5$%vC25PRCct!D{F*v~b5r)>Au%&%a=A%oOaulD8Krlxl6l zm%TCr3LG~yQ8U=JnD#8{cC3mln}uIZ+sra{as&nrx7hNzp?i3bdylD1oMa`P&*;JS z|Dn!QlE#SiH5T^G#eO@0I>3k4E0*wa`$b00JDhOZB|64Vc~mzv6}a}Q86+{MDrd05 zD4@QpdCKxS_yM({l!axxBJS6e(nUJOlqXlkkyCln;QmW=_Xhl>f0_%lGU0XtorWaM z&%r34Bvrbs(Ct)xke;yfF0^I@T4PtX*_DrUf3LV~P^wZ+h5Ob=n11Zjcq_^GY5vm} zXXRItcMDIhU#N8ZawrEJ%29PmY8I7846;G{+gUuBLchfEmH$)2~^DI%SayM+|E z`jmb``utq@`;Q5EU;7}r8P;TbVCl5-_X31ex1{38LgpXAv+>`7`il%{?^O>s4a z^~U0zk7qr(ISm|0b||?xcDOW$Qj$vF^R(~aOJ_j4G(9yNyB&s8|0KI{5Mp8;PK^b4U=4e@Xt^zbTb@f1jqp+|jxmtLEMeE{ z%eGP8*dQok+{C0f^5_6lC|Mo(DDe~*ec!;0U`;6mRr=iMqH`C1F@r?$wU4&OXTVG(m8Hp>;NPH zNkF#0Ui1J2mR?MEe7?52li5mlV*JNoQw?WbzLu2OE=YWm8=6KKOb4#O1$E=isf9bd zyQL?whc8K8HO3N3s~KZS&~6&>;>P^YbMpIzA!>QO9h44+IIVV1m?5#KEQu@~)>ykoHh9SZKNpV*|0 z9l`IODfWgJb#nM8n?ps6$H3uso-anGeN&RQe_7aM$~3wA2H)Z<#bo3?)XtW6 zyhPa_>VV&g_?=#o_NnsC8mIE1J%69w{Eq*QQ=YTQ(sGiMd%`)AcND%X3)8+cZ=7;A z5K8r&?X|QU@eCvz_nhtQ9*ozWv2}aNpLeLg=WLGaQqS1}cX!l}$sl>dWSZMSBMb12 z-{3dI0S;v^$l~rC9Ej!#;(_lcLUrLy_uBiv8DR?bls4`=nbgxPTmwh%4@mYcZ&n|G zkhg@r`xZeCJ|T?Mp*zafNE`1zUtDpny1XAqxbU2{;(T>^U%dYwKbL-Q^?U(ZebJ66 zYfC#H%EX)Vp2NLD9r5KHo=QrVbDiDS;5E}|G|{M^=N!@KT!FhA%48Z{PR}z$UqPboWN@DU zq1}8IR0^frm3OGem0u9$FwM!Uk-1LJ-x+cI++uyOo|M;z=3k>fTc`}1nhLcLSk{5W z`f+&JcEziP0}wXG5+qhncNwHKWBAAiM~{eepyG-zFcCkfC|>nY?vcJ%?AHK#vE5|W_KJzj4pzjjV^)=8Lu*C93=K7ih1C>UAPEpCVQn0Q5QkY>Vr>` z!-%s$b;h^|(lk=)mwzHQ?e>Vh(vP%<>ha_c*h4+?r#O2kP1ZpBEW{1ITe9W+v#w$} z5K4w18@QnIZH8JaF=bPtTEb+%rp@`f|QAGH|jysde?xl zzWYls)_M@T#VfQsQYxPCCDffm_;;jv!xY88i&VJzO_aRNd~ey#Y^z_M#=hk|)g+F$ zXwY5TtU_!h5MGrxggP1MDMV+!88T$>&in>x#cr_wSV}Ce<>JyU5H%!7o`bxJoOSqq zF-ulHbL4*}E#HoAJBrRqE8oPI`6H38{rn=ke|~#M(RsTx8iL{DPA%zXq`-T#-BVBM zshPMap_$*R-=pPJq*FQWDEb0Cy)5z7$Du$ep`0D(C+&d^7u*AM9{?GKhcr^DlPU!T zd_;jI?7SNajL(yB1JUAxJoYyQ?w_8U zpv7hQH>L{YMbtW347y!$B_q}J97wJHd`p|5L@(rcNLP4X3+Ve5X zPLp-yj>l+8+SWrK%u;v7j9&m>JAwBEPHr;!pvaR?5u~NcZmuR(E=iM~IEaXnJb<` z4;}tH&f!cJ`5YN0C%7U<(T)X$NRlY6SVrV9*NrbK8CbobN3a4vA)mynd0Fu}!OzS~ z!o%~9qW#i}S1F@^v{^2yl~$;U`uwA$S*b)h2o;mjN>_5K!;Ix{T+V+-TAqi^4)aV} z`8}g+%c~&RfuLswcB;~X@&2TN_&wC=`#Eml{wc{MMyR&?OF(>*|B$y$Y-JE-%8BL0 zB7?g=@G>WO!tPWm78{K{q1*{&;5`dF5 zYSQZ7bR;LbEj%rIq19s<;e^hNZMFk8WCC+#9|rB|-wal{?MsxLCePZyZ3P_^%y6#%b}c-D!+vO$X>Kh zT6ukfwjpLEXj{Ybdc32MV!PCF6vm3S)x=W3GIoglhD-viOv!v_6T}c~M_{=T%F|3c z{W0T~-v}jSlazTQD4k#@b&_XGBXH^Nt-`mBa zfeH3!-AQlBJN{7I9fC82(B$9eT9mTu+=WWHMla>tWhjL%4#or!sSo5vkegWb)s;x{ zovB5V6i)K3Dy_nMaKJAYhN`a!rNyl5%WyyJ5d(Iwkixf|;oOMCB)o`<@qCf9p64x8Skd43J$6-GDW z&$uQmx_UwulAKmVG5L>vHl_JA#YnD87=>p<^kn*PB-vnB;l+&ghC363Sbh0y_lKjZ%IdEB1H$EK@@{O>P~zru@nPb)BstW_kK4erZ{ z3E{-??dxK>)M6t__)3p9-4L=l2Q%1a7$pUtEJNoX6&A#cIdaj^&~ z=17BZ9t?p-t&QaB?2K55Fjxmtho$>9dcpu;LjLXuWTQH|CX#-!&NG3lotFqlVlNQ>fk9nI$1p2?7H-1adCnxgH5+x?eIQ(UZa|RdlqMq zy!$z8HSS{A?^pMv&w}t~dkugT2!|!Yk*H^s7iCqJA-^G|R6>o9jl9v!AA_vEpPz#QI9}e}^ z;}R&sqqXOBg5>=T$MMm^dB}Mph6vblBWMk3+o*cb__j&&xEtRHV31 z!dX=i*m=V3B@ai%(a7PO2mss1l4lsp`;P<7)J{&EW-;cQg?!;!NH?}Pd^cSB=?E}w zDMEU4r8u4s&Dt^n6Y?7DUNaP=KFBahUpF&AnEk=F?Oz(eUo$KVUx4nLlpM^jSDJ3HseTLGfRCI zLkXU97AF#Uzz5DnHyr;NVe*L#zR_Th((C2$=p3{%OEim4%5c^S9}e61NjDqmaijKL zef(bbbW%@E4(-%BL;OH9^8@O<2XT&;>U8vH>^{Yt?_cn-sfh2B4+A31!qFP=8*$jKw}=)dcOS@U z3-%f0v@VOf?w8!t6l|(;b5=O(o`(l$lPdx#yKp@E`1&}j>(aP^{^eKSN5<^d6c_i<3n8*6A(IdKRC zS>XiA;(Mw%Ia=t@I@1MDUBkAuMEszBL!<{Sa!Xa!Mya-503R z&je712fx3VKAZsfhX%d}vPO`S(fdVQd$g|2JrI+a&%f5vd#bqWs1ULc(Q9?EF|Uyy zX77_gjHXo-nOuVzKuRVE{*0SW&$cQ7tEpLQKBc_M_$px zpf^jf)q43_q4$0lEp*a%kwPV{(DU8(LJjT1EfWkd1zep%aeA^I<1(P3BN_Zm`UX^G z);-!&3NSfR`(6;y6&9yyp>}fEo2Nf3i7U@&hYxF2npVBkSyVqON+Cmh&P7^$B2q4b zSF%=_Dn@){edDtY&zRL@at$f$I4T#i5k1>+0Hu30g(CNyS+0iN(#kb7k2bx2qcX3Z z?JA%w>f}=g?aD5DAZW4rm!0}ICdFM1j@ifGYIjeO1J{XwI?^6EKgepXvCgj90BK16 zR{5^24*weZ4pFUSuebY`PuzYE{5?CUxZ$s>p$oc9-n8S^4yH59{(9H}+EE?#c62Xr zwwHZ&^%Ts#@&4`>hq+!(o{S$>cEu{+@J~!s=pQ!im^JFL-+1nQ4bocq)KR;#+iBiQ z<#21xw6~kLIA@=(m}EAUn2+0MZy5)9$asHxw!_>YCp++ClV}P>zMj`p-t@&a?=Hw|R6HAqXJ4IoHH9=3RFB{}a18;N4e6ca^t@dXi1`P0t-#V)~R~ zUR{YlgXquIQ}E~7>+xqO{TX(ZTved`M~A_1B5^=XlsA2FYVx5Mf4?n<$9^|O%PJ|j z)fzaOWUbgzAW|jBo3@_FoBrsQ6M3BKLwg{UV1N5}zvchBkf{FDk&;zYa`Vi){Yj5o z^S4?n-YFSW~`dt_F>8K=<Z%sc$)N`75B%?v9D zGYW+1MmN)gSdBleL)D@~>eZ-)S{sxw;?Y`0pq7!Sg?7^5LqEBe|9fPs6J!g5Z1wrm zA5CDd=d-Itay6$+x(^b%`|8T1pW)wqyYVl8?_0{GU*hxrj80z;0K(+{`ZDReU1ieT z-CyBP!wLNQ1Yh34ub<)ZyxobEwmC#;=k7hBCsy@zsz`SR#qLW!z{&2e7XL!p?66v7^39yX>->$Hivb!zqnwvc7gna1Xn3!A^jqcPLvf;_wHLkX-atRL+(3 z6(9Rgp=gI6NjCK*ZtV5@S-fj0$(< zQ<;fmP5+rl009rJ&R_GD3>rxv?kPj4R8oF7?9}6JVBqy$D zC1kLK>7`KCH8$B?W|x*Ui7Ly%Tb)twnIyt4+!fzi&DDhDrDjAbn;E(Wf6=5;8L~+< zYdo19;dGh`0O*(;EhD$^c0&sfmjPwqWViDVLz0QCkgATE%M#YiG31129VD$)lBKjx zvdn0ZGH;(KWlk-IwJHy7y}W70@}SHpou+>Oi}>lUpqAIjME7G9D6(6Vm4K*_y3CX2}~JzqaB)l+>QhtB-1>aiJT z!kQB3WR;k7Bf+?e{?T(lGEb}f*bj`rv`6Q7w)*_fg=&qc7QN*AvwT6~@H^mX;SP2D zr9?`tkz*o_tO{+9*qP@oybQS(2MzRr5Vr;Y9=p!|_pFYxp4fN4IxQjk63GSqi^dRBg*JlLZq>m24f6|8( z{2P5(f-loYW^gTibPWEMJ}wQ?#<#vx&_^FxLBcz%?;I?rkIRA!=p#FLKYerw(hjt~ zYw%9`=*F(*)^`t1rjH&$2YvKpndACi!4dS46C6Sxy@Lhx(I=QsAAN&;=p#4SjXwGX zJJCn~Ujf$Ruw>Mk%$f^tM-cl zM)!pe;Kl(#PF2O(1o!0>iUeEXSZsy1YE0L9DbqOw+ktHW?LMTa!H;&q?qVNZtC=+L z_L9$XdwhLEGyL6wPtxCfg3n@n2FWoKK2PJ5cBC{yxeG;%ZK=gX_(74;`PDc)o7ftj?j$LHz(wvV|6nA(g7)FSuu zlv{B(Qwia$ebH37TUL%JC)y%Gm*z3#q;Ou^OH-|AzOx3(98)?L^^FkWKXT1p#n!10V_ z3tlLbFgG)9I0B|4b3CSFMj!E&&cBHQNIa9pTuONpjzxh>B+vAwuv_Ed*kqa*|7_mriq~7hdhec%f6c+eH@o97wv>XW6``@q1phH zdUPr~2sG&VI1C!;`YIn4vgD%x@~R!$=khs`1|`U%;BSP{%_0h&Ch|BfY`~v6I-8K? zz^&G^Plx*`Ay(DA%ca+oF1z-df3Y*XlFJgT%bGUROeQay5|nm{)GlfCE?Jq3l15Jy zJHY5-u_Gj+QQUf{xv^nPE|Bs|@sFLfk;|fNBm>8IZ+4t73LlzI#f-z+Jw2D#?jl~7j!f_v>?R5< zv))kMjOA6%<3yhAlm|LeF+EIb7P9G^;5b09FeGDg$bkX@gfJ^KjeRR+-WDnIS8-(q zFsa1GNV7T?&~dT$J}k3!b&irxBdYrOZKM;VQEkI*ge@>YxgiS;p|TXVsH>7X9N1uyh@oBFp_=mA*Po5-XM;7_o3iVprZaFA`4 zbJ6WFl;`?yl&3F}0Vu2uWKg_4IJn(~ z=3l~Y@nk4_LxKTMsMI=&wn*L(1I3!8jRT9lUoA>=_(=_iU2>Y(cMUE6};7CU+*^rR&!&fC~CzhQf zqX)_R1RFfo*z-TehMZ(Ke+*2d^R7;c)4a2Ahc$cb2oF+rGRWZRrd9@0!7~FPj6pX4be4;?k8djeU2&golQAp_1{LONb?IA z&zfHiJ&B#He&}olPL)ik@NcipyKm7XgQ^>-FrH#`tqom;TKCDm9`dFUrco!8x?z5i8F#3&_PjuQ zj`{T#3F(RguI!5834JB+M`V{4>yM%GD_1wCQs>N97xW!fF?`_WrG0|Wk+*lD-^8m> zrXjsl=_O3C`6#5Q zhR}`r`(p1&dPBCCGbl1~1EzHjo{&?MI!xW(TBP3@*;;01J{mOU<1;|>Jm(?W+eI}H ztB7>UUg*Ctb*t509eGMO5Jbx&{NXXwi{PPBB_W)E4yqS^PqHDA`96aCt3<)U_4w^D zQ>#?DC@?=69C3&p1Ye4u3&4vx8!CpIH%qH;(8wmDRyuPyo-q*v7o0GT1pcjEwR3`G zvByvTMO9HW!D{xYEcz!*%7XoAKAlf;Uqav}EOf<8Zkh2#4_Bl73J-4qRft!!<~WpJ zkrOQpjkQ3tgExmta4&9@eWL&%FD{4zyJc{8nZ*{n9)AU$CyLl>g-N&pdbs2!lD=Wv z5jf2_2sYi#g^7S=A{99?j|$JG!pT2VcCw0%Oa39&& z68G)lEpbW%wnVZ_RY#RFgrk-7Jl5~Nr##2V#Bo>D?UQ1~hH>t#F3c~)mfy;>ySvTO z-<7KZ5B7ZT4|RVE$eVut%?8u5&TpPGUil)fQDcM3Ih0yx%awP?#Jf;h^;@caV{-k* zh)1B)>OpKlWQ_&nOqOO4dq#a`A`wYog!y*Eez`BZ9jD30g9wRtmycqaHT(Ha6MGc+7^C1uh#8FynY;79$}_>nb-e=G$)0Dq_C7UM7U z4tP_|-ymfu$rX+|da^V(7 zVZctw3hT72T0Z--rZ8;=ZRFIlp@6t-7n|OY5UG$`Pe`zJN?0cs);l;{E|EFj+^}`} zfALY27A6FC2P_eUN*X`7J`4m7W zr|hTp+iSNqk%e?ujUTzupVXI}+lIF}^G`vBbPRw?Upuf3IhG3dK?=d==zU;RO-YUg zZEIIkVy4dy4)f{o9yvTdJG7b2iT$!!fP)fc&w*w+e-}zhm8DU2^5x`Ta(sk1!t1MH zemelcq=1-%?S89SK6NKZZME3_od|5s=!gcncRj!)c26La_IP`?oFBm16!hSjj`0ts z`6T-lx(~*Pv7qb=74!s``n(YArj$v0s!!EB{LtGd;ZWupIsA?lI?!-QZ=53gTuaNa zedig@pE9d-KSa!Xs_n~aO$03V)L3o^WAeHVpQ^Vi+m2hMH@8tMfp1__ME?~jcHfkg z20oMQK4-l)x*y(1sAO!m=M1bo_l3!!% zMJU#KmgZkGjhyD$>gh!6z;Bcwguajb0!Le(ZLO5YdB}AmaZgR;7?uQpkoGk=iW((v zEu(h7k^M8WL;YjqcLd)wm8=?Uk;68NLs6YYhb8aR?0I1pM1=R&OB*e?`F(5io?QH3 ziE_+ypcmdG&>K9Kam_e@YsUHg3mkZys68&mRpS7z6OFj4*HxVPhVJmQlC+m|6Fmn~ z0tawkZ`52F)L7GS@j1_KA36lPp>pIdN!wvn=rOwixRRSXtTa`sB#x0-fX)3O+`Aq> z0teEqX>~TGMoT>JLoGl@iPA*Hk~@Iz!X1Du+gd@_qW3FGR=K-a-)7UrGOpWfnx8M+ z0obyUQMc;1bur}VYGqb6G#G%K^d>!_@C9J&V$9XmkgJ9ZI=AE|sK`!|1bre06haKTY3Heu!-Bn~VjFx)L+W zCd{4Dij`C1lvfd)n*&9 zjWN}dS>7Sd&cO?KWu02FmDdml!oLGM>73C7-K6G&= zE7SKzKu7ND3qd)i+Gwav0`q2aY;NTjR1iDjGpI`%h==xZ&jH|FCY{GT zNtpL3F%w`tWHN!k@rqAhaSFaugtexyu!GRzz-2gm#k8HPs(ln7&DlnK+(xb{Sb!Jc zOTjShb}a|1WeIhwSeyg=@5oyFWYl}vx z>+vi;WNjS(GA&mBN_#^*jEH3yTh!ydSbBt8^bDLw__fc_0!+j_ z9%)-n#n8U)9?S!2=N45LCsbj>KM?d0$U0yiuwQAA2FW4}lYos7dm$=vi;9}s zQSj^X#;RW|ntT5>Dbni`l9nBt=Q5en0+N>_$V0dS6L_!3SK(Vu;m4fI`5`F?~H`MLWO|p)1YM!RD4EEvin}L;tO#nBA!O|)> z%Eb9$e#s!txU@JT&d834Gu|ILz!dZ$wLzl6Zh>r0_CW&q_ZUt5H3lrg0#JPksJ=w6 zT+_}<-e*MgD_ujoaU`}6MIfQL|NZp-cNhI1VA1=3+#>pa89pJ0L^m+L;M~!TT^8=f z^)DLyG&@i-bUemx>{U~!8{3dt^9&vF*u2D{cf;U8lnLul-Vz2=&j^Y?!z327K^?+z zzM?Z@Psf;LLkCNkTc2gN*1B$`A8kgP|Hpzq)! znMlwL&=1-X@|j4F?jsi-{^XQ8O`fMm=-H)yFQe-_B=)w(&eg@D2$Nr0RPkPx2FS#& zlR*wYD~92;W~Zt?tRX*iun<|QM{dNS1eRX3y z>{XXxZmx}!VQ#{8N?0k4$!2F3493&2nZgX5m*kkd;N3)L5+N#(L)Y3k1gdcAtKDbF ztcWO#BaZ^)(Pd^9xhhp=)C-TP^dBFjb(-lJMMeqrME#3O*m)QCReR@DPAJVK$^onL zE@sfM8PGH)UP5eT9ZtMC?P;=Iird2(n>W1ZHaWc2>35qe$i|qXZdmc$O;33mO~uE$SM186-VciPG$8Bo*Xn+-(}c!-pH^ zO?LRlB}yB|;abz!4i}!1v;Y(+((;Zd7;1|mPh(1;u_Ir3zJLbh18Z8XRk*Q}yd%(b z*|Rk%(%wqao`kyLSprHcNvpOhwb7T?kdWN_xx299EheGly@oYGXw-gB^=40VSII-% z0?Ox(cqqh3a0xLjJD7x4PZ)~0jbu2YCz+QJ-+#A-`~Fau=!@7v3EoQuc*6Hdm6Oxk z$UP!9cTJL|eUS8VfyVT-fRzr3ccT5ejnsjC!_ihP58!VJR^ZB^{mH!1Lf;=8M&Bhb zVI-ov0(wv6#9k+P-o$Tlm*dyg3J|>F16;G-A`g*P_P-J&U%l(i3Qxkwyz+!|CGWFX ztHs{1RQdA+o;0UC%{`@+y>LIkHa?SG|p`GrX>&RD$W2eY;Gc|WnrBj$?$Kc?R zIjD7?-h^y)=ROCHdT#KZvxd=H_v1#3?dgKA@hsMff@#DaI>cOr*1RKC;0Z%l{vr}a zR_o3dt5vGp&YT#AVJD7^;Cf?n3bzqA`CiOwW%8A<{Z8pz)cByg%ld@a)xpEMjC~Vf z8u`;LZB3ykW2TTlehQuWvh6AKEHM*WWY&(c)2Htcf=0KtU@69Kq_6%~NJA5fN%JZ= z#2{__|BIO;tWZ&!-k)28*tYIGEe6Wn32n3uHO%v|#?}d6)vaulS)JP2W(`Gs-`x6= zng8GqE|*(C%Jqir3ls$Xf`4zLM9K5g#Vo=DVwQ>dztQv)=0EN5tv4Xid=U*eWo*Eu zKV<>-H2+s-!%TfPIKCk0zL=)Lai`iM?+=_&qIdTgdq)zBAKkk>|K+)U-x17pfh*CP zweqJl>+%0`v-TVYyEO5?Sz;whG_1VkCn#FkcENKJs1D3uB1NS4Rxe5hry0771Odbn zj$?86@cj#l$Pcl!k$e*$Xa}HLN!m_pMRU`Rs-x0Dapj~^%kI?Rm+I80vx$cT)Qd0Em@W#oWnmx&cD+ zN-`@qNAIHR)M0oW^$9{M}(QV~R!z12;Wq$}BdwoGzWk>=6tBJs7Yaymt5V{5vR zil10s@XG&XdB#=!hgJ)_$oO|})#}d3S`OOiRts+V;KJ=)uNS*cEB4DPetLUbYvv!W zXmf5YYrU!;fhTXpR^p0Q3ys$YX$8dzu7zE&?^Xa8uvtA$xJKW?Y)B*8iKA=r1U|L! zV7zu}Nh=1?jZxY-HSXAwmR~Mjj7eIuicdpVZSvQErdL_P+>{ z)n1Hr{Q$?M8AaB6cQ49z0B#VZlQoWBR%Mq}oUFH?jfX~7oY}v?ieHo1=RYC9ZE1V? zU>$~sfT|tS^4r};d?1F)bGf26*RQtdAgG;F9N8hEUMW@81$l0uIOn8$RIFwEiIP@139|G;?&>KUdp*I|{p*JqkLT_BF zhu)y|6B-Z+z0pGty+LNsAxWnXL|uo-QM%bm1}LtpaTYuC0}BQL@NL?>bYSR8**uA2 zzJ2}b004-00Q8G<-%gXFKzJs>gxD2Ia3?#=)u98>O1jtUexwwjw0Ehcg_@(+_;`0F zgI|UcX{jv-Air`8xo9v&v8wMgT=hdcId^hasjE)+AzQloRkl;Z6Um#Ry9(G2;Finl zVuL}?;b6Jp1Z;BlbpW$Q=wNcDwFO5Y;k7wx6<5df|xcDzuxHZFRm|> z7KB-HuR42wO<3*YW2F0&3J9Nt9IhHrV^5J=Ivo^GFYCH`fquOQx{F zZ^iBR1pX=m`U_Yt*LFs8IWXUQtBmOy3{2ONBzw_ALoDu(aKd2kzzY9_+JDd09J&(t zH`30e7s#Ff7)5tOs2%;qnES1SrJi)7>@E%A%UmdYbjVNM1tk( zFc#~7cq|4LUtlb@6dK3Em1!IYwKO*zt|&j1;2Mhkg5%E)BKHX*4G`q`R}N5B9(1J3 zwpGQu`MwOfe<;xf^x@NV!)i=eZ2y?74>4HS1>S)@4@a@cjl7+`45>W8dU%h&l(s~= zpHS&7gKYnI>KpQZtUjXo{A``(Qk3TE);7j$Zf`?~*l$&Hp9{wq`#&C^Ywd#<6VPf? zPFn%3ihH*bpNo)Fbjs2BMQ-BE*yl3tTQR~E>Vacv$EcG@X=ZVg7XG@6z{Cg_@LTX6 z_eJlHMeQB_QDI6Q`WYGiowrt;sV?t>ueYAFR-COa?~V80OB?5X?>Ul!V@((-9jBm2 zqt1gx>=n8c-_GH&WMmr2RIuW}NGjKsw#&NgGz(!KwD~8U0yl>vi=13rJ*RPCm9bXp zG@n?dHf3kTqOPZn`bHW#wyGUR zeQV+F7I^au#FyvuhT!Gp1ya77Jb-75GE1YW+DK+#AaN@c%as^z!a0Zlv z4VktMh_PA;UJuDx!)R$^QWAuQorpq7xddcBUIH5MbAh$Jkxcv76V#WSb@-gA3|EBY z1^}R3Gezeh3!D5=l&sF~F9y{?BBwffReI8>RgN4e4n}3$Pc@9w5YQ3yZ(eCNdNn19 zJmx!+8u7OziH=BJs~;q`?4tKmGWH=n5eNo??4Zqtz6-4AIQh_Ie?y#;jhDy)bpxmQI28>!!$IYwZd7brV7+$ zaenvc%4;$&=wMT4GajX9+1h75MsDt-!8YfwO4iEKtLjXr;OTE^VBi zTgXpIVAuacqHSsT8qN&Tm_rb7CCS*M@}POs7`0G zlcGnAP+zqO&+Hrn?{Lhi3pn1C++1?^R-n!rMaIk`$mkz_b&ilipS~al3c^y%QbGIV z2JK<77M_&c(mGxgkmUmP@$Mp?=MS$BwOO0aIW5-5TS;;2gAQh1A8r{%6>w1n(W0Kw ziz1APv=J$Whu@%SCpqheC$ghf$+2tIRP(Aa2{r9Z!GFfhYnqDw8a`Xqrt(w)sZ_(-I~TDGYbqv4X+W9 zD=6BH(wHV7$BZzcmo+Q1Svmo=@W!I=@x&CAs1Zw^NLr+k)EF9a zDxHwLEm4Q4D+S$jLXz=$3?YePpd(RZ_Np;vOpVZy3-}ZN0NnKPhenv*Sl>@a(0?W7^>-Kx+wqLJ70>r(ti4-7XG4E;S2V zSH_!oK;Ng)(}@mVBmRtX?J0Va@$H|*cl3nTg|h{fM;v$_?3Bzy12U_;}jTqakRS?=ad`Ua;^`9ia^L5&Z#KBu$H_UirdW)7GRK9jS zWBC+^nX~kdWFdRs^~MPV<@Yk4Ab#Zq{&h)=e6HO@QAJI5Lc0#L7V}C~0A1UJ_+Cdhf zA#LC(`n=*V{;WTt4)pjPUb2ZAK`Y-B^NLy@!?9`OrHwcBXU>Z)$BK#<5Q?mkFLLpx zafn!}+H1v6-543KWnZp}S&!6e;an;JHB9ohwY0!+wmHCr3iqQpd+;Je&8AZh-#2UD znVPiTo_#sG-sZg=yWWgzjEy#_vAo#)S=R|#41U?T#%8}RXhH4V+Oq%iUTVGnJU9JW zV|WQwB03>`qXw_DNR@}r^fRr?kt)m2_A>>aPU#>2e!KR52EDIJ zjlLJwDai|I&usXc!KoPze4vzapB9 zOSKQ`!t-UG)BQIAH)@hb?UG*K=?R?nobDm5JS%9~i#wG5ux#EHKEPrC-$Y^bLLS7$ z16e=r63{aa^i0poJd09Eg+kZTso9#WZ@gx_t?uan`J!h@fk_J*FG?=vk}IMm4-LJb z*Fka!m3-FlQ6908X;L3SQK1QCmAI9=o4GbUSlM{JVY5YTd1Or{Y8pyOx@u(?1WBdH zKm2m4de(D3ylI-Tl4i}pWN(xc?_V;$Ip;E>vCjSlGXPN>9ze%$TxACm|E}7 z?=tl6^uTNGN+-N7FdD`$$Y^00ug`~;+!8G%uX>73e_%xir|NRVt8WqrnxaBA(m=J@G$g9E$yKSjP*?d#s*XsHx46>$e?J{-CvJ)ODWyI1yd2&^(Ywzi zVzmaS?ipB|kgAfVn3kyy|86;$??K@vdulM^WB^G(w!fKmO#L5nU<{d))^&j{!(K@B zlQ-#L`ptB`hXTZ%sutXu#wN?MpLR5o)tS^^iULeg+U=d1pr=};r|RD^KGi>>sn+PJ za$1zNnp3$`J#W*wmq<~?pHg#?N^rlc8}VK1+41&dy)nL6efXS?9GgFlT@kcrT0AJr zp4!w<_m=U>0aAi?l~9gasPYiSF4yrNC^od0$>kqUfxAuW;uf9xqEzpUJd=}Lml>aA zTQtcmPI66)Ql8@^WKlJKkp}j9O2?h(0=5k5rKbk$=rQ9cJ;jDOJlv9(WS7w)HzxZa zjgpO?$Tqu>Wyp{h;s)5MLW?5wD!(5$mukOS_Du%p&!f#i5mA!j$0?;%?2A_XuE*~N z7W9Ua3Taj<&b9bQ;$bqHQrTC*&HH(ehf7vFMhkK85Oa3f(=>HZXlL1{tnC-mSvfot%P{&oMn4vh!zstOye{VSG4;0$ zN?%Dod1QE@Bux=J0^xF6;)&wRvyq64Gm{0YNv)Y2le-On?{V!BtLK;+?7;0=71JKq zVEe z!zb-%R#O)y6sy0as1E*x;PH;BYgSWit+Biukgr4BYIu(G@sgdZe%@&M5&fgeL>*UL zxQ-i)byURGae?_tU98Y2KRH@U)fRwu_J|UU@xLxi|NfJH{Crr5t?roWU{kQMGov$M z??hu+7dieDe?tA(M~|sriuz|o>%a9U)ZhO{)=%`8d6Vv@&A<4K`sYauZUv_in5&*T z83pyV;Sak-`2>9xO-xo-PB1nvmVfsrA6PTMw26Xo&>JoWDp)WIp1=v&b2@#K#@6q` zUFJFx_1)F!G1XJEC0sjW%2iYL~SJL8UB0YTYuIIalh05p#Sz~ zEi!!n{136|9M8o5{zu&J?$2t!iLr@3F4rGN`dii1aAn<`r@mhm*7Bur8IIAdQT+oW$_oCvEI@ey!m+MTv~EaHcS1G6C9yvzAGZ{10qIxs*JQ4W@se7Or}Z2o zFE&S+o&)!u@TMHR7W+9A&gvYfsDdZJu-CSuW(U1mk5Mpnq(plD^n7QDavCUCdG?OA z7zbZ>O!ZFKDz-pP;(#)%>JKzpzsl%u@{c|TetzCSd$`u2EVYDsQ%U4xG+Nla*NC*e z|3$I~&%UtI6Z~NkYnwzl91j#lNqJ(_!4uJBFoZdO-p{Tji&pF5>Ay&b06R2!h+P58 zMbk3(kA^EcqMZ!|4QYl1a#X%G3MX;Y$U zX;TZ5D_XnX4w;e=ErN_0ulZXOEgm+MQj71=5RrfRi!Q1$)_SiY{SJSmR$Nd_p#jE( zC5D8rMH6OdrI)`F5d`_O)^f$#D|#6G+n-`rb5#CD#XG2L{*32Z?a@7kil_LE!qQJ7 zb+#Vwa)ZA$Vf>@oQxYsm{vQ;^JGieI}WY8OI6n!%jwJIFf~~J0q#pLBgariO0*23 zlKRU?8Ikil6G=98*3WO?wCQ)R=y`68cj`8b`m|`#nc4t!h%24W6C>@7yujnXH}C?5 z)%uA$8KqMHw$f+pd_<-mt1l=FJ|bqtm&S>%+SeNAqd)mH^^f$C^cxT{l7s7yf?vKG zyCUNH|COQtyZkMb4;@~P@4q-7`~Nm_K92rv%=s8se%2$=@~5tD5l{ASIDK2hlQq)k zh6~fDBNv(R?juHFdHx>_^bzgd_;jSb`<{+%uRrMK_V6l2WiDhEt>%Qk;H~l)_JPwke%Pbcrubh zEBCrkm#EX=zZ(*p7ko%He6W*5m`^tK6}2YLfjHolg+>TR?Y)FOJIdix?oWs0>W>#P%Z71FMo{rwi21$ z4iHM9NlshF?Afv!_J5=ti#l%BVt57@t+AL|JlzV^X|kuWmt3@^So+O&FnTjz1!NU`0!K1GW=sls8dreiYsBi=+PTWB(V z9_OF5zlTbqi!k}S6_K+jdCMbli*OhDfZqFD^i)g!GnbMSdCTiM^>@)dxut(zGQhZU z(H(?;xXp-v1`8bLj{94+19vUfc~z6TDgg)%Wg*Vsg}_NH%$93YvN%I?)Tgg{&3Cy( zm8n(rgyeYfl-L@Sot~m}cZTd6l}f7@uK-T=W2)*9kz?vWlun=Z0K-h23GtU=J7W*+1eozBcRxU*FV6j9Y;tUI!AZde1+V&| zkEvyzry*pI@EeqeB3rj!{9A{j#TQc2QEet&{#i8XRh0BHUeEE#{=&dLk!%npYcjQ# z>;;DPiDY?{Y=^0>igy@D(1Vgb+h)=cjnSkX>4aI(db$PsB$)6l-CmXG*nwDIlpPa-p0nmS@z|uL;;)i=1!z<($Y6`i^Z3J z{TyGG?O(pgUE#!COKRy10V@7a0iF)zElxc9^i5IdLD}&Z#LNq+5Q?J2xsrF z*<`3t2aDIT$xz(+SZ1sI+;zRt4hS++G6lM#0<;R^j@&>eZ{@EOOjc}V;ga6u9?Vm#S^dFs~e{w9vhNk8RL6~oP@MHyx6 zMP9>zGo(+);}I5mrj#!*5aa<|+L&(g95BoI<1Kc-+$8s<7^t|kjat>ov}%eOsP8cX z^_^ZJ`<~FiB2(&AR3QpE4)Ate1LYxP1W>N{hQ?2+GdBKHD9cDNKyy>d6O$FVY%zVY zS<-xtiP974-=WLUziG%GcYihDZK@uN;BC%57K69h_-p+{5qH3o5k@um`^c*{@JA1< ziL#Z`*R;3-UGn=Fwz7?Q5_S@L{R*>uF?6?K*Cg40`_NE2>1#b(r^(?DTqDao57x0p ze6nyQ4!xM}N_^GV=b;gQu*u}wCHpR=w-Anu(=~>3@HSLs_l*I*pc?GlJ@wOc9{iZ< z#7nz>Jb)}tvMp;;zyCQa{V+OXpslPX$MX~rB2AuMPisw66Ldy4=pRXQsH!`nS?0E# z<(`N7f-7k=<0~TL(|X2RqZ!v;FypU~v0};K1otJ;NEtL=3~@8=J9{qt z1N^Y=w6ypFTmA)T_wtvqO!q~U2bDPGdaSQdI6?E)`|#;=tpzfP=O6hlP$>IuVeg>>9sUKD z&?RMSum$JH;dfkJ?7q&lvc9qV#_KD~f;NRdlYKX9Ag92=DttSt`4mP9q}PoUH<LloYq^}tZL#0^iL^Vdb=ZYu37<}{0kzjjGG zT{(4b;f)=zEYEYm0`_C_$I{sppSKnk`I;Z_sRkn^ldYn-;lVB{ za>y>LxS=`c`K&W@d%Yy)Y!|Dg+a~XS^2qr%j16*lAJx=8uVLgjv#u*~TX%>#JH*=B zlf(@Lcg;^cf7y_MsMq3byXvriKmzf|Q>`x9=91^zV&#w;ixd6#VAvp!?CO;RiFa=U zxn$^pgTlN)DX?bl0f7YXqkVeN893z4g|{8BQ11!s6#^qs=CK|D(ZdebBKFp8=KIUD zK?XVKkiIO2zH36kDOXd=iWv9_A-8A1iuelSw~&+qITb<7Vn1zc~@G&zT)s+5KlfMGdZ^`iY{qt zzW(f%CWj>5sRsv>3=Kh3O52b1l;Jn;Q!6wMdiiYgn=jyG7b8 z)1*R!vfOKD*XLI}ka00=AMUD%Y^eKv1)FOSZfr~Ory%2EK0R6gyD~pjmpyt1Ve0CGQq7&~K@QZ=Wq1L$?vL#nxJQKtc=7Te6LKP~)=G5Mx zr*li~LMC;NkV$<7GA;ET{8DFPz&7}a2?~p$QUXE1ifV@*39N#bhQJ{W(F*v5jzFM# z{ZAR_lzKj8IE)$8poq6P8Xa(^s*DGrJK&@I7;bmjr!1aKS97ZOwDb*TaH5DHpbRx7Ww62HV&a7`kuhc3jr_4uUZU zmS570JoP(g;Ct_d@b&?|eMTI%ik5)`ybLthTN|kV9f}k9tLl*60h{2G_YXRSx4&>% zce#eXJ5f26_^VrLL5~vhjP`;{`glR;8E?hNSMpW8+&R0%UiIF$$q$mouRHVqIOy$k zf+hDz9lafRCq01L9^(Sg!24IHGAryHy2~l;ft~eUSO5UQJvxFTGz7m9vkro}WV>&y z#rr`)UZK?s^sslLGKkW}!+XTqBZ+QhT$^iX)4}nuhfm_W-gmTNJg26>Hn&`flv@JJ z)TV9zp9I`WY5V#0b_;$$(je`6cnus2S%G7`U1P0vtnqu6Z50bQ(^s?2r6DN-zANkQMw@4vi<2%xK}Gm*Y;{+nkF-T z-hx{Nh2|WvnAca};Q>uEjq#8Uvc>~b;$q0Oe*a_pN4noAFM&NaXn{0E-b3u{S z-j!1prG-A>j%K&K7VB}#o1TOpG{6ir69>CH>>m0f)Q1^C-!LyJx3jO7OU*a%?;*=k zDlb|aQP|-N_ylPUqJG8XucelwZ&}-Qe=Voxi?!b*xko*4y50LRsGgwn?Aj&#jr)gb z{#poip{ig=dj+jRg1umfDrC_rq%AYpi`Xk;f8i^1=R?=%Tz2C4v-Cc6RF7uC7Z)9t%U%- zt?PvVhUMwVLI8}`Ze+9va5FI4xDIIJBm~ySEC)3@znu;I_Mj8?1ITZ;BES98yddBu z^Q^C2^0n;+xdXi)K%*aMc5g$9+f4%o-y4_W~FVQ8{d$M+U)2dm#^zURCu~@rGUKzoOMD!@ODx_U&b&LVUcAfg9Xl47!#_%vrBTT|WAXO5$F1r;e6P-Gtph>6`H%&+~S7~Y;>@Fz0LtNEAQb+7kQY~*ejpz-&?ADQPyNfU5@ zS_;zX#nlLxC`d&yaIq7XwtTyz!fAI1RbESe?olCdGc14TzPg;(L8jFUd6AQ4S^zI( zai>?U5EuoSLT7?K3TGTO{=SlDTGzRy*D=2?BMct}vcP72g^MRGl#j*ebz2?M#}Ro< zX~r!qi)Cv0H?&XUW!RuFYZnjyi#AI1v2OWM#1H+w>)o;0t`YkuA!uEl( z?E^EfaA-TDNO>nt@n{uw#wu!zRdjbu~L@}pP+y#eW^VX8kBlEsgV%f`oe-S*d z#jf@`3#8XE%_Du{k=}<1al48Ac3R1RggL)(a`O_(RRy% zzQDgI9pTW?`LH@8X&p+kTlo$uYIB%`f1$m)LSw>biYyH~)>ze*V947w%HGo%)8B&> z5POo{;cv0Jv&MrI|6`uE-^;HU4fFK@3-BY*L;%Z#wcjn3*kK_Kv`k_T^046n(Hf@@ zi1E1n5vmI9Al&oB?}3VxB37MXqQ2!B>gO$w|9-p0J4p8d>y}ADq8>zBb@@WKe5<|< z(iAG4cSGoL9_j`89WgO&f#`)ce?xzyP0-lRo1ptZ=Y&}_e`Tk2_E$#x8y3Qi8>Wby zHIPpB>8rZjK85bXGvyVg{nL`J_fIXbf3m`+{Bqri+5KPf{z<5!eytb}8ZPQpA!WQ8 z-GyqK7+v}rVBU{@00+`S74vuD_KnEGU~}{q@^jc65rfw^N1{TCI2bcl;x%b{zrA0g z>r7IN!Bj+LS$+kv7FZ!RN!&xY1%l-xP)XoV)+!M#8q^mcK7<-nu(8M_`#}Y-6&_KG z0G|S3op(;LL(@`{LJq0ypstWZBI~TBq-fL1CT8HcIn%Y2=K;1@_D`sy{3CUY6VBWN z`9zK@xobG{XNbaYUx0qHKw6t^QV^)0z(j(N=B+6yCc)~-Ezw@RWES)>X;bA&><*W7 zWj0JK>LJ1s_z++!O|ZM9DQU1%L;-Bk;yl_Oj)Ap#(F7-a2kk`_8Z31JSk#1aTj7|x zu_s=Zhr%{J?HshWG3+T*T4VQ=p$}nCdE~orII^;(_P7(hMrpc>GcnVMJy?u}7k&f8}pu&E8O-wuBujko$qgUf3cpa@5i zykSm(y=u~6z#8W(OdQezWHRSqJwSxEN%bpKDMa(i0(fDccv<7^A}}a25FzeZ(RXl# zI~%!F8tzV%q|4YDo~GQMM~%R5<$U_K#aHxbgTL+`Eka5`k7f<|&{zMCbQ^I44$yn$ z2g5C`(@k)c)znK7KGw{+Eo{k$3z>Qbrk~z*diZ@jDLAgb_yq=kd~n>yZu!s=5{cDG;)t0{DwA-LjxwG~k84qSi`4M5)|8DT)*_GYzSe2q~n#6B)h}FVTg6 z-T$ONuYOlY{e%YiKOA4*Ci-+z-fHYAR;^dR9TB6GofGJx6(@=h4YAI<=j}!ALhIlO zwD}+P2eX1z%^ z_xIV|@-6UtOQtLDdtoWvE0FI>6Z3u%mOhHA2<84<*!*O>{6~|7B^V~TwZG=?7_#3% zzL8Z=mO4>Mx?sFe<-R!V^0(XX%E{S@=F}%g`!~0*9kk!!I#*t^_aL0Wq3LM5wInx` zg*Ps7zSgO`7vmi!fSwt`m}r_`mUcKkPl8ADd~#Voc7@+@OSh(b0M{~%D&<0?Z$MAN zO7hy<&*rra&kF6$`toEbkNB^#oDlx!bjClk^)~%}d!3r5<3FHvdIWjzB<`;$zS4eA z*3UxOeLBi`zjLC}_iQ&tU2juoeS`wC5ST^xLlRwCTiwz*q71{;dXWg_8^$}VKG=9c z8k`K;D8)O(mABP9sG&zfFwiD$X2hXik-O!X zJ&b95oYFtZg!W>maw90d_TvuYd(rxvIP?oq;!Oq^v@3(ag!d=)(zyv1Fr9t3H79ak z!{odltf0^&*|?X1_fQG;@Zm4OU(P>VA? z8)rJsadhPccGRX0@5(+)sB&cb+Y?I$`P-Ac_mYEXobH$RfjQ;!t!FQm0QHV0L$qp& zHRZj4t?2DkMIsUX_xMx>LRTHW90Q{f0#{IefMT3dVy%HXF{j`tq94$MxJme*E?I`0?T&tB;RiJbSwBLRD!BFcIjHGchpxrJ}No z4a=vssT=YB0o2^!8-RSK^-K|ua>3pJ?ByiSdb4HkEC{W)nBX}B5vqqWRC zzJIj0>y94NKUzG0W@tMM_HvqQr6O$%@5Gwq=?irDd<{N};E!_%H+EY@As{(*G^bV@ zQiIXd(ywt841<3#dxFmq?TH-S);As zMJ+A0no=Jk+kU9vG{}jbf{6$sV}TyYmP1A|FPt4?{}}N%Mz|=1i+Y{ZVXXFKw0?@# ztfMwct5fqx7KyhYyTH_C8_vb)qA`CTLU!^DJ#mgP@rN2poUbP?FedK6ME_XwV>a2Q zXR#Zz{GG}_#HP9Ifr$+34OwKWWl_4N1SofMrbfBbv(1#7K0EX$$k^E@TJ-y-=IWH9 zxl&WJsdX?^)8L{8Pa}AL9b=Qn^?z@nGJ4#y$$H$fe-J$4KMIrdxMkb69E%|TMyZq2 z^bbq#^kLE#!-pB{dEuM#(3t)j3ZepsizD62J+{`tX8FP2kk*xbZ}t|p?=2+z*}f&9hzPLp5vSXE&RziR1GFV0a?v z00HYuf#K;9h#z8^(c7*Lr;`nuwrF;(z5)llCcO z(mu3_hIEBtNRfuM)ZLU?SVZ1r2Eb``5gSb7lzz51yOzl{`wNQB=P1%Y9f|r5jK~Xd z^2dIZ(cK{TpQtZr)PK-<7~PvL*7g*ZVu);5L%_T;_m;@jXW-xRGP(yPmsQYpC|F1( zXM5Nlx}NUza-uY?UEOdP)KB#mGw@{u{vCmG1Q@LfmQZI~*lt+;gz{1pg7ww!@wb68 z@9YwV7Rc+{peB$cGOgVUhtbY7+@!j4U3)w1scx3s-=oLE}NeX#>?p93*02Ghx|K2mdKNz7-U)-i2bxqCM9 zB!TDn`Wc-*@{P5ifYGkkq+Y1iLDY5Z@^rOV@3G#|-ij7KR{1UjoVPY~yZyNM-}N7s zzp$I-J?#ypH1=X?Ee@&r^lO@PC@i=lPJ6y;%J1!|WztBHXlaaLPIo2m_|{`U0^n)^ zB=hwsM4-SOA#;=@B4mzoUX;u!9%eA|mKsEaG);Oi$sm2! z8)cBV{EFy9Z>o2+nd8$(wvLI{jL85KChF2^lgwiLPpGmgMO%DFP8J@itJ#-qtMeVX z!Rv)ROegTo-q`?7hy~x|odDp(Sn!SBYyc<4g75MU0dTS+Zt-;hxVGl&WLvGTqeOVD zraq^pUcX;A_G;Z%Lul01ru%i~^?M?S$m7yPe}@&;elW6tKQ-P#d|z8sPP_6dFff~h zy_#aWa&z&<3>e`AQHBv)0JI%0NnhZCBi-!NA{W9t)N$+RK)2*#ILvLeah*9}sjUZB zE87YOOVULYWeNj1Mz4P7R^ioe?GpJBbz7Cez8+oUm+oI>c9%+Vk)U7DkMzJBBG=}D zXzjR=z=_Bm(1ye2R$Ox$9CIwKXW$b;q0k&C^uzVWyY_Mqw=xy>z7D%vnVH_;NVjl6 z!E0=8*wMIQ{h$CH&Y)m-t_F+s8n^7Mc1zA?$d)NKIw%N;km-ax4mgY^xCn5%VBF}K zfjJ`hQZUK_Dr=~r25ebc(L7SYp^7(NzAEf&B1tS>fTduHhF+)II{IUXD$$T zIhZJutpt^T&0&u<@MoI6V&a^NiF3tLy7Y^Y0q`5}d*D;yH+i7(Q(baGD4p~tj!)v4u> z(t0=gH{mk>j?{Jwrd$mv4|B@CNNq)!G7eAyI)UX|>GwS6*c~Z*KITX_5cl}NR>-uOHg(RUkiT$lq(D4>U$*PI@b~rN%;-(Dr8AH1 z@9Q2zUU}xR{e4X`caVo)OKTGxHe!zFsqA z#HM5XeJQgI{=RH8WBq+?o*wJ(%Me<&bbk?D`;U0LL7y%h;jNMO7~}BE9=$dq6pKzqZK8iYE>fUt96&O0DQ&&MMws3lmlXT&1=gjwGDN}IB&>5J6iXBm2+rgw zi{xA_D#;tB&|?swlqfl?(T~Wh=-&#?RUKQZ**#bX6W`AQKte`fSCqEaSK8j z6b1b(z{&i4weMP7Dgwy*;4Fe&^^8l0qh`z@q>QtNcA|KyyfBwajKga*xabO1Wen-} z%52lF;Ask{D?Lpu_&1{F0krkQq216J*f+YRmsdkds2`dsf!-Be8B-rI#|A8sFQV(I z28wu}2pP~xH{$Oze--Vnl;pC@@$&=hp&PzvPx>$l`gCQl=qD-TP^hcspf9i{q*ykR zkpV8S*3W=6QkfqPh95Pnnk})YON#7b;tU%|h3PIUtP`K9eIQjUtYs0kIzGFS>i7nJ z)PJr!RvnFyy53kvBGjRz{)H=e2`hMMT@-tCrlJW@r1Kq@-B5;~3*R*n#zVpJz=hb? z&hZ7&N(-$)wc35vq?7edioCN*c9i~(T3Nh;#$5%9SzPZT*t04XBt(VZNuye@>@6If zNTBGEHoL{)JDLD;&YFbG+6d;eU|lDQ&?u;ZsK!#U?B+OBQhsU=A}mV7kLU~UaP*+j zj1bsJ2>MC0R$9;gk({gD%E%?wBQPtyV6}1$Ec9NS6=zNFa#pyNg{$4trkGg)tvpFM z6MZ9nQELj%NFc1Q*JPm43BH4+4F+a{F&l)bU|@K1rk=f)atAx1PpLx){Yv!XMP?>EIOW%pB3W4w70cUR1H%^)z;7jn z{(`CgjT%4vfUxwN_~H0VL}gM&vHyPHi4lJ2oMC2$uTRvOA*3)T{O*MaC%oW_6Xb+l zjd`T|zJH@Ldn`i%F~T81n+I62(1-%dXuE#S{1jCisN-2{lEj@vDt_8q*rrKicBtZ^LUCyiSmO3S#j%JiUR zZs|?B)hrS7frM3&gk=rck@`^_SJ?w8XPoeO3*JHyD{;p9CBRTC>#Wzs0SMHY6*GqS#c3QEdJSRcTDd z(U6p3)eG|!e^qo+K zp7P=(N_h;%o3E$$hLlhO%}nQf!LE?cI(sEKAE;7Usv+SjF(CN zKyt^$rt<>WxkJ0to}U<|rDTXnT+rkQ^_!PEcc$6Ctuy{z@TVtV`mf+Gb75J*8XK$$ z`ZS0`Ufrv&GrfNK;t64Xoc>|{q)g6Mr|%>6sLnx$L}<~-NUuAw#*OhVj!EywSW7$6 z?TX(s-m71TM>^f0$5k=(h)a{UW~rCQt@K#+;d1sqSbN7~INhKJ(<+$!t6=He`f>W3 z#qaOt{a${cAUUglg+=%Gm8bD;$j?mZ+yUJw&tkRu9r^t<*I=~oAk7P^S`3<({D|fy zKx4?Uegh~lCP2L?eqks3wqdzzziE9(BX(XeJiGJg~Y_$mJ~ODj~~*j!bA5 zN1F!^=$oglV!2IS0%bt3Vvm!JPSOa2{=6-DtYv*oHG1z)d$b$W}GAY9Y1R zQ?O653n`P~Uk_*tF&FIcKT7RI=|V~&SguXZ6;i;ULYke_va>= zMlT5RDId%$cskk;I5UC!b5#=br!7hE&){?1pJ#%_DD)>VO-#f7JOrkG+&@@#q<1h` zo%kH~PTcdO=)6tU=541FB9p(LiY-vzo>iUv{RG-Jvzwn5{$1O=nH7SY`NKTYRv<|i zhDk2NqjL~*R!uUg1tDX&rC})_6w1rz!!I1O=OB;UOfqR0Z1uoWVJYg!K#El+8BC?% ztReGg=^w3;qGGrdkI=L?-}*oDE@TuOD2ejJlr-vL94WznGQtucrbwQ$V}U!b4xQ<` zW!HRnR-Hqr8kFKc(y!!I|B>D$&o)pSme!|4`FTEbUP@=qiqcYvJ-Y|2E`h0oV2tlz zN}DDGC=h&OPZXGgy+b*Ju+$Ts3&$z>x}jvx&|!)-XKXg~Vq*6zYco`q82T$!wo-*; zyjt0Y*ejKm$Ek)Q*y1{>F*mW>qZ>Ia1jP9SnzE~Ze+HNAO<13A3lWbHxEb<<=6CZ8H?8jO z7ru@&lPD5)SWAh@q(Bku^cw=Rp5*EJlf^V$t%w|M&TkovnSljX;($bFZ9X5am*&R3{kO<~6&8@pbO38uU_^g`TrKSbl`MqvWGj}}APVEb$aE@fj|oDoAq&op2t`p^i#-Q3 z7(0&HMxdP&v_8aa>IECIdg^|?PqKp4m^Kgn>+uZ+WeI)qa{SbWrD#k7bui`Xlcy5< z8O@fThV|D#yWajf-P%G2>|KwlXO%Xj-@SrEs$g~M?2p1>hyUnF>~07pLPB*3BG=&4 z26IW=!ORGcF%IU4r?kP82E`xDyRcd5Ic+egOUmj)&Ewe^hXP^NaXe6#mG_}jGC^}NR{ECtswac$9 zDA+BXgLGTmxb#o>3*E6apB}K!x6n~oeEK+WG3t*YNhi4ix@zJd~&MO;q8M zYSe!vCE=hFgyNy14@aSjsKK!rPxZ8E7W!9zyfK`!6DK$>Qr0H7b-M=_Q7$c2Vi~uj zAOX3xSzB7m`cooVb>sPa>%Wj-eaL-z@jDFQN?Avn`lwDY1!-`Exl#{v7-bZHJ>vj7Cuztyfx#iap>w zHqHDhIrI|dl9tZ}K(T)djipeIoJCl-^acbgqZW&|>oq;7u?QHlC3x{Z?RbPAD5H7;^^EOL=jS`yOn@Jd;^0$8r2 znm>we0RKwihIC?5-yW8L&iXK0ghgR(sA_G-tlGdUPm+Bd>sYUR1R<%uQFQB;3*kLp zbx~e|UJagNZF!%rED7bO(-+Tx6Wm{ug(Zp5LvA@6n|OV1I1CDT_PfqiK?5#nxBBQ* zyfm{3A<(IAtAX1sB5vo{j7Q#~;gpg{&8(ovoy$qX47y+H8$~4aX^e1VP9K__ybQT- z;7NMZat2m$nhVckq`+!^`y2Hs6KP`r5zw^5$ZBa&6s}aF#SfiTRz{AE(l$rQ_fGg! z_yhzwHsh^sWZUUDN6D|6lG;4R(483nMxD1Z9Bv%~Nv{}_@Uzt`AW2&py0Z!-qY$pK zgh#-JAtEpFw38WkZJC~Xej+fFz#N)yD_gX>SyrR3L(M6bR&1C@Qi|XW%z5ZuIHr(C z1Y9HFsE7M@4&t&I*1`xHzxAT}iXNx>nxPAESNS;aD(R;(n|@a2Q!Tmz5hJhos0*t*l%}&lQ^^E%7$N3X&6=1Ok^{*N)qTOu|%1S!yGphrR*kc^Y|& zr+S4G{0HQqs@2<#r@3p**Q?%(>1|mV?j$7rj8x$SEWo;b}Fzxut#T&d;K! z)rV;Yzl`g4R5B*1x09B{IVN+h`AtAa3L~K(@K}8_lMAapI z>GC&ZYFQh6Y{jcoW6wtj7&#lVk@+i!Mc#gL18=$&0KQE~cf2_!YP_#mKk)#La#~1; zSpyn;*nJpOD*IxLrTI0OMJ1n(k6>esTe3=wB;LmX#)I&i0H%cn>Dvp^!M4!q9SZis zB(A{$=?=2Lb5;Aa|J;G31TS9kk~Cf!Fo?JmUdF#AlR5r##JrYgCqyUvT98X{Ft{Jw zay4>Kx4a7X>!P%~tLt#{=sH{g_bTMzP@xI#9{LU4i#sEFFHZQho%IXo^*HCC@OGnU z-R&OQLKomhU?_=SkTP{i>DNRmlT(s7U z{(9ZL2SP&k;I%~m1Bcs_g}^J=Q%cfd(9O3ARW@a+!Dw^4@5uF9m2k?06et90K;{*y zL~Cru+caYK{uxpeVpHdNrvo@K7JQfYQlTn8Db^(PMsH^5HfTqekds0`(sTu0;~nWJS?jwXPe94o^sDDesc(qfu(tSFCe2Dr>)81 zYqxqYMcY#}I48F~g0q$>XuVEBoR%Ebl;1kx!PLplCKE2dE|m{yUs-mM58!` zQFS!20o|cQ#i>~3h#N)8%M(sq;wFDOG4qZJHAM^6#1zukx%m72ptj%t>!)4p_j}N( zZ)CmeLMX}}77>ct9;cl@?QU<_s_p#CdmFd7m6$z*fq}J8(RoK;D_wE=J)QD@(+w|v zV(x}iy&IBs0n6Tv-l&-v>5YAr(cYL|&%NOt9=q7$b|sN@tQwJc&uJYQ?Jq-x4^xFk zdcsA0Io->6xe2i++%zq&TVAeT^%;4rt3F^@usrsvkNU|{^m%!)OS;yEE{X23yOb$# zI9_RxfD-|mptWKt>XX@hIx3xoOwvK4`*hSvgF+m2)+XN!(8;_*T&c;(*_$Jql+$lR zfdv6Dsb1xM0ZNrLoYG3%dbp*vELpCc!AkBq(e$|tnGZiC;8dRrfAJq0aUmN4yCzE0 zhhM40+SQ9UqxnDWNk)U7dJ=q6d1M_YCzqfL_?jj)#$Aof=0zCFDFA;UZ!Qb)Jh-LN z!A;QK#KiTuAj|n0*7rF%vHR4)D`Iy~ zakbE)KZ0Hr^(*B&q0^vGrOkSu#xlyYAZO?g@CW1M<-~3oX>^sqD*k$Gs95;127Pvs zoy{_|D>SQ^k(_c-wr*(h zGgK<{F&y(;UkSK{_s`c;p1~9mQcmWS zcOxmKm~uX(SUBb33-pwmFl7+lTY${#DP}J$yQL3C+;JS+|H=%5{}nKTAzu{P6IK&N-3p1F6~(QXZ0Cwqz$=}%n~z5+RxI>Fn~ttPwh zAJv`qjC2#BgMI z|6=wVb?kZYpU!VHJ+8a6qZ@7h2lTI9nJqD>c}OhlzomQK{NJ0O8vkBf^IxMUnh)OU z|JwR+JpT5Fh5yg_+fDQTi~Q|)-+Rde|Ifeo9x&c(!Hz%R6QRlhW@@QtXGW}UK-p!1biC1a zFObGmIM#OH^{qpWOsjX0s7#r!TFXFn0j7$17^JZEdVm$F-djqZo;BmPxm30__vE z^L2dCr;1&hBbY}W44>c+_bnOi51-^s$~n|}A$&BWrnSeedg;iW+8crGG5YG0*I}nO zL=m>4BI*EaW^ts@qzr`c%TFgEe1C?%SJ-#IwpZxIDLXUty+RYE81@AhFJO}}gFTz+ zzOCuQPSW0u-*?dh&7}?*#>KfGY^qQDtTnLaM+zM)zoFZUZ0dctc0`M<=sG|26Wt6p zo8003VBZ0&P*o?^wty<-F)Q9)f#Y~jR_&elqV-uaosBoxK#*X{)#kQU(q?|7LP zX0fRw%o0qac*%a8D5-tVJX^DP6pa>-m`k1E?PL#Xws%~m{<5Y!_KtIF(Vpm@SjN~= zW4`BHhR)*vQ$Vc0VB)2nWwdGB4Y|TCZu!n4UXaSj!XpQC;!%r* z!VLo7dXx{kAJc49fW>Q%Zt3-!8aiS`6J40FSW2~D1FDHH@glPFH1Z8MyTyYKCQhvM zyZB7Q)n>Q+2x=%rxlFsZ*o0NdWqc_+&kTLRy)Q(5y;3 z{V0evWJSapsBfU|S#w?fMVW{;wuLb@;72IO%l9s2It;iH6!HAqmx1pnjOJ$`eZV{J z3`9Djt`_;YID=GIm;ste|1&k34L`v5^YKTf5d}3EwIx$q9(j6tn=70kJah#fk!13h zWCiSqMT&!O&Q zTqFgKDI(*M@-&-AJ%XA&ASbq+Dx$S00rZ%_4mR`q4GXdxl%^A<{QhhE5ww>+nsR(0F|r>PP1_BSGT~ zid}@dP&yjikeC=ur1Lk>qavY)rqY?xCSn?(MSYB_S-l>xqey&+QP`B1cV3eXv51skO~ z(Hzi}q48vDT)~Ng;$gJ${STla&}Zt;ui*z$la7Y+3?e6dKucPB&^Bz(AliULo{v+ z`zq|J%YxihLI98YL0-(=#63$tmC5RxRX+QRMH zD)g0AHSxt4@Z>H2QKhEMYFLjHx*JY*-ptQY^Zi#A2=g)YI-ajexRY4eN+Q=7E&?G?(rJ(G}wZQGo0@dqrtBd58*H(fXvnqhblk3naXtgkjpk=F~*i zl;y8=z#&B+lId?8!2XDa=+ger^E7Gy6izvJh%W8#p%nAy8e&6?x(#&oQ-Rg2rf%rh zhs*ywP_OxEDBqeL&9EVbGVB_tH*haz5Ln)#8&m47vGSIAzaPCexumwxWS@47{8}I6|bXAF9_0?PG<{~2(VB}c*0%P#FD0K6CnTe;p z9KFue9sN$UyvD~Xh?89RYTRm$f1VOkpRby@dC7Qq$EBFugkBW={wGb}zk=V8#iBU{ z4;2a->eMQ$US)%is`ORU@<6s~D3z#_bI>KQmW9%M)wFPwoY(Ea>3#FjXdP6z!G~){ z!Ue1bTU_BDsv zzG`O2V|22UMdHe*MBa-`%=ylnx{uBY;)DD>p;Jw~zm|K2a$!Ff(NC1_=SWq}T9s}0}_9OA9k9CV!}xRdL=8} ziaitKuo7by=$$n+4O<7LX6llY7?UDVL4bzq+>@fXjy}nZE1;6Bqrx%0QhS_4sPu)O zsDreB_htuab2U70T}0>{ATr?Uc)T%BGBZ{2EE|j>F8qe zTvy)FyNCHkkJ_?$D5!rPP1AiokiCO5r^Y39s0uCK-mgUIYScMDkdg0J#?-*l>xO6a z;r8mlXj|yZEth*u{l}LXmT;pt86?!!3(!erR)?XnCFaIp2Y>;@)Ahz+mh^(W7l09C zYr-09g*)RySorT97RH2iY7Gmpz1{$10B_wS{X6w5PNL2 z%r{z@88n7&W#lFFl^Cr=Ngb{goe?dXs1;S7B~qu`4+qrKwnHsSGUnGDXrvB+X9qe2 z!eTBE=C^&3VUZ_i!k3JIuR6={Rf5*c2t9wT`s^1G3`?&3Y1j)p^Z8ob!Q zzy|%%faYt{_3#)Gk2xnn)?)vnY|uqL9I2=%pKA6+YtC(bNpAyHscJSLPa7$1n94^Ph4z-qPDLGqfiCn{(`F?L)kMppGJ<*lX%tpvzs?uYlgD)hw9%e!)&*iVt zLru(v7CI1*VUZ9 z064}iU~~v5R_G|sqW6ao<_j!J#ze`e$eLZ{w_x0Bt5XgZZ zoP_ckyyqsnW@v#gd_3<%=M%zrLnj>)%AbWiE_o5GI@j7<(xKM0Sb5rCZ+C@1K$koN zDZYj%PtxOSG+#yWHEREr6j}FR%@2J5Rl?*=C>f)VN2mUN{HkO3_uY^VC@yfxo4KFE zCDTP^c6w_sz$aS_e^@d>lrL8`-ZQC1D|RUq)A0P%fM+J+*`VPel>Y@R$q|>(8T9Q- znAq?-Bbu1kwj>#Yg!~i=1GLlrLStHZXkUc>mBl=d3Oh}yiO$24d;r6s>$U2GfPxrq zKyA_}uj*|f-^k3*jQewQebJCor)VLiV#ZLNHcLC;)#@t#z4+~4_g}$p?MyR%QT|Wz z#zlQ1{^NiBEh;>msQ>skddK%4fB5S7{^Q#=kBRz^PndaZ|MBCByYe63ex=EOyfnk) zKOVLo6=wJG(I`&|7|z3uRwjyPH3kX6aCJjKs1p4PS6fPQ!J;I{hA8NQ+kr>1a71fG zAMoUZ2l+r@I=g%?#1I<0F$Q7l;Anodg0Vv0hQf3>kKT%yAbG@(PoTT|ZZn3F(D&a5 zu8bFyK;PdPHg|vN6>oDV_lj=ruI+W)&0SV6+T2~x%ec8a18Bpzx#RX>-_FzhBS9H&CDOCjU=$=7L z!?tL@G?7^#N0R&q>EJxju?rRV;o*U%VOPV`fGtCdFbPxn zEK1s^E}Mqr@1XYv=V5@|sJf*a&`hI)_p)w`L9h#(kQ&SP3gzptr0i5(S?vNJKO+!3}+J zE?jiAX1tHy6c{i6TWBildGM{29B55c1e~aUkOyd{Ax)dOQAAxtdt{=3*ZLJIM13qvQ;MEFiN$MPY z=!rTVc;MZF&KaIL1pG=#9oHk4Wt4Hkd6bZ7NVpjj44f$^Dax4=dPF#rRz&?yW75p! z5MS850kX4t8DpL($=j2$A+qedi7zp&2S{idKd(uSNCYm1JVp>~C3G=E9>M&>_<310 zbqGW5k3xDfKTTd z9)(B@NkMGy;pbja+-_yak)%kSGa2$-Qly3n4EZ9OXCy=32T15FetsvKpPVNt$<+j* zh#AQY31WV}+LXLHn))q6MkYnD`j{aPMIjvVEO~LXl{E~xGn(glhFl+oAdkdejX+u# z!K)alq;(#=j)hm?j!JSKK3oY8Bk*A|a^h$~r-25OU$;g$baMZs2n~|98YD`PqOON^ zSzjQN4S>-&&trG3WP#*qd?xLXl3Iz+>-hO$d?vrdN~(g- zOZa&ye!>m#5J2EE29_dl3Orypwid#}LVOs5Ydk)H!ZY<=d^iUl?!kvq@KAyee}soS zlC=3fFG-u4t72O6noYjJ~7D~c!-`|nRe)gVbGh{GbAP(Fg} z-Fq}7Wh)luH53bXG{eIkhu}|ZTd}a{7YYcP)d3rq1fgsY+9B1xV=I=< zrKXF8cYXj3C{!HD1vvJJlPjT9u7o(b5oSC3A)zKoNr zXQx~r$K=umD?K_`34$L)fUv%V!Cvf$>Vl0JjzcJqZqh=1G$hQ|@{aj8cr)%L6WaMcW zuvI88hHs3B0SgT5%@A2MCL%4=NTuncP=wEF`P`Vo+*?o~7CC%q<=#j|N476Jt%nF`ZKcWoQw1 z4Vd$x+G<+9TKPjb>|5BL;04SZZCYqGP?b1$qpk#=uK>Zk09uANr9}zAs;NFVbkY?E zg~f$Qq(6~BO+Jj9MR`6Ov+agI9u+>=gBPEiu=>J34BMt8uYk=M8pp%qdA|+EM~pd( zmbbXOCLedAgoqUBK9@<&gZK{n9xsqjTfHV#?G49B#&JX?G3;iMiO3#ZQS2>*aa=}> zB}V_Ic{CIOtm63{uH;ATs0azD? z-lua5*!itQ6JlYVf=2Mgl7em{WMwD3ND3IAVj*k=s>7OvlmIyw1mjJ9+s$w2i4NW{ zm<_sD<2Q`oQVgbE)c*<|1s694wn90e&PMV|4vlPLpWzCcmH-rghFH|k|ABLv-avmM z2M9+y27=6jCuQB<&b zwRNA-SNMu!l<#7E^om|ERdgKx=JYWuF7NE79OUz&(5r7+b&aLT)Twko1yRyHe+!Gf z$caQfsQ5a%;sS>(0a!%(T}{Z7=qgHi+()5uS&k=@!FdVs{+CS(FarCSk6vr(5k zs|d8>b38Y<;6S^qpXY=fo5(+s;!)AZofOvW9Xxse63YJv=|)&rScGT9aG-;$DVsnD z>uUTpa6sICl0z8(4t?rR^r7qf_-jSSa60 zsf%pT33uB=hsdi*^3AV+RW{f?Yu4fSVoAib7tPRQ>tRssrR3xOBKe<(hNE{wi@5%t z8}CfN;kuIRL`ggimk(Gw?N|q{q4*oLR`h@-y(2=8qR=ESxdio-g;rS06IurxbO`eZ zf}@cDU~5hd2X2v!7+y`Mlr)V}=vNxc zEE2zpZ>uJMOo*@s+yT#^0l)J{{Bic=@J1t?bVrrO0xMA;9b<@hME5-nirqF{m{7G| zetC?haE=YQ5Ru=T%@PIP#Np!#kmf#cmTxP$7Pp6YrU~nMqp(^atgCe?VuF}g%bPst zp_CU*ckYIc(dN}so>!k7yJvdJ;?@MaQ>J}tRS0JPpR4NzgIid+RN$#nxLMWR^JRLpaby4R2>L_ z;sU9PK}cRWqMFnw`s)%x&%t;aE;?K`if>3H&-^Y*d+&sZ_6`vV1|~oaOnz&}@r~#h z`PCRJDj|Av0sBZJymLn(Tju_m|Cu3jiyog?Y6jCzUmmO{kHPr&dk}~O)LjqZk5I5< zijtJ?^4EY$p*A!XO!?lEn*4aso%#>l0O$cOger#}wu26#UaSqJ2d$+Y`#^=cXhLZR zSo>NQU8g+!&F*m6e`JKPw1YacUn!{5#Ont=ELyjN<`D|{J2Hi(e`l@jlT>%#3ej2{ z{yJ!_SEe2PtKNgLZXMPHD&DQ!JLn*Oqpqo&?#KV|c&P z4gu1Ha+KprJN}oRF9mpL3?<%zzCs@=qr?yJdHKKT`Br=`N3t*NxEr4X{UCoZy*@Y; zni~ofE-c4|ytKmyO$z1v>3Q-Q_>5cC(3iL<4X+QT)d&052M5&$`_wC?pVYI1ud+>) z{ri!a9Tm$Y#g=w_gO^Ur(M-9t<21tHF?zm^o^ex8`qp4VeK4^;*rPt!vp#665B91L z_O1{1s}G)0A55taX4D6V)CcYL!Bgvlr_=}g*9T9o51tNa;}yV?-lZLv0XdY6X&oCB z05}-BswBI#;|BPSlFZhu(vAVs#qzYDa57OHw_duAndmepv~2uCVN zYCv8G&|(x!G2u0GxDxt;f#CzgquSk269bbeCtIu5hTdXenyL763@jv|cK8#L7`Wzu zF=q(_KQ{rdWniuz`SD0P)a~J%&!!TmL5m>j=n;c5SGcfxAqtZ)D&{2aNss3Il&L)%h?3 z4--(+`-dK2;89cYn~Xrcq09CdNU^^L9K*n?+Kf3f892So*!n;Q&S*0>bo4Vmqc8zO z3><9&e#F2FOm%Ky;2+wIo%~k@o@**z$-q}kc={N)nSg^d;H?bo`4a+9(ty($*y|@_ zaR&oWHUZCN;Ke@~@jQuvnLin6DS?6MKN<1-em4Q_1k?^%Lc1B5V9Hs~zyqc)`a1)^ zCSY$3_!I*_F?C2e13zpt62m+OhD>$NV&HBQ&>0Vy&A^=|;3>w|^)c$fz(xYH_k-Hd zPoElqI`W@0@a;BZhctd__)NW_HyOCgL?J5~SZe}SFmPX+aX9W`;K!yqXESiCskn=Q zRi>OH82B;)we$DT84P^B%{XOx8-aT3zkEW#r%hwj!oX#whTdi1y(VB41HayH#Pfd` z*tXx8^Fapw!<6$L2L7<$I7WYB;8**ND0vw8k*Rnt1M5r;oyEXSraJpG@bCML-`?>t zuUy|7>-+};Cx36O^Fs!X`QBK30|VEaa=y&KZ@)K^_X-C7!_?6I4E*?e<7XB#@SX3C zR5z7@Uzu`_X5go$*3V{OgQ=kb46HWg{Ou!N<4ieK27YMDxr>3DO*uC+@HGJ9>l^&~ z#`i|v^)v(5my#LHjtTh^1`aoM-L(wNGyx|v z@S2bjrI8GLG-PZ&oq>l#Muyghf%`+o{yemkfM1yE{F;I9g^bd|dkj=VM&#Eq@U-uY z#b03H{O^pDMPXpscg9({fPr_JieJybJH9hEG?{^$OgZxy_?jta1_PfqermQ+mPBEO|7TYhfwQ{NL>Os=}6Xq)GDq( zkLnC~KZMqwkvlf&vqKBd(N3;(pMBBqol4fpaIoHAt8OY)N7r6T2EjL`87mqQTT#@W zZiYjsszIO1pl6L3r~#}NV5hZrhW!#JU%av}$AK+0!g6ZbL}5(|xFj zSc#r|ss_v@oe~&I1IevI7`Z$A;ap8;^3Ql>TlRG>`(C8%n_RX!*}t}B&Rs)n;)dRj zCQaYjbjNCwePxWPCg0m@j~=Cq^0<7`sx@n2Kcxw9vf5LWr`QNQoe4mTx}{8jv-~OW z?@BsfoQKgp{4G6&@>hWMIditH06NA<&aQB+C$Gu-6Qp~xn!t3!cISAuN9FVr{sE;; zySI)y0`zV@`4oPNEoW~|jj-N6@3sIM1|oi zEF}x*?iRveO|;gF!j>5|L8 zL}M8^6cEGPN^)Gvl}BAt6OLuc=`fB_dtcdS98Y)FHWg@^0qM^&Kgwu(O@U%sgX4_-q-osE$0FEvCzwTM$%-I=j{~4+- zTqox3@Pa0@R?OOw69!$g?XC+$gYc>u-ZnU56a06e%lW^;pPX>$S2~)n<%~kvembyV zdi9^^_dFT>p3sX}Z=fa~NvPKiM^$FO0WGK-O@0P`*t@%wrMa4E|B6zciloe=l;gzr z#ydSQ(LIONIm38iN;mc!x`V|#JIR;*BM!^?^Ov1i&K1CG3b%7jGwSL1gzm%0DaZjv zx@CuruBt#SqK;7!`7=NeM-1c(-31v7NMGEVl(P+Q!MUM&_%jD@V)NAoyiEcP=BrMM z4uZ(RI8Vog7ZM)G$ZyT)S#91D<@?CVW2 zH)_xyZxwW-gU(Fa+(K>YXVRF6w?Fo1i{2sOA3o=!m)q=u3Q?>OU2dr;Ki2<4>3$L} z=!#IjTXB%j0T_(bM@}Ecmw<3!@m5eRTHXMF233R!fOe*zKboOkCITS)9stUoO&{vc zn2R4eKS}do5efZ5bb#(MbiWqtxataY4N$ADZ{#cZh!@af^=@=I^}oZ|YouIC-U@KK z_k?+U3UTKT+;S-$`N3L3KaZnE+O15q0_Sk$ZF39bceoDknXL330E}+DZ?tWe*Xvf6 zP#IWwfGy;0cS(?M+=t|>l$SM^wB3_c=Q{kE3;2oHxP(pxwQ+M{(IoO+#70jFLgBBx&GoXJOm*TIR`rO<6OWcK6? zegtcnY0S@_cf*b66Y20~Pp7XDI_-^!H2QLH^1~%c?a-0ffiMgBEC=(bONQ!K z;LwzzI&Cqf9dr4xf=dz%hC=zpdi87Am!pF(H(T1A9yQp*QElY@RQW5Yf0SfvKXg$NsOC57Pi+{i z=3xlN4uhgF_nKC%_DzTNQYP*MorY|TZloC}A7b;*Byw2}J%v3tc~xQ^>L2Yk7*=OBnQy{=#9O1+?tP(kGZ+sf3?}}s2jcf*vZEB&G#FtMdT*~PK)IySSdM2 zsVXIw37c=2;KI@##5aM*^eY49RK(%4Z!=1YNg7iCxwmvHR!p}Ze>ns_+ekA{Ghh*w zC8WEFsBmBo)xreCS;=?i1?LVZg7Z=%LgGOJj%r{vJc49zcgwCcknS@zdk#-fy|q73 zx$-z^3-G=5RTOy}X-OHJ6#p9NJwtG-Jgu3Cz=mHZdzwP1o)eYL8Xpa6eDv1r=!5`1 z`kICKXs0SOpi18+%!Lu#h)ZswMPDLe0&QT1e#t!a3BoFQz(O+*^kxRw$RqV(D?xNh%7*Bg{aBY2hWJGC8BzzbKt)Wt}4dR)J;6$aVVDJ}iXM z-6JvUNiS&(ThAR?iB-ELY6ONv9WfNn$>DRcO_9hJd{}xD|w=0~xjXdqsw~430Y8XUkBWIxB zn=ABHXOdync@7jxt(TBnoOp}UVo2sMPX?pU0sNSRqSQY-4Erz9AR1?Uq>ILHo=R$< z`0E#rg__;3yX)7&pd~(rUko%ZTM>J_PU~%_QG03N39Pr+r-^FVjO?-UGbe2R)>x!d z{2<~~6hEjfvakLAj1!C>M3%0Zbffh{*epG_05(e)Ih7r3|9t>&zB5EASFrbh9TDid zCW95OnAVV=PDiFNUTD&f`)BgdjD^+00nz<)Cx3ZhSeOo~VxS}7Wm9dq%(^hZkEi{R zBhBjV4?K^;j^vySYN1}hZRe}Q;StH^?}xSUq0V+_AH&p;E4g}qyVZL#$P4EKHW+sj ze%N>Pm{d)dSimX2>>94Qoj!|FV*Sr)HIp+{>hn(VTx?CT@mzxc&*Hhfahf5X%aP{c zdOVky^7d z-NoGnqHZ(+O#&*!7lP;-A6I*ft3edPbN=6Rs(ZS7NFX5WZ~u3Hek46zRb6%J)T#5T zQ&o~@pyZhW%Dxf|@ftA1S(EHHRjHNmyjISVGAhgKW>vNp&f_KDH-Vj8v}+x`C$>t2 zIt9s6d-}tYjUH_AxHki4j;3GK2?f|0b1zwkhv0iF?%o!V>$u-#*+M#>`M5+qI2*}g zVq83r_8$HmE3CXSb(grx#T#~odb_ZsJIGghbn-*%;0KUJ09_1MW4O7BZ^^y5oG!jC z4Y9h>jx=fIk1FMwd$V1^t7PrU?AGvD06-hlNP*OUKbq8>D=}v^4_(ytINlYZT+)@h zECnOs>`VEGe=0$>dk8?Umd%ZXC*jeR?8}R}wp73BE|yj<#IQ8YsS@{tP|;j2N|ysv ziOT`-pa^jB{Sr}!~uefu>1}^?Sov z)NWfi*D6FgW)=A&S2l8s>sCC5pLGrYMqsvum!pLwS5fsom^=5(exZ<(%Yt#(^|vIFd`*-@WV$?P5GLR3RZqa0Rx5SFkm7$khNJ0) zx3r$h8aFr$A34EQ^b+ZDQJwm?GPQOdIMaZ*8}V24CE0vgNJCV4TVYaiO7acPj)~)_ zxf}G8RvzDz1u*K-M=U^trKV(vE$ENmLQFIMytM>uJ-vCdIX_z;Mob=yH%d?yCY zI6VNH62IH|UUV|Y$wt*P`DPZjvjsAX8t2e$8XJ&7G#r|V=`TQQG63biX!TY_`fs@w zZI;3rwpvtV2p(njQ2*>3^69kYZHb;i#%)a#&2CWPQ0{6&c~x)3fwCF+<{!Re?jC9;Al0e+csA`KpTcsD5p-3w0IuWF(wAcBrdxRq83 zjN*dSWcOy{NRQ?bbfm{NOcTyNzk%uw<@8mZUink942-&X?zN_5!A%mTl&%}BF_mfu zvj-qyTwR0UT%sL1k%s$22gAsp$0uTh&_VYC;OC`U`l;lbRMaO8>Laqlo1jdMW~ifj zw~eK&&0zW?_Rp}=_6S%eci(T_T3GMkxHuFC)w^p*JNUjX(R-@%t4_ z4j1C#(6k~NapBe!_j$l07mC!A@Bu(e`T}T~)K3u3I5ZGkaS(WLks*k!o=4n`)iPtQ zYsMrO*siy*?b;vPKlYe%%}qqiJhy%hKNfYEb9Sdbc^J*M2Kz*2_tO}pE9wf@e5R1J z`SyA4;%}J91QVQc4c`MaX8|`t-xM{{JyiO}p%a)3dxVxilbx7x;Q|)gr3-|xXNC|i zUtnhlR0Q*$D)|K}A<=qiTtX1JvwLr4>UX!0qUbgi#nb@?JAT|{-UKALITfKr(_*Sj zyD;27k#D|WWQl8X4BH6GB5mn~IZ9fZW8jq?u^p6Vw4CU`oyJ!$E1W|$g!+{8LAe#Z@!&`(R^%WY`>V#4-v=ZSHi$0q0Q z+tT=X9%OIoPhB$(kmkFB0}$Pi)-{+SpWf748urHMsDl_-){tSauIWNXKK@|H_6__d z_Ns;px$@adiyHaTXu&u?Iab^p#wqXVDH80tT(P?~S5%W*PajGdGhwcl&?Z*FZU|Jv z`;_3nvf-J}Pw3d@b|s#l;KXdX5}BW-oN}fdxibsCHO1X6-QUC<@GXu4xi(EH=&YKq zsGYL62fB=OKOK-7Q2$4X+~e^Vv{lUvsGR|C4}A-dazS&|Ns1a(ydS|EJAaHE8R2)o zt*9T7&tcn;39hb_=sSGgb$memGC<)c$NJqH6!%Bac=QiYLQyM_|GD2C%WDo4eC?Mm zdByK-lOvaSL`aV(S@ObT67cQ~6nwW}Cf$H`7x}NUDTFCk_O?*eOE$^En$;d9`66H5 z_JnxAf~~L@Q$OS8<%! zuw<%F-;zGT6>#tHdp``Q`~2>Giduz+UM{zh=^E>FtqVty)^$4_AC+Z{iWmv$f%zcV z=o*SC(uO?pI?I>O*F(NQn{w$sx8d=z#-C59%a6|Cw;McsiFThypa9)&)uklt>gL!Q3Ek9Oie?FxpWb_bdZXz95D_nLqg#QS$NX`{bs(#m1( zX?4SrL4SdQS3+MSTrT<|fk?1EN))Qa%Mxgn#bZggRK|MXg(x1?jlb!m^qSD8ARoWGjn0hkFo{g6r4b9L9|gQS;jhR18Zdu| zqNSV*A>ps-Nm-CjGtj*cyg%UG6L7at>~w{5exyiK>r#&82spWlO<10<(;{Osr>a+Z_R(CWIqR=kof0VM;Q5N#UD-nOwT0#@2)c#g zmTFhi^6QOsy$H_;KIT>dhk(1h=A+IMZOj0F%^DBQuWc8DpoY8Xp$zu`yZ06k?WRZi zP_zUTyb*d|DL|;>tB5e$6N@d&l4@trJqzlaT;Xm--5{#%!3;S=Q8)VCyZq{Uzk40> zK_>w>)?{Dxdw1u>#C;cI&hx8d&Xa4}()YQxS|)OQu{4)R2}Ast?265DR*pCyq~&n!_-J&P|SDcBMETGR*lLit_S(*b@z z8)|a$$eoZ|mqErrhHPZZmZgRCz<1KzipPu9fgXLdG2}NCq{BLFT3px}E z6uSp1QJdfUvJyEX;Qd@yzf-(>tHzdSlg|sdzl5pJOZOi7{6W=$60)F>)j25&T9|*EM%e+nk8lQEGl596V zqD#ILC!RY}*H{E4EuK#2XfZ_rHwHzGvnXnWgQ9+sG{F_k;xmJGE8aDNme`y4v3?)& zFzg<``hN5~p(D;;!y~umWpm`l?VyqC-+hud7uv7PI8MBn+XWiGwN7$RI8MsA|D*zq z7B$ipi_zVWIqyGl&PV9dd9;?9uMd5amX+?w;xoHe@}N!(fS5cL#Nl8FzT3P5zUZ?@ z|Bhmc?xqNPQfste&ZMqcHhC!hwO!t^8OxihUmJ$y+SQ#9adfQQCT&h^+$-XS4!)~H zOa1x@bAN$(vm9MZ=nv+&RNWuj5Ihr+454Qn_#$Y0a9+LJ?7#2jYPxBt<`vI{u^5ci zPj_^5Rg2DStPvT=#gs3Llr34AT1`lQ}MnE zlwu-c?z9C+zofP3SS-io_kIv?@8x?jz97-ig)}IKihG~1a1=78qE97>4us!MGS3t9 zL_cST^&%K4x1~+j#+*dTeHWRBGAJDuH39v*q(q=Gm;Bxs0}a{xO~AWLTFhsf6Az&i zg_MHz(qh^S7VvI>(;DmUkpHc5pr->sC}n!&(-!^e4nQC+e$52#a>u6(Q%^wMpf~Qb zwH~Eyul$`t#l4%M5CQd2W_KyvSU`PUU(8=XcJCJOf}iN~k>+z0D)vsg3eaL+&fEgx5Vi~ z|8y^-!|&cf+v}*{rs!``5bXGTQBaJD{=#0P^M5lf;-2X5SxFt1FB;{7?S!a@P}a|t zaxzugRVoS+Jfa{CMg>>8n=wi!d7;v-S^FdMUH!tniHPjcy+{jqKkJ%i#~Fkl^9XyebCsgSgqK9UNf3x|d9Q;n~l!LM6Cd0ZIy8V#XLKA5zK*`|)m7%+TJ!Gw!REodFIpxLy z&Bb&dirD_d9j!Uf#ojG=Hl*6In4XA@!SWy|oahV!qUfb$SB9&JR#X*j!iP;lZoo5h zRZfnd)CPpo#$sJ3I{14XDv2LzO^&<&Q?e&kbYG0Bl4>Pn6stWNy76_aW@j>(s{i`* zpTofw`>5z87s{yJT^HKxBVBka9e}2c`$`_PzUU=43U!T&`%{ZvNTbYX#D!6_}#0o7}p>y(_FoGIzm0C9qGZN@A*wbKDVYI3_4oZ1piuU^|p zU#Kng^+!{x*H+_of>FUl<35W_RL~MVuKJ^a)oZ)W;^|g#=hqXBuTK)Igwf3)M&?x^chtUlM=I>-t~qK)P3H+nEpZpsppIQ1R$YMnlBA-Rj|L#2c+lFS z>YncTXCrZDa!u#Jmd@iS=i@1Z)(u*H-!6d^I?5H+M@rX7{7q`<98f%{U0vOE4BnDk zI@1TWAXtiH-9DN|C)5UWa*N@Rn`DkzcnW~*l4-5|lDsXna}pGAcl>@?G@Ww1Ccjj@ zbCmSUmgbLA(^}BcT*sO2%alDaIkv`M@L`Az;Zg;ED*Y`V@kix%O zT81cj>*Tx^xuqHY0k{h(n5_k##k|#I__VAZ?&o3|a^7ksufI#r^vvfLbH)TF5YoSMY(f~ zwotksDs!W$hC->?c5WoU@j60o?pk0N6PORC_jIDPDv6ozlqa zcd*f199;b+v39!GTI4)VIpZj28RwYsmtxN{g?quA2KC*=mp;yfW;B(3_+HwnQ#D2cdz#s{0&yS7TA>cCXMrlu#%u)0suP4xU8Ga_zpO&t8OG6 zzzcn$43fRWu*6Oyo6x(NEU^<|8^T=xiAksZuhd2cEOQFQtpxRCtbx7hmI1efE2vjYVmK-e~hX87{{ zE*I>8`Pm`WQn-dt+8F})v!$A+*hkzP{nlly)r1-YUid0!w})=Tw^+0YZ;`?efx$;F zOQj;~1L_-Se-qo1fgb-3_>|#3KzBpSVNCnIaA|eIE8Iy2mmAK>ar1{k3D1zdZ^0&z z*)L0)D=KFl5KejM;ZSuu7Lg?*}_eUb`cvpkW^>5RJ{AhA?onIPpuo4MC(5Vt?(bYU!mOs z1)oDBLM$a6!x^0d=~b+D)qHY7(Tn6=RwUmxU{G4( zN&dmJy6KUA7P|+}67E6rkik9pUFZWiYrKB%#(?`9_@@Tb7n*P!e2lJN#!LPty>Q{G3wb^8Wy4S^hxNzad#|vFZk&5e52FtM)KlyL{?$@JV zvtb7EjQEx-?oLE2(+TN{v3XFt6Ta{X$%{IWB&Ven_KhC5~rjR<)>+22V%PCU}jBbRsa`Sfyc`uW1+xijk@K0WZLR4b$B3eS_C!*4pWB%;0HtW716jHi(a=V=e8?q)CI>WXzbK zu@f3oXm>UZ>e{X!gH2Gs6>V6a-}@#!#ngMB13vcmpFn?=6NGzul%T&+KoRI~GxZ-G zUM(Gq7A(JP2!ZLs&V+1u1JF9w+l=*#;Avv*0zr}xkF6mrb*!Pa zi?spu1Dapf{D(um>tf_0gHkB7>r9|Qc5mhC;eFq%c-IEp8|V-fqWAPnAC}vU6I4L& z{9VBP1%yR6-^hYMbGqb^jw2`QOO>;X`xY(dnEt!Y@z$NX@9AfMG{JG+^M3xfO1d-A z++?!Jy#M*5z8!CNf2^oxmU-j6;fqBG0J)9mUQya(A!7xS>_Vt&WTiIKJ_>k@u&m2E z8qD2c`Tl|!(mGh}=)tcR65)JqLzy1Bk#b>XE|}rp0a}WIb$hzTCHfc14y83I*pL32 zw%CFb6?IX!XtTmfhMM)0fi`hCXP~&FS zP-oZi6-yZ7TFNmr?%+r@tx#v^CWLZUR|4Js$T?K;JLhpDZ}9nK)JWTY@ii9iv8+G4 zTRtC+MHY32M#OJM=J=J^8p;WNLCXhpmv&_GK&mt-8opNgZCtYW7y(f7`FJ|3oKjwS%qwIr@H=H*?z}fK@R~9zzNwLobHcY zip6*+h^yyc>W>UnA{RqZyBto%bu?`YRtMn8P`v8`Sm5%$0XCHc-6=o>f;aaYe)Uq1 zzwHvS`xBa6&C8Q!M~~?uhxP1kXuR2fnCQ}P`JBDbPXBZKm>!I#zWED*lx!mH`2Hrk zR9b|HByos{*a7pwSqRW+8z4?&oSL@(h9R+6PZl8LatQevdyG%TVA-nkUL3dMT4&&Bk{Bz&ZwhT@J(tb6wt z5&jSqTKXN9qSHBQ9g`W$h&u-_yoZi;{L4h!k=?L02=*K4hO(}c`R=-!p45e96nF9$ z+x~0l8y>Tx`SFgLo}}n6-$#eFQmBu+2H2ZSU3hgPo!%r%PqZ%>YdM~S)}lt9x$EOYy$`>ypa4k&!EwLa;!a%PUcGH{h;Bs z!5{I3c(pf^_DZ)FhG~(@>?)lgXfAGS*|JwuN@Imt^ui}(e$jlz(p4-?3e%cR9E7oS z*BE&TLOpuX$!UV!X?5b%3()c+@pZTHbtqNuq8r6TsXDXNxgRH%dc`WW#4MG!UtRyf zr9wS5FVZI2WLk@QM9;B~FYLr`qgyG|Ev=+b|M%Ca7OGj6x!UKi+l>U`u2V~i35*hL z3`)51e$9JaL8U%;1>fX_^7rx9S2FX?;Y-F;-XUP1Mvh^POwju*ZfE{}o$Q=oc2X|q zB4>P*Sft4+GKY(tx?e4ia}k2SVIXB9-volk7!gsX@WiQ?tu3n(+)xaD?T2?{4JW3`1OImXL!tWcG5c;o;n9S zkLG+Icz$>|@Cd5hs{dNRv%~?>$KEI6n^ta7p5~}4VgGht^nW<*gBxwt|KkI0e~#7uki%$y zbM~RqyBv|3)r~gjJ(1mIzC%P#Iz>yR{`)p7-n`fK9b-HNNU8dC2RN*HBt&)a>AZX) zp22SE)E;~LkG@UqKiFw2q9+syauG-zs20HjM2^j$340?%E$55``F+DQl zbH{@9%Qxc1OiCGLNR0$)S#6bEo=`G@Y96ynwkMQKpq|^UlAQ@96R4=zD%q1zGJ%># zStU)1GD{{rFPtPo znv)Y?FsGQOF73=y^olG(GFqaVOQe<&QFVG18YcKG$ z6FkYMuxEwffwdN?X}92saHThOP&uQu3EbMB>1+lBNd_0nkr!Bi*0jl8!yWUlrmb9# ztq+!A0lLE&_!;fCDYs=U)pVt9=5^ZgUgEq=%36i29$VJ$kk$2Dz$xT7YdsMm!|AY{ zIMLkARa}zIdhgk!_ksspiZIYiCiS87&bI5k7xL#1+my+OA^uH3MpFqb!lIs-`Y{(7 z9u!L*I9}B6!G+i0b`G?&9`?>0c)4Wtk;4*0=O_tY`Mu9`3b&?MDCRLQOi%{AE>@QG~RIu6;$`}J=(vog{VgVy2okq7xxK&oOVX+M?3m|x9;a|I3PaA zC&)&UK7$sTwUTUo0C;ZVPS*YIN69kzw8z%?sjbYzCz*MlPM3HOG%-F;Ipre ze*Mbc#7k8AvUhvc5B`Yn>0%bv5h7FR8t6{ua1?E+oBS4w`@YWLaKYcu_jz;l0jCS* z2BnX`6;<}5jU&ggpp=;ZN7xl8DkoSshMWL8slq(2y z22Y?Hday!&OZyx-8I9j?8j(7mRegS_GxVvUg!FEI74{1MFJ9(ph!vSTCb=lUog-5x z>1#hTsIHg#64y5ZFZZUuC5}%!`M`jCI!BE-D31YnX`lz|gZNS4>o(`6m!e?ys4d;M>6`7mt#X|cjzOdTfNQ~8-C-! zjo1%3{q!}7`k}RMh}Z^Ni25P)^)0~)MXQp#j;UCJ6;jB*SA%8#$V?&s{E-re{9C;@ zhCJQObI3o=8^Q7qSq}NPTFAd?4C)C^sVCg-V%0Kw7fM=do@;tppDZ+oS6s`(J7p~= z5k(eW<`Dyo_2{zh*l~8Ac$~=(X(4cSG~H;e(81q~^~M7*)3;j;){wBiF7~%feAv8W zD>}NuvA-pL-?un}QJgp+c|+ys&Ma}^H^Qz~^X_|1C`TI02HKB+NVR1YnTJ4DI;3)0 zQfQcQaeSJ2QOuwG^%ns2a^RQ@YUIww9_+#Rzpvx#;(OFB2-PgZ3t2=^j&-F>+M3abzM!+Jlkylx3rd{m)FK0lu-VUjvN6CENjd9EP2F%Nf~_n zeQTH?ND)=gxqtKuDE=hrSHjB^eVv2wR`5aLkp^*u9RtLhC^zY=5sE7s%apOSPoWqYBs$%(Qk?F{k9w{yw}I-BGNytsOF*DAL8w<_ zMstO-T2fj;N0wfl7JbhxPSuSc^Tg-bm#@tcJLM?kiH=?*#JP+;XW>cn;%7Tk#7Zk4 zhMbHP9%%7JrTJ6ikFE2e&;Ge}KD1UZC}pR9#>zp6zLCPW3ZB59U@D#nyl`u3IE|2; z5%zG-me6$C4}yU4Ihe<1jl(>qO&Q`WtxH}oLa6V-YinWB=@o6R(@&RjQ%{ae+`p#a zN~sRZro<1rvTcFbd!L8IHqQOa;&?-`r*@NmNjt^7H;HaF2=E&6Ey|}8zzsZRp(rZ; zB`SW75(K09EviPnbPgfD3f?SE*`iOyXSAK^Z*4h1tU@%eXhXUm<4Ho0qa?LVfUJuc zQ)7m0Y7GAs{k%G@qHREuiw?y>UOebY@EQi~@6Szeb%ih>S20$YHxFt583ou6xfV&7 zCe+;X=Mu!FEhsFvhD(SJTEhW)=*K)a-qm%MGcg{f_aIe2LVzYx#Q}{~&j}V+*js#; zdDax;)HuS5I%}T)^xWQOV(9pUD!hkcDEmH5XL6l}eGz}2- z^1*@dU){vy6dK}ef==Gv{2ro&^uFW&jPIFKhsK)+g$c)7`~Wf2@%Hp8yEeODIHsi! zcG5KumfV?@YP&mUcnMLjwrHt&?dwjx_=Q1ylpY@+wM&2JBpUB4Qw0f3!c+g|;c-S1 zvA(5rsvk)JEzG%}u5iV_*UFZ{zXndvMGup?2c=i^#6T0kI2j6U(@ z9G7~LdUcATR;5wx`lpCg6at?*VyIBE@jVv4uXvcAD@1$Ttp1A!U48C1H?W-@$2RvP zbd0&{hAKCz863rMeSYBY8N?zZn9{7kPLGM@At!mm@yuLvH6z=M|5`!*vwNWU?$kd# zgM4Q*3k{N#Y(A#HP_f7WSSCrZcEAQTC`+bFV_O{gIhVT!KIjafj98f!Uy`i^@GYgZv6mJq9(pJ;)jjn>G({p z8H{D3IP-R5T&Ol%KRe8yLUvP*zAkfst7g%1gy^wbPtzzBnN+_%wq-mYc{@=EV?aU2 zN>T|v+!yaK540uXS-(^~80zxLlNevRdRmna#;lXKj=2 zy;{bfnfdrrl8ZkTS@^?>Jf8^s;t*EksSc_N3U)VCAZiqP_HyXi&Cs(u0O*aKR4+j# zc{Ku7^43!;lDEMC?MVU+AD3Dn0YHAJVGp_qMTzq03~=uB+<2$6jZTZ2<~Ep}q+7bE z(|pqukU$sq5VGjD9gIAEjv>zyL#~B;A96)&5(O98hn%T^hP+}W4~w9RFx}t4M}rFp z_-c&S@JYFXdGX~+H)ahWp$`T`g<%mk0^}7`5SR@$$1lyGi~gXOi?7AS38UU2N^TGV zXiXvrDHgn5s=F&)=s%fp{b#4X_gT_^TInj>9gzaE3R`J#wCr(NW<*V~1Hin^kkd)?F{9K8H1Gu24T?U%Ocw?Wb!r z(Oco810}9YGBDfxRxDPbHXKV_BT`Qtk9A%Q1_iMqSiMr6J_G8135Q zZTu6O#GwHy7p7wfGXz8D+k?N*SNxHrM3X^;&cSZE|Ih~8`)B81S2_k8m@(NSkHF}U zVU3a}fmHhSjKVPYG=gze!=g8{o5?4%A7l#;5weH=3{K%M^MU0#ZkX#vT!wI@5Mzns`L`yX$@D2Uq)Mxg_`10!(IFN@oC4|tk)?|vxynX zj2mQo{||WfKom9h=Z8B^GHpi8)y|WIN%@oKa^h|6Mq4BS;M{?hCKdOPv^ZahG*Mxx zZY5!7W$MZdo6u%=s}jcn!;0-)f@LXs8iy$Upz3dn@Svw!7m89c}jIH3!hiCsv?8 z_D|I?ePiNv6IzR7Jrg~Oeo5|yaH;hLbje1mO(1ce$3P@ZQn$AwzR5>?Qxr+`1nLFeP@f>~?J?;A; zrMY8{!JiwB@gTdaLfWI_`7NICfY04qA-%V=LJH!!Wf$JR!h00&cy9TkLh9O$e_w)z zFF+Od-g=COFKI4l5B)bC?^8>Ag^RYgWd-LKtGjAG?(u8sBM2t_P61Q5cn?diZTPuC3deiHX!L?p@iG90 zzBc?nc=$IH=5JV;kI|L z();OSJ@x7F4o#o=c-#(P79N)tl&63DmxHT6zFPPO8(Da*43Thp4$ON{QR7p@H^#4s z3#Z~b7{QVH9>Ia>1_sbOGvaQG5kK+N-dK2x!LJSWfJI;Rz4(FEG${JrC}uK;@LJSG ztU#(Ay$ddAFeYPdmyS!moJx}SGPW}oGtVPopL0HPqEWv55R7~9I=)oYfG!cNbZ)Pn zASTcmh`96O>;Iw?u9@_<85YDg!-61thm4+*e2Ax9Fn{9u_&Jy`NgSUfRaQl@dV3ns zGYgo?bR9@e)uJhKpX8ch1Z+y%M3sJ>C_$I9#!tAnzAqNJkJ)lb(>2e(7rCqsnm9Nq zo|`6e`9fVIm$<8u`^A%-OP64oxnyb@xvxq39wckn09 z0qw7=vOJRKRIx{L13wtw!Xx?O)9^2zkHQx&bTDYx%`{^AzCR*=w6WoJmmd2aUeoni z)I_R&86N#Q&rde*y_4>}J0}}|g9v`?v&ZlKPOOzpl5$aczvBxJzr8;2e>2(xqeL0} z?W@JZX|E4z*!2XtH+irQ+-!nB^PuhZL7P8&;wbfxO(AopSp6GyblR(FqPgn|j*Rm& zVRi77)}Q?CK^i@r{`JlY&in1r!KW}HzI?pr;I)4r{Eaoa;C>A7+W$N#4hs(je|>P` zT}zJ=eUQYn(+A5qsH@bs@WC2AL%uZ!6GsS$?w+74I6w-_p84-Xjc!A={!%$c@Kx=UBSW7ZDER!ww*7f zjh!~1R|-iJEP9Ss2FR*=mhUiY;2V6}!nErnRjguDF)S}9OSM&G&8^Y~P=cz_xt|d& z34c|M!`iW^L`DoW9(s7g6l97w+U!F21By2aqbK*RFfPKh--X?!LcQUrd9|M0CVVmc zc&Nv}nMct;B+#E7q+d#R&>?by7A}odd1+NWfl{HCT@DI6 z@uqf2OO+AwF$#IgIiC>u~n!(I>s2mF=Kx;j}b+|@kP9NERNUI|L50? zE8YOp7N&rG%B*Rkg79c0(TxspeemKxE%gX~;NpGTBimGEtp$mZaWvHvD z@gjltx90=d$s7hST;`0kMaB#B9pfP`r5pSE%HHv&y>LLheJ9{}Qoyk%IWz*zU2AVn zL33UApoMCC3u#shFZ^d>3u*Qil!4sBGt@#P?8aZjf)GWn3a8?wLJi+dHCB^f>LIq1 zh9A%EpC{UXZJxcmw8(4h6tJc>hx>o~IByZ1MeCZUB1Wp*zNq;wXO`VzoI^d@FqdVhc>D4Msu2+T;h$UG=;Mm6TaM-@Ephw&4VYr#^HQ4N9bTFbZ;3M z_wJ)@eqr94sHMhEWOoX0g=*uWGTbRy^ki-zDn)pZkgUYK#f`4Re>6T$7y9CV<5gdkHvD(=v6vfr2bSlem(jH{-v{vL|JXO+5AL-CzGU3@0K99Q1$ZU_ z{#f$&1l)Z9z~9+p2mIaa?*aIkHo&ib6o7x2^gRKW|Ijz!V;q1V|9t?zGus0E$wvVA z#P19EL(lXL`1QN(fZuq+_W->41Pkyl>jC&}RK&qhOy2M0D6E(E#!@yu-8W15{VqF8 zdHVS8!BPgEV6l|52ynV&=6hj$?9+W?eCtj-#zb-M_`}3@SNPCLe-X%w< zy?&}LZ$Gs60L>jr{|NZSSM~+GBc3aF4Ebk%;fUvwyiH3+v$0$~TCAdsHjQO1Yba5( zR)|MYBkyXu?bkUR-s}w*@<-uL#Qo8OZvpP6i^j+byN>2ggJ%Q>_GFC^(_@4%s1XL1 zay|Ui>XX?bBNq=gk+jtD$RNv5WaN)96ml)qBQgp_hKz@}K0LKZWR!}GSyol$BBNYn z%)x_=BrR1H8I>aA4y%nSkx?x&>hNIgwk`Zv{NtwVksN9K5Q+-t8pkR>>*mOvB7Wfj zyXfx-wS50pn7$!$qX$SqQBOtqK+uzhs1`~iUpzm;SzM6IOP*TtyYIr~(#*UQ;`{Vz4u&r75a_C0C4l#x$%a2v}CuQ|onC%9KZNWK7Gi zV^E;kQp*+UjFN~(0I4&ko9H;dK9@>_Kc(~Cu&DdseQsBDEnebnGIhk;V*-e`z{3q= zwt<>1u4|w{E{=#!s|`1E<|^(sb^msvM)Z##OpVk(eyb-+qn_Xapy?%2pF4~J%pPXM zCuQM>{tN&#^Dtoa(9$oLTRuvKN=~#UWfZ5ClF?`UE+oTogt(QOAN54slBa=tl5thq zBq`&Hv}`FuNkeQ)3K0cY4)@~-aY3~;`MMvY$rrqoHb=Zwi?_$bqg^C+inktWwk=HUxs1Il*3UWC&pWK2OYoE9gVly*#46gt%gvOw zaN|&8)*uYi`l(w#UBlu(36aLnN!Cx<`dM!Myuu0|8Q#O7|xo3xegeCZl6|;tOAcFq&1+M3a*NL49J*p9k@J2oj*^tmR z#7GdnS(qlU!_X0S@Gyh`;TD8cDMoM!&4P@kW%R)4inmSTty{dMjS{0fN{p^}D-~~Z z#N#oMxLmxo(*x6pTL{y%21ggXMI>TwjTBwRL&%!?LXjdHDJaTQ4FRJfqkN>{74?|& za}HPBaEHjRHu8yqj*Me^sr9qb`q^Rq)UBVcQ5IELKPOo~W$S18C}aHL!x|;pA7x+| z?OQ*WSf4Djel}Y_H;uCTYX~$^U$>P(Yz6)85gBQt<7AR${FHK2Z^xPl;dQhKt0kP! z*3wI8Yw1O_UrBKIN--FvR16{t4?2^9f0!}e9S8C_ttu_2U(J&G}Al9vY=waRUuUE0| zD)eR@o&rX_rYS)zgJKZlQuKL zTnG%0dr(h3C~9O6PV8Zhv!Y^oZ|WI0#la8_$6+BFrA3WVR>M3@wuWyI4O0>_o@`(LJw8?l;HJy7{e=3)&=l;UP8YVVX4Ht}ixR`p-g7B*nzf|o8 z%2MmE5^O84%fYsa!Uo$qeKM75gQ`Yd1WC>MF_F|jxouh+Yg3VW=BeU%2924SwKID# zRiic~vN%k2^Cx1v#n1|x5~k!%ecUf|Tt$*+ApXtp;LnxW_;U^9p@DEsV7gwQxPfqs z0@Df!`Nr>3LcQ_3oDh%S{>ZdSGTcUU@&n}XLk{5-BWhr75&(&W38`v0f2fmPs0}o? z$q*fFB9!JcAvD5;)$n9d8P$Tycu)*^jUbBOtAp%BH6kv)^PqSWuV=yEv}}an_2O-l zc6sMRa6|Rc@K}v)TH&iK2lF ziEjN&%d(iV@e@Kjml*fT)U$L4^mImU%DaSux}Ii7pn(%&aV- z9HMH}rbHHo31X~Mi{PtOqk}x-`Mgcrl4<|=Z@!L5DaIAtWNgGZN;86 z_MybWoSiUuT=isBjo$v@V@GdayxZvQ=ckyx-CYvzE!T-AMQ^#AOPt+&kiJ)&I2C>x ztD8g!PTj-mCg~nes&UPdWcK#^2K8=oFG4x7onM&TVK%uzBI3a&H?%nMV3Ru|EKKe& zo7@>;VRDCs$sJ~s+fWxl>fguYUSTu22mD_(xiQm@w8`y%kuGPXe+n2A5&@5qRnZnE zwRX@Dkkd7t4sx1%mqAWXds(Lcxil`*2lQ@;+qG14LWtpKs=em{I$z+L(PC#I&2W87 zXPS|eU^*c1mJ3W@NL-viH1|#0Dm)Dpf}LlV+H5SkR8-IL9g>a3r`H->wKDPi%R8B? zQW49>;zDK@%a$78{ARJ;z*_#}?_ppi-+3qo)`Z3XBnB28J|f3I9Sp_t*6%(9@Khbx^t4zXSK|z=VUOWF3&I+^(_3* zr{C(1=S9MlB)rZ!f>E=g7YlQCoHXiz1XkGW zn)Ls@cFm8sI0*8VkT^C)8#@tLkZRY`T@~7p_b!dI!t{R$^M=OXGH=ZB|9|Gq_cm`v zEr^>pJV2T@XKr#goxjYdX^ z;i$6ITxnq+YVITVFem?~URFx}U$?9jUr&1M9R~|vHrLQ8#+|^t`{JpIuBm^i^`!sj znmS^xsjF{0z(Uf@LEvZXGJSQHlNj~#B~qDXN6xk2%nYkagkJ^_3sYn`uEKS zzY32sY@ij?MUd3eqPQs}&J?aEU$1EjvHRCDg<5VFKC8Z+!o69NTNaY&93Xj0Jd$T- zw&b~*R*(dyHG$%Kf!hXQHBK#zn~YOSPXY9ys9wKF-C&c#3irX z+5CU>y(-r8+Su!4;IgBSMLE;<`+1ea_WR)WK5V}ms{T1`zYFJFNN8%Z*?wvNdu_jK zUU&MxeqvBf4l9{M&bTP9IHdiH7=2AP#Ubrq+vo#*OnDXbkrttC0VlA!>VLXAk!HPZMIE;V%x);-L-MEH}q%0Wf-t{a>xhuXyTX{nE& zZ&x?61|+H*N%Q-(AupibAn`&x>$EAXsSM}(OdAqh&ZT#pL2|ySHybk6iw)U1(31N4 zz=Zp6s26Gz6|rncE)+MXs0W6+F>Rh*-T2{D0Y<#xL$M*BzMdQI&4zR?;IJ@UUn$(G zVmXV~#^UM*uZ_jk4Z&+ob%WQ&;_3#kjm6asUK@+68w^NX-JrEGOWm-UujE!0Z@juH zR18HsZP0lX`TLAb(_khE`Pc50f7cnDOg+w!e`7Zm5WQp(GfO(CE)lx!;JU>AD~u1# z%`xS_SoLGAfV(Vo1+h-Z8iZItOwcIs4+ZXaapArYdlsNrg$U9Fo z+|Px)t8V`POQa-beZp#x_+bN^XHdlJA7V2p5jWMrQXK8~I>)ALiunIscsIVYAqPru%77#8M#55w@`vO_TpS6uf`Vi-b9XW7Mc)`9)dgW@u#suw?W`ST8b zRe6OOJDFk{MmtZ58%C)IH5v=AI2@z#N7we|fL>y^01bOkSci7=(QZ_lrl!LHH674| z!2>#=<8hrppJhNA=*tr5vmDTbcGCe(;{jX_d(MH&oF5ptT%2s;^7aXdai|A~%>4H9 z!?Z4sDR)?xSIyerx};b({gZ2`T)o(_!mSrI()H8&I?hN|UYpiV zGGAXd_K=pPmfB|JvV>W=_cC4`;$e?#?Odogt>=Vm?4i_olluy#W>_McKFn&E6lZ(G zwW47vVgf9*Yllsa>UmGMx>bMTYP8K~Ez!PjDVKMF%lExZd&C_($b}h4l%aoEI>8mK zMSHfiS1GO1nYN13u5zY5L20rx?IB8=>`eP9rDZ$QenM&K&a@v;8eI-&OPfMzpE}b{ zp|lQXS|+9a)tQz|X?!DyFhgzDt3HE{=5`i;8);p4+Y;7L!Y#IhKT*Pu_OI=6O261v zP^E-CTf!ZbkZtcjB}le}nKSmkA8P;e_$2S$IoWhb0H0o(@9Yn#{W}k_H+<0UMt$I&M;IRoop|bwqgFqU=d`0!zsU>rh4-5EyN*=-3r+k` z{SPdp`WOB~>G6|G9lL^T5YdQzSJgj=4!OUyaYui&pS2$jJ_-7Bk7E5aUhjsEZv6|7 zPW^En`_$cL{YQ+RtL*b}RgmiEq@z;*l}D%k_}3_q3j@qKgw)nEA!o$uSG zIl^RZ5YdcD?I%Qs++T`h)t{Pwg!`L-&uK@e{`h=Z$nuesj#T|2J3T)zkLnNoWBI@D z0Q$&prrGq7keyK8uj~(~hpvyr@d2e$U)Zlk4jmyga6%5^#_kAy_Y7?JH6Xi;kI4uq<3S6sKT+TrT+U!yO)oLvHLbU`02>@pQ1AK zM{hgA{ZGK}xks^nLd?6j9$oks9-aCv{fDI;CmpH!=Q;GBTd4kd|4{lKT6kdkeqqFZ z^z8wdN4o#C2CT2T`3U#ls-FSB^61sin`oseJQ2u;Qe?UESeZp*n7CZEl`qjwczE@r~b-*!~ghU)z1emgibuT7s4E#C$8_0 z&tge`+pp?3{+_@2aQe5f|KopH_0RAB_}_Fm_0R49_#a07Vu2#gpQo`sIrpgfGk9R3f2rC97(tnp=1Mbg~j)-<{*W@+#T0qyp*uA!Fx=&yMt3*Q9K^GC{f!TKwIB+z4?|8?fx zSl0(e&3OQfugnS1rKInpfYCBQPrg(ecCUymK)>`y@m*_}E+==lhF_;g-dg?5fqW0J zGhN&YtWQkmu;@l32!ihmzyi6iO(u<6^}XBbD|fg0<|IiT9|G2WHvwfEkbVcA?@|)Re6x?B?oFxTG>EfLAfLpxi1n9o@4 z<)S?LT>tGEdt-f6&_{A#@c|Y-=rdRFLSs&t=H{_-B+Zzir=d}U@XcJw1S`;}AB*fI z`?Y(p`wPtWF`oJQPx){o4D5WqLg3Y22NsOf_^)gxu~CYer6K0)X3CXe94{an?u2hzB%zd1(X>m3=Sf5TR-J= z!T?n}m8LYl!FLg#Ecn3J1|NuF=IJysk+lQw8}LLt4(4veSK52grAE;|8bw#N`g8!? zon$Z&W9nm4=Q2;)ipdOClSTP|6f@bkil#C0mm+^8I_yG+X$tEU;d7bWoPC6@A75>o zA3$Qwm)YhpSbYy>(2H<01Pb*tPBZ!*2|xrD8T~JsWwhkhUqm>i`GP^qrbc?ZzrxX; zv~qS;^`eEYkg|P^JBTP!;+3NLkGR(&&`tNS>n-EC?|6B665*!Wf>%I$GyE`tZhbRCHn$*%TXaK1L|9H8 zEI^%=-0B;Hf7!_uZN3~znTWTO@$Ym>Ig?T*<1HWmE})b`O1T(sQ}J&)rIb)gDc-KY zzgd)W6{TE_x9jk)f>Lg#lw0vuiGM*#xr6p%`F@&|)atv7VlJ0HgqX`s@yM{{UXHm8 zo=Ch(D_d67NO@3U^zG;57*m;00csbqV3e&-_wIkc&`c+n09-($zg?z>(+!kfZD*#; zPp<@m=_Vx`Kh2Hnr0?oK<*PY-*@Qj|(;mWfHe*vyru*&<46~q3}1$K8YNW zzD>{xmLs|oN|65e2jg9}&7m8>2Gc;LAV*)8V0WQxIWhq8lXL)p$2tomcSB$a}6;CE%ntT>zed)@mtY`EKQ+@uUp)a{`eWa z;O|N?%?rYCbwX@6DQ>>C&%OODlhV=37Xt=^R_rgSLH}>jIl-tgPW|2l|$w zpUa8-z-0rCtW~NcNCMqmV_SVEkoMK1?>%cg@i-dZZVX@#2Cx&EL}WdrIs&bodgF-{ zvy0Nw_(4MM3e}$wXsZ5iPvomUF;>*ss}uO8gMNGY`Vo9>l5?-}#;)ZoI>8mpLM`oP zEzL$PrM6m}^I@rT0I~$1-{=SKBfq38HI>L>5~}`|&J?+=1-Y?2y2Utk_O=NyWE8c` zWAw*g&>Z|JjDz%~3MtrLQ7pZ?R*toRusuch?Tp2s6@DN`9-*tlmSqANx6c1nJcetUe& zVCFPRp0akyGka5!l<_zX8J@pfBA!317SD?-BQG{X3>@>~U-5T&(vCKyXNS_%o)&#f zO{cr4?tYpZq%UPOgIXg2Pu+cQBZUgmeQ@o;3C1<*H7`;>T)`X!kq-ev^VU)s4-i|t zt}6rV<(oYd5NAznsVgaOt*pxBidr}aBu=mqe^9j4J?@E!hsZ@dZx+6|XzK)UqSSZs zc>WY3$-NVa8SPKcS32~yfJZMLU?>q(Z$HWpvzLD@QJ?NibqLs5sqrhoWc+LmUx~k9 z0K*6D03E@JRn$m33-s8;K~|P21>eBRAl~;fVN0mfg}v*y4b*yd z6T=ufwyuGCZRx28Z2Yg|$jY;Sa8P}^x`~Rrg6T%*^<0o^TrckRetM_=Z*XN(C z(cjGhwNnqDmV=gc#oIamUVqzE-YKc5!JJ%0y@6DJKq#)Fr zr`57_@kW3_zr5>|f{&&9Pr#g-uBD8Njv#@totTD_ldH?8g1WS`H}_z2k<#;Wsm=H$ zrg830unF}eMg2lg2kWpa4J_*5pu9Dw(6k?*eYE-Z5P0|PqVZaAY+czNL0-}ONIB@Z zZx?M4TrjdlACTT$=i5{L@s#Ry)pcciiyBE|?z$QUAl?>CXwlQtJ5fOGK+&8j>D6_< zy=LKkMUAxEt}CxaKQ3ordbd$5-6&@JWS{v-%;2PvW5Fl(=$;AeSPD)cZ2~qqjF}SX zdTWEJ`YV||WclfAuc$Kg4M^{1slJ(ftVEc-%KMuO9pCh#?!M+%p_UGRa5vrbyJEcS zwW67ZPeNK*gfE)+LH|sa9$09CC2yAdV$3gkbZ=VgwQ;B@^mu3i`%C-9NU zQ+u^GyaEivbtK$IATVDKyN!C{ZlgeVFoRtuVi{m|w0pGZJ--pj#@8$2elVigMbPqQ zqZ1zjSRFz^-Awlh%I>ZDlp1^xTO$|j4n>X8>q8#c>mzq?X|FxL1^_WepzT~QC>Y+B znX~lPOZUX-qc{JZv;H2tx2VVP7Io`xqr0LKW4z^vn}{=&kUU1#itHHn8yJqZjoKSC zK1f(E>2WIJl|(Imbt60OYIY4@aE8BTpIcgd6`#FixFx}mzk!sdPwh^`=zjta3ivDO z>@Rkb&K`^1E01f1A)Z-%fv~{|Gu~0g*2g7uzLSb2{7^Q^Y`Yi6Iw}3aSWgzEWOa6_ zR9nq!4^Xdtg|a3?TMuM`mjKT`Pb1%nigkdzm@n^5th>mL`TY`~s}L#652)P%Z-=y) zWVr$+)zX4CP`_0ox53N#nd03j-Cu%U2MWHG9`NDEg7Z;s@Pe}g z+I54G7?3XcjLNBRaZwp1kni@_bfES{a}@P9cr?G!H3s}WrQqw(d{`|IZ=d+pJ&;ki ziNW_xQq(A4Z@Dt{n|ll-=>ta^81m3TC~BL(<$qEjbFtnOP<7ouF~{HmkliG+^sK!Y zG~(y5Bzyq>bHDmN`V9Y84~>Rjojfq0UNJCDj6}2DntjU^Hz+;;y}>QaSS*duPZ+Vk=bq+N-|-auzl{E-yNA5o+wYrNzIZIsm7OjF!&*=&=& zuS)kH2SKY8Y?mJRjD6pWV3Pt->THZ~*`$D$l1a;nfk;lKUmG?Mwp+VjD;_AkHe?v8 z8)PgP%E^lg0~js*EYVJ#BDZ{&>R103@O~C3_)Mz#PtwHH9h57EW-|tx#zoG_L8m{2 zN+dlv2J{^WZiM_Y*M{NC4T zBKW;+l&+{fereh(74UQ7pX{lSGD_&r0Dr;WszGv1E5_!-h0iGJ*U`84(&`fUEt)IE zk|73=Ap67k92ZtW8L|h6Knp%0c%%oHqCB80G-%8wf7Om}Bu`S_n|aL@Mbha$m-NVL z02feO0@AeCk>qjHA3wn{gZ>PZYud7j?<(%qO2ICvMnTne?c5FbEB=D-=06=RVCdLC z0ARaPj8+MhDCBF*jvq9DfBtMn04D#!vBVETUd;0(p{_;0+)dS)`T{b~u`;`Em6Ls0 z&(qHeDff*f`12m>1Eie?lQK*k@O*4^Yy04f1VKb+xm&FW4$)*gB(`qi#j?4=}wi$+(_TeA7~6yEs9 zZ}5Xw2do|HWLL}>wiha?;QO1Ao!y(*I2nbO^pZi&#RtD6l^p`N4Qn?ns!}5&3D92I z3}7K2!ETN9SuEE7f6ToLd=y3U2cCrlmgj7QXhhT~!AnpyC<+nO1hP0Qvk;UZJ`g+= z<2%Bx1T`AmM6)h~(Zd%$j=S@I^7HN#Ux;{U0!jiX1Rn@KovFd~ckHN@A02--7&Y z3pH>beLER7Hqtvi!+VE?7--F=XpO;pPx9@1IY(gN zh8)T)c59KTxds046hvJ#$hoT22vObWgGl{;oZ``XwbGyTUYNYiH*KAy5A5Z0t;e)# z^+ztu*1{L(k~8TXnCCUF*3%3BPw`L#z48CK9#SO&HN~rlSAF5e1bObmd_A#Qxf4-B z9e(|SR;r;7{y&cf9E`V_>3Ex|4FJ{G-N++~ z>xN-md>w0pMsxt+*k9bnB-trQ@_n2nZA_9Z)wNd5-|d5z>S`c5-ti%KdVlBi*#F<4 z$0jE|)*U20w*Gv2K$ofMEez{Q?c-RiqhxAP^Yw{m`4eUeiiNeOtQvRT>W88m7=Yf_Xf<773APJ9+tmjwIOXwv{;Sp#|*-ydRGhp^!fwprGp zCo|YOgg5XyC0K_>r?iL5-D`oPR4V(BCCS+-4cmhT%uoq@lj9J+QIZQY1*FWeq}PVu z^oQSoi-tbJF>*1!HGYBZ%%{HHpN{x;#4ayvd_$f3zOQ2)6jj&=-oO&quDaTkn)g`| zy?m5A__-SCJBpR)R^y1nbJJ=Yf}6DntfPL+tUJm3py~jK8-D;ZXV2ZXGo55qb!%%gaw4$HwD99E!YUV=~4@OM%UKs>7JYcyW2UDHtR z3pG4sT!N-ysZzr;vBx-03nLD&AGe@3P4KWIo^6|>C7Z;Jo2v|3;yGCH=sqOq@$Oae zjzahP@H>lNgu!mXHw{k9z-Y-iif3GrO^sAM=K}i+3zYmB2#F}8xVhyVd(-44Hy#HE zFmC$%Y@sl#`V7~IhFF2=kBm&qV+$JvOL(CEd;A_-u*3w4!fC_ivYi}#m8xEfki)Vz zkhoe|QS#QZu{{H`F-&hQCG1>ZmnbU&Z!N8(YR2^fe%VUqL`BI&d>(ArW2U)-o^{?) zs9~q^8U{OlO8DLsdPAs$!p6 z_9DR%hLa;^nX*Kmu^e-^f`S-8_E{9YfWP2(9tQ9!`Tk6R1p+6#Ub}&M7mQQ&!Elamv^PPPtKX%6paIlvxf=Su0qiG{GK00azx#luCY4 zjiDtLzYv{yFr4RG5_Rb+1Q`WO;~ewFcqhjQQ?v{hOr=jJ#R}#b&lC^~%}h%we&F)e zRWlKQ$sD!*0yDfQ-U+JwTvQ(WM5yx8`dHwMJEBMh!Bnt7ZPG+ouol)SI#P=qt41!w z0FkZ=c z>?xj_hQLNh?K~fpl~8xi;dOSl@0v}B($hVZSr8j&XiIMJmzxx8{4NF~Yi@8{iQC*q zdy2u>nj3<<#GOO$D4%R`0lfpam$;$tXZlF#FD{~Ym=q=MB6^2^JjGZJG&d$piMy2E zVLLO`J!@IP1+rW>$xbg+o? zW&%Z4i#XH!sb83~sMTA+Q#GF=pINY%CJT1FF2i4c4nAXU%yb74%uF%PE{-_*z!<%U zD*qkULJzIa{_x1b{_w4XVQxH|%!4EuD2`|rMI+%aHP?#29vB^Rlswd(M{Oi5AQ%#L z%=tONeyTn>+qeP_Gk%4^QLouh&M}#J0L?>@JQU5l0##nu#=$IMP*2IcmMD5Tk@{j9 zgQ+w)JZkBLSRUe=%tdp->%@p+*U0>e74pr`c!f0H?8!UaRQu7XPMIob!tQ%x_KDVS zDOzRKotLj(&G3lk(-BXQd!kJ&Uz{@DIH5fJ=giY%cwPjR#D)bs8ykmX8h(+u-otfF zI%28mq!R99TJKk6Tv!gnJjJ33HZ?L429X&UoAI+ass$03?AkHnuALcJ;)B}){iLs>)ySeon#PxsJ5vkKoeqP| zFhrH9;qkM~REDg*oT22}eY(7U&1e(RdxWyF(3Nuhto88fQg*Jq3m>t48SD~1jyZd1 zj5yXaT`~f+shBaxM{Mni3Hxii6ZXZkY)vGtuX#Nj(r{@!NaX%{4%FCW3qaMYK?5bf zwgP|F)&5aNeN>8Q40>riU(2;r(566g2Oc92QJBu|wd9`;z)85;EW$19F}{7UA8!hV zQ)pe$MaS@u9CqsJR4tY_=k> zMda$-WBjw@N9RUKG_mCaU`|FjA=_<%913v8vi` z+{jf?lKo(|tmXsb1gho%N)#_VO>*P7&G<`S+Q(JF)DQJ2JYyy19}_upe;w1h1(6ua z9pjiPx_Grg7;f)p`Zd))M0Ak6fJd%g_b$V_NO8Ad3qiO08T+sx2CCvewQP40q&1p{ z(~ZTC(Q~}B4DQSSBv9aM{4N9A8|)@nzJ%81_&PQP4p$=s*dLDBYx={h_y5TL@W<*U zp|DMw2hP8r+SCfa4?u_Q$$fxn9`lpEtT0}0gI6fSc)SmJEk4o0D57W7d<4s8WVPVz zvk{JRHiCc&v3qEwW%SO2r7mam&iIjS^R$~4__xlU~G5W7|Y);+(pG5!fuNFZ?5`U%UZN^;iecU5# zOaXZGB|H^VEMa_$-)_|P=48QCRtqoZ{)Sg_SHmmmAW!OUMOX|Nk>1p`co#<4yU+*w zi!ShQ_|b{K$kFRW`cc4`60(6{OdZ~CgNJ;VB zPtk2Q6-0<95hlI=M3QH;;*zkl^ux$%jz!a7Bpx-}+-Y`sIyD^@q6$m$%T$SwGRC*> zbacc9VZAOvqq#+Sfx8qEpq84|pn^urTw05!1(n+eG;rne7o z*PVAPNQ64lh{UjIQNVb2-({Mfrn#aWpH)|Sh6Ea7Cx9O!h)|PS-sKrFAOPl^`-)UOv|cz_qFqiu%w`X4(O1-wl$AEau8 zn31YBp~1EphoFcvHc7;*^onkqXqhO54X_2Tg(Xn$H!eo~fnx-i9*1WQF?#&E5o&mzj_0#K5YKQjPtAo^m9_P2!eJ`HEcL9Xiufpw+3Sto;6*35;w?2T_ot8CC;;zxDwB?qZ0s5wgJp^R7t5I zqffKH$WbEAR$@Y`DnH$70Ter`986VSlw9RMY$c9&lo&!K@{>#4Vk2uEXdFGck3q{iN|6&U0wK)a~e z#R;8x`aKK0j{}?{d1J#9z;CyK|9h()JX5lncd4Dn^(o!e@M2kd3Iu&)H}F}n_dA)2 zv8~or{O8vARMcn^^xG(Vh9IXB;b{&ItCq5`T(U($t6^>XLX^ zICTR~h#<-cZtVo8^KCd)C*m~f=i+oC3PkTnOF|=^2#prLd#@8TTHdqJ$WKIL`FlST zjrXZGy`P3Z#Vh;Bp&RtDW9YIzf6peoOcs6d0V(n=d9A!e!lU48yYSGnMt%iOpNNN( zS}9389{z$i#Vh;C`XIQY<){oF9^?<{whxoVhdZc_bMdf%A$r*$h6{)r2?FtHjor*u zW8jAti(d3qeAVCxY^x?@}a5Y6F= zxI>NmXNUG2CT>tEQN}eED=#%uY&u+fzRUX7X|BeO&k%5c_Ao?Ps&D>usCn=%V;A!* z)&m*vIhnSVHrVTJuy20?UK%0*+$KQK25>2!qq|&AfLm<<I25DEyfEogrk^u0a4PZP-61&9y^-s31Iu$=8q4+Wzz+wXU zDFNUa8^9x<#!1dWVjm^IK5v74(1K-wvOEFyNgHf4G_dF!X-8r#>WEkxOw+%o~u6*k!Cu!E0^Xao!3D;vNTt1_BK(N!!& z$eYZHO9P!4Jr&GIzoEF$ODUK(d@2PKp2u$y&jrFaOk&BDPdPmI^^AIMs2}|?=Np|0 zF{=My>Mj7fY1VsLB>=VwsdI%|*&&YT11?@D3;T`>*bB$<8 zooPQ%!15C@-x0Xi8~3T9Jw1eKt3hIjSb*O{Qcb!n{SKe2rMRP&G#XG)XfiCfhTY2| z@a!#du}W_T-fK|;(kw&U5~oB~{+75jb>3J>s!M{ykccsOU>JX z;mV4)LwjApNv7nk+-ynii!B^!s>Vu%DkA`owgL8Zb|&^aJK&->Ex^+)K)Hw+=RX)n z+B}VH?mtSg|2UUaCq5z@YMe@pP4verj{bw{B=)NdbJ;JZ_uKj|eb#a-@tn0uJj3Ur z<(31J7x9sv5fzSEMhiVnu!rA`ulzFn0y9f!4&u62Ob3zm64T9mlf$c@o;8Kq)BE}H zN6c*MQptTn3!u)}S2)^z61z?TZ5pGC9&rSxq};!qv&o{}QPya?%>Ca3o$UWG-ekZy z7K$y6?)dnA@GYypf8jY+Y#*r?Y+oOH%duOG4KaZ}wE=CkfTZeS)ZK5PMEl!^CUmvG zJ>(;+vaKH^=?PqqR%!rIIyU*6(AoKC82O z)~iAReuY(Blj4UjvMInOzq9Er`Z!3G&>xo3*EgAa?C6If2Z+hb=xdfiqZ3KrfEJJZ zgw^D*=Ay%w(b*BRPzwIqW{vM9TjS%KVcI|LOXLp~<+Vt!;_AY*z&SqM$8)0y(W>20 z+vRLG;F|GL7!R=jTW_^N?OE)r$u(D9>+5JF=>p}s-&xx&@F<(q@ZMrMRidP>jpIZ8 z5nZD4=f9bZgth)><>51EbUgkDsZEuxz1ynPPG8JVH+)ga^Hc0ciatp)W(cyLXY0c~ zq@z711autWTpPd~FkI|Z5;)ruH!pt+JGTvw*u>o%+Z@w5`d~s6imi#qNRji}zh>IL z-nGrKOgfh_w+--03(%dkjCI&p>3EBk%(1SoPu|ibtY`O%X}W;+uA1({>PE2)G>D5H`)YYyoynYu z{MY)Sb3gn95R2vG;g9dhjq$_p+3a)7Qq%7e+g`g=;tywu57$vqINh?Yq=%k(xb!_6 zHbVaspc73{)dcl2Xb&4`^iBpn`Mt!=b&L3LEPv=}`|y(Z;IR{#KRkY?b22R2XffQX zcaj+H=tW5k*Twqex=*Z6g}%oBOUD}Z*?smkDtjW1C1XJLT~HMIr55cRCT zw2KuA0~Z-La+yb|{qu$)Y0D52cFx8juy?#~**i>oEg&;PYp~1TdtC9#L&PqB4R-l0 z81`d6NFjFUct^<^iy}X4i0?>9qC{K7HR;g}&T%h~o?T1Iv#8+14ORtf@f^K}OHDzC z$y7{D=~eJ=H1)7CpR@WWmA8%HFarn zQyB?{s7pmt71W=ou(ftGJAAXP!xs>MFoswp-PvFPTt@(-Tuy+Tbr!%3i{@mQiC)Zp zO44RUmuRk3Z%Eap-`l!$S{GfCf~dRbQpN^zRz-{1g`YKUgU#B;!&?rOA(5E1pV2IdRx+tZ+DPS29>G2dBls4m zNn66^_@*4~Ra))Y=E=EDHhX1roFwc-xhbKSr!`x!F$64YLitHi;J{`nyPIzJwr9kwtv0PHcOwhYRaOTRwT%T**4gE6Q}ssY+E~ZR!z)l z*CsI1U>m2+v0z!1=Nz998O=^pae4Hm+bwxK(MHNKc#d+?T={XD?c=y+r}^x2F~a9H zI~URN=mk`}o^@8UbJ;DA7KsnTo9za9`tUpYU?afqY|Zwunq>pX_4eK$X9GOM0wm_M zbWs8vY6HwnBKS$RuSZzbNRk<&@3d@ew)HbETA)^MOf^@UH(GP$(Tz!SrCWknIb6)m z>o?j}KkfDee`nJEYKe`5?`}%kf8SE;++WdtW3#ozlgh&V4MJHM-UwyE*p&3WY>oK- z6aGfaZRM@Fi121Lg6N+MJQRsFOw(`T_#db;Ii2M*Y1k&>f6nJfk0Wf!E9m%{nagAe zpi<{D5&dy#deMJ;q4vJ3Xyx+3rlyAW_Ezo+i4FOVEp|;Nf-yr|SKE?NoR0d{2qlAQ z&zLub^cOPk!CUb0XI6$&-L;Mv}T+f_xo8OmKtFmx;FG^(on zrDbk!l5y_nsl0RA+byV6&v$1Azou%V)qbi3U+0O39NAFt!Pxq)&P!oGANICK(sY$v zG{>zXv8RmNqP(;r)VL?K=SbzQeS)J#aZmc*t-7|rS0fU6Q2#|%CGkQv<8V%XAK_tZ zP8 z^Kr&|9Q_0TybU&+OF;V%1J`nzAdZLZD!)(#km3A7@q#}uzfgfJKf!aL{6amN00fNcL013@I@$F16Al( z6G%v>;q0jfUPB3%&57x>4|v{Oo@}ICn?+rbX9ikeY1*h7$Kb^Q&!anA%5g|_rRH{2 zL5CbOz-w=VVjs^= zpzr=p=zA|g-=jv(c8g=83GBJkI$*$Ei(U$N+mQtkrN*g^7JT!N^X!<%I){p7eZShV zo`TEvc864Nq{e1o8oQL5GFHCYyD7D-&!>=8-)ZEA;G zsa;Px<$~9#ea;zm!jS@Zz#FBo(QvX=y{?*4rG@=z#zIj+nyet0VeEzHOhVO}P!qN# zLcME2)tgX7Np(HVP(gR-RWeO=r{KT`j9k1E;hc+F@hp2bfO@7+Dl(p0OSQ~Em*!5l zPDe*>QOT zBCcjDrTQ6!5vR*BPPQrut`|JJ;31i@4}sa?r9&N^RXb*7*V}%l&Ua>>4aB&-BzPL} z(p!m`chOHC8J;M)2n4fbBq*d-oRJ~KN$V)pDbdcDW^)H(23 zeE6@yXWB2pN6gcm#=`=idIvt~zY3pq**^~-uRF9-NQC2fQbp=bsc@+HU1yUFd)_3j zrY=k_G8VoDQWvXD=I<{i15bdC(rl{+TRzwW(0{^VKc64wLDcOuu6>)B;p|x!C+t1c zUe`g6|DnI2eaO+BM&Eb1{c@}Qn}0$36MkmiVEwsMt8K*ooG;LKL>ZNa#ngU9M zjD<0`hVZfWJNb3e{0H8vx;AutKB8eQN2Tal`<@=kVT#v0gTHiMAiuowlC1xE`FVBK zNkh6Fy4AbmnZ)w~(!ZcZMre`w(z)=&eBoR`Q0}SAZgx7qXLs%YR-OKDU)TO`X@8K$ zha;b{j1S$Oi5nmKGvynN{eeUW32loI4@_38$iPNC4rz#Qh}I_N<5=)b9-l&jN5Y5b z)+zlp{emo2zfn>3`7m@}00-5LhiLlz0h)g4Kuy1@2b}Ss$CTcxepO#Jd@bebg|`hx z75#4_4h1f~spNvs8u=`}V9(yg|8R>41_-?x4+ePXRYx$u1qc*Ngs)u>Q_O5aPtU4d32>zZgPQL1g&H!b%uut8 zF3t72E2l2wm#@t{pp!bwvk(bp8qDEd(iWp;yDe^vCGM}ylSY7 zIM=iG;yE^%TubyY0S~+A;S4G9uIBwFa{6bt`eEavc9GV^0*kQq<8XP zs}g;U6DfQS^j?+dwmeyUXk3*T$a}c>uzXdbKQrxWr+2dLX>0NgeksX2x!}eW5x!=; zUZ~+e*va&b2kSLJkfk+nq+Yep)j*MYmg7C+wpCUf;?=7h(a6zfZ5C;Qy?dDj+xl!A zmMzk?%)|ojLR+0@(wOu~sOTyifZuAAeNkf*V2^yxg6;L3GirfniiGpp>dd$5Bx7`x z^NFN@8)3n*e}*&B*xD|(!46+#cQDY`iMFq!Ryl(k=Gy_!wE>>Cs`IG7jKXIuz%y1k zL&WUi5*gEoK(MxVfWD#}cfVSa#0}s4Xs;;WvcF~`{d~egV#Pd>lZ*)tx z|8|y7`@_}$wS3yuYkvGy`Lv5<`2*+EK6Fi|_O6uqtvLxYnX;6czo4$TCe&_RdjsjK zWVnRghSH#;<#WV~iagE@z57#nm^;`SJG`FqIIDWPLfNkA9+7oqr*=`+XuOZ~;F>=q zwQRtGy&bVFWJLv$3rrJRp3THIrIA#o32rWPoN1Xg?!E>Ev0E(`ANs{V+{o7f`r8-0 z%$w5`cBFhB@#3D>b(csA2L`sPB-S1*-M!GX5KdhJL+`P_*81ze_x{k zo>pnTuaNJj^ZN(b<|Pd~d~1sMdb;?!()M+^^>r|RUkqrR%Xh<+Gfz|{*-7Mjr0 zPem1N2|9Y~t6Vc*ZX;_ZEk=G_!(SJ%>VgUe15)I7d^;e;0@?21|9MrK@p#^K;tv5! zmWW#g$O`K7bYz9z=48=rgf-0yX^)$`*O~)|@N{CsA^8XH#S+EBu=D!{*y?JV&9`xN z&H?A)a~tDjZ3!vo;_|ZkWl}7=DK&H#BoAmIoq#TdC}R&=9*eSGUCFQN)lz=3LG;ih z`DM&p%?wd$GK4A%o-N*&oA2c@9pfZ^54$|ZV;}%>?4x;z_=t(IK5!&HvJ+-te59nL z{N|rdNy(d`Jsp9=Kpvkv=vhT!90J2=17MT$q1u7-EZ{!~V8Q>95!JV;-GW&pyP59O z2yNpva06n}B;uxvA)fyLH6+SLGwxWCwStOc?>V-JGEC$g(~_>B{nC-kUbgd(&oJY0xTf!5j)y7~f+AzJrqR zEh1UJf0e+PemMMP@;)LKhizi7ZAa~aAkQ11RteNj5*chNfZndavEoN1Ef5`tna<(9 zTI6hWcBipWw#fGy+2psQJzFxIwsFydz>fQjRi~uv4l5M-x_`b`@Sj`G%-1eO=sEI zbkWPqrj^pbJgFkV-E%#Ee}K1^!dS<`+O~XY46#UDICdusUs#g)mJPc5Z5va+(A#R> zuYr!-=r(r!&bnU%$UVR+wQPW^vKol3WE684MeZ990~SF{i_$z}Rt@vUR|rqkjBUYzwj4?I?C;ti_(luwQXBu34z=PGLWf49rZGj^l@Os}*jPr-a?@h5Mr|fim84t7LCdCr?cnC0dCg8H& zSD2!{qE0z}`vnK)_!j|VZ!JOpNY!4abzPNM*TL|YoN2>`^aqLU5hUC9)%TQK|*XH`D zFBf*ZT9q6Z`pTtj5~G_g_L9-_isydnhI7Hj3x9srMtK{gs<*^sEF?xZ&CO0twxs-8O~W<09jK%HsQq zglXO$pXPU%FnS%|7e8kQFOmSbv%!|FU<4(hVX z>T>>OQkU6IQfj(1+eD~|xwIX(oOiuq$82>|AWv_N%Q4H*K;V>6SfabH(PB7#;3Y9RefUo>UsR0n_|`HurDUx*auSqB|5}zX)HD( zSiC0{7|-YRPYbnXV6zeI!{P-S+zv#0@^y3AJE3XCv|LQ~81K>rIke0iBbJ##wvD+k zebNor(IfvM*rg!R-)-IiD3uYee?Z*kMaqcBs6ZQuJ1!}oBgIf7=1*7in_x=R)2mf| zWTWJloyM{#;kFKOLz_kFXj{esv%Cw%-BkQ&vpDU%D4*RzJ@2d5F38ay~ZAxbk$H*OIn~v@pxMlkH0mZjW|*(LOIi{GRqO7 zQwT$86X8O-CqgR7b(dtS38=0bRd~Fcj6vvRq-~% z=#o+V8t1lE#_v&A-X;F)=__nf?pnk9g&FPs@O~e5Jbu@HWktqT&scGl9VarN#B*Of zMTzGqdmY2CEvhR}^1NwEW)Y+>rvTQ%tCw1dwM7C1Pf0GNVXojO&il+yocS3~>ACnv z%cXqMQ*$Yy^u@VJ8K8?-A0iU7FEsPeIhQ;&wKSphjs|y_8K}nkFI+5emjwUs{ zny^54VkRZR)XTDsWB$zJx;!l~2Lpw{@>BL_jIFmtT!7J0=22E~>S|T5rJGe14-=Ti zGH@pMHlLHdSNb}dwXnBR9m72iE}*-4ni`1Qno64JpImLZRopI!$t*Jsw557K?>ysP}HeUDXFRG7d7|dtV z1y8n9>!y_TF|l9yND@1+i3vRspjF*7&DO{(tPePR75$*8gL;|1I(UcZEUf`=vz`ozM*Fkj{kn zrQwp767zkYv1vQKXLu|L{b?;A<#R^#MSNgAGEH-;`AMfB#AN`-CNJqS;O?(|k2rzDiH@%1uK_GtOZ^lAkcP)pFQ%azFTsweltb z8BO0?49lx9)XQP%oW8b5&^BYCEMaEh?d(1e$MK`kYk-m2KM3p0vxK!Vq#0HgTA(=6mF#^>;zHmA~^Hjr5p zVGtQlMn8$a=WzHc1aHhucTN+*FWS4?K>bnXuV&=Cf6I@1Ama; z=D4l)lROUn_Ws_6k55DmM`}ynRQk@TW9=|Sn zptIxGzuEcgkMFn6U;k;1HG4Wef6c0BqISkdiYOL`rmh*T!?BKZ-)9@g>&W%5Ex!Kk zim!iMkYfY~J4A@gji5qqpL)NP+gjO?x>?eTsDyo#9zq{|pj_CdLE|DnzUb?SiHU>TA_UNViy4)T;BtDml&q=t>7oRKP z2WcgxFY-X0iCzo;UPS0dix^exyGcsD#2;>QtNJBwUwD5k)6(zOdOEvr%!7t7pJ2VR zWJ-8%^jp+LD>YqoG%6MT+wScW|CjL@h#|D=ae?@UfoWJbaya<6fEJ6heUWLbP%2n0 zT4k|2P)sf&@7orUYw$X@PNIS6;vac{3Zli_V{=2I)VxR^8e7vHD@^nlKqbqg)c$nX zmY^yRB#+yjvHoc_4dlDpY23XZK@`GmOPh4q?}AR-L56XcW`#{V9fu-^%S-QebgU{( zmBU4^2PqG@f43VPj?fMmkI)GgBi=o*e>wq6&L3kE##n3%esIv+xztQIqf(jj z8aaOFd(@_4N~K2ktqGmKs$GK{IB=>@p9k2rQz4wTE1|H>e{clzEH2)$7ptk z&pNyoOa1X8?*^Trk?RTf=X6z{w!Cg&Y7qO4+TK-O6IM?swRs%rz^IG*32=C`R=HPdU&wcdYK13ekooE>eO*=IW zUwEq)x!R*eZqC-i`?dV<)W+{JKn*Q_hd9i{=Pg(M=_&D_3iog*Q}ES)m?8DSMQ{$k z{QVelH!B&hHZGKY;UDOrW;0zF>v;JJ(N9$Zs$dx z+TmYqRWe};e_fW%_80yX+#EYk*2pcQy4X0M?#UDn zT&?gf2iy7nSGt{ZQH1=g2cuu|IUwWAH3v%BlXM=tX>*k>W zjLJ@9#=p(Td^8){;hIy@g@A3Tqsdcch=t@uQ^Nk;CSm^pkk}(uCsXt?;(mb%qssgs}c35UPi<)vVraw5_! zOABHO(E(1S=2ad!R*Ocw9Xs4Ho@LwAF=cH^%@U?w`nkMH=;@7MZszzf03uo=9pwQk z>jQqVlSDuh(bPH(+8jHA=n+8>lKng=Spr??C#4Fqp9dXs6rBg9{b8$QcBSS9#@oJU zKI1MZ>>~c;^>W(SJ#gdfdhBe01(~@oQu|lop|h z#0EkgI0ZB#NoUe*fJv_}c>WFsYTJc=mL9j5EpfKqAFapkbaXgj|8B;oK@LOu9*bDu zM0>(cWBRweLCWbWzU@X1?>mJ;{V1)LZGX~)oj&hR4wL(ncrLAqTHc>HDvXQ13gX@h z>k`f_*gb1uXcR5#%YQQ$^xdD)rK62I(zP)7)8DG)V?)ZDl9f<$=)c?5!bT-@Kd&5! zeOr<7=GXDX9uoB98oAov%!~0ZRiCkP#Cn=1aeDxtF={d#0L0V9i0ol>W2D8G=L0X|=Jx8pU3vv%N3^Q98?oPgKy+R6IV_}Fc*%b?J zq|7h|*YJwl#d=TyZid#?L80joWZ1Zp$R{fu-&!oJbP!P{m3yO$Y*lH6-K8Zkz{(!U z4aP#wb0dlN9cTPuwk`fp$rrI@P2NgrtOJSNTHzX{<}T9s!cD5~^=SI^O6iYJ(j(f!UCllJl~6yhN^_TM3gcZ>+~)4~NxCY^@!PDkzX ziXLydkXTji;tq0E4>l<0@6z<^mc_Cs>gl(u;l68uQOR02&EarWIc*FIe^hFo1GHZc zGr-1G=pr+E7`V zKWrH3GkAS3em1a~Y8tWXZtfd_bkhiaaV_h8R9B~Og!g4b!3ojZa2U;+AA!F;-k=xfYf zK#ZC)-fOgs$5QeGxjBrxB!-=Jb!Yh#{I#i##_39}@GX?Jnm5eDHvCK5Hgc(w7qC&kwh|QeN#O6D<#l_|r zZ@W!w3TnJ?nLFFO-)rPw!k_zWRkjUT&)T|3F^OkITy|=l^1P z`R@5YTV7^1{J$wL$KU#EfQ-^5V zyv}>M zXjt*;UoS<7Qu7p(@lcsBHZDdM-pu)8+4%;0kjL9j@%a&N->~=jh_@FpIpGlj9>)L= z224Kd@TxrPurn^j>DCr4yc@=S7`&>M1NYEp+6gsBUg{#JfD=e?C0^@bJXJ zn1&uOdNycF=Wz+V0CNN)UiCn{H_+5u&Qb#6p_iry+cdpuxu##?iJc+ib7pvmCDBMb zhmO#GG2FL1$&c=6F3>$Y;?Ike9Us=ZA0D3CeK4PesLH|WMRR!dCDzyl&XZ(rp;_8q z3^89E@pljVj}LqEu*u5~K0@fU%A(JqD6Bbc&a)0$7+Z?H#uclEq(x`(_A}T3_HD-4 zV;i>&rq1}-3;erSLh368FPE*99&8A0i_UZK6$t0}!e`Sag4VyD8i=sqbz)ivXB)HU ziRG>9_;;dXONy!8YV<%`%=3w+xvt~&b^mhXh~+5*{SROdjN{Xq0-qM+rg^q_fS+;x zg3dHn!6n!c#H1`^U*#c=YZ#2d^SGzUhX+{n^hTp=dAu4@$ez}lXuJ-}pDxZDRGmeE zyAgkZ@t>zVF?=S-BauYW)CYoO!Wu16B{bVV;fJ)@W`ILWejUQ-846QddPzjhHwnefH9}aBaR&TVUP`r z)YgbLYY2>FlM@i9DG9^UjJ)7Ks7ZN9T?X#c>OhHR?-~!Xs(o5c_}8>Yje9?doBBZnLtA% zsE=IYrciDe^z&9z21ZRkby&sFv@^P=Wu^trNU*Q#(Cl|~g!Xn<#=qygY~TZ$>-&z+ zn zv;Pp=K2is;TWj)C7+>0mj#wU^DQH^Ef6DUXm*(#gZyWA~Lr7Y}1Y6Zsye|Drm(UU5 zjewmF;-zwC4}8C3n_5_91P56~X`z2JVwLsQ<(?^v;uV?r3^l)9D{P%RfC>TJA8s|4 zpaelf9ccCGeb0iMjb8syg^FDNC)-_4?N*~*=r;`_M^St5C}-1CY!wkmaoymv;>};N z98If*+vXl7oA!mb8Amg+1YOl8n*N+#SE6av^(i+km5u(UeErPmT|r`{ti|yf_Tw91 zn0Aqq2Fj2x+-|%*kJ1d384kET#zw%=;q4km5Y%RENz{AON?9 zzgdc!8*fP7Lf3a*ex+G{x#|D@dF4&-xH$yI&g)Zb;S=*YQ%qC1S&JZEZjM`voSO%i zqZ-=po^zvLpV-qE`V65A>$Uvt^ty28yo*@Z^{uRy|M_dX2QTm!ZZGE5$fuO7*YrtX zsr7TSgn!pxo8Bilin1%=<(!?9>1ST-$hdwrzWUbg9hel&mHlAjRzp$O+;1=+GK5YY znFINLq3RE}_(FT#bE^FMBnzjVc&!y~nRlf*m^GXO+Kyb0;N||pofdL_{TxOvJKjF< z>mNMJj$i*^ffK(TN%*agWk}YLSIUO}nM(&3;H-z&_xI&sS~axKJ?A>V?zixb((A(Q z^UhDAp*Jl!)n6F36LBKrnOX0zE$NpQJk3O~Z8HBpj(ktm62FX2=|^~xR6zg%d^mTD zD{Q|oCF9Mx6&+1pTqhD&|gj|gn>;|8M!MHuyxg!Y3Ja5VTH7?F?uw3O%s!i_|JSjGq z(SJX~Fjhenr1Kbp%o zOGcJ(&iBYFI%|OyLnTCS*7WmCL{$=lShV)cyWB#w!a`JoFuc@P_<@C}CK0vdjYa~{ z!WX0+;J|lWDtTzfw?YHHP#1ydeY_ot+%1ywYq>clb%TEWLLmJGklwE4Z;{lUX(3&1 zr*604#s0!~ieHgPZ}jUk0l$6j02*)5x3`J!cBb#3MEZ8?5?`3wUdZK>T#>uUgrY_6 zpi^svMYaYl5lFA~h1%W99TcgK0E?b#=wIzvZhZOBP_E5|{UGKmH0E7eEOv3>i*slB zUa?4icyN|lxan0w9`+3c5U~2buH9GIM*K0UcCagWCL&tgcrjPp%!DZtD+9jCAw| z<1zRE{h3b70wssjB1>k85vh|Sg6;HoYUn4-PoI7Zy6}JKLc2d7VRhfp7|f7igaHH= zy=o%ut34$+Lo59BHHkB<{8d1=UGUGu+L7H&eB0;j^wo|W|Y=?U3Xruz8os zyAnP;d)Q;^DJcIg!cXM{)=V`$c zV}s-UslN40>P{1Nr=7d=Z9;cclJ9heQj0vdRFI#4;S>6?gUKK8>$jl`|A#Js{A~jJ zd6&eoF0!!p0qaZrg}aMilUO&w$N_}o^as97f4rKr6F<*Pq<JJM{`-W zN0w}pKRF|JWJ#O+$;W~tOWNg6J~13wA}&~XG?z~YN0x~Aut#%+>{?PFe@+)aN6Vjl zd^obCRQ@a%Kc~x|v&7E|`Lj~|tdu|bHTo-m*2(_LpJL7~;giL5PmAoY{8=yiD}OGN z{gpqL%KplqTqtrM3j?~^g_Xb^K1>-kB6xI8p{m~?x$kQ=A3NF|TH)98hFE;2)t(hN zR&ZcUtB3qQi}>aJ%5ShwR6}1g|98YrRttYJIq^N8ejS$muW3EeYR4WH#5%VI{P#7j zCu2_%bp_U|k;S|Vpg>eS(i*LX5w?V9UjM?B{cEvcxNs>V;ly1uc*Z7YvD`?MLepI= zq+PfaRzjgf;Te3pSTJR{6j68Py)~t9J}qV?AI}J-T+A~R&v0`s7J5y%bQZrC@Z}6I zp0RB-@6Rc%MkJA~mZ&QVi5Un2i=Se0P9>$TUR>ByC+4NN z1_*D((%(`bFKqgkbemx{TjL4^p{iK(d%nsKrmynQgbu`Pg@Iws} zLhQlnn&nS1>FZkLPazWOw#o7;o&`597mEWTAMmP8LNksS6#0{T5UvyIH{YF9$NT8; za-lIU$(CiUo8%6VFAG_KB7+@5zwkxwfIRV^|kOy zKBOOBIg5WSE0-`rO4U`!pF)P!RfJ-fk|+-U@1f|xZ>3@4_q1Wh@6j|n zeh;Qe{Ag#d0ws+u1qWK1KudM4(K{p_#9=!C*U!02`Ip0Ypj>VY_VxA zT+1=XW5#)u+QsHDi<@)KB}Cn1q{sigy?W_u#npQU6)X3xDQ@^Y!>eC_-}~tI+Tw;U zGQ93JUiU`t=nsOWnyz+0{j%ugFKi5`6O9t zy-BZJKmS{~6|_qD%-yD+cbn6pt!_8%g_CLr_6{zEWdiyt_M7-QD0nYLtXjn#@tY2N zX6T#gvz2_P$M`ouOAZ^3PF5pVW3~QHsrf4-@;<44FfC?(uXxTFxHmTq0piwqB;~~2 z%3ToxEc`AokE2;B`Pe8elEbN^u%l*!xF76t^xylUKwcXi>{zGNQ7PE|&v{MS{>i+2 z@da%A56t(4-$1w*yAa!r|Cv36Tbg%#+)qd@`?CnR@Vj7G#oh)kfg&OjoEF8anS}IG z3s+*(QwiKN;R7vqle?-w$)ha+9dEKrBf~R2Zp5bA|1_P9*a`8keDyrBrcFl7lBQ=JF_RwC*RW%v2!RkqloT9f?5%}qJluHWAw1U=6{W4kKi$^; ztopnE2KArgR*&zkHVFX(stJZuiB&quuLIA`W=;=;sD+u>V6W{N@XsG)d@_wFHam2C zdKzE!^~#|_100Ndj|+ z>muQd5|0WUnbN}hFeKdqrz>@2CIRtxy<#K2dzvKvUwJtuXWERoGfj((g8F_^fc)fW%^ANZuN|H8X^Z7E z96c5A6G01cbeIK2qAWA+TqCjZ)Kqkayl*@CKw7&IzBtK|Mx%1aRLMA{c1PO6^K6c^ z4~!$H=GsM4fBxA?Jc`Y~C2!Q?;HgO2HsjE#$*wK?{lQ7)Q~AfXoR`8smJrXb@z_=5~GDsE{v98j4MR=Tc|20 zEpReIQDlG@eJIR5Mtm@X>?oMi+s2V0`QFy((QNFk%7f3gK(O;@prSIh^o;G(=~6)v z1k+sx!LYdW&Pt27-sXj)^jTN0v|_A65x*)glqxH==bUOhmmR62&0wwqTaK8&;+wbT z+rYVK@lv!Hy#N6>;58ssRlxJ$0-C6GpJwoEID4gSHe7(RwEEEvDTR0$AAQfcH2Me% z9?jh%(JjtV>lr<4y~^maS0AQz-K*G?&U>|ais)5ew7Bqm^eO}j0vATffzK_J8#N)+ zC^bG44}i}_UEp(;z(=VGkzms^_Dlm#JBX)N$F&5Wu(L10gbiPZP`@gJj+!I3cq3pD zMZJL%h=!xa)VKMZHz5r(dljF<3eY|FmQZZL&(a+3#PseI;3$?)FWoGK))AT+_7(w) zhbMF2v4oaE+1_sCPjsi%U@Tt%u{Z~J#EZBs7kG6!U(bzL%H^mYyLE3)Y%I8;a0Q~d zh&P!f3}2~~j*sEpx}t6;&TdLO@x(+ProZdFH}HX2OyM#}F1WkAu(%F!8AEF5EGd5OQ*-pnsa*e zR>kz-u&o14kNkDs>s>rI(50ore(G?}hcLp_;&b78^zHKaTtI(mDhxiHrvmk9N)u0c zVs548G)^z#PjfPPbP&DPGj7x3H_`U{dLrLE9l|S3_by*GiiSG_3v;Xl^H1a?=SVDL zmWG!n881(yB^|Ylw$<{4sO1btEw7y?m-mB}pHzY?2 zJMWX~Bp&t#KEa%f<(;UNhG5eh@gYblUoM%LvNs1yADS!sj{C*&%0OY6$ZH=D%Ph+_ zHk^|>R{59F_g2(KJpD`PYf&zVagE%RSazL{y}Ii9PR47iPmI@5uiM8fxz(ou*LA*! z1bxwP>Wi~d=!-1}&==iOEj;8T))(DEUvyjgVy{80FS?;G^1bS`0EWGE>dXxx(-s}h z`eG0!4sW&)WjU7E%2+pv#TB;IUJu_)-sH^|5?Un&Lp$GVVQ(pk=<3}hqMLXnkn4rx zs;GLE*9$X$9U^+I^&)_8-kJ_p7)#M)^lCCHN3H-?RoSdC&Sr)2Wh|jk5e|LYrZDEI zmclr}t}uRjHpvqT-WJDKylFo4LU!!meyd~dPC6D59eZ+D*ByK5?9My($l0P}v@lot z<(>B_(7DcrPLBk1;GuPMJb4_WEXL^dPB9wV1xCFXqb~(T(ef9XwSq>|yC-Xpc~e;4Agt2I0^D1%)oMy$nDA32+lU@A&3G+L~WMYKM$t%`an z*GB{mV3E@^F7z@X3b1a$hPU1Lx=5^#)nr7c&1}TGEyemsk^OE~ANT&vp+5GWAl1jK zP=S59WKv7@5z*6x*vz>4*e2A+Qd%>OOjCVSYAB)s7?iRKsX(3x{ZZN$gbo?A>5z|l z>AVvdxzu0#WnhHDt_<4$|1HkIpBYzrO$H8TN#_0BIM&POOXXNxw~WVwLu(&8*Bp;4 zFdkRXcpS;gX~y9b<#?1e+Q%dKYsO>4c;|Rrc$OHC(_9BR9#=o*7>}Dvjx|aI$SIZ2EjB`QJ*UKHr>ry)8Aq8*l3KtV)t}PB=7^F?YPB#C$rA zm6*!$b|q%-Ina7805929p|bI$9~n=Nld8~gTP+WZT26M<@&eT|02Hv-qKyB!`cb>N zlC_!k!STOJKWa7W+a~M#=QvuwXZ}L{Xr@?ildznPTA7dk@lWRCP6zCaaj6xggVm4R z#)n7#TK%Zht{;^ePZj?P{V0jP7o#@ff?r18OFE%%k77w*|0`Y7_v4}iC^QNB%yj4Z zZuZeP)sp94Xf|(A02bM8q1mkFxW33=*_W;R^W&qu zFZU!l_xKqs=iqk#z&m2S(Q{SLv~{)55o)aKiAGZu3T690-J9-Kz;fmjHnaSVXVR+IM62FRiAdb;JM_%lwCK@&U=2r=$~|Ul7{k3iiggY-JI9%r9%Eyf&P2H9R4`i4>@`XzyOoWn}0WDNl4Z36 zcCHrW=BvfEn3jg{+apHJY8hJKPal$wi#8U+6EwwlaACmcUiYI>q2aD!4yNgRBU32r*S{c?wy zen=^%d>n1Rni8jsF)4w{Kn>&jQ{marXS9JFHQ%zXn9(%GT4f0y!}ccsseOs4!3*s~ ztf|o#K?w|yQp3S6zZSKJPInGc-f3cx+>Sv~Y7jO6xP5Bmei0MJm(4}#cq{Zp$eOCr zta9qS@oC5A3uAfYpKKeSlg3yZpX*4Q5<_O~e@;i=w)gxEy7We&*`HvQt^LA>AR1l$v_lK-R77!PMORN1HtQtk9H4N^M1Yyv?{w zy0;LBM|vdhkKAXoJ`O)x)i(T(HT*-RcF&K9pCIn11HZqP{1ZkeFnh)+L%>o*eWi9c zaHaW9@H7o8%zNd+VvUP<5vzAUKjybk=CpZ-lHd~gri~BjRw?;8;;oq7lQzL^AEm&GV-E`7W7s^ zd*DMO= zyQa{&OaT?SqFjqyNBKD`G?#fKe(U%lX@1vkEW`vuOQYR~{IxOrH0radqH*Gc3S#Xx zVMiBz&@(zt0`H2;N#!bzm&3xlu?mZuHT8^|Q@D$47AJnUJfS8b$T><8e{wYk6_yoJ zPP=5Sx#d*CYDR_P306XQ-1i8U)$DlEfj`q%66?J=${?E(1+A-HK?Ag|_C;zF((qJ5 zN8BmfLMp?@JvusK{zN6^rE#4oDMBPcJMH(;DGv2RVz{VBTmymlZ|zUNE^#;Y;9Y;7 zP{$X%K0WzzQPOJUPLnJ8>qyADKbp2QvHQFi?|AcCG18Lqga^ELQgQpyu79Am$kO8*JZx@wkCszI-Rqm43t5Yoa$pYRu zB?10Qf@iH&&v@Pjf3$#KnFv3M;Qu7xLpJywCo_CqB79H4#{#te*?`vw;ENK0Kft0K zI~&0HHsJdO@QI1Q{~+K&a$PrWIQiJLSYNp=8JFUhum=3R{0BnY5UDwJ8}sZu`M1dD zpsaXITmxHGo)$d4^VULWt?n@z|I}@E_3h{2Q@xt%5&Pgub4JU|SH}Jkopt$V)X&?@ zAYJrRVcKFV?Y7v5yJ+Osj8}1|_5M8iFgFEL(&v+cUrnFR@n6ts<-ZL-AA|aZ08SGE z*wtBUzfF73p7j52d&U2y_LAA){SyzarC-O-H=g+4<%i7wa{bQ^|4r%-Re2C*8V_JA zCtHG1)uIklX zabR%WW3<+%u9=gO%f7eBzK;P`U6uK{^sQd~e0;r3N-?r&*nturi9AOweBqTwHx~4J z`*>1w=s=R5^*o+6x|X1LC0+LfJ=J(*>#=NqA1$hY4OyHY;wtnh*_vKFm~sTLb{}dS zMEc-~sKreEpo>rRn@*JB^Z)W^Ew>WSRr0w)94*)TU5*#@JRQ%Y<#VYxlmdNFz5qe` z{V-fSBes%Gk~N7$3B7m=QIb1Lc#KPOIpm%mawz^AU3?Pd(C`!ZBd!vqPTsVII=SF= z>Y6jYnPbi4^g?`4zg78W!#baEqB99pKi8#a-I>qzFT|hXmHlM>$88csRM#fg_w@;> z>tn?Atk?-cXFkD>@7A|$^_5$LLA01fNHB4xA{JZc!)H^8d|BIgq^A=3vPvX`JXArH z67gMVnSFeE)<8k2ET)u5snuuPOpicTD>3_GVRp(lJ%UXL_{aNshICviXY9G_K=wV{T-9CW>YuYU}sxR^^^tv z_O@A|6M1praaQ@|`Ehw+lIEJXo$?~7{2*KTzYmL-&yeMhKT!D(hFayXOfDbWa)9zn zY~{bpi$sqTjKQ&8U~ zUnJWXsYHBIN8nVYj*i5U{r_%TabYEOHE$I6EokxJ{S#n~ z)552TZ2h-+e38j{yvgxJ&M&ZUa$cZnBjtL(D7jjx?{78)#iACu**C z)GYp+Mvyo240q8j>b~&X{`@s`%+FuA!LN+p;@8h{`9ga#=4Qb289Uh<-dG&^qB|$V z^(o#TeEB;k>x13C-Tx1F-vZx6mHprJMGJ*V5u^xei&b02wN+FqC=DcK0tr^Jhzc&Q zQt`oxkYG^?t!brWHj28a`(X9APuJhB;)8-HlJIB?Dilzt;!1tt#JE~OX#pkw?>ToS zucoC4`}yzx??;+s=FYw6o_prp^SbBkuo?~&9-@4_KUj+nINPoHh!-)~l@?omQ{?%( zqGm^5YtV~(a|~ zWnMo^;hw-Gtyy5IS=sCQGU*N8QzXk?YyO@Ip3#Hl_Fb~!ip1r+s{Ag`O2%0Wi1}{_l)UZ%WKBYonXCa=w;?e0+3g4AN2iYH-5e1b9v2< zgMI&AdD{3FqV6l(!MUEwraggJq<_dJomKIFR^o3&$uI)?{2zn)MQvv~|15VEB{~PA zr)#q#Mg2Wpl_5%&z_agwV&+a7r{^9LdfMFN(q1~E`wVj{q z$zTRsr92^wNSSOggrK2TeH;wB7UqsjAWf9>uE5alIt9P7t$uxep$o(6hBB>~eTDMFbwiY_wPDyt-W&z{sxw0;U5UTX(9kUs zSM(2ITvp$L6a%nj4eZiLu;CIg=iXR{b&!naT&t9iX<-ugxG;&l&?FX~DJC&FW)e~! zHP0+Y90>@sPR%WlmnbVT_p4v%L=7oBYqScZR1lL!S|irG7C~n^6zf zW9H5ttjGU66tx~N4?WI$H0SET`W#Qcx%D-*@GLN>~cNM*P-Y4DGx)R zM?)J!Ltm~9or70w*f1I;4c~_FHyK|C_8p9`kQKCE=}C3_ka*{rMgI-eQT^{467K(x zIePzp$O-lTMONqj?~B*JD18=ta24W+rI<=naTO3cyGfb)(sH|eWidAG* zyRoR-rrSH_pb-Kx2`8lR?v?^+q`e;)b-_;v`*Ev0X<4gH~Z+Mxi&d|dVJJ)~5 zqzklSeQ~EzbB2(83Sv(Da;en{J#TKf>N)k&KL%qRI>wsRbHTvl57nU##!yw2O#)-h zkrF6Y|w{~&V>-z3sfxYWGy{=TulHOK(Tj*u==JfPstq38K-_|Pz z$K>PIiuO{T*7$R>050A*I-Qs17e1QaAi;>YpL(-}amd6*Nl~fF@1^1>O5DZTokbXo zM{_qz_0vBA+8$mMMRZSP#V5KDYY_WlPgr&7&Cx{HCyR+LhTbM0kKP7kY4k?jof3R) z?HXTy8+1H;O{t8+SNWjh;H&oRp0d(deC;{?C*kY!)8pey=s)g4@_#SH9MZ!6@6*K` z00(*=c%k5s&}|~xOk!Z7_%B30wB&)K^sD-mOQ`?s(6eK;{)b4$RLMBWC}qm{M^f92 zn4#zy^|OII6mCBr*?(01s1?ztZ}LK?ZxEyU9i1P7SZ z^foOlb^fCqmfGtycFLz|VX1Q-Ls+WiJc>#E;;UmElZs!ObAH^nxFSyFkP5Dy%4y-xPskRniLQ|NT&VgfG zv9i(97LNJvpfm>}HbkY^5DsRg%uQNRxXJMwyOoCR5a5u zhKjfF!E@@jc8~Ke5ys#rAl#NTx4n-tDOo9j@Nbc%RrWzdzvap#W1-joE0IITUyXe=FtovPzCo?*Pc?|?YbXq@_i3S& z2qG@yaDTCT#Kwbb*8PHRP6Hh4ufOFHc@etu7sT`jPIfK``1u6q1@T-3e?r%F)6b9T zyz`avo{m>ld43ns>?7mMq9^^GC%pD)y4T(qX&3q|vva4qe&@z(nX(mZ#d=$EmCfJ{ zwqjYIIQ?Ac*!c4F>AEr;uuvjgO&3hL_Vm!Yr`QLEbU|Sl-AJC1On@|zK^m~sW>_Em6r8U=ccEEM`T0sbj~hP>6tE6FJTStT%PnrE z7G!)73hdVd!wT$zO0Q<_IX#D-1V6umYPPuPj z7+*KU4$b)bdBo@`zX**U=!>7X@XzFE^euX=3;Tn>-^GKX@pl&Yp;>OZgR9U1ZuBBp zXX8r>x9AhmVu)zbK7ejyMBGSxEef$u4hSQ5!GKPPt$8B?u}cQTB6j7g+C)0L@*-@) zvim*|_aUiB%JKl@44B4A_({{`2~>@w;=rvkENTVz{FaOt~<(lpMareAbu~pY>*koy~n0#0szM zQ;W)_UwX@>8QufZ953i)PMc1#3!3fjLc4nb_HuedN0v+TgSMOinGUiKnx%V_vxrXc ztfPTxg=oiuZ;nP>-|eLcYmr?R&&mck88;xt*vmrp$UuE0J|jq@974w%L|)&)plZwc zhUlOjBFgY$+4n`VZPdbxjZUhqeKD2SRQ6M3_QQkENr0ncjqKZ(EPFEM%f7?O)=;@* zoAlCV_`cd~Ieq~-08hhIHUn;7xpZF}zaQR%W5sp4w!7H^DEgFJq_tj?t4#`|loQrP zsx?kqnsiTYb~QqI4T#BpbBD>${7O~1$<-mxjhvaS_l6>J>AC2-jkCjz6oY8|;~oZKDj3Hz8vEfh^heKz4#-iq$>7z&dLDNC&pp z(rl}81DGTLDuu>|H`Z88c@$d7XN0+t4povR>_a7Bq^bUVjt9pEvf^rCy^$Mv4qVLc zk2K$+qf*Uph;@7BW!aVcF*L2Wj$wO8q<_dg5%!45M)+0mwx(DOUaK-b+pb&#Gw%2T zyE2|#jk(>!Db-$&8LQdR@K}qEIZn5FrextkIC@iU%0W7+3I6$r)wQ@d!7&Yf-BRnQ zYo_9rLdXOLEET>Tt$!2uPY;}Fbu|`?bODFe*RNuw5yS8dXv;{|@uTAl!ll z?9Wj-1Vg<=IfPHNeXRUc{WYfn4p{_hDSxjZ4l)PWJpUvWkB)TJ9zGUyttGWN(P?Zb zNlOLzBq#bm;SOp=a%zuABJB~WlszKFwMV3cmf>aaP(EU;3pV0f&L3qgF2+|%kt`WS z%}^t@1LM>JDStU7UY7EgQSxRf-$UCcn$r8zQ2P@8!Y$?DtkQ3UY-sDkwl((U7yly- z;vJvAEo>pFxbU!??vrXC5a5a2)U}k8+U8y<4(F~F+w@wIcX~Mwo>wbCp=x{r)_hAg zzVZz6sZ`-Ik!QKASauywlxjW#3h^yTsuB5+MKNQL$7-A61T{==l9kG4kOVrkqo*=B zLM$y(rd^dXIYnhLX9w`C74{k`_k37=@~>(5E`WwA4sSoiUGb9+iHbDXYejmeK#Hp#Dt&{()dPG2w8R-$p?X3bW%j2>;1 zrI#T+ZI^0)V9oeOh%<*_fl1+eK`Z3gBf3RS3yN?h{Sfqj!Clk}bk$Ne@em$s$q*Pq za4qGk#4nnklqXg{PtZc1Mj6W~u^{t>#L~&7uwQX-g-^L(d8d<*uh zlbD~r{2BW4|1xfWQT~sg#?MzC4D<5=a$|{>3`Owt1ONAV`oeF{yK=?0-%pg+xh|}F zdfsWz{#N7Z_xv?JPj~-^d3sBTr~6JFPha<36i+Wb6wTACPmZUDa7a8oghq|0Z|R1o ziz*KbAeP;jWpm$$;OE0Z#~|kGP9y8&8c%6rfODuR0-$T85px#BYIeK%cf%@8bTFXkA^YysxQ$;`_IjtsT zb-6R_Er`cd?z}Y28l;*svIuGH;TqiWo7wQy)drD~8r~pQB=ZK5nHsr4j7o~*FZ-$c z!;9yg-2QOZ6DPMn#94?7OX3-v%74OsQ~mhK?l+y5_R+#qyI)*=a{Xy!m=`yNV%+^^ zYV>~79J}8%Yx|7_o+H=V){y>?sP8ok#a<)o)G$);iisjH9#PH5Gc~-|c*A?mitt|Z zT-?2e_oe)0g7J7Xjze6fp>~_L*Klo@H$veG>%w6Syw@Z=7k{rAD8LiNXlg~RyOkAU zuhHaiQEO&751z-Y5QCF}3cna!KrMdpJOoPvBj%bi$}--1dEaRc?K@)x<0r3aHujx7 zyx>%P9oGCx7|pcKJ)+lTTpu&jB4Y!ZiVbKM;1so#EO6s86=DxUSBKS6zok8h3Kkzx zw|&b=gH|MnTpjQbylWs2ub3)ag6ixX68FXCX{^0fz)p+re@DE4VgedV*C$6cg2EHm zb_DJtPb^HHSf)H}(U$Wzk-v=hhkTFN18NCsv34P@zd~^RQo;3!P}Dtb#PwG&*XOqE z#vVAVTdq%J97XIa66;FRXxm~umZXPScFY?*{K9zeVf{sXm1dgY_&u)DH}yGO4LsU& zeo?h{Ti5)S(5GIVb3**K6P*3xOTIntPs}hwpW$1>Pm=#IPM^=|G5_hQyt_$_wqGRv z7uhcso%!;>75>Ao%ImV$pY!M1i^hJZ@t>;S{eNV?*tsl9*1bJ&O6?aR9FnXXLgT5l zUu-yV^uNb`aVQW^v@JOE1nn1zaqSm}M|5uha6pg0zbHB{9wXe47ten2&%EyK7qgG% zhQ!m%Be^7=&c&s$c>4Q}b55cCqTkSylTQ~dIfeF%!mc_yQF*Om=&7<_9E+bk`zP-& zFLonIo)ka-{?jl&KP|?5@x}jrmL7^FUKfrrW|scXW${`1qW>^U{~*NDUpsXyJz;4S zOMm=}XqN6cIhG#6A+huj8a0;g?uMlkBZl>Y3rGvLo*riF$70y}*I$FJ`~OSW`q}&9 zvGp4VouI{HPhbe47&wUF>gQY>3^Ga(zo#t9=#snNoE?ubd@(HI^_&%Gx&nc%ysYj$x@YIFb zdRv&Sw}#nzb6mF0R)zd!LRn=#M9Mm|^`9pSw$7~KjlrYNvbGx^vdQa)EiC$lIb;3v z8e8A>SbVll^P{9Gf~`LzSfD7*zE18g1f*7hv0bwof>&PmGf z%b7UA*75jZHUAN2>mnK55p~U8X6yWu*!oPK({fHE;9e=tjI9+p+dQI7@N%)ej*DRK zyiOW(pA6<6!Xz>G5HdC9J}NnqxznRz=Kd>OG)t@QG)k*XrtHLRDqYd7(!n?&= z`;G{?I&)5#>7z318jecB!m)$dh*aWIF7KwK(CFa~2w zoyeEhQWIEIxIVU9>@P-cpqo$fwS86#B;&4ieMAt2zE!nGZB>Gd*ubV+qF^Nw8zAR!b&Ax1AXISsKnkyFktVZ*G|1{FTJsJFVS(D_Jlsir;TC>EcSA@re=th4%L`_O9 zb*^|O^L6S+5Glr?0W{i0-`rcC4qoJ9ySYWzzLZ$+g&9o(t_Q^iAC{h<6-s=qi0vr=7u9iJbAOt>y};*S4iT%Z)|T&4OiLZDmDd{ z%O*Xy*D=+{mrtly_0hg3D4z)Cr};DZT{>D3SE}e)f6JJ^XsNtt3AEt5ZSAgujJxAL@@$*5@SVt5MR_zCT%hilM%b2c4w+)EerKY4*`U{~`VO{hiVF z&ZPe$duQkj-@5SGK9-`EKK%cYz4NoGDCO9(>y+9%LpUV)DTKyTY46^bspLmsSf|+vr}pB zJge8q>BEoCJ%#$PY3?b~hwFNsDt)+L|5K|Ezm<7{{QQ|{eoiuATz;OiHO$ZZ@Y&W> z|B$3OtbAz{D}N@;%7uc#th_DE%3I^Ia-lP@GnzC3@rDy=G}KC(Li}9!uJcV*@mcvl z1bCX*DKz1gs|71(=IdVDBv>L39@2v6g!LMB$>xbk2%kEb9L)}XbCEPLI$rAo?oZrO zmXWRkPLBRqqXm;<$9d*5^509D9`fc(nYFy1Xj`H1X4@2I){rBGu)JI_>$Sw=8fyD# zXkl(8F9z$U@_Ds&5scGVTM@xHjT|?iGfrb|p3wMc2+6pN`j(8#ryiGa(zwJ75skz? zfAyXR(x}oQ^!$<;_$g{<`58bL(Dzh?7j=C^4LM;iscye<_FG{>Tf#RJ$5h&HJrTb7g%OHWSf~@ ztJ|C#mNH;H5+a5vczrH}jL_RnLPqEX*My8`0YTvoJ%K_CNf?>VOWh`;``Xi#vUbJt z9n|tc(y9e#vo)nySW}83!w2WQe>504pJ34*vwVjq^~XXx^lEiHEU9kGcW!&TV*d;V zE^Me@Vzql=gTeRIa%GXEC6A24s>!#{XijgJeP3o<(|`1RW;CVmwc-bz+P0-1rYgv0 zu7Iq{KDD6E@{QH^?`-I~v%jVqe?S-G2;VW7rBPaCIR=z&la(gXe7E?Pjf?Lq_U&l* zyuP)U{EN5tzkSSG`)aYZZ{MS9lRe)*TSEKiYSnP}$?l(S%j$^!UcM_{f6>QSIhQ8M?H%Y9CV7bP3^-)fGoIFk)7b^%U?Zmw)!Mj z_oAi?iW40DKz5MEHx^9yKY$y25Iy323j?7aD&>ySxsyp++w7S7a53#MKn9;A_7$r` z!jJHIX#HTW|BrVb4sPfoe-R(hr3#NKolBb_&bFfWN>y&(t7R&1wgk>7UrI%EWlyq1 zMWBKhu>sMu9R>%LA^*f3LN(`P zM0!1629jn7HKDRq9tAku&K71Y+0;%BHqu4Mx7zVQ*`3^vhu$X}_N%LBVd#${<)z5} z!T_BvenbGJuH7!6;ZgX!ZRp$)os1g{GaMA5l#)Fp<{D(hltykSYyQWMkyhU~DY9!r zT3}!ly}CAJcU8Z#6oXOyO0f0XJ&qAJH=Pull4UD8KxZ6#5m>TeJ>~ACDH?oMrG?Ij zsg93_C0Gp~+vsGOe*9@e7xGs$KQ)H(FBt%Lnq1T&)lOkCD`nn?G^JGDBwdTLVSIX; zZn$Cja?eMY^n*rwQM*+0XMWF;tiF9IRzm~04L%xeo|*e)Ph|_yv%4fuE-ERIYA&ZO z*CPW-lVG_tH^4@Qt|;@)VYTEh+4R!TNpdfC?-nXHD%D%sOzwd`79Uqf)e59J{ zN<#Q30X`;a_-Ft=j%oPtOv&R&LH8uGAkJK2bI)FFb345@g*K2Bt7qtF>;^41Wj6dP zGXcr;HoNjApJ}85IJlm`^=aL|1k{Uw$@1)po&lq+R6RStnJNeMfgn$)N;gt5pkr3I zJwedNHoNk@)%OK3>bLqnPvN3Mt?G+=h9$6ALj|eaGJ2iafe~#*`=y#+Gv_sr zqTPL+(XL!;1kMbWI#ZU}ZCPPs5+{e};;3C8mwn2yE+ zZ0~{xY>CL<3L=(+Z%Z}*q95)-Tz}Z=zDDO6L#h3T8a;!K78THm-24`zXsi1MBd>*5 zdWbUe$VGdln#UNZvge_y5Rp>7XM55WHqYpfG1N$_@{u+F2RXRGQuuEo+(K`s{g!e) z+>$rZEzaR<1Y7$*;1EQpMi`0m?Or0-aZ;x3MI-(uzsLtPgH2Y~rZn_zE!yZ@CA(oa z%3p7DS3+^R!5BD$szePWvJk9Ss}wc*9b&+cYh#5SI(hn1-*Xapl9*WS`Jn2+Yq(7M z*fQMlUrs1KUVYaKDOrUD^O8f%vj_Pj^!ls+n{BTAF0H%}0Z@(UI&4+`v7;huyO+Vh3Lxz}sf`#@W9C7p_O{-}7#z{Tute zrCB3espej0tdaYrXA7)oQ~5H@58EMSQKs}2(Y0q?8|Tnwe+!x~)qZSg6u&p~+$I1(BUC0Y{GrE))=0wb&oC=Y1e|+;%OxxLlA)Dl) zc5LyU81t&$kRYvoy{B@q@AXj$-7!mI!%|Qo~q^ z%caGYuz5MNsS3MLrzxS`E-V;yx4GF6FTp=xU|6p{H=pvlZ-Dq`Oh8f^rOMj|2 z6#zUBECh=@ACI?CIvLUz;-r*uqc?Yf&0WFSWGo$&OoqR;$vFoPTBLiEhlaDsNV_{~ zgU;JzS7n<>iRL(iQ_2)>uJuaGd`-s=3&Zur9LE^F4Z%w+EzMp<{G4W zFP9t7A4|=etR5I7FjH`&adjEVW9w|$u!D@vvbMMI2I6Z?1~|{b-?IY#9xtYGeR3QA z+LBxG*PPtU^VSSySAc4|)4!)``=iK3l+C$_Kyr>;O4N`R!9D4Rj-AOHiF<|-*I)e5 zZ;!z3P`(_(9T^^68>hzZx{>uiDCL)JTW&A`B}-uZrcXvR?L|#D@vC?(n*Lg-UoKyk_Smn)1?|bfEVl5IT7M89 z`i|53tHAfY?~-mtdBz&ex#afYiX)}G9(V@kZ%TfSOB4{15U7X`;rKzgFPSDL?J9p#htGpvF7PGw{T?E!e>D$|6cOe+Ak(A>L zY@YdPfj;F+q10qCf3><#XZ~t+Pty5o!g|49$FuZsc8mxDHCk7e{kwb-@c>Z;61o`w zVvKLp#xJ1pp+ZjTAX)1h4Ul~r5D%j3zz2~)BzFPCwef%mkB`A?4>|5+I0O)vF%nLX z+HbnUN1L~&_-OEUg%42=AQkJU)dT1=GinPeo1#~E3R@Ynbt^-oMGfaFZNtwNk*gGN zG+O8(YQ0*^RZ7Zl6ATeAyv@l$@jmyK-PfhTzWBVl&oPYil?uJEj5scB2-s)9p*<-V z@6^1Gut}av-(f(9Y@DE8UC!;FN4wQ%*E^zJ0)O9+W@+jm(QHL@(%dxlrFF!kL>|fT zb;NtobvD1#BuKvWr2H>~EzF~X@Et>};1A2$A`9p%4P+h-=YtMwC1q`T22533xy#pS z>p?P6ynNiz&vyd+&|4?)d`y8i>d>gZ7SThLywROqX&0ptV%sRiU8V{4Vt)>cOJ%cZ z1ukl*b{420*u%tnKX4OknUtn>?-pMA7RqX?75DAXsADx7CmStoiJ?f&{pz#77?z-H z@C(-$Z7$%pZWEP$aVCor71RzkbWi1Tdi3W+4yg(O^!q~^KnjF-Ps&;&6&q$?&WHde zsRzLHXJA;()mHO4Z8c}DJsO0>6jExjCY|!DN9(Db`^a4zenTTyBu4(DEYlJGR{9V! zUxQ5fu8foLsKL{)&s5(uk|cT;paBbnH!n>D}mNyEbA2%?y)IlBLipQsW~)JaTO*a+;EqT z#3PT>>ru2zsu=-(WL4g^EBoNzNrgG5!%`EhNRfjLfq7=7!_|5=u1_+UT%U|FRR#CX zzgG54N|NfQB$|Amq`E#GV@}@!^G}=f&?O>LwaC@l%h%f9_i3uh_2n2-`fgKtqp3QW zkdO(hW+PRqcQqv2J>>@LZOOm08Crs^xRB^;O*N-CnW*g2{)n64W5HI2Vz0})j!zgs zOmuaeAw4t(m_@&YTWY*eWddEdn!>DYI*2OHMM7L#zxo$LsILn+jh#dVs@&IedtZ5o?9# zhf7N)(8?+u^6Lqg!x3!+bkd)ElIv22b9w=1HT{-Wma=ucM02PcfbOOGlsC_gD3-PL z^`ly`EUA_ZWB!lujIT8#eZ5K9?N0@ejh13UD8?d+p)Opz@EamchPTdAY^nl5Rc)&> z*HxNKZ*j!g#gQ<)pu_Mt3P-4Wrx(L8G7^Rf5il&FS^k=48B?aKwt=X~34yT^x@Tox zgQXHnFdczdAAsM?P`}@lgMGA;b~=@ldV4HcR^Np>JN>4Y!hk7Wf$KgsBcl~l#MCj{+%Xwdbrw^^e8-yJV!9*KXB;feGjxX~Taj~? z&Q~PJM>1fN)&=!fq zu@P{OGjU-rbT$iy&^fmJ4lGFLWhrzDi4hyc% z0RVky3CnuEguECJ%>%XjryDxcUi!vZ+FJzZDnWY$$_#bE2BN)1F|>DBz3VQNt4<`L2@I@0HDBBa|1>4p%}{qNwJ(3BezdQP=l6XMbr z1qgOSUpBsd;tMP=oC#5*a1TvFHhiG3;{UD(b`1yNU(u%YO~-$Ph<0v^OGLxhM-vf| z@jV?Oq|VFlAwmNq{sSGyRQnWn?gSHtzv|XRjS1&a zY);*S#3brdUL734gg3oP68r{c!W8R6fP^Y1R=f&l!X!Rb05@D71fje#s3Qn6$}G*3 zGUY5OlS;7(`ORH6i}~wS%u4JtGf%Zs07w1SR1JnWPw-5EJOb@;N+94_mvYJ6Bw*X+&n{V^ji`DsoZeIO6F=S6L zS-p{@*C+#zppTTsb((HvS5!Mh?Z!8Omw&P8wJ$n^D`#L>)iT3P5@oeAFvv1I| z1GwQ*YM9PnYw?w8I&>dDRkbRi{C-#t1 zsg*Uk_y7fUu4OgTVLB+?%e)DnoP7qL%d*AzWt8yUUWz}K;)BxSDcSfliE@mmHatwA zCi;Jk$lv32z%jM>0gpR+FS%XlC6kp=x~^` zs6a-pVVL+~)6lMEkwuHyz-qEy(Lc1xD{r(QY!)O}3{KdlZoHNGZ80oOrIdEvYG~Hh z7D2h3%V_Lv9B#@Qx;XKMuvluK9V5ZhGQAh(h=R2u372~QKVirl4pSd=_M^R|hkhWb zt?Fv8^s9YXW;i~M_+KTnMk9B`aC_Ej>$ZQ5Zn~qb=Bit;bW|Xd_fgMPJ8@Ts)59^u zSV}t@CSS|L^9|A^ND`trWDchJi$+bgS%RAQKuRRbpZ|}eL3{1zQVpdNvnhY!glC?C zcSXVS^7Lp}Y+b=pQ5p?Pa<{OEgS=r_zWQGc77B>~ENsH}4E*eMot_Dnb9Gqg0@Vq6 zJq|4Dx7S1iLQ1Lz2qL;;0pZYX5)FEV528&6F#dMN7PLhdt$y8*Ocn`F%Zw;}bS~Oa zh&4ol@=&Fq))%m=%|UCJ5jH^eKp&VtA3~|w!d)FQa#u~ph^{_-LGMbc{X4FOx_g|u z%RzTs<_TEPxKKJQ7;yav>2MKVg%YD!vPD`5@-2B9mq9eUIPe2mYfwK%La{zKI$C4% z+@FS^!8rD6sfOGmn$0>8VY40$XagU{Ky?4Ao!x#8SrNJOY8V>N zz?)Y^z8O#7^b;BEJjbo~bje@~qZurjHKG`-#$RtH{<_Dc>~U-({6C_+SsnBAi+g}bHto0DA!XPVQGI^Ue&o>s_pz2-}GcY`b@ zxo~pD(GQwJJ^ZNXZPIE?0FZ%e)S3- zhsBXpNIvt;U&y6uDGVZp$^UX9fAvpbHVbEdYbzn=-jvVo&!rMMeFNfi;6Z$1e)kUT zM}KecXT-%ox%2}(+V_5k&o+GiST22d7+AySo+J4E4SxIa8=rf=DwhIB@$YLqzIZfs zviP2Ua6tPIFxKS!i(IrpRJ=H}A=ewG$n0)T_%k52txE>=W~7nye2#QnyRmM%yrH*NxyCkBmsN+J43pL`odqS zWP>ggTq5Z8wbyb(6^st6U*7Notb1$e{Kros+uLT{I@k2Z+<7w{oro8-3(~!uNf(q$ zggZSsnsDEaoUhq4FIaBM`Pi%+bZj9P`aud)&Dmvb|M(iu==lgpB>Ej`?B#s_8qWyG z2bWvi=aGEio{yP-Y)Rked~=f9QKW*1AsP@TqiPDIW!l_)7zQkt&x6!%q+QsZdTGjE z>wyedsFN@0`z*dn^_%G^(2I0?rNRGlQkN9_Z!Lvp7`+q4e#w~h47~MK!m`drs;B%U zu3%l`oHujstXtKO-Uqc~(eMa(EmNCuwzST1t;bvoO zMT4B1W%t6tz-G|llQ(ewxw_1vFAJ7>+d^vDfq-wINaI}ikuCJOG1teYf>Z+Yd)q`pc?I^_)D^O_=v zqPT8RT4>kw@S;OkK9lw zQG}qT9iGfNlM@?ho0leQN;Q*GWA`xsm9VXwUw zi6-exbUR{vrP^ue+W%lOznGwril`TJ97k^t-0)IvsEFTT_1o)y;v0GEJ$KwY_fE&G zE?>n(Fd_ z`Z4Dk*?s+Bgf^S;h6<5aJ#Q4hCW4`}l7c9|UQ+E1Y)WILQe$HH#l`3ZZ|lU*R`4N! zfy-XZ4HYgttggQHMA7y+p$*uJhp(L$xO<1|_}YPAQms8^i)gfXZVHxLa&}sj4;}9z z2JOuct%eQOoSoM8J=XwHRv-%7LY6U!#Tu}!A!cdSrKajb_uWf#ygAWza89{7{h+gc z0`P>*!3JdMF$@UHVsA2q&^B6{v}@!qZ4r9oaQvlzHX7+798RpA zxh~hJYn}+(RQQ{%C?M4=V+E#qs&JTwKS}q}p~G!QIRBnn50w zvJ%wq800@f`i#5RsFeS~Z>cuGBG>2I@bW0uhooAENaW7+^px?3pnn=J#N7z}-@^bc zt@3CGN9n+Zlv&c7bgBNVQ!Oqz1HFsnOH=arMBJnhH+8KglB1KgBCYmv;_8mvPMo#B z9^t^;SKYb1YX(cq|JCJPGgz)yvpkx?4l;CNu--xNu>AH2JfDU(7S4{9FYQhqYa@9q znC#4`9;Jz64J3{o3IRoi$RRwgc+K?0HYG+qH30$?vFGUNvNKB%-dPSIT|4hvLV0S4 za_|*o#d)PEWsROvBC`bXvV7VVS7+$hA^gv3EU93+cJqqWl`OKdzKOSsnNgj7ZK9B_-$>h@tG$ zJL97lfuPwTwB$F04Na8r|CR-KeoK!3UcB+!?%#{w{kHq};=$jB-wW+^Ak1`#Oh)`( zJdbFINUixJx)-fA3t`0XYYPTd>u+F2UkEoq+Vh$lK)2h#5%Ph$=Fb#YrJh5rrl>>d z6-eP<+=`*KvJQwGrNua|Xf>1kA z<$cd|N0pP02hOR+_oq*v;`!4qo8UMngo(kS7fHxXj289or}=%sBlsI{;Nzcf?qd8N zzR+Ji)dK)de0mH7STU#zMWW3c$UN*)#T&N@&wnn6AKKF$C*%my{!95 zp6dDKVmzIHw(JZZZ$(dhJ+(dhBgCq9Gq0s5&>zD(9I%G=|L*(lGQUlC{lBy0xVZRf z^sT}C&gI?09P2Nnq$j$+P|9D)g-9A}n?hlj2rk@dRo+2hGeQ-1IL?*b+DQc2xNDb55IR6cUU2t55?3pZc@Y09R z=HSNU8Cr@{bqoD=J(vY`!Og!=GnqRA1KsU#6A2jK8m7d#6w%C$Hf5C4-QXdSm`J=&Cg zHuoKQ=wu`uJOuR}1=LN6R5yrp66HsV|7#C{wqM=)IK|$vTjc@`y3l_A(Bl9rKt?0w zN1!y2gHMw%7_nWNB)V_@Fbultce0zum+ILwgoxAH2Jz`3ytuI#Zaab|?5fCAL&s#b zN-K2c%p(dpBhXp__A{L;>dI~~*ICNUb@nOH8Pmcc^G4nEi0^r#%9b4>yhmiCg$AkE zWpmx^>k%2_MZ{JU{xu_1LxjH{Q482+QTDuPwMet{iTX3ZZ&O+!fiq=RZzOt+&D6qF zPIlm;@nRATZWX#Nyg z^QXvRe@gLE&7Z<2diVfnCtu1?w4sm`E95|`$~%LOE9ItH8@G`WE>VZc|u#3kJMr!sqh-AML8w6M|RMjf9}Vkpi8!C`NDfsTz;S8+uOYM8Z_ek*=v{ zcRfPS`zPM_@Vh^B(NPRP&q|8o=T&4cX{@c#(wK3e$5yGn`X7Y#dc){MXL8}@z~#(S zYP^o`W!I<#$N6CLbOMLYB#eViSO}`_aqwNT{{A|>R8aF}#Y5+}WY3f=*|jK(0taY| zbHG3#1gnJK<|O!M10r?G?MdV_LkFBl$}|6;UJnvC9!wU>1JblfYfoC-Z<^?2Bt8k2DC z`XxrIvW}o3?5qQJ#sfP`1bB^!40A+_>*KYU7HUC*tTWctic)h??daAL+@dt=F|Frx z-TL0nt?%pH+Ty+^1cKd@`=%Uhw75s)Mm>mY+HY)av?_HT&KF(J_^WO-TWTeJa@xXI|&luxT&zzw!oa-NM~1-vR1sYoB^NC&U^Y+ ze{@KsQsR^uWt3E>{%IOtMaU_gkbkak;6{Q)c){`%m^W`+B|=ur?Bj(Oh8X!s9ORIp?%6)#}*@g zK;f4kzt}7X{wO9Z3Lh+^`9*I$Jfk#pV5vdi?<+i}OC*t-I7bKClk(SdxHnE0sU@5B zq!`_m3b@oh44;y*nOIse0kDH$Z**EJi;!jaG%}uJSOiAMagc&Rd0xt`37#I~!jbYUwOdg8%Q~^+d0< z$h2a$ldz3S^-nQAbi&oG+U7|51>Cf4su=`|XWSgw;}++>@veLNHstVELByVv^L>O# z3*etg$3xW?LY{^3`0JCU<(rl6Xt}aBl9o%OXjvl%qGg>NYWH(K_uCLQIImRGVQ!O2 zhq+3syAu9yC@@FAicnzs*6MNV&g_up(o_S@C9}7VY(rp-9@DLm%~&ZOKyVb?O?;q%+(i$ zFtH1~U`i`#-K3iNp&&l8b5X;`T?p%P7sF8kMf_264FbzTK1-Ro>kzbm zjRA?&&)VCpa6VDY{L|UANVQxqMd!g>F9j_*XRJqbuW-&-JWxHDf02(7i`yz%(t&Go zJZfw~jbaat77kx+uu#5q3!SavTwBf^QWEK3OW+4>coi3*-5k`|{%F#_sC zy{?w&O!JXz@3=;1oQ3x|bT)QyB%MVtRlYl-`e;z2J=wEphU}g)OG_`Jo%2@vqlL&B zH{QspxH5ae5J7}k_b}-rcno%kr}S{xf#D}xs-Q-RrnH4JzNa`3?wQ6tVC~htMPFjZQgfLCnx}HaoKd7icY`uG86&DcO->E_OUj9!vNb z=VymbvQwfit-)|=;4W*@uY0xY18|-AXF4UbLkV%)(LuAV2KA>`OmoYGC(|TgRwkV_Pmfb7*&xl-<3DNz}>T&M zIg$QtC*6OSviSZ5r^p^TBL;phM<&!E^;Zl2WAGQA8u+z3L!V){MfJ4fSa>qR1y)@yZ_y`CU`r^et{sFBOq)-m+{ zlYbwJWBL~+7nXC>H|L)`J9luY7xmL(@-ubl1lXpbVu~|}~_Z%>&=`-$~+H5SOht&X!OZzbn9 z(-K+g`OSXk5c$n83_Ns$*wY!6<4j$E7Ap)C%+98m`((o>*(Z+`(BOJ# zasu7=7r-N2OmW>qsC!viucmVU+I?*pz5m$Gz15MOr^I$Hqw}dzo&Wuuo_9X0+s;=J z#()`iT4IPn`Vb}O=zVLrNxqI#IA)GWLib73eG)X6zQ>qiZAsL9QeIM2_mB=&v7f5y zSfW%znSpHX#aVVb2{)bc$nKm*h8NCnrCU?QBw;qu%pKy@jx=|qHCT*fRroW8!B5JrN_39z2-t?*gui>x zzha@v5n9ee1d4mgveiLOG96e}(9Bmy(mdAuyy(f>$g&x35rKf|kqGFcA)pT<0QBZb z`EhY1sU^nJab6UGeUTlPz%*h=PJ*2;39d^)Wq(;5NoA?AJW--wW{@}iC2QMMpdn2rw%xFfy3WRD~qfg%u2k|0`J5)%&A*wc6K!blXQN1;f= zh~th3{Qv!|xcCosj$UXTY0?X{t`XQ`PRbH&qVIzXyIyjeXY_S+X3uKaYxB&^<1F<~ zn4~YOSwNVnY_(Cc{nyZv(#fA?TAirX>jCmELBHy>{sLv`bc9J;IfRUi$nAFJD8rrN zOw&T{(_RV&sgJ#4H;0G=tm6g6%ZNBgayFKgss}U0K)<0zt_=m&;HFS+m>VePn;y+j zs!p8^!|^yyydBzyuMX|Q(fK`(yC3(NeZ2kHe-8|FUjN-4oDEDsbfi5Bq6Rea@1vAD zutQgbrJhL@EcJZJAC@K|_4wx@F#0;QTpiIeSF~Ik)p8xRgdCLeXhh2+_jAi9qgpOQ z%P#Yy#LDw|x;T}s;h@(&Cn3*MdOXKj{BDFITf(_CXQ?mT-BssZ)sH=~{wJJd|8elq ze%F5xAHTipl*2pzq~Q&xF9m}uo27n#XV<#e3F^DV;`aTmtKctAJe@Apr{mqkru!H% zde6XL;lm1%2mIb6k~8`IJNi=MTvBgX%2OJwu8wTyWUJCF8BH^!{2C$T8%?EBzBw0h zbf#kZGK1258?De$uFaN=Hx@|w({j<``dr+#QJQUjtFF(5vB{R3txh9J*L5r#k{Cp9 z8YwEBFXywb{+d%~Xb|LcX3#CNXIgHaX*DO1hme*$A3_njt-udDc>DRV$bRX0k)S?$ zK1Sz_R%Lr9h|L5iC3@z`g(k}Ln?n=A^smn?wRz0BGG+P(SLONf)M!?Rig|Qn=UK(A zw*j3<*=j)m*6lDKdf6BKC*I#vUVQh;gx4tv-5OEv{toS|@e{PS=cSxQ2k|qDjre*F ze-(;maW?)H;9oKRmEzxxU|=7jfu9_k6#q)y&IomThu$q^O+jB@&X4HJ7}K8>eO*p{ zJu3R@Lw&V``WmA5l}UXWQ;u?9c-olKD!u~ADVxMs;5_Ap$iZ}g5rtYjN6M@cQK(ho zbXXPX8TcTz86TuIH&k&2QGhg=*tDDSeYMl+G!~GRBQ|K!rr@<%xJoY@EzgjYYcTzQ)x3sEPmy5*8T7{6;2?J|r zxzx{R(gqUzG=seXs6QjKH}tu(Bsc4E zn=iX)-pqOPklhwPuR|SKR{VqiuE_C(-COR+LU?uM1(~{C{ zy^j;M2xVkGSFWTaErGt=VaSNs8>I5|bk|@sE}u-VTE2zKxFUM03^pE;E7iHTC2@ zs&bI6mpquk)s)=!EVbk|2yxdUoViWPv*TT~uYh&yIqWAl6XkfQWKY?1CMI^Z_pRvH zZSiuxJ>{A_;rkt*h0i8@Vj|ZR;QB~e=_NOg=Zu$fqnA;TG#+=x9HPkRS#6bdY|2-jM}FuZ3Y zk=2tiAF}?tDuEd)j$~6hN6;bq)_5ADntCJ!ut57P0uyCyGJqUjOHb;cTkTX0D#2X%<#@axO)?*xmQ! z8f``2+LX$sd2|k=neyPO>bVOk^QE)d#-(a3g~5rQ45$QUD&4I3CFQ^TmTIagKiczu zWEtOeI9XbNI zvL-YwW!_szCXx*E9&igk{8^S9X9vOw%GhgKPE{J4`zk*G#lcZ zt*%W!nB2WgN-B@C6n7?iMx;{8Z7crKK+jX8i)#Z0I%F&Q%=xDOsn9^biWrFPk?7wb zJxsYg!u=mJNvnF5>m$hF5fU*%B8^ZIJ;ECQh|mZZM2$fGCrS@L8P)%fkQ&A(n(9gt zqXs%`2o02kfnXEaum07ir%)?P|Q8@Z%St9luF0p&;!k!{{?*f-IW zd^OP{=lD55MQ={i#sL+o@~G);)W7p(O4zMbV$-Ay`4wa+Z-#7vSAJH^sgb^W@8$RF z*K_cGox}AG@Rs;VXu-|(;^zIKo6G3tcVc(^i@14H=w=1o+%0a_iJMo2Zr)5c*NB^U zi<{Y@n^)7#<>KZfaWg4&Gly;p3q{{TadY3j`psnA43tyt265+|(4DVl;EoM}j{k}Bj#qCToMO@&Dk{*$n2RdLc%Bj(6 zYJbn>xgXKu!NA!u^k#z09yI5)nv{)ntmnaU3!)e=4Bw}EMycG1wYo6@(T;d?j3&xV z4oTuubWB-GHp=ZV*od-3cF*u$U`xHkd)n`d*snJdx?^rm%%AL1_B7pPWNoH|)}0$c2YX39oj&K*f*vg|o9??CH0 zSR&n1&<zO4@$ZxH@kWZ zWkNY9y}83=Xnv)t+~n$z?oYJ_#~NQjP#i`YS2rMSY~A$+u+IsI9lIA?$!KqtjAd}+ zl|s3aDHm!&sD4x_*N>Wkb*{L1dc;EWuv+@z!1j>*=o$FbJY82hd4@sv3y7n z+eaJtG5Gv!I;xqb_X;nhGlAI~K)+YjNI3CEL%+FII4M4_im9iOJI7X^@ zfQisD)n7g82N2K7m*Rc~-G6(ok?tGXaBuEc{x`Y01qBZCM7S%=hkq48 zLLcvwi`wR0dW~nm`M_M{e(4#SVJ|u;xg>y15paDIELRTg?Yy6=8y0PK?$tUA;j4&O zMsod$rXAcY7wwl^7hv=Wp5z>c^M5IW6oR9uqXE4fTdjuoY&u+_**ruALHwySrI`KO z@Q&5+PQ+Bgk92<%lk+>IhtH;cplb9O zujDy{oEa7pc44oxX$hD-6M~qENqWKyaXi~@*dE9d@>ldCT%Q!NMDsqCi&oOp^RBWf zt#W%aq1WbK9*M7sp3y^XMeUO7c|17|VRmOGjJtC58O|xz;08I^WGnjE`H|_67xL0O zi2{jsWlN}!V#sF!!`ulx_H|B`Z)Yzmd+9qIT0NcLY(FJgO(RoUpb z;;V>P2w^f{6#i`ymW=yBC=w%V%9oVf9M1%%OSODp7W^q2!weWB)o-cUTrpi~suCv> zrCLfp>7Nhu=~rsZBE*$`jewbizckkJlJM$@#ZW3sfz=tI_iQ=6P5$5E08K!$zmL-7 zYCW5RK*tzNuGTSChg;`fMImov5>39=RM#hC%;~=MakXo8+R7dF1e(WmC40qVK$y^c6cD zbcP#b_8d8hYLoC7Hp6CN4Zy~zuDz9fs~^gSBg9Lr`R}tlzvN*m!XbP$=uhH)!}6};$~$MQqkgU;$L!pGXktiM$0k?TUMBt| zo{-}V@gmI6pqGHkgHXPHbSnaRJEO>PCXxA=SAZhsUvTXxoA3gTZuP%KWn$uCjA@M; z`@LM7Cq!xBdYmats;Q&%9-fqMW|CR#fcoeS5J~s&sLninaq>SFWiaeB81ZfM25X3y zm3DAU_3&&B_sTKKI4v7KLLC4eRirb=Um1jBv zYa5AiN7gWzccxaqBsrqoMv94FiohL9W9xb(M^@-aiFhQ{v@WWyM{;CckCe!#QX`(~ zWfCu&+X6vlW``{w+eC-tIzsfX9Y5+&<-3O^_&=jdRIX3NTX8K_wm;FLiN!sRe zE<9##TdwRFBJ&JrM~A@TIE_wG3{)pg5;45}U_~Y4^Hlg;$Tw1|zBh^9EWJMC&u$CV zXT19$q}G`E=8=tdYxNN(v-4#46ogMqNh31buO9Uhnc<2%wV0`_#OPl~dxAL^t|aVG z9no}#%f(p#Vyu60-NM{+1)<%kk=X@;%+M%IFy`EIBcC`=(AgEBv)o>wG_7rh-Zt{V z^CBNSUn8|iFmaX`<$TCzhv#O?NvY(gf_2SD8*7{P+CWy<~JzRC|6a1f26|e?JR)aEEbTA*_Ftu`1ktWQNi4GmxjXsM&cC zR%)6@hruz@Pg$_pUa(&6NG4Mat`1}Sig0bPmy1#-#@Oc!?^%NzZOR?l)}oK3hh~%9 zLm=Hw=2%aP{Z<$zgopA2wV+H7XN-ZLi~%PA|An35&kNk8$B(X8N9yqR4_qGt-f7k3 zO&wml@})I@uk_FZI>`6o%LJH3wH&+;+(^2qRC^N#QuKnxZ_RJCDdz`<+LU{<8^)Uq zRg3BE>V9rz?x--{oKN=_cUcz{uK>&fn^HkFC@F+hJLV=bzfeXXa-vDbB*{1tta38^ zdpE;>IvpEOnOEP0_=M+MS+wJLobVJ>c96ghd0x5w3P@hVuaF^ME7QR=8psBy4j|JD zY&68Ltjhba@Fh5RhSCL77Q82(qSpicyeSGbJKHo?-2qk|=m+0Tn!bmYq=iFeqxNOt zj-z?2mrfvJT6&!Qp5ug10|)O2=Mhs!PUw2ikJ<`i%GfJg?Qjp|@3#8Bg`F9~7}djW zc3daFURoypqwGmb=$(Nw-V9p)QE=sqVz65}#qXGawR_|xH~<)sXRTT$Bc2y~4yRdZ zT7^5bgfuXmgE1>$pX`b%jo5d%Md1$0j0$f>V2oD3B&OKf@23#fVd|q;KH5c<5r`RF z*o00OHh~+j$J<~p`oZyQs%1)A7Hu?C=-ZuKJWz>S(?fHDiBD;+JVFy{|+2u%4Xo$t7$}{j96?0}j#k>V^2FY8jK`-!7 z3SWY?=wqq&ms-%cy9_I82hl>kxe=sBrE;63Jm9x_BcVLTxS#UWP2u>hM4orw-|>f~ zO~h}#Z)daiA1s_K^91uDb&3bNqJ(4;sGu6f$;YR-qH(jOS(ePoQMUtavWV?CA6Li_Q? z9yW#y>e@IXCW;|So~-_w6nZOcGFAg#ZFBBavwN`FeQmPYZ3U8TxutGXMvVT5_XT!d zvm1U)Ai%6N6*ifbX}KfJIn7ow0sM+7#9Y{HHnh0sCYzwSRQoFaeAjNDuUC={&o-Ix ze|z&e=G-*9^0p15R9JFg6>GN`noWi_Gu2ebAhOxuO_{Q)QT2H<40y(CQhcWN?WUY2 z^Ev3oV))Qv*zTSS9l?=1$AT8s-aT`&b4@;Prpe&7C_am_-qgOsl;bnyz+g8mH_c=? zh^O3hjd&us? z3%>{WX2W)qve~4(&8@au(5j7Q`9PN0(3EmP!;RVM8mR@AHyJu=GoL7pnZT=0FXfEFV()5XR7WDL&}YF zsc|ykm5`E%^#p{93VdTBUcMOy zFK?znrG?V{#NOYb)M8hTj_`^?IIf_m%-Gsw$mHf+lA8Q#T3bIvCQf3@$) z`=0sH=gTk~_ABqUzmImK$9sl@g{r{bt@hNmo*vs;N~pD&B$FGLBoJ}|xfjeNKrRR* zfh6Dayld}C0@2fczyIe?CVTemb$i#l-uHPgYwdv6pC8LV{_|$^h=o{FWdQLe@G{t> zSBs&3DcPGJtvbK^-9*0v$+^Ci(K>Z}$6+JUDVc_P&bja6-UTDRahQ|Fai1=8s=ylt zTr+q3Rt2;@Xf#?rKB&EiNiwRmSbpreNqgQCnsxHQLq$*frjq&r?U>Vwf*}0KsrLp0 z&S8)=jzymC*AAeeXvtKqm83tsIC8CtX-$nE{WWKYbbruiVR|sV=u!-GX2b*9;rwXN zD;*d7PKEzmW6(GiKwZ}cwEY1M3m;U&KzD*!6dSaRS@|$VG+B)(XmntHuk)YVlN|8P z1S18sR(FUS?N3B7qNx~B(0Mm#o`ajptkPOj7cS_-a>AlKr1kpEN+ELo*~gxXMlSuPP0XN8aZ}|tcVafiqHo83wC_0jb{QrgS_^@hyL~Hy+Ma-U zXmMnICPvot^e;Y!k)?|mI%Fc+`3Tj}$$;63IeX}fua|><(Gs-YiQbdX$Ads>i3F~k z^IkMMHV9fcr=cG}z46=pW?4`>>d!CxkHJqY;#5LCl}+$#+msXyj&Jsx5T2dT3ctGQ z#ouDea-bRXpw>)w10#;F2$~1bTC;mIMQ8YRMHTaz}^bUOsn%me;e#yG`ItGPV(6V2v z3M%zBzRYiK^J``3eEofe8_@5JpjH-u2A?X6c6@WdETP)_>@%;ejFybWL_%vp%XmF& zQ9V0!{MrHZ41?}ur<@i@NcL=TWU2=3Hg%Eq3bY%BToXvf@@3}(K@Poy7!k|O`kyb^Z@El2|9a;7_dgh*Z9p+;*tE4@9loJovf0^{>^7ssGzk{ zwzoD};bFw0v#p!&_AS#lymOY`9w4WHGdri|bshkBk`0(qAoevHmb{8(6T^MYjs<->%T@JBtO~TKYBs zT!8(-VPGFte_v~S+CK&M-xRQKIWJ!d_Pg3=Sk6yrJlf7?9-TCzoqV)o7u{wTJppgd zSK;7&205asKfaUc;ft9x{xfySRPu-9axAX?P2Egaj-Kp_XC)yVHuLJA!lgxOidUhv zAWIDA+)r70Eyjuw!@{whEZbQHXuC|_MZHyCmYQEq(t0>q+z;|YYkHRQVUMuC+}Yr4 z>T{kZWuT_jykuft9$VoV8cQNGRqE&XGR%dUiMi-ZSQ@vfxmX&6cZCyi7M8}qFiS%S zl=I;av@|T>x{;PfS36(nl{2D}kDwA*4gZ3F&v4&B`(mLaUrbepOJyfiF6MxfDi*IG zCFlHP1SJ=IT2b;b?pQ>*TG$>{ur{h`ZB*0t=)t!p&k}jK9?$H&BRv3swt^}DPFsXepR^kt^53kvo5hEPTDWf;3Rv)upjV~{>QLHf6E zRHUD-D!DvqtE7q*l&>1euDsiN|BaWj>qYr=tK4lc`iAY&Lt4jnKWNJAmF^4j>RmoIP;yOi%=lzta+aY261!o{r`-jO?p~DZS{8KXZRo8*?)}=DF zw;ibhe^WB`SHoqhv@;j&FxXJ^*@PSAOLU{yMRzFwNwVd@!{U4%E{R1Hx3`2y$~!1y z4RuM$J62tCyH2|$v=(uDM|Q1otzPsya!JDC!I0L|BN$c5oPbc z`dzYSratKRSXfEkJ60r!nn+$IJ@M!qdDPER*U6=3Rr*ya|BB&Qf&by5>4}Hb>hLcc z_7G+?bcfW(DZfr#a>}QuOHO%@s0dA_+@D>MFH`PTF>F5(f*G#f(>ME9=$o7UTNqgh z&1nuh1K~LptEX7nL6Dar_AlIqoDl7N`@@ALxpOe(V=V1FLwdL3K0>-f8jMnNh0a;) zYfol9$SEm!7pC>;f}^*Gw5CwOK=$KPLeW!WZS9HKC?MyD>fURu7x{?Z6^k_3@tqWQxUG0j7ePYZY*&&3KoPdxVS$6-jZU8cOMDe)}f?Ay(&QJ zW?QM?=n&fa@LaXsefWOqk+IQH>Ne&M3yXTOi(&ISJXXdtfjGG#r&evc4RZ4>#5Z!m zF5aDcAJEemm=5LcU|W;MjcA|{7=E1>u8&UwI{LxkysRSkK3jf|n9J}D$*UFutL;B-#IYuSoy&!|-Ut#&oAQU<> zxHhLA``!p3cjl97#%{!n$u>Gbxts(Ad7}GKJfYB?%#0W1QaNzWx@E(F-r7$}9>hiG zU0pOkL$&h_6|IGz9A$DiKWc8|RfX={EZ4uYZWTU;qM2#~crY6Z@1nW+LK3bqeP5U- z!N>HwFoj>heBHf~u3hh)MwGkG$|_x574Zc#DM@s$;UkEV@)=QpUiT9C!HSvv&J zdBTWC=q2OTAwaBLKHlKR&(K!|O}MKK1!PB}T5!`)qW#18A$w#^NmA3wHGBc@I!@ZW z7e*|z>`%B^5h^*o;{T2PvugN6Ep6R5XJ~~o;;Cn@qfx{O!qkmerK{##nh)dck9@!P zMqS+8BWUiD_eTwjIu7v_Gtr)s(4xNiM@rqK4t{sUUT}SmOE9Jm>*+Ap?*y-W5xnwM zqBf(+W*Zh;Z_cwUZr3DlG=>_th*&#{-i(a z?hKbd>Cd_w#N|)=vn4~@#h-skv`!@BqqibJ>~VkDuwB{LW{xzP)M&xQh~238ud`E6 zH}&+V;GlR4CfYqfI;rEnJ7Syu6`5*v-+>6aemU}3owXSA;!F%I3j?z-{$&^y0_;{6 zMrDB(%bs5b!zW|^Er42#`;z>~(kjp9u?55Sm2bLcwEhk6n&le5=+>&ph;9CP*QjpY z#=ySpj#~`Keobd~O?Z86s~HKdHM&9LsDj^wwI z26_LH!NH02ID~=s*N?+t}Bj+RxnB`)?G>tq7LxVgVE)01lgh)d~Gn6R2n+D!j zd`q$RhR(wH3Y^ON<~MyR(;Y)`&7d>3R|G=Zo6Eh@xR^5|AHp!qBVr<=O5-PszBPJ8NbIYMs zR46;)xFe2dwhy=V&m^qP^wyWHmPR?($7O$$)nq0WS(mh%=zj$20B4Au!Hz;45&x1e5rVX+y*( zZHMPoj7EQwH{nnk@2!ykyR%hfS%@plE_x6VBX5C(qJK}U4bK}j`szrTM{m@-AGA6K z54b|)|HbO~1uIu#W!%tNFr?9NIu`k-Rr=xhzC1}X?AIWDNV9JCr{(&r$WmlGU9N9V za!L!1=saQ~+M2>$9^60t`IDn$2@{xMt5EM#fz>_Tnjx_S{1j^sx=tU=e((4F>XELTg5*Q z`f~V(f*pS#_W1__UTwZ5(t6ql06gDEz${8)Ib_`L@zDZ7w-UJcCjE38J|{PKB0pI# zT$P+i!@=(#|MQJLHn%eMnSW6ilQy^)8JpaTkN&{DIE@00L-_ABZhZpxvyx75dv0vG zK9IT=)u9*Pf`2z_+gWyH@^Uig2ke zH1v@7J0IVU-=q9}f%iK;ws)|Phw*Wfek?^b9n=So;inykRZ;Y^oW(xm6+@|hJhbwJ zl#08h0{TEl5T#BeN=au<%pWQhXDJrFNxv{us-LC$6QwFys=_OU+uOJEb_YIg(oed@ z^no~j+0o%qNSgY&R|pkuKZd*gQfAOC5>5o2u(G%`4g-@94E0eeBIzM=WT;9&dsp~a)G zD*Xt4UA6P~3Z>jMxn7oN70;Z!9RHxtGUxjU(XoUm;_->)j!&$8d_oZ56H)=65E1xP zA_Et$B3Fru5V#?yN;HO99dcUqU)awf7a%Fw<@4kIiRT?;;Z?ow z!^k=x<@svl48RI!fil0N1sy*Mgizov6sQ_m;G+CN!URgamj##b>P6pD_iB@m@5zGv zEcEdeE0BtB$&PahR66%49GNdj{3SwCMBz`arJ5}P78`3pQ#pkK+=jhB^F>A4qMM4o zl~QzX8Yb=;teaJJU*Hw&?o};vwTmCk{NWTnng^Hb&tRsXX~CEJQ~YhWUkCTCs^>3t z0jC>K&bh#py=du-fO8H}S!X|j+5}3`$_)5D&8BGCxPY_QJRdMi14ehi+{<)>s%Xh9 zZEwKY5sgh@tYN7?a?2I@l`nm2<3i-pA>YG{ne9ju)B3df{3vfbHE4p*XPA4KLKCeV z=Qle7PHDjGHfm5glSZ`Niy~8R*1GdczZdxQV*#@f33&lyCsI+G7e!`%EWeDmky+)G zQL~oKidIeuIE?}Gpx@c;?7^KGs6Sxt_d88)14vv9ny3B7?jRDB%+rkA6B{54v)(#%ScpfSO3_SwLbBz>^xek9;E2GMwa2@4?Q%IQY7 zPqdW1aLxoksn`S*G?Bv8=9C4D_OKJTo!5Olk;qTV?Pjh8sGzk6oP#8<*`)4_^XuCg z63$uHV!ye^=r{LB zhUHETSw@(@FPDCC0e(2+M{h9@Bjz{T0!}O%n-%0dR8EnZ#P}4b7!JyIPH=6>^ zE>Jw+?BRg-$hQe*o3_(AgJGhi(;Y2Ei?vP{S~T0tdYS-iu;_EsbY$vMb|K>w2|?z0 zzj2zM+U|vssnhdIUtNFu_mM>zG{N76WinG2kAW+kQ<8E^-+zWmZXU!D0|)EYE)qmcl} zze6~98=G}%$>QYiZK_pt7wfhXqYA2=72vd?dxM*1#3 zk>a#4k}@OprQeKecEI<2TqVYNqs?#bcG^H+rvuHJO}w6fUy=CZG|7za7K($wOgV~{ zj5GVpx*-bt6opr4-2tZpIb24gc|dDKCYSc*f)6=u2BtagH<60l;zueIi3PeIl&0jH zv{e~!2Bj@L(I;&ogR19}wlY;)vnhp|0wAU_h)=Bv`F3w_Fp>Ye*F@^mJ4}#8yJkax z0tn63y3N%{b6S))&{zX+psjL>wu_p&RyBnrQDh_c1kE~T|Kbxffh^&&brZjU>H_3b z+(yRnAwLqqog>oRyKZwwRC6&>7R}X>v>B3Xd`WZj^cu8=EZAK#H%1#i0@^OEG`}?W zzPBF_I!A&gvXGBMFa`~X&qgMFOJkM7ED$Q5^pXiXD9qBRL`{a)D5M6n^aadaG@GT> z?D@2dl}YGyxbg>cp$(En2Y!Db548r3BLPS@^QhBloQ6Du1Z2a0iowb$L9+?sk7iCO z>@u{Chz*mr)+O}lQ^ zmD6RTqqLI)X4HW=DwUM$BNVMhi;1~CDmSbo>muLY%@j7LP=< zbaFr&$gjxl`f(J#xfG{@3A4}!(0I@elLIEQRnPe43NmyDchx2bz)3PSpyL5#VuFs1 z>ISITZ6OmCJwiI+sbs%-mR!QIfgb`+Z;+C_4forU@AhSdoH{W_+i)vjwuPL*K=RY% zqe^7$fqA=liVqTwS!Fs`l&&QqNgCr8?{EKIe->Pb*9EU z2hcaTJN+~rPAA1jHyG88-`PQ4=2npG04tu3rBg0GK<+kS z^V6{ka%F={9nlf}Kgj(>fr+Y1$V0b%z{b_ybrxZu1`yKA4hNlPtPK26=%d>Q`RZmV zS0JZ|GsuxR0~VGD`8HZH&a9ATC!;`v>kOWz@D`RIrVu%>3wSY`l43e)Qipdzt@xcr ztPczZNvMvR6+iNz!Ol5KE29@L`*`4r-{_?d{#on}k)Bv$zuB$8|Uokx7RGQ~ki5N%(y9lsov84fxP&?6d>kiO!}gj_I7 zZKo$tv9`Iwt-EsYVYj3ucB%VPEHK!YZg5`5;$XKqsBE^-E0Rno^ zCm3buR0bOtxK%|aBjdvmv5Q_+y1+TiF{}loGV0Cx5G@D{yb8;5R%B{ge(B0<<8y^R z00$-N2T%mi1H#p)ayks)QD`*4S3EOALCp-mStd{@U^Zj1-w{dqlwjkdegmSa78guA z*P2s*Q<%F1qyd(nD2UDKiZCG zcf0xm`nM0T4nLC+)1bQNsh0fOHXC9=A)BMp!#zs9A$;9d|L7)g6PKS0n zGJi&X#WyR=*OaK9#a=-r^BNjC;Oq_+wcGj;!SPBAg&PFRTNCVOR zogPwh(8jg^;p#SRH}SxMXvM5RGGSsK_g090Q&S|^>VpRlHG}w-?`^+W+#_E zWbY|KM--PLW@S4ZN{fhr^%X^ghv@Sp7-9#RCmqaVamSW+UPP2a4w!kgjT>xD<-x}eht5rW8x2om6+&eS`;_p3c( zjf#~+gFFK+h%Wg)&g`IWNDp#@56UzK4FXsoK!_K3PXf+>dB6b5uUL$XDSv+St_Nzy z24JWwfgu9aHNb&(T(Q{`(6+fIRfS)$PX;h3$OmE41Nq9`p-wI0{d9}1KuO~qU_j5V8^Ou3)>u!u}}KQf4+@NFC*pY~=`aB^;6;1TTa2z;1_lJ`s1C(_29hYstfb zWW}ej8KAJ_6p|o4aieJkzt#c9dI*af>1DcEJeaDkoNmj z2cQy~Mdspno+aVzgcPPkQZk0va5^X%aAx`_peBQkKn0+lfIRqGrVF5l^X>u-Q@{D1 zazD)=A_7=$q)5$F9z1l14h1x|hsbv=k?%Y_9-`}tPDMDZxT6&%r&B4yQe708I0i!H z+Q+}oQ!gk#gh|08)0I~ZEml#!n(xv&!&>&tApq#0@s6Y5#9>G$%Jd-RR}13?nJ`h! zGG*JQi!vys2!c=O2ptgO9)O*Q#UdCFu?lKys4XzPf;%M~*)*P9Aj)E*52mO~H2@!F za^_e?FUx#r&E#|nR#|%`x>(5PNzzH6!bCAZWKqHv;%@TsBW5V#D*7&`!tAn})SDBMX*AK5f|cIibU zgjOhl!xa>b(E_f799XPKKXSVXV2QP!4f87OlrwN3Rwx-*i}IL&(JTZ{ItenC>CU3R zti}WrK&FETtprXm6n@_Nw_nh>gP3#gvQ0X*_rk~mzTQU{GL1p80cQv{&7duTZ{w)i zf$IRz&ISzlzRtqe3hyd|gP&PG<29|!g|ObFdUMK_VAY;7cM>TNiRKZPKZ)?)>ajLM$ivM1no_cFlMU(z}`*e zY@8ytQRd4GE z3?(5a3MV3J3DEXDLVy)t6u>m zq?S}KMJicc17>d=#h)64FAJG^#II&4ovM(-P~UCJ*e6d-Z~cC~a@dM{q0?h3gjbKi zFA3O)AO%*6#F1!#2E|PYA+5qmkkZ`94kzPBykHc}ltDUnQuqxpQ1;0C#{LKl!()0N zqqGvw&MtL5#iBPSDtECG*J0-z^KqfSp(a(Jf|NWLc8&#kmA=pL2po(Wmc=Z;akasfe=6!VjD~E%GKg>@0 ziXql$^~2|DmN1sELiv5B!zo7JB!V)uZv`er0&|l*)@$_yZeZ2a))*p+?MF3s$zUR^0MTS%D)O zeqnD#iL}r%!Bk5CnvP64?BGE-mc@NgMJ8MdX-3mR83rl7g^_F1^JA-i_KkG7ZPLW; z$kUBb9~LV;?n=Vb4xwY1$Ei$&m?0$0f=Y1S<$_*oKy2=#YXM?kl06-9Ce9-9;51cH z53~;qCcs&j;Nc{*hSKo3ik@iaIc@M+K}I&hp$l6U7#<;I0#wBuVrI}03&&*GIqf?C zF(@(gs7-1(dGpxbbcq;1e}Ew3pnyIhN1!Mi4i+b$Rw>5hVuYYL4km+9=+UHwDL$?q zSL11k2!LQgR70iVVkth2sm4@clUzzd0Ts`rvWlmml`=?mvO#0Gv-mZleQfV)5hnZWL3u%OdID?;Kjkh#_T3Yl9i zlc&7$^As~LW8oa-vzg{P&t0RF!3o8wJg|smfN{LgD)A53Cj~e1eY)W2>SY))jfdoX zIQr^zB~NFG@eCOZ;|_+x1hd~csGQJE2*k642JJOJ5=iLd7n4wu7L+C0FW=yw5o4^2 z1_7-CMvRFv#UM<3F>FT+ocIN;3u~@&Mwd z$VX|!j8hdWJjz-HY@$*ErYZqIz=1tHph#;5pNvWUY|YDGhRXp`WR{8)i)=(N8ZC(j z9M0)|Mz^_J+Xhp#Osr5+mK-8BXcax_HRuEb(8`xi+@iw^4d$pkz4E#hBIYK^@jbbe zNg`NPNMsUyxBv=Lf)BuFOu>$Dxbia7J*3=g_#M5j*TeP@NLGKg+ZNAYwY; z04oJNa{}mPCvsMnFT7VSRz#5<$`K7Fcm#S`gD(cpy8&M{AA7y|sL!%#%{(5jfL za%%m*=LX@Q6quNZ)*${wz$nNN6#-Geq7iQsycPgRof4uV+Q>jX3f%w{VM-u;neP_F zU})!7X?3tHwfyMH2Y$JhxNMd(%Ow0%>V=;W<3k2lr&#YL3e#gMyM+O|TwKVngoSbr zR6P%IG7uev&*Cr;E8L6urBl~d6^dgU>Iohg_z%PZOlOpc;0&`@`I{jPVTjKXDL2L3 zp|ayJ2_5L_C&eqY+i&dSr?zcjWa7sl<;GNQq8bTmy(+4si`NXSfIK*G7?@L66A93W z+#xLd2Yu-TYNZCohioo5HnzdM=UfR=fQ;#P>%hEa^3h}XjWtf&juKkQVF77)*`<%g-EZ@(ZMbCx+Wbq2G+ zsO@VdQ|qAQOO>K=GyoLVA-ch@9fT=^Xc4@GBqpBPCz*GW+_+!9O+eZm5^UNZS^6rB zWAhyS9rRryPjXP(3(wzDU~TOT!w{@%2Ir=saRTTt zI233cX}b_L^gFvG7YBx<)+)|VIKb6SOhTK{#I(#NBnUD!5RR&ytWTwGFr$kHIs(i> z&YV+coOQ2#3~_>9W(f^A{YLL{{n2;LCSwo&BDl6U0LK6mQpG!n)ri6fL&52S2wIoc z!pcuW_eo%2mRLPC1~PabrQ{w;ZZtb!V=>QEt3|5$qb2;PLOSxJb^JJpkFOnEu7B;= zX}_Lcf^Uz!!&}=>``32yYYh|1%TDX*9L+$rI@;?+NkY~)JhPjpdlkAV%d&&lLTtWNc^6sF5dLbRu`}P($&SQ zz9e<=vad5)E|BJ;E;jk<)J37MgcrT2=M8o7rtfFC2%2a4ZYD1$obX_+UYLdY=z2sh z!2-MJ>uKB|YZW~<%`UoYwpHZMjP;1{Tr1B$AB~`|H8zw!7FILe#^HBFD znMFLcB)$B|V@b8Ku7->+;Ai~wqRcCP`rPdDBVSKyip3i~x%t8(4srvY`Nq=nBX=cr#OfPvoTHvm8x`@><2mI= zLP_Uhp@!61{E76)<4@mOxo}nakp)SEF@Hnq6#Qft`LpEb7x436c~*c#-sGfSI>qKm z?u)$j!-m~v(Fj~BNoR@tdOzRlnd{>VZ{^gZpt+A{dpiRmzHzTS_SDLq_}74c`|z*i zg^*JcilltfD(LyF{@i~|V2gtwZWRCaqbu*=?>YRd!Sycu+kqqV{(rlyULO5T7t?NN@B$ggLWk2Hcq+U-;grK zf-xE`xgJiyP_*>A5W~a=L($4B!e)~Ve>co|c)wtKYKLsCXGwD5JLHKFSU+0oLpmWI zorOo$jp<>tFYI)L&2u4RFl?L&oBd&JPY6jnM1rMOv=r@>s&;m%8&}xoF0>s+yGAKK z?@ZqGPA1>Nq1A_IiMQbyU)X6wp;;)TZcLX#eIc_uY%r%WWSnCkw5G6zC~Hkv>n=Ai z`>Lx2Wn(^Q;z9-I)AbFv4Ga$2+J2g#+{BuqZ@ADui1hP)!}eQrSq?l39bu;*9x@9N z2&WFcx}Hb+N6W6W&E0&lM6}|Hka+-|KxZ)`e1^4Bbm-3H7o|Jg^c^kn+0Jc;et*=#wdE%Ur>oJU?F=oc~%hPBGDhH=$|2FsAiX(LBMdb^4T>%#zBL3?1W?JTf~ z#%u>mJXshS>m1O2ndM-y11iq59jthsZD~3FOdH@Z({@7hEc}#hId^5LcO7_&gKmzT zSZ_y3Y=8@la)uW<-bJ=|G26RH@-7aIaW6`|i=TNHdEP~icaiN~%=Rvlyo*DcSC4n` zGj7lTG3RuK^+ljWomJoJFF2xwv{JqB&tutZ&4P^M>1}q=Q;>1@@SUld6lHc%D69O) zx_eXC4qOF6x9;9s5Axz`xN{sA>iiIj1qcYtKVLu=Jv6TT=(?;;V@MDUvS;d;@}u7z zQ{7qqwKYjqu|G9T+K!SUBk5|uvkR28)Ksw-++uf+Nq5T~S(DTn+tV=VO|RS=iE{IX z%Ka=+ZuU@nb+P|ynDnw&t|U<|d#KzSiE{IX+G~y-YnW8%m8(mXTRK#(BvCGVs9as_ zWW%IKymE&U<#L9~)w$&!9J93i=zVUvL$Uo0lkWD)btcNK8Y*|lEtfkcr~GKx9p9nY zPa0~a4B?6@lQ&eRGf`%hTLx`a#s1pRCCVY)E%T-bdu`}=7%QUKhN2%*f6z-}u^{m? zy>xMTBP_DF;js@v67nQTW>j(h!p=J(2Yz$F3BJ{wr@%{QA2h-qB@t{GVdkLaoR?ia z73KbQE8mH&TX`D)`uHV2;=K44)E0IQfp^2maE4xax+_nq^&K8(M6*uO?xyi;CwqrL;`=bQS$v{+;4!_IDu1X^OZx_O0+t}Fy` zY3#=5lH@lph}%j#U@?hFv;^|UP-vDKzS00wK&-zKLK5?Q$Y>8417Y((2oe;@hT7SX z^IllnUjB0cG3iA4E9(}_@6|#Dm190&Izt76kiOT;3)099gOVs}*;-$ypgqqj=uOo( zG(c~dXP3Vqr+#&W93-3Vgw5??qXC~Gt(-3- zO@8$~bxtGX5mkoFv&ED#-k5H|ujusIW*g=i>Md-X3Yi#NMOZr?(zaW~FNiZY%NG0% ze4mt^?4Gqj8_-U6R|7OgHkuNa7iD1~p0tcgB8&PKu5i>7c8+pwKwBUJg=fO(f?7uH z(7)<@EclVR)N*X+fW#$uEE~O*lAI#ZZma<-8pZIN)$ps-4GceuwV_^+jQnC*j|L{L z%w`g02oZwhmm4TutwH80D{AzjB&ZQpH$V+6(H7gRW*;(bqn9|wLEvs%7~yuaDx{T! zwPscb&n9#uyQtQ6msQZWRNrtjC=}L^BghxSX>nV_$o7Xc+{4fjNkgY>@ER%rxkwda z1$mD>^Uy7{;H&{JQC7!qOEWK{mR67vcv2ZIaQ;`gsA|t!Jp0~aCMZ1e;TjpE4GUs6ElL} zo z5I3^<^*pj78of?tnm4Y%OoyGWkaL1jFA1}m?}d%+A@c-dJIh4kzb?uutewD8vbJ3L zyUZr;H|2XW@m;MaPQ2nEb%Pw_g$}@%HY{lat#p!|-J}fLXtd0omR4bF$GK#L3VhWQ zdwDp~%R`A?0s-#`8^^-tnUHoer1e|HJ09w|iW^o#+79C459o?hj|GI4fnJ26GK?ON ziCe>vm`R8}0a%cZ?|IZ);r^e6+=%x;cD;`&RMA z2BeKfF(YL%TP3rk3%oa7b;~w;Yy+|3uCM{Y_LhK;5Z0}RK*PdmJX!^+3Nx1$LM8?i zFvP5&nXEdfZYZ*x3Y*76#sPeWwF3~yR`FZ=oP6#~4QV?e!MH4CjaR#5A)ban4?(A) zPiB{GV41@*>0~dFU!!$~8SU#*(xqEj7&Yn!q>JReg2_HN+fv*1EHOFS!bUefA!@@~ zgS9p5Pu6MfYUP{lAU_pBl)VC_QUeJ^?HV>A%WIUqf)3h76!qI2^Wl*8UP8bhajl$$ zfZru=O%E5{n;Ft2X`7;geT9-Tj__04Ph)B8^t#l|+~&$JGHfV${BjT&e>Tk~4^+`N!p11(Bnz1G&+!di@{^4gw-J}2BKC&Mt4gH zGveBoVbYK{&}6+wjVz%CjB)fU43uMFUXFk(!cfy&r{#ZhFL%P?OIX_p6^gW!g zSGXq@U&7vWlq&|sbbxg3bTBIc&?9VY6V9x&O;A8J5i0tIW$8O$LW8fApcvwi8g+wQ zI-DCIFDT9A{k-Igw^yzTa>uOL(>wlo=ETa{ql{;d0}|HsaOPaj6I^-I0aLyvWYl<^xy#n}T0nSYB$c0`Xmbrb%8I2{5 zyg9gsyKDJHn9Din8uCF<0@=~C}D0EiIaqRW<;L9dC=UmraDZ zx?ENrjVo3<-|ptdTXKcAeH6~*jp2^oEYdL60K}%$#v8!Fkh#$i z7|Z~VktUQIT3HwnN89m%ssw$26}`&Rck-3e6ufbKTH0yRA2)ue^5fiyEBd1)p+A}v z`lH3wALs}?Nw(39zJ-mbr#Iw~tF>$S#x+FF-$!X6MbYgJx@en+Ed#pwFyuXSg;o6G z)nBjW)>=<-C~Nu>1)^>!y}FOmmp&$Hd7u!!X`9OgI>p#+ncFx93=j{A!$yOFNQp65 zJV5T7+@jHB=^l@Y1pcfCZs`m~TgL*BV^ILbRspB;muTxa;PkN5iz%5ayKF73gD*CX zmL^+TrMw!P7#HkNUt_Z^jy((38(Zb>45_(fuJ|s|jbztrIbiYVTZ3o zfQ;q6f=rF$wA4#FOtx*(tAvI_CUTZu7ViXWSp^h~UWH7_?~+}DtPN=fa;_Vki*8Z@ zIkO(T;F>1fOH7kD%c5(nPkI|y5T8WhfYZa!BK6fGd?`h;WWix7_gm4E<7{T3idSrt z1X1{xE&~3YCi96N@pqsxSTNb4Xveq^l4RUX;NCea{7Y{H|8f_jtpS&+N8pw7-t31d zM`4hSZUJ{&s=QnFMTv}%tg9@QaA5(v(doc3(^o7dK||yiVNn3>(b8oa06bdqZaH}# zw^$ z?#>}n1IT*yRf_#V{Sw9G=n8VYfYFJqX-ZmJ%E98 zSF#;FK+X;c%z?K{w!2qY;66L@JRBa-mUnk7Y}34IX=VkYvxb^sjwv2m%`1B4<%!eH1AP=B^O_LP4fhc$FF` zREs*{#bQb>8$#P~IBv7B4#`zy<1Cpp&^?ZVK*$X?vO=cW8dyhsAy|WPjQei7b#_q& zcnCs9J=9~c(OLvsRHYa#))f@{UQtfM!NP26)maHMOjZtbIRYo*vce}UEhP+mp}(vd z^T~U-DH#YWB!0|UVuZ0MJ(^e!;_NE5=FY-KX4d@r3)WIgI6JwBj?Q zog${*@~6*VUcmj$VRsQyMEhK*O@Jderc2>y7}ClB*ewYI;}LEO-hlve7Xm%%%93SYNLI0Svk? z0R&iT9FVuADFx(XOQ3;IrQT?ZM@zxRY8O2^ApHtb}m^ zIyZtyVoop$fV4%+sK8B|2c`^$6eZyKbtwTmh5a8QM!SV1u@x>cmMX5t0ysI=wM0Q0 z*AhiRA!%3GjKkc(Cr$a{^y}Z8%iY-cLhvsu6YRh-fgN0`O?QnS=s+lKFr|UTgnpp| z0QhAtz^9A>&Ozw5#kG4}?~qt3Xt66~wD42w7c=K}S>xt-!PM8q&NXHUY+adls5!px}?k#vN*&*{L0tU5T-8?CK>pWN{__i9VfpyC5p zJfvl}toSN%OVzo$01IDn9ON;;6k^jAYW+b8)r;$;O}f+uRaDAd_6n`_yBcAdRMR$A zm6;1&huDPF29{eTLbwl-8iQ7GWYnr!milZ=c@EaT;7`@eSgC@K&h^sn6N(F5iy_qk z@+lJ%OTfcpT+?a^q=&U0!KG45D^@|BdK&eq1t(H&R~Rr@s;qI5m}39yq)y%dpJBdw z#ikX@R@)v@c64ZK>A$~rD|d&})^?3*ghU90ON7G|^rwqK=D_v%pyF0`UOTK@99dXL zo}Y_DK%qWcJI_&M$tY4_EB7Pyr<0OFF&)V|{>74#VvM#BPX(N>VGBN1$NdIu;nAqrbX}E*A;ODLoK(^#D!RdS$G;R$UA2 z7rt1B;AfnGvsSY1GOS$Mlp?1E(w|r8&eJL+-U@-03g5MihVLw7&(0R})wA$A#Y*vN znG5qpbp_}Jq&P)ALoLv*s=`d6>v2@o;x2(SnVTQZ*QEH1L54zyOr*Pxq?%^uMG;8J`^hujqoStFQhFH)o43D08D230>etF_hnlPB4ZrD#Jz-Y%ok$2rQUz_Q+`r^ahO* zDNt|-4j)9~#O>5Uo-aQ6iSm27YnxxxR2&L-tU0SK#4m?h$Fb2*D0hZgO{;6*(` z3UdiyF>nVrriZ*iAGLTn#EU5soDmW_G9mv3#L8NRl>#pjAibpaDG(26BywDJ9(*Ls z#*IZ->0FhBMkQ*Y(j%n+KI^l<#M3NwJQ_lK9tW#O=eiz&9iANlYu{ZFuHLFjtca*< zL?8q%*gD5GB4jxzjRl9zY~XYZ*{v+G7CI9s)Ljc021B-Cvo&mV@)O}YNHMb3)&mdx zcM-RRC*1IAIf(HK*#^J@XvFk0%G%vXqC!5F>z3ql5Pz%E2%&@##6obhL(;%DfPX<9 zf8go^LL*lnSY|BYmxVs)9Ig*A2jZW9?GI1h!foSjzMDb{%FB%vQL1iWML@Icgn4Qq z`bD`6G}jGtG0X@}zY9@_Cey@Ac&SHrxEEH!ELB$V@!y@igImY(MO-4nl}akB= zK5k&D4!~IULYa{2bt>q0y^=4g$&wLXSB4Ut7%oDt z3K<81nw9N8H{lP!DmX{SDOUl&EYT8Ifxs$v2|!XIdH`2~S^?RK6#yOEsLN&Woe4l<(Zifv$m!zaGSCW zW~MNw)TcxXmV$WqTy0DLaU#O)n#x{m3QbWyFo|c#QdStv7b<=*xy$A@YOxJStXUFC z=(nOVLQ&gPj%d3Yy)+u=vuhEL)%zx? zpc`T(L!TcMfYc}eY2Mp+kL5mX4qA9ul~&QUSalG9Bpu{;uOOsrK~-XH6nCps1zDx56JRLF!57n1 zW31BEfb_8{j~m8MEs&hh0wDW2R0y)yCe#92MDFfj*z5>1&$k08EG#+7Pz%#O*U`xB z-)xiq{}|PRlJy{Xe+Usfr#56Zg^h#an{2YpLDByEy@<=ZD&HB)p&U8Hf8daa@q zpJXm`E2KJ(aA`s{kl^pKpQ2#JeT%{zJ5@ussD^H24T)+<|Mf#(;MQ?`foY_awolpV zDw575YACTL^jpHFVE1Oh&xoXhnyo{jTY4>&m#;$U1gyrog!>39`H&4LZNQ=0DHea3 zwdE7DANvwFck>Hv6^ivCCvK^_k;o;Z6PL86oNiK3jTq01%k6dLR05*0ahS|-eltZ8 zd3Cg!x77dTdhUq!tY#OV^(C5g@fl2$sNhQYRN&V`^YB>Ex&D<&Goo;3S za9Fy*jfRK*QdPHW3peG8BbDxOI*}}jgcxJu%rmUMhEc)pd&v3aD-Gotit$M z4;NH&2LgE^s0Y}w7>Pt+kUbaThE|FfZ$*r1JM0$QVR(uQmc!?N>%WWpcokA|BeeNk<>ETnH`P(-7k8)eGN&-x{6htGAE&Jq$WChv%PE2d`}TLnHSyd+NYlb-NNyRKhb%4LC=V*tjQuhi&Xf z;<^j&ZBK1N9h_0}m61Y$3iNowt)RR*kg`22!X`aHB^oM1{!8Y-evb=dXmBq|M#2*J;4=R&3(p2PJHA^>YqI=4X z>SjT(hu$^>&zYJCDKN`}QTy(H#Ese_zIyT4(~U|c>a+fK;SU}6amzJixo~l%a-$M* zLcl`C0I$^3Ibp=bII9IA;fu5!_##TglL~Ys#)8BXqV5oAUZueoZ^MfO%U>PSuV4_| zs0mFVgcLU_fUX2z5tIh7ImA!Q=$4#MU9pHewfTh%EelwY7Mj5Ipih@cYiHsVcSgZA zfa!+eTPMKCjiQOo47pPKKZUl*shCQHdbd9Q+s>bJ6F0xmKluUC?LLcwrc|6caTVW( z7e@ldDOfyw5UZioZCTw=EvwZ~Dyv~YR>O$}56<8QZ&?jHKOmkjQVKytra5xxgghc8 zMObyY#)9%5A!MhFOch=xmJ@*4216GPFD9xhg`LT)A?2rnHjtnm{q)LMm?jT>K;)O} zYK3bVA_=G`;YXzgmDPY%=dN(&OubkYoR(B1Cc%k~0I;)r$Yqq!0`9A^l_F41)c+~4 zJk>W+8BjFAKFFN)z*XFLF80BJgcsFK<$yB>$Zn@?B6k4s`5N&NLR8j>x6bW_>rg%7 zhApvvK{&B{m^cK-MX#96&}R|}r^iU}knOyS6*nRy{2ViKoU=5kEc29Y9LFa#N@#2R zuj>zR|GMWravh6}?676Jp2q3oCO?RU3p+-nG7?7mB-sD~TZECCB!5h~6x<{A;0aW` zqL51GMUK@j_gxD}4)8?2#A`%me<&?@dlJt4PVG+zG5~FvE4r1s5N>V`@I07WW z&cV+NKtXq4(vc+v(F$$^P_alT+(Ctu+A840D9Z^VFk~5=5;t$$O-dt&%odhLQAwHw zUSP-%-bWj5lW4_U#pj)_O+YlMbbP}5QR3=$8FGq`hfQb0PYS{jPo;S-Qw|)w|MLA; zx9z;`ni_GL(tc2WBJs(=flAfZH)^%d9ftZ2<(8MVwdkwhI;lg4V zlU^b2aRn4rXN*e!XoXYLT`z``o7V0INL85q2+5m9FMxrFJJvK<8;J(>p{=vp5AA4N zx3>*nz@JPT7f+F!-d>~D9z%GTexyK)u@n^zixB|(0nG!84Oq^6*Xb#~s`NQ^ya)1s*aI6Nf$FF-`Xey#%_l_*0M-KdcLlV|9R zO|y#T`;aUHND_9AGi!#s0wH+*^QEd^#MV79LEJSAI{RcZhMV1uAyp*ey8w<1uR^LR zk4=c#00Yy{+#bg_pDmYV^j=)Hla~!HmazwOB158c1 z+LAFWD@8aRg5V4*VmFA9^KPt4lAKl8kP*yuFSpd=W63hY{9CTY zD(Nh25{@O=`_5hfQ`fuhiv*iAx@-a-!CbKoXhzWVIHkXrxdaz{;kuNo&OEs<6Y+`! zux?aqj#GiDrW%9}G&(>W&WSmI)sA(_r6gJ43Oy+vMwY7U|GduK1|of^QF}9a2sC`K zi9A?_K!4z?%>MRoYp$0(%cev!j*{|TvMpu=UZOTxIhf8kGPJ@jctseu(oF-9R~97n zs}fm~4xj=QBC_O^=X9oN5@;m@M?%n9Ti$xRI%C4yKfOgP!x5+N+LO{>E`Ru=i||D>+9f^}u94|3m}X(z z0%ijGLcACt>0Rn*o@AGI+POW%I(@w!PgDv&Cx* zxX+rQXj~U+jeFdNV|ChaRzvPM7rALBRgy$6r12J ze&(SIFVFeTJ>vRp8fA;m&Jb35n37NV5W#AqtC`}6B$Xb?%46p+X7&~gy-VEyLn9Tl z-A?-XuF)xtTcG-8PF`@~X4sx7-bw=j>#4 zgtU!Y+_P#Wy9Xi_wBe)7KxvwNszhcTnH( z6+9AuIt9ONEV*ZJu%LJD;~$S~%#+KHJU%0`@xU@(PI_FAY}_fAx9SDYO8J6njR)A} zcP2HXU-?KK?HKgu_avp^kGw`cpf8H@hFk_p15T2>EB^ANvb?@|`g&40vgBuZy{W6G z2K3EQfAL3o9FYD>RA2u`3?Z`QNBB)&pT^!T`9WUqc<;GSY2I_c!Ebqe>-6vLWPy#* zJ%fXBCzZX+Kg>Mxg5I>;Pehiq=Jk$!{7RBD?@$kjnVFkGLKgI9FcNABC@15ulH)b;7dZ` zdGYbMr*Ez)i0&=uov1&z9k(%Kq0+08LYOgIiw+(xu10s`htOhiu}oG_FWe>VzmV6P ztgnyCu%6HhefSk)F7+4md`B;wh;Jb1v%;EFIMuJSo|ok5kLl|-vcjLD+j)Jn^}>9q z@IYSg<@)+na$S+vJJF-zk0*OHyeUP-x7Do1@W#hm#<*jGnI5cND zX_&?_oW{tK92xmfIFlQ5W}+_>Rb^?QBx)N=V)e=hf2gl-PZq-DN53&hMoQD4dqC0V zp}!5Ija9q?)tMK!ln27BzR%L%u10}Z-?}O(9+4@3PM9)z^*xa#TEXFg_}BXf2ifa_ z=Y+jx$G;`bSL%gdkmJ!dmtw)>_v{cFew8$wi?tTNTNrL#Uhf#afUgCMY<&A&@Y1b( z;3@EBe&4!Zp+w;XR3F*6UK$;*uRnWXa4^5GNPc<%CE5e}GTa3W-bf!aefK?RmYEz*Fd_S)JEcr~e>2zCOOyU98VR8sX9^ehB=v zKJ_B9;3+X3+Wpkky3Br^UN_{)8H)Zv`E>R0e)GT)E7@mtS zvnsFmlX}7LgreE+ zfuilgo(08)s80{p#P5?W*d^Cm{^5Z^H1`U=6`v;i z|A<#l^6KB^iM8_d9diBg__sOhk%c+J-T$h8pCo-)+Poj_y**|`o5lCfLN%5uvPkt9 z#gfU!*Gr*X6iOS(n^y6YxH;kCn@^2$Q<3MkzkocoWWdcefk@~Le*xsrb5BrxMKacb zcAtG<;>NH>xo#E5Pz9Iz@Lp~LkHz!)$cd{I`|Il;k+0v7uT%8(_sQ2U%GU|2)BRfx zQg-OCRO#!tlQJ7^`3Zb-gFJbQTTelh!+e0sy;!6U-QbB8dg0FA!NEYpp9kUmY5ln` z@le3Xq?WCmzm)v2R^=Z&WECfU4Bfm~n5`6{{MGXm4fjE@>FYm-Yv|CWXcpC7tv`1} z4qBSD80>H-stdW*#V+lPnyvf(j0q^3_ zQ;VO+)WpZ&e(~KDfjyL&OP&3O}EdHU&(V?F&8mL5DK z6Vk6Qtckydhl|U&;D5@iCSJYBt3U8+Bd@mbDvwtcyn2FHJo+X6h%~e&uQx*)s`hVv z>gEr#p&EUCgGkRD;k(=AxqI`lc--ec!{Z?3xs9SLJ}cwld2Er5Ega9~C}I_Bm(I6U zJZ7|;$)nv&8SQ53Xg9}>c5~clH)oG_(-`gMm80FfYP6fa(QbZxw3}CtcJrFiZsv@3 z^ZwCper>dy4~%y6!O?C$G}_JOquqRXl-0X2DV1yE3jMi05!tEV|I-Ng!WBX_F`}YX zqt#CIcFE1(^4yhjeFe(r z^>ylnPZJ27=Ha^eJzeZqp(a&Nma01;D)aiz>V@TFiP@% zF4Lb23u!<4Z<{Gir~V+U?ez~HQKP$}K1!0A^2&1ZV0dQQIXq|Lx+N&%9spZ(aoWHYQyd zK--zL%a)$!rB5$-TR0&z{t&yO$TEgxc>oi}QvU<&Ak{~LNGzc>3)UjG2sfynx#D+ag%ffTMJG+l!t zR&n%Fq=@miV*Fh){x**PdYG8;htKl)*l0tIT{_hK=v1-SE_-qY@abKD6k)d!-Z0p) z$G|l4X{Zh@_2fQ;R{Ge=gOMfc6tPZoN}muCJVQ=xaQ+^gz{eJs1C0X5?Y8xUO5S zx7YJ`_5DHowy$Qn-c)_AzV#=d4IHHf<(Y1svB6F))_-8qgLpR9pIeQ88EbicroE>8 z$hx%|Mf`H|!IIdSeI>E}rjm1YK#BMd6%AVBqp_YR;{a!aL;j#Tee-xLl5rZc5YfpR zfXvwdd!YxWItbvw)f#{5UkvYb?Cslmx;GE^MxYda#+?-bUm&S6;LBzcR?)rbcG2V0 ztVrs|(F+S6DywqgH2%aBTHVu|BRmjAGJGP)LutL41q+_`SxLDcvYdZSx1A@a>FEKV zrC&a_J)J(*rB)@-8i~IcaVnnNz3j_8xLYV9=ijN*?+Q-jphtSTdOeMPIZFB|{*%HR zs`bJda-;(ij&?IV#+}G!N&BQ1ticj%L62T=9yj2$nFycGgxof`q}E(xMJ&x)(5n|5 zTmYvVC>o&_DfbD|dLFi#DZqvL*K4smwt^R#QD(RkV|WAs7? z54@)78#dx^#iH5T^Pe$f--EnRmPa?wDS6^CdFR~k$1cjdWz6g~_l6_Ow9iB)&S0v; zoV|%=S$FR07?NEr4ls!WH! zuqO9p`|RJ3dH&8c|KG+)mu~}Ib6l?>eTG5q|E;#?)C@JFM)SX5i8!Uvw)Eu%J!4>F z!n9hxp(J-=K>u@(zhF?y{bT!U%PSXMsU@b;KQE0=NKy$v|#z?<=-VwXIhB z*0yMC3vEphOHG0%0Tm-wL~&tpx#PG*R7^mb|Mz*$y)$=`32yxUn;*%{oc%oKInQ~v z^BgG+CMEWY|Y0S$6yL&tK|Oy~uF80J|@x zweptai-kUrT7+60<3fBQjc;Y<4h()CDK@lpVq zqrfIx=BlpCZcj` zRSS`~WGSboAw6BBS5(cR^s6~N9qAb&{cP+yq)+Aa45Vj@^pdJVNp6{UiOlmQbU{6(45tFrS*IP_4TP2!vqfPe`(W_ z1wPe*?d^Wb&N%v`RU1dxqNiHo7lXc))euL&(<8|*qe`#@)MA27ITG6XW$4I|rCIVd zC;tv+r`Q3MTh^{!{dV<{d5hYJE`okXe#OM$Vi0mS?}L(^wK<@^Tm9O}Hg60*r7iN8 z6wCmGo`N@{?1{3n$QhmJ<7K$QMKf2_(&YDVi4P@VJve(iEb4tI59JE=ZF*E_S8-s~@ZeaSo&xN3mitKES?-hmQZAr>9U zS~|m9dU%N&nU@U!#en@;@glRiom75@vzDF%a5mo5cr8Ajvv1S-EBLb0zTMu;y5Lp& zY%2+9(S9Y{_^pemqhuSjR#HP_R$J3vS5`YYCxw*6OighsVfw zKy~=kpE$iu?_|h|rxE5OUiuuky6Wty38{WaWIh z2sn4Olgwin%EbUjWRKG_o}P0!H9m(go#q^B{)w+X0aHy?nx2#m|m9_qGS$^AF)S4KuAD)nsPg&`N z3h)A{=5J)$S-#5_yrf+DlpJo0_IOGfE&CP4@`HT=%un5+qghqOGqnC`-dGc}FvBqn zS*`4#^V5N@eGICu3#zt9NLE2Z(KNTR1M7)Wu=!W+mQ_qmy{=8FY3{=j9y~Q@ryk$q z>qn9}9m7-k5FYL?ZI#w2eK^B!Gdl6csAAR2k-MoCDv|C?E`ecS#lAqcPrYT6@cbjU zM!1z?!BQ_DkZ{GLK*I1{5IZ8dMqN}yby@Xv@X6SmsO$kKK{;nT;q;7Y(ivMn_f@H; zA8OX@k!qfx<*%*65$NfV>S5%d_|`t{c5L{it_k_UTcrB-(BZ7$br4)L9vfks1nvsG zlPYvV-{6?g;cO{fiZk6``lYmHIvN!Xl{@Wns0lP-h6}}|1JGM!rhmc*K(!=%#y&u0_mC8T;| zFLLpk0y-$_-7(5$YEON&Q?JkQthJdjAYlhs`9eSy%#KaG4ONGlth5SWJ;uQ`Y>{cOqg;{!{C@n3KFvq{p5^x}ZD((|xX?|B#}X^yDrv;~)dfooRUVf+U@BMOGJ z>*=>E@q2F52YD#n*A~1SyjUYR{dV!Q64gXAGbtl2o*~CGJhWNJ3k5Ke*6hZi6?uoa z-B?R>6op;~Qyywbi=KqPV5vS;+M|Q;H6z*=e>0=$_=|lGZ_OF-aMq!iq$gJZ zSvnqpKul)Q{Yfc?%?BiTQ*eoMQ@LcYGqrH~_t|iO5Wu}qaC<;GSIl+-? z#K}-0i6jz4L98yyHu6mT9n-awOU!xrl+$P)@^}x*)B7^ygap5BNXYZS{L-l^1H&qy zYpBSl*1fT2axJfHq*x3;ig4l)*f|(&4T#?4CQ~;tGfU*|j8@ecA3R^lcPruq3*l4jwQgs*;>}_|K)txu zEg>sEfTZl`aE!p=-Xv58_UIsPHkw7_;zU^ivAe_xCnO@*S0;Rr=57@uz{*6k=`X6- z%_@;gnV-i&E9OSyjy4z*=O2%WJ~w1oIhzRCGikaluvKEp3>GKS5~GTDLG>a(HoD=& z2tUW9W$b@=1fS>1VO?4~+!mdVv>l1GBWsX$0n#=n(%z@Ekx2VfBJE{L8|W`;LGnF+ z;ADLw+LQVP0#(Wv3OCQKu`X!`|YTEA*AP;W~4gljF%*F-@HK$9zXxv)T2>lLzb=lq0FB`p~ zjx=9ZGj~D5`SP{UzO>*-KeReUEshIODmau>Ey0soCfV`R5d@*eN#4I@lH)?^oz#<1 znY8n?$&nLIcKX28GeUH}f9e%sT$YWes~jEvIX?>;;| z#qc62hW9~=;YCvn@524n8J~oF}ZpZKPl22%i{Zl}%BgODOO)_|_!%W^7H`j)O0u{Ln?D)mkTqVqd}jNT;NBb(#;-<=RUAF(q9N9X%qg{Rthd zbavcAwoIvh%y_r*vAgMG2hN^gNt&m2YzYLf;COpk7=>3T} zcW*Am=x#2-)~>&Myu;o2oyZZWzJX2r21Dw`!Rsaa!~a$J5)p!4qxd`DfBqC-MH5Q z%k%{IW)di((@=h=;q)$j3Ks-=reOv@7Kz3T{=(%^_9vnZuqXNuv)$>5(T2F(^YW&$M+OEyD}U=0 zd2{niUr+Hbz2>tdeI%4r{E86HB?yz+Oz6i~@uNGMLL7@vyO%>_YQH8`tgLMmg(*A% z1%!fB^i%Mq99M&m#tI__6Gd;)vhOjn7SMH(g-H0Fk+6&&01($aMVx!{@i#NRpHQ0P z2YX^`*nJ~|gww>Oar7!vXMa#VtMX?|u9A<8E^x@~0o*g#KwhmkkjXp_X zS2+tO8`SeR!@Ona=Va9mQNL5QY4XuPsB7frfyC-fdP!=4*KSv+>lA725z*Bk8WpUa zGFdxu`a^K5aLM7FQVm&?MS|=Uyqmsy$>A95c_=*)S_V!~X$j`Z>a09e2}-g$-DMP= zjiQ0jiefPM_r@ElDC3r^6D^O6K4SJk+@@ZP!EYuluX_{yB{o~{kEWtCVBmqQ(aF8J z%-+m_MXI>BLK~ERqNj0GRP|d$hAo@JF)* zS9D`>_u(w(GT5v0=5FQpAG?=NZdvzR${Y9^`ViKv9f44(E%kIxj8BKM$C=s1M)r{) zXIBiZ%0#>Q^R~*NmI{823_l{-DDr%=KG!gqRuGQBlQzRMF z#jq>bnmRW!42@79X;mrva8R~7rBIW_iO$!y)1f9d<1Jml9O0e!PiHs2qxxYBu1xeiw{$JKG&Nr>g7e;D19t&%wBAQ zgY(PG{BcJ9`P}Ms(3z?ZuR3J`wyRFkBiL`nzdM;77oEuy% z_I;!XgY>FPTr4V(iP5XBaDv-{j_y!2k5<>ZzM-v9Z|?{WmDNEs+D~M4TBk8u7e*U> zOKy5E-JmFRyYXOT8&pGN`wm`cu161e?^<|lc-JEzLtN%n|0CcW3tl2?^YWuv7*DYr zdoeg!Rxi~J+B0phQEerv8RLA_GR_4^j<%TNID^I!ITeHSs%r$IH3m-rjM4$4GIJ)M zMjR-Sz%NkKYKweo5H0v<+*kpaV@dpaa0KgfA&;e3vzV&&Z_>X4V<*Qre!=)Ey=pI! z!FY@1y|f2CxLQVQ7(7WVX!kYL>uwWt+ic77p7VDb-&Ox-#`ndo$>ZzcA5%zIqSf1R zgj`-IhxY`FeA*IMwC_4>?0h-)90Y3h1jaY4mbs1(-^%!=&L(n)uABB}#Fxv|2h5Ay zX>=`qCK(TV^k0JRu@CkHFG2U?qWuEY{~YSyP3YMs&~vwmp6$j!hM)_|@2~}5G{)I# z8E5A$7-zk#PIU?p-PArO#W;7~l4_il7+bN)F7Z*wtj7~O3^R!8=0?FhWXU(Q(`6N- z>CiL9b0aH^HjBIAtFd&&#?o;ULq&VZ&FB-17V?cXV^xd*nM}hfGr2f^VVGQ;;Ma12 zTWWaQYkw`1dA)VO?-1Ai}*22O$x6n)3vfs>^ipR)sh2RmWJ&i9pW zullcC`g*Xa8$E=CSU$wjf`723r8~*I5Nn1&SoI#(sWZ?j%wmwgr??~+j>Viz;gTiu zDwCoLV#L$G7-8E?njBeqO}`*WpwJK8n2!&Gze@m}xVADfY8tf8uNz4Ai<_+I6W4%! z-}TCU$+BLfZtA{X@7{RK^~y`RUhU!kpRAYkbF5dMv0gu2#OrnL4c~3O4&0D(y&w!F z`!}SJmmoTlAzKTS|g>786@RJg93)>J{ze{-SVcYiazu|I}xniN<94ypV8Pw(eR<*DZtFT zb^tRC>ZxlB7&E1s$EmauF5??y56bk>8m=H-8UM9}2jiQgdJ7H0795FIeuP$@q_(*! z-9zn&v2b&KG$+-Esl2ReoUCa1{1Gk`jTak@`?TvGD}iGCaq^LjPVCMvsZY=-3j!OW&44zvtYDtTL?h`#o?rZg_&)50FNw=4^(tM#8Ps z;7$*?A^)eVcDF*oa-JZUOHgm>PV;Y)wK}@mt8WbsgM(q!dTiAV1|VS0;wHEJ3m znBIY^-ol^~cP3lHSK}`%6cJggT(4K7fUI&cfPu^~k}FK3l3W^J(00|4r6?BICLozlp4+LMwMacObzX>nAN*{O2 z)UjaA7@PH5T4>3|wivS6!afM3*Dt*8aLho7V1HDidFb-uE)yd9m=4BMoia(yc{`milv;2d?`nENjY(l90NnozxJ3Ins;p+Lmx3Q zbnGX<&|l$~e&RKBFg!^kX8`MuUIWY5shmIv^&9*&^J$K{!U@UpMN0cukA?aB?Olm8 zB?01ZYflr~ohS>zPPcyy>z|R-qs{Np-o}rPOMCWsdrK2Z->bc2A%6K!EXQ-A*>%Tm zk0%EXU-Pfmn?H=DXd&h5d|P{`vFCL7`lJ|}RX*#*UiuCDbjFWUPWn5HkBN$$a(t%# zJMpHWul6YqW#Cjj2zv^T5_Y>|f1*^LZ%Qkl_v-+C}czWkNHp^S}$8p{k zRtEnD{XDwzl!D1UIxm4x0t347i+Slu{Ng%jEX4xvVtL#>PQJ-2&*8xIdbE& z*ao{2o`c4sdGX?0pp{bv{+rzh&>YnNHPF({x!t;v!d^B>a96v{u1buquIknm6=>zu zZhKI z!VB>g^6YKUnE2Pr@G|*&E45xn>A>;zlFPqIa#gm0`Pv{@)Q9;aybd4m*m;~Tkk{62 z#ozMUEp$6pYFNt_I4yhLPszBDzDl;Y#rBpoMt;q*fjMa!CV9AHbm56It{(2QCuJ@bW&sMH-zRHD--pOl?N}^mL%0YZ2?I+U6 z2~~3!`&4(aEG2N@1+43uHc?CrX-d#;y4z<3q{GDPoks}CcsOsvV7{x7%PMV zdLUVEe_7&Zv$Z<$t}>%5tflVQ>^xeYQQQ!FYa){|)5VP#2r6q~o&{fZ(lkyID{Y{- zU+Ijzi8bC}uMIa7Mz@AHp!!g3M+U5U!iDKhDLw|%M^TudhYy0Vs!>5jBlx53bnZ^8 z;T*cn3;d(Pg<+Sdx=xhK7v&ztua@w7{Dm_`!wajr$UBYCXSX!@1&oG*-{jG-7T`+; z5J54()v3*H8HKmVXNj#K7f#rbOmD7(Tw%cIKh1??|l-i7)lyp7YSB8 zsyd22hUvY>0$E)qPgXnRNL0uP|3k=ZTrVfwEPiqIoG^v9!8#1!NeSsy08#=O!!a!I z&6FIw^aa-qW8RF*AH*W)^-d;nlwu2xCB93vMfC)QdyL5*Q#i%~K_&G!;kn>$ut#$e zbtu~d7q8Ir-9r8_%^ZHy%yIv0mOpGF+cePnO=H&`BD-*C5dH@KLjBkKS)gTLF2AlT zCdfp&v&*M$Au{Gm+p;i0HzI!{M54|O^Lfwy^N!tr*R16Jhg$mo`dWyRN=GCDH(QWe zB8*LXdgMZwq}*RNb$}I=!fzjjC^d{RAp4ejkho==hovNON;7TT&nTvXnh||6zLnqQ z^~|_;vq@p$PWqBPPDTYyMFAHYHvn$zVA^iR4kp5(4``NHThY&4aRXxo z7DW3PKRq??1h021&--t9fwrjM{%L$%*qt4^-p|78jO@XD%sm7@DRrTfxeni(#NzVfmo3BZ?BD8<^fzU6dt-y7qNyo>yRGPdGlvzzw4dzSFD%5D=m zS$89666K6Ca|YbaIWs6{3gu**IhTo?x_HiKl}64_ALX2<@Ui(^%6U!Xm<)9GlcK=k zN6o66P$2pya;in64^yMVDQCrHhQsl-;#~#F zff61haupoozv+uP&>fr$YR~#avT%7SObeGtIjE;qu!YMoQaIUq@i;4WTf=#V>R;BL zSZ!DU#9JyZP>}`VE1af03%yOBK((=aS;-!s_5{D0sBNL9qE{vC19jAz9NUWFQQe(c-s1(w~%t#2* zw=nbs3gYmqA?8DBm`;WR9}EWr-1KgNstF*@n(hS-OqX0!21u^yr%J9_XGyMk7eT>% zRRR6Itl%vC^%b0ozvTr30*VKcmVbjek@0nG7zmGMf7mYlx3E-4P7o52XMwTg7!}NU z`qNk#SXt-*L-&+1Ax#Qz=byY-veJ)Pp;~KF0xzJd=RRQ>x>{Blvhd*?7ae5vS80X) zen)U(AheRq_wW`F=6hM4VVdvfOsCzo64v{dWOWGTZbPoAMY#aE(M_gCpM67AO{|n@ z$Jb9l8G3VN)iZ?f$(z!}qX&;l`ULQ(j|fdP-M$2K`fp}cHRdjJ!o)zM0ugHbdXp0$ zd_g3>A`(k7Om*~?SF$3X zJec%r{>HLt)j~2N*b`bp%1qW07WpyR_&VZ1rKSA*K+mPD%E9_2HZjGC{eK7=^OK-K z$KeD=0u0NpNPyugI8uKj1V;I+5WsF-=H6)6Ki!`K1WT{yPT116fQxlm+zVqm#MAM5EXl~qUlH-|%?Mx;UXab-dWLu0>gq+s=%RM$}r*x|1hE)EShOoYK&P zEEbBTT^AEVj7tP{W^!xTg&=uWi<0dI#TTuxd8bfFvN>U0Kr} zK*j7~w#d6jU~2r<`~~Bn^NsJV-#<3q-sb(G`hCX61$(~d_>B1#?)g77zkB2#IzQf? zwXc8g@f~|he=_xljZcZ_AHK%IGt;fcN}^l-eErqeQnQ2KJlWCj~w zdL%V4ztwsWA<*aSK88JsYZMEEfmDA*i5rea4UjTeLZMLDvNi+$<_9VLAv2wBo~vtl z3%9WiN}cDTI7Nl-C({kTJm~lL{#fYuuaLD%(`99rOI`bjS!E0r9}_RG|H~+Q77Q{_ z>dbSg_pLXwZaBofRt-|``>T;OOC$y9+F~(cBy?J~1ztYNw{X}WD4-qi5mE(Fg!L-Wn(44bP81yVdxE1Tu}n3h_OZUMu&x(lUQI z!@Uz6f)loaIMD&dwF4X{8z-|6xIoB=%S;(@p~0vAoU-9aN4}tZIwe)_(id^{EgVWD zcq+=Y8D$1y@6#F@?Ocp- zNUG@Wz2aw=TVMi8Ql@`8_6X|@DfeA`kIbU*j?xR#i_&xD>K*;v(u?S1upDaqkUH_A zlXCTTILhoua4>uEm5*$fCQ!Og;PQiv#6@%4rJ~A4smQ+pWgiB&1D41SG^+%D&0UDJ z4&a%A+L8<(Wek%VVlA-*Lt%%Bhhyau;_0(zP zKJs7s2Krg1A2~NM>re3ghn;WS%=(ngnDkUQL+_H+QkYWwi|AHYrZKOF-pz+XwMr6> z{rbZfky$C2wSoOFK*dmDI9G5aoSQ+*7NDBxF9-+Y$O6=RzIXp-xFC~@^Cf5_`Fc`^ zaB6aleeN>vx~gU(rhPB`>-TCeNE2 z`8l;u7c5d;(y9`j7utfO%}ZLt=#o}sGDCcdQ)vqAgICzhqjKo5V^Ic0x#=Ss#;VHf zbS|s-RLlBM{3jY_%w=3(gZuc-V75;!LxNw|vuKEUNyFw4nknv|m35!q3m5g6p8h1# zOuy4^{;Flx5kOG@wTU^3&_z8)q2Fd{DfzycaVawqIjqo(9HzW%-hMj+aB}g=7PWH> zObST}$6Kct7N5`Oz`Zhbk*#W3#KY&;6vvb7(OuNUF)>Gxo=RKdAf5;ZAywJf&e!}l z0haHvekaGXi<(Hig8#e_E7%I{F^aaM+FPJ+1MvACK2LxuCX+_zQS7nZgH3pO^qq&TEEptj4g)@>v?F=DU z_qpP92YFsVM^4}hQ5tl~1SYt-NHtdy!k~;#8(RvO)i!VF=r93AZ|M$c^>TLH0D);r zHzs$$iv=iGmN+8$gwj|R1I$-I3M05gD88hutpMK48jWRWCywx=T3WVVFE3s+;V>j= zPdiQlSYc*B&(=rGEIg9O$CFRYtcFriJfa5;e(&KJ@A)etR|(NXD@z}>4@mx5h@C(>6)#z4)pl=}<5ex}M$9L8QuT1_Lux3jLO6SNRNaSQ{Yf(@K^mc)8H> zL*ysM5q3o6Rl^-isyUaq7cufzOQE$HL3m;<4@V)xb*rCI?(Zlkxu%v$Ia7cgeIyq! z(lr}=$kjlMdH6RA$T1x=$TVh2QAYl;(YUPOQ<~^P`|ED8T-NiG7lBUD`8)zQnt{5tivl$?r??o$rX{UQu1e^HJMZxUZo7wne#Qs@y- zv65}{D08UI?mpCF4-Tj3)l#|UecD~!b)sAPd6TtE;%HSOhSne)X{>pzAIHLS6U1?>inJ^}bcz==37}K~|)RrNhQNd}L3jpk+ z=?JeMT;4WXfybW-uH%DkD~P=pFJYSwwdsm zD%JbafdexEgTn-aW_RO$z+iiM?O;MHj!@a?Eq$@-l?aLA6HMk`F0w*k#gti~;SqgP>^(b)t5f-wGl zo6X&IPLItkE0cL|EWo{bBBRlJ4X>jKQn4kQ(mXa^;r)vUfA- z_)b1&xGh3n6zbG5Ab-@(ICVxDraN_X$2OpFiwIzoEwG6m@-yJ*Sv1!k|e0eB-(+9q!Xg4d?RS^%t_~ zKY;-h@Qy>;imlF$ESeK9#kii7{f7LUx%pk&o6^0-<( zv>>EEEyTaEhHlxO@Lr{Wc2zf3UvO4c09Ea5FDvu|wJYPO;?+Nm=*kVR+7o{~dQMp75V7KaB7fNCs%04tA4LkZTf z?P6_$LzMPur~d}nLqAyW497@Np?2uMOF&eQN;Ql4p|bi+{L?)(A1#w8i0Yk|`@c#g zwC^MMv_I1w zdUv8b>lJs_3+`2rE^;7b^g&k?k(J}JI#9bjYnxknA=;mUwKnbRkA{?2fcd+XM(;K0 zH9q^^*j{(&>$9Yq`*4o%+T!O`Qkb7dyNER;a0{<$4;}3*g~%_P!zqQ1I;GVl(?$*< z$*p522eA$>bOaq-o`vB(1hm1-x%t%_@z-b- z@YI)`IgI@*i&0SA+Y^x12~-#}28-WKdS?H|TF!P?1DMq>RF~I2PQlUKTd1$d31T=j zXkQVuTAlW#BaB`QjbdU3;i)9l^9+;@Zn>=by@_SjJF20~786P@om3kvwd0s}aMQ%-4i^f3fZnrHyr%CVMf3KJb=7`P7|A^kWk_>4~IxJO=+GIbH4RR-70sX~^OAIsm$?vba}~n4=wR zTZJ(R)LXB&d_vk6PlafCEL!$y{!1X6d8u6ox9e83xZ%nV zBa=)XOcmtJH0L6-Q*pHi5{6Rg1Pvt6*i16R1Sj&#WP8448@yB~wm}MX7*C5$dcYsHaVcG0hYR#vmG z`JYnTp>(@Fcw&T}Pcc&cBGn;;_5Y16R5bb6Tj-7-@fI>+8tRJ0 z{9%Bfk1MH$g8Ki^UF6?QTd3nw+Ct=(OxJua5fTcNQB$Fi=tIh-ExZh{i#D1zy}cHj z9`TU|3$bJr+y2;tT&hv&g*mm3ufvfh>Ms7R@ilTI{uRncuBBv+T+lt(d>QAwnNJ+} z9DIFyHeb}{A-9I9ABLi^&@ZC1q9}qEvudYzOqfYKI7V-C23WIBU!6zz(xvBqQ|%sI?~feg6*d_ z3&5+t1xM*WAyM_eu4qJ_NXaEUFL_k3j|;;dlc-b_iSzZ6Xo4uk`+bn_^Z;rCJ>rYU zQMTg;>Z^_Sa4SV7%uzc2WT!FlzaU(hWO7iUgI0CcZ zk)AZOmtKp{?01(P$C;ImIxaIyOP<-F5y{KD&z3a7XNF^fAEhNtuw!?8f)8GL949zu zhOW9Lf=##*!6rnM2|>$Ug0i~=o$qF}5o92eYfpmAu25`#|1LZwMmf48)jUyKWaaIATi(^Cy-_J_Jml-=UH*$eEL)V;aC|x!$cA9 z15o=UZcW5R^-jGyU)-9onRfb0VGw#=6ewl|91eh4PK8jS$A)9_&|rw=;HDRXT~v-$oYxMsd0~NIY;F zdFxPU6%zH6uav7{c0ucQ@{kwdpK^}GqJvYNOC*eog|NuvE9pfNdVkNd!4I4Y#g1f2 z*mcXJk{Vwq`Q0d>OWFFby`MwP5 z-~9vXC-x+7M*F#mr0*I3B&ofP=N#YmetewU%Q?>NHI*FS_HI8$d%fw?IQCaUpZ2h! zPitXUbwi&9KQSg5txQ8WJtxdw_&MQ65_c*M-CC`wTU$c9wcABYq+VMn74jtlsj!Y| zQQ?Dvc3%#{FcXBq3&LQJ6L&Yr3stib0 z213+~E>DiPXX@K#BM)b(YHN*Hz|d>tK1$*R=Lr` z%8_wof!CI|hhosDot0(k+hWkSokIGyiCGqX+n1)kZ6Imkn%>KFYZH#zTUW(|#*Hqi z$m1WZH8e~Q8HmO{)i5)h{xcHL9~9T+dHKs~C*(ya+HNvE^FaUSh5~T$U{-nIE4ut& z(!l-Hs)3_LH+msn`Or|Idboo%aC9Db*TB)@8v;596HCa*!|ZVl9CIaxQ+UyCQv>%< zk_OJ4QQBBCqVbHBPD2CtJ~VJIk_L_n)usl|-O zj=P0~N*1dV-K<40bY(y7PdSyB7%I4fRuvraJqi6A+${W^Vv1(SEn^y}*P%~-gQQ*7 ziHVjs(<3t?D50r{Ta=`TV~6AKpo?25ba68NEu+{#238XtVuBP|0#%%46U@vNn_$PW z^lux#yZ&v3(7*ADj<2gV^l#Rs*QeC7{w*1QT?za(Ryp!aFZ#EW68g6TcgFQ^8Hv;v zL@LxkbOR>U7LV)SdfnbV^>6?0+(D0?ee507HH>$V3Dbqpzrpe=)okMpbG*0Do(o~@ zRkyHUWA36byB{+5EFw-RZg9_bR>|?our99H!sHevnA{Hru`W)Imz!fLSCJ^!jB+@m zJL!2vElh`+p@N2x_@{08@kohUMnyS`j6C>OzRku!O{lL?U&vPBZlM?A@TchC3}C(A z5E2*F`H&aM$@W?xXBsTv*LAppN^W=kY zz>mhC*Bj-6Kgp{^xwZ((Me&+)`Aty)&29@CS&Cyne(GjpFIWgp^+2JaqR28mmME>w zxcre|5A4_sKH|H-s~Wq2}JZpaZ} z>6exQEFZR5!BX!&j$oNN`1pcl;F2V;40jo-JerpU9lF`TYTyvYMV^%Gu9ar`#~{hfjIEIpswIdCHp-Q(pgrrhINN zY08raBu%+S!~_ztZiH@YenPj!_sd-3)NqM2#3fFY?z$}|C&I10JFNC?wZclh=!e6q z(S+5M9EMeU0#=Pb2v&U-C&6k+wxIwNrpe<2Bm?qs(km2zwU)!NI&nDuu|F#SgK{7o zqemzB=5@0EPu8pZ^GQphw>W889cDDfe4Y{i0p;kiDiZFK6+8_LGw{oc0?MRxHB8K{ z0^^RxratrbAu9dMhFU5Eou%(vj+rw}~fr*z3p zkqJ^*1-+ZDjit*n$PuqAoN|jLD$?0~3_4HY8qr9ePg$N%mj}d5m)lxAPDr}Tv%Jd3 zK5cm(@R6$3LJQ?po}s%L)9H#q=U(v4g(qIq%nd)2`OXn<<( z`#Ze~{)lV97hIvc+6)<33{nc;!)v+KK>+|F6dDSC&+D@ZR2u-> zrkj#Z(U&p|=niG_N0JWwj;0zxpQfgW`IKZ6ik?oxY4NOQmngU4(ab{{6(16X@`aCG;-!^|H2{1CzU+r!2aPO;;Ir((N;) z1qROz!jZVqbR^zn9B&KL*dE$j47!=fwnhMF^&2&9rbKRI-?tR-?;a0)$`{?^ew+W% z&E17Y{CAY+`0wR#=hiazH_`Yx41C7l&Lw8JobHd67qF&;zRc$iQ3nQ#a(WxGynu8k zNV=?`Our($G8tA6;;vwv~iYz?68|W? zrLKcHN1xHdmKsAM$Bu4#TK? zTGj3-(RZ%%=QJ^Os`dsW!D|G9hYPJB7*Bka*N`i#@{e3vR+D$b*PS z@3$H-l4|Jsr3FsqHh92ENUL5c+k!trU(Llm2K>-j#(??RfcUc9FS;2~(ik1aU8P=% zeX*|C23Y#4QeOJtyKVwh8@T84f_z!a_MOGA?Vipbp1jRxP)qM;g2WbEYOJu-I8oI2 z>`ZHoCo%=coRVIRGx_DBU_t&dCXkN_(8UD0lQ1rs93GQCC$%rDRan(e^=tl<9P9u| zjYp3|`^Omn{G-Ql{D0WeWBj&W+qclec)SfFKe=z7WsSFS_Wvfu+b9P4?H+IAA7}N9 zx6%1~OS}!VUM|(Uo#hv}v!u{{d@S0fhKj-fpmCc|ttj@Xav6-TyZxoFExB{5R6qDc zI%Sq3U#fYOxwbi6#;sMvr23uS(wC$)Br~GU$%EWS8_R1UxrN5rf|sEb0A1$vDLZ{d zuP?gNkD{x8O-e%XB^ItSQ1Gd1%2~X#Ipf zRYfRU!I!`b(O#h+E<=^Ya2qP?b_+au4W0f_IJAT0KZ*e~)f!a4ZXh8{;+DEgY>|9( zi{u$w;iK8V0USe{klX+vztXOMM4>zDJsT$Uk-`r#gL%-H zL6|OxVW^WvCr_c~LVgPT;ylX?)=*h7gA4*vWLtbjwg_qR)XKJU)$<(oOs7Y2r@NJz zc6W;%y?LEp#qEj^&Gr|4OkR{NcDP2mG5_10EYXT)(#vbh?9nO|fX1Az%Un!v2yKL_ z(_ZU{&h;y;s(*u8`A>>u>{cq!gNz<*X?|rHdMI;6FYqg00~A32CVfGD&p1cV9O{a} zpHlTdNA1HmQ<-FMab)8;h-|!ko_*n0#`VpWA5su`2GdR!W7Un-Y^(&s}4vkK|{)?_y zbd*pGOi7^_NRIu%1la(Q@xWMb@|qzhi$_2A{;LNIb0IoT2y$_L@mO%|)SXF{lHteK zU&)Wm2jNc3{?SM}kbNWoQUbmel316|E(2O_=1AsUv+&{G)R)K9r2qQY`5eAn-YVK# zK<%knvNjWp*kuLtQE%5MYW6b7h!727B)hCYM(QRb75rQ7&y4TI@jlBk3^6mGzi7F$ zMsep?;lsTt+vxlaqw@vEye$2zS!zzG`Dh??c%*w1#Str)CN*QnLZr&@pEtsWgJzx2 z-W=NxLgJ)uF;Z@wzJna(mT`wj7u`kL+4P@#IS)Vtnrx!3BSY>dQCBoD&C=C#~kh$+=EDnmhPi@3!bNZUE3pJjQ+{VKl)SjV28 zY7Bp}jN#7HdtX6gJKZS8a2NMT>}_OAH_*ILkO0k`1ZZ-2yln7I9@cd!S6d#L7}kM; zZ$vDc7?#Atg5Q-bGP2vS&a(__AT8-9-3pvyS<=kJxZ%8EizwajW2mKU1~s-sEW|MS z{u@Vf;eU^?5UBYH0%aiT=cn_~?IX=SK{TTCmnMw>xGGGVG&&`y(k-Cc-E#%|bz8v) zMSryJ?oBSEKe;a6pJkskk4Q{&$LVp93?+~(={C#E(-UQ%N|Yrc7P(lIjkmkVvKGHb z+33kh@UrCImuQK}g{@mlg_g1_silB5*I^m|(nL$S)KYynny_nlqU?NgO!3@COG|SS zEitCiLn+qrUuJ>Cq(oVEj}@=fbng~)2Y4S#f1ee^n=wG9J1u8u;-z#5zILAqO~Wz}7Hl~E(+Bc} z!AjPCbovbx+2n58hF297CdCH}78H8v1??_oq&oB)Z_0-Z@M6`wqLrs^7M+Q}TJEd6 z@gv9R|8}GQQg74y=@>)P0_zxz_)4PxP>U-ufXIy)K&Z8&>VRmc^jIS>`61>XOs?qd z(Z}S9HjHK>@Xyg!t|+w5!WCKCS7Cq$Tjq@X9H{gB^Q^JXU2_T$^T(^9Ci))nSBs)u z-!}g0(GR*(#b53Ip8YZ7uW}4YE%y&+ri#D1B{}};!ehi=U4*e1@mJR-;;#l*aO~Bm zjo7OlBKB&hep!#$tDSl=T1XB~N)QMP>-GJg$9nMVhIOSIfIIaEBRz(sD@cp$TF8il^*-4oDv>=}LOGa>|30|=xO-Aq1$W1gge++8E2lz76I5M zDmUos`qopm=6Qjz3S54)H^4iLOpxP!#3r%ts#qDgQxHmAeYW^f6 z>x1t@;RZw-hm|&5uAns(!9q7cCTxUE2xZ^gy{UtRCdCOI_Wm$i6j+r}d}6{{@W4=} zEk8mM6py1epHC&%ek?@lxP4R*4b#ZltCI` z{!Eo%d4AZ1-sxG_O0qr&eMx|+c`pH&4g)ZI4Zu7MzyLUv0M6X@o`9+D4jAWqG+nDb zI60K*!}@u~`14ba|Ka5E=LxFnW;YDUWhYY+O^5H^9>%Z#CFI}$t^6K|XA`DZH!W#; ze|-0QPw(OG(<^#+Soe6X-RC#!aIf=&!J?NLaxh5>m1hhY4;Q0T+?jp`28Zh+7%ck2J_>Q11Y`aSQM>S!9E z5&!g(AqnjM&k2m(vxhKt4-we?XtW1B*eYYe@J<%8Fp*vFAdsiNe9c5J>XxYoa?M60|plWbr*u?b5ly7bj4CexTf8`_;J)33P z>`&?Yo%Fp&mHKphyvji;_LY$JoGbw=zZ45Cs{JhfgKGYDLA*0E=wtSF)`pMNtXI zXC#u=ThaRuC5rZ^qW=*O5f;+-tZxg+pIqN70ESRQH`#mZztA$P0xEh@+PCcU<3PNo z(H{IavUMYsx*kmJaRlX*T|b^^AiIc)($m?gi#88E8jGHoI`6#|M`B6qa<_OsbO1Hk z+G~?%TY4WsMLq1NX3R0vRFQJhcRUndF3Y4R|1L4H(pURynQ zZKBnYRFvP%N?G*JmZE1+(HD9xdbg$MI4b(Ty%u#_ih58qdS~i6DGwydT}b6FAw4R! z&CmVxDF5g@Iu%6uN-96RXPL02%*>?Kw;yBmS?2Jg%0;4CEqg9~8A|h}FHjz4|CYY= zA-!eKW}$C$iNrEKE72rve&~Oi^h+U~kyARI4wgeWVacfE`{?XCh(m(zTh1Kd(=N}I zwc90Gy90e+p5xPQAL!HW806D_JlLn*km=Lh^bkv5S-YXXtlV5s=0o2y`IDSV#uHyb zg%5ORjt}}qPJp7yr(9LA011tI7TTvgQXqmo{<450pI{FQSFP-R=!SlZ7li&=K!#=?eiKddDK!P1 z#&3Sl4b_Qhr{8>+K#0#jD_{q6ExRE{w3Tn<$#K!Tc!06Y6nT=w&3{2c23*cOIpL4d zq<^wTtO-H=%DD+6k!5|b7*c(f9Nva=dkNY=Q$c)qrE)A%y4M?Oghj3?QdwEcQJn^?ZN@)OOJWRiug) zAihiV{V(EsKl)COs*)xY-=id1rBR}I+9Eeb$U6gHzNRlzXqfcnLVW3>FJtlLOZsvK zzI;Jn#^cLD`f?7wd}3^Z+>eY+kQ+TYS&20+GHoR*v0k$RnlsK387(I#Yum;}hKh_Q zPBt~^W`>P24AKJTE4xifsG-)KEYwiN@!s`Syqc)EwVOP8|49jX)PT34oS|0lw5YxU z1@Tr*962Mo)t>baTC|aG4UgA1CZb2fz0?;={y;(Ul0SeJqSMSTtaTl3u~#u%^yLgN zb$GHJXliTT8f3-z-JUcNC15Wyt-Rj5rbzyP@X>@~V z)-V~w`g{ltDw+2e`ZOaAKTs%RtC0cXnsJ};o%s`x{Ol!$-W7_m?2C=>I0c9gB)?bI z@gEqnG3plH6vb(Nzci1EkUCIhPp2Yi7$jlXjpU;QribOdwdm`K%bFVv@;O^tsVh2oWKIY}3BirfT&UK?E9 z<0+~>uLud3UXM!cFP?b632r>4{*K@Xz8%*hYw6Y8kk-FRZ$As=NwwG^kFV;e+H2@E zkKJBkd_#JUPrv2A7TxF%dJpW%(|+K4VEbS0Iu7rFJ%CnHzX!JZxEc3hW8uELiG{=EUzSg|UiAbT^e0|*y7}^W<4f@RdCOeBX=X?CBDzQ#XC$S^pEhFGrFoGxsL8LDVf_ag z+n~%mj=Q3};w87n=j+4fBX6Y_>FVj3%Vt9dnR9;p1%*%b5opqQK_S<;YjjY5tDRJ5 z@i!6-3&5PWK;@M4Wo0Swb}1-KXQDs7U;Am~H*5X}7}G-^IK+Mj4s8Y??6}kp}i8kIROkbm(?EF zJecCr3|T4(9a;gj3Q(sFt_UbOOB3-$awM!kR3F0c_LQ9{Eel*SAFW8E-$<_Wn~gRr@&ov5;+T#SzC!j9oL7OSXPs_k zkGuMSy}b6Sg0lnerY0x;G&@o8diwSZ8orHQCHUN@+=kjqG1!KceFIIcsQ8w<@#8*j z*(K>vWUVnBKA5?6Wcik#Yc1Eu=Q3eK*bHK@Gy*1_eqvvO;vpHMqx2wcuV zCi7Y#bh8j%tUKSKLzkV=NexX#Rk;`O`rG)6V=sGQhyW^>7bCE959`APiUtR#@*kD8 ztNGF<0Fw!7zd6rB?fKzgy6TjP*8FM!&>U0a)2h~cmABWSLjMA#E!5R#@%dtNSgwb1 zK=BU!{`Uojuc5egK4pc=8+s<)U;1HHb7VA!cxoswa0Ht|UCye12R6lG(Rv&LPQSV& z&)f8#Bbk5lhYv|LpOcP5y92m)P=9I`A0l7TtzOLT?Ffagix2rya)?%E;gHyy=F`TO zt>gOt;`(>;y_GBP9MNpa@r{YrB>J#M_Vy=PFWfAEWnQ!$PyuE^E2MR3s3 zxXWv+jB1wKSNEFL?m{)Vkf-^S0Nu3}ZsC56HE!&!L-vl)y@XA+-QpE0jE$!vD(b~c+y;r?jIVgehveV8pmN1FxE>CBHX ze16HY98_q4?_C!#d^+Or-SRa}I{Uc+BW#=L@vao;6glqzUCZw56@qKtH72@{AI-Tw zoj~Ddc29t#OTWe};ztp`9qSvQ=RIBQUEayIaCm;(Y)clz;n6rC0gtl;Jf@$W1dn;! zgc)TAXZ+J`2{vd z)mWdh#1&bEW-QC_P#Y}J=aK!1rL>Iq@v-?_%E@@17z=**3HAt)TLi&p^AyT`|G94V z=wsZsRp0z!_jRZJfch#-sVB{_u{`$e?)R@xrf2za!>XTFv-(V|CP~hl3F!K|R)O6$ z4Sf2+hTQ5QwI@2p$)+yNqbo2MUNMj#g>ptu=6JO*H3yWj>p-usUFYCel<2KH@GF&h zjQi~4PmSKe-080fb&bLBfPNo;$ALF%p8fz83KE5B`>X+CL1!6y3G$v_3Om8tD$V$-f zwkM2{VavA3tpxSBE5r~o^Cm5iKNt<*=OyAFJYxX=sE97XktK{9 zyu~zELSe?q8~G;93`}mDR70$otjvXv(GFR2+XWX#NLg&Zm zRa#|jY@WC14H89|-6Nl8TY0T#BHew;r}$^1Eic85$Edu@vpld_d`Bx{JpH!nCDMh` z^Ub$_sr&$Aa8dGOr1c3cUvGmBL#4n7{!Ji^Pr6l?M=eWJDxKwur(ZR=z_7y8s4NEF z7xF`f`TBzmgc?Yqw=%Wt}>-Yz(qpZ%gMF@{L(A8WU#U4V-%4Bk`0A8m> zUbLRCdY{Dpp_2}vI$D^te+Fzdme6Pa?)yiX41z@pW4eG+EQb%#1Fg$hd6tlm@e34c zM{uaD4q^EicwoxM4>t?>*i$IfJ@kHZlB}z*KnYpdjg3c$nS{YA7Dn~-!{Yo`seDPm zy>f$qJ3yvX61dxH{p|#fku-Nl^4tef+vxYY?|POlp+M>a-CoxpXu=U#A~rp34P9;O zMg{Jq64q!(H*ksM_m+Fxzxn$3*w^3p{Hk6)(fals$Jp1;XzDty?d@s&-t947kN@z8 zo$oij@(uLOcppBMQyTd@sgv@cByuc1k-P%Mk@T=|qAGbc7K?C181-VZ#yXg3Q?3Al zP0EuRvfN4=PSHjuj?GT6bc=(AkDHd^&ESomRx>WmWY~eCWsJjDdf(7Tj@@1?!E&%U zpxa&gd-?PZ!g2~Bab?aIF(dp&ab^PS!s)})W(mKsiTpi{@Eh<@`&8fXlYE=9HPw@i zng1cO4*mcTrB}S2)>phETe@OQlMH5nG}_;AKd+aT9@>(8J1?P6?amkU7~!=^RlCX8 z@h}I;UfLv5lk(+aEgi}|;7seJJTrFG?NTj0g%0f5Gu*%)3I+AizYRPM6E{g0BAa9( z6ra02pGrS&E&a489lTMdkXB8G_?(53V$_hq=!WNd6pQ9QMJXmmQn`H`6!%mJ8cq^6 zgd&0CF7TGt?|q6ikH&4=gZl7)6AI#t>@`*Cs#`jLonW4Y}7LQ!mlLE_qexFW^7W8qKFCCux>A`=^v}{FQ@x`#Szi)!Z(%lFoG(&Cn$$4O0VQg{ z9qQ^Eoa|PbLx=lFA#&fKBz&bXTpp#3?wWf_;j~!SCLebtzCdI*s}7{m8gj{yOp@ zq)ek%izgpOiF{w_0Vz!JULprby`gNE{x90T1iq;rd2xFCxn?gh6S z<5IwZwk-KS=e+kOH|Zkk{QXJq&3*UxJ@0nTbIzI-U4`bYTe>+zie!7$s(O=8n9 zc*~T6XA}6?j#`EX(>M9Ga0Z@*(ePi0_huZG2ByT1N~Bi=%HB03Va5J*ouKVYe!Qix z@CAvkS7xqD#wYi5|K0Xu&hJFnar;QCb!(&qpGn^D&Ll$@V!tb+lFBsu_81#4#S*>- zvTCO;Q&=rr%rv>qy(d#_hL`J`;gy)C`(*WHqBGgMLMUKk zno0GIE@e`t%i8WbcM{ncA_ac8d|V2U;aiuiG89e?@`IfIsObY9;S;ju46 zhX`|2P0rb3=^(M#bo`vDoBd;GlUiP;{V$dxmm-`z8LK1Jk}yx8sWRH6ofTBy>7XR} zj08&hGu;^|)wSpd-IA$peN{LuDk&jH+xYFB4vLyB*_Ml*h@S$Gv!zqNPKP8NmEt;( z#XEWRE21?8RID`hkd*Dmp1@8AK?14LeIEl%>`}&p8QlgpK`EQj#)zsDQ`~9^Mt2gA zE+*k=IOuEwyI>Ny1?`zQD@m^cAeHs1m4z~++>vvP`EOSh!7kW}TPO)^ZK=M=D{pk?Zf9HY}{5H_J& zy5mLPx?Yy>>4d#)Vp0*KzDyX29qDt@?NwuY9;W@C^2kIUz>%Pe&gpKs!5wYJ+f1o8 z9pACQ=OZk|2*b1yfyXj9@HbY3rp7~$iO}y6>X8p4!d*1gjv^A6jASqxp=<6+b&ckF z`A-H}QeCwRM{zp{K8L$xW9W;_-i_pZ0RP?y?ak~R@=15%-{wa0IYTLY(!#W*h8xM~ zMwcw!6z5E|36n>sl*%mZlh|{%NG@2P-_sl;Gm;x=iq8 zx@l~!0G6AQe0s3UB>yreNwtZ}JSkf^l{A`*S-AEdJ@(hqXKC&P~@rLO_5S;BqK4aw`kSJhDga_t1E$-qXB?g)CCwTx8{t_kuc(;ujrb zd}Pe$npEBt$Q)h@?)7ONu)sXHUwYJO6<%yJc+bHz$7h#Q@oy5Ait%Y)c@jylW}bY>V%yncz;T45f4vA z`RF@G^ZQcmR_xz=o@tT@}Cr^glV&-{PO8iz85`nM}d_89B)YM^iH=et?&P(=(anB-KuOK_M+>s z7eTC?-CwE?(pKY>OJ|13nSl9d!9zpGi+xR~6Z!Z^2zAKSB6t&m!M6)vNcNc=@`m+% zrq^w)2kDpLRZ&fE`d{w+JqZKDvqw!I{S1c*lV0g#{}UgW)P%jgnny%;iX;XV!|~=z zJRCe%AruTR#G(72r>KF8+9J2kj`=67Fq{FI@^R7Yth=L%lc~7)wO>-5AkX zA&VJtc$j59op7})n%S0j!Wn`*=B@t_mfv-a8L&#!xju zCWnDNvL6FWTwd+&MtprCQBwDxXOozapFPWWkflFtACX2oV`H=%ONb|yzA^OE)Au;^ z)1K|lL}L&9)#UnBXpQfYCn~1yZVXDEusz9|4V+EoFK8~^iF~`MUf0De{fYgdBgi!G zGyjGDDA4YE=Vy!;L;%V(OtMdK63D|mQ`7#6O}J4D(J3gp$yI#BAL*`+Cs4m0X6R*4 zcWV&z#O;9+>$3FGj&3sQ%HD)cz+kM`#O+JoRPt(W$jx)O{zrfV~v$*{2vG$+y6UTpQqP>;22Zkj8j0rC;)xN|>gUL1%!1(T1ppF!` zMR0HgBUHIAmjK2$Gr-uU*S9Bp@$@Hkd~uF}FSf<-#W@DP*wz)k`0OVcU!3zJ@Wp7a zFHmgh8jimE2?LIvW5CfVSZB0r^$122%Yc8HPQr%MUGkCGe)OKUl3-|oO;{GU`5_-J zt)OZRNkac)xMJ16`3W<_zPs^x%cT^$l&ewM4=MrHotGKGd51|4{W++M{2bX&N&d;p_?tQq9*6OYOy(;NtqX2PlKC6i{t@j&~@^LLY?R_n01 zRzeTT2Q&VmD<4#@Fbv`RiIonrjNz$^4^O=A=OdXb&`2<~_{TwXwOp8)>hH3oBadTG ztuM_}UB{&Q9UgU@6=DKFU)|EUX2x^8fM|hss}v+fYve#ihJm$Y-ooUP@ZJ2PL+V@E zXOJ0hAHF^wot6ff%fI(X?#&{&OaynT>r*1Q3euDo!XhdU*BRB@&c7d^ z>V^q>!|OsY3WOL3%mcgnx=irq%=n5;Hn+f6oUG$3CK>cx@^_|Ztj2LNmOH}VATLt? z0V|d;TAk~k*>nBFD|j|nxs=C5#XqQ=f;B5Q(wp}cOs)xltP1xOm|cc@iWiYgpLFk< zCf#50Int6C;OP^J)qRwWKAiRN+=OqZ)f;nH_8ad5a-_`qscQCROvtRp&SZazN?Sw2p@SSyz1B530olG(O zolG|Tozy%=y;`jy${tJQYL`w_&${A7H4RZBf2Hbnw%nJ=(N)MKhqkIRgDv@NIkun2VkolfOCY(TJ4hxZU1dDcvS@vB8A z%`{-v{JE^@@IM~qhD>kqmzCLW^?G2z$jSO8_L}3P{lkFn;HxOv6d+8oK-4GPl-8tQ zmIw{37d%riP)x1GpH^PZ)Ehb77$3!{IqF8?jDcR6*5)n# zyz&CCI%0@By2T@3fGUj|LUpP<%{6*jtN$IHQrTz9``WAZxt0jJg2Zs8gmS~z4B^J2 zG&AfVKSI_R|7*^p0utP%ypsm1Gst1lqd#cSxwC%doba%ieq}4(b^S`+BBM6R^#l6E zBTea_i>FW3)AvnG-$}m(XAUGN(&l;qrco9G02vj&W<1K-(6mT%cvQIsnz(*y2|E;ThVa&WsM-A}k=V(NQ)1 z`k1LCV|EiN|EbdfbI~xxD@S5S^FNoc9#CzZkOjTl;0D$QtEoG%#m2z&%FhmOkJO09 zT>J}Nx3!a6M;H3>U&j0IHZ9hF0tyh)UN8ND{(sSw{%oz&_$fb>ey1t@D|k=R2cMLf zzD68rFE{phx4y@RQ~%N)MHF61s=x}h`lQ*-4xjX0mV4+hbl4)~N}s-^Po>7E68v=x zFT=M6egl))F`PNhQvLr(^>b2Kt(aF@Rv^|H7xOv};|LPX@}K6T_1PTG2;eCct{{64 z{!Dj=_7-{ilCcwojL<6NP|4ct3Wc&fg|E2^L#|Lmu7}i~+}7=`&_>Yr$W=9i_(&54 z;flY_quy!rNwYFAqxKx$#hhp4Pz}koGc!!?IFt0LvBLWHlDf`5z#)b^mFqt9DhoBc zGP%`7G7k&d6?G5Y>F)g+P;z1e2d=7Fy)ruVeKOAP&2M#w+EU%?-qaUFuk_E5m*O}r z?!$X713YN5nihh{AiHXh0|;AZovX!JH+?U}=HB5xr|jD2lq){-%2k?IE^BqmC2g+g zTL66oqYiT72N*?2swKAwzTgM`+@-Pg0sy#1W4%~>gcpoY5AVWq^}4=XdDKzc4oJ2I z+xFBf*w%u>ZnkiMFnOO>@o8SAw9OlAaLCgJ*Oi|GQR48*QBvK_BwJmRUU9U@0F|LF zP1?;5w@1n-l0qz4DsrW zbHa_nWhv{-tlzmsO zl*ehvg+eoVN@YCK+O;Xmc(eBp;x8{)y|Sjg_|Onbcmz_g zU1>sfhQg`tz!z=q{B5qlkxY*??x4pCI7BEs5V5pze;i_oWa-$sjoPk1()QdX|JfDe zk1iOVOH9&&LU!&t4H8;E4i$%8f!&sxF{3S2=Mik}FkqQ!H8l%1wOA?#;}xK_GGl9Z z8C&}ke{7E;wQkK&K_xJSJKn?dfET$G4x}*e6aHGl*gxD>rwa6x7~+7yi6VOgl~Lc!MA&|{Cg&;qrUYO zFMQv>ZIasW3AHs?oAWJLeBRmG1BZJA^Tp^}-|e<1qD@`m z4q>b4)@f+xjJzb&!a-cF%Fy027`5K zh7mj2CcxiCZ2t|2xf^(`jhVtO4rvDL*G~SG2*r_j%kFdzrTSbdzMfBCGmNia>R)r{ zYcJ#Lj!R>P19;8vWIHF$@8G*t5yMv}f+|TRKg36~ap=L46p!i#s1EP)L|_>ylq|Af zYT)qiBEx!E`X?gv3SDWR;F|20&ZCxPc+{&q5QN}sSZROGtq3YZstR!1?gsyd6h7`j zsnL`L4G274y6D0s)z3uskoN>at(1`q?ZqC| zghlVp*L>1%n&~A(f3R-;2LEo@fnZ?6r8{5eVCl{+QhiB(Jon%?xKcOZ+wD7m?wDe2 z%&*nvFC9T22>XL{u0p8Rj6 z`<`YLptESAI$)&>V~D(F&K=;DkA_KQCXt^u4a~5KD7DaqK}N|HWQ) zM#?MPGRj+-RuaCKL3jwes#6&G=L^%s#N~tiX-`&1t^7B|NG$IFNv}xTVkk;OS)*B| z{;~h_$oZX9E;Ys9Kb_+H`x^0G^1;dK@N-@A$0aqil~USxRixl9WB`7UbiV_m>n%Pi z-9IEl)LvS`#t1>3JHW*|o;f$IaBE~LTM*lObh6s-eB4YjC#hrV7}DBu6#FTTOKy25 z&Ij0^Qx1-kX7zgz2db^76PBqD9j#8s$3+)qYR8QoTjE)1VNq4fmVH3Fjk+(%Y#FSn80oopQgWuIOu+D`~Fc?fx&Qanvx6 z{G})VJ86lQrnl-7yv&`1cJ!I+bgR{UJjGGBG(O5o)kipLUyy@W{t!{Dbks#R6Z*JJ ztk}duJ%ypu-kDzcQ@8w~yZCkgtw2Shs81=Gnnu>TO5F0BXhJ%ux$3(josd;oC-+4J zj*uJOq0d1|xV;^qBmG+slje->&D|q^rQM0>ZW%{!Z;2=hgo{%45M$gekIC@Lw`XL! zqnmK2prs5)^y$))bI3-4JOld=5x74uGB?4W;$e#AmOnyE`5N^Vse+Z03nQ|{Wo;GO zX+RA-_Xtf%yn_8lj)VwHb$Gkmy4fB23}DO_?UzVK1Vm>$k5Y|yf1Y&TBbe{#2QMzI z9&}k~Z<+e=P{WD$Gkf*r4@@hJTL)L(#T>5_+kJ>zbDf5 z>+e*K=%g2{;V{ zQC{Lz(@w!}&8>_&1q?fEuH~(6)sdka0&^BYFkk0YN7WOn!6Qdp`LDb354wsEN&zzV z=~2_jZXdA>fRtu!sn`BUJHwd2fr~9Y;H4ubZV3-K^sDS-b;L>@W<$Q9UUt;2PC2Tj zP9v~%;m$EpX<116BiJqbQr!8wX%e~e-x@={@QL)&;Dex8_p9ks9mZL!J%zqg) z5srXp$ld@dv|3bX8Y=W22|J2Kgq6+B2awAgTpXuO58s5W?7W(V z%W-+L|C_z-OvEduKzJOn@iD4~Na!_M=_cIQ9yK_Q@3C9dF1Dj#h_tke0J1s1d)Kg- zCZS+>r|%M<))H%v(2xzh3J_YJ;HB!o)88H@PRG~O4TV%w;DR6MoR9JY`9yZ<`J6=g z5SGjw!K0?{LjUE)z=^Q}8}4U`ftuAzgt%fM|H~n452I&$3S}V7int(OJFm7&ZRHcQ z&!CeOsY8IKw7r2Jb~l+UA1HFGB~ffgQh?Y(Ued4H?WUi?%hc-=)iJBva5S2zjv#?2 zrWVNqhPkaDdgU*{(j8%!d$|;RBM}~^jVrJv&0Tz`ashVomnLIU5|BmjbnDf;-@jv5 z(uUJzz>f4s?Q+_14>_Uz+ASX=!PnD?{79U5&ZTqc2yJ5pC$Dv>rBS6{K<Z$Dgr*Sb*`@_(slN%33KLmLs3Y+KN}DuXUlsX4i#IjL+sGuEWc zo}2WC$`fhQw3_ak^l44ne9RPn}k2HO9kpTT_KG4%~{{8Y)hB45Slk#d{08YsK}846;h(7l`&O{fXmY z-P!e!r1adFadS?jG5xx2%tH&QF{b+e`9#KJURf_c{Xwc?fr0Uh2n{wc0c)UD%s`CoW&S^PQM{(Q4TL&QF$4#{JvsUP;w~4{saRg)hn3 z`d9KL>CoRzz9f4a#-rJav^uaiqLA@uJmTiZj}GhP-`4O?$8HZGAKx*oOXqZ~o~aIW z?ciJ;c*KR?Uko*z)5ZIPB&VZX(U8$EU%eUcm-pZ7BzN7VqiTz=I}BWd@I+JQX(%D) zPb@FhY`;CJ{wdru-8$FX#zkkn%_SIKf6tEBANjAn#FCu9N9k>+22FIUZZr03cH{blS-b~jfcNEt+QRR9Q$xPEprX+6SeC;`L*MGXLZ+0nA zgi>^u0_Au$xfIw9kd9t|_78XHb*clOk&m33;2$p8-g&l1wV!0NcRuQkVO`rhe}?L* z+dE&Rzn2-5dfhv5N*(!5GNn#u>*hqV-2W!x`j!u$SqJfmdA!uzL(TTiF+O=W#+$(7 zH9hfng+D2LcKr8G_D^^wHRI>_C)|1W&-G8Z^zQEb6V9W&yF(*hefJ6YCye16DZ4Mf zg_teDUsiYi36E8E_D>kDGFe^j!vAD&YvnMucTL>FEXTu7Z4}8X0t)4lTYqg@(C1yO`r&|*kuiP+kiv6Z0s*cvO$;$LWNkE zsJf|^y`97`SGDZ)gpw5Kp2u_#M6_Ca@PlG&cR_;TQpBurDZdkrQ`CNL9OIh7cm&jt zmW?Q6!oqnU?Jw906?aZTtau>FJ=diF`XjJ9Ni$4vh;ExN>`q|rg~XJ$B#rLxYAU6CFbzwEZ9$_vfgPiQw0Gylc06N!C#ZL!v9w>% z9ACepO`VqZwqd5F{e!0Dr9B_`Bh&eY??F|*zEXxda9mO|1{NKs{czL zevB(45Ow8m;<#yc^DT`F;d`G-w^ZK{XoEzyKl4>LRjqdl^Qozb>LGwOfz2FwQDePD6&+Nrg~e^wH-~P zEDG@cFa159-8JUy*xdCnHg`SPxAwRta*A(l)Dp2t^_#|8u}-fgNnw#gl# zuX3b3WG3ZNErochZpz5I$rpyclS*p7w3gH@9OaWs5mpLfr)gA0H!iwqP2>SdKZwWr zBBB_%im%O##Jr03A1uT=8KPp!jI$Z`9>(QV`pJeNWKj?XPsH~Sjt~$_ zP0Xph76ERAT%JmTCbzs1TyC%I3t&Q~WyhqeI>^p*|= z0!!}=V1GPs?2+nsxNaQq2bcAIxhcADsZWO!HS6$0Ff?q7+jacm4%HqV+KgUrQv{x2~Tha++^lmL)QPz)0^W z;j!cjY`9SqQMp$%Nx-OYAR<+~fmtb4W`K?Cpj1 z%jyg4i3S>CX6nz5mw@cg)<%fz{SIP^l6@r3TB@xji^@tVa8vWz42w$pwd21Nu}|?@ zL22_q$V{WN5IG|3vF9ZrHk0IgIVooOUT`VKPXKAan1Yl~t)T%G286J({Bv8v8kyY~ ze1O%;d8ypkuRRL+w!T(Av60qCFLv52S-eiiy1*uVJj#3khi2vYkB9F41tGx1e zfE}y_kFX4)lZME6-9C~MoXxycRk%vC6S^))D-xKeR=sLK4LIZ{PouiZ%Lj8j)~zNE zWBz_me!IuIU#jP*uF>9AQlJ zcxTTdBt4_&`h>S30;A@HfPv&!z6FGSI^YU@m1}>&YL@}3@s~O3yxZ%XK;OuB?3BH4 zlf6Aas#@go&mfeA0LZyr-&IsP4gp{_-6^-&<@dA-HdTtTRPJby)&wbZrM2=GXfd1p z!};_i-RzNmg8kE-IKdiJhG^7VeEc5GQV#AkJ?ia<8XnG45X?a`CPI>Q4DPkmi%UMu zj15N$X3+82kks1um{Z;w{}0{+O|vWRa&8moce+bppM2)ngVp#B1Sbm8a?bln$2=pR8Vo z-<9V}^;O^7k0|zF=Q1EAaRc& zpt>+y5uux5_+R1;{rt3eLqCf{d3yE+I=2Y3A5Coa!D6xw(!@3^=)cC`gSv1$aQ6UD5X&cKeea1syDCKQ{tHCe;%1 znO9q4(!Q7yeu_JRy|1H{yz~Vb(WA1t9c}eup7^x=u#N7fq@{sZ5Yw_yertQQu%V9k zBS_DtYd2N3MZ?dd(}B^QF6Ch(%3CHbYC+1>Y|pnY%`_lcpKdL(XuIFcwa6Q5(atU0 zC0TFcs~$(YWkw%z3t#)R2zn7g*doX%0b~Mf+3fNHk76&tW??V!$UKJVN*X2XSwSAT zrXah|<`#>6Np{ki{F^iRm6SPd?L_9{h|Z=#L`oz{pn7pm*9!#9*|3e{#Emokmz*D& zsb&Cl5t;WE^S0a-YrY?szXRHz=JcV#o%sfC&ugfy!An`UGrj+tJlus_*^b+?5biYS z%hC{FD1C8Er6qX)#~k};a}n*96LL{C8mAP!^)!A)N7n4?uLJPubRDb1GKvquZFD>J z@@BC~@=hr8WF)&Z6oocoYJrguqOx3%KG|9Sg=|iKcq0}LCL<;Nk=JAGxl??(^bLc2 zu`bdo=Ta`(*Tgl)J*&ydzJp0hTVmAtjlEsgxx6S=;giLD0$0(=_NIzZPxQEwB{!J} zdArv=TU zdI=?{55m+Nh@PseSe2E{-zfg+x|RfML0yMS(V>VW4FSG+Lew#obPy_MkhapfN#}E< zN)_5ltbIW0uR>eti^JRPaueW0FE{B3bbHN$Mx4r@bE|2M1_XVD34%V<2gK-usMk!? zs}ktE3E8Ofi&5>?xi}3qIjcn9O`!8FVd-6gmNr*D*euaZmoyF#awph<8~FT5iwwqm zHWtq+DNhv(%`&mjOvFW+>@!cyk+M_f&?%_Ew1&|-tJmlEGuVs~6YJv5bTUse{mMfV z{+tjGO+1<@@l_Oy{KkYmkC)Lq7eu3BGFa3(0d_mu#=A~;F{Psp$GM0;u#ME->zE>% zX*b_E#1fgQw@Cyle zPShWTv}XB(#(p~BuC{31a^7CM%J78ptJ%QUMSq?#ZTvmVhQJM7qAOym(}}(+d=4zK z1z2gTbESO0jm}xRX=Wh8@3P{IcXu|~(mcr_9|=WL9dcWs1=sO5T*p6%9TqXhJ=qyEfinM0-k%&+P9 zASiMH@tujgsCrjv(>@o5wMt0AsQ`u0;UB{1SP?%mzpNk1FXsPXMIw?rC)pnKdHA?p zsChKdlyA@q=Ou6x7jLF4bX)#{0}4*3T0$&N+!)7^1>fGf^E$EzQo9xBYTY6?4*r`6 zLyG}fA61PIw>1(%PAO9Dd?TmFL{9CSNBSw~^C(&nDzF_duR0rwpm~G9#yXBB%c#r@rQ#`WQL=EjgzGQ%=34 z+H@nQ5hADWkyAf&PJNA>W+dlSWXdU1swL1U=d_Q{-BkyXQjb!Bd141P6v=ve{)V*Mo#;mNvu;xZ&OZvq}p?goF_R6WHWLapP19^ofcD0 zSyHXr$Z597>09Jg3)L*KNTJ@aH7CC)`oK809bdr(NTTdtD)Zdho zB-O4qa{7?B-G;9rk{LiE8TOtceUSbbGQdi7GWJVkIJX`B772wHT6yV`YWL#M*~RjO zI}HN#C9KS}gk90a61K^1!OBI9CNFU~@8WYp1(vYO(?w0L0sr{!G$ef2UULKs7;$S@ zrM*-{?Qp4g16F>I5jEW|AGe3T$aMBTfCN~l!nDHk@+cCtBS9}yf(((sCK6ydT5BZu zjL(Y=rsW8YTVwAPYRR$p-WVnUH@4sg-h$_1Jz-8Cwv7Q|3;z2n30v?B75Y8kSw5@M zg^;)5n1y@bpJ#c=x_@~Kc4F+#6}Sp7D#NXLkvRE>t04)}fzqWZj=Iv59CedVCI_U} z@GS^(7VdP&QxXC!;W7l^F18kxqr9C@)BSxT?P`v?X`%4YZi7qeszc!v1e><`4O6>5 z-*@(R)1WQ>s0)8LX3aseq2^MoY?G|G!Zrs-pb9Vs7Ut3Ya~xX~2sE%^yuZ@#OW+NgamH+s5k%n%1a^>T?%7GfT44>2|aoJ zY<vVtb9SvI`tYnIR$s`cL=Xz?jXS7ZYMZ~ z4kTIJ!A?U1nt)2X7q^MuY~fhm?+?d$+L3bVo6StP`}x~m_D|EM*#S!ez$VW% zdP=T8-y_dx^~lv41XgS^!lh2m(Jm#Ajub_i*5XkRsLW{PaSiQDcgcgXB-~`f%vxZ> z+X7pTD_WYT3!M$+QQSH&e}-?J_dH`jr`J~KIQT^(WaTpkcK63 zxaMBZPRfO>R7_lfUthVBJIDK!(QOy?l*X^2NV?*?*CmQEon={F>Jt3dhRtxZ_5qgUuF_HTc@SF*??;)#;c#j9;4b$%T4 zohyuHyswqtDVlLM+nKsvxBdy#5vzoUl^>vhKoci7P~?ywW-uh8zF&|kKm z`|E)<3H|k0+5fNp`u?^a`s>}>PPo6`xa@@c>-X<;(OsV>=99ONTZ= zuMa8IrzFnmSbFI-Bpz-g9&Ts9!IZd++B${ktCJR!~c0g|qOpxW4G*l`i>0TsI~F?%APvoI13E5AEvYqx2CQoM7es zi6{UVC+uqHK4r3Z%$w*ahB%(jpvOE0Jq}|SV`!O61~6t!RCm%Th?aC{g-@DUI^p7+Mhj8; ziwQ(K(4#Lz_x~h|?UAQv7H*B$ME)qIDpOyt2=)6& zCs)#OvMrr-V)~6(1VEyhNfp5-=cKN<=iS)XPw+SQ@9jU?A8T@FG)(+q1<4cguei;t z+0olsT~q4-yVP(J);0-=2E7JTISVh~$(B5BcyBx%D+CXzPo_P09Y{8u8+ z2)O1=oma8C9*CmQ-Sc_8EBYX;pr&o>L?36le;R$P(EhsZzeFEx+6vcyjXsK-EC0tM zzs?G^pban$40{>M&Di5uym8l=f+~hUc1#3ASJUE;{T~r=;HbQih~pvN0k<%HRD0x` zW3*9Cw9)Wf0&Q%cpznNlv{lag@$^B4+`MmgCJ!0eM!;kG?#GeGNfUaoubMy)d*0|o z4+AIsRC-X}_^;8!($W*4hc12FGDl_CJU4?@x4GoYZS0wuP*}&YlN=X2i}u!UczY42 zC-pKMy}-K2ZzqF7{&QUNbvE5*Ghf5^J<8X%lb7S#c42(}u@aA(HDI~WZ>G>v3OyO2 zkrrJZWU}qddMvw5os`(3xPF#YpG{nn3S#EWa*_6#Y-pWiJ@!~k3r+u)toBxk7=YB> zg-2X5XgB;NDB?nC9 zfOJ#9UJ78k5L!9*<#DZ?^Owi8atuwx8@?N2Rz!WntS|W2#|`bsu!39@>2al5UoZ#! z?!iQfEI$l{&cFy|{)0wbC_Iri6a~?58Y2XMh|Edzu?p``>hH6uqBBwHf8hhYSI}1= zy-EE<&ARjPILVBAJdtDsg7K^+!wX6mqC{Y~f={@v7X+8O!`pf(A6#iU<& zwn_gJzqL_k#D5F@%X-qkETNhx16~8AO+%BtN*a)nq43pTn0k!#Lvnlcjj`U|qqBg& zir}(A{tPzd;4qn-S*ccTtAIyVn#-J)})+SB<5IyhVBqD!@z;#1tW2eXgS@XL{jT{!aS zs*I5otn}c>gIwFPBab;)>)eJTk3aK|$t95oV>P%>d@_6SAY+^cpPvdf#%{x<CL>nG zxYX4yCIJBZ{A*#KeFmbHohDFM7|kI-{by7&LL0caepG) z5F9?4y_+}U4!YkoI=d$64n?}^riaIh2Gb(pHWmqYe36)^hm%W=uBtml4=0}@WC6=< z@+q>1e+!=?&BuD~`2J&i?)Y!V^wjZuU)B5D@UJNPy76Jr*L#Irz%G2)U&c~x%Z717Vp$}50k&5iU%eF_M?I^LyRDO{kSLWZY^eff^5c%A@ORJXOfaIZb)Qi zM)3k8+YjffWypoxfwa0t`!#>d5Av&6)`KxDp)ssHT?}aQ7;0PoCy8s;Ex+ss>i4@p z{(q_8SxNQl?!IZZH;=WyOt*hY%fCHGYG%gO4TPjyX)tJakWDLJxwvYUxYetMr(x9{ z9BRpwLyNZ(1I%8t@C;lsr`jY(vrqP}q||H)QruEV2zj3z2|>H)Np7~rkkR{)HdYEggYyuXma^!?It-WDgOA0`ZnkUb#X3LicZ4I7 z8zB)Rn}I;3R|`zu`!2aUmxO4eOLGAcyUg0?oNT3^N_$OU+eB7UmKDdSxi(1cT z$`P)>SJt^Fhsh!BQZLyZ_{u6RAtC)l<#!>{A&M+D&3ErAmt4NqLuU0=C!G$X)YyoT;`|(BHy4FdsAdEH>%0W zni#hZ z2mKW52S&HbUi4HsLu~YKfEsvP$iAdU^#kQqy;65T75obyby|52|DN~NaxzA7g-3BT z<0RrNV!_XR!r!m?qm3*^PzbrDDDfyaHRsfow>COGRzsjhc0fsUV|f|=k{@)x|u|2z`Q z-T!j97}=XDuu^*%^Rn=R@KDB+rLTO5F3CKOZ(f3#Jh;*6wQ7%#9Ab%N(`!s_c)^7R z2l&MJzeI|J$k5FeGD&K`jMuia-oerzln;FHC_#kvwsd0q^_)IXUBdM-MurAU`^!kG zkEe5H=KZ~EeS&HaDMNOdt7BwWyu=^ZUTMv=$u-rNSt`%(x+hx-+oN^Uyqz-b>e~tF zM^t+)xY}Yx)RtjBcgYGpf%6IY0Um{IkEhM;L(3E$Od@Boz;_(!`KFP9Skm*wOa|nv zBW3PsooxJL)GRB*bPo`L&J2eHFF@_fR1yV4lwZ9fz`TKPZZW8-NOwhbof@S_hW z@W`Jn5S~hIH*uFjnc1C`n6ltZgh?8GI$jY^#R0FHW6 z?d7^aBf8C_{>B;~sx{Wy2LF1BC41?>pu99Cgk~ zt5Uc{E5iA7R#@YlL}ys%0EZmTdrx|(p{6}o`oqSCy{UCxZ|26ja!+9cQeB2hVsaGW zb#mk)>I|vgTk0Dp_p8B+3oo9U6hz1abP;=79%?vkvf>&IW0mZ8X9l4FO(G=9>O=P`xCm*5W?LbCy&(WiJu z3?s=n33JDM4V@TXTZb0D#eijmzu0p5b=7*pe)+E z^y#G^T;I4@W!z7euXI<{JXE#IEKj69_eOejVFK2YZ|#|u#T|4SpMNTLxBp#gV$%E8 z4!6j!ZCczh2**qRf5;}r22Bp&_5!zLcX#N%}Fki^3( z9%qP0ws_=-M_=*yg?OAM9w&=OAMqF<9s|WAS3EMrqnCJ`DjvPXV~BWUiN{d!=r0~= z;*lyI>GVhxXT|V7yQO+7IEIV=z}KK9F6(xIst6N^l{zE*AAZ4YguD+C)IwZo*5XD( zEM7#mhIjDGXfS&C1(%ao`6b;FCKrUhwYcg$$1eqz@Du!ktI=Qi1@|G6e)`th^()O< z+@x6b2%R6fhx#{CNn?vE4Tdc;)3+8^ksEw#al5(Jw-&dWDb$IPGT&Oaw#Fkax$A~Zjo$tP} zpX{-2B@14IqNXrgVp!Ci?)!%l!j785_9TW`t){S-6T?QE)2&Dh8)FWuO$W){+=D)*QAuF)ZI4wlXoSpE>Mz ziDBoP!)7Oj<(R{+N({>|hZQA;4K;@iP7E7i4znbNm6*dmdoUqvlsT+9F|5NJ_H1I9 z%^bGW97ZdHDXh{QR@i_Le7rs(Gdr!IbnL+!me5nh8`jV)@rFe-RlH#pZD-~UEu-Iw zH>{(di#IH!ABZ=sq`cbNX(?s@h;~{_H^l7Lyd>VRnz90{ot9Iw8Adg*gqMjou&osF zcBUn~SiE6vy$260u5UujKSYBta6`aU*cwm8@iU(HMGB%eJapQqCb{rm9WJe2I zHKXvrGJ75#SZB$A4HnuVcwnW?!2?TeHXc}O``}DJE`@+F4G;=BiW_3KJ;sNU{OywL zorI%j24lj}lKbMq(J@;S#K~{O{aiCT9LK$Jh1!>cb&w%B-jM3=CrgkxAeB6j1Su3O zJsP?;WAoz?p@I9t*!(^+Hov!x&F^(%^V?`_e(ZRYhHRCw`7uk62JA6o^Wzbr;bP}l zG+F^;^Q-2~Z$58+ck$+T8*h6vc-y<4x4Nr&tGkjnIWKQ)6L@2@^TsxsH@1s-W4iz? zCVQ2UvjJuWMDhZ*5!r`rL}FlVyj%9+eKL(^q_O|yx|Hj9|I0P)fA4D@!i|;`WLd6y zC2MV?2(qI|IwNW_PV+oQWuC)0&7q9bJe`r71Eu;0$?E3fc9Vt5kWurZ|XyM z9A98j*&s-T15IT@c%yy&smN*B;e2l(S?=IA z8UFX!qD8%Pp-&E8OxHl?J#ug)bLKWMbHNrQ(UFwRwpH-!5%H@`{8}k~v28dT+kn9@ zGPXjN?$~64yn(DTd6ikX=^wL7_dmca0M1n0W zpS?aqN!-4nf_}5nwr*@p?8~JKPpgzCI%)A{>bpd@k;;59@JdtM>a^o-d4kO?U!Q|3 ze}DD~xa%ORhAgjX5> z$;PIJB-=7EWXpN1vZs9^WtZ=kvb~Lny9OMLs@@1Bf3ePc@C551NXid*1s;&twiW>w z3=$|`7%5<9ez-ax*R8FP|Fd8Mw`0l>o!jvYTU%1u6oxRdB1naK9#yC!)0k};6PInd zpsEDsM|dL1grz(E_Yf&L<^7!Z4CJA6qlWh|Adg;z!bhQS zhk}Xf0%K}R2PLM`i7zELi{iJti{Fs~e{Ga@R+N#MMH;}ziEFX zYMM{tXOQ;|PI-$SC{}kt+E~4aqY^JC&YNg0A%jD_khs)k z0u}3BWnW7JtUdC}T#HlIBAGOG?5_?2pRGAYzojKT)9-a;e;C9u8N`vHIH${{SD@IN zd~)d&mpYl+waO`P)=N4cC6V(?tj-H7eA2=-wCVWd$7n;x_cgT5IpqJPjUl}KNCJE7 z#=+hC8!j?zUXUT-T+v6=zAEkb`(!eQe}kY9r~@`l9Nr(yuVw?M_n$&`GrGt?RjGHh z@%=lZkq;Sfh&v?qj>$OXxNl6W@mL$8KsBWQvxvU8UgFDS{zCY^@PBx7PcMy^@~QYz9RIRI zd>O%Ch`}0uReZ_iFO1uHPJFS&Q~gzZNsWJz#g|D`+xg=CtNF3I-6p<#Fh7>()#A(R z^J6(o5MOr0<6I=ZJc}>kGsXK8@%X2TFMr}M1n&!{i!Z;Y_y?I9(&c#Qm*UHF@mjqj zzRZe$*(AP9kC*a-_;O`D4tw-b(;e|ItbnSfUljWiS%{zcu}mVf@N)=$MldtdPotNq zc*&uc$$04(Pv|sZH`C7pF&H+v+vg==H+Q(exctW!1HOqUAI*!SRVkG5pgT6;s2%sm zA+2Hj@Gw_2M9ksw226C~eQ}uR#dwd{3EgXirkO&&3C1cyGbjZ1tK=k9@mM(y5xu##6RJ4ffQ6wW9mWEAyFb5V7%q72yYZJUe)o&C?`82)FjtLw`D zjHNE_)#LlRPX1?%F3#m%R0oDc&u*+Ufy%W7FAqufKa=D?hvFOcf4(k8Oa@~2nT-js z<<9aid65`u?d=DLSfWjSGOQ4}fUPUEn+khAkWd(KIAs0XW)udJ z?2Wh=;MN{VdBIxe8Ga$*!xzUp`Yfsfio1}m`=U>7K#8n_v|qdAZYyW+Vwy0jI#f^N zilOJU^W$lD>1l9uVy74vrEn{0OH~JcTO*QI#FHL;KqOTk9WDUo@6mNG>t5udrc-=< zIUM*t-i@`Toh*T^LrP_G9$GRAt%}sdTlKD9%&7QU^t%UQHN1=Rrlo~yINNB|>w21* zu`;xZc$%yQB2AT{4PmtC5j|OzL8p0C}Y0Iv${_yz;uDV z0Q6mcoNf$r(&=i~OJt1w(nUJ3fc@dAl=Q;8M%9dx!&+3fj6KU|d6W`-@M_v1s$xz; zwZjz*k8&jA$4io%_fdAI=4o5ASl~Wjhiq8iAGzXs{p;RVh3YTli zP}4X!P^2IFP*QHRRm$W_o z$<AM;G+j(h0vLe&EmrOmR=g;aX7n!w(0;V$N zb}nPMxs1y?l~Hb#q32&yoQlrIKGP}YxriA%N1Dov-rK3nRqH!zEXC`e!Ub%;H@Se< zUW^y;?Y;2=9_w7dWt|I1FlB?I(e1;@PepYr{s3&;>w$lZW6#QA`t88L?9r$Xr{D;O|1u_xpU7cY+#YBTX75r zAg45kJfx=$CyQ5^uBHsWg|HEF84G7i3l5^vtaRT;U<*sLvhEbmf%EuD>(xPN*5JPQ zb5mck)E4ncM>RaZ#}iGOb<8Kd-|mwt@%*3zzrV%rFn;6t!B;*has>arM$u!C#iHB$ zf`~)8uHt6@Q?BABsg~62OAa;VRN}vITcSGkA6^EI5-vG zK1B^$@ch~*eM}|d`3aSX8txvE%6Pisjs6|3;&=U-k$jJ}731Z$9$yLoi(2+-O~+}{ zLmM0Rr2}Y^?NaSzlG#(->fehl?2UO7h^G6UYj2r5*MDKEv}RITVE>HXp~`F5-ZJZ^ z8O9f1?~s2e-##NA7ss73|CZZb91Pj<{+nD#a$XO^V6aGWaOsE?n5rT!KvubMQUrkiXc0c_n2u=RHBnLdF14K#kn7L8GTlkJTfM2j== ztwggp-U!c2*jAd2Jthu=+^!X(0>twuAX}lt_$cYZCQ}kWydsGo-XPeel&P);<+g4I zq^1I(EzBP8Z19IFa2D3SznyS5%sOM_=|2S?1>tIoupCZoW$nCX(rMhlmde3uCJ-@F zu@&grg=F1R7T;w4<`Xu}&tm-7>_q%mAARQS>dzce!6IjlC`~oN5#`k2dvX4@Wo(Vw zww%QlNlejvlnvf3d6t31!zZicz8m$g(swoQY<*Yzus6z8r-4oAtfGoEI%lJ!zB>fM zSuHR)U@j`vI3PbsGOWU_kvqVwW{x?~x#YQA$`jSf6V=KS)ylpq6P58~qBd!njFnop zf>2u+eheaKV3)ET!@r{f<1Hicn3O#!Q_3FSUbxjGw@GU-r`n|2TW~-0s8!ZlfWqk{ z3KoGBByb2|S9iITD{XoKk}Xxr=j%d-cLjg^AJ9maTUvE$K+<8zQXh-^F2&$mw zGlinTRIZKkLJQM|gFaUXZ$6Ju4#83EOHCy@mh#!8H^@}?_d;c8E%nEudZKVI#wIUg zt2~Nfc%LOJ%4+uCp*pt*+WJUKNL1;NwLr@!freKDZKp{~NK}bo3y$thx+BNVlWOS# z6&}&MQ@NrtT4qMBrMAJNh^hq@EME3Nd+z*G9dfg4odv=;UK6B$grp^RBG8H4>qy4} z6=VzkqnD91MheblGF7P?wKMN#pG6do8M;SMEEg`y313AdS#xZ(RQnJng0uD;sqWVz zPgAe44fWbGWgoET($jCtNls!WLgWF%T_g6JrYf2iv%_yna))04JrFT+F zohJoZG~j?KI*TXO_&l0X+2e7r=C3rPj_a}r({Nhj3&*$dg`?vI09o6@#Sk1Mb_wWM zZ^&LWWGgkK%xH*5Gz8=$oKakv2kK!7ho}X26)j|frf4mrl?(e9g3I=ts{iV#PJqB`rL_<9uDZX`G2d!xQj@ zHrex1^i7t9Jz|GR++Z<|{D{%P(yP9Y#_6DARx%w}Pn-_c8gy_pjp?8{P6um$79DKx zCD6f}7M%_jrvI1efVT?+cCa+w|F=^(>*`=4PGCG9;!qaMjGt}9ntUZrJnVf2 zyKa@S>r#;B{U;wu!~(6;-H$wmas~4Q$%rEsh^hpy+*+F#|H{!N)6f?)P^BliKk}Dz zcKORV^L$=MrM%}jb^db&aYu-{J0eiRbnFjzmf=rn3I6yB@aMW*{F!3IpZ?)DQ{pEn z5TKZ>Qtg|arZui*;TJjQT@IN`#Kb8}n0Tjxrxc%f>u&!U6HhZHUckx|uPr|Dw4XKc z95*IRysM72iHUbg%70{6k!nAoS%`XJ2QRlJUTn*>3XWEthvBd1Z{@^Y)XiKfUY)}j zzPk;OmDOFYyr;ZqCV;iK{tNFN_chUGuz9K9KH<_Ck9LmOe z2}{Kn?8Teu-rb#{ulysqmPn!LLk@k&HGSwsAIxrw4t3=AU{5d+AE6(5w3BRv3+fVN z@dNsYUFSFMt&XU%3|$;197jD~QyPP7@US)p$v8hA_ebsEByhnG7y^0;alTY3LLp{~z1nWa?lX8tJ6raHQ(@lxG^E$c( zY)tGqx&dfg|6>f@Pssd-`%_xOd1G6hgzLV4hO}lm6>>v9i?y7{Me7yMFB!3IrV_o;A4)m044vR`!{+;ycFelJc57SkNTyB<27LRFQK zh@b82F6$pjAAlm$zMN7CDPC9``$c;<*~aDby2ZS>7Iv=TTTAseYm;6e4tI4kaVh~T z^6se|3tq!^4;iXzayBzBd*;;%XS=F{e75u7V%ot+9n2L9f8_Fv8`9*YD?-dLHx&lv z`wDIS6f3~y&5+0X@08X!->7rGMg%Vvi zqI1s1zv=i_hJUz7;p&)=n`AyNmibN!Z^geB{M(Ly4fwaprKH+lWf+Q@wQGh+zk^IW zUJr;Qqutek%jtcxxDsZ1lzVeL@&>Xb;$9r(yTB6GM^J?$KbgHe6CN=#B<>Y9{l@8h z7-s&mxVTv3XI?>gBB9JDWdyXw4#O&Y7E+h-vN-4aU(l^aK-Ghj6BHXR71yFY#BRKW|C`MUQROuSFA6#V{yA@+pbqH{FcL>Mvg?@y_f-n<}pI z%lMLITTVA=x@Xd5a|&HHfrbGLI&uRUPrVM3=U02{P-}7sQ*dku*s>caCy&Y*#=IYr zUdwO#8kFE4X6U98xd^>gFGPaBip8irm25RF-c0nDu*|S^nuRuHd~P>(`zj>@B98JX z8Co0{5jL;@D9c#&2-YlOo&`QpV0j>)#Qg=ze6R`3bQZNboFYcF81Q1 z(@CGNk4MQx^PlkzY+sJA7!HW(c;Hbsu#aM{HAEkD^`+k2-#gZu=a|@dwU0APTi>A> z+kMWrZPBoT&wB5g&mD;|k9|WMP^>F!4^SfIMnG3bl(<8mr+KZPyVT`W??!I#=okfX zkM7Z~MWwhq1=@HjB-c}HB5rOhE=9c1h{zZ+om{+1+HkM3fF#le&GZ%V{5QF+WVBk( zYpjX#xZKY&MYOSO(TH+#49{^Rt2`r4yVjt`8KifEJFvOHTl}>YEFi@hl31ZT!#5sF z!0kWtHSU(@V(5Nb5yR|d9h%CZ%lk2!mN<;K$fQkLf$nNrEU#KS`X@W!67ve_s^`KF!j-NrYtmvc&y`c5t!3yzWtM&G81m zk!qjkRv5NgKriG;F6@eKWf#&6!f?spuC2**2euq{sk1>T^ATlMja!Q`nNuy* zZ?fk%IOK*v!*RCp=ChNF^YPo~U?m$Lg`B9rbbl5C(jZ*doYC@mqS*YHh9(C93nHL*a8TBFg(oj7e2u+^5YcybF* z^TR|L3(FFg>j#Wdew!u)Zd^K_LuTve5b#mGc$VYawCTy`5M>$=vEu>INEHwtvXn<% zoOHGdw)j#xdOn%b!zV-xG) zHR^HCPpt=rV~=s|*sd=Jy(m}33EHZ_Ent(YiS^*Zk76aHKBaC9l4=?HR0_OlN$St` zQ0Bk?Re4wv4z`22SS^1b|k^EKpT5)Y|jvNnmaS0KDVGg|BtsXfp4nV{!h9<3#~UO zXaRwORa-%A6_mO*(3C_HtO$q;i295>)Y2mOM3%JDycop=efso0^||14dEnDhaBE7_ zQUob2`&#xJ0<`QcOY;AonR{<;(iDm1|Ksx^y?4&snKR!xXO=T(W{fH=af~iw{o+bG zK-59I##o^*-iJ!cRNZu?hNTB8e9yd`JASW@w~ALdZV&%w%{ zigZ#f@TVFL+vzwA86QNI--{|9o-0*7Klh1OHME(vb^3BoM^S^I!Q0e++Jo-ydgYp_Z}19N&H(*`Jt3x62a9oj=krkQe09p#j`Mw5iLQB1*iQ1g z^X8{#JNTjRH@E!h?=ee`E=-c-la)%A%_+OXmFhh22eCK@!qr+IXUeRaGLG)^5U5e1 z`#hRVL5+!Kx73*2td00~G7sICWVZiKR~6dp&5lfq;|ZN9b4}sZCi1IJ+hELW5@u7I zXNvB_Jq1nnCh=fXABd!`Jf=;pKrbEYWFrv1+*N5{LI3CSkg*{J-> zElz_!qmG=}MK^t^Jz(;$Ag6P)b_YAXvXUJMo4HMxO>kQ>_X=}f56yELzGOF`wYp6N zZi>vAxk=oEsg23;Fy<=*Z}i;7Rwr7__MH~HC@u$y6)wP-V0(;4j4uWsU^Z(fX@c1q zJN8~`#%be<_@P${%SIS;jom56v#{Xvi`%|$#2fbhne)64QCmTR08i5?4+IIqzF|Rv zaB_zv2;csRYwAWYw|q=0?DfX9(^E3pE{U{eBgSQVv*RZC%-%s;&+{)cVH-ssp=W4)5i`m_l9RvjR;cjT?vMuG=XGD%N8%eR z!`x@b%wrDP|N7$S;Qg-r_Rqb*7?>&Jl zGL$`z2aAG_6H(unQc72V92*sM1xVsgBRN-zJ(=dKt zVKyMYCyu+uOE;kKU3r0Fg2dK$|RS50zZf>XGXFqRx>YANjIvgf215)_T_^-`{Z;3Lu^SetLFLjWhddS+Fjr zOZL^0(bvyB75l<1LTLr@J6dH3tAfqQtHW=Uw-bJ~-WdEwXOx#n7b#JSY^#vrdNcu; zXvNmolhwRy;!)nOZrR24>4ZY@K}Nbzrr3beZ_>4l-?#Wyf$8YaY57E=BuN zMz$M&eIvnjMWlZOViIkv6b7JCajyP3B)%~E?)hV};b*wL`ZjuXS! zVi#yVR|L1cv0HhY8r~jSCJurjBdk4?pYH?38g?&JtP&^|-kkTU?mwBO-e2N~_ax~8 zmz4bJ{c4@ZwsXJQ$SutmV82=dQVG9b?Z{^70*7#$o7NKX|7gG3Q^@Pj?pM2(z75&0 z)*WGy?^oNksTCLEDujhdm3n{EmGU;7cSi=c>DWdpJp*d7Szv_|IYp0K<=cND^(T<0q-uTB2X>WowBkxMo%h9S2E&>2R*XA=c`g zD7tNvHoPH5bYVJ$AVoAkIZ;t`lp_8{YrGxkFPwSHt?H}fXz`@lF#j@gaQhFMq=q|! znxv);yh*w(;`4M-Fz5yH^1i8Rl=3zx1Cn#E*UT4xIDM}5nseU;2##|w498UUPT>_A z!BH6#k<)a#2=vVDL1j$fWh^wS_*}LgYi(&-)%n9YxqXxy5@69RWv| z+c(3t?|Nv{d^)4JPJA1Yn4yS&Ga0Y26qy}`Ut_50nEt)P@{`p*Cd!@@gSqh?bXg`d zjoU{g1>Zdw>W=jOIyNQdT%Hmg>^01MFU(o8|MjZoilOImhl&5M7S-6FkNcVa#RXec z=?|Ou*xjrC0&{|4DxEdV2I-^o#3nY4lsv-O z(vs}6mghOf9w;s>J32!WE&pMBK`x>+c6O8ZIa$7(u@{eEvR4k-TPBT0_;x8L8317w z#OOpCjgS$rT#VnyMk8e)<}k_Y0`n4vGHf&gxierAWVnNU>M-Qcr2>$&J+}mj^YJxY z^&h1R3nWpNkCno##{%=sXqaxsHMJ$mIMof$_^9#iwJ!ROiFzQI&`(U_+I_xxR0!Bs=O`^>(WHXKirnWR&{^`{;65 z=9W?GH05?wOH(3Q>Y7mnk7fo{K|Yda3qrJiM+MR~^=O?oMoatZHnB@8;0JQW%v-K0 z?A^9lPsbN#dpY99`}7 z9GQgdHtnLGLjr7c3~U0U0YJ8#=Q|TZ4HHV^4VaGNe^2mF{1RJ2X}PVTqpRU! z*Nz0eYbUr}ZiwHckFU_rI>pwxi%#)0W4v)@dktOrx)BD|C}XAz4zG*_8hy|qY~C)4 zd=jyOmd8uG1C4q^QQg$em`JkwXfWP4*z1vZACR8c>TP@P)XzM%eM*i{IxR}?+S|dl z@6PP_lQT~@<(m-Wo@hkvsCVtU7=SUZ<4+NXGJ9fPH7;p?nK;6bZbr|-Nmp;_7eo&A)?pnoL#Cyqz zEwza0Qj6FW~ ztp8jV+*V~tE-$n#kQVub($&r(Yz-{cUaKsD<@cP~a!o-O+o^}?=i0(vhNAL54k4)6pBy;flP&O&5R7@1ue1K+zG_Y-6R5HdxRI&_nb663d-P?M|v* zWO$VM{9{57J7ARBj|v$@s~IRGuLkb6Zdg`jsKqQU_9o8l2I`ABSKypxmKcUg?^H$+ z?=%Qtg9dQDL40mC<2orYOh^~w8P^4u%g6NxT-(#d=_{N43$)%I;b@P5#_WR}X1>l@ zTvxco>p6FS#-ar!bt#fkcc*{weJfVhtq9W4=( zVfZTzOG0lIBg~$HWvf}YPMvt|wFNhsv>PmNO0Xjc(T7DLMt8xs9Iv#XhR6?7V zggy~J{SD2D?Pn%pLea5kX&aN5_Ug(JId4bAsfg=Y&Gs9{etq3w{L%3JrF5R3P}*&5 z|G}Cf3^Cabn9>T6Bz_96qUE}n@1nfDFvIPOXyTdck~Q`UwmX;|En4(fHb_m3A>!** z@fsD0Ei*e3J=ai{dKfjJTGNOP=RJT#k5yHD7L8??L8}YX2IlAk>4yoBJF+-qpKhZ1 zWiD@cdo`PB4qaX=87d8u-H^wpMN5p9BqgGxG5j1yjm4w^ zKjeF>H;Hxi@dVhvuN@3fs97jp&&m^P;t*!k0K^#Opz9phZT^DJ=(B0aMaLqV9fKOv z24gCq%c1#u9<80ClvBl;p%-ELRZWM2I7h=K>eBm1r6f_iL%VyF6=;l?rPW$G3@q7< zCYYZELU)rH-0{+}h>loofWzB($QRejl?;IO!O}wkmKX$_D+Ys@u40V)%&K^k zeChbvTWq5mI};XOhN$8WX{st_+tVVd;yH)ZRs7|UNUInKjl*m;b_V~Ff)QlMqeB&> z%H_Qnf@nbjSn2{;wk(aORd51`CVJh16wPd3E)HH6&^0I~Q%AOGDWH=?6LpBk+Mi40 z_Gg51U^Lo^!d~8+mDXnR1bAn~811JeV!`D?Y3Hm(aMU@XU!WDgYWBl@4aO%w^B*#2 z9?cTwRTp$aBm^N6osRJei&U`F-b{OaS~;vZV}HK0pN3i2%ru8B7x%DX0hD+J93fzj zJ%~R`$R$GjYYi5lp&yCgaZ0^Hd8DT8^`Exu`zHzd7&}ne)5Nm(*5LkPM4mQ zYsxP(2F{@L4hwfpxqK=41U6uxQxoL}`Fz5Ui8*KDKk+AUFwvCfLar%S+cQJXKb)Nt z{`^Chk+WNF4olyXqfY;-r{(hxgU*B0$>%|St`Bz}WU@hZ9%Oc_^B|)_&VyW*&2p~7 zpTKdB&pzGiJV-fzw$5a8AMFfy_oF8rWo2dob)S0;Be9zhLFQa#~T8Iaf6}N;iSr)^*Whl?nd10FlV_j2(rwl zRm)_p>;IN>*MBEo{~cKU%hv0wo>b~TM1OLjKOZRQj83e93q!!A?4vr{AQ@SMA=V=*O-v&{S$E zT`3%UaCZA(2rJy6A!-R2_H0|tL96`=n!tEkNGr^hElpUyU|j z=gBvl9e1H)ds=64PS*~1b{$}xRY7-wn&`gMjd;i|fqUC9TIGa)Lr07bKJxTu8;pnO z^oz8=usX6e$C}Y!XO|ds`90tPNGCwpnmY)^C-C$Om4RJ~N9Iej<7PqkLY&d@0L`dp zU4Nm>SjGAr^7K&z(TQf~I*`2>doMrn-mnw^OL3F!K}*q=yni zjs>ffaVAIh3YuXqgC#u96= zuU^kSHi;`W=$O=v#)NpB#!uIOXW^5oI7Ba~(jhuS(d39pVZ+mvXaX>HM{Rj8w$7zs za*t+LKaz>lF%C6ppeY;tp{M7VGFM{!iqWE_NhqETrGv+j$zCZenoZjjFsQ3VHGLpy z$mz~Tdm#i8PCc_}ys!V21l|gP&nlU2n0(0s4Dt*c%=Xc#-eHozQb7;ctU454!S~}Z zso%hUQ@tsH=ob5WZ#R>z0zOouQ}w@gP@>L-T0DIP)MBQh7BBuRE%Q9U&Od{sJlDXM zdZxpJlbmO;EH#JtW%p-tC@prM>Et?-whBu(izr~YGhs$+H8G(L5az4^rxxcVtvO9J z!zr!!U$Fu87z*{cO;Qh&vp}UDM(68Xe%MvLgO>Nvz*Z?$vj|y4z1EvYYH^8mvb!s2bG97@burm@}yQ0b6sj`Ng z*692@I{43Mt3|4B|IT9AZ?M|`Mzv|qJUlrT)G3>0PTv5tt>FxE{grYxL%J-^d`M>3 z%OoANWcsFD4B<1BM0v-n#>a9oF}pZzPOGQ9Me-E%H$jZ+wX?S{Uj8? z>|s)Di@n*BR%>!KM2pLp@f6{cu0;anciCTEPxC{ook;{a{@M1!FBksh*=e~eUZCZIM6q>GtMyWyvE1}U+sL56p16~V1@!XDl3>gPWLeMN> ze#(|j9B>}K!&vO+Ds6O(r`}^|a*&$byF^lxAEK3>!&*I)D~8ct#+Y^vhYEItzUZW2 zEPju`DutI?E55QKEGps3-_n_yFTpk!fzEqSthuc5E*+gy@^&1nb7xl*UDJ(GLTwyt zWAFg~J9Hg*K=Aj=_+GOPeivG;*O*8;9#2N~54PB^u-J#kS?tfCDcT^UqNko!DYm+5 z*7;X0iK#VngJAnv)oMc_x=L~j$<*7=8tvQ7s4F{GaMp?6SHbRI@-^$$%+3K*nEFUU zDYw;1&oBp(>1OKT_Ur?653PA-t`Pc#CDmi*L}Gaob3VmDW!^x2gB;Hv($GSJ8 zb7<6X`}b>@9Lr4xe03+^Z{L`mw%YH47Q%O?;6^koYfQ7snH<;2`f70`)LQI)4bHBY z;^Q~CJXaVqSCc%iLz5moxtClCRKK2lwykLed$zLOTo#RLemvaq>M<(3+1?lOzL3(R zAZ~=|t9OopV7wuRrYoUQs?fnoXtWf{<-H2>et_Q&d*~)MSMPH(=IVn;n%6GDqTY3^ z{$dw{xFmr>8-GP8ZCb=9!}%xA5;2vCpU@|#0Bt~$zuCApb|Qt+ECW^%aWQ?x+z>Dv z=U?5VeDy4SMWY$M=0N%+ZYV_<+lY`>*ucXH04gE7d-djq-Z@Pw|TgwiSMPm3k< z#xp#T0Yo8-y!gptW)k_M{oGjoO;<1fl7D%+cx5TPm#C16_fnkL1!3(vPl4|r7bY1R zl%oLxM)Fi~;SU!geU2&Ibt}H_4S%9xZJZ-;{^ub~AEqhn5gsM~_ib`~-sy)=`7@*p z=G%9Eg`B=loj%;?M(adF+nh&u9zb~h_x$hwZ~Da-EPbY6Dk<;ZX3DMSm$m~igFOo~ zN5H#^ZkD$cpCDhp^(H^LxWRdLEPB}o(6QxX$W0@9(PBSoNo$-u0Lx{3G>2N`HQD`HZ9z1DQwrqt~}2NghxbBET+22hTMr zyNI4xNG#Lp4K=0gLXQpN&RYfh32q$mlV)lC>@_sm6M_6H$jrE z{a^Ea{*v(-C}27Y7;Zn%hTxU$Tt$js#M+`iD!*4?r!B_c_xY$gjq*KogUHdFyKR

$$9q~{6*!rU<`JqU=ijcSy)7&Oo`?S@m&di&_NYP}sS>Ft&uNpBkq`l4|$IUh>V za+F@+daG(%1}l|fcdIIe7!ZmcQEmB0(vHzt;*H?JV?uavJ2L``dmZ_|U83Um z=Q`HP#PsHSEN3L~W$9&qYw=6#e3%XM*5lJ9#KiRZX8Yq<=^j_c{3RO`m=|FZGm#-{ z^3UwN(C4>0M&Cu7P|f&X&d!U#yp&er6z4s}r={!Z$*K`dlGyllv!5|sI_~bk;u!&P zN~{O1XtPjE2MBw1(DZSUrOIj_(ZOMP}Iu|TDje`~!b9Br% z8TK_Ya@lio*(O+f&RFgynKOaASmx0BJ4%!TKR$AR%$aJnzr$LsZ2K$J1bO~~%vByW zr@rD_Aw<0uhBx66(OSjZ><3Jk8u9L7*hu*s`F3ErZ^)D)UyH~wQshx`*B zp(QH6yRaw|gcuOcs0ov=RdzmAWv8SvBY&!>afS2_w#umwjzh;JEV>_Q>pNhYd@A7H z|5ObBY}z+;v^0`on%L3kz%qe%k=0clXLT*be|Ma)$eeN=(X>(rTYL%0pW<+v@*I^)%IL?yuTOl~L|Zf(KI91yNqz zf@p8T0(dJf=-@?bk5&@s?6rYQsUNT8bvha219s#IqW3`3i$ju5K+i6gp zWvr2)=QgpEH~8M1yOQ9bn3-*FaqWmUEzxMBqGLM5YE1R}^)vk)^*=GAhcIL(bs7Ge z0t@ZpFgd4z-xpa`&J!*ApzPyV zGwzL1wv2r8i_h`du%$9@>RXIIkf<6D0#=)em zfhMrB(dAP&^3z3Tv%7{%W8Y6uje)=ZobRvT{XU7t)1Om&EZvwwR-})l9j!a)rXUA% zq?<37pA8iq^xlDQu*-?dF0m$Mm%Q9PyJSj_?2?H+J@*A~ee1;17a#kqcU$+%2JI>6 z|6{oJ{+#*|lNKz*T_MCe2yp`R1D48R-Mvu@{E}{5O9FjukZzb<()gLK-%#ntqSYnRyFZ#IhXzylyNxMGkZunI;4{T7AdWsQd*(9wy->)YtdnK?e+3=>RK3m z`+Kmy=|c65e7D-tH@)+2Ee3q6hd2}HI#-S9$5>K5daC!ruQ^u#Qw&$9U0n0{X&Oi> zN=nKnB?awsT7uHj{}_#|^(-BzWfV{6DDzKu`3jze3ZF$nfWZQJ)c5n~FR*e-vqn1{kzou07GHJ*@;U|i#UD$^-@|r1 zU{woFa|{W115?#oi#H2JQCi96lP*ve79mNra*l^}u%4Uj$CU9L9Sdh)ZSt=$J10w% ziYJigB@n_2OIoEcdjPYrU*3Vwlb%Q_8SN{oD}bYg3!DiZrCPGs-C|#vug{s%O>e^F z#oIN+o+MQn)dfv0uy(pYG=7V@#jVrDLgAW*AoMWZkVQ4V9_QgQH%I>l! z(1>@zUG`Cfu{<)piJd$~tMN_dv$zl3QoWRh9rKsr*@c4`KCbILu zY*?}L|6YKx4|5@GRGoWX`>$rdcN^Gd2c^S$Vrd}OrQ0RGBkE<+%V&6zn1skqj^jsH zwd!bzL1hA(@vp$yGbC+dG7C6=|30L~=Q!(6`TXpq)imOq{pHN*KK1mWjA~ol{7>~@l0WbVB$HKPmsTH=kck7qqIb8lpO+u@P~A7^u!nB_l2um^v-2W;9zvTOyLCzC zr$BV;oUC#hVln=~V;t{;7_`^-FdmfKlUa;uJjV7uDwiBam_P)6W&`aQzNbfE$MB*) z%8p_A&f%S=a65+Cee$Jrp2nqpgU{0#-A68r_g=hCX0PlX?(9IOv0J(a4%HYEnkhR} z<7p*dx~aTRn2W>zt`BVB55o7YS_XZi%=`Ec)0X-q@{Aeeef@|x3Ib@?}o;k`2m zwk?+hU>nk_6>QH9Q^B^QS14@%yt5U*(%td!mFt#^>L>pI_@m9^l3+J$m(!6CR^>Z> zUPsqtx!OI$gOd!pnh*>>ONWH;(|1^>NkhLZ)(fp5zWiv1hryi*1I@eX_F18b?prYy z*9gU1S=S3sBnM2g4wz)orcN^1YfZL>jzZBTQS4r(xkiVbtyTM77Wgn62Hldj4A$GY z{Gq)4;q-|Am~7?Eg%xZ&CHn1-yjQ$CE@N{>xv=OB<}r|2Kly%UhWp(^gCg)4$9WwF zv%;P96*b605xXFawgA)muF;MXuV!{cR@?`fp_NMca8e-Q{4exB5f|3EW=95=TZE#s zY;Aa|R#@~NTjMS+XA3(fA$yI~rHp*9nQo&s+ncTWTmMN3O|GyM`wL7aN6|LEe%(UT z(?MkCHrbaEjs^XIVQ~N9n5o9ooK^!cJ5El_sPm4bxe9u4uPLL>8WKP9KQ!R&6f-(+U@=Z@ET&M-kJFGyv|wzFfwAVWrZpuWq^nH7bYm{ge4KyHqk+y~Q~ zhiShzDqpb0kQwrJc0(T{=kGwpQUCoXcJ@gP$*BmAO5^8NomotJWbZ(lj4MTdTW#ogAyBK?vqEw z9Ew3^I#A1@*RkV%3jJ7p>x%y?rmYRLUfa$m->4|fIT=NrKTJd2(G zK!&hXl7I(|u&9IZQc9LLrPcZ;9f&0stK;`4`xq8M6HG?OsAcS|mJM*$TE=dfb;w7y z^m_;6G5HuYWeSV(u@?MyVg}~sBjPnu(#e!G9MoS*N%r@UittuQgm_hi;}ju3B!W&A;S5E%CnUmUstD0|_KsIm`>Lpkc=m8V zut0=VRfMh-;cQ5R>s1kY_EjLK0h4D-NZcD$aW4zRrHo1@qX?fe zQRGCuig+y%=Y)K1R7Ds_uso%vj#N?a2r$YnU#EUh9e0E(?k$wn=8&wWt0FuVNQ~WT z&8}W`8snsmAmwzB^bdWcEjP+JVzhl=PT#=xiU*}{HK1XT07phM_+} z$IUg|Ebj$Dq``e#jpv^9ynIuiAokx;3GwWJP6fUa&)goezr+#m8H@#}z<5YnK*^Oo zDcD#Dg9bX^$JX4vu&>E6f}cl4djdiZY+`jsM*#8GV2PkQKFeooxkQ+AKilHkEq$=+ z_$-)e*fCiq`IszI;FzrbZ#4UfPUmFx!nY>*oGcxC88O(~#U!7;b(Rj%R}Q&CDRcSO zanIhl&3?)wx-e`W)kJpWq_%Nny->83E=O$93dK*b9L5+~cCYd5vb?V=9Q;+{0Q2Z5 zNwEqEKKTf)0C(a@WQuUwn=BL!<=-WF^mJqJIpDZ_t_%mGXUX)z68+5Ula{&gWCbIuBX%4tuvE*$Hy8W2Iz2W66%m zlf$2s!ksLft!J`w+(6!njuG;GC=)^U^rkRdRUErZUa6AFAD-mLlZC_Prq_8XQ+X)| z%XH~#H1Sf2p3CX2*gf$Yr%#2@kSPl+mdGs9;WH-3Ys9jr{_MHY{`R$Vqy5@z=R%v0 z-#Fd{-PBlHMUM3j?)jphz{b{etAx>E8f%2>G@N&5N+%2s1d}EQ)(dG|-GgzDA*b_U z@<8?`g^n+5OLZo0@3};>_Y9ZqJq=D~?{V#wOgwxn;8_Fpr=`4t+vWObh4<&qbL0IA z=wNZG$?*%v*y>C$wge^tRyqvKxrKEC0~{ipa$;&Z)<&%wlJmCQ$f;=_{$ zCQXi4q>Bw&-_Up1lSs!yEAq88c)S=mU*hRp=5&{7X(+gYO>Srd$4rD_$dlj_SL{X2 z_^ZgCeQRL@oJIfWyb4MWwm?S~)gj$xL=_rZhvMU}@S;=?zz^L)i4f4dOpD}MdAw$4|4^Ka)kU$O9S|99sr#{cclpRc&m z-uisS#r8jQzM{?E`h3Mns+7X7SImzJI$t9huUtgxAtiA6`D`v-N#uAMGwnuW{} zkm*Q#25Bot7L*Tbbz}iNJop*;UHGX3{I~?Bg3j2gi`ca@?A*9&c3}-0;5cL5iHtx# z_xyGnzKw*X#*TAy@{jDrbn+05pLt4jM>l9J3et_@>EaJJ9L-DObVlGO7&xgMfkO-i z+TsD)0ne=*V)y<4>Kl_;(5C$g>c8}5Av3)y)c@00Mt$`;P*2ph5A{Md>N$qUQ2$8R z2I_YwM2Pw?2^R+SUuJRCpW_hU?Fpd%J`ehfM?rlCN4?X273$9@sQ-Ik+o-?mPizaPun4E47Y+CcrW_y|$2i@z|a*S*Y9w{wUe+Z#ar5D%KVS3$j= zquzU;3iV$V)c5Uf8}+Zwv=4R1ZWZb`=p#dYOkx|TAM6+*>JP;d&7Y6>Vf93EGWbmKSct+7_1&-LqcLm^|%i(`NhvH4|QR?3iX8BBSSsELmQ}1i;fU=G5W%wE>7jB$8d=SN)_)bn59sITtB z0FB-rK>a0-deU|Ub!trz^2>G=>J|m{^_$y9efaVAq5jv+D%3~a5*g|@MYVytQxhTT zXEYZE^)rPWbsdM;xix_La31u@Rt5ERj=FK13iZno2FQE82Wmcr z*Yo_%O3h;oO(7$;sA~SWqHi~EXuI+^A8udeZ(gq+&)yta<&W|84PW`a&PG`Iub#ay zmH%o!*Ec#97l8KK6hM6~54vHKg1VVO5W8WM3U#VWj`~yU+eZEIruLzps78I=pvX`+ zwxx1koQ@FnOV3;w)GvLWp-%4KNgB_`0~o9yZwO%jAjiIRgMxh)*MWyNs<0oRNW61x z+t_;!wGaD@wJPij21bT`0!OSh_We&qi2eJgE)4eXPvR2a$ouvF>jS8d;;3h>S5VL7 zsPA2`Lj6hw_3PKPjr!z+?L)o3UWIznjgg`L`>8fi|DicT)Kgk64C*NpIqD)u{fD&y z)M+kXP<{-Q40=O^dL7VCn-2cmQpINWM{U6D4E7P*-9QJ=t`=I}D zl?r;z^^rlpfddxC{(me&=zrlKwBP>!6mMn5bBOO=9YB2x5Bke$1$7rky;GeE^=}l^ zpZWb9_WynDv`_r5LjBWgBSZZfF4tk~|3@N3-FWoEpl*DUqn^hh-nc4&`XU~5XqAHc z2ORacYgMS1D5$Soc@F#k-u9vX{7Mz-#sQI`{!&}0KXy1m)a&>M?YIA1IqJhX#E<p=?^P<)?F#C5t~iJNe|P&(-}Rdc^#j*LhWhVZLc`eq8zV&hp{5Ii z`a_R%)Xf~?gDYCedeq8LS)ac$tgNT~);8*ccC`=nmCIGA&rORA^}%hS{=%UMQQv#$ z!l1tQv4E`8`8fsnu}lH9&;1s_|4EMa?B5jp^Z7V3b%hH5@q8Sau)J;X%XXXt{EM`I z2>yZ^75LYtMg+d0fNdN_yE25G^|FA@`8g7{KB|k!oFaWTU#b^!5>YCw?TWD+yf77G zc~mvliB4wMmt-uvnO$F!v>iS+?D~>|&UBtYu@Od_@1g*ZzxrnQA3Z{slL$qJw~@zB zqPJQF+D|EwN$jOuyTkZ@cq5e9fd?W0#z_QmF*8Rvc{-cKO?`ZDZTgvBqY4usD#VVb zPanQt84|^B4rCWE{F2{Ca9u+c1^!KNeFew@HzOGh+>ovBj6_OB}< zgKbV@8?e2$KSJ2f?vEI@H_2@1v>?e%21ru$R|MPisZm1FqdiEe3{zn@WJgfw*ySg% z8`4o4V1`ss=;G|n{>-CYSVET%@8FtP#-ohjZ|vTiF2&;|E#+?$`5UuLb}=l$BP(YY z!*V<_3uPC>COmR0rD4Bf&@`OF<5>RK36D?m#~!F-c2kVqkZLXKs`0EO{!6>nRPqWv zvn`}Tr}U93^j*Xd_mAflx|ZvKtx{E?V&BLr^pLlW3jJA(utEoTBCgQG*9YlAzLk!_ zVabyBtWfmJrO14dlWNauw^TWtWLLIZDquS%P6PE&8>okdKs_`C>VfXJg|o0_nYAoY z;~C$b!F_`ScXX)!^y@9bts%JoI*!A=g~NSdsS575k|TqA(SbJL9B%j_x~;S`)B@48*5|G zQFRM$;e*@sux&F0`zkKT8?0sBG@d6ZiPCNZf90so3Pp8#4++&M#1M<`=cqowQ9bmF z3RUmrk)e9e-ZoGjyDLIet9M0=>VPx_Rk7h~zuaYBe+i4i2B*%^Q}t!Uw)pVV?270m z%AkXe!xBvhwU%|(c&;RYFYWf;FC4<}Lm?d9U4rll#1My!oa-u{tST489V{dk#FX^$d?=p4fvB= zOW&Z@q;R6&k7`3xGDsI9`E-Gg`1lhcl25xD#Jdq{EsNE7`cqw(cH6#$gZOzUh;Ljf zf%pw#h{n+z#2FmK_m-$YJd+d|h+B5F0b<+u5kemmv=2gg{Ld zOIPD*V2+GK`O&#Hx6f!Ft~1-8Ny79lUDa*=84r+Ojp` z+IocbOA7EqcKOhOvbut0qq9ciD2^wP4NI(LQ5w(Kix^1eMI5A+p_7hdmq;M>Kn$^P zBnRnpJ__!zNCnckOCtkm*48#aGH!_wq(xgI2I)Z0Ado(+R)J*c#3V0XYJja}(Hc)i zB7QNFwH4d!IaxAGMFkF+JLF=<_KY$yE$T*=8@ry zdmG%Czz}%m2adoyp$KSY1TqmrH0N>zCh@lK${*C))HN~$G+Ww0pwFfV5qND=#0b;} z3(A`NLYgtUo$i8<{yS(qv~ueTe1JobKw{P^{QR8`g2 z7bH|KCsgNHII1M;2#Zsry1q+fs4i^_)d$u`h-%IHh*8~!nYq+PhKSVn}{JkYUUt$I7pX#rvhn(E;5j| zZEORiLF*y}>C<%)gVepZ0?p(;(&z?|@OyVy10Y`YgwOBk-H}!T{;C`9jJerpAIb(h zSefDY-pkZB_Md3)q+{d{iwo{<_M7aL>{P-`&^;Y^pZnwj4)E2X0QXCj0KN$^MD1`6 zum;f()^C9d;9?;%fXA(G1K>4lA_REo+K2)Eds3+7DQ8|tYg!j|!CKRR%~cn$xh4nN z*m#ZSp;%TA%f99H&@Hqce&{UK!#ju}PBZa(IK%~g_P45fxa^|H>fyt+ZPbIgKEitV zu|DE@m~d%eBHQ(S+TA~$4s@Wif7;W$#%VmAV;G=!OMu=I3h0bZ5}>^Z&{QJ_^b#)E z@oGRD5+Vb%>$)}oJ-s?YK%cIQe0~%>Mp$rnkW>d2b9P@i=?=)TPUCr-(k<;){xyd^ zGZgkK;w9K$Lkw|Y4u}0>4*QE=t6;Zvjtut4*R%n9QEh~8{!cFs28ZV|-b;SZ}@vl^% zr*?`A^xFD1Ko?d;2>Q#bA_o1j9zmdg`VkG#-bB0@p_rZeIV17IkFX&}zn ze`u0X+pHHBt)LqwFN49QjIU(UdEdtURYs_cINgk?IcK`?vxr7)fR$>jnWo^ ze{{HzTL{>>(D#}x!Vu+oG za)Ei2_cm{TsS=njaS{6la32F_Y<52?Uhy*i_IceOdI<0jBXSZ*T^X@d(b6XkpbE^& z;FMk8-D+?eG9a5bjt=~Rv|*0gUE_KEtlzI^_h}h2PIyP@f0iCS|DqHekI|TIpgd-S zT%G(%HB5`ok)-MgIswaG%}&1FNw?hIeQzJdTfuCfPFGbg!~a@qSpwPteRn7NU6uO)ZKy950C5vCzUh8BGi*J@i+3Ykk8$)mTCEQkouo^Iy;#EM3eY4zA@V$ zS8;L?(>8K;`5U`*$1ufn9G_&Adk*1`m1gjJ*aP~DE$jj9S-nQujl7&aoYHt)?4iHL zL)yu9%Kn!@0(B1E0cYmQKyf4vaAnz1w*=-tc zp0(_9jrVD5S(e887i-xS8t-^(*$o=+SQJm|9ceAQQR6jR%k&y=j%7Q{G#w zW$7C4K(f1fud|j7(0H**K2YQBN47oh<<_$6HQr0DWw&d*u=aJ(csp6k`f9u}*0SrE z#o{u$iz$E)l+g1$9nR=XT>Kf->&zE@H1-N|_W5+H-|zYKCq~*!q#X*W9OfI3|7S+J zf=E>gX$snL&jYk@>P&1P(pL&;`3{hNpequbiD&-}(p-hquoI;26^!&IeO0KC2JQxF zI$dJoOq}y6NDnBaNqa!rKsTT`6T8w^cPgZJ_kwgI-G$>!{F3rYQAimgNUv2hQg2Ey zULif`0m-wBk^0kDhd!4{hxUV%yo8ZbiBzwUn!O->vz(EBAX1q^ia7{U9Nq2aOuU6i zA1Wj-k)B$~NH-H{wnDnI5v0oB8R=^xJ)w|ZYyzoIEhD*zWL8K;he3L2H6vY0qzr|$ z{0K-J>lkU*Cm>y_kZwK((!e#0^bvh^`ZJmI+;NazU&~0(5vf5T)tmrn|2jtcj!15W zbVV~rh7F8#l1TqiNSUWV`p?Fo%L!i6Cu_WdD&QHta_t%2l=KjLrTbm0`_eJ3qkikF zS<;W~mm4ZkGB{I)il}Diz z$&^btp&F%5_R=-^-MtoU%pX;C-2r#wnjD-^`RL0;hbW)Pj{!*m-&9ybptS zrt|;j4}YcDADrJWfB)p4{vPA5%~+H^$9)`uFGs7cA#-SLPTpQ%**^C_3205nYoaESVdE%|_tlXT* z?yU5@N28!tF~nzw`x*H~iQGo|qob(-x)0>TVw#u6LUcg1P@Kg-OX9~OxBAStA2Za_ zi5bG8VPgX~tU0FWf^S))hUwp9rCW;L)pAZuwyG%gHEW{hOFCY=brHUF@FFatVVh${ zl7%jE|BSsnf#vC!ky$}XiXr15$>&g^G-f~vyAO^J4~cIY>0BY_PxCFKAEUCDbtb>t zlG#}Jo98|@2b;)pH9LkO)fq`t49+{<2(tS=zXVEQN0Zh^jAxZh%<%Nlo)g!t%LvQx z@^buaxYBN(%S&5B+_xrw@Fpk!Cp`JXd7SJ}4v?RrqpM9aHp}NN7W)e(nw|MnH1SS4 zQq)%6gfi0MgS${b?>!R41vzSXuVnB-|73ix48?cp7=D-2kHOfk%GgYIk%SaprH|6d zg=5)K{)v0u$Mgi{csx6vJg0B^r{qgrn1{E9e=2^|g%ga9+shDH&<%qNb#_WBcc9Kr zNf)PmpNKS;nxNUvQ7Ng+d3p?8s5^j8)E-QZ#F*jX6Co{|P7E&~zhZWFcniCMvq?NT zD4rd{%PtgF9j4uyUyH==513_v!&g33^P3*RZ*q8kYyQ_>eutemzdyXk`HkiLuKPgE z@5~Q_`7L=bEWh2`&F{Md&zIj`62GH|Fn+HJ;^Lzh-_VT+v<9zx3`5n&hygM1c*7wx>>O%OP`%YMX zzx;1|`MvtQ`Mpx&ch4P+-_pOU`JM1yFu%?7!t&elZF~8BA^m*$b^Ii zey^4IExeWSn-j!u)4X7QHR1WSf7M=oJDxYc^WNnAx^H3pzVo)4->eXRpL{bczZ?J4 zUViTzaK8MWeS`Dcjq|(rEj7P$-wx)t_KmRornQ^jFZ!P^zmH4&KAy?Pzd`&qycNvv z;PCuT`?B5R-)qj7-<5Nv@$X}ZhqfQJ70c3d|ev<-pt3pLHv@us`<@(J^c9hi*}EHQ_q**Sc%`yZsOzL zxk2OK5Pmnj7JmHudArBI=gsePuSw(IL45rCdeHcHZZN-D;rWekH@|bPK3{&7E=6Aj`{P_2?c8`CrYLnm5>_V>v!PnfT%GWd(*A-l1bVM1e$uPt=i52Hc zi_B^8P)IY>!iIOX(K)?VPX~g5%~Rs?YowSDP|Q^LG^AP@gf155$p9F|b=h-p+Bdj4Wqm2vfdg3&4wc~V-w z%;Ju`#9fvS|C8}Q9sjfNKNtTe;D4TwHj^!wrp+YJfBgA~{~-+Ur=0((<$oIZAG)>| ze<&Mc^-Nli%wnZwH?pCOO(-MEH<7EkSC4f&y8j@pSz4VYHXo*24eS8lK6-B#x8|1xH@f|w-0499F#zokmIR}ho@K1@gK9cW1&H#!ooq$LoeBgSQP z%uMGJRhZ_8?bC|vEFp46ooME<=yC*D0W}4&>~c%kwqf^<9mbZi+4W3`|AxPh*_l|t z{$!`zyd;Nkb6!uyP{}(hNvd+4JKZ^1a1pJ=U(PNwPknei-JE$9tKAmy+gEyNs)of$ z);do2)Tpj^T0vKeIN~9J^sg!_E{bZgGu2`Ts>K5BQdKp2zP-9R@Tsc3n00_eCR<4R zDJ7Xde4nD@4_~Kf_`|0uB!zhRAfnyL~b&=L?YJ)k&hH_#-ACVvNp>q%qU376N=1KBw^CE9UukxyN4KAOFwRk z`2a;tn+KT;wk@l0u>)iJi?@b{eUyZsBXRhsmiReF8C3CbWN;#mGH4d@J-%BDarJA2CJaF%_E3X&O)f3SakuVyt=oDuUJgSNfz~VYhzvEUqk4 zNZ}}v&Jc+wBa045r-{`%%3+g4VgiaB>WM;9r=-V{14TlGg94%3PAP9C9yW1!vgoU4 zS=IWeNtp4hjEe*d6U4ItTu7FhI)>mvfsnaiTx3ZM#zm4vh70OZe2acJG8w8Naq_<< z2_us}ArJC~Kaf6>N5~+5As+Lpm>{ppq!doE-xHbs--O~D;Ppa9DM-nc+T|Che0e8G z{3rWj5YTNKR?V$UCZLTdJK^f9AT3(wp>c}%P0wW3N7%Qt(1@_bzR6_AV2AfBLMrcP zvV~OM@!&!3ic;myDOK*SQsoXTRqoPKit_)j z8OVnpr-UCcuWhE@C&p?NUM{CPbS&sXq~1jmLAi?&CN+^f)KX9b{g571 znVnf$v)#q|KJ;>jS*K=n=3+^CwbUUVMq`DB6)a3ZUm0z(*O-W)S5vakO~#n)t`N$k zby9D+4w+4ClA^zmd{mfm9jNFnnXID`nK4m^06zAoussxJrHDDKpG2!Zxj9ZRR8>)% zJF!+6gO0)H0^Le#>1^a;D< zkP@IibH-~_pX@8@5?3OT*QjRk_mu@QB`Y+&8cI*_Vg5r&yh0U^S06t5rB?nZSx&A& zN{)@?{|^LcshF3PEDf59emn7hEWJf==oT9y8I>ds1(^T$yzTaN0(K$8RXg_Uqd6O%5 zP3yOc1$(uXJEuPoPe1qQDtApEd{kSxYuwp zldjxW#r{^h&rUjpzjgTQ!QYy|eUX*=LB4YLTHkK>&y6SCdm6X6{pgzAKKk*ahsP6s zuJx^RyM3oC_18AmRJyw5ukKpu8id{xUwc=&-Hiv`^YYhrb+5%>&ppq3P)W3M2;3ek zD=eC$?s<(TDu;}tx5qV`@wPcAQA&d)+?^%dktd8qyHlbad7{%X@Nu8bJD5q2btCZT z9}&n(KO;|ESgC(G@8Ckp@fhXko{@Jz342_#rR{u!3KYIDgb*(aVB*F2Gevlditv`I z2>3Zc<=UL-UoI3s16zi-7u8~HQzfgt8mZRmcrDJTtQEx{yn2yQ}fe7_^w%B9mYPiiam-F^G$aXTKn_!=vRPS32? zLZqKhc2Ao$Xe#op)MxstD)leU(6}>vE_%q)xzl_V>`?D8+#-52MZ9(7iW}E6X0$Emv~{e5XxabH3RPE7u?OM15@xr z`Z+a~baiSf)7w<0!>LT4Q%Sd{rjnjdMSHocZiMby>G{z_u0qsi*+81MVaM)@z7w#4`Tsjz{(9Yx2D;*UO zvX)6J@c$TSe*qK}BOSk&ryx@Z_q0iS=w~Ik6j>XX8)!e=@Ai+yGkfwI@(`&hS& zTGB4CD?R$WW<#aEFPgZ8zJryIrfF&`AH9bM)wwtNHZzBQUjCZy?v44!I=bKU?sm`eRiKVex$TY1@VCkBLG$B2jMm3}*t@*aH4Tl5`w_sT zt91PpQ#YVcw~)$ryquSBgS&6zCR8r9tP6c>!2rx>0IZHjt=yRgU*gq```s;hyE9ST zu2e<%QN=*X-Fn0z!9WoyrNd|zDW!D8JH;!j@=>j(7B%j7Ps@Y4q1{gNop#S^T)<= zB$aE|#>Rb>758iQLgdb%jMbr4jmCCb-tM=6#Im;lXT@7ojkRwvKy!(PP7fh#N3fcp zNAx2c?Uuat{82~oQ1ytGiO|#Zvj#tt{*sbMolFkhl}rswb82_AG!H@anp5wmVGHRi z8Wd`BV)K4M)3Dfg0RL<7e=m?Fm70c`XD%W&;r~+n-{RF1o+Bytv>AtZ^T8VorW@3L zP(uRZ2B}3LS)n1+QT#uQ|HmV9;W$p4XK>K#(SIPvhFZx6jrAgvz-&Svo*XF@W%n+EojPQS)1)S;Vo zZMjH3CWSq+4lFm1^+T+usNr##r5@2R{bjGzvQt!Mv!{mzto46Gid`$m)&=@4Jd_3c zEvX}FmO3KzNK$t(HC5_Brl!hWN~+w+q{`h+s@xH!%3TxEVLRAnRZ{1rUSL6g7AKo_ zCHw97EE$?Bek~htKa~x*A4ubHbZC5Jjt*_EY}@6_7B9ijnMN~0$Qx!jeT7s#);dsF znruGLx-^wqG(3v!;eB@kF0Ma(h2r{I6ykgM#NvEb31PcB$$H0UzAJ=2G#}eaQ$8}z_-gQ0Nv0iU-#G>2N(=rsk?rdQ zvwfXlb}&DC_LJEQkJ8f#$;iblIrv$xm}X;Axb;S-vfk*(UUPsfH=F2Z8ND)VFqu6u z8nrSzD$FkjiEXbG$PKBm)NG|tPau@rwN_FB2b2Vku>|&nEg`eDO^W?}3GgxqgEb=i zB{KjlUZCt(g*HTcPfir+diVhuDXfyJtnh9W^TJSc@eOYfm};J zB;!7}_b#v+dofX|6=G%});hYBrfId@Q0?F*KD4AWn1PAe?}SOTXn^&mNgJpmMZU-q z8FTewzqj<;&zkT7DbyvZgSApHy4iqLnW9S(2|{Yu6urg^=1^CEvqB* zz4Y>tWSpaRioPH^v(Djxb<#pA`Zoa+%RFY9nkk#6cu$C)S+ZKmy(M~P$!aC{sOXs` zs}=8d(KAywyp;OmB)LD97FNHPJLa$Dh1E~xe)$8rUw&KemtU3p8FKW_mKvqq{tn0BebvaB=5n%%Wi6i)&zRp-Nflm zDGj^qV83qo?uarQQ#gWkaznB!j_9IhavVZzEC4fx;>GwqK22)8>}HE!y+iC zJ5`}<(Xvu*P2|v36uN?skdjs5ehNRMLI6)2k=Jchb|2Jy#%*d8*rJ}$*cd<|(C?~H zU=8(=jv**e)Ds;;PzZGV1g+Ff*YP&kD)-|DslzVk%S_Zs=bfg;o39+^#juV%hA|w1 zB6{6j)a&kENNw=8g%W(M?>+|NPKii?w2;zB-Te+#;4%taLCc!ERH3Y!mq6n~PUPCa znrrrm{*t3b?jJ0a4edEmwXN*FA13#oYXbAB`&Lo(Pr<>8=o9%T{UpTE#7S_+~6vi+~-5_=CG-71^c`k)k zQfSr$`W;KFc5H=tlFHQvDQpzRuwm-zK);W-lk~P=uJm?>b>6Js$HQD{%?>uW;2ues zSSO5G4xPbZiy)YXbNMi!Ir^etw8WYI9 zIR*#Pm_Y9Fkq&d|n^l=4Pupex%~Xs1ce5Q{cI%lVXY3iPd~r;{{cJ_LaJ0 z_hIIKk&re9e{zz&y~I1t^x^B>1)uPpnkM@O3!Lh1q9F|2|D}zs`TTMH67sso7-l!-hTT4Qr&frKYBTn^87^|0BocDlL{TWkc#S4QC8JiI+ zCVwalCAt_*<*XNV2|9OER~SyGP5jN>R8_8bpV4)4pXm}0qn19IIDsjJ_;?XHo3UhV zuMmG_IU~%hQb5fGQaU6BE9EOT8Q_rgt|r2gHwBx}M`zK16~{f{8~ zi9>62nBvT6Nsyq)-w^CRN9B9cXon}H8J@Au#Ffl(6{`?=37y?megz)j3^{(OD%z9&J_;n1elA1|ptVq3 za@^G~Cg)!<1B@6Sy9f@3#Whn0z|9ebirxK{;_}E7rw_>8H(k$a*Yh14?H5oz3JD|`lR=pGEeMXT%Z-m=pc(7Oo5_)|j3Wz=(82hA z0MdFzmDbaYn*yHJ0DV~^li9=Ksi`Q2GuEMsItkBGj-91gYgjCBBHr>>j(;v&6_V@s zv3NARz~Ktyj=7Z?KT?%1IgT%-Dj$!8y_u@wC+N$l{CeTvwfW;)efsN(z^6mM`cu;K z>?g9cpj;0_CC!c)LJe;<-$)q3$paBQeG!$PXCR+ukW8Ml4|8W!{Vxz*zu9s7?2D3- z$d!*JCTqO$bB)^V#Z$zTUt7b`XA@vW5;9!V16M zzXlHGRkPd#0_5OcIS*;f!;WLBg;!>j$!QWy&U-rt)~|%p2afCQ+w`uzI-&IG6RtgU2E&UdhY6)AgZ1%^ z+409+-YC6LdU;aG{fAu#6S9QTt75Np&li%OKf9!_(dN<_Z50Vd|1zQYTP$7=cP5N9qf%_U&X_an1>01q zFF3gm1CeN>GiId88Dqm3BZ|&b5K41>_O;+fD4pte?IT{&!OLyw`gmV_qia90(p9G~ z>H40lk-%Rsy^nfN3+9NKbxKH-q2#6aqK*EgD#VM?=u5OA3WqkdGizUti2u+^edNynuzpkg8w+Ubyp!|N$VXdiq*@;X zikN@WU_YsM?bAUOADHpQ$5~Ymt&W6(+gk!O5KnN$#X7 zIi`$A?u?Y&*)Ykq1SfYYB)QY7GalG9}6UXoU7KyJe59vPXzl3 zQ`+x}K4#lb+V({oZ7tE0FUmNPvDsMcFMNufLSnM*J!8o5Qy{e`P>PhE+4km?WYVqO zczw2~77A*r-(!kD1|Fa78RazUjP-lW@dwTEdk|94GddxOG-5B5G{zWz$YiTdHf3%r z{GUln85LY@bnS}HC};YI1P4ajH$uOm@1)!Qa(oqM%&aclO$8|`22V_rYmFysB~3PJ zYYXEu%AtCNW4%vsZ7%CTbBDQHfddN7^!tzXIYH9r@>8~k+uBs=;4@L6!#91wmAdLI zjpz`N_yt$$A6P&beYVg>E>d3O;($tTFrM6Dgfc_GOt#a}!fcwtn4CkRGEP8f@*qG@ zl1vMwgYBnXyL9nh6lDNf^lkc*0jNr7Tr}dHrO?6pl4lRIrW~a|!Q&w$3O&@pctkp` z1VvL&LQqhQ%PR<_o0&4`OCCBLi|nM%i(Wgp8e{1Nc|3HuqtRbQa%jvvA{39Ip-bjQ zVNNlVMLsJtx^{wEAMUzqFK8!oGccylN*C%QRyF2dKm1d z^)q)RXWKVQBH2T$cMey{WREDk2McA7X#LFJlJH4ux%|qc-9&PEJ;^0zLROXjqVF8o zLnWUk(!Ql}=FIJdyQy$Rbn>A|i|G&VX)5%#osdr#(w zyUwx>=cuXP3(hw~H1Q=D&ZO|dSyLK5hmOlELKXLsHioyGT^MaP+85tW9e1r%)2 zK@gQyNQgiIrKLdg{hxF0O>WW@QRjWX@BREqlbrQA=RD`x&p8_}c@Kf#>;iH&UIB9c z{C9+lAB2l8sK_}F2?Qs!m>w*xV}A464wWA<#^p(yzLMQv-N1K+= z9EuuMnhz%Q)I|at(%BIr(%%7B_{1_kIAn-qri`az9Om8$knQGET1$`-KP8YaY6-3F zK)#Ry^2Jn;FQoywEfwTg9Au3(bz-dPdz>}>h_j|P#+p7;SyOx&v4$#>`VpAac(O?G z``IwQg*3?7+UV!RM{j4NpNG*O#po?$3JD#{cbc2+=945+jW`Y-r z{+mfVB7XQpGCwpje)!n`FZ^)%<@q7#jmi%*RepFONx&s~6Z!&X*oiU2E#BG-my>VX z(VL>*aAvsfoJwype#4pJODrKF-+nn>xGv5MY5o~Mc%NQjsuaNHG>vH^ zX-rU@xW?2V0hxd@TxaTx+E+6!ddO+s&DfbYnVoGS^pald!8E6kd#cm?0eG2?KVrdc z#Ep&vwi^^74+B4nf$w&in^koTEY18r zB$E+fVKnN3e0xp7UYBwagX|X{q`l^$y@CV0Ihmhn>`S8?U})_r%w7{8d7N_W%>;!? zW@qVn*=-sxyEz>%8>-`F%hTFg@)ML}M)U#A){@6Np`&uBy;q=(B+X@lb4t9<={$^m|Sf0UtLi%t31rtAkCeR@fuXcndQ0xZt} zXo9O`Le0!)gwQDi{jkyx1IF=;(GlC|vNm{LcZ3cYR5%BEa+s;>{&s*;S|p!C+WgZv zq`x|uH2v-8U-YdYv}7RLRCpPrnD9mb-gr`-*G6!;kHO@%p9c2RsQomupV}fcn%K`w z?Pn(YnWg>A!Zc*7(=f9!TOFtu12taBf>_V8VOkQy{O1XEm|q#c80^CV-SDX?_!ZA_ zPc>W~zv8%Mnu>8%L0llX9sej3NGcH@~sYZa#_N$d4Y(h5BzBrVA^1|9At zu?aF?;@*zev zq?Zm!`ZNN2w7t@Zy^^Wzl}1A-%61V$CDL<@Wm-8CSfim#E0`%Yeo8+E(2uO~HIHhD zC;F>E|8>Y$>=9E8%I!8=JS+0&CN?kLXXEoy7){IzTfM+ki@dBghT&FqB?qg&)?-4f z25sd+BA)M~?mF^}hab~bP56^R~Ud!H-MO713^@`}w5jtpeLLneP)O@k#20>TqV_wS8uGCK4-UBVkwR`GoAH)xru&rGe-Smad@h(jAx`b@0bs;pg@1a>g z))SY3k5#_NDq|)MbfdR_o9H`>FOFp!FI|eoCI(I0ASBUbsb?}oKe;?3cj^IrL!Bvk z?M3n&#$rpI1NeaAMb@JT8r#9{{f>j8!qFH`F8n&56?rY)4u${5wrlPUwK?)~C#EIZ zKVBe|R3N24crV%wx=qjzTH%8>sDpM_lc)X?XrR0o&o4@LHJ^5fFK=`Te7s5B&Fl~jAd5A!-pCr0RHyJVAhJ3aBekh@ zs1Y{yb=qo1ok<1gO_vVVvQch~M4w11{d;Cc*e0(_EatZ8_;{@go$n&agnQhw}Y-k`W-vE?o=Ks zSV-X=eJB83;kvrhdO-9qzk{wj>hB6n0kzxbF*ySFgW8?v)Gia5;%YDbP(pfoN3}rj zhOW}lJ8|`oi4?q)Bl^d{80_06){LhsmX@98o1+Sf{lsAI31UM|>p^j46pgt2Cq&lV>JA4oGLXd1-!&v+vT*}Gx{&1DmoH1b1)c8IJ0qz$gaQKOo z9YqQ#Q2c$l@s!hgOkDZO7*fFyq9-eRfkG}NOd(swqx3jJn?dwV!2XE5YfS31r`Bhq zN!RB$`D{GKXG7bWy4kpAj5-^Q1K7*#g6Q9t&mMcaWumX_|jKUJNc8o6S}AFvb$ouRUP~K ze%h`m?#Fh;%6@8t-_tjEUDg$EgZDh-Cl>;vS5z$X6k?uF^x*LQPr*b~r^D{yw#9UMCnQ}&LYZX1N zb)-aB-lmp6dNy5o3q7m#4}JNWYWdaa%hLmBK7IKGYWWpu%U7R7`MdPxf2EecJ8k*$ z!zf>%FTX}DKPYYa41)i&VqN)vspZd|Nmss>;MuG%e?l!^m$rN{sA1$;efgYhUj8R( z%Qw-xXAkMi-=vnWNZ&p^*EU>VURKNBmLC3nC~wl2e^4!-m9~7w9+ZD?7@?iJpb(VN zOJW_&6FK7YCvN3J(F~hX2NhO=I^#qfVJM6kL3hDO(f1A3beJUYb514VQ2ymm>Ladf zwKZ{dfJxT~Di)U)pfP19ECG;g^{ucDMBfeOL{l`w6pKc{fj*^zIu=egPV=*`XLKSE2au(GA`1cjx}_8w@X z&-QJKzKW}oo14SNyCpLFs&qh(NCvXHBOqVSO$G8lbKA9t$vbunZ_nU8cJXq9&ghxi zUTcrEOZ$^szF=u9I;UIO*`3oZt>c!5v9(`%R{PVxmY3*VMGO*nOm-wy|M*({`yq-euk8!ow$5xVkcg1 zs0#+AHdQ$&rKu5D*wl!@sZHIC6dR?m)s>WgNlLvO^ctyYK3BE^c~Wplj=XFO8CD$2 zLiFL}r!t%c<+63BxbjmLv=S4X3Jj19tmbTXQM@xaFWX*nL=G$}D2(d|PUWC1zPv*= zItxZZZ6N(RTh*^^b>~SjXbi_Sm(~!cw%q%Dtmv3TOwt_-gXp)sWm+(HO zAlW~fWN)cY*6Hd~?Jf1G_LllodrN()y`?_Y-cp}rZ>eX>Vr&Puw?yvf7srrx*uf5{ zVDx5rS$!&YIF&~W%AMAe;>zE5j2&|j`*_3|0EX(u&++4(IDSYv1B}goDFq??Z7J*T zk0mTH{tUjnp7m*#_Q?CRw3i&hIkvQ(mAYju!ETjRt}o!*b1C*Deo-!hBNR`f$Z>JgoFD%jDVSYB9BII zqPK+zGp2X8BUq|4Hbe1rDDNRO1hF_rT3q7G+nM;VRa`#ghWL!`aujV8mk&dN6GJSg zVanCjD#g*OF%GgcE9m07UF(1iW;d8q*J^yt`YYycjh$L8q znMBjh@WjZ&aq1VR`V!2viCG1@&^5@x0@zGkRL#ctPiW&OCWnccgFuqoFwRe5 z@pTEO#N`=@alYp&y2zG5TrN_ofQ4`fpUchvl8v-vj8gblcVYH~9FZFsh^DK%XP$D> zd$f&F5od6rpix?5Nh~@@?9W~<1*(@)Z*sWpJ;L%+F5##=n(lG(O~J0FhX*bRo*rx? zMDIXb8^e*NCNGsoNvBo2@2S3LQrq-MiJ?B?*yRQ1ENu{FDxGJ}tgKl8Wzj z?_LqU=L|^TyUrn_;=Ax(D!Si3I0fBH2dARDDGA*}CkzREFBse*zW;&ayGit4?3@PQ zDKX+H_;+yoGgrjzQ|Wm!zvo0RVdFoa%A#9SnfQfNHh(cy5J=?=obT&oiC8MnuT0PL z-)ceC|JLLKAT%V5T551gyxIUFdr`m@#zMo+8srF%w?^x zH!`!8U_cBQ7q+Iqk+`pLjNXo+F}swlkzYVn`x->_n;j6*qMy~JwZx{#S1wOLHtY!h2Q_N)L~d3Z z{HMgo^?kk;ZMm;Q+LDA%Y3Fysrj+^Zx&4afcg8iBqc3cJFY4zv*f(Wb)rsvva0`hEGf|}_pGbH62ImO!Oc|$t4MG$>- zo>U(^Ql_JFLS$KnzVr0*peEhrmZgG_BK?&a+C#C1pm6t1NK+c5^r=FDm1SbZO3Z}& zDyMK7Vnz6)IxMw6=I-LMUKCdh>P}%>ZBa9`>F42>Q#nnj(jqV0Ouwm{zhUu|?O} zRc!VQOs+bo`rg6MSpO;WWzR?tf?e58Dkz&E21$D;ULh#l*To@7k?ial>g1xvYg*)h zPJkQQiwkf&m;e_E&)Y%*95}Yi`l0AAAdD1Xr#{WNZ{$5V5rOUr#P$9S!ns5E$SE9_ zl|9ZPFm>4Ry*=2noQ$+~Pc6SJZTU0IU34;XPmk2{Q`44z7v!dQwj^{}(B+Fvm+f>-hq|osn*U|?YYM9S|I>b55bD@|{Y009 zE}NuBa>e#Nrr6Tvr-6X?)+H2M@O$VLL{G5d&@0X|#Wwl;mdU8C@5+?*T$#$5RvPrE z8`o}MQ|Y1i$5@|8ukPw1NvdOtFV7cCIxg!er?O+gT_ow0rW4U^N%9S`J1*b6|GG}T zf!Gt?y@AO$F5yx;`KA;bk-b(N1xU{pwof&Z@_N4xg*&@IbCkt4v}`T*Z8! zshG1ga2?8KreZR1e^03bP#m}>H}95>)S|zD#Rt<&7e?mgrcp7Qy~k2iOqp$$bJ3eq z=!GLzr_(nlze!l#>=Zt60(R(|x2pPPo8Zaj`lie^%=Y$aFkQ_&4UV0#P9t42P7~|r zoV?ys2SFxPv7AdMs3Ad!FYms*ak@-XD!(GiPVE3?>HXt0_*$QeuY=yWB7B|GNr$f~ zp@+cN&~bwvVJ}(IA?!v=hX`9t2)jP}-(gmcUWr+m>}&t)?8#5Bzq~zpb50t2@(Qs- z9=ufiUu93G3km!mf+0DCRywWAEt7j98M$AVGylhxaOPG2llJ9R>pHeCf0T6vJb6p! z4tetE&M7=OaUTO9Oj=)!Eho5es@%2G(2gaq(NvT`ZnBMe$68WR$PQrLji~X?DK_SY z$ZZVJEtip42 zR^b;+SHi!azbb`)GZXPASG6}0i~e4j%sM>nZ8@ z^}p91Jm<^UgGYZ&)_r$}(k9!F>E+G!Dfn9P&nv>$mkeKqf8TCShp+~7hX`9rV1bnS zhZwY74e1B)MIHdP`X7{U7W^e;e#-uFMe|c5w3{FOeomR6zB%dU=TLTs^K;_Fh9sw$8qO+2bQSdiY#M;1BQ;X)4YHnPKY?}9&lV1S$H%FvtRT+9gP zu-0-@pu4Z$)R4xsNbHOT1LnCVGuiBR{%`%*IEx+D&7z+j(h%si;>eq12uT3Fhy$Hu z7-X=gg&9nt%+fhGLWpfB|y zPwWAUI=grJ-~kM46W!tuoBHh9Gvd7340_ce!(LK*cD%UMmYKmnEDmpNzSA1=L}cq$ z(f2-jdnr%!S(&{aHrWF$lY+x(j^0uqo6#DR#ND>e04bE?ux|Ab` zSk{j{pGOqoYl0)I;Jj-1D&TZV0jD)14o-#mc-@zRgiw+oDQ1uW*$%c$37U$M+tCBD zjeyw7FEX{)a>-5$^9(S=_P0(U9({+jTmdUs!?>sbbsg2;Ye^xsO$Vq8R2=e#Su z3&HuR!K|E_|C&Y*f;J@|cAsAO9>v$-EXAwPz|3}$+!YA58s%i2TIkI)m7 zFb;)R{!vX^LcQ~}`C8g2mev|R^anMe2npf$v|mrNY`QEVT&q=igf$%s57QC`u|g4Q z_gXD&97{V$6|=Rpwkec$D11(9y)SQ_(jL$XnK_V;-bha8fW1XlvhV@hMp+L2S@<&~GJA$Zx_{QDaO*GoqOpWO=B@&Z4(LKT z_#G%Gt`^n?AnSs$ORVegZ+_JrTNQuPgc?h{zXC;Vr#8NKT>fqDp<)d=6vfqN~D_ zjId#89=7eV$?CRsD2?Ge8BTb@NFR%Ihqu*Oc}JPJrn?|5J2ML1Lh_g?7$oo6VHI}s zyPkpefTLLQ)*9{BP*o3`Qfo&iz2O9{>V^(#7mLwe_7d!r?d&oQPp;Fto%L---@vkO zpbsbSyEeT0_iEol$WeqP->Ow(DW$DcZ<78(_ zX*|n$o1Zwm=Z%%$z(8^{q-Ceof!H!IkR}?)R?i4qU}~{s-Q^zYwC<{!ixw@TJOicJ zMq9u!T#9Y8TemMLw)=OvdsBWl%CBAACEB;7Ha@tnc3{L{8X*Cc!vT82l>i8aknm|n zgFT-(g$7p5R{Ma{uD$aisvW5fvQ|nyOJYcA!o$Vww2$Gl6jc zY$5;~2f*%RfK4R8h7({nali_rBLd^3Izdn*L8~ZQ#z|sVNvIPHT2gwD2kSxpuNUCv!5~58->REs%p59iyMkK?JmgfHrfWP0?=Y z0s6@#9YDQaOgD%6#tCD)sur*58^7~3x<~Onv{&iuQT@8emo^;-z3Fq zX+T;x?m@thTpCFkjii`HQp8765WOXV7nC_s1!n>WXIykr`jP&5qHd(aUPw36wBz{x z#N=^&_FFy<20txA9}FOuAa@2F`51`jYScy>tN}6+(cVA`D3)%M->PetSj_Xk)%Fyx zk$T_i$m%Dh40kq+Sx+;O{~g*(qVFXZB{Bgh0|Mj>%*DS2g)Zyo;>yv?WbjCy%X(D3 z*fKa5n2lnHHY!A&VmUYix*!?Yy)7nj1qnDh`?{;>BrI5ciSk2H4ELP^an;)*i2je6 zu(#VKoTU3`iuP1mWFs1>G}Em@Oj;RaqtlYd#peK ziQOn2x!2k+BUL`3<)_<~NN<&ce`dlcy{tA6qGhvAmK@f-g6Pxeqiy`NT< zOEtBSXV|rZ)uZn9OsrmHh|LoHXQ*Lzl5`t1>*}Y34dM?rkZ~lok**S!gRUlGYjY8> zQ@ywei?o$p@MS+;QzpD(jDTpt>e_%}wNxx84@4|54F(1KRxGZpOoNNVF3X~=!5Oeq zv8M26uM%E*nq2;KqK_W8f#G3s3!03D4p_uBu1n^S96Fe93p{+@VSZZ#!qPwfE z)S>W;KZ4*EaFxpbZCDH0J(%9Y8mLN!E07uOLG75LUCxSg?WfO*ORklVj)8t zv5;YrO)O+sg-?cN_+)qoZIyPk#kN8fXh zPPcB;_dI;3tHCnl^+WNO{>jR$!isu(G0=x_B!lh>qnpyE)9r@z#O`}c`$~%Ev~G7_ zN0zZ1sk*j7j)kzKohlaN76J6o7!2&~xn_1EdFIj~txV6rT11ZC?Bc*uxAY z+E8#5F!y=rkV*C~>Y4+8rX994gb}a!A=~WJ4ghLk`9f!a&5ASd@C?!S8DS0Ts1M2= zV4E7l?b@m*h&_lr23#|+3vy&*kgC^ZWpL0*QIT>*r4T(&{2~^*eM4WBkI(v=;-S14J+U31V6pTOiC(-eomMPn+WbwK*ToL1b_ARSuB5TVm+p z*bkdy)H3vscC)mYZomsp#RPL8#swDDTpSn7{THnk6tP(B-Q(8x#g*UVGd*W=&{PAH z#Knoh+#tCd?Iru*i*;MZEgO?ZH*vax_nN9sMDKGE9+CYlaW$Vq*ydm@(ht{w?Iqiw zEM(7r6xv#30=po3T6z10)Q`B5N$OECA1jwkY+M?(` z1sEci@W&C`NbX{oPMpEq8kkPrsSxM(xMLhWzUNLWS7cc6OXNclgiFmWgw1KeJSb`;b`Kd`$&CAu8TW56I5j`FVx-Su?#wOOL_M zd!L@V|7<&ZZkFC7ec&{Eb5{~SYeAW2N}AX5IsI;>r)t9$;sdDMR_E|;%E9Nqn9JLP zxx){bo91mji7#96B{YqvEU9;3mllQ&8l~6hj%=xDyFJj$rZiR`%#+?dOt(AQg#D6t zV~Y#+q$7!Gqg}i&*c=lv8IRM$!}eD&n1&p%iNDun38ghlgqkuFI;gEs$_y&C6#YA~ zks?GqoI#mvJ{jXxA&XN#^;-Lzf2Lk?I2GCS&L%!yyO9>_rB(eiq9iQ7%yYI<4sbXl z{P+*4PI5fCrjKh(nvuWYe`!1#+Ae*-*-0PJhcOH|FYwn*FV`+E&v0ME&>{G^KRapiy_-0pjO?j~UDwnWPiXCD?6dBZ(ZKmmD1}1D2CiaBE^%@`rfWK!p-$4YzegN}K zj-m{4dac;iUW}i4bkl#GJ>Q7$VTLdDb_jnoUG_p$$wBSCV_0nq<{7f>v~aiuQmU`k z^ANCiq-e1hqODUX5Ci|l&oGjkfg~}pYni|;ev|Ve^uiZ1Ba}#DScD=ARQfgNj&$^^ z^2eNhWp=$iZmjOS7_c~loqHn58MIG$Z3JzRFsE92`k-0?i&aDiz82HI7XeqHDkDBn z!>xzK>a=lvA-(nf`yyxeLP-lufg&_L&%vKo zM(U0+ba{4+7h^4Mojl`%=n% zv?QhhSctd+e<=Hj#vK0s_7i9DCEAF6d{@D|3UNy<3T$b}1TzU?qi@-2sDSlgEW92S z&3jzE*r5s76GY!H(BfK(rEwP3VkbK4LnJmhL>a6xu2Fwjf3 zp%KrctOujS+M$H`lu&Ep56;4z!NoS7Ph!HKI5FB%oAp|}#5NM_=-DN}NRas}NMhuD z$s8)cxA0ls7lVBl$w8=FGYh(%w2od(gWbbn1>95U-&S=r92)Ayx1Lqmwy-z=lfC3p$D# z)YegLyS_>`8}bi$6=^NJ`4F}p8zaBs-Kt{|9a|Hi`)LOObQN&X5u%x-vy`a7Aasb1 zh6F%OkmFIv+M8XpUQROj2j3p2Eiz;YBdsuRk_5S&?1=?p$p;3nrn zl@os!viHoj*_qq`>$VFM1fXQ}=_Cvan!3u~R)eFyo>6@f)_vZOLv+Et7RwQXAF`5FQ+0`K&% zBlVqDsF_EMTBlH3-()`?Vx9K*YMl;M+xO4CZ@->5UdVg?*KPWqgKFkg@t(6p-zQAtw-qeXdLHrBdM;NR z|0`>+$Gu5CcT+Q;VRzw!H25A@yIrDnTl?*=)a~Aaei@P5sIgRnTt=@0%Bo?DZs#i#;4Fbbte${3(# zP@uF^xdgKHXq;@(2tl?UN9!swOFu|M@rduGV37(rFf~)=o_$Wo+8~8#I zj)GJjYCwdORDHfv0YfJh(?xTZ=s}S3gNg{64m` zrwY#C#25#5720<%p@>VgeYl0SeWBPLiN1i=0gJKn&gv%(sOsZYq0&!mlhzZsT>o=g zKXBhhk6`r*E&*tpN~>d?Dvy^|AKhPCUALjMx-F~n!)U3rwiAi6umdRDqdi#9(HkYY z2{j4N)LQ;SvolTTj`>$t)C+kMIa@>!iBtPXo83ziwtSHU9D)f%;0 zjT>||ZqV1b1ox=E#t*a_g}NGr`WhESpFv+^rdDH+uErpJjSHf$LD1E>L90=qt5Kk@ z(JK0Wt*_ByP-_g-)flL+fiS;E^)>3W8u|F^WHn&!P-}Qwb41_mR6LmZ*idz6sv2(i z;?smJu#ekIcF_`h`-0%|#YKD-namoJ@Bg6n^lb#8f)l>?DABi?a3eV1ielJ}i_$y@&)_}9rMj%%|i zmn3gYta>}?ejw|n`L~FxhxGPd0&0@FN{uP-O>FY?i;MysDfbB}XOUI814a1MEW}VM zltq|_SS`b0I!_lVqu_f&T3<6r7Co8{O2DukP77A78;K^J*l_*tq71Aam|mR`WEy;F^_GUx>Pu#ErHrIfarH;Mh$qvfY>LhTJsaLzs;+C0s@u#9 zCRg~;Q-2f`_Su4CehFjZ$2Q>tFypMWtc`p*;z|LzlY_(i!P_Rd*Q36>Hwa=KQ8cvC zsq%I7)=Bh!KpsR)!Td?$nn!KMupTSKt&%)cQN&dohQh3F3Jtb(z*)%bCfzQ)iEWXy_=2!*dM z$j)uj%I0ci^%aNeD-Pp$6M%a-aGwP+IkL5-av-6Ju$SbiA&5W??^_CnEnJWll;Fl) zgs!OJso}{%I%RR6CAwW7pT**_tPPddki^pk->S@VKtR~wh9zcMnQGBuq)IW%!2fR( zjV9y^-|uOMG40=vhDx*B85rOQ^eJ!!9xcduBV!Ozu|3gi*!_aaPJG9{XAu|v9cY%J zj>{SreV?*ukQstQ=~Dpw$pM~h^KEL^va!r(rhGe7nPX`m`xcG)aVq{WLr*kgCZcv$NV(<1V;fVstzD7@JFA z;t&lJ3s5(KQP=A$4U)(Rl@T2YTx6KY%W9~2eNxRq`kI5KH#ss+$Z-aiTAW2KPHR&o zwwCA=&J!{gQ25s5#dKjyvr}2B4$p+)MZ2@G`Bp0M#`own?ovy%uH+m9T<%>+QkYZd z5j|y0axenEf|;bH$nXZq!p7Jk$k?|pm=6hi+AD@l_;D-!Afn?vGrz*T(R~M{Rk$h5 zVep=wS78o`&xT$x6mH$L%sR*Ip6Bip5X7w|+itIT^xGBUk3+XVj8E_04Dq?zjM`1F z2%FYYsapipH+fIbPgGBWk6!iEVC+keg9ba#;9x!@3)>0I3=ZaW24>E((;Uun4(E3F zSeD2EEj4(X0O-~@pd(d4GcF70ItD1*=%pra)BHqry}T`KcLa)E0Xau{jW#4aG1f-W zM^T63>LLh2AK88T7IsCzO@urmiTlKq{oZ5rgrVjRys*D&EQmh$1|G&fIt$j^R5=Po z?lF3gWrvPk&2}MzvCR7<^95I% z%}=>sLjh&0Q=9N_U;@}q$a{U)NnP_9M&p@V$HMPVDe8b( z>Dc&itaOEU^~F|kIk_$)X@U#&7y?-lq*{B zzibgL<@uszMzL6gK#D*q0wDb?rmpCDS{kuv+B~tyUhWJ$Hd}qaLiCdYNe`9P#1QNer$&4nmYd}1^}|0%JFdXhr}K1XxLR=XA(xieLI_+{mQi2KH$pR{7k-0 z`3t$MG1C+q;3v%wFtUJ9#a=2F+RMd47lIQ2N}&qXEWkT0A23@09R~VO3ILRqH&}de zu=7s`6NC3tBJ)FrcLGeZgZ`Ku*=HHfK#)fxt3CM-P|N8$d!BsqViAZEeFQ1SP%L6? z)cM)1aF zA#W?T+-B1G*K(HJAbKezPz&Q^mSh=0Og<|QBPDrrmv7gTn(RuXic1iXS1B;mp-K)1 zfo*#c@z7N1N|sO$atU=iBvc;TAo@OH%4f(#&@fz#4kx;nkY8EGJ(O`RQ8+HmhHQ{! zD5I2xH;_Ek5D!0N zo`qhfqUObd6x6&0{svgRyE!P6?xl!Vxtovz%Oqv)#E6DvFEyZs%bO<qHnh zjmuw1x;ElPR~}{StFFghbvO!04J{$5mjeD#p#1f`5YsPZDC76`=70Z_~KU4OJ~Qmb)ZuT4lAr~vu2y@SEF|p|+?i9TV zKMhQ|*u@kDam8#(?ule0Qy>~_N{FS?{#UkZvwas$Y3nf2{}bkBIN%)paE_-ZC#B$J z>~QFtyBXua26bhCaSW4Vc1s=GG+4NU@v@7^m&9(Dji`GHZm;DI5P~Tr|M|zm`XarW zO;!jS?dM^h+gW@`SN2RXwvHjORP?57Vx!v!>9)=*k7J#-5zVc++r&wWBXD;PBQ2fD z^&jY>#v<*0usIfKHKq_DUXu1LjVJmpqB{sM?|Bn*z1^8V0PDOpEIiQ-%mhTgis?@w{mHK& zcMB0p4KzvFV+#a{zlNW@2jD$V?^*g^qWN3PB3c6Wa@T+@?h=RfU-NIkS{80tdVPG$ zb@ud6oLj0WGxP5 zZ+Lt!^!on4M-D(Ab?76bT_;1q=c1nfrVT_#rPFVqM-Vm6!#GL5xi_Kx&)TGm-&K_$ z@27LrsK)9y*cNf;X$V5$jjGo#?7hD^rtMty@NvA+^zq$k+CLRk6x!V49to@T; zuYFeCeZ8t$$boV;j2`jdIcjIC@8hwW$=xt}o8~>scS2VoGv`~30m3dC?S}XYojmEM z(>1d7wCKChsF#BmUaJbxD=4xex+96-rxTGKX+`8oUnnB~!w?sdt46Ru-*ysmRsRTS z%k2eZc6^G)6PNLq7m!ZZhaxZefX_#-u2_|JyrT{OSH`fO)%u zma*t`k+RO76w*N1L6%p#;!#$btDi0v+@0k5@$Bpv;w_aHZkx>K7Me}o^P@ZmqTzP- znUTr%8KQ^kWfO3OIh6Mu$`0tX6ojsdsheT2Az~OE!sp8o+stHE(r4d{%dF(Y)J)`S zwH${P&R=@z9fE0YfhxFe&;-}J3gVJ0sSmb-cB1P7C8_6lMtESJw>(Z9cX1#60+-7gvOwoUq39*kALlr1?DWAYM<-Q-E$n#8xhZdZD zB+M${?qpFCN_NE>kPESb<_f;k=*=oVkc{7=&KHyMnUY3EDevEOg8tt%LH_~;R6~%@ z;2Q$-MH_%be{BQUkTWf12UOCD2fHyX>WjWVYBGL{CgWR~jIVA4mds@QflS8N;Uew* z6#HhJdbpUpKNIssLjQQ`19L?a)gQ^8-e3}piv~(lX9{*Ko&(1tnWKx~l5fdc&{r+O z!>hyN=94c-Es0VAq26XOK0IpJuzHiF;@git3_DsjxqsAZFiw@SS2bF~$8IHZFsrnB z@eCNANCS`qOww}(JjGJYeI`kh;kmT$e*obok?+#=|8yLfZsPK`T_^f}1U}?#8!P%I z858)u6W=B8k{nFIItpVCEXj3{yNeXaU(@SFfxGi%Ypb~8SNKsqW;Aq=pON`OgEDh( zckR4{vKO)|2^fPOfF=^{LMS(DBycMSMu7Od3)o@cg2Ut4F4 zX*AaR^UgeyAhy$95{u@=?e7lZeFyooo5hu+FGGNG6}7-zI~sv3miZ+Jl7P~7Z33U* z#Ty1IX>6mz+Tc0kR5nr=QH$X27ahsyjSAJ@hS8CeVO`YI_I=ReC^&THuc{tn9On66 zvm=s%Yn zCpk2&b@tNudU9nIQlm3yFXbWlXsu*dc-N@JqEl3idPIf}XEBP3rI*&R(`|WEA=KMT z8O*fC0hbdJ9ZXFO`CagSx)eK!&+u+{wOb^`j%Ar>)@Q zLr_QrW#lK>%mNGgF(Gu&BCeSRtFtZeummrDAstwBnBQ}lH$x_t)dhzZQ7#7-!?rsM zMiJ;vvsqj*?X8DLk`8}-11RTed+8V>?IzJ*Lz>&_SrUfDghIj=w%HJ2z|=WGJ5#vo zE@;t{GMU~%r_2A64sGl8mndSGqEceoaR6~f6LX1KI7(v_Y^3QQmc zgUBo91d@Yg3Mm-VX@>5Hf-wuG?P;@NL@tLBxs)#fQz|g~(=dz(AtktQS17-cDm3U) zK6KKpi>=|w_p|-rs}kBHO@2F!`OV|0+we-!<)QZI^5V!VMVH8A!2LGU>=>eZ9uQX> z3-+5fjOn#tx+-?oJW5It?JGg)Abku+k;L**#i_`BZ% z^LL^Cd-^+GdvxxD-+FY;-1*L1x{^$tX)!S$A7}Fk$QIs%&yb4c*`|{XY;1|YW3AnmqhvmUK zneVTKDRHFY!qhxyQct@3@kRQlp>(wn`Bqk(C51^Q3YO*SX3qa73aBC+Z*#$w4TD7_ zgAv91z#q=Rcaa~Vwd49vf=%`AmS9sb7m>ki>Ahf6Hh|}``1iSo%hnI7Zj!3Ug@ZmUTldVz-moV)(Rs$t_k>4$ zH@?wW*?=8h`z8nZ@?pu^NJV^z19b==xscP87DWL3(&_43;iNaLqV8`Qn&nxv6(&ka~Z8?djqMl#jYy@8q#5|=tC zd?fO@kdELx1JfXOj?;+#IGE%>`0+)O6nKm81o59p#D5%!zswGpv9n*wIFSEw!|A(S z`OZlE8^h^=R5PwL@;xTgo^u5jSirNbqJK^^5s`Cz4HjSxnh>!wKVLup%uKlE+q(H* zU||!lh3s54lP12+r7QrK^5k=h3@#xV%YdkISv__z?!b%qTPxi6ST;(hyYq=Aj<(QLytAESBRm zoo3MFz$HMFE))u)d_Z~jd(}XYB^vq!W(;YE8EoB^Gx0SCYR`1U7koS|IED=A(w@UwJOeSBz`r&=zH_2Mq#dergraG0|G0}RlKq99T67X-<5LUXF zN*71J=YBG=Q%8#JcKGwtu~Q$QBVyjgh3MzGEzB`;h&t8X0TbThY>pA-ImVcR{hAv8 zkBH;1vG=Ipj%MkfM#`_(Ez^~(k?WC;*XXzRv|pn!4(on*Rb17`A+kgd6cp{L%BmjI zYs1o_#Bi5g6(>yOKqu$oU+>0n=kxPtjFom1SDSjNyfnLdQ7>VXJ5OtYuSv-+A~%_1 z$(d6sq$M7@l6%8%6~|rEj(|+oS5M8QLXCj!xZZ(Zw52E7QxPa(1EGXVo}gM;C= zp)|>e7<`wmq4HRDswdaZRIWf}$3d3V<%b`b-Zw*foss5}6Ycuwn5DGZ657Fk!l`@( z%)$l+X;;Qc2wApUD)7xtg3;CXnsF0cN~LVCd8+)%*~kN6BM*$R*LT?=A%HX#ZB=7mqFU~@KuDdpiZ0>v1(LnT3wx`c z=M`kQjQl5U%eZ}~onP6O)~_smfnPb#5cexr-57PG_>`;iqPL~`lNS`w`e}af`91Ys z{AkYvd|Eo)-{)<;V`+i66{eb@=nsY{cY${-h|j}wMBiVS-a5e)p*zLBt+3)uWnX4` zK2$>`oXQ2T0;npUfvUNg?h^^Au?eD|u6iOx#&!H72fj9y!sslHw24``s!9 z7Ji86F`3`*c2vD_)lSPac))lkxA(z%HsBUX4mFX zaMzK6{#s_BKhJ_9&JXi+i6N@>T^gmoH;;*6v&SzGQ)bNu<)7!Emyl#S6hUWk9PCL2 zWie>CC$G+)4?eh*C|npU#S+fFm+h-CGqvpvub&K-|2OtX2l**UK+Pf-C3z^hgK}0W*f0goArKAW3HGJz zXdrP+vZtwGN$-^bsysBK;+uOh;Tj}WIdDJMS64C?_XzaWx5X8c3~_z6j4l>a-i{mq zd1ZqS+@BwzGw^&`&azYM6Cm``MVc&>$>l$Sy_|vIBkLh?1>Kc6zIxI185rs=dRX@l zIa*zRwpKR|hW|-2?*|@-+IJ*E&;KEIlvGyOcVM#&(oJsm9Ll4^U!s3AIV510bq2l# zA?*OEWW8uE!7(BBAciyiCn#FZKn2=>W5ete4yxgZ#&VL}T=N_P6irkne%n*6O7%AV zgYH^W>j~rPO!=JI+ARVv`(@bPYHe=l2MooGV>2-;G{U>Ofc)+2` z3K`}pd&$`!STIC^o;%kP+vHxTVrtc6QuU&~85@>9qN3>E6Y6qAMbSJbP_zp}k0q9p zeGzgxBbb=I4E|o^W2URW0BeWZ!V^Zl7=MUFy4~Q!k+)I7^K*(ngZi|n0EVmg&AC~P1)9hl3n8wV8O$> zEvlZR2~Nf~b>%>-aas@X4av{UxRe9o-hh+`40qY;7S8SY_pb#Wm`O=qC%Ko!|cLK3=$A9bh-qvvCG z)Bg5w>rQsZ;Jh&)|7SAd@vv=Ci{AH5frU;htc7%*4%@7!>iZVuSRM0yzet>Q$Et+C z`@Xop+l60~+xfe{A+Emra{g}4G+4lhw~qO|$49=ym}i~N=S`(3Z*XKX&(rz6)jW;2 zGXI{=|4qkfB6%@Y>zJ0~v<~!W#FHpl=w&Txn%(4(P&lv-B;c_2Y|00kPmrCywl={U z%BLs?;>TV(^?>*Q1aV%#B>kEuDe1f?>O+7->2fB(vGWg;@Uyg?1V^(tLnp!U(9KPf z`Q7*th~;duC_wW<=c-#H^+j+fAR*p}c%Hx*6{X>$+ z4JpgQ?N9b4WPI9x8>xmCGF*&BT6cm(XKl34(=?FExat9;6X_Isy(7{xsu@~kAK+|v zb{i^JDd!~HA30$gSBlOjz}_@YuR$WrO;X0;-#3S#9GRNN6{qQFlS)HsFXroM2(9Av zcBqd1)cm}bc>ZaXC1%>W!uSRH;?fLvfBm?x=07yGOB~ga+SSo{7CBk}s*USk?>Lou zhXPmjofgOFa@e(aY?cN)qjz5vq!}1(~a`0G$y;_FRS8{nO<*ag2jbC<9 z1D+NV)$NFbE43izFxdBR7xFWtH~DGBOZE~3K3?(+j#RLa@AmN{?C2tjh(23#h{3`> zYK+1PqK(m=DgOS{@PqN`!Vheh3qPPRCpG+_syOmpc7I}0^g&hc2!(j31Rt!Fh<>b7 zk15rOUZN+OdPx*GD1GE@>AT<_`9YIc7WTwIbkzVqx!9?MB?QDE7~uvNl#Ay!)*doe zZ#TqCXfX+F+G7p8c&yH$Y@#Xhe?-Rs`$J3en5*9?#(Wt(U7gCFM1j{)fExAM^?r&oWz!m@qxg2E(H3})(xUz1@6!RNu40F3 z5F({sAn|v>X@wQm!%qBMN{$C3wH|viM0)8!M{qILiPrL2?cVX!_u`dWuv1z?fw2eZ zr=ysHuW|3SK6A5MB6CCH4{v2B2Pl;>`&sAnpR z+ro0N=>19vkKQ+^kU{+ZqjWVrBD(0nljwH<7i`K-6`3f$>-|3xr)L-;2e69D>BwMK zh^@6vd7hd16xU~RU{W!<85!UIAo677{KM@m`Uu^V)SWrvED=O|ezeajE~S%<=YUE4 z2jl2EOH)4wsHH^%08ApB`42*sEfgU?mYr|@Jtrtk7noVV4`(;b|69D{gUp@N6n=XO z@g%i03Pyim3ovjYcmx>I!i2=Asc74(PKY{GTVUE}VsIec!4tUG;$<<_6ebTF!mP09 zUrFAsC-^}%J~J~gzCAR(ub3Um1*{CzX;L!nvm;L>4pQxnUYipCsL7C@G6Cs4>|2@X z<0oHkA3ur6k8~lF&a@$vQ@C}T!OPIX4L%%aKMbfH--^Rm+Pmu#!&=PDRYQD<5C zK=enUS9W5iW4bEGzu6ei7yV{-&ET}zI!tnsRMLXk2@)9$yUg4-J;vzighWr*h?5B3 zYFAg$V$T=5G7BZXUJY+kC6r=dw`XLHeO`_033$Kfv0Lwf&;P}I<#c)NqfHF8Ep*qd z>MLjWMmUrc*Z}$3jkt820wqcCgVCPQCp>N&cbC7&p4QapI#4R4o^_-#NvqBDu){pj z?_*J5EbQOzi+M&NUdwYUv@LaybsnuY&nRx#vx&JGRpKxD$$mqfjb~>hnI}|5&tuV> zlkCHYU#0lS)k$Z1Xe(%9J$oCHLSIkts9#ZyjNHOZuSl34H@!|EVXK|sE+ZQDGM3k$ zuqbB4!IFWOtUuA4SlFvRDw1M-qdi&VX;M@q#rq{JtaK-^w{?^{YCgpj0a8-Sj$}hL zgV;kugH0@2ti^|_=gYR~&zEf%z3cSn%U-8Sq}mMNmg!>r+u8B?vdQhwm$fxj-ucDn z%S2x-i+$A2n33=iy*b?(v#FGmm+p+&2;}HbmD%Wba3W~P`A(vD1Se=T3qe!0J=k4( zMUYk-ARW5sf+|MvQ8flNS6pGHszAPL)yu;*x5h$MKAk&^X^3-dHSzna{-|5T-3iobrs#W;)x0-B*+pLwUCQVt zIf-siU{e(#&hFdhxgJv`c{hF}d0VaG%7bKlT&G28IK>wmMK47?za*&EVn6xIDJG2` z_~gGNL@0C6oPlDe_4l;#t8PNn(I5n+fWAEYX+oF4tW&nCa=bbcmW#Cj%d>|!<*jY= zwiv~gWYY&h*iMw`LDMo>*b31y*yHKr`5Dn{eEBxMpfys~292ikMV`lB5h~V|XGEvc z&7Xfz*R@w^JcPV~v| zvgV#_0ZD_zz@nI&yWRO<}iBaZHz#cVy+f z1i?f(9)5C2bIcZCxi%=b%6Zv3tA)R*6K}*f0G`iiK3LBJ=1aDF$dUZ2k=&X!b_4Ts z(gbLzFb|BYNku?ExyS5EeGT)jDy|l0P|!99Ec?3Ai>sd_bSC^bL*clZB6h{L1u#nL zrN%Wc;A&A^Paq5p3+3{FMH*^c3uI;SLR$@+G7dqKwZUCb9$#A7vB%t5K6p*56#-HE715!xeO;U~{|A`G4 zmj^oE8YX1P`~g0=C->q_P~1K70-2kSCF%C`#G>O?6uFc1e$>+3!nRMSq0WzeqHk}I+Y%**JI)*3Nl4eYOcK8mj(pH+HBqusndU-ShQhZK7Q zJEWr88^j_HJpoWi1_yR>Y9~DzfB?BY;FO~8pX`=}w-Em(7qyDMdM258^61@}V2{2a zdnMaSYV9T495B81AdBJO1vO7Cgdm1C0k7%7ld+`)Mf!ZRAF;0{hOZ1ZPQ^`$0pIla0@ z#f%P^TTusG`WU$Mkt|fRnUC7cZIbd?a+g)l&=G_>e&LC^*{)nn0ci!@&n+#x$lRlg zX;8~9vZ-Q+k0f^06=hQd@951150+pKG$^BGstYn# z6U_PNScs;|*~m1hnfF67I*K_ziaGy8m7Ah=^I6rnOZUUjtud1MoLxDq)32E6whRM& zQ0M=UNa6G`}%?^*=}wSsbQU-eA^jv6sYN5vXb3Skgr43N6^b zK$lO24q7Nu=7eP48kiPwgbozSp+h-N^F|r}v!`+Gh{CnEh!#%{2Y%Yt@ZnVy20trY zeZlA{Rv$CL0HE*YF#+k1B<7H>jy5G5JY+&_NA@^5*lHwTKd#uS z87Th<^2@Shg|hm9hG^uR?4aOs88In`@znHYp;V;P0!VVPA}U`q&xX&Fjzr% zl@C0Jq9wc7wV=^#_EEA6+rdT5)jpU6H{&6V<*`tOaJQkv;Z~*NKO7Rm2*y|!)wT}?L3*~)!j;Mfi-Svz;PSPpghdk(*ov*S+XY~)u`5Zkgjaw0?9=-y$>PNq-KuS znGKGp#+3tPU*YC9Pp{}*%<5upMLboqy`8xxh(E@S8@1wcD=|p&PjKVGdv=8$)$Clg zkDZ5>W7|c4C(a;glH9`_*1e*aE-iqfnga&;J4_NG-&+*b=Y@3gRD|y5!A$bmWQOok zFp+(cOB}PeCb(e(ZJgVnCL92xdI`+w6?6zn_!2nb*6>w-p_N&@6~;Jt7G~`s0RASh zPI^S2DA~sa97F)|M9+Pg(QGvWdL+J25MU8^XL?%}d5Yxvta!I&Idx@ufUpdbepMk` zZ$F)*jxdXdvI8uxEqWb)Ca7eaHm(;Cz2zRNW{Wj%GhUb}`)<=-eBT@XW zVKNi28VH#LayuQNi`u?@`)aj|?b}wnh=>bGz$A#uqE*0!;CjcA8c-o&%lH33=ibRo z643Vb?f3e9^81mw_ndRjJ=;C!S^m%S=&gK85a?p_vG&~Ilr>_AE(FQ}=i8zzw8<87 zHHCaz^`gQ0tfAb#3$fpy4h&UCfKu$ID zNra(+Y&w+cum}hLBC<*PKcrl?l2X5jM|6*g2I6JSLhnM(QCM+2IWXE0JbtmZMuK7m zj{|P{H+3~mt72%ZNKoBgO_wjq20DWl;`uw<=j3`qJsIUR9a^a#?c@AYDDIiEG@bFe zg^KuH_;5SQ(C1V`YWg@&`^+rXOnfFP%x)p%8g-dW8tj9DZfkIXOnO(JxjY@9rYbBF}#dIrVNY}TjWbE)-)fv46IGN?O zN42Uqlzzgazoq2MsO@wR!u3>lp5_TJGS!{coCT#-GZogeL}4w*0uPTOg`Ac3(?s3Q z6g*4~=X_IbEvtv>oqFiB6^OQMLUayFnW}0_?Kv#UN2#d>zaT2ka})KOjnr?x#nx97 zLlkLC?oPk?K2lBQ(o}Gcu=rP{;mkHQoE^L?gk|2mgC6^9rI|Q4F5bAJccc*dORah` zRhq%pipSz-UPx7TJwtTqXtj zMSjK-G1q<~@yAjoK8C1Ff-tg1ssN6G?oDd} zt3H6gVpd~kf$7@1RGWFSE^Z2Vu|sD&Cu@;O(5=WX;$?2aqW5L)wuRlpgO7O zgQPFko{c$)?U|O?9%Vytvi9`ru06xz+tYHdw8#G~vn}JqA4}Z(r*(S&#(U%5@6YM< z?#&(VzAxW=_hVT0>QmOLT~JG`_3BY?=o`ds`)~%Vz5^>8M=_)irauv8>QSHm0T1Xw zC{x-;3GcHbG!k43jDS4S?jIm>`?l!miFks1=;7ub?DL@{bY(^ig*6CS4R9?#lRo^Wh`cEWt4^kRsLRpg3GSybUZYF>Ty4#-tN=U0F zp9faE#b?9Gcq;}vz=-lqM#(SQ+o^8XUp49JNy?41VSkwNyEg2{+Cy@+VKUF)WZck- z$lr%aP+>Ym1?wA6o~xX%r{}Z~!$TM2?k~V1%J5k!db9(~kL<_h^v5r3|>&<}#-TtOTD7+ynp`<^{194$H zfU{?{k3*mR*d(t2qVD=u;`gh#gQ87+9jHEJdABh*-C*T5_eo-D4 zA=%N%pQpWL>4Se7$J5^S!Z76>V=dWT`@zz8@Fn#a7kI-v1+uG3I(`v{4pEu1x4n7w zOM7V5wep4|$y$&h9V3+Cbm``y)b6^OjUG;H9~a1A*CLKqwYIsCoqB^Y`T?vey+!iI zNFLoNBnJlY7#L|D1L-&hM%pHWHr3kzNiwJh`yIg?SRq0SXmSqql=FtDdqx}v(e=t< zRLGNK03PJquCF@Gx0ywiGlQ8~k>87f^V{rS$+u>JjO<~XivHX~oCA0yCOgfhOqJ|p ze&=9zCI`-wL8)?pu92LSU@hQgv?GscCg|{mDcy97BlQ}i@**hZi7VOqH#ciak zp5VtfT3pdIpBbT}Fl&>@a9fmTqD%kj!I(>bj*nC}JIfco6GCWK`hvFlCn;+32XY@K zjd50OdGAQ2SccrqcRgkU3+o@^3AO=_M)w>j(|4n`W(8YwRfD=;(Np~zKT2UV_cRHe5?YZi2F>Elre=k>E=k)GFxgK!^>|$q_A{_N zIw`Quryus^eV|p+{i=VWRx^uMZTcZRb8q}Jzu`0DiaRjSjO%p7_%=>gtv5;w`^wJ; zAF0>&w(@3ZygU>*U;PAIgd?N{pBn_lhX2gycvHmK)7>~z+ zz+?stOsJUCaBX7UG^6L3J-MVwiY7FP3XxU3wkmq z#&k{Y7BfB}J}yOPZp)98w>CApwgV!r?}%1*0K-9=i~lm8{;4nTeTmGV%)n3Yh_~R& zQ}GtqFOTh06|Mmt7W?lrI)XKrLQm7$nBFrk=*v0S1sWO5%d$j4Y&dPwiybfkc~vuw zxE>v3h5_rlH34zVydRl)eLmbGOX;-dN0?DXGP2F5##@!5Iy#PCY*n}71*lWl~Duvo+wkf!oaIVz%~tIK!&8=7r9kF!m2L^S+;uhw<8H z?2x=KCV%+O63BU5;^n+pR`XhnH#1KrD2R`zVo3|YF5CeQvqhY3lURW0RsS3KL3e1d z2eS@xpfA4B3pQc}YWI*To)w;Y0s0Zmw%X^jH*2fu4UK2o5##*l)S0HDYT{hO5nB2> zcAcK%09%*)o)LbfEhmjlN7)5TNl+j1Ta z<#}Ye&(Xa0hLSuSN-5w?dPdLW?GRR+iL0`nQtR@|m?zFOoDNs1rVsw8BD$pMSJgmRL;{gj(n70Q*2F>oQfjr$=(B!{#R z>)NBgMq93EzPbOJPHON)wirLE6R9HCtpv9e;KGSKaKf>a2<-FgDxTv znKri_ji1*V0JNnSEh#`FLQ-};NyWUDvTs#P&EL4<3Us9>`fR%A$5*q%INT4=t!nWR zH8Ta3Xw`IM4t@xFJP_LMEF$xXv-ANSEM8Rc(GYIa>DYLeOU+*I(WG%+!$UX?lR7eC; z6`j#V&zneJIQ16+>XL_f7Q_NrOhD3k0M>_n~dZ}`p zD2R%6y*uNvFHgW@&*%=1ed#Ii*edYKrZ_zI6x?=$$Id}=H+bw$_E<4=w)m^1>x&SQ zsel&$A0jw6o$6dAQ5bGe@>OyT(*j)Fpj$*AFpVs-a&15+`iMg}DCK>g?IkY@;h!0i z=^5D<=(kC4WzGI`I^rNizunk_4QnhC8|Ucd`TOHa243|}S&<&dHbr62`c(sXZndgb zjF#APy5;2Q7Sy7Tb?U{bsF1I9>dP}b(OF6h$udzLYum22)$ej!ox#PFd)4sRG1uvQ z`$^*YmSs9Wb^}MJV1iy?QuAJ_nb#LmAj3aNtC=h)rL3+%QrH99ihSvCo|oX9op z3GS-R{)S2|QhA9OW2 zDu}jtp~6{n{T8KJi58o1z|uSwd(hQ{2dw~tt}Ss-Jnv9JFej?OgJwY$chI#Z{;B8V zp4zH(HQd_RNRya5jlD3bxm$;jn!8mn5VZLX&ue0GL#9a>;vsV#V&1FMDFOkXKN_ng z3oM!CRs@u_zRhPpQFa#S+Nm2?jKt>rquLm`NA}X>VqeSC_B+COYyo1_*jo-*ILI&K6K4A zQ#FVL@o3K4it@h6_((I^yzqbl{L!2{Py&+kTY<`%x62zYZ;B2x_1Tw(GbajrWEg+y z%|ZFQS1-kG(q>F3S2{|N%4d1NRfcAyi^Ib0rCXK%IzH29FvnNMEBaUAVj-{UkJYn2 z-f2hA6Nl6xZ>q&x%=C|sBb^(QLJY6m%$J3e>PtG*0SMPo0$-{p2hIrfcx}U z@~Uf~$IgG9 z3gHmd;`}je5QgG}Rz zQ}|#AXwf1fq7z&$Xse4c85aC#msZKZfstwV4BSYMPGnw_i95+5cgcb;A}H9Dz-kWY^b zkc5?dhPmiE5q6PPM-FvE?qL`E)zcljn2D_Em8PKnrE5r%Eevv=Nfw3=W<+wtz$HajO7hEbLOZ`B;J0R zNKI=)N#z6b8T;&DZRsorOJFdT)a%?F7yPdC{J{O9&E6?b6Sej^~bX-kJW z!!spat9%V>Hu%BbVB^MMdk?L$Nz{webM<;PdY<;?VuyBHZLzkb7BbV@`-C4If!`BN zxE}BWx&HWhTo1cfu8VgUYpm=i1}G2qHCrX{~Jh2a|igkQjAG?qxAS^g>Q zg9BO78OmCpVBdq5HL$FIryvApvoAAamizIh!DVko#)@gy4%NZ_3eOy~Jy!jDvYY3^h&sJ>_5-+r4iwLrJv7K#QEK_<;TbPcG z?arsvCKkVkP4B#gc~pGvlWt%B`Ktf)f)$|j zv?agR^1k_RR*cfCV)3lZfgOZzb4V$`mu+`zKjs>pto^t)y(yY6>3K{S@0ybX!%XAm z$zTH4#~C(n*M3+VO;+)=6a5eIJQ12k!lk_|x-(L~chEaKsN#}Q?hfzkEk^jnuoz;? zBybjOQsyblJ^>brD)Q*_3HrJYdMCHyP6s2A2~~(!;WeRa!QtGL>$88Pt^T!$)o&l< zvG3Pb|5P^dr4ZI%Gag{>RBaWVxOKu~$z!(*o(Ia@=1anIvO90|JF#v1TvU^1Px*L0> zci1|p=#O2*0Z+2X2KL)1-9P+f_F8fLy>LaR3Ex%scB%>`V=UW$a{h#m8+62N3N*>1 z2&?9V{xRgqYH;S{CNWqh0};RW7YbRtIR)gKepqn^Rmn}gO*_bxfeeh&S4`q{hf^nyvzM0*K6NYHj-$)jVoCA@Smk{MXd0B zW?{-)++o*tyk2=%0`SzWLkHIAvV_jH9zbNmY2H6^Dfk}YN^j+73%G*U*5b~4*<%A_ z0Pq=oA*47i0A>QsZoS;VhfJgq4P18_r;C47S2MnfR`(RZhcV*kAwfVP?(niKao%L# zTWWFOk4UxwYlG03ZXpyUA1?J|7H zO=^{f(+W7uvRFNOt?~9jS+CHaNitOM^~Nko!;FkkGcpT58vrLxGE(=OIhU)PyZ>w{ zbwB(letoO0z}yH5DNSQoAP~x&l9zDV++oONRD3rp$)Bf8j*BqHwCL&~!>+3>D7d*$ z?GdIh@+wdU6Y_Vu!{yBil-Z3vPKQ2$^r*-Fmj6E~yut@m2e|-gK$gFS2HBNJEokf? z-Lck!gDCM8^an-V3a=P%uqYl0(hSb3Hl{?NJ)B6kAfmV^vP|76Wx@`nOgLNOjf%WV zfFWcYsYmcC4yvR5Pn!%>qgF|$f01*QLg8vUoH+(n_DkgIr_3`H$Z_FSqAMUax|zBH zxo)rLf|ue|$4;on!EV!%e=Yu;3?F4q8kEf6DMUSnC7NwE#Y%M_sBL>h+?1H|0I@f1 z^4OYaRQkF{e?BJP_J-%%eEQ3tyiYu~t-ig@mxGKC9vxYFGurFF9ds(% zxu6|%{X2O33AC=Zd^DPR9DH_d`6xVa477aNG1DDE5A?v9@mVwr87IK2M>Sj=55A{a z)IX^Gig%{r9T`VWNyQJN89we?psy$q1as)oTulJ9yYrqmr3kV8J2q!&6Ts5CL-^oB zcZ_gPfd(Qk0LQBHqm^V;0O zwh>xztH|`*T>1e=-WCs5`r+*W$O>#@HHotOkYn}-RW zpDUhCQKL=t%I$z({>@|G9C(et9b;SlOA#x+>7l1Aj!@v65r>I2x8cKm!;|-dSC15{ z`p>4OB3zF1V|gxJXC~ETnYE*9KK;1I{zBkYkNzTt+#K(!PlclbxeL`)UPP-oQ$dXv zd17j0Xf|(u$0U=}#Uh=7<0sB(c4jtzQ>vOJP)RVNEB*w-Wdj{o zRFgU$CxN^D`M`d>GNoj)<&RKXmodF2b3A@Mw&^wA@ity1^D3EFDZCOb2IXZQ`|iMt zZhcX%L>FDIC=&X#Fg)S@sU7RMv^O?us{0on$9JaIvd{J@qY0p_vFT&3=i)&EP`B@+ zG~Yi__}(p^!#jMoeV+E0@^?!6u|}|XYErYsUd+A&WI%Yj&0~KRyjb9Eul=b1RtqCs zCx-zAyz#1tqx%kFA?)%5o139~?CHfaM^8X2)w}X{7O$Ow@g0ai-ho*&Ky+uf;BRKO zCs;qi2aaza2sf?zGl?`*mh0B>5p}Ac%s9C>Ke#u3Wc;wIe}f02JIo=t3OSKHq!??P zsVh`q0)lTx?CZ*(o=pEy7*p@H%CkB9y5}h%Hu(swW}WhgkiXM7H;0vSTt;w{6MB0A zK2@#i2l6_#qlGgm$#H8lcVK;{DJ{1);|NF(EYZ5iRPD$0-f${y)04p1B$EsuN^kUa z&DaRNIk`lajaPg(7?)^<+$##!n^Wk;pIqY?FXL+n-kn1x)|=z@p8=7H^f{@*ZLb5@ zRJ|oIz_@uY2MHP}x4sD%$t(&usB`EWX}Y`YS5FTJuz zd%|0v>eQRYw6DNKx~jJasX8<3c&G6c4y?W6g>XfnQ z#NzDx!g$pBS9rpOIHZdPVTl!hveop9@r>RI4XGzQCmF~0Ao}za=o0A2X05W1fPCj* z6PeG4=ENbHPyqDMAvv1esa|~+3oJABr^<0k#%mdkmOAMb@gh}32@=3H2ec|0|G2|f zqCLZL27(ppuQ!HgzD#4g;3^b~JcI&k^+wRBD2B!j7aE0J(A4IV3z3#0k6xDC0fnF1 zQZgPHsgmKa)Jqn`sx|s^Q6ZVHDIFb|hF4I3bVPs6e0Ak{gn@OeKePE&1CSh^`2YmW zT4jb@Q{kpn(xDdko-ttYwRP#9f6M$n4$<~~0%)WGr8_(WJ?x>an}YFPHWGL~tB(({ zkF-rn)Sq!O+~QoNFQJd#DiVp{#L@I|iVCV#Vav50UxwYlJqvx3^fzjgbtTzT8A3syH%1@4U+*BQ)SJrS^ z>90Cm8UELzkx3hvYfO5VpP?uRqZhfMDjwfZm~M+sU~|ql?|ayyqbio4m&B7)5_;RB z*%(4+Mw8wc#Yksn)a$P?aAhZF4V}Ml>+BQI(jNrdpm01dd-RvE_O*3Qz`I^!fhkK%a=0GfKG1^EybJBksBn2US5HHuZcztvxSjKR+rB!X? z6l?2xIHXU@MuMg_GLCR<@DS>$t)iFF2$#OO9w3cqPV6*A8}mCOCVi^cvAu=MKf?^I z;9p4c*LbKc_L?$#bh-#U)MV8etK#y8Mb8qkhfLoN?{*M9I{7q9`pEd+nxtMtmUS?`XG>cr-}ZNfhxC)){UPDwyX>)QwM=jc??}_ z8>?XE(br<}W}4!Cp^HM5F+RAfy<@tk+9M(#XH2DPK~!P}s*Vh^@<3taF4F1*}pJMXA{!K{9vP`=~LUjju02CEEG^=?+GMfrKD6PZqO+vDj_lujJ^fl(Bn4>3;OtCbykV>XJa*uD}+>T6gR~}^~ss+n&YuyJH1zoa&!T* zyTek(txKp9JR$H{$!{X&tEQS(-ull;$!b>|(y||?7pewvL)YvEnJ^WYPSk3dCPZ4&H9LAbZ2@+njQC#_|1o7V6SpCabf{3jftAB4M zKytE7rL=Zb&ySu-;YlN8w7Q{v4ktFwe3UK)!r3#80T^L^?;>NV&;6Rew@r2El|8B7pu!)y`4p;;( z#<=cL7w5lVrc8R-ytrr&FYx=enUEGSFZ#5Y7XuFCBAO%TjSu1%j~UfijBBdVt77bI~qkW@F+c~=&w2sHQE9rJ)!woo+Y%xIx4cz^39}nOX~^Z+0^-M-1Ssa($s7-CfB;!CsUG=lO!MlY6GY!(O<~B z%54c)3~yL@O5W9qmxPMaeO5HM7A?4dNEpBk<^g9}6}@5Y=!@43EO|7JHOc z)`euEgXNDU`7iQ>%BX-u=3~ZQP@9+@e2rXroGcMPdi0&1yn|&9cSzDJrjFmZVsfNk zUw$8KkPXeoT8MlsI?SDJ+vDTSsr2gi(nd?U+Kdhd{;m&Cfv)-e$dU4xps9pABtF_N z2~QjtRq((#c>)D}`;ubz1)P4`7nsxE9QhfiztjB3>k=T-?$3^o2l8}km~sA^ExksGt6a>f|>tBTP_2vt*d6d zP@txo<^l0Uv{YTOR$wI{v0N^{SpBBYdKVIl`~^ zNEl&P{{BXh=E{z`ZXl38y)m8<#}$& z2cbY2+Z-8<4vQYXS=@Fs0s+&$qU@3g_w(3D);jb?NuLmrQ@|WZ07iY?aILi-7}7-94Icr$eCO*<;R<4nc90>sxNEB~`rKAOo@yGGgc2GXp;=UXGX-*| zjVIKpdcL0|{lQkP}~+mf~FGA6EUpN|h>#dmP=79*9c z;i%(girhTTuOz&Ngn6*-!lnJ)8`6{?56H3}eqO7jTp9V_m;BQJal-uuTWWfegp;8|0kG9^!)q=<8L{H%HKCBq~mpm9&ZG9B%mR41vZpIJh4gDoY{-jdsGTFR= z>gF}JRf6$y_?aW7p^<9U#tRR!jRWwKkx3)eOLA4&D=<}B)fuYTGc7Durmdc(j8KjR z<9Ig|p31IN{ap>uvvR{-i|>~k1{sTR*F(zLoRF$|m3{GPyrBmbzEW-^0>%3(MFXU3 z`E|J1ki{(V@E2awlE&8bL!;A@(o~~Qr+1U^ns-u}GZLagek?+m3fNuB9OQgT6)W58 zF%o_U8-Q;53!-=8a?D69&LY&ZrkSD4NJcHa7M+b&C3f~%3~9hE>;F&5dYHS3Lw}B+ zX7%rmLTh=O8nf5lU|Ya0e^)J`vrxTOb*s901Hb{Tij*V~qT8_7)salu4&>*6#vcpG zvJ2P4w({Dcef$Rg-2Of=pzrYR72fT|-JW9Y<~NG9*S0d2a6j>6w`9v4z)1U)NF_^l zq!w#s1ManIbZ94Dk5%`cRHsGX*5WXvbiF4+$&V#*5RNRn!sRNvAW<$d+y$ zGZGOTrw9`%n5`o9>J7V=IkfC0&$W7vGrO_&=?~4f%sBi(2St5)sv?#A z?-ADqmHwM?lur-H`)$#iyAnAUc0=ThKLwFfgNjn4P<}6s5jWBPxU(pl7#_xW3e9%g zj?&o`gPwtQ3AScyRs6(*tr=Q1b+!rqz98jzB2mgg`=e-?I?ubxGYYzsXXKwsp7AZp zGooYSB^c3xaWabp`s*l^2UGiMtDg`BXYG@%-{w(Lr&SUkANfV+^HN(kqaCtV$RoC5 zfLq-5qk-!p7mF@f)%N0x#lEadz{Q4MS$ z=ru`g{GT1~oBxsV4*gN_J3M1C-VU+vkw{(Khlu1ZTxX*Lz$)5nMEDVljeYP6!~OD`uY ztW{CoTUhZvuFjw?^`h7-GI7giuQOk9?5Mh*%lizi>Lc^s$$Jda8@O+%p3Ds_B$5_r zP!|vV4qlMaB9EaMh-*l*5%N1FUmMfASrUmH3dnzB3J@wj`F6?HgR=pED5sOicKdd2VWeX6zz|E-O6X`8%RC1y{Q#sMqqak zPpr5*X9R!zIpg^QI17Im_!vJ|=Pc&W+?*x+`M$`(cvU4X7mBqN$|bax_tzX1S*ZK5 zy04yNrOIfz>KXJ})q)FEF)r{T{KZ@G7frxlvQm*{?6 zp_oHY=ZKpGg;D+EhYVovpQa!%*Dx%mplk*R@*z>=@dDfB#3Vg7rDqZYla0}o1rJo>E2YnG8;B%dIV9{bF3`>z*=5%2_P z4PEF_jh%^Mq$X5Y$vUyt6*I`n;Zj3GQGmP+m>Bj5G1W$49UbQpq3g4qP_DZnS2A`Cl$euM z>8J?^?}^xn&;@|SDi2BY;diwvhAv{ts%Eimq=T{%8?`k%8NT>t$9kps7uO%3?k4_Z zW>)ljDuF}Wj5M|>LK{o0k*P$P;&-AT)>~QVXZ>{kwa27_RZuPlTc~JiV4`zX(ZqcUEmGfmF0fQ zT7JaQEuB$u_r>jF1Aw7#)2cioQU|s~z6Hijqh}L0ujVj)ft9|PcQ@M1*DWc=-7+rV zyK@S}z6mR*=}lS3{xp0`fxq*M?CV+CPEBLkY0)yArI?KgHZy7I_5a=1cEb0x8E*6a zJ%F_-EZHwj!7KA^kY71-a_J2}|BK45pxEq%)Hf6~n!?8OxrI z-{%+#>cXdoC;Ck(kNHh8&0H%q1=RpcJ0PvvTx=cl@?_G#rA0es> zZ~NYHajKjg0K(IiWZHOuKkE@a-wL`!7fphhY_znB@QFHgs6E|r8imW zwPyOSnJ&Y+)*9A@n~cXc3_Tg1%S6ME??A&pVjNi0+O3xg&r=H8HQuZ@0q>;hnIqp7 z$bsV!DB*y+P~Q~17#|Y@bhtzF2f3%r&!TsgS?NaaJ={5v1Oa%>(Czx&+f&``MS~(@ zxf7bT7|;33y~soXfI8}dxz#G^gv1lh#F#sC&gP)!dU2I&JPSDzAGoX2OMbn(<0TEL z+mo!fudIgg)D+)9?8`6_HYQoC`KayO%Xfeib4q?4+fTm^3ap+K1wi(`j!=(q% zxl>v%q|B^zkTNN1J2kdGsSZ@Pa+<*JG0Tg+BYPGAm_4GuiB$;AEGs;k{W%qW_mmZK z+N$?Z3^84G_FL$ziRh{`{wRBF!u$*RS$`>bXO?>B21H2UaG4837XDm_;@6hbN8uv`N< zbIy-{WUS*^aVd16aw%jM&9sWfKQ}i1xp58^;~t-mS1G7KtdtCMn@U7Ej8|3?ho&-mq8(QWMO-*FfDv9iqWR^Lt0Y)Aab$4vnYmxRK%`G+JN zLlf(AV}@_kvV8^k#iIQtey>8>w-;#H*XL^43kPZ0^MFY9wQ5=4V-;G~55@0t_PiUl ztbSVFyzMkxp`9O%%#Vs*{ z_iUp1>svlOz}XK&Ifx1m5W&aEEM3eT0YB0-CuwsO;NvZ)S#oqqiH825|od|x3EK-I)5Rg{lU z)~X)H{L)j=Bf9`V+GLu-e2+1b%iT%-z{;cIY~yK%{+459L(*Kz9Z&r7Txwn@%yMW? zyyd(p8n_*ob^8Z7!uR5NIWKeRP5Y+jycF!_HK1HWosoRg_AwqHXgJDgb?&h*&oiu1N=)z5PKdVw_N zJj}MQ02|G<#CeOC7JJju+agg20zuhd^Y3C-O4{Hw+&=hI>sG50=a5vlRS~!!9(tdJ zPY=<1w2_7u2ngN&R^X$^Vw7R%Lv?CAo+dmqXLwa5u3aI26HcExuYF4(7i|eJwjAs|jh)J-hAoTCjq8HTI95?ICJP z-Qft$-I403N!{Ym=WfA)#Na!1z+eXc6O%wW_#kT7P#Mxn(VG&s%C+4*F{*Q|E8W<(eVtC34Be}k=Vnh$3Hwt9=@0lpC#qi$I3BMTC5yh#w{>T zM>$CfxzMGFYu)Xx8zT&L+29(V>=^d1Eg=Hk^&W?j30_+ zTHkGV=QWj%imaq8)*+)`C2@)BxvnHvtGq77qKWP$dF0mTJ%R#s()|dOeKP9)J`6k%!>w_eL$BYQ^n%q7v@PTgO< zfb^4VZiCBjbJpA%h}al21$(0?z8YPkR={dm&wI6Gw5mI>7d5(;2*7blygiWqN%UMU zBh)4vtSzpRXf|`Y*}qB)ROCqz3{x&k5A-ntqr_{MN($L(hT_C`WJL~R8%X^AOhZ|H z7aGRne30oL@R5plrd4dMs9E@132zv^iVep>o@06je1!X%>EiFVR@vV@B`5e;(~dtn&XQ0TR8TTbn!~7vLoUI&q+lRd5m->eVAA)cuO*c}U;d#1fGq$cmj@ z{djVf&cn1Vh|=fTg6IVE+`<|Z2w-^L0?H|-hK5$s9?6;(-L)%HE1qI~3qnIznpq}; zwJY)~iML=Lg}vj>Jj|mxZRSi?e^=GA-S`ERJCIlkO|Wt^DTPEQw&Ap%Ha*T> z_s_$VB19S@IbD+LjqOaUR%x5Rqtc#6TGWq(n{SSzYhPW5)I~_07oS?oRH&fRZpXvM z1l~=?ohQD`e=s!%sb^TJhR&pHvmGj_3`z7UR`~hxNo6Mg!C!D zte>I8DWaHm_CMy+xB1LKY%jSRr<@`?MIi+`qTO5!s%OVhJ2X<@g^i! zrOl3tsl(3?>~_;bv)}@O|Muy}eR5z{#GY^Y)HK9Q6CoM^yr#dqyFv)9wTdeP~d)5O9&f}^yK7J}nr3N%5FWX*n z0Jr`9*H|33m>nhh+hSurjZi70RWocfs9G^(JYh93NCQ=3UCr~g;_gflu`TBWxqY=k4P)~VMXeow2| zO%b2{?^@M%0kdubH1AP^eg->Qrv<4$iO@dA8Je3j)j^}Jt*BIQ!tKPo?bSOSvL|n# zcQ+>{h?=dPj>9buy_UZRownMG7)aFdr`8d+FM|S{>J%TRg^0qs67!KQZ zN1c)82sY+ibj8Ko!fTiAil!icdN`Gzb5c09))A~dD}QIPR9>ey?8Lpkf`2n>rxqlz`HxNlDoHL6v>neo<2T$L(6>UQ$$$REBPWAkwlPp)kI#IW>Q$ zX`s_VF9qwfu(JI9yrI-=kKHKwJ21gsJvBS}UQ8Seu|*pw95B_!oBw%)$1X0Ji<7_3 zVQZvy5p)%9{k$w10_ff>We-cc@hg}#vAvFSQT-g67VVqAlePMP7p+y|WsOo0e1H(8 zQwmaOG!5k^lseRmX6LrO?A6awCj5Y@>hlLFry^jK7mbe`R^rpt8)#6I=EKj1!Q3|< z{=Mm7;KO3cNr~m?W=>i9*yrISEl{^ek`M|f$@LsRI>a@|uLgR~$+b9zIL zEDywWb?>BJYVSWNki$blcZ`sJUzR%~NaiN zAO^1IEa3y##CSyBushkSXK3q|&`DRtQHZR0z9TsW$tblT(OnmiASydmJ(Xgr8pUZB zYH((}<;-ZXRD6{B2rN-thxrI~pGO~;pmEV0deEzSeOa2e?vv=9R)c)u%g~@~`g~I@ z+FN!B($Jc0S6Am@1;|P@i=VnFZ&J{Hnt1NaXo<31rYmEY6C1c1L%jt9cq)6u1wf{= z10P8sF*?-o=r85(ckA1tL(TXReQSnhQ=HNM92T}6>JI9!fX>s_?Lj}!B!CZJYCCXo z)T%`uL`@0)A9h1A9S1l>*JpHv?p>;_y9Qm|hc4_B1DsLSc0+Aq=*8C9rVmo56J$ zKO1xy3R=SjB?(GI#9xDsT@lN?dcS{UOm+hu&jI5$6qXdhK%dWHg4m4+kfbTM+`??ekVkM3~U z>b;?>a|)uv689IEzR#s^_Yt=7dm6=S>rzaw=L0E7@_CMw(*E(^7Y|*6I@z>p z`hWC-#DD?_+H0C6=Z3Eu629b(!@Gk=$E=sLe|l5!NRCMIwHZw={WTtxISxC-*%UTy zyq1*)+lQ2B8&6l4Ia-jwJ8R|hTzrb>wKs%!sPCY7fcg%cwssMKP89(t#?sMVr&W>A zaM(YR5FG1C3xLzbXM)o=hts3ikr+5&Ys%ju)PPpWcqQHtzY$E4JJCL{-mN|QvZ4>_ z9eFz)J3e&Sb~@@lObgaoNYM^E`Iq?zas-Y@sas;2lFm2N+Ng9byTq8%TqK|w>-ZsZ!?7FQcar279_QEqV zj>JJ9!%#k>hVmGOl31SDCbE))m)Bnno&+aDuR3}T`sUskeN(UKn}cGjE8B@nuXpJ$ zaIIF)r5Rv5wz>u|xJYzP@iO`sb{Nt)TIEl`GDmx<#T}(qJh*v5CqJ`&?zlz{`VaB5 z!OnyJ!C#srzz2&YC+QlC1XyL|{7pUc7IPr#PBLz>a;{c6Rm_n{RNs`GPUp`u@;Hmh zYlI#6fg%$Z5ad%m7``&g8@^+ZJA9`bEH>n?LX9;D(M1vKHgOVFlpb8ZSVXKv%e2b3 znbuge%o4HAx=x8$*Yq$&tRM4uQtW2Ybu25KK(rL3*hkKrjw>PL#}Go^uY{1hjqjj@ zgxrjBn<0S&=C|&{EK35p+i;-}CFtErAYb$kSos{~w;=q;=QyEo9DwrP(5yKk z!KEo86eI;A{h`&bd&;art?DOY`$fT7Q2`DB3k_ec(D2@{10+RJ0e5~gbXNOb74!#L zDQ1?VQy49+@*Ju4GEkfIS>Vn%htCAeyD}Q%0rUMk;R*EC`Km3j2o6aI~o z>mC!iZsi~FjSx5A2lP3`sSvER8FNsD%;90nr}E!KbV*0`p1SvvLH@6u5$Zpc1NteY zi#YUs_TzzQWCyDYrGTJy@%dk&BSipQ)L%(TBO;eSC<0RAdPBE7Z_0nQ zYDR>TK1rCC(EMC46pM0`zeVj|MRVM?rr>g@(@w*R$@SRlv{k<(a~bLp9l924YF2-b zh+}RMp1Q@0*93z+Q&9h^d(Ra@HX&s3@lm@xI-FjuP-er z*5~(+-s0A^=y#N3ZuOlRoVLMJJ=VS)Zw^jft}zVeSu zk8CD3<5?Mg{}^Y%vt$8Fr#SU}`iI6JFmp=Vc7eW1O5Z1dJm&qt%G0X|Dcjwor`AFdaAQ=RuxZvc%c>hi z$$MSHDmDyqN@-SP5Z+!ai-2-vxBk4CW;t`d5y!4&U@tJolLFdVxn6zNoJf|E(a-8H zca(XX9eR$^&+z=~1oPz34a0tDSd#340O-wMLK)CNg|7&u$H{?y^fO9W@jhyI=SWYr zY&TTANfFw=Vk1=IR0S(D=RnwZ%YR$d-HfvOjv`?r?b}(9wF8sjS15v!JJmY&tu#9Xm01Fi_oDPqvP0(MO)ZW_e@ud~PqePJ^KG110gGf|DNYzL%!_l*12Sx9=6T$3xqYSpV7uK68KcmKe zS;CP?e|%S&5rE7X$t-h=U|jIx_l!~9D+10{C0d`_b- zJ7uGyXLiDkjOq&i0HTUmlT;G~QfPrd(AuF3;?~R+(&T>tPqFTPh=KXtjI_1@Owp_x zJHsf}+}{O85$9iYeIlZ2yh2n#B*PG&?(jl@j+9-*ZVu~@emP8BhS6S+=W&O=chm4R;`Lu0Ll{6RBmNC zv>!JF%hxNxd6OkLuZl1v9cJD8%i@(uF42JIR zj5ZPKWg11?Awj-X9^G{Mu@%6_yEO?^h1 z^(+*^{I|kAvH|$GqN9_n<#)hXaIfhW?jZsbbbu}cStv6KWu7EbK)Jh}ph~&*g>$s3 zAEKlO-(Sd8=!O^#?L)KO$HW#sSW8E*t?Q{vz{QQO{QX!sj4B=Nz1CsIb_NzB$^#H^yG>1Z2h@@#)(~ zLIIyP;{)rNSv{nH%>yRar@!jep)3gnz-R=3_&H(}gF5%vKhvrif7PqM9uJ^E+H#2=euG>Du9BxiN+rOGiUVW7%>F%0v;vLYJ&&=`Q? z9*}?`R_MCXr@!aX--x=3*NXd-%hC&=M9-%JmmRL2N=hzVjCIBnEb~}%x;Hu9)Bc=Kf8P^4jwH-a_ z`W_T18PK@~x4o_;jfp2b3|{Z1@;p4#=CN~e>vHq8o8{n$;Hmr<`hss*`gdc&!t^)cuHOb4at#^eVuqT$rHs71Qxn*uv| zoztYi$Pt#-HwR8g)guW+o2vlY#{K%|uDx=9Hsr7=L|A_I^{~X5T zs5Edr9`QmqanGZoHsNQB#&s+#@E)2ge`o#{=j2`v?ML+v?T2+9{bipveXlQchL`?L z8`Ccd_ut9DN5KGz-kL2wwAf>BEUAxN$LeFNHFBBNz_|HtO%6EXK9*NO9((myRlrw= zzOz$*T>8sJ+PeN*Tm^edr+BDWX$nN6V>>_5UHOvUR(YRZH#?k@@6($KfWSDY1+T?R zefIaUB_*4C6J2)7$6V=R9;bHRAfBc>=))TOaQ}m|!-JZ; z#dagtKRsf?Qeu`dUeK6#t~u0hVfA+-JFC0HV=fA=9SfoMF+{0XS}C8mYb z4$rb`es8TQhWo3^`7D;RRdTxVhu$?_fVn6_KCp}PvW&~Z-G&1ELjFOm_yY?%8D<^- z{>eiRbcYY6HAV+LB<8w`Bm#}BwDOhtrC(5%3YTmq|gX)0Tgzpi(84XtHQ88^dc>rUk`I^zW(*9Oqt#1@qsAC< z1Rb$qT=|m@;)oH@jMndwIO6F6V$6l+e*oeLeJ)@uOrdNh_Vnpj_e=+0;nUx72ir;2 zEY>OwMb&`dEl-bL!!({ed9R^f8ZfooZ&5RZePYCICPkynDnZzUiQaM*fU03oO^>bC zgV!0G<+<_&coAuubZu1`UlhIqFWX@fGa6_GO%XE({8yRu1BjW)Ld)uZlAJ^~mEL8N3 zewevxYIaM&%vNIo{j=Kk(t_+B#)G7@=6h23Wv2k421+PF-w*P$4KRilAEUk6>m9ajg1ud;1J4pt6mo#(VHzzBOlCQDkU0noR-OaJK8KaTv3bcCF@ zc->;l&r+-L?7cLzJdBntzsqZXhi%dB`6Vfv6h^C*_0@^~(6IkfYY$o%HHT{tUmrPN zNS-)+E+C;EdYa~!UOGbPpK{Vaw|*4FL#{78G}*C1Xb1fz zg-1K=30>f}pD3LsgvO>U`k9VI$DZVwSosnyzC7L5f{n7h;=}mZfympd1+Nz(=^btL zg~{f=lpQ0IJQQl`<=9Q?-8(*Xr?@~Xy$-@C#e*g9P4SJ0t%uN@R%d9CCv-6f*-^ugFovp^ZO(1|#{^6~}PxFRhec_jEU_t3}_yi2j}ek(9~Ts+tfUDRe= zyNYyCdWnG{V~4Je3(iY}Va zwU%+GtmOw*E#p}Wz2w9f05MP_k7LarH1>y4avm1FR zl04I*iI(v_kH!^3?lGwVU;Nuf2J2Yc@eXeCtY@&Qr=-XtP1xS(cj79!-(`|Q2Ms40 z8l4rFcbDYJ3myrZWKbj1!f7ootH!rhn`F=*RL;0Z&LAxJmJE20`Y@X2YYxSFjlY=BmTv+XXuj` z``RY8A5FQmrSx~6@LerhR!{6^DeiWlgpPXbErE9#n`4a`-UwqnQjPH?9Ak-5vv^fk zhv=R9Q>pq>S_YD$j_hc36dDGSW>YIT$DOoj_hsxrr&Nc)wr=-dLWZoaX!6{;)>5M= zcc-l*Wgh zR^uP8md300N-(@_lmU+S1n-1Qu)ss$H}1!ILK%w8q#wSEE0tyG1b5?1i7pnUeZ1&H zq)Zfmn6y0~fKF0chy%t)D^<`aY@{>O0mfn=J-w&dt``#g;a8r_AAZJ0g@B!LgmlQ^ zoj^xSW1Wxz_wDe0Z#$*;d!Bw-f~xsE2l(HqIGF?dmWpoXTjbZk{y{(J2}W$C?4(Gb zq0@)Zm&(cQ5{{B^Kt`Xei>A#C4gHBrd-&zj(Eh*ltk(Hp-|3$Qgdo>Q7V9017wln_MLWqq$7(4xY@PxrzfraUD+VYoU6%Gs_(w z=48d;Nx#ESbPWBw=zoK(&K>Sw=(QbmtWPnQ#k?Fwp!l$=HgGHb)CV`WmtLo>OIApv zt$JNuBrTM=Mtiuf6z0$zK?WvJcbeP2TdVpr>X}|Kb=sIfMAF)!kKXNnbGo+9JI&?{ z-?7~hJkhJ9e{jo)VBG`3x?X@TIiLw?)0RFd<$(#~1HaeSWjMn(q4e=CrC(&}kZ=V@ zJoeYL)rW=N1g$Y|mw%@A(^{>D!M3pm@nJgNouq>E&1*L1EAzP>0czc#Wq7R*{AhJ(RrHI{`qdDj~hapQk04r5#&F~&m~Y&JZ_QTu+XEB!Nf zSYkyPU^7~aYR)Ub@W>M!p0jvzhi^`fj*2^9ifSfWh44bgTo6BW-te{jn(~1L9HUj! z{>QOyjO6|m*UE7`P}{*Hy-J2Vf=wd;mwo{Mdu`yXIJN2ZPN1oRt=iJr#FaoM=r0mT zp)2fA5rWTjU|<~>S^V$ikjVrB5co0RpfJRP*r!??lj++%`U@_-A@)5^DF-f%{!&57 z6U+bPfBjDVb06LZQjgJ6V&fw&9b86aps@6BsAqd|-B7atcFl)V$fo7FYRP4X7VZjU zMyL{@u`d#}T$dRvQQSw+X19}p$Zhgjw;6}3#5cqPcUcDUpBvv~v1NflOL)Vygr9cz z=bqs6WCI7eb4$*W_`qv4XrTj1RJ)zkdWAKm?}1QxGji8s6+#BzYV-~crE6Dcs-~bw zlj%QTy*N=(ExIr!<}i#u+;ylu3iQIfU0`S-p*~=2tsE*kaGH_zFhjdxgqCNiAzE_H zqHgFHX*2_mEy1f>fIR7Vg+zBLy314~^69U9ypshJzO;BJeH<}0?rvjk<-aE0$xrgX zjCdz|R{bmDoqU7=`rjDuB(-p4N05@=+}$Kyps}n2st~Z#Z`5+ zr2e<#o!olvD8@Uvr0wf?Ctt@q`QIAv#K;}>e?Q(y@2RFy5@QP=vf`b%R(u`rsu>WW1BgW=I6Sj&~B8 z|1XGl(y;o}@lJl7+ikp)kN?7ozm9kEKN;^NH23RxC;#uqJ8{kWI^N0uSMg46Ib+oS zKk-h!HFVU!G~UT;<2vGCzoIH)r@!YGtXB)-pOn3lg2xF+T9WF=h+C zORnx5?_})N|J`^e=Ux33k9YFajsIl4lW)Ix=&K#?P!J-O&l@OjCXQS)~>O2!PoIlzK(ZN_Dl?8+Gf;T(K+5p(G~x@AA@n_)>ZC&{p_#KLy zz%cwNAI>*B^v#ZRpa-9GrN8J(f6t}A;!1zRk$%jT{*k`Rncm_|Z%yCsOmD^mx1Q-t zHym^(2QtR>Hs-Ci({gjx6ywZwrPmY&il1R^sExA+T2`&H5g!vhv z+*Vm#iN2YOztHpDEY{y&t`=)IuAaNa=Rw(p(X`W3B!Cz<0bzV+ini{`R3zM#hCkQ# z0Cu!zjWg$L{HEjgEc|BRcMN`e;Wr1rz41F5a<%p|MkYDdQ#4Aw;SUZE<#}2ir3yZv9m9=Obf`WMrEedsW6ocyP4kZ7DopQo_Se zsWO8(xr3N7(9C#9GW<7)bHzk7q{OedoDS!z-qosg#&hP#YSkOnGe5D1)zF3$e+K+sx@s(%`{6${;#L+J&zEb=6 zg!oE@gm%c-YwKwc;zqmznCb;wxFHMxM`#uM|r<-S;KMS6b-&y!c8}oL@?OrQ_YkSNh{I z8vlJAU+L@kN?*rU`aFgAjVcAwh#gh?;mn;(>{Pn}HeVffx#1LvADas!If|*nh;C?6$4%m;+wS`Z7K5OOEHW!Wz$qZLnVlZ^{1TyYXf^*69ju zJt!VV@d$IUJt?OZ^^QS-D>XD6WTnhO)zInc7J-pGg$WCvrKBV)=BhH$wTG zNA{?pmyL4^AKA%?h-saw)JMKeBZG<=R#R2wmB`oM&{r~g@dQ7Pjmz_P_5RM{^0*4V zkOFsG!}8?1*0VNT`G^!pMHH7uR!9x5T$Saf;5_}U{ClX*Q?O53L|g|4zIp858lT7W zi{kUR3f>9_=m|sz=y~VY3eYo@!Bb-b^vvxTpyz7R*)H)Ydp$XyYZE#~=Q#kr2BR_3 zh|WWSTVz-TDeroqG$ul&csu|x#f--TQtc!jPuP@fB->4Qup}D=`aN7U9wJc+y>ohN z0aKq1JdjmayVj#dF=-bs`{-EAZoCBJ!Nd5qY*+Bl5Ua z&|_3sp48~DJcY7KmK^wXs+b0^KP{$#i{te~2j`){Tojy#Vl}u6K8g*_<5u+ev3XjV zIGz!gWaXOCcqk$v1>^a^ z8jNT2PYuTNs*rz*m7{`C_VC{Y%35ZL`DDc75xqTpJf2*SvcavqLbPg$$Kz4B?`u<*i}Ow`N41UZadnW7RkOW$QQQ zrt$4a~^Za+l=gB?h7suyG&FDNn&z@s{ete!Mph^38#pih{`Ip7#8E{Wm;`4lS#{W!w zo(W%v^&BJh zpqZ-gFq2*nC%w!`uXfO<4(xxV_&lea_bbQeIp#3&d0s5~RpRrUwB!gn%CULBJU-8# zzYrwzd4AX8^DMpl2tcjO{Wr$vdH)Lw&8%jSe_8yT3r78~ji1xrdHkGzbv=I0;9*CK zpJN;L3*+Z}c>jNA{G63(oyX7VcAq7FPWsTe@pE?H8|5s1?`i+<#Lv0k*@gHyyO&zx z=X`tW;o|2EKPM)B&ReJcpNO9`zu>3F&zXu6|B0XTYsSwxc=rGD_&FB?!2iV0`F|&V zPC<4T;^*|u?mT`@^~W7Nyg&W%;UeFBM_*|JoOp61e$I6rYq{pIwQM$Pahx1KeopPj z;rKZ(4~ri^XBlVNtDle?KYmW?CoFRs{)y=;-gk2R_&KM35{aL)V_5w7IWje-CI9JT zQ-Br9i4#9(!$;xxInuB=@pJzCQ8<3ijl&Gb@n2DzmfSyF^AkCS(Ckg|rC<1qn)7qx z=cJwZ>&MSof5QK0{G5s1JCC39%^jBbImsu)ji2-S9Z@XNhgtux#m_m-(e?N_8x%8s z&O1X67e8k}UQGO)HADVA@pGzke_s5Y3NH7b_&NWs_&Mpr{XlYDLMLu6Q8rwKSGb&}1#>DpS#Y0Yz7p!o;P$J2HlZ&Uli zV4=xXr#m1FhDOo7!5C=5R);oH$uV1@%1yKqM7LHDG2y?e`8D43g@*p)AP^}TR~5!bYCsTP+MU8 zntbW>nRUFj@X@d6XTMpOU0X+YQna4i>5|Dd`=;cp*1i*}M_y=yM?HoGXwFEtws0!4 zlLz8C!=Q+(1#u*J#03@nOdF^5ti?aC$6n{o*;E1@cXur*E%{=UsaJ%#56r=*)$MY2 z-`1g1%cF?2@0W3iv`OUod|+UAJKZ^hRRyHjX|~Y?Jrl~3N2~6Hq?DwGLo7J3mVdv^zt0+gV)rgMNPYv?<_|E7{Q<3%UcBJIAE~ty64DGAlbszW&zu@MkS6 zmfV{b93)?WYbKBnKu?`n;BVmq+|8k8HxH5z#I@`CMZG?6ysmkHnq2cd{f$}Q*E~sA zeqghy^*i&$A=o20xWrmYZ9S@Fi5JJFoTl05LT==A|a3WDVtDw&W7slm)4J#YTOSwE{$y;hiZ2EscfyB z3_YExtb-Uox%@|1Z{xR24qZsHWn(`t=8qY?->o5s$w{V*mj>bCB@v~suxBAnxa^S| zE3!x+BKQ~f8dD)00O7+L%Lm9xE7;o)eOM9xKrz6y`?xB7{D2H7n*e5@J!#IVYuUEy zvAS7QwSN7948%M(Txg23f zEpiYFdy5x`fyA`FM$jD87=hPRY=L0Ng3kciM-G$#HN`~8lPXECj1DZn+2RJ`**a&UK>mCx?cFJ6|YV zUbGBPIEI9AI7-g5;vm$UUCvDH%}x&t{h`&r2BD-deh8t&J|;GzylQm3sv!o_h$r^C zpUjd-`TjiBCbVCKq`^|<9Rf+W&JDYG+NEo~2}v(gH_LEToxyisgT)|1D-#lfKM6fQ%W582ZFg2^61$RSkBHCR2Y5xLm!<+ zSTS5n?bhE&VFy%CbFMDLqsj$V+pSn-$0{g)1fDpeN2PE~ z$H?kT=+gI>o;LR)V4-l1B{JdpX&vYb=b5w^`g)JtbuT`SPy?HpISvuPusy7lt=G?S zS{)KaxBpvMD$LA|0Pxam3jo`kaR9i}84rMNhXY`(WC0+0y>u<}fzi#ERSWomj8) zY4IdgeS&4_HGlJUvzUcjti=stDWh_B) zhiGA)sxRv!7VBXnyIWUinU)tAL6L=#SX`cyutN8tLWNk3_miR`&T7p3@?0>CQcZU( ztB(?xrXO5z^#Aytz{aw_mISJNy$h*Ng;V=cYCxo}2&ckq%hpN<(&}&$nWVN(LsCsR ziHvSr$0KQNIEmJf*0YiHVmOIBF|=kO>4k6-ZBVUgNU9Gf311aH8Z_G3=;jB$-vkv4 z{RZk%R~dQ5)+_9ufMOmvl*x~HT@wf=l)|v%(6bpfnm%*uyRyG8-}g)Q_v;wMUw?nU zF3s5Av3#YBVs7TJd;2Y^hu_=#=_}ehqo(lwwcv~DXiJN1BhXz*;2c}&1X;ZWc1`nO zl{4BQ<#?PWZgnQfpvk`+ZCg*?l0hEj&IZrzC?R)H%GiVww=%n%VLBoODXeu1`Qt?u zNs@DXU(?oz(Wm)CravRpR6Z{Rwv}g_MsX=9a$xekm+hfw6K(jJd5|#gSwr5etan_I z8#|n5Q}`yO=3g#rQ`YGHv4r8r@|9Wo!`}&90LlcLY1l#zc$@}0Pw8oT2O^9Zo15yf zss5gHJ4p3Il0T7(+tJA+n7EPK6B~8bw38`Y+4^Fvekrn_nv#_c4L{o>-iFHZ1km<7 z=2#4rwTm1~F?w-2C}s7ygc1z<;1bjVlS$_|V0RL*>&rS*N^@sr<-s_LT|7<3AFRqf zNTbgColFsGiGM3*M~?<2i_DmtdLGDzh$)xMuwd2*Vv^D>%rpj0)KMJEPj|u(aSI^Z zi?Lhn#Aa~|HjAY*!kfjr`r}7+*eu@DFFPt`vw)C#hyHGVQcuk0ZKwO(vr&_bnyB71 zfl9Hj=$E5PoR`mlU?nla3)Sn_cBlPButU?@^xyJpr{mQr|8rD){wEIi>TfH*d3s_Q zy6wz0nNLd3mpb&GswzP-f3B38CqV#n$tkN^Wd+xNB zh28guO!-|D_o~#Hb)*>O8O~`e--^y3Q?Wi2bsCv1{5=+}t#aVzB3mgoory(y_G|~4 zK2DWk)tN6j$yjer zH-UbWR!YG*Qv7D0b~&s>Z!R{@v=nepRxfq>A+pc;(5H@@;V)>E0&lSazCV|pHn!`n zKXfMp9a#BXUFa|POj<~aLQ>k;Ka>`pL4F%x!MFHIx~G+RoY2t_ds*5KL{>0AeHNzs z{B(}Dsd_N5q)Md>p(1C?7QVhSuCPtUdUe+<_Bil{tgt&4R(V6Bhi7erCz}}CKi>fM zeMXple>TNX5}r%uO->IcRv{K|4<=V(5uVW86k^tSY9*(?NpenUmYmbtq_nBIQd&`_ zVOosZ2`2C#@9Dk!@gU;2#$H@%ywkaQ@(Tf=XmXbyNGy|OmHnkNA&v;YfEI@uFHDZ# zUQgsG-VJJksW#Ufk0|+r{&hE+as6iOqjP)@q^#_rAKROo7pq)wS(^k|{6*7=Y%rEmwr9DN?XNbvY@pYuU0O(&%IHW(G;>da zK{F5Y@WYyf=|&&jCl1Asq?jYDlAn2)L&p+wA;=1UppL_Q!X zN7+rXrqPT38Q7}UEB#O;69Ctd%8&qfh)s|$G6AUT4JMia@Bsk)a~`47=J=AkZt{8! z;GkG%OMwpF1AYSOtiA4Mkj`^SWc=%y${p`%cKj=+K^`qvU=?8GF$JlsgsDFHk?Da$ z8Xsw?QvK8 zsE4kX;Y2-yOOk72{l}i-6lkp*IZ8whVuf}hN6Wn;`D`Q$|FpV0e!@c zD|Q&Vy^*$mPq_N}9u|2=C;A?$@78T?@iaVLvv0A| zQ-?aN@`X;yixt*bCw!th5bDo{CzhTbfe=2f2~QX8cl^2fvEYh+A%5adijI|b=KsR1 zFU~Z&!Tt;MbN>zSy=MCb@Cjy7ECKpIFHVUwlt<8Kilukzflf&LNc4$y++5R*_52sv zgT>!;;?~&3@e}=<+y3+V7lq#orv424M)t1olsg4{z+og>B2+n!s@LPZ8s?bUy9!wj ztLMY0ZG+SFQroQm{Ym0IJ{(^92#rpR^Cad-Pl)0_-@l0YPbaoM@MDc&KM(5D ziBmH!DuH2c?ZH(TUX1DHQi^$7i_bVk6eK-Pe08i<*A+3_obsJOcy5Pq>el-umC+|` z!($(L+4rjX`WbBw@N72H=w{*&bfunv1T6G_yA2PBHpX0XtWEEQv<919|MY7l0s|C5 zY=#ei=K9IG>TtSqmq+e0)JYCdXM^XjklK@nCE)HUz4nF_v)?VZ(!D%(3*0(1Z?juD zSpK;k3Uq1oHdF-D+t($}mP*+lQ^S1J;I1q?;hK|PHXu`e?xIAH84Ybwb^Xqb+_E5%yphD5W@ zIYyoL9I?*hP-lbZ5Y4nE%(P~lUDKtsu*>S!8!dTHN8XCsGC+{}&ga;-wdBgyA%<`E z3qu2Kt+UIY=ObWgA4{np#&f9*1Fx+EE#I2?Tj_}m0qxw~(49ki0kPH*ck$-c7qoks zXt(`yv)vC44HO=*yK6iV^vSx^R9vd&6eKyHz z9@}-c$x_{m;o|-4{BE>K0&rP=$LUPMxe?RZqPa$gk6rsnUXWXc1qQF52%UgJu@RwPwbw z-+5ntv&2`hjv$dL$_!Imb*Y1zBDofo^sCSCcgVjl!x1kt$von{eqf(C;!zwn^6wXT z8Ty75oH?zU>u4-bXXP4Ns%`U1EAOJzvSeA=(s~u?aMW_jjgur+t_AcH*<@+u9h9wf zv{$K(f%lsw-gre&b0rl)fwK3l`Mv5QLR+9c1bu#C#mlf+<@0tMwZcOo1!+;1p1}gU zh{npREFzHG{N10Vl7*}65ex;%okI)V>J}_Hp+f&dI}x!dPZ0Mni40)2T5m4(5GJ0F zReqZs*wri-R8nP739-M4a)E1Lk$e!!O3F7&j2vaVX`Pb`>ZA&aQ9>R_d*h>6{x})R zbkuMU6Na>Iccv7m=SBY_r(AFk^+H-qSM6nWLAVii+NO+iNNFn>jg1SaG?TvCM^+ae zW;g;z8ZfDXT;d!#*V)L$xHGJ-9{6rwsDoU*k$*SBl%uFY=sm7 z1;Pe$_Rne#$a*lX!WS#CX5IQJuUUOR8)8_NoqW(T+!1+T%oeZamA}X{xGbe%5&f{s z+KXZ#dBj{lt39*>-bJB-^lw9$w+kBh)~)7mG8CiFkathAX~xLi2Yax2O*ZMi4W-}% zYD+KhX=P2|SKigrsUG@Pnr>t!!RwS}_8qDD+pyL}bglmtzsh8iOg>w&y{u2g=Cat* zOALIF956orXOSls9RZYRp`uw5BH*pE_6G`2C2O~l`oc%DG}fN2AQx49Bi(@cwyaDB zdIHry)~8`1jQB5w4#6js1qaNIb1heNRttB%5nb<#t~+BZkkz|LSP-dyCDE{zdf)vP zt00;Q?l0R#VrQY&`#Jja;@?{I=QB}l2mSeJ-wuqUKmUuJ_2n629i{=t~KRRKt8=U0;C0>G4Pd}b@vju zP>lLbAg%oOVeWRTb}+hy5YMHai!qn4Oj-cbOrPS(4mEpKn_rV1UZv3C*NTc=4TZ(v z4d^E&Q?X(c>mMmbMeKfUsuM+=UTsDuiezH1EQBPm44eKm*a=M0eTv^{gkoWDt~rqM zsQxv;U=y-tdmG86G9L_UVY^wFPaGLO$oRlYP*-E&RDL!TUSjh?*oKnL`qZKnn^KQc zPAc+eHrSF@Cc^IKEY#erpNjJjeq_t4D@r9$u~P~z69*uapo<}x$+ndgy)C5*&Q)9R^1)H&)nXgYQ1M^PP5Z0SRsky@DE(u)Zqy2tG04W$Zq^H$Na3tPotqLvWP zAAH%5B=XllUxv_^Ps}e@i84Vv)@9R|SMa4}5l?TrNR-+tiuT-XR{B?DXq|3+T_(PM z6|VSB`Z^wv!3e~UI;O!IGxaYbS92J!63Ueolj}T@YhAdmLIyJ4df!0~1so?B2USd2 zR%!}uj{&N&NEYzgk9jf*j?yI+Myk z0u$2pZIh|SF`33hoIq6*wWo)g8d4JIN0;F%OD~^4HL+|^`TX=G3e7MvQ=i4PkIgoS zc498AAArB1aC$w0dD7s*zUTQH+OATY4Km9xB13B)Hixx!;hrb(e_5v7A`zmE7NZq}9j3c(s3E zeJ%#Bm9MniMFtXAe{)doD3_2k&F zA-Dy9lacQgBVR-C4f<80EZc}@W3a(UcdJV&E-p$_C`i}-+5{;$*3Q42un85vlB6I9 zoZeq+mxBK#emSJz6?Ax4mlb-slTyXCcJ7!|(GzEFb>UU$=U&OVa5|pfNX|QE5QZ8y zqvLw(l62_UE-0DJ-Zk537n_ktWZhQyM>b&X% zr>~%HW{O`K13sjVA|)>=k$%4&b#B2+Exk11WrODG>(hc1l2S@D9vTI#Yz$VIScKM% zkk}Z!gHpP=E44d0Ls6EIp)q(F){g|>@p4*Y8-iElBPQ?P+v)%!+|rX0xaRe`mFS`&S> zZmo#0bV)X2>3Z>?HxSWnv~=P>MXSIsrK&Pp5Zs;O^IgVgVC{bVYz#htzuhQKp+F$X z!WdKT4wxF*MBx*v)6gfTch9r3(NBd*RMzHEcB;j-rZ7veZvES#a?j?OAZ2SjFS4s> zLP*&>7XY|}BCMxr>HMh5=Et&pJX9V4B`8x8-GT_VVKK%!gf%s2<7Sp~Gh{BHKMj+x z*3%)=B#>l|u_MCNjCC}2p?U%Pu$T(Fj#^A54Rvp0kQx)3u3$C~Ka}^SS-G&mBI7G0YekUt zLI38e?(JGxuAc<+IJf!)CAtDXB*Gj33Q~2|WW3Aj`l*z>W(m4OcXPF>V!Z2*ldYG^ zhzaB;mLBI-AJD18WajHt?`~$o;W0W{-xu;Ie<4h|l+}bnuksR^YKb~QON2qXw_Aid zU7^La(3iLxxo0*zd7F)j7r|}1)l9Ftm|F3wFHytDPc0A$iY{qtEQ0^3Of#^7(IULQZH*FpNtxbNWnI2|sO?q|q#~!_-Y(MQMRUi9YoS zn!QrRZ!r(m^<+YJzkQwJ*{H#`B|KGVu<_O|-iQ*UnyLxtfzp(9 zXk>y^@gz`QelS4_EbGGygAL!*Rk`$c*_rtJjWmCKKAzI*U?Co0X@aBawMH9Hh}1L( z9)8t@!%Wag^HOql$G`KSX{fUClB~4>aAj3GUX*1S_*){qy*`tkN-&#p^a-AfN2PW; z{jEBK3k8?Z9Igr8hlfk4b?x6FIJ5-x&ZF{j;!z(UC7eg8bLG72l9txH3f_|z*Qby# zMI7AL(T|)a4@8`cpP}Ezx{BxBw6KzINRG|ssQ_0;>iCN7Qq_jq-6?KubRp7ewqPl4 zlHA(>%?tolzJ3n=+O+YRQq5+`y+zqlzQtL-el{hNR>-|g*;c;UQNF%Rq?mbe`M0?8_$%n;x5##)#csReX1J0)$p0F;k64v=lSU~WD_MeGaCt-Hio+!*Vr5*{h z#b0(6v!8z0Rm}E8oh8!C?<5!#M1SR6TL)CzS~evbllh6mPv%0#`M7vEAKL-vp2OpO zj1}jj#bhqajsVq~K_14v%D7^$GHH5=M_K$}WW$0Wsfw0lMvf`^)M&}pH-7;B+Sm)8 z*+=q1?m4hbt0}C0C>NbAa)FAGiBj;D1nc^72U2AUWBwdXuY%Pyy`Q}Iu)Y;R{@^+R+MSElQorL4v|I7%p`WgA&LOe`iEacb^13+ zF`YL0igLt@iO%T1)w{Y1How=&Du{X`6&l#l6Hu?QcqHZRZ&}MsL-PBh&cZ`bk(+02 z@*X6?Qij6EdPSxO&J~%+U2X6zPCM(~k;nzxbf9Go<~Oz~5-ZfwQ7U_K51&;{vqN^R#Rf}1!oxSR;c$>oV{V**V*2Ngq_p3fk?OgH1T^PmuOLD}lUiI>?{ z;!dv@4bodg7Dq87Ks2vX>?O;9@h4=%9s?jtt zS?AeHhdOrSocis(dIcosQq zP`3K)4bs9J>36}~(&9PvBT*tx)yba%4Fz-9czRAc-vNY(^m;2f6GDB;^@o|m&d*6K z!1U}Qf(}x^PuL1GDXZ%Vpq6qd(50Gw!E?@{ZM5QP=&ShFvc0qiyB<9U?DVr(Q&KNL z4*iigy0P$L5v#RQe{+sy=(nW&+@WU#YstsUJoFEWw=-Tj^3aQs>FUt$+0vDv=Oc{% zmJkH~1dR73j6b4BVVvy18QWw(uvf}viItSi@+&fTf_N*+3J@}!xT_6G^jvFlX|?&{ zBVJ~gtfFjH53b?~xttzgc32h?tQK!Y;;mM^6^pkf@is%eHH)|MnpkN_L|#MkknM@4 zJfu5$*wqSQT_mksWXeO9u>?&K+=C$Sh+L%HSS#opnJpm9))=(xDuyY083U8Etemps zRMGI_AW1!^PTXT&itZ>K*>iCR>ByP+W0kA&ldxhDOyd>z2nWO^BOoq;!DE#LjZf_6 zMY}0lT(T)zTtbZlS_UOs0G7>Qc2QhHoeqmj$TI5_SY`b!MpE)OGD75ijc$~-Y$rGT z@yWnnYXGnB>YN7JR#|Dl7DWTjC>qF&qJi9wG{E|18vhXq=J@wciZ}k1V*CXeR5eA7 ze{R(HGj!P+gOy#y@MJH`{JGRC%7^}yPY(bv)* zMq96LBNk6A8U)66@>UyGJv@W2EiWOd6E=+2d4mmmkh-z;9?|@Kc#xp3ZM{Wr53}fic-;_`px3;az7$|duw9aZrDqrKXg_JsJEr-i=%wO_k` zYLL&vjpgR?_psghKVEZu5n^CYJRl zJr1eyBjJNuR%3|O;I~LMuw!IVf^)f(NLBWGDLgIra_4>r>v?i>%{AWE>o zeuE9BE4ZKgXe2hezz2H;AM936%@@p8OHY3PBsn0HztX3R)~ zAzp605<^Vvvhhl+FERGq6#-zj05_X~hoNT0$f?9`fj=HOUHrIjG_|BY)K9?f!5UG00xQAkz%giplCtBV?*oL}U=R5K%x~Oz`NZ4dO|{lS<`fPF5}? zD-)?=ahRbcVJc-VZUkF4gTgNaL#A&G;~ujIpUla&Cd{s4+L2T0ijlEZ5wZ5B+6Lo` zp4~w9&T&aw@5$f79MY1*#cwx|Om{=MqDrxnaf^841vSIc`Tfz29lU_YpU+ z*jl6ZV+ZZWe{GE2kIRkyIB;_|bP&VX55`v2bt-JDrqT{{8q7CkiY(>Rl9uLe$5}0c z?*eyPX6bp}P#t-N@D?!h==Hg)5WXNxzpg0^7D!_LfGTZcXEt0tCw(4L0Dr#%h(Q(@FjRur|96-Vu4Ga@?~-pa)rZvg6x zLh`YgSAGlq)B0Z-UjN6ZMdTlg&Gmm3E$7NIvT}qJWCcH}cCgIxZbJ%^X)NPn={(F< zwJejeOUxT_X|RHeYZ&a;}DDNI!o#xyB0*t zEEZ1EOoxp@>bhXyjPIa$jprx(+0v5tJtrJfh`GQcjbgfKsiaiVpkqqV2R##JI4x(f zMlt!+tgsSih)CI<#Y&vK%^413Mg*@G=e3Z?!^NNW0L zmyjer7)lrh$l$iy_2JKVi!6l{SQ1O&-s8nmxP@O?g)s=2D@%Gdq4j8x#s+-XPa6_L z8h@wM#&uDo@!;{6UJv=nz2;k?;bqTXYxMfPXMX}|yqp#xjkLkBq_KK%S4rcw%uY$; z^!#5$8nZGjNIKNxS3=UNmA{lUj$PZ4G`=2mc+z+Y-}TYqRw*Eu7kv42o3X*`_SRnpjUT&JYbfA}vVjTy&Tko05sUkOPM{o|LC zhHZ5R(n$VdAV`C>m;Aa3^6k=rfdeq5OJulHU%+?$yW<9OCNefc|5hMP*`VK36Ga+J z2U>c4y!|Kl`p&q$e*BrAKpGOZv6cyf5Oxj>lSY9^S#aDDNkihCqZ%_hC5<1>=$tgR z9ho$4$Ot2;>=>YT-``or-0K-r#{B;CLi+qGpzhkIe<{Jd{v0_O9ZT1z%f?ci1g=ql z1J&`6u;l&sf8!6#AhG0~u4_Q@{v;I;fax>2XFjz=_69a)%5}|&vUX-Uu$>2-v}PFo zB&3=YLS>K)gaRA0UoKNwH%`1n$`+ zrGeNRJ!B@2bH6>#yq`3*YVuX-M zwf&C>>K?XF8rVMqYV1CCW(=ss7Eu4mr4PH0t?y@{624aU^A1Knz^~Uy}uJ*vcg}^=P%U> zEk}I^8K-;Yu_E6Xk?-3l%zP)CHROmdy`MC{IL$AT_~HzI+5gWdO>)=ejUl(pM!O#~^l2=;YbLyX@y}T4-Bd$*M-E0BnNTCP7wyJMCwEln@E9w54cm*V z4QvR;_bdmFvH0%)@sG$ZBFlB2( zmBC95Bt+aiL|Q_lAp~3+i@St;PAD@v8up~088Phn%rNZ9gdI;NU3-J<%0yE03oN@L z@L;$z#E@MT8Ly`7NI6y~UKG!+e+=b_`?A2I{JHHt;~HJW%>9ZoqKa zV$^PlS22~{Or_3qVjY80^DP{Wu(UpzW*i#IX5g);ci4=W;ueo8LT16;xU;f_0Ws!) z-g1(0BzT(~T4(ct;6f~j1K!f3BE^w@e_E$UofO_8%9_xh2PI2?62ko%&{=;T?rMJ?Sb@d(cUVI@ zz(2}>|7x5a0q5{e;D6iM75LkF#fAUk6MrfE@BF1R_^Wye_@7wC@Xwaw!+&&_;FsgW z|A!NPDg6CAh5yS`0skj_vP-V%6(9Z!rLMrgJT)%-?`Hi{_%C`g41aw8`T7%M+3hE} z%6G_td|Rp0^nlb)|HEjTt+ki=o~-B41tE5x?~=)eB2`wsMeH+Q4i&SnliXN;o>Bhu zjV8)0O}srSx``9fq~Rw&uKqAOnpB}|b?9Fdama6tzp*^pLs2?)-L1UtQ|et5+{e!9B{zQzYW!UsTI*+l5F;g$hl}B8dU6#uJY(6^ShY%;JV*z!~rLsB&#rtj|XJF{m zCYb3=-sDs+*_7^9N;hRFw{6OlLt}I87ZzJ%S3LbByBa&3f4NTlja~4UXn$kT{ydLd zzE4c~IQCkd__!@N?<#5WEvU>uI;i<|LOL|EHxpA?GNz+Wkc6bmiHnPAYP(qlL_;Ufu3fZ)kH#s~^0d4$jI4 z-nvhdy^Zx0?mjOR#F=VSf}K-yOhcK zKaii|-w_T<%!nmhEbd^#!Id9AVt8AA;o4j?+$>S5r^D9|)gP73S?Od{g zsv#4Y*J*8%RxhPN_EXf4%|S=#|o&e98xM;M0`SjJ!}79(5_-Iu13;1&7M^cyqq@2I>xZ0|!!Oj^=p2 z>K*jmuPR-B+(QovHC(pAlee=a4H$}y2RT5@_fsUxE#AQHl+rw8iS{qT@PIV^1@D#Z z@hf%yoOiu}cE_xKt>>Xos}D)^K68vAPZ03`)CYRW@NEV?T2L$n{zx8QU&Noh&3U!! zY=tP1vqhH1aO_3Hcg~HE3ctpWnm$6i@pQKOI}7ian*TdJ<F1T+AO@FDX-X)ED z*Be528h13TomWc@j+QDZDjQb9`6(9LlqG-KXT&iqJHe;SYo~oCY@;&f zPq1U3W;%pDQv^{VDG7VLT=h(b&0_V1b(O5XCUJ$w$;x~O$0zCNgxYLIcQ5C)!D7GF zm9^lj<(9QT*e{?6_!O7|6?&Czn0=+gW$7R1wtI5k zm^nbbX}Vi!%=yk$@co>g?t-_=j;cr+TzhINlPmNY5J2DIQ&iZV0;$(-jVDHQih%6yoaE#abg3sNM zJyGrJKw8^GwbbF5sNUvqPDGh>B<&chUhl{pt-2jqisuV|&L(f5c86Z_cSs>ZugJ<} zxyoL5&gb5ocV^#6yRp0AtI|G93id6eO&UcR(Fu9PW!c0``!O5d(|2YNAB0rUi_x7w z`oJdpl%!3}2l>GIAor9V^p*}@C{vyC1%779p>esb89+(vF*Jk1cc=X*yH}s}$i9#| zZn`_?Q+tClXL<)4^A7&YqvLTF#V6>2sP*viIKwkz2CqHIk0l5p!Zr#~AO$yZZO6&# zt?9BhE0esO*L|Hy7Gt?|`D9>iimjkss^B>BFA{*X8e#IAgb+S4Es80e@O9wZsJ2Lt{!c&*l~B3Z0HoX7>PxEFre6*TEBCtTB=9S zdQ?nx^rxiJl^F^(xCUd@w~wSliHnX5cyl=^vSg!+obwuyievoGPsbo(f_rmITy=F0 zkFv#8_qhWJ7oU!VdWT!tQKvfq#8qzfrfj!*`Kc~xt6OOkiN*ZOiC>rSuXKtK>XKds zNs0`U`4?p<;$M`(C#`m!SyET)K&!(`&?p6*6xj_~RbQ6l|*?5Gl{xVA*P9RI%FTq2cja!W;Z?1r#r zv*g*NZ0ecB-XLpgB@eswaIl*p^P`g;6ox-$md|$?&OY$5uzdb#;p2usmY2^TgRyx> zs%eqjI1Y?<$m(yMa?TEj3;IZlc%xM%cV*83?#jsn?C#1-1|;CK%%>{bU+eb zit&<+=OuV{!*eR0DelUv1~~9C886-OEW-0BJbiff0031$s=p2f^en`mRHVpA>4j$@ zo)VsJJe_!s#52uZdE0>ABx}G+A30Fp7mJfqgk9}6^Yo;|A2b)(F3WB(iXmYjrmkk~7`PPW`>- zGO(2IbgT5PQczR%GH1&d9A?oJaMU0VFhpNkHEdz?A2x2e(SaxD&z4=SZs&@)r&H?>D^C#7Mttf`F!SDDdNCGlhpdgoV9MB( z{OngQ$J6G<3Du0WkmIjKQZ);0z{l(WAJYbHF%qUZb!P#MJ5Isi%;iMS4q5Fbhg{Cq zOJwz2@G{RHI@7k6SRx^X*zllmx9yV~%QGrLWxoKCzK#kWh5 z8^;;5dz{k{En9>I)CD0hU|yA=I{87tTgE#d=SDp0I@d8O*gsKY0JR_t{{dGvX?cSNgbCi zhh%5@Jjqr%3INeL@xM$6OMU7B>ZMP?{<}q1iX7euCfBvw!w%P{Kfr9B4{V-KnN6|n znjvXP7wq1Hao9aF{7J;}3(CCnA(KbH;vv2{8Obr=Pn_c%Jk}jgISP@Z^Ydc|e$i&# zUa|L2vFR_~ABSJW8V#vPcPKx;hsLv;3l?eUv^2Vo=S9Dhu_sKtGHIdL-sB1augL`f zx%FE7m`Xn&E~y1~%i(W15HIf}$#0$^R9MCMT}1ij7l%3;QBT2~7C~Bsjb&iKKmuAbndp4Im@MU=px>^*4@pvx42#Ow>*U>93hF#k zth!a|0=rXQUKW^y2-v1L;X?4A@h+jq)@u=J<^nR0t zijLKPPT?mwtUWA^(jMMUkF? zB2-hxa4mn7^@K7-q$JXib3P;?no9`L#vC{^a&(+>FI{Wc7=5k5c`sjUV8eQ^9S4D3 z#%Xc!a%^F%5@qH4R=;ai0)^5=y)EKM+S(qj_g($Rr5);hPhYb%QZHA^j$=+orI37L zhpA#rvG-p+1F7ggt4gy)SF=UO(-zU)DJktPx;Z7K-B0(XfHy{1+M;{e`_hwqH%obh z)R=hCtt*qZltrY{bXPv}7#kmSqwu3*#iLmfeGgMhzTtszu*8#j71J-chYq|)if?8m z6cbByJ$=50k2=BnN)k!H+jg;Tw z`HghrLb`uS9v_=f*UrE>2@tf_mklU!NgKhzu737R3aE1|GTxCzRScpceW_RCQ`sl< z=^Uy9B{tgu3%ZnEqRdG6M!LN)Np37O<8l{f;Lp@d{3#lYZ*msCooRfNM@mZz3#~`` zF7~%5(qHP`9Y%i_Qhz;p+eLpilz9kj6H4w^eiCPVi2L^&>IC(wbqrNvplIQ5qbezV zo+=?M#1t>9qvFG3aNz6|2StQ~sYk#;la#Usjn1# zlh=*Kgu+5 zG~u+7GN%uP0W=t$%bp^(dP*D4O&cAMC~d?s3Cw7=S9;ysy%AFSjd;uSb#F(82FkD% zr!Bc|SGwH24qqGa)hT!1RDzSA^6r9NHV6puMXISsqL5c4r9ngj?qEt=>t*25nvCFa zWVOHw91<%tr;XeO_xQO+4%v8Pyqgy&aD95&9^el%`52>c!&pZeG-pnulCqZ|%2OW| z79B4Y8QlhJ*yhV=lMC8saj%Wl`q~w=1(rcTfh4_;No7h8#@J ze0dg;D!EPWUK!&oX2A&@x+EOyriT$D=H`Jy`I>KuR}n9MO?N7+PcU*DabY^qFMEzP zg+8LKqeP7LUPj^E7<@(RcO%WU>F;NRHN)}rV>_bH3`K%1^F!9j`g4*Xt*<5e@JzJB ztm-(3IoWFOO^)=fOvy%5i;X}RDbigO#Zgw~K`!XQY7RQ}7h+8)bd*T9dz^aPGzZu_ zjoS37Pm@1jh#p}>r++rhR33ZoVde31l0t6VLq?Lx-?yD_#dfuQ47{#>@Jr$u$4A*aAX|R# zQ0-y)tMYl1Y^8$)EejT_w?Wv(3Uqg6JT|K9@pfybO*BDt!#uZg+N2JZK^INbEp8>HXQ3no8J4;Sk= z(a4I>r&KZPzOWzb*kAWkHzv_<>c&N)8|3UU9o>iyR4=P@rt7YYO#>GXR{t><8yXU9 za2xb~=m0GJsQzfbsnl>w4^rdT=5417v>2AKFo83*e&$nFaY1Dnuoz zDd|3uR4v$=HIOqbyi+WV`cstyZ7qM{vyHVLoFXoxEOcM|F60Qt%Q1>`9MC;?8P2RG zb2~xa=^HtSi2*<#@qxWfugr1-CgukWpj*!tqhFWMmk(Z?^2ol`Rk%{c|F(>q?} zHCbKNj5MEmx?8=);Zv`et|wi@!~bSlh1x5w#O(lWbb8YIR z(_P9Nc*RUyRSYPliepg;<(4WYCUew*agg*&zkdb4E=s3g@0LhcZ2CrWUQ;MFG`}e| zyqblC_mD6yQ)<|NgdJHWjlpgdwOB;vXGMI!yNF8@7I^lz|Ei0Rx1cRN?nor`W2UMH>_>Ck9qLef# zIG7v*2X~*u1)um7PjB7FncnUjrPZtSlZ1KnFmcD99%;dqd=EgYqlYv2gGhW0Z+Sai zH3^NuOIX;2nLENnP4En~QTMsi1^tN#m&H}VihCH-fZ1u_p*R0*2p&gIFYoJsH4Up! zU!*7+VMPh{%;n4(l*w+zN=96)IFYYYWTgDwf{cENM?l7Eh8cCfPj5BB-FT}Ee!vB4 zR((X>s#*3iJ)FT$L?^3z@Y_D|Rx93;bA=p8yb*vv;!eB?{IR1cO{-=%w1$W!1laVo zcd^?b0+;T;pnz+Q4P1)8-1sm|eCR_TPQ%i#FQyOb?Zut=gYbv_VgAGP2LzSk-NIhp zUAgK;K%*?1ioYews_SWDDo+;`M*Kklc$x=JEt4Nrx%^l*f*xthcJ>kRVfdld@*~K= zt&i^kq9w`n03l!d4VlZUj1QNRG~Ctbrt`2h)RR|n4<|Q3!wok;gf9b8OEk!$YJvp5 ztFmIa#8f`jc%zuOTx>yI8s9&wB7_>4ybvW_4Hd)FdfLLddiUhBUbT_s3?oZ#0Fhv1 z>C;zKG%SqyROA91MeBrDsTgjU^fw!?v_1Hh7lzZO;DaeZot|0ZLOPv~J<8+5S=zHY zNGRv@OO3EMeMHzBelTLmN73+N!$;BZ8HSId;cW8n4DK{@sPq9a)6qSF{8oI@=I{PY z472=s{}eh-&;WaJ;-mlk$~;Hwr4+}d&~SRGQIEn-FW;FDKK4a(L|U^gPA$S^EPFbY z)gMC{s-K0G(DL{c9oswY5YhaamimVZ5tp&T^c=Zj0Za52%!_hG)CK=If%OE8bq^y@ z3>fva`M=zM(BbM|Ij;-%d1#w#q8)WeId79v&U0C{Odi%)+T)#OAZ?6YX-<^ASh<77 zlTLIcc1t{MBwFHWe`LhdmMES!(nd&9#j9L=0h5EYt~pZ*tP?5elrmzRQ(F9#NC>x( zX$huHX^mXk5=@&CjUd?gX$HY2pcffovOCQoRTM{pX&)xnIUGzIKMkSL_}jo7pTKc- zDNs0g&m{zu^w^eJXHXFBYd7`|Pp zsT5cI_~(h913N>otr0@fg63NcQNf4Y z*$rOU%=(lyR0)N3$9SNWme%<*6V@qS$asdwg#1{-nZnXUytga+Ac z{B~=uRP(!$>skR?&gUhrf_G+L?^X^7`DAr3Pu_ly@C9W5KV=Gx}v$tYXcp;H~ zCU}&uT6?>dU1nZaO=8Kq&>%>$H@dsmRd#b%&bF5*6BA053zL`{3Ak8O2dD|9)h`Pr zBvd{pFCr|$uEC=vNv=R`UkFocVLC%h)CFWVv%%qlSkwL(|zrwJa%KB;ER zIhC;Cz;gtiL-$I~S76B`%F1B~7Mz-*{$8zHz9juY>uBXx;29y~1&mIZk8 zY)d?Nb+H-C`)Cv;eEMod%0bjGXZ>vv3d&>bqeUZ060;}!bFNWeioVISGj)#(qtd5lfJ8fg$@>!au! z0D^s2%?uy@%=LRJ_LrXJsR)(jiVesSDuVFruQ;rDR{y7Z1wo9Y8p&sZkUY9&uDrJ961#f@S4XV&p#1FbF*I&k%IM%2AlLp$S zJ#Su_0TGe-XT^77q}vlquOt~z@DBd23Xbof{vcEqmh3l&vr82kON&tCX*z>F&jbM@ z&;|8$IG{=6gY`~DZQ1QccQ_1EXZi-`~o6;NNe<9!O_4efJy)RnA~T*dS3G zgd>J$PUEsUt4ShtZ5ZpYwNADqY(s)6^lAtaE`U_ps9T=2b-C8-QHfC)%>4>8hV35x zf(7C-F261^@8XI#5t~-rhIjHkXqYf2Co+!G>UzH5>* zc0}s$an}-paAv4_(^A8*0$CpU-=FIr^?pRcYW4P z!kn&9hUiMWm(p$j8Fd+zFx)Cld#^R&>h$(gj$dmS7B-=jwt1`Vpmfl5grOPulz+Okg}A9 zMfAfiYcGm%f5e=6$B&_P^)AAyzVBu%K?@qhMn!iWSrhv8Udt9Wt5<}nX462eY(?t; zmfdmY4VKLI*;vir)$blnw@SnN+8fdP+VL~6ue}uid>4EFFj7hH=t|zdG5XqEJbkHZ zr-5{nwV=?QdYz$u^$+3_rx}s+{w3XmeHKEIfnbN^8X$95AW~e@*hVT{0Dh@4}?Oc zCjcRn9A(Gx)Nrj4-8o?4Mp|sBD2hD^$AkD4`4hex6@7V?@Jp9ZH8$IA(;qx5ti0xn z#>OS(ylfiWGF=YLPq&rkL1mLk_N3XMpKO$ab%UpkZ1YHk&FVJN^_O-hb0+=@o#45KEdxI)6fq3aE&3!?X7`AYacS0PtV2RoY;wEItDx&vr)0opKO z<1qu^?JpfHUgiSCJ)!;_SPZn#)2EI@XZPrL8ZBnV;5({4Lwg7;d)kC`mcLm)-&)dw z-#GITxEed1;6?iri-qg5zJ&()9EE!L5^u0pR?6B-`*WYt#59t@Cl_VwpGx6*mCN-+ z<-sg0%GWoTd9+H_NIv^iI}H~yESe#dj}F)+YIo6#{t2(U7>`Ub9s}0V4r3h;S^;kS zogqPrz26&cA3?(*;5u69ZrR}0E5JGhV43qig5Rj}2EcXzZ00=7dL!B^xAbX29rp?L zA01biPS!_-nw4cH_qBic#z54CMKsJui!p~`&+a5+j7qMfFS{TUL`is;`PF0tXy@0+m)r3~ulR)MH zoEh@3yTr|j`^nN)f0i;v4Y4!M5Z`&Nb%+b&*G8eHcbLu?E!y*uF}2R; znDJ+nXFXqD7}u7L)|mNNW3Us!V5?#=S2VU5guX-8W?)yJ*DQbcA*&-> zhgk6yXrSc`i+_?NhiYYVoQ{*|$$ZgN9ouef?%Kq5{rDk7dEGc=6Rn-ae`^o5z6fFj zNnD7wx6^e!THnING4vW<+vb{U-;9{GuNQy6pRJe#dELb*t=pYwzs6=4F@F<$~<6nHIEml?R*+j^#OAz!Oiuu6xeuGG+%6tkChnz z#C1l%skn(J4m(kaCCsvLUK3I&cs{bXTtk<;kJNw6HFX-u@6$f z6{?pDzAyVa%7sQJpAoweO14UZ-_+ zkFBdK^kvMn*OrU@B~0&~wqG8eiL~B9@=?dL@qGxNqUol4%hXvmTX?;VZ{Im(qe(hZ z_ML|Yimr6szVlV1MA*KwbACky2KSftrMXb@LJB!u;v?L3uamJMZ;R=IpQ(?AEm^;2 zVB}avqtM4Zn{g?J{=gIMp>;(OhMdoA%pTlu`931|!|i7=9r`}wi2PnBP^1BhBklh& zQ0lK0@9P48A*btS0+Vr$pYhK_;=UL$`Z&_WoY$$tjPh^6Mx;QWXTXDl=zfWe98pq z{jYSk90w)7PrbUZH4SRN0|c?_g>Iq)Bt$3MXjYPVrt;-v#WNiOv(q<5-9H_DsUhh* zojjdKZch4@7K{Qn=~q7We)qQD4%1CfQHfirro=I7g%}3`vR9p)3Or9KrXO@OUQ~Pk5I=dEYe? zwWL)9j(+gE3}|aV0|LJ$Jc3I3Le+P4kN5+8EAc2#5L|@2yxQ`4`OwCD&|z}!3}j25 z*QC`eDFgI#`w3~N{ZI0O4b+f7=Tp!Jj@F(vv#*41lhX)B4El2NHW`MZ94&!lvQ>ZP zXywl3=5R-bSx%giO9`AJXxXBCS7$G!~Du#f>^ERVP(_4p_^A-7)Tk_E$ zQP%G{^7phEupcj0=lQ$^ucB!v-8@sJ;DewXzjBb>F28K}0s^i!feMz1x%hn#j2~3j z({iPS>(FRnjotMU&99O`d$KYwV^(*X3$0_YUX~v13LNNGHo)~#ayXESXL>8l$o$j& z%ImFzyn#9>>p=A{5y9r|kC7*WPVcA#owkSR^r8PU=yWy(@S`yGWtfk3a^qr?VoMqq z6P#qUW76#*(5;u~b{^5~YC*SmuBTyB{IK#n&^6M14W006bL?_Xn~z9#Io^HBM<&H; zcZ)~g>M))7rjx_xy_SiO@hQSE5Frek&g9A~91k#P6j**Pi_xr2w4>FYQXq?3Q9Zes zDBgliQm~j?)xFC5-Vo%Ack|V5tuJ_h4eW{tte^hoH5t(R6UD{KXX^mD9B8t6)%#u- z*QM7H;!2b|*y&Tjo>|GrG5c+U!j_lMtF~d*{3xwvwE5I2)BV~^T7DleW{tOC|Lp#% zCj+FM?P(%xwO$_K4;M!k&2M};ZE!(BAD;u347wnid*uWBi-UE&mHq>qY zoF+!p>Jm|(HWri3pE+K+^Bt1KmMBa^-hvOL0QnDB+T1x!q1r%mV(Gc4dSc>$E8GR;pM1y$#}KmJ8?Ci%g~}q z`6+pMB-sU8C=oT$mlaW85-eY;qrM~>U!bK=LQl$;wtR`hnkVmLQs?oWhkfB(9I~Z~ z1-u|!3RQpdF)v2Vx09zD^X<08sC~ikM!@X}3Y-AGjwc}|;C;rYZn84b;Vbw^3QnY0 z1*6{ODIj9;#2NpzXr0hg{KRaCZCez#B+vEaXV>bn=rCY*fzYd ziIC$Jt%d5aCEm?grc(+QWm!qYV~wngaqzaTi~;AfgRI|?Dav}xqs_8=wVUiE?t&ds z;8E)?-&ZrZ3lL1TO94;vp)cokknei2E554Vc2$OLobm$ietzXMTJ0xjeTT_{W_|V+ zs8z@-n|=W@0+6W_6!$3G1m%)Z+?O%v%qWm)-+ep{?Vn?kd_qHul5*W=iKLVnfRa9S zS}rIw)35Am9Wq9FLBIu0237kNcQWvBNix?+3_>#Y&oK#;l>1&|GWIB|7~=&EQs7@~ zZSk%&CvCx2aP&nCa}6yepa^*tKp?-BI7K`z(^eSrOK zEdL#GhJr9eueNK zyF&ATe1?kbA$AR>?55OCYOImb+ks2)b+oS4QnU~~ z3t6{K;jF1swcYKvC~G#wWfxy8^o3%QD=*=T)ae-Kt!Csx~NU4 ze!0H3YdUn%Pb~n>+(sAM@we60H&kCAl=q24m1i&dZ}HVOe3$;t^>zHO>(j+(VJZua zKSpq|M1Mjx<_v|Vl2*SalqgF#tm>ddJg-Yc`{5@DLRJ!!nU}2%haq0v>=g4lKO3EGUjxIBnA@l4I(k$}nh|Cmx^#tc* zeRISW9NXe9*d$e5oWxTLE1r<}sElL>3y0p6T|T60inP=cs~b`jQ}N9asC=Gb34fVF zdg&Q-P}Fk3-KJ(jrB_n*C1d2uXM~1E@yAf&%26nCwhezRXS;m2=K|@Y2YRn2Ge{|1 z6ofvI{xfjKlS2T0x9ICn!X~^!88sz`&~Q|p_%Nv+6~wV!>4{J7VCD$SIC2BjEthYe zJui9oX@lw`e6I#+A|k9x#?Z@H#Qpg)O^UvI5sNtA?jwWhReO~uQ27ok#qvs4isX6> zGb=^(<%#$gC#fP%d71WUh2c|@{u3)%SPW`)`ohUEJr9%Q62d}X&0ZF`kK1?2FX^;w zQU_b=;7_i`8`8U%qGRv=nLB2>6dfDP_hXD#Z_Y@$RNU7=UrwbjpJ-n`p3Gm4OxBRG zfxooDA1eJX7yQv5UJ^&aA7#lJe-QsjtM6h~$loF@q%Rt8l**j$0X+vQU%Qq&=CS7$ z%QZx;qd;e8;}0l<36e=OMwLr`Z>k(CFIg^hAzlW=iIdDFDQqrD!N&>U%HY+|O%+dm zqq_ih`}N>LPw+KfyTpt-Pk?We=+NLpm*!~34AR6z^s~xKnJix?QqI#>cXXm~4nDx= zLabLPt6=}V%2fKGv4&JR#HV2LS2ufw_cCD1!oS+tiNjcF9=i$kVF}*N1mYk zl>9_I*%9>EwFL=%T4DT@r2Dio{>hC`@g>P7sCALDrC8#&i1QR~sEN$-ND>Us7cUad zHVK9wdx^L=CPw2s$Hf_5_{aQz$?yL+N$98eS$h`sD^>I>nDM3fl6r~O<8O=AFVPA7 zC4HjyWovP}{CEWhCGSdV2s2GXbS!fyF9_koX!&9&OBt5`3ABRDdSmW9=kT+Okcu}qz% zd4?41BslGl`O!DhGRrgTPlB!-0@TYs9B^QZ-K zWcL(&B>AX&^0osFj$k^ZPy+{#4E;=Nv;l**>f&7oEbkW!IxGsNcZ>70wm$oa?mU|{ zD;BRkQ2DdqXD(AJuMw-Q%AcQzrv@+7n3+DT(0@qMeORggpfNHmwia}t?EX?m3(pNA z(jaDSSCT6*59G6u1EmGizf(n>EBF9EsbWpZpO|B6foV?heUo$V`PX}iqVVXyV zkC}&#y|}e}G0XAkAExb6!$LkXL7>xRys%^)tg%;!|UtMCcU^@0yEcoZ? zV2f)5uve=_Lv<2XKDmfk80sTgX5!ibIM*_q*mroGeRsjM7-!!Hs9|0#$f#lmj?AxSc-zJTH&jkA#`1d2#J~$?rep({`y3HRj|K6(Q zhf!~j(LT6Bwe{^W*awSs_Q5>{`(UxoKDftVA1sbf#&3XnKPbDWv}I|Gg-O$KVJgOe zdqFXazT+u6{aaP1cLncPx%gA&;%ml(i#Pf{PnIf0U_=ZqvTs6mHk5{#wXrUnVDD$x ze1e-!=TEn} zB{qN7T^O4Wp?&6Irz3^7JVNw9TOP0>+F(N@!@qvN65DNvR@yrcz;FBT7h1=dpE zp%lrt5DK+^Cu$I*^g=Uj91>1R=eTTKU`dF)GTkk-m2@|6daT}BWZv4cfd$X~jBVlL zjXu+UD*1WA+k4~=8``i0XNL$yaWD0)VOz9Rc|EE2f$}Fry+rZ$I+Nt zcH$55vb?z*z_aRiqepCaX1P1eo?uy1v>WWTWI3?HH#!5j zoIY#eTH4fee^W_=G-T~q2?tB!<-k8`JxQld@`52%mpMH^bZ6}oz7XHb1-!F`g? zA?q7CV=qOrVdtx^#A4~CRrO^Z$k<Yp z*kYYJl!9KGS{;;68R+I1H%;U>L49xqX)D30hVrwzf?2&N2U#3fIfMZ=<%sK8WxjE# zWhxx8@K?tj|EfW6Ukky$)}TB);+L#qlOROM`&gWGCx;1gfZ*F?uHq|`m(&UIS%(FQ zpa#02g^r2S^(m)2X|~eG%a>L^#P@*&mTVUnsci5RY%Rl5x`8frkrv9te!Bfy!PsbL z3uXVGy<)a)E?cP55xPbzjk&JcN|vMo(UojIpwsFcg@3M64!)s?KmMf6%!P*MQ#*%WcVgpA<2fJHB(PT7As*^kky)2>uptI0j#$|$2 zEplh@ZJw)k49BtY$YX|zlYK;P1^8i{{xQ_{-N2(5dSp zd3X35n^SIdgq3XRZHN2~U2))$qmFRYCVwCPK3l5xnc&PIj#j^FCjW+?Yl{QdTZ^Ij zV&7eytA+~%!MuoWrYH^+sE4I3=ZyBxJI7o)y0+*Xup1qyw$PdB6go4VN@uP+jP_4I z$4Y0e)9B1~$I*W8Ii0XUn_euFUcFr*moRaRx;XzQcfkj<<{M5>A08`CP_w=)Plod! z^zs@LImx;VnhBk&9`0B}n_;x-_Q>@P`2#*y{UM#G9*tF(Q$FmJf1pFu!;9o^NRuIT zW}w#Bh@HLlp#8Cv4IijZM=?)egeP#TEpjbBt8wE!>{Z;FiadWRSVT&f{11kf1X183Hdt-RgN?JQ$<)$ic`O_CN(qKR9c(bVQ@5(NIzN} z622R41ruG3x>o>CGc0D#dt(f#aeeO}+s72m(eqRJUu}KLZd3Z6)r3v*{ob3kSXj+& z5d4gLd+W_MfottK|Bc`*`n+CJn-LT^A3DBBB!+ge`va!}l zF4Ndx{Dk7rC67srjYm43E-)VJk54G~vIk{Y`P+p*wZvoWv~xZ`1~i|^Qq(h94a#e0 zv)gu~tF}-8t{s9)^d~jcr;HsYjyUVin;F|HhJSVclT6~!!9=Yl9S7d`1n0o7Ve5Zm5`{dW70m4?sUeF$ zbmxEKE_h#B_yXlN?-Y)#WLe5C%n|nw%&|d{^0FEp5Wu*DP7A46(*Q=5MQAB~r0Nh| zc|%E^MN)4}k`36}Ix$BmzNFXEYi3*zrrcdHjneH|q5>DWOVYee_dAIjnHn5&1N0=T zBT!`}jMvHGaKr|~^9KY}_?wI(>t;uJ?7zZ(6A%4tAo=TE)G^vxHk{lBFm;! zjg@$H*b#2DI?@_As0)R4{DI=KH$sT7 zJCAykBvsLkw|Jb1$K8-8g;Mn!LDvVqgI%P>k8>=$tUaSJ7hGex(`9aGY1~hDl}MG- zZ9;J=Ays4=sV9H_3Cj!ut^`z=DOJ6I!gR3-H3sEi=y0iW5nQe#tB}4-ZEy@4RKfTh z+G}C?QRKRka=DR9uYZXACh)o2G zzl6xTzgk-%*VX`dea(ZVs@e>bNd;_3=S0Ay1i-Epfc1}KvT8s^9M;I0))*EkDy1GF zpAuBTto3??=)bQQ-`^-~jj%gg!8K=}5w5p7CL-)~Y3X5NpsKzZoMb1d@^7M|z!g?c zUl-2#R8xfAvVl(d2o}Ec?ANNubX2sM;C?3g(lG#x*)s(x-aDc-W-n<4!AS`a%xVR} z>C#mjY$)k!LGu8t$?sZNQY&f04PwH9sY z>SRzWLmfn&RUhf;bP^iS6CWviK+&|3IuxnhIk}UO(Qip_qkFSEwBJ4ONg?`_35JWT zv>My3<5;O#SB_}i?ms&k+dbG8TJt*`8?8(GFg8z@s!r(?XN4!y+GYhM<#<`4PuE0N z*qqV^E36wDV+B<*>>{Kb21;&$%#F(jkt{i+{XBcV8J3Mkb`hzqIY(%K^o)#%h zQ+ek(jCN$Q_VyUPjj{@aS3Qh}|CqIcj{UV}sp=uhk*DRqnch;x8@eJ@UPKAkrKuEj zdB->fy_woJ1?@~eUJBZEVj=~F$h$#LJqyl`QO|$Os%V=%U+V!yy#t98pm)&~wA=-< z&av=#6u_!u`&oy?vHjC`#<9Hq0l8a7N`}9_7VxRU#jeQ!E+(w_O(sW{31DD$o_S;G< z{~pw+vGVa$O~a~8N)wOh6K!~kIEynxoJCDo@!Itq0^vf9*2cA>HNJAAtcyl##rb_AjKLWo>qWx zK#Ol}Mxvi}wSnM+gPGt5eaweOgf<_kg&O8qBf@hLz{&wESTux04*i_)bvwRl5Js+R z(RcH;!dN$>iw%XI(ib{(P+v%n7mDP-gl{M}U0=>}L|<;au3Wz(3FU_9%iXbGU#`2Z z+>`jCler{$sumr_LfykbkTl+&Z(&}{TnpBxg!j>j1GD?moK7$83JTd8NP57>ui~Od@Q#8rKa7-Ia`)FoA*k2UB zkzb(lP?Yk>B%zs!MkrtuiKxnR2##U+Lq?ZmR!P+?ADHzs3bK-p7qO8!AB#uY{dkrj zJv5lIiw3`;S`VQ?4>kBD-Y7ltxj7EtMFJ*~zb{pA5JGG%QiZgt>O-y2J$*6SV1G75PjtDLFla9M!loZ*(z97&m9Fd(oiha4JsqtI{_XN z8wRq6#K(iQ(=KU!$-0<`8}?mZZk2EAMJATkscDIeWErMX;lrxX$g=BJ>hnY> zJ_TUa31JyV44qhShRL^CvH_li*)T`Jv7CL(E8leJWermUIQ3)a<- zQ8*QXywHypROCVcyrP75_20!G^zHAa--iUqaq&?(+i~Rj< zMgD7T=0g8;Tay2B8(r;gv%mmsOYwVbsYU)GTL-C&*JhQv%(G=f@5M&tCAO8BQCrOz zvqhe2sU2e_U{^}KaY@0)2TFP94qaSs+}fpZ-;OmzWtaxeq`BXFP7Yn4f^?~xl1L4p z*ghOO#HDTcX>nd_okxg5D-O|i%k0kniARK!Nu+{UvZ3M-UC}YSdss*soB!i zY`P*pYek^TaFmWfXKbMzQLfxAE`>aacaj3*C^Sivaz3^;#Eu!Z6l8UOkhULPt?xT5 zG-PZYE#AOp);~^)$VOJsWG}>%l*@#P%oKxW5suHEGI*T>`pXvE4(_ zvBp`I=TKB^ePGjv{d?Ja=mccnndm0fK9I%Ci>&zi}}K((#+8JrEY0Kh}!ivm?*X0W5z!5 z7EB2+l8gWI>&piZiGpIa1k9Hx6{ z;p0f*woQ(5I$b`O-2SB1u7O~0AO=|Rm^Zu75G9@!OLUvJxB+7k5Ev-w&yZ~H)BJ6tuC;-=)B6G-GXKs*I*M$|EIV|%}-GK($F(MM?D?3uApRS%u@z9NR zA>~?Ccqhthx+E`f0>Hj4-6=O?uPMplYdpdW_=O`_rzy1Z-GApZMDIwedq}HqODYQ7 zU?~b*P4aqH24K9jv$XmKx@q|Q6Zm$lBJJ=QCSwY*1QH8<>+J`jn@L6ky5HGjAArA? z+xsgk>?Au^;}L%;nTVq_{Du_|8{sh2WH%Sd2g`Sv9icrII1-hHYw>xb)gisj{$TJo z$>Ef7~$t7`WOrH7Itof6RG!3MonSID#LO z>2V}KTIjKmA5-Yj!H=o*ILZ@z#vV+kZ0aS(hwgWF`){ueH2ZR-n9Ke$mG0wC@937nRGZCXr0UEQ z-13`l-!_%0 zrpvU#dy?6W$gzfsU=MiER%LAO98;nHIeS0Mvqk=O_ER|~lIGCV4PQy;gxY+%JT6&I zm8vhdpGh8HaBRiTV0la@a?d}9T9DL_~?`zlYeRlk9@1d5g5bW zv~P!$SMg2w(@_s&7vZc-j;5}(M3YvgK(~NmGLKGUq&$;H&Mt7gf14T1lsA+>z%hLn0i*rJTiDF>u`78mR{d#zAampLWpVI)+ z1QjGtz~)IVv62|YuTA~URw30UFf!%QL}3uJ46D-Xn1D`_R+B6C_$0C69>Nv?(XhBS z1|IA#^9CWa9TsB_aDsK#De&qeCZ*6F>UpnZi(naXpalF`FZeTTDVyezH^Yw_-kwR4 z??oouu-Th28q8zXn1`l-a0JTp23PnSNc^o1ImCAkt`3>Q<}F3$u(Xg@Czdtr)~s0W?EIAAB$(3%JX>6$yRwDd4>$sGrc=)Yb&PL0le@+s9wNG zx;4i6v;-bWK`h78%`Pf`tG;A%gH+uG%ZHhuVD~kd%RJ@{ExRe`rwi^MB9MMYb6=uv zb_dRSAJ3kk_#`f)iJ19XKSPNcU5Oodj-H&5;b~olt%fSGQwyUHdny}B%+{57rL8J2 z(q(wrP$fJfOp(i4SDC9T@tC1RA1aaGy2SVPc!{Nk61}O!0m{`9))jbO*F-r%4ZSpL z4IUh8u#Lo2Bs}OMH@@66q3kWXvQHTr>p=zhauq{?LS2ENp#TLoiC&)2nNxI~SzySX zP1(;#$o@m0c=o>-vQq$Va^ai&YR{NQAg0vu$u9Xmwe)!S_Jor_XY;5ec@%kq!snb` zrs2a>^}}R5pQ%1WV<2DhV8#fwXYkHtcV2Q{g>az&UvPtj5|gYxmxf0;T`yK ztigtoDbm%f!V!lli4H5HImO-%Oq=a-nD*HdV0za6D`9#P1tJSgt-!DlqS3-t?SU~` z2gW0bVD$O5V4N>d^E!spv8IzcbZ5M57`m*9jJR|oiPpV{gv!e8ldjs|o`z+v#o_4}88J%BS5abO1nP^K>!A8dsINIrWji&^P>g;Ro;vME|K3A&ZU^BkMR>_wHBy)HsVMXDnru?BZo>rRqlS}?A zV&N&}Ft$L6ZKc&6q}3Pl%rBIOOEAZ8z?x?D*i>Luwg4+v&nJEMq3vb7`%SS|m?O@~8U8nLTvUN}gnk zOycF)Hu6oEDjz^M*JOy06>11Lf-FME0;TE>mVLv`bA}Ldy#vbcFq_KqRwnThC9;kD zglkjTuNu}cMqBL|8~sLpHoP8n4)<|MJ4#MUrGmMw=(ET_Zgk{ZY}SDMU@8iZ zZ}A;Uo^vbanbS`u-fZD-O~u=$&10kj$+jj6AhmSua(Q zv<3fLAQ)0L!9Xhr4=qT>y_6cgO5`lNDu7IN_%iOLq^L&#o;3S{my+eWLG{s#D1pK( z&Mt`Ovqbx;h3&u4L<)+ZNcjSnSYTbI_&LRc>IZElv6RGONfSCOAWDQlK=(a(Nb-*{ zJJ@8@m<#db?@C88fq<0A3>e}u&p&k%P3t?9_cO%0k?lWeQgxbR%?V;2zw;CtkaRdh zZE4ws_lLPeIMVxBD3Zafx9}<~%aoWQ5+C5iR5h{rU!3?TC#I;0pNqtmhT`vt#GRZd z0z`)+uZTpqA?H&f(Q8OtDiWs|TE9&s-o=UC)x_&W;zNewB_eT)A#s>U{K)`(KarT( zixRu4iCskENKOqX)>Ir`!&MB?@wJ)HN7 z#LYSS))$DxdPDK+MdChA%uy33h{PNN>PCvhshlXOiKng5Az5oZOC(;(iP>tRN$tB~ zG^79I#OVfnekc-`8|n;;#HE~=rY1fo67M$@e?Xt8HMH=bI#TScCf+0x_w~@{oGcQ* z@1bvfv`B2~p>Jq_NNhADb{C278xk!dvDQ%Mo@Y35Lk~TYcZkGIhT?CC#1TF9aIO@I zlQ=O`P5hfke4G=zsfmk3;**Brw}`}-42hSE#CLn@;T$UxLp}Ahbe2e5(^C)UNg{Ct zCw5R1ts?PZL(Y9qbK;$b)_01;zxLFYPn1|M5^pvXe_15{rKg@49v6ufhC1&Qi8Bp} zWo;#1DH3lmBwnCzT^pmbMdB5ln58D3qEFO-PZx<33!l&+gvL%T)djRwrWEfW81 zNL(WlZ!-+XKSbh9hC1&OiI*FS|5YT8GvvHhB%a5K!nYKq{w$8^*8JzpfQG}M_X62CIk+46Tz{J>EB8<99ZTc7g- zk$6Y8p1eaMabC8*p?{0So3i!Yyk8_v$<|X{g-D!Z$T?jk&M>roiAbDkXlRs3EHUIf zLnMwgZvd5<6z=Ob`)|NHiPza*jxBG7N5Sk@%T`-ZDhuPD9S-CphsvPR!8s zACb7dn|{dN(dX3ad_^Q~G|<~qBJs6udekiyi6KMcZ6fif6ZIfnClXK3)VE$D5|?J` z1==u?SedEEXFrixmZ`6^i%7gSQ?D%?d7Kl=GxflKEfQB5if+8|tv{YspdGk|Ltp7p_X>22sxV&6705U06 zY$6IX?ucWc33v~F=UR+|OzFyH;Cixl+{d@kgfp>N#TJyb@YG~6E|fVo-~jR|9%Yz; zF6RM$*)Y(INUJb|aI8tZ(|~Gb5e(c?8rMoY4GyZUwBJvoLZ_80Gs)M;{4U#G?iG#Q z$6!$conQ-yVxX`YWEd$|4I{$dqJ_nSg=Mf*Mfb$BZPM{7&pZ@xYazMqqV_Ay#pL*U z21U+-!D`^RV9ui?4?X!iq=h*Y7@K!QVGGD3$FqF0#k)lOk#HkyY!be}vm$haLkq%c z5V+9lHXo+C=7LqyrFyclNt?-11pf|XD$=m-SVIw7U|T>Hrz&S96A6N${NSy0;a3UN zl!(Wnc$^>}i;&^Z>AJy_50Oc0pt3Uw8|Q*C*_jfy=WEr$^{RYF!^D8PV*5M_U{L;n zq9V`|ou#J8m2;#0+v+*pV1pb4azF7rkin<=m@QOsq1Jl=>Lp|ig#MwU|}_rsK?ZnBKQR{B&MOMHBoj}H{@E>oC!zB`;_l>Y&$!mi+u0N^EWU%bh5vi$sDCbp9|Se=z2uZ^?ha3VI@H(;-7l(qa7iXV{V zk%~49+6u?L>WUNw%~GX;*5D3WY=A9K>?g1zAN!#Vhq*0(HY|Q=Q;UM5a>-o`;B1DhYj8+KTTqqcqupX8PNw*RC1>GJ;SjMcAcq|l zyG*nn9{N0~sN>`UatFgcx>bHB{C$$!ywC01n1T)WLiwH2y=S@LCZWD1dF^=9z9oCR;w@W!vv{p|%cVDRNSNxD>x=WlLaMkLs&HF3U5?Wf_}@4IK351Xo}t`cU&N`NffY$kh-v+}B2R+$Y&)rQ^?SwzfUtT)v+{TXa4VhT89$px6s%0J-<=viiO} zIqhxL`HlZs#k$=vJQh5e@%b(#NdoKO<_m3S$5^F%I zJofB;QkOY-_;W}9LjRoMF1eW;q^~3g>6u!z9z$TxU`nH;4h88qpC91Sh}oNIl%?)!F{RBg8G8J>)B2#GmX8WnUQ7jv&dKb{{uZVG-Qq69}JPD;-4JgH&L%Z5kKI&i>1>dG=k>IXu)mJ02ioxE) zu_~4ts^CQv9wzf>ldBfT@nr%K5sN4%I0{~$-`zv|<7i29n$qsj(EMjM^=#!o!;sJ) zJWa+9%D-k4BosCrej$J)@_x+0Br)p(UDoq$$oj8#vtF#rx`(nZXg6z~E^8&&FLH6a zS&z<&XB~uPK2e^iaI7*jWQ@k2d&bT-$zsOfY z;|?SXWRYhIua5CBS3^pkh@+3BnY=PV#gijniCe6`$kO9e;4EWoC)MYLgNXr`k^dmK zVg68kriB2zG25_Jma&=!{XFvLq6eTLqc08b>3HzaLvK9XNDtld@Gw2t@K8?=9q`c9 zwGEj5(=h?2*x0^!myjKk4gR*8K6JNPsB{!c2`jNf@DDV3_1e+H0Ddj0|BCB}_(Yj7 zKayW7UoPNl?j$YxmO+~PBfM{^ptP7)^uESqsY=m1-xdXKhjaKfv`?81cWsCCu0uZR z2!97ZEw6o`SaS$B+|d4>?1np#RBfyX^Z55Edw*8FpR*6L=-qP5ksDk41EuQed?swD z@W%a^rDhCxeipjmOYK1%Ft?9xcH&gq3NI4Ckg+nfN zHgOJH0^8av!dSRLdAx}bRfEAv<$ZsM{>pA~58ZhfKg?xM@((fz58cgs^lAv-1>6y` z9kZ3g9NKLmWik}8IILTs;7R0(8s2SFBQ-gsIwWXLDdSTmo5L#E+}TBbSHB{;Ft=1L zp-uOaQ>89gb+~LB+wi~a{tNz>U3LDKU60HEQdeR}*S7pGbs4sHJud%CU5QuPs`4UT zhL^h@m;a@%#A98L%l|S<=YQGtc>FJQO_X=l{4cw<;eQ#uvz7m)uIy7?kH`N~S0LE+ z*#4Kg&MfG9Z2!wlo&ROmw)`)*-F+PXmtEWQzwD~>zwDamf7$id`d?-V|I4i7^1sY# z&;K$@=YN@%=zp2@YyB^?j^TgV9vGu_U_6otMxS2`#`yv@uV?E0FQ30N!T&O=4gX7* z-{^lCvk&_{kYAU6#r9#3{4PwwZu#xXty1NBwCRvP^2pQeGik1(Ic6o41Yx|@&gB-a zN{URt@EGG2evjoI>FUF<{7dx&XD6xWGJ?<9X%_Lw5ljsKZ0gD9GU%>qnjpUB^BED2 ziqWLZ!B?1)C_8MSQL=pCjf_rs6ZXNE?R32)DH#-1HDC_7lL_lU=#4HI35lb{nG9-o z8w|@7J`y?xO_NGD)UTe{z}E+d6WD0`8|CLcqG2-riKZyrGAg}>?iGQ#_C^{`yk8ct z{J|noIf}nd#Zdqmuc5I<#*4`t6z`YO5&`cQXzebszrjY^Zxk7&U_>9_}^ z>z>vFGU&VbkbLodt07U*O-5B33pz8KI3A2TvI??c)r}F~$mcK) z3DJWJ$tT}29v&2hs0zBb1@Mdxs3vDom{yDA@)#fPPcWSkFb|^!8f$Xni%8Hv4e>sC zTq`%y)BZPL`e;toM)=E&)+4+q2y>S00M2Jm5!YxhZ<9gQfIM1rMTWuWuzVf_g;X_P()y6!#n=ZBy0owd9X*m? zwl~Jb2SdzAf6Cq@7@n#3{Gg=|kr7!4_y|}Vl?4hdnHlzEJ|m>{vr% z;tD>Z%A)O56+xrir2D$W{sQmc?NBa3>PjY`l5aa`pf8PPdzyTf0VEiC49!GgCVM|Y8f?CT^R zC}e_LuFA!$I~b%@0yXo0Lo|db*P$7Fp`fSqg%BaoqFg`#6p0WRsF*^qqT;Ujar#&F zzz?uC>!cVdMbZ`8i&ePboeIJWswY38guCoxuMpKnD!`8 zF$IU!LaHJYnb2vE1CM08ryv)2BxAk9|2!Gxo&NQ-K^XDjYq9)2-Ks<^uA2wWL_T63Q0QDd?h}u<>n8$n z5szRPB7CBD?GWX59mF%G|?Tbu5K(W<-Txoty?6|e0!^X|m<$+Qo zov}afmJhT~xF;(A6T*G&>-Grup0EE)!d>4!;g0zF4<_7Czxrbd*HKeNgnN3Vo}C7s z<5|)<=nD+uKy8X^Z$uqm{ZB@8$CvGmXz0uTYDC@gs`f{8`j>z3h;~8)PWifDHKGtN zG?Eyzgi+K^hu~E=n#0}lquKa%%j@YJRpifDT}agzm|a!%JeE@BR0@I_91_%Kr-c`$ z=+qX>p(ITpxmXW?T%b{>e$Zzn|2wiF?xVKF-4b7sKS-S_Xhf2Dk4)yPdD>BkX)Pey zBQ+xBi`K%>6;p>l`23Gup_F~z&I;x7&wtYj<)qL5n-$8}yA3N8ZIlVUp*B}6^F*NA zD>}4Vv7DWz>4KjM?}!`C1zRbPUk7yW1Eb^|LxkXYT$VELt}2 zYG={%;;!GcXqmO^cU!cay6d+tTE1+gMN4BO4eJ#eNbi|qdE$*NKq;bntKnRE zSo1EHufs;JU?jKf%#NP@>&i8#U;0}gJ;t4r@vk|QfJcR(TVy;RyDV@01)DWfLOG)CJT41 zlaF)aH=B=jesNSC?Bh|Pe*WZtGVl+4(%!(&|K#@{`20`);DN9E_`e=_RfWP3(}0`t zOCz2X*|7iD%8xo#4n+1r^iaIfvzvI}Ut>Sr^YGH%pr?KOKN{-LX(!I4*4VjmD=dD>pmcg51kLBVuQkxzfnjrEB~bT8cx88^6N z`;%}{?L22Vb|#X3?rkc*CVg44IqYcJ#oLzf-jk~S#3$&-Tcp+QRNA2w$5=~}N@bVj zMYG>Zk*6Hy2%W&^C%3Ozk`{~gd{*RWZ_~JIEDPP{21iR{X)QU;yqKgFg3q8u^1V+4 z=e8923(c}C>BVI2E4RMd^b4(9Vp)mMDP+2X0)$u5CQVJD+5BRPA;TsuL*-`ilvH*Z zvL(Hks%x^$Ma^Lw)*;#>zpbKxn{1v%f$`Yq-W+h-@Qn7cBWsmi=>W%u-PytuUhJT& z$9n?$7pzj+A)j)c9kE_+wi9v19zPQ~WVK{+JPe>>PiT;*VDGsH4Y#S*ms=$(zI9 zB!_mT0E>mmv}Int3(k}ESW}SCT-p|n-%xD}6k4P@_$PL7hZ~2w!n+5?LN?^O(zdwL z>NX1cb`3k<>dp5A9dKMvl5A$_l6vf)XJZ@PRa?mOBYruEY)xUI35YCAQeooq=UZK; zcZ5C%2Nx?{4JX`|#s0g_zs;5$^KUyN+2G&y;qkI>3@ zZ=-y*3VBb)CIBqunT7FC>gqLQQzMg*Gj=PPF@7BC%weQ<@dO;!WuAf!-p+7+ zw7KLiu9mv8J%d7qcw=IG>E2yB#c~4j*L%;UO9owXM>plCg#O1p@~A{N_+0-MIyrZ! zw|Yh=(&@(d=Be<%aj_dI+%PdZ^N~^YYN7eQ2BN&#vlWVonR z_%@RNo0%dyXNGBC*c=;g`p(f&MSEx?<0rK}+RXouD@S_lbe7V2mZ*AYtV3{N*@b*- z&qR)mvG|^@fTP3}`0Hd>eyz6`oUhAadWv2}>y+ZrmYl&u*s!cy~FxpF9wPMDP zNrlOvyt&y@9!hlqgUhMF_^Id7-aZ;wlXdMi9gF^xGL?=Fxz=2rlD_TAQs?7zZ?jje+r-tWElxteb%llhU|RaNR()1;(eq z<_aA)rTj8m9HSJk2c>5MopW8mDJ#hwzxcuKX!vqQr$U}uUHNvR`HHKm#e216D{BJA zM&|=#c`=M#yis86x>gvQYm>Un%odnhKTN}v@AUEqW}o=@!va(DzVCPL%6A{RfG`!6 zIErt4!1xFfV6NCi-Qc?`(T9dO^4LB6?;8kt`ui`3s@Ni5@Z3^qhO>df=x!hpB*jo? zQvS8!#}@K^&Q#HF@&sXzX$dFUcP*)cTr-yqO5CIL-;qASACuo#B2H}rX`>Woo83Jfhc>BX#-k%RxyXo;>Tp1M)= zpQ=~>9;W{P61)u=#{uv3Qw{LW3m*gC8_(6?{p!}yp(QWhpCaJ>_{OJBTQc|Z;&$Qv zAw=-DabGRQmaczSVzHqomVh|nKwBJAzFQ8;49pLK2H_JqWm~|xU3NAGoS(?f&&v-d zm1S_$Cbds<0{B$?xm>(ac81WkyZae<{K=5$+BNM^tbcM|pg0tmxKVcH%O(9qcXJA~ z?gk_0PI`abp`D_;|9GbF4%a6mzf-#ldTr9*d5brF!pV)3p8E(i;VrnImgM^4XqfP z5JiBhc!C6)->Bp3&94!j67RPa*Df2;wXzL#HKKeRU4;qQB770%;e0$Du3E8+k_DDn zkHcuP$3Mk9=Xn@aEZ(xxJTvR1@3AG~^wRDDG@ zb0ZvdW8I%2+2%l}PwCXhz=b{6i|${Y(0z|QGscA%b`M;Vqvyi=|8)FZNN5rBAx#<{ zxvWvggg31d7;1mMy`kh6r;kSEhIMiJ($Bmxex!;pwZa%Q6CXaQmwQgA?1=RYGxH<@O=Rr>poj&1KmFH3gJEzgdU0 zp|3L1+Pbg$hM7=Jn)Rwl6XbWZ;slHdH&6ct{_DU}t8K#lc zKHeEFk^iK%|26+*u5FwDbTqzJqkZG|*g&q;2H5yLCN|b;;>7qpCb8FQlHB+`*6p<# zIug$-0LT4K299kp9H0G)!0{;*_qvIeG}unbXyhjs9`_T&%bGUM`)T(n zpp6Z^&_-^ojjd}$8$Bgks$`>>@h<$MRaxO4t~^&$Kd6i{ThxxvgTC)APAc>IE0}dl z!h85T3CvoQ)Z9`64FQZFZn;QY z_a32Mz0#?41UmTMBbXjP`Uan%#<_wMS2zdND=iQwHBOj|Iw{vaYz8fCq&M1IlMg8`{S7I; z`5}`xPY6Y46Z+*0?UU|sHr6<|S&$dIiL|ua{*t8l9!GYF8e*hOop%3bHH;R?9{D|& zJXNQ6sAs5H909VU1N&h81a^&PQw&3KB~M-Ks+^ivgbq@eDDT8-Ol?-bsF+Z#7kI7s z-%!3B4wGdkp;!nW65dQy2Yqa-x07miNi$THzz;&-YiqHrO)|c@HppYiW|C~g5PX?J zgh@-TEk=7+(fmyf@qr{PylS1>h(l_eFz?hlX~|{M#?Tcck?O3Yb&5jFi*dnNdgOX# zA52ta$bE`2fNWqz@S(FQdM0?aYftbhdAP6TF7;c*yed`FzIIJv(ty%h(|`d|UP=bY zIt~v^IVAR-D*)F@w7r67OpMH3)Oc_rU^z&1)NKV3PioDW>?H28Do;CO22pYN#>;3h zwgTsQEtoQpyCBZ`Jn}VLZvKQM&{T)D=TNE7FwsS&SEz=y1iUihWmTZJ8c+S=JTS3| z$pIs(sO>vnR>e6}!?DV@*@Yy16*_$^=HO3qh#X$xivKG1+NiCfu_KZwmfyypyX6l# zdjEPCyM#VXCk(-rc^-LpG1mIGJw!)j=jWNE%5f|f7PB)>-~p0Du)!MT&|Bpv!CxyB zyHAtsd2{!Tf&enb1dtoj2SP{_K%eLZPy<^Q7Lx!vKj1MnogXMNwH82h{^1w`Xn7}1 z0Co9Z6F}?52}2QBxVDOjO_fB&U$G>b=?X5VJVZpZut8N*MM0WL9=*R@$Rm-Uilmbt zV39<3mhR_!eXDr9WM?5srkNy}2G%(9ETR+%r#vB?zJhd%Y~&&nu_^1sN)K~<)AF7) zBcL|&m~_DcQ&9UxM<)@r9C9`)J`}j3*Nkvc$4j#_#G;ElZyZv7m)DC z7tEeetR`Y$Bg%y51beCm(J{F;L`FJRW7}`qmD~y)JrSCrn2bq z+?uMF2~-^kja}GXkdXI05HswVjC#URUMYG)jq`nY_y`l2v(6ppMb_vmeTU6u*SQPE zSm#|4d7O!}Y#{XCp-cmGTv+lK(!JT$DK%Y(2q4K^wQc2(*Z`{~P^;)1z6ucYE%}l9 zSLT=^Zt`qK)zVTY&8M)XL)c1{1MuQIXfErBZ`smae3tAy!n?HaHSA$wFr><->15$= z9gt3+8wX_LvtmGQFbs%PIh2nv!nt@Kqqm6XYFKF>U3o0=-i> zCI1+6O{ys}9!ifVa2*8C{Gr8FEmCEW=-Yo1hdxTV{X~_OKv_!gd19qEn3Zm#m|g;7 zOiCV5!gUhF)K%| zXQ%OfuMtr&Wx!?d%sYQ-VM-v9AbI7IC(d=rt4M0sRJ|mCiqXQ|^U3PHQwXk;+7(=z zEeV2Y8Tm~3Kjk=ADQBFZ6HFtYiwh=-M5MME6HI&l4Zv5Tpo1dHivw{CO6e=a+Bd;k zF@GEWHBviOw~=QL5g#<+-;DlwI}>Q_nx}h$?Fjo)RStH-h}|eZaluURAzyYWiwTdm z3IfadkuPjC&*@6?L&O(U3TiNl>gRxSW@)X(Hedj@_>x>QC!!BF6iSjRX$W~EpC$t& zXa6o;d-BtSuKAy$u1Qs8JaSJ{R!`u0s?;OID|HC^5TE7DZ}t>4NxsL}bND9gDqc5@ z`Uc{sLlINn=xK_~Hvb;<|4EGgn;SLy|AzqdNb>Om`je?mKwsVjK*{|fhSp&d=VA{9 zITWQQ-KiKGpc;$qJXebt+27i$zMmxEK3(n7q~q?=?0#)@=gW;?2sKyWx@n%kP1wW6 zSMx#Um?mXNbx%{V`2gla%0n|#7oj(MZCLfN#ruIy0O%+|vYp$tUMQuVFo=D&Xi?KYK*g!LP z&;OWB(c(m1A!}7Tx`Gf%P*pQ_>@sKpDui#nq*nxbEupum)|ynalqXgf6`N?yaar8; zl-JYGpMv%DGKe?6diLX!cs)J0m$sh1^;r(Qz#52{T*N%S^BD+4()@I5uFcPgT2d-@ z#HWJqw)0f5Xh*_SaK;O$V5(W&AFyInA4lP>>2k-t7M|4hpNq{x4tF270Se<(43 zA@ajO98CF(F7tcaIP>(x%qLRjvB-R`F7q=Y^T@=^Up;6(^w9_W1Vem#QBnD#ENi%~W=7`>kz!>c!}`-HyivuSL64YDi9+8MB7dLiu!p)%J!m}n!RYQ-d?o*AMH2t zTgI!R-Fkl=ewd8P+Qd(3SLl#HK9&g}Q&`__kU9pZ?(b zKX~kStG^AkZO&uAAAOQ0YHMR-d79GYI9vI3{lR=mb(OE@ioH4hM`@C8yJqx#o7VRR zwePn-O7m#@WqvJw%h&%WHeasM8e6G0))|ep-Ap_7?`_77kP>0_eplOydz4O1U>U-i ztM9O-EZtEt-0q!Kc3oMo=q#k9lyzNGde!vVj=>f?U4m@4`1W3x7WPh}D=^+CEh*(R z{ID;Qf2pD~7m*)S z7^M4zmF8YHcwPse-znHU`Pe%|@_$H*Y<0?Zv(Bav{hMZ?Da(!-5}x@RG{@)7MneKY zbke`rkT4LcFsvC<3Uy$3y+BZQeB&pVHjcz9&qk{}LM89T@NdvbtH@^PkE7n<^$)FB z(e;DMq20EC2y$*F=Bj?aI=JwOu1ZhLJUbDSO|JE7DWmW<`2G z|2S8w`u~%xMLRDv>y|TzA3|b^GT|Z8qRD@@HGk;#6>~L?$W~!K@(_dqYSf&ob+ShE z_ZR9bpMRmrdm3sTs?|DBt@W9QbpG1$KDKV-7wc!P==o7|8&w(nxofFSjH-k1T#jFx z`kqbZRO1e(=DW(i9~3mp;TxJ%mhL78d*Khd5zqJ}&d55j&*|We&U`I!yKsYy#d@Xq zu5(_ZaiyrOY6LHOfje2sIQ5xK8P7I|;e}gDk$tijp>w9-298NV*OVe@npo;*b=g9K z!DBB`zJ567xe$-v=kgVpyc9aJp7JGx_sm%Lrbu+DVIfPRH;O2m6er9V&W<^q4-`Q# zgBi1INnB#48bES_eXcGF+*=L$Mv{#oY^eecOGY7V1@si2lkRsNu8S{5@bgHk<2<>P zBz7SS)A#t=>2qN>U&|u(cB>~a8*as;X-rLQWqz1Rcr2WF@PCOFcFkhAYQGt=!1|Kc zR9v;+J6`e=V?ieDKQdS|Lhn_q52zA>ZVGkFn*f+<1{w!TUa2(TPb1Db$uy^r&cO47 z^7;K>=HB9b6lLj&EVrH@?lQPF`vbpjxIg06jJc%2c{;P!2>c?t@xW#700 z*yKr-s?QBhZWj{kMgRgR%GM2PiR&9H&F+H3UQFGWk1zu<-gC{t8x6&r!3D27%3FFk zq#M7}ugY~$Uy!e1))(@W;PKcWBguC+rKE6;>>-CMe`t@A(}sC*zy?QX`D^+wy?*-j&XFhA|P|n`?p`7r&Z5+zcwGaL1 zuZ3^~mMZ7-=-mo0gmIH0us!)ruC@PuR{ZBWu-j9x*E@nlKsagveAeiRtM3sa*gZyI;!85jGDU;1T8hBuna3x%63tog||s-f0KB9 z(CKI{Z5!CT?j~RTy6QdHNb1dI}G$rJ&Zh69RB?WVuyjY0_nB zPRMex$YM>3XTgMR$TE<#j42`H|&~uz@ z|HC=%;+0@vQ9~Qh2z|N@cSn{H7RfI1(x-Z>K!kuLu*>C=zBgeTkxW;g8Wy z*H*Nn)Zb}v#XTlIAYOuZ5o;(jYC$i-ak)yrIz1rA(jVx^avJLfe0;&##8L&kQ`}7Y zg93Tdq{$OSlW!NVipe)F$WwAo;*{L1>Igr{aUJ28=XdaIL2*-SeW6*|^|DT1XgY3v zp|M?kp;?(K>ve(O3qLGx_l=6lTO)qz+QQEV{{I?3bsByusKwuiA0u$e2!A4e+R^_9 zK>yEH_5VE5r%%$K#}|446Zf}^A=h^#s{iF}sQ()lx1|S*^(R4)O9$-7(lt)b(ej*(oD-CI&g7W;%bP_ zlXF|t1}TLLg>UgaZTc3^oFIIQ_4p?L;_1ijUp)KzWBC?iqWvYm;`wIM2eSG-115W3*iljGuTH z9@~lLTDry~=*oex#lJ!juyZH;+qTufSX$%!7XO-(OKY7!Ql%3WEMkqsb{U~d&I2*Q6MJdQ3FTaV|F!iWM^-m?13rwLc0CJdC{&~$$ zuyHdXg5(EDe!kYLI;G(o)k;L`#NCyeb6r`MY6w51JX#6s>eWW?mu98gJw0Q_)XwVq z5Y4Pa4e+jmZEZdXaz2`-$QWekPQ?$B$k&dnzcex`El=5~JmeD&5DE6yW7}>EEA<>G z%%ZxYiBhsbjJe@#2A_EdEBm=V%D6vfZIIssu-0%4CwbO?LV*9O9-`+%@35)t;* zvYxSH3_66};bVjWg!z0XP(_#`5GIc7t4F-`>z z*`e_a+__fK|Y$F z2dVOF4tux}tu0>0EyMWrcOJ8)58^$dKJ%)B%zJbfmnXQIp!5WniZ#h%p@P-Z6ha2O z87aBzdy`vUeRO189`2JC+-D=`OQo4xOG>4W8%m{Hw?HhGY;aIynM$_KRczo{tze5( zc_O|0=Gh7@Wg9(#BHK`Bz*ICW<*m)VO=T}dKX|2s>aVnpn7ir;j%yWM!GWxju@Xqd zTUSox7*;h^B$ASAs&d3nF8!3&R@sG#Ke(O+vAmr~?UYAY0^LA02eUe@Z$kntuM<@_ za5yn;0dHJKFvZ-Tq!BlPZvwI^zHcm;@-*+%RI!O67!K$1~1#dVn!4O z!!ILEj8?f+MXts?rmo;gZ@mhs%|i>>M8`rdI7vTL-oLapFpFPR2WG&sV~mIQy!cpn zd#dB`rfwXH>M;&$quT{dSu~omNR{`3ri%lYSmQM1#T@Ve(NnaKh#^XZ`|88wDG91Q z1Mb3W)zRF)wztV0Jf9qz1x}Z9a5u)szf73Q%6bqZ>ZR9!Y-gwu5(m0ng&9B zNo$ZQ;Zz8;EDs69k_o~U=*4C^h=t}UEPdSa2gJmGk^CJ_Wa)FtmocM$L>YVsNuNz5 zeJ)Tf;@>FWFQ6&WBL^QujsK$ALaOS=K_-h<`efTD2~2{V$dk z<*X$nvnE*+WY(JtNM^yO^kysm!2vd97mxu&G%}5ybmN0WIgcv*mh!y##uQh}q{j8s zRuL@;k`@J3%By9P6MHyWg=^W3PLTXwWqejoRW#(5ohgPfx2zu#8tDbsyrK~rQQ4P0 zi1Yt64vCR}vn&cSu6<$b*DV(InGiCZfehYs3_Gk3rpWEoQed&LnqhO`Dt;e36h?$X zzDUWD7Iqv63&h<_2TLf9&v@|g@@GURo;ZFUKBQbps0wC`e?{foH+7sFG;;0}2F@Lu zr{`Rofpeqx|1#$yiwSs*T&R%%T0o`0MOha?5`so5>(MPCkb^1G8a+<$?oL*0ScoTK z3uu>e(Pc!XZ@77mlq$a?r1+=s6%Z+NcE>37pd!yBh&D1t-$Jg~;fKO`tlCx7@+mvm zSv2{$T*yZaw_ouQo+{eAK5pDvXwNH{@zZL;ty^-w(>`vg-Z*Zf{o0d?@}mN&Rcdj8 z)JIjM_E{6>g4!w~e~w{QTlN3gdl&Gis;h5&5)ugtoQVnsM2#A2@YbNHiC|4Mff=3A zXhqSArByN13sGheTZ4&{ksOalsda?DEy`O(>BU#t8jP1<0-AuW8u5mgYCvmG94|p_ z3|`28{npxN&Y8(15aq4^?|VL;C(Jqf?6c3>d#}Cry6v?*2!q9or@31m_R^0e+#56N z5k_%Y0^6*s_r{u2^x)f|RyMGJ?B{EC-u-0M`rxpEP;2n+f3_yI`@?pj`xmcC>i)c3 zWN8(qgSbTcNpYX~Hbe5sojfG(G!AvOy;hJqBwa7|_VqokC?e5a95ETTxF5O1D*5g8 zK>h;*`XVBi#NC1SUE{x`BK1YQDC8*npl-+VwJ0jr|aEKRHii1p_-_aCR!3r zw78nMDXEE>DNS^$CT2<#n-fiJb~SNIQWLXNn&?(d%$6p)6HRoxn)oW>ZlWrs36E-m zGh{`cgmDFH8v53N-V8A z_ISfJQhE4*9&PD2QqPBIr1qg^?6E1twot-FbalqO156DSWDC(< zb1JtlUYjPiDl2{-c~u$@)ItZCFYSqPxmzK3 zY=|-zuaY~~G8#W7(uY%0(o<&f z^w??)yZ#__isWAMz*7w7;?)f1J+43rjKjR_qHLPbxx=9;vh1d4(LRWC`oBrF=O-;| z=rCFo+g?p9ifz`gYt^dzfO90Y#`mDw6_a{s;ek_AI@gnLq)oG~J;%*Ge_>r$;+`Yu zJM1~ijj|@hh)Nq#rj14vut7GIVak(2wqnty!Gp#zBtZY=PSSxy8S{;(CQPFFh!f2Tf`SWH^N~M-`L7+=USZeZ^qN9jG=2Ls11a z4N}O=gb@Wz!zd^QL<*T&(M$;h`2+#H0WsF{pi&+b(Sw=tpg{p64@&6)(rpvc3z=+Y z#**ek0VLHbsagYF&e2|Je2I&g8jyCx1dSk%zZjMnxzEKm2z4;QbJAPP#u!ma-yDUu zlaLief}SyRVQ`RnEMGxnkO_LmT!Rr6%YAg2z%FLx=nA=GlA%~nL#T$5G!2#EI=V_~ z^2*httL3g&?Zk4&RD_J#6=wETWE4us5!ny@K2<2n zND+z>(v(X!61idX{x5X4VPibRkX=@iA1N zI{wxJB#LO|KT%C67eZZqeO(uG?s+x8Z&1O<+sI@? z$%meb487uO-d*@Ys6sXS?rvmCpA%(tHn(txI;}_hvfZ z>rC@KJhncayZgR3+xcF1n(yJU71@p7t8%{QN%K8Cw)WYL->Y`M=S}lHJhtww+I`R=f8Jbd&~f3()W1ix5MJ z-VAOa#)x=6$hKO&#zOR2WN@2Kf9I3GYm5UR3bWtF@&hUC-<2Q85766xAj4!fi+J&c zby5xM?IX+C%w2GIIy1M@Ewj95a`U!U!^|E(iq-clpO}DBgcCEn^%u;mvv6XX(uApm z6Hx$UpGjY{b=K`HKW8O}KD1*Z8r)}k06AJ2H|mzNK3-(-ZPp#V;~A-iy$|;iQw)tj z=wKB)kA|;Os~5#pnOCXayKYn>I1hC#%jIOK{yU8;8J~ljX|do@z^HRM&;~Nr1&~fn zpV1LNJk>wbn9+euAO4aK1+-TG3&x2Se_advG8zryd%rP!NL>?j7amWpCp?zk2*1{K z7S&DiAJZ$C8=g)+qmU#@-(uvJH7&U8+WF;^)){`< zOy|#?cXj!s))C}CaRoP+XirpSGZ_ijAb@!xxj{P*4oJ#tpbmER-(y)%rF-y^Jr0e!?( z;=kuNh9iVikTi>=T{U>t14h^*@xlk^Rus%hjNM0>RQ8~8)-WzjgJVj$x^Y6$JePg3V0_|64VfI+&_n`1xfTSvX! ztmf8V@>%G}pfR~1Xk1y4FtX@)Ng&omLy!K9e;abdNAg<&4Q=; zaRFm~;%m~PLJKmGLj>xg+AE4(!(IWuwtN)ehDO-r{Dq_o@Mn-Wu;{Gl zE|5VoINt?ya-?l!Vj-gzp8)+n^3#*oe|> zGRSuA@_g)oReLzh3==_hiArEgU$tw8d_nq z;9pK_bMiUl9Xqby`HhktWGtce;V-%92RY#n{Km*1kU0aWv2rf2vDez7@Tkd1;0||% zGz?gWdGR#yv7s8O)%xEyvKBwQ6{#Yn;>ob-gaLlH;Bg zFD(%4K5AlYT`!}WVaoB4Em^*dR@!NnNL!fp_;@lAYq<+@<}3;5Rv>9UK<Mz1xQF2{%nAX*gtJwU_Cy6Ii@kG$xQsaYB z>Xd+SS+T$MUs;oSlJcP;%ay<6^Uy)TlF($Lmo%4?mG1qu%Y|NcA!$Kd^bt%=TXc>5 zG^**9-Si9C@;q!ZFtKA=u?jSOBjS$YM6b`dk!&~9$z34EOiIbR`QN9h!EEARTl9X_ zoUjV(;DdmfzWM+t`sE#CIWtk-Mpm1bysAZ(jpo@D3;4(z30-L{M}p_k>Zh;`*5%k(_sOtKPuGVu=(JLJX6F76rVX^cYE|LB1z0g5tlw5SU>~DwrWbI9yqvi`+ zmp`%=yd{nQcp9akaX(_F`_1wK*Btmr7fU^uUy?Kx>E~HZ46=~Fwtr$${3S1Gk>f@s zrr|7e>ZPX}BXKZRs~-g?ww`I*Gqn0+*~Y`n0$EFO!jd>th2{%skqRodv$;UVoq0zs zw+P}lBam`6nXv$IPItnrl5+7*GA|+A=cvf9m`{D_4t8*V#>J%uXHrwMY0Is)SxPgz zCX<;{N!L^{(+Qkda1Ar3k_RFCyqGAG1#14fTr%|10cGpqosbmC^aIwdE&6~OQD$(> zF>wM6qdM#(wq-KQY%FIJ$;8d%yE{KW6A#@3SoY@(Yg{RB zR6}cwUFM|heXQVSlxp67E9|12 zU0Y#ao&zv{pye*gQN;5;vJ=%dvoD1fT}n6ZX5SvZYt7z=W+gjF*AJc~2h8j8;$!^gG>c;- zkS|K0q?2|57TKm*utf^{q}4x&MvQ5Y1DS)<8(IHhEa>$c6*E#BT&$qz+HU{g|9{GCuX|^sr=BPI!#%?T1$_Bk^8^r!6ZlA9g#c>5!~|!C%+v z%V^t7==fM9n|C%*t|M3)?+i@r_J95_0u|^GBq`)XcZ7)CUCA$-PtC>O!WK`W$a~N+ zFL1&_45NoM1Ek#vBOgrB;4`4c{at(94{+?I|4ZY4+7$zh|F35aHvY&r`%TCH!L|AkJXO<4x|`;O3*2yjq@De{_K>px1c>^a>)jA3 z4V4zg-ZO=-TF!{V^I1dl+3PFWOz?>4xf0UL{Cu7w<{d91xefKG=Ul_!8Zy`0U84Vk zKLYK4+ppKqT-W4;6ETX=kaf@itzhPhY3AGUo-^}W{YN`er~IoRO*xV;(4g_yIiszF zNo(R`E_%3@-wo$sR*z>27HQ9M#os}EG{hT77awg2eT&cAdR2%CV)m0mOk7PhsP!VW zej=|=EZq&P35nHzNhbb7|-@m@SWj4Uwdmn&euvpqp|(Y*IHLl1;oO} z5-nr}Ho1aBt)1cu4&A5i4n736vdC8Nk@1Ok`tL91oxWr7F6)%lrr*}%+VpK!SMB>h zyUe}sU)1nTc`^8Z5MW9)<>St0ZRH)G{c;^WV%Ov3J3(50ab;T0N*pu$Qym}PZvE&i z^7;JhK#~?!e4QYKTk5f>c*`IabzLfspo;NJ$+{pPY*rsUM?HT3OnO`a#kiC|quSqu z@}mck_eTAeyPAD`gYA=XZxB8iY2*3%67eo?D9A?$wW7iCHt+P$`bg#7z-myKREo4h zdec5v=?ceZ=Of$s_iV2)o;0#}Vm3qLl4y$}Jl3!MKsKQz{~!#IA@Il$c+?OK0@hCB ze|}5&w)-6TPELg{<9`Xh^fc&d0%gz%8gl=YcN(iS)iNA>G~&~p(fIzueSM;#Yv3_y z;31I_84QtzJ|4<06gm{v;1uXYgl4s}6(s0HKHsh1uWjZg5h*6d1W!dr24z#5%Zt-M z{0AMn)l?o&4!^X<=(;?SSo{BO3>rO{;XElaA-#yY~r~sxLtM|sWsjbuOvpZSLL1r1%?CxIT?yas_+*#;2=-)lL1%mN zRIw-1clkgn`8p%;kld8KrPUAPouB<`7*gV=!Cw1G)Tn+2-(_W=zN2SH;F%*g0- znA|kFtkWm6rI%a%^AfreTXrg@;rrH^r$9#gLBLp$_=q$`;sC};i@r(oidH{6F41b& z2C-BYx-FGONDgk>kI_DQf#ck*|0EOgv$la9&gBNnOuh`l1!Z;b2|&kTDJ}#TOV(-ikE6p_obuGTHs|r5 zP!ZX5(aG`d{ymLjdR6|ucCrD6R-axH`hHHhi@NxI4q@MIU3)rr@fAXMpU;(ia=lr$v9ta9bzGAX7Y#Wi#mM~f$iPMjSxyR zZRDO!i&svpH1mSNa>hEY*ua6sR8$0=4HxmziO%qXM^Npfv2qJZ&q<4$l#XqFLqem& zAMVWfKl=H92rUIR1l(wS3gZn?ZJ!sX1bHh>ZY}gn(l+9&e&b<|wH`301dJ=l7T?Y0 z-8^1zV(TT7uh`=QY>&U1?C}9(P8CP*VCSP-eYQP5T#R0vOGe&8pdO)1iav=+)8t^u zm8Xb3{uE9DXIXw};vZ^Alx;_iOxG5+X`8$pq8roJ2_4lIT_BuOSbjo0$@=Rg>0fdE zAs*|azh!W)gFD&cpRTTL3I2o(PM9bdoK_tMxEDz}+>48PZa$cR$Ov6p+sp@;!#|=$ zq@vww^(6u)TCwwgpF}FZL&PLM(^2cd>W5mKps|e&fk3`aM!w75&G2-61XMFmBdrrT zMUhLvp@e1}zg}tsduOsUK}EGy@HMATuTrXAawA}fN?z0=kH}HJnWW(Tk;{jmzYS$} z2|}%qX=XuA*R_o13Fi`f>lA%)O(#vWMLM}|+CbrqLx4{xrR#%e`z8VwrhQE|G^Mj5 zgg96Y?W9d03S(}78IGGLh%qYh9A5K8Ud~`&2ZB*lx8tWl{l0_rrKkqnI)LzM*cnOM z?Ulu#5?q78>m}r)U-I%Xvyf1j==^y8seo2H zFNB`A-AioWiz&Pw!Z*XBEvf1mAlgZV5GxhtHtWG7Xl)d;D`K-a{Mq9XthVy+b=Hhg zL+rqGujb{hXt~3YiQ87`6uM-D-<-f|Aq>| zPGH@#D_-Kx^vg$`p!Cb6p(oeE&(o=xbMP^}m$b~x57#{fE;&VH;q8dX)a2D10>|3- zB+_0UKrFNj7+YQGabpNt*4M0mm&ggSUCKYD#v8^~Qt#21&zd9QV zNkdjwx&w3Q^4^o7*duT*Sb@z3;CKX_0eZdD^MDE-vCG@44{tiv$6d!kQ06UVfDs-- zekX1w_Ji-*8~el8 zbNEo;`nmRsuh3ZC7eIsgqZ?*?C8VpXj{eg->b?MzJAYiOwa3VohKjFh zx1Lh_Ol`xAuO%aT{9>v=_S5-?wOS)bc2WhsgQ^ysGP1Uz;%mF|jxxj>@WdyzT6-4^ zAK9&{ja1cKuk5g2>9db{jwYu6E30yHo{Hg)!9?;DJ=|^m42BTcuhDnC3~{2hSj&L< zMO+o#ajO4s7@v-cbmMb+#qJy*V6!>qwyO^Dbe+9^yhq)iiTg6#`-~BN{`^qJdZarO z2C>!a>pN^}=>!k2cRVka=Mqi1@34IJEHVB>kgg;puPa{-^(s5kn*m1DpMwwF0O~`~ zsZ2H~3-9gzX5W~Nr%ZrcM~|!NwYyrJ&G|M=o}K^WNKQf`apGtsRdI-lA46IcccgLp zVAqdO-`zJZre0h~pPQ31o<%C3jMsYUn$*bXL+NjEXkowp7K6CT81{|%#}9U;ulF30 zwyzCG4A9qksBh1c-Op?3Qv=0^cl!Hob^89=^gjLO&@-1v{RKz5;)o~e53o7Bi8l^+ z-T)+}Dz>z-Curdb5%M;!AU#ixzjaI2q)io*-f+>+V99HtbEg~o=J_M*y^z&DI>R_O zuQy&win1JbtzBoWD$VnB-OGgA-H4p;p!d&7^ZpOu*`}3mBAMicDg@uCSSRV~A}yr1 zI=7%OfXs@BpH3Z6>FKul^;YX|MwTaD;=KJU_uBy)+N8H*uD7k0U&9Lq@u^D_@$dgP z#$(yh-)cNsFCT0?4y{TakH>FG9*@Z7gN?^Z*W1?WW&OuPEv{j-xM=m}bX`evn}naK z&yP-i-hVug$9R@uC|n&1I3S&Kd2)x|*QrCNxQ27%k$Il@F-`-dS4e8$g_H(fTk7i8 z(BauTrMU}J;pv(>I6McZG~jo`18U~iUr;$P2%Jd(=M=lOA_0e!ijFCsBMBvo$S`63 zisl&vqj&g4oP~hpk%+=tqf#CVs4+el| zgd3jwmZgU$9e?uh6IBq`+e&E>Qo(&e@*-Szf4K@{iFUP-!Fq3r#b3; zQ0Ggs>U6SP0$fiM4R<;6-6Z~=vg0neDCkM=TQ&d~i z=V8y??i7aW%Ht3F^2*~Rht%S;)s z3tv~`m3z-O9IySQ*Zmms;>k|W2OY0|Z|*qGJ!Z-H#(otGhb8${a6H3yj&NwN06m5{ za&6I9VVgpX8XQwydwyP`h`Rpc*SPCmRb***XW{+`GNWUOhBv0Lg6xRHqx~K4Y zPMwu#f6R*)^Bk>E`3%qfbU#mRO;e`E>KbHfN3g&1dk9#BYos59bEF?ce1vBRJBkE1 zYq@N?Q@$d2E?0j1nGyP3X+~&eh|HZemG|4#70E4q#yXw z(+|h1oY=^@4cpnQASxjCCM;`Wt?i$V+@GuqY+h*>1uC$Kb(9`)WWhhGftV@u1ARLE zOoA4+oikC4gb@SaQ+aq*TSZe=TSeP29}B+5YGpD^`69=we8#&JNDEh;3L#^iy zP(efQPjvRU-i?_BsNU$=NuBgjy}^hobH=0x&HF&j>{<59x2NztLvV7HBt_=grDaZPIO+F zh8GU!Qwz%xZ)dB23;v(@42^Gh|GKq_AVHeV%Wdz|?p&Y0zTs{(R<5o2lsM!r z+M!OrWaMgJMr+@efO)b`E2!)VL_(#u*y&x1-cA3k-(<?93Ip7`~gDgyKoZIFx zOocr7!n%|p^BH%b9f`}+!A8$1MwgRA?TLJh#ZGQM zl6`NIIAnzT;^29k^1Vbp>E7hXax|HAtBF?`@} z%@6s&-{CXUWozt|^r#i2+o~W>rR*(hp=W~kGQNm2>e;s)&Dk13%&9h6Z*?4;&VJy0 z&fK_ydVu)X=pCFBXcTK!(=~5>^w}mJ##?7FgCxd`$_0LfW zCyh+%T@QLaaPRh$-fcdId*?rYu-*R~)xjK3G@2N#INI)WzLm4^Bz_o>()rd0G(AvT*&+@4N5&Lt{I>cQPJS;mJo?f%a zk(P>aPAua!m6L7hK`J5yy=%=`&gCie0lf- zw6>x|<%qdIvOS8>n*V8^ z=6@le_i`5I85oI~euGBZhmj^)TTzs5q{B4Qt#F7w9)m;nsx$d3m;Z3*gI&Y}NP5`E zc(51B_}d4VpDyG>%5s3&ls8QkpGuuvz5}!p6V^_2N7g&`Tq+|gVS7cMTJP^L(Fu0? z$z%ATl^`HH5S0rf$b((~E3nbETQbzJ(zM}o2^?m4dE4ZisqiNyU&2MilDrlW-i7w+ zfPUGAfPPg6(V7+X{nZG489FTQ;1 z^k;qKA*yn=o*^kkXmFcGP4IO6gW8~Xn&&6+G|!Gw+*b^Nw1}@U77)vDF-;4N@64R| zl(HvL4_R|sRXoSG&=}1-jQkY6Wm<05a47tdBEEGu zL^_Atp#dY?hhO_sUu0{qDp2$O^5~cJwHJ`>wXnsvK{gRcqtJW7;*BgF>bnLWHNL$?!nt~$`!eva_l;R(MrXI@Z zJzbwb)~i#*Zc+OAaACa}?(3uqn! zq-yu;dCVcoN8ztoFcNcZF^Y8J{Ep;QsaO>>3-<6uYFa!br_?puq(O_d=Cp#(i?wKL zV!+e_lL*WV}i;ih28ds_XyjCNt#BP)vPH-)YO*@RzB zIk|e#GN;SWD+i`$u4O3%O|~(d%}{w@Xp^Mbh8Mb~jrYW_NYS_O$FiM|{d6~d?02JK z;-K{p^}RvVT4h~BbPr=Wwto0lPw`Dzjujjpo1i1FTdyMHqtsD(Z#WW*D(NF8(tgIo zO1A%TP6OEEPdkhQLrFb(fG99woDaeCU+rf{g_0^fX)L#2-~{=g)w2JdB)U(7=#EJb zALYzB)Lj*;Yn!n9WdsbOFveBnI#sbbG{#@jGXKi>=)jbU&Gv)&7unz%5(;%<2MJY~ z*A=D?pY%eUYpj}r{Sz;!ktp|O9y6ys%X`c*v;>CPfmQ7kKozserJ6&5POPX*`0hyn z$r-Dx;0Tg8oGp6Lje{t}C)QVoV&gcV*#|0p@-ac)IEd(^|vYlY!-SSIUkDJr5Ce&3oPr|9p&FuFBgD@kF{W+0MXSg_#<#+QU zqCKa)0L*A7_Jjh&Vy$}$yk4^JWP1hYS)>n_T9G|C!O0EyDR)0fY+D(_$t8WFOFZu0 zLnSyl>2waJv6>)x>=HaVVT8D+r}wXR@vN3T=$&fN-`vB+v+m+~cBj1<53ll2mSw@M z-ki48ox>MIYIC1Ug>Z6u@OBZtNHd6rCp0#}r1vU9V!fNqLPV1#F@0neWyic;}+y6d37mrz1dPFuz6boUnhZAHm@ zD6#171N!Sm$!93(p}Q~WZwE@CJFmzZX3LmVLMYW%u{Yg~rN8kgIS??_tRTc*OC+T1 z&zaVN-5jkL*!T{~D*AfX!m2K>P+k6Y)@ObCWf@=da8Y$=VMv& ze0Y^kNn7L3YuPgFNl)f5&x;>xYc3vF|3>IspOHPI>Nuu+Z50~*ji&1^>(5%AbI;^% zT^Vg;Kif*mG@=ZeH`uLB46Y`^zXHl)B0b;tlkV-$8I$_r7uYXaXYAOoU(1(MS(=tR zJCj=Opq9zX8>GMNDD4NOk7VHNk})%LO!xJYbnn;JjPis>Bnv)?CvH^ybjPhY>EW$bF#JN^702E-&^Y;>=?4RhdTmql!)( z)g`qViJOV@{&ZVX(Mh-rNggV-Yx1o*B)ihE#<%bpOyfK|xDhqhx;0zvRlnr+_fWpJ znV|_jlRO-Z${ZVz90f>~08$A{%TWZ$O!_{n@A|yrFU_yWr-GfK5dm^CvW}yd9)pI< z?NnPy>!oWPJ?UqkQXWQ?)B^Q~S~-N{CbS{4IMO5x3vRZSkYd=^M@8MfDdEoW77$3a z_fB zrcnw7$+0WaT5A3F#GXDo*qU`;A3KIQn>^&%8J%o|g)LWPLu)KaO*s zf3)NO(YNDo`Hk}!wI?{EF36x%^Ianph_p3EP3VDv4SMG4(fUO zK}0_Kk%NY3lTM_JoD1vNa6|vv>zWj4r9#f7&NP#ps1ld3@T*JPq)wL{N=q);hAEdE zcS~g33B0n$og!j?BH?yln`>A4E%00EzSJx(? z8gD2d($6VxNMUr^aFWzHw6(SQkC}w)bx+|l#19e$&htf1@`U&DwP%W2;nWd7c^9*fNysW>pTycwLyyt|I~SL3nKV%*H}0 zh?k3gv2H!Ps?2?ce}Utqv7s>T)m?gR`Rky3;wo=`yd^8vvL7QkXT?*z! zOPx|5UE+>Z&9m8;Gg_T(qgS*c+ezunrHt9v6R(`ro3qc`xp4 z3?|O>eXD60A*yKt6%kshWY~BFrNAv|XBvQSUSvlHia`ZAS}WvhD&jhZiLnFoM65xq zg|D5X*n9PS3Jn#i(0jFlOgH-yFepeT6AbiGEWm)V64bG*33Q$_$e1zsP+4B8_D~qz7kD0(} z&P{VKS~Fr;*}f?;WWCm+9~0Y6bwC2FNHEiW-t{V#Czd~miVf1m)ChUCF&QHIM#O1X z;@744F`0nVy5y39($noU-dW1|Umyr)1;Ch&q-Isoz^xCZ{n}=3Y{2u%LLaR=e@fEO zo4atnT_LnR3>VRRs%YoQ`V#tzQc+fr7nT0Pq)pahwqGrk&^e1i!(3UN=VWP3P5J4<66rXD^R$2JGenh4 z(#UZ#x=kNxKb?$nP>1wO>DXZ$l3??zo zopC~hD%;Ekj*jeJPCTo{Dm;}|F9D|?kW7OdlPZw$p1 zRh4|^*PjYo@da{T&u{#;0Evcz#=`~3G!&T9jIY~)-BsjWIJF!*b$?gZH;MSxE5X$y z2pAa=17uCiA#)rNPb?n#m=@)Pg0B38&79y-CAK$8i?}OdY-y$5CCz5QI5=R;^^#&{__e>CY0ncww!{*t#sj|8V&c@W3n+V>#!_QtQqtN2^og|2HbT=Hb9|2MR52Qe71CIXJTf61^)xeqrh zjE3syHW%)y_^;-p>>2+QD@hB%e9HI z?!Ecf?3CYV2mNXjn_Kv&arNFpb@vupZLmQ3dwR80i(YgRkqG@&a%S?Gzec&wcoc%4 zTmD1fQL_|n)t8F=ldmOlh+D0@wvYGt+p`K7<7gLRffE-japHo7OWL(=Jr2ooXrDr1 zsr}TaXdkhDvg)Q#F4XSXnyRcIg zcDoCERiQ2M;@Vaxa0PS{g|^}W*S3-Y*S3}c*S4Ag*S4O4d*QmaH4O~2>)O^eFodpa zTid`exUOxz0j|CwzUDcw$%Z+wh^F=u5Fb{+i5w38?X~Ihqxz8xqYu9 zpTO3cV18pLQ>?eK5?F(03qBuDewFnFz_7BtsC)FQx7Ka+WEK)8LRKi>pl^7=I?O{> zt`Qr`bX7G%DuL|K@KKNn^;;ORxwMqXxmw1{vMA=zZ!5nv72 z>c)d0t(*;Z%)T=1MnMW9bg1Z?%Pq*}f&@7}>O#|gD)6K?7{nVGc*s~M8!W%Pr$QiiaKilJza&gN=nG1k5lPm@baxE3h|SzzKK^UqAl zj`*GE-d`?nXhwNJmyR1z{wnL4kst=IkMSFtZ*B+PQ&jz{e_`L@Iq;Kx5D~mEEtsd_ zn15a*tI1Dmc@7n8(P`jmsGJvx7Clkj^4id%%<(u8J+=C6?Cy1+g!7zhN%F>j#t%u* zf075a=oXBd@KM2%543uC!U27;%2s8C-~GL(2(82G93K-0(C8oOXO%bH<|nN6ddk+K zKcSJh%O}$LBvuk#S7!T(Er*ZLq@%?*(Pv~51OC@Z#DHItRfl}BX7!gA!r65cN5Ep1NkBHCn8K;wu{#36j$s_X-`3XwRGZHmJ(>X|s$>>dnrbm~7BjI7i z(~0EOQ;2J$Sw_7rKAxKSjWm# zJ6&7;+w?5noXqc$_iX)iPLcTzyy@StUCy>yf2P`9N7186E%8G*(=(GJLA|&)`F?dq zSwnpRbe{=2MPZJGPK|is^Hz`!Em}WH$OgztB?%DtT`^jIyVdWKQL0@1u2#P->bFDv zcB2s;23dA&|io)i_jii)JD)K%n@qM5Fu*-}*P6{u0PP>LE{wU$WH z3Rlr8DQa>RwMbEit7x+nS$z11$F6iVk6pJspjomXRLX-KDxuNL%axhSO^jxts!Fu9 zm@cVjs$fogw45%pM?q^yTWf~;cGaGV9k{INP%0#udj*L%#GUciO{qZ|GyXBF=|}Ts zzjovy1V_0>vP5<>UuS9Uq{+Ur`tXUgeh($!q$ad?&_^QYnAg$Xaoeud8r%vNzZq3X zdxsYw5h%{Uj0vL%I%>@a+bY=V_!=|a5z187R3N>0oy05xUy&rHQici4CXi2dfq$?A ze*V!_41NKDFEw4@myUG6_l-;j|F$g*KB^?ZkNV_J1}=)>K%n(pp2vk4oQb@;NaA2KXL)j0B+rWEju)Mm=N6+xcc0MhLfo#2*3(ZzG!Fo-iAMRx%T(X2rSFiC zzKk>9##Zx>xk2*acJi|ad--m;mtI5Aa{gI4lYg3L^G~dbf0kF%4+-}4zuwr5QGBHF zX1eKmDr-O*UAPN0x{zq}#C|loFoi~UAHEYBJ!h9_^qgIy(Q|f*M$g$L8a-#1X!M+2 zqS149jYgCC3g|MiAB`^jU#8J}3U&L6Bq5*K%yTX@8o}8e8tr?m^4hsqhw`f~^XvPL zo>SIdK04=0(muBCIaJd8mp5TpX-p!`i}8r=gsL(wCTN@HqHDlKM3&YZy5>E6eP$Qu-7JM-lgnjV3V_@oX$g$Gw)J9W^a?T zr8uc?lQZv9_z@?_*;0sNHaYVyg|L<&XGkj3WwGk!w@1 zHYRG>M98qfh>&4X5gK425oTcVP>--+h>&5C5Fx|Dpgk2hPlOB@PJ|2?PJ|5DO@yq7 zevC$7c7l*iqn|l?qZb?NM1?wyz!{|I)WmGZlq?FYCd60h(+IplSbDBgL6j`Yl+0iW zm>yKi%Ri#bL3f} zJYxi!$mB3UiZm%?JR)9$3wiFSkkN@oiP4Z}65vWrCW=JlrI3+}$bca13Mph9%Voky zGCt-UOI>O*Y1A15sE{!(mx-f8B7`tTnU3g;B#^#=fFNcdi)0LCq|pUwbU_-Okw)8x zag_KI;11J9!dKvE15-!30opb&3TuxCm`w3%8TC-&` z60D_3oYnt4&K)G=U)M?Q+K9wS?yf9R$YTr`lfR^l(n-WH)#ngCnjufc4JP37U!~5 zt>(7qySZwyI1kgWM;q5^#*$FIL{R?0s&Mz@5NYVN+#7Nxl02M!G2N7t zXq=NzccV(>E|BA;yD^8z-M%@5`y~qZiOU_VICjH-OU0Ym0;ZYzs-Eo|(OV zOe)8_=Xc5R(g>uenRd$fQkPf?%@wK1VS|zIYlTa4qDNqhJ*oUK_^!eD;fzt*n(Rl5 zl44+Ne1^DD7&8~{k6|2j^S&5H@@Ol~VSbxNRDeNm)a-#WDt|8Clao~Qn_o>*&D&yA zl5##@(Ej9qx|H*c$;$aL`!afu26}JbhtYd9(enHxr94oBUYR+<;kIXwNanV;Zv?m9 zh$@b1fh!r!03I?RsIWJ>g5BX|3cS(PayMJ_N-fNKu!}dMP4IgwJNW0p%`yb=oKEZ` zoIU)xS9l+3z^A>@B_l+^APT1yBV-SvJEL(GgA@IeltH6lL?5ObQaYiw+Dbylk$Ezl zQ?~^dqMMaUXU1=?#PTFP0a$Mu1=i}BG1p+UzKrNG z%YnCZT<8qB4tl%MqMKt)5pWl#2`QV(dH@WB&Pc4V4K~?PKZjRzBW(BZDCa1mE|(E2 zNZ(90%=S#nBtNB(u=k#pq5Kl0HJcA8azoDSz;HnB5>|BK3|umcX$q4Nb1?}oyfofp zOALh=VP+S|g?le?@ur{f1S|-;u4;Q`54Z1~vmkq=Qt#{O8#oWL*FgQJ=jd_h zLbqE8c`-M4gIa~hI!+!@l+dL1(vRC&1eKZIN@Z~tiK2um=VY_*N_6TT1Np9)cm#Z) zX4|4GX$CT2IHO;ya~e4gwDWfrA>;4Rzox#vrG1BTt9mUM!CkJ$ENuY!X z@vPCDtJxP>Seh07p5Kfz&_=MhuB7U+E2~4V$8(+h8c%EWN29*fLVPFOQ9l4saPAZA ztip~f8P8KC1?Iw0yxObz=fNua=?cOukMkw)OysXLk z#S1>hw8MyX%AF{3W0u@OoClF-m1vC30K_QCGgjT|u~qbA#A>0}i(&s$_=XT#QeE`0 zG1lhlu@)&5?Q)E51V&8Mu`yQa>aopID0=1?n+lAWXk}xp+tp*;QV0@5cWf~*VqUpp z6|Wx4Q5tnAWW#|G%ac3S^y;yEDHJtzjO_>1a{-qbeLYqzg`&HTfg6E_Nvg0tOpihB zV#J;R!DJ;WT9j#GU78Uql{+E5F;Qp7l)`_5jHOZ7?V;XHd9^z@g=-0RnJ5gB2pid%%XUm1&%p58aW~FciA7$GcwA`4Ot4wTYqGrY}JIYZg zFPWd|Y%aWpXpg~)qIytA2THbU^?QAV6cx|;>RPb|%X&B}U1sPVY8Z9=#0X%W8gr^a zY-jt8M)AMzMRoEaAD?m_rfxlJ220)!O%9Y?dSG?ik&B>*3Z(Z-8JR22(>6YdvTzs`N+tvcU-uWTDArk-n^JkHOJI z_8vTQrr(%0yRXtmL`o3=tb8PM<^J$nLF0cKTxS|&b+gxCF!~{(59ml}0nt;5y7nPc z#6=4O`bQi*?l5A4A3n?#a;@!2u!!PzNTZkAb*1LCj#31G>*Dw|C2gSth#Mb{#M+7u z5z1s`+Hv6CDl>SBiTHDWZf0LWF&=Wt+6O_bwEC#WWfJNZI1gnw*D?awaE^4td7!}Q zOTby?f)l00&KM@!DQ$d7f!Eg$UILLr^hqnG&^S}5A)7T>Hn>^96|$(nh5nqtUF8OM zR)GuLd21Qmssy;RM?2suuTaB8n{x(&w<;aH%CD3Oa3Y$xZ6*V7Cuz}>1vuX3Ti?rO z;93rK0k^4{fvZda_lHpqaFsT2XftX35qyP!kN(c`^64Gf7Z^zTFOW&4E%^ZTMFQ1w z4XqG}UUNQ7{3G`k!^f@CL`ps_WGu_bdE6^`XK!1q~`eiosXfuU=q=SFi!0iTR?rza?lSGw=GU-)S1c~I)#;pm^X=6s+>9`Vqq4~On7 zPg%pc9-v1adioNLJYusGgplGSwIvRpG=qN$72|kJYu8jFyVQ+5CnFq|k+xj~{Rx_3TT({%Qi^_DA5_^o3u4Tk#iu zox?2G2ZoD=;Dx01esqF9k?RqO$L&ReefU4%L0H&xJyhIM1o)p*@RKyC_);*W*qL~& z`?UI{pWvvLLWCV80sD=+IcB~>go6p_JqYLoxOtD*h!EbZ>wClPK>?t^2d(}@Y7wRm z1gTBIiMPAP)5FxWGp$x$q%%V{4qJ5e&y{ly%x-3EP@5toT{)d8T!^_Gnkf~HlW93w zGu-QS3Ud@%{T?J;f)6(9#Inu%f57;?#2l^TK!S+mnt}Mwe9mLagZR;+S=4x9{Gs$I zT;A7L%gP*2Xskc7h|J!@=_lV4$|2fA6+o!GFO??{89&|&v>pFqYX$${+X94zfXh14OgNi_co_ z^SVLf35LUOgme5@Lam+I0kfbq?p5$c+GqPCPpt?o@RwZIi}R;5sP0+a2*l}I$Fjnk zkO?4w_>J?u{we3@ghxVea>wsK@8c3S!RF2<2k*N=QMFB%*GAUKd~cV^p&r1jMrpsS0;^TSF;pANo4(G zE)-L@@*zW*ys-rQG<}m=IBZ`tbbm{NB^yF#_|3EPPmN3+k?Gf82!H4^%5yFM#E#H$ zL4BRS_5EyrWy;#=Mk{=r9CzK3iY>Z6ZGc!Drgu^{^d?g!v+O*a(`XE+* zkYHuO6EqZAS<1-OiG4|)iEPcMM$7aKWs%OzvKOq#maNvU%wR&JvC>gUhTs-Jw?aOQS`NoI`Bi6C3;FCSP6+RlazZ#@PRR8~)))FC zTX)bf#rLz~*%i+J#Kng@^J!JpDR_-{P;RhkD4 z^dMf7T6!%?FHbGK2&HGImQF+Il+@B9lpdB^Iv%B(E6nc*DnKyb+JVlGFI4Bp%e9H; z7LcdI#6Uq2{a;={zSB1pR3ePY>?AV)POV_(PI-cCy@m8tE2Mg~TIdz}pIo{o$iMv>|Hbx{LCw=h2#Box)ieBcND%Ebx_>YaRXfCEO8x}r#NS{>}6zldw`}*Qf z?=;@duE7)Ija(Bp0L#94>_pATz8xo{Tc0WAt|IvYG^nVf_)`cs0#O%cI zTqy9ca&^%w-~ISJ^9N^qK6?4Phvy_0JkRCzedqA};r9+aKlqQq(-wVz*{(2oQ$_!&`LRDel0H4u&3$+5Ptx54ejvr6D*8{YU${Ql{!dmm ze}CnF5~LO-xfb>oA3W--)DmI%HH38eTbu)@)3i>m)l3|<$FIJ8d`pP ze#vA%3xekWu#XT4=J>Ql>)cSCGE}I(6+a21X{0yn+T$a=*`Xo?$YMveMwnmw#`=u& zIEXflUKAw~N1N+dOMf?1IClrX$xa^}%gc!pMwAbN&K^SsXg9zk7T#2NSogEwzrO=` z#CDqs52P~dy%pa9JUK3S?BH+)Ylp4#z6*G~Y2krPXSLn)9l(>979L2Y)(PJQJnVMV z4}T!UTle4n9l+C_79JQlt+C$$JW+O(B4xq&l*GH_zzmpfT0Z10rTkls4|`>)@fjv* z>!Ab(f$sV3e|&r*Y-{gqVi>9@s~+UEPdh5Xb;0%!c`H1YXi zGPWaIl9{HFb3C+1a}sfe*ZcLC{rca@#CmVvv682hlYd)({k1w3fkPy1WY5((j4u3@ zJ&9uwz3Q^ecv$%et5}5FMznt3%I9XHZ_qtm=i~Z$_M5$vga5(glM)Jg5(k6+{TvAf zE%vgKmeBPn@u2%!Va-j%gGPgifY7<@l5uB2nuyTtc0_2hIalML!C+CLwP=u!QIM)5 zyZgn15gEE2{=GcKcHm_gknpdqyr3|Hlbz!(U}pEcO>daNDx8X=5(JDs?R*UPRb+^} zjCjYZst~*O3^Qv%z?=%LJ$X@oJV*PuhpKqvhr9Sg35e^DJe>!|6CcYeChs2}`e4b| zTKy=VQb{fDGb>6-30s8IT6D{qjySj5Ft{ixXkCC)eR2blsL^J2^;-wqDFYGaU0}D~ zzeG|gZ5IY>iCXMi|-Sx*b4$6MM-T#K|rhUEo#FZJqZQJ})SdiseDZ_JDC& zUO?Z9=l9=7&oe$J*A%HTBOio(jGgm(i*@``=$+;16pn?gMJ+_BOMJ#Ub;M_VUC$!) zaNZ*4>{#E6(2Uzmgkpv(~_SBar5l_*LO+0=?Zp59os*j{6kbB71a|S z^U;l3{cUtHqOJ9#y&~^r_{lOYUh>{t&Gwc2xHSBJz__uPY|doh z@#~wd)%UVp`X!u^@+6-jVv~FHjnJI7=c&8$6C) z1cRk|yEXPHEjV(#Ae$nSg}SFeEt2R9(}RjhJ%NmE>>sk(`s#P&=#%kQK}4l5S(I=J~aFH|6nv*qE1pd)MRxsR<3ZOo1;Ra z$743Ufz>7b6o-Cm%u(YRNiQY$5o2+aoo_xow(Ay8Qi)bSmRbRP4s4rG=e+QM?c{F@ z+fn^tyZ%UlZ7iockT~7);UE9&BYRLjdo%UJnM3+;(6ZO-GfUy19NX-g^$us&Kll~L zq3(ruG2Ihot*|&y6^M-aTMoF37@QnC+-=Dz+;c8o(5Y+z_I#TuiqdU<1+hLie^%~BPA5Twdt*BNSdC(HiA?q*Y z5X~-~#2=}Nfc^-o(1Lt~9~;9!Fvj?e+YzgX_fOgc9(ny>Pkc1>)Ozh;&!mmyQ#EN5 z^{S9oMiI`&a3^C8^6BZt)EZ-DVPb?2=!0oQU%o79^u?cgxeP6ESS57jG{ph)=x6A& zw2Sl`*MP~M^#MJcGOpOEI(S@fkI}fAPqNpeal3MU_+g_!EI@MPv}@C5f^gltp$kh6hDc)p=i7BrWtUCT#M>N!MlC~(hm17 zzk$%!k*7-I!~Jzn;XS`GvcMii^7x`xVlA}pvZ&WSb5zY{-m0IW?i2=O$O6C`-BhEO zGTb_^88ya%q`?i?2rC1dZbZ`#WfKo&`JJ>1%}3bt)fjCLV{ytbUc7{dk(|q>@h~9zMVXJ0{6mU#-`!qk@p2V(75RMcxt2TcodtX7QKo!6)YsEiU8rHmab0_Ro~1G z?0E?JN8Cvk|5jOkQ@E<+DtzD-LK$;ZDHW+flXQjJQmX$;x^nS_SKJQkd}2jr$6f6l z#0`wRIMJE0LRmj|fvtrysKk{Vx9rWZ_r?qEYt-T;n{UNor>+jl$e}GT% z+eFtw1w{kzfStFAa8X2jwQmUexs>(^zpNR5{~Ww)+O~G8zfXmCMyZ|uvDnW4NRSTJ z{E*s@)R61ZK8cjT#LUgew_Y*_9E%~gU)#*+8#;dAP3UrS;O?X^cJf^gEZ-o5SF(5$ zd6aX#X$>zzD$xHPd9+3D*W)Den(Wn|B#AsNw)0oWC_+@Z)ovmF`e$`@QR&~}@rdha}ufgTYVXtt7pu=#?Xkf>1& zHHHIkU}9&W#F{^b+;vIBfrtDLSMo`0;hKd%%-G^HX65EEp54G$KP4*#uNm71F92poW-%f`v z@(;_FX+@ydtUpnm{wIQ4->04WVP+a5TQhWqJv`EH+)x0w^YDncMv?~kpOfqB69wRr z{KiEE#fW7-S!?(VN9@;RANujJvJN3>9Z#R}>unr`omVI%yzU0tj{b=Q=4)l1vv2D- z*i*|1c7ULp(QmDSgp+MFsD8cII`b|XbUjQfxrP{qnj%{!^Ur-a5n0KXv4hZ$9Jx8W zfO-5aWIKr;<;dR^EjE+0nwcD8kmR88c5B|382dh7$>&=AByjhUCplS!7JWT4Syf{4 zm=ab7jCsW*?UmyA!vXBH8zeYSAc+s>SOkIaN<2r&Uhfi`kX(pbwK1T`SA-(Gc3iTT zo+Nu!5(_Ys(3*ZLW>fcxtIVFUHgDm@u_?eswdmaya*bH-Rs`9FAVv&UfUdxeS$(n{3%g zoswj(USFOpDfQCu^T4%NR0;pd+)%QxR83D8@>3*8H)qVYT6N~;fssfHF@QYtMpSYS z+eqFiocw_O{3Gf|SVn;IHo@`#^DE-pzo5%xet}r@NKFw~^R0i!o-pRWpA`-rY`c!k zP8BmX@AP7XeCan*r)+kO6p)9fhjb6FVWK-VOfNh;#9`XN!}MPb38BX|OsN9T!}UB& zo9$uRkRtHBN2I_Ocoann?ZazxhsP!KOaMh2={Exfr7YUSa}e7QkKk$vX;=@II%3VJ z2mi){_B}Od=|>ED0TJyQcX6oh|N9V!YBdklyv00JMTw!(>fdB}#1?F{`oGh?8nU_w zZAVXtVDisrSTJD`O3ILmo;`2hm&+6LP`V z2Yalki)qjJv-H~cj3Zn;ype^AAQc5@1V!FC=oYHXDFw~!$N%P3p3b#K<=d564EaPS z(d9zuvs^U~keWRk-8DC$W|520Jp3j|Fjj5dI8Qu}-ir64dUnJ1gO!MLb5ul}(n0xc z7!HaC9-)kz24?AZiJzDDg^jc3Kl%9}0>Tj5GiFrTGd-LOrbYIVwQT2(tSFMa>zp!@Xq%PEyebhn zqFQWR!x=W(&2(DKdPNhlLoI5nSZ%#`3sTt3>O`h?=Ho?$HR=_@W2)q39<|$geho83 zbX$R6VqIy!GivgY@{ZIk#A}WKqwXIdKVJ2XO22Lmz+9e16==LW@Zvsh17)z+Iu6g; zE4+zh7ZrJJ72k(W&@0W8vgG4mgEtA2Uk=#wS@~scSqDyqOT9iT-#2lyucUYWeyTg* z4qFn{XXX3Nkp~8h8f0d~qcOL_An_%?Xv|>8pV788V!QRgB7&u4R$ll(0)Yp}=Fwlb zu5dMq@BhI5zJ4(h4swP+&f$mY;}q`$;A3j;zVyQ~VUasq{9y8WzubGB);*7Zp7QdN zf$D2(W__Pv$g`J%>aq3Pnos+B)@P6tK%^$etyTcUIaWC9L(TD!yIV}k zKkKw()Tu00Au@venfEl~B%g6%PC#;d#`k6VTGz(0f$G{e!ydE0ujJzD@cU#GBH4}& z9*5q-#+X;*nUi`X;j4UEeYU@;_sW85Z6cOY1q@Uq#k_(gM*_~NTS?onArW@&oEvNd zD`!Zp=%6O=6^p8m!A*>kT4(Gu6)LNguIUz5XSXw<2wEE0t zc%`Qn=gTsvM(AA<1zLPY1nEiXdm94Ay~t2X&^3YUnL&1*ib;Jb`9J-A?fytxVW8ym z(Bv~qEBr( zIPb}nt)hhnCY}W#d{crntQ@~wf7Taion2O2Gt(2Y&{H{kS+OB#)Z~zKLV(n8POa%q zBCg4`G!m2Ehr2b}3wvV?EqRT(2`-PNwbz`oj1#GebH-@UiJ@1d^`&5J<|C z5%--+B$7VLBELBCIOxAU(en5}v!7Ayyxq&j;}x z92JSqV|lpD1Spp_5N)#b59t6OoZ_VoJQ2!@r|K%9Z90f#HH>s0viRV`QG8Mr2Nq)lo(z56=6*GnU^OOHy51iklm_O8 z)8p_((08I=Qzzvux_oZnD@?>TLGxZdn>BMShD(g|HbeiYq827q&Bh~l(OqhKks@}M z@&+?|dxML5JMikZ5Cv>ye5W&URFP9C;?U4x+!talCOy=^NsNhA3N(_12N==J34V*5 z;wYy*V_!9fwJ8hC^u7e8t^9ntd#hPS_!~Z6f=7nU7*i5O9B#iWKo3sB9uUJ*w3riV zj!6qxAK({AILW`Etb=sDt?^BeX;VKRCjITt(7D2}Xs8KF(PGg({BN~KB1^ymEoJHDA4rtHG^p8F9 zRYx(fi7_xdu+{pJ#|sVpN|J?lxmc4SUhOtQHe&RkUjzf}_CehV;28ZawR7iu6;7l3 z;pMM7ym{aFFPNyMT*k<)?E9lpHJl#2c2WfS}c@0Q^yznX$u z5CtkP&A0jYi6qx0g>0W;En6gFLw~(%}nMj3FLGdgm z=xNy#v_;wK1g#*u7@PJaEDNi6C-dl_BGy4q0R+PMs*Ut&3ptn$rS10Ep$v9EiIUaW zKRWmavH}F#v2PH)W^G1AwST|q&oipDKCm(L8CFEb$5`m}X^U}`mJ-|27(T1j`7P)X zwu$-8F}}P99Dy%9FcDKAofhL?i$(l8Px%A0ZT@rd{<$D8*@5nu!w};vPUeY6ntKSb z0N9aS-l|bW&_PWU6sW~`ch-?eD38;ri!}+k1u1ec?WGAbtbhi6ed&(nQ#M z!eT*4xDer8>fF_m>eXAE#xkaQgi|=f)jO)=IE)1JO-5mh@)g8P;MiNl^sNz6u|d`f zw^zH}F-eAr0()%cpWWi{Wgea!TY$Cwx#eH`#?fR3z^^bLj*2Syr{DE{O0^^(5jEjr5)FnG|kvj~Om6{EiG z)%<4_<2BBj4bqe9wI2zeF>5*5bHr&rT7+}KkPTo!lnQo~2sVQlVOw);fZ5|7?!L(^Ym6y7 zc(;kS&O|Im48&F4&1l-LKYnZcNjO~j-9H+B)|>tF&YAd6uhY&lbZ&R-ljl!fWB!C> z_olY|$->=nD7tKpMA2T!CW^MhnEXPZ=wpPU%DVBlRJq4{wec!=esCt^aZUj`aWr{x zEP3=4SV*w-HAo0~C`-;DCLY>x|3G*s z)7w|~vDgD6+)v;S1eb=uy6_S!UbXf!$nOh@KfuXcYP97K>f-nVPu@bNFADnxHye*G zH2H(Y3HXEK@5k~7qg(L@pPKx^3pas3*d1jFnofcx_~#w%vjmUd(IHC^gDJ!A5FEgd zaQ@%%A3pzQcX0mCZkN79M=CPakit70C}{`E3aQ7dtr4!_Eh2#W5ul&oC&3@`BRY}Z zBzVw%A*}q{{C-c~D`eph^p^VTssO=)Qt=0__aM18lC-_Sr_CxM<+@kDC?8@-EB}vI z(>-}#`5*V>EdrC>3{qFn0rYIucX!#JQZbg~5$^NLm_9%A z3;lveTafF~rsc-eN(EX*zEnRQF$iRhoT=jCvE^;{`wxwQLzT^PsPb@Zz#7w`>V4QVEq^Kwuc$2} zcPi)%Y|RiSY~)Tw&ME9p#ZJc$+fLw46}TJqU@Lt3kArO<#f`S5^`_3(CUw3se*WNs zpr3~Y5tWX)U>SM)*G$@*C89P-D?<6!8LW(Ew)>7I*gL&<5`sZr@HpJ7@o>ZkrcH4; zqn^YExyVqU-8lnLZkTHQCaKncb*2#WGi3MH{!GK6DZCSQP`ER%sy!qUC2YffaDD~F zU1LQ|#`>eg1zR?`y1@$W6uB1QFQx{)WDHv>V#8MZ3&RV|9sn@VTt38^7PO_*eYi7z zbJI$wnY*Y;K|S7W`QPx0io4pIpua$ts*TB2%QxqT&&RsYL{%O(XItxm-&L1v76$mP zR0GCz80S@;zZGP{c9&X0<{o^92a8t>goC<(?u?~Y{)76hkov@mOu`jmP#3`?d2i7d zPI#Fi0R@)#3A%%C%A?%c=rx<%OA0be#2y!9&bCZNwBXX0K zP=qgJ`^e{rztsSXB>MfCS~o6T5UvMuVdPcyNx58!sLSHrqSAzzN<+x+LZ38* zD;boGhH8Kv8#hEC8vMuTt;ZDt6v%5|9W|~Pu&=A&6($ve(}8{gs-=3OQ8$}rp1Adl zq3^1y0nl8iUjU$?Tok<-z;~#c2VBrNyj%f68%3N2^Z{sxK1UGah3m&a)*p_VgN7P@ zqf9}WQn8Dd>>E&4%;;hglm2{&+z;CL!tYGR~c&@#{7&o@SQP-D~6J-C`GBfoq08abyR`cGY@Wt<{HQ%I?02(tN{2Zc2c9MT%Z|UDS(X>A| z&k*+Kaj@rB(?!@G(ga;54XOfuL-jMF#IN=Kw?DtX${4)y^Gj(vzx4LzSJ>YC^5f?> zq=Wgj;XeRs8D8y9r>_!+^Z@2SUh~o6^{%R2NJb{t2J*-ew!gmUwif*E*4bqD%llTT zU;!!b#>=3O14LYg)(1%+*Zpo&A9vjlPu{yqIh!T4$>|fy7Y(kqd0zQ^!Px4D|Mgg^ z`tshp{`-g8Z{MUK)F|d6sayl`c&HgXxOg0#C^9gxzmTyq!5aPx#*%eJ-jPA ze{zPR90y)K<(f%)S~amE;7Ue63kD##*`rzf31#k6z*OkDN^l|7ID zFgQP`q6dEzH$tvxq?Zdj^T?PPP8$gOA{b#T!W*t z&o%ginh~ehBv3{QzCA4+1em?U@yQ-wfSe4;TTf1p;jJf5C%*e;6)M?c@+(UBoqx04X30F_^uq&LqV-!Kq}yt0D{HxHh%MsZ!Wx z!gS;Q*XhNt11gXml0rA9Dnr~)Dnn4ar`HMpn-ma;@pL#B(@@G%k%?rID*7K$w4D1xBW9?1Pqvl?*( zx{D5cPa3t&%@O{ALxRR_Ef2@HFE4G1b+y6k6g3%Jt|wQUBQ~>(`2CJ;Usig==0BU= zx+Eg?5WU@x-JD^F-*#dFVlk*M^*CtPw5B+;6bhMej z?9IUXa5oowhlZ2UsjqUI2l5SM95`ZZkM%WT?nmnqD$cao%-^0MO!0mD0aijizv*w2 zzuy4}h3xd3-UpOgqFiu?tE>c8y3X*wJ;GkR4i65^S*mhR%`9bp3o{;Yk?UjkYTe)4 zFx=*O$##|Sgb!bgHf!jw^T@K}!{m?vb z9I9NOT)w|^&Hi3BpLBAe$kk=9tIKz;CEtmA-Tm1HS(8E|EyxXDjqgb{`#TkMIpPX_ z#}Cg9UxVH?(k6gg*_z@n}s=x9`hCjVLk}doLXtLQ<_ig+LE9O!rDHU7U`oK=a zsV#RMW_c4bOzLgeNg;c}Et77}fL<14&Nbyq7Av47fwU;DE0BNy$)^zb+aL6og%5}( z&?!(#j&bSIPf-e%^oD$NSs*437|5-r9865RsBh-OaJ+%{IbXZ{KPM}bKTa{dsDE zW3S6`+!LuO$UWrW8onILtIBPGQDKjF)OZI`v(9R8mm1t`{BR5L!}-diwP6*yyn_67 zcB{|%U-@+{kt1j9oq`!t4@Jnb*3Vb@slTV?UP@QF+$dtsVy;jxCW^N+ zHLAmziR0Aj4nrZmB3$;MDi<`{$T> z#6PU$I#@sMdokvwmUgXmQ>(9aQ)}F{bYh8XTG88B)idZe*5zvO0f6EI&Ny#MWBxUO z*KSO|AQ%vkfsv;R;SZ(I-6+)&T7oZa_)o9)Qyj&2rh~zSE8Mb|S^9=(b0@5lUn$F2 zEFlpHMt*RW8D4$i5Vicf6y?F!iKca3&aECmE!a1FSxsOE&vz;7yk|vl>Nw};cFNMy4ouOV;<(g)pdX|elrL&J#XQGC$N#_XvHF0PUy;uklucDnKgsZ0PD zbswaqTb#lU-NzgJnUgZ%poCJr;)4>n*gNE=WA#~uq|XYz>#o@5AFVj;tg6sF8JzIK zUPC026Pkbx0}W*L4B$YODm;!#v-+juk??gS$9uJVGt|6$9f4ka4TnoF`El<_%1tu(_ zNs;S6rkyMJEI($9UwqL@T~FzcIh(hshlETqHFJpZ<@Z?K@6l z7P3uGy1E7C)+w)AS=SgiA_d>MNEUZ4meNMC!%-30fpd-f`q1pisg^GtuQx9Sin|?j z)E46qZDjH+n2V#757+Zj7VP zY+k~gYEqR`=nRs7N>#cNTOe|w^5A?+tTrX7t4I?hRLQ!yZAPt%=#q2^*#2}t<^oo< zxaWH9P2Rj_rTpGhVi0wj5b)KhtXsh|=~gsE?E>A+MtTYGS-%u?*^|{E_+#%-o!%S- zE(H|BSF9>e)y#9lX)U(zzUVtj?@%|bGi0=4aCO_~ImyAzZlK=0&qH6P$n@8IX-?y= z@m~BZuSQkI*U%O2izn-SF2G?b!p@qKB*c)aJJ9BE1b^o(P}fQlI3>EE!aH&LvP;SsfYQw z-e8k@q=A;#t8t7K;%_GEqX)tNKq+@(>@is1v&LRAXh7gvPh^W4srTi55ct4#xY`b5 zYO+{EUvRtCoc*1{_IVR{?3cvY13XX%>Ln4^6@$R7wfH~43Wvx=P(9M<32tQ?>Aa6c!#0)l65fE}&@I zg3c4s9djFzH4&3Y6TyvS3ks}|?9TVVg%j+EFIY#_%cl|Zc#N1vdy7eM@}Q0ddD2Q% zrE>0f=FL-UoIS<|w+^s{RFu>-rFDt!#W~nc84m1oJYeE-CAFD1;6>8KCLDwrpD5jrUclT*BO@AcAD56zk?c4=YE{7!lUkCEcy4 zE*Xv$rUF*U#_jy7=&CYAQiISls5QFDY;!mHZ$zOpir7lO9Qt>X~uvdBL~h2kPS$o%zzY%onU-L1!lrV70irSWfcKy3{lOHryuIli2&h z7>@0IX#mbz8|>8Z8iXgQ^e+>)QNX6c78T+a#Eg9mX^Xr&*&hISK!?98=*|FZp38z* zvoZ2o3gU;I1wkxrQMJY7mnyhrzQY2vCoZev^fuXf> zuNquQ0Pnv{sj_wBh%pCNne4vCMZ~jzKSrdg?IT(KJ;qC8Xkp9@ogzfaN_PIJ<1lsN zEwN*DZt)!^8VT<>@;ZClEBYC-94# zarmdD&lek{#V5ZqSwk>aWjrBrNF*1-d(V7sgAXsSO0rO?H; zr1_u0|4QI#aosa^yo`m*y~MQs@TIHiRExyGQd6irQrh*Mgxma0O54NsP|BBuIbF05dDLad+213SXQ%=W1JXn$Lp%_iyw-Wr{;@UP(ecg%Y>{1n}<3H}i7=E?g(S+)yD_N?V> z=AP4usXW95+7h~JlyzK~pD7GK9o0+cpf)QY>%BppcF2F8H}BYj0XSl)4dmuraJF1h z+AVaIgM%94fA6TZRPG<@$=fwQL)NBD&^NGU|a07hvZvPvOR*r z;NN2cg!t@V%PHY`Ou!q4*WlmTy{nFo%GR`=1=?A498Qb&KHOPZS4pWUDez8D&h5z~ zU{)MLQRB{hd0#8b_6Wv?hU4wpE|7yp3HOfGXQA#tOnp`}IQ+{20uNugiQ17$>tdnO zIz!51q|ch&R-e@`JS(ctYCPOusIac_*x!L}L`FrSs99M@=jooj;|r@i<&jjS{E|+b ziccO9L%c$RHJgO5RIq`TGR(g&nveJI)K@L9g1u}buZ-ldunM&5fi50ON_>za#AMZ) zJd{2KjG&OESufn0`q*pf-9eb>ni~}h2Pc-s16F{?T6Zof3mitp*HlPqSfzpzKYN1j zfI{wk3V!POmiO(xDow6(kUsZ!RUFSMvROcp~Uk=6TOIMslILC?_U}3E$W=`mF zML_*vCHczXt;s_&d^XOTI^u=l-RBD~N=2vsR0ozAyes?EL62dCU>y*O7&D&iJ6Ir& z<(XF-c!dJfML^ulxgC?(G3ez9cdlco(t6{WV3y8Hpg*8zr4*v3q5e?s(hR8 z9P;Y`o@umDSLWix_v3seHOBv(C&W>G#Y<8kTWncjxHs$X!36UBbhk=D>L`p=kpWN7 zd}Hw2%mIKuFPcly!P&F)UhaV-SdtFXW2b!D9BoIFXPFp86GvK5=V;-<*8$_aLzlJU z$0q0_E>V-k=8*pD82R;I;2FRd%YAwORw{(W{fJK+o$1r&WIBWZN2-u5kPp1}ua%`w zkw=+6VxTAQuvZy(*i(MI%luBRS42+oz2w_uzByfQl1K0K>M&iMW+4UCPCc?)t@+|= zkUtLH3nq_XrSxLjijBf2R?}(cU|O~|1bP{zlAP3lTD%q1{Pc!P(`rvv$NuC!N+ z)sjcPIWb;4d9zbqBop)Gkj9lmB!|fg+6q4R?8nT>=xJwBovX)7S&b|*#=YtP#@g{cw94I(5@t{^ zzQ56-u`czoKg4KKSLG!L#&>HT=2uP%qgGa)J>yt<6z;Wg(%)S4gJlzw-YDR8qlgrI zonV$dnj-ng0@TH8b7_#Q>AYi}U}w1&c<4}u2!?UVR$?RLFHFPuc5%W@H@fEbw}lAE z!72o@jqgU{=gVU6MGWgijRLuN+Z9}^s05t9aT`4#lp;CxL20BRcdGC5A%xx|t~?Os zHLgI-@N{gntE$aL8{NURhv9Y7{a@$;j%Z2v~ZsobYnAt-d~L^Xt&#@+3X(Lp@l*8Q8|eB=8k z{586_+kYZ^g0M4|IAPY+&s_Qoc;-dtlao-!jy!cfI=Pp2i>k!i)|DTE%i#{)!aXqnM&MxAG-l zQO-zkeuaqygn#U{c)uvgv`Qv$NkaR!Hh>M;@auuW&&eEk%e-?Sp@X}Y)N9Zf;;v!S zTHuTtr$M}=rAVJl{P_ZBc)KOf$^n4Hh{nptxIB#LvUg+5EyKXA@|aw?24cygd2xYDU6%4>9*U@)ORBFq#ys^T}~CzO;E;mZ|Lry@~eX&D24? zjRPOB+Ass^cv9Q}y7N{0Ys`6P)x!~s*SBmVHHRSH2d!(lFGy+PsL`gAVq1kHA^@l2 zkWH{w$;nl4y086Jp+ z7>DATO7jM#cn}ty>6o@K*%C2oghoNvg{01E%pQw4Z;r5$tYz6b*hn%Av0Loua1=6$ zU`M|&W?X6JW)X2uR;)64*>z+quntS&Up~DA?Cc-dgkXj3?*4~GY4t*NBdpOdLVffz&2 z>mmAPl((F#RDMDn)Tj$6Chi^@o8-ec7%4iF{c$Ss_2@chH|aXgm-L1FF^R9$QhM{0 zP%#W|o8B#QoWWFRlEc6wmX$=e(-!pU_1gO=t(=H}}Os^O=bj8zKs zU|m6fQoEcX$q!wnM2wWzKh>Txb7Kw+&OsM&`V&BPB5xzsJ5x7{k zU6iQpvIK2kw%X=#+XVc=Y(|b*EQ^z44%BfbKv@3PW6DQ&W(27wXdqDdN`-c8=`I#* zp(eY4zHqqGI(YkdbwAyjyRzthI?~SjuccUn?09}BiXTvc*^GgigdfLPss(;D#>%Dy z!$Y$L3=iSk^Kh4y`McW}q>6TbTY1^9WpM8MDAFOe{i za$f=%xVfY)41`Ne80dMSY@42_?YRlsUU#3__U$YQKi(1xegKgER zuSq}a0}0O9a|3P9*yjS~8Tb-@sZ`f2#4~psyqB-;5{H-yo`L@HLA{kD?MQ z7+S?=KAHJ6&X@DKy3Kr^p5JypStm1}ly>GLVzj_}9J`D??jdjXa(_c;TZdu;jDDHs zlE&6AaoPfkT9@yn7OU-Mi=Nct({n|O#P5p^Vnj#0@@MnpD|=sT{mReJYx~NV4~)KY zBK=Q-_aAsF`_X28U)?L`_qX+}=hrL2{2m){s`I;TKs)=Rb}mU~8ifRMxpD5a@B3bCZ>2J9%n5 zuzPpWfpcrh64hQGfv?>(3O*z>!KyY%Mm-Nb!av~>uHBSD7O%VLtdQ|OYtz-pYyRs! zGQX@RnqPKqhPdA!ZFecR>k}8>S+wt;pnbM%KMr%MhFPq2ep*Xm8S0b~8+JV|e*oS+ zoAx_9dacXXY!sn~m*~i_Ld%niF?)Jw!`X)-?e1T8t0u-TP&wp~0>q?x3A)%R zW?F?wW?F?pw8l^98pw}&98LsxGkHH!wo;!V&r6E!mFI5u_hr9x{Lt^sFlynhiqkdx zk+^F%E#C~4pK49cFbm6pQ(=%u|DK9%c@Si~@;F^z8;dWp| zU>>J*0eRmALUQ*K<4;_F6xO>i;TuQJq&K1PUI&ci*H+R8Ebx=@ZnEjp z`Og#Fu4<2ntY{A=Oqf_|4CI7~arqJ#cbqTL8!Q3;U*p-o@q4PO<==qc--AdcDKEGkvs}TY1T_+wNrpI)@5E!-!&Oz(p z98|A3r#HHkp1-AS!{;N*#pgrpA+7WrGgo_%qf|XeQL5*Tu!!(xMCr_G}j zG=!Zv{6ljF+g>Ch0YeE0$Tg6UC(QPOi&?UjCP>5yEhqjOT-n8E4ip)e?)xR1Nct@| zqoeg1#CI!~CycM)a~fM)BC%l#tbYXQ8D7oq(+V@-3#qBu?wq}ztk+yGl2To*t0h>C zg-<>0QnmbO#D9*byrxOjC)r)OQ-_1y+ClNT3spem{O%qtKi8W@Qbxv2H1}UVg1OJ* z8H%a3Ha61DuXiZmgW)9)6#y>rr#R=%p>vLmN7b=M-DLBq`|u1(sw2`30~!=3DA#z3 zqXQ~BKApoquo=TBA}<#Bp4Z;t5ii&RX13l3^ z*SMw1YO11Ht_%%Qtqei+XlM|ZYHCIBo)R9+({KjnKm@JY_}8z9y5a|4S8biY$Esge z8nO8)(1l?vMGJ9Uwp~A~J|C>bhb6H@&BXi~Er;P+FJl4{qZaQ!Ve)6(T^HFMGi4q1 z_tMGr_u{uF*I&;KC)eK{as8Ruts3Hw1R0gr2l1S)ClrxAzt%n8jx!N|Zu=UCF$E|J zH>KF8Qgie;D8Dcfme4hJFbui=q3|%Y2Zr%uDZ;55&V?k_ZTtkVx+dwL_MAx0;c!2E z9?sbo?#B-ATGE>2{B`!6y^3>;Lj<6KyChwfcf(QZ8emS*eh#w3*ItpZoDy z$B}4yx}CM|2F$N9N!)*NzlZWoC^(wv$4poxFm!BzKj?<3r8qs|U+Sy{-!NU+@oiF!!#RvkI!CU3#R~!z^6w8uL zm-{bQ^_v`I43Cc&+J3yUCwt3$UfCRZD^ZZ71IGQRL>{6`w$hGD_KIGr);$(~V}M02 zihA?Q+l3#;Y?C4{?UyiKrJ0S&rK}6Up}e%9taOYm0E*+wH6TAk@~cY6=T`;BRZVxt z@NEG?Ha_8b>TopNT!gz~Q9P+@095(n8@kG!!Gn&IAz2aHOcD^PYudFoR z20d;}HO-f8*a}5@uIO~F_z!K`=L)JjB$nz9iBjEfd$z~lo<6>P^zZiY?SjMq|HC)i z{|w*ye0SRT*8k{_gm2l-lfbub&XdEpvu|U3d;K;O-+J{vWqfC60xL>G+kO~-0lITELRG#D9Oq%-z0%O@bz@i8~E(eTv zk1((|Gq6*9Q>VBdK)~LB&H(J40Y{zeB0}*20Qm?)c?LUrx3>C^_|5KA|*Or3!dWoKkQDm6M#nb7QMs|b90QeI2JTs9*y^pDvp=@38lnd z!MOCA7sM+luE}a+oD=mlkE)N}0qqq;$5IvhxgLLma!o=41SclFBkw-Ds2=E=)$v* zpo^-Fmmi?6pXPfvm7n^5>WRGW4f0RvLF5(phbQVOw|TTQyoXK#;vtvvvw~X3EM>9# zNx#ph-{Uaz0lb=yF8o(`%y^2PXgtL~bfb8RvO~V7TrJ$)l?oE7O_!yb{mB#cK8sD~ zqXWk6XjfaggWk2alCl`ubG8|ed@YWXxaSP-dyIELXw2-!!ZBMwew~E;cWd3V0l{;V zM1BnSy;!rIn2rpO_par7#qMiu+UBR$y455~>&(HoJ)$+d*aRNIydv{+vk$1Jk~C@T zD@V;0C+{Ei$fIY8?GzJuE;@l1gb+O&LUaj9CnTkqSFr^yQp5}gJ6Sn>g-TCf3#pN6 z-Ayr3!G84a%ZAW4vR7TxxA#a zRONxqOm)mly^LVSJjbC(I~}z1xV`+((ejU?aKJf0h+Uf(9iYFLDI?xHe7po6^H8p`g5X2(CwsIlm zQmw6AKpzp9Ex|X8NsoUFbv{bSHTsFv6KV?=P?gHPs($6gH?X$wyZFx5BpLSu#xYRq zL730p^aY22$j2i`Gf<3<4~Ow!U~#E$+Z*@EUl6NUv?Wj(q9C%@8d(WEGA zA(}MGCQZ>o0(tqBh7cJBIGUVjLRWpM3BjO)5aeYNE;}h0%I5qF>2j zTfR$))uc=|sfyO4tETenDtr~`iz`=KO^DP$KuLYNm^>CL$?Ai0x~?VUm9^BGUIibW znWRvBgvw@7k8+%mVz;((9z#9s0{Ii+QPt4 z;%dNARi<-JB%ScZc)LO>_D zh^r+RF&XD}F3x_M29EOac!^8I*U9)gQZ#e6+l&`RH2cPGHKP!%U@vGwqK%k_)r>?; zY6C8x8@Tt=ePEy#_#hr0tqPSPJSlv2)w*YNCHO@tje7z8VDivutsz(nW zp6cCiU&!)sN{J~CC#AG64>PDFIOqwCjG&FUTY^|yoG=-CzpYh&?Z4P)bXK;JUcR-! zsuMIB?_Wuo;us*!*6&%r%}$O)4o1S8WAnMSmS;Eebp2NWBN&0??LYz?*~dT8N8EBlXE#XS`_o$KwZ2LIKfQzC0!QKgn41Q9}9u<5QLY zZKovv?>}|<|MUNl{QtwjA7B3eKBmu8*`F5XDq{Ahi}C)xMEi3-?Hbt1g*<`sE#ogujZee^dPW7fWR{$HT-P zsJsW)VNIsl)^s(BKa_hQp2$7;6YY%VR>dBCBljSJJurlE(0v5Iu{RtL6RKpKs0ph+ zDXTswt75whtZs9XR1-)6AEG-4b#fno$et`jcHYJzavQVd_V$+(rR{{>_JFaT_J(e+ z#crofY$sIH2DbA$3^c{4G(o%ICpC9`GO*iA`@5|jiV(x4`UHpSd zmDlUMgy4T92K1j`63WTa+V`h2lcACQI*=(%*0fgXv9@e;m7Zy7kAidvzq#^?WPU9C zrW(K5n+SeCe*aYAH~-|}*M0){g+eSn>15%zg{hq{_Y~kawdr)=H@6M^=CTjqwh`E}+#_qa5<3-Oy^Wp{p@Y?1rwA=l_SX8+sD<9Z0S*&Z%jTU-<^m_&?VpBRV+uc z8&|yv9i#lgyVV{&Z)Ln(P*%Fo7VsY4VkZ$N8k&@#pfCyrI}h^s?E%T^gC>xObB;1+ z78?^j|0;rx1Ah*G606@ldHnBeJpOh<{D0@i#{bSIh5vg`3;*~0$MFBa{|5dyw}=1c zev(6DjJ}$5gtVmvlqj6lT+p93^2d($b=2&$x@{xrsO5Rb`suZ&q@TXk(XM`aq!7O^ z7ay02j}fM}x=v`T+pk2K@}Rqh`7X(E-qfG*c`<|iP z-arj7<^RIpdQv=-ZyMCZWQ}~W3+uEWxtev__ZKAAY3rQk7Is8l_D(8yt^Y$jB;9AC z0ZO5VhPV1Lqo_*)&GyRWqBSW|g$kOryHJ;odxG@atl%Xb8du|Zj!;xx=prpQhf|`k z&7zDWMe5ymkhv!)!h-25RtcySfwou+3@y4GQv|otIbT5?sD_|Y1mrd=;BTF~QE0s3 zV^ZffOlNlaX+<9vbs+B4xoK1AS+@MlH#O;^P9fDPmd{wHMTe=>W)nIHr7@ZN5O2V@UE@ANNT6YQ&+mqmIj@BG!~V!cA6fMcA5YaIyP2Bk6J;% z9LRxonsu;VsrS}(0(v8UMdiGxcJBsAGGuM zAmuYYE|wZ$putgN2~N5E7hr3uT+ZsbT-!hG{u?OJ2Tzy}nR-(@ydG0Yi5tV#(HJ<0 zR!e;)4x>MVe&p<>XyJA-kWz6T4_QLVC@S$axRMt#xEWLy65a%it&{6M`ITh}9MLEt zFy#-XjlEKGJ@v22L?S4`cxoXAHEE8pCQ17Z zQ4?{Pa`0klSRxFntsE+0{U=N=^+Eyb)Q7RWjA6Y{!g_H#u-+_Soh?5S*86=B3+q%u z5ZHV|SYN^TB$d^)67o3j6ypAvuvYHYc(b|A@@Sopje|Il>6YR~>dY4C8`>f7af$~@ z#Vb**J{FT;lP6=sXR3ft=$i>XC3xmnZ6x@tV(?4=ojr^$yCRVgr!~WAConS(?2{ze z$8{SA^@;lJW~^z5#JrADIfida3p+X`fkI7Q$~c!nWAA=iDq*);vXu@1OPSyPISoU} zcelWn@?m&@Ej*&b6J77#{U)}o{N*Oova;%n0j=^`Ca|wCrAuI9A)qkM$D{?>wVjl| zo(W9}`XgX7-uayR8+y|Hm2Kp@{<8pN#W5gQ7zM9#blEkTJ=HYjMy3VMCCH(epoBa43ODjU+cFi@qO}fLW$3k_n2#r%6nw|mR2CL zKxCg-%=`E`67x>O|7cipyYk(iiTACoe8v_p(ZxQF%5c4sPbkBE!)F8dkTd^r8T%jY zi|-6l+jm=~)D}Mo%V}5FQW9zrSho-rI&If!B1hO-#<@5?)OEt2e(ua^C06LeadFBz>puu!$@RK)4i^1%ze zr7=eZl>p4n!9XF-t(r^Oov2tOV}rIw?|#oQz$2wMBNxkH(Oe2-C?z+MKZm2rp}WeF z#9E0gEi61hHWKJr%0U%{-0-wm(*G786f+19DLpPRSjR3CAs0MB!?=85f3T*Vz{`(^ z9+5bP>!7{?tL|X0RZ8#b?jn6a$Y60Dc{5S`clU7Hi|Nt$@B1))x)2C!Nd*VWBqL%_ zrO1AU(vx7+P5=3vcyKzmXpBuubJxj^?l_BCjpCVSlCRV{FR>3Y-f%qGX@HlXj`(C@Y6bRVqp`k#?9A* zHyQH@c$1OhqB1RkvF5`8?D!D}$k@{&W>30JGue|a9}|1hvA;$zWIVr-{2l3)V-K=+ z{Tu#hX4(!6H& z+VVoYA<5%baOC-i>+EC;6SLin_l1K6tzOkiTD*A2i-gb3`;!UIBd%$gbgDS=BON!? zPlDrS#0MvH+_X1d8Pg~lFPk!pxAC%h=lyone;wsR_64^RTq~6>mad>X-{IBob9l8W z4$~&7YS*W$buNb$B7ky~$_wqwTAdp1oWpc%{PkHnHoU=^h8NBT%TMAyyQ)2IogD}H zEgx@lmz^_Z(p`36#ctaPPYCikr#5=`hc6jy^MM$9w3JK`5fId^GHB8w z%3AHK_Xc-U%+jvoh$?gv?6td*qPLUZgG=cNchI6Hjx|5ih;c)1Hm=)yFyhhD(Cs$= zxgKq5Cht#wStBk9a%kvYu~o5&k%7K*fW^k-eFMbx?%z&foE~|NiPM(>_gm-tlAD?> z^C#2H;$~H|hphpoA-GQ)|DQc#CfTuhmFYfsp_xm$r&_+*p$4Zp%pevyJ`(xH07k~7 z%h*jB9Po_NloRj(QG+q!r*z3?_nLCAF*tqxC3}xfCjIru7i_EO-wA*ui+RyUM zbhP3g5e5`1%c@xX5;+yvy_r&~K`l+SjXvkt3CmzqoSqxEvi)df(V0l-#c^JS+{D0^ z%`2;k5(@O}D`~}dnF~yP&}g8+$Be&t4o5so>grk03E;3R&0zMJiC+YUQ&iJa7OPsH z8V>c;l?PtI=|JQ(^pqMb{#;;xgzSexFRvFn!d;h}_cbp_a9^|R9k{uC*vdW`x9IY1 zjA^I|#SLv0ho$xx=N!(7gcY1;kvg@!)~V(NX86Z?^X6RY2z;q(X_s<}BEzWsq(9}H zelPTEI$`MiuRKiKt5oEO3*ydDUrJD8jZYeogJgB)N@*ywG$EWo;q|uOW)-0b z)YqV<$XFB@1k?@85Gj6xUl@+J2iQWSedo*~9DJW&w(R5n#6SakOB;az0a%>_E#BbW zXmmHZ^ouQX1Epo&QmGuRJRx8PS8}8qi7fC_7w}Uep_MN48h^T!AeOmZ_)qgaG9s<= z_7`717Dm&cubOanFjgPN*A>EOFkuLr&4+*x_neTf^c>>|cgcws!^j>`i2?xAA8>?w zMfD-&b?G1qbRYN(315@Vwa$2p;EPSziSGhO-emEahERqG+PGvZwT-{-LyK=5+MV8B z{y;PT1}ge9Gs-qH{R;F;oM%H4QR7kr1pEDy=#L1Y(YNQ3c5{y;(#LevpSG58s%#@u z0e>b@9b@J@(R78qVxnYWk@oC9Nb-8(oFpeP9{GaLNT66`bSiDX^Va!DW(XEi)qcxP z{*`+JBPevK_J`T>=j?(iFD=)N6v6d9aT(DQtTCQ=4CE04^qOBM*}~vtHVNnNao{o* z$Rro@dqq=NZ2yw9^b4GEX)n&(*WXNg5gx|lP~_Zfj(ls5lY?=45fRt8`Ux8O zfN{YRq6JWfPUF<<>8nNN_29cAHxRAMSta*_09-vXCautvUEund0QhH#>#j7D-+kCW zQ7-losO$}1ZsuaQk_r)pZwXTq(g-+fQyg81KMqc!uxvBT3?fF~27+!YdC@Zs#11C7 z@5@o*t$dULr|J9)hdqym15kCSdG9I}?{Yt+&}i|H20!b#TJv>^SDy*l+DFC;k5|8_ z-c$anQ$6w_P}l)`|8(&AVuj$t1@1xnge4XVC-j?#=zK;H%xpE47K2E^c&nt#F%1{ zXFL$NCG%0C;D{GEzB!S@+Fjd9?cIqFb|A$Y5jc4nbSbgy_$`#2GOrTgI6nU z3MadBB4CukloeG|;q*O3$By{y$JO9IZx#XFT($gYin5IEQb92{gG}_drd5G~jeO+Q z?r!mv|6o@tDE_mj=Cc%FUo+(Jn0%C4!H9HkR-LlcLshh?Bb<}<(VfU|@y+iCOulwGmb#?_i@i3&2 zpQw-Mgq|^*TFUfcEW=1dOgzEEzP!%@FNYqpTO(;PBhh(P9wd#`ph&OIbHQ$yGHjDQ=*nc59$y43ta* zZD@=eXmyA#49kItO^d#YnJ)^g`k2_^B0Di!XIGUN<2iGTNG)gfJYd`qKf){FIo!Q} zCaJm5_1w7q@Mi5-mO_n!{sZX0)PXK2X-gmU0{Bsul9z|i{`o{bZ3o{K z;{X<0yrb@>STfCl)oK={LZ_P>@IEgl%|`cWo?ih~LOmHw zyMLR*h0j=pek%MopHAHyMPbk?yp9U_Owzl*EDGmXg;!AFOQP_a3C# zuS?C%_t{+XcdO)nlqlVdsr7vHw0B>hBBvEKno7(DNsuG;2RqL0a$p7PD zOM>KjiKaj}_v)kHFo-vJ>92ng|GdE#^~lF+%@@GhdVHG;$ICj8p7J`K;~p?>c*B%$ z8Lah`d=O#0kEFk#y)`)Zs}0ruF4NzBVj&*RHtFv*+Xek46I8WdRjO_mG&npghNt?W z&Z5B=S=`S0I%?^uvq>5Zb|D{dULE?h6%j6NO@s}~0P6JSedCQG!Yp@woR|n3RM_|y zI2-#nAi|#D55BA)qD1(BAj02_jv>No`ElU>SWJbq7Nzy^{65j&A-=3v1=%9{n?6w= z#Ps)G3jVl*^2?(nBEJqE zXbT29?9KZmutAbv8tCDef!LpckCO-aBE8kWMSiXKXia{fc{6T=mn8Y65iX1yf%*si z{dHXbZOJbWl!*LZ89&e(Nq%Xd8e7boMc1G5X}e;Ei@YJpFOSid{O;WyH^L?&zsK$V zSpbd}llsQ)Z`NnZ(&NmpUFy~DcS`cR0=)ooT9aQRN`B|daR7yeI%+!D%A%IQ8j%2- z$S*kYl8(sluPCksg8_%;yny&_6{4JN)5^psa)h_B4Q*AD%C>_Wl+4z>8-trqQ9Cu7U?zr(ln?L4?2?+Cb2?%rd_z~BH#zsfXjUBO_@j$D8 z86B@3Lfw*pP(S)c+`y|iW3e1~Qw*ORJ08>OE6w5J3H3kP5bELaBdiPGCHUmqh>?wX zpG(2}5aFgV<~x{PALa>I#M*dW66;$9v7W4FUKJ(O+g}&s_=2Be6u*NDQOT7}u0qjdUFQRub`dvA`?>4l?#d(wneJDdFI}g%$KKXp zi+GSdnPFZM#w4Nn*Hew#lcOdnwiV(R8vwv>lO@J90HhwrGP6q!+;_w^1$VAEK{j$< zWbQO?JLr8gsJ2MT4vRs$QFbl+L(}Vd^fC&lPI3USvg~a-1lGY(yKfq~JKdW0kZRur z8Z3-^&)bcspOQBS#e-DiQF=f^h}N4AEu~^9zLZ^+1brTT$;FqsR8(Gzb0q)`8=M4c z93o=;T3%uO7ZmGloD<<$$Q4hNJ*UoDH7Au1F)vx6BrrfJ%UUx1#i@g@R;Btw@ zC6!m`i5L6~3Z=B7>_P;l~M>!<_<_iWUJjF-BO zUs=G72+`CzdZR?3*IEV~5v@sF6X~0NZVVi7V4_DUpP{`w5VzVGxUde-!zWi4?Nj^Qg|X(^Mkj<=5_DGbLzWtFz?(6QH9nvwfZ*p ziNo4T3okG4OV^ppYpxdby{S{l)FfQ#?z^z{qNQ}SXpC2S-%kd&S+x8@((4NhNH!jM zl2C#jCb~~!=8UPzOWpV|g1^QRc-V#J^s?3%Xmrz)tD7wa9XA|Rr6pHasu)`oJrdy-JiSe zSj3|HsgIl!rS0}u+8zurQ5VNm--&0(6ZOCPfXSW2xC~TDM$1ZyTv`_eyZv~;^Si8{ zgsF@A#iO=PPL-RDtG1-mRwi-C)Vt5%f^>@eS~QGvURPW%pBbNW$d~^)L3q7E5`<)a zuf7kTc?tyKxfzKF!n4;VA_!x5S_HwCc{&7P_nB=7!X@7R@NJ2N?&%+k-O70ZPx9`1i)es-P=ol6SudW zjB|byN7Wrh&)>++cEFy?6g$#c?)u@*a@W7Y7gyQUov{D(C>LM$bhh@t0oH%XmDfv9 zsP>dEb|ewA#VFGKZ%kLl)~^S)qFEz}QdEyqu0Ot{q(E=A1ifB2SfE!eK`)|5 zOwf}+Mxgg>y$N~@YbM+^h`S!$_jn0j>AHsruM+$qNwLe}3K{#j-f}w>@s%xhgM7{5 zRw_cW6Ke47Av|F>1wGXLp!&h3C|FeBV=`>vt9>qU*O!Ohng@*IIP_cj>1?*Y&<_7VV3%STuL1*hL%p zsK9+%x1s2^?5bp?@|+azL5;E@uJxBv2YD}l7m-Ogm5T2V}WAv(%i|*lf>btx52^Kwd2vy`o@4og` zzPOYT-3nUtebaa=vZGr;i~gR6w<15f6+jVRp*Og;qs3ntv-niViK$r+ecu?NI#%}AKO!mbFOnqXr91q*{)>_%<)!$cg7V&xBq=ZZ z!JU}$jw9lzcOQPn|CsXr>{Us5pXqH<-ivzurzmgItN$^|`{%8vM0tNRwGHL1tV%?A zFWJ%|<()D9KTUZj^*bHPtM+U|M4rAHM1=f(q<$}|)FTYtbXJU$ny0*^(B{9>qeEtu z@@Z?q^vJ#+Vg%D|&h`Y;(pbUtd1t&}+KZ-iH)~a;a&-lVe93Bn4_(^A{uU7<_%^m~ z?r+u5SdpT>xbU8gTW<->pQ#4D&Q$fqz&&@}^D{hCgK4miZSIcsr|O|D)XOF!g@?1kLhauzQ2Ikt1*F`X13U z>_q}uQFYw>w@T3jL!=e7!)@?sV^2+vr0xp7AgdVG8uibQlu`42h zk?pj7Xwylr`!(HT=AA0%eP@h@vWKxji?SXY@TlynRHgEtatc><{1&zo%miNE4rWxq zoA{VFiRDJZ7g+wVCWynS96s31#u;nSF!1*~b26h0wqFx{cUX#rQlZvar&w(v91)t5cLp zakRH0KA_F^g;C66OA^-YJnnjJ%+}7TOUdrqm2A@%<+&NVyExtKQaJj@5Hj+n|6oG` zLMDCwbDpDJjuJ9yhZ{44r!68wO@Ir!TznaS>>=?QOU1_{r=m+J+#rErSyu)IXO|O+ z4U#J*vEfp$B{oEXq5B6fF^D7phBteij=V6vOPizqrIECR?#A$#j1@!3&TTfR|K(tOe!@XB_~@0a7~bYkpBO&OwL$O` z!}0(bp%0RzVqM$$<0#hWzbKdRFFeD(mv%aZC7k9-w1kDD6D{EvFIY=BKJ9dt@V-uM zmhhbsSV9p}>y*g*1MB5WujM}bUX^+ZFMW$@zBFA3;Wxf%RH8R-S!ccR8=X$)jhCgi zdE-wnjoKDdjLR#cw#DI{qqarGv@M>8VM5Nsk%()9V0?$Y)zf5iHwaF2*!@nE&D|gv z-(iz`GMl?WaJ|DiIhoDfAh_OPJ?Lk#YlGl=hy9IydR!pb{IgnNHrMRDfJ%qDHV8I% z*iY!^AlC-L<__ye19f+85Nz%+&6$wRZHi}en~Y8C60*5pP+9M1iOq$e$i*ylJHN&I z!>5Qciz^lP;xS#$sVrqw>iZWued8#i^Do~;Jlc4nD0!2z#cGSCqGV8=#V4=dDtPmc zlWE=m9%JCrlSL@ucg;gW7w0W>Lk?k8&{XbwnW(0nTCM4ZRbWQ+57@L!2I zkJau(>XN_YCRCT8{lR9Wk_9>NzNo(?}Ls-G`I)`<= z^?y#ZUip_?q;F|;^u7<+PXT}bSdfTl{cdC;6u#`A77CB)aylry)!qh$2WNw5Eu#E{ zdf!0w+;*)eI&b{?&)-EtH*slq1*aO=@l_5p9K`v*7vUf}&aa0R&W;I=76aMO{H8re zsc26{>>tJ5Y{(QbSRc;h`-QQ@7co);_~T{}}Mo+gwF?w~ZIpp*3K zAWra&9ro24T1N^(qF2by3NoP?kserjs+U)n!gACVWM&JWrGiYA*Hx!JP?k%NL}*sM z?_D-p8;;{~z}Rtd|7hIYhcj7_3RYy2TBR0MlJVa~^j|jMs33C$?Zu+ZAu?C#z0Z?d zR`)9+8H{hX1Q9JC%@mMQkty!_-0q-@1|H3u>7dc9)$xqEvEbg;?`DA z`BtFGnO)HvU8bEK`U?X?Cvfu4i!z{5!GcV4p2Py=x)LqG?k?s6@QdrIyPhN1D8T!- z`{HWrw-(_me4saPUPRZKwx;{?zE>)`aOg;QDATL60?Do{bK#*Wp&T&ESMxnxXXrwH zY?qJcn2+BA$!hB_*cczTq)zfRl@gD%o6dI)tgNZ2*5vYX5Qbi~6=v=C*lbX}*FdiJrGDAK`P|0fa<~7gn z&EZwVT8}5m3q}7QZ(jl*RekNB6$SAB^_FK<6zw~SSuJA z^w1TL;@@4(49Ojyphp|!By!ltJAP&lE1y*vaoVT|;x+pUPa8L*iF(gQR?zvDl2>11 zb$*17+W1ghea0(U4kXzUk5W%NNw+S0ec{x7({CLICPVK=nL{`h`pIa|L6RG#%eQLPR=SW~XN2uBKiM~AH)TB%{$r4V zUlbCnYd{i{0u2azWqrPF5-b4tZ?ZvAG)|Oa5%~D$O#V|QqJKOE=Cuq&up9b{y^sSJ z8*#yIGT*6d_9*7-Okq9)%a$xxvD_G5aYS0~=szjBg@L;RW;2K=s0qU+j_33klx*^y zLAgfp2YD!pni68JbaN%$>V$~@ec?*y9%ZRBM|IM|ht#J;uXow6oj4j>#%!vxBH*dq zHgt&VXd|fV7iz6`bD8dYOq}2h5+doEKRLu$+%3e|=^@4&6Ca4!QlbbR;?3Z_VgsfvDu3}SB zlQTT_HL;*HJ4btmHs2EHy+GA zMa`w2m`l!ZmULcG{G`mjQ<^g{inn$qPieexw3@-;t}sf{U7{QFr!X2)?35>Yyb6Bo z$vb;lrt?TzB9qUvZ_Mwb(;V2a(oc$!wM*CZ4(sQi4R~0OEbC`j^G;4Ttbh9N-eLWi zs_NGnR#A8O@7*d@6o?rM7-&)y|yKOs!#@%#bJl^+v7! zXzpCJ^(W)C&nxS9EOj3IHyeInmF%c?ux!YHlVFvkXaSoenI83y>Bh7 z!lzecRW)xP6n*D{>LH(2F8iu${sp+XAUpd0;O6%aZ+>SG-W~GhkiEkn$b+cW<=%lAqI zkspi)5t_T2KlVj?#x6ZhtPr>p?HQ>x9E%@#4ai#9MDaV0PG>}W3c{nJJtbO0mORdY zDMsy|&UEH)}5(G+i<6ip%~?8aJ9C6NT7bp;?a6fbJc?w(%l7Gl-|<#Rww>Oz}#9D zeS567{+3LPVb!wT9rLH*tIM)5+*KIwsv)1^X4m{naWj~WR|i)$zkPTWhP*1e?SjCN zR|7+yt6IKW4f|-Z3^(UERV|p%Ih%@nv>CJa_MoaEp9IY3+-KuDtJSk?JR2Gq@{no-tTwau=TK+a#{u=If%|91+tI)4)=-0NxrJ2zVJZ%dMX{}lg14mv)IKV!| zPf-2XHi(@zTjL{C+qa?ZTQTO&cveNb3#zoAp#JWqRocB90=})CS75SBn^c$;Z{)`! zwz~SYo*9a7(^kF+X2x;K4oJx)rkFa$nUGz>ovY z{H{^HU90E18Zx&}wQ??)T9H$sHSi?bWNUgw*JR7Mpeq!+F4O+cRg~N<`3+6sr#k6= zK@~ZXd4^S$Z&Xakk6f!;7o+H)&%PONLUX^jDSk2D$&DCp6C#!Ast<=eRYxYKRC`=+ zwJ*fSF~NYVY;wUs`GXjduF9uZOz^SFw}R%*VEIn%o~HPVPd|-eh7R0DQ3eT4#qMnw z2KXDYn>X-FY!wRX5F7Ciu}2L1JN{HP3WC#Yw#Q*}N-bC4SjzyL5cM}w3s9$ob*nTH zFiN+am{E52os{!{+{UKn+uI?v|4v204ZFwOshi5Kn$`KQAAZu4CV!Z7O0Fd3Bm4dz zI_kC?B(_#X5LL}_vRA@hJZJCcDuXTu1|xSA2Ov2fP;^tttj<|Zc_qpDSeC z>~{iPm|%v&G(+90Jq&(0kOA*e!GIvp+)j%pLJS0jJk%8)%k>WCt{YnC>e(3R7e7P|J)5~_s)%$&-gU-&WuNbR z>pvp7emk=vWv<-ybzkwN9->O{e-vM8Uj4zvmnx|rXnd(b_5H_}at5F;(L$b9+K*D@ zu_9en(etyy*TWND5VV$*Fbd>3dh9A+JU=xaUvy&u<6n+W7ymNK_6Ds>i}++rQrJB= zZZ0U~vZyDH?tb$xkSV}m*Zy#C+K9~uM*lxZ(0`Xh{~bdAv_04^{da@@J6!tjR`efF z(7$|{hW>1Oxs<*TgSV4WL;FamtAF5;P+W}rN+>eWxj*P-AUFPvmw(W_P)7>?*!I02 zc=)GdU;IM>leYcM%O(CX=wfk6MtGP?2;N*`-@2zK!B?r}rOL~?sH5Pj&JxUC-_UYi$uH$d5{M&Y9-H6JcBVFmg~g^~`$wo@1oqAD&wC8(rmi4k zjyvMCyRSHXdKp7eM`jA#lp00Qs?$qfk85tcG?=f-KMh}R#Lm28s&&UMMrR10JJl-O z1>>nNJ_P?31Q`!DXbmr9!#<*M*X4-sqxAT{y!1Uemb1$ZEd4u1nocl@UB#F04m#mI zQ6K=5sY^&w^t?`OnHufB5j6LE9$YOoMB!HMYk2NoN}9#|H0$;)fBt-br^Wlk_rR`; z272%OWkDVB>&@@v=$RWC7u&Gr7X_QQ=Y%phOH2+k)E+PK#3O(-A*KmjEEGv_A{P;0 z7JYipBse2FfYQ^;+qL?0=|ur-r(Pwgn(Yt87W)kg-!F#W0spV`_0+&5Dj~3Ki6F@U zme1+U+ZZaZBN3Rr$rG=}+-N`?X!TqJrdmVuL#3Tlt?Bu`VCkMvY@#3fZ)nKYNV{Rq zYLm7yD*J{E7ZXCAE~9IzWn^G*LtT?iBLn;wviZZwF8`c?s;hePa2pHIMLwrPT!zMR zN6ygllz_)A`J|`wFe>Uv@yu9n#ihQ;5t{=&ncQt|ozK{ds&5=L^A11CJOwSqI>HuK zTw0(ttWn{D+wK3t>zzO4RdmzLq?v^W?QvLD?9Sy9$|N@IOl;C|^CB3Hlw0lDWs=xw zAoRw(66krv?iuNdM&^RGom{Z+f7X4{gDzzBA+Q12OTSmMtgeT_U-whX8}J|YrQw0K zA07fwf?5IUY;cUZqh}Nh)l$t+!@3Z(w8OqVeGLOCzr&j)wt8Z8O$c&;sVRc`%qj;!-*Q+HOdxgaMyx7g7prioI>ikOiduUN_ zm&-i#ITmWN8GjI_?^Z|5hnhSq_|dEdWGiYaR%cng!9<}(S6)-Bl?S@r^}9>f?}hJp z^;cQ@SV&_1v!A?8jq&32`iQ&U%@g`64|S)kzm4|rcRcHFcYo{ey#DGBIQ19puYL}Y z56}wt0%B*+IHjwGusRofnLQV)decck({lLk4n(1;T%}7 zR*5U2ViiBp>VKZ40^&wDz@d2+7OdC9?=T^*ETBs&4I0EC;sd2021<8w*J(;L?zkWN zE+ga24fbp@u&%D2T3&sQFVbmP=TEkVo3_W zS^*0;ROOjdW8;gRkk=6NP?TXYdQ8SGCIP>#621BToYL1-GgST1VO9OR!n0BT*{C0t zpN&4UCi~c=20W7}y{1TNZkEF=mHFCwBmZiA!)hjI>!+V|^|IaB;rwNLvcpG|J*WL- zgSM(UKGtb>{1n`;g5?13;64l$)dd@>OPbx`&1|oKKBxs+>bJmi&<$JLx33Oa-^~wN zi;5J7HS7dTf>o{fC6St8EMq(L=Fah2!P-zZ~TjV>kK&n z!BJvlquBsSsDeUs@lyp@56zRa8&qCm>imW|+3|>F2{SV^I`fj|O~6`T2Pe-gxBwzE zSIC(SZN20kUD5D>P$u(Fz*IoLu8N#)STW9v9RV0TTDLYUjHPXx-2$MJL!q6QeMQ{S zq==E31{OQE$bZCA|onJ>AYRa_Y+BU5?)Fjc|TPpJtQV9xjOJ#|YO3;s5 zDixrD%&X4vXhrBj5xy)!33;oe>3K1U44#P|wZ zsahkK&WBo_jysiTpIe;z!xmST;jXGnjaHsshJGt-MWqfVQ}*y0-F_EHm}p&1R`@#@ z1(^oO`ZKX`&0~1#UU`oz?B~+Qn_nAI^1gPlq^+016v;KuqqSOiNypyRn(7xlD)Tu< zi0C&=Edp6A$=5UC9~1c#_pd~AMd(0qpz660C<5WEpTQ}rcudXL%`#s{Vu|u;>la-O z+z7P9rHT`ve>*TLNCp+*UrG!Ic;rhsVlqCT8aw4Hmm^LFN346z!x1fE#StSqmG#_f z-xc=gNMeufT2*lurFVruv7!^UxW7TKP}w* zHT0q0?<+p;If(De>?!~L`rk(%6O0;j5Q>=Z-ETUQ&yLOidirE<`~DO^nD%ug+SirZ zK3U5?yk$QTzEbc4Dy0U~4p>z}YDEGGp&O8?il8;l!{UCNVSNuaEkMDzxCYIh;I6ky zKP=seee<|fdlB}}vgAHFm(g-Fu{--G*|PjbEW2+9vFtib_NOJ1+2mP+#RdU_{NV}I zSYpG^79}Hdr(V1Z5~B;?GahD`hu5+1Hmq=ALC9QE1FZvSu5Msov>%G9V_k~9=THDi z&OAx;SD!RfD^`9#Ug%meJcRs(B>H2JcS?RHwqs1kn&8%?vlTD+ebY;Ycu0N0Mnid-h~!U{ps>~ zSBYeqcZMeRubnCcl(pJfy*_%U<-M;;{mi zjA~!+r?%zK-*=2++?|{HJhzmz`~yp*VO?J%aT&Ku;ZR@6L)P`+nr|7_Z9WE_haxJx zGD_mNQy<(+GC6FnEJ=TbbH92;6N*}9`ZpKMhZ2+9x&<8(|p_8!w*NH$T5FtCL| z;?^iEuw0RWrN(uz`TbnwpP;#Gv=O@o+k+kUv!eu&+yR!YZwkK~Cs;YMQCviN677R3 z{g7{)irXQ@~5KPTwfV%em4gq z=JoiIsrKk6{W5m{4u3yX9zN9<`49%UQ&Fw>>uYaQ`I3mQ!S3ctg@qMNpY^!pz>ZC- zi7u(hg(qs;gMvY5Ghm{M4V$u>=&sy%f5Sy_*e}tOX>b#SGF!FvR~DXF)q_Ex{A0Ns zva&wK{UoWlFMln?ty0BJ?OPns&j+?@uz98ne1AMV1Q2KoG{7#PEF$CblqF~R4V6@pEDsP4N(ZR|7ep`VDAH=ug zN658-?)Fafr`nPq5XX3(Hm|AXI_>q`#&reESG(mpZDH$mT1~S+!BmF5$-uPSR)Fct zow81*uUWUC@C`ffSE3vJ@x6kK;CF_vG%`2zyp5MOV@Be~cv zJ$yD8KYom7v^%=9SEVu;2 zJJTqp4ae5}Sdg&d6o;^Z1DY2Sy7$&vCh8JfVyw0a=*-pjLUej1Mu6Q((u8O<#W0-x z4k>B3z4yi=GvZ^!k{TP9*&##pT8BGCP2Wo_I0Mq}Xp*EcGJJ|!LHeX2oi>+?%b+g3 z#}@%cZHK*g@5lQwv8SvzFn^0y<}5l7sYQqDjZA`CZ>k<;&OjPKcE-o{@#m@aC)l$Y z>rZ&0T6;S6#9VaSc@de5m$>!>%U@nlrCW<;!md5eKe=N1IA7#2EH>lp1+RV5qi$L` zsy;P`U~tB|rEM0FaZq+i@_5qLr9N+E&cxzf!Awj?01UG@ zpEf7+{h;};VDXpQ55x3UST|vm_v&ze2=xc8>1X-u)@tU{dYM3on_idDDDWDcCPzRm z0+U-EFCJXVJ>ef=^vht9Y}2B&_5sIn8o(UWPwTdqqnOENH7-qD$~Ula$fVQPQ*oIu zGNKo^eGkuog4W**SWcNrTQ#McPqJd z%vwx#oed@AE-AJ>SW(+sizJ_Z*)C>HJg(dpD(=vJ_+$5DOcQHE?c+#Ms`ic?yJ5aS ztKl;tVTIb^I~nIA@I7eGBH$h7U!5tmfEjEJnqPJk!6AKan#$NzEd0QS3#uMA(Y!{Q^=h0kNSzV_Pm8!^#5%OsU>?lKUh z&I2|o=m7=N8$OkD2+PQPK2>KHM_h&9RgD7jHFwjj6nHaVfHU`ZW*na;g;Xf^q)S=Ynzip6@71wl{NCQcJ{BA!Z;J!*77w|Av+Xts0m) zhnECR9i*a6g!rjm&#SCaWnq8CCgMM7MGdQ+nYzd7JXW3Gl=Jyk6^aeab8`F6c9Q*~ z1({3>%&fpFDex@ZuEpO_0Um??Rfbwi*`4S=9J#rHdkS$O-gzlg)Sl+L5JP5o1Q_Yc z5p=kccVNT<+Z3U?VywGGsIC|;(xQMLCeZ?zM6t7FeY4tB5@NL=yS~TBFabdPZ3f+x zj&t{ht#cFUGK=s@5k4)NgCcKYo)0pe58LA#eHf~1eHf-IeHf7GK8%Rr!;s{NC)gd< z7RKq}DSHxU@@n7kYtj^0?Y-9&a}S%Nmh=Iw=W2v#wpndYe~Y=?)pZ(=<-qiV$K?C4 zU$qNzHRQLyc#{RI>(qk#&&T1EC*5Nj>XZ*1YO#NX!sFZa;jd5e)Ilt9+j@=cG+^`r z^cxzo8EWGcil_dpRDA+d$_$yrmtoH`^kPXiZw_yzKHIA1$!rf11G!4Jx`0wM(0&L& zV3Bh(=Pp}(HJ6U?YZ#A4eBMSS7oenM6o4@vARA*HBCaJpx^7XrGbvf2+{gL z!B1Wy)a7@YGDvyC$NRBq6WD;q6MjjL;|X7WF&yl~AJY$*nwFsKB~edmUv-V6FI-K^ z={G;sJSu;Y6_G=z04t`SV%gP47!WQq(?kitDjiYn2~4 z0NF7CdEax6L#>8mLL7cbMd(cINz%7_S;Qn?c?Y-9GDHM)=wh@90f~ z?vPSqK2y(n)#=zPz>~TY{EHTRdJjs7wiLlR6Ztp+?b`=^^sy}$**z~qmM}GY>gW6a zUUIUJ5>Yq$r(b!%g^C|g_-|2o{7nx%-Iq*H{$zTB*a)<_bd!coG81$n+GH&9Dxvo) zQ|O}|^kIK}`e@%LeP}`-A3Qw(`pA8{Kl;e%LmwFl`p9tTquUJ$L@R5&_}!dgBKNjIMmUUOdVwob%;cv_K+e`Qk936 zfVetnvd&6SiuyGx6O>Ytz<(ss3nW&^pGq%XpqFma%VLLKx*U4>=NizEJGCsj?Iig=1Z z?}4HOy%ah0QeeM#cQ3tgBwgt2%075mms;S#i4-NMtzLT;_Mj z8pGp{4Bs3WE93p{6t%!(D*c}I9VT99eUB{xdZLobafVW|p{gn+8`PFg$?i{G9V+}D z`sTG&{0Hmj3^+z~xR&(Tnb_2BzAt{PoFTA+=vEEkgbT*%H|zk&XdX=S&Gx^*Rq9}| zldc(iRSXP=1?tJK+JM(9zg!uyFj=u-%bpg!<)$`QZ#n8R(Rfq+A4z(ye2TfeS>ywq z6vEsdJaURG7@H9pl6VOUh~GYw-2d-B`eibnSBxA`G0W9FV*}4^^KG!=ydJ(34DyE3 z)(b1)m5(3h_^$U&MBg<*AgHbK0aCN6*rU@AN?^jda+y_xPD#9AF_UK+*5L|BKDi)-5|0Z;_hj(|#^pW{CM^?KFf^yvBe&`; z)EVH_YzmKrFDaZCjKPd*PQY4$|1b8%XW)%2*FN>%{88SjcBp!6MXR75C!^Atz+Ek_ z6ik^_Ia4`QbDDJ%)tQr7AOK`p!s&_Hd%~sKiibJx>vKXdpyzaKkYZCb*Mdv^y(opzCm|-3FJ_gc7IgTElGu zy`7-qnOGCV6?~*#F+mRx*JCiCnv>BVZ15NRI;T0Wsw4Nb17^hUv74t72b6;McMcaB zj3Za&gHol{GrP8d^-EiSQAxZwMLt$VzbMe|1w#4W4X|5=%(h_p2Ce>S&Ixoe!^{h4 z>+=Kkuiv_`+I%y*eJt)~;V$5YGc)C6=@)M;tj5i3b#rkR4z~)^DQ~3F^^AvuPJ+%Zg2$x_u9vMw@rL=Ak(efi%G(xLaQ#1& zJZI3CiIp@Z!KWDN*8H_T%|8oz{uR*KE`iE6#ShC>HfpE@Vh`@w01uaBJfSwJbp_a{ z+JMJa#tr8@rv=Mr5e;NHJxVU-P$7ba-`L2F2%{%3-HEXg8eoVqJT{ill(U-lv5jSP zj{+1+j<*uy9ll&iS|9`cA-0*mCjbWnVA=pp$b&^;t*Fx@E9epJ9a?C|jX@4=6NlE& zswG4chT+NkM`v`_D9cyhxkD#P!ow1Cw`Pi9VBnyhNLde!Hd|JwO{AVAF>U{H^1$*@ zI=hrajdJ8+UZTdcr=(j1_8Y&AE7I(rh(K|@2@=^i^#m>!y~<|T0OZxbKL;@ z8?Bp}0ht@Eo9)#EF_X2k?TILygwWQHO|Q&8w*Tr6cDy$Szs`6st6Q28NoQ>4FxJkq z3(otnC*E-Y?Tdvf?W2Zr1G2QQRXx@J%`ZWc5=AU_Iaq?2kLYdwjPNyvbu+~8cZ)*h z?}g7L$_Z?GM`0QJW0+7qpM)KlZ$Lch*jI{VG ze`2?ww_M2c^bi4yfY!!WTHb}=Y>7W}AvW+!YcjC2i_L&V5aO7DY082CLY@ED-b%vq zp}-CyG5Am3BwyzinWsac!-q#XM}jr)`4>;!Qe9BuO`$|(%$iohFK|6)_A5-o##*4#Xxu9sZDNq&5&KXMfvpU*KMXfq(d(c*l2*9=K)UY z0qQ08#QBW&vV-{a2)>;pXXZ!h*SGPhM_Z3i62puf8XfH%8g-8?sROrLCiNb;O>^EB z)raixan5<4>sv)7&qm43w|v%n7SGqi}bf>(MtzPkE^}gcIN`9rIny*Zf z=_nfhauzu@r;$ngga*=NRL(Y#y zTlDydWP3r&Y@R=V#ekhBuyu z$4+4ZNo~!-q`d`6*a2#|{wdj~X6~@x`T}#t1MFV_(Uq{_rNuvc%46G>xzh_w6h*Vy zcZz>f)vGhGY5kVRhzCECLn;?6fy9hWEwFduNAI`$YfqO~Y3WLgeO^ifmi6;J+P}P6 zPK}LS{dv+C)&2HAF*hUo%#Hn@mEL;$!Jj9W7Za|tPsix>emS7{BriVte;1#m?Sg}g zPqOlYfyO7f?t*^flcbB^A(7A|ZKlBNJTYokCgRgL^2v7ffiu3B&9hWK+s)T|*8i>num2tWuK(Tk`RAvGu-Vu6*v|NLBxJaZ59N19 zANl>lu7v!S4-@0lnr?j7oj1_&iAcZ^ECbg+)9Q>22F1RX)iDyu`%ZU~`O`BVws$;| z8)Kh#Ug~&w?0?TnASgHvK)6$k*us+dq1UYhz3Qabb4jOM9glDb*IgN3AJ2dvm&$tb zJYMpyCr{v6{4w3S(B~!SCT|cMhoD!D?}wmM>?`T~Tp?P4v2A$@uw5wPAL+#}Yf(mV z51M;J#UBMFkbrotxUYxsndmc$ZAOYO?^vg_LQSY$01vS2LdFukW$oB(EAFa84Sf{;x@roOnFh-6f|=R z;oc(bt-8=BL9MM2s0nI0KF6=}r{Gf;Z^rY^-s!tK(1-BBYyLq*W5*xWEm#O{_lK{6 zhjXbO8v~2ZMqhlWoOgi*1nd1o#tq{9eB=ZY+V1K<6_|rp4GT@T2=9bmQp7%D;fgq+9kg_yI(wJGS-@!IfPrN)js6UP^ew!YGN6)YCG(% zv%NxEO+yNQwPyG7msY%v2^3%kFTx)+CoyhTh1n+imBqLLaxk_6%T)LRy|E)}RAW=_ zX&AL;?anoaQAOS@s~~2s0CRM~FFbQ}(b=v&TC0!pUGtZ+SF~2KI6$ODvuJ535f>H9 z+Q71mOiW}0_tliw4K{DZ)^)i7I6lhMeh?nUIhl?L)3TBx>F^HQTS-<34&^Z(I+J9Wccb}>}UMNlNvvmKq23tDsH$B ze_%ClAR33*%Nl$mv6#b^_(pfWnVR&?>XdJ0$B$kqePUtm_mL*K#dp!R*{W?$OXsSq zB6T%SU6rV-#ppslP8=%uv`Kw>wEDEk`LrbI)5erfB}7E@iFWlV5i$6*-TCzMO7Evl zDW9%ZpLVHFUs9iTIiLPL>C@JfPuHqXX-2`@e~?I8=KV8;q#jTO@fi!c1qB(_AG%UX z;7+I0WX;@P$z*ag69d@5D9Cb~gOwPZhIicC4h5=?Hw^A^ZnKk#PBonD-ew2-X>bGm zn1RxFLHRR74Ik>}I+7D!qW#5u>|QeQG`+D_{Vz9I{-k#2e;h)JS){|m^r0|eY&<-r zki+2STki94bM#x}=7x5am^gBL=T-Rfx|NRbmizIk$=9U}cAdIkEN=;)h~XQgt;gOD zE3;wAyPsBROLH=+R!q;p-6pDEkr#v3(%ER+Jh4c@tb%^hdK8|Lhz0X7bA-f(D&H71 zk5aVyA3sB@`9;ut+Wu#$bENwTycse(;)kcSCm@3=rX>?f)*b`%LFD*n=Z~hy;KB+J z0)|p&%@=t`Zmx4gwh{#S0%1{k!?fsALWK*~zI zz?sYlm!n?(68<0W<^Q&n>LpCe5xwIpCG#arIR)+~P!u2LX0?tqD}T7r zG5G0R`J3%?wT5pE=34Wx%3ZVz+Doohe-0o8pon8vc_`wH(-mbljK#yw^9MWfBN5F) zM0kwh*x6jxDWj!&;p4h(u4B#?{K?N&Vpgeijkd2FP&3F*b-mhNb2!`j#Ih`D85iG> z^<6)t1Rx-Hu2dy*$-os?CT5*hS6r01T&XKcHLg^0wFnl(y}7#i7}p`gT*n0{ayV9V z3ML-Zik~F?iSEsre`wH}R)lFP>8ZgutrL?q)?cLrFe@M63lDFSX5A?=(t3ha5wz~+ z>@@bOA&X^78z@)90EKLYLJURm8K$U*iWWW|WBk}Xi7|f0e)d!q_hxA4hqWON$BsDk?rwx)*5PGKOmnp(-utY18 zS<;GR^0cB=oF%Pz6$QCgEEB60tGE4uMmbUB2e`7Brw(NF@Dpw*(PSKz2=t&9|DizQ z#*|iIWW$qpZ8kQ&H)iK!%gA$D*=Q17Nk%q|x-qT^{Ef|mljO|EMjv7#!tonWo>-;x z8;(UI8;;qSl7vP!V_oUa@45U3p46C#FZ^DN-(s*g@5)y2*}JkSDbaQ5SCQ&vk?M2a zz1b>w(_Psrv{QYyaFP|04<*1Fw!FOWgqi|ypgvp3*9rmKaaXnqZ5C7Wc2~BToGl>- zUaBB2cV$a3r6SA#zLsgULeT#1%9hTf#WDtWWfypkli^a-K`W*x|E_GRS8~J)g*b@= z6&u`@O?^sEf#H!9X2ql|JeuuEF^Ef>~5$1&Ql@MA{7@5Plb^|Zq8G#E+ho!sVMnYY_{{XOg-&zo>n^4 z?K~w>k$;@0Qlu4A;uxbUGW%wc*$fVlEuVo7+<{b=%iMufmr5DNK&s1?&ZW#Zrro)e zImT2wmooa81m}_?ZpElT;erFK9q~{$SB2^o4`owwY3pO3;LnP?vI)4;9*$82T!)vR zq&!>RA_E(nkm+n_oIQ}cudzf?lf6y!uz2~(fOX|zIf2sW z^`5OnD+QxX1=Z$oU$uFq4?r*jdsFjTABBQ1UynA^sjAiAznhs1p4IAqj~@ZcN8r`N zRngs9&sFwx{+VHi_@~C6#6Q8rF8P%c z@x{54IE&esT6uYL;^`y29Fw^GBQJ+Jm!H`Gb)xLMKO2{{?{1L0{n)e09Q%e=3?zjs z8Zc%@60cH|z^k~{ty@q0q(>{_tEpJ&0hYhoTmI}m<&Qqt^4ECFpVz1SN5&mw`D>l> zk0x{SL7yrv?YD}7l;7wre`UJzcb;%C?kWOuvQqk8ewDe@(yb zr$S>ta{NKk|4i@rx22{3eybQr`Ln&{cci8N;|`|$dEWB7($fDymEYzqpNn^2`ag*B zW3txT_q^8AAEE5e|B+H2c2Eo7>G}HoT_xZjM_Y|PMlCgiJr$RmaqPj;Gk0{`XMJ`M z<3;_={?1jOeKX@_DUAk(Nzrj))CcUd-rm=29N2uQz1YT%{z}{z-n$=v(pu--5RdeG zjXGl2K2pTbxj-~CawF|au;~a$FI=H92 zEEqPB3WA9|ivA7PIx>eguWaw?PYT$R0or@!R5m{|8 zwWv9(DLxzWRGsh$#pdw5rVY<|?_rPSCy!>BWq4?T;+|%nSvJMIqYMt0JIeeMS5%il z*KH|)!;h^td140;@N$*XVHOO0G^ZLoO!S(>yqU$s77ULajx9bN{rE%Fa{}ezqumoI z>V$LR6w3FHhVFQj-7*I1=Wx4;e_T!SHT$BYMU(s^?hY&-EDxf=cnEJ%clf)dJL5if z7rx3XU?yA`w65$CSN>&zaw@g=#&=7RpfCr2DD$!20XJuW)vf#h@=pNzo^zf>10 zUT%l|=9qpU)C2Sf&jM`Vb&y(Pq_7v|V%0X;4QUJ3iKgjuK2EyS#8^`*-g2T#m2B~w z$>(cQ24>n}_`e!+4m0I&|b3v7E|~M9FFo-vC1R z#qva8lL>+itP$RjaG{-dl8Zd!C8G>3n0gtwpkoS@6;82Xo-z{L z4puTo!uuHN<`3~t@&~-p#z?@sLujipk}(=b0?c>E$THom9$9JNm(G7`R$Mu9<_crv zWx<}OL20vtJsgz|2|IZd$F(8?DUnCShILwy2xBv_I%F*=a2>P>C+(tyllFUJ47|$k zI%-QW!sjmYm^qCj6OP)*m`<9clI4HG`AcK>?(0_4z73#wHvO-J5di*>1%tMq2JLs? zZM88rSIrDsO90MhR8?R2X5DQJB@)^zL3+dE(2})FJuTTVT3RCZ_rp7R)YfBv576*y zg?v)~XhKmSZPkX57F!SN~1 zejXlSXT2|fHar|S5}sp}qtel4RJ9c_B9(W;*ZDDksPC+GGDbU&Pj@qbRmk?&rJ&F%UdY(_}9=+Kbc{zF3)m(C0yHb;Q(j08&5% zXXk&d^DoglpDND_B?TMU+eh^WI7!NnC>VsxMG9B(gpVwSFN);;mTta9<9#@Y$(&o~ znatZpsmVMmF~Vh|dKY~Y7=Ww5Iam1=7QmBAFk#B!;o$grPQ2M(`-+%!W~Vjj+(DDh zwF#3>_&$=&J&q}7jF@uPJEojF5~iHLa{OF-QT#XdjuC0jGp3%8%Syrrh~ctDd@D-w z9!J!T>!VU2dl=M18NfF+uFGEVVbhfrAnDE8om>2PcKu!j2=56OVib?N!!wF!jueNO zDgw**YI%RNyl)14>il*WM{5`4}LxTj&n@wa0d@g2}PeEumI zf2bn0Hg6S7WH5sw{5#zTy=1x%#n#FXU`AF^`13am=&M#czhOYHZR8K04Qk>KSkP;A z{($+swsMMjuaBe5ztjk)nUDIES$x$R=e8>LUY~@eRmnPdDXt|;axn1H{VT306}O$2 z3iiIL(YYkPnSaH(r=q9xQW@DLqXIA8DwMrlQWfx0+1ppS06{>$zh$_$RhkgVQ^8AR za<5&?-!!iCuQI)_@;R5v^e#czcu8|P|B9X5T9xlyDzm#}Ip8Jdn}5YXZq?4@Z)JY3 zt>JGjD*UT#@T=Ual?{GXfpbYx=3g3%r06&+xC>`PCN4(25N`N7jfy#4TK(PlrI$kq50z-q^#TV77tUqy1AsstEo93x!ZU-hd*!EW zKfgORAHLQ{3)u}o3iwPM2#n`817{~cj42kqF?3AFNSDhSD1PZxJiJ$B)faNI%)pI7{1mQ+GgE5Er*-gE&C^AUSwu0!YuvU{A3Vw1*70bon{Y%_ zLOr>?3H*cGYO$Ak^L=j)AMLi^5sDn9cyaw$<}94VO_s!;k6wH$F*AFMLI|9E+3bDV4q*U#Ew@+3XUxjgsm}t6$-5<|s)O_K*a* zm1c5$|1jUv%!h|cGo`~azCRn3I=*}+<17B0{@ds4(>{thu2d#Kg!n0|8i2V%9ZI`v z3tD#-I!7@<;F8T~Mv4*cr#Y$i}73j}Pw|M&V{-M&Je5XGrb`I&& zA3pQqtMc9cwe{^^D!z*Ero&fpCe(UzS0R-T2d73;VNH0F!lwYFHj)X{VndZN5&Ami z_eeHB$API7vH9edC7e0z4Th!Q(*iRkz{MvF^=)6C&*Wt}g#-k1?c+ARgQH8$Myw95 z0P**NNu~IoDQ4t#f><6Sb_o5L>kS0_Xt||7E%GMl9oHWPWsvZ z#2<~$iGVDPw{|)^lO+2UQI|zHl>1?kYpb0U+TWvuw`ecbiun>6}JVY`*1BUaa687V1 zryoF4sftCtWh<$^N?iTle?l|4Y_SZ}Rs(#Cbp4@1>bxQI#? zW=9zg<`cVU=#d$nlLSd6N}#=KP<}?|S)Lo)d85#C<0alW!gFI2Z)ACH{Eas_o$ig_ z@#*n zvA@d2^Z!co;k$hBgESAG!h`sYspYKW-Ahy7{Wb4arrtGq_oURj3wU?9dsm6(PwZK_ zVmw=)lY}0*Q0@-QUkAXUgZ#2)%{Ht^Nw9opxS;oZP0waM_K2M5yt;%ZI@eJ*2fJDgHrDzn;kh^9RPn>E`--Yts39C-qy`0Ll-P z@!0xVJitzvqip)Db=*$%2C{)sP>>wz@U*;RKbPHq2M?rwwUvFN)#&zueUyG+<%|7C zoyGQ4A#g!^SiiL-oj2Wg`D@dbFZuKC&-w<+Z}gP!h8|JrQti+;QGQd}^5w+)hne3% z`K@Wo=PtsIeFNo7deM}@rG zUz8}nD7Ad9iFVmRmcKGFA7Vh}(Z?i^776#oz5Ug(4}Uj;g8fZv@`i1rcIT2z zm^al4*_#xNu_w8W6>cD3ytUyW97*EY4z&H`>?R)+%J&!pMD zO}Sj##pRls!N&0{)V9fov79SHvGJR+dkUKW;%VXdDW3hHa)9O&Zoz1AX3kasX1Bu6 za^qHdmcw_3%J*V7CZ5pmL0tuqR{5>2UjK{z+o10DQwI9v>~Q+UIwiJ&~tL@$d$BbygE) zaVYeWabJ$|y7(Uck|SsPad&|Ey5vl0mpUOEYO{YD{=6sYFsW_-?#mtNTxgQNr%1P; zj$c)U6>3vr)VuevBJ$5Y46qhfc(v z4SIAB_6N=3F^n}M$*ZhPNiX(_#FzTjPd@I6Kkeqz?DZ#l^JUfn;~?ob!zYNnXxCfu zAqutdECcYUY-JxY26qihdp9{FX4>%>V7}?fFZzy0a(Oqa^7N$g_8mVczGp|j@q?a~ zXKCXHJ%mT`-zK*u<@|PXENg>tOz#(l-mJnq#7~jg>DuUi3DIyCm?Bht3OD% z&jN{;ypX7+WlOs=!aEFWk!@H@0hQ?q7cBlBn5p~Q4p@g<%0u=jW;z7=J?xc24=Pxi zSVZc&nJy(Tm?^6l_>GDMKCNL9W0*Q`%5nak<40$7GRB)L{Z#bEx4OwNg8tzqV%~1D z(SGv*NNnqFZ$v}7$Gh!Yc6&I+6|IW(9LAgHW}9)+(7w!|9_DlQ&;Bb*S!n)D!D6-< zvAQixBN5kE>egT)q?)(o3dO@q>74cP`KnjIBaCsbwgR8Rt2nyatoDtOAqK_^4-fz42>|CVgbBW2+9)o@C!1)2SLR%yl~EJ?xn zezQvmO{+gcUTx9M62qJaSv-&NNjPnbb9%$ZvIClbB2z-~uf*HOUkSGl+eWtLpW@g2 zm%#0OMN+JNo~~Z~47R4(v)9mKkzxFBSVIY(OdG^n}OK}z2BziwQep^5D*?$ z`MJ7ml+|Ul6AA`v!W4H+I0cPh%p$c(INY-X0Y__}?^lUS;TLbtBg_vYv+KP`4qveR zGp$}7`2*)L@(WY$?BR1!bO8!u~vlD#1 zPgK~Wk*P83cG&;u+NVqz5T2f^F7=qVR^y7~{g&u4n}gH~BOPGLahHN6D-$evHY$}D zUzb+27+h)>lPhgzK5{s+TMZ>6Q!|CTO%v!1IuSvz9BqX<>650@hdX1S>ggz{zc@IMsEh z4#JPIhJN(KNTS$VxhXybGQ5p(%Hp+9s^nKlC3$$1qIZ4ngy|lwefmc`obh#%JW#>b zKH?Zu@qK2abR@j_MLrx#U!jDI=}Cgy|B*u_6X<%vHUrHzO#FW?cFBt=*_csH3`12; zfciNM0M#T(MLxid>sGSAhb8*kNxAFxkZ5A)D;>;>`G?1;7zbL>$9B@haAj_wyu-e~ zqOLJ~dHnkri8dMo3bhsQbJW)7PP-)0`3zhNH#` z+RcW#B}Yakq$}|3d+f<2+{#4OveCeeFIAbDhi+CGdW_A!ka^=~m9<9ov>{*RCTVi$ zb8R9JRdQBGso0#;IMelkJ)2L5xwq{Hcz3A;eB z{F%s4>DjkxnKc4m<{9Dyc8^eT*pd@54DS@;+>d-kE$~ZyOVVJ(=E)Q@-0PO`*u?P^ zhS^MXllYNyUkv0C&*-k;}?C~zQPunEtC;7$A-*B5WY}t&4?cz zpsgQj_l3^(_d+MP;b6@_4U; zd+hhmph&EPaNA_K-2UozwGJKQvU<1u)9u3QTcmyQ>zp%s zJHgydgxCjq@jN0#F=&&m;U!b8>Jm)!Zu`!EjAXEyCIC#@dh-PaGA00BGS82Hb09wP z9XXik(4LAkiowY_3jrXWs7LIwlO@r<_Pr#2?VHb01o0`NxVoI`ZkqcXB-{0#BaBrj z;9ee8y>G{3Z;Hk~{*Ha*E;FAAnJvNMSAxwSb4FCbn38g@Kz?q~9g|~2zY_Y5of#xX zZ8WB&bczRkG!cy;fnG+b$!L_an}U+-jCvb>(^JFEWrq=?4Gtr?$F4YEOgr5kZo_cj_E=f*1Rhlr4)QZQZBMcH_gkXGS0MD50OKpuqz)Uc3~B#c9b_x?LF^e zj9+#5iT-t}s7d(%Zh5y~`)5M_btl^+=vkWS$Us<-#cFrRJv2|$t)_B$jA3cP=P==nazF=lsT#oQOk?swcYen*9w$hXlbme(a6 z3>N>_4YRf^JRY>SPVYUp8v@2~)7v|sSnLR@{7~3JMW9F5DO(*^2{;CDusvd z*&H$}ARiY%+GE#bMiM3xnCh{wmzd2Ruo36WXo<=3LclSm!F~u;%$f$%Wk|4C1TYP$IJU;ZEUOBJ_Gk{f`K-oVFs_&}?7F>{SThI(wFha6F zXjWI?K~6=GN1tnb5~A0{3h^;XV7O4uG0>^w*Y~b3xH{QW-{1KUNo{1%d{VHMH9UCP z`5Ea7_9^o6$woz_65b)RwkBkqAF?LFeziFt?*~e^bTasK()n!k5|v-5SA-gQs%)!a z-CAZ?Rh5Qy3&tZjQ(vxPdc}qYgR!C5H-{>#oCC>5S2!8S2_;wE%lcuHD2y~qt(Y`#?*IdxSjU4 z#HZKbQzo=K10)K9A*ag$`w$a_P_ck=mWJCqPnGZR;<5d_=rDa}4xX28aVw16)7hnx zn1I{B=PDOjx5`BZtJ!QUsFbEDsi@!s5LJARZD+m-CvlPYmb0_lVE^z$n$>P{d0Qc_NmWW!pvoB!bTJ{rq_?Va#47U|Iq;H_8fhbK8^eRWidhJ+Hsg6nX7 z?x|HthR^d}Pd0oyKE|(M_{6@cRaw0p>*t)+@sZc91cv1tjOUnhl!3^xcW#5#zln~* zVXCF!6ATNIVWtlTsIJIU2?G=q(>?aB;~c~1-@XyU=aH|e=^048iGJ*#uMOD#nI{lw)`v3cw}cNdH!OcU0~8rPqJ9e&rZv9EA)ME2?=sg%+g7#h(w5CdXp`c81+8dDe zR;%`wRarlD8hmQs1{b*v9_uzZJi;x1xtz&H-I06a=ZKlS*Io&Rea-%PxgreIKY5=#|I{n{G}!FNp6+@&UJ8q)#tAm= z^>mCsFNxs|R3|S!GZ0TlftTTnLtys6+9VIhTJdlkGXVbv8n|!&#!rqrK>tRnJ=w$K zXTPj?ymDXm)qe6{zdZ2ySpM(!$+^3(&G6XLcpGfa6g1yB=nAL!7ff_RV1f(BOY-^}lf0+sRVXooMeIZuh`8WHd=a zlZA#e35@^^@p0tE_|+&6ZN3@y@QPVQ5$I}5VPAE*6~y(L{qIpS>!QXnY3~)vaz3<$ z&g&MRqN0*?ZIehz%9AXdT%b6)h@33I5X{E%P3>tMx!6(M)aLOz_+CtBpV)`K*_1}# zY_l_8{HFZ3>5xfH_HSMgos%afO7^F7{-5caV_tCd&7ywv%`cuGxc@dy4i@?ckM#Hl zm)%~OAr3;F+S!g22jQ)?tF&s}y-?t0_T|8abIw)pZ4#bma_WbKN{D4HD^oQ!&= zKaXmjhr9mRCO*CFHpi#e235N?vGcpD&GG5UZTpR9l}~Q~c;U4Ex4O2k>Cfw@yi-x0 zbeoF=jiM&Aqkj#59xzuCpikkv8W^8F^sK{Y9sTgxJE{QQg9s{E#`Ta9JQTTR0qb$kStK?>Lu(QJG zL79-RtQlA=B9aG*1|G+VOi$t zG4+{!=wDvEr$n!U=?n(^x{hQEb2=pS+31p!sn0Pkccd7Xhd+}ZCb~cUUo2kpv4HIY zT3MvmHU6q);|nvwfuMq(#gF&)XH8c4yTRCdVRBp5ys;O;%*v2|j;D#(5d|C;U<{_5?S?hRKt_xo0G82}b?(zBF5P>;kte)UeuU)H^nMz?*!|2#xsi94Z)10s?^gW@#r`UW1#T%F6M*Bx zSahl~0YFdfR<1kj4R$4jU4MInZynIy;K8Tl_{f3o2mbNY{`JrP?KR=kl591w*NQ>p zWY-{aT#~&evMpsj9!{?$$k^r7XMZn zi%sjv`?A>lS3fhh4-3txt!jJFk3Xv4xf#2)AN!0mu_?z!lDYj?4!67HoUhKGC-dh* zDj3nF7@|X}mM@ht3jZq@eS(1|Gs1`9S3ZBi)S{Re{`U1l3$b|~T4gp>E$`@mzb{;U z`sqm%d%+fGVvl3BvAcUGwu5?%GqIBKNxJZahq*i4eh}W~!Ph3UHVxVX?2lsPC(xnc zh4s&~L#=LyhSxu@t=h1&nLX+p8r_!Z+Zy>P_}Wh4>t7cOp>!m=GSp%3E@AJNP-9teywI~YeXT2c>xhGz@bR;O~jh20$E*QZ2(MLb_XGEwU=cm(; zCC-h~kLmwCHOUlE)#A+ldg05B`TMd3fUm#X%h$d0E%hIos6Rfzu#PvZ8+>Wl_<_S6 zHkPV*h6K7tAy2vad>($jfB*cPZp%M$^S?V&f1-m}OEOU%0f;4j2Lk{brc+5v#yX^XYr zfr<(u`%;n%IkE$`mP*Bu{sc#sk%9f$!jWYpK|h=1z^5~kxRSOO8iTZkO2w7B!?+M~$1JwD}Ll`y+_6lrE z<42|DzcRlJQWd|HN_OmyLWuqf@f;ADLt{F*Gm>UbB=xT#f40u2AJimi2R zp-;cQo0@v*&iE+rcsd@l@?GJIQ2DiI&5L{(w2ZUV>9-EMVXL_BUai_$e-{0BIZjw` z$c9s!hZJNe|61JV-j<`Te^fTv2aiiqKQ}z;u>4;{CV|stlh+CU5nadOcL~CZE;IPQ zR$of{g{YzNV$okD-dYEm5rS3!luWpvG96{IL&iy>Cz@ZGTu(lEI=~(?Z$Q zxgFFd?W7m!pR(7H)BwP%%PXENAg%EN=gpm3!=?C6P8O>Jy{qjo?2cUkTS zV*iBk&(XizJo@)je?Jg^TY9`Y_SxSnkPO4MKCNEPB3M8}K*TerusZN)Mr`c9fe4&H z;}uXm6ChXv8Syd6^Ji4t#B+o`<=Hl1Y>z(aht37S)h6a~Ft@?|h1tBOWZA7(XN21n zsMk~nDYr1KL@l`NK@~Y0qHHEeWd|uDP}&ne?7EfCuGuKx8@_i+`IYB`KBid4`E#Ml z^R(m%Es8!S?yNsw2t;f6o~#NXEQi-anB_5QpD8$Rt^QCZxU;JA^^-BN1mf4KoxlX; z)oGc)y(-=~gr^kD5HrkZ^|a}#bG48-KyTOo$Q_W_?vf00KUcG^R35t0`UE-F%eqj>dk?%y%EyxX#~LY7yLST%PJ|^lQ-hl#f+f^ zC=wreqg?sz7>e)w5EJfLqtDgN%R$uG7Vx+!)^xSH5VNKWP)h~i(jjZHFSm3M3D1o# z23_bxief%1g)WqgIc_DpZ`H2V-TmtLLm*-fVdfOn&>A$GgzO?~Q0H3a^w8?Ja+OY^ zCufIUQ3oQLBf<{*+TA29?5gGp9kr*>5d&4=`sZ>W*8&uAw$D&>lwMvlh}*r8H)kk$ za|S4M59Q5En_PKwhC@zD^+$s%B2AG+f^LIsX%9yTGYuBE6Z#jg?$zG~{&u^-NGn1e z;Y)Nk15c?^hS z1$A_(ya`|_6ygg>CV>iEe*5zc z*y}&e`~PLHKVj|Hv)7-xc0l%eM|%2`qX9We>SBkuHU}1EGL;cjg}L@a*RgN2ur$1` z)nBdbBCVM5*oY*%$S?ou%=o7r?t6kg#nMUc`&>f|Q-3$BW$fW-v}zq1h5vLhxBB*sPfj{Og@L zqNW1=wM7D!3+AgP^0X7PBQ!e!M4?3ed`Esp{CBby!29{`=D@pVJ@^-j8;Er0h3?cB zek?CA7P*LFT`2}yks9~qn>ZVuX-icq>o8i={7&gJ@>5GcLrR|pyTO+58oW@(7k=$| z;c&bV|B)D}%~`WOww6ckPmBL{>8)fS(K=?^f4iUh!JDnu1m&2TREXww>E{$w&`ZHyFzxvOCjo$(k zmVWFGr2J)di!xw*w*nv*-S6sHxTxtvFj=V3dGY`8_Ac;IROkP25)ud)oJG0B8$^i^ z6g7wnYY-AlU^ea|T2b1H#fk`()>L-|ThPSa1-9c_sswG7R%>ao)nBm{3Su-tNWd%L z4aG~;inFZMAT?YB_IQ6Q;kx8eE~!Ucgzw~ZB16%Szek25#2^QVV{Iahy_j=j3M#Z$+Ps!z`OC;=nv?|!ZaCy;gTmQ;wx}w2YT21 z6-RubHMA%`ao}tZljT}tqw(freBoP!0OcwIv|k7i&A2P02n}OefdeJ{`SH&Dk<;Ui z3P`Bv$j!9C{N3XnF*)B&{}(@=656zbUBLf`?~#~5OHarr;Xfx;|2hz7U&Z#G=#1_C z*Gd)J+fh){GHTHNm^feMR6Rkqj^A?QSBWOl&gPLyZkw)6+@=Q)<~+|3s$F_eU$;gT zi5sz9cfY3Hx4}D`xg@Xv`1T;(I9{J!FWJVtg++Q(d10}PqP%c4O$FDCN21=sQZM~e zWDa|X7BD!!kQT@A7V7>}beybO5VVnA+>t4`}s|qKZ zcl-swqWFtrozF*E1J>5(oa>y==CqWN)N3^&~cV++S;-daI!vDWNTTlc@VXpnpqb7WL)*Z4{x79S9(@i!zbO#f**~m z==n}r^}&`~E3`F}yHVR7Wev?Ilr?C@oA4WYIg_eqUInU>$`_S z`%D9EFmua-`v={1Rt1Q`9{Laagh=F;O0S7$j^*&Rtj`*M!ja0iA4*&!ZEQ^5D~A1>ghsZq%;3Sdd5`}FiScMS9>{M zI+Wkj^Sz+dL4mXUK+|LGsb`L&KQ>+ynC5nTY@a)(g?fuB z9a~Tn51655NOz4D zW;fVzGn|QjgqCkbKA=GiAVkOxu%~hC;lpGk3;dK-H^ZR*;cSFR^)i|(o*Pq0w^9Bg z>fgRdN=$N`;CK^MBIe-iNJd9l0!gK~cMz)-?b5N`!fb06)9JRU{|-*{Fpob1?DT;6n_4WXe2mgbRas zSgr4yPSnIjFzt=3ma2_)m_mGn*N|&tH8z`U9NjL9_Pxt4K5phcvL^x0nvxsmX`$0N z;fIvQiy(oeR8vG=I74dCMJm>MBTphMmzZHP7D*LDATmR0;Q?eL{4G+cl2t&4%#QUd zK;t~K{|n;niRN8|)Hoxyo4@=|R=Uor$`H;KVUiVnhN6XE(P@JbuwMOk-E)tlmkS+Dwswo{_M>i2Es$+kOKNv-r? z9bh5D-fiA}GELLJBU)j)%eVaLNk7Fog#y!6H9q%@QMpil=Z#V}-s}Iy*y>F#WG==? z-cW7v16&$4=kacKSkFi1`sFZ?A<2~%j)Nb#0S?oS{1UW!3^1w}ufcFYJP}i)1$yiz z`jNEPNO?h4j#^ATFRuAx`cS)F#l`^hTJO^WmtlcbQ`H8^aaDXTueTQZ(#j8LD{6`u~+=Gkbd>= zZFU3ogvCJKJUwzbp;4qSf_faB&uNYi2QH@%1pZHbS&#mxD0o*<7K|pzp}uRzGm~%l z^B}R2#+QV;_$hi*H%Wy!0jMt{-j5#=$dKD(A5w5YbhFgxlO3yFaAZj{>x;$CdD!`1!8SsLQErB;< zOQ;9H!aNL!P()d7JPS5+g(5g<#x%#iqaYeOqqyP_hjCtTbSCKS zWFk@E3*Is3-Gr>b6)VXiO+MZA{$8Acl{l$*C2=0B;BG%uTYQmtp$$J&Y!Tl*=GbK* zzML|u7grc`q>IAwyYn%m$VG;)7B&`;oqz-7_nFkpA27^xZ2TU3NI~nQY7un*d z#;+SsrHr48DuCJT@8Fj$f3?H@&?L7X{%V!tug2pKJR;*CpY&J5_{mABpCkXi+g~`D zv}`Ot)1G+U{^H!gr~I4v=3>>?FzM@+81hHcC~`(57&qR1U zy)AKjeQgSYN`oie6M5Ndko%*DKx(r}dqhw~dJkh3*?0blP6kQplI1t!n;-ZSgyWK`6AdvmYBo-p;#=UHpSc=;p3$EH-uHiOwp(+`tYMSra@leSSy$XVG{r zk?~w&jc1k`kB8K#O!C~X1pXc$rV|aNV;SSZT&H-VdVwccPakL^ry07X=s1ng6Ui%- z?bcJayF>ni{HuLPFnGF`P=wFD(LdG`A#YcYvt|ex8QABUy&%2BO2{$A{HDiC)cS4= z?DLUSJYsvSH+xCX2Vml$MMx1${G5Z{(rscWHu_)l7^fEch)3Y!A+$(+1m5Mm=(I#{ z5S(8k{&<&I=cQt~oEP0#dI^gFM(7d|Od3RH-{y%7z&PpCmlIB__uq^4A?Z02)Q++jqd95lEuyoEGZF7`Tey^HTyC;<1R+ZgP3thsnvCiS>Mf z`OiIod8^OwIr`j=y9Ig)xV-S?1g5dyFa^7VK#`!I(+C@P5IBC8ZB3;&hUt?d7tj(@B+(hGx3JlBV`I2bu~M6eUz&<6i7jVxvwS-=iQNp48& zJ8ygF{DT`hcn)zx#KoSwPg?}K4KDT$!R$o+&hrvtf_Jeb6{at@c!(A1-7H)Q5;bhp z7Kel@8NF9=CE%7SqY`L%D_9dQS_Y-g(%6#5qdni ziK?kgF|cr?7NCpkptsK1nVZy3Pt0ZQbTj{{&_p|Z>wU?523NO}B@YT{Q+40^E4Crq zUp_%DtgpXKk6A`fOMZQH{{EI|N&f6c79WFBxE_!Qbgsv^ovE5n`J;n|rsE5tr)OX0 zp6{fm@Q_&ffJILc;mOUpy11w0_T0b;ocsMNGk)jS3F}KlHa(GRFU;^n=3kiWNx(?} zd1I1gm5>04L{z3fs;tr(Y5GVNZ&TAK_K)A-p8HO+e~?mbmKvD$fNlTSpM;i-F6jv!MNQ1#4nsc`U zaK7llfU`&dXOIAndrABLQ0?Vg%&;KII&)7f?!2BsGH#i1hy`uOI|S_6)P-)`Ny7Ja zgi3b$&u^8=O|?4agYmUE+K18gm93|9)uaB)^rYZ?hJVa`dZQfue&vsx%% zlu<*EMlmQo$~CdgLB#TtgANar{zegLskv$~E;#E{(LY?;P8(LsMU_1r*3w zEiLpcU)16z3!Fw2E2T&8C}rybEfR{_As;HsL&2t5up_v?(n5D*@!WGn9?B!8f|LTL zIgma?{oy4f`r@wy$jDTOts)IHFG%oI8mQOkK};bj)Oo3*tEEyKua4K?QEH)!IZWu9 zmhwnL@S|?X;;scZKvbR*Ih6F_E(Mglb z;0uyNC%^b5@~71*8g#=&Xa9F=$=fWNb0UGd=Z3yZ2$&KdQ=`Gp49bWPW@`>HuJPEaEzHq>V&KPJ8)N3L)_ z!(*L`w|+Uq(fB|ZA?b(1%Z-~!VVRwzaNFsHu_?;s?4j!Y;ZrbIuD~TN^kg|y(_sX2 zbTLbAZ>2wsfWz=SARNq)E@(K+Va2>;{5l;Xz&%a&w^=}#;mvYTWTJb_@7)Qktc8Q8 zGh9{4D>!MG_jKpHNk(l}5?QoW8MEKzOK2l2O#!s;AMVvW4 z@rwVXcI;=xLGiT@Bj&mtPb`?P@~91vY9%4nVwP7Mb>P#B8IKa2$=L{_Cw`$!*Oha*dH1UwKgOwxPO zsb)4nh~_ZDk~-j5Eo5LdOI84(YN2g3v9jv zibi)b43Rd69)4sFFJg6MDQEpBkv7~+UP`EBz#cyXF?omob2Y(PFIHP|SGv)?wYrXe zxU?`_V_K^l_+lv`;3!BJ;cP$x`U)d)dh8zhr_2aHOE*a$lZiA)tzqEaO#f_#m%jM? zI*F)EkRC1y4DUI8izj+b!oIKRr*EUKnfgY@Uq6D3khLJ=kmuc7w1vmhf|pf~&eVhN zlB;a}EQ0tJq9>Tq)3k|?XMlVhPhZAx$*T(SaUP>ijx`P9q?52=%oz|r%?js}>6W(m zQtBA>umA1PYWKQJ**l7{%_Kt_7sbBLXUJ}|2pnt*tOnq*ipV0yqRO$#TkZsZwpvU{ zbu24!sht#G(bJs%;*OW^xl{Nvv8%T4Ejo+ZjA)Jh_GEnE3i56#n=HH#uc)3$f>@Y~ z&Kg%t)o(7F1)iwNe!@gO3d0yPL*(=Xl>x&8{Hu*Rf!pPB1eVW|GmKc_5=DPcI|V%; z-7cRKPjmo5K)$~seSuFvS@m5w4_;#kd2kfkyi60Vwa<8>Q1n(MUgI`WGHse=i4cQQ z}D(=c}p;#kx8y4eDq0J&yRc4^wrl9;lG;vzO(Q1Mhagb&D9IJz2H1iJbOT^&+XnmjdRhcX;pb2e81rFoc!X3%&3_< z9*>)xKe}`8ZMKGvi!2Kr)Z07Un*0>`x6}RUzc_t=1kCs=)@Z`FVvBAgij4TKcJ?RV zu|IS6?@L%P8B4GxP~;zAtMlOL;RxZ40=&&(zaT2m7mu34rD?pRE>s?9&qK08smHjs za58O1;ZzT)1!t|wRPq*Bg>(5pAzU?E=Oe=hO`)2bH_RfT%tALtSSEo3$aqDOe$sA7 z7%t;yS@N_YCyzAhj3U%QEaA?z&L|WK(GCYQqSgTx5fUDNL#i!s@@AT9v0%XtLtKepVt2y(B&NR$2<^^yWRabg zr0o@L6K@#r5z?3H4WE!|u;F@ZYh>;1Rs0u;@g8zORa@gTkZk8k21sK;E^QIPI95pU zE6nO`B6)A4*ZqxuawV(CiC@VZ%bM5y=J{b>nzz){J?=NO;LyIjQ}(i`VXI}4z?ArK z=;u=##PjW8x@efzxPqICQb1~6%GRr@E!KuBo1oxW1p5En^4cZj|=)7oH0d9-udxH;{PpS&iX;feEtp1yjiPvku?KiYx}xAFN{mN()`0 zjx!&l?WyzCLg(`lmR^!v!R@!xksUyf$lkkLrWI6JSPLZ%Cx>JFZAY8gTDTY-HP&uA z$?T74p$1040mi>JWeo%c|EA3c1_;w^IRsZ6i>wMEtrbE_$Ohq2qAUmt&`zDqAh=rw z#LY8bB-0@As-Mer$%n zI=NHe#2ly;^D#g0vp*c>8~Zt7ROmy9RXy1GTPx`;4;?d{FKUT%te4aR^=jds)Jt;l zaqLac?5`85S!_2u-8njM11gtM=en`Th7NIg=k*~}DA2*M%^*T{%7Invxdm6F%>9aU zj1NlEQ{EKt#U=bm3#|v5j82@c_RC}3MY_a<|4kC#NCJhD`ab}*RD0IHE_cs3SL|8m z+IY0t%&8H0+gqmH(qpeu2(&#+UZD!!D68?zQKvW#RJcKuRccMNkVnX4+PaLqjgHW{ z{Am8bS>y~w^G;d&z{zRrzU?M^-P6&Q10Rne%dg+Y$E~4(AP1RRc=kcao%074W%zrL zU2R}7`z9Hzy3^eax;6ofAFg6!(bRzv_#^G@?Jc(^!L291WFtZ2K~c)D0uo~mI`adz zcS5in$2<6;9{rw;s6@0O{nq#P4$3eWb|V2Q`Ukv6n)H`^#@_)b9^-iiBl3&(W`0TM zi43FuD^m6S*f}V>GdYZxG(HzR{3{6>ln_8Em1>;ABM;K?V-^G@XakQRl_0 zJi+H#)r67Q<7m@7unpR!`7|^HXuv$|$vn*TiD3E0c7~91+*h=YV`T^~8p2zuPwFC9 zrbS&GS%UeT*WUXt?VaNs z5u|2vxyyDc_ZvC=A{|Wkt&HB2=(|+^%kvm=w>LXs%dv4Ie=TH-BOKRS; z9w+WWs~{Wu>Xi;Jb0scGEQ zP2k4k3uQm7!IjkraRUv!q8(*+;u1+4e*3twv_OD%wOHY+HhJv-J*aH z=~CDZ^b)J(kQmnMD6MC_Kl=-jOg_t2fWEsMB?g$u)Izg*A_FP%c{vofFZ(QwEtHz1 zKeqHZsP~p?|MfrOgY9>>*nWw_+;5(E2UGmF%UTyI!RZbVU;i1*d#2SLih`so#x^AZ+s2EWG)clt;xTH4T7}cju^i*! zqj8KK`hcT5&(y1Zo_F@(ue5ibR|7^81jgz-^EFuz=oZd%WzR0p^H4P5^ZbJqZ0$n$ zPcDfMimMm+UX6uS-4ktE6hn3~F`>$8l6k^>>Jvca>b6j+*fcLGfSoR=W#E3%GqY%N&wr)8<%L5RuQ z@x$cr0yk?q#7qT4SMjEm67JEHsAn=^o>B|($a#&jsf{FYK|J&1lhwS}N|p&P=4VeX z;XUB*64?~bkvd*q_%aVQP8KK3 z;Xsk7WHejOz!%|oN4m+NnTl*fcOoTSln)I#K-D%MBF3dL7f25GfaJsixtdLm#_A%$ zb&L>&VWF-hJ93LT^CNoQs0H(7rNOe07aiMqH$kMSWpbm09-ed(GOk984$Yc4uYy7_ zNuUsRDN*oYFF~DH{ByQ^%D6*9i+Q%d9l`6xo_S9WBMp2ii8PdTlaU4|I_5j%fl@?m zc;gLbBODe`W`k^jXAyR}F}$$D!vs&af-4lJpEBLDJ4|&f!WA<)JD*s74yQ;CN+A%t z?-P*71>_ZrplG&?gm>*qBrHe%F9fu}U48F1gbJ|nnFt;DF#01CT*w2OeJ`fMnHMq} z;I6}CCxeg+hgL7`ek*B@iT^BcOdPaQBfQya-# z#r{4u8{q|%T2?KZ^UeE6=JSyot zKL1Yl#T);ene;GA9tPy$efC2a9-?wQJ)9~J1NOtc7|rGsvbz60`rJ;uB#dwG!SYh6 z{nB%I>3(_GT^Q((CD2%*mVgo+5+!YKJwL z7Q7E_ciIVy_C8CRHrY)#q3Q3qjS${w?`L?dIsg3F8cxj(CuPL%powj5PEKr0Gf(Wz z=Cp~0W>I4=HGa&|Sd+#p(;Hud#)B;OD%#t4n?GG-4{ykf&hj5w@k0_gWH9+vetdjN zmFLK#(^c?Lo4BDa;zQH>XELYy2QpComr?&hSu%vOWOnqmWBi^)ra_3ACrF})SANvd zoI3HBOzB@+vm9fsuH%9GPhGqm0MLG)7K=!h(*a5L(RR%#rNMOe`qA!RCydAY*I|tr zL^~K_SN&Jlv0UfRQ{0qU`7kRa^mg^fEDp}%k3#C~U}DFzpVf8Tk$;$C@XQw<`Z^(p zxPvKm`tT^ehtzXJq!J#~mM!@8mo_ zb?tX@-bJHgzWzGdhrf&SEP4y`_1}K|UG>Lc{22KjeHZ;z*Rh1@pR9OD^O-mQ3;t0S zx!!-WTI93}P31pinL!-yWGgT%wG~6?>9>SmvO9qF$bbirSlZhd*f;;6!;M~YH24ox zvAT{)B#O1jv`0SpH6b%_)9rWN*|TF?Z}dYt(vDDWM{BzM`<_{)EA~X*^h91pc#o|BL((iH)GCsAJcRg>eE|tq>%Ea1xBBlSLD@s@ zi6~S-J}J*5!k*OIXrCfw9r^UR>=Y@-*FUyDb#y(B9e`xc5pGWlzH9pzyL|Yj))tc z`{y@c?*3JJaKYvb|1aceu>>=x#{V?AeC|X3sh7Lwj1~LpSdPRu&Bt%B;st5AB~$VP zgS?#89+G)QGpQ*SSB!&N&NM5*aiq?P9H(SXI;^@db)3Pr({TtAqG6D~>3+mZs`yzg zLQ?n@3mHsjz)Aq0#Q zz(`mPd8rz{yxfL>Lt6wzP305`1#6SX6yQNz{N1lX0N7*x`1{1C8`m{|+V@zpoukzy+?S7{7cr<5z zi3Cp~~^eEt7bk#y6B)Ut0Z>?2(VBk<*limg;q=?mC&2Kz$4$>%^vwda}WM_i89 zCp(uNXA&<4J|hpdF=T`B(fZO3=#e9wClb()(p)GXVXPJJ5J^dcd~fVHM7|-2yMu2C zl1nbwOvgT@o)bL?>?b6<*;^7=8yFOW`PGrXt70=$+t=|5?0WnWD|w33lS%G5-fw@$=*fGhNGpclwF=NzZPQgE{#p`aq?F_;_ zv?g2`?DdBcvJ_}Z!?&CSO(m;r_5=@Q26~U!0#kk9>i8Va$Nv?h(98|gi6_{6#ItWl z*}8n*CE$-sHCK6WbG+84yqC$p_w(=lv`>qw z>?fRV29{t2%?HYvptQtm@NT8?^k`s=N%WVo2^JhL4BP5;x7>CzUSU7Ghp^()nx#ZS z#r`ZTkDA}fn9_wBsE*K_iL{* z{n`JTrRrKXne*2C+J~s~qt73fRs_N#6h)IdCKOXR;GDQfWc{)WiEwDQafM4Sxgs~v zSCTL8F{iHpeZCs-)uPXSk?p?SjxSp)*`+s_r~Z&O6j8*%jm1B@&Z%$VkDyQmaRf+M zx|j{Mq{cZ#u9v`S=Tzkcd>nv{rp;+h&9tVKcGJ?ydT@V^|LoxY>|2M(t*WWSf)M`M zlNey-uFCTo6NxR`WA?FMT*9kI&j!e~KF_gwyS;WZ(VlOI49Y`ex|nQPpKQ4*t!0`T zX<4%6=Cqb<2(YWdm~)aXo6}nENNqVj*>Znc%a+uZ`N@`S@N=}ZoH|v@FD|oN7NxZ; zNNu^%ZduKCK*?N!X!6MDw$l2tWWQ6>`epMW7cfCmaC1(wWmQ_sS*ar!pKQ4}tz~s; z%lzb6A4wZ4=YNG!Dmm8Om3F^t)B0sKzGMF@RW=6zf4lkm3cSW0MaZ}JQx1Z@p5&{O zQLqQ8Na1z;9}X@^%MViEBOkP}mj=fS&kVGXfBJA2`=<}jRe3_5x<>q!aSzcBF0z8% zcDg?MfE>`VtNTfk@iNIZfFveAadlDrZ;tgb{s#3#&0#o=`Omjs$ioYd zs23b#z$+x_WZOgV8jry-0G!D<@}_3*fRs*t*tV0**&$Njl~aE0MN2QeT80rJf|U~XNf7T_5tKNeKc zty<_wu44C?nB22VebM0?xp`R%|CTZh9bzBc1zqWbAjUTzX`@5eut(x>$rZ$dS&zY7 zY7OQ|Tuq4}OU?u&_|d{G@E-)ZX(tI%hxtSl(NX1}ME$V8^9&IvmqyHewD;UCV8pn{ zF-iRmW>Xnwh&V|VyMQ3sf?Oibd?DX#N!o>O+QN3Bj28zv@`a3_)M365RcMA#hN3}@ z6FN!=BKcf6ODD1aw>(jtu@03eIU3Qti(Uiv36xeRdfj>^{d>dhgG;qFuSNStqIugI zVtLUkiWj?X-ZG=K=ruOI#k-H#5EbcCg}NV26LPr(W@M5}Wq{!hpTSMDvBJUu%vz{i*zNAptDI{r*O?_m zm^==<@fi6&qsmT`-e*Z_esupl&W*m?ksE#QmEs?EOgqmEBXWZ*Xc}ba1_2ztGLCot z?6jSa_t2ZV3;TpLf|wa+xsc=_IbSvBwz-nROHHoR9Gs906*%%~we zS2ABvPcStX(GkjZax?Sk9S$f|IfDw?jxie>w^k-xe=hI`ZpRslC0^~KgA-jg$ zqY};V(y=~rm2MpG>`LR05y4Q2i>&-M`z}>DPngL`1r8#&6VHN;qg9`QCsNWEIrEvk zrXv`|_&&{Lr~e#p^!9v-uP>(Y6ia;&zGgn!M4}I?I8A%- zo9x?8BtI2$?~6T5H;{*e8%1_VN`pz$;gdxkJ^gNeZV-L)meX#dzrM%@y1m7@o-@m| zpIu*%e`h~3Q~UAf_;ot|`FS&4{&%KU_30Zkwc9_QsqOq^ruN20y0Oc7<7H1UR_zIH zI22e-SDWc^!x!|UVWvmBv%%+n!C&Yb_5!&X<#;n2aeisU!LeCoq)haY7gMmYz>|0> zu$yKsS@WZ-IM;}9_Om&{4Cu?jk45US69Zan*sETTMi{+Cs~Nq0M2d7%kD_)nyNi-9 z-h-SG2g%^rSzaYb4KJbFv=*e|fi@>PnJ&qn4aiuY*YkdGP`Ov-@;^o5Xf66Qm+#CZ(-lUaQHK00|ic=G8D)kD24qYfU-B!6J`mpYiGg+F9{zax-*g$FmDmOyeli0_p4 z>Xm<}h30xv zZhyXG+Mn;Em&trvLj&QzSD=LlAQML96KFOErOOwN_}3xS-z2wxh~%RfV)b{0>Ti5& zXb3ti^+ev&LQ%#nz813=fk137T`B%n)r<)5U?_W11r12Xcc~F!RhST$%jC*ROo5=GSD)Sj?&8MbP!2=wcQaV3r zVtcEfqThC||LzIxuK($ksq3$RT?_y5M5JIL&tN&Qj2VLNi~y0|GE%-|3Ti-6dwwA{ zluHyi#`oofP9|^V7fH^)enR{6_sIC30sWy(9m=CbhyagrI)X$BlIwf%HgfFHS;xr|@_s{=Cz&(CGUm0S2icW_0rv(zBQc}E>)z#` zK0Y{RD9N{^!5!+7@#Z?d{E9B|*SJqqXti{=j8_IepI=pAEtJH|)qC{dT`roTs-M?a-Ijo+YAy77565tm5ysEfA26t^ky5s|RY?=E2+Ozgr?1P%qulY8su9;5FVNAEQg75v{s-KW6UtL4W8|9>cN zAO0t%bPre32KSd)I>-3d+dHO!VJa4ub4+{~#CkQ?HBc*-Hy;=&Bo!?w6`{*@6MLhI;W> z{HOCka@0Vc)Y=XN+y{vK28MTJZ9c$^#5R1N>;NfcvrN7aw^0&5Gz_LY%qJ%{V z={DbFf|sHEaDsI>*>sk+9#7w77kG?J)$5UyP7AH{8_2Qp7ix$!XfnU%vfyacV|JHj z2b$ye6MKoC#p{B35#pc=^rljXdqPtF^*Rk8O72{!?DGR2&4Q_PrnWPpnKIprDnQ6l z)Qhl9IWbetzQBNszLgYqJhqPs-E8qhUX*yw7q!qFXs#l!6Wdq-I4BF2(D*9cm(utM z@OqNce~G>Bt4jIsIhNfUB|S)Rey$5neDt?~M)vx*U3Xsan=nPv5roNb&_LqB+;wm! zFMpB#CxgRF@G#fPKlGnmrV`L1ezfFS(%l^oJ}>eXhjP-(8VSN$#SyKR6O)ITz>ru= z&Ji<^K^Q6P75hd`j`Wb2VIJZsNueyP}s}0*m)58it2G&7j!PHEJzM z&wVsKFszuvuvOVaj<_c$k{te?u z4X|~xakr?AyM;H7{w~MP5mUFkSpL@HQ^*8q#lc`ctB|SyY;o)Y4yIkK>O=W&B3P1e ziY+RXf}j){Os;w8?^*8NpoNw*E5C%Rt{6Ij`{XJQiO3Zrb}sR`-}Rs3iQbkw(Vcyg zC$cy2MeG(9C2aY0tL}a=@K>6wSnVaQj{L}X53r*uqd7UxaLkL!&xsE)WHp5`N!dMB z@GFezBZ|ms6IBU!1XtWMin^5?6=iiq@~}d6)!+pF+LP-QDEeoS#Z6pdY?(y`PxZS0 zkICPO4g%F&%DynZ?eQ1|IYTte@ff&|Fe_vcd&nNjUbkK z6vTR1zZqe98+o?|^9kaYmFb%J%#Bse=lZg^mOrei z9SO(XlE|NQk0YN#K)J9VEGdO61o2XP^wsWRraloVGOG=QH&_iBt zGwVn{yqhA-(z)Hom`F=G(^0kWB?X!hycGdpZ?K{=%2}>!Cx#<{Kg}S|3DySY?H8) zTw<{3aK9w|uBak%&+)R6ih1<&xPNp>`B7T4E!p>#S~UN`^FZ?@PlF1@5vrLqW2`k)7X{_3}m?xZz4;>EK*z;VMg>9gL+8oJhC^zNW8SC>o)|pK&lXpei^z zD{u}FSejHOXxtl_$3@g2S7YTHOGkIJ08QLivj|JjK@h--Zcc)Z<|^GmVvyjZIzjN) z6ze6|6a|JOcM3yvR9PKh(=bQ<7TZs448BdhawB6R42L=1NH$?*uZw_?j+Pvaau+T4 z++y}?oLd|mm*pQqZdv)0O3G=qP9e9$!9)cvcbRWqfO$*(5Urwx1l`uk;QYZz=l(ve zZe@voaDf*5Y*!*N$(TQQ)+B>gThVQ?lSJ4~Vrf+0q=ufzTd@+-tkRKo9OCu##K8y_ zYKs?N$eh5l_c$2ASBEg`5a<<~cVUtw3uoG(Si4>{WMCs9Ad>x(nQoFWId{Y`IdGD- zLU1crJ>X4j;`BO_y#S{K*$Y?^BS@N^XylbujvNHh9REs2>!NEsK$sdYna>qS5`zI3 z@L(iaN)($c{`K4myV$EqFhQUz*<>dxYDo@c#*#D0vw(twaj4*BxNKP&OlcKItE7lv z@{{r!*?(UJZb;UraoT^+RPpAJA+2~X?jyw#Y+gm}Y~=M!_W#IJ9{)r-Psx4RA5e_^ z+eDPo>$%bvb070E^%740tc5MjnBWf5hdq$t)ZJ|p+)%_s!r4y>GHcr(c5Y>U4Zzl!7crjDO9Kr~Vr@zTPizKj$@?7xihT(9({kO$h) zmlAHvOx0EX{hT)XQa$)=FHs}bZYZNKLJLo%uC>AC?;9WdkF3;tfj$-5nouD?s;s)% zRaS3itJNjTZG*B~($5X88wgjgprxuP*jiE0P@YTL)n%D&?4fJu1Tz-@xf~jy#I+bu z3X(_UyrlrQGSk;1qj7S-b0mG}CM|R(TdAJyE<3fW=GpG{M!iFN!S3Y6whc*XF%Gx4 zdvV|elJVFoCXBlt%_D<;15z`JLSTOPSzcpC_bSr4=cno0J?{6lQ0}>aj~S`?N}J86 z&P&y|D@zU?1bi%Txnx~ni$OH!Pk$k`;eh83Ct9mTf9+D-v3Vb@5xLG3Sl8!2%h%(r z>$~gt`uwB?m~TH+*O3Ld;VL=7m(jGb2=Vc19Fq@BR=k%pR& zxQ2Q7)H79fdV`y2YwB4;t5r0Jm5&a~r0D#Sv$W7aQ8J+e@(}@{8(F2X-N-|TP?2s! zcbT7@!<3%W?9p)_2~r1Hw$dmcnNLS;WI+rR{uxZRObBD}K&JnCIqm>FC4 zO(L->i+)7u2NO=wWs{Y6?&-RFbKul8UCKXimopje$)>k7R%xV@RT`PXD*bV|uu8t< ziX&kr*_Q(&IPGYMJQLj^<3W;PBCWawv8RCQBaBnJOEuS~uvLHC3$}{y5b^1Vty069 zOl;NUqQHgZe>}0E&e+{-uee#N8Fl(YuKwENYvqz)YtUOe`Y{Oi#|3S>C#dG@hrcfF*3_Hn02Re8bf(rCcgDE&K%isu?%y#yNyi9*2}o4m{6Eg3jNm%MEgA$jpnAB+`8GpP4Y$ z0dYq*nD<;k8@5dNQ!F9WcC^hbBeC+8*QEb#jx~Aw6rv`|l_=C3+Tm0mp*#MSLLofH zk7(UQpe5teLz5Kkt?b@rZ+=a05;YS~YR<+@h(P5*9I@S8wIB7V8$FS?N#jQ->ku>H z2f>7gi;&HV)7p^;z<&FY)y)3dCP!Ce*ihObCRZEoN6IC>Mf>>Q!?C!yh~l zYNw>MbkY+Fy_(MtVa1QaI;8XSBz1n|j>|!$f#$|=japaP%PCvUA(g-koo4>}WYMZf5DGSR_p+yvmzfQMH6T!#fxL2U&7&fE{F|QDF|v%Xz(XRw67BJN{rtn0T_AKi z2nUJk-BRmoz~`QB=d0VeRUo&DyV*iLz6GcOMH3*hBz~*hTXh|FI|E@#e0(+H3Wb$W z`eA9-7_M{by9LUKZ2+G4L=KoAzMfEvUN!23SmimgPv=P zHxK4@{>LvJ>%6g_WfIfE|4jB`FS)-TE%{9hIfU*FODQo58FT=T5U7Ovj2yh)c31uR>WNkU0q>(={pbjl))ak7=S>cRD#?2#Pdhyfvy zBPjSTPg@fN!YeGOH*;)s_X6z?sY*hK;7r;jxYOLHm<$Ok!AVNsGMZ(Pp3|DGbn-zru-z?Kw;#6whd7fL7j`iX&q``REE>-VzqDwGhy1(m#9?Iq(em9rQ_g zck7wkh*mUD#B%p@PZ*SuAn7=#Kp&J5C$~^Omq>^REIfc7T%)UclE2sajUM!dj{F2T zLZt<1vxr;^OM;&>Zx@sE>_>FcF=N_GqG;k}lOa?;-JJzy09D0Q^oY@%ZndmH9zHcz~J81B~^rq~VmeK_X;lGi7J3 z5hxsCMjo*M*lv(2p)9@$9f?=N-}fduZ+w}NY3Gzxx1^i4zVDs5ULXs2{UiT7Nwc=lKu3_w{d5>prLO?l7 z3(f3h>u{MoUBK6M>`{kW=;HrcK>B53z4;mInB$Hb=%;GXFQ<89TyrX$&y^KU6vivC zTV$HW#|X|?f)|oYSJ*R^4VbP#-2tC+RU}u%s-?V#DWj!aaWY|QDOXhr7YTx4s32v9 z|3+BOsV@|!D8VvgVWU%Xz&z6d%=rqKixe=AP61|MaA5^31)&ASFD%D#5-bY?qKZQk zRi7E|&8iM3p#Eb9v$6ynTDYKZ8#oRwPCm}$$4;qS=Jb^rU6KO1N-bhRu4J=LgIu&B z$mNpDiXltUcv_H~6&A?tTqt`YkBdX{Cx~mkh`@ETWf4*SPo3IB=Hw}R2%BQSX^uLP z*J5)Un@BAGL?_Z^*2PCCic~VnmY3`Bb%-n&tw*L63kx$d#v~gnzz$VANwoPU$;OO2 zDPQq%LGgn#Qc^)D8Q3N^1_>|A7#hjM8E&N@kt`(XzeU@{X8j+GV8Ezv0~jm-%sGw$ zgD0St*i!vjOYA|DU>%H3C>+Sl=%b1eaI$e_f5}W%^l`Frjp4;YP_Yz0G{Ma^c_MGn z!6R<&aB>-n^EpMfaC0kCxH(C0E#(LRXqc@{T%DfDtHh&`kXKK5zvi%Npu0<2Ce2`qSF$GLO##qr_0LqPiu&H@?6M8ce#>=QMIoMWvrEfD*ckOq%z7c61zYjsiJ5+ zAR3SdL<91%tpV8y4ai4tLIa|hxMcow@&~@}DD)u@*!qz9j36FpPapDzr3iUJ6d`;~ z3_Ua;JFPE=&hFo(A|w}02u%>*cquDFVB6|Q5h7nnkvBX9N!Qmv-gu)EoyP(5{o|ER zO~eVPJ^LQ-^eBm;M%lLkh7|$@e1ycIi=kl5bpi#N)q=Kvb9Ze2?T+oAoU;AGNf`YdJX9fv$V_gKdBpG!BvRGFXkG3A z6__lYh87YIE={lDN~$un&?M&SEOo}GPIbl((Mu5497YdYSv5fyrwYpqLShabPu`BH zL8*T7T1RxH2;Z#WHblYARIK)+4yo8r`Y;vavOp23H%b}`*;?DT&M8~}%5i+nhv#Ec zf2B75)rHu2DfwZWH?a5N1y-{R7E$S`l+P3{8@ZP`ITFJhWE;5U!?p*(--lc*n)fXPu`Wdwci)XJCSfx7DsoH zVfdA@)=dS(ze>2B$LQP3V|aVHkVVN8>D$c{@pdC-WLlLsa^pM?W6@<&8*HH!9EW;2 zQQuUv`UK>!shH|Dembi%n*CE%C)X3rCO+d{;XIcmInNi7i=mV}%gCu(qMSIwo@}7W zU?-7a-z7H*)S>|%hz|w3$@V_RiPtmq+^a&!1XP@qtTFtY?73(KhOeRJg#J|B=bV-V zKpfrl>l*GvO8zKCtyG2?CXvr_?7$#mlOc(SMbdH;lgOH!x!?O7JQnYAG^cD)*ReXv zsk&{fj=~u{_U3K_GAy63VU|WiaE838@-8d?PK-%`;I2eVf_NFck~Cq9bC^{UN9ZVv zhY%kzU65tq>G*LDm3CveS`JL0l-3S1TI}w_36C+c)MH%ka3L4>wy3aHbu!A;QcvS9 zbqF^n50zP7hMYqZv#5nmr4}O+%9B|w>c{ze9E48t%?)9PVtkf@b}ZN-hH=%Va>>AZO0nwP*wNIdB=^AGp*?2v!hF8qUCKaj7J z^#iZ!x_;mYyMEyA(RTen1>I63lxYpgE?lIFq&!|y`A}561r@D`9DuiM$y^{%Jf}N+ zsB5vhHYM3pMr`83JgX+2<%ph^B>2q3Ep+M^Oh)0_^Swr(6m@S@{Tq_MU+XX*&F6<& zSpKfiIqipT_)60}5nrShL}ZCJ0sHui_2@5ill5>R=qvq9QodKGY6<%Ofcl=^Zeg8w z%v-2IGGa@LCJGm8)B-U4{q$|S?F8nG-p1e+T7MCr{kJQ|g(Sl>@FcP~_6Eb(y*Bgm z269ju3!T1tH4X3?8nNBxSdcHp!LyWVOPk6In#j9=-t|WBR&0(pvLWztY$5ui?;yxl z>1@nhS30E9JHA2jFQ>M~$=E#f08?;bY?cdSqmDm}3(xLIrQq*bj<@^G-{dj{7uXT` zo`m&I7@K>XjLi$T0nYAG#Qf_8Am()`jLiYi^C$dPGrBXsEn~yn&%T~*7@O-dZN`R~ zN-%`7H!)5cZd8q?153uB(T(9nifgCozVf!k$B7LE^L)GqGjO6|T_NTnF~2w`w@_r* zu#;i=@Ky}o`Glt0i>JEU!MCVcG~8yj&Xm^7$`zF_7Jja+QXe4e{pzrqIv;w)(pY50 zVriBgV8CWHiIkm}B4y`TdWn&g!5A~${l${ERM>z^QZ0#=Xae`wscK;`nnZSJMV$Od zE8<*8$OT4!(lY$B+7$))obuvh?aPaKlWloXS`dIgxE}xxPA7TFHt@vSJ!Q(FtINa2 zWdhRNb58$1}R=`7O5COs?e%B6~i>L z&s)+6`IR~Q7OX^6t=2<#V70g^tBqOS!Gc{`Wi_Ka*YXh)ovD-1Ezcpt>pu9|MSK6G zl(PoE`wJ^;@bvxp8L_`{6b`oRQs*E6kU-P{-R3(Bleu z_Yd;!pkG?=*5chFd3d)x%(5TO!^7ibj9!d!5xP2vZHeZT;KuE^5yOT@dtWNA@3hC| z#_KQ3!y)qUIs4(Mc=&gD*i#;^vmYi}>EV6y@bj_!@L~Jm$9Nd%W-GktVGqo6H+E%O zH>bYj%b#KXxL?uD!TsdCjr-5w{yFlI=WdodX>+WPEWk%tu}=FhBY5Txd;jrpF9Qoh z`?09SqB$4OYnLOo@;fjaY#Hjo3pa+}7SiyR{CQKrzF!vlQ3Pi!Ms)qR8c_$`_pZ5} zXMHMd^E2c@mtp=2-{A6>(cZh}^23SqtR?Y%O%EkkmlLlvhPO$tTjkGds`EnW{2Hrs zHEeSTz5$0g+rMS$S9E6)7?$08`e(!zIG@eKvzzhkRXn@i`RrOeyPU0)S!YB6KHUT3gk8KZ0Vm7@2jrtHO-}w zXvcM2Ut^Za(MixZzp#}4^%o+m4QJc)pOj*6Qr;Nm*DWoH_J9O}8@)~cQcrqt7W7lnF9?kf)Vb0?KJ}kpuXe)1Y?amFU23Z#6cK!#fc1Lrlqo<-7Q{!uYr@zhm z@udAzx;VIF{*!iaGZc33Vo8tnjbk7GV@Eaq`JY?k&q$?CM=}0mdE?l}&oZxnqIKRz z{w2`~9ITFafn2&cVaE&~mKZ<(i$h0&X}(4OL2(pyY#TExVskP#?QS_1H2$r=U*A61 z;I>&o-?x)laAdw7@sV1*qPX*M95p?uu45YpJdrFV2JbnOW`_3PBe6{Zg=i{5v`|7dHLLuFN6$J#Fc;Kj?KRqM2G$FNRN!&RgEY*$O-C^|T% z{q0;65uh(xAn^DfrMP29d-1LK5mICq@x!D4{tod&b=@MH|78PMH_3>^UTF$~p?tLXU;4JVxpl=`cHQP%tq+|?gcMZQ zaVSFIJZsqA(^2LYVGW&r^C+4eoBT)P!A!f*Q-ASsOQQOd%*D%rnZ9Fw>Q|}!)F;b3 zN-B&{;`fFfE;OM_EK`>bsu#>mpXlREbviX2Y|~6 zoYob|=-|LT-Q4A2KPG;sy3Xi||0?V1lmF{@Qsu>!?Sltyn`=J&|ABw#jNhxUKlneK zPv`uUzfIlMhdPDxW6;NRifFuu6TpB7=qqTvmzm!$_@^*97xStU&!ooSz2GWmL((A z0N?ep9K#D;;nURh0FWRHu{rEAkQjIoci#E2$TQV-=r6;6o<+y5x;Jq&hODEpb$uIs zS#=%v>o2nS$&Jy(x0igsg}x5{_^UKaWcZ)=FV&0Hf2wj|ZR5VWU|Z*cK zTj$wmp*J0UXyL*(e62s#CN7|>CC>;kA~mLcarr~)9RsNVC$nywlv ziC4IcTErxerF}DWNoF#o7l%4I5_*vj7m6?y$NMMq(R{9#%t3ASPjMA}q7aQ$Ca=A> z4nS3JvJ)Th!neG|yz!j@NagiIJ9F3bK4XSt?(#;5m!hV7|Frt_P5D0eVgCb{8P|@< zMVJ4%+_+#&vd0s-$H3e19(v6tDI`O~@h{Nbfl?HVA?s7*02=Pz!Jj6Myn?^H)oa|S zJ}fE2RK37W^t~_r|G3QUAD(+_%VkF2;i`kjxr4y_USob?u}%{xLN|Tv_1Vws6F<9R zM5{N_f>d6?jiXa)l=~u|d1{&@|Ji&R}!% zpE1W;r!l28T1}lt8n1`O`zKF{{~Y8uGp;%Zu>|O5|Jyv^_hLWg%G!HrV6h*|&)5&> zZ#(sTH|IF(`K~U;WmC8)$FAdB1!RVD<1cxQpO5w$ca(aK$Jw3UcnURo%8f^n+EWj% zgWojDyG8Hk`~cDDRG_{0-s(>e*CXaW!>`jr&Q}nPZY6hH^Lacp!uXBAuN(Q#H)2&!~3^Ozh5RjgdKTyY?6gl$lCHBYWYZxd7*MkH-k z5YF&OSHwhi{Stge3*E(Iy?=>g$ayJ4&P^LKmk|iAUn#F&Bd@P?y#C6Y&evyUr@qd< zvcdKB^7?u5dcEWIdsAMoN_(9H%Yy57$m?A6GtKE#4Y z?{9Iu?n-&RI_-7Nq7z)tNx4-5!Scw8F(~93`j>RZek7{17v6Aowm7Xb8h)HWlW$}B?Bxn?vu}3caux?|z_VmK1C)90Bql00GJys(O&uiQ;Rex@Z z{Fmbk{~OW0-6Xn~|8U}ezt`jbueRv6JiPEry)v2&JV`#N7nJ&tuSHvv^UQFS{sMty zFE_R%kmHNaZ2`N&5=t-^HIggr66&I?4!7dtf5Lk4*?(k2D}f9$}g&oa|{1zQ}%a^6LX= z5!NqOT}<}4_i2l6;#l|F=F!R=cCJh*ec+L^9V_#XO$eR{=VR|_b%xukGkX)Q&aKpq z70Qh!@ync7Sg8YEgMYVOFBDnsuC2M6R;Q6yD;tZIVK3HBL_-N!!0(jccdx*2fdhWK zZFj=&k~H{bm-^s(Br`&dXL)_JPI>*2wAYd6 z%xj!Y5SvTAAfrWw|CiLmEJqKQru48ftp`XG@hceiF*SQC;R~%J!Ij{xA%>?}w=tBo zPY1&M1fTdybNv%s4v;EOD!K||8Svy0@=m#*O`p+dE^htzZ=5X+p(H2~f#c{3qp>!O z$Be;%p~E`d;}>7bx;APBJu?#6foQ@S1Kr%i(47Nm2!ocFoN;|J$NJs`O0``b^GaV zpf@UYWJ@OG_?euAS~o5$q7N2J7HT|15*Rs`SOIO#`i(rwAP9`t_@|V;z8@T)_|M}& zhdBZ*QacqVxkOHK35jeyaBPlvB5!*dKFju>N#|^Ik$uh%n3WsUK|U^54sv&DEoZqn zd6q-34M6Px4)T>PB8JC&F2cK{Rvt@^6lEB3pRh_~ggyW+a)q&3Spf+oX{Bq3ChFeC-~-YWSX%L+8kY-buD4t=-M z_z1}&f+o*6aJ!Gn<0f>A=#)HbmS>CAsMX@iGfpknC#>pEa#eVVdq=Ritc%3Ih6U$y z8TnHANz7~oo^Xs*q=Mv&ur5F8L{#KslX-3x$TP{vF;YlOR94I*0Kqw@yR)o-2C4Royb7{<;DqTJj;dY%W;K%U z(M?7Sk&3mzoAR?h8RDoC*EOp&rEDOT(P-yah(J@ ztJBQMOZ8}AB~qf|PDx#rBvoQeFb<)*jB;9=7!z1} zS*II!s`SjKlC0I5j9*8byw|i4F)BTbqZ*gD5n&1zI!pqbR zo}Yh=wzxNzU`Lv0T9O9rKrUV5qpZW5&WmR_eOI@jU8lDy=X03Bfxgg z1qcm58_pWS@uN)q0ESDS71)XTR+8UG4C@<`18t%bU!n*Y(ecPdA^$pYNN0#-A(AKj6=0=7acC zZmm|d_n~6$^0yQ~Uq_nEMv^CaUcJgtkx+nD8!$ShZ@ah^>#c5nNkn zU;+~;Y5^Z0s35v1l_pRh)j}F*oE^ngR^459*8ScjWA!yAu8&ga zHLr9~eT0(ClW2+SqZInYj;gORRv*Ex1ocr0ednqUs*fO?&3lFk=HkP?s2YJi-P=xO zvre);0*1mW%n*@-+pt(A2IcsUY}7p2g1 z+NtuS>U$zqUwY#DD1~10a);Ds$k<8e{n!q{POAOOW9`pQ+Y(ye7Rx~vlBI3r2g4G-#SfOA_ii$1X1T@+wAz-b={VnQXCj;=6%?^c8K@ zk@#uMdT82j4C{?BvK$sGGiz>p`2bPcuvs|ip1WC)Q zNQVLC9Z{YyoR=!TU?u(oY52;jf;yMD$ZT>oWacUOnaNkly0Vk-ofIjQgeD!@;VNWJ zftHec(dj}{pcO%_a7eHGpC9?w*q2y_a!r?mqthgZt5E7SI#sUg+!?t;z3>h?b*X~& zIIB{Y^~<)sN_DZGN`K}>QU-I-G^v6_Vkmc6SEG5FDQZQaq90^=OTRrHI#M#O3+KUXX8bptFx)N!}-Am3cqOUYP0#vn!8FBB$A-`Tqqxfwm{S* zIf~GcshLvNQ)2v!ilr>ibSVp@sO!uY1r=ZY&0VA=Vyt>B{RQ6)yO3{=7V@W_*4ePn z{u(**{lDxat7GW8;$q)fAbdW^lxGt!GV40iUA5to6Ysy<|D&B0d6-EJcu4c2vq^{r z=Yt5py3|4hv};O&ySvxD&=gq;S&8T-R)gU|P&A!VO0w#iVkCV6N%6dtp2Gs{DYo#! z`{6UFN+=Q9oGfd5tEXZhwIukY9dwES|})FXVV8 zXR`Y#spp`~~29T~)6~5i#QkoRVTz*8>E^(XfpXB3rz+hB2R&B@U4`z*Xs9DmuGa77 zi>=qAI7D_r~uq{N7UB;&&(dO>8PCe(&3X-^4T=pm3^39WCz0 zam}?$t2}pBDijEIPDZ8@^vFt3;SDIw%^|S;WyB{VVnJXbc(4#Wn=#>`6$GndwJGK{ zI3X08nUzzsu?AGn)nJP`!LdofPN;*n9}#5sb47DiD=1sUW~9Zx)_*gSbnPBE zm(--o&Ua`bNP#L0pb|WS_G^Q?(cK+#aB34A9pD7w+X)W> zU#>S#&Uy!Sw?^Iww85|vt;>{azDtST=Z!u@-bvWL6@M4)gQlkh^VW?i8eLD*iIF~x z1feN-bz*pen?Oyo*FzZv(z%+-%jVj=Lou>bY~DU5K=8=aF+Jz+VzIRV96w$Dz)Wh? z&)@ldf>PUBzq8|ae3~2VsG(ji*L9)|$L)`F@^#6n4kfcg13>_&%5n|UiR2gwracyO z^{Py%*D^NP^wP*uLv{n6XnZTSth%uZ7Dn%}zF+tViJ-<$iEzt&Q-yJuR)G)aQsCBX>>KI4pOJ?WtxBi`_t75aMwR}u&0T%8{2DM{iD>aK%i-FL z<=Tk-s|ouT)s=^54s35?ADfDO49hFa1HUgjln<^5^4xj#*}>`$N2JIz&UlpWMjUSS1}#2xBJ)2@sn87i01nExA#ZFJKNbmD&yxLseWnxxhmf-s08-L z5NN`vw~U--Y6HX^>3&}x<6w<`0VV~{sKo+$i%UUX z0@#-lu+KAqeW939*!+oCr%XSGaXs84i}H+~>d*gCVEco8co!t|yfFNd-HKZ8ka&cD&8Pq@rIT%?GI`@7T3_q^gMZY6V?Us@)yL`3?r4X$o=OegZFK0ARvp?n*nHnchvetcp*1{08zuh+ z;-Vb+{u+CuM=h{7nahYO`$I{;=(5s0fHg&V`s(pVQ9(#NV{VT1$DP>$w?8sg3iOLs zlXOM5!$r#*%#F7`rg(=;mk4On5jjX6swn-8VsQ)dd1(_-eD}@(BFDu zX#_uPF)0J&2j*5^&S0N5+Q*;e2d`)FS!`!XYRRA|&)Ayt9vPs@>9^J=27f&bH8P4Kg^0(j#mq=1d!aS&z{f1Ay~YpaFonl$ilOVJ3uOgW-41cjYo4#` zfrZ2h^1K%VKQu9ns3LA-^PNeV=|c3JjU&1O9ZRcfu&TFaT6U5;-g)T1E9gs!qmmzp zh|aVn2WzgNODs!Hs|j^3-&kF#(d&#WyO&o67E(gm{KNCmI=ii8SWT#V`Nl?(CRjr` zc3xS&vAj}S7|pbZGLeuLzM>}7yL@9)EOmEl>bUHSqS^hFot3`u9bhJl0WPR~;az<5 zI+fr?xh8bE6qrfe2@nJW<~<8y{TnHH zSxo|`Po;%1R_jahL7uoD8sIEgMB>R5S(}pS_SZDRx0mGp@U48FL}io%b-{AO*@P?K zLU&7GwAq9i?4GIw3sUjtmQ+Vxr8hOLKy_snsGjo+@OWTBP)QvuN7j-vjD6Ck8lC^pPxIG;V;ls^ub+2bYl2223dhG7}YS-(5t1rkHSp95Go!(fw4xRI(x>@mHi0Sub^aMOo?|spk@`DN z0q*>sWE!VW_YQa0gi>1ghYR^-qxbaI`#@8V4vun=ZyAxJSCWYX5-r%wv!e?ZxRs|mAmC3dY$+OLg}9#gQg{8EMcBJ3{;n}}20<2d;}J}jBl&63QDaPuWdqrqNc7UF7Fv4S zp=IuO2525-PXwAnXa4|6YgK^iKUO~?DPQ_cb>iOWL)z=g8PpZl1t-kx%Bj|OT+~kf zoePgf!edUXA(vj#Ws?#*wSDFsSR-w(u%f~!r;RNBh?1~ zjzBdQ^~Hnvjx^76x8L!h)#vO&FF1I*WAF&q0fpYdVpm3)oa zcdESweWqSxrO&;mne-tOlD^_s|2g^`Z9$)kjFY3!QIkHu>M7{6B-!$~HGS6iH($3w zpQ}USBCMfpY6V2kNjCe0HkS*VTCU_+f)9=$K~GKq)CHUr9td$yeiNEr$kQng(-*oI zefK7a+3Z=yV?u6Z)n2DNxY@Gw<=|R<(ilQ6WuzpMc@&_S=q+Ue@$`ZRY_Kd-QOk0} z1IRuWGrMH3q3@7T#%am$wo9%977~3vtf#D{0@-Q;O&aUf;1zBR9B1cs-mVyHu1^+a z*Y|HN$~qnvqUq;%QK1Q#;>l4?j7rU8h>>^EqUj6FcL}18ZCHhmZ?2m*#IZU17sj5H!aDQ89 zEmvyH-5zIPf}rm62AB%t%HPlxEU`4vD;T7u#uW@;DChTy89g8G%|_2`JVN8%i5flU zJ`T@NtlN}hy<>@Q7m1TvCLT$NVf{_nVo7|3Nc>Un7K!^kE_B)n_1T%GMU_S}>J~<0 zrfUy3nd1y4cjk%3TWF`eE4aLGI-)!laKC-1$z&fVU!JszuY@bF;#uW8%aq%vy!Cyg z@+s(k$)`o2kA-#0(2K4MtqRbR%}SIYH$o4CGje^z~@ z%`C5C^{010MyUN!Lj+$OlH-(=AvxVn3QSM z`Hx@I3`(5-IP0an>Kn7ZV<%kSaIWvzPpj`+v%bg)*Y~DM^+kSKeW8=D@A{u!ANdQI z#hFv0d%MNuopgDxKlszji}N@U{O68#i#r}aYhB)H9bDeq!JkoHc@Q8IosVjlp8R|?Kt}Th;iAx@S;rj@0$=*}vB!S;dS-0| z$DHMj;Kl#l9}z-cC70N$z;<7r!2CHHt&cl?<$t=qWAXL9`@(;;K62f*#k;-={Q#@v z^@)pVZj#nM!G?Nb^Pe+&FFj60dLYqk{0aRboE@(EK5D>t`1$?DTuVfq^5d@`0sPN5 zS}QE~LD}(>=WitHZ_#oi(x_~G$3K3WzXb#mAz8wuPOXey3c3b@zMHJB<<@&a>H2Fp zvILhAcnqK2LcUhTdFT{QIvh^96?YrQa`9MES5VLm)~CN|oNwjFvkN_eZ>5Td_*p5W zUgK2tl-Y_}TI>ma0|&C?oCD#maP@Myo!@)URh;+Hc~4pGei{1!HS6w2#CgxqU38kU zMSIj0bf|fp)_uOX!h0{*_sdutpf-lvXdWDj#9?p$+9_-V40@)A2UzxNp){^0$n~Z^S%?_Ut zKRzPLrN1Uk9`2bfRh%z|U)*+mH%uK7?{>p`N>MYTbxuih*L;;iM{irkSE^0-I1hUN zHg5P0mpXh+}QkunFDN^3yrF!UT)HKWAt>>Pn#Ufg;{S7IWOY{ye~6_ z;23pY4(<&R=4(BlTg@MH{nPk6-|-zZ5-RF)w#o!{MSB_gkp{&FH?9NTLbxHdoZT>H zClg@}{a39+aUSrVJ6_E1v9bAm+e60uegXx?+P6}a^;>d`pjG0we;{jR@SNg9(Dyxg zEFyXg9ek#+3&na%wpUvC`77WJu~ENqTO{Hyv%x`qqlKjKYDS_V{=%R&_$BBv^McDyP)|Gcba#j|4_2G8!6g~LXAhn6?iToiYFsX?=wV=dEISfxI zCIhWAeTTn=&$fq-E}U{4yd<}cKRpkKtts9;u5JD-qFF`bXRT;?5TlORaga$}P^po- zcz*dI=>CdkOMxBi>Gq1?-Uqzrxz)!7@pdO$+OOT?Ape?Od?Wo~Oy4G77)xVCOwYX9 zL-)^<;;N=GS>Xfy9CAm!bvC>Tay{zYVs>FE4r6?Z$TxX~9K2*RMzflZVF&B6>Wc9X zJ~Vk0?n4>AlJZLx@6-Cw=CNxT(@3^Bg?h2gyd)e#FUQ^@zFh}*-rCv9ZO!Zy+K2YX zg|)&Tw2u5iy~}0iv{c{Mvf7i+mpAAIs>yHe&xKZ9s<@Zr0X!CzsOMZ%}Hh~EQO z9mR=sS0mkc=bYiGzHhMRhC_kp3F`U}4{~u^(a~agc+qOODQccEE4|QJay1t z9D+1v5~bCX%9^l{;Tv@rY6c#7^!6bMR+jBj#eBgcEmYM_?s+}GdWojDM_m9zbN$25D+j^74{JF;GJe&@XmEc5(S-?tdP^Rb|L&Z3%&L^U6gNmi6EE5VtC zruid0DE5Llb7eG5Sz)cKSCV=3h1Q5zK=AeLm5rZ`ykvS6r_s)0e9x}UgAAnk*py2? zD&L%S3|m~`3~3dw*7Cz};<#hBcL01e*5aR7!qTdZ1-YB@r7`uD@(glo{q2yWv@td| z#%+vE_ZX3NXv>FfLF{UI6xaaktQe@EG|f0NwQ~Ouab#+B?h^gk>Yb0y;@B#y(?6Yj z-v`$WeSxB_)CQh4w96}u5qWq58wgi`>%-@UjD)T{k&2n5RNNPn=qnw^BB4gw zzB2`rTDYEAR~(nKu+h%<2=!}X`LM-#y0TIm-3g18&}tDJySvSkZYO@;QH=I*9%+j7 zTeRAAq+SuLQGc|}s!r~FVR;qPkIHwY@vRG8>BNV=U;3_%@=x}>jXU@eooK;!+ppw8 zxBr-3T6{xiQ&gw(2pHW2rz}GGnKZ0T#O38T8Y$F9B=UfKMlB}ZtvfD^y4C4-mm1S< zX%~6`w`^ZJ(u_iyS7{E4$$7O%B?qSh@|Pne1x+DmcTFbGIyjV7!%@ZMSnUuCY)VeV zmGd6F+vIRx3q3iUilP?fdV)=!tj*HmNgO|AGxIAxTT$coH+Pc!`+hbkyXWwAGk^80 z1~S9m;L4N_ZdO!RwcB1zaaQzX&R2%LC}PJZ)gUdNPZepCQ5iWlCcD*S31(O+71URp zd%f2YasVcSN9^T|ZfEs;H?>h(Og9=T+Kq5x+$yqlmpoc`azma!0x6QD#djfv+g?B3 zS#Wvv{LB!A9%^ZyjU>(M+oBNJSu-yg&yFe1&!okVQ5o7OyX>r!7SlB~N^l#s1}z+r zO7!!n$z9-e(3qa_c(ZvdZ+ z0dB2t7vQOSw^o1w2*Rl*=y^_t%O%7gIjJm<(ExP%Gdhm?&|pLSeW(v1y(FIla-wYM|Gs=M;70m8p)sdAXX7ks zSdH}CYU%MBnsx51w`n1`v+C%%5^Q!$V>Zl^95(!u9kZlf5=6?6<+q`y@xF zocD67XXQ)7AR+vAEgI(u)_9~bZ{v}}PJi6gjtTUq3wczL)1+cwt2hr!eg#EW)^j)P zkb!@g_k767tz&r#jU~X&wNg_;r{SHIKBxfy-04gJEdB+j5kK%{VV!r%XRqbZH^BWd ze1Mm~h`kKYk&|3$uhG|8Qs$PW__Gb=p{2vNEx3}ra{blmZs%s-?(ndE}z< z^h$8;crBwhwF^X&7SBQ}JkHOhC0BGZ*b;>qW9GGJEZ!->YI%!3PV3u=s3Rv8Io!dG zONoF?KkUCv*nb;AY{@a!kxvpW{@Bp~S0ny-nn2vKMBz?w9mX!Qwh^A^zBQrmV7*<_ z$>5@)mGmpg{Pj2d;xB*17d~AVm8>Xq-=F3+MWT)rc%7bT+qh?*IQY`~)Si~|EX1j} zGtyehU&SM|c5*cu>uM%;Yn)?*qe;Ioy{Cg~|MbFGd?U+0Dbre)bNzA3`L|il?NrVH z_LGh!fT;IRE&$GF`}A`GM?&A*S|xdylkC%%(EAUJ_q;X0{(OYb%nZfHYeR|Yb9-O3 zB*NQs@Rry8=lUorV`;1oV)azcD3Um}lt17@1WTg!hHtkNQgeu8(w)@M`|rlP@s@Yb z@H=wk)<36r7oo(x^h`?`6fH5$D-Ig>_*lG2i@rHlBE;Df)&CdKdB)im@w==zk*f6s z%Zs{A!zH39UC&8aR{U|}6UIO9GW;1P;19tM1OD)d_(aoq)R}FfpW8mPpr3o^8hiVT z9L|#bDjEJ1d>99Rt}&DSB~?HlI>by^9L`+$9tVA96ZF{y=#w4pYT%ujkT>=#Szkzt zD;YwRVULHnzne~`(2hM;>yGXD2qb+^p5!OrI61gutk(A&@W^an2@)!>h3CqIZ@!Qg z-9$k;o%^IE*WybFw&!ErN=CW08#1~n&i!s_)DDH*hNsG$_yNLoAe`*~h-T|_%r&S& z$y03`otPPT2DOmNFOmruVJ^;u1M3H4wGoVpVu&dF0}~Os?lj18jJs1CkBFAs+X4}t zgXHeuLG+t@LFW|InR!t-G#GH`7KTHpmZ8R?w^{H;g9r-EiOoMxaF3kz8H(k`H|vA% zJuys_*8&qY-NTqDS70Jvw!lT>+s8#$wZujF0v8=>8y8(7aM8WV7F?7bx`(6oiSx_H z#Y2Bfw%{QOHg_U;=!_Ht5B-oFhle060DB(~54nTy63kJO;Hen=ilC9FH6Gf_<9kq! z!$UMCm3M=-1|Cu zXT8e>9zp_Y=-oZTf3(=A-o=j08#2HZu$9MoR9gI7f=6`d9Q0puEjUN0f+0+viLW@~ zW3&Fp(g8Mw@fFsa^w1j&pw`RIb<#tBr^1tb(6CP}wCbZcZooK)?5r>8v%-$G75=4_ z9=`M4FyZnvVJSnqkxw~?y=&mBs@wfw})ug7|YBV3%VFLZ>0*zOCu%>*k z9a;zOzWq(vc|`JWAg%JM>KHJS7R{xey@2P`$k5ZI$42YvyHG(hp1eDI{P6p-9VNau z*mK)|BuQFCffJP^UmCn)Bei5Ake&Ob3gVW)tRD53ZfD)RFQvdf?(p~~w>rAntxnqP zQAammC_GskxId)}qW#fft||RjsD=<&-2Cuej8zM5rJU}DU4Uaw{!AauWJvY3XW0MAXv$#(J}~_epwZwpUuD;ivDjcG_D%Kd!xZ|0{G|42#W_LjwtP z1$O{pDE7~#MQ3x^8L$@TK7)fxONMd0oMVvp%5tSe!#G0|V4`utOiuDZU~uJG;*SFS zt&?ZB4H5lKt)N}Gc+@1+&jjqIv(gW;F@W8sCIi?#ayt;!^#UMX(Yln&+b!h} zW+~&SlzsvpMiT%eJ=zq7hpEL#LUXf4l44G>PoGWi-!tCxW~ueqg?C8OW3LGhAEkO; zFbfHmQKB&-(efq}kKIX$DlH}9?dOyzxRZ8U{n%V!ykE)j&G_>kPN46cYk)&DXC+?n zDZhQXYpwwfKcK`~%F#V$l}Bzfz~O7+&5`Jvo&4qm?t8T0!znGo4@{laarm&;tdqxw zsqyx0`VbKDV+%x#03!Yv4-pSzwo=}>X}o!$%?8y^mC#ExHp|*2&_+BB#RRsdBb~(l%P4U$P-2-Zc4leO7Yq%L zNK3Zii{$481$YP>GpQytZwAz5$Dl4d2t>*mx~InAA*LZrJEV{=E2U}4774y{=C5#0 zm7U;P0g}Dkbdr_SS{BvWlo(L#vdILBgKseib9WajP{bxv%w|trzwRy*ED8jnAG(=r zg)Fp{3jJJ&3}k|TlkIB!aBn1y)`a9Q1G=$r`z(&k=1K>Vn!|lrA5HvzLnib4WL7mc zp$NLxVcsq&K;Q`bEwF_P48N!v_yYK+PRXichW~MKbaQEjv8nW*q4fmZ;_dAq6p^JO z#DO?`#hBk1EK-0ZE5S=TE5Tbj1KC1n@QLh)DGz!$Y0>G7Zl?kP`-;Q!KDA2v9Nq}53$TbU)+h~B?DFC@{`+BkxlWn*==R<4!he+=yvknj~ z6!^v+d`rpGDHSoeH^brom9Mb-1q4xL9Nv)FTfOq$oPWeEg$0WojLIOcJFA}zkgK)i0}dTFtS zAD&yA%s>8sa+~C<;&#hp~sGpd|;f_Up!J$*W{-1Qu`dZ%DRNf?*|VKLjd>a=PU2#k?o^ zQFwyg;K5Q6v_QJ*9fm6z!6F0S4pjlf)3z2~BS2 z1mIuj(!d^?A@D@;&os9>p}`IOE315{CjHf@HValA}17N8ET1IIJ*-tS! z!DT`>G8Pv3vHpKB31UbAe2A-AUv!6|6$L?RNpb_?e2920D@&LlL+epoOaG!VX@Fp9 z20jM!4qp+62hWpLI2Md?xYhm~dn+alWZe;y20;DN8oJeGudGf42cDE3kMaTTGov6G zbn^J)qS*wKZ)ZeolSgPG@`yesvkxm9(gjflnuZU5x>|nhbU|X0v5F zWX_4hr=&f-`^C^F0D7+)7&R~S48gwO4tfVsQL#fkz?T&apDIgB#v15UTJ(=YQDmxm zQlXtVgq8DqKvTyAt#7?$JS0bcBk<|iM&M6;=`|7nHNT0T5F*8wUL%_n)$UQdDZ#Fu zU?*VHOt*h+1LMRgiWCsqwhzX8J?C}E=I&|yklw$c$%4LUtc{{z|)p5 z2%hfxl2PPx0873e3XgV*M=K2P2=HXm=am|I$MbhHuw1V1yAfDU-0+q1$JV9%zTHxe zerc5QJeA^PKfzc6z_jnbG_c)a{kEA%(!X_*El8rjMK2GDRb=ecW+grH&{U+mZMTV0 z_fTbT#V0oOsXeH@M!fDOV4cjd+YjB%B4h;z3n;^~CyP|2%r8JWhq^U(3 zp?a3}MYk9bwwGwh<4~*`o!xy7QeC^vzGnAz_Z^cn|M|?@a&fY&q9IW!e>!E_M-+1p6xQLC7yk`4LqAIReT%6v)OIq zS!vN(0?V?15}uU^zn0GYY4}y)e5gH&UkSVZ&vCKq^)0dMSb<$vwS!%+5ZLuXD|XEa z(Mjl*{$&5x_%-{)@GI%_wM%M_gJFBLi(%irIfh{`HZkmZi7;$S{0fXXp`lIu3JvcV zcydo}1b%I@0G0(e{}6bpXM4GoOq*W6H# zLy7R~kgHDwzcydhHh#_6-U@l1vAsRy`K#>)^1P@hhF^DVYgNkjZS9qEg;~ls*CfWT zmu!#X*S}wv7{B&H621HNZR6K+BtW{qZ#VJlg+*=SS8A_OufT?#irU7ncW#ejQ}wzw z@auWoqG@iut_}R!d0Py>uD#a4uMhTIs=7W%n;h7U_YMmqe2dgZ4o>NOeJ zp5VkZccj|zrI9LxD^(3e=i4_@awuIJ=_9!-oNMame>7g}+tqE~$Px1}TuShUjBHww zsZy50#X7p;-$Vyh&<+2ta*(T^w<4eKHggASTKHSJ;ZHNHURpezTxg-@b7Bc zCPXn^-I2AP;8qVDecpzfPKd58CC5!HxgPGVJc{%1@!BvNgeR_|QA~J0yUd49q6GU3 z+aYS1W&vIiAO<+|D!`Qt49n0O*}nn%XF*1G_%gaTJkt|A*ArZT4Wb|;*Bu<=@C4_k z(GM8pp-HBM;IPO94qGc#)=%#yumtjCtJ;7TY+%ODk8jmMj=&(*O zs2_=oxZS3oA=c4YZD{Uz^_E-*1~#`z@{?s57@K@Hc%G!Y?R6Meija=Y8>L!?lOhh0 zymrj)^;d~8jD&~9k6&Z!aofP-_8rU_V%(bMeJlm8jE$QfPw*G7jUTuF3H3o*<_A(> zFvlA=n_GnOa<#}_9G_hZk}5q!H*T};S?L!`_FFrJfs_TTPwTPCvK|{+kL$;iPk22V z-4ZJ5_);F3oM<_2pfUcwjpg{!`#i>x_suar+hdHe*wG-6zLT%o>IyQ3#zNrsti(?y zOlYws0Pa8|0IrfTlta-LWL&@|`|vFy_-&>U{1)%6v1^r#3ykE$*m@qm)ChZPr0X6_ z7oTmIk?le{T}xNf9R6P@4h&1A-rdc*18){N+H2Qj429x=JV~yZL>Gz6nnnR4V!??C9w zIo=_Z>(Th4z4bZiKrkkHS?G8%zt$k}XhSniV6Ep(Gco7LX^0OuL5t8#ya<{E>>qbHg7r1JBN%v@7mkZ=3~41+**E+(HY(1LoZuD`kzbB?& z?{7SPjI^pivgi97uPi^*IPVJ7sz{ykYZ^QIcV1c0wWj!;J)x`crlzrb*Vs6mg+b(S_2PUuZ>7Ao&Ktx#Chw>7dh)i( zo15(ajF(6fchWnEzGpSh?~XNc<(dah2@$uK0wZZ=suq1OXynD{mc@?YzFT~G*6gb`2z z*osfH%URg(cxR#J@F+BuoE{qm8MqsUfk`(+2Ld`nzN5vyjqZJ=R8TV0IqfEW`FQek zg`&I4xDwvDBq)y~t(H0x9hyY@Hoiql1QfDQACD%6$D>8eGwkc(SL>0+>_(#3--;d* z$f879CPiSc+H{mY)K`TuJt+B%Kc)U4@ zV#p{Wh78{uLw8&lVdAk%Pt5Y%RznB)T{+ub74P}d!*{lz_ri7b+T(11#}s~#^}jxd z!*=+-9J%oIL3D(QIFRq-k?PBX=<>o{Wsv?r zR?9hj?``kZ)A%f0n+x8ECd`uNro6gf2=LdQjbr`y+47QoL*m9~ysFr8U24~Y;XR%V z46%97**{Xc|1lc{c%CH{zgIX*+P-;~G=Iyi0;zCQzW-2?RPi`5MdwT@Ke$Yk}ctD!AO(6weEv1|qMEopqr_%Y56QU%@9xj$c; ztE8Y;-uhY6$6KHZbpR7Dgh>Qr4UO`nbl<9sY2csDE9y~p6;PE)ul83-h1B4Wgo~no8+!*rN9Mr9#QQ=4yIrr zo`JjEUDt;w#FV}p0y2u5aHec2a~o&RW9jZTYj^Lqx7FSCW_Nc<6*K7d ztB?P6tn<+Y?`Lv%XMNlM72BnMU21msmmD7@IRl~@x+@RdD0i(vTikW)sf{oy?esXm zf>Pou_1`qV3ehS=Pa zt4^p5gOi{&m>@EmECh`?SsI!ovj;`M3dkN!`XWj2g3Ocst8 zS@ZJ3i>ArqAH(Cc4lU&QdW$@dHTu9Z(tyzyE#3IS*Y3`e9;l)mUAM0DgM;{c+ zPl+pXSVE8{AHc-D;`?f_&;rchBgU5=ood9FeqHe;d=s7S*fXG&yh<3-o%NPU8ku6e zWHl?!Mrlzg#Za)nO|f_Ebc&B$GF})(2c96~A(^P3dL#wTVFn;ZPygr##^oGP z#XD3{pD}a?;^rHV1I40Ja)>t+m@#>ri`z~&7`i5c>V>2?2H=>P=IcsWtD>3?lx2OR zB;5f(^Mbhi>6sRnKj8@nL962nL&T&h!(aMm#((1zg!%=dq0FkGzU5vRm;ahUV*s)5 zc#clbL5qA8oW&t6IY?*fv>tz`9TK~cD_?rWWxMpI+gPUdbn@@Lb5_?HsbYMJ5nH9- zwQI4?0wV<|Tgi?(6H>*YbvnO7Zyz3Y2#%(7%hAFz+nqD+m?;H*%?ZIg)ulWqXoFux zZbvB;h(Gi%@)Cn{#;Y@Kn(ND{r>c|vd%aY1c8c-JS2E+)=&PA{6(IczjX1QvJYrhP z+iQlvc zL%I#qE%bYG*CF?jS7*%f&YX9_?3v(qAQrsI7Ve!>jNH_sXOJayZ8T}|+>+b8x6Qp1 zN#UN5B)`VLX3Qy(bGA_WikaL4N?PK(>E^k2+%Y4Xlz-iMOEl?ioy`&0hNYn=<%|m@Q5HL4}Kzf>u4w)v!pxgVHqTjzn!>#%@xG$rN9xs5b;pXdm-}9GBP3E zTKeiqqOTiUWFfd>jNx>13@cEhqL$NDqi*#9I9^C3Vf3`~H8o*ot-3sm?*ZerE@mU2|K<3U&6rIB>@%o(@bcIT}|(m+?cxmsYX)8xUjT8MvnXM#7p0bTU!TBcP} zEh{hZLCh#=R$btA!C=89cgqtOt2&^$zAfyNSk#R;E-`om69lVyfSr$VHp)vD*H& z&~5CyW85^Pzd4qj0H@H-6uJYiFcg?7i`kN3%un*g%;P)27EhtU@;6J6;K|#M-YjDW zyjr^RG0(gpyL^N_U8=Z&W^kk$&Pl$nLgahN3!5&kdItM?s1ZKs?M}?d#C9iU(|kIQ zcab&FvQ(jxW4kr*6(!bFE~I#d(fTU+^0mN5)Xeu`O0F%Oc|1~(Ko!`SFFnQw**$87 ztu%fCZ~XDc6IsCU){8FQS#BaS-k=0Kgc0rmy{H;aDz5!K&n_wP)&WppP`QPE-wsaX8X^&@*0qcH+rOrvYiaI)v+BWJq zZMzw53*C5fl@vJLJc3*2qG2WuR!njAjA*>(y`3vtLARBBU3hS1 zD+EW8=F(#bj#Q1nEC+HT;nS>mcIxbrwaFJ>;EvS76zy5CD(;MadDsg1-WBsl zXoLl=vW~HZh6IGBk^vAcW*hF}d826>O@-0HR|=gsuX36^TUm5y(wF9v=x~6mb;4CS zKpXXnr-68pEQ4IX`6HRd5CNLhNP6OifYUr4tHony|VoX zOU6dCu!?$`w}0-{AI^$0E)uLld-g@gONa;Kx%3+yp>97~-sqR{t)6 z4WU2o=<}O1|L^HjRBQ%@pKacMbh52TbiOhgrk*ST1+TtHTvcgpY1LWl2mc%8Dg zgpNAM>cbSjUs1)cg>_2}NlPj?*}FF4)9qrn4crxPy}%fE4hAWE|CbSbqi__rFJYsz2RMp#SAl`aU1p=rSEh ztT|5o%HoRp^4>(XAR@fQ>2Nl*ba9>=l!X^ekMfWN*{@4L#uMpDwrVX zS5cEW2)Z!{OVTY-?3v0jj5H3VP%lHLlONF1*!V|%32x6zROZF$R+qu($Q79x^UTp| z7G?lrs3tnRm&n?p1|F&ht9huzuZ3%?qeHbt4Ao`~m2XgpPG`yf*Q&)R@su|bYh`f1 zKBO-h3aJF2kyjXD2klO1+ixV zMxaw{1f*!r&a>(;1l{21-N_gP-6U9}L9kAz3xee_!CKsxWDqUgpmwXw8-|F?=|*PD z`e=jR?+SWf%k=iAvh=6YMH*zjVw>^0rYOC)qCR%t?Yar{CdHQQ|2N;dAyxdZEtWWH zMVJISZe~Gn@$Z=D5CI%SfVCh1uZ>1t8{71+&l79orgv#TNZxAH7jL8QQ!y}QO>q_* zf&C49zXI|Wy)o@KED)S>J_#Gg$bOTEP=7crp32ej(r-d()bP**n&>U~@A2sGI;~Cm z$NRr_j=%pQMcn_8VjcsBwIx4|v}q~P+j_*+JWWz705nV+ca6^t=5aLGV`*%K5vzsx(O$@$~cof8+*Nz z4U_$dc>4|8@9k~73wX~pJOtn|;5`lYd%LjTD|W-{;H;U#exGw7vD!`3ve91snvF-f ztq01h@S@yzNrCjrabroBsgqNX>v8Zo(uZofOzuD)KHTb5ED%kMu)RRdPnBMo*nL)T*--MB4F)nr(sX>(vP2A( zGKuv`hMswr=_RLVrm(9&dnpOBJ-R&0>g7_@33W4+h86|$vO-br6#CG(cvIrmQWkHB zs$}raXsqFGcHSkd-{mQwX`&Qy$54=!Ge~kecQVjK6srp~H-d;54UlpO-%Jv ze2_nPZQyT2dbD=l-^k)DGD8t^WJP}?NTOAXW+bPZG+ry@;W3A+!rPmpLSZW&&D*iT zcoqya@`x2q9H#sdv6Z>4+=zDSoCENYFh^5MS^78b4wIpd$BeGfr8+uj+}Pogj!J%a zF^}7Xr+M6}pFP=eduLtS<2LW2
{&mMQ&s@fd4*Pe-v8xeQZi`Zk;WyFZg!P0ts zcOzSTXv5rpYTT--prdgoHf$R&YGc@9BlguZEk~@&e`v%;5LLAvPyK~QtmiW)J7R;^ zwmo9i*~cBRl~4bS5lekKZp0pWfk#Y^8?ialq9c|+s0H66M99kxD&3Nno_enS+O63o{cDh_Lb6yx{`8-lj(jQH~iTv9LP^5)Gqs> z8l;r%?PANZi@^jnbp@&tI~nX|2FbLd<@&1O$6(ofVLE>EJ#Y&#*<2O7d~z<)^FvXqf<)H{|C<}8U#!)_`_m4opuA=2Rgu*JIi=U1m45Y&?rb1$0*LOD#k5# zHA{0J=#;_+EeSLz04gqN?Hk^6J1@Qk5BK9xj%=V z_}7rd(dHe8l;RWh6}FA3OUPD2 zhF-QZEnzbt487u)xLz`_T>N6gAVyyN;)@?K^7Jbzu+s5VGp)&Z1UpOQt+wP%j>}u#A}_@JH6-NGl;9cpc!MQx{Sa&3 z(iVBMk+;brplgpeS@QlmE^l>meBM0dC1D5awdyg!&B%p8s^CLc+T$z;86}O3E2+Lk zNrj;Y@r?(Rh#IA1fQ~naLo?#BAW`5`^D$3wv-g2c>`iI(GTO1gx#nZ)KpSliC}tvR zo1#82MSi15{Fg#LgTbe&+5ci?J%2p286RGSc<+*Nz&DDzK!*1^-)JjqgY)PV;V-0B zDI?}bV@Yk*$2%yF`+6AMed&Dt6A5r#9ci{u9*W3+ogRfR7M~Qm0LW|ndnmo3MKcZ5tA z1?eNCz;e`}XqS9Qt@Q*Bc+W&jf8#?-DL-v)PfJFOCY8hb*MyT`Dx{nBxVUYkLD@N& z#K%|o9x=YUk;0{qr{wB_QZp`$Ns2sFkmIwEViZ*n6uS?|F*Hh!!#zQc9Q-nlQF4;7 zV*SNoU0|l8?=AiDK(BO6tjk09zS^Q#=6zyX?w&XeSE0upOpo8QoU=j(wDia-JF^x?Dp$CBrrBC8WJQB!uL zPzHCg0*>G^S)A*9cs)1l@fG~>Cvs zdfz%m#B$9s>J?bQ8*M<85ujUN$(uy{T5jyA?7P6%yOR4O`?(qS(*}rp5|0)6h>6ln z#4j~K+&CDRF0S$|H*$%(2?3yPq1F^zKE{pSWxAU1f;^jPqKHgF8z(?OFhIzd&fSV% zY2p`y0Dw&6prrW402!STzc?AexQ^J-dUS!i5ZSkVoAf|YchZj8kKrQiNg?Lej7psk;#0%r%>?dMZNYk7Z#1O2S z&umeL#V>M{CMt-B0{aID*bx;(62f=XePe{g!+Ozz>1e@b(E>580*&GYd{Y9tc+qGy zhF>tp!aKse*o}l3$o{c(WwFsF8r)2AyJoLI8vW|C@)q%sI0E!#8ZEC`aO@^PJxl7f zjQrHVAv8WB*(;DM8k;E!EESW6I0W7?Bvb?B&r9e+ydzeDcMJm27i0YSV`a9Ofy^(= zBk_V|7*c>LSOzAANXaY%D_s0ymJtld;uo_F%o6d7R=?qYLwt@{1MxZ9L!?y!TJM#C zIU*^odXj>ZVyyGCK~U=&-@mwrzVnfG2oNMu(MfCKiB2aiCPK=UES8!%7S3niWD+-R zzB3^ku#m~JfyzojOPr*YUHHD?LQ4u(b6W0y6e(s~QcRCeaTik1^_SFyh3iRk8)t}u zL_<2tn4WOho=7D0W>X}hPww2`7S7QN>Ek@zO&@3JBk5x>0~}J>z27;_7Vg2!l76o5 z%x4Rip1}QUzwXdVf<8AU^ zBRi}-o?T~ok3_7qE^*l>L_glyzqq%<=*QCa#q&C-Jbx9jEt@w3Y>9c+ELpmLZM@N% zQs{Rjw|ztEN!8aFtFJt9eUw7CcT|1E*=^o4P@k(fL1pw>e=MoJ>t9ch67`3mg1*b%as8=}jaOlU@uJtdw*%{|j@6f!pgwx7CwE|d1k;TAvJ=$D%CpC8 z9amp@tiJRF_0elRqXX-EB37RxL4EXEe>t+J!|Gcat1l7rqStys2i8{^tFI|Ree_!Y z;8;i12Zq66S~hwIV1<|R_xHS~7>4aRsOR|G;z`wKYJnMZwNU*YJ=#{c%=6SIJRgZ) z3Hw7!#qkrUL|8o9>dr~s|IG#Y`X?@`eVE#_o$j7EJ=;OKFZ}qk>Dewu_Ow}kV*dxB z);0Yfs^|(t$)DJVV48IL_ z7H1SqmyI7NsC?#JD$KbCS_3yOP**5Wf?|x|tWI0!7 z>ZW<{JGNW@GGAR{&I8ObREX+>H4Asr07`+~JTw}$sUY|{MH8@47=Pz6noqWq`Qfs7DHRdpD$qS)TPNq3oG0^qqIgieAJmQ5g|Q!9f#33PM!FxVPbWqa<8g`o6^@-E;|P~gB~TdzA`{T-)NR7 zYAH;=dCQt<-NVPnCYO_=^lCOyn&jQunYu)N(*t{pF z`i$n$5wTsp$l#3U(Zg@<;ABU671eI@p3^e<%7n>f^vd~SP~T`)ES5Lj96h@ z7MGSR8nuMZfWp~~E=-;hnugM1^M~%lQ#}|n49mpMSm%={ltL{p6j;jFi;sH4U`|1! zXyytYw*uBEx<6(iIbry^;OqTZw$?+n;1945YINs`VgF9~{c@oXe(v!YDy|?Cn8x(^?WVs2P;JYthf6q;p}6k{cfEZ_DSK3BrBi_*4EHonyQh zrU6BD+45iNr1$+C%ETx?=9_EPXPDnI!54twO^UOzq&J`F-A5;p^LrA#7l7W9Y=`;o z1##ak$HiD?BX8{8?jW5_j78GJY8^`cZp$Ce#q>(7$Uqc^IWyj6W zMk9;U%+e^buu04)QIQIO2FbJDMG;iRiB2UWTlFZF6lvQCUs%d6_IvgDto~=WYN_JY z=Ga-wy?S^LfXB1V#$80P(_aXuaG0;_9268271m|Sk$1cU$#tCK8^d;K#y4JptQ6na zHJi5G0pcoKYm8(4A*6tcpX3iIlcf=8`Wq5lyRqyZGv=b!!;bH8ZMx`Q`fz2wb{UoQ z*nt7I@Ks3pD@)3c@8*=LaVc-7l$a|i`IeL~h?G0-v8K#J%9im46Ul2+qVn2(8QCPX z<&mnDrbGhm0Ry4meka7XJUVp)2b%R$PDcK1T_1#QD%W~a%~)q#-MPoB?xgEempx%Q ziAJ;981vV^ZMUkWC)^)fi~bk^Gg| zDd)WdHFmsIwC+pY{+eW2yL3n?hm@~2x0`(mwsBqmt{)-BCk)f9`#?X7KN5$ra|q-D zhacVwHTuy1{JS54b5@cM30)di@jm4jC=pJ`-m>z0v(T7o3TOBjBymN%qG3MRz2rIu zp*p&W0`q%UPPH3Si~46u#qsY<2(6azDFBapzeAzJk2<05y?oA5*Wc_k0Q#2u zF*$lFb^*n8{Ty!59#8Oo2SV)}EDH1Fzc0fE1#ke!BSuuVLMI9D9lHq!W3-Jzqx>Yuc0n+V1xc~5XVLQ78AyObKj+k zeQo4(Bnk|Mp6D!Dl}R7q2!p68y-&j0V7y*X}pFp8-~k$#6g z$$mhgQ?Y`(8#|2>&DZzHs0-f83x!Uavq4i9LN-@i_lBky`Im(_92WEAKlt9`5n zf$Mie>!)7L?CU)wYP6`cuf)4>6`W1IgWNS=C5_YiMsGV~p-&$|nFG+Y(S_-oP+oZz zkstJb#NLwry@y)qf8Ri+|H1|F^iMezG&ar>lT7>+mFUZi>o_&BvAeSU6oA z(&w6wAEh`R)!tXG0x8RtFeEW}d2BefaWRxU5a;C(HtXj);aKIA%* zRK(y>!jGA09Ft#t_>0_!=zr2~9^5HIbzbvbXH1H?v zQhr|@stL(zcM2$4m#VM4_Gl!$Ufcy|`1SG~keFKi4Gdjv(s8FgW*5zgWzCi?lh(H} zW3u>dQN2YXro*_scQN+nEoR~R)vY33s-8@6<8*N9PGBV7dCaM!=Pg71#L13Vxn(II z%BC>Zhd2&hC!+NzhIIvBu?V0K33^!lWXMs5F!o$b0wY<<_{!nr#n+Xj~&xvNY~Asf9r0z`6SnTfwqj;4z3QZqvG7->l-2;FuLz$gG^UGR&2!2QRVjy z#kht?Nsi>97|9h@`BP*0lS49jvRkQ(SRGRv_=EUZZm5gs&RWX4QgnHregR0#2Ue2N zHS{oWN9)LTL&NOZ(f#`R^N=NpU`f-C+f0y6cvz-V(m ztt*bsr}QJy`Q+%Z`SkDNpFE$;K4#x(^l{CC{tru z1@-=9f4esKotHjs+ePAJ{O>%?`sn3H+bHTp`rB&g27LOn`rBaXuVvQMd~zIHd;)o| zGX6d;TU5}it6WBr;z`gG+R4=Dy<7|+{G|q@E={-POOI{HPu~C#jqC@OoPo8IECr}& zMO{Mv${dE1Pp_$ulgBazu5{ZsD;mdbr0vdifbbJX1~v5XeDfE>I<3co+gXYbH)?TI zP+uAYXQ9OvKH3i9fSu(kCUJ0>TU(GC?uPYHo92$ZLd!lhEF6g%JyNdxRZB}or+7<-5)}6YS@;*G74+4tkFDQ9 z0_HN7C5JB~^7{IqyBwwG`F9vv8GiCY?cMzV~;r7tQqCtI=6 z!T;GtB|I)X%$JB`eaU%>mb}(N{|&u4lBuA7AWDDcf?AI?v!nC}LYS?0>29GukZqLo zg%-t6AFJbyXSRMOwZmUF9sBPyg4tTEaw!*B>3RC?KZTx+COu0(ZJVAqyxj&pn@oB( z#?kX}zSdJ+LdP?iW*}B&-(!g;t3j;a+}d)o$_^{J@?zx5rkQ#n&s0au--PEY^x5LR zKAN}2NH#VIeRg|O_4Nj(a$bze*)b~r>3l1dL$iMhmFrC^_x_}9Dj#^W4JtR7RIayB zS@=IdZvTNoc~lYKLG!1g!hDw0T@~NT!Krxv8!l)(FPaU^|eu$81;x`{isXUCIt=_v+D zKR(4E>5%RQNoRI%O;V|1ACt;T)=MjitmeI0hBA$3DS7XZsT1x&^czwOkYHJwqTZ3o z0^dLJ5VWQfk5EzRSd(=zK1OH14rjHuI={cU%E#$gA6BvZp( z@i(n4`&!`#20voiiSD^FV#~#|B|Q`A=stTw1TCB++hb*W-*36=es+$Pf6ch%r|_>8 zCjYwX?rSWaX^RwJP->P3Xp!x)5o#=h`HnTi)4t4)o<+TYmR&GgD zEZ+~;Zu?p-jyYR?R)1ST|G__}JmJNnKhg6ik7p~U@axS#tACr#^6HK9M*N)eG*6no z{WnJwckaaLQ#t%dht2mn@BS?MtTxMAVUGXLDbMKNbC)OTUqbmVGhV(Ub|~b#TD~v( z+BDL2#6&wjo`2hGv}tmTHuWzYiQN7bEIyj2)Z_foHzY*Y)LHJ|TTdzRMymL?O;};b zmR0WilD@9xuiM=I5g9h`p#R6*yTCV9p7G;J+msYqP71V^dzFGk1Y1REpk0YPmSI0c;E23c886S-{H)Q7NFcAd=tr zdERr9le7hNzt8{o*AG1>?|I()^FHtMKDXB$xUm3g9#=t$J1`qs%1LXeLeJocY=8L+ zx~?JlllLqa&KoXa0@G9rOEZ(%sl265KcAg9IchsaQV{!jpz1od`3>!{xS%X_DYI=> zSPE^2gMAQ0G5UQO{-%7_B=2?51Ca5ge+oF;=V-tJH|P1Lm^{Oq z(jh2f?`+xz=Q#sGnF7cy*7Cao*B(Do(X(IV_8h6mShn|Ryz}u7@4cOnt~vvbl1MLS zFi6hGav%eZhvLq?%LzLnW_g07+JzxIYj`0Fo59>+#daidgc)#(6pg8n8VR*v-~y|( z{%4uhO4T=tn}$Sfa+IVtIm+;_9O7dKuRoH8so#FC$&KH*l;y_mOS;O9MX16cUEb}0 z2*k4cHgSGJ65Z_$UfOcsXCyDgK@vJ#vX*2qU(j+t6-rjU%?>S)kt0tq1k0^>x5eWZ zeLI(hd$7;Gk_4epXp&&VbCE2rIU#dL9Mdi5Er!gJjD3TaKJ&Qj5|l%J^i=j-Ubq5t zWc;QhBX#N#6i(Pv$YuAUGNtvGpiFnUOSwswY%}t}AXZ|$7Ep(#a27+0C?FSN3`xf+E9kn7hVsE^K=*`m? zkeV*}9aeeqhAh=U1fF;)33Esbx5M;m67wk{a4+q$me?*^q+YmPFm^;`ehNMFFJEXP zyDXHRSa8QS^3b6rXzEHUPbhCp<~MS?c5ThJpTHmZUgj2ghLdMejPW3<5o^6#)@{K( z%HI)?HjWx;m424nfEm2)d++?w-mb@WSHB(NgjgD$lMYyLP*`qD}9aX&aFaBBA zrC%hLyx{b;C=o$R+amtO;$9{Tnp25o)o#`ri69`9IcN+M0eR9TC$KbzX+x5UaZ~Mi zW{#TY1|7(GYc}0a)UIB3S*|JIrxDif$)+la^#A11_;R;48e32WYO1*SWJhD?t;W%~ zEb<8Ic=VxUuo%pkOM+s=5I7GvR zB1j)8_sz6tp41q%v}t4XIH5`~C;y@z$B4&48=!Ry4FjYPo;F5RpBx`!ymS7?!FlZB z_}~=I%Qb#g3-5!1OkoX@Tlv}*yvf$Bl3w;tGI`QvSjR*xuMm4AE}CRFIh;UAhr}F+ z#wz8p{1sf9+A@_qtoS1ZT@idu+Jg`xP*#_c79!^=6y*s)E;TQduMq(QPo$`B)5y5$FCUuh%?8~wUndhj)z zd6yPwK0zVi%d+vw-asvfq`BK7r;*fb$3Aw|+M&afpAb0}y`jNf7LvwU&YcAX`EOu) z#H3PcSXOAaz7{#nW$qw%u~pA=6c)ZedquP0SHF;I-XyBlu}ToU&+#TG-bY%`Vg^!2 z)Lf1VCJ;+Z0DEsuAsaO<+8)reus<0@JA)iy9ugHcc${=EIcdSJD<~GjLG{v-AEJ=G zc}|b3uA~~eZ#-rxNs#Kn&Dee29ILy@2wB(#vV|bCkt|#&P5MzrHzL&;)l>+}e0+5o zX%8rVv>U83S*6fTsXTJ7z%pxm%4lIhOLHa6*~@&`dv;N{tSay!J0iI;{&p*PrsiG1 zO%i*`liZ++5!z9Lx59qIn8z?z%8&$Q;iYc1tX=7MT6)o*)mRTPAklZy~=ATZsiuNPH}@(;P<<< zQrM<%7kiX254KC)|Dm2+Vrx5&EI;!tGUWT1%J99+^C@XgNgT9O-KUWL+}$dS6|nVK zc8%0j={dQTM7GHNAZszHTNF2FB3&)08DR)N3r$Q$=&9+?i4JP7HXVb6*{4vY6J1Z$ zSj9$iA$a)36 zApC~>bFecopn%%=wG)R_U3xVOWko(h`*sNrg9PsalKQA;zRFfkJ-QYcwAYD?`p_%; zqxEJ%Y{Fw<1JJYlLN@4!i+YM`!G-<-g^HbsJ>QG;J0Fg(e@-ah_cCYqoQom0>Cz3W zHXc*Be5Rh=mw()kJ>5@}P=C)O7JB&vm7i?+J)q+iD8KuHPjDVdD!=Pp8NImW=l0z4 zA5p&VWhRE+9>bfkNO;Y^sK)UHEWA5Y?_Zu|LBZR$<` zYk9txxfl`8p=&|RV4d>bzG&nVah{uV3662X#7P&kIb`i-b6I%{zlvh=HE^hbix*U|kge*$1GEpYRDcu`tziEI z@9pPqlGJ1^w!UYxNM`~YyP&0ICW|gw(WYIR=z_>MQESK;#BJ-^MhZDYRjYc|D`W`o zE-K!s7W|!PF{pZg47D52Bv4g^ww61i-~$}x5i19Bq{~VTh8%yFwZ@+t zYy5Q4_-rt`;7YWGp)a|wH}VbuzM#W10mPgRz}Cos1bs@+`lWZ_x6;_+#>8hSiFWL&gjzfX`D07~u`}MX~}+n28D7=1Ic~xBy7p%2|NGOQ77A zc!N{drD(XrNi3m?z$WtLu&;=+NBRY>0K3RS%`Mg3$NhhtJ*LT~dJ3J5>ZVcX#sQ|Ss2d+@?nE0j)ud%pkhAiFfJx!J)d&&kx!#aVTZ zqkPL~cp4q^LzBq}O7hc%H=%I4Z(C!X`)I-WnZ7#54=>Sr3J;;$8!Q>9m-B6;KimR! z0IKKJN&dcQN0aG}ge8Zi$ZI5U?RBoe-3#q6(=XEG4<*YME`vmgFYh25#GBf+TZ_~S zf|=u7BEm$!t>hE&gX}-ww1G~GQf)eQ(_&^}h1s;YG8E4AZEHiLl@PUm_xZkUzB>00 zq6^1fqC;$Co}B`tuvA^#e)Q57u%pVyhGPFgT@{1S&$q2zD=#xvUP9@|MCs9&NDhm! z`D(CXPNFYrgF+;WCMQ^R6emHdwgT1S_y7ViACzo9Oi#(6^aC}susv$`H$QIoM+Zp{ zHjXbQE{pcmy0mN>7-#e~eQaV)CQO`x6HmHJxebrYaOk-i2jBKC#GU7hYB}#kGHg`u ze<24C!z>Qt^plW3c7IFI@E5yP{`}wV}Ej`ja0Q8@HQ0{o{G4 z7;aob4nu^%T-Cg<@CtCnuYH~e)KoKYm|2@M*S4*S4sM?VyM9FW!s8d$nf%;7LAIV?b zoA7)b48~!ugSP>TNN5PHAkL_2AqmOK4Fn7tEqb7<%&-0kXSP=K07kM*ErJGWyR-5yogBo(5C zE4EUr6P-UwzjlFxk!CcJ%}*VLl66w+y-$FI{Ph%#giu_Cf34F<$RYCd+OZ!h9-A|G zAsv0uFGnjBExSm0>1`!%nEtDsQDB{;719IRH`_#Pp*DBv{>202NmaYNpU@HU&m%~^ zSk)HU;SMe*KE)<~w+mfv1UrM~=S<+{U$U)u8!=zP7;`z+$^1^2at)ewQwy2_vgKaO z2X$885czU%fZ{b#f59<@R+1cFX?I8seev&oN6m*zPjN<@oTaVOssK@2A(f!>Uxo6% zfA?@e%`w~kd(OA}zW?O5O4yI3Qh5CoduUHOQY$ic+I@%H7u{JQH4O9b?iJeI4Bq2Bt%&+&A^}!C?3(1iw!j}>_ z6#z~JZfem-G2Fr`x$Zww<>5awfTO-C&1!~3ZY=>UPCF>g-L7ZR!I8EZ96Oa3b|Dw7 z>uPBn1dfg;yeW6wQ0}+1pRBb_hIth_#fqUHwmDny59u@(wG3w)gWz6sV3t@iG_k(uJA3gQg{oUPA$(&UopR-mR;Zx5jzP)qO9IH2z z_QFYZv=<^JkX~L_W|O1SZQ)k|2bQLQ5J>67xeQHQJT#=HXExR$x!m`~`Q^U1edTp` z7L0tAgEC!Dhc}!-&IqZQnQa85bON3a2NeY)jX6fW$_J4NA+=vYugrEGHdBW+W*lYA zc>1d%DDf=1gA}GR*fGMPZ9`CR74Xj{$BrOWEgj^b?+c+}BnPd$%GgT#y0pkS!KuTMyDW3j zXf*6t+1H*^D}q0l?Ej=n>&_*D_OVw6Mq+#dSc>QFwj zhrY5olrQX|{dpMlGcdc;@En8Z*;2#xXF{hp7L;-vX#f^T>u)`qF#kH@tfA&5rq@+) zo%)9|;*jnvm|LM7t^i7uS130Y%&Sns6?HcjoKvBA3Mwm<11O=SLb)A z6=`Kk3;xPY6$KTkoN#9N7lfaHGXsup*5$k<0y;be2|@dwYJaD7@ws+?Xb+mxOIpQO z=LNI!F`6^4N>gNWOSG-H15;f>O~Mn?jQ!Mv+)B&HPLLLqQ0N_R588K8@Q_u9c~-Js zodmYxs*0voXG{e3eq36Kf~3Zipr*2A>Qf_q>(e5=>n)M=`t(RjeJ>gUZjb25gcAXeXJFCj-UOTx z`B#1K$cFkpkr(PSBlY!Jk-ydVjjXMgB2VMnoA|a3-(JJF5Wc;PZyWLL#p=}<;1tiG z@`e<=SUfj`|3OTjfuAXFpo_AKquPvn=Y$^x1mMd%UNd{Md45Zvm!jG8;S0Z>skDU2 z+X(hk$X^YqRY~=$X1a>E!#mBcyje{fq>e*1PGp-3)HG?R`5&O>uYsC`m#ZnCU3put z{=M*Eu0EBE;5HNxh|)p}r$SM+h26=`O5tXOp)BLqGh>ibHAuUF93OrSFckr;ew+nT zy|a9G7R*kSVMVzB?E&)A5~TyeY~++0=7~jo4!xC24W0r=;Ld^)so} zDLC6ZGI9#q&96f$P{0gtPQ}F81=GEK?Y_=bueaQHEY)*oabr!Rcew1o9Y&IQa&Rh` z1@iQPJ)4i18(z1CcH1&SsH-{DX3c0p>)*%-DKke^)cx{|in>K(D(ZfI zW<}k_V=L;Wj;pRvW}b~rdFe0a$Jy^K)M!*2u$Q!ZS5{X{0!@@2Y78%>V^c7z@?3UL zDn4(RY10_ukD^Z#e}pgRi7(M}^)H|4UxtV;Z^pj7u761pUw#++vW~wba0A3I@xCUL znpk;T{o!12K;ZPH+C^+Qlyla2(r`dEt!V(}c_CWEMwH_1U;I_^hhQY5bLL_Ur-nsv zWl~~e4vU^Q%YI;i*_-YwEt1x3F}j1OPr&}^!*XfOYtlno^b+VI%A9TIB-Zw|N3Sid zxFb@)MMBcHritsIGQr0&I2U|B3NE)E@|=&Nu8J4cm%crPq6m4*%TheOW35|+U-P*L z(af?G@8yvt$bL>dJ8@y^)p|=jXT&?ng`|0{D@w2S-gKqMZR}(!+VXr#WE^JV^RtJU z^y0~E*z}M$f%4@!Y`C>4qFg_>5jH)e*wYEt$sciSH zRq#(^1&dKcpOh6RJ)Sqo&*?MrJCoF*>^j5EH%8LHtXVu00fkfAkxWlL{z~2#A|-nHDC7fYXs^|6-a^F;(n|2Y5()8n0rlrE zsc}nBy(jr^r-M&v+igQI=I>T8_Fv-w_K%?cKmR0QKh$^TCYSP=tW1zcza}fUSe?p# zsb-%zIrepq-U_jrD>!xyhBz{uWcsf|aJr6+C-n1iGy4X-h<9*61E%;6OWr{Q_(ui= zB7bCWO3z%E8F`oFJ>V>-OATp-4t(h2P(pU!Zpk|!G7O0|g{Djr@Nk+Z(^1#ALfMA? zNS;;pMinE|Y4Hq1s~Y{CNb+}PdJB9xn=Y_ z4Zp$sdcgA{+d{H@fz^0L!BUrUFN=F!IL}_khuQ>v0+4&DD^MdqATS+6vLRv>8~6w- zusKXZU!~El9I!_(fsz%AgK3j2)&7Nrly7+&qWkh_{3(!6c8PxrQm;T~E;zBf)|M zLdu&sAyMAL!UAp0i*a-YWvdIb08xGg86jaBUBrOM!FdJwUHb#QIDJI%e<#rvxe>GS zrPj{{hI9xQ7eSA?oM?iv?rQItXutWTnh!@&VOoZCxD9a zDXLIj7s^^%e^^Ylvkfe<+`N)RU-Vzo%0JOtb@NKP|DAq|pf}Ac$-$oa+edLS1bM^o zgegLp9QX~H>G{5&B-J+Y@B28CMC~@I=0mxrS{1g7zr%E;h*@O4ri;ZS)pu zg95N3-3m1dj8N11qECInwXEcFApBJLEqp4$Hm_u(K+&e9dYjVeQ{Xqo*vLw}bgQ3PH$shk__!uz^k{CN4t9~i^SdBazb1N?ZRMLZf4ibv1p3KX!af{5O%! zukz3=YKV?zQAV@)=%-5ejG=2tgO+D9l!M?|d1o*z6DAhbf`tF7;{!ZZD$Eite z7%r{)F7*U$2&Z;wL-?NLf&lmT6BR_)eRkg&m*|X>I^!?ngY$1VMr8xzgS?`N&EWc^GsyA!!wf$<6rZvfB`+9UcxXx(_t6XPz7Z&q?xaDx1;4*9fz%z%lxfD|FfS3aUc-l9X^E+BhL zHBSjh5&m)IS{>4%L-HNV{=k~+(Ei>gAO@Zha4p!GsS%ZfE1?qD_eBP17;2K zsKBo*sb-{r6doEYcj=JLI^<3P*;lH8=8zyoNU)Wv4*7c>k}r(+AC{z=9RgB#$gk|w zAs6eAcbRpH^k-&YEF|yQL;>*B>c{v{7DrCadY3UYa!2y=`NDL9<@2Q}zI={}ykhml zHloO=>J7b3)!#isKQ~4pQj*F;zAddFXVvD-($pQ*3YV`DF=8S{Q*+5aT3z+9#zu^b zC3*CuJ0|Ibcm*@OZ24kjew`=sh7qokrL|VyhnedC0!7M3hPO` zCKA^J9qVSb_IFy^R-{qs-#n@%`1SSzQvENd8u^hVewHxWt-OU(5pVxsiR?}GyfiSe z1DWG<27SD95YLBqo)O}i@cxMQK35K$?F#(T>WscAM`3^fektOXoBc7C!LP9levM`D z3-Sk^3WkvkQeO8G?X5E8C`DjEK#;hsvNWmoHKvU}z*J1!?L5H+7G7$&IVv^yIS&pC zUOuAEg%a_tQQGG1fu{Zd#_8kFv2inCCdBPHpFo=NCYUJ;MhQo)vTVp@yt$;j3GJ~` zd{`P{^Jei$IcjhGGOa?1LQ5fe29;%b&V)?JwsnV|oYQG8M-lU!AIZ@^-OogYt^Q}zfuc7oYAu8` zlL`A^U(0{+)2URZJ0UuD(jJ8)636hCZ0XWyjfZbe*NhVFQucJPI0A%9St=C@7%97= z;5vJqNwQTGRMVhfSHNdvDDUf3%JWcuK1I7hbDB(PIBPu8%~>O*L|=#teyy#sUa=%M zC-r0xx#G*UiH2MGvFp*qx$P}2=BySpH)-YH{9Z5E^Jn`yo4wvvmg*UU<>3g^`GgPaX74P>Ga7Mzw{iH> z3TYb5p0x7^AiqQwS!!sJ8mjig{z+Qz_$s3n_N61ihj`CISuGF(#Im+ThM*Ra&ATlk z*_BY@dCUz96Iey+-Hd%s=5X(gn%27*BxLLTw+=}?LzVU_B{0r=&^j1QP~uyq$u)b1B-_7@2$Mqwgv z3gIX`lrZ8VV8mAtV8^Ca)$j|Mx5n|IS>VHKj1PG_KD0roAIsPVd{DMVPC+dquXk&L zJx*YGEBoiL%tz}w~d3HU-*#iw)Ji0R}kSpW&(og5Xi9{PWWqB@k_j4Smf&j?ta zZm3Y&{bU24(*aSMd{yQ>vUx{zHz?UGTci;7->}i<^B7gL6nJL=-D{g!7w(yMrTQ@RH zI^uOB*y?FrLHH7S3=UV)1j?t}r~D9+}}h zdStNQ;<|z1-t@=|lRS1^O86-7Zk-hVmL93$uj$b%`~^MC;Wl~<55G^3?C?%{j1Ip} zj{)JW^st0!LtB>a`z}Ic`&TdB3bfUZ%fYj3mJbklpt$p9YDjL8;K&Mc&2k zasWk>N#~QRW7o%=T)b0YaiNiZkf~Im`pdfR=*LNwXTU{><{Wu3e9W!uijOJX)^qam zuU}3x$iIelBmbIalz)AgB>#Hi$H>1PkITQf>!RB%d|jZo(y6?yITL7hHNESqj`GMx z?owJ|BSkhddBSGKaTEq0zU{ucsvlTG5t&CeR4|t*5au$Dqe`o8^y2tIhds7|4P}aS zLm2@j>|`827;+rbb3|D;;|xr22bO?#TxgSn7lCVa9K}$!i0CgAp^+kK&TrA|i(oAW z+{J*uueO63mSHFbB7GJMFe%=iU6Wv9cW|gEGml8W`tLumyAVu|C=iStdtFpoLjun0 z*!-xwcua9y_XP<#HS>0D*XkA@-unOPNXsNbnFE_lm?M#=sw?O|s{V@ZvZ8&C1`O6p z*j2pk>eIhZ98MKQ z0UGYBmCgP=sm0q|!Kufb{?3#|RkZOz)fJMX5W0|?k_<#DCvJ_rGuxS4Yft9ZRJGHW zygRn3pCS#quatFWU?22EiR&R|`e`VScHH(@nNN39=4zj25^6xo?(uQL=Lz^Y!uq+5>T?5NXH1)p8x^c)uydZiiZ#Xb}&)#vy61OCk*k6=b7AtWo zmnh0p-jWKTDkb?tzWNtdBejd13E$;FKLN7R2$Do!x}oLJ)>V+f^INjAL*2BDdQRM_ z<(5y;WPfL>CzI^o@IxKDJJ%GjT#i@F-vA)BH&SM%V2do6v~ml0m~H1 ztgRcu?s|-g8^XP+$~xK`XiH$_EQf6%H>hA0$l?LJ(rL$DF*`%dSkzhK?JGCiS+O3? zu{?N+)-l=$V(|%Ld?wNUE}2>%IK`xMl3nTTiN@nmB|aW|jpKnI>hd-okG)CbvDYvj zn~rMZvG;!&j~c$Wow}Cq?T4;${5shmvPE+atWF%0?)IPL@##{?-&S`&M$F0U&bVS+ zgro_>QMpG9hp=C91)eS-nUE{+uL6<@1S}=^PD6qtxupp2)#zX;#^h9tRknPUWeDYu zQ`QGKmJlqA>djD1p|Pwa$C$Wama84J$qn_OHYCM-jkdvSlLTy-n2ozJF*X0iDd>94 zW#V)nw?C_QAHP3KcgOp)aCg`K%-fyNpU{yX*Pkady6?~7HuPt}$@hoFfM=sW^=-%R z&m(Q|{;Y26+Mhey68dxC@Q>@y1D5XlGm!f8=|?}lKkc6!zdyS^iT9`Vldk>w*Cz@6 zIrT^O$87DsKbN9d)zd?NVyvmqjTmHUHlj2RaM8*;jDE{umg8MWQcv#$lI(knA&bOW z;SRb4k9^+lp^G%+Kp&Tx1d`;VaMnr+4Fq|>9k%f2*yAX(RP!r3(@C$8*~Nb*kRMeV zMU7O+rQ8w=l?OIGXu14B4ws4Jo#iotqzDns4!S{+8c6yK zG~TqW55$^g{%KA7=XgWYUhErh8eMXxR-kFg<121QGK}xrHL>wUWs*45SpG7Y>H=dG zv{awhW7E{*H0=~)(+0(whI2;kHgDhJZR#`kQ?&3bHXc=G=~Co~O%2iq<*r0YJZl;B zBaR5DO0B=*L5d9k)L{R>Sn^CgnIvrn|G4B>nQoIh{C8XX#j~L1mzU<$(#2@na@-XhW0_p)^1+`tv2zyJE6>jR;{TbqcNkE z;WLQoUT~S--j&atxV>kbbbCv>Yww{6$?ZLG(@$t`lKpB4lb)IaG9K`im^=kIkKiCb zU01ND3xZdYpu_^va!^y=Bd=Pi;kuLxrE$Cs#+SYWHfzXEcF8q1qE*l&m4T0TDqCrA z(p^fmHS!D*1hO}WL_b;~Rdm{Y$7~RCH$hN;s6xWBLayAu^(TAMx3N}!Jw8G7T)ipN zR82O;$o`fqnDYWYUx?3c^A3A-clE|{Qy2mqQ}xDtQ!=QM1iGLL#I;Efwk{BkB#6o` z5F?Txin>6UlOPs$f%xQ{L3E%!lhtbcIe; z?ASHDWAj0Xye8kfje4s09f+9}_1?C7Z1KFauh``aq>NiVxg-NxSGch}?9{LN5 z43zhwRs6FsD1(0fISA%}YEy^}m`0@(H-^tc4t4wi67*~hFQp%U9zOt0-s%i}n(y?# zkwRg!pZ?`O(D`a>IF$g>0gVGFbh)8DU>CN7VV`3StKj7Szg|BdDL-ZXbgYf7pLdFn zyMDeYKI!$dt@uRi=g-9_T0gbLCt5#O6`yGR*o#lJeufwS-&;TL6#YM4KjZH?iS;w1 z_Jr%_p;bxi=bdNb>*rdtzJ6{p^{{@v`O2_S_H5dGjl0LEe0- z1@dOvKZ)(}WJh!46}&_C5t4WqKx5lGT9mx)9jV?I<<+GeBw1CGd_!7qwz+qtfn zy}nn+=7pZg^vhnK-m$sJQ!L(7J2o%yj1=#dj?I;xf%bay+H!9{dwt5|_+{-h8%S0imo-_FsWu$vf8w^WQ0Ddtp0dPU`_vXa!w&d@BPW)b({C!p8_oC$Q*Cu{nnEZW4;&)z#8+aLR z;AOahm*ECph8uVpZs29Op*^{zAI2I=!XlK`w_uSpX0&YK#hCCjJ@KbG@uwy6XKLcl zUdEp%zj))Bn8giPs&?>EHEpql*jqX!-Z7Ttdzs^O`QDW`vm6ufPKuERX^_(@Pm&ib zK8=itmyD1aW?Rc$!OU!!@}9c*bUBzNyUDkK%46SvLb4{R7^j;K^}9v0CUWXYWU+VV z;zWZY&3}FJxCH-osgABv18!nyE9&g*#D3>5!z93@w~67G#hVm-fnN5U570hlvIb=q zm9uD`?tQ~_*7F^CLJHQ!U_))`8D=az=&Z9%3@yCfdqu7#|Mn|&s7!)NF+#y-;&*&ks(Ou(Zok7o8*8y5Watyun!fzCDs&Z@f|vi%2S{ zhi^|W{@Bm>k@dPn!!Du=7a?*5KSzrh@0G;sFQ7N*mvTO&>*DbaxkAoAw0BLqhqFO> zhJJllA8{n~FnVO&hKGFve}oa{KX5dp^U-y28s`e6xF*?ci=m6pa4R8aXt!l%AT48N zz?EThMjMgjQhLkE_AU6~Yz|QXD!1flDQ?t~_53;AIpnv zA$32abV7N~03WpakWo;kE8w(6GRW>Ia;7WLn_k?(G_y0*dA^fekeCR&i#I#XA-7b% zy|~d`yUi(G7{XFRQ(9zcDw@zcp~bR)nKi{LVLeLgO_Rrt#j1Fy5$i1>J_albvt2N& zqYXG;Ep_)d(Sn4$$Rvr2t8u(5Vym7<`Pb}%Lf^!(QY}el$Xeceilg{L$X$=QVNLYV zW(o|nrqS9Oxy2QS~W`9!LSl-cO_U15m1B0aXsXQQ_Tu2|pr4q#3R%(ZLERE)4o=;`}mK0-%PyZORuS=Xt)IIvUMZX{* z^!@|4(ysni1CmYN`A+kH+4zRi(uBng-nbZ`GL=3!wTKd zjsG*0{}_=*8j%cNDUArN%-;28`q39-oHVvE|2d51L^<$ttIou7{Bx(6>cZGm7im*X zeZ0&TJ5R;k;spOlrKPw6QvtPE-H6kj00VPKvxk!!nO1IR*7;H!s0J*LF3P7cD~*ve zlH#wC|JQe}(VsZYM_kH9FatQmK?-P7bCBu#yye7KrEhK=wz14<= z*|vxx6aB)Bq*N`bebI9i$4P3qA;tgM`S_4VA8@uz4$|MT8@Z?GA zQp#0qYD?I(-&*;t|%^#J+wRBkrCoZ zf7>%Qi-23+LBIvRK>?k)s7Oa1!H*JE4A^0SWO=rLoIvcLq4qqE$ZOA+M{iyv$*E=| zs|l*`{z#@GgHG3}$P-s}B?v+$(#q5TM2=kqiT(w%_8~hPRD;|3fQv%9hz>w|{W+O} z*C|0&ISu$8`$UQ1tJ82;)aY?64ysdm*FE};#bl>(gNv+^g)Z-P3hh`R>>*|b2TanO z+y>s1YbxG`Gw?$piu#Cca)`V13(sJfQ$hoI*LEU0}|H&VMrdP?y#A-TE>*sfX`YSF6BMf=(iW;xX3RS4c$yuiFI5c)@DZ} zRR*C4&0>#n3dyD83Gt2Y9?-10lnfX;f%K7#_qr{z9v4SYR`8@H z>Uo=UwN@osW};oN;(Cl#Qf}on=je|YUBi(17j$@d)gwyQNTE@fJab(TiK7cXUNT918~Sc%~|^0k_wmk zd+Pk?U5nf<^C1^G<=l<_Tn>Ui1LjqodYCeU7exW1EvDw6y6qb6;8Ph-JGWX(n~gN+ zJ}B);hD%z1IH7C=-0BATN2g@6?td}-g- z5t#cl#n`9P1=?Je8&gNx&YhShdJr|JgL`5 z)O-%qN^w0Pqmldt91YDy!96z9%pAy!&rAp1taW!9rsiRqn#5kN@yV?`81Cp{ZXTo|W4nZ`UfoU8@h0fgVckzq-y>Zn=mt)jylz+z6ZGNX zE)!I8q=yOm$KmcKD1*T*rNg>R(A|dQ0iauA1D9Ks zPeS`?j;vyiyq6{q!&^hUpPycbljf&Wy_%CO4-M@yKXhv_VMCWeUI|zphJ-;rp#G(k ziZTpArC?xrPDWpP|X~l6^v78EV+Wmd!WpVc}n(D~A2bSK3#CN|j_Nc5AyFwR$rkNV0|> zDmIyjzmOWhws%^kReun2#fMHaXd3vSK}TT<#Y^&LVHq2Kcs3csIIZD7xcA`&Td}`W zT5>tEFH6ksw1w{=5D3Xkp7Xilm)=dKwqP&6D6fgEU3Yp$>6dGT!jrk=i}JJp%TAkC z<4B}4i(3W5sP;s|sOvPR9+vGt5l7W@_`(My(!O|*V=1MK< z;Ir5mN9DsJga@457a7Pup?rRL627k%7UuE$vJ&mfO|ka3t8c*SMYAFA)*d~nB1p8j zb$RML@r=pmN#HcaG{`r|`w8{5gQexk!7<5|B{(>Cu;d$9KIPC3`We*no1t;gMMGnt z*#t@p*jQ}8A#vD_c(J_+HprCIaxIFmZ^-0n-Juz*hc|tjqg`()%2{M+-mG{z{iqyA zV)O1dRJj=M9OvIy*4KmL0NV$}%F3a#2p^5@Kh02Y-*~;m$A#Zaf^9IsJ{pH5Jw*7) zB-k^$FPHQfk)?*toNa*1jl)qe!APaC!0Qcw?l@o;0iJFIe8K=&69<%HkWl*k7UHb4iXRAWp2` z!d8A0HANx^A??b{(_MjEa1g@rHRuMhSwpGVuHD$HZn}y{SS3n*TwD9v9g~po+;W}W z_d|+QOTkGt^fsGPiYXfEpMOWx#&p(y4~tls#d>1i&f+G~gsvUDEMe3{yeVv4{6gHu~IhM>f9xYqm*xmR2-87 z4wK?=RMfd)UE?4J7_!RD0nt(%Lo4dMl~N&HHRiYoWWQ3wEbbW$GoiPeZzC7=U)^lz zm$zE>-<@Z&ze*8dJZY}L-G;#scLU;2ntILEptJs$g^PL(%>{;740@2vH6_~`nn3JZ z3$br4psRYN>^b>T_ADHX(<37Qy+S}gAfUxeF+?_|$&6_V@Tf8wy;#2tG&mZIrs5|} zIZY1)Gc+~pzoX5Juk7XGGf_PKP`@tJZBA(+B}RWxmRnDvk88+MO3LOd?WJt}LS-5! zvE6b39EhXAvSZyi6AY4cx1rq^Xji+0DTa&EjM_LThmEgr*T=~Adr`yOA}PBP!zE)t zX{#?3w3_!VTx1W|g4(-_|8i!nc z9J1sehaXv|C65P~&bGw!?Of(K1KGr`a3wA7lRVc-f9dvIyXzovuzapv)9=ThYY%64 zJ=d;zMLXC2Z9fr)6==cY_>UUJu?2 zDCEtj`bhnzu9>L~QSB15h}(sK;FU%@FgETYS73R*D{u`oE1!DCN_Er4eV-3txU`Gm zcB@ZKqw9KJBg=y9@RO&o6kzG2O7f0bzSJ35MV>pW*P6X9?AXVonqC|x zRZeMlO6%^YZ{EGm;Qb14f|)idio$RC@Y$2FD5Bq-bdIJX^+Kv0_4QfIhw1vJgvm0qInxVE0EPNa}Jv}qqJ`5w>4o##RWw{cRQvw9q3@+ zcmvJomVc$8W7jO8A?in-r$Q0~Nuv75RB|dhptgHSIN&G}+xk5mJI-CCmY#~{dnlw$ zB4(D;$kPmUW;yA(p=<&_bAPmR7Uo5GC2ZmFJy-TSLYsMJb z0IuqQ`VN}kHQded%cqf;^j31QP ztOLWkZPt&7M@0P{WA34ICzXGxI{1t(vp@GIk5@u5+1(b?jeM?152v8Z=h{^-9jpv; zx!z1n!>B*}wI`zFhSZ`^PU&7AoP+c&#~GihTXngm-4>Hj+QcCJc1UcH4EvK|e9CPxSz|l%9oG(t z4bqR1Kj%+B$$k3TC%fIJiz2ao`m5eQexJUmch`OTs|IbKPE!r?XGl8GdQI{iUN+b$ zhwgU0^(>Dr8+)lzI9x|eDX zA4p);7Aqs+N6+O2-Hqx9oSoyXHptUMw(tZ1X}|UOA>t|q;z&shrq-H!2q2CLUhn~w_0k7)f#YrKTC?adC46C`) z#zimyeA{JimhPcjj^xt!q*ZkJqMX{7*uW_>U>aL`R~}hW-i2Ac%jT}_@MP=sg#zKK z+e`OHiyMn~V#2A7+VzGm#Vfq9gBGVX$!QyMY>~7GK1raD(+WN&jHk9MuvK1cmnA-yH&l46^p`< zmW^-OjstbHIPnQhRqtNR<%!9gZWXJv-Y{uF%e}oQM1UKL+JkBv4{W#mLh|?qz?Dwo z7JB;_MwD0PZy|V&?CWB$sM{(2wO8Cu@xES3T85As*sH4;V)jG2O>@BP3g9TR)FxtA z-TFn2$qk#b33Bk)*SPZ;@U1Hz~ty$zUEePJo;|9Sa=P3Xe|A;7f_E;FaVAWCe z2|7_3BHvj#^4(u&B}BfnCd5`--E+J<>v7`Uby%QGTlYqe$v9sw3SS4aKOW|-pNYwu zh{;-LO`NRi0sy2tKDiNF+BY*ql{;%$*Qyj*aB>0V&}fAtByX z0%&*RL4e>1(+)!BT-Ik3Y3-z`t;LPLBUa5RPBG8r%L(#v?f9HN&oq;Cai z1m+T!(eyG9FEYJgek@Dqr5EXM@gibqfiEi3h<7+uB$j9fBM_YPEj+9dbnOz;F?S1V z67dpVHj2DuwI3gy2Vpyumh^60qQQorLI1>f8SRZrV9qYpum>)?Z^KrUEJg~U1DtQ+ z`#z^+prJ#I_~Kh;8{xfOb({$<8C%uO!U6`uJ}1t6_Xh`Pe!HI2*=I;;@wcU7ylPzL zwrHDgnKZ()HBy!suUfbkfvS+jY|EnYG6f25qNt`%MI@|`7CEHm`#VQ?eieZRQ5aQf zM-sL+Q4UA;VP^XCP##nR6B8^ZyV?(Mq((P~j}aVdPCKTIIit(BVeqi}YRHqPb{pm* zhf0+kAz?5;?X;-QG5fF~i;c*ZPyv9tQU4RZf+22&JuX>4mpjQWA(-{|bU~vz zN?^J0staZG8n^6ygP))1oPf4rMm@{Hq`TrEmIh07rkOZW(j3v*_3N?$|CRY@gR^-wbP90i<; z&*3#%ENglv9hfnH&hhh)5iL_ws2yy%!8aHLa|*a+0}U;E>7B%uy_9m?l8>fv$@it` zJq!~&gbxQeCC51&M=G5~Co8iOPI}@w? z`|+#1TT~e`>nIi}Gv=;8e(qaEZoky#(@N1t)g?bmNM21PQq%?WXL6yt9R@rS` zYj)(Alr13OAM%ZsBI>Q~Kj52a^7ao*H7oX%>SpsmlWsVVAs)+PX!!#kn}}mokDiri z5HDzp)By69vzj)oK-zW;`is0z4^UiY3Of<*Xw`{gSN?c&YMjbGlbT@HLlbtxt_1$r zK+iNR*nE5<;1^5nfm8$ftDm>V=y$w5{!)_%Y(h>bH4$w~!V>^)FdWLd+tB2z;!WJFKw{i0b$&OQStxQX}rkA@@c0dLtj` zJ#BL7Y7=;C59vPwJ}ckh4bFo^pR&^H&}!|wcaMwWc9%9uHAC@9x}+o04<7@)V##G> zDG|8OMkPp_cIQiear@GRHfQO5d1UgiicEx@ft9gJ$kta@W?1b~b^}%7Y+gy(1@F;E z4y>R=+25G&R95oqiV)@Hn`u(*>r&M1nOaHgd>W_|@FBq8$FCNyiu}~|9FOQZ&Og~4 z)q0LBw2vfcYL^Nz zsk+vj!@AZ)hth%^3aTQ!Xm2<(k>Bc~ng{D8jRyA*$sn;`uTZPnWhr#4)v0ti{hzln zFVyZF!!zNv`ad5Yp2L#{KCr3{+@A$Wa%sC=dUz{v!ucwV0?S_pRIhdve|l)OyL27p zm1+jDhU#^9K%pUa*KQNmZmz(y{Jp_4>pqy^(D(`yoXZL|6P(ky!jRMd8cybG892M1 zr>WUTct!seH=^0=0+i~tIF)UYtDIO20iTXQvcf$87&L0!0FNCqy~Oj@q1DbFa@0`{ zz~H%Z9Ku6CESPLgWrCJE{9n9&)a4t{ECyDQ@*%3^=P z93Pq5&&8!IIJ2bPCfRs#Iu%z)lUFMTobR+@g`|br-5DzwHwrOj$>tKmc7=vd{bm%) zE_%}E{1S8Sp-YS)-_znX_Y*%fnY?;v)cz=;SN`!e4B~t%VpEACmA5wNC`3M1prCu( zm>ho~k9mMms6Zy8H8w43m-X)GHO<%E*hBj){x;y%=5p!b*9fm(iQ&~L@$oPIipbM% znS8Bf??Rqg3WiWik{wszRSmTc1rkszb(Dr$bYnW%%ln&wS{sgsS`Q1<0!tqOJCKN4 z_h^U$um>2m&I77I|C)qP_r&pObr1NoDvnR(HLqdKFg|rs$xugUMm2mQ@zp8~pVm{B z@)ymqp^$110H4AS;g10)+6uZlB*rd}F#5AXr7%Fz6|5HTEHDyjKMWOzUOsAQC*f1R z7m2dQPgEM!2a6~N_N)?i9J6oapfS(=0a{_@99g*o&0lPbUC0naDvoc+wy_kn`tR>j zctNl)unDspuCnEi*`$IHr`ey8IC-uR$^%-mp<2m?QF-*|}(JB?-3buD8?yo~PTJyaTr zyxpDZR~Myf@?YH^KR^&vLB6P9;HILa3MeM}XQydu+2h|gK=PnYqk^zg9m7#SW1=Bp z%97+Uzd`G-zzZ5J~&jsm>%1YJPX(vCYW-K0HW zOcU%&wvb*2E$cdlb`^dP&=L(Igq%kxjkn}k!#T!W(DHG2d3Sx=HSg9~-hLu4i&`Kv zwe0+^nwDwiZr68zZGG!&R*o*ni!b2+TkE&S`@lrlcW0nP{cTnX_+hY^ zW=}q>6R%RQLjtBE`%yEaQcGPru&ZB#0u?6?S ziPajdv^6<)nyQ-}txQ&TsH0$vtSMTTnY3dFXL_uRE z$M!neom9f7zk*(;&U>t)ZaK*JU{~;Ynl@MPCEefwhjVgC9(XSGO zz8xxJ=#!ydU$KSkC&@GTrZ3H=h+7T@gmK;x_1ln6xX*lu+B5{Z{l&hQ7|Vbu@mwE8IM)z8 zB>Paqw?_Wv89^=J^+2u+$JDZ zwK?&6z;^Y`yyS@L|66&>e^Pne?SFzXP73bM`~VpCcd#e;h6Z*DcUjdQ~csV_VIZ&TO8^XKO<7JpUp|Reg1rQW%Czu>HZ=*=JHP9 z_vtW(n~t0Pd=AEcO@1rANu&J~i@C{PB0}ChUoOg#@emeT{ITAzL#pt*HZ}_?^YxJ&`Nz@y_(7*c}o%k z9?hZqE)Qtsy|Pa)FGDNO`-&D^$8O|T4fY^JvAY)gr<|^)HVNm)m=$rpe)9Vxk)oIt zu{h{W`MYLF7(0P#_HMfpt#vAOJwHs@_!?XY_ZY_<7vkS6vpVu#j>fG2F5adt{w24J5e9&n&tdgO z+Qs?4NEloN=tfCcSrvkKlbMw;MXHBYScx3Cz{b%;$@r+rae-Mq`x6X6fbXFsxfpW0 z0a*o8zbd-O7~rHV{`W{_&3>!Qo3f~fDm z+lhaHDaU5@w3{hx;CqBq6{xS=5MNRlChans4~k{UbbDZbY!=lbff}G%DWM8u(T8pM zO4NtNAe0N^OiZ#FlT7QRTz#wsCsk!R@lwUy77>B*<^9Z?&Owq>Q8(pMvGzed?hjq; z2}M;@d%0SQDyU9agw3pT%sMIiL7TdlZo3Hp(=doqtTdZC=}k14FP4VMf|rlf!@z*` zaGajpZ$Ijm%?1m`ZrfWDtD!`_9xQ}tt86r$?76=*mxOD!UfO%ShbJ>W1DnP8@SMc6 z_FSKD`2{A=Ahr(tJ@^WsJMy~XdAlT>V7{b=`7Ymbx5<-PH{Tf_DOxQFgWswS`zjhW z!sznk$_~DH+Dnb{VWoEg)vAPriK)xtsFhHnMH%zhC?E$CNjJmT&omCgI$b z*hf|UVEdQRnh#lM(;iE1SDz>H8-#%3=X9+WnDE%QPW55U{U~msd;IkQT)DdT>+Z~B zd$3pLJ+aC09j3Jd|GoujLre49K%pp#ZQ_@Z`tXe)B`ju=ZH8|q^{&xOEXjn+GnhM& zWBiWJw5Stl&lCbHjL%XKFE3~y-AZn4a(n~0LuNHs=?}E~2LBG3#WkwxueV2|ba^pl zoD18gJFr5XpsFmB12OZ01TP1e_G&o##6a{vecFhD@=4VtWOSznOS z=4pAtOmi_BbVs46hpxJCtktO+H%A!FK7&52HdOWsq#(J8o`@c(mmI%*y=-iVZ>A=cJ~FZNp6$CEjWWYVO=h@3 z9hODbec0EU?P7R&r?k_4hpDm`#^zYBqlfiA|B!F_HzvJZqD0b*~ zv>HgsRbLV*`3|UOV${=X=q~Mq>v{RNQiHbx?f9-7htXUy%WiDMO>IRA*dfpqaNiMN)d^`au3?2}KObr}w2Qaz zQUCfn8h1iGF+WIAm#W&-vr4;cdIWY*%AQRT*0L@~TPWanzIqL0q{6^AaXB$O-;WLO z${6^0G4Src=O%owsH-SA-SGW%wIj{&y@V`1VHyKbBY-Z@fC|+e8jvO#j?0%5;3vi4 zpX?c)Ksi$|YfKFO*6!d>(*AcOmooC}FNXGD|7+^j{`ZRiclN&@el}Ft|MvaS_P-k_ zE8GA6KH2{FWBQbA{~HaTg#9moy0ibSGDZ_<*OW&TRmFy5oDC<~(d2#SZiFBZyC@G) zQ+ZJePAK&z*7c#{&J<6cCh<+!9v3|JrD)hf!OyaEnSb>_PZp|Udv_ZTARY|>+~{Av z&((PZa^U`>;1Tk>iJ!Jm{W#;e<$>e)MPg~QW2K4lVFO61_Qm!b)7pHg)_owy6s|iK zH)+_QeMeHD6yqx|R;KFfRd-L~_)BD` z{aAsGBR^fVz!kXYI&h@^BWAWhlKt4{$sXFHnTh6gq_vA zf|4dOW^e`ZMnAE#hLVdCy%&*sVW~^Gw?Ks5%KFt_EIIt-YgL=Yjab5l6WR;kf96r=kYSYn-fXq}KgQWXJ#SL*rN7O_?t+uv-UawIcMV)aO)NzJc9P6lv3))hqE$Aqy zqbQCR*BgUcP)k82|L-}^y*D>osq^}N{_oEjn&jSRU(R!$bH3-C%Dw}(NcA5wc^J*{ z-#AolIrZesqGei zw-mO3hJoVjlH!QOrmTfqB!~%>qv%K#68!Rj;kxpU_M1QElQcc2wPJuhVawOT#zTq9 zs1IAnZ1X~>_%l;G1nBjJ9e)g-({Hq7bngMiUa;|e|_wSrj31Y2-f32 zcIpR7>3F;+QlB9(OPk~?bZs<8D?v(D6vb$j&VCi*&2a{iU*I8>rS=l z;S7RDNUj-9$u*}yngFnZv~EVRI_DS=kfYT(69|VOxrRutxnNw*1>XVvp|mBs zJ`u`F1{5#Cmx6|hVhV->j_+t?_AyGu1U+=nI1zGy_?i)V>>W@D-ERarBi2^jNkZCI zwy3obi&TEfxDR%)4DSvx;Guqk2QpO@yXcxS^8Hag`%D6d7^!O1UZ6WHL|`97?O?f~ zWaFp)V@rWR{=d9`Y6b}snY@4A9s1Mnp9kN={@Hm)kNaoOK+&4y{o^0{6Yn3PFJoX} zJ~;(Hl!L30N=%NA8=ZTop&yggE1kFu*+RfIJKjH696sBim}?42hCU5Bif|p#W^}UI zj0U#H9{Vtm*bJjn^t&SEy?_9y9jXOE0oK&QK&nY+`KbKR&#*q zI&+{1p$PtL)qgHu;an?~n>+gYBU9bp(vM^LN%52F zHWg4*nW9%)S+39*vsC|h6tg+_(JZxmyi45ufE9_oVQ9z2&5Y~!D^2Ap@x$mv zvoF5W8jp?6xhv5vr+(2v^8o+#h+r>tH6?ep%%I01Ek1<^lT?2zCp-^e*d0NzRMf%mq=R`10Ef}3gr09L9egw#!g$X)2Ghv#u*(CehPZxbA~?fsr^WH$p>;>_ke&j zt!-u`2N$d+$**jb_r5ES*%*9QJG1-CcsnYjm@ zAJ4rzjPZ2r)5lZTa}mal&AAc<5M=Bt-8YkAtd~{(O58Qbz`S!n2GG3;s^fl8go|Z$ z@VNOr*g0U@))TVT7W}0gsga4+(*PsW2+D-BPYQ452ZzdaCy!fj9DU6lk542y3Llwx zNL=HjbwegMv!#zzzO80oUyu;VyRo5P^gTRM9rSO$OMXfdTH6 zR{k!X0X_k3yWnhU_r5;hIj^0695MGYhSx8ZZw3P!J5*ZNZ)#s@b#pxt? zx#-`)IoqtgV)7k#>KrV~qfz}L)T>?CMKfyZ6RZ+bJvj@IGs>Hp;nn5KrU^^h4P^OQ z=Ip+BPPW;-+?ZWhr0ZW?hUGA;yGC-xK=>=gd1ODlBN0wIANxn&aLJ|vv!9< zNkVJsSiV4X0h{W!x%djX>N_MAE61q>_0Mw5=>l@Q6&e~F3t_g?^5`Hv1L{TpF<-xU z=u^f0qp1y}CavKcn%a#1hLUeI35Q16iEZ5X){nmGtly*`SDeiCO^LVwg1!nc-PARf*-fXdf>-*z1=&0{5@f)r=2;VSNwS3 z+azvC_YXyWc&I)K;o^B#n9c6i@^F8n&jptWurGUx!hDM;f(4j%Zm$QTt2U2|&Mfgh zpq@4#)NdwA^n=GyntbsDkLP>#lg8)Iln=c5*Fb5rZ+-I#zq#+r*_&?jm2NF<3Jhqc z=zB>4iPt~&e$x8urMy0uDvyjCy*-P(ezg|OAg}+x_y3=~zU3_;uiwFR`$x&^*Sw|6 z>mLuN%Ip96R=T|Yx1aSwULQoFjQ%<(ig|q8I0#fk`>Yd^j4`B15f_IMba8+-jUp<` zAf|_b(+W+BPT{q?EfGLZ49UXipIDuZiXt9dHJS@W4yk@1L6TLFtdoFl_PoFV-4Utr zUE6$RA4v5d;QOpd&P~3^;MRbOf9TbP6w?{!bv*cvPu2ayQuAJx8c2dIM=I@PDCi1( z&JGR%jur;|jAH9R3HS(Mv41hEGJCJ-Y2PVVo1 zgHchocqH$e)&sq+TEm$%iS-}?A0vf}MM#D1+U<3_;!(0s#J-BHPad=u?V;28Sjg&c z^GqvdlImfFNdkkjT{|A-o2W^>*p%}i5s%jgoy%t8T;~?H0^4b^*(u%y&Naz~F4g!8 z(8|6@lnkxZ`N?!7J)NppIxG7q&2>BbvVNO_Z2t=9D6XS`T_@qWuziPwFoM%3fdHXMKaiJaut< z@VMw97~}+A4oBkQzQ}C5U%^aDPYm)Yt)YKK_tM!$`2&%n<8f!zv^SnPgo9p90E6Mx zTD{!_ti)>WB*W>kp&7bAJ7B@OaW!{pA0d5g_bMI1CDmVz_KD?qDbESWO(%ra(X;W( zy8o2cfbxTH?|)(wxPI+yyf%yp3Fqf@)&Vq(aH) z%@ufq0gAqh!NcJ63I1$V>;NE83F4^ii_a|tImANnb_(?a^4+6L*^{lgv-*QgNN!T< z|LXe$RwdcvZIAwLMS0YaAr>c&nGL>~UxKXQRn@WJv=qilT35qr5`%@BSlSeQnXfs= zB`2K<9_;pI;;^6u+N2ratX49vopy^PbV9RN~ks5 z0*_3*fZIi!w3@rVl4~8N*E(#Atlq-4vNf1;^D=!WlDpOcf^{m?zJn-JbyQcTGmV@a zV*_r=0=`v0OFJL4@K?1LiSA_NuZF$eJO1j{$-+qIsg<3*;jg}krSMl->_c&g8I-9j zcm?QA@EF~*cRarqcX7H3k_QU#=5?o_l2B)8RP0#o)jtDY*xXSl*R}VtzGP9&XVQ1aC#8KCZ1hz4mdvTjV=AMdXqGu(U3$cg^GujvP8R&Cq@##!t zH9B|YwvBYV621y>%2ql<=i?Oi=?jU&%7cF(O)Ddw*q)cnc*(>U%Z=giK{;VWJMBI~ zHCaQQE&V;sl^$f7O^VUe3%7Dlrw2XB1h%}M5)M!d=Fe=^BF7$Bck1Cqrk zuJym8mQ*+mlo;Iuc55F#XitO+NW(WL+Z$W)U4OCWGw@5@$@rzE;}PP=Aeom)o^poz0dDe$^{eDEJpjH^*kRdM~z>f*aaMQJ+WLpO3n|a%>QV ztdBXwcEXVnE(gIy3kZS=;hYyOTUdy!6b{3s4gG}R_|2%xX4ZAylWY?)Usxi1AZ!&d zJdBuvG|MX@oVR%ifMVH1H1Acg9wN(mWc6ZKHU0dY1h zCJ5+rKX4;DEH)7oEVI>n8UFoB;D1FD#<(47z+?5-)VFyrG5h8;a4dO&t-3u#r*0=f z_7dxLV-K>Au%*~X{L-!+@^`k6AkNWkwU5A9H=$4MK*T_AT~&w?#`!=_r~?HUiW_7M z#bk3RZv9Xnia+ue4nSfkmq^7Jl41-=ang{WTG|lGtESDwms1U!iQpu*cff*+YR>z~ zmdEf#-Riv*IhWAMI$wM29x`{h(PV8Rh8N~JHL!u z*Qf;z+=GAVD#HPKKzAsk4a-(e@9aGcm)$hRzPooBMG?DpNrU(Dp7F!%SO3X@y4&0& zIDVlvi^ynQwYc(zN(_6C$(ijv0v*(iiw=(dNVIdbh^j>(mLdQG^fA* zqi1`Fl<}Fcn#M<8l)ba}_@!a*@gKJLxC~SDE33Un%7cU3Km4ku`ZBinSe#^0kv#Yv z+HublNPF?Y?L8JZcrQt{&q&0j(X`OL;?U@=y~jlv%ClNyd~)ZHv-h|h`0!uXR9``U zLh7nz8qSQ{Dfj&^OBg}WIX zPGB2blh{ma5+qQOP^CnHZrz&X==Z+NWKB|_Ta&aKhXyxBSj4PfO~YKfi3U|)j7HIx z_F1e+4rWhsNyqSm*prkPqoM8C#`sGon;k|RwY{+?>ECntM%iE{s*_6}+gp1Qo7JAg zrrVQ1p71W|1c@a#?Ma-vJ&8-$ljw7NFnf}*HPuD7;7GQ$CDBi4oM}MzGtGG`cF5R< zg-2oC*?8ThS(!PsJ3(<$jKr4SVz*_=b@2UMJr49^Jlb`XVP8^UWr_>5s@pC0B?ak* z316elzf9^@%{G(Lv1(jHwR9Lb0uwu9Ab}GDhP1;bvMh1QF zOrs6PeKb`Y+Ae%mg854!MRQVGb2|nwTNIR`XpRvDrDuDH^mr(5H`o*LP}15bswb(8 zegn}WJ==>cd&;yINgv_s?@sR1^JuqTSYm`JYq91=v$C0*{NWC3cMsOzOs#zVNs9@| z!R$@EKf>N5y(8DIG{-k%dS}vnIJLG_iTTKc?;(#P>_ZI6Z-W5BX4fWm(1A0%L_1o1 zsnm`XUzTcz@t4~OK&$17?*xg~?BY9#ptWxy50`6O**hrMxKHV)#U<4s-LKSWoQ0-e zDJy--?oTRqo4yakE)e*Et&ASPg?a)HK$)*^$XYm6B=KLbX9=P0dj#j`|3_|Mac87vN-hycs{FCWA#Q#;J5O zL*&?-VenjkAJMkyqpvfHzs>)7ENZi`-m#-kn70ueEfFU&y3IbL{`gXfZQ<{iyEOKZ?uat&ll z$mrP(fo1mcuc4&G_l$Z=TnP^nUxXS=)*=|Efx$sEWxx-3&`zsQ39Gy~C4WuzUR!90 zwUp#AC8EI2Ik??w|NVSQ^|a5+DV)+9gg0=8;{wi*GR^m6oLNOh=x{r-#6C@8z%s#uclJxbZuTv)j)XBWySoCTH z^=bsqzArKR)DlV-8k4+A5)=R73`~3#dYQUDHqRbzqeYp#5T1O+TnHsiy-6Fq4DA6+$mooU+P=eL*{r?usi+C-%W1y*n7jx?9N`xeGNQZ}SVpwvd0}#Kq7eGN z%oM@0|FY_{0c%qoZ=RUeGNGuzsWTLf@r%Yt^<8WwrHdF37|^2*20b<5E|5Edo5pT5 zHGK_Y;Z@_`sJ#L3P(>7ppNrdS=%>8~8?qtrZFxg=m+qh77Zp(P zDy>L(@m>l%F4faQQyq^?%HCu*8oW?-)J)3W;9HNO2A?}ATZ79}-;_73;RZKwdnv{{ zRWWK()&(Vn@5Ah3>h2)(Z<1R#aAZ`6?}fzL`S-KDc5dSj@3&&AaC#2L2BFfUq`6+fU%DBc4v~I6+!F4MpAQ%XE=YioTvy8H)^sz1S$6-`mM2 zmAsN5AW}V>z|o|882-nrgU<8kn9epKFB#+0qY3Nz(N@82VL#;mi4sxJyK`Sj2p5aU#@j?m?#B^w_y%5B_WhaPFjM(!sg^poBc~Oa7(z+U#*?gn6ij zCg@!YO{679PU&a6^uf5@Z4L%T>1}$0;aEN+F&wYx!@*gjH_aSwjg^x^4{LW-THLxx z6P{*2VQpbL2Q9GQwlHa3#96tZKyUJ#0-B_E^mgq%b-2yl)#{Ly2k3AOP5}-YSBrUo zYtJA>087or%W8z(jn(ZdlOHLz#ZhD2$CxKF_UXekE#>>T!`}hMiS=`@Wvi#I z!|vI;9Ul&FL>}l-UiZ{}SlG3(j~6&m?|^Nd@b2IyLbhNM4wsc_l#gezBz9y{ePweB zfdJz2ffWaW9BBrVbN8}AQke8$eihh{K2lyOnJ+-o3Sgc`1Yf4euYM9tdW!8y?LN}-jF3op^AQa0u(pRdh6qhsXSvi^8q9AEKO+QD{1B__a4!Yeew51a z)qP(mtt98=iTo6v`esPw1D~8GGf+;HQF#H*WLIBzkjJ;>~#T%}9FVHo6eW zEy5cl2vC9vl;FF~NN_|VL0^&J7&F1UNI+*#59f!F!cjDVnhjh|@EF0?i;*YJzCXsz zJ$<+tIKX}2aJd*T%?@yxo+PXZ(%O&?44_k4A21;DLhNgRvgHuj1yGN(Y_h9ghHHvBsU z;Yf;)nudR>)Gr_1JPDz^G!PVvr|OyuP)R$EvDo|B<8@p7_69H}1hO3Fw2nzSMC+jV ztV+`|P9^YWPF|1YCC*FMJV#r*<8kZxsTW)zyBy-NUk|1CTvpXG$6TMMWqgl>Hb znxZNj9|l(X>uL2)wqqth4VPo>-b4ft`n<`sM9u)GA%$U-aghvxLrzfEtyZ%_?52$>gC1d z%I9?-+V{R&_o2fdnKsbV_0K+jseGfS?vuj6fPdoc7+^!T`T*z-ll)RvPZUjAjHXbq zE}>mIzz&V6@aE_dJaSU`R?nD!`<2h-0b8W-6Wo=4K6SR!+!WXY6$QqIK*7F3b01v} z^dZUWy&d?(S-Frl2qAF`<+ANk{a>gwKnZ+pUZ=q$08I)=!2(d8<;Bo2JxH9tvY zPOIKV6R}HMXH4#c(V=&;G8`MWVfKJ11@S>WG!9bzcYL^!R1q3D>?xm{XHVO&27LO+uuGqADdFx;>Vj5l^C zVczEuhAA{fE~_XGd9YcEW5-*zjBO(Lu0+OA8`2eq4&!W!2rlwZvcyvI_!?whT?#_| zbsQ*eE7-0iLFV7lzvHw?xv!wXwYxf#$?Os$vmy>#o0nv!WQn$MESqul4W0n$OCvS_ zF0uGW=(&jF(Z>>Z|KB1Z?*4oJ#CQKn4A9;u(Gm7QgvJBM#lj~Fa4k?z(Z7fq*6TG$ z;XmMkLMntsb@BdE-JkJu{Ut>19_g0qI7s(}Z4^I~YGvVsE;nL>U$ucrXx+{OcvwU1 zGz%b=!1`9NOz1b|NI<^Un2@jEzMw*+n|Dt1szSLGD+aT{wn(CXSv zG+uOr)xH=v+|tmS=kaac9Fd69Re ziTR=?Y0p2e8?&Y1BMnATj5ImoUoX(D+nhmgqHH7FQuL5{O_Dx@c&qjQ@b=$Da z`fyV_L=|fvC9DS0-*;&3J-*+nt?luBlh$B)&+=S0=Nvdjtk%$pbqD%gJ4#=lomUT) zFKory{Oe!D+I+&k0+^aeu3C7UP5V1_e_fN1<7$m#hue_%noY3}lH|oDdVHxuY@Kty z2Wu!I>h%*N!e(XWe{69@aVnlbbrQ_v%U|Z;!EHD5%U9|9?d0mBcHgh)dwnZ^zlOetbCJHWu%&Sf zsvCpLpL9C`)@%3Gph~HJ7k{691bv5M*A{)BZsX%y8Vgz)2e&j1YiS(R5~+Qw1>*qm z+RdbzsonPl-K^@LpyZG9gO4~YAZ@(beWSPqck%c0`8x?+*(Fe8pO(hHEsgzJ8vD02 zI$IhCv@{NEY0PbDJffvBucfi5rSY(qMpsMY$d<;#TN;P7G>&L#9F1m^%cJ1H+I^?v zG8{ZPc1oj!hr=;c!IIj27oi`);@E`ReXpUm;Go)lTk#n>tTCsh(SdYFqR&BR?Y`(Z zJnh>!yrr?YrEx+_;~_1LLt7g2TN)2-X&lwkcw|fC*p|j|EsaO9zM11aSF9an#Ctyb z%%phF8SxHm=1uY%u$0Osg6%ZXP4glNmkCW6TERq;-4FxMT#HEKk5X#P1`t(B>8uZ&L+vfE-k-W!}%?S z+3nIw!eV0@>}tM`GWgXT&frsrK`(a;XHb75gw6XQW~QT4b&O6e+ppFT`{{X!&M3ns zp_#4N24ZzA&x=yTRXRl*hT#h?WUAwxQK=1#a|eBqhC;epL~2Mwh_P!&F+z2{uoIGl ztr*Gv`suNRhn=~qh0H_8!+oJ2BwNEVe6{fv196+0IDSOyuz!Y78;N9 zMDybSX9km^65a^xc11z#c(xy>bn;>ar!3F+sN8NGvM z5u|SrAk^CUbp*s#b3YxKWYIHti>%aAmrI*sBk3GR`ZwMK(@h@ED1O6i%9r10Z}4sv z#Zjb){aXLgDR{Z$cp^(v`y7(cmjdp~4Hu)&xn|dl{qm#Ym55Vy&v(`lc%gkbty=@6 zW(cjawa>^F&Xnz-_19F#$=H(4-pfQQ*2nWtLQ(1QQxcpz$M{_4S6b;Jt-Rt_FNK10 zIb=WNx#V1YKTfv)hmTcUm&ujgd@qz(BXfi&!UeZhKJJ*TLUs-yJ+tsvQDD;I&@AR{>KGmDn`6fK~weF*_J~b@1_1DKkcJ0#TOUlOP&t0C$Z%N?`h{xYJ=3Ph* z$i8SbB@T5&XW{Wwc2S4+kV%z*0xeA3d2rA37cHTVRL+d#;6^yNKrY*QO@HhzjKW60 zz4@wR@Zeex1*R+|(`n_q*fUuA#Sinf^ZZAQYv&bD@i<0uUwnw)oJVgsO!o=6F>s)+ zj~~jQ{<;03boI~JM-27PrJPr%-zn=uwvcUdi>Y3Rg>e`9tWmplA zVsU^kj)4;;$1-H6E7h|+0e34u9h9+SE%WVHc4|xh9L4bvMR`7DI~7SXV!g=VW3q}o zG|@K^!-#pFOnx`r$iUtgK^FY#t?Z;z`|1QS)g`vzC4TiHO1V=T*hNzvy4+3E{0XLc zrI_Y#d762C-88>fiTV9ppWl1*`8`|A?;LK1(LDh^UgC_g8UJMCu~@*eGv=};^ec-< zq9-S>iAb(*4Nu}fFgd!u_a7<7eTKeted2_&UkiM~a-fxol!=(_b}SR^%|?-z?BXCl zh9qdLwC;556g?L&NahJ7!}5{r5{x+#&j(-9Gzt z7fsb*?sBJTXx*bcy&-DYW8JMw@=v`OA(HFx6hloP9=mWnNJxR^tm`Rcx`p@RgNHY`k!@{V>Na4L|C z?!+1zLiM1q&}{Y=B&`c{G!QzK;#LMUHSi&%w9+$yPZukJ@5v3#J))aCu}(be$zJJ+ zqqJQIXuSK8Tnr^i^>^a2>Uc0e`#6?j9G9w&>ywjA1p9QGK91Va7{|In!)&c9^kJNx zT3)MwW$37fSRs1U3DKLdFzW}=xKc4tddB#NxY%=p~UjItSc-q8eJ^ zXhE)uZNUp#c-P}c15tAxAm`4Q@Dofstj7N7EbZWpG zT-^Q#bcRl=`CB@@%V^JhrGdq`jhO1tg|fPWCR$c+V>=lIvf?&=Vv5~atXu^V^3B{H z^%nN|)5gE7iFCm+X^HOOvJW?Hn7J-pviQd%z;`NgZ8JS%=^&w*SB)Q@ieI*9oo?as zSh6S}Z{22oZ7y=gKH>3;4+iwp|^)sNipYM&AzxGKlwAh>LcAmQ422FkRGv=sSIa#hW8wos-!8Rm`5<|ui zVD_k0uDr!i&T{2#UhjZEKvC3!tHryr^!Ur$zQW(8x&wWc1J{0xuegeAmg+~c+OtU> zz`kgLx%iGj+6&xPb8J94{n)!ZQ8BlS8oq#=N39ReNNR!SdA$jXS6S-!OONkJs^2F) z4uMTaKPsz=2VpKpGmZ^Rl;#8TvUf*d3`%%>o8SJf7r5iHjeenZ}Y=)7vGrGMh%xx;AjKk^q|{OpYcc=l%PWRN2J>#cU-^T6Y5^%P)rK}o?4 zT0)NZPQ*?$990i}IN$V^9ly^S%-!&iJ>PH(U7X@FI+FkE`}J7v+GT%E-h;Y49wQ1( zElITXoi`*jQULLMeAtt4{4|?RtVwWg!fdY}iKYE!Lf-Z|Iz=inou6K74-F-kO%t|W zHH6pCf<$yjSy@dX7A=UN()g2hfwhUbbb76F z8ZWqNf~%0n9Wpa7=1z@9XUN;C(e{@PAC4u^nRFk~0Xu#rOeci2lEh-ZNToA&oG2eK z7r%hH__M)W>PTK6P?xy^1fVAOeo&$p8s`aQ1rchZzpOo=Z1GFea2sn0On9R+AU$zj zVd#BX4fE>>xax{;Wt*?Pz$dIyr22{pF5 z5~`~y5vsufGElDD2=;-W5d890Kyr8~)^4H&nh zguTrL;8o}g0}3?RB4EiXUr8#zW&=-A@Mk)Di7GSEOE;4cDy`^DmGvagnVg1Rx(;V# zdMPHql#Ksao2-~DG*L{4m8(~RX*fxBTs0v3UEu^0x&9tMRL86V=`Mcs`@(u~651K@ zp*Hi{H99%*V3b))7Y1paLiYuT*M`?`4jtlC`};(EY4F%#)6_Wp}Ev)Sj{;!m;d=p*^j`Scv8E#xAU;qeehgW)qNS z+n0WOh)$8{(jL27wpY9AUk{E#&frLp zdE$hWw`*=H0D-Ntg^r1m(71F*Y$hR9pR|jP93EPRp^}vkjC8^PsC4s_b{&*)2%b92 z8x{fuM}VyxaD;m6yZkDO96?o?lzAXg=50j(k;MIsy?#ds*Vu_Tvq9f$H_^&XMn@zM zn7iR^eXtH21|9N#(JawcvvJ`IF-#uvv|UkbIbQ=VK3v;zxI(zL(LZ4$&E?!;isw#- z&GdvUsByBED+|8|fT{DEqy1&r3tuooXjl<3L{nvTHcnFScAtvV-0k$0wFgfiPkCpx zdPmcYk%W3G1dF9R^bwHi_hSP_CE?HvXdy<=#C`?=jem+Qbfg~#nSYAg8G_VxnhW1t zA*i8GFOa8H76>IDIVv(8OO3L(dPmyHx%7=fM9bp&xh@iC6dLLyG@cX#9Y%7$@}c&2 z*lvJPIvKNixFr<|9!YngPE5^LJw)ya;&yyPCkEhVl%c2UEZr z4$^pyuW{FLP+uFoXkRs zhI@%fME{5qOXC<@n?` zCM?Kt+8uNlVU++K1cCI!eUs0lbUaKKY6^~Eln-zP$zye9fkir>0NbqUsXPqjsG91L zHn8TpvpAsJ0v$Np8WxUDD=X8pp3A32P*XkH76KZK;v##Us`vW_?-3a=JeHo^awr=* z^pw80_@PK(g!cTv9z{Unep0i1A~x4;T%H9vG$b@p$N#YJ$Y}r$;retML;-Uc{Zr27 zTM;a63koPUF>wKSQ8E!kR6^)QAc&lyp`2ft&7h(e@W>TBPMrr?%8X)p!bWTYfg>6c z;sNIvLsH_J^s}!S*XN3@up*1j94?SWJ?KkcE;nSQs$+va`~I0k`)4=~Q`K>|J*%*^ zZvpntgL{Wsgr!UDz0!zYX=+4Iv}e|cLKq>W%%l;eJErOwoLaVDZ6M(XU$dVz6ruwH zLLs_&xhqQkl8Lf3{6GgxlbXBPmZ}_#D^yz`QcHFTzQ`RU@<9oV+>8VO2gE-@iPo;? zI9-@g;i#1>ea@&fPp|ZKRC)&$jjIqVT1#~UY~f5x>F39k`;}{4%8dn3ioPJZ0FZK;~}$v1PVT?nz&&*@A|?v|IcBOpCs>TRR!ePggQps%=#tj8upZzTQC_MZAm#u^Qo5tOA=KWma5L+uMc}QEF$Pm}q%gr@ zsF?bd+=owo$lg^l`Mijf!K&lM)MN?l!_mMGXsurlMXGyKQ<>O@8`Ixdj><-RtY3Xo zNMfhWiDlT}J%B6o0rn&parAwR7Agf4bu7A-v3c!=2V;XnL23#Ly&b>lDo3sJQd084 zlXH*N|6?ZowTP+sf)U9x%YyoUIlfQhM?$IsIRn9NLL$ZwLk=&#l^kjsv3ruk>QJ1Y zRQzI+*H|M@_IN)lR*kYncTb>rKk42yRR}HI2Yi6$F^Tj+0!8dD4ogT>&lXrFJ&;X+ zL)b8u8xpRn&baOuRCm}E(1J&^FCp^%9j*NhITI2Yhb8%6!OK5X2*Tm+$^VM(y)xmc zs8jb;q-jMcJd^+MxxA?AHwUj$-cTJY_8;4$UM!$GE=*2hWjVLvn9+XKX<<1h?eA$H z@v=>JH*NaApLlz^|NBY0|NC5v|NHFmn6BEHSUqMuCb4>sx+U6UP^PSS(1XWk%IJSp ztz|I_tpoNv6zEK>Pg;;9OoOTi?Sm7I-Y)!4KbDybb;J5|S7-)8L$qyXKbLk~08 za{RYhJ9Pgbbm+vGr9*wvJA|GnqEl>rB08lGO6n6oj7_147S!?No`uH?t=eL?nQ-(6 zJomX{sXNEsMr;OqwkB`_u_If-yRVfd5J$gT`=OgfG0+!#NR>+D3YQpYr-}(o?{TS) zGrsA01Qy}n&~n_g#$zQ1b}52o<^xSK(3d!>RygjhpUHvs-f-7*k6i1692zDYadT{ zqK{vEMtyu~cQ(fU(X{+zsHd+k(G$$kQr$(kWxfrM^6aU{497*{B<-DVeNDq27k7x)agtnHP7jakAPMM2=M>>-t3h%~-U}q_tLO zl&tL&oEBB_h+t{WmfPrN565-Eb@YL+GG0eTZfFmX*}cxbHb*FM%ay=4<=`UM+Jjd@ zLE@CB%qT8btGmlp?>C`iIcOlLF=S*@@*vY9{(H)4&d@M?!=ux5(@uGcryzI*)sW1; zHw#NL>4`Zdq1{wDMT8J#&M9VGj_9dNIGmVQ%ta*S-)v9hH`*nI72>6 z*d5*4latuM1B8_O1w=w$%m7PzmY8>2(&w&7b5OJW=2QnYqgUvpe#6RM$Zr;@fp368 z(mMB8qJN~xe=X@P?M%ITV?U+b&o*{#%n9WYXqL0~f5IrBG#cBi1Pho2BwrkCOsc?uZ;E%I`yyAF3-IFjQ70qqs!PQF@>Yju$mtbK8bNrPuNSF<&EmOJg8ajOD=7W zS(?FbSS5*Ocu+b82Cj8d_@-tu^A>WLNY#4nY$)hr!`8aUottMqJ9fo^u?U2h4*Wg3 z2_|0Yq`t9MMuQ(C*7%YhWPPIwfDk3mWKg6E4j19evE7Quq z`=I3)S;`-lUcSRxe&@}p-pL%?);+FU2IEuOYYf! zG20VX>gq`@VO5s>Ut%d*-_e=;TT@F0fOsi%V1xz(Moao1trjA5Yk;1C!b@V4Bhk2`>+8`*I>fZu13ti37qf6P`o`m={&(Y~ZBYB;VMlv$9lEhou^>>>i zxzsw6%LF93vvrz`_cL9FJk0FZ(MG@iyaH?nP>Ccu8<^hhTUKQ3cFPI9_TQbay3uG~U> z<@VS=+2~*8!PhGns5g-BGuXKlmx)B7gw>r-$H$h#OZFKdj;Oh3$!C zgPpdNP;DG~Gg7q%3==KWH&#Nr-L{e=DG?*GQp8fCcC92!0eo;P+Sq{`>t^M6{~NE6 zBm4k&ZuX7Kc`Kawy+L@GIE5Dr&g=;P);C3{j#fdK9+_Ou8tw6)3*~Ck$=#f$Q%l56+TV1&S7bUP`aT0k~@f9%md;P|k=kk$TxaMG+Y zWc&g0Tma-yq{>XXTWg}E5yxXUlGlewx8c>K=0zg3Ie;~Dx`;93zz@G2u=m{GH&tlFb_s7lcqy51@gV*M!w(Q2**DkfT0^w6(zjoM38 zoM;{4gt;g}1?}Z+49yl`Yk0^KFpJ9(85~#a6o65?P3527b8T}ycY7TdP(dhW-a0^l zGuUf2Z=HJ|Kcq)_p7z=G2Z=utp&h2rfwtgsVgSQpD7gl-KtR8H7k@{)w&(iviok1r zd0B?4z9ws;p5i$HR?BEfOSB*?EA2|iYGb>46TgZgD@{jgOGKd_)7NcaibdEgo^O2# z7}MS!$~^5hrmm)YHs1QCKlP4ejlq0<`}j=m0ZiQ^H0>AW)XMgDU^d+G4qs%N%clU+f7`8OE( z?xr1co&MG*-kx-Wk#`xrJqKqmIAt#oIUzdmWmbbmat{}&i_FwBDfMw#QjZd;yUZ4k zq||(KLmG85ysDtw)UxqEhG7Ulvl z>Q)_ZroOFPPo`_O;271hKJ}g2K#~k~)ho0(j?dI6?bfsC2;3+)e@>wu7PEd zSm?+r-KuP9{@hi%rF3Jn*1vRXWSF!0^HIQF`>C!Z>~&iWHG~TAC=FDjN2y`|QOzGZ zT!cTTFU6nV(f;!hGp-IN z9#Q-2&4fP>;ZVYl_iy33b6c5nx6ahkm~bV26)Suf(4&;H)$Pk^tzlNbm0f!D1>)*l zS((i4nQjy10WSeTZB+q9wj-FY8-;l%`!N?BN>HuBTvQb@c-BqqajVB?Z)L-5J31RY zmj&YLX$7rJDC{^^Xw*z+`RUUNV)WPB6CT9+f78X48gjGDZ6QR8tt+UNeTb>no0v5oK_Y+V zF*kjQr|2g#uZVqLgp ztU$L9tGkK-4@82ylN;Z2d02d&rMg?O?C}$<<5javwgr#jW!4`#d(p36Bw3ZUeE?bz zrL0EpLM|;#^V}c31x2>DID7wG+8tks6WB;?)u*>-h-W7tS|oJ~xY!iXW%1ljl$Nv> zvf77yA;})dcY%>QJ?Q>b~cBOq|juexaX`_hLR3~PfFS9 zJ<`s#QxrU!3O(3b6|ooHB3`-}8`ZnL!Fv>1F`nZE4tbO~QL*W~1stBQz`$cYNk4Qv z)^_c#%f5`q)`%Fg-mRQ+tDaJ-@6Tds?^Zo^qqZ2Sqr2IewjRH+%0=S+nXb@abdh=- z9Y!GN#H5$Lj`mTI+Ja~`yZ`NhUu|1@u=sp#ZTbZ)7NvP2CiUtc!w+B5bNOI|KRG|C z^!((~4_1EvgSMacxS&BsBzlh2M~EvjXh~k=+C0&k?Pv{9ypCh640$j3Ywg-A4$_|9 zw*_Ofc~Mep9;73x=lHUgRhO5v>PG*PIQ8Dw-n;vOw({2p8~@41rq;eYk9z||Koy1f z+5den;yWJIbNNQu7^?@8OTRz4^z8Go)jD2@efQ-O3a=|l@BMnDc#gtv)b8gzsZx3-=*~j`gQ_PR(ID_A7z7PTdBq|6k6Y~ z@JMToWMh;0Wli8D25?Qy z+KY!6YKSEKTslIVLR6BM*KTbGK-9v!bHy@_Zw?siQn{I&at?C~*Mi!N#k8&Orc;iZ zIb2qSr`qNZ`|2siaf;i7)MN#Tt7sAEkexIcF9;Y`Pl(SxOu!kjfq=i^$Q;{Ve~pn3USI{ZG%{)alA zX*XyPwjgiQ4#PhOhoR_@%eDp=u$PIQIbx@Fh=x+O9O0eRWun#X&Duw!j3BbK18P4_MDQzFd0%e+GzZ--rTT)Hqw-Qw^?R{HW&3XJvys$yZj=6^ z1&_Hc-w)$y?2bK=Z9lO=*P%S_Nduy7Ta+PSXhwURc2ZZ<46$b|Z>LFjyI1M-wlkUD zcD-fNTgoL^lf#m>GEWGmW0u|uIf?!y*}G8jN3hzC3?ZPh8r-hkMK#1*N#QUh)EW9% zhd8WC&u`YBOiIxI^Ys27B;Im(Gwy37S}MVIeXcTtqu!NzNl-eb_|HvFt(|*bn*ZF4 z`&AovOGc&d`y+&>Ue<2b^hUq>H$6vB`ffoVGQ~Xp^|wSY`F&xsS&vRL0!WZ>QQU*R zwa|)4B8oCp&zV9|veFYs+{j&C{UglLn6SHJ4%1xY0-J8L*H9%{y*HckhpcK!gdi))`{EhkWB!K09D2{jo^pl^|U=~h>cxn2x< z^|OTsp;vU8Ukg$GZcXBN-}6c`oZ}y#lXPzOM6ZZZrt|!3I@&|SQ_d$MT3-i02etZu z`}ZZb;|JO&IL~4qW#?ZixlMv^6!nBRcz^|C)4_h-KLkKNY8+2nuq zXzJv-&WtiXH0l6fX2u+k&d9afO#Ior3O7FJ)}bc+E3TzD?j7mIWQbktEq zdrxT4<~VieVstBMW%a5<;nw(J67X?QPPGat-e(T*C=w4c{%y7C(V^w8gE& zOlK01oI{ZVCizPg9{bEnPgAVP1ipucWvtxR)PzUmTng8??o+Q>B-eESrr7Nc0h{4* zK^~{mB3!Tnnl>cNWKm0mgMTI8j4jWGhXwrn5TiY0c(yS5cCKlBh%VP&$z6UJAI}{{ zU3MB>PNiSExn+XhXxcfbFDrh=ZEeZWlpyV=>y79ke!Sa^AOFcd6HAlEZ&?wb$rPN9 zU!DHpK?$=S3G%l+HUj)Ig`CPv|2mTB-`9f${Yw~R9!4uFafAXrN^41-FZOR`M*F@> zz8*{=7AUlxc^|P{;%)R0ypNhgQAnJjFF-~PXg5-&A7;mA7-6(TgNBPAmPTnm%+n9p zgYm<5%Nf})G_i)#mJbfOdk2|Nt2F*N*`vQc)tBfQFnd|f_fH_$$;e7fMF+Cuxl;Lw zA@h34PlUoo_yI9=hl*h{*g>wkd2S-yK#%yXw9(g#(QeX9u&i40>&L|i5N&x;fBG|; z{+vL6{PgES`g5I>S6@W_8R(PkSxiVX^nf`cz0dF(k#M|6W3 zFJMOm@=7Rr2#&gvb|&A0a$h~)g4r;_X%&Z#G9q0ShbDo01@HZO$fH{pDBJi;^cUdR zD593mG(6RwZ^p+e4sM}0ILjY=jaUgTAovmvi$W3F7uo;tx^PEYY&skz$E3dwh^Nq& zJFYrM=%8`%mlqKNkDZkA&Z9g~m6y{IR$eq;_Z@K>Wq`cVt+kz*z%M5IyOaAS`3P+k z?m*Y-K0^IUgj@@<6P?%mN_ajy2YemSuY1Wk;2D03zN$@?!vDfl&5TU^mKy^}Y!#N? zozEOARvn#wkDkU0FXU+rQ=ngaYxqI>-~~n4vZ~XdKR@8)+Lz!BJ?E7jUW#A55@K@% zZB;mdUwN9|Ao()gVWw!z6e(PVWPYWKWB_Q!U~4l*i)KjmKtxhWg`%WlQBsLslI{>y zDAvMm9-{eRIlH91r#VC|2IlEiNF4Lv{9jGkkdB>NV%^HhL?|&YayjLASbxQC9_zZ} zQvE`DfWw;Z_WamiwpXgVnS!*09}&JAAEtrP%CF`IlDAeM!Pq6F%H!`>m%2KA@qW^6 zd-_r1A+m{30IQ|WR(AnyefH&QkOBCw-b@$%OwTn)ydDjgN|7f8a(-PaT5AvdN?T8$(!QjHVi)AuPXTxgTBNo+x2* zvWpVQ%}Kdhs$Pjvdq;EQis%h@J$o`WynMHgeW5PVr>ADGy}W@qpNPmESiiW<3tHXk zjZr0379Or8dlSz0?2Wg~TCwPXKLf-W0AB3kt>wz)+m+DAPzNbhPhn(sKZTL0G)Klh zM<1E>6eEhGg}L2H!{b`GRm#Ikund#Bn%18@Wi_ovzsk!ZGzL9vV2D?Q)~fcWW};yt zr7GU2{6E<542C*0j>;d*aa>@W9I7 zi21RL`LT)lv5Wbk=CC{0wvFU;Nozivco<%V(IqIx*j|&7Hh@ihin+Z{a3pWYXBV-Ie7#R;}PU7Ax-c?t-XPJp;SY@xDY?9*2-o3ubIu;B^)RBxCdyv>f94~ z0^F_rhRbXrsxi)_6UPQXC*De2>al9hLb~V0j|arU*dU9srxoE>_5_r@n)gh*?g!T; z_AwoEt?UR1C;rooiFKNGuG8iMVk!@asl0_9lFQ@9Gcal#e;PB+n_KbD_bb(l&}XVt zaz#4%V>SCc&huia1h8bPN?N^3Xv}$_6z@{x0fQ7a86*Zu8;El5QzSx**|T1>a5a%* zZT$i|MZzVl35rbC8=V(k##F+GdrL$FJYPsdPJk3Q=!A@oL5rQHcquP~G*Z#=1U3Y< zTx^KWS^9?f4>z|}pwsC+>8^fGtx%q(ZH@-J4Wga*G>tySh1a+G^s;0s?Td`;LSxpT zackuWlX9V-1t*giYQpN0>QAB?nm_I9Yuf}+YTR3jCBK0x0NEumeQdtf|M2QcQ6IhW zs~Z}`CR!x+8hg(*2nO#pNEF5Pw; zca~?g?om!Fckqhebxp*LAp2`?n01^>UKuh|NDC0+dMgHgiBL5(4j3Wa|%#5 z4TzLC18bwdL5fsCh6LpziFBA~89GlDTJ(Y9aTzBI7KoFKACaIs&?E%az`HO-)Gs!o zhQzh8WZgfrct$g!y^LqEYm?a&ZMZzl7Q3J|{D63PKR>k7 z!$9&wlTg)DF(oO7`fD?gTvZ9-x|}bx%KFIbl|R7LU6do~A}O zJV0$u@_2j@|CLGQw}u}Q{aGV?NMkW=zuIm~ew?}VZ1H?kd@}QH)P{Zngj_EQ?M3|D z4DBaUDvms~e{F|RmGSr|Xn)HWBuD2RW-ej+p^b1Dqt$b5+2f_B_~aH_U4208J7|TU zrX3j^F7lH;`0W=G`rxdU^>X}r-nd_Q0f6DXfzCbHW9NEXpE#$rJ3l0EAlX(x@8=(L z!ia#Q!+ZoN#C-^si}h(xy)hv*=Zq_#yDwWudeMHYu*KKd|J(f7&$LKtHt>pptg&tb zO|&gI3Nyh|Zqc$uh;h)Cl+z>-5wSNsKtv>S)xAj43wodvd>*euTf_H>4f{KtI5cYC zeNRil`Z(L>vgp@(u8+?^NGT3Uo}}~lGQH#7m;W&Vxi;_}BWP~D__6kk46t!Q`6<>{ zPv!GkI7=gH^J5#)>-wd2TucMc3Vu)x4ZPOzgKBNy)n2oK>jag^yew6Y3~CNA{m^V( zS=UML$ES;{w?jp+D66-tJGdhvV( zE@Nh=AKHcAFu~&s&xx2DOC7=cV}JZ<_NyA9#j5@3v;S_(_U8QV`9cnQ@t03CS8gQA zT)C;gGE50lT!yJ-vbw+pHK_3U7RmX5Z{OsPgY-27ZdVqv2U>m~-VvO~YR%@40E9bX zojl6sd67mqR*Ru z4A*R`)y~MKRvT-ruebWOJ9pbs^lOJCtFnH6vQVZh?ZIA#U39S~=wm$wd!cE%k;y(q zr04kcm+301UZl6G@P=9P7+SntDO$Ysz-2>=m%Y6`s_;&lsw9dCfXaO z$q>^Dq0*o5*RJ*bJ;_2VN<7Nk$-cG<)~=!SD;%G{GLpU&=kCUrJ(BAL`}9$^J>`-s ze6csTJ;clSip=`_;>r1k{UdKIqt7 zs&78o^OOuHcT0PBV|k1TD4iZvE+-d|EcbKcT~hfz^%`g=NJO(#swYJozRd?g;yxY! z;32djm-Y3 z5y_dL_<8hc&aikDYMW&XIXtcISvE^5?aljXxonq}=_Se;P`FO#1w&J*&sY8GVKmWh zx0p(3V_1J$|5u*05})pV4Dz$^GRQ}LD%lB4E1=FdYlY>C_ab#>VOg^jzK-q`dc+^U z%BA?!@*<2)4KH*OR(*~%fymMVpW4r_x(igf(3-@j-caQ7t8cMIm4YY#}3A zss2UeEq&d$cehVzi$2>YZG9nc-AyiA(4o#47CVuqv;`A*uDf`#G;i}B>AZG&v}upD zuz8Ox9n)0TebaLsxp?|U^03V(;YzUxt%Jrg#UOVhS^>h|@$D#xR^%Vl+? z*^O7Ji;-t6lX^SP&sdC}Wv?dY^}yfqjWN;7Dc#JTpqt4qV8RwzxkoRYqS-v7>GE(K zVH8PbrTEG&?rgN01MDgr}eagplr!qj_gS6!D6Xj zjEv^0=xCr9p~h2x*FPxoaT2;&eAEv4g=VtW9q%fRnG=}QYx4k{=98pTbB zv#(#$c5TNZ3Mk#0be33mP`E7RxJ3h@uEy#*^a)ZR1TY$#&D9=q2Tx6fk4Ykow zGHM6f?sg@w*!Whx5L%|R9i}9`Cu&SQVxJ>;b0iKh3LqAq1YlNllw=`AOX>WP>S>iH z*P}JwL&r}*Nj6m3gcP94!NV?i>?#s+46P-$K z^Hg#d)0p_wg>=gJY@wgY>U5fYMzcJ#*}hqx(m-5>R97MHHZ}By45jUU^+FdB%OxJQ z(uFf%SVn&X9z}M6>J4KzkdzlxyU^b5QGW1Ck88f>FA4*ZMFpi@v7yHO4jAvU1Hxq_ z)F8(Zns~rIxj9-G97Zu`_sUbwCvMOuK!`T}BN-UqF4Kh&CO?f}847XE=RIJwKp5HrUrzUu0}DU)zin z`aJ@tmPx;`?G8f9|MHmGFzP;Pr2YmkrdWHeVG3h{^ecFQzjoIli4k*yb*u#Ir~|V& zrCp>H49b}9e`Rb}mY{6n&FGVB0 zGQ<{UsT+xHT3o~hN9m?dt5=_U2AxlYiV;Zg(=cuLjBkca36A)g2I;J5=-TJ z;@c>v(H-D{1Inggh2X?wDveBjr20}8ZqpW~50A>H9C;nL@o^E0@YoJ zQp?&yYniXY_t1lW^=cG!eSt?>x6Bua{L#9I1bap@MnNvj*7}v5`a1gV5BWB?v~I6l z3+@4znZ55*%%gR*w|wf|bVu+_VavME;b_=WpY9EH(?egz_4j@ikJT0Q*so08>Wi;wP@ZQusLhq>lR3ibXzk_7XDtDSe&f zUuD~*`g2$nn&S#!h`eMgP`AxllGOrq%O43z{_y_a@(z6@nyf zp@ELP*sJk_CQ={2=O4+pCCcZ*Im9jsH%necaz0-zr?BIHNX+hkXg#b0^9sl=PKVog zu!ZTOU%jEZo850k@1YRh%BMPgGFNd(U&VG!xg-7NrJr`t^6sHn+CZBXKvlfw5> z8uO@oI_ap3UXPb(FQ3!OCNqR^`jC>t>C_=5CGd|Q(j^b44JpMDNE%WCdS)BaWql7a zqzjNhzraY)or{YFxt#`Ql&M`Ggbd&r-j<;;1a%Sg??ZjiF9f>+EK|0dzaOPEH6sFH5Mgj!Ju4$Gc85`NrZ}9AIfR<%(8Lw>dMfU2YHqI(8$vYR9_*;Kv?BR z%h2|v1(~ivncKMk_rx5oWJ6c=C0<0$pY<)>Y{;KpmdjoPBN>_Hl*=X-guXP7KdJt9 z4iTBsiNE|Y-xduKKmkqhtIK{wQ?B5qJi~1O7HRKxxviNFvm|@iVUP&!j|aW7dJnfb zvcT>yyI~6$=66Cnw#^ePXIR}CW;ZU$g|gtEUy;?9p-fs$c4`-lgzAfk%(N_kHq18}1s>Lxp1`h>yU) z&UUGHFu1s`d1-tj#5gXmS}}~Swaq*8Jf+R$N)tADd1+I5X}hO6+8>X+3KA)^hk5PI zKI!pobmvZ{QQBeTwGl<3c&vt1V##ik>fR*E$~EI-zDtfgPZt{<<*L$mpUIn({D(r1 z-;+#<-lwqDktc=O_?>JvKIKj}Ee6gg1dQ-*?fKskv_rfjZ#Zh5NF7*;DcEYfiEoq@ zJ^vZF+J3|`i8^+1$?HyJiXekR{t3t(OsJ3@6}5Q@@IkF8)WfYusw*kZV*UO2y-I{| z1+k}2(pN!l+T6^<@evTBaUcO6?vTK5>h~WrzB|dre#4Ja@6}U<1f^aChiH!d9OrG8 z`)j!+SK|H}yi&irUPO1-O?-D<*f(*PPQJUoVBTE^H`6t6V*0t|?`u7`N?7pERzA@p zy7v>FK_yA$X)Y0t_^QefImUI%5%T!6M|*J(Lw(eMdxfV`Ps-qAG7MY7Hr_A)nf9P} z35#aQ>`8m)9oEdyuxXdSoMLw&9=DET&^Fmt7tq{^%5;8T`Gh)LEo6b%`sq!QE3e zlR}4+^1<33V( zop7+3&>W@QQ6i2@OGt*l4P&UyE(RcqB6`sNw@7~FNbWC=XDhE^_;{|2=J?2?kT$?+ zlkR_!T&GC-teJH0cqBcNlP2V%5r-2MYdffzel&8C+?Pbgdnw~#l<`H%7-igBf)Ym@ zuOWfA?U_O^;6>Sm@m zxlf+NZFut}!CIh9@{N*{k5mwpQMa4?nrLJ>;u z-;2`!`twBTDB0`MOFx`SCl6aFeQz0;USPKU#&IZ}r1)uQVHid!HZ5%_TrA31VV1EA{f&)CE@P2i##WTi+MXWu z<3?~XRibd_kqAkT}St2S`5(40VuYc5j?X7k&Nk2(j zfBN>-Rl7y7((T%uf%fG27^IK>HTSbf?*C%@&ExX_X#0TApxs=vfh9}9bH&cLtYx|3 z0U`iDQS)gU8z^qo|7tb=i~A)5_u?G&C7_7M7EKl{?xDf|i~C#W#b^sv zYW}T1*%)WRv;2?SD+YD?ruhGKP&4CmliDYmCt4>OC)$R;6f=lgW;Tr2(Z~GupJ@29 z;-~(n^v22-_6Kb|>z;g@&K>?_$I<`d{;Js^I9+J$fljgV7;HIo%tk_-SfBn+ci#Up z|4_4mWkoW_I=!ue(7KT`_(xpK;oakyKig;1=s%Hwf?_s>;Gy$Gf*i$O-eQ&K)J%st~<$J|NA59 z|AM~5(AeDH1F#t;#_wkBnze}={QukZwt5W@GBEPL#YNbb^8D9CqmjSI?Cnww)$qR# z*bE~)l7Un5gMX2hnsvt%U0ABUfTVPg`Lfti2zOga3c+FsmTFFA{g6YbBp}B%RR;TY zm4Q5bp->s@;J$xPq8MEWC}goGQTo^x_dyV@4|I{sZY3|ixxh7+re-R3`! zW8wS}s?zv)AewgcgnyH^b{jyRO-)96>frV%w>x2y>Y+5rN}vJFtW+HnA4;G4fCNv| zTigfis-xtgv}q202Q`jX`T(Ul=<`szoVEKNOvoE9t$3VLY)UIQXX(_|8cw)b9m#k( zqkh8v`U#!&?tLr}R`x}mCEKMN56Yn{FF{w4a~7NP37GR?(Xp+?{SE&Ano`h2+jRhv zqly7QpBiw&!Xc3DBi+wn#>>k*tvz^CvH_tc)qX8ZdK*>8hzHZd#tYayfc~&}Ut{LE z52k?+G~TC9C)j*7H(d&dfTlV&Cw{G7$+^1yIn|tk6uPamSq8mM4t|?C1Gab-vQ3}i zTlORrk!rWGccrggdt^l-inMFnomLbHXyN53Ewo04aj2`lLZ(mERr@obB;lo+)G4h9 z>{A^>=5~)Ww*hA`68jVd{U4x zPiS(!m<>oxuoWuhS^4qyd=-X-+^tqZ-n{`9Q#FT42sz_iNVx-7>WGBpdl-~b`GD=k zFQ?@s!-c@w@D2bB%K9egv4NsPn_N*SIVuan8}L3>8OBljwWBb0WdO6a6AM%O(7u%F z+Mvn{zlVP)m&-uNwVrW8&~yoYT};20(66%$0s)!Rm#2`-X`goUiTKbL#SWZ|V)vm~ zDtqH@{gq(Ge9}uaRBk-2d&P0Kmq>yh>c^t=4h|x(Kq(!ii1^)g^~3y267ji@=x>`y zgbhQDXj!(tH~%O8Q_>3e*Y)o9>Z)&SFl;0HD-YD6X@K@W=VVCkOKHGqh1q7h@DQhT=NJFAe-=p3 zK}uTAV{X&lI%u;UTxSoY^%Dbj*Z%`7%%{iguL`8?@jP$cZjdI9A4-|yqD=U)JeV!i zexq~+9&BO0V+CH7CI{#8vF;!ZS_@f264_>LAw@xe%IqBcDAw8<63KS4Hlz=S93l;0 zcBGGf3W^uLLRo=&jNC;>;WW%xO$>&dInG&gl$fEwoh2JMfDq@{&X;O?l41jj9%iDT zJC?^ub}PgE(I+k z8yO=czY?J6{0soyu8Ztd@6Af?_o3uYXefFoFWSsbO16-l*M*m(rx)l12+b}OaTW{d zZsMj)Rs}8Ykyyd2h)x>%-$(Ln?5AT+>zA-7e-tn3eOSBM1tr^Y@E6DJ&wa4XaINC% zkKlMUL3c|&&cx!tCrroLut(){H7-#Of)Kn>w;& zwLio>UVC=*+H9^9Ez9>eCk_|q)ZO0>f_}9Zlr~ystagjD!&PFpo$8IE`U^^PVMa1lwzA`T*x*gLeOa#_iE+wW*MHPVoMDQw$ zL4vPJznBdCxET_ zRZqO2eVYQGcA=U!iwbafkWkLwM00;Pn>(4BBf>&)<#dEeXvOhyznFHi6WYmaXeS%6 zU9Y?k+R2fkVUNlG2&)2QJ_>h%oP;8Lb93e`#Bjd2ADIs7(?E&~gKkfVv)b~jKq z9z9@$A~%2GZ8Au7XUbD6W-Ll7=E$J&Z%H`%(VCFkj;g=(c({>#5hz{!iL*W>vN?okQ3jU8t9ONSK0hPynWi4U($Z5%-06~ zkaC*CenV{Eg%zwJ8n=EOC1JM=RyE?kxis| zL6cyC@mqvv4CT$v5s?>*wHLslaIkSRo@}h^iH6%PdzJc>R(34iM1nqd?S{a;uIhQR z%|F$n_AtdNIJqdhnkO_5m-5N^w0`O}xPP~?t(kfa?%x~Bi<)bW(EVGQPm)X*nP2@K zf3&!x7%%bSbeC?1{S3DlSQGw}rAb*GZCbo>dzSnBd32v2j&|%uJLH7$<8uuEjzDwd ze4lbvcp$4kB$pm^=Sr`~R+S)m2f-UQ7<*BVeT$PtsGx>rRY- zz6p244mq?c)oLBGtk!8W+3~HTdaVcnj7y~dtfZjncbX`4rH(?8p>k*ervg%+pb&jt z!AknT8vE)Ry;3>sH+vbpB-yrdDP47|vFf%D-Qcl?znv@2tTGX0K4)})2KH_J4PbAK z<}t8S#_KNAPcY3q2Q{>LHQJ=+jX>S$<9(NzSN{%eGqyoe7IrpD9uP-Xq4(8RK2AQj@--cYOBt#TY<)B`TxyY*%QU-E8aHYTVJi&F}1zvNlr3O7kn<)MSNd0yotny=wr6rOnEALp5E^xQLmHkz5 z3p)fjAmXIc{r;R;dF&Fx^y?5is{|QeW@jf`@p33`g8;P0EO;a9<56V`t~Pq-fuKnq z1PKU@r(6-TR1W*~D`e$&>=tHU!9>9_Oin{1DBU{ifX%nzdjn)}pL3d%iNr{!K_veC zt&Ua{o}70Ip;Is7izs;>km_7<9mDo7Y^fc>{tj~JdU~@@yZVtRG;X+sQq9Th8Zyj3 zIe!OmhVxK6Tgrx^VO;-P%h>3iBQlqfG=ZI})}_s#fU&?yR3Y-Ca4Dxp!D2{tL$H_9g|L?$kELCHcys!s` zK(X|Ur7seJtXnyVGf$Q@Hc$XbxlkE0M;2Nl!r|u13J36FmbIFOql}~R(^m-BLZT({ zTMsoIdr2{$S~#XES%+{mxYjz3QA_*hAoQ1i2MEZe8S;5E(F>QrrY)Fxw;m{0xX(ii z&4Cj)OSL3S^{RH@kW|ZYVkr^wxNIr6ME5?;Hv=Yt#s3q_<&^6k5Xh7}8ssSV5DCSt zH(>_@va?KTC?S^_5(meiuRZqwL3WK8T(m%17@@#3F?@k$`#d@NwycOE9HSW0K=g|9 z3%yceW6>s1dh=qsSBn0mhLfdQ2e2c)OMO9y-UY$S7o3uFGY}4f(rA?H7h4TAIwG@ClZH}M!Fhq_`9Ll-z4BZr z(hnLIa~PO=4;=eOaB@n^g^`QM!Daa^bq+DP9Bj1n8p=d|5}Vq?qQHA*f!|VrvRE(AbaF3m zbsD`qNCi$8)1@x15G~wlw(uhqNRTh3j{C-58ZjvK)}aKVR=vw!zm(u)RrVz1-%MXeIZ;>U@Xgzn8*jD%B(-FMWg5Y9-RgSQXMIMX;TYnkfbh>f z->Z6X=>S2g2(F7^yLlyV&adP&nZ~dDUMT0 zdf90lr`CLf@%B~Q;_a&l=)=qyUYopXkvBBg=@DYt0#9g?(-*oupA2Nws)9&Q^xsl3 zEJIpRF^pp@oX)Ba2#IJ}LavNXkF?xp^KYj+`KctQQ7f~f6yJ`RmrmWmRSKLCIfFAi z8ZNIAT}v;qTuT?;MuA~S_|%5WQieRdB0Dh4(6_c>Ju>~5Gg|Q0i|@RW(WC>6vAfH^ zIZPU>_;`I(dOSL7qY4wi`qwfYZ_?|Kmd5{N*p7O1p3-~`k5zv^eV9Pz&v2e_4rw|& zBkaxVBlw3u#ow0x*!qmZMu0CUW<^}EAE|2ze3=v($^gL`6iH4n5r#IS*a8y&t$CIv zKF`#f*s0sU8DNrXD@9-6L*^B5LP4mnWW(zpRB8~r!4eY-Mumh_gS<+IuXMzaz^Rd3 zZ|U&BN&G>{q{5$hR0%>1?3~L5ATY~ZQ5W(eIYbZ`QkO9d+h)*KbY6kzI6f$5NPp`x(WO?ns-e|5=f zrnj_9s;y)C07yW$zkqSKR_Odnqd(KD4D%|(J;4z}Y=JDFGGYkkfTb*3Vb|RbPi%2t z3@LDlO&_+zCog8ii)zykJom*my$rbMFqsK8*cEqQM&UxsAnG0>*0j~lshaeb$y4nQ zu%zM32lPN)&;u=7j&=P|+kYKSJFi$Ru~L>*%A{LMYX#pjaJ^I~0~klJq_IN!NBsaN z>Af938oU*Hp&QB;qH}YsZt!&9bHhC(;X-*^}&NP8`a~Wmnq3ukJ;N{rb za%p9u7YiCF@v0f#;m{@E%AM^UUX~p=9e+9Tmy@y{U7IftAD18KQxc5~<>+a&q@)01 z6|GmG10Z#oJ=z|Jvb5gH4Tbu0;mT3K)9eoG#@(S~opAh3i*>ogB)Ts}uS1Ce7<`C{ z?Zz&HgiqXyl_9}QY%z_(j(bo_UrfhD`a3j%*A%+F9piDn%}Y^dqNPrGe4Q7l&KL~h zse?R-3l15Bc;`z#3v@tPX3W4sjk`pRZx0$Z{=hYUXnc4mHcG0iF1A5)8>}jf-OUPt zfvUT2z5CMoNkdcHtQ_O>@!7|q|4XZ@hS~xr*H5}6bwm1{Qy@SeeX(!7JBJWvFdR5lt*y>V_8|&wMU}rUvx4D!;nwa-08(l*9iMjySg2VHHtvx?t(Y zC~zF{%Bv~3k&yX=u0RLiqg!`cBP3ZpA>4K-8tpb;ZuQ(@pxJ%-+&;Bj-~guhNSuZu6=q_>^20y=3S`0)6D*ynNiU$avGOG`WI1GF`#L_JBkm zdxM?)&Z{)b3s0h0xd9)jV5d-}?AIRthQtXFmc!6Poz&?k&A4WmQqqBcR5!am@KZh; zG$B+u%3^ce@Om3%17j>XbPYT4wKwI(L1Mn1m_&3R%K6KF-ouw4F!u1r8tB2r+@qPG zcP{lDt8*93A5cfdLvW4HYH98(oS(M3>L{fpp|HUiJ(k|0k-&}3`XgrF7gry;h<=u| zti370vXNpO`vtJs`V)+LPj~qtZ=Yg2W`4*&e75($%nx~s-hwqhBuztPgDp%_Yz#8x znteIG5vCxUV5EA|EI?p&FehGD3g#e`-&&coY&cA zx@$cX=wz@y$IQP?`L0ES4sGwR%`Dg5=f@UZk*Qm@)&-j}15C-|7Xl&w^)wF;EVL5O zlV&-%F^hQTam9gs!H(X+uIxY`6m)uE@Wkpx&VNeO#%awhzW*2I+|uSB)uCloWfRE$ zsaK_Zr%dW}LYE@(Z?H*b?}e`?5yDZb=^Mrw*rLT_OUcf?ScnB8CTFAnB<@hp2h7Ph zwXwK%^6%hEPDJH5zS1wv&RqW_bTM-}%g~{4NAZWI$?9)eg$}N3?o{dio>R-EtsSmI z@4~3i=}{;>S#17O-F2S@&a?b>N%!~Q3Z9x)BDS7ji_=x}T{MdBccPI4F6p)PkU2TL zP+J$_s?(%tv%yBYpm2|t5AJX&>t(1X{wgF>4%yx!2U|**w&lx3t*}||aIGXBSvMg+ zZwEnPba7l}_G0bb*@UIE8rAJ70mM<>UgT1=-Zi=@nZJNb4U}t|_zmvK;)tOGCOi-2 z7stO#AOBxp~2<}JwsIo|r%j0vlB;Vgao|7Y-QvaGHFu$m@b*>?lUEhpH2r*5w!sXcn5 z)uw1q@E1wk1*=@3;bH{_Ne>`7;28OeuWK9YXD4 zt&p#!#@#cgd8W2vt)Be^S(}8$1w^Z9Ol%t!y#w-y0pislPF$w%EJSl zfgO4h)l~4dv=ker!x;! zF_5(lN)HaKj6yU%z1w`wI^M!OpY!;xaD+!)U|U7m>qN@7 z!yj>fQf(eHd;mF_VUtX6yBrE=xY^}f;}uQn;y727)DxW0q%N4pLctxS3NuggmVO)f zOeEoh8Ow*-(y_2edef`ku6as7oi*0e^abP&+l57n92)vDH7P*mRd&Emh7utv7>|hZ z85rzUZs#bX)TEg?EdL|i-zcV>PuYzTbjUT|QtyE~F}Iviap~wz6?607EVt^p>&ht7 z7TTOnYCXPt>DoPx`48T)8Fyp?oCT3Zx-^2A_SAME=wR?y2drlj&ISEd0xQvI9Im9H;>LlO{7a0lOGt3Dv*i#rjQkiI$?;H3`Xe;QYHw3 zCpu&OFEC>pwp_b*)yJ@fX#_!_A#uu%eDepl7jpM!!)NH1+SweMvOWwE;kMmvc>Vkr zw3FTK6z)oBtSI>>x`i~De;Zvxj`&4v)4O-m-+Qp<+p*{G7%6UmR{r1E7W%GWfaYs^ zfsbZx5VpTDB?l8|0p{TTU#^aV7;aQP;Wk~Si<$sQYHHSrm}_wToSP=aga+%pYA+8I z#iswG((Gy4Q{YnP7Pv~A1Dnc=wkn4=hl}3!ud4_R8sJqn3$TAcHwaID;BDpMA;ltm zytHsA9V(5yQ-aY9Y4o8PKT-|_zc^abSgyR|R$4%hU@&vETw1Zqr{3uttKRlGuGe=t z$11mdZwoeNxI*{Y@$vi6-Sqf8xr{5=k`Y{&QQ8{#XW79PyZ`i2p`o<(4!Z2ku()g{ z^^ix+YWAwvf>Y1h?^8bXH0><#_4<(X1wLu{_>rl!|4(%*J#z5Fv z;OVtd)Cqi`mJcZ=a_}nob}CJyLVaz~4KN8MQ7JlXbm3R+)A*>2DG2|XE*6y3Twi!6 zFE%?9Tt8%}7mWTeFRW?h<#z3YtAxf#&v#CF(U1I#5RDCQ9WQ<^YRc5yIB~$051D4< zNFPSuCUV+z-TXd86{v0PnXSw+aDI3;U~#M}y#TbxCT}KTiLjxS)ssX>$R-bfP)^pr zdQ3?2>h-XdjqpKh((kk7uz@NEjt+H|HU-WoSK7Jm4#28OkMxMWcy{C}GoE#EyiC)rfCtHe3=gC ziJw{ETug8Vu)Rad0OvPG2snF(4AY+dinOziKkB6|`R7B97j}x5aUc-1Vf;DP0uto)2CsJ~gvJi@mbQte0hOLdG% zY}>0g(A|tZLYP;jz~XG)MrJB=onbaPhGw^Z75*q`RC9WYCi)wm{u||}LcMuHi%1jb z2|Yo0j24K3l4Ue3&Nh;FAMr;XrHi=7;S{M~Y3cMt`;qNFOsJ?wiEN|jVAJl#xFb3E zNoSQ!dp>Az)Z=2uA02SNhz!F0_Z=K+m#aDVU6D92rG^FutDGLh}EI__TES8|R8xfnZ<_@==SH&3B_*Yi$!y2T2}7k7j>u5lkZA1UhV<@^$`vl zmC=KC2sDTI%QRCLmmMmr)o)7T_fq(q)DdEsIS(0o-kwJoirw&+un@dhU3HG(ze3gC zjwDt~?_U%GJ)?M>dlIW8*sECY&t>sDh(J#}h@7vLt+Il9ZHX^5ugq{rt}F|j=c-=2 zp2qDjHN0>osctn{1k|jj<}6ne2>5h0!fY_iM#VrY_7KrlSIYu=VfTcD&`V)t@Fa`C z)DV5p=2r=;Kpv}r9j*!L91T z<2BzcOua^ni3f?RA&rtel2_ZkU6Aen(Ui`@0xB zzW_VmDLHeLj|ZVpZsj!m9n$}vgYF+$z$8@%TVjksAo4LS)k)JeE2`BuW5inA9@RbZcvt6ALIQG;C| zTu*Bcd@saP5J=I*tV1j_>G|!j%mB6hfFv&JR8n3BY!F2`JoZl^o|#6$pYfc7jVDM2 zw6dW97z$XWEUg!zf;mS7CnccO8xT z6yl`)Z*`APT*^eL-!n?h+OU^uM;`Yn-}#EZ@HBme{0~s+TXS}8m{1s5ip2KB46QV zH;C3MTJP`}=qHlnlf~r6#tC4dO*$1ylx;8Wu0GQ_ST3`)mCTo&I@GiZj5T3LCp6rx zyxcfZrfHL2qZSBfOwP;{a2;!Y!8Lr6b0TwwZ4yX--%7(w)%x*_Pkn{4NL?xx_!H0r z*?(S=eqtMM%uwH+tP32m3u_BOZRr8XWsg@sa!h!?-=ZsGyWQVZ2rJ9Bgn6&hYxBMBa4jme6o_-;Oaq^hdR-*H8<# zKwkaQSCZRcddRYxaoQhtkmYZRLdVqa=}P)IKNJIDm(OlVlA%b`D0ANqyNGQMf+ z0QNg&<+?d?X!IP+wwPh-n6d(ll@c5#e!cuI!G;H<15GgQ3>yJIQBet6;3wn~D%Zl9 z`>!{IjaVZ7+>l7Cc49%_K}BXA2f(0CRvE&&p}R_eGt7;Fv)uKP7;Y5C3$LG#?q4G3=zHicCCVxRl&<>dXw96Bz86a6EJtA7ltyc` z14EGKg({b%g1u9!3d-wY9;H@}5B-b7aA<2XEsk+r53 zS6%KGmd$EqQqns+j7^%MhPa(La0p4;@h4yHz|fI7ZKF0KM3;|wPPWY;`(OP&3*C)H zumr->hZH5cU};8%E?BygEwDwL17Dfsbax0@fe%~TUBID9C@Z{DMHZ1XatvT9jb)iR zfIi!CD+pFCv-!uO%t{Izgm#uueS$ZGD#|f;zzI*Iu|sH&ruRc0rA@}!gUTHM;}YZ2 z`nT=ieJNNyP@qBSBD3^R&c~av`ESjtk?n2K4r#^J&PX}CMrj3CUP5sTfK*Z)SyM-b z>FwcF8sC2^IAH)o@ni`Gzwi%NmA6{?u?vwE)I4QiF9_O$%f5VAkig?*DAiS9#gTfo>acX!SJwJjjtEd*KlK!{azxytFF48v&Z|2 z={nIL3QmZ$xA^QRhg2l%_KizzBqG^H) zVyO)-r6>V+#DQsXy7}HAxH6~q?O#$0R#W@itc*WZieup!8elWk81u;xbeD7%(G7BN z2S^`XwVlyxA)o?ngjCS=4?26wrG}}+Qr&e9ZjTx;qH@TgNgeKzz3lW)dzkk<9RunO zkaJd)c|#t%ue8ZU!gQNY8r|kO^g(4PtCuI*=v69YiovE(ynr295YG3OR(N|8x$da< zQKXwiL>fc{j{A!JQj7b1q6ztw{|N`5ur4L`9{@cMr=qVQ+8$fu0!u`aJtXQfRuk7; zkU~@0d>)j|OpWuYpTWY8A6-%V`T99~PceBeaxyR8FGOSc99pr6`0B;A8>G6q*c4uM zma|-)m#?X(oj|8S2dQ!ChQHqpx_iUm6KpO@@pPC%9D0;S?dyl_Hgyp(c2KVm&|5=e zOPYt;v)cp9!jywIxsxK3v?$W9DpNpnAbvAHbgcDpQ>S`w!PPKjTZbJ3DHKVpCgX1tS5q;4#W^Y(@8 zq{R4Fw;!-ERww)z^RSh3THF`eTih3t!AgT>dxPOM(W_QYA-kHUJ*88n`~g#9fLnU4(QR*XHB?W9nYuK)C%Cg|u7+queO7LHeR(#BK;?9(hBY$8 z?TbD~b&}Ne=}0D^fOA?%i`<=(a{*sWib&ff{w#DqE#(SkELhbjh*qO^!#kX0kwUYz zqX<+W?nXi|P5~DSn9ge@tBd$S62~9gO=R~ELB~eQIIzP5_|k8#CzyqOKuVp^n&`n_ z4XkarB+nY(qzFBUAQ34u9UGOw^@*wYFawhBbz%mMG-s5sar4ABo!Ks=v*)mp1&Puo z6p$PZY@8vK^{vz;vX`$Q@kGsfBAbcfT@75$JRgMS$s>HI;~2_+Q4!bnz-2 z>T_v(;A=>HebM~dpT6EiG!0+x7he~fUk|Rt*DEPbU@Mz{u(^k>LcVJ~zv>j4wXWEX z$!ny-G}oS}o)mv5=Km4XsrU-2tIo5*5GcXeXZC4KRzo@Oy~QIt_?9uUo4IL|6!eRc zf%8EIxR$OQIsW*=v6yD(+hABpGkE3qbmh^pBeB7>AL8xNlG^VU`7SA;(>_hZ$2Wcf z&vVnj6O=HNQ}-sr^Dl22@a+4~bnqks&9(kxc%~xd=19KX$RinKj%5CdxRE5Bz1@!H zxYzdrV}0LS`hT##V#Gq+m?OlEzLnZtFB9{tQ-Z`6Q~F26V*0r+tOtEy>N4OUMin?C zsfFYhL{J@@ENa5z9sfahf!%baVJyW>KB;+uuC+KyBRf<3cUfZe#Zh#VR3x^U!k$pO?Ph(>dcRqdhr0@4I4HsHO-r3g63PgyORUD@^F%CCo8=>56ras17XO8#p~8yLEUCvDkE5CAGs?3rG?+ucqIR6!$S%=L?x`E zls1SDJhx`mdhH$2j_SG6nf~>W5%KyUir5H#<#M{q7q!h8D%)Xq1ncU9foCGpV&Q@h zX~LQQpG7iCHn9J_;Wo(jf6Czq><}FXn(5fuuf54+CeA-9-n7;OQ%nVRxu#)bUOQE# zIGVqAlSP5A6V^BVX}v>^Z|IZcZqnl|V4Mz3`74AHjpB{IKVohOzD`l-HWW&Xg%D?N zl^ApamM-r@u?n;+k?Nmh>fq=&@d9CUPwdV97fiGBJeDd^{*4!2pxFxJUS0|o>zwmy zf2#fmR9{6V#1A{(~BERRi`kd zpk}m@+?)36=TGd;epUp9I8n$3L}-W!o!V&hp5oqW&;ty2{|Ojwf9i~d3K{xvFOZy$ z-EYA3CfC+l=A3c&?K5;|11d`X_WX=@I-pnDkl&bawF{rRl^ic4=Xr;^%VkzM$*wcA^DPpj1aHOKH5TzFH=Uyu-Pm;o@|zzqfg zYA;fdGqu1u23ybS9FUvettCp7_bff6^7iHDXm643n;g#sVS!B5jml*NzpkiL{4%Z= zo%;1++q1w$-Vno%;U83NX~0j>)AN6spPEsQY^+m^`Y#URjg+;~~`vOTiy<;>WK{w_xJE*`7Tq<(+?oIave zAh0@}6(gEse7RA4sirR%(U-~m#Y(UA@ml1I*f0AtX}{zK_G8#N%QB$e3wCB21G!5K zL^TJ}%jj;g__Cb7u;=zye@mi}kQs{HPS+191bOQL5d`t}xe$)@kcZ>tj6P(tTC<)? zakkvzIO}ikA5H6TFIs?Uw9NL%`1BL>8#DM8&IRQ|=ENC;Por1Ug(E`VII4hVCTdSS zYYfy_zq9o9Th_y0${2Hv1!HVm#IhCxKA-TCwq@~ho^34WjLS;4L_X9%%^9sP=!V#G zX1&g^I_q^~(bn-0D7^n`BJKqqtIwq`&l+Fq*9!QqHJ0-+bJ!OC)t>0j44KNo=1dpB z>gh$}DG=EHIbJf08~5L8Q`5*OAT3EKAmEeB(kh~F2b;6~7awfS2%JtnbGBgI+>ixzsDEfl91P|A1_(9|-AvA8#xmYNLF(|^+S@@!2?_Lv(h-@R-vK|_|wPGAu3NU?CDuCPb z%FNh6trcXZO;6zo(OMxkK`R>=(ti|O2M4MiYp0dfcUOucY?OemTNjY^pkB{3%;hk- zHf0ednNgk~S#iq(asjiM!69_JSepOzXUu>tDdVjf9;98CQ1c_M5Pq~G{z8(zVOmz4 zMQR7cy5h*gKFqh$4#Z0OT=la2B}7t)NR6_35neB+JsRE14i zTk2NRlZL&5ycz5=e)ZaMqs?+cvvaa&K?G)Sv9_=HNTo z?uR7juKlWp}TQr*x?v}i4LA5hHSmbz_J z-K&JPH~r{JX>}>@CVzX$&roGYE&kF$e<^jJ;h`)ce=SUoMuy4J1TZ`gEzL+0%)fsW{)aSYDMY;=JJxAzcN!_D9ChpNRlb=vPSoK%+hO&MP3V79p zY~uracImNFya*3RDecIM1ci0diiNcL(mx*)tNbfkWv_ZQR+(+ahuZ6To$Hs-GJBP} z#AW{Dov~#OKn3Y0)dg^{ zRbLlg0!s*G%au?g@2RCCJgwM)N@%fwCgCxV;%PjlDr?qf3hx6G1`YIAx$??CxTQ6e z)Cv&K$D^h0JzkJ0@5zXY}j2ZnuG_&G)xY6F02{4aKu=$j(x z@*V?!17?X=j{e3uT}Ok_UA{tsT#ziqhf(ahhVD{p_@!DmOu&TOcGeL^F*a^14^13d zOpa8?lpg6FwkDBk%+7H6NZ{9YfnOieFV!)mM_LcA#|Hs$=YMwsdN}Gx=fU+^;ukr% zl20|Mt^~tX9qW<`w6cqr&;dnzN{cA2r|S4^e7XL(#LZ{BGWBPyU25fDV&1FyO?1BC zTzRVlbEfh6@^e;J1&>6f+IQ$hw7Fb$Tt$t0^~T3y5FTZ*P-=-<$`YazMpG)oT}V0^ z=p^i9F>JrdPy`F)03l+AAh)6zrHBUL&oTjJn}D)iK-t)5TIW~L-m)cBjFQ%^fXb)4 zy+SpyS19-|_KFy7ofvIsju<-;H|&*q(hDnVo);#OMAgJzp}bPGNuJ`C{`@p~@9|M% z7e@`6xEaV9Vj^N7r=Sl@X!c}wL>M~wLxv5}5sHckI8Y&M5+*6Rl@x{=7sI+~8CJGP z*j<4o0+b4LC<*r+;vM3}*)Uj1iKbu%uU|dLrj30HQqJ+XTKr`d>#Qt^oE*WG!m(MX zv9+4{i=(ysy>3dew{!L*kcrVv8AMl^XgImGyujiJk*YN3& zTX}L0NG2hss}lXt)>jIV!w-qiR=tJ>YYU|4LL7fuoL#(fRm*@IP`pq)kx>@Ll_N!}BZI)x=NA()&%jQ3q=pnW9)gH^n zCr&WA&F;URevJOM9%FyLc)1AFO$&QQnD(b3-+tMy?dv2SN0*By+>c@Deb12TF^S|R zS)J=t9cLdsKP~5QDRBeS)nesB;8c;tS)zFXgya zQr($+RqFwfdbXEMT_?2Z?7ZrDDyf#qN023y>Ub!rK#Y%&)oS7W-Ibw-<^}WWQXN+( z)lsYIbY<+AqB_n=`mP6Jd;eOX@<`Ruqq_!9R~@^*OVhyTZaNv=jo^P0i%7X*uu1$00Z ze^(bCoW{wGKg9-%oERrjXwx1XAImUBYSM)E1k^&`b`LdEAYsH?6e8X-o7}6J1!exr zmYor}m}SMw?1AuV60AVV+adH1L*_ue(p)B_s_$E3F=m^w7@zx_knjG@5bnJ!fJSAb z1s3@p{hs2C`>mGc%h3+&ce8^2yV&?0J_XvMMERPsQ8Xi$$@b0KkE(1ju~(Y-kHMxw zZO2hqB#F3f6A5kf=(3(E(Q*0g_~BZqTQzhFjmp!Hlinb8{KkoT^j5B|>o#KX*o^WC z&1#isFZqYydYLmILEmwb_SDb%>$S9+hs-}udf50gbv_}E9!jC{IH>O!fn~s! zDosB0sji$3Y>Ny8ze1+Dp)85~Jfk4uE!h+U*FS*$P}Lp`jP2y#5yYBBHd_O%o-6_^ z8j-#9^g!P(5-7!4gbaQtmfwf%H-=*zYG4~5oFYF^w3S}^zXItv%6;yIncq>ZA9cF3 zyL>@uBEA~D(!Kg<%nU;5@-K15g;7zF>Ki5%G5ZG)Xih)f!GS_lm>b@Sdre%kxz=XKQM1wbd=;tm%N%z# z9V8<^Ga>0ei_@h8@hXLFhtmK{Uv2$m0EMz)S=e-&KaFb*~)m_*J+S3X46<3x=U>e|rtLxyP^KBO(o zvPw#syK%(c=qe~KZ2v04L7C!w#0c4#gN-}ROxm>frb+-y;bZeTQ1U7NU<*>soQU>8 zxe@xeOqjsL1)a^-!XpyXW3vI>q;N+)036Dxd78<sk!UG#N>4FH)8;Z0$mf*z7Gi-nJ38H(z_D(6mR1#}C8qif?eR3OS-} zJVIzjf$k}dN|(2&Q7&zob*-#U#^)}W*m;T?y`_z_&Va00E;`~ZZJsfJ;;4oC9`Q7F zWE$Bycl{FlRM9%z&pe_2ZJtnH^4rfOSC#kZi!#}1q}@Emcm_VakLiYWJk7IyVveU> z9}jlJ2XfJ2Z)wvE7$}{@i9_vMJ?un!*cg@192IRWuN~*a2jsotwL>l2kwwG1th?c* zKCe_V@7&_Q%uAaZI125#x3t|Sjc&$heF}{b+H)U=b?lryP_~oKo-R=yWlN+_Nu#@D zOUV{K@+fYw4+^NhO>~}likiL3gl!^xu#SJ?z}tock3;kJZBKL9Neh0)T#vqYT8#s5 zE#m~8paJw#NvG>+arTtJXg*)J>E~;QdA@>|Aapm**N&vEdTICPYvEGfSe~WE#(Jqf zPh=?WC%#-{epyl<7hlYJ-tsxCMKXyeD?Q}DK!-zDH>dr(#%SI&8M;u;Z=MqIKc6z= ze{!Gc?PvA=u{>;#cu3z-%tv;|A9U#a0YF!^P4EY2-=Cg8NRdk%!{;2JLkYpWss}8f zuXM9V8ok9+wArg{@fK|)Q zI4&198FWwTluN&*H8d^W=~A!`FL5W}kR(|thni;@>f6RpTQH8B#W<>dV~pdOIvU5~ z6#Y{=n+aXo&I2)%{lxfTiMhLn(^6CN0D~cQ+#An;8|D{$9#1!fd4ie+udoGX!cLte zVICY-KGi9VdtAa9-77U^Q%t#@zPb%_dq-}-W6pRYXzCas=e174C(01#RYrkAk3ydr z9F8^E6~%6)cs-*i8H!f{u~dllC5!Coyl!i8=4z|v^WJA~V@F@SVUMU*H)koutMKpm zRhtk`fr#bZPlZChmD-CzeG8{PKQU1p(cy!ZvoKly0sUwAd}}nstY)E|%;0du#7v#T zs7nT=2G^0N9k>ctL6f<1XqQ}UF)vML|EYyAmN*k6^ZcVAhN|N|Exkas1eV;BRmaO( zT4Czxn2xsk6N@mlF1|318IcuSRv#CE(pK>=WjXzdWU!ff+$ktX+Z2M>l(_qvuT64h z@On@dY{lK7I`X?2JO}=K)@B6$-1|kc;8UN(kI{wp&BvrRZcQwutBu*Q4#ZW>`Lift z31q20F48HJ`|NTNBLYWzGbMr6#8WR-b}pa^B)%b4<_fgW!JeTk-ja zirx`nSQMG!Jywc8CxOj?TverPh9a5+T`ULLEwyn(+vZ zq`~~>7mQUon&5(Z{mwWO9zzkLg1AVo7l`-9Z(@iyn2(U051(YjTP6_i9zg-q$=40P zE6lsBz&r=i%j08_@>%5Ap^eyYJ%wWOGi!O(aoT6;fd*8H$=g%budX^>IR18N{{n7X z%>@nqXqrKQEarjCIfGqR9lzg|9;F#^4)Q4H>`IHypC1M~SARh0eC@6@M5onFp1>$k zoLIuER?|$`J&LS47@?Ia%@Z7k@0SI7dxlTXmTK3tO~mh551~{w>i%Yn=r@Ju`JN&^ z>YfpocCu$tWA$1#(4=%)QtfGMnUTo$U(A|9-F~+2LN*U!z9W1FmlvbPFk)SIBzFCs zrR&vSan~JjUH4Ae_2vv~*8?qG_p=|X%cGVquTIq^CyP$%a!y>A4ojCJ$g^-ISJ{-+ zD?HDAxNVE%x@{f>_pL>&EhB!DOX&&fDOFgmzYmsy;u^j34UNd%v5L2SW;W#=)0`xK zTKzxj<~!=9lDesB5rlA`_7cQ8k(>V)tskYjo%?L;HX82?!33C?jsuiBHsfwq=81>ZQG0(<(e6Y(S}CQ{g^!8mXz7!e8B%Cz|u zhTQn7R&{#GA~UmMTtXNqh(t#;$sOB=QFe@3wqfqE?Wd<$GuH_f99Ht|1O08B#LpzeY3pZMc8lNgm^=?bjgkl4|$yaNd_g58|}` zae>aDjwz7pC@dz>N@JZ{$k%|?_b8p()0<32OEVa)s2${cVT8HG1`rzv!pQ}tFHtP~ zKY;^$ldO~OuGMlV&>86;AJ2eP*g&AtHh(GUg;?$m-58LmQ|`4&*rkQ5g$>cBXM~9k z&w4$Pnuj5FimVp=2R41^RsjRu63pbVKi}2g7A_K`r{)PJFn28mfgy)7txMoc%JXWv zeqL$GnRGRZ|GB5XEwZOO`z{{V!Jjf$a2)5`^f;53PVK3ZxHC9OUOHVrug!5`xwP3I zgHnH)m_MXGo+9a~58n1F>sb2)i6ypZsYluB4b8~6V8at^9$(ev3Efyo{vI1*XwZcs z<56Ux2p3k!@f5bXAZi+d+mK=JQlc~kcVyz&yd0!mzP0bqV3if!A+3;|ku3ZxRUbZ6 zs+%disx+LPm&AMl16W+EaOmff0~n2-slOHWgTj!3~(O&!nf>0%})JW)1J)W z&H`_*W?~>b&}!9mM5DIqcz({MG`W;!SJNJ+t7d2P5z1lsj;Cpt(^CT`!ftZ~cUb|o9a ztrYt|G`2uT@T?s`@Ea(mWw43zm4E#Oe&31T%g+iwMUOMXOXx8qyoesBgcs7|jBqtQ zoZ-3j=og+rkHO))>Cq>A8$GhZlju>%jW6#T9!rm2VLH#2pB#44BR_lvJu@1;jhcsD(Igg>Rn z3E^$@=pEinkL>V9dYl$sM~{N=YxFoN{0cqJ3BO2>6T^R{$AIwD^cWO=k{+jqe@>6H z!zw)nhHE)$Drt<_T5TERO-m+B=N0o4q1)T%b2+7$>p#%v#BVd>1p?* zmd7XOFVV>gZJ;p)(283#mnuZ!w*q3aL+p?@ z^gzBhG}kzPDnU-x+62XsLpLzR`PCZ~2w^MHl5;JTCs(TbD@wAi#-|+hD*Fw?Z#^GN zRj0MIzb63t(P#b1E3#ABHpCv1GY+oHkXAHGD>gu`&=_&x;Ld(iTCr|KhS2?#OQYL- zp#{~kBp8FX(@F^m0w=(nI;rK zrBH;CjD?d7flO{tU&|(UtC}cHPptr|H>vT0Xr%C-5_ zg~DA7xW$nY$fgo^3zyQRUGZkFP1)?dvnlw=DWg42+Ql_Ts9ki_;>Q20G?MQf+TpR| z+Pek2unD_1>XqD0-cTi2#ELRcuqv_ z%}G$2u^KT6>dIdvhx%u;k|Z={B4Mr$sPKz-=}ImA1?lWaUIO-E^v}RP%%n}R>JE!r zy#=1Slvamf+TNww(e%;|tze@QH&K#(QNFvYDVF2BX%IAh%SRgdhE+OYE7ejl4LA9# z^i>i0oqSSx(R8?Or|{*r3H#NU;n5jK5YVk@%jt?pK2o3?Dj|7=AP)??_g*P_(A z7TN`O($oiV{PgAD5c5}A){uq6JsJS(fEz^o+Vl(Y+WfWNSesL)as;N9P5rI$FxWm^ zVD?HYX17@flCOvK#s9#GX4W2rt6*)8e*Pk4Gb7D@Ub$Vzfdv2lu6Uknx(KKRU8k>1 z4j##yc@d|LT`;EyEujVH%e8WKVK1Qw1oq4rNx6_oTR!y(3D2%^xS#{<^22YO1?Tx5|Y2x{>S?oO%Wz z_r#K@yJR~qoH8-+CjEMyqhP3$hWV6EU(q&c!3-F4`jih~Z{eWk#)SHUFmz=|!Hg{W z@U>UHccNF>?JfF5ntwZ{?JNCST6i=5m^mEfde6Mn7rM1KUc#DaHeBis1w_BfA%RU}-^sIttww75Q4TJZhHY zQN2<&aM)YA&;KKe`VIrIO11oo4iAjSWE!KifZW5qp&;|_XW@O>rQE%y|(gN}|_k>2<<4Pt>O z6#GJ11MqvLPaQG<)^t0FO)g}|eS zuk`y_xXHEPGW_Z6zxb4|!ka)@Q9x0_D@RshP z@kxswC)PGIP^P0?tUldiR3GkdC5@ip+0rkXrJpzXlqR1v>R&DhNb$eN>5_8C(my?M zaukrUF4+y19+85h&}uzdNzr6HrQgh09==G7&}<*0j%4Y*(on+vxPaxp55yi{0Fy={ z1TzbWHUuuhp3iWt2WF1+ zM4LU}qJ5?9fpFx)#5%hDs9Ao7WG(Mgnn6{3p&m>0rS&cZy5O^8Tb`Azwh;O-LfCCvc z0-QD-P~!*Ih2J?6jlQ0tQ&^5}{CcMGOT{n#V?G5vRwqo1nNEYeXql7tMs>?sY)o}R zL8>F=lbc0g<-`x9-M@BzQmEsx^W#Dt6CDP1nn>veaSM8qzLH!%{}xykOcGge`X;y1 ztJ_xYHd@&-8LbQuvInyO4&9$}b?kus+GDq&$k(={A|tuTe(fvz{;vL=PmEB`-|-Da zKEh-5`E(Wxq|v@)DTJ@@a|56UJGJMijm5D(=mem44%Bcv-uZ@@n#LQs%hJdLR6^N7 z1KoWqzExVjP2g|b!5DN9xfm_}LA1EB#%Qs6vaYFHD896rU#3ou_eV(=Z*~F%*1l;L zoBF*!*6s5XJg|=|Ua)D14WqjW1==4{wv}LyPm=R8NLiwCX}c68S%!!HXkmahikySQ z`F2FkWB%Qz^p*<2lVWR(f_0sDNU={Dlkb5QU9ho$s@AGZWhh~{qf+ggTRGgD+cEQ# z%Fv)(kA0&DTgRi$gcR04q!{~dbhcE)tvNGX`nJo&|JOK)m+=4G^(x^c%tlRloNxG; z4k-vt2ZSp#uvvRZ&PuAqRWm%%bslBEuXI~rt4G<$*-hvIJ(+mV)z!R6yQ+;mAx$@@ ziKjV^Z@oD#EGN4WXsv%F&Xyva5Vh;cF8euvEU=bH7;iLYO#!v{JEnmVN?*TeJCL#zbJfxDdRj%J?|mp5wO2^dxcc?fibm1KQ^{>C7H#;pfpzTE zGT#$AIZm2H@mPXgnNsa2cvb@C%uduD82q~-D#r+J{%dl)!ugypM*&@{c zQM=as8zXorlza;3C&&)uu$G<_;p@Oz>tgwB+Efm1Bpg3D^{mB^^l$y+4N3QaqZhUo z6nPwGC(kz0t5fe?<@c4v=A4kIn*V+B27^5~EQrQ33spVqCf}SPG=dJx6 z75Ta;N&)&7#pCxI?!YD0bF*y}v)ysYYKtp+Kr&pIe^!BHJF> znbtpjTZCdEdz{g{(U3S9a$a(K zg^@H+Ak-rg!?6=$I7SY#%X{llT+-V&SS82g&UqC#Cn6}DD?qx5Z0%OPwFDE0WcUY5 zGyO0n!8{vQALk3h3kq*8Ud~|?fR8Ap3 zN(hC^bc%5*@;+e@Lzjd)H^mV zm2_%H^N@^t7z`^OZ(&3y{$!jH96%Gn0SxiLrZJ4xdTv<%Ne0ZR6%m-}OBOcqZ_XU< z<=rz0jn16T_J!qROx=syVl`4^sYBF83AsS7I<64JST(__6Yb>yGan_aWWV z9+2afHa1LN);uiZ;^WSbZaCTt6z~|H!STuCk3HUyJWc!V3X9R&@#af60}CXs+NMwR zYr=m9zb4CS8vv?l;+6KNXgNXtmb$$}yr^knycm+AJ=)LY5fAOAe*ncQ0=BJ|O>_wt zU%fY)O1{SQj;P!tZHZJaKbgwysjyNxOa1)nd9o!2$at-B|DI@Mj1j0LA%@8_XeRNd zW8m6C{#H?D65ulJm-fV=O-vrz*tnrt?susOn?@v;`O0BXt6H+27_8K08!@i|STWAa zxA{Q=pqv&dK`IIj?`uv8VgxLryPlpBzjN#RHObyR2@!18 zp+d9rT|ee$1g8T@?J!jT|z8zYvWq*G5& z(xL4yPYAu#?fqFC90XrYoAxPR?kyol7I6M)E;5meyb*{PXUmiX0%Y9uW}tsc`5m`q z^R?kdQ)(IHaF9X)OdkD4P7$&?;%?;mJdV`&aV_pXK65XS*SL=lGqAMSGN2u!6W7=x zW_wU4rD0ktkGU1%=z7DAE(-!*)Xg5wtabI_jKJNQEuXj42e?KY?T~fxc zBG4zU%AYBXjuX3{47iw?RQhou(LUn=d!wOy9_aQO7Tz&>)KFNF|@>NRm(7 z2O-vR$tQ+c#@Hp5MUCcdd@%(+m`!Vj;vw%XrVtG44{+6Yf%< z@b@P;tE)huMST8Q=FcS-QH~FA4`e7yn^Z(-5vJOBmbyD2eWyqVM3o=N)_VMtT}C21 z#NeJ_Lm#~ZZYtKnO=5@z$>PldE&9H}ge6|(#Bu+r@jX;eHw^8oh~RK**0x!%a`l$0 zTy@e-g z*XSL~XujGH1bHD9{}VqR-U5U`fjK(3IgLf#V~oZ0VzGfD1I2GQ8B3qA;cr6)tFwZ>^{mM2;x=Q$spV+MA|_`dBIlW9jgd-q*P?j%4iPZ< zSnGj>02+TvRK710q<|UG9CbN`i&Ir zm8IMvAHUQ64q1cm)?OB;Z$D-Is^hAUJsx5qiFU6>GKMy*JbV08Q}G&S+d4-N*+*_3Qz~jw^W&u;U8JGWdcl z0@JZ0jc62qg5-BgUFSgaN}7#7W1Jr=%SNe{D?os*l4W zt~plw$7mr*e-qE&<8)alG&mel#bGi?f_wU;hgXKN{jk#e`Mx}dgZ#0@BSROHg z%S$cHKGe#d@xqU2yy2kRJ|ew;bBsS{eh97=q&77>ia|jzxm>% z?4AOyLHqWJ6KpLD^#Cd@@rARRf-4D?Z2mJ;$KMjai9@Met)^^mkpbG{r;GH7oDMgG zSubgH8*I~?cIK9sG%IaQnzN*>q`hfR&ywcyP*!iH(<8kEn-r~}Ty4Ke?TnG@K5;(UIT54l`~D_L_@f=!6UKZ~=G#BzaA zwp~juum`hkuu~^fXy4P?6K_x;eTvNHe!BW_M&Kvb)J}&eoyh;g+_%6tQD*HYrGX;F zNu|{)C`GEag4il*D+moV?F162muhuI@dAQZgaknZ+HI@Mj#1ndb-nDm-?zH#x@!Ga zq2gs*ifsXf0$vKsh&$)^N z(MNqhgM^Es#5%OH<=d21 zc~VY!k(2`rZqBTkQtm839%i&jx#bOLvu?Ju9MiUZAX?+BSu291l96gYqj?(iIC%gy zDIZY&yC*P(Gc%+4@6I!T)dUw;n%((8*g0_v0)GB>?Yl|oHc!jFbb(Pt!3Q!^_}#$? zgxl|m+gUL5G6XUBKu)UZ_ABCc9#oV4#O(s7>GmVyb`dZQ$$IYMszy28RKhPxl%cy& zcGK4i(*EGzZ0Q>;xeBOmFU)l9Q)Gat4WZOU_lavoT?1ylAL#cguQN)qOYL0t(wFuCd#y&In`ZN}!4vW!%#b}e#u9=5AW}=QV&h{g+ z^Ldpuy!I`ejjzA>O1;s)G9+Jo?8YEi3}1?4v+Vx=}o`b!$0e3ZThFCEc8O2&`%H;(~fm=B+zwobziL)`&i0XN8O}ed0#EKyf=u&A7Pb6?8W8~nqDUcQ`>g@Ll zU2n^J@)OX$hyIEyO_$X{dZmHq^a{yQ7P@ew`qn1)lWqJJpKqUCZ#X%$jZKt4vM2tD zMsXqwAgAnMK0vCaoQj0$VNU-}0Th$(gW(Xz(jJz0FJhzZhlCFuA<{9B!<`NpU3iK> zkqXEtWXz23vlu4Yrai}vKH9)!AHqR{u#4A;qxe@VAR zAM$UeJ9wS`!TJ37d8x*QVTIRmr-F{g%VJc1)n!cOXHRD@xi;Y?*Iv-WpEw#nfV!OX zmss9k*7r8f3>A+Tf$K5hF3fuIt=kM#y;^JW(i@_pbm$Jtzh41!U5>d{`|f2}lKj^|m++KRIq$Dq58=V}n>a~+2;BqyO6tp;2~Ii$^^ zq>1FYKKc{ve9RROQGa0``*V798fv>Sea-jM54(9b0;Re>%zv(|UNaNZ!ZzT>J<0C; z115SoMfIM`f$m0rc$jT{-ok@{uVOO?wut{3ks2$9`;;^9*`dh8>lgG(V}LDHh|~{7=WWNWazd z45Ro!yGh^)J@-(WC11zTRhHkTqr;k$7dtePalR`9d*Px_9~y1*r~`CN;obQS(wb>0 zH5&uV)oH2fGN((~;%fXd&6U4J>23@;^Sg`l_q!Uu9w094PRs9BHaCU`6f560e&x*H zT%7-1{*Gd0VXAVC6GzCPSj{tw?cWvK50WJ!V{=i4P3cm05h;isU)sl~X4uBsMf3hD z(tWNV$=C7I6)_rl{Wj=bfr|>-5e3apj5B1{D3Lz%YS-G@J04hIQ zX$DlDz?~a|&RGvuZL+AjgKOT^7d|Xrrkoy?DJMj8!@Tv_&&&-|Gb##h#1xz|S@;W1 zHbli|##rKI{-^TC9ILk)gGrV{uxPM4A!Z6EM4)=@;gdL@&u53^>P>c~u`%SR-ff2z z^pev*W_7YuvlegF>VE!RBHUOL3n*onn?psf^2<}bEs0A9wo{y1TJsxHSIG9p$Zq_8 zNxYq_h3A$VEUk=Am#?Pim)gTm9*)$2l_nJ<@X6TD!0KW?sJaxXW*;uEwo5fPQwOqi zO(Z6!dN<{oKNBWW^ygf*DK<6`rR}CX=CXZz_|3TYyLO|rVuC1G#3`u5PewZf27{Ps zbc#ZhIJJp?JRAv+FP7Gz%KVL9R&g`tuARewQ!y3AGO5@&%hPn(j?3r@MScVkXmJaF zPNh5=zzHSmwGaQm#!8#Eo&j`K8)$W~Nx-J;uRfF{)jr1zE%z`-^F6}*&Su_swuJl6 zrlsWyXCA%6;NU-A#Jetk0(KoGa?;Kotvi%l?&3Rlxr}V>8OEJq6Zp;!x9cG!akALc8e7nv( z()cQ@wLSP#pY#8lGmq52EUmw_#{PZv@4_SYuYRbdw)!8BF#opRkBFY_$5V-Lw&jR` zXi~NJG3x=55<4JPvTEZ%V?XKP_3}VU{gx#N{vKTO&o<6ZkJLz@ThQc}Eg>n%y@co( z(KD^;p`)f{pkmY~FwW!AT@$@tt-tDYh-lh_zX!$L2=0Jvty$5GetKM7MiT^~wjwR* zjVMaIZM5RaP?D^S{v>j_cpMYB$Hy6mwCxO?z~Q7X?+QQK1D|)K1u?Ycz3IynF3^;b zCS>Hwp5?U=cgw1;we$x>aMp>urSzddAx|qH#T+D)r{$KC9A0FoHX)@RCT{vJN>^kL+!@s; z<@!j9X^_FGlGb1XN3N39>1-u{I13#+<7Hrcz~14b$QC_{=%%kr2l{+8Vqb(EpmI=U z+H|LsHUOJ~`mYDMUf}DIFS5WFpD*%#xi0>88#QD=4Lr zZ@8^@{6LBy>cu%kSn?fo#$IfCf2h9IV74e$b2qEMks`3{A<5(W|U< z(kcx+o_D{_6FN9}Vq*S$o_0~+_2FH5EyGgVS<%`O_-oBG4UxA_Y-s5iS~QzdAN?nm z_Ne8HdGTxY!YPU5i#qGuo}+u+WQy|xhsL-4M5fShiKYJs?>4FSEj}qaMc8{KgbkLd zje%4^9Xo>}k5EUI@~jAiK6h4(k#y>B?y2Yter6JV5ylLY9M`Dzm&dtN<}VFgqz7fh zc(5^l`VDW)Ec3?9O1Lqzw8oPKKTX5qy;*cF@4)NMHF)Dsv-G_=Tim&i?wm$<-V%4% z3`_`qq7sgonUraX4kfV2oRff~ZY@4H7Dk`-qM$UqbV1q`A^;g*4`$p>MJa;*E5j4W zj|O$gGH;PAeTz7?{lkuiKjY_rF@KSzsj*h#^cnFveoib}W2g9AwIo+^P@Js?nw(NC z8GRuRdQ>?DFEtBc#{!vAT|;E|AMfE##^|7q1|>M6v$~j%jc3ZlVNuXp*o6 zE0b`2xG`Q)2O8w20{jJCNM_K=PPuv`T5PA?DnTh0*cO5U+h|UziBLyXr$?QZ=@}=d zKn{gndfYJqU^ZoZnF3fVzB%#D890`+*p8c&Db@Tp>hJ}Zp*zD@a{EK|_G?BP?XR`z z?eG4^(mqeZar#-Sk!B|0ut_n2qgV`Ciw+s|gWCgsQ;e5vifAuzR)VpLM#!DJ78+LSpdne10uv<{QNP1xOkp9&2#$ z_2Q-)z4;K`CRQgotMNj-{u+56d898iaS}+ z+D4$M^4q)=TB#vJwr@hAG!L4~-zGP%&+_KC>JREq$yMJ* zPW@(cmdB2|e5@ds!qa*|$`gj>(P`>j8_h6gmaT8#=&&r%9uAZXw*e5POu?x* zNhA#bL!3-8{ba=nv^hWo4zhwl-;X1LzqG)JB95EEe<`MuhyuaE7L?~DTgyvWhxOWl zrAGX;vU+ms6NhYV!y!! zd6v;;61OS5AvrlZ%R?eL`l!|Y1K?3e9!_3uhrOb9yE!BJ?t~f9e=k~Cf0jW}p3dxP zPZjMA{Ml3X`e?5F|Fn=3@QK#q!L>3e3fl&Bcn$#bk3ahq+jpxmbm{SbuY|ndV}1 z%*6(ni_J3^TVyVlVk%ZCya)xZ6TcNUYnloVG#6eOSNO5G!pE2kKOI+ibzI>==E8Mx zh3n%Ar)`+Hy556 zS9nfb;SkiiTVx^vmBh)!EsfC<8i$uB|K0h4{i4Egd(wv+WcBpC6b1|w4Q&e4S!YZMyd~1xpkB_;=Fl zZ5*PJyrH)R=R`)l#V*n5xsiyX$&t@nr>D3s0D42J`5kJL)>3AVYamK4%nFY)`o|-ft=yg` zN4Cn!G8F&NKL>*pq2egxwQ%_!o5SM+zGMoGueHbck>48PR-s!n{HMS=-I=9ben!-PitzM8n{$$I?bF#69fvU^bdugFIbr^%B6AJL ziyx+1w2zL71@TLiUxEPZn#c!C-Z34R98Ul1kb|lH8RPf2)1%HYUqmZ9f`2Jb52{^E znz>GFGJlEO_zhHnOWULFp1^#BPdxhgOAEk;k-sMq3NhLfEv}G;J7;*H$(?g{FaDgd z>5B8Ge16~&{V6$LcSkf|w;p^ZS$Oh&CBXNoU0TyS=#y2 z@v3)2vo}9SuD;u8gR+TYNgnbko!U4*l#H*&ybCF$t-IJtz%% zx3Lkj@qVv;lc%u}g6KA{eIvd>VqK3ykXYMTVpUo_`CT4L2T1=?C>l7bfNT!=6rw96 z=Z!*ibwbAVuyAWs;e}KyYJoH!eUP8h#p~Xl)E`3yagQBsdA%UZ(Az8pfs@;YVL}vd z#F!}`t9ogQSJ{ZSw{W&}d*f_rX2ZAAyavFj@yDINeYUi4qdWgY&xmc`O_J_NPXU$Q zHCytxQ}l}OOz|xa_|N>#ExrDw&;GV&#JirxFB~4F#h1Is9h@C;kNDoLeCa7%-Vt~& zTnhb+r}_uGP;U57qKej|1$S+OOIp=Ll{EP5t)3BWXl5JT{T8(cN__Tho@%UA^?GOM zcFxI#BTFf9x+G_*CZ+Y)Bg8p56m43m=27Ur0gW`G50pr2Qf=;0yf9=mh~( z7I%0Kwo{s?Nm5#|4KEdi8+3KaEhISDxYzOeGjluz$_n186`k5M(1fL^HBEEXIs+js z)ucfxDpof8C?zl>t%H*&SgdBGxv7w9Uu3rl9Y`(JzRCG$E}zM~1t9|GgCp{)vszj8 zNrAU1RdSonSNnxWD&C-j-whmbgDTF0PO2fB2VK{mnVW{nIEiJk%CL9B zF)HP4{1lq=Dx0*dn<);zJa;3-;m0;S$DQ904aJWwQQW#tgyR2} z*m>80z#v!Q&iVa8t6a)XdOlESdKOS3x6-PWQ$wT+<^lmrfo~~C!B`Xs-$SVcq?&0Q zN%No)(PiMHpsd%4TNhhyVF+%R+_XnfpeWI^u2&i0+Cl|}ivm+E1w^m4XHkGh`teOi zv5pmUe)c-9*Vl2Iv5PbUyV2&KY1;gB!^r=$INh{+Yba8;*tvr*5w@uX=Nc-L-2Qq* zW8C~$=u?hA*TDGiO(uPc=>6a;#NC|Jj7(Wua5r3`-z^k(kBQ!`qq`UCcZZ6*?`9i! ze@l0V>34rRQ|R5Jcm3RMG~Zd=`_E~>{l{8zaY=EMK!4YMSe9-Je_=gO_54>!7XK>p z!V%gTCJ4Zmuoe{dZkyQ%XJq|pag(S`pA38^tE2wOUN&U+)IWtbwZ$##pTzgmCykRn z7m3eW5)$;U>;@ygaxcW!nBPk+_eFf=?uf74Bk`3xCBCvXRD30|T>nZ!xBitxYW*t- z%=%XnhxM-<&r5tIQP${h>??_(^zR>ne4gkB17ak+xqBhOv`e$(La6jgVM};}#WqM) zKzXivwXAwG>Y&BX z5c`*=jx-$}u%BvCie6i!E&LYdUT+91CN{ag7BveA#BXU=U(DyhO-9#@bAK5N77Vg_ zK{=#d2`vjoEwl|mRuxotLzTOYIwQgdui`DBOexUM$72!$aglVXQ#DC~!%%Ksy!4)C=HFS+wr29Y>oF?5OsU)s|P; zXMNRg&`b_rcp7RD6>$UDvc?LUYfE&kH+!bYK=}rb)_=Olux0Ekk!0&G97a|XV7$lN z(fG@))?U6x_vV|wgCDk1()h@%T z0Z!1%OcilVVqd4U##IDU+pOpa7@m)rvzuqm;NPS4_;N9SQZ1!H@lu2^by?gT(%f+( zw;Cc|Ax`e7TtiwK0Ff_Fp*#?jc=RTy?M0^E*@W!!kog1spuYKMxtfcLC=WY#1h)#} z@K2&Yz_gX=>v^tEm2*7mqC7k#`r@gc8S9HbE9}!HrUE(A3K)^LU?kW^<9^_5%F{fa zPAol8-!(Hlk?SyH-P+g9kqC;4<_gNB1@ou)pdC&(hiBN0g_pVC$fQj+@M}r-kjWOlhXXHu(Ls>grkr&ODg2l!XFnL zFBi51c6gOp9qjgcNP8^2HxgdsRc~vR3%eFxLZM~6!LdcGT$J@LdxNQZtQoHof(!y> z4CvEAN>$oK-M#=zSMODBtD}0w5Y+P3+C>Lx3|=K1KK?bjXs$w=iO1PVglwOVbAAOJ z18B-V52+(hfkqMsTnQWTy~;8u%1W}D@$NuymvXRBv5cXnq%DJ2yvfKK13fe9+$9NoDY!M#`YCmMCC{JOVT_9Taxh zHjq-VZQ0ub-X24CR`!JeXQ z7UNuCJMGL5aQiY3>55EwWO{#$=@J@~tIjTlmAp-=UBkOU^c7Z&{xq7K!Cm9RCAffD zL&a$+u_9hvL7A&!Ws)%s$!XCN#!Sa9h^63}*BQh?{?Xw}07yGsE?kg8KI>GgGL>o$ zJd0~i{|OK#^s<2*q0J)E7(`FZdic@U-0hj0ZVO!yo#*y>Ac$`h@P%Fx5=}ry9g|Lr zx-3!_5ORLb-$=f*g}*YuFNDuf?Oyfb6i*bHJf*E%~T|j7eS3OyQwX(OI(0RD)$pxUIx~pH{7H|jTY6wlI`)Q~p$%w$XeBx&Q z=lvnJ%B2l9sh03zI2T&k6g7(9g>qK-AFJnJggIfuej@E%;lbLjt7waKfj4d=zZB{k zEB~npC;K9h29*2)a;SSEMt~be8G-87tv-%(i#f9}4o*kCC`Z`(93Ajmqyv5_T{`i# z1v=pOc`@QFZNqoi!W@%hjk|G$`wCR^>PWqspyPd5aVYUTYPf=H2s*0A4xzgRq6eT= zj{TE0Dg;xN;}N5$&~6Z3gnR?^9%LEWy7+o9;|bA&Hf<7m5WW}>yGBNbd5vh7z|Dh3 z9(hngfXb*GsSoO#Z~1WQJzkQL#)?-5bjqh^$<$8k+WvdUY)vH8g|~2{N1D75jMB!+{dVZa zZ`nAiF_hv}r#L-@8>M?mo9R_glIQNHkYwONoi6qMb19mOePb}y4m|_bYBiq51Ho|OS zXJ6N1m@jsG<{9|#xfCSE3(Q~s#_&L|Qk0^HR829+CdHk=vXHuRAQqZ|u5HILGqD>V z>j*8_nmg_otJ1n!;^97{N^l<Xbn!;{DN#TjqqDMKG zimS4Ep{z_0cc>n8BxOqVJ!x1o>So|LUM|Rt6%5e z&@NH#4zF61O){Q$95#=1Un5i9OYut8WHUyKlEVF)FW#TcxGZ&ur=^kom3B1Ba~o*k zy(8{V5;N0XBvrGzgp7B)lf9}pEk#Njn-(6zuXi!9c{@5h18YW6afn<}%~+B_lubT$ zAW3g{gIvsmz#evvN1c=vi~m#Iby%u?ka}F$aM#71KIx_FvjQOx;It(9crk}CiTC$X zCc1anZ($ND;~8UxfL8&lcq!P}B{{Z0ExzW2?h(c|VniO_t71El+oAx&X*DoXg20ik4e z)aKYRDBz(2ArxPb!WTWtfcyq2N8fi<8)zHqtSYnhw5v}VKFp>)^)<^!LC3Abd5>%N z8y9wbGStQ?M6|_x3B=~Ea>Pe`b%_w^?x8?A4(|%$6N{Y_c^#o~q_D@O`LOINM^Q_M|$5Rj-S5t|q2gEn?9n&#NwSipWlBj}BqA%ms4ryr4D| zb=*V!xjH+?^8Wj=CXr^Iu3e;z`^~H&FfMEj{7cmG;cU^MP-yi4fc2Ko&Th)L^cZIn z6q&t5^pxhSt$2V~d=x$Z*E1;4TRyl%c&vP2jd0L8-obfE%5}w+BIh0y9>|Q;66hmy z`nQhoQ1X|d78B!-I<5KN{;K1Tx{OHv=q;w2yuj3JLDJiie+062FdYEE)Scd7GDVZJ zX=}d)pKkw7R!}Ai;!^MA8h|-mj2dtUIu6tjcr*NNV*l-UyqD;~Sn=a1dXaDGg}`uG z^wA0MU_THZjAO8i@&W|LG1x!hdHI@yC+}K~iTS+m{h+OyVPpXi(5n;Tv0K;_`Csfk za=yS=6@=dEw4%4Z`FwBuuIXjJ5Lln~g>c?8WzKs058Tl%J%L~+(cdZhoKph9PRkBr z{MymwEBMD>#Qvcuz=`t*=A-w~+-|4qNrzIjLr>tr6Qa2Tjci0In*Bje4%ubO$#{m5 zlkt>9IT;0>aMNddkBlc=L^w`x$O2rLXT-S%BBmk7I_FFD>hwKg%+$e88RQgB$K(v> z$!UsC&R>m*`J5)^@nF`KjinNTm~9v!ddqH{#MmTSL{^bi_434e2+!bPPX(W zwx8pCZJ~N0+Dh)o6eaaRZB1@$5O5Xf>3`LYyPK)jMqtqvT~!}p*;bcuHFlgrG=*7$ks`b zn1Xle4O{WECnRp`Q}cRa*V9N$X_0h~)fu68KNS;MafJ0Lv-WmhG-qsFK9;!hL>utV zV29^_2qZ0*68qB9Q(R?qXu{2BxFL)?4qVe#E`^b3F8AXX_g!s-^3N ze<&|G%G9Fcnb)+W7F`?^jU>$Pin{-Lv5D6#kHWI8=2Bn#x03VDOw}=@xc7*tYz;pd z=bq}=JGs}K-&bBm@p=m>=Xdku#5uoJ$KT`cRMx+bZ%Kk-Q62a9e3I|$0n|Zy=dX`M zRL70+29aeU&8g^#?@$>Af1@P~Vkh@&3ZEpmd#_&>-@H<#%a zM|AjI03Z#6Vo{HLbUn*&m~JV51o=g)Jx@R*#16Wzi-Oac@Hm$JGq)>l|HOHR1|f@x zFoW#!8OfNlkC0F?DaoO&d4O3t+;=&nDZYtQFPahB^;=OrdL186vZ!Zn+gnjnG~7$P ze5Gd>Fl9#9I5YZPdJ}jkF@5UN=~JinHeME;iIscd!soUN`gGE|dH5N%H+Sh2WD0H@ zY*Xc;0#io1t=gEHuOi`AK|m5wtz+AJr&`~BV4_+zdJB2l4;UNUU=zh_*7L7g=vCZk zp7_8-ueO{SqgM&*iyN{w15aBBT!Q^Zc2u-|4KF#1os;rR`}ybP8#a>UIn5Msz=|jZ zOe9amr4R1ZKDaNo9}>&=RgJOSCnrK@C@Qk#9qF{>9qBZA&8F*j*=v@1B}Zmv_R+ti ztk$?|N=BkbOFBY6=_Aw-r+-NBerz$su0;8auX=B9pZSar-O_hH<6XB{^BJGHU+3J_ zs%YBWBauEKf&V`sumjn*Ke4=2t=Z=vuRH&Njs!IAEst;j z?1=fY_L@%y6dQ*s)IDj0qf+TffUV`o7LlyVYT-%68nm$dnePJEL|KI)}d+&d;{|&Xh_225K#Og^8w6Xx~ki;7S){u5VID_nK0JK#% z5b18i4Gg1Q9#`H0cnwFnq`<;$ES_L&BIYGI8;VZoxlM71+Z(li+;1d43SiKH;Bb+r zb$>+R%K6V4bT~*R;okBOQN9*UR8yQJsz}qTNa8B)K^1-EC&ly79gHI>D1et@X`3mB zBV|Iw9DZY@J){^{Vjy3HkK+u8->9(+h;5uNi8|c;bM(KC|6lsw9o4^3|NGJZ3H|R! z|KIe#>way~|0a$Fm*$23lENP*$JR%^(&@>Cne_p&Mic_B%hRaAg6Y;+1JogQ{I)oH z+F|ym?%;fs3yWj^)Sde5U=UsY(XzTk%uZn!&CDQuX1b#@bHax-GY4e_RH zYtt22A8zkO|6{ZW&~S7;MAlVmb(lD;2liLFJ`(ZFQR_>@1PteMlpsi3P;IL= ze=_-L!;rII9v9FO`D!P?2X|S4So1^x(RZ1pxtnyr{~zRCi>V`Q zjfGy!c9W^b6}&rAJmQ1d%F;6QQk32oC=TDs`^8Sq-)*J=x~dNG2tT7nsD1`+73a3O z4sI`2KEU>jRpeDRV})M_E~mrcRYJzrtoh<_#HAb}Z)s(xR2!h-sqQQaw{aZjfJ3)P zxXjb0w6gq9fOjm?9qtsY6le0O+CXoW1stwj)I!M7g#JV^Ji5uJC`()NHF?I~5p{Js z3Ou_h(l>>2r6blhTX750P7q5D(de$=2+%`OKR1;0n#p-7hSBe{{s8$aWJ1LaA`LBf zI*wE?#RF;HN4tTp1@>aLbk#>J76|x{AuW4pT(+L$>Lou}&-N>q-eKcKsMp-<5_P`k z`Jh?PhnZ1dqZSuI@HdOxAHI6k@xz$JdQr-CN*t9Zlm-IQ?7kMt&8=g4RgR8#Lpl0E zHYrE{I;J<}=!0W=QI6Jr$ja9{;_nx)sG|Y^vw^)EXM2^vMeEq_PAcAp)6*%u&#$#> zS3|eyQkq@L2dX1yOfT6fN2-q09!;pLMS9AoIX&gcT-(=wr{i>kr*SW(sC2!-;5BKo zraIm}t5?0Op4zEcVfAdWQcv|#b+rEo8IwsTy-Kvs-OAA9>aJv|=6`tg-8rB$HYv@W zSFFq`DpqbQW=Js5(^5^d*yAv@_`tiC!{k=(RLhH$@=UcHlx3KR)J(C9m$r)7=L8@C zM?kp0?l9b=nf9mQm1uF36Q~Zn-b9#@%Sk;?Z^w+!xod!`xXYT|*Pz=oP-RGahCThN zHqd^uY&kJ5$2*6HMis)j_zs0|5`VZGghKd6oUvgafsYxttaAQBJm~*nXngqgjom{n z;oDo>W%LZXV@G#*7Pazbi+(xr`y#EGF+;9iTGr1$@&F$8=i|{FZP%ViWW|hYd%QeH zd+q1Euh-h5{I}T+$XBP;d_=OR#h*SAJ#5f6?@silC&-7G;CU?E-Y*j@Xac%n{3A_I z5vkqtbbHC?XC5Jg9Qi+}j@PZl#)2dm>CkdrAPF0?j?FLlACKkAot$p+V_R;w(n`ylW1RqfAXrY6tT99p9X7!<*6lwo8-j*z`{Apz|K{G zFMEohW>W4dLZeB!K?=Tyq7<+%>I~te46C&i;*PSzisBrWF6f)-s%Jf|x{A83{o|b> zm_hM$j;Jd~)SM&QNu%6!KD?skVAy7Kpe%O^1cp+Nimy}yx02>|;_K7mD>0P)r8JIy zz;0FwM?YwG=LuA^yP(-E6Un07#<*O8*?WT{8n(Ep3i>2(c4F^?r;WC~N==9quuuI{ zF!(itc+OkoVENOodXCZu@ZG0xlh4H)Jf<~{OXyLGG9ezlUOeiO9&Xm%i!set=9v@KGLNXcV-OS;=xee%LTaXe%8cY@H$c2=99lM7BFlnksq0O>laKH& zC30Uh6Q7;o|QL{%!_wav7t zwPiR)td|X&UY_9-+k1U@16pHB=U|YQQM>w%XpPdETI%x(t~kElqv$X9a9Bso&S*T_ zdp<(T^U|89sO8ExxHo}}15NfoNssZVL3)j~>}$yAQd?&p5dF|L-$?{J$nRjJJrY4J z{&o6>)Q)xH)cCtuA3(X-8FlQR=z}5A6R|CG$t~0Y5E>|HT3jN`G(`+=aZ%6%3e%Cp zya2sxE?@&LhH0=B09-qRobi=1?nd1U_9}t)D1$=EJ;TchdRM_V&v2@a>$7`5fV^}7 z{f3FeT{u@R$nKRd{qu!5geIOud}&&CZ+z*&k@3&JO7biIEtdsBY^%)z6oLWi~_C|#B zP_${Acf$Uu)9^OX@D9-MPRTg~dyW!GP#O;ROd*?><75D5SiLk0tMUSyla_*{*6tFd zGfzYUfIMWxz#$s6Sy2BRDj*gDN@vP;q4?@ZP9h4bJ%ZW8#Z0}zmn;?fpzqk|FVw1b zbM;V6G;rPz1vkjCO!P<9!SJJT%0|8)3VQn*gyX-lONn0C=z)0PDsv-7k5%_f`93*I zfV-UBpl_!3K_gFC9%fqzk&m`=bE$59`)p z9{x)_Jb{WTlw?U9aJcl3b$qE#)K`!CJl}DBPitkUFMJE?S&l2(ai}LegYqnV%bd=I zxVVm@9&7bQwhH9W!aplLLzF!^Hc(A3lJ3q0e zs5R>^dYiwG-}|NWC#c0!@5QCXHHB`8w|YbVC;aG?vi$9u8`{-;U}Q*b*X2=NoLi>C zqk76b>cz4*=(2kX+hl3d2R_wRBp=*GVHzXrJ<7#pa-`LxxKK2;H9jc5bnj9oLVC3L zKkL!r!%xV;H>uY~@@D#Oj!@M;it-n8%&ouxk%QizztOeE&hF%r{}>cSpI~T$a^8@W}y9?s!%^DEErr z{TG3eYn&GchnUJkr{q{15e8Mz4R!Pv=_CHqBN)j;nuLEHB^rOjsv_w(rD* zh0YKmTqtgP;5yQBRTm_|mRZ#-7UyT~wOjWIl>D(0y)Bcu+b+?Zu1=6H7%H&22HhBDW%s}R`85E zY*RQr|HH5|uG&H}un2lWslG)rDSnO4$-%jm%<6sf<)L)>YPJm-olZfg!)xih3-h+B z#K*cq+Ex=@F@Bh=AhD^IzzxUPgYF&y)2>y(ZJsQj#L#6iwr} zAhW#6(gN)-U?;q400tn~gfMUF(t@zht6+%BEAa4N&=;-;Ol*Nvn+!%Tt{$l-pV;?n zt@S{cTo5`5H}V^N$}*=%!Bu+c)k|||S*kn8Y!6U%qZ7R-YIaYD{%e{ovR&`F1GQp*jHdC+4&ck1r6F>Zuz=9WOt3QbA_KbpXQa)6f z*XVtwI3btE_Zg4&?DO+vlZrM{V(K$qE#oF#2%XCFf9BJw-5#jBl6Zx~)p;xwIZ4T3=z1cMX^2AT013LF-JbK}(s#Hh!s z6sk7RD;GOEh?nmH@?4{Nt^&yO#oj@lxi9n%@*Mm^4CE=*-XsJPY9&uQZY~5JN(qV0 zp40615rh1fJxnlO#K$^Hv!U$+%N`m?_C~yFDB#dAtC@6>;y{>R6N-<3$Fv__z|9YA z(I~-=BrKjGar~V`^nyXw&H&@fmn%EOXqDoJ+%2HGro=tfN zsrX_P4_Cx(hp}|$TDmg;Gi0^6d99z{jBkIZvQ_w zzRX`fzW@CEv~Bx8H$T64d`CmyM70pMrdb1N9!>vXOPYo`EUH{O-R3_T$C9R1{YWXR z134>Z_$<{Wx|YCR6K^Z>*#H{0)T0J)cUqA)XG0_gVIPE6%_wzTs$ab~65bHQFIMes zv$9UIFiA9fqpXt$tP{+Kd9eTHNHw{97Q$jd-UXAGf0CS&aF|TVl$@7Xm?ybm_&#VTuzl)Vor6QDc^>UhmVRrKrlmb6f8e?VB z^qX|yD9&fnWdz0~*uw=q&uCg(-Bq`s=kffS_P0xLJipxg@%)=-dq19Uf7X0F-)iU! z>3Cjn9ggR#nB5=j?BIhaufsT&FUK5(FUOq#E@>Fum-3Tlj88t8u^`#&e0{^IGCZ@xz2nvAsje6Z|+rKJF;#0xUV=N-;mOGI4oq z3(8^?D;JNCPf$MPXvHvo75QUVKR?fv|gits%Y!3*ETYsRVK)k#IV!k6+ELg_mc zJrnRuxk&ruIkKXZlgka3vVn;VCD{c+nv=tSy}Adw;D%?c=z?Izl^6k=+HKG3u|}@N z6>a^W`Ip(>fY8x+HHtXrkX64y@MS3SZ(=*|iNNNC2MK*&bxUNy#ROc%aNHCHKvw#Z z)SqIA`Y^|cPYx&=msWCkRC~6@(4IZd1*0PQ;Op1%OH;kh(Bg!iF$vY>x-4zB-c)}9 z!TfVsd5#e@EwyCTrIo3?I|qUl#qs-iD2^A>xW9CUcGCBB%(ZZ!l~5CR^nISZYU0DC z+-kNAwN#Udn8{skH7As7sV1w17-2QFD=fFwr1sE_w`~K+0!zkQy03NoiS45Pd2G1- zovu{SZMP#|B-`zhd6@qJ%dV9vxrc^fOkTt!tgz8PT~;1sl}gKf(HK6MbHK)NKtL#~ zUY2DGB$J_(HpwA5_zXqVXN2vm>2?xuL}>fZ6fmgm*Ub9Dcn;M95Ask6-0^zGlW z#iNolfPI-qh605h8830l)^6YonmC-S;;%b&f0Fh%e-Z&lH~EuvXrJ7`{v-fIiPjECX@OR+dKYky z2mH5sgUg`|ozV~;YQe8J@Z3b)ZB(cfus@%Az9(3cf}b8>KfTIbum_1(AuS&q4c5+A zkN&jD2o?_ba1Hp~HjMN=#LsGmsY^T)=_<)+7u zs()Ci=uWBEF1f=X;ey zorS(|qM*Bz`t=67eGm;+ML1#95Defjoo3%}`YBRp58c3h`7|jW7ok>CmK@?^hCuAP z;-#Mipy@;gsu7~aCOuG3Kj>;d`a(W(!NI2~bbR_+MSNPKaqb4K;INa9ctB%aIEemc zr)6qUcHj+d2%i#vKC(9aGq<8?+nRp@4sdc(@AFjhQWAQ2i|RNfsaIf#3h_`oy(rs0ll7gka|6-mtGeuhg8RD@i$kjieY3` z$KyYaGNCmFYsWo6Xbq`m*N;T|97En^J|0GAH)UiY-fZPNe5qZq_8{FEhj%b*->RMV zxQ^Jk|K1qb(^kV^&sVD%sC-x?i+Sx21~KT%-{9tXl}jT@ej=SeYMBG{_xgqq znuLTvenZ}>-djQA$t}(Xx`%=%=5pt~*;!iA?}ykpuwwOwil)B!KO8x-h@73<7Ctr3 zUarUWBRvgxJ=%e~^DQZE1hce@op1BKHd}aW%=y-&AN*zhw;fYaVZ8sXb*knVqNCxd z?^Wk!`fB(2r@~qXgUdqawBUGl$Mg1^04%^tPcV6cT-YwsCrOi=I9UYc-o-Xe?bgnM zZ4Qv1Y?+b~{1n(0BB)$`B)`F1sLekCJ6{Cb3~~15V5uFK7ldT>ShU2B-(J|+Xm+Lq z$9Bs~6Sp_qTiEGUI$sq{PHLnkJ<9i<+zkLle59>|ZLOvuKoOC=h2i;I!qd(3k6uXk zzKqtU1d}JCBCf?FP2M8sf)OQSWom;*P5;QFq{HBr`jH%*Y)9wOFX`7yXi6eDg4)?> z7@e=_GOGNB*LE5k=km9MyYVQkUTM;LFUFFKnp!=%4by_@Ile*-m$y;I3rvwTX_F^+ zJxNE(vP^I8_JvdB+-)Q;2rIoOICdKePl2xRiN^Y~M2vj{$R4{jF4kR~n|Yl(7#eWU zgN1$%>cw_1GrvB~tK8P+$vxy%${PX|y3a8<;XucNLcM`ZlYh9m{u2|_|0vgwjWj2Y zh;VLNkj=4OhSxBl66LMo+?YOw#hvn2lsm@iLoC%mb`gjQ_9ZTE6)9rhp{;uwwaC(U z8%y6y@gY)5-SP;ltd4-sXH`P0+|S)f5me(H1gKAXGBSJ{=WFnPC_GcCAIYu8JE>nG z=h0O%`qR?8KLod@iF7%giF^`xeko4D!T05U0gWUDx)Ryq-ys?jFx3#x_ZigMCwG$5%>S`NWKW z?I}`km4kPJ6zq>=xS((Gs^@+6?@>Ur_ZR0?AWvFTnu*umt6mG$h@75TvoSCQ58>IC@VnYDT*cST%>(S=W_~ra739wE`0p*TgY4{g_#ms` z54R=`vTq-yjX2gG-rOgCnIkl6l}kHq0Vs+c+5a}3x`7Pt>pW<}I1q=?)%)({PJIUS zxjp=m#Xp%i;XJ$$HFOpSDPPU2gSgrKS|evX*sl#t6%lFkC_#6$EAc6)7iTg^ft|}a zH%poj-#sZ7a+ZrJ*(~Qad4tIXa^VlShW7^Kekai~6173+KzKR>mkNjY_5~AZ7WYG@ zx6l_6N{L8J2h2Mnh+>S)?Bo=md2VcrEfgLrmcR)L#IcPq{C9c|eqzv=w(x0Y`l8{C zI5wWPP>wNkj8O=(`?am;Q23p`@qT&)ym6GUEYJr1jR~ZP7Yx_^d(rR1x^N#%J*+LF zYCp5^Bi8yTZdiGT)^IQ$uvnD1JYHS#rcqa{I7y0Z5`E1eVC$hyh=2_+PX2D~%gJ=| zNB0Z6z!OLFHAR`Oz9&126yjiQa##n_(w}t0VW)njzifaZII9eABg_7yRQB3}MyFmN z%UmFOf8_dJ@1sA^AZ($~>RDb22Mtws3b_Mid7y|qG{D^Qk;@;`KfZjCv^I%?v}IC8 z1ImjsMCh-`RVg%R&~d=MgwLN%wW*Vm@NufNc2a-(eLAO`fN2goda#1|2e=U+tlmH7 zI6VMTEv#(k4c~>APa@~nPT~I)Cy!gDP&VoLQ{{T{vLmBR_$IH?z`T~dcms1t0nx$gJu^W2O7LS(F%@OKRR5(jNlOHS!rfRNb8; z-N%^vpreTEPF*3}8zZ~x>`lRo4_6&xW%zxCTw?J0O{T~58=9)Rk9DA-{HpHdLv6O@ z*H(3BoPgpF4oC5-ZVC4U>sHnMGJl^)$is{H=FQ+(r3WapNLBY1`u^aL{QVaC&Mu)< z-3#e^?O>Fz%WA3{f#ybFHl+v2$Dpda5=}}qd-?mc;q;w6E<&H+Pu=NFb(u|dsZDk1 zO?88sf>rNBwLz%5UlSKx)xGaLDo*L6Lof1$&&i9UhER=F-6wMo9_H`Y@plqVL-$g> zNlkVAn(F#D)eUH>OKGYb*i?5+Q{CXEy5UWAX-#$6O?4+W)j6B$hBegL|?vPAfgsp`H2E9}20JfTj)#p5wm{=BO08!--lPB^!!dn;P=531^J!)M^cy5y!h z2g;p_G5b@hxT;Xvj%%tL(o~nxRChvC-N{XLr#97%Y^po0sqT!X z-s4j}W3aZC;CvIIF49vErbNU1=^@dFOca}vqE+=BuZ+Teh*}-mKK&^Qbe1rlx?Wz7 zS4@$;Qnb|*q7U^JujNjl<*s4)aK?W?wG=<0 za@iuAzdw%k+rl#y_m99fbyO}}Y!4JyEz6^n;(i1eP?HEKX`E@l%=Rl0^{vXLP9UAJM{~Xh#AIC{%(Tw?&Se=0FWv&a!kH zW!&Jt2`*fjp|d?T%`vv8{w-#EcE4q2dwzhLKpLbpMl$w8g9lj*>=(t|Yt;T!xhE1@ zfZDW{rOdz7G?!%BLnKA@6|aTN7|r={CY!$EyZAcP@*lMYo8lrro9uD%8c`pNp{&aG zsFZk!@@hgt+D@96zrXI(5s#O1R3GStPy8Vg89z7x81Vo$eo)*UihHJ((I!b+R>V3o zm`I?Vk~6id&SEtjF}65V#d*rkr4KFN6A2GsbV3>ja4^Cf3FSwx@r%G9Uyer;46e8F znFd#u!Xh9BCfMV~}GH{j5O-M)xwvzc1@^kiCp=;j$x)&-%V4Sid%X z{qBF&X`2m8Oj6)73=M3;PVLHW9$K+JwDIvnn`Rx_7z_ef81jsr(asgY1kmAnHXj#l$Ny=Y&|@m zIjqq0_@lVHfJg0Q0xKH?c5IBmMuRq(2y90r<8(BR*&Dt{O1uRKkC_}WLuq@1ZnPQ&K{WS-8ft8JS3?)P2t)z!^`OP9TbRKrw<20D8lX9wjvq{+$=cNi zevWB$hj!}dc>fcV{1R6lXSiD4rET31qtU(CySRM(43$<{W~hhLi{<^fG*LcmWivSD zZC{Qu+pKn13Xb`7=>VV$1UgOjss)v1d)1|h zB4i$?N66H3>{X#XA?}&p2{!RToB?D^q`w)wj!#?`12Ue)cTOVbswbNxt=q3g3u(SU z&ld?hLNMb?bl6otn0C9GJ;Y|7kA(advo#k-c`m_HfgL!0RXT@9>O1~tN+e_7!$L*T zGv7?l_C$c)%ZaaojIXUbU;v8Dtlnkk8=Wzwir~!KS}vGk>yFUFOy@0+1uQ*U{_nhB z!vBqpJ`@)ZJ+52YAC|=jK&6F^oc8Q*)AdCWyL=wUt7!6I@sus<{n?~GZz;|mPa~)& z;k&Av%!5+RDz5oq&Kp)7teQAULXX>ARb6x&3Uut82(V4U7brZMiY)SPa4YLwjb9D) z&D~x-HQDBA{OSy^y-oV{>!`#%cRLkz=NgsBQt^71pUHDKR(~>dGGwrG zAaBXl+eL?f_z$KsUT70KxTAk)v| zRJu^ueb;DChIx7l#s`|{T{xtzsnyL%!S#aR;b<(*mUTPS z3jJc4p7IO_OUCPT4gDz69$#+uc@n0RIOUgsHGqk5kqynqA*~k&FsF zC+4rLw|J#YiX$0gP%>eLS+cCZimVXiFy}JyrNRTez8yM1z6#XhW*?+|E94F8u1svYSqJhjpp%p!M-(S}=L-IF#7})tn zZS-()e9h@Qf5ocKM2E!LdA;ic`knnt^Z_5A{R_^6$Hv6;0nwZUq2o^dD$*3qFITmf zWcBFGf}eB&!sx*=TwLT0UWtjl^D;TO7}I*?mEPc;72e?Dt0;#em;uUI8O->dKG`y@ zB#LMJmwuswR+Sd%CH=x2N^%KJUB=TK&ET@^MPB7eMxKI#{vCz9N=>$aL%qx?Na;5x z8C6~vxkZ(SITxvn$Jpa9n6ZlMewYs?FCOEF@4<{e=$APXy>frH@Ov2i7ruOdc6%%t z-~HJlXZ7Ic^m`&Q9_8{gHcZ|iW5e(l^q=|~92{z-4Kq;RFoRB|4O6v&rZYiGJ)M67 z#@T-!7AM)@qP%a$xTx`OM!BeDz1ED81{a0@p-XDq>u7J2lJ2L zuzYg$hbH+XFs{W-{&BD`l{g_5Opt@qGPQ@G&aGVfJq0?57Q9**LYQEKPgsb`wBO%K z48P+3UOeqzug6ntSKZ&Q;M~~*-i)#Rn_uTi`<_4C?Sk!}4TXy|NSltD(EJn4B~E*I zRs4C7r=JI!TK>H@_Envi5(F#}{#}&EA)uX+rRPWJaeN5+Q@OYTsx3ieFjN=Nlwn6H0(#i|5OXnMe+=Z*4kBV8dmC;;sC4{cagwR!C7d4YqvlQj{JPgW7 zTHfuDRX>fF2kJr1JMZPo9CI3EQju5 zMn{~h3ycKm+Q;Xo*&y~beuh(YQOT71f0U*Y#s z%~u$n52Q28qxvaI@&W%u*Ma10djR}p2|=F7Kpn}rqn5juY3`o?Ms4Lyy5=LLW~2Xx z(C^3$;1(7@m9(1#lCmsM?m=(A zB~EmZovT=fgzBZ*^C;SC$y{4Y$&K_}<+3?2@qC7F>a;9({ufop``kT4w73DunvxCY21jx{Ddu#Ua^RVsE zT#e!M){cemnpbGE_Vp}2VAeA*;dMDUJw@9L4OivTR6@c7#qsPX%E+o|A|>h1{SF9)D@I?#qqDTv6J(mSNP=I#UJiYadM7c2%`2Y3{~A>c~>qV zOr}sMf~|eAvt5`2h)6A1_FnFry$-J zL(_;2d8p02A#2w{T>}`U>YnL>2ET|%*z36D3s%S;wQMF1HEhf|iu)e_7>_EK!E#Um zPRCQY$tz86^yRMiC>wpb+dN8}FSqrsAznN2K{%koDenC3`5W=WtIPnQ9XCCg{edqy zdh68S_?GaoD?Qa4V1YodHbbrAE8Ocp)~j@Jav2?8sr=+sIy{9?Qt$C8KT0((QuGZ4 zDx$I3-rzzfKf8Q6k0{4HB7cVV^mQ>!w?92}5W`s+Q}UC3ik1B1=@s;|X3_Dlt(Ld+ z8hT5wL^V|8Vnd%zvEz;YDZ>9TSb`&IST=cHx0DDTZOydB6gY+eO6a=&vgqR0KG z66f6yLvbn16ouW;x%>-F21aOqy?zhoeX$)KQcC=m@r7I*M#VP|%9kAUa}blR9IXT} z38<2?T-AsBOB|fGa!G|PFs*V4B!}XvB|>t@<3LWqOP#&W@4}^KvEk(A$q*YR3$bA` z#0J$jPaA~Zg(wgT4PwGlt5M|Z>+q7k%hBXMr(hNo{*YAA2lmsUb`RhV46d9L9)`U) z_Z`#TqpMPF2BVw#t$pquQpRfTFWFj(sV1l6>_7 zpCsqL$R|mTI7w>nNVkO^Ld7jKGqz%7L2~6AG{fl88yraLl5jqa@M`WxR4+zzj}1@H zC?(l(j||749)8>E1(13TpYX}_A^}Mj$=IjQV%FBhUKtMs>NNPe*#cTuM=%`A@@_X?g{{z978bAoY2|u zdqPW`C>pv@{Wqnjwbzs52?_kCVk`akr4)&Dta`8^y@qh}RD-r^_ex%vt`qJ4Z5Fs->8 zq}-RYi|`vl6}uPSLn^bYvkScHMZW_BXX1D2NeyNCEv3DjOmP~-nlintp((-CY)U+Oz-|Y=H7G;Cf-VkZR_+XdRo$R@a z(_%`KAFhUmoM5uR!%F+eyHKCnstq*bVo6Bp27Wd2SMaOUb#jb670M-PP-6e*_c={! z5ynfBFZ5h9DE{|Gi#Fx@8-(h@*F%%Ch+^z&oQQec?`8EuZ}6^6&`)Tam%{)6ik*fx0_1sJvxR@Wn)ce7(i|emb9hPL zAgylkif2eY^25fTQ2aoxqt_y)sk|3c1tbk z)L98Q2mfD$>nlu$P_w(t*5W4LKBC8>k6`|lT2?KgtGWV^!#&_FN^Q0%0Ef-gb&{9T zdOB-Kk1v#fT!GL7a)Y`maFMPGEPyIdhAOZEs=zrtA~yl&+eCQ+^f}96Yg;RHd!`Al z@lXJVa5?cZvbu_jN^7PtuTD`#)gbLn`^M_s$pg1kZJ~Su%KUkpOGTMN`mvfzIMf6x zUXF?>&V=+pGw%Sdi(pF91Fvw}hifU|AmtUpvu-RU)x5%8CM)IOVRve42k>5A1VzS~ z^!w3o$qBE)f3m*E%=YD=uRy!+U)Z!VT)`c=&HIKB)cA%m=xiVLqrp z@IecpiV4l&6lAd#`UA07p34N|^$;^&yrj)V5R0mavShqAA1}wx9Mj3BG5v17Fjik3 z9nbe*Wy6uN)}@}>(Ayf{So?>kbyJt6|YugDS%MM7c!uOgvo_@PBE z5i|KLez-{I6?&2`Yx?C8_|aUNWB-5Ty$g6#RrWXBv`tB&a8jUB1*9r!D=5?(t$;Mp zlmrtfjs+Y+@Iu8a2nnD=p^!#<<`@Src$;AcZ!@T)QXQ^}wjgamzVVAH2aMfeTM=v z2(v7Qd!vXBEh77XswdRYthW2<2?}j}BP9QjWKiudzD|#RcoKb*!w>_nvZ6>hIt{Hg zIy&{{Gt&Jy#Vpkjg@)tN6XW^J@d;}c_x_gm8TSN!>z23MzBM!PThESp>#4mjLM=k& zB&7;zAhzaHZht-R6eeS}BxOuf*QO+@w_SZyqV|b%_NS82iM46qZ<|j#DBk{7>_PGK zar!~gV&Y+b@yF=%e_OOXJonw$+AvZj`ae#qkddlg(dfGUliDK`-DfXnWt@7(soYi;O(%-W!evkID zV)+)JxaMIa^V}J!a}Dam4^nv(Y>C`WV8o>|Gqua=FCnm}M`(rNP+mWWz?A167CqqotJs`*z8$;~Paj8;30zwc8Q#&iv#q`P4I>tqV;=B8 zOmowYQ){bi#?+O-2;i;IQWEZi2CS6zWiXeVRZPcuc?!mStV8`}JDE(hyUG-`n9#f_ zC6n0eF=8(n3n_sb)Dt$7l4*8K=rv+O(W<)J1fdI95jGt0a*q%1*jFqp_U31!b9?%7 zp4%Ij8!h(#f(`^5hTbdB(^S3spoD4u6XrLbmVhpHs*lCKr6atPMhE-U@53jIbfC>Y;4#X`OIKPYe{xZe zq?I|6|0#S1SG%+`QuO}WHgSIgK7&7vjouFyjEF*}*xp|qYn9b=UgHG2@oC=Onr!P~ zhfPxd+S*;1r@n+06jOFB7~8|^W6mt+l9J7STvHKKPy)cufXmp*p7*OTxA#09ncJ)z zwfbEF_bLG?QMYaHo)nrFDThZiYd$VrBreqoyg(za+-#^Ut8HZ!RM|M~#Yu*;!4+-F zjz`(bisQt#n|U)_x6Zg3Ue6s*MaMy}umMWTxY90$N`K}`y;`Mu_|w++dC=6F9o-q3 zL!(Vz$_Jdnl6*Y4hs4g^PNv-_c|U!mefvH&k(+mVO!K;nlljfC0qcf%b&;s@OQObl zXbVF7mv&I!*0l-h>uIcSP@DQ9_$|_DC{WSPvbvP{9RFjm+ML`Y$?Xq&3Y>LcL%6!E z_Hh~>N(~I%Q?6J)F4@yR*U9>nR#==V+2gIdx+gh(4K3c!MK$Yp)41uL=&^97_w=_r z?D97D3jL6hwKt4p)sag{b}3^lZvR%#0GG^}bn|zEb`0y!26@<;fxoF%Kn8Lgg}c0m zDU-Zy@i7iKR1Ecim33uWdzDTuWgJX89+sU4GbEU>@87GL*onzGxPXq}{foSmw%W4; zFp)ukX~I^`;6H{WED#Y=AX$E|?*Ek58f0=RZRRKS-JB4I4keTQPg3%0*@Yx{-6!F2 zJia1v{uJKTDS^eWOh+x0hg$MqPtn@tu#k|osK-hVYkCQ(Y8>ZB z!MSn?r#B5u47&oOPXIpF)Crmbr>~{c?AZ?A!4`}ueiOfyGHp=#nec(bu?;#uTM_<2 z?Pr^Ye|Jcki#fz+=3>&J;)4WleEd^<5Nr+~oEsV#z+tlLy3yoAS zVgb?jL4TIx2se70Mba?7B>&>5`#jY(GIWLb!M*a4VH!_h`b&rg(%v8_ zEye#@tqlmBj)UX0SY0mpa*l0DVesUIID`mGn81fdql>BPSV}64gIf#qN#E8 zURMACFV`nO4IJ5lZm9R2OD(3fNi5nRrhF8+o`fIJ3R zif(1vyJ;z@=`Gj=)jOGwHTtM~yypOZ4=O2wf4=b7A(%>YfxqTQU8t7R-aWN?t%Q2I; zDKscQoPRXb2TZW@TU3KLQ%l9i)+Y76pMrROS+lF~LvK$`4wd)4TSjwqzdO2SjHe?X zbL4$5B4joYi;zDPkME&^o;s(3^JE5=1YilrO!FX5Pc=Eh6lEjbyT=j85P~qUO6t{k zbEr0fKc5%-=TY*KBAvV&RY3;qS;xVW@@gG<6cDG*S=W@J9-q`hEb_b~B8-p2+6Lmz z!6Sr@lw!RDN*f0$ZH!SR z==oADzD2J3N~_q69KvUlgE?TIit*YkjfrQ$^GB~935*!Jbs*Jgsso2{NyUv6wQ6LJ zQyN{z$$V^<&C&QPmp&1Rzd~+UMEJJvgq&2^An1<~_e^U76^{RNCKbX&2fB8l3IurB z2$I&p^amd2L&JaYVPm&OGFSJ*8~Chj^mlISJ*wn0Zo)?J1YL+9o2%aN1MrW&6Jbvd zE{?T$PiHkxM9vd&8-wpU#qy;Xj_f|^(oqlCp85^w}suUZ)1`O5^yJkO8)w8HKv`cGKfgW6bu%SVj)F7JQ zv&8(K(Pn-Lbsju4T1;?hf_Us4d`2}6u&Q2w7e`E93Cd&l3(Ui)9Z{FAr9qp>0|xQC zo1tx9?WMZGtv!2Nspe1F-k@J-tfy`KdHwmK_*t3WOtZpGg%Ep0_3xtJ6AKbFbz8~d zllPY^DQdqGf5|ELmxB#8QRpO&t0iL0bEKgr&v$W=hW`2;h~VHUj32j2c&{rCBas}o z8yfar41Y2(r@udvm^raiY9MRoBg~xU;={I%5){ySU2>=mb85H#ZjW@x{JwaY>u-A4 z$o$T3uYTBxOqB&m^%T+s5080Ncmn3y){&oy`qWS2Sd&XR5EXhSd3^jh9A` z#_z#>poil(o6FHYp{F@MIyQq^LivH?%x*9DU6I88gm3gBDZCg;D0APJa3=M&q)4p2 zmp_t^F}~`eYwVXs?gA%I_u55LgO*vT+K3P{T%Q6-h<#Q`+r?>{7BedO;}XJ0|N zv?zE-NBSN%sH=Y;)}H^rzF)rmaGQ8#nX1??(`ya;CF^t4*i*nXT}KFO38CQ(X^iO; zgu{u<*+o>lKyil|+(x58=Uk$qh~J40%|N?u=61OqP1GHr$FDRUwXy;Ma;7TTE7 z@!K#1*jvaF$!Mj!E+ap2%HUzXohlO6W&vx^d_hopum(yZU>F0395A1sQ-VX5)xHnM z4{|#rvkdKSrE;C`00meYK=s{}@kfVgSNH%>W7goqY%6s;gwtxXOR6*1uY@w&R|^pf zfNA$6mYV(uI~;8~IGng0uO)}G@^Asa=aR+IJ1OX)Eca_1Qg9^I2aI)%X*h>#nlqfD zHAxRrNVve#NW>;i^%yYEdyGRaEp?bSQN$)S$Jdf8-G3>YYr8)95J!Vr>@YQkn`%tK zugOxpI5jgVWLED@jS=1y_oQ&veJ~;ize1rvX(Y7ME#f_2KV*1M{?_1MaCtaKce-#m z2X~q_T*P*A(+v^YsXu)ck)3X*$W9l~ZxPsu;_wU?ah(RzRT0*STz-a&s7@#FwI+wt zP}ZCkyokz(;7&d0tBCD%8hsU^oha{pa2q|-Gf4R>Yt9QEqhHxUauTY^2-2ayrc02L zRtBm$+*2#m4-^!5xQO;dSyO|gLmMuFJyAr`;Ud=4EA&-_dU}>t@${Nxc0jI43DR-4 zCM`&FQ`3p@Z#9-6Cr3yREvV@nnqSj3cI-J8mbsEl5px&vWJ(}bkE6&P;LCaVJhtyl%qV-yjxh_?eg0I6u{V9Ks zQztELu!x$xP<>7J(59Lmp|@(XLK|v&h1S&c4ZT)#cIcIwb3!lHoE!Rk&H15c4EjC; ziVPG~45DTXS-bv3hVrGV8LiNZ8`;x)(UWeOU}>awde^ZoYr&XB>+c!zSBLcKKKyHe z<>={W1|(5V$0XzX+=>@R#-qZ-4~tPrcK+7fI;Z@ZbI*59`M7h>VW%>|0)@cbESG%1 zS@^;1(}PE7d(h+4%dO7B4<+BX`0m6it~-$C2wd7ZzqZ*S)eP+Hy^_p7&cb?6iKBs1 zmvHV9$`z41yUN#;EcrP|Ex72MeNdBA)I+uKgC5Y3)$%L4I8|Xg><2qKV88*lRMePAq#e|aA5UAj6 zoeG>%U21>J}-FbK+`E-&>X|#hz@=KiK z_J4u--Mo`l-8&-r)hw$MtHDSaE%{q*7r6Ro6I)QO>2Kjh{}wrLCG70WZ&rSv5u-h9{ zM1!4BQ^A-3J10h9*(P%Tz}95rlrsfnF5d(*r&M(#+HjR}&2Z8pN>yK=tK=I}i0@b6 z`zli#JjgDXC;-vCnlf)lRj(5wsql!j21@B-dd~YFSHPCt-xTb`SS27@j8v z!Q%Y+Ylvae!?i0-48RnDEe83K$+C-MyhJwH7X4f!^HOSb6I$;aPpqQeW*&jtx`(wCShZ z$$v_wXfAoXBsM?9KF=#fnUzzt#*`m^-NZ|qgX^zQy8zr(RD})fDjHMY2@?pSYO}W+ z<>1y=owsk1<+Gy7pG~YdCY~Gb?}Wn^r}wRR8I9i!#y#voV%$OX&7qL=NEjN2l@C$X zvdWad)d^~G%GPm(*9^CMZUEgtxtQa*#X*Dw+NmPnN{ynthsgZNcFv|qpTc`-8B*5v zn1$(|35Zv0$AifzbXB0|AkL;HccvG)3hRrcWewi0FaW1JwIEz!a$;wI2dupWQV(`^Ba* z`gX%Kkx-UMs~#`EL{gs67Qou10*H7}vV+&nvZ@z81^Ox6H?KPuf{3bSD{PgP{0Con zC>{5wF^eOaHvgNTnU_|#qSYo|X-Apip(;MeZDf)!h~)=jA@B(+x(GzB4qF(uO;J6C zXj7klQncl9w8d*iJLUvnW08*$ov&WbD{;LDQgmR}O5<{LY|z&?QGCq8e9v7NbW5Y& zUuly3cheG;-wVzZ{=%Z-$;+b)C_C{2y8B#ma?*2NqSfd=U~};T4SQx&n2DT7afbIx z{@2K-Wm`h~7Uyh<;=Kna>v-<~CEIbx%ZPQbzA})_j@{cFzHKJQ`iM9xFXL2ma==Qr zrB`?13ZVjvW&d&9(1JWk%lsGdX|eC&#|HpEX`#6#$rbXnpWIkD+1Qf*0FI~x=%%kV zUApgL7DD*`%4CX7UdJv($}(yS$)laUwP-XMIa#1;!p`rMw-AYWCt}@UTYkT@xCAb3 zXS)3)izSDh^j;E)to9X^Orug>fbe@#9#`xNyi6YvdxuLI3Y!r2*PFJ| z{@MT$do&ABF6DXZHw)MkEiA@f2KAIv89`#~n82my=hyOnN)l?u`69XNU*FX>(+1c# z;^pZ_X|4Z>ik<&HxR_syU+(9LU?jYCb}7nuu9DX9@Y<^FgPl0mCu!I_woKctxWtfD zeClG*`4EGg5QEMaVo-^3zl*k_#v}(w1txa$*)%P*o8QWWa72CRJ?!R_@dHBC`6NWS z9rqX~}$D4x*J$4^G6i2X7>HKwVedCl!LW z^NhNNKnU9E8R;qvN>z80l7ix2HnKaV;=t~-)pH*1c|(psX*R0GiKDZt@Qxt>FHL7< zM#d1K^fbjZvcb=KPG<1bT=qbv=88mRI3Hn~h!zUnL0%F1^w3MMBWWj+f7iakC~X8C zfwC2vzyzTK=W#5>k3+d_h3qUM5(<={7SOg7$^W#G*S9Cb5eU#X^$?Col^eM=B2;yB zNd#X3LHJrz=8WdeV^34SfuEgb_ah}%3$LFamd5_iSJ&bV0e<1h5O|aymIC!~EX*7# z^gQXWmK60&(ta<4;Soc)37X89;jMZaOjEj@Ma@e%~PuX9X=g~aE@zLTk7@mo_EVtfj$Er zzRi|#isxL|`2Cz_RcszQA9e+nlSpP;hlzr)PKXD2x!4nS@u7U5jpFCF@_4bXBA>UA z%`QH%Ll0ne21>Hs%3O?at79m$d+%P`(OQe-7yiQ&bMY(H)72^OsxkQvX1L^S-WOdm z)2K^EKmGJRN8x-61v?Ty;9sq`)#N zr4e#rt+&u6FQc)p_YcBflTMGF>u7XhDiH&Kx?BoBffsViQkaaOyM@MM7#3l%i8n&t zgffdwRsfTN9||dMvR`N(GV%!pj|(^90^@fFlUQea&E%3lqt}YfGkta^y$z&lb;*0Q zR;uqVwI*E^xO5<=Hib=yQfYiVdkO(j%|j^E?q6 ziSIVn`?zF^OH8NhqHOF$fSomZ2Dub$dE^5~6M%EA#Ys`R-U3Cs?=QuVTKqd^a!Gcu z-QA%#+boKnv?wI4o3svAY@wN6&SHUp`a2kyNLqhT3-wXGqd-stIbv_6iGe}IDUCYu z7B3QM6x8ISAe~KF0j&>&$kih5*+%vfQl_lp94HH!hALLl<0$?Mz$7@H9C!Zwi7=*| z7kl2t#z;6HtQpf)fs9MpY};z`Ttc8TnIZj7WgG^&HHBR1Mz=VXUNjF7igtUT6Lna% z{nZ*;2Xn1uo+Sj$_zBD0UfBAyB;pz(Z^Q+M!=a(}{G%@D)QE~9Q9;E{x&EBtdKi++ zmqPP4gkRs&C9mdpREAp6G>LH9i`VrP$~9iKlXE&rZEk}EB58Kk640bRYRpQ9#L9jW1wRO8R^f+KN_SkJFwPl5vLq=`2Cr{I27Qx z6!zp3x?4kKi9{WvEs}Lywq%`{D`j5Ozf{VE@sl%+Fs?GxS%6qxfDBDZ;vI4ohwq~> z#Z~}VtP^siyhr)yAmzCzQ)_X5z`H5_sf^N`yoD^9gnKC<+=~Oa7oZpk?FTa;u*|T6 zPD}FeYo@8)DZ~~#zft$5YN(hpbaz#(QZ+|lC~RcLLSsyl)rrQ8M`Ow;KM6ZOIw;Q@ zShcMnSwuw3_KqfvXiORd^KzM_rU?7*?h%K>>uEIK&uimvFRb4@>FTxt?3CZ$eNtAaCD8kl&5k;z2ZL;{zI!{a zFMq4r(uZs78?7yIJW5gD1zcZ8_#Jt>20&kYjGma&t-9>E2*es(j6d>DV0%Hhb55^Q z(=uwS?Z+z*j;P#LSzY$4Fb#&TM*+Z1=bT%oW@I#>fV>k$`;W+|thWEE7d|0O>!JKQ zwR`_g8O>U;46T^qkrVnOVIA(*4Ks6GWkf5xU9$VO0L!ZvT*)EW2s;Kt0H9Sk5_1Mh zLKL;h_i8MdApF{UPMpyLS(h*DofOP}vwM;luXv;|lpX2nY;B#9Rvw0Q!pV%asDBx* zg%T$un@p*P8zT)WXp>)da7@ue?V*C|{d5-S5*x38n&l?l25~Z%=9Tm=X-aZkf#F*! zNELMM<*;Ce`WX3RoB>>jg;siH&bs-^58M<&jFKv#J<-94i z%4KQ_H&xyvo#S~YG%Oa6NSFrf#6hp2YzctqTpJs@_O1f1(kTr=OC2#pf8(`tb>_XAj z6K%p8si0euouY0QVervTvwCZvuZ8iy07+uHagCMm%F+0@99ESfn_1UaB#M7qR1uAT+q0rg{9E!UVMSM}2H9I6 zP%HR|hHoF(*gYoxE%~ps+y+9{{wsBmkd#5w5Xkx&k6ybu!sN95he%VwW^#{3^`y*1(*ZaQ1wyrH;3D@nJW^>u96PDBy7DXravNXM2CqY{D$(IO z;RPMSfp&_H?^<9C{5z*!hwD%rS-xeBL|kI908PzqQzJ=_z~GiIbp$UAP9cS2X{&p7!RD?JmdpU|K0 zndo^fA9{Q~>DZj;dx6(;;&AVDgtt1Rjaz@-J^wxv>91mOQ4uQDqhB zme&y`h49UnP`=ct+ic)U*gcB+cPhU)E&V2(!%4||NU!0?P`jh5?60W=C3doJ$ zz{0Uknt0Tn{{=3r3XPA~zuejAQYu!tlP^saTu)Aw;ki$m%sp!(2L zRHLi#(A?3GqS7c`>?oJ~odZ@Z8~2j)0?K=xkl`QbN2qYD^jhyAh~PV^D$Y#K{*wL3 z-r=T5oHgQ{`xzQdvlY{6U>Py}aTqPx#{sUh#YiY=;? z?Nk??c{nzE`zgn_({sRcHaJ4tQ?OEfbQMTe{oAklRO0_dbJSB3(N%N$(1h!OQP)M^ zrM}s>z4s*0Z^!S-l8S=>_1m7Z^Cv20llHOl979#G76KGav(AXPoZ z_06+To|(rTq!|7xjd$OeeCG|QuO7>6Hrp*CnpANnZK5+N@VBjMkF|KiF7=bwNKw&bF;F4Sc*j(QVk9V|E&2N)JrKZ8s-l2E zE=2+xOC#2|L06rIa6ZF%yvSWx=ef(RT#JtF_k5ebb$}z=cVL7=fxe;C5~q)KD|4XP zx!vlPUOfcB0haTeg^VMVbu1Gi*jDUA&*7+`_%RndFg}{eR}X-?slR zirxRuXtV#HIWOV`c_0Hby~`nu-i1T7nL_oDa^)EG=-OWP z=q8d`L9sLg)QUbl8~7aw|1P*b#wC=_zlF32fr5-^x$2S(g0C+CbdzLQho`qlsZKJo z0|eiLbSPP>E1S5pL+-|&YyfnjYYqS^O4Z%j9G@!I-nKHqQ5M*soi62GtltJ{$=A&0 zHJhnRnVoGrT5s}pYj%c9au&@{Uk1t2>%7@+`A28nVY5pa;LiJ!Lkyd~!W`VW5Oa_l znS+XKZPO-9quX@cR`+eP&G%I&m}*EN>XN5HXErMv2pNHOmPcXHdZ7|XaVVn*a|CL} zC7fU=tdOIyqFGu(iKW=djLu4hEf{w+mjI*8KL!w7Fc&zbTuK3I2x&uIkJa|b6(BM) z#o1Rv6n}V4h=9N_RJ$n;_Bsw&9x(4Ak}-w|0WTLbg{O>>L;_ijOwPbeoqvWF=QfQN zb->&U9~)r!OHw!DPN)}+A2wWVv!&5e`}aB(eN#ntlBb6_`f6Epv(*cFC0fL%sBdag zhhn@s-~q8u7HOGh*+b}_?4qL$Chv_dQ?0b*CRQ`wg4r8~t&xI;60Xys^uq;|J&nYl zyieVMj5Jr_R>}7#+7=4yq$Lj!T@=I9Pq+C;}5jEf21zTB4KY6FMyk<`oK(_#;+ll;mITwXi@T9%9ZGv z#Z~x&w1gA8?RS_yCLob~jQlH~Ji7-P_5(drfOY6j@?M0|fvhr-*?c#sssQ9U%MhfYVKKVnVY>)|!^2Yd(~<2;Rb z%#l4q5!C&%qUeotOcxND%-hF;^7b8J+Dg4WT6g1w|fYiBaHCSXO!StZl?7@D)(+^kxHZ zY3#0v>>b2E84TvqVq`ADRr&qyCy@{|f5p4O3$RaIL7rAQ-U(3G=ICMw=(C$fpNqQ3 z(I+`!0wao|i#7`$3Y9A&TXfO+X`V)1FgU+6*RGu{>$LkOo~ae@g1h7~vpH+u)rDQhO}ha$fs z86kX)u*`VDMk)yO4JAp}M?hzxdokNL&5H^5I44uv340PdGX3I`!GR!@G!)UPn?Se) zIEU%Ayo_1^nhxc=0++2v^XRrv1e5+@=A7OzY=+5FDBg`vdTJ1!!qx?8rvil3;>c^6 zJ)Ha~oTd|8KSR@@{#Nh~<^|-6k;W0hC_)@>lQfDEzjRcFW$Z1*JAlQj$kqaS?Zcqm z^eS(cl!`MulD|G+uA0f)3BOtPD?*Px?CiuGL*Ssc68xQf&c!hI)y2cuNh@ zD=@_zQ+wW5G08~&qO$E$yr+J<&j%=wURfysb(07g z94@scbnzF`YckeJQO?3M$%)n_Q#5KD5n`uVGOpk6>NBondtr&WbUAdU$?QW9R zcDR&_-GRGuoV4&@i}BvzRL*oO<*-$9iVZC&f<^2f`LNYlL~KdU8q&=fS)!kGi&>&{ zmfVU<*v+sTk#~8oK0Somouux3shaX}gWA0wsA>eWI-=g+Eu!S;sWIg5)sfw3GR5{8 zscmEL9!c7sMolLSeq4jDYTKX!Tyn}kI^=#X`4*5ZxF82W%`t94>cw4YKhXG7zFYA7_ZSNY-b)qw$L!q{md#qSov*&Wgv1TxfxmQ4PrUXBbAqtyk18E2qT*e3h zNt0*yatBJn*qS~*gEsV^9pN2L6Qu9f>eJbGy@l7N)(wHEqbORmL4K7>d*DK=p|&}% zg&MHr58uhVTg6?vgWh$#W{mnv@_n4Ii3sfL*Fq>ACiCD2f?r_y3(daQ&9MPpE!fd!5i1dK@3$&Y|R)}G7L!b49rGw_RZ?M7Gg6o@(?!mT0SKu10`hg zo(Be3WL=1zxCHGUivusVUf`so!^ys$ZivgigV?Bf)ObLTP;%=H&p}J{k$TDBc`q>Z zZwD(Q&VWSfMVmxpTh%|K?I9rAK0o0OTv~uL7c*PZMyQidaJ(e(I$1w^Tti@r2TyfQx(c- z)7M#9C+};A{rx;~e+~P$waxzh^KG&F_aaPP9RC!ex3+!9hGlS5PTU5k`~mt2oHY~S zIvw*l#_GL)BE@Vv%k_9V>9jC137>CJO&( zD=UrIQKxKHpEgGhXcRB$;xzUTkiBeofb>T$*voH??n!mG@Sb#tKkPq?E$M--iSnx% z2bI(G8Cu5KXUu4t$PgbD@yI5jsv)zM_|MSPIQq_E!t1V*H(gAym3HHekhEdt{OVRs z+L%8mDs9ZiD~%0|#2T5ZwS|xYBG8`sff>;OSyj#h@)3X7!&?3aW{h$6lL($5b{v}3 zUsL1qx+QKuALa&$UR-7D#jI#AUPD!e>O)x=B8Ts*6OO#^ohjD&eYA0obZ$wip>qNA zpKpnF?8E8Yv80%eJ<~$%xFJ< zua=HAe}+grGsBpU^^SkU;TH_?j50AU&)vqk4wkw&EC6Ro6_|m~rzge?Xkdwd38H>| zx(=2IzQV3CS?}_dt_G;U3(o^ZVyIc}xaP-2&DU~0gwY6IBWm{Xl?+48*Zk9Su{95$-XVe_9kKPd*>TO< z((ZF}=DcofNl&&Iy;v5sGPi+JS=H|Zn>EwJI~Cpv!m zTJiMlHyMUhec;*Hs5C;p67gL^LzhuRYxT=IFymZ;CuDX%F`{JRG}zwO&7UbB9EKo#^$g#_3icdq(dyv)lNs5L9Z^WHlgfpMuy$)z~a;pGxuewzB+kKHN2@oAxP>XTpb*Dj%A^&-3y4-Bnb zWJw}zgZbRHuT1zZJKiO424HZ%yiX4_&N88vnmuWuNrdzhqcKe!UD&3nT$N*!*0#vU z!lkolpY2Wg>K0BG8dy51T%TQEl9N=Q)(xu>B<>R<Z(>~Hc)JoV}03Ox8F5$Ue0tV9U6)(vuDqojmZ#cR!XeAr8bmg(`S%k`qihI>7G2n z8k|53fl@|OjT@+hn%8PLCB~ZTDeqG=|9V* zTsRMcpgRD3ED98*Nd9m5aW;!T8hwm{TxbQ}ix!v@E$~#dz)R5rSL+45723@Qqc<;$ z+?>WYyORMV8uX;nOE+dC( z$q6#R;j~pPS_TEdYgAbd!TASE)@z95C*){au~1e_h)Y5mSv10kD6As-VTv}^nKb32 z>eIT0_S4`_QqP<&RvJV~C_$;VNwm_=*H#(?<>LN0$hmOOu+l=yNqYqVCN0r``Gt9c z%19aZ%~V}>r(j#mtMzDH^vtBFHcasGtoP^vp6G*27SZ$PnA~vIUoAb8YPw;tx~VCD z5UT)0Rb#H!s6XC1)=@los?&)&JM&tR{C^@^d>N!qmK?bZ+d|jxeoyeGbV3}L!+=AX z1SpvQBv`++kZIGW#>I5kvb&>n69Xt<{xQXc7#q)Bbg$w?Wm`|8o$8%s;s9>6yhQ4S z*XPnyKs!0s8ZL#7q=Z45(QxZ+_A^5k+GgQz(X8HuN_ex6>|+uKGO$SZ|5c3lC(}4m z7p(s~!%b{|B%3eWHx#Eu^D=1o2@4-TgWJFTiab9kCZ#lQDju(kecWjczC=ZQ_h3I6 zK_X2setlDc(Rp^TdUMTkY$cU&@Fhj;Sw&yPr0D*EO zTOw2^0j`?Er4$iebLQ8wUr0hir1ccMc*k*(C7L3RC5Sf`@gFe+r#-P(8lM#W zOs(HXQBx@ha* z{bu4%We#n9xQn#wtLZxLtJHLka!Esi5=WG>)?#U`{nuh?jhg~30p2vlLNB+{%V4pd zfX)2+Y`jz+Ymz6Vmlw+=U5l&7O4@t8PlTRtH@;>h;$3CM!X(c?YV#R90_6^A;U;6t zd!U7wy=Z=ym>=aG*Wb3o?|c_BMD*;qeU%l9*g>hCF})|Is<3|_7laW+ZkGm>a%|B1*okaavpL4^_H_Y-(pG_g=45toyk{C9BiiS!4 zZWK}c4E#~-11ZLwQdU5*S7mokxeQibw^i-3P~@kV_v-WeG}<9m^`VeX{ZDA86~^Sy zz^i{a3?W<+#}@|a+=dJB{-8#COw`dd;fUORSgZyOyrCg>E;^<95)FRu|GGY!@c#fO z7XNgd{Z2!h)yA&Pg6P`BiiC~Yy;CgCmH4^}3vL}PxY|g>+d$b$wdlI&q8fPh0Iahi zUP3Gu^oCpuuBUMr2&j$OCLd15%u3y%OmGz_Q9mRW+h4!RY-1Jra zh&j9zuT$))7@*?-^T}m6GP^Tmdrx{)?Y@9lUz+qFWN!kPVb`BR=q@NY$_5+4_A)*V z^!adU%;J0IkVc=EiN$BZ;sbEIEH~leYhrRFxjGmS)r~5RA@|?u)$J1Go^y>x?z3~s zZ@Bf2={I*w?o_|`+|Z?HNIDvFx@d^loN(acEti zNb6QpF-XKy(6SeQM=dMLz}H9kYm%W^eY9rvF*NJJ&~n3ixgv-K)IV-jog0jY3190f9Rof!acow?I&r?gpxR{RMVv&7m~<<^5?Zv- zt5EL|%(4*&vQ&quF@GyK%V6Pe)F@R^?j@MNGHsQ^ENI>?Z_uU`TbrQ{uD5@P3qkM* zyyTerX^-d|2BEo-(Yz-7sYu3qFeK!BZtslG?=(mB?^u47-8(`v6}L$#OO+?2LTtkw zEO$EvQ-CUlS~!+`yR6k|!Fpj1d8L#D-k>lmsE_@wJHIQ*R(T@XE1?Od`n2@w5>wDC zT2X;2?G#PC5uZ@S+X40nQi~U4>MiyHR|$?sajq15Heeo(x`U}Ovw_fz{+@-Kgu|FS z;K&?VIn0y<47oQrQd)COdbql*b|myT>EA&(Sw+a7xxxET^i+DrF|MVxZi>8$fx_0K zlwqLCzB3f=j!&$}G8GN{4yYI0pO8|WR*q_!>D2=gt2rcb;}OzZ6A8<|429(>!Fs!z zR9x--u(%qGpK}?xF%EX9#YjX$lLcCarc-qV+&ra2(;@@Zomnkt#a~N%y*Dp346TB^ z@6H4}%!y}*zzK`O2^#e8FLbu3N4FFk>Cz7Hvjs_%aGJ2hv6a!A)GAb%2oQS;@rzx? zHS%WHCRN!nleIjx+*BbDMDRCA!--jq~5 zWk<1Gv6C~(iMitZfizctN{!aJn+PIizVyUyv7;CK{1hn^YmYSJV2D8n_O9L$Uf6n2 z+gVqOoppel`C%7)&2q=@U-THU#oof*)LRz19p|{rYPa6=rg(zK?dEDwRj$1$)U$nh z!we0^3>A)iE7Y*%y+ZgudVxr`U!dVb1IA zJCn68B;a3JXbsl(5G=~tdi&c+@|0KW?XQqpdZz}Zaf5@}-^R*(g~s=%Bz=6nXNy&t zBUWX$XMB9+p)1gsAgH_*RBnl<@``NCcMdv5RDMuQ%t4*XTh#@h=~Pa{WH@E$Gj5=9 z>t}j++>_wlbZXBL)Si=o+OySUytysVEpnb&5gUn>f};uM3sB-_Chq{XSiR~nS+qH< z7ZKw%B3>XZS;^{OCjysJ90!N&Um-++LI>&l`Dp<_QAh8yQebN6$d-w#B3#`O^_36< z8+MP@Avbg}{Ud8qy?6v{{4A+BES(616m zMP1KV^+vAZMw-7EOu9P%I`ONV>JhQaFc#~giRM{3!mD*PJ?N5G^Et4A2S6O|0%Vfc zdZxM$;0U8E<4YnUsuoSrrT96tEt=(!m(9ml^(@iamm+;&(Wwhvm6wZV_WkA}$`P|% zYv$u^nrVt_=E>Uka#Mo#S=zL(lG?ZULu$!JZb_sG1OLZOxFAszC<0b&6RN2RC-zck z`ek&Nk3Twj2l#HzC!}}b5R0*Qx%tU_cjGJ$)yZKIV+-*d{AYhCTsb0H=zF9!qpj6` zI^V~EW?otd=UH+xJ=%3p4OK6?EqA3(xRkCtmJ;}<^4W&%? z4s2bu%yX^w9qjp$OTUTt2CoxCNByc#W8FjWEYS~o6^4;i?~Z^*!L4czElzo(u#TF$ zv$L+Bz5D~_M~hEBt<~*KtH|0aruC}-(6k2lozMpNLTh;G7!<-YKBBQ<)C;=(gqQ)2 z`7ZkjDZ|!h(G-PuYvHZI_sCy^ZPD$HeCLlk8u`Qfw2^;=lK?Jz!cc5!wAhw?`nE;; zL`1!y=bLM*pJ=b51*piVbZA#UQLCEJqF8N4B72@5iILU<@MST}Sz97%r?{84-A~)r zXNjwic!g&ua+{sI5FUa7AUhoCd^Tv7|z1r zDiQ{Tk1W=hIQ5V=GvqYd)vm#v8VG}R5C(U~AF-iJ#am%(r>4Y-sI&jgRsySTY0|(3 z>hI~g+$`l{R2IKO10~FBF?a{vS)FG?4_(y3%gpV(?3)ilG2x8jk3aw2eBD3&H_X>T zHFmx>l>gTGnt$>CjrrQNC-D%zxaWUizRKEp+3-Cln=f6S-x+&WbqHa;A!fp+^kK}^ zCUx&k>>|v^dmIgUkA;$hayvmzU%_rw-|G{W59KCK<2a5{aP<~7ok3F^SzW4nj5jel zv(cg3KDgfACs|ARN5*a_Q>R!tY%gYdFlCTiV_$)Jn~Bdp!;&Tc-&yW5pI3mxWxvSb z^77r<;gZ73lHOuCA1)<){bgAE;j*80xa3b5yhsIqacG2*2rfnwp9T@saNdP@Gl78B zkcvPX^@d&g?nk4lZ%1q015o%JGIpOuM(ng=#oia6$X~f7~iI{2>A4b?sivVqKKQ)hy2tK+J@M{jvtl^|@8y>|;PaGb>NvCR% z<{uX5IBDF!1otDi7_!~ptHmqix}`P1TV>^pKrKq@Ho&9pBiIc>cA2&j%;~5{cLGU( z*EY1{=&(pT^faosN7`ZVFIhM&;>_^pNYzoiTcSu1@^;zXhe92J`qqJNcdFyr-d(W{ zhB6K*L<(2Zs$1>rK=@do=I<^UkVNs}DLo=(0^(#)z7rtRZM=I6k{`w=XAX=2L%8{= zvl;c_z}Km0CWlMVQXuIWI#HSeJ#dWBcy!!L^b9P78afX4^(1wo)07naw@Ii(nFTV+ z+d)P;damAXO~H5KJyb+ByaO-*^Rz3pRGh?N17-Wvwfi$UUj;>lL3fKpceN~@in--t z?zTUjouNd&)+G~6F}?iPS&?4eGxWFja?4Pymvm0Iv7t@9+ksww$1_3iOqP}$Op1AD zQS_bW|KgqF^>>owWLw{t-udfjQ&MQ5cwy>nui<5Ta`czk`-m*3=A12b_y+zaU@kMf zKc$`bC&#^i*A?3PX&u>^yQvj;KV_BD7kiG*|KF#@9!U?0H~y|L>IL>TEW}u3lW>VP zzzsuKp7=n7=4yk7On_!N`d%oC-Aa_tHum{8&0Ax5K6d{h=)dmp;OR%s4ms@XV8fPE zME+zsPNirDLFOIdCeA=fof~^aJnWw63ccj`Xi@Zi)^Z+00%>pF&L%cW^}P5nK+s1H3;)wD-BEy9&+E9LLG~VAq<7N8@G++=K(yu-(6@?%h zxpVQ{5cCVTN=&r*VejW3*wm1t;BF6@m!U2OPv z5QU_DcGDa)duzL450nV9tFGK63GbK9z}QmOXy2w|4&SlP^TuEm@5k%hH)SjZy2BPe zz&;UytOuD?h1a)s>4&zLXuU=+;SaTEU6&_E4Vzp3(0<2;Hy*w&cj*han~Y0J_fI0{ zBv$~)%s|(N3KKa?URN01Mn@MKoh4hn2A3?XtGjV`!)dr_%y+IiKRsXAq4U!n%yGKj zTWEBCdh$*~{WMyINt8b*&~wW<{8ZOjR4G&{^dS}3#rxl%bUw1{I+%}nS0tE^6PLFc z{F{cfxzso$!F+&To$^kCiDMkEFrvHB6f(7dwu1LwBF~=NIlP}%?NyS(w{|07b zPic(1fQeY+ZNs^NqC_@JO`f7w^f8x!pbP_rrrI9%w`~jt#QTCz-wSyAo&Eu>n55r(h97_H?JmYX-zb?5f)$IPiHcEqkqS?I?V=ts@@q926k-t;VD(O$}w3DCFfbRyXdlDM1qq=GT zr<2A7F^MtAPbbeMe1LLsw01ujhhntt2~eE zV*Uc=Yr)$%n3l#*3(yD9+cS8z^QP2Fm#J1TQ*D6E`8+^O80Nmw0pjQZUyxuIIkTF# z7etG`czMiN25F5Ot9`~$?S0W|J5$+!FkbzwAnF0XOIr!SG38N?O7$cg>iIPKPWCFd z$2RXXL($DNg$!pg)V1*PXo25H>!O`BNU%*~`(HDZ{cE%=#|C&muI$*$qGivB_LVHC z!KdTOZb)1&Iai0~8#-frf49qG)*Zx7Lxt-N1^t&s3bH@>`No3HhJqhl9_N`&9qPEu75PV5Z4kRtEHfzBDOa~C#xkKn#L4-&#L%j{8Fe0IM7n?Ibs+7|C7E%I1H zC$XN!S@QSi*Gg+2+D!!u_sqGLk=WaVY(S#;uH4qqI8BY9r-%VdRg@%^SN%n7$3l;H z1z%?kJi0rT%>dNPsoBwrXaB?YCbgn`sY|J$Pzap%?pLyk!B8TteR3z2^Ve=Dprn&h z@dsKasO@isC~>w+ZYj47{VP>A=Pe2;WOpi6pVGmXQa6ORdh(rti6@+LBaNl!OuG@^ zqEs5k)0MXsgV||L*Zkd~s~v&gnOt&n$eF)8zWi_hphSwBF!@jcj@DdjCT45VhzP+M z)U)&C@r!6u3a430aeUw&<9DzRfszT`_KIQ(!90K~UvAHc+M zKKuWU9w5U~dzFVcFa=1l;0?Nr^VNs0z$}wK7m%0tXmc@gBeCAcsXRp<#lSB%@&0TwcuPnoIRiFX6XY#SrM) zP271ka_39F6Ptf5im!*95ODvjHocJznTX=8ulo_id)w_5El^ z>w92F>-)Oc^{rJ*>zi6Z>pMSwZO;(TZXgSvVQqiE!ML`mqB)yrZ98dgll4?v+m{*F z_Sv+yWAiIj8prcg*0&h7-}-UV^-T^-3D>u1-+#Zp|0{aX*LS8^+jL2j|0C<0;S|yJ zedBss-@T%1`vc?JrV8{Y3~T$s^&PG41P`gdtmC!q8q6#B--GoPe9oKN+P+xa*%P^w z&Ua$$S&7$o(z*oeJHdH{(s`4Urh^=jTGVUn=$acCNfWz@n$-^+o*C}W z#S9$TND1*pffP84wYrmon6shPbCW~96bOXSQ!X zHZWq}d}Cs)eKXcy!jTfCy7FRaQGkN3(-%MCw92JL8<*l!%3EDYazlfEz6R^%{4NaP zYw#bY7Vzk-rmqfiT*%+Lfq-zj6W8|5J(7GaGd-zLrVUX7RE$rxj5_jMC5-fSuaUy7 zjudVqgu+dOOF3TS4J0-e&ku!EfSXWnGE=@wdAv1ri%nD2#k9dCGu$YgRf2YaI_{0D z>mP~g(%$aht$~#y=%m&fhTBnTDVGOE%H?4yCew}hYv^ssC0lKpak-qGm=!G8~JdknA@d1PbqeaD#I{e zXP`QVEZ!ssW{78~Q?8-YtQ3Y!>mdd)Ky|p~CiMcm5MzHn#+4tSbu*SC_yBW2jKAmz zG%Be6Wfj=v5Yo^p-bRWE$^%sBfbskmJhjw~j#2)x^-cv!$+ae5OE1p=GWPl@4ve&R ze6qCGmRer7$s(DfrfPP`lmkS#z_*e*xLjK3C*QSt#()F0 z;ol?%kIDqu$Cci1TSvPz^rnHVbrOhTWM%g|GvLIK1Vig-WGtyri!c%5bxH*&Qy_5OLB5?wbs zv!z=j5{PsvDz>d(NYiA_Gl5!GQ$wXSJQ%SZmewvKh(ocm@japn<$01KUCPUZF$I;8 z&D|9U9KeTNG1(PoO0j5gu^gb2R#D}NZj%4XlnBJ}iZdj?35*95P^JFLNK;-omy9tv zE*Y8bNN<$<2XNgctr=TT*;*;x|9%SdEvmG#)jE4tabSFNc>})$#VU_U(*1o=1CPA! zZCWhv!jfwUjpu4a;iSm85G0o$&+3HJDuq1y4DZm^iU4GS0A!mfcsg1_0Y>zC^J}ZN zdd@uhQRM+?0|l+xbFf@~)XpR)&E)4p+2uCrow`)|TWcngP0O#vM{OsRXe^iR-etj` zX8Z}^*CIy5Dm;ry;1ME4rU=mJR;JxX5za#T=cWP>aBU|!@B`1yYHnnjNeNK#V#QCF zT>|WCmu)FF8EWSVmg;hAunblsTkWA#TVSLK<3_6_93GbJJ)^R&iRB-?b7=C++F);V z3&nbhVkuN?Cp%FXi`4~xq>OY8{?oWvxiq(SSgJRxvaXh~L3+{Pc2O!@RA%<}s;pbZ zyIDB}{o-Q57e$#fM42@2>6LXWSh-nlTSsNMXs}9@>Z8wknx{ABc9XBAlf-)&kxJE* zbas>JSKU%}@hHbEaW$fn5p=8*48NXMwze-w{!lCK9>E__HmxDWpO3$?e;R+kl)qDA zD?H4cRQ8XhYk>)LtuB~Tw8mnScLbkJ`rlba`A5s;Ws|5aOt+YBx+*WD<`ru#lLHhh zA1x~t_}>|ATmqOan_mKMaIJrmC`2PsE|2W4_~~JJBzUghC9VPg#+`J?Bf)|F6U0?( zv3ze&mwY1*+_&W@VtfMhetBe`JZ4}~^~Ke{Hx*Uin;XCBO8)yH^92L=0~=MTbwHBs z&GXT&_4G%G4Zo*63*>9XZI`Mj|0!^Nqt0cBpA`(>d_KN|)h9XD-*DH>Ir$eCT;z}) z{j}+5;6_q?MQc**`JA-LPbs8=T`1OGjHIA30(EYFbT*gK<3(%ChJDTdHa-3x{%8*f z;2yn0{lg1Al0w6@>tL#L`u9!}CNn->fATVJ_l@2j7JGZ+%fh18VLr$Cnp91495m$g zfnyig#)AH(gdLq$xsj{)jHukmo0TU6OrE}}U2#q#eCRZ=9h4?{gC4~Pso>)izn*%@ z^8ZnL0au?92Ui!836HosW2FGKo?=r@nh*1&?P-hdXF*F7S3mlP)*LAp4?q~i!}y!1 zEp7dmlZ`m()q|t^vu3q+QdrdOg3*e-d^vrkj2!Vo_qFSyLid$QfQkvBoA@fEH)1B9 z(P9zV{}GYBhw8F76;t2iv=MRg^1O>^7m38Ad=h+Km%As&$=$>%ApfsrxqC!hJ%cXd zO^F&3txkJ0vjCQ{{THGB;H9Kxr<_C(Yy;kvt^j*PKu88#q++4YEMK{moBKmR{6ebQ zYKn-wq@_HlE`Ob}r&DY+mb6Jd84zw^_ZKkdU1<=zNLTurV8}wyW)AKu6e5qG4R>M} z1r(k9y{|&;Boho^aralQy=uYf$EmvPA)B|-r3L5me%Xlf%X@I=-BSmRw)dx{Dn8(|%MkU=MUHMlU#{+gK8)@1DLp53s|l=&4-NQv~5%i2ah=9-vms zC3*7LfyLFpl$2PC<+;}4>V>)SD<*PM9rvu}S|Aw7;&+I>#4wt71jYoS@%rAx^@F!_L_5O^H0MDUJRWHG1?}e}jPsL-pRM?*%IlyHr&NFY z#Rr6VzuT)<4C-`r}nDEWT&$sbSWCMO;mnq9&|A zYLT%*?d>E(5&k*&E7KaOOjbqpB(xmR{kbguKF`sol-2aMkXhFcNL7DMHflU5^ZfFc zS>qubkD>8c3?WWhBRpjlaak5eU0`j+MPl3JRT7}9vLMW%?EdII6Su|5kLMrEoi3}z zFGsW-n#ZJ6HN&XoU*@%@mgn1S5jA+KDFBhC7P*wwA}@8M7O|~1g|cGgA=Z!B z^S^G0_JIZxh~%31LoVZSxv(8-oTm{o}mUN2u)4G z56XTb19IJsl+pDg{7aA&Wc9{gq#wDN$l%LfCQfOz5$c`j^ho|GbTDXwdLT;s-6Aw^ zU`)(hmo6s@E8(e$EySr2+0h$Ex=#f8Q)PC!WFW45B);Z>B#GGEl!{m$Yjt8famo{N z@JfrVnhaywYrS&l$qwano!|L3(gQ|L&61?XFb@7jvmwPcw1fJ<`q|0CP@%S>czb*( zVTGrV&puLr0G3izRG6{p;+m_tE)J>aDIBOExK=zxsde)yECvG!86+0F& z-v8h;_&Hze6bYrUh#baw41Beuwq~9ecwVS^SrZYm2z&P;*jK_*RhB7M<9tl*yRtj2 z3Ff`#fvoZn0*_D@Yx1q~G7IMl%d3^YfP;|_i@WfI_Y7^r)^vZAXl(C4nA`TFpg{hZ zUEL)gQcIr#m%W{*?`0Oi`QHiA2$pI*!M* zu`#YfjUMQ-dPBkrW6gR0EAm$J%2SuOK6$(ydF!Uf6D;{|{eH8&b<@g(^42?N{$H23 zE_^Ol-pb7VUy!#xc=lA}t&+zg^463_P1v%B-i3Vs{~LMhoUSL6w{oqJx8B?S-^g2O ztrsMax0>HG%3Ei5`#&vjO+t;f^-dxKZ#N-txtsn6@>b5H|6h`~W^Rn8vp>i-{;>BGUbu&!plv|d3s~cS)k9h`qy%^@-M_X)_pfc%w)P3sKJEwQF|nwB z&ulLrS2PkQP_ZVLGT5cew~Ca>Hd}XW|6$J%N8qyOQ^^Hy0m1Mm_s=!POT{*n>kQY6 zm>iVtc!Sg(aLFCsFGVd~G6f{RC=U44_WgjKx|Dmgm%mdaUVa5$o*Vb_@($mBMeO?( zYlrWTBjvbEo&Z}a7xVT;UJ%mSdDe1Z4>HRcLJAnIC4YA?gSW2H7H46-XP!GS0g%;R zc4uRkk$Go{4*@;;E7pz*6fDcCY&?&E{(wVM}kerSB}3>qDhF_IK^*>~icvp1x@6 z8E7SVdpXFo8_Zhv{G((xrO>vH22--Wd~BBBZ2YJ@m{y#=P2L+CR(CKXeeYuQJ}GJL zpyI%NkSUUEb!unZ;>M(XNlA;p3PS{0yglg?GVIN>@_KN~d#M@b{N40TTDvIQl?PB` zZHlv@mh9awX;iJVPEB^2c9z?G;bd>8a@*UMI)+v>dp`qo#hup- zV>~e8%W47B29Mb!IyG{W=v1xf)D+RFsWJ5FF8qp3&ZkLhz6UkTzYesTzcuu%exFA` z^6zIUE^K>?t`*DQ+9+ZeWS@#=$$uSXvFZ{TD*0W2k@dKq?_bb^Y#M6tatcv##CM<{ z(Fv%liK%Pul^RJk36iR>Jk~sWIIc}dar)|0eFr+#9UyY@9UPJVJ zt4f(#l50oI7NNeSkf$Rj`JzlI;~r?of3VH@;5KltvSvM`xf%s&x*q8GP!LzuBt4^c zbp2leHY8O&Z&?4`qwAlRlr_Qt8a(&915?2OXcjs}7(g(}0H!93n-eib2Q>!ZV+Jra zMcf&O**b{zePDz=eHU|pS-1%f&=2*^(>OqsN6=bLO3F;~{w|&e^oivGUG4c_fWpAA z9&5`2{5lKR4HhsQEWnn&t60{jcwh%pOgunrI&S$hJe-CR!8cc43)X+KW5Y`?ivJux zAH>?bCEKyuqW8$_siuzQHFr2Ur)=_ zj&txRLI{PJE$kyii+`(4T2_ZGo_cHSDS3_TQr)IT(a-*(pXZTJ^HpXWA>JoZ)X zpP%InH-I6$z=J^R8!ZUUl0Onlc^q#PmA`y8*NgHK#pZAj6Tgi~V-7A(P0^O|!8G6J zBhvSzzq=UbJgg%>AtAV0$^Q`ZmoIE@3;yzhk-ub6KCmcDx%WJcr4Uxf>1z-SV5|Ht z7yv*tbcq?jHhItDUzk1y2Of!~kI$Jt-enf>k-R6kRn(L!%Fo-0n$~p06(+@Ug_ZZm zaD~GEhr4$HZ>q}LfRnZ4al9c-07t8V zw9+&2I9`U)nfY{dW*nJsMh7ok6>W;P1^uL;g9W_cl@l^*K`AXD`QNqnImt- zf1aO5n`EDTS!eCF*Is+Awb!aoexD$YA586mAB?R(Hb3CV6f+%>Mx1E5`*+!YSIIIt z%CbO>Cr}~-02MNPIHNAgoNOuMn&D*e4j` z^{X^v-3M4l;HA2w8a6S|~XeLdkg_Z0S|`PSfW=tm3g$DXI7Cp+pY41^zpVHxs+tc_pW#Ui@=+gRR^yD8;_OSZ!WmI6&d zz7eVvJ_@U9$A0Lg?dO?Q1*6IKLfM`#R~BF`A~^6=(ZW(xhBSGp5DYwQ4hvZ^xl78)MPn1?ucmbwm;L(cBJ^+%F#MXOcH! ztYLJN@1@6dJ%>&CpTnO1c8cwFLU=gc_IfWpdQlN(T_n3}H2^2oT}R4yvIO*)e}b}f z@nN|@-2_boAtNr^MEChh%-MFH34B_^25mYSu}!CWN%G_stPi31Q@;4AGhSa++-qHO zqg!rKZKMIAx5J|FP7oB1B@(D?5xAxFc@oVt{CXb6Tv2Ef5z{c8gGKmjc1Od5c<%_` z4~#WPR(C6fxrFM1GTw%N70LY-+R9MSdGaYKE9XoH4C>4DCAbHe-;%;X5W*HMp?W&) zKj`dfZJKEz=EsfZ=?BMXqupe+Pd7c#8;fw4@%ixLg4Loc&;gb#U5H5=rwU z@52P>{*JV03KX2`k%4iSZ!$s`->u!x2~4wgzieYAD8&^YzHFmk@9Df>yKM80A^$Y_ z$5a2%Q{>y$_0|@`lV`)`rC45|C#0d+ufBbRf<_0`en-V+M@l#y2X7{U9GPR)`bYQR zUL_8kJ1&6KPB`jFH+zd%IBu7M6Z1;8MOvigjq4ya|!&-i}Ca$HTOSgC*O@?TE@9k>UHPOtD|g~eK!A&PXep5Kx}u=ti3 z5>H3@k@5Opcao+oER_(uvjgY`oMo*E8)zig`*4)GkShAuJnoK2?tgwO2sx9lctu(v zFH!Mis;*y#Qz}=G6=px^wyt3@SigG(nd~l!R-n+9SkVXh{?-ozN!x}^1FGUyNFXcF zW)PGkP#4>z-!+9tV{RVj>n$6@<4Sgg%P8$9%KV~Cg#KZ=!x-7zcexdvo2fT!VgYkx zs+AN8Ae&vp2w+UvfufRKFpGLKsZYwOd!Zh0v7?t^GAAXO%%R$3mH-U{9CDky-*}U7 zHqC4(k~`?P(V6XxmS=8Ds2i-t!q1cswumxE-^PE@rGW6J5)n(6)dR!}OAlkhtk8TJ&zRA3*KR zL^%O>E6-#k_f`7oZ^DkSPn{ys1VXn;%wmp)HX8+76J2_qm+c=`&;eU^W7k>C<4U!x z?*L(qH8~D`QqobuH?iGnxF5}D1P8ok%Df`gzD+WOw5Gy#)TT^5h;!9~Pi_9re9taN zP|X)&UnKVu=zxfI9^BzvOPD7rb`EQSA}*ilJ(63*H7HP*=PC@ybPa8OPI~i15hIbn zZx}=>egfRBV$3v~BQV2SRUxNMa6}s9iD>}psP`)>lpCs=(M)| z>jTnIYs`t$6MMga{lj|u!HRlfwBCpMne4S4oi5L<7pa!= z3K;=MT?Tb3wsxtW!LMYW0*HNomOcd)UFZmW_0jMi2!SKv}> zm0eCV%a>wdHKas>(BOH$a8Pk`8mgD<3JoI9l%P6-LuLed18$J&&O&L3T1h=Ms-gu4xIMkr$zyN>P;CbHNzF<0T~ zsPF_TylhTb=8^ENFPrgqE_H`W)zk~zM7m8rcq#}vLT%wz(1lK+yVxC`rQ=yJl2IBE z{mH?Iq|ewaM7EXeD%n;)`yl-W7yd^Fv}baYyuEgpH}z;BpkYxD(^HDm%vbFt-n zjQty$F@H^)*nHdKfTq9kTX@oVgHvPJir;*V`Z!~KTHh=zs67b_KOSCMVH(pr5qNk1 zICwjL9=tz#JP1?0iT_1%$6@suTRnWj{m0IeRB@gzt>_URaR|9^ABlN2Ew*(Q?R4_V z06Lvah7Q0|Ko5msI=3&r>(Sb~)Jwmn0}IsQ`_ykK=7xv~KFCl%1K(YWyHn)HqBbXU zo1l8%w>e-zj(`{1&<>V)J5T5UGeDDhi?Bi@xsBo@ajkRFOf1{O(GNAUs; zuap`eoPC8JKAd$fELrYTzsc<@@C~O$7_B+jO|v~i!?{#PD(z$8y-MI+h4AcnaMi5G0 z5K2_x#q-e2WGdufl~cNdEcp3Qia4ar6*3&n?$}f%UEczSGY8z7 zr)FsN!Jvb?^C1P;(qIR%Ix`#K443Z8Y-BZy)Y3z~kwkfp&sU>qbaE&IfCkF=&29pdERl21)w z=yY=KBEz5eMRc>|Pz2r#>wh3i-@mB(bJ7}#s@voi+mZ$oWKO%Z20jxIo^4AyO-D?o z>NMCqebSn(!`X278T|zr4P@Xl8(rr8p_w3xmF94YIG0~NTX*Ksd2uvkE_qfxekCDI zGq%xXb9Nz|FOK9D1&dib*Idion+w;GAS~jzK3Kq6!fOl2u{IT*{c$fXaJs#Vrln%l zQzUv6aqudNUMv)1A_zK)9HNM$0SDDt?13aW)5glAen#59SV0m#`EqJ%IJOItI*vZq znP57i*atW(^r>NH*-2YWgLc{;gwyse2&jYO`3;@7H;VH%8M37{u8BvLX?)uL+~1Y& z`B)sbX=jM!Zoikf<&I+0BpaB;i-!CIG5XSoYjou=NL=I8pGjOtvJJ##h+i#$)!I>f z|Mxfwya*}1XO9?FglSKS57SQ7@hl-sJB{^lc6_Yr?)e$whn#abHsot@Lz+)?$iaz2 z_V|9^9f}P$<);m{GOOqJ>o#6$BsSi`uYM9f%ae@Y$#7K>ruWgl9rzc%|MU$p_`wUMTSW7@O~2YsBQS z33dJ>Rg`IxSP!1T9tyxEE9w5p$l07O!Ym70XZQw4KEv?VBI4Y5(Sda}Mc{}1!{j-g zT4IHylX;vBOktR4sRX?i^UfX4iWLAvd4{&TPNuO$aC6${%Hymf@4OTG(=9p1cxIt7 zm6EBud|n?fpKGTe-X4`)Qz*_3G%dqL@z#_Y*bTeXSJ6KX-X!UkKSNe3mUPE`$x>b` zY3(&hx7{G=?k34slXO8V`_#F;`QhjD6_9A zT!n^3G!9iw97mlO9q0DgIKTRl<2;%v&KB;qtXyGxV4$*rZ(LB;HO;iQ>!xr-xR_B~ zs)45P_4u-#zEIvHJ7^{hTb$)4`T{3w%P#sd4qtj>(S}Fi%QX6OHoiO!2*ao0%Nz9N z6q3KGAH0|4dHT{z>nH9laDMuni*^f%T-D*=lXUKi#@O??}2Ce!r;M zGIC?gjvJRx^aR_#@iW`sAJ<-|_io88gw6|s>ohvEK`|C&t1xU)z=jrOFL0B{|)2e#isW3VuOu6#q3G(?fr}6-h9?KhBk@y6HubQc742|njGHPkVLaB(4ftB z=n+)iSeYcOHBGHK8iKW5bqolJ84Nh!FT&B$=tsGT1KU@NFl(h_-R#h*M^ur<-S~dd zFucZwdT3g!y63QHldr#De0_}S#i&}1`175JM|m<oqj$Tx$;~c1PtiT8B-8sz|yvaFb zv=ARTbtyq4?OpOysQ}h<1)nPA+EPOAJLMEWs&(rdMi(eUhTj^OcO4>`l zb_FgNTTLg2ac+Es(;=TbBX2qVKV(X^w*zLEtm4>}1}8#GgDX&BX>lkD5B0!K^yc5d zfJ(K0#v4mk23xW!oUE)!A)iL6sE)FcIRa18hbypw{0N%uQ~8Yo0yNn^(l$V%q}3Z%By^{ZB)mz{n(CvBK5(ik zhBH89v%~*cyTjb*@He8FZGQcex6@U#`VF@+E)|aOFDoSXH`U!rcjCxc4~6U0NNepb z&tQ9PM62b2WXE6Bw?f#3mALjS68XDQq}oFEJ`|wKj>6Er`0}!u@AIm!l?!yD9X$u9 zrTg9iCxpUH-m^kJoXnf*?qnbsvqv~|64%vgNwrtAw;x-PGB-oHkniaY3Gd)Or~E+} zjVCl=p%EaBs=aVfr=T0#oyyWgkfXZ}~cCmjj;2j#P&=3V=fL zv@Nndvazz_aod>ZKpCn15VRZGio8W{0C!E_W4D0 z!(uS+$MMz5GwAU~2FbFn!O*!>I{}UK0nWexwGCQZsqRdAlx_|U<;_^k$Ve6Y<6^^R zAd3HWHQ&@)p)VS#jwT=c_arX`Wuqd9Z^YjfB2_huLm=1DY9l5s)s3NZox;mc9p9lw zLTB+oZx!827-e=63dc;%^W=ul*9uD-^g{1Yxvqj=)&V-*s9N8p9d~*@RAK>s;0{0} z5P&-6tgX&Sc|H)GBi`D?a~2xU?`Zj-H;kD7NUNe|PctCK+eDFNiHuF=@OlcD#s72`xM6p(n+U ze=wJNM*JWhxQGvqADrf}ZcP_pUx5E!k#&)R*5tWw=6^s7-{7m(9Gf^`K_ zeB*4m2khmILy*6cEzu+Roqagaw4Qb}^{H!6hpXQ$tR1%CZSl)-5s^w zWS{jhb&@@uKe&Pj+ke9xY!NluE=K>Fm^7n|skx3g5*>C0SE7Emf2j8x$nCx1Eb5Th zj!RLflNZhElRx0FLRsVP{U`tROIe`0?Olb+>XhgFy6U%WC|r$5F&IIv3a_I>JqK9A=vD7rjp_s8nb zw}BSD$vYhD`JGpd>$#s=;iiR5W=eep=#!U;vJ_in=-bN+lAxDnlwh`vZx z_ZN|8gd>9X%uRJfdPLo#K9itMe%+_1hxlOn_;Ktw3cv%c(#BzLCEXO{F`tlW$`Gp})7Q=h}6tRoHU^eXHWFEjq?#-a>TYfKG z$Q!x?--g7~YZOknDX8<{XyT7xQ(qmwsXNNvll)7L#kcOJ2UsCK6okhBh}qRF(I1L3e2Ia3{UUC zQ=8mm?2=X~Jh!CU^GPW93sJ=4-Q8&N!1QE`OY0UadDRE(z^Z1?BrZnYErBcZ9b>M{ z!>LM{VpX4QqOBH1l!`|l)#`{$%EzeQGx0Xl)*6>yuISXHHad9)TKFxrLPph+o5A$& zjJ*{&YR7io7`ANJH-@?yY!36mV?qN&s;wrc_j``;+@i&QCT^>&Cu*A%3Fcv-9g@_)M^`o>2bN)n^&< zpH54b|8#27{HNE7{HJJc%zrvHY5vpoZ3DaKKOLVu|0$2Au9)&u@}FY#r2a9<5`_U1 zfPderIQY#v{Eon6EK-M+QlWC{(}N$xUZMDEz~6K+=RP&U{@4_we@QISkeuOl)T6#57ZF@e_%NkRy9wY`XR*#gVtlB(0Vja zEKV2IALHuj`1S|U6|^N2*?J|MZ*dGIvQSUzqvxN$5WP6%>u}OpREYnJZEJ;*uZzz4x1f|uSz ze27F=+tdCYN^k+&1t4^ z=(d+N#L)3zx?50d4c2TpQ>;+z+Pp}2QmnK`uOeK)K1H<#I$?K#5vmco&ot;BG`tK! zCvMqOQ0kQLEhwiy4jnZdLU}U!&>TbzIl3s&f|}~eF@E^s+X1K7fdyhpy>oOl5QqbGI4hFk9l0FpYiwB&Kl| z2LluDBiEJ3&87$+#^Q@pnd12+pjo!n08Pz&5+rW=qk!ZH93wRKPz(fX96`-t1iKl* zf-aUb#PV|CJhw_1d$Z5sdVI726f~G{VO=g%wW|nDs9wp_#--`ib%na+fWTLSXiJKD zP0|0Ec+jeaD$}P?t|>QCS_9QmggP=xY5*Nx)Y;|GCN(Rh6q z0b?$C6*UJb2osQqg)T2AsMR&tc%dJCTDwDWdMsAINLRIrfC=A@FT{#M#T;pX^8;wl z$l+&{RKF2WVBgIAmqDO7bz)SY7!VaEw%c)}dIq(1d4m1#+SSR^Y5&vHGO#y?pe;eT zPqO+*eo~13tN5~&VN&E(#2{#e=(E9S5qCv7{Ad+;2iK;gON<9*wQAE)CM6MRX1Or& ztfI3RT~p|Qa57JbfrK!=A^jCL#&>P6q_~t-6iF03Uf`1>aAKPxT!=&yyQW_?hz6DKDGDX8;m>qokzghR5iQ|Eo79pW%{SbVk+#gz`)9ty^sI zTH?{A6_g1u*Ry3{G-#nZl7lA%>%EMI*ZyE_logf?Pyh#8bR1;nPrw=j3x6XGkK#0sXj$x|ni=j*=FJSuBiV z4O219vXK_Zcp6>k=?dbYU?#W}Ps@ErQ=~f5dSTj%1RLl+rNkp+y?1IJ(G#e5c=X1e zh+XuMTF6g~b1kH*{c0bEsB&gJI3$&+-<5N)OsP-^!AssG(Kz1NA+32UsAfoO6v76U z9EF4qupLuYau|4p-l4pn?Na6S8wLm-Mf|OvEy+ZIIr=_{$=a{pi(w(}&T|D8mO29W zIh;z`#n2yu-8H+E=i5a}7>BZo)`m+Ne&*Zo6Os()52wE=$60n%s(nQ8a9VfNy-mvT z>M=)!SVQhaWSys;G|7gqPz%XM1iH06-@VopgylMtP>qvpsF41I*=%sf5< zZK?*LV)+g5Zd*5ufH=5@f$Y9;30dlrME3QJ zFj(zqHX(9rc#X;%LY~v)1Qrl1=L+tr{cLKF5cf{X9i+Ms$uBo4j~FtpCmxYDt|uO` zcWjS5VhbM8Mb7szAaU#-QS|q*MieCnyLR~DM7-UJW}!axHt-{SD`rrf^cEWwck>5x zVPRAJ?Ipzj1!exzP=A1^zcR7@byWY4qW(RG`g`8w`o6^a=b=8tP{lIYPQkekWXVz=rw@zzFg}iXkR!%{FsmN3cm#Y zpDFuA`tP2cuH2BEZfx1l#gBi3H8B^Tz&}S?|FHDu_n)7ba7w^W#p=DkK>x)F{qw0! zNXhD;U!Z?>itr59&oR*>j4n^Ey{N}A9zK!&3zH}0VwQN#ML!>YzQNEvYXcRlM=t#N z>#N;B|EhuhFZ@O5U)usVh9bvcI6rE=_5km`3x1*Xnuu>9EDC%-c)>5fo`ljwtfvt@ z_McS$%^6N({<%aM!h*I1cqcxr{I6(eJ6KV_iaZ)1C~r6MLGRg*8Ao=O+QeOinLt^7RJt$Jq8&oS_Y@wxuh*lr|VIa!xCX zT=MPg{F|;hNbwXyBQJXwTH5WQu%?WpvrsUdfRP1V=ZnK4yE)E{K=hEoP z29lihV?~z}Gx(v<}31wxV;|fnad!&eo&pjWKB?Zf+*{`-l6MO>_kr>6&@AvwN zBTZV$I%haf3mZ?ySxmOD@o1?&`7ZyX1(LWsu2{asgwlCLyd^CI&HiJJ&Ob%b<5@r{ zEs&H1yL0qe&(cp*oZZXivO7&>M7uLH6 zEbsr$fIf0R5Eoy?QAe>{P#D#T5*AIyZ1>L736XlX`@g<=JY32fj)BKF*C*m}0s%h! zf5rRJ_fv|n=wnJ-VFh8xPIwV*h+9MohYV9Th_!S`ow-D;rF+F$UF6gfBWNdVk((8Z z>Iwo^Rt#^eoz=z6YD&6QLZkF7D+8LD~q3EIrw@ zNNp^hSa#A&HpiA>V$+Iq#L1olx~h{1#K7{!-Kr8nsHgBKLc>Fcan}48b)r=1`w@wn z0zrX?)Sdj~c-!wQBcj_c-*YQ8Ds>*mLyBBS0YXXQi1%Ox|6CP2F<*`Ez~%S+!SomBZzR%4SjdkBOC?Baah*Jem(jqlmVGuaYI!Id1-1 zodG@ZGuqSmGk^_S00Yr>vws zonStsB>lZs^fUVNZ(t7tgDB4&T&!gE`l6qkzsbLWZI#BOpXi^{I+=fg{^uq1FQiqG zuKbz8pPhfoouR(HtLNlX_!r+Y-*>kS3ek6&b-nEf++}qH?#_1wt}k?z?U9zT5g~AE zp1bV7(z3@`7{8~~6{s$D`j4hb4^WUK3XT$&kBHjQ>%fZTEP~TY+QpYht6djSh8t^j zNy#?yxEvU(Uz%n0oa=}*I?GzU-?`*Qif__s_LPSBG7!Z-ZB*xdLig%XdKxD<*F2g! z%~BoZZBM|D`2)^faZkRh?4Y#tcJeDL`&L>;{?FLIEUyd{8yDHgo<6U;e-^_}0`-r8 z|LpGY7lv=t`Aeg^;$sc|zF~J1c<%)9JPI#)-xckXmi}4?`7SzGnqdq$L?*iMNJ{i4 zvf*$H#WCUYUGk0jO_$irzI)0=T)=xWyo2E@=gkwlhkPjJO~!<<(NWawFvF)c;u+?< z_u@!zZyR~~MOr+4@$)G8W*>D(6+vvJ;nzzd;q~umbW$O2o=XwY)pSpPo=YhWE(fP2Q?b5kUf_+D}-H z65f&CcFKPgfG=oy)KzuHaLpH#@(2NVc-*?!YuQ)1CwQqH&It*MgrG90+4 z=S$YBi>0F3tx{2CgH+^R3755}+413ZI%m5S@6#@&rZb$!`Ag)RF6wm2BQA18@OrZ| z9R4ON(bC_Jkc$6J+VA02`5(ua*(UFMQOh0K79O2Xh(JHDanOCbU@nrbb;6Z2+{e+J zo)L8*&FCR`zVNT*o7y7_PT+n}C2tP>$RE?-Nl;qQa}E%v+zKJKW92|oDCbpp0t)}Y z^p~Rkfw#8A`3G{g5W2hW3QPbpMgz|zGn%{uAhkx8ou%za?Jg+@YbM2eR6sq=W`P(R z=j|YoCT)!nJYxAlP#9S)3QM){+preo-bfWWONjZ5?%}tOe`YWv|W?IoKYb_8Vd-*ZNS zbg_0Hp1X@$9R5QY3oa4sTRi{KA5MQmr?-*c8z}81#KtKZa1&{e);zL}Dwe%hJqsp& zr~Gb6+{wK%L%=#I&*2|Wt!N^oTFv`Gs^u##GTwM==w+50@VeKr=7-+$y1ZD&3!byR zMo?5e>I+?zOh&%e8sbAUD7KLO+&}B(xxil15S#A? zS6QPM7Vkz^5gvDDR1Ym_2wz9b2a_-P(M7JvOXd;p=!{X4HB$EsCD)|vnJ@6In@{l}u24#+i@1T=7mFvKM4ucuO`IWm^oLg5 z2i5i=B1M4FANv1;^-aRxvDUZH`TfX`W3TUDnd8^@?~b*;M;vQ?Umd@`wT@|h6BM+* zOA^;MJ34@#NH#UB?UW(LwM`vWH`3a6(%L2gTwB{07}xe`w6^2qvw+Wt&l6eS0&73^ z-#6sgTB6V#M-7JO@557Z$2x;*7t%zw7v(#*7p0xwM`x9EevaW z+@NEv?IexVlcpPatM@TS? zj|*HZa@wpMUrg`T;eu$uQR3$4Mf0d=z6i>dR8eehcHn(`ARO^%>5`D-3`nu8I4{zZ;8&IjzI#XJrFfRR%-=Zz)48JT2aby@;i8jpiF!881l}iaF;y|T&;5)fr{37=owlu zdwzuS<>c%4!8U5KkMh*tpAwFQU%?yGTOB*TwI=DtdZ8#v`O%(S=!rA?(F?rM#ZajP zmD{0sRepp18qCiao}R}dvyugvuW6Zs`ECKsJ8Y4Yoq-uV%G>S$MQhukhVuaGhVB>b zV)AjRh!5y1GkHciA^=4|y1zj^XkOnHB4{2(kWRsON_|(Xhn)_pFTbhf$ANU5`|)$J zh}0C~t~B(;YeEdyT66# zo&Ll5i}KylUw2jybSX2z*RQg=l|g1F4mFVmJWcU#58q((AHKtTjZ1Oh`K9oZ-X!^d zFS>AoNhAt?ky4Z8+&ho*S?{{IF34i5Q$4}X7ZI41s#sXz>}EQCI&SW30cWOA{#8Qj;O zHj~w4ZgmD;XY(&4uyY*BwbpPS!5{q_3muUybOW#-wf@!-xU5raU5?h_kDY-B__zoz zcd{e6I~APS7rWR$h(=H*Po=c6>YW^H$KLK+OO|M0uL;JCz>LM3Qg`xvt>ZoY!jV8a zY*P#R`8(4+ee|$sk=(D(5* z>K^Vxiz~)*lLmBhh%bmjEYX;~@d(h4$9VBM3wrK9sJ)Wj-igqt6WT;PF z;nkgZ^;ghU_>07RG10rC8b;I~AeY45@{Y;_;^I`)Q-y4x+9g}ch7edaKX!%81w%7a zt@~;9zb9GQ>-;=OCTULdQFvlJ9WTERaB0_MUd*y$N}8=uw9-z>F~De>B{_5M9c0Jj zi-1IE3!v)e2s~E4HwXK1yZE(I{L(z!*z_qc7e3s4rv~;tRR?XWi1b8H)wdQ%bP;DX z`E+wN(xi!4KRM~4zTBO-Zzq~~!{0sIG{c4~5B(F%t(u=O*YJM588$Zn#B%dbfOG{!vFG`kU z_Dv9%WZd&uM7gFv4N^G|-aXSAL~ME;{D9J8h^8YV>%?q^H(J?h$=K2iLVPJnJhh9b zLZ=~~cE+BbNl#hhNK|to@|M7rdfylSjU&G#^r~Cpjs^R3Qhcm}=xlb zP zhR9GS-$Kh?134OyB13J;W@|TKqC^<(40O^-uiB@h55Iz@sE#%1R3GCeBL1tft9z&% z8jHF#%xOtS=m*TLh_XP_rVh$xn@+O$r^PX~csHC5N3R?eREwZ`LhTJueVG-GFsk$} zj@8~@V=~6;=%m+I|C*KjeFLIrPHz?s?|Mx5d^H11-hs(S8JA^v&)9m|9lu^?#?oS| z>iREv;#Hb6> zRByhz>PnU}HOOcb?}YFatt32=^X%$5n5}MXdXw`=RK@R8@JVa~^5+Z)=6&iZIdmeN zrRpexlQ{>?y+*PXJ<)r&c|DN%W7bP-p6GDyh|bl&GrP~#pE9+%I$?STr8|t24s~y( zL!B=AiLS^vebh1AmvZ}lKePRN8Ac2pd%a$1A}N&#Fb>PVHTGeQ*HQn3?gbp$^{+U4 zTr{{06uYF*0vYU67p={KkjL7sakrwWLm^ETM@Au9&RCXXaw??Gs4y1qdw`4c6N-0I zvA?NUbQmq(h+^Jf>NULu@5&pK!n0>h44z$&cY|l~14-ezJ~=#>isIsg;*p}bJfV1y zfPQKM^cD^J*~{Xf?*X4@8sI;*JN#?wlEVK?T~hdeQCz_8+2mMwYq))4hF8?aJJ~mUsMJCKuh%;FwHqGB`X6a1FA{cu6CjuOzgyR zsnBkc3ej~ThA6~PIoIO<8TsIclmHb2%-47NdD>1t#-cMm!U{z!hX{UhEV|5Ewd{ZU z#(1yWq=ntF_Yig`oW=~F!|wbR19I4%2Xz16G);M%C=bMYNp%DA_h`qn+fzJuV|zKI zZeOE0{dChm#ykT!N0NgNf0si5yUOZR?lC*$U*r7tf#iQ2;|3lqU@h{iPyB)Zonlii zF}vkYoCiN}n?G<;8lBY9_L7e988LV;Utdm9MvQdHzp_qIvSj@4az>imWd}XiPn1>{ zTx5eT z1;6)8*EU)xd1AnUB#0vg*zhhX? zL5{rm*M2`}-gA?^w!xc$kuCi&>VBbKB6SkoKACNB)WNtx)b+d{-pL*jF%463HWMrB zqgcZvKNqiIdYNnWNvPHD1yPF$Ec{?pe;1<*N8s0*3a?Z0zs*PJ-k9DjvrCx@mD=T` zZY%a)=`1@W`BU+Dg0wmtwkeG*Unopw*AzjLlsNB%gv`!MO+ zieV2_pGXtxwqm%RQIyRPxpCQ*SzBzr!JZQ{W`r-RY@C{eO&j881?m&2hW9sVeTOgQQw+_y#U;0dEAR)*aq&e&)*#^mNlVG5uw@;q6-3^)@WL1kP3<-vJLm#2gX29tG#_Le5AFKs zW2yFXHYyRcrz9oC7ycO~MMjfG)f@wsbBOqQV@q(!PV3lWZ!VryU&4iHtz&yvmvVTHv@K&Zq-EJ?L5~Yc8mb-!PwL;> z=4)()emHYcj@AR&qQ7Kg3y<->M%}%MhHHr@f}*9`=lILHQr#fWJe1d+D zQolC;X0W|OSVI%VXp!h>??+pr!r7kQ_@>VsWA#9KmA?MY zvq6lV=Xg&7Xes>C@@71i{9lXividre3H(a5_^{UTCfle_8nTgubS6-D5%%E56g}TD z8dmg;*nACW(TNt6=9>ndqND-24NiDQ`a4s+ZK0?5fz2BJH6J1cF5L{7?i7rET&mP~GL&CNBjbms(evU1d9}VP;H`R*!{A${#t~)5{+@$D3UO zi$x<)dO17+x1y5d=bH|J(cqr_C5JK#?XS{bq_^a!Bo(b>-v#TnEz^rVB1A`9?C~TtP#F6On4)0kP~r-{3iH;mwWOhA7(e!3*c z8>-e)+fN&?pFVz_wx0&;HZ86=k^S`Q=zh8}kg%UpY}M#C`ce4vL_f}v*r-{ZH@ z*SJ=ngj(Qg{JX_1eVRZ>hctRrDpWnfy&iUQQA6@;NLopDFswN?~~!{dJ|l z@Afp<(q?-H(KBrk*!*3yy(jTNxlyF#pB!BkBmZnz6$X3NjBb%ju~vL{7pKDWIDp*- zsyn(!wZ71JtnUn8Ob?G8!19@{z0m-c1N8uwTJ#$s+lKB#m8e{7)K}<{M-zrs-CBdf zsD3z!+nAn#=yd3p7`F0mH+DF6kck0w!1&>ASEr*mel!jXIyjBVJQ>Cqe%!O;fhppedspneD78YfsdascH!ZkJrBJ zre!lbl!piG;En42VUE%Q^ooav4+@aWljKj*vr9!)J?+uK-aOcCFm<^J|BEu;2 zA>qT&pWGozGxA+Te-LlfuO17_A4$=a z8dXO<=-a@5Ml%07hf<&7yl#&2ALeKFR*@!(a?y3E+y4kOQ(75tp{u>lqf?4K*HAmk zO$=8Y+e)+gGHmikCqY*1QlEgKhl2YA@GvmDjfi~=Y?R*FpfFf0z;v$VprIlnuGamX9P(`bCwmQlEOGH;G&Pe!lG_Q3d6sj7Jg_C~^kIYJP$E`ky4)R@$f z@ApE!_)dgGR3G|%bkAUcIW9MH5BBM)iNpN^UB+9#s*asc8Awt`K`KuY-dn7nd1Cs= z8E&Qv$Ll%9iJX*VBIC~UVm?okmQjjBp3@OY=9Je@xtP=|z^#C8(;pzvpGR%I_lOqo zRBfKb*?WnkQR$F+stZE&y#?hdUZ!V5nj+$aGv^?IXOi5=Rxp6;dud9 z!TIv!G<{D}V`)rXi4h+5WxV1KEGSuWx)Hd)6-A z5h2AUSQz=p-lygI)>Mo@>mvWa81zeHs9g3Kmh;V&KI?~eYy6#zg!?|F@tR0FT1DB7 zyIpYm31GIZI=^wlA^TvP^9`eZP~$fj1J_%sF;SC9-Z3Tc8$RuV5ikd-qIF6;v}|s& zL1hV_9A-UIZCNINyGN?q34sudNUD7zOH74BS(ImcCADN1790-B9VOc;Wcz;so8(u} z$`$AZ{s;b#q5WMW7Tw9e=%M#=m;5}bT{{}hQf(6jkrvgsw^10- zu%B>$`O-3qCq#Wp{&YI?#`@hAO37lVYoyxsCy7q$=1Vk@JP6Kips1qQC{covpX78z zTH+KD)ActF5LZnx<$4D$g?~ovha9W~N>+boFR7N?)5*!15aCh=uUI+|RoLyy-+7W$ z$6*TtA{qs@=#iE!_k&IXm!~>L<~GyU%tonhKP?Wj+tvX0F7n2QS2{#m$v>TAYSU!H zQw;N4LG#-=T3YsfA4Wj4g20U zIuBg{(3|b#KuSq&EMk0&eOt<5r~ij@7R|-D-&PNX^V|`aJSBc?3&#F}yZ-^B9bx6h z59fH#M@L6^paiPwQYU>wOPXf|V?6n9+Ib7;LWQi_{0-0A{GA~0&(P778`J!5bDJ%) zJHC@ZWt#6ZoSOHcc^x%ZJ+>Q$|I}zeTU`11cQVD%=J#v1%1w&?_88g@{(6TB>_fub|)yR4*xbze!df)HAiS zNrU+}YY!l;O9s*csqP28!zYq~1h2*q^$Lr$5s!+?EMib{^9il%Y0w4921TE%^**Qd zfQRLJh2n05-sV{pT8Pq~XMHOeNy4m$OKgfA`Z&q&#T0aJGUUJA2*u&wz)3)9IZ1U_ zfMg*JcG%O*9*bT6C_EIasgON(?j$WLA9ygH>2HE_(P zqxWEt`zHy!+KS5b&~q(`=$>5st-)G;wPv8nJJ#m=;U13^9)-`VQTTT%JX7bc{*YN( zdKt$Bol*z}J|Yt!1Aqk&g3P<7!s!4JJ1xe zK^mx#ciVhNQl+{h%rFJ_X2;_76o*Qe!i?PeaE6APyMz!G$GNwMmQqM&s#s^r)VU-3 zJeuORL-m`jr0cFJ#>?JbD%Jgkha*!XtefP;AlqAnzD_t7hRCT+^!w|KWO#MSo2c6> zTO$!)4ZI~4cVDUQS|9+h&&>&#WqXFS#+Ftk+q2L=U5RLw*4Xn&%n&1J{62hx80E8G zaihc~8#tuS-=;xt+{){Q#a?2u_7ZKH+^20O+Wtwipw011P#%l%iG=#X$&|x@CIGdS z#id(l9STtf8yD15d{A=J5gF$nrV9s&YsF5YiL-dYfhOoC1Q}(Zp4vs?T8cqjTk{|U z;{qtCq}uD!1Z4Dn59_ld)k3lI^=E}I z^e(CPV!qP4iB6atk)_k#XO-hmhP@ocxD=|;AVdKBufz#+z;T~5xvqJu=qJHk2K;;*5<@M5V9H&@B-I|G$ZR|M>Tl`HSU8ut*^op{0PA&v@`(M=!XGSR|>J|sUXP>MLnlj8M+ z5OL@VzQ{&G{zYBtxdBS~%Ur-Izgg}(n(8gZ8@l9YsYspjb;9A9Wh1ri%e@gy3{{uv zhG2F=^YMr73LYDCUFuV!rMvEHh@c`*gjD+;1uWO9geV5~V$^cWdqn@QlQGyTXj~`y z7`cl{Z~#dam{_8bPk~$-qu{h47=p$42MpEAW5eR?|9}hfe8|jI8?ZXSP9!& zMX8P~ve6kH3m8HVag4axZK3VtrHw&OHVm?-J~qfJ6w~3D%XD3R4Dc(^8x}wo7Qm=L zWd_!bj*fu)zgV_#(+=bLC_GmKmBn)97aBhG=y(K@AD!Uz+T~%*P%4e_7RGSO&7lvN zz2u(Z*IjW23!wu|{=h7)47F3c4E^_r*$WAjXXtjbw)HN@@yo|M@8^8jpIvI;d39L;8ted!4SO6# zL6Plf72DsObm_$Hz%qJT%CS!^ulLS@Kb369-e$+rwqtL*{pP9)*?T7q{*NzcT-woS zM|4AnNB(5YgrJTCPjV0CooEsbSqB012dS3DRZ>RrTdJ$Sf|^&}lVooi`w4a!UdE&& z2z|h>Kz(?wqpiJ2Y*43x!vOjwm*C$n_n@siS-` zc+cxdQq@aU`38HYp=w&Ps-;wwE^(+I-yf^G<3J?B9vpP$^YjIWe9PYnJ>fLGkLCnK zRGti(2baXUdGx^X*yJWd?VAo9Z=(KWsD0sq<8iFPhP^aHtDV_n?Qae2edqVb>pN(u z{jcNJe#}t&zVD9*$y`J2smHB-k)if!RGZII;&)&C=F2xcjky(aC_0mr%}KlX*waj& zW1yXu?~cc4BL?#MBWjNYct-vM~K}9h}Hew#ffuhq=5%`*Yci{xMNB5^vL(IZQ_MS{e)K6#<%I+rSJ$Y zr+``kyOmG7_Wt6ui`_w-J3}p9N!Dc6ulR+Qop?MOVcz*XJ+s}r!WWAhVzT+hQ-Trg>qghkW{{iVU+OLU)NdzFZ?F(pS@B@(v~C z(k4m?=b6OK$5g7`S1Cx{(8-ZV_<3=i$#Ab!guFP59Y7KftXX*9FkI8^dbGOTqwfDnu`_ZwfQcLoeRFr*WtZrEm@04qky0-7 zc6^mk*crPFfqxXh2M#rXY24p^P+2GRNB1WRbK>t$w8dYKo2n(v_LV^%-bZB=)x!-p zv~S@RdB44t{?Hs#*h0EC+Mov_JX8Fpz=W7^%Wt_KpjNTm1O`SCQ7Ci^(_6D$1iDdB zleVX3J13YHVZtE^H`_@MK!?{&)RYZR_I&l4TPZc3JCEXNUrz}R!vEbHv8|GXUZ~bqgKpDd=QxJcQrak~awx?0a>G z%}j5(Qd(_a=~#EJ_77Nq|Cu{~?2QYH;SR0zmzAuo!BEz%TW>1Fme=6hR9sI(XJ0T6 z7P2*IHtYq%){(FiK67m5!c$NM5A$LV^LaN5_f9LW$9LgLcVC0t7~GrTJ9Oj1F%*w- zl9J_{q@=ajf@+ri)|Q(p3OB>K(&lR^uBflb9){ha`DT!Zw5I>mD*1}+(>VTTcm#Y( z7oJL9n2O~&s(Uo4rLH_O3b$m;95apA8qX0ZF1o8YakjhRbhP8WS< zIjUq=?rG~dc8hsyP|X8w7D=mHE0nZHCn){#CRr7?Hll+D!p~+N6O-EiX2!vUD!C&2 zG#fV$-wL1Hg~Krpy8ph)(7iyR-uX z`4=^Enl}*@5KR#!yd~oONwpoMT9AY4`}bk%4|9CZP2N6Gn)vtb1d1~4psgA;7op~QCQ&))lpEAuJLv(KO(7rp6w3@lS2x_uUHQ33 zyLCO?b#(up4Cuq|K9i6 zc;9AUedU4Id4*kr=Wwv7E&xGi?Z$Jt6*UXSXZh;w2lTofuQQ<(2i3j>y|UW1T3K2x zLyHc*#lhE!a-D%e1r(gtQFatwCN60Le7R1Vtc)@{<%qke8La4g^}7$r^<<<=rfLVP z2UCLf43|7tRf|-jEX!4dM7mi^$K*inz~mvA3!9vqd)`!#SkjwpA7q~Rn59S>Vq%uQ*fr*UxNyRB1{5ztGtIu1f| zs3@4@gmIj{%(R!lU~F!H`+@g4_~UJjd7K!QZ3)QkdJ^_7Eh2?doI91xrKbyO5wRq27-!$QrKk|X4!mWO${|Ch5pT{ z`~JaqIo^Y55fx^-fXGspxdnB4y>WlPP=FN-t&UWH2uBmnoJy;aq=%wTSJ`f9>3LWW zB5oYq&Cs@y-rn3rIalx6iK$}$Gjv-F{e>d}wbk8L7dxhz4=WS@=I=aZ5yk7;eiLwg zW7<-O8PsyYdi;V1gL1*k_!1uHKMFhRFy3Y_c#=xa#+N_Rm(%d&G5T@}zC1`@z}zmV z!xw|R$FNd_=!Mr}4x}|FSIPZL9scGN0SnydLXUy`D&%(mZpjw>Ce0DZttvi?F070? zALt&H66?dV@Ot#ooK|{`x45{x-cy=Zfj<`XmL7%zs!2qm!^sU!wW@hf4%Dd>Y?={3 zG!dd;)cm-aF!ae+RHHNY_$2`1mYZ!Nzl!K){a0EyhI)(0?XqmMr-~-`T(|tbyXc*T zy)N;M&3NN}AjLBAMvcE?18~XP+;WRs-l~>wC#Fud%`L_`WbYoHHt6RFt~G5W^zfwZ zAuJIodz|qU%x>@V;_ldC0qb!w7;=+<98OU&$Pd7F5Ur$s41c2Nv+z^gu8AOc3lHMj zT|2UuD4v>7{1z4a zo976qqQx&zF#t}#H2H01jUVafGMBssY{V&VCxvmK#CLaw*>k!paE22r5MCNr6l6%X zq&as6(h8c=tRpDyI`KnW)1(Y6k9{Cr%5jv(I!bto+>iBgp))W8ZD(Y7W;r?J$!Kmh z1K#bsJV4Ptz)2}uK8MKw`h~!Sd_jQ%q!hJc1*I;W>bgS>;6fZnzE=qjyIo)3z{7S@1{E~DN6b`&Nx&&z;)68g9-2dHaO3*>47dTACn%s)C^Wdjd2C4 zVL%w7qd|+88;1&b&`P!9N~WRS;Ap+8wR)`Ze~E#|*?YgbeV+(aUq@GlDI#ldcbe1O zm7e5OfUjjU9ozNWxC~P@{APEm zl^$SSV)qH`&lGUF7;UyTTH+)EAn!-9fz;jFK$~J^?`vhDSIKA`E#9CPzY{H{dH?%v zecq=XHO~7(Tz!T$L>EhsasP#rKM=iLpx;Xwk$5lV#<%FwO5)8J3ms4RHW($&`EmDS za^C9UeoW_^dn57k*a_T!c{9oVmp8lLf8m2jAk$xF_DT+aFhjk1Lmy_Hg&V~zCB_$B z`^OhPn|XKe-}#R9fBtsOowL@}ys@#He&pP1qw)LyIWInbf543G=LKv(&KuKwE^`9} z8NP07vx+M*paD4)XRr^L#0 zMEO)M&x)0I-OS|`T;4BM{;4P*pIE+0l#k}}KC$u_MR{>z`5#328HwXA5#<9D>)#^E zt%>E+M0t85JY}NXoQQ{EqCAz$FOHRGit-{Z?;k7QSH_O{!3I-TD6ZxR?Awa<_RqiXs+zL(Gvui-1#G&Y+(<(Z)%$m((v=gJ$GMs3E&M6h7JwtQk z0!aJR|J;;gB0nXOXN*FP;e4=37=on=)EGAhkKo4D89t9=Z4*s@C*4VEQbr`-<=L;ET1=We z3Nt>R1gU?WLBQQhdLtrW(Cr+ZDcSgz40gf1oPS@|>#F;(Xkgd$Bz%y)G5 zsUP1Eqy6hx?oPOmlT@=E$l)MsfxE0t_9-@qY;{I9JCspn(et&_e<D!Rla;Ii+}(xvF%kaZ{oKl> zk%^-Roeaf@XB$-Jr8s<2AOX2Kd>M6}5RVKaN&b6C2Bp9ejof8_$yv5d^8ZS7+5aTB zGRr)1bpJj$_<6SA?eg3>$m*zZ1c14vdBA%(-B;6S@?_aonO%Xo<)Jm0X1u#SNNB>r zS*p#~kqG=U)KoCRH#W0DQYh#Id!@ORX;1}jbROIVso7c7>@@FiMm7PxID^($W5^uJ z`ZC~i47#fRO%#_|y%?2W0Y}wi@pv>K&M)cEZsmI5 zZA7M9{?xP6S=1hOW2#G`vLS~^my%V67cHgtO3-JOHNl5O8H*_am0W}_0pZw@F69oh zee~E8m;869KHaNRa#mCoQ1Yfya)73#UbjF0aj?n9jVBK zS4%@}0~Oyrl>%sF9<})ny>b6=e7`312b=Hk8}|<-WmV=8|5v?&U!~jppO3d?en)+W zd)xe<4Gl{ug3{%4Jo;?BJ#(im_*uGt_xOs;Rvz~)Ryl2PDfeem@~xu%&gMoqPe+_Z zhuq4ju_e3Qa#zCpD`^8A{)SA4k~P#Re}_#m(=)(Pwy*jOoA2HsnQurBJwl#_@^|i{ zx7~HSyu-qyov@OSI0i z_Ug06IQJLwT30NW%#3O*J_Wy`D4lEHgsy)Dc}hY8Z*!XWyXE&lq)z|gj0L&Q_4zm6 zd7Jn4JM!ISR}9J2@~#BzaMYX+2C&Cj*0In{`7qCq9tT)Cuul!HBmTz0P)ES~xm3HG zxL=*Q4&zaZnK!7!*i5ZK8w$GfwL`MExg_3?S44y9%HFl0ad7n6Ez)YsX+zI4ts|X^ za05D@h9eWkJkF{^fh!&P*oaq1R`*&d$6=*REW*MSXWK=O@OcIWD${eE@&RYjM^67+ z-vZsIJN+ATz-kAAT~@;SHWs*TMwL!DK$UDmvwWv~#BF}xGsZAqP6#C+CuiCB)%~Hi z9D@lC5z!PK4d-xvv9fQax(`rtnKBCJ-_3-%5%5?UHKyFx)CwQ0-cXH4nw^pVqr)!! zw~_nfk-X1@w`jdfODRQi@dz)J> z)i&|U#)5tmUwmWB-jIGv5)uyM8kK!LO`|ehnK2CLgvZk5%vpdok!XbOVW; zWpm+r^QhQvRpUws4R=?k$U$Bzf=={(AI{ zP(OU5At4w%HkC4WZ&FWv6>!mppq1aq~{^4D0w8T;caIUQ#5q?5z5w+^)+vOt zE>&KSVMEL-$TO-KS}#~4P6G9f1@)1}!XYoVq92ERG&GUAq8OHCL5DQ4MeFJg?y6C} zn7U$Ry~atj+3A?xjcNEB;IFe#B&=h_=F(Ltn5#87Fg<=cDcd3%O{PXRt&aJM_&PvF zK6V$ih$;;dm9l3|5&l2;SYOQkKWk6e|0gbDXsJ4E)n1xRQxbQY6Z5Cx#+WtrqHiNT z^mI&rAz#fDaW|q^*C7~#fi8U|ndeF6jAV(hw##pW0S+4o2AC0LfFDt*L^Is_#v$x&Qf1V(V^3eFk6g-zaZh(#5vj0l~fL zzReBwR^O-NeVcss4l_G1Y{X+S?GA^lfp7EfdaJydDhdnjRI^?=h5a5j2KV;$eb&pj zxn0!Diq?y3m7=#wWp9ce?9+)cMc#De?Tl$pZ!i&ICc@vq7UKJ`+Vv1a$^x;2byuQ3>J$r9N^&5fCywR3JDRnA77y zYQ<|?X>Ds;YPH2$BU-VU1d;$M0eqnN0IPC_Q3+TfJT$-WTKk-NB>~#o|L1={pX*05 z=j^keYp=cb+H0-7Ru&ZvML!N5yg^#>0}9)BXP>32b8p8^OTKy=I$wno35fAH-U_PF zy#?<0GV)>3&uY80KDL$i8Jzs-e2uPPZ*PSncbl|?U`7|4PVs36A$L?l9XYd3xm9)^rYzaLWy6z$Y+iPe6_ET*vhxEa6g?9B10h)v z#k0dv#$UPxyS=No_irMbuhC0&JGYQCyz=$I4?)9rm^a)CQoo&cD1bivx&;85Y>YS9 zH!&^b9 zL%@?G!IjJz(zPZLur3AvEO_r`1h(vjRA)#A_1t4 z%m=e)^|pr;pMR{m;q#$2KV=#7GdFd9=5{?lnFGw2ADn-OgNk%FKSvpF>;w_~d3AtT zF({2cHG?nE#)h;DlW9K&gJOk)K9;=&Oavh1DEGI{kuppz7`9jb6{qPvPn>Y$v}Rh(<4ohwV^T90YURyB`%(Lv5NnLD6} zTmw+mfK#QHafGRGFFM2-M&ZositftsIX`i3!msnaDs4d)d9iZDvgv}Gwtq5O ziY0F0EmD|bEUvcK_c|gb*as;GVVMF+i%)9>*^mj-k|c#7uY^85@=Drj`g?LUrOrR$ z+jcJq0xcO{Pg_f2{5Q{DP|g0*{dmpl4Wxjoz8Oge73aH(^JC7I-8+y<6R@b7Rp&k> z)NmyD3^7ZWWyG%(_~z}B9*`L*(E|=D75kV_Sa)fgNgqYKecuEm=&F#60cOw(9wBEs z>iD1tvc^~6#rTlt5UCz9zWS8$)u)aROobR94qK&Lx*lI%r}4Ftwy=D&H9k5HTrys` zPy!w}9acmvJ3b*9JQ%qXN1f_0U4KfNG}x=5hd>4(JW2X>$^Q5Z%5@;062uUuc>I z$pw@Tr-P5h!;0j8S9WfLkmgA6cNER~a)BMG^rE979Y3ha1pJ~3vrnZz%7D;G zOpcQ9u^irt4F*PKEo3)ynyNeP%`+7+giZGI3u!x1XTU78;Zc?ekGW~^nAqOBg781-44n zxTqH(xeSVJANWDpn1gd`VHr%)()&ZybttxrVn?uWl+ouJSsU&4ejml-wKP4j6)N96 z^MlwD-qCO#7-QsI3ocU%lbwZH-YhM-h4@Hl+Z8a1Y?0JHQ&#kTY>o6Ote(u`zrv2p z2^s7Hx9a>})?js@z5f>{j1kO_dsq^?U$ceX4T)hqOr|06li3p&nNFG2QPP-$6@7*b z(U2p&MX+G4g1AB=L1s`1nkfSC`rFu<81bC}eVUsuDBjFXK@EgTmegm7&a1^HIxan2 z#qa%8XUyvS)EDy{0q1uCZJHaVe1Hk0X~W&HoZ%2Md_xgtdQ;q12=`c=*}oH*`;&?L zlM`Jcf@8szpiF%y{u#&kHf%SL*qGv?y+Za1p>?UFxrT)#M`t%u=;KlO!R^-K7W~v+ z=BK{tf*rK@DX8I?pQ_K`r;ft^u|vMIuLHllk$R+Upv_CTDM!~|@3eV!-oLOM(L-YY zc>7ASgGAkFF(!%oVSDrHiXlwwT`TuTv#YO!+>ppcYJBzMjGeI%$>EIL=x`yY+WC9t z$+QNfeQTx7f6n65YLQ^>`J?sry7l=s`}1-uA;1a8me()`*Cr3~o3rvd-z1{(&w3UM z^0PN$7r+E3#a@D|>Y6rDFb$Axic}e$b)u|ik>71sgdKCnDB2pbZll!;T@2}o+odJs z1KhHA?d{WA_ylz@^#qx=#-Hi>nDO^c=cDZz>`*#4)QMTJ@TrRhA@C_G&PUbf0g;Y# zJ!~^i9FvH*Y9oyhr-KjovZ$0eh%=t;cD~Z*svX>R+nm0Mt<##PZRW<6m?yKV`H^ii zBAy>bgX-uyv8|Rv99wD9G~guPE_e@X8hUj(4HV)w@$&pJPkWi`yTf8XlIOj7spq|U zU7q*4p-=XC?_Z!#v0gIfz#RR1!2ipx z;16x~RA{p;_Rt)+LT10hKERIAh(R`j12Hkko8sEm{*4_-_qQ z*jbZZ63p9%jCTe5kZSukc@%fWj$?OLjNHjlq&~60Dz{;VcSuX_VJ9nFXl5mG)_?*y zb!LB(I0rskN_hcOb@wJ!PF=Aw@x{3PRr4Yy&tFNC`-%X zia(J4`INNJeaRzf>gPjJ>gQYIL(@NRPy5_Een$G|*U~;i*F3_uE(@D%Q+65L$7u~vsZoY)s7FLXS&i~3)@SV;HXTtu`()Q z40zCd4H~cbFGZNTLuNl%&eqH~9o4Xf^|!^BXf2mJw(TM9*PagP;WJSl#T{00bJA`i zGvI8%#5I_A{PCNPScP!TVG5~=pe%>L?KGyM9oAN9k30PUT*2Nc~O+)#3U`wb5x(qV|6&7k;i~LdSbv!Bx^Jhaef=Hs*k!- zn4bKvSs$U1Du2c{mjnH}T;&TpPfBO&^PNrR0Rnf}I}vN8=!K-bRr-gkCJzJj0~ zEZss@FfQOsY_ecxKD>(6eWvd>mVy7Qp{$^K3P0l3+o2VL*ml3)5wh*Tez&djerKB7 zf0ef1vA^dc%U3ZtH8PK76X2}bL!_6RwWtu(NB8vb)a<&}Q?sdtFL#?{qC(F z*5=K5ExF;%hI1=yJcSFo6_Pw538b7T=Wh4`Shaqp=hH_inz6!d<+)-Z!OHB<@Dy2T0r|y+|PdYaQrhM>&aQr$Y8b8N-?>BdOi}#I`ULJ5=m0zp)o}O-^rz2?R2*h_gzRlI5 zb5@7i@0@)RR&g|zB?cCarWW~zgr8;Qx$*kBw#Nv~YLXlF-H zE8uwi(x$A7gkCO@8axv=+NTa{@?~X}R1Is+$tt;6iGFo0tSqu)4eVBNT%m_dM2n0c zZ^Tj~tA}0<;q~6XzkxTOdJ}}9O+N5BCRzmy4}4B$6fm%KZd5{BKr^!!$3>uzYbl>?gt z&i7GHIRHDgw^5ECHp8?m;M}EzHiLFOze(8|<1GJx@P)JBp%o%KCDaOu`1AG3R&#&U zgAs29rQ3wxdT;2vlcdl&WYzM@;LF5+Doi>L?37nqua_Bp9`lvIFNMcq)ErI4#y?g1 z^Cu*hYMlM8uRJC_{4vP4x6TQpf?JW*JLQwy&HwC(#s`4Bhfr#HeQ~4L`3bZ=2e$cO zwm8^7Wz!2&zse?f$xm9~s=tN6HB^8rpn+s>0JvZl^QizA9sn*ygOKtq0+;qa7HLg% zD2D$oKqVh|S9N}j0`h?`6zv^`?-vZGwE^ds7M$K-IJGl)-b;Z~dpeu|BNAb~L2wEk z&Z6)=u#pVya7vFyJq55XY`|bueQIHmPrs{haC~Oy@HNsB)@e1@6P%zS-?~FS(5i$R zli8#&Stc=<;-39vbSZ_GP#Nxd8ho+350F^6$%5|!Wb?e_#4*gTeaSWQwaQ(JwiW9g zGI`LnU7%^%rTa^_E9F~f&tMT&%K2!sF}Od&1ZB1uIduv$4>tz%HwHg;;A5Yo$p>4X z$Ll=>>-@DHB=;?7Vr19_8!*v^oM?l5w`%LX+5t2)=eM5PuY!F5TR^10<8yEzfRr9D z)l)@I0(~@wHgb9yIW^c&$EEbg?tQBgH7Se3XPjQ+J+R&H*y;g~#qD=M7;HCbAgCh)!wJ_P^ulJ+-iG zXs+}V4DwAZ?pQ8!O^G=?*O~xfuPFU_55a#O!ynkzkqY;ynI-?N@!O(XA8q)yNG22_ z2mx7X!^uJdyWNOomF`!{H_kqXz;2~ScW2$(@RZM4A8NnUBmJa_B~t)H+*P`rN4Hf# zo$S2?6ahj401ltC11a{SP>5JG#D<~`uC9vC*+eh~1iirA(4kyv8h`;&Yc8m0dP0uVavPC+bepgE({n`iI-`wmF>F+bT zy^rzt71sn79ejLNgA5^J;zOU+97So-!HQ8vKWWMD6CX|x7bzAU{IFjvOIort@u4?I zOUH-ytmTe5^VnyH46WAspADIFuekV*H*9KiCJIZ4MTZwY@uXwUSoYzBw`+$GU7(0_P8N(z=^~EXrFC}!>^Oj%a!8$MJ z;;Lp}uH)j8fb&~yRavoYsORW~~4}|y6Bcb(0!mC3J zE#(MCO_c&ow5$K6#9Xt21-OdyTh$4RE*SXiHecQk26YaRtWbwDcy>)=$*{<+7dg=A zMb5h+xU(uW(ZGU{VEW<}qm7}Lpzjz0(DQwBHYy+s+KZgSB0j6&#ZA7eop-~2^%4ri zNSE1`3U5C9*zTdpaS_CUEWcHY_bS*iq0YH;b{R|>r)(ki1{i&g&lpzXi#YDxa#t~3 zQ`$9!7?D1ssx+uOqhDVuhnli6kl1THg$H{{iy!5)*1*>j8C@dZTUnIv@kG0P08xwg zjW+tAdr`D~=+4-CVzU? zOSL>l{M4?$eX%52&CgIxd`yy!PtQqQft~Yd%2}u@Ii2czcX+bCXOS!6_d@vj!-FhN z&6J%k{qt=GRw%qeCr7m1x#`m1eAQuBIzO#aDj5F*k{45tDDMh-7>kF$(!&TmY@~;) z@$dmX48}ujinyEKx1Ao&!h>{=xSQYiTzbH%y6@HW&=U{i?#XNri5=|Y1KsD#L3Cxw z7)P4XsCjp(xbQr;QAoV#K1h__V;7WW+`k(J+x7;zV~2H~W4BQxD;rl>fCEzzH$eU! z9-ArdMbRCpcX{~KAc2y5L)W4NOs%_AkWBjuCy1U7tfZdO$xFp&k9oz}c@zTBwTfi3 zGj40Fc?b;!G4g?ruqP$q6=1Kq07tM|*nG3d1^Mjwh_Lf);+QR9ciY{wO36xjm~4#c z5ZdGv{-9>)$rpnQs6JPv;F9Io=^BFZc>W6)ThT`zAxxprW{=m$vr6l09&|aRcGB!o96vXMoR6~Pw`H<`8q|pO=FBrC6snLz<&J8Irdsg*6MVm^ z@fE7>&0Lt=K^^8!Y3>U;RkfW5PHP6E@d{3YSuY z;sh?NFe$ew|A-_8Y0aeC1Cps>bY~9e#otkUls>>YM)x_{zt#8WX8Ow#8z(r2>N#YT zAk~tZ3QyTmm<;4VcR-W>?yYG*)hj(#@2%gF>vd6R&FNCOgFJB5UFYmNLzNV!vjeD9 zmT}$RYYv?%J=ReFX|8KS%^`ehBnMJkV&qz=+a~S~&hNhZnZZf;nAP1!sCBQ)?xyF# zbMY~!i;uiXP;sf2T%-G>I;YpDNcP?5YN$C>4PzVRlj^pF4&5b%5Akz%y}Vlrzb`U$ z)6+YoFmWK=_ZEUZy3r0W<_It*Kew={CGz~2R6B!i`%H6o*Xb$MbGXBEq_A?-4*yUJ zle@8_fL03k6#dEW+#lf`wSAgYOImogcX4D0eghp zpHdRNN#D@xkF3{fNQp_kTG`go-@Z5Qse@!~OZ5fTwefb-SPa|c(`Bviy?YU@oq)?QEu!@?jR&}1J5KsHjc(n@3i@s#3TK;WO({34>@2JIO!IXQkh$#Va7X%{NV52>@RX6kt$RpK_ zm^?JQ`mCW@uvHH=LA}|dP3~|7^GI`G3w&eOpJpcQ{S!hsD-__OFI&@ZZpyX}+L-?| zwR0EqY3!?`oTI4B2QEzX(4a2nK}iB%jy4{*H6DLiH-p&|qQUrG7|h8S40PW9HXcbY zh^pJnWv7~K!MWeXk;HXghS=d!WQICcC!Smx+gyy-<3dWJ>wi5@&2ZiRjb7r1~#C&^^Kw8~P z3_q5K(KQNwV(Fa;{|Wb=m$s!^_s3o7aqZ|wxCm=znUNW0Ay?b6)T)h1vLo<5Vwj(F;@*X0EaR=xn$iMg?Z|!p=?uwh5;J=(>Gj5nxVn8US`O zw`>w$=m)ebSCU%31ll;dRVr3Q?&e9!OZivh8487W`NuDbOZlrP_5%sS6a$C6f2#{G z-Ja}%Iq5(zYClXD0)?jn_5j-^<@HeYfN77v`ZS~BBVzAM*M|<#Qf$Fl-HDlnSl^GO z7?hy1g9({fb?3xO@#?W(PomJ&yb6(;Z>3iEQ|wh}>I=m+m_=)8mV|qP=G&8yxa@X@ z#2dG#LgIIeg^tbBrGLlH-U-fKnC>3(=>8!)m;YkHzfvAryvwcdtzG(;w0zV8^N3bi zC&$S#?`5Qk6S_2voc(W+=L;kE#(CmsNXNv}EZB%6wSC;4kme{urlbmSG$b#0II#Zp ztWK^bt^Fop`o8GPW$Ek0WqZj0B1pCW#XC-5C3c`yuZ|Tvgm?7<0?$ZxhL^jNeR%k{ z+1`(3>R`j{(4Po8^u4aCVYFr*_{T$>p*s2;=&qW~^?r=R8WhC<| z%>Ui6O}yK*QQxj@+aOWf9|W$iv~b;f+Lz>gx3$Zvx~S&ITurcwJ48J>&T==2au=h? zFD7O{p!3i#;M~>IfM%<0G+Sk%*}{i*cdX)2xr7D&Rp6$cp&E_(+q|y`PcD3|>AWIX zpc=VP^0!KIKw^$N=;m8xPaSfzM+lnA)N2b}w3dg~O6%jBk9{A)UKgFJc%)uXpd8RxRNk@NM&0P z%Bj8PSzlpWYV~TLc%fYPY9D%QKD*Xi^F|F7g9sa^^*PsjYc@f_I?;?@kmApq>-R;5 zx_yzm+z`MtWF?!RD5-oHU>&}5&fB&u=6&;y<&fXid$o_CuI%H5G9Q)KEIQ0r`)>2r zyt#uLx-yf$O0;(&+Jm;A8nv|jcBAvt8qJ!s$=3eAZ+`VS8vR=oLd}2ltl8M+t@#|y zzFEW2x{&E>5?;Q@RI2_VcNVpgEnJR?HfElYtUsIT7gkz(O@r%a`#x+g>?K_5VR;(| zinrMoYf0P8ZtOYf3U8Z@ex`+fW9J>+Sv&rd>b%5@p9H?4KlniK;!b8Aa${R0v!gMc z{ym+Qq<>QJOBA3N%pP%P;$rH2?ykFK>j_B1@5cA0y2Jbs-W_yqQv=`~1GDIZTocr!!)_##Z9XpX8tL z)BIzs#7`u=ick5&9*Be+IC%w$4oNzR@$j8>ZOvqnf-NLW2P}%olNToGqpYo%E51<# zwi+(KCL&T~q%6auJ}jt(*N8^uMZ!^fdU@E4DvbpqfSphtgo$+O57Svs3%BFBDNGS( zozlw>lMyDef5&w^Oqzg5xI>f`$2M3SlV+a+&ZxTWPU4XHhp?NX*Fm4o)L<{mpmK9Q zDkco1i(mP3h{b5+D1e{voMsC~d^oYRpro_hoD;Ihc5^hjywO(d5FjC1lj;V_+6!8( zUwdz86O4O4825s7#{H}&|M_6t%ZPEWYW5GMY$Z;Z>C$&3T%MKHWH7)#weL6X~`>6F~dX$~bfPnT3YafVb}IY}xGR7k~sPgA%j zx=DTqR$r z7mpQqq)Ec#Bs}Je#~FAmN&`Y!5Ay0Hc6J5|m z7mCn!5ujBBs1*Tvd7?{s26rcKId>&*1$U!Jw4EncaSYYm*?Q6>mOOR0zw(tUa_J4X4MH4I5QH->3RGD!NMR(dfn=?AEw z`{qgARR6}&`3Y4&A2b^31+N>{D(VII=S#KXPV@Dk2>!OQMviBUF|+}Of>8MFfC#?O zrG(bHz%>oF?GH!;%bJe+(XgITFZlILi z9Dlz%?R?bbehSIq1u!e+z1h{>E-G9TvkpS&srv3?G$LUyTSXX@Q0RsQ8d9$72K-fEm94|gY3{AK2j*6*Y^DtyNG$DP@Gb% zWW2L?IHT`Xw}^ht#dAOFc?NkLhnBJLSLE2t(lbV_=L)hp148tD+Dd@fw{Nxe42=y5 z7Mp9C8R%nc;Mg334qkmT{QIB9ZkqcR-<)*17&RZw7w*|uDA~1r9chwC17%)@bAhTa z$PbW<+BznS=LUeR?kcY|J*TirdawQfIV0cx6fyk|QD<+3k&97XSQ4L*@*hQQ(gkZ($x+o72Xq&1gT z0Rf*+<2R`{eh2kNS+ur>O@!CEuco`m)t?<`jn|05?B7SHkginX32%OB^Sy}YbWv2G z!Xx4U3VrQ(YZ_^~1^*zX^NY&lbiP`dF`WWW#B>HL)29yxk88vVBMCWhqip*lacvMWKI_=q{z27$@=|RW;f-N5V%-1X1n6OmqGqp(XIS< znh?CfR2s5~9|-Hd0W}H1TT)j2#eFG^cACLxm+)v2RtPY1);$#Tx()he1`S^`G3lyL zHN=4;(RhKp+?i*;0dpmorjQ_z%5k60K%a8ar}~7CmUaQC*f^_41hj7DF-+yqT%fJ` zZ0Z%=Iq3rvubsJaHq<1mHlj(`Z~*#4f^ESa$BZAs^O5M>$(=iAu9=#ld4XuOlZTs7 zdA1c-NMA&E>1l$=*G*73DmEgNXx?!K5QFtb%g9$6CJ+6GcvN3nLa)(Jvqih6f;MGi zsZ51F+PMpbmKJbepY_#O%lZ>V{7eU@=%+bWk&~#1{)ET+M3t81rd9gSdnw1#306g? zA@`(|itKD}B3tO1EROrsW{zq=YoE{)^b zEX*mYq4>ck5=nTJNAU`tS;)aX@2Y>+aF?ZKJj!@Ns~H^V03?3`66Uznvgzkn;tBhM zC+wFzyPo8vvupZ(B4jnB<+_P{-%GU*^Cofy4vg`4F0O8F<%Q^p#F3&-kHzo0wB z)mM$yhkg<7%lraZ9i`*V>hom1Cn5PBZZXF3Aal%)_$L|i2N=qIVSBUs4Q=yDBzs{B z$jhVbxEvLoBkTP#MEeQ35pNH%MN`s*Nn+1Pj`=JHjoH@Y^k=IGnm-aX#QZ4B0I^gN zT~MT6Ol@fGf-o^b0%8T)JIPa!T<+fi{SwnBOz!<9<`XkxbTK5plgXFvaitPWPdafT zEkx|4$rgFC6eiv2ONgS(2Su5PMj;0Xwu3GjeQpt<;P#qlQoB%6l^+h8N$0vp(Z4W- zO7!sL&OJ0wvwCJ}OSwl*as6C7_#W> zO8!7`Iv}(e!7pPhmu|63GYUOy7vg-z2v>}5#}UiLk@sNeY5oIL{Z%^4Cvn}%M4cQ{ z!f5?9#?LlaDL&tNQ&)*r#|GJTVh)nDLNG5lBL#NQdDptCTwN*X0~){IZH{v}$Kgp~z{t$r990;TYV_YdvzZO}LL=m;y%&acP zdM4FDymq|I0zJu7ZLpgicM>NtqQJ&*>^SzP&+zHh8OhobD`g`-92LJY^akNUu=kuR zfnmQ092bU}Gf}aP(e%yC>yK<-@#F8XTgE@-$2fS0_reyAl9%N4VMaVD6itJ(}w>mN~wb7&V&)vf3x>f&i_$>HgXZYOn!=u3` zW4u@YFlD@i=vKw&q*Riw|Lkn6b2iS2myad{?(-wr zxw&JfBAil6wQmx0g;wJwiXjs_-%b)F^TRFKj`%btVr06V$o>l}yX@Q|R#^OAB~%Zo zQ#4+v7&Bb>hK%d02PoF=aDufEZ<$2A?p|RO77IWQk=EW+v?n$daY!i_cl&!~Z~~&V zgu1LARYQS~Y7!h({6pL9>}c~@lG@a%T{dMtdwciucRc0qNh#mme%5Bzo=f{#uuT|e zUF~w@IfA2!fYN414vt@aI(;Rbh-z&|qMYg1oikY^&b)1R2Vav8wF`8B2?Qa-$rQCj zVPuHN&S=L@>pV)$5{1SlkV^c;c|g#Av)Z4a|1WT)=R04u&c9;MtA3Fz3WtL$am8(4T}6q3Qx_tC4DlamIeu_M4M( zzp6`mV5Xd>YpnD14)f_(QV4>1yyt0}f0sS~ZJowo-ZSxEppREiJO+Ktz=FQWZ}Ctr zlYAp43wPgNExKqmVHqP?PcsHpa6H!>hLl7(i8sJ?)$==u=<8ETZfGoSFP0WKr%sFDhan>*7f2*zfRh>Im(Y1)J&Ab^6DEjQlioSp?3@>5W zxNUkBYOLrEJ_R>f@JSdNrpr6cjtNxt6D*7-r!tDZl;pk%^S;I5{T`*Xwbn&>Jl9^Q#*L<{&hQnKfN(U&eQe!%cu`c8)GJ!?ikU6#PnGFVCodN)+q-{h2UJNVm!z@83@us3TG zDmh0%N)A$Wr{wrZ zHbQg*fvo=DN9oe2qju>+yGth}x9O$e&Z>#daUB z$><}2@cfFj^K+N+Hi#_!x~(g+1UY|fY^U)h;%8*gm)FN;(ibaUhHzfhSx#(>wdBO9 zKrOf}7DRd%`t4Fnxm8{0r-)@(|D*Ii`<0HS)b&x0vTFG^LF~UbGN4XNBQ8m;wtH-6 zt#;S(X<3{r3mNjWW@ou-(-=#JoTSx)q(6@jUCd{KK4;XkpmROuJ!4W~YQvLaAp)Eu z`Q9N(#4W4{o)^EYtAkbHm~KV8y~cDQ+Ql5~4PXws)(^4D;r_2PPkt7{tVY3Z@FhLF zxiruz-b%WD&)Vc;cOxTb5r(=1A`yFWMvJdX+SB*9Z}*2$%0d`=P}0|w^lLlG!x0)Q zkXFx6llTUq*qm?(eE_@iLv+pJR}AM^32~|Nvjwt$S8Ka`BO3?7fRb1$p;Q)Y>`V_Rh-^n=7WAf>@%_ryPH-RGdK}ayi>*x|=C@Iw{D|K3 zhpw^z`ak?1g@2lTS<>Hz@j4&zV2Co|Z=~Z`O#Wnq3`CdGElbQRM)H|(LdvPJBK_1j zfO9OKoMKbFlwQpE0h~EQ-*;5gVR4Krc*?6}ZlA_I+u6kcunzdZo>dSd|3@ zLO!M6=7v}*A;0VPB5VyRCHdNjd?7l~$G9`bbsKVEcQ3J|3S){=Ml_7RQO5^~j-UGK zgv>pioUEK?^_*VF-;3Q_V~pF}LkAnG;s>IN{8v|XW(z*>TNUug*|=9>4>+o>i0JZi$w~Hkx$NPncp)FG`wX-(Hk3#kR7W6)@z@ zbi!)ebJIQh%Snu2*EKw)t`j@gm6NE8;%=Xp*{jRZtJM1K{;%tl^MsWCQ$2Q@zdWx~ zo6Gie+y9VN|J|MH|KqM?{eMoW|Ju&=mvmo$O?fugpWCVa(JA#$PpSWtb34`F`gQm9 z&&wALJacYl1G~RSHgIuD0}DDgFuijF;=bic=Oyl2{v6e%tUsI^R3pcsgj)K7$e@Y+ zs1|z6BlIKrU|L0?Ok;Q3r4p`-7k#-h-3J1RT)mpeX-+} ziiCHi;a)4;@4YDF*T>3U>E*GiqTg8JmE1k?Z!9?{xv{`6)r}k@Vd*3UKjpH7u^*Fl6yjlRJ=l5f~iCe zfl1a?C~5=w**A#J&_WMc%quQ+Rd`u3X)X@XCAOf9GaFq3q$_GPdvq`E%ijWws}f*5 za;` zu~fMl?zcG?A|(4g)gN~H{gsSZs%toZFw=v!n1-f3bZ%$7G|z_$B>w(U{Bd)AsbWUm zpy@UDUb8zfy{V0)?PqCMYZiS;uE*>(0`~8v3VLr2%RLioWk(NjH>q%;hVZt8&Ex zLN@9Fn8*F!ptMVrHhYLr{=OI5c-@y%PG~Db*6=wGzL( z$kR--pFl;w!uedYpNyX!&Hl-htaGn4|5Q&Tc)u@l_e}hok?MNH8pvgG^KcS=aL^Ph zZB_viNwCS+?d?PeVusr-=G%$js)q}vy4g>?qr?}*DXEQbYUz*UGEfbJu6L-~AysFX zoBGdtJ3?zH@hmC4gvG;aiYSZzdXqJK~OdI(yy6L;5qgv2e1Dvr7O|Ta{|uKWqk$BlWe@Wh?irC`Wy+L z%QG3Gs8o^gd3agnEQQQ%&wkao{8Z3#vf=hv`cp;+sOYXIL1L9O-MdcS9Q7ZH^;^I+n2ZZ5OdjqIiw-eTwdOrLVtcK)y^ija4(O5D%2q7aaEf4biIe> z%?IMG;%kYFgY?M){{1k^Os?VN>%Ql{X zMf@~A^pwJ9Wedyn&|0@17MYD(bH%Akaw{0i^y^MX)0J<47}B{aT#v7kJMe~-XM9MH zMS*&$*l6WcPC*U-q_;ffbbyAxpaQCDp%YY{a_BrNP|zZpOg-Ep-tzHAT5HDS_-X8- zLrA2Qq`8*4^(xvAIFCGp%b>(cf=4YmUBLu-Skg;UW|2#`+QF&Jdl5caJ>j(M)o+25gGPaAC&LzzbDPP%fkS&RN6H)S;w@(R z$H|tJKQav4Qif@E9_BY?G{3y2X{#0UTa=0#m>-(Dpui<0bcB{$D>C)w&JluJnq2bB=Oj$ zhiBkP^P{{UD=#co9_mP0ePDOEkN(pWlQw)VUi;v8vhF{k4WFR<9oq0)p}oNVGkg-h zeTi?FO#g@YEkk=;Z{F}CEL^TFWdV;SGBCW4ET*`5xa%yjV>6;AmT;HzWYf=-`LV1} z?71m1&-kgBn{CN;Ak|V-k*?RmTUTH?Jwtb{^;;@b{RVRPkS#6!hTT1ko`jv9YR03R zyf&;S{|-v%Ao+4QsOqx{{H5!KFNdh*%i%3mf3O7mb$}g2G=XAM>H(yB{H33X)U{UX zu88p%dK6jy6a4i>!jCigT|qOXYRl&`JPd36HIy+N5m@#>B>Xe6)A5F<4<{E8Wn9eg zh!k=GA&YgL4R|xMsM<>v;ww3Un7}E&og`Ao3B+XLOoj)w@N&`2yh!+`^z`y@assgo zk95_je3UWtD~Di3fB5ra!G)4gXV&G+h}uX~`yy=#q3?2L<(F=WX~<;pX8buuQ6N-p zHw9S*a^yCBexied;7#wV=AY`QlBH?yLNd1n!n)~ajG`22`Z+TT@*P#n@MKm=|BO{h zZ|}x)Ta`5H-2x=+#lwC)y!|c4JGcc8-{7IT1(KU6cG=6fZ+|*E02|kkInHdgyQz6$0CYTAD2XoavaiU|H zCU1tTDLj(A%{GNcFneRM<2E?cAt*xJ%V$xtl2{G0FCV)f_`l5BwGMqsXE)*d#zp-F_E-u{rqLE&5^# z`r_Y4#09@C_|2zQR%_YX=p3RfE^8DCM+5X?zWXIn0PdoYCngn&I&a$M+DmsQHW>4n z_U$$AdVs zQEx~FgyV;T%W=?q0AJ>aFKy@8UwY7&N#qiuDSRcN6rTpkIm^^id>H|(rIDogJRV2s z7mEZ!B6Bz;oB<+3JXBhKLKd^Il+To@{vr~$9?PsV9C!}la)M{!j^7;5Ec7WQ<@R*p zI-)EM1R3YoZrjtD`(uPTIelR<>v2!>u8#EN|5LG|_E*^-k>x4BM2fqq7QmR0N)716d~)5cj-!@3&haPUE$B);lmc2qXVNm|VuArJ ztN%!QHEXEnj^N4N54ke|d}kL92i-MZ^)I&1L#c*Lk2w;sxo5z{j6A#$?~-VjUd)Tu z?&`MP<6oc0paHInx}^cfwO$05RnD^oE2?xuA12}EIS(dneO{t`!R=iypW~u$ENJ)( znGYS6%9mWYySqjDudL6bHSy*J-8GSB?{j^i&v?g-k(f&qPnz>sf9)E+07W29mjkf3xubf z-~F5&*LZmhi9vm0jWYe_`rCTaZv5Y!uj3q#Qv5#~j}ZjhyVu-z3&bq=-QCRBs_0^h z2hRQv(nD}SFTL>};79EJiDbSGSZrF`{VVm|)!luI|0()<-?{%|`YL4DLeui~--%J= z_ijjE(q5B|Rg|PBBRT2C$V+aFMBJ7P^M|DW`W@-MgeQ>tL#i7#6QZqQv!uG4=s_Vt z*Y(x-a})iUIoVtDeRj}|$NRU;sI1DIeR^UXLk6+jwlb4*Clki)h&zzz^FjbpB zRtu`}i%=jdnCq>}ik~Ix^I)ldzsRi3&lksJI=CX0i+XDgWkEBz9sjoYCEr$`R(YYf zrk&E(<6k|}qCU-EGBgXFX+(lo^3`kpGV-7~G#hE&2Yiyh9$5xcM0kJ-Kx-x0POvA1 znE}$PTA-fd&EW`7Y2E@w+o)>()pF=63M8kZ1+NI7CHZb@B+k^Q_Sf)rZZft(Sb>8JZuKOxrh9NuRVrFTA-*isRqH z%BNB0{)qoZ-LLAEW3|eWn%@VDP*=uf0ayBEfvQ*e1mO}Vd-?(5%JhrVD=>_1?P)S5 zIIx-y{%lIB$uRq&(9f{DC3{*;E+evxU$Ux(bXvAJ7A;CO?QW6%lzM4#|Yl)`bD#{jjV12euDz3=Z-S%_$tKQw$?=w@(2&=pH82 zD>_g?^A?C3rCyBHkFk2`Ml{BX+0*?Pt5@7W)V$<23}f}u?JA7bi?RAKRxiftA0P2T zvg*^kQ*{4G%{x{1dm>(p)qi8ed%x~4i+E@1{*s7ymhQhW;4eI`(5$`7K&%N&c6Op)`+Utcf zK)0Fu@{y|n8KO{zLB3ZF!QAxRm0Y?VX$xwE8f{dcNQB@{_W^h!VC^%tko1n}VH!yP zy%_Q*2S~xI>|y0dfhE@ZU6wFhfW%vFX42i{aY3$hP_I0q$-T4+$ecZHHg6~j?0_{v zKGaVTATgE_R+fpP9u8E}oiDqcfiwrhxx_)}ZP zirwZKG8RZy6(N1Us4c>FQCwk!R8Ur(^@%!LQtMpLb-p3$Y)!9oTe40wS!a8)PExXq zI@yD+T_;7L)Ry&OpSd+;osd!|`%D#elEYN1PT{we>+~e*lvC@Z_(s|?Rn%FLUgv~l zos*Mw3g5Q^o{2iih%X6Gu9Lz(5j@lDWLLWuJd2E?^~tv5)|?9kWn&L%5B!e~lk z@4g1eD$;gXX{Jc?P_=DV8X-5m6K3Pv97=PE=ebmtu$j{M@}Z&3qcpyhh%$`Nc&BTJ z;Urv8vJcvs~e{)MI^}T53xyBjdF8sTSwh6lOfwL}Vdz8gH!N7`IV40z6`v4y*n99h;PVAj929aOiA%d7M zlm|6o3y9Su^iF%t!>3vsK%ZWefYlWQGn2axd0rt<2{pw#A{UmPN2)!7BphiJVh zcidPbv}Q$nN74Q%8>jc@_{ckR0g%5gw18%=KgEJrh;=u29t`y3N0xOa5{vy5%P^Et0>@3zcJ;7WJO5{s0=onu8tE;|-Mc!MPDffaQiu=9P{U^&K(pxLokKJ z^seSd3cZBoL1DNK;1J+nsW|Huv}eA7a?}^J?ChR^Nh&rZc3f`!3y~l-JK5MUe)i#g(L%Hg5lpP=Sl}=@)>ZwpzY^_SMLd zEiJwVITUA$TJF2Fes*!}D!gW%pOJ6ofQ(w?^61PQq7nWm^>788&1(5UX~{dt6evF+Eg_&&tSVqZK4!TL#~&Dm=bVK1 zr&Yc1B%DDp1(mC094tchbkYF`H_6dmxpMaWNdfH(CHh6~C}Z%I0qr}WWiA$zTPfZY zDBcw)-z9}M@v8csGI6jpzSc!EG`=to z^)WjXeFS+E+@a!E!Aul4tJ1J~vlx{SHmZ`p9oRUc{rnN_rR#?R5u>H`RNIsF5_o{R zsE~!^%EfOf&bMIhx}z5O)CMGOvW!5zQeJ@m;N(#Ly|j4cckE^vQ~9y9AZp}Ol$KJIdV3Ig-lDjwFwTVgvl9qs6LsTZ>OXZl_Tdrnfd0i=@odMdqxH#QppU*jcOL5K&?@ug z?1>JJpPi7001!L8WPm4B5F}{$QfKf z@~Kc`fl~f$@DK6(Qrk+C?;N$gfydWg?UtaF(%iGE_O%#(pMHw=ZO#0Aj2~M{1`LS& zNwwP!0!7Q$OG_@zvNnmnSr!~0ehuGXcTMrBH=ARO0mTYUOm<~EmZX3;1^IA~a>J~y zl}vzO8J*?jggp9}1qQYrjBzWFaTH-BMV2X0LJd3Qj+P+y%0sc6(1ZwL6FZ3?iC2xC zfJa4Zk7ZK_65=e{Z-0K`?vBKjGmOO5)#g1LnU;0&fr5iw`u!;=iomj+p12hAdw@I%OHlSq_;?==)ptcWlmJ6n{eBjNI4o^Xi4P&Hjbj;gDAL4sPVu zaRoa8HrX6TmC(r$R14oHQYGhN2&#aGP|V+lO5*>OQbR4}Ai2^$bJ3~zHag|oWd63n zH0i^osP4TZT-~bg?CQ=OD1t=vT_e8yDe)zTzjQ4hPKm5WqM8XQ@=YVJs|Y^Fke}N1 zB`y+Ea3GiI?Xs?n`$w7n_Z7p_A(yvGp{2~=H!0fN;D)3S#oi_Ej5$aUuNLe#;PSu& zlTB+$e3(UVR2^@0C$B7^U8!g{x)g1p+Z&mlulov%bhYpTuQu`&uQv8{Ufw8Ppq76j z)k<{HK|7#e=Nh9A9x_UQXo!21K5od4F}iOEHkI!J#p^(mn<<9U<}(sB#2hBoO&yZ2 znZwTa4N2Wxz7m^D%|U1IiBU$*5XJe45^4s!QQ^|%)4{)Apv$Ka8=trwVO@!UL=nco zbd!PEelJDv!JrWGWV3>N@2`}i=USx;cws}~c#tmtnCcFnlYWL=o~ z4h8HBGchjA7iR3+R@eM3^TLcJ?{2|{yTtJvzBMQOeWOLx|Nw~+qHI0;ukP$~N&vclr^b?tMA=>3+~o7SLc_2$nQ z1W5bC5o;-Pa!5cX<2+TC649#4CoTLf8I$^?;uXup@A4Y)Ys?V8912P*UPFQwsrV&6 zwT3?1finT5XU(;RkE0&K5EwJsNBioF0K01el>-oeW6Iw|lOCzA86rIB407+S>IKmI z3TOE6XHt9s-~Y+2?CVHL#Xq0iyx5j1soLv&^wurefwq)R-;h3EK|>htroXqrR&U{g z5>>m+6e>K*|qWrY>d#!QNghgq&#cw=PD6sc}p;q~-#9k(|gf5#P8 za*N~W&kfO?u3nq1rqIAN$TiolcUp~Vw@s7kT9AcG-P~(4{oI1QT-QxLl#r%vK>-q; zE*NtU#y0}e8zG{QHTGviIfqy^TqSCl5Md`eQk}2x*2rSQr7CUdQY-INObvvr3!b15 zpER_kB9fMncgWgelCp67(|9cRp*y`c(EDvXs);FMff#me0|539m$%nOYVO|1ViL~K zZ4Xi(i>f1ptkrkE&=>OjU1w>sJ4(JoE0w?;G$4TguPM`K9o{p@^4;Z2XoE>}flQV%$!8q3O<%Ms*O3)xj)Pd#Dgnp<4@Q1W)k(op~Rc zgMi`vUNMyKd|G{IN46X~m_5t-3|1#TN(t>al6bZEH-Nd9H@Yhazt=ha&h;aWJ}>y4 zL}acb#mr5pCYs}SZW(C|{*mALu@b6365PnTTSyvkJ{=*|^+Cr5-|u&J(7Cj{KKP|i zdyT;))n!G5$W1n$VrZgaACBa|f3TOsOH2BFFe5*sm$K$rWviUD79rgkN*&YMX;u2P zJ+l6k5XXcLXV1EVwuZU*H`J$3Eu0iP6~p0jL+R=(4@fh4Ij5AGxq+t&!vRP8oDi{T zF(2AK6K&)Cp~djrAJ1itQix<(x*!TeU&yk%0Sjw_IS@e9+MZ3~Ea6TZTk{e5>cdEX z^{{Z(+bSRUfMtR#Quqt62C%K;{;5tA?V#!$ZcC~qbQ~$w z4ZTD)p0RqplX^Y*0nzK7c)k_SWsS3nFl=9BYT*#>d6XMNqXHO{#315NV7|O%9o2e9 zeff5MU?Y5HZ>~`a(fvbTglo0x;#y*(C?q{<8Id-rhs-VWXj0eVO~19!r+r{XDWPl~ ztv%f6Z91h zLE`iTHh9avv!`9Ey@YK}{sp4qc!<>D0lio!mv56otvz_Z*d&*~FNNqr z5!PBxPt>Jt!2U`5gOA8heU&t+9w@Ydf(@(X8&zrK#(mO^dJvl#ZB*L;sfvlzq1SL>U%k@yjrfc#v)X$h z`IBw<6MrB3)^{^$H?xSDk$cTlYjdNr?*+7tvCHW+#?h2)nYKCa0V|V8$GSCpU}``^ zhRRyAU;7f`Hu1^3%4x>u_5x?v4B?3?jo6J*b`X5Y5d-MvG;9ohJ`XB`6^z;;q$?@?u zAs+{pF;{_RSanrbTS&5PAW{WAv$_Y^2JqJwj^dJQYYWHVAqyK~Ez9sJ-{-_Z`3lF- z^Jn52tXFN}Kg4r@o<9}OzztCj&tME{3wMg=vDCd$j=l`5xht(s~D)jJ5(JO2|d3pp0Q9KDcmZaRjKZ&!YzW-KW7zsyl}JF9;ZK2 zNZXOBKVB%dBjhDj6*vAPyKy?3WKor*xI&e;bNlsH70(pX4o08Xi54f)^IGvt`}iY; zjoj*Mg$<$`qAY!g@`8Vj*X$rEB=%@~&&chVX7g^5y9#e4N;EzKh9`0>aY4R96+paB zkOUtwK!P6JKq0~)4St*%7auZD5G(>16d(TFgkIf3cyzOmbj#?X02umBP^|Jx)88Qa zgMZ9}jHORwm^}&DI8RH05=J9=YGFm}@81%wyo(x83-6)Ir{dv0YHk`ja5H*+i@i>y z+BXT(NWPak*`6|F8sSZ%N+8XfvMvB4Lq-`I0}6`79Ek`LFV{onFJ}w*OcL+3vM&tM z@`dbYt4O0Iolj}yYh`J~2RJOO6(6v26pCchY!*XZ!;3e`by`dx-k(efa#t0Q7JNcH z)l;k;%UJ7p*hHYOr}SoeIwV&8BwF6!6@7)H0gnmRo&-LC5t3Lqi@e`Rm_d9TLmU9S zfpO)}R?0A>jAL~Ala&&P2v+#P8Hm=>3qgXE}ZK}EcrqmNo>=f#dk^9ZpbP~k` ze_)z9bTmWS0Z#kCe9umpwucf9nN6HPu0-rJ5b7Poxj7K$xWehGA+}xBBEBy;%}J~C z(htM_-FEnJmQ~;BeET{@U-XBj>w(M|7>5f{DOUn@^-+y?SD)w z&;EO$@hQh>S5ryyeB^zlmn99Hh}?Ql4Dv#JU&-Ic6<$bRLJx_6<{Rf*p#+7eoi5^0 zwk7-XZd;;1qJ^kAy8Hgj{U*^Lwva=sZ$6vSpZwJReDk2_&ye)~q}JE^l~o_|`%BlG zHK>ey%fZU7ImdD`clBY;G>&2}?j?_MKc{-h50~|>b31#@tq-NO(^;QO?sIZ4!Vr`@ z2f#j}q2p8Aoy#OZWq<`0K!_4-4Q>Hj5*PzN0^&h&`#FBRt0g+X(1r><6e=KfFb*Ba zbqQCJsUyy_Qb|Wl6=dj$8I;tNusR(0tY~T#H$`DHg=Caku=?uys_VX56|5H(Oixr0 zADUWv!%^A4^J`SBN&(AZHR0 zuTQj@x?UN368P-FcxLWN8ILD9949B|cxMU!_h)2;Z%YQqXg(ZE4aWE{#beA7KKqS6QL}RD<$#;)SSy_Mp3vR}%5`L7Oj_P-O4j(XTF z1oVRh0oZerOVMkf*G$?db!E>aBA%s1cu2vZesfbW$cpeF`gpAVm34U7+FBAWZZi0^(lkm8*tF2ILHjj4N=<9o~H9z_!r>xmGKhy4F-Q^j{C4d+OTu(*3dfF}Ypp zyC&H7_do~`ZeYYig(YO{@5#7DIsM1G*t*{%6(I+PL(E=i?S!K!u>Pa?_k-uV#lM&T zx8mPV{y)IK=~)8*GH}nDrS*@}EdBqFa_-VpBzcEAtAkxhq4Lw%OtY+BO(pFF#<)vp#5rjgH+2_ zL06-?h0+p*9j3q*L2G~xN~)!IS$jz+8LpB;*E*!Imwi(JxY0q=o8XJ~6~GTtjj-tW+n$&dFd6 zmp(n8bhr@`f6DqCx7AUr?cHXR!_9|P81InJ9R6#aA7QKHeSBVyezSQMB!{hQl)#QS=^c>eZaX&b^cl*cpZVGu&3MVpl+l zl40+6IHl9I4FpG8(#_dSjhctEfw^ovh!uX2t+h;Z<@a<%TEUjU+Vl06WdV$hq{T0= z0oe-Pq;$V$w9yA}hRGfAFUA0H`jvC#&_k|#G)2-uOc~@1V+xwW@6rG*1Ihf~5?O2p zC#dRGuvjz8Gl?D~%bLL;GHxj}Xpf*?(Rd4*pE4|jFI@{GjJ1iQemQQVT1wX)JqpZ8d zbu8Ezn&xxgxrv0;$1Z0Gr_A?q0tSdcmb8=>l08&CFqd4D=!}5oZ^=%FP(w@vW5_SE z1%?2Ss}x`e-M-`+R|rR}bT?;WYYN_+Y6As$Qv2CgBJ!Lrk}SN?`k=$Nx?M6MhVGvM zTZPFW--RIGGib^18WMf7&F0kB8y zSmIv$HC8=oR^Fz|EA02gQz87Gcs$fV3mVvl223=7iYJti2TU^i5WZAKxSD&Am)aPi z2zlp$P&Ies4KVZ-gePWx^cB&SD0^smiE;(cu@ERhn|}0Fo+EY#I>0GbHi};+7SrKF zZoZA%$W47kqb9(+Y3S??HE{7(VxEfM5oaWnh3^J!y%m?K>A$D4bQn#`w- z&xuD8HDp^!v6}^MW(0KwC(zntp>imUdb2f}<8RP%u6rv0t#1d`cW?zGMwQ-IS=I?^kcJ zG~*;BsfNEr*pjvELxB_Nik)x(LkMr4jasA=j-TJ=%dZ~MDlOD)rnAkSCUN-{7EaSC zBgExh@j>0+Pd`d~);7RAms?B^HQr*@hRF-eyZ=Jt-P^w%rTv;U+(b1bk~}Tkk<69X zUQ2!9q+@b}$D8lp?k~?raL_RuU^;Nk*Bu@4w~xY~nwk7*g~gwe&XM?2)B5)kc>8N+qT;abJqmY+DFmB7_)DP(;QEP`rNfZH z*M}&QdF^uIR1BFy6&3J#hD0NJb?z!ze<*h~Z00EHOsle}Lok>_$jO^_i0(6lM+*mI zf&!f9Bvt^_?wPUkxd8 z7-W1o-^tSauIlS)_l|7okr;=yseEd_^R2{A#|9%!)8Q7*h zBf>~8V0ohAurkLKaw|I{b*4TDCo|~yLP~U9z`B)`UIhT^J#or@2n5(}f({@cZ#Ay| z18tXpq${d^eaix@IO{gmC~H#B{G6f!<2Mx6JDsIz0<7VW?XK>XCcxgRI*ziK4k4BW zSeyLnC;8O?5+%HfpOjyRG?QN&lk)3k zmS4H2pj_%ZK83hQ1Z8XoZ;-POskM+P;QhQL1@MuZcrQr--{O0k3Jjr$q8);1cY3Lf zE=ZUa=$gI8o12ruEGOB8*=d$A%k%+xc8ri`Wsq)O404T#hDs@x46csy?{%kWB0twg@K0z z)k3UHI#Z|nizJ6)rWCuK1z52jz;Cg|(>r4a{2IEygk{(-S%&3Z4r1&SiUiB}Lr+|s zL|(v(oQJhDh_sM(M?kaRP)C+||NByyG; z?Z39B>Hn*|OB~UXcWHW9D>fd3FHipd|10lu6)f-4v{>?P+In3wT}s{s;6U6+WjiL#_wvyph&9@Jn7H=Ht1sbcU8lru;7yDY2bUxh zuS+FXCKIngBD`Q&^7;C-wLhs9SBcAVje|e!llx!3)@Q9YZLO2GJY#gS&gGLW`Mvo;I!C z8H#r<3(WeF6Rz@Uo$KM)4n*o3tCuu5XvKhyth>u+wi>^7)`!U_KD6bo%EsU_k(z0o8E*YgLN#UdUP7jp9GP;&PFHG`4s? z(Dt+_>1KQ(-dxBfp^*F6h(aI@xgG>X(=&$Bb%RVVX9$QOEWqo;6jOG-MhZ!^eG_t{ zjy?dUque;>vm|iK!hcBcNA>Dsf&7J7K+7AAxm|=lGQg|c?DRGxdg~g|(@K%S6 z-7(;s@+H2he037vbjUdAYJqRMwkjLGNtCxHS)Ra49WoZ$%QIHl%3FMuD6dU=dCl=I zk9?B7%ktK&8$aPL(;sh*sJ71Nf1lOmbk18D)GLzLO8!OjKn4Fw9BBjcYTL)uyivtH z{bdK}E;hzjc#kd%5BALq7xyfy^+B~%o-u080%g%U5x4xnV(3;w9=wsj*o0yVAzhF#r;~)oRwECX_#;EIzC$ za`}`=D%o*Cs464XbL>U%~40mz{i6J!4;S78ZAa+1xIJDVDvSvPk`{Es!A(4I_WDH!# zfm{ejLqXzpk@y6Em?slgi^MsbZPZ}ah{U?h_BQzP;I= zc#}x%zS#!hGKYx7)6;7IwMbOba-J;`PvpclGSP#?OuVMJ-O%f%I4Noai?89%0c~xd zdo7&7YWMm8on~=7%vTu#g+g5K2{xL#UcsNYK?^y?Et``3B<+0btX&j^CZyk57|=%+ z1u8z9)K=DE9_mKQ^Qs^P``F0K&ksN$h_eaowK4bZGXnAcRox_XVH)fP@y#W{k0u{buk22?voF`ZefE7HpB5arw z?(jW+0FS}cUze!ocR3yqN_&D1u(z4>9R1NBoX@`={4;rQTGc7hiR7V)&!J>(U)@eN z)p*~bZUJ-&Yl8C3=D>z8%T`ok#bUL-kCtx^b`5&m!LFS>p;qrJ(K3|q9^Wf`8=kVZ z!uw_}(B2>TVSS2qKqm8aayIEtQb)Ou1jV=Y@g9f0kK-NxV;`T&&(g>L*!y@Wuwh5C zj~}3qhh!i7ppPFY(b4%#JlRo7ackiUOsqXExx>sX$&qVj?z;>y7OR0Oy(Y-p^Jtw-iT#2s3qI!$F*Sc*> zQ}_x^;R>F@-+;54w^3;EmfBpoD7R8sw2X7lLE+{@ZPJFSChJfwbEXZ|n@;;saR?bf z1)^Fjn$<5Ht#8_8A%+?|F<7IutcB5fx}6-Y$RU>!?EoGbA9f^iIG5u#D1GZmTHXPE z&PJd|6xq4zv&j{@TH9+D(HJX>-o2QQ-HUY*KEWF~jO@#)nUT7D7*4B5jfgzX@r4Gc zx^o_hkVnB2wPo+o))qMe1CmY$!y=bEs?R_ss1!pW($%ZoSJIKa?#orQMs>_(cGplK zEHQV&UUH`g>`RF}Nii<;X~pi44!Jgn-Mlh!nq58)XuIibIpwAME@qKtR4{2O14E*N zin%yXsNy3f^4?i|y3g5@&IIMt5gKjptZkHCb=09VmE0NQOzupn?2L#Kuv=R;>nJL7 z-#s6Aw7OYzpvY4lHRI@c2L6>>Lboyn^&zFOPZJiXr#Dq2>hkJNEfBvWPo=D6gt(N7 zRw5DnLH1xz2l78~0_Er2y);#HYw}>c_Vvt776(%+3Y(=~%5VGf$9b6_%Wo?Jk)=** z-RxT_qD%uF)Nfj<)uVUtF=(BUm^cG@a51u(x}cn zOB~>{jp{lc&jA?EIwi6i<4LWcB5EkOj`kR@CU4zV%rbQ1fOdqS@+#>LfT;EPJwdaS zSXX?fZRB%OJj*`@weQTy*$SYqr`U>sMdsiWq7Y{nE=1dHl|$z~r=T!ZYcS76VcrA% zrve_dj6=>S(I8*^L#K=@UgqOrbNHGLAZDN-dO`GUEux>@23gI8AaX&N6&ogw4B$&T z+})>;#^SP;C~VFdlEOO71Mivl*-6N@mQLZgmDtT--Sk+b#Qur00Xlr?bROS157BX? zx~(4XEan;hNoHaE0sChiqeXI8pW5@9;_GTpLseLT7^Hy;!u@u5N}+{yzzD{ zXY<)s+=>S*ez3yE4=Bo18b6pz(VYONNU?1iyZ zRc;!~P$FJ@m$+Z*AA(aIKYv(|;t%)#EPohzO#To!CV%LY#vgdih!HebrLl^sze${u z#wMl?P2>}cn5v2q+}K612er4bS1FMxU5?Eoo)&w9m2>ZG8Kv zDEOn(sNj&6NW2se9f=&W1c5rb2^K;?^;i}F!sssSYj5>Tv#+gKA?<7Dp3d?Cl*r0? z6JY%w=Qdv`@O>mo6AhTr7e9+F~ z(6w+_1u9+>%=u1dI&=0h>$W)bRAhzL^k`kD9OJ6hq%bkJAl^{%{>0mllUr}=XHk#A$0mJNpP{4>xP$O?~QQ{`@@Y$rw~@)K0lK`84vps?Afikw2Dn>43`BjOr2B=J zlApTn+ah!857>T{MXz5#bS))uYfE{amET&qrC^mlM6g|b2$te3VzD=)2inrNTvEV| z(SdS`LOUU#hl|~C>e8lA5WuFw;qQh4jykMTZCa^Dw(n6L^#VpYs<*oko7|QG(_`yq!5Ntw`Xi(3MmZTIoEcQBiEm{_&gEo!AWwN{yZ z1~IhfVT=L5@YZM1lwlp3(`Qk0&bj+8i$e2&xMnc|n-F9Mst8Iu)`Y6<6mmrXMA{ww z?^_>~q6JC^I-RY}s&=be^Los69ceZFl*K$?zCjiNf{EJ5f3@)rTHw`8kUz5@S_AD5 zW?KV>_m61{VBY~=057skCB?09B`tvJd?NltFEO&OGad5ahJ7@!0=oK&7+6Zjz)s2> z(a5OwX-nosqK{>%C9`WUwUL+1`2T6i&@^LYdC3efo|3*^$XXQCpKiWhf*4m0jSy|k zaeJR`zHS_+SnFo1GW+|JCG__!UN^pCv2Z%@!tuHA&z@hra{9FTU)AixZfoWAZe@`x zOwkTgKPkz8>GDg-fPXw$o>Ra+vD4U>z&fe;L5VyJk^>>M?MbPt{)*CuW9~rQWB!I` z70(&Ogffipe`^tb>!?fa3L50vAIuN2in5XKRUE~btDa0%Q(Mi?=qX9i9~rw*Y(U#d zRQ$)o*{GO^e2SMaSsRTBP_sbyeCmCvTDQB%{4Kr_bx=ewpRtYI=>@a{qZaATTr zoo$5&HDg)VD92=3kssToEik{5+>=7u4qjs`od1K4Q_8|kKR|~>d^nk9zjh;LhuYDKTbsfW|>-?HO&d_ywX!6_cNnPg-vW1wIf`hgv z6jp9_ayJsWP;7Q98fji)j1KW?yai+QlM-3dUW`$<7WA5R7#*rLwtMQJY|{DAc|tlL zO3VGD#5viNgPq2?GS?-bH|-;|OLRh+(~~qCgLsQaiJp%MmkjzQ8-v#EGEI{ZX>9zt zqHRi^2~~Wp%=rXmrx-OhUnRPRS7R2zW(5Dq zvRcg)&^6_mwJg&Jt}GpMB*>6s?k#R3crvYAMrw8SwI|-(p1gFO8IYA2nuQZ4TG=@R zOq(mht-X;$j_QguGe+%x;$G5*F=eW@l)ZJp#07P+oB%igtj=75d0}x$#X!;$JRnx3 zBfNpa42k1PkBP-uF`szLq?6S=5!6FgcK74v6;zvKhsG_p=84gd)lQw;j1#V89!w(j zcaI2(f>`g3q_tQ4s6>RnrB@eP85g&-a2@T^w2V+Yn_BaS9$Sizo% z`20@HqN;5+8<{4rw1kmTmscyW*SJ3OC#8LKNiRWL4I(A>ISY(WD~n4uS@o_O>uT zLwj47pSDx}iyZ{KQ_@l*_QBgF9hv-P+vP3j^erCVH&)xWOIn<^?UELwwO!JplX8T$ zlV3rJN&d+IX5Nv6KJildU0T2JIXkC?-SM?nDXZVjN!N`sCqnZ09=WZFtIo4+Ybm{>32KLJPYXLU z_B4uBMd;CjKGCa zZnW)M{b|<{G5zEgxp0?#i|nH2sI)M+h?6#IO}I=L+z5n8(7%hU|f+ zCA8jV{|GZ;VwyBJUx+LMQz+R(L$vsHmTPHLU8ty3(BcXhhmfg&8Ao^uRyC8+*&sd4kU$;hd$wB2;0%eKwWcF1j>D1hPp zv0q~&GM{y1+w3pQm76`Chha^euG0=Qts+%$yV3D6kRcsv`31Jl%+}87mY>$zE6`f8 z=_Feir5neD1hBi=cxRf2jJ4NWqy0@7qrDV5p-IIwv#S7O!snqgY%9B3u&vDQNkKn> zr~3!PnT*Co3>{?iuW{O^mePy%iPO;zdgPNkr2mRZC+XnkykF3nykuuOac2VBrx>er z$>a}wrR-+4d!2d^|1QR!xw)BS@*B5lO8YRVAnr(7DlW}SS}KO|i8EMqwi|;!!Ezvm zUg%=}*R~r{&EZh7Wrxp22Ak=F%_#(sGfR<&PF@5a0c}u}a4dj0J=f*hxWK*F6DY@lf_v4Nzu;W6Zn4<$+!v)FefINV7blzauZf?E0l9TU<_WAVeuK>+%y z!NF0S>2OO(JDhZoM!(qJ)Fh=uyXEoRj79~tqe1OsU@~Q32nQmGo)>8+3rd7Kvi$fvCYYjQMNf5 zmerzf=g#Bi$Y~LV&2#WUNc%DbBM`}r7Q>0I`v&|s!+jC%mPzNQC3{wOm))@SSu<)U zljgCgJ*WZT2CMF^bUQ1c+k}lvyKn$Yc=WUI4wb(~>$e#tb!1ASBYvdNY&XgtfX8iYHwc5UBLyIgGGD~a9(u6F45`GKL zjOKQGj*h{gHS3MYtAgp6=9$>ATGRn{O%{dy1pU&?X>QU(mK8F~A1I4XS>mqu{w^z8 zX`IRxX?0LM=zu3)mOMjzuinVvH%K_=C&386dqpN3Ek8A~4bN5-le!x7cVqk6)Y1%f^ zEt;?3Fg2B@VRBO(fhG$#%bifasQ!Fqr7 zfcQCIzUFK)$}(P`^moEzM>%pVevW!cpw}x2YfU#JGkTpPxYNf%as+mrG41?1-m#Xx z;YB&t>g64moSO3%#bh*Idrc<&>S82u@VuheWm16{O&W2URpaA-No@VHXY8$DK1bU$DK5t8ZEHW8BPRb6L=vW=c}AdnWS#v_#M z*GzAnSrDk(<`gW;U-pTQy>A-=8@89N@CxtS7Krxi26r9hb`S2_!5wO~MTyeJ^KbSc z9AF)A1k|UGmBICG>wI)B!G;S;Kz;T?E~_|NeR>FbV6+elS0FyAN$njjE>~t>j@rz&n8`rX2fxfR zFaxY`26EoPq0Az+d1}Klx)D-U`t1qoj}pj}z=UeztPK2~SNkXs9{`ExU_fh7qA!yu zE6wC#q2->!lr_T>>^%)_j1YQ~^xR8{ZAJ6=a*1pfx3)@}aQhhY%{ojQSU#O4*Oxi4G{|C}%?# zD3$IK5<~v9k~ZXDonRaC$9TvgeK^)7$NJCUQ0Rk3r94ho`)ME1?ns6NmA1a2u$mE4 zu-;fbK_YKp{ei%exIj2Dvt*`wG@g>VyRq3E86oDFba!A&i_`l$t&vrJidxVa%{0%( zKL`3vb@;WV;ugCYMeK?XPRHZ`oa>P4mbiJr)vawBYUbi+C2Hnr3K_^u{IESTY^mk0S6{v&t=eI*x^y-NqE$Agr$wU!heDob;)zI%l_9)w%TH{ zfrcf-WP?h-t+Gwxz?>ej0W?VyGsSps7hK>;w!F>| z`{VP%yy(2_*j)E_>6X{iiJfapQ7}(!WDt2p=Z($ew-bMs-{v>tw{0J0E8%Q;EDJpM z9%WI7d>dEw>&}P8*~)^+lcDAA@P{6!L)`R5F1<`#E0NajcG z6eLrLzLNxFQrnYY%(+hy4uF$*oAJR+y+YA;5z5F(Vu0LgFcv1g*g!85j4uC^l!XO& z6_|+h&4BOproG_N+r(aQDxJ2W`;&K)|4#(66J;c+>}x9h40fZ6H+BqrM$txZSuRCJ zM7b7ny;-62snC^tr>agX&GL&$qX7h6jvA6)_`idBIp(D-C#JIux;HKh%diBu*#pQ3 z5O?)|LTG;ZPg`mo_~Wn?+Hh==RYrApmYpb{Jy3_No#=4-P9(SY2MUA=cq!kV`OXaN z82J(EIFl`SyKitc!nh(2W=9_YclrIv}5< zH{oEOeLzAM0VQ|pD0BJ@@|iI(59|1VFwZ=4y(`DOh<9h5+55K3g=rifjmV+Xl*mYo z4XKKiWJT%-V@76irD3+}2VmZTIS;$J65UHSh}|Hzl+Y0FlKEX@z%mh?aD5iz*Iy_M z6w#J2el?~WzrZ5X?O(!E`+D9l9nkxoX#?8UHlWo`c&bmgFU;h!jM2VJW0*Ak-Np6y zVu0iWEIk6=0S^&1vhI}(m(7a1^9~YLqW%XlGZ?TJDIFAzpDP3uT-sj61nEnMtaN#sE@+fmSt18 z?#N$E1*0m7NQ_P#7D>7oG^2@e`YBurPBXp2D?<}=N6Q_01$3479iY$4?h*n)>ekcrcTjxXed}pDsbA6uWgPyX`ztGmU!pOO&xd~sGb~!wEhH3ZJ zM@5_>x~tb1!LGAZ8nk$sDkhQarR{IF zRAL{Yr-_fynqtu!GElDglQfg<`9_#cYpjHZuF`D!td;W7BeqV=w^E0oFp5IJsrOi^ z&p(9W9B=*l<0HumtE{v;9}?U504pJ16hxUWw9@vaK0L!p`<=ZRt*q3UshmIjQQ9$I zM-_Or`XS50`Ofb%jG+S`ms#sX)-B1b^M7yI54&1c#?VtTY1NsQmGNy(645r|t|ecm zLVmowl|x5t=0A8X0(;!{q%=MT9u`^cK|073iKHrNd>jMg<0F)f=Y0aV=a}))$)}JC z%oC%4F9c%45|>7;_P^=1_VEn%447|@_O6sp=L+cEsURo2wUgn9jlLvxQnE0$1uBtuiu&j(YoZlLeoX-0{CVJo$b>nBXP8$YSZ_OozIw@S3TmK zAOk^jn@fRL2`O+oqhgvP{o%pBoR_4Aa;5*5OA^)V^pnroEi_&Qze*n9_jk6f6jd8tqD0vTEfV#i)?zt|%$7(zp1`}>Im~_ zLV&d4&ODui$B@x~pzdo$ml8ogg{^X+-nJD+B;fJ#a``*yHlnTo*nsGwSFV>vtd}z} zl|J2z^|DxrOm#>knq|@IV;BVOvn7LHkd^WxihV&y0KfKKpyHE>qex_e_|>_PfMll%+CJ2rw*S)3 zqU~bP_E*ZhzrnEJ)3!?CgNRPr&{mNuw%*(%z#_9-kWDkIfNc8Y2^m$)Aav?_@4+Qv z#^$hqDHvnY$UxB|(pSRvp!S9F#--Ml{ytzP0qsYv-u$9Xi;QEy;Y`L6&}yMqaLAVB z0i|zkcE$lCl3*Oa;ze`48-pH*527Hzje$5X3Ou?ov;(Kki$BGa$kBTw9%j zOW)^W{Wx5#5V@g(*y)jQ7vInR5P47r;m z5%zDBB*KpimKeT15@rmD;*saEAJt(clt7r(cdSJ7Xo`ErL^GkBAX`g!!^kwhEJ5+l0 zEocl2uPAQu{rJ@+$K?jct0JgrLDxNmEnT$V|56S3(m z<|YcREJtqkGGU+oFb1La@rOweI|jEfn{$f^t>wU=7uxM*#Ds))`!5E5*9E(8Bkj8T zR#oX=Cm9upe;tOz0+cGT>p0-}&XBewRIy3bnaMz8f&LPzSfxZZyM<}EYf{9~*4YNV zzc3ItxGfglV;&ocKSjo*iFhP0hV*e62T8{|!$MF^!olk!wg&XR9+ru>?g3XA$^o$> z^`4OSdC-Oi4!s=EHU+i!y-inCs*&k0qst4SuUx2uj*kG&)FrKHG@g)4BBXX{?iHHxfHFGQ$ z$WGdYX8($8#xF1kNHSjGpTtrq0h?(>r+n{A<6rl%fjP;)C>Ru&7sGtbrEC*;KcK-D z@p%@Z)0l9jkT~f!6Jq7mTtMWSQjJcT$jM$`feB%*7u4@4IuN7n5G(UK4$6YHs*fnL z9iRz$lC0udl6=>~Oo3WUL)uc~oQv}?%Mfojg9cD7na=z?+o{%}xDw`$X$lh1e1?GeB)m6^AOQ)6msOOobp~9je$s!YT12 z>xi#yW4Q%ZL$e?L@x{GIyihZFkiC#vFzFZ5q6o<-Wx%m%r#L=dq zZDDL&^;xJU@gxB|C&(=Gki~dS{gn9kSBow(-ZrY5oob~Uf$E5|tTZ%8zs0wNT$qh!c4Z?PD%m*9h$ zjK_SM&tZIySrpWp#&8MW`LChE{&WWk@Y;U5sbw0<1bI+TJ7JocAvODMviyz>mD*-w z06xMO_|E+5ke!~6N_v=dAs>EaN&>Nx=y+D{HDpN61XzMUk=uYk zmV`nElcY;0%-ICfr_)KqEs`2U^xyCdl&#N@@2g!w?UO|JECT+AWmXq<_Ll-a-&!We zgYU&qwJNtZ)RQEMF+G|M)cVYR#-co@Lbr;yJ2H)JSSL@nY*?#+g*CroX<2q5rJ=;G zBk#r+2bpY=h|RR2C+evfEU1TE$&%{wZ%$GjMSTfrA2cI8{`6=_eAmWrX=D0 zBy6tZ?}a=yV4k$9ZM;ta^`J9eDAIs6Ek;hQ4keoB(9;Id4NHoSzKtE0#w8^^Rl7pk z=0r)l_(YR1q|};(oBeVU0%S$BPeM>rZIhr?9mgC*Z|3ev}`D&y}N7d55~SPB5<@ z=E#I%d}Hjeew~2VK@BoQy|IDQDE=*S;MG6wu}J3kQTe7)ycwB%^HeOuc6!2WF-f6K zYTUmZ>L3Ls?tTNSjpaz9J2{~`f*uL{=_do}jS*@g-?cbSz&>Mq5{l^;-)sH}cr`^r zK37w2+PlM|QAtAYAli0*vTa{RWFP<9&N9{(-7h*vMS^;4~?rdVHJVpT=?UzPb?cio%np|I-8OKbfT*sSZHf{r<-$&USz z3p-}~`Eo08cH}+keNOlk9)0VQVCII#;+f)};PNy&oBv;zH!*8@*8T61ik$Fy7@Lk5 zlw`Lig^F0I&=i6MG`?@Nb_O#k2su-bMxeAT?TMZM3x%?ct&t{@A_PUWQ{ zU5g9r>x|LG8JC*#)!Z21@x??&@($2Yqq4|B7c9F-xagwlce!mnHs;NssMoSLOGZy`@&51$ zbj7p1DM#+hye~Z6zF(6bc)yhT7h+g(fI{!T58SZ__+!EzD-lxA0}``a%0WO!z+UZl z{+xy|HfdnlYk`R2-Am$#ITVS25z9~{&0xgv^M#ANWK+#CZ>N%E&1o223gGvvW*FU) z+zgEFK4EOJME>6pR$*C4zqv3}@qP7VhCr-lXvyf3P<*U78+2}~WY0SnB@Knyj>6K_ zGByV@#iB}jD95IvAD%|mK@w9&mzYl%h}r^8YXbUccgnoG9FIw0ng3-NjmOUCiI`s? zl+_DU%4(LTjFL@BDyw`p%!;l+#xtp!x~n@$%h2yEd`tK~^GQ69ozLDwkfY^1tV$u8 zLND9VOa}_Gp_$ecq|i*^&H~BQ&20}W=fW=mmFv$pgh|s|#rH~-^l1!=Py065n{Q!M zB1cHWJDH8@qjzDSs10hh*p_5JkLhi z=UNyaC3;@2?bzh!*9eQRvPc+dPes8b5J%e+AC1El%r|(up1qdyZN+1vni=CB+a+(} z(lW98({Fi&Zb#l1Fw@50r$Hz^g-LBR7=Aw*y&P+(dJ#CUCDU5A2zA5Kkwj&5{Gn`x z1s5Ph1y-*4Eqg2P&x#EC%4I_aJw*bTjV?*2IeDnmX_m-CW!}h7KnG1CD1wgJ0=;zj zB8^^(r%HM`*~N4jEGJoT0=QF&+^@Z_0V<}imiZhxK_eeD!x(XQVbaL76$E%h5+7%?`GHf zxy@^khEe+Vvy$Yb3u!yGMtW26N!{1R7ib1v_X;@|8`0zdu$4P3H@q_fdt-#jJJ3-LH>d%BYx=*|IPBq zOs>Vqw}X+xLdRt1;?%b74|oZdx|gNBMlkbp_y|nxe)eF`{fNf>T=uSg5u%I5(ppc$ z&_}lZQZWqeu1+6@FK7jP55og`lv;FA{ilpRrBpMz{Nm=8d-I4RTW>CLqk88Q-00>6flc0LvgjYjSKfsG~x^S?r|sYpzzlK2u8>*f~ymPDn5E^qD#hkMYX8` zmc~HE5heNV*ynsqZo4t1LZ}sY^RW*gzedyo90|d}BkEA* z^e3Rv@9-`_0WiPiIqXZ?W3Q5A*s`o`rqgoCHY@W2b|C%y6p%hd-bA_}c#&(@hiTmK zr{79BaV_0KoQh;^-(;_&W2g02pb)>dgwI-44{3Jf>t1n*Dz%Ad_(4(QJ?S;xZ`DX1 zR<-E^cFK=&B*w^z4p#hG=qGfrU{Kt7Q%XM(1T_0ULO)qCR_G_%-ICF_Pp{}qtD+xR z1ctUaC7a6B8rcHcWOtyUfW^S?7&0{{U6H2AO>`i=6MG^&u?oK%{U#?zA5rqDwE#yXbs{Ho6B?=;d}I$Cj~`NPNM?g2YMI zhqAn!XdH4(k7W0h*>uB(S%|`r2LB-4QB2f6`$P)Y&{C9~=EDeut3EGn7|8=+A&rU9 zPhm}qX(=^Y$&orhp|vdW@4=+_*H4Ild<_GSm0kQ3_Xu0U?CUJ>k?40N4^-`b^HITd zvnqFg&9f8bado3p_`Ap-d#7#dIwRx<#HL&5=e^j6G%;IfiA(Aey}-B3NV{gNuUduiL(Sz z()k)9%AoeGP)P`&>eEMpbM3Xyb3iKyXhYn7?RsoojoC!^kY-W`Y-=m_G~xH(0`u)P z2Ew^=hm=UW@dWX4tRKhAwASBu5>mfurFh;HQvW6^p@0fmY5m%}C@JADveLfZXG!=Q zCdj12`z;B-l9RAL3fH7D{*rM*!XIgq@V~l6dQ<*!J$qADU2pkf&b>`|c35JLElP>z zcfG=*`5*X?f2$D9d)z5C1wOJo#;z$4@w5vhiRX$NkDGY@b)zJn6SysCUPr5wG#XWR z%G8hd+64c4PW?sl?=Anw^6%LH+wx{+Ew9;qf#m<0Dg8g6-I&e)Gpd>Y2jFAJykPM; zHfNiUq$DP9^g0#%A&UjVy@0=qCZOX zYmNZsn#+x#>s3(^`D{UWXWw%zsm3=IS1MN@P}+y-l*e#!!ROXio}5=5QEa>0D7;sr z8fnP2!W}A$YO$BPXeX^R+$eJltUB>`W%!#>#S?;bO=zM5wN7nbD_6&Lk$GaDF$p!% zF`jYJ+E>Yx&CT^Xyl*;uNCgbzMH%M7S3FLwFv5yjVJeYZSx(1(zk-ZmbRq4U8-A`T zzqZ0QpfU{fzykS_O)MI<*nQ0Rx8FAkMk;TF7aurp#$N6A24h3ytFnAjyLd) zTyaq?JaMkO(kit={R|bhwNVX%kWIg?Q|nCkJYR8- zu^_SYwUu={J@bYa_mr>|ET5ao*H%|WYs3Aux;oRN))}Q^E9$EIQ{>tSLB8xO?s{)b z=D@bl$HYh!P*PqOt`+y4+e`5k-$Z>B=e*yw;ws(!o8uTharBI7Wnh6PCt6!Qghqh$ z);_sPjAEXc53`BcHM@CJZFKMVx_ZIrKI&Wkfyg19TUhuKg`yc9zzxxM4eV7M+TR*8l{~#ep54ZvN zb}NfUI+aDYx_ru;BlEp8o6x^4BvwJ0qlGt@&UpG5i=>>9<1crXg-=kMmZ`Ij627DQ z+r+)W_*KxchIzc&es5jEt<}#woEz?TU@$+ zIT9xr&HQ} ze^zZIG-z9_`e16He_waNG^+imPb+pNIx+oeTYQ8c{1_$Dkoe2Kg0WLO;;q{a8FiU= z=1~aTRp`rsdWTqrgd$Xwevj?53#eN(E|eO;m~dS9*ERurHUqjlR0gRSbprPWqz)mF>ZRz|SZ9x?%Z zmH4N9zf0Rsc<s=htB0BesscZCY`OSl?dl3-7@% zyk~w zUtzoJXsfu+qbxuz3oeu=(JuVn|cx}fsR8oqS>5Z~eqiD1K* z&sCzL{rG>2TDQX)Xw|tq&?;Q+R^F_=ly{j38IOG0X2?PN#m@2{PVaZrtNrM0TCBY< z*2CC}FT&?(o8ncDzBBur46D*(OCdAu??*qp%7SIy(r>H5a6d_$DD&4e<%seoULA#Y zJ_-xw=!&uf)JE<7+5}qpBexQ5#1Lj}q~fF&=fuu9y@=uDSU-Lev1PmVdrPBH+ex(ao0&zSt|W}h*hbSUM!IR!>!j8FB%5Fs%>fazi3doVo=O`0BFx?0+tSFlyAoRlW;I2G2jG4PO1DO9y_ zBCrh-0Z^Dws{zo|i2eq~w$*uIBX`(yuHG z#cHvxVUk|yRUTjBb^oM7z$yo4TPZv|aOc#cOa01~lI6-(Yn0*3lx55Rq?GJcmhGM5 zZF8*}h}5}*70Z<<*^dY7ot4VyfpAB3equ1;N!RDg4utY1mIfN?DX>{c>AMdNC{km) z!zYJg>%mZ#1bSbI@q4V^U$i~Z3ivZh#V?F}bbUba?ea%=W4$ShZVw&61Ujm3Nt|pi z-(R*{qz?&1dgp}iK=JNS3~-~zmIMhc4NdP*5Zx;YRUEEV9%=BocW`gf$HSz?l)#Aw z&~^Z@XB{(@9Du_pwHT`F_Z0Oj0^p|-tHYxpEyCx}mhOEOdcg4FBG8A-zLaoY9|$`V z&9d>Q5$Q1yRK1m1GNo0Lpdm2MEYGRQW2*)ka3HGIg5y2Sc1hQt>5t;86Lv21=poxu zuVI7&@xp*$M5WAkL3?Ba~?_4csyhr7@fU%$eq zKfplg<#v(EiTvg)RE`&0_(iVm#W;EqsdHK_SblS=1+UzkY(ar+fth1#0gcDJH(kkI zU3E2Dq|!Qu-ufxT>qEXZYWyui(32KgvOE{oi#e?SfUBIW>Iy9;HQu38TAuQU6Bg%p zq#@IwA;*Ix>Oe}*_41KG%%=&=#!}$%-LLncz2R~mnYwi#XC_bA$Kt}YmifwIR{tT z+S!LoxoQl(E5y61R4KFtUuT|%4Ajgb(Mnr+#TAN60o}>s zR$Y-+T(UglwPiHu{mEDzK8*{tkGS~wp^T5oUoK39*oSy$vk=tOzCx?N9$N#0+`z$@ zad;i{{-AxoL03hr(hJ|klYP(G0_jGd#+80wjC z{aV}{uWi{)Z$nF_!?iaWm41Q7H)2-eZLft|=~Nwijc>0(znT`SP=yU?NEHUzW0l7( zY;gn(4E_Lx!&aj0QF~V#n3`lkKi7WMYJbKE8|S4p2zZRE#K#jXjDDk}Fc=5KgaUz~ zkA&*tE#cp>Pr{?Xpgf5}_P+|U`)CM8CDKr&HoYIdOdqfZi@YG*l@@syEcfcKRQ(j9 z)=vQ?Yb0t-G$iSTUo4g{aufel8~Rs@H`jqr_OHTkVEx#Qu!ltn;s3#prsZmUP+{5n z#5uP4B*=YHQO=|BEdz2{Y2cT1OHQ+Pn6&T;e_`Owas#i5+(u0d3kc12} z&0eGGeHI7xY9ny)bAbp0N;=V*`ip{V192xTShZ>swuc4}NkL((w-B6<1vKiPGDC!H ze#m&z{H7_fDvjQFdWH(0^AH+o-JRkgMtrc@WR_EMLw^x`J+fp1ng20YEZ<1~ft<7= zab{t9t=gMbL3K@a2UaY^2e6k>dUzMPqG(0vXg3da!rZwCIkv$cO?f=HQ}N@3SyLyRtC=D}%*(KaY-0eq`8JwodJ`>T+8$0ViRH-l2@ z9fUS19=4tQNwMmAEE& zJ7Ey~FXORVJl5jz9`Oicuxo~R+=|Djc-(_WO*~Qw4~j<*9v>BtMRNM{(YTe%;F9ZIt$-5y&R|oL>MFYmoi?IQB(STd$ z#frt#ZS!Jek3dFU^M{@5zb8y`G65PQ}aPgK@c_@Cx1$a3ZZ0M(;<6Eo( z5$y~7JmD@o;QfzqTyi03K&h%vuJmc#Rc#@G2-Mhta35m*b;hMitOJFuig$j);=yz# zqV(mGoVP_Wn~lB$CDF~IfcV;yL~hw93?bba&^8&-tI1=vfCpGeba5JYo1}Ciz7J~8 z?2)Y!f8-^UDxZbG&J>J0>r>-G6m0AqK@k;r%+&ZozHgREo1;c7<$w>oR4}i#BB&DO zVHN}-ce8Q-VcI~&J2CYE#8P)cSQ_tuxSlZD5@dfJ!?1 zTXX`mkOSO8eE7hlP$AcE8v!X2gKyXCJV; zHfIdj+z;4pOYy+aTv4Vd!JWN?p3O>#Qwi_3A-(*TLOwF1vcmZjbjeu^5*h#`1x-(v`xwY!CmnjdGjdjJ*DAMI{NHqN#- zvZ1RdTOylJ+E`=*ZFS($5PZae_%KIc)}bRzIuzXMzbBoGn>G0{y3VgnYum(kG|Jn|EUx}pUVXkm;$*qB+(`BY6?RC7#L@OZQDexP#_Z8@gTR`Az8;8Z+ASGxzt z`+Q9k10xFnjl>!jxt70B0*?9-vsyYf|FMr)CHU%6Vz@EtnR#hj(G{Owl+GTM*q_mc z3>NXmjr)>JQ{*;hIew-W>pp6M!b+$!XK-f>u~|Hp>`d`XqBEF)*Lh!b{rEg}=408J zZANSE%;A96z?~sykU6JK3!Q1k>vr9cmDk;ro`Km9Os z>V8c?z^@CesY7pHZ=IaFXOdI5MfA4a^XXI9xnJ7UkvYu#C&jq8CgT`=7)}>JrtK*E zM93!EQK$j>iCTww=HCv%a`v96&KQ`ThNrJDqds-{4#igs&_1 z;Ga{$);>86|Exa^Z)S9+_cMmi^$@o^4U$na z>sz4o%NjBFH&aA?`}jULIQ#gvP`cJq>01vrHOc%ivi)HYz<8JXfnNM8h*Xbrm}Y$e z)j~q-P!Y6|^pE{sWkzM8SF41xOl=#`hI+gWIbB)wUBG$=D^5vCi^%YqN>ZG7Nm=3; z(VfkZ6X6{1iTG4+@ZDaJ2d@dnCwmeX*zg7V$!rD+=!02*mS6kvbs(~gb+2w-y+0}B z&hUCNy{)D*_g~8IK9S$$C6$L1>5{zq%LOX2iyU&{57c%Vfy*)G7bI^|)#HM>u+WVW=jnpR>^o%24*_c)B~-LmZy%`mNSQ-G@|k_$>DcDg1I~c9CQz|@a(k2U zS^9+`ps?rADLx7}SNEkW81LLg@7zU={8$k7M1ITZQO z)}4Tco)fCrqs*Zb9RWbi=ZwTdf4%dYKCScP%bXrZsKS^uJ-vO}`vKH3Fy5gHGIj}2 zC8v3*mX0Bcx7mkL==IJ-N8yiDBli?Sb|S}ws$b!zy?stK$=oN(dLBYwlsOtkbeYo) z_slxuamEzT~+^Jx)|%_%CI0&9eH4n9sTN=T@JKbMWd`N`%>A))F#C zq(L#0eQ`bGCr~2%F||f(>gk;*B{dF;KRFJ&D)Dw0hooJT%8<{W11`4Hc%L$q+COiX zW4)~pY0HflD1(y9fZ7lGWcl0xjWW>j>J%>T5^`nPC+(Vo&LHLv#&t>^2~(w9;CHcIcGmVQ-#iIHAP@6Jto_X2(M5~ZKm zESGHo{qwZ+jgqj%W)A;5xyc(4H1WM+G=Q0Ffcuzn87+GC^De|0?mgi0S9QY3WdAlR! zxvvlM4QU`uav*+pg^}34v+zN>3Tj@S;;Czn~43z3wr#%*8v_(FfAV;Odi# zbVPPGqqqVkw@Nk0m{_jln6y1v2{%x}4pGI%9$W=`yyC7+ACtEuCStR@)}NoXT@5j^ z$Fa2~E$O|YCTMz|cQmPyH2c8QXc7;OEjpmNqmABJ{MG+WdCH=NwE9}!Do(w`Y?}F{W8Oj{<#e(iX1?5R-c@`MYMeyMcd(w|03OAo@qbNvD?q9J#@l3=|Plt1jGfHo8l&g z_OLBIIuMQV&N?KlN)&AkCUu|Y|H`L@=xk?=Prs)_Fn$Bff>%_9w4;IU8}Gg&7{6mV z(4Pb`vEPSQaX^i1pu--uw0ONr`)cTtR}ZajOSAtM<3yVN06gt)A^wWCwsX9O@5DBv47$Ks*nq3LnO)_9PhD* z%N^Kz_#Sul;${8Fl z?+I#txJIj&+loCEX^k`@qfjjR6aZMmgZzz&JpSb@rq%{ECwx?4k2}!hEA~*_*y&5O z&~iQWl@?ls5hlu+=PwAx{o)`TIK#WFwfJ9#Pxd)-5KV+j46T5WudoRg(4>%I99TpC zSvU(oA@a7AG&zU*9CvNKobU56N{9#bmx+Iri6>EFnM{0ACLX;6iJd7Cn?waA#$8uj zZpCe@y{M&lT*p{nqOee{@vB$AX`&x3@vh_LH<9U$Iq;NXta(7%p-eh_RBLQo%@wr3 z6D!8m<`Ps|1ujgcu;|Zx|^Z(ydqRwif6*{T1A-@|p? z;e|nsT(CpQ1v?08pAtLBlsJ^|6iRd_{{Re;R6qE!H+Xe-K(B=JyklS5*Kcflzv@`m zv-*v6 z9s~^7VZ-@1;spIlh~`xtX|VSLqXmZHA@^6%fq$G1%E7n-{2@5h>B#D4*FYZ1tyn&( zZA1P!JQRc7iB{Tu&W8MRZ7s{`w8lcysz%-$m~;00Qr`CwMiYnM1f+SoCH$YnX)ZYH#AU)cS_vnNZ^c-2o7T@gsEbppF{* zYkd;^=Y=skO-lp7aC&^85q*4dITa8-FHm8?x=oy{2^E=s3PMI#Qtp`C(|m#8@-}^% zvaVuFP+g#@HkDPGGZQ(1^(_nPXAFt=xG7NgwR1?k?RkUr;CUr{@|M;t;Eo<(Drp{_ z1NC70MmnfIm%?AF-B*UkBRMaS*NXg4>k<&SpvJ9JyKk8^LS460b!_pMt@o9O*Es?F ztM@5=H+p9tc7#7AkhNEyhKZfV-N25vA*ijyr<0c^3hnJj{begqSM_74L@aP+F2@0& zsR?S0!QM06)hF`x^oNbF;Wf z*iSvditQK^-X03DJCzL7eI*zNEG~?Dct8N4Oj?D`pg!K+7{FwB0=>rqHK1KR1u|kesCvLSJOEy=-t-ZL6Nx*qO13(|_U;40VprZ#5~$k&ocA;r z$@y!9O`DC(aPZ(y^_k0Jq%=b_{3b{Gc}P}s285r7df19gW0b0Deb$nTgj(TYJO;x^ zJlt*umw3203_0-tG~(e=R6Gk9CgNGhK`FbB#{Yn5bq{SN91Es*93Wd`s@s7YtBiLN z1R6pT1(d#hC4eWWp}o%yFbc}Y0{|*09S;Dl5DEsRl%TW{l-hoj8+ozxAV9cDfN%@6 z*El&uAG%UQ6w-&gNbGijYJDz{?I@R^+r}2?wqt%Xx}{57m~KCIrPHlhM;&GRtuA0M zBiITe;Nc~&sQ<+VKTU8>=DYyPrjJ;T)%u+A@elF<72!LNXErY$ zketm>s~v&lga%U+YW|Lnr}CQ&sb?Ma~GWVjGr|2;+sNM@`F;<_R{x!ubJo?JsCM%a% zh+41YI@B5Jr1s_xhA&bvx3bd&iX(uWq>NKJl#G80MXQ+GUHkyNvd{8F7q~Hm(#_+7 zUd^|rJk}JxIK6>N>^nGin>TV~s*&busCAg@Y`Wvz9WfKSC!(Qp+)#dMMK*Yma?1$FAjpJk0{Z6DKX2_94FV})n_IyqT0RM0Hn=AQ$ba5qN=-ILAX zS()Rvl!KTp(rze~euI&e_+935p)7BfCd2c8bsjRU%$Dg9F1ya?OF5p)mZJ(ejK7_W z*IF~4h1bLAbrfGG?r8SzqS9mxnC&PaF$i`PFO1oEwKM4{c;aj_y&&m3BpJV^d|mPD zP|sxRyHV*1#gFMJ8oS_JVK6=(dvP_)bJIaUka*;vf5g`(#lkA0U4nE4*h zRP|Z5#eQ=0#r|Fqn{k1fIOc->9kR7xX3E~qU)ujw8U1g;sKw`{u$99IOXu|9JBJOx zJe7_m@i9n>`GTiPP~ki5HVMkxa;;OCQY2C`(p4>Vze_LdELm7P z4t>WZ6{Qulu1oXleC7EmG>;B9)<)AxT-!yI=%MgOQ#eklIPPRCbXrECq?7Tq(UCM| zQG2Y(GfVk6==`8Ku071bhn?uG8OJ@rVD_Y6^G_{)_@?c{Hux|x zRv!if`TFn)bo#CrQe%`#*xEkL%0*&9v7{|&i5f~5R%EGXh^-#|xO*)s8BU~JXS`TP z^oY$2iF{s<&RPljCn~=~mdf>3CIccBK`$j2<;CZ--}5s3@zy9juXV;-Tx4X4x;Pb| zNrY7r>*?06ROWEHJ$yKY7@(CA?|3cOM6HT<>?xm1lNDAnTeQ{uJ#PZ-mf(-KrlYL6 zN!FZC@$Cwu zk_*4%ui5X5Mw3AbedrjF2~|N6JE~)qOc+Oph%q-EZ;=U8g4&-Xm3ExSX^)AhIv`#a zi{tI4ak7XCrE0Is_)P6$GFe0oewX77(Rz@{B8)6^rw2qtoOruO{A`1D!z1vJnSy!v)2CMNx=EAPJa6R0y~QoYA;3 z)kdA54g?qS{&ViF>gp}v4BvatZ-#VjcRBambN;j3d#4(&v57#djKtD`LwVg?U_;J? zkbC0}E;A>rzva@U9QzkN=nLa$`Eq8&da8)`sX7;`ldnbU166l$X=$OYZ|~?@A6_pS zc!P5Sd@%9urCcewT518s5heAOXYiU?T9v|O^i}6HW?E}zGbe^_N0CwMKUIBBlKFlw zbxu89gvN2z!rvF4etJQ=h-S$ir5iuKM9VDV5-|O3i-7y2-`|@p`bE!&&8j{K(}BE! zzSBIx>FMoG5VhM)4SYX6;-fS+vqlWFl! zj*Wk^!u&J!2$^eBm-~jg zqW!&5^h6PPVP1(Z&mu}TE=8eXit|xckh@Qzp^oXc@=0;v*-QPYRBq@tga{H&|3flqbd|Dhi`lrL<$-l{`k&b(k8f@A67J-tY~`jqX~Fajybu@ce<+2a?*|#?Y%gESS$!WM*5)sC4Eq) zKDe`wn9qe7Vgb88${Dqy{yMyY=ebN`DF*}Vf&8{v2?z&2Bj#-GzSsNb$X;-9hnroY zoe1i4jdf3l=YE9zi~gSa{WriB`^(+c2iLLD&>1i1AdWuM=MZA2rje*Yh7POrYPxB7 zH}W`iRMh0+GTGN(J|u8&K^0^7Q>N~(Ah^$W&0^?=@l^9(^93>lSd>P*MR$z~^Q~Yt z+X+yx%F2o|{2ZF%J7#FOb~U2*Tex;8LhH`ivY)+FM4*}+7)DvqcSdBXx#SlP`$ce?G;05 z&{olj@HkQK5DChAKVc!`XuN&`D7iik9tz|oE0v46YA+bEU}_X2mWG+(jKC`F%4H_tnv)Bz<-2`=@aaOp1t&@~4Vy%Gp_|5R*|0DE z%h}(yu6*3;xYbrCH(s>Ym}IM~TYS?^8OMjqu<4_?cnian88uAl;nt=<9v8~iuMd;6 z+xFS7dJI;SJVhtW@IQ6_j1fWpfTA(4oEjbGdweC*S^#tsbL)Pa7Z!&zHY7#Gfw-?9275 zO%@UO4saea+-iv!f|q)P!q!AZBKnI0j+9{6R)}$<{65Sgz*n{{(?edo@SotBk_HR3 zpz>Y5^8i{XhbX=M$S8i^2Yz`sUE&vpfXB)F#K@hV1W0)tZ-zliH+X@;2=GNmBD@gC z9(jE?0SBIJYR@R)KsSu99gXCeEj8IU5^{pp{YS|OBSKp)c*K%v z&K@?IMi+tuhN9Sg*prlK6>c>-J-Ee#QT9Ich3)&v_V2kv4eM+osvG+Y?^BPBFKlMm zKIECzS5uzR4da4!`z_Cmv|U{$;iz(paC9LEclyI&FW0`>V-?}FcWCEBJNBnN(1$*C z-@0%aN|PxV@~u`mEi5`nizKAi=_9QG4KDU0s&Ej2K_M zVobu*xOgIvmpU!O+;&c(@P;t1LO-VRmUD6BKkrQl8B%{X`v5wPnV6|U=#P%D)R&`( z)j46GfMxaGhX)bz&?eteUY0rYX+x#x=dsneW2!OEN{u?k+WIe~gK~DfWb~FOy_5#XTsMeq7$w*Yo9wKCSQ;DyK9Tw@9y3?)_!-?ig_IKh`S-1 zVLV7jGXxho~d){TPG7EO5|`zOX(w^#$E9 z`pB;%Wcq%@>oU8Gr~SIuU_5uR(_BYx`PB9ppWz`q*J##6pzBY3xm;*Oe$2kgf5mhJ z5R^T<4`nfl_^>A^Z{xaJJpPKRr#uM!u93f|Qe+ybiD~!o4P*h}H?>1VtYyG`q%$0F zKh_x;a2JQZ96}AF3>Nc8z7;s;5dsYr4jg}sKj8xupM63Ej;UYk6a!8 zc;*=!{Vrqr^{~-z+tTjnmkIi1+35Ga(k=Zive7RqntqCneqSn4^m|7M)9=$mK&7=Jg_U|A@G793dt>Uj4Xwik4{_ol^mHEXG zc@AYkSvD_Y%Fp09gQh!qHTR+n{u9WgMNZX$EZRJXj#EuAIsh-~S1iPU4n`)e$Qz~IM62_ifoJG&k3NB!ne@%`Q|XUhTY*1=>fCd> z{*9NAC)^aE&v;k1z;j~k1I_p=l5zqq*2C?*k6fS)f9R{_)&tJ3st$zk=jtY|)ImR5 z%^x(^_y;d4b~FYI!BBcW_h}I~TQj_r?@*7FsX#3~Nb-Yjfl~ac4lJa_-p+tZ8+2v| zD(Gru;1XQv`la|6TyhLl z%y1(g685o>_i8vkv%J&b_zaT|TDC~r<hNlx8#NcF zBvsVXjf0h{KVnWb@^~kQ^d8o4@XEo;f-^7`Dr)(L|BsD<7BnNdv9LH<)oLk&reYo2 z9KMO5%PKlXxqTdllNm}65JPpisg&nN&TaRKcGTmAfneDfk2 z`f9yIusaPkID|fnV)>h=rz8bx>G_}hQ0akcdQ%JV-j%W?x4~Gdm{km!a1Zn8{dgrg zw2r6M3T7fFe+HJyp{-+_{06QlA?-)yrWLe>4DQy5yR_dDuA0SFhq!7LSA4LJGhm1- zw#4*6r)W~9tx4@a&<$kGWU*8p`ph#>R+1f9evF_X)q=YfhubN*@Nhc?mmY4X;PS)m z6s$YkqM(u`s>sr*Y$aQ#L6Rd^pluF~PmUtzjz1g_a^~$$Nh;EraSH-;TH3LqY4Lim z3lc9fX-h5a6DZ|B`egpIh!>|qKpbPQkZZdA=M*ZKCu2>O&|hMoR>3>UR5}uOpHm2O zb}Ze+Q<_A{r0$MNG>cBgWDV5P^FJw7yP1Tw2EDD-w%XYC4EB*kHjNT>1e5SaQGw2* zSg7Im|3?;qzM!3&!~W2Kbr?b~^pY-&+t@PZDPcXJ3**e^$-ByJ)jGt;DxMw3$iz?nK1=8Cvlj99Sxb0}wmt>< zN*{Nz(&vIQrOzc(Q63kh%_03zq~#T9SEQ=i&FMcXx8Iy2)fIQ1G?CRux-d?y=FW2q zvIOo6KG}I<^g=@J)`YuK8fjO2?7?Ll=Mx=B~kh+>qZlSY=-NDqp z>haLEBfA37$ALX5N?<}CK%2KY-DLo8&;qpP*vXc6eOua~tqVPRuRh+qX0I|F;JhJI z&1><08zQQJS7{QE2tUfM5QwR53L$*}-_00c=hdtMc3#aLVCPkJfSp%M2gE3Z?cY+4 z7mEX9^w*|x2-K47NcIf}+mgVrv2B^1%5-5g&0{Llf_Z7BLvPZ9+n(9m6-uGqX!r6- z+${F0bpmeS09JsQl(bzU*RScX(vwvTpMauP;;K6E3hfCk0F80XY1IBE!cu25mdc3s zuXTf`%KjCJr{V#rp?HT*d+9+23LG>7{c8otrMSS^GVjCRVqIZW=i z*O=+RaVM8*M$G$Dh9B3pES7}gckWKd$k13xP) zv%**j#nam;p1;i!C1uHSmk0s4h$k3|PqL<>}|5W*PrkG?hPCL30z3fb=?4od6yyXey!<*7BD4pt&o>2PuT! zg5xlHV&_ETp*;$GPJ2_7%AI?<_Mr}hxB*dwRuJkyQbUOIY$49Gg*eY%5=R{bb+Q5_ z+ZWWd9fU?4iALywYe6$zzXAVhg+7{BjNaJy%vqYn5JApo9vY@wSpENea4h3ea1~z`dp5Xf@rQbUz{c^O!D9&qM;<-_T7r;jy9iCyvPt?a?hVBu0+P~ ze98`LoKLGWlJvqNebfkTzDD~K-*qQ%jm)5q&K8@E(y14O5_p6-7U-u+gq_ZPHjQkW z>1o@>WF@^pE>*G2DHMVTB@OsZ1`BIztl4o3hfNl@SV~s7Sc7Q`x-ybNX+15(R-`{q z^BcTP#u%gm8R22zCf4r;c+zJFh_sj!H1}bRRv&JIZy>RW-3q6Mft%P=fPouvuH+6O zUc>^DMXiDaHabt+#jUP6N`O9=b%MB%gSaAJK@0xsfh|Wd3+sUo_{RufWp?vxD}?W4 zZ;^I=X_59kkdMJCcaG*zbX_I{D9{blCq&pCuU-Z8sS$kVRKPoff@_o=bK!ZvHpRNik7YIO(hf zEs%jf9&K4B{^VEJW;reH(oex}Es%|W3o6#KGRv=?m9JDDN)9o7p6N>~(r1+_RlG|} z09fANBfqjssoYFY1FevD4sjH6fwFQQxxlImFR!eFhoiA@45lLk)F^}EQUt}&OqR!5 zfSgFojE9gXMrVw~o8SM!)LOx*^X8PHqr@|z$jV3t1$wa~ZV{E>)|0*Zbxt=hoY&EU zVrehP(ZOC>yb1B3ImQ|#ka7hylz7`FaL#T*P)Et)=>7!763c(AkBRk;igf=$Pcep9razG<52A@#=>Fv zTj(%m!XpWcr6u=I3cb+d|9~=2|B!$(%#4xBU+NnvbR=la67^<@db7CRgldPIVG5QN zQv0zrFQyl;))CYoZi>!L5eg9B3c0~@w@B+M(rQU&=m8QIT7YDQ#k=ec?N&3wcp%6BNqI^8Ebj6*ghPVnT=vQ&=dKOB{SfvmXAH-;_!^ zncXHil&bISQUjp;A9kt1YC&5jrXkOB61$Csqe*VCGe%z|NXf*85-BoL3X{%egGF*@kB%^R5&+V4I=nvgM9=?&w#@!l+_sRn z^?$uBJHLZ`U9YQzKT*b_#d5VdY!zzA7F4d6;32t^pAi>W*lSpvqq4AO6vEM}_ z!CQADjHMMwQ(HQBl&a&thY#U&{G(dkAJaiUji!S6c!p8f~?Xbazj1Eyt0WBc*6|A~BM#y`aC^w#w4@|9({*ZznHau;gB zt9`rN@dn8vxAu!#1*@19J)jv3I2JNG>w2Z~GyMCE!`IWB*Wf=cw2i|bb)M`Nwcbcm zX)F9j=^1i6Hp1oL$=;^S{TzmwSD)r&-@+s0ebT-zfd3&yry+6cgFTL2ZupBl+GaI- zGt6^!_cpbuj{H!tM!dm+DezDMH(iJu0HOmAat)#5ck^jES67qT)$G>Z^*Vm_f9TP6 zhfc-a|8<>vdV4&b8_E{}4iO6xB|AmQPN`L;Eh#NaVfF#L3*QmjyxB|09)<~!BQyqw zk(5f>4xV5m1*$^Fi7*Zs7alRC3u?&!Lc3+&|BXTbCCLORbg$@0#wdT>1;d0=*#Pbf z@ojyZ6YeQOG(GAgFwF;K>je8%(fhoiR&Y_7s7ts4NTg7?r--`fLx)*c^|Aczmd*^Z zNrJ>o2%!y&hEDJG=T~1sHSIpsQ6TCN20hI}Dz7B0w=lih&ml*kuy)v2 zV}&)z9b@~D29jWO;79-q!x*jVBq0Pp=aTAAzi0$49|9W`3!_9m-ob6 zxtD^j6+b8QfGDnwZaTU+@H1kr;4TDR`7oCDRCvU*Bu0Y2uSOU;cV{9o0J@LGTb9DVW14oQO`-iMZU(29hbHaS_Q| z0^1096^W7(aay+y%2?id;Ols}%B1V457+}t^HikJH5N{!hjhc(bmNXLAZog%Au|qL zPhS4={38AOQpuc1Wg+bt8b?0pCZ;U$YGYx3GTvZ!DeQOlVlZ$48pnlJSgHqJqaTc1 z$OSE4A?QNlKRrwuCufL|GT`dirojgcX@sSYR|wLC116Me6b_hB_I)^DLYsVq114nI zSfF%~iNh=?XpH}gog!r2;5E_VS_V$~G6GJ7O@%edstTUpgM{Z7fAqlTqu`TK}Bm6S5%$i%M?21|nv_QNS2=?RIq}Q_T zZ%q{;i_EFQXH6uSBQh^V&JmgTBp}gYEk=)ODju2__8c72{)MeCi zF$083(*t52kYWo*L0J9!J6S?9si0z9G7aiPUag&1Vu-Y1~O*r=2o##5FC z%(P17Nb>yEYK513MeM|d6c97^d77~lBoxnR;ucje<5`<%o}O?v=4qW}tPb8H=c(9; zHat)16`H3ve;PecZ~rIe>FAxH{~_jKL!4Q@s>PYqewppYQ*>h_Azx(1I=;-{L!Ihd zaq~=h^MfzM%@^oqrudWugmFE6s)!rZ65~?bpsg79y`LXaU3t^KFOcZ^z8OK+Te`Xs zRQ*rR?};vt2G4lD=>U}nIbu&NU{rQq^ zRLvt-5ni0=H~`}bbTiS!JonXfb>&x=k4{Xn-`{??l~euMyI>9bIN6F)WnNCq>v%n7 z+L!dN?-PV%F#+rVL9Je{Dj_{D=IC z@%5Uj{@^!we8(Kf@vWFO#@7DVk=1pe=UbdKz8eDvjQ*zl{pF1VEYA;Ac>=gw{ih4# z#<>Tw|D3)ypz(n9pQGHr9Q56RDvwj@epz$C+Q(|J%4F*bYl)7uZ6JnS|J_sI!64!nGcP3gU{;sExiyS&;D$M45kWMcib zI_KN_*=!T*uhgb0DnYFD403u#lWV!y#au}iXHJldfX;I;CjNbIS6~fYruqGJtTjLI zHVfaqsxM~n(z=yaEc)xHAOZ7TH4@{WcQP@!{Do#Rk21OE@w@%4+EeH1h((0L408Z4-WxiA+^J18TMy zFK@?i&3-1$U#9A_m#f;B9yj~2?W!8xd zedsVZ8kkdv+;cWi19;0BSM%SFq) z!dosKpGixgr<(f{Xzw#|+az&oK-@Ot!fiy{nl%3s3Uxz=oM(QyHhL29KLT)eca#4OIPUdzh+aA23y)@cZmNNU#ChZikJ$t&CUpk}K@%?{(%Y4$Dm zXg&FyZO_z@$0G4hb%MlKL>wm4r#LfA>c>7|7N*uQsh8umIvWFP+rp&&_f{tLdGFg9 zxT7g7QK)8POr0rFV)skgH}_tECNnAG?yqEik2i=1TZ}KBg)E_q`0MS>_bX-}nZ)}M zq}w;fN;j5WY^~Lg+Mk2uiz7lo&=E@Jxs_5mKr8U3BHrq)6A@6# zKx%xKG{PF***jJ#Wd9LEN2k<^q03t*hVD8`DTotn>y6u~m|(w!+fAiF?GzJ59w!qN z2`!dZcPO*md0;b-%NP8ouuP20 zJsWs#vCO1$j33{m0Wrs8teu{wgP@FuW$aWrETbmNVd;F6oGBm($V=^sqwnLChcD2b zQDsK|r^w5Ti}2_B^L@pvvy=Sk=0|8wu5mg1BJJNr;jyua^!Yn6`uwx4QlF1gb^r2c zAqdFTRz1PMkhLBkp>B-Yglc?otEI*-i?7B5AB0EhU+?iqRGXNk+7DYtU%LkFYEQ>Me9<&7leXZ% ze;#dZ76-1@=HQP%kpFBp&uPA7#n%Z#8hs

F5 zU3h=X3y_*q0Pt1dRQ3E!kM7R*R=w>@#gAflN^zz*qW5k-dr^OYumBRbdi{op}$oJZx-9qz7XStVm*zvHQ_x^1>eO;LxKyjx8R&cYFUVWKj0uZF01F zx3;ICYb){AVm13`)$zU>_=OHk)F!6WmSEaMXVY+G>?I|!B2cx1#JH8w!7Yf!O&m?j z7#fU6*3e)YONbyHn?2y|eZsyBlhiI3ZQ|Lw7p2wKGioPXFyV$E2pz8&h z?!3C`htk$?4&H%oL-EA*F1^3I>m8ziS9gN~za*C*=FMv^-&P0;Bv%YgPV(oszw60s zo>AgOx3cSf>ju@i27O}k4_-S1uMJM}_eMGHt_E-3Hvc#654nT+4o_aI?{sf=t4AwH zcX!p{kF%*D-0P5!re!egSr4D_=Fv79FEQvr*Geo~#CG7f+L#e@;P+5^kq`X-8#8wJ z+;bXlbUf3Ow|;u+pt|;{1-b)?sI-`_yr27=OPuB3fF>Bl)Qlk*=ppT&Fc0L_&A3S1 zABhm_&XwvFo0eT{0d7}egT=qMlB+u+rjjRuAc=+?EZ zar!#`t=PU6x0-!@>UH`y%-={ZXtuiSMwj2=F3;4_uD8{|p5*eQ)N@LmAfHssWqXw)+|>84e30?-QWu5 zcCq=BzYiUld=Q6UhSbOM%V{5&{8IUfonPX~!yEQn9u~*S z!|x7DEDv*qKuB*I?o2ETJtOS0a3#xbbZWx;ab!YqU93zfdf$`@4=%UMgafDVF8Gi1 z-JhZFgsw|(qLd_)sb>nNUgNTKUBm09{NEZ+{;!K8|F>H5|7A=5$K_{b{`^=z_9SAz z&fOLtBXb!OM^%|CTr$J$Y>` zM~~lPa`dY&h4p(pJQw)S@Z5w1cy54m-*|3tcbslwxxW<&EVq>n8ad>>@o3T88!)BAm z8(t9j^}pxuXW9=Of4>>pFaBPnY&sxbk{#nxTfqO(Nx4$P^X+PmK?Y-6Frgg$8nqE&YGEt7?rV}!l zZt=87UrzOU^EN5-hto1J3mtegpA8-4MxuiO?AZMn4e~g4D|2t)%iAIbC$tClJoqeB z07!5vOMhIgr>h$ybb+u>zb*CZDu@VM6mlMt0<`#t6@zBQf@Vj!^R|>1k{;+; zG1QTyEEaF7c`Y;k>d9{QWqBPN2W^dtpStk+VZ-QszoK?E@P10N3is|U%N;1wzW@ZR zd{+=q9Ox;jI^zvVYDrZ(uJn3(kq#s_>YtTet3F>Gg1yj^`ZoMap7v6YR_E4dLKaXb zo2K^=Ex>ftood%cT0v8OgnG_QXZa2(5ORk=qu*24jxj;+(Zea?fg3vhj9j7PdmJKl z{0~A9Jf~*=pgMkD4!`oxUH(VV{+Hj0)2YX6Vmo#3J7%Z8eMU-zQRg!NaBFo&4NG== zf2cDwVroQZTsq9ix5HxwG51F`@8j}MNxBcor5-ip7W61U#|qM0atnImM^SoRdmTna z;qAU5>kE3~A2+&s0fhY-Lp+WaRquUT&nz%(AD-t$m}=TiDeVLHJ}Xt_d>&!is*Q2_ z{oJb9em}C&?DtPk%fSqsCkAu95a}Fy)i%1pqUab#Z_5l{0f;W-8iTWQK?%qr)k(+G zniB_Ffk^k>4k3JRhd zWRoA=1PS+)3znSBEEyw4&Sq|_XVLqL5WPF6ZIUMvxE()3FS@l3qjouq-q*oej@{+U z+sE-|OW2!d!UFNVCvVe?1^5uIEn!^wER6*5>D5}g?zY6|U)Z=Jes%ny1lZIHrlmK> zk?6m?7Aw*J)nrO^*OQW6D~Aep?fbmEahbf4!Z&R56@!A|-fWw%=D1_bk9Cvu`Pyxl zJ`F<(dSHg8x3q6&;t{KO`Go>=dggiwlJuT`5Km8%79Db8J{Td4NWz}b6lYTQdo6ZS z_K>~IGA@5YcIu-c3|WlRo{N^SmOl1qo4oo|=7K?8-~(^=&hkUG&OuwlsyGfaVie(mNBPpFd4J)F_TmleI)YqG&4kDkCURZl}Q2LI#gN%Yr*^ zvuwq^sSR<6@Ryfki7>9gB*Kf2M$I9Xzjlo~Xcu&@!du0Aw9QefcUU*tbMB{>>K(?a zmt9)C;+pK_Np!kRPW#wyN?7`LOaHFLP$1a-M^(RvrO#SHDLT8R3r-(}PTTPv%tz3S zNY^@e;AWD?GMIL0eH?x5eJNI77u1{j`o2dZ_4NUv#}_;PTY6-EeIV#DvMvri&V4bK z9)s#kddz<~k{%GQrGglB-n{prp|@HZ8qPXsUpnu&*r^7(lFJ9W^WHE26tkr7u@yu6 zB>9l&D-L52NDKz=CGG3nd0S^p^=R8Y*;{?D4yv=+L&Gt>j+7;GDR_ z9USEV<$S6;dwq1FO66phBV!$Itq&X+m_-C$+=2DUUhR_f&`2RiZW~OqXp1qARSD(Q ztcx>+GGB< zzX|l&BKAXuA=8J?#**pnH%&4f_h1a7 z3Hz%eY#=!7Hbu#v;qfI$E{*%uUsxWi;Us(VEi*`+aT)03KihIPbyLdHHp^GF8lW8H zeOr+9B1zKKCP{6ct50g!K%k{kQ|v|D1X`f{bAsQ8v%DYN{sE!x5uWT8-$t+F z{Xtui4@ds7!-YQRY5K?7UvTf zOm7mwhX@PhGGU>Nk9J5=^nomthj*V8X`$@-j|Aiql7JU4NkqV_9t#ujIBtK%{P}zaU>YALL-4E+ zrMPuO>+8Qr0i}?Kl}RT~H6XI3)_-$Qpe>hdA2qNYiFSp+nVypiGd#+$I=8mPT^|~P z&kl0$-lq1iQ+u?~H$67uvrMJ(98>@}x_f8nO#ISQB&wL!->uK9LwogV+K2p{Y9Ibp zs$47|*KzurQu!qxQt~ogdGx0_eNJCTd2{kx_nb!Raz)Kt8YbV2ikblbxDkN}%JxQ{ zTIQ%=FG%b?(=Sy6oY?J9s*b0PA~25Gbfh62qG^V$&2wJhyS=bL=N)R5KJKz-5<1d_fCYN0)|6X3Y*=?WPku)$4P@q<+Hr(?LNBl=ywr) zRDC|vXHFv>ZN^o2w4LOE8rVo%SvG3#7ip`AW3)#H;$K(QF8}1v$y82Y9p@h^mGgNw ztod|>;zX%;akio@RL1?JP9D9U5}@lacGu#&BHh0M-Hfh7spO6P^}8q&l12sbJcqx( z*xY!lM-=bL+ox!4vF4__^}a1M z)wjaFU|s#T5*W?wp4!aX_A(D zW{04VyZ)akYOtikqkZlLY`Nt@C83skDZLF3@zaE?SiyhXp^a3G*+l>rkprx3$5e(??%W8~*)(B2NsYGvM@+ zBxBK?Mpw)@R^_5;wsT?S!Rh8i@|t z2Jt@M!Cy zx!fAi`|PQKHzHKl!9rzih@-M-i4~H#BUILDkdJPC+yPfvgDjPGaYg#OG?{nd~ z)xfyBcl(3(#WHI!8$;(N$5T}2f+|u`Jwl^5r;)Be4pL2+E380T5sH<|LoJR9&0I%9 zZ>`ivi^a#Rj}mm?zBfq;bzn5+3i0+6x=^HbXxpR9UT?|uJA_;}-1T3l`mTgLFaOSx z=OLqNzR?vW%fB)5=d&PTS$>_YNENaig9A0&X}ow3%krN+iS{lZ_p)W z`C`23(WW$yYAQO#l;wsg%MDYO+d6sJ3fmA@ZB4S(4;t!zd<=qi8h=8;;RD_El4hfM z9;DTGXah#^XpAU?)^E?6(z#uelJ*-m8`FM)Z7jxii}|EQJh}N9^T{gn$x89$BwE9FbI>eSkVa8egqStB;R-eUW++0`QTw12v$Rv;)hwI4 z*`MLMsZm93sER8K7bg53U$)qVUm$J)`~Q7m-0!8llxTlpB-&3GG7~%ts1Mh6dSIQD zm*R*SDKDRv@)AFe#D(!UK%{S=#H$)l`&*j@iGDL6l~1gEFRb|E->vfy;@{xOusV6C7_$W2ws&4nyC7Yey~E<=4&ZvIFR zRLD*Fwi+on{ifW!!IGP|WO}u|UdLYFC1H^{&k~t+5Seu`BC{1fTep}`4KLGtYNdJC zrc~-I4qRC1+mQOe^o7!$U994k%*o$TGtDK1IA_+>4mA9x3x%f{hb=5I18O(nRrQOql?a^ zMO&yDm`O)2=9z@n?4ec3`K#$fOb24_fM&!?g4KlFv*hXHqGo~b3)A(nRGU`9l>y*F z^pMn%m7)Ll#OZ&X$D)C8)GE^gxDq7?W^YIe{Yri;07MqFw~_p=|7WVN976U`!xFN4 zjLf-~kewif?9aw0b7*So-oI=3pQ}ws(Wgjw>Hap}g(H~OW%G8OjP}vF(fr3%Cxpt0 z5JRC9RBTG!5mM?NcbAd`i93`fE+?u%+AcSxZFpEc+Uy!*>5CZJ2}q&xw_#Wn!c7bQsas=xbNmP@m8|IpxAohXJZuI)h8?k=z2yCt`VdlKONzM({x&$88o26-z}k?UOozJsDkIFvxqA4w=>!Tg3i+A6P@}N%Eb9Uo==rzGGB%T}vSf|*N@&Lg=cd+l>9>-R9N^$9!VCrRR%H0&(f&to~&Z#G_NMNm)=EDYU zZHJ$HUM9EU-Yotz5;1cad7pQv2=E5#on03e+gekFk?k7vwk*N77N51U?{;2Cni!;! z!M<}V*76~N{wcUmlff(SoL67SFjc>wI^))F&UEXS&PSUyNf5l*LW$DbNXElYBVg*c9Gl{Nr&thuM|y(MwbU&;Bz2#X1Tqh9oP2n`xV| zu!5vKiSK7ZC22cNQ+kiF=AT_%?KhKhJH1Hv7P~5u)cg&Zikdf*p{+;vvhEw;(MM#6 zGw!{J+4Z5LX#T`O693n(L0`2W8#q77?<~-(2(uTQQ$?WN|7X0a%%|hQJ=%#LZ8*G# z7dwlz(HTPc5V0bSZG8+N?FhtXTyRR3G`oWrIy`W@&fUen*%oE)cU+dY%@bTg!;T0C zJLWVmigdwu?E*e4$!T=uf^qL9O#s*b)KtqXz{6JGFlibvNpmT2GKT;izPyN0ofEPi z-7~H@*-2pE3EE}|%V{ZLw{P%|IS%}CiQ(1$;f2pU|6Ox1Tw*ZNy;?))dcvXv0~V2H zuY{FU(&{e)WkA|CW!@KTXQ%lP21gh2!8F9yWJz4B@vUOvYb=GY@p5_z^%^V5#eIlZ z`u_dlSaFz>Ztx6N-?yoM`_RWbEK)27VqfEvk1-F5adG zZ-am?#LiqYbk?tYn(X6N(FS%4kY&cs+hdSniJzUqzvUt_^}LyO?}1-Cn0C#B;cAj2 ztLZSS5r$pA4<3}&Tt73x{s;T^Z!Y!kuYXfYhj<%-S<<1(5l1>qVd+pwf-ZPlE|{4n zrD@~#4m0uwk_}(celW0!G;*#2a1)9)ewtp_2BPDsKhQ_^wxq?i+ z7j9w}XfrpTBUiFyfg0waCReBAv>sEL1=@_s)1{r%!g*z2?!3F1x&L{$$@c#iuLOJl zw2+_tW3kEhpG;50KazX$!`$PvbI+CKf_w5~?G?c-&qQ)dCUeUhl3U2v>(Lt7LU|`} z3$x1kV3iB$ey}`O?)n+aD)&H*6s)5C=3u##0}vinU&LI6lt{S< zOa=?tHCbnT_DAM`I_7{i(van5&1Eqbgm4j-?WD2H0klKlb5ocDXnRN6B9k3sk^@>< zbbuoy2ONAObAVx7?UTcse-{t$_jj2C|Eu}rmj(Rft3~F(e<7Yk?U!Pc6&d!?_T6lg z6*f5$g&%mQx3GmuP8k^p@tT9}(Vt}7MxP@NRIVU2L|dzl*JhCw^)Qd5zm!=f8@D~dzkp>{Fw3lEmQgB4@r9)-L+3ecWo=J0%c`}P z^^df8W%)*h%XzE4z#Vj1p1weAgv7%gCJzhq7`wA~8t;D%-TNnsD-QY&V^+o(sMCul z+a6%GTjtScPiD1?R7`)VBoiDn=>-*NT3~!y6dc-Pe0GzNdC2OPWxe>RlzDIs(m}ba z$bcs0-AtfJ_fB&Q*J>XS+`!28P2%=dy@rbrl9-bi zwn2pOVSQhPX3>#Uf%DL1I;tIbiN<0ck45Fh453CNgK0RSvKElD)g2rsP}u+)Y;<$( zVLa;h2}CAV^J?B4OtxHn1GG9@ZFCibuNTQx{7zX(Ag6qawCGSGQpI< zZly*(6eKlr4~i0*03t|qs|6@AL>Tid4zPC`&f^)3Wr0z11Q;8OSVgE7|Co&yPE{bv z;4p_fuTGi!f!W@7L~=_6jY~jdFAyxzxTHH8A4C8``&g1WUs>E3VoSx=)QfCQZ80Wg znoTW{O)aCQF2_HXLIp451GJ*q1D8KO%C9#W+BMn4zfGZ=5ccM=4AMZ)rXl-9&X4&d zJK#{2e&pF5McR~3+vFAK<1D=dcrW!ZGn<2i+##sL;C&TR8wHo=eO|8MW{0@BiQ&nd z4J1z^&>5&OXqT<+Ad6wluZwMXL+D1c;U5sqDt8fLuA==w$f}vQ7^HxMJp5z+4VG`)m6jlEMyXV5&QsAP`NXg1Ie5L=REqzgVtM{}Hl_^;74 z=d~nn;aB@`5S$7zk$+O0Le^(S7m_8Bzgzo3siaL+D9P-0)@q|GOyvLV4N~8oRn1S{ ztu{5`4^!lmo%8ug!=0ukY?V(ax5SkN3Vb|@wJ|)kX-8ijMISg1nSWRzV+33j?Vl+X z^7N}Ep*}=2+ApvbSs5thUDp*FYy7mERM~keK9=gI0Tcpi2 zShNEpns!&PyLP0TJ(i};o}ldULT<+I%HK%0W0tzf|8+h{M0r!=me;L6r8*J=OEBc> zv~ciV)|H!7?R__rMS|A?c@*T5ss+n?71wXf`RC##GLK+Pc@)=|O69L4T;xu^O)m1f zCRzJiBiV=kHo6R`lC^vgB#h^ZnMg1>rDB~FsPtvUIw?)>X$mc)yX-H_8}3vp>GUu8 zE}*w~4`BE$K=0S-_)~xYvdAHWmK%4pK={CoG7Hr#CwX&EeL?zrzEgR=S5ZZTfOVKq zNRn8p>PJ)z?V04ik5f@odphVzy9QE2MwTpxn(=C%8~2XHAQzxrx`q(H5VL$XmaXT2KE8l=O2MR^3%Za~`RLI~dK zSl^D>yZrRcNL!|izK@XZ2!f?ge^1p9<(%*hqFW9}`)cYAbxWqEt#@;m1Z*+8<-e!> zO-#T$0z3gLDot56{8}liT;j=%G&RM3$L5oh#S>q(`Q$M9gk1#)7o_zW!E+K(gS3mU z;0Z`u&Wg-pYiC-#8Id8@Zw0+d<9gWSNc$i>Ke7_|6N)E=HylqiKWZ55r!e-XM`lbc zuv!ifuPx>T05y0=8E0cYDv~?58;>INkB~zh2Whq&3vmh5?&}{8_RizZ%~Q?&B!de$ z#4dt2#`!mynTDxAs?CppAoj}R%F z+3E6*OV2i~lkz_oNY}GcHG`r?f!i=cs@Q{00bf|CdyLsziAP#PU+~d-BcN?>%2Za4 z$%4%(AezgmI7d)GJ_E@+S=HX0aG^u3LMun{Px|GjsA7Uz598?UEU?z1|tYU`|T=eiZlF2<-)jlPy$fDsV zM~rBA^h(p6jOkw&qSzcq8Kf~%2GFEb@fo+;r=C1RnNJ{=yg?rAM&So;B4nBrqLcY# zb08VX1GdLVzLP;&F(7CugR*mg3<>BO!Y*2w5@Q!BR(qri>(ds1)%0ct}(h~}I7!I38#$;SM?zlF@FEu>tkU=`Bp-vWKUaDdMj z_S5sMJ}j>`ka9_j<<%}qkzVa{C^Iq0Q5iteR*QMayG)Ejp6!yXMpsTEul9sC;996P zQad(`|2;o6F}~?tF(6sfc|F(>3=!cRgp#bHlfK#i6CU%qz1TSoScIli9z_95M9R}D z8ZVsFmgg414k;0vBk^#*$LLiIt&#K>WLbDwBt-k%)1}Y-yTeV?S|U;F!Q^ut#}KI36VX_(QfTSuw<+8;%g=o5lfrMeg$Fosyd83GI{1$=-z)i z$16_cF(X#9#VjVum<5eYgm@NEyo`>4;KeY6$t@_(q&9N<2|AN`B04oA48^GtzWI=8 zC-_*Vt@oKw{E922w0r(meo`>oRBzW@DWBXeo;+$j@yaJ@KM5nm=2=Hf0^=f#5?YV) z#cVk&*P8WYh|&hlF{Nsk`DE`bezLj3eDbw?lJ;gGx}LOG$gdhv)zbl4)!s6xV-1OW zUp(K$y=gyOl8~d)qd02JrLw%2M0pI{neRaGv^_`_6X618T;QU#9i@z=sda^O!__25 zR%1k9>|np;b7eInxSD;QX9d}r88NCCv*>hQPo(Oz248Z8U6FNZZ6+&8XF7HzMHG0&9T zH&8GQ8D7_pV-Cpzy~H|BM3W?kkUY-CwcOyOUn9MWDvdu*glHpA7VE#)NWXv?*jY%{ z1nP%Rdw4o@p3~HM_e!ILoi1j~rgv3TgC|-so1|F%d)#I0za*!P{QkSQ*?$RJWdMrE z)xG)lm<{4Jq2q*e4Zr${=5p``P5sJ$Rd>Og(2lsugshHcQYK@aEaXI#v5M>=;h2!* z9!7c1(CA%><2^fjhvPjGXW3&uN#U3eP3iJ;c)(~%*OVk2u+FFf>vypnFyDBQn++SH z2l}5Lx`f&$l)RAiMjQ*KCA34NMQ6+qanTv3;Qe5{DJrM)lU_5;C#&U?v@2#tH8TjE zgyso3Nt+UknJHWM(PgrktUlMBU@?&V2D1gfp{zm`v#_VN~% z{?2%4TcmU<71Bw@Ic!@Bs8-nF>tr+RK(0UzIb4(yFXE+C?hJz=ih6~_nmRDEJ{p4Q zVhE->DVUlSCye$!#B1KR>Jr1M?QW~K$C71j@3L50#R)XQ+E`y}+@LHR$F$0dLK((@ z7kGwel6RG7_~}-t?V#8he(pG1sLklwf=Se3N}0DvfK+~^RNaY}mpekM2zYX2FEbq3 zd$WQgd$Kx2_Rc5G%hjD6TivFMBO`k>K;iIY==Lo!u|1`drn(j13k?>ckK=if)0`3# z0G#WL>|P=#K}ZTZRYB(ei^$&3d#%VGAq4$w3n8>zz!M0W#nJ(ed2K@obhLw9hTQMe z3wb7G8h4gLFyAHYk(|VlMt_fRq*1B*vv4sqo1~iip=eXO%tF|GmYIc+HZ*aYI-=V2 zzy-2Ro#RZ|qf{1&1#;1(Cd2r(X*|QPEH@>|)KWS39~4iXv7THkpQQa(9@U&6kPez5 zWDISn+FmYOF-^20*!y@<+K?HhBuO{xIaoaDm~KA#p1?~%sMDrIxmvmXbzULS#DN?VE?#Xj;;3#7GyNS^f1Q$t5G}PVe&nwOVuPw` zUWXDu(t47Ns``(#1jLi+Qb1Il$7T(!G$P+X17^Bc+Y_2evI*fYuYMcCJJT}}lNt@d zLs1F3pZQ~fa?^C@kILtU8*>MEUF6DH6G=o>4<9-f2V+L!J1Cqm`u)T(CdC@oH_xl~1$a zDy2XP3$9_RzJ@4B4lv9Tm`th?c=6yEp>oTGBvjZ5v<;%DSOj!K{9k+o|U5ROUX)3AqWhek|Kp&TNce}v zj3kL6&|EI)@pW`a&TLgO#)}jV|I7@BQ%FpV8Qdw;MYuW33^yZc2qzM~_NEMpueBoL zugHk_&=iZs!fjWg+pfm6{pQ%V_oueYsVDgh4N#58-sO?wvUl9B1#2>D;*~GB^$mKfBoqjt@Ra2FEGA!YiCRa^`~( z$?TxuG_=v|+(xL3xbs=5d?##O@sO_(=$(2q)(VZo3(^@kG=79bhQ<+UT^}bj-ig}L zwlN|!emSp?-=oaEIMp_HCXI)s#d8NAAmTWCrkFQ~i#u&`adY}G7WZ7nuQe$`pQ=oe1fME{%-0x1vvN-rxukZ@=Fp!d<*H!By-Q&RA>c0Hwe+>b{4r zSH#dYhV~{!303k1lFzHh<0jXWU^T<$!_DY3xfPjX2}f|$T!ilZXgDPc%r-Dc9XwOT zWZ?!QAXnSVP0#BnKZH-6>uPXoeVc?un76ZB;mj|-xtYS|5MWA{(42EN zkV1{Ng1RC3sY%f!A3`L52>(b)CHhVaPy0L;uirh*e$$E=7B3>?-l@zxSA^W%H#5d5 zC4Yu=Ih{9=Z%r03XDVRM8T1nBGcd>^n5rWJCprjYwk zE@XAd}))VGKNxLmzmzZfLDU7_a^g`Pp&n=9ISN#=5nr!?kMLl z+Io5Hb+VUFnx$PNN}Dpp+W$b7)_an8^2=nip5x^cPOhaSy3A9oB)Un%qpC)D*_K2% znY?Ba);0{6Z8#onVD|!b>Kb9U-e5N4HPJvg7^GEBo|Z9x;tDfmsT7bO>S9kF#rYq& zG2Dja$Tnn{ZIGV2gKm;-c-SNRWLDuh*{mY%ZdbxSWkmJqdzUQFi}Kn>+sgaZYI0h^ z{+IWNS>A7>`=pLP{2G%}|C&Gn};8 zk}{K(%5&%^q`a~+KdZXxWq}?z89q(KyeLs-jtCZ0ps9fT_H7hq+wIZ)Gd=o?Vv8`p ziVhWf^S)K)o`)jcL9c_6{~%nL*}mjj(GVEYCea7z?i8o8GDvk+doxr$$n?xZqfRh) zJR*-9t@)=ICe%}h(b~w0DT_jUquhC2v=lyi7o7P6A^89U<$yr)Z48b*1Az&P1`?LXu=tC~m}D&Pq9LK-7|Ii7 z5~6*JxtieL1U3|`2eu=5OgX3c+}X(b0h0Pr0T1U#z{AYs$h6nYP`{`N{|;{oW1sBs zLnc`ho$UcyQzV9uIG50!q=2#h1~%8}eEOMeuAfQTfE|Bic}Lmk9}bHeKm-#)LpZq@ z7WyFvNhtOa85DVq%KSIcHZM5P4P{fHA%HHE>O+T+KZ{WAR9jJi>pM>J31i^?(R{*ro}68Z8_Xsiw6BtK;lyB1iWzJ& zoP;ca)tR?Jnfn8W-}4T+Z(8M{jGn3?=3gnBJgnGyU^iCPaggT8(h z|6l|MeZroH@N8n8U`)OzN*0229id^8Kd-9%1nx2a4C1@_Pmmx1eL-7TGcG~j-9KCO zWdoScYVg>JYV`ZJpeX8-`PL^}_D7)zIVE4jh;i9PrUg+@z}vlQ>#ea98<>RCicMCN z1J_}^WDXoO5%;9G6ryDzfJtd=Lu+XesxSt++9@%?F`g?Pe1(bS4XzkZ{&^WcSw6vh zvdMhXDV{7CZyFn~i6^=kWY&AIt@Acan@O9T=XFejIn%pAeAP0+{OYzuUk#IA4Ix~Q z*CUgDfxQJcv85!^_=ElUJz}Pr`GRnhN@Z3A86NA8u`+=?}@%u;f7e(&RR3lY<2{93x zFN}}X!_v86bA!~#j)h1w?`ODmSKPhvMpz`R% zjJ$2i+#a}q;uCJ~DYV}X1m*;k;Lo>!ylMyX-*7ss>5mBm`AkEpWen6wrxc8I=j|mR zkBH^_sTPnI-Yd9PQ!Yf&soE0Z%SS3U^jz3mQ>a5XcWw zpK!e2Q0BhMNwecbDB{U9?hs>m@4#@MC_8C(zJ=daJ3m|{cCC%T?`VWRn>=esT01ie z$DhQ2LyYGS7KqwuthtgYK)$c3i~`47C~#6N3f!E_QGm&I9KX|e;AxHy5mV60ECQ5L z;b?{F+9;7)5~`NjB$Q=2ld&2FQh?QRL`KPAPPp?MzH>zlKZLPihH;iz1@+SZaEOwM zI0FS_g3u@gg~vKW9Ne>rWD-QFJUbCo+okjY`fj|D3oOXn_1hX3k!nC**-Sn!Bcz0b3SO4U#Q8E>|uj&kE&J#~G{sWDi=Ta_(vvrpmpbB~59Qp>~6t%-(Z< z4-9`+D4DiLqaPCl5}bM=>-5LQnL2%(s5jXAV)5j-i_9nInoq6~Px_5Dq17MECnty} zhghZcFnb||v~lW~=jjI)AJq;1 z-S{Zs`gJ6A@uFI{_O30l>!N~+HwQ|5F`Sc5ZyiYLFI~W+3R4}POzJR*XKuZ6U<5$A zKdcCqd)9||TSomh_`)V;dXRKMSrs0AI><+$}b2X=>!_#iz243Irp0y~bD zYXco633Qa7B(|<3VQHbG$CE8|v{68WT!D@#_sBG0Omx%{Mn|0_t@nn<2j-UwLmnZv z*$B2yn(58kq0FWHSa;Af5O@NS$yKyUu;5Owy$+M5ku@1#}$B&x5PHvM4z!vKlb zut^!?gi@tARR>gHjq&{}tYw_!Br8z!J|%$kmQ?e?NWDSQK{x5pRYCzqL_M|dJzASm zHHy7#q35YG5_bzkG8!FRxxyhxNP10-{Z8YQOF1761=1cl$VYRL8NsTS7IH_a+VgVA zE%iCvZQ}cmI7@m%q30sA(u&g8`_8a3(%Sp7QWGVh#nygQS3-<6&w0>IJ5N zo;=tT>f%YxX!FTv^T|x{D+*Y`;dQABjn$yzgzxIj+B3GmVNl1SF48zq@|{A zZL>#zk~VND(9>;UpfVV6akunP0>^TKyxdT+f7qh*9AR3NRp;`ye^=1~4tv1uRFPL} z_G%&Hfyd$DdgU;7P$OSpN(Zb%QO}&ndLT{mJsM*wB_K{Z@YaYE$8Uk9Spe_&&8C$Z z-@^0+&q#I$8Y4{1pg3yp2g-JV1fYGrSdOlt`w*r5xMkZ(Qeyz}Es6R>KPgcqUP2-q z?yyir9AB?$wM*32utYVay;(>0=Et=AMTGv-A10$6sS-6j%^}UmjZIeQihiaQx<#4$ z6fR7zW>8E^(*O@R7sfwXS?O)5CLedO)s(Wc`_j;UXv&M3lvP1%kRWJPqe^7`&g5Vwj|)+?3Q;oG=0gFBFVz=mnFNi(58lJ7mhrUJcpNiSG!_v2Hqeg*so*UAyTW&cK4Wdw7}1_a4Xp1jYM zxtI2h8Ba(xB%e(}2x2ykXKvJZzQ}wTIhZXxm^II_)||;{Vq}zh^1eq{Op$~6Fg}zy zPBDWC@^qE7nxvs+ks6ZX=)~PnZ~9*JoiWcHhb4&j!m_2krtR_G+y95UHvx~LX#U4@ zLI?>HjzBn+01-h!gNh~`nm~fPvf&aCR4x?+1VKmueE~zVOR_GD@Cx2|AE@Ak;03P< zAPFb}iVC6_kYk5%1cZ=;Bmb)E?wOw1Nfwmv|9O5sk7VbnuCA`W>Qhx6tgn~QFo7BN zp~=YzhpS%qIyU$VXQU`O)0#+Tim@mm7xKj%zg#OwR=5RUN+NbIWnIQa zN&nsJFtCOBQDQ7K6hA=s2O~Os81luv0@X`wfDEk87VCtciRIPEBFqZ$WEM$2!T3Va zgHtYpKwpCkJ_EP`g=Am@Z@esMyvfjb=}Gx$o)^LcrJ%DAoQF}-JoAi}fif_+g&NIj z<3f$HZ_u!2+1pIA?=B!zYG=0EK|*{a^>rJF+QJ30ng$=-+S$ ztum)z1U9Zgw4RJL=v9`YINuC5HLo_qNLHeoUxr5R8%4-0F7PbuU&2-11#m%U6WgazuX$M$Mxbv7A&f#DmW^JbEzz;{t+fgshCrO=SbSdl0B*o z(RG^ALS3w5#uJZ{HI(Prw?)8wiU=}n=E133Ajt7Jn4mT{!ylY8fgZC_iAE&whC?F+ z%rKkMr`CcVx2j`|x>J}%_6w8edUuv5j*qgr7lQR=gyL*Rptr>lC6OUDwYS=c*)MoU zVV!ATG?fiY`i~9y!_Lx$hKU|QsaA{O5XMnvs%2Uc+YcL?X@ZB$>fFT~bA4ckUd?LI zvyR^$p+y4q6{d4U4fh!b{tN0j2V7>z{&pXHLN>`a5mQH?t_zH|%!ML72JGh|DV%y2 ze8Lgs+3=HVvE7pjPO4?lf|=K&8i1p%ha~1<5}Sz@NH-!ps=@ z*7M8-cM1rM8E8L>FphE8MftlId~a|s*hC)Y@;BwsXYHQP4b5CX#ORfdO4enM=+=50 ziy`bfht{vbu}ACI*YP&S(^T@%Bi64;8!m<>eUowrL&eaMoOfgA9>tX)k9S}i9;W^m ze(1xCXGnpGk2m^Ce7vpk(OKhTpRXD{ROMk9*?4LZc7ZuTYG0ODKyl)D!C3*bDnKSk=({sN^iJFXqM)CC6D`TGhxC zBd%&DvoVBvX0~DUxJU+HSupDx)B(Ec+=a^+L zvlGpy8OaAT6Zk+O&lRphbX`h5IHRumG4%K@Fj-ATk31ZLKu9#=x~dgtFpkMX;*43( ziYe<^guS{TL(h7)S;_r{d8)^-2S2ErC`sZ0d89?3y&-tctncONQWLneCTK+dBeW?+ z7n0Fuc{?nq!($A$Qz7gHbR;>6gCjs*!r3Ve2T@v>IMc!`m@k8Q1Ni>9MQyZ>L^5Edw8B7nAya!=y2UVKoaKBCS3+{Mw$Yz?B03!t;l9^%h z1mj+|LK`w%hB;;>)(yx6T-?jk%}HNZm~L^sw3tL3y{Q{nUw-W-yqlL^jn)@RfhlVx zh5*z{)TnZ+laq8ph+X9Z1Z>B4jb&6=5+TV~o>e z7?8)Zp~WIF`3zd#nY{#t!C_^@S$KG?QNz z4KKbqObfsTnT;q!WP6oxm7?(wJP_c9I))8AwKB)GtHc-X$5{n&29sJa#>(vRZ=PMg zlF61UCup9dY9BFT|HcVuThrYpM;TAss_#ECk);2Ma-0Y5`!l4UI;>MsIXgCw5+FXW<8z+=4~; zh{j|=K2k#bhxBq#_U~;KMG>o1)giPcZ33XJPG^^y&Lo+R&o@S+vr?loNytNenEUUs zJxq-9FAzSRW+ogsPh|5C~dQXZNntoLy=|^uY~Bl}UIqDS>5GPYQMwV$m6ynJ9iEA&UAQNQY0M$MlUsVrC>Qlt^twS z;cax{T0_?`d;n{2c6i%(xDr@nSeHHW*=@vIy$8Y&cER5;g)V1DoZ+{E9bRBZS3FQk z{hv6zE%h7x#jGD7l;^Qf_p;X_#Sw1a6g)!frRT8b&+${-kdQAQZUMl9k3k-I%)QM^ z#fyX7cKgO&Md!6);tF_$9ZyIHxjEPac84A0_M7iEya_cx@p~8}&=c7~Z2FtN7OG6BW;n-kHeRI zOQZkE`EgXmEid?gdWrQz&GL0~;`wtK%YC2Z_{(Zht>06Jdun!VN6z`>7v5V-e&IX% z8}bV$_V>##{8g>_h5wA@`GtGu0>I;Zm)`KtF}xg9+UA{4_^|hBh7H4g7V<)G%!fBb zpSadGZxbGRh$)MwiT+{ANj&sfV@~3|EZ^nK*B;vz9(i=6MLhC0Ut6>@gWsGd4@VB0=Q$j=E#r~1zoDrm3l`c>(-7iW zY-0!fv2*??e@=#HARzq1lkA}bVfoW!P=9Z$`|NZS-X@sD=4XTsALa;sK^%!^58hz+ zhW%s<$K;JX*ct6QtR~H7izWIW(WWEu%=z1c4Kp?_ig-M<-Tgzlrz6IPGWQpNH*nQ7 zy|s2ARuznYcnFr_x{A^$om4+3L&Ibr7#n8UJ@+So+rs^NSo72joZewEK=R^fwdW}& zHY-;@hkFEgQs1uw^^~g7Jp^3o(!rYIWu`FUu0rcV#W|B~&O|)>E0Q}{n{dGP<}l5I zjU7SI2uOReN{TZdM|tuF#3UdN?>y8;^zOzz3?*FXMVU&KH91)Kd{;HGPB+WYjpcV- zQKYkY_`m5x7Tz^mXWIj8(-9WLHuDxCmhEm>?f5d>unYZ~Ocd(~IYJK!JPZc5m&{}_ z0zCER*lfw`@OvfaHmXy97L##ZJ^idbOm>Us?XiMbE}Id+%bY~;KE(RvXC$#)MqNlA zd%3}u$EabT#U?yB&-a*{tPbqoA!EO!L# zAaADwa)oDan)_`WJSkBX-+FmCcE+||?q#$pCwdGTT|+ICPwV&Wbtryej8t4m91K}y zz}hnu!Gm=}Tum2!g@Z3u{-D52+C#vKg-oYpkHoW+Y}G}Is|Rkv>)@fRY(8{!A3J_} zdw2v5tGL>*jm*;t>|E$;#egv*61y2DCj!NH*Ri`tf^BAQOuBnqoQkIlGoBjJ@?#o! z(0nE3tKvN&Gm59H0wW{X*7j)X4wkZgzNLv4e1~M+1}6R(mUwAfUBARjuhl`c{Uq-V zTwZD;(R`S25zHOCxIyYg3f=W$18@Xq8CwaK)7u;2Hw*UGlSO^OlSN%*B(qvNlFuo5 ztLh3!^B4sv?*Y+eUQLMt%*=qR%TyIl&*N>XxG)%p8j~d!7&{fJ%Q`70$w{Rgk6RcF z#>NjLrj6D$8SF&B6rGW%4z3<_qEflqPvng1;g>V&I&-8s9gn1Cje5E+&l)wKIV-~$ z!klls?-OFBhaI@R`MO5K;E5WI3q$y`iPTuDg7*vNL14rH(Q+w!5cC%CyijR=l*E5- zkTheZrWyUv(3_e)CkRwyyg4VA>T`w3s=-MOn9h!QpSLmJDlVl1R~7>5nd{na3xz2S z$L$vashORbt~ip_%xiMz`26sZ-`T?%5$cl+;Us&S8@#Z<9o+_V#`qZbusC%*?IAf1 zLUv#}=ba6%ENYjs2@m+3&UR+5RO|Es>sK`Hb%t#^L)}PJ+5#L+dDjk;WXJ#&3fj(a z7untAsD>y47b`hE=;Cve-qbuOdYKBXyhIhs93-EkYNOP^ERm;f&D5pm^EFx{NpGbtJxa#z z-mP9G&Q&!D5V5jDLoEf^IK%xd>&MiG)$u$edlqHLjb_$F`z8}@4DNx3 zPu4O;VW?s0GF&fSO+}n+Cx-u-VSFVygFTt4JsH8Dgom{y`xABEB9aiZKLPmfCQO1E zpIFA-*h6i|_=Io!CKCUeG9YN-<5ABam5{j%ENA59j%Kr$&ov0*X1dA*bCKLOhnbUu zcn!$l<2K^!F136;tuOzwH`-<6FGrSJ;&oYG9b%NF_=xSd!bkl{c40Pf`*cI_ zomD7QW-9cCzuqpOTsgeWz$WHq&Mm{|+v(ga3g&{mqZNrFri~DBd&Va@(hKI=Qez8C z^+Q$7tYi>?32q_%2tVdb)CVS13K8~(KkZjDZakjL?9_g;eN?K=`XGOvAC&~^4ga|E zU+{bmKjuZ<6J*(p6tnQsAJiw}ST8|80(S*<3G^eNeifig#Hg6i;S%kohJ4+L7Y_eh z`>Qek_xZz@8{aU?xSuQ2;=8`1#8%RI0%AWmO!rL3j8NP&{aP~Oai0Si;&=OQegwxs z^5TZo$%o7#7X|6@q8#lo^`(kD_Ud99)mJk&qr1U%rfSoSY8QZEXK{ zT;BgNmr=tOFiG12o}jwX%?`N2JlCbXw9mLj8Sb-E{HQk1exYvxVRdtn+{}vw#}0QX zg3*9|f}T6qnpwG*xSJ;D4De~sNg&^Y3|O01g6k?(Z%BbSS(&-f zm%(P7@`$1<6YK!7hWQyWY)2AF8}_plOwXpn0c;1j5q5w+-<1D|(^=-w=`73{LfZ}i z9FETUBC!>9H^dHapmRs(z`iemLhA>x^jL#MA{y9>l2gC_-Bj4%5o77Ive%t3?C$Pl z8-fl{_#!O}?20*kgSSFp&I&Q_hrb#^!D%y zv>ogO*)n1UTSlyFE{5c1&V#WSydp@c?fkT%kWj%QkOhf0|d%zUH*1R+-QVd?He^P+2Dh^l6U9|#9x*nE#t7{OtEP$D!jyg~z zb;g5RVNFyl*7N;Y;-=A*3_xwkH*_8C$!B?$mAnjGuexVIHy;@T0-zUzLl{VNyWScp z`rgjwyD(1YBXhE0#Nc$*_25Ln8(ndELwRfSr{Ks5ZV)5DyMUcHL6k}0ZNsmz`)ELD>Qu(vaj^@Xk#h+{<6?9gT6`V>1Q>eQ<6E2UX)Z}#kCt9PjW<> zE|%Yz%e)+%_sChB#v$QCmt=6E8^BNAnE5`%G!9@v{1{3=M}X-p=8T}wM&VV5r|kUw zE6szLv?l2k&AVo#w1{R|KI{3c=Ka|D_$8~RZ-0dnr2Y`Z6F-c$yBpw`Z+8!kVSC0| z{+>WweP^3;6AU2FvI5_0@9EXbdfZ&4*bC+=#p_iXd-9)FY1K)+N(xkoA}EKk^h)07 z)s3jzH;ohB{$=)xH~J;^`6D@4Lu@U$IXJNrvqT-%| zX+`7omDA3h(#i?b%8Iq<*C*t)Xe@J#G*NVM3$Wz~mVU zE7N|kGQ|^=DALX5nX4~ONhbrZPcvp&El$z#dOQoZtS~H2N3aDQ4Rd0BS{^2^Pb1j+ zl-q#3d@h}(I2%K?*)sKnzD%`yQ-j&oht{I;+5+{szCew`1?oi@x7`_2VUcRomrNaB z;qxQ#CI@93iO|vquukb$}Q}fp05VeK3~;xj51a z^^IV@LS0WKfD5O44(8JX7o)61iX+A&%wTyM15R#~sUeA$r|CU7egPJ{vG@`6@2p|4 zE+ux-M`y1)ZdjM1UcpKw4v#O^Ec}@MQkNqhE0pA$I7eES3QT4yTbu3=;xVbzlJ061 z96hUz?Sqc<$(yEkM5wWP1H7ZS&`}UZm3mP$seoEE178%1vxWx5 zAty@>Yn`f)tTaBk&{}7g|5|7G@x#y|E44$1%oDvDF~L8SW60Ih3DXd1XR}LMn z?&X$LOn(;s;}0|g;JKO2)WEBW0?XCJSp1R?$Au^Oa6dJY8V3E)c>bR<{$wb7a*y_; zCw~%tAi9Q0j&bZi5p2K@c*%EC$vhWN2Ys#Z^!K!gcwSFQNc$~s_>9A}h@cg=H+*|c z;6=nDX%X>tJyyRcF`3U4HJ`zryc(t1KgE+g_M~g1_@?&>;{t%!lMNb0mWznqjK)5# z-0I`C(J(9`oKcr4-)Ew9`5r#T7ik@I6~Y`tH-1Md1g2O@sf8YltqwI1ON_^rz>A0^ z%SFVmieC03tZZ*|iwLTHXta=RFsr>ce3w$gBBJPgGt0VtF43<~^e-{rBY{2geBblP z<<0lYjq^Qb5j5oA*skT@Smc*~#+!AItPkU za5NnS`?R&O3@!%)3s$q{EF9|?5JP~1lG~8H4>JlfJdc6D!*EK|km0e5bp&5P1n_X+ zDa*Y+qlW__?3#ItjFbQ)BcC2ZgR;NmD~Ma6hBog!qlJry22l_YI7YxL%9=qP@|WTn z5Dss)pOXXSZs-6WFKhvEHC3B#R&)XD)M@Z>NClKj^KTGK9-q;_0hwmjEn+ysectBA z?2U?ZSQA3#aFvJoHFDk}`7XorQecHnhu1ig*Wvd{jxSDRhd8O^?12k$DkJl6fK>n$ z#2_|I7CmPGtR1jw`5D95Z2Wao248dk1{Q{h)~#=0Vovle9)D4fv}e`^T0!irWAtxe z$rZ9>{|5Giyn5H2;R1n;QHZ zl-zGHp+hx-o#4!aZ`8#O#ruz_sB4*?&89ushclqbs(j6dP|ky?@CG=B2dUGLnCJ0- z-Wi17%%yY&%=T;U41Jph>qx>`E|?8h#lBWP-P zUt_I5M8i*3H?@&ve>ld17uoIAdVjbR*W1;bczYaaxt+a)Y44bZ4Z1Wr*Z#ySW{XSZ-H@k5S2}|NLdrQemN|V{^88yDnN4dtVBxCp*HbL&@p*G+BKUFUAJ+$UdD@~S`_ zpwM7NoRb6&a7+(rEyBCLlJj>H=~RwGlq$!kkHbfG^(!-|ADensy0mIRM?_~5mQ|IsCt+g!S@6ZR(sW_#4j+wXWk@Nip!5zN>2xX zCHR7{iWrtpp_0Z`7cV`zWcn?fM(&q9ZwX7NI*;;}EFyQGMa`OQjoNs z%?7y2iqNvzWQc4wX)K$~b}5?;jmq3ZZMnP{;Zb~qoNZ!JRyF6hdC`>L#*5dYO=%wn zEhvdaagA;uMr~U4v#3v|IS%(0)ya`G-oA?SF3QhhY||W5n`VY+DLXE(WH7t@lEK9L zC4+e)OiBhr%;mkH_$Px&q}-$;6U=LvtfsNWy_6KkP0bCmWCP0T2yG-0 znPBikU1@Od@!}ws31&g07%y&yx};K$vvf+`!#1=gPe)8@BFh3#L?L`pn*#a3a&H|? zzo9WS{q6|L&b+M(eV^Yi)CeWCY9igYe`S~u5b!VBZ;SZXsK6N9fKkyJbk z6NZRF#kr!6Q0N!@GN|O$VHPpWzvB=~iRp?s@&z2_#<9$6Z1ehsNsDVluw6AQeIgmXU$)9E3>)H%NkA8w8!4TX z3cE;5-p`cj)o`;idC8#x&v=>~0bZ9(nQn_FHD_6Q3Y45{qa}U%_;U4Wr9q#*@z*EV zU4$7^(7Z<(U&_@A!mODiqMi?j4m{TK;fxUZa0at{IMgnFTJK)U#%>NCTa4XWh8&t& z%^cz!EpvESn}nRJ!kBZ3^ASzX!~EpjhozL5N+|_|oI6EHX#rbD{R1KMEwNF^VgR)E zlb&Lb^(OTJExQhN0IqtNU}q^7ggJJSI$4g0JjV{MYtR(`^JzYj-z#$Ld_?&a*bA82 zE6O%k&H7aW`hUVd|}ZNa->puIbbP z{k$icbKi4rjcq7hXL~p$b5W%ogzH^Q@-hwFDzv4Xu_E_hC#~kZdPVGDM`R0UHB=IT$uB=ctSLJ!hvwt$qNpzwZWlmzB@&rnYgDn#%iIgc0ci0BKNypJ5ozkYj zgYTHXt+ik#nFWJx+5gFxWV2G2&6_BQV_22TAa+9y#P%Vvo2xAKgB-lWJ6h`pIe0Vu zXe7i+8&cGdCny08IC*!gBSs5!@27Mb?qym($xQR_Bew3eM#z8`oQhysj>Lv3DjHk<;mH91KePH~B)4X1ddkG|}5FT0c-Er{B0 zM=P&Gjgvpl{0(d@O;qL?X7?y-Ms^SQ!_q`Ox)bdlLa2VJVl-(U$}>xIl_pKL)pKrv z8!868vm9b~ zc@0Z66X5$G^Y^X!-banplFRVj%o*USvL~Bp}=HG^=gK(We+QFb8+M#%3XES#weA^c! ziv8^v5ii4bC!p}>W#s2`nh+fs>ez2_Bn8rz5w~-+|}im17@i zulRK5r(d@aJjvb0yPP&xh~sFe+(Eo<>PJ+c=+=zE)yD+udwvv^I!aGIfC}^YU-pFc zR2-g&5w-)FHi@vqvgy~AKEU4)N%l2!=g)YPlI<%wn~9C+*I5~NXo4G2TNx3&42Lcn z(M}wv{oz9baM@bVr+QdVx8R1yM^sRJ#PcUEM+4qJp=-d!?Z(#h8QHl*Vuv*t&CB4| zwV4`>#Uh1gp9?t``mL%XJ-my#~WUL%DP732mho8ewF%JqSBF5p=5fz zCO^wH32(O9l6(M$84IxwY}SkV-!>(vbb_&{iH4$96#t8&&KB!M-M!7&R8vdC$gjju z_QDl%gH2WMVnJzK7wE{GN9Yv?p zCaN^_>1wY|gbj90=ZQ=45s8NLAHMt7@fHSpQ@^{+c#GVlFmO#uz*82*F@qE`xYOqT z0X&yyf#>p6aKTCx4$3q5Mg={g^U<2>@TA7~_jZEi^Mx71ZMn3|19ajIuFf6NQH5ox zi?D#hXAt-|q zJlxi`IWr3Ub+THp)8In7Y zYgrtPzB}IVX)t$uMGXuKu^~H9E`TrApuZER>MS8`-)F_vx@+>kU>j-Se~});oGrHj z1Za2v0*)83Yh*nmSleKery|$enVQ~Ch`-AlHJN%?^2r&ablqK`>24YGIWp-kpt)7x zM2JBOuf^jE`64uZBOJ904`H*z7nQh}zWHZtzpU+^IVGj-xR)Y3^r=jzFcK+vvdTPj zg4|{9D%b&F1&v6dF{~dJ0gOV zrpz}8$avbKFB`Fi}uH%&z%i02vpX7LVYKUR{cVIjzKFUx42ZFWgW4q8@h*967B4}H}dI01a32E$GG1=B?AoBS>?8#|N#PGr#!pe>jR3ltP|2aolHR~%G$vu*_jJE`y@HE{iXto}Yj{l{O5{%!VI>c3Af|KY&pJ6QQPL-|wu%V)zpGYDZT zOhs#!cV0aGaZ?&T@8WFw^8!m~_X*1#_c$=}0{Xh(^aw-1-~?FL#jfO>fj>zaRv>mQ zzcCD*-mz)F<2S%{XE3aUys^LW8(`^qnawla*h6%0Ndk+kUXZ~2Q=?DN?F9)e2jgc6 zY}FcF!Edu|&)NjG$%qan6j_EH4{vN0Q={G_ z$uKU-u9Hxb^ERU3FvpbKo;Kc|Adl#ui8UG<w2 z^u0^^{xSXgy8QbeCI0pVNEXL{F|?v{b*!!+!F8bV306oH?w2zwfZ0d~dM& z9_wRwZ?;tzidubi*uPfZ=t7D1O8Bj__3i|%MnG?vM$hgY7{Z5@*!$>f8rAUz?^2Tw z8@d$yLh3UO)RTFm4zrN|*u&QHrwV&xyOIc^Zy|a@2$iE{`OiC=FUF&RFdC$Srzh*n zm`7zB8x5v9y!;*?GWu=Phm3BAO+!X=UMH;Iu|wuzb98+%G>9MZG)8!1J0ekU^r!Gi z>KEah*(g$$c^i>QKYrtY-x!JCq91DDx4~hZ-~ES7{Nms!_+94DZv(+^UDJ|a3=)Da zP=fr575V*RO#GV0pF_G1baW(0;r(X8saUogF;k(`P%!x0n?~X+44=dqK zRWD(cK0=6zwv(v@ojy3c5cwzk$lE0HPKo?rfAU+$nkpdipB$8V3-4q|sh8B9BK;}l zYLsyOa@fq%XCoQ}S@Zvu-@Eznt|&D@8eo>CLl$H!q`O=bhu4UovPw9pCD6e_F!UuoBomDB!IXVD zT%F(dU^U}l2xb2TBXlB|^C~FYx;vu`zM2YOwScdhf`tk!akgRF*FGD3jc3z?lWsO_ z(&=tP+q^=&z$CjP)bdFe$W)Zb&FN-)I!jYL5&aE-O14HNhR8BXzE3!jc-hFrIco}> zH3D7Lxl%v93+ptLNTc~2{G(hy!b_e8w!-}(Ogg@;tH3|qGc+C_fmcSqIQ0{_=b{NLwKYv%}w|J(ey3a^3xXumi24AJ>VIfyb3|LIre=n*yY zF9yq%f12t4N233^L_g1;eo)QywaL)oS3nD?fM=xw+WQyq>ivENnD?6!feE_QV}$+J zkAS5AKR8hT?HI!8=vZd^>Vx;$f3~yx0VZs>7b(|4jK$^|8RJMknVF2|K@^?{gFX^b zs*I!j?C?9zR=usp{<8KX)?emA7p~4s!t7!;PoFq|)iV=p9zcD=V4KpUu&+042KW{g z!Zn>G;eh+T-`6$>vIk#uxZxYCzGSYC&C}fBc?{M+;p6^5=7VkSRABz`7<724gq0A>sKB@o|x9qyU_d=C)}!y0iCEX}k@0b1j+ z7=);t2nmj>?h~)Lo*`efxp8cO0r}mG5JjQdO>rUKV{@Og75){Tc@=;q*EHc^37+O~ z+lPmlGt)!#R(c7AgB7JC*o&|dCYWbuC~rHVYdl2_!Vpnp`6 zy-lntGL**d>)1@ghwsv+;(jA}Ot18vTY<9-9*Wf`M(L0aMIp2~ni_S)2H*J)5bPmD z3RCubSFn^XW_+7BI!?;a@EIk(Oz_6jP7MG;f!F@ixsS&LWsYaM^E;*dm=Q-R zg&DFi3sj-6yW-kQZpVLv#KRQl)8v2_eyAZxoeev?eH9--mEA=oc-+!p7$iKXAPk$r zT+};s>X~+pvQwv==>V#WWU6mSR39)=o!(VF2AAL9yIuD1mQY;huqZr!j~*D<$id(R zyLV`HhPTf}_m13sq4cC8blO~7?*8*|!NwL96*^S({6D`^GJ&UddGNH{aRi*ekX5xN+!J*7S-`Q`WdkFpdH);!?9KLbDnv zYZmW9C;Y0=tS+0<&xV%HNXt(@>+pnt7e%qd(+ho%x5HnI?%I{+>DAmbsFi!j-)Zjj zveLfURUuh%@KuQIs}TMl21>*K#iiFdJo7NUj>EGU4~KBD0P5m0dv%bq@N?ief5=&z zXYqC#x`*uQ5t6E`*`cf{P}0`B(+|KP<{9$0dq^pH{A3g;Yvv)Fuw=gqmh3Q#p-W0W z(%1JB6}RJl0!Kj1<-;Fl05|z`It98Yxbv|*WlhG}{CuPbc(f;@)V*jo{C4O6j(0K+ z7sy+H65 zS&)EZWCrZp?78Qv6=&vj)S!Di*gQ9-dV*aAnbF|Hn{_7(hbg_6{RI>7&L9yTlj+EQ zA|6~>dcjIDy3?;9DJ8wQO99$X;TPBkoC&zTNc}vx^u|=KyS3Zh*yAU(~ zd&1^%n(19I7>a*m_rQV^IgVWl(%hBhJKzZ}sJi@UcVEDq3*dR~OkhU{uT8+?rSe}+_=YC+wF$_aN>TaX zpO>n{^qB?!^oxUkhIW8|Mkc{O;|8QE4g0{ohW+sAd^A7f9eAPPv+N>f{`34Me9-U} z7L_!AIe*6gF8qSOV}pO*p`@CgepB%U#OAQb(OAYXBwN5=9dCCpq-HK6D)^tn!)lX} z{H? zc?j&N9>$k*kFvCo%3reHo_t6zOR6K41Hfl3tE zaTsy69Z27IfCjMHl6NS1U4eE6EVAw1PETjRFc^%d9>cujWI#PsFVWGF4od~cN2seK zxP-E4fay0KBPo5hTwmCiq^(MCVw+{SV>P$AS1=G6{<34CPbkh?2jC570{WblMx*}G z?YeL~)zjMMc^1!6vL*kf%%3(1_liYfHqU%?M})oJeXz$X_JkEfC!CJ9g9pRr*@BC! zOB~%FN=TgkIkDJFSrZnY+ASqw+Pm;?y_v7um5)Y_hgySoER3c*P+iC=A$YrzvmCl7 zJQ{6F-mc_*L>F@hqh@RCr@IH+v(0Fatxs`X=JZnk&l)M)Ku29y@ zC!44@wvaR^>M2|Bj_Q4|!Bm`QF>%PFJYAnIAEY}g#+JO6%X&NcIXjvAgr`%5QCEI= zhUp46I^~ttbOt9W_v{$(sht!PVXwwU->f)usO1(sPeaxIMkjjrRmNNbsON|8T zNLcNRH1vFfz&+OQ8BAK?86V*p0dkxIuFXE%7q|?D|L(B2DS(EdQfwW!Q%r3!r9-TS zaq~C$5K2lZFA8Q(mmbHu^LBuwK{b07u>&xBxg9}aw(9lp1!(8;3p`|}XEk_ADhtoi z&nJ-?@bYnhY}lbB%zsE(h$$X>2EjepUP7@w(LY{sO@Ic=Kp~9)a*pm`r&99j!Ki>< zzRCNEl#=VDvs(7+@^XOAw_PWb{ZFka7N ztPuYJ0FRy~}1n|4vVn{Gt@xdj+Mr2bA6E8JvH< zDCIo6h9ySfMW6vIlg(K_J34MrmjQ*I)s*4^9h|r};&g^pe{xt)bf#BaKciM+E4_(X z6}r#Hy4HP!*R@2+-9UL(_T&01xk}0H{IFcVcS3pn)?@wFtFOX!Pdsr{alI$#z5{i} z!LbdDo*jQ|7L?s1A_x{1p9E83)4`YlaKEw!K*`uhdfYGwRvgY^#q}q~bq$4odIrI^ zPjQ9eo}INu$VA>kk4A}RQF3n=tV->%c$~~{t59Qm#3H}UOPSPz$wqPA9m1Kv5UMdB zJ84HVBo)Jil)DU^vYZ7_6Hx);d}(1~q2jy-Ie)ndN2HU!TMmPb4fPv!+SLg)G#EqJ zh>Wue-coY2fK8&41Zsa6Q+KP2SWbJ+{C@+1svYxI0X=Ewc5Bnu*|FN<>(Gy#4 z|282SlWnP9tKfB<9zi}qxfPKxOk9slsa4i& z^_}inH>gJlNDdTKt@|)<`1SC5Li`^ORL4x+TOnR=X;SDwAEUrR; z;0qGLx>n3a*5d?Ma)QAog3gn`oQieoA_gTT=V9!?v$S5CI~dF3dJGCTW~)%R?iddL zX?b<^$NbaWw=uX~AJcB7S4kIeOskLY=in>s?V05U!V!Y7Yd<_thf|rLxXyhOl!cLe0!8Bxs!08i%X~f;6Cj9 znd<6PcX4WVNdfKG!I+et*%9{jcJXy~Wyv&!eV$zj-}eJW%E0eOVeXR6Ld1CDntJC& znVHwl1Y~9iX1hRQ55W(0iWM{MYvklcOwo-Wr__--L1#^M%!SLX*DHeBM+R!!kXivy zbNi_KIk%h!%0wY0`$EaI7)Anq0}VypI!o(s5e7Nlx@FLwrZ z=G*Y7&C6=AkAxy(W-z_MO5mz=Axb^|Z==*>{x(Q`%s^f0XHE&JYs*6ChS676`qM|7 zSD-XLPw#|MH>_9ojqsEAk0|dSOY70#e0a1b?-qXY{_qq}0CX8WX^znSg$CV!5J|mP zhqN2yx&5Rr&)EsHK%)PHJ0wh-2RuQ2$^c!WZ=Tfk`0-I!R+1fop40`S^e#9(nsvXt zhKiRsA$>o$aAXs9Ck9a&Co{MVDiIGP|}+pHG|xvm%r= z#p<89Mbn1naCk!-k0Zr+JUxn}H>0(B@B|yU{(!$mA%1tlAjDQWTdt2!=t7)7!cT~g zkMa}XjASd}P3v5n;IiV>jzAplr`6l;E-bBASQ3?556qB-zHK+N5$5pyn26;VEE9ku zSm(H2guiM-_=iNjqq25U+cI=f-xBU8>N=QDs@i{%^BpDD(WKrIr0(m7+ zR(&f}Zir_wPo2fYh#9E)Ofn1?=#OHSPGtUp0L*(FI`d^=e$1DbYkHE^fMhiHILPMA zF@wf*K;Gxw#CU(-a4xHg(vR4vcunXK(7Y2>oK-tO0SVQoz_g^a^hWr z%gmTAOfdfeX4O-rI>*JsEr!5%E?N$Ov%_i{0(XT48UpV|qt|^<7%4_>0M-83t}6y6 zlr}1cYc*B?7aGMkves`koLb-cGCWWl!#_RF&g^KAOG`;EgCy#0Ls@b<=O0I)^|6-> zLmJzTuu*a2d9x;bie?<0Rvn#|>$&r~T&E7RkSiVqY&Ern)+E=Rp@HO@f=O#au`pin z*?TMs&O2pUFlv@{!Lb1gz6DndPu-&zJlCq=PfuDF?5MF|JoCKvf=2;KwV_mSxK+W2 ztP2)Ux_`lU1T6R&Ecp4Mdcg~ZS`@6Fwk#Ooy&Bp$I8ed3r%+o<1vj=Txa5pw!4WkU zJRxAgULdKyGej@=#UU022Ul7a{9aH^1xE!e7<0g>ormaizj_b`bM2x|m2~mJ3F)Gj ze6e4?82Gnz@!4tV;zEUVaSL7WWrjNCn0)ngrF?bs3HfUCartVz;n^>zRB> zyfv`k(C`xFqlE}v0yM%hY;Lv(7b-ai?k0?d;U0jkZGdZAcNWkHTOxWopT)gK6$_XK zcYl;Gui26YLF%c4XodqUOUXTa08Q=#VuY?054w9;P6fSysCItf~GuKqlTc5Zr4DaE;E)By|4}e>g2~Vq~nG^rpz#s2BxBn9G zzF+psc%Q5P{{h}Nyx%3^eXsPZ74LKQ*YUpCe%5$j!+y2lePR7-!uwv|Py^n#aBDEf znsiL*;Sej#Nm)2LRKuF~hiX{U+Hj*aK*p2y!^$&5vIo?c>;b}#n^9M{_O=6ivf3N| zq4qH2huO8_hYM$39)8%XzX?BVb1C>?hncnFhksnK!Vi029)6e}F7U&rbo?;ufq>ZI z{qT0Fje)md*b0_G+l_@XXlva3bwEVtRakau$X=rhmxk;a`^RPCdn+yRJ>}`o;9rjI zy`>=m(-Zyed!%0@`UcRiMq#>sJ%k3)+&UaHQ(S4mCQ!t_hJzx)^vkfFucB&(%8sC= zeGGwogd5^%!XN9{pskVh!zS=6|K#kAG&575u+$1%ez9hS=q88UN?|nm~|ac-+nwe9h2w&b|cW#oi^s zlS#<-M+RsO8l&H5mQ8=CLCv_>3B<+5Y4Bt2eI}aGRjULVk|I4yiw}lpd$niFkxXmK z?@KLy4Pn43OkQ(r0oogLjr+-Kx{%kbHcVdM-(^CfMq*cZAJ%HTk=vQ!%fZkNWRU2} zNVrymMyNKRBT&m$q6W@GxVjxtVZd>J#C!G%KLGQq3Jzd)_6IOusgME8MM$A8-7+-k zEVu;-ip_+~E)3?#>@fUp8!S9=z@AwwgV!Hn)8mR*w_?3>HXzb7Pry!e6iF6*aCz4L zz37gC-=7GTH~o0Tk=p*U!JhtMoEkc3=+v^2T7&__`Yte{7A`=nCW!gG2p?RA=^YPY zB~I{cd!3UsgwqzDGXj1a5b*0(t{bp!D6bidni;Mc-|~@INI5fJRGl%RB1aIV(~T^B zlXTO?wln^y$jUpftTAiEon}mmb>IZ%Z$kZdU0SXE*8+5!7tZ_c+N)UKjk(hVI&DJG zX*?eMds&K8A{6JOL2(*tpwmkxsLx}B`i|bJi+Ad2fARL~b7jSQG2I$;GK`Op^{!pM z{vcB_8XtazT3&{xj~1eP%pkhsumx8agmD{S+w-;C09SO?t#p{f+GHGVRVl$BSL1|j zGHS1A$@F1knx9d7EHd)@DY^6i4yzHX9{*B=*0dm?|@hl9JH2arZ12w62{ehY#&6!@T=%oQQ zEex`bs%xzZn3$8R!Vg#zTxBu5U~!pQ>Q9y#q+W89F7=1XbgAFf>&lJ+RjCHNz%WbT zF+UtK9Sba|r-Hfc;{#}NJDqvw89!sZ^T{e1r5PS#h0?^wF_|Z&$|%iV#Oj8e&?h-N zVUU(^#|$p{JT!*15%}I~0azd3MQ44LKaMa0VN9GmvYRpfcBU{KAq_eE8cceueLp#F zZr@jr8`?KWFURFPuD9>Rlq=i5EmCT3-!(YoGa;cc)NMFU8<>97$aLRCo$0$JrdQu# zF%%?NTbHlHBYiA~gQvm+4F@}LX0btGH3Bv7-KaMo?(sN?^$wzYR~^$i4z=P~wZ=Sd zs}aPS6%fRF7BP=!Z`bYNPu*@&@N0it7L1^=b-~dA3(mj^>nf?>hE@gNW{r7_s$JuM2JSZ-PH-!-B<0|OS^3>U!HO9i*KDtMr^uSQ;t1s@8C@?6A% zKkb2&lyEk9pfMXAo`Aaq5x#zeIU8JsP~nmz68_u6g2{_jmQ0?n5ttbfkjW2lV-^jC z0nS+q{@Y2ze+LoYlYv$BfEoZEy;=KAaiVpW;L#7^E27a6X}qRN{vX{f>O9w4BkriN z&NBmILf2!%G{?et!O>O)UsYjQ@K65&jM{?UJFj(P*z>kGHQpWKWi_yH96ZmA8RXw3kMu3L0~V&(_xU$+A7e}_kG z?s`dhM1xypJmL;B9&!3s9glEzwZ!`wyv|*yw$mz;kD7=2{@kb4B`X}*61FhnZ zj=pS&IGGuxJ+z5J0w5IjK+s4cI!zK8CMw_vp~?UM#!HGn8o<>Y5koat zM-1DeRsC)pg)ms)XczshkPtooXfPV7=Y(@wVML3eGcB#qti>Wm=(oCT9ezWXn$fsV zQM+c=`4YmGm07~+p^zufqvXv62# zfg^_I39w}mf-OH>Uc^un0k&LY09(*mK>g^lL8M$kZHa-}XGm?`Wm9`i#9(}4h{4!l zjz8K{OZ?FwAR@K@WkYMYmL{R2 z-?%PxH0+lyWG2@?{UVUI8i5RNOI_;dWvux>Uw37t{_b@FBaq&)h(P+Uk=s98=-kef zxV2wrVZ+!_e#Ik@&>o}y4$44g^P>UKmM$%7jX;`GVU4!j8t#v_v=3scb9+Y(ZBgJg zeIf`(?XejB*M?~W+y-1#>=wA;oB+&cHrJWo?+?5+ki(}QKM^Q=>Yfv|18=wS@TnX9 z!l$k>hEM$wr)xln6h3ulhyTOysUz1~hfgiKSch6=IXow;-qhpFqPYjdeIA5=NYtYP zglW`^t2F}Yv|j|$Y$P9sSc3_yt-in*YIdz3SZl*?w*SKjr0W7G%bm??i$HRHk01k% zfTK8ntJ*VwXca;b-Qgc9B{={LwXdmO%2)n!dcG=foYUU(jDhlNWCX1fvhmqbeaW!= z65^bkTAb4pesNCYjd4yLbjDp7Qk>I&ueq{=Y_DtnO`KCstY4f{V~lfpNs4nSNx1Yl zr=~SRMAI%U&S^RnR;!79dlQQYq@yANX(+-9doMKt$=Sp@0_k|W{~sfe=3!yH;4G_x zJ6`z+q+c)|CqgRtd|QixqfTA%2&6Bu;HTT_1?O57eBjDQAT7p%n@R;oS`~cw%10nA z!Iky0HhRH}+gKF*zbhYs^aw^EB}fIwSrz>3*()A_)EhU>AAlWDgII91*DfZ>5l9&_ zn)9-JQ6gXTm*JrQ));}bxm*TezC9{mVe%gR>SqH~)Xo6xj5A#AGyp{qg|I~F*=s3{rIsoXjJzMg zTD=vW7tQYp`uI6!3j~-cm_D{CY1?syONSIIX&W(LA^wJ2Xcbq|7#nVO2}NO+Od!kB zU@B`^9!&5~Sc!vj6&PbHSKzGFlI6p+!w?>f@jV1Y!M-lh(Q%)4cp>eXgXtQ#c=&R) zIPlQn-e=2I!%{J|WROGYt!jo8DQbuTEuSS|l2HfzMVP5H(GWj`;)6DFAHk~Q`@V`1 zTHKK0O#bi^;)R-g$ly3?q4|$M-5Ad2PTLw(`kB1H*YLTaDXH#lr3r|~+1}n&w_hZ>7QR5f9KnT&!aYVzxtur%xh7=7!pISZ-zug5~1wOzvR?%Z+HM!*a)) z6QQ_1?j8nM?nrY9mK$o5F}afFHDYoLB}^{OGfM*H9??KKCGQmj7?-e60^>4V2LJ{E zhE+E#8Ws@^2EZ|4mJtAV{{>Sn&Yiu@n3zD^Z0`Fx;s&)Nt-@x^$2M`NT?kTNMYv3B z4_2NDaGU8z+yJI<8(MZmcqBVlkXgKBepo$QTdvJTBLz;Kml3!kaOaJW+A z71_|7m)RxSzeX`qjfB5*?#E3H^*I`9tj|FK$bqF?C{9LGy%x{~YDX z<4~UZES_ZUq_NwEQMv@_{frCl|KTgiNX}V|kly?(XgN_nqI#HRMorY;dIPWH;U5y< z5`yUrjn)7OxVMn%CxtasoKx|O7bWKP6BvNuY$ER%o(IsMKXg0AXXKySPGY zo=^k`=Wilnnr0BWcLYXQf`K|C1uG9y^-((oKd7Y*p#FN`6sqdmb7fV1vtF&L>Y9yZ zRGsB~vtcmL0gXmwPLK3&1{M^^2NH9BZaJDhC=cl zL!jlQaQ^mk-cm96`ifxx*MCAiLM)wLe;i(SxC`Nns2B?Qv%>BE6iE)VN|~W$a}xnF zt_tRD^a)~%-$rndeXrjZ5e_7GP z>Ou zhpdd*0y?zeyPMzz(h&?=G7O^d67+?3_|ogRLDWpE&mehN%37m;xQHV3?+FACAGS6B$&SLWl1J8C4y4ns`X;VC1|)iOjk zH2o^!T&{*!))?5eAz#!OyY-A4E!HdB8%X0l2e^*RJOG0W0*26|W;c|3sRhV2R>XeJ zKFoU5_88Iex$ZxY9sqqUlNQ$2R2zi?{%ladGg|!EGpCH=&c!GoDgG%)7x#EAX`$k5 z8gpgEy-CqvMQd>@t#O6KwopN{x>~F>w9@I z2ph)wFTXsg;d3YQ|GaGF4`KVcT=K%GTb zw1mZd9rb^R#f^-z#^S>MV&hIL%$l%=VPpu!okZMgih$xU|8;FrpL<@Hy2Bs!Y(tq0 zwUx|aTA9mohu&K3dwf4*Wifa;0t-tvsQ)vhF#NcN6oz9%%uD)C%i{U*182|R1 z&UlnR!I&`wQ)muOhL@u)?IXmQlsAyRbqUFRj#?EQLIc38X@=vgu!r7_>Q z^m-G+(^?preWo&6g8N8H-y&kxTVkBn$>yQ)1#7quGtXNOjeiA%`}!c<=M*u)qXOvq z?h0K?8u^DKR%0X)E=5l6WvY-K!O-SI7<2Ow0fIAcG)w1dqja*QGOiWSVh0RZg3hxH z3AN&oMci?HA|luwEG|8R?f*Is#iaRTCtJ*9%X zSQY%?mB$zFLws>#m|igU2Y*plTycDnvbFSu!Zh6Pb3*#~1)ANoi}z#{Fe&Uqt@3i>3y=FV%oA&NSeQT?`oF_Xf0atl`;v27IxO0bd+vDDU~R6290E5WqfD z1+o|!%2MnRtaucyKrknean?BiGZuQo?Gy3vz(O3F@V-yI1J4RXLjyXrtM@IUx9*$L zEXa3tH+%$FSHYFTy%{z&zDRMe4cx;+s4J8CjYSW`C#7`t6+wTTq|Mz>Ab@ycGe`d1 zsWEE#(^OVno%#wvtQ}F`frl(UFYYPqp2NMx=M?u^LZNv4>~y*z;Kpd7Xs1;i+vln>RfAr$YdLz|z6yUBF&&I}(QBozeIz zfp2gz9$xKr?*)2wD*SFg8ToJ~RN(U>X99pWL81INnh)_mn-`0Km$2vKgBbCWH?}E$ z4<+LFz6rN-riW=v*Aex&>Jf44@7wsTZrZI9aqGl*acir%bzYOnSK`(_cnd8^boVWB z_ndrpA>9SLSx;zncsLIJumdkM1(SR5iF>o}neP0?7P_&;7t(`$8=eXbmUe?DDGzHM zfz+XdzY+Z>G(0@dpCqU^y_J94^%4Ex&3O~);LYDg;~$XaSF`Zdb3#J~F~vls&J(=c z&Pw!^i$1hfR+tiT_l`-L?mNW2>nCZ-oFwi&JyDX)8{%%Tcyo)dfw=eWSWw<V9fd*2K_J)^^VmF7;vD~DGvESf}v^MK`i`>sd z#p;S8Zk-?%d{RiNKyKna;%?*w>F&4U?)kAKL9E;-;$9HmgRutv9DFTF*82JJ#`8-F zg67#k@!Z&=UIfj;Upl`O{!V3obHq`W@Dm+3XeH`NiL-kK#AB!FK!X|hR^Thi+h;Vf z&D)q{KFySJ!sb@N(y;`{@>4)xMJte}W2z?zkHZ|C&>^z{o@m-3)#IWgO>gBtppfs; zveVs#YXW77GvR3**xIA-hCSJZ2U5;>%I@*%$Ccvio7ijQR7{oh*uaedF_tw8sOap< z5M{~wh%Na`5TGZ%FyI&688zj(!nO;DwFoebZ-WKD5i(CpsNrnP?=8;8 zbT)0ltZf|}9V@l-H_7=Un65GW*zWBQ9Cf4R_QNoU3jO$Il7XRVC z7GDToiz?{|#vDc{t{3yQ$QQmAbLAr#huZ9(rF#4`eX`WT*J93Na{ROGYH=n=ceTJ^ zK~M@8_qCYxn8DWqR5==bExsie2F#ZVbf%izA7-_+bbrX??hoI~@x~6%=op5Ik)Ot} z2v2vrH#4Ey?k=m<=b<4kb8^oEM2p%5C8d^c1XLIEc=qx*-mJ;#0X_kM^*Oksmg!Cp z$7QF7L}lS>-RWVD?)2~;VcXp4+F1wqb%3vN2PN;i+}eizUD9c+l-f!mPUoRZldLe?@zTKGEHI-Z1i!OOL?Kg1 zM9@1C0PdjVJ~&>-jg!V0oE?A@=IpRY!`YgSF*rLsft%Z#&TGyNH-%_5xP2loFsHt$ zDrKRfk&JjN)MwDchWcy@HP+`F-QNL|vv8dtoHr%2Kho>~FfvqR3M>tj+=qc00?A3$ zSU-F6uS#wUv^l%CXc#iDnG}rtE_yqRf`3>&a-ZYg4vRGCu+eCNuKx$$y&2zy&UY@0 z1uj$PaQ%gnAyrLAGR^_;7C4vzN1|Bta_EKxPLWpwkAfs`3*I!r4{I(BiR98yA79_V zURRu7h8kOP#W=ks9~~t*Cm;hk&!bs0kGwdjeO`ffCo(Tbn%d{xkQ&?P)3Jv3!9FUt z51r-5#3sBg7U|v=J~Bsr=lk({=54VM@#vz5IU6_fz-&>QlVkPTyf#uuydGk~g_W9E zE71?(6a88xKZN6Sj-%FQxSqDg<2 zL?KnhF5)%Rp_7 zQAWlw_S5?ez6?##mHP*Dv0xuy__T3Ans=Y@WjKOR*BkH;>BaBdmw^qC%#ooO-^ez^ zGEYO=uvEJgM}|IzFOzEha=LIm$U&4o$|~C|0H-yFSz>4%0jG@&2=q;;Q<&@I@~BM~ z)aDwfy@J&Kx@>A63sASv0O|sO6QmxJ92uIPsmYPyOODkrXW7jtB0PHqE!+D{jtrP- z4$bh1Y^yhDpKj4!BOSu{=@mYN@d2U-Lygp>XLR6;5H_B?VLopW$C86KhNnX>s{cSO zczRE?n$D`hF`;JBUla|g7({;pL!PhWA7{{sbhKo{Va(E`}(gqOz#s%E>_nB-*SCU(YbX_ z@b_6*2@8kxE(f&fb2e=Ov>8Oe=iN3i4Z3BdfY0wXggRsL39E6wDoh^9aMV^?gmccH z3BdXM-*wJA_;Y?2+8gA|Z+e5o`1>*PD|v$L{G!zWhCg&8k(($(bZy<2#pRsS9>X&cI&15$;3Ki{oLFS^oLK)2<6y0R2INM?*&6xy zRq~wpu2#Q?9&ELo4)YI3%6g_?y+Kjs32C%=9^2b4`{{Z5$}aOb?c0rqN?l4~9NbQ*PY) zvQI;A*{5Nj?9(vM5HpPj`RZ4H7haFtsHORit<*8Hnev)AR|WzFjdO@{sR#@3G>pc!9Iiw86b6M2>wRk0Vg#8uK)l{OPEE*5l3(Zz*~5o%>yW*x`bKL zKNYsbu%y&(DG}4&fPd@Fd>Ldu7i5knHdfi(#ac9V@D?TKK@xwT(Fi-`Jxmuf2Bdn1 zg&83qSA-?xbH53ja{=pcdrPejw_Y@!s)_Yz(v6?0 zX|it@E6%zXwevO4U$8h|b1pw$v%-A7=EZ?hEyL-2&HM3u%^9Yu{!-_Xn(N66m)Kkz zZ(=zG04t{6q&V{(TIFXtxB;hEc8}z5l!YBJ4fUD=Tu5?^dKI_IABA>M!IIn@Zo%`uv?rMj~XKe&? zKXI7zS<86tTaKFW+@AN;gy&{yq4PFRCYZ_cyhc#>+ItMytfBi<;yQ93{6lzdj4k;y zp1-<8%3p2sv??>5e;H;OMW1PkqNfoL+q4NC7An#zgq@@!jrprB@Z=6*wc^P=jrpsG zf%@!GoS$Jtx@UAms;5VS%{x6Hpj<==tj_@&rm`UV@(nzHb*jhla?L^X=Wx@88vTxr zCs)Y{tP>q*_QvE8>_pSIba459I=H-=z-5?krts|5fQ_|<5#Qmi%1EwYP)jZbj>8SV ze2-i1vdmx2^UY%ZYMXm6V>QY;o*ppf3~$(H|2m%DaK2_DX`iV1llO6;c^4`nD&1K` zLAz&SRonCvRaJ5kZpB)%`7imDlKYGO67yHTCrH1}^H(RsM5y*ME^)5vnmC+o_kx zS&VYZog(M2PBKEqU6J#3Jm~%OJtBWKsI;pyDriH3bdiiR5@F!nVf=u~B*cKvA|!;T z5b;;EeAdL$ZVrnk_DTv%R-9Y#;UJ!`8rb>@uN_!Ve0hw{fApkODH}Bs&KZEfT~n=~ zyo-17&xT1-O{GM~RpS=1_P=QSZld0tIUuEaE^&;~ewpVF8lK-Z3;9CU4je7;Dz zsi8oXCx~V%BJ^WRF$nwj$Qp(1Dn=+2tyo+FUx+-{u_c|3VG3hB-i0W3d;WGgE;gP6}+XOOBgK;X1H#j%x`HWC=PO)x-6ZASv6 zD>Na$0L2o?5t5MU*l!w6dERQS=7_l>+R5qWpg}|JP5G-& zDS5X@Z&gWe+0jCaa2U~=VAp}p7^~3o|Bt;lfsdk0{>C#oU^qfg6fhtP3TondBpz!b z2pPzP9-IL@0(gM9t}MUxLYQzUXvkzBZ99mHtoMSeE3Oy1ig;%T5WqpU~D*I~| z6DBI3Ah+y<_ImTL%h8HclU2OUs5tO~Zg`gU&ENuezK_Wxdn2D+jrwjh)t8d2zC(sb z_IAC#9YbU4tK3cw*-+%@YG#U?iFap37}Wbe`q9-y!XS{-2O0!2lH9PH^`omftGIA8 zBF+w7663b*L;08R(bb&$iTyDZe|(AIvu&hh=iU1a)-Zgw(Af$=ZCmK;^)X)8D~uzv zoAJB;)$rKPAdl^7F=bC^rR+?@XRES9^5_n&CQlK&jC#koj0O?Cz17Sy(?2y^+Z{%2 zYD{g5IC5$=exs80(L*}x2|sIe zhixFvVf#v~!*+2^)LggFbZWJ+J>WobjIq^4un#3;>)@j@wi*>ijIN7|V-z7~f4ZUh zpg3;?^JT}u&7QB!!olTe!GAlDEJP(ocV6{+V^Hg326Z1fZx11fusJ2pd3!^w^Y)4r zQEbZl60!OGkpB)guNV@eTnTLE#_CJ|ENT{?EW;KLiQuz;0zT=a2bN#2JS*f^zacU5 z%UeanDmQanb@QYjFg&>%V~(rdOUG5;2f_x*Qxfjo{K0$xbbe?j7RsTB{+B_4q51XK!Z%<-L{4}{G@up_Ix2sy+ab7{Pzb_hN z9}>m)wd6ypct7eM=$+^Tr2`K0_s31O6a-_;CdOIScRVA=#>2Nj+NA|6gPmd=xa87L zCiDq5U98dO-{7alS=Dn|fqeCQQOLhZbQbpJz4H3x`-Fa0bwRUdRo~glS=Ds)7oTUJ za8|Y5d{%XVmLCPnce=?(d;g&S;{Nyx1|{DgzvCZbRK6J~_QyY@duvnZj?OA$fBaut zam$W-H;U;!iGIe6#t5dxHuI;*yL#piF(~If=A}9~BL>FrF~2RrA-gOYv6$vSI(;Q{ zKf|Bj3Z*>xP89xsCVFG{8Q$1sPYLjH1$dRbUH(soH+E1f-q-?DD{m%Z>F)=l^yuxc z$0{1@hUtBI&2XU(z`2*`_$jDC04G85)ozoPus-69O^{QOgQ}mWJS<)pCmd9LpZTEb z0`2a%O#w+JH|*8{$5y=Fhx(cUyVZlL3$!h7Mf|T)J|m_-ZSSu!xnIvoc7x=z$Nrq^ zE6HpY=-=Ww)dgBk1YqNwYG~M90WJqF+(n*O*kf6!)Fzx${kr*_>H_VnH={%JsLAI# zAlWsJ4;_1->tOP^uD>|y7OS~9NyGMI?{g(hAUMj@@UUbJpK|PduIs4buM49MZzxRC zaMQ8(xjsV;|Jl^=m}CwAcx zMc)cyysUS`ynPkpbEW%yqHh&3K3BT&J?E#D!jmrTb)N+lX*op`y%ss z)ero!+4HKY67Bo+E-AsjJK4Y6LbhsTi@1N%wzuT|DG=_TZ@!JXf227Y-D?-`PYS(w zZ2UpN^V;MON;}`|4>~8_A9T_MQGd`g=OygK}O{Ty?LneJ;W>ttGQ8g{>a?W1s>WdESa-&EeBzv<*%yN=4=^z`|0{-#sf;%{0WjBh2z-}Lpb$^1=2j?&+Ba)#k= zQX>AQvg=#-HC=<;p%P=aCT-9+IriEWnjL$lg&O-@7xCStx+CcLHaUXk|JL)Aqb3UJ zzNe8{_x;c%bUH2dW&1wU&;D~;p`Xs_QTiE2<_B-P$QC@iCC-X}AV;_2o3?Si*|~YY zNhYZ@mF)3hC(`+VacR_1WY|i(Ek?cN18n5VpfCjT&dlQ^nn7lPMuLN)Zlmv_9X(SR zXH5Lkv-$oC!*U*Lo^ghmrN*U**$c(uK+SK)0=|WSS%~bqbK(z&VvN3<&oHdX$C24t zVVBWCLpB)hMjpH=XD9d@0e{Ikt-$|qGQ;=|7v{4 zEco_NzH6p_>i~bac_$g zd{8pRf!CAYJt%xouYf3mUtsu5&b&4K&N*VQvky6Y-C&UJNfli7837Zv}7Ho!p?pWWZ=#{7(i>}onjC}OSo zsIg^F!rg`!Vjg)Ro<#1Wvs%&_e{8iRr)<dER#9zPF~{kO z{dmpyi+p61;47yf03I<(47<}|ltmo%P^88HLZ!$Vu zwZD1S1np|m%`*2soUEn2qV(sC!Y1NxSExtJ;IVBpTDlo%P=_rnfsQi7`D< zUXRLck$;mI(dk}Z=G~j;3*O!Ohgc(e4LKG6eAGttuMGnFA%=j+1Xx1V8cFbuRzllztt7wTzI~|UK>aR6$cS|hp zs4C(>w(a#e+_G)&+9gq2PM1V0d9MQ|TXVL4?xWf8dF?zw4@6S2hR-?VeEM~-SqOX% zeIyz4FSJIu>HYF(_Z~Ocdo+rqhsrKKdhv@ir zJ;rxVuI$(R_%5UQQy__u5nNASV(<5j1v>mx6zFLtps!1I?PN}J`{Nl9YsqE7+>F*_ z!KXA8?Cl#1WsE6*Y!t%EzoFN{|L`F>W(Mzx0{l|4%Nu`4ZkxWaS^vY-R{al;(c!9g z)8&m9CTsYaeMuW$)2thyQ>zVMPLtJY(;bTMB)da#Kyst_*k&7E)T$dGNGv+S)bNmG z4d0gh`1YTgbpwoOwc%c*2Y+U|Lvd}gI}}GHw@v$+ZFonkZh$nhO^-!mQD^Q6bA)in zLMpjgYiSc7qz9ed9DIw;Kh|M9JsFHChmyj0s9D4PwXMSVA}!3`?8APr<{fu^{vL7M zT}EIppmUTvi36FN_nz%~GRksfc4hC`r$OC&Hj?V74Mw|sexGFL8YicRLCtn~TB|OD z^Z33Ny0%eo_^sYa8t#+)%-c=>fv@6Yq6c?xlfpv2{K(64vlHTN^UkrW%^ryt%^r!b ze@xgCW_Sn+W4sO&`w)E_Yp(s&UraB#jplsYV*C;3$M_@u6jS4kF>SAp$@!_VKP=gO zn%|uid!OdclT7}J%DLYIWqXi>c;aUFn>?_#4f{=QSsSz8Wa^2>Y`=-pvrYbmfAnl| zzsb9%iy9q0llvF!JzMfGT+p*Q|H5;9+q~aoe(Zje2m2nQ{U#@GJWBijiN9sP$?^@m z{`>n)*8X1mO)iV>H(3zfZ&Hg@j?>^G6_dn4+1_{i8>u`jykEhjxlqd%s?79R7O7)PHka{d5nA?uxk40NZZb z&(g!z;(nHcQp|pq`^dykcO@p@_(QP7=jj9K9h!XK>`Zkehd~r$F*7k?!^_^zVx_3b~t zP5Vt8C$we1$;$3+*>7^7dt3LL{Ob;(Y@gJfKi zbU=X`%Sjr*YbXo{#pMWY;L!;zTf1J zU0U96lAqO<{U-J@A-`U;{jb??a_hY0`%TtK$JUB^mvk)ln^gOg?>FfqC9zB_IrjTa zN@)uCcb7KqH#yFKZ1$UUoFd2u!Gpikev>ix{;%9`5>S)xH#sHqzqsFIWi$6NdTtk^ za%<=RWWUJ|_Z*}BCf`lc-SC}$*Zn5v+|#!GCM7y}Z+7}E`%P9W|M7m44{j3xyx;Nn z+;1W&$@iPw*74Yi*WMlfll>7W8pYRB>cmXtE993E_2m2R;_j@VmJ-LaA{#aaU6DjGPLjb(GGyqYQ*NYH~caF@~zG*0WA@ zDhnB(wOk8Zp7qPSB=2Pp3Y^dtUQXq6xxcu^Oq!F0&IHeYP~89cYxflGSBQ?XEy4pzXO~sX;MCz-YN(V&p1(5zq_UaiI zL8f1Cx(Kp5;UdT?(?yVl+TqAWkS87L{vTZgnMvi1iy+6Z)ZxB}F;77M`hlKwWh7~r zk(AYF>fI+s>Y@Gm_=xm(I31S6n=nZDyZ{ez=i*aFYlTS4->5xc)Np`uf->^g>IoVr ztkD*&5p`u;2kUNV8orEUnu*@-<3=x)9q@+*UM&PQw74+bxNV5Wr4M(RZeBdk$u zq#dGie>7m&^K*nzo-%T5;j{z9cwLNqA8=Ygn`LDB>OiDm&;Y53iIi_=%+anea#l2& zI)90g+S#0XhK|CFf9~y`cw^+7d%7pw82Jok4s}3=kjM zZ^F}3BX#S36X1_>s&W5g>8R22?A=86vi}8PD$6aKB-c77LX`%atdrG?@n$6zSQ@=w z$||$rwGY2$mF3`f0rN<$qsS`KWc)uy_PecgJ?AYn)!Q6nq+CY>o-&^Gcv>Z!J6p1q z=18`&1yb(VIw`lbTFP}V#rH*#=8m#0i_umV3w~}cYYqvCgch@&B&m=2fMygaYaWRQ z%nH-x+ICzs4Md4m%5f}`asX5gfXe}pn5{68ww|2tRvMg*b#6-&obajO@Qc=Frd;YzAAqosRA*pk zDyl%49N8NhFARk_O$%_b%nG99f+^k=OQeA3nGELsnXfY-;i9!?IE`(xtvn zSBBD!OjRG?o7)n06*jq~p-m_~Ms9qT@Fp=ha4s(&WJQG-vKsy+ch- z%VBg#Hlt9+z>mMibd@UX#j%}G`tw=Bndkq=Qv2Q?4XORt_ryH5DTp7U{h(nCe&edl6sJFZAk=lQpy4CV z@H%6}SD|cnC?o$%NB(}7QU;1U;#9)U+;67-RaPA~Cb+Gx!iFiw3t9LDm__>&+H|S2 zvR&$pR#4JAPVW&guAn++gpKYJ4G$v51=*#dE&vF*5;#mW8eVU}Q0r1=L4Z0M&?5Tc zwn9`dl@$l*&W#m@1Gsk7Gc<~$4$o{nH@AX3!kX+0d#;UQ>V+p-!PLhew2CPMMY-Qh zJ3cfk25Ugs&CR3i+$WNtEH55qmjVJXzYNJEFt!zdo{M6z4GpY}!9-EZa4zmnq7$Q}{|KR?yHQp)F%YNjf(W`Z=)_G$CW%aw4Y7f6jtfBj_ zcs`0UiFbD&eOjV1)Apo>!}B4F`j}veJukE6@-L!1xA}CEifBF?Ww0gq%zr<{%enls ztN5W%EiV84^ZD%&+Bz-!UlB8$ryrybDbfDSjf@vE*Z~yqWac(KVGNxk4`nN}K~I?I z!XK;(GQ)bpbc!7mux57piPA*$qDy(4SHwu}swa~oL4pO%8fSoKW`8HXEz!RfQJqj@ zAg|i%qN-1OT`o1SGQ12!AdIi1j24a0Oqs8b^*DWsCrk=q)nH)dvgt0reT>WRoZ<3c zc8AM<)t$2c_L;JO1|;NFvt0h$3tavgvP+psz+Fi=>Gl~zePutS@{+0BcX|SF;$j8# zXFUNpxe_?RA0Xp#feau;tf$0vi0J7~GZqvPt4P_n=LqK%f;Drio=q&=9@p1t3;L0| z=0Y((Q3LTedbZ7GoYsqPU+LepM4WaqaN0?y=bsp-7X!8Si*U zqZybHR}nDYl@n{s?aO-mM7&~L$h#cVSJsJ9>oQR*J?zWd>$Mh+5w*%SqP_yXKGc!< zfnFc=>p3orbo=s-deL*P6GaOm02%b=-HipQ#ib%>V7g7rpjkISVS)6%NcLa&P(8_x znbgL${c_Cld|<^KlFPKVDzwbh{?_Fh!0?>f~@YXhzZ5Q=i)e;0P_5U}vujIwHza_tg_De@GMfh(fJ;sqD z7G>@x?aImRFi(~u5;aw(0KB<_c?p-9LQ7)fRts4jW_^p+Oo%g}pQP~Hm(vO-C~;uk zWQ2N`Sm6cp94D(?0rV&^P^4U#eqL zvuA+p{#>SGRwj;c1xl-Z<@Mf1l|hWkaGB}{b`n(CN;6!@5Z=$PZ< zr56(M@#qUJ;Ulhpx4e)*`Px;c3O*_ohLf9VN$61ya?V>L zqZPr9GBzlorU}XVC)C!z=5ZB4B(tg-g*W;=p=Rx^=LLAkZpiZj13+D#ualNpNErMP zGP10j!N@sLMh>0OoV>X9`G~w|(&(&}Sd2B%WDcgj5ZRK@PhMPZE%SL3E_wbjravf! zH$(f;k?I7ss215j@`&s`Xr)V%Q)FrIT14ixb19D1(@v-JfM{`U>}uf~ifE?zJ6TLr z*&2M67D>Ffq=?pv8p+u*keWmDj5Xok-?@k>QgLsVEk6mN3v~wcdD+)IruEtwLZXVY zDps7Tt6dEG`~Pca*rhsXiCRaMm%YfB4DoF%L<@m>%-vm!B2qBam%n|*(CILT_(itL zmW^UO4C@Op`{i>x!%lBCY-oW{Kc}DiBcs$BPgfMrrg7|~OWaqGQ;1ok?AFfBp#Tx# zVc}nEq5oeQ{Xf!D|DTKRfAElTV-$cpp8FN}Hcdo11WzSgMj$lgg+T;FR+aLF22-1U@F$g!0rY8Spob>`}>!G7|&;E(~IirA5;1PDvgq5tBhq} zv+YxFcnm!!#El>ErxO)LmXhO=uSeU|pOn`6v;GUwpU)2`>CcL1k5PYSJbSeL0ZkMG zBy*wG@^_8P-?IMMp!K_zh_9?cWe@EoR*H7JloTG4L$%2D)}mO+^6!6=pkna|^$H13 zC1%n!kSb(_@BhcJw@HW=Y4BBX<8r=%}85lk6QLdskUQSIKI-h+ay}BJ|QLSZZCY_%(PhWk0_IECaILP1$ zx`;P|=o7S7R&Sc1TbQ2#e-XpqQ*-}v^=Ho@CGeXm0t;g8|8dDN))fR!WTq`?7i z6VqU3${w@E8>K-7Ll94g4e|PfL65FDdYr;7N9pldqDL3gh& zRjT|e)f6+Pgz?aM$q4hLf5Z{y*=EAj`LXFKQXX2;r<2iVgSLp~rK6@#qa!Q}<2s?; z@>DDI7Du0#JQY9Qypq?4JE9*F7bwt0X+K^p$!OZa#W8{l`rpC$Od#i#MPq|?l+&ya z#*v?TBmu(vp5)QOzz0TZ8~5s?rGwUNeZUh@RKg0jNqc{H3_)#+!uZ?Z`|$}~ns6l% zc@n$cbg34nf8>6w2^zs`SRFZ~!FV>MNptVx1x>fFcJlmDAzSJ&e~?I-Q>QOa{d}lc zGt1LSXkJz?W6*|zQcQZg$S}f`;dIVm*%-<+Qo2$~M6e@!AH6$yKu8Pg-2;ewJ&N`2 z+Q(a4@3OFM((Yf+oo>>2FAiu6^HNMr<*3PIK@xOJtJ%NcLsET-0B+J`9bjQ;iu<0} zOpk9_PkSuh>d~NMVl2M2ARiOf z_h%>8r1f~rY(GgdpJ1WSCefxClc+`_az5L5O!iPs$iHAz9yK*%4}I#c}JU_Npdr*CS@yNMdhd@@~*p>`kU7fbE_`1)tCe9x#U+l)Yj zr%>%s=24!k%57mhGnf{2cfLLJVjFB%j0=e}<*X_i4eV zlrC{8w=5?!nP`0T+bojF8J}C@$lnt)9@4UmVZWZ1@|K7-IiOwpH^>Xp@)ywox6~^{ zZTXcZnL{}XIOhO#vq<*V94Y%pq;slcImN8g$qGh2Ze&@#PQ z1gN0CV!h>9)CG4kaa{_J$`waw!$TTo_p~V;q&G@;1|Q*Bb=zTjiHYCWD~=l!)Osaq zHTpmwa_CQ<=m&irKwpcDuQL4^NngkC*K6tPc;o9t`ZI~XPUo*Po!;H$6pS(b(%wXH06xBSMp@U$}0$w&Paphv7a4coC zQH}bRqQq+1hOE80-K9JX|}#P z^9+C&lU}7Aeh`8wX*0TiShu8MvbS3~ma?#6>NPBA$gq-1>k&u`-LJzZNK?|scj+p4r*75 zwt4HiFilh>ZM&8JrW*ZyJ+{A&2a@!+{{Hy>c4@u8(RcutnlA$Y;lxiLjL8FSBLa43 znu|=u{tK($j|qxk{xjkMvZL_;Gi)3Wpc(N1YqHuFkAU`F>I}X8O1lU~7{KwP{tKUe zFQ)CdcnnyTqU|4$xcw%hedlj!Ki$+mi2lOjR@zTD^&kv4RWv62UaX%c8op9veaO4xNJ$T`MqqSa{zl>F zE7d$x6a3Az4us0$PrsafK@>&n@7#{gwo^)l<8Ms0?)baz+ZG&ugZ(@KuckKH)D*z# z7d4>OvPUTBEQx)ed{GTNyQ(g0Ol?2k%eAo!kvs=j)?uAIubz-W#Dw>-dv)1PW6_m- zy(N52OSVPV=l}6|+IT!a{o=Qd=VMgTTWf1(Jh>z$8?=KGH^^!sWe)W+>enZZPgSz5 z)xwCn&NEOQ3J{ypJ$=1Rsh*R`Ca^kIS)X+|?(pK2ROP2=+z4`THf z@SGydnMlKG5JfjP$YE>QM&aK)ZAUm%YYbe{_=~vl^D)(X&IIY%QXdUZiDlk=l>=CIU9FSY=7X# zbfN0lZLZvExv*(UPZ#s-PcCHzttfVVgz#`!dt6{TH{_#JwUcwd$*Eq|$6fe?=Nh*H zvq(F{mjkQmbmXIz<^#9#GsTxV)#2#h8qW}?f0QQK22+?lY=m-?*ldKzN!Svrv#A8M z^=#R@BHLBCs|-uY5?knMR6;-8g};=Y7;Ya_-bh!0Tp7T-C8tNj}15^nx*W0Of z?MIaGgHv_&V;a#(>tNN+aEMj|p8ih%G<4@~oACM^@bq)4?IE0;Q1l?MI^WHkjs59g zv!M5<7im2gVpg(jm6d_IjXA15$Jp;;2PNWJ(uQw75;3^OYu-A2nnTND$&^QPy-PjS zg-ArK@!Y^gK+7;$09=LDQ@UdGutGVYJ++3G|D$Q#G%;?sXNxiW*)v^MB`0kt5yy^Z zxGVw4(;l#wJEUdB{j%-lbolKP=#K-~>)}wbm?~CE_Z5Tcv3^eP=SH&4jrid{F2&g> zW!b+kuCj-V!7Rn98`&(yiZhM*rJD9$^l>YnxC{4|EtZwhbbPAkk52#HHnKFh3io^Z z650bhGi1vu7p!LFKCuL7mjd}el)c*13oxNtzHuoR8MCOdO8~Xe8jrg4oHKV7E#z`R zf%WkE46s0cSe=0%GD6vA{)13)hSy1zQ~`A7&yOU; z`0IIG(9OlhnV8X;d^~mjPU33sq4X&y!S@gvqnm3gz8B^i{o~~AgaL2;VP%VVTiOI! zy0vzKG^x7S>2B&vLy1THhY?rfev!@%zcEWs^ z?k&TV0o7y$39rFCq0oVy4025pd(-mR9YcA-*0jo*`x!8q=2BqNsqWo8ueB}7)0AXYh3=byPk9cDnu}<9}8{&*hN@y=eU#`FU-T7hhYC)yZ(Ui+|GM#j_iV#}Umr9Ee5yCufaiJ51OCsL0Y5G6RD>J(&+c_%;<(4@ zm*5yjwwhigLJ9;KfF#;H{&SLzKhPVl7GqCF`Le$q-SEFYn}$E)e{6RAZAUr&718m} zPCot>t&P9F-DXkj$Y-1M1?F=3O+!(TjR`jcF@cy}Qe3%fq{>IB+;V8X^zUw&4j_M* z*F%oY82Sm{>qAfDqfMKw8+o7N6jA_YX^#B;7|9|B%6D=WGf}pr**KDb!A>3{B`Bo@Hd^kWX!J6+zZ#2y&dX;9@UHHXKDGgYYl?$ zE+P~(-Hv@c3L*e_=NTbF4-(Uk+)cw~P^e9tSI#@fT8dB8N0P}7`a6~bYlP1;1>>{X zG(J|Yab|gJ@SAx*7+IKp)0VLI8{)Qvb>9%TCG4~faa+PJ*pRp-tY|~hEn&_L&2I_& zU`?C1gq^y9_x6O=o416WeP-O2FzC~)>t+Pc>$xLL{<|c4Ezhf$6$qEMIy{dQeO?_YRM!XEoj!mg_CR&R&t<`#;v*mudF_FlCJ+loAReiF50{>e7crX^_}h?UdTf)EVXqsULo?;5kIm6Vz<<3%7rzF+jQxb(!W7Si6vk%kEPQ@tbZ6mXD2>;d|s0B?dEkXQq5)s=vH2wX6qnx)XAKc{0>~z0J|4HqS_Gb9|)D=zQKR z{C_aj^<_;$U0u!azfltpmE+{(@cR>To@j#q^O|Uze@Sd}(P_=X@73!+JE8u!Pm0$6 zH&gxX6YDQ(zW(wV*=gLsM=RnRxZ2dfC{qLfT#?Yg)_w^Mi1TKOQq9Vgk2qK`o;aDr zw+IQ5gIIi|k!t6E)&V?HkmA8=ui6^wC{7k~cZGY-1}O)nCo>PwNV$H}2=I2Cc$-9T zxjxbeWOXiIxT4PI+g$v9lJnZZclnTqy6E`?bZmj9pHI*r+57~Jlm$Ij^(|#J-T}{} zs5s{#ZY}4D`65rYlvSD|WsNOBF{)j%Jw%b1lI;l+a+2+tJdsaEzA?x*QOde;I`UE| zx0L1Qb7*W>g7O<5PGj?r7jH{+T;U;L^YQdn>!V%MB$A+}vjneokg`D;_|&p2AMc~C z_0dcwMEtwrydOFNz-Kj~LZX9^{iTcS%c)J0TJB03Y*PDZ$Xd0}=^OhQW7=ZG$wp*H z%lQeHn!WtHHs*IP(z-U9DmU4K$kGf!jn#%asz{y<5W?-JLe;l;rx#dgCRj+wmHUq@ znsTzXo=(jZ`B1NQ%Jq)?>SAc~2uT@NBjy$FblFn&2TUc9lncjDQSZPMPcN4`9EPG% zFe`oN&fVl}{L-Df!7UB`Fq9E`&yl~zY1tq*PMGAZT|wHuOS0Fw3pY%;FZ2|3hYl_| zEf75jtH=AS=ndvaalagKOv|R3@#m9xcS8}q8QN%MniAF$Xl9W~ufaU&anMa4t%q#~ zf)a0RutT}bX3DTRM3h4>81yN;;Vc?zy5fawDQdZ3l82c|8f(PCK^^hcSzF0_^68&b zeMjHM|BX}mM$SDl^#-SLEm3ZhQ#m3RHb@nR=`b4PB-(|+^9@-)gQSTM)Yz;asBv&M zAL((jID-W4!`!A}{>}yBbdUY!(>>hEYvL{^)LEC<`s&!$U(;K!Zn5>5N7cGGG*FxY zXW*eB5fUvH5SM&I~M?zLA<{-i|hXqTY0qx#_(4rl+B4mt`NH zXTmKXLd*S=wCqy$IkD8CMhOjkh8d$Iy&toycjY9Lbp4`sYmoug!=g5l)Put0YX>lrRt-lZqQ2+n&MF}dFhCv;EQ^xrf8|N z^-|U(Sd+Y~sMJq1IgIT*1h{){RcAGfj`KgWvH=&>qTS2JGxd{|B$-Z$&Vt*oG| zes{H&>mg20w1=DQr<2H0QfrTJFAT`UyNdm+ICE;ey=qCU)uNA(8!(FhkJVZ0C=x^G z7$YdzJ>IE0AhaB`Eu1b0^Ee{zo!-&?R94-;V>9`8dO_cXBtn|L9{rqF@Y<7|pm~1e z_TM<&slLw3W8Z$5nXp>E(I!=X#;x}1H$l2BZ9=j1d6T{IbC-XLEz~1Azu5gl!^NjG z*pIv&VR&In7H63dY zSB(bnI+QJe?G4dr0Zlv95gmGQp3{3N}07_#8!maw}i#Jkp>>RD=-1IFtM{!#k+?G10zjKu{%}?t$ zJcRm{J{yG8Pwqd5>@!nu_uhpG`Z}k|=#u-F6ivR|dzXy9pT*rQ8R=FTg#vv&L9TF! zxUEiQtvh$Ev+)a9*__hgwV_m)L*brj{8kpTuZ-DOF5Dol5?$r!jgdQ`eR?S5(1|VWq3xcEJi-2B+c%tPlN{S!&aX=E~_9gz);ZJ;fbv z1Xci=I_F{1vpdaM!iRm#V{=%ic@#M+cL+$8v;#XzJc4K@uvw%7I;Jdi)m==eG^}14T~B zQSFu-tK`1L$6M)8yS|95?NIG`FR;yu_|P?kP-P|^;ReU*E_lkUTJ;GjDWNCHfZ(*e z&NKw62zIte^WG5Vb=p6@n(4NG=|n7*ZDrk%y4>k^kJnPKr&|k4Nt7`@6${k12TLZCz4=*E45i%y}bj z8u4drdX1CnCP+V4qe{o-RgRM_m_}}TL!U;zy#?h@L2f|SsVozp#SvRQ0iAfsXj~T6 zI^SN#TIWnu>+(CQ-#QD;XyYcM4szd8i@kY(#yLlc>3ShiGwK`UxDiU5G zxSaC$m&~w~^+9w5#&6mfSsjW6@+?5>QGmt35$!(p|n>^sx$o>&Bxxnvs(P4?mtAC!nP58i@$OqmYp6~fl&$pD5 zvFH?A$`Gvk?r*@~^!wrcwvzXIx2v$m(_Po^YSW3>%1O0@`x~NnR<={=uKjX4`-oRl z3>pR_MVd!vS0JL6&PP|^jZ;c7O%4SlqYa%wR_~*#0EHr_4K0$>=JI+mZ7wg|(&qB2 zDQzyP57IK8gd%zal1YznTbiIjRLN=gvE4WAK0|MCS?Us1hjB3PL{x{%gz7M`vrrve z>RhpQ9|X+-(F<6+k2ng=p|KNb4g)RZfY#{lfXIvg$8eYwhfh0+Q&%fz;fG!M1iHf% zo6A2m&!xV^UGsi7h=ZGpm7u(7J5W^sR0-{2Gx>z4oIrKLVMycp>@XfzL|8hkcJEG$ zJ+SjcM~9uoN*N+2MgT?Gn||PjRe7^Q-A>544*m%{z`R)KSJFLZa-yLB64s;lT{;fG!MoV9e9x=e7{PJ_#SO5n07UG=(vq0L(H zP{CrXq(d`zbU4gQTVk&xX_M_Ou-8?+prHQ;{AHj05pe?X7xYl8vy%gHX6_VcCr~t) zsaYQC-yyP|tCxI#ZjOga=sKKu{vkD(w#_Wj4wXh2XlaWK1Z;7{g+tk&Id8U0!a2)Z;+!XvanAi#gL4eF*&nn1IU@LH zJoC>_2LJ4Bj(_ZYXBoICpmWix2p9c3!bO*uxX7W@Ys(<7LJOK>qPh%Xq5+sq4rsgg z5D$sp^_pOzr5QR4rShebbz-to-xDnKy}?2U5?QDhRYfdRtbl02M!yc}k^;8Q7OZ5< zRI4Ja6i%C5(gG`W=>b-XSwH?Jep*MP(HuVmAk+9es)k?o98EiT+A`RM%Cq}-*Y zHN#!m%w11h9^tO+R=8_`&Rsug%l}N=RrXG;BZvB>Po|R3#qNpZ!hp8^u`q!0WiMPQ z`6|;B?K_JM`wnMXCHYp%;V1&tM0s{%mU68S3{d%{=R)V~U+Kz)H_71al!knaaAWB6m(c5!9Mppb+OgX$ zTx~D--1A-N5yW?)5c9{JndBIOGUPoF_T+#9=iNv9O#|CtybD-RhdmIqvZviy`vFmR z@J9RriXdnN)JuF@_I{q_iY8dqoHZ`2f565O-grG zXdTCiIzmsG>-cy)>QEBva762P)l|niE}Z#nOdSf<;UHBV&IiJ)Uhw{C!P1q;p5yYn zH|MX>uF9hRbIcrBnKh>~S zTuwJkp0ZBzEymNnKVT_4o+d52mePT#uOm%;p>!nK+?If|FfgSH+Q=(WdR38^dRz@; z{=&tPJNT{`Bkr2vXb8Gd#-B0&c*18f9r2%$j+}9~$@{7afF$x#uuAu{N3 z79tb*fzLvU9JtB^a=d*tEoxsamU7?C5( zTz{Q-`l`vIlKUf2g6{K~OLFWT-gm)CbZ^!0zOS9cQ6wEclPW)eE<50e zRQWQV#r~10>9ZaAUn&9AT4SnbTlx~J<{MGXU}wb*3v|0uW3LXi7eKB>?HkdDFA479o$h5|{W1XBk3y@4cUr(;i>0!2)AyoO zBT5}~cUb4{@cD4%9nLXad5z1ar_=KKit0?wZdUti> z2D!Fc2uux0`&`mH4a>V4)-bGARVqBp-<7O|i1yiq<@h~_gSZEA5FIY{cfH$b`NV1Y z2!TJhhzvo1SLL$Q4wW@CtTaA6?Y(w_bn97}aOxYVv#0OFnWR_nYvU9w0{>EY@029haunJZwTLgV0 z4J2;gUrnop&p=Q=G5K|P?IdbySce5C@v8k2vGf?nc!U$AT0xNBGj&e5EdrsmD64q4 zH|$?Qbh(PE8s4|^BnCBHO!@~I+3CVT{BCs~`bEHFJN!BcqgIA*hArnWk zu=P=-C?0v@(MLRN;*laA4T3Icy+B+k9@XMOivm0rMdNny;3(S|sjDv}^VeV`LMKJ! zYjIU&COgr?0icq`-!qN^GNorW*p;>Rz^?Xo@3$5^o4A~twmUHo3LJh2k+gYu-+Q}J zrywr7Q77FUKJ>f@L{hv^=KW4_|LL&E{ih>1a7!0fhU77T6q3h)Tu2_HJ3{gpeH4<% z=(sLU>x{abcL|Y5WxV3)?<1a1qm`REeT^i@9M8H@a; zMgJ!&ega?u)B^foff$#HAl0*c&x=WCv3S55LXQvWv5aG5y-giGnck*Mk9AdL26ZWe zLXu_wLp;+lXK7tWXCnKENtmvtmmf&;WRxFBEpvs+WbeDIEl5=-90-SjM2fqB+T?n; zyN=6}>{nO;WSlZGeYG5a<0m|7hb)J~!DVduW{W#ixQB93BUBlREpKp=bM_F6*wGX5 zjjZR=ve7d@14Hk?pAmPG;k(NBAhJ~X7tr5_9wHj4@-5_tpQ3#{CneX0#A%kPbO5Ap zJPpblLuXD!{M!$Y4V_$O-)(?bsP58jAKilwZV8pLy%V3@4;n4+?l zF@0sdC)g!xPLX)d6Wo&ZB=yauK2s%L|2fG}Gx>h?We>e1A`d66_+f%{*Br_P%N_zI z?b1UZz@nDwl8Uveh4ZMCUHV`}y9vsidqowWEu`sBTIQq4yJ`*@-6Wf?-^`gW-dN2+ z&+*6)!}wh!JyZ*IJ5`p756J#`A_ktK^qJEBbtT1#@My?NJ8{*i7zL#y&!yaok?`>- zC?yz>yD$n^s&o@t}I;UV+tt&9Se#nnT}sXFI6Qo@QX;M zs^kv*BC4q>xl?+BiD80LGSj8}lQ(B7?3dfILa?l?Ba@#o!M-Ic3LoskktgF%eG|k1ONXrIeu&$a8rXM`XUfz^emW7{o z@$&+#_tQd?i>n-iT|%BB?ZxUaPqE@ogTE&wR7}TQlx3r2 zs&jd&{*Ozbbm&x<>Kx-zFGC%rNO4;sir_H$hWL+Lv5Q&(%?w&_;m5E$oC@@g;tj0M zxYQn)gSWbrv8(az>O1Xp{0aUHqcWG>DJ{GG4tx2bREOl)RIHR@(3V{`!w#`(hh~Dv z2)aI+0L1q?e9xh)qz9xTSBV->RFAhU*J+NFL0^D5O7oH^d3wtYmYt_IF;4tCcHqis-56WN_5JyvKIZW zlhq;!LPvvBEh-Wxvkr#nbJQdHNG(lMO8YASK|sF0jsiY^9b+*d&C_#0s=lAmFOP|A z=hcRML3<-<7o!_dH_^MOvx=-zmQ3Cz$Y7cF*EirvTe<;_3}&a(Ok_H6qYh7SyPJ-W z0jpDdHZ=gRm?G0bOb8&A!Qt*fRq`a&U7*OftM2}a>`~o$Rq}LrysG3G2%M;r?@--+ zs^mLW_gPi)Ox1lsl{_m-k%HUe&wGmBw@-W2(G5$q8+LTVNq3{78}=M=&x4%~l%|s% z=}uI1!%n+T(G5G@mx^xKX}cnwBS3ehq8oNPuL|9;qZ^JvRrW~;%2n*QtB(GP-2*3E zm3=ylT~+oO2t25=-=RACRN3!T9cNY9XR3}1s_e63&+VxJhE$;Ts?iOE zw=GDxkMhago#QqT#+5H!5G`LAE#FBmKQ38$^ZlAe`S|-aJBTiJ7hUX)hkdzCuXM|f z&N26En(Mo8L5ufwwiETyBYIz_Vy;g=?@L)HHc|T4c!rXPD-aw|Cd>LUo|SZ#yD#iH zJ8~-U)ImGLp&pdhLt2*6;~CR|!GFLf+RBk7BL+bn?WGMJ$j3Gq=U{Fg7&XX6+qdfN zkCflk54K2^3)fA%l)>4S4q%*7K*ZS*2edr{&4A2*I&!MT0qv=QiGaL!N%Z^(05ZY^ z$VVo4#=wIqRr2Zi`kps`XDnGZ$kI?Op$}%f&pnZb9F*TIoVUFI|8>dVC>O4m9#{bz z2e;ab4j=cYS4YX2rW`iFBBYnzS$ff^5e?;N=jYRjYBT%Mm5;7|vgbsZbzl4|mkR^1 z;2VT|tfo4TVhK@n6WcA8^BQ@_O+!qu454HvV)0_|V!+(|t{5RE3qQkf% zeYmN5QnU}&mius9UR(N5*lZu(AJEcx%x}FvbkN}e5O05J0iBJ;kwJlPQzM<>0}hSO zq_^Cer_OClXKwD_Txa(7r_Mw*!P3ZiKFVsRTEO?9v2ZS2Kee-5%QXjIflrw&+b;ED zd-?lf>9(NSUOxSl6zQQFYYl$&fov6f*<{QCV?5W`)xX_LD?xRxhmE0Oh+vY~h|Tf7 zOm+u#v<+5xsbbfOD3c3RcI-~EQeA!2raSEf*k3w2h4n)6-A6kw)e$3uPtp(n&;qym zmjbtMhf^wEDJ#OMAXUDKkCk6al^uXZhx#%tu>aaR!q_G5(B{`_Jq*Uh>|IR;nK7X@{@7 zBk9N2-O&+2GyBP*?h$n8x1D|>eh8JVcUkDvJxH_7lJ^I+ZdcRGy-gMobO22;5Ggv4 zinb#wfzcnV^NRMbO2b00hMQKtK**R>v8e}JS&lfA!}h@LR7cgBv*I)@fPkw(Lf&r#QnaoP}RZb_IPPAycw<1<>-v*& zJY6FY`GxVdIcFav3X@eZN?AL%dfmuScCqrAcW0VI*#tvps@t+j_8ze~ymEbhX!l6N~NdLB-9t0Qvk%3gQjhG{1TRiw_|Nhd5tlchOj zNOh}2vxlmk=R1GAxLYo4q-Hi#~1qKsJ7eo%7 zz#cpY*&Q&GdbeXyv?dTtby?Opy@%jC-2(9xNM#aVcN}qH=X)H!HBuF8Uw)^>Nnb_* z6uauWCp`$e8*}WRSXA6cZ0b<&6O3yQ>qiE`&FP()Zm=#0Z5P0Hf#NDZ&mz{{2G*6p zx)y_TukNIC?!->X1;Od*CPAQ{pbG*8wGG!j0}w!{G1aK?{&sqef5#6yyI=1{&rt{P zy9UlvfHh}5L8Fe&MxQZ}%eiYw?d0HmiEhvy0~(aKx)7!@p+c}`yOkyf%U1ktbgL;&@2XUX+N%mn>LZ>r(777! zTbaY@PwzrU)_EV32w!KF+r7V9JjVsECcFhgR!6~BsgkUrvfpmujQu61>8f!& zLPBA;vhS}UDH%X6NXd;(Omh{FL)fDE?GEKTdtgs$an*VV#dC>8=iY)(ZoUlc`&1zP z<@{>>zJkIPo`rUGfW=-A_FSR-8rWmCLrRv>FB^UdwJPvqHY9pF@|3MZOq$)hEe-8J zpzKO@TGnEP4uSGT81<(*!w3a{XrcvH@Ki8kE7`%($Upho;N;`lkQcIb!{ofSoX4A5^k@PV!L)nL3@<$D=Ie)iW@ zPcMa31aGBnDFzk&f=Up^6Iw=o0t#^nK?;x4nqL_iB^~6oUZmuW&9$)qJu8}HE6;<4m9?Ce4W-*$= z03PkAB--r6Q|C}|H0B}U|CDp#-@Z!{Lf)xP(uKUN3;8t&Y=_+nQxYV7=awXW5hT5n zwlc@cc~5UT9{fz2&4i`wN{aRwmMz)9qf*vjp4*TDZ`JBxKX{DDj3drJd|b?bUf>td z{JGyGmr{>-Eio~iO=|^ZC7l4`9nmp%TKEUa0A*i<4f{l<2D_LVWb@Q;PIPLxLN=y` z@(!k{p-1pGR<2o}jm!{Vm}iI{9ZWOC)4@}$k^IRgiYX8q0BN5?`6Yg$DDILlQN-*& z$9z$Bl=H<;ZJjTkC!MP0?2-B6qPFDK=Zn5=$t&gyTc@P+g{*utc|1=S=f^61lmBX- zD$<~GL@Ct85%R`lQ3UcdPZi`istgH!%|0%@}=-Rikctmp0Owf+7+Ii%wt9Dr{pDT=TOzRf7v8Z!Rg;Lun(XA|jrP!>AH#=+bsO8j~tlP|T7a8nU!3%aFDgGB!%EZZrw! z*EsuwmPFw^l(UbqD;r5&j0)$2vBEhY{c)&W6$hmA4H4;l7N=ebQ8%hJ>E4jRCXy!bg@m9j0G2eWl?aS5EI(j29=Ua`m{UV>X&Pedxp>IZd$4Gg*B2sLL zk@l=!>~BWG&RLXjfMjHmHrq&jSQOPJ840&V!MfH+8)DS|g(e$m(~zcJY`k>!Y50oo!`mQ&uJ!|0`xH{Ah|Yz?4~%v z=mQ9~Aq+}OSqXJt6T4@(nw7BhC}rJqTFY4(Lt`js4d=9bcf@w#u#lpB{|v$Ep}c=< zJud;9M|p2*JugAK8(gRjYAr8=`y6HM%31Mth~C;6Z+n=TS7^WV(-T&fiG&?S!iQy% zZ6|d`+Mrnxj^8argg;{wQwgn_;Tt3yE=5hQ(-Wuj!M&CG!TjCcpk!LtXdj=dSNX|I z7ERPl4}-lobJ`jrJfD&F0t=Ra_OrnYkBLk~vGqpU-$i9q&}9_7LBLG;mK*u56Zy1f zjf8=Wj)1n%NH|-^kIzWx#nl8gkCD)c6V_-q7zqbasaDEwdc2CspDE%-);ZN2w>rt{ zD*T09nG~Cm5vO)jK@9!=UUd+M+uPB>pBrubg93q6N|_VHq>|?nT7nFH^^!SwF94*NAvA;&RGh( z20Vjs890?6ow@6!iXX^K@Qy`yjNDIssU^k-0^rP5ZnXtjV^Q5B-J~hf3uQc&qTSUe zD2$hHEpj7hGsi3gbe%FX>IhPutal<(>b@HJfr zV7=c+HVGh)7iLY+y5Qh+S;7G4-b|ua%WAh;YJ=56nzNS|uI>~yeYU-jgQF+ELZd)& z4~+gPPwA+yac&C1J9Y#`bI8Z&{aO^whAHowVLIyHK-w?^^~hP|B-Gc^dK{>S?skt` zsd49Sk}9U5%g(}(GM$l zT&536FLr8iWHnRLJbw2xC5;S||87uvWKcBNV)Q|Q0$!{4g%8K_&J0jrLUeS8KRqC; zDXKL>M){l*QGH#Zwn1yDlPX?lAE6m>W67;HWq5Y5w(jz(D&7`tfg5nwF0tJq7xvw1+N(1MAGK3IPZc=QqxY4_HO^+gnOmI>=hk@GJsk+T zgR5UHGVGqi{9QYc$&;`2B(h*zQXWUO!K6sn+|g|+;X1L3Au>3bqvydEX}WQ#fE-%2 zveM)tOJx=xu2D+{C+}QZr@}fp2!ARwm{n@fAp}l*A?Dep{kk4M9yqw0B z0*FoHTEQ|;fTtT{vEYh;2W!`OvUcSGi=Q17tE~c=e8RVq-~R^u5eDo@JjVbHK*jW< zM@7Ax!Xjc&;W>fqzCCr%<#4w57El;GLb!vslOr7=CBh<1ZX7~Rrh%L$$?Fg_l0G0A zawr5O4mmDD&POrGnLH#pVhC6>V%|MqM$BZA06bv9zmTwKhG){!6M5#0v}8PU3#Eo@ zqijPELaj&>(W$r(VvP-$7`ogcCZ(&neswX zah08x*wq24$+}uWCMGOY8#n8WN#!dJQmSQz-1tRAZjAyJl(5|T3(S-H{LRzfXuRit z$^E7PO(&SsGzVcC4fTz)Cyl^-L^f=?oQvk8*9cwc5Q`HszLa1-Y9CIDkryn973JPF9CS6aZD}K7br}XJG8Rb$Y zLxHGvu7-1H-$T|~mA z@KaeT*#!m8ekbp?*fJ)ZG^RwUd8>X`;x)3og1 zUOHUTKY6-Sy?Q#-7nfALPpa%eN@*n=KD33%q5f-0#P6fS>Lm%OY$#TC1!>Qd?urFU zBriEd*cU?fbw)EHu^>Hv<`5_HQOcn#{l4)2$R>IH#HNK`N#6U(-=kh`!%~X+yO7;K zjfOArf<8_)6^x^hhlZxP^T-l_{6(bjcI1drEE`GoOy`OQ=fTPje_b|w7-jzxJl$g8 z_ccuAE){?<7Nhcva8Bk>#(56I@F*P`NuC7=7rT0;H3N&)&ajyOGeXdqv-Ze;o+?b1`j%2f!01BQVHy)v&g>0Ar1`Q_t*3ATr z#IQ76oLnp;v*$gp#&zL-84$d_Pijb7K;6J`!A?_s;CM(Yay&ygddlzU-aOU2hu%CZOe5Bnz4$=IOdyXGge7mv>Md4{29k$L z$A18-aW<&Nd5WIPARM*dK)?MI^>`@>GKT#Enwtn}MhHh`fv9N5i9$y6P8K1f7i$Xu z=-0@KNk>UJD*up&MZqMK5LO$TR&?h5;#HEoAx|L%eQ67R)y*njwY!*!bYB|}mFo*c zq5xVKwBi{;>rOFB2`{~p2a#bDlQyCH567!exbqq2)4GO63!$3ljrpfYR7f%Kk}+?SV+K}OoVlUq%@GdoAnNpM^-^4zu@qej7D>oY z1pW2V4n;CeVZ>oUU)P(Yq-T-a=mCb@u=9j+MgsV-R#~m4BE4E0Boe3^4;DqO+H=PI zg+)154J(Gz`I_3!a^9bvbG=aX{GvUqSD3P>tJr#?(8{%5(Wi2+*Hwl8()H4Fg4L3l z=F&|&N0#g2!i?pbHfqmHH3kc>*D3r-w{^NvEUURmlFbrURL0o0Rw1rCiZT#aX;BY| zs~YIB=^k*zsFf{BpWTRM=wp8u4seK~;S;@ZxtOn%01`Jfyz;x}q=F`tqu z4lT%pmP$g)@hNE846%|p3lu7AUXR_mRMR&&34?1iumBzbFN!@bga3chT-aXH_~2P(rQWyo*V#9R!wV&3N!zAMPjojA3nJAegzUZ_fs)u-P8AszQkXkVgbZ^~iFl zS0XfKe+ zqxl2yxMAy@N{E9RMkfmI5&T;apm}FmXzr)VpWX`8Epu@saZ5_DR+-`&!ackSK)m+0LAQtietg^7svm^_@5qeSlf*Jwh=REgq*;l`HM>(g)01b#RChI2-dWM^BS=LPfZf z|B964=OD}L%r~Io516m`q2iBtUI{|QAA&+y*}l@Wr$lVXY1$)!9sEXUXQ*bE5&Ic| zDRGu3Y>loCcGQ<^aVHE>v0ePmv^^_CYg>MjF6n-A1C6-+snOMujwo@O$yq8h{CV)o7t#I1Hxb!*cy0`4AG#S5QeX zRY?$)KyaB)bi=&g+t1~5*5;}tsy`&3V7Nf@RhW*t7w^-|={!LUjHQ~#_2Rt}s@X98 zm{6j@leuVhu0`9bjop%;2%|Qux}#n^tm{nRhn{BW4G9}GOembGcn}I_Cb&6QJTy@@ zK$r>&6PBV1ml?5pw4LZoNQsp)nM98qE_uSZ6MHT#tfpOi5$)RFi}13g*pq3)_LI_v z?dLu zr?zu{Big=icJ4n#spO04{_mT)`=!alq)6>Pn!KNw{Mx?eS7z@AA^Qlcq9sssk8(%Z z3JXgYhzaF)I8;>`SbUyWu$VfzKy7$MoS{V-)~$-#@;s&dHnazZxT8Btv056&Po)>t z%&vxV<$aEWPIJ;hs>J4>Pg~Cm+&1z3y~-wjR98kHle17RU~VTq3qW#&;YK_kI2N+X zvj--S+pvM^t-_m#&z5U^wk}-r!t`T;iL*0yAh}5FK#l3|q0Wsvke1FFI}qn)j|i>6 z*@4a^sZBVw^H6-=#&g(0(RjHA&y*V8^14 zPlVCvccXvKt}df_2#-Bu>B>`;hxcf{w!H(Oe$j~kGIfMvUauDG(hG0&CcC&V75@gy zQE^Ow4dig;>16U zObigpfmdenz6l(?cSOu}!>z*G{MDW)`lZ(LXjJgdHhdk#TaOZLkU`|b=TbYBWg;*%LadhHDnS;Tt3*?>odO4MS^8>1btI5v}E&nr;*&Bd;m zHY!;raG6T$q8c%oZc6GT z?oVgybksA{89|$nt1Y5$$JmYLx&n~_-srN3HsZ7|BB7ULv^ZB&$p`2%p%apK;w1tu zD84@-aqgSS$arj}vparAxe2f=REuJO0a^G_55wQ=4F6~JacJf(0a*s&M*OWjJ^YXI_JNk! zBI+oiA7-B8kRTuE#3WlL3T*oaa9=wyp~8Q!^WNV4i21(IARp%o3WRZa>&)^HjK`Vy zPo3C#IB0Uk5+v^?`oe<8e@+uG$6TMYq+C_LBP%CUBq~}Aw4|V$infl*;>{n>v1ZRU z>ok;cY}U`$HtW+*Rrcy`*}dnbCF^A7{ja^}r6uc;%p2WX zUa@3-<1AzyDOvIMBNiO$ynW+rHNInE- zpd4b?6b8Fm<7=bIU`@L=f8!Oe9V0Z2H=;6VT?B2Agv8ioKmQ<1_IM!wj%qS$fETcp zn%)^=w^s4-hlY5}Q>gyA=*HxnUTPQ+rUbz#WOkkI)UK|7A8oMG2l6w!uIUfw`0?iG z|26r0>A&Ih|D9rY|9|Ao=zm_f{>!l3WwgW_Cr2q#Obo>R|=KqrIPs)-C(HccQh&${%noPHtNX|g*S9QmeOzQ z^;-Bq3KBB)n+3V`DX-+vr>OqbEO(SDN-y!SQtw)70*rYSE4bDw!07*v6l4PIyr%{I zX&l*|&%QIwXJ;A>K!u9gBYz##{B;8`(m7fm2yojjgPZ{);dUCGm?IztS|wuG?^1XD zgM8OgUYzeNrRs>Ynozl_!E_!ld4Yxy(MS#!R`x=w&(@RfS1TOi;{3S4y~3(K$W>1) z!y0`YvJMGp^&}YDU|!>8kRL%Y7UMF)2$?ILt$rNoQa^?~b_y&?2$Ah+{x0=__f}fr z#|bXdqaFE<{_Sz4f9ux7+xZzybUsY}Rm01q`*Op}X`Wp05`gX0OVPO+Ru~ILS97>i zO$r`~AE>f%)%i|dPj!MhdR02ddYzFrQ^l3G-^hl?Uu41K5UhJPJbp79fgVJKxr608 zMhL&7hhY6qoo|JiT0kqU1yrV0j;`uCPfAxMcXPSgPSR=&w2AEpZF1mtp>!M_UPrCs z3aRQ6e9AUyLF;Ps;B=cIr@4z%bDe`yg)Yb}v?Z^5A<7^^naZ@&J>8UP&?$=kXK^?E z5A=K(LJ*p~$a{)j%Qbc|yM?E*<@0v26Ak&h0`BKq&I&q?=jHiH-4KR%e&A#B>3>r0qK8?LQ#jTvX+#9TU z&$zxnk6cl~MXa$<(GP>tX?^3Q=GN$Um7a}GS83&!TzHddcTcfuY0sG zJk>ybM8DBlf3Khe5D4e zd2ibJNr{-R-k|&>Ql~+OOHI^yxa%ePTTh0JHiw87^~BzkF<#>fTho-+38Aj@$jLqG zM`~;+lZ1r&LM9eM5d_N_a!_qQxO4NGir+lNZuHU8S#Srlt zn|^ubVngC8AesfA6ks`y2cw77t@TYmo)SqnT#mE~*ABBv<|MtjR<-1={EUUE&$%!> z#ljSuTW6JV1wMJL^KdOMr?5Oxava5*_#i$PayxtC4CMoOirQV_>P#O%?Q)?od4><* z1L>}ix_BFpu4%b3TdbGUNo9DTjxfoV3bQwX?zpc9WC#u;hEi zzQRd(90~RW=k1^AYDPL~n@>;qH+;uQd*pO2)T(e&ELGAz&`G#Px0EjlI4{07B!`1T zzaiZn9P)-Z4h{#s86)FbWTZLmi$9S+XopvIGAXp@#gz>^p+B6 zFreu;^;I7$y|AKE!RM$%;b|e_42e+oK8$KY<_`Pg@0R3+=62DrKKh#K!thH}RPx%) zDDEjAW0?5%#+l*^C;VlUo)C~R`U^4l)C^AzCv+O!M;Qk~e;9}7=TB45Fj}YKW1|25 zGG{b@PxRk%ntC3TiVQu`i9BCh;)I|tP>$ZChe|y4#VF!e0n4!xJ6lu;diHabYkq(le~t@`Zws&~y-pxb=y@61=Ptoiy)K+P9^ z{L6al`C5CuYrfFSWEm#L>Hk>F946%oLT_LPuN4WJk?rkwN#XngX|o3?dj`J<`(Ay6rfiOYFw#diBgNahTdr|%n0fA3baeK{)C*(Lsd zOYjb>V{Fot;NpiqKA zZ6iCvW?;Mh?wK$Gyh`}One{|3f{jT>8CJz;$EGZHuM_O3&FYSv)SjnlG5UB1yex<`#Z z=}l^WU|T48R^?njPFiJpfmBn6PP$_eT9{UYVBag_(Y)4Q2h6a+1d?mU!z zweje1VurVKzsU=rM#72wbmP}(Z;fHS7qUk0&{H=EHFdrY8q~|?4njKxt|>8h+6FQN zt#c?8W_%slMH%)~hb# z)i=O+?Wg3^czl{J0>Bf3*0rFpI=r1FjF%Sc!1$hPJS=D(EaMAWXYAl@u6nk@=w0XE zg4Xad@iGotqkNg;w2wv(e6N-%m$v)iEC=}rTcFj|ybUGUFi>x3= zA=Mq|3-O&3_36L4(Q}XI z2OXPPKGrrxwfq8>lknZ`d|(#)5xv;DR`+^#UrqE03u+JUD`(UWyG(rhqgc$*87E0O zy1Ja#OgI?8!K%IRA>;lq7rsJ$YhY*OV5Dx}yEpULE7{H1zj?)t(=x`>ZNBC_<^@0( zM2pq3$n*h4WKG|#fCjNw$vuD3RXxpL&hp2Zn(LL$N1!`>kGnvshZ8 zjr6F*i2&~QLY&=L$oK6HZ?d6PXy{|e>7!31Z%Z|FgR3DGAD+%*^I!6~>;K$uJlbor z(?T%a0<53fVW{%HeRXCF%f&!TwQzJs3#>oin14$~{hxsc9+B^Fsn5@7Xs0LD5Ug6- z3)oQK%!VFJKAq<@)RyO(v-JGadCc!>uIpK}*2~|b+W3RhMprwS61H&PmW&qu+<677 zZ=4L^VAWHz<;Qrcz zU6Q272tF=QA1_ONe3Bn&Z-kH2)yI*kkBj;7W%cnK_3_x$M~feqtB*D6qc8RGDt=s~ zJ`PYHKRnj?cqTup2x5J^2Fk~mQXfym$Ii+4vQ2$?BK74EehK5t)9TAzsV{l_ay-5~ zsJ^tMzP$AkzF>Rz{i*tLRqD$#_+sp5-?M%{{G`sqOr*(^W+LW)0|^d;H~nb>_ly@@ zq-pj|ktu$3aq40_FPKr-UWCTc(?k3{6MgUCv}nhVa6%{Jy+wV#LO#PD7SFZ%d8)&+ z9&v1%XZ>(s7SFnVV47$B&A?2aRk6Mfo1f%6J)yjUNq3n@7G+T_*af= zm2*EF*}}ojEphJ+Oy3gs>cG@3aYed<>RHY$arpk`Ko@V!#N_v`c1c{a?w@t3&t=blIp)98HUEbW+~fQ|?3(|U?D_wJYyO8Hn>GJOADf>4qmIcn|ITbr z^mdaU==pC)IW+vn(Qf&{V>4azpLNx$#3oPOODgyFDjMTC+WkerujdPcoxVTPqBL1J z@1QYUZW9CL1Cq0I+w{XBBJ7h2RmG|^kxXn?adaazP*6YDLe2v92T0S92Q%FS)$vYy z&}g)r7+*_P2gmf>KNg{Hygu`9_BZb<%8NB^_Zo4cW%3w6WqC#w&>9Ga>y63)q;zs6 zanOv@x>ny<`hdFJ=MnM!D^~HWaeTuxMXFiI&mr^WP*s;PzghIN6|+NaTMNSl_pp}s z_#61^L5HZy+71F^PSd#j#^q?d*6>9djH-mXW;V_S=B(fp=S6=QwB%j*m7nN3corCw z-|R|W!}-Oq?61EE`TAPXgsN#vB-o~X9t7{GK?Xy)!~@J?$+s+8zU#SdUCE!|b9m&HRxn( zFfq2)-mwG=VZ~MKmOz8ylNrY3*S5zu>YUpp=X1!}E;?k7x^jDLtGyhutvOB0@}o!c zesvbC)RPt&ggVMQBnAlobsmp-y%Y1g1m7^Xfm+Nq?@nXx^cN|$#A8Z1q;E$$e#iQZ zs<9KDl1AnDa-(t*@{XTsRNW)C@uib%jnWB&jM8(;jndIRqqLYqwC~LWAHs(Pe;0z< zb~6XRcy?RYoE6eTqxl=OQcka}5kCM4YJItSOt+7@6l=T->{IU10(5ItSw@;xbH&zc z?GG+N!S`e_6~H8lZWJ`I(?0hvJak^x_DOkYL)< zctP+nbejKq1wGFPzrGVX@~+t11;N;k0;Q;hiVG!9z&0uhL;e(N9TaSPyJ+xQ*Lm2_ z8>(3sHtJV`V?{5YkG@L=5Sa7qi4-L~ek3y~QDKAh6%`%>9>kFswwDLHo^SkGP|HJu zX?bY*S|txXyHX3tF=cIAiuCTw$JYhH#61iiC8AD%Y1Ph9;x_Jw!L7W#f$$V-Eeyuq z;T4=l^C0r@*2p^}HEXUu3J1kFUqrI zUxdfb+q2+JOM%NBNQ-R&z`Vfavw!!97Cq=r??L{cX|eRZ>E((zd71a$3R$usXc-{X z9C~D(Lyyb`Jp#u1A0+=S>9-*0S=qG(hG-&-{;tt-tJpfs_Cj26!?7uG!7KJJJ0N@I znR|^~W&y2I8z_;GxxwE0A{cx#3NC8=8re4mMa4XPT5)(&d81-O)>kHvL`i#cA&wL$ zZYL7^A`#62IBzJHFC=XxW-dN%7bl6eM)P!GZD)AH)@5b>73@=lZgb=|8KJ7pKFx^# zjfQaM+Y!&(Mlb!225^fteT0NIZ=12Sts}rYYx2y%M=)$)ABoK*{t$KDQlPm)o<2evBZnKl zUWV@su&w8oyH4%oyLo#YlRZ2&rbTTSlSE(}+$HX^Liq^8e83AOdC3p*(o_C;p)=!( zTH=fkHR4lHdURqauf3o;62{$vii^%ZM&IJhX`l3@p7x6*q{pfx=}V5N@f^-Tw81_* zKLaF0U)fY<50uG_l-UPvBW=-C2KjV`bn?(Av!s(dlU!^$1fD0D!5TqDC=__{#wPd6 zJVl{+Yg!ko`P`UKGF+i4dO%Cej-Xm-5-+zQQ zIs&aq>5g4>Drd=x09lMK=k5Y&x6Yx}Fd|A{;&kQ*cbzACx`z~9vcsi0yu&#ow|k^A zpRP>NiRsEZuc0*(u<0pJ8W@+{vJKLGo}V=&t0{x%f2oz zV_9`BSOtopTRPczfOODNB-$aAQ!J8L`niu?JF=2;1wB=NvtM7ysnVC9!oFO+DxlkC zx613}eLnB?deP3r8oStTTiF9K_yy>}GW&upx#)+<`&NGJGDk$RL{HAZ+@0FT{zS{N zh5H-Zx(WB!w&iLfL!Yn*dg++WUuC>&obk5m@ea+|nSG|;cG!2k_2v7+O>)7eJ<@;Y zkn|HepiL2XgIhy$cT%3*&y%uTXs@d{TI3Lv<;p{YPClQ1CQ8mhI_Z?Wmb!}XO-2gN zugS`8bF#9$;ZH62Pe@C|&<1LSF%{)@*-t$ZC2eY6W8e1r(gN%pc8M2Sah zcH|q)jO0Y>*HF^gdatrK$Y->vVudK!e`*oYHjp!s6$&ScPQRAMZ~+{A6z>K$AZg=c zWa$H&@c5(tq;Kw%7oS{+GG^nZ(46A{}!wM|(`qfVAg6s@blo-Fq;90`~G_3BXT3DM%<=AF9+=X|^$~^R+{N(mG6z=)Z4$JhDFE7VfS1Pp!|d ze$;J!hAvC3&npM+^ZL~H)9bV7&spnJF(AD@GY^&Z>3xuUeU4fEMc3!vCtT~3eEf)f zw>=y0Sh66K4A-okeweZJ0RJidXrRDb_+U|K27UVM@~+~w^xjqO{64uszOFjIv81kg zn5VJW$Mrt}D#_%1Ai(MCe zw>|Ld{Eon#d7k`y2o{!zpV8Pm?KV)FBu9=6nY$r_ESj@|)82;*un^ztH>%BH^H!pm!c*cC~nejC6^5%j26b!R!AF-$G(>!?%bi+9+Lg zC$p3;Tp&LQ#<4`XsS-jmK1KZL9$~X#>mEA4lWH6oNnEA)S*YL2LS4@^9um^T&p%+- z>M*otEC)mT8hT1XEr*Q{Wu(U-4+OL8B*%K>uo7$doU-(>doxEzd<}XcM@oD>3Es&a z@pbs+Arfb}%Y09Il9&~o3rW*~zwyvf=#j;A+n@7!fr`rl&H=*8h0N|>#@N$jBLGK0 zxWC?SFUhmw_mXu>+>gIzoYy;;iAyC?=^{>nlUd}|ZOC8O@`$+KC4imWP20__S+D+s~C^V1KFSYG^2>*yRH@`;G~ zvi>w}Tf}@`f4vuvoxcuwHV$ru@SYcciMsNaqbWit&h1kAM)eL z3nEs)M=SLG34i?X_;2yyYp$F}Bd1&c{bYHhW}DG`FGaRXB^w&DJ8ugnMuQnz$aVBD zqtBDQX*B`jeXNI-;GQ&pQo_IUX%tVPxNMYq%EuS0N9YJ-!(gM$l%Ity^0SEdie`zT z!{)4sEx+VqQ+EP1^=0Te4PP62APM&-Ki0sv;meno_HX~aC$A@xQcj*JFb5Ho3w(Qn z4#MeNf;$qHYHJ&ZMa-unbUhIT4UYZmX@VXea#q9i^Qlsk=vLy%P!0R&5VTyYuE-Z6 zu{tk0Fd1`7@j3&B3&+6wF81TUPU@y8OM+IWm5>yw_gNuHBl7kORXR6*h6NkecYe4P5QU{rs4ei5U^^KwCRdPDTZDE;x)y=#4UWa2i;Ah)LU94Ch^^( zFo``*4GCztzYCpkb}*SQ7kpjiP0^P|F8Xq;$4y@rhCT0#Jsc)JCw=)O=u2Ce7@;p? zjaa(;j@VQl-k>tWiO1PN^ph!+SB{;K&tH+(?XXAu78^NpEX~Lev|^G(lJbW_7g!r) z7}iXY&Bk~+j8Q7r)ZmSdkA}~pZ{9iPJhG=CeBeemr*mRs_l1Nk+>%yrIl|88YJ|`lm$o zo9)4Wpl#xlm|h6;Alb*#Xi47|d)x07##giQ+jRgFAor>ma3c0=Y@+&UP(QWmhtaR_ zQ?7of7QzoXNc>Rnj-O5HhmouCL$ND#9FUP$L@ z-W9U??GF~Pz4<`q1{2)|_*)a*Xe@n5Vwf0@J}$R-`(iO&sh~?~0_#pBfaM~*vvN8dD{^qWUC`brcQm7Rc)6k zWvKD6fDpdP$zsK-CA6%3~{e4IJz0@j>fbF4BKt3?Uqng{t3=ahNe$v?#QN zuK%e(0F`7nQ9SuuJx_~RrYxa}=pz})Tc z{SoS#O~zw*P);c?LyEGDkSD{hbcTHoqT4 zWmD2{Naz%lhMudg2^OlnMQ~E(9ZUA!wbpdku+zDR(6x2xj_MvBhW00ijH`ApDbP|P zi@+|E3_IRuKpoT?OJ8c+;_dwu-k@aM4xgxj2lf$HVsN~or>^A=;z?_GttqI*cyxFj!0(p|>}7^3)eKdt8LE^S zO5t})&E+i$_unBiWT_Q3<#-62_t|RNcxGslLC@YBkCfyY2RI`s&+&Yql1IjclH_ieSX*)W>VmBaqb zb&;AEXB-tVU&J#G{THwP1|GJj6G33TIHSGu>nyLc%y>;@XRfRNrnB6Qw9a4J=5Lg3 zaF6<=pynJf9oJQq8&&iPb_^sGxpK~0;t!-7m2}vTtqx}C==P`|+GG7fP@J=7kM(!6 z$I#q^EWG9(z%>Yfbi@fR8A4QJDdd`cZzkJyN#Wd}XHC~8U;_{7pOSCpJywR&%SAbN z+;6njoUB?1#g$7&u%ni~|9LIrAe2As=;DL&l4lAry$U7?)D+4|2KDF}4}l+qBvlm( z@L;B9{;~bg3J*5b%G!H$E7Nr=5Vrc4@jI;e7x?e_j z=QtI8O;yzPrqAE|^{h@$t}~~CZ}^9=u4U>0sQ3bQpAtS81cCj#o9i349unJ)%7=)8 z)tFd`J?oF$14TRfpk1Qn<&11#d!2Syd2&sY*g=Ezl3_6vt$i}8iI~4-QxWq~Hsv>} z9#w4}HjEwe$VivUNb}L+{5}~Yz3tb!#p80eh@tsf#+9P7q9RmAAq(ml#yZ%(s^cuD zjuUhpU8{0;T#cRUIr~9biv{Rm=f&b92~OVd4fh(Q!s%x(^t#??5!PP1#Z7nX7UfcB zv}grdL*|Hb$9B|jl%C=&;dvRV%y{B^(^5jR4 zkv!2W@H0qdjbe-Rg1Hc68`uoJ+lxKO-7-4A^JWw%hz?T)hDd=Zqe(XCa!04j!HTL@ zL?Z{ZZJ}tSZIie6n%?Uk({hou=E~R>Pw%H14>sG{lHT^>{5HF+rM_UYIogw~q-==Y zhwzF@RUh>Br-L(>E9k~loNkxjOnJyJBxETAh6z&^dqN2=jkqvpG#(NTu4M-4h^0ll zi(Kw|``_uf?-_COfGHcICx4~*;~OeSH)_K)-`1|KIZsqf!J2{nXP6`>gB@ts9CUMq zP`&t7{7G|#1n-GDvF@479;iM3W^FS+&tItHA`;FhDWp)7t>M#lIyyPGbp}37a~~* z=@^!8bXjr?3u6UG1QWOF_IcRa+wLm?IKq^CG!}SF1r$gJGx<3rC(BXB@tSl3mOO$F zVe>VWgfn{Ro9B37*RU+%OMc8&eRezg9bR4$S!vdb`58zlad^DdV;i*Ao3pxmHK zqbz6VF_RbQ`n4e@4$p8Q{}vX8y4pjrj&fu+ni+>Hl$dRY5?6zs9s#M*TSbu}btn3w zt)WEWiS!w=j-Vy!(tAr__!<43f6nPN6ZOxz?!+>hhgPp?G$d!Nwank%E3cixrE|CQ znEJUsrcm1V3+OX{oOK>q<9Yp#(flidhZP+}oA7H$Dt7i&^!_UJ@wvv!a_C1}@1TA( z%l{I^FOuT>>;0GZrtn!nJr{yL90 zFDYII>_4rNB~Fwzb`VrMYwXWv5v50I&93e$M^#`hJ_QW@h6|9mx;ohPv|qfhI;&t0 zpq!41{B+mCp9oZ);bQzLEDm*bgv9v$>Bh@pK43=@mjQU{chK}<^pLuve9=|VY#asP z30X~Y8qEByK+paDIj0eNhRwO|s1)=_R)L;k1wH2o^el3qXQ#dXXPCVNb_c!S87Tp& zL3+eO1DogExL18=q}+aW{_d|}f9JLD$XUK8d-$)6k33%zAD#HzzZ@TJHvZ%I z=%{DizzR!NrKTrEwGr@^)R<2d=zr<%K z)$hWOf7yPHKX{FDx(=@D?yr51u8;oOH%Vdf*Y2f@e!I4tzjkK%gsc3I(&d#$M4SDO z({q&PctS9=pz)v@)rcIUO7uO?Rd+x}C*iS^-SeN0f0sCO zN;u)4=n8&!+~51>4t`gxKhTkVJ=<_QvOlOt%JIeZbFN^4`(-(=Z+=%gJ5oC9`2Igr z?FxREEssGjvtZ>=U*whF#}%6_wyS9}%H+b%++|6y*EW zwPEr5R6rG2ozLBcYGz+uDOtE{AT+sZ<+5+$i4KFalQh%nC}u3;WF1)w#~R0vq1J_l zjKL(C_mDx19u$&GK?4K+0n92%(nN^&uXhxZcgzcQVTSof!m|R>BIQs4Ls<|Qyw)B% z0kZHwd2GkgM*KZy)`Q?R#dTIwg*Co1dms|YHNr@feza0&1|9|(Ai)4wGYoXdTh&e2 z-R0D~72i-5WF?{o?5eFa;tanHIi1w2dh`LWdIaA3@kP5a6v-O0f|UewGgztWik?9f z9seuOUtQQAo5?;=(crg&b*Y%xhck~=JF(6j+T!o1mFq`BXnL}7RmZZUIkR*g;t)SH zW(6vVBZ01~jjG5J{08w$=b&-;U5DQ(_}zrxnfTofb32JeUImKCTBz*B$NDSW&D$U|Lb5`MG<0WPKWmE>17?r56a_l;za{MN+*JUvAtAwdvHBA13_)b5qarmW) zAne-%V7=>S0>%l>E{PQO)=z%kKhHkzmcDsO*_lM+0fz`{476$`Bvgf=ZX08 zJ+}GLjXIyjx3`?PB30_}RH+-JzI~C;xxlTv$nk%5`AmOS?LXa`Nx4@$h>9}F->xVE zZGN(6@Y+9i*@yhO2zX>2-}w>df5AT$rQ;uzMnE3`WW>WklirP&G7=StYOlRfVl|9k zC-mH0MT2etowZ54_HN7c+S{7pwbyooh|i~T92 zs@B=oQ{uq5T|3!v|7>zQ*_|g;#Uz!hQs?p_SD8E4XzhwOQOx_yCgt1otF0VqijBy z+n+h*N!LoBE_;SFnRaRJ4nNuc(Aqejo?s3&eSCH$Zh9}fJZJvDe%F;zV9)uz_79OC zP?hIyV?plxbDB<;sI6lcI}?0odVyyZ#yA--1&X!{D)=cpP$O#L%hOm1WN|1y>3tOZl5>zCEjh#7mIg$4Ju8C z()$weYES*B|Gvko9s23#|Jr!9kGHtv)$)$_jP{-ZDYVb=YJbr3Z-`ghr{$}~t9|Nv zw|(v&;#1zVTwrR4T`2*0x(AM&bA1o-DKEQzkMSuteD;OnQ+};mGj?&t7~KC{@pqpO zT7#YVyCcB~m+SbugUI66fFrdikpC8X@sT zkH`W68NH6dJ9&OjF?f~h85p7~cxgv!2iu|p;ZD9!04{0=t#c~10}z+gEl2R8c6_eY za*ff|E>D$r0RUZ8d=njs1gN>Qmx}W%m5SH@OKqH;Zw& zRXdIYJUq)=hHmMx)eVdVJ3p?**U)49U5zmsl(l)gT)vZgG^fOS9?jwWW_|*p9Js6Z z?bA!pO>2bo4mItc6*+i&v&KX!K<%8|{lQUP6WP%C4SLq0V~hsHktIsn?AZmVU)|(1 zB)S12J6+e_#-}Ij;O-MX5ieIuGS8_@NC!dz`oV^ugN>m5sVV z6?`pD>dW^n@jIgiQOcBSgBaZfJo08WG~r@8=0Qq1bClTg?=6o)MQ5hHAYUzAouqtH{K;zBC zqbOOy9f3=lYE&jfw_3SS#nW0On%B|^SDtn5UBphrO5cD@~h?E!HkjJ>Z8-uPL@^ ze=v79S81yK%C7YBp!{F^(DgpHGoLny-jLZEv1+~H#K=>;Ra9^d0m-f7pmMu0cWr5?=kw zWaACIbUroNm=!!=RWAKQWqzjr2&V|YkBDVnN1Rf8rIL7>Aq3~{q_pJfgFA{TIuZMs zj(VR+P)0)_5ivVH9(JIovCo`q`a`pQveZ;a4KQ2^Eiqh z9^iARD*#Ew&Ah79SQVXv=e@pyle4Eqclcdte`lPb`ob(R3 zXEwy^b_TDd(^3#0@rJ363<{axqGLNf(PKhZWE`D+Lj@9YELhXVk$p=s5?03!tEqt*Mdf2b##3?{&`L8b8Q`(0fWiAmN( zf*Uk!z5^vcWkGYsK~5t$NW?a@=CKyZrO(zQI~>S+^+Ac6xXzyTPZ7ZHaFY_x&B6&@ z?+iHYGo>05oUzNU3TMo)t3~c2)uP{godE;G=A?09^U8^u{cNzuzuN_|(z@7=V+;um z7>YG+uEIgKu1qYsbjsZp|;ut1Nq*~!M#?F}Lw;-}^?kW-SrmL0`aocf)3 zv=Y2g+#C%vi};1I`RlL1V^}?2h{vJoG0aMLE1bbw{(v(ED4a1+GE5i>{4x;uWx$8V z?D`VeNwEiXSsPuLyb&!yl+^U1bg?}>9+`!6J24A-1egfg?MkPy={}K;-vUgUe6Q%= z)LQ|ERe#WMasG$h;bQ4^(9Ar}{zSrNLfO{`hT?cshWCMicvKeofdTr^M1KMs!N$L9 z_{Q!weB(=uDutM<6q>FQqz&8o_b9IOr_tf@W70$`b%GItj zCtU#&k)$|g@&|zi0>l!HE|%Eew$tcB#VD5%cV6pWH)m@&(CA+8Ojy|S9_bN2rMKVJ z!~aCX!MT{Z6r$97+uRi}w+A39n~&9j2$+2hS|hpQL33n!k)r3wY9CqPKE={i?C=BA zKXeQP@af5tCb)JsA`L%GIhjvX=wK=y$Ee3k@mQxG$Kdfq^;qYi zOw2{0nu~sFE-DnhI1%`w0{EgI@kOCooP2`EiC_(kOc7D;*2F!ew0oHSk6AsEQ?L}%wnPFlOxiLjtv_%(kRA*xi zo0!^F!x~b(A6A z;O+O$TmRSbcBk|9TjspkdHXMZYj)mF;M>*mmSsQOgTDj*(%~TuWP5U?aO9u={`z-qXPM-5*@oN1R@$ioaYHvOp^ZKM%!rdezN~5n~um;e_H)`xXKfjlQIicVvTe zq$jJtYm??Ke|nVbT#l`T;8zYWO@&eR5l%>oefa6SyOK#TnAY$z>uj$zs)Uy4bPAx% zot|;LKs3&qXTsKW-<)d)@DLZjSql@{ysU(TABxnnN&O|IRc}yQS~*0~2g)IY$dtB= zyZ2_nY3R*Es4|?G?p1-FdZnw4&E(h~|E9ZznLUqVV(mrN1E zK?kixa6Cx(uRZ>)d>xqQ!T$n>VoD#dWc2X~CKjn4tN8r`7+(^ZFys z>kmbsrAhY0nS)FvHd3=&(0#484#isip_jk~D4yYE;l$9|P}|#u5zi;mx1Rv2=v~2J z(}hNCAa=>%wE-Os19Q$ozDQzVq3Y3mC$`rSy|TL&{)W0oxWe7PptyR_%`0g90b3wJ zvQPEa)4jLfL2sQ(Es&iQjr%Jt$rIZNc<2j>Y@HP+JOs@4u)~GUl zWhrI3mh3`%&JfV8cOIIagCORBj<8|RCu&ruIip%3_asihu^???Mc9{!x!vykl)N+( zt%YnJtd9yU5x-y2SVD{V;!mhIO`AQFL7Q#Npv~URU?z5}H_d1;pcCFmJz9wYbh1ux zzCz~f!aWW_3YnE=3Fs`JU<$**`pqDTIu_)0Ql#oO>1UF4>-2Lt>sEluh0?{!MXf5s zxS{ydFc5!&1DL;kaHu zE6j$%cF3$KUF-VtP`IRKFHq?1n*oJUyh?BA4IhkktjmNR`k_3q^M3&J2u6Jp9EZ7( z;^=VV0XD7?ZZ}AuW(mej+qL4) z*mC?C53*hHW>pF0`m|8^x2i=F*-UOSsS-wy&tw9o>Syu>5=O#`fMFmTq-l zR>DSee>~Iys|%og9!bm^lc@$*5AB;OJJu)Fe;4$nO2d!{g+_zupA>t*(!-&;_muD53h z!Hf#G9`*%}^(o)!X$W`rPaW$-*|4u3SjEB1HUPfpb~vBxoRft&?&WYkO6gZaZQCmK z86D~UZmwhcWapUv`c3+n9^a3>Di6)wEk1ZLa{%9`6o%%0rV{>ugse0Cr>?$vuTP!f z$?HUc@1DAQ2kh%w3_2zQwsdXt*b(wrw6a~$F3PvVBFd^7>1bFOf0B1ZtVzqo)3H8;HTwW z9DWUYcEVZ&6TVWyDb=(^AEi3_lrwa2{fK8f?En~i42lT1J}WSI{qWdOFB@DL_WUIj zYa0}5jQ_!#C+4a6GOmqNu40UFhDDDlgs^~BhYVgTV^n6kJzo3J(=fEoQr+3#f9;F%Exo$$s||y>uO3nRs@{!{ zd}v3bBYkx9o`UW6$54a0vQVZrZtU8A& zY9;0jjKj~7kaj{@Ja2ya7AT~9hf`;EAhSkzX*QpXwSfpFHh9?vF@OM34Vm} z;tJWFiA54qq~`O+q1wL4A3LqUh~JMBDPq-oBi3l2=<5GwPaj16Mrzrwq*@KOXDAze zI`e?Orhgi+!iic?!wbt@xb~?N1bYawQFkb^3Fc6ljwjw+jF!_JXhJX1+6pO z_H3_SMDr@S`}>8gyT4m6Qub_$mDjhXsTIqx7`$DoNNuF#vn44u1e*6uenN$)bNC4b zZVo@8Lex3@geX)}{Df#)Qv3u-+cZBx;?`Oy{KP_%x1p}powNV59eCD~2Xkx#7+Mv# zjCby-a#aCH`Ba5fFi)yfeX3MseWfDnD}}5#s>buyK6+PdN8U}s<^4nShH`{r!{6^Z zNfYM{(vKhe$s^H`Kl}dNns<%n>s7pKBR=>5hbh%HIOndLF9ni~=j2NP#?BGe|CpXJ zvu12aC>GV3&v#y82>}7tq?cbgsrt?(hjY>1IGhnK4rhdm!x@q0aL%2YT7hIIdb&Wy z`_lqFUVo`03i^uU{pQjC)5g16L)=0Y;ZFmd@Y*T3Q+&7sdWuKiBlL;b1^rSnJ=}MB z3esAguaDb589g1hm^0{v?dZ{a5nYrp(3$zU8+_vp5D6rQfO)h64GwQH3{oWQq|#xK zAYmJo4ukZFCVs;pISOntDzQ&0v0o~&Z%WUH9`G#a0Y?tN_Y$*DojDAL`802m!bGZJ zl@ycp8l`?JaSPQWRmLC5Dd4Bdc&mD>!{e{jN%62cDOStRq8H`+dC(Z235{{6AMzHO z9v4o&(2bK1%CvXe8-5;gevkOM{QOM(Y&4&(gr7NZ^hf96WIeH$BX~)%YS%efj5Dgy z8z)ucJO8aF=2M~SuCygJ#{ zwT$O;ayg#B5v0#D(~tG}p|`^$#Mb=cf5R#z=?bbOm99Baf=UHtYSRdyX`S@2JxVFN z!CihGIpS-)$wzR;iz&xPv?Nj-k89xHbq1a&at&OlP;j^Df!C%7UYj0x?Op~x4g+t% zz=IfgZK3H+ehaO9T-y)(>~G{XW6Q*x(}*`wYS=M{Z)zX6aE0u%@B1uEaBy+oub`}< zFoo4_tPtBE5!<j3k z;lVrj6I4Hg*M~lNKWM%bvgUEhLgrr~t|}a6JUXVbWU_zA%_OX&hmB11s~mDjw13?x z!wRFuDI<%beTG>VR(g{(pb45QG+eu6-?yQUVe<`Cq`C>*RGvC|dpc~@vN;Ft!$5X{C4aFf&|PQfIyix;{T#^N3h+$7{L?Lnrp>sf(at z#hVV@JdxeZgu$G=YxAuQb6b z0zRX0fVe(l#VHLV*#DtF18ZkxRDUFz-`;Ta3zZnn|&kx zX99G`9KI=7Tc%9zcG~BBtgzl`GewH65wwsMiA6UN@gyEmVd$f4!ihb{;?MZBu-hC=@m%Z|z85KxCgM?VFIg*8jYQSwI|KCC@JCY&6 zRasJ@>N8yO1(^>KGfalE^*?|NLS1u3*Y`FQ??PKAKX{!KZ7ub`eBvRNd|lFj4U#X) z6OOjzQ}P6`Pqy+&E@NHFC%Q8v@8=V6Mqcu+*Z*T++IhjhVXd=Q5|6}5$%VUQ-2c7J zcV2BJ7N_JjDO}v(FhU9!D^5t^V#Nw6T&#pcd>*RBMtmNq1xkD#p!uaVE}jTn9Q5w_ zI362zgSf!g^-#@cZOA{LNN6M2YYNyoA1$F$SPsv6MbJ|R*z(L z6qbpiuOZR7E$A;xBv#GG@*|M7oY7$H6=$K6Yw?;cw(F1SVn0{K{+wNGK8w+a8+nGY z?RZ#s^E$rGaNg$g?R(B!kZ%{@ElHx&E*;4rmb?d&>BF5|efV|~bG<2evhUB(A-jSJ z>s7+k2a#|f6L_n$3NuV$vVGA=q&<+CHi~KVr;=-kc|_HW)Ggi4dY&Go-=^_x1>QQZ z!rL#{=pXn7R-^Cd{Ptf?&L#YI3%}KIj`%I^d~4*}41Qw>rqO)+9^YWs-M5V8F5p`U z-d6HkM9S?YK6-UJf`>z!(Z@8)_V)kE|J&wIVao1R)crrcewx&&{OD70_^jT?`}VTS z+aG@E^1^$r`E#0O%Qcq0-3R_ZWC8;}cpH*iOD#q!9t?7V%_8e2^&7T8GKaFXU;h*C#Sb;$hUUAlt)8 zM_N{W4<`cU_R2m=I_ybFhoz#Uqx(bXgGY08p*h;y`Cau!5s*kN&k@;=M~6p&=!e~8 zJV_k@rL=v=5gzTtH z*?)48&hVrbsq^qmdkp!`TZHuTI;*EpDZ~@9dc{wrS5Jlu^ESSvqi74RX4F}#_+5Fa6_WeI(!SZc zPaGfB`M;61kx~rtnOYko{=DS)T)D4w(fa!k)L=z?;?yf4J+IIqKB>89_)lu??}X-l z2{iYu(A=+cd+_3W2_uNsLkDoRH#rS8(nGn-lG)eE+68(^QFRs>C$qXm2zsp5;yEqsp|yw#cH?qsXFE{UVD}k0OhbbxFvjPmo2)&!QLe zGM&niw=j9PTqe@D>Mk(m4-e4{{Uv<+jlA{b-z%12C1|#7Cylk5QC~ zemVko>floiKs|TbBZ>v}u$-WtKm+lP&x(vuNXIM|VHDm`yIeV-(2m9*Q_}c@Xy^7c z+G$Cloxn_ma{^No!odtU*d|Fl6*i;6P|a&bGp}k7nC-9=nHVyMR&m3Fp%)Zi*Tv_0@fSjU(_paj|<|^t)YjJw{TB%Qp7Yc%sI$QxL zWFd|CheDO;2ozRej2Y+tOhE+d%gd_oB-9tS9$1;;1o^8&;@9az;?~q55x{E%U&l7$ zY-rALHUJB3*_}G-IH#FM-IG)TeC4U(Avf8ZoJp_6MBjUVLHYklPP}Wr9qzn6dk5Zp z^48;hce&0N2Zesw^Xb2>d=KZFof(CCA`iES`COgZ5i-|H-26pynk*gJe{k!Zodrgq zZ72+FcakVr+8W!DZ#1hoJu7G`7KwixHi4O&{WRK%cNr~>1*uESciFAA`=S48 zP6FM@uzBUOkUH>QK<F3e=f_ zC(z%H04XG(aCM^r+eieK(Nb#V=by3>4k)BhcnBz5+O!<}%{%eXHD_qfV3hBPCyzKg zqqNiMdz}itBeR-OT8Hsp)y11r0^<|`po&f7RN&wOWvKUI2q}ydz8|f6%=g3Qdd|GrwE0-H zh*u!0dB#}t?mm16_`@VZym2EU{iAn^ZW(u~Y0z|3MVCiFEyu5QPw(T1{K)tSfDQ&Fj%=LY-da zqING-dn&B=)KI;r2I@Tp;EMqG#+Cp82jtjOTh*Ro04jEQ?rIJsQ_y4urf72aNf)`R zjDP~PFV1rfV1s@4PU0sRr&`05IX&3$h;k62fv4H@B3q4I>aTj;nEwxv1T`%-&i%Nq zWzvkG)wDs&?*h$R8&8GdR?r&1*odE(5s?i9L@65=`55}3iEJ2U?P53Va&)0{NUHGB zdo0{5tMHpU*#D*}!LAX&ubXggY!w_!`wE?psI&yKQ+&3@V{Mvj$x$T6Q?of!JTikF zBOLU-i35`mayAcuyj{)|xi|nWxe-6kIRHjU4XFcw&1%EYl{(vQ`8)(pI zxK5+t6EzyH&}caOWXUFJKO>>ZD6#6K=xK;Hs@Z{Ryr`zE`$<8PKKVx>fWOMF#E~;W z33+Hp_LWDsfAR=LMxVa`r^2=>eMa2Mx0ju_xA?Z!dE3sn$E)`F{BUl7meq3ZXwJl( zIpa_LU-^IA{AHh48#4Kc1|C#(ayK@qewSk3g} zks%U!Cst+it6_5zIQ(Y?fuTr&gbvm>T!j*2DztQD8BYy`dl>hmAcmFY+MIv(M=;;eiPv0*3f;}D0o<1j*u&EY* z>}qkO(_&L*i*jzV#poApapU`Fag0;EZXb&Gau;8O;$f>P7?M*|b+VSRm&QM%hOkTI zKM$sda6S1(b$T)s8BT#`I2wJ3MiMgyse$yO7)KRkWqrPo>gNTT5G8vDJtV*aS2Q z_{4(`RH_CffPMML@ArCrd`b4+xie>G&YU@O=A1KgUI9L^ zg_6^@Py$Y=!&n1@bTw6KbrD7R3fFp+#&nUz;v$OeMpwaiW2f>?#UuFlP=kM$8vMJ+ z;NS0ngL-)1S1gCfX=041OVuQ%>7+GrlVS<9zy3^)T!I6qAnhXepdQD~3R3bGa%#da7x z$iTx*bP&(%KX0_}bi^poAou&MtRL9#@R!~8`xI07BTWprM>icO4eOe(dg^$I35c(T z%+T@u`aA&etG8l;qU~lmp=IK1k!`_T{Wf$xo}=$cVj#32Ie~ZR>vNLH)4+MmbOUW? zC%;OOx@@n zLlzam{3ytoskn%bG~~M(hFC^|)j&hA$~Oe7H!#hygC7rZZStY6Vxv$C&`O%VVbTh| zS_}c|-V#HcQkLLty7~4Cdb@$&j$L0VW?|Rpu>V*7|M2&J^z;AQ`I8o3t7|+nQmBT` zBJIA(!j4(TT|LyYqF^| zpPiWQztBT_x<)(W<_x#AWlyRt)<_e%MmPxlvCp_IdknyJ+>T!?B>vCs=r*2Vou!lr zPxuB=)`W@U*;k8gD9|WwVbnxQ$wnyjaDG@%G?Ad6h}vl{Kr87)b$aO#I#BuUPY+|+ zpHt>n7gRw(RYk?f02KM0#qSnpTr%zh47Zf{5^o3ZF=EPnWyF*-z0zumKTX6xQ2hX_ z{<2g!cF~#~DHVroX%{WxDXkUjvj@Uca)I{A>clE} z*u;uZfvjCorVmr-BodNn8```hM{aevk~b`QT+SAcs~9G=%c?kBk#fIFxwBXZ4rWaD z$rRJhedD^y%>*|1=lHXh`8Q#rfmvC3pToQQODkY}(qAPZ8x12Y-b-$5KDD+=T$zjA zu@oi8G9;DN&n?EzWjNcjY8kB%&0MnbK&iNY6r1!&DF-c6PhjAF?E!w**XE>ZxC0ME z)hk@kmcgCFkb9nH01-yAkXRz6hRGIEOQclTX-RVNlm><90w|KpUy7%3rAWWN^p*_9 zhifrr-4a`X(8-+0413KY(f(qQSRuQx0m zFk2MSGsI=kE09sSUVrJ$d?6rZ;R`Yht2fVw6%L@uk{&McjTEQlIl&h5@@E-Ge%51P z5dG>+7%sHSSKaKRTgIbJL5~l;#@IEV=&jsqnSb^79I*vS2kK6YzQi#nbjoO{(KE;H zsj`QPdN(h|DDIP67@0in)WuNL%JoW)=Xz+dE!!YBv zGX4hMI7X|P1DAv>3PoN8oq61o)X(v@KW$zV2F0YXdm4hS0iK5Gt`oVOoLKAQDDMCS z--h5F==8<-cbA<4pjU*RqeIPaMk$&ka>bvt%;^~xa=XPOH>SH=Ou8#2x&!fzBjURr z#Mhbb&gFO)Vx%ZKn>jO$MUhyfE=~v*(g{JffJrA9!gK%m{N)t-La_$*cl#M%O2wDS z^reQrZ0ny!HOHX;@+=PYl1>4q zX_FOvRVM=L?Kx7TKMM}9o~(heA74%n0{~V)slV_b*YAhn{Yn~Q`&!AB1)V!s0=6OW zYJp6kj=x-)kPXGL^!%;=Zo!hex7i*9KOMhO9yY!$lurY(vy$#e9lw$8X7wn#Kd+sm z7b}iUasr-4Du)Y%ha$PjcvtYfc;v?Br|{I|z@&Pcpsjk9n9H4JcNUGH^@|S0b0j@9 zpSmGE?|1Fr>v471K{Xw=;03Z);{uVi%gx(S^_OxUybLC~z&o9xd|FF<+%%-9xw0~J zBX}!uS}pvr6pM#?W33it>@PSA(*A_R~`Y?sWne7 zv_wbkB*b;1ua0#3nqfFo`*?Bjsd)kQr!ID%n1C@Fs|}?1y*7EZc^^vUX5VV_Iux-U zOO4kTI^@cAKI!SLn5^Rpb9|K_1f-`os*XZ`N+)@jM4zEE#cvUFBy^A#5R-6udadqNzv;-@!#&1kv)5J$~5BnyNohLA*#e0_> zq%y9SN#&ecbG7;X@$gqzC~7qGdMgv|mpK}8p7=!qxx%R9r;v|J{Xp_@xfR|kcU0kD zExZuu{DP<bMH05zAY$km8!-NE)JRfO7rHZB9Qtw3Qo+v2ZLH2&IW(9==ZvJcTxv7}^rj zj?fG=)^yg62nPtEE!k*jOPUOA$*RCD=bea^3#m+6#oF!F$LuY0Z;UdoggLPNk*#8NX2%&-#c6jZf(v|IJYgy+o7k?``(K@hJU25J{E)DAI-Aesi?) zJ1phjN|nzx%3pW1@?$LJ&rOvtFv_2lULJyXSxt7Ze@zxxUAP%c(ayd|Ik87p>`1Ij zj*kWoWDHK>oJ@lgpPd?hSgv6f}IxXI^D}KzZG_+5s8v_PIX4f4b#cO;`A?brRehCETp@2@?l~=-ubI+*MrlR5CkJbJfpN#k0sY+^p>VUTx5>5k_F79DJM}@=x8+!tSo1oA zO!7b)yv+D`s0*x~{Hvw%5Gnm+^8gVAkuH^3c{4dM!%yzo6$wotAdzNdnY zthV+N&BG=aU^2Lk*55PM7Tj9Dnj(kVf^Yj&TevDO1bsz_b_y=OAbjFpsW4RRSEoTh ztSy!`M=f2O>bL83yE;hfjHSNtYox?=$y)wZ*nPo(=4pc%7;K|GSP46Jc}x7m?r4`H z*Rn8s2gR4`5mlR#Y>aEF8qj-~1 zpk({UuMiw)LE@*S?u%VlF-FV32!=coiSH=Pw*~A+FeR|#JQ%zi({E#VShmC$^-+{8 zzj`0Fw8CG$$6wtstEt6%841f}hTHg>LHR&!2zts;Rs8p$pMZL+Goa3g9G?hYVrH(~ zOnD!+<~_qa|H}#93YLF|jV}&f7+a44H5+be>RMN_sn!Bg^w+#w@M66Qb)Ytv?%cPN z_TpfhAut!OGe-V#@^DBpwpjy^Xfp?&GH_enu`kXMc zpRICzSVZP_+>HJ^1KT>$U6Hdiq!$?sDfjOt1lSLx= zWwy*-O2_D*%kb;xUuFxQ3!oJ=<0aHkChF3EXBQz0yTb1#^=Rj_MSo~edyR;71A4sR zBUO&HbBL=TEg5VC3`A~+^9b>k1v9uPjpu%9r|!ZClNH4HjRD?wYhveG%C(X z&R)qHUl*1MMrXc9%KR`X88GH!`fX0(gX$$poSD&_+n^rBDs)eiD@SgD_R=pcrR zTTE9Xi{b=J)ky6iJ->{!1$24i^WvAQ@Tkk!0YiFzIk7*faSh2xv>7H}&xX-uo`%uq zO;skGql_*0G>omNZMgqp?7VNd(4$PKZ0#lP$0gSQA_fo%D6EfRj_YENOWSw0M4twx zG2t{CJAJ?JaKcOyYgd#sbTDEmXTvnr1Ymjj0A1xwhD?$^#Vb9=b?g zl?N)?JoZPA)=}TA;ktRonnA=Bp163ME8b|nH}DK^i7pXT0)G7DT)tqM%F}->Joinu zAZz1ShzYKLln3LAi>m}nn8H8H2&7a#p3YaUBIPlPO)-k;Cl98|bAe);^dLtmZ`25O z{r>FG8UM(RU->U0b2qGBS;0bxFgzBJKbrMV9@&wIy+Wh6KP%+;M^^j{zX-VQ2ZItb zKTCR$Jk|ZG#=!s@ml+&Opn-Xvx8+7yV9DY7*M{ z(} z(vK{qS?=AKOxmcw^p68wpik`)e*Kyy$>~jmZRrS6XtE>pqCbEdlSt{RZS16o# zC=2h~A)HshI+rCY&(TIBbetPRkF}hZ3|rjcS7$(cc#dbUHhBd_IocmgB+Lc(Yf=cy zy-08TH=;4W@*MFCPs17-wwCDK_zT0`AL(Qt5RofA$QNH|8fllX`cfI%h>p*pT_Cpr zAE`F|{O`%@U=3#sV_gS)bX&JTCU`6iLOvEKQkWG{W@yc+=X+&+zTI0ER5Ep@q4dijM>NF(4Cm^Wv zpvy{s!gaXWY2eI&_?9Ezn43g6>Czxi(jN80VMcCt=!EbZYHazOpP{|qLVdweno zc#@TXc{Tsd(+B9}KXY~Cq8}n`p;+cn7_q&yy;xRn$-xp`axbg5B1c!XbGPzqYTXl* zQEc2dm`Q7$W=}`a@Fm$&g#8uBj$X|^B6MR8Oqj(G*=Ph{zbK*D(tWT;b&Xc1w;v+Q z`0jvxCpK6x;P}hi{nDsCvU-EdPv`N!m&-q%4c*9Sr(BLb$%k@v$IP32TK-oc)2x{n z`joA{eH#OIJy88=KpOdJpuFAJ+@6iy(fQf=HlKaB&;Fl4`KOn2f#wd`eppVtDU(Mo zT9tTBR_;VKvx~WZX$EDUY&2O`P9Uw#rLuab%dB>m5`UTQXT6oJKvzsPO^M4p$Q!}x zpJhSq>aG2e<%50D_m#hD;W~BwEnMfs`j?`D;amfir%$bx8pG+*Ki#uL+E7t=TIz8w z9WZ;CLTs)=8z63nd@8ofvJ*52Ir~gx z3aE8165tA$(T)eBy^;jD0)tLHer4Ipek_1fuu(`HkMYm4rSt>g4jJ`amDs*WQaJM4v&5qCJbh^=n?H9)$9>k%wxINRLG6 zRgM0cGDNHCD*NZ7f5XdEB}(Cw(SxT6W^{yjA!`!bNp6r8T+-kHR1l?MS8CP?QWA zSntkaSZ5O~Ps4LV`0X70rO`W=-%4Pz$!?97^%XQv+iJ3+P?px{5Kg657->}f@yYqq zVLoaa4S*iHgRjIOkkny;aF=*vQgB6W;*Ckc72R{Z*prJlF(v{vu4Oz7uI25V#UKSi z7-D3NaYo%u{IiUjU`XWtBYlV#O9Wa8p_rA9nyk>da(E35ge@4L6`6*_rM2+@iFyTP zxL;&BV+bZ7jSyy~tG~IeuF7L+n}*B;7W${Ra&rTd4`wG(7^XH6J+Ta@Ifq)JJ|~aE znlb!#IlW;T3)<~O7+Wc^P}A{)f%7{BzH^hbKy#uc8eoH8Yt%`g#3RiogCvSmsWj)< zwgnj{g)Ke!mm>)w0Nq42Xj(BzdJ0^aI`rb@M-nNPmfVvTSofsFw(1t|fM|LJldBjD zz2J+3iSQbNl_fGhQS>kv3*_O!x5q<`K zgM)jTa4+$E%c|TaJ->#y6kXQGE8la(?cfjsBNLc!t1o;c%dh^C_+CKr9KmIxZa+=#yl{GYPYwUB52h#F*#t<6t3+?qWkc~-(P#lymU-~Eo}p833B94*mMFbL2&kbf+CUzE#7$PE*HcI3Kefmj4rVR zyTlUg5{tFVSh@{j6r`Cp?$Yy4G@_RIbZu5cbR@4yG<}E;>8&Ap9yd5jnXqb|)7Q$y z2!{UmKOUjjFHOkchhf`CT9rqPeGb`@l(qWhj~yE`3oj&Q79eH@d|G*0_21bxu<}q12ovZjzeQE3=N7r_r678F|`2>?Tj6Fc?Xm zMq<3l(~PjvggDx@WhL2KF(hs*N+cY#M8_CiXZG~lTN4Q|wJ^vmE2}lSfPcZ>G;L%T z4zhVK>@pr{h8Zl7rk4=Ci9)kUzb@onxR{b=+AZeYXt6Af<)3AQ0Qc&( zRL|{Hk4XmOR~mg7CsI44BykuYhKUb#H2v=SRBYiz+X+QRN8PKZfy?XCUMmwcX@yu| zl2+(NpSWO00z8oR1gxr)qW?yRVxQ6;*4RoDaNbJOro-Gy-##w`Jpf z2697fRBTZj*^)XU>|gI^Q3mVPa`KiRKt^^n(5UCO1Y z?Y{+oZ+}Ow8hm=Mf5z?qQSP@C#Hp8Ea5%$$y8HW+Eqe5$cJcA~J2JsOCV#kNVIwtw zZ!!+sCziz(s?_&F2BALIPurWtE(Xb9ApcqpI4MmFN*BR)QuXjo1J z*`HCaS*(k&u6 zR*MLM7$q9~STE}g$BTa8*9S7d{x9iID9@OWkX2p0tq^ZQQx+xN7+Fg3))4JUMP>*Q z`U^ucEjP!|o=$t;LLkvh`mgu_S}nE&#-_ua+7j5!EkTsG1R8G%SX5Fp+7g%o+wQY7 zE}h4^-eeMgFZmC3EA2~<=WWHk(a!XHqjRlxqnAjws9$ZUaX+FPE>yaiU06$mQIPJZ zC;KUO9uA>Ca0umJFQE$LD9*H}Qx8<5j?4%|rTF>!4qYY+C zYjkODQU&x_Ds@G!Pysb)8w9Y|`CCi$O#%waqEf9_#6TFO%jz9zMtR>ZNbxSlsd3#kT}EeIf=#$EuEr*085d^L2$BI`>|kez9W0?& zDxbWulPzCV3R`~VqoxWiD0Ws%W^PBr$G83T2FE!m7$3$-wB#WMI6J z4UFf8*OVcbW9I4DvQVk`_1FjqA1KC;d-W=gU#Qc5;GnDwN^KV`pI7MSc7fOh`;C|z zA_C7FqDhX_hUod!hN#~*Y@hyg%>F+g6TuUYqy=gH86-!Gq+|8}IqE=q?oJJ)^ZkQH z1u2)Dp5Q~^L8r1prwhBSA@C3>k9{u#BnUX^?g@mFlz>C!8fORr$13^Ii+;x=2f6?} zD*o!%Z~=BGpjl<9nwVL#271wl%{T^sA%Um%ce}a_(NX;wAydOYn99dSA9XeT@ zWRRk7(ujKZWz*RiCWhce@k<)K`;0@NTiKEdcV7IKkcXx^vfQJN9O6;DTj21LEENJ1 zx68@~WLb@@@J6MxqZ`%nTa@wNk~gOkXfqB^oQTfCY7EPwCZ`Ti=vUsw&Kl&_vRYQ0 z;`}HD{tUnhOBw0rMHyDz0DM1X__qZ1HOOV^_&sXiTcxgCk%yq~GbXQtuC*8)%92+T z_hk-D%|}<_C;L^m%dh&1;j+^X*PX4T;=2D7?yZ}9m+X%e8A5lcpF5A+3*uMRTQod9{eTq-(1I-oi@8U5ls9znXhgzs^q5a+MS8g$GsP=2~N~_ERw_AO1 zg%m-`JxIl$S~yT=g$n!>OF%dS#m}Sz=qGtpf2mv>*&P~!bOKFTJjz%X_(;-uobIhi zvtq-wyR=GHt}m^n%4KRsopD<>T^&p|?gRS1Xud7p+_k?8zaSPJP~Hw0U4C0uA1~!Q zYt;uz>6EA(-9~^af<=DKLFW){u)DwbNgv?k`ck-xUs3E+FDvo2j-nGNw#vP9jDHFp zP?;;2x5057PQ|0`K4nxzKpk7*+xI&eFlU_XQ(pCvxgTbHU-(kn3oM6_-)r?7vt_9< zr)^lN?FEAPB0E5AeRrogbMbIBrVbRx$_$YEWx!vqaHi@23#OiQvhU9;ol&{hz4z4- z7^D_o^B28*TFuaaI;zYE4})Bva$gyiIzFKBfN=1S{2hON>gC0TgTba9$&UUEc@O)_ zcT0=uCIp{4szfdaoyGmty0qxdft*w1v81Ass7<0FyCs165XGrLaoryD3#f!7o_cuH>!sJFqx;0oe1vLY_0 zz+A_8i8~}@ZMeM-P8DjfbgmzCQWZbRuRhCHO862j{$at=DSk|ZDrrd#`cprz^v0~< zIKTQ!F6<)~nP`*4?eHFXK)}|DoN{BZq?&-_|)l6C**^{;R9JxWH*|rG|Sch zmcsjoioxKSs0?X~KZEsXmwfiP(z)^DJ?dNs`?rV$kJ5pyri$9ka~ zAofjCSOX-s49i<~U z?v7SeD{GETYW^nq=KP0b`~JjsdD!&QDN>j_hsP=@+=p(_mm2ejTp~NAMTgOuOXNIh z@mON+U-1acaKYpyMRw3333Z0kqh1=&?o0$QSys~pI{0sd@6;yDC!qLhmt4NlU)>}v za?@3b;Ujh_LaJSijeBnktOa#=8L9dk5BZdhn6-|Pt>h7fG{tXoj8UfBoOG`RY->{V zTx5+cBD0EU^iPf?8$E&BQb%Xk@`v!5>xV9&e%GRPH4R=kIYl3)*ih%<58)jjhErr} z=^?tOLz5HX{Uf9$>{@5c9jURN+}>oZ-$emTkel;=j!}{6<_sW>PP7jNYm0qE=Ribj zwj55jrj1XB&`MlOEh-v9jM7`#MEYmKMdVM&FtTc#-61V`9FGAQzUVb4ptQ~WXtX*n zuOqhOu+h>PPLt9FiT~`i9!XqQrh~K-qg)*ANkDMP)gMXWU(neU%oZX>pE_`FI@qGj zVC_k;*9)-lz{Pst*lTjLSPj4qPn-gbJ@^$e4^J#0Bw|sM_z2x_ia#$!t_Ny|)22^~ z{)GMDfWdEQJ6!#}wB&Nos9y_VcMfqvcevM3XW(L{)1jg2FQvs1&;*|4>RnR!vr2Zq zb`+I1)znMTpOSo@*x;|;H3tI9uGmd@4=CRg#RRXBl}$8JWjk0-Q?ZDHQ63wsIsWbo zHy!d;uAjQ}GPS6owU!QZVY6HJg{(~5bD27>;ZSRBhmm$jR?2+g<|6=6;;&vGdedLN z!KYm9ij6!(JVV^(Z@Y#bO0F^?*Ury z%zeyC@8i4KMjyYSK7JE>i;-DE72TC(z^^;ssPX!I-VB=+QB*2A0k%;F8(F-KAXUet z@ck8{hI~=OI<8?o^2}+Et!40JK8^B$ID-0+!+=`-wG=+rXdXrRes*L(TRrT)(z2%5 zbYvPX7!V;OI?*hBueG#Yl=ck4ex+Xs#Q_Nv`n?o>1=%7^fW*_dzNQdRn=6{7$kqdx zyEE~JDE0OMqMU-hE zWvYHRI8`EtVfr#eicF&~S!VGu*5Wo3ap8{MQe*`3ggXi_MEjGo|7@hW>uZMemZBvD z=SBKd{jL;!oL7N&W4%ql;cN@w#pju5fy3er?tZqBs0D-dt`x59ZNE3Q|w!FL@%=D{`a}5+U@w+5Z1!HrylPQO7wwuGBHFhMX3k~Y*`D>tr$C@5V*Qd;6`NvcTX<^+?#g@a9^F1 z4(_^M1~_{sa7#0Rn_{-^egoW!PT)o&LuJ!5c96lWzGBhW`juZwqz9()%jQU%6#e~P zjM{Mgkx5!1WiMg56f|n%j80o{R_tW{zFCSC;lcdgK3secT^&38eIl`ns*%Fq;L)t= z70$u@iK?oisy5?0hA?tAy}X7OkY=!OWc|F;6JQYiDD`QiR_>1FQC&)#yS}}Nx6bbR zj{0D^Pl@@=fv(@*K2s7SUB4eg{T8iiG}IsCp>n;6rz{vgVv!?16xx?L2DC(u720VS zquA$%e<-wRy$onX1Sx2b6SRv--cod)aFJ)eBe96KyX9XBQ11G}?K52h7M=m@A(9QN z_ehIZkg&G^C2ICbOXlF$JmS6|UM08T-EZH)n*{yDD71KDix9nps=#v{_|H{v_@-S2 zHl)tT`g=Uo?h$D5%u7ITaICh6cZ`6?SZ$U&+&%)o+2QTE&D)P}-jVNaZtvyJ+lXXO zUQ=Eh@@qGHakk0i*b?~5cV))*t8`;~^+sv&yJ=(B_$@%~B^w#g zC4ZZauBvY>=!%C^=<4%r3SEQG`f<^dVvl19@p?Lh3h}kxI9XGE%=zn_edX zO8ij}CUE-Q*D0JH0Zw<~J)jL8!bs)&6c(lM`p>UZczwO>$HnV?fM=OK`Kj46D;G0o z&fs`{s+}|YCENGyLbH9r-U3OBEUi49TRE;&MpJr&%dH1*RyJcvQQE@ory%hvyBiIy z-~X|+xDjs1NEw;sZr;(0TJ6o-=q5ZaD#SW0HIB&+x92vuA5ZNMZ%5;s^O_g#=hjDQ zMT@OIlkg6to)5WAG!`l(+8*wQNNg9~d8@QW2C{}>)+%(6Y^zr`gE4pc& zn)R3Z)Ie|eDuu!wXLLc~JvVki-|Xs4sGE6CPiPAj$D#m^bWh$!r8%D0+@9~wYx2Mw zYVuSu0c3plM)oppr08W|@lq6Bf#29AUm0CG{y*Y=2Mv=ws=}fNuJ+!sti&m!adRrsy21pb&pj{lSQ=*N@yH`V%WPByh@2 zqPKzQ5mfHqyOT>M_wR3+`!|vMw`b0Sv8j0Cp46m|h#WrPm{}IEe`-wHUHYZ>r#iF2 zk+Cz;mry-3!z+!(&f><37DkriYwTkD;R;I*W~}hDB$s$|eyYOvGgrv_Cc++Mud~eU z#oRM_Yw_02#`q65@Fh46IgV5|aSRR*w0qN&BEfIJ5IRqY1bR12tw2^$-#jnLk58-= zc=BKcobIk_ks_bRF=`9rW~=!F=EG?jm~_LDj7)lvqdO)|oAI8R^o67<>x;^mX6}ZX z!;0yjaM&rDYAfzbp}6Q!3dLJb&Ct&FgBjaN_b_K}=NU(Br$*cUpPg#7^MXU^9D8uG zogMe4h`JslC5SRR*0fXw7c^2F-pJ>YKFMe_xWJ_RGG> zSo?L|)=n4x^jtd$GO>#~*M54Y+HcET`!0KTwfl}*dlB`0^(mcd|I;ZMYTx)>#@g@c zw)TJ9k5>D961XqvTzh$@+STtf*6!@K_MaZL_9}pky*$XQU5cz4lxaTi&sg!FZQWIz zf7FUEBu&hyK`99$)`0~f`7-)|<)w6w<)!T_%gZ&^FBg1kdASj2O@ZELd3gz%lccZ` zTeREy_V#}3+f!dz->yh|`#9}w^*7eHPrkLj-M7#BHXOCP)yo`m^+NWGTKxB&wA?6l zbdY`M!gK|A-@o^)SBFt+E)1jTcB9`@yo=xmP) zM0ZM&=W`8vl+hZpM;WcL+N02-qBDO?d(^hS9L3~%OON)brwn`4_21jl;fDWmYz8Tx z<|&0m%JaP~X_Bf=nWVl*nWX4y{Rh{iOj5U`Oj6VF$Vi+?p$4npk(M|yLjv#ug2kbo zRLW}%l`>3HyGTc|xPeVlyZqHVr0{Jg(D*n`5PD@ORLNQc-R_+2nBuY9IOlGnnc&0> z7Ad(r=1*CqI@zQA%9JklD8EwDvptI3RA7&);J$Kj!F~nhu(NR7HSXud*r*4pUzL_r zVmkUP{Y=^3NMAx7{gQ7E6CJ(3zqO<9m}V(-luU1L5<+WShXNn_(spXprh_Tx|EE z+u(>~Hy-I@wM>DxME^kTz5%lwjrA$-U_VACp^Nc{;bx^_<{xNVl|zyub14&T*HMZr zQ*>^AWR>GgDRKjS>DX@+C$n9u_^n3Q*m!ZFX_%gPRwSui^2$|0LP0gBew1g>xkWz*UgAUpCzGVtWiVwNjy-gGh^#$%T7tZ5J^MM zgwK@JKz7_(+Cr-1g>~vDAko;}blR30q-I$M;9!wu0AQB7%cO??nE5HfW%tzZklmn$ zhQ3y6;7ff>YM@}K4C;n7T87cxjSNIL;SbNLab_b*dTd06*@*14Mhvhv zg4mf9_6Ynt&g7A$EjgQ|uA*AMfW$*{bICUXCnt~-&u+tk1I)CCt6E3_3g{9^={Q_yR7h!!N+Y!cURz8!h#b|Vd%ruXg zMxlrBAYi;XIB62P7m2H=G^ihsVu{!K{dI7fN$5EObj4m_5?V)hTq>&#NJm z&?A&O1b@7hJ7dv|HlcvBy<5AB-L$*(Pug8L3=FAg+Aw)wXxf3F9|rV0(=?RV6=-`O z26~{+4+Z+U3G|R@v)~nqye1u$yW^*__Uac`3f0kbg+g_>>@{YkoYSu~`ODj-NCF#; zF@H(&AE@ zAGCvHZA0+8bgjrO-IIsqU3A3m%sV|gsnYXK?=@=UHK-`L z1N$dkz=rm|+Q}yLESY}n2Sk(K|7ohp4_j@IKkV_ zGfil3;v1RJ=iSf6g|HJ#>>;%Gl!|P}>Y_ z{py=^Y%TuAf~`MKOJVEgZ&KLWe%z0Xt%m_m%mHBQWItgmK!@^^$dVIp;?tZ@ za%NJ2J^!{8t}eFNo9G&+9}`!%^7;Ja49-u@;GV2vyYvsIcD9Ng+GC;rf(%pk+RRol z^4!QgZEZP6o3^=R75iT}Zlw%65x-!EcOex5l3{N+ViM) z$?m;1r2)Owp03u9{TwA3PJUMdk+f*P70%x+a8`DP^K^~@XFw)6y$)F5Otrv?cY-6x zEw4HDAJok7CLYRQwV-?A2p0Ax`Uw_rm06k1B&B4kqlMrsH<%`Tsadq32KW6`+raV9^)4%f4nj-e8kw52UXwQyJ3!}7H>sJ5z zE5{FLkEl61pJddt(i;V~h6rB`OuP#EpZ zP5IXk8>%O1sEV8xA%YA6N$c~ZWHM2F@?}W2YBrX3mN$(_ zODc1ow4uwyq?-y7GLIfP&L7L@ zNzr`LiIS&X67>|${+N+n@|}Tf=V$|My)q&jm<}CBn2BzTp~BnoCxv%5o40xefPdr| z+5yUKF`GX|<<5_FYc{ux16J>*IgiBq5z1Aoz89>w?rE%d>1*Ual5LDxtXx>_&%}?pVY>fw!(I;>NQql?Hi(YZq={W{ zsA-yA8uO!skQGPb$sE9!IX_16oXU zG?7O6-Zs;Y@bvRQ4BU+GeE5B5i@0)>4Re-fg}u?TZ}5 z{PY{lq!4AOGv6*QG&2l0lZH?kxOogQ6D}|kPBIg2DijI5&4fHohzUU7tuRstTT?$0 zsmfY>*l;|W@TMhU6D7QCmV1duXS*o(q?!7zHFYVczCdR*UnGN#p7@Q3)toaLjg4Q3 z{NuURK;k$0BY!XgIalWMrOJ!?nU^ZdPZ-5UaBe!csuifma{#s)C;fOzYhRp8SE;46?SrBu-JD{kJy|F!ebCa7^NqB7%}l=&1*svQnG~%RC5dY@r%jL- ze!=mjl=q~@y!!nmp>u(_w+aN}YAJ*r*-9y_wmnxQ)`?K)rITW$x1Nd|Rrqek-`3CC z+1rL(axzxIxKh8|td~`-mBOE~O!)j-sd0l}^VvNO{!%|&wl>ydLldUsSriSsNcJ=U zn7G-%T?PI6Kgb58U76)+0Id20*;0611iJnJjMnxfSg$5O z;nnKe!Nhu@)(u{1R2wzne8Ft1nrHbv+8777DzZ6LE;ah|W$nr*Jes?`{y;CV%8k;f zO=!aff(xT~4grf*nIc!fDrYzMV*r4@RwiK$g&IVplgICBr!7-$i^ zOc+&x`gi;BA9P1o=(69Ah45!e23ty$d<(PO^ znJx4yoAlGUkw~pcrLNZ{P8E$S=f>q+pP!mSB{@8WeEfsYVz%w#*_P@4ax>C>Dn4;7 zU0@JU-tshfFP4?}eaf2@RDky6t!}0s{7z$wpL!Y)8!3&TPYvGTE#6D*=#*dCpx<{b zEdUdo*aYWDi(ch@?b?HQ%a#_?brz~dN9&toPMVv^E)xL6gor4Ear8sANlfZtrvd6D#boamBA3Q()j$3kJlDWpZ@Ml5^{@hUI zmI?>q-)KCzM$7bskA-9LmIS}`s(ELW(3Dt8rJOYkK$k^{Gqv4(DdWKGRty3Ltl=&7<@+0eYp#k-6)@R?eB z!?di1y6omyaf9qgLazu;XF}lXBU0oknxDt{;3_2ibl|VDfP~g?i-Qt{vrfJb&N>^^ z{0+XF{hG~hk0rLJkh29Zp=u&h7-;DsOqPtC~dEfIz3bjsnOHd^jC5(7{#BG!;V~@D_MwYyLuC5PN zw-oFu}(ZaUVGPfg|Kr7~3K zkw4)})%AsNr&&%uLE1@G_Re^Gi_bZJw`QSH06Z11{kiaD0*|&tjH% zeEhUzN-<4|(D4S8|4l-n8(iorm?q3x7iR4$G@njmw#(Z1Rr(tfNR*(fUG{UJz(X8# zfiArY(EQ&h70NCNd+3F)5(7!Q)s4`A74u#P#M)1n<=bN9cxoihr^Jnv_--okv6GFk zi_g=Cms1}eH9!28KK!0PTuL9_8`#hG0>!u1hyEI0l+>4jC*cdr7ym1`hH2OPytoM3gXTB`p58XQ0m*)C#AmqjlN|u+zrO(M@+c7 zi-6K4zs8rJL!L zEk?!#7C7HNiVv3?AEsJ9d_W)0PeEThz=U2)u!>V(RwlokfiK5!U#~h|H-kiCZK3+~ zc@OPOpuPX){i0pr4PkgA{wsL(^GDc%=KyN43Dspleec0;TA4BNSnn^bpMR+>ILKIw zGu+}l1-14Z-M-8HLL@7Cz=r(3@I6@EqjZ6%vc<0!`qW2gtx*2W?D%c+fPxO8gnjuI z8Qz^f)q%yo=`bc?O zfg{Q6VmNNXVG!N}-|*MI?&^U*5A}*qr*yj8sEQ5^g?~-vH*#;q_T?|U>SZef8{o8C z%8)7Ml~-{nzC=?%8C4NK7t$?g^U~toa56-D%*M;=Xe=_vDFYYs6NTFy?FtovJ+1D1 zKM}d>2GpOSv4aEZEUdZrRX|v;>qDEsTT1KV$N5$KFc>&GtdZf>DJx?My6RteNI}co z%G>eMPWR2A#r~-547QT1q(_-oTIvDktbScud=Ckksz<~6+&WwGRkuispFongx+W6* zHC>ie<*(i+g+D}^(!l|yC(&o6CIYn?u&_>?8*nT0qL}NgKIOg&V-Oib`RoPzNSC!f zU-8@5!!cK#;$o+!GkB?;1`&L|aBlJ`ZE23S90&?Ri0Np1FVRH!5FBmk{Ew{m!b<_{ zM@-BVzFo^-I#zSgyUl0U;ovoE;215R-|-Eu!_C-V9>OBx06ol{L7v!Ua(H_O6@ncU zMmgPA{)Qi5;1=nU?Hjz6o0IqHee0I)s@+3>ol~V5>rcX;rjx!MB`xqjyoY`q5BtJv zop8Qv_g8NUZIY`2Tu_8o5XtLj3*P0$){7jTppnZC7I{>^b_o7i9wmP%c>*WeLSOj8 zuO30CvQgwp6q#9r?`HiT8ZnRJSV|9vFqM`%=&6IAfJ2Y=9X;hk@}-NT4u#&9l?g7U zoY)aqA(yhp>@-73?J4N;>r-m)c7if~Jjj#nzDDFQXV`!muPW z>QL~nnF{h4MXx7$XD+#4YdN;VMK=9s51RU_Y@y7%)=W4xI~gQ=w3&9gNTYn`n`!P; zzCmVMKcwj{^X>gC%CS~YXhyq)rIAv)icC-+!8b3y!iN=RCaqsS zmDe8N^7^Byp&Gl%&Z@Bm_<8X(`f|<#{Dm|MF&S9x5|2$*+WhJmjM^Bud90U~2yfvQ zcJU{htgN2s*M_Qo6+6(=PrwQsFH65KQSIev7y?c;+NIoIOxr$x^|w;w8IrY!`P4_n z{5~KpCU0Gzy2O~@3&>yp=AvKv?K=`X+{$6k*>@I?)EsvZNO$w$Q{0uW5ly%k9wvOv zx-jM-8zRMQ#%>if=at?!~AR3G1n`UC5Wq}A8bVb%ve-3I<} z)M};hZ*2yIe1Z@$Aei){9>;ImNa%eGQtE)dhaz5pHyslCp5M_v(Ve60%3JGJHoBX2 zSHqP#4R-^AJGWUcZg4we_k!nG>GN3ocN5=0X7=y1eaDW^3*$fg!S&6q;<`3dUH6)G zy?XSzd`qdE6kSYa5|q8vC>skQfzRh0WBsdB^&i-4*3Si?W}7+NRI$xIALA3An_~;* zwvwia2BT9LM6#po!!}RZuQxRq4D-h0OhNj?2aKdIBx9#TjPx=ybD$zt^Wa)hq38Ws|!(2Bpbncl`#asIRm)+zrjMFS~hH zal@64l{Hf28x|`K7(YqEn4TF%QH-u=CCyo+PHb)qeROTM6e;2YuKM0ig8H}>Y9A7f zo^deXB^Q$^?6@p0>t#Tzta(4Sn=POnDFCY1q6PmJE%*Q}fa>Qed&9lx#hC2ocyYtE zj{5y@_&u8h=H~Er)LmkQ_fQhv|JXD3$k7EWv5#p}USmP+m?V(#nH%Nk(kL-jk#Sh^ zrN(9~U!U(48Yn5Ek}xKaM#%K3HmD1X0j&w%nymF5nkUb=M8$O5f?4qgZdQbC^EzMm zG+Zm{y()=}-l5afG03%EG;c$)dAEz^L7O$kY~FL=C`Nt3X;jhdIcQFgdN9#YZhvsF z7;qYZ$O7~O!?pZ)E>6K!pnF9R+OBqKIY`A=hXE56Q&D< zkBuaROo2cLj@s`^OfuTG)sd}W3O&h4J=;iy=C5Dkpm?qj(i&_FwWJTFhY~~Hcmr7= zxxJ1b_iDOLmJF>U&LEpZ_|<8tO&nd@sX|%b?25Thu-SyXVHgMK@G7-U&7=RdD_wrg z4Y9&k16xn6U%SR5Yj>k*_xNS)8pywQm-w}N0)Fi$V`)RfauvQ7WI?#0=Q?WfBAdn66Y29CeHam>$jS!flQwuocA$szO7u?c?g+eA5C01ef((*z#N@u>KmXd zY@!;avEGO)4K3T#J;3{0XOQ%wAhWLu!02&16C@m#?-qcUOiG8@UNCM_q< z*4P3aKZdUY*-Y2!gG)`?z!uzTh{rh^M0$FzAlX*jw`!rXoXrB*2Mi4E#J2doDD5yy ze{2}1I+r$@@}wyJ4=zoC)Z#VPx(mChn|q|?)QQrgxOA^nNB-wDE0F`ga*~Fn#zLU@ zo_t<^mip~$6FV?$C-Hc}c)~l8@T+p{{ZlChSHJ%Jp}*zBEA%0O?Fw5C3r;}>fo^jn zVZ~0rFECzc;a>c>R~J(MhFJ>lIMQR`PekDtj#%2DQ~lI8c^z`R&!1eD=ADAi>FnhV zOk**32nAB(l@2V-?i@AGQ?)iU3#QU@lTF|!%*p~~yVwR|Kg5(oQ&TI*K8ZF>#sOWe z;E*w^tC+|{a0Tps#5RaGR79Ofq6=Hu>RA<|JJnF-d1Mk!)q9>vyoE-+Y?D1#@I8~- zxf$5I70f%4nnC2R6|Cev8C8aQW|+G%VjX5PszmFNO3fCS9Y>98*87%-c}du@=(K>P z*lJ>g#($Wa;SPK7jBrO*Fb8@mGPYdFYs-1E>T{-oa>vfUkK{7(t*`Md+xXTW-$W(u z38oH?LW@+(>NO~^EqJb9o8yf4nF^Ie3pAXs2T%5?{Rz@nu+4O&An9-1yE760fORI& z67?r50-cK%p~Fe2`ztcYD&%qXhBAUYlpz-;?Wh!{6%Y+dzDi1z_P$C3KKC#NNEe zqLRD;C@@5xV; z7<>0*V77Bn$~{hz{AS>xW= z&A2xlmqFGR(y~YXB;`>WRf^KVKi(PmHwFLd@UIsCD)6s_!4RB{&7jxPbIW>=$2mH^+0`;ZN+Za0j=1 z=4<}MvA4O_FL~dSVdNe=cwDh_%;2HL{=D~stKCPML;q}vlBf-nT!A-4W0Ny_HoPa; z3*w!7VYb-N%M852t2ta7Si-^nIKr_YX%|9Nzz#GVmPA%xVGT&Dmt+U}rAQDqsnEL; z&#R5+CV5{gjjI%mlW8}akRqQNF=oUy@E2WAcQ)LyLRKfQf;NR*Ovob20q;xwnqv*N zg9*rub<_^cF${U4ltg*#2QgohH^ckYP@AkwUgc8~f%1Lgc6thp;4k0fSN8g=J7$sP zd^O#KjCx3n#IIf04#S;a`5W!0;wMwQFi}L+$OfI)FkM7S z;;RmZaSRe^S(MyIq{t&g+6sSCD`j;V1tF1#Eu&Elok+o=@Sxve+nq4J`Bkn(4o9g7 z%+5>>%Fv~F;ApCW1Mn7Z=4mN)2?XqMT8jOwE_F6EZ3GHSvjC!TNoT zulucjTUz`STcH_ks-r=!Zkg?3ZT#o7<*fEcZNaBxxS8v@yVWT(Opd=Y&bKBZ_5cTC`P zK;nx;>@(x0iq09yK5k~*a|9XJ@SPk}oPKpKv`RebfJ(+_Ih6Yyvj!O1>EdgUbbM02 znE?uYzJ37O|GzP5W*ZrI=-=1(u?6ghK{=MOiQR29%7gm4qloL!sBVU|bg5a0v^44c za#;FRO#S+lFVSFZx75>p#P--Xl%xe#xmWYaadjETz8ORJ1A?yz7Vo8FQrHXRJiB$U z?FE`7A|}SGGmV%S6j4`(!k5_?Pa>>4y$FW7jHeft&*M{K2^ zX7T~OmXa?L$&Y^r+rfF1aJoo1m?~aO$;WY5m(%HOSrZY`6pC+^bGwUL2KJ(H7&BQ3 zfH8sbXvPKF;5J&$A0H)cK1IaIIi3MW={P-DK1~B70vRu)%(ekni84!Sjgms#5XqfX zQq!oU{?07eqUQr#HjD95(XN~iC2EYg831;Q!=0s55mr#fXw|EnFFumWn4kq$m;n;KR(kSH1g$azu0%^&w zgl^;fLzV%-UctVYt*%OkJnR*sr_dnwm((5v^VnCdJ zyt)v$XA#SS^?CdrQKDe;mn@Qhi=P+azG~CmurPNM53kF7yS=u4egY1^UE{KWJGhiGK%E>UzC6aV`2yX<70*Z;yfL7G(*G~Q?c7O3x-KrY~ zRQQvS;Y)Qaaw~2Jyb6i~@TQDVR4=z`_ucFW`|Vp3?LPHxkn-N(M?Uo)Xa_#auH3d% zb)3TGy`sG0fWW=Z3BfM(X}r-a@HeACR^>J`{~&9AhseL!Y|WyXbg+y%U_g)}w~^yR z5{kut#DMp{tqZ)^1r*xH?BKVyWCxMv+o+R zPx^u?kXRhb>VnJYAr}vK;(=WX)&`U|z3mR;{7LHNQ*OAk->;15OISr(Djw48e67VZUxLQ1UkIjcUWbfLN8 zt*3A=AXOEV;$Q323i{ZdvC}#J_u0b#G?V7O*Tk0d3Gx6?pCF6nd|uKZW6CF^xjf%^>Z>T%j5ioim?l(`vK$NR$xI7k(7kl(x!}x5<*1 z)cHc6Ep+*eztvP)Xs05q*$1R{6OwL$L<)WLnY8idGu;tqw1CdEWs^ODCp*3ovlZHE z8a7lQ8z1VDVj&-;i3q1>e5f@)C|}FkFBy>jr#^j1@up+{PNOLCHDP;$wQ}``Qsgzd z5m1>`aO+C286%+NzYST zV>rR$XYBBbTlgxmi}av|Ji^B8b0ugK!?Q1Ep5BRkQB6K+#b;@P@MwY}7HK*eH1GYF^{Nnq;coCf{bT+Gi&U_|%WpSv!;ccy>~zdXKFi z{gzA;D$lvPcdDWC?4;imMm(Y4l*&U>Ao)%bk}vUO=w-EnIYE0=~w;y2x-Wm$fZEf-eOXka-h81$vIZL&lz`Nf94Cf z7W)!!88_6aC(s5V?o+SmFf{5f-^BWQEoU$fptl%3EHTDz(soWNlP2z!3PVsT!?74c zHXyf;?Vr4yP?Rpex`2BS&`OthD|gF$=^UNOtE5ZYmj*!Hk)d>HmYR#UIM5bam35Eu z^}bE^{d8xL^z;TgO|Asc{N2HeQ1SDhcWKKT?M7RuA;cQT7wb!V30C9efLRp6mXTXc zI#jV&zrQn}R&SLc3eq70cdcGxEjAP4r3S=CLRR86Qeh_h!=Ywn?J|m->!MqJ(}#3R zgQ+3lhHRwyW@F95Ry-D18bZSv+h9u@{6*&A59wy`{hy@`{`iJ&2LBzqG5CF_iu-%b z@qfvldHf;x$3H-K)GN4SGz^wrY1h$$O}#?064+>T=U1Plx|7`vUb&leB1QmLC+2(j z#$r;hjE91m>!7+w-BJvo+mC!g=)#VG;tL0;Z=ksV6`_+vwMH8-nY}dgZxU^2LS1dV z#I}0djW$p`WMI#`RV=;Zn_}C9LS;6}#QsKtV{-gVs<~OzPE<3^(z~o4s3x|MXE4fS zGIjl1pK>F{KUKq(|M=Lf;lZ8V)S%2y(WEim{*v9t7QeNJYWCldR?V(wlGXg{2UIf( z)hJjm#&@uz&9h9OfjtJ9EJGbJS}_{}s~g6fBe&WZxkuL}%#m}YMvhwq!)%W8FryX& zm~-K$sX@!`X3&IKG`=ZbjslN=(uEZ?|HouYSWc)S(Sb!-)B$CyR0cM^@Kxg6omDd3 z?C+{feN{O}f(zwxmvur@Q~fF5B)7^=qHr<)m)BXt_IruYC!jsvPK~m3ZAKYJ7^C1l|YkU;lSss zI97XgTX4Kz%fIRh`0o11K_=W(oRq&+Sr0_l2jPEJr@JNBNGBOu1B%=sm3ddV>8Kpt zKi&lY+@@k|mWzGW8$ui4MJ{TcP=*EyMd--C9AY2U69mf@}Y~8V*HjH-oa21s#=5aS5i)sblGKaBr1Qt(_at zR&n%cRfg+AyF+euurj{YW2a3a(rf3!)aO(1L)xD^X^lv<(Ysm1uMUCWI1u{ubxw~u zm;lFn8|S+qb&&HR-HE&SPrPIk$=u=}HoeUyg^zIe9T?i;ky2wY?idYiV?4*FF6D67 z!9<0dQsajw9eBouMRY-Fo*<{9Q+g> zW($oBsJ$>Qu)H47w~S0A)WFK{{5xrU>*mVC z>SmDIIZ&n#2$(Iqa&8<3zCaZ^Evs(!1o10F;Jti{%PA+^b0JU0wqc0V;$xdt279Nf zW2Dn{M2{f%3up1#<*kUzBpT6^R9HI$&-wVh1;2;zI}X2J;MarSrzBV4Wyv-E4aqh6 zKT_eOp;BR8sZ=Nz;X6jlTctRC38oZZqIOEAv!mFw+zttq?&tUmZ02!j#S02QhDqw> zNybr)_(ypAJHH+4`8viORoL}_-VZ3x?e11#*=c@}^)R*Hd5!~#w?>^Qw+`Am1!%l) z>?@`lx$TFi(-p~Tl=c3uS{ZI0>_ORDD+_lB>>p;-0T4Suh^br0+(&ba0D;x%(VL0A zh3e$+8p5rOXI?)th~fnk@bm#B?{azAbc8SE7;yXmB%U$w3=LpPa9*C0%22yG9cvrr z+4Iek!UE58XiSBWbjN_}2Rh<4sq-yYyI>O{y^qwWk!&J2Z!ZJX5;?C;+0PdgL&KB5 zQKsP323*3&iF9{u0&LM}WU@6FVh!<)GkOc6;rL};q21PkzyhN-JP|5fEt$og1 zLV}mp_y2wW=i_s#zw!f(_g-ER*}!x?00R{x5nfWn7*r(iTE}jibR-T?aN6 zF7Cz1!a&Ki#prDcxS`8v24gIxm}hh(^H^a?hc0DNtu{-GSLrulK@cY9Mw?J}pmwK* z;DKYLCy_3?>4PAbhAOJG-EHhQHhW7OO83X8juiSCTqD=Rv=9%X4zBC-lX30f znUu;JI`!zde*L(k;TjFFxjKKRC|7u!Jt8&=C{g=~yR1nIQ#1@Lu#Z}hf4z~Bu8Mk> z`*}G89^e{ok7K>pF-f(uOT@ZAQivry8B=)Z8j^Xx-hb6k)NUP zlrgpez}hozNUNKWT{k7iQ&-iaqOPi^r_P(}shiTvQ#aulPhCK(sJknV(ulWv2;X=; z4oTU(or)tg!kOET9Rst=5NnS5}RSoe$G--jua*@|HE^YVm&pD)v^9I8Puo z%aDnx=WOvAnT2|Lqi)=phas0)j~$bBX`vPgbghHn1xoaGuLT=(`o5#zJIwvHU}B-6 zQqq!XELVAZ)XS*@=q# zVHWwOhS75&R^`loi9`b6Df2XemTD4q%~?dpbxSOwJC5mc5$&IR^hNZOW54kt+8^e) z0V_YFn94y#anG;2CayT|C~HEiy`G+WlGa5DdK8<0#E$w>8#R@;bc%=%zJGK?MDn{r z1p2@U#t2ql4Ie+vNWw=$PAB*P&kTIbBR=LO@BtAB`O{0zO~OZ^;KQGB8jL52j)m{@ zzFg=4{>FA;PAAg?Z)Pkkbb@i;N0 ztpAwiH>C}?>5sNy&J$Lj!ylw)%jNy(=R8~D3_;nQKQhcW%Jj5Rdb0wAV`yN-%!^un z*1>|U^ZY|^-J;cQkoA=|${deo7{BCYF`2!? zH7e4(O*fC_j=2de(Y#Gr9`rU+&72`uz))gu5$s9|d^v{$IUfRKzcIvSGLxs47G~HlXL=oj z!Z9CDNQvnLCZvM zSzGlWF$z#_DrCW&36g^cV-+k+JQb z$S7Alzp7datb_S+>9$xVBkz=LnRSl0>~PgU!r_gKbtO08$2rsZ2McaSDYwxS+wv(8 z0U_+!-m(L;iqTGFRBAJjdI_`XWqtw|TaF^keGa=aFy581DP6IfA#h%!Eq2qV0-6@= zL+>_a`?O#$adU%i=^fkKF72UgY#>SrU+bL5YD4K=?%oa|(!xJs;0q9=Q8$2wg(V7x z&5F$Floh%5ileh4={et&72!|p0zzOv55hD3d%Z$;X4p8f2mH+k8)EvFL;5(RTkDw6 zO(iU3!jnw+ltM`8nUKIzzhv5Og^euD(BM!4`_htiiuVXgpcN^R%>4Bf z)O3_U^(DNP;By-Xjd(m#7iRl1#N zeN@^#taL3CvQ$ECQsF-^{R2@$X5E&Q{(x?KPeb|{tYAJ9)~f_>QpTH@{wI}wR#N(9 zOkbkXk4s7~XZk#q{xYDoikR?2mGC|jj@NDPX-IherKJ8}%KoeLbxG-anLbdZ-^mJI zV}e9Vi)0NHgkbPs3Seub&RHu-QU#jy{F;hJDcQVxA;f@NL!xRQxzM`FQ@U#x$=d6*i7k(5Nzy-&yIjR zaw`4eB&YAPe$8|p>BXt(KV~}A0a^K}^~_{C7_eTx7p3K0n;k>U)n1WmentHntijWg ztikPdYR~zzMs%f_I*R|Zj`c4~s$W>{#P0gC`#-Kfcvs)F%HxHBjMqzbjCDtsb$8Gg z1>c9Z>=xR$dD}#+N+ZkphZO_Nz{@oEGu>c*8!D%YOz~1|m1BYXOqikejG>&8q_>s$XC zp#+|tUyHok`HYnSw{Eu4ta;ILk?b)e3MqKAkUYTw@>V5pv}7Ei1N;T zR|uxJKsO}b1PA-goYDsOes^Aa+W%S~vnWyT(wv6h5IOgW$u_A7PUQ9G` zt5GNujdT?$Fgmy2yiL6mPBTjc0jc-h9sd<#eXCB{zHFQ{wa`*^{PRaD^4$B=(koB$ z1rO$GwcI|Q(nnzXn{ThNP)a)^P`eJ*VHGqIX~1ie&$dgAh% zGfTioK}u=+^BHoVuYH5xm|5a4-Vt!^h~HiC8S8xq{^_P2Pg>~*r5jcLOL3O&+s>;6 z-cbA8Qg?9gJ?`y$JvmX z&PN{O;MN!_ak&q?=`MZM>pJAYfDZPTzgB(i2s8JmzVcV-3vgrgTu*s#QwvQJ>3U^h zNuc}{EyyZi*hTGv?lF3srXQxi_^^;p{1~?YyBXKY!V1~M=C3D$ZF@!Ax6oj2cyz?D z&$>o(APWQ|VUXkqG@3vf44jHzvlT9af)VBhjORcIY7BCOWoHh3DqgVu#} zZrCMu+IJ*vlQqam=#PYFIC+@5R8mRbFb!)`mEN*v_|0_tW=o|{rXyBE!za-6_=3A} zk`FXj`S}u!omw?pk6P(&qasHN7;bfw!`0~Ss}?*BM_DzENw8gDCjm5{zi4Chb<&gT zoiAu!j)kNz8*KW5+6z~KwHht;=aPQ0;(5|6^QVK zx_L>qUff11qSeytP-AAf+5{SLY`8N|UBX5oV{Of*^t${NuBzPJj5=4#s9YER-s6-v z4yh{0&oyS!PX}F?p$Z6CNU7Si1^<#XX4;d~jtPl-N*&eb>1NL^s`z=lieK?8Go;+P zu;4fz5bFQ39FnfcYpG93u9xJVY_Ve}!zZY<`P6!Qz~39jp-3q{+bMoUUaY^${?B!G z_U9x!{Sl)ATB>}{S(G2IO`^5yCG`k@2zPBr_(Qm6L);&NIK+Y7%|&~9bnu7JL0`SB zXJTng(~8%?PKSEyR_ZMp!xnyIu^5{J#(Hkew8@Du(xi1syM!-W6NQM$W3FPF$9%ju zex_-8tNJorPfdHe7P?vjbT2Iu*=wX3x!tRO#tOE1dZwA-wMa0+KSD#=(_uEz&uujRREcI-vP5#X zrE)0kVfh@1l&KnYRYQfU;fo0(ZemFt1_u%t#J1*%|)Dp;fn{x&MtmL<^) zGfQLUV!NCqDzpI;t>_1Il-9Xl#1ZEX9?sChy*ka-vtzb*yLFar&*vSoy}(!xVUC9p zUY6ZiktaG9S(H@dp_C#V3hNXcom28p?si0;TYGoNQ^q{u*R{}Q$(8wiUnCPVDZCQH z2>a$~TG4mQK`QY(+|6^5v1%E<_~vuk-J^wWAgsoxJ`+?;pMOZP_>+`WbE@DvQbS0~ zx9Zv@)LY9NoeV0zM_ZHI!0DI4-I%|fnl2DrpU90Qf0J<`Nad$HZ;sqT8O+7H5`1Y?+ZH!i5LBk z{bAPSTIs4fjm9190zHU+Pr=IJhW7J?;5?u}TS^rPvxgcg^W#0qhD4OI3G{};XzX&M zGuITm&S5uFGAv zbLQWxzT-!e?a_GEGnA$vY1u$D%rUX54<-@4HNE4rot~`e1iB!#7(~TtsCHT>0<@F` zBJmayxYa_RKw+Tpn_aWH0A*VG0Kqk%2zuA~6_PyKh$g$%PTI5TTT@#J{SuYN=-2|& zr2{1}+Pp^0s{FJATy#re&q-f!eP8m_Lm%a;)xwPLY9rkG=W>wTR2uLYR1ip#F^nvg z8pYp>)qD}XtEA)&fT>SuHajs3t*OVjI_5tqr$c_8Q9I=6*O9LMMdgu?52-rkxgmqk z%ej7?Dsa|(uZYt%Je}ZUS{^GGzH^a*Db}LK-6RaO+P9O)5n{^=vpn`G7hMaj;Rh}@ zGxXvTRBwbAt46pdSt}IIIE}4bjEub*S$Qg*)W-TZp3w<4dmjI{?16c!+JxfLgT*rG z(^9FgZg@}GiXTB6X82dq-VThE8UC$2zs~iDxtCTfn=+<@5}hf34Uq|UbyfxHF;&S3 z%NXGt?gf!tnboT(t;2pi*`@Yl-gLx%oGrmhFZBs;6=nb{pp@tZbS&Xst(^Sqv~~~c znYJOk7ZuC&5TJx=Ws4?gwBZU1v1A*((^-QjqH%E*g$@B=_1CDT{>Qd^0Mqi=3Ul($n2?GHI8$uF-)YZ zOFCilN+P_e&wBsC)6$+<9QR}L`B}Cf6Y)y}d5c;!?$zQ60xaWD0U#?AGN>n9v6t1- z+0k)4t=`PmRhx6zW>dV)I;YLd4sABsZ8lygZPwuwMEp1L&$?;aEz!~jt$wWjiFVJ( z?7ESC>&EoM@RF*>P88BSF|TucPkcgn(^V^Nd{<3#maO4zNUYUjT40ati+M9L+nzTu zkUX5}*BR+Z3ZXKE`!+EpD#^bvbR-z!fV(I;d?{~{wg zPeycZb|UjGYfZU~=$xaCX#WR*-PLjI4jgP_SH!|e*j4K;YTYCNWL@}IjA*)6KM`i1 zS3~kSGOun--?}RulmbM--3btr$LJ3WMLuc}|0zNl8^c^HwuJIs^?@i=zPc29pY=*Z z{G7U!d>jUZi`uV-2PfMpZ{uWJsvN0s^sQlo=%zp=a0*(31|?jr$V}@$NF8mvw%66| zqb^1iTOs~Jo^o^=jb)8I_{*)cqaTJZ^@q?|dkMnEfwumBYMMjqj@s7ZuUEgzsXr@T zzw2A6|McFUwf|S^uUR9=s5(Jv>%1~&3NAYZl=vTA>q9ynZ+mk%@zliTFb?$`r8)aN zEP~eg@2f*v+!No5ZjQ;eedy(R-a7j@MOYXvUI+^W4q;lc*sJ6d>|)F~O}i&dc^1iw zP%nqPjF36GT)st?GOK&_N}Etbzsv3SCW+B^iyVs&(zRIRbHx(z=DU-5m$l@(LMYnO z6T5E}Y*m)CO4O{U?7TN3^M>&6mE+b(O}F^Yd#`Elyxr8!i=WtyuC6yXR>3(!__4Ox ziuH4dK8ce#9XGc}07qKN=Jw_gA%#Sk8J;VoaGsDtk961FEqQZ$a)|Vh4sZB&ZUfG=N#PeRhZHIlJDc0p0zlT8t7UVOR0U27%B%~Rt*bVFu_$G8`{NmQ zn{zs}>1=NAohNPnvHmM>ZYL>x=XH+nAN@hiK{`T|IS7LeMWPMwN=`s##ss7jtq!wK znGqxnjI&3LJTGZrekB9*TNxNN4>>0jdsM&kWMH@kx<$7i1TZao6Y{{X zL;ntEeVg>J|gX!LJkD*Zd<%jn0i!&ll~o_O8;zC`~3IytP~2!(M+L$lyq2- zEs3l}h7hupsxvVA`r5M(CkzpX6wBPpgTdK`TF#n`mYeNq$Il6h_v#>0JnDGN$n%_U zVV4M87`(|JSw*)(Dzn5q-(@|F{1CY)%8HajbY*e#uVtW^*}A%qGdb9qxMjf6?GtQY zjH-qcQ9~zY1uu1>Kbq4kRe#i+E5EC@7S4Dv&XarOY`_MbZK^uXmW0TLzGC82pi0t&Xq{=IT9&RHB_h?%2W-j zhl&zO63wt=NhpydH4^Eo3Kpq?1*+f=elJQSNd!W2l9fo3sIUhdSlLR4^TAt~JIk3E z{0!o^pLOdjQ&VcD%1$%=CNAK26Epnsr2u za}TBDcm)puYM?jLmrQhTX27+#^mXcsa{j3FMfv!JLZyadIsY@IFKXx9Fy5fPC_An% z`dFEFPZG37AY@O{7s(rxNIjDDMT4m?Qu4|09M%p4k8q}N4Il+O^r6eg<=FZnU9?EM ztVbUeeUaS+Q;lKN7pa7Bb9R!xi0T^{x6&{9ZH3eq34X&MG|N|V0*980zR2>sKGKaf zi*s!?(K6@Z5j?;`$&}ovye`+#7x9b7cn|s_meN9FmA;4>wE8k*>3Tf4jlb^?vo7k3 z24c3gQGHeZo>nUXvZ0B{PIz?oyJAUdBbKt&Myf+p8}(P*8Hdm~7FTmS9PxaCF&?>7n1w&Tfe;(jO(Q z8|aTXM%MXnI&&Q|?p$ZepD%LuTSS|aR0w(=HE;*5H(pCwBY#Lw!LJtDOWl#+IH#iK zRVa@Rw)6#-D{2k^$s82FLXxdMVzr$#Xw6P(CUifQM;D3m=?N8R89Rr_i`wY1LSfF5^Y+=7(%`QZ zBP*W<{rd>YVttrO|6E7pcz1V7j?0tk`{BP6&-canyhaqXb_Li{o{@PPo|@B9VZ;>c z`;UvlNOm`s#M(q@MWnN10OpefhRCS{!a? zv|4+975VCag8Ly z$5-GNXYKf!{NjimUx#1(OUsw>i|MUL6u-Fpk)!g9dHP6DqV>|Z%`bNQ`#0kk|L3Lu6@Ky3m%bjq*nR6!_{DXw=k`B>Uwn6Om;B;q!qcVXUcKkb_{I8vbjdFceJ}C+gEu?l7mduL@r#3g z^PlsJm(ES_i+`M(;1~ZqC&4d1IQQ%Di>LSdYW(8z%&z&x-F^Qn{NjZou2$3Hwv2C^ zU!44~;um{s34U>oq{XZ>&E^;HL4vjK7@J?*ZGYZ=AJ-WWj{UoZss(ICO5QJ9bzPoco0HZ z@$wtLFbrBlsG-W6@aHi9o;(Q!e#RKnb6z&9JaLrS`#et8<~9s`|J3_i8!ioqzeo?H zQU3D%l}n*r3iyH>@=)tXEl5f2=P~KCEtGIbzZd--q|^@cl};ngPZZc!cZ~ zf2@8ntV+2PSaS8cPQD-fBy3g9=|A`_(UZs|$mS^LS)??(C$fI_Y|(ca2@|W8I}*31F$( zjP!1>Z@opj9~pqsf#;6yi2#(}u>(*#_f99MZ_}M`QU@ z=lvr3RyXs;%&}pNF`R-q2Ho3O*;`_~BSTO7<4gEhbN8+3mGgA-?gHJsx`aVK2T736 zT=5sK;(PW>j_+xgU5v6VZvfPyE@FG$E-hbK;e_BUONzM^55YOATZa&wDgVmvr_x7z zu)+SI)z7B}A~_x=y58j0>NkS($!7mO4g60B-1PeD*@zPb(#yBZI@M?T>`TJqqj~=FwbiHS%5U8W6BXJWeD>!O%fw2T zKGL5u68uJ#QA|F}?sy}TenM05Z_ckteh+WcmN;X@f9;!w-p@Pw+5;-J{C;A{jZEeD z6M1;>WG59+{b}mZpK;QkV|`#eRe$J`&xU`X4gUy%m3Y)6ZZ0}q^Q>K0e*g52^M{Jv zc!OL&6GYW!Z1EYJ7;x8PM8#{xe2{vtRv*1otDl@c2{Y`ofSIlb8`ClLy4UPo=dL+~ z^O;-vQ@?gNow4HJ$k*t5*`*EMvh7;9RQ3yZI^frWbT#V+!=4@EsX_V6!&Dn~xUvY$ zNRwN|EUg-iK9)-Xdg(@v8iow+6?+F&N3Cpk*}BRX7DhwfMHQEa$A;RX_?(**j%sb<^RxvEbTUPSC=->Q=B&%`S8D4I_*U+yA!A2ArR?ZH!3nrI)O1L-QVFpGmq2{k?%3~Ut*s4q`U0( z%3;R8q8|XQEtO;Wl*gwVqAln{quqzss~RymQoAv8LadB_f)nXTbJMQ^yY-hWb}Q*) zJ0{iEnWx};4!4VSHXKOKljN<|ilkMaOdpFJ`q(##K0d{!He@;_ z6fJHt7yX!4CWfBLK(;CLg7ogPGLklj&Vk>`T(BlM6{l+50}`#$GeTFJGeW;h;sJ3qCU(i-I+VU^>E<&$Ki%K zz16vuNo7ouP|Dz}s(hzYsv@tHn?7h?aomw%c)p|?{z(A!DL@1(D{q|nzHar#=>1$~8Z zfwz1Uq;3IMi(b5`@&+X$$OhGL`R2C?H98psJ`QAe<$G_ROnr>@ga! zh4@_!3duX#?Gm#J&D{Cnjk5h|zNj;6UcBGN3o@EdAd-2X+Z4O15HE|w-sZs}={~*s7KTKDWcu-3 zx6vdm?~=(dm~A{R0-V#2sGp6p{+4Hx&npK#Shn8h?EM2vXhmXi{>YET332U4w>dsL z3*E^DS=%{tS5?U8YVx%=#BLP>5UC;^RZLrq^5-VXU)WXoV^n$7o2qmPH(rzySqLMR zhC#KSOS8xCRJ`%(;UAoYVkGb$|IZ}hr6cLf42QlTvpuGE2YGm`0#@OwD3 zSsBlA^VnZGFm*ox{zeG!lL&k<9>8pE%GBFmsoH~YXC%J$LdSHv1Qz}eJ&WCko-JzU zde!H@!$ASSKwzJmM`Y~WgXW4;*RV8w<+s?MST7Lsf+b*UGR(mKFHXL@zx0- zY}b_i6eufT?Te|}gibVsH&%ThBcVo|V4q8{|1Q9(^*9IXagMVd6}}*T2KGIL0s#Ec2Fbi=SsPm_yQPhMk*M)yvnu2~#XkzP;+bmfqk_aH!7~ z7ntrm74_3^+V2pJDa0bWWo)vpl{6uA{z3>ZH_j@+gwD(!Q8O$( z4F@4Z&lXR1dYV}J*vtP2&4 zFcH8mCh0LYdC8jZbhmH+THu!0;2x{MC1|fYr0DQsd+KbmhNggP z!&?!+QGjg65)~%Qd|otsK4Yt|_~6Xz{pH(c&)|WZyShvsa~b`x`O7!YzQE^d)6F{i z@nHZrM|d)xUPhwri^bVAx{;^54(YD#x^X4IzdA1k@(LUBR)O-M)z<<0O-aD)-e!e_ zZY2C$@bvG@PlmY$n0{jU`?~paaS>O(lMa!8Ot=7{Ot2l+`I$X=TFpCRCh}_c-2$0H zY%^M)yEu->T4^0=HzW|bPtmJXc~P&AzxZ-_(X$=oL6e3hlV~ZnSfxOTT*PMetxw;M3nTg+A&e-ydP=MTImEk! z7-OdRqq030VII@p6E;g!a=d!clN-598j(B|$$63*v#zq6DWc!1F8XI>iXSlc<|oUN z;y8B%&3qY6!^P>dSI=@6rbK8(FD-!;etpUc6?p{H&@` zl6m^7Rn`YDLTx&oj#iEEBxb1}1-WXvw{#Ckky~539-@JCzvgMKi_Feap(YrD+^yw# z^YAB7fIkyT@MlT|{@gGQe{P-niC4S*h8cKVWd{eTpauf3WMT2UhR&S$d8PVY)1cDD z@g;u6X)Au0)1e?MlQ16GqSsKw5DT)@)9qSOR`K5NK+N9jT=_X}sQjGdk)P88@^jXe z_?hO>Za;mBynlBZe-uO>yxxdc{0_feeVrpe!{@8iEJOYFx?laC^fSA%8{q=BjV z#HT&Kg`UEp-{B1QY7;;3X!(z?P&ZLmKP-g`lxN7;U#;M;m zQ~5Q2)eQMrQ=?MDi`8%B5%s%#rCsHOmH7MGQks%a^J+8R`Vg;oKT4Z+;K=(|Pn|@# z#HSb6cGF!OJw|v4H8S{piJ>8lM{8&aZY-_CPu=px)c4j!?&ptIALi6U4G&0`$Ct^+ zHLt46I9udrDFgU1z<~TjEc`TvTa{h=Jw9`lig>>tb>1M8eJLGvRaSCyiCV+8@GLRS z8n!Af2?f``**p5%{Q`nlg+#RM3z9eZGBjBe!_^WkwC6u`{FwpK;h%ykDzjByC6CR@|x^pZLpLXZ7P1 zb;-MrM*EL$XZy=p8iRHtF=Rfjw4AxiZA%3okyzq0T73t$fCYi1I~^cB{uw}Wy{Sj{ zrZbkfUVH$?4d)Ozzv~kK2bhS01dPU;RNS(OmXo0#dp#A}g_q05DP>?iLV!SWh!?6O zmA!zV$F#u@GcYA4QaE*Fo zi;LAGR%rMU^@tT3Ua1~S@Ys-^ygIkgO9YlYvN{=iSk~nvxs|qty~gT%r7nCm5=^xujqqgo8i4R^DOaVssAc6I!f-T-8?YrdkO`SoVHnm9PWGDh3K>NT_s0**1iyqB8a+Ppo(zm95(hb0yOA4v(buVNT?_ z@D}yLwOSY6s$NJ0>cZP(e#>5kLX(J%x-~ygo@JP5*2(RxXU&>4xgOIp*x@(45xw0V zJb1CT@E*=O?Khid&GnQ<-SgWBsJ0N+3~BV<_!PGn$Py0haGwIfds{o|yL&Ak2H>HX z52)boDi%Z&mCx}38&u_!@_-ZMV=XhGA7e(C=G{|bw@~>2AAq__qvdiu%HA0I5rf$y zoqY^Z2GeprUx6?!bhZ5rJcEi()Y6}?1>zvd{#L=4?{a3(U(LOxz5U{}YDg2p+|(N@ zvIh%csmNox-YA|2W41GEJI7h1H%3LS^YuyjT1VvwcxlmX!U)lqXZoX`x15wry-54C zU>Xd}Vtw(abR&*=u7=WWdT|ssWLtxW3aU@TYLa%`+2<%3XRliFMH1$)@7X*+Tm)to z2fzrWb-~>i>)SsRDaUHY&$fNt&d!|=6-q&xR;waTNRE&er60McWaOppnJ$pl#-swsY>f7E7UJs>=$h3^1USbG?s@O~}4j}->jh>fHc?kB#& zWVwi&^*UigjEJy7W{tY`8R25rBNKG1G@sOfufetwE&MwYhgBhUp;dWWR4@!($}=z> z0`IgUv&2GE1uh9Qmoa29Ebo}GU)C^WogM)mb6?sh0{Li7V)M}5hoonISNOM??OPBT@(KMwEh<5}V`kr1X9TBsW;JR!SuX-_7jPf;W6rq*todFXl(=!!z zT=pFFgO@mR4*m_N+90(2lUI8^$2 zp!|I;^d#rr4zHP82(z}#$Rw8+76tD>8XIlSMg?8;q434@x+O0K4$nMNpN;oSx}1E3#8do|{^7RATlE zU>5TngFLa9VBY65vxz|MY1D$_Txb2b92QHlN1VJBXi?90=WNtha~%_p`YG6Eb_+(4 z94~7e@$^=YcpY2WN>V-7u$}>^ z$Bf7-g=r|iD1zrR7Ry$X7q+;Ws{ohb9rp87JU7|TM~_>6z}BkBwhxm9mD!KOsM z_6h_tuSJ6&x(D!<{Kgd|QZBpo-Cxj7=PJ*b|CA8TQAPFn0iJlXDV4_U|U#y84X z0M}!83S4XBaLqx%mK*V9?A`LE4nNP*ORse`zXY)RaY`x>vIfpesFV9h7v;DE<4R`2 zo;desJyoEFdZG>XocMW`9HXV7I_2^GDE5%^-`^n(iAf}6P4fy%@VBzC0)KBQ9LIyl z^@UUMGP!UDUzRw+tVQA;8xNsEGIUz;^Mw=zX~lmjlqe6Kv2ZUhI|z}F%Aggg0^q__ z4R~I5EKC%{1wn(ky!$^ji7%?eDrUze-%#u7|mL@T7UXgI!Dn{a_{*5 zmAkk2f3bgRf?40Q+Q02y{hyhiO1@$}TMVKWTtk6E8njR5QV}gAWZ!0lrz9)*ueZN# zG<0qs{q6N1Q+CSUZ+&o6)UC<>E0(3YxzAI&kyrfY+!C$cpcRa7`$vAGJrHj98+Yx{ zLfdSnS7dz|*rLWnhOFVFVT_G|kn^o{+j2ezL|^+lY5Y1ljQoq01>3V{X)xNH{2a6J zb>_#cF4){QO}jlS{k~qHrg-YL<5FJ0y8XBUq~LeQH0|)tPqce7P5hZ`!Z0zKjij}D zc~e!hue`Ccf71LlGJ`nvz$6=1Ag@+^tQ%8sc)ZKPfBMpAv>~39n%xF=^@Vt;(T4-J z8f^iCi@4igh3;jNIzs!+T5dUhYPrlSOC0|v!H--sXA9>~T`D>LhuIqwW)4wn;PAtc z5X|0%X45u!HRXqc+$}HHXUF};`C^T4LcHawB6>*lIW zeAXMN-Bd$Qd2d=rG*Ml~bQ`?uDh0gpbDdrE+<$Sew0iE$!5$|YFPZ3vc8Zn~h&1kU zVB;=&Vs#=S!QE97k>FRe?1%)%vAR#1Sulydc8sk)VTWiI_oJ^8*glzsnzqwc`5obf zBr)A(MX7)>yeA5slGkXm7GX4?*e#GV4DGS-Qm8$>q>x$@+C>^$+_VXWZH}=M7TANH zbm=`qg~X89Z|la1n@YF&jh*|~x++igGk*24_a8q_ckR^8i6wIHOhu`l z2$PT@$oa5%mWjSSP|sNxFb?>l9}Ut%SBY#I_50))h_}XWHkbGz230itjU)5=uuDIH zkwYQX@{h}m?HD9#n5cyR4JL;5?(2?K-jViX|L__(emp=?kiUE%%!Wni0(JaCp1Wab zy%Msup0Ed3Ewq%=(#&uES)9)X-?`XteBm)-`t}c=NfL-j^wZhd^S|J0_3_3rf`yJY zSBwTI0mD&&Z~GqIytK$)+~zND))vqV4dMut2Q(R%7AQ_#^4Zd=A$xkH1zex|jT=ks zA=C{^1O^L*uAr9S1{uAv1sw!dFYt)r;;rR{H2y{o$T%kIN?O(X{%4f5YOS`=BPXJt z#&PpwsZSxs7`zgnL|8WTr&I_tbl-jA;_1w5C}mRL%!N!cPQ<}(Arp+-Y(&OBkn4qG zVf%6@U^H8&UeFW7@Sc)bmWoJmGnX&u{J>qdt->i)wynZjRv#yAik&G-62$&PBK@f8 z1@nwoJRk~%w39R+5K%YfK(EVsc+~^Fsu`s8%5Mf+mF04s-!yqTVoaP;>;QIV^FbcF z+~tFRTy;WxcDKz;%Q6`z3C*J&Cgq%w{iC821y_lg=!qDi%&3Z$m%;w1>310RfF+|zfkAvIA$ue z!|r5VaR|a&JMhl!I1#D9J20@}AuJwKN2W81K?hHRBBYY|D$($9(^(8nOt)%Z>vX-& zf1j4;y0N5C#e5&pw`TPMW&GubWfH5bJgsJR(53Do8X@6#eCFJ~0rRo~fB8SEPl;U$ zsVSOuf}tjT)D{lHHx+Bh{7WIPN%-;0rhMj4C}}Tk@NvW4N(kt?%~uRto{fHEQ6Wt| zecC0kk8LY(KVKlKixJHMV`^W9aQ2n|ODUF?aA9EqoW+p*r9!tSuL`i>t|Z z2}Wpd3KOWnDX^XWcvi2`M($=kxHcW)&noD_(QUWsVo5KrD@=5ocVxQvkIaWa*r0Bs zKC86sw6tev8ljxXxwqMhR+H}3(lQz==ubP%n2{aRk&9+~bIkczQbQKW#10{EI*33>PV(U z7-k0U&orx&z)+aVv``<{lE*F2V|+oNLo^uBjn8zm5-XtiuvYsX5&}je%@q5B7MqI% zUeIK;v<3hDeXzGi^`VOtKOWq|3L`x~>_G9jqUahG+|!i#&U>}Pn4wqSE!<;h?lkU!Ygqw+h! zwq9EJc9yHTsD~E1LDf*8g{F{7YW3ZiAw*#dvTI?ls!9v(}`Rqs{X{35f#?`^{UZCc#Nk6@{0g<25ZuX`oTH{KcmAOn$3c~F2;UUGc1p! z5lP3?49mx3v;?^MZBN1e+&hv=Mw3cj*+t39ir7skN&s52SN0%qmA#=*K#|j=2=aw4 zwJXPm25{#+pvK=JCmRZ2nY8T+mDXfJ~A!q)94R@W6H;j#S(+t(u&DiabzO)h9oI0|zK!XkbQY!Y9^nRuh0sFLgYE5~XwNsb^h=t*&yZIL9xTv;P=2?=J{+tt+EYzFW8U9s z-upUBA9c}Ig356#oniHLWFf9$MIQ$}= zXw;y+nu7s+P|b5g^Tk&3-YQL{k~HS5(iHLE^Zh}Z1yNyMwFhfTQlwB!oCs5mB>Ud$PB1PS|- zL&6@oMJ?-Fj#0~c?U6HFG!{oto6<47) zQ%Erl-QuLUheL{I`9X%OC&oCnoL;mXA8pQc=QQA47<*rOXTM41aRe(=5D)dFGTX5D zKxIZHQJISfy))A}N!c;0F_c1Xc*FR}F5v(5p>0~IaKD;2q%wnr4~f&6v9M+8oWy+e zDWf3LEV5V+Ho3?h@w_rC(`O7@=kU6Exk@FsM1Hq=w!i$h!su$@v*^FWc+YPtPS^U| zb{;JhU#uz?+SL*0${|9*zB8=@{TeX)1fgBky@hTK+XAw+N0F@o)$jPC9}dK5jz!It z5bT8MbzMdNBzui7V}PX-rAuwP5EM!V^;4R(P&cH;j^#F!pn8XLIwuIvfb?`i5O~e6 zbAoWX>&vL#G*Z1E=h#$_;*`#*UjHMg-ns?JRIhgjsu!cV=@A4E`(PJcdw>(YW7n#$ z?yOrgryi|KRik6iVSDPZ%x{EbC|3Vj(lWmlDV?pB36gHVr7je;c353sR(B(+bDQ__ zNCpF19-+!#))rjM6Pkr?i5MJ5BVUG`(|izti?sW7+P8>Id`Q&c>?c4s9x(5~q427_ zWEMU^M;PSbaYp6kO@H}z^$xcGwKVnpWX0hh?~9CT7kc|P>1|o&F*yEef-hWvj%`2VU~QL?)GB{jqP^r*ZBMG7iU zX1)Ei+RdyDdHe7j6k09^qFzb1hj?pm7A(1CGju+~=Rao+6qQ zDW{W7+T`4ZV8lcQA|KBHEa%hp(t@^E{TcJUfLe}g|aGHa2-d31Ju0E z9*Wsl+qc(WaZ;vCfk3pudAo;iPs&^AMz@gura0;M1rKGW@*)eUY4f}G#c6-zyky#c zl1=+#9CrGbxLRq*E|Uh5_O(+pIw$@MIwk(2J0 zba+Ma332Mx8L>|)9!Gq5A(so(p5#TlU8{IGUVD+_bmNh%1UO=U@s_HricovYMWZ9V z`=G}>s1K1%d84)V8dXPOM*NuC-qkVH07>LQ&}O5GRD6PfvBk>m(-jM~3i)}N0a{f( ziIa+x&MmXDG1FZ>BNqb0t@@xv!c$QUI9;o)L1BOSZY?}GBU!e1;yOpD3#vc^w7WK8 zCPY8%0a9x@BDTa#k=RM>6`K+G4@&;{T9mz;Pnb>zpPQ}o+Woip< z6-ksmkq^&Jp2){{a-z71*_|m|d0l7I_uS47qt%ypI(@%)bassXAwk$KxKeb*E3b2O z#ob;|Q`Kf(8jua&i-bDwvMl?n!^8YaeLm#}a@U+WHb@SnO|XlsauRym3BPp`PDqqm z?4+FodI5_=>(6RMN3ve~pYMneS#A+Wvi@-u6)2%XxyT#IT48^!Nm7g`yEJ8&A@e6< zmqxzD_P1qDzQ}Q(vI=LECatlXeHvR#OSKBE!hO}c?O7YbRoAL+L}X0^h5sHeD7d*Qj6;2vvXL@%&1+> zZq&@;uJv|8->Gqw-n!OK%e+<*p?^xLgndZ|eGn}NY4B1YsCrE|UIjSQ38(0;pnj@Q z7|VL_3YDnKl^D@p$(`fue=(WW;Dw zw5y_2h2Do}C*8b{l5W0I&;v7eZQ_1fQ-f=HUdi+!+ZQ7r=#410cIJZLo+7^a2bKHZ zPXU16cp1cY`#Zi!ZjrEP+XO0gP7?0rbzM3hSZlRzS3|MGnW&xPU#JnM!@os3EAxRfzT6rODt{z4e2_w)><0M!-< zuRc^wDsAECd~0vyxQU+BnKO~W&_#u$h(9t+G+aK{M^tVpnnEX)j-Je4{sp}U2D1H; zkuJYkCFGx((kh4e%RjC<&tq6V9z|Hh>E(?0wa)+gpcTG+*^%BcxTl9xW|3X~tzLcbK`M_Va9 z7kcLf4|zKDAF!F|rnff)jCXzQ4Y1^D3q*Ps`+{q;eX!~Zlpm@bGse9BMLfM*`9{Fl z=Zn5KsB-hD$gpmai7vlugC5+Ft{1;-dlXruz#I=Cx4U61;J{XOQ;cq`XwS!@EZ4pP z8NhagwpI0w{hgA@11bUCqLgQ?Tv`!4fc4<_Hg?`)v?RvCXS@Vsl4K-Q4#%{(?8;8& z%K9-~%$3nsskyRMF6@%88RRbeLJR)}VVS3CQ~cI&)+oY;e%w(im8E;i2_ zj!0TJr63EDaY{YpVEXaPy2P|U^1KxC8}pJe?ZEb%2@1AiHXm$vX`w$# zp+dRq?JfO4j|^Xk+WnEr!mrUps6m`5gsMjT5j8!DXoaldZ;m0do_COyJ?<#e@*x}Y$(b+S27S{ zX$5qu%f^!mXk%~}@BVqr${nBUuGdRN7g4+e!l1TlFj9dX%B#UxjV66J?C_g+S&&P9 zF8&NIfSIUI8}SAd9KHiv0xq1un=>Gbx&ArYGamLu-_3x9X@;-(4HP+pTe#2F?t{Uv zav|VrZ*1vNiUrc%k^ymp-?l2&^1M5={BFAG#p_5&iM_21x2gORjZ+5eaqr=s-$$^K z0<_-@5;mdPc0v@`k>np}%HzrqxFD&^ z;E2jOrJb#AsG zN9f}f|9Kpye{`iQw6W?c(x6nxFSEBLLZ0=_ARmJUI6O1x1j`-|dLWhIC|Axopx08g zmWH7zCX8Ia4lp5mM=N3@C9ag?4a!XFxajE(3jn-4R#8jJhv)BA+KX)pEf)rks4!vPY`e=;6 zl)2I+{?3Byr#oow{CsX>9+u^itRHsP)Zt6IYAS@Lo{&R1y}g)&!XH%Ted5uc|I{5k zJfQlx*w2va{wq(FOwbmpPzdu13;dDOr|WNnyq@(0@qr}ZX>wsvOTO~g94|BbDp+(0 zo#nna$!}a=IMr|5(kc4l`=vS;Nbu9Q0z^jD@gD7|PXXQU643p=bYn~U6E1OeI6Y;5 zIs!jslqaIYBB1n%ZEb>YRN z+gtSVPqZLgbDRF<^lUIlKV_|+v&m;5V|ybgbk$ma`KMKn+t5_#^w&AmPv>a_OEqStv7 z-m+0j3j=QDi$B_FAxVo`?@L1J{Iqee`<>ewg2-I44u4Zy@S@zlyc1i@e%orpuU*ng zEA{dN)vyCPlxlyrOAAs3MkSwUJ$mWwoBZYbX1@dOsU?Ts7cP|VxqT?!CT>|#xw3Ec zp~YYye1~O6=0#G$0H6{%X752#@AE_3=A5S0Z&K3t*bl_2>`iTNn5a69-y1wfd>f+FwTXA0AX=OIt9h}%?R%99^HLx^sQWqh}}6`knG86$Y~m` zgv7t3(yvYoPihVwn0-zHxS6NAwua<-==U=#nqwwgw1lPZg`W{Tgez6dQ3IT_YI zbKH<;zhVvcDXqjm(`~Ip%gLhg=xwLd@=X~KqV(*wr41D&FILoi>N2dB?}6SB$CYCp z#n#~@#n$20S>1i*ZPk5RN=hNbKYU>JKu0X!o;mYm-SviTeZS9|er*D9O5lVP>&oFc znP3~oVPV(6c_s_v|I)dQ#H=oDB<}rE8;NUZBOwAOyWw0{^5D+(a0;QB)|nT6qX7*) zPXu+2GN?1!w1q#RIwLQEE^R?bv=}zN%C1RF!XJvhf^b$&KLR-?cWySvy{2>IEK2(_ zELRMc=5ne?=G{33WbuOh^BU!msII)&P{n!Z`kxxSwHkDY6BR zW79Re1D3(~zC*r`FC5G-+fOFn8?{a-P*v)RHA$||J33xpce}nR$@SGG*B7+w+dLqp zKBDUBs5WDw(!fy^nJ-R9*F?*jgw%t70J5MP7}^)6Vmv5Y%1V!f2b_lS60|Y;$bn9I~Fni&g~uXhp!8Rx}>xgrdo?x{Y6Ben?pdq6snhM-%E= zvt(lSViqiB6<-1lFBgjUw7f-ybQ7oLEs=A+miLgzI6AA79HU%xnkrbfdJ6Eifgj-i z>>UOFRKh>Qab%zsJtPvCuAz5&*Lg3<&an&`OqL=4$ubmluoqM9Ud*t2QDgUF@mK7H z_np*UeD_=Fg@pP+8L?$U8L|Q_Gu7_JBX%!V+P!G7d$Hv!_TrvBslB*;&$rPFacjpi zb}#5~R?5i4R&!b{5iYY|{DI4@RgXN%G5W#PN5}&d#dw8!P9BWWr8qr1X#GnE{pn`Y zpX`xw`g73A=&$I{=o3=uj|pk%W!btpDv#DR!QHLAQ51~g?bqzQv{$Cu`^0Xq!2L{5 zyS-b{9=^OQNA!bopSz!G=k5MBDNa4oO|bpkW+dO`7Y~L?WJJ1A^CO*}Y3bgu@*H1q z&Wsyo;bcECZ$o$h-C02%^oTVc$F7<+oZcB)_*9YYN&%3zqNIEr)t#G|l?+8j)m?Nf zA|#328NJxhWyP6~iIYQ~{na@wJkEZERhj96RT=M5Dyy>8zuwRs7IEvoO`vn zYD33&tsnv@%_x(7Ze;d`k$Gt`Mgy`N*CP`iaj)j2wjN(`l$P_^^5S^Qr>K^7b2)+5 zLJT3148UR=fUDvF{CQ*?09VVLl-7CW);i~Ctv{HC)>p?{|IN>(b?7ydnp|x+`R?zX zCWm={OH5kfuyor_2h7HS74F_e^UkPziG3w;K~QmB2QvPk*KY z0^0Jm)Vuca@s|EszR;m|CrMqghm@{^|LLQZH|}r$Cgq*cwVsKWPy1@+Yt~5Ss+@Rs zdL!k;ybV>g#FE!Pi-k5;o~PAE8F}N((6-7mF<9>&J~izbagk9ixLeWWtv?QSR{xlBM*NXSH7n9Q(_)yQU6Yp&^%k2L}5$b1@8?L%AyvLA&ugp=@S?^vVF>%_=3K`8f+@irjQcedMB@Q- zd@z%NA3|@TMTkg4r7A2JEY%_Vl>ReW(LB0D$j_w<99VnJ1m3!U}4L1$?+VG24DF)tyZ+u zk<1zZ5=^EC0E(OHgBa`TYGh~#L^8Ykf(=<1*TLOAWiQYCmlmEW_U3I+#Kk6y9y&AV zH{AleDn5wCFVG{o4ZcWbHl`+Hf%OJ~+%)rzPGfO9^fp9vN4ch0c0{ea1#TpKFiwRjztu@tWFuj+ zlW=E+$}u|LRdwD>xaNZ1_!cU8ov1oWqaJ8u{6F^#l=VU@rW;eN%3;dTZMYU@Jit+j z2oaU1f^YrNC#NQ&LoABe$H7w3b2LJc*{%eiG+21$=ez|uG7n?#H>#RpT+mv1tsMfW zFGRcGg!^>ZzuO!9(g(YnNK_Fm{I-&EO57hBu(?e9S&H0y4p{uHTI zcmsW)Cdgy-4z@f8YXfYXu(5zVp#=ifg!Ms^o5Db=_2!~@bRq`VMw(T5LP{7PiC|8v zgxFKaD{_Ol%Q7JS{EO`XRQs&$i*aNdhO{0?6FbFy)(cFdknxO*?Pa{r`XkeNTOl(i zt)*AO|LLNX^IeKRwVNxFVC>Kb%Q|6EM^|cH*kh#B*Ev33HIH!1mK?8LH%oQi7zE3B zHu$FOmY&lVJMpkjN{)w}EvOhYYXW2-~5xvvFH$n?h*ZTR(6G)NN)4vuy2l*Ly12! zBWz@UY}`TnSVU%Qjb~qs(H(+nLhK%Jm1hO zv#Ykyxz?oP-fw40%UZFeN$eD=R6Zt5uZz_3zUy9lc|R{~;Xdn@duB0Ahb!K|NTO2uO_eiT)CAJ6Sdx@8#={nW#9tiDx=G}9GdoLDc6sQJ$u_+Tp z-e|o?q&03=!Z{I6!^-a32cp7fnzHDT`Hr1A#k+2^mI1c$_Pol7`Jqfw@eGn+yC$OT za5J<3A!Xa`+&wq|-OeJxTIuWB#QlEbw=y?q?WP*}i*lc1TRr-We;EgT+uzZHhcmPV ze-ond8TcDM!LnO<>h!J%mBA$M4pLoo|C8tsV1-SCzto;zyWl_X`EA3$jh;^*q&WOp^WN6h3movE7W*}Vf*&kpnY|Iok46t5l}`~ovn{M;Cy`=ak> z`+3Xoqk_^8yv7$aj0yh`osIntf2J)4&x-@x61C8Hdxq8=y4+<@2y&al>PR_xg*kw= z0Oh?0HZS45vO4g-yTEOegGgEoB=#&WcYZm{XD?og@KEwyip7Ds;|#j&x;C?Ovn$whrj0U>0H}T z4#0>X(g*1w&6~vAh20g<(Upy;eC70_aWLjK=#?wx%}0>9GV)5niwcJ9pFd+xpGzMbab$`a z=cZX1O@aPDX=Ri#Fo5qFC=3yVlVR8HpQY22X^oU-6p%vtW^f-7*h>&t9VIlwT>|UA z-qS@b2VRt3%jEZ)&q^WPZTxzB^Kdb%V>u!8JL@PhH*r3{?<(`v7j~KXY?=8gj;3<2 zz&Hbv64z8~2P$#o-GTCxT zHpC(XT%B$Ipe!UOLh+9U$HceL)J1ZcwW>0j1Y-SB536sK_C8%M)_)0e`2o|*H)4X zrX}1qcM^@lkQpV^-SkDue$jL_U2x7t+us33DxlJ|o8zclm0uTBL36+17P z{UgVmeT~fiLt6BV`Cz0p`qOg0^_X)WEOWktU5-SnI#@`^d@n!dd_Np0@*ODht?fGB zi;g+pJ7vCWks2`lGrGw1ZP(FJ@H~9awST#S!kBDZ!li`GFk2I>vOqp*psS zX`(Y1O*!V0zbs!DUZ@*v_o!L6Vd|%^Sw_8K1 z?*Kq($C1!$yrydq#@i75g& zmWZ&9CCeG8Qt}$%R-kNu1Q!xT;Z#|52LTfe5gE5?vAEXCh`Ebp#N0>NE3K0McHa;Ug2E*ICOmEy{=k8pjCa5WThmoW)o;79JqH8JlM zinjaqZ5(ZP6<>OPz?W0E@a2rp_%g)e%Z2;+a>>ElMA+Qy86uo+4{<%?1aa-%S6nX~ zD6T!v7S|!?<4S=dE_rk%@~OKcKWNO&$BvrJQ%(s&tyP=di^DKDl$sOpYn+)kpG@1Z zb^Sb`EPwxpjjD*kOR^19b$q8P?`%|m*q{z*E?wiV{z6s!YgyBb9~*-D2QtPd4zC*4 zzLE{f!rziF%}dDB`s^Za6D@98fu>Pz4koLQ%J(+%I+GJO$S00b`!sIKt1&Titk2N# z6h`tv%EG)I=ux_Jf=tyM7NkxluBen;LB7F*(LI`O65dMFU*i}|x=996#4UvUVXhL_ zm#BY;>qH36ml%4+Kz*W|<&+nqTr}cV{9A{AtCixPl;ZF3Yd`+Q@vmi^IqW5>5hMRO zj#Qm%>8AtJ;$O^_lFT9OQk0{X1|o;DXBGv`Q9l8ZKnc*+Y{!m{|fNIEMDRi(j4{N3fGQ5|aR3FgyS`XX+IhVnWs~R(=XvVY|-gkwVb`ObY zW!1d}#0w*2<%EcK>nF*IwOR2wvSQcc&4AvR$nlemmLgpQA)`Gz$|12tF(c=am~Mb- zaGb8aYCA>IB{os+`#hg^`H#^Y2NbJF1@A2+IG0Z;xUn36ZmGnd@D%);LD7?W(kS5g zV;ntMT$hNTDFu&GQu$ZG7;*Jks#T-Hvcf9Q{<`{?+S5@3G zHm)E_L!P3#%wIaytITNn=TzmcD4ks?66|uC2S9T0U5d!OwcAvmzJyRrzFL!1%(ah` zGc`?gw5A8^@pGv7*^GZ1a7*AE{IryOUg^!^^Vw3-n|WjrAy>s!V@9lzC6E z^Bo>7@fU>r)VqR)v~UAJ(lc%`&3J~`3u-i_nk|L(7Qrid=tB&IXOaV9EW7Y@J^S&% zEM~3bXm~X&nT9@5^_79hPmq@SDOVZ|`lnbtFc{h))WK?a0S$xl*Bwy0$35AC-enH! z+ulifA##Ss_!?*ocg&svVRJpnh-qORiwS}wB1^LZl8;i^5WGTTdWn>f@3+1S9hViq z7l7aNaYW-&iCj(Y@#f$UD>0BX z#d1L|mJ4*TT(FDf0$wZ^^kQD%v4@~_KO-s;a|hR6)tA#4WnB@^$V!yv9`?WpE^*90 zn>d7D<@N)YY_IB(B^MOVClMeIhT9Sa+>oX19AJo_h^Z7D*?W6Z$+XWpYnEijo5;tx z9>c1`9M}{(QE+1$3JIZ*F=pPy6e?Sow#wnwiQrIwr8XBi@oGq|_`}T4u?eA`P^y1m zN1n^+v={h+Bt%t8^m3$O0T5H<$Q$G)q`i~zQ-sd=U9q16BVc%G`VtDRo$yfXwCq%c46za#{1m`X z!enE1q6sk&i4{T_ox}5h-k=RPd19>YOCIMagvpZ-a(W}J*|W~@NxxXVA&1us??V~X zOnPChz9I2OGJdqD0Si1ApmPDj>AcUw^#lkLfAuAIGF4or&n(Qwyh^x6pWYboe6Q5} zL&V`Fn)Sk^c2HlFOLHzu-gCt9%@*tO>hTG3StXuOXEZt;4sYal?kp$}J+JYaQIieI z4K5tYnYxjN?-jSeLD1aI4U1NxMz#L6yS*Lr)GL^$+y)b8WF6tvwRlxV*rhIH3dAC; zi(?q(HvD9?sTt*(>(NKVoxs3Gg?DmEtGsM)=v42k1kNNSN>K?Ctyw2AaqW$UNvuoTL5f_WuL(dpT=N>s*7DXE6BU=fgl!1w z3KhT-6bBY)08$!fj;3aCaWg2<{c>a2QSS^U~ z=^IcivQVl&A`VvSJ{_ghO*~b$sIP28=rh^DhMK1W1@WwAyhP2F$XjfbLbw)w#Lyyn z0nZ0Yjll;Xr*4D@0&^gAo}33j+`T6Y6wE$#06##$zc_Chlt_e~*S*GL-ORf$@%O2V z2~J@OM);8>=Xp9-0V9cjFpehz7IULqC%#*Q7Zf$p=t4^jQv7A#&)fl#JZB~u981AIA@GZFwIZ4d^V`f}=;|BJ zK(oXg;Y$-&E(XJVprMN>+sz=b$;n}JIP0&GbYK?+l2Z3R@+C=ZlmY>i9$@6-DEy4Gv`nDiX7@@?-8>-U9`-fJ zzvcL!Y$N6D@xR^fSrq8Es%Z@5wazFS9`C{Twyjwe}1m{%h;H+mJR-q`f={ zg4_v|aI;8Qj+bz#p~rw=bMOMjJ$jvcR!=qCC||FfP-#u20WX>yAuy`26Ix4 zpe!n&VV#yi@_U-_jJ*5OzmHe4ml$4)j9OY__)VHM45xveKYhYyXr!a^yg=7nVLv7) z51N!#0RHY$esG^2<;amV)lcM<2leRHd_F%ADzN>FwGnb<*-f9fQ?wPR$~zpo+SPQr;K%zZjSM8n zFXTYs)o>oAJtW^lnsqZJ&`eAHK0v&5Ii=ku(!Rz^gnS)IX;+D~+4Ny4C5#aX^C_W- z5>^Ujn6eS%0PEmAqf-d1hY*v3z!#4Pr5GmhhIV3;4+;1@@C!coL`Rk9hd)$^39` z^0UkB&pr}QW+$JFu%Emwo;;m=GLWBGKi)|3Fs<)#i4U=3WTPLL;F$H|tths)sKku^ z8Iw{0%_|4(V-EH4_^Fhoygg`@<2Ei(t35}E;(I2Gf9fU)*IB4gNn-10x_)wUq-_pS zXS&YKFHCMin|SxhTut3Yn_?j@jEmABzo{6`cmu*#r=vohIt_A(%W- zZXLP-Ff@;KfG+3ru9E7p=tev|UDY2a*-r8hd^@EI$Qr$L-HigE-Z}oRP>Zr@4~b&# z98|;scqt4o0EqZ|14Y3txtgQ!PNaC%CBg=gWA6%6L*eU-phv9pjx1+6I>#I4?Nxfb zVV>oC-6-M>FO`vbWk6n$A4leu@p!qwVlKRx2`OfxikZM-vJS@aw^PLBqs3ePFVt6d z+g;n*|JRiwneq{8m4P?>uhvJ*Gz1Vl5gkTsm4*?VeEsMD&07AC@!bC#^^J=9)`$A4 za=VdaSK3=yH(W>1Q$7=8@Ultlf3pStpVyz459;p|JDiInTE6xAftLT`+?ZjX-2p!;pma0y)gKy# zD6N@6giQf`t5^RZV3g10K$HZ3BXM*CcIiO_t>&x?n9dqTWCV=S5TN-6O~DTi9jW4n zYAbs2d$O$q4j8xf2^znFUKC2!(oF<}I#2cNSE|>d&;VH_XoD&_-tR+PbA2;=Rf)`n zQ0WqaqSTxyAU}Wf8onBF!qwY+dP7iOO>j3Vk05Cbt$S)Sowh7GHc~10c(u#^IIjj+ z8sSpR7|mffhx+t-5`i4z@eTzpnXYXj9~3hZMd|Ys&QqXrdUVa(d~BT z{PWg8O48G%)Lq>ZqDNm(l9zlO^z85fSvXyZkV7MXHSlBBL93f}f+E9y97gKXcp*)XC@8o?larz(WG!{*YZGsmZt`|`ZzaD+E@C(D zqU&V6aKTbYUe%g_ZS6{gE(?erz5zb)#Rz3bxI9KH-eDHYfP*mL#6PWBzD1r4pd>|2Z;ByU;84N6)-A#W)x!6^%EdMDbnZ0pP&;iptb9I_TJE%b*tg`XDR2lX9P zoBpykxu}g&J(_&}19V8fKrxJb^%T=@4@Ess)zSw+2iDt;4S5HPj3i%DLy{>7w`6=D zL~@IL1_UvHGd87a%h8+CY8yI-8m)h3qaDspYqZ3h$^DCLnElyl4U^7)qJ4hP?L+$c z^!5R#`Fdt~%eKwjE_y&TQhYKCq%diLo5grYYa%7Oon%sAv z6e425L3*Yt74IRV>XTBO(-1lX4OpMvfTV89Ycu}tLu#7WSE@?@h1_(JT-l zaNo)Gi<$#c^g=?8Fx~A90_%tNn5#tZg?!6vaAb1XEG=H+VS);vfpihO{9(f9<0Vp? z;34Zx(0ZF&2&b?|@y8V3Mtu>TWb}v0z#fYZts@;VEf4e(=gcdwk(idHNT7p?YA3u- z31~^xy3kI_>nGkBWGB49M=Xv-In+AdPThS<(gohZt7V#_Uo!1WP9uD&L!kR4Z1(3r z>}pSQBYj)8c*_29Wsq!ffD=XtHegajSC?MErT=Vsh#Ns!nD=rP){0-s!|czIO8CWW z`!qS}DrvxxY2S$%xZX>a*3qrpcMz7Uc|lr;I2ML+yIVCz1L4WgpGl5PpaZs@of6@u6tKr;)Lt;q7Apk5L~mE(M|$`0&5*hTsIBp0^MWiww8s zh>3?AXPzbd-8zk%4N~Z29%--5niDXf%F3(lY|nWjNhc^$`6laQ?h~Y)FVaZ#)MTe! zWWTq=dc{t==j7yjPuOYQ1QS~K*$HP5bya+qvAudUy6-SsPBkSbG-ZXW;rm zU308OCh^}L%*{%-cV_=#WQRG%tww&96*|LqCRSCDawaytAn8mD+YCPaioHahh4A7^`vqqb>f}#^pAVGZC zPc_CBXV^wcyS>LQ>&kA={?GOS&D6Qc)bW>}CXng4e2uNKTD6jT=&uQp)jJwkGHasqNA zJ<+etmv3fLBz)*@AkHN2z#7|o=kbD5*sb^!o0r}`KE+G-AD_uf>1@M{WcHqTJhRQ^ zxOm?X-l$^Md99-Frln|5^=756hjFO`=MhxL9ms8tech+FQuFEMYGZj2nKFi)kwE2c zwW+)hBg6{Ii|~6W&q5~cZ-qJ>1dBCon5m=(T}985*-$j=I0 zg@Yl+%|Yw9fCKZ$-9RJ!s#w6wh<#MyY8#NDAS+Y`F-nH)^3Mf0WA5uoc-cJ8vp7^kD;j~gs`VcU8v1x@ z!D9cDN^x+hQaq_%DZXX{@MnCoFId7p&I*D+tbw8?zwl7sKzBAoFy z@EKroc>tJ}$d8WDWgO}F;~W|3*u3m8#UhKebXOw>yU%iaDJo!AqQ4s1*(!dg@1J8| zVwR7!h7XXveeU9*;{ch|w-S_3xo-lyql$|Ch`%!Bntn3aVK1OXmEJeXxk7%`@&b{j z8MmlFw4plwz5E(SbMRvbU4tn(JQpf7%x3B3lSN7U$^g#4v0YA0AC&LYL;3DN`{?|D zF{y}+O(;w(@YQ816mJm*&O`m^Glo5);jmuAxGo4W#+%OBV~mOQn9_nXNcFiW$|9vT zp;N{f&U!V{=AJbG>=j>_zMrN9GVV&ryVk0aU9Cu#{tc8m`lmXAj(U{vWY9sHUo{(l zDszGk>^PhYf{qQ8=A<-NW?DB&LqF8JIeie)Kg3qLHT-O3XZKJq2pyC{Ibod;AsJbf+^? z$s~-8U=hX#rcP#`1Ea?{!j}VMfu5a162!XET5Xi{exQ6qkKn%vemSjq$_Z0_M* zi0e2c6E^I}N@zWPhlGL0kv|!_`z`K%>VZ3D67H@cjgfHGMze%9MnfW2ke=~e-lQ+Y zn{S;#PnM3ylXES7ER-#0(f$ihNUugO^rsi@AD^aS*=1!RC*`;!##fM&e#(y;^|1Ax z{#9x@{&(~j9ln3zhg55I%%w|xLE86*U*#^&Lpw8{z3Xi2ikM@m&yU`N|8ad%T)-r8 z*PjED{=@oJE$7d|1)V-*my83ZA8Jp0apZUyUDYq&I^};+KQq|J8h(CP-*>V9s`_0p zOW3xk#$Ea9f_BPcrnhla(9t*wf*Ip9wP{qolu^4AikL6$@px1Ec$E9cCj+#9q;;kT zNv3c2VB(n2Rel)bB^}21$z9}E$@$@{V*aXWl-TYF2Y7NP$NnHRy_rI1P78QqbNchv zk|H)l8nC6qj?ALZlMW&1%*A%9} znlZ8nAkd+7tYwJ?K^7Mh{E7XXkZ_0&PoY9WMgu_=`LcT;((0adT^@zY~r$gr0fgf?6&x4R{@J+xzX`aR~+CN*Eq8l?I3>eALL(<|S=@tp- z$^C^fy)mCG4}zL8s4)=R?WB+~xq(Pie$aC$bn#fv;1S_{qYd8(H=k*Qqh%anuxG%I z8hBP~%8=vOZ}{Y_P%~r;g1^vpM-fQ4riZXO3F(focw( zh9gpZ2IF7I921?7y|}lJl26WR3%uATlXw9DKJiH4f62$gf>pI$h>q@Kj=(nYpmoYv z+n<&UoaEA7DSujideHubL9#B0y~Qat9E>fsV)Z-iO^A7a89pkE8?g$ zx5_NjL#((Ku68`Rj>MN=^$XxN$;mo+F6 z!p!-U*Bc<%#~It%v%P$Bsnn9%n8}PTI5xA zFh_}ul<(&8yQR`QJQYEv_2dzcvaULqtwbEjZ2hMCgx{=e@m95UBOiW#rJ|WgIA1uF zFN@96eC8M@Q&qhwT%y!zn1&}j;WNE0RR_C4l)6Ew*a#Xf5NArzHmfgrvLu|wa4d?f z)Vd=eWHj}{hI({%kSr&C9eG@zs9 zawYSF=%V2e2w)o~}$<#I03QiTol`wIx?{iYV->cet z(V6jizTmMCnRZ?+#v!EJUo(7#p6E+@EEWDu)0~5@t?1(W#^*D>-%@d8kEi!^ z{C=+VKVJ+sfM}!lqd)JFIt^p@M-6259L^Qf(gU91$28Hh^f8`I=ElyJ&8l)dk*~xN zdG5+gc~!)dg?*uvLEY_4$)JAg%n(#j9%bK(Jj$>R_nzfUJAqST{3aBUI)A6+Q$jdZ zgn?6>CY(y-991}_Ia9)^xrcjY3a8F;ri4>J=5!EFeV&sNC>+S{N;qZ96sEBJg`^DK zI|!%#K$)67|CXIDWoV1138%X7mlS_L>xll6Uh3DuUsAe%Id&nds0I$-dAd<}kL`f1 z8P&8t_cNPxdOzQOf8srE`-3L>;P3oFhj=~scB@}sMPAr6&n~6rC&swHhYI+haOH{A z=#F*mX~Xv%v>o;2?Dsv=VG5NA#P(N|^SNp_pQ}bg&+4otuLhhO*+$`epE2S&GN7#f zlo#(gkTV}vYGMrPx($Ml(S636dF^HW+{z*nn1qk>={~n3PIKa7pMHoQ`iwi>E)wPy z^0(yjP<}J>li3>xf=}^=7xCEv;*Q~Sioz#rdYpabtg?P^9BTLL(C>{#Y2(o?d21Sd zZa2Et$+lx4xR~`QR}=>TosAIwQj&F`wx65H@#&yIkMpY}CWqLDj>$qJtcTpL`0r)y zBsH@O<-tpuaBBMO{KOnUznMD7)5iB<@>W}unLG<67K1!;c2(c#b1-?1uE_gi))B}{ zHaxWhHM~CTxu$OH!G`&-xZ^tfXC5SsE`5-v9i*MjX*;cjc0xcV+-@fnA;G%dz8jg! zW4xVqAE)iJer_i$k$DWU6Gq54`q>E;l93M*WtUDiA8Kedw&D~N47cT4~}6Ld^KzZ@O&p%Nigj8AU~7|K|)@Qd==!3Fx& z1&$_P0nLdxos^- z)G?+P`r_Ga(OY+WW#_z%1nYMD?hTqfX`g3ZYbSkxy%epuK~A8y$1d23_4XS_7Xc+- z$Hd(sprmUvUQA%Iab;(B@kO+YFXA$5T9t0(HC(t{-99Ldi8{`AU>={ol9-1gS=Aii zv9V4w2mcXGi;h-D8rt*jpg9#Nm%AoUUF^ll!_%(RkkVNH01sQ8P(;UZeCukAtNLB} ziTM!S2ZrBO89tT#rRWC<88XPqx#}CtV)#XcfSa%uJDX(>PZmrxS@mq41-y-O5VT&c z*y^7|&os}$*&#~AX{Hq?4QHZ|nZmPU_O0N1q&`RI554TDBYhZm5Of>|t>=FsJI&1v zxZQfhPB@Db+N?!(!nxurYqp(mq5R}VPB>EgzL#uYLyo&Tyw2dsYCm&yGd)x8g$w8t~dqF_Ui9zp0AV|@-Z{g7}jF9 zeJ@$rd#@y4f1<_pVa-jxW@m>+M?3c=$A2jAU4GIXNU)ahoz!P>PvVe|`J|N` zCMyw|dMJ1vMhd`WM_b^6#tUp4JA9TKavHKp*l!gVktU!bKasYi%tNKGZW&_J^&D40?BQ<^d-xjl59*uVyEDFLgk3A6Sv)$R?nDRv@nVOsa$bDDR_0zDI^8P^*DJYSIl&!sC0BCE~V>x^7^*Ck})}5X=SG? zIpQFXOY`W@Z|Tof^k*#n8BTxBf!yJ?9u%VZ93CSR2c3!iI7>?QS=)S2^Ax)l4DN+Y zY6#STyNI}J7I#r`w@utF5_guk)5Tq@xHH5ZhpjGlnc}XGxVvB66^pwE#9f)Vdr;h| z;%;^(zH+ZtA0^nm)J)U0z+0NFgo|8oe5_w4(nSYlJ&B4y{^LTSFEb zKK)(d8(-~Tg5o#W znHA`~{ZYkd_X_Qzdn?_BR_cO$m zy(r6{w*Nvj7BpZNVWomXvxa06)B-4u!UG|NEFb8<^4gb$SCGAgT;=fsgCN?^;>)VJ zJ+h!_X!4U!iYz;ZGfPuAY-@Y4HDHd#Ne0SW-M?+ALpA%=sj<(qRdc@EUwXj1oY7_a zHN}a7PV%^baT)YrP}(bUr9!4v|OwZ zfYUXAy^u?C@w!q?!+~DI!mZTI!aI;vw)>46vK*!LKF^n-d)3JNZCRnP4KkiieuN=K zD!*u)na5CdwW)zSh3p@(rVIyK&*!;eah_LM(%@G{e?%)+B=(cH3RtmEA^BxZL};l@7r z>C*bhoe#L7XI+e!ntTsXusnPnC!^UF3^WwlB&B*cD`G)|F)1IS0Y|{I!ONIVP_#h< zIqDBPRDf*gEHnvX>}K?Lk>40myUd~K^Op(&4$c`AC&;R|$+u7xh4a~$M5cTW3?Ckk zH;1i2KbMo0XWubq9=q5Mui?WtEUJQg;iKE8u$^pvooQQ>q_h z0AvtHw+WS8{U+1`N3$=Kx_)jWQ_ej?e?N@ED0n#fyBX`T8FX7;e?lEDQ*$ufJk4ZQN^sAOY6*sA(5(+!km__S z*TELdQ44>^J%xH!0)RNbHG9_SJaEqDPV?jF3%P@{&KtRNAv!xcpJG_L7t1Hy>=a8B zo4&v2adVP2u%_Sm99FXLC|}J`q5hmQS%W5?LRKVBApXbuZ;AJxVtK&`9U|_xfNZM| z4Wm{kJMdEC5#Yu&&l)9S67bn@-b<+6P%KWNNYckUj)`vpHl7?GUc*f)?MKiGN=-Lj zOGm5$nq_#8m(loN=o zc2$)1%bB@NNPolmKEvxs^bmK9$E7A*Eik2ZejO}}=6(YM06W`#)}OzZLqs#?FGb>W zhX0L7Yfd;+x<=oU&eDs9keg2luFcSYQBUz0UAW|@c1%MNVcI6j@M8k_8Oo5^o=Pvq zZxOLO@7PbftOo0j3!s!G<5eU0zG{Rw=;I2Zv3>^%Xeac~%pzlmMXU+fwIqH)=R3Zy6RA`&^7NwDIdWr+FPt@rzl*V4;OxJ#-Sxbhh;TMLtyz=+HH52y-oKIVM&j-vS;|C8D5dxhNMLz2B|y08I$LINJ|!q5Pmym7 zI6tXg{x|iNX>IidlvrJ;Ef*hMAKP`?P9F045mlHS*7N5w*YhG;&y6>UrHln1;;*Mk zi4-u%#a|DOQlh8v4UP@BmwDfjF%ClBWPAfJlE#?*WPF2zVD=i-YAx z`!upvj~sT-I=OUH;wFFT9;Q7pQwBpm?4J1*c2a~jnX268+WlD`=6(F?`Sv5dfKIus zcTP(l`7g%LZBv!Q+rLxpcGlw0)wRH>#oR~&Tx4yy1p>BE-?aYF3l{^p=>Uu+;8_>m zrx~|Geta#tj{<7SPf-<`@sChc8_*uKpUx5}F3p@@5A0qUWHNMyqHyJR2b9sPAShDx zjrjGx20))5XO{NySR|oSd;pWYJLvgFiBKR6Tb8qkCN!2VT|sc|_WD5kDleq-K{HSo z+SuqPkrhD~{otr4{zQ%^pl`4DiX)m=Z&Vh}W+kq_h2F*K>E`cKr>Ajy`1CY~Fa8#x z0C|)K$6qj4`^hAT+)(@Ve+A9?0Hlkf?IHrvh}?p}jqMQXCYno50|8$0$-q-u(7f@m ztiBTYsKYmUs~>}6&mZ}NY^8?G{V`o0A{Q$B!S^hRewiHH`1HRJi(wy5JjSgGNy)EN zBL@@hipZU{?yL}mo$u1Sn49W>+1UWB&R(EusMZvT5rTmo)@>lqmegnPIya-~y7)T` z?R%hMj6W->rTKv;uQqEYrIUs*tu6n#Kh>7m-*8)=^G$kN221hLFL}o8`6x{-V*YsR zJbG9(M55UHqg=`r97I}d%K4!LC+!t`;#Q>e;FpBB>kph2*bfzh#Ov7t%1F@EbD=2a z1uBMVcylml*ur~*`8MIt>`M_INHF0u6X}FMG!!3EY$loOV3BJynd|kGt8lz|qn+#B zX}Ny)HRswdBiElJ*TguP<@UXt<#ov{^O0o&a)(>&{C<^|-%}#L_rFfh@1N(f4f*S5 zkqx;tl-^;f#XPYJ{r1u4!=*GIo_qj263z_9@rE_BxT{&QgS-oRMUHQb3GTWw-VUVEfZ;4kJ(OR7CaGx+Rpuk&g<-vQmg6s=@0O@|(9wt{je zLsZ;-)00G7o)9g29eu|?FP>nvl6=+8cXm2c@6Nv3}1BzcL~KOMj@CnGJF$xR^!?Pp3-6!Br#YiLXO>CLH%0n?;*~u3d33p%Px&5+AjsGg@m$OY99|2D z7HTy<%|W)@!zIbVq2jkh3Cq+dv(3aR^gaphh=K}ZB2kdHrb3_CBSisiFOw83?@%zP znNtgHxE(#pu3XkyXYvf?uSQt}Y12#!FpM6;xb$MFdDcqx%_+ziBL&B&YN`Ke^1aFD z+N1Xub2C`$$1jORV?x9 z$dT~iT227d4&fbyi}n+55&X;YohkTL>Zc8zj~#S$gpT@V3U-Kdl0M4FTS#HhDm0@U zhrY^6NG>w>!+t}{a?vYAKA?#_4YN-rEgTM+Sq?{d7Z6)nf%ceJ&rNKxmEF6TwwTqx z6d<8(H%Na~(!=qjJ5i+69O53VEULPLBo!;g9n&~c9B8ZmhBQg9QvLt&&D9H?HsOA3 zUT@KiN=$4sCMSBO@X&@<#`Mn;k(R;_;m<*S8IdovbU4}Pm65%dnOihB3i#9k!%P{nFFP$M9#Yx)~ zVL|n%omP*REQ9Y-_(glRi8KfnC4XVqa@?>h$)cen^Wn9b>*a!PSjY?cJG*4nKjLZ3 z^&IbYIs{C5a96L60h1;UDuPbm@~qCy^1jaTjGm_8Hx!EKd12jt0y~O4mjFjBf~AQE zzlBwXQwUoe7A0{cYU3`5nnZjel6@OBWG9Imin)phY}n3*dO9SaB8?5-*?)EE0oDAI z3_Up;uB^y;jq0llX>My|; zcC;kZ^%TcXuNI*)2$Et$d>Ez1aS`lr2<4r_A*hYenNm1}RXjSR$)gNwBLG2cZQq3r zr2eN)_LJxZvcg=tGM6g~Y#>D%AzxbY6MBfpGGdHh-)jY+ET_);0e~4^jK8Bi$!#!& zRZE6I5g|rWHSWEPBe_2$YMj;}?9%}0E&rRAAbeRSND4n@*xwPGa#;2*D z&aIboq}Jo?fm}*&z3f!$&1}f!W@&MYz)c)O!}BM>8#V224#dE*x5%e5ma0Ee7#3zO zWJ(f$pE0-=YAFa}laaUtLvmytvEJ2+mM*V-RXCe~UL)DUc8iOBN5d96Cek(`+15TA zV`ekDel=muTwC8JGg}cq>69Zi34XKeHobY$n}T05?iKZxBZ%7Nmod>Ut1(vm6xrxe zrW+dCdwG-!mzcs4!*s<3jH&`4BLG5*!%rLVze+C=j1=z&+wr^JWb)@`d(xg-U3?6mAXcXx~AnqaxSO^c}e2J z~8D?e^oW&_i#~_j+l_wh`_Ibdpw7kKst*rVvuO*j9)}@{+&OEPV^$63Og1 zu+oQLbuqWU{ttU@hbpry#RQn(t*cgu?r-D>HG;3p%f3^h=R+<4ZtjAM?TJAefwygL zPcs6yIakhN(4)U8Y{Z41Czp{yV0OmDk>pA`DbT#ak2A=9@m(gj`cjg=p1=wr*OOm% zQRkH(r`MTcyK#tKbRXw)gUBbko-`Nj>wH)wIP&-F9B7GV044G)4iCubrmnKTAv1eB z+nzGpd2B2vrw>C+AI8p74y6ZhOu+zSHE+!y<=eE*`HW%B#?{SEHS$l#%;AL3 z>8kkMJGw0XzU89$pU86`7E!y$nlpQ>sh3#Wq}l$`-JMEEb%|}Q?~`3(uSZERtO>`6t;4)dMM_(O}kj{7GyI%n19_N>!(o9j+#; z6W?`Y4oh;DAWH6Vu6RdIfnm%tE>Y{c z#NBU;5-*bznH|tEvz#HHzD8r`#iW0QV=iaDEGNNyI1fnicQVUJWj^wlGcS^v-zR!y zaeA+$@;&>Q^KE`hTUhC*wvJGdD?kCF=$){U|00qw(WAM*D@k);3PX z7UtP^`4n1hgoWQJ)dU~)8JFb+Hh&%PY!d!9MjM3yOkbAgGkW}hx^L3$B`!Ev7c~?jCZa|`v|gvcnKLxs|8B1-31geR^RMBo60qN-i3?z z4TZZkW(8gs<_qe|H2Vi>`C!WYNa%h$f6SH-dGgbrV|h*YzLDl1{m3ZK%VtDX0J6G;xwr6p;8Xgq|~gs_#9*?YP&Z-aWy9TeCYKWW)IAIlaOP=kbhIYuz?v% zBsW#jc8va0@^hv(Rh@v>9Kb4N$*lBc;-aWcqXlHYX*3;PXgZ-9vA_$eVAMdE0*j!+ zplx`*R0d?|SEUSdXv%UH@{0LZR`?`4&iC;^uSmPdGEhoQJye#Gj!#c!Rc=Rj=avON zL8<10D_KWgnGdl(S13Yym>|v*z#bA1eE8)>;hw5Fu8+0yF>=d+Bx6(`z29QBeN-_; zh^Zy{AQ~?khEi1Qb@o{gD^e*+Vh^AXsRhZy!(Qu?eiTfIAmf+2!~LiMxKr`X1v%_X zBwsUdZ(IW$W;aYem#TU{C@@3KWHi_e^d)2|#;Bp1XKz5M0G0UZm|d0>DUzja&)Yxa zSvDJ7{nqK!K9f(7^KW+^A+9odaxp#mIX|&ZI-d12g8co~bH{hm&&WmuTisl4JFEChP!i6Im1Uo zbe?9Lqh!)BYh;grsLL_vgf=3 zV`AgIwq;`5@f!P4p3adrdk_1PPxRQ3O;11TkS&>524%?PG{ZeRzvpFsH)f~yaU5>R zmhG@ly1}I%qZ&T_K+H2}gXbrT1jOZfT&UcFgwNc5BbAD5$D8cHGywlpir`#w$2`)DmMPM{h&&Y`v+vQ)HvoR(rTHQ1?di$6!vD5wSY z#~&xhiRtyH+LA@A^V2T)@jM(N(-_8JHj}-)@^5@D!l6glXp3!;&6XxOIs6+a^e7H7 z1979*<3x;tDn99wB@+Yi>|0w7khZaM{Z*dJ%H@tSH7LqKf*wm`FLUV4w4LNZCjmj} z8;p$k0iyouO`(equN8VPK-Xt$0kR3e0KbY(#wt{hwqR}Q&`D+gl3mBX{)%3fn}6%KH1hq!`w*sPWQ zOrbxO^rxKu45dFsrS)QFqbMJ161_#NoB2GA};cw`J+js`(JD6e?<*(AV&4usw)20ai>r0>mGCZh`w6x*3cW?!?ExynDU+f;3s_1>wf3&WV{EIgz{UH<@p3;D zc`0od_kLIT%goO{dgkBpR;wrNxKf#)nan(X%7M1_^!$wpyj?hfN{H>s5l&FzF8Al{ zE4#o?ZOcyW!jzKNI3`Qv3!no&SM?Vtc9_}}rSWe&je3h<09jHasc%*4SmjCrC$dYZ ztr(&EYH>Jeecxkw1gDpZxASv8;YG!r4*H~mL?oiD0Z zyvIY-_!}iF)f5aO5IK~iEc!DqWf30q`c>sYOt0p%#FC8_*JVv@s+dB>K1_Zmp&=4u zjeOW7PR-Qk)oM9YfKNIcQ>w{WLU7+&;=cMscWA&q79N!Xo4=Iohhez||MoKbjXQl< z-(c>R5TM7cIWu1Y<6TXRCp7voYkd!3Qr;sSko17H7upCQ4d$xG!=fcNsy}R(a3!EK zFdhO6T64Ij`ww$;d0=uKfk<19QVoS+*2t>v*&M<`_7$Ke;37RYox7b z^c}n4oyGR(FWK6942jbUZH3;foDRmW7YAecc`E_l@WaR(S z%^8P+gm`uM5_=w&6 zo2dLOyZpCvWciQhc2&Nwc1FG^&Nm2n?%q#B5CV?SjH@6fGFYXp8@yuVGY2Ro z5n)&#VZ@C7lsHE{ST6>@?FCgc-lo^se&K^G$q3U~NEcy2xn40tDdwz{l8Pw-qa0^J zh7x=El*nbNk$FQ4l;76}B0pv;55|gOfG%LJIhdn7SYOo4(+H(1)qljxwPS}OZ!sf{ z$_KT=OwG<@loB<+L|d$Hg`Ia7bl4vA`(?lIq-j`QmMYpVV8ZQBiUGv zbZQHT4%)nGp08()HWpD}lSuvfQ$34l(w}{yXuVPS+;o&VcSGn3uK$Fz=67)OH$2?Z zp7@#Q=A|}ivQ9_nW`|8m4ZfvtrUox(w2t5`9KI$ot7_g5On3Rt+w-Q~s4)0gZ8;aRJ)8B0j}-Ls41Q=wxBLW9_jLDO`Y6MMxcP@*}votKG46}Ss{HV7zjvtMuUl1_6$ z16gz7yQI7$Xijku2A8V4h=dOeB@U972`@XuI_01+YoQMVk)M!r{0Axr$G24W>Go2> zjW&i07SSLDx!a&b4%2Vb>qurf0)X6)uofb_$B>=osQ2q1`Ez%tvP|Z)H7%bynNL+2 zTBzI++99&Ig0j$O5%~Ti$p7A?<(t=h>(gusam4NS4@{*~ZpfHQXB^%o11~ebbeKoy z=3`y`*M~HHV)G@qQ8zf6PZJM7`mghrD7xnW6hMm)(&6TcB64|wxe+Wex)RrNn}K(~ zKt?vH(Z{Y64bELN3=y#J?N%PQ4~kfCFVJ$X8B>aYD1tVs0xH6CRg)Vo!wZo*_HDXk zVdfr;bDk#(A~cz6`dA3?3_d*MM=bGxpc0z?HY*nN2Zcub1vc!=kBDH-5n-yx3@zFx zLV8l(64ber>(QVyk`3DbkZjO%X({0kjIDAoN+{woywM>AjH z-ZLL0QoL`pNZH#wyp3L7nwGfVnu zFrOieO9p-!dokK8#5a9MQ_Lr{|M_*spc!rxeU+ojLF22Pf_+ENFE-M^NyHn_svKC1 zhv#XVpuGvS_sEL-9rmDnZ%Rh~A0L$Y(`L!1e=VRG>vK1DEKC2ocE$-)b%>(Po_|JZ z@rhKF;M6Q3D)`0v6eQkQN9Q)4hD+B30B-*MF7(N9n*LjiqU(pgNj>rw^^H|>5cHAy z1Q~yV96kj_Y7 zRo2nPq3_?%k5;wtX{qs)w({{x_Tl|4M=Iw(q92>&bE(YG&+L6hGN2Cj7E@80z2PXY zoppBCCI8QFbZswn1bRx8x_QM_^Ug*)l-JHX2e}UJI#;w(Ri{?s{lv@nVPA9fZ~xu? z#eOg=)XSEYkA<}EvZ2;}KkPa}FZ>7XKe%e%Ia#68j=bAxF;Sc91EHg^#d5rIB!U>< z|8LjV;FU152wrM`i6ZP4*DETI$n3{BevFFBE;?|}y+^7~*ZN=R_TD2~)hnysmXaKb zE}{tqPG{TS6Gd`bL4TpHO@ zBr8rXCcKSKw*%4@De=+F-lu-hi<|`(7EJXy9;618ABV2;n-f-es}A;^mFulq190`4 zL?M!%@K)_BqGX6-)_9eXYlsx0L8l!fl^-6^p%lV%z26JVpVKkb!JSm~Ht(211MD3T zYB#5+YDdD|!Bq1rssU7`3Pr(j)Yc=w$83#T2xewW#p9%ArtW(z8ch|f`Ky|DOLlk; zw|@qPfRtqvZwO1y7Ui0P^?(y{FWuu6axUeWkN7zCb*fe*+84F@78N=;_Vnom?(wIOD4+^`3vivN(6Tk6 zLhkem)u$>{x=BzY%0Xoegq9ZNXFrA4`-v$&b@Oim9%sYU?}8nOBr3Fx4l3uN_u|1XM|>Xt3$rNX;_d za26bu&H|>BY|#d+4eFl-2Q)DgWTTXzV`Ct9T`+fLP(L}S-=0RRBoi>ao>w*V+~UUE zLS)9*h!EOeG-0Rt+4rlCRH;~=;V%HDM27fyWjYuFYoC8u0QfzaK z$xystw$5FdZV@!LmAA>JYkvbp#e}1F5v9I1QigLdy%gHGnl!wN4BNZzI_yr0{7ld|Yx?z?p<4WaP} zog6gJdviu}%hw7EjjM%=Q#2E~_|#+Vi}}=xWu-`U98?{fXWpRdmt#7=Hos{U?XF3J z#7%Uv6eW@Q$~5w;PfZBzEQLqeo5Gh6Zs|*|W}9`Q-9R640**hMtc3?;1I56FogCN= zigj{e*Sm;XlAP9AQYf-r4FC87yB4}yLF`~I2UQZyeROlPtg(bh!^m>i^k)q;ho~Aidf}Z9% zGlds3rLG51cVz(w6xyz3l>@<5bdGP|K>TusR`o?It2q>s2OIXQj5Xxk-g1jZ7sZfQKQb+u=`vSIX;{T}Shw!)xZp^r5@9l)!B}>(iO=w@d<(*Vd;q;fHccPSPVh`b&D&&lyX;{eLOwQR*&r z1VEEuuX}<_Q$XML@6v=exzVO+t+j(oM%sk>S9;w|(>fNZwFM-lr>)-8kGPZ!M=$ds)w> z_6;5Iq4Q%YkmgOXBuJC($S@V2_E0B$Xy*4frhPx5^Y@=V*v0oUewM?IpYDVp@?ZoB86#?yju&;1YiQYv;_eTv@xo#>syWD?=_k0SQXZT9|{GBSI%)Ta}E zkttkq6R92WAZh-`Gw3&UnoZIik!Lf7M|4E~GCvlM$d&pIj>zwlwZq0zOI7h7D^gV) zA*-9|f!wa#k*ixGs=IGRIy_~Ld8F`oN&JfhzYJN?HTXqx0gVIXegWs+Q|4ZBPbNOP zBmZrGw=4demsZ(t-|fVI$$H6>Zxb4T zN}7k*~a`OP1@xAAHF@NA?H*30A)hfAAgSqp(W< z)j>0O&$~6Ce}I{N!@FI;=q{6q9kHctR@)*QTe{;o>BAgNNVXY4%jh`LP84%5#dRU4yzyCtMxpb5>7J^Chm~qp2-P+4 zXW?@K>~iRLR2%d1!#p2nj z1L&Yu6^A1%ya{N# zybyX_)x`L*=s(yR`_)0@gw;p>X>2>=YEDX-6uV0BD&5jihC<;M$*kEVNm|46SuoSC zh|sFtGLWnpcG!~}F~ryon;oXI)wTFe3|;Z5*dL1XyEu_I3g9VOV^3oi&osKWt+9tD zEyeMmC28a?D`i_u;n{|yr8W-h4{=`B)@p&OrBepgSm;j=TIZp!DE&!JclGIN+*`$lmUofeyv|kjD>CAK zVB6~O6USxXVC%WY4sy%j*y%T>-%md4-CcD=&YN9!#ET0B*(SmKFieloOuM&bG*jI> z|7kOgkma3<@*qysJiC>sl^!45bS-$h3-Wz$bV>f61tPn3SlS>!kG>~Ig{^QVYKk(a zgTC9+ri1@<*qg3Xn943ZCUiA;9Y-0wjt+yjudLFKq_Hr%L)gjt{;Ib2(8vXC6ce5> z>cVnYE?zM{+txipTtSwlKfupwCJdj zdMv4HJC)iX5ZcHg++Xv&%ABr5Zbq#}8@?yp0?i(+|K0hC5nf~%&(<6=3p(HULzrIvSOQ8wn;uUU|v?*r()g(eu3$IS)u9Y@5ETW3QEj z_U!XH9ftyDlngm-=PBsYN_4dCSAguE>yB*Hpij?;#U*zpzq(s=T{&rLjBuGWdVV8g zSR{*!trDT7WO08z=Hm9=C5qcfX4a;EXe#eh|23BkME_*xeb+JP{gBK%jF*E(7^0n5 zyRJv7kian)a-J-Npgiaf_G!~O-_m2wck6t){*kW9j85q~--2V#_imXlX9#{j0>OJ< zJJyWPlo^x5G4$l*G%gvtR(OMud9OO=yw~0-@+KesLC2S5ob3d2s#rkkQZxJ!do^;* z1zve)(&YNq*SeU>fA{yU4P@G^{({u%^?1=XlHrpAjwQHsw8E`_olZjgtw%nVB9Erm zrO0EyRc)t5C`~T3^x(JlgG=StzqAuPSYm`fcvhf}w9}t|JtO^WJAHd*`Ux57*~xfl z2X|0<>6$p}4U=wuP~Ph)ar7BPjO+xKp_Hz%9(Y%3hc>**+M%{rZSByr+xZDw<%@LN z3C^j@_-HqZFDOd9zvvT5+O1sY?baVYl?l6f48*Lco$w73tT}ww)%lIFcR0VX?;<*L zLXzdt%qyL$aeKaIOmHi8UI(Dv=cIYjq>MgRjzxv)-i`$ijl|gx(_hrJ`Zlu#b zl?gyd33~;2QXm*{0)&1*xCs)c;;SLHp!0a*674u?$fd6i=zxYHF$1sT)%SQ~d!RN+ zsIdh3vr+YLBR@i8nUgKy;-m=kM%t0Ym^Io(kRwWgvQz3%7rg<;F9S=@7fSRXFKP9{ zm(16JT!`~`yS3ca`c~wDLr_nL$SqW3TapDmUn-F>2U8KYXBqTS2uRxS(L(nt(uNy( z_fQl(=!GLYb2#GRC?oF`XhVDuC`X5YYH0F2--jEOy0|PG$JKbD^tVsmx!AxevcE&_ ztZO%%_mC3Dr|-o|tJF<&0(T=i3Dd#SM8V>K=YSG8ULr663f$G)7}4*@t3G8o8$T+HyuVWwX7l7J2ILsCa2frk zjvi+gmf}#_!G9hZ&^w^jEkq6@(Kdnhn5Q`uA8$I3C+)gpo!7j)ox43g02wbXtrs4R zexQEP4~f42QTDxlC{DU4nI7jeW<-eYvqG0(D6PY|5ssl~j+67%nwLc4WZHU85z0>r zKWNREBW70JAzb}b3EjLBrR`mL?esxIpeW*PFd1g1`RqCAUNNVOsh2gN$*uM9+l6Zf z={D^{Ik>wFizqWB+F0Ua8&?YY;sjLj>L2MVu{+b76NN!@lmqwZ*`VHt)MllBmVQWO zR)#Kfy&C(!kVx$DKbCB7L-ZmP$5z7CZ+PkPVl88n2`tx8!%q6D{7WUYkl=(HKT zl2)i6z9P2GOVeCz<)rO~Ma4K=sce!a(H1$Wx;?~STl>PfS={rQf%$;ejlrOIse@Jx zo}U)1qUoyRs&PJ3u;04wBbwwo*tbo~N!hpgl#=BeC~k^U@>;#PzO+I!^L9cG)!r3~Ys5n?r7u(j%rK7dp$qkdBI*}P3D@$+wCIuYH=0FeAe z!iJJJN^~nsE2D(Nrdwfg>2LYYtK7DTsy|qLpCUHp?N z#@!dtu25IY3-{mx$}BrMOP@DYsqnNS|KVevi&)KjzY_vPoWJR6WXpV4zl+ts15XqSP!r zxv$Tsm3J6}zG)GtuFPXB*89VxH+KS0f4WX$u^a`Q8)q6>P8ns-JQd^XC)HRkN@^?J zWDS7iiPYLSBK;(yXax=EagEz%1fzR2eg59i2u-&{`In>oaps7ZMEUKZfhfB&Rd$)t>>wrM${tdwX_>6M5Pxt2=Gk~%nKPY*+YA{n^^icmB zd9}oGKogxoONW#P)RS}XntRDml^oj|KBp_t-W075@0MSKcKRCQpi1>jYEc%gp)C{} z0j&_fuv}B5yvY1~h|nog2RR$6NBvdLdrD0q*~5~LSb)7CTfWojQ0ngN3FWGpFURlj zU~w4YzhIGSaD}alFDG9l{-IdU7OW?U2?YnzM=SsiW2iui3zFJ8%c)0 zNFTPi>zBTmlzPdhk60Wh*BIpgT#vFH>rtqAoKU6oNasRJPtlqZZA zf%yy%RqB=#gKOs94z*+-DPTNpb9!+>Vg|VVZv+Pw<&;;ocUK}p&~q>@4#58-p;>8! z`i|IKJ0^CZGD%@mlx7v?VuK5_BT7;HDUCcZy#k><;GzA~{4de-&jdyM%HmuR8W%mC z=b}E(!#1_&+}ej+Z0<{F+en);++-~0`{Ci@aK3B=>laK~SdcbiX_usNfv=)KKq$D# zIS<79p-jKt3h7g;Pd^yhmF_xTGYc1x>v*yOEB$zJSN`IIo~F<#I25owwps2NiC(7C zkOV*-`HM%JdK#5TRgYxT7+IL3y;B!cq)0IN-0o>ij$J?a+p&*ZnHF>IZ__Y9i%^eE$gqjxd=8Qk#xrGgt4tfLogo@i$#YEDiyhgp#( zmP^5GdSNYI-iEg}(5gjKV|4dHz+_9A7xohRwn`n)tlDLNklU&3N?CSh)!EBjq~6VA ze%J$POaOM2=KN{%tz;GP2ACr>gu<@FZx?>xp%Ly$j zotKoFm&m235pL}ib^w%$d1h38BZo%JL7NuaAh@Em=sl0E#=gdwRBk^jOM7+~Kf_9$ zZa)*8Y@K;E*-R`UV&m7dFH3u4_y5!OCh$>|$^URBnLxr}2MiJw<=Ctyt_Km+%z~PM z8Pbh25EUdUmlvX|7{dh6A7>^BX`2CD!D|tZ)m>d(W!)8TO#&nw%IV7G0eJN|Du@CR zfxO?U=joZA$w1iszsu)Crn{b}pR=BN>Zz)yN~!vWG#SPdglqngGbkA{c4?0B!lHHh zv13*JgQmjh2x8(0d@EKOw4`BjeVM;jsoG4X*6&VL)BL>*$3UoTDLghzdZnh9rTdV8 zD>av+r5;0b`YdEG=Bu;bGM}-SYA(j9)uU@p7{Wq13lrRj(`8G^F)mJDsdVbK@Ntka zA~QpEao3cZRPsA2ig6p+e;lMEQ47|iuGJO)4wHWZ(S{)M8E&WQ;$cu~KIiY4=f#nK z4#iKVYwVRrIbTLJAH^xeI8r{tS*g1-!k=LByfA-GQx-$Fe;6#vptOYkJ&`7y1gE-d zcR)6=fI6o+_Jc^K!ur*pze%YS!uNV8zwyBLM^P*e`wv>(jjlhO={rQp#D%H0?sj@$ zklv|-)!VJ%L3DCA77#U%Q_m~31vOagk>RY>nO{Rba)r(rC=8`YnI}@7w^AOArYsaG zFIg$I(Ue789Wd7z0}R1D$o7FuxUUdGy$CPHpIr z5}uD~moDz&&J9X%QUgX>OGG#aYt?`oV-4sN zZNR~LG=Q$**lXx5YJfS{7#!+H_Hw^Lhdf%%bnWEY4Vlq##>za+9$khJ%iLX0-&>b8 zl{`M};vmL{U;N6$aGpFI=gGrzo;*C~$-{J>JY47TVH<~bI)f($NDDnJY!^j?%)hKc ze`w($>D8x5z$@VM3I1CF-|=kJjBzS~PZ8jb$X>7phqIdr_zNwRQ2NW9cZWHQU=+oX z?8%>jB=m9ud?Wx*ivrDjg4GGwrx4GWIRtn`00ur4Clo%q5=o0h(hE<v= zNW<@-)yS9DL+J;AS7t^N0DGCYPVXd!zzh&YRk2&sLx;|o-;wP*S7uAt1Y4<&uv>~DN&mTS2s$HI+ zxe2KL!zW|a-$&Jx1d7QEsZbtymqcmu^{`osSC$cB^s|@n=y!h78vO`;&HjFD$AwUO zk0)cwkQ^FVF%~{iC$u5K=fFn!<3HN4H1^TtN0WTC{#ksKgZeMG7ML|ix7PF3l*?hV@D~a%{Jk}|1b;{8j>q2-xn=k}&ypBg?#Uh?=z(`){LuCUerVD=$@!tvuBB_8qAn#*)D4Pixi8GKnwQ6| z&EuBmaWC??M-)nmL}%zK2r%_O;R^H#?mz!;#_L2I&&0R){6F^=e~;7IR`#cMd*@Y4 zWA@H3EN$ga_lF6`^{2aKY1E(YuBCDQbTh}<{prT+Lk)a(HN_Fmv6+bGK64xs(O;jA znTT$9I>AKr<)>rDtd;WFW+~dyvVh@!*qq4?p@Kr4i}53_tWYN(8*j4|wd`qyf4cEF zYxA8IVxEgT&~Q#@3!;umr4t{-VzN9U^K>k?Sx zBef0?C8~S!>9-13pvbY-9QBtLoPsfq)8dsad>@i@Hj!6j_eUg#i|b%Ku7OFaF+Aff z8cC1xx_T)zfh>mCn(Am6bLa6&|H{2Q+~=eH?Mm{#C>iU+1k} zQ<1^(3H=a#P(11DhZ>%`!pM`$91+No(+~FOlk#REF+qG0tKI8TwyrY*a!nJOiY|4e z=w;9!womlhjLr)DA2)UdRII|Qv}NWX#)tJ^JU%pT;&vmgNO8T9^kf)43?WtsA!Q!f zwqA*vc`ntKqO8c{!jlG-XI`>gYUD@SFCYQK+1st<4SOqlYaUd@UHO38OCiRKfgi9n z9G($HVUi0~f67a&7>GC=|3~EzvAstlH-5X?D^;h0(Bhy5@t#ho1huOlr?4N9?$5`F z9?mEqEaeZJ{vZEn!Mf&(2DSjfsJ0jAIXt6aXF;9v`h&chTw5kzPjP7U^#9G4R-xcsl~cc>K;7W#~TEVDE| zN11n+=1^XLi~|c**S$rO3r+ESBroj!@GrVl50y*v1owcYRM_PAXn}b(qv|taxrjw> zSraJGLZgmp`f3`>z}fcmy=u(1kEbtx4F*YaKp)Uqma|oS6SV{|VM( zd@=bMgtKDj9!1`EeELkjL@Ko3SbV_T1{E^Tz$M;-y4ZZfvb3QBsNLYpM{;w<G)ZitNIQ@fO>e}6zQIlrL`<(Edpe1v1+`VW~YuV$n~ zJ%h_8(0vP>`B#$<4Id;ZLApo`iUk!rxwN2YjqJ6;Q@F+pwZ2lk35h*AAZ@c2D$ml$ z@pcTCsA^jA?a)l;znFqBKBKz0t1}Z(Q}uq_vc=X4NmVipJxQTBhpDh>@tR z74Eoei3YAZI*b0Ry?lB}QLU7=KIBArcn+28DX&49{nS{Ch* zRTLNx!|)r7!b;(~RfYXY`K5FPc1Xxsy%KnG!F_eq8A#wvc>W45EW!c~*c zq3^6uQrxdOU>8LW)K#y31dUCbd`5ULB`in6_nzA6;JE-*D#;SW18cofW%;$KK8(Mp zDO@`uccS@1Z>p*ZuT<5a=&i76a&M0j$Sw8AxNB5z>atX>3(dYYcVa~I6yhgvg)j7u zEbbTbi9XT1zPD^TzpJLkC9ayBE!&;yUY<&JRTD7~wA<0(lzPBBjUbj|BDI*p>abhs z>YjuLXvqiw=<9drB4!US((UeJz6u*7vv5v^FvmRe;M8?gY3CibdCn%BC zbly7aLrQfkJJ%r@Std7U0{recs#E120XKB8X! zE3&*ze^h1AHuca>@^6@8O?9MaRNtn5qqa0b9Wa1VrrD`fk&ktnhl%L%Knf&9__wGh zO=6=&iW+(=Y@FPirmI#=V-e8nLNsQC-pmt7s1fOtfANaR`xtBT24;i*nb2a&tA>V?) zeIwHRy6M+W`8s@t;lD*dHv1yFp~4? zVY3HxTtEx4)~P{@_+}J6E#aFANPI^I>y&pCbm>}sxd;S`RZ~dM8lGwBfH_sUL;1^< zRk_3PkP3qu>4qKoC_uHcd|vKHMB{zAmnq8^<&rNNto=*qd9!#1v7E=>AP;oS^Kv(d z=ZmOm@{$xR^@J)}Snp9TGR#1({@jW?tyWB;Rsfw|%Dsa@XpXq?HZOOTDE4A{UMZgY z(en!NTtLqaf}RVH8q`LzzMyu@V{>2%W+wIxB$2qED}TVMe7>x_DwhoNJQ%NHZox8H z2+T6Y$5pwn@s8)o_43=lFszrOProN>SAc9TdgzCT0rYS&9tL9Z-vi0wzr+m;d{9J5#Yh@NO>ui_ zN9TGxC}c1#FpLhG2RMcdt;WN}u!Oni127q-*k&dYF2*pER^4UHJ6y`)DlVacBUHlM z=-mGJJ3Y5BOkO;xf?KG9TdBU=sOAY&C)$I`N95kli%6*&MKW|WmT&37zV&(8ed;Zm zdKVh4EDz)sMhWc)?9j^Dku3qm%Dx|RS!pO}t?c$aTCeP%&IC*>Yj8A8(Pd5H8}(JD z6Un@&=|UBotOGfPRkA=%G8@7HmY9qs7Q2zK`ah(>uOoO9JslRrpp;hqCK})V=vom> zWvQ`V{U^rAT0sIvAn8g*F~(3|?gbdGfs7>!B;+zc2597>a#8Ml3A+R^m!=<~lIV!b zb3+)yh&E3`E&}9oMs7nw`T}x=UQfkSgiBQ3m!{<+w|>~Ce?!xCfe)J`$2097w`F{g zF0s;%79Pwq{k=tPs$tnLkK0ml*YZ84N6M^AY3Q!YqQ7H%;e95Qzf+1lwKG*>M2X=f z`~j&L4f{~+m5fdo)DF|gldm^(ZT%M+nZIIXuEW@_Tg|=a!|ot_rBT6nG45VLrPH8{rp1G?cGvIDaA$5psh-TOsAdCI zv&I3aCv*D*eb^+*Re)FedT=Ht6u69*ahYyUCidV-IA*Qfap_J#6KFz|Vjq0f^HejYRYYUnvKxJz&x z$<$#qwpw;_XVHd8cS##QiqVFx3|l40!yfGVdoA*?%a1+QJWbMuxYfRDf?t{Rv9+b= z9&^Mv`EbF{d`Ij_L#hl9o1Pcsg@`{h?6BF-0-P~V0QxY1%#))_2zrVS|lSD+8jrT+g#J(D)@nI+8q=-bq zMFI<9qk(xi8ZxlfT=l)+@t}pM3tXp$0+c{uY;qIrVMv^H*j#MSe~z%buHWrcjS(3f zE@T_sxr+uE+xq7{Es<3*k(f<>ZgYiHXi2MtKPaPsuE$l8L9x#u=V|we!<+%Y+a&bT z^g{&)$=RR1eK_#A$!rj!tqn>QY2r{yMFn|4zYt;opMFdwnajB>a$)(@ltQ{C2w}_5 zBqqp*Oy*d|)2=Xo&Lqb(gXMZnNh4 zxcmxPpXk=hQkDdP=Dqz%dch*BnDpY=XGk^3k|fW7DVI)eA~90=P$O^|=R%`#^UV2}S$U0JE@)pVj=0(!Y9prSc2DM0=9$55LB_$sVSqF*csn%K(m)TfRYg zUDC*or;%f^AaQSWN5eK=$;S6T9Zw48MxpcyT6pFY@v%`2?sdo!92AxRJWcW+`VQY$ zx4gm9Tsg`cBk3$RwS+!D+Pf6a!FY#_lnAIqpn*MeWZ~D7xuW#*b(~Rcc0&w*vnh>WuU(n zJX$p6LQ8CAc=tuMf6eBj*OR1yJ>(_$@%8RgjiMqt=DFGO!>0^t_8FI4l->tc%x9AY z$pz}1FH%4(DlXB)Sf-nAK2FZSho>H_cT~)u{Yz@as250E9;l4;HlIKm1?&?a1+X^_ zPhIAqoE<1mY}dXKO7Rkdmg%rEoXU>0C1R)RbYjIN#D7 z8{I9ts_FvyRciviXjguCOrFSAaCSc^|Hx)@8;%N*q0vlhkV!UWi9OrXI5|ar6V3LF zRn}B{rX`&n*gw4+l`Q`*^5;(O+{YjTno^9WOrcCcmKUOW5O0D(3 z;vQSKtL7%_(uXy%E^TVNOMekv`UAcaX0xpSwRh>b`sd#zt>15}|LV5uKS$IbskYbu zSdp#%r1*AdXbj)}?~YdZR(pCpM zXs^G=@$0v(ri<`D+x-{y z-&`5j|AhM4|1UTxR}}f~$J!)~bT5hvF@cb81f!GLrMp0+J8~o<5vP9K^=kx^b)mCu z3U^nwIfO4)au;5V>%#SypJ4rp`TL+3D<9BP@l^2N0FN~}FlYu9(UtCrkTfYM) zv|7KbyU{{z?3J)k{{b+4o!R|3wEu$>(X0PU+T|za#JYU%oHo0B#T@SPfI0RqhX=Gp zuZoAn`g_%Ft@^tyo9R`r1bS6Z;9z4>!Z7>|U@A2Av}D7OwEiYkr-Hn$>#!{N5W|KUdspTR)pl6(!_%YrTHteyV{6_}O3!MjsSU zW`;DxB4-R}5y|0Tw>w=xixRx{NjKTuGG^HK+WX@;oYwT7=*`So$&hFKtQhk2pVcPv zIA$^O9GhuJo|jy0&|BVbmL{!#*UVV`U$$NUo1*@iGwt;D{FAGHX43xK>hC|Z?f%ac z{htxn|H6}?7wref@YlGh75+ZjCFw$$12BEPz3U0+g|r8NS&xIcZ?J4Xnt#0t2R@3D zF0RZB%dnYXG@pW_jcL&RX&95@p>SdtmD{3O$Za2c|(y@YL$l8(>Zp~oMe z-#vKz@lhT;{`mZ~@c84ib>Z>H=k0}Ujn88X+Zvy#3**M;v{vI|jubgI+H$Op&(Tlh zFl{+@#pmcEatOO1k)t_2$KC~;BgdA54W(i^J`_3n+H&N@=Xg=%P;EJi;&bRC$9P+g z()b*=iyUmFBk_gZ1SQ~0(Sp|aV&O@8_-3`aWyJ?0SpYlUW|kuCOW2f-yyl`@_Z!3$ zneHW-IO?}ovW90VS)+O>S>yUD`AcLt>_svh_Pn@o*s8RRVCSghxPpMD`foaa^Fiyd zIRGz89;lF#M~YY2EEkc};j+C5yM^k{Qzc0&(Tbc8_NPifuG`Ds~tbrD_Mh3In?|-D1*=j=-9%=1I)VvoN)d zrFWc;2$Yg2hHr$67YhZY{YL(fGI|zyhHy7Uz9A)1bj=@v5#=$U(a4iSlV=UpSX6l( zYJ_YupWViXo*SQtUt(b-;MaeT0Jm?nA;1kAkB0!QTXtJ7*{m47me)&&fnd7*!#Znw*4=-Mc@K&aa=34qwXTOaw%x;bJuGbhK`%}>kY*-bH3r!vPWlylad zizIHkc?S!1)61D3eE>hP8w)QLh|3o=D13f498jfXKx>%gGjytiqwen7r-eF^5pb5) zvOD4YN%B8Uhuv{~O#WAvRQ^|HlmC^)$^ZH%$p2({tG@KSQa0o4>4PcVW~F<6X{fT&83dXTXG&Sral^ z*Q*;gAhg@qI2ZVhO&!d_R9Cw(B%Z^6em$ddPOO;>`bb= zc*o;QE>riGp-kZHNUPk3M7hFV%L^3~f5Q!I;&13*!OqAfs__IFacM?-z5hb3r8ujx zdZ{pB4T+X7rhUR^@WpCBomW19vRstxH_CeXTtBJ$6T;QVYfK=6?~#iDqoh!EZBc^H zurt)6JfqX2nrppM^B2Ca?=A5e(~6+WaWcc^QwBFf1M1V?rCKn3#PKOrO9`JTD0Zlm zrW*aBa-P0AON2SYz|5}Z>y^|zp28VaGSsM3mF4Yn71an)N-YJYb_8yLy_O>|Mp-_@ z5leDYT56z}?0f^T;24r>OG_n1Q{Z=GjvDwa($Z{cX>_-Q^(FFRjc7z@umg`Ynm*$- z8a%#Ma5}%gOWdkkd3`zE8qoBgwfZleYEu(kaDkC;EZ%kXmw`X1q3f;tL6|~zK%}qo z=dXhLu1>bWT=$^3D&$kVW(@9XsJu)OuKWYQdHJU=%UX5%{~fFLbE}9qQ!M z!$zWh^$;bLPxTxBI>wiVO6kf?EMB%T?--vug1-!E9?1)3>50|0^XN_>_mC`hiE;&UT9HS2G=b#w zm3c~VPfNI$P>*4;i@;t?O3c9vX+4Q0LCQ^h!sidU0GqsTh~e~u#*AEz_igeWo9Re1 z&Q8O>4F5M`Rql(CmStuiEGv}8@0hP^)sUbgp)t$i^zCd}6K9OkCC(UQXeF%*zNx)o zoxR8kD1@t-EY4X;bTjde{k_)`x!-PTH62pI^bKHM!03kWB?LPkFl+on=^da*6St>w zD3R_Lb1&(NSItOo6;KB?MYPIuYGFUeMWzQ97GGmh*~Tpu?TC{dt%9 zLjDpM&IIp3k!0wEY+LVaRph|q75Vm^u_9l;Bd*B4C^B*b28BmdP-i7eUOA9t+aj;y zEux!`YD4JJU(EVczAP&#tl7M?C5bNe`0*Eqa3FQ09TFcvcmXjRt<;~PiYYgF^W-o-xLCiljUQ)1o-OCd4ZDXoe< z9=wfs%CY|O=YiAZK4yio4e{mnX9|;PpieyBXzw3>IwsreNTR+@HF71Q1i!ZP9cvT#j`hM%5C>mO&U#QqnAvS& z0#C?#q|ad1gIdV5`;25grdzBBrAXF;ZnQW8H%D0yPLiyLk6Di)QPxAG3D%=8vmWO~ zSr3tx7Rj;O!&&?Xw?yzCG^*e~Xb_qI$QS%abLxM|f6%bR@gG!|d6oX(@E>P||CE&f zP%48|xy6HwARa{6r^Wb>EG2k$YK;HjYl_5wELz1P#sP~~@iD#nG3G)DmzWDVuN`wC zG^iRQRBCGqwd^?@F5>XGhk{(Eo-@mEe z#0JIlC#Tu@6P{UPF@0rDx*z;W^AX}tB$;5kZ!k47pPI`o3a=i?qR^yUi}t@}Q3PEA zi!y5k^Ar4zDaA%8C=gf_TmRUN&+++_zugz*PcDipkNFcOt8-Qo-A&|AHVqa0$qO^U z3EVFDljnvC{$w%1u4QT}W+Ie+=gr_xn2JuL#7ph`$=A~W$z|G=z61GU#EPa_vJ~O* zoWQfp)H=^jtm2D-D0V@{Gk5R}`@ z+w$M?GrR#XKf|;*j-O$wbNAH$fB6~OH^9%(E;2b6?Wdlb&woWLnr0yxOOqUaa{LT` z%lr)OVo`pEm=(4fjD9P}-woK_H zZE(X1vn5Tc@%!2Dvri&rQJs7CwBFcc7uUHn@I0#*hz;5;9CRA5kV`s`@g#YfbB6}E zxJ)IuS2#AvqL^z-@45jRr?o`fDtO8JGbXv`@&H^^xaMo)2 zCtChWrLqMeUNv5FiatLUD%z({5O@DcQ{oFvou&$B(LTkqPpKM7E+07j2Dt-#g}he5 zj(Grk(o=%3@isInOLcu4Z7Fyo_E)Vs!qEm#JjK@Fn>)ufIP68qw7o#$hp|+GWF=3Y zy7?xC#;hxg1-H>n;KE2}oSz0jdZ+~HavwbwDZ!28w%8b+<<)oiU7M7ekI6r<0i=M< zbpKSJapmw(_8$iuBOY-Q{pjaamVf3mMiqg_TGEr|L33>JQ{Aufccc0a3uQmge-ZwDL^jGgxsxq008kOg#i3)V&mz=9Y**pEA9$mHIigeU-ephed zf$|TP>QA_u&00%?ELf?cYd0R(ldPktq=4yODwXaSx700tX(>Dm8E_f)@h>YDgb3ej81DAIF*1c;Lk>lA7o@dpy>@-{${0eKfoFqJ@-`{ zTx2A92zqIvs~2@36#j^VeS7pZ;RVQ&cpn5M@)T6gpt}L-JTcOpNjt_TD_*-kOvW3h zH52CthLMV{CJV2O9^rz~9dfsj_}R5u3I4Gk@UKK*QVxb3 zw(KgQJ$lWst{o-nXV((Sh{&cWmf*>3?e=`sE)>h$GCG5ThQwf6QXH4C^b zaC_O$8ombwDnHTDhRTm%tb7ucy~g>geY6hl;GJGj^-tCO50%O}fXQ(d!B@j+ z+-cbW4;nC6G~k7Hve$de0~d;3pVu+2*L^x9_L>47lqfabIiYww&n1>V_#!@=2#T0r zuLMg`c=!NKuyIcoIVe|!KX{*UA2bEm_hL)>Z}trhWfww?l0}3Hwk%|~f-x!;_ope) zN+HD|rc2L!&Y{R&PxPHVCr&Lt{Ns3A~(xo9Q;`5eq;E5 z))1jHAUsKIOyEp*ySs#EkzDBj0hKJ$gLR>aZx@~fE?R48qU$t*h@68>LDQRju3buS z47(E^m8FMypl?7@v9jEAIXT6LHCIocaXZ+M;-bje@#|r*;d`-@{vm(#TXM@BI$tja z%!ySRxOkAVd|r1}C^^=sAb?C%t#80xeJxii(^Dxy98Grfh4<(rghy3e9H)@UvDqE4ks1H|a%1^PTtG}n=!zR@p7!&eZ*jY(_bT#8NHBG9 zmg2ztWwW?4Hs0rIR_5yDA7&=|hj~c`=y{2CV6Bk`f1pF7mbvPbAnRfDRg&1>%8sK) zWqI`7JWj8&ScNWGE6bgE(Ycx`=IYc53weIr`Ujl5Dm`I>3R+Fj>~x->`Cg+p1&#^4 zFJ>q@{#L~=q>BmihjNX$_(DdfT$-S{(FtlujZF}8XW}GG6EqML)KtDvslFjPL9$Mz zs+cI0>#t&pXf$Y^%ExfnoyE>Ls!@K8ZBA%$V6EI`trZ#=a=KMypBLXDIWMZqDxffYx6#<@P@9-#TCqDaq$UL(^@o~)~%5sP;TkVAYa+`RVC!740a zRw0*=<4SI#W0Q~kt`BCHv7JOr5Jx!j>V$<>y)LJEM`FWaSZZ#!NfWU8!Qf6pP|3YtGi1@8*d)+wY8< zvv1Q{@0MTEIJY#)4U_NcVZ+?wjN34M`jo8j#Uf&&do-P`*P5vzPoZ5F&F1|Y$6BKAaInW(}LrzU#ntrn~r??@KEmjxO5{smrCaK%eksl1mMw~Xk-2!0Lr7BGvHvA>9YW1dbQ zk`un{Acd(D_Y8@BIv4NcKlcXqc1sA6cNgD$G_3X9jvgPiv0T;_bSlm~z@O*hb93(> zP` zkOjN-Jk&SKdix7#6jy?nxbo|nb*=> zN5Wc~nHBz8+$_JGo4DEh{!ZC|mHDDYpICrvM@ZkxbX~jAf_`5b9raf&*pH>rAy{g` z{tlSA(0coZ-YTs(JzoU`P?h2xNFOg1j@vj9fY0-|31*W8SPy_t-)%0p0G+v- zu=$)QFVwj|)gj9z`O5A2#BY+cS>`7Qnbkiv#?EpwXx4)m}lefoT z&TlObsI}w)c~C(>9&jKg54evRv-8}u-+jt14Nw-Z$XJ1=Uf7Ch4{{rVWhHK!G^B3h zUGgy>Qd?ZVC_xg=!w|tgjoh4U32VXnW12A%TM2ffLtt4o!%wG94V(KWiu`dKv9X~} zz}8G76FG|*JzwOUBUv0Wo`UA-d$s%xN@Z{IfyMsGs&M$^VD;8YBd36qvcl`}<~RH$ zeCDJV$~cC7>pwv*8&o>AevEg>FWdvzJH8TpI88QM-4aoQE4an1f_aMD;ib**MznY} zwfLVLd)&D?ypFzIo_^Pw-qIa8ONXc5B0X{b1K&1cSi7Te4%>*XV7!&!Y1~9L3yPi` zNJJglq0fi~ni$FR>z}hXT+S=)GayW9r?%89?Pl^AG#4>1y!w4hDF zo1M}5G}U08oX?F)@O{}W%pYv;rq@%qz7WwxK)6zjj3@@?b53txKAM|M9iMHVa5SI9 z4IkvNBUfOC9kB+cS`ESRKA|oBlC))1(zZOo2N?>F?8}|T`{v%L9HdOmZ^Cqu&WU1a z0UtkUjKjz8#!GyplU!qpBRn_7K74^GUgHV5em$=3O0b9X_zU>bcC8oiv+2ne@VDt= z0ka(E+qbDDB+Lm?)PeAgD8{_C2l0Ry#-?_BU63U&wTY4!zcCF*?(sS3eyNHzgMF-* z+5%I(-E`h2W)x?!fb9%{K^l=e(XTh-aK|2hTQ&+|4-LWD4te+|fd=yt5v;8yRd41f z^j%ojAdc6g(|H)2SK?1qIxnmh=n$lb5T8+GbF?VM=<%rA^#m`hH;Ar~BEvTQmHUW8 z7tNE$PVkA*=HZMpp3XRZF^ba;i!%;1zc_nNB9{&%^$|QPBm85rFmZXu0qP47m8LQv*nNsyO z;XcvSVQ2yP@J?qGTeR9k#M%#HU5~>kTLt(z+>J%8-^5JK@?d4UU27)4l$4@s zU6OWn6dM}UsfV`7g-PF6lBnG0XiyLBh>|wJvl3~${fLc|#^yQ-?*%)#-{g>!+?U!m zF>KP2ZVPcnX@{c)d$gwgiq4OIbb$%TRj2_cAYc2Iq+>v?bP~tl6^y}T8UwFudvw2Q z(6)T51skwm`LSPt;@3N@{i@S7*ss>mFm!P6ezivKSN(z^Mbvqem1f1!~@e%jQ&;NVVOKF%(m?U1fRwy4`fQpN05qs`dFFvn2%VnrCO9*4_dGr7`E0dw*dEv2AMZmfQhm-B@6(Uyw{f`Z2O?%R$<$_ z4f6}uxvzQaXbu75h{lx(UeCOA0{<+6%&*prLd{Uw{2XGb4a7wAX*~Q7mj025!T7y< z_WRS4bJ8R~6q-4RxB@r2jYsZcE@CbP0tK#v*wFElmdq=>&`537pj3W)CcepU0B)Z~ zf}L#g8=T@#>kffT2W`$TBC^*4rhdaq!b|BPR9pz*c_GYVG{v*ha;&FRy_zPtsZ7vv zuki}m@wp*9bq|dwSze@F|T?9n;rl>NS*vJmD z&RaSNiMfvyG89&Mz;v*(!MjjP?GnD&fN_J!1u{M&9c)K2Jy(sK7Sq?%s{@Gr4N`a{ z=5jyIrmx0j$xxmD#w!UGibxEV0rq!#`%=Hr-fi@sT{QbxOTZ7Y%zF2nUnp*-Qav4i z>wm~7Dmy)ZK=*VE>{0>EhdjkX9 z`VVgO&{KFQP%NIa==s|E?{g^l81huC)f_ARj_*)vZ|L-(O)K|>tARo`Faa=qq<~K{5b6CV1#X_lQ=QqZcL~=a($HA}Dy!sY*eI(WI*g~-%wcySc zoM2LEc!JNMfWb!pN2?D``;9+zt%J9SFBlkj)Cm<%o?G7!S=rPx!v>&pzQ(N0ih-4y zic?wJlT&PTTBzx({rRhv$``uRJ`N^i3>h~`OB|s2>~|QgfoiiT0<&&OlE7Ml!zl@0 zi0oc{ojdqN8f35a;Z#WOHKB1!cGs6u(Xz}wtXSZ!CU5aXo}nL zJ>U!zBS96;gRXK5w1N=j&KD>z!srD62|0yi$21t zn)yWt0KmypWQ#H=5lg|zuUCU#?}LQBKXLLx-yyUkl0(M97)lYpzA>syERo8@iF~+8 zYbOskyJ!mvHgXwdbijcP&Nfm$eYFB-QR8D=#LA6OaC6st?vFQW5XLjb`km6<9 ziob{a1~~vo^%^~D-Lro^7C0B3Tfu#+@McB|7)+Y}R|tR_nh>#h|}ZP$%szT@8VU-NrzNyRap2t$wur`wTazWCcBC z;Yq1_h<1d%IiToH3A;PEI}P=KpnRLEIo1;Ass(qnp!`(gWllHz7vsu^jy;3zSBYp)}Ufjv% zRMp5*9sBL*B^A{ZX-h4%ly4<;{+b9{d?rb|nD52rH+MN`S@=b|USbih0cef}%L`Hi zc?%AP)9FA(>yQ_p5^QWQt&oZF(u~p^s-`q@D#hm@loZ*jo}_HFz4kiALP?eLdXVR=z0+sbh}bnitbWPZha+f+n(C3{!sQn+F#~Y zfTCe%Tq+Q<$6tBNE~5Q9@W^0eUaq-LZU-iF~$$a@Nt2_ z$1^P5-+Sp&_a|A;Al*O+Pa?sug+&KYh^DWNEVq<&gcV^DBDwWCcW_slUXP7ab<}I1 zaB&;w;*QM4g(ygC?Ruw;$lS(r>Ipf+?~u4cUqL%?tek`m*w5uqOzLUb(IWbYA|7x? z(xF;unMGR|yWFj3-0a9(XK@aT3uvc_zaEq-$wQmg<#N+F6n6b7 z?H9HG;ePSs$?g{~5>IvF?9u(=vXjXx_lw`0OkS~HWOYosU#R+L<>Ps~=oioMmEURK zD$>XfBZ{G985P?sih!Q>twMw_r^tQ~pw4}kjh9ve$HI@;_s^5{|)I zmKf}-J998BHaK$D0*kU#!TeXWBi1R>-K}q;9_yQU4R50E#?~-Y>Faq7XV+G5rZs#u zFsVTat`!8L))~o|vxgQjmR0;R_Oy>KW2ow+6`Ht&PaQ6`TZ05wLj)FH%2spCTne`b zN%+gsFc~_vMZP}f@a#@Kj_kb1!RtMG9N7_VeYBlqn<2i#(V5OnT{>E1pea?feJEJu z`?K^xI9+cH_k!BFE#gr0ePc! zt8WEABDshwnTxmxDWFmu6Wj0jRx%UsgPE`vaDx3E%L683)CG@mBuc}+i_);~5_pUw z6>Hu4M#4*vop>}e@xZ~m0|{?o$|h*oA9)u(VRnoq@`HxGcKU#pug%7b{y+bwD#bSSDU;wfbnC`~l@aCbF3Qf_hW253h6`msm+`xQ&t?NM4evUyqWsobaP42`#*>pD>$wu2{;hdlaC_k63R*`bA^D z2Q65K{!#0odo0*Nklc;VodG~! zP@)y?dJ{6bdR1aD8QKyB2&KEw3L4I^SAL$upKms|S%9fBN0Ya$^3v!&V1dZ}Sev<> z$Zg2ne`q6jOFiL{%zOoBb_c&nD}qp*SJrB})2jxzwLmwPA$vBCv+ppKwzE^ib7b~i z9@+16x!?8X22Y#cQ&;L3>vot=wUwRwa=*-7Zq@c?K~%RjR+a#9aBMU*$b(r3pA3G+ zao`ktH5r`DJFqDL+!P(`<^;s(g%+Ay2J^g}AS(^sr@%w=`8KoCC_PSDXS9)(N2ru? zUduV%!7t;xa70j1`ik2cpuFd{otGNhm-7BPsLj08+V3tz-VJT#<>tOXS)b*s6!)9n z9=6`Tzfd44HQ+kI865r)KB?*>w#6-FlnM{Ua*$;whN**g54|<^3nwY^{cE*e-fDpW6Lbq zlcF&C@DmI6f1=HlPqkp1F}?b1`AlX#sx2fHme%)^h1e z1N;@gwYCRjLr{ye|GjEJfM5mRaWzdjjpIa9p7^-fdZW+C*Fs*X7X1(w5A6kWJ3nok z;-U;Rjo2%MX>Q=osx=i8f-}jOgM!U@j0uo%&m?QYz_K(dPUro!~-|N11ts?TKO?a_ra=EE$k$0BvojGv@}2IAq%uQ$3z?E z@qLo3(FTZB=q?M#mgsA@=D zRm6K2S~dO6s)=-Q+*>k6n#mvV5|YL;)))jY#E~IPu`N#~^Jeha;V0>kL5*jTD;Q!j z`?R#1M3ATpFSD+$2L^1XQcI5Jz%X;dTQVX1PXP7pC`64GqM{I3rKA!YM0xM%Xwx~? z+X|_W3E_7D^yoVwI&gQ!ty}}_< z{l}fpqw>vD`1C1-E01T`!09zH0T?ps*+a=y=U<|8F$x5q@45fipGLrylcJLpdG-&VezN(6*z+`GFE(;(y{_kkI^s*5ux%*DcU#Ved_0bdS7tC3lb1>i zoS(^9MM~`r;c8QLtQB&5DS_u3`l>RxAkI@PwNmtwo#J+i4f|h2jKx>f1A}ouXDg9$eB4>Re3@@?r z%9P+I!YWwoNLYC_w$YZ0@78pZ(0$-HW^mhPW5uG3L)0rHdx3lQ;TEN80Bw89@`lTW zg%3px#@GOIm>lBtQj9!otZV@IqXrB*~16Ew!Msh8~w}6(QGIued@j{cA{gJR;Finqi4qwSU5J{Gu?yDX+|6cA--$eGEs zrw_C0mT;C`zamE_jS_Yr6Swtfbf&RXt;YiTjvecG6wkIWMO#if2DEZ% z3?NP;p$m_}I&t}Q!LU$&9)p6qh3v73eGNgHX7rc?VQC;=-&SuzB)KxskDefsTp1_= zsewts5iL}NK7Uft1c{R#_BpoW;5P@WqWr3G4&!AMMnU?B5?l}u7K;c5O728>8ZWMq zVt5vKUF=FxsigI1Lv{9JkWEr@J12Dstxs#|Gz}rYHiX)Qxl$tbDEh8cdB}-I$hp8K z5mT!B2&3GRFgf_PRTcg_iOeM+{1jgN)ti;-QwS61d?AEPBlE1)@i)HjSWkANEU{Y6 z)y_z~?>G$0X>3mT8Y;TFMX9bMxvC|y8W|N?jpowoqNNG>*F}k?$;)capO4f1-B$M> zBN=xU`NK#M2rAWIr^xRAoN^Mp%pUUEA^3-B*I6vcehCay%|rt0e*o=kBuXgg-)AVJ zG1agC$UMlwR3?ECF4j%!rOBI>2P80ZHh6MzBnbbRz4Gi-svoB-KbE+bMoFkDF6Eiy zA!7SmbhJ}iEBjjy8T;$0GVQb7kS(z$(N)e{ckR-yGcuB_JsKH~} z&P$Sv36!^>?Ytz(=tFta+sez5jL*+P)*S_wT{3<6f%W#Avqk^jwgBG(Ky&st3-E%- zL9mA{*rzg6wFUTus+elMP2o>?>Tj`Ne~c9~+=4wEgAK4?sb`59+|geGGS7;NGlpCu zVF!9dB^4Jlj3{a-y%AvZY5ovWl!c57q?V%?zf!dF#pwcABF(GG#rR&zNNkarevySo zTq(#%gL$>pkkYfFvX;w59pnLt84t*D&Wbq^+e#V1uoe2K(1JDQh1s%*Zk(&ZJZd3u z4;r_<{Z4!zGWgxZnDE1A+?nBX?VWNegdV|_6B8vKs*&$AMwTec2jPsrIdE%LUB!4I z)*$XACTn<{_K&!GDL%uW=OeShh0N~^%k%M70B4alz*m>01n05k!_{%Dnr1lbBI88) z`5SS+$GZCFbR@__jx#1?tg6ZjEU*Zx zM{~*5P~zcHHJtTfxmW>aSK9GIl@1up6IMj`GUVAA<(ckGQC8F(fv~!W8Ips=BzvE!MGVVIrrzN zbh(S}YDLbn;+fjdvp#aU^&)@Rq6AM7*H)baW4EwW>lRi!;iQ~yVaZEa%VVve>FN#! zCpKM`o!IHe=-ly|F&HPF)oO6pKEM9)&`@@kxLJ0W{j!$0r{!+BmXA1uqhuFh-P7{x z`(af&&Y&%`u+U4c^aB0=P5Hy+)$i}Y#xDG%$)6IG1pZs1Ne^T-7AU>z`R7xObh_u;8ppq<`yM5Rur6bRmgdxbummhyOkHi4)&!rxrt3^qwkhhvt>sC`It|I<+G#wwJH=Clwg`6$X=)~V_qPufRZZ^%J>JtcX z_>w)xh)KCL8&v&{^CXSW>lRfXjixzz%E#$aREH<8}x+WIEa${gz^(vEWz zZX*4XYum+=+~<#OVP~k=!c9smAbW5c>{-q<9T^QB@pK_LF7ChI7*P$HhiKmwA+N(ZBxyBHy7iXmlSA2Z?@M$)6R$x6m zdk9Pt(2LDV72OH;L6EK*<5c8CFAl<-!0!KQ4PPt#8bTPuw+;O#-H zfw#*@x`A)S7T_^n7jE5#M7_F^9jnin022Epk=O}&(Rm)zK043jE|H9H9&}jEpc!5> z!J6MyY*OZ<9@LBZ{XhxcN{14#Z}B5S{$%!>|Jrp7r(p=?$Pd45e5vo}w~upZvV^r9 zB{*Xc`g~CFNtm|Kf;vLq#dSv2T=x8^M*ZZGn8;^LL5B`fho-=oPE0!Htqx`R423)) zp}9KuX+7s3CFgr*g1<8{-v`qZ@%J;VCql8{0%l)^**ZClItk`<R~&qLCO1g9=@iG>S)$QKaD#x}Dl{Uev!0Q!(t!aY|+GCx_osK*xa zl@a{3%2!?#W;5O6<`HASB@*)!evjFZu?z{4&w5LGUt|dmAt{7V5{rfFCZppYxq}UC zkbFqhe_*>~a+j8q=-RF~(F3EvjboWoP5#c^!g<>x`&;M0$l-)Ea9FGzF)-_*1u(&*VXX|&+ae@Edx)#KIM6oBUgGi(dDIdWdVbjtJ3fx6zU2{~aJ;9#gsu9+_gEf8@;| zU#f(ykh<(l-W^Y$TyrIQsrtu~B2|{gW){nz2KSRg;QnJ2^0H$|#C=4vA~(mr3;&fI z@ih$+(#yy3Lh_1J#O3UN_mUjY2d9XG_(}^90l-|&Z%L{k(*Nd;W9+xe>xd(9uO;zY z#qNfM7craDR1&c#I8CMf?T~Q%RViC^vDKo?&%36Wxz^iN+=I>LsTSZG*`-tq&_x#T zV^52plsR@;fY(3k%4KY@0H1Y6r|Ye^*_lz}vqJMl3wmb^T4XM^pi8)@AE~}M7Hk`p zHraZ+A2}quI?jSk;IG!2!+J`$QlDn9TdC!pEw@tr&z2nN7J%609dV=_^9#Upkew~A zB}Ynbt1qT*6E!i_vtkS=WG1CxumTr*T$QxXddWS7vZw*CWGbO7s`F%Q^bB}_oyDDo zW!)3Se}m#9=iuQWJ)8w-SG+t;FIjk4Mi1@rFjY2#U0^ew0r)_B0W6elDGf4 z@6q`7EwQ(6k-dF?Z73>4}Z3j}QH`hOs zas2q(bY2uA07?q$7VNmwvcy5NOH)RQzq%#h((1p#++6bGS2Plk=g@HEN%<4I=>bpU z6d^A(eV?f>MvHc0$i|2wX3+kPhMZ)uEG-+`)c z*--J7DCNcz)qdjsH^%z!L>o4Jd4m3D+4{eT`@b*R|HUWje=_`gWK|6Re*Ll){^c!7 ziho@eCB?tP4<*IFFCI#Ye;+)Q6#rg(=y>?|Cz0}e>y$YnrLJ|#?ILAc>lD98+1EOy zpGaYLDn8|Ok$QnbRolk;JX1e;|csCv(vW)>A@!EfI@V z#Me^tD=0`!GX>c4=}nsc;oB6vfkc%)^^K9@Upnk6mAT?7iu0(Tl>Lk7R0s)qde8fM zqX{ETj!Q?ue=azcB887MiAg8M?L}sQ$1GFz8E^Q=V6!}fWXBYR2_}PFT5${1@xs86 z&eOkeNxRf~^KzwnmK9TJG7rp1)2Dkk`t%vQRJ~%GPrv(lU+A8ef`hj8hekaxt#=CD z?BND2=_;kQWKyBQ#EM*gj)XXPpSindCbA6h>9;_Ud<)vN0&>zu&2^ySEuV4s^QwU= zj2XM2oY)vi^J34z+RMfVsy>-NpgZBZw=Qxv{Z%m{-PHQ8Wk7Tvt-k%{g;cxYtIc`8*CBJSnIm+?j6j zkW@G{>X^P7nr!T(Y2~Fj%^k7ZuZjAigDC63b1(eI&N-MjPCOUlKQwTIRry|m|0r$6 zc<3>YRJ_iU^q3V8;kf1VB(1J6!;>hy0w>WNiC!w`CHF-R0x=MSvCXc?317)x;wo0l zLD_F!o7EvDg1H=NHhK>^%x9I1l*sw?_@=<+{bm8>I9*_!z&NZHa(0qpPC;&^Biqj; zi5F8SdTW`1P-~ z`mdc#E)GY@#Q>#xwnZ)iZIFvNdT|396>ZR6ryQ4F{Nv330ljdFaDb9t9P9i)rx&6& zUM{=NV0w{Z(FG7a0lkA|rubWF*jwjQ@~cWE`JfWW>{p&rgrii;UyZ z3yT{3rc)ff2y|>kFC3kYOD~3W{C}hu5>1$1Z0{)P#lD}K|Ht$~R%=c`mC0+d@vGn% zDaMHOPxrQ9RtHLE-LoT(VNT$e2TpNUarK~?ER{!;)e$%S|g$GW$ep~!DzANSb7Uy@PqHYJD>eKTw z=uegwT!pbfo{D{%>yQd!6)1u}KQKTudgN-x^xQ1kSDv3X3=MtiZZuR%Ce2sd?`hFM z_0iUa^3L{Q^X~SbNzjP-u^~8o`h6gZz);v`23M+a>)8A=v~EgAa|!>n8PD%doK9!# zqn4acT~I@184!!mG`4J@czdT2A=wMto@N<^G8e6jd={l*&9teS3V^Lc@SW)V(rn{L zFw12$%bLCw1FvGc={ETyx{s;Uyi4jl8OYGDg4$#Aq)+YjgbTWnyK?81>U%KYpntQ} z-i;X5p?Asi10AkLx0C!pI(wCY@}MFIdCozeH|g5Ch{%1Z$OX=&M5$sw=6VCh1=y$p zA^d1EIg#{ZYpFW|T!EYwFj{H$=R=FRoKO| zU`(2-1nHdW*N^!0Z+!WOl*%{Q#QTUc_Z3nO>J`0|Ae*!Xn>)aUo$`hzbU+5bGWZ+o zo4?a_eYQ;9h@w9B=_AJjKPRGhu;)2!o<=S#T?dqEa+v4Szwqndft`b1&P(zDwSIRx z#-Pt1UX-?^yiTRK`mQVlI?1t=`z90QUf!>LJ z{VPrXB;uX0&~O-6JL#IhsiaV&?s9-pbOF38nHPkEc(wVH&_AYzQ)8>HrAQ(Ae(+0> z-Z?dWU@B(6m!|ttGqjdf#5D$w0)#oLe3GK!=(qJn$M;2U^XcHa#*|=PqAW;0DvC7n z_Wq0cUKd`XyL=8)BS*U4ZE`88Aqr`W#vj_KIaYFPU;Rgz8JUmb3vh$IP!*&%Gn!$8 zhdCruE{vf+GzPV9r(mrxnCqY!z783zD*7cb%BSz44R@H~>AFjE)lC_q1&^dEHBGDz znx1=<=p%pEsRLAiF!5P4#f2>@G zrU7wk*vvRo?9f~*g+pxeafrsCfnC7{>~i`IXR6-_q-MaV*{2^=^Vchty|G06u4BsF z1MD{33#vCG&!>;+1q17@crWxD=XcdY*{R@&il9bM#TG|=1y+Ub-v*jnJ1jKt6;=Pq zmml$w&h9~G@11O!k9oj!096i~zt6&mhMY?&g*xcgUG(0qL0eS26L2srE+F)er8JeqQ3W!(T5e=Hg z_XrvE9pS^UHh{i%SjZ_tE;4?==JT-mf|5z#7r8;JkW?BMPu|G)E2gv zFuHq;GYSqCtns>b6e$lix|KiHdzC>uJbF(x*aSIV_NzWvS$Fc(LLEDB0rsczb=1A^ zeN=K3F~bu?duT~i6xo);K^R;4^pD+aq2|^%C-__O>RX188w=Nt$pfI%^}AMAd>6T} z)dxxPmv^-C`}O+aq1*z$zS`A*MXLlWQK#SawKA7H$TR8rYpPtWl@quy63wi**8N)Fkuwt;<^V4AE9?#?Z=%>@; zKe?5AuHHv~PoJQa?K~5IHlK;4S))0}tn9}DsXG%HW;yUw&rj}sP;rtVpD<~O1U%?*oM^20}(PU75cFLX>dGaSs+Q^(_`_eBhyRj>_ zPFMluNavqPndW^SdmqO@1*n4ny)i-ATlbSP%UdUixfjG7#+jjR*HC)M|GZg{+94%O zIwpLy>ZexaH2iepa{5^1gdHe{6r%PFWN(HHOx_Qhe*xPOPH&y%AnKr_Qai9vVRD2M zUq|N&R75C!0e;>(pElMDsLk&rWJHc?Y7B@wdEDMHr|GHoHYL8h$%+$pwxmc837A?8PA@!ISh?Ggul)E_P zWaA@`EJdfr+YVmeA0=F96>j+#2+O1>*HsD(rmy2rdn~!fr18ZTk;ry!x!J~ceRX6v2!ywcS&9+t1-60& zNH59*?XrisY{1&CMJy{gG_A7Jg{J`v(9EPcFiFqjpyyYtVuAhZ!Gfa~4 zg@)US$;4LIRWq((FY7he(zRzJlf$mv&CcO2X6tlgL}M2CTMc&7jj-N@mG$R>r%F>Q z2VkJzCvt2!-{eB*?xDxJ(P8Ei&6T1;I(|AJ9Ek{RnZXLk-_=Sg?bZp6WC1IyFOcfHVFJiPj8kh|5Yl3uGSmaD!WU1eo;P66;B`_}8Xxkv zrUe_0_y%~(rY;Dt#j8yo6LKz&YyV;M&2+|=zDTMe9G?FtD!|pK%>Sd{`AVtjq9-`z zk1UIePuY=gD3FyD-Ldc(9q1ZK&6gZLr5`$>`Hktc#?IHkB-RZdF#U(DBIRMQiH|gT zl;SlWU9qu=O7J&i1Y3(4=n?d}wv;~=?n=$K^ZT^C$vTUd_d;uZzmsZT--lC^t?#KF z<=S2g`VOw>N=PX{H!NDmNZ$dRTLkBcQIh|(B?1qWxpzAyC7kWFIKr*O3V~2EQ^*`) zUvPwUg*Rz2;lC1BMeSuW91a||^NQ^SkI1|tacch`cW(mURGGbxC*6_d7AT8~TC`~D zptcTTOA#BIVgiX4SwdEdJwH(e0FznQ-uX>#vg;_r2#l=XuXr#Tc*G{+jk;iJ(mP zrve@Dc0$a@RbW2e0XG9TH$Iun$7@@)A2m;mr+pvS_OFSSA9@aKy2P*O`&1-0hQCbV zW%oRtK}CnfUH&ycHOLmG8Fwt5d*;mXE_MrbuCQY(qKT8*ue zB3;qNulPK+I%f2$yJ33PndQAQRp6XdT_8LoBL8saV#3yL^8^3H?cZE|0AJL!3g^l11{~DYl zI8uKs9hpjztaW(u;I`o26DJy_g>9geKxQ;E}j!{IFO z{-!5=hcZRE#66+-jC32GWZHEjJbmzYyA!7^%7u46yollY_%i<5A#Mp^#$1Ks!y~_7 zmX#dCyo?9gY-1)Fz>YU*$8m@c@*V%-E%wk3kl)=vUxWQm9+2hd`yP*AzG6jRRIERZ z3}gW90r%wUp{PcPzqnA3&y(bBVD5{bLA=E(tSn9$Xm_9OIMwOI)NM%6rxZiS9s{R+ zivz+v;IAcp1V-LG7cvZvIZ_+J0FUxpPeV8j*OfMThMBG6xTg{dtiY2R7`ThpVGK>o zUTOZAwAtMl>l9t@PPtGhU5m%ujd4O*C49rY{-$)QQ3w{T^mqa|DEEv8cQOO^GcTp^ zDECs5D4VU1XNrdVhD+hyAlmCK$Q5%3LZ@~T+-InosS_2RgN2?b)&KtPvM=s{kD7g_p-U|(f^ z0T;%LN5Qfv#|c*{c_iij=m17+*?cUk3s|&RO^-c5Sa}TY>M?lWvmI?>?pMNmT=xp< zS8n~lY$axG0myvHmBroMXX8q`SwD$oo^|?(U^j<>0fyLQU3B;@Dmg`r+F_=r1Zl zKlLpaIwrsd*ARIc$hxRTW5`rcoih+zpOv=^gzjhZ2fL%bz$WJKKDZQdXiuTpnd+xL zIL^TAgrSo26YK)JXG8+nXm66pjx-@>Zk88*KW891dcw--1A(;wiroz7dKp6vso+L^ zCX`_oWP5XNIs85YIT>&c=!(h=a9yL(X?+DwmF@+szh1{bz-4}oc5v$*(&){=VYs?L z96rFF*)$cHF^$veb4&Nzh1~I8km(Zxot|lCfY2Yi*zN(^fhXx*jPc-erXHia9RZh+ za=#L7%M$=ZfH3+n@L(FJLh}(Ba689A8!D9M(f&Tr+zK#0=mSX5`9pRA3JD;3cN~mE zo7k9otl101jN*Q9tsmf7vN26}%tnXUJJ-{x3+T0d0Hv(~zJ$a4nIrWiMAN{VK#W^{ zzTuMXhYY*e8w6N105`z2>uvSiYA%2uhg4wVUddUUk z9_E)JmUr>F^ z0Ng?K)}5I@!~3{KC|eD`5LVh@?rG{MxG|>U83}isH&7b$qd0mYL`5gnWCQ8O)La3B z(KP@@35_b3c%@4mmf#R?O?0XiU$w8tT+eI>2Hg$+l2(F56AEmZ$EH4v`Ujo!B6!_S z@uWTVq?5bF{^=*FOJVZ*0QxlPE7B-WrypTZ+wDLV0GA75bpDahEO;g5Fb0@HTpt*L zh`HMfG4kBTk8v!eH&gva8#uK%{NXWyCJQ8>Nhhi|Qm0ynm}&DQb%*{R3H@Jb&)iz#x0^qwbGpw)PrV4mfuaxiF>EGp z?4ga4T0Q?pa_#~B$Se@=9Dv_JJu*F`K-ME^(@vXF@@5`wM$;y|WZ|AmJ`T)5T)@-$ zg1z*P%7TwoH=yYHe#>8HI~!mZAc-dbkmFz~Vu%ykKMZ@(j>m%*Ja{|^2R~uPu?P18 zs0I^Pg+uiEWATTyhRM@8o&E53<%i|?!v*k-LjJ2z3;ij6yg1u|FARTo+5wXl5U^se z4LSYm$H2b4g&pj?wVuxZeZ74CJK+4mR5)_o9y(IKN47DC1l6n1W#2i(-`H2NlZ?TW z;L-zs_aHy=EIY|4Jc4T*{Y{72yL@h|_N2%4gFkpMp4b)VV2_d@G{mIrL&jjWetvA> zd@t(HckE#625E@>QLeW?(wOB30W}Y+W{3DA zB4l8{UFFLBX&TVY;%^h3S0x0N(`}Eh$A;Dq%~oz_oJBhW0uaE|oBuKF5lUZY`@!D$ zJ3a^*9LNhf5qODIBY=3F(+p#HJTTCHu&4fjzjlZ_5o1K?7hpC#r+?HB^kN6xIv$a+ z5u)uXoGeb-=T+hZj_`E)&OWb#p0#2hOc@ZB9$)Xjgnq>zbUawh$E;v1ImD+4NzaV0Nrj zShk5)w3pO6J+I>(50^?$u==IBZz6>QQA_jpFhP>Ir15aZUH(4bCxASXPTM^alLt+q z{#e)z)8GocAzW#F1YWwxtJ?*ipTWELJv;yg&RK+XUE(2JQZd}qC)1gFi1-?4eC4A( zY9@>|+GUcj3xMVa$K~#cMt~XPP{T!M2BMfIcrDlSZep9AV6(!jxwUEZYZoqsQqBRt zw`Icb%dqpT&FhDYr47_+Hj(ZWr&))zfNHm3cVNgJ-`%r-9Xp{0%sUnTW34b{5xy>G zB?zTkXl*NC1=4sVA%Uzv1?iWA^b>`$B}g7Y)dRtz#kT-+@qvJ9po{;*2Fe+j<;E-n zRecvGv|3^QJj~d(RyO>mc77M$yBIBWB?qmGi!ZXeo8n5Yu&yO@8;xx*{Y?(0s104> zW&jc06-~HdMYaxax)^kDqaAc`x}t--_i`P4ln`lR4F%6 zwt|qp8ABIZRs7?3xP~L?B&d_!^9|({rGCc@&)fv^*ML59jMD(3oWL7Id_)V1l~rojduWXK#spG0I1-|Pcge7OwY9cW*{<5yHwT6a?r|~6M_@; z^EZudySWJj?MnSpmH`Zlza7;M3-)8wZ7_|h0Siu%pJ5w*`g0L$luiuqg%VfcSZS~}$*}H7G_|y(ucvHY8JA39gI6wsV0nE`O z`faJT%mN++<8%ky6t+#@pk2R3_Ha2$(8g@yg(yaD7B|?XYT#dfLm zB;6bPO@a6>HHW>)>RvLB7s>}L+5=IV18Ld=(eeT0#%6v~@=f73pokpo za%6ZvLmDg1Vl?~TgINxt6L`DvdZ#+xvBzb0cqW7Po^}Cp016B*?!jPv`vo_yR>#OM zQ&p$AfmHP~MOA_Oz1ja=PDY;-?9<$6P2EaY64JK)?bDLQDDV_l$hxnupPj1w0;&Y#p(ptr*Xo|3B zuAh3pO$^vlHvk1Ebu$|889-XvO9-X-AOwZ@*R46%^^MY1DjRo8U^BeczWEMtnLK_q<~!)4_LGZqBIB6 zv=yTcpzZs9_ zXs-J2I*wCY*onq|A)Eh6*t9nsS;9^-`U~0oKlKeW|J#5kyJz(_6?a!C8%WCS?SH(k zp_!gfvBVSn1$D+4b9QUzPu89v44yH`{)-}eAhYzDpa<7kZ{aa3;7pv%w=qSdY>2`3~?Y_9m|uC z*)_)=V#g-R$MQADTy*ROk`6ySU32(ac9>Stv6VGX(~@PiMJLvRS@zqCFNPNMW>=R8 zV$36OUz)3b4O%(+_a-bd0e`qHF=!=QYVj|Ve;_r zW-V$oExh^`<*Y@$rUfnS)~tVIEgCf~j_F$zvljG*;w@;Yx7y-%*21D`k*sf###&@+ zT4d;3bYU&-(6q?YxA=BDwIJFi*AJ?P8loS*?Gf|?aK+@nN%)1jogFx&+s+T{&~69j z2CCKVF`!>*av+VCei8v_UIpeN^}j@xD{RAA;Oc4P1DG5(9Pc3|r9cvE>z@G4=zhcS zoJiO6;`OlV6`f;V1(kfIOJ0bVY~gyWtsm27hF>z`^)SPjA8{Rij(X*K7&L78df3)K zzkS!kwX6PH)$5Ti(e*N0y&krOu(;v%#u`LI@l9YpW^Ya?>42{VfAv!*kp&5R$0o|d zR=ZsI!Ov;LTjXQOnqwo_v26KRhUVCH?ARUhu{_PO?(A5Rd~BlT*vW0A^b}0w!-5CB zhPAX>s|ERU@AuD|bbLzZ6I~ z^lpM?pSD-N4@xb|H-1}W`3AQ}mhYCWk>$I5Yh?NUX=`ipE!oh&#-)KUv%{K_pF^({8B7QHnsXwp_&yv16iX`5ftJ{@LpFNQLQo54CzdZ0jFte7&(4 z=E#oLggM;%>+Rw`yZEm(0(Z)gP|0p&Bj7pN*7AD1l^=Ekf>E8r6WZnQEXlFse~W~A z_#ty1AK6S`QSlX+Kfp68*;Jle1HP9+U2Q@VNhljct6Mn|=y;9$F(V)>1l9Ku@;&kQ0bykTH{+lI$%x z9?#?H@j4uKdOE)eAJ%dRfzh2g3fX#e`?~P+z1H&i#p*vsGqmj>7((?J@*!dE4 z=X%7FC^Y-(I|$Hx)$@n3#lJs?Rij)>9S%--M|=%5}rOy z*zjk7;S~A*VWs5yUtf#*fE|kp;y+TugFV~LJRe7P8vIL!e~Cg@xYR6Qa+aYNh2bw( zkwZKc?5)Eq-IcuotaoKr7SD1?cO_!->fmzowtX(?dR!U+q!S&!d5hG4h(j8g?94nY zEVu?STc+-r637ltPENgkRoE;+H{a7@Cu z#ANuF286vBSLV+pZwDTOhZYjkgv9B|tMJ)4VgjK{F~NtmWqrPm5$yH z1UKoiWRxD4C44x=wPb>MJm>^l%gKI%P|KCj8kfJb!Ie9m53a@6$g87pk&}N}H5Vq< zrG&^CfZ4zy8dC(5I(0;a|C=vxkPQI_!vpKO@sdi@67AK)dgBQM3-zR6p?(Dv9(!9) zK^Lj0C*Y4yy+~AG|4f)^FincQe?Vn7=qmpN+?@hLmM4lwsrYNx!%pENywoas<$VG> zgpRH91?)=xl9?$Wu;P?7t&}AXUfREWeFLQ|NfRts1|l@yLHo{68vEY&%`KfVa=sO# z^HG@Ie|O8L46pw(y+D{#oRaT^feW-D>oLkr4YW5L$uQ1G!P!Bjd#{x)n1&UU=V)pb@Z(& zuKK|ttocgZ>8_7w3uNf2oE0z=Y$)D_)mkh3(avZ*nKT*?^{;e#22g%vhnaGJ=Q*W3 z2zfyVxl${Fy{(dv)hQ7|_E>-n?0vT{#+mt3@sm;suD}7#@XX3YM`qKMgTTtH1b#%! z)c%4yo_M7_4y}hld4H!>cJtQe2CJ|lVNe3_qy7bFQte02?@qfsgENpV?85XE6)@SEXXPSG%RkL{E$0p_gu0P-*)#Wt+tzYH}A!oZ-Wv+et(FL zAU`J(m8(#GPifYF|0Xx9e@e-d$WL>)tKi~4PdOaGEa@Pw#DXl~P~b+O2UWLOnFyD; zBdTIwVu#ORLl$6d<~pGaUUJruc5D7^$l?h@8~ZHu6_pXRDs%euoUrBu2+1D>Kmp%eCnz*)(P=`NHGqYGwZ z<{HqMAB&%~N&`}K0zcr8`Y?h2MsSZMJD~GeFdXdn$9!Zr*EH9IBus;%OV$Q3XSr71 z4p09K=tqz@&>MH6yhV+?Gi_NJB}8(@1qAlY0O)H06St`#E1K);>liwKJ#Z0wR7FE# zhYDe3w6J0n>277_R<5se2pcT&(ri$P<)W%b4D6UA41F|eP}sRmHuT?v^6WH zmr#oDdGE|?^!q6}Tk*NVihH80p#0Vj>uj03g|Z>IRvg%2C^DyLg~@kDqByxXON!(a)9qpnzWxw9 zo~|qXf*pWA3hoB2DlexH=g5!bC~B`tzS@K5e}*^T4vK-q`mX2;or@%?;>5SmaVY7* zOFaay_UC=n!9+WYgJ}N3E9sQK55AWZp=*Rh=meqbtzc#X-vLmDD*HVEria+O(>3<4 zO-S|Bo9VL*O9_C@h9EUqaPKnv_svlIcLw=39;!ix7RAd0$p+p9H~rCE#Rd+nk6}V+d-FYIK(Nnhl1Q_LY}ImnAEf_CUNk%Hr)%OPjHP zD*VNG9*K3mn2GBFL8ZeZt>51*; zVM`LDykJcaVI|^W_v#h2<_ELv`#;ee-zWzEsMV_RP4R=Ft0S#%o5<}~kQK~=@E1%z zv}Lo=md(@j0`DmQjjNgMorh*E^pypE0Do}`#X?zn52C%-qmk3^P;*A5-a-yZtr*e&5G|?kKHbN2LL(1OE2)1);oYdx8qIT1%AYE zx#e&IC$ixVPN0|a+Ai`Hj*#^ZA}U<3cnul2xuw7=Ox}uq!)e^Cg+Cdl9q<<&o5JI8 zG{b~{>%Pas+myqFbp^Tf$hkt@ZfJQH+6)pJ1#J2=9PK~fi|-n@4wgdoD)KMhSNsd> zAOY;Px)`m!_9)m3NzkR0U@uhClCdK?d*N#CUsRHR;mF(u_Syroe__oMxP81J%)x*y z0W5~!fyJ;FEQXD?%xyy1U~G$v`uO_?jJM{as<_81;&yxEnY^zsk~fwf;{v~$+s9wn z#M(&qacx^AejyOILF8bft)Pq?ZIn0iwL#tweq<Z@@%csp~=B;5~yoVwe3NW)D}Py!)h} zz#UTY1`zlO@<%q1z`-9WB|EK0TzQDV2XzE_|7;GG_h67W`hQ@=e{JB8%rc?>hYktY z#9($G4opxS=#E_8+#%69&>e*pPefH5O6;&D^Az|0RENYa%&sQtE|p#7)8Jybdfg>M(uRJX$+$p{laeo1qJx?gIOy60vkfx6>zJJ}z^ zG=ZhXa1*Q#lCTf9CfY&i8(h-ht<(os32ub+oSq)ff+6C#Kk0p^c^h-Wt%G`%lm};U zyo}`ECr$B3&Y=7kYUYjlYQ;lJy#gWOAZSyffS*!Iyjyyx!TX7{0K#Gkjq$Z1}?7;b4{FOWoLe`8Rkk zr~XCW%aXTc@8!-974Id?e~InYg8#Dk?O*J_lUd5le@I7uE?=|peh>8v$C{y@A8N&w| z>Mi>^-f&+BcLgsE;V*0ao%;6rJEsi&o#?1``8(^$-+A0@70OFIOmHdx&d^#^Le!b-q;58be=dcM^tx6kqD_ zzqz_ph5Ay&$pBBsg6EN#+L15y;J@^~R5#{JkyCCVB}QNB826=^j$63STWAd65(5L@ zYQ-GpTfP21I7`ErZxxJVsWaj5@7_{;tkU=OJ{GwQ-@T*ySj4aR<{cj3Xu%(mlPJh8 z$vARJ05>A{B%9omJakX;(LE{BbR_S4fB8Gi{VKvqET24;Jn~e~YoQZauzruhYGxz8 zb35;cCV~aKn$PhL&cpRRM8AtZ=UdS6NkaU$M(&|~kW$aTy`56azrC8`Jy-9}?Tw1$ z-tAJ|yYk!NJ*T1Q-aQP?QsESgtegTzZ$}JzFR_n&3Vsv#GPUT_?Z$77 z_-zX~N}KQtL|HOS)y%ugFhQ6l!*mk1egeO18+v{lyD&d-kWh&}V1Bv z(Hh6*EOTrwBz^<;AGe13k6%QvuEBp)y%~zIxTFCUiZ|nw?$r8^9V7aWR%xK!(+T1J zO)S0wrrjnvzA^__EQ0?CHjM+~Q_hzB$3hL>+!p_Fcgy~x#=r~lXvn||^B;4CqHRZ2 zIjjD<+Z)H^+}Fro|8?d4QFQy{Enrd>@E`wWC~v+0c%I}f`;Tpr_hItR=C$v~;Sp@&_^7HFIUNAJP)5SvREt+^1`Hw7?LIOws@vQ7WvUt`@+<*LMXaF|Ue{_28 zL3{+{UCI4N2syXxKW=Ti{|F}L?|DFFlTG$t0#9gzTI(ppyRue+_^pxuxE=h*2Y-qG*m^*#&F&+7VRi$2VWtFpVb+D50^HEETmqiuvcHjM znfa3JSvJ3}@hlDf%hwWG@GsL|`o;cbqu#%K2f2vw`C1?f`k%CdzdioveNjgK=hXK3pVvmU-T%CRwT+V7elUbPphHj? z>=z$gi}Jxwf|D`_-*)~bFhN*q6rY5i6#8Wz||D~~D0)vDhLpMPh= zCGo9#nK;J%Snsk(e(Z^N&c%;K#jWRx%qoDcCE}dNgG<3wzxKs<4E@@uIHV#ger-3r zJ1S-#>ete$0`M~P@H`SzZ}Mxu`>Wos?ausK0%t5VSkSNKek>nL7CyEte5_gc*t5`B z#5u*l&;6{3`MDqe102>{xu4sG`MK!tQeIl{v;U&_yU+bY@9z?SulXg_-=+0oM_+1- zzx$@nznet<-2>#`jU)eVG*bTLS0tpa;e68%Xj0Xv0M{b_ikHv>W`_j}Yfdg8 z&dGElZ~@UBqzhQ+ViveChzD<`UGc+TeE&3+jo#RNKJWO~y38ONBa*^AZ(P#DJa0;$K%O@){$ZXs-X!z9k13uvdF^;Qa@z51IN-rvjgI7h zUtm`J@5Qm?f1{szH9D;5wNAmU;pnwKj$Z4~Jai9-=A$cHgkL}9fl2tweM zH?eLb1tu{ByPZ)TadU$lnmtXM;B(hu6f(n9MccdZ6g$B|-;Zwj7oG9%r|70{#BWvT zrmu_Os&C=0y4OWHo#IrR@rc${U&zwblFd!8KjyHnWDfh~@}m#MM}Js(^x+6SOkq!M z_bk$!V-Y(Cci@{z7GJCeS-=*?U#IP7EB58j z2dl8o`YTl-|Y@ILxQ4&3nN->1rF)4g4hwor~k~o=GXEhkFM1#ekbb z+~^R$BnMTs*9YZh4PpK%^Nmk|e~RvsO<38rz?RjG`%9mLHsUT}#S9Fw**ffit!~1K z+tGQlb=a1*w-DsLOf+Z#dN zQZMk0t`$mS39-QbjU;bC6%=_F5*!fw;?i!W5%(u8bDArg_ky&ogL;;H5?H0L|D~7r z7N_`qh`i%%Sy3qOYVeLg=9$f0-Y9NsR!`2ie1Nk4bcIf}f_qdC?olncM?JwknoSYT z9ahZXhJ3$3rj}pZ0v-T^N*?cp@^~+l$9o}-_d*=+I9fb%C!e@(*v+6?{GeJJ^|W7K$bHOQjnk3>^lJ>?Z-Vxi$6dJmavx`aplJJB=%<#4`ve zDE(!VuD4~C5S~!U@r2!gCp^GA44ql(uMf;}f8EIe1mGk05?0KSd+TSREE^k2;b1~s zl=@=$Ned>-S6&A8d6leyj<-#a!qAA20_TO3S|n?GAtQ1xSfuVSYKFl33{@pG-bei* zl>UM61%03FRR)noa9_>fg{d!6pS(iw0v|-Hg45OUGgH?ePVpxU+CM!51rGD0P3lJQ zLP&qyr5!*xUj?sZy)jY)F6c(jDb^nj^QS0!us-YnE>t+h{6w*+H?wY?qM7goX0)Km z#qk1W*AU8ZOhy^d`XQ8oCG@i}8;MW`G@A%z$Yx)daRp`>T3aD-0~@cwQp}SCL_?T$ zHhN^ZVet!La09M4o53EKzx51Vf2l`% z{nIzLczvROdU{-H{QS?T*Z=C7)}NnU|6<+sXSRHOq+`NQzj?;+`8C)7YwOp4>uL7< zPwAe2p#J)y_2XkyJjmAw08b2keu(vq)PpKnLj9tvJz!$h@H>D)=NC+q)MzaJ@7ffP!u$SR8 zHA3kuoPVV|Xw9I4&ty0v<1=qyx^U@Xszv0GM*G-u!Plr#kW{nh{V~X>KSr|t7(!K*9t!CX#6hS(VEVP##KQ=f*`*u{fM)Qo z*n&L*h*%ZNuNZs2+x}k#kS}2 zZPZ}cj)#A@flw2FmkodJ$;Yllb`Eyso9t6s$W;L+b>C@=8?OeR5-xD}olfPdkxHro ziU+3ZWUz^*<5_dk;LnIW_%jL=B5^6xj#M{F5`U7`YZzP(1-Sy_3FN}lez_Qcssh;e{FAsm6?d(}U8A69s9ufQ^k29? zi|;Q`nm@PLU_ooMMEIAwj-c@NJh_Gj)>hEZoVN z!VBQv?a96abPKbl_j_wT+`<{Wg%Y@h19%IM;4RGRRa2aS=VQy3eLrdMVPj|I9@r{@ zG6S@{6L}^tOj~Dj# z?V9{~49I0SG%(fqcGc}gN$p1g?E{V;PEfn*>hQiGfP19m#;SEqJ-;>+MDUiz9pcM} z?{n$Jo3lWk31MF|)4D&p6M%o(k6{J-R6n;{cx!m*JB=^a^O}esZ!=Yf1gN*%#~oPIq#2I z=`c51o9p5I7o9sOs$_K_5l$t?PiF%xu+!-o{9Cq!7~q)Z*^(xHnw*<;CE^2K!ed;S zjerlJM+0z6bU|)b6vt!Mf|Y0&_uyX6dbV|_&J|WhK}7X-a(Z$*RN4@g$;9SQLvszk zMFv-H;*Me@8HTMNZj%hJVlo7eu@_uckLNRavh|f=GHtk38o*=<@#vQXav1k6>Sl7? zAM?J;T&u`5u4H9kO&swVLgo2AxrpwasKdqK0F9$P zuCnHmn{gcNfpOFA6mdOyb#Vpi!j?9VCzq5`;qnZ4j<2kR*ep>K#C6Wp z%HXBBQmzTKAX6yqN`NHUkIMRHCKe|GjGeo8|tGiPZmQ7*P(`Zh-BI+{}$a z*^T&v!7&;>4U?bBUfR;;@r3LpmnY=~Lm6JA%5bx~{>7Dfkk-HG#CK2;AK+j2cOvm! z^`w#b)&%C!xmdjtL-{RiMSc^)<#$bVJLPv8)U#^etjs#Iti3|1Q$wqPKtISR*gZtT zspnV1y;TYS0d8oqEMKuj`9@>CXitwFWybRD8`X+@7quea2gBvN+1yU~{uO?p%myJ7 z6U|yEk9=Tl;E6riy_vZC>%`r{&sx*;mF???6ty4r5g@JLi_{-Lbfxt#`aapK^hrMe z={r!Lj4Czilk$KkVrP_T=R@QExF@VXg4u2Dj6vAC8=NZ{OCT=j3m|%+-wBYg`5O|i zUA$9W7DGP0Q|t=3Bdv1PfP>%#ts{>ha+W8twsCoL| zh)eEV1nuRl-@OleUsxH>Uf4K10*B}YNPDduXJ-}=zOU~_ z4w(j6YhoU+@`2( zsJ+v~?Vaf{Y&!A6bOLD8TQNpiJ?t9S0Am*DGJr=xUY8oP_?!rhX%H=91At7W(zr7K zJ)l8@eNvnhZ0{!o2+{FoypuD^<9*wFv0GqzdAmc+qJG=R8;1jSau|q1&c5$pD_*neOc!coeym+Gzv2AK{7OaUn3F~y zpCkDTrRWib^+AKu2bT+OBrZZ944q}v2P=b*8;c&_p1Sv^k^IMp$v^m;HVQur8NlMt zPSE(xjZEWd3M#(ZaQe}$;pG$0b@&Zun!qb?hL&fcxs9#PLL00QH+8bODW8SHJH`p2 z|J04aOO#n?7^@Gg(XQ*+?5I*$t zb;&Xxx=TTscY1f34Q=sXKDmPlcFj1VaG{f1;X)h5zhX7t6 zRvV*@hh>v-P*xKY!hgm>VRmsu8m3vbi=#69cON~AA($88DKrU$-YnrE7`&R(lVf*! zmLOwQj>cfPAUj(hBa?ogjlAV2EWt}c;^{m-Rx6ZZy-b%>1o4;?5RX|2@fcvGBqNVC zH~okjkLmA_MzMHIH}qkpQ4o(A0Gep~p7ECx=~bQdy|ChXt9aaf5D3GAZ?q-MyfG0J z83@KRg=GB0>B|SBb?Jg;#shnKW;{z5G_zMe{wc!um@D&W$^3vTG>Yb%4oqVBqstbA zO0lGv;%O`srn{C$BruMS5s7#CwwG^XDq;+bV7O%j$S-jTi^wD{<&m1DMbx6}l05b) zVKQbpwgEl795cAV=W2?DOiy(mW1kY`SC&R)upS<+M%vK8!5e-2Tk7KvcIo=KYAWwz z^mCn_rE`fAqro!j< zbAI{=&j5#Anu+}jPVEBuNZE& zi5so%2B5dkOvuJRyxSA8+Y{w(=l1vYO1N%BjyMYRtq7xJ**9ZEa}IvH2fO2C9K$Q@ za~4Wi8CH(p<=n%9cbZg2Ec)}v6cDpG^%jWSO}&kW?dmCPH!9m-d*E!dQ(BHvwR_yy z18_cCJ)p+j5{W>G+jh2%|LhoK%R^ndgF<&0o<`lFK?=I#=RZM$Ifm})dFYO!=cg@8 zlG*3dZ2C+^txQF&goqrAu#r}RcBAq+A*Sb$W+%g)Gd92yR7Gn!g^=M9ch61$zhyaU zIt#vy$o3C>4a08D6n2wfz5(KiCpMi(;%v=}oUsZ+Z#Z{h=#A#G=@vG(O}EfohoQLG z@KD^{LzVd2h!TjIJ)XWH7%OM4GEc&T8}Z<^cyK%qzNHQ&_BrnFiTiVvAMpk?e^7q- zQ?WtHtNbE0JV!fjD{51|Svfxx3|Am2!Cyo}PA-#^FH^l-w z!5!cz^Dp^JI|LtbeK`{2eKYuCarna4kNKK#tvLLp)W1A{*jEW4W()33IF&bhIe%SP z;FiOOQ*e~?$YDN@92T+9zYqzesqhud?(EyjBZ)WcE1*c?dW?_N__o#^#Yp0IU!V>` zdH0&UReSHGEw3*yZClm8$-+hfgJ=~(X*|*+kUa#yu27wl*E*{VTgnPXh+Q_s9MR>G zY34LF!NH6`myYtI)YGHn#_&gZ10|sgJ)SAND;xgYm+#xogOE4$!@EC&cV7Z`za8)X z5xCzYc=r?V?#I)X*LMW(zGT?8DELdyFsoNZ@h$BB&uH&|dKdNn_vr55h$f#A5IeG{ zWh0MTa;Y!kQh%09{V$YL+p|a`ghfmU7$e;}?FfZ+$4+2j7)qaf2mI`e64JEzHcZ|g z;~NP9*UA|tzi&g`k5%_gHht!MukJ|I(1-9@?=_w9eN=a%YTrnqnR@A@P`U~2jtzAu z@d1CL_$C!HAtaThFtdXRXc&)yC|Q5Q_?&TmUppt8$6$Wn#hgO=IDsM-mso`e-$l|G z6A)^%gwl5tWWKpK#+i8xUd<_^Rx`#ipF!Jr1SOTRkvj=;0H>ebTb=;Cn?l)d)O%K z6&fF}R>$9#HtPq^M(_e(rTuWIeni_yJ<|Ak4}Cs6O6|3s=?4(%wwq*pY!8cv#!WI* zkX3;OWjzDw$6kl059r4_00(MYj_0v_1V;MtbWA(-V?0NQPqOfH>*KFl9e?LbzQj}q z@ouFEXIOqlt$bZt`Ocw$Y3z!JLnk=vpl&e!<}3Ll?DF_y@^y;aLgj18y1GPEr?;I` zzLnDj!t`cU*3(=U9btZhJ>3)zhdjaEppBTGFso{;jhG5d%5967p0kX5$})aLj+df* zrIzJ;83jyZ3m!6-@8wY~%lE04<@>OKe7Bg}EnhieN(vk@uPLF=JCulNFDC8?5!3LW z{ick*e81*H0qO;fu~K8dSihO?=|R; z`@;JpIJE7Zk)e;6o@j!;dH5&vkPkBPiuW2uOvxR{CwHI-906|2Pv^NH0z+K(CSHULo^jS0~{>SV{f<~Lp0Tyx;xlUiDP_50VWNfkMtSd2E^yn>-1hlr!9iJ z4-2RMaKBMFRg+)FD4sg6wRr0IUl31qh^H~0`geUi^-;6hC5KvfL&G9`Sj6f)j)r7; zG~k+xkoX>shk31xhnEPpj_q-u;dls`TOJSdTOJSj;p5>?=5~#Ti3ZVCT<~EGWVEdZ zXd&vaFdwZkwRb-13uFQcuExHWZzTWVBxA9A3KlbY|5-2ZDLQ%M(#YV|Z4)-eYh2=K zjHbS)i>9U-Pd|!ul?AAL`cY%57%^>mF1ow1y>pS4*`am>XLejjh7WW^4$N^1p97^3 z)&~u0A6y~0|HAO@^m{aYz`LM4a3VaM%6nn47O#f+$Cfoni(g2M@pXqW8KR7h6G;71NaS@S7Y5lH)%iQP&I>lB0!q6nM=DS&s<8iyo#e3d%F>1Z#VLMQEOs!`HI)Xvvg5w;+1^G zYkIMK#cO)8e8oIsr^#15BEuk93x6o>6MTlIE2i~ZV<~vcYK6K9S;fVUw9Krl8&@;a z@-n`i#<$s`$3zN)VF;Hko=jYdYbr4e#}-v~UBZ^Bb(L!6U@%=ZbtZu1AgjMX*jA< z53Wj*SsEEFF2V4JNd0Y>CSw@bieX^)C#=K4(SnUVd;?;`T_NgB8}l$cjN6yd-OR%n z@j~~_Z26*GqO^>{FV^b)9A)2pQu=F=Wi5(v~I5c*q!6D&P`KHWpI( zSV-k#A(f8>2s!h1Yz$f4L|nmDqty8{Bs78LWEK+7vzF6X196n*Q&bs8D2xIW13mvu zW!k`UHVZ6g+^!EScjJL&oU}2pOp`bSmT6Llz%rZUEqv0q&`SUU&5Z_u=AW)m0?m8J zb}$9dW`MA9CzjzXR!-#ov`dK`uZCv92cYW+e^Y<{58Uqz{Vi{ItNQyV#u_97KR8m2 zJkyTtBUu6C*7ASDyfThLkU++xa3oBRnD3gxkpL}F#%msa)+PcUk>P)TBoD+E5ds18 z7N)?afFuSd>4XvUfVVY2c{}b;R)L3SHJ|%^Ek1wuGxv!bF?<~&wV8S6E;Y3t_4&9z z&CA0-a3+Sg2b%ty`g86R16lYR=K}w8z~?;IyK5oeIx%5p@FeT-h2=_xFD!d1d|~-i z+ZZ#yTpKh0k=`QSC?#l)Su82iyg?H*U&h0>@A9y%mj}&j+2=oL!fYyhACofrDliOv z-;C+8FW&-T=#T2WEQtP5T{8yJcgR8XS`4D^@io+KtJ*sfqeTwbYN}i3YnWDtA@xmN zD1^T6Az_moTpws0T%Vx{P9N3zq?kEC_DOLPXTj+M9hGNh(REDfM$f#xh3NX3LZ%#N z3g0JT`{*%eO^+=f29LQG9}}bPYwJ zvG-5AP`rKLBf~a9EdCK;LkqF^iv{&@ztKG|%f-namu3FM$L-&VuOPmF#o~EqF5;c} zEbq*}@XmaNcjiAS0j+0|Muv-+3^6ueF|C=16038&nX0Ur)4Xbcu*y24u+}%DaElV9 z&+vUTc}I-TTK5e`>3{ZR)*Y-GI@wf3IssAobyY*}HGNxU?FvF1dZ($bYUoJQ{wizV zy05Botipya_;o{7PNuL;s2Vz>*G5)E|fgp9=u4#V}ITF zJ;s+IfY@CqZKj}m8{_v4JbpjYFn<4mCVr3gfi&@Dhqx!SK2TzARxg=PTpc-ne^0yP z_t(HLs&bloZf5cO`!qt1ixj`V=~s|1;GDgL(wAF{-#ewjihSo${62Q&ZQ-GmUVzt+ zir3)vI{5;#Jxsn4;`eeur5DHR&r( zhVM-{d`n>X-c(mzRr!eN=c=I-OyByR$H6=vNADOMy_eM0Rps0;tfp^O&P_Ci`@tB# z|C(VtU`H;EhHpb^Tmeiqkkp}p)3 z8_=k4`(i@$O~VJE`onGE1Mu7q5Po@c{}(w9W?@tB;WG2$ioT>pB@Pul^PI06DWVH<(pj*752dTzHnb=I!1zyWFjE|nu@CC-|-0I8+NNOL5S1=4 zUr!gnn26jV2V3`)!-Ca_#PdJcVXo(Th&D1ETnq{|0^^HFIle1Yp2U*HC- zAz$DT<7wz=#uos2zo?hDo-i=I9fSd=N*GvdOc>BlKZ) z%LqCm8z#BX{MCFsJlr~eU@3XHvG3h%#2+|7A^frW$%uMoUKoEs<}cY5{u0YytsM`~ zx0OIZ@7D(zf#B@*L?HOnZ#4vhy9R3s1flhhUy8^dc=osFfj@9Zf{s7%jyIk@UwfB* z{%slie10+e^vq?SWkvCfPms?(Kg^5Q@(J)Pz$dWBhwur8$E$pT7|tj7*Si!1KJd3> zZOy8mZsbAWi{lxefR^(vv8&5@sbUp=@+HY_Vf0;;j7@GQ^|MI`{`pl6Xix%UIk$D#9sv^HaZ3PIJ`_ z2F2!{O;b4)v}0bHyqdr5_0M4Xn?&*M2Pob>j^f>;F>sCb&nWf{0c~CY4ZiRSXq<7O zEj$O@f$TKm4zM=xh5rg8;fVLp39%#^MZz&EP8W?>#f|y*zvBJN>b3Lt&FAyJ|Ig&l z85|+Ku-ShN9)18V95-XSc= zh~k`y&ypBVgtDvwZ(t$k4=g4!NK@g9#GY#^T$ac_-z0`=09!z$zfq0;TUGW*<(;NoGJ9laRi(q!K*`JZT7hIynF(7> zbydDy)Al2mJ2V1}F~9%+WGLX0$* z>WNZiz-KxsVq&b4dt_${B4a`5bv|{^hn!{7V^j*r;~ma2VX;yOy>3-$ zCY9qs9-L+Z@^FC!FbVbET$IO6uyqFH@ioe$WZ1Wq@L_XjN<+VIe8xsIkxn=XWx}ve z;rIlZgd&vw83RL^;|O?UR9PP{OsJ|zoxC*$#?4t&#zx?wn6|(b zkg@U*NFTm!K<>&8v>G1dEOK4EM2pHv7uI*K%1IUW zLv;K?paf;s)mP>86^;H4&3S`4`t3=Z^APB=}PL;S*#x;5B`FyrflQn7;?zt-?Cc&fZ= z7EioY8eA>MKjw6!ib;pArL|@6J7{^lLcmxZ$mpP7-=xID0R%(5Set*gn>8yjG#-Ax z0smruLc94F?{S990mg9ArtIXk5WBZ6KmRY3Z)!q2<$D?95B=#HV}8pnEx+Y_$+tAV z-SQn7Z^&=SVEh&~CSkrLnZN+2vB^sz!WVgLVktx#*&{CNW)c>RLH^6ErZ(|kaBlVT zxwW40VQ^~V`Tn29sfnfhx88uW2Qc~$U5c|uKOpE?ubH-uCOtld;N6{tS0|nqIWjOy z%)uj7Qu7Ozsr)QWUX5kER4bBiHI73`hw-xhZY(cgR%n<$Rb|GD6OI0P% z0)02s)!>|6T{RTuYhn}TTr#W@s4~|G-p*{h$FOy<-B0j#0pd-4)w<5ZD*9I4e}mvB zDh*5*t2vbhCag=?oNNI>0o762A^_yZ%G`99C z^*zU!)OwLGQMmy>?gYRswaOfxck>gXL-ALZAS?>EuylJ7T+PxGb4 zNWRZTpMUudiEf{KyF@cC&3?10%ubDvI~&Z;zovX=N3~17vl*Xe!Bs}`y*}#v%l8{| z`{es?vqpb0)SBCe=M}e0j_C={~zBKNS@uB?@9NEUs7>tcmIF|-I1^#})SJAlM_`3Te zvTNS`0qYYS4a8w|L_7dQo50U;jM{xW#a?uA)B6mW9L9qnLorii>VR5nR^h*NW94S& zx0(Mkhw)$H`x)|ISh@^Z|9SrWBnZ(}vJhQ!2>(SNude0mdqd*Ym@cCo@#+K zHf^|B)meFcx>f3#HTou#P&!;&|2y*fbcZxa<-goSaj@74SA4Dar^Dy#-%=|r1qaj%t4TE*{zFWwbp&Jj^u#)c+k`2cLmIZBTJj`!- zJmiOuhZoH484pJ6m#OARAX3{p;J4?u11?iK0NF2X;p3_D2mT8#Psa76mm0}G_y=RL zKUJ`p$@|ZGc~92KoAPC(wn^BxLQ|)B2G}obvJf8%A({q{Qp_C+VU+=+1m_Y|inP^wnYMaNrmYgdinLXNT#>d)AS}{W36`DCi;csVh{eYB zL{_6o5#8|iO^UjTEE=PVXgGaIBQ61rSOshqJs(OaoovXzQFQ_gsy~xQ9eccwenv!< zC=V160|pJMQ%}5#5VHz@CGa;fq6*zo~*f(

2jDgka^7k<7QT0Y;wBsw2{sOJlO6#0CyEuZfNcD@&M=lgRD=i8pt;`xTL^9|FT z&!IhENN5G?4$J%^l^>MA>YHN`0UbZ6E{fMTACd3>;W^@1Y@VU3ru}ty&awC)yqfkC z6M=1kGe58&fGm;k5KkdrqO!N6*+=!WztYyvwuync4e>H-;(F@`K)?xDx9!Jr+Sa*e z5~hyHO>Zt(oFjD_!s=;n6c%)*{0}36KheoychB6I2xFxSB>?EOQCQJI-00p5HBr|2Auy&<^1oM!_SY7ng0AU6WIl3CMdu_I=@4p#b(Pu-dTud$2@e2qO?1KUmUxV^y)09udZ&v(oufP9 z)-0zf(RXG}PIh?R@9VoYG&`mH^PQgMMU-$KSHC;Oui8UE#046xjwtfJ+e9jaAilYN~1j7XZsBheShjl3_-9d2d&m zOrGfhA^4m4&igbK z8=7%ET0$1%&u!!RX!s2PDs}itjPuin{a&J+4##gYI)!#|yJ0K(0i;^iP%ZAp$KQ9Qe7pY#X zRT_{2SD0p(W@4?jrYQ%UQvXW3yP5E>t5B4g30C>t`V*hpiZC9f{C=U$a^}G$`U)rMl?>CS?!h>y=f4R0^s5g-)9amtT z*n9wEbJI@*FcXvE`~g7pLwne}5m01{s%w}PyG*PGDL$hKo7E1dm@iX+#zEJ01 z5U!8SzYb}f&qUG%yySYy3Dx<45F*_{(V*Wu)%ECl`BvD)ul4$ElQJ1zMdGDm@fAE@ zF^M=Un$N$bF`)ux#dv?O6EEUbfjc>R_@$ZN!rHL=kIFKk@ON@{uxGfmuV|07)54?; zPVqztMNa~M8IbOaWofTe)|1QfF4M`|o_Quj-j&3i?OfKyNZu2pBgxw#?m~G#sg*a? z2c(xBX>bA`y4ilf>`VNW8JV67PFH zC9dc<)+UXt-{JDUowz`q`*k*wccZx#d5f*cyC6*7ubJB{@5jwdy(>VyHwdLKX@m`E z2$xA{Y0MKLusBH+C0?PehMB=JK^Uj-KOjMB2OtErp_t)DI_cXZOP_4K7>KG>n?m#* z;7gjnL;9croHpJEfC*yiY3PIZI)=^Q@g*yR(?Ue=6n{q1Kc)9~Y*JUsufnF6b)ouh z&5GxE_*G%EHozAwq838ggU*pfI;o{`p){og5^z;Z-yixl2li*kIG$YP*MbKzJ zd?=vN8*vI~6tZ4x%*2T6wf3G#_~q-hFwmo{*J_&cA>~q3a22YWSzUHVXr0XGa554{ zWMHvA^vwR`CTwN$L|qBRc~RU!ekeLpZA|=vOIvW!J%BA3!Es7U@SN#hc|8@bPw~?F zlpD0`Q^X2{TRs4|Wxq?xvVLe5E3DfN;9`}*34*(fu-5&Aw_L^6s{kJIZzbR6UCZ#g;H>NV47CWEM)xXm!SLGlxwk^~@&N zWKx%W=Cm9vd6w#9>huq=qfmV2I^}*YHN2k-`TfA?zrZGLaUT*`J;$lp00Iq39G37v zmo#=qKbUoQ^gz!%h7@&CDt0aotY&Lia1Di(zz?=o2-jP2B*b@Wwly9cS2KKZFvMoq zDF7f4zX^eDutl#B*k%y4McAeWV4FEqyVII4BQEHD)&K!?M)Ks#wACL`>8F^0M}DR- zCm&C>-b^TuU0Tg(RLe7>wUCZyiJ$-Ksm=+YB6Cz=hoJG(7XDbNZUV+}tqR{JSRB{B z@NKdN#MP9$)FWYDVIB6-?pY=Qy^;qCZ8fgNqA#|Yz^F^4g^Uvfx#$v^bxi3qXkUPc@8Ge$U{zOG@m|NgV} zkfc1X-*c)D=xC-~R%uFBLodga(ge3TJ`7VbD4}=oMA!C|(36Yj38k+P z@`UTI33MVtbvWqsF$bN}C1taO)CQ@ZOicnme& zqguZU0IK%X@6uH6La&G7PgJ=J9_^&r=g6-{f>t%50Jm{d$D-8mQtihE+5f+q+mC?A z*K6#@WUc*JFIzBRCQ<4##8>*06AIGG=7CM}k1ojSga*t7n)*^Ov2uP^C(I95Bj?{6 zTqE;SP7*xTBR(1}mrn27&0Curz_v&jB$Rv{ctVSJQ9R$11f5lh_>^62!Vs1i8K2q) z_!I`}z(7eT$P$Dybc6#}F?1>cE|Q0Zx;ktWRtg$2&_)}U?Lzw{a2l~GWjrBAtD0ef zSU^`^d0gr8NJf|D7`hom$yUkDYD=_l!H;nC&UHDr6`2ZKG>`D z0pM553BT&`!`ZF|eNY~_f!CKZl>ht|<$te%{13*qS^mfc*WmRWzcL|y^ zS3O<_FHAo{cLe_6ZXN%7EXa3o8q2zZ_!Xx3Xc50^Qt>O8p*wQ?sw^gahVCe=ctRDf z6`S3y$FA1r~E4NMgXfl@;*rLRgYn(jpY4s^sgXq4q&w=@1qgHt2DVd zPWwfE@%a>aPcCvB^4b>5@?O-kyr&U-)#KnPBYB@PwX)6&~luAS=Lh_oCL_hc1wez`9dLzo-F085M5LU7wgq5t5es*N( z_mMinEZIva^_h75hvYAmPE+_xnm%Z7%0?i-SKpI(drWBxo4|#V^5AqP`95hZa}dnj zXHfE3d?*aR8l#i{E|7nLI)w|o{@GPw)3=ZtY5?N=?KH2~09c&dra`dIsj8v^ajgc3 zYvN&oxXeKf#8veJx}IV9R>_!%_*PW#Jm6c?WA*q}y$;{XBa(L6&QN@7QjCIcA)Me} zSw#5OAIInl%l!R2?*3af8ChD+z#`*a76cqT?l&3Uh1W2`yJof>?|RJ;?<$No!k2Km z<#?BP)_oAsE}%DM=O*+|&rO(=$G^Ox3Sxb9e0UULPq_(i zcf}_L_zAvtpmlc)6XX6#Kb5c40v?78`SAN)rQmbd%QwUB_kqkr_><1Tus=nG-tYsN zd3d~t-7u}NQE&Lwu8ZXxezk+H;0@VB#T+)1z`K6b>uajA#zX18z)63~-~0H}Y+S0Cvkl06T98V27)@?c#DGRe2;#aj66Bo`CBEN{4sJ z0Xw`i4%qD(iHNiU*nJn|BX*e%u*2WNqjA9QYCNF=*mXM6RR`F~wR319@x0b(0N6FG zVSwG%?*M+Y8&t!2@t}g+y@PE+tJ(Aps<<8Al|LSKU^N?C`|vL!fvxU+p71(dA(w3b z^26sHucNuPW90k&)#{gE#ST5F=T||!NiBhT5i55@?d#g!${lCw*0IVRC0L+@)$E`G zB?SH*XcPE{iGgK%>Zs0mHA;zT380hNrab?PYBXS=R{;a%JpbK+u}FFTLl8kV*+0O7 z=a%fhAC~G+)BI}_{C^??hAe4C&aBLh<|=D?{%(W}8F6Tw272MS{x3IJpZs5jA70#% zOvhWk>-xWdAMOdq52OCO@x#>&KRk((`+p^V2wFT*Q?bIO5iPH!&?geV@V@~+{5``D z-}tuce=B~dOY2(~v=yuLo%hNdih*gXMf2_fb($W&V zrV;+Qt?l^Zc0>HJZ;TP1mmFh+KcvClLtk1a)Gc{upY5?o-Zv8LZ$P!v( zWoj+yk1AJdNP$$@8Zkr@#}xTC8!d9xZHvScUN7N^u$Qs~**uf`>C`10i$pv%l|WG( zG60I=@3o*PRR@QsIJjQ{Mftq}E*h=JMOkuf6&Gbmv{hV`C)Y+$)q)qc@Vl_cceRwI z;Z9w`(sHLth!qmzN=W8%%vFH5=|~*i6$8!%Mwk3k)kG=od0RpkVKPOqUKplR2!OQ za_FqP&TE#*YlN!Km{sxsK)06wpA}O}=G-70m6J+(RrnT@N&aOl|ScLh$|MTa0NLSsu>$&HibM86kp1Y}=t<#5glM*I!%VJ_B%$fE;Rvznb zH=UUNb`*!_>)&H*c9IjKyDLV28;IB6x>dT8ccn>xyRbX`t=qN}`rCWD=x?vq^|z4N z#~Ttm1bC_TQL%rr(*~-9a`vXyWA(QO;`O)TIsxjO$bGHh-r3$FIM=zDHbW z$!_(xng1Wq-#+_O^|!$Rh<-FnHf)JQ+AT{*mI=L z?W?PE|2KNx`9H2-guQLpiR*Kh2z~C;A0Jzv`-mCdtnUgRUB9^gKcvsyb8PYA|AIbO z!23k?x#tUg?o}I(tWw;hi@cm01{pDT8A z9Hda!;p#g+((39uTzywaT3tPmp}un@t*#!(P~TlrkV4vTLeES4&+hcRLAtUQs@{Qh ztm=KE&ZO$~uF+M!6yr&cHwVRF{WJjBwwkm9Hvt3Gn~W$;YX39!RBWF6?`{^)g^_@C zr1$}E0wVB(+W%c-ajCuE!jFA9h!rb3X5T9!)6IxRor-H8WTF3-=0xp3(;RJo_OaU^ zF50)nw7>fo$7nxTg`)EkwtuFn{oPH+9)FVbNGaM8Xk zrv2SByKP^c0OY0S)c$*#61Bg<)c#+)w%@~OKSQ+d5$%_8`)S7b6Skl4vNcG)9mwNW z>YWAaoxX#)<(J^EwY&%}H1_dh)U2LGbwb`R9h&SJCx;uH;WgfU&|y(Lvqo(r3Ug>P zXnkheOZG{#drp@;tEWp3?CCLG+O!5_DsNw@^zItg98JgT`K8Jl*&>PybrL<4LOhCgTEKWUgeV@g(i8Tw|`x1l|&J_&t?-h6=CXUOUpRJyB*mJsTy0MTxMR&Bjg z9p45DTY0vrzRXqg1?X;Igtx7)*yXa-m-k;;Ki^Y=wl=NCh{n?R>O=0Lx|l)X>-+fX z*k=H+p)KY+L3X_WU@S0nAj7^uFs=`N2$qM+)}gXYsw}udB&wn4TRqq7 zh`$SXWT5^!WC~qQXg>{qoO6JneetjrD7YE_*H4#18-Rst4OHoC3=Wu}*Ab89mz(%y z!s>wgYiR;y1NXNO?iUj7k0;!3!2h+#i8ZikjSh5b)@7;3l(!r0Mn}O5f|;;D^V#qd z@0{Hi$g*|S51v+F+XjHW0aiyV>Zy}04Tiy^(WTVM1ud+^#dOKOj*>Dvwyt%ut)a4b z`eM|DYG&U_sJj*aztQX4hTo6z`w9MkF0jfA!%;&C%2lidB!ISSD=%1_xEqq60*G>h z82vUH{iQ4GADKO#mP!Niu3hy*s1AAS(B;!am+ST5o1}Kf&~@O(q0esw3Fz;`jG&m=P^bJ_5Sgfo`+xK)0XU zi?@01)N$^sqPpNVWYBgI!nuGKX8j)RGH*oO-nvKf|7bg=g0{K1Q3L(PDb=~7+ zDA~Zq+}m_?q#(x}j~5zxx&Ub&biTRl_G}dtxpOwC;_OWPpFpZ-dkH4~^Htw^LZFOa z01>vW`Zw^5=h$;`EZ%}lu!Y~s_Ydas{ezHPSIXU>^xXzZ-xfDtX!l%b^+)ES?Qd4C z@N7Z*-{bcXs5D%nJxB1|wrXOid6hf#K0J&=^{cK4HGz|I@(wVsrg8 z$Zm%v`Oi14gAD}vt7sieZbO-MD6;`;W(~?Tn$||K)XbD^rl;RR`~{Cok(dalhOm7aS{o zq{+k+1Ws&wIG)M@3XiJZV~vT4O8j@agxTgbHp{%mtmPMtRZ~eaF~O_2r{{Kk#eDBl z8YG<`G)lGg)1~_%#7wK(E6u6H8o{4La>^yd_|`|{luKzFY*`zrM=%HD&Hi?bys|;C zcPyfMD>_(GHW$3Tj(GcQ;_Z^)?YZXuVolvi%cN~OFEk?Zvv08Cp#=|Paz*cE>q~C- zUi|LC{~yrV57FQ+!1rm%mXPR9e19ok+6CXo5?)_$xeFSdzQYjIuUGr!B;qI7 zGH2L}*LY?)ir0JYa)#@i;dLaxBwi5MZi7zW4_uhG2B~W(bxjiCi1lbP4Kos_1(0k2 z@oYes+S*yM>N}iUHo>Vn+nl!5l``q?r=zYM`ZJztY%{TyT{=toRBz!E!FEFUzUgCs ztM@)}3DD|_cTpj%v8yW!h(C4Hw^o#xDwMmcE4Bh^yoPkpC=gZh zpBs+g=oyqppkV-FmzyPF`T>TLaO3* zQVrcTURt~Xj^=o9hU*Exw}P9I6VM6ZI8u@Ceo)fhIf+n#7;2@#53~ zu?p5;^g#<7wATg?Qm4QXoXioh8XlmXniCvhhS*QjQW#8sZn5g?fapA7=|21(#P1Qb z^P{Ql@9<0O;_GN1bp8Mmzsf;e`$=vUTTF0-KM{+d25sElu}6ej8c~b)7u;vm@IL0I zyaAZpDIU>&z30Xp_6C6bHe-h;bw3}EHl8Aq-4%Q<* zx{zokT0`%e)=#O@2$D|gCp;j2{k+5^z5jPdBJ1b80la<=*_F+4>u2U`ru7r&Px3p0 zoYLwF{E=0Ca=;F@3c>UyI8i=E7$ygJzev&87oJNus#?%kgIv(yQd(S4N%|&`XBEY2 z_wjw84bFlFw{5Gmz|%u)0w@-MRQtMupOw!)I6JlPszbB0E?;%fW1qHakH zUUhI&hf=>`_lB=Yt4#5Z-36P0K&jG#aWI?#zlo`IX`C)c;KtKq8$XcFjZcuJ+6SB~ zpMQj!?WAUZ^jIJ%I&;w~{6!$(nObc~H?`VNwEDKrVIu2M9Ty&aQ27Y!5E(F=2V`~7 z zL9uhtQUMFzn-a9bJ-tgP-RWyirf(>e>{7P43NW+vo$R)_h7D4+l6`1T$xrr^;G3zY z{*i$&rhgRi`2S}A3cB=f0NLeg?Hm}tSgO6n8QFZhl_qz=cGlhp2PE^{y+w$F-{%!^ z=_}CXAk+;arCz;mb{5rE)O?+f%n77)CYyylR@jb0aggW{cT{})ot4tB^KVIMkF^3x4G!4^7l?>n5# zd;c&C`c1EqnkJK@73$__ktvt#RYCt7YNR!5i($Ue7x;zP<2`Ep*yC%U;7o z7fgpS`rnwunaL$XXD54GgS6TsZKWNnEg`Q&>s+PRDb-{qo16A-3B95Nw;zDJQSt@Z z#6|uV5Q4a|{zU4)Inma9Pd_VG@t_>?6N7T^ki#GLY$Tj0cM)u)1r&2z@{^okuD0wA zv~MHOOEnZoGCH^3&7r3Se=^N?jd{MM1!ZI~qB)PnkI4M5I==b0R7B?gH^(vmNzwTy zH-MmiVO;|JlxkYQP-4Ki;60=mWA=WGiJX^gANpXjcTJF1m)pNhs;OZg>ZtxLru-vZ zzSf5JJ-3*^wIz5rzM#DKp3oWb_vZ=Z&<-92IT$O9S$SUuO~06~GPCSu*&;a9VyfuB z4;}-{V%m?vw|CI@f|8*>^E_+9wSR|RBqS-jPx1$O$0n#`7O3QEX#sggqtfi@rNgqN z8X{XdMfGkDzQAGzicXdMJG&OGi79%KxoGHKx^w8pm;z-tW3Q53Iuv<3JEM939U4J- zFO1E5aU^eROy1K(rc`7C7p!H)2F!HC*5l1|MRlP}y`bk)bKM^qo%Xh&l?lnELnkDA zKMBs{%A#dnHkWxOahWU0U!7F)9LO3}8J3*1f|uZKOxMLm?v$D=?qgBYHvW?gJEeIu z$dp630>P$JlSjD8xTKQb4nEJNR1!lthuZ(@Wpv+@D{qE&->Y#)NG3t3;eCOSWTeNI z#tAXxkM6XzuvP^I<`xKhW#bG%g|wBi{02E<@QX3g%9xnLn0Rp0UU(h&`K%aF)`jgC z^s|@@(t1J}s#jah0#H2!Aj`_?2WMwlq7slU|Flyz)JW)|`2G!JS*A3GW#SX@J3$Rs zKJPWi;g8fG?{K1<)R)iDm-35<>yl~9Ny;+n!6VcILm1LUA#}jo12f*&snlbxn@H=V zYt10q1FHyzQ~6pteToI+#XOFBK}>P6ein!4nIp)j?R!H^@pziz$zqBz*T(#ci_|HJ zf=P4yrT-O^J6>D-N}}^YBp##o4`E{dFV6aKUZMRhHUlaLwTE5kiF%foz9_fD!9eYA z$1~I)H~eqZG!LGozFFqI4x{M-HgNHXuM z*~#IlyyY}Afp>W`%lbiU(Kgw(S9**>xCAHDaRQ$WBO3!>3-T4<%Oq}rZ-hNZs@Y96 zmhPp@r+g^2a3ee6$zkjV+yxCRV7M&oSz3I(n%YB;;acLhG#70HBShL@+13sroX^iZ z3~{73wTDxBp^;G2_g7wU4HYBV*KUkDJQoFWb@4O0p2mW`I&D8lz5%FZv{ZY^)uV=9 za<$~2&%4_uw{5TYQ)8^q;z_=nkZ%k%jTTEF4f2HoW`Di!EYgCTNlc->(KVGo{GZ9; zk7RX5xOC_x$+Dt(w&*wWhSItl{|E9TG`&fTZB)gf!DvF;avPrt{brAK>!rz+75f&p^MD& znN;h*pMNxslxkh)ClxfRgKj~;^t^*zO3V{ZZ`!IjFM{m4RA{@Y$#s|_FX=VyMyUJ*9qK$Q4*z8hvlKsTYWgA@<*fW}BX>=2a)7DpsWPpV4)hho=gbZohMVdC< zNca*7F0zd7)ow7-=DijvcrB+z>%1)b={zI*t_U3bF;G+N93jWqTJ(>%8ghl9tM+ZR1QFx$A5GVBxS|#5;E&Cz! zo=)qfU(q&~(!SWVK02^I{wCJPTgLj(^!1^5@`}f)mt0^Ad8dR560DDAtdFbBJp*}R4Pu%D>YGc)Gq(k&kc%pPNa1&0bL9DQvCi~L?15rOU`8s0 zlgQa;!E6io4wmt>*;pehv+}07l!x;shfZgIaLdQM9GMy|JV*yNZ67(6wQgzjChUR+ z`NCI}U96`52v6Ry-L|Uy9KOkg?(;w=!a+8d#>RX4!Bz03v|tl@>r^&D19<^$nP)f^ zEleUgv`vy@SGd{!7AnMEpcGzyLAgGdYqxysP&9`$vR*#0#lC{~A_Kp5WUiv(vSKS$ zW~TBJO_!w? zR!P1esWMw@c|Pj8z^$|_9;ar34D6A7X{k(4vQkD3%}VkrJ#HSW2F)fnujRI_zh>%9m=^(RP%PK@rG64t|!+^mR_r zHoMZniy(puR;T5Crv zoVHEnSGbfN@`3f(W@Gj{n4jp=cuTTA|D%UyC429{{LA4rgaZG@%!})DXht6+b)^M< zo)72EaVmB2$JHP&yvj@wwImZPp|o;_KXR!P!kFJapsge?(5X13nJ-QY(zX~7a4PTf zyD<}wRUkch53|Tkl5Z;ymZhl8EHTAS+cnHFU4-g8xb5qbV~1Y8K4!3jK1Iem(_$X) zEvE5C2m3ctkD_*^IZ|GX_g!9msHLxkG+w?PMT|2t#4#lQu;GK{A6iX(^_-514w`YO3Zw5^e=UsML%AoPtQ~n_Om4wykQl02m zD*Cm?vxDWf&@-`2cy0_6b_4HhU%8~wUxA5De2JJNAh1{4``N1I z?OyEzBkg<6v{!qV6Wo>~(K`PYt@BSt_D^1nu+v`}X@ikZd)Rop_@zjW8Js4@K&#~n za{uk4Ghis9&l3!o`$==DUCjl+L&$Mb4ij_+0+O!uFriA>2HDaAcvpNL46<1*Z8!I3 zuNMB3-uT%sM!NjWpY^miqG<~`EfIe&raL&X#h@6nuE0OpfCer|TTAJ&R|Io*+dh&O z+QC2Emi5=Gmkh-iJOhvpCH-{b@1xYbJ9PngPvCVT0fFBWe|HxgEW*mB`@m=$3IFY( zcH8%me=m;b@6tbDzI9!bWG`5W%I=WE%|_;2=J0!g-rAiD=%yLE&fE}yuK>Yz+de3J zCrDfbz2kOV%13fRGg%P0X81dXEMFoz?;@t!-pmT@PErt_?eh=l_fvEI91+g`uZ@kT?u2f6yz45`$YH z3D;PWgS-w}f&T-Xwsq11il9(b2O=G-pU+AkH7v_Q`uRHO=d*giOa=XX9n^~lNk6Y_ zcUd~dse{tTs#zBJ?pP|wkvs(&KZ{e@=lvCZa{3yfW6ZLkD75q)u7Wy_u1C1HP7s|G z`%ua*`ERH7U7KtgGK^*z=WM6pQ-4ql>Pv$LutGUb|JNZce3g`u((Ha#g4UoU;o(6B z?`>PjN9VIl5wj;+2Hx-K8N(~hB4|OSmm~q{iSF>V7U0Yz$F)q z9Cpch-i_?ZuU>Ms)3*xnXaYQbWP3#?aPR``kIs{QoyleAOK*DV+AwdD_eJ^uC2cZF z4MHh^qSICI70Ln>`=uJ%2uZb5lI%mLKzU5}odsVZ(&h^%mpvf)Bjh~PJ2J@TACGg8 zk@Fb(n1=9igEui#XHOq?wp3%cn1>F1_#c@P{5wILHy&@B!v1M)kMyBu4@Gli;5Ie4 zHS~OZE8iYD-sy|Cmqh08e`DHyNgpfQ6Q(8)oto_35ORxV2PD9sS;x}>YN2&3FvJZE zSqVNTUyLoN%d*M-E{j@!Ptxb_3h%AJ9(}!~V!bs=3rG|~r}|7Emf>mE*QNK<(1W6E zsEp{?hGRmG1)KG8}QOacw>`?%E{i1!JC0vFNG_(FIjy~&t7PP}5ov$mPNBy?FPRhE9tfFmBForXNv|}bADp&aY zXg}-#c9T9^wsekBFX@4epXXd+FdawLUqEwV+Mu}#n$T%1wF^sa`#cvJ`=|0z=1p0w z(t>h&w=vOPYjj$B`QeO6&ui*D?=mNZL48|Jok4dBvWR6r<;h_EN6Xyz@&##GR zNwvz~7za8sB;PW6QZ|$p_m%u~YS&q?fj3+Z?5GOXxuxsY1t~sNy!O>us?)+-qO_3I z!eV^^JNvQ!8slkB1V^P!`$(btXC0?W7rQ~&$(hX9b$$Z(gjCDE>%dSf5r(3(lRePK z&J5l}J$lQc{{!1{O8=;L1T=6}{(}u(pPD}}YED}>a>yVhriK)SViNrKdEfUi>F)jFt zNKE%UkHmEEGe}GiEW%>Vq(1oJylv!%{OEg?$4U#72X)ZX0CmR;Y%t5g3vwv{|<8 z<#)Sn>&otN+ZxIqbld7HCqi^hEgQu2b5x+8h0KU{{lZ-#)&^k_hqMZRlhYw%oB>1Q zK<_!^V}e}C$OYp#oNBRA?^!xD)0;+Xxj~pt(7E?{9BI4o^Y(efUpf}E78Uy<`a(xF zTe0=mvY+m1UNZb?W#1vV5iB7D!cL-w=-Iynt7t8%6Y+rf$fcubTPWX*Z!UGLMSRC6 zS!uss9X=2|T88f821xHI?Dt1J6ngTkOsRH|t+aSuf1r!Q z$oK2TZ?yhjI?0L3lN+*zTiBo9JnP{hP}PWrB-HydO{!6lp}}Nc|dZ~ z$wIf=85r9k*SDq0YQGZua-wwFj6hpBv{4R>%Ap*m<7-OvD;XC@BLhAc(&t<`Fg8E7 z0v2ePc%O}oe2!2MB7zSz`D*{#KN!atgZKWdM^ZxhkMXo>o*jFY5BaP$oWCEyc;@B0 z0(W3v`?a)?u4-@v?#-bC&kKJ;FX}_Zu0VOA)7P0QJx0_WvUeg0mmb^MdY^{8?E zCr)|-{lB5t z^K_3S@>RW!kG`kK%CHd36L;k{U1zscJp{!x(gF`!HSMO#&5l)UBplp<( z#!=m{L>|)e`_V3WfGaSXc)PXyY&K(kj-o|%Rl}2edd|lF1r9Ray+K+julLj*8zE*C z(hN5+CI9Vlymq(Pmp?*FJS}T~7z|_jZ;3tne!fTyyP2p< zI44l^lZ$&`D{2fshiYBQYo=<2Uxc4*kAh0iAMa9D zyev|eM%sj+tX=jcv1MC$>?V7(+T@;YUpTMWj%oa+Y{X+eHi6Bz*Tt-3)D zOeF8?)mF*sSSn?wu670dv@PaajQL3fuOKf_c+X@wv52fr$c?#f(xgDbbt#S#9T+ZU znYcJd<$f#6c=*Z^Hn1zp*wCbMZgE-2GCt^oiI$rklf?mlhwi8&fU7v*spFU-=`44Tf)xXe7qFkp z84EehM=?jA6);QNx^Wxc7-{gf@;Ar8cv%$%m1nz0)dBg07v4KTRI$@vp*NI$GkrB0 zDnDjJM{8l(h13E-5STcbjl^`dyc}?k5BB5-PW4EXBBV8K-vR=Sce5OrugTC%L3*E> z5z3S~{_jT~_`{^Iydnp#kH@s-3xvGlXiF%s?9qP9bvruf^8mEj9#=snzQcBSm@QUI z1T6+-XYpR`J@3hEWA$kFy`GFLyy6I3Br5|*DsW&i;XmP~nwI|w&6tC{!yHe>Lotq| z=m^?9B=5a|AV~z%Q;-O5?^L%%ka70Ez6b|tohHioq$%SlWE7J>A01B{Fp-Bt6!qa> zpA1EP?|ddW9E=8i$T9k0)%(zg`Vg2{Xr$-s>HDijy3;P$C!V7 zUuuB|AhF|^5T%I*;jD@bLaK2>`9T8-UWo^m2fM~c&DZ0j5HpUz{>{xlX1( zfr-nF`j+bT9hsk~zUY4Fr^t&PnI|eQPP+0K^5Q2JmKU#5yOBh^j~`tUd1-JLc`>;q zA}^k!o~*p+7@SyMT#*$cFFyA8$xyep+*2tpKAC&c^5Q=#SYFJ3JXT&@9O!12KKkX+ zXDNJ6LV5A!9$nv7179cv@1i;F6bHUAaInE#3skrxM6oQ%A9@vf7W7q#H2lNVjy zQ!6hX@tj(D@zs;5PsjHBH%^_rILLEq<;C~Qk4IkArA2dK6RE&k0%lb##6`M($Q2ms z3f!52#5S=|@6lY!{C50yAWdJq_t1CpA4`&#LzS6C|FQIQrZ+osX;n9p3oRtBHa(s) zajjwvO@teQpvs*GnlF#QZh^4sR~9W^mSQNR@%nIg&L=vdWN0#^*`}6I-ML zcOA(2QdH4KRcI9NANgQ(sq^F=D|09J)d9uys1isxZIad9E?Fm{&=jkbJ+)BEo|LQK z^CabC{;F5fl!~br^hQnFStSmj!Nl2nES|xEt_Eyes^jXnucko<=Zecls^aiX$F>q3 z+a$icBLT|Y@<3Zy(l78RF|{4P9un4vk!mx(3@5C>u=j{^g~p{=w`R!0Zq4=1g_%kY zOoFfM2FbUU0X53%QitC*RvpqYCU8@Sb~97LZ_2l~mQ#?zHh@C5g3&n|HEjr^?-p&iM|W2prYBs?3CFYl zlL~}@+RXBySl4c=iP184FXNMCfn+%_CId78%f}6g+JTLty9KztSs(@QvDu+@S?29n z<{eagBxY4kMhe;d@Cr%50f>wQ<~n3yPKRw2^<QqNrP=2ZGn_rkD)lhI6Ufj)&93dw-0N6r(JH#Y`g-xOg<8`VqO{WSuC^!d; z;jH;g73Ru(ZcKY(rl1Ks`Pc>J5|RopIUz&^=I1kCDu632?Ry}|i%?hEj=et+tDX#k z0k4JCa=~Ue?v+16l0Jv=(Q*~KX9!}D*ojcSkZ{j1jX%JWkQ`XSf;%jB@V=-Vq`M%f zs@Q@Y(mr0)Ba%sM37S)jbMcSD;*&?vEM;+ z{iDsD%R3!oM9U+ix6tU5V@JPnVf^T)WB5a9@IbowI&AH+{cYEtUYMxA%1-*WYaaEr zQ`R?l!+1e>PmffvS9^Io^>mr3^`_Lqo^sgF_ln!Rvh-LPI()sFS^<10mVFP`gRa*M z7NQ&+SccaVO6oW}88};%C^DjPg8rn0K;wJLA({ z?L6*;cUtI!SbJ~aLU0o+M+k=yO2>u-;=(kV4*AioeB&DS67T41sJm`;7Mz#^9_)g{ zAIi$%(1mgMn7BXTW|wVW`MKPqPxT)C`rmqw)|t;s(wRc{#i*YJe3vw`9maO}vTRJk zkk4K$DmB`e+NBN2M<*<}oy~eX1!yPKZ1AT5w%Zi9q46-q!|+Z{fUXcKp4IpBH1P5Z zW067en~*_d6q<@CYVZPX*FLHw)Hq;Z*f3UPc=Jq%seWog;@G-$L@729g@g0=Mz8hj zw3IC_3~tab+QPvDhX_-|);-_=?Ie+a%S-Sx$`@oj!EOR`sHV-p&)XLhsoFmaUoHmy`($oZ7_iS}Vc?>9^y8=V%0eF4GAFS-(B(caT_Rxp z2rcfuIskRKz&5wue(GisM=>gKT2nhAHH4syYT1#G5B86ZPh}a zp_8;~|0bYj(9)Tn^!~(2q5)7X+H{ZYavO2yK4pbR@-JUFsTr2wyrdOVa!kG{9 zg$2Ll3k#fq@pL?0c=0*|azb{mv92AA~*?dAjTu31|>Te^F>|VnEj>v}f(G=gXKz(>3!%f))rw_Pz+96|HG(42eau21Hn4p*KV@Dt(X%0$6aEWkreZKj_4MC zF`ji>fszber%d(7Rjb{7m)UbK5q*rQ52L#Lh)K(o;6BQj{8Nm9@NA z^IP1u10EaPOCOc%zedl745Nu$0hd+!T?Iai(!*j(FGXo*xETe#%`qJ@&9_tw%F=(Q zmq0MZksOMZ?{l9$sNkH=}o&udUHbBbY+5Nx?)dj+(*fj;mqmMMr4S= zA2BTGZfC*eOUIp3iVRA7S?sA&Bbp7U7~EP>t2VGYNZLg}z}=w?TCF_1I+Z7cQKbW_ z05W!H(W{*?41#6M`j5b}gmDF=<1|#KMM;PD!X42GG(jLfz5#E#$>}<9gO%rt2&0E@ z=b@kgkURrY;P&+$fm!R1*p=;e-&b{ZcipBFw}*# zRkthOhR$Yuv8xUXs!&qbE3?*PoHtu}YkafSUj1VdHlJnJ%ENBPCZ60%ld1?X$Pwt# zoZ6BE%}=Q^tHoSsMR-$Ek}XuxFL)EcO#LlYzO{v=BkclgoDUiKA_qJ7_wk5-QxjNLHl5_z2xs)Vtk)j=F z`5QmZ2$C53-U$5J-#EfMfWEvu!t;;Nxc9@h zOh7IlrMsQCau`WF^8ZLySZM)8g%Pt!Kjwz!b)4-b)svbriLd^D7j0p1fkGt=(G&sR=?` zXNu(eHL@7JFX?P5SyYI*D_tZfmoA!yalQV*uBr~YJm(Av# z&Gy;G&SuawakioNGvdpqkuS;O3k+|vV7zIYXGbl`01AE6l^1Us^I;&2*4KmtX%J_kvQL3f$2vQB* zu+E++7x9Nl)@W3xz}O4{tKj)@g?vUKx~E-MM`Z+Wr3YVq1~E`bn0_l2py)Ov`N)`m zce|E^!M<&c3W_lFX|rxc$A}sTX9_A3pi&x3$&l=ebS~{~6Y>yoZkwasGtuDR>H}8o z^lgy-l|7*y$EctrTE4%z{Kl=3@+2ls%FwspeZb&Tbr3e(f}RrUGf5yFHo+NUz}O5E zp#O+mNP>bs!bh*P33s*QXh;>|8xb_ zF(*#AC(xgP58drwAiWSM8YuWPu&nZGEcBs5HmjB`s|mx#L@{iP8N;-O$x)e}zG-&& zq=dfZ$Nd@m!=au0IIJfgA>*tkY|!TSL7p|n+ef|e_Kxv37)tNZYw`Nq`2J!^*xc=q z#IZ}IO9|>(+E0N1Ja`KxjdWe@P;a$+cj$dPMty`B0+^?ZmkiS!Z@*ce#Z&KhsN~d>5UQkL8S!z2Sx#}_mr0BLwXNn-ee@ecP%kKbZA8z ze-b`K`g2-rf3!U}CD^1VoIhkvW&Y&t2s}pGr)x4G>Um+g>%)Y-nF#xHv6%83)GqeD z(6CSqf9{gWn7kRt%F?8-L#Usmk*i7hGyp=v_j6eJv`Dtphj-}O8QPHkvxD?K(VhAi zVoRNdEp?S>AoRT8R-QG4b^T;tQ%2~bs1D?FcG~Ppa<|=xe*2no4K5JCAayRt;fuQH zb3jk)jm`b(U3#GfZZvCzy5MIV)TU7D3>gr}LL^6vcBhY`_N$lEtnj4t&<>JZlcrIK zhRC|^PM;MwA=obm(>(swX}#d>LEy|06Dr1v-Xn>knnN0|LSzCRXE+PcgThcMGorGZdo z9HYuTGECbnAL!Cc@<1VdR4-p`z`7R?LP-|v5|4DB>f4)R8T;jlu*^Fl2Fs)x+E7O@ zO-Ir3l<7qA?aT>B!?%P3SZ#?6fR3ggO@A3TIPJCZarnaLw{>#w#>^2wp_^{XFxFGC zd6c!V`Z(f2C?UgzoXQnRW6urwCnl0J?BSepr8N0;A3=LU4` zoObE;$L80(_S>~{_a|D`pozgTUFJW+ujAI|dt4(Y*5SaZ|+8+v|GJQq&E^Y6s--Sqspc&?)7D)IbBdiIFt<@78( za|=C-(DsGg{N#yj$~hF8x?dW#f1Z!_&}9RXn2C3jf((q_Yf zCOgTvPJk~*VAYUz->A5lH@c}TUV?{bsh#=p1sv;QuH1YbEoERe)`U$cE^lNx&lRK# z9?`w?V!L;R=$=$Vnr={5$$A}pgRjq*tTz^$`iKgP!g^hvTTQGb1?59d)VuEQs8^2E zyUihnJ&CAw;JOmw8k~ZvG5i~ICF^a4ah}2d63&_sANJ}_7qs1&(%$32q3sH-pZFhoh@{3_pG|S`B{8jVAN#4vzCN6p*iiW;9#q;r- zS7PSlh0>FokMdG|K8C##GauKNp74D1IxGuqbymsAj&qwRGKY2cW`)y=CC`OS~ zlgHZfL+Mftt>mSB@SG<3C*pbe9kcHDUSW}HC#3rJ-j~@R)s%?TIWvsZJ1F&1PA$J{ zrja_6QqQ2&J7?W-zma+`rS_oIyYBat8L6`hnkh@{>_spJj5+&gCu z*XvC6?I|m2&8(M}G^nXJ`09E!R@*9Pm)$KbsY|NM%4!T)q}6Z#eCFMAuc1HQfp8p1 zonBv;A-!4mwr3`Vv%7|VJefsnY%K%V_|{l_2Q5qc3`%MgCYhzljZ0G+m!>u@O>115 z-ng_!oT7S_gPCWRIFZwB~@8@ejDrQW5i zw}*E~R*R70$L34fqjF5Sq1ie#HKN&aDJ_(_BnP5iJ|legs6u(zqzrFAmogEEy+?cM zUE1JIvbq9zSF@fJLM3+6B%!&KR;_$2_!W8D3;l;v9hnn)6@QCEe{lwqL(e7)bEAF`u5)~-{WZGH;%Ih#i@ zVQ~gd54=rqs}7SWB-N0YK;RE-lx5`=4e}rE9!bi3^rrlYzJ&7Zl66!L{*2AXpGn20 zRo~2tNHRIYUDHK7x#z!#)d9G=Zr(dbfat(sZ4{FgRGCh7TdD3`{Fxe0T0|o~$ga)4 zA>u><97WL{*zdU8*hboRn_(l}K2nb$74MI!15H;lfFuk7iDpSoukon)u{l4g&gVi5 z%UoH!zg6@+Lr3fhB|1(!SqQ~8*%!_z&yn(xSiO?+#U8Z7?5d-IdcE(wJ;q)%6(+xj ztV!OpLo4|ua9yFVIKAS{P;dQpGQGYGLVv@HAoSJK0u{1j@vjO# z!FMOtb&R_!^)a`l-5zdp1%6S8am;ujW*l>`(Z}%{ih~^;ggY=F{@wRvIQ7$CPQ`&X z=fffLo*Zsv*u)aa--n!o;MLLh@-M_qL9Reg7cI2rk-W0#no{)IZCQ){($J|*EDE;< z+5yA?y`Z`Z*3z&X9xGYf2)nzz})(Cytb&@qTVR2@3J8iQ)V zpf;NZ)z;mhuIw_X#m7CKNj#owp!5p1(&eCmUrYujOnp8E6Yd`-gqw#?5DSD~kG1d% zfqgVYLR4iqa@}pski!l+cso1vOe|sKzVe8ER>GwJLEFKzkZzKR{%0s;qAN`a&r(93 zNT7+(9v>kPyf< zP+L4ZC8-;C@8kEUubMwe)K{mKoQnETQ?WMv^PfCEl!ra?-zQgoQn%&f_{pN=nDcS% zB-b|k>0p~~xd~K9?S*+TsR&CIv2EB{;HzSKAHmluBrpU@3l`!7On6j$wUON#e1J}w z`5vLOLDTtCg|ywzV!1sRS#II0b;5fmAA)NX(vp5_#z;pG!Bno2vMaC^`B|lv%FRLoSkd6gzq9|TUryO9Yx&mBvsFM6~ z?A5DSsP_FR%zCBLbsAn^dh0BkFZt=n0Cd{W;7uyj`zS_5hfu4o!whCuKwztY#9T4H z`7r}IP&zUqIu$etIYSo;|LD%^)vSN9_-xr?0BQ+UsSQUi_%rK6r^zL%yQ_^zsk!Gg z<$j6*9$dhFQH~NYk@3bU$?FZ3uLWr4U(6Vw3auK4lHee!ivMMSUwjgq2f2i>#96S> zZEGseZ}NXl*rvl!dpeiy;S)F+VC2%V3UAy(K(r88B0{u^+7*shgw{3v0F_AOi`kVW zq(DPINYcZ&7^Z<`l#^z#rh<#8+=iN}kih9u^HQAED+wQ=KyX$!6YLy;*&RCmdB!@` z-%g_&o&uFeoa*Cw6k}CjuC@c}M~5;i4?fL9@(2~eji`z$aHbG93PZpr6!^tr3j9LPv2ymmt{~nes9g0*qJ1&6QE*7EbmA3)Lmm&k7gK!R*WHoa z1pBk2@uL+CBu^G9Ce+X_`gwO;DfYZTx96Eu0YJtDPeHt0LnT0K=f4v*Z7idV-mO2C z{~U7`Y?pU0K^zxF9WfJs3=i#;{nzx3C%6eA2e`G>B) zG3p;`oaqnPu(9m%>%Kr!58X#A>09J)K1m0o>#?Xb?=o3EYyaZDky~d^yGevwzf1&r zrp)91PMOD97P<0%7N6~B!e5zm#reoazl&c>?{eQP_wSZy|JeFQw==@1#6fp^-}xl< zfy2M+*D-TM`CP7D?SBP6Qy_W#*!ieC-&cuI=uv;Uu0ST-!!gs37O4}$zC$CVg>*lF zJ`lC{h^NrRUHyJ7Th@|cqrb#W)(8Llu1B>KD`aJMhd)-&2TBfDk$-xe9Z=L}hTh8&S0 zmohYp47)i)A3ei?4U~aV$iH7?n8z8!tkwrNA_Edf(R|~zS-h_0JS0C;;u|6{hZFUw z3qC6n(>bw+p14RP+GF}q9&I98=TwpC=fu8xqEjRejY%9L68{E-i`-QlJVzuxyV%@% zPm%bmn4CYfa^jPmDD<`U!8Rnu2h1m#l0P$wsS|Q!<#7>x4=x2*5~b)Bxs}gxsp1N6 zdYOR_=jk6N|cyH{w9?t#MQP;zFqRM?wm@r721V|WBurq_3Cz#e-^*1k@;bC>D z_I?x)+Xc7?d8l_G4_DlG;{x9mg3sf8?>Rna@@H4xTs%+IpXV508@@OSHfucC4*e<$ zwugQd3pN3L19H>S4GCp)G-S`8g{TFXH+qH*Tj$!W>^Vv0F`QCl8u-ya??0uxmylyMd*o$hDvr&mzs5tsVDU6OS-Y|n=9$sy>@ME!EyOR ziSxkOx9fviB+k2bIjEad(9L<^uk(+39=Q0#&IA8Gzsq^x$MU;74=nDdxOQ~peu{PP zn^t%9ei@%F$x~$9GP7`W^p=^*(OqttDQ4f5aL`kfi2mX>hc`IazSBdHYX z$tYec`G^JJrDD9ja}BClL)9o$(^`i#vH>Y|_WB(ej?8+8^k%*NbxZNu@^PIFQf+JT zTBTkZ-2gg-CQuN$px>_pPFkIrb)k!pF*llVjLsg-4=t~_%bxtJO z(Qj9#J|yyM0EEC`KElu2`Gh0O3Ut2#0iQt6z{pg4pwJ!|pK5EVJl)n**|*g8Az))$ zUzyPi0t7FJv+cG$cBLJIskgP*mDW;eWQ)VrQqi|m$yDsA&30fL96BhrA(hRrHAudC zLPH2`m>^gyv*|;{2>Wt6)>_?3Ctf}0g+H__`|Q>G=%}K-x{o2jtwTLujhqXOfvW|gr%!&UNxtXpr29lFWa=rHa z%{slwfy1co>K{W07UvNg(OoBF{B7gn4RjoZzI3hDmKWncc{B3DNoN*3bs`j71UBPn zS#8D`3fwJHful|z1o^)xP!^7l`oEmV%0gM0-!9d#0;^fq{FSgp1-~LLUvo*0{>~9d z+4ZIb2Huk5<`O;{IlZ~WWl3r(84K`?gFSaNJX6Vgb5yRB@2HdV(Gg)@B*QSNm~Nh= z)B6wM50+S3nFeQq;0Sb4C>iLR)_!i+`)Uk-1f9c7W5skOS4;K72ax$m7ypGwe#$ob zfGOKC>Q5j6{q9_yYsH*|*YV99x^BD?0Yaa)4_$%FDMX?x@SxRgJ5n(fGfB5*US&kN zA{C??02_rCpwFdND_Lj(UNZT?vBPmE1pz;+~=Av5XU@CWxOL-J#!|klP zW%m^oHX>93RUt)Wq}zY*{*2-Z&u;;q{9$1Xp1eYJkgW9)mGp-VG@-Zv3Orj4G*KWe zb&Dd>Qzb5-iQ9rjm7Zd_6e@64Rwh|P_n_6h*j9&#Rz3Hh3ao5S7wdRbK4xjWDMFwL zxqbtcqtwfkuz(Y~#vdd!&;#A@AOHvGD@_LJ+q;SPbCmLv5|lUahfU+v--uA!Mr3wJ zew1?2En1*axt^Kil@J&z`x+o%VXE1ckUbOFX)$nyRGTvNI=tS3SAhI=KR_O_8*BCF z=o5WEf9|!2j+L@4QnxX4{JtRT3_v>dM15BD7@m>PdTv;fcWK`}%Yx%_?xBO?PP`17 z1Z<#Cc|mPNMG9$&+dw9uvU6JvAF5`@X1$ip+VxX(=~@{J^6c0wS>0NMoM1vJ)Lx*N zg7i+2%^LwZW+O0}>pEu?0c8GW?6SPM@VFvrl%l6ls1OCDlBt#h&MFiXe2-SbMn%-` z4|`wGEBB0&V?=sv>S$(!BSP?rv)jU?sehV9(~0QWm|W3uov%duZ7$bnnuT6xGm-1o zKf;LIYPh_+lOm(kBs3rEWYJxDf=2ZmSDO%*-$dUc_AxouKE@jOX4cLN zd=)Xuni(N8A|WK_h-`$fJmx?$Y~%2y7z2;cEGIkQlX1a;T|9+e6w%uiRqXf4+hGNp zi_~YyAC>L_R$n8*un2xkOGsTC`mZQF17a~4fj0B~e9>CITF5_3$e$uECO19ZTj zbf{Q`H}J&gv_X&!P&ai0Es@PavWhNRMHdTL9V-?1IjCD;899E)u+uQxY{nKlEDTH7 zVmI?@uF24;Kus=Pj^OJ6{w<>r1F)Y_Lcq^1!~w1s78NpyxYQvxIP1Skb<$mF6baG| zpI^r`@QfK~l3b%*6eW+JBtP9_Z@{<7{}LH;n*8Krjkg!X+n@FIJYEac(g36V4RBv* z8iQNu9)JLY`jkzR(qZap%~Xz*KNnLpe_CXIoB}fmV~nXGzci;Z8a`6l<7kR{7-94k zF*D+l06jDrCg?daCDb`&;mK6ge1X-JQs$zKD_%n2Zdm;2<$IIuk=YYx0NhEry z97j)4g}qCUYPgI$6Yz6q6#r!LrgxO=CFE;b;DBpLP^)u^$eP9Qf77coi#e|kBs+v7 zmnb*~;qbFW;9Eg}25^Unx~bbbl2BZ$zzR0l**Z9kBC{lAF9i}EIRsYMz)PGGSVn9^ z&kM60b(Sqi$Q{Nfz6MNV`;~58i3}zG9xv=P7jK z1Jpc)4Bewu=J3ROrw3JN2n`VV!}`djnqKsG(afHVH9a3WNB8W4Bsd5~^-#C|5V7Mc zdzuyvHyr$od%T)krO+}4eKD-F4HTQQ93}}JJ5S!}EYnd@kTEfgVM~Z1NHt{L4sN7rCcLl z&UvuJ2T?3aZs|2D?p8GI_vg~=?s8c|!6%T^CEjsH+|r{-q^nrPDJSk3%#T>A?O3W! zehR>ZpXYS{0-e)p+MRoe$|atquU4L-S>j=a9DG62lZ?X*C23I|STB(BvIq6Gt&g9` zudSc4#J%?h7ch%9dcuc*^l8s$2>>in$OAExuPlq1^&Yez)`!+BI<(+!Y>&m-ax1II z8Ai+nO+vrHktOC*UL%;gln`cx?t$SJ#60?2by>^PHxjOst?)IcktEDCSC`Ao1R6B( zE@UtXE7w7N9)^taBD#d9bgAYK^rWgZNbN6h76>Yw;GUzs{6Aq+Jmo~_kS%C-OB5ZX zY{>YL*>BPAZts5fwT4qO`@TaM&~LdCn;(#TKU{%<|EIDHT0qD9K#>Elj$DBmrOJR*8fwSt;W^4L+^ zUG7rlC3Z}-!SO^T>%D!JLN|3+XlV~LmFv-M?g#2DH=+phWZw@MiTaMOu;0s3;yb!aYg%4 z9RU*lUbI9V$^p0Xom2UQu5(YhF{ecOO%pZ^O9%z|2nc7!4<%sbyOkdt@K6%MN+`K# zKbkVb+W!<k2sY9lh=t?&vkI)ajdt-boZe0LHo& zyyhf%wm=MnhF~IWcTAB=m1WG$0;*sw*c2Yvf*us@Cy8q?_U0X>y~;{@mC3U2K~Y^@ z3kN0eJ&5XHR!CdviCK3a_tDoKBXEGcnllU`PQeBr9?}#>8%Y8Ra*j)xksFa-WGsWp zh05IGQf1okQe{p_sWKNoy5zY?b_G`&{!Te4q8IBNNP7M~ zQbG@Dd$ZD$LLSg;8lnDiul6u~gkF*vnXYo&rA?<)Sx?oLQ^}#GHb&Fu0;uF|KNEHk z{0No&YgT-bOj!r@W_8Dj#Pb$%1?GJKC>qNlCR1)!Z@yKE>3D9pUd1QopFBsq>gAL1 zpCY2IUDtMM{N187m;J>O(A&(clkpdeVdDTWySvr)Y72{}Gr{afH`z)2OTEV^bo{#mNtBpeS zi=HL;C$9Er-=?3azbaLgM4B%e1 zwL9XupGRZy-i)lIDA3-)JamJd-Bdt;vUn~zkwTy|ZKg{?M3fNb_k+?-_Pz~LN>6$& z4w>RK*C)Z>V#%VhKCavxJ}!b8Z(o^fvad{+9$i7EIl8ASdU!|JSvJTpDGPLh#a4l} zNSuoBl*n)E_Y5SKFQ@3T@*axrrTAF} zS5~m-(ah2aV`3mh4qTrh8xi#_&B!XWdnyM((RJs_3Rx)pi(&i$JVb3O-$85Z@JpQGAt%zcqAW=Vkq58pllJF0qzUgqZlBLLS5T`!;F|6$DPSK6sPw;721BX$cPOE zU6cxIl;{er3SE~3T^sdppEP@gIF93m-D8iob%>bN8#c0&#ALH%^Pz>5GApQ(Oo?wD zn(mYyIpR{tcLim&d@e1h z>c{hl$=)JMqqoSu!)b4c3*JU7fLs zvTi0cyUYD((MdvI#STx0%%cJ_0oH@i#aBY6;jRx`!kaUHHF*~bG}S&_3YFV7E(a7+12#K@1UR&a4KM7{@H9bV!Dd39RC`sM8mDptyd ziXdMLiC-rO$`B+7D#ho(_{rB?=(52*WCC7%BT~HO@Y;e4QYDlvd$m~{*|({rsx#Sh ztJ3akvv_Zm>%Yroe68*zzEd`cWe4~ZVlZVAegS;p4B^`hvsaUMu+fWQynPgEFgh+i zb&(bh-oie-{6!Co$Fqi|ldRt@GWtg>8GYzFE=DKWG;EHQ!1F$+M6UlFJm)Y)y=Nm; z=rTQiIu|TmG{kCjiW!3e3EB3URCASpgyd&yneR~wV!L2AMN@jCpy~jgyR~mCE;lQ3>i0g4ZHXVgH>RK3Dd;M7_LPpaf_p= zztbOMNvJW7d6hhllE^rOj3T;OASlsOf?4YH>cSg&9Q-9;h%^N(CnCFmkRekYaH%i- zo(7=4<`fH`O)~=JWm~8BqTnDrnfM=tqE(`ZX`K5{rXA}X2U+t)<%QQ76`|c zS{|f5kdicQ3X=OTJh(V-3^wmfWqCf(|jFEA=!Ksejo2HOx_Rm+E|BU3tYwayI* zS1KT`2ebK>#U(kWrmV3|{R&Mb#3oBZY|>MI7muPbtK#n!ajRl+%&JI$O~J7Vu!+Gd z;ObKI9(C4#0T%MT&NzTS^dZy_`~&#HUKM+_JvM+A8h_hYQq4KZ3Gw9-ZkF-I8;dW# zhZ~MODlMGCwWop_Y|-j3Pe}q9Wm&~u^&>D~1Ov(}x*C*65fWKonedE&Bg5x{+VB7Z zEWkT$2fWjzTC}-@iVp2bmwEExT{?SEEL*&?td0#AwZ_PUw)Mg$hn~2`C%e><7MMk- zkYlLphGef5MjY1-DW%1(@hL8)!Sj*R)?WS#)JquVDmWlpPJudr1NPXZ+Eo-7DoHA>H&DCNu+xzzVIcgLm>hcoE$1Z{U8!A29p_;iF)n3V8{zfCK*>D`dN5X#rb<0{2<%zWGTR zlAkDwGcYBG??)ZZFY_~^H^XZB9I+Ju9#-l^7)_SYs&Om3LwD(f7^0e>+b|fq>9Td9 z{mFK`99>$^nU>a>pI~X#l4(~Twr!)dP=edZQVT;yR`&7ylTqVki>Hrk7;jI!LxL}| zNm1;03OeMsqZjDyqzm+9+gj}y zZfe;b_<4pCA^}~lYtpxFHiS2b;sackolX9gGz{$xTN2&&Tt4p$^{V&oZtKhZR-NSYBcid_c$;pf1({G}EFX(t`ixx^iq zkiqjAHP?m)WA9wF&Av=nPQM^iShy%0npITyxC}U9vt-pRIiy(^M?Gb7vE8mC1~Qq!Kf_FlKiWchU2c$%e}9axOx0=G+($mM#*qj5djr~7q0If`Adk@MfMi=wk)l}&jdezL@Y&7kOP~jL$WA_vP|5 z)L#}zZ%TWibTz?{=#<4T>B=NU_!4neF)0p7-x5B#T;rZ(qA(=<91beC`lEcI`2SA7 zL-R@LLv1;OvqsXm=F0?ebcac5mHRa?`eOT)I~xxuP-H z*44$rCs_0y8hn{>-4JK9Wfh#2=nM@1kWEV^e3P14U{afjqiGAYNrpxQQ|1sX+PaNQ z>)B&_oJj007Lgrr2r0B{|I7|JBJVHb$pI_=xUP>AYo~e6)@|=_M!VsTbi>JwZ?%xT zlW-GNC`?+vgpjk8#UYumo8QCtj4Ko?e~={{Sfydg|z8n_hQ zv;|%^@qgMXl?5^3EFjqH5|Pteu-Et|f+R_oB!-g|7}^4>;vvs1E)APhJnYti1)%j} z$n)ZSv6vw*oGnB*2MT!^Zl@@YpN|bHEn!eEY~X2%wuR7*b5alRqq=c&^4`PSF0pf$ zchjA6>E134bm zBR8Vb92W%&$odWbh%1iwqf+DoxoPm_mi}}lcZ)Xs3%ox|vK@GTJ8ICzz5g4$KT4L@ zPQ`d5gXJ${u+5R2RPlb}?G+AbuYf^e9+YLUT9oOs#EC8Jb62MMR|+#v*-YhT6r$J- z3AT^}Y#(iQ?6=LzKDU>k$j*vv6HO~6saig8c=X0*|Ms(Ox;C}<=~Nvs{NK;p+n1&f zW-`d0R6G{!l1Da2-BKjo>{T&K?Fy=QXPJ5+Aw7$%3=Ap!odhO8TN6Pin;hCfT zFTk@Gy~o3!{&(@^IP}-+cK9j#VTcY-WBrzY(npl3IyCs=_+RMH*UYk`hy3jY`<9?o zc;n;VVHy`NBXxgDsfm2?;l8iIU~3NXdPxm%==t7{ko)?)9!X63s*id-Lizv?Q~U7@ znRdoR~BUijahkROZJ@lc-{{5R$&ezQPYt_%uXxa|leD}|N zXMET@_brB#cF5?XE>ZL}p1C{rgH8to--c!$z2`XHW9KwrRBz4qLPri}ef5RSU)F24 zsr~&@&WG{PGfo!)uLj28nN~`xW9(VIe_Y;gkpmbHx8<=4I!sqrty%{rD}Ntyc<$F` zd}=2h3a{*Mh6lKQPdc7y)0r$+I!(Y}DI4@C}Y zJsX<2UGIoqfJ@=#wRz7#MfUDNpMQ&QkN)q-2NFLfp#9z&mhq%GVwiL+w6S*pllS6>p#@gTD(W|D6+Y85MWXsAp2Pp* zVT+Hin?62|XBno78q>zAMvN*`b1$1}{5w{I`N(Kvsv51P8jr?mP%J;~^^`T9Gu3z` zR)Yd4YJW&s<4IGE-^FTBR6*^!lr?^7s`2Ys4T>$PooUo~jU&~RP+$<>S!tg0>Hdqw zYlAmnuCgrWtjQMd>7@U&#RdLYvz0Y~o(g4|LP0;W9qrY8oeqE5EiE!c=AVcR;NT)q zKD^25Q;Ky|a>aCW{EG9olE%S^e`Ah(;^3qjuHtg-?I5lB+0g9Y3eS@Tg`TM#n}!mo zObv}+;0T@m`Hyska~_3ayu7$1hQBuDx$Kz$LungS{_MG^zDr8TZ!XP-$)hdZ4IB8@ z$P|jAixdJZKJ5`9+b!Et2c(m6KC0Aq_>79I zKaO$d=TZWOo!W+OP2{Q#W~(DR)Oj75oN)(Vys+iARTpwNHdFLmik~Y|0EGsx;g@~=)k1=b56h7+-;oLJ(` zG>ERTJO~TNlB4ufw&^cJKi0Z(7%ik`dp`~n_3?>3U)Gz$g?~WuT~{tdJ;2@wnS_Whe!vRJ)bTI%*f!lVIkLM;O2lWp(*yc4zKyfxdSIun z0bwej)K~HGw|b4A^tMCY5F8#l=R03_mg2h-ovG870uD5sfd$<1sxq zzBHk6D>wep7O0!8b}LZ}j!}d{!2K_}iO{*Nw&z7O=Uv)A@1RJ;r+-c#RQ7itvPBkh zVWjfx98!~QeBO@F_|zE-nEl;U5it9T3$oMHmvtIL3)CqWsOc?|wrbbt?_1>i`FIZt zdR(w0-}gm|zX|YP^gX*1UZrks)pC8^qZbat#ysBFJ=9x+Pw+KY{J$Uz;v`>pk*Czx zUFI!c^nF?xy{9nvkul0L3?_fj(4EkD1iR@H2YqxGElbaW3#xz)Xr**{8?9Si8lH`j5!uR1}QIsKkjoO_E;S2DI zAxz%Pkt%}l7=rLwi=qO;=hOQWDwSpJ0OtB~9mHqR>ml;>bLBdWkH%||+$oy`j0fW< z=qAIMhcI_wW#fD+ClUz1D~8#XkcT)|2P^$ZjtP#-5jZKYXA z&=r`94_YZnqkuLSlh7_ORT*Tea@a}<@PCz?Vym=l5`54p6l#yXTLA2CEw7WXe;Qyv zA1*NSyTT7rQXx_4UG1_>M9_@Ov@ZVHQ$Dn^7>!HXDi@%4PSq~ANt}K!xqi|X9F$Ps z#D6iTUn^PttVKtYU5R{`+rjgk4Gxl1xzcDwme+!`s$fO%x=dTeSIXTP%;>%SJeAY$ z=-ZaluL$LPfQx~vbnUG(92>(f%UV}xu(LWivcq2SJw+i!jp3VY6_F}s@+MouUW;cV zJQ>#67VW{pQg-(!;0srjRb4IAyzJ@^RTV#a%I)CxEVf1PS1d^Ld{(7)CNw?g?J9ML$WBo4Pw-%Y zP2R%DQ#0?gsb8s|iT6i}_ntoj9XPVy#a3tQC+YCGh#YUapOUSP7pxI+E@S~kG2bhh z?usu(ys1gS@yBy+!#9a%nfH}osUq0U^NLF%g$ePv8RiNl62XH%8xK|L-m1_YmPLDc zDw^7nIFq*scRl|QgI$?8*pDJ7#Pe6#Rq6>HRqBliBVLUWf8uGV4xVr{j}|B6PHp{{ za1b$fl){iy84>!B_!w(;OaQrX@%Il12 z*gsj{6F*__!!OIAs%Cz8+bbXH{BULC_?pJcYb-iL>^UYiLmcCW9sG{uW$n0u8N^Iw z$$-jP+fFoOyZoo|46f1ZDn3(yI`EbRwVB^ZPr>gf%hpoR;*DyDGI=9p@Z@-; zl9Y&`-%6>Mcngiz$xZ3**9Y&g?ozC$D9e6^gEZ^jQ{(cv{pocA55tVIg|l95GgifBFRouVzp7P3-fd@^z!;jc?}z@A6*i=YZy=FO!JGsFK3C1 zN66aXc2?CI@iPs@g&v6pm^ft5SW`@Thi?I7mvh47I2O+oYXm!I3Y-oKAPjR%dxtV< z)e6pSp**rmx%04WIY0V2r@wvqb!tQ{o`%dQBekBeL211|<$ZCC;gCj9#K& z_5nnQ+1=ySF;lK@C$#g1RXPlb3|IyG38 zh4I*1#I2l0j!fe&f+uB*TZ9;10&1`{=CUQ1)2W=Z!Fknydt8?7(e3bZr9_o0%i=)0 zVVwkR=m3K6^aNM(9;1H0J z(coX13++_deXgLR!-<9QT6<;bS_yy z|2wQM;Vz02ML3qw1=PwdWlrC!GRi&K#F?0As5}cXMP`)C_ok#+s7Q zkQ+micXT9aTbcq%x+%CU+J=UX!s8f7QrIJs+@Bgr%=`cUBfh+&<4bOLx)HCG&h9l7 z&z<7^{(*1AI?Pt!7u&W)6CgvuyiWf<8l}ioVQs_(>h&<19{mXt z+I!n*uS1*gliS-r?mqu=&k*bre$caa&clZaKSX<9Kh)QJbaW)NmBbwhZ?6)3tm9Bb z+=Ccl-oWRsGD}5lk12NqZ()8Ba%B-&7j`eC;HzY8Tb6Zv{Lse9q1jEL_IrxA+FO`? zK!pr5v2i`sO5>7xfD%qH168)Iki+cJ`PlTbXC7n~7>aJRMJso|RoU`I&eN924OD3C z*2-rse25B4=**=6T(!XhuFZO#MSI2NVCD%St%}RRkXkKitZi}lwxtEDT7P)j!us+# zg+eKQ)6C8Rlc zIr2AFwZ9~W^FbPB_kamP_q8O;vz)I*U5_#Oj*T1BZ(78drXCmy%~XETHdC41Lcs?r z%hlPAI7BLnTd}kh<4Mrx)RE6srF0>%;iRrCar(;BJV(OJ;rwm}(59X4oj4R*H)}Yn zf_Zj0Ko5vqGIpzY_PCwCdTW}eI%vzJV2Iz%C}ic3O}W3#9jq^M2WOPfRU+>h5Gu&5 zcA7izk>_O8RGM0Rw`T(9T8mn%lx2HJ*D#FkyO?Tu*6qTXK6|`9IIEnV>Z@$ZvRN)? za5k~yWyi#Uv~r~YDUNK6p+488&W5N>`Q$kKUVV{Eoq^}sWmW2|a%JduV9>_LR@tz$ zR|1fAahf6%OrLlu9;S)S{JQ^%cxhpsWYcUI>uP?;(%Y$_enl`39p*U{J?w7=rYn{^@WZgrJz%5pyi)Uz|ikXB}_g^LuU4WZx-`TnC~p8_JYIdzF!mZ&!MY}i(R1; z+vk$a;KY_ANEP8Ju47e|(68ClZMN^W*^b;cw#Bw6$~i1Aw}qxgeS0PA&$_$ZXMUUH5tG&$<)M#(uWm*;Ofip1>9MGniFXyqC;sZiF6EyC1T&Xg5x zIYPWkc51&xOOf=YbOz3f*BJL_{MU0^u=S5q6FN+uE6^Ljon??KbnZR~D!Fbb(Oea+ zN}!pf$LLy4TX;S6phJ%wlm`7mqs!7t`i03>*EpC(11x0nP3Wn)+9$9AQ|y#Qco{j} zQPH6UZsiD0Q=z{@8IDzq7h3H%>3o^AjtUM4PR<=yovQ@S<+i3mh@{Ll6?nEP{?mou zu;M>~zn-7#7*~U`qwp(y6ut!~7mlkgR08>U;aixS7DP*aQrS>vq-_mO9x$$YfD-r| z&tZyr6`Wi&4vLh(R+cBHT3N+O0W6m4UA5u?Q!I3G%TJSMP=7f!3SJeyhihI@=omL0 z-+yC?fxr<>;P0ZZD*h6RWE;Ar%oVz$OuL>?S#25H;!^jz)SY(Vz`NlK;u@Tk)L?vj zoA;U8J3Li;>2f9k4tzi-6XkR94CmR2dqC%-vl?{v7GZN97hZ?Q;Q8g_YRZ+sOZ+^3 zT+MhT@Dx8+j;pD}{Q0?RTuqe{_&q{2()-7H7p#7wptn%;7?O) z`5I4|zEoNXilFT1a0gvhgC%1K0}24s^7)ezSjL;lNZx|IK;^z@xZN!V=r#tprQvqy z2p?>1sK=kCma;XGwXdbfPbkv{p7@T{NE?_p!thGU=WX4p{pl*hG0AKnaOepqr4|-~ zQB^(3-mv@!)A^Ry-Gs{MVD%W&3E>Eyo4cZ1tPefLMA`7~8Aaw$00Pb~35EYa#|<6j zQil0<*|zA4dMYSlE1jFmz3zkMa0TfUB2Z+^0q2{|Taw}u@SSIoJ)t@`Jd|rqqKrr| zL^#Sc56J%t(j!MsGTsL%_lvtrE5xK$knz)$+0sJ;AmSTK#u@&EA1Kic)u+Um>_|Y# zOVFC??j-q&^e`3nE>A5-@S)ysv1&ul6gk|t@27fYto{&l{kP9B>U&Xe>i$WM(_b9O@BO~>?U;hXUxW&T;+ zUPB2&yZOE{-_pJ9Oklu6C4IsGZ4eqavg+ZRcK@|7Re!;c)z^F*jqKpZ;7mNe!;iD! zy%XV#oW9mvZ55d`U($cQ33tE9QeB^78lM~Bba#1G)`>-@$8y4ZyS&@w zSoSwxO^4u6@gvu?24_Db*TBFUO&jw}Y@SKuW0W-Id;Rh0Sm6};2rCoO^!2Bc&{TWg z)J9T&_r;eD?We!q;AcDSki&1^Q_1lA>?yPDFLgdhWf=*(o-;rMh?olOFNtA)WEkiS z`;i^Srl1(1xd*M|RUMNT1zN&*2S7u**@D?ajV!k-k}(w1&8#Vc^1Q zj$uPtql360Q64(6om%F_>7ofpr39ys$k5i>nFYO4gXkdg7eQ`4YYECw`>5 zSWxYYe<$FR#PkYUgF?1;1IEXbf=2@J1=P@;CJ$r9kAdvrKjT}10XFr1dY-T+<6fGC zZfFHt?dxV7$}c(EOyLb2a;V;J?Zpe@@u)Kyk7i0ddWGh29OKahGajvlyH3KoMNUbD zP96VBK&RPebdsClpD5HLJ?aB~-SDpi!LJFX(gMDQ>E4|GU8Ka;v=4~j#4Wj|?R}Cr zdY9bjUE1?Wg=F^b4k{U!uRF1=e{ow>9_V{yW-L#9>U{DE^}DoRp#J{zd#mdgJx@Bc zJaTwBRmX&<&L>Qu^xM@sYzHR5R-xhf+UjGOzF!yVjrOx%ZKm}~Z1aUD2qbh{_Kns4gQSW zJ7ro+N_HPR+$4b}Z}e&5AvDS!JB#!GN!4H52{C@KQ{Nhg#rLKC=bsGS8p+Rbzs)k0 zG5<2*v+(&ACp5g~g459HHd;N;F!JQ)jE+0Csnl)sWk<#L-mrAx?kWGSsXYTCNh4Hf zgyiVsYpv0a(z7hfq4n4v;8fw(k~xxY?cc|nI1){8Bw~yQH@=(yA$K!3V(jNK9sP~{ zti81>NrWJumucY>&_ptPIe`i4_o&(X!OJDh4qGMff5qz*%SgmFixk4kyIHRw+ zD_&K6JJ1&F7S9xmL}D)%laIP9bV1Yw7(=07U+4P}XcjVyF4k8GQJjx#i}#I3$TX?A~u)1^fUTZj&Tg8alA7(%c*`AnT}#(Tx2Y0uO#s}jhl2^-rz}pL32fqmC`;8 zhuq6cqBM&+M>{Q>Xb46<0V@oQ2J?29v|eMkIxF6Hs$1R4{9}|r=3}KmgjV+q=}AJ?DB4Ns}Td}fS0RctKu6%(~Q1~1{L2_Jf9aj z?J$Peg%*a`38QUiolxd^!6`T;#0kK zm=3`PGkPBjZ`u!7f6shgd-8KP)}HPJC9VA?Ui zn{M{m8h*^AByDb(G;dNGNqq=&+xlFSe}Cs+x1q^43RZf4RpU)Sjcd9L$Nk^@H76~+ zhgKj+7cSLm@^Q^9#y=b^+At|0e`k|7 zQx5*8-gh$Y%I9wbGTAeVL>f(%rzJNsP&3KNl z4fCU!bMp9<$vr>DStYt%#Jk^$;AQKnQEVu{)ddW}8Z+|Xowj%?Btn>MkMdsXz?O8l zf}Uddlg)$u2>;A*1+Oli#c4+)S}>_$yrpHnHN1lx=!j%1?7c?lF%48C)8cQbC-3q4m(^9i9iyw2Wfxg2Hs6kk zyB)jZ~H`h-p27=%AMrHiP}|`4Bw8N)*XXvt=qGGofE6_*5q}- zF#^hkCmbP0epuC@+gbX1y7%cH zRlq_!v^?xAr9XyJmA46$gGSxDV}LDhV-*-~`i173bEF5nQ{AX_KOVEuo9_?fFdhp} z8X)Mu2%eya9ekYpqSK-b_to37^Q^k%1B`;WCxZx3j36Zd$vvrfN$CC zR=KuY72{HQT+phhU9`F02@@u z@tto^)|@SL-|S5R%v!p;n(Ny$df_0-<>=cp)H`Vc-A(g69jWl`De@Hg_LO-~o7LsN%BSFVxGXp)cTiT`eUE3Sxh-E}@^$(I zDIc<^#J!z>-fZeCdNUKyjLr8W{MO02z_#c|z6^I3EM0YuakVwx0xlSGJ2W39q@>qD zyQ8Y{1gj%zmwkAbgeirj@JEpMLaS5_jj;pO5%LCInyumEiMEE<8$i@8HnLWyMXtS% zO3@{{QhAAvY8qGKET$^ywr0LYcbdFLCko1YbQW{1bW^Pi8|AGftwN0}=&f^=cDX7v z#n%Q5&}ZgScM<3=T$T+^)LR!O*9BgN5T)3((FvKO6j)ephR3o}V();{u>&sFHFObR zrgF2rh*k<~%olB!N*CniXsz4{Js(-2e@&aOovurv?TZVY<1V&(kKwHCrS2~HDwCM6 zX&VkpPZPB+25)b#q+3KzQYVE5z?V034Vr(iHFD0S{YkdJEun%NraQ#Sl*A3@Owfg|5x!ckOF9CHk z5$>y)a4(onlsP}l_b^qusphFC&OWEozx(!IP|B3i_<2!|1;=q^!@g~|o{OKZoOB$3 zIEwQ&;$7FAiFoJ9$?$dNv~~`nWB8MadF%7qA}4wNieq7=#e6J)sobJ{Bo5Ke?7R-O zErMDD@>h37})e z$#x{BFc?z^A4RRxRV^W&VC}*#?0)Yywz3D&$&}FG9G9hI>?RQK>wXwT>6jzOKqlQf zX?Nyui{ihUy}``6=;3z%*7`zs=n_kqs6c{#qDp<=_wi^HyB7S> zM<83@Z@YC8e%=P==p!&kpMW{~1aG_MjKkY2GJGHBw0;cE=o5VV5Z}JGM#UCLi=EtGlOQ`_g+WwYqx}WR&vB)#n z_hXs2lG@~J+wakbu{s2C7`{p`iu{|rdGN2rAddD7@Y6Q-ec#WUH}(tlv+(0|TwB%< z1NvXb^sHz>BBt;CbB~yALL{9A#8Z|cjxU1a^=A;CRua0qf^%?aY{4N!qS?LQ$eY^& zw-0|lhS~!ewM8Z}-xlZzHq5!v9sE0SZr}<%ceq3UW}Ys1xA?PC#IC27wKLJ|SeP;U z!Ec7Qj!UWPbXoTBWg&uFm2HFR-=+$hpv>-TZYl ziUZcyJrBN295|ghKt8R5oGt|icBMG5ZRBuVDK6<+6syy!SkEs~te4`z&d^b(xA<-jPH`YZ(&Rs2u#VjbqQ}|EJDqQg|?Tq1x^+mox4o?+)Wx*x)SZSeC}Mdni{2(*`d~g4Y;Tn ztO5=wui}KLlB@mc?hjd*E+i!YI}$k5kthvr;RWXv2zy1YBG?(JEGbFQ5%+4@J4Di zeS=mB2+>}hYvc*2)+OjgtCuG+SM7FIhDpo?CF%dYq$JoU-|fY7sCKCf;2OJDtDB#b z7CF8xaH1%h-;K}OIS=6FP=P8kJ~yqD7QByHwBGnLJyK1a_Fn`%4c$jk`ULtVDoA?d zhxGOunrVb-p2Kv=3f#~fXHk&1lTtR?dwX2RTaa8!w)|xU4u|dg<45)Olw~|KROVQ~ zQCm?X!!)V+KDKAxryso&?GbP@52C%Rcl6v|vV1J5XJvXE^;{mKp1(Cw&$9&eygNoc zpJVDd_De}UOO(Jc_{+%m7!GiJuXe#af}p)}e5Mj$cT^T~I0uXf;E&xevz%GQb;nXY z1Dd=JNop60hA)0`Dj%z!5kMqK4Y5|;N*gVkw3JGTXuE`?1u7*?BFoldZm9siyaiJr z*IZl<^_D|sR>A8!JaUGbg6df~uIee%05_j2d<;1rKe-u-e3>HSg)aXG#mfp2wBJuI zv?BK)zb0ezr2~br`OTo)7ObsOo5){SWW#d>uYn5C3k~43xl$F9~5x zHeQkYW6^3tBtug(EqvQOkYucU&#uwFRHRN1ifOz5qt-qH73^|7oR6NDtc3HMVXefH zJt~&W-2wXEsT54>QVOo2brnlSq@Ppe;1MT)o$~fPN8MGa-;D!qvzOoizNE|x z-viEa?hH+Zp1hg1igsl-oyYvlqFv}tk|Ey%;V!(D(Bs*#~P8-P3ga!x<50mfNN1A zozP}9nj$vI=6h++$GDK@IoxqW6Fo^UJelZL8-&($m?jOmFXIKowG+1r(@x@y`!-*O zZ?v*Vtb1BQJBj>HLVab~VycB{a>h8%C=6(+cKMspXyamZ;`oWW41=F2$%ye2M?ppfKOqcL5M9Ag zT!7COVNulH{g~K_E?;-45*VCEdY5^{Bv9GtnQW~>=}9&i5~m(5M_tdg@O*@=6UH_Y zXG&bxwRQ@t(13LOGcVmT30AK3N~Iw1CrpBWoFWrh@sFcqYDxYvNS>kmBV8V^wuU|F z-fP+d7t&Bc=IF8;u{k%8n+eeYN(T%2MZ-}VAE!%g%d#d$M#bXWogW}^sGaq<Et|trjIgri4*z4N8v0OdNPChexS$q6H7UB7obN-q^BaI z3t|(fS6|CMO1=b%v4!JXV2uPi$ir#veE{7uegm9Q`~|3_t|`Wn=1}!uz>#iV%Ul8C zLIL6u{lM?7oN}xj#Y4MZ-4sxOtGzlB_VmjRIjW0^CC7kNPkf0{ENuaDvG`NVTNGmYzabO}Mj$}hF1WbJI_hht*@9ocSI80EV#rperxmk?$afp- zL0T_pB&^U#a7r%4N`H#v)a#*h%Zrc~^qQr=N*fs0I3L@OUp90WO^ zQQ|X3jwZqi7zxr~HS6}~(>iNAy~Oj?3YS(^)r`j&E+=l!PA|*!fs|mFx^|?rNsJ=I zqbPBw97&o!l2K=+9tlX9=aV?yj=w>&zaQ~hfB^6Y2K$R$AELyC*yv?=qwQUj;D0Dy zUq}rEWhKsZICg7T7%#+X93*6uQNfs9N6)i+=;OHA{m()GOWl(HWDL&-I#D{<=#k-&R1-DOVW_2 zOT?y+a}^?WNfJGNxs8XM{-5;5kf8CL{esTXqr-fTdd3qGqi;&%KWWb{%i8;)=@1>T zKtDviqm7fZ9SX1TofdhP=?%mVvonKyn5Ed+y&h(^-R&0703CbMIgg_tXhxou#G{QC zKOw$%ujku@eHQ(EYZ3`n5; z3?7ojIoCn5__?U88PwRAlWM4ep@j51ARJ-?7B23N|f~A+PM6pJ%jNwwQ>9vg}zR zAq~w$PtrUEWDFXhCu{lpG0|w{?ludSQ+E33tBf49(Y4`(D00uuN6Cf{EscwLss|(= z^h(MeeVHbisz7`ny~qbCsMg9m5~)^S`sm~O1fQjLD;uAs7Da<;3A6e$jDo2PB=*>c z{t}M1xvL0b7ajcgQ^4!jww9b@lbm#mvOAo-uDX-fH@#;xrr+MoO%$E2RR zQr|z8|F!+U;ibOq|DOH*D4vK(13_|%aQ8dK8N7>a+iE3Q=-3o&gQ~TR&9#sXS$!XP zDu)EcmxZdrFy9)cTb6?SCB(pG#mVSJ>_X*Bfzr)pB8gwb*r93n3cg+<}_j|ewopYRLQR3LU5xC;Rqd7 z{NpLwZsS=w%rUKb*Wj4;XzzN+3w$-J9Y&&*;Q@ZX2V7G=YP8vl(jg`hyDf4ZXDHV5 zz;0g%cKb47w>epHX%i2qRH)#^5ZVH-m$uuNFgF-n z%wlWs9D<~048Z45&(Xo>$hgo9zQ#oYe7^2JMB8Z{37*T2=sCoO5?;jF#2&M#yeLZG%`9U{+*p#(AzP9oh$n9RwFrZJ`WDlY zOr9HCk{>OmCD}IzOL7NlI75t~m|O`aSB}X!NZt_(z-kQ0JKQ}zi6rf;YY{P04{j}A z75YB0h>x78I})HNkrTd&glLd)w#1KXBGmzB(&mKH7hcQK1%C_j*y7v?AX3OrJVH6T z5}D^a&IDB2B*rKVJSB3v=AiTX8hR$MP*gHh(99URB#E! zKaYMe&o5k6F12dTUBvTmiM%OXv|Z|Um%5j{b?#dLyiYmOI5A}iSDIGe?O4R6OZ==4eJm`$?O78o!1=lRbkin9FrA5<#jeoPyS z@0i|Fsq_{T^|yGAgg-L2Dm+)<3)~jiAV`6`Nb3NT8eaHAuW+N*667Tl{B(Iqzz*_K z{!T+)sx4zh;Am>!eDqR_+P61vi-t3~Ygz7&?-REk;qP-jOhof9V~b&0odCGl7j^7(M=rZRT~yBb}8o^=`@~?PLEFV*SfjrGD43 zH^s81Amrix7@a^ml4{@D45_y6W{9H{O6P9;f-w9T{)m+Gqi!Mdn)cm|S%v^hG(@}W zCKh0~-KYz&ef1AnZ;1_#CD;u=!9N6|C!M2cmQGb@I4BrziB>U;OhW5ZHB2YuupYkk z@VaOIHfcQQeYW;0WgK3{E7r*45{JF%a>joBpJSP>nh6PTstS}K34<^!PQp0;i#Q1* zp^udDo=uswdcxt4Zy+pLpL*bZhKEQU4GDvBIZ47`%5%f#CJBSev4n9@_z=G*5~jtS z4aBtW`w9L-ubSDmjf07Ni&rTY_ou^$SK_?LA%stl>;3I@d}uAvK5vc6g-_+6R@n#q zUzY0f-$D4xF#(@;UFrqv>wa9Kjc7gS@tBCXNMD=g86zIjJ(Kvv9`$1E1W)pzBU<$2 zpq>l#^!@<$S2BHAnn)k|hYvA*;EnXkwfZUY6UN`r%$vtER_BQq7Nn$|DKN25h4$}H zxuIwONA{Wc(t05Nk16nX@yu;~I}Q3ye+-FZ<4}(E55INg zzM3d#v!FXoG+f*AHBx^4^cJ?Kj1-n@ipz@Gju)0|moUb)2-94LFx0W_sB|$~iL8Ok zrM(WF1p_ydw_SkDNhDfU!RL# z_laNciC+!k*K6X}Y-(uQY-bQGJLL2L2c2lIu9OaMCgY=!pc9RcJxb8P7xsV()nXo` z>(pMF4L`Nu#dYvHuOX+mX0oR_LsJ}d4S<&F$M-DkgifzfjxOeb&}G33-C;nTJ(nA( zrD$~>{)ZDA&t2N(XgUy4c#b7aJn@pn42=X&KVg^aWzFGb&hw!Ej4hD$*VkiarF-ca z(}P)w3c{@P`4n)@hs&9@1(J=u7To=5P&`jf=x>Sv<8GTPdKCmb%rxwg;JjTEQ@BowfHtz~Q_= zz)tgyXk1K-l(GYCrp?+)P}E+^nE0O_`)_Eb>S^8~se6$Wr<%@{_l@{qi#~rWGfodn z>KI9nb2*=t$TgQP0@DVpc;^Z>#K`h!ys&5;P&un?clLEpQvzASTF4EE{mH&5N&B-$ zcNEbs!IIgG5R)aX-)J(|O?wQ#>9uXSxCp;Rv)q&&tKxy1b zcLUI1zIZ+%>E}=BCWPt@D#ik#&=W>Y5CDgOlJ>z36gZ!+M`#y3L2zW4N*Kxy&r>1a z!aB@mb(*P_Ceyf@PzG8(Wi_;Vn+>hr=;_i80#;ipMr^fz7{N*`f+hI_gMQLi&`*Y3iGX8?fNH!Zx&1CWnrML{lj8#oFEEXVt8474)r{l%bcmX>JN)o=Io#VM3 z;TO^#AU_fzBW9iQGJoLxL>|(TQyMAyACkd+3afX{6*v?wN1bDPYV6}xy*9S5J=WL? z3^Sq#WewxXmdof^iOctsC?|!82E^lm_SECVUdEwDECgRq@$GcEX+Mj3*JUI=jEry8 z93M4N&qKp#Xy#F{TLEtrD@Ldz(Kr31;{Y`pYg3O$oT!K5Qj#J?ZI#f3E)gTJ%$6yk0hV}v!A<0gE(JLkwRCb4i`%agUY(uR$O1q+`^VBs#_{*$iYWPeI()SwHZp%t&nftOPLLw_`z2S$_WfGCyjR_wiWL zy!}nZ`DVgI3|be#jJ8jb%-gwj?CL#~$F~-{ zybeSFt2JOPtz7WITw;nA?d4#-$1d6{*ffpMCOWxJ=N>75j@EKzc3PN_1t&!=1p&+z z1ZuuSC)&M#M42GFX^R-<+4x)&DM}1Kj?Fc2Z9y#ZxGm@}js-r?afYgjt&yWs)aqVi z)N-kv(e0evNe!{vx0SA<31@J+vMe!(ZZQj7fx6Lz`@4S5EZU7Lz@jZNShRT;NfvFa z&Z6lRh(CJ?b$~~FeHN{W4+NS=MPsAm8#`HVjPp=%Qu-ya#%`fH@Iz&pD#RL>k|wqv z7hDWRZ3=~*!`RQJcw|+Lw^p`uXm|n;R;H4IlA)~G5hgUhF8nk_=K=Hz!xTIbuj<1~ z?}txcb;)U8cRF9zpQCyPTG zl;yUgfcDHq_%=SiDZ%3~u)n=P+ym?3^V=5)7ATcJV^NGNIMa0D9$Y~q4O_9 zdV9u1p@g2fgbru%JHEM|>vP2umzW4d-~5M6G=>lM-#@1Joj8@=;nC1cvlsqQaU+&) zn-Bb%{Gk&3i5lazj6#@vR`Ro(Eei3|>*_Y@aOh?9rX0tMUm5ZMl&G z1Ae|Xha>u`XSgFclyu!+If7I4@PM5)+oF*VoWUFzVV!D@)3=cBRh@}8oT2A9@I`1c zg*;oTU;hMqQv%{gre+F?13aXwEBMN(ciHAE6j33{G9&n1shg_c8lDlt-pj8-zvDAv z1t>PTKfI;igdv-pOCI0{;5i;l#5?TfLZ? zXyT5?HSt(3bA&QCG2YqYzZJj4<$Km>;ujwv zYM@d4;#PoO0t4y%G7j*-EK!7T(Gjf6bp>ZzU7<%Q`K~L}%wa{;#SF7CC`DCc9y&L& zhYqQj$Wx23T*9+0@D53B02wu_EnZ5_blL8TF2#RrUhK1o3o{z}rjTQ^Z_lZ>-3I3G zk0j(>mH8`&rGxZW7zZV^5%W?hf(H+RZgLCVrBGomW))`Xv@SCrEczkmBi?Btdy94o zlonx%;TE_4zV2Vjz7&5IKKi=nc`rP4oz90fJWPI!07CrSkA9K^;gJpD*N>q9oIr{d z|D~DybdnP2k0-r`yd*8!)k>EWL8D_hGXdIPq0R95EZQB^1lj`^;Vrm=wB)HkF+d-+ zafhX)g*i#vAp?>Ib4vK=^q)BFj9!QBAB17kb&sFaM`o{m6j2|SS$bMG+e2g%BA+;E z6Y_7zUUaD62_uFpbQ4@g!(j9I7RA$b*=e@m-F)>&^%s*5DNYM2=)_Ob%ShWth^;}) zLVl*rM=e#{23(f4b7`D*%yOROmac@qnp1tnP>WFr&ni>|fuN?~;R(|HB+&s3o%i^- zrdg(~F0RCdLIgZ5I1zq)>ONUAT$TW0s{pZ8fY>TPZ0##%EWptfPp^YKL|^w&O5ii{ zdkj_;SCW946pR@EUS3=Vm)$GqpG)w&fT9f-B5v7k6{<1uI-st0sk0< z4L=6orqtbxLN`_FlhjXJV0Emw^n~8thMW}{m%5F2pVo(JNj=oxp|W&o1^lWg;x9AR z{G&!XwDJ!)*NQutR&giOD(+-j*@%e}VnKLu3V5LkGK;}>(zQ@q&{ce$EqGD!jcU^+ z=vCz{)x)X+H&z>2?(t6zHCTtXDKas6X%jkNZ1h+|A)jZ2YW6A1HZ| zmi}?mi0o-E5H5!)pJWW|A_$ED`y)4)k(mS5g(Gy|H&lz(&z%7VhHuSUC)JRGUOZOH z>%59JU9p~vZZCjZ|7WDum$qYJG!6-qBe&id*o=RJOum940i6fE>+4To zuCtA~zF#fpx;C5V3KGeqD5#u4s&DaFqu=iZp!FamFevgLF#;GAlRaf$po4{z`k~)i z>bK13_Zq$5J4C+@tS}i8tf*S6*-N>Zu>9^cIhBc`E~&thL_-t70&d!2v^U-4d#Dd8YcDt20_ z*mtmJn+__0cdn3-F(mqZvz`>a1}&A2>NHS{AEdb5gtA16^?C!=3BN7ECcQeo5f`fj z{>rUDEm$DpE&0yE%P!(a+S7?gcLgCUuoI}Q1UnR6*$SaZiA7PF1YpXbHn!Y$i?|n> z9{vv>8WQIMbQI#3hdT@T`A-w)7`86{o27S{5b3fQGe9r1iGGO=iLMC@w-Ht2ZVGIK z;asysv{NElEfIYbTzZ;PaDK5;;2eyynW`nsjuY)IERvYSCjZ)9wBGqo{1d|br&T15 z2SXkc)U6!z#0B?Prh5gBLb`g&`aBB%V`V=zdM?NFa{27Q^BVbFhv&`mc@~z0RZMD4 zy-mfAcVrSR%ne^FdgP1vV)Ac_$E)$UT0CBa$7jT2Rj+VPn!JH=P~e^#1VIzJBH^@O zN*hL~VM^T~Tdd9GtMb;x;!4Cca&!@^^rSdHo)zauvslmhU>Ce#7j6Q(a1Ah$L4|3- z#|5Okpav@FIw&veDg8Hy&MXiecpvi?Lt);1DoZ7NG09Qb$zmJ7H zO8(EQV)t*EB@%fRMIW)eivMFHX9Je|;W)u}qZh3v-9Wt0la6}!kvjBCDPE$0eyM#w zSRT(kDa%6Q9KERcIy<-`oTEhYtJDC|e2EX(oFiR97H@$MlR(q$M6f1ZL=h6{p(;+R zUox!=FMoC#{<#3haKX8QsZ3^-I8Ca=abi~|-C|eI_1M&OTjRO2o$3Yk;k$5}nJjRZ zRKl|G4P!>ug-^02kLd$!u%r?aAJYHMANUwy@sveZ*b$$M87jYgf(?~~BVf8`3q$3l zCrDGltjDmof;RbU4E>tVzr;}Jl+#|D2u0bA@<0CI(B=OIL)G?G_9dRRBZXH;NMIqOr{NiU-5PQGiPaI>UmhS5BRylOoOf%S z(}g3!!LH#z`ZrW9y*63d=l1N&dru?hIXjj{uKb<^-x|k(`B$duznK*oip+key#?yz zh_*Y%H8X&nQ1wLPR6VCz%nF{@sLuI2NVy}D>phn|gQq4yvGeC%!ButO@UJ{1@Q-If zwM)L(rwbH^X1odQ=X`#M+t(ZZz)!LY@g`}#Bgg^bM?*8W={cT{u6pj}o&EH({}KnX zKlJ_1r%sY5JRzw@SB{MRzUC0`_ufvk&1Y>p#QU+KnPKN0(Mz*BbA0_r`=XI|4y^qI zeEj>J(f?I^pWLVRQ{6wF6>o7Q@-F<|UWMx$C1n%VMptl*2!h4|JjuY%*7?2K`@eu}2Z^+-kZ>PohZGmy%x82Xh?)!-xh4Q}NhqQ6b z*D|PS?W8ldMZ+Wz0YWn(nfSL{cqY0#MIf#Yi41m4Vt=>(!XaN!f*Fp>%|XLSXaTl} zINSnTI21P{lL!bZ#cGNP%IIdq{DG#Qw`pc;|s7E8Wi%E6kQXy28pzRX0U4pht&~`y(Ig6kLHFXfYW>q%U z*E`xRBGVT(7sc_ zZQEgIB#4XmG*#^rdVeBz&oO^t8~ZQtXGINtabeR&4%3b~H4ALI+S$^>5?PYpdZQ^a^{8ZEyvl4f~lX zTIn2|)H3*27kvAm3?!WhWrXR{Gs0xF%%_Yn@BYq6^|3|fI#b5ugn4)*aELO(cz#at zNi$&kU+Z71sB}21YkZxY-7bT(+coUjrrh-~-c#C<3{G!{w^ezYYz=$5lsl*5tfCAg z8G5!6nTI5=b&KHrjzGgu*0nrDJLR7w-zbWGK${AmM0v{O zWTXol;-u1qTP4_y;SQV;t)1Cbc^zu2Z_h84z(%l3?$C=2Cz%UD{k4PNGa1et5D>> zY%)&zom%I~x@V*k*u~6+Lh1>5;P2AzI~nuH9nr^ru3frB(GbBsg!5mjbo8o_u@A}+ROecsl_@KzbYsM+M?nua_-1Rqf#t5a{^E*5e&ddXL zjLfhr%U-n;(vSiPI7m8|Djj)lB;=utWrRIso~)MG^KmvIl|An>%KxL>N$Xl|LLXE1 zL|a~~P2i9#$c-z3F}za}&}l)b8J!9r?lU^cr2tla{gA|}O=T4OWO$;xYL|BVIA&O4 zhgHF3{67^3)+MvsbBI-OskebuxedqBZH}=m;oAlzH*(s38wnSo8fD*ErEVmI_Mc1< zKSKG3|ACL3arm>Mn8?c(8tBGCiT;{RZH?rio-J>cUEL_*W%KRn=RHYaNVL^^qA}n6 z5f5>5RS)T@ZGJ_~-HGPlivpX}&>pej#UTbZ{AY;3hMSmz02Au_iR9M#tT0~IDlp-4 z!h{bcCj2ceh6x`^On6rilE0?)0TaA8CoTWN8Y5*jvhrXpX`HdkLD?x`N4G$2FX*>ZmHSQ=`_5B= z@6OWJTTcdDS1vq0woGr*xL{Z_s5jc!sZBWpgM1rHi!*^OiYH~Zz3kgA0HzoSLP)Xt*v7)gbOhQW2|m4p}VvTp$-k& z%YwD1u>mN8s%mYaAUb^<)E5-Ay7BG9cu@ZPOoMu8Ol(lE=Oz!Tng;dKkRDO@^1}?& zJs*$BhhKXShu@!iJpArW+t1;5TN1i<6r0iY`UegIUF{D@bS;LGI{ez;*cm7?cQNfa zK?xjT=`)ePZIA(*8waH%@_Fg|A@VIf6Zz%?BJzJuMdW{Xv>9xt-hU8a8+gA2+ZTi= zO+W$r*iBeMGoH0@wcmIwQEvfPmb;$x09gLvh=2La;W-z!0UdkMgB zWP#~qF`d`{jkBcj-c)BvI-UE!vg&8aFwHi>=`xgA84S)T>}MbToXsR=^jU_y+=Gn>WxQ1Dtg;^3foJQP-4(% zGfF&h&q1KX-S8D#`rRz4B09{hB7)9j6lO(Nfk|zV z5C|+whOZQnNbK+`aYHp%3onvsvnZ1Uzg{fN9*d%(8imgOMJ2AmcRn$u|!;~b+pt(ICVfz~S2s=*I zkFcAL#!_9=Umjt%_Um!`o!-ybeq;LmpE$yd9Y>ep~ySYI>$Et!NTB23KU|<3_=2SMy|d7~z9a8Ci1qz0AlLWp z(E#Lv+!WG;?BBO%q7sOw<)joUb`j)tSa}FmpUAzi%(NFik$Yj6IEKi< zxi8X$X;~FvT1kXn)i5*kKJXs|^q%)i=>2vSpa;(!0lhBT9ab~jY#L3^q{ruH(({C0 zCq28U)z7je=~>mYl;Y1eV0}9k$G3%vq-S)`dYNTClb%Bd?ze`R!F{vuAi#aDPlCJj z2-1ILnTb(P;QnurrZK)$r0H+O*Pf6ix$Aa2Y3_7A?`FwQtdac0Qpr!WR0X|1R8@Ej zm4{kv4ZAG1+*MxYF|JY?e?h@lmSz27p^3+67;f+wlM{K2(}tt}C-~~lvm$m%HCca~ z?loC|?Xdo~koC8+Fk(yOMSRC*$EQe&<3;ESVEE?m=%Q*R8%8U2!)T>2jFu&&C5APV zoiC*u0;clF0<+1|rM|2!EtIyzQ;5(|q8ykt>T=^aBKWH_(;$v}8Qcu^&joQ-$(edf z6r2k-wH~;HM0=!ZvN2m^(B7?9&kEWL)#@9o)LUll zHJ(bXjw`i&K~kxqREje1=|k|+5JKi^`RQVI=PcA`cMENy>r9m@sZw2BU*6=t{!xT# zr^J<-nq10Hr3S>6Dorjmol4OShuAPLTfoEo;{tt{>k3hZF7KM`*k=sEyMOVvnqOkF zV~?Wu51HG`dU}3RuNt_4$XtEa=MIKx`OgF4#3*oj!P5Z_W4Bel5ovBI2Xn za(OR9?wkFZE3^Gt(~i3Q(A%%2@CO06-a2+G`Oj8t^9*)GUv`m{Xoa;R z#X%-P5#ZZBD3u??i(eufnY@<)F>M zdXnw;TD<+9f-xGwd*UtkYHgSBv!gtD-Ne8hj=yBHA0TY@{llw@h<|z!|MJ=O6;45u zbaDHo$&$sb6H-eRAMQu0@aBi_&xmpRs(ZF?Pl*y($rPjK0UpT%9H9?zim?9=$N-<& zU+@p%?R*|fKGQ`5-Od9YuMc#)80b14XT$!-8BUkuT%)#%KBPtN@<_duQRMLbHiCRR zJ9`OkGHaAhQbB5dbqB|eob3`Rv&OE~mi_=1r@w5(-1eMNwwH)k)LBKrDcW8lR?+GE zAkA%QQ||PQ7Sa%NtkG7*e-FR#Guud+pnHSlJEI7a8%IeJ57VK?bN~(uoJ(Vr$sjHRogotihn`;LTgLXfH#sF#LCm&MK>`q}bkCrLKeLSdkm3 zOW0{28};q&XHy<*6ZrxZdn+lA3{OtowbND6uK4NVi)n7d#N3p-GDaD4NcRzPV#izJ zCw5_qiCvv?V#=M@3q5TwlT-Y!Vzd~!_e4jqc9vj%Nm_dF2=frVqa&y306<~S8&o*e z3~WajGdSaj9+WsmJxfwcdX}V~?TaMky}=QpLBT&Tl=Vn1Nlf;7JXYSyH(A(Mtes=^ z2%(9UU;@)oMGA-QoM=^?J41$2O_?HYmqG_@YU_4c#AVCSe7^@f)AM<K?{%`diwn z+%@fR1II7GBVeoe1MoBfcAiGsnYZoOrq{8SbUR`AJi_o#f#KMx*D}TfyFUf;ehB3K z-qx@W*nN!H<=CmHl!JXb$g~0MdFyQYb{&b1;`tF9?cOnlLZmdjg*yLGsn+v7j*+y-M0Z^9|XG$PzaG*4N!PR`L#KVgnGeU6{V zIeyJ#c6uM?=T*Yv(3=?jP8vP;hOfNIPK#WCPXp|EuiDjjX=0%JII+T|_{a3YTxU*^ zjbmw12ei`)xF;M%eCyol+k&Ov>$bGIv9(fZEfoJIK%B~yu7jB#&j3$<;M)s$4BraV ztP-$h_l&6^GoOG7=F|1 z62qf80>hmZ-HLw~{h&A!UM(@c4wjnHegh>+tJvWADjDb9z>B?X($pvZyzpb|54`x- zFy1|i|9%*Tu%_et0}r;@{afpgu=&34rvzRgVM(H+5+LPRxEgg_>X*D~JJ@R0Us}z+ z-*&5m@Tb4Dn0*3-_|n!8?V2-%(5OG~We4zO#~>3r+4J78E&87D#i@P^5k&Le70$$9 z=tzLQ&91&7-}892R>ioFOYvO^ zkP{Ds;x3rFgmM;O=r4jbabQ+}<_$SzgA9Bxwunb312pA*q@A5(=bh90l(9t$_vmxo zi@A#4@Rhg7h{(j)OyfSyIo2l6obP!j4C4l|6Zp_^;?NQCPI*79ardOfivtDG@SSiP zg16ETNmE-1xdM;S?zo8(rv-M=jnu~PT$cH>;x4nUcsKE;i}CZx4*4^zUUJ7^R;(*r0~921{!Ahwl<7 z{S~Px{j?q^{fNF&`cu#m$$Lrkea~V0r|(}KmU>2iiMeq-beNpc+TH(6`hMB&|6}z1 zy%>GJ`xQJZ{&j@Be}FHkw<3<60a;i4NA!zfDdp1Cv2;>~fu&^S0n>TIjRk4pGs$@; zl)vCc9a)>(C9+OUPe9hv0ddHBa{7TGYg^3K>V*Qiv|oOcfUH-hM%EcUAnT~UB5MF0 z$@`5-`06a!KfX>ZNIj{YF~6oyta4Jrzxi+C>p#E#KZdVcO!&Hr@wJ`smE1*z6-36@ zB;G;>0us0Fw3vqjD{%r*&se4LY%8n(FPUk&V0T@bVHO!;T&^olBUvIb67iqFno~#` z?oy;pDQRL4hJxxkrC`b|rQqWF_UhatMXX|R7foGI)0UkHF9=fp#4ET0FH_1t+8+xg z*@xNGBPjmAZ^9;`?zQ^WS=c*nv61Z9SJ*U>Bji4!7+%;%E_JO_Zl$AnpZ0w#{W9h< zHG81Mx<_^4K`*h)wDbt|2Pj(X+q_vH71{^$2V|6@K*59RChzw5tB|GWN= z?Wc{V{j`Gj(@LiQY%bR9!6%Bz+-8fu;=L3&G^P*}MWe=sprxu(e=#6TH>&Ka=%q@1@=g3{6B;;bUL8W!$yKU;pp{?JlTqiWL93IB*;) zyrJrH!%%HNa@eB;?jUCap644|lIQvFyaS!5$gg>8r3)KBoKBlNl)wEt{WSb{OIF%{ zEXIB})3w&zMuCf-p|fxyZ6X&DF!Im`CTl!yiO%NAMidtu3ztR$VOJYyqYJcxbO26a>&+r zImFn?nB!!Zx`*jk{1hRI%t{nRQciCJHuSI1XKeWK(#YA7p9^W^9lQFygocp2ejxSO zaNgIk?;GL;mSf@tmZ3=kOA2|#t-iP)dBw&c8<&?Pul&bi2WE-Q-mV0Qtnfwj%RmW~ z#-UVgS=Px{n9fPto(~My+;J!s-q6kXoq4S;oo{HC++JNGw>K_5j@v6gKyGhy%sq%a zg_w}1MG}svt5Y9QSN3p374`LqdiXOOQ9Yhdm*(vMe43h*dRms)w0399X_bEV-#njQ z2>%~DpWZQ@Po#fR{3NA7zWDkI$QQ=}N@LfW5!XK%pVbX^Yy{yfBrm_$cG*F||Aj$_ z3;yi7yH3P$qp;jKT%O^>B}Dph#mf0{;8ZFihCRxzNd=FR7Fa1*OfHp5K@+X0QsDNW zu4qCQ6O{@?69wF0Wn=S3<7l%SKrjewx)qnjg(h70Egxcv|M#Q}Q`=L;LNI3or!Z4& z2|!afUlw;BF8tPX9$rq((LE+AU7rh$ImR#rO^dws4)tQ3ZEl=#_ZqfV^`)rYZh|&;EFGEpI$y7i|;6z+^bxIA6&ARaCkZVkDJfAvw6*2?$;_8JlN;tKX3U@L)Eb`gaF>!(a8@k^ zRgIpd_$ebGo=TMf#V~f$MTJk(|)aFJU4h!vl@u?aX;adyC|AL$r3>9M%BB%wRF_^$0 z-JPrfVypn0kHiXnBUUJri^xa~0(D9SA~Ay%;<&nEz0m}@+HnR)Yk&gI6HbLq8A= zJ`i*ivsmP{L}!eke_~QeUNK@YmWcjTUoDIw5X}<2o3)a#6S5-tU;@XG9{kV0CD4QCO|i`T zrMsf@KG2SdXL9`+xhpj(O#b=CTp?}v^|#}-;XifSV?6vUd){MBs;|E1B`UDB9@`+- z4J}3vd2hSc3pjP!`Oild9eTcHdGcF7 znjDX=Oq^BuK<)qYyu)rkZFDyv4wz5)O6l+9UoayHen>Y|&M>pw^6$1Lj#hFo^!@DI z!|q?+1&Kf;^cO0!`U{cFC4V8e`hlL15-via)tsg#xQ11#;!fX{@{G-;pS~5z7X`aZ zm0O%R`dH-5aR=|rO~WErRjt(D4@DGWqvR5)?$c$6i@)6}<4*Z5XC063LS=qS3|Xc+ zhrmBqWCyAj{wrRHY5B-<(uhV>Bhx<#9si14EM#lxOXM0o&=XJ5HmwxrhBJX)4g?HD zWo5~3Wsy0^(?Bjgy+{a|+g#yep$(S$n_IAE_fh;LN@p(jsN1z!UJ84q)D6cQasJQC zf1!tBUR?mAHr{(=R%P+&C=Y7}p5g|2>AQ^5SkTvEzT@T_hu_?_V$Nmd8-W(DtXff~ zwx7JMYiN?c@l}8O;5l`rwOyX&xfXd>tNz)cUmBszJK!h*6rntPkBJf5wfb?C-nxaxDqu%-8q*aQ!Iz_Wud?`Up_)|< z1fwhdM!FPTGwK}dpw{w-F8a`=_@59TMq=;zFnuWA>$`xFYo-;qo<0Ms31+OWVyv1O zEAoLdY{A)I6VrRtPEY5Z3uwyl2^^AZyU#j2A+c@lsx3G z+G|Hwd~_R4Oc1zrOTGeCVSlOcsMli2A}3Q{LC`q_K4Fwyg~f373~b}i;ZW8kGej)w z>S}Zs9w)@j>f-{=T7v8e&YI;c+yjW!ks&euob=M0zgJl@7}ebGe($yIy(l#7RaeuO zDej}u4XTY7UUM^{Vx23q5nzlh^m3kJqMoq=H!3jp`@!*J`KF?kU)|M zI}xI=ISD6GSo`p&LEHw5J?plgN%#auJ+1!`smbSGDJnAiifqukzDigUD4 z|4rc(Hv}zIJuB#&g-=E1B)<917Hm0MvGst%CTgh+7*of&22(@EY^$zzjjW#S%MvCZ zMtPss_-<;_MWG=L6vWWoYbc+swcU12O0{c)KI$J;s1q0b*d5|$9aQcdO-sh zDb~kY!?b0M%~rB5f^K?Akvi8!F=izTslcJDWCkYh3`ry8c?kvYYdC4||nzxFz-{zaQb zp?`gZc}}}x=wMR+g8Cygosck+aC&gei)!P8cee3XI+n|YfXzviEKB@iJ4ujTG&vMY#p3i)Q3G@j8=D*WxRY%HTg!|3}{`F*}pS7m*#@cT2B z0NEQkqt6f8$nlhY#R<7V=rc1z)Iscd9pvdNOASg`s!a$+XNzI>V0#CR$yu%&-YhEI z1DvhnS#xJWL2n%U^766K<=<4~D&FM_yG9D@THrrIkLJv5CDUwp_RX+DXJctpAD5T- ztDqA~Tpxf+fsJXI(y-tfwl($UMCFtofNrDFrLkzJ%XrMsH!$b(8Ux9yTtF-gN}@y4V6idj5zptStvNlI2wx7or9Su&-`;m?3q%*{nv* z;Rqg_cD%u!cA-hK58fVC?k>i6L%P4)3hDk@ujrVxLZ_4cbr*l2_-~+Zf((iy1;gPf zfUuoZ0PLOD2*WGeU>O0nWz}CM5LjAnLg0bcC<0{vG7zXB1jd*UxH1NTpOOy(0g5fG z)N_i3279U*fou~38_Wp2vkeF|kx9}2vkjidHVKMutts^n3sC=bnn3+)TNKorW}UQ- zK#{LltU>K3YzJayqRbdcIWk19jET8HwuGsr!z_HCH4%%N8;e?LMY9dA07;Q)vEUy* zQs6Tg?5$WR=VPIqkA+eQGZCI&Br-NEM%ss4No?0{BzbI++>&F3m%T8Tv7i(UQUPK}>W;8o4gW!;=2hl^5_x)}Bav8Sc5@OA zuahF9VypHORcD|o?2~dd64X|>)@(x=4&Oz2VMF%6Tts(Sw`&dCp#hwZ7f;Ik4^t^JtdOzmPY>bSs({-v;~C zF{UYY{pW@zdZ97BPG-X!0QHIt!M{n7qwudS;=sSjkv{l0C6a=FQ)QH3|Hi4D3b8PQkjBT>p$l0HHSc9i_*b18zFppYkc znz%O>h@sG!k=RAo<&u!`w_gEQBk~LgJx--Kt(lTvmRlfVtwWcDMP-+E_9$UEq3yUg zn35|YwU1!y$jR+wnrJUj0(4!hv}S!1F@RE6#{Npna_MM**H;S3MS1aDXkMI&pd}^0 zj!U?Lb-6OLcaf5}ELX&6(PJ=+3L*}3U9LF&DbESpsJjByx?IiZL6#^I1K-p#OV{^V zP@f=HifJXLp}*zRsB|U&Wn=hH`Ba#>+E4D}J{Kv%x6J7CLcY_qOZx?+F=$vVu`0`* zB~dENt&sSX<<5ZV=L<@=xpal_YX4<|iD#)og_7sV#ay103pqKNju#-C%F}SzQM9Ri zlx}0`j;l~pQ{^YMn76>8`VFl$^NCKNT(_n<8@MHoJy6|Ox`!Ho`A#FomwAG{~ z(SK}^@<)=a!@79dkselb$SylXS)j~~y$(&3in9Dbdz`P=A%`2oPPeL!_IVxEF{{uQ zRm!-m)KeH(ihp~7Y1pf`M2G!oGC!qI-s~4~_<{ocW%sAYVDxXuP#{DC()Q2?4t6SQl5*l2I2<@ z=E;S5g0qFE5eulPB5$J!xBJE%Cbg|L) zSt}=2(&Y(Rg{7NB*X7fqvi>ztoCG6D3#Rx}>@F4U)m3FyivLCSN-S@6xtxUxlon_4 z%W_3>suj87P<}T>0Y zC$zb`TzODmLC-=xDu>!uC*Wn37j(}6lXHcwq&x*^_5qsc-!Ock`+Ks{T!{pyWd!o# zuo@(hV$YJ^*3Ce9CQzQ9fsKTR8sa zjW`XsU>+<)_J^Q7jk`Kyoy*qLwS7MjHkB8ph5x~qKIpJ@>a+2Ot;4pH;?P%4Cyz0m zVqiw+UicnNpZ&L)9=?DR!tJk2a(M6o%h8+7=!U=eYeB?xPp(6+YpBg){ZS zDd8XY9;k4-UN|}2e89qe^}_b>gZnRxq3?wisFz%`bHM&e!!kKnt%Bub@r;d8UG5<9 zj6G9bu3bE1(^QxHUm+TY)AN7C^U3u5p?Drd&tmIUZdX(5$ESq<4o-44iy=>vam+?X zZJ}xO99qEx>yg|7n`p<&q|9{_k0Hry-*e6o$rPGdwf0uTWm7Pe>;K?r4u_y%OeJs> zU3UyUFGRf~6{Zp#1eBAhgjK{(3pfeSKzi;6X7&VA$>}%nBtztK*bu;N%2_1i_~*zN zNCooJ0wqg=4)f>XCLQMacech~TDaw%)C8+{_;cPQ8b>RXHpaR=JU(W7NOu+R%4*0J zsJ4n8wn#dBaTZ$)tIjYVgbqauG<(Pl1$$L0HMprHB}1GfME>OVzsv-OIWLn=$uOey zlTNkVA+d~d@BsDNsq~GON-j<3|B`xj6dy?9a4B%WYeFL{ipDX@(psBQX82j0?f!gr zY`h5eU@XY@@ESbw9$J=t1IhnQ`$NgLF7wA=Eg@4@e}===RZDNev`U)odD1FhTKfxG zWvOnNs?E)B(o!=T>zz5JHFWLsUo~a*H=R(rp7hJeT&b^aGOS7KpV6il%#a1mwN5nEI;nI$U$PI@a?Z-&pZFjvztvN$&CR7Q z0gy z&^4=fpOT#ynO;L9SknU9}xuy}$2LmaK^GjLLCB4fMzr z)}>wmT{e4D`LJHluGns7*%F2_KRb_I@CE|6mqt+2gP9YEFT|HWjO{Sr9?Xxn*p#OG}OY|p1A$gx1X?@dEPApX#KLpQLE z5K6#O9@E<97**iYQ)%R@t4{La;g-Iknk{8t+h`&&cH3#8IMJhsBuE_lZlao{)Kmh%du0F8My1{<+nI_rh zYfhj(6f`GNAO7|MNdv$or4aG}Hj8+3lI6%-A5|Vv(a*J~=*MrRsz&O3mbp}T6I7_> zmN%Tart5Vn5`KR!kJz?z^)zaBeZ*q)xy@F6u0$NxLbiF~Lf+rye@W^cyV#S4<4JL* z^w46db!d32D;%!SKg3usmQhBb{4ADf?pn&~oul2#D~%K{9|9|wQmZP<(v-!?lz!JnGLAOqC?Q_~fpxkgLVt(PvH$Yd|L}OaD%XT`!JCIr>kSSsv_V zt~CU;O4UuJT^ogNG#bLZz^WU;^Mptg^lI8d%0(G15I!p|on@-|cxpH0NfiqnTWE&32#z1s}U#%8LXT>6Sd9})$nK4df3N;cK%C4zDp`p{p6 zKBRey+gKmcJnGlvi|E`&u0+!cJi#Ze`VhTz1%pB#3cEzr&&x&@f^BBkSU_WWMQe#3V^A*AlNQtHM^+N3l{+QskSs}#qy z6+%BLR&x5nPFep~GD_LXc!Ux3hxIA&QV_bo_05T5WQAQn?qmC)s zG-gza(%>9jKj!@AWIpH!`U=7qL^Z2Cp;={%j_7Y4Y=2!T%PaN26Ux<&JhT7L215YN zkNW>?fO5r|*@f<6^g-$_*;04OBgs~!)bkF$!LFJCKV$%=#(h%_;1?6{0cOpuAS&cu ze<$_~&e?9=BaxJgj7U^hJz(9m*!`8z_^{0)c@^U?1JS=vdmWmxP|!yHFk#iCRpTEqe3=zcFOu4rQ(_gl?s6VBP9ZjeMNyds{a3KAv2m5PC&MA~; zz!mJ{@^cVgh?pm76OBGL*BUapnZ=`+bhT0flNZfY#ZfDza2q+iYWJVccQ2;G7gkV{}9@`e2xr`&gWQpOq2AK6NCUJ=Aqw{Pc-)Jbx%ikmD`5Oo#z6a znMGf39vUx+uTP1W#FJCZlK6K+SrQ8|Tok`WRRR@445w*(3oYB!@Ok(k&tr}KXlHak z+GgI58lv!o9?9Pvvm`yiRQ<#l`6~)W_oHp*{ispvqyxxbh)9;GuVW|W30{l+=u^D^ zkLc&k^pb9j>H?TIq-~o0EtbGuRTK}O*J-Sn*Bp2ksMMXqhegB08DVj*NuFHvib@3zWlEFuWt)B<^>Ep<5G>|wZ@GrT#zj%Cfb@&!cKyI~l z*D&WnVcH?r0{@@HTJZIL*MhgAYXR+PT*2`aV_WaKTpElmA(nz{xfGPhrNAYZf&#e| z6h)T;JC=ee#!?V&>t+*t`d3KPLZ0egrU_E}NbQw-SQe*!igQpIZ0Gu}85WoV%YZwK!t zBJ2qVtWHMv@Si*NdjR{ig{SDt$dC8OFC#6Rc^NUBXX63JE+f3@_ll+D&!=N4S;e+h zZSqT4N{UR|{hLmYZuc*x=TPN9x!u413AmPIXeUt>yEfz{-rygx{e5h{TAr9Bf4RL_JEO7l?DigOz+U+llG+8Y*h>6 z{OxyXTL#nKEhU#sVbi4`c~lW%x93!S%yNIuXtk*+oaXNsx~PBPjjBie z9Y^`jIKSqoq@=2b$VvW=oT`5Qjso8?=O-25)uR!IX#Jhzx%Fhan34%OZG9+tU;%9Cclp)eqXFCt+&3{vQ5U+@emS835=<2+Qid&l}hT~m`buV z2ES%!hSi>$WVWYfm`t0QJ+h}}m@T83rt1A-?5U!lT)#5SwfdQADHeOGEBGw;EWb^+ zr?$cCnhd1&_t~C`ZTbsw_S7V4Pj%ULVOnHR@$%PE-1ePY<c!)_duV|p# zYb=>749Ps9AvId@2BrQ}n*I%Tx4Giw(Td}Zibqk!XYoUbWkV$2^%{%hMu=oM=vKDI zE8=!`=8dT~<$%>vxx8tKBq~YKSG)24xMebwdHN|3$NhvUwfT9Lt&Ptc4*flquSo|f zUuX4-%2y?SeG8o(=dY#gZ*WzocqUPAd5Q^QwWXPiXe$RoFJgNtc}N9L#-XG)^o&T& z%?_TcO%9%PTUowdZhBoUymv{6(d9#VTSokPMEs)SWtm3@V9LNWx#X@Ha&DItpIuZ=a^reGGj3?F*Gazg`w-XJaAb_j_b~7dWu%llLAFy!_B`aBR;Qx4X;Ee-c_RAS#AV9cd;hhvo z<;ZvPMeIw1YhCzK+u4V=9_5gFrR#((mg$XdGLKJx#U3R9n2>!of~9F{pc)Ugo#~tv z@+o^PNAG`LNOWblB@wt|;axaWGcnlBSoy$#zG5?Too$OU7hMgO%tdZx;iEBP7Wo+ooU?tOE7Cn*OBOOtDPS8d$;<9NBzkY;^P~-`zNVUvEH6k7JPh2 zvR)i&JI+G)xz%kRHR4u(@u+(};eLt#6Ed+|() z-iv&r7iXSHy*MVm7m?%9izRc6UYyKVq+<*9UyP4CaxO7!OnIN-$3 zfLWLD%0&hN;6dv=lo`4>(aPRFbmuhCA|BygC@{<_fxzQNL3QB;C=hZ8^s=TFn8F%y z4kFnEaFv077<|4S|A$-1*MkvpBYGOq$3;6&i+0wEcGe3rtQRt5t(Y25i)>-+C2#JF zP|WCZEDpb_f!b`KHVdfbG}n-vBf%x7jP_SJl%XzZ5Hx^;T|qIGnp*9y(7+mbqT1`J zt?;#CRY}QX#R-ZXsZ-Vnq5mK6bGTS6VtlJWNc`Y>f~(w}n+^KvQZh{iSKYtd|)>Wwuz#+=q|a-=4(#M$7w8MBR3yZYtG%n5f;% zbBHzjkbU&vsMY1(fy9wKFmejR_VV3IzSg1xwm0;T3%qme^DxhpMT^`UU!?sx6geSU zWOjU!4^e~;6%y_@TynpmyDLq{7atz6h9afyIo9dN@TuUxrH?kObZeD>TwbE>S=aUQx>gd z2k-oq?3$S$;`6fn06DyF3S1}Fkq&KsI_(iorE?M8(~;c_s-wl|vMP51{ppJkk`)5sxK6QA|Qdh$We0C0(;XZz!Q3$B5%tapN7kl|`w|OGw#aEvg|v zp1LWWIDuTu9-$2)hchV=DQ<<~YmOgQ zXLA*YJ>#oQz04C#Q@fE^NwA;1)_7%_PJ6Lcn``I2k?#!C$UT!u@1|8{o8CQ?Dfdtp zQ}+ZF%R<$irAoucHTzOH5Ti2Y&AK;~I!fQAG`#EI*Q@FdjPRwznEO)1^)6R%CHqCI zli>%f$4i4>upTe1gf8zh&*h25D361fL3WBe1=ew`FP{~(1>NxZ`HedMM$!KilA}M7 zEjcJ|yu%@=8=!Fo{nc_(BJD}hann5u%sI6)jAP|+d3Qcq!5VX(SC z-DI%(+oRFjOwZt5nYy0jmSMZP>`|;0{YYsK^0ilyelHl}c!nYzRgjwK5fco?7UOUfolitxW$|C=CPV{|0E>&?<2S^GF9Urf85+hekneq)s6p># zUw`vwrUngX_*-7*W4q8h)gs8xOg@5wd>U-I*RE0WZ)$|x@!`;`vK8BJI+QZYMBvBw zn?oWjfih-;Os5OcO9$g6IIBxb>8$5{02Oy`!RGQ2moj#LK0t*sUxSC_0#k=%T=XCE>4!Q_TwTZGfzmBCt0>=5P&+Yvm&n z`V+rcptHUh3K0Oz=l!(dtU?1K3hPStFU*IFNWM3R!+z$W(|PEBUgeC0)5sFDXQfbt zLt+oacEOp-!d=Bp%93l6qnPv2*^3L}kIq&;-9uhYj=8}T?!p%8{~ya#_~v#(m0+tf z)N4RA9}>;4q~`UU%6f)nJpgHs6$EiHTpd3QIMUb?Sra8+7Prg@ae-e^blTUj#KX*g ziX&2cAJOdNVXydu3I9j-gMUmQ)Pq4@;v8f>Tb(?NVpzpR098P$zY2}RJiKo&{N`NB z%{T!N!<T`iff7#!+?#?5+X4jgef{Ub(1~ zcO9{fMB@bse_`4Th})g4@>@!9nb>BDHO43X-SDwgA7Yl?M50X%XXGg zjKfTSqu-C@Q)Is9Mb04X4=p@lTJSfG68gc5VzqHh=3L_m-L%>hTF@4qZ%nt>Vbl!Kiu4Dh ztN0hJgL-?s)hpt?z0~DtN`UlJQ_DzQ>hIaE=RlIid!ei_h)CR{O{AIo~g~Q8H%ZCB3I6o2{ z$`c(j1;q=WLE7DVnmN-C3AqrwmO15%Q)YkxHtFzRPLprxMykscF+5vF45z&yMH0tQ zW6|ygP2LiUn~9oBUBVFr9M09~?>h8%v*MVx1&gQ%B=CC?C*Up--G2!OuV^kWFy=sc zk(hYBX+OVW3H2y^2c`9lnasa_wEM~IR=c9}*%LpX!3f&LBgm`_7Z2Lf4Cb>Qu!q%3 z_V<<8rge&&SDfq@*15sGqej7n46G6}*4qYi;I>+J7r1`~`w1K{zOrn+>gWV54_lcq zR^R^ft5diBS=PC~fP69WZ-iIY`+D4)+x56NVv+5j`8MuHUMD@g*leaPP3`M)u@U#A z3WVg`S~u17x{fNtSY-??!8{V{!1&TBm*c zqbNmrrYVZx9m(QT=?UbG#5YJLH3YrI4ga zo5~B5vChzdSgvsSf5CjGn*<(?heMtjWx2CtzzmN$)Ctc&4~0V+58oaX$Ab~~#G%JM z$*wOiP*#)|MtO(j61%M+IzjmwpWl#x!Q zp@p*6Tvn#1IQNXSQHpQM>Y^-Jnk15$k4%oHF)yuYZ&MbJ6%Zzkl&QfvGx(0trRndL zrf)Ek)(``h`uELN>L50ftT;L)jw1z*=YmpSbU3U5NZVSo*Ke|x9=3lusXCx@#^qLWNO$=&EA4$-CeIMb!!~vs}<(~hA{34PsSl4)znO?6Eu!3FgjLTL3mv}(AJ&x-0GTOYJu zRXV^$PB~zP-(g%hWl7(Uzo9X@LkR>pMG+MBAGBW3RrR3_trK_KI7Tq^ICM1M*$VeM zaS0^VQ{3!3J)8xr>T*3Ux9%*QYh26WVoF^^I0uPBBH=)AxyTzPd6>LC~cUbdw zcczQ(Wb`75(NCnoV>2w}Q&t+9M9;3Ep8Z?&Y_#4pBP$qQx6QfqfW7kd3%B)^9oT{n z$P9KJ>cxQ4&*j$Njwu>obaxMv&7jNJz~J! zDu;n|t32**mB+p67?g46H{I4(ro5X9a^U!j^9$pY>sh+*imCTIFsTb7ftctooFY{c zxI+Y}#9zwER*hL8=zBBeJ|+m4pvMr%8NEQvcd=w&uD}qO}l3mBnsS+9(s7e|vAv!`3Q9@P_m^rSQ!R??yuq&1LEDs&D%DEl}z@le

    As`_%*tt zejp($i!Y;`8;>yd)~m#==Bva;6Ui}G0Yt&*RpM6jRbr!7Fa0WjF0c|rSOGm`fR!Kr zYzM>cp(GL_M!p_tCDZcO6l#So!fDzWE6tHs+;9j)@t{d?DuM6dWX8F*c#<`R-+-l8 zt{^R9L1~OGg=c()rI0o(SNQIflKRpgFfqs`LJO=|ZSEK89}B)Utu|wpM(rZ2@X}au zI+kF?`7dgiRH_Q4Zo?kFCiGATFVr94kBH|m?zbYF#xAW9xVS>o8pY+eU0R#g*;UvW zeu*SJEs!e@W`X=HjZt3kjS1zumn2vq#}T^a>4_J}_4jtaK=O@*@V^Z0#H}`JU;Kv* zo3r^o-%Y@Px)J`;SovJR`^Cy9+&i&>p@Rd8P4SJ;mSnT%dZ2On7eJUn>8eb_V-W?z zae0E?3cmFegadBfL)^3{7po`$!46y?QWCA+io*`F0wwBEKlMR7GX+#3fa zH46q~5+9w+S5)XmAm({x1&$H3-D(Rb8ljkI^qk+WESW4eoyCnxi0;LO8+*s1W@FSc zff{-<8@?J8sho3xV9d^P7kAAq5RphuhxYX49*g$mENtZb2X~W~6Cm^0MNap9NO;s2 zh-5|gel16ugwEr2bZeuDmqYT|b*XHB0}V)r{OTS|qR_l#Px0Q{sMT}ODztTBXR_B? z8~3Vhq`eKG#)krw??X@i-l~yG{oCU3{n)Qf9Cjw!b*meR!-h(T2BU5Flm16Jia1ES z$F|#}ZkMA{35?bxgZW#%YA5>YR`)%d9H!ivN}!5Ufi_kRpfsSxl=hR>b;YS}j?AP$ z?f;~`%B}cWDi`)*ePM5%Gn`iNV!5!>+WiS<13i`2`{G`x(7RM_1jM@kCKjrQgH|PH z`j!ZN%y6b}rdD8b>?*B=?Tb9J{|3aIh2Og9__jTgF)oyHIz@}g*XGP{``aCJa|_>N zjAt&d8RZyJRRS%>UEJdP!J}>{Y=jxYR@Fap?z1CY>IN+`f><4=@u!Rr4Li+k`w;rN zySQ`ilQb?Pe2<06STE8*P`yvZpp>qImY$?_LgsVjF|;EmH-#@rDpDq(kMY1mtK9vb z7}rmJjAyD{+DOumFJwKH;~!nQ4UEIbca;0bFo8aQHwFkiJgv3x4f5g+vIQ|rHebvw zRD6^x3d^OakCnjSxi)Ps0Fc=sKYUwX;B`98Gtcuq!*@`5CMpx#s2_W55z#0-#MwT9 zYF;pdO>l=aA5feP(d-!qX!hs3sQ!OJRG%HqN6wKr&^Gk+R~OMX^po8&{H_tdpR^2g zIU5-IJ{LG{nBEKWqZ}x zIbL-J%2yY7)rz80Wkt#CQkka4wY#fJ>X_}UW*jed%y!l>9n8`u9n)=Vt{Ui4TWG7E zMH21RMULa<^C6&IW2nRuD)Bo};#UbvTtg+;m&~%258ZBT znDXjuCmeF`5N2ec>(^uw=u4D=-~8rB{ppqp&5K>t1809w;?pw~*EP6B#s z9MHR>Ku_;EP=^HCRs*0z=+ODL1u044{tQ0z`mYkve`h_)vM)|3Q~Q!to~*BQ+r$*Y z?tSs`|HQ`(aPrre)?q%BZs1&(G=JDI7ITw(ZuUxUT`{*N?0l(WR!LV)WU9BH_ z6*&$ceBURM8Q(9J=_&VrzpzNR_xrgy?AVMvKjPqr<(RhXPH}`#6rb+rh`_(+e+<9y zu;E+nEwPZ;UM~@BN&4 zu=i#5rPWc7KEK9R_(o*#8r!qB$iQcl*VrQc3LEhz4ZoA0O)hK{9s>>$ww&TMFSnkf z)sHWzFE50Jh>!r%uc>$Dp5Y3W;U5k}7P1d4q?uTji@w^^z7xz;LJBc?&9P=YL$ERx zCpQOrHC0Z?z0A=#LC~fxu$u4RBGIjGz$A1Qz7g(PVM{W7i;3q3-SlmDkfzzT-KM_F zXtpQu`A>BkhzXi@HB}9aTuQ&){^o4`o$o?da4H_FMT8@A8&K-8izl@(rPZVs9(B91 z@whoML4uiKfPT>vOezhoei@~U!?#^v0$O#2QvX*0@VRX!fUnOt0G1dEX3cyehB_`S zT$CWK$PY_E@pVV*c4{>>a$IbYcTl7`m5Qi0rp3!DV8mRi;k6WSf|H# z(=M+zWvhszH;#P2?<(!ZHgbP^8YhQW#%%U?q|QA`dYr@n^r+3gNv_~%gIJYjVkt{% zS=E@0k5fUg&&00CxXQh7t3k9+wB^-$LPy`C$oVewKt5>#QB|zeGmr-RXmj<6(dx%Z znt!TgRO>W9pJ=XUAms3gTeO9Nc$&u)xjbN@`9jcqI%qx}UOByq;;{q|)6sBj;OL(OmsXgBA14)kj3Dk2T2h z-`gZv#Gpp5j_vj}bqAzOY2Cq5CXN+bd=^&Z|Ai)g;oo=pya9BP&3<&7BguXBz~vs> zhOQm2`8yWPJ0Uc&rLfVzug{z|*xq(*^KW?7zwema{_WrXi@#%(va<2D!bX#~7vxRt zHzENe9Ae-KHxXbG_Q>8&$>bdiT$a3{^@~m!?`Ae zvxkmI^;{4hb%hLkEb|0}Oc@3MX$3LoJd~ZRr%DZrX9V+X-N1=ADQyRr+)Y(mc6hG zuXPxe!lUj+NbP24y9}?=rVUz6HV`}zV~LOst~?IiDDyGHpKe;Xt7>ak!u1hAb6lb8 zDG*VcHXpBPUCoL56GXqqLDv2Tpt3lvmt2(ANjJLj26TPef}lTrrMLGTC{FHps4zXe z74pf-Ka~WaNbjIL42BOiwuTj*F8@9u(%^vorVB!C-btYUE)d=bQS1&@P;*KhZA#ri zS6XBk{fpOdSn;-da2}#ncVWiN;a$ePTuN4J z3=;WVlzA<7{3Z)84}E|{6Gz84q5U#Px{Uyc$^WFs_1Bx~cf*gKpv@hs*aOP#C0oS4 zG`BK_Y!bbcr5w#RH0X+A8nBebE?Y|%#m8#XCOeI)k?Q@#Td?({ zu(a4Oa{X7BOw-!gEm5sR4WC9Pr#H^vSgEU_D0F>rT+)j)lrQl}D%1vvwVAYa4t(Zn zrVB_kbI}w8NplHZIRa2uHlFD=m2jymfxmJ|QFDolI11Js&&=i$ug&IaPNj1i*oN9% z>SVa$P;fiS*DcA|0wMCb;dv6AhHrS_GF}&$!i6LDv)X{4$p>IhBdd(%- z@^?2V0zHo{X;aB~l;Im6gcc9XO+3P%#9c{lLyFrT)=gKxzFGLuo8-Mdu3KDPX;PY3?k`RsZ`b{e9iT#r zvh+2UMKEk+{qo^5dEe5e)N~_lB!6_#w4HHgwHEqvvrN0|~L!wJ@K3&1VgcWVH zny}R+h%SG%Lyzr@Qj}p_770Ho-%)-~3a5+L;rryfl$g%T-|Z>p&foOq{yTr>hQytx zq(PB<*GtUOU1GI8;ayi#IIZ5PsopT2a_YU`Qqg_}z8%_k7+)(RVs4U+ELMMv&EvgU zPH^zNp<`){v!Xu7tTL7DzkYwNuPf79t)+Tmf6&#*mK*+b(-&@`bQ_UXOBM3#W1Kb8 zWkq3H8g{mcHL>1&`!CCS^UHN|y{S8+$Lq~Z<@?6n%A%4y`X|wn!`BzZvJ>Eh`6n~h)R^#E-=k!$6`93HdqPi>SC=Pr{@>05=Al(|?b+oYomBOkO@R~{ ze_}M|w)T%%&<7Tr9TN`;HcP%#9Ll&D?3_ZE_xP5Yyv&v-E?Q<)cB@L&8 zIJXf@Zw)U=8OMl&=@q3Lg0L%`$cAhDn0?nSN!{FXm>DyDB%2|1Byd`!DqpM|fqqo|*I;dL9Rs7BmTw zkiF07m-eq~Sc|*wO$%O6;4O2`brPW-Dsow~p~cOPpHdtcTlSLhn3HXaS0yF|) z;P9A#=@AkIM}#;gVo*%Zkt_KIOdy*Rb8_qh?ZyHB?vmfbNqh-qEYukCek&=!(njlA zuKH%p4qHt}GCUX9;H;Frtu#zI88)duoYp^S0;HqYwz;&cweF2|Nf6|(PzuoSN5`@} z;!Xypp32kMA{A_TF;Zb5q{5CAS1={Z6D-TZzKjE#KoVq;R1oPd%d$u+6hx(hP^ex$ z)#x)xEav7s4vzu>#c?5(tPm3>$Ut?$Du|#9*PI`S0SMnG65#vVsRzV&jR{{Gjor#E zK$vcVFOS9ePJuCD8Y5!~<064E3xyz$HU->d25ax91nxrRvfx@yin(?a{@oNvmUsRM zpw|2y@NW7t$CJKCotNWk`YvatIxiPT_-S-IUBsFSi2zh9WkeZ~wUJ3i_%a0>lDXqg zLPKE{_-Q-@=Tx}-8`3rfI&Gpsrreh|rLez%kZgkIR#9i%#h)un9wC`cru|vR>Dvgg ziF0Fud^RKMhIS>sV~iHt0RF98Jy!bwo_7^0fLPaD}D>${aqz-IbCXo`U|<1hhsF zF%6B*`@x|#cbtkIj6DStb?k{s!zH;&!$l`o4XN3e4B6WRQq(_5KI3WcmhNdn2me4n z;Kf_B-B!A%5o38dR7})uL?shy#p~!nf)H zNYp@(#~weof;A};SCWWj#xhvk^3USCHqcUN2SS4=Y8h))XeE8n7A%FR(9oDCcpiqd zoYnrX(}miOPBm zz33SmTxS=anpAZ>1Q*M2*i9+C34N})v$P8*W!1+Bq(vwjF|CEL(`BF3D8(pH1GHaw zM3;K|0*trw5o|KoV3XNsji#YXFQX>cBEQI8RT#Tfg9Xcys1L$S1=BA0qP&{bjm8a@ zWxeGJxvWn);eV(s3j_&^3PSK_kjFy^>Ppf+&4m*Pr6E8GtVi|6W*%%ta#2LqlOaT` zk}xZjE$PW>w$Qy9&Cn{z&OFYLXHV7%g&i`hWiHyk^B600cclsD-kTPO*X)HByv~is z3m7=l*zpRsUNIajbm3ea{+{BiH#=u@avHG<;GKc5nzseRUpdj(4@54C+M|Oj^0u>K;LKCW~ls~Kn7au3#2W%g2JAv{OL!VRsK=0TIQhVQme|p>$v}=%1`+JR`>RoD*vZbS>=E16$@U^ zm|`1#Ss8YNdDx9aV7BA`x|5;zZaHgV)D?(s7_Idnln z1u#Be}=Qn`Qg*h5t(GL^tFKxI>)w^^UxyMs`@2zu|+qDzuFS7yt2cZ?dpG&DpG6$yDn z3>us`t1L9;mr@*(mcB?c(+Qs)7W@!h^(+T$yrF%$rD1l9>EC(P4-oJ?)68h^J-nqxb zYj|%Td*n1c^^k|8FEoT>d!pe%o&LL_;wg1BcWTzN52|k-Hb+#P?n+E7{LB;LxSsmH zy!d^^KV|^)uXvq;gCVJO^^$xbl&&4x!?hfcAg}_Ox~uCoPw`K_b5IZVLUl=BY|$sun|BC(5yoXN4kjwwy3-eBO+#O7x*j8blOs;; znLpR0_V~soP{haws;8A;;TtSX4WQ zR66wV${d+1(Jm_(`dmyQ+MlTx!QS!-Kez#2#6Z5NBt{@XS7JDM0&3Rfz?@EZFCwL> zSN&L5xLS$I3aQdlREMjjPR~64uEuO`gA2+A96~qcnCyo*PXf`$wJKR|{5J;Ar8pTH zha)66{u|Q<>e&=WA0;atEheLK0f4k%7WrP++Y`ns-4dYBP+F0e^PlE+3ixa!W>kowK8zwI%3mlILJM zYm4dZ*6YyO-{SCyx7DZjlH2MNIjpU*iFVac$g>blP`+`OfQPc+RW~N86mIWr{>dw%UMl=KzOmV95D+J6oQc1+Kk=cG z|2UjJt6Ti7+c;I^G0M^mydeMI=RnjVdp3nEF-YT6kJ=J~CKc`9dX9X@pF%nWJy849A3 z`6v}8F?eEQTEdKIHUW);9cNQunci*$81{g1#bUB70ps3I&Hsl|Dn#2jY7WhiyP`8> zT~`;5tX{?I9=CN@g0}imTl1-hFja#eUP;Qqi__s$=~X+!t(>7unB(9cl%{Wp6U&5{ z4Y9k6wn${fyN9-_A^SKR1*>g_Ar*=h%^tdtC$UsNErr|cZ%?(+0MvcBhkV_{ zqyYO=J$sz=`QWqCx{DG!Rp$G|U+qtNiOn%Hp}D;Gx;3yN5|!Id;pBGr!Ek&P(`IxB+SOVn{5b&T7HKsF|i z)@g!-p&A28HW*%79`$y(9Nq5NG{%)0-i{glPn!{(kvh3}3f&lVtDW8SOKzNGza+W| zwo#O52b~lh@Xo;FIy3g;2>aC%d%71)i96|JsltNm9LBYNj4OOD38tDmb7B9jbM-a} zPI3S7l=$IVH`$(KR?%hK3}49_hYj?_Me3F&jiWo#LI2?T+cEm@&s4`GtK(8kgtCR# zrCKKHO*hj-{lzp=6q&eZgH6Z{x*n&Ly}Q~b@&q3v{tTnlgx0fH$aoORAdn>t z64Jh`4f1H`Qx^NpkLALyB*dpuSJn4m{qJTfH*cD$%x)yUEGbfFyW*_8659f(lGBN{4>AWqjJI(+VvT` zBerqNW7f4|uegc_ufhJ#lORfgL6mJyDWsnU-xt1D_=dBtOIf)A2Q;O7HrbT2H$5s# zCK4~yYs_Qb%ez$a?4F(DQm5ttZxSYD!Yl_=37;|%?!8Rqlq&ThibJmJXZ|}JboIGv zES|EHe4`2*oq?Uo%0`tJ11CPFP8I=|HaGxP$E zN8sd)p_Kh z%n|mrt6ONfawj}BDuB6jhGg#yYV4XpdUg`tYi4ml!1hfzIHP@rLT}h zfZ`Mxr}xI7>U)LwaTUfGGqdfz9L)A8Eu_IkEPM5H8y3Nro*+f=M=XN(kq90>@xUV3 zvZ9W0V-2$kf0Dnb$EF|BW6ufRNdUV!ClFbl&^1g}q9&zX6x5XCB4nZ%v~T<@RIO((dgSgGX~#&RAN1jp zk+@^+enJ|ELvZsrO}NZZ=r)ZdFSRX7p78mq-AJBb*3?XV9t`ii|FiL#@JZjoG2^T4 z#Fb)@#pvEKG=6laOrYow;rHQ!8e?o(|DespB;pf;8I}NyV?s}uM3^Sd>7Gea%}kQU zR!+erQ59=)DY%4kAsk@GAQsuXV|NVAzln~%oNfTHI-1H#S8`OL9mzZ!`Mj7Kx)3j+ zGhNC;cmPvyshtrUhG8U%$ZV8C7jAt;cfI|JioPepppe`K8s9V} zM8ndy$b3r8ZwlB2>_Howq8PMNU+=JhU9j=sz@|#Dl^dgARRWu90sBhhp<(;`#wgfd z5!ipFn!!$a?a;72`?V<8&q@IHHVfG0uO1q@uu#rQg?Q165E+VjlEnv?$L{3OCaY7z}eJ#ZdcKspJcBP57 z?_L0~H(J1UzH(^Te)LKd?Ck`0kOl1BO^1f{^=ioiZp45)A8^Chn2YL=K7N6VE;ovfr=rCopo*{obC{CrUCCIkEO^Eh04 z_*}Z?F81K8WmofiQINxWU&k-Hjpwe%8=+K)IW_Cqz*}{K$;dWHH?kSqgv#@_8i`O2 zIlc+EXM|2+-VjN+v_0o;?UF8{-L%qU_%-XGJ)q}@ zzdB<4B7J1ufAt8>9|_NYq~OUbBXHF{BK;L&HEKV3nRdPW>WI;k0q_3j5$eC69r=^0 zPQnwPpqj#Mnb(XB1^SxN?R4(R`e#_{*pjY&{z}*Wg~Y+rUx&|Rdh4bC34Fu#>t`Nc zes!eaTds;c%<%cu|4<+J@+=x#-bEa)K9CUp5{Azkn8VjMx(xXxt!OO2tY+3hXC1lq zfLWg0w50h`49r}dhRIjmcByCcLEicl{5pieru+}aTewh5{qKw;Ki+2ezdz%Mjkhqn z8T0w)2BHtYIc4! zlebMfYN0Kf+b+wyMagn*Cg9}05xJJ0Qev8szqgp8Q8a4X9^HR4e_WKf8S)h&0Ca{I zyuch{f(RpnLs;WWSOU#dw(H>`+M-MLuTPQTV|rSj!c(-FhVTS4fVUFImvCA0jgfbV z2rSWzGdib88&DcrN>McZ?P+Y?QO2}Tz^IVD_FH&@U7fMqWozo%?g^e_Tp4>NLtGhq zB189&txyxHQ$ zWB+5=4%TjRh9^@A9njGLZ3k7?W>`@!&eAqDgvH@0<|~ zyod+Yd6n`)U_GI$Ig{UK&;EI_Z)?u(Hh) zTtHV3l)CFd^f5Je-j2)BhhI}70I=PU_&$Ewa2 z)%(6Dc&f|aoYu`8>pYRJIbR6JmGTlWhY0hTHNJpyW#ucY+*qLa7nehkE1qFZeENfAkC5>($EYbO=U%mW$Ffqi!$ZHMx(ai z{k0c&vTKJ(i^^yL|EV#|{0B2L|Ed_wOpz|kH198I-p8Q%aRcLNe*M71rukU|dq#6F z&9=~j_T8mmCk|nZdC*GpphZLhcsVzEt(qo4idN4B8xDXc8)xkZKstU@PyJ=xAS8xGv#}wwU^Lmoh^+GmIYjGEM z`QXZxHlnZZ0;S<1TanA=8}15C=qh~ARs61qI7a!SDv~{+F}AW1o=cK_4tjA(ud*Uf zMK5@ISAFCzZl60(Pn4J6;VSN!d+H`mb*b~2bX0jFJv9agh_}(>LK)S>^zJk4Np2g~ zJpN(@puG&~RM=Rvp2c)kub@+_XZfr%?;%L;7$$$f%;es4SpsfhUlTpNLhuD60&j(E=%94YP*W@W|SBfK^1K=%j}GmPc>;5k`6V3@v2 zAk=^V%dqnTo$Me-i}t7K;^J3#GNP}j!?YvKD{D9?G^CGJK>Q%DuYa9pq1@Wh2IWBR z5)Y>vT2MiONwcxzx(d9@V=>2`oq;%Y#-~?g91Opx!u8Z@f;uF;Vi3>1M)R z)I)iG&7l3#FLt`YlZ;uj_$OaEO|?G0(MrQOo@(dPRC5--=b^bqWhre>MY0!jt$c*% zV$3yqadEG5nrmKtuHCL5E9HMebM5p^oNnG2GeOyrsj0CD1VKa0H&-ZQs`h!F9cHPY za40J#n;C*OVUB6CVF=$*$~M=Bj_h=M&^+C?{t7I!yRV@Lebj0wLL;|F6(JqJp>Om= z3z|Q-8!hM-sRdQmEJ#c8O^{knRk5>hCuo%9F8)CApPR{BkT&p8D;g+ao~0b@m$<}5 z%5Q0<>)Plo{@M2?>rZ{q+$Lul-<=d1Roczu#7A*2ofJUF*$xhFAu>?>PL0?aFE$fa z;OkkAc)q^YaRio;Qyo2%3PT(RkP4$MQXzO*Po%!QsrTOS1jH`0P}@@e*SGu+sQs{++K#h8?ULR)wFjifQ~Rs*!>0C= z={=+NbA4mE+0cW}hU&*xU4%TGRI@-!@{RWduWj`Pc2*S?g07XVuHugs|46>#=4=6i z?Iv;9qLqym;&2i9ZFV(#ioarU*rNS(6Ny6&;!xM9J7(D=MKUwuDbgq72*|p(`u2<_ zO??j_>qc2*-5)D^BI`yO44|9=1{iF!XgdEl%%USwI;nUaQIO}!1mt<^NRa2Q9tyzE zGY&wW^DX45nbZ^VoNth)?KG2eot+|;>*zv2!2qG+h>I280+|1pN{XWrU7R*s$)A>^ z^173kk9Z$FHrI9cX#q&@tYkGkm3mNF8)|b1&55b)< z=)JTo=)9s#b?#Pay_Ri{N4s=$svL%hTbwh5HG&%{3-WcAGPT@8?WsrM53CXk9cA?k zv$5m{D|f5ok5MNNp%#kCVKEAmU}3A~orn%yg$~^ctO|kE3BW3g+OUZ>f}ENi;MK{V z`r`ozQjXO=kS#z#*u$;KhYh%_{sIeR->mR&lcUz3$ZdKw7j<$^;IA|hN1f~@`jo2g z)c3PuUw5iNoH@ua0(CgHc7^Fiw37snljO`AUH4Z4*RuqgmKHlPu1<^5{WGBZZztV9 z9lC$Iq5G#tb^r7PQ{$wxp6UMiY5ScTY%O~yx)izOHW%CMINjfE()}OqiSF-(?th!1 z`*(PR?*EWQ_uof}8AtE4#~?tu{{*4?S8J_9>`5LQ4hG~#+YCXwWTr{?SIV~3uR5}N zKQ(4Zf-g^D)Yb@-pw0=P_+~BA4~KJx{hsXOmeUVPaNr8wAurb)|IOC8TQU2NwX<0y zB^NyF$)yxllX7#2O|!wTdEnb3X`p1wqDwvAqu$1In5>FYK2_C_Yzj}IOc=fdv<1Dp6HzABkleqfHm#Doh;o02>|gC3B<|N_!EN?S z3f&X3zmIoh9k_(vy~nqKGrteP%k|g&WaRkm^lK7+g`dOcsLSsIzh#%-e*|@xUx&l$ z6I?9{G#LfHSF8o5hyt!QIG?oAhUZ8@|UF&PHp0S^KIFr9j7vD36}8lzDW0z0RYLQl%5) z5PJDsGeR>D3L%${(0zR=1*}MC`)^DRZ89OWHrb5OLrX;7cmtvSgwQ?7u?U@RLFmJ} zgF)zpI*Cv!Av9bdbTJ|HIxN=VTnj>d1Va9$IzqKniJTko@i?lqoGN{9i^WhKZpJX! z4Tc`|S~F@@I%+o%X&$thF{ueKCaQtSUMh22T*D4a!~GA6G(Y-f`w{At*wbX5hr!VP zmWCJU;>9WS;sJU=-d0fzx7IO+e_WztSV+h3?UcY9+ z`AJp7Or1SS?`%~2`?*(-dfRh+e_DQc{r%@**1zL0>yJFl`aj)$nEgM@`ga^g{a~d_ z-yxKkcw~z$5s!55&l?MmoGwbD6HHAAt|#*;u@gt}p~9g#f2arT zU4P`-TQKUt^S|qhBR2nQ7K}b%d&`bwd+XUjgk9ger{~~=E%vNG7aXuZFLxfv{`|2A z{TY|A#h$_E;{ta5+)tOnza(y;2mHONC-Bunh41n&Sd&B$VYso_Y|iTj;(_JU7G2(% ztO=U-^B0FE@4Cb9zJve|2+wkC2`r=8T?y!zgg_6azwJLAVt*yP{uU<{?XL;J9fW+3 zwNOnxO#EW|o0bq>5B!-A)qT15{QdhCPnmc`+?R9a?Z27Uix2F+{8m;%_vNz=-hcVe z9bX)t|MFF40Nwa6=UM%i3168QkL`}p5mV|Y>;ZWK71EBG9io0ok9UaLn|{E+>g-A{ zkGy8?*ag^iSOcalvE@{H7|0c)Y#7CJyM;!wXO_iX9HXoDPBAy9uz{c7(9|Lr<}5uwYjLKm~g)#F27N)LXSpTb)M%67}B> z?SA}L8pf9JfM1j>vqeqiARI<1cDlLid|OiZ5`$sh>K)H8U-do`470j-PZ$PAq~G`6 z55p9v#Sh74X-8&Aj!EmukN`tE7)!`7&nCd`y(5I(J&c`iYL77dAT2S|3?#oSrS4yl zDK!i7@Kl76HyGvbI-^j;!RVC%!6^T^0F3fT0uH*f*p?I-82fhS7#kfb=5Us=7gz>5 z3vliUM?{~)UA)bAAr9?INA&ZJh8Ns;-8=Ro-8(j5@s4$l@Jz<39egT0lP%t{TjpK~ zky^yAv7gL6K8i#EAIEIb?%ryTwj4@1mONr9_4au-@`&B$Q5Te$DrsxR@e$nu7dyh{ z)jM4vHRXJVuYt2#X>hvgnb(6(w;HG=rhmcdov8*0U3{HTA6QCH|BtqBfsdlP{?8_x zuwY;|3KA4GYShH~NE9^-C|THr8JOiE1n_}a6^aiOlU*KaG_nb1I$fo<`m459ZEb&Q z?XUD9BCRzGngpy6eDd%SM0D0w38)Y#WdGlD?#%A&Wknqq4=ai?~ZXVLe3hZ z3vGfEVc=CGbFNh*^Se^_36bL+JWW>TB^~d`0(`Am8q7(m_L=c^iEuZWN7*;X=Du3l(RE`GBaa;0`UQ?oY-jTvJ zqJB5(?@FsbMxhXE%=+nCI3>{<@buX0cN_U!f0@JL)~3tRgiL~zTtps7)-(7!*0_z4 z7qU!HfeBMhp<1ocIVSBi36IX7`=&;R_G-6nuYP`aa(F=PnZ5S%hmf8UD`?lwIC7UF z<#2FWK)>5fw{+>vbO7nz{jQv%oX{va+~SU3Y47#`pqoNiLjaqNbvhT~^jEBipZ< zvc*<^j9^7S{!C#YMJDo*pksf=Go`+kCV++X08*ZtJ{fMo-IkDN| zL2+!SmGYjM@)ieD6tg9gzvFGP0q-}i|0-V?ol;5doV44JDQTpzM}2%7EC@3&E_So* zci6+}-Z^R(A`~-Pi$#JV*KHI zzJK%geE$dE^Zodu@7e$V{Cx`_J=a>UNv5hu$y7O?9UXT0ZRhQ6cuO|X?UC5`#Dg+` z1?4|2&%#&FJKXlQ%Q#wsd?$Kj?u5<8e~f2k1xl*2mS^H6cz=N$xuujQdAGo^Iuxy4 z*84&M3oTaKa!4UdlQU|_C%6Sd#tKEBT&#?k><*p88Yuh}m52-}z~5=?_@9p;<;b9=|nZ->QrGSo-|z$Ih{y~wxP}cH4X5+ z2Z;1_{hDjO<_P8SyS0vc571>Sb;VJmps=Oc|8>JhqZ-yXG}nA1t|+(~={b&^y3(jo zSlEeltphnrM-?_S`@gaB?&T{d;}uck*wQ|QU1qLAGneg+z1AE1{z;=PT(ygYLx#BV z`EKYJ6G@*A-jI3MbLet8GSnf5*LFahhB$m@v0UCQd%EgQRJD)+l@jiCPzAe;w{l1o zyt5bzs6kiv$&USy`@g27@~@mQKkSpWJBwpF$%QNP|7Sw-ilg1eGdm&Jk%mk+XHr0W zya$&*diBdacvYK)T`2^FB-8=&t`c`HO$T31cZUXYGa#=0{2^kekijYX*c3at{j1)RjGBk2@tewl-AF_B?1ky%jh z`JI+O5?EyntTp+_e8s{iQ!}?_>SSr9w?tZb`>D{?mDBKN3SH80MJfK=ct(II_B?9v zHLImgU-Pumd|&g`r3Jp`TT1%`ZZ@jCD{{Smari6OsgaWwK3A0E{add0g_&TZTQp?Z}V&KcpE-(#Q*8j-mY%g>4-n?)84J7r02X1-MMHcnu5R7DrqG( zkS;NI28-gyW;DjDwRjs2=2lB9-vMCpp5)u=ZAjz-kywX+3BTmq?``Oz-*4dGUi{uu z-EfG0Z^J8JcqL!F8u{_+H~5{9d_BHqZ%OkNr}~Qfr|-WJv~o+@22fSDWCmOkTAc zRDHPD#QUp&_YbpO`4#j@%_rpXT+n6PbzhHt^gh-OR=vt%AMs?#qa)lifgFXd=82_` zDHa=9{5r2t!oq8-_{Iai{O0ewoKR9OgV!s2zDn*q$vpudbS+;>AA=H>6Qi3DeEI~Z zzp^EMyj8ZWPc2dPsTJN;v=*t6o2z`9zul(={)Hu%+$}c)2RWO{Bj_CL)6~tIrRED61j~PFoUNNHx4&=RY8IN9ywU9T?L5cG>fjEnvXIGEe--i2 z_4B-pvGo%e+cS8_-}rGbAnYFiCgP*{J|k~KTVCo;qyPJo*AD<9^#En+`I2Ls>oC9y zzFk@>swwj|*H;miMQ+Rho2r_};+F@W!~mf#ovV!v;Nhs|v6GSpkSs?tq@n_#6T}l4 zKHuV?=0%m;mJ?pY7hoR4z!EkvzWox0lt`eRQI=;15L6R7-MsB`1NU%_$2z3>vD8F& z9K&CN+}-KS=EvYa{i9&LpV^CrMq<2`%FHIlb(QZ zA}zk5zN$~?jHFKPU|=>)viRUb=;Sfhv&~FG=?-+6ve-+Mp&ielNJ%jM&L2nbzY@POo4lJbf2U>JvqjJvHu~gBE30YRx?u2WB+O2n?+vV?YaD~8 zFpL|a_6Oc3)}ONq%+WD2H*|cA&Pf?(~I?*-P-ga(hD`;%+;o!gopc@r=KEg z1+q5LMX*>*#E(gDjHc>!!r{MZTd-1U{+-~C6MaeU*kYXfL2|trWOBz=!+4)2qF7wK z4X@-`i_2!?nmACNm3<`lILw=|CHMqyj0J={sf-Tt=#w1!45v1Is5Ws3uR+(aw}124 zVqf!I+1hEZwjxjU|MZC>(r#T(7Uis_yH1TS!Iv2Gw)e8>httyb+?q~Hl-+D&xcTp! zHa}ZM>G7thD6w`or?1_@@TXspJo>-PH2B@kmpYoffz;{>mR9J*5HrG;g05>vpOo`r zVKUhDo9~%Y%@qWNyx6yIzkbIYQ&=c#uC{7d|NbQ<5OL&i6b~SRw)qWmD`kOJ3v`<+ zYo{^bD!WCt%e2UL!Xis~I*n_9zM9)a{+Q8e_bpDf>i-Ns=eFfkctnM{R)vmi6+U+5 zkt_THJQ@$8wzs|3^?Y30&TVFG6bx5>vBKlMa`x;W-htkVT3uGH&TO@w^)0n7LakVL zJF)I|VPAlH;crP!oEAeq*9v(ukk5KzzdQzf(ZV557N3qcp-tc|u|hM9eD5nX`Yd~i z6*@Iju#RpK6y05In<;tQk~5_^IaB_*HD9>=ipi3iC>NolwizI~#jzOojLcn_4(zn^ z$~aFfpDigx^@*)m9H;O)-~ZraJXOy4HKs~AC9dU3DuSl-Epr#3Eoo8IPqjVZxPfkd zVBEMx%&rW5x0kMHSh{m(s!9FPq~z*)c#Xj3(GOxfZ64=B<}1g>F>IK#-?)qPaTTGHFD3iSqQQ+Vi*F~fGum15G|YzV ze2#SSTWX4NJEL+mc2?*ZIck(N7sTEr_R?#?rB^bSE|Ho`d0)z(aG8xuXKhY$>8vD| z7H_6;Z&-o}ayONs>UX%=67eAMdGmXM+w-h)2>l+kIVm-SlGuO8yQzI4#p>gC9wn>i z#D|DZyX0`Y108J~4Bl=&lP9F52|?Pn$s}Z1`0Qh6PTFmaCpX{ifIyb3O>|l|g(J+b z_*2H>cZlJ8?f*w`(-}>+dC0l$;B4{((TB_7H7<^i(udYJUiM)z1J|4Y0e$!w{2VDp zzlxuaS8* zyhg4_t&vZpt&vl)2oivsTqlbF$G{>4joB<`l`(rD-9Lv7Q=3?lRE$lzRU2Ez#$)|5 z?x&Xk0)4uhmnKpa`1E$tUJ99$itIGbIdq6jm7U-xdOZjkdX@npq)YYeSU6qe4m5o% zHJ;*NreSl@cH`~0O^UokMQd&GVPsf&`8aA{4RD6>C8CYFl6$<{*2LJWR(V^^PQl1b z%n6ao70^13gAYRD*JnWn%D-Sl+Kr8)tttmo+ncsow>9cD;M>Wr~7h(EMjrdp9 zRxQ);NI$Pu=eAV`91gjyfB+bf6R*%2>gjGG05y^b*z_`($s}O#I3`|7N@;tGRu$nM zWfN2cd5mX}issi1PiuY{Piben`@7vTX=}Uven}2hoNOyyB^H|m=C@sWv*S%j;g{H$ z_zik+rY%R59t?tdg(+As*quzx&*Cv{FTLdTl>EjkZqmPzhrsyjo4qBs6yB2Medg$s zzS`I8t;6BXneS)cL4J^>9Y1^kk<(8>D`~S{RS_{GQ+QG#Jd-g)jl9R zO1RslN~7Th14Hnj-#uECGx2)oj}=FUH_<6;zS3%#aV9)W*E9PlK=YtW@Li3lrPU@s z&bZr|L$%7ls#{#v8(!NR=ce8u)0A;W);C7k-Z(w=28$^W6Ah|tWSXtRkRosGi1lRb)V7wQ;)Df`87UPUqlqS z{0%liV;zSdSx}ameU{V47mQuIs*@YFPy$-DpbX2|(&j*!$0$&~DD4~C z%=G$h+UU~DQ^JSxq-8@mPQ-C4FmomR>OrsG$Ey`^Ez6NIAuEk#{7|H{x zJtnCql3w7E^($EYI!}!(a>Ze91mhRWiPwTBDf;o$yj>9Wy2*jpjMe|%`u7v@tuk4p zuo52+?I(|1e63rZ_8Wgk23emDSI#$rLuInVv7E@smfjhAc)eW>wf9hL`4>NIZEUe^ zx2A1KM~K%gl|OI0#y#ow4$H+x#{LEVro$^~N{<{q;F6^=9r(iSL0d#?b+JR%`oxZBZ|(X8-iCWh zP$5AvcNR;H)3G6=yqnX@yVEK!&QU|xW+{^NmrdBW)yS}Wl;|f;S$m%R`xM7sq2I!N zQ;vkHgqp@Kv`O`$43-^(LZ;syU(f`CR0f1?Kd*Se0t^xxht< zH2?r|@Mhf~{Mx7fs;?LQ7C-#jL2tubM4&g%0bi!nqaCd#U!Ea}yXo=J*G$9QMKk{r zHvFLSaLiGAB{e|~--YTz6G0zWK&Sp=dyLR){^5?$B@K7EigSV$TzK+M7)muX)P$Bu zOXtui9)mx2{bWQ)B)5KbdBNkQCdPayiz_9Ef2|m}6y_b2Cl9qgpS` zGCya*CK`eaJRf$4`o%fHlgT;+BxSO(g>EY)qC^7SlG_0kr6ZnOiEfL77G)HEhU4AQ z&W@LO3j3?n2p=Ud?l_Joa2Esv2psb%A~ZdxX?qj-45<3^v>0GU1&1l&HdlO5x_sD% z`Me=GM9~ME`^6+{Ia4qF~ZXO>dC?US+PL z0?Qs#Oq4GNWr;w);-D`htL5mYPSvqbp~EMFMZtFWlz3mFa^Y3p6(5=*KVem@P-s4B zPE%NeR)(?oqe-jDDOy3_0H0Ox`nR7plN)H84PXj9#5HN%76})fMlGKYhee8zM`qs1 za8|}V*&BQSq@|G$UW}RSiuc9e653zSlFj`UTcky=hP6bm41CuzG>%DGBQ3g3M*i3j z$XjV;{-E+S20jBxOsR*CInu83Cyt^v@*biiTv`MptC3I_XjdhaBx2f`wEAJnfOa;n z75gd2gmrz}e)31LpX>%TV3FQxT-2RN1hh|y#M)MKLkVDE{=#kFO~gFW=VL>egAL_l z+E7BwiP%tHG3Aw4nEy^x^ns=3exjCI6g_VZDEgkYp`c&AHk3l-!1@}{4w}O%HT9)s z=n23AVngLNLWJ&uJV@5U{AbTfBlYU2B@i&fLZ}CFz5x2-0yoiF(Pz6^5Re+bBy6z! z18LbFd}$pETD8&r049;&7m_<4uwWqi^$pIP*jk5e7ouCJQ@apBhvrUX<8ROUMW>F{ zukPm@`-7qVyot562fP$*ihM_PI3P^{?%;X4Z*q+RnYqhrf~ zYsrgh2rcil-C?|2eQvZnyrx9S^nn2b`FZ#+Wh!&WMugk^PYo&5gl*aGVYjnudTzo0k^GtkpEBcILtO?^V zbIt5PQB+<9fzO^yFYF?8O$x z{o`elkHrEMFH<}pEQCQD6oVx})-I9T#+h65INq6K^%w_#mn8ZaSL>K!htJc4ZK}slT|5Qb zq8j-f(Nowx^w4B6?K3v2)AFs2N(M?}36WyH=R30RPxCQn>t)PO>>G=1JJcmV{I(q` zpnU?A1sDpwf<@Q9L2W6tHmLdCAQYPXJF!819K0EIVuRwjw%*hF@cLoa zhXMZ->qBaXnxA!t`s5|rpW?VZO%sY}JJFdUmSc0QH7}c__cDF2 z+!pg9vk-=a*bWYmHTXcxz{>F>ckBiV^_FZ`wl-akHmTaa*qdA{-fr_(iF)=*MWJf; ze~LJxp ztQF>=q{UD@^YC&o&)w?F!&*m>MhGPE?rn2~e(v)aiynw9c3hf(vj1WZfHF9~;h|Uh zS(`MbyUkCqd(NfoPdd2SKbgr9Bd^I+{aW-=_AMP8jTJPkYiSNl7G9uJ*d`pm_EPpN zJtG<`Y*^QcR4qyww~uOA*U%i8BJy5NXW4S%!=kZc8`gE1nF^Dc(q6e-yfSq)0m;Pg z;&gy8Ihm3{1xQ^&)3ViHmPf5IqiUu8ER!Ad(i-Z@09T8j@t8-=*RivJ;Br6q0`6fg{Pa_7I~LG z-R{i6x_y>ieo#k*s->pOL|95p(LKhG&-ow`I|C0!H{5kPMDq93EfJqu%_TYZ-l=ZtUjU1DyCdxLMIcbCYH_0+R9ZO)wWTJREg{AICNt?o5v zZga;flJG19yk*asW-(-v8lMvjgw%L1o9$SJsa%KgZS@^P`&ktGS$k+t>`r<~+lK!&W5dTV@KfbBb2L?L5sxNXaXo}+NFsZKS3*WX zGK7&t5UAHRE^_v@_T#nKk2gX_(T_9b=?T{AUa?B(A2l;+Y1j6_G?rXG$x+*lbSzd< znZS**M7PBZt_vqEI{iOf%4V0vc!bH^vHB9K<%E|3I}+k#Q=S*TfM-AF)u8{JEdw}S z>0s-~)0Wlj$HIn3T15=`1>v7PXR#`f9b4KtNQ(!Irj>*zwl@7Qtwpxv{*-)P@8{pF z#Pj2OKYt(3;eGg>?mrDw8DpRNI$;*}eeY}K^7j7rzgV7-5`KFWMf$!&c~k#u<-v)w z0EPXB_h(w|S^JyA74co~vqgIr{^onP=feM5dqjCVp0w!w{q9Sa!z`xd1dmS|uos(q zq;bmM;EC|P@0aE_9^wAc$;M#xsxm{_A0zx%}wH_u(hL_xMhI;=jmm1>d7R zjCLglQ;44sQH;y~a#$*TxBG~bLN+`nxbNonvHQ=5ui!hbp9PN}uKyYKjAENT!_1n08zytp?bXkynuwUN}q<+Q;z@ zfa(SCdV&kk9%CWj=!La*%0qt9x`VXijq@-TQQ0xQ{CD2KyMxb=cTAr-k350x% zkaS2g&~xFPg$hTDN7_bUVNl;d?0URfL)|VBs#{sSALgI#2O5baPq)-~Er(QJ0K6yU zl2*#a&4KQQ{qVG&$lZa!7MKUh(I><@2yc8G1Gq$jPdW>Kfcc$DbZ36R@lE^;vM0!T z9+6cjSA{U|`rIxk$WKT`KDS#=jBy7%UrLQ**@b%_33CniK!%4MZ;@Md^aK}3&18K7 zQJjNpN79b}6B8vgJr)BjlQuuX^)quq&&v8Gs{SLGO@LwFM4o@mpYwI7`7aGjnoYJF z8~;zxwh4Y$Ik8R1v0O|`I;;(Jnqu`*p{@SO4iz$Zn9kd_Ha$R_D9r=%h3GbxtRt5; zyaBC-wVg;|1(;)!iZlMfa?uE^qm$sgNOeTnxWeNm_KM5p)`f^K6!bV*rshg;t?8mtWx!RruTECO;X z2xsgx+VO(4a#69>rO*j5$XVTa?PRMv;!!5Q+~9`ze1qFv-5him>wzkt?jND4?jb&K z(okZc*y=+dfIZ#|YkQ~TX>!M$XMFt}uw{v&Ptg1%Z5Wm*Oo%RPiYjfbG(}a(+r?9q zP}xfe;pHj%bsuI>noGe`!A1*@O-|AMM)Py#6n(poSuBjQz%(&ERjn>HJu$y!#|F$E zP@AH$(Y1yFund#}Ezl0HvAEwhuqjH+OU@iwyUXon$WjluK#610C?Qlal;-J@8ZYG7 z`irq*)yv>Ux!B87neZ}mDywv=7t`3^2syfzsPaHFcj<8*-=7FtZ_FXLyM z`tGYGhndqIwmJQc)VP$LQsHrlXi)_<)(jUY$mSUqQmCCo+2Q9>_@c9+< zuf!pz=HLA$)4D3(V19g+c@}*M72D=tJ=$3_k21)sEQT%i1CmXff8K`r;?x8L#NjU% z6R;yS0qHy!_NQ)Q*P%l#cJ+71cG1+!^j}ZTKdSom7wCXnJ=)b1AltD%heio{D*SId z>rS)v#hfeW*g6w0;Pu%y|6siCG?t)D)$s{+N3`CYfF)uAX4+dsa4bICl|Ci5KSO7` zX!4}3pDjalmtLKxfw}0C8jA??k?xdvrfFJZK1{c_kpMTGU_uap9rKRk| zA6ZldKwNmy$Im90K9rFGD!GyrJcPO}xR3 z0-6Rk{1%CVdQ^C^tueo_wV~l95{`0$H*)K4UJ~%l5;Y4oTh4f1VRw9Q>-Al7$ zm8^{hTIG<6asddDIG%p=HBtv|->7H_!S83vS@=DV_&rY+{7%j;HxaL^>AVj7b}bnA zbQ`Z5e_>vKF2(Do+j;%;EWG|$iq}W~4!w;Cyl}BQ_6w{t$>aW?JOwytkumD2yqx#~ zql!LmOeU_Q#4C-{=;_p?+xuVXsSo&7$?fdoc0E2;gCTN^Ax|UaY-7)Fk^gkYmZ+34 zDRpKku)x^%)33irymr>(B-^5W&QstbY!}AQuvqcUOeeh7 z`5(rM2DH$S1zKQr`IX;hjbXC1sX?Tg>2V|>5bTWMntIWx9T-FAE zxA@7V+Mc*=`+q!Mz572e+5g}CC-j7P9X!rX%$jcFY?LJAhMezMUc*cGC+X+5=;t!& z_vVw|n|=-Tz>$i2zmgO|(m46LtQ8*7A3vbI4yl>WrW&M`2lPs8h3p!4v$X+UM@C9W zSfu^Yy=0E-nuz-WD1?m@5S=7(fji?`CQOf4Xf>ZI;TawRR0Y5R}jc|~e` zis^v0RSxgZuQkLT)aJ`GHTi*gx>|Hl>&K6{f>)`jmzhnq*$YH_hbZB@2DtNUci9@t zuYDle1zkq8DR`dQo&omu1dHMBmPhZW8p5xC7!V#RQX>U5Bl%ScAB3p%7hYE9cVj20 zQWF0XyGJ?kpS6GV!M{mv7)jIu`s*y<4TQWU{}sGB5UDrh$RcbY5UWYS7~#9v9a^JA zoEP&30wdTKf6iM~u-*bBsh^TFkysFb%X$)jkzA?D$!8mzy4^$^Im_LnZMF>q6KLgVY-(5-d%2 zM;!q{B?R!)iA~uZ02qM{ZOb3HJAbsg({R^?$=-0z!}o?>zu?!@8yb$-c`RX(iv^fm zKZSZ|4pVRrjrFxW100=6;A~7g?Big4GT|^^u4i1X&ehAGjN}i{Kx%xNZFt9<{vb&i z9tiPeGU*Ciq%W9z{$yWz4uu#=KgTXBNSuVEXtv zHjBtYerU$^@cf;VJe)$Y%;C#xRDgeNeU}=87N{I7xgZn(UqP;2u2}MD)IPnDw@G((5ur@BEi;W<=+%S)2mzU>RvdgT;*}qqx z;p!!#ga1*y=@~_=F-0MqkK}(PvM?q8A70*U`6bDlV8zVBi5-87M8)(GAa)~13|aG1 zP!d0U3LL%8TpTg}8J!;pbQ}NIoK09d%z18^BEWA{^$TQu2=(tu;>xBe%xBQ_?7nEj z35$S?4QG%Od-+ca6^@Mjrp_6+>74&~G|BIDa7zU)$*e|)feGPN=y1z5$|{;?_^;1| zNMV6;YP%AdoCt5v!~T&ch3O{j$~VaK>>{C~ZiT~H1u3ci%9f1zH&HLlRXy#BG$yKG zX;xvD|C|>7vj~Q%O!UexmTO+bTSI%|)78kGF8C%Kl|O6eBSN3Z$~~zK*gr`sU|%E-2T-eE|mus2~RYAeznwi5KY><))6dHN6e~{ zR?d<`XU49Dp;^p%&c;_K6SzsPi|XFlz|_W7@tTXM2-C*FL}39O!AX*{KE@RkeV*1kxsN> zGAUX#;MgB}OVvJ!jlxrOyKxlzsl@)`FrMY32lZmnpmA!Z<`H~)54A(@Lqmfi6wD9B zvER$#1}gU|+5w_VSueb8OZ7^J_wUwJrw%vnz$?{zTS1?IXFW(WgDe0RJvXT3?+|%Z z4?I`th`$2g4|tVQ_qSIVa1^) zIk8suYzciKYp=x?6WUOMQY== zpbTQUv0W{{z9?sO!^qsWMHllpe@^BkA;}D@JP*HUnE6ZPUTY$0`z`A$!l;+nm?ww^af{V@fV_Z#?d?EgqXxP z+e!kSp5XbwwnioWl}0hPHHtSZz*?hBSnHQhGORVq9dD-@!?UG_&w+$!A!Ma<@_Zq$Tf+GVz@A?Rd`lLfq*iq@5Wo>^z#nb83GEZvSxru)ft7o~!4P1Fse; zA*`RW(uyoKmEfs(lldg=JV|g6k1yZ=7JS_`o4>9=8(nmW54&(`{JZnv z$WE&pJVPnaLUN?8W014cNu#BX2Ig}p9wzFF$6C*g6h(PmU zwl!ZP{g;5Mm2W_4Oel^| zGQk&C6vh6WYyFU#Xh#D-l(2&z8=+A3#V}Bpz#Xwn)@MWO?s0_XFzmmKw82;j>r`I1 z@a}U6=e}9yL%zC&9lci^Zn^&1a)x(X`28~f3Q@pNTCkJCAtnig!xk0}J5Awmk0~6s z1j~eQct8k;Bw4h~T`uH7tlML@2zjst@Z5?BEzZ}jW+p9=z|-w>IY9eaHRcf=>w_#%N&=+d2|qpP7EmJEo$TeOMKi) zn~&9AOMcwS^5YI>qAN`KaVz$(t*U36B|pAt%8zf_ruxO~HayWt_@|FcL{PBpf%%o5(XQWUxMA@jjcsYsQJJW4z}Twk3-MhEoS zZri9b9*zK$^iOj1Qr(V>Z;~s5KG|g+2%sM>8x6fE6skT(VKix%FqV5U61mVVvsU%( z@wH(d@8_TNG{nN*7$rvAsJH`eZXc(|4-@yrtw>ih%FIAi%{6Dz{c5Sx5Om$zX8u{k z;qD)Gyou<)bCEH9$8@D#?TDseXDX5RQQ*U~HeBd6VpG-7$8C*As{ zYBhj9U{sFeZ<`5jy#E1VUOB4!=*$ZfO(x7SicmP{$bp`za2r3Qz28uORt_EI7Z^A- z(Tx2h&cpwh=YEUvo0k*4ucu3k|BNzcl206#1GrbcO%VvfOW-`vIFh%G>1Awnr(2`c z$k<{RyI%0~p4r-dy zU-`!9s-gY7(nD+f(&#t64F?>-cPJXP_ud24FsW%L^(O&~{Oc+}`SRGJm+4&Kh`FxN zv3v;sBjdPwVw(bNFK&)--sWryL!-GyRo^an-EmP?J~cEMq}((s$R`oU{rdKtIjB;KQGjCGR3x|z7Q zQ?cY~V9CZC>9qIhZ;_|S{urs%a`wD%(Q6SBKUPD%AABUIS}DT#@}>v*ST3dGk$A57;Qdy(0br7 zAKYs_*gU<+jNM@LzmJ~T)@PpC@IYK6HPYn|90kNn(d8jLZ<3{Po5+OoGDkI)#vG7e zY`=YI8~%6DO=}ya2iG9yA(lHM&ULg3(5hC#(f}=LPV`b0p{gnbFyk4-C` zY#g_YduHp;uaBlbwcMTCbCUfbr_$~DS-O+|ox1b&;-l%#KN}C%9bc0eC|iGib~ODN z|6r+t|8uSWs5iG&SslTeJwU#>rRu0VasE+tVt@E>ow%nlgWLY~oyX^O@miMg(XxzB z!%=r_+M=WB+R2CQ+Ed|P!lUWR z)TM{(%9f?JQOXegW|IAQvSmN!nE$6yh*rh(UhryFzX?nA=wjeVO8E!u-nk1Nn=$Nd z=v-ZZ>`l(3Y-h-x&B1BHLIqn?B+x0`4?mmBmn?Qdv+Pp!Ih)BM6(1(bz5`BfpHivu z0U|U29lL+^0ot?ARJB_N-i(RVQ%<~ZCaiGEV9C!w@+)gt%rFmgt=~7lV zyM%fI?1JKN(#;4nk4pZ&X|ixGAYr~c?c(Xp#=3i1fHN%VsM8i1^N&b7qJic+(EqC5 z^xw2AMSj%^y=o)>)ZXO(!_8U9f1#cHn|9f$Kkoi?>W^h+6VzX9<{5l{8ubST9A8*= zSSJ4eHXIf48DBXv{pm9CZu@28n~m{Yc-GjL=Qn(7Jgt;{4BC`KC10}z5UAAB3ggrY zNEi_PJuqlO<{7zAj$9O)N-h^lb+&IM%GPr7e3TfqA-o(tYYNK zEOT&Y5hje`f}1<4OqJmmcfX%ly_hm~ni-{)1&nkrz;9bHVl!OtmHcC(>3I_yoAJ`a z)=Qi(GS(HF&pAeurr0e< zgY555PrXmBJX06~IDzi0N@<#-Ss|dv7qV+LA-CdrjBcA{DHsERe4^EO>L5l8 z387ETCZ)xvxA)huLpu23vW@AjcV-<^WBQ$`zGjODpDaIv>5Y?YFWU9}Wd6+Yzr)sm zhExOIz9YQ>-2vWNM@yfK{vKLlD{y(Lz@1A{1*Wf`C<%-5Em)b8 z_sL=T{M~c3eB#SpTrw9}#$l$Dp%5!(#U4PZS>ySe*Md}V5gt6we&1U~mXeL(W>dwD zZrs%>tAV_}^KExP&n9yeM80A}mPW6K@xEZu=>SBd3P+p$vFzBC*skc4#UlI$vMHcS zd>H+uTkdGlP&I#-Aw$%O*Ya9SI!p2uQZOlVazl>a0>sS?L?d3RL>8bBnc$P)KrRg< ze2lqvEFwLG7mO+_7*|k`qRcwqGOwrRRTL}R#bi0MMWV!Dny;UY!ptVY%ZQqj6wl)C zi9Bl$#~&5;DhBti!gzhr5$Dslz8|r@pX8@%8m{Vee!5KX)4ea!`B%RFc|0xu@a#0! zA=7FKy`C)BFfLk@;$tr0sa}~#{;Hl8JH~7QzA|cS=P!sP{;qphC95P@xyx7r(wht> zejk=Ut23MRYf@dfYAmi(`ljB?&i@(jcNy2NS@|1M^NVzybl&~c@bG?@i2gY` z8tyJwG??xl8EfBB1P73WLK_@iYmuut^Z)9V~>9;EQyh*(5du z%^_5dZ*r7{ToD^dV@HH+w+KnsxpW&8uY~q7e7%Tv~#Y@6zDjT`~>@zn!0Z^@Cy#oBf!N0XWk88GSS&w)#@zneN3* zIyPU=HX1#TRzQ=+0Kqlc2;NBiMgvCIjX5vp`9&AH!KX}wyX>IDzee%@^5p3>b{!yE z;bp#+N-aoRH*?Vx#_1F7V)clkwg&raAylYbYJw4@xNA$#&rmL>B(*9P*rQvnI zL6RD_LD=*+>?g32lm+}w1lmKNSesP#^@qItI*lqc+agl-^}$*S{)t^RbIzSzm$4K) z^6$ee1v!-Si1YV@THE~nY5sSfzrU{SHGk7pJ=yA-7mT(YUCLzOt5)*2Rw`5 zE50k?eOX-VcgC18MLF@I%awayl*$5ZlM5nZ}56zC1tWt15orv?7!uPC;L-Y%AL~5cq)bR&M!=^*6V~!Wj zwTj-vHy_b%cpJ}6DSe(9kKF!#A~ucBNK!zvKCBFomXd>UPM;u#aSJk2v9Z(HG4P=U zf-J#f6+J@rn9G76*_4RC!D?LN*Lnhrt>d9SvtK<*;}RVD$Q~oZzYQJ_=*)@u6tW~{KW+8f)0K}^*`(W z!IP=m*!~+{HoA>fdwJPF_a~;!@s8V|;-oZ?l*IDFZHHffX}v^wDNQ9Ky>~S?_NvC1 ze%oQh(d_-HGlHDi_FD=Ju57Am#DDm5K@>7?_(UC^fuOP}syeY#**QlBPz zr#UrPy2YOPXo{RMx-$B-1qp{)uQ6+AYYG{5eW#Q3ou7Zn`i^mAeaD=2DSf9qUEjGT zqfJDz@$>DxkVPM1cJ4BM^G&v8A6iJ?-u!hy#LdJ0~y=qIcCslatB_omy=zajs|3HrcuCh5L& zpuEk�nY7vnARVqqvjzh|ptqWCQ}{uDoB6oZehvTmr#35}*3 zg~PiX($dHI908p)H-lXa%~nOt`?L%phn^>EBRe=~g5z_#MFS=co-H6~VX1k?r`Yr= zZ(?C(Gc_T2Y`ns}UD$jA4@%4)wR}GdgBmo^OgLK6FXNlHHGf9{9ssId9xum!)TNeN zN45&^Zz3Ox$)~?QAnSqx!QU#{Uh-L-pijFf2ZXx_gqzR3f;&_v$qPF^NF)M|FKLAT zK!PHuf=xZqrij%jG$sC5frq~-hvSag8tSN98G+u0hSJCuYE zKazz>jW@9LU}_1*;2X`07}FXR>Hk6%AD5ZzDKbOVop(!qPQ0wwfJFL7M9wplIi0uI z@2k&--|HcE#ym$rn6x~vHzN>GYzU>iT`u2k1tOp*1RLmnA`&|AI5k9>dwGU`Nf}Q# z4o*NW?rcD*#C)SuO=gIK3p4#Qg}<*qM_dtXJK)qt&Z0C~Z&NUf;O~2zIN(GRV$ulT zdG1hjLd1C^JIvgsI<5R{(Nf zdtch!JJeJfvO`Was(u}q^^W3z))OfIBp8ra0gI&nMvi3M6C;HsN;v9NVW7Gmg7i3&pcT(6b<-=isaogUYQZTR5t_KdZo_>4=3>ga|+eq7}?#nWATt{NHVP$PxolteV(iPoNkIu;kJ zo`e*p2<7nMT|@_X!*nQz2i>pj_m;!8sYTh>5pZ;S!`t(MB^Eu=a5p41U-Q7(zUFDO z9pDEgu`XnQtMY0U@C$sMea%iJ`er-uquN2=a_LVV{p4>>`jbyT^XOXv{pllz07^i$ zzt=j6)rh@bw4;rEZy?efk*z>g@DsF0=TLD3EuEj7%ui16)3q(kPUG-x9eq>Bxf$~G ztPQ=bcs`Jt5*Ww$z068~zAi5(Uc}Q(jM7%)vg@<^^L-0{9c%KJ*`ccI4{!F&I1k3r z^pf}IgmP?mhr{>m?;@~MOHh?p)rkM{DHzCot?V!EG(CZaRg?yaAr5pav*Sqi!ZCVRStyS@S6Iu-o{Ap}pFqYRF*sVI~3bz(=mLDi< z7pmHw`~t5#{+9SD^p^~`$1BlKof9Gh?@1|ckNwc*_3k#k-c`+z%0T;jU!md1@UtBU zojs9D-3!)H2Nk-8hql93Is8cvoFCKe2ON3BytSv{R_vf{dBQEQ&Sg)U!%1U`&9oA9 zwgSLZPv~Wid?tEH+b&&edz^KXrg;xS8D8devuqJ*p6C@bIMDPY{F~9EwVO`+wP4!q z2Tl8^cqd6@vkmxOf`9OT8N==`_+Ev7P%6gA=I_b)Hxrdy3-IY+=mj3cC00PG)O^V( zp9ir$WW*-22{qJiQeltr#%#zoBZzle{reoo>9a8#&!Ml$94jct5W!u7voJjf`^+)E zx#kG>du7CzqyyRTVh-0E@NH)sR;C?bv(Yr0y=Ye$|M-fIhV0AvkK=zf)bGooXpZow zHgR5{kI+HMR-C3~9E&Qm*K!#D1V~bgLe#~)bXBQo; zNNYf^`dz8|mx%hit@_u!e}wvv>>s4x!3Wg+97VzyE;U`q?#ic`(J=`V4qkvIaNinp z38Xcs?<^5T?&M_bp0=xL+Y#;p6pn+x!E?8A9fQks&!q+qN=I|EU*X;62(a-BQLu?>L zA?Q;*Uj|1h`p{AZF4^44hZbLso}5cPv83fuS6jDtN=-{>krD|9jJ;Qp-Xf0JL)%{h z>SN$w_srDsjB~D{iENy4)wkT&2mJ*tfgGm1xz{D~B8(e3hRFHC&GIl#nuLZ*;2a5#Lt`>^=jjUJK0gDhOTY+V9aZ$(ixvHfl7Q#y;9^)wl!&hst3d}T|EeR3U497W zqhDI-D=qdmbmvNq#87^?ybke0a~|r`YQFM;Wr4vsO9Oc94n(G571ES_QjzylU$Zyi z1I*yl1IXs^X-Xd11SyGNuY=Dh!{^DvS+P?8BGn&zb07qBd$+hh5lWhK2L7lsocKF!h6{hMo>3^Ryk$l~ zbf?SL_jOLp^+vb5{C%Tyz0$4Gxza1IlJ4i5(a#(0#N!S;ex)Us9}N(XHuED=34Jpt zuR4SD!D%!4a{2wK{64nw^K9j>L;0_Z@{h5V-!96RY~{D-&6RHJm@94FG*|kd9Xj8p zucUhh!c}#Ri_V)hokFw3gTW0mCE;ST-m!OWZtx81^(3lzlEYus?$_4)rO_RJX zUfI{I%Gk6vDV}$N0cqtx%IKTq@KvqxYf&FOb$rseHNNITWc0}nbZQc}Y*Jok4pk;? zScVK9h1Rqo^jF@R3xuLO(NuIx7-YI;t#R5k+5(fR=wGL?mpHT9;e3;!K9#>KoWR!- zKmCxn3&3tPo(mpYy4uD=Kc8mu5S^*vvw4D_$LNJ^_wJ|rb?W?M^l5F*dk^rB+R@F0 z)uWrIRXdn<+CuMO4T<+L84kT*xAtT&cvm-7b;3j;sgd)h1Ml1M zd~5#lduh`*`eh!`dyKqlzkUAJCFgI!i#AlRc&bTzc96aI-+bW`P2pzkEJ(X`@9^_Z{?~}9qE9thvcLAnt zGVo{J7kIvPuCxozvA1o z=1~Xg&82JR{s86;-jkd^uHflD-MP`Hs~equPulF!2I8OE?lfo5gt^Q0fyn6F==6Eg z=7v^?jJ|fKK5e6m(hD=w)pi$UD75Cz3)$w5X?8I_oy=3m0!tT9Ngc4T#b2^UuuUm{ zSJ||S25`K*islmjJB0@DKDzS<0|?~fF)Iqyg&57M7tGNl1Y`UZb2QhJI2TShLMK+P zi!Zdskv#DD8zlvILf@CeA7N2847p`;1LSMlzn6l%yVM-NPr_4-sYHRYv;3;%kK*@-D{+4<8s*cRux6TJ{qB zy^~W56Z-(L6(jRJ`I9FzI!T9ubL4+^TNCNjR@(obPtKp+#^y;T#T_p58UqUVpZ^== zd65nfjEt zf|DXIXs}LoNy}Dp1oA-D_(&lpTX$|) z{oRl?uWm@}ZhTFX|7kUC3I52dZ5pi)jQTw5Yd;TNJyutv2giEUsI&Hi_(WR)L*ox+ zoTugYrA7+ilPW`6dNY29K1!8S_fBjkk4;NJdnMrbT3Sl??gl&urTgxr8<5cvY3ZMM z$Xn!1FhISFN6tEDx$GHU>8U(VnJps?w(AyLfW4OF;Gvrof-xl%$#p1R{&a0_X^_rYX zk%1r4c@F)A3Hq@0vUb5FZRmPH&$O9SRH{!D?Es(m_*5<5CoLV5Z}w)mh{xiV!hhyT z*WFJF(+x4OIQ2t@fHdY)>zyiOrEnZdxFaW^y`yS1WEF#J1>J*iz$h9@*LQvsTC8e2 z0@~+Lt1jlNSe6kq7Suw4I9fUfjJL?VvWG-e7Y;+atpLITdYWE_lwZXlkxYNxT}+K2gGl@CdxU z^m;k~tIYv}))?_%=KZ=Fq}W;2SO!sS8ThzDfgS+y|EnuFQ2S=p0SL2zUE>Irf_ff- zI|?;xUx(s&MTvflZtSMG?XTkvsCF2@Lk@9Tsm73&ZG$lj)Cojpp%E0h+zF#+KSfvj z!Ou9VdiDpeR<)1FXJVr6JGN8tv@D#!VJnx7q1YmTXby=pg?O*9Um#MLqk7gYybM|L zq-Ez*7DxL;kMG!)g=fd;XRrH%59ZYl$}C2P-6NkK_9)nr0waE?&I)c4Dr?%tJ*B6HO^!4yDXrebF2~> z2qdef0?JY@S*C&O(bXG)4mC2eeL`g9E*bWp^0?}W3x0%|=6zn@D0m0$UfQK82qyde?1h4flvqf&<8{Nbw&*G16>V#5 zoBckDi4o@)qQS&OTj&h)i!+?`IL;0JEis?xOX>bcIgY-+iW{8bHlHr}^ke;=O|>WJ zlbj>QJH66_Yb)2`LCA}V@1-bk`G0mO+WvsvH=s#$qqSFC=S9<@YOceIu$~l^@K_Yj zog29k7LVGeV;50iFl|%3-TP9mxkAUTfWw~mr9A8Bc>Kh~;_sKSt7*;5l=F_NZ8CnX zybnael*^Fp%C;{pQAE&(%mliP?vE$%eUeXL@1t;{6wBmU@n{9as}?MO{#9aK;p=Y! z9}U_=>5;$_#-As^hD&<}UYgUpoa?@&oHbTCH&QueY->zqfHT00$iS=30pm*!x_BD)owkB`;o(5CuFs_P#a8Ij`*>zeFma=LXtKG$ zQDI)HERz2yK7_D-Eeea*W|Z{zA$-#}wR!<0kND*o>A&Q34!O`l=@+2nPw81C-<>SE z03}PuAmw$DG9a1q`S|Y;FGjDC(W%Kchp+kLvWCGvy7H1|R56=tT*j$c%SwlPGUY8- z`h8UNAw;gX_%>!!$yHQk!vO`!S}vGZ>O>LhT~Y|qLGJu(FrH4Vb$2!Wpkqbk9t||pp~z*X^aaqT1|%M6QPy04*YHWl!HiE?uL6*>Mj5g`^muaJnyN}m>pL3H*BIAByxyg^A`}* z2bciz!7eb#T@Q?2iW7gh3F6f1Vr`{RJ37zAe8lS$%(drwnNy>r}5VG z9@_1S&u05==vu6@gw1HX$q=&$^)lv=N61E=IQ|eo``|bWa5e(4mgF%wc918QqlKd7 z7!&!WdKq<)_~nw8bwcz~BQqd(Z8GI92@;JY_ZB(lf*|8d9?#GUMF!2?g6uVRL_UfvT+o`J~GBZ zo(anu@I!?-Af&CqmbBFe(pDdqwmiF~`(8n&faeqGzF*KOAFZB_lmYsg1wpk&hPX8t zzYRqnI2hmi;Cr=dnl|Wy`N%MZ4us2jp_vf6E+-qm;@CGSa?V0A*n!PT`33@MJb_8vvRd`|G9LTS>Aj% za~1GXMIYB8d&YIt9ZyHhp(6?(hWIt6ejl0$j2-y;I84zsA`b2lf?g>A&WnPeo5(=n zq%Kk1Ao5XmY~)h*6T0&!D5L54G}g`i6w%GCz-3`d3Fcf4{b6T0KPK6}h5cd31K7V$ zx^EVnZF*w$BtD7wayuvtYO3#oId_})r@bGb$N~Gf?=KLY^5$dj*c0&V0z)$e!WWQu zm|Bl0-Yw+q_PRkU9GFGsf|Xi7p$d#EmPd>(uKkc>5ZhWV6-~##iEau%5N@r|qAahj zOOau{>^UHXUjds-D_b~Z5VhOUhUU~Ri#W=zm5-;(3j2fHm{% z66Stmy$xs%LR*1k7kPGW!ukp{rBeZVNgKkqU zoZ`(lkI6^!^Lv+)d&E+1uu3_GO4-HjPh~*wuW~2luy$-bv48c>QpH*J7-i$~g}1Rq zL!^C8tCp7;6fNYv@@dKQ37%Zm%|l#HU3{ESb{ADc>5855u{DuQf@@hk;AKmwaei7qP?C zR2Ys+zq@?cosP#XI1C*fG| z=k>zlDgxNU%lAmjCZzDV+m-ME;Bf)1gYh_uzAUYrk~_Spwtq+kBI$%l zH&`HYc04WMSrfdGur%PPUSHMv+IVQzSirB|#Mmm;>!^LtLgcuB6XHM1z~k_K3Xe0( zke1#=fZTRlIdyNvrt_UJ9Tp;Yp@qoxvm~=A5LpBuM;Zf^;aW(QZU|^U^pm*`{5e*7 z;p)p1Ug?F~6LUvv!OIhK{n`}?B>{*oitV@~^Z_K5H2)iceGRklvLBf7i;n^?E4K+{ ztO(E@X(7yZ!psgBw-;o?%gRi=3>X=Bqvvr;Iy-K-$vpd!aHd$J_R^VlH^=sE*@UqDQ!Jy4iHu18x zV};C?#LG5Y?koZ?E9-@qJ%%@+XOx(D8N3nvfR9HU%EZf5eIOdEx?HMblN~Qpbzg30 zz|&#jWmOq?nXDJOzzS{~UREjuH`U|ICA_TkXz(&BMg=}&!^>pG%Vq#CdrMk&FO|tR z5jw}~Y7QTNQgu|T2i=h1HduJs8VfIbnDH{g66;|ln^gjzbNXF9Q9p-(E?@)%2k>p6 zbS#PSvds|PWZ-4D+3>O_Y4jsbxaiRZql}eZ=4Y(z8it;xSXh~y!pau#;F%*w@|m=9 zQjfPv?x}-_(bf|`2mViT0)W}@Nr@z2R=yGc3#<%-&EsvsWYPzh+rDV#~$%9K6W!V@~;*?_G}6tTVUfZtV$C89qX^!RC^*C>li-XVM1h8 zn?hsKAu>NT$Il>HZaPRdojpRhuALYZ4@@h`nM5$tq&cCqc4`*fRno zvxzViaCgbYB*K`6Vh1c)&GoBNQY5qO#c{tDrvf0KB$N(dix5b#=4 zZ~$U3Xd|UY0#6(F1EP=JDk2???p?~LBbM@{Rf=3?0%Z0K*zkYRCkc?{UuFVi8CgP{ zWsfn3(m4odS{?m&_7V7!%Mt~DQe^^U83j3!0}BQ~`j3p_%TfRt0`+u zqfl79Hlw6R3z7iYq)Q1P%SgYYASsyr=~7enX{Be8{9OfB$vZDGWuNCn$`{F$*Er>< z?u$!G5Oh;?u`y*>cG)M(`N6}=Q!`omNy$@(F8mf5h~xj2DUs>~%t=ysJ1ueaWfQ(& zs(ESF#)sM0_t$93aB$b?M=s2$b^gAaFsY8g&W+5u9JQN_wi6>mz1Xe`y<>-~-k!SS z@qL=tk$L}4s2xR3b@+!*P1L=FZMd#yu2;K|gS`8ME2g$Ke!5M5kzTlyvWy@z7`wA~ zNsT|Et4M}V=&9W;28oJXVxyQPsa@312CG-VVy7TaF0$so~)lv&dLnK;CjpTorr02!9@*;P3n3rKm z?itkZsq}}6DT0F;++Y69BrYORYs7?(+7049SBu0p=u0nbgW(&9XmpecGnFY zt51tM<3rN<>ovbV)#)EG^Bt~gEef2w$hq$ZT;x6*U^^cg)UAseS zB6mzGtoB_F)Jyx7GTWu8nd0u9#PeZFwzTP+1ydzbmMQnqd8I1W?~aB8PANPSrD2ixk;fmch`hUbtD;hvFN=&!f%hKDYM@&$Mw@xr z>94d>jHQ>VSVoNvNAsxYh6A}$*pV#OACVvTM<#cA8}=8VR`~IZfrFu1dVzNpiDOmK zI@K2$@8niN{w#;CScrjn+!yh7HXQhW+) zX5b8*0aSvhp!iC)pwMInP|x9(h2O1S)Se*s5n7 zg#e1-Ip2S+ea^fxLF~2P_xr9t$((ccd+oK?UVE*z*UA9v+A57|Lm#dXGmE}eor|w6 zSgF7H+9nKS^fQWt|LX>JQA=}JsE_^}7|Skdg&DYH1AqvI5Vg=BwN^+B{OJnmaqwC% zUj5cC6M={6yp#KlLNq1xmEec3laLw0fvv4H*EQ>Da&M!M5GiI4N%4A5q2U|*i?1SI zTl5M1RdlX^JD2{LHEQwqQrJc~)y6+a77WY924#xccSY_W*L*<|SE=CDJYi!E0q`c& zImM{6m@(JDu5qZ9KFS7m0sH482ia5~)iW@d($}oD4N~3PB+%BbP_!AD#?kZ$3$52x zAA?Esy_AZA`O-~?gJeCn+LD7Fys$&^k#V0oH7}1Ko<}W#?MYwLkG!S>+o&saz+?D| zI6rupXnvW(UsmVhuj!3=dZQ!n-c;1_x47*6PaE!6kVNwowYBBBu459{YAK>Wm_a^Nk1c{xAx?1qQDI+arnLBNem>~y%#wT^ zXm5tQ}qrnhW{|3*-m}^kTlfqy#bFU8T9BGgWl&?0|SSKZlU}hy#e`2 zYMzmrmGpdp{tP`|OwU8~rSv=qr(%d)mw8ex8t{Q3i3h9{R8R3{ z=kvNzrFB-foKDlQ z2ku(4KfUHymz7N07HHB))TwTu+nokQs98@0BJNs0Xwp2?N(+1TWd@O2gb$3%MO*Y+ z`D4ufMb|L+PPy7Ftt=|7Jv^^J^ierQ4M8#(;f4b?}grP>yv-kelg zeX_mMCN=;(Lp}9h21~hwBP^4LaqMJz?Y{&C&j$t9c-4S9Sv)tA3vsC9Q-DkAFR6`y zZ|`{!C_swf+dFc^M|0-jrHst=Gwi}!zyNoS&iomJ?pShlohP6gL!#5wykQ|<|wAp0)6Z5`Tk z^lVX^Lp=j~v+O-#ciNyf1}Pd+y!<-Kf8?0_hl^=TBL8uT@s;?GFi(3N|B-I;AN=6& zx1Qz@M&kIfukK~=AGdGn%72L481poH4iDdxX>#-G_0ad*GZoEc15)LoB6mrk>Ow`! z#zDw6s-*8OFH931yE4aVlXlslmseDmjit%3nS7|oh{B<$jikVfk-x%VymL;mt4()V zJICQjRrIADb(KoXH`t}JP-*oEs|Rl@Pt=5|y!ULr#@ysmJ5X+JGhLiR{pXSaz$1hR zoNTwbs3$J!3C1^%FnS#Tl#6A+M+fgUmnqN? ziW@WE9Om@~rF7K9PTI4FCy5eG`PQ(SV(Ifor3O?GL_LExp;^FDyq zcrC-M56?!kTiuDWbJrI&gi=;mqlcSZ(a93(By5f?`gZPqSA9xX&xh^~j;)h%IY}#6 z;smkof>u(jd#|J`XwoXnwRcre^c51Kn_sH#qA$y1zRct=bPwgtlSWt;|L||}!7aZ< z?;*+1ACnzHL1@l2xhbDM{2tzw8o*zgn zoe=lAJL>J3a+6hb47nuqQt5a%|_`8z?#_)!ok5vqT^I#`J;DRC7gQM`LLw zaM%*t^`)U_Pe&d_o*uh)aMtv8n~8tEg|_21T(5z8tUD8-pH)#dS~!$p4orl&selfZsjt^ zYxA$lfkHDwsvS(+lP_$O>WWzn@63cDIw0;z-*ni9-|c7^ElYJ2CY#)d!m?bOQ
  1. {H#+VPwjRWQr^DxhN8Pn?rW2Oy61?qiX$R zkfALjk89*N#$S$Z!?deIzj!Es&S4cjA-B2@4a|KG1RFC^ z59`q;r_ETwI}Go;?pEVA=7&FEcP0(-3$;{lF@vU~;bJuowfk%LAn(n7<*UN3Ye3HDbPWww8}c% z{v$$8SBmezJry*>C#ek9kp4IOi7-}Rx>P$7YX?thQr#9j)r_26bbFChdr&-IetV%* z8>ZEze#oy#>UjnyT|r4_na}usuK9eqR69sK52HL6n9s;_k$4_%euuW3Uy(F`l8W(+ z;{C<*m60as8F?i08F|h$pRbT=dx+<&D1WMWE;f6P=aSpOdLEMM4$z{(^noOVdYbyN zQu4|2YJYt5bMWe^SLM*O)XoAH!|V;T%RhoI0br5utB%}jI-*+!7>oQ+7V+1|`bxgR z055rcFs|BJJr_E)wD+8v^4=+~+Q}tbrCJ>NV6oqf78A9dG5LW#@P|H=eIlVx(8^VN@!o3l4jue2ouNCH{9G8I8N`OfeHHd z<5-l8@)hY_QN9PA`7}olV11)fa5#eX?jaGZ?;xx{9FO(CkL)yOM=)MAGxyoxN$%bb zOw4&=Vrs<1^oX69@f&<`X1+pHXFA#b6Cy_D~lA~ zggV!yd4>sVQkZ&ywzZRy_5Ck}deUE4!3T5hbhUlyvSKUVPdht|0j`7H!FAZ#*Sib8 zGT^;J|6p)rXK$yS{a^9${%e%V{EiHL!y6PeL{6H}!rcERLcYQpEF|sn>KpHQz;n+7 zz!npI?z-ppvdVkzm=U3xBblk$iM`AXmT$m?WW>!yZ<<(dO`%s_T3 z*CVdnT{wOOvsj_+EG1?@T3KqVkRE6zrr^_k#1wdX?c?9w__jS@FbH(?!&V9z=CtCs zBSiWKzxgymq_fCHO2Izqk>1o`+djp*&+sk@gdGHI9TdM0mg>*topK+Hq0tafkk3jO z%dqX?KG10L!ex#D|Ktqnc)A!sdM`16K$OF&JquMdLJ*V%Q$}%8_h-=^YA^`X=qd)8 z;Zv}2*cq4G^v9lJ2noNV&Rogn)TIKaOQ6kh8r)n&kut7dcz8qvmVw z0;t|K_fXaS<_L&n{>GfuwBp88Yj9~NiD&x#D3dq76{P$2lgFkb`de!$g}9ZY`qCTu zzM#{FKknQ^(xP#AT9g``Or?|YXq#;@JX-Ay9R1T73~v91>g>BC=Bo5Ynt1<27$v9e zaQPaJlR#xLnL5b+8~Ls@5S3PkKkGxXUF}6MBF_Mee@c0PM3Gz6q0JeVLw0Fa*0%5Y z7WE&nXr;RI(O&SDlczIPd!IPAy)0--9mY60>FvyOy$r%-n5b8LJ``rq)sfN7e zZ>rCn$u@jpO=9li@FM{VefNfwsg;tL_{aCIZgoWVumjFs4#%CF+bY zp(}#7;S~~@K_r_QlmkeuH5b9EccP0xn;4xnOsOsSOBgJ#o?KLT`xQN450vIR09NBe z+Ez*CfrO%H0(}jLub1DhNksu^uT|J zc(OeFA; zj+ATmHGS!kL?*&CDfkRO_M=B~R&1yHBbFd3*X(P~CMvwpzJ^47p*i+7m`_XS0XtnX zw}dL}Ybd&S=r-f@GTFZ79Qqw^Uqf>I&}jP_Qb&fav#$YP2RXNW4XG?cm)h5W>#~F{ zvaca=VQ7$jO>g==+rCDk-`@5$WSbhwu&>D`z9sNUI*!d>Z^*W|tzXOjX;^KuhQGZj z15(0$Qf((0!)X;c>@RU0<<}P4#`{NnVz3v7=R`aR9MLng4ff&-Qh)f4gT2^qjbShB zhu2$A)5pR;Jh#Q$r+h#D7XI#C6-wu+g_SKi9wWcgu@nmI#V)tK!`0CK|XopQ?z?JVSMWS(IIIepXl)0vqGBF%x+;T zq>0VGBdK1O%ReCuDiSBpDQS~xN!x-Fj#ku;jnghIR9Z8m#U0Yb206Ue?(0nTY*tE+ zR^3WsE~Q{EtS_tj6TOATfhfi1Lu~WO-5GDV*JJ?DrvBG~X_)%s07NGrfG)t`suw_t zFRg6in;nuPQ17JURW9EwrKQqNYKz!tm8JRs2}`9J-??I6pi?dhNQ+6_DEnpD+VsW8 zwZ~<;(;uSa1mvx#B6zK6qHd=s`59ALuA*eKv^c;fu6qqCn{Yorjr@T$6Qyk+O4|ks z3)(vi)OP=eptPX8vp`ip!qm+I)%^(6b@wJv*p2u_o)D<;otr>uvts>${9US>Kq9LT z@Q1c^owoE&kPKuTPrG_Xu(~7S5bmJ_F3{METay|M?a{i_pJRp+wZ+i5JJCirULn7i`cuBI`h5#BMWEEo1k`&z zt9vN@&--6?irT+R|Ko*Ndg#pVz;gQdBIHG=aeH$Z#{`7bdC3vJkIZip54U< z><->{&jP$D%8P)vr>6mLQpZa9>HlcAL2p4%yZEUT%yRli;xQMG{}PXdcnpe1oFK_* z-b52R#BFqePOnE!4V`!I_*UpppY`RLf?`@u6F$Gq{I2kEJV3X4QcUXl1`(sk;=Sr(mhTri3aYZ+z_zpf;(Q~c$dhnbpVc)>^0zr+A z+^g@Xs=Dt-58QJ%myuz$I24&w%ES(2E076!?z)fDuSh{{I3wKGb1m$S*&~F*(4*Vm z64HOgf9(TxbZ{Sj88CSb2_{%C5F-47Si)7XXU=V|wl7@PJtS5W`k;}}2aU{h`|s_* z0K~0+sD+@KKB)idtcdJLC)v@LkbX$=hFGzYH{TUr4{Z=6E2w?$uOWbc80bWHZAVQL zgv*%#jMwfSNnEvOA+$duZO)>@+(D9ReHuE0>`#*P4|182ZtkDDfs9oOT?HGccMK8T zdK&%f7vH~-goZ?`M8;Pc=W?=x<~F@slFT@Wl_32r%|G)QM3|P*N?>XqHo@r`{JwK+j4w2ZLR0`cx(pH$zq>;p zdMoikvz#6HG`1fV{*8i2Z=tkJR7fl}LGuia z)u~u3Vst8JSqvyHNilUQ*IEBPor-7be?*^RNIVRgEV&@<>@u6~`KO-EUa)ectBHKk zJ|77M&gUVK&D7jIRd=)I&Qjf*Adx+fjENd8*2YrE)slssfILy*FcmThX`i=)71dC_ ze3M<3&#|i$2iogPb3*GAq_lrInM6wa%*j|O?c*ntNonVtOpwxkf*phL>pv%|t$m72 zT2HcJXTKlk@!h=+`)XpF^$JLF0k#flr8~3wNQ(E&`i#cWIVr(bzWG@W@RpPC^njG@ zY}3kns^vkgJWDPAqTbmGqYIiX{i*APvZ0kE6YaqpAlZ#!@5)c4#R?!sM_CCH zdw=xi{k0t?GuRr#3>Kf*lk8&L>G&7uH0$e#sZT%t{nq#N_gtU+J=fQHELnX?_v@G9 z_v_rqeoY~7+`9dpUMBJM-4Bhl5cQrLXWw#ybi)PTNRPafjCKlrbQ(An*m0gTEbrR& zHJK3}1^Q_BDfH2Tc)Fo(yj2rJ2y;^p`F{0?h&-JPlR@s z{kybtdP4k&|6BC)C8nRfV5-L!X%YJQQXKt!_l5}lY&Ga-Lxg_jF#Q~0&`&)|KVM2h zKS`UY8}ze5(9ayLe84H`=gZ0H=hJcY^U{`PPGar#*oCIKwb^9UJR)Jat9 zyWGD`y8h;Met+w)kGcM4JVxuU&-b+cu1)_BuRrIsnDuwlH~(AKpTFwV>(4#mf5-Y8 zyyE}G`U`*cy{x~^ufD(a*V|lw>$cJQ>-~N0f7bu>{&#ci{&(nq%lhjz`&;(EasNBk z-*5l)|78C=@crz62TryAIGjMu7uE4A&xqQ{5e5iTsdcHoI>ihK@%7}GU>rRT82C(K z6xp*LJzTU^LUs=R!MW7*5TGeoE zm5aW9h_5TGp-d4Utf--=rD%&>vWwzsD5|$z+$$&wyH;E2#v?S@#{Cngv@+{#r~mqP zyYJ}8xi+`-LTl9-6u75kSLHuLg-ChFUVZf3DoHN+Nb-?4V|#TVH`Lo%+cIwlfAip* zvp(xO7-EJR$$6!;Y;A3ur%;53uDb@zlpp&9?9{J$nIO7g zg~f9}Ej*kk8?^F(TE0UoU$2($#_5t|`eb_MnWW&<4$`?A_JFiJo9o@JP$g*Y-Kw)q zb^ilY^xCa`BiECyO?>6-V*YWi5K_^{4x@W~AJ(W%)kVQ5anrtmf!<*!hjs8@04=*Qf3iYopK@MK|R+*kUxg3RzI-dM?UR zfXA5POS^4{<2GH<31*gQr_dJS9J{(>bJKMusst03k79ubS@vL}l)*=(fZo2K1_j{(q`(vhHI>tq@Vi18+uCK{y+%9%bG2Z$9yh|%3LzrBb zy4@~8V+cDLB#}0cvKZIy+_TB_4??{{vPaopa}r{ZIXtI~>Cl_k$29{Y zYSA7cnG|H5`@_~|XsZ|trBMN2XAjQ^C={f+`8-V-vVTfp&1$m^Z>fEyRmAyrsUNUw zscXuoOLg1GPx1`Zu@n9*vi z4!@`Pe=p!ip>JP;y!d$+)`I$;v*=%PNvjt-w0nx){ENNBbnw7Tud1>-(5k2y3Ti{S zNmd}8#|k^gnW$HT4K65DPpfQQ$2Tw zW|_e+Y1IiAK5i{9PY!Q(`KRXD?0nnH4V{)z#Cu)nve+V?JL0paBxIMMU-rW=r~i-s zNxhuNhVK5pPhyhVsJx=$SDg(&P6r&P0F3i6>CTD4t!$_2EadVGLH)*RpxD_<(Xw}D zEb3iT9S6+M#dW!fjPyUXm`HCnU9D)IHi|W#=J6`ph&DW>R6-PecNbQyUaB?C#e2J)BB*3X4@M0nCitp*O3>cc8%h|Y-&2|&bbkB6#`XaiV+ zBfk)~5axn4b4Jf_>xkP6FCXty8V;!oW>_sV_v!az3yVbH%l!Nl1oVfNI$WhnW zT$JRz8s~MYWiF>WR&l9kAhirM@`fCHeVJ^)2Bz2~SwG0KazA$%gT_&y6a&N{{R~{& zavq@VSsEOwnL;g1Bwt!G`O*U6TuuYj&d_d1#i7B4LxX}tL$nc0MmXr_M!EsriYVwB zqM&Pyg03MBbTqUe#RWZW{+$r(*f-%*-O)|hzweFTzuS%dn_cGmS^3*kM_rD@)vn_c zb`!535v-egt*E^BWAb*0j$r>?PG1yt4U-A1yeEEqG7OUE>%2g!`;4#JF<@lP8r{8N zQ;H8zQ~P@zZi(5w75@W;HE$eDl#4Q)q-cCC(v;>T?45BrW} zGWRHr+UPsd!!yBm1e-S*Uc2a+8NYkqS&H3T5JB}LOeZDC*DR+2OLfFR2JbXHjK=sM z!?Ley@l0`P(?CmF6mvsA41f|kgmUBZlapWnwVyVN{k@Le4yhjzO^$DE9JTfp{#=`Z zo>iW$)e)eHXw3#F!_6wc1FNW%JFZiu$>txnYBjubpuv z$TN(8DM7NR#jOTmCqX;9D&v$>3dzF6PDOR2c%~d?03;$u?I*NPLjwbdaIKMT+E4I_ z-KnwT(@yO%c4|fJ)W*c{X3Z^Nd$sd^9p4W5nI{zV#^CxSwuN6n2!;)tYqCc-?NZvb zc_*YRW8{4|e&TQ7t(&{4OHb|%2e0N`0jDQ28sEkX=t^uLihqvnO%9oHm7*=2@}}6j zm#+|Y(W>=M4ULHud^WxyLEoi*lThH2(AlV~uxNL}_p{I;nhX7b+i4dQX&Ms>h(Mmi z7va*ZFSgRD%^0+&nb@gj;(MC0V>9UsZlgOiv6GA{xSX%JM=XL9{7eK#7H*8b^OR`Z z5p6kRzdx-S+c&Jh$qb=0)QjfZ7l1^kAzU>Lpck~?u2X0?kD_R@i2aWwuoFzhHKUnsg9%RkbZ%$uwgUH!K%r{Zkdm5r;t_bHfJe* zvEeu;vdGNloQ~gC-tb`lr)bX-#aGm6*uyCx^J~H#>uvMc7BGACy`*I~_gyJ}TC0?O z+Y~8#vJ4x+Vx;G*8R~efm&sTvqXCrhSSXWoqXU=fQh}zy95O87t&lepDcepv<4pYC zjo+#GorGTnzYhFnNjCRD$yPp8vP~NyW#2qZ%Dz5N%69cddK$$BiPlaxnu2ezB(B%b z$4GS0KjQ|;u*Ayz80UYFfm+BgPh<#QZ)W&xFEZSSl-oqg=19uBlu{BcdacOtN+iRd zC<9I{y)G0f%OWXHB1Jm$)cdnoHB&me-=c-@LuqAC7y-;%*B9uTwh=;=<#=@6)mK%l z8zCGEPF`$!Ff?O%YW7^9uxA7x{U5Z++Vx;iZ?{1ff{Q842U{ANsN)K8e|jMVQk>fh7xE$l0$V-e>yFC{qk<>XH(ULsP!rY%gdfUPFy)q zKLwn}8Pbx=g_q@-Yh$<$SsR=AMlsRUp8QA-7RA~O?&EVqWhS4((D6PbXPMDjY%E>p zo;~3==26DCjEo{oy;Q4^XEO>_Pp)ZYZ8FF)=*^Y(Vz;Q`ikA?6d__zv|Wbmh7)oY#n9bcVLuEp zbR=FBK9o2+J>_y(r22ni(_sYUu^laqvgFQ2yq~UTMWXe>*Eya zElG|-^GzWM1k>X)W1#%eE+UZQr|^jToa{OPL_oX0;w$&aHSJs1vs%#WIe$L;)B2-~0#dsKzdoxZpy-rhFf@=#}JMWVen z#bw8IxH~-;$SO8xmb4Q=NQEe~<`zs!m|d7% zoyHtS=0w*o-WeTdm;NPA;E5f4M8z_dGZ}S_ia*&AQ^_g&*Zp{(xcPe@@Aw^E$9wgT z?=aq8vEwDgH7fpk`<_$WS12a>R%p^U7e_Y(DrIQtWSn&7UWjewwKas0 zS&z!rw(wq;Hc?QZEyUxX)zC2di_hc@h5}J_=$&_hd9GwaM2^8DMV>Q?$kr`l)r4l^ z^Z;%k5Xy7;XQL9C&q9524YCGu|KuUS5^TjRM~)HFyCxfL2jNupmD5aq2kE^Xy1cDuXaSV{U(nPxVGD#T6L9UNya)`p^eiK+|dJM?jH#5*ra^ z&V!FrZM^Y%){=9w39_#-GjtCL_sQLzU#1K{)^vG_^emqtV~o8jHb6 z@VDy#c+(XFSO9>Z3jY%Zr@ObF7QUOPz3+He)IMWt0&2G$?*_Hox0vwg4jh|;#j9U7=>~+Np92=j{*VBxtC`4^BJARY`_D6!LpGlk_)R%+$ zBAh{Dde>%J+7g@5SGIMteIy@Gk%9hK68iTu@ijk+uc7|kv1CeHlqJK0>(C$msw-PI zgnGC%aYhLey^wN>{kJf&rVm=X)TFnx#tgPxXi>%RI-}Fop;sPFhE|2sf-1^aB*l-y zMEtm|wF`c9#dqw*%pMzb7T*3F83kZounA~C zvAM}<0>$`qsapwgU4c-#qV;wcY*Zi+MTx-YAgLoDBm4}<+Rda~oTkGlqC+X!;kiA2 ze*9UbA_5nb{MIAl(1Sy%yH!8m%JiXCm)Y&i0#G=Lm#*}PTfJvuh>*!pV5l9a-unt$ zmdiUQ=N8?dA8e=_T&HC0)VQT@QUt;j(L7S`KLr<|QurFQqt;-Dci;qvbF4q-)&vTBfokc`* zzpRbxG&cD{^f&aOtlb8n@AeE+w7G!zmcQ;YOu?bX8(Z&(_%LUD@)$bbF1^U0Uf`*eStD`WSDx0gM#WRfp zDYH1Rw^9H*!e-=j1wQYgsIYv&FUxgV>e9jo{7!MeXMesp-|L5e9)#}`K16R8R?-D>mHRbEprBwy00JpIzsVmHp#V$l1!% zs1Wa0S6^fCT!HFrU8_r4j}7&xO`(*cu-X}+o2Tx-K6F8<#pryU==|cBlXU*tZae?W zncVqt=seKlpuT%Pzh6`RaHi<}4PEO?TG0(Nll49>zEH&Fd1&7T#o24@|j5@Mn#C!Xg8M|^e!L{$x%^O>w9paAq#tE%yyK--R~QA4rh2xyN*bi68rBsxtXpAS=TaMt_jvUB zI|TbSh5BziW(eOpW(fULmfDZT~@C`LAjhoEeZGGOPW0eqotKoT`6w= z_14i>PaT`$9Y7z(rj9P2>PmI1ZJu4Bo}wFWbuC42jp+uKI;L!*$yzbTNX7x=5~Jvn zfrdFIZ*TSuY{l!ju0kzlrl-l-E`nV+b^2{|c93Frhn_i*tRkE{pzhJ*d`?Ux`XG!y z*}(Ii_1)MnbEk+yq{w^ihVa+Vr2|HU?w=4c( zq}`>s?VdtR)1w6uUuy^SXVw{})@zB~g*CD_r>G?~wWvi1%D*Mxfqj0O9x>y-wyBW6H-1IZWc>CDH(Zs+6D zZ<&vU{r}DRNLbI48@gN13I0v;s~^mPQOC7>$Z*sTo#?2aKheqpnK1Y~`e_1pCDoGQmRz!3@*U=*at4;#hAEJ-Nfw^O=1Nhd^ zE+U5Nj^dz0{n8csd1=CE+HX(4)lHane zzusdVpXm2PW|YdsF47T5PA3##}56+H*h5XQ7Ry%e)!;kHr(}#jNza``+9#$c{xYlcYUQRBFHNR$Q>vp_nV1SI zG0!en$&RWK80>(AfzCDt`pCw(f%fQox&!t9E@7Zu{YPO)E*oq2C^973vym~Yf}y)< z=)#*ecw$Anm<{pCqMrO7!GMfCvvNe+xcKMTV@v)a;=#M=29JoDkx`~)wU5>u?P;U5 zsV6LBG|!2&lAY3+oz9XDAa#eMPrO)ODk0|Oc-Tw}?iEkdG6Z6dvZ$4_n;4nq{&!emJ z^yYIC!~e%Xu1cTv@&b@C~(3HEX6dB zcvq%d$4DzZ3&2qya7bkb9L0y`Ue0rR4&&t1yh8mKe`$w+ZfayU>j#3?dE#gtH@D81 zO)x!oP_4=WtFyS-1rtY}Pet8<`D}{JXK`dcj~fVR&gYTm1t^Q&j+@W9k@-B^oKHLE zbEH1F>3=Ynzv0G?$m-{MV2v?#FBu(JVSdO;c% z@b7%n<~?zs(=IRilC3$}g%}5&oDb#&hg!K}sjK9;fr6&U@Gqb{*avRHq4uUsZx-#2J6~xJ^B1j0Y5gz*dBd=pLRRo+0DD4fa|ZypvTs9* zLp`RHd?wZP2V&wGs2T#pe@sD{d;%gtS3xZ>wgD8qSp?%5XpPeZ15-bBqSY0K7%B`> zcB1M6g4g2y*xgB`M8_R`r|P&GKcH`UIWqa7*9Cc2w+ky@ zme!T}#&wXys&lZk?2+BeF1D{Ji7RQ#v%G5P9`4*XjD_=f^xIwLw5i|`Y)z)MGK^E{vcIod0$T14daUV+>qvfgi z2gX8#`UtxUU6IXs{CF6+I0bk(y$1UuG*|gGC+SzJJp)|=@xPlIq*$V3O6Gr>COtwP z*@C<92UKyY$m`8hH>vyL^3Az5xDt8d{F9?D1&tNEV9M*draaRNBhNfV!Te`${UnU) z6i(5c7IkQ=sXoQ=Ow5tt|rgQP(!o;Cx}v&8wGBBRCNO_<%yvS zV#X_-HLR6upq&!A!q@?ic`jv4dX;y~9tX=L+ptdVY#Vj9=avXYP>ZOMWUU1sN{e6N z!|E8ZP+>1BVGrDih59w~G(TvdeQ+-AgNv|M)9l*locb|2lHTYl8Jt5vzfP(n#}O`dkITBpa{*5GzwU2bsi(dA)xQ{W z9x^4xo)SvM%4R0*ATi`$zYT_5T>!=8G@P8L>C#HThKw_DCfbvGs7Kxqv*Hoo8 z1oPxou$5)luTIPJmf^{fXSElPwtBCW{iAR+68jD0jUF5i9OF|U;Kg~tp@{Q>LrHZO zJH|r~0(m3MlB>qE>1+X%oSjv4jKqnTZVCPJmuYD2N@&S!6Tr>5{8_hA{96Zg*m}%7 zL2T&J%V&tR&IntYdj@$;Pc9az?!AN%B%9x~6i57-lMoO05C zbuebq{}!F}o9UpNL4UIHVvofQB>x`4=f#GY^J2jB5ao3=iUaccm;*Az-(Yn~`n^NO ziSdTy7;y7b5ezVc4v>cpnw{(3io=3GcZ&sIix4_VMNPkdB?%h5`f`jo@nhZjN>_h( z$>u+?ZucwSf&e6!WX?F(v~(wEJH&}ZS_zHF(c0af!jqdwi+9b!Om80}9`uF3C9Vx8 zj`6m}G}%%=RgRMb`NApEVn4dTN1{+(WIn>{9ANTF6QnWF)_LxvsiSxizN12P17>wf z_+&t;?N8k)*(&+=8xr3sPI6CiF8QN4*$iP27QbFv9JH(ZAPb^{5}%Qt;`R3%qn}`_ z7R&w#qJ>pv3sdKXtB-{}7oS|mMIdxHr5ZMM+GvTq@@WNAeWq28#tXp8>k3sg1OO|5rDQ<~iZb>wK9arVh&>VF&2 z{kNC(wdifU^zqh=H=@uD=7%Me{MQu*X)k$-N&C6W`x-Ytp8m6ua-K-ZiKHy#6nt9q zFcJMD`m?Vlo|ls1!vN-~GRUz0C=6()z8T(bvD6%~K+NYE6mC&B)*Q6JG^PeZ{QY5d zQ_azEkNsikk@3vV#pBJUjh~o!)09S*I2Ltkb6OYFITAq~oMvL>x4<8;2dOWU!ADxvZ;^dCBjxIIH?7;a8d&xS}nw4h27@KdV0%n&ZFYB6AfbKd~I zUuU2xxo9G|E1kztQ`lyyy8BIP880-J3n1K6o9#6nqSXcgeHtk@N}&mAj?qZhP+4hI zD2n5bXp<2CB!bgG@jbC9t_T!A0u*P8ue(CcKvjY4I||e$XUoW6dIEo-t1WJ>{DZf5q+Vz7uF4k_ zza#H5S}iZn05;GHBwAOrJ9Lf^W%CJ{4z24L^941dWpH%PHA33%n0S(eq+vYvokH@` zDUkNGI@PUCY0M5saf?HJR|vj$mr5(Y3~z9hd{A`-WBPL@X&g%BJX5TUG)o9+E_*IQ z7=u-GmF_(9M?_%w9FYD_Z?~*4oL4yW$)H27-9XSiNXZqBdN~C z)`%v$RZfbaTHjb|`su3z&DgI@1ZDaz6-e@@KN?f~=1+Nw|An773TTR-{DU#YZF9sF z|AmQPJo{tDo0sWO8b9SYm>dn|IkYLA4$X$?!*~MD62Px)s~yY4*O1B6+B#>jm{wwJ z9h&@=Ln}Rw?3Ek5S&_n9E8mVx>DbA}l-k6Uo*zfw_&gFbwf`M6wItzlXi96RmbJrP z(qdOPp-(#<+N9RwMCTx$T}w1aD*HUV!Cn%YBj%H@Yibz>afsQ$Q~3<9{|%A#AJSs| zg`i%ktOZq}?zIjKn|!K`A-`(C8MF;uY3p%w2JeiY!CNCUn3G5>a{ne~kxn~>tU1M0 z(nOAXTukIYe{W3WK|fFAfXB^=Y;7wON4)8RYou^sAVA0;jL28}&cLlo(K<2Hv%7VWGdp*k|a{=NjH{ zt_PKaO@wC8A&ZCwZZ+WY?d>7elHkuNqCLg#Us^S6$Skff3>(_K2awxc&_?klDn}Xe zF;4%^KQ3RO)4P_9Zc^kXtMCzE&n(&k3k-*}s(K6ZC?#vFE`w!9==!3DU^?w=G@Q#= zJK^FhnlU*mw+a8{S~W>M_y&K7INxwUTD7#5@~90J_G^|>_Ntw3a0Pa^wyd?CQ7Q_0-CS zy=0T>4*F9qFXc*gk3ODi34Z;Ialtp5{^VmK{bJ+`I)84at8FlSx)fls^EH^@!`GQt zgN^cF`!o4|2vh)axIKX$3!MwuV^x<}Jj0;AB=H~M*y|`DE_5*deve{86v)U5jp$i0 ztn#^qVO8-uq*ow4l0+YauR29HTvRu@031*Q!G$-(buMmvmGxqLXQ&w8hM$?^i}a63 z0#00md`GR`%h9H?f!gd5(`G5!L_z^4oDq{Sgc3L~ff(A4mPUt`wV}(h+V1+CMcfKQ7)0$=>M}Be}REZ&8031Q~UBv-cBG%dzuB zyQPMWOM*NietyPJN-{q|y>IlZFykcL6X|R48_fSjG(G8k?Dv|S z$7wJ%M~Mbi^{y{JZW!j((0Qe`<|z4^sX8a1XJj?hJC9d?JhFOYb$$5>f%Bo;Z~y}9 zK6h|H&&p~?2DKGg^G0S>*E>&`nNQj|Xi%sqp!dn^k=0>j%QCXX6gg=Y37f&K=v|2_&$f9-EVaWUR+#f*x!pX(_IfY>`<(Z=jDQ_q{B4S^f zkrAA0j$mk{>L0Q%nb2Lv0EU0J;^ptHe2^M`7G!^6zm5^KNki(hYo@_z7|9TUj0TjB-T)qOk zE`>IJsnPir${w=nxAwKdue z7eHR?CAsZtSsMlGZa0~;wT4AtdvP6I){sF%MvXGL8$8&sN^SaEKZi)TX;hA2P^-|F zhf#i7GkSfdH{0k4S@|{VHR%0PQ!zqjc+o0j`X$xf4cLYL7{5Lf{0O@(`U^kB-15~Y zNJ{gQMnKq}ADI}lt)UlY*u42s3Of5i{4GNa9HD6F< zET%lgGMRx80K>4t^+VrmU;Q*I!bz%k=L@Npiq})<4okS-3lOiUpw4v--b-aI{TaN< zY7Z<|s*I>A>;x7uG}Zq$p&5RfPfv7D#A4i$c!lpsTtqiuz#a}IDM_LJJ6{Cq!2vj^ z#`afu=Rsc!BYi#Wxfz7zr{=$%L#zDbqAMmonlvpT0GY zF2uj#mZs4~j1!|xoXF*2>|DshSo^FwjA9;!xEDb6=)YSQ>94>?tKoy1Op?YPj@eE* zT_1A0#mwJ@zv_A)7RX#6tclAz!p6)RB-X8adNVQM`>xZMnXVNQ;|0h1SBRxV9R?-R z^}JgHwN1pKV%%&vxG==9Ylvc#|1?faYhbNk+>0+KJ^hxZ^oUZ2~x|c!6D)peg9MpsC z3-Z~9h5d=+G?X9e$IQe*-5ZncnL$PZ#jY8R#fpDKs;j1nr4ib))OsO<@klOhLXNRk zfB7W254lNz#6|22l(~HSq=r%gpQex1CSAeFPmu|$W;!vs6Um|K#FG`n%ZH=%t>#T5 z0vm~}a=st1?KV6z7+^DXl5E+_1RPxU0sS@9YF^Qga46$#x*N6#?DAV%h*kZAw||R` zU@KsVKhVW;#Bl<=uB(q<8NJm1icc|KL=#65ctvgfnoxD%YxjzG_nf5GyX5_ z2LFv&?2Uu4afY}LS)=!(lHK=L1HQefkW`Wbo|MXTP!w;5=oYqRTF_vr@T-;fFmEj| zD;McnuSmB}{B%$Fjhxs^@aCgYP>zE0DO+0O+LkPI9)ARGxA-I**AB5kvjAjLUa=m0oxo0ETv-6|P`btPI*DoCEdUKR{nOWOVYJzB zI4Rl;dI4x-uSI1NAkeoA3X6~F4f3jLnPySZN$^}m08uIc2(BsGO7WI8)zzx*bt;b8}}%{pW6 zn3gAv!sm^s8C|&@Mq}rqv8B-Y zV+nwXoJmf79&y|Brxx>xro%YV^#5+>q4N0BJ5PSM^ALI5DR0-M7~jzG_nQ*Ok9o4h z?j1DAfikYDlMe?D(wiYIOW}nk8`oCHKd|;?CrIN+M_V@S`z%%IVWv$D_&j6Q(rz zd|7;RxZmh!Fc7S){)V3?W@ZQ;*mqNm8t@!b1zn8LT$$`v4K1@{9)lwZwyH53Q-q$E z;K)81#teqO!S^7G-!O;4(#Y57f7K7-Y|}r1vBf3cT z<7nMTmbAZsWSAqph+%-MPs167bQbDb{fQ@%>4#52KRfE9^fNn_e(Kvq3W(ko0?YW~ zh~F&G)z^_2K@0AGarJ|CvY$8{s=_o>KUhkd4?mg1&SlwquHKLMC*S-$pxAJ}KS9?W zusMKFEZ8Wk5PDhP3tibbrW7ZSBl_?7*wEnl0ksc;*BBbmIL2-jMyn{XR<<^VGOHJ% z(Wl7~ID0!1)0%i+f^`kcI7o>CdDM9Sz&@_eCLXKN{VOyosWkqGvsS88K`}+=Ymu#%u8zdGwmfj%$K+6AN)j5h9LRFy!ar6iZ z_nB^g9(pjHgaCXFr5brebeBg-os?G^SKm}ym@2HikUKCjQp_!2;j(T);mU16vJ5QR z?JW8-?!G%2A-hXLWV)X3RzG)3W47AW{TQfQa&C2%Y^l0*f`4ePTiq(?|2Y59flA4{ zk}q4_*%&%#)YUV8VDaAJ3a?X2c6mQiG%)K9^@Jg>QAowF;lUN&h}wkF@&y0D3wS`} z#CbF-IeX02LvuV^mDIb5tDl}ry^`JP$LI!`Zs&Ukg)XJUVtjL3chM-(gtIp6>C5SW zP=Bg$@vVF_!b#!drxd!?4q)V2tStB|1K($#&s#B`>j;wB}t{-b<#{t1=k;h`SR55p%&yL8+$I*sFS zL^?&uX3vxgxSQ$OFGOQ<^{Qfd&z1axWFb)b=FzD91p2-DtE2k4g!>~hEq8~s=uhlv zgr0trmuoydlV>xYmgQNDr^oU-EaIs)kM1N_NQ>TLf`tb`u{avzR+svBSdCPT=(4`xkic?ua6`i`Y|K@Cr4ON(i#Nh@Jr`~dzC#k7U4va())d?TP&$jkLD)W9inef2zF?XxjcRkN&9J9(`C&(kp8SLY zI+pB^d@VqUQPRq+VQ&BEaB;x%q3pj=l1mOsk5E_+PQhK7oIpM*6dvQky9?AW{i}rcB7);5w^vZSMGhO@TCTOs?_ zoj2A$^eTn8U2{J)=A+DnaAOxJ51d&m9((3tnw*X6@q+J`Lt=c?t<{ugukFfy6 zW1OJ>ll+JI-r^T5_T^2OB`IIf5Gh{}6^E2B$P69?<-vm>MtBhP2@ir~;XzO_ka{9( z@w*{-Jeih~2r99Rml)k}nc`C0$j+>kehUI~E-$MdVQpAY6dX-8`5HR_DLR3Rb$n1C zI)mY4&-{o+9UMben{{MNN)}tUf;Sjwg}vq`lzMQ1Q{8CyeS99c4v*F9`*fte`bc|a zDe@@Rl)$GMcHiES_MQjq)yFz2$CAe$Ybvt$um?WwV-M^_@;^s9dv0>}-0D?~3OW0RXmc~|lkD=KphGEXU=_7uJz!{{zl5=o%X*kx>lrR3gqJM7Gea5n0Po3B zpQ)lwh@aG%5*I&dHeQ9Zp3P+6rvAf4?e}53zh5$}*W_?C7)M^FOT&icpTf79=@i8q zwx3Ye1@p{2s77Sp8hSoDYS#)?rid1_x-=_Aml7f6JE9yNI05ns|M>q0OM?UJx#(TCqN6IeGuXh$} zbyQyC`c(G_)d_j;d5Sh6Q}NHTQS{{6EUxsoWGE-A&t`HsqBW!%b4sgTBpXPV@A#RL zZxN;YZ?noI>{q{WSsPt7jU?_@O8zN5q7pE*(n6Oyx-cF@b}4%@{TWZOy)y90X^{%* z2-?AqqtFG62)a1LnP<_6+TiYo=)}ot0|Syk|A;&f6F7=8Kzo3?)2_rHc)vB-cbG6SIzs<+i2LG?yfm%{5#^Ml5&j9udSJv1j-u#V;-;GKWV);_&m}&?N3?kbPR4clgzW0ygJd5o`rmQ?yOq7_h$+<3y`-y3l zwK}SS1Bf#8NPxnQG>^)Gf8ytuEASb5wv%p_orzi%F(^B@VJpoK21(c@t65ipzqu;Y zoP=!0RkjLs2>~NG7JobgF%XP0!<%P+2Mnu-*F^(_7$Glqv@Z3V5GhfP*x$*B&4-B# ze-Jlu(mb9xgDNQMYn=k?se@AO-M!;x6Nvu^+X}14|+U_aU%1-KC}VM%@#cGC6uv%&O^v z#yEOY0KygE&(D;W?1ZtKIe-4SRyQn*!9UmSW*fLQozWRrw3nI6`Tg|fnz0S@zgC&C zu2`Q{3+jtGa9K~%WHGnFZeJ!Np~9iQLj#Ln6;i&@agH~K{?qo4(TL4|C68OHqw7B+ zfSy)o=V!q-Kt5dHoL#+!ro#fefc*gKZ>bTxv}zC0kn#Qz`KH3K;E?plV}$PhIv$39 zj@32eJwjgUyrLd;)GxOXvcBpgyHgN2AR!2hL0@{93mC+MY0#K%kyWvNPGE3b_X#i@ zFaSuPxCxchz^J9rl^k$PvvX}A*hH_1TyrZCg3+ZJ>=Lvv?O^K}o$f(v85@q*aLEXrwm{S}o z%U*pn#d`^b`J%ChOKpnAG~M1fhU2!=ZWc58m))jNp+$>rrzh<(wgw_&-DNHQqXE2>7)CNr;Y?rlX8Bx{avGH72J(fr2_bzok zk0f8Tns4+W2_S$Ltqc$9g0`HxqxhG%(KuC#9hu@Tfvw7Gv0yJv5 ze{OZZ>znN^E6(x^Gc49O1r>Uis8E(cg)9aY$}*`?mPv)O3@X$SyNVgrKm`O9>YIfc z1QnW;1uC@Mq(WJsLOii9Ul@ewXXwAnzrZRNbSfpCQr+M9y*5w8w$#L?vz>?zZ8G{% zmfai`>+WOT9kkbYn^zCeCb0|Y!2UnwodW#@MKXyeQzT$DjTXd`NRWYfvcHa;QIS!U z#sn3~boRg-4Th*JpG;Q0&A{_duwqDAlJ8;+!CkP=RRTFUPc^#80INF$Twu?@;LQxm9pAGd2R?xUn+4yoU%7-EG&l~Ei0@xOuBQL} zw!oKDt%CR1C44aBX(u5V(8?I4UcVqp&K0$jgLP<31i*o$Lg11b!-1sQ+JLiLF|M&F2g z*bY^96m*6geC?^8%g6fr9s}x7KDq<_l ztrSj|*pj$ipss_qegC28TEsjx7<-UZI}fTaW(V?7HlOO~x~EVL8rL9p6S1?Pwub1Q z;(`>8`m1Qq(t32ma8P49MZSczmubnn!PN)?qo{}Y9@|T3Jd}fN#{4ca8YPqLGTFCpS!NU%5*0=38+6VlbuU_Lu7YVJ(ZDtN6u6XsQB1|(9cxJ;kR3{qiHBN?80|*h0Mwx{A)RE)j6ls{!-rR! z33*+jli@&xU42|Ef>E~MMCj0+{?QOrJ%m%|+G6atZvTihgK4aAlpK(JbYn5H0|~l= zxmOB84#Bb;{G`mi zwLSXPe-jAO6J~-Qn~)Nd&=H#eg7kz*kkD=K&w^J_bO3*^mZ@y7dK5ozKoA8Q4@qy3 zRuR6=r?2FUoV)`)SBV7j;v$^z(h|~l--mCbc=zljiJA(j3|V05*HKLuiNu4qa^hK$ z#PcbUf=%J;59w&0O%JTTqbnnffp)cwRKaRFUBal!5HB^s{Eh+z0I@{;F>ckrIpN z9K$@oWc!)I=ug~B(I8m@rw`vnF>X?$=5j2k(;q;Vu8~_$J3hN_jhxUviypM)Ec3|b z_T8EK>Yd5r!^YYxC9gjMcRy{E`uRUfiF`^@*=hCnRPegvM+`3_$a*@uEZVXp1JCKf zr+N)n;JM7K_0Ky<2XM+x?5RjPBd0qbr>eRJRhzIJjGlCDCf+|#vUtCYO!*)Dd-I9@ z(e4%7KV}rQ<@8zKdk^=Ih_YU{{om=IkEIM2Pflaq14*auTQK(adkl=tK=YwD;^Y4$ zn_q6lGZ?!H5hK%bs$b;Yyg-qGijxiJ)b*RIblx^X#s`uj{;A3{DT-h43+_(Vkr@3$ zoNK5=vsB@5xlDLBXf?eXjDgu0WHb}lc(Zmg5$C!Vsm{%0p4@Owz`vU~VCF2SKU}_c zSU|qW^7fXcvZe}u1_3wt@dHSA7c^6x&xk(*PXEq7F228SUf}7$ldVq3EZSYvAg%g8 z)V&LMRMpi#oS9^j2?ovt5{aT1HAo`2L{Sq!$v`HY!5Ii@5S3etM7$%+2vyOLNtDy$ zRH|sLtu3u>rLDf5Y6bMwngAvNm77)(tOi6q!vPImAb>Le-&*^exn%;_e*f=#J|D@< z?6c3ltiATy>$cbWxj3rf`LdBX8>P*yY!2r!e>hoO|5GOv$bqr+CT%+3VvgHOYbh%q zb2c1SA#kvH=RbwKa1`eX#p_?soK(|xhQ3>>de6-NJBKvv;ytcRPQqK|rpQ`Wpi*sF zs@iJau>L^X_G7y0MoN#g@Nm(a)R@nBMNpkp5I2#A%P2hJtJG3bz6|y6BK`un-e>r1 zU2Kuo{E`p;re<@D?;2yAi7uh8gCJMu9Q_*(&G1jUvh9Lg@R8s*j>wUXzA|_4+T(7e zoz~JfkdkzCi%%ielX5Qwj%F?F4OPxn@I0`1luq3pACLP#j8_4NKZ?&lo@++HL|M7E zz@uF1QSP@#!@b0UmeEp8;QRBtvwW_y?XmuUwIjxQ!Hm`-muxEomF}`Hyf~Z(yeEqt z@KFlf^*!wAf59JkUmU{+>WYd|!+!iU=${(+q4Rk%HlOe_)NWIADwNP#W)pSl{nLre zDeS5>d64iNBc{ZB@#J9i$rgUn(|Hva|Bd2I9M+m=i8vGS!QPVmXUHK;R_`jVGObp@ zj68qLa1ni4L&Cm z96bH>-nxP1i6OU>YRk|(04r~VE1c3nvH_WPHU1InaRMzFW}AVQ z^r#*QMB`zC#vt?ltGa^wmz5Xdw2-83inROpz$QRDD8W?&(|UF?PiqH0Ub&d2b-I{V zu=l^kljHPcFg^Khmht4pN&Mv9NhT=v@ROwdN)j;bM=0W-7W;K5OnKj9zuGd){Yv{; zTJtmBnkCz$26_UZ@&2t-M0s#R#B*zNIXkzw;aP^g0gTSLbev%bHn0sCJwLiHHW~Y3 zMYh-%zN2#gV8YO#%CC+{8TSBFBR2w#r zLYnRtijXj<9O=FbP)HhokL4)G68Exmz!5EHUR3ihTd1a>j0d%^Zz8ulW4B6;6(;k* zU&OAR7|i)p?8R_wFYeTyr#FLn#|^DYY#V=|{e~V<+%b}|DSHFyTgP$Oe7x~Ca|f1v z-STxo|LRp%iEWjWldOMrTVR8ZWGwiJS^rA4QH)Ex1FhIfs!zoov0^9OlS~yXJ<<{% zS>qmc#vZxx$W+6^DGXYVu>TQgS}>+aSo#BOcy!)4b-M zyJLEc{M7ybgZ`{aL4OWk$@414^j^7$=Jmu429+5mW<1Gb&iFp_$;E=%xMrgHj ze7`_i)9DW8aCoP{5m2)&462Lx4nJMvi#ZpNQ!{0o#g`g4#2E`GksEft)4|owUm^EW^%jfB!V`P7L`M`7MydkJ&IF@fwR`YNW{6)+^qZstBLCn8du4twCYb+Mj zq5lig7u>ZRYF)uoDSsC8Uur0OMbo0R3WgT66n&&6JhH|=>Wn?|1S`|cM_8l`66ltj z;^`6XqH9Q=#a1PcAE`={(;}i z1r>RgD~h|?L`5LwJQSrO?%`|x{SODkP!Dy8FIE1XS)qm2m%Sa*66 zyvlqc85t(Y$S_GphDkE&1w$xzW;V8Ah z&LG*WQ!AfkPzx_*JE1EIN@pCk=rpNC2~i7<2buA{TUkr^S{=-}FqvMsE&pPAaksg@ zCaR5Jit~}*0e-Kd`c&KzD|QCGCdHs9TEY`++>_3PCo$&Y4eXYG`5&!|JQ5`t#Jb5~ zEr3Ln-uA%*%yO{RN|+I!FsR1AnQELr6I5e;;FENzk*yyDYE<8V>TE=UeG;wBgyvlN&}cL!bsb@+J|Q-@co zOzO~aRrd>+N&d}tOM-theF*<%7xu|}oUY(JVh}(#gu{%%9Aw0p1Kv#V4F;+^%)RF@ z_nt%SJ(%&yW4RQD_du03?1=Hne8 zTLd)dVd1=_-T|$pYd)uhEOvpUPzFd>A)Emq(O@LSGay;bfKxy%91FbUGq{r6uB53@JwV6GjdAYDre^iikKnendL z8UOB#0*{LCD!!{T3KBp&kQ7^R>+%Hsh5A{sc$WvYa`;cUA&OJ2uC#b>feh)P&v{cX z7tL&!8sEfkZ*YPI8-uqO-NTp&X?c@app6)HAx4QAdokl$jCx6>%%ffcj9t^f-q7vv zmg&k_(C`ZR*~ulGKdSG30BlZO;1y#%C_1r6{i&deqD>PTXph@PA7;Btvw_A+OfO_+2WZDo`Ho zJgR}k)V}t@AbSzs`D)C`-su=)yz{#EMEcbf_A~EFO>aqM+3Ja2CB?~b5V7)tN|8UK zx2sBhjm^~Ruzx`im4iPOt{}B`W1Ts|!mVB9?zRn-RhjKg(B_YpgLlEl#8RcY9h7gJ zW{JhAQjR(!{}O4JVAeTEX+O6Hx-9WV#ddgy^b zm(_nMR+i!^;DJm*l9lVA1Nl(_-PVnU!-!3pX+ha8{jEs;We^=f0t@9pyA@-`xGDAp z1%`Nf49`Nt*B9pUx`Y4*VY_Q{kqL^{hk}4K<2R+rqid$GQ`Mk1qz&|>&fnX^`Y2)T zyR|1=9=czOeHrof@025MyWhdqd~vdc3*Fu06&Ufx$~Z_7wrYP_om$vx;jm3+Cp%tTEY?I zDH1&#Y7c5VnQ2FfnpwGQjG2NWO!>ggsG~~P(g@$%K06v;w6gy5v6b~(>MNJsS2T=n zlcwo6FO6`B(FGAgnHMPrPL8(v-7fXgU8<4lLXNvxN!;qdLSEwo^ey54bfP>l23 zbju7yXSmgD;==)~U^V-;`OlM;S$2IW#p)Oh54g*o8^8+y4d9ichVLV?t(7(Fy_YoyU-QSHO7tqF?0No27@`IYQy-q zC5&HwdE%o*Zv1a8+b&mZkse*=Axl=vo^%4?Su_n(YtBQrpLi-GPH8G1jPGeGv#Po= zz;W|ge)9Ryg>snN!lSVsyfPgb36r7Ur#hJ*e}5{I$?0)2kB+Cw#Erk9r}1aMZa3Eh z%<|#wa?8H4G~`4yvYc?Zw6#Ltoyv%>AJ@}}JH~aFKjOy!+f%`(kr(rS=_Wp*CM)N$ zI}~#%3dK^SV^`Im@^ZX$>{KSV#M#s2(#7QdGkh8q#V1=5KG{xr0)0me?WwA<|W0eH;Y|)mheq^_;__y>BC7GshJnB7g zYd$7DMEO75YDN*Sm?t>0*d64oxv1|6&VzVQ3hF>t#@(}xRt*1$5}oo?4>vBxz1C#~ zC(>n+nkd;XU2wMOI8;0(+5(51jwTjl(;b)xH?!P0y{Lf4qR@t@ICl37Vaii#v`?7> zDwij?-gykm5<<&yP(9Q9G26eyj^gPry{b56Nr-z9SissU7au1UiDBo47w&S zI$czN4oQVmdH1jN9Jg{?Q4~6?1YM3op`jH-aEc$E1-sl_6KjlO~GNLVG# zbx3a)Yf~nqh#!@-K1QT12!B6zc+?9$>H@pFt&Ny_eR#|6%&P1br}9?W0k`r7yD^QP zWtSR{aSvHg1wmIE!I?eF;Z*k5xtjJ$O_X8JTk);bn8AX-3x-PA30BwAosK=O#=Spz zu}aw;*nJKjfiur^NvmBJXP{%Ov;Mn}@BSG|(?#iAtFxse(;3)1)|I`X{%GfdDm=?D z8cT=IP0Q}S&X&EIfjwiZviD?faw_jSmxA0v(0tHKqaSS8uj)AJR@s5@7?if`&T(eH z6|GoAK2E`hi{Qha))MZubfZXHwl{)};9UAv+J~&qt8-xXRm!ITMEEccRA?2wB^vy} z(!J8SHZU93y1@4qH{J24)LI<8U9$~?%kTSU6uS5YOj-{X9R$-g%?#pfWHBHX6$`V# z0ni>2@^c;gCQ%T170lFjnOxhN)8#hEfOtb1-wxVnl`SBeM>3quQ+lNFM`Xw#{NGqN zxsy-F(o77VwS;yucs2F+1JYg*yZQs|=`qGFw<~DGu{$}vS%64760K>r58e1hFw(d@gM!^$WUR@#n# z2VISaBxNXP&HgH|2iO5y2tTa>cI*Lm9RK+4T9l@X()m^n;t==@*zumT{z&J7YCOyk z4=d9Hd$KqN1civ`K$T8s_EwkDst<Unu zNVfL3o9Sf^YQL-ija6Mx8MsPWvqL$`0T~>$wL7$X`TAvxb}{7`P%$3WRT-%%mY z-dk1@RF0(kD)4S)t7|e~;+l-_YXOl>7sVj*r(9Q(B9AltW*iJ)+}SN=l{u*@Ha!*L(ARjq6o22CMd2| zc>4}YyGlBTpe_BPSld=3YN?@qSVbKW9Wc~IAkwY^{3bts>ao3)dn~}vHSO3If|j?i zk^B*xHlpRNV;f{b^hN zClZOq2bBX$${A!*V;e9W`e>cIeun>m-dpvG-JF!d)Cmlh>)YP_??N-KBsAehI717id8n! zh&0L(KU35%+o&BL7OkBbU%RLF=V@=4Z_us@+IAZ!ff0@Lg!4gv4<)|+OziE%d|qbs z&>n!@aj8K+c(6UfPxa2$@)LWU^TWpb{?LTC2c2ZR-ge@x`|vuGGEgKUQ){=zE3wXx z8@##slk{9^r#ip++9hIyL>Zs{{-o=j6{~$`tagv_pPPsOu=vlj65~JrHEvU-Y=6}c zYhOuh|IFm}r$JffwBJuB$F%hzeUyG3z1(B;5+~gTZNYPlu8n@My!lJ1B8yPcWvTT8 ziyOE5GFqJui%=8hKwlTKJXl>kCgLMi&tj6H0iVv4h&d_pSUH{+p1bN=ZQ(7oTapk?=eS(M6re z0i*NGix1`&`2Hetnivljm3Xdnx^@j73#d_DXvEJkj2j}Tsu8{^Q9do!7X6iNNDhzr%k`bwnBgn_$QQi|#Jo>xK#G?@?EQ`cp zQsskJm}8L|39G_BPMh5O(;*DVD~6hYyzOF`g{CO3{W#b6i@@8qCyNQ=Ts!d9c6CzN z?lu?QrY0_6Yl5*Nn13c!B@2*pad-aGz@kEfrfII<(K#Bs@09dB36Q_|TpXk9xStrn zU4(*9&NovFi-}ijbsaYDEb@)RmMaLq+epF$#@+@|qmZC3(r%9|C6oO+dUCzoW)*WC zM>aPyIDy(z^yzVsbjcV4cRSU#{TBn$=spZQ4_kbf@#4IWBL4wdndoR8SDeObjtw;& zA{~0WrtSVe(TI!;7>|tr;Iq;84sGqZY{f~4?;Xuw6Ii09`34_y9k%$-rBSpphtZMd z>t|l^qO4f89a_VPxDfZ<;+x0i!`Tsq>{hM!XORe{%8G`@7j_oRb4ua*6!yBs843Oc z?{zQjvY>R~Q2mU!{Jw#mqzW+} z<^Gf7E(C91bLU1Mvicfz&XT5F(dK-W zzIdc@pL>))3jdg69_2HS`aD(kDxZ`55UR{btD;D9`yeOayHjb!7VHzrUo@7)2dU{< zma00vkXoCrrUvt8;7OqC9;xYXq-d~2xIaj>5Ocf8^-#=1Y9OXATuDQyXq6g%%{wNz zibuas>zYH3Q%&?!as)~3C95y7pMXItVbd&-EfGW6r3Qt+&Qa}=VT81uAThKq2^PIb z{<Yro5Rq)zHd`)G-=44N-RPqDp5yEUr9Ur~t_u(}?JeQ_cn1 z;tW|iT~;PRZKi6ctBitL zJEh0hc`Z9B;N!EdvR!zFlJzLjpLD5qms*)#rBt6)rA$g1Eu;;g!dof!*Q&(*RfwNP z3P~odlYY(_?p6ZH?NpP_F^=S-yu{%aRFc)23OJwxZ-dxY?CiD`9U10UJYep(GJRkY ze=P;RiruF`h@60{Kb7N(G=w8tCzu#O!6E2kPUUar8k;pbzVdQ_+W$ z#Rs72rID>gOf(s8ccg4IrM^@6^2c$El}2DtFur6|Q8p1v0WTrA@XXi&&mg#O_@P@o zsJ$GdO-X(sP+ov3o{5U2qy+PhLSfZ@9CbV@>Z>#8uBvaWM_mGqIYljv) zEF4(RJlV2K%)$r*`{%*LQ`eT$GWORm01Km^OV@No5j7MS%98HQET$Jg;|H4#$)>t4 zlK(s$4Z#And=4Dgf>qz;|GEAQT*8Wtd@Nm9;6Ddw8A%c2-GQl4<_$+w>l3u?JA)sC zo3JesnwwRC7VQRt8udqP^;+T-xh$ApPt|CL-C1%1f1>2Ig(`-!?qHI!RrQu?zq%k< z33+Pm1-->u{|_)Q zd6ab;&Q`J$!QtGsRevN|zlffsHCchKLf0!y z%gNQYZh~?j{I?khg;h!?HZ3MN)*lM^mU7oabLmk#x7| z7+is;q*;#G(3vC{yONU$W5jn8Cvr6d-bVw6}c`l0aKyhU) z?G$bz3eRy;u5V%|{*IjJhSwuqG}!Nk=S*WK6u~$z>c+QKxzeT+cF+yT&hQS7-0%T4 zuIxzJb^?BMeM2zjOBp;1Zuxzfcf1W0?bv*j>*9> zvlxxJsq@mp7vZ&p%Fh~=<7*k{UKh9*TASeb3|Nr52$3S>!~_)9tovA0^mk&%?SMtr z>W6C}Ws$?P(|<hTximM-bS!Hbc&AVvBh$iUDFy9=+Qza+84)2DrU#imWRm*(o z1*+Gf*7j4bNk2>Rq@N*2+NjGg`+TXjyeYNLtLX%)jtOb=o4J^A@{()J$uFWTdEs*|PrS@$PJ zm1?WBvL0Kl`)}tz;J=!GsugbRvB^~SvJcX@?Rt zu)a`^Y=KTkg_qlQI%BWwGC=j*nIA^(kN#OG1$BXE^*tIJ79MW}$J_gEPBp$CnvdLdtfPMJQV25{=g3 zQfV3A%UNyf^T2?#|D_7-K|{1ss}O|C4%$;L~SOIT(L|v$iktrgm0AyJfQe9 zN*JCvU6@M&U0GUL&h!n+Q4?bJ?Ga9EP;}N6y|pA)rS)DXf97#--LlN4BGl;9*Ph9e|Yluv9lxj+aW(B=GyGW zpOY^q3?H*iA1x2voM|)ejR*|e0Y4Z6!}c2(_6=d!K})Oa8~pp4Fm0p_a|bOs0kb}$Q+?w(WC1Rh0;bf87Y`MwwQiAKCB9O=M_ z>uJqO+810aTeh$TkNfbi)C-g1anK2=6$ZM_ml|&+$Gdc}m!zGE(Gu*f1}F zRzNz|{|!NJ+W?a2zS2qtru2_Wpl7$t7Htl@(C}O8Nx>Ap0lPQez6tt5Ir%7EUHD4? zH`(9mgzKx`McG#9YLwJCn6I$^=nSZ#!1OH9SeC*P4a*;owHX!%h^B+aCWtf=E5Vwo zPEN5y8MSufVXL#i;x1|Rz;hT1F1H1&*NwD&KX~O^zL0fL`{rhgv1pf*2}xwk4ji#A z7>+;w646zrAMYI0o;12atEB9r-u%~adcnHo*tuKj{wCY7%u2ozAcB?>5v0cPw2BwS z;;r~KqfK9}#}b`JLj_eU5a`$_u~pRzC$^3LvHD$nBhPnk*&(Q}@t?b*bzv<9R)=dy zFOto_(q1}?)*Ps!S9yY$-zPu-wY+eAThf0w*6<)P=_LQUCsh!%) zbLql32~P7Jsn86)t;rVcYSm|*#GWGXi(1!4{q#fvd*Yjw=G{3m)c?H~ODgSJ`CA~c z>W}xq=%kkUC)Fw40QM zj@`n*kxZ$H+##v8a&1BbA>rrxmAscH*gcdvpi_E~o!clq6#2N)?fT8(?+L&J5qpJLwy5$#+r%g@HgHq)ZZF z*{JoTVTO07)160KgW00T%uYxnDTB>y{*K=Q3e zK@H3C@TVjR2W_ABA-sq1^_BL@8AdkIGIS(V(%J=F#`Fsw6Y(^vHcA3TQ&{QgHSJzU3jJ7Y zUzA4oMZmS#m zrgJT!yumr1^Ah^pN4vA-i$cY3$4qag)`I>Hr{NBKP&@h}O~Q7A(G5+a8s9zOc49uT za}}CJD|B00uZ5PhWiAP?)Wp3qM!X`$Ub)D41)3s2mcZ2szg)cLjC*aEBL*(;2S>E; zmI-j(s9MuN$Z*E4eL{ou zUZD&0%+O%n8Y*7qBE-CeHh<6$#5BQrD;AF8;$Z`Wx9;Hc)b{pA@pBr`P zH~342D)Xf#M5}rWzLebK;~AI}?I#?FYOV-r80K?TG%BD9-xB$R4`H$G(|^!z9^`t0=iBX z?kfrwQ$a5(5IO2>cSRvd`9)ALKicTWqTudmx0^-5{n2R%;l_4v6u#`*Z;UjL3Vvlc zqf!B1g8yk+tlI(juHP5mqJD?@i-x4nHm7hp{kjUjmYG1-tMKa)b5ST$nC;|}Kk4_AN|54X@>H`H_}Ibcm{o(9-c}c{lk;#qks({p)w)=V{rIm`X~_(7s4#{b_ zfKp&JGTu=hZY_L>LTcUX&|gV;pKvopkQrb)a=a&m%)pV1g%YHRvW>cnvW@TM4vtc! zOHXioDL-NTgG-gSy40EuujPnKo!05KyyLaJ=~BzRP?uB4%0P3aT(JofIGEh?VKB>} zKnE=y85{x}?^mfAxn4_~99ZXofZ^|StJQWlMRO?GN*6yHn4CZqsUz;L(5u!#?f7{{ z*&%(fc;Bt|@mO}t%0926XYM~yay_@g%pYg zq5{40*0*>Ct?H{OEEm?`{-{)Bcwi@lq!KCBeu0Av+HouW0AgsrIYQxAZEa>jd_0b7yV|?@_5o>gv84yWu8RGfvq=srcM+Yh zX!qx+)#Z_9-x#I3Tptc<70G`Rib&PgSG<#ByaO5#tmk(i+_qJh3k9H|r=_@_z1gbo z!^bOhT4}drCd5bJv;c6oqbPWEf1z0WbF_uhnd?(LKVpe{E^v-z0sPUP25XV9DUzPQ z4Yuxt&%x@S@Ofs^^QbFzVr~P0{(PI=>QPGxSJd9LEkOBStNh+=|V|s#JK0%Z@n$Hyfp2*bR%}+t*7xiK6jeAj=#^~C&~WgBr)Q&i&Q$| z9LT%bE0XI+_$?=g z_u44Xr6!VO5`f{$DVqdoBDN>k9WD25hq=g3M zRwg+j?KC9+U_DPLGf24+EzLzw3?m+Jzx?E-qYkiO*QaCoF1H%X_gpqF-+^p%`99$% z%m44K-#vLL*KcY!Z3eR;XoZ&SrFlIsnZsDICOnD}rF3+o+Lp{aIZ>jeqWs(b3fWjH zIXJ06I~pebt(Em0-FL=6`kCM@7rSDB6=3}=%>Zkyox%Eq-305ymQ?b=bbiZovbLXCDPfp-H`8@5(2@Ibjk^DQ+8T=k^>}?Ya_(1a@ zgrg4hPJxfffpyK-{rGkk!E3-{e7{+1Z1$D%{pL$rEPTKDAd#CS5N0||5LPk-jf>2h z=7+>kcF26=L;WoP_m>$A+?^RFaJPOhfSXGGGKgKJxE~}MEkvWy8$b#6tGN2z2l*p7 zGDTlYNe``ZV6h|3e<7V`uzoP9VhOXRK)d&I!|#o#NIYS>>id4!Ki{Rsj~?hxN_y;3 z`?>@7p#R&@zq@UmajIQa;0C*$?9b$`*ytPXRN@O@xHx zj1zhL@KK(yFJZfK4wHGg-SjlT9yP*!_#ci~sS=;ENQ$`;Ty+GO)@`|9e24zMs-=D=g4|pv! z`^w^sNK~1PNP=098IgX;I~bcIeI70Q+)n6L;2kGgdq5{ShezRGM8mp&Pjp!RI*;Wr z4~T~*Mzx4+q6Xm{hnMxsU1f*jMt%1=22_Mqr&GJ!MxyK?ijq?d?L*(#>*;u%K_96q za>PtOMr6<4(~klRB#29VtPlUJACZPg6ffv7i9lA~_Jc zVHE=%*7ROwyTU6N@3xY^V#ABfuC~+LlY&K7cgYriK1b7dfgCP(0muBsVRF87syRiJ zNaUgS@uQ^0spJ$*v{YH`Tt{4Y@&qr*!7jnNt|bP_qa26-b_NBR$05)vHIlB-rRHSF zfoA4$_hJ8M!1v&7a$ng*YaCdzHjTYZngtRC^G~~g6-7U#Xf<$AitMgm3^#<@Fr5ML zO>8FL!A8P+%z7hSc?|lBZt^_vOSp_vHLSz@;hFj#=3i33SUTUAA6^xYkg&xIO}e*P zTQC>0btzh6@C=H9=gMGS27%`SGS?D>rr?=Le*gm-o<|8wO&KJeUkp_{LF-#QENM}C zU1_Pxfa3k#_=>wI9tNzzoucGxIZ_Quw}URYCneikuYW@MG7baz9)((k@pFmTeAEHV@Z@YHqVZ6OI_V)YT z-+r#!+xyJ7%kZ|o1cPxHgQ>^iqTfbp)b8!v*sY!4o9&RkNWTPi?A>1**6p>gyNuUf zFyN8eUOzwnBtj>^+EE`Ojt%A9L>X9%YMyw(7!U zg~vGT6aX!N55ZRa1lpab!s9>CcU))fS>JK{N%S2{PNMJl{v`U2C0RY`I})#ech`3S z+S>IemcIdRsqsr8e;4YdZie~AP!FlL=dbTk055PFKz9eOV10+wM2UCZZJB~kfs2JO zc6vKr`9`=!koM!5YKw7^8*X?mE#^=&h8$`xGaYJ%b2zJ*)=nG!Ba>&aMBIhGbHz&3 z7(y-FYdZMipIO2GF&I5EtW$;^Ovh)-NYmd0S`7IHd;EXCG7gxtk1~?XJZd7zHD5E^ zlO&Iq8du2Ccv_r<-`)Q+xqd`0^q+3X<8h<;3_2SQH4&A`qpv3NGAY-y;JTjIvyWI$ z-%sM#@+Ner+ICMn`C774MDbG~F)gOCng#3=40IvnnS_~~l@aCiV;ZZrE`}=683EPf z2Mvz?1p1506ToYAda@4VMEVPW=-X?122qiL@#OOYAjv>q|6K-}McPr~za9=M47lOw zSGBFW_T+?z8X0Odf-)X@TeUF-sH{mv(g{@$ObG^`%|}7+w+;dw&*?PK@n?q_a9a+W zfTO%Ear{n_enP;iD-l*dwWiWhoQnJnxV<*@L^9@hh8yMVQ^qrKz7qZQLVv2QacYl3 zctP8E14g4+5C_ZImM+vjSK1A(a9FO8#)(Y_&s8EERsvmCn%@FY1gn1lCovJ!0bUsJ zCM%v{2$NmLo=?KfdP_G!-rosuhrTetea;~U_v}L^xTk)Zp5ULBB+rZ8UwjJo!4s~K zmeySdaEj}5cI^*dpIgwIYTJ9wf3-fh|0nCS?1mGsPY0AJN$Ydq3#^ahfU!Oge8cP0 z{EfLjs}KCYu|6`!m12EPsGq^wEWP@K`WapulGl_8yf%~3)8^ypSR4839u+hNZ4(Ml zprH9|cT7QZ&(f%ZW~5Ni6av{}3Yu=<{}DP*sifI@T}(++2qjHBmg1YQcquOV+FXhu z`%~!$QtD^wuRB%!Ot&$<2EIG`>RTs^e?tnJ@-+XwI5k;ilNQxF1e%k$5pBQ~CLeNf zA|Fyje8@Q_CZC?nhrBoqGDTLD-w-T;;6)4^-lzkIJ^L6usq|OL%mhy@?&`K|BAKBD z8s!d*g=l&iV+0gISwb@1=<8d>?gVVq?Zq}-Cmea<+_{PDx!zz+DHRHPs!P3ot5dzc z!)-a{QWwD0`6I98Bd0nF!oINQu1m7#dMqu8_T0Q&4<%_c?YY6pcG5%9J>Tv9ARKz& z(wLx++UCo1sdF>Mk%lCQF~YuUVf=y)k>|)~ImhYB zq}H$F)=m6Ot(L;uQ{wS5DBHENUNPOypxC_6qIvg^>2&<3@n*Uh?iHMmgBV@fyF9(8 z!x+Gh&y6h^onN9_gmXg}Gx`DJyX&+cGQP)ZQ;jd5##jCW$CtFb;nRK^JZl54vJ^o3KUM5u%=Y0cX|_@$-%U}rsI~##mWvMjl|8mzN43<)#G8qo&nXs z_(C&~sc{N*?&4EOqktdZ+{33(Cst^P2!r|*mY%|(3ZF$_$X!=QBK1qYqbpGz{!8?t zvR(Rh=HUZh7EWv{qtxt)@Ogd*}N|1dlGGc$aPp z5q8}f&5D~&tclZR06Q{5=w-wDF(jHBz)`9yLB^~_CoP0bmp!u!WnJ4=oV~~ z&FMCLT<8|sH!_XEOzlGv0-CA&VV{Z{6S;;<9Zl+&??M0c7HZiIPG%+EFB->`W)+Gk z;0i^USo$s(QLNyfeage&96&~J-VVc&4~~0q{cCgW5Du>S0jf&+MeE*}zA7R9C|zUw zwk8&sHpzZ_LU@e-GzlJ_?-(BEle=hY5N!HZfS^|l1W9u*c6OV4(>u|*Kf3pn=l;-M zWA2%sB=N`H=0CZI`JX7?COLG#c?~EOvJl@f)T6#yWjw z7ex8PnCdv26>pq^*HbiKE5jVT72o>qmDMbdMI)cDlCY-&UUWxgY23ET#zP=C+r-@h zKtaR>r8enu*F3UBK%G~kJ+*?*0bi{+(&l)AX|g43=)ae<4nK|_kXBo2q`NHPdq`Qo zmPCA6+!~p^g-jaaHcFUW$4FksY-Y=31^PL=@K+Vhb1NI%CErL5&vO9{tYWM55ZMPj zmM3xDZVpLmB$rWwgUs-D6TCf9c)zOWCDLEE zBK*lnzu>eR_gO8vBU&W4ktcN8i84)!Y|2CEK8g7jMbWnCn><5qqe8x2G!IR2pZbfC za2|t5#c?xXLC~J~l=c%!=aQgB6I-WQKQqdva9N9X7gtJDcMJWpSJ@;kKf7D@z+#Jc z-e~KWCj1*KHu>`4k7SSeBay9^_~VU)wRE9S2r3K8EHSn7TRq)>qf?%faU15&Hwit; zJ;D2mNh{glA(!z=j$tM5*kQrml!BL;8IH&?$bHLtSy z2FI?kB`x90`XveZN<9ED=2dE3U>z2{!0P|Cp1qvc_dy~K-EOHV9l8!sjbiYAr9H|t z?T5|xvkso`ou~CU-~AJl=lgAJzL63CAIx`RhnVm0_ax4j{dwo{gg3Kw@(u8TiN;9K z8`B<{n{1CvXG7%Mg6u>Mkz-(peB0lTnY=$zt4#;|Md3Tx3@Nc)?M=f9DX|ffDad5L zc`&_bHX!`n27<5;L@YS0pclY=NizQwqu*yRz4<^}>?V~K^hxh?a}-wJqkJJun6O{^ z2EeG8W!f&kfbBA?OYd#k8_PC&l@7jL?=g4AwBcfzrlnEpBoO&jl>EUk-O*l7*O31SsuM?yL@}WteD+0i=cU$NC!$)Y7OJ$gE8Y| zmR$@LvzMB_pb$Ic#m?w3FDY}jZSY6^()7=O69fNE7QcPk&pL!g%;rTwx8UIO*Z1od z9DF2ISE=K+R;d#^yq3-? z^{P&P+bDR? z1n>(Fh>HN7Qp0xc(+8G?w!<#HG+7?u>%PDRx_kTaCsz2Jd`{PW<-mG0_>pe}4*Ik0 zRqBmrr$uiHcPzwFLTnMe^S`Zh$UorFUlRGX2@VfMw*n?rm7nG*X-DEolXeWy0Y=$@~4FxF2? z#`>~d2G$qv6qNAEe;b(l?9LSEa8Gl0bXdL9M2GL*Pdt>n>pM8Or8i!V?RrbdvD%2+ zqC#w*5Muwe(-2~XLL(}z{;|rK4N6nUk8#@2sPMP|udqrpF`oA+jBlAazDI6N9^WNB zjL-JN$G3fa%JEI@rkP~jHwbV!cvQlq1eI$StB$6!6xvO7G>BA3g>kB*Jf7Ax^lYf$ zupudwXs4->V{0IA6EFn@h$wCAB$a~N>ZF*P8LaF@M;x&CK z@=q8FDba9Bci)uuN6yx&{rHfGGB8*u(7F%&E)sd;+6N_l+_Vawz~An~&1VW&p3JfF4_dIb>XI|7P;;Q_Dy8J?4p$)s_dwCyk@&OZ zQu46Emttt}Uc7Wb+RHR9P6?;2-?~d=_PUOnT3^?6$R)WxbxBp2nxBRIvvnrP>`t-s3@SiLcMazN2k=5`|VZAaRLp& z$A76jdWl_XqU(cZsG>0Ws6FvdI7&fFMV=lS{1%|f;poB?TT-2|R>W(=n9^m1Oq1iW zlJ^#*3e-lc%2&r<;j{|_A))_(e9_$bKFA#$6cWY@Xl}t+a11V9#6DYgMbJgmQV0>jPPZ2d<0r>ie$pk!iZEx?tPOA z^g%cgPlL~>o`o+L;S0@sHV-5|T9ybbZlKQ0^#WfwWyTk8C5!a2eBAKEA%E$08tFr# z4rlya2>ToaAltq42=Mp;Cxs1uz$=Y|{(BweD9PWnJ3TGX74c=rPwG-6|1tc$eB$7= zG=DGBO;l5E=G<7Y@@iA{k(n5D?bQ3b%IL3`{G`!*|49DXC_G^&vHAAZIwx4Vg?!`F zK+QJux#DxA2+DykB5DiA!=e0r&b3(%^0)t>Lk#2$c@Cvi#kMNJmckG=38}bzeI%b^ z8Y}C}VlgUuLQ(~PNzku|@tKjfv@SI*g{H);zjQz83k1A~Wh`kdTFDwUfsFJiG;B~@ z(VyA$082o$zo&-&RMMYPN;)p|s2Dw|w}!$$$e7Z2pw>`n4Q33^#^(wg>F=K%=o)bM zB56%k(M5GF&2~cHa_9&~Lg^;gQS2cpw>m?al&4HBs8g!X(kmnR%RY`Riat2dCEYzG z`aZpi*PxSBsxy^IRw%-Pw!?59qSeC#5tMJ~2AU(gKi-OGbWac;uZ$guw1f+J_S$_~iE869p8heZ|jvkm=% zv}P-?&LOw#gNFJ5b?}r6z;-nq@D)`l9ZJj6-DzEEX-kh#=1KoHeMFLc=BYR=Jj$ds zP+_!LlU`Vf_Lm-w>`F^pRE4TO9D)+ZE>_x|OPfh$?vmCtJC}B)!PvH7xU^>5Aj)mI zbPxRnEYIY@Wv}yCj)viY5WyIA8mLD(tlR6HuUX)``4(o$py`0T#ux6{OThuIAU^k$ zoN&@;b08|m?jLsZ?*%6ePe3EcL5C6KKx*H0lJo*>FMpX-YLWbdyVAitLDr7QQk95Q zU_2)+P9%R@PtUcRW>Ox)C_Z8=wr_?D;}aC;ycc`_6~1z@_$$Hu#`T5>=v+&IDYVC6 z2CToYs2mI(CswXpZPjn9Ty4?sC_ALzLcit;<*>-LLh*(IT^YWiSSyv0fG<7uulnqBsGm$bUwS$`zrv$-fY zwzPW6C}(|_@iVh=yYG@0EEp)v#vGpz%|K1il_~HOHtS{ZcXI<|9ucy}iH+Kvp#vvZ zPjNVdR~@TAYFTuxM+Bw7E{B=xbZ7n1OrOIDo)kE0l^R|)oIHkmEbAr*^X%@(I(Nl( zX~nt;(&`NRp>-DjA`EJ{|1PJrx^Lj<2;V({qtkuqdW$x&_FZ4{fiqucLveVol1nVnr6$jHQo@ey4&+Ny4rha~6eX~E`X^{9W z{sHw@42SQIWgA|T8raj`vRN+K;{OHZZ!=*u#_FGK_`_4Q>x#C!rx^NX3Rs+^zxaSm zZ+@EkeMR$n`3Jj|h-b)sMY9)N;t{;*L2V6M@hFtEVbK;nyDT!s>RX9wpo3&9T)Kgl z){LtGl<3+>+E%*Qr9J&7;RGKoc+iFiRGP)5f*u)u%YrY5|I(E-Vk4a1L!UD*-QUfL znAW>X-tqSWN=yL7-l*Th-`tV)6N6*=%8@N71IDH=9G1AAW2gHrMI}^l2aZ|%Uy6YK zaqDqT;MfRXzreBSzCLmFKG)B5AKvA$?4WRS6c}d;I_P77{W9rW0Y6RD0n|c*OK(d4K ziz`g1XmvG4q^4hyt>h&u2DD&f;JD4VA#gkswp!X#6kDsBUYAy*|DzVMd$FO1OHG%E za@m3=M@WsM=t1DfbbnJAHm9`M`c~GXxyHHV={G0uA70BIx6aK!_UUw>AwC(&Cj9GcPrZf zD8KY#FI{%>#wG*J!56dPd1&>WiN6;A2xomcsP5{Ioc~K%Y#9^#=vITY1M@@{ZI1$3OgB=TZ85lv#Gb6zfxete4by7hT`Ft!#UEE+?`DAe(N$ zHvz~glmea{nXV+eR^&~No1aB3v|6(C^Z3!%Y26-W>RDLA^j1qRibzYI$MIU|WoLL` zBlak6hu%Rb0e(XL5(qOV=LKv4XJj{4K|hyTX<_`)^PMmAxzw8%M$Z%{q_^S&=^<4p zZRha&d3b+2){iaHdOvZPCEI2@WnFZuQy`L4%PGVYLWWavi5s(bVOb4^O!CCm0p6>jI6?)hj!{m145l$51tpQmExvHJ*QE!I}Rc{OY z(>-AS-IjK+P+)kRkq&ooVun7_9rVJ%>wsITdfNk5Ezn}u3k7{UquV2^Zev=9CghS$ zQbQ@oKHrLejY92l?j~tZBx)#M=C@5X? zficg+Vb(n-Z#e`j92kKXEQ}niA-f5%cdKkb-&~k(kLraX2Qh;!Jhev#d6>^mO-V)XW8t(WR*wphbou(*BZteETrpY zGO389!7#PJz1XANzN3yj7p;}cmh52w1Z!7m2cR0LUsBV{e=D$^)Nl4^ZaLNvt1odf znmXPV1TIBIj@gsv6_VZP=S;?2t;H7COaR2#08-1fvy(lp1Xxv>)|L3VQkOaI(clR=)HEZ!ho!=hk>& z9Rc5DCUKxU->*JP_Bel<`_?w-UA?kf@nq8A3eX+Y;$5 zJ11wk*Fu@yz!EWdU*c1KoWX-bpl?Z_9^D?9)WcX#@*-%6a3;$mZe=4mX7vHp$_9_@ z!=LHCj4`%_7st`IvoWwLvG^`te9*P$;j=txP7dhWMjBR7&d}$&8uyy0FHlHo%%WiK z!Tdk|Z@*YlbM5;8u}ZN>4j0>=yFKRe8(-f~$9GB%r7m+OTd1K?NuSO#teyMJ0; z8^_I0vo32AF=PGceF<=WMvbcs%<4;odHQ(JL7`a@n0V`^@~UM;P?Kj$4k#-fQwyOY zvE#J&*l`eFV?WoUR*&!~RrXR&!}fSQ&XUN!Q+w)QBm$I}Ti~q!4#ETFtad_6e-z3x zIq0<1AIWe_=4&Ar_UY)KhY`>$3;u>#h{0?vuOE|}?f;FjIrPV&=m@+< zU(=+=&Fp7&^dlzLe>O; zhByP?13p9P*RtEOa#xmum=ukW9OEsL<4UkUSD#D71R7LQP%$wnT4nKFD2R9dUtWfD z#lNTUiFUfNgP5k}U$qubUIdDOP|bD*T}PQ9FSd-y;Ddt_XHJ}x@w#lG{F$hK9_o_< zvUV}(4Ph2#zNwvt{jC?84d)+U13O->k+>_EzaKx@za3p_6Y4pg9t7-siVutP8G?BZ zL*6yNijwf;f48Tf8QuiaTc9<=t9(mghGkV8qa;TK$JqD;{Ce%!Nr`I$%{KnI#OD%9QIrN{ii91a=!!dsacNt#S4Po{egp8}MN z!E`r#pV*%60z{e(D|!@mTKnHpnGxdehxK4Te~rfgHKegGcuit^*J%Fcl+DNKcjNsT z4YwI(i@{|Z2_YUA*~Wdhkj~71y0pf=^vLkxpp?+_i_Db=^jYNfxC;)WiT0qKzRSGI z2i{;!1nN0w{e6zeaOjr&pTV!oTe8DV$X2mUdgul^IV*PhB}zxGY}Ir1zHa3Wy*E&> zuRHPvUFL+Ln>5|7FokH6sxsD^ znQ-P!!fyck5PA>UcbCi@b@)tNc6ddF0zg#hobSV8J7*GP+M?4 z5}t|_Kx)DG1ox!luSDIG#1`!CFQ`Z!cyDh@8n8IvhiNfs*MVJ`?5&VRjV$h?4`;iVM?VX-mF zDLhKHzL5_-T@j&s82^svGu=v;!D^-uhE9deF{IQ#o8S|<{s6wTcrJ(i^RW+V$R;r@ z-sOZ0H#iOFGrr5p!z`&UYb+ubr>;$S%cMd2e%SDAA>3-;PggiaN&S&t%v}}Mw;U~N zu0N8#=o@MEMmYkz=aKYa!1GZ9p34n*@=ft;il%Az z>TJg?gij$<`~EDUNu~D1^*RBsm;NT;HRJC|@JiBO(v4Y<@+QY+H{n-mz^~Tt!s%ugt&=d5Ayq-sI4)HUy)A0a!?=wRvQNU4I`E?Nmw4-@IiY5IXe8b3DP0D?^h?QX& zGN$`*(L4*|#R7}Ki}@CT7yl@t{B6!PR#(|x(jAwQ2GUm=^S@ICq{vD;St>SseTq$B zvEr3;3mub{SBtiqO12e66tuB&*>gq2QxV7}L%cdCP7f*Aw<^@=#T@h>ipck@YT2tr z*^E;M$*Yap)3WIfEUSW1LbKKm?89p_*80sgXyo z8e>z%z@*h;V5XQ9^s+QeXbaNGc-oj|EUE3k( zCGFb{O|5Z?etNDOO!BbqYQya$x?BArVCes1V(Yegt<;U2&Uc!(AbL|cASAc7W z(voCvtN6-Sh8^q)UKf!gt@ZciMuvNo5B#6QSmrJ{=qC4sifxNVqn^JHg$>_EoE@6c zdqaKL4+eCP0>c`GS9D9RZTQ!2$R5Hj1urR#`LjpBy8QgP6#fYbp)XU#fO8XFV+X1- zX&JN|r2Q)H73V-T>JPgjZl#TUsPdyeRNp?sm(N%soP^E%TRKH%3s9&ek#c*M7bInUPZby59u6Zz@YL4G>Hgie`4>LDRJdNjaHgqpJ zj*};Ku}573qPnCUf^Ma_V6S=$Bl-Q;!11lkCC7w$S`?ySz;xGqxoMa0MvwA*z3J3J z@$#Sx1iRy%2S}4*D^J`?_NZJ-YJ71~jzMe?s+O{_D&s*m<4 zuZfqJ#J?%1tzyktCu1Nl1d;`X{d`{Vx=bP(1&sgV| ze+RKMu*HgJHRdzfc=j}&!8oN)hQd{dBegKoh9mjc{DT{RMx8;q%w;S}4HgHin+yDf z3l>(_Vu0@~{I)~;N&yw}@cTo2o`ui79(B-&eca0T9_5Zi*J47tL?M~eWb$I(_gri-9m{z! z!;i!-<}oOI_0qUEejNA4M_je{nuIqt;*AsLZ;i?0#yZ^u;B}XfPbz<>TD}|%DfXMsD`m6RIOqTH_AcO2l~>#FOp<|w(;f~30a2p{B`Sv~Y9b&R$lxBG zK|I7_1&dXqw%Ssd0YrimCWG0I)6y1f-?mtLu&;gJYSRM;4`>3I1hg8kT9m56itcel z0V@O$=D+Xt>^UXDw%_+(AJ;`@X7A^?p3{2Py4PCCBxHy4?nxsft^E$~=cj_^ru_MY zDr~LXM5sA$^&Fvhmj;K0pNx2kD62bywR@ecT}L@yMF&3H=gT}NI;J2|vN>3TNx1hn z0%JV;zf&&3iXXEO#_tv&kt+@!oQw=n7*WSh_Du_r>8#3=d?i?Sch+B(}NkSGvy2BB!q%`)O9CIS25lPUXSnA z9IaX>;yGw+{JXWm1HE{o4R&0_#7W0FtYx4Fe}m&tX(6kUF&ua_pS?T{y`=2Wf5g*ZD(DUa3-~J??tX4lz!jD!71$X}%6qF@=_~#Y{KYtVlf8nF2 z@Ru|{Iq=V@JXnkdEy+(e=q_o{Ly!Yn_IszY_v2>XZW^n)lj(2$+3cE*)FN)T2z2Jp ztP_}vtJm_PuKxKM+8)VE)As$J=FoP3p3wG z!w641sl4G`~i}pG;oTe-l5-cO5y%D-)!em)@~WyuHupFgjYyBK_{>@YMzAvw0rivv)T$b=ej@ znhzP1x2$E6BYJgVq6mM2P(>}&pW%DGtZR`Y&ih8?!9{~O;)nEPdwq-KJ!tG``3S}C zQpJ9B9+c$TN}6=uy-O18GL(9h%2AN zf?(uAbKlP_6W~8T*u!V_eGT1xR)5GuoZ2UU%4|v3hX2W#8&Cu}@}JAhjUP42+*lwV zo^~}iR;G5bo1T@%EPFQPe7@qR-PdDw+-lbQNMUcWc`ZEm9QV^Q6#0V})S31=+hl=?!l_2jYo^)7`+isfoyDwFJuDm?hGz_U_GUSvWq`EVQXT)24yv{z6Fi zwO^zV?kE1s8pn?#y|niCD|@!~v~+9Bd$!iHKO%&TKu<~MGq!k)cJq2DLd&<;A7i@+ z_E9DU8N;DWerba8)EjkdJ3dO84J12w6@`qcG~3L>8N@rj4*i+U)0gdgea#DR(8s}%_pp>k+`T3A$d7Gq%=vF_xm`D|Ei~NF zEkI}4-osu3Lb9D8#y1}8g+j6V9u%Uj-SEkIvJuYNTGLxxgX)ao;J~dXM&WRn#|05} z9LA57k2eY*tSt*y#9#AG^h&*P9%L8(q*$QG21>wjz;qbz_J?eVe-mSBO5@r*luU?W zI-X}O(3(y3dJGg#YpAYE`9fQft~ZE9GjM{m=}lZ))LoHY`Eg4;5LJHKx+K1&xfeg7 zYkalU(Ff`6iPqlyzY+k@`Nb$(w5H3f>eF)-cDoPieRA%D&5qQ45CF!Jjq9Fga3DI= z`Wy&cZ9{N3ATW92;IP^JV*ya9L_?rwk%#7?3bEv<RFAFYSFE+9>%`*{xkPLDg|eQ;FwC*)X^XH- zb(XJVsBpj)bk()l_y}$0phB|a4JU8c9=w$-apXDaUraucj;+Bj8GR$tq<%?1p@&z$ zND1oU)vssOuXZ88dZ9y1h=zx|*)?N*Cq69v{UHcSaNHP=gSUHmh#gIm`h$x?n^}ns zT1I32eCBS8+?DD}bgguvO&X_yJV!__il?%yFV#L4i!nQ@@f&gTw@_j=s@6p1xt??v zH#7&d#GSRPwGHwH>*}ij3Rz`ZglA1w-6XsP2BP;gNS5!R-Uf2`w5>6PTW=;^H~%_k z#3Pfjohl@OPOvKV-MzG4RiyD3D$% z!^%_!t$_ywWYSKQZLQeoEx?lH%L-Op%oond6tf0 z{!pd@(4G|?y~}+0;yjzXwGR?8DO-(cj#Aq^v#sCIOwMtFI3UmiLLgbtUFHvbR)5{k zu{41N1SjXvYJy=W2%?MqqN^%D1lxXkjlkLA2iU0wc<`D|AOtCDQoeHyKlBYaSH|Mm zSiBpIG=q_LF#Sw=P^(9W({)+LTR>;~y zeDxYH1DDz4-ekiM2nun`edj008jG14g%pSN*t#$9O^;o288nB!*ybku@w6EU=l#@H)A@d$6w-Ilt~JWWZ8 z=mwI13vZU90tx-L2pd3lZAvs!Kw{Wm^jGc+4AxfNPgj__;L zagI4wmz}1=_6$v|aI=A~BsTE1wRHVd4Ry&M@;nXDRMkKw;)h1kKO(q*R-|6zB$UsG zh{L(`ZR)%BKq))PPE03~LKe&NM+B>V(R^R@YTQl^nXf>xMhy$0(OGG*ccF#!eX;IJ zt0}qfXRtmr=9r~QUo`-1?AB1-h`c~?%9n~}LHm%&Y&G^IjosOnm?9)cul-Omaht}4 zBIY=gT~t1E*G!Ww{|Rdor_bEI@slZ^xo@mdyg=GFZd!&UK652>g0sr(9uF$U}&b@?26eBZSNUZH@)B7czrJt*-QKfZ~=mTp-@l05N=74E87 z0Y-XP;tVgX9x7X)QQVR3j~|!w%9g+uFW|%;Z9_j#!}j|U7_H8Quj23i;MsipYrJLN zz)#(wW%i$I4>B*x%lAQjx!Echb7?1dzRE4y+7=)-w{7XE@>ODkJwsP40GPyE2A zVy!}#S!0^NxF-)c%Xye?bZA|3Aa@d&X3K+nk_~$T4qP%z=;;fWW5<|JM_G5m`8R{M zerV1t=L6t!Xsq@yG9~`f!(VqwkvLy@G|P;c$(qd@A54u|FaDpq-=3q6-=h^dGHY!^ zh=M#~h%e#YnK-woqcJzxB#5@ZdzTv9ONQHR=IVX8Yph~Md(?4r_cHZpND^a{y#mU| zb8bYiEYe-Rq61 zdX>oZ<%P0xGS~W;W8`;~$Soy@kGc9TQo#q!M;m*WpWc`q6)x@G9C*Ab-Q7-qslROq z9ionlJ~=h3}F(rA(jvRr!yJ27wguhjzq8RR(7&B{*I=4nzC6))eL6gjbZnJI_jYKL;& z$BPW81rF^A^LM9-i@z?cc&~EtciltE#b3e;!Va>W+y^I1V1i2?HelgG8PKZWe6@ywBj z=AwQx9`1LWFI}EYVzg2&_j;xe)oI;BB$(#f%TM92JQZgR3Vc9LNWuDJEM?K4#v4j6 z6#PP*5^SRbqClvO7maE$`wVC%>?QQxw9t+al8t*o97fz$4-|;aw&c7PbHIR3rl6R; zPwBJ)A^aGZPCotxUJVkHTFfD(eFq#!B^;1Sn4N2UI@g33#6T!I6UXE&PQ7fmUfHz} z$mK!0T^x~L$fyZ}R%5j7fFdDdH%|{*5JYqAi}Eb z+Q#Ooz*pFo_)$l``x(*{m)XRlR+YrbL8^)Z)&eirtP=2$(N-=M3spA4oq9>y#^>|7 zw!t3mJhP>kLLO?ED0w-P%0R~}}SN$o-E4}HelBo20Fk(50y#DZ)? zq#RgL1>dyH~UF;x}; z(VI9geIKJ+d7_A_|3cqj2aS)+k0vUi<1ON}0q{vexhkgA2TCZfof6U-M&k`1PQSdm zbcVKaB>gT(jWnefF=4BK;W1q{%kJ&Q-V9oUx3pvKm{kq?HG@zl!^BYQv1`T617CaX z?(p7e0J6Qi_(nX>m*?7sYxCSKd;5gnn^s-4!yW3v6#5;9KISf9pON71{BURAmd+t9 z@AV1qn^yFC(TnvbY_`F+U`c#30f(9M4HK)nsNHxm^*emxye0P=ruVjj2A{n%*$MdG zA15a6OVfwH1BttHet#=*Q_k;&32)BtvlEp$zt2mQwR8?B+G4zp+7|yHM?M-pF*kTM z6U|loulduL>_XhRUS(T9+a0~8FFwD55m*QUf5o__&;nInV{ep^(IT}3{ng>mYRC&K z>tya;g0D~A%&&p-F+6iaSQhiW(Z1q4&>g+9FFwE06iWPWuKz2U1Ly9r+u{t80Qn+j z5URe01OF;+@_aB01Aon;DcXj1z)7(;&YIG15f<(}1FGYjkOY%v3RXn?za_bqW;)WG z#WWT1HFyq4VV<~p?Xd)hf2%d#ka zMm@aC8*ar`b&wfW9aa0(5`()3&Ywf(um-hH9n{NS(d{phgE&nY+~Izgfv;c;;&-D! ziSx~UEcex;*c)WjGS4_55O2XBqw+?BeQNcCnD`Vrc5Mdm&R& z0npRl-u{V()bNh@gxvZdH(s2V;&ex$b8>TR^C+V-D6G`BPM>kvqGbuxBH}}fL;D+< zWJ>;Go+h*35aH0cPKp(W))Y!dI_hGwL{W<2vYE?2BF9v}jeQ{Z!>ha0$9T}c4@&DK z4s_!wTi2D_I@i-o8uK@q&N_=5KLy?+#lEQ+QE1GkxG{Hg@tpQ&Bxv~Pz<+|OZ2d?* zd~)!j@pJ;yWnFglS(2__S&0B4pOw_l zYT-PB-p2kJ_LGTSKsfAC5xK>gP?kQ_X!nM@1}`koqg7pK&+RCjB{rk>IVds{xvj*< z8^fziz342YyxdC3NDk@ix%+F#SM_i{^1z|0gF#o))%B2S;yl%lqn)E{vtk98 zLSI$BE9rXAdOO{#I^ZqC&d}z!AGwMh&?`UFwdtR!vz8){8LNPkjb6z%H=!Vw@B~UA zh97dD6b)qs;jp;N7gPV?OldaQ?kum5jE{^S0CE4%*#d-Q*KFa7@@xBnmioBhB4 z-|zpvp8Z$S%T2i?n5b^(uZHeB%NFR<>Y0$AxB&8xcY0o(X~SV(%p~?ip?Sqq$z-Ev z0^_7AukM%W(FbrFKA8MUvHtY!pZ>vCKm559dihTMnU?#{_{-1Qf7zm!Z_$f(1pCmV zc%m$oG<-qmM~jC3{3nuh`6uUI-t_9vuC|g6KvLkt2I)~-V!);W3KKV9Ktdu-G|ds8 zu=P0mJ%yV@gc=*@<9ooRaq&d?kWBRxk1DXF5qw#+nb$3@; zRYK-kY~rA^(NShHSe>{QrLxPn4zs!(EV1zJQA`c0$atf|(49@4>V- zm*FSxFG>7pomp&;A0~)1=6GvyMz&JBSY#__eqCfM#Y(nv?J{idlhZ<(VskaBYW0lg z2C*(HbD7Hg-mTf0hb_yFH{ab(yRJluL`u>kkwSB2S#I#bUgH&}Brutb#pcm6t65ng zl1~-yQ0YN7%o~@o-OfZ-EHrIpX;KG<9^PsXW|4VKPV2tB{7~I^iQJPVD#ZO)S~)Jo zEYg*G){h?XhP(M~FNxL+GppV^$&O}nk^i^UG0L35V*ka0#EWau^-gP$9BXz`nIIQ@ zS_H-h{z@LuFcmdcscV1C@itjKd{@Eclna>Z(xoZ!0Qjit(!2O*0Xc4ebOACk;+t_0 zS~ul|Jr$R6wmH9(%C8y4+6D#97P~O2iqBLIdgzJv4tJB?9Pw5rsAKSs#J%Oss~n&G zRd$|R(Wu>_Uc#hYe{+v8DJr^{)sQ(V;xGNTCr03AVgB*Wo{=M;e^+s@q@EQiLi~Tb zaZEJ_M=_55O`@p315Hpc$_pU1qLKBr*ztuRV(@E$^-9c_X$qGepG6p;1tNgg%7T=O zn&}`D_i?pD;T`RhLYJk%9ADcehjxr{!r8Gb@^M>^E%z=RCOq^QuGi=8PS@se?- z6I=FauaB}lU7U6Wbiuckqj_*i724nhP~5wk0J74?qAlTV3uLX81)H!) zEp^DI=c9!nUSR1Ep}@1S)EyQwMHo-`+at@dqCQ?0J8*pjO=X*Xlt zOX)2>OYA#^dicIVTd<>o15qf&Q%#R3|a$9uZpSr)-ll5fkTI-q2?u%V=^hRFRgII(Ehu0}C3-}z< z2WU&twI1po=^#{%!;pz$5Xu=oLvIBb zZ&{YLdIm^bw7Oi*9v#i%>N#(m89b5ec`yWMwo|zJgLdKSi!)sPj}};5J)<=R21@Nb zk?(xV;_RK)Bd7V#&MfX8Jz7&ElqHe>aDQ(^&QUs%NN5=NyiST`Jz)DByYA2Q#F8k` zzW`G^b2NVRms9hExoeG>g~+L2!}C6I6;yMoj$tItn^^@~hs-B8DD7dILVl-|wMvyG zQRS5yDDYi(r=`xBSSc-E-~Tdg$-ZLw3+^Uk4|~Ww;WaLS?VE z-dqb5E}WNpI*w4kky4Uuoo2~dzYohP6M1%#;__VD(#;M znKRslRwu3Z=`K^-ZGHu+M;y)U!!J9k&z{aQ59x0W` zT`8WYBEt`Y=!C9k2Ip&uxYLXQ54=HPd-ra(`97B@AD@st@e&VOI@EFW0_V@)aV z-rT{5yXgwT791o_?p726xp|VV`=SF%=>tl|JC8X&UDgXjH2u1643T&jrx>!mztUj* z0Yym#b}e#Vo+=hQPT9-cak$*Sb~}q$Q!2rEVvhN3Cn4Ht5X*S{G=%aErOF{%L#eop zB1AVuG6m`~?jwy6+0sxJ-F0@lIF9-k+Qx$07I zT-KYI=0RMQOBA055xXM)Y>e(P4jv*DVD0LhuzbLA)=#E+2 zPf_?9M~1>L+R_wm+hI}I8flBfp!kWs#bwmI+U00 z(Apx^p%oxvcrsY`K1$EYIR_?0YuG{O9=uoY=ZbgE5VsTaHD|u&yc*2b^(C6~=80O_ zTt=F~{eqq;@DtgEBBAif_M2k{@OyMpKC1Tsd)& ze&Z6Fo+ZfClpZG10x#OF7aduXOYW-V^T9$<8&$`@jb5t`IKoSMS%c5d z>g`fuUMcyt$i#GZ*KKoCI#9F7dOHMf!_SH071QU~ak74W#Z3Pbe2+GW{}794sY$jY zGs(W*o?6B~o}aUf|7&Z`GXCY_|Nob9dO-ixTJAa1F6gUzKP5=%bB}-;u+ST=E_HgN!%8LEG~*eK)tr5qW2`TF4N!o%@+N1OFb|R2s>;+H zkXYcvzJO0LCo;pwjTNj8VMj{%zccW!@SVRO0b9mU7OK?Cw)CJ{TLLV zJN>b*+TEdJ1wL)YZo0EujP`(IIVXIqAovYmbf(ic`ATQ-7U5)~vkJ{g_vX4g!kN_-Ex~D^$^ZU995yzJFYt86G3kuQfhJ_wC%h`btCC6&UiKbK?G?g6aJ3Vmi#bF0W-DU`6jua~FM76-pjhI9c1UEME_ADM0GJ?v{TH zaT7rDAz&tdt1f!iZ5(r3kg{_VSJDYNlJs#GB|K=~W%!+s-vc~FZ&|4ppW{|>zTEXY zY=4(l#H*|b9~r!V`5uq4Gd`A3CmgZUNe`TP!M^4Dp;%1ZQr_I%KT%6ysJ3BPe)w1s z#0tsg@UfEMM~Qx%NRF!Y_QZBQdZSaHd}AT>Cb&_I#(a_|(LS|p1+&k#iJRRUok;55 zX!n%AuZ_K=-2)j)GBI52FOja=z!0fq9^+#M`V5TqlBDKuD6r=p)b^U+?EG&yTk8e zJpM{R1ooe+F&tY96qv`|@_rwnfvSu47PYvIm)-T)9Z}D!TN#;sBGTmn%v03iHnyqC zg4f5dli&th^8vSU7i~-Dn80uf*oAGjq^-s5H;|Arcm4ZntX@`QwGZX6#SJuf$k3nB zQO^#X>DD%G3wO;8>I|i7kwc5TK-dk%o77S#v4KCP45bPsNm+-lvRPZn&|Tb5pyybi zhm+1lBg?lZt}Rbyido8Hexbr_>*2isjuy-Ydc>*QcL0ywE&hu(IG`WE-$^>dvHL2w z2S3&;U&Wd)dzItCL7yvwo_sZUDDw+rn_Z=YRgRY`51LPSsdbV$Lw80IAeWPgZH$i7 zu+f&)A*h|pb^>O&a0olIgvr^T(d-Y(A?j^jR#AAj@cmPC>Hn}l(iC(>uiO&UM5w;S zJb!5KGrqi;g4NkQAV!S0IHMO{_Rx%;amb${e=BnCz|EHY68o?Cth&yr*B^5r@4{hT zntT{;Mg*~GgQ>2lfL#4ppT#b3)K(j=m>V2Wt!>ovFqe+b4UAFAQIVu4iy@o}W%jRJ zq#R;YY^@D1EtnP@kB>fcgXiI+-{rv)d<>Wy1eBv0R7mABx4)3egh~q+J|@)!|4Wtd z164v4AB8o+1{O3+i`>UKj>2YWk#DK5gXU_H+hp}L52$Ukf#jJA8n>k?$i!2Fj9;9S zL87-qe9D>&afT`H+SDRe*7 zZRa56c)F`W5!FS=2R9m_Z&2LOrjE1o}OKhE%geOjYgrxUO_8=MLK#|i`29A z;#m|m1V(zwcY#w~(}I+zyBl{*j}531aI;IjSc?}*uOzm})zRyRRrkN%iT|TD$fr)@emW^hSK@f(Yb(Hw)~^SU-TMSJ|!i%rLb+L#DSlM4w*<(zvqw#!QyK;ZfWc~@a`aMoeN!prRH+ik`7{>U zODxf?*FzIT{oOa9*h?YgEbVmf^3jPIH)K6Z3tn&OOS=1Cu^c64Hl7mm=q9!CU|0gg zA7l1N%r5bot8|uuv>uoWU~X#MeCCf+n-3W303@T>c5ak8SX?V}>GWQg#-8i;B+Cyc zE(9Ly_Iv=jb<7<-{8C=8iJwAZ-FPSCL2+wZ-_x8sRl$Q_&lv?XXgh2M%w#bESIWv^X7x^j{ zw8Z;`_u2#bQUA8;s0S0o^Xo$x**`~Xo{Q`WEMjnPU(pupo@@mq!e+@2Zj##2 zSy+BIR;UrjlBuPm#ne0*rXUgK-yxEbMfWSTgxdzkFw6Wqdv488GjEmK*zT^U_bT9w z2vW}~7oZ}#eH`XbEkw)z|Cnp`B&!+@2iJjYq_+9z=P~)dm%{6G^IvMsIhFDur0n6g zG)sS*qwrW-kTU}hm4Uz+?9RQJU;NtiPkhFcyCv6We&bU;x|xan#>Wg2K6}2{QLCODqvblE z9>P}X-IBw&BzjB)vVQ99b>z}tU!1yvPLcqM={=QZ5HprPe{YIzN zA#EjqVM&RG=&x+E?oP4TW2#2;dto}Kjqs=Dj5YCTl#%8!-+&VtEP?Wh(?gG@N>4HT z=lb_32g4Yi9CPoa>*ias4(+HKAH&}2F3v+~!9OMdR~UF%m4ISw3sP>dhR+66%!R}9 zb--YK47&)-aI-m~CI#UBH~n9(!- zZ=3QHk2e)0e$nJetZV9%_^+nEiM36IiSIWRC1Oqe5=K-1M5JjzqP}Thd>Ny`42mz} zhbE>GP0l!DsWuIc-@=a}@vrb>XnZz5hQ+=7aK)$dV|aWrKSsnS@uN6CjvpiA=kjAz z{7inF7BA+<==flMoE~S8#HKUi`TRID{smTUQ;9_OX*w(Z2|vz`1H+tbIwub8ezK`F z4mEbNX-s?)*F@ooGV8{dqN6u$ye|4m>j(IrmhSXx{8d)cb{dI8>sJTH4F zCz`(zIRYJLW2cqDtVj*!nJc;v=6F3nK&`FB;V9NC59r#J&^IqB#-2MacUT93tu8-2 zr9VInM_BYAjIoFaE6iU#P0gGHH@~^(h(2AHJEG5EL^ohW|A-NN3M2YI7}4KgM1P49 zeH0`56O8C17||bKM8As>eF!7Es%cl zoHNvLPEo^oi5kxFYBuCco+L4*Nz0g#=2Zj4RLlw8TQGr|75)G6UIzSIy10P0h!okw`6; zzvi;9;vh%9se^G*4Hl|ZoT!j=fyt5Pr9-$2+?BlxoJIz~JGaL*MpnBD1&X0?Q$GIFcxnAK{C~>Ez8xS+a0IR)eEx#sRZ8!0luhQ1GYLV@D@$_LKNCzHM?sK|c z*%c_ZQVUP{h-AJUG>Lo5aDYpDJs)8HrMZ^(0dI3=q-CkVQM<{qIMm3 zMQftj+iBI+l5o}^7wGuPAngw#q#6I!9~UG1@h#@?0nLr_IP{Ncp_f99>jvWcvrHC$ z%nGOlk<@;_@kL@-{c+KvT*ZgOYu%geHlr<5=Cdd8(%7x6_T?#mC=2|^z^obwXna;| z_aS^~!GU&mX#0W2m>O#S9v#{{Ewnw<7-KFpQ57*Ls|bxnP>vyySY!~v36tm&ziRg) zSIUBWw|VWw`Kg!S&Nxa8Y!zF}`uP4VT&cYFcYKB1Qr^T8-dks zHEY#=wqCuD@N!7khw`zWR)~yLoJqD@JpuAiO^Ho&@t6O3bzo0%uaS4wd^d~1I)JND zaWABJpH}^fH+KLmtXS#8{D|shA z1qz>Dz?e>2YqkN!RB$-~c=KJoL5i)Jl8= zuT5z_GDYD^XO%P}Rni!-vT9Mr(Dd7R$F;I+j#=N-}T-#EFx% zjW?9e4j&t#HP9ysW6dlMAJw!~G1-)TrPtNAv=ma{T#Hhski~#hKF-^4(zOr;O}z@V z*CMTW08RnLp~CP{6i3Uj@X@^BdEqV;cZC#J&ElF1Q7?+CMsZ-%p#_Lb#K4$i%N;{) zaZbYU(bKe5W3pTDnf7gP6%=~kfX3Wa>(y3lsnr&=f5LCu{o1d0mV8E{T#kp$$yzsG zyPw5^{;{@kdFhl|W5po3a;)eFRt4(eTM8lQc2*lV7DFID+PJZ#)|gcq|1R5+9$6^g zX5wT{+#l{ja~`o}^*}X;WIx>86e?F*Pd$>do#jowANG5=QK966eJ&I6LaIkL^Wl!IHCr@ zAzUqzEw|AnOZM-6S(r6$qj{J z8!L~&_1z${&4T`V)K&P4QMPzBCRWmQ35qu&6Q!&On}@T24*M_<&%c=bRisOP#Uu&N zAeDrk_K@TOft8CJL(0Civ;$oF3{;$@D$R&=Wc&&$%$(JMwajduF^zqQNMpswMVve) zR%9Bbn&?=2ku<78{rY*2`ty3!uNt0Rzhb<_FJY?wN3W3jZJGM{mSJGeC*P)R*gpMm zK|jDniQX1_AaCVvt${`PjAp#of%@3Kw4X0lMNc=|6SaUr%svT(N^{-W_&Vo=J9NCc z?kv3jLff$Pi|~hiTRsFt;vaxW98V0vV~j$-aV*XSfQ?HB&4{^!Eb> z{tVXx#BgL4{?~0e_wRl_=lX`k+0PoX&wi;Yx|Wa4&nwgcEzTjcMZP)uhTd#;%kN{3?_4`nX{)gj#->@rcHy;_;1sNOvw2t^Gv25? zK4ji8Eyo_OSNVLj#+gzZ7FvAO6_@oAVl3xhH&!h-4v3O5U>z{JOznKp zWrfbtpPi+ zP2#~D8Y&xtW%H4TK9T53*<-}r;k{?#b)I?+JSNvaeIhNy(|q;x8w!jDc$=r_ZR{Th zw3W+cq^~MK0$|+bp!f>xW5xCQjBZMzcl9Uwb*_{7

    i(h{@Ecr}{t`YqIoQX2c$+8}m3VNiVyEO4tKde3I-aUeG%; z+DFAVlUcEC)Ld3Y1=lBD{I~dhn*Q}#`R^uuN$~3bK!5a~D2~dL)Em8@QW9O57@29m z7XEv-{^)t;^~LUe!f&)CZpM7@mvv%K$kiXcXRbP@yZ#88p|t);uWWNa$1gr@`iDN_ zaq5qB5o1nkK&w}Z!6ypeUyjpOrE)tSQ1Nd^m=thapa-ms7;Gd`kQn; zTb-jgN?OvsHb$YRN4S*Y=prhPu3#f7Thof8CoKKfjdzRU=n17b+SEgFMBRU}ZcpYY zj<{p)zvz^TqqD0|r8uIIvr-(L93#h8TTM!F^!6o|;^=31#EswD|1Qt(8Bg&)(-+OS zsMm?c>`B)OPm004@p_!bzGy#RbUKl@&d{=ATVROK05@HQGeUQ^Ru$*n3qMLy$|#2I?HHP2u9nosk*ljAS!9Xt#??~C1H*EXEdu;;%0q2rwkcZH7c51!69 zzs4Kp3;Z;+!v6CmlTb{)*Z3^aYL(~Jsz1Xe$yfOXu}fb2XQAT<7XG&UFkVr>hzE(E zR!4_Kugf=PkFGXmkIZeW4Q-NW1obV=F1=U!# z+gFKAoc_ac6z99^w^48hlxj0J)9RxA)kXX2Ulgf}cxc=9J8`g{az^Q^?9x^;CamR< zl0bqk^MR?*^xKce|H!37CgNe`VE8iNLlURcK^cIQUd_{y?O(V9&jPiy5TGNpjDO({ zae;OQ-|BeFtbu9D_1Pr4KEvjmXtByZ-h`Y1L86vB4i*k3iCGiM$ zY+I)13(rk8`+(U#h0XrV@}fDmTfBI>(`2eYp2Lk zaR7(48%tuaVoe%$-S>XzSm(kWp=0}l=kWb?c+dO+Z|FYIuolJTryRSrCpM-_uWqNC zxV;R^Zf{o!aNI9^1Uo66%C*Q-3d#~;-S}Fe=mFa(`A0c)G&Lvp(8Dxnyh$85I`;l> zR4R<@LG!b5V#%*H%n)%Z9UcV_c#Y5fWuI#+udqa{LSoIqtKloO>RF-d>@%)^HXfprE-so9OS7=+Bbq%6T90>`0`X z_t81OTc|(No2I@G)c>tjt52x!7wY@6soz+>OQ^p^w|6M&#}_KkeE?u+D=)QMp8H11 zk_2bKNK;+FgD*PAN7)kQ`HSX((G)P(bt$*j;*$ti2s2S27V?IFx6gi*Vf>i(&y{)T z>!&0d(OW2t=%OW~tr;WC(J}MU(HWwnm?-^I)tDrIJR~sn&wXW|uqx)SJg{hlm5~n5 zzMhrWXHT$haSmu!qH3@G2&-0JCHne|2b}Ro!RArEQYnu5iFRv(z&tVAd=qzJt-lqD z_>lRH3oPFL>58;dz&?|Z@?1RIoOyPLxpBpH{If6?w_Q^?B!ggJ#ZMdi^baKKA z6vu1TSa@Cb;6w-oX*~j-Z@XZI%9C+AobUO#{BWFhpxTD%_9+uIPZzT11zp|K#pzrX z_l~^K@d@tdS(96y}Md2oKlc!B@7I@^MDs4kjZ~3qgpNI9Lll3R(qLkoVqc!}&pzz5&g%HI?ak%9J z=q8RA9nm%(sXsX$iL{1s7|r^V)0p8d_F7x@1~o{RPY4VTEwfJufM?2^5a<_LmOnv@ z@G9qz%|4m9ip11bzRL|_nf-Dt^19Fly13AL?}oO#5IQzW3%B6elv}kQZfSncF>y<) z-O+fhJ^p(o?e>PZoYWfVQdy5p&+{8wy+=sHZuc>eE6^`5d~!lyMEK;~z>uqBlltq) zR&TOJ51%|4>`dJ1P44iQ?Fig7D>fRsmaW)lU-6Z-;_wxD)K#%5dFc1@%KUJ0LckSH z&J8&6tPifPdN}z-@Lj*r;Ro+GO3c+-?bwUl;J3U^pK(*M&v2I{@>}hFtk~vqGT*XQ z5ow2TE?Wx9o52Kp5jb18 zw(?PeB|8V;d!PX3dxj?SIhE`Jt^^ zD0l1Wg&?3WHt_TzLv0{JmvwqWn{nh_PO!tF!bUZdL{2Z%LE0+sIyO>trXq4xDwb_5S4XaL8_eFIc!tz`2Q z-Q%m7A-430FE-#J97{!d*^yu&5|W7?i$DIdt@t%7Rxo6GXnCKaxq%O^i4_d>qS$cP zVaBol%xfHLwcAyJH(?;X7|3f&;+HAEXg>hBO~B<~;CL7L#&}Ca^Zjlwc8;?)ay|8e z<~PsEQ^vLC)51*hU&@Pa_uD6O@3$rRDU4RMpB|kKZm$c|HCBwLi@jbf{JFMi`0uYA ztTnvG^^Hf<h*78sBimw8&tCy*I6 z<26lRQ$^(QIf|GNbV|3e05oS_{96vJm&V8li9#2XtDdp8P(}OOlymPV1oPSKYkwE7 z{g4=n#K8SL@5qn)>Ejka^=uPSxO}XImp&|*8E3~Q>3E3P78`B`tj{zc8qJvI|16YjD0Nb&d$$=`R zETG_0!IF|7)y6Skpb72uTFQ*S;ib`rleQo3|6l>|ZG~~%TluaQA^I!n`pqOuDDZVo z0z1H>NBr81lRo3P)iW)8G35cLi*({0ZRHIN;ul>{VtOs8a%eLNZ41l}C-atkMT?^UH(dYQy&x%nhFFeood^Y^rDKP_Vlfp5slv=#8!@^i_VUtsKruqoU6%3Ma9% z{!*pAcHmH(G%G^vbGU1o)$$y`+FBaHTHXBc}*d5}KF?_$ohK zbQUDd%r?DR$lk&cNG<%hk-39C(sBCj#XZ+xq;{4n<8QZ!Lo8XNE( zGV1%r@rwI_*I11G*wh7kqJ@dUPXu#z6|G?e z+uxCXR(=wM@CN9bkIcnrV!DniSWRtP!4fnVoD7npj`YHUs4FGoB0d8T%{gcCs(Lsu z9+XnM22KJafurw)J0-~*dN!^rGx2B_9w~R}=7jU`>>_%j?rXkwx*b;>^n);U^A6mG z6UFMy(|j`^_2%j`PNA>rRsPqUCI8!$EB`wKM2SY!t~6VSP@MiK`8ULg=CrOZ&$*uBFUY+py*7JX>K^S&QK>El;{%;3@~cNBhcQUv$jR!BVIw zHLH`Z>n36&^^8t9mA}NOXQKX~haN!4N5 z`dcW^NH!aud!SG%1Byk?1FAg}18P?rZFqX&P2lhSI5fUfi$A{dW;eF!%FlxD0qsW5 zJ*R9bjxf6(eg~iwC}Q~qT9TW(;rl)eoCYF|sJ4`NjRlnbB-?-h{+Z}6r3NWLi|~3Q z3f#kPa;i4Q;|9WS9g_raXMgQrRt6}3Q`|$_n^S=P@JYua$MfVH%ISvzaK|gOHMsR{ zW;$Eo5??gJPW!TFEM{qrnEX*R{~`g-I9<;Jnur{*|v&7 zU4(wElCCex_y`!!z2FL0W0I;dClsV*~2TvxeHrnN^lyQjc0=$Q%qKSeNZ}{FZh7`@5o@}@|s+b0> z@kMxtMVm`DZB-Qzly0TCh2FL|wXJgAVtk4%AU+bQvHSoB)Oi9cAVsP*fx+pzK`rx_ zBe-mnkOQPbAyL8hFrS8xCj&)T+DX?s3Jb@obEbY9PoHio+e}xp3D~Ww%TQ>WM-89a zvuoQtH}I4a1!JS<+DZ0C&updFuWIvj(P%N{#l6iV4u-8=zCt(Zu)7BrV29t`8sP?S zS35kNe@|pDphh1)1`SZ+BgC~WU(NvsJ{vN6HQzYCv^&b7%HrXB zlJS3XK?%q3pbH$sof55b^l&f|VEENJVR(3P6+#%E1v$;L%ZbV8z;PF{l>Iwd%rj8Y zzm~Vo$%?O9l{Mb39&_y}moO#&vSNDbsOq7sIF&v$xBk=yI6Bpm?u{t>ziPz4f%na6 zkG3Jk(ir{puqqyhI@{40lU;sz@6}*%m!`zm3oP;Vf?>)zbT5ti_uF$=&JlZXphb?P zt8y&YSZ~ED{B8K-r4Y{1XOkSs{>m1@WU>E&T~h)GI&lyOq0#~XimHj41(s&u2|1F1 zp!F#%EhCu&PYk{oivt*mskfh-PmUzr{+xKl%TYyOzkVBilOp{+8FZ-?z)iX8V~8`O zCA>FZkGZy8DQ?Cd((OBwdy}qMX*SyUl)1i}olDzLC6$;JpwxxuiW|_~8zcSZ+Zevqf;!jQX z#P6H(693zjpZM>lg2bT7Ib5k1>IT7 zf^L+upc|?z=msbYI)}2LJE;sJk0=Ye1ImIft}N)@Qxil?B~jlm%U@vY?~4 zq+I>Hvh32zl&4PdC-a6NvAxlyh5qP#Ck{Oc%*|-7u}dDFNrrqmZMJSNt?(QBe6ib0 zXD7;X*C!1@O2S9a(IVUJX_ zQ||GbK8LL>h^=ly`iPfa{|AKe*?v@4lUKr3H&5}i(vZ+q?fDUF>{!m z@~!&|ebH|^6Ax$MC8D>N&X>sG-w~Nfb?IG{C>up%g|fw zu*|s+oJ?BnNH;-GHzBZ+J=TSs-rIaJ$Ux#2J+~zKalaROZcvc~A+WX%MSH@Teq^~u z*2Y@?U6mzWE=WL@^#bdG7;>EC-6qAiq+9?=mp>dzAS#dW$BQGAf2sH2d{vMuTm~f zT0PhBD(N(52*-_!sp#SKXb`u1e^t`;O~@hQ!^PwWNKK~)XiPxnoE{)EJ?g$ox7Bpy z9j!r`2h3x6Sp|U+4Hm~mb)&K~TZdJQ3e0WzH%agiD3c|2x8Z+6j|CqC&pMX4idY@) z%JZ6hv7qjYj@t)mhA&pvnZA!&T*x8lpWL$7;|@>Xj8_uvbzB{k60oL$vP-Hn$>$v4 zr32S%mH?f);;-Gw*O`tai+c3LjFkMKNwO2>ECDu<9d~Je$0@Ss*;RHok((Lk|NbuB zE>SSFhX2mQ*87BtzdENaI4e{KEOms|#uAPendxwye5wR;urjA&>Y3|P8C@zPjmRZL z6YqA3Yf1IQtfcFm)3b%ji783f%Xp$^9)a_8hP&>ivf$j{=`s~(Jw?Yc%GA#d= ze2a~aF1LEnOA*yyomokwd8d54Fe8cs6J^9(#6@6e zuY>j zY?7|GPwQbFr4T@GW|Ha2F{`+&fXBfl#8g2w*aB1QcPf7q8UHzSL4V0i1;#m$e1qtS z74+QKu;0vJFoEDOiL(=%uIXZ|L?=MlUHJ^>R>L7SqO3#D zA4(_pvgGy3c3qp%k_zywN3Q`PsuhoTq1$MNK4+9Lh^JwN z;TulnV4y)aW)(Ks8~a#Z&$h}e5Kje43`z0RZPH3cbu5@|2SR;Z_?Jpu%UDk{c!Kd# zh6uu{e&e2;RsBI9wW@E&Yv6;y-p_O57WSoma`C`v+m%#6qHx`ATVQB9 zkPwz%&2F=*PbQcU4Oh6fv+zyU4o6@|xz_j+`@g~Q_BYcQr=#Yljvg4NW9I)jdSaZq z%+jI6I4uTcR^ZaJqN;VKj?HfsIWl%bZ=0!PCrtxC2?3s@ouU#fm!R{=QYgfUVv?rF#GF zH`2X-(>z$vqxWx_zbok0d$Eo=S7OFKA{ySwkI20qxV|8674r`0vG0o5;g>*qq|!v^ z9q>sY5Frp0WIxc`3M6`q&j_?b9yGTdXT;q0;@0Z+66L^DWz3uv=E{6_u($m^Tz4RQ zGN7881Lno(O)uMgH~y2J0#p2Ft@glrk{b%1;y#w=w8mHywR%Rxsno2qA(jXD>Mm$= zJMa}K^7-^>NfV5rmc0W1L3bN>^ixF@qy{cB*7{2SoxJRz*iICZboGT$OIWX)E@mx} zi4^|F)>rVui15P~d$L{Br*$2AY@JP>tS9c$7qj$^kI$y^d9~$uuVx4Ku{sk#FPaaN z9i%{p_y}bEO#61QQvog`h3v4z%!=65*G}<)5HqFn80(Q1w9q$)?&qb88QH zpjLX6jgW0DyA z*)ZyQWfZ6xl@B+dl-@beF)#olk=(cjtd-UQk&zlqLr6iCihQiyt=@NL-ka+E0X2QP zWQ?A)Moh?|{Co4ZHD@mQR2l(l4WA2b-Uux#&eI~V%Gj+J#X0o7ulb_=ajxPfvyQ+a z@z){&dqr>k^$nu-X4$sj6C|v3XRS~hI(dAwD!sXo2XZJpez;v3t90necI7P(&?PVQ z5P`G6{6T+Ht!@1NE+n}s`tVLB1<=l4*&Z}~WkA4ffzIeyUu~sC6I1=MlIvFT|7Sn- zaC291rM9tN9y08y3^BbRI?`iOCF=@nA-0w;eKDbjxwMHB*@GiD@|et5j}w!1wM^k} z^ET-3)SNZARL;XBUKe7LvbCJyT3L*f7#oK*wQI(roC&F;>>X0t6kC-!vZ|kVk0Y zB5-h%_2|vYCNH&|BYSjX9TyT{NL-zP%Nd%w#k@j`T!j*K`<}p9RQlfSSxUu!oQ6D6JqwGAb zkrNzdu7=oJwIO;sfC^!Hb5nhKo3PfP*3j@p?rstIqWf-f=)_ye_&h!~)abTFSgo2$ zGVaz?;>*-j8u!%6Wc(cN?a=G1@qUQ$K*-M*(?$Bml?s2cqjs`P)kW_l9FR6c*Z<9q z3b1VsU$kNHkJaI@n%ji4VKBppXwHWRGoXUzTr-$)8ZZMxvZ=-vsJ(T*97hq(PM@KQ z(8fx`wXxD#ZLFHJgRKGvTLlhIRZw8poIX2lHfw*(A_rdu&MyzY8f8u7X-+;sqQOiQ zjWnt8FF`GjNfSKITJ77?4%8^E8mrnkcAfO3jLQehsLT)X$O9gpNMHojJW_{~I)T&y zj@ga*6uqNRPsVs~ipWMyP;En9NoccdWr3Tq`C3Pn?BX=X{K*AOzDn(Eascbem#`#c z(`-}0%*bjoVw78e(*(HZeSsAaRi#9wOm~P#>910Wm=((Kt>a9$R@&NK>BGL5Pa{E9 zD2c3RGHZA<+l(nU7{62*TuYdHcx*n5#PK6XlSynf(o~$90xP7MzdCy@1SEM2VcIu1 z#@-5UopVvvkXgYN@$h)@e6WnR+3p*3?iAq`fX-w*K%BcAa)5JKIB{iRU~JV}83XY@ zX7xd2W^EoGUJ@~!pRG_2vXR1PsPS7TtH79tMIPk3mv*xuf6qYw=nR3|M|A4W0Th=t z%4FNPT6Rcl!-*{gDw z&T78}rFUxRETRO8e9=20nVUwZ6z_{~9&1Xp9p#izF;X*{SWc=Zp`+u2SMtRbC%V75BRF1Oob3K$Y0wp$`N9-DA!xj+@W7Ni82l!$y!q;LBybAgJ>ZNeP06@we=h*Kn2lCi!9>4+c-o!xQ=;QtT4NOrig;Y z)+iIXGnGy853!mKv+(DTdafCO8~t{Q(V5myV=Nt48Aze$gG(wv^1eWz3=zQ7 zUI3nUdWu@AjU84H7iZ!Eq!NsZr>H}@R|5Y+B^#dSjD&7m4BJp16 zc)2m3j(#>cR?JN^Hb>3Xhpm0;$hn+Q^sHo!%p3Vcoz-EW>UQIQXRF6#Y@!bVIwXyi zg&9H8+%iYL$fFt;p(x}AQQTyVb!w{@i|p3OI}SB|YHt(Ut{X3xRlp~9=4lE^qN)^h@8ru>bNM|HU7Y$HHKtPIY~eOV>nb8>N4AQH-UX7raZ` zSXh5_JXopVJhds{pjYcA{`(?XJX&hfKFF)FVA#1~VH(K(VPzU9`U2HH zJB{MAI5(U_5^5Z!lXtUctyGJhGHW(7`me{Fg01*4=$2WP94fQ*1zc}8FC|A8EbjL1 zt=qtY(F_Unktq<3@bE*6)X~0P#y%>!TO)6)OQoDq9K+E%<+X1B0QZLS=k`X1pXCuJ zWu$`m8g-_%y@2zQ<9vUGocQd!9YWQZ>tSbV3UdcG{m?}7umpS9nL340>xRo@Ba#DT zP#Otie*3ex0F9IrmvWndn5yeZ!1y0{R2u80F>P|Y7RylW(`K>{WNLH0BCrFrZA)g{ zX)hd>I0yW_7Je(+AA%TFK)uyLciPGy0HFUF@j@Z9&NMsG=4WTVxc|%}~K)}nyjrR3o`0!-DW%%&< zSzqQxJM5vNiVA*TE!jm=`Xqy5K$1mp{ zAa-vYlAZgc5^z|t&5CVX$J!HT^L~+<{0cX9#xv<<)39A`G(7EUc5}K>Mm2=3dfDPy z2BS%d7d+53dZIP?9thU(X8@7jH zW`5mGDsRpv6j24o%nVA-AHYqMu-I z5BKnduCBva->9Oh;c#Fi+QeL_3R9PZk12+<3CQtdd|_2>M!!aZ{=d1#Qt0E<8Y@Xm z=%&BW!f*CiZ%`O#uQz|$C;rOTob}e{-R|p+d#@wQ|Hx*`|H!A-dh;45vED%cto61U zL<5;+y{*a1c&(oUv;!&rMV8n48-&bP*sSIDt24fIxy|Hqo0wW|3(ib0EROe^rQMgC zMRAVDa~F48aX0txzT!qg_sY9QFDvdXbNNNRuedkOi$3|!R$QVi>6-QbQTOKYQB~*v z_)JJ3frJ~7u!$NmAW>A}N+d`I61;;mfQpC;F4f{vYcZKYM3#g}gzIz^t=9IVR_pT7 zR@+8JKq`_DO#-+iV3nm6h*s}7F2Myz6z2DSKj+?AlHl_F`u*eQOEUM~v!C;v=RDha zo@mPVf|b?rF78s)0nuT;`k8{RqBwN`(t^zZkP{#e4)WJX6uF0x&9h*_sk zb$3Vd_hTN|(%~>9$UHenwl&B8_)B16`dBXyyc9=7qoq&XAfjy+B3kh&5K+VbIU-t6 za3n<3Hv@=hN6`@wQSq2W*nvnirpP2R`Z5B}oOWRDP-cJd7#?G@Pz2DZL6|ducN4Ud zjUH#6p5Lw)z6A~MKBd|ciu1Y)lXwl^@XmZjB7^bteVDrbT}e%gzyk0qX~V9#@vvA~ zOhXqjB&jF(2n&m&j*fj4S}6%&Fhm+R0no|@&Ycukr0+k~pCu26!7eG27>i4-5fx2v zE%h&V{ee-f(W9$7p+A{3wMz@OnomC|ERZ@$Mf5YbF;!jHjtq5(3?+&!N-}o={N(lp>OxNdF%8E$mdWMjPp` zp6ISpOZg<9)s-+8B%UY!mJ`~j2O1b&$@gp`(9qR|O=-q18LbWjc7{ocH7n~?0jv&V z=2;E9RyiB1&$NY#L0jjdBw`j)30e9PS!83q(g{5vlI+3`|M3mgQH$MS2J;vhl?4%! zi=%Q_qbiQ;IVxTjb>mvOllUszDA7vVO8PusnFYYQsGmcLuU8fV75+7#>xvBeiSZdSB$ zQJTcSik|8}t5_>KRZQ6^HA(7Jzps}xX&=+Ggt?*uhrAORmPy*068&IEe>Kp4yte#n zl1-tU;$splWRb(8cLX-U%a{~t_Y1OZyl+@D^XoA)2ueIvu>@VL1 zYG3)wZeA{^{sX>wj1XJ4j+MlzA|4is!m=3?I8eUK_Uq$?p2&_IqXnoSR`2DS>lK@T zfCN2qg(ttwlmC@oSTEO>MKG-#Y`y-j5D*r|R{$owSd4&p)gmB3rpsxi8{c}3uNhK_ zXvO%31jIBLb_fCSNi^pIAPt*<7<5pAAXjg~Y#MFu!q>IxON4$n3^Na*ACAR2;dOpy z(GRbKet_Pi`P)rHVPS2jKt@fl3hUS^#X$U4AD_N(r2`s+bXo?)2Oi#w*1H%+5F+MPT zPgOCtGo(dh?Et}P&_G14v!VkdVV*PakqQs&Dy7V*?jtKa@Rt%ExRhCXxJ71^5Fhv> z2$kL~$#~xd3UP=VYiH)gC#wWleP!<+z`N1d{Q@sixub9T&oT1mgigxS-5jGAso z!gRYICJs>38sD-OR_KZj!l!+g3`+TECEf=t9HF6eS5n!P&?$2c_fG_i(TT$R$Pi>G zQW@+4*=@YOcc+ECMA~CMHB|*ENKLq|oSH}>+>Zj*0q8MC*#}@aKxfPGGcevs5l>vj zLZM^KL;W4$98)+kZP^g;$@FdaxX3{3J)tuxcuhOsQtp!08N_l#Ys`yX5v~+LX}r7p zy@wM4-b#qAK;!=$2@Bifs@`PLkBW-6hTi>&Ty={C3xu??c%B|K#PZcySIS$R8@W%m za${&!|K!og@#A$X_sM1;U$sw$0$XjNBWa0vPJ3kfZw|B`r>!niD6M_>{6hL(QYel4 zV4sVQ70;wYSu5muD>h0iP}*K`FkPClr8Hw(sj-7Qg`v)|fik`X5{sOqLY=o}DzDPA zRR+3LBoR7x6%4jHOdc4WFEyGZ@D{W++20XX#AZl0oO+{6t?`m9A%dwz=!Os;_qd!y zLM~e5Y2ilyP@5Jm`eT=5Maozl&Rkbx>ZM$@^#p4xZh#UTG>YMk+N9&Zo6OtbFflyp zE8@|#=lI@2OY{=ssS;{@tM9^TUa-I9t`XajR#017^&t;gL!hL1#Y+|=y*8PVCa(~G zq{5m1#T`>rtfxU0M=TCQmEJ^{s-Rd@1x6Oft***2p<=HsXx9g#Wxq*eb_+D}l zdUm$7jsbVft4|Q1Vud8jkF^QPpcrlGMtW>p%?AsLqKdBBv5paV%;6`fV!RosmMA-x zzYzJOImKVZr2z%|BUhs>9xtef<6=x5M(8njP`XHny%CgVHrRv}lZ4(UNaf#9e#Wi)9SN}(FhO*JXj=x^f;Rz;MmR*u3G-7B+ ze*nQ#)W3T|;|Ivw`W3RrBv^?gcVYaT8YfrL`$gTv%9Xw~oY zQucxEm?4@1ZgeEfJ6Ap_x9?WQXMH^kE2OAkql_Iqu#1#G>CGj^R_lB|DRfuTz2wB> zdam&Rt9Kdix*OcKJD|({0d?NSt z-GSz)Cx0Vwtg!_OA-YI|+`%$jDBn!Hp@2^{68=J>@hDrlU`WBE1rQIk+5GYgRR6DD zK}^0vjs-^bw$v(hHBNety+Q;=&nr1Zb^#V~z;9y6z3o3cnMzh(41z-dm+o3TVkBKK#xKrxp+^h z@exj({aQ5{WQM6gPSHB|rSk%9buavDE3MkUARRPEnEvVj<$zRtp5~OZrsDAK`Nh1{ zk5go?g0Ic4ii2%s=OWK-Jpg+EJt5F=RAs#D%6Q9Fc~}K2_$$FR(3l!ITCVx;?OBqs z2|yGXCpY}}X3~TCyT~o@FwzyeyVFJWkJO>`mO7NaW>Fd|=;Ib|*Qy7KAu#kg2eIn? z^q1qSzE>^zcTOGZAWvvwie(OecTqDa6u@Q{<1@7?fycDE)kCuHuyz3*7D8ZFSjG809sknCv@rFGnq9 zt(v-w5`7a^A(UD{5f(75q6Lm|V$={{X;t6JNtrCdBAYS>mD}G#6P=b63Id-CA;wbT zQjj}B?pCblR&)5z(*x(lKKjRaf^*Y7!CRmy`LDO|Qe%IRMe~4!| zCa`*wzc&P3LXP-GHda5(2~xnM$Op^9EhHt42Wr(1Ss;s6(Sz&O+Aa(j22iiuNHcwP zuFg|b4o$ku>+_iT5wS!IhQthwoZ!>qRanGv+_H{zk=aW#Fdod7_F-0+%aFh7G21p) z(6W_U;Z#(IpK^Tw1g#=P5jH)fxu*3XWpb&4qxqN*igX{gK+vz1w5wwNVa zprQ4fK1S=O=W6|mvtd{$hSJJCy(af_W!}vbrx5VZnuki!4p)R1yJTVIp+-F@2F84O zVj>S3TusDk9KhCd~^w?$xI^yiWDWSuilRHVspLZG|ikL}@X`MQB?Zx( zm(}O1W1p#Uisn47KF^DN=G}p4P7t5LdO+@55){USmw(d^7252IR{gj-r%yU}D6-Fx z4#fELuFHJ%*2HD*W_>$alGc})Y)ld++tKm^YrGa2pim^kRNcA*qRo+*ce53z32%Nd ztV2Uu00VG_Dfo07Z-(o@8DPFzleCXYj-q}n6Xa0Z=+}5xKxrmJY3F^0gVD0_R5ZM^ z6Y;9}CF?Xm0@0(oBbZaj!WJAo0BKs7fkl-ewbLBXOfx^^6oWtNpdW8W794gC^WfW* zob%~(KD9Vw#bTGH{LD=J67#}xEx$0XGq@5#o}sMi8*#ve(r(4iI+$}f%nj_tvbgP@ zR40a(W*&=QPxKthdZu2L`>Ma?i*7l~O;L$Kl{h1ocoP%p(>R**o4r3g!CN*aPVhHj zPOy?GtEnw*OPW`h@idm2){MT#+?1zG-ikKqm(^C{z7F&r=HZYyG7<=$w~_N61;Nc~ zKK}Tn-SvNEj!f>POi%E0Au^qg&thrU zYTmZ@2Uli@q}2PUrUjqh3NZa*LC zetxI%Shqq_T-fLqiSYY#d=>A&w6-h)^tQQMbe|Dla;v96`I%s}YcPHAi-#e_c(bE2U zr|&3hn_G;V`KL1u|G>`wG2;^}w(hp&hK9I++Nf4W`7gzd^1tT*{AuSO+fO_;l#!G$ zRpz*cAB6p%3_r6HCR)h8IQ+l1JTEiQnGYF*TtTrfS|MFr z@d$f(B+&Z_^Zx_wu6^ytP0Eivue+|dbw^Lu`-0bg?)A24g8Q&nj#%SQqIU%LeMRW8 zYzYf7sMv+FZWy8)&7k5jILUU&REZWRjL1&6_0Q=j&%CiqaN1HsAX&v7_lksS)r%GG@N%sxfsH_uy1C&YUPM`}qZ9t=vd6Wm(J}*Hi8*J`of^&g>zitBsz0P& zU6w)2?a*Jz*P5MB>z>V0Yfsdg9eFOAGZ^niylhaVTfVX>f^H2X1o1i(<0nkA&w%1>u;<{wl(@n^+Wqp_563}|`s;xVv18547nSHH%xJo&SzG)r|Y z+dE6kzT^g|Fmvs&+D55^)h{Wh4La($^Vp%#0r^g8NV@}1&R|+j?oh`s^-4}{8jU-AN9myonvF+}rGkNDi4-)HE@96PUTWPlj|jZmZhXaQ2M|qfH0fO0Q|qJk zfxVXD-P2II5QDzmY5t}~hAhs-HRMY7XUMWVeG9dSa}J7CJfp%Jm*gs!ETwd4#5+r4 ztN^WpVe^4Dr$OF?x-S{)>w|h+gSESJ#I7eTGz_yeDmF`xthQ!JR2)GsFdCG*bg-1| zwP&fJbSc#y>uRW{*hdGFy~Mtl7qI8`$#G&0jR{ziWwK#B^ z9vjkhGY>u+NI6RkK(NkeM?6+O-_c4A*RVxAL|&&y8b*`@M4<>yvq??iufX>V<;y=>F?mE~?L z2?}$~<2kiKFCfkjXd8bYY>%Svak<|^?!l5Vi?D*sgUu3TmX~;kD~{BDL+KqvKeNo^ zMzRoIV%=WZUH*#2OC7#n)8SA;ueaUQeXoD@tE684yRmDpnQ^drpBgq!@lx(cO!w{a z-XA%koBnC5=iFYgc%j3Wxnj=(@UqKd_f9dtQfTAMt_wdPP%SG5cHI(XLZ*J*s<-7ap1o0Xg4AGJTc zO|XAJVH}i>AMQ`Z;swgjGmgibQ7Ya{7yp(L^dlC(EbeWVbZTR%c;M873vsv~WViIo-w^u-3cC6D(o9g}nVhD76$7(@f_ zZx@>66Q%y6h%PrWH7$Gs5a|Vd6>e>aEaoLG8 zuqS~X>&>H(Du^=K;rk^(k`>88D8ym1v_T&|-aYGBeKcp|KWV=Odq1ADB$6v%V*z@x zAA~j&TyD34btJ9a4E(p~PeO8U$K$>xq46F=6VF(@h43h}(3D6MjiqXBLOF+-HROHF zJoGmqO8PwPbUvE*E$D?Y)|tTZ+ndfqa~WthhU5& z?nE~)ydRAEPl@K7^GX8CejSmC!~l}VI0q{hSdFDH9J6ldQF!t2tHLYZXoY6eR!>S5 ze8ZQbR4uTTS3R`VeT~f(t+f>$6)JB0ip(C&dAN4Pq*QG+&XJr^m=SGtQ9n8gFCKeP z3#^h+OjfbVti$CUdA68V<(Y~1YupTGvAD^sfrJITM>D(r7v`vpIjl32%#O&0xKut`;JUYdFsrxTWYakE%RZ!}9;1ya_J zUJT>MzfBAd7iv)B_@BHF--%1qY-?I~qf>4oj{FJI9EwL2rlET-IOf{iOYs7Ww5 zYnnI==~7^EGYO{c{*#bxEv8##eK=vd$=df+9^pc1A2h12S_rRac$)ftaZ@MDxlr25 z-^r&vipepts^=*>`%XCu zRF1W=91A2zXMENj4R-7+acas^(5Rei=K-e7rGLe$=D&u`;udG>?#gy2K&R}C4FX3M z0!SN{=52^-^2(nLOLGdMcs`8h+G6dIM!mA}5N~;gBrp@eNQ7G`_;UD=#WuURbA|%n zaHo{>$i230JX_KNls3eoDa1j2M&3L|lYl{Xy9AW@?>bdDg4Ez_d@uY;t75nrEkHs- zTT?Q7URwVX_*6T-KmE{Nu7?IdkF{~09<4{cMM({??jqJLs~pX_Q>yomjOGkmn}GU4 zmR&eFTXa!G`JRD?qilTnVMUDiZquC*Lls0L{nUCm-{Zw(y|CVQmA1x{I#1}z%66_v zS!;>5rcN&UxGE3QuYOr`Wu5Bvrh=`N?d-VrJILM!Tp~iJ7os`8UDM^1mZYo#;JPKT zL%Z@dE~p)t0jKIBY#Yn3dEs9zSR5taFcJ>O63(S=UPGXaATio8X*%vJXZ-SiqOzWv8sSs!zC4>{z`j5-&K z*CMgP-U2l~v=2ls*)fsJNl#fK7j zkyQ39J=llQRwRyx_yR3$i$XYrgUyProaG4?@J)ga#pg}p zDb7-{yhPbye)1(x8R$72zFv&LNCgGsu7RD(8>@EFiKvlLSBfe5KATDrJ(@FoHCfTL zT|IemnX+hC6ts5K_s{rMS>=1G5WR>zCCJEpvmb=$fBeDqTPKm1a}K)nx0@ z5xvna7OyRuGv>u4GVh=jA{9hp+5`6snTIniZ5gb%lgPOkNhCqGYsq(8WZpf@%AipL zEtoIvGXE5Iq+<{gy(ni1Kr4BIAsUc)Mb>}>Iq1gQ!L)y7bd@ZR6;XDzkWNtDq&?Ur zPh$o1h)=$lB{Y7rj6;EA_aM;v~Ex8 z6r;#F#qc?KnO`?lt5NAkL)vxe5R)?+5v3cJ9K50QQv&?sb)Du}5#67<<4(yD{5@w7(3pyQQiRS@)*kd!Rk) zcT2=9HScK;@hcUn>(FYgb#JX1c>G+danbu)W^B{7=d-3GD{F0x=6v=%kwZJmU(50m z=T8cTZ>4&)ByTk7ywNJKYAEgS{Z5Ob2&LV$K@k!{EGazz9zQQZ@WGMDv9QN{SQSL{+U!A@wt(fp>l#UGuk{E zwG;&UvhZB6)qMavsxFejXV-x?VBH%xIyV2$IM4{53>@p9&~Mx%$xfi> zCe)Lmue>j<(ih)rT%TT-lL9GJ5&DD#r^g z2{{UC>nq#)!YpA)L1p{WqaBW=vntzj1|j=B46st!uJKl*_+GDUUnS4Wdle>+uup$kg?sG3w19gbf4(kt7;Bk(DwW?+5I z$oiVW^);FGH3RBv`qbB?)z^%wuSu`3$*8aCU0>6)zNSZgO|SZzl=_TCMd*W}gL z45_cluCEzZUvqSQP2c*Oq4hP#*4JpA5KICqH_N7wWf#QbeHo2H9k`>7zS9{Xq%M4( zR$WBNBILZz!@gq}|13Hr?k>mtqeVd<>$F3hERK5+<6UnknjwI;owvwA(`@d$T#jkd zrXUNN-Pi(@PF~Chqj|0?FxKI_20sf@z~u8c)#1C4zdap3H-FO|J{Ny`JA8%w&2;z* z_}kav%cp!2f>cH=?RDFWx|3K&Bvtm+R! zM_T%&_@Z#vO}BeM6Mr+_i$23%zi+9uyym<)=1OYnDeFb^`K#x(>Kxxp*hz7uym(xSrkW)?qI_mXa?r zq)M;xsUCcZWxU20yga@AFLJ4tV<{2uqH?AB1+b|u+XLSN;5%tkLNQT^@s+!9w^mJu zdeNLap0Ql;9U{a#qm~Q4Mkrl?{J*tEsx9kJAAHA3+P}4B`zUk>KE+9P2Q%}$!JG5a z-Jrv>_0XlT;OI!zmW72FfY}bq>!I_%)eE=#f1!si1dAhm^@NI!#?ec+@qM3k%Bk~` zfa6O{jhq|J+5L3VO=MY172()nx!aW(`l}E$<~n9Lu1kh1kU=+EVD&Hr8NOFP zVaKn9sW3Z$vB?Iu43uRL#a3wc{c^L#4}H58CPy)+gJbXM@yw?ob2qVgf5;v%7LOMO zn>}o6OquS^Q~cKNXdKK=JO2;j_41x!!a!xY8ryV(*yWj~_W@u2&Ng zi+z0P&+Y|8t2KZ~%b2y?gvfk5^|cOT>?R zel&jE9>b4&;`nhbxMwS>O#*(r4^j`KUZKbNPbl;_gd5U$-&=S42C6NiBk1sPjA>B#wYKbYg&sM_-r(pwH$)dn=&`3Ywc4`XHkNGTL+Jc=Php$? zXm{w6%xR&bvn}-a#h(;GlupjV8%yR?z93M`Uk}@ zBr!oAA=7)_r&p`TAMgNRPPD+@VI;aZ}H*57(SF)?mV-v-u?d! zA6|QRxA;)_f0$joE77B~{LlA?dg3;4kL3Jwz%}2DFJNM$IX9_~{$8Mvm2;!Cd%heZ z+`I85D^~IW)b{cMicoT{fxu*~v)EC=#F#u&L=m*|&dQLs`XscKW4CqqPw}>fs%Ob&~SS|*E|v*&?#y_|Jx=5g7nyBYy$BPlbL__k;gZF<&PZSdw=Kn?tVBvzOsK<v$Kjt-?=e-Bc%(mE*wQ^*PJhaf?W_O*;ED~iQN z8AmZHqaX~H7)(hw2O=W{8T^k0d~ZkI#iD<#&ZgojoK05}Dc%xP<{?MW-w0MU!(G=S zF&!Fz2p&|se>!-mlLAMfYKz+J&QL}VLN5dwVR?#C7uefFLR`S~K&$?ZvZ^|4tx?Fo z2ZnU(37etCZIPp5@sIb2hfuo6^aQVleZpYdoSl|y6qqrnctdfv6GGleql%*b96eBv z<1XzQY+5e)5YP}1c-sc6f1};ShzZd9JON?vlb;Sz!rqDW1!>88|G|&OzRr?fnEXP~ znIP!B9{GG3;O)egZy!o7mXbT|LUyBC^_eIWskUr_)DdM{blrZdtlF1kvo^Allz8g-g|mzcHSsYX#7whkA!#}Mw>S{ zAK2_REVT|*VsWmvCOgnE$Tuy}k>Wdn9_2>OrH-0{^&MvB{zFkR{*7}RdxCCc+38Xc8%G|oT^k8wS6rmebPu@rfhlfYbLbju|JO4K!o0eUi9-N*UEFLVmoet{n z^DqHtQasP1MKFxW%Z0puxVC0S-bkt>N0m_gUt&zn=EIqI7{G_Ico+=x1eBSJ$6@k# z9v_dLYxFdxrpz^F_ViE)Cz||X+tdK?FyuLbhlTiAH<9qrv_csiWGz)GwM?1Bl)p<# zB7TmWa|uJiDL-8gUY@S4ffa8sE$cIa`@tSswQ@-K?NSj_^LC3Tv4kBENS~+G%5q>}*12bY7;T7}G)%-I(W+V}}8lj6o z)SX+fHJY>Vk75ZnESht}ACqk~Y}290IAydavo<+NY+FiRmcwMTO&IX5wV z;y_?4W8QW8oD_SiEqbl;(;BHBd*?0bbX6WV34iHfmcPmv5%xIo!NkTk2BR6R z5FeG)N}GdIw#Ofpu6QcCJerF?23XHGJ|r9AdK(>rc4JY z6ZR&j0+x)KgXbEPhoS52<&|Ki6B62}zj(l!@=!dUF%dX81(FoY3pgw$T8Zs!Qsx>gQ6dKMbfPH8>rZ zK}YwCW8GgT-Jg!`7stB4&gyB~#8uEN&2{+a9g77S<9m#dqiYR8X|gY>`1=y5bwfsa>MX z<&1X&g(?1pdhm8#sHeXzgte zXis6BJi!r*J|4m-r&`r7#WH@cSdz%?g1aC$z)I931F7+2NVG!=5Y4%r2}asqRf1O4 z8{4E}{JD6AVvkV|K(;&}iJSZ<;3)r_$PR#Vo&j?pB_@gESdf)zzec`jiwn9g*k@QR z<)OTn&!LguhE?>%}6(i9VcssQO(B2H9Y^;nS>OT<$2dILVNWpXLf_+ht_P|D3 zCL7H8oC!u9l)i$yK^`@v-Tu)Khtp&HG8;g!npf8YTwUFlSgy* zuT<8?FGKt3Q1XUAd#<*eyo0f^qE#yiO&n7ansQD>M{n56HkWFv>q@kV8%tJ{WbFwY z%q~04*jW2XDsxqAJg4X}q}OVzx4N{6%`0YP?KU>neFDSUy2In?L(^z3|FgEb)Ug5< z#iL-=I?7AWyEGfG0l8IE029S%&i!CmNuM$$y z5tVvuEcLsk-Pw~R(wAf67Psj1BEUk-+|KIp_tU2d<7dq964Yq_p#2 z(?ey95`!uIQV;z$4~7}AWcwP1xscIaW;h*hs`Qr6rlOC0@*eg-LFCTRekh&Q}qO#5bYP1w4!*gMP>OvdP z@Rnz~jQ1jC1yLvyBEQnsY#t$@6eOk#PS>G&-QH|HqfVErTS6JYrX|*9*>7X=TT};G zK>1*aYzM36yiWcm)>CR+5LIDgZtJ;ny*lX{^!(4~A4ie)$zLCex}Bfv&IpbzOdKe8 z-Z`Sej=EVcO@KZGEP7k0Q&{>bqLu&ALWqKDPw=cq_X;8v(7a%;fM&+yA_u$60!<=9 z>MD)2a->IdMnHgI8wQiM1;gf{YYG^JfrN5J-=*94(x5cCQE|_{yak@%!+8gJM;nmY zhTnwo&J8S@Nf!Sir~hl~aFBa?k%3^Cfvq|h^#t$FqdBApbdR7lC~`r;mC#5E|4Q_b zf-_|)Wz5c-?m;?CJ!a&Maz!uBCBoyj?tHq>c#QVfvblDc4^~(N@8{PDy3+n^qbu(n zo#kzb_+mTp#a#;pUugNO@@ny3Vr(ffUWf5@G{*$f4LOuMv?Qvc3LGxj6gcG6sx~XK z_~7pNf&2=eLpc-BE$F?$)+yfs;wdlfZ6=C%F4~Nh6>cB@F~?tFA7s3a%3e&U>^G{i zOsVWXyRsRovb&IoO2o!g=$GHhGaZirb^car*VSx;7-QUcHjJfllN_MaVo;n;e+Cwc zS&eXL^pNQ5g%K@qTAIRLZ*aXruc&ncc_jGZ(*2&$b$PmRbKcmNW>4`lla|NCgf*dj0<484 zO7$AyXtUt#1yl_hAEToTT8^%>-8jZ3^wbENU6uEk^-I*xUxmI`S?GI}g}zr==zEog zzE@f3dzFR0S6S$Lm4&`nS?GI}g}zr==o?UL9W}#9#D!Ab(D$N5X~8b9VM4vjsC2%; z_Ii~VTO-2~_OrXNPOCbfu{*Uj{oH}N6r)9LxR4uOO4hrtCOgR zb&&91UwZOewL57rMlq6gH1&6_NPjuTD9e0U?Ts?ttoy8IamAapt`(yy_D-nSRN-2o zJ4Hz&Z7j(VcB{yo=lsj-ZMZ1$e*I7j-s@Q`ntm^(d0q>~k24}3!l$Tj5a;a31 zsw(KA-AUkMq5de)W>t`xSV89+Q(`st5W5dsep|RtTYkFe&i8no{{>!@D2LUnK+1+U z;7_Oda#tQwXIiZd{T7r8lE+4S%s$rC2{%gZ*Qa*Meg%;%TlN;dhH~EdA8y%u1J;(k zSg{kgBayNw8~at*2+w0&mzS#oZ>jAoGF+F9^0ew{-$tX@y6lQuiGg(-Pn6Eb&ilC& z1B)htS`QUF{a>l0P2D#S_ebG^T?LzLbh)gh1I+X&b!y<0+TP76_0g5&LBBNj->&HK zRe2IngmN==;K7dOW@R!wonn-P!!gqZ$KTYvWJmn};$Vqgvfi6UaH`J>wpo z=GSAq5}Wfs*y*91f3v7HY39;$>)c#@xtyEt{n0)*b9~l~rcZernVZW4{l;lBj3jwP zFzxgmLlRBcQ#UrqweA#k^IZJLr2Est7L-k zY`t-!Qp2E@LAn9n6KV(=UDAHs?9qNWDt+(&tn~egXYIaUR(>S?)EINUj4N3_GB$b< zuU~I|hljL?wm>Jb9Qv6yTaatoCDC`HCHb|>(?)G4WTyF%S>AKyJts?jo@;-;Odjf% zXU%#?5EAz3Wm3*03uC|AQsp#E$q z$vaJCx1-gP;j3I~u{5wLe_@I@H0!W#^z#^(F?wtv{$1z{ z-PRm9+`DXO;O*Q%SksoX|DlD=fhcp>)44(A=mQOx-f^uD;7FsDi*{qZiQa}Y+`&WTJ2>{hSX#jPVLSzj0~SHRMCM0 ztrHjsxT3vHTgL0-n3hzex_bon^s3t<0r?n1tu&*hB%>+pA){E)aZn3va3QDQ))dY`kCM=p0GV$IGH>Mu8XgTa^mhHz0-5)bfMGt5 zIzwgFRM`_@P1Tn&RrFYAPec!G+2!m`?FXqP>F-+;QI^7xF5gI(I8}9&>V#Z9VXEC> zp(OSu6@T1m7OcnH5D6)tZM z2-w#W5XY3PDDDxSO9vStS4!QUo+TOEBfat5LjwIay9=9rH$$kEPOvmcq+uoYXv=n~ zC#(shDwf*ehVd{fMS`PhtBVtZCT4OiOEb2)0(-Dj+eZ^JQ2Tmh-N@)Q$Fdj|?iv+)+95@jJ4N~`0iRqB%vSE01O^V6T@6OC1r z+T!KsY>dAA*H+40r9fN$oNc`IYe_LDGoqlncSFaC*3qisd&$vCenaltgwobE(J+7x z8tr5F27G-7z-k|_O=8-rj#XQ(lWIMac2jtFl^m<~k!u~VZ$77vR~9vMZ|-tjzCk@z zFawB#(o)zZc!H^$p~szrNB6Y@43Bd&nDcN$meY}dzo9M&6jFyDcx_hru1v~EUFo6? z5p*ZylznF$7(^}{De4G_`~|0Z&N<3A#;kg@--4F!hCoZHZ^93y*-gdt1t^{;v}uP> zxjDdBc@{cFH~iNL0c$i@b_l6^e4W`dvvvi_RJ2a0*j$0!BP^>i<~}>Jn1MGzt?dyk41YcG*n3Y+^+tV-=m~ zqJv!3{2GWP@-bQWLD2{cgR&Z&t+3+6h|Fs;o$9h>qCipHJmd`g-~Ntp%VCG3vwmcj ztRF-gaw1O8of;a}-yPlJE!?67vS>)U`Z?jt^q}I)^w2`sXwQSS-e6B~LAKj?hYaR) zZ~k{AR&`JC2B;j1`txJ4%ep^}bHJUyTSBiDSAFIi?={|upZDi$s|O7BYEQgdR_b=5 zva8vJ6Q_m-oaimwT(&pN2=s~c0rC%H{`bp=c#H_DiY!i|*TE3o><#6i2Uq9njm7k! z=U|O8qH#pvJ!a$;C)GDQJIV^nPLK{vj}`N(xo|tTqHx)}^mc&i$$=*7i-H)Qw=hCc zz$h<_g|+jyxr{F`P_I_H&0V;){M2co(Yan@o02bH5E?zqQ~0J9=!d>c)K-r^cG9^w zALH;}f;Q8l{9_-uZ z>2V$96<6o7SGw0|MK?Tby>2~b>@wzaiy)=?Sx-$5C-R5=#S14r)3jId4iWu_ZDu~s!kH3tqeG0%GDQy zGSeY^@)|omg*&vs`(hY<(^#12%yNfr2gdmYK>8+dQ40rqjm_Tt4hmJLPYVr5=K~JN zMR`|yoG>*65yJ?Ng}Yta?>2g?Hx+9SGs!BQ(7%Gr6!E(rIhD1zTV5p0{;*Ch@`+}m2| z=cu>0y4622yos*j@B}+%E{!o|RHvqRtrLQ!!b1QPw|4%U90laNZ@P`mp2AJ#C&l4u zS|~5uTljA+aCwR#zdWFhyg~k}E&peGz!oRlTM^BOl|*zCs?s1YCPE$H^cL>a0=#Pg zS}U*bugX369Tr-4pTabD~n965$)SC=IFt1p9&Jf=WH|2DH@{aU#A%N7FD z01(1Ei1}AW4p%Ic+sln|A0*6Jj-bCU8eC$uRP1xEn1XX?BKF`E!qIeI3!d&Zws`aF z=U+atqR6>n=_Me5&VSUpf=gVo@K-{7#b%NVo^G$EWy|L=ih<4a>@eNeu)gYD{(hxZ zTm6g0pveC$KKQ->`X1&)XSRSkz5U8kV+%;n= zElQRGLAtw2o=>myZNYd;vw6pI*{|ic&==bB>u4GhN-M?E2%Ac^Q|{cZ_LhnLXKeZ( z)&G;a_W#7lZ-o9aPfqB6|H$RB&ikiHdc410Ym3DfTc4$C`)fTE(#XFW(a7;l`YH| zYXYMZ8MIRDg+9RynXQ0DGS^?jj+>TaWA$-3W?b3>8(}<=Vc7?N!H3ZKPAOhm@S)q- z4GfVw64Tm57MJ$Jk+F&L=Rg!}`dSp5Sg~lNbAxtwLx!CH?&xbtCF!qS#2LgmBPFmq z5zqwSni(TI2X-$c1{!I}Fd)J}=8Tq%It!JI3+re@(W}CfH$h`D(tgj(*l4r_>Y4-X z8QPt5Xhu9Jp}%%Q3H3|WANmFm?3SM+{Vy7c?vKVJ?a0m~g)v?12=p~Tn->l`H{;eBmOmeSEv zLw+8wP*=UsO9>dUlv}H|E*PdqYwa@SZ%6)}tiLhvU1V0XL}pddv3veXukkiM=$6Ea z(x@Gj(v?ksU6QL zeA*h!<`?6y0>|zjZcp~F(-lwvujrx0(Zu$gpL?7ic?^&`-?8nbv~UU>%+snU#|s=h z)&FaE;5%#~TH01DW@Z1tn6=fHIJMOq(VG=Frb#}n`gMtX7w`GKP!*V&=r;R27=1=X z5UMRjwu;3mwc2mf(JNSO9QGI=hkr%C7{?V;VL6&^Z;fzdr1HP(b_P1ooq8f;!*u62 zd7VujV^g5xRITdoHVC`~WsKK&of23;K}*%v+Z*C5eOYX!r*tQnEb~%+7+>aAwai-+ zmU$+sM^94Olj`~0v*+M70Y)W3HuJGauoitIl&g}!&1~_bUhK$17_H2ohP64xv0>@V z@K%QJj^is%_TL=#WM9B}gJ3Eee#n|wVoTFp^{tv$#smaQ9ht0E-z8C=uqP|i5_8^V z<@~)|*WTmFH|J+b+qH}PhW(uO>fhk6*MKtbHIMT%tcKeNhr^I;+CG)JnlCDblz*8jpp0euOeU8sUvzV1IJ!0oWV8Nz*eX_y5Sjl3l+8w2$yBfv zwtOkT$Aamg7)aEIL$SHnA#A}|{CgX;@c=?Vy}yE??r3dk=t5D6XaV|&iM(gQliT=@ z#{i|f83278^3MaTTeS1}N}MaSGeo)>U%4uxZDlTe)dB6TfcDn@2^bF|c#9Tx8}DmX z6KFjE%oc%Wp4hk*kp5*UD9*lk2Y|N%z_)?IMrH_-V!c~7j=CI(vR#4pp4zfg__oHW zY@y8w(8N6B^c@}Ud5}i4QS0+4`K(p95diAUTv&+hqoDyTxg1}J#{P@w%d!zC)`@gk zyT8tr{O6mce`wn; zhF}ys#u5AcNBKMvpMAGjpQ`24MU(OA3hUFY^2sv;pLFZf9QkxUKb>WLa;sddYq<64 zEL9gjX#y2h|D@*poBfHq&De+&$!s~mT}g~zH5;mBu_@r4E26Ygi0SuCDB3+Agh(mT zO;5a*WYqH1S^(sn3fVnG_x#>EA!B34W&^5-Q&mNg%OQJ6!Rap*mQxMxVF{{%%FHua=N4y7d zuf?3kd~k~w;C8cRw&mCJ89Rp<0`M}I*Vt>mU?*RAU#AMfyzBitN!C`EfKFg}OCf+Wqly<}BxpupMNlpf?X19*ElC#z!*?jYg_(1z5 z3_~vOAb-0VksS1o*SWeTR`-UTT#sbX@zASxo-dVquleVMw$`sqYD=ue!sb%RAp#c8 zTXIEW&fj8Qkx3W>&-E{ZfRRwPJF;T9u7HrphK*lq;sQmq#KlfzS~Z^xlV!W5DbP?&bw zN#WB~8Zg6N;OWgEMC_hc4Pqzb{HAgLlftA$Un3z^J&ZKWiSFQlJg-a#mI-?jGn#b& z;_RiH)tbGtEGAd8{x0S1jb1f=%m4PI&Ua6w_TD+EsGH zdZ3wH@le+WmU2^@8k+uSMaR&x0eEPx=*ZBP_Z1C)?I$4LbYLTGHDrBF^H23SH{oQb z#1K{(=und?ZPIpV zu0gMC!%_O}P{@RKlc`;xRoy4j%3fBVvh6OxI@OW-30NL*G9IJZePEAPaXpc&vrbz^ zY>SRUj-xH7HGnnno$kQvdAy=@pw(^EYL(>o!>1!Jd+Ivyjmy}oJ7F_II!v2XF9eyk zte;Hrb{SZ8DqbqTRd9BYhGN^#;`y8Az%e~OdLY}OE#HgJK>tg%jO~O(jO_sLhy|Kx+@(xe@aFlL0`CL;@pBsndDTli$pHX=S5g^z=k6yXr~q z=80OrswaQT9sth1BdJ^1eB0iM#>4lE+Ey(KZv|lPdy($r7&JV9SUW%+0(kgL7(5hg z<(rEZ)3YfvvBASP%wvHDWcq+1NZj$Q()yFqoB0owiHd{5P* z6cFH#&MTi#Bj#E@f3UH{r_O9z;I^oZ6@Ce)I?nq~e@oSbT&0KQH!Q>VneH!O4)T%{ z1i*9;rkaR|Vyjb#8!YsL7Q4+)kdqR~!Sxy#Ckg&cnL1 zofocX4iXs}+doE&yKZkP5V|L0vtGE*w+RQ5B|~4(A19JciI@E=OgjXNGtgGw?hJga z_=4$ViBsx67Pi2Z@h#7v%f%+=d$|Iw>IxBQ)TPFW{ae_#B6SGCkSC)93_?70y70s5 z7_!-gcq(u8&Ryw(;frDy>Ux*La9aA?o~;}(feQNVav}YGd6!N41usZ4qOk4=k;|ir zU=U`87o{s55Vx7p(CIwBAXGG1FMO}u3&Odm=LMl*keAoHjmxq_S2a^bjGYo~sDK&K zyP>Ndt@yTQ*;~aG(X0H&LK5rEZ-G$uwlhU$3(K1Ffe^`ohwK+QzQL6a)rVN%M@s$u zp^)+wxC>j#j|H3AGrD1E9!7FHVM*B&)|qErBt#DY?!dbqXM@N2zW?7IXRZ6dPO&1o zFx|T1R6p}lSRiPV@{)1|HK|$@SKo$w- zJM+(${66<2*b4N9B^XB3yDTrX@KHPrEzhdh_?O54JAY{52KhRwV&ezKdv*&4KAJbE zSX=#`?rbjqTO`x|9If^DX>d7Vm9fGpZg^ek=)_lv^5B`5qSp}oPJ~LLsr(c*7>FKI z%Kf>X&@87HY6vLE%a21JhhF6$tQg{ANS-79gn{|2fvsfTYdDah6&+XkCflPKX^%$Z zXa>f|Z;$5`YdrOAkmDH^A5TB~bF|i%_5*{0$z!%Y?!xqPs4pM^OU)L)nHOe<^bHm5 zL(7LiC&$aW8BNOK3A@^QO|352TCl0;BkjIAF$dJOi5u;-r1`Sod8=CSiI|=3<;S{% zDFimZe*i=QUSp!TJuKW_mK|oG#e)6R2nRS~W<<9fq3I139sA3CR`%3pAI4kj4ffv9 zyAynDFCT^Z9OevNEG3S%O6UhZo_BUdeKTlX&eD64e6TOb+|M0^tfeUBDt|94C$cXxsD#~MgRwV=O|iW^6RVs;smp#Lnt6kPYFdHnK7>+;Qg$f=jT9)zJoy`o ztM)^k3@fP6S^X;dGa^Fa%2mLxQwdmvT=+DbeVXP_SVSuntyxEPAC?QzgL7em*yQ7HaS9+^}Sp z`#=kJ09}lD@koG%XxF*jW4!OB>oZ7;zT;gkqkxbDGfglV7Y+`8g>UG5pDczH~n zDk{HGav&k$(s%;oDlMjFC1j111kus#5MHd#{K~81Nr*j%IKaLgmNzbO!~pJR2CUC< z5CX+4$+avi&_G|i0o1v$O8D0kFsr-?cFsD8Rvc#0lw=z&Z+U`Fi43L=->KNr zQ?aEtl@G*bPQS_z*@g?m@?>mWp^FP@UH{~Ug$6xYpH{e813Bz)a1Up558u*d5BE`f zSk6~#|7ro=JGb^QEDdI6yAOPzRnS?ny^o)YEcFB@=SnBlMeeMt@5HHLX*hLQpu7#R zvx;-CPgD1G%Fho@9UO)7<{J`gx9WiYw8)xdB(KR6vL+kUl59y_ z57v5j_D#+5`DTE*|Us};U@ zTFgOX3-YvDkhiPi3qpgN@c3`IBB}1 zu^%`z+zK?d{Ox zTXPwZF8DFiiR*@MmLq_Dv z(i>^c>u8vi4&9MN1yV70l#Dm4B3^ewQuye7qQoCsKGYRxyru*!E{JIl{(#?`z@=`C zyolm&Elud!$8FN$L*iUYjGmd>c@DV4#z^%M#w%VPVOdSE_+0G`Y}m=zu(jm{Foinb zf3hc}gE*fGa-~iSFa#9{p^U4b4ioKmEj`O*7evGLaxFf#w)fn2*i~_* zJOTZDQJ@VnP)Bs~C}r}ib|8S_Hy|3AI-a(Fp|k#of)u7Co~I}j%U;ZD3DHKD=))3) zXmdWLHPGw6XK$9bVs7v2gf;iA55G@Mmz8`69SGTTX}ka8I{Xf~!BB<97a=wAzVBqv z!;{m?dt-`9wJK^Z^+3c~cC1}vj$Cu0leX#7pjN%i>hH>9WSQnOT2l2U|EhvrVP5Hj zUT7Whpt5HvtSetiiZ-L@D&I9Fp;^t4m-a3jp(JPJ*{P%y66PZ`eFMLHQa^AR_25&u zT)J`4eV}z7sH8@SZoyhNmOm3Y=|!j9S_N8@W!n{gkI-Y4h&K8%@JFjYn|8Yic;>^! zHhx<6xxIK)$XWQQVKRVwSC}{3jp!+aQn~H(uFBt_v zUwkR+e;)Yn8Hazmh)#h2E0f`Wvkm`$aw_;=6odcI>?yp)*)9A-^utv8Mj`w!`T_X= zHU|Hc*bDq;eh>VAYQeu;*Rp#nF0MjZBNlbD2kt=$%craT$#Ya9z!nR<-ekk8=SRcq zIo-hP2}$sp(*-miN&wA4=(76`8#F(TsCgyMO#n+{dn7**D$l>ehRW3_fb8#c7I8W_ z05V4an0TBAb)EB4oD5j&&{^N1T*3a8dhi0k?*%semhu1r_)fCG*Pi=Q)gX@49cDOF zo{xgyMGy8M1h0z>EZ7gj-)sQ~3zRPaXo*vBad)evWL^7nncbh8yY0{UN9fN>pGY5$ zM}J;$ng@nwY~r4gHyB_h*v5zt2zT5GN&1b!ZsyCOR}% zb*Qf%?4{;sK*9b<_NxhfnU>9a&TWZP)9rd)V)w_>ZGT)x>d*aQ>A_Iq@$}wFy?N!w z_oh4h_88KcPeTcj@=)9h>Chs26C9C)j(S3;JiGww`B_An(ua=Env6512-^eCQ&mS>QL&msQ6rw#n11wgHk zf`|IX+WGDSA88fGD;rp-behYb5dT;)%moFzL*j{B3fin|Zi5DS*T*urDv4}Ohg&f` zf{$dx8T41HqWee{A5A3b{?BYDe!e;MWtgjF3svv2JSFPED?uCXq75?dRhYkQRhXKL zw>7VOX=FM_wO*}g;(Y++hX$$sczILCw^Cb8ub~)1)h=J24C5pu2qljZ+&Ld37-Ef} zA4^P>JUy8wTjjZkdA|8b<@xN8m|$5;JPgTa%(t;(i{$b3k~xYbqeiO2I$J?oltE-~ zH~d58r^-o940!2XKR9`CwAPqBc)YMh3zNX-Qu=lI7v*d^Xn021DG6QhDn#9bwB_T( z&q_`m0DaoEnRj`eEw1QZ55ti!r-4yXKLFigF>BIOV#hCiyIIHYu>@@xms?`Z4*nWTK%A0$f0Vp4-5{ps`Gjz z?Aro0aliPDJqe>gkg$&zN~xK-B2?@nxfm_8{eA4@gVLwTxs@M?JDBQeLg%2i>lKkz zRBnNNcrvN6T1BA<EryL+ zwTen{6r&^xPlU?_?TWJmDw}2Q800KAZO4V<(BQ+ANE%-%uww8nPOOUO_cNsk{ta@8farc@-O=w??g2k<0*A!Qf1U+hO|pD(%13F51sl|E+Ju zrJzsX6}8~^PJ~AXM4`c%F5DF zn8}*0N2LCB$GpA^(z(yw^KCI;jEvgTMI-V;uJw(BmQ}^M5W5?8M()v@aZxV z-KzPI_`=?I z%#fmJO?am|*PBwZhE`8KQ|x{`p}sRia`eqeml~_UFB$%`(|M&U6t6TUDJ?d{Iuv6y z1+uIB77M4f5B!&=pFYBWj=i3v{Xd(uhi-PH zF&G1|yZ-XeBUJ(~rDHb>wZn%kKD6RE_;1y@;f}3HSSrT_hFr zQ@Nn!pho&6rrc$(Oza=YN&HZzQc6Cl>rE~AHN&CyGO63`q9I+wk!z$)W?e7h! z{M6lmXQ*!kCrJ}vpoa!D#%9Sb72X)iWd--iwaM^XEG0AIC)u+7Y6+2Cb2_t zJN>RoHgSVB0$yuOmfE07otG>%8l~jwC~uJ8VS$m@GK4RvE=?WzIL}e)hC6I*Kej`0 zE(0m~NPr$dr9-^4q8CLisQc%oA9HuyVR!s@sqA+F4QKd z{$dMNxG>JP1qJaj(97U0wU$$;wX6jBtS+Jz|2kf3p5&ilpFb*=8`L2W+zQ>|{K}xE zrmxs#1A}qAjoa;mJ-pqf`da-oQpoyU{wsuAOycQS;Hmfq3UX4ZEV6?Hyxu9>^MTSa zK;kzUWht2O|3VMJL=P1ujqZ|31I|D%U4MfDmhf{nw9K{j$jQtUSrDly0qebsK)9h-ReOaK?6mAXn-cr=N5W=Du+D=$b}GbJB5hFT9NWb)QXgkpjI}Aa@b5JcCc-d zpddGa4ld`4q2-|%>aS|71B_if_pVYBtailarx9UdL2ZpqSC|IcUKsdGWLe7mAHX{D z^$($@+Ldk}$=r{uqwm-`6S>d&rSF*Ps5--u_RdbzsxcWgECJ zGd#jeG3N9JUcWWz|B%+enU2i!xQ}d{In1;1vV@y9!k5?H+#f6PP5dM{n5)&QpCR1m zT?`x{M0|Nf-4tVuEZ=ZF^qh)`2(*wOJG`vyactGgB(f~V^r8Rq_-d=MJf{D1m)_*S z?;A1cyLc0wF{Qo9C+9Er*B&f4Jk1hx0#Y9ASTxt zx}taDHHJ@;%2+Y7S(EX#6h z>vz*#bPi^^=x71(_`L3$Kas?6I*8${BJsn4lu5>+2s$LvDYzrpOgVLltl`n>f6q4x zP1Nas1g9ne@L;!d_l9{kQr-r=B1_z$5KuSxk2{vgAr2<{PATJ8~K#}_S9?h$uH*gqqFgV+nK6=UFIJ*3G= zo+sZY0}CdD^E<3$!1-D|EP{&jn+(b|xkQqJoGxT9sje@O@%zq=F>a+GJYC`~E8vdk z{x-{99m)^k(5}ex;fQ1i*ywNHO(~#w1of=izE(-WF4@;dqUL5be9E7eVMNL4Ru+@J z(M9Nz8(!mvr?Le7vtR#;WO=c9!%ZQ%M<%t2L&iNa!`p0w%UrVHbL=uhrCpyV?y=6= z$yAe{%!20=ALdz08ZS=jKjtO%A8%Q%EF>`GU9wip%eTBkGWFaj6_2L;m+ZVRNv3OQ zo=r|D*0*SZVdbXWqk#1F=#|pIi@5p7_r>+A}!XA2KPO z8ZF=62KdH&SbWwTt7^^yy7K2M>gRgP`N^Z#1fTyabp)2e`@YA}WFsrxH812S}d`%)$&B#q_`yXxTZA%~`X*-u~i{8p? z+LbkOH~tA09)lBdr|_l zCw)zRq9FDPD#st_)}kXh%YLaAg?FTWVt1-VVnsKRT+RUSqqFQLHo+f-_0dwQcZsqZ z?)QI^rJhEq82KZ$1`0w6s6tp(1S`e!-)gfmT7YgOaQw)(PSrry)mo5Yegj?CXhCYl z16?z<`oE{T6=D3GWS12(Fh7%oNB@dRk+Ug_U6;lLkjq+mT}mM)Ij&+yV7s*>aCxvk z4SGBiny;~Yc&jxffuobv+4j#ynB;J{L-U@5$ZGsR<&TrYdlZ#p|CU~4kX#w-*FM`u zlY3Bv=$+tI`#aN>(KoBsuDH%toUcxw(}maBlGTN(h5C^y-l6Qn1 z%T-|-le_tMmZzOyuh(a>}%C#xi#zV#%B#kB+<<&0>VPu~J}U26lmuqDagNcfX9LaPGo zSwP~&5IV*t_fC5=dAIljG77lC+{;Vm*Cu7(gVEK^_C>$hYV>^g1RgRyTW9sCT>pf+ z_2P3p8*WLjDiw63b_(>N6jCCyMF|RhXupTAQ>sxmaDB4X?1}?sRP;oab80y6OrV#@ zXwkFJwC*}QK3!y;v#+&fonH-1zpr;~a)lR5&;QfDXu`RY ztxK~DlPz^dg!!Chvz;Uph1b{^_UuNRb-dJK9h)ZSXT{I8OH&rfvxy4UbFo@aXaVj< zO^e4&KEyI}oS64rloiTV1dkx|xdyt1`_DV7RxNz^A+s@h z#h=BW+Q;Bu)J)waSHR;#Aij?xr+&{30xekj2TEIDMNk)VetDg57agg`!jXDh?QfHg z)MMdD-J6co+D6caPO~2En3B3gbBp8$Lwh9_e{}&#|LBr7y zFJnBJ$i7|$`_1<7^oGFE-V09Y7XPeJ3$)m=aQ;0@tYCv+(ApeqU95Q$4XRe{+wu2n z9x*os_6^0m+Z}MLiU z8`Y{7;Qje{kU?%3_q?FPZ4Xlm%%gl)Bazu!eFHtt9lYQ<{v=R?k=Q1Nxj8-nlJFfK zssLkeQ4XpfC;`Hb<ozu8*-i+sAa*X7qw<=bWW^*5D>rZYy739l}lcRl%tso8-; zQ)>z$zAC%8?^@;k%Q%S-m7(Uc3G?P%KUJ$2d!H5J`dFU!5FOO&mNK~84>_!G?KknU zb}a2aW8N9Mo0X1vn{Y^XfnP$!(VVIre&u>TrdFF z7!=M`OVll*p1CPrikB+1eVf_Hv|^oqle_?oz=&6jbYIXII0`KiBPCejGU^wJru|sX zg43ZeBn0Qp00cdC6J}`jy!4@)+u}uB693t<0C?datgWebj0Y$@;*hn_;c0G`+t(Lh zRUey7f5`;8=QX|=D4NZp(^b)I6jjMOw&kuv=^skz23Tv)@;G+mo9z$iaW-o~iD!W= zqG0%`-E1pkTJ$!|$@zx4sK_uMgl=dN7>0Qx4D&XgSdhx;y+9(;EjIKyUsZ#CFloWV z*D4IVblyB0jb@+&U=p06MVj3f8!Z&o$K4O*jczB;Nrs8HPm*L1FA^rG*AkF|Nmc(% zGJQw{T`Ej?06!&uVGY`vnWd8>`-|?>{dJ_*{GbY}WHQRJl@Bvk$M8QfO!I1)B__0cp$8M1lASt= zWR?cX+?f;jsCVR}{*37Z0JsXax(W`s?5kz}+@=NRp?6e1A2YmfZR{)w^tN%CEAZ_%wIFe=ph9;~#A$ySi&eA& zXtDDpc1Pas$r-VqVxrCp=RG^6dt9#QnZ*{9wINkS83GRRLiF(>>-B|I8L#7G@hoOn zq1y<)gR82Zq=IvaTe945p3~22A*U*%a}Su#C+*hP+AXoqpW06ysUhX0hIFU>`XM(o z7ym(js2eGIiaquC*GYToIcd7)BAO(NXq+sb3*K#33Dy13`p0`inp4vy3w`6<^;;zS zMPV}g#rpL06}35d!2A`lKSG&p>u-}*b73)2T?>i{Cp3k*9;t5SI|=8RPw-r`c+PNM;gt#uiYki;!0?WWEL)W%oeHhh%DO)AUEqb#Y%&MlY#N5YoD?3B* zNe<{0-iNniP%VbxnM61T4Y)lg=5$eml{3h)FXP4P^9L)H_%ZFZ(d>C~VM<_D`3v5ZZu=9E_oKlye~XG%%>f1Qz7oBljjkBX zX#%69%0EAw{p~b*NEP;uabl{lLx!CyY;<070K9sF_WD50Y=}SH2navz_!^y<%|a@_ z3gxHRy%1`x@s9K+^DS)tW5#&Z`;+B;AHM%{=6i`(Fk4SFS|%4Nfn51|xNny3Y}d8P z?O>7$*3rX4*Cri>O-Mi7p-1*#L0#S;x+U2u8`MlCN_Bz!w)qZ-vM54RFPSCo?n+r_ z9SbbvjohT}jQCFGVh)Tl8zn=%py{Oy>oS|m2o7Xgw9;{6J|G!C_`N1>Uik4$^91h8 z&+-lPFzyI`5AuWx6czOVJEl5z%E3D!K7<;bi?ua*-_#6FU7$P3dOt*Oo=kTou=V`L zA*v|feXKxDlWBVf(+U2QYm~~vVdabK*Ao&9nsOo%d^N>Jf{Sw`fFk~vK0itAtxVQv z_byVAsw{HOUbD%QXoBvL;94OUTbNRN8&(jrI@g{RFKdm-l38iNuLKMz6%h*F6hPmXRVfv#@RS5_4DoAtd zpxQA){-_aJa**Zv#7iqW04UxCHOvWyxiBA#3ZTsz6d$V~iBcb_ww3_lQPuQs*Ucq+ z&@SNOZHp@RXgJBzV61d^irUY%Zrj~JUD^jAvQS8z1ZXOi!YbJ<(I3-L+(#wTg4Xc( zapnx{Ie)r+?<@SHX?05yS-z94pj;vEK|OR$G@6~*k&tvp$$q=7&tk66e0zO#bF&e; z7e>H);Yii#|B-GU<}JjaxO6195pRMI6vgbT-WM~qL#rWAGNq39XMcVH^bT&K&hMqHmgY*9c;MeLuyb!5fwG|WW&6uIk{ z-az!tZ+E0_{4Gu`n2G&;f4;{&j}@-!V|apH8paK`2~zQUJTebBp*%q_Fq}Q z`N@@wqV}Gsj!_6cr7vDae#>t4^-$G8!2!6WPs=A6fk`jly83YRo1XB%{zv*8a_FJy zK-fs^FIQ#|TSXt>BhaP?B7+p^gg+ImFjfwnem|GPiV__e4Vzg|YD%U0W_UUt;EJX& z&z%{GcH(5^m~LNh`0{)lC7-1AO;&dy|^A=~UXA8$9MahS}gbyjQD}0IXD- za^w0YX)CDm0>HEzlK?vs9fn?c8USX)EtnmR{^JN?#sjLXs!d%lkMUxQ`br7_>U@y7 zRtZGI`2mS_E%f2uXhjFzy>@jua0Z}QXh~N*yCUHU_r1bU87qo<*;@X;qht zu0j|tju>r3Rhw4K(;|69SV|u`CT@1iG0}`Qd##v|_X>(ctGhDSD--DUx*fFFEo!aX z=Ur)}Alc7%uivsym5A`1<$kJGQO@l*b@LibplUnmy&k@%Eqc}lIZRjch;V^+zXHnN zlH~*EmGDi~R{T+|=;d?MR`e>2hle{>v?95pg;)?K&AIef5Gt5xjfe1D`z(!3Mmejj zH)Cye=P@0`exbFt1bU*=VNq4Jwz@+d6WgPg!aqrO?3T6S4l09nwJUqkDXeRYe@CP1 zq&|y)ad1z_exs&2cf#lE^guHXz$IPSb6C8pC-v|RIP&~Y#s}9t@*PF7;pIGsg~tf} z5HR}CcefGx@hiZ*7Ha^8Gg^Bp`$x}=>pxLC_sihH-%d~=q@(xe5-C4tql|m-$MoSp zWDQ+463w!PAG=K)O{+MMJr=QuTEt@61}b{1xRLu#*wN6quB z<2QBm+z^cq#QH#2NHP=IkB=Qu%ASVvFkO2mXKQOUZEgFqy;-Oa%K@Ba{B6sQCU(Ke z&oG<^eUr7dS>Y8-U$3ogMF9x43ogM5=c+{Y=cMw~?pr=nvhJ-q=8U_LnccGDcc2jS zfSzaP0lmQNN~Q0-Fulgeb&}M6bSm$sl(qAIUYK5SWO~Jm)`{>hm(oBZ%C_syt_5dN z&U5ULB+;bOI+QEA1JnT}taydCQm8As>kDp@xkd3!0w2M28_x}%Q%xQM3zlf+!@iDv zz)5bw6<|1~hD*m>iJhs#ifnH8Vhfx5qMu;O@ENqM>s#r1@Awir{-V^T5Tj`_U*Yu_ zK>URizZDr2TMI=*8h;k<_x=?)02mHB_GzYgpBDdtLp)6nEr1x=>AP_8wb(puv(se7 zeP8hSY~ubInB<0kgU+=+>Xw9ZzUGill{t)tz?iRu#;#PPhv=q5#Ksf)7m;?G1t>@o zMMl{{!`ZN)6ds|5!*2NvpoGWKN&AOrAgo4H?g$2)n~cz+qIgS^{~QsWEEz~dxnRe# z3Ec;2etHR{yhRgaSwfRA&L+L=-324Ts~73cqyFByv&}ykqO-FNZYU61!hOf+jz)Il z!Z;X$7qWyE2*sjNl8yb!eEs}FJv==JWCBirID0BZx@HQv?)f9>OBpy)@QS5!h!|m) zrXSv642xhXv5_N13(nUa?F-J;DeEZ7rwr0*`=SBB8^&9M+T`#~eb^@Y_mF9;n2=)H z{yI*Ww)e-`K^#R`TqH-N>ObV@mVd4%eS^g?laJri+qX~;{Y)8xkCbTvX3Z9him=h) zfkz>lh6X%jSdpm3Y?W%iIyB%ULwml%9{oOG$T?oz401HkJLF)_;ZS-#1SW53qWKH7(U&-(KE3TC?_ko#$~xthn9PW?yFH z&L!9WKD#_ebxEfh)n)u-3i-)y{o!~)`hz0>82l~qd-1o@e{*Fpv3Sv8NtQ>St%2jP z-CVDnZf%?+@T#BQDzAE5 zub$?sVB$U#Z&t~hldLyC#Tzvit$seOlL2sm2WspL*muHgAvpziCLgVU0n6Tz-Sa2V zl{R#-_#-_F=MRuG=7SV#*o*khxNo5=i)8&@$8QgIp<|Qw&?bC0oK4z8yZD8|o`+GJ zAO09WwY3um>Dsz3Phyj=(5t=C;R$?kMZA~mH72Ci*33AKDVf247-b#$9UT+BMPARk zx@jl7PsVGH<2_I0^OA~=DspIFdLr=>x8~l-EO6pvzp7MxxuC0d!~4as6i?8j^CA%b z%-4#Qj+dX3yaAtFRDM#G%TFqe`PpWvap~z}p|aO(^hEZv&kpnn=O3Wd%F=_3kpR6f zwajjeVP>{!V7B#nyY;!)`sB?_eloH-KcBTei4*+f%};)A&sGD75?2&vd(2i(B*p=3 z!T=f=!%eU7m{b?cK_dKstnx!C$-a%j0AX6am{ zt~EBs(BY>9{J>{l>yvg-etv3w%8gQdZm~XJw?3b<+NNVGo99h4hx%GmpIGeD*1ks# zfF3;$j+k^^A#ll+o@V`)`yJ%>@w=u9RfelNa7MwKxaaV8AX%IJJNm&URqVbUZnNv~ zc5N+~V(J#q0yF=l_mFS>wtMKJb7JUqK`lOKYz;C8y6YA3rx^h+5#4;f^p|2~hLa8J zIp5+@piOQDXFWn&-oKwH|9t%<7vo7p;D-3@iUvvBAz7>+qFThgJrqNY2V2tGe(W z=FOc|j?Mg*-%)M;S_*VFI-uHyua&lZVqY$VJayO?ErQm(UY4cOolTfj6N-cMUXJ2m zR3P(8}DeP#AM`k6W4hwDkV-2DdgD8vcfFs$k7{&ka|r;o@Yl?Fx{`~&`OFdXIcviuO{waHKRLGNL0tn*McLg-af)QEd5z^XjNb0$yMP2 zk6sxbFk_;re&eJsu}?8*Z904d6hsfgUT>}nN)ZK3=?v%9t>1B8t;{9tQ&S4c@AO%r z{RZD~b!6Sf_Jb>>2#&4diu6AGzviK(5K>$@#I;MV7Q8OILLsnq`Q@fgqVdb6l{kKq zy7cFoQ)|!KdTzH`=UcUSn<5!5ZDF@s2fNq$`fF9|5u7j9HJL-vN~yI{9vY$NWO+Q! zt(*Z>SSs=I5p1Si%<>8PK7xzKjyY$s0ET`o!#A*7*>}YO*WZboObt;UKVKV~1%U9o z4Hb4LZ9BK7nty;9K+R8ei-YNwf3d+g&K(Noe##Vg9qw`NTsICMmp1ubqIR&u_s_bc zjzz^Z(#+)~r>?}S#Z zB=in<&{^fRJ=pm(SLzc(!IfX}Y1_nN_e#SPo{rs*v!NY+GyW}|5r^+wjB%BK{cxK* z$Gu9&_K#ruw^cbBQPiE^;x=cl(wTAVNwA)T2f_U!WE2aO&ImSoL~V5SG#3$D+$*W6`fuXy8RJV5$xA+HUdM4{vwT z&n2sBa4Tyq+ypWz4gnUCWUY?${U2N+UY%nEb&EXi5b_vt=eJjzbAmcRsRbYGtuTxLs@s&SJ7KZe0pPSK z2GlD~bP87)4wnho+JZ9pG0gyLe7owb=LY}z8t7;y}BNf@3E&5oT4CjY}eHmS& zqH~Cq%(-nC;-7P(!7|V+U`HWDV|A^fiM&iT>=M8d*ALA{4a+L)fS| zlf`mlOpZzH%AtxgnQONX4u!ttsr;j9tP02b|1W>?`<(CMPvAG{QOp*g%0MyXOGs~R zdQEUBa z@?YUk`UBlDH{P~Ef#-BjVxx^sgt81-GI|2A?9QX9oZEukkBd&}37>v%KU;=UHO&@nTHl zlBIyHI-4cAcW4fLpu%#4g?zfYqA~>fSUL0MOkZhnq%A309FeZ~X1^kC0@i-I5$oTV zt1jntU!K?6WSS(o_V3pn&8}S%*R8JU!jSA=cYducmqXly+41)L8YY2Rwt+%%hJP(n zfbHOko?Uy1rAkB-~QvdaO2%;ltm2Z-i32iughzMwKenD;p6nW#@aXY$Rp_M4xnH_s&NTyDQv zd6B$%10Szl#y4l%Z_ZM0uI3wYuPU(LELN>O#nvw5o6q;86fIkN)VHh<6E;lKh3c*^ zrAFvmWCM-C512hA=MR5R#BUEAe;>M7 z)Ug=QA1cL){)Vks(H-yTkprSw`3@ZewINjGxbbI{rC1rmKRW-+=AYa7XR&AwvMddU z^+|6z(QvRUi28I_TS*E}1Iur2CSZKZht&$j4S`+2|c zWu+29#YfVlr=!txV=AIfIgfa1yAy>Ae&Tuc>g%6)@}gJVd=xLT{09OJhduE9Uibsj zFP2w?D_aE5R^M(?FF9MS{13stD|u+c1J6@nsZ0xC^M<_HN57*nYt!T7JY|g#LRpF= z&A&DN1eCy~=k*6|&aD$nsbS+8-91*Qx|`1KAetoe$4Qz+Gnj17caAjz%LkC607^i$ zzwItb+n81e6dpvGtwXZL5wTLK&PbT6BZ|wow6F*L#|&^6kN%7LkD05=t3&QpqsUnh z_~a~j*Eo~2XtP;+DFQaOyhpZzZ`0U{VFkig@M#)b!TG>!=h3Pyb;rFZ=GN9eS9&lf zUGH&%eCQ;<%iF$|{$piN`VV1wha@)ExSa=j3-1&FY=`-BGMP&`XNf;0Lf ze^H*!UzDG~UlglTcLv%q-7CvQp{`bleLoPyUf5{vcbDz=;)_w%027#@tvhOHlM)rX zB=q1=x%%^*=>81z*3uD1_-WZ9_70GY$iqHXn}AwNOMeiH-X$(_&&j@_CSXr?nkIm? z;vXp%mCid!{lR73YNhWs)-pmEM0B-Pl?#|T+ z$qj8`tm|*0ERY>?uLynHnHn<%{F+A?b~*SHFaQ$+59F2u`zmvNal_f}h104w84?-m zmIBmM)3gWO zjNeR&@O32teaLbPw&O8Kc8nc(&8?omMr2nf6;=5o9v@^PfvyzA+5k&mayA4wr6p*n-Q~bh z`DmmnKSs3*ytDC~VAO&mxp%DN(^a=6m$xN}dr%YtIxPxezRVNoq!1Z{jY>00|Uvt&*3;Qp5>< z)jUFY2&GFy7=Z|A{3>!BP?xxEptw>{X%?Ldfx_BpKvCGzp|C|k#gzgJ?;_aL*>!va zNU;`Vq!EA!!pY3i5$+YG*$P5!!fU)u1i3lW*qRP69GrdOXgT0fXfvnbeCTVP4{7#R z>wJ)u(3$6h;XJ0*AAt2knM2baZpXuy9Ld8lo>K+Sx4>}>>t+cU3UlEDN+|wonu^=4 zp;Cd~%kz)y8mC&6>w1C7y>&)$o%}xz~4DUfMPICiqhgN`l z-kZ{&IGcT5Fc>12O;1d$d%#JVu-*6Z#N)YR4YLaeu;J{gtpPb0tE9GF?*qWIQVYOS zTU)v5Fr0{85S{78H5AUxr4=thFibdn13X|{9p3Qd1SFsUYZpmCfC=r?K z!n14%?*47oo1dsR=bvRueK*-}eyQG+CF@MK-~3{jyjgpeE%jY!zqvrYsXxn>`cAgr zw9D19y!-L-8eIUQM>=dd6@?`q#?k0NdloY%Cuh+bO}uBdLBCtP96i~Vb^j`Dkgrdb z$Kliv-6B;`_Jd)`#$U0YEl)jrTArOCZ_+|+g!+5w2Hn*=P1wxK&ou69v;a8TwTDXh z1@0ha&DujF@m<;VCrEMb<;%7DDfkhB2x@MkRgB_nW#;54u)$$gR=m_>dln z!4C5UJ?g5$bK!v2ikI(JX;ts5^yXtc=DXOa`BmZjyYSM`s=mO>W3(VeV&e_76V2x0 zg-5IEbcL__#-&xgW-7Yq0#IY! z*fJwE?y?>5GzA<2d#})&o49@TZJ)8xVaI8Xyis=^)|Nj*{r9#{=xvZ*AN$4_)+Tq` zJkBq)<#j0b%9CiqUAFy~;oLenhUcxm8vb0r)bD6`tkruz{f#1@U7<(1&T|~pe;MeS zt_3a?c0qD~OY{zi*Pd4ae6t?wmR0@XG2U*@cew|MaakN z&H6IBN!HPEgL(z(8C-{V>B|`4rcREd2t2YPpOuhLqNYH6IbTRG!)1+& z+~6HXNDYypc!C!lh8>#{?ppvrm|pXsmk~Hd)d_f`VZGe7qVFgyiWk0E zWjhzXVVr*#prbt>LzOa*b3ZjA+Cy}k^OkM(nsHCrF707PYRSC_v#axzMLqC?#n2Y( zIWw^n@MjwT+^#!1(Bq>j@Ux>s508J;D0|DJJ)h7WpIiPBC~&^l8C%c~TM>ZTraeSn z3D6k@=tS8y-f95|=>VFiEN+;atDuE%kxLiLj?zz0Hbw0Sco+ZTmulZ|tGQm~PqlA) z$6CIjIt~aDABjp(f=M~nhP4zwRk?!Llf26B*bQ_B#R~~pZD9nO{*0{M&u}#AWt$c( zVKDH;5G%8(9IsrkKul#^ia_LBSOgc{WSHe~kGP!ez^P`GZCcnLqhj_!_u_#`{V+9j*_ox@-ea z%S*M@QJ1}7}2Be%|}h}FAb>KnyNWo)y%C5U;m9&6U@y{rFsYdqU1SO_-gPk z7{gPr$-}V6* znbCzt_!i#F@(%mNcfPh(9lKsLrcUJAF+6|gR&?V0t<)ZC3SZEf*cel4pl=Ho!A^Fm zIi!EqMCZ)Ee6uj(u`c;Mj`r0FU5k^N$1&(~lgs>e9ou|Ej_Zk^yUoul>pJt|x2YrA zF2Ym#4LP&zA~|ulB2BeJ6;+a=Z?OG0_|v6LJb+@o<7X;jq+YYa8~ka#E~wPjbh^y1 zU1eKc(EGZa-)cXTbhtSDXA5`ffdbZT#&Gs%>k@LM2O9Ksa2J?#L_hpK`I2cwo5MQ< zey+ds6z-;91pOV%^ZoGG)BveOQ#jsNxCcR4-HqQu2y%z0<9sLC-YC|$Ngd?t0aJ5h z?Q7UrU!E=-Yv!5uF@ABAY&kjl#dBPY5IJU4mUNHst2IohT;m2SCUFcwuV5n*l`RzX zEznLxe=V}+i9v?VHr0&b=rZ?%OHd3CW?ZSQwZvXBys5Tfkd@Q}WXh!jM(dg8fwhvM zT)~USpKv8MlM}Rpl%b%3MyGYtuMs85CQ>q}f1UAooSSPGc^!!<;Q{MB=6gU(-2quW zw@#rhygFPf1`MKJ*ty#eLxF^Zh5^i)E0`{Aty1^Z@It&AaS{d?VC*o1&ciSHvDtT#i|+Et!z-TH_w zwBP*ZGgJR{|rM;_G zlwQW`<<8@aN)7W8-K>Q+<<26BgG2l9X~|g(l3C!{wW(*h@=V=VkxR+U?o{V2*B)lH zVMdXdoufT`xfm;e=kR21SbAfXww69zHO*PsyjzkFhEoeLw2)y|7S%LY4$5ZU$Q@jB zb6SbsTuBFTntu&P1h31b7BAPTr*M<0$x_ zY{S3Qg8z+q+QS!9cL+h3`#lMD!h&PQiRmfWrZPDNjyV=iRx6-~2VRT5^t2TKrg_3M z5}6kPSE9uT_gf}27rN2>{&bKH^g#_4 zXb-F9STV>3`tfzvo3LUB|1!u1`iJtyj@Qx)gLA!d5s&V1*L92M0zbwA-l=hk?qd^X zG#g(%w+t{1hd4tPq}NDBf1OW1g$rC^*YQBt*;-(MoyUr-gSI9+&~?6wo*L-7PzB1R zSxF1hd5s)UpsPq*{yU0mfg{D(RQx8VZbbuy-G!6?E|LER;_PfRcjK(~B-VSK+qK}0 zR99=~ts)UW z9sX}xGT_75@`5cpaDZ{GS|DEEel%Ep~F(6?^5k4 z{k=3m)qXVx&cSMrtapW%wxRnz3kK2gVUR2EW{E4%^gH}l=+-87y3NCwcI|V)UH(E7 zj!^3{oO{=xhwRuELbNm8Ucqq%8UT+LEwG4j;J*=^Y?`Z>*v*6T>W%(B4(*pU7(7($++Wee-m37_Q7>6vo-S>zr zl2zYcD@L!A33W>0gZI9J3FWMItZ-nT%uhxzc9&kD7?p6|bfBIv3HW{~c8X#h7+g_k zLMnD4i)RMV3J)B`3KFmP=-<*$Y+J6uE-fu}g)0@dGvyh)!CmU|CR{d3wKWc)yzgwF zyI*^aZVrk+{E{#P3N1V}KEI+vQr&wJt-k9)qWE~x4^XV2_8KUR0$o6_$CZ^_@PSDa z!TLVm;OGKEGK8{3F$b)Qfe*xleLw`@0nh*}@R!7brUh?G=dt@yQjnIdE=eM7gV(vk zH=FA<*mZbMYPnACzFf_F8ilcKw zQjy{LKY$vw1X4Ws7f%7?ur`|uU7xyt!Tz^%y;c8>vfNFz{UPn2#C{Ie{!{vmzX4}L zXA|@p5+HI}BWD$VmWx-a0wIO-ZiKqYUVJwMRJHg$1Uj)&;-&{W88~U69q_l{we<7J zim4ECNXuX9+UpJYazPSnh+Xe7w3uL*jek0x-V0Agg;z>m=J(lxc5>+-Ul!ZL5$5`K z36mx#Zs^VTZvAH0P^?=yWhD ztH!0L5rI<3NAq5M3FyQee<6O)k>5WKwl1!$J5sV>T-}ieeV0K(dC@^Zr2+4zqtx9} zYBIhpkZ+gc+gbAM5_}sj-^$!(YhbVDio_sK5A1`9!^WFitgY!=9N9a_71>ktVlD~; zxK#xac%i!sS_)dUHPD*x9ibPrWL^kXpq>aP)XG6-fjyjNtXN@4mK$TMQ16QPF8T0c^{{Wo!%Nh|{EUaA)Wh72hnMmp9=P~G=D!K^ zZwwqfBND~n8!-Q_KD8G#!C8#+&z1Sl{~#k9$mH(OGbXD_m6WDTB(XB~|=Nm=~?`djZoo$|#pK(jq!mRszrd zZ<#e<%T)SQIvq{!H#$^HaeeexjRY1r&v7ICwmon_}dp8tb+ zbFu9yp@#?lSzey6UMAYCc$slX+f&HJ&6c?P!7bz!#;dvZ@6o9>1FM{GT(4kQv9(h zPlqmEwsyAq4|v1+L3~-5AHRxUS@NE|TaOoKd0wlt{-yf+QoE;bAquqDXm7XGXuCJn zX!F}YtI^`^H6Cs0HgEkle*uFmu)%GHGvYg=dpy9xEZ<-XY#8bnb|42U{zd+J>RH1c z2cvnN1R*Y;f;T-i^4GH{8-N&Blq{aghs}6p1l%e1@X<6Py8c$7nG58G$JNmG(yT)ZX>~{r1N7)L!9#zr9m>YVWnb zeP4TZ&MY4@?8F$InV&p6)BD4Q7rV0gZpZ=59)-iSNbi%a)&JT;_)E!kUB>%Uke*S1 zHuy21e=oulliz{;*eCoZvB;shWiVT4ByZ=p`Pfm9^iw-(F|9AuhUKOuT1{iIGNa3? zKr|_SXmPa8t%wB23ueg5#hUe>jI;1x9%r=ge|wzafpJ#m<$8-KERMEMl7k<_Sq)U^ zKot#6G`rGLHP4eVp>SSj-?Uh@IQ=2qZTiPP2hh~rmS`#dlK(1?6mhzqs4n*>L>cWGzW>qQga6(WhXsprh z1`XQKimsQoT%MK1Na9r1fG#y8@QmjPj|hTY%);S3onbIj@s{uFdje~1N9bn|V&xc+ zA!&rJ0#;pXaoOihg!m=-VXRfRE2?clBnjvFpHbg$=Q-Nvd-@Zc%IGXSa77=58e-*_ zKG(QZx|LP*6t>cp06j)%f&ZY>5l}>hg+3A;k2589Kdd+aMFaWpT{ZO$be`8%t*_BG zwm2kiigFY$YpjR4Z56y#+&imETEPEw)ws2d4cX9@X~8Se2>E!_YRjQUuSPw9qwB_& zT-y2S(n{p9#N%ltda=aIX(f8scld|E0w{@|(Pbm_$qwBK3)!SD-MLfOChs)Dca`3( zhZX_a4~~EePjy`V|w6N zzP9|=n2#3B5jf_~0UO%`D2?#t$KXg{z!Z zKn@)1tp(}6u7~a^fhPtN770^zGfknw23k-|yu&(w&FKcj^#Izjll;q}{hF2YJs5T7S2zXegQdW5=|{Z@24Bx$c-DwQ>{Xf7nxr)l;F>Q%z4j z9dP_F^t5KY>PbRQ;Q8%6^%VHu=*h5py3Fe7M?Lj4_b4MTpq3F(Tt@325ud!Oq``%W0X4M;3tG&Lr zRh(w3D7+0M2S-kBiWNJxKv=O#`2ds@E9Ux>#fsJCfE62_V#V}7TlUPud?A7C%pK7e zrFiVl&hO^WpgHuIZAPfr2zm0w^@dS9U3Fv2wN;I-(EOrhIIfs2_-fwp58?l_^8?5G zXb&;lMc{ZT4h4JxOIr%1F3$@&g;&DjJ+$TXPv^nD=2W$KXRMbNPiMIhVEk+F0YD_h55H!?JJHOny%bQ4lQb zuN>A)c6-gQFq4H3$KYh6k{{7{hGE8-#U0*HUi00Ggi9i;@|wrUZvHE?6Q1x~4iajp z!PXe7V7336J#&;5H2-+a^@jPS@Hh3JXC;SOls3$!)G&{sL{+d;tN((XCYlX%yT^P# zIR?KOe^!hdGP-RQ3FXJf&?QEAKA?6#vF2=9?0eyl4y;!c7of@q z6$gMSTz-yxuo^i$Gj}t>$ygcm{CNsTFyi$|99d*k!Ll(~hI$YyVh>2GXWG>G%M1)L z+*P-DfQlQQaLE1AvuFbgkjqa08)SAjO>#tY~bQEZqVNiLB=)L`k6sCnuw_V2gF zCo1iKbfEZzEDpz6P_j7O^;8f3Bi8<&COiAOe9%sB{VpxYKqcJVmD;Lic|hdELiZ0e zVuc&v;YGP$3p_=X4Nn0cEO5N!fQble{5w2bc2uG|ET0A{DAa-}<$x!G#8?khuI+_6 z!3%>|1b^aMQwT+9C(vRDYM70cS^H50I3cYR;u(*qY`ZnON@cdD1s)QUD_e{$!dLi_ zV%+t*VWd_cA`=|G z4z3{!9TgzhyL^?dx(S5MM*bKJ1!y%IZ)n3_fsu@U#qcN=<#kgwyk_P3o~f=33UJW?CW(nomI^Ohixpq$z+R{K%`J6T2r%MvWN=#jpGfl5a$c2l;&P6&#&$`L1@mAJ z%ef%6oVPg?z&d^BVsB3cs3RmZ;>k`}7lGM6?g6ZI6P|a6<5^s4KpWWH8k1ax%Z{j? zBN8m7(|0tz7A#nt(tRu>|THzQS9hfvUEL)f3KX7OXy zrWWKi;S<`0Wn5s)wqp#NKtn1adKnLvl7DLT7uxmdOkZ~eKzzE&VFrAA&{1)K*WMPo z0Ah&M@p~)?Ujqmy*Wc08`a7)kcUVjLx1QGj+0^>eH{NPI&g|hlPB?#(B%A5gfyu{Jxd4%d63Q|&a&gbN1jZyi1t7Zc4fIE1_8ORavAEOSF- z4>N$a!WXw7g7s{G*)88iGh3s(paFJY5Wf~jY$ys}uI3`?!3m+C%BiyyfVqw7-!3xD z(o*Xvbji{4A!$8uVngi@I!`0@K3E=Q&`#g@%-!DSy6E=Ran2sQyJ{^yLr6Vc*2VkMyRyZ6MmqS zr_}|eRy*A%aYcLzvx%<346MoAKxcX$0@pFiPhdlSW^fx-=m{L9@f{pqXgr%Hd<^qA zho{xwfyO{QfI0KmV2Ip6_7MLF_Q3y??6XWLr$IPj4X(L1FJ8#~Z;zZf-H*8fZvcH& z=Swp9yOqP^G$XViU-CBy@5+1EDwZ;oNnCE&y7K))p~u7PG;QC#2dU|Ukt9Z!hR#Nk zBi0ICmCqZs59*;)>&A}tFXAN`-@P;%V$>5I;s<4(s+(8k!!9+}e=Sc+Na#w+kd$dE zMz5!=VZlr*U&)c^FYx458C6+i0Zag0`EcS1_chQibO{Yoj-2%SP+r8C9!58Z8s;J_ z$BJHGY7bUBk^$YRHSOvu&Jrz@#ecW_&gQ@Qg55+febRdL4IW9)QX%>qDf->~`0Zl0 z;mvT-$iL^2OdCeXspA~?B)0g5@V4ctU5UiA4u5a2Il*Jj&BxbUyrBu6(A<0ip~!-U za&;poK>-K0wDAs3bOc-Y`b(&xcvSYa+JKhNH?Rhfg|nsq9_7^2p=eu2#je;bTuB%| zD|YG5FSP&z)k2Zl0BtOz`@%tPIyA1>_6039kp}o(=FZc@Qy}&n(gJj-kaF-Oc9%|6 z@7?pDNLio#q9ay7rZjwkpNcW*Hhxh$KMK}`1H799)Pi?Vdu9%p2k&1fu#RiNCbBA= z`rY}4^Ml&!bx0cH^>7tVva86$p6W4A^1!TIcXX^DROL|g9}tJMHM{|k&l}?XkKh0{V{kzy+%euHIJ6H;N7At>#239q4DlN0Y9%!as{Fbzfj=U>W5I?C=>2QH@{@S zi|(G;^i%C53&`Y3(F=ZMA=VG%*%#5%<-vF2liH?6=wc)ElYG&HF5wv*o{Tx*(ACzQ zqMI7?i`5hex`>cVU*$eR)4W1aE5By zrMb5!2Y!QpzQ^2(rhU~UG9HNA*^dQtDhi2%nz)nTE zG)o`WtVcf2*Ve-CZBMx#`J_lMXcolM*1n||MC81@mc1{$q+IBjOblL{*Fa zzf{nnG+D!sgIo&lg0oO{c8*%}bI}viJOC|V%$z!i*jmnPM>S?Ib7?lOBiEQqE$Gn+ zL0uhS*e=-`(R+?15(0kTp8%mzg!veuAOsOO2rAFO} zMcR7PejmM>X@0vI@9__Qmh?;Kt+Y@sbZ`B>9FX+A>gK%y&y_7(YM8&39tgQHiCq|o zWXE`1r`xNQ`SjhS@lq14!lJ1zT)1*;lqZLkfmQka<*g5??|RaIg?@iwSTK|ZHJtat zq2jbmtl1}61T7QteDP|@?q;37F}m*@Wz1cjv`#-_SEUz?J+RA?{c}_orjP0}dsK&m zsZpK&UmjI>U~kr8P&PRNIJl~FQnu(vl(F#?Ws6o9SPn(EotH8EaNcQF$5eox@>MYv zpjXHT+EWV9%AZ>b&<8&QpEWSWfKC2I@(kp99qhJV3=bM|4Il#nZAq4_7C^KZAOg9i z4}xvHk)*PK2N*E^T%B%%w=&!Id04#@Yc1{m{2^xUaNhGcVfa(75r^{{4yqX`zf#-D z^L7PCtFufW(6j~CV-FG^)0_^hDNyv3L0hXVQ>ad^GCfU4%lKt&rJ!2b>GetbGAmft z_)_I=Taq z0leRf>8aDz@>~A9cObS1{>_EAd|C8V8Y%_v<~OYLw866l?+w19*=`_OGxnDh1|PK_1)h zP)#SCXB_z6nUrMCL}s8;LPf6xgUA68@w}m$B8HQlj*c&rab_pS$uf+0<?@5CT*_grecTMTLNp36t!)ANSyF9@|p#V*MY;HrC| zC{akII#YA6aHwndjG2ph!n8rCk%$L(DZ7T@{B|M4u+L&NxT3xRQx2~u4i{So+!>>g z^DlzLUsOBF^ON*VI`n{bSL3yzTyI3Tsq zF|vh@k*(hP7*;6ISQOvd?LK9rZ%T%LWO1PnYR*RH%K9Q+4tt(AJPKa9O@?D5fTIQW zgGSVizo<~F-$RwtEUxHi;``5?NCV8FT_$Erw^tv%wz9Cj7Bw2#+ zz%p(LYbAg#L*NYPE!%Ttc))PO`LR|%Q50G+w|vCGWNRaU71{{k$M?uH$^2tHudger z8;35OOl0gUMVD&?ZPg7#VCgLM>+37m6RgBz)Z(qm!A{@~k!uR-h2@Q(ai4bCr;0y& zv+}QwIwtKtvvS4V5C{rHfLXSIZ_}>88novzc^m_#2ul$f5}Gs$y6S>wbNvqh6N0TE z6sKZ{%y`ZZh%oSnYVZVFvh~mu5UELo6}khs9B36U#y2F z)GaN*3U*E&mFpj=9PB0wETk3M-sAJq9^WsIse+5^7EC7FFu_lYJsx;dY6b*n^dvQd z)6!aUNlOlEnCn-}%@>``G|Lm#mQU*LD}Y+ulkb}(e&8U7y*eu~)>C!(q3fYaHgz~= z&lu8n>hbPaS`RC#^UX-G71l*1>DcmV5}E7nD*|)nT#%GL@^{ z2rbNag{nsZe=irKAeo0+bcbGN#B2nXh|?Z$LfBTsU(1#KDU|~iu3_T?CcO zlQT({hYbZN$le6rINGWO;PWjcR4C^PO)ZDIW!4xhz^%Zr8&|+TR^`{l+OU$Kpj@Py zZ*v**qxRWMftg1j-PL@(p-etvVUO&J2s|T$CTT&y_(AZ^3BzX zGM$QLPZ1{jK%Sdi#>)s-ixOQFZ1t6-t%do?32WhBom#s;;Ad%C@x`B{k5d(2_W#MU zz54NYE?d7uw`FVnIDOeZOD&s#Cug-|y<|PN_KdoV^^DXJt*cG_zqfo{Pvw*T@NbGg z{2a)#jJ~06!FiHS?=f08?e&whr7rVq8OXCmEg#=l_fhMX7J`EDj&o`yJF7?K0`Us` zV*!ja(pIM7qm0AA{~yUk#E&QKg0aU?01whp;OUPt@KUS4NA%X!(Czd|Evcwl=3^PF z$Dpnd_-QKuetR8DlIti$QfX$ej)y+9Bz z`)BN*N^+^fNELUU)R>3!7H?4x%k3!lXv<(h(Z2npF7y5^mJ1@&o0V%7;QLpuSeo2B zfenl2Sx}dY=b*wNeN<;87rd3(4jqt7fp)V5<2Axlp%<)Fz>z3)?vP#%4dk>j_%V|g z+NZgJ>9e(>ECCP-_W+;v50dZ^&OOzSRzI&hjP`uc4MvwI1V(Umh+QnJmiMaQ`ek8IU`I+>nnR%X_N4_54=!ED&O+RtG&8Gi%8>UF-W zu3>vM_fgoKa^ReR>bqefhnQTD%}@qs{K{}_PJG~cAtyf3^+Im^^1Q7$_+gZ!cYFLI z>x&T{&>!rxb0=)}b~4z?EDu9Ug|BvKYa7b8=WSu?Leo-gG%E#zvQMlMB?DtsQr2*< zSXs(^t**MraqPhMx}!NRiP-_4rA<{hJ;f~UG2ik;K8G@U;DGli&JUd1S`0rbhO+8V z5#F_`qYR1_KIaR_Q(n!pk2$KeAcKg|93MCW^%pON*Cp!?fEY}%Z@j|xT^*3pfDf#EEoPD1DQQiUzW%MS$%_lw29Fg2};Bk zZKV7Si~Q&MkT^i=BPNNz!UUkw7Y%KOs$ZQ7ajlb_J6uM@zYQ) z`-I-D(EqoVmMec-8pWva5ONJFe<-?mkkYhpJEjRdt{1XnmAvZm|8n;(fKe6K|9Eb) zn`}bhZXjS#ltjWKikJv$RzPyehTMyH1r!wDS}`p}1e0ArMcJ^4=DM!ZR=>5aZEb5? z+xo3k+wfA!CXg3C@<0rr5

    >1r1n&?;Bs!r+F9xit>;KVVQ4+mIxfXwirar~$A z(5h|wx8naJ(fA+a_@5`fREGudWIqd_PG0~)IrtG4z@4XP0ZiGT3Lgaz(gG-mUI5q8 z0?3J606{DOvIp(E0&Zt3pgXhz=0@D4CSCgqLVTx=_^Z!_`1XfGNDuz9iOHp3sScfB zjbRig=Zv1I*-h*O>juKx9U)|=vkRD!j(4OM!k@C;vRF`GgtbU6(a3!h7mNq)jL7pC zzxe2EH9!P<^OE>#ay7?rT18O}{O%kLgz7TyHx$Q}NByH~op|#?1lD)^#McPxd65`9 zI7eNjL=2H=)&pM?pA@*1Y4Q7M#uspfDMsKc!*85PP?}cgIG#Sg%zRpl|?+pE=qO~gCz-7|HnkQfn;q?t!RJB0L!uGuB-A{JzS$Rpgjn)Ej zT|o8*hRF+SvhIEXx@ccI%2LrwXQVw^_fAr{MG9CxNLg4HF4na`-gs^0C#yfdB)|8w zQdSUOPLkif=Y{IOk3&(IsLP#S%8RNOC|NZ&VYj^Ts{9dweb-$ahJpNX!x*hgFD7Tz z$wH95{F2!XG==If+JQD|ZNdpTt63Hr$i}2Y(P;mFd}j(Y$diT@JlFI=$KX6>3Hh24wyvY}n6y_&{08^7sFw_r-hYVhU!3#$X_)F5KDt#DgXb#{{W# zKbxk7-c9R0@ff{v)`d+pHInzxkb*@m3#?g90_+I7)P+ZBe6iNkm4&qtGg5%gOIfuA z!U=0uGxeQ!ftWMqd2B@+)*re!q^Lkk%>jC+UQ|?w&Yq;qVeIiVdrc$Iqi9?7zOGKi zZmQL9yyK#E&9eAr6S{EK!fJYzAg=RzeX$Fxcq=JrgtY-^8$pJP>yoLSnnCq?G%p+G)j#3&uu1)n zl`%-{GpvkFOJ{=VNC`L!7PK)U>rVXP{v&4>pY0$6OOEksb0AFcN)VMyM#;YK@v^){ z5`O|)6AVPxG*bMy6XhH)W>X$s?I*eCS?imYH@Msntz_oX#C8(8Q>47xx_0L78%K-F zK}AZ-rswS?+w^-AXf z+6m~MNELexW5zA4737m`qfOXmOW7g2K8djj`)w&b^rVPy^xTMbb)&L5CMIp!sZVnq zs@9>1Z(?oL(?(_?br?=;ukRKdOytQlv5P#9X4^|>3$-b(s>5$(`^G*&N6TxSSFwJP zZ50+OgMYi?J$xnhrqec|v$sJNyR|?k-TJ9Nxc`g!*m+r_vZb#05^DDbC0LJUn;vID zgtDy_3o7 zhX8auofD-e>0B)t1VO`i<~!d{Zt1ip%mxfoN-p;L;*+Z&ry1|uH_h4TM6s(jGj`xX znlB-yWUSYhoZL<&$et=bb6T**7a&iSR@^m`yC{W-nq15}=TcZTXi z;t3TBONY(W{4{!f_3dO9PK+2?p+Z7`e;i|Tq72}5iwx-8Z0@D$EEd#2I>bpfOa??` z)UCR2RAHN-xav&mB42LK5!nNhGH3T1n>&F*d=2Mjv&^Nl`}QtfHd(~4n^-4gV<_)e z+|~(fvzxED)d^-wrjhpKa#EQL<{?uCj#wTHDi+mXvKw+50?CRS8>TztzenFJvlVyp z1gdU2tNLfl&Rd;xa#S^)Dxe($ESI5YG?)lpa$t-unq}A4TrwHA91+Veq5FG}Kogcm z*I*W_?x)O(_kh7B^r-GJ1>u1R$D43l$HQ)#!gGg5Sxfj^Z%cMDo-zk#*Ld}7P))HED8X(lN+ zhjbzan5a@D&$IRBeegkMw@z!BljwICdtBCHzs2f)a8iNxrR4fjKvqi3yJQ0-T78Oe zMt1*|@gUNPEe5+)aRt*w7vrk6E@r?=wiOh`3L0c~cPOX9Pc**jSt3xY?~>2?$Tl4B zfP0c%lObSdMqOY%z^Rm&)U2t(?k+$(FH;Jkjo z(D6Z_{9VwE!`@ug@Mf2!`AAGgS8imH$h? zqigHW}B7mHD|q)$42Xa|PACC>`GkeS<<~>fi989bIkS$nH+nM%Y^fKNQQj zX8`|3YLb-L>6oGe{$H@%ZVGY;I}QpADlQqg@@;0{GBkBx0*ikQGBY*4NPJ{hk+@)I zk$C^^W8%`?+hOZLKf95;y#@qCtZeZ*w(Axk+v}M?LA7+-hpowJftC88D)Hylve3lb zV148WD8g1Y0hiC|V(dgn2X$Uy(AObWox1tJ)#``=o&8#t+NryEK7BRpp{4EuIG`u2bjd za$OyhjBtAy#bdY;);dAECHxTpK;s>_g5ttZBLH7FC2(9y?P>WiX22|0$V#>*ekN&${5Me+43(Cn=~zg69-ApSyV{Gb`0XgZ zk*){g#Y}*;cN%>>mcGb=Xa^AOgC+0YWXZb^UueV|YhsHvv6_Pd!3K_q6xnjLB*{5N zta>sY##KhgNer4E+zkJnWXBv`E{BOAH26K~C78Spb_JE>Mmh>9hR>W z+#2m~=qO!w5xGGTE#MvITN(i_2+fp)$O z#KD40h4CHvj_bqjM(YD3&M%^Wplc^9d@Igkli~&;G2aBr#cXqbFHN`9yjvIClINQ| z_amf}Ey{)B+~gRqeQnj+ZRJNCCH|fW3*Np9-%nSi`O6vOpvTuK8d5;vSc?C1q@t7h znNy`??NP<)U3D|qNm4r_S6C}-rboI!dqgZ_X6@cD<7Rr27qgKS{J_QZzVU|L)?sE9 z<_E6oG}+Q@zXx&+!!RN!u4R{$_8_eei`45P-S+~2mW|`c6WJezJlF||%DRp1{{h$sGt*u&PVn7LBuJHg2-7x4Z@t7c zkF{y1mCjFh=kEy-c*ndyPCMQaosFu*=*rkOWF zNJ3KrIZm3*a#$>TlhMHI4A_XO><`cszK^6eGZxf%W=!aQ7_yRSs}jpdluMqz%RM|> z&5Y%9tp_gU^UY*PPwV14KI8r|cmsNTWu^%PnN*Cqdn9d*v_6jumvPKWYV%C?PA25GkI4(~xU; z)0tD@3~^o4!j=!-hcN8W5UVG7aG@tzvu4#NXIDtjJ2Yrbgz-J2@}$N#c#&x(7iE@vu+6=yMURdye%nC}Z|0<2Xu&d`0ufGi0Z&U0+dXsx3?;X%xZK z*L!B<{WFT}!Wwyn->U)9O&VtvbUqITqcBr5)+`iTAalv_v4zuNy2&P4EDvbYah_0Rq6fZ{eMM|HTYM3 zGT-61J0kioy9@Z_J{-}1ezDJkESWf%LpZcay*Uh>k$L~I@NL>&->DYTAC++n zW_}fs6(OJDp-Ax*6P=9SeIK@5_+VK!_d8e_n=gE@&NW^jmfzqicZ>@U5c!&pFMPac zJp1B{Zf(tOJx1dT>8APlbcmugV!RGClk9i_vtE<6L!o$-G?d$#&l<0t=NzwJ=!J>X ziY(lv7baT)Dojp`eUCO@_~3r}Zoh-O<=t;Jxc!VTv)I^nHa>=8U;Z^}J*xj`eAUSD z3`M&t*!Y5{UVqw`8kWWV#y>i6xN`tA3$ zP5tz{_xdkgaORwXeh)a8`7HMhzJt!!Nc&pO7WX|P%TLJK6Q+uMvmTjDd@(;oK8LsI z-uolDdK@&uZSJ8p5@*YUVYCfj;TK;70_)BWaE^5Ne#P*I%sMLxa*%ho!4AB^aSH{x z1498)FN>iJEWu}ROK{FkU`%p0Mq7ek7V$3aFHx4@fmm%@+3pawgarqY>ve8_eTqE% zY2B{5@IEqJAU+qzrEeoJpOaKrk-j%R`sX`6Wy85UJ!s#nfV_4;GZA2PmT`H9=5w`=gwE-90g}Kx=b1grrr>oPa%ROsLI??BVl%QkimxGGbL|O` z9(wnZcr)>X#I2=gxcJh~T;41<1Tyd&>urxuY|^#{QoZfTiC(SG{Yo4NB*Dg92{FD2 zFEc7Zb&6#q)1-s*_A9KJw@raf<_*jVAzgtKS0BX(=$`Lzb@GDD+>+$!&MBj+o*dxc zNtaT~TiIJkkyUh;zn!>w)c`-aI}*$PM!*T5vMqTZJBW4JR2f)ZBL&hh$b^RUq_CblZ-J2X3V6pQoJm9ZZOFjrE2FnG;JEN;r}!G|x4X z^E8ZvNS-{MyxxopRkUyO8&GqNSb2BmL|&E6hhq7({fg; zZX??C|-0mr4Q=8`uCY3yZS)DR2RM_6?U&dAe zP=eKf{7$y)Daq8U$gW`G@(B@DxaQ_le;$)Y@ec9e!@MJyEe!2XAX(4@8+H5CoBQ}9 zpxx9RD-W1%b_>T(R%qYx+wNKuYa(!p(9i&(~)C@68KgYEl$HgVrxF4USb>*F?GuSWFx?J@p(kZ}j zw#6aJb>y@elRLu%`_33wy+NBXiHu08c1{&jS}IyYNWbRw8zik!a_$qM5lWIa-Oewa z>?(+9EvT3e6Ty1&Sp?G_Rck0|-oPkn7&eu5)6?=B*dCGqSwtZ zi?eApHcNf+@B*#6Agd7?F%g++R+G58nl-nL;y8CghEW@Ro@$MXaLg{Mp4)=C>NOzE zb~plol@yjw*%<0M%-x#h_da`p46e{w5py-6M5HfcH5J> zY&kn@o+;NUojYu>XH5KDDetk@+brJY`8icn`cgNdajy;^RU@*gu6LIzgu*k zO?P8A@MTOt#TR0%o^SBY`X;&%*+4cueApAw8$cg=WyM-2vlwwcW_GT1+DE!2v(+u7 zD&F>VC9z80#N1>BG3XgJunsmk9~j_WUY^#R?YiGd|Y)Wt#V(852R>Bu_8owRN2U6BQOh zT-(dE1wl{+I|CIsaI>9`2Xl7&$pM_qT+?&^Y|uxw!T321_y=C7OY6z&iL@uN>=9j` zgNVtiuxH+l6Vo8N=nb8k^YINSczZf3@RPIUZ6R<(_XG7ZYzkm#O&_5ToXP9i z+N+ngy|T+Ms$zZv(;WSV8488Ba+orBuAK|Ew|Bz{h-?8IRV`l8Whe5tazs+u?iF{C zwL;c5=|oKel>0$%;PY^QcxQ*O@r`ZLTx1VtEpS^ijbE!JCVOiJ%Uz+5EO3K7ThUj*iAeyxz&F z+ws@PrKd<}X_rb*eS^Oa8GOeJPtEqf8(I2K5v56#X`fem>Ijv-1EqiY)FMCW1M{3) zmm-;6Jj73jkh4Z~o{C+*0$Ej07R#PHVpU5`$pYt;i#M;j87;@5<&t>}MDh7egxz!U zoL{!1_^bAd1CrHKG7^>?$;Bq;{vPM4uN+sihOmb`8cQ`V(Q8sLhqq$`7xl);3tUo= zvpWzEEQ@_RjzXzhE9RRk=BI?><>|N9-#>?ZDy>LdH7Qf|%waQ*y{ApbL2^~Lc} z37SeqQ0QaG9Zwoc#^z8oDK=L4^A=Fds#SqsQ!I^K^qJG*Urd}3X%pK|hfOesUimyT z!ML>M9WufAx-UI|eLYzylEg>$;z<=^>Cq44jD0Z9_yWcmUyyMI{p{WkQ;aQma|mya z;LVp&Z$M~P85B#E}&2Rg(B~uPW5*K7aiF zcDf$p>Nb=l<+OkV@spI6#R%VLV0~$!zTD^Ged*l9`-1iW^@tP#dOx1-PGRr|{yF%o z0e?$B@K*;0W10bV3PD|?3cDD&((Lf7LIYEZ(^V!Lj$h0o?;k7aC9UpCR&`|x>v4@u z*y-wuwSQO7jP1>gv)`g;#`R_z>{InjLvN#VkE)%5Ij2z-c4Ja^L%(FxJ`Kmel*A>ene+>72*AX=KKv#A zeuJVNMPkVgz+bW*7J`8Tn904Ev;9=~?o2cNfr6k&TntO1CBTV?F{6t=$Mdnsx-C?9 z2kJKC&EF&6d`xdpXE)Zvc3{o+!zj^;5=~T%O0-f57%lCFDbx1PVB(NR0S?6SLT2%^ zw3Se(mE2J^lTWR(-_X_*&o=(uvUe{!ymJkBlOg!;E;H}j*Xs$CkpM{{^ z&c8?yqj_=ZF8a5pd-w`XNL}FfvZ5^wJur*!}zV`O!bOL|6+abGm=UL zvjg1|Q!y|t3K8p0-7t_x43Jo48Jf{A_%&5ayDApqzZr*Q?eA*Vm*VQR%$da@RoEx4 zCjMTw921|Z!oy9T)Cr(*NZ0ba88I;-pPh>3up$;7mOV3q+ELfuIEcjKMAz38S_sF3 ze-sW7Ra+&?+I_QCZ8`c_$YKC9FB=KSHA7&WCJ42K7svPyQREH=80>>}P$hP10|iOs z8a^Ly@+1pH9cdpZSzGb)W>2a>L31s~N^ZkO8N*z(ze&xBmC1whbCZV^zwfvLXkoL! zhPPT3tu3lpPz_QKhlNdR3cT0H9?YW%90HQoY4w3$NSpK&gO6xv{h=XndC?lclSIak zkcnmOL*C7v5s3gp#NWmhKQtT;?o;Y>WCjJa?GJTp+A zm1R4b*8%(Wtx8=LQ3i5dHT_YvBVc|4tC%I(F#_WV11qo?%0CVWAPeC`p;(zZ2tRiZ zB6yncUmH?$2hlg0*b~8nz1?e|;Mstu#eNx1EskJCYfxlF3e}>(P9Vp=)=k)sMXhaZ z`TcSo@#L76??U7-3q0=<=!FW?vF!P69_>DuycR+%d^_|j+~m9uucrKlM*tXZ(L(~v z)-z0@jN4fT7TYo3H@SM={$G={g>C`(%v1HegDlVQTNTRKfea?8Jmw2biDCkE?ho=; zvbN;$ab$NA5e1%0zYBgEJYN@T2X1ukZ+D)0RV*(c(T8UaSdr?Po|TEQvX~FK+(_sC zDu|xNa=JLh{{sgg}{{C~Z@)Ef;$QZb3r9sBPNzPL*Jav=*HP%pM!O|eHZrozB zG|1Su2c4&WDLy}mE)Okt)+}|N$}Ua`EY5S*i4c^>F30PtC+|IHHy!zS6{o+7i+(kZ zaLIp$qAQ&NV>lAbTXJzyp7UT2TK>wBh?d3Yi0i{vnPSVr4sx-oVf3@G>`d5{Rq$=# z-GD)}(*g-HMRwjz2k`kd&e|eSA$+!>=$l~!%g* z8FF2Lqd|P;FSJ2g>cyuEnOQgQX~;wKug6DvXx4j=QQ)5ULf)BmXWzPSpFtD&JMQD* zIc{^KJDlis5N^Ew)kvbna2}7&Tn|9kzO)wK+KDt+=z>iw#A)^%vw;?cup+0;7=IL%A0t_YBWH9T=$Koy}5X zr#soFK;2SkK_e*fz~w}aXH_jrV;GytFc!jQQvKa@1A*i?jD9+X(S=3O>C9&~h#lX1 z*U(D{(~~Kr6U3QSD?}^#{$?Zw3qxkrs$Ki&n$6vUAi4HWlbl_9mgORC71%8q$<;os zAhAtyc6StCiStZ|bL~s;?i(yY4Ndo761|DdrQPgqOKD&TRNB_WUC2O!XY941bGpHuHDzPoxHL^S~2X#iHPOMlqi`Q8o zuD+>Hoy)1t$Gi^B3+jwPoj88IPQQ^Ou1@V!Z4_1e9hKNb&PQ|zuR=|OShhEY)#NTp zb{V2;W>QU(dRw)6ug|D1Y}@{AQ&_`VT^FEbFQ{`zKT0%@zgZV`; z-u@`65PpiQzpqy*3e_1?M3n~fN{brrTZBs2p;Cg~f=bT+dKs0j?OSOqt3-EcQAwM8 zU>+)2P{|~g({>=P1FNz!GdJI3_!)?`)t55cn!+H{GZ(D^r+~drHKa?Pg|Jwt3gRrU z&J!z-U<0&>`G=-gJUk-3*jP~3;@FO?T=D5oQ7@1|NJ7e}26ni!_ER+|TTPU?fp9ul z$9?LD4NRp{*_G*2iSJSwP&NT967XAJlg0GxaDUuukhip)iZ4M4qq07K#a|!Yf;C5kOJ_Us5?l>N&*~FFV~o|a`jucp zjFeI3S)F!zU`%OsM_WQnMzuAk+IuKPXq1E10VDSwRvzRo2Vn+xL>8@|$wI3l?6hUQ zPggl-&{fXo{~UFdGZ+{{C)o=*=e{>v z0lq`Or362s`*z*T0*c?aO9{6{u`6|N0aK`%-s_qX@(}&L=HPH6{JQ1=x~_SEJoo<) z1Gj|^g6NCVSPzXqom`wodeZ+&iP=ENx{-c-uV2A6_XB6GVjhfM$Lo#cCE53UR$q-_ z$Xgx@u)w2fxv?+g#@H9b%*hnSTNcZLM{xNG)XjQy8vUgno~Av$mx@{NUy(O9VaeAOh28!9OBR926~p)a zY5RDXtnpxfuvGid`<3ZtkAd-Xown7!E#dQs9 zg(&+S&un5XOa)~PD~5pOux2$pmKC@z+#Ue1PeOs&0+^dv$+dTtMjRXW{z&I&d|!{&{z&Ud zyybg{Y)iw9#PUYUUW{y{I@HJ(h6_Vy5`3P4Kf@nsJsGn2(!-4uiH}hHlq$?ak1=s6 z9a3K#b3Tow!)hQ;7uAcin{%o_+muhk4(a*9-wvM+x=!N2&t}QlpPmkuo}B$z5@;d{ z%1LG-?WHH%e;120bfBKmQ+o0;*bItgr%5&Cjfwd>SlZnooC)$f@3}QxK1Mc+r6*%R zaEPwE8R5)g(}bGK7Cp{*|`g>D-6!GW~mi2UT*&?hWHC&ATidPfyPxi|YM*J%tw*ehTeXLuK22XLfUsGshib5iD_ zeSf-p{Kbm+=AnG|%1dEj-mM6JEBO=mr{`;wSeG0Wu7+nu3 zmTalRKy=YSWHSf;P;&%flb|*0{u?0UN>@B{@U;fXWg(ZU_JB-s0N@B8#6T1C*eb2( ztL3OqW}=n%LW`$#3t@3zZGij5h(!~h!9;gL2d0Og%w4U+s)t23cve+ zzw;QUgtHE@WfpCZ9hyUmHE>Ae!Ub;1><@e=%Emnu4@Y8Dx$m?4`b6!#jf*H~H@pi% zI*~77Au^FPF)Cu29y-uiBImSF2(AeGpUTt}$yMDXxlSf7Uo2F43{ETg zSE;6xaj&=COxm-DaXx+zrpt<885#4byW?8I^ zMW^g(=$>OFfszV^W?*QoB*gejdG7>AJd#4df#;NxtEs1?AB*T;JN6Z4fz|@#o33~9 zb6Jy2=-zau-=sl~8XxM!GSiMUq5^u-qtZss3)Lig{Pc^+RI0jRzIxe8?mwp8vntzAXhEKm1LMj5F7bY{o z6oTgmKaZ+&3z}f@42gsmD-%Q1G>OH?9G;I4w}ls^Ccort%(hm{4q_2Qm+0({wQ3C| z?aTmP?KObEg2w^Y4d9@wl4BUy4p*`o@!gu{Y z51)TkG<-i;+Xue2t3vSI7KSf0pX(y$Gul3}0rS@EFVGP!YEsF;Pi)EV^Uvw@0)be&K_KNCbR4C2zn`5Yrd|mWu{#XYnOKOv$-dl(^?RXLnNZN76<@ zfk55)VgC73(J&YEf%&1QLNE`AhWS4L@AVe|?~x~?;eF}P(eVE5$q>AET^g+q*YVR0 z^n5Oap6hk=qk(+8R=+L`oMVfzx&{)ISgdwh`#IR zLgBmqpNH=cE2H6?(-*#_D?{)NI}1MfYye>v1bOm>j32+Q)LhbXegI8<09^Y<9{@jk zA_So05*@&A3*Yts0({?lA{st(U-+&L!}syUA^4bdjRlu+r>M|<@lWVmCEqBc?zh5z z=25b?2f**~RdOn+*vQ5eFz3;p={m`5Bwf2>if7WbB=NP@T=HWGnTb_vtqNeLJ^AWp zeI~l|V)o=!tYH3|6fnJvWNQNic|Bx1q;-@$7f2xAt;8kh-JY_Zk3+po?1h&(!C>)t zX%xQmc=RYF{i$~p$N>bMa*v0`;e+9QcD#SrcwGOj$K(3{(0JVPSoCp4BLGk9*#37TI$@C3HS~**I1r-k6`{E~Yd;aEAB!Rv z*ml=YvORF~w{P$I^R(A@^*TLOy@^84O1jpNOpWg)yN9~RzE&WSIi0*=O( zC;G>h*U)Tuefsd^hdb|lC)DY{U1|Sr&s({Js9%TrX ztY82$=SsbRjney&&w_&#@d2RrW6?g3q2o)TAz&?`UyC2@+b>i{y`+)>toPZV7y@bR zt44``)sTn66yDz3bN(?HeS5?htp8Q-7=+@$Jea7`{hBt&feT>ZC(5u1YGzHrys8x% z6oq@66<7Z^^4??L*c4jOQT~OiAZY4c&sME2t8U>QHgbU>i)t2R)rspU7A-C45qB18 zcTc*OmiFUC+R91S%UUhIL(3Vmz~yhVo}Lp3WxK|2bZr4?2j%@7Dzv-hW-VjIPMO;116t z>(vHd*{giaD1J+%gpB$7nGgA%zVVR`a!E?>{`W>qc>mkjJ6sX;C+&axE^z-_!S=ta zX#ZQv_P?w9+yAaOYyWG;V72Ij#WudHBR0O!U}dwx()Wnvo7i9_qqM4*=G#I}zuQ9X zTxR0Q(d&+1>gYuy6~ZrfBJ4&L;Fl=$Ge3q{)JSF_z?CYY=vYKJ__ugwKfUOpzk2 z%&@)Ge?s1N)uL!7@#CLG%dh_a{m{Yuv!p)vIY^@;Y4xy29-7z#496g8!$kVx`VE-TK*|ia^;rX!=TLGo zvH+qK02CY6M8JamR-!T3cD6S4$uQVbz#!7)Ep>HgKxbrXVwy8FF$7I8^#`*t z^I7#qqUR?gJU_3j>YbmA|H%BL_nn_~nxBzuem;r)r{-tTs{ZC@N9?~aKW(VIfxyw{ z=L=$KSsL>bjML|*l5#Wj`SG*de(`^7czj+>(|3Hw(D)MBC#|O&Q2)gE zt}5+se98XzpB`VZeK8vdoDlwlz1+ysg#WQ2{HNTpA^eYx9A74eyTe4+54~N}RBe}> zQw=*Og#s*8$-}E<+M?*6Q_W~o#djMO*U@Q;_-@ArvP6}|f)8b6;H1cdj#v>38px8y zdtj16M#1>kRH$Sf%{gI9+@*@v4^{EE)kXHo@M!mMrMK{sF4^TJ^OBASMzi zROB>LvvsyuGg_3aCdKQUM)#-$ubjvgm=Py(aP;G%5E*ch{VVGAx8gbsUMw|}>@ZBW ziMz>uB2B%r$tF&3eMohW7;Q!&+vL`gVMS8uzL*Z1=Vvh;&{NjNQLdvyb)&8ubuj~G zd^V4{hJrEFgJc-zhM|XWqFS&gZA_zG;VBmVsD}Afs?p1G6aQjpetq|0Uvk&`UZLkg zdT#So;hB}t(tK5@4a?6G-`gxi@j$v4;JXXv(Z0)gMGFd-S2=EBY2O|Aq02ugd6EhZ zrDn+*-Y3$}0RyXZE9G9-c{+%ejlMImz4N_KrJspsZN+m~H;}Ql?@H9u_e9?w6q?8! z^VhKS+bHk*A#0N|{Q}x$=PiwmX3sR!Le1u#rE9zt41fYCdm|17cM;13(9J(Mypsp9-kMBE)tbGN`KkB+)5}%6H?5g1pB{^n8P0@umQ|?NOl`W6UidGWfLsiCd0a6 zVpWGM{$=3y@1(^zzPg4_H0+c+^}3jtgj(afcq{l`BXm0c4WW?3a7|Sp)pvj=5+^qJ zcH=Q{h&Z%Xn8ROpR_%5b;`S*PTIV9uCcRMmMdyn9)ZyU>Vn2}ya=}o-M z1bks4>;jD`*ezvOJ$bA%PDKG(GtR&tO3vWPS@=_H98N$o00@zZ*7SV`gTnfern(ie`DD&r`7N=dUmI;6TnVvL7xYd?RF%{&kUXM0Q$xH5gNzI$ccG&r`-U9 zkYwK@$4>`=+~38YP>0_S?@6wy!%!F|A3GfhzQ?g#10rw}qZ@;4--Ge|Te4_vmEF~$ z$_!6n2ONZK;gYJ(HVClTMAEuWn#d=)**Y_)8&bHo>tpiRUvyi# z9|eM=Pnzg_z)_Ao<5c9)?JWM6`hJiZ!Y44jSd)~;*qtLXahpT9t-nro-fD#<~EJguSYjAJ-Ad7`u_ie!!fFJ0(w7!Y< z;0)SxkPHqTh{Ce_=gj=k^HLkzi?(5x3J#5{^hSi?^P3_Ldb=u^F?QY1lzL z9v{8nK07eF#Hvkf2oBwd{>$$2diE`fWvG?YX9y6MDXnK#;;t%eU$Q@hH8*W zI2oZ2#ZHdDb7`1^L;swBS!~1h$#1xndjW0?Ea zbkFMclMf$ob;T|l3hiLtPXzlwLb_~r7N*}<<11stYntr7&&1DroZN#kVo_~-E*<5f z%h6Lu;7?#Mjv4Aud~j$c@LzV-nB>WOiv6r%-fUFe&eg1L$Li?1zQq3P`hUW$= zrrsYP8)MIyx|IH0Y+Tz7!|ks0<(V?50s0@2iNEodq*~p^W-KYmRWDdIV=W#73CMdF z59{fWvwGxHlRH+9A+Q06)xDbl34tMQ+@DyIR4@R>d&Xx`rOx=qd`>o4wSj-Yqqy;4 zs_6Ow&v+3To9HH)cBzNIyQJhX{EjFoLGv&`^zKWS2VftedzoY+dU?$aHICce#`{p( zRd1>@-i!xYwwh7JlXRjc-Ja{JPp>mxizJ;gnsFkYKpw|6Sx2>5C$~A$SWB7hQ`&*@ z15@!fPrEb;e`vDC0fWfulnBZDuxD9}_Y+_*Ve^Xk2YMFdd2sY3_In-s&1Jtgu-_@{ z_eS=c$9|`?-xt~M&0w8^qi3_v1cdyUCn-9iD;8=wGhWSM2euAwCG>Had!;!?s4SP|%#{q$SB9-|dBEt3`M zku$K(`R1SKZRa1=&+Mmu+PA20=%;?$-!HuW7uTL$|K*7KeeChObWg`T>dT{PHo}o***fa*)I#klE#t&i1=1< zbCS5qaFOCVZ7vz1c*qION%C6t1yLKWo}goJPL=-=Y;xp^F5x(uG>nzkJ02=o`q1Jf zu*B|?H!NPV;E@N4mn@KT{PM;JiXVF9q3=HSFkMc#U(PwnVo>u7{Q{#Sa%Hb~pq%5C zy;bb`DhoNZzT_eMW8Ycuke#l?F^2M9MDD_yonZbuE?Y zYzzA}`<~*NBnB36e@CLZAcl;d#S~kNm?BWxESeQFWthbj2@mFibmXK{PC9b%U@pi; zPB!IaBPW{%upsZaxJ1dr<0=~-S4nxmH5P)6U}G@4Rl4x2W-g`cVzX%(tzh>oXf$|8 z8y<9ny1?!Mc&WQgnX-zO#LIPRaF zM@I0q;Eg+f3(q(7=5J*A^}YFlIZ^Q(7QMwlFq{j7#~BEQUJw>?5Gv0GVHV!Vo|~|@ zob(O(=93_#e78b^^PC=Nd6FqoLX6V7Umfs@ zer0n}C(ZRz!h;pz8-r+(O|R=rPw^r?Wdku~3YLwUvy&E+*K5W)QrHvb%u690UjNDG`kGB^)ujYjT8ejXu0now=$~K{nsq2_i95r9G@J#9 z4h6vz0;E0~eEC}D!}uH(^;)Rkr`Cm**9)Q=+hxK9$=3@CDmjol){G-)`da)a;0;pP56l7p}M|D`}1V(T19l-NvXQ3wLG4xSeYCz zp|OOD)Oe{PIYF#c4V&wtBF;?8b@_N^q1-vq<_9g34(?Kr}5Qgzc2?p3qE>E)Xh=KGEbhBY6B z6JXA4O1E_Nz5E1P;lLM+R*=_+swkGN4jef<*g3IbHXC;A@q0z*ub~`7QPuMlSedP= za7JAH0jakIYzLYzX%jgYCZqD ze=e%)dl?;oo~J121x|W&@BlgpL3WTj*hy5$Y(?0rYW}x^6ol)sZ)jZNbVACWnakYA zmoR&(hv|GMSj&!4kO2iTMON{XE~)bqIt4Mbxqe!_VR}~b%nDjFy5%5*`65euZ_MS@!Oyqwr_UqXG%wz56KrLsdIOM`LFj<}hz9&8b|4$JtHznct3G-D+gH zc^#P2=^bLqo$X@EEx`3vGpi)+Bj!Pqyf_yXlm{JI5&JKJY?fVH%?xbCRcn??nGnYQ zCHjCS-`S%I$H`@SXB#x4pJKNk~pM0hx*mh~Pb`uEJfoSxTCal%*{N#wT z$08|yR5_^PX~7<(Whv8wJt;X?LfRl!G=s*XRf{1NKdHz2X8(Ikd_Y2sE9uy!U_7b@ z+I|J|uoi)lC?k`)zwG`q!63sgRci-+DFReG-W0J+rZ_beG63dT986Vf^iBA(E$F`r zucGy@^XX>z>eUQ$K9otf%sg{8gJK0?doq!^D3Qf{7UsOOg%lXXvV$EQ#CetQ-Ff0r z0*T=$)=W%7MEE!g>(%}VaM!gmGmjAtvi*|Y^&(rm_8~a89YcM8+}{%<7j9_!DU+^t zr+Jv|%l_hQe&&A?{-&urF97~S`_2Xb(*56_A5$MVo1dxo^|muF6wsse@arUVg0PM| zN+?f9lBjqVp_=Z01795XGX+Ktla0?B=a?hAvCS7^ylk%qXM^V~1OZx}hMKNb*>O<4 zxIL8c6)i!}J@a0b)~}$C=(*WYB%zaLJpzosnQa)e(i#0_V4|ZoIg!|ubO@QWHYoQx zkIGtWz*L}0ozG-;M@MvZ zRp%=-lP!A2^ZxC|e$8_k#2F~)3&0X@Kv#BM&WcttL~#w$)|UMlnA*zF&@f1%a-1nw zz_!0MVzn&iiD)7E0;X9?Q95Kr5XXuH_9}91m|3c(GL91V7g0Na<<7r$U`yYzcFVFN zJD%*d@1XD~bDl81B&Pl~HHV$TgPMf8HNzh|T3i0fro>|rl@VxmM$k_s5Zf3BXIZdJ zlQn%D>#~rdTM6v#rzfE%RrP@OD2@rBoJHpro)iz(4guu|1r16U1K~U1Kz{i>py!1N zrlh}2Uu>fi9=Oe)-4f&av!X|T*7h4I<_uB!y8JHMh=3!9>=sBSS3T6t3}WBNW}p3s zf46SL?6>3@8qh9*CImJ_TJ)p(jy0Pmuz`>W;GaRj!yBN9ejE{p_Rotq;vRW@&!v~S z0Zw<6LIyF*Y0dA{of0oyt6U$F)lvtyFMEHWYX0HX;1xZ77F|C!|4rATvHqF_BLrw{ zo-4?AU#nTx$`JxtiXbjP(R}(C;U)t209D>fUZU=dBPTerT+!Euz(V zxJ=iE7GhI?U=$cmQGoyls8&I{orbZBM`}siZ6&$$&P%kXLi}*sT+V{@;w5-yxB3-u239_=xx z2;h^e;18#>E65j${Yv{+uW;VhI|`n7aJfb3A2%`yJSl-G`*h2Lq}b zAcWCXwwf<7gn;rlho@7UE$w}81Zhi%KvQS*M^M#ZF^#XoWidhxhW|ijF zGaAf^Xe+@RC)U}rfKt#waObZRBWi#lvkd01%G19Okh+<6={zCV?dbY;Wq7$S!`zbiVD0=OQ{CaA+RF9+0wU z;_3R-!1jU=i@dQMxU?*JyU6K6u|D#RE)$#vH=}sQG9$Qp{W<7JQA6M1=YVjXt{3T` zhDdP@XUdx3<tNG9ecmp8~b{O_uIYtXT2C|fT50fO-~dK>7!o4 z8GZ4^fw;A7opCyvAtlfa0h24t-32_l@^3d}6}Vbl`c=X+AaTDX=534pE>8^Gu;?8y zh+)3E{SqVCAovp+MjTTV;2V$}GO&XP+H+i_wHSbZEKJBh_cN=h%}C;Gq7>sx;|K0A zCcI}7Cr6y%-N`_)@MxTQEggVw;)|ZaJZIt?5FJoo3x@G$w1y5$d3|5hh_I#$x#K$pK&~D4h}b8|w!!FMb|=rIFE- zH?zv1Wg{^~V&8)UcE}c+V$X-cEOq3hZph}cI2^fxp;n9O+s7Z6Ey=g_IKwLi(6u+$ zwLT=?aChX;^ROR!1%r)k8}SFLL;OKZ@7(iSj|D_EWq_bFof8os358Xr~G6&DRz&4}A$Kb|Q)^9%8Xe z*O#XjjduM$Ft4fH8;|wFsk$4<3M_iPcOasy`VsNi7fltNLsn(**q`M|C`OIb$|~uJ zo&g~duTkV5F+)Hm5s4und#8k|mm(lH_&UA+OInC`vi6sa$1W#*vZzsxCYQ;0NYkFM zfNOjB3Q$#E;Jexc`cTs~F z_uTL;KL+JWm2JivbLo-`fAh!PX5v=HRDS7{D>j;ICN`c~aihe@df>OaZ13c4C~DAV z)_>SHnr&1u@s-~PyyXMSi7OocP%Dixg&URwQb1gcT(Kx3l1hwEogysRks!BIyDUzP z1MN($$dI~7O=5%)H`GZhSZFU78deNDjzvifOaeQeg~+-pE-EQT6pLtfKh+gLNdRsayc4URgaY%!z0|92KdFJ309G&j_=X2ubBV0OoybgE7TS39{u0jpg1Qis(h(@1f2dBw__TQ05D%isX}~g*cGUCZQmm9E|tO zibRRI+Xb+s<sG`8}k9nM39cU4v-x-%C-uWyeufva>J+zxPm&E=bA?yCHsSSCpZ3&)aD$k?dt3t}ePbgNZ~Phd zbmB-r*{r)mWzo}4|M~l8LE_T@2-<_;_UhVmJRX9QWzG(SaqGUH2%T*y!aMW}Wum&~ zs?L@udS2z-=jmpz_;ZV1xhIUi#mPz1wEjE zZ0js>(~Cf|JR`YVcM0Wi>YRPLrHs7qK2sdgB{maCS za$>oRYkEn(Mc?)Gn=JifMpM6t~ZY^ysGe<^ zyTzr%cKFo-RNHjU4yZi-qi~Nc#XsbM5z9s~EX1&J1u`;}3bAY%vE;~S+`R3XLZjwb zaMnSl;HcnWBR3bX^2J*7t9I70OxHul<67X9wwi!UK_~Iwm2YjQN&g^(yYx2r*My~x z&F2nnZN6LIkBj@%;NI7$WzN>v;ok{geyHpKvh@fjNU5*3qrVco#mVjKI_}Ywc3-?H zD`{dXz+Z}LDon3h4OoAW&#e6Oj?sobg830!{7zLkc!~L~ms`?vDA)Ye5kIeb1a+7e z5!qV?Uk-lcteDzWts0Mc$!pK7GL9Gz<5$5X+=%X+)TeOstTjE2|LS}H z<#0$G$~uhqsW^hs;KSVx`Q)IFH0ypGDP; z$pXIe;DE^a%Qj0_;nkURnaK2bXY1xO+0j81+dX?L8gAtBD! z4DZUJcLQE&EwKHV$ea^lwlq{bR~V@I_;iEraCa~OMF*XaD4bL9E-iSi5jP-2@Qz1S zLwDQv--k>w6K{-Sug-n$HYeK#!+z@BRur2mAQFBOOSy_=vU?j0*`Qzb=8?4YG1 z?(*BopFP7k(twZY_-V*x)~L)*PENm^U_5%l4C@7EFZ1>>??Yx0D=w}ZTd1eh z+%`~e_S8sUyNS9#c*e-j|9S0Ox_iH#HZ6wFz!Yri;f6s(god!RM(m&4tpDmZ3#dG3 z0*6)7ekE8POC=TRJfd1zbQn@Gad%iAe|zxfBHtz7hqe%wg|(E)4Ye z-SmgDxE}Fw!pOd9RhY1HZ+!4(3&N?x=RW@Mb_}{ZHFZi^C@>fCRnoctvG6BZTD96kyz4xZ{o!b8Iic7dIR}?VX#4R#+1JbB-BmKNoE{0pef)T_ z;QhsrchsBRj#L+ZTQIIxjY+?EFBr{NQ)IAdn?wV=*!OYy7bj~lPv8i*f!&l?~NW&7vo8#47( zfIS-4@CYm;Ww}8i`Ea?Z1Z_6(X$MI;C6u_xJczVQAdT5xvbvE2s^)c#%Ic@;>fGiC z6~x<=qXdLHtRf45NvnOLUDY0H#VXWQNfvG}VWqSEk{J=)s}8LBD-J?7XMgY_}^b*G*J-a;Evw1*93)K*@3q4_jPZ*&5VFU3g#dX3!gZx+dyGR4^wckdfLH_su zX&n7FA`S9E6#lp6PI0|Yq+SlR{8hNV=$rD&4=ZV(+`t`I3{q)5pLj@sw#ela!`uM6 zQKHGI?jPAj|LQH4t3NS|#t6z>yHgm~#Ih*@T?cOxzv~j<6inrFOxsK))+BjoozJvP ze;Ff~G%T&a&0nTD+)EQJyD=3EyXM<+@e>MhKvKRZtjrKWnP)T zwi}kk0BS;iqSD+sh17^sQ)v9M-<-n*{k%DBe^nk$Q;jbN=~kz5z29?fHCZ$0g~$~s zu99d)EY=1f0J^gfR*IO@b~!W%%OeK3_mUjc5A&pF6Yp_-#kM8*o60jXBTnu|H>dsk zzI|8Xxt3T%;kElQ%nVd0&%|Qz%?!ld5kMD;jt+A|1fqc@!(rh3nYq|DQ~K>I(;h%W zz|&_d=UIz4{;M(lieF;58^E(XO)zmJlni-LdGUG=vU4$q#eK)DQkrvH&-xwEEoXH7 zr~5s>#vA!j(A~CZ1)f&tV@H#hx#OURpLem)5bJ9ecelA7?dvmNyVUX3xE4%SYksx5xy3 z=^ygLAJ3`{A1Y&+=~(GdnAX^yc~X0H-3$>9Zx3$y z>9MBm+UT{W;nx%o6u<(mFvSo-n>dkheq?j6nOm{Hvpb%#1p8S|L2YJ|!{~b~y*}bR ziwIumvP`}r)Jhob88LTK>e)W90%~P0RzUVtxy8v%f_HD|flh;5I|88i; zlxwT@8lJq~7Jw(PatqOFCTv#Mn?$&EnAaTPSD(d|Q2$%`Kc6Z=E#76qGcV^*v@f+# zmT6U{uT@l~irHB28@+zMw>1HA5viRoTP7Jqi-vYFkx-$(YrzrQ@^iLz)OUr;P6mv7 zWlt`~+3t%OxuKKt1ZDfs!cIsDa6(9%u)P|e*I+U7?gLx~)hL%?Iyw72@3ynKZDQUm zME^)e0)FDYCqbXq_{CThj+lLt+AV{5fs(Fr--^a72=wLwP90ePy5*B{e5xvcfa@gM z>d~Z!JiZ@JIf48g@l}uDbvoRd6p&!HQQiE|EHz_o*)|x?ly_;T&(}lOmQ*d$;8p3z z#*yfgFY&x<7}41dC~SE0E(VzRVr19KEJd?Ys(TJ)Jsw@dUJNjV+D{6A*Z33Z)x;mf z>QZiwCTR%$SFg5|Vz`xYu5Mf0@z^?hRFoLW=b%+Lu3aepJF=MKu6kgNAN%g`F z;2QnXg#&{1SnNj5c=z zGD#J3(Y<&&=GS=pYjjTrI8i=t0*{0|J#qm$QwAzhEob6XlaixvMOLdt((97Q&JGv? zd3NCRf2JZVPHS|mOWW14A-~lj?e$FN=m3d?y!~~&QwAFRbtG4liu-j;t3@(nm(11< z94dNt;`D!~0z9u=qy&wGd{XYBRXSBFPKzMZ%NxvvBntyM5>)nnxE*_6@ik?{MX za(4MOzWy5DD?z+9&My&Z$X-)7AU{zBwr`30ec1Vc0S2Kxj4Cc^OR_ooVEv`)cv=QqoN z-z*0t{9vh_bMR@%?0!RcQiGh;FP`@Kg@(3e6Z9kP4oGBA>oEcjZpsi0O86mAJL~+O zy0G6}qtqZ742q|r1BXD6ezQcP29&5;beFHgU|sf?<7G4*4i?Amo+)mccI8Yn4JB5I>`+hm-Qi@&IW*j5g~b+e8}Hv ztmcf5Tsz&#H^XPhii;@rkKsIFX*`%V$|mYaVr9m`o&`*17#z{W_xzT?@eB#rRM|IU zf3C9NT+K1qy!QgWowagZ8?sgqC(qYCbdI2)h_CF_zl$H+S1by;&YR#8r!E9}4#;06 z0B!~g*%xeYam*@zW4ZRo4#H%BZrG0ZWF>p{Pah4bKLF?P;$jYPzrg6nyk_IL0#bt!r<{hkt@u zh$SkFe8l9vfJwgltePIXWnQgJn<_cVMi3>sTbR;ShPePV9~3!dZa_}!AKgKgWyw@Z zp|)(iq8t>#{Q|(XFfn5)N<=0wwMTuhvhQT4r?ZVqaKChnW99*4w*mr0ls({y!#=i?3wsnKH5MYKPiYpFv@$#iNuR&e7Xs2G}U5cd`V@(@`9Bn z-3A{en2eurU=VEx@|bz@w69`HR5u4AZzxKZbC`>96HJlBw{%^Knr!%IA=)7Lmp_!u zRGzBR7Owa-00pk-RDd#VA!V1XgUmIb1hX44sfaw`kVsrsB4HviFDWO9WI?oY8`e9H z1YZ1IE`ckDL^bh4$a->M>{M>1(xlBIeT0Z&vMIbb<~5VAZRf3nk^iWC$`e9oz3lwE zWUr4$dZ3w9TAgwqs!LQXOwmtNlIimbX6FYw+I zCgQXua2S~WzObbFP?C{?yxpS6Rdhqu{!oMn-9x_y*1i_MVP&{1n!FX zonWhhQY_ZVPfF~$0zzOZU}5_g9b<*sXtb*TV?4)5aW7&=>d5q%Zb6=gqt? z;TQKqCd&H;``^moZ!q2;;M1GEolk=I%tb2A@z<~2-^##nkRKB{r9US(^t>J?J9Rx= z-xo>0-I|RW_QALP%!Z(Dq)Uec=;Qm<{!eS{+$8|4Mazy)Wv|miF&Y z(DeM)2$*!CR`R`1e5O#c^{J>nvYAn=PVHD|F|}>$kfr^$l{TEIk^KGIxL$lWRd82p zz8h&)PaIYs97w+88oyhM5!ePDjZV*@^Ob9pWnnKA-ZHm8mBgUgS4&QdzEG0hyt zGs4NtDp+A~O)SXUo=Mb1T(5&VC|*-Pl|Nb6;7Z14HtK@yd9?;4Xvd8$z@?NZk2)b8 zU5cr+2iogIM39+dGVn11Ar+o;9MGJp%iF#;2$s}h0*t2`Wv6ug>{?)sd-3;E zSS8!RvWC>0TQ3t+q<4n|o#icJY+)wZFmCimcq+_B&MVqZu6z%9F95!5lVhw4HR4}y z$&ebhP2cI!=RSz??*baUYe6+47LZPM zs*Di+v>+UU`M4`El|K@M4DO@LC}E{D_WP_5{S!d4Pw$duPoBBaIvGzj#`IczTc%zw z7h+!EM$m`i^B3E+^*StJdbF4cXVxrlg6PtOteqF%La(Yaovz`p&+U6x#R_0x`dHs2 z7ohuva^%OSju0JIsi(Z|8KZaQOmInCsi^W1!LH+x@kJBBvdun){jzkCGb|fG?^_K~ z^dHI@PxSWPpsB5st$qGUZ!8|}m2WC?rdk;q$K}tdqPb?uQTik_lcnP~l8HZU3!}Oj zWIvY+qr7a=-`}P2J*Mr?yldZ|zCXel&$%MsJw;=@AI$eX8Dzdc3!^_~8K1-Siua*b zw%)ST;0qz^RU>Oan+-c*Z%iaSzF~U4??My%_dE`U_G3TnJJu0UJPhCWdhJ_eYdPh}f zCId4=?}A6X%{9fJ+4L<*J?>lPDZGZ+>fhE?pNkKe6+C#)+a3$sAIq};0+s>Mwj_}b zby4=~CYiAGZSJ?qKzKq!TrwHnd?YXwOzx9aK4Ef|4X~H`!P303lX@Bbjv?YiN_GrC ztH4;l5@tGXeKN7y2M8@klrQ{+s&EupkX7KuO%#5P#gnl)Zy(@A!)9FuzpQ<}6wh(; zEmJCT_$xrXADRo;>5k(EP9|T@Rf~mZF-wBo>1ZZz7{>DaHPdDUR7gMFOBfjN1O3;A z?Cfa4OzsEsVOI04VyTvKCD@>VA6PKbTIcoS41 zGaL4gO~8Q6n%tWQ#sM4x=1-TlmEnAW9tGyT8$ZG)jlAy>AfjQZ@;37IU6f`C3$Nd` z$fH<+KMpWUR%21G{vZP4uY32@LQ?CL3f1yKgtKueNsbH z5iWd~c3R?W@PERx!5J}PGTRhy00Kpc)BV8b_$Km;F-`|+^m6$zPAk)+-J0ya{ChNM zY6z@+@jURvL-sWFNOJ;s;avd)80(N^`*K4&0P-=^!b^8&2D1I+V5$ZcZ%_7Y_$a_s z_9_iDrfT{0LKHdLOBSiQoyFq<(ZDK+U^-6Go`r=)~1sVK59K?S(kpFN2|Ka%m z2RHH`&hkGT`+vA!ZQ1{aL--E|@r!FI`QOn6{f86yADk%R|3p{$A5Q&09Nm97jQ?;j z|3w$_A5QRpa3lZWE)XIBi=_xH*k#p>X%V3>Evm1o!|^yrS9m^ZN08pu>OnXybuwL+ z4;?xAMD>)Q^0z)Y6Ko)Pt*g0cc1CzmM)mc>hi?q>lt$zK$VxyfYS zFowNl5%O?3Qw5MHuWt9t;M+#^FH(_+oYNRw9A0LmYXQfq_ zQ}mdN{%TPY)FG(YoHAkXbz@aR{DYS5yH3%>P(tAgfbXy%(>RBW4tIaYOEMhA>Kpf_ z_xP|K2-NlfS$Y_KqI&iN6ivF-`IYf8(KJ5!QqS_$Rr!$T##5!m0ywZSN()CCTRG)RL!K=86727wkV#KXEx2;^826z^g zCFEJ{nRH7Q+PbSf-#NN1H1CMkLVICh6-rMyRzdF%Y#bTiqhvuIRQ7nzM~=&4+~0SYU%o(5(Fa| zv_eEk;8w*WI!lGhS*udoOCcp%&&h;<=uld9X)*L9f%n% zoeQu*JQAGUN?||WWX$3dxVc|=#w+87lf@DHFUxYU}%p}oA`R; zlJ(=Kf%$ipth#>u!h;sm`KR5p<{Py>Y+iEXZhUW<>q~nggH|&agNpmOO=`K;>zdD2 zl3%+Ce2=mj7FDxaj`=B$sw40L7~grf4aRq-H{QxT7`ZzC1@m$H2ee!Cg+nc>`Jo%^ zfO&8qA8dllDD|XdA9FNR5_8x2D_hqwma8bz-VKW+bR`Z4IkOlLxl-DXUawb{DK@-P z>5J<0?aQU`kZV2FvaTU|l(y^wU*)L-#|bX*lMBU%0u&GET4t_RxnI`>0~yOjo&RrO z1Z#AH&b34Oj7&&&?xS%ia#BB*u5MdP#_J@RFqA7uZl?0{1D|2Y52A#N3U4GSR?@PO zK%ug53{>8ZK&{(DK#f=1^3daFgG(WB&)8wCjmz4ZVj++uU85l(QIB(>(~B`&9aLL< z>FTejo*J;|pNSh&SHnv)n6dia_!wj0CWg2IO1BtkP!*xF@KKP8yT|`9KY@qN;;Z@3r}FA*OG~^i=a`_Ux2CHeb**ihmoc zY@UbI9B=}*x+Y>tpf1X~mkd6LUp!>+Plt5pS3sUI_zFu7Bu?;8W&!}QD2;}Y=N z9OTL}MU_Vyud0c75i|Oaz2`-;&Tf4xHGj)BlXWa&kRuunY_r68Qh;7eporGsi7?%? ziQ=_Hg^(DJb4-yS^F}E&mm_g3^b2q1gSzj+a&-Jmmls+a6;%)qnAF^eSQ%SaPL+Hd zIZ~t^dkwK?sU3D9RvSbS;p+d9zJS4RjY+V+M$b#uHV$MFDR1*}vp5kQa&qK0twVXP zyC~zwWE%?5N!pfAZ0lUKKrjU%_< zhFuP-)FztsX8HH39E(rQapCw=Bj#g3`6Wczgon{V?Dbfb>}qI_NPK!TC_-;XEjZ=o zcxD!-V(sO!>seH$YdV`>IpB%Lw}$9qNZhQ=s?{)h(c^w~Ht<(%`}AM3bH}6DlOuw{ zMQ6fE*Aq;L)<5m!h*pEKvq5T%<|z%~eb;ufL27#CEiv&4jcC<16r$ryv#gq70@0B< zYa+7db_0CjTFJ6E(6TlzQ^}#M4MS)L$R;grZ5`i<0qpNN-}?c~Pq)>r)*_T%aeICp zewup@Di*RNXWU(p=cVNU4%EjyzQ#PW7{=gpXSkiDS2sP&HsNJa|Iz1HvPk`BUu0#Y zsSSi50F(vTS0F1USrX|ODkY{Ah3GK&DLmA3_iUV10A+#FaSL4)Md6+Uaol^jj^a=c z;R2mAp|1HCtw$)LR37U)W2T>j+^O#jT*%6ZHx4iZm0a$1MM7Z8-kfxsE3rdthqmYT zC0IL^3?|Oml&#jpCS$|{SL!ic4x$RRLBxal)eI|?DX5iV0>{v4(`(P70Nwt zT#-;PUD(12v$G?A)emqc2kNRPSf&rb*ls@VcTdcc#g~t~HCfD9!x;kBKe7s1 zCyi%?G_}49X5M2I#rM^8lSgDz6?LX;r`E;)q z7|e#wT~M8esXHSg@Xor~)U-dqe_~+YYKFO7VY{~Js@(!g@cFS;xo_EjC7En!ablbt z(Sx)#vZ*^qj;YEX%nWhHv)X%0P0<6Kkn%H?tgAQ<>aUq)A!s2US2-GJsRTGas3p(GJKo;??7re*|)sb{Vz zx)Xx+0T8-&^?;=Pl=uXbvCTJriR3372*3+8drBM679Nw zK;ek}kvPA+iK>qAJPf@E{}9+YO1r>*_VrZCDhRQr?KF;gr-@E7ps|8n$G+Q z^SgHK2wrW&CgI7RU|L%N71vH)(D16s{QRKK$|Vt6l;cyqf&~d@7$`LIjx#5K-mG3r z;W6W{K&w{SI}v9Zu&%2xejk~FEIV_;c$iLb(V>wkM8lqGK@WWOSS9_Wu^Q5!yiD~M z>ihz&Ti7&wxRuOLB&24$_<pe>HSB=wq**O0siVJUs}pHqVg~EAPOom^}yp3WN}o0*$D#5N6>|m8+pto zRb&#HhTxrJgKo5e@*5e z!dd%pxC}nWqKKM(oY>Xc%CVUDlGka-PZ(F6!e(}+X4H!%8Z6A>Bido6^4K?* zY|GxwuIp)H^C2V{uHaDeR4c;i3cQh~kz;3`EHpdUU5+asJqP@VQ(!q%oLoI{(?T}6{>b@@NXA3ajc@d+4xEy(hdV8WZFtx?jTyrJsB(ld;NV$ zQWx-~P+uyeb5=s9u$9XWdH_e3%k5DJ*FeGa=BaJztDF&uj*u&)|6({cDhnos+Zoz4 z29Uy2`5|ckj9szes@2A<-Evu^d(Wtdc4;bl_TF9MIR?K^OD25BP(F?v_0dq`*=5C3 zRc7j8;xX0gH;NP~eJzMb&3!b)5h_oNhRmHWqMxS4juqEUXthh?c~?sGc^o7Ay60v- zi*#&G=q$Kl(FEM+eKxjqP@+b?_^1Y9=Qs8 zThAVQqVZ=UNGx3bIFXXwDZC&mgL&v}znS?I;u+MCTmKeGX*ABi-Do*}|5AG6*{;C2 zd2~dr`{O5;LGy??N4G1lU4LE(x!*Rk6abH>N1ym=Wz+THn|q=E692 z$soLxChtgTf!TZ_8)i`T-a)=_VkN$Of&%F+gZF@vs*;-s?LEzxKLe-=0r)l^vQ;z# ziF2mJ!mW|#7w;-*`MDyVjNcG>!PHFrC=rv>H!~w}rDRHuB4b*9FDrJZg}$RYqy9zw zicRea4EI2_(1YjHtf}r%76xSUE=A`_q^p_}aCEV^a{>2WTjE4uxdJ9OeUJ$V4=|Iut7FA(k>JTgcE*Dv!aPQN&=Nqk`0ZjHF7k5cEnX zNV5bkM%CAPvbPa0!es}Wh?2*Nkk~Bs^)KaY@x55k>3VCC-g|6@IRmTU)5R?8xu9dy zBkTDS-SF~$X%?u2uAkuHLhfJ8sa#~tDJEJt{VDQ8lw<7&hlpGg!Wi3TE}z!V%G%<~ zVXN*A6T^Yhdk!hP_DH~e z&gFF^M?GQ@7LBnEZ+pD0Wx1S!wNcr5t1NM=JNFWigHE()krSirAlTbOAM%9m3lGj{ z6@eK=ij9S|qH9O!eQJh>c(p>1vK(A0nM{Ra>#zTru^TKumF0JdIm1Nsrrl^oVCn6Mz+6J+Mwu3B9l1W#+TGTF_rZ zYNzxyPw?d3@sH>SvIRYH?Q$m1Yp1``2Dk^ZMN@8J3ZG?)Trw!9zUEe=?$t=EM)=jT z-Dvk`h9JE{nwW5jteG`KCB9kQgGwGP@ludwANCHk6~Qpa5zGSbg!eO^Xct-15znf} zcKL&Zp%H`xTQEg3LbRLbJD{f#+7<5+Pa}ihZsYey6zegm)&5#M8EyeOhRIHNhKoanj-o5)BdsSk|~j-s_)vS}F27UsxGCo5(hL zb*uL_4g70KP69|p^eyD`Ez|=(hA~>bHXvhH?m(2>a=Vn0%LCP;q}jag5F+g;ho;)H zs@;}`)H1x&$KAQob|+rlV)%|x&#%}PxEFG+WM51?jzhUg3LGZ$l3(62K<~e(wQrg3 zSZ_|rk}JGcGB#X_HGj|x6!$1Nwi0uTQ2IREuv!-zl9me&4#^2_)Tq=`GrCvSptXQ|a+;Bt007`O~&+(;4 zv({i#M8DFtJ+^#Y?bztmY(29*F+Uh746pQxdeYuCbHU8kQl_oxHWcY0w zzvHQQQ8X?=78)Co9&>@=PsIsS(#DywmmHCqtX8eWo=%VZ9L!$91Ko+G{m{j@E)2J2 z>KkYw8S??vld2MRlru$jvu8+LQFj<6aUn3Vc( z$hl*t)<5gHeGr4~BVloRd2t+db#V@R`}n$w{DUUVdXLU2tn5`djy#5%5WCJ6PlT!) z5s*4FI$pgvM||H0M-Rb<=K4pvyApU`M{}+jr*AMh6&q)hw9mM!#3|aky%6b3seoh? zaDUym{28&#$AqTA%TGC9heTNIpu1=(i()LFo%`g*xk$Mnet9XO;I*A> zT$uHZzUG#&YE?%pgQ|5CUR>rBB8g?0+X2(BGduWr%5`~5l|(E%CSokj#xN9=Z)`E& z>c^FRiXbbFxcw7d0rnogkwK5>wp459-DUYPxmr`iaQ*0~c9p^0*kOY2RGM$Gs+C}( zZsd9N%a|&?r_uVxhCi>IIJX&gyI>x+ zupYLk8l`Ia%`z3ogMl7)}Q@cV!jag%&Z*5q4*>l3exWIF85H~843@bg7;tp$! z$7J7cL{VnepSsv&JGSz~Du9%;qrT-uF?Tnb>L}!4QTF5mE|uUk z#1ms3vWk5cB6{Enku;Y}zW#A48Ao{5^cO+6WEm=x`TGS59Vu`>@Ag$`W^Ug;UF>o3g}sO;SvdQZB0 zOU7yz=buB6-x5t%HNAM1uL>=-em6nt#vcW-e|%ys=G``{ASavGLq>_ndM4m#6ue`p zIm*B^;LaBw#Inbj)4%a5u6M_w61E|0a5p;S^AmTOd-d5_mgXdMN0!^$m}kARfdDvt zGP^21&@12PL7j+?{CGX9e|nQ`goSOtEx{28$$ky#Kpb@JeP*1Di~Y_jO9 zr*Ys)k)$b18YpOGP5StPGZX00h$3f3W!A`&W9A0vb`bMAZ=JGo(=IUE;1(%N^OPB<;&LG66^86qpa=Ib7-M#$cC&n)c^9^qKHh7!9KLQH%dF1=(9DOfioOg zM{HiW835OJg!J9!pUwhO*v7nAnzF6ui+6%`iD+eg37MUj-`*aTW5l1uflb~h{yXGS zL?P)Wth26mT^7revx+4(8fwWvSU&D0@a<8N7B_)G-@%wKuCco6sM^V%m0;Vv5;fW^ z@<**vjS*Np4PdDgsVan3%rd&9!T-YVLWQ zLzj0x>6vummb6I`W<)cBJvHS%18!N29!v;(s=f7Ghiex)`#|@0XG-FyfJ>Scgq7TR z;6PD`^)!WftIpD<-A3;lJjI#_E7H@Q!G}A(;#8M^DN+Taaoh)5CAH-Opd&a3j(LZBgO9}*+b+Ch*wJ3kB9bR|k$+o}o)rAkUSw9hux|C-> z9+778?h$ED308{=LNdpJ(Y4V%X+pp>(;pGY&V-ucw|r7ng)KXxZ|9I0;T!D9)uyk2 z*U|67S@v1d^3bcCG?s}lf3D*dQo3{OO5(GfO(luZ?FP}y@jTJ)9etfN?&zqk4&ASzMJB z{N=|h+|HJodPG#)6tynihv#HuCw%j0CQE!1(7b^N+kmNhD}JBNvN@OJ-lp7^@zT7D$1P_2s$?5Ort| z{$rdA0@>SPFf$M}|LBI1n>uN#b;0~8L-!P}dAz7L{N6Tt%mR4sUzOHwyb@8 zOu;x?84~Y;0jE_vR8V`qv*8GnngD_&FJo08~}o9 zydLu!4CagOzJ%dnKa7-!qIam9ew{*tGyTZiv|6qzJKyYKaM&K?Gw6URxM8ZOR>xkQ zE);?*nyrW$SL2t*HlV4KkCNSl zt$4mr{k69MRkdwGy}g$PTo`TaD{_Z4e8Qt^oCo4>T?cpnj`X!rA(B<#)pTzX9y2Z} za86xe{l9Jt?Ds*hOOy=}<~@-Fz0m+3P}z)7h^Jsn7Q#+o!W~pGQi&BlLVs{cG4#kr z`2wWk^=g!sMx^vuk&TG>Q^e%p#4?0Q2>yX~%>=w7j^`rAL=ZC-SI8o8MozfI7p5d> zbXkZiQuio5c{WbwYRs=#fXd2s$0aT< z1N!6c%DyO?(446^4nZBf@#$Hp3K9c*pN-3Qe76QPV)8z7vN6kFxFVgm8eP_cd6x-B@jKDWZi)o`5o#*l)gM|Uu21XbR!U;4?s6zGE2Q2>a~9Gr zm{6$N_Z^d>+*rh~?>ihTSy^%Oc1L)&4BOH-c~A0ZcA!Akk8$4dyRN(SC{EJBsl2j6 z=aQXd3!~&CvBKDfgA~+cr|!(74RU?5?glB%>5HLbTkiuSYl84zPG*-_1Iq|0pLO3; zzv#{zX=?)GtHz*p9Nm*k-2D(b*z$sv{6_ZXEZNH+y{iVrhW4d`uNH5+e2`^uWx>FF zDgm#4Ht9XWa4m9Lt{E~$K3{*!Pg;Noa~A%mbZ*=K}AEdV%QK zBdsaTj=3r}U?qr8lSSR})*gT@!q1Bj-!&xsx)mscUT0FoewQDHjv&F5!&M zIqY5qP0o}0d+MeB-bSe#-PJ&9hHR0O_ z^C@XT8#t>&+SJW!lj`>2gw(n@==53Jb@NR~^oN&JpCb<@)TjOYu!V$H&GCmdLzQoKT3wH}&Vk4aS*`x6qS}GyQE` z`UvOxhr}fW;>JfV;jttaZ2X2ZfC>D5ZKadAe3Ln6&QBIoEK#T_5zIDT#%K~RN%e`d z=)!*RC6H1rO4f6QGS+OILaZda4_C!xV>VSy;^#zIzr9|RsBgPLC^WZa&Mk~QkJwXp7YY#g4NI&YNgv5g`C+~^miKB3@{uG z-0u8nH9$*P|Dqk^CbJQCH=wLh8($ZhvVh@plF*c)oOe}>59n^3-NMaTH?xV!C{zwr ziY8S$nLRgTJ22>Ppu|ci7l|kh9{8bH+jfO!N~N=!Kc0mmPe!Ps%+|EpYcb_yBzvwo zjpF~>qL)fWFM1~xnjq{Fj9f72E4neV7zJ{%GIGgc$ zT%#a|SHBIEaz_HCB(1OPaB|_6@-qbGWK=K7iIA&TzQ6hIiwbgF=>oRA1B6~f!Z{6e~M zZw2|8sTkJr9qHje;a7x?R>iwJ!UUVpEs#U7jS%h31{SjX>;(Ej*6Jl)qW7B5z6Ek@ zvjA{o?DH4_$c0g9`SUD_YbA&nK-6R%Q^iyuvXK1Wuq9;((MAzlQY2bZ$lC&a_?hS` zT1u{HSxPPjHaK|&;iR!Pl{DD00zNyo*?$(uq)KLFvTw9WCOz56v{ad0wJbI@K{ddc zT+FHE>6V=6Y{6vXCF^ib&>}TY%J4qRqI}Mw`q?1L@ZKh*X`N(SMo15)L?{HoJ_FM!GCcYZ{?T8(k}hz1ypn+SzR_MaCL z?>se(%3?HZYF68Ko_-X+6O8UWJTBfg_c|Pcax$RVby4WTa*S~xY>bfB^z6hhc)hU+>Cpke^_+nY z=mACJ(U?^Ekd-?hlh$-|1$zgXn=z}jX1vuEyuliDakpc5&cJg<(8ZmO;W-n}nL!tK zIfmyfJZA-6+~F9WZFsf?UEJLmo;%>VL(s*Yjp4Z?o;wCz+|?MK?Rd5aUEI+ap0n|s z9dvOwV|ea_=T1QvcQS_O&Uo$|ba5ABcYP2cCNbUEHM@o_pfC zXVAqRis88zo_hsd+?^Pn(dRdu5p;29VtDS2=iWgV%(5LK&nMkS3BnZjv7Rx!ChKyd zts1w3ZcQ2qR>;Nf#qId5biXxHC~jW`tn(zduc`wYTiw3;c$(W+U%j@~?W?e9M4FDm zbjz<;*KUCY`Bs>?Jy>#Qa~D6%q1Q}1KIj4F_&B+!w=2@{&6tjMuk{4Gk=6La7}{oU z*#gTCur8i@Hb*g6`PxWFLhs^tBS7IpUuXA4dl^FkP1If0K&jCD#B8v%Tx~=+&FG?8 ztIYe1RQ(n}i?^9~8hQI}aRsx^C=R;w!A*Bi!e3^N31tCdN#3apfRen}BiQ9eJtwe< z^?`D@VT|s!G|Ptp1$Cd%Odahq$XD8My4Fb5Zb8L%OO?-?R~z*c>*4%jhm1Kat~aWU zUvKm!U2lYm`?c44oSc|oTGH%HSUc(uky<6J>fUO#Z(ZUItmXwrvsSVDR_ji3-|ALz z-|Dxm?pxi%uwrz7z(hOaL_*$1a=pf`q3|@fx^vYkIh3?_t}1jfmlf4C*a_g(=AEl- zAX_d&ir>BZFu!}XG3oBr;_Dh>5kJxT>EOAy7^A;!_$TgPMgBu=gRxJa{|F8JAH#qA z*MBARAFurAWc)|g(Erx_$3L`xHUIHnS{nZ2D5;P_wyWPd9sVQxt^bSs$M>{`{4f9U zzx>DlaQO zRq$i1S#st`=-?mDWm>|ANvVeHcPWc@BS$dUXL6yK@Oc2SrziMyE-RS*3?AMXJF4xmJH)S+8P1 zOT8!$uk3z@84;56j0@lY5ERM2Qah6R%c6UhXe0X|4L=J&zRIZRk^Rj+px)7DLJ#^H zrO^BX+2vW9moAKHKv={ypv)VO{u=+#LyUXXCob>;;xj!$lN%WEF^g6GMfMf2BD17< z)w86j)rX`7)u5*ZO=MPwS@&)O9Lp?eVNC5CMNQ;y-I(yXG@p^&SA#j-Tov;V1WEd8 z5&Lm9v5>^ks@88w`k@P6qjY{UG%_};Z?jhG`wP~9TG`s5_BDX7P(#k5F@;O^+5Ml6 z3T5q+b@F_s%E z?`AN8K{@jw*8I$eh`wbIwrV9mmQH!-N+NYx_ctvZ46rgaFL2KgE8q$yiB`~U8S+q9 zkrdbjZnlQ`++xR=z10U}36IylaS#LJD{fL^U7U=)m#Qk6ivw@IG5*~+Q5Sp{SxAmc zwXdm@s&->(qVCXk8C?osUHG#Yh04A7nzjQN8$SsAG0N#>M@iT$Q1z!-djnrw$Nj&# zwLQv?{fa((h@wv@qPy7(o6FA;)nigkv(e=Yi&+#Uas~ETUEzIalLtmu;QP$7QFOEv zGMOu|zk?deT1ER8J1@>IpEx&awWRpxEtc+g2bA_jKp zY$;HH?%_T%cI=avoxl$)z&B>Lqz^q#r7a`BN_o(M2*-7?#Qkg;DIYA0relLIs8*$C z!G0YjzKqWcWk;hN*xU47xJZ#a)n3U{EBABvu#<1Aepx+~>}ucJ;XQV@^m?7>W-Q=& zf{4&SYPScVl$u=!W6?)JVnfWCYJHu^P}M#8pcRYsP*3K;#skx`pRMrn&>LnGLfzjD zv9e)vegfLLVF5D0e1L5vycd|xEU=h92Wm5NfgBnO;K9UvBpAZ0f)5`w&bjIvOzWaG zRxlLb{qw8Di-Q_sMU~${5z5K|@R=O@7KRtzib`S6@=S%KHxiQL{ho2+3P>Go!j$L^ zQCRnuYThLU-{GgPQ}le)isa+7P|hT=1%$klYO2VYn#Jf>_aXaK)g^?I<&o~h-qnt} zu_?H9??B`Bod;uDgIhZ!^=BKt)SvDDZmB=x2f#uTpOC~*1n!YxK`UkMX}M0*EpRSxe`2h@RA-in^Aqg%8gpo`mEBv(Bl00Ljoh3;1J zKpV1sy_k$+VdG7j&vc_8ZvrgIww*twS38a0&?`E?ZO+h;?V+`HOF>=12SydWBg&UL zvzynh>}KM9LOGg)Y_~bDu)s5p+izzKMux}Y-=Sl?>+WGT-dzX;zU(q`8OHCh16_mK z%%v-2oBZRJ56BDI2ku^&_<>A(AbK@qcHjvt_Lhu86EaFX(W4w^;Ch z#K6HG2I>Kn1ON2_jzCgNp~q5oE^)Zk1c}_h(D0lfL4FS7%z+ItsXr1+{Ru53^=AfB zb{}5*&exsn`+=oJ7GIC}*T79oEHZw73Hd}|{fufM8U9OIzyzfG_Nn;ileb^yb0gm4 z-f>39nh(ug=imJOinrKOLid_trJ{2UL`e=L7{NV9m3q`Ff&Xl@Zm{ONuN?rZMWN%MJQt){x@=gC#`DT@nZ&-wMzn|{F zoGoqxmbGo@v9o}=m8!O3KY?)J);y)M-g)f;loOQ_B7E!wpLdd+xs1dUJ-;Zpbh@gS z+ZBBUb4;PpwK0wrOf(wc0q@3sit{rrsoM&%dDz(j6;fa{gWbQSc~N&+i@4Sj#NL=f zfB||9?gCm7EEKg_?CM}Jv)K@rz$?>@B-kxh(J2?aW8)3IO#&8`r2<|7h{I06JYW0; zVfN?(OHU(xdo_Ilu@*59NA-lp*Z=XErGU_o)bk9xYc25F#cwLBA

    )eif z(Z>d8`YZ&lngEi22Yv6*+NsKdaWR=OE!sYX@q7}#{O<>(a1-?t{O1|$dPZGWME_g6F~G+LS>`-L{`=p*$ub!AzT4240pB{FPwQoZv?LlcbUc^* z^SIuMCw`@Y&Lvrr8r}at+)NPZ;QyyCh{XKA>ekxkk;VR3yQQi( zY2W{+-QoXgH^Af3WJx4_VW>qexfs9XllX55?r%xE(|;HCOQvi1SD|kX1a_HL>)j+K zR~!FBAh^y8lNf7ZKacq%mdPS(Ix5im=2*v2#}sLq%r4~nX3FjFVp$Hb#j&OCK(bDa zH;~Gdt~#5jzdOCbE;JL_7rAGLXj!&?8(aaiLwNSToiy^oPjOoV5}3Exg<>N6qK+81 z{2e|t282X)6)pU>Q+w%!SH5B`^h@Gpxf|+VDZ9*c;XxJi3mRPi#m4-HE%D!M?tj_i zG*{;=Ro3@RM-t|1c5hYvDKd2fdYu;~9dw2$<8#JtQyRrbpg+`7nS@6TA18E#NH#8y0_GL~a zN8oY=G09S+c4E7exA-8Xv{*~i0ks^c`0MxY7Zw&Jk)1w0FP(y~IIK3-90xWvE3Zw% zqFQ!F6aUK08$|A!dtMB1sBY7)HS}Ho^$%SITS|DN{yuR|)^uHX!scv2tcm84QggQd zPUD{?y4zo7TbAl~rEAg>iQCrRiv^XiI%0o-f*$Y_eR!0Sajwirw0 z{?iR0Wy8(&w$&O_&D zJI~2A6%o;iQts~dW^8mAlrPbxQtl3mGk`x;6$Q~b(%WzB;n(WIKiTau#&cE^AH;K3 z5--JbRuS*SPgWDV0A*Egqv-1qxt}f_;BJ|Qq-YVj5N8eRTn^Yw%_5L;_rO8(c?PRexxL|bj48< z#|$U|NXz};;(USW&mGvyeUZI|viJwvxr8Q~{L(hYH_dUA4E;W?gOzh2y~$;K7J5y+ zuV&c+^|zb4a20r}9Q;qhY(zJ^Lxj9&ygSq4!0(KsM#XJz#Vo?u_j zb=UaMY9I^1vr+UwMa_9gE`s^5U}6e7a*hj-jxLZ_aU@jSdVSA<*T*VN$fzT|zB)5{ zo0&Rwpka5`^&id{1KnH)fq*c^B&tCg2@$ScR8h;<_dax9?{&5AygrtbI}N&K$GN&= zCI3Eu>*}9&J1_f{PgnKfxnzMqPa<&l19GlAzN&Nuu0nI2udNmoKkeEv471HGzgSr} z*?VAmC&=iA5jYrcXy6XZJ2*oHe~{MCQ|Y+AdkLWQTXc)9cjlGu1-2Ldv0Iia+u~oc zfvV<{gM>G+#_%Z&Tf)^+&WksWJ2;)}tLp&lmr_Ci4`tj$}^>{452^Jhbb({dkicM|M;X)MJ#0$b$52nY;SW)2oHmYO>fOpi9|M%n zWbrSM@LMTG#KHg8&xS>#>aV+X9j4aFrYUIHTxR+^qoN+V0rb3<39)|<`D?1O+ zI-9#fa=*$0;ynWO6Y-}Ge(y&)8b01G2xb2vy0>MRrA-MC>m1cf)?@!ZGgHVnr39%OX8NOgpW_yJM_TNQ40VSwB`KHj zx41m$Ao*k&@Z%pU9ye9Iv$R-61|9X*`GD8?V*Wr~!cbAkvT+6~VZyO?zRzFIIr9>ABWU`Gto0v+&P_4=u{XOnz5(tL9<#Sd``6gf)r0G;fr~E zsn3w5i2YEsXt8?Er?9^|X7YSyz@GGm+z*+<&-%r&r_PE+Z7#y4IvGb+$Vc(=yhqE)nOl(q%HqHu zgT<-009mJ2b86d_Vm4B12O3V?`VGC^H^zh05aXrbc~YuI`BlGBJ#+41Tm57`RXt!D zhegm-D?&3k)Pp+t#rAD+^zGBmR$ltt8dtx+u+t zdl@v@DlFaPyl4!#KLcg??T}tW2pMgz)z-_cNP?=!sp#=i8^HiNON zo$pB5v!QQy-&RGR>ZzK=1ZC?rN=c<^v`apGLp6+@j2l~`HP35Kf+NdL&)X2#8jP;( z{GM!-p1pFTZ}o_y7svgne2ew)??~ZouMC`hQ^6^RD`!s^ui~eBs60OO;70(DbH5|B zvGb33VNzjBmSjaSn8(qk4)!=iFihs{x3$aNwwUe&b`07Mqj2Zb-a;t0@2uO$%X(4z zKMXSVS`)LcDqWTfc(0`B8-G7>;N|qkG5Ed6d$(_1(c3;a8L2h)p{W1Rx(p{s;yHU3 zU{x8N}ti8jO3Vq29?tzKG`hOlL}uw&Q9C)%}L#pRoY;k%!%N9>;o0i zzAOHsdZX`91IM=T`Gu3lp2RI19XR1K?;yBPZrL$lA;UBw?RefN<=$sMC3%N4gd^by zM1;Ctn|`fct$wtDFNk5ye!DbxFMSNws+Ti(`0F83>AkGoNeZU#xG?_H2SfahVtkwHtv(8xt*_Hj^u80~w%vO#3 zGIHUm>amwd=?#zTa}|WM1FLDivfX-bv`!NIBF0iewfrD(^Rq;OCdsz~8!{W5`&GVZ z<=&&>!iSD~JYhFB97gO+(ZAO;X45{^#iAP-!dfZcIBtPee7%ww=c7HvJwg=q`R@Tz zQ4yid<8LBDO%zS7OdUpe5{CU3LVJ&bMzU=N)RE@ia3yx))mvA9hpqzUtk#+*(bezk z=RbVZz**Vd7aFPZ23grmuPdBIo`s#UeuWDR)idimX}U3XWVXQH-*^0l5X>B2tZ$>| zS|{;h+i?xh01Oai7fFg0pQlut!Huug;pSY*+~1u)idAD)W*gHL z@WHD3q9y(6bXmG7U9$prTyRzJ&QUN$|-G^(2#6&c7kzG#L@GiT1-xw!5sT_M8ziNUUmzN1uK@FG zlh`PLO>2G7^;Y2cJb zq}D>ADX%gQu4G{k?w&J{Cp123$XB_x0fMQUp<7|MG`v{Rf2#ieQ^BAd^b<`#u9D3V z^|U7^IY3@Uow}b_OeK`{34HWRYih3wn+KGwpHYB5>ou6xm|34Y4{$KKD~rBcq93C# ztLNM;`Fm&`?)+knv<)2LQ*@^2Y_`gyGrwuzSSI7XkeXiif#)xd2*DP!Dn+(H3v8y> z*S^XX-YfLEf#crQawvr`f$xEi;y9^Dtebl>5HF$wXu6 zsf3@)TxnpJkru0ec&-`k;oQkTQh!yD&${xpXKKB8K>2#9#KBVLo zyv(^aZ|A(<)@Y+$>chS04}c>B?B8PJfjupoBW&P;ylr2gKyvLjIShAaCi3u`x91BO{!TF-uJ6;f4u8CtN4{~3+cE!H zKthKRlmWY}E3XgD9u>@tWfAkqLXU#KHAO=DmdRq7wyPzpnI&&& zp2N?MElVF~9hm%-wToGfAl(N;W-k9Td=K(wXHem8KHW1YtlUK0&Gw*{IP&s_^&SVo ziihv8bm!*B)PkUIMIL+>NOS2nu)~~7PrNKsB=T*}oL5a)Vs3kwn9clpsAKl9IB*t@ zz5CZzTD|hY0b*aRx&Nv7K5MF^{>cq{M(+vGbrdkQ{G@PGv;=-V3S=omyX8CJo? z(3&P*WAfR_qR^zfeGdQg{ZWn=m|a5!l41EmV1(4?@Js4|X9sQQrmz|^Zg8DK)`?#c z7cqw^8yvyo5I^FYL7(78_dgEnJjdyjympe1t*03ry>Z-(77y7V@8}-on~Ya`n3rEo zdu_t&@f2D~op8P<=UdEE>9mG3@A2?>H~OXjrl6B6H%SyWo@Bq|3wj^OHE3^8XcNG~ zZQN@Patf554wJRvO8Tv^Kus82DM$YB%zZQPNUuQa9cKOQOqQYW80fYeDpkM}#V*U< z`FK=z03PpBNSiqnZ#B_-DxC#POOI9jIovh&g-_v$Rs7M6pc5{%^ZirQ=OSqI=@tfS z0`z-UHvXNNmop!)D{bVzX&KY>0<8CC_l^!SEV1I=Rg8^fZ+8tE_k%Rw#MfqMrRX8m zDa4Ey`yIfN(`PfNj%SoV&qo1N%$A>HMC{ZHR-zZ=EZSq5pC zNq&VF-_7eot$slh?r<4x3QNykShM{0I(wZh@wC%ty)@3{nv;xT5lUh|xg=k28(zz6 z73HR)|8ytwc(X9;s+pv`f8Mf)kE#)i0r_YDk=wvk2B?#GfsZ_=pF?=IQk}#< zW=dS;mgU1`jddFbouhX`ITes@Nv=A_;a;8rc`vU{HzV2;Rh&HCcjwCxap-{$2?APq znV%14X5|J(qq5r=cRkM<$s1*nn-3a#^qHJ5pH^SZQ004kq`X{W`Ny&vG=1GTky~Ytkrww{h*30fBo`BS%0Ul0hnnD?OO7R(&k5%aSnMDJx&@ z194mV5-|Geb=;oj@V!#8)Evz$m3WdFTHf>@O&+M(dMAiSt0%qdw=}-+QU>^6=Azu*JqJXI%H)Tf(oV~b z`2AWlGf($B!}1fE!Q~S&PcA+wy={zcc2XO{x~yF-6V4i*OUOAff6@5GbNjA(M~9i; z$Qzxb3fhn0gV)>F0oH6f*}nqS=T|aSYUA_jt+IqRc1=Sf{qElziAN{i`Vi~03je|5 z+vQW0{UF(!ko$l${fT~B(F2^%a#FTnw#2#G4_vdMHd~4wzz4#=M23oU+(&H(K)D_n ze0e2iX%1_D%Rt#&gL8s@UjCKr2^zbZ-Tme^jMmmRJDJ06zu=5bED1&t(|4pte{t{` zIi!XfDXEVSWX`z{br{`qYEm%mx0#ufwU%V5e&3Af|ApsO*+e@bcXe>hAF}xn0;PN# z)Y@9H-yWh*4QiYbQT@GY7H6|oK6TV8qb(`1$*%XQD5)7V6;k| zJ;>f0RvXUb&6r|>nI}lCHe$1b8taSOqTo4CLhp`=hqU-=n5FM-^lF<*(o^+DxMYUh z4M~tV%UAR{W7t^!#zDfHu(wq^;p!2gd8sRfbPR@PVKWsnjmddrGCv?d`vAX0G#0zMu8Y3-x4~Sb-Ux6V=WI z)qgoe9q?Ez<-1Iq;rn|BJkFJXS_tUosVlQ1)kc>yL>j(au1n^p_4i8-J+=w!&*|?M zvVnU~#NXYg8RI5HV%&@)p2sZ&XWlpuTd;{&EO_TS`rg3Y(`on3-yW`Viw+;e4gAU# zEa9x}XyokIxmm}#?`wxD!iK*XrV~1JinIBcc7r2qxxW8+@GNpYN#=2x&N&Z7<=<<@ zXo(0uo8}MU6q=Rr8v0j%z4uV5CfSQk$=pff>Ps=UM=vD5tdZvQE>LKEzO$dxF3rLj zN@w*IDg(BhI-TS{Fzfao1)H;#nb$*>cUg7Hs;t1H0}Kq3j4hIE5t$h!R!Uv0)eFrZ z;ue+Wvmk4h-$|4GYqRhliOv0|vlhU3NVxWI-&RyirW2Rc=z?h3u*y%TRYusvm{()Dy z8F)&XH>2I=)_97Vn{L(dFz?<@nh)}L!5rz#QzkTLed{SR(E8$DQL!CuF8UJA`1nwI z)p>Gxn|&)lrQM*#7EvTi^ibpr-K08z3`U-M#V5X~e|29%Ewy%!&)7QdFO8WpxlP*Y zIQNDLj+T57+!K4p>nv$JMgBZB8n4^*I@$C|>|_)@KpWbLR*q|X*c5}My;FZD+@Zw` z5w5>-`5>E_v|i~}ffQb5JAl2yU|o(U)GqAVI^!0uZ1cZs${|0<{!9rhfMw!n8lB~0 zM1O8oR$Wq4k&;%E8P+P9D&B3C((x5d0R@}crW(&pmjV{Da0x_@aii2EnJ*>bcF<3Y+D^day=x(_ZfL#!6Hs;~ZfUlFYw7$wLL+_J~*(i^9&bGrYK^)PKNL;;L0C`OPZY;78o1G}^wWQ0j z>GuHHSp=(M#o%o^yEk}=vER)&i9`!W6?kszfes=4+*BOX&q!;5I ziMIj)NrghoL)jYF$3od?sP|<|`wvsiSycint3-VWBDG8qOddtOIf*(ooU`wQ-AGUm z#)sZGdJZQlJ{t61A;13`+)dArxppIO{^It{5^!?B>-PhSNJ=T5IYbe$uE@N_E8zyGIdI;CLdk;(c^_>LkGsOza z8U1q|nI5ML-Ude^=w69&gWSciTGM35+|Y>GTg^5@ve$$pQKf}$kZ89XrCCSIngIuOFP=aLYjA2M;e#xYb*Y}yjk z8GGzt&a8EbCru#$sE?_}RTbctnm_&zaprSS$K~>!!?ewzbZIAKIwX?JxZmf1 zDW9ql0B$bpDpOR|DGld+L{n$ZHn?D6m)D=S*RxWS+i49`U>J3ZEsW>LpO-3xPi`LM zbd?1Ur+xNz=OhXC&@QQbOFaEa~9PYyTF@! z9){q6PWa11vi{c-otO}ZX0~wJ2dYJgc{uf#SJ%5{pqN^}6$9u(2;i=a!11E+adCmo zH)nEhKk+$JXzLg(b&~besGuC8jHFgc$J7-VtI$-!#4x?n5jt`rY|1Mk^^NLMNCK(yxncMxDy>Dxudg!RC z>8OI!$i*w>E%R?&i8ZX0^@Wm)7dv)=E`&K3VXf~p%PgKtG1Vbnk;i-4yNy$oAWW?| zvLp3?gAPcbde$a#jhko^bGqif9TIM1fnQf9SyY_5jdL%zFk}0ozqWPvM1nz=i?2@A za)H}EWZ?|9zmdhLUs~p^uojGvGfnCtP%}h6A#|nxfmiT~@wxJN^7*kqz;;tSk~7YX zX{pZe;L%~>H}zdDqYEc%`Rgn@N8)~Fx!L-s77q|GQIyJZ=c{cR-8H*8@Y0EJ4^ERR zz7qJ5Dz;h9yP90-EPgDO0{Tim=;n`Wav{EGon$y2u>%>9@%CQ6ST6@?AXp-nYQfp) zP!W1&-?muYJz5rcq>#4nd?LhsG?ZBv_F-1Mdyd2A@!{ITU8RM&i9F$k>kF7j!Wg0J z$mYos%m}hPsY+DfL5NlOaxQmpj^Q*mHyV)Xk+Tw5v?h5yZ(V?-&kHnI^5Q?yXWax} zU4C(k=+s&~m$Z?QE>lDn+jEPXe?%lOHcH4D3mTug4p4py@2SS+?8F*)E}5RCbnP|D z9ane2%*NW>+9m!`fy>Rm$R{(dvRAIxpK$s(Uk|)?NAhW?e5i}{H?qiTY3eAG%GRRs zW5ic+8PX6z)LTgRtE$<2^1dxr_E$(=(}h*eoA6(x`+Ge(#!sH|JRRK?=(!@nI#-?-Luy{Bs3e7B=gru}P4vQVkk6gp^B-Cc- zHnPqQU#d#}d67C>M3xEo^h$ujexkBq9_|qC5K9O>gpcA0Lru&lRVzyQ&@g=g)~As7 zRHDRTe77upw?P)FP&qo}^GP1EogOyYeNSv6q;hxFS+ksgVkcRa6wgd$*0~Ssj>S$g zPwMh|wGu@>QA|5&qodq_h>!VTN#Bf(%8|FoHH zD#_^8ihBpLw7T47$?|>Bi)*mS;hCg>iU|7p%c8w2)j4-->{N}|Xv#^+qX{DBhE zA+rz1pP5g}<8YQsX8d($RojLe-$P~@8i0$T{Ky&XRwQDh8M=rxjXeHx8Btv6d|@9` z6ehiFC(#QUDZ6^9OQC&FDCB2>^QAqkVG~jdedq8iBl*T7q#)ZR5cA%mgDmaASHdvYB;Jv0+H2%Oobv;(`mkNATGE%}GXaNn-i$`I!coMs4eoG`&hDCX*7Z!hNy(cvyuTR2FWxm^Fe zf)KcE%|z)MN{%YKfoWXHq%kx9!`ZW5;h4~7)hK9qlkj&q55CkC)jAkMRAGcxor`$|GFsuuC10?Q@EHeeZN58ZDyF**#aEyr#q*=G?;F zoMxx1yRH0fT^nWvGet)3-)q+D)=#9B@JZ})rSElTGJv#+ejGun(|?~IBADl(?)^z3 zNpMYg=AIoB71l{Jq4%HsvpKqXc11WZOkt-~`siiKiKQO+bMBmxuB}^V=0Upyn;)tb zXu88hlp{miXyt1Khw*Q>PcI@$hlDw#E<)Jr7#k#pcC_b{EioyJ=Eg#iL zGMkS+Hs?q54L4?z6Nr2|>K;RNtY8JKRSSxpx;S5CkePA?$&yGwOQ zXVhzlyd3f{7m#c(&r(M}IWvHgz~~BD{$sE9@=M$IBby4xCWX5*KiCMm(!>@+&w>4k zwhPYCr7zKS?32Wdo2g1%2<=>SLX&2Q`YKY99lE}ZGdoPqhoP8|4CJ$< z<$K9YkPgaT==Rry9H=Nta>qq2h-+Z$9%=a)cGzfo$Y^&V(3}kG ztebcbxxx&KB3axbmb8MdHIjA-|7lDmpvAF^UaaV`cbY}Rlrzqznlwc*v5OR&d0 z-xiEVa1A+!YeemHM+a-;X}3vQd8nwSh$;1}jRu$Dt3wLkG-Q0C6oHeAhfzLQl@GA6 z_Eqs6Z-$*!mV;%;l+BZ^xFNw#qAh+tW?) zI_Di*4C!n$k0rA<3;ScDfB-5dJ*N41r4^>U+vu7Hj6-US8K~_ma>GO0<<*Zpisx3^ z;nJ1_5lCPh=4L64z7JI0-y)@wV^(Ul<{ik5F-@7+Op8<9HQ$-`MoLM zGsu@KUhTBZqoUW$=Ib5F6mX+SG<)RYRZD)4+c`}{w_ z7I8DyOSA8kg|8XS4J&;(35q(I(t!l-8)y*CR_& zmz%|GjEztOaOPWheP>l*Q!x|7~jgC%aiJ0`kZ_8BZZhM%1dVN=i;nvPE*=g% zqaKZSmfImpPVc4DVV#0~I#HiyC+EeGKlsdlYo#ad1xf86h^~XTVR7U~L$a@g%mJw6 zq2#5?gZsy530PkR?p(mdXR3ve1~XtyihSmJv3~Vv=3$J@r`pl`a(kmnJqE2%gB>>N zF5Wm#NO)8OSc{?+$L!uep_zsV5;F0X4tE30&!RYK;&yDM*||99Lxq;)sKe|Z z_|+I$7N5cIln1p;C)QKm@5ulnPbAdK4#c{>6+63L-G#~pC4;+Mgv;$G{g;$XwmOHd ztU^pLQ~B}2Vo85pf!w!be`2KZrydlI$XRHmv;3+^f8TGjO3FHP%cjpAZ!g}Qv3k1yS;OO8$ zd#7?oqs*tM8#L)@1A%1;r=V|{P@V#);b?>M(S1&Oqz;9J6!-7hivN;ws`9apr`T@W z^4=-K(n0YAziV+a+?z8O@vIHWJXQ56B>oi=&*yVw3rk(##5AN>@t9? zrh_Qe#=ST!(gX<~c4!4A2CXu}hEFc+XWjLrF@Yu4fWizCErE=xuUrV3)$@aOeDSo# z?=iOcZ<@y9+bT)w9nIx#8XrI`Cvz7Yny`IFjTvne2hn5y4rG733O^*_T=}_qYvDrO zLE9yMt#?%-xPQoji^2>vmZfPXFm4$2a|FG{HR;w~BS<}JM?LPQN2$q*bAWzQTA_?o zgKqc-a@5o)Ll`dv)Qr2)9UP0y!h&NFsHMpnB0(a=DR*5i2s+^%6B#3~QKLh>GJOQ4 z?{k{Q+ix*>%O(rj>w|3r_t{*){0;EED$)IeSL;u9rVTAyx9OcW*xseFjS5}qxk3aJ!#dqpDCySKEzCZ)oY$mQL# zT2z~TOgrXvJD4S4QiuA$4qyiy@Z}YDDFC?FeNT~a;+S7!y0!4uwC!6g%7b>1-Aiv zRDP;s$Y8FT#430wErLj4LS7)>^_JFDH*QTzu5h?T^6#ca1pOl>WHxMej?@>sY`MUX zjqjkTbtBHJJ+!{tmL9by&VRJ0rb2m+_H7qaJ*e~OhUy`-mvQUAI1eA7uVEc3y;zrr zjED{`U1syKkfU4FoJrixDQ{*~U@NZckXD7w$@OQ!zc@U-HH2aS+pH)=qv#nIijITX zNMM@APM!>eo=ka?emn{tSwi36?b~VQjzV|L8%>3#oGy!Eao5TjSFIM^66ZaLgg?`w zkZo}d5`OsxrAd{1YY~3Yh6UR@d(T;bl0g30E_qH>$D!--QcXnAQGO2c0s6@yg5lQ# zHE1r-<69W#Y9bz5+Nr&=E@Bisd@2q3GIGF6K#VmrtJMbN+jRN@r6Q>O_Z?WMT6lOd z@|1pFwI4r%23*Hgt{Kx~xg(~48OIg^p{U8APyJ!ZK}z08gRfSmu=st8ZcH<{j(uSuD(X(IAEfa>-#zl9BBiIGxXHr3F%C4& zDIhCNLUdi6%w37&r5;@yWbg6%=C8C#AI`TwH=_gUc`{;xpUAy;Lqxq~fL?uz`lW{` zFF>jSbMEMQx1#GVHg?}M48)rX&r`XLd2J5(gM7h>&;W? zV5GJ=`(1R18<;jKJ6xCn7^SYh%H#9?4UjE>{6SE)vRv?ZARh@3!7-Bs;;HZj+&4^S z1&-;M($bVCy|b$lhQNnP61aB!RCR&{j_F`ey4@DJ>#t9`)`_Fc2&Exa0R&-4-i9Ez zZF`;~*vs>j%0j4DOlb7&q2-Vjx=;DQJC&-pASW(76jvU;Mc{dj3#wgq>#Ac1GKXkU z)K#DIeCInMwhTZPo4^&oBhP=1r8+SI-SOfyK*)L?LGD;)?BIR~=SDr-iRVzQ1kAh# zV+^r89DDWkW{)zLt~K%@)$XvOrPqxKnlboB%NDw_Q-qW;0XbAcZ=MDyYGERk1KQ^` zx=HWJ53wY`OUtd8sZplTwPvMfr{c|hu4JYpW<^a;%hK{!=E?zABsdJ>+HM~rBj%l^ zg0B)ekM4a9dE8u9JWJb3r7@9EQO0faykzVLq<*ti^Jq7iv%b7wUHETe6UWdNc^Bha zi+V+Pv<-Pc3ftB@gFXXGf@H;=$d+NmT+KNbvl-}yC8f|`dr2cBgf|B9yrTAOfIvZ* zz^X!ZQry>sA;)txK=$WP<^Vq5Vcn& zz6!N7XI-%!quyHzK0}>N;4ZEQifiryz#u{7L;QF+j z9U~Gcr;N=JSvJe4SnY^=eFlM4tmPl!5mbHw%FyT zOIEt41uxBU3F_(ADa%BzFoE@N#@xuOaT^!x2Y^@bUE_IVQg3ZD^dT2!M zY55~XW);rL#*04CS50NQp`_%~-df_3Ou&FRGW!QyfNre|+QdKw$cd>?(<25N{6sL5 z_(c?{vEaAqEJ&?sLy0BKxWy6}@tX^5w@?f=7x&2L8jJD*D~~A=!jsf93-U*7)5eU1 z(l6bZ4`j|Et8-wR@ScdRl(df_?0HRMtDjR2cu$jEZDNj2qpE8?Eiu>UMLsC)d6bea z1dxk@dB`)B1sZ!aHsApjx{YAUc=3FO05%++n;W>(+&^R^?-$59H)nJGn)EHf5xqdY z*zkAZH*b%``muhcWMa!an6#K<#~ZN zy^+2e3X2-E%}tI1!%skdo)Vgu zjXAM}B1T)+Xl~PHxip^@4^4sXu@FX-STU4sQ20rdr{zlh2eq69UzpFCeU69J5d7aW zwl>%tC*ZciF-ZR_`W#9Ga-k^f^C8FK?eJO_@=L5QFG4!_$dp9j;e-kPF7g-<*e_M^ZG~BR^zpR(s`)J@`=qz;~{?%MdBJxw|h_0Ta6Rx zc=Yu=qBn2dX~i{CEhlb$D@3R}jGnml6EhC^|FCrK@l3w)|94i7p&W8fk_t(Y;~YZe zuurKZhb5JyEN8|xa!Sshl!_SAuj_ri-q-Vm3oHIC4RBnt{4UO%%yWz)fd5?^XikZlMW0%27QuUi{*)ZGO?d9* zP|;Ud(@j5%J;=~@!Tx2YWd1!>+^Lp|>PdXMmY7Qs(a)dKNO)>zCdZ_dmhNA^eYKBv ziFx%$TiY%&kAcWR$QcpuG7G+@ep0txHt^J6QF(;%X{K1Oym-RFZ*`S#7=PETLhj)Z ztNc}kBGS}yi^c)|^W-?`jo)WT6NB8N5qhH*=TKGnV~)U#khI3R(%3sNm&%4dGK?`% z1G1y)8x3daY_59&cnQ*2M+uZ!jKxiX7O-7^GcJDn2`roLio3tJUdUqn5hqzKX1NlC z0nr)38O@QQ{ee#Xlj4m-MY$+YN$fs$%Gt>h>o2}b&0{HSs1gi*E?JWjlI;ReivBFt z!ELWRSOe?CX^hg}@g(^U1Y{;U@P_aMHBlqwr^lKj1oueCs5?+|YzKD#JOlm}Hntw? zu+2rfhKuuBXL9!D=UI%vHCI=sxl$>m1EYn=?p+saIY~XVaZMbX*mv-=KQ!- z$*6}ZZ&6B6hS4W9_!gn{xzx)(tX``99(3WTg;PQ@vhAuTFZD41a+lP*HoP9DFdx#- zUv-_o`i6UOc4_Z==`(?6Gf|PL`-Y|!ci>j|FrC_2!TInLUnR7l25Yw$M(Za@aM1C% z?2~!F&y6R_#k@;f)1v-146ct|8$_3^JM4l$2@Pg^&=~e02mgEX{^*6;quugnuw_3Q z?rRQAzCeB-gF9>i2ms?GH1n@+ih@W<&SyPfNEAmp&8-}RP=47)F%JFvx!>2l+3yN3 z_4&HadF0!lBYVxeMDV&0*y^;oy|m#&x3w)0zv?(_yWRw|Ac0Caarw20eE z?jXHWhRjip^LV8@AJq8ZISMNda3)0@QQvPK(d?xer{o-dnip%B=>OfqG^g4h+9-Tc zZ7lVSyYd)i!ee24#c+yV4t}(cG`goE0+i#^>{YjLI>uJF|aCA-UWUvAt0MC zYl(Ss0!*wXTRcu&&hZ0iLcOZM@)H(TmE_kjqpc^?Hi2AJ3wI1A!;ht=?p^p*THXyl z%DWa?bb5mP5Uk(7<30Z-%K?2Qc52KPLNyz(c%q5*(Ztp?d8+c*61Gm=jq4F0_ms=? zQ0XZVq;VJe#q>Tgk=vs28glu9(4KQ?4ibNc@}wK=)o!{`JGLbzNDKgYXGR@f#m@j# z1V@YOwKf!b*Zwqd#hCd6T^}CD_`L5uCrra%XFN`4sl=5#w^H0G+-dR&Sc4^==q$X< z7HV#IL?d)$vDbc#~|)J^H9r`J^H*}ChfdK&>5s(OL(txHB32~x5L zy5Ne|!vHHR8ScI_^shf#B>|Pcvjzc5JDu0@+7NgS8}H7OHKgpGXh>suQ>@OSO15*N z+&TK0A+g^R&kZ~g#5~G_sPknsFFGv zLJX#=|4zO?`W2#-?a*0LFP4hA5yFw?!G3%ko-R}D$Y@G2nl)72K`vJuN$M@GH`)fe zCM#{-Vg~KzTUEi`=aZ{9-!k%gQYZ4Fp~YJvHltJdbT!6mLu?4s!c_=5B~b0#SUIR@ z5_Q|H-Yo87q+r%5!imS~#hP!3=$(lIoQ=KOG^%+Tkwv;rMa!fAq3#&rAq6(nGb5E1 z95*{)K4LPAlK3cNsn11^$KJ(N&Vof!0sSFQnkVhqw_dK{m&mySXw&Acl~lFPOiM7+ zQy2xIyK-LuxeG6vP!tAKKY}QC}6!W~^-d?pc?Zyjx z2_X5Yjls*3?M|6OPe_Qo@Fqc97JH5nDRQ4Yr9?p4^PY_gKjGv<>6GzX`xiP(fnNYQ z{h|MDqB#+zWhYPtMotg6D&-)xVNO%hQ)L9R9A4)qW!aF>ZyEXtb7VUv@-g}L!&bSj z2x^J4qf<577p(!iBfi^)thpF-!dqzq!;l*oKsW) zW0A&Fi@3rJ$s&~(gAc@gsrJ)MDXoFE%_@pqq3Y||hUt|w)p|=piWISEn+e#3$R12| zqonr8&%!pW7c3{jjic6T$kMad4@ZwkU~l$Wyf+>AmFzTsJ|jqPx#$bPl$=fEekXt<<+19rq^PgDZBc3oLdvkzr);Uz{C#VBRtL)DOw)vcP=P10#w=F;h>=0 zij;7i)Ise!3i~6;ClZ8@VF6T@+V;|Sc3u`={RVc9d9*-(zz_^WC+0Z$oHUQn|C*%d z-hOgng<7KRm~e5ej%K&yHy?@PFI;*bRt?WTDFu0Ywdhg?*nzF*S$OZ7XAjGkm~(&{ zAIusn4ZD%E)B*kllVRF9Cu*gFzO({Xcb@w*U*HZgg<>4>L8L6_YZdm{$--?`liTTp zwzHhd?ZgtR&b9jHz$+`N>5k8C6q%KlQ`?Uxq2e2#3Q*1d(rm1Vw|owJNH<^i!%~IZ z`bawa?87eZVf=uFJEJ#ww9<~4n;KRO-p8Ey!t$CQ%1@2ftT)o~k3B3*cdR=gR35~t z+r>Bgdo36FiNLghk8~6x$Y;0@`orQm3ugpfg8=#D-=Sp|Re*CWlkwLw3AqJ&fh_kRKVhkQ)Jj*r=KXJF*3qETZkT@9CGj9*1ZNeR0Le! z=}G*WsvS8(sM%g==&!*(SWkB5T}37zlU+dd(17iS7N)4tXSwl&yy@hxoi0CsKai8t zV>(Wfga%cJV~$W_{!fvfNHyV&S$AeCccJ5(#!?t&@3zb~S~79F+4-5G`@DCh z5FZ%G!Bmwe0@)U&4B?T**JM-FuT9_C>EP8wBhR}Ci?Pk4JSRQK&ZnXV*70>ecWVDn zt}RpFIq3ImkUYoOy%0Khp|s8R3mdkJB**Z$p7VnJ(S$iFD#+iucXS>mGnGtupW#@p zCObK5Pj2_kb}*r`j9qsn=Wva=t)Q>t)j+;tODg^Z~>t__d92jKJ&955U43>Ucs%i8|Pd9THJ zIwCMjmHT3%zOC6CZ>hOMa=~nlAGP7zhYBBT&v+RTcQaR6yf(NnPYE@!Bhu9fh@ zr@~@%(~aTx5GmFXNdRjk(0o&%%w$QSi)E9|=HD>(jz1<*AZ3!lC zyWh2bKM#=Udun;?B3ZV5l;&u}FlvFzkv$k@QV9QXH~kh+uLI(xAm=3mzKSl=;>4LdtH}KG* zXK+lLcYfNYn!k(fxt>`1Tb{vvx}I>6d!=tce1$K$z2+(W0wJaAXcf=NZ0~P`o?gzm z2+HEcwMu4p*6e^78B&cROq5vF{rQi~lH zPf|uFEIGodyljUthF82J-c_J52!Ea|^xU=?9i^*r7U~?;SIwxcPhcv8*yqsJF$jIP zql^LQHbZGlL?KQuwdtX#Y@p6yt}-0|qaA?_0(tN2g8V6-nys{xPQ$HlG47 zdAYGf@g_f2^nl0T%UL8Ds!v9U?!4D-L{YV0c9U0*gGq7CvCRvCD}v`cD<;fqk1G?Y z{tuHQ4=g~l<3s|&Mf=UDfUQNciVrGA6 zUm(DD@yiH-@1Tb7;RJwLM1GYs(3}BqC&f{>Y-4a|aI;i^wyjL4ko+Gg0~1g@SNi)6 zd&YMA+BvRl5D0rCctj<6?TGmsd{KpbyZO!x{meU|QV-S`qMQRae=l6J@uOX1i=dly zXZjI-wsXDZ2D~sRe#?!(1Ud^Ry`>A7shR@Ic${X+XBS*7VO4wzH%&LdT{{qdZ~mAE zS9_l9(*9}NWX7+A|7CcZ_>=28ZmbQ<>x+tSo;3R|eb~f(ZMU6?&)?M7{FwQCQME|( zz)`4;_zvv=JduID@ps`hT1@c1aq~tHk#-SV#L;13>*J+aW>$w=)9Aq~LQB4V1mf(( zzj6E6xibyqQQsdJp8NL~hZ8+Xi{r*>slYozS;zga24Y9uYllY?jRi-Qr^X1n4HSoQ zD|x=nQjl7b2%4yfOtCAHMT-;cvx35!CRJydxj6Ax!n;hofsP(|we%*yDr6!^s zUd&>a&0hr!WyLFuFIU2RYgMVdsZW`2IC^Ec#boyMHj_hf&O^M*+bI-)IGBFryBupa7 z>1G(8=$c?X*v<1%bgJGJ#!1s)g5gSvCi zPS9Mz%5#Ytb1a$dhVKr-m&pQqM$8N=VEU;z$}*{bCh+k_FpuKduCZ{S_Gp~ap3Yyl z9MKQg|ItnPl|%A?(z9tp7aig5_*JTH`Noa!DFoJm1lB;IWQhr2;d~Iq%LR;B*)6!w zcv1sWW;W!I{q`uAFJV3DR{sEAa7w68AH|C_b6h4pyhAy>0ybca4rTACB)t4@^I8k* z*UkkrQE@7l5&2z&BV`Cf=p_f>j%7bu&)F!OxcvtPz=QTO$qgeyPpX0uY~qBTdT9M+ zYH%6bare}jzJa3J-jTVZ!%sL$3LN!%csSG|Gny#FSL&f0f+hECRUO=Jki=f1KGlH* zY5~(XjEFPs(~4uP`-CtI?#TsEIn5({c2R}=y&7y)I> zfl9&>X7BCU2>+dYjZ-k1(o!li;>f6oZrW5}$A^(3v;QajULf0E4@r_E1x*nRgbMS( zOc)}*GJhxREvZuqtG9huE<`K|wLY*HZR3#=GNEArm!C&vOeLz~jh~Z;n)Jp+WMsyl z*Ripp;K6q5Mk*n05NtClB#Spst`q!difFuwQ8s1&>Rd!ouFm_CIj?yIvJq_ZdJxrgTE=2jp?v*%M!B`yT#SYUP zLXj1!^2%y}r@rOs?QH2uCk=N84kb;=q5TH`XmyPb{_)`Um$oiB+E5ccakxP>4Q{xh zPkKn?bYkvlG%o(VUi5>#kSQiipIzQe-ZPIY{0sjFo6Yem9r(xhkwfS7SZ30-cjOBP z3!f2$#yk?m;mfg=0NM6VLvRct#Uvz~`qwrl-lZ|03GfvjWMaPwz8H>52t(iFbJj-5o1KxFZ!il9Us5gj!a|lU&dw?Cj#`YROVGWf!Ue zFO!##$8``Y6>M9nP#{D9q98xUgmJXEvRdG^h zPY3EDfZ2i+0#=5<`xAxJbICN;dS~uplp%SJZWUyg&(CM)sD3|k! ziIv9sQCZrXa~F9X>Rm6Ui9|u$@2&jJGlN^Z7huy1J;>@l{x$YOHpv$)TfnFPgOfvl zBzU2qk}L5V$pbDZ13q{Jpq$jaRo+c~A|+r|>8FPPOFFG$gkt2c6X0sctMs92&j@DQ zV;J2TAj#)1VV`n>AY`#F_Oxy~(333{R(4|i)`^7S;dt8ajUT;EUjMO%Egh99gaeZ<6s}xv_6Xb?u=4bew-RP2j9z5w2GvV>$-lfyW_`U@jVgoc~v z?@{#^?B-BgDiM0~d{+wTqk-(|ixT@{fn+mR^L-vw_#BG#9Nej#{dYs_x1ZIylpAD) z@tN#JY4)!%TM4Gu`5i6xST{%vY4c8A-4LwM=&5f2H)iX;#vG4EKRx-Pl1r@+-$)Eg z<@d8+7U?LK%o%Jq6!H^7v1jax^1GUw=_U;LSsm|JWE~E=4)zB3(O|%c7bDm4GypYU zC%nviD&JW##&T?;gpbGW-gxSYAu%??VN2(+dj~;kJ0VZ9UlF|!onze7LGTGfq1K9{ zQU|#PXtaz{vB{c-BifL;smhOvDoM!o&|ojF=eUWE9l(WheChhUU7EvX0!1v~e}+t!n+=Z4B2T*z@4sAd^49R}B(Ht(b`ebO*b&ml*^I-B<$SFY@H zTAvw{ab#6fZt_lRbY8ATpQa%vua(^aXmw!IHC#9sDaaXNJI>J%2xP0yj<#NT&Y41%-w$G`M8UOS2 zL_^@^`QZ!^Bs3qZ>-29hQ2&C-w_^i|Bg@}ylk1w`)gXLn$ zvCEED3|DGmFxO;I=uA8{@nl3GW}8yYGT_|$<&cxAe`Dax;HUD_XPxTm|%e+j*t_glG( z30Zqw(OP0<9eqLvPR;6d`l}&Dg^EvM=UUNrs9l28DSbnr+n~nBbPBExmKU-c6 zj^aJ@SRXpgQR(WLUNsu-X+t^lk1c-68!QKs=Uh=;)Ke($;^Sk?$2TH&v zql3%a^nTdBj$TP|yjl6;OxL_8D({C{{5l?j$Z!?y76G~Z{gFaB$7ckvV=9ftkwdRQ z^qhsrExyV8*$h}#1U5UwtooxDIp9F%{(l>#P+hpd81!Tn_sl%Hn`5aMSMSVnoQRD< zL}c-7nIy3|ST@dpn(8V%(Ki#eTx8@g!jsI>vmv;G)Oe0&=;UwL9TAeT)AngtpbCu(MyqbEq2RMuV@2Y}j8! zPPy^!OQW=tA|A2AT9Dl^QMFI{#yLb@E$`7zv_tCeo^YiEa8Bhn0xj)#7vQ;quf_Ec;MX9f}?&Nr(? zoz+;<(OLqQT0AKn;T{{@Cx%#Objn~|YyDnpY_}Id?P|a$=8=z};h|*Gbn6&Kj#EeE z9vI|Gv|D5#)!_clnCKrUdq%AE%HKl4?j>@bz%5=$r|WOuuK@P^PnOX-OS<0;K6*Nc z=<$kp&oOa;RKgKxGvS#6Q|406Uz-tdDQT<@BcHId3$|MeiFgA~CuJSB$r8eNmHQpH zdrY)aucU!|=q5C~!8TkT8q*V!I})z9aY+iS!Uh?DJeY^YvG&*Whd|>d61=i$V3t6Q zhc2d_3Eh6-uL7hn(RRW9&-I^;0U9xsd=mLOGK>K97N#=Hd{b@Qar6=^J!YZ{{A7&M zbbGMRGWIn_HO9#mYeJyqgzQuSR5)2ppaAA!WrP-IO?KnhtX-)FAf(THp*v74M4lsC z9iCQ+`ocOH*Llam2(LK*?d>L(TAsDxjwZ_>XBcn9_%8{l0??C-a4q34LaHPT0tG4B zO8&t^6tI8#e4IF-G1##M)l%XO0Guu4psMWmcS`-cmLa&o*8i0P73J)+2dy@yJg~~uV?p@!D)=srM!?+` zHCd1ym19ndFn2`O38niuw=Qop+dE|?Da2t8aQ&f&ql*zf7PmiYB%E05gqwtJ@ zlzeOeBgH*giRDH&VBJM*x)$yqWSO)5dQe#a_z2W6Y5jR?_7eB(w5~_xI0vJ`zA#;O zTPKH>Vo&uK=lwf4@+3)D0-^rH?;N#Ni}!aL@H1J9$==;Astu?nMY@wL2RjvDzt&R@ z%wCs>-jlCuLPg6m^Cg6aaVc}e^XyO7upP~gPge(irO_kjHGTLum+hA^Px+Jwvy1k# z^XhRXZmk+@L@_{p;lAkTtRv+ONGim5{`)S(CM3!YYR4Xy5jwEn-zj=Sfv}HS)4l_n zJhiE}rG;LM9MNrq#pZabikR>#0VOddQwkV`Y9{Tppw9AT5M@~~M{4UslA>s75~<%9 z-EC7D^vX2oKyV}7b%`H1A*#4N5)nG8I?eapuWc9j37`Z!LM085_q97I^-GF3If}BVIII}M%$B; zxlY^7yQT=>fA3gQZyR&&Rbj-p zUJz1D5_DXIk@>=V5DO*ypqjr*kgYqwdiu*MPa`H(oL@@Nuiec3q3lJlSKaYbv%p?J z?#DJ>=M}i(HU?i*3d*a6vKt!Vn8>_fUm8ZDD}_^7K%yPQkbVg=aJr)wlKkIaEL33; zhe7EACn`$@dnjQiYa2K{8Gs*&z`AjC`9lV*lM{K7pd!wtX&(}>%n|tLsiG4We$*7T| zhoXN=wqG>B$Bn+K)nojA=wA#2T#Ryk`AlHU=shwUd3-gXDNrhvKZ1Qp8k&b(Dcr!@ z!LxNJjG<$rWqkvZ9E*Cmhv-rP_hetso!Mz~o_r77Hab3c{a0oJoVu2ULlG21ohoW6 zO4G^RXp1a28zZ^ln=a6$3j2~@CG`E-#rsDNu=flW z%m5m&KQ{SC%+rd{9ZU9R1hlMh$&T*M-Lry}=d?cxgRfvz>|6UQmD?&$W((EXz+XE) zj9FL8LE_L;244{aGJ>m6;Vv(MG$m$HfgqQOd9)}^H6Bn3H=tgFge0+mZKJzk|5?8JLhVLc%Jvs3qGF^sD?!#>&BR~n+)dJ`@ z=by{F1J`kEq$V3e{*G~F`+8IQ+EL13545yE?ksb}LB*_HMO!jB<} zOfEgPa>`T5QLf^?6qKJkN`O~ahJ_-5BLJg>ao->X&o!l>a4$EC5=>JJk#C18&@m}7 zl7?}zV%%12f%H!g%cNoLBXh4v<#mo9e~V5mE(mS6GFr?J1;3(HLWIh;Ea%n&+_^NO zMpr*X>7o9n0rBd5M^DFpPCPq9|ND*Q?VrG&JW^GVVzS#3Tnn~pp90q@^{*9 z_z)^IqdrBfpO){s$as1Kb#fP8+E3)5B^g!^;Y!Id zVJspeVt^MSf$mf(qE`XM+1McmQgJd$IxfuFM%CWTZEb_Vm4@7+0)WIos&S4e_HPjc zVhN84DOm(sPwG`kTUA4NFz0n>(Ce{wzse!NB18plU>nD816k+8kJgg(z4dK8RtFKixM-(&Ahz!)uf5r)JO zsf1)CN7c?>8te70Ro1QbLnHR5#>md@*=VT*tvnq=X3FsCwJKIs7xvN|-BtqG&)EG{ z&#%ez$UN2?Tf)S@p&j0s`pG}R;}NiC>;=twbaUALl{OX3WV_PJ0i`1&087Zh446OX z>#Re!GcQ^fD|{GS_Aw;?A?%8y>`yyoh+^?jMi6aAXv}A25HC?AM?Sv6aSeoL=E)Kv zv5ebedUbRSYBGRWkTlrrhPUc20=`V!Fdr>t?5OXkMZi^rbt5|gqcSbRMy?z6S$fnl z>bp=qQ(1oaHS7txPd!i2E} z?H0EpAoRU}C~>+nwQ+3oBz4~yRCc=)`1g=&q2u6)9$NV>Tyy910rG(fdMG)aP?Ux< zWiLDwT@Yx}fSpYPCAfx5CGf>N)ziVA{gZnc>L=*9df`4!t4YDZDKVtXAVLX#&j2SN z@DE3ykb-=zChkK=-E}Y^Q+|ZGH_iDVdd0w2#Pa^Zrx~Y}s{}^NvZ2J;aZ{z3d%sfF z7(4r%_Kk#DLMp~K?dI=)OMbirA-!Q~kFf06y-kriY^Q9H=?X}TiyzwzTznBbz3|h? zFu}et)|86$qup4x=*6B+g^z9N!8Dls!?^fUGN^qqWY0C$603M4iF2w7l*qWY^jB)5 z;um+BDNGjt)P$?+;o9H-5Nc%j*b#0Ld#SqLY+-YS_|B8eVT&#!dqs$xvlHCcvIyv! zEh*mUa&kHDTvL>JE}8g+Wu7#4vZxv?&Nh3cJK ziPAX9xQr?q@UO88PJ`WUzWK*s89#;+hrQ@c)pOkmc0|@f^I*tK&YArBx9m`3*q|?W z*F;KpecJZsL7N2H!=Q7;4H=c#7{Ccl^v4^$B9s)4bZ4txef zQ8hg2sAAviI(RYqo`kcCWCT?!t1^-b3gmh+(8}Z8?CfTit5A! zB3?A0ukd~eHize$YCM21_>b((zr}v)N;V#^{e! zCzaLPY83|?Wr+sQ@_p~4oDybaT9@pWjx_8|GhCf2y_9-*H6j8ohs@5;F&nRGz&W~M zb+(mU1fAn=cEf`==D-%|M5hJBF$et4~f63ztGQT`$D)3+b2obsU{W>|adrQ87KOccRM z9CPapc^5Ku5LCI*z1FI&9_(o{2-CUf0>M8V`uy7-_=Tnl|$!|zG15wbXK%03- znGl7QMAhWc47e+$y9f9X8s^Fp7ub7o?f1j`LIM3mZ)TvFz=d7=T0{>ym=k3-AsIk9 zm@YWfXf$wcve!gErgF?dMxe8@{%9-o-mJijUEoZ9&n#-7r{BfyLu(s_2O_|IzD8<0 zDg7$SMUQf}Ys0r-dt!e5PARjad`V?^h|(J2F?QA$lsfY_wR3+h@fyKoNI z{5q4avTA>Q;9IRW!%c41PMob94^P*v4;zRZpGjQIZT<=OQ<94?F(_P3d)V^~}E z+SF6I+@fuQPo@)bq$Z|IZ0%`V<&uqLGr4}e;n=EjpE9p3C@0S)@lf25D`j^a`n7|_qn^QC!a(>C>8BF9GdK!#9mzG$H13zBo&4(KM-Wzyem-u)q~v4wVB4li!( zQwok3=ync_I@t)wa>CmTp(MKhL}k4*ecyJ{_YPDR1}i3rTUmG9@cz}6p;u5Gsh)&Q zC#qw()mR`P==ZOp0poD zuT`~ZcvNO5>M_*H1>RIi`+|LmOY9XHttB2vJUZ{IgqDOTBQ}gC#%7AV2l+ZXfhFoW z0w`7aS9@&#Tomu34p!$i$Yj3F8+v8UZT1353E@BxDq-Xqeqp>gKXPZ5@WzBuH}>sj z?>JgNNvkAGOq5Xtdbi6hJZ7M9r;k0T(EUi8wLJ(8v4xW-`Y=i zgy-m=(m)=R=8{OW4ctKE&`i0M6N->{XyaXfQEZc^?dm`^c^?#|i&jz%Pb`^(BK#x( zVgjqGGJVKEJ6-N}rIru&I%oBv?+NDqoT&|$R);0Yaf3sQtYP9|CX3dI&ma5N2fn~;sG>h|g*$8ppIAAbm*kKW?qm!P5bYI(QELg{bTa$ag@F-kmPYvyL(`}+zkE(G5)-h4tNcTs=r4HXv;*0T5w$ZAO9I~pg z-sGGN!F@+!9rW1hTyD;rm$FMNdw!)MMRo%D1wdrrAM~&4_TRt7xIyhw+$#UCNQ!RD zY4OC>i)aPgm-EZRuYpcjczfVH$HSE))K|-$DTm_pYVbK!E5$C~!6|jS-Frc$_zO{w zp&4;bQXiY4tm46Squj&Xviz;zRHbH#Ky8{V*saFgAC41*B z*;MJlhMPAAaTGK~Xo#Zb7LLBG!_=AP-PX|X@xqTTOT{q~A8^Dnz9~z4NJ?I|?x0;( zeI2yiW$NV!emPWoYy@puCV`8!-#A<5(tQtJ|Nf$Li|+gPPswsCGEOI}>|Wm$?maEF zBCRCpnU>tGbX}U@^oS-_?1vRfU$S0`esbkhM1d4r>a^rN>EDu@J{<~=h6KzjRjrr| z$$PO2Sg%@e{Swq4S~J)jYJB}jZ1BN|TV?PDE#%MRPX9^YbP-O}#;0?fC96sXaz9RR zpa;8=>m&W_*N%kDj@!<$RYnVq&WR(e*c**bTc*?}s#N!OeS-d3V7tkE$-!`9Yk1R$ z_4Ur?g=jim)efVMVI0GSYWTi!p3m|P{N}~^IX5_(-m))ZFF}tg6?cVqIEq=`Q#+NO z80S>hVndLpN;0K6;{0@%Zq4h*n)DEd{`Hj@U1FU)Yr?f(w?)Ls93La+s{C20y3>Bc z@(u7BX&-1I_&z7%UU{qK^PgEye*Di<(^XzKU;>-6Gz+pX{Ua~uMi(k~v*Qp7<4q%JeoFr3FJ@id^8Sqm zwA}wMkQMvjfCG*_s`=SKV9T$t4E~x=iMs7TJlS%xlBOAO?5BvNk9nd0wmenQie-Ij z(^I-8*0>j&U7cK*yyEacoPA($J!|3=>*V(7&8q$-ZudolX!UUO53$+k&*PEB_rRMU zu)`X0JKhV&=j_W{x3Ypn5AmaG|9~}keF6ORKIykc{Fd4BmkS{$Cc3`1Ccw2%#-*Ee zPNuHkvXTG1vfYq+VTA3x%{@wRi0FAXbsxiid`tfGy~&OjSMP<-cBTz&C$GP;$n269 zd`pVu{&~nb{0a6sQk~{Wv(dKyZSmEcEOC29{p6fY*_&38m1y$F=j4&rbIiqT8=HlH>A`n6~VZKxRzbh=_w-pYIDYYpDH7VMfIb-~>6lT&l@SJd#) z!uuhc#lw;BuW!B#6TLPJM>>pmEt;1TdEm|c7S^cs8=D>Gq84B|@za;Zl+KN7o8w)L zYSyU8$HTOV>zn(D)~HWS!;!}(yM7N?1N!EN+82{Mul#fn0DnJTqn&poLYk`stnLc# z-e@$w&~K7p9s#~b8W|rCQBFm@b}T4>XqS)E-UcfxowQT3wlmdBrPR*;+#P2I*N(G1 z;n@sKl@Wh-EV}fE^j?|oVm@h!Y2UgpUPmooz&H~2X-fVO|1C*OFY7-ppGI_!Q7Dx; zELSS|QWBAF+3hz0-|%{<8RvnEuLHxyt52 zyL5PHdU!Y88To8nT5~sV7f-40{?}`&|0$jkho;v!AJe&{`Jc@EfXhsGXLrzb<0jcQ zrBr2yugT31Ld*@+tRp2AWIl`6r{#6uGBCt>%VbIhN8i+|xT<+ryj1)^`XOhl>ypQn zWPwtc-fxL%mrmOm70VwM>yrH;B{R*N>Gtd%=nk7c(epqpNqnz~L4u@gI!vnHbovw_ zQS-B;T+zXV^mEIyYp;CI3n<|JX{pCUHLv*KInj!jNE;50IQ5Xtl}wc!75`ZW6z` zDbA&IpEBS|q$+1h7^l~Dv*fkFdCj{ShE2++v>6ljOY*A%Hkfq8qB{`Ds({DP*OrL%raayrL8Y5;dP8M5AJ1XjfW3l+4 z)J^dZ61M4oMR7}WP&QL+C;gwQ+Rap|GG-bOay~S>eS)~Vb-?$!d zBV6fcs)lykkFLErC-wJe>{_M&$bBOYFtCaBOZUKa{YT47y^T7x@nU!=+}Z;Brz`d5 z=El?EA%ANN_@6G`?ad9u@KBDm1!$rx_3q}z`{9&)NvAQRa>a>D=i9Hi}|;eK%eOaMQh{xHaV>=#_LNpr<;<$_98plHy$gO zBNyJ%Lk4bn`J)?OSd+h8MkV(w#zS}1uw{|&NoIB^TG4Q1R7-NO+x-yY(Q^FQH)CuA zc&TS(hrJaXS?4sebL&a)iB3iePoSvv8rXxFJrxL=UvG{LY(=b0gjlJe}a)dEe_cyx-yHJFMIAL?BeI zZEfh7;%oIY7C#7MnqzIFSLI@c2bzOp8Iy}3d+XKbEny>tF813i&p(C@7h2kXUU~i@ z>|3FseZs%&>D3cmtEZPj@7z@?iu{g=t+^4>+^Fe)?`Yk=p~s2@ETP)jwu1eOp=CWCF^*JzjvQcPfLk^u{Npz`p z|Gh18Y+l?O`PlO7m5xJ&@OjGdx$xHs!kXvnq2fenYk>+a@U{AiQyw)-8#0p}(pK$1 z7++-3`RLijk&8zhUVrgBa_zjk*PA=0`^;W%W5yQEg0<(q`&+X#SBLo-!!~iN$xE1U z+srEx4QZ#k?XEjEsficAH;U7R?&5R0SOwCvm4!kwtL`;ekQGAzSS#uI|KiMPlv{D8ma7ZSG8^zADc^9CNa!s;L2$m$6WUv4bl z7G>I79>kh#9HfQ@)p);Cx0cnw`!fEZ#&i-A=yZ$Iz(eO%-iKf3*^n<==vjZVZVSKp zdCMlq4)EX?AbM$flGvL1p_(^doOKi3Ridezyx z0EpxU_p3(%=&>_@c)RtvE0&f{WI~e@e0r2(rA7}A{>=V6$jk-ickHy$%qkbS1V-ER z<4H$z?j)q)qZ!z0XUA!-TQ_pkhc8zK#Gc&pEU0V<=F{8z35UY;?O`izqg~fG>+=;r z+7-Z{`w2ng8`{01{(j`ZS2j?(MJC>eNkN%U`PWZLn?8uAV~eZofThPafw1cvo&^?- zFFSk=3BL?-GQNRgN1ASZeeN?QNWI=)tczOfDlj5jCQOD`HZRED#;A zZB2YqTk3tv)q88PhvAiu=n7iF#o*Y|Wk{VUd3oJYY5Hr+`%Po``FKaa zYd_ove8xsU5v|HwnX9M%ESl+e7Tw)^hMe;JlsrTfiLG6M`a{G<`aROdFH-RRkJx%B z`tZm4@$MCt`wLnWFm`x#Vbh_f?p4HQ=xy?albjFFe59&Vbt@t(wtHGg=bV#4HsOj- zi_r}yKUKtEvgie+cZWnNSq}C?IFNi~7fr5Y=yfr84R^`R7_uf(`q;+1bUlMhasp z*!uJR?~^SJK*U!1*UO~3VCeF{;nCYSr*{7F_ufTbeBC+h#hPejH?7a%0wLfA`FO|h zPvIAC${zIsjgbf~HYZmVeNxX>qgDzKPL3hS>i)>;wkRzTANCUjaz5U zH{}zn`^%?-@$3%muBdF_tuWzge_+{j#(4F6rW1Tdy~WqxVUppJHDR2XYb`Tat$ca8E`1sz2?ci)J8u z|NkAZ|KBvhjVy0XU4?!g4#aH3CMUjad}2*~PmCJ|UbdC>)1|ggAN0N*``sy1KR8|%^k@J4k;WMMS%4}{D6TE|b?1{e&Ui^rUc@V}nffU$pIHE3&9 z^-)42eW*LJd*8JA1HhndY&7mCYf-24`hUv#jPwgm$NOYGINjIvuP#Y8q+YL3&fiL3 zcVaXuds`m=(|t)&P2q>t@!sxh`s4GGld0G9lvhqQ;bk#W%blaWP7esO=55Yw>nW4ACm-Ns-)jDMmrc$8JGt?%@P0DlbxL4JOqZEO0Qp(j3V6t? zA3M~!z#2wwi%+Vre5b@N9OX-!y>9o$2Gtdf?s@VSWIkq6)`JgYY-;ixWB^6~_u3@` zKt8;0*yE>hW4YHG`uvTu)&0;qbnzRDo8Pk(VWEDY@o5d~ zRd;Wwil6!2(HnIjOF#3d?_Yh|D@@C*_(NJ93qh-+tra7!T|Gy^6GP?O8+GW1xg&Df zQPLTp9>V2oBelz*9wzEK$Nwb%$V=EhAM9fp?5iHs9mdg}aneN4o2(;^nvajORb&8P zrad()c4g>?GK>^qwGl-pS4--q`kgQP|Hy8;*|7XLz(u@D;~zrpUB9;!=&y6M=c$VR zn7X5&p{J1Now|OIsM5ka$XA8JkI|x6n!GF?jvSG1U5h8rh zn9D0qS}(|J-2tFX1BF>HV%kh|$~PugE-jgH*rJuogIQ76g%~SsjlHH~<@@+K?5lVC zb5jkQh1oit+uuX$bfUh`n5SHh{$n;?nh~7vZuUdCp`W>EXnfk6@-Uoi?Uyrks7Vj$ z0tabD#KSu5s8EE535F+nyLbFHgP$tn?Q9>Hi!K#RL%<< zh}RRr1|2;ox?YDv!-$4gEE;MM{`X0DdhaU)Xm@P>_Fs#CYftZQ4*N3k6So6@+8Xxt_hgr@m-@i}W9drZng0Jji78i( zlAMu{vfQ^NIZDheVdO}1lVgs}Q6X1~BxjC9j@-8qAwmgr&Kxtx7;}tmw*S7r$N%wg zKHluJ_xt^Nz22|q>+^X%pAcT$;g7X#<({ah??Im$(?;fkUrr(+qB!LrdCdn=`yaA2 zX-#T%fseX&w(7~@D}re|^!qF}?KS2qeppZAv9;~l{_zNV)N%__b!ybcX71^JNXl{- ze-L*2%HI@MteobKcPGXj6S$bxy0!hW?gg&pdw}o0%IgK<)g9$x#~M2!;^A~uO3;=g zYCxx{MiVtJ|8!-h+H)Z)3hC^tz8&5#+}uSCtXZiPv4IKlhgA8T%r=(Vi^!Ih;`8k* z^A;55woLTvL&X<-bjp6sDQ7tL&XKu@YJ>P9*KM~N-Au>B5ED_)&0YtchEpG*=?>z8 znW&u=))*YzrL_IXHfO~Cak@eOzv?#UUCMO#0T7-0Q*J37AhbbVs<<3npl?z-6T-O+Q&IrBQYw+(3IS08B9o{7fYv6HY=uD@Qn)&^=K_8)akS4(bp z);fY`$*%2R8i<4Lj>O-=CU%}rR|>*)$`^v_BRqGk4mljk$@) z0gg7#cHRACK_y^|?tZi&Zo0u4D?|+b&2a=7ilx}hc)%w)E;@F>?IAjm_7M7a)R!xQ zT7*d?txJP_4`Km74skD1lS!R_Bua2eJbQ->glcScqf`yqXpU+>?Mm^}3y+Lnf#SS0n0#4oTOxE>ZkF!w`KNkB zVq-MXqe%QCM%jb;G%Q^7UG;>Y;W|;}a3?(6C8t61`=w`q2FAxsY?M4=GXJJ9+*#3rk7me10^V`?0qCHWd`6U(5*7rqe6e$!{5q7>VxCTj*iruz3_~Eo=JtV06>jUctpiefsx;?pcL5=EO%s`waozP zO=k`80f3xS?9fxhjLuf$*t>bG{*T`x0qXTg2UKus_s*;Mk5RZEPvLeEgWA6Z7TxcF z`4^1}ur~04;VkeIJ(bg3BQ_TPlVfEYVI1JME0k{pI~X{1!;Lenrs-~ z?Fba}Z;_UM+wTIdJx_C)b80Vn_uGFL2iX=*U9!W0{uX6)B89a!s;* z1nhk&583`k1qe}rd)|3LeXy_|S$t#)lcNVC;#duwG<;a%YzM06Uy|PwCnKsLrw9Ct zyz7bBbA*S<-0yi*rAenuer!3*`TZ}vHcuvM&Xi00_v}%B?yfxz-&bBQ>5}-|OJZ7= zv!Zq}%PKdt&V3%Z4YmM32If6NC3x*br8=8w&;63AvDq$4ShlEnE&o?}aD5%0xNSm? zm1-l&9+tV0ZmDW-d|NtUX5B5>cZjJG9b;4uKj7zQEpnIgybEmRLxrD`-tXgXYi95; z{#wEeSoVpHsR0e{f`y*H3ELC@{+K6Ax$ZO6`Y}_A57XZX(aW1r3Lig4KJ-JxLWV2K zsOPWRp8>OsJ+b`YMjfnNRFP=v&ij#S8Rce#`(9Sy|dk4??%QcW8 zf{hT+@8=zbe-g@_k|yjoKlM#N&c!(~L@7oDyt@KYgP5R4_)C@FXSoVJe_4u9Gq@Dc z=vgS0nN>m9V;7eCAe5##8=>Xd8715q*8y(GeOC8ENTdjD#Oth-bXZmj{?q{LS^}2O|Mp2Q(#4%xxYoB2oa%IR_Ld3aZ zxYj?=SreD=Quc1d2M=~CzOVSXzH%bbvxT}W9voOxlA0nkQUzK`&pKsF8BH~LS^Vq| z(`dtbE?@YSB-rcJ*~}!b68Z;H+DO;<%vZ^hslN+}e22Tl$FBz9DEZ|k--q~h|C@Zn zg63}q*N^U@Xv2Y~d6ps1zV&B+&TaW{%L?mnCUgDm->uU-epRJc5*((GHni#8gqQi5alxuSJlS999cZrEWI=*C}?vDR0A2+Dn5Sk!o2Ugf=Ez9 zMtm+c28G%L&Z(zg$YJGn3OFPOImm`@H~vmkYy3$K>i0MJa4l#}vFzI72~Eb5VQWSW zW#jSsyX!q$eq*WD^x?ZX}4XTXK4_y|PKN=GiOv>j4rz(w)R4enH{tZ-DOe{%! zvc6ex+iGjq*8U*#*Wz!_)XpLgvHJqZWHzZQe8!(@yq%043DcmICx!sc@ogOXPta}Q zB(=ZN)$hbpzoj*1WZvV^biFH*dX)a4B4{-|^>2NF-f$}+!R0OTsZHo1k~JZfb8b#R zee~ko=u(Kmp5hgCWOzhl-KE+OYzl;->Qsl(k5*O1^((vs3ZK9?qfWpU_c`q*)5jAf zKn2Htog9j58ar<{bOjs)&}KwZX~l*vcY&|YqFT5Y){i-l6>n5}n|5gOXkMz@&yzs7 zdX+Uxq)4PUM*lN}`QxhLf01fi=dhd4PQ6yHhDSL|zQ^kS9VOcMdOj!5sQ=t3_KN>! znC@+8deAnWty^qstrFGh^(>;fGYAXW*n9<4JY{8<&(2kYLfT9|m5X!T&ZAg)+h`&e$%^FQ} zH+)zw)Ij---9o0?k-yuE%9Uqpzjyx@PxKe@o}@;;32ILbpyt{Dj02|yrqh23RE=J_ z8#qg5`-U*Nr7cBjcph5)A>^TYeQb)nep7wdJFO`ar>)dfuB^|&v*t_n@YJdz zJud;{xkRRjyhI38edUjVUc*RU2y}k$UNWfo8p(9f!0W{|^#I|8xp3*navoZ0D*l_> z3(=Fm!>@&h)D|0f-6Q6GEN<`A3%I$Oe04xDq^mio*%6>FVXc!Ovi0}xm8gX`N8khN zh1w6DA?g8Mwo)ojtwL^Brr?YRksiKe)eiq2;53vTZ>>*gw;Rw-y&MmcJ&^Bx$2n2xxKEz<&oj`xc_}#~1)$c4^Ki#>A`Ae#roq*-T?$5~oaO(|Iv5ZSB z-Jx^m?O@CAE(*_oJzAOC3+2oeby(S>tYNXOJ9zBOnUqenC&~V>s=!12!RoOvFU|Vk$Ke!Z=^(yj4*zrGA{@}7dD|||R z>BM+L(bZjJddmn!i>)x=5;XLe%>)N?4Y$(sxH;`x9u=Ph;&n>i&jlMlp#`3DDLoz%yF+^1+67G?_1u!SD( zE5(LfJTR{GC~lzl>_?s)Ry>CEj_K2I25ke+`pHMsphUu$~5@%5eGK_8IWhG>UraU4MaE zs<3lKyD;5-gu(@bFsazM#`&VmA4JO@CDWkEij;U?GJGY={LcMn@I(%sSktIo3yDyJemXxoPP5;Z)9qmyc4lyn z{W12fhkV0RMv0g|2e5qN+kN}Z_&;5i^5+W58{CWV^rzWaB6i#&t@`p|(?vik8*`0x zms(1${?`Ztdpqr%GL)#G!TkPyi6QdFAm5n`gDJH?i1NL=Q4FWg)A30K-<-b{l~c4{ zEd_rHTVzKWtZVCiQ5;-|KFXPHymlIR2Hy?h)R5C1HSJrqK453&j6n#XGMDmr^W)C6 zY#DyR_B}G+Y~}_0T!IRdt)+YbdGW_YR~Iq%u!Q7S>$ZA9No#ajAaQu^iKMbl1-Ml! z@`vYKawI~`Qo3RJpOj`W{>kw6I$UV}^dRS@cea3(>t7G1i zj_21^K7++H4u2pf3qzSZUCr|uVK*Yp4Oa3fw?yP83Qvtmuq232%-!RwOcX^kIDc+h zPfGM6)NKpA(3=CxS6|;{)9PJPzR>CSna1N!{DHk4K3`PT&9TfbSoxVMP2l_4HTT_E zg0z~>xvs)sS1kb-oy~fW*Q5FTp(au_d;HiCkUum5RQjNQ&fXsLzJ+dN1Yh=wYnpi9 zoXlx|;i%)=HRe#DhLU6m8#iF#>*CoFp7nIr@TAWXOd#bl9flK)XQ@TnIvU{EsdH}j zZ1de8W(o_K<~*1{qUEqTs*XxTTxuG6k}tPy9d)LS4o9nDQ*g2-CyKN`~CWEIvu<}aAW57{(ZG=^|!JawWmx9uru2R6Tw%zveG$U zk3Km-`e9Nh@u)aemh4S2SLJ1wYskWt1DXCu=K-Id^u{HpEB(oR;9!0AOQ_3!-JhLQ zE!Vg88V$pLAg_;Vq-}pdQhHk72&cV$9Y=O$0fDd1dh{Y#+hAM>^KQ+IvLV`Z`B_5N zo&M*$HObzRpMw=T_al1LpUov#35rGBr}zVAW$2GOM)f9UIpd-L^b6ka-b(b9 z{A?|nJN)Oto2pc?xu~`BZxh-ja9RKGB12P>aIr7@cP5>f5%g8fsvm7opOEe2Y;OQXzW@c)*?IxHl%h-Y6OMDmUk|{rOz^b?Zxy-8<3*TBe?}yQVQV)V$1xZOPw7D4Vb= zeWo{VN#0MANCLEHFiG){o+Q^ytqvE_W9!1bR$z;I`jW_TQ1|^aFh-JobZGqL_T*fd z?`fhTL@`@o?^e;gK;D1Md%+KO+awHa)~FSOZy7b3gRh^>mit2#^tQVqJXL7R>Ppt2 z_XgokqFWBM+4G(Zp56+}+*`TOZ)Nl1*1c2M>T`xsm1invq@+^|q_`qke)zE|ap}pj zw4A1wfwnUf=H9JapPdD4?0>FKTelF+UJ-|b{i#N1Y==`)WWhg>>LI`r_)@s*$0%>` zbyo7u54hhmdcQ%w21vhO&aWH_F zJ7`~Mqjs;b*NGU^TwGU9YndK??D2K#N}sC~j?4r@Fq;Ou$;A4WM%zzsXHSKYqMon& z#`y_8OZ%q$&#N5`X)((dYoAs>mb0QXI0MQ{$|vmd&U_nlrWJ&tB)>)Go?l%orHSq-|*5Avl! zi$q%NzYo|%?lQql(@?PKCz>mJ*H0mLJph5*WpW&KQpNay<5KZOmi7!oRR6>_BjSPz ziYagO&!bnV;93)pXO)IimZTJ?%}?vIZ|3(u&ph&CCT%kSCBwB1QSXjH@=BWTk9fG2 z%ddBtK194aSd1GP=3Rk)&CzY+&#k_5TSu0?W)B^D_QQJ`hm&O4;-h6TE>GXE)$ztl zG#^8J)F5A?V|cIZEv2HjQbM2jYlA&gKsX4)$)}CBJCB(^aZgv=3M(EQaGmG7o0j*- zF44g_2J{^X@qfeE*)5Zl@;Dt9FKT+XSRsTxK9qTt6@sO(5H8KuFK0~+wn~54Cl998 z>hd_&*O~;6zdKe{^}(cjwZ3@5`RpYQo4#jB;Z7o@r3cBYT;Ui4777S<&=pCD(@!qCRi22R@aGI&+%0YWuz* zHo5l&9#Exl5Ov4?zT5MXR;~q=!eQR^5hf>uRDtal`+{IGT=~W3*-^{2QRX_vQ@vIx zJ45o_)pFektzFCaPmzr|k4%ia@^%>0Bg9T;3k@Z4f#>s2YDe^USDbrI`d(O2h&*s@ zrsk_rAeLqgx@?CJ{F&o}f(tuQNj;(IQ@8&_{nT&~R@#y9((ra-R}Yb}SCbDCSU7J6 zy5z`aNpB8u=+8>)rn4YR{V@IW@s&xx%djFkDz@f)tfhz`_KXytPUc%hu1L1O__GQ^ z0Ka0Ki9NU5Mq=v4!rFBCV;(5A8&>Z5&+m1?Yb;AO^Lx*&0XB9 z)~mdAou;^d=gdKe$tM6xv8VG6F4Z7@rA_sV55tDGcVofP zWj@kMy^ZxK zrA@X$#2+wc zm=;Pay}4iv{DX-oyty5ffUTJJVAvBVfKsmo`>d!h&OOp|VDIJP_#>}#xbmXuvari~ z*SWUlrM#?$_{i>K)ID5eD$uJC&%5@DVHs%QC9-^Ug(6;SZ2h;Nf3awQ-KFCyp(_cO zKJl|Rt@wVZOZ?0roOQl7BS?W0VUXX@hLGq?<0$?kUpfUo4p)T<4k#ata*Q8GmOl+m1eHxxJk}9hN#}DoKE-XA>dvSBX1lPes$Kr$rW`8ck5*|M`dlC z4{b3BpZ#6aO-84W-~m!U$vYXzo5POg*^ep_!=~O+UH7oT0t08_V15*AAtqNaaL4G{VeqkXfgZZ&*3&a5G?RlC#iMK^FAEv8H@X#T!Vsip$x%WF; z^++BWBUvTxmp#e+J0QthWS*>xFB^HOw1e-PiHyB6};pD2L;S9Sr_V2``<5VSFzQ7c}(ZPMcOe$-~-U-7T~ z?A5usm$rr-v&O>L;93){x^y~p5zvFywYML9)DaAwl2k-YyG>uIqVE9DPWt>JooktU z@eD->==E-IB{*N#^W|h_xWdQ4=W+r1I!lpYPprTFd5Atm!XfAW;t_N_goU)V8YHln z|B8BhiFVUKdoTxozxS^N(4GCwu|xmK`}^2C%k8n@6eg^u7_Fpw{vHK@w&@CXx+^q% z4)0j)H5M!yP4=(;MBa8D1sTBP?tK_i?MO5fA>Q>{K9$~qT<35!TGYwd*E!D9Yd>f` zQ2fe;=UsGw)?9ZQ`*5&CEIXFJmw&4TpD=fI9smqjSR$anUE6UTcN|9Fs<6x4gXb!A zy;kFrs%)C~Kw5lYqf_8}HV5nrxMy5-eOdSu_M@zxWHu`gu4m(`SAt}j=@A&85Ev_WkD`lOYKA0vWDLFY>jE?GIoeC$`jLxANtsz z`WyWKBuE>R^xZgCeOsFV2zalb&we#Zv%x%KC2%YtN_~eVa7TZq_X=TEqB{Fc$9=ne zhScJY<&r)1>h1fdM!nmH4JV%S2-_7u(dBG|=}x1S%ym`&5oJQxXeTYypKlL;>yV$4 ztF<8(9Q`8sp4<}2v83h=qJTGRLm}U|!&J(&@g*EU*CRa9%~*8L_!mHU$OQ1urFRs= zFfoTM@V8o9qG)1L#?rH2yhF9T(0tQQ9bp8bXWPUAl&GhT zj5Kk=nEyD|M`g+sTrVkC#=@_1=?rX-#!2pD8hZMd8|RK7DggIX*BKD9dp78 z<4~!x`=lYt(qGl8U)KGm0K)0Lyx7ne4tH(|(Lf{eMjw%b(($ODaWI~Zm8@R9mArV^ zP~Yef#N+u)9|im@!pAe3+OmB|O_jUscEAB||5<^#G7;2E(fz%4w!m z?CE%`#GY2cmS%#F(DH}-AB7VJJm=q!eFlE!;3L~Pt%P#y84YavXX}YC?v&odmvL4X z3YGDs?F1HBA|dZ!mk)gk5A0S2Oe00_INh7izuw8T6n>#bBm=8n$CvKk*N+@=h!71B zj4i0SFvZ`paeYjVPT&f9TvRX=wI<~|SyHSzP~boEa}^)3x(Ha^t1f9*4VZt`;Qp(H zJJ?MOx-S+mvKDzAtGIf~jc5kM^VTesI_Xo{`yD}}AidfAJ9MtP1%v74q53P;pe5~l z>RMoj{HwslQqzW4Thgve$GlQ$ZR50v)FAC=exM9_xoUW3;77xJ_xC#j2L+oYDIZ`T z8|IEP??*blr?NablI#Km?#QI(SOCWc7I_1jt@`2asqq~e=4#^<$#I(QwcvpawjJ8v)J@C#Dj1KZYK)_$v|%GV({W)`NycM0YpjS`q|N2;+2l9 zE5ducwD|N7Iuq%vo|hjiJkqCvbg2s*sy6-cUyT>`ws@B_IFN5z7Ip1FhM)3RVQO&% z*!fPjv1qP!sgw_)H^=86qQHBK#>;vR_5oUSnL>;<6OH^U;?ffQwJ2BMe0Ib&0BuoR zluMFp01bB9fX5*pfNa-{eN~MMwFMLm@2P9QLd2BH=`3;Z&wcNe zgn!g~T--y%d0`33xafkk3j+_AwJZr)T2XiVV`R2a69r8rGQuE`WUitNmMFPgkor&omBr8f7Hy_=McAB}pgPxG}FJq=M(P7&!%+{f*A*7E&VG8Hm(F75G>ZGHCk z73N=v-LidvNIu4{ta;CmN>n|mK7B>H@|ODM_tv|`8g2;C%}Ic1xox0a52H|^8`(8G zFq=z~a{u${MXFRKV_&HRHAKouP7-mqML>#JnH*#R$S?H0)w^x93@b|pS#mO|H-BnK z70(YoZU<0eR-Jf{xd!pji~$D9FI`eVRBJ=k%V3VZ`PXWp6285=c+cgjxR#gC_{kPc zenSqD0n;XHUgxm9)dCW(oqayZ$sFdYA%KA&x5Q4<(*0;ZM+Afr#^eCmoz!dEqRV5= zefUKSu4hsj7n++B?IQ@q?|;t?Usm0@G~B}D3+!J2Ow8yTUH3s}^?sKngPIwhnwFuouI=+qe6tP9cYFY2-jyhbTsNFn z?)xmURN1#}mRcZLt^X2~uCQT11^%e%ZH3ti6ub=;BA~VBQT_E>Dx)Cq0|~O__=OB&zISc5DJyR35^GdBWtb!fl@HtR;f~< zRyq?f{^7AUJ@25|EW>!PQomZn0>%vBXW?(ubpWby-8XkS!zs_{e4) zay6)6x&kf%ZD5&(>Mg*OY)H9XMk-0--wY1#|0+|0Hs6zzOo>>wy}q|)sP&;o*htvx zZj?hRB=*J6k$nZEaX!Dr=$!eb2sDzvZ_l-Qfvz9cl&iSX z3482%?Vf-)lhZlaL!DfMNV*-H_R$Oo*P}&4hdy>`<@`d_tHV_X+zG#91@F(oevA!Z zB8+ouq&S`al+k4sNrCe*VYf1%;Ek2xPv&)W?}M)fgz?eBhlMyc)GbKcFGKlY zj&DRICr*E6oCYbd^tS#y-m9z>6zf_zhm|;HTk`8hEFB*<9@u)4Q^nIbdlrAKdN|FN zer}0++x6r9JXgU#;Kl=#Rd?0$$zf*$e06NQqzbsVkpG>$jC@#~XC#C|i%{>aL0R_| zpdvhD%q`lPky@$ywm&+f5yYSlVPxm;y%#@p^f#GK4x9v5mgcXn>NaWhVnm8LD_Jm7 zVqQaTlg$Y@7ti$XKWwJX;R_>&U*jDchgqKWDP0;A+T; z&9?TX%tPb}ovEYedIw4vu;J*`i@aj-4GsQQ^OKnyJX0X+)yK7#(E2aNI7`%*ju(@@ z$nQI5njd~FmWsnrDf7jV$_lopt^BRve`;X;`S}`g*pS@#$q>+to5)q3kQ1LiFgbE} zl>@VA#ZA4ns)<3^aznfyjrzHqFr)QMZqfw@UJ{bJvob=xeb3X*w>&)2*p0$~7(kZP zpj~=r9>dCzasMFYCWkBlDXU&a0jWzb(m^6;fc zco=Rd${={BADpJEduC^)`xDJ0cnRF^_jd1bc=0@{j(jz{`nI4l;M`W@ z`@=aX;XU-#6-?GpkV8!svzM}tLjP%3+X(~3tcG6r%N(jXV_P1v(H!}Of<^Ohc8NGh zK;x-Q(~nh6e?>MWv@9~?N;*2`I4r3~yH7Fh+P;m1pq_zDCsx=^7!6?n5`~X_Y&0#?UNS&cKnU+iCG`M4b3j;;pc^1V9`>7C4sMG}Qb)fC1y~ z+g422K-Ufpw@;kKNIgK@KRL5|FA8FEMsFy-Cn*E*s2`nCzzi9m|FBSs&Kw$U!w62& zX3+KFRh0pct10KR$NqS^r&Lt>U4--(M|k_;P3%@aR&^w|A6h}C+zu_env*4EfI)eB znOS=umxhKT{<31+Id6cWc8V{O2?Mb@m{O2qNu<1*Bh;=Y_%%VHEa(FPyNf?F30zye zISE`@6q@wIIyG(*3E)00!{g>V!P$WDd#7+dhp!#U>Dr|ol~wkY9S7?9wvMFhz^^&{ zy4?Gf>7mw>UdPQ=hwc>n>b6SvC~(c`1&YN<%`vgD!`>*01#U()q@I4IfYD<^!(nv^ zGyJF@)qX1O=iemcJauN9w2!H>UcBgCMtb7>dNZ#_t|FAF-U`ooWac;}aWMYft@GvY z&}`D5AE^SYz@U5ufai{voqbi?!PPX2C@nSf8f```-9w(+C2h$PU>hR$?Jpg6Tcs2} zv%ZP!OCeDuy9$UKE}QIOpEvpAvcAFu)C>>jdY(_>nempVF#nj%x;2yk{bgQsx#BI{ z*XQM7%Qk3dY^B z_IKJx(jBZ#-+{ZXovP1fTqV?^^Wya5L&u(w3Q?A)Ur_?MqHt9KnziFpP~t}wUHUzC zplePPeV>H6EmiN#(405>IgdIG!=T^{<()4J42E9?v$xbA2Sd}e3>F?{gg%(u*Dctr z^DQ-6$cnbi%sLek|DrS4(M-TbD_SF1b4y93Xpj}+N{7MWR`-?_g0aJ#PR$DcrUU43 zJZ$e_t{4uVAF$3kJYl0d1gyyjDiG>a*_K>CObW9E-{Jo6^WSK+Uj_B*aptB|+_%v0 zV_nMh3BDJl4`3(wMJ&OOXVtk{ZPtWxZY;8Ums3ogy(UA`J7p?Fue**{3?Jttlyf=z zVcc)F6cFl~{0j*RsmfMRJJqXX_lK>`4Xz7o0*oSMJ86J4+fIgqa=Cqnx-Y#MnwKqL zH`J^TJ<*=G8VlG>Z6QLMGetm8N1 zU~YW*`@)1@s=G3i1&jsej{T=@sD%ba^xP0Kde|!K)kG4>E^$P_r# zQpb3WM7O;Wi4444P{q*jrx=kTkGM|z8M4(HJpOBrLpB?Ig+}wf?6`}LZww7z8LZC) z0r=!k&i!{O|;{-Xc8Fxf> zOI9nGd!IdXF9_rAZP`~M{M!c7-yK2U!Hzl=)Wo-`5T}COx-{<&!a&S`EHHwdErS^I z1mm77_a#y?>@}e-?O~r5uWq)Y0R>0Yr0GI)H|;q5Rxv~#A%w^-sg9nr{# zhp*6gC;4N*-?}bG>K!(BPqjbSJhxLFF1V{U>CTZ|3CudU6kR3_67G0(XosF`pViP3 zq}ZHHqQ@!(>jm2FR6Wrf5nn-t3CWWAJqWK1#H9{ju0vjjs*cNUvrur#etyVycAv>n zBd(glSO>8Q&Q9AY@^w26{y;eGF1E^Q{8lG|DluOJWOBtmp__`0)xyK9R=N{upPUX2 z&z=G@vb6c?xccXv>TK>p?Lu$4?9^y)w>@5Rze%#jI591nQytCj%}!sT8?35()W^0O zCR-UNuId>}ves|U#%Hd70E8??5X}mc@B|lk?JY zD@bp3>Q*1hIZ?#;0sL&cu25`(xm;Js_);p~9gFJg{B0sy(NW3aL$^0@h#BN42!WoDCmP6m2iZK?vh2xQP=hq!~ zi#tcWZ{)Td+i}IGjNiWz6cDo}P&@qfpzJSsfQTEwh>Uv=MZHDaS?+~pi;5O@{C>}6 ztHY&b9-J+eQjv2xjPAV6wo|7$)QiVpjJwn92;E2e>@%~1|0p26HgANr6Y4^i^ z#!crwbY|dY1dj=9=&=~aFj~>7Kr%wl8qP;a+f-1cy@8N#99IzP=yf0H%v`Gj)Q+jc z;>5bn;2zYDDC08D46EwEK}iNDe#FLo=P#!Kq%@65+GUn;ZB}FvTwqy4SWdbHnf8C(ep0Ke;J%8 zpuh~qeVjoUiyr$%J#+l7&F)NB1w|0uUIApzD$mi_wZwp!5N1@_T|o?j32t%fvCAJU z!Rvpk1@U+&7R6xf~J8=rEvSC2=Tc5RmaPZCI3Br&Z5Ma)O1rG#yQ?AO-JS7 zJ!Kg6-A3#9__zgMyB8*~pRnBFuKg4yetF!hm+p?gz${W;`F-6tFyJ#_1GmdGzFno1 zv5mrnaw+u5ChYogXfT{HEWM4MZI$hK!~s2L-BZ3+&fN~qNgQursv=)6q-TOG^EM~j z-P;*{a$h6a{B1FzOre&rQ2$U2kzr06!B0Qu$Z-G}`0cRog!t%qX}GksOFrViOE_y{ z=Hj+9LF~A%ks8wC8{21(%ya~COXJ!V9dcq63IC2E$MjkO z8OAK5Si-h@ntUAq)f&?fvV7RU=c$pr!i3$>n7yWOT9ck%+4hr&e7blwikA|4(?q2ch$Gai2VKs0iwhH+&Ra($j_?=KpnjcD{1uGEDQx$SsU2fXd zt!a;>{Uh5jGXCNjbj=qjukk1|aDd0WY<6Vv5 zAnmZ?wrq}38%S3uDULwkm=Mj(^2_bd^!spMOR*~d9HfMFb2otgKJo6)Au;5TCJGEq z&AWwXHk2s z-SG>q=Dot3So2_@*IQF-s?zQYOj#UqtFf+n-5^*|ka8C~(|lt~c0`*ER?~sC*<7re zDnP_w7oML8pxH5FfC5X{x#POcn%J5Os>X5Crc;b(P^DZ`=Dln4KHX1;hEWwhnTwp> zpF5_7XLV0L1XYe)*cW2tvW9reG+1{DPd`abDZ>@0J1n?G8-C5%aZXd$fUz26ru`B* z+i5ce(k}17CBhz`Lb)UDp)U9{X)W#usWk`-9n*MO zrddF|y?#+;{`s8+n>*rS1|O>_rk+K8>zI~o0Yhg*#k|g$ED}`OZB4>zdk?=8T=or) z>a+J4XRzNW#^|{UWGw!hT$7QG8Bz4V>#)6@U8o*gpW7xq3Xt%scTfA!O4PNZD?(-U zR1YQPovW2_qyNZAKk(~>Fo0OY8$fb?yeyFX?cT#2hE&_AARtu2*gRb4EmI z;MUo1nFVa4){vvZ-VhuLDZ!`(5KRv_TyKn=wr=}p5TMTZf}cVCFM7;Da}C%S z;0+oNJ;-RH!9%qF05n~_Pj(>LBqrjQ2>-938NDx&ENTx;8nvH& zGZ^vUac+p3?}9gzO46KHGqb%kf=OC@sp+i#Zw*<0Lrmxydzr;6^Tw3Bi-Pm^CsB85 zNKmnl!p-grytuMR_^uj8DjJ3{?jFc+I!iS?#CB&{!I>j14@0}JOwy6mr|OGn@+KC5 zjvuNy3$lfA9M^Bwg&W?K|Ky<*_H}c+n@*D%(`k)oOEuHx(t;drpt&j{#vgHKJUvu0 z>+8shG09lu#1)aaot-AhG5lZ2Y;*+uUpS|DoAn*YcNa{gOuO;PpJK1K7(PUBIux}{ zd-KV=DxlL$CQulaI{ZM}1}mqfHdm#U;}Ipv@%#!XtdpP`3$CDtF~?xA<-F3QT6A+c zgrlp1WKR!Q5ua+;F3WEVJ}L=k)w+LZ*_~bC!~m%vVgAEiJe0Cc)tDe_1eZf0sTVC# z5z&;{nf8f>R-0t&wxDNP*sm~=M^&Uwv>yG1%AiM!D3}kL!K|-As<7-8>{a2b1wp@l z^`0+7NvD!C^)4iRH0MxK3eybN^I7R#R?N@WuW;r{E5Y<+>1S7b0(9*S2Rq%Mi>Fx> zT$AfWeE`Em2D12?HeYgcLx+dqCX+bGjz&jCnAs5LGU2Km_U{1k>bf3E-c5R-YkH3X z)AKyY5h>B}!X8#`R|@mfCU!bi;q^LvPoN7x|+hq?1HgS)c zt72mV=-E(8LaV4QcYs6_cbXZ*n}^c|#;SJr4#arf|29Xv4a$;xm#BWDRyKTg@qca*m8JCN;uG3gFW zzy)M_{S2d~P-0_tOo=iPKnFUwLm#quV zLB5iHq7N$;Sy5lYl^=a;!x4GqgM85EF+WwZr;p`N<^59#F0!UaPB|LvLn5H1oS0kI ze#}iaQMTXnHsfOiDneP>ztZW=Keyrh_#^C|a_Zx*(38>^WEmh?k&Z>lYVj3vNAhlI zrR9pw`I~iVhnFYQ07+J=O*baMGfpxp2_~A~1u=CwsGP#-c_p7K(@xM@Nlkh{YgRLY z)|N`T?6~{K5(eT1zR4Z2fX!4-3c)8EF7*!&$rDY9P~Zj4+e1mha@;|Fv1#=A>hRMq z3D^Iv&8AaMu|(6Wb7#7?U$$$Gl`kA-i>ri(Ht+n*AMPDW+J@B5d80P&aP!JZA1OX; zLAMVjjd0eUdJ}@UyrgWxYHOvAHh$ML;YvHE^>9@k(--;VqeRTS)jkGhX%py~&VM*; zn0w!p16AEI{j6QD=3-81=nY^<@x9*;(;`!s-nIg}$(j7*W-j{CQ$&Z`(QFw`tUBM? zJjRs9Pzg{3!_VvATlnW%>5Fvqj?)~1+k5lz=t4%+w=ZK{oHnR`ubWC!nr;fM3In{cR^h0YtOT5y+Hj?uO`&`?li82uq@1 zP6RKX{Psn9A}w2sq0b_lM;?@6qvvpY>_TuJxq5-+oSb)%0w*ZE&soO>(6P zoQEE1?wfgQWk=5CcbAdR-37Xlum zA=|ib)>&XCUqsp_`CWfh70SiQi+B9MQ@8f#v(2>W5;I3{V=fC-sB`P)lU#2L}q%DPjCq`_h!mbc>)@82Mw$8TSWnG>jl>;OOoS$ zc21WJ+BhEFc{6g`@)FsOTv)`#qW`d!j<_7U_lEcrs^lk)-4_v?QnCEyav{vXzg|Cm zdolFGx&|%{BtNL3`}M9vImMcu5znE0Dv;Y_r!9!dpPb3lD;J3_2zp`Fh3f(Cd5(wd zG>Kst9~ix$>PuoToQ_m*2Ml$Y>_?u}f2b*=!k)q39?q08#yBAB#PQ~12z#W-A+qNa zlec{vU!~rva7gR)k&O-~Bs+Pi{P1wYdGzY1f;^)Lso(_C(X8xyzJUa=eQ|H#TOL{Yn}`11lmb{%OH;ybed{1s-1ihRv1kfC~P&(u(*VQM@%={OOx;zn#JkU-Aj{xOn9qPUwRdmD~{_MRr%yUDLoK7Y{GBF=fQYXsUR-fF$iHwiuBWGhi)r6VlmkV1J&BFRf2GPvi=UV=?Hql< zgaY(mE;0#~Q>4xMk{e_H165j1C)sFmOu^X#E2_*cVhF+7zc>+4)%<61io&mX2LCKV z{D>3v_aGKCWE(Ay`3ZrS5-j^rHS~;i$s04qNUQFM1g#oiXyqzf56P{`0iWHcMy{ft zR3x4H*9J-Zu9DCASn=mT0rZF+@slnbUlZ#xFg$PRte@9pTbOXp7}pI%9`W+E2VU=_ z*GI`Qtrcl!4a;@Bn2A5nSGg7@IJ94&+=HILVy2B1wgp=ZPSm7brb;`~$i&Ih|0C)x z!=ilNu;HH~A|(n)m!wFngmfr~bO4=B}k`qvx0PYhrq%D3oNxP z%htpHeUImO?oV^i%!j#;WA2&ry5^ko#LhRBxYJa>={n}=|D{xSt#v{-r%a-3(#e5S z^P14=zw>VSl&w~RUkcJUA>Ez*HjUBT$GYal6;Jm`Nm?G&xGD?`{bw)7Kz8{Wwm=pm zgv4aa@SIhUL0^rw2|latfKy%oW&;(G_fhk@cYQJs>bu+D=20qDU(@~5E{9SDRkXpi zk7ocboolz8!!j_|&+yt=G&wixKLe8i;nlOk0HzKjO#7eq6ygKtv(z2)5XHAQ@$K6i z#HNM1JxNUMKXO_p?V9mt#u=mhP6Xx@HzXKBGg`e)Ty8L+zHtqiS`2nB#MNJ`!`|f3vmqU6}>dU)~c0dQ-YMab3qp*Oq~-iLSbjA^m0)uoG;Jq=)db+#^+_ zB$Ip&?^DRbeW_?DQR?j6G|HiYtc{<Y3b17 zQBcJvf`mpu4cQ~(97blwFf=1J8s+m{c`yEIm<)S+C-osTNjCq(B#@rRj7PPWu(Ok2 zMt!V)ZDXXGsJZ>^A+)A+)Wr1ILPC;0wrZpr<=6l%6kq-~wrGm^>A3l#FnEyst?|{j zzEJ6Y&6`OJqO=jVOZ1u7%sZEN&-!uo1x5jrf<1)s*^-`#Om{fyDwvE2zc*VH+XGPd z-BybHA=5*`Wp$$(zpDchmL!*x z=+tihk~Qn__P2wzn#_C2#ARmQxduLr)cVU<>6)Y_(D4@PoHdslC|h>I5JRC|P**P$ zV#L$s)_zH9m9%%x5JN?ZC$%~-DS}Y)6|sSI3`aqE-(Ws8+V$QLDU)`|k`FV>MIs60 zsbZp@;(rkJr}A&MA<|^RW=>a+u3+3C&EH?M0PoEnj|FIsa^|;I-b=?88PHkO3X;bKpV?m? zE#fxgryKJqEax`J()Mp&;U;jm7O_W0hTG}0!HLn*M;eFk)Gms?dtEV>H(_pSR!;5) zB&IYi)xHQ*HfBEmk-fQGp8T^|+RE>-uCKl<{)gNUZI_tfi6gf$~ZU)qzdUnB&Q?lAEbCmkhRt{aj&rE-} zsTsCSH;C$?&52J_iSv0D#P?1<)~ zyeG>C9_L8uOA&PT(Lhmd}b@?PU z_@>pg2ISymg+GU>!%vo3i>#AkP3m8tz07@Fp>F|E(wRZzTr^IuO`Fx8t5!?-tR-#_KjWPYI4#ym})@Fy= zTP^Zzc2&e#Mzw!IzS}~3oul@WGMCJ(40x10;vcA}@vBCu-1!tvS3pNO#76A>3DWwR zBJAQrvuF5mJFn(+J((=#Lc7U8b4aL>yt$2Ama`p^@hvO<2{O75_voXa)nkzR2d%G+ zUwfV+H3=FH9!1b;P(K?i;4N2%!um;8m%ZB4kZI0brqpUTyH@2MZ4+PN1WqBI);>Dj zS;=k*Nh@pO+aR;+uC3k7+mbHVX)Tb$d+Oewif7zsx_9pa*i=#|zJ1H)z|EHfYUg1Ti@4yG+bq+eoyw2MVKu6?4M+-ySC1gAGOa^%eNF3u|roE z-D~(#p?_N#Nv`y+f9Pu-D}R|I{OylBZLOjC%GTF)l<;ypbE;)uFd_e+tzPHR8$ zeMN)|amddG;oYOPmHGb^5BG{BdH^-U#j0KYTu{Vpe^*vs6|R3Bved+iba4YDrbr#| zB0wP20=r(;r|aBFAN<@R`e8jqtQD~I)ERcIk=PVqt0sm{kaYt>k=~a%{y71TpP`zY zyH5XTTqQgD#Wzxn4ar;Z=H(ldrVCI5U-zI_)uRGi>-S;eAdz*ePS)~wzc8nj%e$ae zs0SnxRjm&~Y{)Grmn?vsTia`ZGo#Cci!ZLqlIryWU@N!eU0)Go$UT674Yp_Jd7@nd zO=VkVo6(O_H8)Be47*YUsdpujLn0lxa60^(#3@<_?sMx3^4|mcj|R* zY-yU>pE|A7I#ezyy;7kQQt5NbvvJX@--I312C!NjSA^v~7YlGI!99}bZOc4-pl2DM%}>MO(zE5ij+>R+n_@pUmt2j6Fskq%)O zct%&cBbFn}XC#=trJ*7Gn+`hTqEN`Wjlo|(iiJ)uX034kvX|l$+E5nRr5U!)d(!8b z){iwVS(V)*ZNrE;HXW|w5*;tGa*Y)M7#T}5Z2@$0!DeB zwgkxMt&;5tk$5rCxVw$`M@2Xr`St{9{6a6(x0;_Ib?T&ZS1I>8o9E~RPC5NWfMC(% zZc~T;RW>1Oh}O{!XjiKQa|1kOU3L75{?Y9`#rd)+@6we>#<3=Ya`gkp6BTebLm{;O z=I{Cs9XpgGc=gILP8qu3qt~#2y_3R^(#L-Oa@Ydi z5z%&&q@+8ahsRpTTsmjz`4W@!q{q6p;o&7;8eKfTv?!ah2(kW?P}M10 zub}jVyVNzlNpo+>I`$4V7(faZmv3{vN>B8!-&d>?Y%rwtq{W2 zsvA-3EY#jO(F`MQUADn|&zPPeuA> zSvIWpr9si=t+4JXH8q}65u={gR^QZ3LgMuB-p{B4gA>zZWVSf)iB=W!8(EhRZ`|&T z_=mp>J?DNjaQ9bh-)8NXIexnz#GD9hAYbO$jY;;Fn=3EFcx-roczfME_=T_Yt4N5g zq(YBAKt`I0!_=6b!<^weJ^W2(#TQ>tZk*qi3vAKUhb#Bzj&W~~&0pW0)HjJ1p2#@C zI1TH%*Y&-_pk$$l5T34S3fGa)EOEvg84IHxRc=D?)Zo{jAcNn7jK#5iy1&1~KueSE zz1?S@TC~hz6^;)d(6P%o&;ar(a2sntf+`J?Z}U^|`*$biCpJKww#6qo`R;5dHi7XW z^y(?IE7FPrjk0{T&q~50eD3Vk?TK|Ujr<5qj*BtwQ`zbIwz69Hwy%1H~%$cyP0i@O?_BTIr;isQNCDQrtT_3rNM?Gb|XdC z^~&LF9u^F2_~rPdz{Y0tP2#FsrL}EC=yXXCl`wU@$WvzeC$XXGYJYEZ$4)YScZ|f` zXLMH%SAT$a%xT{VC)s=$TyT<6P$0JX((te6U;dhif1a-7Z~2+1V5Cp4)o)LUscr7P z>2}03+huMoNUD4O6<)s|PwvJkW30;H-XkqL0SMAd_P^fK;LSF9|1z9yV3t31)m?Vg zWGDU$hq<85QA&*}jc{%nf~O3p*0XILEam~is4qGy3`}K2DU{U(@0AMDPNr0cn3?9P zJ|B;K<|fDgo}R*l{?zA5d@Q-T-R4RzbLixC`rzLZve@A;Setg)#B^4q7fOsa@Eb|y1-#>r{ROvq^q zUR@qp0?}#jRfN#3q6a;Z3%&6>SMSH)@|G2{_qL- z21I@(ZOI}7a|BU!$J&z~Z+88&Fq#&Bcx*Nf9Kf^=TDeKcLgkO|tMYpiUPne3a&`h% z8~-h^Ne{%^w-o=__HAJvX~qA${cpytBsl%CXM%d7NkV)AxOG?HH%9;&cuc8qA|@bs zJrfbZMVFYfQ4z@*CCMj}EPEW9#kRFT=L%>EW{X!plez!R{_*}vP@KMs=xai(1u2BF z?w&6*=7HINM4l_|D~{>wUq7xMYeNo{OrYKOfof&&xr9QK^49K#gY`he zbbOi~>}Pn{-?#M^=ihdMxuG+P6PLpcpNyY?1mnN|TRxSb-<7q=Pmq2p+IhrH7)q_X zr7=!_ZDxCz`e;xLfUweNZ?^D@(P?`Q?F|Q~gi8~WU>JQlq}4u$?@IXL%=>W6a&gvo zCM(B)biKOf92B&(w|~O=)7@U%f_eCJA#=8u64F(W`INv zD<~60fw8fC-7)n?lh9c9T?_;hQ5oz}sSn8NmSPSOO+%^Del*D_P6ild)xsXk+pwb#mD1Jq>7+cc>rr;cB0hQP7(y z7v7$_twE}Ff04b~$I0-w>9)M-cKgiE<<%aLju^_lY|;1en`rpt*FI>d%I5NGx*tm0 zXRt4wKE587q&Z)$P-@6aTb+`S0qRRff zR$R977&>NgbSMpI`tLbE%dITKp;)cc$t%mz`wRY#tu9?i4X5>fa-H)V#)E#iuv)k^GN9HQNjn9kT zIFpHGNQ;eF@QNmeKcp#B?fQ^<=To_%%2b2bV1i~y`(;MU%KVFsTiH)b(yLZ}H+G5p zDq@2D0)on~87RQQl?V4^9+t3gmsyOSjow3cq%^M4?0)v9<#6WJ*K3d#GcDNE)p@v{ zHdN!aG7x0K2OoLkcX+7%Y)UKcZ(Hz<{a15$e`rpIlEBdNw`N@yvgjtST0Ikr+^T;j?QrAU_SpK46JCzeuwztd)08T7yZ(sO0>#15;)TT(ZaXZ^^Q!e~& zi}~FSwE3I(T=eW5QCsh-sq&jT+~}>doO7r4h2=Qru=qv=;RU{|i{E!`QFVcLf=9_; z*W=pcGh~VxG&;uo81;hgsjO(~S789fTlybS&r-dGPVY7y>7$*J;p97t8(ozp0vGp~ zn%{x_D-qQ)T*=MT1;c^a`tbo2>~juXIuq~+)r)+0W%x2IK&K_QDJR#3tDm&n(6@$$ z^gJ@)=PPrEEUV70zikWYdrwRxm5mK)=feDss_T!@W(cc+TQk~ELU10y8;2>vA|h#l zG)mrnadZb#fX?0bTidv36N`DBf{p*=Hayg+!NsfUIJERHvu1%k`=Cv*R0pH&ZJ5lB zI#@3gK*V4v#h$&Vm*P28`xLMc3Hg!|`CF6Lkwa8dPbW`N>?Ew(~jy`?nA#z4_##dJp z6TQb29TPnI(n_T(S&X@#Z2UFH>#kR#ur!+;-IoE=^SM+9yL`JC8`zy2SDf*g-@4Z`9N zuh#xQ2o-~*deI~2+V-W0-QFVBqL0Y{s?ThWyFp3nf!pF&h#L^?_!re&Qyq!MB>MQI zNj+sZJc*>m2cORKYj0Z``w6A-xxxAOJa5+b=Nd$pw0@d96aN8TRKFsG3BSlyu~J!< zvSfjf;r=UA4|>%Uw!*x`cv?BJ-m4`K%tj~neUoZuy70}EBTvVgiV3O`sq0^TnX*om zlXD;{FtXP@E6#z> zdF(@Mhf1n%G#sB$_nxVIs#D25;lUThJ@w=stx&`3JkLb%Pw~oQlC7Ms2~iZ$?S0XK6RXcp+cXm(c29L-)^DcM|(^;6=f4aW(2nF=}P^ioJ% zPD&W-NzI1hWk(1K&2O`~vynu7l@5+jME(R@iI00=Ops?22rHypvsK9=l3-g2#xTAk zUPxP}Kg>PuxN8_#c_TK9&OB%Jb2?K>9>~YY_}92!lwaq%Z%}}z z(^(hH7+<&V2Ng9Qo%Akv;r@#2Gvhpic=`d{YqW!tOeb03@7peJD>I)G(NhNcLGa7? zoMc>=dm4v4HdNZ4SW~*nI1Z?!N|_-d7oT@J`F#Sf1*`s|%XE1Ev7|fu*Qwilt=9f< z+cMh>cLpPI(zrO2`LyJgZ1&qW@26aeso>G$W=$-MM6Hp1KdAueX^-~V)18lx zf6){r8u0y<>D#wL-rL~if07}Mei!!C9fp4Q+VT2OyT+58y3n@qmEn~`rt?uxp2s@2 zgKwv6+JSQ7Z8INILaVW>n9y}!6Ezsvr8lzXzHogB^JC^{?5q-KZa)@40p{>sy^pG~ z0lC-kmaI(*a9X&$kXnnLB6v4A8$0t7-sRB5&jAWP3}*Yz7IzO)nwt&|?zNF_`is}F zrS%{`sY2K2<(L?r;G|-+uT28S1#QrC1BiJh%T;4 zQ-MXm>0!2uSMCy+w;3pM+%Ry4e}ZY8w;32yq7#2ARRl~a!54V-B&uEDK9v#2QJuE# zZal~EmM!-z#Nttq>cH_AU8YoNDe&x|*g%OJvU7w3ly`8w%?ho4QR69-hqwa2SI#YW zENrK(j?t}5k+c5MFM!l?WmI+aju{^tm_A&L4gfUO20UqB;gHr$gt!v*rrr2UBV38Q z8#%aDH!R#6ISvN})b zuJYwBWxXf&9%eZb$v$(zLKlnWFrC}vmf*u(We01FF&=*1?t-1tul>0(-h^M+UP7B% zh)*^F>MsJG5{oPRYpn9}j}aFw?$j3*Gga~+&<80Vj-`F&^B%#GkM`4 zvmPv8vk=(WR>S$Bwy|x(;7dea6euvfSh)`qwsF|Ce(nWdCODvc8P4yTgMHyE+xt=L znGApbx&(DSUr2+}1$A=BZ#H%q z!v*%Cx)W@%HFN|OMem-98Jiih^l_hX@b4v$l#W|~wTkdVALbZwxiR@?i0i#3<`qbs zuY9pSiF4okK>PUaXIO$>+KW7<)Bvs^aPRl zlWD_j;z<__bFFQ@)RhfZL6Uc}x+@ciXms(RD4ja~41qMtIA^D1=d0NA)LO^rk!Y^b0B zfQ9P?P>Z78XmsyJr-^7R2r@T)C4M3SdvtMW0*D>xX72_O9s8m$UdPRBzY@a)4vy~5 zrPCwjM!+kgiCE(4a;h{n!hLDhWFbPsPhMed#;#XYi6kd`{rz}OI)om% ztlpLzvxhh5Z^sGtbQU+}ka(X<|A`K45QoS{5BolO=5N7q*%W<~_x=Cldk} zNoV-uuH3Z7dnk7;r$(umcn2BSn#H$W2&D>N&)>r5msBwCPu$Mr(ngD$@EG=KP_4{{ z_bW*y(sIWggQ?wK78TYYW3A_HP;0AIE=8a=%RBkrwAe36{92f77WJGTNlW4$~S(Hg4v7h zFCXj(P?){5dfE~jze>h&b1UHEO-7A-AF)5+GRUFk^Ktv~iQ!VD28w`aqC1`M=|6f^ z*r1%ar5ND3(l_YCy(Id&A@fKZ8&z`kO>LT=OvPJ3C8aE-{J}Ox0Yoz1W;yXzpLfN^ z6Kk@+7~yyVkhZ;)lj$NgU91Wk0u@;Sye8|Jr&+6_^s=?QsB~kKE*tkRMYYyx9`A^p zIxhsB$0=C0m7cl_NJGoE^(aw+%5yD7ow*x}?j>diN^>nUm5J@nY3?OsiZq|)3%H?p zsy9VUMvG?%?16~!oBrVI)bpr@9(V%pDJH6FJRa2ZfPH5O5U_g(Zkmk z0KT8_aNzv8p5H>(p2pPDPru=99WBuZ@)kNG;l)=+hKM-!mFdy5CrL&JL`Wq>L|RwE0Kcanl4qNghYYjT54I(>7prH63 z$i+p3^obJ&iYJ`xFYF(L1L+o!HCBYY0_#Lb*ablI^jugo&{cvEguaI6UqV9=(g7sUPf_yJ zoVii~136z&1j3gIB6Sgj4g$Hl0N`RFi0~}>u-Gd;CjYfXV9(t0YNO5^VeC4ZC^btU z&OHX7od%v4;(hs@FyNX-`hcoK*MB4q zLN#|~6+8GRG^=JFqf~P?4l){Od|%1_pU3=CR(`uFm-D=yea8_?yhoVy#S!eZc@tD4 zzrNe|Yh*)@174d}x_|WH#8JXvHwzVHQW}p_UY{c5Xr3bF82y zQCIEp3#C}awT)!yeA+1L(PXsV8EzyTH)eufaVf;odLi954J26}{6bxB*ElV#SFUk< z7P;?LdPPOSnrafaFbwZ5#ZW>{$WOE{9Ub(PbG;P zfTqvIQ8^^X2Bw)yQ^-{hbR%kX>O>Ade3BjepUdYY#7C9a{Pbe2i^*+;LdH0pr-j`f zsvY-wN9hHAV?!2@D$7PbR05B3F=mO=Ih0JMt;%X}S($m?x%B;Hbs*2-${$pS{iK~d zkSzVY!)q(gO@hcmEKlc0sxBvB?bG<1rL$P9rtk7?Rbdq=?MRYY#-1JbG+wslNKJ3d zd`?Dgcm=rrX5$UV|H?WfnjfrV-n}?05CE+lkF@cQ@qj)D5EDGjy=m8U3fD{aJ$K*k z`W^aFmINbA(pUAIJ^X*Q~V2na}vYR${ij;}+@h7uP2Q=8>b?b9`3g%U1%DY06+>eI@Va zg{&VCC%C711JfbQhRea}_VaT$fLAoDw52`d(&}T)28ai*Y^`<{upYkJj@3>=1V_DS z1#HbNH9H%TR+#WkgeX=Hhy>XMI-gj?uMwJk0lroSPK{$(>+m>=%kg*UzQ6l zpYd+((sOI?JOjn=6m&O<)f|Nl{S8*@&D=S;B;I=K7TvZvj9zpnoH z?ESH;QlY>2Dh~D8zh?|s6=)<)z`=`rE^=GA46#Dqo7Yd3L-vJ+qZq(_c z1{|IhZRW~6r+--gy+M#R&H3AhKv;=X5d1UFd*&LpYwi$ukXA1oM9(clH#JiXJo;Xe zh`pF-gB*5GNVyPAyRl7yVp%4q8EAe%TMJ@2d)W8S;d+QN9n zjBhI3c6CBF#}ZhO$Z6vr8#X|J=5%pr(*}Q_avK-JFr&6HsTB}o417Cl`c<08<0b%W ztXV#QtV<7J)mAt2iZ|PR%U<0;8j|a5@cBy7Qs+x^hZUIICN%RCTuW-xcd1m_UaA%w zz19&x^lyHBg~(cL6_h6W(yhdMp7*URD$2*68p8b%{qWNbJ~T;C`s-BSReS%+TQE*t zvhk>NMK5<{ZR5uhn$#ZX2Sp|iSekfMMbjXf-Zh!fTfs66ECZSoz1#uf2ia{`&T%Gj z<h=VP`BL9$;3h*{IUMyn#V|^Nk#CMa7}+ya5P9e>bF{EWyAe{2=-{jgm(PgwEYA7a<=Ev} z?8?!E+SN?W!yqf8igt{e?osnQ7EGKXNn)Vs#N#~F1&3d$?5DtpS`}!uGJBR;mal7< zz67>wZ4kT?JLicE?(AgV>g14n+=6eF>gLbG1*G^^{-PT3rn)YfUY3(CBn+!07S>z0 z$|w45V&GU@Cida4Am-K$&~s>we?ZUHmk#M-HSFLLNl5{z(|GN_vfo*1>6x@ z;lLhh-PIG?k{3`8C*&pPRnWA=Nqbo)FE|}3%VChX_qZg54FDqfeKwmyqfIn}tQ^3x z*mZ58HQsZUGXilSmj>!u20dB4(_Vu-_CP8@S{9Td*KnRtUgh*Pc;_$M&4{M{PnQC| zJCh7-(4?fX^r9~@H-dHle7B{#tN|~AD1R(A@+(RuRCmBo`iK-ncpU3I(Wi|+?AMCi zf*_PCy`8-8OI~k5!ovGDxpx!t+b1^^5ewyDbWqzoHC?rY6m0!{y-UmIu3S*gaHrGD z47zbGuV(Ei#42V>4{dEC>s*@KwgxH*qGTrhBUr8=lSXrh=t zP;&8}12AI6!MS4ZiwkheJ=o|WR>jY;YYqfHtV8;aY~vI4G{CS2w*6E%)q{k$gRFy( zOoZb%zK_1#<)(RD18h~WiVg^!<#BqzI&$5mhs)WS9U3W@@UW0^5YZy9?sMNo`-MO* zSqAWO1nT8%w2)}#WI8C+c28QxC+Z-!wJ@?uU>sZaC9RM%LqZ{)o8`G2;HblHP zyI3`rEfwT;zD!&%M({5Y2|4{A7wiSX`lLGyoVt!@8k~|WrLEcah zsCGOvG|of|2s~>E6ori9OoA`<)LdU4FTV1Xen}knI##z`Hd@V^xcP>!!moEdaJSED zhsVgTk%A@MAW&#K^B`(4T?6L0%mL$tNy2ns7PkBzLh$-O&V@AM|1rlz!JR~j~Hq&Lj7alTGfX@Yd59Kn(*lWr?AnNd$k(`FDMg*%$9Y;s>fh?&mJkQpC1x1>IL_6q*H4vhDOm_@teGos$s9ELk~w|e~|gWLQ`Cg3p;S-Gts>Q zKTvhaNgT!_QcjoUx|+NKTo6~w^QVnf+fFwf2|ZA1MIzx~f=EO{QGqr4%^dYw7EJSq zXYxvqu}v^=SX?x0tz9ALlD$&DBiT!P&=p)iejqykD1W3C`A0xzgFN7l@4x#a(J3AZ zD5ZHTzVBF{sSev?n>cWwgKvlQG(K_X)c?;wA`d4&RiX4W6*;&4W0J&*gw90m1fW~H zkPn4nd@gDA?ST-9#E3-0LfTeJv(N_B`>#GHg59ygEq7WUGRLld3!s7C_Pymx?R(dk zE{J2AwhU{Fetqni3_GiVe$qA2dI}kX|Z}MmI?$}`?Lx*VTEp`{PNML!Ow9F)cn78|FKX+?GLO}ycV?kR*AWRgI7 z(0w35j02PvJ6SqYs)hnYUylR4wd3eLo+ia^FzP20vV|>~&{!Us22Uewc3A z`;pOoL3I`N0Ib++N%Q}T@jOq{3Rk|!LcMbi-PQZXqtu^V8Xnfjn4W6%DfGEV4G8WE zF$mqI4~crCWDYE#^|W&sg0|QtKS^C=Ho^N1^rz4J;*&CdGL5p zo^g8!+?-i(`cnB)_}(A#bN9tL@N&wMw37R>VD2puigr%#Yw&yAnPwe&>5=$mP-X}4 z(r>@@ zG_pOGn3J%U(D@MH@x()Bn$|JwFswl}?!{f6?F4JyD2r(0$0a;)E{MA5%j#D_0DtcM zGlRlXVfrU$;87hQ*!(NJbA0IBfmsgHSOoty+{QZrPeI_~vuY;ohtE@%#BCp)J+Gtm z4ft=GW=Ks%!0cz=RMke!S&!+Yd; zU24_Bu47hBmem5htC8Bi9!V*L)|Utbn#3NgkENy8AE7Mca{$Lx1IOnzMMcXI?c*I+ zelttgxZUt{tbZe29`7h ztp&XM(U~U=hWwL0Z2p2=sw%M%ZkY&mW%wYEK6G3hPdi#YZ+7@qn0WX}R7}_YuL5M` zSPG~u36w{GtJiQ}>2d$)aliSSvNaVQrAT=k8P{xGnq)_%Fh4}h__&v5Er;`aFsnOq zgg8fQWa}=pcUzvjoy(sa%T2}|!OfmPRmhqYd!crhyLC{*mg>wOU0;1I%K_!UFnS1i z2#7QK{^!eN_FW-FA->~VN7yVkl82M0wfMQ^1o)GHga1EDY}D=A^2B^oD~EDr@p9Y4 z*~#m5y7&A*>2h(Ya@z)gX}PpjIily6i@!p@bC&+m_{>aKIyDXbeVWX%H3Yi(XAKI? zggx5IHt2;~q3fToh4AE4ffV>c1V4AppR#h<*VX)$CkrqDTf1T3uoa- zQ$}owWQM6l9mRllO=2MIW`i2Dc`)5Oc zz7G)svd*C&NhLq(TCk?fcEog9CU*&JDUHwBlqe&Vlm=`ThFUQr4+a0FLt%<%LPF?Y z&=B0=*1N}KKil1h?i$$2_tuji>Gu1727@gSudzhD-?F#eJDTXZB?k8Mr5MK4J6b|R zp5@O1ETPq!8$gZEflrw1f#7q(e9odyYM#g~(4@)cjWlQ9x6H`Aw&dDp`YJ8t$JCI@ zww1Y^adr7I{7&Y&vTw(PEU@S3yZsb*n!90*Lj7FM`C85}*Aed+FWPyMGm9lk=PV6d z&h(lp)kpOsM750(;T6$>%d^;L)ZXtNj#9BPS-i1>fOunXV1Y8sppb5weLtQ`wVx}U zTbdipeV&LKW6cO)N?5%yfV=_@2$AI9`PE>^DalsLDGc3iZalwR)-P{3$AfNhZqM!? zu*(UzRYhu(jHrj<8%U-KP&XXUdC6{k%fCV{-P1p3Vs9Vq0!b2$IHIl}rKALnyJabc z6tmM&zkThaR2XBDa~Yo`YM2*(Wy7P=m%2m9@A}~0nn#BacgopSQ&Gdac z$-#nP@`ZEp7SVSSBof2EUlHYFiG3=`KP6_`zsy)Xi{FiMGY)qyAiuocV9mx^u=fWu zJsGC{AAeD;u0J%2A7gV#oU(jWFXi1~XM;siHUa@TH&S%G+Q;N2N&4KKtSx|Ir@+xi z+8MzHq1p?Gt`7pN%IjD+xp~gVBRlTp$Tve1AL08lwieZkdnv%BNf^N-ig28Ecr2i( z|H%oL4Nt{hy;SsG4`FLp8b>?*Xj>mxXeIg%SOo`^B3Dp@pJ9+@H2&w>Fyfgr|12{F^`Qf*v>$!YB90z@fdH>}A}Giy4d7 zj8DD6A8j71{{GHF_MB|6KtjgRg z*>d~n@4I}w_qJLdI?N7;_yRe1ac`P6ecwuRfw+_mSn{WO6*Vlr01{g;y=oJ8=)m{g z-&lzDs=0G9cK*$7d2$~XR0AodpO~$E6mFg2&G%Y$Ofu$SME_UZi9e$w{%7)Q+1Jl^ zoxz`ol_FvAPG_a}`n^AB1kOH)XVX)EyGz{As*p)rR@4F0;DTt*2)7+qb1Ck$ta>e> zq^QngkyE^G-C1 z8AmyP4;FZbs|eT1Dajtz?ro5F;|1`44Ouf#v27*uIKYR#i7ue=1YYZ-b`nTAcfhTa zFs@LXw@@=?)1h{SZ3(G$y18G;VYL4it?+s-s|=lx5&uTUN>9?4)BW%FEL98ttu($5 zXs%QLfn>ObdY8XWI~S-+tqsx?zi@52;9gJX_o9prB+bfTyo|xxIYOxN`Lip zS?{~}3mfs}x8sweDSio@B!OB-s__PL*WzeEbQt-I0nR;T-ZV7La$xp@!o3@eQ4-U! z5u+C$ir(c-KGW-QWjH0q2B>=eCnl*i_?#@@?sL~N8Sm1qXEbg-D+Y2&KR=!vDKxn7 z4uAdPF$grT21;r?EfaHpmeRAT_0=|oDZz-&AUd9of^KLCe8r~`m%o17jEQ{fR->b0 z4#U+gQpfK$q0p8L)0Y-<>yNucq%|_Au8lu>unoI>;OPWJQ7Yms-@hEwP`ac0`GwBi z=i_M3P${7ZL@14D%|xNa^+RQ`1-HvY_d`&Mwrvbo+;Q8}KzF$<2if9VO%t-;xj%^h zH%D7mYIvt$Q0B3hq}mToqxef!DdX^NXtCwg>5NG(XFafUjtWk-ui0Vr#nr% z4vS|wZhVmy*`E3ZT4&^&+9f(_^tI<}&?87MdznRZM+PP@#-9zz^+|c-B?~g$DlaJ9 z)rOeJQ8ivoagmm9Fi|=@SENj+HccAmgR${QaUPMZTmT#X_7FzBp9pSr4AA+ewm=g= z&`00c#lA*HIq8J>CO#7TM7GN*sLrLmcac8ZoWWX6tGR!Egu{8#xkKmapQ&f9x!s z;7E|MLIKC1zf?2Mk;>%)kB3xWOq-V8ojqd}OL{?PaPX(_p0!@mPoX_z(q#9fcft@0 z33=R)!WynnK_p+2*j{^!%2d{5tEh4I9Nbx*#`XZRbXvvd-?%`>$rHP`ESn$*uD#(1 znaGuuKG5Tmz18`x+&+KQJ(YbzFG)!X8np*o#DyDX0Gnd=+|!aVD-_&h4~alQFw<(E z10U%k>MCDMWtOgze?vQuwS;t=@`ne`EYMQN_%@*W{VjlANtMndAXE&6$bV6qpF%JH z2A9(-VvBJ^KXzAsklwWLEsz~Wd0`ytBUpJ)iIZ(K=^0~a4aq~&-Gow;Xw9fw+v^Xs z8ca4fza;K25@P}>q9oriF)}{Y$Uh98!^lJpq_A3foV3zHr8YwW$BA8!Q6K|+-FO{}`yA@!KjJc;Y*qpaRn znHvUj^*kB-zTwL<2_y?NeLc^`bbj@_|M$TtVnV%ur{$t-=HOwd7L^FezN$k)#wHMR z|A4d9_KthEyFu;tKh+M*mHhM|n2pa9Tu}d#jxR_@i;8nsV}JGW?T427ixY1X>bBe~ zV(I73bR+?!3g1<|{^PihSLw_NRItDYB!1>s;@2Fl>Q5}A7-jZ|kv^R{qmZK^5j|1{ zq3@|1Elsi{Q@Z+?@hV>UdMBG<1J%CTkt;FB;81~Ln01Zat6_rGCAOpJSuq7k+ygCg zD^m7Py01NqYI9>Q24m6@9(CNAKFzJYHK=4H4KLFE+&{QPh{y6vRQbTS<%4o$Zr;-y zv)2sI-YxYW(uU6Di9UOom#W|LNmz}SCXkOko@GHaDbgo6s{kz$(RBAF^@0agKW%g6 zl&NoDaIG=5Q50lgN7&PP@LBctzNxGUjFS#OMPAH&edm{IQgzGlM6|~6?r_8gYp@iF z3&}G1EaxDN1I;AgPxynpWipc-D)KRCk@U5=YM18e?$u!LkEf*8+$6~azC+e5~!=vPmZs@ z>n&{fRR1HJ_~}8+!MvRDp2(Zv5uIc@^S{zBELl_5&>w(c6qS=j6>B!krIsL%$54p` zKpHBKw=E9$J?87H>Yoya=Qcm~-a(k8IlYb z@I7j8ANi1FZ*pL1z(hr%jW-v#miGtSL@{qqCmr3=U$odLP%VA4y&+WK5+iubdA(B{ zyP6+`UygCy0|=wnlkL1T#_}EaT$wbLA9E>2nF)>n_k^BvZ7CvyPr_(S)cfAp_=nN8 zA5wA#Q=}Is*6<`)+`NdgYH-L9!`qjJ(xvCh`41ipOGWm#AJBZ-+M(eWM=21fGrjwe zC-(Z}N?ZGo3ZRmBi!0tE(8pNQZ>gjBsdCeZF@cFJ#pH4uZU-b>`7WyL`^Iv;O2egB)905{0%#bEskKFdezoS_kS5(yP;AR3#1kg6)4cm1J>C!R@}*B*=y z={5}L;>i}7th=I%gfm-}60B%m?Ni>$(iGaYGs=J$5~%S2cFJKvr?a5kT zzV`skh2eI6T4#P@=)0fYHnXjDVGRjd)lu^+IS9Zc4C@RC{^pTc=!Q%G5zmR|;tp%- zqGmC(vQwtmegES8ADaKC!`0ER9QVfo;EYGEcKf42q3jz<)0ay) z7v+!A6*)fXkFPL#wCkSXAt()^ooxPGvgD=xeNDi7Ky)>Up=q4WIY@g`k!2C*I?XiF zziY3t9bj{AStzy}F*cFd?{w?)e*Me;16)9(zeJ2kMrVan07Sf$nd$=2Dds#%-7OYU zDomvBrs`6Se9ev@wMQg}BPqUCuDHvgmq{`m$tKiK@Q1i#4U_b2i_n;%B_KRd7c^ZhbNMlq4pm`c^F z45s}}i|DVvpHJg93;-Qe%VV)!C`e_=}|R9O+l*+3a|3 zO5^o(Y<{IQwx`qU6WI4rJ)qY<*LD90DR(x%umSFC`!52$Gf)^1`b|%C{>%P~TDwgO z)Fl(Ado)S6CkOXS-;2zr7-`U?e)X~A)!O_((sE&9h(EBH`_zO6= zep6|nx3h=@oKIISV1H1T-<2DUgl{r%xnwcr?r`F#ZBOj@Wr*E_%}gO0?Iw!nrarJ+?-Vwg+*;Z;?1tqe!DE*LHVXduLsGPrJ!V9sk6 zkn#e%8nxn!)Lk)jfP8FD!@ws3i4vs6V9QtHNE}ZW5)V6Gv_BLoPkqC?RU#l$AUB|a zKy8ffR#k!965QM1b_drNND(L+=rQnk;9dv!K9D>7z6fq(aL<9O2X23$i9l9B&OjMJ z(}6y~{g*%+;P-KG=YpFDBm~j{N&zYc{wbjSK!<^L1FZu7XrOZV{X6%i%^LM<`_k5j zAO0}v@8E}xNBB+YS@es z@c&YyqExEXkc#ulYz!0kl)}ON&i4sMDsPlvh^f}jHtgr;NPHfxU#S22JrecqZRrST z4Jj1^`}w`(d6Zg^g>1R{Tyb)^EjMc{v;Q7X{7s0T9nT4g=@2LI60zb|5D964d<9HF zcdl{W@sxAOcp@=B2MJ>mLMbs$fOcPykS`<1{D94$N%(c-7vlw#9vsjbNfP3pB_aOR z66612^xws^Mq)fvu`=?~j%)JW^F?HQ{ki8&zkB|w)DP`B#z10>}JU zIvE1&3MP#Z^)z$FGx1=knpo7r14Tp##AuTMqEdCIp!L3xG_XKnah=OgMr-)FF!jWm zDn7IqQE~(-gx`cxrvUx9Urd<5+!x>-hs;A+-w{G|8)43<1@}(oiTGrCA*R6AiAeka ztq9sK3GG5)$fd%FVP2h-EJ{Gwopf#(m6Nu%B>!w}@$NUaw$yA6O}wK=9-o zFhgRp!2znYz)S~Sou~#IM1Z4}lA6%ade5p7?l?PSFLr|V%#CfB_lMp8dj-@XI?tNq5xDRuW7lr{z- zzj5E9r!sMe|5ZP2Kb6@ppgtOnS8P7A-5UN6;n7*2RNYS~BqNbl)Pd`LPOYuNnZ68NJCzZR;7 z>NN4nf3$>x8dssSb~W#^gJ$p-Bd zh+a<`F_k2g6avvrfE-0b4hS36x)f}|r6!M@Jd(a1e-#ge{!z)QE}%-14pA+;5voUM z=TA}fehiUF5~?%&N-3Nl|8!kK!AvF|pB=wGk@wkrJ87(YcX0K=H3O0c+6Mln;PwaC8ORvO3P=yg7WgVaLip{93Y3;|!%>Eb zIZtOX_apuH`;4K@vVy_zg!^{c**JcrhelV|hFJb%^IaNZT@#z{+7PeDVDsG?Vm)>x~h<~&BhZ|y9@B97}+9;aRLbDSkaXWUT{4iN1M@q2cF=&MK@@#(h zMv~5N5JpDAyq(+Dj%$pfCtmsu?0C?+=th6Ky(b8gf|DW=gYnUARC$->GUZ}~%aH#Y z=}6|IMGKthIm~@7)^KpUE>l;nd)@wRvQK*b{fes>b=p*n7)?z0hFr7-3z89$H#9~_ z)i`RhM}+S1k7@t-FXgJ*it7TBu8|~N14%vi@$3y6CitExK?2%!86*g5WX6;A zxO6CVktjJa>CfZjVEWGwCcQAsALldis7M!r`e8TF3Sun=CFDqkBQ0R!P5vufvGoF` zoRlhs?e{;>|1wn3e=pr&mILH4y>hv70dqZ9F0qIGINjgtoZ0a#m%{x#cQwclK)u$0 z?F;D7*Dnx=L3=>M^Gg=ubkPU4qIU5E{VTE!W2;I6whyqMUr(Mt7=-(6`~KK1AZ{h$ z|4-m5zEgqG9Y{^ReYgmJAC1ei{fFxf*!jel!fP(s{1oum)xpn}!nU^mHGKf}uT}@! zE{~b+1!R84=I0ZB9d;F>twY9eG7Es3#(sVyDF-%Rk+e@XUsDS2`^4rON@01F%{P+z z3+w6`{SI@zO!N|Ff4Nz5yMzvl4-FcbQ&6TQqGNkPg^{62slq?pZ&LjU{eEWpb(b>J z-=3u3&#RBCS7@M@PakKWP(K$RX9p)=9UWxV#oIMNH$#EO=>4J0$7db~*FT+Vr7@n>Cxg-!x-)&czhi$_9*Kv>!?5Fx{4QR~ zepVfyK5p~XxKMWdA4q&O9zk|F(_YJdUoht{tkbDuUjRC1qe=RZy_`eNk49-{^T%@V z{FBY!Npz@e{zp<51#vK13;1?jDXokh$9@G4N6#-@Rxs_??0BT4aNe=`vQoG%)~IL_?g@C-g;3zS8Cy1_(H$0k6>pCCxZ3MKpmpWdk*S(yZ24gD^$oh+aDLKW@V{yg*uJuEdw?TOFP_!&swZ1ih9jUY(z(%Gvg>Cw4@`dvNCQPS z69qh60+np8F4_*18%D_qp~8ePJ$g@3tQw^FxE%2$iniFKMx*0jsJeg|)e0_n0re=Q zOa#j!AUvZ*!USP5*cf3n5Yu`|?kfC!hlsxp{jVYY8BquxK&gPSF!h(DX4=X@Cxa@N zj;opW41c0G^oj-xTU%}*VD*q~m75sHi$FO6S%l7N7hVJ+J-` z_S5_6NNI{6}Sl;EEvNu;OV><_BzkC#iplC&$|B8mKrc z{!l55&t>z+5zGE)SxjKU2FogYoo1)U~|gH`HJ?hLD$Z8%y|~FW7o!;|Li`WlJtf4Wtji(_a%-% z>K1BP5C^9SB0~8Bz#fwx;rmt}!|ld6y4QL={!XNKLe~+ZPy0jb^W%YOY-nw0f_Lf^ zr;BTLXA_{$ppSOFv7Tu^DFu)5AISf|^l{Z4^v(^;bF-1nz@`rV6rf%}85R{)BZ0;N z?FD)QbQ0*cWkuB;pgvX=Rh~c<@cRMKW1we1l|a*hCIP($Y7SvK0!agX1pgp#!9Aw2&&!u=b%C*j@o5uL8T@!Z27JcG*pcjgC8&nEc=b-m*FP7t&lG@qe+b|0L0M4-`FVc68^ z7sDgc0%{A?9%v-tsRAk03e%?6?^!_dtT-}(e%Cq-nQgze4nyL;5FOMo?up+14x}I_ zGUv9ng;_cYm$!|HNBh_IdouMZBJtAu)SM!6ls8O2l7#Wz=pZNlUmApCgb|c&7hQJS znf7H7`F3o>`oTWUZE$|pw~zDhmQ()i{d&&>B;WO)2zzi9?qJG$MnvZR`F)IB30?`A zA1Tlh$oE9`lbpzhMCv15WWSxv{leMr-NKQ$z5*XSh7{Tqh|5r%3Iz(9B#79H95`od z>ku*6M-Zp?UA)JMevZvAmcsHMn_nV@ad2$@Qwia}N?~1uLnObqNSK@$K@0~6->cTW zUrlFR-n>YDXcT&Y@Fng)L+S_ny(leKzf?|S;z#i6pp%2?sXn(l9kj-HH-1ld@}BO* zPp^?=r^A`FUsq_o-WcZQNUzL_5sJg9&5L6aB8BjxaGqEYDy9y~1htnaRFIM+CeS$Q zH^qb+!=oO;Rf!K3Hc3Du=-@kyQk3L^7Z#Pq)y=FJ_{MCHoZ%+I>Sm6&6 zKYecB8P@$Ptmn&iGtcXLPW+V42Cmn;nfhZ%=UW{l<3;s3E3EsK`uM)2dR5t(`8@l) zO8YS8d26&@mv)Ok+~_&z!()t5px)?J^_`4^gX@Er+`kIj#i z#&%LV9dtg^Zb&TAX*e|!k`Oyt&K?MBnVf&bNf%?vOp-&B} zFFzxwO>$Ag1c-nz4s^hv$>Sw}avvYhOOC7L9NfpmZ_suwS0T#HWN}ZFPUwUpNxP6( z4)l0ajSuk#s9(*_N)q#fl%K?Ystb;ncK@^e&-T~7|Jh#}UjfO6hgRJKOuYhH$BI^H zn3!4_8l$snZH=L{yrH9Wh0ZaUO4 zdPw+^u3pvnWg+yX++Zi_(OTjA z5}tn@;r=pteBc2~P${ zs#ciRwSLbB`ov1x7@*%dzM-wAkW3yYObR7um)RKFP|w!7MfN{D&RicFD~0WAY(BCZ z{_cIjekGj+64J@$uahF@{IK|FU432ry;6A0Wb=1Q;M4iQzztxO0T{*jG1Szzdi5-2 zx~)0C0c0jXj(`CBhjI}eQfEqRh$uCX4q8$0?gUew86bsmNdHxNW);?5o@_py-~V(y zt?tR6J4e^P50-mn-LPv+{PpeAl6Ug&?9)QA{yDNvtga1tQbQqjwAKo2;q2$;lKuAntA3^A472}mlft?niS;>v z)aQVot9J=W{J1znAdY8}BL&*)BS;tUozZr^zyckn0JLNbULY?fsh3bxi^ofhF^Cr% zz@!tOElNQv4B|`-OySc|+~^Un1P81_0AH-2XFBou!so(Nzt)F?=7CZPin#(9ZlGm* z`f;h3ajCb7xw?Td3H`jg=piT{BW5E;%v3n*E_#2d=y2y9ib4P|i*4|qagMn!DXP;g zYoCjhLLK;=$O9Z^7{*G$d%|qFXhj|>*YnK%RQnP?t!Mh3A4#34360Z&oTEzl>2*Kk zz5H7Gv8I3H{h=UeKpMn}aWMdQ6Ec^b+H%8+m^fl~{(K;Qdf$biQaIgocf!6uo}7Ej z=5Le6YkmO^4sb?3YxV2*;YX4EJuAb=xW&V6SokmNrT%CZCj&1zl4LTZYrqBOKFa7^ zRwQ%$({YKu=-&kqwa44vjxUl_g-L6Ia)>1QLE_Ts#Pv%U8Og3-B;5xuGVP;_FEZ;{ z*Ne>df#g6`{*vmg>Lq5qtuMX>B)%e&ZsREI<`DNFakq^>$5a2R8IEy6v4A*)=`Q5)-SOu-rv-|I$)X5>WcjfSzlZq{ ziK(|B$wP>Mz}Q+1H@@f81oajPBgoLm^pPOFL;?YMMXjIYrfULP^9XPOmRzJKDU*b6-i}CZl0Cn0Ebw22u=|q7DLAN)F=eG>T&%2Vd zuHn%ihNsUZ@f0ROP(O6WU;<<~-_Q_Qqo9Ad%CtLjbp>hBJZPf=K2`HqUuD`Ezn7C? zngy_Paa&yw#KB@}h(1D}i#=RhTW%llBi9$2k2l37_SfGkfPq|^kyU9ZqSC8)n7LMyc@91Klf;e!BoP-{1~TKlx%)gt8iIV3*RN7NPnbb@24 zv1de}rcO}xsHdl~&iDundLa2w!aUy+f0wN-`5cb*HRe2)?PsS$Fsq_!CC~vN&TOz# z0QCnF1FZtu0`vx`WiH@Efuev`104do4x~BrwDIsl0SM&JAYxnomXx2}!(A8B|F)TF)ZsQ^^w?*TrCOB4hyM z1C-3-@qlvca9!$g5oH2#euPhZi2E7u2iTQePw*pLrx=iNckZv6#0jJRXg3P+t@pgm)CYNUu$~z|Q*$l=8{b0rf9&#J2)K{MK+Awu0j&qx1|)Ic z!-${T7m*HUU5e9dA4B%>j==RXCkp#HgiqH;x}CG}Jq6+}KfKRfh3hRHu7JFk#-ooNgHlA1lW9izK}Fcgckb$#GmXsl*Gb5SkW&cxuoy zV6K4Lo5ZEIuc9zCA`vfLvNTwq9Ef7)CW?gU$PzxaUI{crV!S^amJqpgl9)lsYAJLx zsah)ZN>1{M^x*-3%?SdF&=2xHIvp)o^|^@TD?O8{@BBJi-wg7oH(L1b73r5Mgi0h+ z&T7ZBUb;F(WPV=G+((SA*Yrh?^+>uxXJ2!Xhz0!Ua^|^-Mn?g!aioT5e{FtG`0Wog z;~3cXYZ2|Q&0h($3+OOV@NuxQ0*wZG0RH#jHaP*m!Bqy=1Kf__UW9v=;J!ch`*7jh zyT67D=aO-njStINt@gwFWrRq_(zG2uuxQ9Y5D zDCZU{lj8HazK_qK`fp#(9k+u{d!zP5kOHuKG63x1{w~uANQq=!WeTo0 zxHI5hHn@+`vwt2hS@+V_@FdVZ1t;)QV$f8oTCRWn0QWngBtL`5xn^wsiCSmDp$nsI zYx|iTe5y{3|NrZ}r_-ZfoA=1>t2OVbnVf?43SmF0r>C54kC^g0Js%-6_CG3ylXu{K zARjUHA8h}NM@)SP`;*ALyjqW+{h0Y(fAmApenj;C&g8wc{?D4|r`UXCYoXR(iv*D| zX+$SQ@6r-3NJ>R}*c($@u9%ow8~P`RlM@pGIgKhDF@GkdCki-CFF;>F=vh%kl{~l> zEM8l11A*ACOg%259>}G>7i)Nl;)X+bNEgOr)za<|4k)7u!yWWFHB2A8&Ak(~F+>2A z4bqF@yH3<9419;Md<9AF!lOYz*C;-#lT^*%bZ&63Dh!D2wynoS%*P7On&S?T zozp;sKLQ?Sn~d-xv#EY-nLhngR5X!PN()(Cy(FbN@kvJHqEi#-rsq6nel% z=p~AYqGm355T^d4RYa24m&i6zr}*(u;OH>>vP!kO_2x1-9G4h?=zO8CozJnKp6Bl- zemV?0Jm&?|@8aX^>+kMIo0mAUGVD13-p4+*)I@1EpZ%t3!Ju=%p zqvxu<%C}~G+m5yy$LVIhhhB$~#)^;ar>{KL^ZYmphmTdKc%Kk4CHiprG4y&6)W1-B zxzIv2${!MsX>~l}^!Q(o1_Umqo}C|u_2|DElS?HNAIG$tk?4S*Q^}ks)*0?s@`1#M z_F+WV_lCHdccV+@C3F0dXt?{uq*#-9oonK)W$CN+{V$o{UuU>q`Tm#8@2_P+WPG^H zE9SZ1--r9Tml~6J5Jm%C2s1?OX-W-y^fqLPLg?e^!3?c31zOlHVV^`8D}HuQg8pui|kIwouW#X%h^lKJy=kj~o!e4?!HBL1f5K(+t~zkpgRD z+kv*WChg%LBSPa}NXT#9JquK~Y3U$5B}B$VAq2dkDK<)gvF>wgG;p**7VHx;#em?%r++kdR-#GIC z7fvD^%55KN=!8GP)w?(Oh74+(XmPY4F3!Laf5K0v1KtscwhCmt0fIpK60mv^uTAF~ z2nKUaxfu}Nm)d`XegKj#0u74^*T6X~5#9_EaUvM;(z%RCT%G>?p*Be(FfyZMD>QKF z-WTS6v1q-P)j#MT{=fDo55E3de-h?it3Rnm9|#hnU@Xz+R%5w1$={gueDpUao`IhX zz+9xg0lbX>B>J#0%r79}kgXqGhlrnk|NokPT%oFN{WzOX>&NTI5!SO$5V7BpNgFkY z+j4buD#`oki}us`Uq$>%>d`Pq>jhDf4K;e@yug~0pftzt42eojLyCrZR$%){+UQoG~K|M7h;>;A9CUm1n( zODaVyEt+u!xUUksNaOFL*ZE1V7f{y}KUD2h_&FM0Pgq5zy7`$B_=pBUoU1eMRb`F% zIV!0qY*|*_{8$NmMCkpLTwlG~)YXaFN*DS-3Qqy%V$iYB*kI1`1~`Aw*_oXGaDGun z(owBvpwGJjfEZ|g5+Ydbn_ce`7yq;Qa(%cfWB3wdQ)4q@b7Ko*OJgfzYhxP|V-x7d zP0UQpO)N|-O{`3;VHRy{YGP^%J-)fAg{h^fm8rFSg}J4y|!7SoE^{kAf*GPkm@vb3_YvbM6ZHnujgHnldhHn+C0wzRggwzjshfh5|% z>un%v8+gnHSgzi*-RQUXSh%yYu_SP95wZisRm;f@ak4yn{txj7fw;a@jwkkB*8Q+0Xg~9bnhA&uo%jbRGt}nm5KeUN+xQ2J7b8{I)W959DB-;Nal!;K<;FU{Np_g|g<~ ztBPOvJ=wDO{u08`G>~;aiue=3T?6#9a&uAf|CZdW-PEE^x%qcbQL@Q<==n*j#(4cz zUHrCn@TDb$mnPvQ$`kpubAI;J+n z`wuvK^&+QZAlv|jyyv15gzDgfQI(oD*7XQ3rMm7=LreAiB+NFf=C?i!LLzQh$oH&_ z8Ww;$(O&hn*Q(S6*9oJiLIA7dB?@R?LUMdK6eRVZUV%uVKIs7D7$Bq(w+0(_yASNMFFAi--0tRmCXk&3QR2U=y zqPU_3X(U6cO)->uq{c^oq`3BZ&1iXVWUYq*mzYeU5THiH$0U(6Y*15A0uHwy82W+=+q<}lPwLS=UBJ2VCa9k6Myyk65_|Zgg}2q z{MGt2lKIFwX3Ll%<7*BHPwyMKlKAO)GF1>LtEkFRJx%76kZ|<)_>lEpWb*n8V-eNU zqJB!T6@EXq_Hj7xrEvek=6{yL7-u$Lnw-1A<~JwjYq0sPfv*ql02oUWfKq{`0<8i% z0CW}T1yGYk_o}pktbn|LqJT1ia)CAiod7BYdJoik@x7`}Ks|s0frLQgfYAHO_Nvz{ zuWZ14N%!qHVm=)%tTq0QqIKBMA^mLDK6M74?w5ZSr~4Pm8qHd21P@uJytqV)U|Lvw zwC}D$9sJW$1S`PepO+$g&a(Jdq==21#qTIxcl_vFT6B(|R6W=C2#ue={`r%C@A}ns z+U$H>*#Peajq#d4e{rOw8#HXxxQR?t!f4jKMax#LB|lK#{r~tHx9(omvkkvS|Kyqf znk1!}&9CpR z)=ISO8m{(eN(WaEcI~HPH~R>72YsO2tkH%J$SsnOpxn_{b17GF_AGL_p?T6h!F`zG zVujqLGu7k4wZFH(cqzC!T1WR5gKOULZEOoiPF9&!`Vj|5PF~5FK=TwwPN8R1{GoM@ z9J^^@75(lw+E3b+rnync$@@ilafNyxr|DNb8lSJsa(d@>=Y+JuHm9u%ucbStJ$9NV zt*hU8BG=iXf$5Gn>;0UiM}Mmrd~Lk*2zhOz2b~T&x4nA*Q<=#d=f{)sY=XM$^=e-r zll@|HXfKt7M%%XSoY8B+$zD2lR~GhaFs$V9{GxBYMtYnO@p_u|zROKN|4}}=cbk|% z$DJyRdT&~y-1*YEi@i177Q7iZvWd%z;3F^fBJ5lqsHt0h3K6;R^2&~;y&Ua0!6 zc=Jsc_l)yF$6v^~E(&(6+!5Q$^|+be(-n<}xd!KL-O_3FCRcIcl01`p_gtsio{||p zu#MY1{_tb1+Vpih`1MxGMcx=Uz;5cE^ce3+qsj9+2iiC@8j@AZO|jN z{(aWid6%1b=k!tVsOaCFf3#0v*us|{86W$^?`)W`5t z-ey7Kie%06?$daY<6=Y&Jl=ln@u-29wTI}#)VoK+6FhorxN3A%z$8_FeT@ zJjb?IQhrNM{^E*tg%f*v+MT#nyxTCg1EchbW87IrodP|Ka!cZkKI zb)|bx_KiE#?{srzj?amghWn?qG54|AusdF)6XSCtNUv$@*u_4YCA$QVmR|B{@2PuW z*+d!N^}JUbCT-~M+ae?InTmnf*DHAa!;lZFd?U7$geSkd<*Su=BBbeVdA|~)7rtoyb#CCKO^4s=buS8h5n?9Z>d~-Y ztOX~hEzhRkv7VeaF}sBQ_UL6p{VW_@(&Rq33Ob}~@Z@o@W6(>{ zhZP;n(}LDdO=)f9up#J-+S-_X56gpkTjVSE1V5RTDk>n`#<=bV(iAe|Y<0 zR&A7a^j~B!pi%hsr~OBM>F1asqcdPxSEHE=CIk$a)U4|+M}tWNa_=AYbz5*~fE{=H z!{7$*26(K#t7AU8OR%x)xmkIpyx?Is9QL?m&I%sjBmY>v^i*)VxX;DJ)0~h%@7s+% zzL|%_SIlxLvl|q0bVG%qvidgbz^uz5^1SlK@p(-Lt{djj-l?Jez~UQW2L6qb z2A+}MmA1C=nt_>t50w2~N(XM7?QLi=Ss`@5-iq{*i7ug{Cn2iKCJhhmw8i$tJ(Vq? zFGHKgmfm_0`fSH(=fEqPVQ+jEPYhV$6Sk?-IKzC;anL$+Z3A`og-PcIjZU$66?Wu{ zu*2oU9eHm)pEevX4(6q0^w?)nIE_~vJXPP(_BgMF`Ih&W3P1D4af*hF4lxN|!x=sI z-c~{QWzM}SEuHz{qq#3aecu*^uXy;_YPD&ji1SPDIs0VVMjRTmF?Pn(#0b-<`MuJ% zERXnR-?Lvp*|mtp(R%MK^kwzfR{GB|93gjQ4ynjHDDV9)c?@WYYT3kN;U{roO+tW%?V8N2nPF1xkcIOPp5YP{yt z{+kESj(XC5)l02bXQC8RWdbi{OGRIuc}idAiA8iv+pkuq1hLUBPT#^8X)lTHe`Vk2 zF;Q2dH@U4J5_PCq%tp`r{IZ?)G5y1@UR8aN6!X&dY|B#a+L&Ueyy%I3Wic%R3VUvd zQ5-ZicE}~Q(XNBUje}gc_c8~`EVnW+f3amyv&mzurJg(- z#_owVHOchPj$PY0^Xu(F`(r!vg#%AZzmB!AYi>FGNT;}wEv6g^*%}ge;e_?P-8s|a zj(G+|OcfcJX|3&=FgNN;sgK*>gv=42a~~{NkxX6&! zrbhDCT+Td|=@i+JN!+Ua5CUwv2r{(LHV&qx){9e@fls&v5gGvt_NKwj| zw6x2$*D3uM7)?w$ubY}U>a&4ggV5BDru!BshR;YX82`w zTZ+={3a58noU=0BV@PVV6XrM56Z0oTe#w&?GAYm?t83F87TwAbV=qe`824|TWxys3F? z<z_;nzh)8h8D!4$qm|u%b=pmYKV+jZElk+cQ%yr`@T0g(;b4N%`HhhvsL} z_HAPmQ!{f5ODk&|UU&omiIT|`o|KRrDWZKfSIr88U%$|q-T&*?uj>Cn;fR!upny-`YZOctnb8^x+N~GX~!_ zo0F6HSZaQkC1dB0R(3ozT(4~9>$dZi0v;^d*g)RO!ld=tt7Bri>>Xc{yZNHV$DIB> zu9jN09Y6bWuU>CkseBTM%`XFze6p8>k}7wbAmeEFZC| zZ2NPkzMJLkw-~6d>F9ON$76cGL93>$o_jb@!D0FEf*nJ>JFP9rxc;{2m6o};;9%&< zl|FkEPH#ABe^@nV<>R^Tm!Gsc*}B^+%X#M%vYN>qS?`;^$w4j5d;hxv?I@Wf>4`TD z4n_6evhv%&{%SsXdKSWh_U2<3AAa(!kBj0BwdXmnf;4j$Wk!z|6x+y#>J@C&Jo4E+ z*L2nDEA8H?ZQdOevdLn$UH$;=-Kmd`D(Z&c$>=n2U2cG@`{(K77Rt6<7=5zj~q_&Rt53QYLtXs|1WU7fP4y-Q%zD`e;InZSvz+KigDv=EU?DT01Yh z4SBBFWOv{c`(~GJyy`PUR`~g)O5?)P!JI3rhrJcHzTWRkCxzk`k&n#wtopRaeY4(_ zu$5YJS4WT2`{Fa}dvIoL+++LB9Gt^~!OzJB&jzzQ>E#i1i^rpgTs>{fpD!MewX z*TEV z4o-8wvD2y7+BT!(rJOZFBMu!eRyxt3k-uw${qq(ot35g!>wMeV(kit{%(o3H@`oIh zdo7JP6wt4qs8#N!R~qM{)?FB(Ayt~L@OH5L6kU}SPyHRvDVt~VZsr_nRWepSp?82q zMtiP6`ox3iib=~gJJ_VXH`dI0EETtlt9f<1%IHt}A72;D-DBR4=b@7SLEh$lZ(U!{ z;7~v7Xr)*A{k07BFYQWho{{Mo=Ibi)LeS0au&VP2|04G;ZIoO2^*aavG-6N_(k#mA%KRQ%+XXHx-?f zcRL;Po_}sbbGd|m-dbKA-GzSYCoeR>&Rl!YDMc# z&H6Y$zmcw{KRib5@L1WPk~MNm?}qA4?Pc70s^wtyAqsm|jnLS#dqwQ)l9GX)l#JHQ zdOGi}Zg}7EQ`eXEc`B=t{G#l=b*qIBTe)wXm#@$!y>pQI41 zTJKMveDl!l9V49m~J2cKw^QRmR zlFARde=Fx`7x`rkY(iBUzB`wHc-a^A%kr9|78tna#|#who3C-o#j&T#g1Zxn$NQ=`vVc27%%ypI`aNnQJ%Za=(asC?)!Ef3zek9sFtHr-*e{)Hs-AeWFQf0R;>;nh zm-OhK|4E_wbEA_F4fj_a*}1^c9I@{FSzq9 z(`@b6iVvQ2Svclg-j0Ij1-f~ehhMys8l}}0-D!*X3 za)4*xzDkX6**AjweQ~(^O|G3=hw!a4XFG)QCWl!zI<4{OvgSj*wd=M)N@Z&?auMR&Qs;POqSZn<5k>~c9hYyeroUNj& zTH2>cxW$Su@3xjp<=>VMdd*KSS&-dz=F4$bmI@|XcixUV(aSCV%gz3ck5B8_Nmac| zgT{*!0*zHRF1oO4zK=rA?F-#bXLL~SplYJAa{6N}`+KX5yM5Di*^%D=?&#HfR5^Xe z9z1E%=hCqg8%8elJ*jYZ>$0;wAIbSNU8!=RaLj7$8*3)=O(9X^~X4t$?Q|Qx- z+e&(J_d6e-f9T0OpxC;bOjh^#c7g{d`hA+OK3BFvza@wNp)g@ZizzuDbEc?2Znu2y zqmP#+?pQY1o_D>w(jE=(JG*DD>GpBto4M*rRkB@pTjn3#oqS@-1@4iMJtl3&tLrHb znsxMI^HvX{H-#TkS~7IETy|>F4Pkffah*m+$<3c0qG5j^OaFevobEk}O4_(4SGby; zG27R7doMv%i{8qYL%b8F7Ee93YG9+jXA&>U`JUWzw@;v&)3vV&p6efs(pY2rZe-K+ z-VN^Lc33gt>3QYdpN~dg4vRaVl|K4$LS+y6&L5k!8fQM_-n_S$Wc#R_Y3j_hX&#qj z*tfj1<8>LOV3loaPF&f$a^m$7{^##pk}Z%Q*ZP`{;o#Do1^)M>eMj8ajBBCjHL<_@ zb>-Wd=U2~rqB3FGniWfjF58eceA5bUxsJk`Mr)Q13cZ-oDR604QWeb-4W_P-UDj!~Uw`fX#T@UYLG4@Y zf3ZzFO;$-w$$8$j5sI3L-(J1n{PCKsV(Orwit`;+4t^VOT-R`DOW9YB)1Mt}^y^oh)W(XV#_ ze^<_P^&3IUceWbSu4C`G*V{j>oT%iwVf&1dqLEs0?es!tjp-(rTrffVjryXm`PQqy zJ(ro;=6%qW&3YR*w(XC20 zetxV`IN3OMqnpN%qhY$a zK3XBG2aY_T)BMu$K?hEbmG7xqv8zw?nKs>8FV3#Az1S*RAzm-teu#dU>YVFyrj4p- zq20diOtZp(Exi=V6lYu5It)HL|y? z^ZfP$=ZiWGmwPv%bW?*C>J42rRbAhX`PTA7SG55##fn9FZVHz}7M))H(MWOFxOK7~ zQgS}NCnHL2gYWP9*gRi-aMbmr)=MA1Er>ChZ`NAZbo@1?h07;T6sV}}4U}oY)xA7KZl>)p z`EIY?=m)hdJ9BN<`!-hBOo!*P%+8#f?Ri6>z2Mb&Z?3h1Tgx-LNp8o4 zf*FrnZ#6rp)pdE(aqpH43L4#7M^t@xG#u~ue?*Ws36W?aNFt&oMDI(8h+fy~8$Ei| z)t4k95hbEWS-q^@yA^`y-Ri4%7K^pE`1<_!`~5L9XP)z%bDx38%7` z+WUUqV{1{KN8yD)p=5r`fhLx@dLJ)Y+^4;RLCUBE`O}U-H*c7a9QtJjTkMX=J9($% zw$;OYnauM)q^i&7^}v&iz9w-@wgaZ7Tssg33wk_{eOUN$!H3a5Sv)zWCBOEAS1>1! z&~QF7y3s?@rb5%Kpf(OV9SmN3TmFCvbuG}4n7r_O{^UvckgbudkqJuDw5e%`tt$fN znlyLOV>mP#Aa4qiUY|0^9Wm2+7F*)fhI9SA==n7^5Cxk)|E(PhA3Tsr{v>XR6X#fa zW&Ka$HE^mnqJ$;^C1Yx)rWVe*XyxQi+MzGlAan(_`_Np-_D+3RjJw&= zfXuljXz}1&vA81)`yxgV8RaB(oVuE*1=q)QK^{eqJvuaaRs%M22)x4WG_fbuN{B2~ z*-fdP(UT{d`{QKg%FhCcE0w;V#t8szt+%zZAwI#g^ADM@^8-G8h{@oPYtnTPCbUY% z_dnP37=*v6;~28~g3B}dZDv3*L)Ch@uJ+k{(z!6L5vD~uuI1I0^=5t6w<@h)FJ&Id z7L<v*-An%>41BMp3cxEti$Dk?731P>bf+S1R_umcYhCLojd zo35;}Q1_dk~JL1$hJ_6y{$zZ1KVJ zn*2~X)jb-t!~e;(?(Ur!N%LcM&W;;Xx_2@FS37)YM&x?3On%FU%(Vnf>G~zdFHxD( z|DJyKOS~@{&cS?>dAQ{-P`;r$7=LPsHli`wXyMEE%4CDpJ5Jxs>EmhYcY61$Y~h4bT=iT}y7AmeVne zkz~eO3s6+x!F5(MIGYp0uvkp$O?oK>er^>sh!^gu%RdL)A3K5{BT?w%zYRDy0Pd}aY$FvN>W zo?f7xL*nL<$F37(UVh1l-$z0R;Bxr<0bBmvd9mukCYZ+QyLLqTM1oHB21yj;W(EZX zuVubLGCj4D+Y%R{Q_%LB0x+25SEpbK0I4D`xN3`Ktew;N3XZ5vAHO5g4da+jX zTBzmHcTBDhdd=Zl5?u%b9}s)C3lROkq;rSxLHo#4#gK(Kwf?>B1EuXBU)em3d+8>a z+sde$_UlqfE&*nGo_BMm+AsQ9wcLMvsd(yde=!DflmfKhau}l@n_|Af#Ii%Ne3MJ= z28&aKs^ZtV75c0&%jZ#ow_J+q@+m1kW+iiXs*tfeg%{qSb9K6I*3Nz|N2X|q7rvMC zT#oXM;g&lS>&rQ?&LjQ zsS!l^y&>a&chMRTU@?B(U$H`Z+0W4NDWNyz%!=hh*uV%WM2(fweEB3$%Ez4fPHV@? zK)3Mx0N)KtM!;Tx9yx&0T6e{(x=Yo`N|6%CVI~Wm{{FY)4xHfU4k?qZOuzXd>tukY z{#ces0#HmUuFy1`PR}D=M%{GDI+@9kg#7rkC`R2#w&4Jq90hC*tOHm&$Q~+`#bKwj zKMVgP?-YX0ry$k?H12GVF55=mWepC*?RJteR4T`G1@rD_1s$%s(Ni4hu5Ks6mR>>s zHnQA2UB1}A2sabN|mfF#{dQ%|Up|s$}(`wpd z_D9Gi{JC$T90h}3y5$Ao*Xrtuy&lV}ociE@HmQ4Ul%9`XeS8y$$=ewg)N#d_zY2Y` zQa^?dC6$=d;B6j%cRJoG(}~{r6yb7B7{Wbwb0}H#T<0CM`ANjhB;H5M3N_k(NiDmV zY}D^_F0EmQ-{a{-FZ->szE9UDct@|KWrDrCLLcCc2AT%k!b{l;zlZVgE9= z^ql0nVz8HT$Ug8v$-?Sw>Tgdu4}$!T=0>f$ZCdm~84|m?3(D;C>r-o+r71MWDy1#q zEfttrMbI7HIH85?r!gAZmZ+~cfW8%t;%9%me|U8YzgMx@Z0v10=Xh8rb&DLdK7MwK z4(YlfIa~0C%s8PUG9sB7RpmAHM=?nvPQ*Z7rd)yJ%9obnL)?JO8C-K_2gldQ)LdhKUyCY(>EC9II}DHCx&|62_gL`v zN{V)Nu*_2L9q_zZJsp{|4vos${B9=^v!-A3+d3=Cw0oFIBvQDh|MGoD)Oi9@t7jdf zv|8Y#+wqV>FMm%xaZ#jD>K1aiy{$b2yOVoE>f|`lAaChE%glq&Fsc4oT*cdObbn=8 z=oN<(eT<%$cnMS^09m2Zo`v?YRcY-yn7(9g21QlrwE?0i`V{TM@-tv|?*3X}8XQb-j? zu(xgQMprOosTMD)4m0F)i4I@Be;<2!j-#5$q_``){euipJwOX$Qso&I@=H-83uagZ zZ#A%Ngk0GB^HE&rIhS3Y{-IdujURcg-@$1@QAX9eR%p;7AD~SZ%CNOSgRix@D*Zk{ zsi*k3&fSz#;r5+~=Z!XsKYh28aDnjlTB*(Ou-DW^{#?lO?aj6}cFNnuGEKE<8&ieW zChgJ`4CA}wuRf}1%2zpn$+BWY5WS@cwP^u%#XbPvaIZuYjI9hNxr^@hGb+;EvxC@U$@K3 z;9FN2q9f0wyuVG0jNlviWR-panV5;a=da6U_Rw~3=VMb;xpbDp5u4s6+MGii1 zvZ&X6&jNbJZ?c;x>>~jpT~0ga>3UoL360w_inO#$_*@!=`r_ShE0L<);M;U)NKBzKvK?3qWfmOVBOO%0?!f~L$(PDFvjqXG=b-dTJ8w%PIzHE zSTeT-o@L1A77%UeLwAXl8hZyc8IN4|Vw|ua!k1&i$>2{7c7FdTEpa1kK&>3};G>4e^~FQIJWPd_ zc-IQ}%=($;d@7m&1v%^=se*qp*!kYZ4ryK0MhXrwX7HOsTh?*{d|C$4!;G1&(@TQ$ zg2UqL7$@`N;#0!V57gm+$$#gMLiNq!F%xTgx0gob5s z!$jTta$O*Ikm8xE%GY6n2Mef_-_g=Qvb1r}6qy!iNKsO~>6zxsd3e@`XCvt{mhn>! z$;e%re}6a-=n-CWAA&>+h^{xHqwbaa0ew$X?F%a)Eo^5HJs??$ew@yrk1FR}6&hIn z4Y=AOazMHUBzx9anLjCsy2|+#a%SxsFUbyMtl?)gH9Fl0r=N6Kkq2MXXDkA>;%hg}JqAi_3E>cg9+7;-9}+k z;1T?&rxBMCfi*WgHH8AlO6C?0!}Q#^=f1kT74Qco&RM!TXP*-_f>yL5!6kwu(wS@t zKDJd~9eAT8V03SE;78$=@q9PqAN5692}eVG?asp*Avm?whM9K7nEN5T4rF02T(kL12C@iH=1Y(_q9X~a0lKjM$*-1l*|xh&-?=Kr18xDhv=x2mBNLAOrr zVE3CT1tD8BrUwO=`x)_d2V=Lpu{;pBA;wYl^o0huOgxc}60#Qg!7h^(c$`RE7AOIT z&*RSn%3av^G?a{R0z`u|;3=C^PFkNYM5YQ__XZdz)gki7F8#%ob5QpIUB)T?;pSzc ztHT5VYhi9RRH9}bY*)DhL$PX$X5w2) z2rwn1MsY}17JSqQe!;w^A)Coz=pJYVtSSrYI8#yZd70SW7s0R)6D7jww>v-1#Vn@J zxTvlrZ_fd`rd4b~Hg=lffELda6@;JgN&ggR2flo?I6qblI_(2B-ZU?MNaf7<@@hT} z1zL~%xG`>KArNB!?z5Uv`8^P~TmL3`mjat-upB5#z<<57$pa5^J0kic;EzFWPOCYv z`qT1rb8tB?C?8Dawe<__;tks?;~z|{9TA1e0A$A2q|2p1zG(1+2kjY^q||#e5G7}WcNRVh?k4zF22F#ehsCEqQxT& zgah3>pbi0p_0;+$H!2;SklzBU!1Ujb#-OvW@Lwg(N~rxU1w_wF1zTs^=6<^ycDIfz zlzJrYvc9vLJG?D{uR9eRY+0pgcHVb5Bd2$)!C&8+aseR$XS@use|8C7@Fh8M0ANh(Bp34lNd519BNj za52l~o`Z$WFdyb?|8b>G!fbT(eFl{hZC1sAWR(l$uI=J%%x25x?WVw6r6Ri--DXLp zchWDd=z&ivZ4s^q%7w#C!Bsq^R#Y_zuePKGe_YU*`aJXRJcf8V${(`{LS zB~&gYs~DAV$~Lp~@oXdVn&# zcaWJfhR^^AP`KJN?YKe};MzbdeYi~hYmqtl!Wz{!vUp+t70zo?|9gI)8gQ*zeI;iK zOevj224Ht6k|c<*jmUUzqhQ|_^x?PEvjRxGsd}T3q>^8^%VOzpgP1PjCc^ zoKvN1@s;vBB~=)a)QA4fa~k@67jQ9p=~K2ID8SF8Id@qMZ#3Cm-+i#w0()6|(WL^v z>Cj|?i4?Ll%`U>bNCM+(`e#6e!7G^_f0~y|;iD!ee^&?g+m`*!HxPo1N~^p zEsD0$b*Fjq2xp39;|W4|vW2YaqX0nb2$&tPXlb9-n{7{)OrsgnA5^6>`@~1U^*>7^ z`GOHNH-J|C;^o2mHDLmKI7opJ;L7*hQ>$>Bj~fL|W*42~Yf514{WKfbr` z&U%KnkhMbV`If4jYLh-ER}Z9-3l=B@u52{)2*19gM8 zYY=x68kEt)zwXXMCjm>40JG9OrPHW@p zYPGj}^lAvbUh$=Ky+-biuhdi5L3H#{;Ix)=A<0B?Hb!om$?ZqgZ9F-~8!sNuXD8pj+H>Rm(I0AUMa7wz%M(=$$@aY@aWs z*xTK1JXSvj&viU3q|WI%G{yU`Bo^t?m1Tq^Ocj4+TI~)gt>13sWvYL?q--|A(jso^ z6URBKjNo|sy(VHBrRkC`Dze9Go9^A}XM`74FiZXKSHOn~uFN?zg7~RuD)pdz#Rb`7 znDP7nKC%~y(#ah?8l~N)JSG21W)(`#Lauqsm#kCxmH@H{^*o(N)|;L+uf{N!xEV#@ zX4_XlmKYSq1Ye%+idMS9GA#mpcc-##T1Z0YdlU8Y(z-gk#ceule1hlrg=vF8gs=Ls zEgvz256~$wo$P-2n$7Rke86VynA3S3TnS$WrV>|T2kd&i(F16L6 ztJ-bG?%4!I-nu6=r`KAjtsipC{CejW4u8L`#DP`|GISIs75~m3;T(|Q=WffTY@c60J zFvr8lPLC$Y=7uA_Va@kra=2+bM*i zFehMEv6kPPvhOE3qhfe~rRn(N5%_w*0$S;C3p>||ao9sFx>{A~(Sk~M^Nim#%jR^s zme1TcEFMT~s%hl~)go?_Zv$?{-mR@k2-&0FJI7v#0)b2PpJO6kb+!BoX$JetOz-5b z=7`AeZJYtV`z+5hy`$~9S>w8GT=|P6)iLPr0CMG(@q+9%R>41y3bK33BW9SZ=mLA1 z-$Y0^e?-;{tGBlLHF2J1W4fi%o$i*f)ppIoO?Hk{?9((ijAHNXD(q6C!uIRCyT8`m zwrxM@6^Tt5X4wQgczkvOdd}34$b^Tf2OWl4s~se(Lff zzWJDo=QwKxTwm)HRhL{)`QG{8?barxx0P)7Svuuh=gkMXfmt)MM*G-RNnKe>H@<+UZV`gz(MZuqY#O!U_#y~b>3)dI827+QANQ~Mg&HCrjZn2g8g;PD zHjg~C&-lK_^k8|$>Dh{!qrFmFsdp8qo(FKgG0Powd=$3ZOY5PKdwRN1v|~(}6j!G~ z_Ic|?_>yEjuj=58;yjBtQjcv|08P$y<2)_Agm>X~5N!}m>)pJN081R(#fAYXE&Ox5 zpA^T6NEXva7UKq7tEbC^|3-xt0V3W(#d3Qem7@|@CRh4t6f64jxvmtIRPb)=`0A;D zKEu5zl*Nn>O>z*NT$#ji%GQZDD<)thGdC{dT%BYm!~5P%LwrT13LQ4jD+sf{aKp<2 zdq)->ps|&ffTOC4!I7KjiZ1t)WrSS_-38fgujX&IZiGztu1DW&Jb^9sti5o-;G%WU zAbH$^<|Yigz80CjA=}w$UT>^%Cc&g&B&X8-aNUzB)em>To;wxYaTjrw&6J4FJB+&@ z?f)iErbGR(@XFk{G#xTqD(pvOJ9Ix(#c^)=F^*WjdlTgz|8+#dWl-|)4dcu=S6;wt zE|+ZW5_$U%3Cccm^-e7Av15j?w$ouEdhdZ-m%t#$uQKgYz)Q>N=?I*!P5(y`ROH1~ zZRX=6_oBv#(hxpFx+>1$pgVs2I|o~r-`36^;T1;)h_dwPL86}sJMDbJByCEU-cU9H*X%L2&po$JZU7Or?V8f-L4|FI8*8)IU&F1>e4FcCsMU=FY%z z`z+TzAj@CfDBzGR)x9tr3*tB{_?kES(E{n5yacr?b*m?q7?#-=A6n$vm(BSE?M|1VIvT8UUm%2Dn$@{s2s9+u`8xDy)x?jC z7Vm@UHq{YJvNrtb0TSBL@mlCEhluygK-lXAc}>4B!582D6@7^Cdd3mfsF&Lt#g6U2 z0P(akDR_*pBMUWyZRXM@90r4&r}w`|yCXy)OD*UjaOKCbRc!JLE%W-IZYs`@TF%S0kNjta3b z<+a%%35Y@^mrpMIsfBzXojEw?iFUHO*w`EgN%JwY+)DOiu9HuY_5*D^1NeBY z&zpxrVIM66YlZTJR(45sLASdXB73EkXEzl*+si1L5Rk5*!I4IRr>gC36gY_Sro-!_ zY~h=6q%Y}_LRLjLE$Y8a)EJntBIfH(Vw!QtKQkG9Tf^OHsb>`jz6Td8kOwFfa1(6p zdU6jBuKf$w;7uAd=IR~O?l(56$=R7Y>&aS~Lnj2a^V_#4abpK#<5nTreSp$`Tz&yoQm4xY{fi`<#29p$CYwkN z6`-HVS*7RWRJeR%OZ4zW+A3~*z*wc)yc4q}ppS1YNcC&k00$dNmuUG3>f~I03r0Jn zUJw&;h7S<2IFJtWmyv1BzL6|mOU@@$kp%&f=$wnanI9D$3*X24tvIboz3WeQH)AA{ zM+8b+-p)Nv_HBa;TGdBxZcr;%?|(Oudul3BaiBT!xyXim_a}xg!;jN!PR{*dj+eaJ z*qqO$6~i@GU!L6vT#X0%H9=5Z6CXs1q81xe8Q#NkpkfafYWbYxIN^C$S@5~0r6=* zUrH~7Z7*)cCuk2Ao}g>W1R3rA`=IKCa)+oTai0@A7Nq8Kh7F#U+6ar#JpA*Vr`GEE zICs=!eHWfV2!=)`ic9FuC-1KGp9kBn$@|ja=d3>;RFy9v*-!)Ni0;3>QMACW!;GVn zK%O%Q9^e#3L0&a8JI!d_;6U1Tv@!cv`2pJgTDu-*(mUxXBAQb4T2}-oi+v?4GRthg7y?Z4a19{G&c))=$m*<-*6tSA=I8y!K*=2>X z&V%e%>lv}%3DnCEmJQyER+96YU_PA~meHtF>wZ=W8xXJacqr;6eg4?^{2Pvw(JWMl z39P#-)Re^l4tVXTlfC&=|IcFjL~i)#~Vc-o88d1~88Rcq0yOeQV3_Fk};<5ukN zD?N{!NQc_t-;6~y+1^^2@=^5Kc)7_)lmQkVN&$DuWjY@y7^&X+Wr@&Hp0hu`( zJNTy7Pp`T4?#;{mtHg0-NU~ai@S@k>a8=_Jr%<=ROz}N1Qu_1d!edf4mgZM~likOq zdCD!j2cO_Ft+EHXWxad(Sh3|F50AL-T#Qq0y>$KAUP=a@3U%-#Z}Tm(>yTYIh5cx7 zye0^$DeNbD$_41Rb5jzr<+2C8+{ckEA#H~(dtg)vM-FH4&A>@Y>$XZ3RfhSPpWl^T zG|zh)7#(&V^k4|Pq9q1P46#88%paEA<97L#Z6BW|)chSUV1T3FMD~swYi*hsTSUOr zko*{D%^(HY)T_zA$Om?S*}wSWL9o~{u556ma7$+sA%Y>EvHr65?%_R<8-RZDT_WAu z(; zpTrbhZ@V1ers--QTG`a+#Wa}C-YPZO98bb?Rtk%Ihcvw(~mbA4n+v418q zpmtkEo?U46jgF{%Xo$-Ezjx7=mAG6Q^%5X+0+WCcZ+sXtJuK93Ew(D;+eOfqhK}I6 z_}t0zQq-O2e;>XfP=|;%0=8CsJ~6M}X*f=MayCk_vC+kxfDK*jSc3vA;M}(|hncPe zp1NBf7{>;L_u7m<{4zSMX}*CT5JBXG`lcUeU5Z$)B%UGnB)!`Dvgi|i&Sc0Xj@JBl z@_B~(ErjIOSUDZAi~*K;ujrS>ia_#9I@YCs&bR5OSqiry-s~aOOC~S2aBKPe&%FR| zu9|1dX!VgHk^0XT7vNO_Oi0tEED8!df;~1-s!0TX+ZNTt%!^1BmmA<8? zpEt`GbS!((5M5yzZ7W?qj^F*5S6Lz%h4(gUFrL5iE?JIW8;+10a^{W}WgY|MG_#Ig zg{zI|w%!dts69K4T;7P{ds>%922(ooZvV4q!w?y8*`|4RI~y~*O<*X{O0ZHJ6Bi$g!5!?0MQ!(g6g0h7y_SNS>~6*f9ls%0mn?{u-jXQL0SfzbPsey{r~+?_DJ1*_X9<>6D;>HW59L8 z6YjsAe8rP^wHzQGeDSZMEM?i0OVy^F_96L%>F(pxzpeJpXY?BZ9C?_2f?jo@|Mumn z-D@~-3<->g4m&kTl~j=PJzL(D!V zib)dpOz*T;(Zb#Y$cS9!zrLKH+;L~ggYEvAPzdu8wc0D8RWxhu+7l1ko$AjRz^ff~ zi&-ll?>JxoN6MyO?!RM2si|3EyLojP8#*>pUM+#q1L0SJd+MnVMUp2`w{S$q&xT3NJ%@e z&eAgXuioZIPfzEIp{}fSjQy>v{*{--_Z+^K}A~sw1JnO z@2n?i_rvI&9w(dYVD3;UEGfxwDE6+oKEuA!AaQLsDpuQdO?eaJca2O_?VKxoTxCG(?h1obRZ`WW2VU_4)^O`bk#JTpp`xBVjiEcrC)+iq)cV@Qri(=*gz_S}uFvaPNO z@je4^N}=B1pDhcvjN64ygCfrw6zdpY0ayodz;R5HUv~3_ z_Lo^M;c0HmQ?UP1+PgglU(ov$#><;;k*Tjz<^|rG^xpC;@q2!N{?i_?%P!umz2&py z&iov#`wIfr6}+(z(aRDW<(NtKecj|m6Y#x5`|*v+h4!r0Ti@naHa83O{z#a^29&S( zh479%XXsW!FAG3b{csBsqD^v&+SR!PzwLd%sSDjlU4r{H5HD>&hi4G=-fr+F+IFcu z)|ogGJDiNX%v1N=szPu@AvLsHde9X~ zftF5hH*|PZYHK@A0sOuCTB8w_^sg6eOY0VZ%sb=x=}HPOXT8tdw;z+b*2`j+01R#` zVM_W*Te*`;gL$ZFQ#~}Ye$tTA$PqtSgY&UsZ%@Lh?Z`j*bS~YbX$GreK~@f>*oJui zNly#4yBYwsWt(s2e;=sB=of%`lC}*OIj4?kwUjJUb4uUYr?9exCF`Z{s#UAbzh=2A zAKmT#w~=|ej5XLq9R(3cMkgr<_?&N;?mK-VqI7hw=}NI#>pIJIwjRJHqELGSsT^ob z)NM*v<}Hk;MKs<>=ILt%KUtdA9Gl7sFk|ezSx?PrL8T62`Sw*sX1jBp;7Wab=8@XK zxatK=jeQP44TbIy$T*$O>;N4_y{Zv9H^F8RsEy%XKas04GHAcNvo;o5V_`;Gbl-Fz zy$Dg*`?HZKf?E8H;z{MS?hq1Qrqjg<28vnwdk~xtWLaU(;3=Bl;`T1&G$5S5{No=C z#+%;_8S#xLP4EF^hxLee+Tg;?nq+Q{@sz5t6s^jqlO10(Z znU*CoMNpaJ@q)qz4GjE2Oykn^(SM4+bj3yixF|rr*U#<05h0QcwDc@qDr(ibog3y(o}se|`F(*0Z9-BnAV! zjY+7EN76ZKnUt$N3Duu}=;fuV`Pi)D{w{Hr_+^}{A0~BtuOy)9r)F%|ZN)Yqyr*qI zyz?;OQR3>8y6~ub0bjgd+_(PTaW8>UfVQaIn*5k`nL8NseHy(T3;TfHQ;Ym@*SI1$ zXUd@+`~BQM4qbv|bq&D*kS4ix8rbAjAvIj|Ix8P6o`j6yZ^m+aKn_nF2e#(c0Q#hL zi@7!FQ~ErD^r?LwW-G;#@?X(C{xsy};i@`FMDHA$BWVAU5SnPtQjae&RM|*xg_UzfUlSkJBOS(toG}(}Qd7jmZF|7oG#v zZnVzX9z%1ZVnz!2_Z;&1HRg|XJ6g&l1Z{E?NLC&gdW-^p!1AT3s{IPf+?o@@(C+SN z7MKaj7}Wi`xZlh@pZ|=Pp;1bgEm?0j|9_T~Ifbust(k@u5dKVr(FPe%m*{QHlHc8s z9<<(4ab&PPTqIE`>|Ecxr<%2ibA%?5<9hxo|1j9gj>$g9J+a3t;Lb`_L-hrg{^~Tt zFn@w*XxBL}$H4Ne+wL?o4S(EPnKq2i`$)dU`AtHqmLJGR?YGhpb-=k6>@7nhj?I0E z_#4P^;R|I#xVpnvNkI6?NSk5z$z3`MU-ro!yH>$`sIeU8f6?ZaM{o&gP-%3;ui@$! z{NhGQ$ndJ_3ieZi;l?DmxWAWy`iq*!L-3}DoRFN)`Phj9e`YUE0~#0ZK8A|Pb|0cp zho*PK$e}h`@ahdW_-cJp#Lb9rlAS3&|GO}Oe9VTV_A(*19rcgb?Au4nvKUdEU%PDd z*0>yQ!Adz>qkp7BJ(Os_qC)L{qo6Z6p)j;xapz_-183Gpvg^#R0iQX=K1Bd|!_0A^ zARm3VAYXnY2E|T)e(U+of!5ka#TARJk9;pF4Ol2Hj2iO>DZk#VxM}^ZECyOf5|73n zJN`v#aU>%gq1UoLwINB!%bEBkq)Ms6M%|L_y3m|^gi$8fl{^`9R_kJsr8PUk{fS^i zGOjwj3B~7Jw2QhAiJzZ|ud0zLYbcrsXm2O83TyUBF&`f8G;kW}o;PCE{1Vs(>CoYmd3az)-x7n647=2H*wGs-|jh^KT}5kd2_bNz|h zc?@OJQfF5w|6TixVMU|-Boxjoq`jRIiLAek@J&UVe!&W-LK|*lp-(VukslS9L=d0- zc9C!lt45yBf^os(Q1t9n?|peC3uL~J%X#{j6XNSqVc)cp#P0B}1q0Xl_JbDhxCdhI z>ksMc8(CWE_V>Bvlkzs+a#x>v{IsnJU$1<%U7*?<>AG(in@PvJO>%5#Psgj3Nhaw` zCs$mVNuR)N%O3e#R2wZd0!#!H7LrO6xu8$j6&`ofaVw-ek}k5UyKmqukSHEzE$>M8$FMRrR;s;}&DOii3JqM~iMg@do zVg`bQ$lC>uag!WlF&|vx87}ql?N|wngW_gdO4HK!L9D2k!l4MK{pQHh=egKC-H@?* zM=%L;&P92UYa{<@3ny^U>@*^`uUa3RU&k4Tp?iXl3u@$O_n6RaM<21nBaR&O|3u@Z ze&L*KA&GQnxn$qDe%GB7$Xhv-=ql=YkX(MoZQM=i4{Uq43?#SS$x>r0eAocXZ*@+s z$Xx~&oGt@$G^Ai!h>wk3!wEDg1=-|@ck~8~sIqwnPvnpQ=h^$a4zYGfyCt3x&dIqr z!7TU6L7vnL{GJ|h>B1oJ-#K^RBnRCtwnu5_$_pVm-kGxkLHDd-5ssrHH9sgck5NZ> z+rkTz-+}$Dg{dPj+suQSjvmc`AV&7~7x_F8#e&{Lx_=xSLHA@S=Aa_Oc6ULXhB(=O zr&j!XM~KlB?O5#eics1`pz>xaR9-&w0G8cbgU{*ZB;VaVLa`l5nxyRa!RRO1i&!+XZa0j?5 z8E^jaf7QC0UPVHCgbNlGsaw}lLDNqTAb1N=SfK65@SA&`byi|6m%Wy=t-gm(&9bvU zl;|F^Z2fyu#yK1(#w7e3!E&O2!8-l5vdq*=k&B#vneS3saGV>rbJg{4X)07F2UDPn zduuiNA;hvms|g0Gmla>tLL7Ng5<3PYskLnWX%8&7zCEx1DwlzMmFUj!e9ZrIj}h_$ zNWZ1^8>EG#o%vaa@dYTYQGOn+&M5byO04-2am>KlCmZFb(2VFaY}ZSn@2wEcyadrA zBq@Cd-UjtMhAc6u`d?dBx*rXZ7!8iQJiB`78~xoqzEx8j8&aoQ<7`;Ad?nEGHptA^ zQl9`Z*YCV>9!S~Q)M2@Nv82(TMNCd;IJeL*Cle3jQx)P%3@z(W%IXp>ea(T$OL*<~ z9}97dJAb=OL;Wl*Il-fY_Ak|wc2>WXI=Nh**8{+%OrmvPH&;aPNksbe*waUi#UkkW?QMhsU9A2-ML^P4@n?X7!HNGbc~2Bqa>D5;tP^`>{`)Q?(`bY z8c~VzuT%BI(l-bhO|jOs70osGD9f`YKr!A)pTyiI!CMA)J9pP|cK-awelsp)zw+xo zwEi?=+_m+lXVVnTc=Mogzv{Z@Z>IIVk=5YSth3XJl00qP%i>Itt8_9{*j$OLtu6Cr z5w!rr{(TV?R0(h)77iilGfc><@X@AJNAJA}SmAm0AB{7cBVA@}q=ixY%K(!mvP#s( z4VqCJUdy%W>ilWD4b?C0x500u8qe+Qs9({0aKZ-Eax5$!i+-=#ogN&y5BJ`eU!=Rx(`~2-7gM|jxjGfs5uQqwX(h7L}}HSf5UCTnl6FqBR?UbuJ_Wdxwt z!f2+#-r}GCBbb%G^tqUQF4)^Y68yZT<&Dr)Nj+dtb-oLiJHTM6`{(Y9m3xk*Ii9Js z(M$fOqfI2De~Qx0XdxZK)P+@rq=^u?N9`EHCj5+`3`*F9xZ9oBw&>WrfP zgn3<(Xl*SoWQ%Nyb9*un$7|NDKMA6JkP|3aeTZ@wQ*4>K7ps`Y^8tB?X=%4;8Ki0P zO=b2y5E0s+vm;&2)+v~@_~Jrt|39OaGj#)m_aGxr~@x#VFhL?djeIbF(&v=e7-J#^u|8J}>Rr$M)6LvXZus~sL;S6LlVxmW zFUg5$m;dh?{B&_QIq{&w;;%CO)$Mm$&83rs&1%p4L4!#H>emdQiG2*zrN351&eyLW zK!(}N57&Q{i62P?A3p1$a^&w#zx|->$70oo78D@1x0gP<3NhK~h~aE5%>%z-)92Ma ztCSGTRpIExC=vcw-5C6XgXCKn0kl;E$&N2x+Q?jFK`cVyn0+KbyC5M(q z{Z~FFsgw(3rd-3iH>CXO4hUGg4FihcQ<5Dw?K|?{gwJ@g6pq}*gnWuJ80){X)^~Jr zLjGEozIsZQ@mi?=G=Qr-Y&JDQjkn30j-*BVgD*5x$;-xU@)@G6*CeC-4D}ozyQ=P4 z^H_153KG0J-Z!ls!05%A{*fgxzBGdhtr}sfVrhnt# zLERn3qU~*c4~63gpY|uyqn`ekgvXZYsC5Dc>TO20}uA3K-;yY zs9@Eyp$>`6bw!+K=vl$$o4}lDxqEe>8yli*wO|tBc#?Z_&;nklM>JehAP`+w(GOFv zXx>}A+IrL?Q)c1-v)dX(+dK~(dxWbI@)xc1lL#D2MF?&r<9h6uB5d2!Qul-^@5bl8 zGX3Lu@=xmA$;+fPJKMb5KwflR%=gZsKKh8DnN$P`sfTL)#}4Qo+;}B2vj2#6`^W`` z6_E+LJLh1r+43{9Y_LL%w~*_=<}`1;o)1#z`Ne&(mHngwkb59Jdk%(>xcmNFypTZ* z>UeLVV|cg_t4_4Lm%Z`_GQD@FB{ijS4cq=d{p;OZI1mG+;9)XylB8%~+_R-0m&Jq3 zUTYzgw(Y_fZ)FGrZb2?jF)NgKLbi+103ugq0z(o@)VjBaQ7|8F((UqqHZgv70`2BfvE?N?nZmkALKRgGCpPgM4J z&7ckr)wlPzKE4`K2@0zoQvJ(tJ7>duBd!*zl*X2v_!eqzB=NMB_SrJFw}V5GOh%c> zgYtwj?9D&+!Jp!9$atx$djnc`L}4L69xQAi;F-H+QqLGdMr%t8{jLq&>c%<>%zMmNfM2z9KfS;L~R- z`O?rbS-KQ*nQy;E!QHsXZvFA1HTZB&Uwf_e_nFs}m5*_bOV%G@4q%DZQp;~YaYbK1 zif$Bvg=m3s0bty4KEea7Nd2E<2DqXJkKy$Ot!Lxp{%T2I3voGX{WC%y>_CsV|G0DM z4$r5Q?&<`y!G_)9qBXejv6ryRuXu#w?_PNcGsCy@u8Sgl^*;^X*_xF%!XV6s6XW;v zA8`gOTrI1yoO8*YO!yVKy*obqfj0-ekEZ1w4AX3of7BP{UTIHv9B(hZIWpI6r(nL< z+mrHj^TwQ~O^wil?>23M8NAxh`=!zX29Esp-JSN*o6hU^p#J?lGV6J(1^4mf+rZWr z=dQboNS~HbU$6c=xWKtAr)kjNv+=aXKj-7gY%`x#k3ZM!cH?gC>eNLxE<|v+_}^)R zKW}AVHGJc)z1ibiq!_vy9<`W1_jy-y=#k0piy_LJYVFz^9&Q(xOwK<_|3hPn*e~sG zJ8@PfXy`MeK%{y2TkI)2dyPf6-=W2=)Xk28&D-Qn*SX!6u!Bg%x^jV5I@Iz{nNEYu z0cv42D}3ub%Qj+tYe#<%Yqs6Y*OVROP=hZryP4xU*Cav;z2>UNM~c39IPGPa&Ugh zKJD$uohNI(^WFT;zs1aZI=H`Ptao4S3K$k0ySsexd}eQWd!eZw)UdSU*~u^u_4{Ab z?p%35T4J63RuyyRoZo_{tdR-HfL~g6)ihkXtLy>lH?!izn2@NyWk-|kyf}ZnGbz?z z*51hNmE+RM^o%=-dL1$2q#;k4*YDzc=ZfxVw!|A=O~OC_O-)1C$Jm~ksuOT3DR#RO zEuADyIH5?-dvC6P>59P;s%P{B=1*1C2h|rsy>2I>lYT!hTKGfkZzoh0AS$d?sAf5^ zxq~t(dfxY{g5{n%duP0BO%5Rpyh%Pw*uW{Tk*4@6nz}K5UNz1!Sm;Lqo z{#)a%(&sTk={wIa?G`D`O6@x>T*j421sf`D`<^?g|O*oKS1L;^?~VK|Y&H8TUV579{K|Uc|GyK6iRN{%H@U)9hdwKVdT0 z-I_R%afbmZy1)??^H`yI>B*I=@f~J!-BAw?{UT$X6TBr15LE_78S9o{Lb19EI;5{>2DK9P%>E92{T!I~_;4=XU@m=o7+2{> z{o5*g@pIa7xz)4PG9k9GVA7f%vdo_pwXJTf#%g*@`T`G)AFyyt?U<}kjwnwDn| z;JBh2h>6JbA>SYQEu5B&XbXMVH<^ypDbSk^$|(bvJ5Qu&e*cQA3eD&9Rvj<-IiR)o z#^GgrTt4QW>Aua9xQg{%g<0j0hj{V%%vx5@AIha6!n4XAKcxcO@}E2rI_LC7M$*N6 z@co8K>u5`p#OCwB%XGy$+L<*QmETPQ4Gp2a7oR-&lN*^zu>j?=ou=zG!>@hWgZ}tcCA=dmcB?`PGsKGwlyb(uk_*lKSyA5%3x8jiqPvE6Z}ebJy_9{#_<A(Qm*1*;(DVYkIHFE~W#vwafX>Q`a85 z7ic<;JPcL*CUQ(PyIA#YZX>4Pc{HK6B97j^S3e_DMNheLsr8Y40o2=a|g|vRkkC4-%jKtYs1t=BTf>pna_4RJZV95Hveb{ zRxS>hyf!ZIgwZ)l?XIxu9*lctJu)y(V{N&u+#uWLpGx|EU502t$X|OS*hjmlT>bVk zUbk-p7#(%|oTyfKq*`_^!tFloR*W3AbTFm{-P82_S9he%+~G?>V#R@HOJ{IA?$X@z zyzxtOqJ`T!CUb&=?dbkJb*8v#2>!3~`qpBXZ{CX+yPrl+znbmvev=iSOD|rH2@JmV zRWaqQg4d!-$w}l<-we3da7(e(tTT7th~?~;y}0{3@j-J`9;ENx@~AzI`@3s-NVnpF z12cTeKpn!9MRMQieiTfDf*)o|=R*|Bm^F{*?T+0a$$uYucgk#YD2PesRN(rKbsilf1HqRl-~872lkSkN3}Wrshd|e|CPM1%$1i` zi}A;=h9*s-Z!Rf++gFeOTpovs{$o7l&r1K(Y8r)M+`+?38OQM$DYtFex$B|(;`L?s z2AY)1-7pXq8m2A~!_l#s*}xE@GMHeZJN%){UKxd&@1yiKG2QT=9Wz(Nl`BkThdg^6 z(m(ILefNs;+i@-H?MEeg53-|=J}yg%8GGFT_9c;Z9)+-7>Re;p_Cl=H|7dY5c&HFk z6^`5wu&Ej@TdLYJu$yPzWa^&a>1#?gwvD^lnRPc#?swOIQ2qKtyvpwn>e8m$%)ZYf ztBoG!!;H@UCii~b-n3a&Xy7e4w|?7uOr?HQj&j-X1*~vb_Umxez?z%JW#hXvks;lb> zdr|w{`X@*41sM*b(5H6lKL=5-7KkFP-l?=*#lJQ$kX?+79U0H3d*h#OjNKhw_MMAN ziL9eZ84)hN@4*HX^imjKxOTanGkDwaQI$9~sx!P!K1pt}ng2b*XE1po=yj~UdPh;R zy$LVMX87dt&>8Bjvfu;u5PIxRHGEPTl`;q2sK|UyTNR{Uz*RMbKI8kb$2&?^_%eXu zP&e)w7}nc$&+gd?RQX=U-FoIEd->hm*`Oz?i_upm<28|^vfl4EVi$dWR8!;gXfkfY z)nNr+k<|`u;H0bj*>$rE-c(0z+!KWKn(+o<_v!gryUIJR$b*C*PTq0PCBT=kz2Nsl z`H05gaoZH*i}P7~EZ(Ub#Yz)=ilqnKf0jdRHqARR`Db&#_O2@~;K+3Kp?X_Sj1^Dpr;z#pa26~*>Q3yRZ#7rzk|Wkdp8Rw5 zwd1w9IMt9Fq{;?N2~z*;`huWhO8oxa9xxTMpq4{ ztaO%|CpRpvUmi_I8yW9@(sA1l-`VYtcyjZT>SFGG<`1p**1eE70riwhOpQQ!XII#D z(HCEKC8i!~6~IX%@8TZPJ4C#NH@py8(w0U}Xg`VFKAk6Pvr9S31*<2s+%)=^bw)o> zn?om-b>K(vJ%7HQP!6-myzmz0Fu-@~mgR%GoFkc9N!_#)EGdq7|MEx4$jk==iV~aBVm@I((@{vT41lId|OCF5>OD`9+m} z!)tej``AMBReGf_-W~2U49zb~8Lt8tzm1#YLQZT_?6&(PertSP$XKrEmZb7mL)Zn)^Csx5m)+*PJL0#S!G!JY;BnmLIni8H z@qo(RnFST~gKSeh>Nsu8ztMDu`RnWa?GT=?Wp`(mg^YO?S1P!qWzJb32*`FebY)K7F>&$V!Pgg=W3j6M8QX9jQ#E+Z8iadWSrvfi$+> zSW`cc80qidvt`<6-!6T;tunE_^E>Zrhz;d6+D!&D{?oR79%BYpuV>zm;})K-1}pqH zr$*Fv@q4;MvR`ttjfZt=we9oL?q}{@yS$&WHL02Y;Z>YXmB@v_tm54Ub{_DAyKNSo zfFFA;@)wFV12#(D`uh!u41Ns!;q!xBq#Zo&<@eN3_j7vmz_l#%Zw4YHY_FN4VM4`+ zcVd~mS&iB6Q@GrSe^s6uW9$i`oVqf&v2W)Eaig)?cSZNLWM3Pl zJt?^s%^fu8(>mlfR<=>J6-~mR?VHbxig@z%UQ_tKOlJs+{W)IvcA+munRGA|6>1%z zNuD{bh)HahdiCf`Y`l{9kY}AWJgp>GGW?d|q}%qE$|cDI!_>~DPk)}#b?06k(cE~Y zE)ppb`4e&Z>+<*Y^&uOWh?v;-W?Qbd)%H6U*R#e?_T0JpN~X{M>zfwBMZEpCl1P(T zPdcnnt0F#aY6>oNb=>c-^6FLF{i;6)*TJ*sPiqVw33Yh;ifemK(W1IiCB#W7WxoDT z>9T&7J)%YJFID=J(RQHOt?n3BwAy8v5d4SH<<6Th*2kjrskP*d8ijcFvlXZOPf2f` zADDV~=_3hTwuixdLKwrlrtjeY{0dq@Da7`$El!aTsdu_=$T7V<$@u+Q^-ZdGjg!@A z)i(o`QL<>9A=__SchEKVvRr(&F&1bzdGIEpW~corZvZq{EWbxz;qA-@HdfvHyu#e# zaXXvAs?vFV@7*lB_+7;BP2(pa3nzY0f3Bzrk>?wV%lRkz5q-!UhnWq%Na+0iG5*HK z{;&E{4v#)gDW!?V{e0w&`dSuqeTvT|xr^LnoMe``v(FC>S(raWcsxHv{V07;>fi)j z){FViE|~O-&-Cz+=mXF>i~i>@Fm3MtY(nVM=gY4LxLQ*G{pt@D*xt(9NFf||jz=j` zZ-LjL&>!r#4sgY@tE=ouh`klvP5}-nYMDeqiyFS%jZm;SFnamQUBtTNPrB2(O%K}r zhF{oXXX!zxde+X!w;L_T7iG5|nAVNj*gD49D`6h9&3m4Y@#XuZ$SBRae6= zyqg~DsAr)*h}$jo1OL93u64(%k#fn$tY%kaV-NmbZ-J^8zg@_-HoT;G1y2 zTZJW{Y~b#msNb9-!K zRv|n{xzM>~!~o`kF&SR+o2{2?8>(ww)Fi%|V*EQM!zM1)%46>z)ROAs8Sf{3YSVef zq`erWo>R1`k3-Kc>BU{qvue-l!in=4p4$WGBZwvEuR5`H!XKu1AuCL1YckWaMZ7yqcqO9iAC78v!amg2| z%XodLnB3$tH<{0ZdRL2+uCfxo-ybQa^4PO$m;MnU&8E_GiaT^>xWHoesm-j|n&W}L zWAE{bF4>Ii#k0E6iV5dT8=EtoKtq1MdcY0I$tj4wm~3X!Oh2PYnm z_t(Zea+4>-`tGjzV9v@-hOlF@^Df4@T6vi8+ZXr|(3xBLAE0g-xwK9V_8HF?#+UR= z*J5?1XI}18UmmL>gech;*v+0eH!HT9@^a7Ma20MkIyfzrwilvw=Hs@}FOe#t%k95^ zm@S>|&!evKt(LF-b_n_^v`qe*FE)K=I-qN}-p=6~Lvi9_YDnPY>gI-v4(FI&3v5De zV!g`ahBcqL_Gr!qO`De=A@v(PQ`BL=iw@;irnW^~bl73ko`w}@dTZA5>9T&4PTGsj zmEPiik+iiI_k}NV!#b{Of=$NQooR{3BFU$4c@{`Z=*M`c93n@>*fCGfC&lgsWeur)GdJbb>)_zm)t@wC}~s0sTtqkiD0 z)hrvnKvtA#Ot<_u(UtL%>Tec%d`Uq~PZjBjUsH1?i>hNF#~{ZeW=h70`(R5?kp$ZK z**2Ia1dKQIMx`rs2zPvo)K48HGiWpIUP>N&{sMrmEjy{eu?}fu=zi$Shr3SF_{MVT z-kw9m^f>nV^tj@9iZuKnd*()hT&j*?Vk65OV>EwR%n|5{K`mtUo{2P;^Nmq)b9Bp|QTfW@=DAVJh4h-(hd(U!Gy3iMlJPimevP>8jj5 zMoEVTKZhG(S;NiuRp6*A>>Y_`buJ(D`=6Upro>~zQVZIPs+l40OkBI}4}Hx);Vyj% zvN|*GpFS(TBz#G1wdiPb0aj>wsVp+*X3sh!hN*!6fX+Hf=Bwvh5hUGDn8mWXM|}wI zUNoxVV~2c}og|lOo)q}W%xxXh@~GO2L8?03Tb1NJIDd|xpDWxF+I7Ztg#9nujpLoe zhOUaUxi#My|H#5VX}H264hiY07$+ImZJsSA$_+)=k(tLe`KJ=YP0n|ne`2w1a{3bA z>hzWQb4P0VUZifVew|N$X4ksLeTjKh-21YTD$CaETdnFXH(Nu6bop*t?KQ2&65N+;H&N(UwAZ&xc1COk>i2};!mjE_o12POrujj!&`?_F+AlUx)F^8P5X z>%6!#8vI@%4^hqM=#+Bsqidbb8}&9t74hJ(t2H)V(2k06klb%IHCz_^M(s2;G#rRo zbj$G#9bq4(j(ybb3{&&`&3Yq(>n8of5pHljs?eFG%$eD50vjRd72UjsLR9(w6|&RQ zSdW(%)iK$T6*^tNGv7X_%sqMf?2X6uh9Nt!s@U>OOrUzMIu1*HhYceDIi-wFW+>Jx-;31-Ex_vaLJ$8&8A!iP>9IV+@Qq&I$R=(6h4C4B?}_}kTVxpM&F z-oDWh`;cTWam-k;baQoCx?5*rZ9U-Uz2Bez8A{Eb*2yh%yQ=+hidS%X8GPY~f1P7zsLaAkg`WiX>Z$h$`7|1S>WY_6$4=CvyO>IubiU_XUV_`7 z;=XL;_m6nZ?Z~TRM(lRIZQEA_Hy6HzcQb!u`ne3l%1raPPt(Gm@vfXE9ChE`va

    z!=E6bm=C{tk>nHVXx|L1=AFfA{`xx~#vqd1!Mp=%GzaNcg2H8VSWsFq3&p8eD$La* z+?at?gFYA8430bstH|%tK7QlaBG zY#mDxQ(j9artBgyCA79hJ}KC3dhz})(VyM26HGq25xQ9>pFqQLs4e+Kl{_0EpY*mX zu^PxHy_4h<^e1PZp>ERldSJuKe-Bd0uShCUtgkwg<&kq(X=y z3{|*n6K&~99Kc#~HsmQd5Z#Q)XDaEqx8xmPatazjbzDY}m7?eqTy*)75M8{O`dnxk z=Ct_wD8K_kY*C%3A-B|%+;V`Xa>(YKZ?_m7FCdnkCru!yI3Z&mvtmW)8uW;y+|k5U$K|0Sl85q{Jd{Ts zFxt)kp6q)m@{r8rp`V`%dB`(^3qwVW-_7UzZtD-H`rkR-_6l7=4)0m$$B(XsFocJ8 zeSFnvey?Kb?X88MAimh1ueJDpI*sqmu=vuB>J{fuAJ1x6AGbH%>C;=q(pk*Y(!{l9 z{Z@fgYhYSjFtm1|Lm&XE zY)|obLk^|Fkzw554e5c%@nHsO#QHGjagCWRj&HI~?)YX}*Y-HRx#X<29N)ZrR+{@z zepq{c#M|>$n)YP0yFEY2X-|7@KC`X%>^U=Sd)RsGNgi0&_2GGHVZF41n0h)OFVBOiEH_d0#1TE;FW` zQ@R^F#q_~HRjr@K_JOU<_FU7+|88`N94h->q0_~I+V8>n-ggm-QMDaO>zzvf47|_4`xE2>4j5kRH5t;Q)f)?{ zH?FpBOgo={b?W&nulvLE>|X|EcH#TdBOBQK-jjvNtuVYNK9d7kjqVp259ZwWsO__)BZ$ zEX{iIYG2x}Y9H>=R<)P*Oj%=3cRc>gvsseI!;->!hk2CT(p{^=wri z?@;v{0o-Vi14foOgjiL5|7h%L9=&JADpCP%LC<&c6!x^zi8gkt!YtPtCxA}cv2m8C zZ-ak#gbqoX_bn&9kt%5`Wko33HpRNbYu%=V1_Rgoam#*p_R#bEbqe-6Y>U|MzNP){ zT+h%x8U8=5wnk^9$OE(1qWB%vvs`_veIr&|0U`IfL>&jyafUtxu4~Tn?_~D~^~dw% z0;}tqo2-7Ievf7N2(UM~AOkTO{?`zb>3@lkRCMA$asSbniyu-b(Sc!h%pYBSx7Cr_ z)dh9N*}aoyz)A9tPn&=D8Exc;TJute#dH~vC4T4gqj@1)zqF-=&S-l+u4+I3b`91O zwz6Q>C9`j~cC&AX>W;Nz20kgZH3QFwB|z%@pZ6bmO}py-Mc20KeTS4d1PS$D-d6u- zzhgJoLtqOIe*pCzR`Tl8TFJ=^QN@<_)coQ$YreW`YlbERK!GB17y%mI&7dYC%&m5`@F`iy>EEeqqsXE$G)+alM6jb9o z7IwfE-{ziBT29vTe{nyK?7#+h(&pk#AA_cc%exWIY2SCO>HadHwb0b&g?XyJ5KZl> zTIt|25$ldKsi}YzFLV@CM-}n}Du>3LDc)|*rwcKtvFN}H$pJNh$w#OuM_5znKt*2Q zh-gZl@!^k;#ZZ0nqiK4OOgs;4`?4J9GtVl{kNMF@r}rx<9tKV930WeMM#1oZ%UkqFuDqv(^k)%{fu@ikQH z5v0XOzeSYkU6-y)Nb;^5Z{N(a)b{ldpBmCe!>&m9)J6PLLwdBd?@?>|_K9=$v=+Oy zKhy9NH5wOmA_O4$?8b6?6^eh7^;?|onez;8m8DIe(-tf2PvGac+7O{`{$)JV!e)>OG<}E=#I#vw(t-I zswS7kU>CZHuQN~H#`lmzOt+d$3g#~QsOH)T$1H7LE<1A0^ZGZnIGPgwblY%r9t;d! zE})a`vYrKPz*<&U62HX#6kGWcBK-mrm6ea~AdO+p1$Xzh=s7X`7v{|@R)nH=*&@d@ zDx!v2*qFcRji+(G3IJx9Vb;2|kLmVr9rJ4GQ8fhYYv|Hj9!Cw>i6#GlXcy@BJe7bE zE@O_=n%2?I*rZ4=caiY=)&6Fx%K)luzXv_>WXZZ3Wm(pePN%z%? zcT&~m1RJn9?@s9*X-x%z4G7~^K-Opi8tAs;3zCxc3CkgUHfd8}h0VVGc&sKsnXJ0) zFAGw8Td$ym)S}^FfS&yLSWNHrVsff3*rnFZ=5R~W(dfNGtrBR>`_(U8L{Su?XS!(Z9yoA0CTI zYdqvv`CF04cNS9?_oTFQkv92$Dy+WzL|GMigPh5%rv7Gfe#>d$gq6IIl1)f@)C0B` zXb0W97DYG3#u31TW6eXb=H}mbJnkSWS+C1LV>v-$Aw#x32-e?9nivU&RN6^Bbf93h zZo7ScYG;RdXKNn74{YPUrTr2gto5+Vsu1+mL}KsB{MZ?yo18r$u0cWCWAe}F!UtLax82j4uF?j*u#mB)rt ziWk~!Jej`G_MVSuHh#S1_{q*Uq}*>iiQOow?UtTVSMDy@P4xJ8!UWgQ4OH3(Y^9?F z4U}M`OZ&*BZ3&#{NODP0S&y}((5A~4kY8T8Tie1NY+z+2WI_dH+({X?0TV#tC;2}a z2qUrT>p>+aBxuQ+@78KOT9_^wfKJlx(hj?p?a!dAt+hk0WqU19Au8d$ePJ*S8`;{y zWqV+=q|=UPYlraGQbGFSZXRu;D;z!375Ln$9bQJBNb}_Iew&*8nOoZ&KF}xdWtN7ADyU`;ZmcyQ$glyTae}aA`a7+TlVaQEhK_#G~zX1@_vh0p9Gb9&Hc3 zBI9a!&pF=g?erRrAhUmX?*OE@z(O~|Wiv1B+4Zhv`v`8TWS>y7YrNSXxenL64pU4Q zsfs+j8uKkDVv1IMxc<2gQq_ITrrSt2e=2mY)j~ILdb1CL(NnuDELscRmK#wOZ5NHf z4w#^MI($>fe(yP}S8^XD)+qzsJ222_$EG*{HBqy{HHNjO3oPJh5!XBXP1j}nFbY5^ zVCeP%^PLCGcPAzLJ8$-Tu4T=Q!jBB_6+{Hsp$E#k&zUb(eZ$y*Mwo-Ggf537jm9&N z;0`=Gj{#HYRiq=mvWr(3d%VrU(-!u!Gri29m#*;Fom|Vlu%L2E_PgHfztatOXls$B zYPTXOn}|yoryW77!h3paM+1978GFx`v$s-QQFu>JIeR;b(V8!yfnkT}_V!SiV@%rK zl`}}z$XU^mA{B!2b#5;ekb||p7 zD7?1=eHUF7-q&5u{z%SllGh_GrBdVqDja#{`DV_Q-ypmE`=rkAyYc_95tFbcW^ZMI zaQ;cal%41SS=W-+$wWeScW$_XA(gX8f<)c@Y=5L$+Lnf0e|L?%vE=8h^couIAmwg9>zHcG=H2z*gww0_j=B~acD~v9Q z_BKLDFlszamf*yL3@Oq0AQf~n|FQ;Qosufd`#(+p#Jf9Wvx~;aLa#E8bu()}>es6M zrz~&nsFd=+#4ef2^)y2ODWYb#q7U10N+BrZXU#1X^862=kn7`LNISpsO%i$NyM+1G zKWTmq71cS7J0PgXJ~^J;W1M}=$w6uBFJ$*ICN#d4KAQZ^&Jc=ZQ!RaTN;*X{RQWCT zkHq{xRZ{ZrN}E5+%)jhwc8ws+>)e~+qYTB$x{7jv3}}nMqg+|%>jj)$;0VxbWKck} zo<`YFPK9zF!w+`kmC2~&8j*TTDt(T^F{K- zqO}ilJpt;^54hUiyR~(jv)a?7h3FL;bcNG+zg%RN&;_zqRe} z5B*`^f8ogKeE-vfZGJ!V2ev=;`=lRb>v5;s(x~A7>UN~6;7M_|uQ|Tno;?3k>GS`t zxqa*Pr%i3H*U@P|h#wl*+*bP^NZbD6^zA>K(0*tSg@^GxW9bI6eH8HxTK|faefoCY zZoHKdi~C&1TlVIPx@AKEK(3Y^4eMdViy8Fa>tDs&wDVXjKNI28B79ziuZnQ12=|Jx zS%eEkX#TUmmi)ZDnm_+tgyz4wDbF+B;m`d=X#Oh|&x=KPt;qMPc>YL)dqp@{yl)oI zO(MKl#P<wa-ky!r3Ja{k^e(xv{Z-kv_+>HaIeX7a@HnPugZT{G^QGjC40 zuWXuce%a(f)2Ef)K7VrA%-bpIp2_89(R>9RXF2DS? z+oly**WL1pC?D=uaAoo&`1e@^_R#&5!3 z?=E*dcP*GZ(>G`S zyrlNGnSQ~vd2^=UIcMJOJYBkarmH_WLLZY*zPPO@{;zQ*Pv6$RInaBS&6_qiZ)RE9 z{IYBEpkSR@hD!P8pZnP|$4nG5DvlFBiEuUeSJ;{TQ7>YINjq6-FHapfRB zr1NI_Ci|u@n9K(oqieBD3i5WDz55{kCR+ATt=s#DF+vfX`dj_it`#1XmUZ1@@K!(VlbC#D@@{^KWm@ zoZGRqOrGv5n>%GXZ<6CdUJvHl82^UiZ@_=39*dB3{-SbLk;flQrrTR+PW^}Kao7A7 zg3Svhk4q{32L8M2QRask?XH=V=fq2zMjI7X>N!!LMWQ~t@JD`xQsYUwo%A29XZiHm zGiUhc&YUr2&U~upxQCMK^Gi~GA{;j?lf^G6;o-Om;`wSG<_+ax;}9O^m-4W_yBH5q z9s@zqybuUgc%$SiMc`ttHq z%F7pFy{O;Q*NE~(do7|odq(>5DpJa86z#1L^;sp#%M<0T66sbCPG8=Fl=4=K@+?=0 z_KWsbi1MB``(?B>ZF!ADlgDFfO8tt&dxsd0rc>0fI;Fgd3CaDJFWyfz`|%Y0SD#Ye zf(gmvJ5{{T7v-%kIr;ehf9!n+d{o8u|Ar>LSP;dh3nGLTLKQ+w1%hd0LlZRFY&OZt zW_R6^Vk2V19?Mhg*ilqs=UFgf!;T?9Xo`x89Xr_++KTV9+!B%cK$``VU9h(`Js7dflzqzL^a^>k~mx@UO3QNz_O5aEpcO;zop`%e`9E_+p> z)9x})HcvF$tRAb);je+klzfB8zkJ`BZ0~ju>QQkGd{B?ZCM2p4sP;n4oAL3gZ_uuf z)3A=}bb!-$c+g;Mi&Un=Xfd%<7pAmEmGx&Y=Yv0=iJI%kgPxC21+KkOq+i16)7rRq z1b13vP9r$%&Jv5=kIupC4S1+mi1(K}d}jQ&nu`NvG)a%}ydQw1nWKlZIZEVZHym(cRR!s@q` zn~PEY7#BD`y2&`w`%`=E1z4R>U>(Ek~kMlrFc~?)2F? zD4v^llZbCD$5)hZx0citnLTc&GXgJZgg4;x+eVBZWgj^%aePUsb(}r1cCHBhU9o+!j{Q{?68OE#cJ+V{e){~1Rff_7R1 z^aV@IRj4QCDzDpBhQ?Y+pTOz%(f6>~93>=#i0@q!Dc-kWIVOVp=K%H4a~xiO0M#)) z$6`J+VE5J}na#tem`$~}i12jnHvO(+I|%|rN{3XLrAKhL#))nsx_W*m$Z1wrvHV3*v zZljUnPvG~{yQdnslSZdV?(v+ThAPp2sd7qT{nwtt!$d#VQ~2-nL=I>Et%D|`UTH5GX0}(WlZ%9e1U1}>+qC6x0k0DM1G);#sSsK7ZQ6cNpUw(S zr@&499r&F-5rGeVmDMjk{V;Qh*X{98JHxOqLx|^l-Y()hj^i7~b{b>oM|b1WuZ=(~=Jb1TxO9HMGXoC4 z91H2E50}CDI?dClEbuidDZs)r8_ z)u>DXorq_yf!iXOF9E)T{Sx4X>P98)>_%ni`HjkbpzT4;z|p|#7d0xIfjfY>i;;KW zeVB)WJ^?xabQ$QwKo6KN16>bX0DJ}f3vM~UZ!mWRO$KHIYhiyDI1}ao=t58%Fbent z_6eZZfSv=C0WP2jI0Np}f%{;7^{z(c-unf1+}o(Ex~Ea;4C(>8!|VW7tZG!2J}S_= z9`68L4s?IAQQ7;n!0x9Sl_uEdgWmpTqmuYmqtZ)_>nO0Dk@w_2(;r9N-1m2}iK` z)^8e>w-{C5qC7xHgTA+?QR(oVKp!CE`$pv^U;;3h?7$H}p?)!@0ds-9!0A6XD$j#H z2Ko-D6SSk!s9b2;pxh4hhxseO8@EAu1@?P@-(l|#+8%D3K>GsMbljjE-+6=54ycED z4X_aARN&E08;`4aOr!;jnu2&?9|-#RH5-&+*KJS^2l`&SLHQ8)8h8g-3yi;YgL3TM8x#}p-fbuY z;A!ACU>k4&V19dplDq}+0n^?=IRkE(a{$Y`8c3~Y9j+PbY}IIqz~kY)qTlcTU*_ZNy;sY} zsfrVGgtHemDVbJ*a|)Z3oYR|>2Y?NP0DSc;n)rgVfXRnA{^Nz z=7*WH9VqWb0w2MA7cl>fCgnLd()0>UITK+$P0A|Z^6DmK(Afe5YMPYiVIK=R4X9p> zZ^XD4u+%mw_W?72r(k~<`0;`!<=6`a`T?VW<1T7amH^9O-U9kP=yjllS2QU%FjB5W zyr6#qxpk-;K(A{eV_=xy+B&UUxSvEjgLw3DE&*M}*b1D&xPxh%2T?y)HYxcJH7PTJ zuB-69>YJ2PAB7vx{|UtNWRv23s!2Hm81JJ(|$2fa5kHUf_=A zCgn!puC4eU+fcsS5e|6lgC^zaop}F`nv_32#5doC@A(Pd;j<>?uTPtlw?1!D-u|LV z>HSrc(jEBd8??J`k?-$NAAs+FXi|Rp5$*TqCS?*3;t*7U3kZH+xf{)}I8a(@_fC31 zJ0GTXH2wB>!S3^yh{ovFY!{k5oDS_p)9o$UK&F*rZ+R(uJ4filV`d&f7 zqXe6SdJZvJ?D(K|o+$arhl*d7_+U$Z6|KYaMr~BC0M-Kyz`!vZl{vttjB9~3;9j79 z>PDq+vY<7fHvt{k{u<~fQ-zsm-xOg^ObNMBSfY=m2zp5ROq&}VscQd1TfplDV?loD zVJo%!n}eB0)OqDb<-Jt`?H<{vYcB5)xcpdZ&dmK_rJbTd7p9V8z^(o4AALs zZB!~4=K&ADy-|sKXQOf_=+&^V1UkQm@@1S1%m79;Zd8^5kHGvbXh+}y;Noo?m0KC_ z1G$X5nXZ0FyB<5J-zMO9I8irUi?H47L`3)~>o|Q6r%#7DJMBli%MfhH&b1F~`7oET zUA`l>7^tr)%JtBgo|F`DRe7zR_`yYHEb^`9q8zu&USzJcIs^8DS`_GiXr56BCIsqf zs3Y3I`E_%CzcY#bnOJS3G;m5 zIpA&J%{H5qo7xKafnQ-C4|+-aP0BMJ1fGQXvvvYs!#n{=hn=jj3*xwjVwueUKEc@Iv^=>30w?Zcy`^r(n;vOzi{x`{aeNvD}v zI?YVdaxS|QZ=lBS<2i$QiaD{Ig%_!~LDU9+27?m5=DHndWs@ zSey=oS@{llj(8C2};kr#kAvbf>Kh^5`N<-wD@nXBj)Cj!qa|$)$H?Ft6VhA$6}VHvO~LgW`14j zK`?VGb(EohP?rS0@_^qA@j@33&;gg&Q7RD;AYSv6BE8wVb|HV#+;j5asQd7>-J|d0 zukRY&zbMA@bsvcOp2-7yEO~-7mI26d`}5pYc5iNJL6uuN<_7$^rTJDDgiDO#={Z59 zXYq>;HkSNBmZLb!ZKb`x==tlpQ-q%@WIof-9HNF_&hJB=*ld64$Z_0>8OEO^;z!u= zt?BP}cGJWke8#YRxm;2phMs5j`s}gt!}1%g?bjNP6XEx@->!R2%wsL6?zA73jvD_@ znX87x!gpB7f3)+7pG_?HB=U;|v=_M!c0;B3cIqCu!xeH( zz}ujIDz|z(c5LVs+ilhWW;0fEDR#HjF)ZHcSY$UB6(iwAg>F~TU^DRoFaZ^Pnd+`~ zcifl5tQL=ub0QCRKr+R4Djg)CK3d{+R3a(*6y?}HcL#iGN9q&1me`Nt_ap88^b7G+ zJXY@_j`klg3A*Z~&gT3!LWWK6{@S7F59FlZ=Ju$*;(zBP*Qf^V zx@H$J;$W9|C^rF@E)`yvzRZ0ei#%qb_$_+LN9`({wBVx zl-&INgFmP?REGV?!DN2H_R07nlSX=5HcVA!6wB9Y%#z$?}yBn>Do}Z;?Lm3;PuoSDk0jd$NB1uj{xY2DHIZ(zL)dF=Vm?z>#{TRs)5W6E=5?r( zocO`CY$~yPAlymw(uuTqGN(Iy9;dY?7GH?_lQfn0gc)uo^%528-b{|Q!VYoHEC?-g zC~{$Ais*mXmd?3xduO|R0T0Ph+Do#mHFhrtm_@9AUrwN+7*6h1@PRPXR_#XN%*_8# z=emg3aQ(piDe!I3HH0`4hVf1`;?Js#S;(T>y$L>hh1F9|aw!g9p#yxmgUqara8ADC z>smg<32|b)*1OZ)=?DE>wmPZwm0Pi`5!~S9^jEyD9mi_9@BOFpOU`>EGQT969$OTb&eHsA~3SD@p7&C1chXka055%4e&&*!INjW2RNoG%Vr=+?t7aCN+1UJr}< z%jKpYCmT*={``ULM=)1IHJCuz^S1Wf8}09pi{L)pB=&#w?(^9_*8au+ z9|t3kgNKqIaj?^(zP=DFCaPOm>$UY{s!8k(gMvTJf`z2;>XGZ?X?+gBDaBoMQMimA;g?_iX0HRZ~QJzoa zaj3QH_Y9I2k+V5RnFG6TK6;~4r@Jc0UM7vFq5#w>7x0YsyOlM(iG;CJ9H9UcTWvblo8 zEeONM;r1DumHUBzWk$xRFu!+ZXx+m7BzhXeqmT2P?9IyM!1ci0z+=FRz)SB#u0N%(f>KsTwq*u&|zk*1Pv7M(}j!Lm-TJd zj^{h$#NHe4L(@JJ1o4P5f@!Acx79vU>^9*$HEa2=`uKLoi9Y54$lt>#bWW-Djng4s zG5ua_E98>&?w_;~?uO(2`O)VS4c{FV)j!cG>T@2`+FFi}?R8A+nXYFVzg6TjnEn># zpK*G1Y&Wd;M)D^y-e>*y(ci~>F7wxz?p!S5D`I;s)8$MX&egt;Oh1|JGQA?UFTb1h z`smWF<#du|dQ3e`mou$hA!q~JTU$?OY&&@8up&3I(h9$j67+@(bk=e{B%i0!B-)47 zS!J#9xgg%{jdr}n)OUO2^DTQW<$g&2J-NK{?%?vhw|&HOC$-xnpF26w=Vn%H*Pfg4 zVPK~@jJ2fF>ax+y%K;fal7b?MmKwJZ_j911w7bgu<))rH#Pfp;;tRAFe7jJ5nQm36 zO2+2!`(#}7E8_T0JV5X3tMN(whIseTdoSa3X0e^VALTQCaMaIj>iqtpInR{*{=S`O zTF&)o=iS^c4eC|%`;qIFQM{h}IKDf%-g3N$roD!WB=H07dX~=rm?OBKZ4&!>diNXI zUFu1Z{cXH{y?QzKZ&zw*Yx_0xPHn%Y&&TuJzw}*@SP||oe+zWa$)DaX*BSMkUR;>I z&Pd_);lll{e*p7N;K&Ctw*<(oj=ytj>w{7Fy8AiYavn!wgg2_kM&XV6Q={-E&QJYa zJf6vR61COi_tBwg_v1hMd;Rh9kF@=rJb%`^$C^L)T*dP- z&S%3T+Vz`kFFP;da;%R&Kdt5X%p6Y<)16G~rT^Q4?uilK9)2#FX&uw`GM^mZ&Nn#! zY&YCz{VDqVxh}?fq3Gur>xl!r9x<w6=2Sq}{P0vx{~ zU*R$SZjVN;Uqz4e_q~9_EfsV%=U0YX&vu#Ko=^W7>#N$QTerTF-$$muob58b2Db0y ze$DjXSm%i0OYLIHcZ+<``i6dV?>5Pv|M>1^rDi?$4uR8v0UI_e4**%fmB8tnAiu)6 z4M^R*S=q28N+%%eR8jjDpdF=Af_iY|)G!Hq@N2V}H$Gx(3b)Xv|lztrlXr*rO|4#@dlzjqIFT-+%c`Won(oKEI)f~UPJ7;1$!GG4f z&uAywxZXXpoj6afcc0l#oPF4ba}DZq`gpEtCuE5A?oYH6X1)8`cH)e7OF1}5L7Asa z=96Os2def-ld12FlC5}og*}PP5NzA|?{zYwsJd55v zuC362xv%ZTDg{N&4k`I5IuoxQQsQ)O8H+rzLmN`??yULyXJ_y^Nd2fR$X~wGuGdC) z7VXDq|7*_=BLC_N_rLJ*FZy0v{*(E;|K0EX_FHeg6%HB~!a+=?a3tavRy@J-($C|H z6zzP!1^9x^d>F~Sgv+o*3vc3l#gYe<@_q-hDwGE>B_PR(;iH1nq7req zi_~+gG8J-56x*R>@6s!9N*7^aLk!gH=T zA%}#iPr17PT1sPE0;X%T-du=sRM2Y?gbtK9tWNQUIf+w?*f~E9l$Q& zOW=FpSHN_1vvL^F9XJX&4mc4Q0*nO415<%%KsHbSEC7lD2jBs!fb)QhfGdFOfSZ9k zffc|iz(~H@R|pYjZ=pJJqr-^j`vC?Y=nkj+XKjDu=k$@4n>k(|(8E{of`r{-0uQR%%aZR-B-I z&?TU2fb04-D>s1#?3f@|xP4Zy-DNMUabl6?vU=Sm7=vqyOYHswB{#9>m;IBQ(Dz$A z2MfK}4NQ%~nNR3&P}Z&Wd$sG#^@oXes&^+n=rq3*H#?y77g7|YtqsEhP2AuzyI|Vz z@gjWUuiEt#jqUW?II>wu1P&kFtn2|j$hFKvvVQcowZCfnBie5n0_fcr@)}6*PW@UW zcW2ldJJRpUiRj0s9vsNHhbFi5`*D1;5_XowY{^YK#bTCSw#l^pH|;q)z22>kzyCA! zZpHr|S?^Z(yZQpf!_oNN5adyN=+Il6OzZf0>SO4a?eOvS7IuG?-41z1d#Ne|q;3zC z$O9gjM3L%#qcqh$c-Eys?^?v>J&t_Dft^miiK5QoF(0jJ1LOGTt3ol$$S$dLRN5mC@{ zMnOTItZ)BhH87@&|B9>!M&G`qKC@J7Ng5_L7)IGWhF&5*UX$W11CPmHUV-OlxjorJ z0aw1z`&JTdyt}v~^F!2v6(818gVCm1L?udmhk=F$Mjd zM~KD;^@Bu9uRcxO|KSQa#lZq~UJovz87mE|T=hgbC$L!LH`cmHHZZI-hL2B@w=${o z541*K3$;y#>%L1n9?)~Id*c%J>D+5_iTM8YC+X_l%)_Gk%W{_CJZ%y*{chegc6WA& z*dIqc^bn=o_ss01x`*zAMp2_@>p-_cd%f10*6M4iJ5A(^&rPaB7#%_Zx56v5 zHmUOtvsmTGuU$eXIYL!Rc)HY6xX6Lq>_q>l=A{(D5CA;AGBDfxH6D9dD2(v5+>H{d zO0I#`12S}9oy+YSu39J**DhInYCDbbzUHe%J(F*enHN-f;8T0CkVoYhW3O=rUOu%O ziWX(85aS|;V9v9uph$cluhpp*0#^WaCKc3M6;s=b`YO*4r0eXNY?tQ~a@j7=EzHq{U!V(b)rGGw?x4BHD_9S`T{P`Nf6gJf zs6$kLGy7X|Qwru4_^bVe)Xzm3Pp%U6Ak8vAC(Y-!7K(CmRAB#!u5gmi$u+v9bv#bc zBV2^^5ekbP{=y2Y$7h({>mogiWyZ8Ts~mkp`D>#~$5ScN!K4>0(S!EoFQkNw!sngU zB0NNE=uWVbd`n8YB_$(`{*+)bI&wlr$(S+YXS={F!CsTS#4;mgBrt01xX`>)?h^(3 zIp0vtyj1U>?B)KE!&M)q?FV;O2>(QX| zU+)p_GTits+H{L5_V0c7=-RK|e?5Ok8LnQJu7}%iok6_<|12q~wA7K5Bo`Tc?_bvh z&AzN|s$kAzf7!m&cwBZ!B5G$&vY+#C_+!GuW8RaL6kKtrL6>v5Bem&r9iTTmltINt&6ec_}|9`4ju9?{EC~ijo9O0aAe(KpxOpcaBnjK2pvz zy6gOx|0(kQAk!zAKF4$|)7O}8WGdfVey^T7xu|YBcNuQdw~CSr*Z?1J8E_+TKVafJ z^5{pr*>Jm_F8xta9s%A2z5|Z_Njxv>nbcF*R~Mh;-v;H{@mwZQ0xSk@1=au~XJLPZ zkrie>BEMNF1U4Gri&-J_#X7feKZ$iw;tG#*!@_3eW8fzs?zCp57tjwF4om?m zTn^j=eCudd($8pC{sQd=n!l)7ITyGLcof(U9OgtEz-*uvSOKgD_5!8q@6)O4N8T~G z|M*V#TK*$9C?1#@Eo^WDw+eU zA-2+PD=Y!$)*iltxZ_AsJ|tI6znb=9Z{-khv;%%TCco3XqY^aonvcLT`k?5?h@2kX zpWQct`z39}SgLowlJ~9tC-~|ITIdzOla5Y^DEErVXLZf+6igrKR&m-d3c28o&r&-9 zgu9EMm-8yfqqsyxRoUr~Kp&pLszuWTk9c^NDjiMPp-C*~<2#P0OW3`^G$%`9`*^P3 z^4F)2uuHeJ+?&+eFJebFq5Si{0lMgv|kxrUjRs zn4%7+FGFhY^##N}y4XrpX9Njm3$YEoh|S}4AdD(kXkL(SxB4)mnom=&NI1Q($QQ|s z(yxx~a{YF5Uv0VR-{Vb_7?1Ss%Xp2ackj&OMz+;SM^EgbZD88A2+l=F;7jzK<`(^p zx?2+5-Q#$N94FE_*&v^Pv5ZXKL;QX9{r}IxUH{xHSmuH5;ph73>Pyexg}cB9R_ue(&GS z%9%GbE8l>&1?>Y2xDjhLpaACIZowMqHpuS*J#KAQ`T}(@R{~$a{4?+z%r^sn!F(8K z+#Oi&0rP>2fOmnti0dij6ZG@V%}Vu_X61CCQ!~=tj%Pk; zRwe<@?`T#Uf#onS27ZJ2e|3KR?eUT4$5@n+G!Je4iuZ^y9})Y4g~j$lYhf`Kb+PtE zAVQ*UJ9)6VQ04ZP7{%Z77*Ss37?i{F(W0C=95veTaFV|y`w{FymvGiF$Fa&t0La^~me6{M)YoRsX0lzG$g(^68ft(peD&nX%6)5ulb zPZsuc%Z$vNX}Pojv1B4JoU-TTq~sOk=U8$q8EJ&k>Yu!n{FLmR*;!e+c^Nr*)AJA# zq4M)BnbYZiZi*#;j=FJdnUj`UkY!0JfHStadC_@lMt*L-9g8}!0xRr=PHVB<>1*YF zyVt93D;xH!^~a0$2M$^xf7Ruhp||w4d)4+w{i$>q6N+MGt_v9}F}@ zC5@Ch^927=D45T;m(ulK^VxC!Jd~i_pTorMr?o1`sc7n{Dd}@E@+}}JN&H2L<8MJ` zb_PgxZaNYAoFFM#6rdn~c1{{-T5j$snHd(J*lSYvY@%MBv2tL7MxJ+lKka&eScXA? z#xTiky64qbMOw*GKG^&r76LYK=sH++crzEfOKO7RI0(+=`1@zzZSTfh#sH0sD{DaC05$<10p9?>0d3*e1LyH6JR~q?Q4e-NUNo)P zp8=;bPinC%-)75pyK*W$nVES3Pl~rJ;LE5$&oK`>*kD__eX~nE*@5bGn=2ayJfp&s z=dGCM@@1BI3NTbI8mayrm1VbP=PvM!$+7!Wo&M}ndydbOjqic& zBu~1{<|!z5cp?1i_17>{FDMsV;_=S&d(sgJOlcKE z!0*ZRW_tV;IlfYSebkTiGEaf6G{aHm_2l|IrH(R>1@d5id%nk(MMZ+_SC1N->2ZKP zZSz=cHj5{Nnro&Mah; z^rTa;i0JBuGxO{eXLY6v`SyA}d1VzS5K{DwN-jgHce#uz2+%!;_`cFPy`(zRidV&d zuV=R3VNn;;*%)1|Wp)|JQjteh)}iVXr@hW;=u^^Ajnlk=5|71ab9*Xm_Dqk{Z}Ir@ zP$4Wfzh|0_YFEZ6dnRdFu&eb06-v|tw3;jwRJO;7?a@q6wiN|B!{M=%J1WM_#UP#U zF1Hcu%@MXdrm$VkJx(;6hfl!-rAX&)jbSg=rKg@>8l&}^$8_cw8MC5%i&bKcDs}loMh&7{n)d9{DOMOAx%Uv?Ph<;FVWkZ z`F*6`arHgMhTcOmfax7VC$FrUj?!FV$EHn5@O{Wv6_;)K7N(MsBE1t0@-NP>>Ef41 zZ{fd!pOU#O6I&n?qd-!JuPv+}TJXaSbkJlaG@{qWpP3z0Z1lZYpdMonNc0cmd z;cvcAYx32p?ScI^<%b~8vCwrNzxBa{tRvCT1IYgqJPIW`7X1}Fj2`dq$1|_unb(20 zfFbPG0Q2)99o^25JWFj4~JtIuken=3+cw1zZ87Aj}+K4BYR8y%1r1 z$loHkWx~x5`=vlF?6-qH4xAn*#!4C!UjUkbb#UJSd=JDOwnga;d=B@apnriLfp3@$ z^K9S@U@>q#@Bpv|h=>1VARpKOdl~3Cz;2kY0sRy7KG4Haj)Q<_VO|e>(oW>}|KoqJ z3?|__&gv*=9#8^Q16MGXF>PW>eit%rU`o$;m_Edm;#$a*;>hDPW-z5Vh#t{>i&6<3 z2b=_4(g$-mV8Jn4l)1-lQEGrI0Gd~JDV_T44T0X%Uj5fK8~&=26kEq zmXKIFc9|mP#ldskd_SQ4>4lz_b9kd47%NsA7!ARVzm|%MD!|E~G+F2?a@t+-gAb4{ zL5*ISc2h+@RVCc`1-kM58ZEN3NShgh=a=*I2YW4FKUKSq|FE4{$LrmDwiWA_*)CGZ z=_tjj-V{jNqMVnC{t|csFop3^Bz-~mJ4W|2>wYqv{JzKXPugX;Pz~r6ynU=ww~#%K z?f*&14guP0=2YP&h z`p@Aibr%(h-48!{v!I93o)2jlC?*wTKDVdZR($bayqzyx{c3QCb?&5I@nO57G*{+ zt-cBZS30m6mn70dB>Vm(9>V{^(h>(YL<;RLDvy$Vk0$(S?ECI}1bB!x^XW6}*Td?Q z#Wf`0g`uq2?Zc?H?-2zb#pabSFF$wQ{5;t_R8j1RXoftV)=hAw^)eS6iv$Okyu2QBgzj2cu6O zIqGCON0cx!X=LK~L}aXBb`B{#qIfBP_?oIF25+g=h7VF?mwn#|X20Fnq>?8?VqFxM( zAcZOE>G_88N%=y~Oj6SvEv>8UsOi_1&lm12pFj=SE1NDV!EiEW=B3WhOR-oo^L(T_ zN>v5o#SWjEOT428AH{*KU#ZGctuwMPuo(ggjMQ99X2JY9vND*R_DXQo=??^z5)y;0 z)ok^ELoe9N36-Z{?wN)49B4S!0$;QFB7nmA!mu~YykQ>Ja`UkcGr)uMLgr~Yw{Sm+ zrBUJvkJCtxbn^`Dxe1z=NML>y7qZ3a{K9QoKm4%!9A;}9ZW}%v8yFr!=)QnbhtsLO zYR8!=@+Hro^6~tGKHpoO8F}C4e|4U;cxL2z(t*|&zMIq0>kHSrOMT&bcd0L2@4mnK z!u9b;ec^g{sV`jbzQ6jy_3=o3;d=M|)fcXhN9qeVnpf7^Iv$*PZzQ=+v0JIuyd7By z8oijbX-wxR0wiA=O$v3~nDA>WTEsIK=p60-JAU7td4l%L7qqh7R^?iN=o`SHSlp`` zwoCD1q@jn)Wp}oCA2}Z;eX9S8;7(_S`bBUrHi>$pcc=5aB=585#*UHog`Lg%E)4w5 zE7_gHHROo+Yo*=|sfUC0oJjY-tIwwBejfih-1ywc`fQfVa5_C4vF>ZD=lBlxeQmor z9sNCxd0bwtt*0&S|IAB>c)v~j;MQu?6yf(*PQT$YssFHY3`;+WbCcwd?z5?C5i@Kq zRSt&5s(iU>pG5*#)6mGXNG@2lu)px01A(OiD@1P`baEB4T_yHBH)g8rP9#%RCBR}) zBH2_c-vbiko{bjyEpWRbg;WN)oXT;A9vRhsyNfiMaR~TXNLieLpW$;N=Gl+U-^r(p8jpV^eJP$&8YCV>^F{72c)Q_p^pAA#QX{bN3hV`(~v`JPgAuk^FIeGqr z@)a#yVs$XwxTx{*xtT+)Z*+h4h#n}toOQGJO)sbU_Q>O;)VFEmuh+}jagKpr&if*d zXDK=bB(e05gp@N0C7!YLPiD`aBE?R0yd}^_Yp<1HrEn zJBf?YV52IP@k16_bjKJq1F9ZNtOb31(yc1TdtOchwOmD^QWs=^Wo(-N~p z9;Hx|Q4dPM1jd^-|3SwDO<>=V`;AJWr<&Y@YU9f!X@YP5iLQ(to^I6}J)R>fxYDgoTTS)Z9(r=A5 zl{yb2nPn_je56lFmDyEKZMn&m?(&^tuaScQ-g|T_&R6m|DB?nj%w&K|M^>6-xZQp} zIOX;V#puEKdh5T>{jEDUnaA_d85LHWR4#>erd*EZI(Xl#<->Y*8 z4<%lJo(+Wyxp7F!TA2$)CQ6$o^5Kp-KD%x7G^e%97w(!yVydcZrd!<+B!5V%~Zf|t#*VKx0yz+>!;e4jE z$d}Y+XxM*D6Z~)WxTn+OGEDako=?t6OZ8RS3T0;_x|l*$12Z|Jx2T{ss$o2DcKloC zyyZD`^=N98a30nlo|cjlwcLwlaJU%pCCd2d+-sC@wfue5BeBuay@C4`IyD&)Y@`*YgSvH#=-xffjm|d7kfPMo}z%2I^5n@C?g{FI-921FIMKVbTs>j!oT1P{Y?2i+PpQOZw3q z?Y!?Io&RNQm+4(wtUaf*tXMm*qw`W(S+izmx+NyQt@Rkzu*VNZ-uy|3ePCXL_h)qrFdz zajTZc$DDvxA3%%#g!`qCo@U{0SU)p(e3r{}b~l{2upWVMO{CGn=kdIQ^)efeGps*F z>Ss30@98}Lv7Tnbev``~UDel2A2LQc@Oxoih*pnc3s;&N*4|`zxn7m)&TcwAq$`7NcJ|t;9Dev#Wi((1E(TTuUjWA)u~nG_%mXe3o(4Vz1{{enz|^C* zDjxt_fRBJLfp)#OD*plo0#kt*z?r~hKqK%MaKh2Z17HP~0Cxi~1D^nG`yhTG12_}7 z4Ojzw0Q>QXN`Tk<;eCLP{kJOpfNWq9 za6RxmFnGXLWfU+GC;%#eN?{R%JLa6L=Chb`atL z76MCwAAqj$Ta_x{ZlL?%t;z^s0dNkm6lerehip|`z|FvFU>DG4=vE~G$O5W?dw}PG ztw5V$Ta~`R7$6&{1nvNy2aZkHsyqZ-sY4lX6`MyTh;ZgGTpDKn9hg1>@fn~oA!K&x z+`|1N>Z8OJ9_QDfoe~921>HPRi>*vQ1-_ZGRrw9*FcozeI35@Rj0UCxGk{sZselb| z0s-JW;1Zw?cmP-nYy*A-Iwx;c#sS5^Vqhh(8Bl;hDX5o#3%C(z01{I1?NbF^0{nde z2*`AVZOzp#67!lYIsSJP`*PS;S6L0>9{W;E>xu(q*aWuOS$8vSQ4jaqJVMOL)W#{| z>BO`b)5CQAoa{GtbGlzL-NW=prhA$G$yCY%%l=5ePa)kUeaDKv0Jy4HAPM*q_H0nc zqOHnBiv(Q*%y4g29(N1c%d=G(3Ea;1LYU8GGttLA!o1ECa-*i=V~R7aQqgGxg#7A()!7SzathyFO{Le|mJ}=jxbBAy|lpso~dE zXyxRkUCwt8)V+v%Io^G}2Ug~-wf9%#<%#zUhI2)}zhXIuJ5cxDG;n+}+-_Iodv8p$ zBB%SmDo6F2dmrV^xg3}qD6hSXxzD2N*Oxl->9(^xx2k7?q-ApKWztB?vxrx?#k{}m z|G<4~(cV+)@!!XL%S;Dae$}X6*CYjf7O%QnWXFaIZ2bb zUIp(DIyHL!8aN(Fljmyba?YQJ5d_RWM=`vpPk5 zzvZV3cPUd~xPE0mRE`B4t4uW~;(3l&&sX2W?bDF2@HX$0d!w%(6T4{m?J@Zt#P74Z zYE-RM#G|r7`mZoRI}FH2Vq98OK27+NX= zSLM2bnW1v_7ujo!`|I_w%8&O$)K8)QnG5;2Ow6-N^Q~2ua_gwEmkLYgK%K)8 zy3>tkmGF-^v6S;Uxqm9>BVBa!zumto%GbcJK)c@*r3XOnQ!2%{l)`ix)0s?jm|80L zZ=Sh;pDSj1MrHJQZ)@)#s>XZV4m=Bd2pop@nfTdO<#He$umEd-&A?9JS77+=t;$^B zKA;G=5!ed+0Q>MO@Uqh2?nKLSbVudC9^1s+Iw&~l_*>_u-tH_wkr z7%lEJw^oHq4DPMc>NB0gvVBJUN;%FL?vKlU*+>pk=ifpOipPnDD&ap*_kCr(pQh?P z)!y=wV9pcz^f0pe9Haxi)S(_3u|g1&j^(JDnXG>G6pSxv#0X3($^*p-Hh0AclARsy z^{I4(I)eBP;g#uXFKPEJM9hV3<_~m1jrcz2%le86A9o<+=G`9O!cs_{s3%IiKJ!@# zn(^sAZhN)2MIH~$U5`-RRXzOTq7b3)h~ts`Gair3!7D#mGtoK@C;4y`&n&mcEaV!J z%zM~huDAFm5p)0kG;2%u5P?0DP zNWg<>o`>GZqYEc)f1}SPDwdcyCYYA#!abk3P1y|`F>;$S1$YwJ0i=!EruLVuUVrrN z{Eu3HOh0Ge)*lV4!qy*?`}eQs=jCrB+vU7qGuvetssB>{T*q^@;q>Rx6WQPB_g^}H zA9f8PI_1%PZ;)_R%lPthwf*tsEN8EGpTlzYdUu+|j*Z|>`n5(zaQ|1F;8~ZblNE@n z(8Vqg19E$;s={5XlLXZ4+{A;e_)NEl4kXeDBRKWuVdkVr-|6x5wBJc@j}?Ajx%OBx2)W9 z!3oE_y>mg?r=8BY=#jE#y+61nCH<6pZ`_F)WtXme``f>^KeMc|U{p`bjFjP+ln%%A zbhrsl-8urTh+lN2hUAEUE{d#1o=x^#L2wIdT=+48K zCJDNJilBAlIQ$Ily{;Zzyonrd;&?$#8G`oYc=IL;x}4*!<#>DQ;%(N&Tc6C&aroL4 z&X>&ZL_zoH;x$hfG&_AP6*a8_bR|x0RBfl2WXvv@HhjG4yi2z!$(Mz2C+shUx$S_t zeV9LCFwhEB7t8=4=END045NvS+Z;L}C=@dyqhTON z*PD0`U+-Q|bscEDVw+NM)i&kQE4L|M0%qVKT*qa4Vu@Do@zd?a9i)-m`$ceH$?p3) z-s)QQ3 z_fs?Xt)FUbznYlcx_-F9IdzMVScH`;Ctz7otVa;(1E;xM6MI#5ibZ*z#{?pcY|9bTO+WR|f zzs3LEEib<4xMkPH)7O0a>TNIfc93Xfv!*Pocy;88 zb%Wa0zqWY(3qN$(`Rep*?%z1e_C|-Y!Gn*ysPof<#`o)+@JGe4>?693w-op~+n?=> zRsHL0&%bDx_u4ymzi`(nrN^%DTz<;hyJtCHJ7)K_?+xg1)255YcK^|{{EVKxU%cm- zj?R;h&#Ia+=*j2m$2{KkxCt{KY|hDj8cwoA{a@)`f+ zj320sj#=OSDJrL1a*tU>W!2~Wimg;$scqWcO=Y&m?a82WyW+83IaGEZJ)vx*@^fE$ z_V-kVkKWLGB9-IV!(Tgz%JTYwj(4d%!)8{8v{$k}fR{mqXPptRT+YjWV*#|Bi zu`m)7#G)B?4Acv&$Bzr0d;D*Izs8y0-A--dpmB?lcwKOo~O3*q@~vd)LvG8Q2GtEnVzGb7*6eGYQNu?QQO(o{o6Ive%4;S zVluU%lkV?)9knC(lD0dkEqPqsJ5zi5V?^ULYEuJWAGna()z?E_K9$i3=LGm>C3A=ptiYU#w{OG z`?Q_<`YY5%-@Gj4V``_qk8M@dR_|W@*d}VPe?0c>Y1C$mMjV|+?bf?;&z;nEznV~T zEVbYG<83EW8~*(HCGS%^KC0%`$EYn2wRk_K_I#^#;1};q8T7_sYa9B#w)*1tj{kD! z+ndha`bG77u5T9Sp8L}??xVdAmhI_q-?DXgy>hOt^CR7UUDIya)Lwn3A9uvqE@$?= z@Z5GM{#3Os{<;CLC7-?WjZx37dHtx)Yi^&E)vf2PFPHr*?Wxo$Z?0*2C2Poe_CIbN zym3*~D=y}s;UU5vivtg+izZ_g2FJL}eDHgU10W07H&S)dtZf_&*V7(2n ztTdUfzu#n90`pa1SdPM6V+=3_xB`(%?1&ThDJ%f4Ww#=jZEb|v0a^~+6!r|k4L2`` z34qoDE8+ybfbE2b*=;FM5A(I4|6wZeyw0x2tMDg~`E}6O+58r$eVEBKsg0mF!(KW} zmA9e@ zfHQ$SAfN5NVS*AWVcvVncBNa^cBMaXGLQvS%@nZ0yf5$rmjbr~j|1y~E2nH%wkK~_ zt^%e3+ox_*Ug{Aj3yBT2;{O>{d%jZK4?xEm zcn4qw!-I6Y5Pe%5edx2e=$q4y*>&M!*&dpS@lAhV5-( z?gKPT-maX3Zz)j@oE~P^!wbBO{QMhf|6RPZAI~%c9|2$K+AoZxNqvzBZCB+YS32(0v@1nH@edVLa>ib71MDPJSA$5#vrNr@O!;*2gh_ zai%!>!9XTqVHe?V_>1aE{`Bu3^E1dw)HnG1zk?lr%%4NM??Eh1os-JjmToS4l^I)Q zL3{8@HgP$HboRR!fnfnrnhMAca6~~*Ic5nKzX9X_F=6{k zvMtDcB)LD+P3JDdt@}$+wgKM)3eX$mM1ZaqzanS5vI}^c(LOh1{=1;K520El(~tkw z>NC2G_s|Z>m78UDmmOkIg`R-d@^!ZSp8T!!?sQLfas>Aq4Z`1S;C{P- z`yB@EbbtCu5!{#Z9W8oy%46RM?x}$J0GGGl;i`euG1|#EZYNf+*Gf)d`hjlLu2b#> zh@IJzN39+c_9cWV5g?XzVC1-@qzY?wq1t`K52hRKRF3okeG%d>4ktB>sy<7qL8B8! z@wW9sR;VD}>Ct6c{Zq4e-`enf!Zjg8eIXH_KK}ez@vA3Z!;~w;NJAgLC1(D0${O}D z{sN9)y=Mp;94=K;sGV-m6i2(U^{pNVpGMknED(>RL+t^QO*F?tTFj^FpCx$;p`lhE z|GRBPKN1{3sMAR@tFn}&7ZqEDum$gF${_uk#gLK2j+@;a)N+A&&CObUQ}5oa)eo_Q z?Zn$Rh4Ec!PgHZ>t+uzwA62PBQr{{xswTNTC^Au#n5f~Mw`k>xWW0L*er=_QcX8l22H;U0DQtXn>y=gv{6K+`|1Nnxe!N z9_Q_+VGVe?poO4|frr_Cav|2}rwKFB%L|41&ccw}z#>84WV$lYdSq6|hH}<+rEWx* z$nvUZ3wJ56k+0rqt(VtunTxP7br9q=Vh*Vj@6e8?x3RA66bd%SZc9qClTx#iLXvGS zRF#!Z!8DqL*MxdWv)Qg{`0$0~1J(UXj&}&h`vu$OImJKNF591!&(i1To;cA)^zJKR z84F=nu9MRU)7ha4oUt5P&pWkpWDb_&l0nAb zsU0`=+^&`9sO5Cz{d32n&m?^hq&gF2@aeA2F&sS;P!u=$M8N{QH^MvK#2LZ`I5wPU(?MmVk;46VP0Jm%a{|Pv8<91~} z(AxcT(?wnWQTyD#+_i7}+*X zY^{E#_1APY)X#(&;y+eDlVQGiTxhlarfaq1xjw$S3%eXNy-lW8==F-G+o?7B7ynoE zKP4x0{h!nS)EYgT;X0zCg|FS%wN-kel81LaAbO(mI6dmFWVaP9{Cb{O#nc1!g9scts0?)F5S4~TF_aX1?1#eKOvoszRD&OtnfmwFmf*e?4Ex9I0QB+adM zaXyt-YBsA~o!L~*;bnhc`+#;`K?~^#lh@UK99C)W9LU{5ly;OFFdoLAT` z&lib2t7EJzi*ZzVdvxiEa31P~eIzX@u5DJYRzY`6F6fJqGP+~6Ap5Ko&ky3~r>@kl z6EP;zs+2W#n^mpwB7ITe%2#Ud?=HGqJAZV!c@`78ZcBXcmD>5bdJ&S-$zKkYTAnnm z5}ooe7~FnvN;v%bmD+oNylQ`KwxUglw^e&>W~-=`fwc3h7q}36CD=*J2zx#x;=>lV z`kVBSc3vEm>=tKJHPxBo@I0g~2da)X>ZbWHZg^PwEq_RR?@%awi>Sr>KBR4@{8DOW zBBt=Lwta+$kCZ|phwmF{Js~QU;8e-){IE7Zq+V;ZSyhM?ywAmMPApCozajF$x`(yx z+$OHUHh6AG@VRxm=Nw$Gf*E>5t5*xt-9^+4)WL{#wA0W0h;}`smRwj&GuU6A^Yi(f znuN+9(Y8xJjZ0ziFV*>Tr*Eck7#ISQFSOzjZGTQ_VSu}N2spRCf>!@aAt{Y{5@ZTO?>web(A*VeNU_1gSR)IFb7A6dVz zkzRJg^NZJaiRxb$%RiR>Uw%GJzpqr^*HX{#KST+dJX21;SbC}wuunP>NCBn;&%M4~ z*$u?Kv0XVHxD@yX=_#F5NIOhHBN*Uk*YJercM&yNXIm~l* zLcR%b0cQah1J?q#0QUp+z<+?Xz?(o5umkuM_!ig;^!jkSG6YBi76OKRksG3~+xILJ z{-gzwrIi$gQ^#N@&NI}vCuBmv=Yne)?A z3R2)}I{8WMc#-#{cE00cyKLtL;Vj%1$;q_Tjk)ZUc|k3bQL>(qHiK-vcT`i&^9L-T zqS92P2O`pY?^RLCLsL-!>0Nq4?*VBd5Tr;iN)_on^q$ZW5eU76-XR16A>qyU_s@IY zbKaA4vb#5Tb~k%xc4z0#e#Sw#QyDi6}` z-k0;-8dZ4@pb_|=Z}}JKssI1$TK+;~APS1LfOIrsI{CWZotXaZ(@M57A-$(`pOtzK zS?ZZqx!7{CJ-c_z0ag5cF%b-Xq|Z8k0fVqYJ~vz3(2{3Mf?i**u&YH==`%hzMn)IX zEV^6F*~hRj6CBYT%fnr?F$`G!t{&P5&S3NXV{fd@7Vj z{lH{w`u|LjJs}s)O#bfDneJxoO-b*wzhg?g}pB8$qQH`22FB{ zX3`=bd8_bZ_lHCwY`wEGUCSr>OjUp6Aq_&XzThzCLEQK6L{m4@G4C;DH3^cs9)a{% z1U-Te;zHBHSXFuAV#7lf*(5A_8E2?bbC|n+whjY|x?A*zJYc>5Ijt)0a17Xx<%w6` zc^ei;vV}l)x^nRfc9Xp$-6CR56m`8PLI{ki5`;&{Lk+?v!>oTiktG9>nE!Yz>zsCv zMc~?B_0S=`^&qP4bZbCi`y+Chg!KW=c%3lgQ&d-L)=Yh-+;z3(V<*1P_LRgvrmp4S zHQVi^7K)$;==iRxE+r)&UZsEsA4vkZj!kHY7>t`jF5GhkX`(dSbpNx9AMJ5{Di3~; z9H#s^YO5iL1E273Ut{B@&fNCBMAC25|K6wAdgc6f{KI^3wWqpVm(j$1s+1Mr>pxz+ zWVTdS>btxgD2+K8AbuU5=IXZN2*isC8vmbPzSB$X-!zgHZ|{o0Sj$d}DadkPK>h`@ zG*^|LLLOWeyt;2OjAMQK-nu+kS50Z>$XDrCz!P5rV|%BTDNB2&qcP1?W6DFgJUr9! z)YkJ;mJlDGOx4OCt;PwchNhc0Q|EYw3s11-@9dw3qh-x~t`|htn$h3qoZbR27e}dT z^-&gohbVSYt*QQ6HT`TfIks^v1)uYOuwB@XLAbVjEwfj?PY@{X8)0h{Z$l;z&aIvG z%$JOxtqWXM@-_&rSok}t>ozbGes^XU5>WL4Aqimb?wq*Sk0a+U7Qm^K!# zvUSDmAC%al+9#ay`o8s7#&HHf!V+HFJe()}GwJRlF`@O}?dGAR ziC-F2ct7IjS~__QS%qhGf-MvghQo&f$Pm)`nL0CQn1oTKKTqpk?;g(Z5^$e1k@J2S zGwdgTJOLrOot}Suqublprs@@3zRHuiWMO`Ec)=<=@-3!6L9E9uew{()ainYH z$D{|*cgIf2t}lITFPc&j7;5e+B1!~n==wdcN${hVr_y!<)OOc@SpRD$QD%KCo>$~a zoZJ26|1(_$yXhf+mXqe*&b?!P+nnrF!*POS`vHLZj08%4_m*1dOG|+0eWa**tO$Y# zOX&KP2KzAmuFG9@lH^dsPy_wx{3E~e$ma^7)1TSyf4o0ORnPeEeqZ-BA)9q*yo;fW z&644mT(k}pZB2YTN3z1dqHZa7473zF=B}o|(r%m8t1*!bIPrJZUEiVMkJ8Qw{aLlt zTWtQZq%y%^Q+GI8ifZzyOF&VP$v;dTv!*ODWtsiAH*GnZTVkG`YBQ+G5%=L{y=c9} zcFRc9&Osxs#*_RmuB%2xwlshezscPhW z=U3#}75RrbTydXikKB&Fgot%*EOnuhix<@Rk&%iIT&w>`xAKokjO_PBy!rkgyKioy z$d;c5xGnzZ6UL9N#jv>4j>wW0Mpl@JX_jK&S0RN#bGMgFgg@L7*$!XT%{hPDnR@x+ z{kL76>+NoF+mxsDc?JtFE6i&OcSPc^9P{Qs@^0qN9jkAB0MLCK2L1SiRGRLP>L2Iv z?xBD?$SR91`<~9{w-t-(+FkKa?&#=S$!9rIPx|ZV+k70U&)#9uS=6y`*md~WUmvw2 zr892R60yUjQ)LstG1-){Gl|} z{I4Yvrv-3*n4moN?hj6%w*Fv8A%!-~xP$^H{Rcgpu>IwQ)fg{jbNd_KU#*&dAm8_2 zFWosL&%Hz1<*Q1r05|^A@gt4ME-m-G#D3iJ4ATg6S+V)Sa;<;2Bh+8y+dcG?73uUU zGC@)OTcfu|Nw3IEEP<3xcXY|_l5mh@1xCLm%O+0|6DF;^S4UfE6CeTN$uhiE=Cyj} z_rOnigy0b&>Mrgo`Nf7}GN;SIg>V;p9~*w)s&tdk-WpnVO2Dav$VOONH;KzQ2>1{` zjdf)2C{??J_j4DOat?~!hod$>FXo@;rm7dmhCtpU(#est{b<^JXsO z4QHCKB23nj3&X%P+RVzsIvt$;_02DgPFWAGZ?10~k0Dk}yyN2L@qQX6(=5*3+C)&( z1@Xj@XR!nPwYe@lI4wpwjmmHH>tg<|Oj|rE;tDx;1|2wA2Gt%UtrZHEzI6K5QYhy5 zeD0CTW7U@A4%>%J&*6!ti#}X zlRx(9H@Q-HXL;#0v1@q;KAl9QQ9kn=SLC)tE9fn%UZ=LCiW!_z~!KMyIH>$Lvdr9=db{Ieo=6c>)^up zk1M@35_6aigH(;FK{OVz_=*p%!6prkTt|-n%iypBrJXQ9`}z9k*QSd!&aTiIk$0jfT5!u zgoKaFSG4@okbo=ilau6SlcYdG>+ZOp(Ku+JG?X^Yda2~k2Z(;()&6fxgkH0UX<+j5 zL{jwK{K_q*_9y6orPjI0T)Sk4P(=}zgTdCejjFIz*Wvhj`oG0$|8jCB5*9oI*T<7P zt1DuDb=c92J*ty){47Bgmc6m#n$2?m_~?gP2gYM$D}zuXY{=wLS0HSd;bsc;XSGhz zE4blGo7Capu%@;UTP$wF2fD*Wn)@*dZeb|ekUvMT2Dc>9%4Mq95QXb#{Grjqd4)x` zb_~wF@xa7%(SIE8VXnKp*l}=0WC{a`_M3};3f&BTp5a1r;E1P zz+4(Bv)Ie)d0egy=HI3(y7hOe>z0}D#e*hW%TAZ~fZ3TnU2pByfC-g4yCH=Zy7sJB z_K_y=@lB&U&f1u-pkX`la6v9ULl4*Rf1I8JY#v!D=KXS1!JEmQm)W@RcJ6#oz)W0jf?@cLnQA7@1c;)`rj!Yli`1cFpqWF8(=R7EWM#^v7K<0Fl zbRHd4dxrh5472M$ki!A~m#Xk?>0b(T&&E2q-t$VLJ9s^ewPQ3+fqy;ntA|absctou zz+P>`s*Lu#;7)3SYdMY19z&ucbZa7+j{irAR~gA(iH0G!UjJcOxn{ZaG|#c^{g?pp z<+;I?!?0S7%{>m+c7G4u|KPNCf(;&}6X$j2V&-V6t%m;E^dODKB%Afe&ARJ%i~e!S z@IC*XyjjSxqgI^w%2w$zGMlFvkEBpUtIcs_^AIn5z?_8QiaA znHyr-Z%G@e3~W5)Y}gCYPo46&{W6yq_w42zhhJMr__qi1mWLoO=*tEavSR<>)~T-_ z;cyA%RhE9}+$L$ZfH&-O91@rD_H%bYyc=60Gq2*b1Kucn@Id@+U{Sx=Sd>3CEYoFZ zZXIlV6h9YI+{}db?}Fg*uco`LlqF@ZI(O_x@Iy2~Ik|&-_9J_Gr!8hoCFTTwSV>>N zY}N-%%qO6~r+~8%#};tm)$}e~h^yl7_vNnhH~WtpdiO(yw<|FkEy^n$RS;aqoOWA% zM=;ub)KCf|K1Pw~3|`0lm6@8{-+gs6l4`LuQL()kv>Yr5R=&8-9ariMxFGzR!R1Q$ zj|Vr9_j0*zuJXpI zBxb~*?Uku-uhEfK%${1aet!U3yS3}^4I=z}3%#JhIP9qks^C7wpoZ~@r;}ffT7hvW zI_hD0Y{yaCcZ`_Yp5_pN3*pxtR0hH_t~}09#<}I(KNX1 zEu#n05w6AL>a#w1>EL<&df=<33Z5gm%1taoj=?z!uNbsmd5ZO z*xTc%+XFkA_i)Qex$DTJLM|ra3NJADyiJSjZ-gYzm;=oG`QyYwPA)C|-$|K$S(49w z+VV1K!IQKKuemBO9|Hg8QSzV%)la{?YX`WAB^MTwGwIuZYgm8iulrXc!bCn%L{maM z;rgXdk|*bcyQ#uu9=_wmeX_TTtd3__wQ$zP2JcifX%^BnAdz~7!z_Ho$YuOCmHf4d zT80M%RqEd|0(MR@V8Cu2*^67 zp>ISC^eic3ea6?R{wW@lehHaE^TX@ZY9Ff$ksm3H{UUH~2ENP7h)1#dhouA7kcZ(i zcseve6?bkv+f*`cKtFl@7(S63USJmJ0r^GQ)R@K#JvTj=Ln+ob5X4fQBm z3@5pS=J_U`rs}tP=(ELxqH5>yt4RG>oYFy2jl2Fhc|wqWVBUO#VOh)@$kt@~^33^x zT^;eBV4cgIz^kl<`_xKZ@OERYBl%#tVa=RCQ8B4naz zPG(F;Lox8e!{BeFlFhDYUT$Y=d#%sGVBo;UII*?&)$Ucfimb!e5dFaS`}4^;Plpup zIs=ubtKAb=N{a}STSvJ-@BO)CCFatj%eBRWsV4WT7%`xHhu;O(uG+ckt%`X1)QIIk|;)nXi$}bDr9pXgv6k zeZ-(tv^aV2E_-J73}4cC@HQK9AVB0%?^2>~TX*AP3_6&3PHEnUdkmFwR4=!v+;t5W{kZv_5k1^$v2GkC7d3-M%!M_hBDH%gE=s&WFh+xSzG9yS68Ic9b`^ zZ%rGGqg>p+OPB0naFqgc(zkh0496t>?Z@!MM%k zIiiCS0?~Oqj}pP9Bo+q&r3kdjQzs&XbL?;jxUd%ye^aaPbsbCZA9!sCRQY=iMs=cT zS#PWx$?8A#av}H=p+Fgeg9?%4j7TD8SU8D@hpd;#6Z)6fAaXu&UIf^QuM)u#3IWfD zf0>BVhK6yNDZ5=O5nD;H!|@>G6Hkc6*x*c*#Yo)>u^(IF&&*WZuG@)qHsMuO>sOOJ z#S`6#t+1+0oQwm9302t~U*m4TDBx8o6e5W0^l%dr?C4NHeWFL<_;f~ELVXzrBz)7rLpV;94dbHKW zu}CCegy3HyRQ^XkoS<_BM&;p&fBQv^%guV`OWWE67D(0qHAfh1_&%^sB-d4*I1vF1 zpX*mXdR2^tozPsrBa&Z=%#=Sf2wA`;T+<*_CUZgB-hVUVxXK3Kc;vy3sG8P!yfvR@ zXf`HhaS}Q}+QM(Y*YhN6{vm*dY5X!I^REDWo?Re%H*T5wg;h%!SNw-q6Kduu1WiZj z%=Wic3d|PAD*faHXgET)c5NVQ_tXcI53$#-^7Rr3kjY|0nX?~W7zbts#=}H-=Z)bP z)-W!E!bF52On-YW%VWc2HMN>$HPx;pzE`%ePby5INUqX!I+ZKc|CqRpy%yY2$J{&XA1i#IrRtRU{a>DHK+@|Zl>@F= znfp&^2iqmn1f7o=wbV`jn$=1^?cRwShvqv66v(rr^0@wG8I4*C^2oFu1@Y~6>}>DF zTsNnUJu2up32M;D@>!VR^<9(P<~0maa=HsDNYx1b;B@&&8P)$=d9gwUO@7%j4O$S)BF`G~;4|W|3HgR3A42T-$%BfKvZuoE+m_P2!*s0;5_<5bd zS}}IVs(y)|cX#J~qx)RPLGwJsBevhQLfNJG>xPhvOVPE$?LEde{|>v1^X2n4t@p`b zvm6t3$N2)wFvU~BT#YTY#7C_nY{yPVlV0P!EYWRxh=rC6otR`!9a|qsIar^k2Q;s1 zO2}Z7k|~+XS3i^A`)kV1-x9514SQve)dH+!CbHua63}J>ZWX+dxVnShY-*hT8K_x* z0Tj^$dbR;~aOTEFb9XL{-LFtkd$+68lZ_=~|DNHJLX8Vci+N{?S_jd&CVW3;sd~UI zrW}L1QWX4yU6?j?J~;fWi6X34-zp&JO?_CNR@$owCh4x&hw#jHsIWC&qzzUbFn5~T zw|n3^E^=OFu>sH6ZU_7PnY)z7#Pg8ZS}b9+w}G6Flr+!; zk_d~42CC@w?-aJRAy=}I~X4dL^|AbfFg)A(GDj>byn8WBtf%1zz~`;gXg z*EGD#5tVVlFop^9JySB->W1k#Ag0_CO>E)QDR3yaVFvsW<%%}PJf&}+(7zDYsBZMvTEBN0y zop!Lsp%m|9Z9I`BN=7O}*y}pT;FTd(bxYbVhLF}|x3c}+JRk8!unVXK+kmDxS#kbX zwKzYjTsUU7uXz{|ajk9%4+pzFaNim&X_PK7QC8w)4BeNLPMw6ZT^ zxO@nPL}c2lDiTx^}xidmnq*h|Q6yQFAvcdM43DUUq4?H-|LIG-1c zF2OWGRnC3A_FGYFmO&-RnVW@fKklWDj_B#MG$-sFv3*ZcK zl4Bennwx2Ar&;bG(2?7iRaZg&bjz~+Y6-J}W7J)yCidC|fODoUi}bFSe~3%a%cHH% z*=1O9#yg(5F|n&gUyaO|rG@Bv^v_F$MSS|E>!|unNE=~3W@#K!*LmLi(ACpcNjN#s z%2mwYNU&lS-kfEp;IKG7s4w%9OR#{i9>Zkt$-0j3tl`zOoA!EwK&H+=shEU8gWcIo z3G4Z>DKypQpZ*Yqts`Pg=oH5JX4wu%k2!&CS;f7BDiGV~Jl28FI=HDeg`W=vNHkMM zm(@TRhCPQ)e^gskXEWY&vI{0+?vEXAO$s1XF1d2peMgSAn1sQ~GOT;YSloGv#nh11 za?Zo81ePjkb~uITeyh#IYGOF=Uf4T*0)-p!F*3Ijf6-CD5xrL74jj%zFtW{ZrFNz~ zIn58oV_G`%^l1k6Roq9R7K1k{IAn){|Bl{<(Qb4`Jf0DEg#yIeD9?6kK5+^dbZ8$? z*Egefg#cS2j>~xsXC^az~83?Cd z+2vTf6L@wR{_Z65{CmQU!3G)E*S1!SoU&k=gMFd9Xu>%LQZps8lGUJE)TE+69Pmac z^}JRNp=?1R%hJnYf}gATC-NVDS3cyUHsQrV7KNAel8vQ>#q_-7#FzjQqMSZnhiEZ} z*qhb3ik#N5xkyTwYt0R%p|e~+n;1iepSds5!>fqV8IqcqY{z>t5(VX~5A^e8qeL37 zSaag>h@e^z_-S(|wXX}NC~)aH39D=v+`cdzY?Lz7+d}opE_mmYfSj6hAewi}*jp&| z(KiOS@86Rz;4EMFTRVGZ{pgP?HkRe)0xmZjLVvzxb1?Lou2mC6*Kp4x;5Trb3PoQ? zwzI|Zx%nS2jpo!B%t;}(LbG~@i75zSV`>G9Mi;`DAQyB^!*X_tuE(r+=sT_hEy5G^ z^H2GPH_3cyr=2rFNklg@2t?*0*`l%S1bvj4CLiBP zTbI$Ra5kPVrEQPSU!c@lPxQASEz39SZZ4zG#4apYP2-PRAy@B4GoOi#PrCd=OM=bD z!87=z0rseyKS!)A^Z!L5%07*(&bmo=q!FK|1k2X8${GHHyIItbrkWm8#IDRs*gj1Z#A4td&w|^^xBDgE7S6GGYG6 zl~RZeeRbG0vBc`|7iV{kX^CH#!rjp?I6w*EC#{)iwd8X9J?3Yvn^pCa@8>7?dnCsE ziIChHzBIQ#oGeGoQqLu=VYH)PA8@YnYyGQ^XaN*&iF`Z}#?ad5nixNRW+Izo(t(@KMb<+x*j+QD+u@f9It z(a2VGMQ&9?mCENA{|cgi!fOv6IsqW*YVqR$wRoFXC9hFNx91n3wFmkMPPmwLk*$tSNSQduJa%Sh+nE z33|4XFB|Cr&gP$dm?9&N}`!`;^_RnbqA9qHtgbo+8nKgcD- z&x{5@R_9HngeXM+Hl18*!&(g3<%9G4@`gZ*xIG zW&m}eDLLYexs7y`KdoL#8;b*_c*nB+T9qutcxL=^UwZ@vpT>$z3ItJJjNf)r{v}*_l-etPTBz#$dv5|qpv&*{_h(TZc(x&#p60Uu)PfSM(@| zxA`$Z;DLT46Y1O{qDl+~=2mz8dFT*(-n>of?n7##>8F~M-4n<~7r>EwJ|HTKPsW~I zP$nXfvqn+6{{fO&VC`P{OBHo1x*?lterPfZlKm91Bm2mC#iyJP72(Z$BS;<$Bj2MI zgEH)$T#~q`%2Becxw=GL)QAycbpJ%g9~y2$b;XpVdnu6s2`h@TuGHM8gcXb=8btyK;{kD+cfawY(;yNWAT%#P;&#C7&j(=syK9pBQIlZau`VlFgH-bD zNEEnHkVclA2W4ssMT72)AsS$+(@fXuQM3%J_NH+rCngKA+8`C-{%{y24a!3?O5m8X zvab&Iz)r#(g^li^tgO8HA8$t$i7J2SxovcZ)>=v@LP}I@8qSG)xL9+ao7HK*liP-6 z;eo;1^X_*@HUpcd#jEJ2IvULk#fa{7l4xsnKvV{Z(jHzlLB_M@AbY=VMe-Wpu*M+E zQui0{pPq9{IuaHu$`caX3}V`Ze@`dx>}`WFp;vv*`trn74tq)c9#X8a3r1+vh(=jG zQiQ%bp``DvGXhlE+>h%^!jfuJNtuVfXQs7c(uuRP3(05T?)4B?sc9S0FMo=r5U_SE z=OiXJcID5|6lK=l<=n(%__~J~$>>ZRua8JdXB+2o4m4G}U5AxfhPx3>pmi{1|6TFU z>YpPbE)l5e8e&4E?M%9i)CJ2)_tGH&kUn}Co5|1_;scD%1ZD2RF$tU}mVCtV6B@-T zS8IGOB9p8ND_r{n9uLEEcrALz#DUeZBjo#EY5o9#R-q#_)Z(OeA(k>3Kt@h9SvWEK zMaP{O&W0s$;0&HC-d@8n-MzFOA6!jx{(UDNUrl$Owi8EYE00pm81oQ~4hDVGaR9`H zgNRfB{z;bTRWAUv4s^S+HxWw)P1;ExKx)iEZTOD*z%XEE>dqI`iKt$ejqICZ9=-hb zI@#|YxAl^Dq9^UHRw;wNNSug`^{9ZQc&gEE(po zds%DNF3{y6Eb1}fvo=%ZD(pog4eT*ujo&n`>@tY2GI1x=*-oz4yVe{y z8U=R6*D9`Z8|Q%~auGs)kDC52a4iT=lKBpt_UHyG*ad+ZxVsi5)9zio)(a05V?9)( zSrFM1W9#bi`?jgQ@@B~HnDIlGX!#dJ4L^Z@m?^jGqu<+UXT?a&vE(#DqBaC&Y`k=w zO|;!52pyANt-jiiSVhu_Sjn`-bu)H@Fx@J)S12k#oQ&ONuZb+c9c9}VZg4C-))gpA zdxSEL>+{Fn>g8+);EpR2T2hkvyMw$fX7U3y<6fcCy~T#k>CvWLBfi2 zM&74x3J=c>QMsC~ww~Qj>h4~B{@W20f0!-`DA>CE{BE0_@U~bn!VwJVp}|*%>6$I$ zqq;FQbllz2+sY%dzx2OOiDsMulWkme*n7kHYQ&2319ioOHd526O>6=HkxU>-`@SkM zTD`6j7`+mRH6)5fl)|lV984ba{KD5pdI%@l8ppHQC6P`$ZY`{nnSG?C6Xh>Tx7jb5 zPLuVMr?Kl=Jlp6N&gMB~{|oUTBSr_SM;T*APx36qg1+`MRn8dsq=VHO800PG_A|d8 zsZe%3_-j`FCA|9a7<@>Up-l6lhJOj}guPXUk|<|i+~S61rr&e6vM!J3tDz3~Awv&u zF?zE1lVKWh7pV$oU>Q2L;y6RVkyKfh4?`l^k?*2dvQ`t2rkga4UCGF|#VUUH5HxE99zX2i543MooF+=pb220O(-SL z-L?Prqnt%GHyQ3~Ltrs-wF0ND6H$_Y5~A`LLBm`4@b(I8i>L$V4BK zTl-ReU+sDhdq6%6T6w4#p=PJlXXVEhjk*J1pQO;BmSD?e{=Y%)5fg8d{V;6+;6Xp? zOx>VIpj5M;?lI}5Y%uT)p2jBIUH0(7o|LSKXGblsdNJu`hs}eF%Y9`jd{_6a;G=n- z)!bv>F~BV=gY1MHaG0PB>~$1HXW~v+?6H_IJPmswii%E5wG=b`$_38Q@im1`f$vQB ze3!jtsC5C7+FN{Ws_idZS)lk}X4nsPcgW;eW@!HS!A1^NVS~)iY?F)-#&aAcIPOPl zu_DBzEUdnex;yZ+!G`=99~JZMy#S zOFtFKkKW`)U+|gy3A{b;GFCLRVH%+j@=A_Qx?d6*ca>31Wk=%@J6pqwQL2&HutrAK zGDN+uj9aYXKmQTpy004Yd8@h$Qf5}ghOGS3PVcux z^PDK>!Zj6RX+8;)=Dq3oI)1|3(ZzyI8t0gBJ#5BVP&JEB)>yiXok(&Psg*njs3bSJyx5`ix~-!78(6vTz*#dd6@*u&Uk|A+JifY1GWNp) z$Eb59u-L{2tdO0Bsa7*tWj-K|h0hnE`&Vfp4iBQpv*;Hr$heD@TY`(M1E}o_t{>J7 z%Q25=T{3MlyPCQT#9LUiDUU-hdAFYHkHlV1&{9}x2!0_k`m)(-^=OE!hF1?^4Z9VK zdMg+!2Mzni2LX`b;vJ`tOE@$vdBSSdZ-YQ3VLPAZLR~m&H71PaRx^vuM zKp1aRc5F{jO3nnWnV8CEA89%Rh4mwS)WSPQL9JP$h|3AaPu5V5_0`IR0+{?DXOqRnjY>Uv#;4KbM=NTOo=a{$6WSqpuvsvzJ@>Pd5I#E z8lS$26JYYF?|X_bihn2?thAv5CR6Utvy}yN% zqE>|WBU{CuK;T3TK4HzAvNza|?ZW0Z+cyI0c~Dq1Bh(N}vC%dxC!IoAd*c#{sHTgu zf+z~(do92Wx!(w@T8dF6g%CexkyWN0k=$1lxyhGxpY5x8&A*-W#2T^mPOykr8MMWX zijkV2+>x|ZmcX{JDk!P8&`xd0Ny{0-&9{x)?gJj5WllueBB@P(w8x(uQ@5;|>3qHr zqj| z23Ig*II>cT>$}1NSbjLt&2yOsMd39}!{fm!(%rpSx{ki$zt<8`F`jo%s)g)iTr}iP zJX3M^%M-SVr`J68U&wL!6kW>^C7TZSW-N+~cdIWf#biZ(sN$G>hycs-cuLT@RNPFY zm=Q5*l=WSSyTga*eUT2JFi@dN{gM4h`|Y_pWC$aAi^b}xbiW(&ad@@RU7JA4ZapL` zzJ~m+mHvKMdo|5DoCHZuZes!XiU-M_BNAnAX`oaAu|Kg=)ID0Vj3uiNvm@2OY}CDX zWC0AQd#0Z`z;~cMM+st=yg%ZKI#QOHt!i^3^O=>px5s# zOXa@e)fOpnOg+{YC`-WsmR9bQ!!mBI(Pl@FgOoe^?uY{|PR;tR`7mFt())ZF%wLGK z#Vs+0d7sFXCm70J{JnkiW8sPWYqv;WzNYR#B>hnVjk0 zjnc+{$Z!w3eXVBZ^I}s9+z*-aq7bEh{bmyC9}9O%-ca}Lq>!(Q52=Bg<3uXIo%DYf z?|?l(tU3V_mRD`B*-F-!ncPidJ;AKPeZXUr>qlv*0Mi&2qM8=5j8Zp^%>pU8!F6GG znpQt7M9zam+z{a~vV;{qMQH2slS8;CRw4?;c1?A$b_AnwUkhoAB|lbX>m&EOchlF4 zWgvVWKfc$|RY274e%|R#hbq9x+zt`jb2q8>RbyNayT&=+5+F- z0GaB^ks7}4NXX(Hrc%igV|VL*38Sl9l^%i4*Ki(oy@k;ZuLujqw$?}!;+A0KCPeA% z55|&S=!=DTo!^pQdma}ZUHy;^o{yz~A~p*y%r~Qxm`1UZ?Bwv zM01kPkL&BB9gbylzwd-@9m^;th@5<;1j_K3y`-T;h#WuO>>f6v=BQRAL`|JMnC>bQ zC-_m}){evheym%oK%I*_e#xh7ZIR^1jdA2l-IIQXQN4rRUJ09ZHvDd|%;-`uNpUw_ zI{l2LyxU8K7(3p){#xwg_H}h32XX_s5$MJQt-ueO4}G`FBf^aQf1f<{q7!5u?|w(u zUd=4svx{VQw$v!+8*P&t!`M}d)$X;Nr|;o+F_eUtRZh{Td4`g$5#tVrxGk_ zUE(aXZmRjt`|KINj)IjNyNZYkB3Wb4J(u`|YAR)TBlhg0m!%*C{l>QiJ$-E!ySd*t?xS!Aux|P}&CZ5g6-y0KN%}lNC4)|=b`Z}XhmJ){o zF#!Q#p5Q`32igDNWEwn1I!&XonGzj>T4G@=~l2p4Sh8H2kfZCnx{L~nL|+n{5Sh0pq67Ukp(hCGy85c{x5M_(590mn&$j!L~IB-x{G zRdP1XM^w)8kz@gby!9)up5NPXOWU8>8EFE42%Nu^q3p-P7-(0X>wM7=eZvW>t5+eBJPW40jo*r?P>U*hO`9_apt+)iC@2hWr=uI*r)3$OI6hhx0wlour zjh~>%vXpZP+n691una8!Vpj9`uC?7h^u2A6!Ex|2e7Doz;Bu&L&0T3krp{5SQI>}Z z(Hub54hBwdpvjE#JQ$_B(8$-B+JhJO+`8bfM_DVv*AK?64ca0`ZT(;wFuBxT`r2%3 z?F?n)e^E3h!^c)EF7d8**VQ>^G{GR+t2I5Bgy`yUFBPd}j&wG>D2Gqa0+LCoCUyk4 z&%Z};r5)&qWg}W?!i*lYu98w(U;D0c4mE+qm3#O;b(b=V2+bRK_3khN9V}mD$MAvZ zi~DBNnYS#Nvjz4<#(MK*fw3r3qKT1r@_uLH206o^S5Loq&anxTp6TadP-!_0Os7~y zIPEf0;P^phUm5HH1TiH}*a7G)4_B8#kqFz%F44_EzU%KEOp5H2 zmSy4qaTB=FbX5b_ zePxV^F-KC@6cD0iWCpBj-!TIcTKaYwDs#fVl(g~0U0=fdho{CSYAdKp>yn~lM)cOv z@L9j+K9t5bxHr1?+HNCIH}hgWkP1z=7N|Q!cWIuyQ6#?X{Pu9*B2%z42Wy^;p~$ll z2qJdSV#uq@a66%@sPj{|sHE-|fJEMsGxJ2>tB+?pqIfK*%Ib~RbCI}cx(Pag0+s-q zAeXQAtC_g_8q@F1TUqZ%YE`SWpl<8%FJiWEx`%dMq$z4OPsiXd!~rBO7d3b3yXB3Z zXjqE@68ga;sa^L3V+^aGnD_t1Dx@Z!5NG6v?S;57my45~dyTlaY=b^P{RF#KkqxlR z#RQdrwm;Q;@JL(gK}Vd*hu$kA*5K;9K7E;tUmA`#jEnmQEb7)Lmz?59=&>L!jZJ0@QF3@V(8RpMTqzW!-udWdTay z+o|1&+mQv;@=*AkY}Cm)9Gv27zUp^B59L?Ca(n0SJv6P4C8!f+o*jn+KZsg=rx-q2 z*qjyAIk_kZi}BE1ASwfQverJh#LQPqxgp$q({EsGzWKdo9W%CAaFf>s+p@EljKI>5 zY$|u+4!DXhO@rbC%s~Fp3C z8p)6>o;JXd@J>r}#m|@3-JVc~LR>l!UvulO_49pbWHkdlyu;`voF;bdo*;K`ct2P! z_1kK95|%c#C&!2x0vBhDvOA#+7(DJ+38dn&@z4HDcP#oLWhef7y2W@6RMK5MtL^0P z21MKN zGW67>2&|e8y$7*v=)qz=7#4K>pAp!5<7I4NC)|3yCLSV4i8?+nwwVsl!wb-Rct%QD z{=(iAX=lm8gPGSM@!l}FTfi6=JZ`{!mR37B@g!6#Ng6W~aZei`S@R z|IRz|x{Lt|c+M9IaAI0Kt>K#bTJr6P%w2`3sp#pF1VW7Ydi^Gbh2<1^&j>KdsPY`3uD+ zQNu;k@xKmrT9R)4jlZ3I$X#cnk1EM>?R7eIO&JZIBJ8SqeEizfbq*>B;d4z_7q^L}h_31<4&-ap_J)vo&HIDN%Z@!@OV zQkBUOH|I~RhhpNDSfm{hsg{uYyY|Q_UPBeKTXWft8~Yc zmt}ds$KOxiDHCzrY?!ur)8J(P-t(^$!*4UKAR(SYc`-20V7>W+-v*A}%)ciSDL;58g@bikIg79{=<{ibcF?)sZ3vaQvFNTZ$iT^|Y-92@BMXupVw`<5D zRc|iT0R3oKQ6>G3rOcvq^dG&GKtueT9_GEmuMj7P27%tkKc*IcQFAXgEEpVAoWIAF zkxf0{edwJo|AMs$`UX*onu^)A_5LkymQyBg{#nh~{@Es}MtICu)P@f4(ws+qHEfigKgePAnzG-Yn zj9-_85Yn!6f~`K`JN)f*$Qg*bfBEOPqrP8b3ub5co$OgT?`v7FxdpiqBRTyr=kH)I zlBb&5(Y%`!R+3`8=xJlVruE?4i@DKf?-)3^H2K~}`6ZqfJ}Y%O z8?X6t-t_zYLfe%maw4u_k#tVSyP^1_3FgCIDb+u9C)$S6IaAlt#t(HYy&}DCLJ-He zPVd~tsQ__v<&TTGyU;?~ofp?yPwzitFC^c2b@eU8_SSu_@WI#O*>Ri&gGQ%P8LHfg ze74LP&+QZCY}t%eJJ@3fAJ@i}6Fq)>ZK;ekLO59l)N3maXrdW1`Fi@*A@4g^?mDqQ{-w9JZy9Su%tGB@w zAD7P)?5DKs?$qr5h8xoUj(P7Zm67>Ex2X8dWGT}>o!`-!{eN1ZK|e7a@9N6rrWTyc zrwoLC(7z?3CH#Br#McnFTa;=j@caAJZ>RtNVVM7|>=f8gFsF5pe^nOd^o=?H{B>Yy z@V}7VTT<^>%c>6R5yV*zer7_v!%O) zmb32-B-oP8YDy*}3-oG^f(L4^Aa)6}U#vZ?V}G_!=L94xcP^!}Q^hR*Ji$dq%m%L`(bIO_IDp zssD$vuK$b!R?(R+?KybHU-MAARg1fsrjnlYmaCi4$!Gn8%1b6r8?|(B>|C@Sa zRaD)><#usoSBdWLn;J9=GDkSK8BeOs zWu&3HZkqZFaMs_r%OM-Cx3m7FD|! zo~&tZnVZ{JW$h}TD##Y5DtcEH&{TXX{N~@R%OFHm6Q?>-vAX~~Qg;g%(9J1jRVS#F zTfjTAc8h%q=@8#2w%71*y!ydo@2xP_rTf!o0rtrFw#-{kxI9;7y7ISmsJBLU&89kp zh!!G_@*o%y_N3z$X>m|IthQSTQup9)&y-cDG*{-V)Sj=hcIQsZ)S9e?U_k}l{9Hwv zj(ByIrkYKK+r0NB=_DEu2ST;9c99r|MqDNv!ybj}DR5w;xsaPUg606TGZ`;RBKh#d zL{rp9NH(3nLV>qHhSXm$yeSrB!^<2mF^z8}xtR*D09v{Z)0#6*rB}M-Hj2)c{K*P) zXlP@yDND!rofGvI&H0q?nYD`uqVgeBFY(;$SsG>!Ydnp z>RrX&`IOttdof=-XX;AzFnH$-n2}AsNw!#Dck0C+zH?5V&>({J*dD@+`K4X-t{wRg zkBoA7O9{iTQJ2134!VVT2h5;f|MEr2h@XqO^&ZpLl3Ba;Sz&jKagAN|;FRgmxwp_G zCz9SGXx2aH6?JlB?{#%+)D-M&PseG~uGCj;)2^jyD|Y7WNL-vefz-=#9c6KL(!~%| z_s%I~{nfKye5JH;v#+>L=%S^#q?LZzCzavYq!cb)#ZoD$BaH&`XVb;I3N=Xi z+AeXATR@b*wrG<7!kiWU=^Ls|dmPEVz>GcYYxXN~rJhTaN~&?158X`W==_})5fbZ$n?3VNynM_$ zT{|Di!sygKmjGoh8OJPHnP~GGmOObB>1Zw=WS-BSA`ag~_2~JIa#;IM)Cp55jk#Qb zyXfiL+kn}TC{D2$mt^|bSRUZ)VrnZO0yx8zN}K;MD`b!A5mIZMolO4+K&KizALX#& z-ZuX|2LVzpEvu8TSWIT6^a3Ej77GS=%thbO!H!aLB*#z|jqz~=$UIB##o~~?#iRsS{|-873wu1uLe0(@rn+`*ME{?Q6tH~*By0lh=#EK7?pEqXd=!Y z7rzWE_~#z-W6nBd>zMFWpb&jP;{INW{61W^92M(OEG;b%zySsqQyl{7uZSLlO=Dsqio#j;4O3m@BhG-fQWrGVUM_=8#1b{geQ;@{-VW55) zt7cjS^ZddQ@hzfTNC$AE0wRbj|1ZE3zWC?9e9@<%hv#MHTFE>jlzl4iC260)uBUm5 zpXilqM9%U=bY%aFC-sgZ7(&u4V`3ahpCDCiiq45$w4xs+qrlk3T$j{%kbNCHPwNH{ zo=f1Ongqzrg+C;qL-dy{4Dj=zxObAj>AztRtr}!4MNiP7j8Zp*eqyK`y*DM(R^kD( zK(vO`UBc@gCjXa#Q6%TgY#M?wGv}}uMSDo8Jh_(`c~bAF%ayD>Jz%IMybY5VoIp!8 z29SlgG7K4`7JDe**gaaWNQRGqsDzzj+>dhONwURE5T_)mqZrysJ`;>z%xxvJiX%D~ z2A4oNmvckyHwMKKiAqN^YRM5NPnk5v#gQ~Ybv?$rrwdVmv|EYIdoouzEAlOgIeQij z@ual92_}15&QaNP1fz6UB<<2~l&z!s*g*0`hCL!L;3rA@8AtjWT4rBH4V2-) z#<=2t1n*I{L(10!ap`{mfU4oiGX>TabBeLa_>1Ri!>ujhPf0RL-;i=b**Rw597swpGv?$B&ZgQ2@_{I|#@w8f z)~W8tB(4~|WDOFQhNzHu84^5cMSzm)Kxc3iq+StV4h}P=TLH3y)Aks`04l1%$@B)m z7&~?N3g#s1V)}B4qr~uHBr9nhFwangD`gHq3mXs&#F)#vp@AJU;)sc%H5pwprOxN2LTf zP!0 zbeRipV#opJcUH==d1xJ9k;r-x5-AKPeKe)dkikzhGv$UTdurV=R>+Lf8}H%rE3qco z?9sQ&kSCVz;juHA=>figlZ&YjL5O3r&R}0)&SV(4!Izf1Wq}S%e5`0SZUAgQPf({# z0ct>|k+vDcTP{PKAPupEY-SQ(N1W}#?LfnE&y@ol!XG&|4*6nxSoKue$r}4!t;gPRaY~pLkBaBH})CUM9uW_@DPk zCu;l+;{CsN3H7fe2suFA_^Z;0snD;!KL)Pif8|JtF)MSYf7{7r6oz<6k|mRJ@MZZgyOK1YeVQ? z#63JGxifRcRG|WX9CMo7v842$sx{(nuyesprKFMw%EH0&fU|G8;n(G@;1@|RlGE1# zNTRIA;|Y>LDd3x8B6Yz^2#y9n09qC7jCaI4(2^{eggGY~7VY(cNNPB#d_GGib?yXV zUHm$tTtw+sL!=jYrsl8k`tUI+{a1-Ar$ztENBs$@@;mAU2w=rL6w6zp4{iF2V9J0& zruesM+xL)fAjLaS=8^cfM)?)$z3?QRsem8I#Op!~F&VHOz(nBkv4UAeKkaC^9Gt$U zh7R~+icT*KG~`G?rJ@-nI@?=|OEy!w+BuN9+~(2hA(~ z{gJpI)~Lpn;A6Bz`QQtSY#PmgX_Wl#U-jp2;j01y+T`jpVH{9UzoJ zR~?CQN%KaVenb5V0gm7pIvfZV3o6We^t?Lh>D_lqp6*U^u5z>ehs)2jE^Ghh1RZsjf>h1!d1Py|=1d*6>Y_z8 zk_v@+b8ETg*rOtMWx;a&1u^cgrv-N{jd=pfWZ9|bTGiy`aVou<48%I6&$!hi!dRN6 zHeRU$TKf5{s%d3E7c`FUj|AMhJ5*BkgYggj2zBRl&U@O+{K~oC zV7smHe`DCMG=1gRqI5>TZBdN(u_~%z%b@!5mQW=)= zPQA+yeKh?yM<_`Hvi{?$7)ZwO8*)yl{|6uK!SO3hB}VTxDCYeqbd}0Y(i%z*x{etN zYlE;65>Q$d%th;mu-m0W{}SUX-jJA0i*ZQ{55$6S6SW!8OBJL(X++Ar*tc5DY9&UT zR8kCYmDA6+zlOf{{~$;N$hW{|rgV_d44o)AZ}czfaMNnI;Mg=IECcYT8X2vH(3l)+ zg4`ajbL<@5vJn&JY01U_LZkb8KVyd3 zebFZrt`cF2KYx^#1#=YZNt=jh4KWo9luLC1{pKPen3AMf%yLOb#!0*n5G)csl>P!x znv1w$DBxH(<%0k&_>w60dN9e62@*$3@-n5;mQMxaK}hz0>W@*&?E8(JS-$;F0*r(~ zBDVl#;hNmN#(&lU1J)i>yP`cnVr;2ua4Kv_v$6U+BUAV+}|S`(d#r`hzw0p5+z)Qg9HB$dWKRKvV)cB=ARvIBHDx zUbM%@|8aqX;^N<4dr!oR@s(c5?Wt?V>L!!V)OtR#F|kvn=`Zn48Wp|_1U-sg~f0m6}kXn6T@89F_2DGywEX~ zOgC*-ebh|IPZywZ8=Wq?0$uZlq7PPC)YOzBUV)$J?0)ey0cGdHf=5r}QZr7*OgVt` zNn<=K=JZJunT+~sa=)6;HsE~BozHWK#1QfD{0{C#JxWyTDSJjr{m*fp1$$klgzwiI zHw2S1d`3D6evI7dM(>z-i&j$zeIQ4OXN`(K#`(Ocs@h-pK={k%q(thnezSp5WKpUA zhY=!U>Bv`H3Xcw+d&qO|_XI!ox5K0^mqb~8-MDc_K{&^E={q!F(_hhwFmggmVb`$0q&QHxzoXHSkLzBz>{l z|1t+&6%=&>l5_tlCB|MzXWBM-4&B2Pj1U|-EWFV*IG)aK@NSOo@{!T->MZ+2{G}Z- z_B0;rbfK2fQ&Z(g?X{e}7egz|TBQd70(2|rmd%i#;W|wC09+Mfm=TGmfN^Fkq7cTO7|IRk)YbNY zkB8dcbjOc_W)memJ)WUm42l$rEr|aD*(f6n#n1$w?PY!r(jVOFaHO_pPh>BQmrXz6 zCguC(GrqlcN8sDk!~iZI-eW84kFD5CI|5NQfUJbUlj^!s*NxIW4%>vZ5aJ(~`cs>2 z^g80b5Qo5_?gHRFr9Xuyl&^=?3;FMey7NJ(dnFV%gH`g?RNWoB0=vQy|6UVTU%12b zAQ@;sr5nN*K2MnKO^bq_+elF)T0oQYt_#(~f4?ZTwPCLtj35Ibm!WWGf z7)BqfLb)CBstlu+;=X%|!ej{mwM7Te|Q4ze}~!(y<`$Zh<8O5II2NFZc!05X_akm(-T7}x4ZSON!Jl*XZEPD{ zKzU*c!H^@u=VRgqeY@aVhQABm55i>(!dDN`nfZX)2RG4&{M3(G2TO1f2=#!)2UXH9 zXM{fy)VQ6Z8~XQc#fC&&cuA7{}Ds_ySJe)C_UkX(2>Qc7-4>V)bdN`f7e|a zM_lkY)C-tl-#mZ*_4D*v-0U5{*Mr4yb@AQ@|23rN_$mM4&z*udu}cHW3H&tdM`ak6 zGKA)QEW$vf^dP*O5Gu&AgWJ&17c`Dg@*!z`pVDD1`k4cv@Fn|5wiPb$JxRJ?@r%E) z1l#mAZ+kn!wqdQq;lm;n2jhvsafsU=DH`#C&p*7vLn`Oc8`7`{blBSKE% z7!?mT(A0Fy=<^uSOr1gHSwGYoE5JHe|X*-Wg0hZ$)RlJJ(kq zJ}=E-9QV4DdH2>say#hY>(Kq-&;zX?D-_;k`;#X;W?%3JPuMP`O&Es|56IGS+JOHL z219V9X@ejNDgd52@Pldax~}NW)3eXi<#&^|ZP-m-`VIf%k)*5s?pA-MLoDSFxd_u+ zPvxS_rBWF>MtwZYbs>FuX^)iec|OutdE0ygZEqAu(=vXf#=h7iSUUtGpHzA=1C%zt zY;G+h8s|k%7Y2w?gr2?^o7~|^5F8I^I+f6d*JYcviez!h`z$liSs-#wZT?Fdj$FP zy>5&4OZ*J|+r71K6>#@B`r{e-Y4;xUgV(_QJIDv+zz?>R%_Xl-a>pQ80_1~Qf^$#q z$=WVz%;==_h0^I9y8C>4*6h-Ug(6~!Et-PO>E+>pF2)4qEnx(Iyk~#;a{2&!xE}ug z-Rw13rFUBnQg44=Zg}y$5bKZh#{AmhDj(MMZrsaCrbdNf;@!^gcb^+4n)fUE^=)hF z@Vnn@KKG3Z`MJYm+>yLx?)(%2vOo6J&BXqqTdmAw~js5-B~(yJVj-< zwB{^QdnrWUwobc`Fj9ZyRj2m(TnNzWhCd5n+bPp1K@NmEJZgKtd93m$I-`JXlaWj} ze9{F-pKPH|{M_jU&Z6D3M!!psK?%W0r~SxFavIp}gMBeV?rQt=Mk0;4J-9uxO_&Z} z+Q)$1>*AET2n+}ae!D~Rwby=W4KfH~3&h+OGu3|aU^#Fw?23Ds?q}=M{kdcJcG_SA z#{bkye~7c~vi&mVaxG z!W*MsrcZ90Z?1Iv*EXpqydD%)U(g579CCsem@at#PN6r{$@AZ$f$+?ZhKo@TjZ#{J zc~DC=k)oV#WH0;|UXC;m9A71W!XOk^wJ}-ocOge=4Ncd|^FdH}?F`BW(-83tVGHIy z>)^Uic1-hggmD;cXo^7q~}&G4HVyi1GR+@L&IQ89j^s?cUf zyqOSznGZUFSWU2;b~FdyUnL%mm(hp&;Or>kPNhU%tDAujQhQ`j5&iLrxzG$)0YusG zqR^u7;(c>1AxnMJnnQVG-Z+1@zPz+<-$VW(mCC!Z)Qfg8JTv>zn+1F_w#elz7Gx-sugXLD0;1$vSk zK;5(#vMwV(1)`xA#lX5l^IlL1!}oqb4;+L%WcW%b5^l%P_j8+cuC@;@7f~oOm{)T+ z&#h?M<_G3G-2=BLiP=`cJET=*jeH08Cq2A?)MMfYwaOaV4)izDNr{)}ZBb0aE~dBa zC9Q4UzG@?Q0PGhlp#0U9q}#!o`4R73HU@gnaYs3On@oUv>)?rMg^1Jr? zkG$wk*hB7Z*5Y2IEksc$(GQ}i2mEYDsn z6vNIxpagiw+(i6kL5M-+4|i#D@re&!F~nsX&k;JbE=Od4l!hGMA&~F^vS3 z9yVO%bh@8=nV&a~jmdD2$>8nW>=n(KyzLcrQ>!RfjOGXN>&{r!3CDaER&s;j#G z&Ak888|ZcO_3brj%`lsfQZSz{Um%}&Xgw$Iwa5{GSQn!t%c{^%XSkU6aFOJDxVj;Nwi2vL`d@p`;5BPU2e}) zO;c?Z^c9p3&JA7-jt?FUt`4R|RAL-sERolUu6wpU*8Q%#tUGiZ>AxFH9fX{P67h_& zhK@l-&TlJvg1TBA@rtM$a+hnhB0h$7npk0V+vMKi+~KVwy1{vxaYvR&PoY6ap}{~= z4G>vP^HtCFZMp*Ns*I@|&OQ|p%a`oaJiG(PrVx_Goa`i<@4ZQJqtrRh?&-ZkKJBX_sr4 z!9CG3MQpKVuF!beNH!u9zZNeTCm0`3=0QdwD&n;6x9+m;v+l7TAmr$K^)O#$swu#n zl`_p_p3+#MeOqO&DX7b?%dg9=D_ohiFr8_^(zv*?x$>sHb~1A^TIILMf1H_OG5O3x9B!3ccqY48$d=wFn#aTMs4urUxy5EE4u9^^Az z$OU@?#m8Uz{HeAv2kKFh;!u)Calu?W@}ZZe)Qxdxf-Cf)=2RzGU$QV4^QX4IIyl-! zj;=-eCm)O`=%*JDNGh3I@UJ+B*(p?Eq*D_ooP&?3G(NjCnU*S{pVtO$rl7QAF z_f91@#rJX~?dh*rsar9wC`PLFZvB@v@-SAdZwKX2Dneqo+d5o$q88WTGi>$rLB*5tN7L)EnQ+)g&2PH9btzDyA{+X7`Z0Dj=$4_?ZM`BkJB3477^(a+IBj0N^4Kxq=eZT z(dIWqMtSyeClNb7+cSBnh@PC~QXN}~`|@DIs2_gGRmx zY3>}-<@)c`V@+dT#$d+hcxDgnQs*M=Tw=z@d%_HHN_DC3q~O$oJr{;5={99|s_6}c zFBh>LgfDsUNi%2-I4^Y~mt?!Tht`z3cy`FBH?ek_acYx1^@jw-yU2HLu^a+DOCyzJ zeVupIu=6q>nufH1z6(R83_UtKl?*-7J2vzpu$M%jX-QwQAq#pDluK<;ZQ8>VXj|ll zB`;Qzp(C5FuWmQCnN+W!~{3N&u+8HSreCz{yXlA6F1Ssny((8OFu7p`JMOb*WWG>}d zF@+FC;&iJSDOeP=4lASY;uvV&Sa6o@P%H%be_)#Q0#i|DoS}7CDU(TrAw__Z`^%Kr zNxNKxbV=@e5Li|62Zk@@q|KzTC#ORVGJcjK!EvO-k&2VG3?yiLN;4g?9>sktXx$x? zAvs7z==ct;D?O&pknv@t+jLyk@F%SjIPg8)LK?-jN!9xxkR)T7im@Cha)c^N8t^vl zcG&wPIw_v%ylpq`NA!7Hle&(yIpqALvxfYVv%BQ^hO1x=5){ppUcL^e-HN%`O80KQ zj`rfFE>DZ!cR4>wZ4{SsYXtRs+qX0FOHzBx#!JLm(Il<79s6enjh`zcNdY!fi}t0}$79w$ltrnpw3fB99*>((E>%+-S5+HVQ*$pVIgwRZ$;oVB;Qo^_pWF>8nJqC`OJv9OX#msMH0s3HcrJ3I-0x;qu>N6kF1pbJZavZ25=B(y7 zavW5l3*3rZ*v)8Dxbh(6Op2FM9dIG!l;k(k9B?7#q~^PPJ|IOG$PrJ=ASsWNcc18_ zyFTmjx_{{MvEDREzh~O-*0|oB@~TbKkgu0zu57AjBC53hrop4RF;<~pB|V@?xFU<8 zyD+NR+@N9KqBE}9TEFmGr8s;vtlb^Hp!?N?b8WF-$JVwr=CsDBlVs)0VDZQ_!g|>l zNpQzp=Jv#rK=8=?bg*h;N|A5{iCHjcl=j%Ej-2f{_)ztKrR?M|luo!nSWr zag0AU{8x<2s%(vMs14z6=DeO7=hFNnw^!R=#hR6IBAIp`w57!nG4CirS2wW@`hR?PlqoZwX5uJ#$iP9d?g>9>Vc^ z3PKzXc1ffkOJsY><9K7P!=bhWCR!CQhmCs%M?G9G$rO9me%`k|<^p>HVp=t>crYA1 zt`vFCDfVHTUrgaei9W~`8v`}IsuHB~4bGL<$&+a64jcv5trBTI4`x=>4HGW9hBglx zSJPCvMW8Jhhp^bDhE8f2H`3YWph6Cp_BkH#1793SF4rKhkqo+fEE^+tb_~|cUbJzZ zG>7@&{RWzNI&%pfMvYq2$l6I(N0n7lAFTp*C5wUBR#wqXaWXo>SSE%;>Ll#VGV=OZ zY5~PX9CPfrhmO($-xF(kB7YFpyGnXzQVWLzrj1PV*}mC;mIbIo7Du-MrZZSXH!|Tm zG>SGuyHTDc)CM*~$I%aaScYyxS|pcV)IDNDwb2j9G;dRpTLehzk}z(Gz)!s`qo(`g z3B_^Mnsp1~dkGUzIuaZT08K0~zl1ZI3Lx@}tU9bD6-|YBAu%;FzY1gI7od8Pq!|Mf zq6$CAI;Koda#j|XsZbdQ-kl34ER~TdvJlKz5m}hY=qg#j5Jg;AMi(Ve$c1A@prRAm zki}RnxgwF=Ex96-{3^*WmdsN~N;^(fNJ>ABRY*!FE2tt6IR{KOkp!7=V@lDeRDyIQ z<~1a%X^y-L?dh#yRhqDxL1luG1CqF>lCwZueMw`gD1*WS24oTyRBU(w4tZP}$={Sw zPKC*s-!mCi;&aNJlFbWksbpbQK1L!7FJNl0s4QS#EwUQX$C;XW6;9gOtrC{GWjWMSt6R5r z%(7AIF;~d4;Xr7t=Z@*Af*=f35I3~MZf+Q-%8ZcS9SBJu3H{p4#SL%aVvVe*H6-nX znY~i}@$2~V>SB;-BcAv^)JEXb!x_-FtXx|D7^r|GI1#CBrGdBXv1uV*g+KW%!n>|N za<7YGqtv z3bW`ZvnnbnO#`Nf+KlHvn-j9f5J;n#ge4B}87F_1CZvkNklw#l@t9u$VR>)NUwI!h zN<+QMoX^_1BIt|D%%Hi#=!+rF`1TN_6@nt0@-$HE7K*YP+2+b6<+M|RNE+&JgsV2k zG#{6Lo4caxON`90xJI4Y%T3EpD^3HaCjmb(%_2GHI5{{tI2$+`IGs71Ie$qKeq#q9 z5>euq2H7USItMYvA~Y38;%{_(ud|i=eRe9y8)m9crR@P&!~x%inZiro9d|?Me8A304T(n@iBc0#`c5MeN~Gd6@wW@W5ITdmRaS6yT+>y;v$Q zIex24k;FQd~^rR9T|(XOqiCW#3{51jWMu#F*+;} z*p!2Z(3!svgiow-#zKYd%kWBo8hlynu*|U38Tdf2B|735 zc(JTvfc#b`_mBk+B;0ALTvi~SE~8X<&h@b=R=Q5>wevbR9i=*BQYx*(YHmE5%%&Jw^-rua33r+}^+v{H)2wLk_Y2^~%Tta%w0TGXU}Ql&D=j#Qut z7(R}d*@-TA-qHKu)X}VO*=`WI99n%k;KUx&Jzzja;DNQ{ioav*o39L;Djd#CK0NXQ zhL@QBXl%?tJ$l&gnTe{Gjhlset`uWem~Kee_rM?NhG#ha)ft@%{58m`Yk~&mTLLB3MJy+9LE=N9aYKbC`)ZDmQRJ>rJC9zQwe6tBwaDsHzYpIE8JuL5*~7muNFk+ z!NWaSRaVyQ@EI9a_>mO_`S}&?UQfo+{72Y6hb*>!rHd|Yvv=q>e}ZV_HHZ~DQxil*eS z-sbd6`lQb8X9=3_ojuEPM^TyST8o|FY&Q7xyKal9nqE_Po9lC2wV*rhIU_S0^H#UT zpnWnMYktrNw(NhmB8=WO)(p7qFHOFgR8w7KD*o&awT^+L2j(oqb{O@_yc-ho|6#~~ ztoq-F@va>*0vjfB{dZ;J#N4Ar2xjy7al}n35^nSP@x<0e;ZJ1+?ADfX#HcDE?AD*9 z(8yFm_^sdgsg?71?S!}ELku3^R3Ug&Z za_)~s^ltOTv6)OoB}ZjI3ho7Ig3r`mwmn2-fC6{DeUnP0PTzLvfXgjD1N$5MU3Q6b$ z1ZVjpr+}^|lKa#hPK8;N0=% z?#u&j$y&N6Gk@|dP@5T zcgJHrt0tSpkLM?7HZlV( z9g#ZInjOnJM8_n1nJMe@v|GZMR>V;^7?NF+Sb1@r6>S9|$NcEq7^eziMVjA7GyW*G z^H**vU?ewKQx}(ejEF{f@|Gp z@7<&^1ke7^+I3C!FMT7|9aPnjlabE^Sp0l3rQ6~pRf(0-*~nfOI@hSb(sVaX zC(GH%MD5ZUAu;{!9UytMufv^~YTWYWXNIp{M3M`T-+{!i=nn~6*UE7Gg5<<$wmIK7 z$3|=tLGx{Tgn>6`_Xe;UQ`^*EKxNdzO(VDWqWvG8BmShg zmlAdju?4q*W|4Wfu%4Olx$U=zl=ZKIO9J@A6tm&hi(1o6bheG5+^x>x?3x=>T4)!; z$USS*x@%sQDd)2?@(Nuh9P6qCE$uYe9+KpdU!|$>1ByG@I7ILhTV-?@{xU>pd$Cnk znKL)rn(^w!a{d@??^o5GmBj5hE~5B-cOJb)Wt!W=sk&J&4eX-eXfJO= zP)quko2REF`n=*#wa#Y6?`rO@X3%;0UmsWB-cX8!D;n(0>OaD&BHJJ2l8tYb2?Lhr zc_KP(280!Ui(7fl;J7bFjBx!PyNsO0K1`2tec~%;UexC&U2K}@^!b_+t#LQ0B>VL{ zSOd5$%dLB8MnbYe54*Ph!<}EdGPs$i?p6Q9h~l`?#1DaIW?B*5=?Y)5d>5Bkab?VE zn6Epy(rVZGxNVreW^yzmlP@pvTH^}r-qW47)bc(}qfIMoZpV7_2&qG_Q}wWLLXG)j}yF`30nV7I9l zGP(BCW9PWn$q1gu_f%$Aq7;oSKF7UF$f@JlbT)9-Z9Jws)S4dG~aw)l&pMD(X6t>{5BQArA zU7}R-=|QGL=*Lu*Rdy=DI20*$Dh7%WX0VATAJ184Ixe?9 zk4(y%>(O>$Wp%G{;eYx|h3eBpf{sQ!>gn*13xYbK7vwUpLFfj#49()-sE2iESdan= z6e6`K71!27uujEEp8KF2k-9aCl8N6*@KzmQ6+ee(4ks`d#D0m?q>^m>OrWD2W!EP96RS9TIVM9SA!%a*;)$j;<3abv*}6MaP&0GhcMV!$(UwnW_Yh|ICu3 z+!jfF5w*_DC!m=+QiM4hq#2|kF-|kvKM&PuTT5A7(n7L;NgT~dfIX{Ak!Bx zB)GstTaFHNr2@UpjyM>2A4k>tz1G)$_Mp$J9y-(nMZ>b9-3$a?Cm0YrQqM)hPDy%u zCCpSxlBs(P`<5KX{E@#Ws&q^_7yK2!Qlw>~XEUp%XXohW_$^#7JrBfbU!~0^twgVf zba;#MiZ9)X@-;B!&T@>UGWX#PBUpIc2t&kb$Rhp$Y6u&weOM}dlO!B{!LM6;!5(&T z89fomMrm;3J$tpY9WBhJ6VmWz6!NL80;$3}q@p9gLS%WK$hIbCVg4q_|1*@W5hiMo z@n;z6ATqu{oET^VLPVTCG@(8e-#!c&BW(E}*4A`l$fjcGxME1^VrX1qC`?eRYP#?h zLFfl2+_x-!P&z?aP0%=&h-CRV>EZ-+f%Zo5!ubUG0k;Q+!cSW9Zwp2L??e7s3Wld$ z$$;#Gc$`$($7ZW^)ti0Rn%72sB2x%R#Vw{e+G|PM@LI`(V5J z5ML;v==;?tiftiJUy)-NVpFu!ig*Lp{ekOPoaI87ZR1&W`x_msf03M~J8$1U2AKA~ zUPvkzp4vle2P!m&&@OlY8AJFFydCdFGjBj`uzqT6Zx6h2$!P^<1nl{59?$_#$Rb=~;pR|^xmN=W0E zjcbt`yU&ZYXGYvt%EDhLDmCg?LCUc99LfzEOf5P;HCr1N6k7!PG?jh`JR^7=GFH|a z-ICQS`rdwTt@jqxE&6u6xtSGp~O~|?A(TI;|lVQ}UVe3I)a~hSQ`~1y( z7ivv#^p0qy$DpM(?DQOoC}Kq%O^}a>^WJ(Hi(hbVAdb)EuefCtnMT;^_p0tBH`%W; zZWBVYlO21?7{|os`aFw&EEpzEB(=(1LUTUUorx@x8415qxoB0%(P3n~R(T}f3TU5u z+KNT=l2x7<$0px;ggG|XtGAg5A8F#}HNn|ZMTbH9e3VwKl$*Pc4~`WV*gKSUvMid} zZtqzuf_eig`M#&A@$+f$mJ{v5=c@5FqHJYF<-_B&oo}DCWDiD{jRK{s= zYpf8^To`Qzwk@{Q*;*PnY_Cpam*;RU>?#?0Spt5#dA7ULS=2;pTSv69k}a+DyYV_| z5-pkh_C{Pi2;Ft8F+FpFxSTI2CI z{D?dkd8aAssm-6U+)gG**_C-N?d?ux6TukD!^3>{ANGmRWBK_h5N5P~DtNZ_IZj|( z#%t5NttUsNd3u7_xi*L7m_4lm(-bcnsH$|CYt@H4n(+-5hHaia?G&myr3SSC4^hKk zJxD~#4s5q8{~KZN0o7F0{EMn6C{<~pM@2#>^j<`y_aY!I6lo$Q^j-y|i%4(M1(Bji z69^DOM0!9#Kp=?<0fdAaAi&Fa|M$Ij%X{l)t(~<_PR?HY%*=1fK4)fndzvJFBj_H? zy`CSRZ#Y?$?K2vgw|Ys^>Z?$iQ&F6dGZ^mXF3^2KwHmJn8t>=+tjAIzc-ixq>GSu} z{yU$AX!}Px&`jO*eZBq;4Mq7fh(@CLNMmunt@B)7S;3btGHx`GQUCTJMFx<<@ATc|KT20S5-qKfcQ8A2i!g-9D{gP<* zr5)vRN{sBQm250{MrGGpcI2>@`ZTb>+uqi?>ZWn~9zJo3vTbw^RG!0rLWGxO?9;XTkz<-& zS~+P%xM^jp(i|38;wwEaSLC9Sb7bAzVJ-pSyYcg`{caJGI&qH=?$bu7% zQVm+dWkKf7)?wC=q7sW!WTxB>gK_$>qUb*-h(=>`7d@@!GrBunDwXdu4!_W8GY`KS z=B|H{Y0>_;joiY8sopdFFe8-LFn3=iBfB=my4=gTuY=$D?PqMJPBGtH7R!9IXX!4m zY!{dn7&v_DCG?kytM#J0R>wW25eNv@pC`SOLj3~ba2W^R@Au~H^LATbu6YcJrN~q4 z8~y4D5Ws9^(5+!T>y%{QnG91(cP~8D{MYkA5L28^%)J9s#rUSuwdu6gG+(q<5r3%l z+3jrtf34Z-s9mS$?Ykj%ZIueE(-HgUm3xBf&~7~JGxmqt3MsI}7lc{WDe(E+i{Aw9 zhFvrVbopNv_gsz;F69253M?KRd#r0KL`(VM0%E>iUJlosU)T<>!84cC!q1Yu)eei6 zcp_SQS{g~MJ%$KPKFvQ$qtwB9c`EJxF6uw?P{{Ap9aD|HS-JV%k&W-4nWLqIDNq2r`}T(ekyS0`A+_-l?TphGUZ4?tRS-8*y~aoxM5sqQnr0Q77Bgq3RY zMT7u+?C#kVevvd>sCn1e80*%%RK5yYG<~a6+z$Zf_!=IpSG|Bt*S@(%8{$?8RSM4C zuGzmQ-Q>7FF^J(-$_dE>`3}-;7gOiRZ5u|nw=_ymm*ue#j=YVk0SU$s&?OJPX7qP{ zESMj20MpM*j*yexS>N7e8p8iRJl7WzKm{r_Fe#*cQKu|8ny#20ce zrOC4XGZ^*;X>wkETK<=EemT9ax!5pT4%i)sg*x=eU1GwZU8IE796U*34ayeCD<|3QSKe5)HKaDC{-5C#8^WR^7 zutLnkBlcm?Cy~7{xl5nltAT|iUk4UQObmAKA}u`d{rbe{?<{+kEb>{z2TXv2N#@Vm zWP=qulb5W^d3M&H1W&d)`15x~1eOYW0_$I2EdCo=qQTXZ0Edml1s1EwZOIeJrFCTK zx$AjNv0Of2$G{;n!k^=#YIaZP%i}qhp8F1$+FfEH%z54-B0sw-TdvnZOh@uqFu6Ek z&A~ov$^svdXofD6gr_q|v{ZN05hYpJCIS*I)*W?1`4_e+gS=&O+LLr`N2~uxd2X?p za_}-r+?U|hbAQa9E|7D_Rig5R)?4^1e|A$IUYqe(bK;d>(gn)zd~_M|Ot&6-g-Dk# zz2h#9G0-YOy!y-zrRSY+9STbimEm=OznYiCL~8Y9>KePCG!427bdB9nQUwPFAeA)T zNjFqL!GRq}B}*4FUft}3nwP|#7@R7Ccr!+BORzhGcuPmVIZ8?vri*}hi$}gWN%|M2 zD}!8Qa$1u{tVf^ymSW#37?TE>4?RmQ918?VC5((cll)vT_5vi8JTm4gxnD5$!{9Fm zC_pr)aPnD`%O_NU$ekQMw@;|TMp}??&d7J?PoD}Kxj@4CBi~&&0LdkfjJx{p7cBoU*x>+$h~^Ye{%&&FLlr3B$>Dd~LlySWg1|W=qt1Ju z3VXOf;QWzMmpx0VFt381F9r^(IUSi#ONSd-B|ad=HUr&)C_gLaJS{~uPPkdFi+>0x z{1G;``D1KTW^D7z*k+{Lp`x21$7ijf#ye78s6rX`u_6OEL)Oor;-@+A#u3-K-x6My zQeJc7UUQOOdxbJv1z$YJZ0>xv9BVXmpK}xUk}CZ2bZqg3n>YPu+5D%)$VU6|MtgXp z{b=L3`y6@MGX;@%a=>nTGle8tkXp{jr1ReALJ}89Eq`RvWzS0L#H)bx#UNTW2bTFX zf4GrJVryuuJJ8LZ^0QdZ(|knZsN38h@h$(tps=y-A7kAzW8GiIx+C3wb;FcB)6!n1 zJq$x1jSEA|YO9Y@usjPkkMgPr)*V&6yi|9zUjTG3RwcgWen`t~EB>38Qv?OW!Z zr&$!$7sk!2o#}Z#>5%@AJoIuOQE%oAi!UIm{L$r7O4|1?z>%$?iBHJjsSp`gzQNW{ zSY($PluM5B=jCos`KV6M`<=z7W!XWk<+e;nq%9j7X4~%$&WWMwL`$A*_4AA6z>cE! zU|-kv4y^%0tHwQYkWy;~!0Jn%Wt&du(&@*DkQbsNf?52s%-%wb4pDR1Uz3!ymLqwG zh#Rg;se1T5tF~JN?#|+1{gJ;J0@~{l#^~BZ&Z8#qYL{SCl={hVW#ysk*LFZ2 zHJ03)iDEw=0w4og1}hUN)Zvmow0gY8bxSVy?M&c_WzQ*Otn(Sag+`rYue_)zKdiB_ ztx@@;>-X>Va!6UpM)mdPw5e;MEF}+8j!*Q64YDsU2EH2%fyGXkUfwHA#!>2N{?+BQ_l*|Pnx$K7-nEGP=UHwUT0lxX2ND!b%1U>^^C ze|h3DygY$n;F1zpu|-8rMo}i-ic-rw_<%RV2ZUeTJqMLgTs~Lt$-wDa*%4?_zd-_KM&TBn+wH&kzOt}*!uM^egGE`MlY$IVlzRz#!Fn zS{W6;s~rv`d55Zzu0-Cxpl=5z!O{+(M0KJJ5w=ziXBhAuV1UyAD!uVR_~SM3K-M56 z37Bw65zS?kR35wgavmOr&%vAfUA4RB8yhmf2_^O7S*wi)Y|#pxH=}PvQ!m9(`)Vs* z1Her?AM;#h510{W@brsfL~<4GPTD?zSTZ->h?tBQBhKS}h{t#yA~%tp$bfgS*+sU> zuI1tb{5VKaM0#S_BA7@;&Q+wrGXb-j3;CVcQA>^r%eRCb0gW$_PArjZmT-P2Ixcd~ z$jzo$U>{|G{#L?P_R4j+{$jLNDAn?HH99#sb>|JsLCS8PHA`y-PF#5G(pvb!^<(%y z{FUXaOK79;iGKUG(v}-XgTGpU?SoWnJjC0}G{*2Kd=@%7l#(ab7%oesRla$7o#)Xx zxdjetzlGwjBR`2Il=i}RA<;kPP$1VmvW_YL~iosz%?(l8u@gyiQ~%J z4gC7r19_G{#y*xlYSsZ@0s{X?o}!Oq;-wn>DkX#>hVJ5e2}2BHAI$}Gq+FzEBm>El zs7jQ=Cy?a|jz1(b)*VXcz_1!i&QRXRyAfB>+;~7sFYU#B)MP&--W8wkbR&|f@#Q5& z(@VgBqC9(3A^;wQXY9O1u4LH{iOUdAI9)!4>;3L)b_EH(2`+dmG#PCP%|vF^ zgoNfq7<~*!U%~``BtPk?eAWbiPZ4<}O#pgW`?x3S_HQ&N%nyW+i4D6N!_-$i0U#MF zLdba?8u$(}xsM0429F1f2am~QhZ(NZMaPoK%^k`>DsQ=dAyx_|s+0d5Gw=hiK_+=J zE^;7iiaZn5F+6LKf=m%|2Jm)#`8zB_bMiSEWLG<5Gu3+H$RnFPQZm)-ZcYvq<2vEC zYgXuw)>MGCy4PjN9n)d49W!CEX=ph#BQf7ku#|yBXiJ!&B1xArbf!;G*%_@?+l^INawh~JTn0~Tr;lW6 zf=9crX;p*!4FgGQZi>-48pbPfj zU+~e@uq(h=*iGQe9JI!PauNf)5HJ0Gl@h3Nx`n6hp;V=BPIO26_VaHjCXm@VSho>I zH#x8x2T8hQQZ=0PCDPja;-4yJ;uVNcqO#rf%j?n9(Kp1BAc^HkG1U2Rz*LjF6FIk$ zE6LUGWs{mb^@p|jwQyok=hbKmpST!GPO_>6$y0W~eFyFFU`HB~ekb69Wtj?ggJBSs zl)Sdu&qM4uIK2X+qgq>?K6x2q+{}QFnF*qUQNXTW#!c{(w28`*iHvs1UGcD6`~#~= z%`cbGAJ&YBF8F()_afQ)ILJm$K9aVNd@C{6E>uXmJ#{fueR*>+DoyNUUQ791jVzVC za6%m7f8pJ61oY&<@xZ0l($&=~YS&|U4x>z=OtvkoYh7d^9x?WKDHRWk&&y z|K}&U9SeYC@r(;}tF*=g5cPBLV8`94+eQ`VFU`?2WR1rj%1%zl4z;F_VRg6~!{cx( z=BmRDHR`&7EcpFJBWqeUhB`Q-d_p_J#7kSWh~k8wEXhlr>O!<6E%^Lup9cHo-nvof z)eZre29j`V*C;D965E;MqgjK6_eG@8O_X- z0Ib@lP@^yZFZ|VE8PslFUKfjnB+B&z)-wExm*&Vk9nFme*F4HNy8P>ST7EjFj(b83Yw7NB!A){#CmiV&d7DiR7 z4{Q4^MVWv`(_vWP%-|(M#PL;DM4@~%m*wNuV@8_yrURM1T87U0&LYzb&bz(GNliCj z{okLPH1|a`Egtqi(ymI$eyZuR4FctPT&#wy|9Dpi>iWtLJ6jDn{{6K)EF}5Y&!0c- z3rY{4V<;OlCY-~dRiR~-X`x)uoCTk07Ave9L0Lnt^&G?6dS3Z;q0dj4vXW{C=^c7g z1>uhgR!()mge5EC<-?ag0EKpkCa1KOFQEW>ZAeMxS440^v~!nVmNjrAOAYNnVxbs1 zB%qg7Uu4BC+&WG>%v2}d;_2^WOaFj>*QrX24(p%~N}qR;ci~TGKIY64&(utWDs!*_ z;n#-iLk*SbL%9R+5v?j%y2wBg{k9}h;ESFz@9V{DW-n4#7Sf{_k$9S6 zW53&~hyf3?;&t}?h&97uB|Iy(G&GqY)-y_!+urT>YUi7T9BICVJEebE^J`4vm50e@ zy1q!nPH`XuqG?JdI#nhdm+1iFJ1OM$24Wb}B=iRMqLVQhBQya_*kU(UryBk+mE6j` z^>-ABOmALe>Pa;wM38bvcPk2ccRyOcjk*ik z{`&D-=L5?@Gi&xyM;4LfCxy+|EZyx`R^iXBDOQn13%9*0WaftddZdU>QQJCkH`S@g zIxe$wO75g)upJK$r>hOPr6)TEaHWd+NiX`JSieAoUTYstS)g2Zv=u8){>KjPr%#Xa zK=C!5bk16*v3QeZ6XexXq)=2#bEJ4 zaxL^NJS#)T2vx2Z--uUj(xRjnUJ+bg^r)Y=RNRv7ueI~Z7-yG5urAPgx87(U5?r8m zck%jLp61QoJRH1{@((H(-2ZU<)mbZ3lCwK4T#PLd=qMeGxW1i)Y*DIROD;$SI#EWa z7cNjtx)_r&sCIfMuP z96dz4r6ZWr;Rfl*_0U;O6>)*9`ny=gRxTbSDD>J_r~5HplS2{d>uXVVu?&7J7vKJT zZNY%b&a7|kI=M#1KEdCy)XaHUHfhcBp^Bw1IjEH~W=mGvYglwTiC|YU7%FJwx*eOw zu7qX`9Ih#W-Lev2Nf&1STE&g^j@w*4K#CU-ZYh5wN^40*ztYCLr!$VGOxs;tcVV;L zk8=`{9gu&KN?5p-<*aSc?-NQ3ScBTd^H0$;5gve?6hSVavZ1ts_>%%5AK(mLu*_MZ z49z|~9#32{Sr)6s-W}_oE=UoU&|l_p!$QaIbR>5b#D!sw@LbW!>xh4tc_OF7?X1bG ze+Pnz8J!TKXmneb)!joU(-2a#kAHMFhvo z;Q^$ph9|K{AXd1oM_fm%$jZQ8sMQPYP-F4{a$+b5o#fW8TrrGWbU@5aQsJQ@Ww~To zDhwkXnIwf*m>5_c3QjneXTyVzkhbzycGn(~b;=qO*8_SE|5#YyErft;| zTTI{#gzIHowF-ud^sjh{Q%rNG zt#T%8&tV8VbHYB_l6WjeqW?<9Vb+QK6&BJpy6p(|)OmIW(0Z#T-I-gPb$Y7` zt2R~JLw=EgKgF%eSkcMZD6KN<+}3%ipz>*>#(_}4+_REY74}uQLwY&ZaTqlDGpUt} z9!=VmPike!M6k*mZMzJnq%W;K7*_GSgLUXEfCBBlcY?*>7o8>hR2aSC1V0umduIlL z>)=@r<+0S9^XpDn=)+|QE$cCWp^_%)oiNX%5L!(JTBc*ppp69dMl!ihOtQpHUJ14= z$D3MC0$Nq{hioYl?~&H&NO|Q_m_>!XeDGho6cm7c zao|dlp%m|Xb;br6ygPgn8cVRBm13nL4LJ&?BT#I~bP_xt2?D``*SFJ=cnalAd&2eT z%#;OSjvq6qio0y6uHe4U2cw`pEwm*Sl7~*0@V)>dv@g=pWC{WvrblY}KTmGur@XrN`bw^_f zSXaF+_=VNjY_(i4T$RWd9q)oSFNrTtIY}!nI?xOtaizJa<<(uMcU)$rO5Gyc0SfxT z33;}!YxxT-$*-0MD&(&xr!2wIoow3gxT6#M<^RImjD37q46h{9MUu*wDyS zrXhdZf+B+6rXklt%9Zd;#R)EqS z4SZPuevzl0PdQ9I>SUZxJ4>M7NXT?n(%^@x`BBtXO4XvtJMm(nOmb-OhR_Z~*F0z3 z`DDsad8JcRgrPeP3FyF>9NZp_Tk=y4$1pC7jhp8`jy-%%CDGczc@R@yi`d^?(|Dy8*hue~S8|Hj zj^l0t1P`e$+)_hK5EX*&WHCj@QnU!u5BSJ4f5qyMZu64``jWJimj1gcqcg)?MR|$y7+%Vt(ul)5Y zr~nVriQL5%x$F1Rnui{AK~0{&wG<=J8tvC+t;)rl$AHAJaq;f}GXWjROeR@O1U92V zbNQ!sF;7;sTPTeXHu7}EYk@D~q=v8wQi%NsJ6Q2f3};ds~HehMsTmmccq{mMXx({lA>Uri>f; zmwDTP2Y{_x$Ek-euaYGmxPyF1i0nUiK6iN?+JnEsAzw>k9BNq(pQ=D`3QbMh*CBTIV-8)r&nt3n*kNy|*99mY#I_c}Iqmb39YFo-+6 zUq~zWw)2)Kp16%!SRB0TYPorWx;(1fH+H)xS@!)X!I&e7E{?U zCR9s=p$ze+KrD|&YUn7gPxUn_}NY8~A}uIZ5F@ctE&g$_d)5-xxgAIp$#&-6~V~&u&gJ z?^aL(o$rv?$EThtlBb~`Z{=i#XSK>7J*L^t;`5Ww8@gjnjdb$l%5wF)m50c+rk8UG zgZ6$7jbTDcI_eJxFHrZkezDH{*|USKTVOqNQVJY8+DPU0lM5b-+}a!@5R= zxp20MjQurqIEfAd0u}Jx;NeX2C0!XkJ87*n&1W8QDhT=X`KY#8LN|Cv?PvguXDW#; z$1sy<*Bv1wnUeV!!alU;0vosu7DHZj?p=Eby(G{C4yrq=pdFXvAQ&UAcvX4kC}=_F zr99U$<|b6Bu!rFll1V!i%DPLja9g{IE_1+C-ja(q-kfa`S>MT3=OkjZzK501C(xDf zH-U>+&k(_}WL_W>iA-XQ`Rn)yHTnTQdCGi@nH@-M^3QQ}Q;6K$!bB^LHPd-3E2X1% zCf}{c!o%v;$%PCb-B@i|OZx=U-T98BApDYHgCk(;f2AhRH|bV%(AUS>B0qyH5U27?F7 zb1I>^N>T!#_a@+)^1ylYwKim8=N&+WoY?TM&gj(#ZHX4 zRsK%+BB>a0=z!kkLm&6RTqL_)sC^Iy2mSkzSNfHY{7pVL&S|A-M zLAGlv7y?p9IjOcI48k;;#Xoeof{x1A`k1vU5Vdv+Y!(|Sv+pSAOL2j>2AMw$e3 z{yX}7jD%eh5~|>ap&lE|B}z3tnmJQmA-_}@=xj$XC%%(a$7T$lNq2Wv#Euul`4pri zi<6B{yY&iH4^S%Rjxv7}!=%(sx@P18&s4gL y5@OdjOHqJVez$TKF(-Kca(nbH? z1&~hNFQNw`8`C>lsaN0)MA{E2Co$+OvnXsZdD5Wu!_a_c6_jjUTmW--{$61V`YU6Q z%A7NLk9id=TL!T$gCv(XdpSRMn5=$P8+R+M`eJgq2b>t7qV%HbfpqV{9^!NrPSWvOC=U*Otml10%Y1dITpUh1$8E;0$e6}Z zT9Y;HYt;$^*0R%r+bd7sO3zAvUgwKhM18`n?xsjkcDLTI>K!wN`np+tauc=eQ@!)* z3)B_QchWkM8mtWdm-Hk1gVksh9L0CO;07DM=E(<1PU3y#0 zLIt3jYXCK?da#_o`gEudC@<7*jhc?H?ykI`N*`6d)2h=Us2@_*G&kZXZ-CwZC zcplnNIN}*ln`VAXK@1VdE~L%!J1n=L>3-b@iF2MGZ?TI8wj;Q10~olDQ|Dt%MrUJ6 zi4Vy8p7)6B$3KC#wM*vO3Ogd_vHRU4IEETvG3)dJhNOB>uiV_+Rvs98K!bC{-NuRI zZsK%s9yn`UDDE-t8O{P1h%?A@Z7(SsJ&3dsK&I8`*NoN(*Lls-B2>yXsACe znmBq939i4p%G;FIQM4M<-crOl7GW-i^se14D)NlBKn`=VtgF4vzq}tM64mfL5*Ak5 zL>0hP7K;%Ss0}lg09Oh&2sWV=bZXwy=9+`&EnZtVA?YEvQJIz!^=5t zkJh#hYdMe2^xl%KVx4_sGrIL+G%#XQrxZuAsRcwKXU%(i?|c9Gca+z$^zg!fFNg;_ z+5UDv^8UHOX;&L8@Lk~R1AUwc&JSmWGDS(4c?F#yK5-)HX3u;h4Ui-IL+3?z>-Z&9 z5^JYvi!=i~ctqc6w!O@ornb=xZp)jS4)?F7Ys;3Mc3XU8>&fX|$K93_Jngfn5#b5^ zS4R=}n%~X2H%;6JfNPpJOw@3Jrz7}c=CC&c*@`+P(`RkGht8rC)j}BQDF`g z^yZ0BiTwj}3vfR;H&e7w zv^&iWd>fb^SP~c?_$DwluqZGoFfTAOuq-exFgq|MurM$&Fn89d+p^oJ+hJ4S*WF(N zzaIRu+h|=fd$}&)UG=XmAs8jLXc*xE{#SJ#7)y`3M_uKoXrL`nf3C;(JZNfsB2%ZyFmU0umN;()8+QT5Cb56FO|=Z`uj9ZD`p%vU$0w;#J{a zj`N2h(U2rLdt>xg#LT}w&q4?c?8^buA5Xadw@CY-WNd6qhVMPslZqm@zcIm4qz}(G z{Uhew{tn~ZHvjegBbE}yWOJW zCOf}@53Vg2C&$SvXt;%?eV9}Hg8fca=F^$ zj^Q0ivToLNO=At44>+=)EF?eU`To^G*dZp;VVmOI3Q~OW9eY@Nayd5HhYKUMmq#oG zT-bMbE>p^l!VZrBr)P$wjNw(sBI-?SL;aYGUB+`0?*@%sbB*VZ4eM`wscat#{)me$ ztrw2cQF$*HrB^<4h2yb?hkQo0gmf8b+M-DPvnP*eHD6na=L)>@8dIGW^K2b^vEY<{+E4C$L9|2U~-cRW!^QZ@Se zl$F5VpSBg#%7B8sCj_U@KY8RJcjlEbFC1KX9UpLp*#9sUM3sh&9UXGNl3XCx)BGC| zor&=ebBMIWJD1JDCS7_AFQVldToi`rXJ1urMu)Z9VWd)Z((gx^2EpDhsBw%2DtAQC z8k;cA2o`A7rEwhRKc8@>Oo^&}TA;BF`0<~eyLa~U#YPD zU3(FGkiFoSoaZ%LHAbimGbcHC+Wbe@1S_idZmqu`X}-M z$A;0h)e85JBPa`;r)Rgcevz;WxL2U}!FawywnNU!>ySY*%~j1WVl|h^ zVa>^VotKxFWBJxH+cJOdt&QH6-j+Vu7S)Vbx1;7z!Kh4>7|I8gRjpDJRb8%orc1>t zT*+>r;dwoyvQ;_`^kJV3f~}J%(+%)Y6|Jm6I9x>6JRJy?`N$XH|G<6mvCm$6yW~Gz zrEkf>Icoo^-aYCFdJPpwG=HFJzP;PwTC)CLagHk=q-*}$yA!$Q zMT@M)dR%#D58s!niP_R{RNZVj`2Hz`zWnG z7V`R$ZnTjT&qR+YGyl4pgPr|l%2>b~luo3BUy|#HqpIq@_@t=M^T-!_)=6n1^C5|O zqy1s?C+s}N;|$-h0)Hi<9sIwBW&_Gs(;&2|%fc6XA#&rrnBi6Tu^0 zfZROEW_eKFes<8#95pEK?JzP(REQ5_p*d7+u=N=8G7&wD%&5_t1!~Z|yUIf}H@NKI`Qjwm z-^cdV6$d8o%orcgs8qN+tK>g}P#5Oh$gTWj5hr9W)1dyPp1#+ZuKtcp4eM;`q8Zhu zfjtiXruo7LRaJd@rn&ouW1Qb^rK9@v;)ijWnu(%yxBi6+|3&m4Ukz-S#vfPSYF2;y zEQ}&@NKK$HfoEvoU!@DukBxJ_*=_%Bq#Va!#_~WqPBYA z>qmkm_XUfbaRS_R5A-U`1M?&WlP9KcoaTw;#8GcVbnAv}sGdKDO)-Uo=s^PGUUdIQ zQfrVS7o7QN3FXvXjz@6M2N@Lv>6BU&ZIR)=$34-CKW(XVQ;PoY=zc#c9w}|l2K;*f zS=6}NRvu6G;WxxJO=%G`5_;7+Z?)V75rfM1;n|B8^BP$59p@^ z^bqwAax3;MQW{VZ7HN&|d1UT#K7TY`&-bO`Xf{Rl-Oho;VWshV@L?TzL!UznGVQ^k z&E!dKSoc&qpLNRFMoV}kv#qVH-m{-8t?HqEI!D042psatxr7K(4GHGO%6>L&ufOYp3*sgry^}0>wDh#So`IfaprG>;%^!4Z}|V+1uhz1v}MI_+)Xr- z*EEwxpiG0F{(!0d-dcxF82=Z9%o`a9HVNw+*P?{ybnEkXg~7nxQP;F0NDXITa&)!! zLAvyx)FMEYnMGNH3Eij4)7e)==3bi*fm7PE#iyu;9FHK=)`~2o6WOZqA) z_7oWT%K_l_bFakqV>$1ws?J~kF}nYogd_L<78$lZ5xd-4O6A|*zFWSxdG^m|n}0Py zY&J z*&;}&)VLpT7Jk~Vxye%F{7jv%UOKmC&mvpMN_@tm&c-5nGlx!w&-S?nw-ED>$cI2v z-{`+g^r)@0bHBTEwH4$5o=m}qIi4Kj)e6$(tkY&T>K{Bsf9CKi%z*r>KK}lH+=KsN zac?ut8Ed8l74-|>YW#998;aSCMQds{zNBtbZxtf*wi=Hn$?(b2nSpIG|}H2>IAIE zq+r>M>u$7tdefz)Z}eM_r=%n8TH*0ckocu%Em$%tanyIpet1#=_V~}IqRm`U>7eQM zPhGX#Gr!(5&{f}&uJ9Ke=d%0$=fiaNvIo`rF5D!w7Hg*sT8|oyq^#Y=g45G11ZxCs z5s%C>Hcfbky+0IqDN6lHz+E+9s5i5eN+E0uxfPwX739r4N4=p?$Pwjh^9Cr?60|C zBmbYOi<4mkY>z6cT_V}CUW@-Hp4(@_%im&RFK=wREqOoIcYqENuQC{ka)G4nrogsjWO|dufTX@qd@`TWjgt*TvCe()?v+#1cUa9D`h{ zxo8~z@5bp58%5PUe=bnQYo6@Q8Yt>I?w02#=_lbfMPlP`{_0KYgZ03@;Sk8hP7xRk zyWb1yz1PdvD;#w6#fYQk|&!do3p5AtG}eHr1w?ltFGFcqqj%d(V&0)D^M1 zQc$U2DQ_v*{(=2zk#IG6cjm+Xg-{)L%>>HOOzsIbd{t-?TX3_g%)dutllPbCVg61I zr7nY>MhzOJ2M`OOU_+OZug!Rfz?9i%S4ACjgCX1m?vF>W!r zq0ydw{H+X!wRXUe1{f()Hy~>?y1E=Eajpl;CO*5cMdkUM)%;f)YPX)tZqn(lPf?9IxzZi)EdWw9yT&t~vbu z_`iu2l{dfdqGohk{x#f{|6j9GbG&k@x_{bEc2C#$1FTlek7w-QoPlXOsb_bOuJ+Vj z(Cys@PMe1t)yga|JVd;|o?Gj0k=CcQpu}9|O-1oV;YXws4>zh7=Dr=<# zzCmr!x|+!TnVvtOi_)gHui0|up7!q6Rzpq7{6JzPF31e6&Fh9V3$WI`u}J!E&ex!~ zYbyGwGJN)3-l<#xU{UEAJl z5Bbl8`&VZCw$cBk)^kI}Ln&-VY_F=9S%->TS3@8^^K}_Updzn(_4u)9P`R&UEedC| zcdYK2C!Ie!F{9c2_#`l~X_~J4$!I5JQGVC{M2exBp=&$4B>MY7faJ&VEt>ytZ{mlg znpz8DZZ=cV3_#xXGd14SC^uE(&`IzV$aw#8$AvxdKMqCH#~t^=Bq>k&@jA^fKmJ7t zHog1NmbX2UU4r=Zn$w%lcu`%ot#~Nv7#W3;#obMulbv}yYk6s@IB0DQefyAKpwJB0 z)^qtEhsW85{EB6^n5n9Lg;!vL&$NB`U7uo}k;8q9rmFR4&quoJoGs!*(=(dkHHBjC z_0eMY9U_MIEAL~4@-`J4ed?Q#MIO3AqCdPVRc*{&o@=$|Z3d$_mQ1xbAN|_k)ekB? z8dA;M>^>hev#&cJI-GIj(Bl>Pai~cBGf&z@^hc10gA2cP!&dmGn(n4Lv_X-^KEj)P zZ2zKIU-ZWzY|t!<*3!0NH_A(NTzbos!ke*!uL)uYcJbZgiy?f@+jL=hRzH2+{AQwm zw7jNGLrk%jgs%vn$^9B@jx5col6H&ZeRn?xdbQ&kWi7re+&)>tEA#_@nz<vkHsU0`Aog0UinG8nePY1nJ@3@fADjLMVr@)u7Am%;V#&@U-y-4 z`A$tB91jyb*)pnIrL${oJf&wmLF2VuWWNCAY@;{o$@j5VrkcEaaF^d71n}pR^XF&S zdjQ@80r&XS_Bu|_Ly%X7p7uLx zPfa|9jC1Q1e^e@3l)rc{_|uGY^P&BFrNeisK?+)RV&zY#Zl9(OqpG_#WoEh}gY6Fq z1(4%oZbUx&K-P76Y~#@QUG4z03}P z6^!gO;QY@yy-46{7r4lgI`>$na_T&))mwAqjLG&G*zxgY_hqL&-}gV!Gr+vld-_UCn$EJ8zHKdOX;u8YzfQL_bn4p#gE9n*Ee!&_sCCx%taeC4o8xT-iUswpr1|bHfPw> zi1NHb*HkAqD$b?r;(7o4SI6<`pZq_kg=dTHrlEa+WT|1kqXkxXg zUXHrL@rc(`*|6p(St-tN_}|Sx{t@+k#~>mbe8WT>Cy}_zGZ7BY#1(L0o zmgZIft$1!-16c^N>166;XH&Y(!JD=a`{>qfh`36+*39D~qktMr52Ec&+waFsd;YCH zL*WOGi(mV~%Si?F)vr$xGTF?=BY}B)8;mToa&oYzu*|S}N>>>f4rZ|BhWxYra5@8- zT{)91TaSf)3zCx5-#HKXNd^Z#q$>Pp+WCzl){^;#t4Jof&@koJFs0fhsTeA;Epn{> zp8!&qhqK}2EpC!b!sqXJc$Ht4bL(-bk*mfHj`HT!RCJ3t7Y=#D{>hFfOYj)+>X3{M zSTd_khgv6xw>ZZS*vL=GINq;ktgrLSh)b2v^%IYiP7K190_0;<*TKWCoz(O1R1`5< zf!_TQ+7!{id&YbBefRD`_IP8c-#w(Rbfm5@L786HG-JjI=3xZM&wK9knN!zHdn)R) zztvQD%iol+YC3_vk%uD-{#1V>p73`Vc}Pho+{QDccvdmxA~;`8fI4!gx>%3-$`bdH z#ju5>p>6=OmJuV;?eU7Yj|=FvDDo=sfF<^O%^n^=A4ss+0aT_W!iOeyPe8JV$I=Jt}h<<;PILBHq-tG z*VP-hkse1`+H5#PmG()b`z3!V;;q!L?fgn_;kIQGY0b?RvMdy%{H|#G=bUIZ;^|{_ z$q!n7i7ScXNHw3<)&3#(p_wRsoT&($sWGmoD6Wd2kP9)VRlXe3=f$gjFPYN%TPV;W zl1@xaaG!e56?XlRif6U-`6iKkhW&f+y0= z%o}jBV~z8*G=J{jE}Pc>ZR>s%z;uYV9tsH-kKDw{+b!ac2LGR?_GlVJ86jJvrAn9& ze$y_Wq^AeCe#6ss%;vlN7+}u-z`o7>2zmxmoZif=+EX8Gu*D3K(N~fa&;*E z6qYyb@T<5!vy?EkxZ%SL{)yI5>^+-EtmXI*yic5oPYQC z?Ki;)-lvKYOu|Wa|2NhIX3P<^oPa?m7?mr{U|g?Q(JX;G5rdBu$CzI7VqG8mq#oZ2 z>%FUYe~_+fb_;qvA3Y^IFH61e*pck}owm&Rx&E|Ywge07_o@KbEenph;|)6fiyS)b z&(f!a+YG`MDlWSMuKe-z%RtwfWe(o*0m7x*b0asyuWuR@GXwXxdduM6>$|tV7PDcT z6w8_>LU~`OO|xYG$6V;Ge{%TtruQDdJOCPw?M;YYXB_rO(;5qzjbk{Xy3`f3)KDei@wQyV?D_G#O%}0*z?A==@lFd11M-sea4G^Yy>hEYprt&2-DT-Ptax^<1M0fhSWe@kXL%n{%1SD1OTwt1i z|Al#dT&ah0>0q#8{KO&%h=`jr^PgQ5Gl2|=sRlFrRH#%MFDG-eF*eGnRZ6DHn#}5Y zxz~EjerY@(4A|{fok_Um{BTFWU(K^>v&z>SiQ={`sT8aV{m;$$CJNjC(e{KiCLYp! z1lyd}w3{3X?P=piiMUnVhuU_q{xiJT*O$^PvMoJ$aswYGw*WOjl>+XFg@Cj+Gu=SE03(DeBIr z3K@6M-WE)jQ=r*a+MkDHlFL$OIB>+Qz>qC5%K6uFurv+dBqZNsr6nreM+BU z*wcx*I|%*Xok3$FdgT@2J>gJ3K6w@6$F@_#34-@|h>AeJ*XT#soXA2MeP;i^V4+bF zIOC|#CoXjc#GRtmhKyalY?(EF{)zv?eSkq*6xJAL|ybB)iQM=SLG z$3L7V%~Fc7v}#=MC20;m{Eyer&O*EL1K3oO`IO6!F>!C~P5YSipg%>93V6kpkI0}U zrT&1KiD)-IK+;+Bqx)J#6TWn_8QzXR57-QzslXWw*Uro*J?=}t8Xx)hAHp*xdwyTv zln%29rf?~*_l`W;nd*MIuq*IZ(@mH>3097~=I$Nccddb`_IPb z>~6L{&h&e4(&oJLq60+bF-mGP$QAxGh6)Zjs@k7c>)YG@%l96gtnPQC>)}6+Bq8c7 zP?^{BGPqU*{kQi2jCsXUO z)k^Nm@wHS0S!{m9W!i@`*Q2@jO)$@%54)MYVBH$OAo<6`I(|bh!Q%KZk3VJoGn=vE z8h0oV$|rDn`+wsF`xZkUaUS1KKgRlp)9Z+G%byUTEFD1~ZTyf~wAFI(Wt)RfoG4}7 zYySd9f55k6;Kr?E^d=Yo$fM(Y`@aJyTkk)n)L(@Ru{dZ^blkEThh4QQMN;kN0($GR zYBEc|&ioH*u=lbz8-3U^+pqrm26#9FJhYo5 z5J_ICfGE~tMnL5#@8ZDjmQVab=39{cjNsF6|Gfs<2UGZVpYXcuj~moEPHoZ1rE6*BIyLb%0?in! zJ~EGNS5JI`K#1q7ZI~6cTd-B5I&ogH@4r0Jo++UISVom{NYpyd3+S=L$6S;kqxSc^G*mF$(`mCTjGmE4sQ@(*NrWLacIWEtdKZ;;VZQ}LhT^5Tr*w&EgoMG2Z(1^x6c zp{2`TE7hj^rs<{&rmd#;rU|B#rnRQ$runAproE=`JApfWJAj>yox~lmsh+chv#Ikh zV=-rWXWgqQj{9Ut@|~5A5?`sE+_gYE+c51o(N2lgdB+T&w%g#Vpmf{Gv*3%ODPS!W^#Y$Q|#!M zRo#nE)Ts2RRH{55)vI``fUXFt5UuF1psXmU=$J(eVfoB?wu2sGZvcTL zyO-rC+R3~8aFKOUbdhmUSWYihiVGQ?QK81gjrA7W6Cew_3Fk3L(r#We=NPq(PMXF19aC*Jnbw*Xf1_`MyV;|8 zxY^P7L3Zlz7#33IWAvk6V9cHC6*=N zlKs-z68TczlKuzJozPOxlK;}%67*8glIT+Z66I3CQpZW;$)A&QTR(SOcVBn02}q6` z@39N13)hbAzonGzwC%j@-`knnsoS~R$=li6>D&1@i8vWJDL6SeNjO~!pP>~`#X?|AQd?|Sb)?L6&0?LO_p@4)ZD?|zWe z?S$_=?w*cbPcCN@B(}1$esc)WS6&P1+UN@LqV$Tm61yI_a`oEu!t#o^rn-*bk=&Ks zKfE@+GQQrr+PaS4qseLHZ{1sgxIkQvCzkSc@(CR6PZxp+&G@+fd}D7MW6ZpRW_CK3#?12`Cj{fjPV$2~j7J&)`J zn#Y8RGbw7v5-_;)$R~t}^8!-XD#*qi?$Rjaz z_DgpVS0i_e7}zF72aLd5_(Rc^gLi5!d0cAQN~i51*{L?=O$V`yo>!f+*J#p@c8@5$ zRc{iCc26(7Rcq?RtI021EwX&YJJpvY0a)JCLqsGy4W{7fA+XV0np5PznpRdQB}pnR z2XSi@r@|Q_h>|{S!+6DJe$n?!q{grpxHN@oQ7syUWGR-kG!U&Qca=iD)Q^=z8ij%>mP#}bxu`q!LcbJC0~&}@)SX5lY|4QM z4d0I_boD~>NhOW zYid)S^xhtl=LH9Xc-`rR_v$x7(Q6u0&-C5_k`#agSUkVPLJajA%4nfqQ^&Y|p@j** zZd9W6YY$BD{JIL2l#S=<*tBUt`cY2G#yKg37BnEqC?_@Jl@vk`8j#6JMUiZ5KK6F) z&?h>!AX)iDY@F($P&&2(*;vJ>C}m@+)C@WrsoJ3-2DVFC`C#l$si--I`a9X`5bWdP zAwI@>7TM}5?Bmj*4#s+N+3GUvRRmMvY{u&dT3c&05(bS5Ikc&rL1i^ zc9p6zb;{xo8ZOzWImY^WS=%n`Y{1YGy^~E!TeEDAdX!Gt&=RB5aVif2jeR5be(8{% z%GOG1Ta9c^1a_-V)V1o?9i7vg?20}Oi%8UR*$^CqlaXwWVibzT7F9~ypsa53M}GOJ zn4epxDG!{oFWNNvRYSF^Tc@d>+%#)?QTNJQf~gOyvR(Puz0y(l8e8`am(a2=LNs|c zjdBZ(5?iJBE5`s3mUtbSGAdbY>erl^hlklpUymElQ2K8jh%q# zE}agaP-!7wfWKB;eK{ZNN7mJA+~{(slmlbyNi&TD?t zi!|`k+?R~1{7%!NIg2frWi{H-IBauL^37PiD$Q2RibGy@%aI>7`nq6!)a6zj+O4h% z&^xm>hZ|OzvGZtBgfjYqmq#a@H}gGeg%guQwytF>f$q z(J^l{>q+~^JrDZG+j;9ra*V_^k7HL&yQHbqQlDpRA~*-~&WgKrB{?SInrFAGwph}f z{5WA^BDetZ&WpSCB{_!Unn$s#CRoyBZK>BcHtC)Pd1oqYK2O)15NyAr_6u1Qq8S;5 zf6Jw0TEWCOLgcqajNu3+V+)le8fg3BfEdFTI!rvUg=%yeURM-e_bFsz0-$38uHigr zf?wqenOFnpIDmNxUE|?%lSNzm0WMqzT*R&{@T*@#CguRkw%~RmR~=M7j}ZGR(S0MZ z9s7X*TE{7TZo23QtKk~_s$$5*2w>R^{8$3V`1{i85`NV`aU7+XO=KOn1P>uq z4l33}I3j^~XcgtaIOe8(I+4 zZtYI9_ts6Ta|f>)MG3lbifxtm9mFO9oaWne8LJv5#>n$DxQhrM8$q>!PMyC_|I-Fc z#3~&6Z@74OIFc@uoLe{&L1eBoxFenWmQakJplhNzzm**7l8yEt^}J? zlL&=AAb}oCi#tTl5-F&Sxvz`4uaDW={&}tTvryq@QJ?Xt%dG9+Hi{DqE#dmh-VYG2 z2%BYrcM7j_GIHtPw9mP=bFP1=H+?!ulIPl>8}OW6We*9WJYhL$a17XQf>3)t=AEyd_e^#N_?jqcXxvt) z(#}QcKNWMBLm&$jq!V#xUDZ*?c0v+$k{zoNLf&h8=|j z$&b4$HA|vpo3T69m#Wk}Z02CK^&;jIt2u8h?cB%LYHlfJ(akJj zWgvZ&8WP2fRKs|`52NcksSxy3qJR&`8ou3(YiH5t9yG;m*vPs_G{7Nq4dYJ6`eidY zwzq`ZcBihL6R?F;L#MT>`_G)#;gPKySyQJsiLRdv zFbHNrq{;>`LzcQ3ui!c|(!Q;_a!GWS!*U;l=%HW0{|?~q9nn)hX8G$#fY%xGcU98u zEXmYECb@Iyj3v%BeW8O9c?FN=>wIK<);a3t_qh(4?9CYQR+@?1Ah??DH~RN#t&)TZt4%}y@i8F8|NVjeq&=& zw)*%sb!pvfYTzoCg~yN^&lVpU+XrthkF*wMZiKT68s9Pqmbj~B~9EZ60jI&AW$Kx0A zrEROITgI`L&mx=ojrmFI2^p8MlD8uhJcej_wp2+kt>Pb;q_HhMM?|(fN$2N$W4;HNjRcLnbM@ z(zbcj^LvpoPD7&8pQLresaa;Q(oZ89-G@@qJZKr<;09M^23HjZS4XwopB-E6+W3D~ zRI4KE5Qx~II7JqUbC4MyVoFDN@_m`6%tWVm{ZSN>ihk(&2Oz#T0GFq({3yVH5wRmn z8vW!{F4I@Q>9ZNkt`f(yGqj-`Yj2@#<8*MS*|rg5>H16sm(u%3be$dV!2N6Ol{|gH zo|?Z(Ahr=gg#Ly|QW(l-6g5$`D7!+gZ*hGgjd@f#B~mQ9flFPE(4~wM+H8pCcLQ*a zX1dHwqMWVB5!2osP~O_RP%On|TTJy9n=l$aL=%;fzp$Us@6|S#U~TCY=Gv44j~slp-JwHw_=&gv335)%_?DCNY{!k94H8B8Vr{G~~w z>6a5rW72AH9sPcQrX4Z?U^_s81Oox|2T0n%@c_yL1PJd89R^>C|P#`8IG)$mh4SYfQ7@1bt&@5v`O=b7I9x;kyDo-}#SAnYmilOU&N5BGB;7KZSkv{y|SNZZYS2- zNve5DBL2u#%8j?kJ4eNDqFj8UT-3s~n4J$qL>9q&7OUtiMay5Lnln`~alm2GG)I(s z7(3x4wa;6Gk~1|tae!^%TEX7&k4Wz<7U(La!Cz#PJLNWU;BDa=!rn1Ow7L^(?+IG|;Z;S|fMg2R5VRPza5a#ICtdj{d z`})A2s9(cKro|?L)HfGMz_f-FK%eaAuSJeRZ{3=dLI5rO&Lr|V)B-YVY|_i-wp+T^G2b*XK%G-I)bCBFy$mh7hCdj z6(rvNiIv?jeXz`1SdP`-nPH(9;TMj6oBT;Ul>8&NxXIV=W_zKeQ0_`3Mug}hOvAAm zlhUHCUm-J(#lPuI8_9g6Ov@OqrDzXQcN?E0nX%iojmnRqIFnrFV-2y1`S$AX(c{|? zyv8W`l7hZ3v6EyZzhE8DAZebuOD#W`Cc2gIV@uIb(NLwX1FJ zdI$5&fn+2tcAjMv?{=u`ZD!l0uR2_(80$?Gw4L0i0c8O;5A(M=t+uO}JixOTmMOp*ecKh)WIB9KO;AAhH5}@r7++YZ7`f_Y+9V zaqgSmW~ckfYRi4@Tlc0<>&a@p!*Y+u(|y?aa)ZNIXVm8TSD>H!YKPnLLcw5K-0_0F zufOU+DOq-_-BN=Y_u^8E+cT(UGR$F(xX14}{)5#b^n9`1W*^x7Jbwn~?@31%T<;hT zl?IgtlLnmz3xuhLs{ZtOZ(AfI@{tGA{u?C%j{CO)1RVcwZiuDilpg}MQcb}8Z-Gi9 z-Xa$KSDiOg0l8fH2nbw5u2VdMe_B86ZF@tD98y{G-Zq zKp%aBE9nz$EGT)IS16&R(ojY>r)qkOYvvidtCL`20gi&pJ-KqVWPY(CM73e z+2S5O%LOihSG1hKuvy*~vXWD3SsO@I_g-pyb8GN2?<>H~JGxU~STJu(Na>PN=@L-( zskng*VMc%kDKF`Z(x|ACNqQOmwPPi9&FpXWy&sGo#cDj$3}jYn@lDp!+Hur1^S{;i ze^hxCbMj0RlUXUmHmOj8a=#^MtUNoQMG z1!`8MRHE*Rbp1>PfVTT<6iFi8cF{Vbef02F&*-YONlM&tEvLA~wNGS)cj9Y27MjrR zrRXbitxaOXN9w!2dU(`NX9Cf=+MHGO)Kaa#=RvM?OK4;blC(3b+~;jZU(XJjHiLL* zfO0Y{>W#*;;Y`ewdW_{xyTk3aVL%|hhf!x|#qjD}Rce`~S_q{7XFBIpF7~!H58zh{ z-7A~6P6ea0h#b=bLz31eAB~U-bHeNiCvXT~ zL%fuKt@4Wp1CffXK~WY-6*{_Q>g^eJM;%{mmIwy;sLZmW# ze?S<1cDdPCYfc$$jR?ku;W>lTzt-;3zuHujQ$lrVD#S(wiX~~=7({qgh)#Z~KF{u% z*SLwuofbcL1e5O?))K3fmo(cD)tU4#exJw%Z?f5@1bFQv6&k`YeV<&Zza~_ zS|KTu*k@!Ompuk}_mvKpS+&qp}9?sGEAL|LokYa46uQ_ro5F$=1U)mxdN zX-ju>R%q+k(Rmt_tb4)qixxFwVTG;2?$9&iLRX^ zmTSI~XXX`)X=wi-ZGNWGrAJ5&)u*ACu#{SU^r{`s-g)saaJyU0HKh2&?@Z$jCY~2R@BIaF?cV)@W*Dd|FLy zJ_{i`J23X}U$_uy#MUbsDrFdrl65Xgiq8C5yfaMSqFuryMqjH2VVEnom()59;7M5yJ+G@e-sX#R{aHVSV5l0P+SXIKT zHdWJ^L=Ejv{@JtWNVj3`_6x)0-^Z2m9%>YhoKhXcKDu{I8q&cw8-Py0fZq25mQz(~ z{_fP#abRfI=9x7OP&KNCj671=*d(>))!1{~*`&#%@^eyiq;XA~ zl-$8=l6F%p7c;-&*xAfgbW<004M2qP034mvREStZC0XS#19@tifT;=SOU*hI1JfTl zsY!NJZtLEL0K-i+#FMLdN9Wd0<83`gmR6z=R$Kf%WP&<5mR2(knOWsvhCCUoc_;P? zHzT_?Bgq}qj0;=;=AG3XjyY3AyJHmFE!G)bhu63+*10X%cfIi=mcwvtG*jeqlQoi^ z^33};9cw<;pP0anASd9FRSBvGRG(>n`Fy0gI_1wd$abX3S2vyD4*Qf~2K60UE6`R1 zeFN$=T!4AIZyjHoSL4G_NZc&Q7NJ4 z{1r%bYdHM%QqiW0RFQ8m)dHVqZ%#}IEYvlhBA;O4+1$*&9u$4-nimT?m5d&_R=wAw~9F)g#wXxAw0q#MY+dj7m67-0Aayf`L6Ip5X*-OdzM<1 z7aNzl!k-E&(Ul6>PNiJBfIQ5bL;pYumYeu=sxM9m3pNt&3rv#Y(1tcDaQLHun1IPc z?lg0Kwn%GkSpRb$`l*v;g18T<_7<2t;?A>aq=-DhTi^%`1waDJ&q775K)efYJ(r`@ zXSHFKigW%T3jCIh;Na6dOjL|OHB_T;fNdHicB&I20g&NGhU_gvor1kdo7UhhBS8Hq zU*cd-+qO^3gJ^STH*-9J;ZjxoCd>eG@aQxMmXZ8jJM$erkPHkhOJ*7OxzzEK22U{a z;zxHr@qe`1FhW8E+nWX^3CxHk@{_h45kj?IqIi8#*{?<2+|nf7Amk=y!~i{ZsV9o{p67tteS{6ES~FxIK5${qim zKvKqG2z6SB<<=h|ndv_2QHo5M_$OYgVCis!cv2Y(S4HV*3@XIm2m`e31Z11pu}accs&|Ha(Z1M? zS*K#&^9dPa)Xb*r2Wb;pEQJG&-a9!Q@;qQlouv3;Mn9>|KPH!`;QfI=OrPJr$w}{F z-%@oORVr06b3mN6xrTK*7WdEJKf zx=4{aO6}yu_c6{^m%TmET1d38Q;iV)K8yY1DD{PxIw=>6ej@Uhg+vznz|$hmHEX-= zW%Git|I~0VhQROG!?f6qK(I&<^mU>b>{lu{gntsq7+AP8-&IV>S^4$-yS6-cFB#&m znn#We1*1Wc&53wZ@R$AQC~gBndLx~ijon~8Wh@kLSH&Rj^VL#_vpSl&mER`%q*#t zZBHwWnB~Ne36Q0`J&7D1u9!M_dou&jl`$-#IAF4%#sl$17y)Qt^g38RsQ(NZ7Lkva z3XF09djpFO4G$Hvb`y&z^5ru!CR!x)5X=_TW#A_fs?SJJ{@;H>RRnSb&SmGNBGf@& zLBj=#iC_T;m0{@MQlS4r;|0o!-~ou0VFP`&5?N8M%tU*b{-nb_Hhea~-x&-3|Ev_^ z->DZT|Gy|!@Jg21p)v!RM7Ta9I6@_&1a`Uqv5ENqQ8?V2|B`^Bf>sH%6hZxrkBJb8 z@C6DRS|-p`1o<;wB77apG&E75ya@hhl0;Y@s6TK!(6)iTBG3R#KAL;|u61oWn0(A<-4}b+D@gN?+xWalvbq5NG2yb8- zLVY`6jvj~m1%2hO#+AV5K;*W@chqG!>($vx2b300I3}a_@%@;ugw8Lg1ee#YT3Z%6 z6={d^6(g_kHPT=ipi%=FL^uKP$|&Wqv#`Waae-e&*a2{0WJ}m4*ponX5!#K<02DCV z0rU;b6Vz*sE+!}l?=TDQMnAYFPYq+lxR^(RwZx#M9KdG7F+NpU)C8^V$ z%O#1RTA2q|Bf>j7BYdd3OW1Y?BV;2Go>C&|Xc{!48t50BCz$Ti_HG&KJv-GZhTOg6 z8c}jH1!ZmHS~+O7qQ=y=7$TlO>lC%J^hn4=x|?qW#+zM8=>CYma6Y?{9RGZ2Xy2n&L`VQX%Wq@Dl<|X`$bZTWhG6 zEh*HiIQYr1o$}YYq;f?k&ES}sv0THNI28g@(jrwcs(MtJ3pXxn5Re#T(*2GV0)Xg}T z_iL#Xpzbh+RQxpreqSt-lH_Cb$xRJgy9&1D&6f#2%?`% z;Fd>8TK~+>%Bd+W^%)~kolOz9cJ9s6t}2zRnwNF(lFQE02Wp$lHSt;4HD;-lnWL6x zN?J>$Hv(10t!~sMzErg1S&Oz>%eitva^jFC!ewb#RHMdJP^f2L#58`*)XkORr+s|h zXsv=z?pKtn5M?b>t4&&!X6DWKJ!|%gqq#|<=AU|1;p`D|bE$q!?XCKbMmZYX#JoUr z{XZR*c)e#^3!N;;ERZX`eB5s>+WVl1dP!#rT-8$I#Rz$xyAz$ut8AGoCqtNxhi-0E zJUvmz0C_Xk1x-&CxVM%Ij!&R>LJ;8Y%*yoyj|$8kh6{`xhDEaY2+JgIEV1AwLJ*q% zd||#y#9u0rgYCn!ibv_sRmjH8S>c-* z_%$ptRgKt#b?&>)pV7J%c)+Hw8p!bxy7R;u)@fr|I}N36)nRK#^C4?T z6Yvhrf)+fT{i$<%e;Ya*Fg$Gnf2$tWoH>wA&=XJ4U#nv@dD#@QN4OB{wz#I(fXu2~ zcDH*!X&7Zy0anyBj~T2T@kZKZ|LT_f9&8r`HvDuzyI^qE!y6v-$^}O2TbSp!mUb=a zsHzF(2!GSXJg-Dh^r@-p?l((tb^D06b#`&SGOtZf6B68AqTh9PXm^+34Fh{@9qjDC z0!GPFPvh-fMoc|zP_kFq;LbwrJ)D93ypy?$=Ph?_GcH}t%-v_Oql0t2XRvx}kO|;s zmbHgylXKmwp5|sv$jBVc4#ol}#sZmZdW!e)baMFda<^M1!b-`mFUz+O8S7YwBLsp};w=QTlN`PiuziLGE~u z*7j_&`l{~n4(;HlKlC^v{Py^_h~m9#b8$qt78(_rqmKgW{nHCn24YUO3JcT?tUhct z6e(;Di1QhVOff!(f`a}K!U;?W5Gr};9dy`yJ#TsqAUY3-sC`GzdsDi2T(9UYn@tFK zTYBu(e|txh8hh<640+e;eqHZ*6CM*z<<@_F2Dz@ zP55+oYZPRYkFi40;_{3ryq@qu?NsbfX?W$(w2q!}O>(*nMG%`a<1p*_XH~P+g0T&K zrJJ6~(L&RcPNsp~aeZ$!8%8`cS8v$^-hRFB1FN_{%OU*v3sf=O+!Rb2c)$5oY0{+8a4YoXuS zhjh%RU(W-ky5CW9Ilzyv4ow~zH`fNOy|&YK}gbHAWn%AGZ#hgc5!Tc_Cry^`v)ty~k(}ShpHPpif{)c}1;e5^69* zkIDD?KI6}O_ILeG_(}Vjs#o`InQb{trpYn;jngBTkQEfSVer`=e(y_s)PCflaWfBf zT1*AC#w*lPV1(5d%4-84uZC{i-D7zsI2+U>DUY*Xz-5tQF!Nw?Ir#;+0ihE5YmA&8 zN)r_Q1!lq+her4%8T#6@%W8$o-1IJ6$}+(S2-<+~`s(51IO&33L5Kl8<^%0m<8iEu zuweW?Y|LRNU#{E{gHa8{WV&a6Yz`S_mv2`R608A+vHiTwzi<4h>mwnD+~n^!wL4`Z zA=6r9iv7Gs2?RLb;-hNi4T)zp5DLp|eo!o7Ods}UR%;}wv_j`9kZ%ToZo~t&$9$vS z0(`2G8UR3>0qUbmADjSb5fnBiz@ksti(eH!hn$G=P5DJ#$l&k^f1ensr#-?}l02MTxaq}^g3JZH^#UAz2%a(J zV?S`k{Sm)g;I#5Ym*GeonXWimJLld);3yS-BALd*(~E%q2OU>@9QU!b@5e$+!PxI! zrU~anjo9raQNmyBp7VCZfp=_Oihro7iCu48a?_%opWnCmtQ=Rg$X%bYly(wKHi?AB zjs#tKUE>JZRrmGpec6!nn+hgn2g{^JkX{+I6!KNzrKh!WpTAr`k*C`tmkbsjcOS`b*PIV6WY)edj% z^zKC$q&7Id^Jsip;ngochePJHi6wmcr}VS8Qv@|N0qclHI4W??rR3T`s&mAk+^2FF ztf%_r_F9__H<-?QU!q{`n>uO0ou8HErIOgIIZ#;`n#X$hpU}-a;{JIo&Jl%0Ovb8e zXyrWe_2ZlIiGhXe(RE|kQ)qA7hK(-9i~P@C`0;nBcVlq-Fmr{Ec}(Eis95(2yVb-g z;d5v&B9AAqI1jp4qv$mVs-S}aWe%NhJs2bmU1k%;x5;j0*{>wVhwi0)JPgj=xHs0# zh9`!-B}Cb02^7Bh)}{Gr#V`#-p7*t4P15*)aHq$+s~DcYIIyZLy1)j6yg(61;DBvS z0$O4d|GC~NQf?5uU^DfG1>&J-V$%6?xNK2e|2l+Y%7e5Bvobak6MNf3;sI}Ma(a`zW!&7aKZGR#EOLRwxu$`s+b!u$qT_x9-#&3d7ee0^g3n!5 zLGQQ52l!1CqCT)sCs`palE$|0o>;dq2STu`XoG3*@t*y+|3jw&;4iM7DJaG z7J}9%9CDehB&W*92C@MMQTXnwfpySVlt!XZ&iZbJp-7?71bR{U{5L*WvdF3l*uB58 zCKWu7O(xGeIQi{rE+Xz?-ZYvp*s9acJ|0{%gI;j`h#Ak~K5JBCbIN`S3MnJvhziu283SOm8x+u@J?sCwqCMk$2& z(JU3ACkQTTGcTTn7I$IOIqo1xV$3jPcrM55E@AHrA1uWp*K&)Osxmf z_UW4i<$UyR{CF%Ajq%iQZ=*)^3zttWhitLUIDGi|GTS=+3ygs}pGRCWFyzW)OdLQN z>GDalln1ZmS`x2T(S+Z{dr~8jC^mrFVfGtvee?3cqk;p z=;wTu8S5ASbaO>{qXtEa)Wi~&BWLF1i~h2W2uhyX3&Z$F(*a&q1ZUI7Y<6g6Wb=VegN`ZW%NQZKsYXl0-slyJpkrf6|od&PPO6NiJYj2^~!Egf>0Dxm3@GoF=1 z^V!)ZX!{GVOyT5~6)r7QJ=888CqE(ML4B>C0s2hw4hX08b$YNTe#8Rr{?&+WZ@z~QvWuIH z2MUrp0*>*4Z*~_!+Z!hIj)Il}OM zCBeV!Wf&Gi5f?fDx+a+*(&eeXbSDI)f3WM*M23c&e3D3weLP`w;SvzY(*?Di0z(^d zMiEJV)EOjuAzgUpV>-FZMU0UYf`mC*eIV!=uf!i|N@a_GRc5jHC@W?}qQH+kG zQj0I&naAgu8eDcv+FmIy@&|7cj$a!XCS5*k>TG|B-UhC@K>msIl>gpG*jON#EisEU&bEwJ}qcQ>{ddDuo!h{YEz4hA3_7;D*|7rt5gacTHY ze5?5vOSX;`aT(7f!z`P*=ATw?)83o45n&c#pSj9?ol0ay@_ve;;it-k0Xa zr?;1<2b#kmh+Hh_TF~_6*p}_CvVzKxXlEsy3+LcpnH$``G~1d2c!41nD`vk;zdCuO ze&mYM_m=kJ$>U*oXR`R!K{1?_D$iGlzzNP}x5~)s0P7|nneS^#^F?;ifeC^Vzo7@g zO#`8jNAUa;^E8<0;o39yS`y%x+b=k-QFmKOJq?Df8(zq;NchcMuyEWzLiljJ!JG8N z=NZ$l?G0_oZwB8{i;SJA306B*}l0WZoI&B%N>@B3t2@XOY!V>b$LkLPyXf@rK>=k;~ zT^A)n-eJm**tGY_myLzu4)xQS)rNo2?G^1%4-t4c0(`I6XAu6-V2}p$7VMLkAiDk9 zE~XuHN3daW-ltKWFJn@hM^nK~_Ip+<@!oDIrjpHgO)qkI5a5A#(@fl{wV;SAdLLBF zw()L#^Um+;OumN^VfQAG3Wueehod}3%BQ*;Naj(jUTw(u7%^H6WkfB>p^cqTF$j_>q{3Q zW*f&Oi>ycs>qE_aO%)rDidrWDWZPu0HM13w1RJ+R8~VZi+eT%RhReiFUf_MYRi)`h zWZ$Wn{qQOl%zQl~ES-74yVGJT$;%{+urL#T>pA83!V1NF-(BMmZvHWuSY1$a(HUsFmPZuw6kQdQ1l1ZuiqEp?KTC!3? zxXiSE_u)vd>nWf}nFXMgRY`7eobX)hVN+~_1#V4Ldu9V60H*t0#K2)NPvxMK;uJ%q zthIg8UQQtBd6)L#Fxee$`?9NB{`(!B=_cmnWpkLPP-}FI)YGSHHqyFJO4S}Yes^TF z`XcZAbpbw0ORw~hbet`$zF%t#+5ePoa3;^r^hZXnq?&tXZ zUC6JXy;QxGwD4fEh!T#Cbr({dm(HJf{d$#$+)Yn3=HuBE;kfzde{uBf@l5{j|2Ze8 zP^lcIymRPa73I7+q*aQ_ySK_=p;9S}5ym!$gd9dGia93rsf;409muhiIh2WP%V}fS z*w}gd`TqX9ACLQSKknD-e!Z^e^}Me8`MNGHILFgWuP9C}SdX1LNbKB)2cK!v>&g8H zW6bU?36`xoyq??q^tioOvZXgBYmbf$2`RCI$k0-|qb7}|{k#8R4a?f<4W=h* zhFfeN6ec=9C7!x7K6`xKWcJf={;RHIE1|b8^8vJhPXiW9w+u`2A%X|HZ{z;0d7YqU zyk_i5m@O37OVFkC@ymh@3Had$sAy{*tt+2kHO-z_Xp1Fc4~XX3mbd&4CGkZ$gs^d; zZS9lS8EUD1G#^->TznFMi$Cgl3JrJ5n5dHvo3{9pKaz!l1o+YypJIlrUHcX^`I7S)sc#+m?wjxdH= z+1a%l!~Jw`5x4Ggn=~@!b9^18_4v_)7?)iM^Q4(GO+~aT_vS&t-y_O=44WT)*1{ZH ztm$NedJIiE!*c9)%sBKE5o1B3(>^QHmdUHiJXuGICc*-cC)Rb(8RNAXQ zyWx@^%2qq~ZlUZGZeIcZ^y`CICmLk#37s|Uj{DjBP28eFZcp zoB00Ymd< zos5Hb$S(^~E4B;zvwI>_wC*?AyO$n<8Tbv$1*!n>W`))8F;444Aa2m_M7@ z_gdT`zvD1iGJv>p;QAc&IHU@sEy@j+nQTX2M+JSvYoZj}duwi?2jv&#S;0*&R?8EW zMkXy~0}uA+`xX%)nn%&Bu74Uroqig1#MzwXsnHqzO<7y#Sn(@>Rh{^;u=qZ=bC+MFpKr!e8Y@A*+Rsbe~lD*`z<_f**y8b`?{`qy7JKqXP_9 zw~XjJFYk`j6&)(Jxi=7v&wfS+7u485QLcAA+cf1@l3L3Gj^i?y@ZY0>q8t^1*IMT7 z^-yG5mf=n`PN4tIYc_Doif7}-PG0P7%7{N0+uWiqIJ&qR8?Ez*b|@76+p4tEZ#wE7 z&w*V(&+elgnY_Q^L|5zk zcpWmYCSkWzPmI|V%rEQ8L*#$%YKKW2e?OKTm|=B|6j9#I`u)JwJBv^JGl5K|sl4ZZ znA*KgGxxILEm_2p6Q0e3Exi?_lcz1rwf?HM|Ks;Hf>);AT6`gBi_81Y=E7?zvZ7o+ ziIh4$_@Mt&IowLZ*#GkoJzR$sUKppjcIjg`zC@}gOBX@(p;*E0Lr=?}daAaHh6`02NtY+l%_~YNix^^jB?f&V)X4!jxb2DcSJ+!ZT z$e^6z9=k=_DFfCAmKw;flOpno*JYoxU=Aj=22U@OV*Qu@3J$(7`z=fF?*C5F6?)`) z@QVQSm3^PS%dT3;`&MQzj>OU@bP%YLr48%eR1KEgH1ACncVGR?I2k;*b`v%T=b5I( z-PaNQK8Ssu>WulEmGGN%^MyCO_w{@rA1%ltcSc}b?XXk~b1sMM9 ziX!c0t4Vi7ss5)|*%b8sS_1w+Ej?aSXqpb5x@oY$4Q?V;1?;JT7GYu#jfwRR>6Bk> z-Nx@3ZQX$f%O;0AP{^l6TO^_SM=h?KndGF>bn3C4Cv><{NWVsVaR!S0iD>s&BOV!l zGVV&QTK8eDuQ_&V1)xi-2hdD|X6(m9=RM_-mjU=ZuM`wuHa_N0)Dudhi~Dr5uzc)? zsLjW@Yh`NxNKK+f>}7o4>UHRtX1rwfc*`@kf%^}`-x!=$s{-QVmE6mqYYF#`*l`l^ zmo68P3{O~zxv69C%t^n^N^c0+P0pJ(&|JO$sk07yYrn%lU`kW;D~ii&Cc@PB6o>#hl>TWxxoH} z@@Y(bRJJtCeelHk2AbF{`Y~RB{;tIrU+$El(wlRI)PpW$O3lmMI^>z^r;C2gq!5u) zcj`gPogp%7_LalacxkCMwqKS|eEFMbS3z0mhIYsK8_W+KlJdxot7&y!zS31Ql&|+t(gCd)JMrxM&QrI{sP3ak{;HnB!~Rz{?sXD zoS|JtQ#^`l88j`fFYb0;@Auw-P>N6Mjp3yX@kl#Hvvqm~(-pW_1M34O<$_0NEw0GQ zzL##NyM&x5|=b;bU^8@4iI?|BfU$ z`>+d^Z@5g}5fiMB7tQR;ecWr<&2({BSltL@)oO}{k6`ODJ^_}FlfH{I^pWq=A>Cz{ zWm&1#3ILlr?Rz0D4<4ughADm5FDjdTjfrs;M&?OUvO3P&UK5GS>r5%V zk#IdpX)3hU_NjErI#Qq9dv5AtP|fm=r$=%%#StMc1z*F)WcQ-XB=9ZcVN;?lLPWhw z2D`92=PvlE!=w4y9k{B?$1Sc6#0lR1SOxU^>?jSJ`|urBWZ$*Q>tk1;G*QwW5=2R2 z%X|WJ`XcAkOLh(A#ep&EfwKo3avR;;hs8=E$H4|mJN)B_gk&e@)`(7Hl^n{=+YE7? z%M^`1ZMlpI>XqjIi0V7qPTp{xI*EYBVTscyr5dIEnbKUosc#yyCQZ!szuYtgGKv0N zmAHv-!>x!#|Lpvo8(8PO($W#|WA-N87^j3e9qf$RQG}zf8_zwkt||I(m!Z~m{4*Dj zx>wk81Z1f@yZ@Bkb7|$72zs3U&Dszo$}+c(DBEM5{s(Z*s6?=L=E^?YVJJD0;L?{W z^QA*a?oZy_)qw9~l}+#*$XU$t%enoqZ#BPj)4Ml~B%FB2Nt`@Lq{ncr`bV5~BJ`#m z28hSl_7iLFa8+<@aL^|7?w%JNeAuOr>B59A$xc?}<-~7@mfl1FHzw@7eQ(9RDf0&4 zBkFoRfvC^^grc_V+x}|XntA)ry^v$vw3sBuZ{b|a*`{+59xq_=10TyMKhixF#jKpy zxIMHG!NkGZve3$|c@+*+2gk5DTXP;@AujHzEI6`!q?G2ensB$~aHNU2!<>8EBrNUg z*T`8_Zq7l9&m86jsjXY>P0(X;`RzaG3R=MPP|_Hgd-uc6P6VPuqQzmDEu(%=%8uj0 z(0{J|?u(2^4r+h)sEb#hPJ4VbmmL1RX~kaW@zXaT+m*S@Z~;nIm-vva)bB%_%NQITr75D+mGF)4)D>~xJq*ZDLlT6-Mg&UL>F~t&|*zXPn8>}wH+#FoJ6`D zC;ga?{d+o-*LJm}|3N@7@%j9Qolo1}Z>!@7KK|_Ci)%cU#1mRmH&CUU^~>NTveZ*k zaiXNlI*vAV-jkhVA8efBD?yaBgvLd7{L4N2nl$pUm?Bo0b6zJQ-N;yT#48H>knEBMX!{lBU_h1*7y|ND8Q7JLR z$=ULA6!?-Py?1i2G@mVA-k~p)-Pjsi8!c@XWUk3Rz6k@dkI~3{;}63Il0UJ9%{lWh z1NQ3LmDi_@01GKE}rm;EP zxvOvo@hqr5z04Q24RWQ-<`q{EANBNx4fDObGqwFeJAO`Bl#1O_${j5z@aK#nnCkL@|H>y*gv1RzU(bvyEernggZ0I{K2M6bVQK{RPSA&5;WS(PNw6K1 zPk|9zXC=-yH*@7isN8K6NnmXm$7tfxb4Ou(bk5~=(Pjg?qjJ`v;P<`hXLY!s9aM-{Eb*Ie$NzWUv37y4cE zbH?wT@Pn+Tv!bG22a0W%*qqg^yiRfIYFtzUe%(SwW1=7R8i$#X*ERJ`P_;ku60TsJ zx>AjBlJ6H5`KXId;(n9*7rn)|yo2#}v;UQ%+dQqg#b%^|2U6d>RQ5Z5)5vlaU?K@jI=a5(?%8N^0tM?q7kVk&(p9yxMe3gd?!@IriGG@(1)N@~C8`Z2y zE+HB;pIYtKv@(x~?S+x@?dB?RI-MByH89l-rhGUB<&Mi%lJK@8V3LA)xlCo66WZadJYJ(xOjnMtB^^d4DNG z*m_1#FDLz@^NAR77&o`FtgBOxw|ktKNUHaGA1Y56T-^$WMl>y61LH?{D&VHOwv_ww z9bdZVY*ftl&O|=e**Xf_HO8|{_hMooYm3-xa^Xg^2i6seImy9NjjQ0iq|iR8S|tmFCy?BNc| zXBe9JuxrRk3zHiz_=ErZO^VG5dqM7gZA0h!W^>hhcBR{M?8?vO#}==Dq~Z6Yu1l4R z3+odr=3*?NJ@EeEE~q+h|BHbGoV))k+i~eGKjFL1ykN>^+Xy{ux`SU`MB@G)z+~7y zck)AJG5XV|JW7Gp!(o5q7TlWmWxro%CZg;7AJ&(qcUi4d7$^3#Zl6l*;%ik*+0qPL z_74xC?zKNjs*Z~&PL26r!L%G1;s~~j(1(6Xe3zEFHntZV?D(!b`Z?E~+wDxl@igYv zsOA8Mc(|==_b6=(_t)LnF8?4vJ-LHBK{M)=Q1?^knmKhD*W|pbM26TGZxJekZHKLh z>PJ3imGO5J0Ylqxx^714Ue!KDW#nq$Wgphuy}7uyK>QC;i<{(`^svV=LtJ3^FmvU2 zrm)#WQy6iBwCg4B$OKnsZ`w3XYigefANJhOo>;4APDKCSSL!OC%PipT>8g57bGuX6 z;CdpDH)i%sBFXRd@P9yleEqiGau74V)2C}M@Rsvu&L2r2e(M@tpOG^uW#281t}qIYvq4`LSP5 z#Jr3vAdQv$vpn@D|H{r-myyc5sYkx7X2tR;S;gd=-KVDZzdjj%tg8a(ml37QV+ZwS z9B468Gu~RAm0TSjBFoUWxOU>>FWVWD5}V{ z>lOO;|H9{bbZ_TbI8}zagt?Np6{(lwZS@l|#JXqK9Lz|Md7gT?3V^4OgQrZU`_EPa z;vZuS<_&gPKbj=FgzvikGU_d3s_%W_+Y)&t-xMpzNmMz9a(yC>oYTDV-+7bq7BlFe zh^W0DUsaKoSw)O5endsQe(pWl7k1cogX#!~yLmtMf6OgC0x@H?>^2t&nWSSCa?L;{ z$to{DI(Wu>{^Lktm&k{F&Vj$k#}!w9&5%N4=4?I1RZgpz+vB{4G zHI-gSA@18O4-6Jggp7HRQB@|bjkgxLNnwfSYQs;Eflq$#w$(rT-uUH#9)sS3m^Wdw z^Cj7a&lnz|yJ$BCb`Bl*JAWmv2XpsMqMbEnb?ffmbzML&v#ef0&_(i=;pwg23bevr zQAUC14Z;5Tlk)vRy>^w)*x_L>wW=T^ADl!9C@e7o=JNEEeE(%~*vLKDjQV`5h0)_^ zM8u1gKu6@nUCB+%?y|T&R=gI+s~V^6#gv~?e}0j9awd6^u9O;FeW=Wfq99b)gWk3iR@B?j~c=U zX*=B(HvKMkcTPw#djc_ev5GWJxxMivlTQ&tz7Gw-&orsde=VYj0#jtw4b%~V;&>ss zChTp_x=Co-(5%hJqifm3ua{Xo6!HC+q3NfGPKBR*H3;`!+w3OVGk*PEXI9Q#4-ZF| zb+0heCpE(gjWg@fJaQd)B{+_ti`4`lIea^aRsSz$-^rQ15i!uw(C2&J)rTxZ=Sa>0)a1YP zcq43cO|RW(-xx>ySbOhNa^hN^2`4N z-$whr%jIrXha-yU}IW8%DFs29(w;zVb)~RhWh13ei~WpGTS}CCBV}!e(!* zr7TJnBh#%RZjO*_&mY1I8^W)HMx;rwUq`On-JKTCx$;f0wQOL^&RDAIJ+p-co+jWI z#meIVk@UPGpSt9wXq{+uU>z;*Lc$C%Dajs@wTw@at)Bh6~T*~-11rz&6bTVB_HEKjW2ne8Qf zf844E7hemHbkUEVN|J9D1!hLpRML9O z!RkwG_d_4(a;$)Bz>nXBuM4yDyMyV+Hepr?BZol*zh+$^=3Y5pRdk^gV$ECM&6Ma% z)>Dbwc~-a&3hN6BrNztEgLzH`DH zXbKr~9-t%v+?W2t`E~)E!fL7_Ze9adQL|fL1Z^!xsm@MVT45S@C;FC(sw}ObTvRsN zq=%%!a~}dKN#_*h7Q-5X-b2X2Jau}Y4!&t)YjaB7USOWAK7yvBgC1%9`btlyLS-fo z-YcQ>x_vnL-jS-jWkmvcNVa1f=Z-X6_*D+y7R^LbZuce3+MbpeCJrV1>fLH!DKDrL zpQh)ip)5pJmQZ(TIFGf7U^G~jIOuhFd7~qM8`7vJrs@@6zgQP$NqWB}^Z7`m)Sq)& zsEzvqDu|uP_0VCqxUo~v!b~SR2K(l~wy+MrZIX9}yeE5lb1cIuUP+3d(z906_3uwA z5MNi&G|J`5-3A4Q=Pw3D9$JJ5&!AJBYm)2~;&`RZZIT&WdF&>hCD>Fs@qNb{!xS*< z`&}9N4Sf0ZieB8tKG{Nvoe~8V{Ib+PJaF?du3fy1XUSf7;#Kjt-KMiF`XW_0mO8(b zqyrvO>po8!{Cyg9P%L_|aeu)|~PLo1WiUGIoe0D%&SM0hk1u1vsmK zTXZ7jiu93K_rGtNs-Qdam@Xbb&haXemh|0u)WavMId|I)U8P{rmx;z@4)Qd zsG__CO(knw&`t_cXU0@DRJ?LdwY(bE!H_Z`G?u_k8v$EA`t2VcyIQD<5AOT5i73}3 z0z7WJoff*ZB}3vL8l>v%S`Si8INKWoWcr%$t}>HXFR2ZJcTRgl5_Z+HPs(S@NeaCA zHl^*9d8Z6^2l+pa|7L=B=bGWIKt(X*ur|T(g^G)F=DO|GbT^oq&>|-_&WF7OQr(zv z9GC;`SiAFhVvy!2I6xqs^AP?sj!s{1I}9WBNXpqSnZHFoJDb#}hxx#F*V6rt41f<0 zaBtx}#CC7g+(6$vv{C|iK@nRx%!Eq6a@aTa*LFbxFxKwOHw;M)bxODgHzHMLo=DN2 z&6j8-4#sZjr(+G%!&U4@-gw zt9*5VRz7pS?>j5n{k5GD81x|lJXv;duuN0Jny=bKpG`*ZitF5oS)Friw?NiJt9_fV zo8C{SX-P;Mo`MZhdUc8p-qeb#_zwB4=CY#_JPS~*0Bq!}Rb3Wn3D+QM)3k@H$ZTM; z$?POCjn(fKtHium`avz)3Ny8hx8}^GDzx&j9o#qIEYyubxncp@^)!1=_>qk!rdSN? z0lilNszl)4$F3I89sw?(Ts1k&wj}9J`2~95X?}7u^)age7-P+AGKv0lJBW@@tsUW? zc1k8GE)@@Y$1hgX?F^%qlS`V)1CpK)C$5|lxgrlu_Lf7z8xDiwR5wDo1$O7>N6R;( zU$gCY1mi8*!}iY*HKu>m#Hdp?v{T9J=WgM8njuG)*@NJ%Qj#YU#2ZzXY^Jl-f?R$Z z&W>0@AwrikqGb-bA*dr4=e~?ApHM+FT}g2P*(zA?L8%4PL~XL|f?Q*P)Vl`1kJMj? ze^XN~+cvL0SFD8qR+gqYA`A7kkRws@f5zt%QW+Hx5opTkrJO0>D)L1wsd2#HVy#ak z=uW**K~y;R?_>H1Z^%<aF`j%)yDugq0QLzuH}%xWENtNe?D>|MMXwp~?HEU*XD zC196JG6g4pyRobUSJY5Ur|QJ-Vc)#sbfkZpQJ}@cn_8hM%ZUa2D#@m$qd4E9X(sx> zOp%&{C5*FkF2Q6RDhEVMRgx}s%jK9dLfhT;FCU{d4o-T-Hkq1QRYy~v4DZ>qS#j7j z$Mlftq+ZIyVbi_UJ2yXmvw1VAmph=zCxYc{bW9wU^8KB~KuHUH?u0L`3#SvcRyuC7 z;4gkS2AFylEOF=;RPmJ_T_Em~htcI;GX{@**x?`cq7O&?m&!tp%w`)Ra4-eQ?F#f4 z0S8p)l=wACrz6XZZy!a23|Rm0O@b$3lRhPnL(yAFPlm_`?v&=>6T2>m+eY=u&NCmo z#i}LX22t;({ScC2&{R*h-*{n^sw2UN@7TN^oMt0Co@A{S4X@|huirsaLl*Hg&#Af{Jq&61# zRN!q7yBs!1{E-JWakgouroMD_8W!iY*aoHWl_|vaA=jnezHTnWX#M!fvh_=Ld*op= zuhb|Bxs5}7Z9(+R0-@O8=eu>^yIrMvoR}1Ew&APl(xB8@g=hrHa$jV;MyJN#*uaJ9 zumulxKlUNeB@*ZHXRS?geetmhP7$QvCJyDh)9>fJYv{e$mvh4BHt!aA`6_dbx(r(N zAEAB-s9?zlm`~$qC)&U zR)s{v>uYSIe9W4xWVyYx?hUgEV1JS-6R7=nlVvYw!u|mtS$cnP<_a`FA zNJri{M5+?CMqNTm@TcRWrVi`LPIAHl-wg!s_)&AFO&YWCHRp6=!@5vqSz|XYa1gx- zdG4FqgX|Zco{H7M-Wds)Ru{e@Ftw? zGFhU$^C{t(_y#w6trq8@6-2)Vb(ElL)Sc4lL1?Dr-x(j(&kCcRR9c-MJ9fvbz}uv! zsE(_7B?;ETOFR>G@-GDLlU?K>u{|Hbxrt1B;4do zdV23)fNz^+pRYyEG3x!rVKzfP;TJ%crIP%F6ss^o5=s^U(?!+secY?OMF z(5gQZTCn-=`23zqlGEz`w`G6*PA}k0mu^_F4xQ#OKx@9blA}x4Z6tPofoD)>T%sDOI!PTRU+Y?W8D)dKUJ42YOKr%f%s z`JZ&+5jw9+|BJQ)o)$U_5bXwvCOWlT6IqpU!(9CQwkTQ!UU?QlBihC#a4v2f_+$Iz zH0>^{YubaD8mi)&to~&y&R|ajLFpH-c`+?K%ATOE<{+?&NFS!}#h{$k!0fE*6`+gI zClfQ^A;3O3YD`S!95W}`^Tu@&a!|UeGNot)u1#m@BwK&BmuS}q)STpVx|yhKaABQ~ zxS>hUj!@{h<&E@5Rlaf}0B2TFAx4>{DFqfIt=59Gi}8Tg(LpU&@);gp-AKb(Yw{%X zWfDoP7WwBuX4X0^eNe^&-9J=LW&imQ17V873A%9_Z=_>SfB6*ofjb5e8z+zx0m#h3 z8vX%b9xX+3dWJ=Kt77dboIeUzDs8J^v>yyN{AEqQr@{ zp7pSVJ#x{n3p>QweV*~}pI6Si@%SE#8S+m_f#gYp2G-z67X9ZQd0>uHyO}H2XSfhC zD9$BYkso4x@^El_>-HM{A5bTN;4_{jSXLggmMdl z41Q^Un-m2fe?~RK>(DHj)Sq}Qr}PlU31+No+4HzxdxIQtbkjscnW%0qxjodC02Jkq z_Rs5huK2PwYSX;gp7PW{;|#Bu#af+%uk44HpGKBBtKh0H+iSR*TUfG`KSYtr zBe~sl`oJ?Qor9au7X@o3U0a!1M@)=wIEyy7IfXV2@NcOn-IX#V~LKq@)xK> zon=!m$%<&T1!Q+y0SliopN)0|UU!H_065@(?^_`$OSM0cLu-6k3Y=i5Y9MmFg*}G-n$EjMGmy>0(F{=nD@%R%H(Hp~K zx%5zu5vRkV7S?vJu4e#57YA!pM>j3tpFZ1I{5k-$<+;Gf^s*zw(oEt=y9Q_;2z>h{ z#%fVsB>9))myT9laX68PYOnoCpHA|x_hB#|ZVe+)Y)WL6@NH4;I5>cs0%afRsfyh= z^<@k0A+pArHru;%;})h>SAMprgY}yl2Ln^R*@4xMfLbeYuMqCgExZN7&)}bB>4Bc@ zF%jKt=7{*Be!T|+oV_;)Bv@{@+pyrVd72N7VcGNH&{Ydlxvg+|u;~*2oIvLbdQ01J zW{dXDiWOzzHo^8>d;&cuspSnAi{m7ZPUk({=@cE&QMdrWzB`k47A!-sq?;{L}mV3k~4p zXv#L5nJ;>2qlBxkaakP-JoruT5*# z(8^~M>^<#J9(P|9&m{WB;xLM*lmGP5Dw^ZPzTKceR)v}gq6f|f-zU`AKC|yCuX%#% zy)kjomWS|>Xba1>Vq!DX2i`6~O8!gHQKb-ti3I?~G8NgLI+r@F>2JHHcv^_2YlT#D zoCirMnV~{SurF-Kxs!sj0=pW`c?3&zY7{|jB#`{cw)=k@Xd`#-@?`h_NQJ2TKLY7^ssONXpnt*2JMalaQ0o*IRU-$RcVLHb5oMO5W(g^ z7GY$#`&E=*jt6SzD&ssVI|>Wo0Hi`)A>%8>!M|0UJG#Jvx2{dAlyDXDgAA_8;cqnsZ<_mGnw%-887Y(Z~p zrpjGBoqh@Zj_}Ce2G{nXmG7sH9;h(PEWI>lqd;Ww$OpR4Z3ILoYN>_09&Y43eYZ;| z=xrKh1CauM5}<>oEBmK`5hXyXNLd-hRHxq_e`M~<`(}vRlZTnnL4n$fAXS-NoWsnT zYw3UuA_*jSIL&$H=6&=-uPaSm%rFakQ`$!NQj$i{fgBx0RAtOn0i_dK8p+!`%`{@F zg;W10RuNrW>A5J|Bsyq%VIzYp{pCpxX9~AD)jk1u$Df{=cYfh9R-Z0`eg$j}P&u1k z*0{n&aspoh_tv}{ji(>bpgD75J7_AOmCaQ^u09X0y+N^uTJ^aH2^I#BgxVYe_!^Gd zUzS0v?7N2vz45TN%*Jdkhj4H!p=qT$xA~244X_#o zhVkOTw#zKVvBK>LY&hp>kKbx6D^^4BDBQ)Q=&~3<_c>44plYpu20h(t_~gBH4ArP7 zd%_$ih-`Zj@L_4cMzjLL&e3ogRZYy*V+P|CX9qsZn>Q5KcB>QP*t%|-5! z|I_ItOSa9h5<3R6ec+bhlPy$IS(0Q&fx)W)w$s2(qq`8H=C^k?-aX$UR&8#9w~A;G z(!epVlZinV10=mLEIU%&k)T7_8jrxdw_TCyi!=s-JtUi-)Bn+pbE^6hG~yAYL~U;F zml@KBwR4M`yL11g|LPzqK;J&l3A{MPb3xQrh3%T9oexqK?#jb)|Dq`HEke*DwO3G* zx^jj66zSE*JR@^v#t?@>B_yTNi{#l2{b`mn0o7QhG0U}(!x$X#O z+x<*bVG7Q6omJAJF*yI{e>c18)gD;?3s#11Xy4J+%2=u$QMHx}d=yF==stbA?WY6A z^2HYAlaG&>q!ZsXaha|qy0Bw^f zNvQAE;B>p)v1?+0Y#v`sYAn^9^kDvPYdS15bs*m#ga17UNDE>FE~Q5}AsCf@43JBY zH&)!Zx$S@LG#wPy;)uQ@HthFq*$WQf5y@=r#S0N$CGdTZ*3^H+&BDCc^hi@Zfz9DV zvyFM&<8e251xjp%TE56)48I>XK)VQ7xM)jRoVcgCc~4_E>9p&{6<;%JjOQbVt0 zPutOkDquceIo=Um3ygfD6bPDG_(S;L?%2PWG&u-$J!RSdnqE#}!*uajHNU5~D$G7w zi`VvfIkb-=rk8DnVteCuI$}FNVb`VGkix-taC_jF8n~o(5Erd|X~*J5s_R={i^4{+ z(cED2oy8&HwaHry$Jpy&US}Wd!-_`pMY2l)`3rS7y`>%64n0MF(RWCTFkmow61luj zPMlNkswtoIdtv!--$`Acyc+kTO>|CL`JY<)^ zFGKJv31%upl*J!jrG?<_9|d8vMmGmAhMYZuHcM9ezN(UZxHo2M++-RYc86b*&M*0BTN6nhupEGj_y6*y&4w6=!_5C4vqy0g$fAM8n1znWfcax{gcjna^H za?mO=O+087Vv0V-IeMPq^kHw1=PiudEzF*=NJ9jc_WL}^Vq{>;@W8MK6vD#H)R;mU zW7VUmi!Mzguo!LX70%G$y+^f{buQ=G()Cv+Ye8$#i}yTb+g4+ism_h?MG=H+Ia5&M zaw3!s6I=l#n1ql+neg+qe6|;-4XQay@+Cf$eCiu=2yvLVds^4FeZ?t>AguFa1bTOu zM$GvA17-Xw_|>c|v)kCO<2&f_c?K$=O-}zU@O|by`1QUF<;lI)2(&|5PrTs2Jq+dh z`6%Fqc76>my0mY6=%fI4tK=ihcBxuIT+hrWB}u~CC4*RVId~P?NjfLsJ8o28k1|S>r`N8I|nS8-p6dWOg16=i3YpF&7kyWf_C;b5OgX63)I8B%+0 z#83DGDGDOC@|J2P!?Y5sl8TcYDK~OQ%i;$jHe&~D5|yz7o>#vJD)~IjEr9xifek=m zIGtnp3%Cw4W+L@z0l-bZpNCWRz9?2$9}=01Y+TDWi}VIr0e@;X(Bbo;BuC(D{0_Bx z@eUq3)X%yxfpY{=sw%5kbL&al$xGKSds4tMY6;-50y^$(Jdlvi@niHn8$s>i#Poeo zL7UGo6FdJIyzwO$F;>B?2DOs{3P`Rp5*;Ln4w}}T8EBU&yTC?DL+AOdj+#3tRkVg6 z2E@N0K&y~X8P#m!-;$b$VaeOa` zHqrq#L}7s!f)ZBq{kOFgCjFgZ;R`g!$*MGGL3Hj~!eFB-bQh0_Z?I_KcF{@0w_{L$ zF7oD$-m7uujS4^_sZs0aag54$uRqa2!!$t^H}&{a99OVxL)AIK-oNHG(>>3>%$)mz zgS)05mW}pOb;qjV?WL^P3(Nx^I5_%~JKrL1Lqq1%_Gz>w&-W4um`_q{&3DwntPNdW z1q8E?NM2%~0AJM0)!00+v8;Z^ZXZcUpm!hZ^?ZlWk#fuOJVW%X1BR`Ne`#;+N0_XPucv)XN1~(w{ATAF_!=(d0=+@Evdlik2_$qn&Y?516?;by2+) zgs44%g3s_(p_;W^XSSIiBkaRNA4Uf;lW5C)`xd#my@@Bu!OwR2GxBX28?hHtRj+p; z+mAN#J9?QCGQ)IUv2n$QKX@29yBT3p1z~g@{Kc-__>U~Mi^?+fW9&fTq`vK1t>Af~ zTAQ7#oz{j=qU)-5~J92b@FhWGfysU`1_QUJ-MBN^Fe){bEL=`~--O(bEG$-aD(}+LX zi(RozAY~`EM_Fdi2Y45Ro<3mnN0TsM_TDRg&$^A=3qL+s3&_X8A-G^RNPzOd3>fcM ztmTg9E)-wdKRpA9~uh5T>T@Cgon8#AJ_C8=q&Su03wV@wNsm@&1t z^k(+8HyIH%vmr4zEKrv^fY^6j?X|b?o2@MACXr_m)nbsVA2r@?w;hCiYNsI{sIvH% zYr&M?AXdTKSI@H@0Tzdr%#5St)zG_&-Vm7$lN&DGE^@v~3;t7^DUn-}Drg7t$}XTT z1}QsnM`}OoSzrs-v{2Qr@v4$t`P|mgnqy>hw37fscZ7*uW|rNliW`*l-OxrJp>Aj# z{RJ8RWZf<_%zW{u&t_8z9sFYR%-9Pul%N!I@F+g}Wrs5AePG{L+y=+@AP`cN2qXH6kE@ zfsyvWGY9VFP>8;(VfiE@dvDe*CJRCwm@FR-l)ehO_3=oI1Fr#G0k|4)Wgh&}MQC=U3RfnS}S9_gqOD?F$id9c9{%LqC} zGBmZQmkXaUHp$t?B)OY@#{VGQAv}saq$L{2Bb{ccFcS(Bk%hq)hxMaaw@b67@9NQx z(bDn}hkC#eAbR=x+3{X&=CT_lbrn$n`AY%5w788nLj6;NKRSy^c4z=7qwQ{kl8DiQ zrZQxBW|7_cLlP*F^}?>8tG0lSS+TL=ZMU`Vpcy$-x3?v+66>~)t!;8b_2%9f#9Shn z+3kvo37Xp?n$%u=@t!8U1!LTXp-nA{QGk%i8S|B)_^%@C`T^XJFL4to8_i_Z#5UK^ zF&qWDywVPMo)JBo>cf~mmyS}IWqbvA2*X5#CjeehrG-*l;F`_1r~iY7Kz1#TosjWm zF}F+A`{XKZq+vEpk}EJsbWC3`Sb$jyKlI_0Cfn|?$HZm`uP0^CC7X~l1w zjDHpn;6&=Jo=jF1E$vMitO1o=a{DJ^)3Sxt3qSxFf*vBCnK`x*&pksX6C8nvqbn2# zo<=zhVuTujZx#9Jk$yE)O*K^YG6@+$*fzm7;?+T|N8XGV$Nvce?B#EYO7Nh#vijPm z+c$EGSJ5e`q;SL)OFi-sA&CE?yo0hCvPg;17-XMrw7rn zZ(XIoQfp0T9m$EhvgMn!|CFUD3j}(Yo!-zNx2DF?-0-?t{h7VncuNW-?d;b9G+LiF zX&_Mi|JZsDsHU24Z&(FHKtSX%fHV;Sl_nxhN<^fIfPjkBfJl=jy(XcEfOJu5lF$Sd zX#!G{&^v?<(n2THgqj3WzC8c;-uvG5ecxJHdnJ43?3v7*vuF04y?;A%?F$3a_l3-weHT#kK2XUiUF}B)3@HXFi_{hJFnn%3*^3pvKPyR-TIPqv#vW zBHMG5q@WoJn)z2AHjrbbEDv@xm;7YR7ZDY8Wd3fFS zw>ih+dHz?%M%%X@K-`G_o|u1#5S?9p$~+s$m}2xV8jPRqfogTz5k4`}c>RIQ1B@8n zxJLHFe$AM!99|Ef&oF3kfpGhS+^ zSaDz84VXfXw8bRy=7VM1*Bj=G#c1qgkN2}I-Q%R6<9o$iA@OwMm`SIi?7Od*>O%Tp zxv)`Fm&ttUK3g;TNFYH_vSK;ZE@7VG8j6Q>f*jC1?AM{1tdw`axTXpY%rGq+U}ih+ zNB3z8bTvy07)N^ao^GlOOc;FJ1j`M~)WF!Ac0sf}F#Rb2d9|be!IplYe(W~R_dZJw ze4E3d!mM)N9C9wqtOuiuL_$*xQSxs=hPu{%uJ+?IN7GH0xGDp zEl%U9F~hcf=LAE=zWC&*YM5+s;W2IVea$(RU4ObHF1)cyy|#F$<-rC>s7~3bqjInK zY)OUmnYZnaSA;1@fd#E>yS_|TuKK%^_+LO63?`dL6e|4KBYU+mV(ZM z176M>(@cx`ZqBPURfjvjfP%k(IZ_~rzR8|_|KEpm?!ih{^8;T3t5y-EWQ{L_P}}_I z{4MThGA9vVJafPCyKJ1F-VgMkHfrt_t7Lf9TdK`2EdtOEduo4R4}U>L00fI!=e-N@ zx-ZqHmmz1U1IC?P{-{jgkLO zZ)f;VPR!IX*Q>o*0NP{EC0=*tSjcHcKjYsPJ@;+^c)~_|4J+`5lIB64|7p4M+m@HT z!&dQIIK5G|+KvKgnW^?Q&Weh-0UjZbQ-|*!U3mb`s-XXp&<-$mr;9OuwWkK)arfL2 zaL+qIppUs@N>J6+RQ8&RZ>69`Eg+FUOFX81v{YOKTz$N=(s5EPa zjmdv@=1Fu1^K^*|fga;FxFM?7!V}6bhtt$8oX8907BkF)FbEk(@mI~&Y+tMlV70Bp z$3-v2SE|VYl52u~2?oB}uH$ytdl}y~9go--;$12XkEd4!FXVHn*)P^#yV)>y{PLCN;w{R$kGzwGT2#lVMMK>k zc^C_il!rZwm2K<(m8!4-DcgyqZ_+jjeM;B*|M0VoPLV$X#A_?`=qX*jol&E*K^<$L zny35MOVwJc0bhR8yK2$cDn&1BkpjG^#!Ik4|5W5gA4w-v`K*94Iz**+d(&Q8->Dra zceIDFfokt4p(7I8*xeug^vJ^(6*d4+E{h^;Xp4-P_0;{s>i|I2otkJ@sV8ps;%rqG z8FQ^<0N@Y44&qgbzw659D(hMwoh>ER>kADwb!8iUnK9A&1h7_H0oZaK_{jTmxOJ`2 zy>P#98!&joMqE&IM?$a`pD|G06Jjera&|;}r1Dx&PivdzQ%8m1iC=m@9rN&Og(Zb) z02q6u3@+64ISdq#vS~5Z-RcDR^Sk2ihOa5mG%}h&&q}XA-%9!!a^Xo|ZFj390Py~pKeEx9?%|MiEPn}x6>sbC*ie9{~CH>)>BcoC} z*#4ddaD`%IE+2l~fQ`@AtSN{D*e?H14+1oVo!1Y%HG^J0wapkvt_@Bq&+TB^vH~Nd zetA&k0z>mtdb~n?T-g-57Tp zGQaV?wwHHH$19&&ul!xVj$RT0a8?Et((k(esKqV|>x$?B;aB!-eM&c65Mr%^bl}fV zXbof1{~hsTD;{HK^H-9_Z=c1cT6OHZStnKned;KPoG6K$42hhqoV8483?Lc3rxVY_ zZW~pKCwq@g;}K8sBwgqHFQP=IVg23I=#zz*c**a)cQansLTzj*Pjkzs#m%y1%YRp6 zq09!Ew(&37Da%p!EbX^(BPafL@cQ(h$?N*8tXib3*1Ke)xfR~x=F+ki<@wd;-;sSw zC#8sbw_;4`K)qWn$HHL)UCI5wNLb+HCc*m;TJ`@(;PPzx&t=U2qZB7x{=J