From c5354467b1a728697c4b40be1ba998b02d6d6fda Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Fri, 1 Dec 2023 12:26:27 +0100 Subject: [PATCH 01/21] initial commit Signed-off-by: Marlon Pina Tojal --- README.md | 2 ++ docs/index.md | 2 ++ .../event/EventSubsystemInitializer.java | 3 +++ .../model/ConfigPropertyConstants.java | 3 +++ .../dependencytrack/model/Vulnerability.java | 1 + .../tasks/VulnerabilityAnalysisTask.java | 6 ++++++ .../tasks/scanners/AnalyzerIdentity.java | 1 + src/main/resources/services.bom.json | 20 +++++++++++++++++++ 8 files changed, 38 insertions(+) diff --git a/README.md b/README.md index 113141ff58..5f86ac3ba4 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,7 @@ CI/CD environments. * [GitHub Advisories] * [Sonatype OSS Index] * [Snyk] + * [Trivy] * [OSV] * [VulnDB] from [Risk Based Security] * More coming soon. @@ -216,6 +217,7 @@ the [notices] file for more information. [GitHub Advisories]: https://www.github.com/advisories [Sonatype OSS Index]: https://ossindex.sonatype.org [Snyk]: https://snyk.io + [Trivy]: https://www.aquasec.com/products/trivy/ [OSV]: https://osv.dev [VulnDB]: https://vulndb.cyberriskanalytics.com [Risk Based Security]: https://www.riskbasedsecurity.com diff --git a/docs/index.md b/docs/index.md index bbc676af93..dedff56a3e 100755 --- a/docs/index.md +++ b/docs/index.md @@ -39,6 +39,7 @@ CI/CD environments. * [GitHub Advisories] * [Sonatype OSS Index] * [Snyk] + * [Trivy] * [OSV] * [VulnDB] from [Risk Based Security] * More coming soon. @@ -80,6 +81,7 @@ CI/CD environments. [GitHub Advisories]: https://www.github.com/advisories [Sonatype OSS Index]: https://ossindex.sonatype.org [Snyk]: https://snyk.io +[Trivy]: https://www.aquasec.com/products/trivy/ [OSV]: https://osv.dev [VulnDB]: https://vulndb.cyberriskanalytics.com [Risk Based Security]: https://www.riskbasedsecurity.com diff --git a/src/main/java/org/dependencytrack/event/EventSubsystemInitializer.java b/src/main/java/org/dependencytrack/event/EventSubsystemInitializer.java index 844a245eb8..d98f028dcd 100644 --- a/src/main/java/org/dependencytrack/event/EventSubsystemInitializer.java +++ b/src/main/java/org/dependencytrack/event/EventSubsystemInitializer.java @@ -52,6 +52,7 @@ import org.dependencytrack.tasks.scanners.InternalAnalysisTask; import org.dependencytrack.tasks.scanners.OssIndexAnalysisTask; import org.dependencytrack.tasks.scanners.SnykAnalysisTask; +import org.dependencytrack.tasks.scanners.TrivyAnalysisTask; import org.dependencytrack.tasks.scanners.VulnDbAnalysisTask; import javax.servlet.ServletContextEvent; @@ -95,6 +96,7 @@ public void contextInitialized(final ServletContextEvent event) { EVENT_SERVICE.subscribe(VulnerabilityAnalysisEvent.class, VulnerabilityAnalysisTask.class); EVENT_SERVICE.subscribe(PortfolioVulnerabilityAnalysisEvent.class, VulnerabilityAnalysisTask.class); EVENT_SERVICE.subscribe(SnykAnalysisEvent.class, SnykAnalysisTask.class); + EVENT_SERVICE.subscribe(TrivyAnalysisEvent.class, TrivyAnalysisTask.class); EVENT_SERVICE.subscribe(RepositoryMetaEvent.class, RepositoryMetaAnalyzerTask.class); EVENT_SERVICE.subscribe(PolicyEvaluationEvent.class, PolicyEvaluationTask.class); EVENT_SERVICE.subscribe(ComponentMetricsUpdateEvent.class, ComponentMetricsUpdateTask.class); @@ -143,6 +145,7 @@ public void contextDestroyed(final ServletContextEvent event) { EVENT_SERVICE.unsubscribe(PortfolioMetricsUpdateTask.class); EVENT_SERVICE.unsubscribe(VulnerabilityMetricsUpdateTask.class); EVENT_SERVICE.unsubscribe(SnykAnalysisTask.class); + EVENT_SERVICE.unsubscribe(TrivyAnalysisTask.class); EVENT_SERVICE.unsubscribe(CloneProjectTask.class); EVENT_SERVICE.unsubscribe(FortifySscUploadTask.class); EVENT_SERVICE.unsubscribe(DefectDojoUploadTask.class); diff --git a/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java b/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java index bdf49bb9eb..53666c4179 100644 --- a/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java +++ b/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java @@ -58,6 +58,9 @@ public enum ConfigPropertyConstants { SCANNER_SNYK_API_VERSION("scanner", "snyk.api.version", "2023-06-22", PropertyType.STRING, "Snyk API version"), SCANNER_SNYK_CVSS_SOURCE("scanner", "snyk.cvss.source", "NVD", PropertyType.STRING, "Type of source to be prioritized for cvss calculation"), SCANNER_SNYK_BASE_URL("scanner", "snyk.base.url", "https://api.snyk.io", PropertyType.URL, "Base Url pointing to the hostname and path for Snyk analysis"), + SCANNER_TRIVY_ENABLED("scanner", "trivy.enabled", "false", PropertyType.BOOLEAN, "Flag to enable/disable Trivy Vulnerability Analysis"), + SCANNER_TRIVY_API_TOKEN("scanner", "trivy.api.token", null, PropertyType.ENCRYPTEDSTRING, "The API token used for Trivy API authentication"), + SCANNER_TRIVY_BASE_URL("scanner", "trivy.base.url", "http://localhost:8081", PropertyType.URL, "Base Url pointing to the hostname and path for Trivy analysis"), VULNERABILITY_SOURCE_NVD_ENABLED("vuln-source", "nvd.enabled", "true", PropertyType.BOOLEAN, "Flag to enable/disable National Vulnerability Database"), VULNERABILITY_SOURCE_NVD_FEEDS_URL("vuln-source", "nvd.feeds.url", "https://nvd.nist.gov/feeds", PropertyType.URL, "A base URL pointing to the hostname and path of the NVD feeds"), VULNERABILITY_SOURCE_NVD_API_ENABLED("vuln-source", "nvd.api.enabled", "false", PropertyType.BOOLEAN, "Whether to enable NVD mirroring via REST API"), diff --git a/src/main/java/org/dependencytrack/model/Vulnerability.java b/src/main/java/org/dependencytrack/model/Vulnerability.java index 9fca02e150..c950424f46 100644 --- a/src/main/java/org/dependencytrack/model/Vulnerability.java +++ b/src/main/java/org/dependencytrack/model/Vulnerability.java @@ -108,6 +108,7 @@ public enum Source { RETIREJS, // Retire.js INTERNAL, // Internally-managed (and manually entered) vulnerability OSV, // Google OSV Advisories + TRIVY, // Trivy Purl Vulnerability SNYK; // Snyk Purl Vulnerability public static boolean isKnownSource(String source) { diff --git a/src/main/java/org/dependencytrack/tasks/VulnerabilityAnalysisTask.java b/src/main/java/org/dependencytrack/tasks/VulnerabilityAnalysisTask.java index cc2bc0057d..6bb74355bb 100644 --- a/src/main/java/org/dependencytrack/tasks/VulnerabilityAnalysisTask.java +++ b/src/main/java/org/dependencytrack/tasks/VulnerabilityAnalysisTask.java @@ -27,6 +27,7 @@ import org.dependencytrack.event.PortfolioVulnerabilityAnalysisEvent; import org.dependencytrack.event.ProjectMetricsUpdateEvent; import org.dependencytrack.event.SnykAnalysisEvent; +import org.dependencytrack.event.TrivyAnalysisEvent; import org.dependencytrack.event.VulnDbAnalysisEvent; import org.dependencytrack.event.VulnerabilityAnalysisEvent; import org.dependencytrack.model.Component; @@ -40,6 +41,7 @@ import org.dependencytrack.tasks.scanners.OssIndexAnalysisTask; import org.dependencytrack.tasks.scanners.ScanTask; import org.dependencytrack.tasks.scanners.SnykAnalysisTask; +import org.dependencytrack.tasks.scanners.TrivyAnalysisTask; import org.dependencytrack.tasks.scanners.VulnDbAnalysisTask; import java.time.Duration; import java.time.Instant; @@ -101,15 +103,18 @@ private void analyzeComponents(final QueryManager qm, final List comp final OssIndexAnalysisTask ossIndexAnalysisTask = new OssIndexAnalysisTask(); final VulnDbAnalysisTask vulnDbAnalysisTask = new VulnDbAnalysisTask(); final SnykAnalysisTask snykAnalysisTask = new SnykAnalysisTask(); + final TrivyAnalysisTask trivyAnalysisTask = new TrivyAnalysisTask(); final List internalCandidates = new ArrayList<>(); final List ossIndexCandidates = new ArrayList<>(); final List vulnDbCandidates = new ArrayList<>(); final List snykCandidates = new ArrayList<>(); + final List trivyCandidates = new ArrayList<>(); for (final Component component : components) { inspectComponentReadiness(component, internalAnalysisTask, internalCandidates); inspectComponentReadiness(component, ossIndexAnalysisTask, ossIndexCandidates); inspectComponentReadiness(component, vulnDbAnalysisTask, vulnDbCandidates); inspectComponentReadiness(component, snykAnalysisTask, snykCandidates); + inspectComponentReadiness(component, trivyAnalysisTask, trivyCandidates); } qm.detach(components); @@ -120,6 +125,7 @@ private void analyzeComponents(final QueryManager qm, final List comp performAnalysis(internalAnalysisTask, new InternalAnalysisEvent(internalCandidates), internalAnalysisTask.getAnalyzerIdentity(), event); performAnalysis(ossIndexAnalysisTask, new OssIndexAnalysisEvent(ossIndexCandidates), ossIndexAnalysisTask.getAnalyzerIdentity(), event); performAnalysis(snykAnalysisTask, new SnykAnalysisEvent(snykCandidates), snykAnalysisTask.getAnalyzerIdentity(), event); + performAnalysis(trivyAnalysisTask, new TrivyAnalysisEvent(trivyCandidates), trivyAnalysisTask.getAnalyzerIdentity(), event); performAnalysis(vulnDbAnalysisTask, new VulnDbAnalysisEvent(vulnDbCandidates), vulnDbAnalysisTask.getAnalyzerIdentity(), event); } diff --git a/src/main/java/org/dependencytrack/tasks/scanners/AnalyzerIdentity.java b/src/main/java/org/dependencytrack/tasks/scanners/AnalyzerIdentity.java index b031d36ed6..e607d16526 100644 --- a/src/main/java/org/dependencytrack/tasks/scanners/AnalyzerIdentity.java +++ b/src/main/java/org/dependencytrack/tasks/scanners/AnalyzerIdentity.java @@ -29,5 +29,6 @@ public enum AnalyzerIdentity { NPM_AUDIT_ANALYZER, VULNDB_ANALYZER, SNYK_ANALYZER, + TRIVY_ANALYZER, NONE } diff --git a/src/main/resources/services.bom.json b/src/main/resources/services.bom.json index 5f4db5c3c6..c0412ccc2a 100644 --- a/src/main/resources/services.bom.json +++ b/src/main/resources/services.bom.json @@ -489,6 +489,26 @@ "flow": "inbound" } ] + }, + { + "bom-ref": "service:com.aquasec", + "provider": { + "name": "Trivy", + "url": [ + "https://www.aquasec.com/products/trivy" + ] + }, + "group": "com.aquasec", + "name": "Trivy", + "description": "Trivy is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues.", + "authenticated": true, + "x-trust-boundary": true, + "data": [ + { + "classification": "public", + "flow": "inbound" + } + ] } ] } From 312ee253c9eb5b802dc4a337464d2cb6a93d9552 Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Fri, 1 Dec 2023 17:33:08 +0100 Subject: [PATCH 02/21] add trivy analyzer Signed-off-by: Marlon Pina Tojal --- .../event/TrivyAnalysisEvent.java | 40 ++ .../parser/trivy/model/Application.java | 38 ++ .../parser/trivy/model/Bitnami.java | 38 ++ .../parser/trivy/model/BlobInfo.java | 42 ++ .../parser/trivy/model/Cvss.java | 38 ++ .../parser/trivy/model/DataSource.java | 34 ++ .../parser/trivy/model/DeleteRequest.java | 31 ++ .../parser/trivy/model/Layer.java | 34 ++ .../parser/trivy/model/Library.java | 45 ++ .../parser/trivy/model/OS.java | 38 ++ .../parser/trivy/model/Options.java | 33 ++ .../parser/trivy/model/PutRequest.java | 34 ++ .../parser/trivy/model/Result.java | 58 +++ .../parser/trivy/model/ScanRequest.java | 44 ++ .../parser/trivy/model/TrivyError.java | 22 + .../parser/trivy/model/TrivyResponse.java | 30 ++ .../parser/trivy/model/Vulnerability.java | 116 +++++ .../tasks/scanners/TrivyAnalysisTask.java | 439 ++++++++++++++++++ 18 files changed, 1154 insertions(+) create mode 100644 src/main/java/org/dependencytrack/event/TrivyAnalysisEvent.java create mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/Application.java create mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/Bitnami.java create mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/BlobInfo.java create mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/Cvss.java create mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/DataSource.java create mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/DeleteRequest.java create mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/Layer.java create mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/Library.java create mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/OS.java create mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/Options.java create mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/PutRequest.java create mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/Result.java create mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/ScanRequest.java create mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/TrivyError.java create mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/TrivyResponse.java create mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/Vulnerability.java create mode 100644 src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java diff --git a/src/main/java/org/dependencytrack/event/TrivyAnalysisEvent.java b/src/main/java/org/dependencytrack/event/TrivyAnalysisEvent.java new file mode 100644 index 0000000000..514fecc9c9 --- /dev/null +++ b/src/main/java/org/dependencytrack/event/TrivyAnalysisEvent.java @@ -0,0 +1,40 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.event; + +import org.dependencytrack.model.Component; + +import java.util.List; + +/** + * Defines an event used to start an analysis via Trivy API. + */ +public class TrivyAnalysisEvent extends VulnerabilityAnalysisEvent { + + public TrivyAnalysisEvent() { } + + public TrivyAnalysisEvent(final Component component) { + super(component); + } + + public TrivyAnalysisEvent(final List components) { + super(components); + } + +} diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/Application.java b/src/main/java/org/dependencytrack/parser/trivy/model/Application.java new file mode 100644 index 0000000000..3e64ac22e8 --- /dev/null +++ b/src/main/java/org/dependencytrack/parser/trivy/model/Application.java @@ -0,0 +1,38 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.parser.trivy.model; + +import java.util.ArrayList; + +public class Application { + private String type; + private ArrayList libraries; + + public Application(String type) { + this.type = type; + this.libraries = new ArrayList(); + } + + public String getType() { return type; } + public void setType(String value) { this.type = value; } + + public ArrayList getLibraries() { return libraries; } + public void setLibraries(ArrayList value) { this.libraries = value; } + public void addLibrary(Library value) { this.libraries.add(value); } +} \ No newline at end of file diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/Bitnami.java b/src/main/java/org/dependencytrack/parser/trivy/model/Bitnami.java new file mode 100644 index 0000000000..538a49f3bf --- /dev/null +++ b/src/main/java/org/dependencytrack/parser/trivy/model/Bitnami.java @@ -0,0 +1,38 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.parser.trivy.model; + +public class Bitnami { + private String v2Vector; + private String v3Vector; + private double v2Score; + private double v3Score; + + public String getV2Vector() { return v2Vector; } + public void setV2Vector(String value) { this.v2Vector = value; } + + public String getV3Vector() { return v3Vector; } + public void setV3Vector(String value) { this.v3Vector = value; } + + public double getV2Score() { return v2Score; } + public void setV2Score(double value) { this.v2Score = value; } + + public double getV3Score() { return v3Score; } + public void setV3Score(double value) { this.v3Score = value; } +} \ No newline at end of file diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/BlobInfo.java b/src/main/java/org/dependencytrack/parser/trivy/model/BlobInfo.java new file mode 100644 index 0000000000..3cccacce09 --- /dev/null +++ b/src/main/java/org/dependencytrack/parser/trivy/model/BlobInfo.java @@ -0,0 +1,42 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.parser.trivy.model; + +import com.google.gson.annotations.SerializedName; + +public class BlobInfo { + @SerializedName("schema_version") + private long schemaVersion; + private OS os; + private Application[] applications; + + public BlobInfo() { + this.schemaVersion = 2; + this.os = new OS(); + } + + public long getSchemaVersion() { return schemaVersion; } + public void setSchemaVersion(long value) { this.schemaVersion = value; } + + public OS getOS() { return os; } + public void setOS(OS value) { this.os = value; } + + public Application[] getApplications() { return applications; } + public void setApplications(Application[] value) { this.applications = value; } +} diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/Cvss.java b/src/main/java/org/dependencytrack/parser/trivy/model/Cvss.java new file mode 100644 index 0000000000..46a5d906ba --- /dev/null +++ b/src/main/java/org/dependencytrack/parser/trivy/model/Cvss.java @@ -0,0 +1,38 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.parser.trivy.model; + +public class Cvss { + private Bitnami ghsa; + private Bitnami nvd; + private Bitnami redhat; + private Bitnami bitnami; + + public Bitnami getGhsa() { return ghsa; } + public void setGhsa(Bitnami value) { this.ghsa = value; } + + public Bitnami getNvd() { return nvd; } + public void setNvd(Bitnami value) { this.nvd = value; } + + public Bitnami getRedhat() { return redhat; } + public void setRedhat(Bitnami value) { this.redhat = value; } + + public Bitnami getBitnami() { return bitnami; } + public void setBitnami(Bitnami value) { this.bitnami = value; } +} \ No newline at end of file diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/DataSource.java b/src/main/java/org/dependencytrack/parser/trivy/model/DataSource.java new file mode 100644 index 0000000000..a44af71631 --- /dev/null +++ b/src/main/java/org/dependencytrack/parser/trivy/model/DataSource.java @@ -0,0 +1,34 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.parser.trivy.model; + +public class DataSource { + private String id; + private String name; + private String url; + + public String getID() { return id; } + public void setID(String value) { this.id = value; } + + public String getName() { return name; } + public void setName(String value) { this.name = value; } + + public String getURL() { return url; } + public void setURL(String value) { this.url = value; } +} diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/DeleteRequest.java b/src/main/java/org/dependencytrack/parser/trivy/model/DeleteRequest.java new file mode 100644 index 0000000000..880c85bfa2 --- /dev/null +++ b/src/main/java/org/dependencytrack/parser/trivy/model/DeleteRequest.java @@ -0,0 +1,31 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.parser.trivy.model; + +import com.google.gson.annotations.SerializedName; + +public class DeleteRequest { + + @SerializedName("blob_ids") + private String[] blobIDS; + + public String[] getBlobIDS() { return blobIDS; } + public void setBlobIDS(String[] value) { this.blobIDS = value; } + +} diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/Layer.java b/src/main/java/org/dependencytrack/parser/trivy/model/Layer.java new file mode 100644 index 0000000000..e5f8410e3a --- /dev/null +++ b/src/main/java/org/dependencytrack/parser/trivy/model/Layer.java @@ -0,0 +1,34 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.parser.trivy.model; + +public class Layer { + private String digest; + private String diffID; + private String createdBy; + + public String getDigest() { return digest; } + public void setDigest(String value) { this.digest = value; } + + public String getDiffID() { return diffID; } + public void setDiffID(String value) { this.diffID = value; } + + public String getCreatedBy() { return createdBy; } + public void setCreatedBy(String value) { this.createdBy = value; } +} diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/Library.java b/src/main/java/org/dependencytrack/parser/trivy/model/Library.java new file mode 100644 index 0000000000..03848ed645 --- /dev/null +++ b/src/main/java/org/dependencytrack/parser/trivy/model/Library.java @@ -0,0 +1,45 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.parser.trivy.model; + +public class Library { + private String name; + private String version; + private String[] licenses; + private OS layer; + + public Library(String name, String version) { + this.name = name; + this.version = version; + this.licenses = new String[] {}; + this.layer = new OS(); + } + + public String getName() { return name; } + public void setName(String value) { this.name = value; } + + public String getVersion() { return version; } + public void setVersion(String value) { this.version = value; } + + public String[] getLicenses() { return licenses; } + public void setLicenses(String[] value) { this.licenses = value; } + + public OS getLayer() { return layer; } + public void setLayer(OS value) { this.layer = value; } +} diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/OS.java b/src/main/java/org/dependencytrack/parser/trivy/model/OS.java new file mode 100644 index 0000000000..6109f60e60 --- /dev/null +++ b/src/main/java/org/dependencytrack/parser/trivy/model/OS.java @@ -0,0 +1,38 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.parser.trivy.model; + +public class OS { + private String family; + private String name; + private boolean eosl; + private boolean extended; + + public String getFamily() { return family; } + public void setFamily(String value) { this.family = value; } + + public String getName() { return name; } + public void setName(String value) { this.name = value; } + + public boolean getEosl() { return eosl; } + public void setEosl(boolean value) { this.eosl = value; } + + public boolean getExtended() { return extended; } + public void setExtended(boolean value) { this.extended = value; } +} \ No newline at end of file diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/Options.java b/src/main/java/org/dependencytrack/parser/trivy/model/Options.java new file mode 100644 index 0000000000..f2c793dfb6 --- /dev/null +++ b/src/main/java/org/dependencytrack/parser/trivy/model/Options.java @@ -0,0 +1,33 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.parser.trivy.model; + +import com.google.gson.annotations.SerializedName; + +public class Options { + @SerializedName("vuln_type") + private String[] vulnType; + private String[] scanners; + + public String[] getVulnType() { return vulnType; } + public void setVulnType(String[] value) { this.vulnType = value; } + + public String[] getScanners() { return scanners; } + public void setScanners(String[] value) { this.scanners = value; } +} \ No newline at end of file diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/PutRequest.java b/src/main/java/org/dependencytrack/parser/trivy/model/PutRequest.java new file mode 100644 index 0000000000..67eb433765 --- /dev/null +++ b/src/main/java/org/dependencytrack/parser/trivy/model/PutRequest.java @@ -0,0 +1,34 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.parser.trivy.model; + +import com.google.gson.annotations.SerializedName; + +public class PutRequest { + @SerializedName("diff_id") + private String diffID; + @SerializedName("blob_info") + private BlobInfo blobInfo; + + public String getDiffID() { return diffID; } + public void setDiffID(String value) { this.diffID = value; } + + public BlobInfo getBlobInfo() { return blobInfo; } + public void setBlobInfo(BlobInfo value) { this.blobInfo = value; } +} diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/Result.java b/src/main/java/org/dependencytrack/parser/trivy/model/Result.java new file mode 100644 index 0000000000..2ea5551156 --- /dev/null +++ b/src/main/java/org/dependencytrack/parser/trivy/model/Result.java @@ -0,0 +1,58 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.parser.trivy.model; + +public class Result { + private String target; + private Vulnerability[] vulnerabilities; + private Object[] misconfigurations; + private String resultClass; + private String type; + private Object[] packages; + private Object[] customResources; + private Object[] secrets; + private Object[] licenses; + + public String getTarget() { return target; } + public void setTarget(String value) { this.target = value; } + + public Vulnerability[] getVulnerabilities() { return vulnerabilities; } + public void setVulnerabilities(Vulnerability[] value) { this.vulnerabilities = value; } + + public Object[] getMisconfigurations() { return misconfigurations; } + public void setMisconfigurations(Object[] value) { this.misconfigurations = value; } + + public String getResultClass() { return resultClass; } + public void setResultClass(String value) { this.resultClass = value; } + + public String getType() { return type; } + public void setType(String value) { this.type = value; } + + public Object[] getPackages() { return packages; } + public void setPackages(Object[] value) { this.packages = value; } + + public Object[] getCustomResources() { return customResources; } + public void setCustomResources(Object[] value) { this.customResources = value; } + + public Object[] getSecrets() { return secrets; } + public void setSecrets(Object[] value) { this.secrets = value; } + + public Object[] getLicenses() { return licenses; } + public void setLicenses(Object[] value) { this.licenses = value; } +} diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/ScanRequest.java b/src/main/java/org/dependencytrack/parser/trivy/model/ScanRequest.java new file mode 100644 index 0000000000..f2d7a6d81e --- /dev/null +++ b/src/main/java/org/dependencytrack/parser/trivy/model/ScanRequest.java @@ -0,0 +1,44 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.parser.trivy.model; + +import com.google.gson.annotations.SerializedName; + +public class ScanRequest { + private String target; + @SerializedName("artifact_id") + private String artifactID; + @SerializedName("blob_ids") + private String[] blobIDS; + private Options options; + + public String getTarget() { return target; } + public void setTarget(String value) { this.target = value; } + + public String getArtifactID() { return artifactID; } + public void setArtifactID(String value) { this.artifactID = value; } + + public String[] getBlobIDS() { return blobIDS; } + public void setBlobIDS(String[] value) { this.blobIDS = value; } + + public Options getOptions() { return options; } + public void setOptions(Options value) { this.options = value; } +} + + diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/TrivyError.java b/src/main/java/org/dependencytrack/parser/trivy/model/TrivyError.java new file mode 100644 index 0000000000..beb049462c --- /dev/null +++ b/src/main/java/org/dependencytrack/parser/trivy/model/TrivyError.java @@ -0,0 +1,22 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.parser.trivy.model; + +public record TrivyError(String code, String title, String detail) { +} diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/TrivyResponse.java b/src/main/java/org/dependencytrack/parser/trivy/model/TrivyResponse.java new file mode 100644 index 0000000000..6318eadffa --- /dev/null +++ b/src/main/java/org/dependencytrack/parser/trivy/model/TrivyResponse.java @@ -0,0 +1,30 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.parser.trivy.model; + +public class TrivyResponse { + private OS os; + private Result[] results; + + public OS getOS() { return os; } + public void setOS(OS value) { this.os = value; } + + public Result[] getResults() { return results; } + public void setResults(Result[] value) { this.results = value; } +} diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/Vulnerability.java b/src/main/java/org/dependencytrack/parser/trivy/model/Vulnerability.java new file mode 100644 index 0000000000..12609d7c65 --- /dev/null +++ b/src/main/java/org/dependencytrack/parser/trivy/model/Vulnerability.java @@ -0,0 +1,116 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.parser.trivy.model; + +import java.util.Map; + +public class Vulnerability { + private String vulnerabilityID; + private String pkgName; + private String installedVersion; + private String fixedVersion; + private String title; + private String description; + private String severity; + private String[] references; + private Layer layer; + private String severitySource; + private Cvss cvss; + private String[] cweIDS; + private String primaryURL; + private String publishedDate; + private String lastModifiedDate; + private Object customAdvisoryData; + private Object customVulnData; + private Object[] vendorIDS; + private DataSource dataSource; + private Map vendorSeverity; + private String pkgPath; + private String pkgID; + private long status; + + public String getVulnerabilityID() { return vulnerabilityID; } + public void setVulnerabilityID(String value) { this.vulnerabilityID = value; } + + public String getPkgName() { return pkgName; } + public void setPkgName(String value) { this.pkgName = value; } + + public String getInstalledVersion() { return installedVersion; } + public void setInstalledVersion(String value) { this.installedVersion = value; } + + public String getFixedVersion() { return fixedVersion; } + public void setFixedVersion(String value) { this.fixedVersion = value; } + + public String getTitle() { return title; } + public void setTitle(String value) { this.title = value; } + + public String getDescription() { return description; } + public void setDescription(String value) { this.description = value; } + + public String getSeverity() { return severity; } + public void setSeverity(String value) { this.severity = value; } + + public String[] getReferences() { return references; } + public void setReferences(String[] value) { this.references = value; } + + public Layer getLayer() { return layer; } + public void setLayer(Layer value) { this.layer = value; } + + public String getSeveritySource() { return severitySource; } + public void setSeveritySource(String value) { this.severitySource = value; } + + public Cvss getCvss() { return cvss; } + public void setCvss(Cvss value) { this.cvss = value; } + + public String[] getCweIDS() { return cweIDS; } + public void setCweIDS(String[] value) { this.cweIDS = value; } + + public String getPrimaryURL() { return primaryURL; } + public void setPrimaryURL(String value) { this.primaryURL = value; } + + public String getPublishedDate() { return publishedDate; } + public void setPublishedDate(String value) { this.publishedDate = value; } + + public String getLastModifiedDate() { return lastModifiedDate; } + public void setLastModifiedDate(String value) { this.lastModifiedDate = value; } + + public Object getCustomAdvisoryData() { return customAdvisoryData; } + public void setCustomAdvisoryData(Object value) { this.customAdvisoryData = value; } + + public Object getCustomVulnData() { return customVulnData; } + public void setCustomVulnData(Object value) { this.customVulnData = value; } + + public Object[] getVendorIDS() { return vendorIDS; } + public void setVendorIDS(Object[] value) { this.vendorIDS = value; } + + public DataSource getDataSource() { return dataSource; } + public void setDataSource(DataSource value) { this.dataSource = value; } + + public Map getVendorSeverity() { return vendorSeverity; } + public void setVendorSeverity(Map value) { this.vendorSeverity = value; } + + public String getPkgPath() { return pkgPath; } + public void setPkgPath(String value) { this.pkgPath = value; } + + public String getPkgID() { return pkgID; } + public void setPkgID(String value) { this.pkgID = value; } + + public long getStatus() { return status; } + public void setStatus(long value) { this.status = value; } +} \ No newline at end of file diff --git a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java new file mode 100644 index 0000000000..fe3c22a6fb --- /dev/null +++ b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java @@ -0,0 +1,439 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.tasks.scanners; + +import alpine.common.logging.Logger; +import alpine.common.metrics.Metrics; +import alpine.common.util.UrlUtil; +import alpine.event.framework.Event; +import alpine.event.framework.LoggableUncaughtExceptionHandler; +import alpine.event.framework.Subscriber; +import alpine.model.ConfigProperty; +import alpine.security.crypto.DataEncryption; +import com.github.packageurl.PackageURL; +import com.google.gson.Gson; + +import io.github.resilience4j.micrometer.tagged.TaggedRetryMetrics; +import io.github.resilience4j.retry.Retry; +import io.github.resilience4j.retry.RetryConfig; +import io.github.resilience4j.retry.RetryRegistry; +import org.apache.commons.lang3.concurrent.BasicThreadFactory; +import org.apache.http.HttpHeaders; +import org.apache.http.HttpStatus; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.client.methods.HttpUriRequest; +import org.apache.http.client.utils.URIBuilder; +import org.apache.http.entity.StringEntity; +import org.apache.http.util.EntityUtils; +import org.dependencytrack.common.HttpClientPool; +import org.dependencytrack.common.ManagedHttpClientFactory; +import org.dependencytrack.event.IndexEvent; +import org.dependencytrack.event.TrivyAnalysisEvent; +import org.dependencytrack.model.Component; +import org.dependencytrack.model.ConfigPropertyConstants; +import org.dependencytrack.model.Vulnerability; +import org.dependencytrack.model.VulnerabilityAnalysisLevel; +import org.dependencytrack.parser.trivy.TrivyParser; +import org.dependencytrack.parser.trivy.model.Application; +import org.dependencytrack.parser.trivy.model.PutRequest; +import org.dependencytrack.parser.trivy.model.ScanRequest; +import org.dependencytrack.parser.trivy.model.Options; +import org.dependencytrack.parser.trivy.model.DeleteRequest; +import org.dependencytrack.parser.trivy.model.BlobInfo; +import org.dependencytrack.parser.trivy.model.TrivyError; +import org.dependencytrack.parser.trivy.model.TrivyResponse; +import org.dependencytrack.parser.trivy.model.Library; +import org.dependencytrack.persistence.QueryManager; +import org.dependencytrack.util.NotificationUtil; +import org.dependencytrack.util.RoundRobinAccessor; +import org.json.JSONArray; +import org.json.JSONObject; +import java.util.List; +import java.util.Optional; +import java.util.concurrent.CompletableFuture; +import java.util.concurrent.CountDownLatch; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; +import java.util.concurrent.TimeUnit; +import java.util.function.Supplier; + + +/** + * Subscriber task that performs an analysis of component using Trivy vulnerability API. + * + * @since 4.7.0 + */ +public class TrivyAnalysisTask extends BaseComponentAnalyzerTask implements CacheableScanTask, Subscriber { + + private static final Logger LOGGER = Logger.getLogger(TrivyAnalysisTask.class); + private static final String TOKEN_HEADER = "Trivy-Token"; + private static final Retry RETRY; + private static final ExecutorService EXECUTOR; + + static { + final RetryRegistry retryRegistry = RetryRegistry.of(RetryConfig.custom() + .retryOnException(exception -> false) + .retryOnResult(response -> 429 == response.getStatusLine().getStatusCode()) + .build()); + RETRY = retryRegistry.retry("trivy-api"); + RETRY.getEventPublisher() + .onRetry(event -> LOGGER.debug("Will execute retry #%d in %s" .formatted(event.getNumberOfRetryAttempts(), event.getWaitInterval()))) + .onError(event -> LOGGER.error("Retry failed after %d attempts: %s" .formatted(event.getNumberOfRetryAttempts(), event.getLastThrowable()))); + TaggedRetryMetrics.ofRetryRegistry(retryRegistry) + .bindTo(Metrics.getRegistry()); + + // The number of threads to be used for Trivy analyzer are configurable. + // Default is 10. Can be set based on user requirements. + final int threadPoolSize = 10; + final var threadFactory = new BasicThreadFactory.Builder() + .namingPattern(TrivyAnalysisTask.class.getSimpleName() + "-%d") + .uncaughtExceptionHandler(new LoggableUncaughtExceptionHandler()) + .build(); + EXECUTOR = Executors.newFixedThreadPool(threadPoolSize, threadFactory); + Metrics.registerExecutorService(EXECUTOR, TrivyAnalysisTask.class.getSimpleName()); + } + + private String apiBaseUrl; + private Supplier apiTokenSupplier; + private VulnerabilityAnalysisLevel vulnerabilityAnalysisLevel; + + /** + * {@inheritDoc} + */ + @Override + public void inform(final Event e) { + if (e instanceof final TrivyAnalysisEvent event) { + if (!super.isEnabled(ConfigPropertyConstants.SCANNER_TRIVY_ENABLED)) { + return; + } + try (QueryManager qm = new QueryManager()) { + final ConfigProperty apiTokenProperty = qm.getConfigProperty( + ConfigPropertyConstants.SCANNER_TRIVY_API_TOKEN.getGroupName(), + ConfigPropertyConstants.SCANNER_TRIVY_API_TOKEN.getPropertyName() + ); + + if (apiTokenProperty == null || apiTokenProperty.getPropertyValue() == null) { + LOGGER.warn("No API token provided; Skipping"); + return; + } + if (getApiBaseUrl().isEmpty()) { + LOGGER.warn("No API base URL provided; Skipping"); + return; + } + + apiBaseUrl = getApiBaseUrl().get(); + + try { + final String decryptedToken = DataEncryption.decryptAsString(apiTokenProperty.getPropertyValue()); + apiTokenSupplier = createTokenSupplier(decryptedToken); + } catch (Exception ex) { + LOGGER.error("An error occurred decrypting the API Token; Skipping", ex); + return; + } + } + vulnerabilityAnalysisLevel = event.getVulnerabilityAnalysisLevel(); + LOGGER.info("Starting Trivy vulnerability analysis task"); + if (!event.getComponents().isEmpty()) { + analyze(event.getComponents()); + } + LOGGER.info("Trivy vulnerability analysis complete"); + } + } + + /** + * {@inheritDoc} + */ + @Override + public AnalyzerIdentity getAnalyzerIdentity() { + return AnalyzerIdentity.TRIVY_ANALYZER; + } + + @Override + public boolean isCapable(Component component) { + return true; + } + /** + * {@inheritDoc} + */ + @Override + public void analyze(final List components) { + final var countDownLatch = new CountDownLatch(components.size()); + + // if (isCacheCurrent(Vulnerability.Source.TRIVY, apiBaseUrl, component.getPurl().getCoordinates())) { + // applyAnalysisFromCache(component); + // countDownLatch.countDown(); + // continue; + // } + + var info = new BlobInfo(); + + var app = new Application("jar"); + + for (final Component component : components) { + LOGGER.debug("-----------------------------"); + LOGGER.debug("CPE: " + component.getCpe()); + LOGGER.debug("CPE: " + component.getPurl()); + LOGGER.debug("Group: " + component.getGroup()); + LOGGER.debug("Name: " + component.getName()); + LOGGER.debug("Version: " + component.getVersion()); + LOGGER.debug("-----------------------------"); + + app.addLibrary(new Library(component.getGroup() + ":" + component.getName(), component.getVersion())); + } + + info.setApplications(new Application[] {app}); + var blob = new PutRequest(); + blob.setBlobInfo(info); + blob.setDiffID("sha256:82b8626f712f721809b12af37380479b68263b78600dea0b280ee8fc88e3d27a"); + + CompletableFuture + .runAsync(() -> analyzeBlob(blob), EXECUTOR) + .whenComplete((result, exception) -> { + countDownLatch.countDown(); + + if (exception != null) { + LOGGER.error("An unexpected error occurred while analyzing %s" .formatted("x"), exception); + } + }); + + try { + if (!countDownLatch.await(60, TimeUnit.MINUTES)) { + // Depending on the system load, it may take a while for the queued events + // to be processed. And depending on how large the projects are, it may take a + // while for the processing of the respective event to complete. + // It is unlikely though that either of these situations causes a block for + // over 60 minutes. If that happens, the system is under-resourced. + LOGGER.warn("The Analysis for project :" + components.get(0).getProject().getName() + "took longer than expected"); + } + } catch (InterruptedException e) { + Thread.currentThread().interrupt(); + } + } + + /** + * {@inheritDoc} + */ + @Override + public boolean shouldAnalyze(final PackageURL packageUrl) { + return getApiBaseUrl() + .map(baseUrl -> !isCacheCurrent(Vulnerability.Source.TRIVY, apiBaseUrl, packageUrl.getCoordinates())) + .orElse(false); + } + + /** + * {@inheritDoc} + */ + @Override + public void applyAnalysisFromCache(final Component component) { + getApiBaseUrl().ifPresent(baseUrl -> + applyAnalysisFromCache(Vulnerability.Source.TRIVY, apiBaseUrl, + component.getPurl().getCoordinates(), component, getAnalyzerIdentity(), vulnerabilityAnalysisLevel)); + } + + private void analyzeBlob(final PutRequest blob) { + if (putBlob(blob)) { + scanBlob(blob); + deleteBlob(blob); + } + } + + private boolean putBlob(PutRequest input) { + final String requestUrl = "%s/twirp/trivy.cache.v1.Cache/PutBlob".formatted(apiBaseUrl); + + try { + URIBuilder uriBuilder = new URIBuilder(requestUrl); + HttpPost post = new HttpPost(uriBuilder.build().toString()); + + + Gson gson = new Gson(); + StringEntity body = new StringEntity(gson.toJson(input)); + post.setEntity(body); + + LOGGER.debug("PutBlob request: " + gson.toJson(input)); + + HttpUriRequest request = post; + + request.setHeader(HttpHeaders.USER_AGENT, ManagedHttpClientFactory.getUserAgent()); + request.setHeader(TOKEN_HEADER, apiTokenSupplier.get()); + request.setHeader(HttpHeaders.CONTENT_TYPE, "application/json"); + try (final CloseableHttpResponse response = RETRY.executeCheckedSupplier(() -> HttpClientPool.getClient().execute(request))) { + LOGGER.info("PutBlob response: " + response.getStatusLine().getStatusCode()); + return (response.getStatusLine().getStatusCode() >= HttpStatus.SC_OK); + } + } catch (Throwable ex) { + handleRequestException(LOGGER, ex); + } + return false; + } + + private void scanBlob(PutRequest input) { + final String requestUrl = "%s/twirp/trivy.scanner.v1.Scanner/Scan".formatted(apiBaseUrl); + + try { + URIBuilder uriBuilder = new URIBuilder(requestUrl); + HttpPost post = new HttpPost(uriBuilder.build().toString()); + + ScanRequest scan = new ScanRequest(); + + scan.setTarget(input.getDiffID()); + scan.setArtifactID(input.getDiffID()); + scan.setBlobIDS(new String[] {input.getDiffID()}); + + Options opts = new Options(); + opts.setVulnType(new String[] {"os", "library"}); + opts.setScanners(new String[] {"vuln"}); + + scan.setOptions(opts); + + Gson gson = new Gson(); + StringEntity body = new StringEntity(gson.toJson(scan)); + post.setEntity(body); + + LOGGER.debug("Scan request: " + gson.toJson(scan)); + + HttpUriRequest request = post; + + request.setHeader(HttpHeaders.USER_AGENT, ManagedHttpClientFactory.getUserAgent()); + request.setHeader(TOKEN_HEADER, apiTokenSupplier.get()); + request.setHeader(HttpHeaders.CONTENT_TYPE, "application/json"); + try (final CloseableHttpResponse response = RETRY.executeCheckedSupplier(() -> HttpClientPool.getClient().execute(request))) { + + + if (response.getStatusLine().getStatusCode() >= HttpStatus.SC_OK && response.getStatusLine().getStatusCode() < HttpStatus.SC_MULTIPLE_CHOICES) { + String responseString = EntityUtils.toString(response.getEntity()); + var trivyResponse = gson.fromJson(responseString,TrivyResponse.class); + + LOGGER.info(trivyResponse.toString()); + // handle(component, responseJson); + LOGGER.info("Scan response: " + response.getStatusLine().getStatusCode()); + LOGGER.debug("Response from server: " + responseString); + } else if (response.getEntity() != null) { + String responseString = EntityUtils.toString(response.getEntity()); + JSONObject responseJson = new JSONObject(responseString); + final List errors = new TrivyParser().parseErrors(responseJson); + if (!errors.isEmpty()) { + // LOGGER.error("Analysis of component %s failed with HTTP status %d: \n%s" + // .formatted(component.getPurl(), response.getStatusLine().getStatusCode(), errors.stream() + // .map(error -> " - %s: %s (%s)" .formatted(error.title(), error.detail(), error.code())) + // .collect(Collectors.joining("\n")))); + } else { + handleUnexpectedHttpResponse(LOGGER, request.getURI().toString(), response.getStatusLine().getStatusCode(), response.getStatusLine().getReasonPhrase()); + } + } else { + handleUnexpectedHttpResponse(LOGGER, request.getURI().toString(), response.getStatusLine().getStatusCode(), response.getStatusLine().getReasonPhrase()); + } + } + } catch (Throwable ex) { + handleRequestException(LOGGER, ex); + } + } + + private void deleteBlob(PutRequest input) { + final String requestUrl = "%s/twirp/trivy.cache.v1.Cache/DeleteBlobs".formatted(apiBaseUrl); + + try { + URIBuilder uriBuilder = new URIBuilder(requestUrl); + HttpPost post = new HttpPost(uriBuilder.build().toString()); + + DeleteRequest delete = new DeleteRequest(); + delete.setBlobIDS(new String[] {input.getDiffID()}); + + Gson gson = new Gson(); + + StringEntity body = new StringEntity(gson.toJson(delete)); + post.setEntity(body); + + LOGGER.debug("Delete Request: " + gson.toJson(delete)); + + HttpUriRequest request = post; + + request.setHeader(HttpHeaders.USER_AGENT, ManagedHttpClientFactory.getUserAgent()); + request.setHeader(TOKEN_HEADER, apiTokenSupplier.get()); + request.setHeader(HttpHeaders.CONTENT_TYPE, "application/json"); + final CloseableHttpResponse response = RETRY.executeCheckedSupplier(() -> HttpClientPool.getClient().execute(request)); + LOGGER.info("DeleteBlob response: " + response.getStatusLine().getStatusCode()); + } catch (Throwable ex) { + handleRequestException(LOGGER, ex); + } + + } + + private void handle(final Component component, final JSONObject object) { + try (QueryManager qm = new QueryManager()) { + String purl = null; + final JSONObject metaInfo = object.optJSONObject("meta"); + if (metaInfo != null) { + purl = metaInfo.optJSONObject("package").optString("url"); + if (purl == null) { + purl = component.getPurlCoordinates().toString(); + } + } + final JSONArray data = object.optJSONArray("data"); + if (data != null && !data.isEmpty()) { + final var trivyParser = new TrivyParser(); + for (int count = 0; count < data.length(); count++) { + Vulnerability synchronizedVulnerability = trivyParser.parse(data, qm, purl, count, true); + addVulnerabilityToCache(component, synchronizedVulnerability); + final Component componentPersisted = qm.getObjectByUuid(Component.class, component.getUuid()); + if (componentPersisted != null && synchronizedVulnerability.getVulnId() != null) { + NotificationUtil.analyzeNotificationCriteria(qm, synchronizedVulnerability, componentPersisted, vulnerabilityAnalysisLevel); + qm.addVulnerability(synchronizedVulnerability, componentPersisted, this.getAnalyzerIdentity()); + LOGGER.debug("Trivy vulnerability added : " + synchronizedVulnerability.getVulnId() + " to component " + component.getName()); + } + Event.dispatch(new IndexEvent(IndexEvent.Action.COMMIT, Vulnerability.class)); + } + } else { + addNoVulnerabilityToCache(component); + } + updateAnalysisCacheStats(qm, Vulnerability.Source.TRIVY, apiBaseUrl, component.getPurl().getCoordinates(), component.getCacheResult()); + } + } + + private Optional getApiBaseUrl() { + if (apiBaseUrl != null) { + return Optional.of(apiBaseUrl); + } + + try (final var qm = new QueryManager()) { + final ConfigProperty property = qm.getConfigProperty( + ConfigPropertyConstants.SCANNER_TRIVY_BASE_URL.getGroupName(), + ConfigPropertyConstants.SCANNER_TRIVY_BASE_URL.getPropertyName() + ); + if (property == null) { + return Optional.empty(); + } + + apiBaseUrl = UrlUtil.normalize(property.getPropertyValue()); + return Optional.of(apiBaseUrl); + } + } + + private Supplier createTokenSupplier(final String tokenValue) { + final String[] tokens = tokenValue.split(";"); + if (tokens.length > 1) { + LOGGER.debug("Will use %d tokens in round robin" .formatted(tokens.length)); + final var roundRobinAccessor = new RoundRobinAccessor<>(List.of(tokens)); + return roundRobinAccessor::get; + } + + return apiTokenSupplier = () -> tokenValue; + } + +} From 2486e3f96aa2b39e9e45f23796b5d149a93ca361 Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Sat, 2 Dec 2023 18:28:07 +0100 Subject: [PATCH 03/21] improvements on parser Signed-off-by: Marlon Pina Tojal --- .../dependencytrack/model/Vulnerability.java | 1 - .../parser/trivy/TrivyParser.java | 142 ++++++++++++++++++ .../parser/trivy/model/Bitnami.java | 6 + .../parser/trivy/model/Cvss.java | 38 ----- .../parser/trivy/model/Layer.java | 4 + .../parser/trivy/model/Result.java | 3 + .../parser/trivy/model/TrivyError.java | 22 --- .../parser/trivy/model/Vulnerability.java | 24 ++- .../tasks/scanners/TrivyAnalysisTask.java | 109 ++++++-------- 9 files changed, 226 insertions(+), 123 deletions(-) create mode 100644 src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java delete mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/Cvss.java delete mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/TrivyError.java diff --git a/src/main/java/org/dependencytrack/model/Vulnerability.java b/src/main/java/org/dependencytrack/model/Vulnerability.java index c950424f46..9fca02e150 100644 --- a/src/main/java/org/dependencytrack/model/Vulnerability.java +++ b/src/main/java/org/dependencytrack/model/Vulnerability.java @@ -108,7 +108,6 @@ public enum Source { RETIREJS, // Retire.js INTERNAL, // Internally-managed (and manually entered) vulnerability OSV, // Google OSV Advisories - TRIVY, // Trivy Purl Vulnerability SNYK; // Snyk Purl Vulnerability public static boolean isKnownSource(String source) { diff --git a/src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java b/src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java new file mode 100644 index 0000000000..37d34b0b41 --- /dev/null +++ b/src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java @@ -0,0 +1,142 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.parser.trivy; + +import alpine.common.logging.Logger; +import org.dependencytrack.model.Cwe; +import org.dependencytrack.model.Severity; +import org.dependencytrack.model.Vulnerability; +import org.dependencytrack.model.VulnerableSoftware; +import org.dependencytrack.parser.common.resolver.CweResolver; +import org.dependencytrack.parser.trivy.model.Bitnami; +import org.dependencytrack.persistence.QueryManager; + +import java.math.BigDecimal; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.List; +import java.util.Locale; + +public class TrivyParser { + + private static final Logger LOGGER = Logger.getLogger(TrivyParser.class); + + public Vulnerability parse(org.dependencytrack.parser.trivy.model.Vulnerability data, QueryManager qm) { + Vulnerability synchronizedVulnerability = new Vulnerability(); + Vulnerability vulnerability = new Vulnerability(); + List vsList = new ArrayList<>(); + + Vulnerability.Source source = Vulnerability.Source.NVD; + + if (data.getVulnerabilityID().startsWith("GHSA-")) { + source = Vulnerability.Source.GITHUB; + } + + vulnerability.setSource(source); + + vulnerability.setPatchedVersions(data.getFixedVersion()); + + // get the id of the data record (vulnerability) + vulnerability.setVulnId(data.getVulnerabilityID()); + vulnerability.setTitle(data.getTitle()); + vulnerability.setDescription(data.getDescription()); + vulnerability.setSeverity(parseSeverity(data.getSeverity())); + + SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'", Locale.ENGLISH); + + if (data.getPublishedDate() != null) { + try { + vulnerability.setPublished(formatter.parse(data.getPublishedDate())); + } catch (ParseException ex) { + LOGGER.error("Unable to parse published date %s".formatted(data.getPublishedDate())); + } + vulnerability.setCreated(vulnerability.getPublished()); + } + + if (data.getLastModifiedDate() != null) { + try { + vulnerability.setUpdated(formatter.parse(data.getLastModifiedDate())); + } catch (ParseException ex) { + LOGGER.error("Unable to parse last modified date %s".formatted(data.getLastModifiedDate())); + } + } + + vulnerability.setReferences(addReferences(data.getReferences())); + + // CWE + for (String id : data.getCweIDS()) { + final Cwe cwe = CweResolver.getInstance().resolve(qm, id); + if (cwe != null) { + vulnerability.addCwe(cwe); + } + } + + vulnerability = setCvssScore(data.getCvss().get(data.getSeveritySource()), vulnerability); + + final List vsListOld = qm.detach(qm.getVulnerableSoftwareByVulnId(vulnerability.getSource(), vulnerability.getVulnId())); + synchronizedVulnerability = qm.synchronizeVulnerability(vulnerability, false); + qm.persist(vsList); + qm.updateAffectedVersionAttributions(synchronizedVulnerability, vsList, source); + vsList = qm.reconcileVulnerableSoftware(synchronizedVulnerability, vsListOld, vsList, source); + synchronizedVulnerability.setVulnerableSoftware(vsList); + qm.persist(synchronizedVulnerability); + + return synchronizedVulnerability; + } + + public Severity parseSeverity(String severity) { + + if (severity != null) { + if (severity.equalsIgnoreCase("CRITICAL")) { + return Severity.CRITICAL; + } else if (severity.equalsIgnoreCase("HIGH")) { + return Severity.HIGH; + } else if (severity.equalsIgnoreCase("MEDIUM")) { + return Severity.MEDIUM; + } else if (severity.equalsIgnoreCase("LOW")) { + return Severity.LOW; + } else { + return Severity.UNASSIGNED; + } + } + return Severity.UNASSIGNED; + } + + public Vulnerability setCvssScore(Bitnami cvss, Vulnerability vulnerability) { + if (cvss != null) { + vulnerability.setCvssV2Vector(cvss.getV2Vector()); + vulnerability.setCvssV3Vector(cvss.getV3Vector()); + vulnerability.setCvssV2BaseScore(BigDecimal.valueOf(cvss.getV2Score())); + vulnerability.setCvssV3BaseScore(BigDecimal.valueOf(cvss.getV3Score())); + } + + return vulnerability; + } + + public String addReferences(String[] references) { + final StringBuilder sb = new StringBuilder(); + for (String reference : references) { + if (reference != null) { + sb.append("* [").append(reference).append("](").append(reference).append(")\n"); + } + } + return sb.toString(); + } +} diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/Bitnami.java b/src/main/java/org/dependencytrack/parser/trivy/model/Bitnami.java index 538a49f3bf..81853e046b 100644 --- a/src/main/java/org/dependencytrack/parser/trivy/model/Bitnami.java +++ b/src/main/java/org/dependencytrack/parser/trivy/model/Bitnami.java @@ -18,10 +18,16 @@ */ package org.dependencytrack.parser.trivy.model; +import com.google.gson.annotations.SerializedName; + public class Bitnami { + @SerializedName("v2_vector") private String v2Vector; + @SerializedName("v3_vector") private String v3Vector; + @SerializedName("v2_score") private double v2Score; + @SerializedName("v3_score") private double v3Score; public String getV2Vector() { return v2Vector; } diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/Cvss.java b/src/main/java/org/dependencytrack/parser/trivy/model/Cvss.java deleted file mode 100644 index 46a5d906ba..0000000000 --- a/src/main/java/org/dependencytrack/parser/trivy/model/Cvss.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * This file is part of Dependency-Track. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) Steve Springett. All Rights Reserved. - */ -package org.dependencytrack.parser.trivy.model; - -public class Cvss { - private Bitnami ghsa; - private Bitnami nvd; - private Bitnami redhat; - private Bitnami bitnami; - - public Bitnami getGhsa() { return ghsa; } - public void setGhsa(Bitnami value) { this.ghsa = value; } - - public Bitnami getNvd() { return nvd; } - public void setNvd(Bitnami value) { this.nvd = value; } - - public Bitnami getRedhat() { return redhat; } - public void setRedhat(Bitnami value) { this.redhat = value; } - - public Bitnami getBitnami() { return bitnami; } - public void setBitnami(Bitnami value) { this.bitnami = value; } -} \ No newline at end of file diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/Layer.java b/src/main/java/org/dependencytrack/parser/trivy/model/Layer.java index e5f8410e3a..712b891899 100644 --- a/src/main/java/org/dependencytrack/parser/trivy/model/Layer.java +++ b/src/main/java/org/dependencytrack/parser/trivy/model/Layer.java @@ -18,9 +18,13 @@ */ package org.dependencytrack.parser.trivy.model; +import com.google.gson.annotations.SerializedName; + public class Layer { private String digest; + @SerializedName("diff_id") private String diffID; + @SerializedName("created_by") private String createdBy; public String getDigest() { return digest; } diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/Result.java b/src/main/java/org/dependencytrack/parser/trivy/model/Result.java index 2ea5551156..6194a75abc 100644 --- a/src/main/java/org/dependencytrack/parser/trivy/model/Result.java +++ b/src/main/java/org/dependencytrack/parser/trivy/model/Result.java @@ -18,6 +18,8 @@ */ package org.dependencytrack.parser.trivy.model; +import com.google.gson.annotations.SerializedName; + public class Result { private String target; private Vulnerability[] vulnerabilities; @@ -25,6 +27,7 @@ public class Result { private String resultClass; private String type; private Object[] packages; + @SerializedName("custom_resources") private Object[] customResources; private Object[] secrets; private Object[] licenses; diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/TrivyError.java b/src/main/java/org/dependencytrack/parser/trivy/model/TrivyError.java deleted file mode 100644 index beb049462c..0000000000 --- a/src/main/java/org/dependencytrack/parser/trivy/model/TrivyError.java +++ /dev/null @@ -1,22 +0,0 @@ -/* - * This file is part of Dependency-Track. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) Steve Springett. All Rights Reserved. - */ -package org.dependencytrack.parser.trivy.model; - -public record TrivyError(String code, String title, String detail) { -} diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/Vulnerability.java b/src/main/java/org/dependencytrack/parser/trivy/model/Vulnerability.java index 12609d7c65..66585025b4 100644 --- a/src/main/java/org/dependencytrack/parser/trivy/model/Vulnerability.java +++ b/src/main/java/org/dependencytrack/parser/trivy/model/Vulnerability.java @@ -20,28 +20,46 @@ import java.util.Map; +import com.google.gson.annotations.SerializedName; + public class Vulnerability { + @SerializedName("vulnerability_id") private String vulnerabilityID; + @SerializedName("pkg_name") private String pkgName; + @SerializedName("installed_version") private String installedVersion; + @SerializedName("fixed_version") private String fixedVersion; private String title; private String description; private String severity; private String[] references; private Layer layer; + @SerializedName("severity_source") private String severitySource; - private Cvss cvss; + private Map cvss; + @SerializedName("cwe_ids") private String[] cweIDS; + @SerializedName("primary_url") private String primaryURL; + @SerializedName("published_date") private String publishedDate; + @SerializedName("last_modified_date") private String lastModifiedDate; + @SerializedName("custom_advisory_data") private Object customAdvisoryData; + @SerializedName("custom_vuln_data") private Object customVulnData; + @SerializedName("vendor_ids") private Object[] vendorIDS; + @SerializedName("data_source") private DataSource dataSource; + @SerializedName("vendor_severity") private Map vendorSeverity; + @SerializedName("pkg_path") private String pkgPath; + @SerializedName("pkg_id") private String pkgID; private long status; @@ -75,8 +93,8 @@ public class Vulnerability { public String getSeveritySource() { return severitySource; } public void setSeveritySource(String value) { this.severitySource = value; } - public Cvss getCvss() { return cvss; } - public void setCvss(Cvss value) { this.cvss = value; } + public Map getCvss() { return cvss; } + public void setCvss(Map value) { this.cvss = value; } public String[] getCweIDS() { return cweIDS; } public void setCweIDS(String[] value) { this.cweIDS = value; } diff --git a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java index fe3c22a6fb..18fdb19024 100644 --- a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java +++ b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java @@ -57,15 +57,14 @@ import org.dependencytrack.parser.trivy.model.Options; import org.dependencytrack.parser.trivy.model.DeleteRequest; import org.dependencytrack.parser.trivy.model.BlobInfo; -import org.dependencytrack.parser.trivy.model.TrivyError; import org.dependencytrack.parser.trivy.model.TrivyResponse; import org.dependencytrack.parser.trivy.model.Library; import org.dependencytrack.persistence.QueryManager; import org.dependencytrack.util.NotificationUtil; import org.dependencytrack.util.RoundRobinAccessor; -import org.json.JSONArray; -import org.json.JSONObject; +import java.util.HashMap; import java.util.List; +import java.util.Map; import java.util.Optional; import java.util.concurrent.CompletableFuture; import java.util.concurrent.CountDownLatch; @@ -186,16 +185,14 @@ public void analyze(final List components) { var app = new Application("jar"); + var map = new HashMap(); + for (final Component component : components) { - LOGGER.debug("-----------------------------"); - LOGGER.debug("CPE: " + component.getCpe()); - LOGGER.debug("CPE: " + component.getPurl()); - LOGGER.debug("Group: " + component.getGroup()); - LOGGER.debug("Name: " + component.getName()); - LOGGER.debug("Version: " + component.getVersion()); - LOGGER.debug("-----------------------------"); - - app.addLibrary(new Library(component.getGroup() + ":" + component.getName(), component.getVersion())); + var name = component.getGroup() + ":" + component.getName(); + var key = name + ":" + component.getVersion(); + + map.put(key, component); + app.addLibrary(new Library(name, component.getVersion())); } info.setApplications(new Application[] {app}); @@ -204,12 +201,12 @@ public void analyze(final List components) { blob.setDiffID("sha256:82b8626f712f721809b12af37380479b68263b78600dea0b280ee8fc88e3d27a"); CompletableFuture - .runAsync(() -> analyzeBlob(blob), EXECUTOR) + .runAsync(() -> analyzeBlob(map, blob), EXECUTOR) .whenComplete((result, exception) -> { countDownLatch.countDown(); if (exception != null) { - LOGGER.error("An unexpected error occurred while analyzing %s" .formatted("x"), exception); + LOGGER.error("An unexpected error occurred while analyzing", exception); } }); @@ -233,7 +230,7 @@ public void analyze(final List components) { @Override public boolean shouldAnalyze(final PackageURL packageUrl) { return getApiBaseUrl() - .map(baseUrl -> !isCacheCurrent(Vulnerability.Source.TRIVY, apiBaseUrl, packageUrl.getCoordinates())) + .map(baseUrl -> !isCacheCurrent(Vulnerability.Source.NVD, apiBaseUrl, packageUrl.getCoordinates())) .orElse(false); } @@ -243,13 +240,24 @@ public boolean shouldAnalyze(final PackageURL packageUrl) { @Override public void applyAnalysisFromCache(final Component component) { getApiBaseUrl().ifPresent(baseUrl -> - applyAnalysisFromCache(Vulnerability.Source.TRIVY, apiBaseUrl, + applyAnalysisFromCache(Vulnerability.Source.NVD, apiBaseUrl, component.getPurl().getCoordinates(), component, getAnalyzerIdentity(), vulnerabilityAnalysisLevel)); } - private void analyzeBlob(final PutRequest blob) { + private void analyzeBlob(final Map components, final PutRequest blob) { if (putBlob(blob)) { - scanBlob(blob); + var response = scanBlob(blob); + if (response != null) { + for (int count = 0; count < response.getResults().length; count++) { + var result = response.getResults()[count]; + for (int idx = 0; idx < result.getVulnerabilities().length; idx++) { + var vulnerability = result.getVulnerabilities()[idx]; + var key = vulnerability.getPkgName() + ":" + vulnerability.getInstalledVersion(); + + handle(components.get(key), vulnerability); + } + } + } deleteBlob(blob); } } @@ -283,7 +291,7 @@ private boolean putBlob(PutRequest input) { return false; } - private void scanBlob(PutRequest input) { + private TrivyResponse scanBlob(PutRequest input) { final String requestUrl = "%s/twirp/trivy.scanner.v1.Scanner/Scan".formatted(apiBaseUrl); try { @@ -320,22 +328,9 @@ private void scanBlob(PutRequest input) { String responseString = EntityUtils.toString(response.getEntity()); var trivyResponse = gson.fromJson(responseString,TrivyResponse.class); - LOGGER.info(trivyResponse.toString()); - // handle(component, responseJson); LOGGER.info("Scan response: " + response.getStatusLine().getStatusCode()); LOGGER.debug("Response from server: " + responseString); - } else if (response.getEntity() != null) { - String responseString = EntityUtils.toString(response.getEntity()); - JSONObject responseJson = new JSONObject(responseString); - final List errors = new TrivyParser().parseErrors(responseJson); - if (!errors.isEmpty()) { - // LOGGER.error("Analysis of component %s failed with HTTP status %d: \n%s" - // .formatted(component.getPurl(), response.getStatusLine().getStatusCode(), errors.stream() - // .map(error -> " - %s: %s (%s)" .formatted(error.title(), error.detail(), error.code())) - // .collect(Collectors.joining("\n")))); - } else { - handleUnexpectedHttpResponse(LOGGER, request.getURI().toString(), response.getStatusLine().getStatusCode(), response.getStatusLine().getReasonPhrase()); - } + return trivyResponse; } else { handleUnexpectedHttpResponse(LOGGER, request.getURI().toString(), response.getStatusLine().getStatusCode(), response.getStatusLine().getReasonPhrase()); } @@ -343,6 +338,7 @@ private void scanBlob(PutRequest input) { } catch (Throwable ex) { handleRequestException(LOGGER, ex); } + return null; } private void deleteBlob(PutRequest input) { @@ -375,34 +371,29 @@ private void deleteBlob(PutRequest input) { } - private void handle(final Component component, final JSONObject object) { + private void handle(final Component component, final org.dependencytrack.parser.trivy.model.Vulnerability data) { + if (component == null) { + LOGGER.error("Unable to handle null component"); + return; + } else if (data == null) { + addNoVulnerabilityToCache(component); + return; + } + try (QueryManager qm = new QueryManager()) { - String purl = null; - final JSONObject metaInfo = object.optJSONObject("meta"); - if (metaInfo != null) { - purl = metaInfo.optJSONObject("package").optString("url"); - if (purl == null) { - purl = component.getPurlCoordinates().toString(); - } + final var trivyParser = new TrivyParser(); + + Vulnerability synchronizedVulnerability = trivyParser.parse(data, qm); + addVulnerabilityToCache(component, synchronizedVulnerability); + final Component componentPersisted = qm.getObjectByUuid(Component.class, component.getUuid()); + if (componentPersisted != null && synchronizedVulnerability.getVulnId() != null) { + NotificationUtil.analyzeNotificationCriteria(qm, synchronizedVulnerability, componentPersisted, vulnerabilityAnalysisLevel); + qm.addVulnerability(synchronizedVulnerability, componentPersisted, this.getAnalyzerIdentity()); + LOGGER.debug("Trivy vulnerability added : " + synchronizedVulnerability.getVulnId() + " to component " + component.getName()); } - final JSONArray data = object.optJSONArray("data"); - if (data != null && !data.isEmpty()) { - final var trivyParser = new TrivyParser(); - for (int count = 0; count < data.length(); count++) { - Vulnerability synchronizedVulnerability = trivyParser.parse(data, qm, purl, count, true); - addVulnerabilityToCache(component, synchronizedVulnerability); - final Component componentPersisted = qm.getObjectByUuid(Component.class, component.getUuid()); - if (componentPersisted != null && synchronizedVulnerability.getVulnId() != null) { - NotificationUtil.analyzeNotificationCriteria(qm, synchronizedVulnerability, componentPersisted, vulnerabilityAnalysisLevel); - qm.addVulnerability(synchronizedVulnerability, componentPersisted, this.getAnalyzerIdentity()); - LOGGER.debug("Trivy vulnerability added : " + synchronizedVulnerability.getVulnId() + " to component " + component.getName()); - } - Event.dispatch(new IndexEvent(IndexEvent.Action.COMMIT, Vulnerability.class)); - } - } else { - addNoVulnerabilityToCache(component); - } - updateAnalysisCacheStats(qm, Vulnerability.Source.TRIVY, apiBaseUrl, component.getPurl().getCoordinates(), component.getCacheResult()); + Event.dispatch(new IndexEvent(IndexEvent.Action.COMMIT, Vulnerability.class)); + + updateAnalysisCacheStats(qm, Vulnerability.Source.NVD, apiBaseUrl, component.getPurl().getCoordinates(), component.getCacheResult()); } } From 77c0fb45a98e912ced225425f9ce710f81871911 Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Sat, 2 Dec 2023 18:56:13 +0100 Subject: [PATCH 04/21] documentation Signed-off-by: Marlon Pina Tojal --- .../analysis-types/known-vulnerabilities.md | 5 ++++ docs/_docs/datasources/trivy.md | 22 ++++++++++++++++++ .../screenshots/trivy-configuration.png | Bin 0 -> 194159 bytes 3 files changed, 27 insertions(+) create mode 100644 docs/_docs/datasources/trivy.md create mode 100644 docs/images/screenshots/trivy-configuration.png diff --git a/docs/_docs/analysis-types/known-vulnerabilities.md b/docs/_docs/analysis-types/known-vulnerabilities.md index e3132d9214..811ce5960f 100644 --- a/docs/_docs/analysis-types/known-vulnerabilities.md +++ b/docs/_docs/analysis-types/known-vulnerabilities.md @@ -71,6 +71,11 @@ This analyzer is applicable to all components with valid Package URLs. Snyk REST API version is updated every 6 months and can be referred at [Snyk REST API for PURL](https://apidocs.snyk.io/?version=2022-10-06#get-/orgs/-org_id-/packages/-purl-/issues) for additional information. +### Trivy Analyzer + +Trivy analyzer relies on a server trivy instance to perform the analysis using REST API. +Trivy REST API is not publically documented so upgrading to a new version might lead to some issues. + ### Analysis Result Cache Dependency-Track contains an internal limiter which prevents repeated requests to remote services when performing diff --git a/docs/_docs/datasources/trivy.md b/docs/_docs/datasources/trivy.md new file mode 100644 index 0000000000..800af295ad --- /dev/null +++ b/docs/_docs/datasources/trivy.md @@ -0,0 +1,22 @@ +--- +title: Trivy +category: Datasources +chapter: 4 +order: 6 +--- + +[Trivy](https://www.aquasec.com/products/trivy/) is a tool provided by aquas allowing you to scan for vulnerabilities. + +Dependency-Track integrates with Trivy using its undocumented REST API. + +The Trivy integration is disabled by default. + +### Configuration + +To configure the Trivy integration, navigate to *Analyzers* -> *Trivy* in the administration panel. + +|:---|:----| +| Base URL | Base URL of the Trivy REST API. Defaults to `http://localhost:8081`. | +| API Token | Authentication token for the REST API. | + +![Trivy Configuration](../../images/screenshots/trivy-configuration.png) diff --git a/docs/images/screenshots/trivy-configuration.png b/docs/images/screenshots/trivy-configuration.png new file mode 100644 index 0000000000000000000000000000000000000000..e51f813324923b5c1dc3449cd5abe395bb6d8fdd GIT binary patch literal 194159 zcmeFacQ~7U|3BQNgQ^arH9M}NX4T%hXsInUX057CZ4s&VQZuwww03Q=V+*1KHDm9H zQ7cC5AR*7G_jS+j_rC9PJkRqxe#deB;Sj-@&-tFO_xtmHea;{aH6>bVX6i$S4$(e* za8C>P#(L-wmE6hWz&oGnE}a6t9d^-Dx^pP6jdd3I;hyE=hfh^i5Agu6PaZlPV14M= z-k$(p%)r;7Lr0SiA36$rKfL!|(viRZmXL4EsELUUfyVbrI{KswjF&}0K zv*EKlcYu2aF7b?b;sr)2GKzQ|E7!PLh ze(r*oow^t0j~qJS^1Dx-WbJv}fAwIiZ(js_W^hO8(0(2D?{@E(!c1fE$B+A!!C*CD zwkvp6vKnAg~{+twZ&f$-`#l4`O(FNb9S)AwrYA!IN7`*Ovr9C zaFb9?ocf&7DoO0A7nvT;cVFmrjk{~>&D?uu-_E>nJE^K?*n*l49&^@G8jd4hcUz1} zj7aP&Ax$M({WyN)0_UUeq;&Pzn$Lyl^AA9QTK(K5eQdt>wAHXzU2^qHco?h5&wUrR z1Z(;&OjATmU0P**z6DAwun}5JjF7cDDrMpcOX)uRqy?D5D-~;jfa8Mc5eJC(fx6mb z-;16}`nAPNH_UXTtWe3^vez%-Pj$rk3OV$}C=BeLV7(|$Y795WR=Tyix8@2hTNNp* zPBesvTeoVkAta~RWjvi&iQD2oL|{A3iRNyMF*c3v-%ayF{EnWeM>|xDW}jV8JRaT2 zdWP2c0oQ(WA&~#i=4O0(8_;2PWWs&mx|Hk8n-eg07&+*vLBr<=&ih_oUM;cG;%LP( z2dr6sHPO0s&OSFt`^mH)i4ZPo+bgnlJ=SHB)5K0#?fa)o&Z?^WR^~DMDF93ywGKy3 zaOvo=#R!=z<`|($2TpRT%Ker|Djjlw!*(a4d{F&;c1)r|2e?Cp7qzzMXO?0V9YbD8 zy9FU-IhD44KYDfBj-#W(_FJdF=7&`~9W2cDn~S=bkKQXq#jUqo(+vpUoz}px_!J-9 z*A%-9zPK*OhQR2ldp+IK$v4+GI=3vZdBBmc!orbrC>v#qw z4i~%7mOOd0Z{Mqwdt5NG(fLF{@tqqu^$9IVbC6?5Ay_oqRjm*@dY2=}EkCE(!;!o| zyZmh;e0s>bMjJ^|UWm!g3uTw}{x+t>`Z1RF(k&6+jR=m0Tnbsqw`x-<2C{M`Kv60o zVSRl5Qfr)~aDtb&qJth73}$5>A{5+>^V*Qy^2OCaSBY5S@HGK)%l)m5X2EKD3TcNB zS&xpn%Pe8DHZw2m<{HW_EVaF{z?7|*A0~pSrc`h_pm$6PpVtL<`jm*5u3hR$XcpVQ z^*y6GVlVCV-XG4RMsa;l%W6ynud`gV9LV+=_tV^(PWHSTUtd?gPA6A)xhvD+q^O%Xss; zcx2Ft`*j8w{zY9h5zk~fz*|4h4)P!iAsk5d*a_A0zC!bci_-3Paue6UPtq&&3*Tu{ z7pFc^_vU}R^n7iuPyS4d$c^2NXnDuA&LOL@R6)b-G?_ImR*{=DN7D4D>2^jTIDU8W z&6+N?l$D!JAuiK(sf`g6!>eui!VUp^WMrQ)q;6WEhMR83XOSk_;#1s6n$QiO2xHO$ z8fNI-$YeG$T#;sOZSKjqc1hm%4xbUy^ciBKgg8Wbu~{1+$7*S5nYP+6U*(e8cX$Bm zGv<;A2W9ISnLEegQ+~E38;u+dn%mi0U=W4`3#h0%%#H z@{4-gAGpvD~5D|Mif)Lej$VuqNJQ@_V{T)08iRJ(`}I zi`+8tAQt^Kt@m(NrpbwoAf&0Z($+E|7%{1mytH|g1scb|RU@cE7pXLv=u7WEAe@{- zNs=*q&vQPK0DXLqv78%&;0DRcU8knQUh=0}MLKo1bIbow)hvaIZPc0-y+rVmdXUDY`R)-zuVhXo;GS&o3muxsY7oWGqH7a>LjsSH~9>s8ENe;)TOy zb&as;LFodj5l3#EVD;3ffnl(s#J4gf*;SWf^W{2lnQ|h ztX4h+)Wa4lxY)}nHJ*zVV6T4s2lMdOX$~2S2gZIgOnp0cMd^$0{JnOkwG)HX;-%_x zJ_=7%Chmwll_Nb`!(*lE;X|ToGP6Ibn%XO-tK|i@*ZjBQ(7QeB%h9n8!9l2nC=*^c z<1Ki812Rozb;4!3tr0gzd3#3-h}EG(4m(yYp7_Qb<{sn+c}iVp!Cg9t5i7*dtzQ6i z!FzOui zC@Hb+n(^$xR(OHR`nXwcRXU7jTH$hRv~(9ZY07jgO;ZtbH3{(s zAgDuW4gH(o3vHn*vUEW!;tA&>U99YVplSX!8}L&X5by-AsgJaXxvGr;X1Qxr?%r!N zZ}sT53DuMvw3X5{9BH*3OJiTJfpA`n6?kQtw8I1S5HYSf0yu6i^DN#%Ok>Vq35nCDN>6Rno}Xv#S+1zP~e)qRa!mvfzIFPAi!!}zXDbZ%C-Onoa>Vh^K{ zchNLnm z63IhOB|Yj>u_v*WVsKp?7`atfKKV&FJaqK3k^a$I2B?u+pg^9Do{tt6q-S^KHs6Ln zy;2w~1c+|J3;W)D1(q1MVPvQV|!FR?oBGJ(R?lzzSxyM0O2^IZJ? zdl*kx&T>22+wwK@TyT>hzH9Xc#d#WkZ6@?fHo417$m>Q@g)rwBzxRjmz+CLYYxQS}JjKRH9Zp6_JM#F$mCd6pZ->#-E88!9#}n6K>Fbeha|uQ; zOP!tV*t7!8h1($U9SLd`#vh+jk?UhwgAK7}kn!!>j$-SsShLFG(+?OzwN%Dp%x-cn z$cx+RRxRCe`<^Yqx!&ghSuF9WA%({}=3Nlu2?LkdfDECN;wxuW3LVV}fW%c63N)RE ztHCD`7gxM~j0NC-hXI)XL{z| z0MBrh=XIFsd;gtudkl)1$$FKsH3#eP=#DAifzqe1iSrkbRla!q>EgbYI1^ zAp8CIR{iWBCG}8+#eB)P`%x})@BI{y%+_dqMhg!k!&FO4cr<(fnleF+k?k2R{4yTB zy8C5NlqFYA=dnb-_pX53-7}Ns#2h(~#g;(P?3D%D-AqL29jSy8B%9I?g6ftMg1V@A zyGfyyK>|Ng4Vf>rTCX070Er-Qixtw@Ki-$T;#3XR;m>fNi}rWy+{#k@_#C!y*R3=$ zQC2#CMmwX(FFqr|C)sa=ueit#%>MY{2`h`p7tA(-ZLtRUk;hNcM3VgAVBti5{}?=n z8beTUE{w8U*Q#10zq;17wQOANeILQzoo3so8isrKsw+cv=v|k2-8Npu`kfqf+o8j7 zU46tn9FNhZ&gVBQPud;p-0jZl@he>Wm{>mKkhVL>qPi1mgRzg@e=TUIa)eEP$c!d3 z|K6mfmE#D~ot2%fZI}Go9MYo`bfYCdFR5rOX)i7RbuBN6fw|h4NuX=ck`Wm$D2# zXz&v>3{{D?o0p7w{jIXZ*4Ev|9>kDnj?ZQaMTpv^#JWti49pZp^6I@016eTC zh-JvGjdpvk1aX;77n)B1`8H&));7M4FKl2BX+T;@+V-}zetcR~&u1J5!ViY_?qSil zvPJQV@Zb^X_C27qT+yQ}WXsRR3f0-Nzq@0dB}*Zv%X8d#uWPrnEy{|w!CUE6C3x(= zRbP;Ms<^UN^UUMN9GzaGt%FzI44R|XGZQ#L?D{q38*gb#X=r-&F5~-eB;VceP8+Lj zJkI4{tyG3@lC_Rmfrfjo4{X!soT;=JOG>x7P;YfRI|ryTc%$+&PgRTbkgXFQM$k28 z%net#_^iEDw|kBkDRm!xwlw;AYqKX?uOZvtc&ZianPe5ggjGI415zapcfQkpF_#?; zyP+mE*)1_M`miHKDZJm70A10O+WkU2nG^OiJxy;O6-I&Zzwlmibko{jO%$;Vn z&l-*aZJoA^mr`N|VehXq0SjZZ_}Z3w<|Otdws5+|Ha%Ek>ro6;DKy z;youL`MP@)=CCM_xQ#ZC`_%dKuv)+6{2_-{rPdh9A`$QJ?VpyrBh;fd<{VG6iRJj} zp$60$LetegzC(Aa(s9UL9U=E#Fi(UM;j$aUyc<|YN;v?zW9zO_#q71cC_B5vah%6+ z&1W}nOH5hC;CNlgYHdgRr&!prbSEzA*)^gWtl*Z%$Khn=1bR>|l0?8>n2TeVY} zPVeXG5_H%kDi?ZTVi)gaRX1UY{nzT%KU|F9e=JU5u|z-&CO{{*Jji z=EGY@^!4n1VT%X4xd=b^5t96yfOpIi-A_?+OP|8O-DiRcsL8D_(2kfRI6;|+rtsES z@v^oLKs_D3q0~b?{$9%DYke>S?@C9Ow?@zQT#uYAC|8Occ+J+szM$HB9Z}`D_5rW_ zkmYp$y#}lY?jy&-K#^4yF;tj^Rq{#gi+5e2m(=UXTY_Q|Y6odKYVfy<9aS2r2JI|D zG#?``H%YmL1#8RETcQ@3I?^hW)lXlH3GitmW}msEgZ0v;Pw=(K_T{85Vh=~aupdl{ zd^%Z@$=@Tc9Y39Ie3wxqnCV0r(@-y-VtpEaeN>i zW&4g~f1tOXZ!C+ip^UK9;YCiU=jDaIZ=;OS)iCi!35E+8RelSQcfUPfMmgM(Yfx6@ z-ILjoGBNLhW7=ytRIPQAMXIpHl7ccE<{p=r9A(B-mtTt~yosfEtWoL9bDkQQRt)F+ zJ>rf5rJ5*TcXx|KX0kmZuEgf@X#O4Oa#OZn8U|}?M<>7b#8;7;9Ou?nA>`@g#?43d zW-r7gZns#O|4@^*f8IOp?GEJOy&Zv$BCGrd(~fG8@#Thz*CrGm4)5=u0_v;@K66?F6pAL_m5DDZT-&JZ!8w^C`I-``FYwl?cM{O zDh96jM1MhKuwb^XBDicZZ79!sCNFb)+EJNg;F5yhz$v9tD?!-LPo6-_!5DO{7|eO3 z6u}K@TUuIAQt=r1AkW1hPNTuiWz^KFEYSRpXp80C%a`*-j*Lr9gD_;%{aJS7++4$o zTkPITpXaNf=AEgH&J&J~-_^Z@Xc`Pjt+wMAC@!X_StV}DZH|TS<;5K1YAL$6skdRI zIg^zFEoxkGw0m*eKiN5*eDTv|3G}@?x7F#OAi1KzOu?ul1`{xBcVv!$;hx#PUNQ zU|mY%tD~nCC)EYR5e*slJ|TFr$F+>9Ss0@DgPU@`X!LNv`jd&;>lu`gCIc9Ye;UoI z+j~pU2Ov4*mf^Dkl2-zv?~VBl#kj)12GBMmzOS`R$BE_6^0F?VaJydjlU@BF$l8vn zQXn4ja#VhOaTt8@X>_M`7rU24UIji_Mk7LsmxpJipyS$=%&av-16`^XV%Sr2Vp#*P&Ab=#hmz&fx~ zGD6CyqdP=qcXMKVXS!N&sx_9$Djw>ft&YoCU0=j_rJEVm`rXFN6C|0oDbTzh6 zx1R=vcUoTz#$>RHJktO=Xd2EgvVf-ODJ7;~W9u{Hc4dJskKftrGKs;08t>qc+)Z|pxql3y{2%u{I7mM!>0P*%@rk@QA z3)w<%^&WK2j0zan(LaQ}zW?p|pDHWX1?1PeZIN@(aU&XFRIB7rrONqz4~+b@+Gn|d z{BqYDA2S`uh!6QOo(0C84!cJGw*P{3Pi5`;z^s`5TtuP30S$=%GGM?*W&|D{C{idS zl~4on>*X>xI;a6D00vCeZuIV89;jf;0LU*_y}t5*qk6?J00X8;Lj86?{rwpL{tN*B zmj?iiQX|3w4ZoAoL4%M&5(9OnQ#Un7@bv?x!Gi_gKmY51LHB^M@*q{%pDR3AV*B&I z{`BrYedkXv_|psi^nyRV;QtpdcyiYdNsC(h8_Fr>^z*&zA<%8C4zje=$uqbBikwT< z0D(wv?0>b`_GIuwuB>q9&s=0+leQu-xG4&L*h$6p_nj-e`$7T2Fw<`AI1Ih;$L*Dh z`rY|-Ha`a(82~RWDKQZI#hO$S))sP}ckOlOLT>r8h=bx}F&7eyeVJQ`VIYqpN0@|wxi09|53xid-G zyibh)2$tDL79?K}WEl_^@&oUTRq?^~M|3#~NPlT%4OJ>I7H2i>qRR<6hUCr$Bm|7g z#i^V3;v8q%{N1wkrYPa|JQJ}yEa^gB5&^&JBluGmXw~N3yX|vVK~nhsGy}d5I~I^# zI8>Gm1@I27{5JH*GP~TXw<)5Kr2s4WCwVPA$LNvNhifhluHudne|A)JwJwtcAJ8Ky zFYoCtakpV=Pz||{S5}+{+)*@aAdv2qY0BE0-{J3G{^I7jU;4QR=tljTCu+Max%5(< zd-yy_KgmdUqmh>-GLp?$x5HVL==+N2cR1PYFUFFqeHp5hLBOxY$NT?Ihe3ZenAVDQ z11z-n$Ewwp*{9WEjlbAZYiFklMz`|p>SoI_msfByn!W3SvGbmZ7ztOAJ!`@W%L_KMYwZsf*B0roF$)*nTsjKj{Mo69C4 zh3>z4yK{KMQ$`+vQ=|DNBO zxd2^Ch+F+zQU2%aK8pZM$$q7<^2Pye8GZrKWn6600mWDR5HKaNt;bmUU(D(M@;QF> z01HgCtrh&AZ}Z>EaWEAypIDz9hv5B$kiYKsB_q)GTaU<%v_A!0G z+RalJ%msx^Qa=$On$b6yFt}R)q z$p(mU`JCN%8p?G0xv|DBM!Zzdx7X)5WFhOpmMYQpU;Jsz*6}_3zYU5+vk5)7h+En4 zs4sU$DMs_z>DZOry&u5grE|mXeHfvpA>l28O*L`jfpa-g@uX{uoVufLa}dB+iXX8@ zEsU!U)YNKTyBQBKll^jkYX>H9C8nX%4OarH9a8ijQFJ9X%KI8p8w2V~^h`eP5Vnu9 zu+8l&?9}!GhnEaWwJl8XR3n`_O!K9$o{=8^F7+w)YHgQrLa;OiszjcMLN@^8*CE)U zZ=@R10>?CLCZz+IrJ(IK(A3n#vy@MSr7eut*ZN6QvoZ)VZ;cdLVPq_HNNa~bX8*+H zx!OqpJ;}Lay5^#}`-oQ&V?Qt?xtXYLLNC6%_I@6P9zLKwEXaGIx)3mBb{odA6rY5O+A9-F%}R2kV{@dTV@wO-8cDeao^CplpqQ z(xvz=lH|)9A-p5CtuT@;tM50>I_%?$=a$1>(`RC zEl8eO%FdJZE$H}sPqs(RCK8GCoD1TrOQxb3XQZ&;D%mr8{#FP7_ZJJw062)0Tcoca zh#E9Na-2v6Y|C!rop#A96*Rf09H3sAwZ$=sk*cDYC7!j9K8R$pDJuc{r<(v1XP!Ua z2AHoSKxub@kupw!?QX8|?n4N81@TA*@ zEx{179x1fd{?&~9J9az)wad2WPJ;pVd!Si?_guf_aGrB_M?){TRahMph%s8rdR*pU zltoEEEr!YuZw{4{ZS}gdLO<-PI+M^2@HL|$jk*3T?bB>hBHKiq90GwDpX7TlMXCU6 zg24mrOI3nYaZ*q7%?yZ5yqX`YwRi;u!#m8~+t71+{0n1m>)ofI$2Kiecs*r9qdDBk ztgB||-JOXFurLtrEbG#uMw*dsXIO9EJWh9sIa@b(c&5Dbl-R!{`u_+I;PjbWJ(kzF zoS6NbQDNZ`>aq)>cjs?DQSe!AHVFz5AX~J=OHYd?qD9p&R&-_33J}|0X^&&Xcbs4C zb_-2pWvuAEI^ia!{{+N1ugs9zsj^q9`1SHSeS52Q2QC z4ev(FXr=r2?~h=sfhl}9@;6T>{LwnoEl2?0O;@}%A@u7R`RA`LFTJ}SvWkBwPM*@! z{C?-bx&gHkdLdO?8H=vjWm*ovQ3TqgDX+ZNtMZIcQDJGdn6er#x0aYKyR7_;`ly_V zhCU;c7#{yLHR-Kfz`PskSkygTQeiA<8^DMir!PS4kFKX>m-($tf;0?FBnor@3<)jR z;N#+Fresps&_uL61^kL=WL3bn4|G@i6oAC`oZY?b8$mSk5j&f1xZLLhCl=9y%m$h_ zc5ZG~(fMSyg$IX(BuGvAl}|59PZZ8}na>oM3eCQ`JCXE?i-~TUFl65+JL0~QwcMJW zpV?&su_Cd#2g+{r^KNg^`pY)Li(Kwx9-{e6^M`Jh%{< z6a0B1TsFpIFS&3omO|v7j=hXFf4cE%T#4N`b7RQ|vKJ|QU&xsK_)Z%J($%f|JqR_q zGuu!jC`0k7k^L>ZydC9{C^az+P_uxc{viqr^|YB~$LHHlHZd%>bgB2rT|a)B^%28?6-bwL@u^Rpx^2p#y>`JW|nlkON`fVE&xVN{M@gjd^&5;nIp z(ZJ3`@FC7_p)cS$_J|d0@CzerQ5O?(xA43*?6bHd%>U5?{~2ODQ30x&Qk{a2Z8&|? zlwvY}MXv*ja87z&W5;A7U)7lcrNHxHlPYO>(Z(?x+U(`>#=f&@5@W57{OcL;qjU-M z^1B^$W&_B|&+iW(JzftUp!3t-Om&a^eY_DA8M&+=Hcf}7U};|}?QE}yhsb$6bbhv* z@KSj?Zh6sjZb+@|uG-`PU9@c(z(EWG;-OpW8B@}pp^Jvl-mfM#8T3O{B8&I zLhoiC^;u_>dE^Cn4;FzA_Vtq)>5 z-p@UtFm7#f2@XH&&r~n1@jw$>q-+ghzLXawHt+7-lmX760P7DeLgp_upqGCyAJaqg ztq=SY;QTLEC8C?OD9Fnq9kM!@t3XZD;}}xJBY`8em8_#ycW~tGZHbi`^EvWa$(?@p z&A_)p3vUBdrc-Y=HOOyeNlhr9=yOa}K15n9gXwx%+4*b%lvk$~;q?H!0yL(E)bKE) zs`~RGZE8$hyuX#ri8QefNkLLtZpkzN&71ahiI!+G4U&Tc27$iF3KH0g$(Zf`WFAM_ zrRzS$(v$Ebv=H*rP3uzY;$NjCBK;($zXl$883%n8d0TWBemrcC^pzO4YdWAnfZY$1tS~_2#c_ z*62@BUljKy|JffYgSI+}j)*}ChrZ>sG00-Iy0x^uNQ0D?e=-+4jBl}g#{@W7M;Hl9 zdEXEtn!P&5?l!;d_C*oh^yQ2A(@$gFS{F$(^P96)3GsvsdCsSwjQmp02hjd{W_Usa z)CQ%8@+H-w03*FLbEVxDY*49dK9q-2>mThtks)`s8EJEew#3c0uig5G+!0 z#54{b*k%fo-7PyE(hq=4*`Or18&tmZGQ1w&(<9%W3#}^0?m^6UCHavj{h1O^0aj9T zuNY@S!m>_bb|bDC`J!i!VDZW{WxP(xZIN{vP{O!FNL8X|=Zy{kc{5jS1iqEF*991_ zE8np0;q)8ZL^cYKyJ$1SfHE&a6Y~)0`L=&MlEtIGAm-6VqxlhZJqNeZ??R9fF+`)w zaF?=do=|^f zq%6F-^Jo^w%>*0k>|`~nbPY1DhD7J}u+BYTxZEYBbu-%+HR%Wo8gksR8ZqLgznWXv z-?=OAxCM!GUCBywTAC4(R+^s2owe;H%R`8V6ZJsE!{o$tNW0N96)vhl zZ=Anpk$L%Ka`NSxVCvwc)Atn=G&JtL`ILOJNpWK&#kHeasdDItEb)fd_lQ*cm~`tH z9}MYK1#uWSH-!jUUG^HmOz&=+7|OLc{<^MTDC7dlwy7&!RIi+W7t*(LA3sVR->Fg_ zIRx;Ics&^AaTE-UeqL`x5^zAXlrT1$%A#l|0*O?erT;m$aH7DpkaGA0BP-4#B4K&p z)tN99#arn%tS&z1omL1V|M+CIao{E4r{4n4L3CI$2c9pD`iyd;o|Z=4zVUl8DFFhC z6R3x?T?qGCJHPb%G6y58K~LMp5aBHNP{wnEn=s$1l@*mjyDenDX+wPS-2gZbT~^=D zN`a=ewe_PI5uvH*_xHl#;*GhcXw1AxLDYQOv^-_D*K@4GD#a~U%z5ckK*JJNkv?=l z0PEp3I^##8FaXHGFfaI<0P2k3MRD)$6BRsk;OX~k$gP;-*K1`(oO5D(v;T1A%b=00 zenx(T92vQ=G1Op1M>eecL^T9n|HS9i&ExM|+W*|?GXROw(=m-_sGtDjfV-bV#`W1} z-^qB75pP}&F&_DiMHJy%vJPC3#K-Fhrb?Cs_&P;y7C2D^4U1)8qNuIz)-A+Ne0-Vf zKqt9yTxUnf0O(mKd^`SM;^jZoBpNC}Yfb-)B!4oLbf!aw%9E!IAZYW1=a=KEyjCwJ zyi|xB!V#*afxuB}NVLtbVFlOuLFJYkUz!5J1;Ya{tw!y_Ad8j49wWJE^bKFHo*sbS zM11MhbXOESO-b;P@vtMP&l_BK60vOh@z}@{@nk&QeS4ilBMoBeU9t6YwXKy3f_xQ^ zat%@uK*=ESs&hrM0C(Mag0`=2TsblYAfTfgr-I0xi~@#dQ{*-;qZ0>o&#=;By<^GC z(+N=TI(KRw&>2?M4>xOc^Jo_wxnM#K#q~P89i7)0FxCy^}~rP=w$M z>QZSd?cPHe9@?F$K0RGX^;-g3FHIhjB@J=6A1ciiGfV9>qu$jxvKqzeVvI)B|iB>TMIR*|ZPxj>a|lR)mqlh6Knoak}ke#E^qY);mq# zS{pIsWwniu??E%!d6uS$c!TwwIWx8a<|u)k@;jQ7>lUUNdl=}9{K~V>$xRX)zqsSJ zS9H1YXh6*@;*C3hh@Q*LFVHNF8Z@?b_dZuH0;0_%3(i?ls3|P@Xx)gRoLlKChzV+GQqGONR|usjfo8KYVKFja$F8{pB%{(`zgXH}-yPDlF?T*jRJTfZPgI`h(!C6# zL6xqa7)8Tmc_n3~bT#km1WY|Allk#TG>EUox5Mq8N2w zauf3Nab4-EMzd*yY16KQm#pgAQ1g|YLhI0^8{~!VvaC5^3nEGE2>7yR_laxfOK(1H zb92GRlN(lTG2pYe+Fpv$kx3?0=5yv5HGP_fhODTC z8l~M{WK$?kh7|fi2FsLd8UD=U`Of0&&l{BoGw~D zX|G2BOVMx5RLA*(qOci`6dq{yT;^ldWFNcLDYryka@!Uz|Gb!fsU5g#b;Dq}MVk`R zzyV1mudHvN_C&*yP6LSM2|twsX@Z|h*sjt#QDXMJVE!8E^Yj@xk>mC?_jltgZ#8swtj5aS!5NtyK=T|O_^c?6Dv@S73(N5D0>-gN7B8}-dNujBYBO~ zlQi_9BgL%04Mm^hj8lh70l{o%&$bO=AyNG1l%r?(E^2#OZLLg3qOKM>4wV}5JuWay zuu~w6WamkMEZ_CGx;|payZIrd%#|gydCoa;0iuUl;dYAUl^`X*^T2n1i@fot%SZFMQEORZ_7s^(=VGoP7)-6 zNbKs2CU1=ra1Nbd3> z?9|l^16bl6B@_O~wi`$0Pnk$b);NtnthlMkc-dy8YFoYxJ+d7A(uG3>bQ(B4>BGyK zb11?k;1s8D53S5+q_vgjINu$bFe_>BW2?K*1kr0|RXe@0LKZW+RLu*0FrYK3l0mH{RFt_`h1$IlIYXCtX zdWP_yX!sn!s%zgrlPiu3RAS$D{47K3#svx5UTGEx%F@oraShsI5d%2EJ*}ac&gbUJ z&PwY`oc&Nqh^qKPMD{%$qwA?JKiifII{-;h+|l7P7<@nZYnTL2HT@1&Vzd2gHgtrF z%cnR3RLISntv|_~{h?%CY)COt4w@}(p9Y2RI9jENFYfJnFlQ?0rcGzaSKM^i#nM(# zzveZVY7to!M_1nReLhCXU0W5({;>IqrY(feLKr$&%%jc!FmeY;ID(T{UGtorj7G5L zXNPSYHe}~l#R)gwDF@E&Y{h+Pxg`7?cVTgRjx9^~Ne`xjtgx?bJbh{%ljrGC5t6yH z)a3Eb#JYzWK9X|lvzYFarX64WoqHJ2nPQp6A|TGqx-@yXBW#*H(^ZDEnTCjiWSgcC z0_DiTh`z2DUaM2U?@`=(>!wAwW0`WU0z!@g`qn_0)M+=tw$b((U0~Xo?*xY5T-*XC zIs!O?D{ip9rz*iCu};_$=U(xeORWaQneKxI6epLsHwc5=JRoa`E>_I78G_P#;JJ;< z=}TqW7fzV(;rjMtzzKYbZ+D8Vhs3tic>JNH+)bavo4!7w92C=*kFqF5m9{(L;O|q5 zYXcqT6Yvz}l*gu#v(SME3Xo1XdBGiXc zy@@73#e=oezVkhb1JSpKx;gow97tF#iGwb84Gw@-90Q`?TH24 z(h!uCrJepQlTJ}lcPx|g;xNd;diGs-HjBlH4E03DX!07@a!(iLdvz@~r(D8AZOWM< zPY6Mix5Ax&2qosgN&_@F;GEzEpn;^`!|n7wcOpzD zYaGBKLF&HV=$Uxq)Wz;Bmts}HR6(^!;K1gOMfEE7)G%q=(D7q?4X(3({xpo=q#exJ$g+Za|<52aO>gz!gcp*(P|Cz?ICa%L_FcYZ`JjyaI44|B=9gE400IMp$ zsO6!`LrwJw0q74DmgTwh)!BT4i^*3$O2A0JaOePM=>h<;jVc)LQ-55}^rt~xFC`3S z`{j49FryTlot=Fa-+VPogvwu%tt19MwMLu8%G&DsY>t(CE`H3I_(YMrn3k5tK(}`^ zra}Zg_eUWi58SGix~&$@)CXq$4z~DnQuBW*_+Q`g^QM1>AY}AhD^xjmxxnv~NLI94 zk=2AhmUdpSIEYW2hGV_ob7BTaetXAI0hOeHvhtMZTa-sEaHY%&1??T!j1Mep3m5qI zUoZXBasFol&V(yyL*;YDbla{dBw3#nabzx=6*whg=LbOIhSZ=7F7mXHG+m|th*kgh zON+SsJ%#Ta$8!Adzy9ymFA6-*0#On9t9SCR_r|>UG>#P5H-|U-x97dZDYOC|8yg49 zgYugd_a22Z!%@g`K!Uo43(%d5F}QS4et8G*92(JWrTOFg$yonjHQk1QPfzJ8?r#eB zZ(4Y^H_ZXxJ%_rzkDl^BYU)q*|Ec~zz5oB5_a`+{g*9DOwrMl}BLV{0+b2rAn9EG| zAELy6594svy(Mev4c`oH(gEYmL&|PjK*CztZjlHFT{uE)ro6eJbQy zo%gx!FVW3!kj4VIVsT{4hyHtn;h&RC{}@dEVa{t&h2~de>{3D z$>A6hvov2+go*8CdDGPbr>n3PhH5Hn&`-of&vc{Zr1*kVkms zBAQ2<C`%*pNbB6H8SS$Eo*q7q7|Uf`$!m?-mqh;l z$K7QL+IdboxZb>jz#%~9NuT#p@}`o7-+wg6f3F?9I*^igbBuz1*|h)ZS_-fBo)ESa z{{6^7AwePlsdm7q^ZWFLKW^9W_#Px0<#rBKPb2i5mZ~R@%KM1Admj zN^?+11_Ln7y48a60rkgRrLcM&{l%@SHfjN7*OLq`(oO-->oMMkhFl%YpHPYUqx5>03fk3mlAtIfIYQ^Yox+jV$ZOYHgzhjtpRaNIol zBb9gikW>5yX&$knf5fCKr}zwz<#ruam$F7R6?e#Y7X0d$>z=KU%5 zX`#tRU~HKksJocG1aww~8{sfrMHJ?m}gMy%oBc7>rS-Mf3IHJGmpJKGa}>bx+`wJ*(QDO zePsRO*MK@Sh4h&GqchuVcryr&H^!d+^#Izw2K3ZzyfMRUe?3X!B(U%3k`cDt#o@!X zNSWg>+f=)IEeZqw;H9)}bRKvJfRc<4ZecmTNIgW%UcYaJT5Uh^A_oRI$vWk9&fof} zNq#i+OiT?A8#oxkaWJbmrxw$W9J|}p%viQ%d{Q8t9LMr@>A6+*Fx|S4i8+%UEr(&# z6VP-&T;$|_0tI5PmpXF)@8@Fp#nrN-7Fg+qp|<4BmyY){+_P-Q=FT}1*o5%qftFpm z-29i=mKS}`5jYqNJs;V1mbj7eog8(tuu8eoOHv>9(-nR4>OA*glCHst5c|F?2v|&& zlvj;^QtBpNS21mLR+@Im3u~10rA4r2$;Z&Wv5vvp?q_}A_xgs$Epsym(?2@tO=z_1 zqGW-o+y})JxQc8tTrmz+{t&{^wftm8^>c z(Zf&^GP%jtyuJmTE!k)K|8Vw}VNtbF+pvWJiXtVgA}t`@pdwuo1Jcsnog*rOz<_i& z%)rnwG>p>S4Fl2*l0y#f#yh;fAJ6mX_h%pb$KJ=WueGmh<$134dj@{k?`y79x_z{j z`4%kiuEofc=WiSCnbzq&Em_GcuB#W1we-@l5cLQX17Hzd<&&yLW3a^IOn_OV80k&% zmlFH>iM1Chx5m5MLD#INAS|rGr7)AaK!c}T5Ex^thfUE{@a+yuNQ}J^HZ6*@Zz;Mj zw*znch+3HV#>RPD#px>9EV>*;(h-%(_D4`dp9@Rad!ytLYmQMz)OOxh0+pB;Q-FeH zHR_;p!VM_>%x;uV1p&ZKhYwY?!+Dx&>NZEUAik6jf0_Q#6fE4Mb=cf{2PCBs&t~X* z@m*kcD;e7{6P}EC!I2kpd}#NXQsX?+v0TXm zB!8gCecbPvs@@&3{jBj5hlSwHafS`ggdia~;O+3`u{^oP*`kXbyuAstAm)a<+TiFyTpeHp!pHWF z{boh#)0=i{`)bW{$jYb3XjJK}K#%PGuHYT6Df7&WLkyaZA zs*9t>6B~1p(YjhI4{rQpQuk?kGaX=un>_M?1|ht>aZUaHMh?`pS`XM3M$B$?tU8l$ zZ28CRhxkuThm0QP9_~$5H%(RF4I#5RayVVBnr=A-I?Nxq8~=&Q8B}`idjayzbN9Ib zZ{lXx_rb@1;8CkOjRH+Qety|keqz(98eVz6nHbmEX)t6iSnx?)WM*McC-PMd_cLEe zzT`;3T%qC-MI>|31MrK+HBGTjuV)%WtN{gy$4##57=c;;4|nOQ7I=PN^*(=F3$(s0 z)j3l0-gfAze&|eEw%dMVa3=HuV6zHO>knqI9E5{%K>5}HP)yuzo9kkPnR$y*Y9@0T zxt6UZzzp2(p0HUs9xvbe0)Ju^O~&ESy!U{^*s%sPo`W@)GqD125-+fH%K*~xf&fL& z!0`EQ3k0%FZH4l^nVy?)9uVg>_=gvUjl$Di{AA zW2Ovij$jB+ZxAOF116>71m{_s{Eaa(_cQtgs4p7#gH^&r0hiCdIK+)XD+6;wYC6Gf z;dFU>37|@s^-;F63B49m0Ik>Uaq2gRy=WE*^hK`A^OwR5ku?%|pzUcq%PZ(sS< zQeU4WAahxvRMXjM;N9MpXuRv~?pCvN9Iz$i;dnv zxHD~qz5)f7*1Tn1!O|_bmf#6KA&?#Wdw+MLL6ghl2u;s(Kau=VLVyiSmq>ZtqU7+}R=R&l07*1;h zdT1UkoIJ{NFmYajC0dfwm95L4`tYrC#IVP=yWT1^364#y-bpy*7o^6z{ls0IMRim+ z_1!ZbZ;y>3tcKz>a<@S?yRSaUIre!wKI*({@D6b36}8>=YI~&Gg7*R6bnpd?H!Uq~ zauj^NR(E(N$Fo>gVgisSlS4#t1=89b7?5Ar)k|j8)G+K*?z@m37Ua*M_IWMN-r9fw z!0{?EKzgC2U!<$_nXZ)j7wPIMj%7`$?e<|U2}Qvft?>HhO8w{$$+tWOUo+g1MdU}?c&P?BIRsIup*s2&1)9J*FoIVDei_^Gdl@5;8RSf}X zq2dLSQg!<{r=Ss_I_P&UD`K6gyJl5XRHWE|1k^zpCEZ7=h}7tv-A@}eG8b6d9n|F3 z#fb9ab|EgavGEXrnZ~%=T_J8u8|C`Lx$wvv05>^~D%{GFufkSj&0~Kk+Q1H*VyKLn zRgRTT&9ucEbEv{+UX3lp#4Qs|9Ngi4<2L!BVpAr_FL)gGx}QN;o{(6zzu0zwNE4TZ zx5}_B?7{xGR+SeFwVm3jTrxc;6>|#yxMWr;sUv@(N8XfQ@uR8%vs5@VM=JzHH3dFi z#L&&|=RIx)v!+?jRMj5Fb=P^SHpZ|@)I?tC-PQF!$ct{ln#Q;b?v+pIPuC6$=GH=^ z{|N5!n&o@43~RLMTO@1s{Ot9zv>{fLL+ffal06Mv z?z%PCA`#DRr9UR|2uk5cc+8?%_O$zKQJoK&w%3WvxAy~R;=no&>ssu9OP-;>-PrN^ zi>dy#>fWgJ+N13`oH{}Q>vAW!DJQGGBDP3~FrWUE!P>07lfY6vkJ7T~h<~@A#2%9S z`rZmDxMFk1b$%N*TQ8Fzq-fAQw6Wj$M@XqBKvLmWqxHr$0DVp(08G>&oG3L@1}5Qr zuFQXG>$p54p(;oYjOxp>`%W*g4IsG#FZet>E&m@r51&WI*Vk^EWsYWAr*l+MTZ`Ty z6dbgmDJfP8SX7=(yj5ACg6EEM<=M`;C4hqD!X-Ca5X5gM3K(T><)lb|so`Mh=f@Jw^1}5i9JV z9L&%HV$CyO-9@4kqxPy`mztZ8PPnM0yGR1=yjQJxeqT-dq?$fh$hU{CEfnb8ekYV!R= zewSc%4iloFoC*gZx&V=Jw>Mv)DMy{FH+CCJzK;QD+dO)$E^`~kG z9~JxqT1^SYisNAo4oBL`dd^wEUimq%l+Uq0;QAv>3fVJ$K5Oys>=pk#JKWdJp`skr;DR#oXTNV%njtLDnApo!6 zgD`(Y$BS>eTo6>-#yD^IEn{c+?KP#(BE+u_@||T zdQ{?sw~7m2tDBKdGh&4_i*0imOK=K8PEwSh9@QKDV0)E=^1` z-;6e#V=M>!q(ORH6%AF@qrt5Ff}NB^moYARfw{H5eC?BVzg5TcSXff-ectx>;tGNo zQ^RlR0n9kxYkr)T5LUx2sQ?^kQAd6Q&T+|){(^!U!FG6&=>!W%HOt5%9xjxZ8yOMN zSnr#y)F3@R7b1M0g5Q#WF2S{5T0FxgH=ZjnRnsc*galy8*{$@j1RU+EX`{?C!}2IwYw478g-Bn${Tg2-d zSX?FuT4R#CoR+q?U-=Xy(4HT?&m13qK%9Zu6N1rW1s2;X+AZyc*LfJ~rN2q?R^rX> ziemDv@)q8J_4cQ^P(x7>!|n;vFKIDy(rw#!X)R;twVd^10QOu8u)7#E5Ynt8ssnHw z5)e7J<&t)K#bMl=IzbPTa_foV2}`o+n-1kO#!R~Ioz%bPMuYJ{9H53ku8PVZt{mx`X6663s0!t#AMVmBQ_h6S1l+=Es zOKulb<2-!+156b}!hxMbXE*~i>%ndi4yTi2Oopl=&yPZoO@Tck#21WtL!Y!HA&)%A zBxYbP=p6DevjQ_do$DBM^``*dI$hZqFN2gQi11xR%cikj@m=pl!VCOk4oe7jq*7D3 z%*2=+?bfJ3Z3YN^QlF}nTB^p;VEINtd%AKN`)cUaK7K4t=?%L(Pz2XouJ3@p zR_d6-%e(%nbb>)YT>-ZGN&v<%uwVRDv6_Nf1NQwj_8qY{4zms7ysURBylv74N?**z zZK#c>k_3=hYs5h0ErNdnHs3lNvH?@^U}k!Xo_M+R{*!X}o&Sa)Y}M%-Bu)8h6s%GE1~a{tA`<|zg+La%^$MNespQ54RiTRh30C9%3!g9FaXE5tC zj!o{g>|-~@ryEF#s?NVj+U52H#KljI^`W_7ETT#KF}E<2et3y8h7Lq$9>qw)9G?h( zkomChl$aWNt|!)O+BV7+&m+R`n;jjbxy`XvMBrcL*%TVZ@NRIyUqx!AkwAPk`HCb% z%;2^%!@G!j$qwUJvWI$&K@x%~a+<2wXzyBYcAFrdbFWa-)yd2^>W-ps<_`ET2E z$-0E+Zu6gqWWPWAgLFuWJCGV))!rL^{V?ZkX@h(NoZ<{HlR0}fK=8rn1-NK$=zP-K zzeQbioSNGo*%`6vOB1sM(ql(w2$bt8Sb^wTa6mx7?5vEpqS5$L5a8|~fHUK0x#&;N$NX{OS(#>&0?VPQ zB~lJf9s}akh^R9O;^zb1a4)8Xfd!#iAZ(IEvc5F|hV}5W5_55NTN68MA|p_kF{<|Q z;qEqxQ#HcSu}c2f`^#DBG6@hw6L|7-XjA8`(s|SlW(s0>SOUyx9~cJ+s?@Y|8)PYoR|(hU-n7@H~`J0R1cKupd`r8Y5bARZFX7EaqlD>Ts2K!pGj zu+cV)-r#5UhMkf_{*2{MPxmfzw%S!t^E;6mJxR5XPdu_F7dvAqMs(wKq~)1&;`TDb zx}P`{z_OTn?73Tf>k0+9t{`zYh-Q8rz=8LPLN%slQ_BEkIRZG zWv*g`X?J@Rp4-hdxWS+yMY)PjSirw>Lh zlHU3{ZKnaG7j)`h#qs~cy=DSxml_OR$3m}l0m3`W$fAb&yDWPTfWoFmO6d+zV5xC3 zIW2~tf;IkDYBHc;op$t4lXzKhq6>-6v!U;gM5#~I)izdONkI+4lB~B2GKA2b%0rZ6 z=kKl>>@t^S9gG4DThN4v(`tk#ST%L|(^^3n7JMhsj2h=uh4{Fw`Ke|Vr?u2f%6Qp& zT!;w9bR8Xgbw}B-XTLFAq3dj3fXV7~&IYZrS|syxHE`@w(>_7@v)QG&^#S<+XDj7* z<($4o#;0tLambjHwf8@Q_De^f=$8mQ9^Z(u7iUPQewv8NE~oSd>LQjo@Oyih-W9_~v+1bO~%mlZQYW zaF1nyddS-BK{bX_eW=B0=m2H$iro7LhRyQCD%}G+kXgOziFnA_GfI!0v5I|GmzG8; zDlk}mh?L)Hl0I1Exc6|6?jXqL>_i;Mo9d63l5C%L6f_B;h3YTa2y$&Xst zWHy>LtwX4^?HAxI;R4*IZ_i!l>n0o~?h2o}CfF~!z=dE-v_i9o>9~+}(yPb&pNAP7 zMGO{mT~~&9W(&Y4YNzNvx*Q>e-=76MdJjuj-pkTIr+jgrvA5W$V^j~O2O9nXWO`Iq zn6>~apN?VVy9xP}94Nq5wMP8Y4MP@Q4R{>eFii0@a7LTnu<)dEGjq`;v5pic!TxsskP(eYJV3Nnd zO5AOppQCc)3ctb*#;7TePmRJ7Fie`Iv&UQL8{2(UkYrAJ3hcu zj9S#-WRE-)V4qF&8gRaPlZ;SsiQrn?QM5{C7PxU<<#V>B;;WJaJTGs`q9zgLo7o26 zmO-0_L*e%5O5MhKmo$r(MZ1-do)GYqo5Sr1y$Mi~M*N2}&;;ztG!p}+HPzH>~e_`n(VhLqqRM6a@H^PSM(S2P+I;mSort>-CyH!ZnSbSK@< zA}fD1zmpS?cp6K-{Q^6yCh>h+;FM0u$y0MYwjUvQSFL4J6IGb$bG~pcjI0E-^btf64>o`d-RD#WXf>ABnDBBI*4iT^p5C%HzXB-gmuvM}wtC8@9QU92{agJrwv3@nrI?!Wt0y zmRb(6L*)}mJD6%8YN+u<`a)SM*8>2?sZAsU*yYS=JNd@Bb|zTcsnlXx7-$+s0<=?t zVBrwW*UNK26?E02JGwMgR0vSjXn&nr9y!(-7RW`Z2dFpX4p_t`T=Id^0L5f6TL%Ew zEVn8kdxVY#P}kh;H>Og(st=n-_e&dgREe-dfj=b0u7%(-=EWPTXXn)nx`_r0xZGwZ{8g2TFlX3e=^k8=`y zTKQlASkRIL6z75dHX665JWEa^rg^s{>_(=ydbUi+k}-`*b^|v34(D05m|+3C1ukSD zU9#IFuW0oLXUBWN)VN2M3C{i7m2M?^Hb@?JT)|ZtMM~>&lOELU@U%{7{LDW(S)wHG zbR@;+Y%cV~y62ATkC~Ra2o7X8mFF>ouH>U^j@=Ulp%Z;ACzRawsZ7CQer%%0ter&j ztrqeqU~a;3^Mu{99Spkl()UsJ>65>boc{-Qj5OnCO?}NAsHtb;S5z#2<-IbBn2O15u zIP?hP+tgq*a@PPC$6*Y4aABJP!ZfkN2mv>IL}F7Ph<--DUn@>oEt2qLp+uf{AGSva z2NHD=iFaZo;4e9O^=B2#iMiVuFBwI?8_zHoFp^Q`O829l8g*{~l3NO#InJDmd;Wd8 za-cZr$8jz}qqBAX@;CC1c3I@~GVM$<+oc3DzxIdsl?@di%41&#7e3bgsG6De<(waWp6~Q~9!ZaO@d{|NU9Ar5>hz$h^GTHz$ zoLlbp$be#m&CzEksl11y%Jxgfdg-~4GuxM1-urj#4vFhX9hPVU2R~)3O6&3-7fw2B zpThvairs-3-4d*Jp~t0(jV=*SeK||;JE#3%%po$+8;{O&A;HtsqB_s7F_hs!=5N;n zeeS3O)j&~i_u;9B*SJ?Ir94lnrvvd7gt^Kly#35a90wpsh}eqm>BwIi-G}gsfE7}1 z(xs)#ZcKs2-#Sqv!?3*?Z_C?Qj3zCUiBUbT2($*2&6bt%nB6l{8R9R^3RMm?CuUOG^gJ1q8&$A#K*H&7o1lgMl&U1 zKEsj&16j^Mn8P*(|Nmd&`;K+tzDHx$)3hQ}uOr|5jX>Xj^33ta;?IOjnP#T6xKRhN z{bU~NDCnhz!7PyPxivEj`_7fHQdsahmNEmL!^CAP3J-R<8aZT=f?Pcc2>9dn?Uu6| z>JYjs31G3BxGUluO0Eo`590>qiE}>HHV}CV9(Z5E*~$LrsaozfNFu+L_~cm#xL~Iy zm$7&2+|k6lGik+r!D>tBQ?yMpbNMu3AQ5Z#mRh-8kJsJC`RoCEKkjME=a$8G=+#eo zAl;^Y)DORj^wLtt$X%54(sY_3=5#V9cSor_f5k@e_kjsySG?;^bY7&5Q0kmmwhPf$MIZHdBJ=aH^63h;Xg@Vo2TTczosVE(Oz=>%xBdj>Pf7O5*h9z{y;tj{82u z^Bm5tMv6xI0X9%~Iz^js}bK;^l^=$UOXzImD-8sIr3WLV)5=u?U1a)nUWL`gf z{l~xsM@L*FW6pm5EG@4bg`Z#r9T(grGWwQoyaKCIje9SVi9;RGueQ+-^h$DuKjEBH zz;mFIOII#5x6&lycXv5=oIaOA*D4;Ly@uaIIK{cU-!WkcSa#NbHLVNfD*J3CmS@nn zQ*5f4;B3Jw%AE_!A^cWk>0yRFF__V%Tli2USG&6GXk)QyWtIv7M7Ys5`8(*Eu&~o@ z+>MEaGGgZA3U;NOkoQ(cFPO%%T&W0qY_w-ipUSF)tFoWZomfm;H^rITC$arbChX@k zDXF(OElhEWDX);leFdt+v!Qcz>%ua@due zGzMp1QP>JpGD<6*LRjr4Ls}X6jC`Q8Dr0859s@yKhvw7P(f)bU{>$i`(qI<0f?Oj( zb}#Ssz1AB=8KssGRZvk{?{{Wy&2$H*yGfiz=5-dWQ6F|DEUMUy%-JzncgAzUM~jSL z8{r>wcFM4x){sOky?kaK-RhGL1@pfVV!siYTRyzP<;rAtwGzMMU$zZki^c1zIdR84 zJQI$Z7}$*Zi(`<5Ua$Owl;{^TReYA<5vePMJ07di!R07n-*-y;v1UBtvgc>*EyH_~ zyZH=34p!Kt5Cxy~E!aJk0z#9hOt_c>Rq%uJTEZb;oz?r>`Wh2V@zB+mq60l&{6~~t zFJ?MocC&Z-;u%Ic7CTF!6H3p_HUs#I&1HpLjn3 z$dGc~Q&$hG;fUnk-|yNu`VJ^0a;Nwi{nJg#r-l-NHES$2L95~6Z=u7ZU2d1W+kPh zGK-8ux%|kXbk*<;Jndl3CP6M<&PO0UjTlBE!ptuNw9}G$X%sjL?VIT)*iu#}I;4DL?g5}-Vp<~Rxk z*P?YpQ3k`fhl9d)jo)s}hx`G81fmV(1&c)V(EqR!MxS4cf<6{dJF`?>XLFPlJPbKf zEPm!|8V4(sS8X$m=b;|I12huvQpz&w-N0+guJ7Fm^ADAPVF+;HRu;7j0Y@I^53yX7 zdKqxAx@3pmO^vdEIHVt?$GSl4#1M%>iE5;5TYdg$rMCc+4D)cIHC%$ z)Q`gQF&kS32MLvxsIKdKfk3&Vc@*#tI_{1fq5(YN>`u;ka_z~xVEE`9FJ>Za>gKIl z9>QzaJh1Qx3iU3F73nqUB-i?AtK7pAd$C@t_LN?1h5ly0%)4Iveh+7K7b-?FOs@FW zttayy)3-dfCSxl(k|9g$0w&-iq|V^^@LIuOg^2_l6lg4Fg-HqmZ!l+OK;5dTJX93C zp1IYGms@FDy1ss!V$IQ0_)^KYW%O2fWaR$zNsZkuQSEMM_T&An?fUS$D@haiYOh@1 z=;0UKeE9CtmEXRQ7hW+suiU!o++lh9^0j-l^PTi%6DLo}smV^90@J_CCQ)S{Ef@^ zOZOhyI$o;zY9>sjo*AVThO$Li8GB%=T*VHBxHvYUyNqtEJcWiZYn7=6j_=u_IS zqSCIlK27d%Fn(4yxGc>u`=kUG*p>7?(kOt+XsOB(Ei$pcxfmhjp|*Bp!(p-pkKY;| zg;A=?iYg=8$h+b=4=^eRFUsS7^t0gWR~;9p7LQp@%~)w5zU!nX@QGu*SvwpY@ zfRl5W@{!7O$sV$bp?Fi3?#?1A!wPM4X9{(LS3@8yW9zlu-Q9gOBa^GZWE^uU0}EWH zH$&-~#9Mslf3%Aq+NNN~*l5`Q=cU&kSi*pm{k$G5ot1;$jR8SlGN-gP;ur8tS2sA*aUazqm+%uRZ-uKNH4@o zvGgQ2McCcCm%3i(;r;z`_d3Z{PbknL&>m#cDmp@SIcwzWBlnFiG{QjbWszNFrQ2~= zu3M|o$Xb#_lB##zWu`gFp4P!g9*n}slzZ|b%VCEhDv0gI?;r3Bk=&?w{w?{A$XA}q zrGt7>&K+;jXM)h9q^<<&zf{F@ihGg@ldIZB;yd~7`@l)xm2oUNaQdzdcl|6R8yRaO zoRE7c=f+94YYu3eThiuV=+{a1* z>&m@64Jw2hRxf2XIYpX>-$rNoC`l+6wc+V;o7A&)xW|kz6N)@L<;_MBC_A@!mT?&j z>}X-Tj7J*kXv%79ZyyS|KS{Lne^24OFSz1J^JH^sPJTflp35qCm^r?~nrBOqL_$@y zjEGfRry2F$*upbC<`XtH_8|1|{W%8bM$M0TQBwQhTZyrAJ9sY3YRYEWH4PdH>7x&f zVlMSTnKdJ0V?jD-_ATF!*K(9k%CK>8m`g&O4365lq@_?j030^|OZ@NZQ4j1VR+?M2 zxi-@Z69exY03G^P;qopWitlfYdZ7Zc&HzLrer|$gI0cVg37f+Duv57h6FZ}p-b{}YGan)A7r6WziMGt{%}h7(#|0xL!eIi{?t z`L^xa_m}XWnRDm_tS;RlHJY!EOiC%tv9x;UcuRx zj;b3s$zloJLgsBU4*j~~*yWniRB2yxmi_1k7nD8Bu3Q;FUDF{=$oABX>EG3Mx6^)) zi!p*E=_G!?L#9siHQ3_8&NOfLe}w&8>eom5=HVf&F^%{D;XhjU`6VB(C$^RaulW+W z^VDORLV(yenYC7sAD|%JhixGx)x?cc<}Dv0D7Ejk-V)hHM*32+AUr2kB-kG%Om;zw z`}h`di9FXS;bdd=c=P`U%yC!kD;dE;%3&>-s7>UNyz*GgPi*j za|iT~MlxliHSsRvQV`00UltMk)3v0qU%3{{m@cOKj}5=%b4F|1no9fHFj&l?Brxxh z9!!Qut5|di9XQf%#3$XuITZX}K z`HW%JF?($qx}zxj!r!DJQfVrx{t;q#DDrWWw#jh3Mxiy6C4qC0z2%H_m%~aZp}>&S zxJH+B=Uyd7tWACDpe*&W@YaC;A9zYXZHvkiz~O!TX!CEy3B11U;-hMHH6n3C(K=tk zZf&PsyT@cJb0zD5Z0{h4p}n=VV}UI)lpH!9(p5A3xxw?53wP-HBV*LePRxj7v_!JC z6lh6zcs25llzntb2-iwwd#4N2q*-)>s=S2tqd#%wEzy7$vt8RXZ7&e z1Go)35g@+oA3tKMMDtbf35to#UW#f`vW+nKx^#f=SkfS3ABr7tJBZT{7!6x^+Y3?h zS#jq{qeZ?(d|6{3dm56xZm2Aq^5LuE(az*AjrV)&qPpTtWySfQfB8D+TABel_HFhB zNaxIsh)o7^3=LRs8#mTQ~V+SL-G} zzHgR(VUZyq`107?m!U10*2bGz zm+i;uBdzNd3#>--92Tvj_&{Y0c7xodDdUPq;e?ZN-41QW7?a440k~OjbuqG%RR0S8 z*H8K1?y_92sPMvFZ1~8;|FH(ENzWy-*ks2B`M z(}{~YleTM>ql!zoKtL3~w>g|1WyDA+_jIbKDuD7S!fUM4qFy2RS!QfX?`g(u)FGPN zss1EBi8zgoHx0u)01kFB{ss~_Y^lar-?@+3pMTHXKNqF4xiNj z=lJ|ONdL>-5G|k-#_3~k{wtys=(U#(>&5W|ays4%S0vM&{|vj7}}> za@Tk$-6`?g@ucvAOBOxWA!!Mi8-B7cp4fO%uO&Zca&vq~sZjf)IF}0dPye|0<#S}^ zo3kEc@&CMedjCgEFT|;0_iR;Xu+3O_Lt_Y%+b~1#%6#fFHcOu9K5vZjI>WWO$-va2 zLK?76=cLJq@N8G1UuAG|g*~)11hH3{sT}F0*MH6%G0MqYqvC#)UiyAp)s$iMTF`iG ziemJb@g{YI0gf6x+nm$9N!}^8tnAHbYg|1xt~%9lqVZL|$eZNq6U@EEi}Zpe#`C{- zLjSu2{KC41*8gmQ=Xpe}UCeKis8j4aI!l^kJ0XPCw{HH>-dM^B8E{fLxf3TStWFZ^ zyx>uvNekugOT{_Qvy7ld9egZx(_Emeb12_Knq*jVOj$EhIBC*0X*~@Ql3k&d+uM#J zaKaenHQPw;ddLz<@39+Kn161my}XVaNt|_;?_H=9@iy_nhQPH~YBR zzh@DM=!b6_8dWW@KT5m=+vrr3%1WM?id|%xx7}cPd6I`1MIrf^>(AnVfi8zGe-mLrLyl_WK5n z@`+b|jQHf(95YX%Nep-lIJ7shlV0yn(2;v&Gz)PQ4_=FgRA`^)J|j#znA`5QFmQS^ z(%q!`qh->!3KM)I0AcqZq5m(Z?Uyj>04s6iochamOCh@Tgsw6&elD~mh*8Xlc?g@F zPgb(cit&uoT4P&c`VewN>fEflPw@b*Hf;lamLuQ$KGR5UOV>lIrj2ibp}}}0Po{kB z!yy5(S-p>Ojcz(4xEKYT7*Z_0TEgJm4A9Hqjsg=%w<=Wxnn!$7bewMCpH4D}I``!!V7=*jt2 z35eYHR=p&`x0EqoPFUj#occcfmUw>&`ewuWIKJ*Mf+m3npf|AQ@ z6KvZ${*9Z1`>TpL|7^uuBu_;A+O{fjG5lJ#RPOYgr?choEB2vxvY|9KuB|3iR1jv- zD-jmgE4%9EN_IT=exL@qIiIKER`WPUL@a?{x1lXdAOD&2^W2L7AoEa7I~@f5v%Enz zpF@b7eO&Js5KR^+UOIx8{Y0yXv!!}sQ|JRDV$DiZ)+yyRzS63SRetxf#g) z8^1J)H9b}IO$ra^JZCBl5{tPJT=nW2L+iER`}W#Kow6K%_;(+^u6w?K5%fHAup|E0 zMqKhC#cP%1iS(BBrsbT3;@-eA?e2VvOy-zdl1*fPC<}?>C8X3-bB_aqz>7WIO4Y%N z{huYI@kRDd+?x15`ARa!Gxlr@D+mk(qTtK3y{!*zGSkSF7qZxAQYjU&A`?_IK`h@@ z`rKFh&&)WCEjB(unxbm#_p9_rwEmMP`5hrY9|MAm_Ocn=f7kt-`Tl5yu$mtwQEs~Y z&A#ezr8AwebrSXVj@{O|(BL(~v}9z*4~um*s!WToV>1B(x5N2MqX3qTg;tR~EOEKE z^rh&QjXZ;MPFkQhq<(>uCXoncs5XdLu4A~ASq5bf>kzcr-0Vy{ICkEd&9NCQXD;~_ z+WeB?|8fThrA%E9?#C}zWqK0+%lR72{i?g`P~($MDRB+7`eJQl-Yth(jJt5HbGP9P zm%Qt=>6){wq|^(ae!?ZGyO6v=2f_yr?+9pOOa_w_w$ z=h1@=dX_^sc0_C)J!P}50GR|c?`stWYhY4`_qsRGrJDFfoi`?uX(GUwf{k z3RO#*B&JP%eGWurgX<`DZ;^pj*B613V!Z3v&yt5tXpX6P`D>*r9$zJw23W^@J#X!P zOPc>2{)>k}Kvq=+i}Ta37uP*}tTcBbV`o$iBebt}?}%_3<~hzJST4kTe{Fcx&$^Oz ze5+|`-qmp+b0RX-x?VsLkJiyqxyeAFER?cR9s3q{Dpm9+)^Vln7$NsJRK2X0cr<<} zsIHt7b#$A+kpr*nBPhPCFLilK`c@gSisOz6xz``3CBm+FV?G~*HLPNsTxEBwkhh%w zI;GEr@PRy?Mvrr+vkbQEIfJq&3uJI*No+Y*!a2G|dvm`d-DNFFv50@Z_o34&c@`Iw zeaD8btHW_mtUK5~fTfO6TF;N-G0G!xZ+%TQJF}kUyw;fqErELM>q|fM5z?JhBE@hd ze0;`}HaNB-M=fha9nX`?srTXBLoih@%U+hhZNqNO;)+D3mf4>=R_9o&R^MB}kKKQ% z^+6(^o@s@Fm8DNPQXGDy&HR9CynybX0#k#|Jvdb#rE&`$ssyo!n8Z&TP*pO$V1tma zf}Jbs<$1N-w_mIjZTEMBufCvtn1R#%g++KkbBw+VSVLU3l#EiznYXxJ%gNmUkjgtz z&Eg$S>PIDomGvWm8sgbLB+(lOrp7PDea|f5qDvnH+E#K8&y7zj4P)CZ&xo7Nhf9kz zxNTI;)p0OdO7OhGM~?+%nd7)X&er*}+}13Xs=zypg1N4QxeK-q?X3_>kaPggLV zaZUgBziRcrd-p%)_t*9Xe7gQ_i|_YrlvNBfguyPeN#(Um=`C`D6>6{u z^8#s6#}D+$J+22$YWw|-JUQ$%27h!MS3f`Bw)r{~E?4rOWJDFi+XZ>=Gd9u7KHS} z8Eh4AA2KH9Jhm?#bno%5>1@ z<+N`fI8R_bTt@W{q=L(PX@!cQXm00v!(>s`y6@y%0anYqNk~Y!4%jHWFqG?Hpr8(| z`fSIA^7xna`|nQrpEg?|^4d-E4OX|Lz<-~3P2(dq7Zw@1soLsV4-y(WSJ(`8#X-Q(8cV=rB z#Sb_h<6;-8h~BM(+uJ6m6)DrNAt$aW_EqwRVx z3j(-m=5y8calhVcCvzq2BNhEN5UENdJB>e(DHXnGo4S9$8)2 zK6$%zVy}rUkHEZ~so~?NPs~ATGy!BQ&dMnI(ast64?1ICRAMDYKG)&R=y8>GBhS^d z%{VahTwqDbLUAp=Ton(oJ64+IgM21Qs_^)Z1@Ve*6{&cgC zh1cMv%5!`gpB*qkpga6*{Ff8=>ks_TcUevs{|lvA|NhrAjQ3kRe=MU$lpPo3?l?C2 z)62QCNM$o@27Dr{K3|P7Ozfpop*y(MS4k{xy1%0(=iYX1D^=76cilFOZeE>!GO5{T zx_aOU(M47(aR~KQelD+4ESpFVrOj0#3pN`#@14!;u&`vv8L{piFrZytnl=V?aO5H| z+zw^Od;E2yo>-t@mcHQ`8W5t?q5lvweM5-!4%g}K%XWg!)=@y;8z4D^jq5Amku+;1}r2L;{n)OXD?EXKK2 z-l3pQPz_+6k5?)BMm7COcXg?C%eOY-fxaWMo1dO1`771 zh}LziOCx)AR0V=>EUta(Sb2JeCa*i*q-(O8)PjrL`5&z8znbrt!nn8_G`-AoTbhp5#9qHk`leXjx?GdBjz3dH;7=Fje6grA z3VpBtE~@6osI`$vB_XBRNQ@Mu0~k~c$=g2SFR-am3P(-#_ART$n;!0CKnMmK9bNR} z1ZO#+ItYs;360+^vb>&F<>cwPh^VcDq1w(ehj_6p50%0lK}xw`8C6f`eLvfF&qMDD zHk%oJq2s|AQm>tuXu6|>^PRx!IWJT)dOUm~JRueJE>7uN;Njy6IbW3PpXJz}ti_97^NvB(+sMJ-yT_Yu7PQum-0M{LzPQdaiB_G%uVi(mwTH zxX17K(<#;$%Ocyt&w2Gvn*AQV==Ztufl_z3{Cetj_iYFio6RQ`PCiV2H5iqVIH6^K zUE1XC=iZQA%^audS{VwgF)Q~p83QjDEeoz&&Ws}}H11ZSVb{A*8Be2O{W25-UF&^% zY8pv04d;_enS6|Ay=S~{o3|Vg`a|Ph#qZfz6%LLPm_9{nFDyeXSk#_BUzrZIfnw4S zYjd9664ZaF>a{PL+JgPwQ2qPfbKfg!x)pNjvDRWOqx++y;)DmRIijb{o{9Yq=|o*! z+=NaUAF8gIk0)C>?swg3CsndOdDlFn;bl&zJyMo>#gdz5adEBwXxsg**bw~wz6Akv zAYQyxj~yhkB|Bnsi)2Cg{CUMu*Pz*nB^l27u_m%d{q?HbjGkWA;!dD6g2!U~4RL}8 zpyonuMJl4Q2yp)FH~}8OS49f@^ldqNf3Rj_K-RaQ&BD|Bt=*j%za8*2l-LAmB(-s)|wt zRI0S72q;J=AT=t|n{+85G7O?1AR-_&^b$HD^biE;CG_5;_s~LskmUPv&l#P$zq#k? zxqtr7fBA^XyWhRnUh7%UdiGwW?p|o$S&&hZlQN3>OPBpG3!n^_$Hs#FfX2y4UmbH)G_Ho^Y~?aFtkI(X3KI=@_~YisMmP17WUm~x}Lr$IzelP z;j%Cx8A?v_axHy!MORRMmFCN4fo}`&KX~)M0!CLYVBzAuM;?oQ``(?0M@pMF&q_OI zcWaFW2D&Xwa~ghH65-B5GB<)$ocbz96w&LCleM&soTO}}Hp|Yb-u#?0BrwvngUeWy zzw%qLRn6U)!IbhdER4U0m6*>i?xc;Vf>T^$(9$--x|h+Nxmm-nPx3adc9prl1?PPz z)(hgjDJdaQdSB&pT2HzA-TV*Xb2Ga>YRx`<9noK6^(+HfLBd?**zwR|x6?XL6S%lLlNNpn$a&c_ zyv;UN{5)2QT&0Ms&v>j5va?iHp?b`?^NO;sTPzcg#d0C|jF%Y1l}1fPg>V}@t$0&z zWLax^)E{Qm@f%1*aEOZ4*mX!l%!(m9=p@{DsTw?H*>;?QU`?}l{*lE&?2GujogtHm z2F07M6m(`w^+mrQTIPS6Z~+0pT|49NFMfwz)?qcZw}(8xZj3q2s_@`x`jGjed69kk zcMrj)4z_<8KSMe*Tyjl)NdJUmvXQpOf+@Wa%MGuT3Q~m{+*WmLIWY{i;2fi{@K#8b z;cKw~A2yAe$u=(%tmfv$ZE2Kw^Bc8sIGJw zg{3=bIVBiEDQ~u_bw`fvI3>?~)Ug{ek-E`?aloPD%H7VwMJVd+hGk{F&yufjiO$4{ zD5DH%OnDvwYot5f0#2)YXk5vbW3HObbJg7%9^T?9y87Ll{K%(|0zeJIh{OI*{1MpK zFaX!d*@Jw<`=DZfj(4jkvBP$@>E!4AnFZbP0!;*`FO!xX$i8W9IJ#k_P4Gyud1Xc7qY|ISafO;9RDnz#^TI~tZ zBw+Maw6gP^v|NvR6Q)JsJ!9^TG*o9#uY2SRiIH!*CovtAf62e5S5grsw&)Hb^M~St z45rGS4L(8H4^`c_nHAzJTjmB5$QGJpiEm!)+c^G;W&i5^C{*Vpr}Vy~k;zw#P1qk2Qc9*7LP_1H=;Apb`+h~*&yP{G7|GiTcHt3&LOgJ%#TryYr$z^>R`P3rtNnQpti1qYvw76=#H`UXD_< z-ppvPninIlE6Yr_h|`E>SvV`iv?ykI2*pddBh%L&<$pN~#<8$J0n|5pgjz($*1_%o zRBpEld1`4<2^Z0$Uz)wr79#=y4uRpz8*3X7IuZy=TYwH+jDKs&ICcq9kPXS#gNW-8 z#(n%C(8b?>Xzu^8ejqCX$}As}*uV37ipMv%9t~Y~{@s5B^~6{@UiNC0VghnLb!do# z=C+s##v6WFK+k#8Drw*9u8o*g38n6a8ZzNbfLKqDaSU&pmEJS^>V49$858aU-ez0^ z&s^+AEOQqI9tzQO6dk=U6lJ4cL50N}>?pNEiU%z)PnqLV4%@T`xUQ~j`50TVZEdFB zirQa(2igW?f~{4ME*gQh?IAtT?uuJmnC$i#k9IG{K^RUT*aB@!vbbd^WgO)M@uAg& zi7Ht;Nu{5OKbcj(Ox(||y2$n2Bk$aMG871A@tjp1u5wKQ2;%M0Y}M`Q16`?9n@N*4 zgAEMl;C=YW$-rS*0$&*1L^PYq~<&V5#EU+XiGH@MH=Y2UN6;vFyP z>=&6n*V{=?iQUE)W&A|9cXSb|5~fJkVD(=&2l3GJ-eOsSS#%V zUAVjf$};bvuxvIC1l1mZxMo$j$vp;S&{Q-un%PY4F8wt=ER<2+_Fb|mt{nT&@;jve zpoj4Ia?dn@oA=t#)!(ca zUM}ny8IhKAbZoTOp*oJP)hntB%{cwFt$+09A{*#EQx_$9Raa}|Y8=aq)+L(O9Y z6`2L!=qdZOuZ|fgA}?h$xH%x?f@|B5?86c7Gc|>)5p*D8LnA-Qrl|JTz^GIHI24-m z+fkKMjkf7II{DL~8)Sx#mrY?Ayj;k+Y)M8r2L}k`#^+>r?hrolb_e8~8Q zEHWVpkc`X2(IT2%G|Ap-UAe87i+o(>gMV7BcgK}V<7=jrSTyyw?NsA%B#Q60=;A8f zA!7_Zs4oR*J*)MC)9r>mx=}{#eBqi|h0`ge-7XDhVo`!}>bi1sh*(z3hHmkt(Oj3u z=@rbst`#ifIok0XU4nf#I+NJw#XWsglhxqJEX6v-BMn;#YJ~>frG6*H&*&9A)MMPo zsSaj#TCDvBQnj2@Gcz}56ld4S?}7dv)KDdpHM~=1ZX736v1IP>OU^L2*_Cg6*S8`6 zs~v>k1tMbLi?j0I{!=E0@0YQM70aJ_T;@*H;jxI>K-lc!KcY3k2j(E zy29ALhsF|1rEn_5ii?b-2Bh6GEeu=F&zou9t(GB9+q3Dz?&=ft;6%**zO_;BcnJq& zf`0gWGU;HJNpCqt!M3JK!8sCu=JD&iUC-D6 zPD8m!#h2UCr5U9eV}rPk2MOd1Ckz2vX->{QEgXB7R`73eEfRhH)guY%c|HBsy3g<@ ze3XUC07Zb0TvG73T(W=6iBr6eL^osSEm;;fJb=FC@}3i{%S}q3rgT&<@CQfV*n5@j zw!PdoWKd-5KVXGj*F@Ejq?`Ngq+Q0Z4J>};Nr+-(L9Beei7}i|i%<8lfaGxc?By2K zEq()Re+|(8pK18VoW0U}Rr4$6^!LA_lqaW!tHHRQfCZGqgq}u$Aqh*{vl3zFN@Ay( zap`Z)S}2Y)|7lPOFCW%;w!D?~!d$^(w0x|kJ`MLW}Om147Kb(cpIcRkk& zyY_9GZ|UDn-V8B5^VW0OPu+DX@#!2U;#6^uk@F8t$9E$EA29@<>hE)WO2guT$ztZ{ zsminWb^V9MXgHhzbOD}(gs`e?6Xry}MO{(IN8Bt6j;7G^EKjxg$ThWQkK3IRybssEwarlZBHuk;to4Pep zA!6*E=Z=EiNHvlQ37&YLuF8_7G$3T%Q{fLFYO@pWPFtIS951>Zm9huUG%^4cF`2!C zU8*{9e<(F1fQ~hJu04jy#1k?Q+oHnhz2jO~f-otz8`A=0joDIF%F`_O6%a}Uc{7s4 zuVa_Aj&MVx62h_s4NI5d5!uk!6)g4Qy>JnXFuuwH;tdv7^+x_MPjCmy^kBGTyppuP zLn_`sNI<$DKgSD6G=b_5B=a8B3i+mN!fuxRqndQb?og#eIjZE32_O-7y5-#`5aPK8 zyt3`N{?0|)m}PhC)^y-Ief!oDu6MAUOi8EUf#3(3Xx^8_(p|Y5*tPz7TpFK1Ysv@T z6xyf06)C3ggn%0SvY*@gGpuIOiCv-6-7b{P_~DOuNKLu{vn{vu^;?hg35UgiBY~%1 zSk@!N4o`rIx_^cAk$C5_xd70$)WlkU>xYQ@MBPIQj?v**5O7k!;OdiV<>o)h)&RBj zuH*2dc&9myU=9gQT8lh2nQJ;2LHiUhMKPThFYp!%WA=;T?%gggV`*4i2}0MnXIkxR zz%vZ;_UVDeR%%-05@W!7*%2UwCWIdHW}nRR1ZAU2ZBmlKc8<16lDyFJiwQp zq^&k01bZts^JR(c7;*new)riv{|iXyyMK8yhjS#SveI@m^=$=bzx*C>BSF#IyYmV8 zZ<-$D8l#n+=iBnaEN<}q0Twmrk8Uvu^}pH@9x#)~_OMGB18OLRrGVSH_>GY)&!x}z z(=z%V`NKVsMPd&9Za}#W=H{|)ZwK}a@x%rSAYSUw6H#-vzpnI_t+fMEs?+qM!zHE} z952ac(2dnlG5mwM+`6OUL*9Ag(|kGYvs>c9-viW-e0oErgg=N%#PX3`=JfrllF~iZ zKJWZTmdk;`{Vl&-uSjIFJE6&&*#EvvMc~Gg_ z%tQlx6NjXvZjkz7Vh>9IU*~jpYd$7zJOgrPFjMgh-MfeK^77vHR|Nz{ETn&OpbS9T z%>QxnPZHD)s;e2POVwdm%gM=BJYf^lmzX54{?0BHLb1+W3pmv`1l6Yor93Rt#V@Ch zNPpoUUF_VBM)nbMg0{Cm>D_;ks)j*{RqvMA8SHsCtffAOuZn)BJbokyY8=8sjo#m|SCPAY_&T68fEFI{c5Fk5VHN=0a^B-mr^qQd?AhzTo_tL4C&bsr*PJnq&*%)xdF!3RvxUh$oq zdf#E(OPtZ}MY!5b_b5NCbQiF%^UO7_Gysv;(MCdg&6kb-2|R0#aIe>wf~=Q{FIKpI zd0`CQQ;_m{@%uiUG2Mbgtv5D5wP`gE%}VP&C|2amW!x`ikVG4MOGE@eQ^w~>%B5?w zkdkZc9e2-j%WbnlJf)FAsb?twNrKfLLM(0gCnZ+Efy1LpUe>*ZTeR%b2-6I|V(5r2 zyVvMO1wMq*Y>s4Hol5kh3&T5)p5a+cI<=-5xmSd6Jsxm8+op6)fs{ip@KWc3T;N1i z`Jn9b)E5)9YmZ0sC8OR?ML&x1K_jly(66Bb&Z5)F8bM@>7s`Q6Y_VaZHidHTI=~Uu(Q=U|+ z!eO#tbvclUH2ry-F#~;#Ri?6+>$k1Pa~@_Xbi^QEO&ahq{+w(=`EVQaX`RZalS@T< z5*D*>!w&LJY|UGlj-IR+w@y8h0ne%nmDCbcy_WP@{`FFP>G=AZJ+Z{jbJy1kJzqNR z81?MgGu4RHz5S&iEZVNT{B}Jh^CS;tPz7uR{u2NLCw@oMUm81-;-&Udr$xH~ ze!kQu*S*?036yTJR2}PPP3$K@#1_^wpP2mLi;E4{vHTvO!ZUwH(OeFO4LJsfeA4_XH zvq+~F#!54qrZ;#cB=oZNa<_NdTids))35R{qZn16spZ`0j(49Bu( z@Jq+{!xD>-Nc?>52^NW+y=Nl%#z@7*#l;HmUGS1QLV9R*CmG7H-1LWjAGjW&$D&;m zQ%>!IH)CGx|FzDw<&{ReQNM1!3_KM;qq-)a8#-fJaT^UaipW zcs1?2nO@P_KBPWo#@E3)pTR?+jHwmGjuDsoYw{}o!Bot}O*%3~A(QXVp=>6S3Znmr zAel->Jv{b2%{HYEBX0HHS0zB_=2B;Ti2CC9Y0r*XoTrU-aVEYt7%xrfuwzPkQjTws z=JXiAf3|?oiw|4i?yvfED$K)kmtR9x2v_KCXQou|Ezr1%=U0dDKt9#rB84vu{|H3= z27{E(02@|8i@+kD1L479zyZp6KExe61=Ye}7RGp@m(v$bC9g{R!2%Qg=xDisa-+QD zOPa);YRsr5jZulqTkOU)RvT*&z*^U)Jgs}}pYexFx+BXl82vue5XYY79AKP{kJSaV zsTn37`O$K*{rBvokN0Lizzu3RbS`|AXW_e2lXPN>Ig8>EwG@`oz$>~RIu+V)al4LCWki*y>dLwUtjDRxd*t}ZTE5!ESD@C4r>u|#Dn!#7gaG3+mGO) z@8N%!YjQh-9%@}$(=TY)V)W#7)+3#lAMq#ZYl+n+tYY>nc5=lw62>0wuGJMUM?$3b zALDE)Y0dO#m6etGoevTucHBTmjvN`MQe>BM({gbszE@Yvz`}x1431gZyU_717Xqjn z9gDLU^MX#&b<36pcXsjIU!3>P#jh>%dG2)Gr!U*liPc(u{|mYo9UT&MM)UWcq+P)g zmqz6Db{()TBO;#`YR;8Sj*8${GKpr$XsyR{3thQE<1ammCEk}zVy_LCKr?P3ix^Dh zmO1)!ky0fN%d2|*Al51I#k^A-!pq`6TPFH1aeC^S*h`r;7DJc&_n&u-X5cv=yO{Jp zM4GpoAxBzs%5?h6WJj_qI5T>(1oEqO(Q0xE{kOlJzL^Yt)i~WngnMT>WRR1k9jbK? zRYXFSLdx<&LA}RHS9k$ z?D-2a3ogMvE0}_=1jEpGr}ZYrc~*vWzU~1ukmyQ`VO9b-iGls641b5=Qbb|K$@#S7 zPHj<772pIrqH0|Fi>Mb~~L(fn5y3j_-wSE6zr#*c+!mI{Fz$<3B`oEjaGWGc4NEWZ`* z8VGyiW`vDPJ&n7kz!h+#ciW#*?E zb~hXGnZ~@3G5RUjvOYb;LtiAFVz5+5!*V~$I^|mpigpX>c1|@*B%oqRC0C=Ijwd7mAt?}&erQ_bF87xrlS#;#-qu% z^CsQN7;?XM=y=NDr`PpsdtP6~VZTha6F`08*kC<1`&mCHvRr`APwn4Rd3W#!iz~+l zGR9Zh7SFDi4=_>=rtNT@z=e)PRN6)Xhb&sq)a;WWVCBo6aE)4nG;^ z9(|g1Pdo)xT+?eM;?n)Zw>%NoKEsWOS7E1(&VPNrv{HdL>2x zLm}QT)T{xJZg%WRqaW>Nc^AkBzGxR}*ZY8(rn1+9Gj^|GRj_m{%OZg_MMbEx)&d@5 z-`4biAXjT&+Pa@?*35P3h6YJ(6;c#!^GEuUXym&R#|F@g%S+A;8YF8uW(DyV3tugs zi8<@DvOC(o=z1&wb5Y1XY0#G+E@U@$C&?{V?qFNM!4kMzld~1j+~8-AAAue37P*D5 z-5qf4ZMIm9FW_&9$*I*e)Q~()#=tsZ@eQeIhF(=l;NLkdcO>&wtd5zucRQGq5 zg&8p($edraVoO#<4-huJ6|S+QB5{sC(4Q;hlFzcZvCTbB9uD`9ies<>r>$gS;wsbsxLg0`4{Wah(uKB00(Hx9A0GvGS#fOi3NVs8;MWJ~YRu=2I0(fw zP_fm2`GNpyj#9+9ttybNLeei5ua5ftRz=Dw=t>1$zZ4Qg0z4F^!~B0*ooW$Gc? z)d^lb4hNhV6%Doaix&llfNn)QbopyoD6Z9P;}5P%vgWuC9C;@r!TIfLfF2!js4}2c zDsvCeJ$+T=_Cq=u2@{C72>zE5v5_p*qy6*t+55kK3ju%gHs53Kw@+exPx70aqbql) z4*)Q0!b1E_;yG~8;lR~pS>@fePyl&#Dsfiv2z)VRfBN+6ctP06yS-(sg69IcQfzge zQ-yZKVxT{!5hJO{3EQncf8NalK5~P*fmOT+Au7AyNeUb(cnZ%AIQ7r+c8#yV6R3I2 z_D;Yd4wD1Ku4eNymbIzwRRg~V(~c72|qV~aa+6HYzvkDTK&S@^_+uU%KZnx)`;7OR0Esz@fPQNB z-~aL>i}cMBSDb;LA;!g>`Z+e}+xP$RFyLA&AgGQLUPt_#t^Bv2DLB*@tvWk#{PYbf ze}3mXtBgP~z-xk4_fOjJ{~Z|ox3Rpckz)p0j$xZUF8!Yt3I&wXG*_Vxk1zh8euiiS z+{`b>Gw=I&?ZJ+Lg!9^M;>xD9 z#kqkNc<5j5FJCeOc*c(ApXu`V=ev3n$v_|Oz6lFcvmd^C_SJu$|EG>`|C#^)*x!Hl z-~XTe&yx%(cwxe$GRvJ_&!Y3Ke_T6VC3{>q-(X{B@Qv}G9qwPf=jn6z{ht^9aTmZJ zUp;q8!^u}sT8wY+)5*hoseSEu5^K9kkYcxfqF39W9^}iemiSp$aySiI%D(ng{~sOS zEEkUQGxXymYGA&pJ|NEQAHNp=_~~BVJN_xd%8P$oIQ)I!z-a&XF(w{44Ya|06<{0m zZw4J}0RXWW@{xX|N6+8C%hdUpR^c&;R7a{qxr{a}N*fq;3DqlKsgBJAXNB^IIcdqVT6U_BYe?r?32VSy4bI zGequ3pMP`pSY83cKlZYz~4|9LElB}V}$AJP3+AoRm8aOc>$bCTA-&GDgPyU^s`&;w=&*uNn=KnuM{sL_~=_NhPaf4EOc1>NT zt@-wB2sJWBirI23UA5S9{E9g?n!PnjaAavuWy4;~x|dhVW#t0WyyIP8ww?n%riAdz z?Ck8uA~qphcseYA^Npivqdo3gH2mkWfUOAN3GEaOhkaX%YU-LZ;#jq$nuTVP$N4F5Q^_F-3s1IBW+%+WDEh)L+( zyyDqVBAJ9W2zaK9x5uybNQ8jCepwhPg>5g5Nkax&A_S(}-_mcQMu}M17efbC!8})I z+UlL)>?{6093H!$UpftTwwI%>LbYGM+;Lr8LZp4hu5#xn{>Gs+v(^jVZH0UDT}m8*5b{Arp=Te0pO_w= z=2;pdWBmf?Zp)nfuqU0hEuvO~bZR9A7UJDFS%#0~tY5c)k0+|zRj-7jiL?3(^AS-H zgsMCAha>;@752>qFu*WXRYe&JoZY_>Z<8OY7B4m5L*ud1^>QaV3Il4kq0&l*FL{LAnPtMSkq-+iTf2&dC+1x zo~&RWRx3d_3WGd~zQxBRY{0fE?efOgi#8BwO$O9k?U)-nfy8cVO`EA;5~q zdkzz)rY#a8@~t}JZaWet*519<2d6}fSj>FR^dX)4LR15BX=v7W!a94gKYJ%v-VIwq2D3V^X9`;ijo755?3lAWY?u$ zK34x={v9F#O?lTG&NG{Fl5?vgFp3RBb6hJkLwnv8oacjYh1&r=`O4}e1a!a9^T?25t0*!-8J*w53YgwD%If&V;K(hts(yg zs`T}|npmqT>v;hz2y74Cy~Q)rjbK*~KW9+Y8nLTdKHzb=)9lH40iTNn%k~><^lE`e zDp#3SN8H~4y`~!4E{YWKKdhVT3gCQKAH=M;lE6t=23?Zdc`LFt9cy1E1YBG(ZH$w< zd2;PG@5!@+VspZuIKz3+7u`wtkP8xSD~beWHBqbXt7^CL=&=6IY8Rr`Ge$KJTA~Q1Zv@e8|UiJ(WmEI z$4?$3G}6ll%uEDPBc?6|yKj1_wcEP2&Ktbnd*r#*{&JE`oGSkntLv!Lp3!m(XBr|a zg!{;ULH1zsnApU7V^tfq-B7uuqL&kyOiXIVotDU1DJgUnO!)MIw}y< zv&-zg*xHq5GcZ-|QZS#0-o$S3#9aXGbp>y<^{6xEXIxTzI$qm6M!4`;vTaVE`S?W% zd)u?aHn;~#VGMGf+g}3$q5K>!Yu(pQayr}kERkW9?3Y?cN%D;k;3PW98{|m;B6|u31g@%To|Z*E(K9f$ zR+qhP8&0BTACHr~NvDi&Iw~5#=C-Q{%u$u0Y2!P-N6f^PQivR6<9?bS!*8Bey-ms% zrE50z7Nu!8bA!)39S1HQmhXp<08>l@k@7el}p}&<6|30vBB)A&+!-H$h&CVm%vQYd)Vq@Lw3ohnW;w_ck$$m#tC%yi*-yIvQM3pNRKp<8C+b7Rk+j zxJA)5&%!R-jilSHlv0iqZgoh{C#8f5%RtN+KdP=iognRmQX`k{WF2i|O;KvZ0G^ZM zjt9B?YoX=W6wr5>5Xn{uQIGc$`v3N4)9yX!*u~v_mMy3=VtF_*yZT zEgFs+%+fY_YW`*2!gRc#1BnnVA@}||_0LVasNyz9N=Aa(?%#P{R!`vxyg)1&0Anr8{ zR3`t`_JB0`ymrQ;j-7r{DYuo6r$Ab+34wQGYh|)ndg>wQ>n%u9_2#C^9+~{XKS&X? zV_*X1I|1vKvS|C1py$RvTABq{vha;!a8X`et0XgtSab~b3f3=IT3`jh;lltx+3576 zyfssaV#<%08dGNCNpMjXZT8+7wt;_=^>VAa?Rd{IM2kIc<1?KS)kJEI7Qz~A$p{~d ztctaYWB5Yc&}J-X@?s3+bm6 zreS@^2Ofp|L}L}486rgVR(6#bkI406ZMEBC-CODrq1BXCn`d3g3jQiS=Pe743PcLE z5vrYrKG?9FzxQ(RZ=nEzmIb>tXobc)6dDaYaLf9!wxc)at_tv+*|$CLSIf z!w)_ul%}f%GbeEVN{@Ws^s5q@3!b7au3oP!&nV9>y;`j8Oa_3-P+^_Yg-m<<9T=efaBR#dw71B~CG~k09+1L(O|B|CGvgM8^YFPvxRAM(W$M`;hb;EX}Kai*r5u8Je)NwAcM-U*kR&wUd7yq{*4?Drex2X)r3`txqcv9XgwyWE_?Gj z#1LLhDpFQDRgc8Vuv5=rg-1=MvD-#k7p|dzN9c*^mLp^|5KG0_YT|500F8&YpI8)N zTF2Bs-MCB_B-SyWuk&=NYUSHB6m@8Vm z_M?M09r2712&M9-Ft>UPLmeC{MZI^uO&;u@rc29aw~AE9NN0V}qZ(VSSYF#$m#3R~ zTBgIe+^YXdaCKQie>P>?#OnCz`={B?us%`6fwEs;n08akziA(&Az^txbU-#yxINc{A;Gl!1l;nD$O50wZ_}u{znS<}DPI($a#J@${7-{{G z(GbDp($6Dz-U7BC?va@?g>tEq$sXTy(pBX~=^U|CF`)8I<-gH<$=`&(R3|>&0pqi` z*vRRXx;Z;VU`A4Dxsz5qrUgVM!}<^PLDLPa zc|l^!**xHt?N<0i%&FXN7Q(m%JTS^y#y%Weu58!e7F{UG3UeO*a{a81rQL8bAKM%V z$PCkb6{~l>cS3wH7ZML!Idi;8{ay~Bh1a<7}*OCB^GEBu{JkQ_3 z)9-o6-vya#%z&!)w$_mnj64nC41>o=nJJriWNzYX319VRla_`La;|71 z+&&s0baV>YU#?%?8`#iSK%}We>Qw2-n4mpf-*HNaQ^xZrDgqVigT&YvetXWRfhxD# z+oX(ZU&xrcU`VuQY*0>0+3MJP#1W#>SE!q7q+iB>CT_p&8TaxWeX%9zxKlo_ps%kR zV$E7C=pjMe)+exOKNbRyA@XFm+O+$O1GQv`7e&$=aYYD&EHv&NT|6UUnO^BgkBE>AV|oA3!o( z;K=f+B?lm5A?d#JA)%(cfqmZ=%7flB-!KB73g;#fJOl6qoiz#9mYJ4}zzJRSl*OT_6=x$}OZa^fdfQSK&5RvY{0v@380 zTp?`^`B@d3OY3v7^jkiCq_8|303Y-xGjS)4rQ8gdiC?9;Eo z?$|01=Pi{iCmkx9wD%fzhQRUvK;!xLSUs6M?}9X(ZoQ*cqV+BkI|FYBX0>2U+izU+ zI{VJA=!UMRUXRy*#qqhJEpl_HJ)($8r+!16@DecnT4!(PDeeR>ngJF33a7_{Z`;zO zH z8rf-TNCj_6>V8*xgOCwyFHO@UB8DMSYWKbTG>{^-2m{&RZ8}U&d%xUFp%V32_Q7qS zB|ATsS*=>kHU23J@?ki4;j{X{1FhCb3f_}&hKI32kBGDxu-A+{@uELZU)v5|>%X_` zcQ0#Ghss*D3BlV}f?wR4c%t((PIavEHcr>oG`EePEv?gVf7F>^Tn0C8wI) zzZ6^!ZG3}gL?KvBov{whl|yJHtapqm$-dVG{Siyn!|ZyP4DtFS8-m%xDLxK)eq3rFXr>TesLCnH|blwXo9Do131lijjOb+83=wRF7RmweU`oHA%0(FbLv}c%YIhVz5G2&R(o_mTh4MsZ6 zd#90|vi8is;E-ggCa!V{SFd~5Uz6s(^QwmSa)G$NHJyxj|5^#`zWxwx;T-$3FusDm zbom@rxGe3vqAsk`&>N-X9Ht|{UtmlRf0zqD-OCE(ex6&r;wBG*jNRTI!X0J+AQU?W zC|hW~;yMx1f>f47dlH(nTT_L$<~rJsDWQulX{ic=y&e+MBiH!A(tENQbC<)d9MFu+ zkX`@lFOZI4xZs&O9aMEAC-f>E+bW767j^*fPapk5Lz*h($b($qv7*oA&qW<;VaMcH zjoPZWS5O@VPVjQ)`RBeVYaW>vyGV7tYP;-e5M^}z0iz#~jk0;+&<-*?O?4=ie1I^k z$J26>+fJ?llwF0}GE>&37L`>y9E53bRfWq5rawwxKqC<b=+rdkb{p8U%7F$n40V>oRgo>Uvh0BPa+&QoizT22E2a1zl9v4WY2mGrLV_kEz}4nKjeYD4{1@5XcEcPO_Lmf~awMJW z*x#gMt#LAIyMqptV~CZV4H0b1u}6zjtofLdyYQ#-0~g&F1`8L;?gp%==$BB0jkhBX z!QmAB(Bs%1@-}foq3F>eW;P4sr|#=jgW?t)+X@?JjT4}Aix>8$s99Zv`zrAZb#!yn z>GMTd8b*j})FBB#f_UL0X!?=p>USm-Hba2FflJR<@kfQ#DrUs(j~@;^?d8s*d%huI z&7)}{WQ4*dpqujsLfW+0i&LVJlcK%7U0^-$?t8dE4=;g7^eYXSK6LQ2imi2lT4M8v z^FC06=@B!*X7P(W%g+;5#D0R9x|0P21m$bx!3{u3filCDL3L+fVmD=w^6HrB{9Jnw zGVPbfBd0jn1}N)u&n)Njq;YRhHvJ65)EA8qGERMuz;JJGCPR)My1&zkk#HElLM_6^ z0YPtXT6R5)dJqw&D5E>O?L1!_Y@-L z^Dg)(lfo7BJv_)+qY_Zqv%&X|QBGzYZ2O1#x;x+R?-5IojZuJvo%)ShIK*_^!w3Mm z;+S3lZS8g{$uaT3ovg{wCeu(wstq06tSi0o`WjbJgajW&?-hCrMMO-v0o57&N}n`P zpOBb(lQRA*x=2|YNYA)2x+5U-woe?Tq_6HC1X^~fhEj}|aTNiI!zSnl(Y$`p7gv4I z*P2{_+uNG2&mTCYC%*6r%2!{Bw=D_v*qWP_hpn>eDI#9>-p+pZaVO4Te<)35KvJ5z z0y?(>9L8Pr;I7;6>~^lijl5vg1+2?rK3nI^TOP}PVXNJyx0JsZXRO=X! zYmCo_tNEzQktyUUi^5yftZ6$_)Yy5Pla!n^wR{@h^3Y-8j@q1B2`7K$oXs6M!`k<` z4nW+`8>}ab!^~ocu zEti$Stg`Y5{iZo)5E0H_$95Q?EeGDA1b&3a*iSl$tiD>p!msLVF zBS6~lhUf?SVa$$X8oQ6lYB5F!3GW$joQ#onuypT!QE3+m|qLB)mwSOKkT@SdU@8vEBxs(4v&y^=Aab}{a% zrs*2ZkvhBOlxiE%YZ!1o!r(DG zoJewj#hNjt^o+k52?0WWn z@y+^qiBHq+m_6`HDc}nk!%#ylvq*1J^&Xo*>qGfPRpS`mYqr zkPFbG^)K{wp(z#fYh`l?hc9J?rkn3IV*m)_R$tQ*m~*A&ke!jpuc~S((0m$=A@>PS zQOLW*Ph!sIKKuYpHE5}-OS8B)|GLo~;|hLs0aV?Ieh!+rK=L$-_Se!Hym~^@&3aT4 zLi}(|WeQtLy6NM&EEpTNJjV(<7b?5?;<|nuDQyBT=eUr#T_ zmZ~g1QMU4-s^}35=A5|l*Ste4ionUmHn?+)jrP|>gKc;nzP~{>hQ6hM$k-#_Nz6Zma4ZlB@J){OHp@% zTrZCmDJOl}M>VPDbNdJDs$FEYVGWX9uvd#GD70Lwh$nA2H47$C9p1EcT?=Z_cukPfS#4 zi@~l=>x^aCRl4m-^_b{cB&BGTMC$XVD`8E#l1v+Ow7@~1!u`|C&7T&%rRRB$YnZEy z1c*AKP5g;OPr@2&e5K1B=I&&o74TSDg+O}9UVY21_STL98LDl^ z!>F3Sl!dfRyu z8yQlVMo8;y@7L8dsBl^2&H$0#(ak|kyua?T)G3P5d_>%|%W}S@*7u>?!Vu+8%{&KA zQ5N$7ikiid41+AUaeHr=RZvA0tQKavg0_GIHWYhmEJMsSNQ^yn4Nt<4+C=7LXFlev zRkSMP0}O7nUP)2msa@>o@3cQ2Tz>gygqKc@$8SbY;844@Rpzwx+(GqR^L8_DX2> zbqHpC2yo$(&%YgP4vX1jFVD&R#PGkFNaEc?t?Zk|gPn;PfO?;Ye0Br=kDX=-?m8RAvS+yZG(TkNfASAHl`#wj7+k zsSxhOQ+eZy@)Zzj`Xg?JOh(Z%9!_?Z4n01HB}z7*FJT+qnVN=dlKk}-Vk?{Jd=~1u zN@0|Cv>=WG0Odx2j09(Ug#yBt!vMcoy%;^_Oqj57g{#F17s!sMv_sOQe@qcD7zRjK z+-5Q?R=-Wnakm@3Xk=%{-0_f@(m}IRBTq?&_PA;&SGmJOuiMmmeI=?1qFIBk%CcwP zGBVG6TZRAagSg6_NlRpz3qTnBk!>b29L-Yhw8^h7YECk5k1KDMlj^;G1E`u!2M<6d zGPU!^(bMnc2f$YW?Fi)!K(5&L&f^ClBMU~ZJP8-XMbp*cOaLMdd`r)*GtlnwqYi!W z$RV5aD&YCs?=L-We>A^p(+S|BCMN7h5K%;rrDh(4(ExDQmi}3`F#-PCU$d+72A{{vnGU0kqVXBl|4z-?k0y@sPFdE3~*#8GERi+x5rg z>9ppe^*iS*hl;>wS&H@KT!WYdrw*vAFC06$Vqm1abzQO-P%;1lrDKQi*frv^Kf|s4 zgFWW^Q9{Ongfu^2ueE4ch}XbI*iiu>wKMlyj=-e8|1uzqxkC5<*n8`MDzohkc*I~p z1q&ES6%lDcI#p1l^Uxukhwc;+Q4o-B4oDwTQV!kS%>fR5Xrvpy%{V&Fy)$!}d%wTF z@8@4g?DM{Rul=lg)>>URGEcZcUFeQ#9KVIEL$#8FE)frr{3H7sf5BRN_0KQdk4|Vd z8-upxhm$9%XWLQp{R{nto1rd;d+71>Ia4ujTbP-q)0&JPUb0G#w$SQld+(WAba$Rm z_rxwh=~@uq3RsCts_0}?l%(K6ebTC%(uik%G(OrET|A|cJP{j=16UNIE-R6y;^|C1 z(y5NC3n68=iFO1;IvP=aPK%S~RqrT4ZbZ>sjBBOD(rT%X4g_7_4lrE&X~e192N+yk z6Pxom_q1;p-zX8*O8n9ZlA=mF{cVcu%OviY=zc&xJko?M^Eljqsjq6YV2aRiZ$AmW z!HQU$H~I+dI}e%N_Lx$Kr+b%p_rgB!HPL{y?;w#%mi}Opb>vPHMd*x1;*(^MH6Xw_ zJRNB~7UzULcm*l@9TyS_W(Pl-A1pSQbQ&kGg=L#PJ+L1>=#tQ^aiBD-45fd6Lwsi) z>gv_6=FB3Op@vtyRN#1$19*x}?hFDwZ_znk-0L%~beTNoxy$UvpW1)XQIk7^E^|D_ z)5`G@xQI{t)0rCPRLV&owr6Na7!LPr zEIUXcta}M}Cy9B3h!m>FjH0}3zk(-co~6DnjBWHSftnp}8aB&qLYAS8<3!@Mok{;H z0jjB9K&UE-ke#kg%x>b{Uk-(lGEIG&n64@%;k0UiiD8pNOips{#AX$4yK`}aD*4bv z2eN`GRZ%0+;E&Q2X+2%Jq>N5>3DnB1wk9!{KH@Izsf_wrrIYLEXfig`PIZa8m}^T6 z50{$#^fWhf&=b?%^S&nmBBwA9#q+5IF~_F0>5j`sjv#6|Q&&p6?$c zQXBF_TzzLEbPaI%$a&Tpsu>NZ8WcWh+Ly&>`Eh~Klsof@p|yo&_7Ga-g7k@{+DYv} zrZi#@3dYr08Ju0TwH((y#KFU~IGx6*kh^HSXX**vym8^13b=ABd+A)6r6ii$I8VDb z;uj|9YC&W}0|lNw*yxQWcuY@Eh;H2L@Q1pxgNa(6zN<^7&JRZ;IP>kC0cJCrPt>G0 zHL;!KDeUn=9goayR~@jG^7KE6sIj0ycGz!qvJNjR(Oiv?g*vl*yiPy#yw}#KBh2uu zVCtSIwy28pG~0=tRLiIaVshMXS6fY8DQyOILO;*asQWZC6erk~Cb`=z^T03MN3|ohpg|rc9-QS?l30%u7rp;w7dBy6o7bKKH?MS zcfCUhO8Lv-o{^%yb{%3~V({Vf{nX(tzOk43T?szH;UxNd*7m918U!G~In>~L>k)mV;k5uUy$1-Am7659v$ z%RSmMa$V`2R=7}JfUig(zI(dNM}^HbKui$-lJwok7;tdg-ZHuAUYyr}iO}dt56jW+ z?ZY*E&3V-hWZ$0c_4G)8nL(_$7B-N5*e&d53E&WKRE7EkP@(sOeF}^sO59Xw) zkRV|Va?aEC9%1pLjO<�D_r)J0E<3u>5c{i}hzBJWla&CXS;o#i*HJFJLCzB*}Tv z1F}XJL(>lJd&Vj|L5fi!0OAQa&1`Zv>37BOHwKMXO4qQ(9Cd9wP=%L}1H>0b| z5=~U_yz@YSEh7XAabOgRUm!W%j%M<{!7e;r#Ou6Y2O=nGi}I^eCwvsx-iF?qBfy+7 zA2{(zzH)D4E)pe;q*kONwmv$q{@#~_t2RZ7e6o$pB#T{#*<_d}YZDlc^k5I$|qp(N=sQg_8vRgQ4~N4gA;3+mrFgenec4^>-bfcvXKS zfje^`ONMt~JvX$@RIr_{wc^>}?Q?ZLH)WPMlOLMDjR;YI_oGCRQ+MhY3ETfaxUS);jpsmJsKNhcDw)%2_R1mVrGYUE_|K4RnwC$GJu?oZ zBeyk_%e@UQLXmREymG^u*sYh_;aG__vl^cAB|&5aU}R0U8WclxE(zD^3qQyZfv$BA zO-iThiAv9&-6jsgjFLvltJ!lLrsVk8YgxIJfhg`tjDULo#3q2m*amzvQU1&j{%-BK zAqYUj`{mZw@5ODB7;eqmOE*X&mTu6IB7Z;xixk@d^zfG4Wo^S|sFg*myfbrzEgGGnZ?b0Dll^n5uaqtnj4* z{qd?WKqvrl?|W(Yx|8e7q%}U^ko0@RZxJ)!&ytj3SKmcH#>`SyN2O1QsTSH>qM@rn z5A|B!_NzOx*r2pts7=qdrej0mmH@+`GeIa&A^XMS_fD%GRdW;VfN!Cm%XqCL>-GzyQO^u#0vV53S?d(__>KwCSwi2x5Cc8`TpBSlG2LE1X9owUhHW z(uuJ-IXOP?R@we?-YALNq13H52SUKw=;(-BXXwUaDAVI20aXA^$I1UJ#Kv(8HOMUHvi5|{O_C-d#- zmaw|ocP0wiD>`k*((kIjB8!fea3lA51U-ktv-oAl2_M8_eNRX>mWofKfODY(QO2(e zNT-&DpR?S<eS#fz3v-%C8|XT(Pzpq&Qly4~2~5 z_nbw!K6+2Wb&rt6@J1?zgkdVYeWpOV6gQH~bRGsLbe?QV%cWL6tJxaC!gw&Km;0#w zbJ#;YaazS3c1Hr4;LLn`SStx1?v2YNgvmO=?{FHcR6Q!B;t-uQink18R&*Tb3Dlg- z)p+K|JxOVOrFxY@|r5VzrPv~*d2ChObY>lX^Vk1`@^B4~}x2XnhM59gG8)0O%0 z*;f++Ps%lJs&4gqug41N_zmXjLU{8#w=)&3<8IibW)eyS-V^(%RWH8l40vRy*(11k zOC%c`E^*?np!VaGLM`P2D}#bUy-C3NY;k`;WtO+%vM;y>Ja1`GDG)aVWoTU?i5YPe zAdc|Rmmbq!ao+NoX^pIZfAgW{#zGdv(bSqic#~I_%|#5o4OBBOQ6lg0zBf$IE!C%5 zE(4jDYVejY>vAhxD6yh5_OT;yo#@scsKycYbSS;fZR14`&vwS^y(f8i??i$3vGt3GmH9qb< zqq16;!PVWfNOXOwDz+hLWZH8av*>CCgFo7I#uTIIF!06la7x4w) z3VDG2NxhFJUKZm~irrhVSK5j~RmGgnrR%r??muCbOo8BU_rC(?{+EiNr>m3lx@a1{ zvVD5Rjucg=mDsk<1Sv&PwGt+iUpOo=hl43h8Qk!iL+e5Dno*PsV7z;0suuSSB%7^T zqGLkk?@~K49EjrC@~#)PPpcC!DBS=&aViz~DjK}+bUzo+^(Pi-+M=?Y96nn8OX5!3 zc9yrF%fWTXR_Y2R2!K-0v_)T6Ew*mvS5B?!j9@X+RA7mV^xD74VyK;9$l0jB&9n9P zEH3B$a&F_<4_+gN)++PcadLrjvw3!_69>xJNr{K@CO$-LzP6;>nN7)T3yyG$prPA} zDGML?aa#RkJW{7Y`G++fL=8L$Ur5%RtII(=z=RP#_p}9ATYL0FN^G|xT$dg4!Sy)> zo$VVlA}c0)R?EXhO}yf#3onB%ivV5QbF;5~M^|ACwsK}J=`Z*5MYiUC@w73FA#*(( zH27q-Idm{U#+CF4a8y3J9-oOkU^ePYze^+v0i^lqV5jtMlbAGo7Wa;YDx%VzLi5EUgok z0AD>}DeNHCS6UcAX`16?wc>2N{K_au@H5YY0xgw;UXc?tcnc_?wU*>>Z`9i73 zxf!igpTgQD`JSqIFB`c>@iRXc9uVCuOI2n=r~x65uQW0T z^)n1prCr6gTO8Hj;e3du7?}FzxS7Knfsi1r#YMU=Un~qSM1{nfkwopU6FyBKz*HrqHbNdJd~!um~`cZFdJ$$ zl&`+QpP`RkeA?Sq$1Q$q3HfUna)o0v?;wzRJmHZHfb+FwDy#KK^<&eLBP9b->Z~~W zGTg=|49VL23tfpKydxbgIR$i(C5~yHWc=d(8?jV2@EPE1^0QR;+c{M2tgZ^k_0GK| z_w%Y0Bnxz%(GGqk{g(Q?72sauvyGZLtGLucSbSx=Yd4m;kB8r~+c{guGaofGl*=yB zt#BQ_*B?QMxf~vn?YxL`sl$XXae>gn=Q&Tl`)U#pUl+5(eDmqveh?m^Z>q9Owde-v zja)`$f_*Vi?6o5#$02mO{uZ%E7gNA66PQ2Vx4TA|SMd>IG|}xR@eVUrSkU%;BpJ%V z<(d0d_AVX4FY9$g=B*HUU5#jYt?8yWWEF56L->(N3Pbl{0OB!)2k!Rem5UqF*xi7uxoq>)a`iHkI8X) zWLHB-mf6F7$k^!Bw*y*SYQ7A~8%1yfJsI|Zx15cqIvM6*;k~VXg6{HZfr`%rjuqG zMAD}|jr83`WuJ76fpYp)e)SpMx-Qa2@UW0st(Jseo=0h5A0KrU7?pR$hnUrz1M{Xi}Mvj-zi7gAdzSpNK<{DnI?y>O&*0eq#=;uNESx@R{0gvSENdfNG zR-tt{O}V|;VgYhlabPwzU8${=V$g^RU~xxfm&bKX~16h@lLB$YZ8Te{_yrRwsO zcUULXi6TinTpAu{L`-@9S7%Zzg4O5d;7aHRDIXR3Z$k7J+x3X&YS?}s;`pT@|Ng$g z=4%uaVBUCQ5FP8iTNuAX_wGmQBk{)b@o12f4$^KoQNVjaIf=r|mNPAFe2K)if@DU1 zZfAi_HdJ4}a;Vo>AOqw<1fPX3?WZ8#M3dyw?F}bz!^;%(K(u%qID49FQ;mtEzN>%n zU_X8^IO`OCU^a5ru!5<%^kg866Kq^hia(=GOBfwd%9-Kb&*qctThaBk zG42}Y)%B#xu)4-xFcY-5x8GRor9sUd?5fgtk@HA44@_t8n7>bBD%(z=e7HuK zzi`bcgx)t)m+mbCFB5#v*V;L;gu82qxoWgu7KQ#73~z#| zb4K#Cs5q*oNM@h9k$pjX?+|~A_+Y_ED(~RHdTbJCwO&lsvqpAB%JqME78KbssTY`VzCVsz&Q-sf zp}r+@#D;HhV4Z;df=y?N4)VTH7jsh+(U~D^w;zb*3)CPN7azvT7*KRNPxI@wy`Knf zF%^r?({BPWhM{BBC$L*>TQ_vp&nLfliOdLJdpvA0K3FYwaT5)aFiicYywbm7Ug8Z< zE0&n_>HFW@Isc+5#`%7qugmQ|oB_%{o2BcWA0Yyh_pAz@y_oiTTYK^2Vg{BJIJ2Nu zSSd?EJu_pma%!$N53Xx1;?R)%2g1 zec=dbJy2Y0%l}|*{MG4vC*a`!>Er$IrhoomZcDd8w_cu}*3;!|{_QbhV@{fobz^G% zx6F?MPf+`{CCNtlUq1i;y8UsJeeUOkE7zXv9YrW z%&21<&-QTtC0xaAm$j#V-{ktQeySe}nzs|qVpivzs`LF{EyGR#mTB|g?Eh!u!v1Bs zST`_Sz%Z8VQu9BX5B@L9jH!U(jhqDYD%VdnU-vIw-0cE2Fgo2_9?T*=rsRz zv%LLiY*r=3QtWiy$p2zZ!jzvtN6Ed)>~C%FAN|EI{>9t;wi9h0U>VD}HkN+xlWAebtQ(e8D*2eu&|JTm@5XUV6O5t+od3PLp8$RTEO>YRGfEb2qH3xpsuW}%rWSGmfUFRHzh2*M!G2+ zqB@V7oS4u|W<*b(!NtYhJ*;+pP*^aAhH3XU1?MAL4Z8K7Ys&^1BN33Yh;5H*jved^E zleQc}MqRg|jcsk279}z5hCB{iIjqnXP$T~ksiUK_R_VCXP>6EUS~N1I~O`H2y+_U!cy<(o3Bu0rqfF|^MS zL!qs6J@yk79U9dwAvktChwYSi+1UCGQdlH}=v+pvIK$8W!@l`uqhJ=8VFlUT#M6sY z6P;QKfR59p3|Ukxh0mZ~xmJ4ciw->ZGzg(p>v_4-W^WM5YVx2rDxFjUa{d&Kl z0b#byYzx5nd5Tg;XO2wqwI7Kbh8)xNNrtZMX$&#UIL&mRSIBO4b~1Lkj@??_+6pn~ zHf6*WXg}ED_cUL;^>rS>qmiGTHY)dVuFriiS5OE8EsCCkH~<}(`4>`tv_!VHqvaaV zQte4nmm}kN<}eqP{E*L_y^?>)!^2Yq1k@ofOEdC({XzxF98~}xhb$mGeC|OA$v?e9 z6>2Xl{7avmMUH-QjwEK!R{!|%qt2HParxN9s_Y39Yy+l)B|`N2wxL3ROxpd=T*TVk`Cj z7SS!C;xoMgcyTF{R)Sb}%&5txXF(w%d0ak1DoUFKUtc4(yI zj_zl1@ZE|H&x4e2!oH26(32lqU_c8Q8hRD!7cP&qFV_+c_J+_a-toqlJ#ZQT+>B>7 z+r#w#a85)N{3kqLamXUAU%y*?T2?eIFE8&58z}88Nom4UNrB&*vnh#vBzJ_UV$D=P zKEt#efF&&}dsl*Q*A}_jM8qZ*c{^irQl}b`e{#EJmu-q*9R<;|sDLb_Wji-TOiT=u zVGH}*aAI1X%y=?+k)XDz61*k)Fnm#5*n*=zm00DIQ!3zaE={ov*?y=|<&x0BMh^4@ zd0|Fvo>5(Wt{s};clo!|Waq*FV<@}e5F@OMm($i>fzW6`T=g3fW8gFex}i_bj=|_TUsfzE zCX)k-kFKLw7cU0J3tINJvly(cOYk)z@{Q7X3UAw(41a!1Pskw+CIH=KrEeP+;a8zF z`iC~3nGCn)MUhw zojBKe2zob#nve6o)y|jO#qqtS7g90hHir>&!jH@C$85XG_%V?}M`zAlBOxJo-rov6 zE<1d4kU)yf+r71$E}=7(!gz0(Ss^^iWGv;Wz-uTKmyPUk#V6=3qTjGgG8uzTN%p|8 z#1f5@Y+qVZqP@1s)-Yf`SzBFQ-Iql}@~pn5;k-L$){(>`x@t_$5)8@<^ zljcWabUgM`(y{DuV24uIGJ{YEHDWP2#}r|NX=E@viHIwA7Qsfq$}o2 z=RhE@9vX0P4Cct3e+@YBcL2ADGb1&E6-wQ&!d4rV#;+o1VIgirD*oGnyLA)Hb{E3( zj8LPmKe`^R3MRjMqt09<`%4!Ir(~(_rXgfd-*0DsH!`-9;yS%dFm7>kwCxC8JKw&k z=X%!XdBf|hUA=xYZAU6{wCePNzEjT~Atb9+ar~f7(!{j<^8k3oXPZ_-PfISV#k++g z=E)od&;>cmB~|!GO%)ZIIb;?rm6K!6i)OmQ?QD)!qo$`N(VDoZs0eb+Dkb_GR-9U0 z$x;Bffjazx)j=p;v-aM5ARhI5?uk<@!!dl(j4Avmxa_KP#xAp#c#G4I2d^ z(A4-0b$KB$Y{@_5lR4AGgj83F{l&p-m*|qCq2>Zc1e6c3~FbeeUsWFdrH@E86#EQ6T7R?{#{(u3&K z4|(?8_jdbbB!*_h#Dx4o^R$MHLR4y7@pF@+C7bInEj)!Ea~kt32Z;E%;|P<;GJG?~ zetYu&tRf_Xfkgz@ChS;!rB$z;55L50*C4rWfydtEjG$92=_rAD^OfzcUG&WM&wsOo zED$yn&dD<*Vd!LJ>>GdRz-RGMIKcJMOXkh3kcp3Xl6S$(wJi9R4O>nV5<3Xb=Mw$# z<8;;0-+ZN5(sQKy%_w*j3l*ajsJ}O8Y;CnBlu=WocXisiojkdP*_WxRg(1k~kn$nNRdL+IfX2-_HW@YVHv5gjpe$Y8?3Vp=?M-rWvFP_{an6%*%SSxLCp0H`PeW(`2aAAgasbM5g%Mkk(tp4 z`@009*?Xn7DE~?LP-kkM6J)%>FfI-;ukmy&B|E$0b*ys1`{3q#;sIci_h6BhCrjSY zHm~zu#L*Owqv$4uyt{~qh)(-5&x~Hq4l7pXo2X4KL`2U%ne&8|Dlo)7wLr%bf6yh0 zomdO=M??8fknZ0MtQ1;sO>>@~9YJMlluo61Eh#Dp#<|JaV!Sd`B(s&A zjP!*q`D{2lrj<;6I&kVvCZo^v#wR8=PNI^=y+I(mYPQzm#}{;BVp$b|k-G1Ed;)C2q8wcHB?H}RmE!GVF6P5s;-+d8xOc-FGHH@=W}<;t5Dq03NB&~DR!wOl*g z`jw94_NxHNj6tyyxMX5+5BcLztuhmSEZFcMO--)8%}<9w6vKW@Tb#>PLbyf2ATS}6Oi$G3|N;g1zg)4TVB%6nOS5{KW?V za}XcW-EOU}0#z<5naYLUG`Uo>4in%62WZu=QScpyAry*k%Jf34pOPPXy?@VqJZihx zqX;_c=wh%FTq30fr08HY?644Sm)FVqG!7m!i$+r-?sSBzN2T94ATrYgc8iS1`=%B( zX!SFPsLZj1YMD3T3qD!M=bj8nk2i2bhvlFk?d0XG8Ry%9S>=y`&Zl*TJf$MZ z`}mKC&#?d}4=$8)W-~b{Aq*30JvLhvSFPRG;@4WNHW9&+MghFbX~X8;>d%NdPvx}z z%LlCy(FZ<9^pu9TFg?|opEx-?w;HxFYbT0j^f9r9RQP*Ta(%Vm^`vgmv9zA^)l@3T zQ-xq^TMaxfEF85{^>|G%xR>q&?ygbp(6&1!ZWGXMdTOK8pScANiLG0$1D|60n#M5l zAFUMP4z#s5HnO_K0}pS3A}TQ4egHo+M>Q|P2f#cQPUh!!TI=OhR%et}oo`_F7qf8g z=?jYGCegEo&%gOk{~5M_L$6rQGwt)7b4GR;h$ep%ch5_BWMpJ>{jRZt>J}592U9l$ z-#9eLv4N&l$g^p|Z{CJtlh0u)5jhxLy?VPJ#okIQ!aLa&e*P&>emCkNs^wd-ewXX=Yeu<6Kc3HDrIc@3V$2+^IcD}}g zta7GFYn{Zgu@}f9WFhn+5_)ZD$hUX;*;)*bE}}1EQfw?WsR%f@xRvG2fchC1GNcnXX)% z)WikadlhD6nI4}hfbRROhKgP}BswOtSV$nHK0;oX@GdVe2eqBeX$+;eC@3hBOQ(K< z^o|WR_D8O7uSkSed*ViKsr-JwC?Dt!+r8tw>M&Yj5C{!8IB?2cnwz5n!I6T=zGonG zpfgn)pRVe;P0Hig81L#LdbBeOqu{((7uP=2SxG*!ChPJ1FlT5@r@2KJl#=zfW67jf z$3b&~C!Et6;qTNBY>%PT##kcW=tQPpCO){Leb01&zv4tN+EiQKB zC^0COC~Pf@JzQ6DnTE{hrBX8pe;;&tS}=+|7ZE$Ah9T%n><`AO3W0W{+ARaCx~t8h za-gvdB9I);^b)6=*>v6g&3p^sraJW=6&Y%bk9TD{ zJ0hofxVgn@-SDsaGtIuL?D{05*PUGb>>=OYBUaNPeWC?Ja{A2R8hEI)(MM_ykF(bU9Gp^>)gWL{J=Y-^%ThTSNNg}iE?+237D9`AoL|V)}VwK%}PB)59&>I)*n$nuB=@11mwAo zRZkjag3ne}RkfsoVzES0<0V5imR5-RA?G6MsGdw~%4~ucm z^4fLV#;A6_EGI+@#EqOplGLU1=Ww$@f%Ptj012{?D_XtVjZMuF zVwG46_`InvWJ`v(D@JYF9syWf4r9n-|a3b-9x!cVtMynX$dO(ATsDMJC9g z+vd?3=4yxd3f(eo|63S`&1lDI)(Ni zR?=)SEFmcgF7JhnzZ7y}@WKX%N&?JUexBol8p0ZR`^+BVj?|yXGPgGVpq_Y5SmGJ z<;sh?xt}_ce28T48x-87pg?dJCb@f1?;Q4AKmO3ERoA4Ccl6H7iz#{5F)yO5jTHhl z*wV|@?r)1e@u*c=LpWDpKr%?xE`&(_VE{vql|m1B^iS2Bvqa$kPHpGG7r z+Pz;m<1?lY_@;L=Ax4eu&4K)$xI#q^vB6)x^OsydPw6B@>dc^t4Q2VN75K_uKcoCy zT`$XEbO{HGu@d&)9g~FmcJG!ZnA82CqTq9^jktNeWG4vT z{rIL2(ol3dcP3<^@7m3q6u0L|y}i9DC@Je@?V1`JGr5DDPcJtqlx~ZM#jPzqOS^dv z6WSnA!j5~6u(ukqx1K{f0Bv!LUmtU9ru)^LWR?cv<-=yy^Spd*nDz8K7DWO6P7f=h z`PR#q$e-;Ht-^};Pyg3{X36#x1E<=7a^`j~PaVzqah*q{C&?;XP5RR+;6MGnm-`?)Z2@cd3jW_FJg3oi8#;>0#3O@7f{v!pPZ>x^AVQ?DvY%QBy z8(i1}=XpbgnE@mBvy(lX z3vPYw3-^dWAv@`ZVZ>avR7}VIeWOXvTj`LKuu?Zs1(lj6iY$M;L&cNu>e*|b;nhj) z*1wR!Z@B)$+p9g|Ay0teb+uob)AQVTD6pq^=TP+O<&zJpI6U_=aS=+d&g2wSCOrZ7ldUkouT~q4xADH{n#ioIqUshT-hN`O_|7&t3ERJ8GOmlnQBDn?Y>Na~~V3i%KGPI9ve#XHE{r`f-Xz-J$j(jK0P*Zg|9{=sv8f6J2#)>Hl{ zKEtesmOJUlx(MU9OVX426CUmqpy_sDSNl z?y@}0@(s`aGfMurBfp(J{ds^6+T*wWr$u~Z0JcsZ3>O)lUPJuJ-l%}1wrH$+{68&1 zm<$}Gy4@nn{{QNXzg>y1sT2?Q|7j6s@e{Xk-4dPo4SWBqBR8Y!sF{|+`7b?^sBH{h zx>5?e=dpHz%)t}`A_)-Y7cN2udFsEyLFd7SL0nIVQOJ0}anGxF~u%6!Gm?QsA3!e@4l5B|5kLo@Yn zrExkozxDRuN=gp8 zOG(;JldFyG#M&v?3c~Tbj&sQ3 zbrcUA zrp&M;@sz9-G!N@qA)`*vdI-m39;-YfWL-hg#Z zltaaFw$UJn-znuklej;+KPxlnIu={~%RY(eN|MD2NujXQ0y}biZOx){{chg7P|$5b zb;fDehgPMerBB^Ho_?moa%*`|HEF~wx~O2Zf1xAT7X#x!XK~iQOVHyg%yEu|n$&>! zRMdswb0x1z?yezbCgvs;K|_&a_ja|Q1*@p9Tu2{@6NuYyDbo6mPHxvR+%L$=Iw~G5 zz(G5)d=lG&7uNdm5MvQb4tcluh`shc&Z4$(te)C!arvX7%^9LZkz^cQMg(>bVw32p ztEm#RDSb3oL8!OjrH8$*mW%gUcNYTNpFgfN54{Mpsn!OpfM9>C6#dSw=>SJ&i3v@u zDY#Im(1P42i&~w~=W;f_#>07uqcd+!@hI8Eit1kbFyWAdw4+_9go*=e+uJ2BY%GvZ z)~gxA*+=XbTGtjYW_hVGd^bP-1c86o^3>BO`!>e8r)D!Na)>N%4E(FS+PTLN;B~5zi=78rZe7H zucBD1tk2b6?_07su!~Dr8lmJnD3Mfi-FH4o3IF5@A<^%79ty^rQasXja)NPv72eoY%zRK_y^K3Sg#MSo$@sGnCUK zZSM(x+AIFxxRG*@_rkyBz&Nug9cTLTEE4I0W&Hi>{x0$V_Eks9d2ZQMueV0kwZ--_ zp*VtaGmV|SyY%~C&4`X2U|F-2wMTJ1``zZTbhE*NwvZ&iE8gNL$(pci%9FMq?NY^7 z^ATKH)H5;h!%k|IxqVw6x*emvyB4`3)}MV5Q)vCmgJcaY22u@Q63!@tC&Iy)vn%82 z9P2IPX4WpKQ63sxe?%C0oLEU7&+6f^#gT15DEfemLq0>1lIwb4%VvE_1>Wh-HRz@1 zbMNNr8n(WA3c({^jK-t6x6Qm?bqi2e!7_J-NVjL6GxJUyC%j53+`D=Qz*lo}=bp4{26rItnGUF|;N)FpOj>9o%wOsfIr zGY5sJ;|5v3n?2=OmljcicgV>T($hsx1XhPeu4!nKsI}~-Q-rI6+sA|vN0l~7neyg9 zapLztwD~XK-cY5W64ZgM!i&66{F`_AizI-mMrXqo!Pu2GP(HCm1%RaFpLPHvMt zz}j9z@gO_=5}ActO>G@q{{0Pt(C2$cXW>ke@B;}5Ne-@0bklZQ!DnjL4K%@xU-TUc zmj)DTQ@pC>$}@=*_=VM5k1JV6>+6vRrCpeE2M8s=d51c05rLaH{o>ghfoB5G3+bZ; zFkRE-07@4jtmpKTxaA~ckLaN}NwyCCuKk>OMn+XKQu8ZgZtge5wb;Mw%D;i>M_Si@ zCL_9YL~@`qYN6raPaG3Eo#Xe_Xz`IhL9D~YBFk@xHCA%)m>Z(7^5>lzUr5J})aXkJI6DOvNornF_tqRs;ze2xZrlkwl zZ5~{Y-XYIcd}x5Yr#4gwC5Jh&_LnsmIFFw{tKCvdAoLO2#A&BdkKUbx^GcV}NS4Vv zp|%q|gc4YO>MS=kEi!0g!QtV2lyLST=Q(DD^HMR6tJa+wxbk9trN_%i*_5P2{=%)k ztgF>;8WtJKLK10QtY`bVI6Ex6H~WRXXU1`ymyq}F=bpR%%3)`u%M$ecu)hDmQ zrH^^&%%w(}5iy6H$kcMnbH21UzfsY?gTbEw?66|R!wQ*_1D?bkvv+S7Pz3X9TdzFN z3BQ2-6zW{dL1AGgmlTvnW$+b?20%zVr~d`fcdM~t>0CtG%O;YCN$)Z0Q)iv ztKrftQt-m%S)(e3Zj&h5tn$N{A~uqAyXD&cmaSGcv8yBp19>`;2OH&2XB5oMSE+m+ zx-T7tIc-i;-{^cMm!-;}T)6bX3h#Y~Teunz0#3~cmE8RSO>%q^#2v_GM@$rec%K!GVm+P}`=xklX}NAI08Lq~%z2H00GJ(MV+g zC+xg882%Y4%Q2s@x3@h9eRa1G#RO4vS%P}PxgD@2BqXlqb!m`8Q&wD?x1s~0qsdh{ ztshh}jMy$g0&BXPW$+nPHI%)015rCPyL!@_*{%` zO8Y|iammMnE-1QBcT%>Te9JQCop%;?;fQ7ZrOx2UjR-Wb8-TXagX84Opx%kp`!Xf5 ziI*wGxGYmx4i35SWw7ALp_0W(h9XBq>ix`rCLWaE>Vmiwq_)Sy`_cy+k5hgj!JB@N zt|OWURhKV@XDS|Y{)~6yhCZ(ZPZ|A8N?5WcRB_%BqT1ZXp?TyxyCRo9vX{o?$@}g4 z{heG8<~+(JJ-X&%@b<)96*5WHc8R1rFXX{OU!*AEibXQB<1L*LD15PLYOF<+ic3zH zWP;?YR78SI4$=8|#baF#*AU%s)L|!SS`@=m#&xg6958_KohKJpu7{!; z8JmXP8s<>S*yWZ%pk~i6929J_#~E2@!Zw}^=Ca_art0Qk-*b+IUmh$>yC-&qq^(m- z-mJ@wJZq z4(eq4^jKfE+4lDwQ{B0H^V8D<-R?Ta;Cz@n0rs&FmpNTm63f^wGR_aSciH-152PE( z6IPw7Ou>ZW3KMq&c-)VX=j?@QSjO+sT5%W6clfJwsbi6mO|0=Yi!@P8u8UGNe$4Y1 zx%E|RzooqJgXQwMxFUUU-B^Qs-%&CB2_1q(3eQdRBl%MCJk$~CtBRvRzVL)IeRbLM zq1dc|Ck$aVuWvm#s%}3?68><-2vUpIxz3woJpcuIxMrl$Mo_|}ugBG5sxjk?vty*B zu#}WPct<=|PL3y{)=@A5dREW9u$LcT8AxPt>LuCU1S{pEW?{hSWqFP|7JR4|2^R&N zZ(-x+U(!S%Nkg~FU8l@S6Fi{%vvu=_l8*IF1OF8E$z=a3AXjrA_Pg8bE=+g zEsO-`DU&*EFwBfv56oH()wL=Ei&@u&S6;U@9R0xKh`2u;rSEGEdHnhD**%U8WiCzy z79mJ~PDCblLfS*cR#f>!Zr}KAk{EcV&Jg5L4(?u0E%6!3zPK!P84vP@GXgt}#{w_l z279%o!53&R|g$7FEUu!%iuwKHbtXQ|U7w;1QV#+UG^m zA9x)qjFg)-T71fK(ne*u-&%z~`C#&nI$gS`w@2N+BtI*SX|90b@Z}V7D&ke^Oa@mA zJ4x8Q)yD{b-q^HBJ6H;LZd}BEf3H`J>zuVc5d0pVm~>6;dl}K7f!Izc}W#K&ciAnSrK33PnRU2uQC8*_Vy<9o)cLIJUf4M#7Z#Eg@I3 z3^_K-sHm)jgnA7u6~4IE}Ow~v?5$63S8>JUx@wP=F$Op1`g z^>-z#D%_EXqvIA!{2Ae+zE>Aq>S=LL;BZXkA~Q$-#j(8~R*!mDQTd)95|erM7sMTJ zoQB!{LH)UXTv^BPLwGrG$Z+sn;5?O?xxv_8J3DsXM|2N`90Qgds9Ax-$~j)+*3seB zHMo!4lWkLc)bSy3x?rhrJ8>mzo++P`l<=DI6Nr@m)rl1}rHf11#KHm%55hXNcQ^Aw z^s?=gsA_>RlD@bX9n^78?F}votvlvs=n~g;F$Gb1;~~d4a+%BdV2Evrll^Lb;nY#F zY3N)0))VJ-Cb61d3^L6yvavn4VCouFRpoVU!NcPz4kXhTPxb)w+2J726Je{tSz1e; z(L3~WhXC82XzCW@pgYz*Jl@O~8b)sJ7QyKuOYf{s6F2Jk>AWv37xh(nPp*s>$|2>d z`Zv#K4v4$acw}t?%p22N?;-kEAZxAW;4ft%0)`B0uUR zPfx`6Y;SXp;!IPzV}ILB;);|!>7I43l47=9YEW=+?PtlD?6}R` zn*!*io~v8SNQU*YBe`p~EB;2AQTlC-g%`2s&dQlR_uR6gNFatl(&4&f=bHGgGQrb0 zHnt_W=9+}IDwE)S7EESVOgpl@3cjauBRkIfE^*Tfx^Pfex?@C#5Dw5h!rsOcIx4_; z_nBTL;>~9lfsz;7=8XrLcfzKau`s`S;VE~=_S6G~-3NXQ%ef6VjiwNba0(fDPq>YO*siRG3YQMS>TvA6@r#XpEdAcJ`w6ii415c?F&!*1rrVcf~Vm~+0 zir)Ok{**N1)|l;lr?@9PAZ#HI(|DC957UZ*%O$3`8iH2_HM#Eaqt|;e7E>)uO|7uGQWZIfxwF| z{h3EXTfm!;hWPyX3q#cGgX%~d@^7rzzXj^CHyDE#Eov$2l%14!*)!DSIl3yzVfRhJ zT+GJ6`)(J(wbs;6vvON!YXv9xrj~&1<^Ga}MN!o-^xR^;%jVb%w+I zyW*AQ=Y|pkH|9IVfJtuZDqL#3U`^a6d%T)0y$xY4` zkbo*d>nQRJRHtP*)4QqZ`!-faLe-|(1K$5fq@y`d(891IS0@B z*80}F-sitjX6}3Mebw)ZeO*%o@@HP_>7@Xjr*k~%e#b=nmPdGyFLdOA`%KHFId{g- zO;|4F@bYT0>+N4L?dP9_FS(kze>9i|8CE#2$=#1zS20X3h2**NYe%h&)T+H1m^ywQ znLU%%R-V7$suTy)Rv9G`TF|RD8#n{RXN^@vK5cEKO87S>C5=y2=tniFlh^S+yW2!Y z+E-X9l7x~2LNSsi1lG9gV-Y4$8jQpDY_Y)qZg|1KP=od`)Xxirj9w)s6JlY=HpMl6 zdZMc>PS@zWS?|9~-7cAUMn6*Qvp2B=}2&+!08_BxqX~{7jDay*Lw0 zd@Xhuh^MKn=a})y$=iN-;W1FHbUtcF+hhDWHr^!;cOV#((E2?4vl5reIxXOlXEr!u zZ!L^{2)x|U)g?6Vkx8(Io2OIxVQqO;$7z_lHZd%YSH^anM!(x@E}Y$mk;g>qH`!kAI>@60ZBuDsy51TN9 zNOJGxBuP}Bh~y2sk~Hqrnejjp`6u7>iz5)q}&tE5GJd1%h*=T-Nz+H>wZ!mTeCM zv$ywC@y2_~&uK)w!gr$6^dXx9AjWkqQ##4+gKj6G*woX*HHB4c_000?1~6)h?0L6DiWEr1mhDZTH+Vv@&Y{P)+%hpIQ=`us$XOX}dzG8y zef_uc6sWxYD#~IDLqfC)9|(72VaY6+puA;Oqt@#=p?um0%l*fQ+J` z^Hx|JJH*(rCf(I>L9AH?GppAr2NMyFA@hT3qD9mOkb6E!-QkuqnjJV{h1V#P!sb8E z0+92tAKG-J-`0GQN5lN{H_!Jk{c5irv73ld{toEI(Qz*rXxCZEW9ug0!a7$j)bp)? zv;3-wV%+b6UvfHMLp7h>2-V-cWL14Q(e+k|(LdO)6p`7wn z8r^Q|vlSL$32%b#+hDxr{^6L%mHuIVQNdxroQ`N%)ZWl7F7oYu1TP}@0F+?YyliE* zQ*RDs`JhZRK)1TyDeLJC^W>MdinlF)oy(|#fV$U~@YCM#!IM^h=nJ5a7$rFGlnX*6 zYB&h~8#%l`sUGdNi#SN+Gm3WY5O7hpPyUqCna*^@9Wi^%$lA0v+Ct`%62W*xNK8uA zl$>?jwf^OhPl`X-~-O zMF6`xlLl8$YZn_}*uu;E_UEHjFllF}xIQDP8wHEU7rYmwcPN_rmXVP*jvfc)jU)?F4b3Aba)Y z+ykNZwj7s%YKzR(6cP2_dU(wzHI-NQB7%H;e98j-IFr<#Duk|0Mo{-Q?8h!W0p+U3 z!4lAN0BE&HC()TGP)lPoD#!Eu^9%P%O-np-$IwYT=;;!J{s+znEsGGd^*fka zsH}Wp9iy5Xu}OAW3aHEas3Uxmb*=ie3P)poEm)LyY!|gqG0Z}%pr`O%(@owXySmR+ z;mQPpwj2eeIeK=Z`CM@v0^3n^b4&gFrTMS!hhAlt`E9lcS)HGiRn_X?>dNInl9`LE z?K)50@0Hjncn~;9#<9zn@TlpOd&uuzUKxs^xUB|;#(ZyHn?*l>yT8u9X%F0&Qch-S zGHmZ0CgZ(}pZf9+vL;4joVIGtY_gi$F@t4-`rhpa_E#9dVi8#@8y&-l9*?>L|MaHE z930xkj4T!D2RalA!+y9FpWXrqYct;NY$3*bAJ1gkC(HTx4(x3ZXv;1uKi2*?jNgC~*8*%JpBO<3H1nSA>(?Uxxl}o8RkwXc%2EL;A7)&O8jWygRN{dm% zN0(X%y{TP)uFitk@N1_Yubqd&Y90U{E8Ggkz&Pa;teb~9*%#(k^a>tGuH#QczbnWg zT@H>#YHMfK=p!jY<`!br9AHZ#3k}myqF<@;-jK-B3Ejc0j#DUf5x=E;0BI@cgHz^KYN3;)JIg zZjT>tWFLQ2aH^Fb`O*jG*;iN!Q)+np=uy!TDoI{iR5Xo8O|4L)d|M5;&2<$>k@y9e zGXobOIlNLEQ0Ll(&C00ag0#|Ss9B4izgl;^(KTNoyxBkiN8*p1xeSeW~U20<1_7=x(Ex+F{SMLZD0njh! zg(Fq2@4=L>NE?vB60GZ%0!mgS5k#6n@7B-d4o||8cQv;eS zC+L)^XywIlxgVeE_|)kbTblv+ASX&?{)=xvbQ7pZB6-o{;Pm9lTa5?Xi4YE!d8oVq z!*q9?w2e)1)7a~Z^*JPIW~_d%z)tvc7njZ~w%IhhsDgn4ZC4(UtLR=vdgtVLQpZLb zwT~U;5vmEpf##}(AnQgOZSsdnedU@?)iXKfpQ>3=i##12HXheUp3V^P5rqbD5GGSbGpSNtVz7o3)v*a2ZjG1TJXU!!2D z?qmfziFq8M`BW54A}n#uXIISWq=B)+)ZE<7ywrI7`>xKCHD6xQ)|6E82 zDpfEel4F%KT1_QvbVzsDne1nj`EPXV_e|9H9uz!@;bqc53xlU0f0vEpEPtb{#cX|y zw(l?O1Q6518VA@@+|?CjEkpikU$`y8)kGf?#RrkhucVkd(A**jBPhQY=$$FS~szNR|RX?+5Bx4)hQ?Wjr z<~N!A@#!pU{U>Fs65gZ772(%+N%#%2;2VSTiKtN_F}3@)!yq~J*WTWeFLQ>Jc|;dh z$b$b+;&75I`yW{|5=gg6r+773Lu*vd;ga0p<=<`-5@2EFM+6!ej~2MR&DE^YRT;s? z#t97(d@f&M2?1Q^^pqynQMtt1yn*(!L(3&b!%|?5Ypg&S7b}J31Nrr@ji3@TEK?rb zb3eqp+Xl=*`8)($dEb)S8eJ4xU;$rPE$n=m5NlvF-xLX1f||;|bL0 zQ)pTf`|&iUG}n+spnVs`TTdZW+B*MX&``L+Zgr$DS_|M6$IBy!32;oW*$%Z$in1_5_7bGG6J2kQbhR5Eo=OHXG74x z4-CqCYXP@lBg5wew)dflS9EoCZ#ecpjNx*sh_OAa$OqYMCX0%ScP4)zuDMLMtNc5O zr>7?a6LUnm^tIut@T*i39r;d^H1j~Oz0NLHU)=q8xxrg^AaI94MJ2QN6nCHCoDwAo zFgIZFuzz;-$&l*z-d&yB9o4A_D(3vy6xRi#a8ZxVdNKf9(wysPJQnL5LOKjOVgLdk z3>~DEh9y!7bq=|Ry%_)OVyTZ8P%L%^|YncRFjulNA8s0o4@D91oPziMi3D0@k zCw=U^cU*^@j+?E`^GN{IUv_Liv z7;jb}JLp_F1=0z*!N(aaXe1uz3fu^{Y1J^!G?dgEKnL>>YhAbYT%-y8v>1?dC=&t- z0@=idnO0asD;l4IC&B8Pr1`qFPU~jX$34Lv9dc{dgJ=L+-A?;@`Eye(@g-reFN# zg~A@2Hu2;|txX|!<=a>bYB}A918)$teTu$8mt<=e@4PS`N*x(U!oe$uEItlAMi(CY zwuCSPU3HXl)#jPyFNQ%tpwzT9ONxma2Xm_NQ_Ews!69}=3B)0+8u262XuEBO%$B03 zO?t*G*ozyJ8+-}mtS(#9v!Ar|6bBHpo=1&Uh{Rgn+==z=1%udia81-R`&|_wKV5B4 zZ6CCRs#+TmwVtIsUe>k6)|6;FWH}VB$sKY>ObseJtyN`E=Ml*9GfcrpDl5Y)g?Lui z>;_U&YaSk%K?_j3Z*PeVkOyW^y31H;ONfEgBe_G!U7sK3I2Xpr#)g$_t1A8&ASwLc zPUjCC^T)$&r@A>!kJl+op93kn1sWy4WEBF7a%a-n^ADIMB5vfBm2#eqgI=RVe>QZ^ z?2qnVV20&vj%Zq0NpbTUs~*is2$^Ji^yFzQACO2WdyghVa<21`464 z5yfWnoeL?iT;v_qq=F5M-zAc1a#{z^IkZR!5>g)ZNz8;R$p<(!B6Mf-t&cL>H+D$a zW{M(jp*Ng+t$AQ;1|MHj-42s3=;Y*dRHdb9< z1aIYP1jeV4lS%-?x2>X5X+o(>scV^N+AOPIrxgSjY8|vZZ;FHBOK$g^7kuulg|?<_ zUk@BA%T-jf+<`y=j(V&W0Y+tBkr3&znX;@*!)f*+@Gv+vH$=`4*D$_BN0kPa|$CqjHA0rFy_ z`mlg~IxDS=Jwry|-Zi0$tS6-t<#xuCs8K%sk%Q9Nc#XwOY>CWxTeHhuG>824R@!%5 z;GwAC-Bg$-msOIdCNTG%hvj&wP4DP6_Ew@aYe26DGK{(Q!g}Q^ey&QZaZn_#b@}0= zM6>hC@HqlmY;nm{zcAWzYBI}-GPbB^>};GC>Xc4Uhs9I7PC6Bz|XG>4a_o?#2_Zr16|uh_^FJ*G{zCa9%#Ntk(9b;f-W*=g;5ndxh7mB80MW z@t9aPZqC)&sVRtcbn)zJFo-qaN_jvYmMLSpyt362pxHy|zCR6jL&8%vJ6&uQBf;c3 zD4Wh~S@ZZj$dPkpMPq^vrRR*Fa~GI6cr5DKP<;3>y21SWERDaV-{4M#+wtdi+GpA5Lt#)-9}b!clh^Lpzqy7O8;(xvPOZ7${)XUmLUO2ErtX z*E#8g^EGyqYvL5_j5{`DIzm68%8&QuyIU-$?#IZ~AqEg_#)8M`&rw2+@4D;f^biHw z%!Yuf9=DxxE75P;gO{bHQIn98#sz3j`OGaG#4idK&bxTh5d=p^PfeASn-XWCh8?~R zFCmmlekw1bq?SJZz#*IRWao3PC*f`EA7|yc z*#r+;j{OYOk~^O^Jx(de%L^Rrn=&#Shukl+8tIjFtBt}9wfL39Vy%C zX*=FgV#~{6q|k($03D6?Ubr4Dj5gxS=c$KQxQ^1mf+WL|#x=5P6PUr3=8B4*6Yyni z&bW9|svDWRtL>>7EjNr4i3;6z&1a=`(Jo{j`}<`{LTGd=CrV&@Q^W>Ru9j)Y>O9Ug z<4}0K80|8ru=K2;j*hZ3@J6l!j3LVAxk>T{`LM0N_~yC`%AR2&dr z5Q*@IGb@}Ma)*rM+C?l5q9@X_?|-{y;t`p3FrIRXpXeO{FcN6#OsBt9>uHORjg4F0 z^bE|h1X>`VL1^ufzx}xmIg#DnT}#Kk@meQqx5GHy004~Gwi`KX7Qj58cXT~QHm*mW z21Bx{pK5DsyG@rS1U5su?NW8WSna z&C9z{r$6lhj^}cfqb@{|OKM5pQ{KUq$zP?#mf+yfpZOS&NWki`+%>3H!qoq^#lUc?WW%L13uQMhe-xu;Kk0eJ7< z5s&RHEo8+%B2sC?3(Bt?AxEAH`h(Q|h5iz5y!J4WMk;u2{PvgOSC{Xc;v>U(v5SOQ zdy*&ZBSJ(=QsqGg;bf`eK~|ESQXm5g-4bp=kCu5K_Hp_fPV-^%X_A5+&Y;g_&pxbo zEdNd}FI3Oc;5JX3!d7WFu#ZhJBM{Xf1cJQ8ovT{h$Vhk%I+OT{2Xy8ghk2qDfk(l? zxcqD?CEC+DEGYI64a}aSkgTV^O3#y%Y>m}(p{Z;18E&>yX{nilu#n3$hH*~ zrops?DSs3}(vf|QNH2M{K`OOZ25U%ahHQwuX9a`lG6eQq+G3)rSnZ=Eekuk|D5OfX z0UaHwBoocrX~@aj6@XHO4V{RxUMFR>5P#}vVD4f0^7Vt2GFIss*s@-gIknU$JSf>pceOQ(yLyc`zV-r$?8D- zC6=}F*Qq13h|Ha8VtziH#R>C*mA!(8C8Y_*)XlFX8HZ?}E&XmP=@@$pqp z$Pm} zx2iRg<*F5~sM+Z5hEcX`(IsBTI8T5MJy6iqg%-}N20hWS*~-;B3?|=df_c)F1O?Tz zrLlcgl^$n7$4{T|&7ttCe`NyEQWRE<$Bp4zmveGlENbYWo3T{5)AYa?-khAA>w<2g zdAi5;>{13dv;xdIfyG~cf(15DlA@X_c6L`lk!KvhSW{_bNS`p#YMqGb&H!Ecy=2WJ z)4i^NcT7*~JBUiY5Z1jgHl4*fbbc%vKg`Wx z2H=|-CIH#jDz5y)0a)}{0A0n3+B5!0JH$J*Q6;a69(jPiSYq**SOSCqAhSI;Um<5A$ST>tC(Jk_2Ftko|fW z-kj8q{A*}lSohLH?v+)dyMq7v+>@@x%Yz!Q%9PCBkN)+!CteM_9KebHJAnVEIY3xL z_xuyLpMukJ=h@g(pO!9NXB(-_T2c?v)g+IaXr50AC+4avOXo3i@!|FbuW!G3bQvoO z2--a#;aO~c30`dDYSwO#mM)c{w}(`!HZ6eCv+xeoEOe%=#$db?Rxj(l5~R zdNjt@U8wPk{kD_4PtJH>z5xP5mL}P!T3cJ`85sP=tIwpJmgGhPPJ0lkU7=f>f`n`U zLfcVeXeiJR&tqx3YRw(yX9=#D&&>(^g%c4@CdHzGWTjsGp&tSFksB3we~{c4NXk>d z8sYAt)a2x$V4kHc(?Q&t-VvNAR^4mRgAuO56n}qzlg2p3)ta7PN{!ZBD{4|06*v3g z48et;?8Wn#uGXTFqhm!+-T9GAR5l;6=~~x#?DP*x30rfm}VnaJ$jzCAfW9Uvsraiyt1-tYy4z<508^- zAfKC-vMO#sP}PX0(-#yyPp5q9-26hRr?j z;OkUsw#7^#G}Oezg#KaC>PUesL2yp4#BNn1gHlEsTg8S+>!%pzD9`HUjL4liYDrGy z5)oxUwgkm^h8vLM39ai%aL_s0JP!>JTEq{*g+F&>!Cu0#cCnjSYZF2~^)X1*SWKXV zxglsQYx1*i5Ol0!@_@R>+sLYo#nFoDB(1>fHtJnuxj8vA+EI0M!Gg%>NS7vW9BF+a zfPH2pg!Vm-=6fv{Cl&j#e=yhIez?1YkZ z)7w@t$s*NJY}Bo^?7E#aFfdRB*JYIs3vz@_kzZQq4LMIyB{Wj#$r~($e$BnQW-JEE zgZCb9w~p1B+F3O?m6xrr%zZT04S#HC$4BaZ>7Dyj&)YZ zjr&HeOe`KM)Ey5CQEj7b^@vG=I4)~5$fxhx^90c8?n6N1;taguVE%q^o>!s;jO9pL z$uAL$gV@8!_?*^!504#nS#B-l0ZMQ3B{dmM?FAqMAGX)%GModir#l7`LP`(%$87X9 zYcv`xOj&Gl^gnhBHBJZFeDtGB-)-0pDr|#Pzs^~h?VwBa1+vG-Gut6LSMP@iut3C? z^wr#`Rr9sRwbBO>)tGt&w;fHz$~5TN%3fQH-}(|5+464suv zyX|jsB5>g;B_;Q!_V%2_X~QJL>=qy+2XcbvC!ExFeQ?QRrDM&ca-{GB9@CL>RLX*0 z0Kxf)VyY+;6&)Q4y9J#-x7=vH~5TeV1u!ocQ{7S^K@=^^Ju!7(N5#|5_d0qxNf!(sI6*{4fGOL-rg~|p2O!A)Tcqd)%PyhwLKOhJc-ckV5 zOFF^2prSIj@$D=?!$?qYFk2_2JsY15adNQ+LhfulQT&{=m6t%jkSM0d1;Su0#XUyf zqmWA~ULX)C+5vsA9DRwn3<9BNm;{nofX>jinK~%d2a1HWX~_~?CYD3%c=<}kE!<$W z&|ppL>grNPpEQ2SIa5IlPrJn;+=p`_Og}1gM;lL+74E+zZlISFn*H?f2yHtkn*act z_0~X3so$hPiRk$tYcr@y*KUk)LPR2^!;k{A;ktaH%S!g181pEfxy78tr_(mHA_*O8195)+t9H+aB4EKz$ zdTCNxRN73Ufa?UjKN?(bJev`;-1EDnZ4Ushz>~0`fU8vEX-(9%9G1WcmPQd;J^>mD zpyn5ulbgHx=om;VTQTr?_QbPaHQ!xPVK&T{k8P9d1ZgMM@V3fFUx|^Sg<$8nLo6za z-9vvN?Vaq40f$>NalGHm!RJTV)V0?zbw(kl|uMk7=p_mORcGJal)^ z2eK2(eL&t0NY32o9zB@Jrr=;?E+{MvaRbD}vH?9@*erzVBE2n1Ujs)``i8i}x5uhW zO{3l|@OHR@UPJ^|TZ|9vcNcn$BUR&eWHP9u42HrVg|D5NKdCc_S*<+{;14q0`kHvf zXdc{$Hzi;4tOHEV$)tKGgw(p~-QXUOuZYtJfDDGifT9(hFegNU94X=zX}%LjEW5Mq z9gWEY7U?iMM40|+By)l|diEHla7XKzt3}7~K_#9p#cW$hh?Dkq;{L})LGTCK8+^qD zK>ZI;<^iO6?SDZWZazx}z$LD-jQcmM090XJg*i3HGHB;dU4Vgk38WdDVwhDU!D73?S?uT_W_e)R?0zzPFYD(rjq_9j# z;SLX#%Pirq)Ksvg#vMIc%Xz*o)F3Fwvs?CjzNJu#pyV-^7JMm{?div>n6kS3fP`NO z1-RUKG%!nH|1)-w9Pu8&goC*NwwtgnQBXA9(hq6zp2QXCU~}z>ht~_CfSO$h^R!Ga z4Pm(uNZXsjd2YIFf4;Den^rD<#kRZzN5E1-MV(_@Nv{gU+&1g9Djd@Zd7 zlW3mFEA6#XGW@V!nK`Q88tA81zff+u!J$j-_Xt)qSHIOE?@24GW5$AzJCP#(YMsWC zfG_}Rxk}>uZ=MNb&9;(L+&Aix0pC&Yt8b3wyT(Z~9Pd0b&St;VcbWwDNX^3qQWJSA z@vv^OrMQipQW9T&+f1SsBh=3*qdmiu8eJxT#Xp;m51r_VJ1z%^=6P1qMS%h4}AipjLCpo}$&2+MQ z+(OTWCHYS``FyG6b6fKdY3|X2c5HQNeN>Q@mHkxz`Qy-C8<|$}dj=1I!Bv?Kfc`)F zd8`_F;871PqD0Yu|rLe<8Ex!!DRkSTCaLJCM%g5dVY z(2W53qeCK_ouuQ*^(|%UpThK=8UOTu4E%$Vfy5lrere2lFUgaqactzh+ZRCb{=>yQ zPl>?|9zM=O)||#B_G6Uc&}-B4(wW*`XBZioQrV+q!q;vOec|To_l+!+adQKM%1Nmt zxy_Q2hcv*6;l}r3u5*~#2a*Ud0-om8)lngG04ND8D{B7aoge4GHhq6eU%G8=tMB;%9H zn(t25-&^1_{*RK=E-YGf{^wFo_CNNwfmo>A6aQ@PT0{M{`Ynm8H0f+}Z;tU}rl|r< zkqc6POOF4x$UZ5cEQ%=*?O1~d5ejHkk;Y@p8z^P*FA3{eR|O;aJScJSAfY4OWP&{2 zTAL+SxFmPe}A~{@SC=x%OG!a0k^#jw@^Q zH{73#nrej0#E)oj%%AM&f4uA42eF%&s4lDRIK$$6PyyO{CsC3+cK2mF87HrG{b`0f zG52PLb8@Bs5kUY)OzPZnolL+#I%c3u`qh=9rvBfPal&aG8V_^~Mhk-n^m~0vc66@q zIvvxHP}H)LL0BUj^E8}6y;SGz-srt2xnbU} zR#s-N`-C0h`C9S65K;NbBS?&}=yo7xs)Cp(g1lYP_%R)AqRWAUDFz>hd|SO)sOSaU ztqLIBp^z#TlBCC1X(Y(T-^n`mZkT8tRhHGQl~pq%G$*XGgVs7}LSycw&g<+*R(M#m z->IRiza!u-XIJd>Q~UgU@823vFF`_}%-LtZp2OY|wL&kjGtM?gV;v+TDOu^m9OGhP zARZL7ma*Hv+4r#yTLLF!9^c#6PekD{NjhE9=ztTr!bwyz@pWn|4MJjVJi;QA&@l6p zmFep1f5d~yuroDD?gLJ2B-NQ%B20MPKtbBQFzGXlkVuRG2ZGJ8{CCp9yyzE>oMz-| z%cgb%T^8#TCR(K_yZP-Kkel=XB_@_D$7Sn<4`(oVP{hY^bn43zsz9G;Pl|vHu-HyeU+Hkjd%(N z>Huv9t{RHm)~ux^85Im|jn4;@2X){|RHs_#Dk`}2ZwN74Rt||f4$m$_EZp7M`CXh` zbX;7N9w^otv3!p-`~u$tq(MFeWRmg&UfR?9L`^C1{nCNAaZWsD&(|7!k@cZBxOk*! z2EG4nYsk=0xq#8yuWc85CesO|GA;^Y3c@uNLB>3%nK8sKu|GfOdQ9n(Q~i0k31GuzXM3%*q8g$Sr|cmKk{p$m1z>bd^(3Z* z`_G^7XMYlgUIe62^Y|2pOUHB=m0h!fEE`^a;J|FpisKQ@Y^JEu$57c_>8=!bnq4hK zRqUU<<2SD<0{YeZcY(_EUL{J#65A^)S5U5CNw**Q%&r~Kie1OB_KQ(LY%DbZLN-e$SzpTonSTY%z7u%6c}~+4|eh7 zJ?3)Nd*<=?m#T^#E!R-%cmwaHGm;2tl#DLdN%}^A6?N_>UjAE6DMlmv*KM>M!b1vt z2i~QhpY%ERX9W0Hr3F;ac?;kuRN6RMxZ2wdv8a>Qj&6`$_X+@EzPAm~sTU2_=AkRdTYzYK>0m5rz*q~XvLkpQ!yt8Fpk0Rh zUZ?I>0sRfG?6K>gzE!eD2!kxxQQCB^zA?l7>d@dW_DBTAO>?_x)F)6-|2YYR%mz_6q zQ`hQ<#WMh_ZYwGArQG$V@RQ9;)O@5g9pVmgh~|mhQHj}BARUm>|5?}h{z*JGdKa%r zp@)-2f_kg@4#lVsnR-X&tr@-eG`)oRK+SN<;wjA8c+oz(*N1ft_Wo+SGHwVcb_*1A zt_S27{)Ni$hc^#KAGUr;0hc2vk|GZZ$jqf z!TgA~tc;<-Tc$Bs>DkFd4-WcvA7&-}DbAOw906j0(d|S8PPnEYi~IKBIy;6u-HNdn zP9}N(zD%z~OleK^JBnY|>R>CRPoO0J+mc?1WAeNjQUn;S_20hmH~Z?d1I|x?Yv}Yp_$@{k z{0`hKHR-#P?)MM*XQ>)EzeLiN?-eM&xQqA67^yIc91#77`~%klq_h`j_ZQ#${ivVx z0r;MTUE1{a-<P}p(Z~)9{LlXU=es(s@MNiZ`?@pQm!6V~danRVT7F!~v%Bq zHqsx=*F3+qCL4s=eGOCJmRd?J^Ldkci{`ykBsE1}eHO3y7f@TuKLif{^2KEF!jfXN zxSq1I;X(A>;18`rmVVmOj*In~Z!s_Nmrh>7555=bUQ!h~1{i;g3HXe^sVP`BGHCJV zZ1KleE|Gi5Xf#);4T~N`-*P@bxjnjGyuLy13}e7x0k0W?c9aF-c>i_JKoECByOCwh zmmfdbyg=PJkBjAeMvfmn7VZ40pUrgU^;osJQ=V2i??yEYt={;KQ-1wO?9GyXv+wj) z-hKIyjxbvB-S*I}p;(S$`vU^gI~|dO5P^$VrEekcCLJ-UUI0IUKXuQO_wWi%7qljq zb@SwnrKWkapGTO2w`#XELg(2l^%sucxq4w*y)|hGiI%i?&Y3l{#oEQo8O%R6LfDS7 zCmdA}bc16XrqkdB9*!KPfFapcsuN!h?#bPY{HVPh(p6Ft`2ujm*7OJN#-0Ub6#>p} z#Ty(?9~-M6#STn$6B1gBXOwbXITELva%VUS-Av=%X0XXy^TD-TR#jVgHeGdR$v4Vb z=tU_dJu{PBY_*QIi6w@Mp61ue_eL@6UKOfF){H%>EpDnGIs3*p{fav^Ta5f_gefoU zYs*{6B0=&|S_X!%A4l3?y&sNg57A^bFnM%h#9zdr2m^$>p=xcugSp#sPQ6MF#d~zC zRGLW$$B;`Qb#8hSZSGN@R&8{BN?u{Eq(ER}bq!02#X{i)NLt}1pD%{vPWIukYjh-DVObb^zFh)C0|fEKsyfyYVwcfOE5gqj`5#avSU${k0}32x_( z5*?3%9oy1`+&y`Fg#V)C=e;l?eKwuF8|?&2TB6bgjDUY?#3M%G(NPy}Q!H@f3tl$mZes0Zf?koUgFL#&)UQ4zlZ9 zJMzL86?fr^3C(A&IwJ2u<o;e)sXJTMzPLh4I)Py9f z+3kRqD*n0E_wu5?do=fy?Vx^Ee?}ANAONGFj2QHBWICG8yd0ol7mM#P!DZ4;!;)WH z!%5;qp^l|==%IxPmc9Q>NKYC+xMHj7z@%fh*7tN+zw!F`8lTfgl0l^j=$=p3ZgvcxxA3Q+IxOuvHKK9hxLuhO*IEr|YP08dzIJD|>CCUQa%gAcw!^wppTX0>Yz0 zkW^k*jdYiEb!STL>kTD;p8gCL#OH0AU7R2~3H`lJ-!-c0px-JFAASQQ?yP0ydgIRmslVMA})K!Qy>)BMO+uBC*e4KjrB?LnRvxu1<7B4V>z zi^i?IgwbISvF-!3M4w(c9Mqvk2z2Zi`@=$npu8T6+n%Zb-yS;+!g}8wpgIuM%75XC z+}%7Q`HQ>1fz)9C-@0b6FeycPEafxr$m`Owq`uR*N=1?wqcpx$!hNK|p>QwF5~OGs)Lm&21bD$_4e+lt z-@Z6^Ow^&Na_bA@eKGfFsv`5z4UD=3pUT%NuMvS@lt*kK4ENPK6Ht!mn>muV`mFX! zF=0vw_1&Ff!F8eJ13?17cpS@Yp|%z^4`Fh~N!ULO{zTJdm|mm5-|5}#!cdu9)l?5g1-BNr=Yv%M1ZKh z(ahoO;UIc&VBEMRX>>jPwwos|1d*9qf&W*6Pg`WSwJ~NZflf=knyK2dspKt|!A~%& zqfH=^)3q&UJz4@$IP{F$nNs>H0~3G?WyU)5BeMA9{e`2wR-xudX3g3_#NHdH)@>sB zxqLNWK~BpFvc|(kq51Vj2h1INt-}D_N)|Ia9bff}{XPd}8j+C!55}$mHhHjw+EVV~ zQ%zsNJoz|7(`x#!yu&O#u#k480;9pceYwJZ;V)dTC&HI3YMjm2JZ$Bsc&Ka1f;`uw zuk$wW!%#I2uCvRlT;c{hQ>tIL!Fyp2%2X)AarOuAxzjw-QP|xwSnIr+ie!9k6~s4v zR%y^BZgKuNO1WmZb}Ikssa6SWKI!p_tgz2%g}PiIzL0kQbto1z6zIh0pa2 z$sEUgqwksOO>sMJOcDv9#~rF&p!lohS8S^Tr>n%sHy!}?tgwbt@31a0HWY9Q$){TT?+$( zR0M`T^PcQ=9-1O~s1D#F_b}JEIL16xk4}vp*xg4x6>zkMhIV0AzbfY$~i9i2iQuuR;`5IjOxPqa;*@i^fVbS)zR529x_faks~b zlHa|%Wer~V2<#KSyGa#bizg*?1Jjb`X+#8@!9$Ha=p$0efk6Zsky&gzys~hM&z)8D z4nSbHZB~U_7MJ>cc8dkkZhZSfJMMsD_uoAX^PK-HymFb{Yi-J6%{hm~JBj_yy%?FO zX|4^^z;ZQ9U!?4zr$irw$x9|CosHA*7#tpEt?*cY)aUh7`}I24wOQ4@GO9gY5PikL+y zN7|5c#7pWcJ0tzn41f`mhZlZapf)+7*!5l>B_LUt&OBJ}l@WQNRH;h#U~I{Dz5g;a+P<$|wUr*$1gL%u7w-@<$y6!!s zt4cDBz{{mL94;9Eoll{*GZkHU-XVV2Z~HZY4o?vtw6mgW!m^3aM*iP5{ypr`UOF=y?^Ywj)6w#9F%n38VOs zL06~GLZYSPH{zirlN+q$9T621lim_r8vQ=N=n%1wt+K*Z$ld{GiGglBT~; z9Cj#P@L4^)cSipU+Pg_e-wC9EYN_4WqDErV1!OidR zXReYDg+obr|33B!-}rs`Y8ZF4(`>2LS)*z9GA5|bS?YsZ}HLCvwJ8bF6zeV zWozdh9N2&A!oU0+el>@UFYO0Bk22;P@gYOH#>acd&CQUqwM9dVO zlxpAj`H?+VOO(A5zGqaPt;Rv0On-g__LrQp*Qq;w+u(XwrQ2`vVoQIyyl;o_^E=3L z;eHx2L#q4fx`n=Uwq)8DSf>lOanXZDXQNd95>0H87+2nH|K#1j4W zmj7%a|9k)c$LF6sdX{95ojph+c73-P=VW?UScq^8aYv!6R19@j^cIE_ggpQ|a-bdl zBS=A(EDULdm<9~=pC5bVa56=5E?s!1RJ6PI8cwHVEFr)j=dv-8^O~ZJ@AoK{EWIp4 ztmJ(1cs)$4@htgI_FUw;B8a_~t$5?6dc? z_u0>Lex~5Ml4>DR!OD7!^$pj#PnYa|i8>bMu)aAYEDF1m!R(B7l!JKW)TWsa1)>? zShXC?G9N|ucYG^;{;$3J<8^#w&ZM{B*CxEAuX1Wt<&`2dHjyR7(=OTga}(#x6nglu z#2O+x8i1v5&MvWobXH|ReP5IM7srlWw0ap)@Z+rx_My}k7$y7OAvHl8n3dD) z27giF{VTh&oB}qZxpSm+pFZI~o<)1*l5O#2jpiR7>|n8RxZ&u}!KGhGEZq(^Z$I9H zS4`xKsc3N^NO=Bpb^iV@`MzXe{ieu=kw2bzun(3mpVarfFufrCq+a8wJ9_;b$wk*k zj_c!YIWvRK`FC;)N>>E_qHgs+-#S}6(R=Y8l~Bjy-l`rnz}8QfHhM zZ6C(2`h}etcGje3b2S~&&qBqiK>-Iuf|(u(`pLwjw_A947hn8xAdvI>%25J~p#0S; zDXFAE+^i(WEpMru1+RN zRI`t9f~$a?o5yBm6=m7p;TIs*{*b-(+nCy|3h~xfD^HW|#GLmgc{(@UkjZKVo^G_T zoTY`k`~u3trF{XlF+Zp;`U1Yi|E~4J@;l(Y1wuaTjX0V()!VP8#Wb;*k|SDw^&QZ-M_w`o=68=B_!4<6QOjzNOy^`3$tekaKen?taER&<+be?j%n z)|D>~Y&YnB>?jSy+A>R-UJ5-L#p~2IJ8XfPq)gjh9;j-qmnWrF7FZaC<87Lp9E%xz z)VWNW8OcN1Cr6Huh1G6FK&eWHObop83J8ZtnrVX}1+#DDAQ&;guGN*^)o?JGJtgoF z1Gt_?NKR#zTUn`CSuE!3VPMb5g|2UpJ2>vmwm@DQwMQri4*bZf|EEp<$JQQw3Y6nD zT}hSaZ80g-s!LXy+FT}`FJGOzYDlRq9`Vp}Y^^lFdZM!F4U@FguHskyg?Ja1C20XJ zlg}?BugYdG4)xUj?7dS11VNL6gD23#Z1m-bg!2OP?@sE}?`jzUThWJkq1h_7-`^*b z-qv(r_FWX->j{wngp8q;QooDNt|w@P1#343IGdgxB^zA1`0UT~yT5^mSdbpOSdzL; z<(g+_z>sH#`~zR(*aCgn&k8sGkRt0VmC%DHkPyc0;&cpg@6p` z;#iq(YgC3}>c`cQqW7t(R~eFNgxq0^U{eD=l9V83X9i=y#H=(T8Ey^Uq5k|WM^hA_ zgk+(L`HVZ_qR~;pUK-(CR~Xbr?vR;LmW8vaHggf&_~8R-aCI z{hFk2<&#u-J(=4b;idoarPX`*lS4h--KQOlJNzScVxsDt6*p-r8c+4qc!W%AHhp|` zPG6okuQ_580SvgvuI%dw-$H-EAVNYV$1*M6xwDR8bG|bOaBu}6bq&6SLDmyhE#Rja zG;M_VunAj1n9T(f${wB1s`sVg1zTpco7$|k)-t?Zm!J8~4&4%TSe>YH*`}8ZRxLy{ zC9CSZLcyu_2N%C%6k-%)1!0y|W>ieh!Z)Z_|Mr{?r^%Gx1umVeV}!uWvm7)fnnqtt zd*1tQz|vr>QHb(BS-YwGx*V%%K?^Vs4kA52991*5b8cp~EMB7*J+wlgfR=BUF?m^x z0VW~WOg>}q^$W-Vm^PgOgZqtIJOrMp);HZ0FcS&EngK3vJktXAda`Zf1(RAvS@%uN zqIwB*^ZJ`E3aZ^nm)!JY)hEv1xKXMGeC>MVEU0gpmb{Fkgijb11eQHbY)V(4H;q2KD75XkNjB6Zza za(8>sMctjxr`H$ZbxmcjRysqOmUHrLkulY-qutFbi*&LwG|w`83JF-cuaXZQ6$9e-M-cflvITveRTMAMz9^A)q#)$nJT^6DgUjOG-BF!SjR!_oue+k4 zL)x@1lir$5Qx2Ut+tnyvAOA5X_@0L3Px*>zvXotHK@e; zVd}LEbTPp9j#EME=9kq%g%}TRL4(KM;+gO<-kLuTYCay1x=CrESpHr(t5R{?`GWEV zKKI$FjRNz5%xS$?rz%CSG(N&pGByAp6j;PiJp{a=ijSFL(?vyJFtHnKcJ5Ss=B$=) zWk((IdhB{4>mrm{S#v}b?LG_%1oJH~^3CQqlIbNO?H1zDQ=TFgR(eT}vZQ&*7^juN zoV~M@*rkz_MDff{rODC>>#7~(P_252{Ugk9M-7Y>LE$$-vrr^maziV;_9nSdx2seb zEQ3_ujkcmOxF|hbA58xr>P}B^QUeYu+MM^$WYkQ4v`((@Q3%pV@ey3=u;Ggb!4Lp6- zv7ya>wTjRbsZ%?cFCWv=qu#wbEzJ?&bA%*C``}Zq12P`-q`Zb5p!Z;99P9oqK1Eq% zS}JH68L6opPjx{|QUWqz&IvZ<6Xs39Wp$gYZ&yn-eFMGkN zm$@bp{Mj$K(nZ%}G2MhpYWIs9152Hu9^@!YmTx1u0bj}6ySEMblIV0YKn}X?AkY4w z&sCpPDc)h-kH%#TwQvLt*SuLLpX8jgIA+wJ?q93KVy3+|Vgk!J|0V%3r|J#qttwuz zu96tap6=Q$<$`;wT(tdC36r1MQpjJ}Iq6D5(=|5SMUgHIpGzI}!>`N$9&LW=sYp~B zspLR|OYE-pa-{N@6vD*KDJ7cA_#^Oj!CD-uw?dSTFLl^>X-dKl96cQ!eR|Jw(`hH2 z%poA9Iju#D)Uiqml+nIGaic3iNcxx5Wu~sZg(Xkj5~-_fs@X3kiby4_GE&;OS)#sv z-6_CGi3=bUE{Kh!T+hGt_)EQi{XJ3|ZLfil>31ZE5FPdIWjd31IzI+CCB2Lc(oUAN zc={py_KwDPw$uv#1S=e-@K*QoPdx!DiB1``K%);uZK&=taOEcee;2L%$gP;Py42V zh~=Fjh;=ZlJ*3<}fg&27z1_%k4Te6zO-KCE!f6yb#qz^+#azy~hE zQ);$HtFBl&wpf)J!&?~U5j}N;Cp)`MktmxvZuLSn<$-xeqFD{yb zl!0#TRaw2e;?AX`e*Q;zmUx>kCrz(4vj}2l&lNZ>^)^rNZrt%0%r0MS=xQb+iOoA3 z$+ug;brd?S;|jhoAk<)VIqN6}-*^gg%iKabz*ifJgH7iO*mN<-SyV3rEFCJauBL#S z`^p&7N%FjnEtdj*{b)t4114nyr6@<`vQTEzb&se|B=-*5`ljjTR1=S01Tn-=`Xo(k z4;S62%^(7T7HVO1bkrROaqmxeNf_QJ3++NF8~s9tQPL ze5kK|+t^b}b~z*Gxq&qCwMvi6w%q3Z)^ll1QCsQOZ)Icnouq`hw{x$f`jn)V3ltt) z!^PQ;UH||vuXzB1*Aon{AvCRhWejFLE}mjQMt%KdJ4XfIe3vdxSa|bupWR4Vo$A?i z$*IC4rv&*ts8#%&{qsi7j-d@di%ARHx?7kW_ zjpAn30Hfqzv3%K?J@2I9HV1?>p9Yw7Tan65E z(C*c(b{HV9Q{}OI+nn5Xdyd^LO-hmFVNaSI9NCB=m86U}qO0r5kyM|_3|q3mV(Fd@i6a_8{<){6?ryQQ+Y!RehFKhMQn#f2XaF*8NBfC zIa|nqgiE!>Ow@#P-d^yy*ASg=zC2B2=B<=vO%ggSjSAM9XF0^NMSG*3A$VmgW*z+A zx7`mSQQ%`yZa24NS=|g{z+F;cN@^~3Tzb>ov08U77O(9-g;^jQvKZ%^3bOI95l5U0 zf#6Lae!k~+uFxr&RKYv@t*L|+OVW`3a=y>*(;oTdgy}8Yx2zJ%S(ZwU?%tbUM9BlRi~NNci|Si|C!~%S zaN%Gmyo>EpJ$@_2R?+Q?shCPZnou#t6)XsA!MnRWgbG?^3d<3rA#Lf1n*wA{gb3qB zOkOLalJAlPZ0gugwI(#Z^J6%J$=A+|>J!TX1r%X7{Lzgm@>)&;?m=T_jRebMrOC{# ztrbY3r&_=&1oLr5M(4Kg*EY?}d8J7p^wEjTZSdxKb`r-?v(vD7)2Z$4dH!tfFSlJk zy?y`*vRaS3bMq>hRO$lnR1-B#mDhpmVD7P(2ll7iMg^T zj!id^6N-zK*HO;isaDcneSS{P|Mo?fds^TEoR%6FxU%Ok?_b*De{mfA#h^Mt>$Nx2 z5@Z$8Cc08o?U*-jI#cL>f6gaKNz(Yk9@v)#pY*-fHFNak>`G!liAp*+8e*e!-*j$U z)8>_Wk<>E*meU0wd47}ekTWY?$=;Su0EXS8Hi(o@8E{j{)w+;DBcC~0=-GtiL#7)H z+J(0@ioQ72k-Op9>T_B2MZ{`ae1>A05~^e%m}I@G>{r{j^A*xm+Zh=OzSoq+M*AZg zBr=v&cQNfS!ueK&rmEJ3_$o)13RL>_*I;hax9Lx^W}S$T%^i$fFDq5S(`Du%ic63D2VEA6n*`Kl|P&^qi=cLZbvA+LncG<4c+tF#N@PaiX2 z5pqq?1aDT5td9(@9el5AeB0~zcFvmepw8?iv!JfS5)0moj7*n~V zSy`2D86FHswvD~CDt(2_?*!L;-b|b=(WTx@8|1TSn}Rx-?+VXQ z^LRzLa=wCVPIdgoc9H&<`nzsrF(){EQ@qi!gbs3xPJ{v}Jmss}ZboaIpRvOT802)~ zGx81+#(=dxf!Z-^kB>krL|s@L`(I4-KV0gczq9!Iumyn)cS=&fhnDSirhjr9pTJu6 zRnNX6)ja?9luY3;W|_=IIl6(&`Q*p-nzG)SduyD~U{K97QkLHCI()-JRS4?fC@ko0 z`3+r`0R_O@N#wCByx`%8eR5VA-HPa=S!KrC$pMtE9T~upfr+x6C`G!!gC~+ z&tq*OEy3Fue<#pu@x$V1j%J*9^O$sk*~~~Ro9){Gtr-eZSQVneB$-uspux)QQReln zVS^Au<;KCNY5<%h-1wM%=j~6P^j*odO1eyY+rEX);Om#mOpOuOwa?b=Vt7Iia|T(( zT9pL}6|xG)WYk}Z#P4%D{sylQkE%!(aiqwkHL9<$ zTblIc=L9YR1*arrzD(;EmB|ZX%3SUQlFlG-l{Uq?=O;ZslY%HMP{+n$zDT-9w9vbF zwpJ^OERGIkouQP~>Iz~}ys8=~IGvufIiP=4HtMyq)+o3MFCvVs8MHqU@BEooguR+m zFK1K!nKk$4K38v1l~>Ctug=l9Xl^;o2S!t(K@rnMYqK5xakEQ^wo7mmw$tZSmv=tw z9&?jV68EK?lJXRDKH6S-C@S>)UUP4Kk6jBaDlaiC0kP+{Y4G*+5lU(d~P5*ia{JJZ$m6;UF zq6G5!Nq1Y%6@RwPyLEURHnKWv&fvB);e%x`!W&K^^{~nXK~Jsge!sR-A!HRB+VFI4 z?H$QFrz1~`i`mXgE7p55#G=0z8VjF0q6!>w`%^haGPLEm=?N#Eb?kn4ntw(=A`(=@ z1YE9;coKr?aLc3M(@@=dYiB^Ok+mDZDaeq7o=nq!NQ&Zq;jX}x{7&6Ak-b<+c`*j2 zLkZhMnMkKPEb2*!?Pd(B80&@U5|*h4PUWb=**NPc$f!PtP!yY4W;DoU$`)r>%?Dn% zY1^IXS)Y<&G2y<#9?Gg=6&!Jxr$Q_D*Xr>39wxHc)q(|`0#KvN?2|%hXFhowms!#j zK-~hMoXXmxFs~uPQi$E~842+a`jkTzhmQOrzN@ZTwbWeKR9)dfCJHn!&(@XCFYgR9 z3o9>5)3SKFtlBZZMe(fv>Id6fBw2nr`4tlTvfc>K}d1~tkcE%e<$k`}R&=ShT!iCmYwo*(q4#xX;HG2_bXvL z2>8MbQHwRg_8fp!-rNHT(De#pKHk?qMTLOfoGIA>(YX8rTGGND73vo&hzQ-7K@OzH zTzoVqLaMF3GqO1|lAYQ6qL_HJv^O;hSBbOlns8}$QYY+IOJv;ZAiN*Z8@F0Vr>bM8 zuA*(O)9MsEDv9{mq)U(z{y5lw9{1|~bL|VMNm*?h+ZZOlx_Piwl?PoF58&F3NQnm9LqslRw=Iys;N{-6V zmlGzhrs3*wXdX99D-wmDScT9K9W)js3o=dbkq&Q+NRMbEJMx<3@^K+66m8Ooo;}P8wJd90@DK66{X$gBjKe&d%MCFasv)({kjMQKj=bRI5rfj6 zT^ud3SgmePe=wk><2E;^R&1+B8>8K)xYSc*a^k|RUw6?AugM#ePj_cWbHxhloeSw7 z8fxj*YrLZDqW*~L*2r6Fm*w$0zmU_Pm5#jrD!Rxxm+N{d3)(!$fm~?s<<7@6VMV(v z3MtHvL}yNVsp3srA%6GmRmw(*z)u8_>q4kFq8I><3^GaZ=EquA+N+jGqZfM^e<8m> zgDYH_wLcj;e}|n+Ehp!&GRBE`IzvReeu1enu))l(d>goT!N8!V1iaR3b1Ds}ZhtH+ zQR-rad5qcwBNWQ4CkhcQU%~Ck5FIZkcPjUovsszXD>5f^b;r)B@mV-g*4%e6aZHCc za^tZn@YkVMh<8zE_Bo}cKl$A0yE?1d(}NebB6D?&0L@io#~srlgEB9Ip!sazj#8Vq z?PpC54hyUoJDeCb&l>i|hT5&t28SfnxGR7D>H-A$h^MA(yH0@LxD5{7Kro-wG!x(7 zzOy_|Y@}#VEC#}QF^Y+`cR1%Y!2dM0IGhG>BY@<%*to%u$2pq;rg_&obLv0NQvVVP z68F1L@KsRn=t(HwI(zBSX>d+j1(Ykbh>~o+!nFH)$v^*SViM?la6;X#-#zYl!-s;y zeQiK>h5+vTU9UqYoGNv1{|6lvD3}y6pUC{%yY?!KpMwy5$C(skeTT~B%UTL(+m+gNrY_H?}rFly+-!%yi@Cv^< zU3M0*3U4ZN_t%N`AI>>3{x~>oE+R4hjS_m`pZ{4y0VHBfPTH~m@#uX$OGMxtz%(Z0 zpB?{U$53%H$f~86D-WEG|7PGm&O|Hjq>oxUa7E;|0h>w^4WZx3>flG|-}(X89)kIc z7rN2+5A2(0ZryLdMrY4h`No6ZUx&fJtkh^Um_GrJ$Ep8Jy-p;N31k@>3PUCTbp5!% z{5fyeKm1K*<h2`=Q;Zzp(*B1A^#2{e|7{20bBda;?f!L3$w%LfKtrV-f&48x{F}M_rIFEb z*eac?P!)9k%@h&=%|Lt78x|jZAloh`C%%yXi}DmNL7Jl9lgv!;D4p>82h)o3nLoQ| z>yt!z@+72v&i-V_(MA5>BAm#|@nrbal8f8QL{I!dMhFD41$}mdOK0cEOd!f|mu_V; z6B(SEgk}{$5kyeo%=t*sL3vkua(zhe(80p#XugPFmhIbwrs)c=oJ$9n*m7uZAbpEqZFqM~A2{7S*uwqr%#IIzPBHK; zM}_>O%{WqpX5%fg)2 zzQt5^r~%SvB_nRQYiA!#r5|hjr;M6l4k8?e|FrT$2I{Ze{(na5N55XOReG*>;7a)K zJ5mBPXDlz;JlQ&sulTX3VDzW?SR3-cUxRS4cNh5+djI2*2YCj?@qTJ6mros?LRiFP zM(Or=deAw0`63w^v943c^?JSyGV$c`*(+3oV(a0iFEv%Tx%VtF4I^?T@0OzfxQ%E( zyTXTE<5K&Oflh$i(X;O^uV9R`T5q-(yiI;X3Q zX?`dPk$C-Cc*=W{6IQRWZ7c1k86Xeu5gnr{G6^`uSM)nZ z*H?xMjRhkNH}aN8Ektr_9jNQh4^~r`e%qZQv8UB4Jk_n2o~pB0ZWgS%pmPJ}I|NzA z)?dF%;@uE=c!1kXz@4q4#~eSk31iyCd3ag|`<*l*lu6Ui@h+c6RNg1LUl9R{2X#q( zh-H+30NHVdSOVSTsUf`s3RsVZiTIISbXp&QqCd^y**qR(xufX%Q-p-BJNyQ5>6E{0 z!AG)s5nuNZ$Y4^viGO#!f4znpcM}_r2J;ULCTJ=uDvp&5Jvmjjt>OwB|7|LYqeONm z;=TRS;B)NG=co_lkS>W_;@4SB<&}NVRa5H_Nz?T^4cioQ*cU#LN8qr5aNSls7)}EO z9PqkCQ^vZB8UGHlDab%H&el6v&Lpx)=2#9+?g!INHn}RV{5DJ78i&0j%OZ-g2ikUy zN<@gToK8Mk`43@xb_n1Z>|VQY&@PGJ*EaDP;HfyhCb5b>*y8^PS%VUwSKaGv;6D{Z zy9-b^|EFiA4-dAQKi+nQ5%5ferJ4^k?SFiE@e;B7XZEh`Wj_W73#p{r4jgX_FStdfpY6Fi`KgAVMIY1KAtZoi?iM^8Up0S3Vk?O}r1D5` zz^>@zc^=J^0dsYgVvFf+&$ah`r6_L^akSn)S(6Rn? zZhlBuc*ta*xUnJ4&l+-x8#Ok2^u?3$6Z^l6fV&Rlg`2V89VG~Ur2VK1QMxYcC6aXZ zII4+)qcm`AGvaQ`V7~i)y}*BcTgRnJ_p9xZC7~ChfALYFaK+VddXj5w3|fEZyZ${8 ziqQmBpo;t2A^%dF`D4HS;W_^6vqS`lCxb2IUH$*iopYCg$#Mv&{HL@(=j#Cc1~VjN z?01v?+c-_FK^178%1LOy3-NE$u%-s)j}9WJ_z%H%_c*Y^4)$gDzuOD{qb4<4K&+y9 zyQcny^3{Jr{y+YbSOKbNF`E5b`(E;YoxoxPVij%g>%$s@q z?LN=~Ct+4QzN7UQG757ilvh22-XjeDO%$t%TW)!|`P`LLy` z0o-V$dyF<^AY{@5_JH!~sKMBq!Crb?$2S4YgUuSiE~FAGNrn%@4iiZ)!aMImxZMQl zh^>MTqXk)X+|Bf>1?}`7#`E%kW)TaamJd9KpZT3oFWTH4{PIC`I)fROzG$;TM;v5j z31;7Z`bTi~38DlnS+xo(VH+@|IVx_~CM*mzhpZ>`^Ljk;Hc`{8Qe@N|fpFZes$I)k zS?;Fbkt;-!*Yxo1i@J$w)vk8q9*7BFTyv0IJoK*P(rAg@Z33n*%lo{;{AZS>u{eR1 zs)&v|66gb>U!rl-X@i{Hwy zUif&sHUn@W0qu|L*%50U5 z7q%%_VC|x&$v`;Ob*<5B%&XQCtZrSqt7%2)fvB-Tfqn+}t>tiK+874ndAMIo zP(X#l0=Jvah7Y~EQ`#BE(pR7z;$yxZqdt)v)z;3ru<&{i6sG+B7RvgDxe?QVuK6}f z$V0^uG07;to-c}jq-~|W@p^Atwrch45t5T_HW0#|gEAZAz`#J$Vhy^rD@(Vu^u>!8 zQCt=()u`T&uEXx%7#xC+TBmj!IEByH2(*Z(AaWsR7 zVwp`&zI-KAdVB@+1L-gIreNk|TsN9_7CLS>xzwVQ&huNUwZ3r~aVmR*D^>&;#3T+A z%m+9b9fx@)*n-o7DIQ}0iR-1Wx@mg($=`Wg)Gl++?lSN%)Yvr(OkQBFTkH3Hl43T+HT*`%W-Z8`JQ& z$!9@`%sBBjRd3J;6K6ZofUJMb!LT1IEkyZU3t-Jl?4$o&!CqNp9<_MK%lP+wb~arh z+IBd(E4OV1-Q$PGpP3iA^)onna(|9vwe24-&)uKk0CDyBpNMSDijt_6GnLlX)0N?> zrc=GJ+w8}`^bZWRPy?PEpAgwa9^kL3M}9DC4W%4foT!rX+@d9%Bli5Y zYP6GVgXZ_zsGKFhGgt6VA3-Z7E^xuHp4AJu1u;eNj6S7~B}N7uVy7GGWm&Ue`%zw^ z<+2~0&N12?^s78_%V3v8_86P=XB$KpkdHZP{>zErN;W385V`FSE$;aLPJ+N~1#m zK4`6>7<3;L=<4+IAf?N*NoKt_XN3iNo9~j=Cx++Cv>;7Gxc@RDrT41id{C?=q2^%C`*iZZ|IaVSL)kj$J2M0e7 zl^VBvi=-kRXVb?JQHzc{n(ujiGry^M><>ab4xmVfUr{YNdVLuXoF)&e6c``RFz*1j zKvt#BY~`5srBd$xa^m878}F4dQmh%{(V*PgWr>aMXXph{J_NW%nQ!k?5~%@jT?T*? zvShbr1Jzz+gFgs=)!PMV{xc9c2qg%`uZX?Ou#m-QA>T(P$*_|ufWB4XmLEH_)UW@ey=48w144u z#_tqu!f?Cj5Jg#`nrU}VL4ww}XJ1fHibLd{!+BwSvDT;}IBv3hC3x(LZ%T~0*}8TS zte=Wq<2>l^3?>rM+gN=H%!f>KT@sl(vN|*w{?@ksfQ*0SmO!y0Ic?;{pgm}}Gy3q> z2$R?)E3kGJkX21lfV8jw0zK(v@(z*T7!o*o{fXjuZXI6EZYaKNp-SQLVkQIOlK6VL z!3jG4>>I0qClm~18*YcT&yjk~(Slp4{W*19?+QD<4X&A+Rh*tcctKn9DI$n8>4$M& z_4`c@WdQDe^{ne?1t5^L5O7nYo&?}k-{cuPqHfw;yWj$LVdT%j;7W9LdqHJKsdq{J z_9NT6MLd&GgbsD)S|y z0=->YalT>mb5$_6`K9vJF?fJ%JU`_Nr;ewhK;y!8+yx+_T65YA^F9}jI&Lx}A@#Md z8rYZ>I#bEb5{~-22ZtW{M?sOQq{q({G|)DAV;QJS7m4Lb@16t`8iq3@eU}JUyyHc2R4zfUMmSA`|{>o2JHP z3S7c2&=L+O*a>dU&TNbqbs3{$Pjl9O)w=%a9wev7dCUv#KlVFIho8@Cnb=@HoZZ_C zsC<1~8meEwYJ1xxHHa^XcWj+1=Gik0~u#Vu>Zo9~`@xyv|7QzEcV$>a5lxb=rP)2KcD z?CP1W(Ab+sISah>*%Q`7>0``fS8Rl?n3vK-OhBrdi(mEJSn^fddaPnrpr<_3y{9D* zzdN<(ErY;gx+=A|U&T1ozJ+&oM4w^9Bf}bYnuB8W1jKN9HvXei0>&1r3>Eh`8PUth zYIo-0J+JTVzliZfWQ=%FAKR5OK0Lmp z_x)XURoWYmMZy3xL*BF@fKy3px``T=cj98u@Kp$hZ&ce@wVQ*%#`Jxri9F+X8A|FI zsi~>Sbx^_~-})YKA-nQfKB*&$i>5#>qKlA><8A?<)lm>tk0SzlD9_BE0H-CR_r+j2CTF^Iz^-7yz_LX7V|+Xo8L}j=rj{~$>9CL!#C}V3ZW1~z4%VV z?!*56yo{@AT(+kD#t}N(-K&>&t}D1w6t0A{iHf;9@!q++`(@3k0Oh3Zpt(A%^T$G_EY6+^i~hBIiPkxV zC+X{3U*#Ju!lZ*!;){bjZ3u`r_?X%wjD;`?6%D(VtpeoWid68}_e$G7628$FAXOf7 zJw<0uwYks{K;*3hkezKfG2wx_HUfVgzdjKw>|#e{o=Np3L*)$1QD22D-bii)vJ~9t z?rECo>4{#SAQMH@ZU!%c7I7kF{u(OWrhjm-*}4i5O1Oji$~avpU3(#bD*Q!kTi3`i z4q1`9@;R%p)ZD9SCDWMz=(f#onDPjE_9cf_7PENEoZ=MtwDyP_qTyGo-_p>BiN-5d z?;WU?TRY;LRHeKT@4O@gG8DN^V z+$uuuHqLlPb*J|u@@0LC>0>M1i;iu6$bsOPhFlO;vzNPLH~mzFH$=Dvg?MRFWdj#S zg~$%C#pcB+l{F^xU;;yo-X*aiXY7m8S_-pNRk@Zu2h$2OrH<$iK%1M|s#H~>pL4FA zlpeAcVC9c5t(>0Ad?nYC33TRJnS~;i6-TcwI}2P|c7|Nzr*qH{_AFTrt%{Aw^xnS% ze9Q%!!mO_DI88Wz&rh=|#v*IK5|BRcz0hM25Gt#rIpBb>Fl^9O^M0?ErMqZAMKdz6 z1~;gwKbWn~nt==gSBcd72R`pFi?SjnTsO4E*Jw=Y(6|kd=k^Z| zWWxsHNKVoy*@c*UZ7!(3$Yqrse;#b^Fg6TOUbM~OSBgZW{Fsa)eat!XQ%5XayZ3JR z%llabuQ%<3Bd?G8DZEVE#0tZd`DxC^7u9znEs9u0@8|TjG6ar($YQ&dyR)fWu-r;Q zCZQ@DeVUD7$HWmcoFZQ~k$w-_Dy|Y~POGqJI7cTU!=9?-aJp@fku*~IRi)=%VY;N=J7h$AQz3)aqe;y|_-o&UD`Xc3 z9G7T#M9V_PXQ`!w^DNS=VT`J(kJ~c2*z2|h0I7AujScTEBiyYt=JFWt5MD2TGi3iQ zefcAxe8-Dr94=(eH=k=O->`wcLdQE;x85sjZ{Q`NcYF}&w&-(@&^Xi5{K4;{#;_c% z1jFVF|N5Q}e)JLKEB%H9G8`ttONY?1f;^NqKo?FxA7Ky#RNv@xa>5&Gs1-P55{oAn zcl*Q~KX9H;3dUtzP4%oTlO`UQfNnzPX(^h0(MEXNG<76+%|nQ^3{Pk!kaa=m-ZE~s z$ZG-;OC>oHwY z%mNsdK@t-iE0N1$*S2IL=JxWc@*Nt1`469J65jp`yNSw~$Zmqp#srWc>L4n{Qz?e_ zt9C6Cmo480c>><@^k{ZW@2JL5Hh&LwEh=2C)KVQ#^;4F+Q=}t47H24uwX9ce2J_8) zcA?nrYkucP7fQ}56z1!{4GNdTKzvCmI4yo!idf)#=@O5de1NvG1U=ImvAVb`%|W#1 z*dp>i=@xCM%`7CVsu1+-X7Ib7oiTS9-HpS;{546%=$t+m+;nIT+-c%bZOO`$4XNI| zvv5CixPN$gWo3pSNz~407WM6l9@&Crl|JaV!V~SVRqT-Fk|;=?_K|*(ozdU(a5-l2ZF7 z{~af)Np(%l1m8eoL%nFd#ur36lm)^XNJ}!6E%4|q!geI2<*qtqDtFg(=_W_g6`YcV z9AwLI+-@w#SJX_#1@2`MXFDzFTRS>B>e-Zr%#`yzG$Ni!TJp|n`uXvKHD?R_>57fL z;&oKmQ?U&8)~CuWo~Qyj&rG`qcrM@YV4?NrZ)%(4Q4(DcOb_{$NZ%BVLZ06y-E8Vx zgKqvD>8x?~aXwY;Ii%5<%>^;k5(7A73<=CxTIxAk1{)${|611kAIB8GW%pUf zi|cjI19|F+bh_i?$gWtTI9^tIy+d=fNfTfnsvav81k5E2={&Kzo!ahBoZ?&%WUfcvRtz; zc1=}YGIR7e8iWs^RwJHytAt~LQaybo5<)N&1myPtj)7ILj*U~r5pG4ClSjW*#jK8J ztJS&-$MY|+5kB@dt;Feqtiqx>`_ofVWsTM-)|MjO&ND*p3n8=f9jt-iKsy?qyEM-8 zURou?cH~V%0W#<+B2<}Y*?wI$$@yb21`5q_cYnzJF#3E2rszu9ubS}Q`S_CaTr3U9$Pi4hqg=)8T$J z3*qYnz3j^Im=>Aa^G7(E&@`ab3Chm$cIbE)ib_Q%7{#R9SVmgYBzBeB$>>881vkxR z_p=Qw9Cy{YLj&hm<{K6}93{9E4irPkril>*=x=ClL*B!1d5b1i_&v-Xg9vWJP(hr#qF9*B?*VBR6d@1 z`d}c@e@r)*peTq#DPryfO?tr7^Eh!`ACT8=d8}7OH_Ga?7&r;g?e(7@=4N)%eyz)l zygs2W;B)%pd!mL(wL;^&wWffiO-o^xM`=anXOwVoZzZ2nXNVn{bah_Z)P__jnDeXcycoipX=fn8Fc>U z73YLoOoJtPfC3W+?SLL5yvG;+dY!ub}neIoB9e@F1x+tBh#61f{p_8;{|F<9rbIN^@6GQXr@uguBzK*Y~F?k=4wK9s*_P(hSGt8=m1~$iaBZh86$>8 zVK{2pMQkQOH|+U4m6jJ>d(vXois*`I*~YsP5}Pb0l&5Zcue|vrq((zSW7jzsY887{ zTT(4!(=P>H)f*6_i>|IQ@F@=tkN~Fr0$5*O|xJ2(M0L0lBffP%^v~v zJRkheQjy$Cc@g%91s*)s_V5tg>lT$h?Tgt~PgdZ}Es<7d%UQ`bC zKyKvZ9ec|Qdma=6NBV$Tl+bF7i`Q=H0Q<=X-a1V7;?6Qg@(Z)70yCGMJ$DTfMrwpf zAuD|z)ca;uK+L+QvFCNRLci-ct$rVTJ$O%%OgdMNJO+-+1MnGkPVz23db^{kHB%<^ zc_7v@NT$d3<0~(JX;NNcMZV9S!&S-UuK7y|5Q@VRBO77wHf;v`A+HT~Jem%rAB zZL_TzGz$COw;oXR%9SDG#UX@zkq_I4P5Ci_pH_?8=iMb4ZuL2b%)3CZ7xrxrYYle6 zFyYcLb<+)lIrgn~d@~$m(R#8>c zkh|L%rhX0_*Ijqrma^Hu3lT{9D&E zZ19mYm^4+1$}94f`to+|?Aqt);CRb7t4pj@TW)YvnE+#5tx!zxojWw-p7OJ|vqMbH zgC90V9HZ9X0eqOxY^p8vQC)y9b~JN zbdW@xnrYJcmu(C7p&p9~iw~Qlby2p6_KOGT*P*~kKDNS_?lDo^CvLXitT%yb|_*=_QEyy-E zKf9$Vt(q*lxmeCFep;_|F>HSL^88I!{fU@Qc{=nJzT_#=+ky*g5^;8S?bmdAoUjN| zHmsv6y}-MCnn&Ip{x3^f%|%5=-gq0n>3-y{J+=EzD|V2MOZXP(3whlWc4moGOmw1m zAYMG=)dN+tWgF$RWLaa&v*uE|t!=Vq$5`xJGavGl4>ZAjXyR^*?nA9T`S8{*mb(bF z^Z|dJZQBnEL}pSht}dpJ)~@jVc5L%#>ab+~Rqc3_Dr*bX`@(KkecO)qR>;wLcJ*i$ z?Rc};GH$~X>oo`6gnpLi?|MbT|Kzg%?%*e#)W=d8rNI2{u>J3ldKXiET%bw1fA(Cq_THSf(RG7lr?B2tVHC(xa8bK_$W>Gk;vT z{pk2%I$eSilcOlZ-|omi{mv0mwJB4PE0hQMKYwzR{h*0i9{0H<^dE9R&p!f9$p8Q6 z|BJc(vDW`_VEO%@{$HE?Ul?D*%k>;e=FdFK$UWsVde(K@0S4cBXcg3Mx?lTDS->*o^#~nplL{MADjF=6rK^R#J@=Awx$jrtHR9q)!)XT3 zX}R&5@{TdoqeZs{k`aV8jN9Hlt8%%xZXvli;g@4&lZ;(e?Ya9Rd8RD~?Z!RkD_@gT ziVVnd-aQSn;mgAO%5swHuRpGyF=RX+9&PVe`${{{@m@Bs>DpIVpzAL5U;N8|H;h>7 z!#4|WyovLT)8CnJd5SEAq7*olezrlU{N}bnB~4oSq}WMK6Xuy(hT-b-FmzfM`7ru5 z_)>6T?298iU2X0JU%NTZa_>cTO2b?_E}mJ1_V(8i9B z{C+I!&NOk{33QXR780#W73H@fhBoUuobv>VvszR4j5>z9O$E#7#1*Mr*gJjH%E zJj-YCPVSCmp44Zg9khXgvUCT1X@&f%*bB4ll)kp}KbBH5NhG3v>sW_@4K70t(RUnd zbfaAvPwcC2E4G5fZxWid@^sEndrN#}ZjxMCt7YxYU!M5CRcin98u6_ovySfZD<&p^ z|M|zg{6?H8Fr%`0c;=u;e=9(@5Td01bG_{4U;f)QY(%{6XO;)p|Kgwi+n?Skf%~IS zsQs<`Ur7iEpFm9pa=UEr*vEexO>7jnf3mZi`d^aJJ+C^jbsz;@x@k+t+Yj33FiB~6 z-9R^__p$X{H9j)0uj3LO%j9LA%M@)-z3`nZKUS?g$<~_rT{f z_{m=$es2Swf8ge%HJakMwpp*r%ddy=Go6}$^Ud}1eUX*;lpjZQ}p!@OG6&{jkGSIEk#b^aycc3)5+OkNKrJlc|Qtv9syq-%BtLNvf zNgAkqaO=`m^CSPOg?sd4Ze?d4z#~J?dbym|cq3U9m3$nI5kJoGV+j^q2>nw~Kn$Wv!=?h|BXFw$LpBNOf0d*l1lh|B(ABUX-pz3-`x z^|Y&G0kd~51UFqx zr{$w^^$CF*rucBvT>-axuqoKP#a}V)6jr{n{$s-28qTED8EkpG6WF;lg_v%O?meLb z0kcB9XiC!X<=%|@Uvh$<^K$|a>Ke8xvmJ0NoB{)w6BI)C@~@84JtjFnqr(kDaQ|(k z)V(QJ{#!^PI_TI9u)#5g`}@89k3a1xzuh#5;`(if~(XZo$`0sr8 z!27)&h)IL~JzCxn?*q=Bu{MZ`8|dCY_GtP4bAbO${y&rdkL4f4`2Ml{A8w!i!^hs- z@#hp?;5(fyC&+)uyo=4sZi8+5Noh`9-?|`~r4oZQC#E*|Bh?eealy!^G z7lS6w#+1b{0Rhgcr9bluRA&5k2E{5khj!k>y=#+_o*>OMU3RSze&v`l>yKv1qX~-f z_wPv>7~INth1uh~ySbO^<+Uk+oE7^!z#6N$JVV&Ii`_CF>U*4S%$Q%bkJFH!i^a|9 zH1PbbYMiP-Zp&4uKTTorPH{v~YwMhxD-1x!sC~_hyn3$I;g9$e(fNXt9OgbWRTju| z;jjI?)ms$WELoy@8Th4In1J9;V3r*~h-0bJRVTLXma zq%%4?xw>3lEPleS#|59BYdHEjC@ajnq_iaTwDpAQqo4HtCUrXF**Ionl!pEr}mfy z{p&7D;k%@#u&n*JNcEx+&-S7sTWQq|q3IC`DNeENDDpb^&i1i*@RLyCkb~CZdQ+*r z^yiq)C~V>@2m9fWsNPe@3=ljl_t!{|!nV@bpLeCHFxzVb@y-ETbVW7(&Em?iHa2n* zA0vXnhhok7Ogr=C%HV_Mt_*by@aOi+xb?Yla(GGNc1e)kizdh=f3amMW=*FXYF;yF zvF(Qs)tqinrbB4h_m{!^Sh8$HU4lEw=rJ;`l-8J&1DTq3gM35lG1yv~?48daLmCyv zKfWUOfB(Ka=>2`)>GGS3Pe;8QxqL#acEWlIFJFzx!z=iv0F89L?aZeFqmKB(!ZlZ; zl3A2FoM*8dGt|5Ejc2e2;B$92rzNMVfqv7??kr7;9>QW-Z;6fsc1sEse#YQA*rQ8@hH)<`jNqb|H| z-7Ly=3c*)?y|P?)XyBYbRmc!NhUfY27xFqF=NE$&yoxDMqPP00!=0PSQR{m?ID@)? zABaCt+c!tjq^oAnS`*sh)t?853LJYyn|Bh{jHzsaa2u^m+}V;K$D8YP#U)Km^%@{x z(zAB9wt(GwVm#ZnHFNHQzrBe^tgLnDaTUIGqmYr3eyuFI1uJA=u#AjIhid#mz zaAk2^vyKzY`X&pPgTIgwlz{>Oi!I`s8>kw`bL$w1l8(vt9n5v%ru<2A;j}XY^LcZ= z=S1vGb*iYZ+$ZWNtzc5g+}^MNgn%t4hU{}b-R;`I%;b--=~}# z9hFadI|5KLZD{ zL0;5a$qS{~@PWH5q-%Q(@8UvhzI@((Q$5>hUnQc2%hUaknwmPHv3%hqTjHl2UfzO2 zj+5-sxE74RuD^(@NivzfJY?&xhSRcp?#Oao`CJ9Q)4mo2s$STDHOomlszZ{+_$_(M zK4uy!IdZ+ORmOf{&lyn^>gsxUFt4c{u6*bWVbepPhHhwW>g(0tKg9G80?h|iO-sjw z-&2SBeZ$LZ)X*;1lH`XIv8jvW0KW>U!i8`_R}G4`@9zV3@RwH=4L!)??) zMU{gac<}pQWB+d(rhmUC#S*v~(&!P9sU{Bf7LW2w-Uq8=p;e|2#?Onn-icawBd?j( z>x%hg3d9AuGLqh9r71)EXE576fQug&TQ(T+I=Feem*qoZVq(HBoxG#94qt50XV+8r zeb1c%{luyGs6p47FMOVvnVHMxOqN0_T(?_AQDju57v358AM39-rZZ6Hq}nkL^D-jMX|!JEtGp#oz41RS}CS+lj)%T4pdlTLHJ| z<*%!)M6G+X3@;@qJ)bYJ1Z&t?RaJFo%s|ZR7?Z<=Q;~e^T3cy7@1o>YF^=oQcnP40 zFzmyEaJjULHqqvYf;XxUQ#U>QnuOjMXL1z-5kURg(@JCg7A5>*GBg>6Vn3d@c1nT6 zVJEj_*<+5Zhf}K{XV`fS5|}0PE~~ZESz6+mz~IvMIUYMxfOuvH{t-Ky)!x}jNz^dj zS?*RR)rSUO1)5Y%vk=7MEn&E;%W6b+jgoX|Ex?{qU}W#e8nvdBEL5z%>ve2+_XIZ) zyxgx%V4G^H6xAvj-nFa_l%z_h9Ab(lJQ%QAm37A_dd(;lp+!9Lg&|EZ$UeoDFGkU@ zKhAg)AK?1XcaiF&RQ903Fl;=~lZkC$D)!Z>84CWgW!!LGXja(=3)ivgBBFw)Zu%L8|^ojsQK{&mS26X{|+SnMTFE&xpkpKk6Q!% zTfn#TIqH6XewNB-FU?fq=UK$OfiPgd`z#xoEl0Tf#^rr9&ZogG0X+vkJjF+qgJ|OcSx_?CLuYXaklPt!Lzfk1Z_7(=@#2 zaArGoYiUGqW0OK^b{_uG4GdwS7;l6yydv=z7l5^6UV}X5qarHwgKmAzA$rpQA(yPH z?Jc)yX{C$JUGT{9{7~&P!B?Tj$r2|;nB&sMy4#3>>V|0nW$#ljNeQ$7=%u_|jEFJ2N|9 zi8^O!D9?{)3JiCG%(=1s#y5~#-AQ0SPgQ)9E{1inHiFM2s0TJ!R}+2a;e~X48|ge; z%XHXHTjSi4ZCK}5#lh`DgL z&aj?g(ax^TaE!slkjS{QJbgK!dPk2h*(Q;VopxP0Z$C$sKN7F?YvANFE?+AvM^SiZ z)X)UTN-w*&Xwov_H@5v|r5SxI zlYO|O+6$^eAxJA=CVeeQup~L=>C=G)SLFKp$TIA9KQaCL+#v0IdQtlVo|FywU@wqgR+uDvc`I5`!cy0r8G5{zfngr_B!X`Tqlp*$JtMT%J43_ zWX5AoclR=RXs7M|X8wD@ZT8+X>9Yx1_f4bpDIAvEw#OyKHizE!(+#$_qazCI*&qO$ z*4*sy0*@Q2;Rem&5dDy+H;ma~Pa>tHmjI?!^IIkYx%7*|A;6Sgz#y|%Dp(X7LX zz>Mb?=Ea2YLs67y_)dJTUj0~14Q!)MKI}A0<(LZC;Av8FIrcSfN2wlU+_%4HI$QpZ z){Wiyqo#A74@aimwlQ?=Pl~8HBi>~UbvR3Z5mqNF%IK34OvM(4SXJ0Hp&*(@CMI)A z8yZK5iK5HW7bY)aif`N)%H?BYW?s5g8?<6YuRKPdrB%rWacNewoT;G!N;t)Jpyy{h z(a_NF4bL##u0S@T)0~0jUlZZIJ%e~ADR1}e$26D*jkd$>Lh`s)f(s{&s)nnPhD|-1 z7-L@1cC1V`ZgSgpA;pdqos3VT+G1(28sCFr=*&4>*}1ISi+{MOq(8n#`?4Or`pVd~?emdb(>^8G>~2TDJO``u zT>p@wRTSgSLN?qB$To+(Gtcb%V!)vI$Uu@|0FJ4IML0e1Jm$Gx7OD$+hu`nxs|ZX@d(SLu^p|Yx(+W9 zMduJ6AGLoGs%b!ZM_tqexyj7sV}e}G1o@1l?rgzKZvUe5+AYmq?UIpYh(75-?1gv? zK7AsT-Spilqy{u`)E}l@q75`H$&M)lN& z7;(-}pBDIHe%sIxBTxS-!2Ht~364Ir(lVOMYPd?A7l-+7IrYCB7WNWxOp)uLo1D|vt%n<$IJW+R6Q6DT$n zWj9bK_6%}qZEfB5gU$rY*TSPjSX`HYdX$np$KWiV4-J>Mxz_6XW_4Y&4_|sQBb(Hh zt4zBieam7-Cp0YC?{pS)yiYiG7TG|BdjWi*aZHnwu-8QV$9#Pk#E z1ML=y!p&fBi(alLY{SQ9KwNbc<~Qv+5QHg5BBL+9kul`5$BGo>>&n%decuL5mjK!iNU>pEnB;sNogs?>`&F zVquT6d85|-2wP7-JzGG1au0SIuH*jKTy}4ZKgG^XrjYzu3f}y@Sn1m-Lue#_r*zlw zCz6gN*#Ivnv<-!#HR;LnYB+f4CtN?Mt^PM#X|rYj!OOAnS(MGTY>vSB-H2*`1aE7g2YVfs+7P1k2v2+fcxni zQ2VNX{(Z3mGgxveHxQ~Vt6g^g4*&Zg zCc!ZUn`a*X-n_+sJb|(oK+1>6yfZr>Jm8uqxL@eqUZFVu^CiVf5!(;+KG+;o9YF}( z-w>B^@_=veAJhNG^#6Zs`YGif6(Jug>2v<_ejbt^^IaS?219E|iO!KfZ^ZeE`pi$_jehg0@!aG}rtAgR^CM3rX)VD9TYBl&$=IUpwph z3vQsJE+w*@h(MI>n>Pyd3tkBf4}4i*hbZ{j95R2}?aH&x7_Xf_zt-3i-#^0wJ5%pP zhPG?}(|7ML&DhI2{O6kgh|l|5@9)cYdljp5UVQ;>v|g z6`|A7Kd7+zuDlH}Yyn*!6Juq~8jG|38zJPKtxG5NtnKjK_{8s#by|;nhen6qhY+e{ zt_EjLtF;S#_gxBgB)}KZgnv_+Q{@t2(V0%sC6(AC68PuJR-krsI!Vu0>>If@H&NGE z$J`Kk-`}W_pFbc))hExTmG?($OVPd9bX{H7FCFYw^@S%NKG^iIHF=L@>!T4yQOoq~ zZ%Ld>5dU&vu1mR4Pd~mfSjA7So|hMD8ZDT}+TVK3R9T6~^ajxlDzKBx@RT{Og_#=E zdH4mkEDZAI=|4w%tRvGxmd_vCm+iYrQKpo~$`X<6baZ*xt8VcwCjA9vCp1*XjwvF( zzvz$RMD_^N2J~upmTc)OVU#N5h5`(|&n-YNzuSC~=Hp6LKK=Y;W}W!?uiQ{ufsNT{ zKG7fZa%Lu91m=<4V#T=6&B+ObINseX&+<`2U+=9Ci;wMTs{#T=zB^mDQJQI2JF)HS zOuN*De+8Gl8D1>p$SkMDyMS-LxG3ZJ9}Bne;)t3S-KrtwzD5|rP6Qe2sl|6UM4uA< z3C=!x7IZZ|`0BX7NZTS$jI=EQja~a1!QU4f6D2N+&^^4>Z{J z70UiLf)ps&{-R>E z7VKa=suOSS%fxKH>e%`mZ^X0P=9OXG8a?1@>!V|C#)MCjTGH|7DK* z`S6eB|8V;$Om28`!5c5WMX8A$;(v4iKNfqT^=sVCBU67N5`^vRDoQPv-D%z>a`-7% ziJQ!YZB8U}d8aBRQwck_4BFQu6ILlghAl-8QgSWwc}eA8L^i&Gd{_z?r&}8Px;H|t z>J~UG29C4XdHS_G|AhSN9V8;nN_-@hT<322!ruS@hi5Smye|Zc-25Pa&p=WVVRa;g z>xTYpCnP%RroQnl3jz$*K=pSl+*=w#3`d15M7V;r6L?Yj>WA3h;!l7RdowQYa<9ILQRedvF+!ibR0F-~nRDKKw#Y5p@3;z@Y`{sjyX2`} z7O-%jfp8E9vg!lf(gzmtKlDfo9jP`A*t%ZcrMB%{b3Xu)bd*ZSNo4a6scetyKtN zz36DUnbD^|Gsv(yRcn!*QqY)HUc0$WAyu2Nw>J@1;Bm;ha(Oan_Du}bXk#~77+wew%dUe{Q1KnNRs%HnxZ`#XT$ z1MJql)i-ByjcdH06d39ZIHDPHQ`1e-d)BVg3%I(>mtz2wDxp3XsLh0l5k?)J*9YAR zSsMcIx;ZsbY8I>(IH`-vC@mGz%4w+rC$>TS1YGDbGX0rCAS&>rprD`@h8?2tIqMmt zE}^R{6Ui@{gvpbh&uh#&;#1?LBiwzDjOM=cc86#>%|>y}eCbr0{Go@pB_t$>=jFL` zSv=40sH;y{mHs)W3j|oO!}jJAt6Q0x)Gb}j&%`Jy%?E;9AnmRR*cb?`=YeX~)1}Sv zBk=(K_F=ecttvow|F*Bt@*PgRJxNNJ_=QVSorN$?H(tX9Q}fz@YvU8cocj^uI{-Km z%z{z2GQ;E6mkZO8^ug*@-TyW#B2AWqC}ne=OfcaVgy#s@`(>Y#-O{w7h8e- z*1LU#>l!N;BVac~ZBFrN2Sl1z#69Um<1@|0_`ne`(g%>kFIpRgO(oG~1!Th)W*x>^ z&Al%B-%8uoC|gY=lwJCMK%Q4r^bnxW5ZYF*3qaF}h&DBVjYwD$0b{ST+ewjIU0h>x z1emS;phVDx_8Ehy^Ay42^6-9n_|BKjMf)nMtt(4P14T9Szo4?_iVg&nD)KB6zs@Dy z(Eh3i^h;Em$h*RP7pMx@9&3ajE~~O%C?>mKlQ*`#u_;4|A;R-^jkMeGnb7p$ksh=d zwvPzlDYkohem`OBXPUc|@$zF}z~@sGhQ_Ae)>BdaET-@541qe-G8aZHJqOjM8_*2b zg58>5QnTz9vVMLy?}H+|Ka5*<+!yW$zqk~9^o^5w_7*r*7Xwg+p&EBw9V7gXUS2o^ zeN=s^J(P)p%V}8}m${pTtq_oNs!7L*YTpXbM%{$vbQJhmP!p*S6x~owpU# z4j)mr8MrTb?DW0p^Hlo3(P)Uf-)5i>xox4-N~3qo&Ge;dp1$YdvuE>c{;&zE!lcsS ztjvey+8Y;=I`Hoh&7vyFX>wiGW~RGeu}c4QAZ`MOBg9A#x2SX8(8U$VsY@6@(jAnN zD+s>x)p3K~ky2UdX=!7f8S>5zZ!b#ZkF+Cs>G+MG6ldwpu2tB0E0F$16>4MEex6A% zza(`Y_Z2QEyn*^SBds6pLu+heJO<=-92BKzCc|9R~Hr6rPvcfRA&5tDXSLD@!t;8!#( zn{0u5&vYc!GCKSF93qcUHk7ByH)!&8UaVpt-e~tBTSd$SV56;!frbF}?97-~9TS-F z9{KS^8f{<7tGI9IX1`thHhNpxfCZb-+U9H2G1jH3I@v!2uMOXdm8yEQCh0WQA&(ce zLpg@_I)-ZMic>QhLm&Pg#*v3mew>-+LlXmsAm107zm5YW!3)evQ&y#$wsv<~)>4(8 z`2~yk)p@XP>urc9`Ku5@_|CR03wNamkMP18IVJAO z>Z_{^^u>ct(s4~k4r0qmK-V;qI!jpX*-Q|#<>(P~Er67*%0m`6?Q1ioJMu&h>~D_Lk} zGfN*NFD3Aa0ybd%FN-DkqRlxNmKvp+?aC)oYVab?b)hAjm5hEt&8Gd4NfRlB`NUZ3 z7yoNy&$==-&WF0peE@=g_;Q!oRF?4|b8W`@yxfGBoz;g}^tVfsb5rN@3x~aUZ_COW z#b(6CU3@fsEkwf(zfA|H!_u5j+L%Z=NEXusP)B^2mG{Ll_MhA>Kfd;g&htOtkzAv0 z`QZ`i7hVs)_WQ}QjycyY-l2fD!8>yL#JTQwZ6dy`Wbp|WQlu1Ap%*1QsZ>{cL>3B^ zs0F>x@mVRaE%X;p?3T^1#SxnSgw#yphIiQfMK=}{MJ%3KTKi;W?~G11fo~qMF;?gZ zx}z}DnM7Gj%WG)S(eK_7(O{;WqSInI-tdCh!2_uFZLCNCJhBy>ekwxQ3D?f(yja@y zQ4v^iy&(p+!I8mQnT-K7k@Hv5CC9^)5zTVQ2r3?g^VP>M;;!wli25Ty^cH|MmE<=R z#25|a!y@Ot8BpnRYLw)Z&`O7L){{JFj5yi$&c;+n|Lfa}O@I+l7hzabS(3~Bn%C)D z*x1z0`e%2t4^>rF38JCVWxV!_QRh@`$`l@Yo>Xo(y44hI+F7ujQ14mI=fd$_9rF4OaNUbvG2 z?EpxR^MtxPvsq1~PnvY|4iA~41!(7HXP>XncG1m03SJl;N8n^+ZY{;0+?biCYbvEi zD0h{_OrhFSW$4(UTXF-|J<;42Bkz|##U@joquIPhm!UwY(QO8cCc&Tc`cwXk|)i-WI ztY5US&6O|M_1{yWepauaJVhDW7H@wo>+u9`hs#w6bU_9Lm4c21x)#xGnd{DzAt~BQ zOrA{3&jaqN%o3HC}ly+C1(5wK!&bh2A=8!nCX+7=H=Cq;-D z$nErpa=q!%a^@J0`STGJ)bkACO8n4t4T>X2fp=6;AE{_;x^G!8uX+IC=>hs&bGIj!_fXhG(m za6tjY;nAU0wI_yc(p)v&mxpfo8O-CgL;X>Ok#npE*r4DT$z^?23@}_RU6nwE9ySTZ5b$!xq&>H)R+4g`*gIl}+ zM_Ff=BaOznV=`gAtR@lMu&1VSENqn(o0B&~-3}G|rn}lfZ*70;Q2S#Vv)n)bE>amN zI&26|7Icu|ov||%+MDgFV^fj4=ZHxJ^uE70h1@OH`@X$Ntt^@vE^R%e>%%~m&T^Lq zNe^T;-HU9-K$lddC_%|EW2uIW>y|eExDII6Vt;(Sr5nO7qHh@LP**N@ZLUK@!sJ^7 zo%R6#`ln-K^W<<|92TQ(D91?HDD-(g`wA-ww8Wl&u6{*|r3D#)Qh?a*6Wzi~2wPkB z@im@iUk>l?_SV+ZJ-a&*VGx*cMyfVNFu731yc*D1VmIm7TcP>i%hMTv*JAd=@atx< zZ(6XQ%4ho|YTrEnb<#>dnXuOQC#SRDu*l=grz#HLnBZ{TUEUamT3^-zXkpje&5z** zG_$f?kA9mY_Vn;3&k;&DXo%iP+0ev^`!ZQEFYmV1Sty&MKW{SxyBU-4A2Z+=+8q`PA z^d2UQ4qCTpS^}*Onk3mzIr$J5x!vT}-ifg!v7M}kK5W07@!mhQUR#<9$1?-E9h`GFA1Z{UF zyP4UBlWfs$x~tVa0QQY<8ZtN6eOh-2UYUKbBO#}goRc6Y6TKqtgPYqQ@7ebg2B!}% zDg4W()#a1tZMuo>JW_pY7$glbj<{4oT$rvd&@B!4^s3nV_d`dk=dzKE09DJ?*F1L5 zXRJ|MSWM0V`w&PHNY*Wls)r89htLp}inR!lC777<#zj7U4GRHBKQ^`MOnj zwr`4AJa+uZ?EC9q#q_%JYD5>2I>K5#6#L6qGH9-e2E8VAW4w@af$Vbv;{AK2Vfg)d zA+zkDMR?g(QV9_GT1lo`DC=LeTbxNNQhRJ_pwc6Xe%JlmH)Bp zYPvSD<%_?&=0LP+;-M5Ni&pG;7f3W^M!?>2ycQH`Y(6VUH!S9bHXA%eX*Y5E|ie8{oHZugUE4HF(*&K)p_zdpbJgO$5+U# zt{xe!xAvKgt9o9IXPg{~yhzRYM8Qh?dtS|US)o`DPe5ipEh?$Q3&`jnZrT^YrTDWB z646DbIZ}EkPCBkG>Bv#DQhi@~A-1A#5Tz0T+dtCQ+L|*1_$zl1BCyLU9Bh7Y zfT{w~K@Q4+bhp3q5#0ef23zgGNpVsC`GX>b`+*daZMmwk#J?`1eV7W0^MXaEoyg?_ zxHsZ-+lYYSn_;D(2c@X&2PfSqGXo;Y+5dK~{_`3)GjQb4xuBJLa$kI*f3FV1asV~% zU+_K1nGG0k>jGH%WrOU67Y{W2-$|e#Wil?04m`-igV#|O4TfLroXCHG$WDCSu|(En zXfe+(qW1rWD)>(e6E6m56|;8PogN36JK}5>Xaeh5u)BXip!l>M82;d52xzy;-?=mE5*2z4*O6D03pbpX4=v%KJ9DM+#*-k?)TLw zZcn{bULk_ibl%sI=`<;cD5nMGNlO#em&Hean02fliEC)_ndTe&vvLj!;-L6Wo>WC! zm3q8ip8hVj1Dqza+nUHNJSRrVB#(N3UpXinn^q1@VctG}!(o#=-w&R~3|s%X;V<(S z=NyyF=2YLA$;!XPzSlB9TcRcVZ@=-WJiL2b`G?W8;txCNja+l~gP9y9hgWV_%8C4l zZiDL2K%R)tW9YWWXrdVQVq(9paVvfti_3)VsBf&{*2v#?upTef$QtEPcR%(MqZLW{ z0GZx_G1ZBeeKfPb?Pu&I64CY7@g!QqsEgw`WmN=4m!&CZ+I@oyh3=7@KYWv0@!bn# z=ektxnQ8G>XPVH`W@Tlo33Wap5GHMx1v8XGU0%3qJjBj zU$2(hgH3;xMr{bBoLbnJEQx!6snFAFt?BOgGL_SF&|>SC9A zZ;E=QP9)J2x-DLM>ne$5xRK)|i#N%Z%+d*ksCS-FTScYAXF0d?$@k}nH5Fs)jzDqU zr_T43tFFhZja*X|u~7~oSS^@Syn)CuWnyX^}oJKl6zFR?_Q%{o&+WA#RL-ubL^e zZGS85S87{U43cfEE7Ir)>^~zle8TI3OlmJRNLRpVlN2DdYcorTh5cwg@nF zot4Acg9qJdhXCtIFR}U2p|Fqt{A0YWm7q`n7>f!;4mAAVNiqQ@-Iyx0dEfu}N2>FW z@&9A||0j*#ZD`QhITEwjTt4zy@Y&~TxxSCSGaX~?K3uc!3>^PBkWq{GP+NRfq=AVM z(G>ldZw9uCW{n4{V>(EDJT6&9N<}l>Uu?cJx25e1(#st{gO+c;yV`~nJqw4gcx?`z z>`~nbziJx&@y(h3YDvh(@=okpj8&<|ZdsO@z6+szcxXb8u(GxKTwGSRZ(#(<=iC5MO@_I*(ywOj18T1gq#@JKS_nH5Jx=H_$ zw0=nE1CmJ+*!G4WK99nm|M6AXm^DT( z09ymqM{XFvAEeDH?C%Kniv_ypCzj-H0hniZsBu@3ZuAR#5(HhsC&e3TT=pSa6 zeqX)X(h}gw7y-T`Yj8r?I4?N5XxP=pv>3mUyHM0GDeR{|G*HS7cyk<+9=n<~|(HLjlxdCI;1kKN(Wwf^4@pS{iA$ z&mD26S%Gssx?!3eZRZc$=o28oWQPk=l^EafnRHXWf7=cF`1+8pC%5hjoQAMFLE$b+ zDGVL?FgDjjVy0_9z^#sP<&I4P2Y(2f05P0l-|#ZGuKhPe5WiJtN?r)FPh~A8+FZNJ z#c{V>rTgKbeNS(}1CW^AlZhTq%?GUu1|crp39ramKRvB<_t+yi>M&A_%~c|=n2>N;iCgWIW;kBzdFpZm9o%%5h$C(GAxmcKvx zfEH0~HR-)M2`AiItXlQ2O$ut6y}oI=l8OniN30D!=xGYk&#pK-Oc*L2uV-Q8DjytL z)~6`S8GS23Zq9FEGp!?8VBsN9p4i%}W&pq9e`|JHfG$!au@w+kRSGhFW~<_}naN-K~5?0011C znKr;VwJNS<;g&-Hhg^FeA6NZn1q3eHS_+peSzk(d)!2_7@c~+ImLDs_m5S(7;UdoHH-Ap_A_(Q{F9$H zQ33=WVDV)Wf!S3!iX1VzKZ|!Sq5f6h|XzbZb83iq#xy%Kb*C|Re z<$uaiqvx(bBYa^Ks0XfM^?e69vW z%da1K(JV^%bKbdBvoAl=#1Ml`FBNiLpJhOZV0Qq}c(xo`l(nYGz-y>b)XeqX-R}{C z@@U14ZO$Z$l!*8KPs|ZRu(4INrUGD2Zee_Tqzkguf@ne(Cz&YjZ~IBCLHJW$BlO@H zwr}MZD?F=RGvb)<+cgVudQ5s{ZLTLy^FRth&@nH)`qRWj5ANc7svw>Flx zA>jmn&^{o%MKqF0#j6l>_qg`i+adDwE6a>kHbh;ob!VwZk{cx|W%H}B zE#r+B&(A2wI$EQv;{$d%?0R)%^5+=%T^z1!S6xrKwJA=-m!FDpc`zC+(A>v+tw(WA z7PI>kSHA+sMnVKKlLf_X8xaJ`j$~Os(G7Z4J5)CjvJg{_X)qs6q@kG-!|$so^nF7H z1t*Wjk&%kBhjAMVbldtY^i-il%oRZRuE?@l*o-+3sk(@OR7QhZFyfs%Q^b23EeA-I zb07RZ>3qVjsM5La_Az-*wc0cl+vR9!E`JrZk}Dye zOc81jm~6#jsc8LcC^#M%+gQVdj()US3|xjkk?iaQL|S`0n;1$Ku&^Rpir@ zVtW^z57b%-24cLrP8(X?$X9q48DEZ~-b-4}3xzud!k^M|zkR*KlwDa=mW!H4qxek5 zK4jz7>nlsGr}UCVGQSlkV(K=Rx2whI@kK$9@eNuefL71$Ady=tJBuE3tK(VtExzT2 zM)8*F@Ggfd3Sw>Ebq7BgdN*)rnx+dvZ{?PE=inoNW*x57%iefZk3Hw zx7NRjfR}=aSXD~rf9!RqiHbZD`yR~%A6UltlEWtAYoxs>KcrjETAMdYNO{|cifL?GXfAJ|M+o2;gwZE&4#PdiAi>6evuqED*T7Jl9G#CKM z+qH?e!LN15Q~k-F8bfqT`f(oYm)vP-8|CgLU*IbmjEsKT4#E%=K%%^u2-C*`V9yhg0*Kdz9O1^GUP_;3T-%<^@%ljSJA6=U(A4Xn^ z`AWjratm*h(Bb+5f|UX2L&!^|>CM`E&UFIO+05(Pc}gE>4@nwTQjkYb){D76rj>_C zttPmB@d(8rH_x-)&2!n(t&!cDb5(nj`a)dRj;-xw?~94AdE5BnCvaosKEDqh$bl6C zX`v135orNnE$0SUP;SG<+wM-x-9d6EjGvlqtu_Ho(K2j9d!pLgc@M!k2__>{p+a^i zHvNW9+dW}?GPmiw2qnR6qY=a1ic)ax?CSJo^5lS^c6Jdc`w_qP;U<3#bJEj%0O3!P z^mp%o@*io5W%~mN5s!2jfG}@oZWT19l9>3pg*br3uTlQ0)0(;Y(evH<$rQwH3q=Q%qp=n6m008VpXo zXSP1JO-PWl%cz7NN!Z=^Dq*?CT}O@Lx8ru%?6&-><5}mg76wvjd;hqm!-f3(RWp@q zJGDwdw3wzCA)dS=e2)b-`(g@t?LW6g3FSA&@EL4m;MA@%jc2(VazbIR2eH2rZ?{u` zzi;+*cMP8q6qiemfsO&CLvpc+9qiHx{;+ z>=Y`<{qLtCD{bmM)0 zdKJcYN3eUzB!?^CQ`RS_=RSAbX(>d04S-_kSx*9EFvKu!b5iR{o^1sQD#@HNV(33|a${(Hks`i~OJu_EKsU3) zNH(@cgs}WNFOb;Mtk&;A8{v`MUSWjsOO!`Ia$Bml`5ud`<)1Zq=oX)(KbI+4tqS^( zEwP&R)n$cqpgS$#4T$wdsLTW{FN|vaYX*%O@42RXS*ATi`GYlrB&aIrV|n*q6PhC) z6rj6|DqBFU@wx*~u2KxKSYtQ`iZwqiP%j#&CHY%7?}}%r7iT4isYXr3E+0_{ssbMir{E<@bl_7P*PZXO$`l($n2_^Cc+e<7v@RsW0+dxi(~#Js_M%iN zaQGA%fo#W?qnxz0cC7lSj{z^6h3hL^p68LTQvxlWu94B#lJ@_``@tJWO?8jP3j>C6 z{`MGy#NQMjvTjSpz3cY2|lTK&DgY1x`k&z#(4`m@hM0FpG%bELSP@sZ;~Vb55M^P;zI zfJjv<*TPl?IU<X_`B^ zTwZ9EIWNpCwTqUN zI~_OGaT}0W3Z8KTRyOxU)rk8}T^F#l+YF$h=8?v%V(-G_%k!jQKsbGb6FD{RI$>-p zZ<-kT=@v$2zL!xZjuDKTAAV4R%gc9h@yhS~Jk#g+!m|HVdDPSP(LC@c=WUeD0u^8l zoR@mN@v0ohlf#RB#Lk=dNe`8fgOp5aR+`r032^(f1@1a4=IS!h2b+jB3+s5)T_y5@ zd|?lZG$nmA*Ow1ooHsB)p>P1FC3uL#t zBMA`^^@Fo^ag(R*z{(W2r2PF{%hZVJ{h$Q6-9=&)nI-4*rw03U&GL?ygTQ{Kq_^7~ z;gu06GuU2=O;;gH`TiN&O#omRLV;e)V&VKbFv z*Ld-sTv)e?rmTLAVG5F~`-fVNpJn{w4!marpoi1IsV;&y@zZxWmqvEF)q<-fLK{?3 zh|Rwx%DX%vX92?F>|Q>k{|m|<13o4gqQ&z|RK0M8FFNJ%Usm7nYrhcJ!GEh}T<$f1 z`8I;-c+WG#1FH--?h{1>Ft5U0o>#+*V2sg*F)O{203 zsj6N6bgep6A67&JcNV00Z-QL)c&qJG zk;bPYW7f~%8nw4p!`o|_v*B47(j*;el6%j&slv$Uz z7Av9EjiTBgI5~;DV5~kF%?Mu|IhoF%+mdIbl`Z-51?z`L;Hg#y7fsbQ!E@PB9WP#T zqZ+v#tt&T+7H&H8Fe17sVpMsMpaLobj-n_aXtA6|?Qn8Sv5&~G7+nJ zK?HfG{=ib_CyrJbHE%Ty literal 0 HcmV?d00001 From 20f1f7bcc981d1e9b89bc6cad0fdbcba4187c78f Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Sat, 2 Dec 2023 19:30:30 +0100 Subject: [PATCH 05/21] add instructions to trivy server Signed-off-by: Marlon Pina Tojal --- docs/_docs/datasources/trivy.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/_docs/datasources/trivy.md b/docs/_docs/datasources/trivy.md index 800af295ad..95e140fb21 100644 --- a/docs/_docs/datasources/trivy.md +++ b/docs/_docs/datasources/trivy.md @@ -20,3 +20,7 @@ To configure the Trivy integration, navigate to *Analyzers* -> *Trivy* in the ad | API Token | Authentication token for the REST API. | ![Trivy Configuration](../../images/screenshots/trivy-configuration.png) + +### Run Trivy as Server + +Trivy can be runned as a [server](https://github.com/aquasecurity/trivy/blob/b5874e3ad38e77ac86eedd7a65785b2933f3685f/docs/docs/references/configuration/cli/trivy_server.md) by executing the command `trivy server --listen localhost:8081 --token dummy -d` or by setting it up on a container. From b80ed608e68c98148e9f5b8c1ef7fc8fb2f5f209 Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Mon, 4 Dec 2023 18:59:50 +0100 Subject: [PATCH 06/21] add docker and other package managers Signed-off-by: Marlon Pina Tojal --- .../parser/trivy/model/BlobInfo.java | 5 + .../parser/trivy/model/OS.java | 6 + .../parser/trivy/model/Package.java | 67 +++++++ .../parser/trivy/model/PackageInfo.java | 36 ++++ .../parser/trivy/model/PurlType.java | 112 ++++++++++++ .../tasks/scanners/TrivyAnalysisTask.java | 170 +++++++++++++++--- 6 files changed, 369 insertions(+), 27 deletions(-) create mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/Package.java create mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/PackageInfo.java create mode 100644 src/main/java/org/dependencytrack/parser/trivy/model/PurlType.java diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/BlobInfo.java b/src/main/java/org/dependencytrack/parser/trivy/model/BlobInfo.java index 3cccacce09..139c0ffee7 100644 --- a/src/main/java/org/dependencytrack/parser/trivy/model/BlobInfo.java +++ b/src/main/java/org/dependencytrack/parser/trivy/model/BlobInfo.java @@ -25,6 +25,8 @@ public class BlobInfo { private long schemaVersion; private OS os; private Application[] applications; + @SerializedName("package_infos") + private PackageInfo[] packageInfos; public BlobInfo() { this.schemaVersion = 2; @@ -39,4 +41,7 @@ public BlobInfo() { public Application[] getApplications() { return applications; } public void setApplications(Application[] value) { this.applications = value; } + + public PackageInfo[] getPackageInfos() { return packageInfos; } + public void setPackageInfos(PackageInfo[] value) { this.packageInfos = value; } } diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/OS.java b/src/main/java/org/dependencytrack/parser/trivy/model/OS.java index 6109f60e60..69f7f3f015 100644 --- a/src/main/java/org/dependencytrack/parser/trivy/model/OS.java +++ b/src/main/java/org/dependencytrack/parser/trivy/model/OS.java @@ -24,6 +24,12 @@ public class OS { private boolean eosl; private boolean extended; + public OS(){} + public OS(String family, String name) { + this.family = family; + this.name = name; + } + public String getFamily() { return family; } public void setFamily(String value) { this.family = value; } diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/Package.java b/src/main/java/org/dependencytrack/parser/trivy/model/Package.java new file mode 100644 index 0000000000..726f5e6dde --- /dev/null +++ b/src/main/java/org/dependencytrack/parser/trivy/model/Package.java @@ -0,0 +1,67 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.parser.trivy.model; + +import com.google.gson.annotations.SerializedName; + +public class Package { + private String name; + private String version; + private String arch; + + @SerializedName("src_name") + private String srcName; + @SerializedName("src_version") + private String srcVersion; + private String[] licenses; + private OS layer; + + public Package(String name, String version, String arch) { + this.name = name; + this.version = version; + this.arch = arch; + + this.srcName = name; + this.srcVersion = version; + + this.licenses = new String[] {}; + this.layer = new OS(); + } + + public String getName() { return name; } + public void setName(String value) { this.name = value; } + + public String getVersion() { return version; } + public void setVersion(String value) { this.version = value; } + + public String getArch() { return arch; } + public void setArch(String value) { this.arch = value; } + + public String getSrcName() { return srcName; } + public void setSrcName(String value) { this.srcName = value; } + + public String getSrcVersion() { return srcVersion; } + public void setSrcVersion(String value) { this.srcVersion = value; } + + public String[] getLicenses() { return licenses; } + public void setLicenses(String[] value) { this.licenses = value; } + + public OS getLayer() { return layer; } + public void setLayer(OS value) { this.layer = value; } +} \ No newline at end of file diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/PackageInfo.java b/src/main/java/org/dependencytrack/parser/trivy/model/PackageInfo.java new file mode 100644 index 0000000000..8f155d42fa --- /dev/null +++ b/src/main/java/org/dependencytrack/parser/trivy/model/PackageInfo.java @@ -0,0 +1,36 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.parser.trivy.model; + +import java.util.ArrayList; + +public class PackageInfo { + private ArrayList packages; + + public PackageInfo() { + this.packages = new ArrayList(); + } + + public ArrayList getPackages() { return packages; } + public void setPackages(ArrayList value) { this.packages = value; } + public void addPackage(Package value) { this.packages.add(value); } +} + + + diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/PurlType.java b/src/main/java/org/dependencytrack/parser/trivy/model/PurlType.java new file mode 100644 index 0000000000..dab44f883f --- /dev/null +++ b/src/main/java/org/dependencytrack/parser/trivy/model/PurlType.java @@ -0,0 +1,112 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.parser.trivy.model; + +public enum PurlType { + BITNAMI("bitnami"), + CARGO("cargo"), + COCOAPODS("cocoapods"), + COMPOSER("composer"), + CONAN("conan"), + CONDA("conda-pkg"), + GEM("gemspec"), + GOLANG("gobinary"), + HEX("hex"), + MAVEN("jar"), + NPM("node-pkg"), + NUGET("nuget"), + PUB("pub"), + PYPI("python-pkg"), + SWIFT("swift"), + UNKNOWN("unknown"); + + private final String appType; + + PurlType(final String appType) { + this.appType = appType; + } + + public String getAppType() { + return appType; + } + + public static class Constants { + public static final String ALPM = "alpm"; + public static final String APK = "apk"; + public static final String BITBUCKET = "bitbucket"; + public static final String BITNAMI = "bitnami"; + public static final String CARGO = "cargo"; + public static final String COCOAPODS = "cocoapods"; + public static final String COMPOSER = "composer"; + public static final String CONAN = "conan"; + public static final String CONDA = "conda"; + public static final String CRAN = "cran"; + public static final String DEBIAN = "deb"; + public static final String DOCKER = "docker"; + public static final String GEM = "gem"; + public static final String GENERIC = "generic"; + public static final String GITHUB = "github"; + public static final String GOLANG = "golang"; + public static final String HACKAGE = "hackage"; + public static final String HEX = "hex"; + public static final String HUGGINGFACE = "huggingface"; + public static final String MAVEN = "maven"; + public static final String MLFLOW = "mlflow"; + public static final String NPM = "npm"; + public static final String NUGET = "nuget"; + public static final String OCI = "oci"; + public static final String PUB = "pub"; + public static final String PYPI = "pypi"; + public static final String QPKG = "qpkg"; + public static final String RPM = "rpm"; + public static final String SWID = "swid"; + public static final String SWIFT = "swift"; + public static final String UNKNOWN = "unknown"; + } +} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java index 18fdb19024..e40652c8ae 100644 --- a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java +++ b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java @@ -28,50 +28,60 @@ import alpine.security.crypto.DataEncryption; import com.github.packageurl.PackageURL; import com.google.gson.Gson; - import io.github.resilience4j.micrometer.tagged.TaggedRetryMetrics; import io.github.resilience4j.retry.Retry; import io.github.resilience4j.retry.RetryConfig; import io.github.resilience4j.retry.RetryRegistry; + +import java.nio.charset.StandardCharsets; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.concurrent.CompletableFuture; +import java.util.concurrent.CountDownLatch; +import java.util.concurrent.Executors; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.TimeUnit; +import java.util.function.Supplier; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Optional; + +import org.apache.commons.codec.binary.Hex; import org.apache.commons.lang3.concurrent.BasicThreadFactory; -import org.apache.http.HttpHeaders; -import org.apache.http.HttpStatus; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpPost; import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.client.utils.URIBuilder; import org.apache.http.entity.StringEntity; +import org.apache.http.HttpHeaders; +import org.apache.http.HttpStatus; import org.apache.http.util.EntityUtils; import org.dependencytrack.common.HttpClientPool; import org.dependencytrack.common.ManagedHttpClientFactory; import org.dependencytrack.event.IndexEvent; import org.dependencytrack.event.TrivyAnalysisEvent; +import org.dependencytrack.model.Classifier; import org.dependencytrack.model.Component; import org.dependencytrack.model.ConfigPropertyConstants; import org.dependencytrack.model.Vulnerability; import org.dependencytrack.model.VulnerabilityAnalysisLevel; -import org.dependencytrack.parser.trivy.TrivyParser; import org.dependencytrack.parser.trivy.model.Application; +import org.dependencytrack.parser.trivy.model.OS; +import org.dependencytrack.parser.trivy.model.BlobInfo; +import org.dependencytrack.parser.trivy.model.DeleteRequest; +import org.dependencytrack.parser.trivy.model.Library; +import org.dependencytrack.parser.trivy.model.Options; +import org.dependencytrack.parser.trivy.model.PackageInfo; +import org.dependencytrack.parser.trivy.model.PurlType; import org.dependencytrack.parser.trivy.model.PutRequest; import org.dependencytrack.parser.trivy.model.ScanRequest; -import org.dependencytrack.parser.trivy.model.Options; -import org.dependencytrack.parser.trivy.model.DeleteRequest; -import org.dependencytrack.parser.trivy.model.BlobInfo; import org.dependencytrack.parser.trivy.model.TrivyResponse; -import org.dependencytrack.parser.trivy.model.Library; +import org.dependencytrack.parser.trivy.model.Package; +import org.dependencytrack.parser.trivy.TrivyParser; import org.dependencytrack.persistence.QueryManager; import org.dependencytrack.util.NotificationUtil; import org.dependencytrack.util.RoundRobinAccessor; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Optional; -import java.util.concurrent.CompletableFuture; -import java.util.concurrent.CountDownLatch; -import java.util.concurrent.ExecutorService; -import java.util.concurrent.Executors; -import java.util.concurrent.TimeUnit; -import java.util.function.Supplier; /** @@ -183,22 +193,68 @@ public void analyze(final List components) { var info = new BlobInfo(); - var app = new Application("jar"); - + var pkgs = new HashMap(); + var apps = new HashMap(); var map = new HashMap(); for (final Component component : components) { - var name = component.getGroup() + ":" + component.getName(); - var key = name + ":" + component.getVersion(); + if (component.getPurl() != null) { + var appType = resolveApp(component.getPurl().getType()); + + var name = component.getName(); + + if (component.getGroup() != null) { + name = component.getGroup() + ":" + name; + } + + var key = name + ":" + component.getVersion(); + + LOGGER.debug("Add key %s to map".formatted(key)); + map.put(key, component); + + if (appType != PurlType.UNKNOWN.getAppType()) { + + if (apps.get(appType) == null) { + apps.put(appType, new Application(appType)); + } + var app = apps.get(appType); + + app.addLibrary(new Library(name, component.getVersion())); + } else { + var pkgType = component.getPurl().getType().toString(); + + if (pkgs.get(pkgType) == null) { + pkgs.put(pkgType, new PackageInfo()); + } - map.put(key, component); - app.addLibrary(new Library(name, component.getVersion())); + var pkg = pkgs.get(pkgType); + + + pkg.addPackage(new Package(component.getName(), component.getVersion(), "arm64")); + } + } else if (component.getClassifier() == Classifier.OPERATING_SYSTEM) { + info.setOS(new OS(component.getName(), component.getVersion())); + } } - info.setApplications(new Application[] {app}); + info.setApplications(apps.values().toArray(new Application[]{})); + info.setPackageInfos(pkgs.values().toArray(new PackageInfo[]{})); + var blob = new PutRequest(); blob.setBlobInfo(info); - blob.setDiffID("sha256:82b8626f712f721809b12af37380479b68263b78600dea0b280ee8fc88e3d27a"); + + try { + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + //todo - need to establish standard and requirements from trivy + byte[] hash = digest.digest(java.util.UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8)); + + blob.setDiffID("sha256:" + Hex.encodeHexString(hash)); + LOGGER.debug(blob.getDiffID()); + } catch(NoSuchAlgorithmException e) { + LOGGER.error(e.getMessage()); + blob.setDiffID("sha256:0000000000000000000000000000000000000000000000000000000000000000"); + } + CompletableFuture .runAsync(() -> analyzeBlob(map, blob), EXECUTOR) @@ -253,7 +309,7 @@ private void analyzeBlob(final Map components, final PutReque for (int idx = 0; idx < result.getVulnerabilities().length; idx++) { var vulnerability = result.getVulnerabilities()[idx]; var key = vulnerability.getPkgName() + ":" + vulnerability.getInstalledVersion(); - + LOGGER.debug("Searching key %s in map".formatted(key)); handle(components.get(key), vulnerability); } } @@ -397,6 +453,66 @@ private void handle(final Component component, final org.dependencytrack.parser. } } + private String resolveApp(String purlType) { + if (purlType == null) { + return PurlType.UNKNOWN.getAppType(); + } + + PurlType type; + switch (purlType) { + case PurlType.Constants.BITNAMI: + type = PurlType.BITNAMI; + break; + case PurlType.Constants.CARGO: + type = PurlType.CARGO; + break; + case PurlType.Constants.COCOAPODS: + type = PurlType.COCOAPODS; + break; + case PurlType.Constants.COMPOSER: + type = PurlType.COMPOSER; + break; + case PurlType.Constants.CONAN: + type = PurlType.CONAN; + break; + case PurlType.Constants.CONDA: + type = PurlType.CONDA; + break; + case PurlType.Constants.GEM: + type = PurlType.GEM; + break; + case PurlType.Constants.GOLANG: + type = PurlType.GOLANG; + break; + case PurlType.Constants.HEX: + type = PurlType.HEX; + break; + case PurlType.Constants.MAVEN: + type = PurlType.MAVEN; + break; + case PurlType.Constants.NPM: + type = PurlType.NPM; + break; + case PurlType.Constants.NUGET: + type = PurlType.NUGET; + break; + case PurlType.Constants.PUB: + type = PurlType.PUB; + break; + case PurlType.Constants.PYPI: + type = PurlType.PYPI; + break; + case PurlType.Constants.SWIFT: + type = PurlType.SWIFT; + break; + default: + type = PurlType.UNKNOWN; + break; + } + + return type.getAppType(); + } + private Optional getApiBaseUrl() { if (apiBaseUrl != null) { return Optional.of(apiBaseUrl); From 784e3b90be759769910961776766595bc00c9d64 Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Mon, 4 Dec 2023 19:14:01 +0100 Subject: [PATCH 07/21] address comments Signed-off-by: Marlon Pina Tojal --- .../java/org/dependencytrack/parser/trivy/TrivyParser.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java b/src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java index 37d34b0b41..c982317b8e 100644 --- a/src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java +++ b/src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java @@ -65,7 +65,7 @@ public Vulnerability parse(org.dependencytrack.parser.trivy.model.Vulnerability try { vulnerability.setPublished(formatter.parse(data.getPublishedDate())); } catch (ParseException ex) { - LOGGER.error("Unable to parse published date %s".formatted(data.getPublishedDate())); + LOGGER.warn("Unable to parse published date %s".formatted(data.getPublishedDate())); } vulnerability.setCreated(vulnerability.getPublished()); } @@ -74,7 +74,7 @@ public Vulnerability parse(org.dependencytrack.parser.trivy.model.Vulnerability try { vulnerability.setUpdated(formatter.parse(data.getLastModifiedDate())); } catch (ParseException ex) { - LOGGER.error("Unable to parse last modified date %s".formatted(data.getLastModifiedDate())); + LOGGER.warn("Unable to parse last modified date %s".formatted(data.getLastModifiedDate())); } } From 6923e39ae4dcc303bf4c8d9b5ba860a00e17a235 Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Mon, 4 Dec 2023 21:18:08 +0100 Subject: [PATCH 08/21] remove spaces Signed-off-by: Marlon Pina Tojal --- .../parser/trivy/model/PurlType.java | 32 +------------------ 1 file changed, 1 insertion(+), 31 deletions(-) diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/PurlType.java b/src/main/java/org/dependencytrack/parser/trivy/model/PurlType.java index dab44f883f..6aea75f8fa 100644 --- a/src/main/java/org/dependencytrack/parser/trivy/model/PurlType.java +++ b/src/main/java/org/dependencytrack/parser/trivy/model/PurlType.java @@ -79,34 +79,4 @@ public static class Constants { public static final String SWIFT = "swift"; public static final String UNKNOWN = "unknown"; } -} - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +} \ No newline at end of file From 9e0907223163efd0e8be35cb3370d88ec39609b9 Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Tue, 5 Dec 2023 14:06:46 +0100 Subject: [PATCH 09/21] add unit tests and a few improvements Signed-off-by: Marlon Pina Tojal --- .../tasks/scanners/TrivyAnalysisTask.java | 22 +- .../tasks/scanners/TrivyAnalysisTaskTest.java | 214 ++++++++++++++++++ 2 files changed, 229 insertions(+), 7 deletions(-) create mode 100644 src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java diff --git a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java index e40652c8ae..d7de4cf155 100644 --- a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java +++ b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java @@ -66,6 +66,7 @@ import org.dependencytrack.model.ConfigPropertyConstants; import org.dependencytrack.model.Vulnerability; import org.dependencytrack.model.VulnerabilityAnalysisLevel; +import org.dependencytrack.model.Vulnerability.Source; import org.dependencytrack.parser.trivy.model.Application; import org.dependencytrack.parser.trivy.model.OS; import org.dependencytrack.parser.trivy.model.BlobInfo; @@ -176,8 +177,21 @@ public AnalyzerIdentity getAnalyzerIdentity() { @Override public boolean isCapable(Component component) { - return true; + final boolean hasValidPurl = component.getPurl() != null + && component.getPurl().getScheme() != null + && component.getPurl().getType() != null + && component.getPurl().getName() != null + && component.getPurl().getVersion() != null; + + return hasValidPurl + && resolveApp(component.getPurl().getType()) != PurlType.Constants.UNKNOWN.toString(); } + + @Override + protected boolean isCacheCurrent(Source source, String targetHost, String target) { + return false; + } + /** * {@inheritDoc} */ @@ -185,12 +199,6 @@ public boolean isCapable(Component component) { public void analyze(final List components) { final var countDownLatch = new CountDownLatch(components.size()); - // if (isCacheCurrent(Vulnerability.Source.TRIVY, apiBaseUrl, component.getPurl().getCoordinates())) { - // applyAnalysisFromCache(component); - // countDownLatch.countDown(); - // continue; - // } - var info = new BlobInfo(); var pkgs = new HashMap(); diff --git a/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java b/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java new file mode 100644 index 0000000000..9ebeb85d0d --- /dev/null +++ b/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java @@ -0,0 +1,214 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.tasks.scanners; + +import alpine.model.IConfigProperty; +import alpine.notification.Notification; +import alpine.notification.NotificationService; +import alpine.notification.Subscriber; +import alpine.notification.Subscription; +import alpine.security.crypto.DataEncryption; +import com.github.packageurl.PackageURL; +import org.apache.http.HttpHeaders; +import org.assertj.core.api.SoftAssertions; +import org.dependencytrack.PersistenceCapableTest; +import org.dependencytrack.event.TrivyAnalysisEvent; +import org.dependencytrack.model.Component; +import org.dependencytrack.model.ComponentAnalysisCache; +import org.dependencytrack.model.Project; +import org.dependencytrack.model.Severity; +import org.dependencytrack.model.Vulnerability; +import org.junit.After; +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.mockserver.integration.ClientAndServer; + +import javax.jdo.Query; +import javax.json.Json; +import java.util.Date; +import java.util.List; +import java.util.Map; +import java.util.concurrent.ConcurrentLinkedQueue; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.dependencytrack.model.ConfigPropertyConstants.SCANNER_TRIVY_API_TOKEN; +import static org.dependencytrack.model.ConfigPropertyConstants.SCANNER_TRIVY_BASE_URL; +import static org.dependencytrack.model.ConfigPropertyConstants.SCANNER_TRIVY_ENABLED; +import static org.mockserver.model.HttpError.error; +import static org.mockserver.model.HttpRequest.request; +import static org.mockserver.model.HttpResponse.response; + +public class TrivyAnalysisTaskTest extends PersistenceCapableTest { + + private static ClientAndServer mockServer; + + @BeforeClass + public static void beforeClass() { + NotificationService.getInstance().subscribe(new Subscription(NotificationSubscriber.class)); + mockServer = ClientAndServer.startClientAndServer(1080); + } + + @Before + public void setUp() throws Exception { + qm.createConfigProperty(SCANNER_TRIVY_ENABLED.getGroupName(), + SCANNER_TRIVY_ENABLED.getPropertyName(), + "true", + IConfigProperty.PropertyType.BOOLEAN, + "trivy"); + qm.createConfigProperty(SCANNER_TRIVY_API_TOKEN.getGroupName(), + SCANNER_TRIVY_API_TOKEN.getPropertyName(), + DataEncryption.encryptAsString("token"), + IConfigProperty.PropertyType.STRING, + "token"); + qm.createConfigProperty(SCANNER_TRIVY_BASE_URL.getGroupName(), + SCANNER_TRIVY_BASE_URL.getPropertyName(), + "http://localhost:8081", + IConfigProperty.PropertyType.STRING, + "url"); + } + + @After + public void tearDown() { + mockServer.reset(); + NOTIFICATIONS.clear(); + } + + @AfterClass + public static void afterClass() { + mockServer.stop(); + NotificationService.getInstance().unsubscribe(new Subscription(NotificationSubscriber.class)); + } + + @Test + public void testIsCapable() { + final var asserts = new SoftAssertions(); + + for (final Map.Entry test : Map.of( + "pkg:maven/com.fasterxml.woodstox/woodstox-core", false, // Missing version + "pkg:xxx/github.com/CycloneDX/cyclonedx-go@0.7.0", false, // Unsupported type + "pkg:maven/com.fasterxml.woodstox/woodstox-core@5.0.0", true, + "pkg:maven/com.fasterxml.woodstox/woodstox-core@5.0.0?foo=bar#baz", true + ).entrySet()) { + final var component = new Component(); + component.setPurl(test.getKey()); + asserts.assertThat(new TrivyAnalysisTask().isCapable(component)).isEqualTo(test.getValue()); + } + + asserts.assertAll(); + } + + @Test + public void testShouldAnalyzeWhenCacheIsCurrent() throws Exception { + qm.updateComponentAnalysisCache(ComponentAnalysisCache.CacheType.VULNERABILITY, "http://localhost:8081", + Vulnerability.Source.NVD.name(), "pkg:maven/com.fasterxml.woodstox/woodstox-core@5.0.0", new Date(), + Json.createObjectBuilder() + .add("vulnIds", Json.createArrayBuilder().add(123)) + .build()); + + assertThat(new TrivyAnalysisTask().shouldAnalyze(new PackageURL("pkg:maven/com.fasterxml.woodstox/woodstox-core@5.0.0?foo=bar#baz"))).isTrue(); + } + + @Test + public void testShouldAnalyzeWhenCacheIsNotCurrent() throws Exception { + assertThat(new TrivyAnalysisTask().shouldAnalyze(new PackageURL("pkg:maven/com.fasterxml.woodstox/woodstox-core@5.0.0?foo=bar#baz"))).isTrue(); + } + + @Test + public void testAnalyzeWithNoIssues() { + mockServer + .when(request() + .withMethod("GET") + .withPath("/twirp/trivy.scanner.v1.Scanner/Scan")) + .respond(response() + .withStatusCode(200) + .withHeader(HttpHeaders.CONTENT_TYPE, "application/vnd.api+json") + .withBody(""" + { + "os":{} + } + """)); + + var project = new Project(); + project.setName("acme-app"); + project = qm.createProject(project, null, false); + + var component = new Component(); + component.setProject(project); + component.setGroup("com.fasterxml.woodstox"); + component.setName("woodstox-core"); + component.setVersion("6.4.0"); + component.setPurl("pkg:maven/com.fasterxml.woodstox/woodstox-core@6.4.0?foo=bar#baz"); + component = qm.createComponent(component, false); + + new TrivyAnalysisTask().inform(new TrivyAnalysisEvent(component)); + + final List vulnerabilities = qm.getAllVulnerabilities(component); + assertThat(vulnerabilities).hasSize(0); + + // final Query cacheQuery = qm.getPersistenceManager().newQuery(ComponentAnalysisCache.class); + // final List cacheEntries = cacheQuery.executeList(); + // assertThat(cacheEntries).hasSize(1); + + // final ComponentAnalysisCache cacheEntry = cacheEntries.get(0); + // assertThat(cacheEntry.getTarget()).isEqualTo("pkg:maven/com.fasterxml.woodstox/woodstox-core@6.4.0"); + // assertThat(cacheEntry.getResult()) + // .containsEntry("vulnIds", Json.createArrayBuilder().build()); + } + + @Test + //TODO: THIS + public void testAnalyzeWithConnectionError() { + mockServer + .when(request().withPath("/twirp/trivy.scanner.v1.Scanner/Scan")) + .error(error().withDropConnection(true)); + + var project = new Project(); + project.setName("acme-app"); + project = qm.createProject(project, null, false); + + var component = new Component(); + component.setProject(project); + component.setGroup("com.fasterxml.woodstox"); + component.setName("woodstox-core"); + component.setVersion("5.0.0"); + component.setPurl("pkg:maven/com.fasterxml.woodstox/woodstox-core@5.0.0?foo=bar#baz"); + component = qm.createComponent(component, false); + + new TrivyAnalysisTask().inform(new TrivyAnalysisEvent(List.of(component))); + + final List vulnerabilities = qm.getAllVulnerabilities(component); + assertThat(vulnerabilities).hasSize(0); + + final Query cacheQuery = qm.getPersistenceManager().newQuery(ComponentAnalysisCache.class); + assertThat(cacheQuery.executeList()).isEmpty(); + } + + private static final ConcurrentLinkedQueue NOTIFICATIONS = new ConcurrentLinkedQueue<>(); + + public static class NotificationSubscriber implements Subscriber { + + @Override + public void inform(final Notification notification) { + NOTIFICATIONS.add(notification); + } + + } +} \ No newline at end of file From 2d8e0f5d23a76f5424c7243c6c8773dd123d8dea Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Thu, 7 Dec 2023 13:54:43 +0100 Subject: [PATCH 10/21] fix issue with missing package managers Signed-off-by: Marlon Pina Tojal --- .../tasks/scanners/TrivyAnalysisTask.java | 18 +++++++----------- .../tasks/scanners/TrivyAnalysisTaskTest.java | 4 +--- 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java index d7de4cf155..184ae8bb07 100644 --- a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java +++ b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java @@ -177,14 +177,7 @@ public AnalyzerIdentity getAnalyzerIdentity() { @Override public boolean isCapable(Component component) { - final boolean hasValidPurl = component.getPurl() != null - && component.getPurl().getScheme() != null - && component.getPurl().getType() != null - && component.getPurl().getName() != null - && component.getPurl().getVersion() != null; - - return hasValidPurl - && resolveApp(component.getPurl().getType()) != PurlType.Constants.UNKNOWN.toString(); + return true; } @Override @@ -227,6 +220,7 @@ public void analyze(final List components) { } var app = apps.get(appType); + LOGGER.info("add library %s".formatted(component.toString())); app.addLibrary(new Library(name, component.getVersion())); } else { var pkgType = component.getPurl().getType().toString(); @@ -237,10 +231,11 @@ public void analyze(final List components) { var pkg = pkgs.get(pkgType); - - pkg.addPackage(new Package(component.getName(), component.getVersion(), "arm64")); + LOGGER.info("add package %s".formatted(component.toString())); + pkg.addPackage(new Package(component.getName(), component.getVersion(), "x86_64")); } } else if (component.getClassifier() == Classifier.OPERATING_SYSTEM) { + LOGGER.info("add operative system %s".formatted(component.toString())); info.setOS(new OS(component.getName(), component.getVersion())); } } @@ -312,6 +307,7 @@ private void analyzeBlob(final Map components, final PutReque if (putBlob(blob)) { var response = scanBlob(blob); if (response != null) { + LOGGER.info("received response from trivy with %d results".formatted(response.getResults().length)); for (int count = 0; count < response.getResults().length; count++) { var result = response.getResults()[count]; for (int idx = 0; idx < result.getVulnerabilities().length; idx++) { @@ -453,7 +449,7 @@ private void handle(final Component component, final org.dependencytrack.parser. if (componentPersisted != null && synchronizedVulnerability.getVulnId() != null) { NotificationUtil.analyzeNotificationCriteria(qm, synchronizedVulnerability, componentPersisted, vulnerabilityAnalysisLevel); qm.addVulnerability(synchronizedVulnerability, componentPersisted, this.getAnalyzerIdentity()); - LOGGER.debug("Trivy vulnerability added : " + synchronizedVulnerability.getVulnId() + " to component " + component.getName()); + LOGGER.info("Trivy vulnerability added : " + synchronizedVulnerability.getVulnId() + " to component " + component.getName()); } Event.dispatch(new IndexEvent(IndexEvent.Action.COMMIT, Vulnerability.class)); diff --git a/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java b/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java index 9ebeb85d0d..b344519f2a 100644 --- a/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java +++ b/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java @@ -32,7 +32,6 @@ import org.dependencytrack.model.Component; import org.dependencytrack.model.ComponentAnalysisCache; import org.dependencytrack.model.Project; -import org.dependencytrack.model.Severity; import org.dependencytrack.model.Vulnerability; import org.junit.After; import org.junit.AfterClass; @@ -102,8 +101,7 @@ public void testIsCapable() { final var asserts = new SoftAssertions(); for (final Map.Entry test : Map.of( - "pkg:maven/com.fasterxml.woodstox/woodstox-core", false, // Missing version - "pkg:xxx/github.com/CycloneDX/cyclonedx-go@0.7.0", false, // Unsupported type + // "pkg:maven/com.fasterxml.woodstox/woodstox-core", false, // Missing version "pkg:maven/com.fasterxml.woodstox/woodstox-core@5.0.0", true, "pkg:maven/com.fasterxml.woodstox/woodstox-core@5.0.0?foo=bar#baz", true ).entrySet()) { From 62528bbfd85c2b80eb56f80569e9b77c10fd4b33 Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Thu, 7 Dec 2023 22:03:08 +0100 Subject: [PATCH 11/21] fix issues with docker images (packages + epoch + arch) Signed-off-by: Marlon Pina Tojal --- .../parser/trivy/model/Package.java | 29 +--- .../parser/trivy/model/PurlType.java | 123 +++++++++++++++- .../tasks/scanners/TrivyAnalysisTask.java | 136 ++++++++---------- .../tasks/scanners/TrivyAnalysisTaskTest.java | 3 +- 4 files changed, 187 insertions(+), 104 deletions(-) diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/Package.java b/src/main/java/org/dependencytrack/parser/trivy/model/Package.java index 726f5e6dde..94d924568c 100644 --- a/src/main/java/org/dependencytrack/parser/trivy/model/Package.java +++ b/src/main/java/org/dependencytrack/parser/trivy/model/Package.java @@ -24,44 +24,29 @@ public class Package { private String name; private String version; private String arch; + private Integer epoch; @SerializedName("src_name") private String srcName; @SerializedName("src_version") private String srcVersion; + @SerializedName("src_epoch") + private Integer srcEpoch; private String[] licenses; private OS layer; - public Package(String name, String version, String arch) { + public Package(String name, String version, String arch, Integer epoch) { + this.name = name; this.version = version; this.arch = arch; + this.epoch = epoch; this.srcName = name; this.srcVersion = version; + this.srcEpoch = epoch; this.licenses = new String[] {}; this.layer = new OS(); } - - public String getName() { return name; } - public void setName(String value) { this.name = value; } - - public String getVersion() { return version; } - public void setVersion(String value) { this.version = value; } - - public String getArch() { return arch; } - public void setArch(String value) { this.arch = value; } - - public String getSrcName() { return srcName; } - public void setSrcName(String value) { this.srcName = value; } - - public String getSrcVersion() { return srcVersion; } - public void setSrcVersion(String value) { this.srcVersion = value; } - - public String[] getLicenses() { return licenses; } - public void setLicenses(String[] value) { this.licenses = value; } - - public OS getLayer() { return layer; } - public void setLayer(OS value) { this.layer = value; } } \ No newline at end of file diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/PurlType.java b/src/main/java/org/dependencytrack/parser/trivy/model/PurlType.java index 6aea75f8fa..0fa08675ca 100644 --- a/src/main/java/org/dependencytrack/parser/trivy/model/PurlType.java +++ b/src/main/java/org/dependencytrack/parser/trivy/model/PurlType.java @@ -34,6 +34,21 @@ public enum PurlType { PUB("pub"), PYPI("python-pkg"), SWIFT("swift"), + ALPM("packages"), + APK("packages"), + BITBUCKET("packages"), + CRAN("packages"), + DEBIAN("packages"), + DOCKER("packages"), + GENERIC("packages"), + GITHUB("packages"), + HACKAGE("packages"), + HUGGINGFACE("packages"), + MLFLOW("packages"), + OCI("packages"), + QPKG("packages"), + RPM("packages"), + SWID("packages"), UNKNOWN("unknown"); private final String appType; @@ -78,5 +93,111 @@ public static class Constants { public static final String SWID = "swid"; public static final String SWIFT = "swift"; public static final String UNKNOWN = "unknown"; + public static final String PACKAGES = "packages"; } -} \ No newline at end of file + + public static String getApp(String purlType) { + if (purlType == null) { + return PurlType.UNKNOWN.getAppType(); + } + + PurlType type; + switch (purlType) { + case PurlType.Constants.BITNAMI: + type = PurlType.BITNAMI; + break; + case PurlType.Constants.CARGO: + type = PurlType.CARGO; + break; + case PurlType.Constants.COCOAPODS: + type = PurlType.COCOAPODS; + break; + case PurlType.Constants.COMPOSER: + type = PurlType.COMPOSER; + break; + case PurlType.Constants.CONAN: + type = PurlType.CONAN; + break; + case PurlType.Constants.CONDA: + type = PurlType.CONDA; + break; + case PurlType.Constants.GEM: + type = PurlType.GEM; + break; + case PurlType.Constants.GOLANG: + type = PurlType.GOLANG; + break; + case PurlType.Constants.HEX: + type = PurlType.HEX; + break; + case PurlType.Constants.MAVEN: + type = PurlType.MAVEN; + break; + case PurlType.Constants.NPM: + type = PurlType.NPM; + break; + case PurlType.Constants.NUGET: + type = PurlType.NUGET; + break; + case PurlType.Constants.PUB: + type = PurlType.PUB; + break; + case PurlType.Constants.PYPI: + type = PurlType.PYPI; + break; + case PurlType.Constants.SWIFT: + type = PurlType.SWIFT; + break; + case PurlType.Constants.ALPM: + type = PurlType.ALPM; + break; + case PurlType.Constants.APK: + type = PurlType.APK; + break; + case PurlType.Constants.BITBUCKET: + type = PurlType.BITBUCKET; + break; + case PurlType.Constants.CRAN: + type = PurlType.CRAN; + break; + case PurlType.Constants.DEBIAN: + type = PurlType.DEBIAN; + break; + case PurlType.Constants.DOCKER: + type = PurlType.DOCKER; + break; + case PurlType.Constants.GENERIC: + type = PurlType.GENERIC; + break; + case PurlType.Constants.GITHUB: + type = PurlType.GITHUB; + break; + case PurlType.Constants.HACKAGE: + type = PurlType.HACKAGE; + break; + case PurlType.Constants.HUGGINGFACE: + type = PurlType.HUGGINGFACE; + break; + case PurlType.Constants.MLFLOW: + type = PurlType.MLFLOW; + break; + case PurlType.Constants.OCI: + type = PurlType.OCI; + break; + case PurlType.Constants.QPKG: + type = PurlType.QPKG; + break; + case PurlType.Constants.RPM: + type = PurlType.RPM; + break; + case PurlType.Constants.SWID: + type = PurlType.SWID; + break; + default: + type = PurlType.UNKNOWN; + break; + } + + return type.getAppType(); + } +} diff --git a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java index 184ae8bb07..5aca2bd9ff 100644 --- a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java +++ b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java @@ -32,7 +32,6 @@ import io.github.resilience4j.retry.Retry; import io.github.resilience4j.retry.RetryConfig; import io.github.resilience4j.retry.RetryRegistry; - import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -177,7 +176,20 @@ public AnalyzerIdentity getAnalyzerIdentity() { @Override public boolean isCapable(Component component) { - return true; + final boolean hasValidPurl = component.getPurl() != null + && component.getPurl().getScheme() != null + && component.getPurl().getType() != null + && component.getPurl().getName() != null + && component.getPurl().getVersion() != null; + + if (!hasValidPurl && component.getPurl() == null) { + LOGGER.warn("isCapable:purl is null for component %s".formatted(component.toString())); + } else if (!hasValidPurl) { + LOGGER.warn("isCapable: " + component.getPurl().toString()); + } + + return (hasValidPurl && PurlType.getApp(component.getPurl().getType()) != PurlType.Constants.UNKNOWN.toString()) + || component.getClassifier() == Classifier.OPERATING_SYSTEM; } @Override @@ -200,7 +212,7 @@ public void analyze(final List components) { for (final Component component : components) { if (component.getPurl() != null) { - var appType = resolveApp(component.getPurl().getType()); + var appType = PurlType.getApp(component.getPurl().getType()); var name = component.getName(); @@ -208,32 +220,54 @@ public void analyze(final List components) { name = component.getGroup() + ":" + name; } - var key = name + ":" + component.getVersion(); + if (appType != PurlType.UNKNOWN.getAppType()) { + if (appType != "packages") { - LOGGER.debug("Add key %s to map".formatted(key)); - map.put(key, component); + if (apps.get(appType) == null) { + apps.put(appType, new Application(appType)); + } + var app = apps.get(appType); - if (appType != PurlType.UNKNOWN.getAppType()) { + var key = name + ":" + component.getVersion(); - if (apps.get(appType) == null) { - apps.put(appType, new Application(appType)); - } - var app = apps.get(appType); + LOGGER.debug("Add key %s to map".formatted(key)); + map.put(key, component); - LOGGER.info("add library %s".formatted(component.toString())); - app.addLibrary(new Library(name, component.getVersion())); - } else { - var pkgType = component.getPurl().getType().toString(); + LOGGER.info("add library %s".formatted(component.toString())); + app.addLibrary(new Library(name, component.getVersion())); + } else { + var pkgType = component.getPurl().getType().toString(); - if (pkgs.get(pkgType) == null) { - pkgs.put(pkgType, new PackageInfo()); - } + if (pkgs.get(pkgType) == null) { + pkgs.put(pkgType, new PackageInfo()); + } + + var pkg = pkgs.get(pkgType); - var pkg = pkgs.get(pkgType); + String arch = null; + Integer epoch = null; + String versionKey = ""; - LOGGER.info("add package %s".formatted(component.toString())); - pkg.addPackage(new Package(component.getName(), component.getVersion(), "x86_64")); + if (component.getPurl().getQualifiers() != null) { + arch = component.getPurl().getQualifiers().get("arch"); + + String tmpEpoch = component.getPurl().getQualifiers().get("epoch"); + if (tmpEpoch != null) { + epoch = Integer.parseInt(tmpEpoch); + versionKey = tmpEpoch + ":"; + } + } + + versionKey += component.getVersion(); + var key = name + ":" + versionKey; + + LOGGER.debug("Add key %s to map".formatted(key)); + map.put(key, component); + LOGGER.info("add package %s".formatted(component.toString())); + pkg.addPackage(new Package(component.getName(), component.getVersion(), arch != null ? arch : "x86_64", epoch)); + } } + } else if (component.getClassifier() == Classifier.OPERATING_SYSTEM) { LOGGER.info("add operative system %s".formatted(component.toString())); info.setOS(new OS(component.getName(), component.getVersion())); @@ -307,7 +341,7 @@ private void analyzeBlob(final Map components, final PutReque if (putBlob(blob)) { var response = scanBlob(blob); if (response != null) { - LOGGER.info("received response from trivy with %d results".formatted(response.getResults().length)); + LOGGER.info("received response from trivy"); for (int count = 0; count < response.getResults().length; count++) { var result = response.getResults()[count]; for (int idx = 0; idx < result.getVulnerabilities().length; idx++) { @@ -457,65 +491,7 @@ private void handle(final Component component, final org.dependencytrack.parser. } } - private String resolveApp(String purlType) { - if (purlType == null) { - return PurlType.UNKNOWN.getAppType(); - } - PurlType type; - switch (purlType) { - case PurlType.Constants.BITNAMI: - type = PurlType.BITNAMI; - break; - case PurlType.Constants.CARGO: - type = PurlType.CARGO; - break; - case PurlType.Constants.COCOAPODS: - type = PurlType.COCOAPODS; - break; - case PurlType.Constants.COMPOSER: - type = PurlType.COMPOSER; - break; - case PurlType.Constants.CONAN: - type = PurlType.CONAN; - break; - case PurlType.Constants.CONDA: - type = PurlType.CONDA; - break; - case PurlType.Constants.GEM: - type = PurlType.GEM; - break; - case PurlType.Constants.GOLANG: - type = PurlType.GOLANG; - break; - case PurlType.Constants.HEX: - type = PurlType.HEX; - break; - case PurlType.Constants.MAVEN: - type = PurlType.MAVEN; - break; - case PurlType.Constants.NPM: - type = PurlType.NPM; - break; - case PurlType.Constants.NUGET: - type = PurlType.NUGET; - break; - case PurlType.Constants.PUB: - type = PurlType.PUB; - break; - case PurlType.Constants.PYPI: - type = PurlType.PYPI; - break; - case PurlType.Constants.SWIFT: - type = PurlType.SWIFT; - break; - default: - type = PurlType.UNKNOWN; - break; - } - - return type.getAppType(); - } private Optional getApiBaseUrl() { if (apiBaseUrl != null) { diff --git a/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java b/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java index b344519f2a..8a9430da95 100644 --- a/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java +++ b/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java @@ -101,7 +101,8 @@ public void testIsCapable() { final var asserts = new SoftAssertions(); for (final Map.Entry test : Map.of( - // "pkg:maven/com.fasterxml.woodstox/woodstox-core", false, // Missing version + "pkg:maven/com.fasterxml.woodstox/woodstox-core", false, // Missing version + "pkg:xxx/github.com/CycloneDX/cyclonedx-go@0.7.0", false, // Unsupported type "pkg:maven/com.fasterxml.woodstox/woodstox-core@5.0.0", true, "pkg:maven/com.fasterxml.woodstox/woodstox-core@5.0.0?foo=bar#baz", true ).entrySet()) { From ea3658ad3bbaec7588aceafdf1d888d2a0bd2850 Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Wed, 13 Dec 2023 10:50:26 +0100 Subject: [PATCH 12/21] split requests per OS Signed-off-by: Marlon Pina Tojal --- .../tasks/scanners/TrivyAnalysisTask.java | 105 +++++++++++------- 1 file changed, 65 insertions(+), 40 deletions(-) diff --git a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java index 5aca2bd9ff..a74dfd9677 100644 --- a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java +++ b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java @@ -41,6 +41,7 @@ import java.util.concurrent.ExecutorService; import java.util.concurrent.TimeUnit; import java.util.function.Supplier; +import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -204,10 +205,11 @@ protected boolean isCacheCurrent(Source source, String targetHost, String target public void analyze(final List components) { final var countDownLatch = new CountDownLatch(components.size()); - var info = new BlobInfo(); + var pkgs = new HashMap(); var apps = new HashMap(); + var os = new HashMap(); var map = new HashMap(); for (final Component component : components) { @@ -233,17 +235,11 @@ public void analyze(final List components) { LOGGER.debug("Add key %s to map".formatted(key)); map.put(key, component); - LOGGER.info("add library %s".formatted(component.toString())); + LOGGER.debug("add library %s".formatted(component.toString())); app.addLibrary(new Library(name, component.getVersion())); } else { var pkgType = component.getPurl().getType().toString(); - if (pkgs.get(pkgType) == null) { - pkgs.put(pkgType, new PackageInfo()); - } - - var pkg = pkgs.get(pkgType); - String arch = null; Integer epoch = null; String versionKey = ""; @@ -256,45 +252,56 @@ public void analyze(final List components) { epoch = Integer.parseInt(tmpEpoch); versionKey = tmpEpoch + ":"; } + + String distro = component.getPurl().getQualifiers().get("distro"); + + if (distro != null) { + pkgType = distro; + } + } + + if (pkgs.get(pkgType) == null) { + pkgs.put(pkgType, new PackageInfo()); } + var pkg = pkgs.get(pkgType); + versionKey += component.getVersion(); var key = name + ":" + versionKey; LOGGER.debug("Add key %s to map".formatted(key)); map.put(key, component); - LOGGER.info("add package %s".formatted(component.toString())); + LOGGER.debug("add package %s".formatted(component.toString())); pkg.addPackage(new Package(component.getName(), component.getVersion(), arch != null ? arch : "x86_64", epoch)); } } } else if (component.getClassifier() == Classifier.OPERATING_SYSTEM) { - LOGGER.info("add operative system %s".formatted(component.toString())); - info.setOS(new OS(component.getName(), component.getVersion())); + LOGGER.debug("add operative system %s".formatted(component.toString())); + var key = "%s-%s".formatted(component.getName(), component.getVersion()); + os.put(key, new OS(component.getName(), component.getVersion())); } } - info.setApplications(apps.values().toArray(new Application[]{})); - info.setPackageInfos(pkgs.values().toArray(new PackageInfo[]{})); - - var blob = new PutRequest(); - blob.setBlobInfo(info); + ArrayList infos = new ArrayList(); - try { - MessageDigest digest = MessageDigest.getInstance("SHA-256"); - //todo - need to establish standard and requirements from trivy - byte[] hash = digest.digest(java.util.UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8)); - - blob.setDiffID("sha256:" + Hex.encodeHexString(hash)); - LOGGER.debug(blob.getDiffID()); - } catch(NoSuchAlgorithmException e) { - LOGGER.error(e.getMessage()); - blob.setDiffID("sha256:0000000000000000000000000000000000000000000000000000000000000000"); + if (apps.size() > 0) { + var info = new BlobInfo(); + info.setApplications(apps.values().toArray(new Application[]{})); + infos.add(info); } + pkgs.forEach((key, value) -> { + var info = new BlobInfo(); + info.setPackageInfos(new PackageInfo[]{value}); + if (os.get(key) != null) { + info.setOS(os.get(key)); + } + infos.add(info); + }); CompletableFuture - .runAsync(() -> analyzeBlob(map, blob), EXECUTOR) + .runAsync(() -> analyzeBlob(map, infos.toArray(new BlobInfo[]{})), EXECUTOR) .whenComplete((result, exception) -> { countDownLatch.countDown(); @@ -337,22 +344,40 @@ public void applyAnalysisFromCache(final Component component) { component.getPurl().getCoordinates(), component, getAnalyzerIdentity(), vulnerabilityAnalysisLevel)); } - private void analyzeBlob(final Map components, final PutRequest blob) { - if (putBlob(blob)) { - var response = scanBlob(blob); - if (response != null) { - LOGGER.info("received response from trivy"); - for (int count = 0; count < response.getResults().length; count++) { - var result = response.getResults()[count]; - for (int idx = 0; idx < result.getVulnerabilities().length; idx++) { - var vulnerability = result.getVulnerabilities()[idx]; - var key = vulnerability.getPkgName() + ":" + vulnerability.getInstalledVersion(); - LOGGER.debug("Searching key %s in map".formatted(key)); - handle(components.get(key), vulnerability); + private void analyzeBlob(final Map components, final BlobInfo[] blobs) { + for (final BlobInfo info : blobs) { + + var blob = new PutRequest(); + blob.setBlobInfo(info); + + try { + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + //todo - need to establish standard and requirements from trivy + byte[] hash = digest.digest(java.util.UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8)); + + blob.setDiffID("sha256:" + Hex.encodeHexString(hash)); + LOGGER.debug(blob.getDiffID()); + } catch(NoSuchAlgorithmException e) { + LOGGER.error(e.getMessage()); + blob.setDiffID("sha256:0000000000000000000000000000000000000000000000000000000000000000"); + } + + if (putBlob(blob)) { + var response = scanBlob(blob); + if (response != null) { + LOGGER.info("received response from trivy"); + for (int count = 0; count < response.getResults().length; count++) { + var result = response.getResults()[count]; + for (int idx = 0; idx < result.getVulnerabilities().length; idx++) { + var vulnerability = result.getVulnerabilities()[idx]; + var key = vulnerability.getPkgName() + ":" + vulnerability.getInstalledVersion(); + LOGGER.debug("Searching key %s in map".formatted(key)); + handle(components.get(key), vulnerability); + } } } + deleteBlob(blob); } - deleteBlob(blob); } } From bd906056f12112ca4fd6994b31fd9e8924ad7922 Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Sun, 31 Dec 2023 21:31:18 +0100 Subject: [PATCH 13/21] fix date parsing Signed-off-by: Marlon Pina Tojal --- .../parser/trivy/TrivyParser.java | 32 +++++++++++-------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java b/src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java index c982317b8e..b703ef0b51 100644 --- a/src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java +++ b/src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java @@ -31,6 +31,7 @@ import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.ArrayList; +import java.util.Date; import java.util.List; import java.util.Locale; @@ -59,23 +60,17 @@ public Vulnerability parse(org.dependencytrack.parser.trivy.model.Vulnerability vulnerability.setDescription(data.getDescription()); vulnerability.setSeverity(parseSeverity(data.getSeverity())); - SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'", Locale.ENGLISH); - - if (data.getPublishedDate() != null) { - try { - vulnerability.setPublished(formatter.parse(data.getPublishedDate())); - } catch (ParseException ex) { - LOGGER.warn("Unable to parse published date %s".formatted(data.getPublishedDate())); - } + try { + vulnerability.setPublished(parseDate(data.getPublishedDate())); vulnerability.setCreated(vulnerability.getPublished()); + } catch (ParseException ex) { + LOGGER.warn("Unable to parse published date %s".formatted(data.getPublishedDate())); } - if (data.getLastModifiedDate() != null) { - try { - vulnerability.setUpdated(formatter.parse(data.getLastModifiedDate())); - } catch (ParseException ex) { - LOGGER.warn("Unable to parse last modified date %s".formatted(data.getLastModifiedDate())); - } + try { + vulnerability.setUpdated(parseDate(data.getLastModifiedDate())); + } catch (ParseException ex) { + LOGGER.warn("Unable to parse last modified date %s".formatted(data.getLastModifiedDate())); } vulnerability.setReferences(addReferences(data.getReferences())); @@ -101,6 +96,15 @@ public Vulnerability parse(org.dependencytrack.parser.trivy.model.Vulnerability return synchronizedVulnerability; } + public Date parseDate(String input) throws ParseException { + if (input != null) { + String format = input.length() == 20 ? "yyyy-MM-dd'T'HH:mm:ss'Z'" : "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"; + SimpleDateFormat formatter = new SimpleDateFormat(format, Locale.ENGLISH); + return formatter.parse(input); + } + return null; + } + public Severity parseSeverity(String severity) { if (severity != null) { From 842904bc96a7b013bd16ed79f80305009db64deb Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Mon, 1 Jan 2024 22:03:26 +0100 Subject: [PATCH 14/21] add support for trivy configuration ignore unfixed Signed-off-by: Marlon Pina Tojal --- .../org/dependencytrack/model/ConfigPropertyConstants.java | 1 + .../org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java b/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java index 53666c4179..dc168d7c7b 100644 --- a/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java +++ b/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java @@ -61,6 +61,7 @@ public enum ConfigPropertyConstants { SCANNER_TRIVY_ENABLED("scanner", "trivy.enabled", "false", PropertyType.BOOLEAN, "Flag to enable/disable Trivy Vulnerability Analysis"), SCANNER_TRIVY_API_TOKEN("scanner", "trivy.api.token", null, PropertyType.ENCRYPTEDSTRING, "The API token used for Trivy API authentication"), SCANNER_TRIVY_BASE_URL("scanner", "trivy.base.url", "http://localhost:8081", PropertyType.URL, "Base Url pointing to the hostname and path for Trivy analysis"), + SCANNER_TRIVY_IGNORE_UNFIXED("scanner", "trivy.ignore.unfixed", "false", PropertyType.BOOLEAN, "Flag to ignore unfixed vulnerabilities"), VULNERABILITY_SOURCE_NVD_ENABLED("vuln-source", "nvd.enabled", "true", PropertyType.BOOLEAN, "Flag to enable/disable National Vulnerability Database"), VULNERABILITY_SOURCE_NVD_FEEDS_URL("vuln-source", "nvd.feeds.url", "https://nvd.nist.gov/feeds", PropertyType.URL, "A base URL pointing to the hostname and path of the NVD feeds"), VULNERABILITY_SOURCE_NVD_API_ENABLED("vuln-source", "nvd.api.enabled", "false", PropertyType.BOOLEAN, "Whether to enable NVD mirroring via REST API"), diff --git a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java index a74dfd9677..93c74c8bf2 100644 --- a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java +++ b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java @@ -372,7 +372,9 @@ private void analyzeBlob(final Map components, final BlobInfo var vulnerability = result.getVulnerabilities()[idx]; var key = vulnerability.getPkgName() + ":" + vulnerability.getInstalledVersion(); LOGGER.debug("Searching key %s in map".formatted(key)); - handle(components.get(key), vulnerability); + if (!super.isEnabled(ConfigPropertyConstants.SCANNER_TRIVY_IGNORE_UNFIXED) || vulnerability.getStatus() == 3) { + handle(components.get(key), vulnerability); + } } } } From 8c618c06656530ac1457083678e6f81533c5c8ec Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Mon, 1 Jan 2024 22:09:38 +0100 Subject: [PATCH 15/21] update configuration image Signed-off-by: Marlon Pina Tojal --- .../screenshots/trivy-configuration.png | Bin 194159 -> 232266 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/docs/images/screenshots/trivy-configuration.png b/docs/images/screenshots/trivy-configuration.png index e51f813324923b5c1dc3449cd5abe395bb6d8fdd..0f3e62e394ad0e44c7832880d37611230afb63d9 100644 GIT binary patch literal 232266 zcmeFZcT`kMvo}lzK?Fo{76p|gf@ByBfT$$NSwKLtFyt@;a*!Mp$x(u!of`dc&h=d5Z676y!5V#;?_27Z3;)4h5s!k3TR<`CiIFEv3w25`p+h|ku z-$h0B;!#Ci_N0DjjdPQuyjSvdcoYH2^;TKclFU%jLPOr?547d3rg3HW#8j@fJ*dF>PDl3`@c=&|^VvXrR*o;} zQxkJMqDW(Q6L_mUo(|DCEY58N_o_pYSbGI#3~L-(DXY^&j1wFn_CU3%C(s>)<4$9I zm5;#p#u6VF&Et7`t#qCM-1}0-5oPbIA4dqicdz=&C76ou$b)08!K#u-=-YbzyHMz% zuIhtKI#bIM*=t0y(HBaLAs7PO<`v3``%D*_oqV)fDI|2E1D*7P^E;(PB~JVy8MN1K zMa}PgJWX3UoVgBC5&7|rQOmkgnAb?gGQKLQhWhG!JgH-(7^ei0DN7J2h=9~9NbPYY zFR!9iB;yX5*lkN++>$b1x+}OPRLvZ7^~;ZF(%#-AoxOiin?yoapqxX!-6Zd@OzP9uqR9~-UHi-W*;onv@0u%Sj4flqH!0QGD|s(pS9p+* zTcUo?{{C<67B3t{xILTXZ-vIe9WFT5t1>g@4#Gq3WOMA?Iw?JU?RR9#R3z zK85~cC&h64(#^R*@E86IE$dmhEGA!azx&mY{C4k4dyQGoZ*y4$G2O(9CeQ1gc$MGI zw|riA1e+M;CW{7+7Np;}cb8U$|2MK{pCTeDjcv#{@kD(v0FRO}Sf9al1&{iol3G5a2bnN1<)VQWny&a21H?BTDwy&+F{ zM8nCn{e6(R_!<$le~?KtWd@6V(8;Wf`?Y$arq$PFuZsLUysNmSIGib2FBeitT&QXd zeVhf7V<43H013K9#{gQyt9p~T>CV1MHuT|6cN4iE=Oz)l*b%xs#!||xIk}sE8`_VV zxCn7)yd_yG#BiO0gE-0#%KFKqXjUfoY7a8EcYC8uRx~D1X#8yGw@KcwKl_SqO)#32*f4Q8f<5 z4}3h?+a$z->{MB=9d94oR(EGVzZ_3w;r~qaQmk*xbG}g=5&w6e#7R*%#0gXJ)co#es?4(DbZLAiWN;$}h<4#=b1mxG%*KRuFo7Z60naECm> z|2=0%RK<6$ETS=g=7-AcOHr5RX?Jl} zPkt#Qw0G#`-CAlpS(S9UUYnQP$9Nmxa6U!|-WKYlGBaW3C3^Dhj^IrZe4cN&immf6 z*}UmFA{`D!K4){hstix4<}~@I)_m*u3VVkVg; z;5WI#5qdjV^>Hq{?R94M`BQU1vrDt*oTDl64pm9y z!>bHY%#Rwg=r2cVJi2wgfMeqt3#TEM%UhY;Pk9NSYjOi}vp)q7Js!L@=$gx-S(ksH zu_2@zYAbiZ1&<<}zd7GB&o^(eE9XRaBqWz)`d}yf+B2scWjFI~y1Z9^U-w>gb#--d z)o9gm^(s<#HE+l*FHIAgj(Pj}K}C*Ju37G#)vK!_z+JvoCdP0JC9?GFK2odDmv_sf z%TLNF7@f(v$qV1enthbdmiKQp506WHp~Rz9xhU3U+C|#slSp^htNgp(upTpC>hQ&a z#|8d+qUFcsE90EyX61Vobk_G=46C$N6nc~dbR9~KvZtvUl!;o4EnYErgtde&eIMjnssgBWg;zb1Dgk7X2QoD^y%-yla^0eyqk5au^Al+MNuKW*a&$y2dBj z9h%ySHbHAoN4Q3`?JwEiuR_|3POWUJZSGC#Pr^LiJs(N0O4Um9Ne@WpNjVfd>z3pP zNx5zD}yvbQ3f0i0D~-t#t_9eY#r6D#ojC#Z?# zkrjuD#yG0XDKx8uf}&+r=+lZh zXAMoC&&@SUDpo3%X2rhfnip)l+qR|t`dMtYa|EM|^>HrQr#GK620scv({mahE^qAn zlBpfB$%v5o=-i1c5i#SAlosuNWiVaMiMR{jYu$Rnot2Zd^$7blbXIfk_)ay0CPRbw zB`6IxfL*ruelOoX4L`L^*M65l>=AE=sEvn~TP4(0&NVWKQ;)|phB~&4W68(<>1O35 zrv82Xv3JGk{;9tyi(_H6%j>q^+NdS2U3&LSap~b!Fc0^^W6msnvZ&W3gh~Om+X{_J z7Ca|%2kGC7a!Z%LWz8#|aM`HPs@Nx)g3Q0X&uQUkfho1*?B-NH6-pBE8uwpWUrDlH z7rJ9n-dP?m?q)HP->W-escx~d zgensm8Dn9XkKfwsyJU?q7uvhyB;&N-Lv_C!yJJSEV1<|psM=!2K?`f>hyVval|W77 zAav!xe7qwhPFjz(qTYlMEH@TX#RD&r(w@~SF`+S!vDI8!{XV2*!#l#OyJv29Fm4m$ z7lYK4*ChKqT|}KOQo($nJl3;eR{ffsBS??feq5}A&n)Ss!yqE#*Iwtu^W&^ zZl4}x1C^KlLCL|;M%B2ni!UTSAJ;0rzjq>jYIN-V_@LwM)8|jhRQCKHCDutFaTVII9sVWB&S7f0a=+zZ3L1yq+&d|yAY!Y8zVMOSySXqh&=cJl z)tHa5MpYc?H&@l6kI?ALsqb?RX_}tP2?^o4H<07#-NJEpm&pv%O2u9wR7=&RAvxvF zm*Tt?LX6|Gjg>AW#!OA(JV(*GpT0g$G{XtX#*JDgRMj5&BJoN~J(*`AfTRbP$qZ&O zZ|MtFe{b2%HixMpbkY>v2A>Epd3w8X!CDG|2}Ovxj-rK<63#8)oCJpeml1~$IKu_L zGPq2Cp3CFjz`_6hIvx&ApcM|mAI~TQ$Folq@I5Q@^N9cM4GuBz?=tXpPsjV$(-%q7 z@&9#B_z1X%b5H$&q9SlqH*+#Kw+Fv;a4roMd=6Z=@amB+7zc;;`q>v(@!7R);Qgak z8amE8N>3%s9PIc_UO1SV^Sj%<0-nafk#d&+PVLN{P1xP-Z0*4k?$TF(e?kH{Kf5e& zmHqceoNc79>L{tQKX7m|XBXkW&42r<3@JN1yOh%l3yEhB<^L!S{FA==(%Jcygn)pX zn;XBI5WjSDil_@DB-K>EUTM>P zU}zLmKFuil#nztHOF%G*fBydcix|&2C@Cp*NVxj6f0aVO8(cCV(Yo}%-cKCAep*V( z8yiPLo_~k9^LTi6bXy_6{i_eZz}XvWxVV0oQ^dY;{W^t@@bK`C7~6lH#_10U2?!oL z&s|LV^%l>Qk&w*W+@Stt?)Y7%0Z7~zEM)sPNG!n49#!<==`RrWkM=#*kd;k;$lYCh z;nyXu(breD@y(rIk^{D-OM8O%}tF!e7b;U7sokA{-{M^gXN=KZ67|5Dh_tjqsr zn@T%aT<4F8NV@74A)9`b51mx5-plVFXnPIcoks%x^-TH;f)IZ8UeBQ!g^9bO zVY)&&aD|a%&FkOg?Zy@2>`)!6kfZP6g0o3Ip9ht*#R)H+PGI_SdiZz7nTp^X#B4H_ z0gMu*2U`$2C}z*tG-gOEl#@b|_szwlYI)CTvz`XilT>L$l0#z%8Z}lWf1LlATPaB- zILW?2dUYs|E}B~@BE@Z5@S{qKR?J73j^(`rbSRxb1}SsM%R3hX{?*F!nDO)*gg{S< z4_hbTmy?hY2?IHB9{7gF_41D_aUn66VC;D(7+-a>Np1)2PbrVVq!*cAnLBSyOBXgQ z*3!Ep?}D{*KX6*6y13@ouYT5bhy)$z7(iC8-|Yw65fZeo4hHiOlZQmGNVMjpK^OyB zyj8=!)5@a>hfsGqc$t{&tJOrh_3di}xs;PN%*^<+GE*ft==l=)7}>n{@6~Ug?tz_4 z(wP^lqka+M{((pA?_I2OM6~W4no(G)d;!h(enV7@7#UN>1y|ZlG!KnTQM$a7L$27& zH3yg2Y#9kw5T#Zd>*M*@k(o z4|B_hGi#b5__8vEqxu^k1iH@!!x5#S0;x81WM54R>71f|g%iHA7f4A+-v7wr%jGDl z7-n>AYoTi?Ur{$3P^t>Kss52S>Pfar$c!E8Y+%6JQmfO9=1;-h!Aq%Lu8l?7Nw|JT ztfxhj_ihpqK+Lbkah?Yo{P~RPGXUgXziUY5T70ru=C)q5w7GL2xz&nG%v{~X@4C>0 z+h?_NeXiD~FydfCvUyS8o}s8gLQGlwsQIYzqp$4H1ww+)_Ssy&1mgUjQ66>?5Uh$= zGuw?!-q0&3g$P?$=nUG8Ui%ovL_^(pe610>6HJdCI{~K@eSE^plp?wnopN&caqpdL zxM_)tNa$im;pOlNepYH2_Ktl0u|}BtLYu(}aFv+_dl>h!-y}Fl!o}>gIMVDis><{b z%GNQIpwH2ubu#0?66&lc!dU*2Wq>OzT=83A3rawm3RI8P>whsknK(3B0yS{d&97a( z<%m!cg~wl~W)0O?Af)lgVvyB*gDTUDs-l?-6_^4zGH)=2&0<=X0i)5>|u@4O! z^w30V{|9W|&0Wi1XIp=?$m9s$sL~e0?%5Po9O#vFd#))&vQA~nmBsE1 zjTpDC6_H0sZq{?2sgMtL#~(@?2ln{%E5Zt@j=;_vwFbO(ouz^<5^Wj%A5k<*c0 zn~gbN?J4W_SE#4zP(ieObm848aZi)r#9L6xfgGi-_NqxIaQ#WQq^|geLr=p&d%Iq%lDF!c-w9gpe?Q!h z{?Mi)^LU*#h(XBWy>|Gewo^8z(b=)31?_cO@>S8!#r-t_SZ4$|7E@QfpAqVWgtl=M zj27rujhf~aWKNKFC?pNrneAq^37($J?wo>qTB5O@QV?bk$A~e+1hRAkCSZOp6ZPkO zuYzMciG(C;)|cjz7$@z@sCjB@+Kec>ZWH#9d5LbLQqOr}?YH&Aq$SoXhHh(gN|K#M z8Y#v{Cvg~>wCTN`<@$xfK1YAMJ(Y#_85xwS_fBs`P0vw)NFG)&cEjZ*<^$HdkE_GKT-_w9{GvqQPw@6oZZkDV1=U zTU~Pq60sX^9>OPX^+8QX=bh}`KY1Z|Bu8h=7%J>=u&1uu^rQ3zheytJ3HX7uSF7lZ zH_gdbnL~gl6m~eLV_&m?C{bWjqHTt;DeQ0P&w3x5^fxQ^p@JSnx9koe>d6E`K%O+o5+qaNHZJ1Fhe#>-8SLH-E zvM$?Y8nV|Vwih;FYC4zPSj$_XVc^;VD&3vLJd*BTi-p|+KU%Xb-{AtMjO-qKl7qdN zhDS0PLvEmCVBq&_kNkd3PxD>i-N*GStwow1HAFWm%Ec9aD3Vxie1~@C#mUQl{xKzX4g0&l7PJ;#707XoT}nTvO+q}vyf;>ME$$wt zZZb!0vfnma>>RZ%<8vabw%NV9g15`$P=8(j2R4$2zen0b#^=_l>x2Va+I5wB(0)4p zl4qNIIAhCE+iNtxVQuq!ptlJ*X(3UG>v7M#zFGz-||(PE@L zJl*TbK+Lfqf)!Xp>5RNNyiBpHHu+SN$juZ2+IG|B-VbV3_PXVEQ~dTY^sxKVMpcGd zbZg0h9xN2bg?MVbQb_1Sk%pc>*~QhabZ_w9IVu*AQ7N3dY2-Z{;J(sA7riAVJYH!> zH*sn{p#v_cC@o~IMorU;y^{5)8at^!wtpA4_VESkw__wz^BMZ^Co-Z*^Om}%S7FP* zQ&8%(-fxN05gxnAF6}n@h1lGOujFBlPL}T8BN(_S#mf@jErl+pmvpt&!mQ>AfXSBk z@bS{17>{z}d>^SK0(P0>AO2aGczT)BI@_f;<+HTEgSHLo{Rs2AtJI>fsuv=`SJm2Ws3!^wA&y{@dr&vUWOVaSpDvtm>#clE}OOk~7 zV-dEo!1+iI@vNnRlON6M%AvL9=3}R)OEpV~jjHL8$_+iZbzT7jlWn;gfK#r?JZ*)1 zb%bk;YI4|tfB}6lD|a5~_vbU|B7`BLz>tuycN-JbEVUXeRCnHx_9{6z!B-A5_qZn=#_Ji@Wjjy}uqBT(<$$6E?OEh!?c8cIv_iIvNB~1z5#&v` zWeBl-$_Db{aMAl@f0=&SadalrF=b`lb(JlT)?*sLD ziYIt@X`;LQsd2aED3;H*#D3*pT}F&p+-5wq zJ@(dpItnTyU@XF3R6dONm!X|~J8e-MG^^`nJ&>Ka4NRg>AWIe2=4pxqpIc*T%i2O{ z&p+2zA9rF@8}r_6(88W zSCG8#Hm8{LFy%$g8|sL)v@VCE8gh}R${sBtPc>YkUx5`^!1;e}KZl*Rp*?1f&(;DM+$HQQDxD@!TXSL-Yh4Yp}p3 z%(HN6*k<^umiTIa?u`4}!-JZ@xzNDEuAvSJ5^u}GpwBA9xtkrJJ{JE zi%ed_!_d5=ydP>_YgtE}RY&q3MmzKJM8|Y*TF|Gz*&VTtHf^0(JR_L7xr^BXrfqIX zZlaZr!ia802K#)|K#7LGaXv#w(gW|LplXUL&d}9E$wmJ|8nv>-O-NODt>EF1HexVZ z<@2k}c3f?_9OV=Q#%nYDp8qWwX;6Xt#D<&PfQ1s`Z6I3&PxKV=;=yXa`KRjr5S~)P zA2Eakt>Fwzb=N{ypcw1v43Ax5%tWTL(_A(dBib#6*iX}LOKpb^k1biiBPDjX50}41 zI=L)XxJwtPvQj?sCzjkOHmpnsjch{$ki*8H3#!RcKI2|JQ*$R<^7EfN^R^n^P0{rm zlJ{@Df5X4~fUu@@?}mmb`>U?>dyZSuZatY*#xj#1d`{?Jb*;nn6<8g0DkmO5@{TT$ z?2p-1jeZ*Ge!D65stIz^97M&rSJxfmHUlmi{b1QsLv(A=Ey9UT?bm$Js!#C9Tx8Q1 zLTp-hy_l2wAY$9)^g{Cm9(UX(ma=r5Ycx&gP{!~HI_AW@I5x`okvZ%o=pmT52DvFH zt(z=$*lhT&612gpI^EYV$xOd7JT2BraUwPmkbdfp^6v?@NU3WbRhbT^AWD7)agRV1 z)}ca&r=WD4)9&^Mmk7awH%?_6j$IJJa8||C#%ZyL6{xKg_LMBZO(Zh5D^WC*$)WM? z>Tm%Q6ojpJUtG!I8Jw&^b@$cv*b7>8#*b$9@YB%tR@qI66xLwgbS;CeiVjCUd&q3ud-qpnR=zJ z7pAT(!C}O7I-s*y5djHHzXlcVA7Ul;INr zqUm{x3czYDKZoGq(Q$u>HILQhx?t-~ufXE*FaWX#%C9y>iJ@MTl|DGbY*MIop_+j` zNrjq-E59hh@6JTnLOG4qUuCrBF>g4Xv4obyiv#tkJvYjiu<6A<^9i3a86yxlEneav z(Bq(LJ`ELi30vjT8830ysH@H%BKrd=bP(|g(c0Ok00&{NOE^^MKTQ&oF_JWo6z|R< zj>W8D`s}BaqJ5j9uCe!mv@Ma*g~3Fj<=>LJqrRJo|d+`IPSUz!ipb&emIO#PrHrPXg^Jrs=42A=8e$Q?wOwDm@;Ia zGEYCP=&oIB-Qn(@c6=Ub=oYM&DIb@Xh(M20D+eKm^3ZeDrMHRnT4`j+424zV^zK%%?O=;mrr6fj&dW>iN-hpHr)Iqa09af9$ zH+8%p!6x5xvZZ?DX4RVx;VrWrIm7Iknt57%njdg<I*XhckF}hD zts|tio_WkVVy_3pw3Onbys6QX;@a7I*L?T=s7ak27`~)6>VldwgQs}X*vY1szPitW z>o=GV_qs3HL0f#OJ1QTm<2!vOn{IUZ;^BlJaZ4+c!@G?uf(n)%#MXD%Rkd=ICsEs+Z!vte z7QN}!sMN8#EAxhh_jdr7Na$i{We_k=mMm=WRNXZ2kWKFuZ+FT1)5&tKlk`{u+EriK zz!?YXC-!9u@+Yf`K4;cz?}f5IfmJ&DRLzeVgy(gng}Doztt`8)ug|!WT9F!p9=pK3 zv!M=>?(&ZCi;a=%OlBdaM;jdv9*-fCGL3MF`Ky0S>Iir|#-_N3 zPC>9?>p$;4_OQ(12KQPnrI>#GEqJVtTy*?)gp~Ec{R1QEsveden|C~{(^U?Yvgn^~ z$%F>4hevInd2x(;B}uN-9(o%|lDvmj?Kc>qJxh*PZJOJ83NA})>59kdS|m)aI4ity zR>KT_8gPOGWQ^Kme0AWlWGP9IH5;RC3=s!BpJMXi^fc65%0X=0r}4I`f;`Xp_t#DTs;hvuhtw3==Z z=g3>U{{S6-wJ7PQcUdPFAFn{$5LA00b0^aW#RhMQOoIxmEEd+WQ5Vz|u|&fo!bE!} zLD~-YhzYc0j!R$mSDJ-+qO$3oz8%%9Ve|rO6}Nx%DX@je(du4{0L^B(AFo(ipZ3>n z)o8ExmRSyOU8ggmx59aDUnB=OS{krbx!8~ne!xum@a7Ezz7a$S4>lntQhYVn9g9XS z4ogY8wk^cL`=1ExC5_*E4wRLBzGUbcJX26+ueI=%tUEL(%~L|VfeRlmuc$;m+4Gp8 zY>7Pq!JT%hy(zH}pw)J21RdZTgC|}hIR*b{((&F=-Wg_cXuSYu(}%Q)PsizceyTp) zg}#6b)E&;9c`v~(1O!f3NdI(woaf~FtzuPT0>F{RkjE-{qd#y9y3>o?*#J{?x+DVf z-`b8Y3X%`445xCCqI=-baP4;j#!hegzO3p_Gu@4++F8_vJ}J}(OXANrKD-_Pc(V8l z8!S|{%<>Ab%%IcTAK#4+fiwZZGXSH*`)ZZe+<)p+XlaVR!@pe5J72uE6kwSr7MlH( z-&j!7)PS!jY^|_HVzbd^Q<9IjKi_IHidVMC80P2Ognh+y*ZRtcAyi#h$rjS+bq^x@ ze5TY?^Tq)F-nimy`h!d1T~(u3TO(QMyw<04zA9fhVzDb3(sKN9 zkJvKsV8W~D@L<9LoJ06GsopQHYcivrAvY3Zdi?(8&NL0$tbf}C{8STIg9tuYvwO>e z-Ci9q>r`-9T;*N%l`YHmdWgbT?kYqf2T-kXk<;(%TnnRkON~FGX8WoQbLde!`hx4T zOinqARmB4l(um@3mx2Wv>1icVn?kUuu0BYNrgo@Mw*-$Q+@V{eQHr0kJD33rN~i&S|07X6T!6##Y}v3D4iR^U#Wf!zbkrlR8=B!Dpnxqp>g!_*Rv^ zUMX8TI7D2|6NQ#0YR{k}CHeI#ZE4u*u@D2djk`4^@9EAUo+uZ>ZaBlkK>FqLNw*&9 zg&flq7bqP(&HeGg(d)hLZ~!xLxfRx{4*529H@HPi`?z+{E~8eacr3a<(>q&@7MoOl zla&Zuv9ZVXYj=g-VC$)8_RKGTmh7|Xp<4mvuA?(ZUN_y|(}rJSL1a9MW|2%3362C| zZX9E_WO#~1VPK8vNVi{fH(oF9B_`-MB+!ytUbl7g4d#S}7qP*vw_ft#`KXdiuOz|C zaHgneXI|BHV%KuE6ls@d3{3cGon_e@baFr&@uyYlu2T-FH3IUDJ8AKU8%tC!R}*=M z#bZZJ<6hQ$WfTNkG!tv5&?7)zpgetQXfpU9VJ8rDDzgd0`iY_HYd{q~kV0^?nnH^_ zlO1!WLS%%r+lCPQ>rNVKN?5nvXP}@;p}`Y5SE+9wk>rrb690(K&Deb>dn|f8kXywE zHhXLXESngGDpGT|ICTiHB{|fX+t#VtjBiO zjV&>(bj8+xW~5vmcd4n~e)ptQWCag>W`y7P?8s%|24u(T-MS>Uovu^*B<_)$@FQa| z8Oc5fQ>_C<&sZ)Ilhaf7NS`=|F^M*QwI|pkCCLhR9k0>eA9F$Fqw!JGOe)ey4ex`M z-j~T@`L*NLioPZz%aa~$wsHQAJ`|x_fzY%eKI{Y8bc3&wzhZJ^Karj}5uHsL1uEV1 z539<6kSe)Sk3?~>R%iUa*`UKXuc!m3k(bDuX^8G_&0KU3G~8EKBFNm6^@`od_zlri ztG2`TRgs`ta>f_%e&l%CjF+Z2c9*(FVo(23S}k__8-;x6{K{_5HI*6YoUux`LmbVx zsQsjvef`n!dhjV~2JCQ=Q8@kUk%y1iY*zG~+gd);3^^O?3P0Y0N~W<7atJX$prYbR zcB3QlW9Vqk)5K(HDjDhRCLdG_06ouED4{~QerK5H%s(5eZ-3PJLTh&((-S>KvpUQd z+CsPWp077e#>~?|`qgu({U&_flwDB&5oqZY1}EhyRE6B|0{!Xn)g&j$@?r7V@7sZs zi*zFIdJZnX951&L!LD>u2>NTz z@b7ZG)F+sE)!laiC>QX+U6;w+LrgZbMO0-fTIvH-e$(A!c7&AVeN2p8AUT%NZe)y? zvErp6p>rJh3`WR_ZYu)6(dsUX?e^L;gh9 z$>u;uGkqZr1ry~FhHf*Q!-j4RFZ;6;UGGe30#0~rbW9#2<&7^yYcdy zpetJqC-xVCrCz}8nN+>eT~~$x zcDu5vOOnm8`gYWI;~3#L!eTqeKSt(;^&LWhm7p8IvdleMcH;*Lzv6^Xzw-OCbvo6W zi0u_}y~@yipYc&OLG$(H7X!W_bws?&f*Rw{-D?ML`1It^iv?!KSv!I*gD5aLzs9%% zjfy>X#4dA7O`&yU#+zE&>)^9#-dyf*txMj^iAuvT#=EzGrQL)H^K>zJZLiFigSl$X zdZxkjqV`WOAJVH8_?@i|uMX$Y0Taz4t-2ab`=QU~<@Qq|Z=fiBN3f#dg#?y!rH;IYqFYo}Ao zWY@>Ql7{@wch1OW2Fq0SXv4M8Um@Y|?q7&G5Ep68P#@2aYVt?PC219uzLI6UynXdt zbCo|m$i6^i=ULd{R83ORTer>0oA!0c*!;*;X|EQ5z(U4ot6z^Ptl(j1SFOWTxFVIX z<%-OZW)nf{!Q4@o5ov2XX8vD)-(61NeL@kQ9KYH%T)c`~K+(KYe&v7b@HshWEe`}n zS}-H;|Ba%WKvAtD!{lG)D#>6N5L4MDw)#tnN827)*(d zgJgfBs3uTUZ^6y+SJd;*YE*@Q(1p8*T)MweG!H0R(Y`fzo_WrHK9g<%1YTRWstNq( z<@0bkT?+^cwvL%;`5UpaT_hv`b2E+pjq2xg>c|!V(ItboV4;5_q&Sg^k}{V;q2aHl z(f^b0etLjf$kl|djZS0?==tl|JJBPj&EDS8m7vW?(Lfn)8?O2QJTUrf$z(|k3VEh}ZagG{5OpW4#SO13LvIFR39c^{4k^i4I zDMSTm@Zn-}(7BY$e{|~~#-3|@`2EA!zmoHxnB^adJ(sTfM`F)KCX#^bSJY4SFYjVk+ldPU;e3rnjD@y*Ls?C=jM^auEUzmN#*%8 z6QzzU9+F8UN@?lK@qCx}LpGG=E{{(XRwf&B%+6b96dn+65dviNwEnh}X*%4Q&}NT^%upLx zB-?#QR_}o8w@olj2#KrtsVH(e`~t3j5C<_2e0r@f-@Kp?~<#AZpJ|p1#D)#ijZ;W1auC7l1;5 zGd!~m6wv|H-S-(GWi5Vg7heEL7zS^Ox8Z(mE>Z-x;_J)3J$#I|#QB|I z>5O<}D)-A6jce}@Sw(X-ms_cuzNNLxG(x|j={`C)kly3IEv=h|M2u3YfppU}VU7bw zYx%KySPOi-)F%BWZpj^&&%lk}(G?x~%ZUM(pE82DEV>dILMvA^Ueb-9Hv~uaI-Z$4 zgyw8SA}m6+p5?i#pnq0TFPi=K_qX`96VSf-&BA=9s1!^M5ARkM7`F(X_t7%fOgV4v zkDoQ!V6Y%3tW)nUFx?w32>tNIL4^Ish5D9PCk*(%3(k$F>4VgX0X}O%X?S?9ls5)d zCC@os(cp?IRC!{IhZl2`X0|4ccGLsUfl4`&<7eX^6Fdfe&~1y$+aFYc850oP3UE4a z1|A{c$htzJJ<-KmoVUU7%IEj?s8-8NV zKiT`KR#+vL#S*%L6UBadY#+;|4?=x`2w&8b4^HQ0U%EA3cB71vY`Rj;=dNB&;QMxr%8PSiL?UTlz5tT14BP0QSO@RDyWGx`wHa^4drvQ zLn(c5BnQ}_f<$9OS^MWo!Iiha6YV_^?xZTd@qgFv|HB5T-t~KCoW=$0SfN@WX~_4J z`VaB4G5Gnak8%C(FO;8i_{k0dOBp_izJR}ZXw$jk_v&S-F8ofUoBt5$k5Tgvk^WlW z{4L8>T$$n_TpaB-z^2Vg$XH%u+22@c!fT%MRzVYl9lOIusgA&DE-Fnab#I45`_^RB=rl?hnWn5YP*?b5eUA!ZdfeepC=tfaMQ&&IX-=}6%i z9ui2~efJwa;{tyQ8{YC*p4)oE7NiDjH5;E95mYtpp7~Xf?K5|8vB|gUqsltdxAScS z3q`1Dh~zP=lp1Tl(~~|-M_YP09IW1FNWo$c(~>_bk{DRCh&Zq z3)ystEJS3=md&YSX87FqMtG+SF1kk&yZns;kwqO5UIIGZ-cy%5ssUuHdM!0D!>a5f zn8g?fc^zA*ZC%j5)H#$S?D%ZG9^oqJ(VsOb7%+ynRtSUGRv^=OUICfpNsc2MRa#cKG zwr)cp%>Tk(ew57A_{lXzO0@ZrFZD8j6!QE>~N<(d&5D!m* z&CT1kekaYzSQL%Iq@z*6von}0A3IW>l1|kYP(oqrA-Vcmv69|%j%dVCoN>F4G8vL- zFjD$pTvTMnJ5Ssd32YhgRO+}FNSGoYfp;cmK`qmimE$N4n6^QjjFO0@?Kk5^LRiMEPyhMfLlp$M|I~T++99|{%qIe|Kn$d^ zQrZ+YxB^j|A|9n%8G^3s%k(=_ZaaXav{G;?#A)YkPXlIbxzZFx3je5*M!VIBc6H77 z2wf~0XS9(=(RenaI2D?EKRlQV|KiUxr~=9&qh-3Ta%^Z*Fw=4%xv4XI3QdKIuzLRR zTOXy!l;=`m#$4qQNRaBQHqX<^mf_k-J4lnIWCKB?!lo@_Nnvpj}<>+f*x0;NbRxqnw+(-IqY+-X^gPuprd zsr*_<6caA)qvu#fQwt}Zs)NU~$pbt4pzFR;Ck}Am5$O8_-o3WeUDEu{FyrWI7or15 zZCy%((i&gGhBHYPes%As05+GtORKnwp24CyDlr|#x00bJ;i7Y~FHBw>GoE~-c+1}p zq@k-PYA;W7^2A{U&06=}mkO%dLESq>NvLjSe@DR4!$|eJ?z?(6iH7*UafDByD&;pwzF5pitGA&kn4f`e*HvPzT*@Ndu^uuWk#>@F@TTZLz8n*GY*IqyL4+})Z#>X$!Tj+2plNswiw~nxm0g72~ORU z>JeY^iHO^S?@6nCuGP9{;9V~va~x#%hCNS;b7_``y%)XG%_wT}?rXzWs%c!mlTD~> zBxtNn;vch?`jkLcz7b0L?~r(a0$-y^GLmE1u;NE@|(Ntk8d$) z*+<)iW(w%q3jEcBk4ZK!N589m8ZR_#cz|?@fzqQ z4=neomGo3WPGJMaGp&sJ8W&ePsp!-A+aj8(>7Ccjk^RX7{+&}Ptb+JMNupL+fvi@U z3ga@Li;Hig_(!(f)`qP*m(>dIZEvzfTXsGRAf=f~vceSV?7VH2@f!c&hQeZ1)jyCU`@8uGsTnf(M5_^!tDcnwF>Tb`%SGf& z!nTJu7I>m&%8HKgQ7hkPIScL9m}@};zy{tl$aR&P-PYG5$ldjX$|A-{hLhJA@J7YW zypQ9U<2(Uj+iiC38XD(#yRSEq7gI99}M#-%PC? ze%$Wc0bi=f{dv%*UG% zh$F$P43zBkl`Vqw6(-=;OG>)`NKbXoPr1ZWPH|YZs$=YDyd8_q`>N#ulaaPF-i9sK zt_feW$l6%@rX_9MaSxn~i}qY80*Si2=Fm{mgEqy7Pq-x;OM_w_|0v5M-J zS;wWY6FlVOQ!Kv5r~ScnkiiVBAEK5f@nsx z7R5iYE|i)ADV&^0_e+I*jLSLLG?YZn@T;u&G8j1U4P)~V+{#)Bcj&xUFS7RboWdH% z%Tn&JKi@cIQQpl6F5f4vm36_xl zt$l%QrH34P>nj0$WSZD4sYdzQcD$a(TWit!826Y>{ATP@tM}pLx`2y(+65CJJd5 z(M@`-Fflo8_o0pPl?!%mhJoV32x6IXb@2UF$h_rFyTJUk}vZ)am+4N zsBF?*pde9nhk)wN?~Ga-E>!D`@(YoqS@O{tslDs(OH)`*yC!Y1bih*Rf--(9&WSw! zS|u%nz7{`rC2@L0mRp(GO`C)L$J^(G=hM2fIDTbhzYCHdC4er_J7nPv!|YY4*aFoE zW^r5Y{r<2OPw?zoW$C`H)Ko*xrrl`oaP#r;c9H{cuK);}wJJK&>w^M4pK!42^zx`& zgx%@U+~fg9Zey z0lAGVMgnZVv#94#=vv0GuFbBQl7Eq;n!=v^(PZU@F^jafMmGPgf`|<^wZMoJ4eYen zl%_#pnPqox;*jx8l}#z@>CzbcJl&468NH(y3vf^S`B&NrNS77UmM5#A5se|fs^RjX z6JRr}RQ4|i8~W15P=3RYVHQ1JU0SH+Sx##UJhIK}?^9V&;ya-@cnLf|_UVdc?K#2@f3jjI1LV7H)3!f6BCp&FB=P zFvj(pmabh{0>A;YfHaR5w203j>#AIcd!h$1WBz>$%I)6b*XL5EfYNQ!B}|r)2?t#I zeq}O0FzdXk#lF+-CsP`lffv_{?&fJ_-$Lay9bevjEjq0>ed=L1WDK=SUF=TXxVhGs zQ?yy1*JwGRS3(qB1)Vq1*44xH^8g$5pK2RB4h4s_7w8J~+{GW-5Mr-Kb(<=siha?9 zqel#pTSGz(o^_&zuskiFPw{^EcILyaHF$V@`k;K*4YslhAeFGXR%%FX0yDOHOF*wa zo=YVu`+flF*s8gU?DK_onnW>3vU2?1p3!FmkL;z;R;{BFGkC>pBr^3@%ahn%o;{U7 z-pPOyRDxe3-#cP!y#l983&nhm@7Mij7NdC1-nFZ)x~g_nomt*J4=|7N&sg3pUI1guD{d)gf1ZrZ?Mc(! zS)a*ZM(y(%RC1a$7xtT%vf@>xS=KW;HpY>8Pf~O!KUB9efaY;@s-ANR!s0aFHKH zW$~{w3lXjEPR+(V9lgN_8W<_v?KOND)g}rMhBO_$smyV$H zAf@YIs!@<9rG|&&#?8B-n?1QYLW3gOgmpN)sZl1#LWNb~M};44dWBe)cz})#dN}Gl z5=lxK!$rwo40C?KZNgbqF@N2=&%Ei3DeNJ`!JY)*uBBQ})fyWoCT@1-y)txgF0XKU z`h$?5aI#IMuOPBFP{4eP%Kc!*1X+-Y(M_Ie=riH|2B_jE{-GZ&GbYTzT62N@lYR}D zSzGG)((F1TU;h@f3X-J&1JWaf=QCgg5pi=KVHYugU3nzM)w{J)NIZ2s1MkBGx60A% zNc@lMR^4fO!07zGLgVQG%+&6l*q{q$xma_FbO<^I-8fJ#WSq*3>43v?o&46~rCbOJ z@CzMsn*-PyyNsS}GJyBm7%yx~NEuSjO?PNIxP1yWsV;u_?+BmAv7b63d?LYcIJ)*t z$ep{=lLOPb;s&m5%Yd*)CA{mq2x_18X*CUN1D-ZCm` z6Tahg#3Yo{>BU(Z9PCckcl66!s44sd0@S)5fA^XcAr)wpeN0FY{fcRZob1u~Z$AJp z!tNA5ki#M5ypkd)+W)x1X`w)GrV>M&`RIK}JU0OW6NUOo;;*APO*-;FxLP?=6NCd+ zXk1Jpxq15Y_HP~SbMF{zii-EAmhQ~1y(VS(db77_kf9J7o!glzcL?Rzea`mKCb;JS zvvjn+NChGnR(bP;ZBUikMdR)|A{Jxc8=24%t+5h<;Jfx)(u2BVm#}5k!mbgQDmO9_ zEj!Qi)+Y>>CUilbt+D(WU54MGP-MU3?0_1OU|U~&d|Dr-z||fz!#2lbkhoZyoCA0r z0Ue0JfM2M?gqlX*?9CfDO!t?nE%2x+K^ofh^7X}{g-r+MC7XVEB~f&}`Vx@i?U_FR z1#mTwXSj{-yAD|(ZI`sJ0`Q+7cb5Smtj|E{)o@~p;UaiVxCS1`o5>gH<nzj-9MPaTkh*Hgtz+hmDx_%hBroU zQY{J6oh8$ZGhP$!q^2qz&CKFGsF%sH$Uo4oFb*e?+S~+4bt-4MG*|UbIRa?U3h+96 zqL}&c%=Rw5+}XNMKya0bYI#>ixSeJx6P6o4gBC(-RUY&Ux5kMGscpCNnww59Kh0>u zmRKPcbV_DAS0;F^dOoV|VujZd7yQalBuv@?F@vy#Kqi3;oghyiY;o6@prS&(vBTh_ zo0?H?%6cJ>gdcU+IkPFUx<$QR2>ddR+}NKRbash_jZLPNIqyuMi?6%)1MUk{w{%l} zn*=T&OsLWwz#LJ_{&d;Sd%gECuU048(@Tc5W(7zs>T&Rz$OKs0`Fj$UR)~OO|10Bg z^&%J!c}H}_x9f%OfDQCaszF|=bAf_Lxr6OS=Jg?0zjdrlHTzZ04qn3=s}hWImC#ZF z5YSJtw8GYDl=`a9E_HPcy1qtI&Wk0+iAle?T4cy1-DVotKtV{n5S2xJ>2Lrg*^~3J{2a6i|*6 z`h%@I!)rgyh=|C@w)XQ95TAId_KLmzgrRc|7zKIx?(FEUwQZ9GQ`};eZ%edX2_`4i zx_wRc#S29zUd&QM04!s5EU2sp;b~_F)k(a-BHKUf_H2hv;C6$G$^7Y1W%t^HU-6hN zn$1o|tLlE^f#kt;pL1Exp^uRsK0@SX!jbTcSF>lmnnTcE;i*I7`g@DalGShHzqx4%v=vo1^O|xSu`IzM??YI4Z4Tfqe49KI-^mEE;)nX99v_jZQ&H}%jG0${2S z*B>S~`eV>)S>;@)pA{wK07Gz)>9JEpFzDSqy#b z;*tFbL~F%o>rEQn6#%;PXKILqDBGeK^#)g{A*Sc_<*bKZIq#R6(){FNyWK$5b-##P zX-QumXFRW$&De0J)x_UC%P9N=m!mhQ_i+~gn=@B?&z{C)->fDBmttH_GndiRyC?FckbMlxMZQ(o?>sH2&vRzOY($SLkQUY&m&>Z z*}Lto^n%0!1Mse4rtDhlFOP+@7+S%|wc9%sIrc z4S0_onJO1Y73EJfGQkf8zy@(p&o|!p&1Ub1-_mO8moL5nxRlwiwCGeFCoC!qe6!=P48c7lEaW(F5S_|JP}mmokU+iK z^N5A@wK`Ut7RdDCJfQD#_t=Ld+uoHpO}E;Ngj-J$Ni_pe}16 zsa+aK@!gVoagN6i!avxRn1sL;@hM&rOFIAMo%vutS~N@3tCqC>3??-)VzUfav3v+w zEx{ncJXm%5gKi)$cpt%o=}A_CVl{jbDq4qCDvWtT7`&f?IFNKtxu{l3Q-Rf zy!|e2bpO=XIvDX0blXadDK?$a`jQt{l1e%;9l3e3N&oHBw`OD{FYiFdV>A?b(OKQ#mRpYF)W`F@mD*2a9_0y#w*nzOLEa78%V31Q1B?7aL# zd;wR&)tt*)xG)XSy_3-`&nMJ>c<$fm?#ZGvG2cR_4t|AfX;OF%D>ISB>uVLPaU36k^TTdPS-ep{#RpwD*gUi_n5`Mvv1u$m^AoCj; z4T?NONB4+TA-_vziyyUIO06p7DakZR%MQ|FyVI;()$T*@JCYJ3ZE)tOfxQCM!KhtT ziKX{~a2LRCy*O-2Ghz-CMZC-T(j(8C;%=5G#&C(lDxa6J1~SjhHYNa}73rB&0C5!m zf;ir%S-@1&>s{wgDnQ`($dG^X)jZ~5gH7mRposDGi@XH{2B&9!Bwg>Xh6NpLu5y9g zSxU3%AkZSyS2VYRl}IU>Y~5L2HzF5mQT~Z*Hty@yn)w%yD5r(~BzM=1{w6nfE&Q%c zwHhAC8m|v9l&y|;&}itTZmFafIj^!Z3b=i(;`m$*q~O#xM&)#&Jfil?25DECDbC(t zVKpk{%1Ssr)A#)@86)^5=qTC#184>WKN0A^dO`+q$TSYff6s9rh|F|1*?VSU^s}ZK zPzG~Oc+@`q>VWkA`V{lz+_tmoLfWi32IaLvbITx$-(ls(9p~LUI&_DG1>$(&2w*mS z;gCezB8ijQ`XRUcrJ+Pbd#;@sG#5R;^B8A5^!A;Zb)D;hb!Qk#)yD}&=Qyf927a0I z#*t0AaFLM_u}cY^&$7k#zOAO1lMX79*EnrU4byOM;M*A6*^E5)gPcb^IG!T~<22;G?2iUXn?_bbQBi^~O==fsOqCs58eZ@HY5J zaH%)`E4csF%KwM4{a0}RtEB$NU;I~a|25Tra%%s@xc@qbV^93QYswL+DzXG7b$g5_ zhJ;*D`wd_v02ev-^JG^+bHulA-_|W#rKLzJq&Ua`I1cKb)Je-|fD7IEI{=YN+7w%S zojp3Lc!BEW^!`}U`NIbkl)%>sF40BHeJEQs<{)!|fOYil(*l>5CuUF|Nj-&$eLwmn z8}9}8Ig)sO{rWoYflCw|(vWb~<#>(YX5wr(L={CqLD~LcqER$~6i88st_$#;{4FnT z0&(fNO6;qfL2N+3BWb)qy8kiz*tqmt3r*@bUFQPEH$YWMrF^QT(}M2ZlRp|9Ohe#` zw0g<-4h~T_B^|lE=;)>a5Cd)1Bbf$;BJ4b}q^ zqAwzaS{+V&uLiH#z5u)$H7>yU$5UDlpHj%sHgWQ&Kq5|4QGK(uJ@?!1=lMbj*ks=- z$_{;EQTw`o?D3z&yB9zizUOVoB-NiUz5oKn6Z|gh z|G_){?tj6hz(U^4$u0f)2opdk%ePLNpFaG(S{g8zN*C%P^~W0?T!%p5QlOI`F%?-3 zu$SSTPNClq2VO%5$W@r)&xQTtPmq_yKs<$s9QtL0z;fEisHldYo*eT)L~l5N@VXSG z)#Lj7dF6$%(XgoC#J6u>v#_uj_vH&v{aW7EC9>0}foipL-cpZl33Drtj0m`Cw6LZE zr}{l$lKamE{Heu%|I=_KITh6do3&_%;T!dF!qx{Lzh$4BA^jz}H#exFIb=VS*~Sii zd1L?f$6^E=Vv1vK`xoKTM=k)wM>dxq%|GL@fK=AieF^7>J@uaYma&{SFEIUMq$H&4 z=-^5r#1}$C!Y;#P^QATbMCfQ?4VHN7d|EeA!*!$i8gMbqym4|n0aEaQRs=t-UF{WJ z9KVNY0SVYmJY}Lj7aY*V?GTqn!fS|MtCZb1 zxgL|T0lIS4L1<4b`q+{5^4dXauchwWNGtsQrd$G_4I8J{8&u)B@VYN{A2D{{XT7MY zzL~!Y^!eSE|5@w%6o8ba#M0}5pPKdcajK{{_2JjKBPDX*bRDKH0Nmdt{~C+04r1z0 zmR`j>y;!X5qd2te@H@x?qxp7FNp47bpN$L$R&y^ z0~Kn|o{cocRX@4Jw7$pe3jka-=||AXU!vO!*!~q4*dXCN1x-b-u6W2_wjo6Ec4l}8 zrbio}4*6h7JnR8u(@#@ImRoaP`WIIHjUCvB7E9ds##fYih9sWy?^1u|a|(b;JMkKA z0DnPzKL5r(3qG6zfqaH60l!}L>f)=Fc?ws`z(OJY8Tl%0DTNT z8;d6Z27D@7;#ka7z~t0Jcw95>xN~x`zOV!S)j9W5WMmK48ea7uqt@l4CvExsGpPTm zf-<}SILoR{s$d0%7<_6$|;E-UZJLM<71v=$v$$3b6DUX!wfg;1PvLCuL_$fTq z-(&b6Ztt&x^fUlm57|5OOKUO^@abRyqGJsb2S^AYLFu4NgC_@52p_#Ua4_+=D+EW|^8^Dv2#{ckl%Msc^isf&>1AO_=$dY1+-7ipmBY1J{FhL3i&J9>9 zAi>UL$&!=rFt`<<01wtchvH&rG`oIeZw5zC8fGRqxe){E1Q=QElh!w)#wi*FHD`(0RR7iDbFW6K2%Js zyj9gn{Uv4@`P6AMW9=x4)UGkzlP(ls42*y#bb8Xrs*#hu?HnBb^-rY}j?j6=_4yl( z-Iz=b^ZDPzGhG~L+Qmh8%>#DMUCB_;Irtftf8x5_Qv_{*X%74EhRxn4Crh~o#DYh< z)p%sGFHy`r&m~V=yu>rPMLWHUT*F*u0mp$>q( zrnrRr?SXJe%>DUe5CD$@_6ZPPD5Y88H!_iq#b;-yu?pu$o~0{|jcasH<}2@k*fRa? zwP0*}>=;yXe&ckfLCQDC_1;gop1jUjbBItoy(2DCHDUZ$n0Dvt( z4*0GRXWqH)a<%rL%ZUX>oPu35iqvN=v)3QQ?|_N3WN0b5C$@EWJ@oMDE*lJKOCEbH z4tlcx;#gk*K=HN(A&q5A$*8lts(4O-A0r(6m!Od%WCZl2S8XpcZIgEo*kuA_2#nWF;+$Re3IQX@~QDJh; zla$lIbrPFj-w~}PD>za{agVRMgHx@sI#m@Ssfs}&A#SDD{Ze5j((fBXo7;*bl7sEd z_}Ma%S!pzEm+u*WN^6bDQb`|eN5|}+{MdrM0edK*65^qhgw&K68L90$+xmwLdq7KQd#R)b>jvm7X;YeaGgcnxW@n2dulL1Ga!U;>}sp7B*r7Q;vOiGzpm?PkPQ!8rA4(S(=Rv;jV-d{?5{qq_<{h&%KJuY@&9TnZ#My#w% zMG!FZ)cBg`hH~wt__0DimDPWRPFjb7w?!4tf+--#fKC&sr%#`1Z*5!v zifo#vJhEQauTb(jt`(XsQl>Hz5j~u-e#v=wJisVlBOr?CsrI_^L7;mkpU-!3y{PU> z+nUQLk6H6+<-OV#LHYju@!KqFcX=L2>W*bnyUv%AoMBGJ(B4*muB_a@(ChUlL;9zm z#1Ad#V$ZPCY}g-NNXz0a=Z_D%^;EIE=C6|$u~5pFdXE02b)Dtw?g4u)4fki;2{okX z=-Aj=bpp&WoaUA$1o(Pma!&cE`NB|z6a&BY4@#VeMb?r<^2-m`%2RX&R;QHpbT^(e zin?gRZ2GdR`E7cTR#>Ll$|ip`rMxvD+34s@*USr5q_5NxY0cCM5c={oD#$_Ow9@}gq-%(@~Jatv8n zxO+RWehxqxg*=?@kRNS~_v#F)rKiO+h(c1i*qx1iwyR&QQn5LDRXta?q$$-ee~~Ak zERN~u!I#O1>`-SteC|p6}Ri<*)=*I7O2JYTier? zd9>3|O|RHH@mdb__OSBtskbiL+*$(tR2TCba>l(Sx5dr|Ugpz;dTf+gXK1N-y*pF5 zAcSdy+dS|hiQRSa8JJz- z^w3dZt(rDx`f$C@L5ax{Er@o1wFxu8gG7Y5A0L*TSNsMPBSFB2mQ6%N;PSHVe&!R@ z$H$a&xmcU3ZTa`)9E*1g=@)c9e6Z#j;=8TO-l5Ar^t}rcvZ-M@oY&D`W|5ojPjhnV zlf@sV>-tEFO$Z23&OFz_2JXckBUrgG4h_zB@tz$0)O^GEt~yCSE3Zb4+xRDjQn4Us z(TF0F%pm5?k0j?97wJ;s3o;zCYYBI-z8w1cG7>%k+|Uj#V~)+@S1aQ(BKQGm4BUP5 z0I289)VB+WXW*~Z8(hWC{5*%u6Ze)4zwg{H-|k^C5hkGT$GSQ9_5D~h5Iz9yO&y?jd)mWfs9OwH>SG>Qm9wj5&iB!}-cY|2!>jzTa@*F%w;lsoPf58^-`L2; z&28e_ztL(PCuFw2gA?(Vkn-0sANq_IA( zGvZFHTDhv$L~8;D**=@Aw#q7KznqBpcv!Js13gmYJ$LnNml5NJB=tLsm}T**aEyqb zQXN-k!+F+>5*`sfBdbASnv`aeXu}9QMyIJ9ky)OXDG`XR`xfn9$$zBQ|H+952LO=u zV9i*F1w8y{Xj)uCwNTv(o8k0&?U~iCNmjo|&(k|P&hEvSZu(z1l4WDHMgQ44{ARQm z&ZF?L>*l-~qTeCxrVUe8FH#d)0o|Kq$SDA-fXo*yPFwQOYC_u*?l}}VF7_sIulm@WvE)u|Gfpq|XCpu0W@1Nv}o((?*8RIx$%fKJlxrio@f z2TpbsZFClHHe;!3CBY(VHbTeTg_aEf9X&yZ?m#Q7-UKQKP46$}F@M>8y?%;aGcU1U zxL@31wx@7?wV@8f>)K!s^wTXalJwle@9)}3MuQ@7uw6v+tD(8mYM&m-IMJ}&xbb-` z*-F-F2m)I>D-LyZR$OQV>4rqRs^wvt`H7GrFTNTLK*s>l_?sljXU&O0Pk z)|tN}zjths>8=<2tT$jb%RtBlz_Ojl?Nr%IT|YooYmhG$p;?R3>jOUYFyETA015UmosTI7?YbGb~pPxv-XWEh?mw&}?JaAA~M*r-Pq=*IoqO4%0zMCv0aq6K6V0JeC45OmPNp_m-Kb%W&1E;B ztB`7o8fZ1Et>%V3%glR-?YUEIF{P+gNZ1n1k8?aTcY1GscdaNqbs+B{)flT{r%_~C zwVPXc!(47_*FayP71}4jMV((Q%bH^s=-k~|h=f`i>6JT_Sm`hzbojbNc{n7r7bQp@ z$KI{OWb|thC&x2n%~_Y$BHJm*_qM)l?(Acr#m~Nw?B{!kc%F)-I_&y6e}r9~E*`d% z{@p5!*i2YE=XbS0*tLDDH(oz|LYlb?E~!0kvRV{>aeg&DcsmdFbTvd}Yt2RT9NW*Z zFawf>g#PPs18i}<#vb_aK)h8Q`71hs0)Yr}$q4>J@<;khvr}8|L+S6k`Rlv8f4Ct3 zBj{hm<=m_Q%{KIyLKOeboC0P6=9DxhNlE`Hrg+}n{}*9N$345=3f_oa@aiQ!jtX7_ zU79G8OlA?cN3Bey?drMD#u{cIC8Nq8M zlx-kxU#*{k8W(eJxUKg2NryTH7htUy-?@W>tpcuz_kgQ(07o!il&kfv0+^T(ezKRu3bALt;Vxch#7<|G z!+?$+{6l^@V(X9}L#A>OUrE z9SoF8itL_6$2f?UBDYWfosIncpAi6oK2;Rf*#-!0H}8CthJe}GWl!VuKk1f*n2^3? zuHT8NbbasNGNZq~m!o-*)DY;=Q)q<%8UU^c*lYferb1ads?tgI7MBnh;ItIbp0`|Z>M|D;YR%*;cXY^X}>(bPBZ#kx`c2ltE zk0=Mjz5ntrq4|$rp*gWzc1*Dao6GPI zcz+|)do@4ffG{eXv!y~+FVrE!}Tj2SmzZm0VjT@Ukhl) z{i41&6m{1*hFv3LbjW_+W2=_5zrrLEaoc8S&o`i$vJJmAHql?^E>!~p&7DeZj_8PU z8cGEolxaUxfHX`S*fQ-SrN{5t{Yua59o;F^xI9^*{g!pmZvWH=i3mxE^*Sy8zyL{? zo^VA`e#kkZ_%2UywW&LgI7CS0I}wrc9aj6`t#tcuZb|s4ZP?c5?J@cv31OMWnQx?d zES@g zKTO8Oq(cYEz4G@|abE}r1vyHF}gSkPdU1J1d z-jd;X)J9Ha)F}hhUtoNT}zb4lS)f001Y&G}dCRXuqB$1~bkj?xC%r9Eb zyIX9He)NT8O*wwxX?jA$1D=<#)xu6T*ISEMf1P^vpKi_7a$M@m zMR`e?&lCjdVfT*fsQ)Qpam0S702F*_ogADEd<4_ZMov{V>=LT#QJL}?(~`iI^q|~9 zs5MDox~_T@XxFe6`1b1P5@em^EJKFHrpZ97ZZ+_6<&4J-XB-ged$!fQ2KbSP)*_pB zeaykPk7f5ACgri1eFUQ?2@yLG$AzY~*{?4g%#FVfZK4TpuA14gTK(bGU&XNwZm6sG zHSHXaX4lUCj6jJ&2dY;WcV;^(auIPQ-mX#zA@i(^b6ItU7wne+K|w|n^R ze~2+&NC2GRT-6MaaQo_iIn^9(@#6i;uQV_`P_5AMjwGe92pBh53k(%S&mX*#{Y~j5 zt+R*4Q72>%t#xQ*@AZ6hfH9?e7!wl#N0X*woe}K@F5H;IAKbL4aS#0M?x6dUd!}xx zuT^#Nc~eM@xzKL-HoIQG8{LBdBQJ6V`-QbfnN{kVBilczfeccv7(Tn#aMG`iErO8r zoax@G@p7V;?bP>VpnEm-aI}rN`_I0cJ1eX07ipPuV=V?UcQ*N6nh@%)9~_S(NwFA& zI&Ffo4N(UTSYKOMZQs1KtZe66M(AO8yC9vDazM+Oa|kBuIqT7#b)u z3K{;ST+eH1z|31-qQ632;2J{Lf=Bi#Hfn4jdWf^+XeoI(hP-~3NaGbl&mr>7KPIr; z9(YSM8#VmU#BQ(d`&96nPf;x}rryNy?Oi*o)K+|zH}l3C&t`GS{pT%2jKcO`RUEJ8 zYJ#LKWbQAq9B_IT{VcJWJ!wq%0JwUG^DL@l7TU`mPZ1N`G`Q3abORhV+3CFTh&z&w@@ zK}i(ksatjpz5RY;7F!iMbuiaUF|+hu`OS8nhfBm2;~(zCtFRa2>)#OlY4YnxuXeJV!<%cIr5ZoJdh855W2#>HmBt5HFHQ_1Yxw<+FDbV*on zRGWc!f)tXZ52u%l)V^P(#G5&oc+LCtZ0}F%{?ct5_q`d7n0vc43s~5X+#%mfY$+R7 z+L^V3>#F$=ohSVLe;j!E6d4b0YA-ib>@1Hdxo_Ax4Qjg>^$=l1IWBit)VxesuRNWl znwiKI!DUP1et@Rug^k<4?yLwb)}Q=zVfIH(@nW`J1-rgu#(9O5P9*Autv}Qqt@wrxl4g#n&|fq+Zq*N9(`G zrEA6>r(Y~N^z!#40vPwRvs!STvr|CR8niTsj!zk1wxNy9A7H@mRY}glpt(Tu&cy3X{gfek()E^rqqECVst0lwNZHK$a8$WN;=wJ>#l2l9ht?r z?XLbM!N>@XtjP4LM2;*~VT;(>>kVeJ+0G`2)ny5V^}S_~Eews*m|%u&D+GylC}17u zkqhU5#^<_9jrHk`6c$ad|I&kT8 zJg~-1?_pY``|+F!Ij3q~3yks_gh!LBKBNcy+Ns#l_>^n2I$|(32loq7fgp4o@OMC> zF+1?O-DIbVUV?hDIa;kq^C>1jJ9jci7p2S99-YxZc^~a{huJo~0^fAlv1<6M8QjS! z9;Xn?H=7a2D2yHAh^C>++o@cc#ZT9&BkYsQj4dFso6m^}Q9HA8t)ujxqPCt(KAyCvt?&rCBAC4n+e^y`Wi{VLS|Qz!=A+F3IhU8uNQu~E zxyr;$NZw&SI}S!meK|9U<5Lz~c6MQ=QNisoYobcRFdSsB?K7fz4MM_RUxOdCNrVnW z#za%b^OK5-ltQ_usybR8*zYab$IC~lR(?<|s7N0qj^s|!#M1b(kufPzc5q$G_x3rI z>+H^}$DJE-6%Nou$WD%L{{h)WF0F@8jgelA zLXNjYIfoKhXL6{41URo(4a)?l0@|_DZ>-qknK`;q=kNE_?@SGno+z3+K=pEcc%d+@C8GU#@hozx6AHzMQphr0M4 zJAJLs+cs5MI1D}`q~15frI_LVXFQMbimmf>F%zHd>V8=yG!J zu=M*GU}e$POwOM(-aXz_UHq(@&iqzouEpSBDy3B9KKL)*A5}Us%hY;4~?qCRFhA%~9XoU{*~KzupSppO~4c zS1W1fi9;t_NGVm2YCCmfvRXvs^Tz{yJ3r2hsZMR^=(;*C_9rt~3?-|WJd72voBXkv zrT+O*N0+!47fL@18RTSlwoa)dJo?$F%N?x;SQX(HUmqw$^R^eq0du8B>wTv&4hgRV z3%?T4m#NTbxB z=0xB;@P00j8>dUw588{C=SmVXx1z=Ozr?#grB1&|IiTb$2n;d((cd1C`LdQEM{jWV z4BEoxwj%;(H^mquG`3dEDCVJz!8w*>4?omyRtYNZ2sY&jeWQi6#%0Xe@Pa4`Ul>D% z-)~S_^wz}ZcpxAW>q7M3W5U@GEajN4oh6k8y^4~(LN&BGuY4B!#7VXB>McMUiEMnu z(t(+u%q+7hQp1)YPcKr+S?~OIv(`+tnVFFCqlcLRjHvW3@O_&s{fwZ<79~_OX$uBd zqD8nH8q(ZZ5m8uVzs-@R_H`ygs8QM#r)0yG1QiR~p2Zs#hP1EZ^gENfq4P>PF9VD7 zt|&Y6@QBB|#QSOtJlW0mS{U?RqGQaSyn)edujUjhR_P`eup z3Na7Fea>AW%QJ~NqQ@y056u)9h(Gum5rNt+*xy*>#|r85(s{miEfdrEP@mG2wh+xV zVzGPI3@;1QPODbbEESL!;7L5NWz&#hOBZl_ah^@MB>MC4+lwVoL6n-{&s_U?%0kAs zpiwpng4h=Lt|3Dg?9O@TR6ik^?RjWDL3UcC2r?~sKHNBY8}gJ2BpJs39P|hh)A#7il{n?b+K|L)nV~@~M-|7=`FE$ZRuY^Bs_dqQgq&bJ0zOV{Zg$0co7J7X z;5_r0E8gL^tpji=^@iG2#uDZ#ow({dK-c*s>MqtDh-lFX7Rn0}geUcb{)gqYhPtG= zCgPA93vR)bYrz~&Oz1L1&U3@DA{b78p}$P7F(}%Hu@hTCFHlxk&-a~4OY;+JJ1v)3X-Y94KY7x15D`@NKTlcZX#MDM*JcO$ zjDX5mOavL6soXm*cU@90w#93MR^%*83}%t`eiFP6S+WUrA%?vXaHgj+eTlK!+4JH@ z#5b$&C6Qu9KNwuxte2%}GN0Mg>Z$!r&sA+zam*ZPBkHQ;V1cs?$2!iYdCMtRlMclR zE4IcAS*_3fD30{lnlV{zz-#Z=HVCN?me|2MsRvsrPG?v;SR;~bs-vunwezNFi|1Cd z)%1()bI8dq7B)Ez3_gr4S(G-qF@tSS&r(Ftt5+c7%42c)fP=aJ|E?AI^KZW$)|zrR zI4rwd0%$&KGU0LLPWKonRx3MWcZbvDS|ANkAX5lE=6$y-kK7CimIobZf*wOkV-=nZ z&$p>68V*fD*WJ4sDm!pUMrRC)!qa_eMU=2WPLk=v3X*#)3JnSw{M7P+XR`XiYJ&6i zYI(6K%6s)GSTkzyBn#S~4{;K61@l6dam&yXR@` zd#rqYySCImxRiKAsZE(d5~W87v`cK0&{Hjab`)8=tlj{5+8W7OY%3Katj||$M4fur74|MKP-HMQ?p<|n zBRg#QJMApLX;_u8QOKf|E{=V3TIdmvNwh^|(?$R}SvLzf*!P0Z$%=wK{n-wcS3gqK zL=pm4yGDN;TLnJ@O8#_VAWvm)`O7tytud25LJ1euzomMg%5M5x*4b8)av3YJWsMwF zl6Gb)W`3|9esTL<>|=d(qwgFvbKnWLnqtHG$J7rsIVBN1Bi@YP+nc$5yr7Vc&W31x z-=Km$Q2=NXPHvFvRRg%KEE!}?JdVR$mI#YGgTlQQ+f~kg=a;+FVR5mQN5PWBWlAU!1eios?>VyQ3odX`VEaeXK zRba&bj$<1^*4|#BQYJJv9kH?mL#VCxFw!v4M$T&@34t{1_z3u)vPZwV29AE>sbo&>a?^nO&AbS9eu?`ep(ZF5xzHjh4=j+&&s2hw0RaGLj zU;3_wr{1Mz%0rT^ZtN+hg$gc(e4~%KNXVR3Ss&MCc@SkC0jd|WQ53$kVRQ-*Z z=uUsDn``JaiSo;|bJvqbI&78E4>!BURkMI6X*BkMsOD+U}qC?C!K8MXo73@tUQsP7OjUtc@2XT5a;I zrnnwujVd^?&$eh;h!sg+MQHs@Rztd9uqbOGEIlD}2!KlhS56&Li_Vr6zv(6MdZbGwL$ z$o55h+IrR{wi`ZWtj2zVc8VhL%qh$sds_GI-BZ`AJ5*aFpOTYV`Uuy?D?Vuctj#*} zN&(WcZ<6m;ur4Igz|&28bN3qYR;>#?+VTryorA7)Yb-E1|Ip&M z?0!_myKsF9g}A%C%`}T%cx5seSvY0>O>WG7eEOA%UL66*^DTYY$*=*0J4~xqaT$9ghmv3&f1bmaAXJ7^}P<>{JoZGXYN zoioHTi8TCGpu^YO7w?)+Fjx3JlZGFss!%I#j3y~8Ug*|4-CAmSQi6v9XhRKuPG~bw z*wyXQpe|sxh1@WmmCOWZeuB% zUl1t|bOQK!w!d^lFJ@!%fzeq-mk%LgMxAgt!U$+iIV?a63=$bf8s;8+S^rL3h%f{` zx@ZZ&vu99R6+2#zgS?dShpLBwYrMsm-MPel{X8 z9u6Tm<9jk`z$t-kFMIlpTl*3b4P-nyZtjEI917zj2!tJ^yKp7(Y3M`r%#02`ET@IS`7|rT4(J{+A z7xxPWvSmkVHz0)#E@^U7YPss)y?V02!{;vq97EKf+~)6p@;n2yL4gVN&e)^@bG#Vt z^dGk!1?K~J_hJYRA5#>j(HPRd&xLgo706*UX7N1VskIt6Ys{3!wOMdc7c<0d?YFjM zr#v66>Z;#C;%pu28|$nU>x{ui@O657Wh8KqKQ6pb_oRyx`UyGJqMs!&S>l|pXAOWR zJ4{TBhC}_)vsB;Ml1-CWsugZhl9Ds+=sDe4YV}_Ai??*|Ru>qxW?G$pPk1FBXp%AP zo4lx=`Idr~Jux(0iG$m=L{TbrA!h2^2L+nua5d>Rs>WsOYK+Yma0eat($!z~Waxg% z)Bh$Qg)u$qAY&j@yv|C0d=n6S_0Xp-!XX*Y#ryL(TFUvQ&I)8$SJ|;S4H1>hMiVQK zGbp#r5QWS58tI1>;H+}}^$nT6E?uv$zhPz{;J7-(Lc`!OGwzcb5ENA=S&<-bAf6#F zR!C8YXd6RDG;buR>|fg`*%Z5Llf~H(ljrH9<3da%EIeq$zsd@J*>}_M)JZomrw?37 z1nEB~AP{vKiTbne5i)s>Y@q8#r08zWZv+IXKP<5hi@Mn^)la0o^qayBctLi_SMFc+ z^eR-i`u)pKZyh<}iavbAbNoFH(zS07Mo#T!r+f;M*{!&1KCvw;`8uO(|Zfn=_S>fPii0<#7YU-xoXlRX>MafaK3` zvPRV59v-Cq*})cEMo7@U$&sCuJI+VBE+?>G@&M0DF>$(kuFE%T#%prKdCF1V_wv=a z1FU{%mA~`Y!J3>Dr3}7^XWP@Rt%ol2$+J&dbcyfWWrbYjZfango#&!yNc8VcfOk>b z1FzZDsSkQHyi7PX9r_B0rkhzu)SX*mytI+KrG-}J!~_Hx0#pl;MTt}&#yo>!>e5f%jxZ;h2sq|Lj))L(gr^YMB_nkTn@Sr>wa*WHYzDC~q= zVOR3(N8nW-&x;X0Op(RKL=#8hKcz6X%cMf@PuyKia2K*d>2JFy9EjRCJ)PKd6rL92 z8BH;^>|M%MLJUtkNi00>hYi0pZ_VBQX%^a;;oMb$aJHZB2ht5|tGo%+)PIi#|GCv= zJ%Hkfx-0gp~Gz^oGqRy$UxM2W=2BafMld$!B}Z zj95atY<8#wn|&Tu#yxMM)EMuidGA%eb&yhZNhQU$+??XqS#M}bxz$)s2pld%Gy7Mq zI1=ms@*i&C>%k!As!k#zx3#)^e|D^TwlGpX01#_O=K zTO+n?OqQf)raygkptEXk7aoLuPF2m*`4qkHIQ?cwyHKjJUFv40QaMkGwHdmF_A~Wl zO|qS?hPHJ7P`(nR=4vhf$;dbyVhp570A+~#4`pyBB#=B!WVY&gw=X`1QHLj}2{%4VWk3U1PjNo=8-M4-0 zzKV!MPHakuaX8_GOm`7xWpHPyH~Nvo_k|*auBKJw)xm za7OP~+R~Rm`Z?F3c%B{icJi~iTHXCi2hE(4ABAH-E7%H+loiet3(0EwKsC$$Kla`- zEXuCy8<$W*2}MMZ@-k2mkj?=V3F+=qq*GF27*G+5P)fQxl^ALm1OcUM=oDe-9%5kN zzX7l3z5mbsK9Ahr-VfIY=irdz9QHo<+H3vRTEDfH_B^@QB{gQ|kl0(8lYtp94&>gE z-Z%Sqy-!B$vhYdSp~|=hEAo97t(#fXTeg`e#Ot8TwG$&D5tm)Lu^dsv8p5JdpmaNb znu17gazI>3PDDnQBjJ?m3}pYB}~S#MmFbC--VaWTu?0UsaUN7Csoe;-tYk){1r>^ycF zJ>uF;Hh}p`Q?Hp`mF1Lsi?YaQkYDe;X({aQUH}z^eWM%>ko8vwk2b$7u8%0YxGmLg z_@=#(-zO~Yilib8xtuHxaG0GOF&jz zSr10rbzvp-E_$@EW^Af*D7z_^AntLqt@;?6#!TackA^}a!BrP$v5$;rCBMn13gM~3g;xoQX@87LN&ceXO8ZABJxm9rexzsAz3=46I@ z%#_`_AJAU0Z|;s`KvyKWU0W0%A1EIVlw>%eQay!V4I=tAGzHO7K(R3)92Ndg{XO&g z8N#K^E6K~Pa=>X+>m0WehF)z*LB1J;Pj^(A)#t)z`?4=)wGNFS6~$#DPLa{7YqW3t zSaKUa3qhPE5bt%FW?Cz75t z!)e-6@KCMRXU)AV_xa<>XQIL<4G0N8rcM2k=kuFQP~&)}s^?+$L+ zpC)XgdEZf87muL+KRSu@l;ZMW4mF!{#x`7|;#o+#w}G7NGOq&;x$zSQy{m44j7xZo z3?n!9`pGpr`l{`wmm;Id!g6IXW?R?7(CKue9cdmLPk@MwR#)#Wos+CGy$UJTxX-# z^=#9>JJI~vYzF|f9Plz2N=3Qy`D}yBu{xJMY<2)nt|^j>0_$-5#=)uCY3>h$U+Qpj zr%3E+az1fhfA^PixN5G)8y|E4`CLvxFbl8a8X$XQwXi0_yXL>i~TZ`9YGk zjnyQ?+x@3ak8@1K*FjzJp*~7F{i4_k_Nj$uy<$FnL=Q2o@Lc5D)X%K4HLVwqpvsoD z+XS}-s$F<>_J!#!V1nWmTaJdq=ODY`7r znego6Mnu{=5;svA$Pzvfzrf6wWxN(`dlxFHDp;D7KZAv>G&}$UdMT)d6 z)EtS3={LCiv!db$i}mZ45}5nFw1e!!Nv3Gq;Ju7$G9{r)O39v;hO@bC2L zlbS67pr3~mx9?Nq;Tf07wVcO0dT{GlYuC8R(2MCCebr5yz$shq^%E>PTo5QRti06m z(tS-==6;b~UzRh?NU>8Mc6{<~i8rq-2=!SoK?h6xi1>VjzOc@iAqW-dGh-e;MHJ|e1Tw*I&NbgH%e9UWGj%K^r!iBRPA}hIKb>LU0C6pF?GjMJ; z#j2o!w;XOpge&*VlgFWQFK>HO_y>e5xHMr7?0an-s$(*P7*4ubLVB<-`U_&4iV`)A z9GAO~Q{T*fhY>yo%58IdUB0S5W1Ic3r83mIz-lBXRjznx*q5bLH+J%w%4LW?H1Xl2 zL9`J3^&Ua$j98uPQ?CclD?5uGmlDOuE$Zn8Cg{>-#btmI44uW%!x8hLF3=RX7De&jlz-PC`-_%YM z!Y}AANHVb^6Ty9)TA>bbwp|v&lpPc}O$;|iZ0hIv~y zyNJY16{OHKu`+k?4wdOz5CuN`4DEX1bMIagc0h!?&Jy;%XNssDZCf!@Deth6P_+9# zJ$E3^eYSx&^kB27Yn1;~Y^Rvp)FQgwXTaE^dUfq1%%_ zyS~+349FkMK$6F=WiBUHq-ly6C+P2Cnc3^VN^G@(3u||Kpk- zDcMtXMDMJ~i2HrAO>g)n0hRi5n}G2ED_kPU3)9U+RofL2M2jrHlz|pui7eeU%AOZR zPg}Ij8Z=r^)7W|KiA}N3q+63-?i#W#Ue$=ja^g6r$R7r6mX*JxqiHoqiQRPv;Tn%i zmfO9#!jvYSd7>BcBDEG|xviTjLCR)x;?~Kut#1wHu!W{f0q4I00Y5@;Q!bcno2)wF z<2(DX=2X({%r9$p#g$ZfN$&55PK95~D4uZ0QX*^L<+qBJH*Vv6964Gh1;mKUtmxuB zZv6-+vx|amg|0o9Zp;*#R4PduE2Nj$xcVj_%>~%mV9u5!Z*&kV^ICn<_SW|$pYxU& zeR6&B6QELhj~2z8UpfDpKl-Cw`OO<2c_5~M@uTebQw)3d@90yM_W1V1NN+GW)uFAL zDMG>um)nUCyVrD23E@Ox-^Y5Bw3qMGaa|2Y!QJW&0Ub0~bMx0E>c@?ZX9Bxda3$7( zZ9#E&>c5q_kX3wsi~kC;oV#4&4c`}WYbalSI8pkzoNpz)R;xSdIAJF`n{GaFx~Jsh zNIEW=LD-WY6Hb1CTtR|4>5SP4wUl2AsD1+HA^5N7fd?wd6Ng=&G8rgIFjqYZ>3#4@ zm;CrT#Ebu80?}e9x;C#`o~8j<#e<@zcpq=9nbpV`YsaW}yH6aG*uBpIz8ks6Sr?-hLhk|4+ z#z2~aRa=%EHgWg~EFygXkm-arenh``|@qQVJ+yu?aPYv}x) ztRE=uO0IRo>HGTh$%V<&wi)Ot6AP9;2QWndSl@}1N$npU`MN<$Ty|y1&~Td!KHHPE zeX9N)G(of7Lb#Hbj2-rlL)y4_jzEEOa_NkF){ld^oJWWu&9X#j{YxqNh}jQHBXQ8k zBYZdnp$})%!sSg)tR-vIQm9-L`P3O>d?0 z`45$vnI=AVIwjxJTEG2Rwr(LTx-TVcD@97vQ4xODP&#_0ffvEOsu=0{JIVN`NS$BH zkvCBw_TPmTT+2m@iOKf5mKUSgsT*Y`GJ5h|1MC^bAK}HFk*zGUA-52|{iD0i-9pwBymFfV-8x zXC*F#=T|(`d0eLIX9G0r;R|5AqtB`XlL`A`-&nfE(6QyL{LIy6^I2)4G{SB65tgxW zWBQk*5eClJcIBf~iZPqH78SAECIfsaF=B}~%b(Yty_rTWW6dLXG*p1GcaK2^LU+5S z-Po9)J%_m)oA`suB_0i(`RbPZo{loJJF$G!$F4YAJ0~_*Mh_%fzgAW2d|wvpAdf zVbFE13d$0$tlvKoy4%E-u_I=>Z^P3_cvfvTba$Xuh9h zV_8pz#(ATPFs(cLy>?VXa>PS!4}^n3Zdy&{PZ#tU*AsHT1e);NQ`)KoLNF(^b>?>; zJ89s+04I0?QRZXg;qNaGEBLsSJB1tCO<2~~k!+kUeYLmnVtsD#_Ws1;OZ3C6SVla* zM{xi7h$_5ZE3skE`^NUdAzinr7;+4GBaN!cUzd2+{DP6&>~E&L3GylmHNx}zp)TGN z^gS*s-g7!~Z0`Psltm@Yu2@cdI|yTCXbJlKES|=d>BPYIGWh2Ct$|5tMLaVuPd|cv%a&bQity&<@=L?{1no(&|f75POR{mwHlMUh3rB z;0MRJQOP-`y{K>RL<^hSO|a~E{geYk!d5GHsV_Ut`GS^E^D%qyrV*sZ4NQCu1)0(l zIffxu53}U2o5yk2!GJ#pX^Lb0#r+m&DSZ5g%k>gF^EEqPNY8!L!rkPnvXk$+$+)O} zhbA}tiaZ$cKDy^0-?-5*AE354ZzsVlV{$35qUe2X(LjLMcA(A`FzH?>c2g^^c-+j5|vu%ux`^X@aN(7`5D(_ zf-52BIo{4co2^HZvzk{u#BsSnhF<01@`BNKW=R)*>!m*+{4#SOm-)1~skl$RHB&pC z$01ig8$jj*)~0fIIVoUm4iR-aPZF9SmVR4Z4OTcdBB;ssr28XM{?>L^-ENUsbz=Ua z8>`+l^}!F@Q9vF3)t(eNcd6p`Sb>4yRHXvm?Ckb=g6Q|&*c$$$xq&> z;C7lt;f+hSU1~A>4$fX+%;|}$RQb}11i5trVXr%aMrc0TL_dZCa)4g7 zm_qsbV2so!i^>>**BzU2OO5MbIuL-KZK$`|R;vqb&h10a((3!8arZZB26$Dkf^@*B zm713SqPS)|`%qq9WBYaM(B3!zBeoZ}kQ)*)jR>qRaAJG%T#KrA_8@R{woXcX5Tmo9 z)Hr7K8Y+DX#{r$@)JxtpjCam**8mw1*_GqO`O%I0-#(rkb}yx!6n+Ldi;r&<+Iei2 z{mubT2M}GI1WaWeeckBEw6)gH?Jp5$$<5|XPwf60+e;W0EX7t`)#cr7INH~S^p{9y1kJT#**;MQjY+?^wBgFA_*VXVE^&DOTSyJt5B7S3KeK zma!_&?e%m4aY=L)-^6>YI8r2SI*aiNKeq<-jKAQ};?Ok+reBQR=)!>`43HADcO-iz zr&Xd(lf({ z5g#f_$L9MtPNtF^4~G^Q@L-!oxbXa%*HeBctoziC>}k&u@}WbRO61Z&t~r_gXo|R& zOj_@a`bm_-_xvd5cWlMmY39?nSIKNrX}qEmYr53sE>q4Rp1rfCZp~9dk>*&M>=l+a z{xH@(%vB}?6>NM7W0&_e=jCF%ZZOwp_4Flq9M^3>mtlYp6I;k!U9mm11wOOD^|xh- z7T={pWg68_#fE11B%V((E}45r&7O>e#VmI!w=(x-p8$Z|5!Rr zd)NfKp^V(9{kgAi-xHT(EXG_1&J{#}2U|Z$?PD$6b*cF{2ZOmeu@voaMO7M8wfTsj zPhmXf%RZ<1o@v>)8Vi|U#xe0#-u{HEgaF^1| zzsyqd*>xhM>SOBp`F%2yD|$D7^bFzLn65UDxOcNzq1Ix24`;KFdzNzE&-&{2Y&1`t zVYGh)Qi>)8q3=53M1b!;s-<2e7C*-wDM&?`r822>SQ$elLxD22(<>|1Eq)TkINLLl zCT1m7T~%IUh3QH~MXv$%<^j|jRFAb*j=C@VhO*X3sHwrD|H;#x#wy)vtyw+U&cR>$m0VZq%;S&W&=)ypeb+nEl93KYO|!TOJBjh>In+ko0xd`Pv;2d*P;9*b z2PRANNvf}}UB0-_Ru*uM7PuGt#(a#s#jy%DT6;52En1x`)%<$Mr=dfpBy2D6i!8Sy z#HqA&ryS569aJN`l|310$-j+TWIiFGfo$dpF*hJ{$$;4Zf8#^}>#Tf0=_#fy%cYL#=O#M-hr+-M61zp_E-B+g@(}l(jD@?d7RwQThH7Wv06f19Y`>sBK4x z^s_mw-!htAV?EtnBs+FY{9rAHacSkfvv^5uDW*A`=lav}CteRyt@|9}^|XV7+!r@8 zjp(}i(%AonZ~VtygCMRa1)w*g*cz*jVI?!ON+C!~IP8;;Mr)}pRy--GxMO%Z$J{-` zShj{MSpDf#-p?Z+P@f((yB2qsp3+X*dk#&^@VX*|!?g0sw;^zF?+<#})t6$gzIi3$ z^6OLfu$s7P9E%7on3^54UMrL^|B96w5><_wUYfQmaT^h5gda?=Z)w1LTR9dTswWv2 z2NCUQqeE{U#1iZq3MRS&eSOc8oKSATSs5dUKyqg;+;sF<)Q|e};*7uka+k}N)b^4c z@2h`WQ7}>JqW`dlKZcE((o(lNL^vE?KyUJnP!#H4hgUlGF~YYdtgmtA>uyYc1`qGhcP58^Z|Rm&TKOsVS2q@XLrlW4Fm&I`iG4A@5b znR5)2!^-kWkINl#Ym?gcm0;%4Nfq-GCqGHA{UVSrXhMfx@F8tsw1_D$*!L~YrlOS1 zp~oGgu(D13MvCRqn;&!!aDcXBw>56#5TSy$_@WyZ$@!)mf$8SF?sx+qpCW=SvyFO9 zZ@r`z?_FyXo<;s}6CODV(7)*fs^ob_p{-mm*S*@S39`ErquSy`mUHFvLe2vVE5sQu zqOQrNEo+Cxju8Y~wGNVHmCE-s=W0C7)8l4&6kcRd>BD0e+&??KRl0&=QFoOYiMFo< ze(uRP3T&;ICjpSc&a;ij^PrBpnKv2IY~5>($+2n6rEu8@(a7$I$XScIi7>iv=-Drc zk7N&2@Ae#W>CC<1Sg!9$M5y=4v1XE_7Ed|KvF2+IC3&GxD(EH#$|_27E@i9u^!04S zGF^%?k!A{h!voBXDq;vTyBn&$$AH`~m1AdGjD8&Ri~QymGwfR%Bpc?yCM6Z8m~Zn1 zgYa}g)r_`Z_X7UO7hd{5-l;=O@27B_vH!Oi+c=h#I2Lj(ysb!4wUbMGYCnF(`l;(; z)QE83TjMmZ{isM&X5wpm6$`5g_Ye|wOKQ6 ztXI1Xd5<(GT6a%a9ac^(K6MXo7aP%ifrZR3g%kw=cjoyC-I?)29!cs-9zGu4ScOr` z@%#wCmxuU2*jEB`C1DLVuoUkJY_6PBlz{eh(>`WxyT5#jbuj_$x-o90hu><3sk@!BZNQGRMXvF(boFBaH4E5v-~TDWKQX2-%X0#*JM?31(e7@*^Plrw@sn zM^=*N->jq~6kr$uXPn5q^+0>hyNf!BCO?UzqiB%56<)a+fF+-9Fig{IxM9AU+dm##Z9KEEWfGR{}9+HIy8+ zE38}Ex+~M@3pA7wfFzBV(33@4CH?}rPj|fk9%dfL0(Z=Q=8hkpXSTW*8Qn_m9&Rt! z%X?Y|je-v`GKfGs2a#$_c7SA*#Y7Y4;a6Rfw=3^ixJu3-cwrHB8^jO`5#>nJl4Rf{ zh-I#zKU)Ukpc!oj?^mtKNBKEI*k#*C)YMSUL$JN5A~fH2+Gp&qq5|qG7F~2!!%G#2 zi0atYphiTULz!ZRl9bSp#fGoM@8XTP^%82Wy=uMIAs3+Qd*cc})??;_i>T@8KlNS} zU6PTgF=eGY_6Gg{H6?ByC4gyS{yTnhgq|j(7jXTGzr*`j#kj=QCs>o(CO&w14EHHr zNhnoECWUQBY;9CsoLMd?4S$#Es`I+2dzZ(2Zfdn){@0IfB1{}nw~D38GCy>GKZX&rQ38V8 zGKcvE&0G3|JG;>(OHcA%kLQ-P+()re^V&3MOf}Ez^i6ORDWr?w`8_eoJRU^!KhSFb z4hHxs9Azds#sB@Z&k+mSFU90&cfaJS1O24SG)vqgdy=LY^Y*Sm8I9ayS!Uha(WJ9! z4?SX0XQ#hqn&uG4i6vlT_7G&mym!L25!uu(@oYb1d0jkS2E`)Ab1N_S4owlqUy?aINTJ@+{&7BdzGzUcMA_P4m^MxSPo(+4WKh^L~J z%DcW|-JaeKCoT&1+=+BrV~~q12@q-iM8(j zdQsY)U(q>9r_BUYpetwgWgtKhpsX|JXw#O_xUgw1$n52d7c;9N32Ivz!fZ8T?RGTA z=ZO3BM>)?TRd-hIg6M3KR<7RSCfv~8%-60YfS;YW%$RfP2Ltlwi;T&(U8^@|$UStQ zK7D#vBPuU|kI!*k<4>CKw@-a|#L9a&tUAkM=_3;=E<~(@Q@xat>pu%vuefuv}Lp?X!9D^_pL%E?+nbb6|=-prKkuvb!%=|BA za%{%?!)xp7eMyo5t}7kqaR|4R(nZHO3Oqkv=kDKZr9W5>?j(TUnGiGoM#gRdHBZCa zTO-}Frqb1!_ouHqN1+IPcKMVHhoo7Z+E2@by5LG7mSefP_JOe)I%%~EN;O(ft-JvD zDUk7tF;TD-8z_6W_M?P2t7poc5z!k$qL(2#$_E1lDd=P>CfP=WlSh$_#Ntm@dJ`tz z$7p+u$D@}%hSjVL?X@b^pysJ2GXIkEiIUhyxx{fjV?W;b1YZfdiJ4bNmqX&rZ$4k? z5T}h}p{Lt?vKS=ZaWv53ePGvXzg<@j{s!I1QUAdbrPIx!cn=c9G6~O5=G+g$w34%;#F>xY-DkCk{r(MquqAxH|<$OrFX+0Q_ zaQo(TQ+aCN9xb{F2ws^}>HFhprGJWl^&QTNVM3%Ior2+n)j`1zM7B!SM>lEdxuF6J z!-*oUqp^|_ddKBXzLV9r8TB5dyrNJEmB!>|7pZosFH+3S7X*t$8+=%HN_zpKCaNWt zrZ7tJ^3eWX;%&=yuGS$R4Rpac0T$0(_r;|t(oEAG(Y7pa{&~=|9&%46$Vm4rn&kEq z%frYccI~dvA0+445PdfRx0Jj8^s0++HE^f{|xZ7jAC zOH)zLimyG&lgdaz<0P=(Z8nw8qZmQ(+5=PO22h*5Q%x+(ppRiOjM~ zNkxSgT^*NBv<@fL6SYWh{&3#ZsQZ`usC!n%@!YaM<~P2#fW>%k%mEMFdxDs_9|F>E z)tvp302^^dSnCcv z9+_2$&)K>XIfcwQ7*`!Ey~eHRoUT57z6`yD#X8Pik7ODy8dHI8PQf`aC$+s%x*)+4 zYy<`AR8D$4yhNFO&@5B2H>h$K&cxIndTm(46Ck0hBZ_gk` zyZD2W5nlcg&+lXTb5w!WZU56l8AT2U_b^vBzFfMaH@CWH`KkPL1A`S@UFMiNUKe423`Q-*ZNfX2L<)^V8xTL8 z{Mj^eGl}#{)%@RvYZjW|#R>WhSB1L=OnV>X`52eqfBJcv5Al#+KcTTw)Cv^@=3CBfNMRV_vA{pgsz;B(Qs{66Z)$7ha#B}?oPLFr;^3MfKh))3 zgj8#(|CDM7LWTY>54X-N2?!;?5pE5Px+cSqSsqbTcJ*nQyF|lAHtTFqfb`V)JPn)u zZ1~1kV)Kq}52hj6T7x&n`EAP0sw{ZAPvTjUeMPjWEFPW!{yjh4;)&oJO`#&+rYu)U z;h(%_lmFw0?SUsLanC?=!y2@p(F+9$j+45!UI~h##FSbS%bc8To|UV3vGH8LXMvBdn=pIbjk(ZxJUkeW(nT;+vKP-itRAkOt7<;sKcA8oD1R>c<3>KY<70CvHapJtBi( zP#vGPZNJ&)X|p!Zp>4LX{jg#pJ?0_<^j_dcrui#Lc6EP#T=)IpSDxcO&-bk(B<+eF5L?D<{dx82P&@^cI<* zIz(GcvMy7g=3jJ8N5pkzqpa;goN8rh9<{45t14_rNh0DDbbHl;Ri!XwG-@rv9Jb?M zq*&`)Q=Fx~fof@wYy5bL9_0OYAP*ZA%8Y@Q75lUrrHL_sXOviVBirf-31cr_JPc@_ zJL1Plc#b4W0n;xpd1hwci%w56UhJx?m6wDwI_f!%K1j*x?(Jbr{GVGJ^TXF|nS6xh zIfJ2!jmoi3y{g}b@#6*|sl(;Y^B93K&0Hc1jCP*dJs$DcyEX2&XzuRC3nmRhw=a==f?rkki!N#ARWAXr5NOzqVIaXZi*lYZIMT57kp%N zpvuZSkA?_q0#+X%=~Rzzv{X2*i+0}tVFWdzPl5^DI9R?Od{Z)IUM_LcG>^~i*SlVa z!7A5)28CymXD_j%>Sw;?cnr{K+@i79YM9C7XJ1zCHTjxs+>`%q_nK1A zdxQ!W=DCZ-~;?P>+#+NmlNwb+^NsNT=}?OR|k?X>YD*AKkX&H%eC!b)umYPJ9aCU7a(3wGP zbZ;k&=X!?IukZP_Quj5J9!t%G9K*-CqF`{vw!u_naLKfPDv_;hX%nsA-CUtb&~{Ww zbbV{(5Q_>C^Ku<*t?MU2k1I+fItDRAU^cfkNmq+r33@KP#8S|vIiT;z3SKuOY-uuN z=bM=N%5kAoiZG&JPtt3XA;b=qmn?NQOD>HRIJV!@>}uaGp8sIoQ5@J7D-=^0&3!Vz z9W(|3OC-7Lo%IZIhH$zyDy5Gl(A|rc15ldK%NZWx91#f#xU2kd7Fjh~i+DZj!Lp>s zrjPTk0gg#3W{WVI2wQ=fNvpgfpd}$8@iFSgC}?@r{{jMVLX9>se!va;xMe*mTF#p} z=4`$7{Y9@;TSBO(i&$#Am`KEe6@-MCFa{P`T%h)#RestrXnjz>n{PEROW3O|_9Yph z`UgktI{eJMN@C4XV0kuqcqBK_ZE@7ygWxyM=8qV*tnCPVpT5aFK0=CLgx*WE9r$vn zJTU_-JRcErrIdc`^d>`Ed!+_XKX0y~NQwKk$S#Y|^4a+N_V?@L8I&973pjKp)df(y zV#AaY#MpW61;%Yh^U2`jUm{=vH`llQXoiC$pZy?fc$3X@4~a@?O!o8`1@}RE$RK<; z4RcUd4TS)4GrX~$xkcvx>oo_*o<|hOmZim2ZW;w9)Czg4fG$ty9)wM!OVkb)#-F1Y zkkN{K6KY(~W~lUy`DFT`#ufN;pltFlK%d0NUxxBZ*1rw!STjRf{!&>Ud*WGwk1x=d zn-wV&T(Z_b z28)!9N1Pqh0Xa?u7=`|FZeRJjC#?Bk;KYxN${eX2En&BfPmErv;lPlVwPYIAy`o#G zHOYwwc~y!-d*rKp#D8!sap+kvzmX=^E|$fp>{_hEV6*?G6WPe62;F`Cxb@)U8N&Pc zMKeFHyvy?WV3GrUud8YG>(j$%VH}m=`=_|AAEa~u%Muy! zygTNKR=c{hjjvNYv(?1V7m=|LZAoLsf;yQXq4`_P<9QNVRODqv_KJM=8piI!M)LLd z-`%>)TqD$y)ooF1Unh;*YnFrJ77ajw#F)qX6Q`7b8(m`8 z-jrp$9IuCT%X4kndqJU29SX1SZ9 z*>g~@e0}R{4q4UX&d0B4KBn}mA>8UPw`I@RrDQ*}y?hBnCwSkc*IqWC1Vd~PA>rtl z2zrafEM8xmpK10b=_zl6KfFCJRK0BRI97 z^%A>2qb+`fGME(LqyhRpcA7MW{TM_#B$z{a8nc0|`jvE;pV|&PvbeOfuh=#2BBjqQ zaL#OZn!Y6t zcGTZAidP5~%i~UO&rFdCzO`__AF)7ccfwh$ezJ?qexLYPRQ3)t9iFA_Vzi)dKW~@n1 zk}5fw89P+{AvK3qd-l}f!Z?HMf6t*mQra~XCoGaUlyb_#!%B08Y_ZHxUtfw4tKWgI zm?LCTXl1F&enQO*7IobbY|lsd)ZxP3rTiX@aM%x(n0Q6<=#QQ7V*x}@Oaihg=B_i3 z6FiANeyZjs_;!#(r_YcB1niA{xb@TYq!iPtK74zy6>O?uxA9z_u+M@a*oe1@2Zve(wGPuxcDi%N*tW(8Af}xKne-DklmTDMj0cie zE8USw5;e-k^drYyuNv^Z0PZrK)IU9ZrzVH}nnX09DlC9Hz})@&y!ekoK_=ZD$$I~~ zhyPtHWyit0-*Y*2xG)+S_%Sd2?h!;C4>-y3{%s-p58D`%Yclmb1TyrU_jem(#UqH? z&s&^%Ojte9yT4EdwkOVT3M_1+zVmnc$iu2ALc;BezHkB|dwPnqa&VbG^8$8~mi0N;cE@FD)6f!4pR)|Ub7VnGFS zFAfBkd=;qvzG;UZkFTQSJL}^U_}>rh__xe{hdJJEyu*e4BToOb$p0fwCvwLA5vP+y zE&dUwf5hn@WA|@{?Qb0LufO9Q!%Yd?7Q&2VehNZUkAIVGJv*WMd5MY=dzvTo%5 zX7jvk;Su1u-v71z#R;oq0Rr&N15epbl@vI^$cPEgoSv%-Zps2#!6do2zj` zQ0dBp!7MW5fpRlaCp|{MelS3$b<1BuHkp!|ZNFj^dO$GsBU1V5*RO3phEdN)oujgTg8GbnIOjo@;SHwE}od;7} zMxPO^Zf^6vmAdQH8f<>&=b9KucPGU|ciGgZ@3>bj#%LN_ee3v2iey~+oC`L(df`S- zwx<3Kx!8VFeQgfo&O|(D@lr;DXvC_^M6*LR2(z{ z3`_LAIw)tk0dF4tRbBNb>oCwg^e)VyNbc0 zS}IU1nZ}o2KXPRTNy2F9@TqPd#C%ejz>upU2+c)n_KE%gY`*{5!pMBRw(<$GUw`ETy>&}q% zSeyEva@T)6$+jO?0Zm57b6Ok5i+H7{D@9+<%M@scD98W$e&B4F;KRp@!=EJ$MM~8B z{R=Ja(i9Vva75&)oAg2@4r621I&imQZmu|Ru%YCAl(IUpePNmsCdR0vDS~N2WbH!(A;p$B`|ErM7-DOsLA` z$lhzgV#yn`JabLqY{F0X%6zu>MWBc^dBbz>_Ay&~r%5xFM$TwKAzm)(CMF@H&}9h3 zXoh5pbLI8@_5>8T1iTj0cYu!UwyT`}asA=POoag_)|KxmO;IB7k1Wbb(1z=)BbDy+ zyUV?n=r)EAOL=-l>7>+ma(k@0b&TT$IQPq;m9>Fr9yl#ey7l~YD=T)bnH6`BcBINf z9pMH2xp{W8m#jhDPS{1QVS{#K_tk;be(XT+Y-YRrY?o9xE2dPA?w~oIz0&@&@q)O^ zc1X2BwSoWjyu4(bD&GGidEfGViM0kpcHo54&pStP(-2%JmNvK!LH z^yU~Ef&q>1dtS}^(dyl8d|%EW>>^>I6z7JZpRCUCmFRJ&8T)K?#@6VzmcnwizTUul zP4fE}{Ab4Z3G{6CmLg!)-!89z#Xg?u(_%6uz5fj}B5+p=_dQf3INzu;+Xw17+ceeO zNxvo*s|?WvV^wJ1D>85PZQQOf6=UL39+hy>hR_c2IDTaMvQPJE{UU z@}l{b_|iW42#q1~cx{JI$C_hi)(wt6E54I@<{YEB z;S~Y5_YrqKEtkethEk;~6lsME`YdExYvs{ry%uQDYBMP3b^CcSXS7`!mTmTqM%ubg zpC}$5KYy8{+O&JY^u;U1jYk7t>?9CGN8SWx?|ya z37v`uDKdetdx&`Gxt&@BZK%)l(05lzh3fcA{-s%qhkw9z6x7%^m5gpYVM{JxYyEZ~ zfWeW_wZDE2k^x=&$vF9-f4ixy+-~fP6coGBG0<)C6Wi}u@!ffDAS2;9K0%2MS_!vO zr)M`>{8dkCd^RHiHGgAF1z471)7^x*j?%Pz!%Bt+j&Uy$y9I`FG5m2697d^m`uuF7 zKPwo$aznEFvh8w-Lk#-zjnwn#!mnXE_nh{MqnyLUB&Fj-yp-P2vyzt6-mWwPG$4uIzuX4`Ikf-7MZy4$!OY) z3pa`AsAkU6Qq2nN?NNdtP=k@$LZhy!Vg0nqu zn&!&~2F7C=nuuXJDibW2HTi;>&-eXv*QT%AJ97iRbK+CPL1I$xlV!VxrZYCkgWi>4 z`@9I1jrz!qWYvIjGTMIQF>jn^&k%%ByFjyfXK!(+n0IvOX0Ta`k>yxgju8~&I`0zx z*6bRzWbBG*^WNJ2bEyP2sq8RP3W~nhk0gsdQQAfc-xyufmvgKbH1+{TMiyP<5{?tb;;lZD)d2WT!+mfH`zu5+_U!0kuB>AV^Dy#B=b zqj!NAj+&A((V;K5x275q*JsGm5kO0|re9*4EJ;KzTo5BNO*s3tPFfG0t`wVC?raau z8WUBmdO%WQJJ4&n&g8n(-%EN+=kx)Nc6C=UiIDB|-4jkCOn~DDq1V!yv6I1MdRyJ?4Uz4A4`Q|*E)@ViGplBneIBU_T#GMG z_$jv>JDl8x)|jin#JhDk_LT8z3Po(_0uTe`ctN9e^n>`C<;;bmH=*Hd+V)UW?|VMq zefNX9KVye_iBDD86XLaSZoAL+i*-RhlMsKp`oiOEq+V!N02yOufwm8AR?r;^b5z(Y z9BZevG*<2$0J`q4+wp2M-@UmtR`s;oW8`xvaM2W_xg~$7-|XAS3gz?q|JZxWu&Dd( zee?lA6bl4I8Us-fkd{UfP`ZYOLAtve6;V<|1WD-}hHe-X1?e2R8-^5y9{7I--2bz; zzu(^5=e#`Ec{#*2-|r{Zy4PCwx>ti^BLgH`Q4Pu>aGjE5;ue8)od0S*$;kzuBQR>tem)Hbp`_@pEb+S?z8X$& zTZ{s;|^*FP1N^yHI|7@*67K|QbQayEKzh+VPwl!ZZi@;r9XwC z?~>XL{ss&U!%|YNk7%{+8HmO~3j<9?8ORnORm_EKkMQ z+{jvAQB+{lBvX#_=sv&a?&qbxOj__gn_m3((I45gt}Rxg9wi>V%tcc7VGdJ32j)^Wm;RRe zESthaXvY{V>bc6+tZ5F{LuUJ;Y15v=N>9uX_vnXp&t`P|_VO46<$c&?HMtwg(%;S)Y=?#$@C99t`-ayt-7E~!Le_0r;&_J%(b^zVc1N2pj4T$F3Dnc#Vks>k zs>M4Znb`Onw+u_4;rTM80}~;@)3)L;Zcde?^?D*Nr1ONWdOdlwWd%f{?6tn*a#&P- zzgBN!UTRO233h1jFL9A#Mv%^l(JgRBv)Iz#$-R5mPV<3HXvrGCU#-1=nB(@=r_3_V z#?Yp|;WA4_)W^1wk9J!ElI_}3;rG+tr^zIdHbtQJlG!w8+u&`DKxOlrvV6|*=NrE) zXgo80G?~ETtG|NYTj)0Qo+h^qWfQB?qv_AqFT)_Ep5pO>cG^g0HAmfqD$^{b3^^+r z`0iJSx{3H5;r!{py$EiRDm7~kCT$7WRO&F?Y-VY%-x0nGYiP6f=hmd0 zd`BbkbVe?An&!K)rCT=hZAJarwkUc0kj|zHY_*2LNJ%mxTMJAOU7vRj4rc%EO~J1{ zD_!l4cj$={3;5g*pUgHz?1Umh0LRU2`P)5JMDkg@>b+HuEq2u)*V@d@y#w@W-Woy+ zC1?!hn%q7q2GRU;vgvhR2{%Y}@h0khH<0qPl# zhlnBPh0J9>drgKamz7*-KgKhl${HF9gja+OHiO`5%-_@(C*%+z6Yum`j?GJuH~M{j z%f`JbgBQ6Sws9>$+*TtkD`IU+@Zli6`%rSo>LPHzM3&vPm#BTgXoVcW++I5-48Eu|}H4r;Q zTVJXw?e_|u%$mrVBe^t`STxENriBlB6$OW&4jj9MWKiY@4-|SbWV)9>aprOW+cwR4 zzG}b%o~0AePDn^tSX+JE(jkIc53g?^KVrMPJSDC}ctN>@vSe$ksACB<`x={A^uaO$ zBePBGkB>4yTbCw=O|77CsW%7C63dgN6Z^4`uir;I5pMUga;VBA3^n`o0Fu+M07-#A zpJ&U|{UJy*-RJ&09cPHn5r*0%zqFY^xJHr-b%9d25c4sC27 z&D|6uxYU~sx5lSSCUbPqpD~%<%4g?0p7MVHxvR!62VHT2wf79zvp8g6ux|3(JrXo@O}NoQkj zl|$q9(E6~uL)0Z4ydx~(k`BiYG?Juw%|V3L2OKz*y2}+>XPoD@s?XjJ5{$lO>kB zD|BTz7xT6!9hDSNXwlOUvNTW{*~lBkXrmiK%iC2cZ24vb|A@^-_K8cpC|#m&-MYMp zvY#YvS62#ld@6TYL~m@Fc}m%s+fLpY+(CQ8{#Q*sWW>Ztfkx6)H(osmp%jqY`#IbH z&JTlb>xYVac=yj!34TVX!UJ_1?3ANcK``6$Jy}C8Mp*2MaI~z*@zzUsFMA6P#B@Rx zCYDQsqYe7A0-bhnig(M#HsY7O=w&I};yC32-rEYYQy?dK>6|NS zl>F}co7cgVRwWw;`%v`A1#u^kszbt+#mGa5E>Yp08vzSydrW|bd*7T84?nne|~q|U-TOq6l26&kqs1uWvzP5Vky zPi;;0X3{WUk zg{s~I6$SyCTxJWIV=LqDp1kGu*-)}b^XJY%bbaDj#%EhUtG|K0{5Zs(^>snsy;j->l`NT~Aje+#4 ze~1{~Q3ODPtH-{g`!^ZTb<-VGlfJQ15kID-ZM7s5V}<3U0#mk2c3bU-8!C z&8aQRCvq@msr81up;8@eyg=UfIq6m|CKLJ|h<2gB5O6OQZAc{uR&eiCSFoQSEvS(D z9A+U(e_Qd*HC7!~2iz@_#L(_Sh9GJr|FQ7F$mSAqr>}oy6dzB2-@U5nY7{^dSg@dJ z`jY*|QJ5?hq%nG=#yEuiMh*Pn{9;~*OHXv`K#2nZrq;VgI;6~*ipM(pO0%aS&DJk8 zsFB`DB5ykJZnAIVu)=}M?d!vN?nXI~gXMQz%C_XQSBG{cKG;^>t+x|OM_@f}`CDZc z$xTcQbX>%7{avG0GeyK;+dNMh@PWCjIs%f+sE`7*)Q0|2Z%F`TC;svMwa6odkXW9w z=1^+>r_elgVwik_+yKBWUN$)hjkGVA0}0euERO#C{1z$cbyF#6gT?-WarH_&f|=e1(qZ zDV6u}=>GfTGiKeH>Kjw$o%wIcJfFVjdOL!TXFtWKhKJNX{G+knax`rAc zevyCq2-A2`x>Y0p$rn(%>Y*7f>$;Po;}VP71T`rZ9cwX1I&ss^S!`zRwAv8+s@*LA&E1KN>s<*a? zqgF6iL{w7ll-(JC0?fa+Ij_F9r>`DeMCma53Is8z?@_u1?f$P{XDhzs=l9qTE($hi zq%vTBcw3!w{=Ui*S60Xs@$p{r20~)#kF3S2Zsl&%>8%P+KIUpbO0^j*$SxGEkTiyY zz&VCit0}a=~!6^!nkd0ZyTxn5nW6>y9$U*FBf=Wz^N)~M=r+8qdTum66H-^q) z_FR!dudlD$s`Z%HBx9n=@t6AGtYW3!cj6g&qgzrN{kceyC1h68X2XG@7=02bR+S^p z;8N(it7ZKZ$@-SneHZeP`n*^9{>&a5wZLZ!^7h5Ad9wWI9{a@NXSe>1%l@BU{gC{` zQfQ&ee0`e^7550Ub>M!R7v|;AaTQ#hm*rCmrB$;?56+aZcZcSS2dh|j`_+7KxFu-3~kWFJ+#@Nu429uGtw&ia2JQpj`-<$8V(>``Xt+@1la}5iH5612UBwRp# zmnQ#kL+p-)KaONP!Ifn-fN5{~3sLt|`_!dnU<|znz_L`_ zOkYu~mGy9;IMA>R+I-?7a0VCDdzN_h-n2&kMIF00{4{~XAIRMru9jJMJ(<2EU&LAk zvbW?@o2zZU9p%p=VB=q1#$jE)V>Q$|`A6x`VpT~p+JWmh1u5Mu-Ay6v4Y1bQ%&c&NfbGSwoF!0(YClU8l=m(acE3z-wdVcKfkpB(nDy$Xv~cg^Fg^QRL^l7zE)T0RCtPS&b4=c-E)Azy~TjY zL6K$U#YISwoKTJWmJx$=LaSh!u!QJ@BoMxu530>vt=U(fo$H8CX(DORI9NS;yYGn& z^!m>kR%qq3>#%$xe^y5n3zEF$BSk}*YRsD~O`Bkr zo>tF*x&GBQBwn($@zd#ml5w-CR~@9pw8ZG2G+`?j&qar1a6G2xw&+)DQc8=P?z!lY z3*9Md2%)ixPUyl`+4mRkfpFMmJll$(=6SK(z2*1j{n^=@^X(c|gP3$XJG^`%^V|T5hCcWcb%k(O&}&84d;8y z4`gvG?Pm+oMhCkx*LV??wA9p@52jmI6G|Bq-5Pe84)sv>FNe4tC+cwI#f9?T5$Vg+ zwj>C}PI@XghEgLT(-&$AMrEc!oPAfPa*MFa^-*IOZBUOupsYYvFx&b0)=y#-oJIw; z4}6xko=xXq8bk7b=#IX5bMQ(6>{ZeDoZ6bhd|OVgM&S}RCJZF?aQw2nUnpYvHYAdk zg9;<};cob48o}!sE~~D>&}t7!twVA88`yb99cOTzDmCjl#Eyn@3U{X;*4SDi@^sEY z#)7lZUkvy@uvq={*uNgouG?L>LQp(!n0Ylr3Z|lAFR|2-rQ@UC=)owi`}U5~jmv*d zoS>HgDJJ%xBM5Sg5Qqz!$Dl$~4-Lx+g*IMoAdkk8SzfW%1<0N7{Txg>8q^blPIhxg z4x7!wfd<$1RFy5wg`9I@K^J#3ATTA~(BhS>5YDK)tbR2rQljgrTYI!&D#5;@w=e(s zL%oRtsWR7s(Sul^vvlC1XL6+#euTiRdYBKCzeURA%*mqXOJVFh&qV1ZXj!pw$PV`C zfWFM@??TV-)Qd1J1gX2Wk zB{QehpKl>~*7215KC2@%Ye^?=x31=7u23EMtuS9-whv}!{)iTR^6Y?{QHMbb>yJ|5 z;ufU;%y|JAOU>^Ya#(dQ_V{m-A7-yPp6~(aw@>oS-@J>zA#UUN?G9u5*Y0clyd)GS zf&f~znQR|fg8HZ3Q$k(2mtV$$noNc}n(D5gpf*4;%BBl$bj2|bVt3iXQeN#zxS9X= z_3=9ZLxJir>({2b2tf5ibo$!q|E!XL1p`!Pc2Xcjn=_K4W`mD^wxKfoJV^tp?g&%B zYGd-HbY&P7ssFvit%q)@yTYJ4=BEUWomIJJ2xarJ?NRxdapdtnDsq1#fX=|lrcJX1 ztyp2NI!MuzZhlnlR!|xC*p9rMeERNc&CKQh{-8K`hhPnTeQMZDY|evWw!dZ})vcY> z%GbYtW}w%D|12b9CcRE{;42!iZB^oh;_(n5YZ9Gi{@h z$gcwd%s#+rINIezu&)1ftj z$k_5)H8>=zSkzWW+&8{Q!8U`)S-NLi$WtN*4;$%*Dhy1DHxuMY?<$D)!vieV#)J|A zZO1O)?&wpyB@L_miS$sN7m%o#sPz^~5CAg?oxww109N z60sx&iV_zpAcCqRZ~m(*BkJVP@9I|*6XmOY@)h-{Q37JSWTcgjtEOz*H0F%-wgjIK zb~$kT4t8fdx&Pp_AWr&|;r~m2vM-zWIY8xy)Pl-Gt>={-)s-Ptf`jdqw7NR_8ua$C zd$rz;*_K3T(!7|{LLCmEVM%&8uWj$rzm2%9xOhdH+2;ti`4eZ<2?6Hds84q~p+qDX zxvJw+QNz2Gy4;&ZrvM7+D(f4Kk=)YPKx|?TxG|d5w&B~Wqa-=}BV-(jn=gG1qFBB7 z<3)TP5p1vZM=^gy?TmZ(gv9cWj$WI0C;+Oymc8nOg+@L5XjF;i;?9pPehJ|mq&bo_?zfXqlro$p^x%iZEl5e)quBFDL8Er|7j4wD2g zRikFl)Yyj2OV>N)$=P1zM&^p+&@6n;VGE^eng4oq2CMNFMr*^s@gCAI{uCi8pP&?a?@PYbM zcqf#8gbm*n+us^0HcPqInrK7DtdkxbD5&+Vhb6q-X1rFm$hbY&v0d!~~@4808W=ZBRZ)!fB0>nyAc=S5iIec6AUbjUg`Pp;;RSjpnm~ zWL-m3|7dyoj|GJ>tp2!_A{`POdC5+$(}{q-mrl-{E2XM9txOhUQF`w(3nQsB%f6we z{7!`cn5-8cxYIr=D?0JXB%zB@$U`GO3tIJY$Z_Fw09`vB%z@W>taE_fU__3IRpGO* zW|>t+Yr`vVmti#O*mS+lPt!!kI1J45X-?pA3f$j9!9fr&!D1{kfk?8BuL2eJ*km0C zSUu2}f!A(lYnGUiuLw83b=#aXpDQ*Ct*_dr8uqPwH(Adz4_D3W{qmAP1@Wb^-I)zq zn@eaUQW#3-wZ(qvy5PXjak;k+P;U4(WYd@IFGZR3V!AOjOE+E%=ZXnFt3Z5}GjfxS z6bbcNQL>n(b#NH**zYw%W@(HXJWPfRm%5{o{lz}V!rWH9KhpZ5U8V(StJ$x;6ng>5 zQKhL-t1QM9baZH;^U0K7OQ`hRlS;k1+MxLQA_bS(kYi4sVts%aG8+=UYDaC@_8u~Q zN4D_t0eaCW812;OUG$L!QaD2us?UCeK}R_)^?*@RU5cF-39#a#6%O;xae-Sqal}KW zqlKU3DAu~297-&=?9O;~*934FwJ+c2usd{Rj-C?ya`{jC?Xg`{`RDsq&4IsSk-?n8 z;sF4%fzzn!isUo88NwFXR>|ev!pAc1)TdLRo_LF%$RgX7Y)e&CuOnepDuN$YyQ`m7 zYBid@jv{t1o-hF0Qu&@iKHWkMp7p3^h~Hsu+w~kFVfVLt%8_Hc_U-^Vu;^4i1-gLU zdz}vMceR`&S)gMv=WM*c)Ea?AmMV^|Ofz7<=D)u!m+f2k7Yws1fH^v_`S_i)gEX9P zQP^szxRTWQ8H*MdlHEY58a0<`u$eAG%1ysMFpZC_vJt^2z_&Okwc4LNSSzt;bT;Bu z<-4o7B`yRl&V(S}Bmp7|+PvRL%+6A{kI(L!159R=Zv`lbdBPLfF0ud?f`8 zs5u8T-Gd)X20?d1ig(t$y7n#PSQEKj@*Y3Fsxf)FQR+5eDGjo@d6=!9E1HN^wR*=gcJBxj z#kBMhT_lTzTkbKM9KAZo*?r5EQqn7=vw7P8f<@2kkfpv7hg1)0f?1{yYG}%mTr$dR zNRH*9^H-R(vF(H(R~F6pWDIxxLnl;!RE4+r_^CgB*n)?DHrt`hx}o`M$6_F{u{s(l zWi?X%NDZ#jLn1Gj#5?Xjysxv&tNPWnzcMmUyMo5mwuB3A(*8kX+y~Kj{XifX$@$pn zaQ8eoPnN-dG+!MnL7_*IJBqwYl&=-Ne_B<}mp_4^E-4mzS%OUOe)dIHGGAGk`K}eA zGa4Dv#s{#SVxSL&q^RB=Idp-_;HsTWEZ^JRfsN_*n|UN}>)W9U2S8V5q4W8?lS8A^ zH zrdn>!Aam4U@R3+(ughrR{Ewt00G;jLf8%%61DY?E3+@`B{GbZUVfYjtp3-m^(4IKp zUfr;un>TO5Uw2i5r1xFLZvOFPGv!av7DOyd9th82keu4S=;3z@u!n>l(dYKCkb5U+bWu~b+#h`C{(Y~T_ zO;e69fjx>9CF3A&g>q+*eBa zL)d1Htz{fnDYL2#luF&~7bYIp zLE`i^EARqC+}VrWX)Wy@)B<_X>cofM)gM`Orpig-2)j$?qP=poYvYD(eFt&mL1kMr zG8+OZuqUGta#p#t)XOd}KE&^`XbyX~j;aKPxk@e7BGdyUM_~NiIg+tYK^{Y^W`D`T zdR!wlaLR7NOmJ8KzHw8W#&n3De+5YNXji$6UM_yvpx-!(#GNV_r_!USGn}oRHEK3Od%emMu0|1+PK(rwG`BfaZKJteY5|EnnXkwg zD1WNpOKp}#!NWBYqBooxan|dqqMscy zE)V@|G%mApSv8m8@kz=owH`~BqZzJZnO-!+?9-uYy6M!R^EN}7imCdc&j#m;=LqQ{ z!z;e}Rk0w?WN}%v3!;<|!ZpRK^G@yh;2z2?({gy0(|SKVra2f%)8ZA{IlQp%z2efK zHc!Bh3h9v3K7%_Kwd#Rhm@LSO1`LM?AdhUFir5*|#ni?13OlS)GY~$@6|Sj7^+Wq4 z&Fh_%Jcd1P3rfV8Mv^f8p0FELf!nUTJxl#ah+`w!hLAS5F@4aMm;xc?%;pG`}5tNEJvTt{(DV(h+p;2yR`nAS z#!#0yRX~tZ?w7AbHP13{!z%f{W*05h!ga@$1ntn}(j&M!9}G3_Q#c;_#Tov+KDkg5v%%eJH zC7;^WJmLl3@TmdW>vHQ2nkxkW_w=Z9sfm~lWESZ9)VzA};)VXQyEcGTt}$FzmE9Tg zKr8$N39F8VLa1BG9xU}{rYpZTk{Nz^MJV%my`)ACXL%n9I-wboov9R=ttj8|6q9q ziSrou4A(~eh!n})cy?hfU6;l2hTCQi%{eYSxVU3>TPiIzAg>M0wn3J{xG9FU@%1p3 zP^Xy%Vt;>s;8q^!RJ$rh=BV^2%Zt!V6XIg4Dbuen2?-@Tc~8wWHGkj>5{6c)kTirj zd~_lwdcel2Ui{?Q`#bElowZsZ@9p$4tkU51xmG}+fgR71&p+AAoYi+&MuF*IhR?VS z+D~j+dI*)-ajlos``d4gDVPbP=Ru(|yT&8MCuz*{nuAjSMbZ4-+qc7qip`UB1YGWc znqJXdt8$@XQ*V-&meqJA3s2a}eFxs@8>JCL0I{?}&g@^JHiQw`PS0J!*kIgO#xPOs zar`OLQEZD-X+eD+tNlKok>llfc&$|Cy}4|jrS?-T$a6vqXPdJmU_(QdZbke~ z%X;yfTVZ>;udn+BErTv03xnA=@&@XB$y)(NDj8$2I>}>iFUMP79ZbKodtadw&J`oL zqS@Bi*R2fY!>YLc=9m7*N8d7#wQ`m2ZbXA!Wq;WA>)ME)UYm7=>~EBtb7Fl9d^WBA z*6VxTI!BF9&s^66We8M?U=s|pJxq`{LfH>o< zy9rXtyml`NjlG^C^0YF9YdrW`hAXB~Aaiv;bUu;SCDd3hF)s@0rm+G#b}S#0uMD|# zwtNpX8=PW@d1zN1NO~_hZ`5O9<}FFKT9s;C{Z$uET77}6QDxD(i%DAxP8LRQiNylU z(MvYTHA}^2J*GpggMEADXYmS+Jf0df$mTb=mM}$Kj+kopWA+c_7EF5Mus`CbxR^`DL z@F!cr3oMwca!-I0uwXZMWPfdi(dky`U5<|`%uuSD=TJ{EMODNu74F*zec&&Uh^i)| z-rb*ogy{NwYe|s-*(|5-r(|O}zM_F2nz%hyaV@%!$_oUvHX&l>KeS6Kha}Vz{0E&P*9ThZwt+OIR*K@;2_7o@u7VOB2Y!+AUEU$2xk7bwW zdSIMD0!ypNxb@A(SSIPOrm zNZjVbD$TkP1nW`-f%4s`0@pf*X-yczfg|_f>wW@C92|IrME1HaKHduuxQa>vG_>8Hv? z${uZ#61i5}-axPL)|q>By}*y*H!3Vy+n3i9^+l&`2Nat0f0T_4hA+t5)=$J46P>{ktMunal4GkEOGv6U4%2cU%&!h%pb-3z{Y$i*=e|(i{x>x)8M8OMuSRS?# z4=Ra^2DfGk?ds234gL%;@5@dB**8_dM+|J96l7IjutW2FWob}QR=ZVQFdNp^Zo$5? zMfdQ>QVxZy=_trX(TY&OT$8@~L(06*pgfPqYU0=KmwxPGn)#zdnl3hxW~2axfJB;F zck!=8+77rtx2u7T5MLT&ut#lh&5f;q$=i&@lMCO68LP{|9|uKSXWQf9spjn}S@ezU zNl$}@SV!*_!BUd9LbA=PV<}My-rE!wO4}KUp}oK@z$%q9yhYh+lw_Pj;FVB>x6ZTo zw-se@{5m@oK0We{_gU@y>VKgakWoG2eE~-2 zzDk-o1d^-$oeAMO`52SGt+g^-HqPIka4UoTOI0cIIJV)FTm#;ol~$Q%|I|STxLna* zFi1vTv*%WL>pO8k)66};oanf6HK#GtYUCiv4sI|ENM=K&*0T?Td&a9MuDA$X+nn`K z7n2Om->))8^J-R`hF_+A`1$i^`q}2lmgs?Tbw2yK;)Z06yTUkrAF`Cp_j3mcFB3Xf zI<9m-1MNmLg3hDQOmguac+O;i9`=%S`PgLq&ABSwP`hz$aXm03iUajPEg)LhDUeud zAU8mx$&Iolo_d@_ul+1l z?~1P)cWMQ8nCRaLNnQ>)vdk?SetGs{=aq4|6K!L01g8lr(86udFx<*i+&7<%YM(A& z2Fa`P;R4gVvt1yv1%3C~MJ*;F1<`_T_6&0G)v@hy9khw+%=e@5r$~q%tf5BIazJNq z??|ME4{QmN0#nt~;W{!KDgGo?gZ}7bdc3w?tW@KEkXPJ zy9XdpeAgVu5gsGF^R69QlgEB6kR8;2(~`;z{B24JQ*9JjyfasXw?4;k+hhf7&a2t3 z!`O156`tRtTSer9$k~)uG@T5{h!(mlQd-}(IW6_~h+Q#qNj~WX42Ixi69|Iyl@5S% zxQD+7;L+kr*|_qMqZtT+%H703^w=9W$O+mKS?Bkv1}oIS*LD1I)J}UpjUYMNipPfz zLVaNzU(Y?AX^)qjoSe+o%zD8}aU*c|7m{ARmpip!lhz!$C6QGYDeUFmc+YCQRF52h*|fe zK>B1yMSdpL`vYVJ^fYNMsbY6=t}2bSPUKZJy|(|UWb!Gc1CdY8v0L!<0kHbrAm0eWhVqG#~0-sPI0j7N%9Qm%H<5loSXFTSTB(i zl`rE)T4&}?-jdM3EOfzwc#di|3U`_k1s+)LK857jzf^^BjqQ%}u23CgD%Q3D{r!I} zyPj^)FRmpN3nWU)1BL*QxbZam6i7^PfVc@bt)SWT3uE>vnMFQy z$3SwBJF~){;J0H(!f#1N)4FDcYL=NWM5&|>!obWVB;U_1-woCnu# z(%TNw;n18u9DNJ;@wsz`ZtI3q5@7IHUGiOAVItS$rijX&u>(k^?em|fK zYPm*NOsg)d9Vrm?I*c0j)t``A@aD+U;gxZpjII>c+)5(#@z-O2!VI6#0y|NQ-d4B3 z!xNNvCVsjTyC-c@IM9py;Fk)3J~2Y>nxx}_%u-)pNL0)hDXKX{#g{K*Jbak(}U8d)rxznLS~Me*y3{Qz?4elm7@xweb*`x;hc zcU@9ChPEWc7YoRqiM0cU4q(1rIx|@?Faa<5}+R6DuGLYtG61$`HQ_ zI1t~y;QaA|Xn;z~JBHF0p9mKEcf4~kE#nmK|H$=zy81?_u%Ag@lwR3Vm|45h2zu}C z)4diIMO)i<9YbhGv1jKu_-id93Iat7GjeKE_g}nt83}*F=RdP+19>?!LrODRC?WN% ztCT{FHOt%jRJ!pWOYk3T3cUcZCg(acz!!_s{j=nwLIb?<(OX7-rmbwjzT4ZKZ=NDn zEhOTl`4d0y_B4|D+*EzLVZzC@ibN$%h7)!~s7KD~LFi1m%qkACGcR zBFp|0Lw)kD^asE%oa;0J-E{xDzZ1teeiIW!WZnyA;-pN^U*V;$3+|DI3&0 z{nV&aXVd++G+lqpf#t%*YP$Y*@rZ~f$p6j&gLSN$zs>JM6{^92USKhz{+=>F5Ba%W zU(vCzM#`-w(eG^UXbDN-;tnp^Z5o}F#Pc426~n{J%fHdq|2GbX2q02UFkZP?Gzx6L z27B|V=GuhF30T_gFimCr^Mhf_0H`0pRs+83zusl=x=_6TY+3*1w{=wD>#KhsXt4hN zg#4=e_l7JC0;nbGiygA?uNUtBKVSc9vqX8YjR~K@9=M5re&fh8IHUCG$>bZiIP-&0q%1nSE4qCj2Q?=LUg-_(`=hP>ck zI5ybw*6ZKLn@FFS1J}Pda>dXAydMsB0Liggc?u`_{x z1D*f&BYg-sUtG8S>~1RHVq3G^v)2C7ae`RGG>W7)=Ubhr$}vIljN((Sq*Pscw6!6zWdsNiK_5NDK&?<}a7M0eEI>@Q}} zIsJTM8DpO%AB~38%w9unWs4j;R>nm;>H_tJzEYT0@x~e=*nNjj=QPNwLtw8X=wMo{ zvRK^fvm%Y;4eQI*j5JpGPI;VQGg=85F0<)LNANNU3k%DBV&1?;vu7_+n0u7~X0A+& zx9(hDzh(cCIN3cVb&LMIuCMqP;#S#VYc*@a84jTYl3_HU&EChNXv3wWJ-+J0hqz_e z!CIRfM)rHp&K&F%C7S#qng92N^jii!ru3qTj-T=HWX9x1-4~Mhoyc66Z+Q)ezLd5cEnf=mm+B6 zk@Xt%Ubgl!{_A;jY(()cMts|2@WlPE+ko5WM|_guaGx7Aw!V~3Bj9Y>>FdpJAMP_e zntk^#LjUW2Kdy*iT9+09{S7@yKv#}LZICc74OvK2J#V7pGT%Ly;lW{0<8|PCY2o0# zzJdHh-6v*~7~JM7HCh!ELSF`yB0oOz%40gj8C130(*1|@jI*9>KnTcUV1{RzpHB4cxy?sN54 zl6nZL)}Ou7ImB&YDIPCuh2y8pC}+MZI3G!F530z?{iHoKE+bj_`P6-0*#7b1hTB4? z^U#j5&dwFb&rCV};icTpPNMHKVTx%?yqShgN_{1OxSQiqCdco%p07N}yiym7<2Uoc zu!hqiom1l-DT%VeY;%;_Cl2z4c9G*{$ha`u;`(zF3tZfGN9sSx&S7nzp$OJE?zf(~ zN3VAkA>@(A{;2ki_u-M2fzsjUi%7<5J`JOmj}d%>wen$k6dzqOe8FPabVR4`Im9t; z4eygjGQuf^j$ToU3_fYl=8YHfP_@!3>HKnrz*2lUvDCNj`%(+^frLS$Y%kKE@E$9x zTnJU4n!QqC&1L74Jv&qeo?Z_hk9C`8U(cWUhx9OJq?KC!v0g5vab)e)65-{DZD_wYtn{qA$`8$hUa!H}&Bqo;Y1^CQ;Fe<_qT>SGvSNxtQljcOZ*=xMsqB z29m9Sx59Kk6~ANwLVgmzO4u=#3_>Uy)y!e0>R-C&p+&_TsD)ZGNJB4d;+)#`~`J zZg_1cAl@!Vv0Wp|R84vP`XZHCq}7on$@I$6nP5Fpw}YC}_?a0)*_a1o(cgB$S3Y2R zM$cnPseXQcVzGL-Lq`iDM3$3dz_uF z(LFB7=%G@p3<6ruPNbC-`&a_PbP~7CZJs8I1Y?2BO9PaT%Ibc>3cW9$Z3*1Wqo_Pq z?N#5pOOR~Sh4l+Q(>2|QMAcmN=WBPs^b>r6Kfzwu2z*fGBq-Pwy?9PgB_ogD36*r) z;JsIbMA*{I+X1fqw2-o?+KoOHlqY;ur`QQz)J4Nq0fDNA z+J;aH$&oSX!finJf6D7icG)jaYe>hS7H4aOk7qvSo};@oEI&_jwHIbV4kV51%_f9Y z%JPOv*7V{J_U7r(!)yri;Zl}nvqK%lHg&Rz0*MgPYahiBm`ZK2vzP2E%QQBxnQ!e* z_l?VM&Q<5oA&wsv6cjM2B~_avYb8rUjz0}|etEft`Z+7NqnfMTbWZfLn(5O_o?IxL z&S&>g?9tfgDF*4q(qU`0wqfg{<}f+|38)XIq^E{lpnL?!4=mZD|Mm)uwYGEL&4L?W z%Lg<^{J$_W`l9sxkP0rFNrGl#+Pt?U4U0Wt-L?M5dps*!(d_3}0jt@3e~U!wnOuR$ z4X_7t@ei}|bofm>@I#EC zA-zt$TR+sF0jSpZ+3(Cs{{_-FU9b8X7qc@*Bqr=j&Tg%tRNxx<%KdrR!cOjHJk(QB zz=fZHYB@4(s3H!>&vtX|$1|I3AP>)I|sN zM4#n_iO%5OaZ0SkIH>`~TD~(3u&NhQ=}4(l2RE40(sj)g0eCpu%2k zJEomcYDHip7n`J%mWTXhb1XAp^24u=%1mT>4*81W^U_>8XFi!AbH6+E%>pB38#7^( z!&c*AHQ!jxuOyAw9dZ6~@~EPJVKaEuz}vq@8XKUKfcw90vn^s*puecgteyETy*1iQ zXKg4gqSSK8az#=?!u-nt-Q6D#-7UIrdu=Z=F7}1*zpzR^{KRR}TR2!0$och6R@u9E zM6$7arTW2$nsnJu$zj6Uag}dcrdx=KenhdsrJ`!(I(TgIEZ{6wXp50(_C7+X(D-66 z8&1QGrx^Fpr~%2}{QkfFNUwF0`)#BKVxHy=RL%hxsqQ)G_@>KKFym7T8v5V@-eXse zL8De02za=LhesyVVIXd`_TB4;&xd7sK=v1Vmkpu`z%j$ZB?bROC-mR;zO z5uGStOz7Q&4QuZ3=0ep>I=&5}ijgJ>58Y=nvFE6^(5(P%LsLCwd6RQ1|!}UcQV~|0gx9{ysj^T6TQ=vxP%8Ve2&*)Q(c&NqMPVVQ+qv zyaUs(54haN*5X|-{&Vg_Q{`ODRNpvmip1r9C>75DT*uO+6)34$4%%y$8N+m!dYDI( zy$*KNLSo960@e_ms=U`Dt@#=+i~%m_O0*AS`WWloV;AQyFZN=DEc$#Hk4A6NzkB_P z82~c*&|Jnt!^WSR*qq9mae^SoaDQ^SOuC6v!wxe$DUF9~5$U ztRU$!d<+bX7JB1R=ti3snw;l!*d%b>6|8qw6{W8!>ze;Toc`E9DATwt#=Tjc?1$&A zV|RndRBy}y6Z@oROt{HMHZL6tiz#mq;+0eEwzxs$biABypyJ%bmVE10T*i`UYxaM{ zeXy|xU82ZrG9PoyYbQ-BJW3tdMZJ%)oG!J=!GFE1@H!g2it0gz1uXRy$gPc*NwNu! z4?)7Y=BsIlp7wmMe+$zpGo9O7)T}ZNsUJLcK7a1ePZ;ppe<||DEtL{Y?(gw|$|;hldkllfDi|5JONrFBHLcQlWqRDcl`hP z1--xt{Li5Mf#au?CXH&l*Tb^c#}aG4lQ&wK)&Qdvv@E|$LV`@S6N~3}V`_`2=*Gnb zycNyeFO7s@=lZXVd*w`uo#pc~aRK}r*_{!WME5Q4!OCNQ(1c;o=$uh`TFEpbEOV}fmJjw^2y*Yh^I8FDO8l*%JW-TAv_}zCir`o?QI*yoq zir5SYD<@*LB_qlY8N1nFjt|KhzsVVFYY-Wmdwz3{+kqiD=_P>~Ae5CRYi=Fsi$9UL z{>6_)^Px{I#&ap2{+5hhsf{&)1)4YGv!fg(?Nz-SAx}zqH9L%)t*(Ywv`S$-z{(q}V?}|SUZQRP({PghAGvpmA2>J> zhavZRR4TWeVtD6i+Boj?pxrCr0LZAdcpoXgB-nD<`#Sb@Sn`!mv@HZE< zPLx&Y75@&3$)T1g{=l?@0`U!I)#S2MUyc5FrmBmcxn2NvXLjCL{aD4!3Z@$=sN3F$R@~w2&S4SY*)J81T9sn2%|ku77e8zHD&O9>vLNLr>wDpXi7;* z$+{$YA&N`FfjXU&Y4#`vPlRVq92l~a_*~7XlXCvfpH^UgVz-Z8DW;I{Ol9kK`m+?|>)SVdc%-1r& zCL)sg@u3He2R<&lj!(3CO^&s$SF-{5DSup0T*LrsxIh)1{W}t(`^hV- zq4tYM56Mb~g|1$^gx77Q^EoKW3C+t(1zRlKw-U~n0<&9yrjE@upR#9mElqFOJgybX_BCq^UnLzZ+lo-RDcj0;IfaxmE33nAs??a$ zy=i51em&|x5Myykl7bC(A6#zPmY|S*dV8^;@xHWIN#=BnT?W+Zl*UH;gDyV-ehse+ z3<}a>e4t#S+{?E`3?z%7B+|#evpK{UO-I-7_NJ>YS|7t9R{AC7V}0+EedY>z1aHUi z&+mz?F>sqt9by(!H@BL9o=@YY9&G+9Dyqu5l(gJc<2ueD!>&qh?^f)%BGbJs-BGfv zRcEWx8t=JNJ%Xw>i`Bg#gmk|pi>%v?6X^jH5EvZfgPMS&7=*RJ){_}@n?A^<3*@Q} zbE;|2k!TT2ip8}V48Wl(M^5XkHW&u3T)Uq6_7WR)M^39OK zr<;n@*&9e}m1jf2*f!op4=3Y&%cyo!8ngOnMdk)PmhqL^V_Rbd3*7DS(zw$^OSJ8Q z!1LQ}jo`}CR!)m7AuqUKekIvYgS|`#9=Z)^{h}@qZzTHh;4k(Z zweq&{hDKE;i1W$d#MvESNN>oVb8pAfE2$dwMAnriGGcli!l1yc?|3mWG36p<`Wl-_ zU79y>%D`+Zm2Nhws8Mwb^NC&XM2$D}-0}n46W@!W)bl9OaZ8nPu$9}|V6vKYyiYFr zN;mJ>(H1b4AX-k)CKbBad~v#Rv0&K~kvic3fa!SCD`}PH+?iJYt~AY7+tkrp67o}@ zD;kIoG*z_%U_e_f1-Q>#UMzHPzm_zSU1zcND(mB(11SAk>Pz>k7C$YC*X-t}k1Fr& zcftS?WpO$l7i(SD$F;Dn(Uk4V$>@|4fE~xD0-kB&FKU@;uUAlKd;gsbyNg?Pw38~ptA>;RW3wB&neD|^*C=pnFXGG#~ zzC_z;0H(GJ94(5wjCG^Yefao6b8;{i@q8Bo0+4?|gZPR~)ty8KKj# z2`EurI-gOKgD{8WC&v#ums))fp11HiWC`gVCpL#Q@_+vPd3(~=Z(#g08Mo69Z)WNy z5({K9Yc0n&mGkbNdGmU!eBaE|r_y6`B)2E4AnV6YodqLB>V;WAka8xrv*7~F)$-)k z5V&LXpoWH9Y0vXJSo-jS6vTg3W2bQ z-@E4&+qPwmP!MX3sbkh8DE$0%q1VyDA&DPKz9Lf@%3*nGwYJk)cCEJ(Qr*aIYFg3xNt-a#9b(3NT~jP}>aDr}`HzdX9-e&_I$t-G zkBycmP1ad`rigz*RLCE3_xdaa`>86fTy6&JH`Ulnd;aI9w8LwOd_5rmfIY*tL~-(oQXY zZSZZLo&V)23Q) zn;!!F#5a_2)Ng5|b&Hkq!+S4KaR5rsm16O#&#(I&ue&Q7R^XnN_`%4?RgADN0y$6p zf<-QZ+sq5Pl^$&!5e4vxIndS)EaBLg0}nD7%_j@fwvM=l9o3D}lTZ0lLFD~sWAhl) zuV)k)l&cG}vQKur#F_wPyW1a<-A(uBHj8#C0bGRIr3lVrARt6WD?a&U?Lv3#PH!Yc zp~uD?AO2~{;{W+zTJdL!==vXG#Q!6j|E5X*Ax8Xb`TW3)@ zs)`L~YqOGw1D;G@m_WvqU_Rn@@?xx@3^M4j=b0ysAg*3Du&5BEzq1>^3vt zlKMuN3ilyl3BTu<{8z`T*p!44NIy2PJfe!vX|ZXjC->624}{*I(Q`3%rMDi!lY0a;>Uo3Ar+eZ@R2` z->hC2S=ojrR*X*$b$P?MxP7+e1q3=EsF(fPZcHd z6Zm%SbOhZ0V^)et+c0vwQBJaEjI!}On$5Lg`jo&(VKot9J?+g@ybS^UXMajEcN`RLkx~ zw(P#(+T=o#pP!y^8nB#5gv$GI=`W02Jh(eNekys8yNQlg@dsB}xgLKD-_k)xFzk5gkpN%Y*b+PsZYxU+1S(j=!ld{NJVAzx@eOo9d}VLyfe17kTig8KmW8#|{{eP(~?toeJDzwESb* z<)Isp0>Q{}%>}AT0RuSIS!m6Tq4K4aJ;nKlmj8Vs)x?AwlcOolz(B+MDpb>JeQyG2 zFahHFPPZ%DT7ci8hht9i`?oQxP?;&8=Bnb!U(CXM=;g38^_ksLCB3NUmXPbRzurQqD3vSfgOw1x1sLI@sifj*}+0J_(A-H`9xJ}B`2(n($5!~m7U z>!33(?=^N!rD{Qy(;7bYz(0DlD(;Q}q!?ccDeXHj3QOQ={=2$0ES znrh@k0Nt$XCOrGqXSv7;fCcbvT=fP2hFcb3j{1^f3=HPcJYxn-wP)wTIPgxkMg1fM zd%c$4sz5&nB9J;;|4yC#@_$id$JDbZ{te}70S@Hg@vP=g8FCT+CXi9-|NLcW318nx z{<%;^db=?YFUkY_BC$nxt22L!kROlQk`HB0c7DfX=l?sJ47j z;|rFa3J&|EJl~|i=ek?JjQ_AwTdDM0N&~|-13Bjae)!tGs!I2)h^R&VwaB4-rz3Pe z_ibg>hOdHuVi3mC{!NqX%CV+hDeVZfomW-C*Y4j`BNG7FL(A5R{fS`{BALGsdtbgH}M=j52f{oiXgd!!0o8wU^3nKp6gtD6^C zPBuv6K=iZ}+_OqNzJzeiV}t_z>_?qLJfM_53`7h4o135R z!AI!j*6%xf3%~^dH`8PUX$dzv7n!Ir0Hw%gwnfReM14)Yd9uu;UCrO+YNLBKRBEd<+OVNZynC>B<2IH1vz(M5sZ3kLSfTob$LTSTD+k@ znDEo6wSfi9-)nM#&GtFOo^U4CXI7k{z?JTVkKkDZ-8Sn^iS8b4jeARAKmc=fS_5Se z4&}&qJR=PSsxzd;Kf*6@s;7Ddww5|#cnSs<0*YUhs(prp$fw`&4c3&T=%e_T6qxK$ z+#zBmmt#HV&j`oA|Cz`gXs#TdbQ)iL7DrXLQ-U9Dta(6F!4c#9dyQH{TeK_`3DG6M zCW%}?Gn@HLvtaYpy@fTWrJn5rg-?We>c1c%rV+dGhS>w7+d(RYhA2B0x977Mx3Hc! zHXN#H^$qf23_5xWE@83Ho<41NSs&0i+h&({FdMG-s!W}!QHXua*sJZnSX|aRI=SFe zhF?LaQu)$>)BTt&mO(>o{pGEcoy=%DNfhhFT;G5Yr*PB(t zsUZm$=LfUmuP}&ye5URh%RgYWpk4RO!mb*b7vwMAb;)%(?xa7XO`rycWK9RFqA>37r#kk`=Au@qzDx?=KQ%Elvm#*>f6(FAGh_HRo8&Ly`0 z#{1`_1fMZ`)L)Pvui@thIGUa(o58*N`?5D~bty*hCh$VJsNi@R)UVcdA=7}mJI{il zc_)okdUVP}NK}OC7FEBLmCbbwcP*k1WYeuqvTay0wck>9uG7tMFTCV?Z~yK6o$sHs zYo#a5hD*s+TD(Zeg}juT!+YWD42Xqwl_sT12NbC#qobxR*?MvCCFM?hmjr{4^WEDB z>s;RJ)=XNkWTnTo@6#aRus9~84+IfK8`4NN`B#4uty0ZmAfreTq&G;Ql(zQeeqCyn zwdk1h?oPQEA7AD5qDx&ggNqT(c$$SB7>z(h6_t1-rt!-!-H81XhJS)brDx)g$s&)l zWR;9rBkdTMVBGBZQM1q+c-u{Ad$ z$oPv$?1n!#t_>u=iG5z$9SN+YfOjX4IKU z#?dAXNCO+b@BsRc^_N>T=`7=(p~A9GW*(DD$+_SW9tTJbjmrfD&MqYV^AeoLQ#UAr ze1y`s1NnNw` zcIqJ+uQR;4MrCGGd?f2t47*v5>jA_H0-vR1)SgdH1ZH^~{pHd+up;fyi%*d28IFEQ zBONE-YuFVN^-kCGVsG@^hX3qJZGi`L?{lKVMp1gi#_`5*zFH7YrL6Z&@5c3EG)+W& z>UkNnx=2URY28pRg&N)xUJ{Q_PC$4YKvVR}8g9Al+tTfMZ}9%QNItW;W_fr#iNn3& z_6vZoj8?zh8lUHRN`v!`kvi?nto>Y}?w)Cl4WylK+^tO>V0rkhn4JF+Xt*MpJk|zf zjh}#T=IJg{Mz*&+W1QzZw(e!u096)hD*3OLZU$9yI<*HZbT|jIhAuQ_%GIsT^h&pP zAs>|z(#Q5+e*NAbU9K;31=mIY26q;HoFh;JqkBG`7mz+1m9`J2x|`2apUlGnR}TJ9e6)$ z+x!Zo$syx3@7n%A;Q=|Xs)IwRIHD;}o7a0UfLv=`$Ky>4aQ6Tb`zho?m^YOhX8`?j zSa|X+;Qn*KrfIJ^XanTZ&TC=X;O?!4Mg;$XFueTxVeh3K=sk5TYOF>Tfe=7Z&5ArZ z&rUY2P*6g@ZSDp8{=l*6<)XV$Q&;EeDA3l#AC5YDnmZ2}Fl6otarwH`6GmUAC7E1j zJNikXY`Tmm;$XyxZo4czd3RFrAi)S;3$Q&-dwE=TVG9R|z?si(&*mqWGO7H)fIpz* zWOg|@H)1zubDR>{d3Qed>iQf?xi|TH8_B;;GO6TI+S}g~#PKVeMbHwnA3)%QG*)YB zg`Sx8O-s8+$RIDP_=mD|;3l6!I;F6P35qu&i;CnBaQYnzx^<(Q{7O*|??zN3Ba@-# z*i=GCvU`BpvZblrTHC(2dpI`0a`ALJw;0>TJ;D_%7$-<;KV~g-u~Y0A$@aB&VLqkbpH}q+Q>Mg9=_zU0-e*%Zg~2X zy4nSb9ZtbMvIV*@oi)|Z91UeDSUy`T>AmR>H>+@k+y_Qjzl|*`D=6Y#(8s|Z&^m01 z^Eqh-^-naf8}EB{hoI2OrTkFS^R=q3Qp%T2RWw+!Iduv9-dWQ7se@RBWXOTdm;8`huA8$v|@J6mfoIES;P!ASwy0ok{ipBrwPd z>3(>1(%?WnyIq0ahA5|3PN_?o#zjVEnI?1{r$+^W@cFg89`kLt57U{fGO)tMW`K3) z6yP|IXFADwe&)lOFO!IzsEhEtAkPsG!k#V5owu0ENZX$DZUZ*kOX_u{@fhsgIo&M! z=x&X)*4tXK==|ZzZP&97vdHN0O407?Pr|U9(0L!Tv|_`QU#nC8M&tC6OG_W-VuWKb zKI3_9W`tkuek4jhOB!zg$5iXjc8nyxK*?oFvZqxjrac%*q&~7>@z{KTfPf>~pn!E3 zmDoPO5BcT47xjK-WIPeCXN}!X=90#DIFCSu7W4HBO&0jK2NAO|F)=wre9lT)M_cvb zWPEKNMz@i|EZnrXjXuB82B5n$Xttm zjI0&II!EjtVnn(owu@phL}`LHamWWnkhwHj@6FPF$WMD<%lPh2p8#EQdV1C7(_CWT zj!ms^&>{!}=B4}e4BkYf>RDUK)Vp%>LKE{zi_anOD%(UpqqsPDL;I0y;zFxi88d@U zQBDMTs7hJ<{i$@d!EKfCo9X;C~ zxc)w3urkq!XN~RnoX5OQLvxOj!w_6SH&a`~#d=}p1-an93*#e$^YK~}j{N~g6}!@` za~my?R%(e(qiC6oSO1-!gj;eK%j^(NSg?NrX46ShM>%AU zt%OsIyuVm53h(D)ah5&tTvZ4B=0Z{2U|OZ@nWxEz^V`N30RS*{;M>WP8I9jgeZY;~q~M@v+fqM_J;f2xUQ zXPBYeb8o=AgD3&Pyn^2))iR&~8p!Z@zF9{@2Ay;~N$ePeeU@a_B1{Hi5eI?~*160# z3pntPA&GuA^T`UlJ$`K;Te&QDFN4o}$JcLbnHU)AK9b-=oYup}Bq^CjB-6cZ8;!k_ zCaqM<@&>hP^R|jX`jO1!%9&!kJ510MBIerET3_AWhQa49B8v(upo6opx)!<=x$n}q z_qFgZ_XzlQfkxBvZ2{+W&ZTChI-!uz#zV?aOT6uzOEq{CA5KG?K@e@Mj8`Z5Cij1A z4Cv*g@?Y?b`5Zx1nUc2wAMs5)(_r_5)OkBVb*y|L!92cp)ZN{A4J5Ez(GJ^V*>(MF z2JolMt}jU4)|pHjS`7m+LV|<2RKKemlssEX*|eKKrKkSOshAV&JJINLwj$R*T5Wv) ziHGZsF$$|S(X88UX4M9BiR?&w!l7?I+mSHWc}~N**R*Qqni)Vz1v*|(cV-GkR%#qh zRIL{9U0yzBd>h6^dz(C4GJSH|5!tE^-MZa`R8`ej_RwbIP=~ja|4HQ@_Zy5O?%tQ(#KR_oG8aNWyD>{3As3J-5!sFsUi z@lVI(#s0$_^V6ppJ9noY6Pmu8@*y7ApT$H za_@V4TWgqG<2#BKduA9kF#)Sbx3h!*4Z+@WF!SS1qlSaD#u~Q;;ca-Iz32EokmvFN zXPfI$lRQ@IB3)dj=L>Bne9S04MGKj2ZF_ZhyhPw}A9@Bi+q3-{5*sQq*%lUY)31Yu$>NwbZ<*wV3Q`3F&lVN*md$n*g%(SD|U$ zeS}1_WIf+DEAY=IyJb`zQb}NWb`{wbRVcPQ8g+dLwW%#10M;yVdX3eG60DK_ zNqx+R#onmjuuqLoEy*Ws&Qqc|e_!EC#Zy0J}r*2I#OE8zoxH0MGMh*OCe%I~X z`l=!6CKG3fX&fKb;dR32zF7Wz=JRvkDyPqQpFND)pB1McG{Zl~d0o}i=rvBjPv1s& zPxwqybX#K6{U}}6*KuBvgxy>zHz-RHFe$$L%u5|MPUxtyH}7mjv$J3F`y9KpH8Qp0 zT^okbR1>s-mUga^g@V>P>ybPet!k@_E;adY=5rdc4M)^+$}!icyEy?Um^0FJv^2dB zViJWrBhsWTiXVkK|R+T0SCkY%C0Mp}hb5@OOd@`$!2>szO92Cz? zUpHX3a?u1RNlUWq0f`Ab0;o+n+$0)=%EftoZg9_E!4tnvyud2~VA$lPRCMZ}ZFCjM zK<`wpe-oS5A|c8=KMRIOs@vQg`klqLI|Xg#anU?VWC`jos~>*Wc(qW;jQMWqF9ZaZ zjD~_QcVQ$^M}X4rjG^w1iiwVP%BG5o=6a;}l!8KcOU6|W5(Z4oPi;IK=~c>Ca_jK9 zY2~+5Ix$OD?_qJ?%)9)646O-s-4?J1`oJfs2DMIYE`U>uO}wHEAEj-z1znXdHshSF zsVz(uIbHD@oTBLv#7gTCuMv{24eouub~&}b4f^r+xtoS4A6VDh7D6`BTPw1uBcTwFT(D0Cz7AgtRTapt z1uE*a-W;E2E-^XEp3GrT4V2M9!P_T9K2dqPv*=ESSIKr^HMHjZEnjb8p8FHgass9V zJ7c+ZvRz%%whlX000f?S6`NwPsd})|#gu6`OQ7PAtES*p^EmCN40Wa|ybszbQ0&66 zXvb62(~<8$)k_!<@>=DwnXZM*n|drv>Mky%o_2rBZQ!XjY5}!6cI~K?-ncO6)rN%- zv6!|t+3x9itbhvNu&NT<&jGj^VFH10L-A6DXE4yo1m1n4PxxLeNf*oLlsZug$(W>V zF)6G3c;q!xZEHZD&s9rw?UtX2=L7CX`}$Xk91u4O?w#F*)95D}$-@HK-zC!o6i6?& z<%`uQiHotklD=9Z!CljF{v<%U(QNaw*a&ATQk*=c5wn0QZgOLW? zNKuu6fI2@I&(fy@w9rE=&i~==@NQa2ve4s4Dd9+nzl%$s_rKXKtn;dXJd8f#rzolE z%cl8y&%FlPd(3~VZfPEESmr+^(c#9-=Qfy!NKJNy>SX)hGJhbQ_i-!rxv>C`2Wb^S za)>nRs?YVvPa1%l>hz4;MbGaVGoRPxC*5ss_4VXECA-?-jTV46Z4Fn{QS?RaS$PON z%~Au-c3!e=xvX3&n{>ag&XW4ed0@Oe=c2uSsWYqT815_56)RX)*R|zV-Ffl)Hj53As9_80YgV^8>urh%3 z1e+k__toF8(P2Ch-KVsT{Bdj-qn`Xt?t@$i(0D!g_iB=ZgnVsVz%6NuE}|M8pFTHw zSW`Uc+Q9Q+cP9|7>?OQY)xgkF-EsGC~uo0Cuw4-OQZmL!|UQ1`FL7 z2k#N)58qX`CgJm2;l$+F#wy2Qz8qcy**_4ex)#q8HlPi~dV^+nT5 zsq71xYg_U!NYXk|VuaOsog}t{(&I>0Ok0#j!n#wHmYlIkg|yWGM_26)mA$=&rfHoOUB%r=#tu+<0#qq*<3=t=Io` zTmCSCXo(?Da27JJekRBLL+6(5#Wzj|4M4$={O`IqPyx1n)hsBS##pXcyBtn9R-Qq5b+?nsXt%W)vIE zIGAP-UZsyNE74D*G^HLOA6qeUkwgl@j;cX>)x-Y+7OaXqVYxV4Dz#w~A7bkSYsrqdQr76o&${fftWrjm&tb@f2d&GZ== z#*|S<9_Z3xk|LF>yE}DeYJ42!6$XDOup`QYaT{8FB+*YObF_J6ge-&hb#FF!+aziD zAx((UaVJ|;qx=m+_o^5hR~6*}_o2wJZEEbYJ7!DUQS``kvPg>^Qw9IW8*j<5M8B9A zR6d*IES$Zl!N5?5KK1^Vl@D{N1}Rgq?TVK^bw+gUbw0%>WH(|z59LwDJ(S<)^G|+! zM}Yi>^I4d$J9zz?A(2Fb=jtr|wLtn8t41Q7Uca_bLZ2VPNQgk=sAsZz*Qf*lmyNSfI|YjfyQ3oR{$ZdF0vSx=#cXkx$orFe>GExF%%zsq8moA0BVi zeZ7{!d-|6>hLqIB;=U@Pi{<3Y;<&*W&sXHUA-Rk#ibFMUVj9{lHQeYk%226u|7^Nv zlSOykKCi+_$2;Ggd~|!ps>%ZG9UN#3BoeY6RRlwZAi__Mzp>PNUExek&ty8TVVF~^ zX1U?x_a4yD81;osd*BbIV(>gQKed0vsQT!KzEdaH%k;3Xx2W{*ItIyWI{OaheVgG! z5YIrj57(Ax#82B%R2Zpgt`OQMO1cV_Dqc&=1$v}G8Ug7%s1j#O$HUmGp3`Ek+WLO7*Bm-qwhfIS1WCwcG}>ynSZWE*z9r5(1;{J z_#|L4io~N4^;@^2Axya<)bGZ7trJcot+qV2rJhTvu`zm1&2eI#<27tS6x_5aKA({$ zsdGv={5+C+`QV3IG54pVFL_=pN_l_XT%U=KWDUJLq$0=;2sjJCcq0xI{ZlwT-64*2=oF(g*`oD-UXS7CEl#VF3fhT4R_!TDLb8I9+L+<*k^g+M(?*-$SaqvYy8qLJFt2fU~C1`Lj z$eLe@3f6#Me4SC+Abl=mH zU*=@NC$jqmUW7cIb3X>Jly?Cddcoc*GqT&ky!hv*fw4QQe;s;W956PrBsiiXoMpmG zLm$XIz~iTkVN}xGdb7`bv@veg_vY4d+!t)v>NSb=^ljyA+YmYc0=uUx6CjSSp^RAv zM_)6yjjV(guG~0Jx5mk9Yp-Ho@P36iOmT|u^T`)PMJv*#8^N-2@4L0g^M4r@uwAtu zeAnW!*ML^>S7r|Mani!gqF>D!9?~FOIhze=n8+6a33-ON* ztM6j@X$R7(?rkt@bDR=C&;C0A_>B-v4-r+bPBQcKET)LOU(ks_bC)k@sB9;h_Og6; zQxFhFzq3>6uLFIqhA$#h@?GfIMmVU~?dEdzm)bYytKuEk^02HNbl$3aCgJ?b6*Qm(hG5HX-E{u_9|(B#O-y0USG ztIp5QTIoUuT-iz#652a_)%n4OcZ=6kq)nZF&rhW76P3D#R@QsD$74kr;y1~Ay{jHz z#;kZIN)X4s?|vtou`5&AM7Tc|)WH%m4-D3W5iCso)0 z>L&aw`ox8y%DXpIXmx>cm=^2kbGgcUnr$2A5Vi){-5h=ElA^sUsXw%LRxSEPEP^9-vw&vOPGrg9lDWN<7c#6J7 z7Ixzz?1_K{>@C=etLFJntLBj?dAK>SoZSb8?SNu%pw6s@S#sMoy~P2w)f=h?4cMc>ZJ4!Q(XWx7ryAxd5B z(?=Q^nFKByiq+h3&kSnSeTK0@HjUQnddq-Wfk6k^R`KWcOt3v}N9%H3%I@tmW>!Ti zIz6ICjQvCe{=>>_Qo;bH4~4)bnAM8bJinnIaZRW$FQ`v)7@!(WYHDb z8z)|f`$UJ#2i19dMrK#+XMVuS%3vKDX6h@SK6aOAB5%OYWtB{2eyyp;RHV#Vo(X>p zzR#Stg)p4}y#1dTyFM+VtZnV3TBu<;y?&ro&lmfvw*H!Xym$Eh8gTRqB5j2k_yOH0 z+1LCBt9*PBFUh+HER;SUhv7Rp?w#^7$PnO0HPV;dcwoJt5EdKW*Rj`oTmM7Ib$6z? z85sRSflgN#wWA|i;s_2cL`3XBl*}%SC#tnU?^%9@d7Abb3+*pDNXLwe zoGXX?V_u%Aj@$4r1$wOrB_NxaWngR?mG#w&8mTmIF3aWM&qe_;FfaZZ@c{K#JY_g? zW$VNgJQy2Y5okb+<5}n$^KHk?#P?A~+YbG&P`W$iAzZe?3v_=g6dM?6qWUZagRm{6 zoRi0y=gshhdhWWCtn^skK?3m=ZE_2)JQ!r{=N26J6_qR!T#;p3UYgQd~5sBkx4n z2o_pFcxe5jE;A>h_L_GNK*MOpZO{C-fp5yiC#$2tx>$ZsRO>Kc5;`N}TQctZl255m zR;Q=Y?~p(K6@VfqXlT0x2nd+>k&k!F!iz62hN`2E-uPyB-(Q*7Lr!f8AK&3vC%Vfp z{!G1rmrYOye($Is;IL>B`~&r#cO=`z1x}iq5P*p5{ov1ROBFQx$&i_ur`(Q3 zOq_Ouk8kzEjo~YuBcKzz^JV&2HAueVsmH}unOC}i1>$iqfwz{s=gOWXT;hd&5Z%3d zn3hs6MU?|XV(q!<@s5rh)ayL3hEjvawdurBSKiZgjLhSG{v3pd*CM49f1BeGPI`E@ zSNcdUnIeF{4*!S)!9NZp)Q(EY^-@)pP!)tBej1EF-8ggxjj>>t-+}OfWk34P_=%vq zaRX=pa%{z|!0gB*b2W%cbL{zuLBN=;UXk^>!IS97!C?xv$3+$#@>10_ZiwA&ZyJBR zNLBL5M*B0BhA>4Ur|m}+p$k$J$IWsS!lfz2zD+vKd`TQ$Ix;S$`N7-W%0ZWle zF1=fV(ImT99@G@h=aVMAe*5-OG`ja`n&bf@;hhGtQUkIZprNwY+@+$rxLEqr==b*# zH0}S)gpdIb2xyi=G;OBOEe;SfTpaF&N#cyAyMGufQbJV{GkZ1(jIJUv3ZMVe{)3&#Qi-XMHNN;l#_OF&mfq-CiO&$Jps^1btr$=D`9;vFRyjb& zmu0O_-z~q(5qdqcy#~)eu1l>m4_0KIvh$POT!Dk${nBY5nrDsn6Ny4Y`vgDwzZCKx z@bXWc4}fMC-9UZ-piUIyIL_gTnnV|UMFVWCF#0YMOq2+A6)lQi;I4z)y`f&vP0J?REkwPcEKmHP%QG@ps57nW>2kIbt9uo?((X- zj!G6nYOj_1xiUbuK?rJMmM93E0+S)j8&4|;db38$FJD{cCP=hsvc}iWxIFTeB z!WlUn^x<+mUYAi*yo=AtI+?LuwkJdzBT@})Y~DXppb(h1mluUmXw|{*NlQzYsMkJ9 zo)DfU5IqqQ$OHtd-~BVJ(eLhvkCgqx5bozO`A;g|f#J>WPv0jZdybt(7LsK6qDf$t z0Z!)&Cl`i$-5VL9!(&n19qt?Ga~U&7MgG$D^3(tUcDeGyB-IL7MrhCi={TwWX$ z@8)HI6L~DgI`OG{1QN#%W(&z5+CnBuKUTxMwlL~r?Io30pS;Dv8iCpfpIb!2eBR%s zfazRJXKA8)_D9DoK)}uGRb_%Hq<8w)V&=qA^j$c@iwT%JGlIYRKBfMU@5truAN!#@ z#Q7!;AkHx^dwl6n3-Y_cGI^~(Hsw$-xro%<>x!dDv3Ri%xpX)jRPMV#A>eWO`oL@w z8_f&sMbA~r-jvnESLii4M9FH_?JOg#<9Ysa(pJ!6XI;kmVy}SPLhu)MbdJC&@bEVz zElSxR;hJxcBO>@yf2OA$8AeMDLxP@L%?R&Ec~&I(9QfQm5y#n^^@&+ovlOA~x$mno zkjRPD=yN%*Uj-0zGkfTopENhRSVYD^={@$IgPtFaZ@awtz8FfAPHi|U0Ti|n5&6QM zE*0lMA0AFcjRWg3Us~^4yl2WEOnFbrX=MnP^JKH>Gk$NQ{`$@rlHK7(q+gqyXvI2D z)8)XwCAy3@%sWSll0mxp1;{oq&msG#@;?eA6H-=EX@_7jw)#9|Am*FGsbFJE;v>_Vh*{W_6Vquis?h~`CpXW@;w0dZ+?&Ijdl->%Mj}d@!;YM?~F%( z(*8Xg;e3BOJTX(rx#$Gw!BTI-19)<3*QsOz6hSx?W8k1`lif@7ckm7go+my#pO?8e z?wr%2%FpcBU(MwCiQvB#CLA^ZX%LX8B>|#)fM$+^MWm*tT%?VDFy=)Bi~`1y4a8s= zFT_#A<1qaT$i*y^tWc2~oKHm!Yo(4YI}H4@N5=Xw^JP=o4*i~3Rvh!1&5J1)Y7%I1 z*|q=Z3gvKd5fs2Bdx+t_AiFn1B`Bz)1Qc_4yf&%kPYQ4_F)^(dYOydkhR3U+jdcD- zokJ)x0I0!(&^j{8Sk_pW~7~%H5(ae@SS92?RB~@u^1R z2>V88{(XN^T|~sj%ETs6N+~bf6r}lDN>;S778G+){msmu99Y%4biW2vF!0l<150U^~8g?xVR)MtkhLPTw)$`R?WIIwuZ)lOdpLqufAwPcvpGx zk9YSvp8mIVO9a6ikl?9|?n`te#4>pi5ppU7|LpGr#k?=NFfN5aTEQx}l+RS$@o??! zo!hPl@ycs!zsmaxccw-7r^vUm-8`NOjon*A_U2X4gMOpHO%SrdxIxA8&yL0~)ol)W z;&W>+eARMJGwdv6ewcq~d&0K7%xtKiuFI7M2Y!u69NhA{ed)ox#=e&u#XA~LH4i#jkyNz z$MhG`4)B)phu*_C)@i%UljO(}VHBaXX)<^~#0f0#&Z*v@ywe$76ySXU>I^|Q+k*d} zCnA6YD2u);j9%5iQSaS@!>baCJpM6(YZro=qCDP=dI;ZFBogg2M8GR|<8TdUBj%hS zlHsV(r)KMBc73n&b^alyYG(*d_r>$V+Dq#SBHXS36j6GGsD|DBWRislE&Be{Y4UUa z18UC$@C9rbyx{b4JpO8sDWo=6<+Deu>sA_U#8S7)?CtQJ)nuiL=8d4+{tw;;HB&*IEIq3}5LuiyH(W7rR>i#TC!de)L6z>6(t z4)<8uY2IdV*!kA@!bL*c*GAwbAJu4u(wek`1^hfDG;}4_xAl=3mSFR|%Nd_-&XV7I z?1=X`#-PazB8`4!P>T1IE}ux>5(AeM&1xp(V@ z`RucG^A2XG`w+S`=z?z-%0^16h1L&Y*C~g5p0lvb#D45KyYvJu6HCy;WZQ~Y4;nXr zyqzV8*LeuP+|jcnmpgD~+@ZLbzmU(ny>S{2*+}=Uo#);9i1|^EEZGh`t{7hTwVf0l zm+JcfqMqEX0DHj1^#O~ZXW8@sd->tMFRx|f0Jutqpr61-dSQG*J+s2%D6AwGt(~Q z7M1)_5ZU?80Phygt{luz(UiZ?uPsl@I`R4*l!k4sxNLb5$(MjG)k9*pessuTSSNcq z;xqM5I0%^h-?Uku-#d6Qn|%Ogv~4|$^O$6o?XdOSCF#N9rSI$C z=t*nbo!g|5eu!Ie^#pb*=)-x{{}!?$$4BD|vANi7W??89`L1s{A>=G?=|k(yEj+$K z;jqe9aUlfFK_r6*i$V|Z2{0Loa7=t*mvq9xqrSeXroILU{>5d@PbM_nAn$fZB$p%A zbUruF1FI#GF?2+LKN;UA%a8E?rQCkY*4zdW5%DU~0l^>fU4V!O{hagcUWMg?&(Tn_ zT{lU7I@#Ju|6}bZTlrWy9mrdD;B-EkTLjo`R%O-;CtF1X|K%^s^;W0v3-d{xBb8(Y zgoYXyv!3lKlfK6hVr@y_shF=P#YD@IEAb%}_3)f>H|wc_U#odI1?zIAC)mH<_8FCX zVZK>YkKkXuRKq>@h_STV(d(#dgY7ayblUN;O_PJRN7s1bEmU&haUI0V=v@6wLcu{{ zy#wlfeI7ok=gnzLaimk9eSN7qYyEgbm-Ts-=g}eN@)liMfl$nq#_h`wBznI1tutU*&suwoo()?Y1;i#PzJ?X@PeSI%%d|!JT-K-Sa zMU?r_5a7O^+ z$UKeTUS6&w#j`jz_F$MeTr}gD4n21L%6qgsI?VA-1|Xjn=BIsv?za?A@Y>AO23J-R z7=mghLj*78`1x2CXq>z{0j6Jv?{%r`8OnQXL5}<6&gP~UFz9}`S(?{Vq3g|#0iV{E zTcble-^a;z6)MWPnzAw|&*o(V`7B$m&vz)f=dU5rgg%vqE4+Sg52NG;h{0(UQR(^F-f9%3Y zZaYEa)C5i!RRPx@O43RU8eP$r;uvoa}ShbK&lC zEVSE)FNd-$*Jnq3vNIbh(J=fxI|*@?E@`@S zduGMebEsUuq*rJ!etlVJ_8{D!e>Xu;$Y#4*-4?u--j9rYypr;cC6E~RHFZhdSK#iAt;e`U zss$*4#z|j`?@@YRD$E`BSQ*aMyIGM-AN)lE7(g*h-iI%$94_RUD>MeTX#me#DIoZt zq6klUoe;Z@Nru0jD>w}hVV}Xp~t9~2QwP;ZjW5%J@A*66C(sjCKV&lz-upE2OR>1z!^Ehb3$Az zzSm24X1Lv7vK9$mp5EX?- zYkjx9=n8pq)<$r%N09awGk5jYr^jPgni#3zL002}7KeD7&@#^l+2!-YwmpFZP51XE zVEf`UD&KHoEH6aqd8)g|5Hrv_Hskm+aNbC9yQ6`NuLI6rA+6*@;YD0QYYIcRHMA;a z)VR|F6k$iVKSPDsOcc3;x3rf`_nglIYqLvq2R`B2S54FROP+OB*Ym;>i1FIk_i^3N z)+ULnT~{?7{pow}U1nf`FdO3XL-`l7I_Y-{&yBUH5K-|o6mv~><1(FmC&Rd;iY_O4z_3c4YVKju@8S>l1Cv9Lc@ZkipY^vRwUQbJdtfO3I}b zHF1jopV+3|Seldh=g#{TP-#8ZVVt0=7G=J9Xpz@&IW2Z@=h<0<^7TWy`Uq&5fW*mS zozUUC3E%;*92-t4iW~LIzX$gGrH_|o@M8d^7_R)@(Mr@;EOFqsC4HF2@IOX zX<4M5d?4F)0aW<&O#k%F&kFo**n$U&iK$7HJjmbgfJ>4-B%T5IEc(f~xN;Jsh zK>RvrpI80t+iQYN&~mIkBFZ5Akm8Wd-_6CKW5uBV+KKa6Ag|GUfY5sSwIp{>7lT79 z*|=DjaTnevb@J1%w>$hw$K4BAN!zsmAcuSeLim&b|3ZxO8|?6zIm8Gk9X;McCg__H z+R8mpZvP7GaB2>>TGO?Z@@EP3?qZm7;Q}zZ6c5dA-uw#z`xDy$YrR1c6x?DVVpADN z!pr%VhrsiPctP}Wz{k77;=9DZ`}depL(y-&mw(xui0BSp1^4MF_rTD&xM#Uojj>#$ zk{sYFwanBi5z)mCy~{T-FHh%S1|KCS`9U^pL=ns$6iCIDy&-U)6vx{HG5~sb0?>N+ z5bbs|C#I&H!*WUHXNib}0Dn36EE)*0QH_W9z+2BYn517} z{&{Y(f(0|mSuiva5lc~c_!TUd#0A))L;t1_-02mvH%`I4JR#Q$d>~`|PeC>5f8BjnPmnOFL!qx_0yHU0&iM=e-!8kmbn zzz(jU??dM)Zp4<~R>8bnNfRx23G1J}U}Y1*>{-BDLzOJw(&FN_d*y;+MSx8qAsAlY zlasxS<&t^<5~MdM3yI?5zTwl9euPoeWn#48_3Be1FdF*rG!FR{Ea`$@yV89~!sVY1 zvY1i+7i9hyWd0ug{ugBaMy>uo2AK>pqE#1AtcB0)H`|1N8#kD~OnKh)MbvuEqm;u5 zLstYfg_$}f+ypyqZ;k=VKAs-7mVSr_t`YsH$dtzD`xZb)fRDirpUJTU9~~GN$h)H) z{G$;26k`y)!_ffdC5Ve1tmE6E5t*b{d(EYdR z^48!6wmX3Y7$gW=$Cpz#?Gf5QeWe4X2C?F9Ik5B1Z_F9ZK@bKgIB53NUlzdp{X>jbi(r5snQ$b|VnYqFp?iOqcYV%pru&^)b`; zrpGL1*6anp#Zaz(R4^VPL+s_c`{WW7Vb>L{`!^S3u^~6a;v!mhwQ2q!z&A#{AhycN zv967m^Vi5r{Y~RN*|}?Xx*K$Q7W7{}MLy|~=Ub>bI9w^tjTVF&1kmkS2e_C%u97@C z*1A<&)xWtM$Aofz0wU)M`3Xr^JH(H&m*=Us3-{Qojq2q~pEueM|6pqx%s0|$8$9TWb)%oP%v!0K+e%>)b^;^dGh3_@F>s< z1p7=nKQZi0IKlVQsH9%Ohs6)GhXn;rzFk)icfI#*RM>tdwy-06j}$3KNwL5A)!VlF zW}3;N_#G{TF6Au@a_o!0zT$YcdOvc1)r90`m-J=lA^_QIW-f zzEVXZ&8`Ccw(Z_fyo1l>~fQH;w!5+I5_;v z?H3yJ2$^X4YEG`Z<$6IPzoQQ!{@!~3pI-$6NAV7BPj?IfzRuyf%S@Q3%=7?q+`_|^ zJnTZ)wk)MJWk(lIm(2wG=~`EdZwI2-7@_U~OeoJ8%6O3iAsp{l-Z*qN7ih?s;ximp zxCEQ($i>5l6i`=~LsGw-Zdm_qCXj1D%LBg_?U;a=lf?Z-84PyP(g0y=^ZHu8U`P>T zU80RVhC}@&4Llsq)hz`dApKl;r?A!hFXw0gxjvOdQWO$uCl(cQ-U(; z^I^ItKgf}rOt_nW0%9dwV-<~=S%~&BH3bcM3ZTE=e_3b96ajvP1DqN(N!GkbL)G+?Pazn@EchJ957KN`&$88*@|iRy z;Ozzb`T0o??1kdvbJuQVYPrQZJZlp*n%+@W?C7@y7mXLSO&c_HZNhStoo1%}-!|EI zO2k+x_~LO_>}+XS755cbIS7LDQ4cZ1;x&gDBM=$ZcbX6n5=Ux znk2)UsSi`k>C>=Zs5z2u(odG|vuv@ni6pj)4I{QmF|1{9*NTmGZK>0-$caNo*MU-` zG@V2>F=h=}f)bTYZ@)LpIJ(a z_Zu*DW37q3b5mf@Y-SMQJJL|Gk`r@)K>7O`Uh0(8Jo2QWrWiCH7@JNv3J&aTupMJU zQ9zGY4Ea1XQ28fs>FVFq@w8|Kxh%x(5Ab!?yTOCrs~_zKTa^q6lnl>ThSc$E8k|QV z7bLTIT9Mh8DfTCQHoI~x_MB%w`0^=AYbhC=U$Oe)d5-qg%Vk-jRLnud^u{+{tKl6T z{#C5Zvz7*Mn}}as2hqw`)8|gPk%In;hk2u^SFm$W&O_@MdV*XiJD86tSlMqY>6 z9TqWg-F#EFf!r@HciHUHlS5?#2}uR9lV3mH znwnV^4kW+|Wj{~S>p(nLDeaaneA$P_lPe2oE8wjbJh+sY|`_A>dX z6EtVW@!voWBdnYp0O<%s!v5$ZzM-Pf%7LQF<||hCES#D*n;HmbnoI{a9VLgk6~vGC zqRDfaUQM11+01mtZ=mS>DJd4i58obbb6=vi$SYJ(OU)IX9`G?zSsppcGAutw^lEjG zcb!pO1T^KQ36|J;IO<&Iw5L1fwA*P7K=56Rb-OzqbnMH6`#9clj>E!147XX>IoQEj z7ti~Jc#o0_HH7J|M|-@u=ouzErM6G}qHfu)*BBJajAz%BL5g(g=qpv^UL7=7;vzpD zuG47z;RfoM6uOTJ9+(IrcG>Y~J2?n0J8a=792mjM2miu}w$Y20#D8!VFKR$01#1ti zkgE%BO*COO4?WCK1I7I>L7UZ?TsIjRUowVg50-D@1&bd(%$eyE1twC{z*Bg=*5;Li z{jw~MR9BAMz~V@$;cCrMd{^qqR`koS#hQi;P}I>x!9uEFrsPAz4~Jil4cyk1R|b4%|Gjm=m&Y zejmN@;P5>@%5y1owVYot_u<$IKr05&6kG#&63}DLm|3iUT=e#L_iZ)*6OMOct)%$4 z>r6ZNf$n~%2uI1VYm5{^b(?nN|Jde#`VTQWGXB$K71hM?M_2;}c}EbGH(k*0Dz+H7 zo7U*dvErfaW$RIo&c(;Ku8yJMI?qk0vUX*?(zrwtwy#a^vTswk1|B7$ zJKAK6za+X|rW(M&cU?hrZgzE706SHZ!>CfspHzvGV$gECeI|ChqceMCDTBOS5s55x zwQ#P(!7H$mVX$>}M+_|t9WMt0K7dnJbwN{44K=mKq9xVoj+JDwN zgHI;3@pTaO^)4D92NxD5po_H?@K2IX;DAwRYcZKm{wO6r`fA;d2n| z&g`%IJ7J3E0;VPYsyMHGnLIctS<;=pe0U2E6bD6j@!$Bhw6t9Y>n9`^VLstImLxT} z$^4VqU;5we892{)jM>?#{b75T@Ddj{?f4{Me~KJhG`NEJM#%V1`I=3ZlP5?p=uj?g zI^G-8gzrz^nZ3=tQCN)#nm{5dZRRFyCJgJdwF~JOx)XfJgACV7p=xSs^_?h-&h*C~ zPb7~s=_tykyX9uyO)y+;by%VgW0Uuz3=;kPt%4l6)Y+A23IkuBhjBo%q^pm=S=%zWaH5+rOJ0 z`#fJpu^VnxAb)5+#ySAyvOjg{%VwkP$(N_fdTR7}HCvBjp&diJmey5s^FY5NoHq{^ zj0WG(JYV5jf9v&i`jK!j7G6gJKX9xsE^_|Gf}TX_JH1a17MJLr(3TY1y}O^0L5>nc z=zw$qkOaWpNiV^-+v_bj;hfx`!F7}Q<^E*dv#r@5#f<~WGJBU?7RHpr&8zu$y^npF zT+`7q8X6k^Ua88YtkH5b2|VAA{q4nti%gPIqN-bN$hsIa*j;?qteZxaKP za2KnQEm}_14o1JZ ziw29sT-@w_x;C}fT3jO=!W1RWYwDlqYb6{e&65#X7Vk##?qu8Z)s-W=<))+4V7ZJs zh=mP*?jTaabMIX27aHE*4+>V4JYWF^Xr?(iC}<2Zc&*TFeaQ54Jn@G4ZlW|e(43!4`D{NmdaK{Pqq_4(frh-oTc_ZKYnA1#eq9j#W{%#RYPGR-onFZdv< zHJ2E!Sy!;ySItx6cayG(zIxbKb6Y(P+7>4&s32kc(Eaw)d-J0^OoU{#7mpZTJ~09A z6jK0H{P?*$a`V@=lT44JhD2Y|AbG(F&h0zC6EH{fs%^wbw9%3zsETzFJ3s~!zf23Z zY`xKZ))*WE$IXRK;22&F`lLE3>1sC<0w!!Ue>G~|{P?Jee?T854A11qea8mdH${8` z(vVW?jhb%FZ5BI!MKry)v4Ms(7&s#WBfV_9q{mVEj>aHM>}HRKx_ShN2n?j!BVuJxK8kndic@XTox2^W`3oH^v=)^U4j zU;ved93A}Y{pB67R$dA zXWY8m1n}5=8TMj`e0!n$2E)&XzL#BhZumz}bOiheyDoU?Ve{Oj-c!o`lY0X&NGTl` zokM!Ax~O%}uv`1#p2|flxvXwH?p``G_7X3M>YUzbl;D%$I#qAKy} z)&0XU%}*?2Hl1}zok2(3{l$jWTWVEK3&zp*1IO*!$|Y0%{tj_rn4uvxnA7sD>iL~h zhWy(LAuAxZeB-AJH&|G>CM-x;m8~!A1mPe2Y?!Xoc-Rf~9A?&2V^nQlky~y1YN^z^ z8qr8=^7s;s6suK|J&d1LR7&(TPUVP>;Ch=F{(1(x1NN`CZ(>3LIuCKY8{b)Y&YmwU}G4SbCY@Fo6kVQDvx9^>oQCLF~Pf;A!!&QafI!R$2cq7TdlqzqYn!_J_Cv;ZI!At@$|7R8NT z5Z?%m_vNbBr4}SCr1y3O{JY1qq|}Y2c1F!c0^GrURvQU=N}J=U@HXL?SUW4u(iZbw z6Z3CX!kg1SkCQU1#55-M(pSUIm>Y;bX^!Yhoe z)03Wx$!9O{fwb>F!77vmbXyk46()^22ebmeZeY8j|18iWIA}UF)O8vJI+6<54HyN4 z<`s@_AFl3XEtWQ2+0BjHI^^SBN600m%f}3Ey{=5MdJzTh$gs7_^LA@mc4IIAZJps& zm*C^>p36(P4f%5i$w~SPjJq9Or)mYxfWW6$kGuq{5Io3Z0LOq3l~9-59$GwHRtAv< zjXD{@OJonX1!*ZBG91nFI5ng}tJy@de{u*gxyn@!(b|u^;XQ6&NIvqidUpKHv|q%) z!|KS|IKN>iS>>)*l1|e^<;vFn@*G?8N<~b=+gdpSf+`Hoe7y?P4_7k# z2LAq2eLs>0&F@muk^oXN$uwo;8v^|K$8i_)^fp%7ieq9O^*IN!pd}rzUF@eD5(yuu zA5>}WZ4@S3`s5Teb<-85d7jTR*ob*N;&nw+I?8k9d9Y?=RFl8yIun(>X_JU=Jhiys zkc3;?X&~MVY}o+%=NBi&VdH0jzmdDf%>3n!YrC_R#W|wvqBZOMd7j`GY93F)_Fl^7 zWNP-~=G5R~;kIX&&7M!8!{@4#yh~0;4PBq@2L`uBMU%?pV^;H*1D7q_NJm9ACRR3< z=RY2H_;0SaFUZLHcBADWIYs|yl^31&$_z>1#b9Y;|Jzd_{C8S%27-Pf-HZG)#kjb; zn>17uA9s+3Gd@Qr6bu@R3^C-@!n#jZt?Hf)$86Ua?Q_-_{FHxEqdmuK7 zn5cKaP!00r+vw2dbTpwfVBX+t(aN)OgX839_W**|%vC9BaSEjZnI5nIT2tenHB&fJ#-7rHt!H&6_rA@D%t+F=~3J?A9IZPG=!cZUW04dErYrHw{HP zPb~->p{kA^Rq;))E`E6iA4Kj6HVu9N45aInLcvIb)Ex)YJiBPQdd5A38-s+{hMhS4 zxjI0W?wFe~nuE{!^vT}URFY-dewIHqrY|uv^(K!(220@hc?a0@&*l6_>OiK_p4j5z zMo>|0!neuZZ`piq0-Dx1G7xt@f~3W$bz54hl3RS4CZ|hfdzdu1nxzrI7qEO(G4U>P z;fPiBna430$$m10ks}hrD?wP&B>`Ne$CbCYKxBa=K*evW~0GYUE z5ZXWtI0*WaLY+L1Uy~NO?@W|7*0Z6)#kh58kTYy+QCv3~jtzKQ$^i$UdLv!%BKnK+lLb%BQ?^eNqh!Y7J6Lw7Yq zIKQWZWp-72?vTf+E_y$}_H6cO36S%KS0_G7))(wtDVION7d3 z3aj#+`efjmCjh#sh{OnNU(E(y z{mQf5akl{EkBDf&e-)zXOzoIK5T8iYp`d}>8YPy#^{}}!pbqw9_NV)PZ0?%!t-yL;>jEEiW0up>3>TNAM;0-d2CWpVaX*0Z zI<=%co(d&P&7bP3OWw}3U>*5jj#i7G=0HY>L89q@WP&TJ>GhiTr_o`Tb~7pJo!OG< z{6E>?5d`0^GAmK^s6j)3_R8D!ZK3_x6jLVuBmt`=Rd}CK4&K`bX%QOj>Q2jORfKQ= z)i682@eVC%$RE3@+emD&_pXH?VspvfuyKccp?>wpoU%k#CRMgd>BB#V5fhehf1E&n zcK2o0e!Vu-B41laucv(p#-r67NP{HhoE@iz|GZrciiX5!R~^_>WmOG<|=E{gUybh8>$`b%n*rvs~*|{k%YRYd~eX4`@R;tC3)pmUKfu!|Ih` zwNZA(njhHQ3DvmT=!m%u$tf$3Z=vY4Ak3vJ*G&5e@a?2^^IjgTMt?X-yI)F`RF)!N zJwuBTuCJj$a*L2&U%ie8{EMBmxw?Z%+&pG~{V3=lYdUm*0jfW*@DJZytbiO9yptze zp<$?We76VAxvE^?gVazE2j}wiqh(C+g4A*AU=#y#1$b;lt6q>OgSeTrI?s#h>gt=_ z#qg%lJmRP7moY;5Z{mi7TTZc9cCVhgDVs`4N@}yT@Pvv_0v7FWeIW}Z!CW%-Bsoho zJD_WWnLV>CfNpSKWN`H-sZp`FhtYSwu<4mvXxMCT7Px$X0f&Fy_<{@SI}1dc zn_a4~dXCcCu_QPE6DdW-86Qdtv(d)$7!3Uh`Y>Xy2kvp4kxna6*!-?O^K890vgT6& zHnCZ-ZPz1tb;EzqwONGMVmaG+H6_h%Y)qw(hC++IX1-Djl5nuP`xrClNDc6QV?ulc zL%G{UDw+mW(;7Nu^`fGlHCOE5oLE00{VKSL=&7cz(SYYG-k$^qG3~!w(PUIIqM0)> z?QM|7lH8Ad?EIeQu&-aAt~__GK!wO`_Zsz7oTo7Rq+4jn%KURx^~o<7?j-!c7(sah zG44}m;ol@KK^x%1R-FMR=%SCldktgMeaHhO?fKPnr?Ij-cQH_ZwzZM<-$py-|D9w2 z#-1Al`0Jh=lHIPqWyN2hL|e#*mb^C~U?(O9=$U<|M=$6=`^9g=oW)oMma^Dza90is zX=5e_kGnt=9MD;hA+U(gG#Gw{Bw#jVuUlnrV#nVt^y7rHYUn-i{|}~P$Eg&NSzGtT z;db>Xv^iOL-D;^tF?a>V8z|x?WLcr}( zT-+6t3Mz``oEq>rWbR3C)9C|Ay09@CbYwWw~(GJ45sH`cm6ZgTK< z&Y?NmUbwY$dfy-tq((x(ZXz;R4m%+-gCuOXFeFU`8F#%%b>y|!LOP>r*_x^@lh6v; z|A+yblF{r8O?1%Vj>B5nDckRWv}HipLM{mgtnQv@ogvT|Ot8 z7%y8ZTs`TwMBl+257kHCIr{RPqw%+x9ca!9K1E)}X4s|cMxOP~&5CIBx_{V9OqgPm z?cVWve}Y8v;VdJ#^z~FP`zo4D{>4hMr@*EYidli2PH^KrY#=H@i9jT;_sSWhNuSwB ze%UyeJKs}{D#t=LqF$dDQ>5s@x!m8=GGgQ-9f%Q#Z9>(}u)A#ZL>6Dy5iJNq3>ugG)0`-t47=qBryV|)1f89ooR zu_=`ZTTSmfgFoMf6v@nFH&Xl$0cPgGUGjn`E8D(W9p&daE)G{P>HHXf`BCRMAc(O- z09GeCki@g$MK}F$e2(h3Jml!;4;MP+gExbreUtg01&E36s9XQYvna;#-V!cMs&bD9 zJF>jXnx|Vj6PkyF_#m%_$x77G9Fae34-&rp)2e?+(=~z=E~>2DVYYd9QMT*uTQ92i zTe3FiqWn=zT(Z4dHF8mdjxjk&h7%H9IU`$}2lYJD$D2&`{yf#6h%+^~#@kam9zElf z?R_aps;GUTM7H;q+@+-EvK&DUxQ+#gLhKW zyIpcER@dB8J)cq$;3%ayoqqB{fy_EQl8~EPWkGOuk$q`^y(k^G7_Y}Pk zc_ORff0}9wAvq5gD#AIy>gPXF6movf^b*)zfRZca_Vl;SY6qW(1un;F)jYY2TuMZ} zhl*|X-b2l>zNcO4C>>oTv{f?aOig8237qpGm-N$>9;X6TB2vfmKat7?p#O-s9QKKC zd(824nY#E0^6tO-rN2`nU|jc=#fGD) zyMX9;*=}L_4Mib_kma1r0(Ov7CD;Q$_7xj`g5pZGZK>akP7HTk8drH+^kBveaJNY1 zplT?;)e2>B^%mQ265Yay;`uCaUs0&;V;)6+QYinCrdl8XZ)l;vgN5Hn=8>kJRRYstA5m6PK21?2`Rx2Z8Qy}^(wv!T zy@^ab+!qP3(T$yHA>rR517>$|73mLVsPBA2l1f1mY*%3G$gurB2{(Sv?K(IPqH<+8ntgNa7xL{V*v!^LvdhYob{uJh$(+v{BpF?>fDwyrlJd-W2)YWQnL z3_iZ!3*J*~rz-qXJPltt{Eep><=j^P03H`VfAzzwsINH6rk84v;$2ud*gS#N1}rhP z>CCogR}F3DBMdTD{FY%NP{eEJuAUE! zc1Ag)diA*ibEu$(1E{#wc;9-wnwI$yS{~m zAbr*~yIRjuDBbD0n$n)u-0R-mYm)vp*Y9|Gj9GlDkbF5P5-o==w(~i%xzzz}o_AD- zQ{4;>1Aw_0?htKRSs-g_T-EPcG?Eu>uW?3;f*#(ENe;{3C18 zfz0YJaT73yr;kszT6NM`cq4%#5YBnFDdsdp4{x4iaCCo>J>-Nl0qSHm9Hr&H+f(%T z0N1hGg%bwuru{=4JmCwzr}MlHII3Ff{Luz0W;Up{zSnkaa<@8WsXNWc61gG)Vo?bG zCCVN{%Y*e}%9++ulm1F>8ekL4m2wPKAqh3_sei)_i2ubKMP6US?oY^zuUy$vbX)Ar zzjNZ;&gw62YE#XBJ-5d3LC$tq`UmbZRG#N~(c{^sVsjqL1?1DH#$OdBvK$^=Fp^D@ zc2z=)woYsY1De^SF)5u}Ct!`0I#tkRKfrdHgIrckl;=+^=;;yKU!yXy+>@Da9!Vq1 zam%ExjSGb{fiaT)e!Y}9nTDyxYtOm3SOvf`>`?E_+eQ66wa9ZE-o{s?> zG&gDU{04^Jsnj5J61&kowIHpn9o(pxZaWKQJdhJZHqY?u)Qmh%YV6mw0`>SL$_&=t z(z3I2fZQ3y0D=rQtv(M{G^@&(wpE?1Tv5GL@6FokkD89s*3Dm7=IkF;oWP&MVWZX1 z7?PHvg0pOl)t&P39Q5y^&pc0z#jS0?elz~pJaSB>B;-@$ciRw zODal_YDN;7j=`R;WL>>iQ^H-JQ&J3$D@cu+YG|SiJ*>v&+dR=MdV9nx=|Gddr>Oto zUE|{_C}2!(WMjWyZQcq>0dewU46LxC=pU}e!odJ%NAo$_(3zin_| zFiU!2oPoCL+tQ3_gRYZ1qk6=Iq*cNMsC|}cej*4>%FkIg*Jad$89gD_V z2~%fxeg_=~)g0KVnY>#L(@_l@lKn35o^~EEX?}TUPggz=UP5CseLQolYTv+VnZs!T z0H?}kuN*6rHVO*-MpD`-%A&;#xb6?~g1 zw*>d`QrGv23Gi!5zx*D(G3&y8Lrvj49l)y`3uMxDx*udL)4SA9F81eG_-yab#~4jF z>Pk0`x@^;m#j6D-^=^-lF%}tG){Y5~BKSZv?6NgP<#e&&xcP>&L-J8ZEaG!1UHEVKuog?UhSp1`*^kt94k6_DisfO4Y4FMW2OEigE} z^Yl1+@FK1I<5pjR+jedW>?y+d^ zKkQnR9^z(!78@E9#tm=C$_tX%$7^P`Kc0NceiI+H;saor`Xsjo1bC-lYf|AZVS^INnGzaFyy0=%{6WkKivo zs6WPsIPGz*hH08U%j^br7a(@mt-km4OwT|cXAF$f1B-H?Ohd5`U1(_`P}VkJ1m{u8 z%K6M-PqNL2_j?G7mg)vOdr)YofU=&-g$An;XmB#j>i$iDQ3bq}|nzs`a$Sxnhmz0QoUV^G&PKsP{XR zP(M}0i;F)qgO}InoQM4LLKtmy9^qBou?d}3)Y~w{$V2eBZ zMp(xR!hB3xZ(ket!Nm>|wazgoqx+k={i;IJ_EAE3o5h=~)!_${(Qx@Sfm*^(TwKM^ zxVTavZKvq_IjoMmAfQ()zMZLVp6nr=i%)~U*$|yCUtjma z;Wo9=7pzokYeyVcdtb|ZLjD8=BLvky{5@9uhbnm^(Ti#-|DP>%vV}G*{FSP%iHz1O};|QD)lK$y#ZSBr#waIJsFrM93Ww+;k62f;tIlW^T zmf`{Ew^eus9UI#!?A|#AlM5hG4n&Y&3g7$(%kUoyfuLh;TVAot=(rWLB!~Pdo0;zd z6}xwqC}11ug+EZO@()7#KffZ@Mh{U4&M^NFMTUS}=y+NY?r++fr?HbiQSJ}mTR7pduPm%AEQAlq@7Km3tTTK4@;9xXC!=t2x>RhN zlP@q(adCXg*fCLBlu@n?V4$8Ta7=3SU zWE1)$uu#H{uItucw{wL2g7c?eY=lBu9$!^-;^Le#tuxjy`~Dp<|4ilh3lAftQXc!tfZ9e733#nOH&f+whAOLUH9+lOyN)6# zC^l+@O&?&0#GC=z^@3GG_UtzgrBamoeCG}u=nCA{YwflzRdywI|DKJ1e6v?A5x(h# zn_Zl+lt(ZXgcVW-!Ff=(5TgM3x=`8df_Iik$SLvSDdj-5PUguY9Pfl#?=8LHG#0tU zfD2UTS!En!L$?X@T8qO<=Nz4jBu7n(&VvUY-u8Ao((M#;^BUXzXzVD(sY8&Iopn;} zXsG`NTr zV_}|z?!|UJ!^QO+w!K4lIt(ii(>*-gLut}S=WjHaQ$@wN8UdA^<(eQTTs*nLJelSM%0x)634IF0h=SJzKtU$Z>c>PLCK@<XXyqW2 zK?HKA3)lzAp*SdFqWzI$DYx@~C-Z;mwmSKZ3d}amLlN>-Q8dWp8b)*yFs<1q?_xa) z5LmG*fX0-W2I*m5UNj-X1g8MO2xtMmzh6q-clD1_`L`taipLF}QM3Ue^Z(|dm)9@g zL>6m?F;AWat$pK_cJIZ37W7_iH&0i;5dtWMi_2J1oKF3hQuZf=LeqiqC3wcu6%VLr zPf+sE=_J6h8)&iZOz|hOVl?=#|4}3YL;RXavkWAa;JJeLsm%CdNWSqiN2(b6^=){O zpr=CztT@b(zFivgLdaPPpu%5$uqHQ{fb%^t1e;p55*z67&TLP7N&ztz2n2lZYt5A@ z_1A0p3rcwt>Y=AI{tG@nvS`Lk;FMjD0PApYfJ=ovrM^-E(uyT6zY#f0Gt!Gqz1nqosvjqLF>_nA@@~!KO|7vQ{WQq15XIeAlu~bhuFVl1Kbh7^&BwfB}GJe zeN9NLOMN_)R-J@AcA9AMs`03@<5sXk5%*^6Dt_XJ>V~q)T_5$EcfSu8XFXrfj+TxVb?Ei~oYruQmq!uYc^gu+)|v#T3^@Z(Xl z8!WM{ODnKy)$rZ=m3r|Td_~Y>?xpkYfPp%W_egq`93T1wv1-f*?kGlNs)sYnD=LJydkCzMG_DX zf4|Vx)n$j=R~CM?!8CN-LtfxHCc@L~E$99QE0A=Uxp;%=o-0Fln&!wIim0Fk546!F0|2LBIbuEO-o9 z@O^asKpC*$(w$dj;Wv+pG^=V*>$;bJmMXsPh^U3&M2i@e)aA=XafZ4SnrgRL^k!TG zt@{eYmm(ypD_Yl?pm$n&KFe{CFO-sbo+BrZIzBonppUv{s_-L}KPGjxHv=_WJHr-m z+v!a0Li=9Gb0U($UfZ3)r@~H$+4%Tp9(uoilLGqEgo@k=L>|E{lVgtD;COT$oL~p5SAhzrxC;`o;2+7kSq(uZCGJB zWSCcP8qUu0fRRf_4P0dA5X>`-s*?$7W~x12Rtn}OA|ul{qAs-b4+sb`+*{3$XrQ5Z zmluQ^d{J!xrV;OfaLGV4(v`UGejgvJG~S$kBR!N#Li3m$s`5ZBb z>8({RM8Q}^*oPCz3cn7CGkCJaAI16az1zK8j!w7n@jZ(dG_Xds6aQL*M z*b7}jn$K*f zeq4b1Dp4ALO<(3-JgZ0SLDyPaG)I&z`O1oH-unA%GUQoqlT5;P`yqPOc73A}Hj)61 zpB&RI$>__dV(;_)f&-%lD300Z{APDn{5QTvW=62Hl=TzHMao8UYI8NAPDX6HbL#{e z*{GEGqFH;QlK+fVj=}Z155t6I)Y-5!VZEMRivi=7+06o%p6ji=^L`Qwy5`bv1TA_$ zs9niud)B%a4}(S~-ajL9PN_4REy`U;(8R0KShhA- z&*#UtohYsPcjMyO146nqsNJ3(bhF;J>EL|t7f@j3*P5=D5!zj1M03`kD&Z#{yeWv* z`rJ;5dJ6TcCq^Bwr4Ukf>ZA|z)Q|afwLwz*{_-Vp$Jb(rddiYRJ+8$QI^_5-*O2+n z2kd8wZp}Rl`Y3GlDciu>!yejRv72Jdu_Ep`yHVSn>7uHc#@iz5v~q<9)Ilh{{W?eVH{k&X-;bFxKpB@;*K?-Uyir z6|tfn*(_F)(rbV5_rQmsq$0|(_gXmTGE>ts!N!Y~DQdgm^@VUm; zOK;?sHENF~inycf&^`Y}^5f`R2G-+MOXf5!9!eO%Wvb$OaRGZrdz27BF0zOc>?7f2 z_4xS1#c-Cqf%K;t`;HHO?R8!=F85d|QO+e4=P^9UPf_N>AB2{;@1_ROi_~kp%EQBT z-Pqsm)Ks&Pf%f)aKO#8hJ^*?raxP@RW`jx0GCbV5doyPh(X=w>Lr4w`gnr*hE4->} zOday1k+3JlEpI%MeH9Ovq4HIPreR@?{6s(J2IrqF;y;^GP@Cst0#mfwD&oQyy z_4am@nb7XN`+i+tG_$mu=?hh(V3{F&am~w1BCSyATL*(-YXZ*kuF1&4@s+ySjI`Dv z;7^6V*)~2IEsrc1FmaB##a>-K+y^{rkm=d!XZNy1~nn^>`kVXYfw%kK=$mGKoA zc35A&o$w@H4!ZKQ)$RDOc_}Py)n6O&6k}N2_Yo;C{@#=`|H0j#Y{IZ)8_CLi%WU!G zO;yB;ycE%B(ZZ(QbrN;H=fbUYONLwE z4iHGKteB9{U_YZN3FzP@ceuM`Jk(p@Aey0_7L@up?}3z*Y(khf;%E;ZCLvyt5%N`i z=8`E6jz>0`7Jgb$Nz*x^i_R$tkE118r($iX0vLtc1n^#Gd3nY6UAc4TPOkZE=L9Mw zH*R)_vLcR*{!7}3oF+6b3}S1 zwb!pCUMaDUCNY6LnVd|t_NCj&7kQ{wtKlH0bv?gRrLisg`S|x#vMDdVG)1{G;-*<( zDy;;_3Xfsg8ijU`tNA#5wL3~}PCcy{r|UWQu-+8mK+z$jH1S0q931F0=_BeC6TP`)7Y}aWfi7+U# z8X#$n;`$)WXL`xF0~Z$|x^nkOhMXxf{7Ob|!Zwrf{7y!9s;*)NsKZn;wzGQ1-lRPo zUUMvcPvy6+27DKm7X0 zt^`K5kB2791kpOow#R6iv_;!wzl&fzTM}|%MAJBdLk$RS8F;Qa+|>FK zq8+#?ZoaQ{u-wWMFqh&S$*$?4U9tP+jI+c<+1={_46Gm&6v``iJ^GgIr{^7^4gEpe z3!QRx75sr~CHJV^H83y=s}_E7340jbF9v&9$u$WOvsfyNha>DS{etQtmwY%e&TFFy z-?TQ&P|GNon?;PYlkSNyzg%AxelhVmRj=yhxLG${pT(mQGKTi~p_-LmXMMC!l|7I< z0MRM3G#>d(L(LP*Lo(k{9Kk9V|JcM`NE3K;Rve;G1=2^kG<-LP)FI5sM`cx#U-FO@ zPQi7cowLCg*xKYLV(!(6y{H_}Kd$f+UWXNd`CVAy-8fq54_RJcsT}mzMvB9G*c2}x ziEAcS?X00{Jop>8-aYj(UYT!iEC7;Vf;XP6EjL`W@+6mb;?(gEJS(9kkRCCW+$8&+ z4OVnfQEe&^7|hGY9p5>!B6*^;`95n0*%nV{qx9FZT6b4*jbwtu#Veh39kcXHYl_VJ zhE*JQx2RrpRpskdy!>{fGmfqFaSZ>!)Y|^Fx8xsk3_V}0&MbL-oo_d6p52^LyERpj zn$zCPr=%%Pf`Az{1w9;z?Z)$I-7$Bg2Z8x-+9Gvb{g|q$$X%JrD2tf7pBPsHV4VZFo}z3j$(6 zq$`3*lP(=AO+Y8gC>z=*sKbQw{~7VeVCkF4 zchJ#!&SLZrOHh@@+dbOv?;)6ZbnQJ&5z^x^XJ+RsRAj1Ca7N^$(z+FTIm(Gz ze$(W*X)D!hyP=+0YDq>psgkCEOeR+eey>d>>4n%%-L)aZM!oJe@)Ba=*11A-XYj04dK+U^Z3w>cc@lf=mO&ujXgER-QS%lNTA*LN(=8AyU_Yx)AC1b2_v!t z4m*6l&V)fQjZGJQMN&eJ-Cff`*?Df`(-wBbuG%nVO3p^BIEHSp2s(x#;O56Iiv=GP z9j^%{3i*br#&dwkAm=p*1;k!y?u4YC;$O48z|U8y7JEBNY&#W!Gu9Sl@o5lWpmVlx zK=ch{K6)oMi949&c$yM1B|~6=71A+K9ug3T+kN+PN1s=BeK6zn`NW zai5@(-hIZz#Pp&NY=OhD;$<4wCJk2Ba-SX!N{GlPWVYF9znojAp<4}Bsb`~u$Vt(L ztRapkSN&RcIHTuhg$vh`*_5=4V?mo1kWY{ht6TQQ9qymgsjjad$bKNPzuG60LPnaA znVH?TIy`q!wQ;wQ%eXAy64&l4Nwu1fk}1c}71AVwx(HKePFH%?Cmwn)MPyT2LJ+9h zZ5z6w=H@auAK)`)Dc?}iE{RP~XF&?5itodPtaMO1#veWM%{r2Ls(XAb$n`(apF4rk zwl3e62a`mz9ll?uq3+|agRPDfl~`odyj)velOBLHjzXFd$3oEh?4d$bf0O*$18Lwy zzX(@+-WhkE`w+}jUD@RucczPsmaCV-U~T1@t+W!r2|~xko#s1dKZZj;1#Q!sEry}X zt!Bx_aigh;qHDP4{}!|3 z+36HOHH7TrGp=Kk!tYeYtRg(zt&tOIIoj*4vL-8YAt&j5oEwjB*<*oM<{x9m$w^;O z-9fBf?dz;>^!^4=#2FzLhxq~Xe8XASc;T$4(U0qJYdq#%QnOC*G5X0fr-!_@g=@X$ z-_G|d#&RizPmf3s1r|skAf{`JT|`7vEgxwFmMoFh7Tx`-qyDpDm8I>-hd@7WAjT^3)Y7|;kJ{@*gh(n<4Eb5tjT0nzFO8x)h@B?H*O4vlEOOo zoh|1_&`7oAubpvdK%wXsEkiPoW$6m$qw+$ak+w%$=jfz-@>CaAiTpb?jpOX4ymTjI ze7?zoT6)wp)YRhM9nsyDY0cfWX}c2k4)JNPe)L|!XpuSRVBdHIZrWKl97=r;6C{`hm)f@n>K+M-9b#CO5{)=j3t}jk#oE-E7#Vr03Re*m##OOYn)nzE z`~+-WQ#Kvd0`6)M7K%PP*j>(^PHE~=yE6KgN%rW6fsM)a5;{_WSDdStwQLx(JaW~^ zFZph9GZ) zN!vmbKi7h*b?Tgof$4Ww>-JqbX)8WF?a`{0)3Z9_tDbQ^)7HG?Np1r_1K`+igB zne*3&6=vHe4qA@Jnn=hxo#(m6XgfFxwYw_wqeIJmF@^Xg-BoC%)$C(BQLk6?36UTO z*#tpI479;3_6b~k{1&~8Rg$D$feuKR zId(CPk1rd3yYQ*qsH64q_Zz_-3(Cna7&{91ekT?0a5wG#7fHqOucQJhFWXYVxVUzH zrmWB7=a(~9M_PenU)#Lmige9C{WPaU#&PShbY0<#q!%seQdg1TAql2HkY3m!!rf+h zwx3-vP;3cNN=87C*IUUNA)F^}XO1s@`s2~DV~4-B-&RKWm8*dr7@+<*3Zl(YK@r6r zh!z=hTx<`kjuo?smmu>0mUoLz>O~%C2t|M9jKa!GM>v_wMBou*QwChqquqpG;}^GdaZw-rQd2YP|TSb1zh-y*%}x4rK-dWJok z7kLZ-zP|Wz4e@-+QoyeB;R%dTeE8vT-@JQFfhLK4NGpdnMaJEJUIc#mGV-k-2|P_;Ucp?gCNwws~~g2sD^2lu+U znHPK~Y<|`xJd3FC-nEBkFLK4iyDYbMue`^g^%38)-_hEEnD$zQg)d8C98VRxH30K_ zo9o>o;}F1K-!kI4VtgJ7k^aux4K`*=)KED;pX)=|4M47sI@vZu2&EJIl^ zc`s_(jEYfYjo?o*-o@V3NCVHUB-1sX;ORm?*@6ga-Ab42SFc{{OjJNuwKGt*Fp2B; zgRZ4T7L+zvTj83TkD_|f$gAy>cCs@+i1*DWLaBHb>!J9#BE2#L%JpOYvjw8rqeYr> z0RaKr_?nBhxu%2q=*v^Emsky+CoS^O{FU~VPCKMf{Cz*mboG~?9sU!F)eb7uDu`fP>`E3b?M@Js z>8-1CN3%7fr&gWdA8xeEcc^6>*pJemB(h@83)O4RrNqQ_7cLv+u{Gj%5tSSzv8RRa zHdrD`w%Q@h*XpMLW0B>KtX9#1j#{oV{iqc~b?rs!yUqudCu!>s9ejW*+?P9=BNTDj zQ;;P>SYIR&@iPCW?Q@$qdSjbCZghufu5PCq4XLD!o4ktIRMI~Cx+BYdkw}y-iBgL<&YZ96rI>l)u2e=KSlj1mWWU{6!j{xt!?;&Y%o^5@lk5-$y}J|% zVBoKwYh|W#Y}zG~lz29FmUJ$gv6_&E;jF|5jU{JyY_IbqH{Luc9~si%xr59*Z-F%E z2ern>)RvBbv=1K)3$M^HW?T(uQYDa_O4UUIj$7nWtlWVWJs^;MT5MDVneC6$>Y?w7Y?b5250~g0 zC*_Y{Bqkx@nJ?4cN#5rOrN3be-4C)GoC0{E{|R)mvm(**qi4q=yTam0d|WXysjv+J zu33->btP;@GfZnhw6ZLvJrLTWXPU3g=5;mFQTH#}3^ddZLB@3W#C=X6nlKWw^Kn2) zu;>uVJ63L95y~Jiwp?9v*45<0XgwiY{(FWa+G2cn|21}n=_=Yq){F2MLKnC;TOYnd zK|09sJ|4R|qPsG}<#mNhDml0!Jk2UYseM-f8>mZ}d=bRpeNz%rUS02E3-1mw*3X2a zVDSKv?gWK9Q%KYoNu@dgsji3dB~om52QHMZ?Yw)-!OUhu-<~@ye-0W;*1@TQJs>6Z z*%`^w{a;|3i@z{U62ia3G}$DyyGGDi7OCP-SMe_fAJa)Vy&AOJ4LZfddCRa48xzdj z3!!&l1`&;oc5xI47L_vDm7%;W=}6K>_+x5;&GNdW4mbo`ZF!w3a zxCBh1OXu<^cd@dX%&G+-T>q6zcO8Ewa3{#9xB;vUZeMfpem}ncB6UCOTifvp1!Ohj zTp7(xTgb{NWbAlnu&R77^OV!!w#G)-wlG6rMec(6#khB|1W_?>&y=(d8zmV)$q)s9mW-KMdp3DB!jl zm`XIi-^Xyre&^->VvDbCy?thFJzAoSh^XQ^`tTrGcuw_l(&;zuo;g!XxIg z#9ZsNuNVbyy?8lCA^9=Dvv@#-GRDUG4q-D>ZoWHlkcs|H3J9w^VkN>;WZa+f8oK!0 z@V;NlfA_9V4_TzTVXJT^K{ZnKOmXLI`|`cb@2Xx`n^skV6l1dxUP#zlAK)R(7n4=p z6u2(1n^SM3Qb;zpsQMwu$CEkg;}c-X1D9((eiW?{TuTk^dLNanD5bK$pX*Fi8je=Y z7^+GI&I^=Z3M@X=ENDqhu(_{KMhR-$&(_SghkX_E4%UyI{`!<|2y5Au^x*T5ElWJF zVH61-C-F+@XCW_VTDAu3hbU1MrZZhB3P%!-_rsXPxIyjbr-U#Ps`0x<(>wo_emu-0pSVoMmWq4?)H*%*lichl{v6T3=#PKAXuYB2b!gdaSfxo#%E!)Bc z?hMeUa{low+uy%wHd+9QYGaU>0|Z`-aupZk(`7-M92b|$LmUcLZZaKQ?z+7|I@0<4 zG>b#&FLFtZHjZiW@AGK<@%kq$sa;SH_(dF)B|fDXbNl9axmm1|HgDHvX8YWi5K|}o z2%2=H?bo;bLQZN%aV(2qU;gGo`Qz1peGAurrzZk9fSl;>{x9Hj8({DgkxHJ|ho{8E zMzRZ+ey^m5{4YbKn$pvF_xG)Xs^-Kx8o|7;J*)Qbw!a?*Ob!KR0BGqfe`Q$znxEXX}= zS(dF`01tNi^t*gUsP6qp#eIn{FFSgN}JJx%!EZhREr z63GtS^=iBVY?x#5)o){BO9Ym8eERf5IXR`hc|j+_N;cc7_id+3^0DHnuX1|0L0gnC zdd_=)|IF0`x96a3&{QEvM1)#Cr}vwX)iMQgzYU<5I7@CI?rvZ|)nM-eaVU6(9l^)Y zBuLhhlCjkzc`acQ{&`EML+YUVJ#7vT?2V{ItFul&y}2x~a4DANBQpBYzkRfSORB8V z2Pev%YvBg|BK1aOSUTOG4=f9=1PnRpXTH=}8*M&$6BB_m3iRw9QQ7jcD$epg#1}3g z9v;_=+`fJPzM5r3zf0mziC5_Va`OK2tWyJ3kN;fz3ocwbbNb^{g{tZWr}@uTAz@+VvHPEab}2opBjOP; z3E?gqH6ssgAEW49!NnakzLoYMMdWW^wlj(?49AzEM7oE0r45-_Iv!-Wo+Dt1X$q8N zSw1*1{FXqpH2%^_khJu`SaSPfx|}Ku>YbhfOXt0*7#H_+>Yx);XmqQ+z32N-uxJI- z;LdfpZ^Wff`D|>;k0GM03VoK+v_J?E6WjT34f@}((V6ZLIUhzhhm``Bq0P($iQBPL z?eDGJ%k~qao-jTpihJfFIJ30+>sPf?o(6~SbApt~a9t0G#-?8huq`{bhcm_{m1?P7 zWF%Fr3l)p1w1;S0NYgg?!aR^c+kd-G;UG%9u*U&ogg*u+tYvBvv-aC5`l*~wAo)PR zGMk)vw1e~W8;79KViC{4fL85l52DQJF@Lh~lTs^4y@$WKcA?L zg1DPy!$dOQ;O0rd*#f<3LiuWU6y|rcQn1@Evy|!&(PRH7z!aoXKhAb9ejdeyzcOT$ z``b%5!}xm}Rc@S==Ok3lTK>LoSb zRNzmqiCEhfl^WIFKa%hqsOB-v2^}ccv zg3e*!l(UL|ZOT4?f$P`j9=T1HM6z}WWl7jB%=|6H0TE&g!)ayN7E%28A-U5U%rcR% zJC#NvJq#xJ;Bq9UnI#_v5R;e><|vm#kt5!Nr+ZhNiKV=-QHx#L5mNQANFY1kGr&tu zrGGJky?ptG+o1f(34>j<1Ql_BU6ub*jC@?-ywJ(X+?`^_ja!*EJldOeN6rh`jTl&u zl-L!)gkWjh#?{@`J*h!8y{o;OO${n9@L%Ff-&apD6N@wS=i6xK@4PVYIyGEqsQ$UN zG(<)QzJSTO$PuQniqO|93BUY5cq>UxlQ7uU=%!USOA7^YnvZnepL(5eaAbOZ9~pj< zu%@He9^j4xCOt8DMxxh;*N1R)r*wVRb(QT7%QG5*tK&t17`)2NJ?7BVvDHzMpxnMR z9u%B5dije=95c`Qw<1Io&_aJF5i?L|J8%Un$+8WkR!a!%+8>=&($O=-57Ua70b z&Rk6!0bah|SL+FY{%VV?esqM#WF79VmeSDCEhGAJn^=g6H?h*lzoutO-u!bVsBC3t z4r1TYFf!gOBQNn>dHliX&qb6MCz7HTmp#w@G@Fb|TAulYC1Pg*4z!I=6%F+pm8DOU zzNO@*C>v~6%~3>zhT35WO*wuMKHv79zFO%m7fZVPZG)PRlTD1QV4hU(mcVMOSQL-9 zoA7M=qJZaTQvKB3b0xht&Ecgy_0EP0-#J2R*Uw(&QbaKE|9GGCp1z~DVv$CjvHc*y zPXcG+qijD|-PmxT2kN8yZ-uO%sa(&@V4&P=UsN|HB_awg$@**G)&hpvlQxj14&~ND zr3}vd)+orbn&anm{x+lRHIs`7*0$i4i;aGXdm-zXUVZ$jH43Iw=Q+SWtxA{9;EH8ed_VUVB$8=cM1KaI;rL)@7!~ApKkJ0wnsJmXxEk< z{B2_%cTPo-=f=!^Vx^k=3Sz$}@!;jeO4?|tPoJfTIjKTv8hbu+TIjs_i8EmSTjY%` z?5^F`crN_vFcp))(4JA9OUT+(MY~&P04QHu^d!@-w!S{E^*n>cQ+Ies5Ol|e zAC$pgrD1hK%R~FdvF&NMcmY`}Hj&wfg?^;Cf+08DGxH!>E$`X$js(t3gE|*o%42+K zkufguaF2kaxy)!cj`E#PTuh4{$nKK=6maUM(ul1SnBL{O#yZ@@H-|8WRiT7?=Ue># zSRO2ezk2PbPhA{|wQc=kXB z311E0qh&eWrWdsjC+qAA1$XZkXyj*YDe)=npS{c`SIs~Z!=0ES4pnSIVN;9LaU=WN zv@e)5Y>RO*5>UOhvi7+X5kx~l-}YQD*J3X`7DmYs1I6#s;T+7&vRXY~7{kEe(JXty z>x|XTNU3^*1`pMvgH;vXMkhcy_h|XyVb~AYHEJJaiT3B?r^yj%>a%fI+%>MVJK8U)LNm+>CO3(fihi`+|tJi^ERDbnh^ zN)p&^s)Ow*ro})#9tm$pAi<|CLqEN2ESvtI{pr>~7ax+*(GpBFB?zP&8|yZ>)T-XK z7?K~ab}h6ER?AlG@D3!SUoB1&jb3l`?z&<9hxwX{hD(gk9lNAf6R2}D?d`@}hV`z3 z+Kf$DznwH|d~BCCH*&2HRibR;37Nr1X`ZhZk*Tok6(XxiUcGFbcMIc!u__Vw;nT0y zxY7&9JWJz#B+G;+|GJls4 z5kzov)+HzEls0_2Bin1ga&^1nAy#3f(#mW)h01)mGuEPP9>4kXtNGH#g~z(@EZ)!W z4E?@sXEu#jSU-0eXQ*4h0OME ztyD5=AC+khp8fE%Hq5OBvnO>PWud6;a$FZ!}cG&rleyVEipu- zv>$Kp-t5QceF2v*r*CjS zH;UhfZp_^CL}*h5ODiuCOr%XM2xZN36wK@rO>Rt|`EfjlFQ3y%iLih9-q4{>iF1v! z)tze<<8RhKBH)ad$9UPZ-0p98bp*NNu;e0Q`C6yN$fPQp zu8@oES=i%Nid}r!{~%}d%O&mJR5=oV$|D;Ue6=)VXY`!BPy6FSUD6W4XxX2v`G4Y! z;pe_|Go+I%iqq4qY!0HfK||+_Ct!B>Z_jj@+N0v}d8Gb(*fH9Dymp&@Ul|ld413r% z%sQfgh~&|}InEwSwx1h1_~kNn|MLKf<<_}DmCK0_}FyEEmc|ztzeJHwOx91fX(5)+=7($bs_4yp1yuAFIL+m1a05c_h z62v1ncS%&R=}6m^;v?jc2^wmRQnKC+hz1N-$m0?6OVFYO3OW&ks8ctiQ82vn`IYIM zUA*DeoVR>uK4LbWN4q!A{bx4gTf?{ekPRgu~A+d)I= zGe8y@MLPsL5OmpK*%Px@bGY3#pwZd>Y|F|2V%}rc^#dECF#|1G-ItVp?8K*zdQ(fq-g@xhDi!O z8B*O^lm8pYF%<8F-R^#V>?lmVXHP=>iBo+d;8LSkvrV_{W-G2&pSRY+wo-jpacA|&|lALur@EJvwgL2a4wv%-Q{4+PrBr&n%p zfACdj4S%Ltm$rVlavLITJj*aR!CRA72wM1|74z9>1&0Kq;Q5k8VVoD+!m1eI3DT}O zPsMIQ8=Jg$r|=>kc+8in>A+rI)`zEpw+fms9t_snXm{lMa;#6*J{T!6vWt22@bR}J zD2%@AAh>W*@cmgA<-}e8O^Nwj=3#=wOfR9Zk007*d#39uJN+;PoqFz*>fu~k8fU63 zjb`J=;q-j_Tl0cPl&f?UzK5IS!rmRa-(fJgw&3Yy)b_zOAc}kC=l3Y>f5@jGC)~={ z<+Qz^nIo$z0-~g0mi4gUm{nM>u{f0K&r;E(zCXZ0&!`1jkOT&>-SKofL-E87LhlmZ z2f9HBGJ^bDuw-+11#pA%99U=Hj{^L&+!DvPWpv!s_J;@lpi?`KWy*WE{PI`O{n=@` zd}n1`IgIIj;-}A&-+WmP1NNQGzm_N5>+|yNWe_v_9Fw0xerFxkZ0xnW#C`!`pB#J* z<>j#Kha(TMUlbA6@#xNzfH+k%dldA^$Qri#lY|Lcn)RkAuq&roG)RrtXkpzJ&*Uu0#UuPYIqF5-nCtZxF%dW2V%ruW*xBtvKk zZV-uGqmT<@7%8k)No(*lpWF+fNfFR-(aC`7uj-==&yzMG{ru3cte=krJG1HUu9aI2 zE(+-O%+0I;SJdPIPe!{h0$219xBQXy0XH;fb)`SQfrp~tO+aJ3m zD-W_b!B8Q)N%`JXDa#@BI+e5EF`!y?#wc9m3C61XC+2oa^W;8F6S5FX%$goM`bwM3 zjrXa18FJxOe}(FjF6RzM8FXcRJ0`($3gCjpL*a7GYa>kenlP5>0CtXbM`yERQv%Zc22FrTen& zGA(6Tpz^am3m?qdiiAG9Jd=FK>g}et9Hy0mSkM0-mizC~O1~3Mv4?uH^FPrhs*eB| z>vQo{BPV@J%g4^4lBz|*t0EzE*EHu&M=}S(%VwV`*e-;p#zVy751)mUQy2BYR95%P z)Oq^NX@Kbyvgx)1>WI2zaHMFFE7DC3T{Rk-Q3J?}3;Capk72X5giSBct;*#nmBvPo z?RevFuN-G>lj()+xm{O>X$h})M2e^5Kx{ctJnFDgrsc5Tyn8hO1o32Rb&;XtSSy0M5I}QjH)6qp+DUdn{s0ZEISxhZS<$>&1GlxpscfZ88;Yw39Sv3nZBEt;p zt|9e=AlGxzzNngOr+ok?smTj&Bk4|NiNu8z5*<*<>_l9k`0nb49{O&@A`fxi4O#W= z$8(6Vm`rn(k?X9Yc$DIbBVJ-*7u&-%`;=kd1&u;A1d|fr0E~)T7PQQ#z4cJ3^}yAx zd6s4{x6a-@E%%Fb#e#6nK{cecaZloTbyuo)|K#Yf`wJ4{y6I}`k!bCqH4gEikvc3g z>cOe`$Ki~SN#;iHod}>8YjryKGEJfsUo2!%tzN)eyBA5A>sRo(czelwpjW znVbF^v!UKNsamRZsPX-?3h(y_zgo!&OPp#NkHhFpZOdWx)r6KoUPg&;p90BK8F>Na za*WwCE24GZ6l0t8B`x3Npqnm=OPgu-{m;zDl<_jY$5Oi=&gdbSKThg43Ln59xLfe_ ze|i<96fggF?vsGahAaq84C9$89HZ?GMSKJ66sg9Sr7btL&pkjo+K& zrOWt4MJ5OznU{)NFNm{!klAf-AI^2ttTh;dv>DZ1XBQIiSuz=~HO;j%cD_@WhD*2a zx#mPTa7BvXgMg@}Gvj7gXvUc9o}O%rHpcn=V(*M?g-S16hEMsLa3zKeu+4bm3R}XC zo@hMJK3oN-&M&uuwDA3t(>fHMUA*&(TUU;(!H?8*?Kb^Ew%-Yyy)d5oI zX&kpPt7s`Ih74`yZ>+k?PH~5 zRBNfCxCgpbFS5(VeP^spg;{W)kICmIm#wpXPcLar1e3m|puYk2a>u^B zD+}ND1#RGsYxQ=XPynhvAAmxJ;}>==GB9v=X_tzS3AA0Neq-a;RN*IUBI{SA8Hgnr z(p~IMTdY8XAJ4Ri|ZUfe_7D1r3{c_ z+u#^(O|_K~JC^V(JTJHg&mkbFD2$sgSD|)s3<)`gD?C zibOu(?jBJxN^~gkHQT0GZ?xd%@R(-zyLK-y{u8dN^0Vwcb0Ie_Z?l zww{8SU+t~bQO(Ki8G2Q`yFoG-^Ev!V+;`J<`gsLFGrgR|8uVwHDV~Dl?k9n17wg)* zy0k`eew|X%u*~{>){|JZ^D`*EuJ}622TRocl;lf&C6MOWykov(bU*5(EE8p}s8rU@ z6wUEAJ|d!@+H|`(S=4-K=HAwJp9~VigmHRv*2<^SEF?>wiJK9Lh=vU(XQ}5r;e0m~ zN?cc@)E?%vk#4%tqD?{!(JEyHkgZUO_m_B``=ieHmM`hp!;M zP%#TnB(SpF7FYBgt5Vv<9P9U{igElH{XB2Ird84Gf-4geIFq|;ef#$W0G@1sP zyDq5`0=0Pm?(J-_gk68I1ZV}c_2nqF-*qV*R0z7$N?`235(ASW%~mSu+9<>iY+;1` z+?|!_o@G?Zmr0U;V0Z@48YhHjQ_wj|2>ZulZ|O)4a5DOTU4E3j@hjgO`d7yqY9){z za!0V~VKrn~oEPpSiaQpW^&~y&O_Sn6i{m1|spC*BWGt)&YRHA;lD-sa9*C&Tii=4` z(}Ac>9uW%CPOVLviqisfK++Z9B?PqiUBBZiA1q zY2HU-%j0;%5SxvIpCEGh1cVm65jWq(-<4Vv?33bZ#P0}KSG^q3c?uUdMfOSN3gXK; z_af!aD%`iAzGeI&zy&kjbyua`?e@k7h7~C`r3=DbIJd6aG&94t$Z^PQTSvUH?~i9t z9UZd7W`{D>_1l29LTA;WD*>cjt($eSxXrhkh41NZ0ku7svE9)?HN5l`sn5Q&yQPDh z0WRyjAS8I!syO0h=z_$f^bpnufRlcP0*(P7VWw9%6rTpCyy8du}Q_Bu?YuIVjX*9 z6hP|MIc@A4NepC$tgNg8koDkl>#vHz>KqG9-=alJpQJJgk|>w1PtAwR_`2tzxD)O^ z>T%h0@U@`6b8qi=)42astlLNeA#SOv^FOJXGoMb>D2Ye7hqAK4BU9gYI%<)+5JGEDj$?(th?PB)?IG4)&B zf_)t+;}zyTE1K?ZmHGnYo3N(mflm@8JM6nszmlD&S0ucCA4&{4MJfOU2hLZxWBza* z>A2Wdc&9x_;=Ge-$CR|)czJAtQDYrY+^Z&u*t2=1!`8wHEtcA#<;9ayChM6sOfPw_ z^wC2{I&s@qs;+A-fk47+Y&XpfIKLrKg|@oF?Sn0-J!Nm$Y8}v$$*&R8pQA~Ld6Gq= z0mdkf4KHyH@M4$Q#`1qdWq*Y)^E4U}hKvur{XIB0c+)(qKnpx_jC7^6AY&E!I$BB0lo5kqA zN+Qa4Zl}C`)ol!9LX#w*F$xefTbqg`c{*$S@jTn~k9%jT~{scvb)Nr zkC}#dY(!>;)`=F1wx~RV1cVbhBBg>u;X=Ci??0HsG~*NyyoR>*H4+;;Wk18aKK{7z zepV}gHAU1tteDdIp7)X{YOym~Zg+i}r((E>$_G2GHmv}%(llhS&?4q-Z3l8coheSkNmBE_Q6L02EUt6%wZ_* z8UgAgyPEQOb&Kpz(=w)a(x$9Xb=UIXg4$2_O)Q?wuw?o8W3Sl~a6Doc3I= zUA%ecj(pFhXL2VIoN&Si7OCw=o9*wEEG|0@-irq-1t7Z)-TFl}Iqth=HXivuV56ib%`96UeEdI{ z$|j&2fC*Nv^wKBS3Yi46Gvo>AN~$xJ)`Pkw2DR4qicuK+O_p?ipeWM_td&y$ za&9}3(NaTEGQJgJ!t2>}>z0E`DvPT~Q>rB8wH6gatEmHQ)^~m7&;uFWipNa{D_ob= z?!K)25khlwh-Cu-57eGNTZAHUBs3Vhw>sa1%$1wj?`IxiWUN~uiy3{>hm zoBCxjSsdAyrfnfho3A174>gJyH|mOImk&VpnE7oJ7*t8Pdx(~AD#dC%k6DkBhI;M) ze5Wj6b?7l$Q&0GQQV-6wQ2rh`Tw&hFD|5UP-7qR+@tWMyRWo1hk+|Ekwe3XtJXhlW zC!yK`;3ufx)gR!H+qNeF3;Q#qBV+O zf1j+7=VgN}_1^tf5A{OwexH)&(b>2_C+e8tm_ix9q2Q0|Kpx4^|P!q*8|?XAmU~@Egwy(mi0=O z=Dt@mTl^%!@(Qj-c|EFY8ojWv-dIXIo@i;2wv}etNNDu!v*b7*oPr}@zE<=}Cfo2G zt2m#->R+V(CL?v-ZuT|&SdwXf@d3Z{LQ%k})}E?lqd}uZPo=iuBtKc3#Rt}iiEojP zJu0v``?l56#w&>FgLfX-d2J{Bds^J$*|;s0Yu0t^ZS>9`GTzQ@?=58>hbl$&tITR6 z*#6jAoy!*m#o2c|DY&)<`gSI$%dGmf>UWK~R;PFfl2r?W$o}sZB6<_S3&g}$RmJ-f zkr*wd1(T!6g=z2u<&P2j0drPt%K^tOzNv0o3g=;RTE@`#dz&i0QFv6Tg#EGR;Yu~~ zY+ZknSVV7o7tBX<9R?X}=0i+7Ij>`s4iHDtt3?+jFy%_N&8=bljz5F>JvOMp1ds^C z1Hb<`GvFB|=y~sS%jTam^I9&FDhiQL2(U!BZKgxkXd#V);?V%Yb+-nkFFW0TYUfdMY;b~pjcD#GYjc_sXf;ykM=v@q< z40H3`Mz9>*7wWv2qas@4F?5RGO3hKF_+`UgvEq#Z=A%2h3`Y(n>p4dXw8>z68C@B= z`gqjAV`V7+d%bq)Qrw}}Q4yWs?BXba`>8l~XmZnujC6o(@KotC-#l(@TyWG^Ja<4E zi$?Jw;78l`G?jN(LkC}2sHMTGcG7ZYWj15fe{Lh8tT3x5sRF{fYbdTWO)lX(qvd@v z7<_Fme-?)j7_zXrPy6!|`SBHww8O~3fcgydBmp!!&+;k6TKat1P%%wQ@DW`c=n3o*l6k6tU=w-ZCzR+;6 zpZYpI80VWdAo7mTEi#O1Gv`6K4ggbyemzS4hReR`dr6P9if};DBil za%^Xn%1k?}42_Jmr77UkSR!t0QvHW11T3|~)4J4NvEwHaW6>#p#&;q4veo?6R(c$-ieI>r8yG)*Q@O>q{ z23eTyIhjF`-7%ZeG4s*VFX^%5!b5Q0+c4h!;a%h7gKCditmw7QZF(L>1|%p+Xa{5<99Ea+3%F!Y$Di7DBx>Cw9O!1io{w4K+abKjIB27bh_z0lJ| zyEq+>OItt25=?Vb-8ruw!;Cy{mNc)|CER)LGwC=wRqGXhh59bONYKf7Utf-a>Bi%t zk$$+9dhXY$4)s$<4t*H<&T9}M#It5$&^Z4H9o63|jYreAJ`R1eQ?WViZTfR8GtByB zU9H+kbGA5x*bRhc#yBH3}#d8;(BqoDy^ZQN#zY38FmSYQRCqOW59 zHT2{E8lho+8T7Bp_XE@&f0!+M=M`EVXb#IFgL@J#LTd}+->g}waeKDjW?JgxF?N0`#V*mxf$SlKY~@& z)dv^Q+32iu{@Qw0&$^SOxY&K}eE9kfKWIaKURMmX>!8InANy`8VbQb4O>{A#xyOF~ zoA+pR5~3yPK1els?JQjg45m;>v+d`RPPy}8CWOdtxX+)2oDJtZpRnzBULKuWlLOYsRY?fCMo-|VI)O^c zd-n}*hq|VoAY5-?bY3i180X?S!P#!<=6Nu@-CC#T2N@*wmj$h8!Y+e#$w z<~&KHQD;|qO6+76`t{v^bWyT?EpGv%M8|R0ZeXiHOfWi^jJum~-LX%aBtu}|d|>Ce zZ28Z*FO^jOF8s4~{+ZItsR$U#0Sn9FKs^WQ!r_FLwK1Z^dcL%9?n7o%p_AwY|8I#?a5R zfAeP=l2YN~Ta zxJv47kLcN;b!r@*PkOXsH$ii{_5^;@sNi6YFB?B@{Iu~#(@Cs-G%X3K$JBB80`FRE z)m!ziU-EyMGU(^oyv%Bgr$ZyX;nM`Iu!52)ZCNTIh2K%ir5hjb?Bk`p z+p?CD4hicMncDoCX1mu;7EAosVpWfjTra?qz<<-pT4BJ;Q%3{a@_LS+FZ- z@0M3Y8=H*6`roX%=&Ag9U8J<^beKA0r0|q$8rSzRd|Xt<^@iaR$EQ3uF}nNs-MM#= zs=}jlrz;DQ9|Zr_cWLFx`V!Q&MsqbEj;7VZ`}$V?c-x5IKjrq0&w#61di2lfH1ij~ z@d;syP{yFmt6K@^Mpm3V@fT0uG*SHG*3v|mdYa~?%!W@HE)6bls@?&Oa>os*$OOUbIO?HS1Z=U`R#pKqmu zEg+tM#(NJ;M!PAidGpsPyA>_#%Ua2CI_8XzSaJvKp3$L#va_Xf$f<3c7twvTOzm(N zts=yy*Il~K$h4ygm{CX}Fa6~{89Zibq)~2XtwIec@@!#Z3x1BsU!c|I?@XIde{g1Q zRL0yDs`tnRtqY%yETT*w8wZoMic)?Loo#tb`;G6_I#|;QJn_aM?c5R9`S7{ieR}pM zhEtytgza9ea}u8qLYsgxjVzofFtfb8fN>}18}HC)`wr)<6DfVQB<%XD%E8{L17`%TP%QzG?6AHN!8&p(8aaO?oHv00BZv zkQyNEeFD19KKtyoW!(MVG46-MhYWOtf0@th^Eceun?sB6i4#M9 z;dg4DpU+R(xuxBCe7XzIG@_(eI zmAolE$$7PM+Z3s;UDYE%Eke)W5bKrv~d2_9& zAQ+K#pAL2aqQZ{o)>J=SlPs3)F9*=qz5+SnQumPhXTpo0xR~6Q*%Px0rEK8%YRX&L z;I6J*|o98>BNI);>$5K?KHJu+dp zlhu2P$X&jk6=T8tC-e1h88%xuETkqwGqmyi^SgZm#bIS5?ylxA*2Q~j1j+fzqmSbh9e~_^$sM@~+P$8g` z#<{KyO8@-w-#%1p9SHBv%WVT6-Z)pV=m@aT3C5~ACMCA5k(Bc^z}Z92+-lHH2EpQU z$%`8&b{*{D0(5$x`tkM_m=fGou9(5`LjTP6AhWmw%)HprH9mqZgr^_b9GO1Id73%* z)CQ#?fq+VYP8SMpssCi9e=GbDA%L9zHp#;H2X*`Cyu53fRcK``g=1#ySZWd;&VPb>0NPn5`UftO-N8A7Fg^qjv#nRRRB&lK*vT z$eRq|xKyy)Z5P|CZAJ$+?wSCGn1G*?Z*Qla+|qRt!Wm}Gm5E^oYTOp=4Q}aIsq!G? z?ls38NyPfgcO2!jKKrI(pPZIp;>M+q#FqS^+plyCL>?UaeY|u^G12m*pd&3M$UG>s z(BA&A-EG=ZxK@>{Rcu?5TUrKzWqoCaN4a9X@355Zm8^DroY$#l1;SV%JRw-p?L*G1 z7aF=OY!@~teE$NU?bc)v=t01ueZje9T;T5CBXK3?o}!&gnUqw0ssmR~^BHnwk0K3(jK`qgW0o`~T*ppFQQ|6ms|DM`K0 z_ONA~_ci3D$A-VnT0(p*C}1BQ6rZb+cR+K^l`Y>3=98D2KGbz?`RESiLoy>{x;S;{ z&^Yd)#Y~!rXb_o3Nq(4ncGmSnj>Q*aft{{b7#xZWl|h9B{ucxM8%9HNiGk(MqjMK^ z6u(`E3{!Nts}C95nRXtIB)w0L_x-(Db|!ed{HzDp_#0D3YsT5R z$4~^@xtXjY|JmGr1K4`7wG+J@@rx9%TKks+4@S_+%Dci7Mp=CK={sfd^=U2kwDfdXgI!_ZNTpiU^#J`)S(kgYW7iJg-XN3* zXHlccn2b`|cGl%{CWbtyvZb3@wx1J_IYT8gwXJt6&AWr&%y%Q`Jc(*(T}OWx`O5}I zC#Cw$gATu1`sjeAiNk6-qn1F>S*5F0m0zbDU7C?lriE1!cV3n>Uw#3vvPlmKe&cel zCdy+d&|}C?NIGe~Wc}e{N9+;>RJjhlLMyx9xba3t)|)iN2hXIwm?_4GJ)7q5V#QM@ zpK#ZX)rC7-qR=Zg&RRCRLX+i9(@LuDMLWEJTa8=Ty1BWDTQ7`xk_pndNBFpqr1e*3 zMQ3Md%-d@w0uAPd{6^RCae*FcVP?~Y?Q+}*E{Pq7P>F{Zt7o#c9ze*zCj$CLIZp>{ ztlNsYpS-$p*wKLNDC1wAGzgb1uJm(tnYnC3qWml)Q{KoIB{cKc7fY%J8)hchPQOZ> zU-nx$eL8*i=8+xzu8y-6wMuP?R$&ieYq8w%KBB6oj`oc=4y{T1?}6G~8Sq@R3kh<* z_@JD$YQyXL?N|<}f~j)uUJTs?n4qieso-E{t^)vt>zN*t5?S>8< zMwHVlPKJs#tv9+<2+&DuVi!EA^CWZ-991FwTIzMpp8R`z$7ZZUyejsBL}9-2h89|p z7Fm9}C6-5q0&nGcTj^=R)};^;HOL*5g%j*6{e;xIo8aPxBwQO z%kOA^Yz#MR^#beY^TBv3ppD%nkGXA4^pSfvA|K;75f47EC5k>fSJ+o_wtfnQjd$rj zqEb+xpvAd5QM4DVji7}*bU)M>F901JSKnj#M8NCDY;lXy9`ag<>xi$VrKNw-2(?KX z`&2?x_RP+mjm;5~1^3I96koFJdrKat`C5{&9u6j6y&u;G5C3uhj)})$QxmPkzcMgH zsy*RLn;NhF_oY8!XzJiy@SHj`U$exo#?HDDhZ^_Ol0{ zzdYeTN)~X`zF6AOS3Hp>P#aHk)T*@BFiQ4AnQHS4rk6^`MB1O#f+Q5U2-=|vCan3) z0CluBxkOfCd5g=PGd2S2z4uNEKIa;G4GL4xN9gfFdDzE`B3!%emL@$$CoA_hMeN}} zf5LvPi;tCkt%DVBa3W|$z-KJJ4FyHZOg?w0<}Sj%O9;gdtj&Cy!ehqk-`>uTQ}&{j zt<8hh=Bn&{m9U=deQTqSN%@&5!peA5{GW%~F`yvFTRK~4TsiLwYkRNagmEBVo%Rwh z>~o&67@=br8mfpkn)HbpStRueyAB2ee;+=!hiuLFM8H`)SU_5|9lC(ELZfP>ITSNS zJWHGaB<86yeTt(v_aiHd{%tR9U!n{2Tdc>`{hvWT#_=wVuL%2^WzW5_Q03LnSlC4H z)C;r4hJHlemEqA43^WW&CuU8?b>`sB$W=DS4O&bi=~iYA+#ue~h+4dN zu(I^6)JSr3uGVoy)>2s6Usluh&19i3`qEtD!-o9GqHU{t>b}yjr`RbSn4!8$YYu$= zSH8#=VcpdSyce7HSX#FZm+&}*j#L`hosO2XwBgOh#_2!}1e(s>M$pT}ohUhK(v)0! z9GS@dM8N6RWxll#2LV5evNf#qdw5ZnQ>_EhXcR+5P}7ZZucPhj!*H$4%KkUM&e2^FOIHuo;h|F<%oT3mk>c}}94;zc5nSRHldY7I0rG&XWN|fR zsyX*i7hbH497a+_nLW}vF7v}%SkrZ$^O-9}_|7~%&R&17C58(tx0DbiZg)G&7gR7p z;3%|giM}3Jj0dPcR#kE+JQsmCdpBpuIt>+DjbA!ArD#pL-EG)szV`#6pu5Z|-tK^4 zD;SHza6B==ojhBL1X$#rG2*j13$URQA69a@u*YU5_p~x~?0{3Vk=4O2ePEAX-;x>$ zn0K1hc~TqG>*AbDAATPMTRc}N{Ao#mLx~erL2x5N&cSm_p_71w-y#7O7({>h3 zrIA(7@sE+avPviL(p7KaS$f*;y(hVAvGnywL#shITs_=h-|_5VFPt=JzLL?qXFMI1 zqe_{59LBtRjhQ@Gu683@PO`|S?PO&2sra=UG;N~do}FdiDK7JU2-*RMinV(m&_nUG z5`-?w@?2UAw4?n2M7J4@CKovk78u~u>&xT)hP>u`Tl^~$W-FBGvRNggYQ?z#E`ax+ z%kW&7M{t=$VvV{D-%j^0G$ZpfyWir;GqJxRR~XCZ1zTzNKJx$fHRFHh^|tNoAbK}j zCk9iCaVI-Bf)U0EujgVsoqfG9gS+a9v?hnq^_i@Y%%VZ53Ir|XA*>@=D~!4_P@a$h zFCxy@lIch50`~7RTNB#%;gP(*H6CoF>|hTSs|a72SHAXO`G` zcL!~;&sXE3m3=ui^ss`({fkEGV37dzl_wEPw?8lV2M7v!Tu7#oDbqYV_;|50tIr=U zJmL5L!{74@$6J#-G-7EYF2#W>F5Zk%syxK4=(Bt_1)m?T^^`jvQSr{U#cw5~GEAZ5 zF2b4zMa6fm4jCn%)Dn)0khe1mnqG7(xFFd2YB6Q8IZ#c&>jZ-wa33O{8o!I}MWdtU zGH1MwUS78m7W@NV)7aw^hB{=@;b~>=16TbPLN{C_P4%(puHHg-+_sdH$e&JAB{0oI`3G*}gdCj3>zD`eSRGi3mMOB&7 zSl(#6VoMXp5f1jyuFlS}xGSxnvJK|UoJayhJCj%aO4Hewcg2N1KeU%eT)}<7DS4H` zT@-e=QuVBp2JRtx2mv*jPgHkSX}EnW9-Z|Ogq|^oI0eZOkGhTnN711Q6Q5T5;(R1U zpVjh{txUdC=kWE{_i^4&b7+v?an$3J;bM(j4+v)bHZpDbs3WP;TS;E9u(=-GNcq)) zb)30h`%NIjaA@yIn~CNS;LABR*m=}|z(n|Pdp`(wYx&$fJ273-uj2iPKoii(zLowZ zPTfb6tHFLCJ?+B$*rY?5$#|&y6bEh&QH&mGpXOH_eH`r&cu|DI{(6#WB&HZo^>Vm?yJAnb$F2+~*nP+Nc z9pG`GO!XYwx##Rq7>AHA=MI5v1hKuFg(XyBY51_jy&D&~o0Y_zXtwVbv9yKAPn7l` z_Ga?P$H>~6X#3mRD^IY4e9Gk$iStsHgMC75`PICqCmj=G$Hg67-)I0E`)0$&%16H} z`8Rl^e~5u0J3y2Ia$pBJ@AvZ*WjuiN^%3h(tpX90qtsE94nFokn9{=4%k!boK3Ra& zS$a%$#l1i%9psKfm|g6}qq9vjio50ZaS3o4=-;YB`Fp`dpSN}bF3a$eTpZnjk3S%$ zK(fuqZ%>d}h=Kt)xqnu|kSqS11K)nw5FZ~fjZO_H;?pkyPY%W`eygNEWk)#rXPs5V z=L$giW*o9FevxI!sm#bK%-J&F$=<+oMSV%btABEwszS$mzkg>7=Gr?AY7||VP3Bp| zH-*uQW+I&}&+TO!aB*OGkO^@-D7x2xTP=arQl3zz9^+Y`%4!L4EzfYF3JR)W{z3*7 zQxnm(V1&$V0CjSyu@huzCbJ`4Vie!B|+&E9y)`GB_m}Z z8u~;`##Due(M2XO&0#42ae6f^sG!61#<@LgCO*`V`9Q6V-d0V2*lZ8UeDu%2`S5hn zFpvWY<5%>lCZN~smafLVZ(WrH`r31;4WUY!w$EvjqDPi-%W1@25N9a*6ysZwr5R^t zy0^0chb8}!7mOPeVe-L5Um(gWlE;^~7|eujlse=Y!3>n&_fy7Kkkc~NArzbte6C+c z@`r{2cd%-|or&)V$LPoo0o&79Vo-nWl$9UqF2ab1J-qdEs!%L&Sr(j$oq&vDS1)Zl zAmn!#0CEaDr|rwvYCcg5p;9s7+joNTA2a3!FVdx7orB{dxS_$inl$^%lgAY4{aD3g z?i!bVYgn|QxIO|ggQmjxQjax0Hrj3i1PgYamp-q^6AmWFxZlgei~1)hosr3F0~Ioy zhEb7};PdYOKHw;~{pXG{Fr^;>KnXqV-%s#RK`E8*l6y`oq3(O)pT~ee1u&dTUgw?> z9U~(nN8+gb)K|Iyl$N+!%ZzZ4=^S{!tgE@MNg1=k0K8V(V;3F=1#+W=6Oq*XtdDh( zhr2d=q!JgiDE73=0GgOkmKuwpE!xB&h`k^W(D|?ubdCh#v}DAUK;(Y#m2`owuI>Tl zwfS*Yn2j~q8JQ3<+BaiwGJ0*#n)^|(Y%7&2 zNJF^vHQm>q4pWA=C3du{8pA8DfB`fAH)Jp#a0x9WU~j0y3HEkwgsFR7HOM&7J|=iF z^f;M_M%Wfs>$h3vBtVYt_MFX8!%grY_`{WA3>^pC4`m|EGbM37F!X^LhkTt|l)1De z?zy>QJn_>a2L0?&0XzG2{oDtw{XOzi4Vv-S1LvG-NuC)}>k0#_YB@3sd>W*BC$V!yF{ zo<_z6$MH$&1cZGCXqFES*OU>hDVHuxAa2Ju6$Oi$mK@|w&ot%KqRiw}O{{p5GmCbG zew0_wGaDVFbDeE5Ji1;ORo_gLHeD@0_75iF?^7!Yi6G-|v82g} zly!!r=G+-ZZuPq!?Bf__9)Aj*rA(xfVC^3QL9m6jFg|CLZ)Q4pT>psD*?TQOjfYIfVI%J!iLVnp z%-8e3Cht94@Nirvs<10Y4`n-2C5%yMsMT6e6(1 zzO_9zSs*#wROcG(4D#_#0wE8GWh^H0Mx?Gl-KVx0m?}b&JapasJ*(O zU$5w@Zw*q&=IRWt608a4f&T-J0b<3$76n!^Y%R*xzKx9Y+wr;(xxdS7pQ%rGvYVCL zZ`CCLizkAY+YspNQJ_flDT=MkTa#}#R|{lD7K)qm@P+rsThw8jg)F|C33)qM*2%Q? zWB7uLThp!J&bbvzU_vibDHr`r`{w<#W0;KSOocI(b~1wpo*zAJyS4X(B%EL}f&xqy zfFr!*czk^m9(RT{m&Tf5$g>S;KE5@~8-T66-f7|I_ZFyQNW;C7ybU@-5loPmCR_7Q*=^qbwbc#8MmK)Nx> z45glLnQfuxT;@OP@Zw+PHAky{!CDNt< z{69;iSg=A+0`3ixgDMD+f^BlO+K@A(`-$iN+tO1~g8BW{ixSNuDntM z90#aA^d?rA8zcj$n}C?f0j4SLY%sP}4Z~k9$Mxp}NOH;G_O0P-K7(ZqoQB&b?b<9D z2ux|8qz4e=J87E@P_K*xsZ9EVr4G0B^&^VMx%y)O_7cigM#O+Bz zi&Y+Pb=%})S=JJFRA|YzhuydgpR`qY3)myKY?t-sxdRlz{qC7 z?``4C-X|_+PVTNWH4kQDQh$DWD+OZk9Y{3r$MVnMpQUGH+28H#>Q)_muaa}W?JK}k z8#~3efn`99mwtXA1@MEYY1;c-^~jXjK1pGbbh(0HaD)}q?OOj6%=9n*2XX}DJN|;4 zF`kldU(wgVEs>NX(!#XWQYWc-6`%N7?H?e_Jw*q?M6 zMlc!eVOu&XbzXnHQ>qPKP>@JUgR8iqFA~on_a6Jhp=Krl>OUhO^^USvFk*s!|aboMV{Yf0bKXq0(kJi^6=r6Vw8$y$$EO5Up7X>lpRhmLH6SM`bCDQ~HIehz)m^rd#=k~H+0fxo+Z zr;>lx(7j#Ql*b1t+a`k|67v&xV51uIK=T$8?+Fn>s)Zj z7{+b}qzqMp4ypS2nUV<^ahsY~^LK3>og=0tw*Z+%b>2|UdjM>*&=IeW%0>XpsTEGI zPD-X+SW_xEZB{Y;DoS!9Bx%QoSCAbCCMBF>dnQ-aj|-PnxkU2wNeYxFkEZODQZs(VIm zQzVQ6LxdL1l@!+HoIcU2!`eMSjyk;3J2)CpI~P_&q+CeQ<1^@(~-_3&WbNC-9zZ{lelMW+)*gJ1(RnL8$bc7`QCgGr1cq z#rb*kfA>r4JfooG8wSU>G%3m^7?a}KBzEq&(rM*+p+s}zTmgkt8Z|C4vA;xP1r)C( zSg8qo-;VsXgyb}wTU2~6D~nt%L}1&%BKTaOTA!EuyqqU0B>X*mfm8|)GmG5?RHW{peLxcJkJ0R>rS z%>d0N-b+*1R8AHaxh{fK&u#{iVs&Eb*QUL7ig9>ytV(8gifqn5Tn`St^rOYa>R`&# zsc>w|o-!*eGIrN6ZcdCKKYZWGHTmu9?fri~Xn`C!y%l)*5k{foTgdIQXd|OLMV@HF zj~9Ny!csGF801p$w%IZzenZ^l!tvmuYZ(Ps{)Ha;CpNqfM`ob3(w}B2x+upxAWe<6 z_ALKkkdK=ogK6%5$9$QR9{Jgl(BFq8T6KsYoPKQuV|4^)W;$3{wuejxFLp<5Ml(s9 z(Twk=qn=O(Y~=WI_ZA$IgmasL7C7>A${f?1k%;BKjgSVsJ|m<-E-;K9#u)y$isvt} zLlz$Vw!VIWk@za4D5PwLBd=68;u@9xn{iD&@P4$-95S~cEPXdOUlp9d!eWBxhLmd` z+6ZnAUE2(9PNM*idX*P!p@-zYI^#fqz2>~%&=OFx8NC^8MmQ(_mvDdY0{t)H7~%8= z#}zmG41NwN4Ba*Z<^Wr11d)hzJ^Z87i{C&C#_lZHU)dpG`gnHzOd;_2^WNG-JJlb5 zzASd9T6iZ&yLoc}W$ja#GL7W1=i=e@*CY;Di7NbVqr}_)ex`5z z0~n{NKj;*nGTkM8FVsshNr7%??4j7P43N^GIa=XwpW~-41+6F>Ngtq#!V!P&iDxL( z+|wJRdCR^@8j#;zAvg9)UulVWQoSRLE;&@PSf8Xd{ox}MQ|wX=&#&9#T92{(yvb!> z&OICHH@QeiH~ImWPZ2}m!3W*IXixG^whM%puXnLsaKN$s^2s3y6G_wGsz?xKJ_sDyP}Tb{ref~ADQ2`OwXv2`~%Es!FA$` znUUtR%Kkiyr~I-z+gt_yIQ$n6htYzI5+ZQ<&PmRqHo;#8SV&FbpLB{{N`&_?==9ujgO|I_fT<|% zHpKuMg=m%iz8-2Kq~uAVMJ+7o<_x{FQi;qmjhq}~u=iIkY}2_V=;)oB+KTtD`mR@r zBm#V~I&YS7{^_Bz#rjEE&ntP`kk8W63~?e)YJ}ta6@^72Q+_x2gAl?!S`aPzRAq5u zV#Q|<^thDb^4laW&FlCZo?>yOlPM2z0n&8yjKz>}_WGl9Wuzi`^TzTbDbadL;RDEo z!@F%;u>6KU&7s_UEvA)W`9U`VNQvralsX^EKcT4RM6>V&n)J6@Y^a)&`00Jx-k zNt~)>kK`99$V=jO&83$_S8Z1_;fyd9Hg8uCtDTWH({}VFFl#=0XKWiU;&_;)he@K{L1ps1=R%|3dnGU7i#Uu`bHy5rY4eB~#C1@b&4-wc2R-I!g+7HV-2&7X|q`)bpFoY-`O z92suVZ4c8k%uHgG)v+ka^{!L$GR~L)^McrwAOQbn7=VLkv#`@&<-;G5{LCpZQcb^y zX~)=dIhgRL74K^&YLR^fl29kIi#>hEo{%QAhi=yQM-5s}jbKBkW$qenL+XWBpyGnx z72dO_kjnxhJ$GHYZKR?Xx!Opw59X)tsO=|F6l#=RwJ!1)4esOoHXYmHum!Vvg)Xpt2k0fO!+u^##O|o2)E{PH64%oSsEV_ZKT2$AoCbdwLO9T_SmTTxvp^ z?UK=r=<4F4i9#rCie$b%(;{VDn`C7wP`;fb%$$j7N|&v$cs0vpkX}5sLwvbfXjh++ zKI9JW0P1PQaZKP8-A~-CVj}nr>8e(A-OOxutnjZ17)GT=E?a|&}`dloQ(Um zz6YLjMl&+wY<5E$%761!ZUXl^`1DDK^cmv)phR^p&Zw0d_WAk(E2){mk3L~N)1#${ zx#vei`o+QmwG_eLj^W3~)!U!Mhxhxh$2e4hgiCZLZ18f+vk2)S_tb63`Yh8#%+rFz zmTy|BMPPMCNe-&Wv>T`8Q{6T^WG z!;329_AchSCM5c8&$U2-MQOj%TgdJWk4K2j^C1MT%$&8Ed9&o+2r<5Z5NLMutq#+B z%I8;1F=yT6Z2f7OI)e_{W%SRc^Tc@j=GfBdP;%9Dshn4{JOUZUw*k360qK-2laI3M`(0}){n^TZHkJ_gdF z%>g|)z22wGYG>CKSCb^hXfoK)Gx}hnD8mXxLZ8Qr-a#y6_?hc8#aQagEajC}_4x=y z%Fj)?a6DVzl1^Z&AYAiDTDaL;FA_E1&rDtkB6NKP4effyuKwU|m|B{HP zk3H|XC{`nfm60u?u1@)g6)3|69B=N{VEWDFRA>-hm2ar^%F(^6oke2y_de|UISZg} z8H^x!AGI*8D^4medYQcMMrfafZ?SkcrdAb8yGwjK&cSxYmRebwm{y|J=sVZsNuTq$ zkYB#4s-mLODP;E%l`5wAhC*(0&k{@o3!eY0Bmdtf&;&tP34%kUJ3prkqEjWOTHiQw zymIA7f2Gdr!akqlKEzTeuk++xoe0WX;()9R?yC;IT0%>)pwZsIz(CC{EKbK*UU{OC z<~e@{>+grFHGuL|J`VZTH9sKHQuQX;FF)JiO+?}1foBCa_{w&W6znVBaPAsJz)%R2 znJjpjAU$HHIm8+upc;2!WWRSFF6(ulZ$phDB-ivPDtj?tFR8tO|WtX-Y{4CBCCaD~cO3>@9#SX0=q`~5(6YD2%} zFa7|s#lMR!!e(U<3TkUgJm&b(CAgxtQiu4*L@NGc0{Uwz%#~kiYd{3FB)~bzs3l|aUD=VF4P9OM1GKKM%=Zl zXEu1oIU?9+HO>=HQij?*ni8WstdvK;FQM0q!)N8^zkUQMGeLxolAyK$_k3e9_NspY z!iJ{(h1_aa!3&=w6Rx)SEG#L)+9+=a=AVg1)P=JWLq!KmYUL4SXKEBz`yb9M$m=Qk z)E>eQzK+4z1wQzE6e_QvYD+4Jl6J9Ca2fidgZ_^D?J{jWLYnNG;WKPqJP5j0PAO3D zl&z&VEJR9{p$g{abLyq!)td4H>tr~t)#uSI9z6bX4t5!G=Llr)kCe{86ZpQIpS9G3 zzGeT=6}xMCy|=)iHp)Yd`<3L7?8GM=tgA~^O7xisYE|dP>TtlrT<5vnKU#itz@UfL zrOq?DxChjg;PsNPkL>y>SbDW}ay;Kg8&WjZ^NbM%VY8p&L6d^m_Df0Kx0DgEmE8jPOqx(ALKov48URio5wEM$&SHR<{WUUh6l9ky5 zd9`Ss7W((7{7)mxsW{P48r);m7-~iUACK>p;iOg^(pM6H%wVWoenl zj1KgmF9i*_e^HL$${}7%R$YGHWnRP6QakBme_AG{iw{`6AzA9Fzt2JZR4gap-lxKv z#2G_A!odt0g2K;cZKd0H^rw&frA%%~z_SYUOa5evOwFMfN*D}$c&e+q(GeK96 zs!DDGp$JWO*#HqMpgUv)v%7^bq3H;3Kbm%DV`dl)|b;(gg9tg;@(7kPwzp~ z<&rAa=b{u>GRH6^ZdJY9=V%bpRfFi`oc?WxJd*$ktd9h!B8;V^XP%pcC<*@Iu>N5{ zcl)XG@ArcdV_M=fgP8ZZ@S@40=49Ad^A6RyyXknQ-^5J4ZZ;kJSM_PF}q;u=;Sluc4XfL*!E9 zb1}K-!M|S1JYT89eel(|$8GZnWelT+*>@dGFuP)`^ZG+vXo-yXM-3&O_yKxV%Cy7*g;@*k7ck$rGdH^^GN@ zcM7@&)iVIPP-^uf@$t3VqbocPOHhySF#}plSiOY~Vm(d0BK_=b?eIUhd*fGX6@9gC z77FSQ-i<%W#PouN4g~FBUy4n>&#WCwahR9YsPng<_4{lHNsA& z#3M7X+|<9SuRq25e>#!*R~Rvh!o`GG<%<}htrKtbz6B%l79{XNJ+G?T`jZ|Tv{kkA_d=Hz2oi9U&)^cv>(78+cOrd;UPOi(t zcXPZK(n-vi{@+O#kkxbJWp8w0qv41k5`AUnWE}5v0 zvMxd)K_uFGdeqX~lSLJc3XXyMGh=-L?@7YPc|ygaBo%805XLt=M`?zBn1JZLY?Qg# zu8Mrb?x6|wwnX~y;+?CTzxLX=J!F$5)jaS#cPQqdH-dm&!s@5+wbx{kF#)IKTK z{91c*8ovE6N8(3&ueY^Jc2lV0&mKNKEEqbAMKu+-urS2D^tl_A>|p$QJs$#euffbTG+gI~6ubNH zRGJvk;z7-{ra`PCs^8ROaQS_SRZEZW;yD=T!>Wsa>4TVUL)666S8E4W^3R0B8l%LE z2`|!7`HWE4|D3sTOwe*YD@AtbZ@vnh$>YGb;e#E|by$UW4V z6ouYv{l<1<-^S2gu&#aSHI2Ozu*T9vSmR`yxc$JVlW|Wsl=o0MxyDMFT--yTQ_&Bn z&Ae%ApQtPS&Xy8M8bNJ|*g8A0hO~s2bi&y=#T#PjSy`cO7;HiUC}9G)f23J`#4-UR zEw$EoFXxLlPfgXBe+6|VdY&TDaxezHs%aTne^|-9if%QhG(2{CM)@~-*0{6vpBFeU z9pKDHp5{zrd-`;VUx)MHnTOAA{t2?gPakytcI?);*fT*vVLk0Crr)2v|NSZl=Z8m2 z4dZeni&=AM_&xYkBICJJ0ezoxJ8j{ zaxY6s030baH_#7^FS?pAfPOHp4sgaOlaYSCu05ge;28o1BEe77N-nm^Al%P-&xAxN zX?7lsB8d|0YMWg?5~doUyZx1U3zKasKha3O{475 zdsOM$k)D@ylS3Qwfj@l1A?EHDT($E|;|zFULKV>CSUM!kztz3ZzrU=RWVQ|Yp_2PN zdk5O7b6;C)YwHj_mxX1hXj*uF*@2&%$F9ujRzB%FQB_@C{lvB>L1IeETnAStAM?}{ zbDL1?t4Td_3nEYMaaW*nr_-DW%hDfgn&aigR(f49w!M}HW_)l|x#qN|fjoM>OVNqu zk!-;c>$q?xXK+RSLz+gZtIdFa|GCs$q??=57$!83pi~a)yk(FaT0khHECkCCI>T`h zN5qP_J`RODei>2YKOj%c*G((KH6x(0N33GpZ4|)31wu7G7NO&7kr>iPiY%Oef>l0j z6(=R`^GQBE)Njm(BV0+})X&z$WspPOoqKVjF~pD5cTS039WWZSLtsA_*VLQ&NYKC9 zEN^wa(ZAHiaf~{X!6y{&eLI-1)H|&uR32TgusqrxBzmK%H?)?~2wciEPGda_RosU3 z9lxGF2vopF$?J(m{0yi=TgMhgS~0G`I1x|=UfwCJ4-u5DQ}h@-!tFmdu(CLQl(XkM zOdzO3D3;GHV7jkg)DE^X+v`++t=0-*r<|$_ps;t}K(o<~)18K39_wp&FT(h>J0nXS zr}F6!{riz)XMVGakv*vzdbCSFzms$#W4_#_B^0apz27$0d^^i)JpZWx~aZUO0F^fFva&N3Mx0)ZW=i~N2`b6$Yy%ahb<6eJlejNdwF|>{T z4GC(KB(Xbd`**R8i5T1_fO%0f{s&=IT&5fweBw z73$YVV3@58wXsgzKImL&c}3x_5Dg7+|9C|ht<1|##i?d250>X-oImGL1R9&6Apsn` z@tOJ=4?ZspRa!Wjva;MZHcm`U6}Pe3UWT{yUxcgGglo~{jjhHeb>^u8Lp^7Bzk})O zwGRRMB1951eNbw3EwiX*JkoR_4)6H6BD1-l6Y_eVRXeByF#zolG?abTwU`r7A@t!gutlf z3i?LdDMcvye~U!#XSRXsx;aqVIAG1Qvc0)vi7$_e!AKe5^sJ*8GsNXIvxOikdA1l{ zXxq={{*=qWP+Ted%ldq(mR)>WBxRIR?lBl~&c_Ml&oDqhO8vgpC0Duk&pl6*C$y(B z`dlp+FhxE(Yv4 zS)Gbm5)lpSx34&3yfPK5#Di6$Rdvq$5GzDP<>&+V?W{vyz*MVMxS{-swZYaX33zvg zj3d1~ueP7v4)jRPY>GMLhnPPJQ;^smW-4SxU!=}cTCzklzZ}uH2;g+PzNQ@5Ledq* z_KLh&?SJU&$av_W@h5xu4joquxgLA`41HZkt%f98Cev+#cQ^F<)Um6Q^~xfQl19aEEIuO6t9yb>-%i8Oui1(02GLbrHuSt*Tx; z@smBuEq$*cym|(Mb=1A3r(cL6Q|J77tYZCdyCYVg9Y2qLfL0~vSm40Co~A$fCki9^ zqQR}+H2%I8ic%Mq5hIr2LRa1^t_%r<%1lqLP%UuM=nApsH@^C5XM3lb)3iyB*4vOX zsM1sZOO^D7Q26lYl27Yoi7a*D({hrB|6OHS?Qa0eM;rn6hfF9imix_VVCVds7Gg|E z#SR2HTE?gSNN?^QrKOQi-(RZh)`rJ|UG+6E#F`5QudG!qL0{8Sh}@}vLhIo7-ysRE zto5J-P?5{Tv{rAemS6=?MBd%~y}wLYZ)19N@HB~m&Ogb|`H4*1u}cfB!x`DK$4#i?heK;T$giTDWelRZAS-j@fdxw2XTY zI|?Ps$GmPROm^YBr(E7}DM7D(8`2siF5#9;2l${^MRKF(FpVsKXgt5Xy}7xER-BRt}c3p-xn zdlkq>@iN|{CgDrK&2b@q4_gW~r?#&Fu#6)$46z?plhLWvZ2|iV<|jelh% zcHjd#O&+Yy7$&9_3W(inn(}oB6n3?L3Txuat z=S&@)GD@axQoT(H7mD($Sn-;HWW;iM)?Sh0kOb~cPH_E?I3enS*L7Pt`^8Jmy&qSW zzg2QnSM3x!x4i1Z=ZO+xJ3$am7skc7h&>In&2RH@I{+RnzQ;CCW@gsq=JL$U46Mae zDO#9E!NPICnar1(Yk_}?;@vN%K=<|WI5K21?O*335{0m^7Z8Lba)r!w^a2M;iOoL#a;LA?eZU?A>nA5@^cIucgJ%B@AXb%@R_q0lV5<>RuO#&gB9_%V_+Q1po75Ex^PXc0(JM2JmF5ov#yW?+@ljC5nVM| zhXf1}0X^Q)S~aJlLmFE3T{HIMV_n=CW;~VAy10}DDMoB-FaTq?p|S+FB?cT82qMoG z{Kw}%z2^kM_$R(elJ`Ht4gKD%%bZ2~vMlaC zJ58t!hgQ(PZX;J2JCwaSmwrT>rvuE**AtS>wt(Crm9GRIN5AH8pcK2{*m0yF5Z_yp zZOG~#`j1MUJle%(n@13WJsLUQ_c-1U@g0e+0z2dS8&2I&P%Na46%xpGHF^eS`-&)I zHMidIF|l|XYy_(5LLg9$acA*nAos1xV?+K4XZbHuNZMDC&WwgH?a^(>YvIXNNjNF7 zu^3YuXqW;;`$mjo`^_*k25ADUoWK))ch6am&#R)PGlw~^3Nwb^&98~^4x|zp=8;ap z{pU z*xz`^qup%5yo$nE^fnD0y*CO+hX*mnZyY}hAn2txvhQ9EZcw;;r*-(^9Dk#2tm~-L zd{1K7y@pe9UiWNss=HHh^mV*4F0PaqJe~GzwXwOh#(M@8FBdm^_6TQ>d3vV#=n*To zG)!wNr`Aa#-CF^y4~Z3$2M*9xxieLYXTg3+FQ!WFiq(&u1t;&moXILbALp~ud$_dE z#_8*|q8QLcYRk->B z&-z?Ng&W1g9B2UVqC0_^g)aEqNk!}1z%yvaBEe)IsKV-V3yEY57%hg&zFcv*Nu#NE z-ITh35al~}gwxP^JOW34BP4y6aE1f1N)2$Dus)DyiZ|DL>SLJl;PX?R<2bs%uS>FE zjgPD%o#NuuX@DNERw_5(sb%9lU9l;`SN{VM7F_n43>_z?yXf8ajH--F*i%jNwb66TXW*I9Shju9t%(U+Q=Z zBGjctR(_(4y5iIA@=uZA|1nSeHy;#poJ0BGPbc(_QJi3Fcguva{gGsiw*!UIeh$VT z;)NS$PoOWM=T_%)aG~;+Us*-OykyM$y;KL>@UioG#`gAf6{=>$c~+6o!~5d7#kboBEXI;w88@Z(|Vf7dnYHDarg@9?Y07^PH||MhBP1daS7zpv95vk{Uof9 zgD<@#-JGOI3Z-(a`ub2U64M_*7_%#V!!=-dQ};m0^I8svb4F8Acy4j;*|Wz9iz0@k za>vCJj${5%x#{J#VYKTEAERV`-%Ibqm{*4RpH&U!eQ~e=y&q*@_I4j>z|UY{y(3yd zHo>%JJF81=m+jQt{*JxGEpU=rOX#JJ>#N8n2e~Y`g|jM6ioUENvcVT=|7ig z{w`yeA4jCrkV(VL_C2AJ`cOsHV16zXn9MBJ-j4~00e-RitmtB)mn<=rTf&V^S95lJKc}G;9X9G`>??JTMvI)E zZHmPE6!+~rt&S`pDGKZN+C+LThj~;>D8IS=8gr-h-xa1eLlz|MtTvH>{AXcVU&Lby z7->?-n_U~P*9%@xn^e&S!{L%u;BXfT?j;U36r?roQwMG-f&>{}ZUO4L*FG-2dCX#H z@VbH3tFF~OTS)9d1mAB&lVJS$4`@~H<{>_eREG!_R}{D_U#PJ!(mMNg@g9XdEdfxb zR*U7f1h!X?K0nWa*KUU@p4*=Fhp-uKSqrz;k2)9R#IvQYuG^bYEF0Sgt9-yZfCk#z zH`5oR&Ws*2gW4xyG9r&r>#O znRL@gUS7hxeLVOEwW^BE7QIl03<_Q=vF$VN(4Iq-PuC1$=wQ@RISny$wUQ2R% zYAq@|k4csam$T^u&+@0f;VNM`IcJ!x7xljzgP@)PAQc-|S=t&s#ScBQVubPC7Mj=# zTw#6Iq?)?kG#hU@pZuJjsrKvWe1l;3G87(-gsG4~h-h?~3RAu`5@t8U;PRS)Pm5z_ zhR5#TDf$rNHO6iNo!u?5O*HDIF*X>9W(EiuWhx0DU=7S}b74i;Qj5u{7O!PYsRv>V zunUN>g7)o@g>e8lKrH`10iFPVDX8rrQ(~Y5^CEyPEKK|Lid8Y(7V{Dx6Cnu1`h~yJ z(EsOaG(`U|ApX z|G~8V!{!(Tu+}c9^y-sR+N-(o!`Lw)a#%a&Kd)E+^cTPIUs$U(Nle3*ChWg00!H{j zcm;HKoNZMI-^STLr{WjeZ!qPwuFA+2GmT2KH5t9E=JG= zE5#rQ@lVfC-_+K=aa858l|olL7kAv+0a=`}^;!&Dj+oI-gh1?t9I>=S(`W8XV>xWl z{>5@S?qZBDP@0c6g2f~xuu(Nd(^3WnWqp3F*m(GWCm?5ysfbYFi_1$mPe^)-Dk!Lf zV76$Y7@DmyS=2Kwg_Yqj+--hFzn}b9I2yN9PU0CJu8Mij#CQG!fm{centq_upwnQt zI3iFFIhxa3Qd8(cH~5l`&!SCWG4R3JrzR$Eet;=1!uH1^Abo_+gqYALMJQ+g8_3i-XDujlOBe}WxwrGCfEj2#2DK*#GD33p#BXeSs zFJ$!kf%pO31bN~v0M~+x@A=YBRwta6{HcL~$F1dwBSb61?zJgc)43cM^fUYJ_ZV~p zj5MQmj@4LlPE5$+S-y-If7&eafYDya{~+cJ1{7A@P&vF}7z?4oL&aOV_wPrm_;#9s z@GYmAvGQbyZAtW|Ax0-5{3+~MQm!VCR_nqJggxlQF#-f=YZxO!OVIYA8CqBXi+Dfx zikQbtOHUJs4@d|^Jr!g<^B`RGWbuDh}P*{1(ZgJ}1 zJ9`E)(ROo;0eFL}tHJG#&-i#EAS$+q>?ka*5T*Fw9x*O8Rp??G=*f|I0rcZop1#9$ zFxmxcv@$>*L8XR`_knly%hYL|0GA@@ElwN6|M{c;ed`}=v0s4w>%acL3E>^v5H;0z zv4GiC--X8&6|n*RgRb1R#Zp*IJi&iZtfWIJ;ejScVj$!o5AsA*Sh*aUVJkv&@f67SsdWt_c9*f9z~tv|lN{84bZWx+Oz`BJjNVMFx;b6AWLKBRoG zS~J|)qT&eC!zoH9mc1ca!5WX6)5CgLh>xD(jFGTr8VEHk&Doy0i zK>i*=j01dfH_MPbpf`L7Q3_NMKK@da$Z2dL`XDg$COPdV4!i|9DqtCsvyN>T7-L8- zMiSg_bE%v>NGBu6^ni(j8F1j86AU;Zm_Arzz#5nJv2DWk*f@YJis=T*9^{NgX``_j z&IDjZR>2g~1LUh?w@d~hl4u2CFna=mc?=Se)=Gi!yu(3PV5G)iQhof55O&3Q0MvWa zHZ(^MARRDA41A3t#y3*8DzO|;1gL4$G~vQQ7g%AyY+;A5PlFA5X5|#XgP0||#sTW+ zvHJ6*EXX5-#kjUfC}9tw4-Vl_-J|labhx+2m{RZnXi;WVeHuICuogfyln}Gnf2im` zuvbhD1_l!<@3F0|0t*3qz8PYyJTNtDVkUe|2ECbx$Gr8CJ=jn19T~L)vm`WU4j0$i z+O!1I_++vY`m{b?eEFa&)M7^4F)q}_oyCA~aSXk1Lj#1>if!pKU-;ko5s)7_;m03OfKZVesU^35gZi*{g{zm|e?017~<1 zFzt8H1<(*8U11EN)m)ezH-`^m`(VmkgEyyRG`iMR|Sc z?bqLj3jT;MZO&U0n)#yJmO0;U12Xe`&~7BcLDaF2mN^T&TIRCVQqz#zb7qTe(OZIw zdJ`H5T^_XwyqW5RwhTivb>v5}>V*O&j?_#u?i?_Y7x90kPFWYhU|*RiAMF`$*9v;a z1&TXotgUJue=&nQYen#Fq$`9)+7bkJ7;hgFqY>7>PLnfHN@qK;=m}jWF4*WnvFI|O zL|Z-ArLpsC4vv&t*9fjq*XkZe6 zGgQRa$vIQlDDj;`e( zTsX>Qr>K1~KN3n8F)m!J=5bgFr4jsiWzcE4$!@WV`W(+wLu13V{C3pnX|b)ZzF#JJ z*sIc2a)x_$MJT~VDVv)3l%pG^l2l$K&xl*->bP1@HUjT(HJV{dcG^x}UVCeKu_i~i zQt8a`aN}Zw@zd@g`_cKbrrpkl!oc*qX=Rhy=`8fSv>HRB^i!3*RNQ5knMPKfNfCa7Sp zFqXVl6o3t$H@yV z&|_d8OSH$TKsO_QaDJrD;x^A6da9PKi7Dd;Vx9v5ufk2r?IWC~ryi)Oh0p05xJWeH zens(;pi7h+%Te&nn#b-8MY)NKX^sm%pI#iE039pfRb%G;Z-yjR2Y48tH46B8x6HkR zKe?W2;U0C*ro!i(@_rE{` zf`BOKoVhPsY~gL#;$DX5n03aO{c{)){RLo(qw}Z?s9Isss|jv-f`U@*gOqj{3CZaC zr_laY!$CnoDNCK5or1glmc!+Z&v)~?YQz@bgo=#yOI!E(6qIqRf4oF^jJ_SDx-5XX zU3D}dIsNurg_YfVPR5VThdaF`lQe>+b4ntYo3EB^*O6?5f;Ku8ueXt`!; zDKj|EqkCo#6%6Wy)9^batk=F`m|KzDhAJF3W7nbbhPANE=y6aK5ot4cwXb}R+jn=) z%)F=FQ+vEIEbD8{m1Yr*M^D;2I`ZgzsuL4wkS+8)E`wXfJ?#c<+5=?iUGP#9rmGVa zyX$wH9&I0cQr0L>ezBL-%5H&+vGu(nhw?{8O^3xQ8o^|)9rR=zRE#0yEpA``DNjk` z6q)$SCXIps>ze2zC*!cPIw))n`I=6j47HoCV;RX; zGi!b&wl=7bgc8)`M^qJ%tfaMtT&lUOYJ-ZPvgsp-<+&7>y%gp^V?C{=rY7_5vxlo1 zl{DXsN*vy#`?<0H?Y)+PaD+2*C6;6)1X(DGNwQml98}*;oxp>dJgqqZXJ8a_n0W&Q zx!p`t!LZStGgLW4Q9*PKps*N>pL3Q-l*6c!tB( z(K{T3WN_3JPTje!7i1!gIqNQ(YI*A``ZgYB(LW=>GuqQ`)L-b3TlO}H4UoT2$Ip)^ zSF^A+#y#Rsg6z^za6f2U$6Hd1xUq~t2Mjh5N= z>d0_I##6Jd{I^>UPBmT0JaNLD^T^F+;gQ(omZq&EJJaT4d0n>Y^i7t~446t2r0CZiMLpmkDyyzXKC<9tYBYFC$j zRPo0KVHu65!k~7dB22!VHr!Y!C}!HaoTwE=U&E#!aa_$L2wr@x=Fu%BkfSjE zCD5|P*VlP#BxRBLECMOI*0l}>8&S%LZ(A|T2#^!qJ>GLxHXndN*Ky|PK{N_hi$L)b zkaAnH;1ct?0BPAJY=ShI_?n(7a$B2x}$AZm!}_!nK*)9*6=;BFbI%n@ z&fAJ@q?n9UG7Pec`4Nkjy3C<$9b&K5psPrU)NRH(vetTMtVDFx9qQZ`8~V&-f}E$= z-K%g$$fSa-kH%S1lGo}>Tdm^1ZkON_ezT0EcM+lA8o)DO(6CMTOefiy2L^TJ82 z(?&*d&Rk^lTZrg(L~f6Ktn`(NG%^t0-RYt*pMFUJl^IH=#e%t=Cm`$jN4WOW19Ohi zKRJhy&ZWayMWzspjjpxjS^woi7$ze(R-Mh8M|0$K|EiJzI3{y>rje8lCjM1FCs^R3 zaT)Oz7>1Id^SU$yxJrgo6}GFZtFksHY&?R;gB3Q8i5EdNpm3&RCl;HQt zZa&LQp>p`{=1{dtQe-gaMI9L9)U%+hwCW`BGHoZ`<#u<)ho|}$b0hNu936k4n&%WU zfKT-e3h!+@>byKKfR?cUn%rP}J9J7Cq$HLMiIE4eL`D_AhJ2AktpHLyk=4CAxo2FkO`0N>q#?v_iku5J?!iik z)jCj0xKJ+4CAd(Ml5N>s!g!_MZbYGHu3+#)8&~){PIjmm;>{~k+S4;mkIK5AReC>h zmwNiBeUgWctj1{9nV(ebnNw;bDGu%!@VjN{QFW{bc7&nwEKqpJJL15^_z{@rU*2j- zieCfuPDP7ui*0@(_*vFmG8QU`vg7IEGkP+NntBDUwOMY+a^;Ga!l>9@@&}< z&VvVw&2n4yjhphj@N;m~_ZK}vAsY79>1As|bE^T~qe@!~&09ydkvofa>BvDsz;n)A zhDM;O)IV~Jn8?YZWNtW~m_pup(0YQ-d~stUFT@$mCtOt^vn~xP6Tbreuapz-3`7u} zZSPf(s7@@=v8FU^zVgHU)`>@VHEGSVB_g&5Y-@TRF2+;%de+c8UoKI5?OG8Uq~y_5 zZSu9#d2Jh+xg)T%mE_*r(5bBL9SWZ#>qP~4zq)lSED7dx;s1f9@SE16{99{H10e*w zR!Ry`8{K9{d;0Wn3QN>$mz|l#!kuE|1L z=y-x$9N|0r9F;H~VX^dPaWZ-*kaP2kUU*el0J4vs@vh>mp1wUU?t+&7T%i-1KZWly zm}jrXE5l{CHnsbuc*cy}aUn-5DTx-yS!Jr6d0brU7lbvwrf36T@Fi5|KN@_#J^%_b z^Y9LTp;9xBw3j)2VbE!0RdBKbFE*j*d|w7R4x;$li{To9fzx<1g!#S+d3pSaG9?`J zJ0lFS@3YR@^jV{5cHLg|`LfV9pqbw&XhXF)sUTF4xg>n`pi%2UFl7xYZJICNMbJkI zL8?o00tj!|(oNTep=a8q%Z|H|?%UW}{IzE8g|4H?ZzQ>*>5V?D?le<|$ob=6kQQDY z1vR)PnOS>YP)|8>v^tu8M>~I~kTYM34p<5j|4T3}^}M-g)_2*C2@t1XqCD z(z=PNAo|N>|Ce84Rv<3Jm&?hH03`qwWMV6=G%nw-r5HW!n*#MO^$+1go5Q($EE6YB z0E-~%bpX;*9SD-{PL0jYPwr<3pu48|?l7za`3=T%S7p^il0z+$KoYz*paTgo zO0egGbi^f|)U>pK0qM-NM46eB>XSgJ-ZJ6-VNG-1ar;P>^T(j0+d zJdu=<;lB9pPL6XBUcAvv-EObTrj-fkM{0V-3;QX*) z|3D%#D~w_x-RtICV|4hB?vg=oQ38d!Kr`%(qf>i9q8F4c#{RGj|W-hZ-1d{eyg(D#aH8YuI^t4Xvm5WfL zi9V+#`4piXy(SOPn}NaGlU8ob2I5Ob7Z8@%n#*NAfc*&FOCZWIq0m-aeOpAPaX*z> z^_0G}=C~%e;6i^PYF;>`C=zp}_0bBfo6skC9fOU3kpR$lwv{la*=^p@EnV`c_W+~P zxogTdeSHA|nW_nZ`dNM@jpLAcRA8-$*@-S_o3DI@8(ULx0IrL1!Q6SQ_=ag#q^TQy zK-DPu3JF0)%}`~pLd*U8_ZPoO@&OldheBX?^p%}KwPeZ&21+rP0R6d{x04)Ha<71U zEdYRW{y4{V!-q6tA`expjgK;vUoTx+l3c83&%9|VZ%O9+c?v+L6&e!I3y9ia7K_ zH)02%NLQE^XrTb^&C)FUtf3187z1!`CMyNH5)OQwFo=Poy$t;^EDX#bJOr06A9xFF zm_&`hrLD`@qWjhaV046VfRN?E4iOWLSzu+^*R=u4FhE#<8(G$x61~QQlC!KahFPAp z@N7f%Lx&L0!HOp%6xerkR3Dvf*+EzE^Tc41YxyQ9@&zl% z$^o#Rw-!Enu%X_7VD8<-aMaDj*vD9o>Ic+hQ6TqQk(l%SnC#ed;I1={cR4ARHz#sK zOOJ1pK1_RiN0H-sC!Cwa6^6pCLT_2SjL#c^EZikzaByvT!4;N1&ab__{`M%G1$tR5 z)BjFkV}SC2d$T{y`JWTWRu~Y>M6!yClpP(4VXM0drRe;d^AcIF(;2wl(i+p8=afxv z(IQi~GP(e3ZSOt<0*F1|VPp~C*naWLeqgftV*vIxG1wGKcZ&ez9{Oqe81U`wE$}() z1b%W#h7Y&~lB1Ef_kOQT5(uVJ7}3+1ED)WXS?(fHYHRO437QFgou0xii&^+n5HeT> zg6yLWJ-<%O4q~Xms~m6!*!EK>7zbL{hD&&qhCC?9`Du^|Sz&_o0}de^#K{~wT#X~p zyT@^TH-gds8~seR#wAC&_~WfU_4u$AK{#vpMSG5_VzWzm{t290#+~?tO)%gVo8c6 zI$5AHo?A?N?H3(o7i1s2-9RQEZog@*sF>;fz9q5{14VSdg88*u++L<yH2KJtS zQ0F;LN0_Ut(s6u`JeUeBhDbm%#92B z47jZPZcTDfkS0@~V8u=6+E1~2JTi*C<{E1J>VZM~N-RJM_pmUg!tR#{ULprM{9Xv_ zuxGAHiv(C;t)rSx)oVe(;(aR-#oYSso7{yseyRQZxA(ZS5|pYqJ<-%GGM{_?6(H1s zp1FF6pkrE&fW&=|#$kV`bYPah_|pEzS11v)0eI7dYe5Zc+cT`4xVq2{7V38QCUmsb zouDz1=V&)i-ren{p-UEo@_%rBV8=0eqgn84m#&*1hvtEgxUz`L0KPJ^^s*GQGaaK<@gPAqvqoWNssgPo;GN-#!jnHdKZ zrxhDiV-p1TvuJDAzJyhF#?~&qT#!!!bPN2fADB~xt=-rjcF_2(?z3Joh6|+BGc$kh zc!66rOhrEVDST2vmmOm1Fa+}t*HMW-6Xc2y40()*x!?O337^XrLtq)-YD5qQpQGHe z^1_!44G)hEA%cH9rK}YK2aoWkwYB2cmJxhOqLW65Y}bkttv19~7#TvHba6E{F>xHo ztHO471E=2}#!?SD9)=_(Vz#yV(XZmXR9(!9L0@YK0pT&)uOZwmdHdNjW|kn8_mgX{ z6s#hRdXM9%O%vsVBVk!$F1m*on_X#naS-EDvK82ZyO7NyvCGvK-1_Z zB6BdygJOX}dkdIG;)mVdchoVr_wREOP?v{CavE(np1y?#7rrJcYRI)QcC53}dsii)SKCX?i7G97tGn2Yc7^m)V+PTBnOf)LZ> zw%{Pl`Q7~JjpfIYC7hbMf*MbK_sihD6Cq;3)Ps{jN)!7}_)8>_Pm1G$yH=iOk4$!p zzRQ(<123Q=XRRtRkxIA#(NBuT1h0=i5IDKH>yI;Zb>#n=xcRrK2!pIS`!<995_z9U zqa&D}He|9t9iha11Vb$_?m>klE?UGB=bd`Om>I+cnYj$D?$*_734hw+Nyx+e9xwDq zUk|oR@pHxXM9~D0_#BL~=LEVh-BX36i+}lKKj8!$Zqd~gZ29GWHiN~GgB`ocwjbWN z&A;D`E~=`B~xL?NpVH105Z`VXi8_;=QP1iOD}+KS+MC4^Sq1?Zvc3TJppHlzuA`f>u1okzDEh2m|`)1z`v09i#gsT(THY5+D_YW`T+T zYLF)tAZfFkvgpiy-MNR51mM$>fB4!h8@(~ob?=^$;c09F{v-!hD+IW)>=+s8(_uZ( zJwY&OkEjQ_k5Dg)@w?)6@De3G9K?y@x>s`9&>Mqh2_^(S-dgpHO{f}DSZZs-8V}J`Q%9xt$H!iCJ3`FHrbCocn33}1 zie#cx6Wi#!r4Up2Wxw|GZlCA;)lbVNwZ_ON2}M5MMGob)^y+6?uJ!1X8MS1texK!s zBZpSE;HX8}A(Sc+qw67D@B`*gq9AMLBq^B|IC_M~X7dMn#AJM_TKP^}MCeJPE)@3# zvn%Vj$LPi14~}b)JK?Cm!94aKKg0<9g&6%p9NX8kJ30=dNS_5Ay{aeE-{w{QQb?^6VFywyUeWUl~2;b#bDn z9*|**;~>vi&Vdq!ZTs@{aaXEOH$uo$7LHr~+ zz~Elvk(V=@)HwoY)GL=d`tYQa3y41c>Gc4fcKH5R82xNH?ubS*E2Ty#+_{*T=yoSW z?l@)-unHT5)9TOylRI2VCRr+=-K#!7LCnQL?9U}3;qO1}=at&Qq{DCLYvd=2jO2(8G|tK{plJ`Wun8}?dbsI4_337XJ@eF(0%;w zTk*B+Czn}rRGYdDs5tlN!uJ;x{FPi?51EnQ9sJr7$poG5%LiBZ3s+4dqAw=Y-=6J% z<}Nv+vC#{^C;-3ATb6~Lg8XhP;**Knea7|$_3qPDjsy%%SE(GmV{iQfOW2RhuYv1@ zi%ZNKSab|S>N+PF8U3Wnn##`Y11gMzgq-~K*dUvs+DD3D;=^CAO?>+jNc zURMz?q!EuT-diJZb5^S&Pw@vd!Ip^0$-#D=;-Z9aV|c_7oW*>|t^YUHg3gE#oWASA z!bL&)I!-zvg@@()0*Yh&H2ntH`s>oG{QD34>se-C(Shaa_udXPm^N(L^sV$S##osu~bG^Wz|1&TE>I z?$I4~VeHEo>%rngL^th;CO!RWRrehyA|33ISAQKQf?OOj%gI%774Q&5HiQDb{%m_Pigq-~DXX%OH z<3K%w1MBt$3SNiB;1h-aan){C7z{Yk-j#1+vDDIh6 zE-qZ&{M;Yc!~qBbYyOP+fxEXRCs?yr6t?{vtXw5sT@NuqvhXMP`gg<+M^JZX#^Cek z!vjqZPV?T2A>$T?tQapshyN^{@Y|X&P~wD}aJL(A2)B*{0_Y&ie*yYmfc}$A|4X6& zW%>Vq%1{Ii8IjaGUd7&gBZhkno6d6+w4DuwJaJoM(G*xi<~2w(Ks>FJ=l+dp9sz6T z(dr`-;2@|2#WsWo{ZNQ_{hOB9)2g7e4Y1cm7(WhI^5fVVvQn>1cAgJxD5Aoscf@O; za$Xbh1^umqq2I=Uf@KYPO#v+C9(*F=^^OssW}XZ)V>QTcx*iArIaX=&KASyC6rYsT z(EWzYlc{Po>Bom%v{GC~<`onFUDF*^O~idq!2=2?>3l*OIa z{X}@}<%*7-<}-b+kRq4YzS<(T9X~selhi+R71BvW4?!^cqlLQrZzt>qwoQem%)J|j z5ctO#nPpAyfKe5gUGKAXepxX@s$dB(Xaq&rMU%cfvf>wbML(C1&FJ=rK0v4sFZWAp z2sKP*QItgmSPI@jug-B2Y!GPr=J4_2-Vf&w2(z4U{4g8!*tQ;}R^T9-XdAVWBwokY zrf)AQwvw-=Q{ywI>6=A?Q-a^C^$ekIV{ayDt_24Bl;%xZH;7$1ArIdEWR2a{ZT|@t zS%50uL3>d#xxzr6B=P!7U~vSvzxYjy{(9ggGx%~f9`4yy(?IS{nUIC~@P{@A965bIhA5?(lM%C;KU zkv5veMy9rw^)?jH$B7)RBKG~reGP7Aa2LDub7^q!&w&?Luw2H$i559?^AC`PF@o4N zSmgR?n65@dR1}xzpyovb0|VX2a}1@(>xrUkPs3`ilEZPda6r8lX>G+$*Xx{CmDIC7 zM@a2gy{qKn^t|P2R!DJiHC4I|a)42E5x zeIqBAOCu_;e#cg~)-ZDn#lK4%}B}Mfr zXIo~ECC&BeZZ^;P=NT1r)vZUly>ckiS8*5s`6dhu8x_t=t0Cblsk#OOiQZDqvl0zr zEyn=BPV*bpr+Cw*xyS_EK1M6Cc3k(PrTbQ{w)^a0S>KFZDx#viic9d&+BR2T{x+kQN&nNULw&a|nJjX!RJ}c?zq`S0VHkJY|6TA| z@!eAS^38GDtMIMDczvDPF#YYiWvi>^!!M0D#*x9!QM8}DxJ9E@ob9-fv*@~Y%}K_Z zQ=H9#$o#7^Zr0y)H+@X9=Z6?12j8fprh3=5Na^D1rtVj%_;K%UwCME|kExB&_p=0L zJ+XDn)6W^_jBm1^kO-<*)J;NbI&E}R%MC5+>0b`HsF+&kMs4HYkXiceTXBDeG;GaK4yx5j4wXq2YGTKkS~Ah%fG zqn?SP_be)8bXTqyYdXD&f0#aLUt3mg)YZZZpMBc1z08FYYoQbdG?AOKHMc-^*ORYh zg`>9&&Md4p-W18Skf}UAI8h|`{s}?RkHqkVT~`DMGi;mTk?>nyqx}OdOl%2d%2N!jviv#}Qa4gV``!zgYs`ic7rZy!k-1>+G5NFk1!{&nHLw{Sy5_Z&pvaE0QDHA` z1nUJ^hi;p50X#Je`;B9w6u>XP~R@hGvZ325Kn+cW_sgF@nF^sRyXHa?huXziCLU zM+G~Baef}1D!0MMU!ka@E-Oo4>FJu;qs*7&XV%m{k~1fJC}85V8T8_ zK{%yYMAW%B!r~rN%YbH=uMR^n@kmW!G^<&Z&Ye>e1!kFpuP%ME5ZBv?ik8k>Yz**i zs2}U}tB~L~toObv{Rj%gCme&d7^IkmRV>CbNkEyfxQYFH=|!b08`iM zTwIi3^hCK(o?I%2gHejk!)B`m_98i6#+c}JG4myb6vYyoI(bQxiShCJ0AKNQ44Eo3 zVhFz(&vLw}=*$-fXDM!$c2OzE zC#hcO8hq`(tsk6>! zUwF1LmK4qDUio#<-cny8Nt!xEfGa{brJ=ud=)>_F?lfk{zHWk+5xjNV5}?cNW^~D& zeWDl94dNN(!p_$u0hUPd>(Q07f=`PF?lUt!DqtPk@5cYd#j?OTgt#&wQ7R~Zu9q66 zOw%Pc^ii|g`xK?cvB+YphZNH+s`X*~BP#a#btl5a^fNA-4Ssf(5>F}B8XA=I)A~NB zpCJ`0a;w+6u%e#>#m6nKMYvLS&*zNTte8MMuVKdr&gF5=z`uZ%EzXs zqotGN6GeAI)8#%LwmfxZ*v#TqwAgs!Vpxdnb({JAv&W_dI27}_Y%B7V8s3ZVTxveH z>L6Kl{z^Rw(PSITeH!*?_*T|tJt>`VeIaqcK;PiQdxRj-+5Tp;S=Xn&6iw82v8`|a zPfpi%+Ah^SDdj_q*SqfRnHBr~8rj>6>;R6y(gdC;L-8OIn&(esOy5~s+I$Dhu8RvXs|z+@zi0| z9$1~kpMPd3%Q?IlX^bj&WU#x-HTUD)mdU)+dgHA}99+d#k^l$&w%(2FiT~<8O1-Mg#q#I?K@*&OB zZ_pH+6Wm&BQ6j=~#M)X_?H<|dS_=}Y4(~Q2_H1tL6WK+U(-bliGnOs<0^ThlnxWig zrDzXbtpZ7|w?gz3pMB|sxg>|+4T3D~ys8oQi6X+5J_%xF?^#+Mx$>h0qM~SI6jIOYu}eK*gefHc}=W+N0M%pq;qEd&>`*}iJR9HZ1A;ka8PyU zAAajlqrRy0fkTlut$qO2&#oVB=`-d9G-X|%S#i{s)8z#E}WUS-k`KVm7$6XRz2XJl^^@eEEn2-yb&05=qoeHSSdU8(hkn zqbH*OkWFZ7d3q*eAtv^I{Jha1rbYWc`0LJd z5}mDhw(?ZghD$z|t<4esrJbcQ!|QA2D7N>S3tY7g z_W%Yd*#`q|d4?1ZMSV0FxqWK6b$jV&drkcPKA<6dfbF)^wf0ss1hvM_7&GMm>_Nf2 z#cfZjZ?RP>a%nau+?*E&6*Xb7t|3$^y9c+dQHYj(!cpX=W`md+4nnq<*X2jUw~s$k zf`t;rM6PwhbE~r#B7!-`7L%g#W|x5k=Z7RXq_|eXDH;=&Z)xbXi(d#0ubxl}zfzZc z*z*RSQ0el#hhnhh%Bxf4MEZ{UEumbJAsqSb+ttG^K@NC$I5;E^zL^2T7Jc^6el1P( z1-f6NnId`z!skTY=gHs40MEEY$jjm%;TP;jR^SGKD3Gqg%M;{xWn@BbnQ;f@<_;I& zg}TkKjE74a8lJc8*xo=m2yI_p4Ro-y-&nmRrz9FSXnBfn`dZHlnDAHPl;N)WN}OW3 z!LXu}Q*G3YY2JdNJW}YjGQ&`N68Xt=xJf;D}ixW*hi&ZpX z-+#V0E?S!&3^wAHf9!S~wKI^N35rYG^Glbi!{z!$K2R2C6KmJhzLM!unHF762k{m@ zJ(V?kU>cp)dV7TEW_H=>xz*i*n}+S_j~AI3AN{zCJ_gFH#PJX9j|d=WAd8fV?iwEi zsuF_FXHJ6fnXUVSKVO$uVJZBQLA`=OUxu@}ubcVYUYzJ!S8JA}{wY42C$e1=XPV!_ zogF2w!4c-$D?OG88>cuqbVWty%vFkv!*ruFy=5DoTJCHt{bceDN*xYz;|}gsDzZ?l zt7D65-Q8S3LS94um8W(d>Q0O2zZDq?7_`PbPT>`?oivJuFPXP!oS0q>{_JtZ2}~`` zH|6vd-N@a{PEY6Pm?xZ{JG=|`HQs4)sXs=PYua`@QEV-KQ^-`PJ7ba-4|x;V`q>@4c2aRJpo;o$kwz5*k7Jiu%u z|G5rLeEh}-mHH|G5cU3##rK(xM2zGrAgc0qHSr20En;yW9|d=%ub;}uo%-!td+wJ% z^q-(jl8AQ=&&Y+lHO(5&O_%meMVc;|h}a8{3v#4C!!5tgEPXC53SK&VjGn`Krak23 zw(Mr$$vQE+yHU|I4u+1&x|hX1ylK>UbPUf4X`R;3H!Cek`@APv^+W1qd7Rh5oN5xb zl&4uYZlbkN^KZimNm+9yWitgx)+ovEn#b3snQ;Wa%QJkJR3g556Lk$QgHr!}PQPo# zYvcfXh=zH>rfS(zyo1`8i>sYPmZyY_U#i=$@&iZUl#i<`oyk{i)7E1zI8CoN z=x+3zIk%d9wbL6nHUL4O278S5R*DB;G0wbAa)t5do|)+>O#249zU0{qD%qdbfmo*i z^yuPz+Y`uPge$>kazKyd&$yrA`~ilCaN!sq_B-m)qV*F8hhh!~$CSx8U(bi^ZZB;5 zmyCLyFgx7J;uLeiOGcieX7$^|yK;*OjY@Cp<(jOxn$gbi!*vMfO>d3+;Q}FHmQey^ zw9ySij!IF^^{csP*@jk%Q7!buj9ez%*_Li&W5c55=lkqAcZUAW)JTQ<8B?~A^(=)u zFZM;5b74b6ZJtM8mE_5gRhqv zuO9(!(gKZ;dIrcHYY*}qa%!XdQW)E!h%vG(Uk%!L&UR-FbPMbW+4&LayepH%<=ML^ z=j!tIdj`Cl8xx!plXyRfh`PT9uTiTrj7C!u-dr;=JesLs_Ng`?V}R=|UyD$~ z^2e4=)bi0|6#=Yie)kQu8_W$E#4pbv@(zz5S8Vza&dNgvAjsL`^>NUZ2fe!^|Bu zAD8mSWnQ#=7n8GvY^FH0tEF?*9cR0Frurr<_#YQnWNVpO&G#za_CBTG6OD~Bn?z`( zNt@Vj*gvsQe>VhqIc+h8i)_e5*--fYeA~*8m_2Wx? zg(IcIgdG!&*R3K)$H(rOty*p4yfC$3=wcraKXScnP%b&ddkGh}NiBk{O}~lFdhDaH zd*O`}V+8nEbJQv~aB)sxsJ4ErA^wTm$)emY%5TGse4I6_w=q&C;d<4PrEUtDhUk{7 zNebZ&eLqf-w@$ngDz`d?mDa^vF1WaKT&1$r_nnlZO;s!`Eyp&2rU^F_XlUS89m0Kb z^{say6@Y8kz@3rbtQ63Mn}}If-+~<&AuxN~E3d%kK=&r|KceP2H5N6L3>n1bwl4~^ z?-X!dQ$NqE*N;Ed-QzF^MSq~kNnWWTi(&|{9txw2L3Bqty{iw;tW?6Za7u4kwkTRf zMTK{CoR$OeQnumlhro+1P4C$6zl+c`-5w_vdddT0f96!v`eUA6>wRSwVMlQAv!%iW zo9*xrbX}XN1*NX85H`7^@qkAt|IrxXszxz!A1H`O5!pNvF`Eea)b7{eVj@{eF7>EnvESUbd5=7Hw_5C;cfzM_V+mI}{mhZtzs2Dr<= zSojopa}L4TDXM+m&faiQChdE0dpkfTcrhSpo$|!`d><#T!|1lf?BoMm;Z%hW7j1_& zZKv8d&Y{Y)AFilTCyFlzrfaSuHUnidZK+3ftD;>iz>rj3Ac6;!kXzqKmU_jtY|KKa z0WhwGUfwvqA({4Y-bh3VzGIMNyltAM{w>aZV*X?4wF;m7P;X-=Rf?j8_irt#Pj&Ka zfe1=ngi70aqb}1h(OrUNtC1WX;LablcDlvONS?Ab?XX2mG`VbAJVtfu($Cvvs)lDl zrUmnR8(^O$&yVWuH@z5rAj8>w;;R*;3YBqauLFJgylO(|k0e>YN0Ps!#exKFbE`}_ zgMgkw#d+)5Zz|PZk;>D>YG(AzB`$-ChR7oAz358Q{Sm&2XFe-4eSJ$*u3Q==5({EV z4J!K4CiZfLZBu~*B`$C8N4uO|j*e!sXIbLVwKsjK`ifLsy>C~jC|;i%in{85tuBT; zeoEs;vZjfvkHIZrbpgdz3tZc1GQZp2rzL=O*Z|tjWb4kL)O6O4@@F}rOdEJCnc8QX zEJVb&iHRaC3~#9X9A=+yFa?uVdvb&u$~1u893864c7Oh~c|op8pR{2|hOWArtTHPD z=pj|QGQ4atrr33NcP7I&Bt_}-A|Z~3X|l;zT|2HM0VBf|gDQ^{|De1(@U0(?+8kF* z2G#YN?FW|?tVJYEi#|C-qhHEaE5+mCzI~dRQ90xa^I*EQt#Hu*T+Eo% z)i(O|_p7U{e%j>So-!yF48{kV)Xz1to^yYk5vG0w2vMT4fedQ%SDK{fG4AY5X~r*p zKnc`ZQ}XZs@-GvdIU4KUG7tH2Z2B0rXRxi#@cX^vH>!Pq!@d3HEW>D_!!VptGFf-B zuJ%|5{w|2U+@oC8*-966)Inuv;N;y1c>t6ue@bcADD`NAk4fK{?~B7*<-qwwmBe0( zR8G>=kWfN+iq><9bBjymtt%N{GD%TGMzv>Xbjf|nM9#n6MlR&cF0biqatoLSekB_) zyV_z|>9aVdqFLCbomW<@(R^Kx>Sf7poQ4>(kt-p1;nx&#(7W0K^L^yxvBy~Qs zlV88<3L-NFMyzyyiJrfoU@QWR1sHDL?2xT5j2xG5qA4WtemH^EScZmpL+e>kDRt8n z)@9C%OJoPQ>id9O*>657ES|vl7*VJ<3+tnMKcURrFXb>l(3clCYbY<5{7)~0V_x`r z=&NMI@z?&aHod0Nowsob5&>=7hM$@vg>_bLpc;S`wJj7KKn{y>0&9)YniKwJu8|WX zKH}qBRT2~5jNMGe1Fs>{0OrKxtH3`y(oGnEcZtM|FMu1xkwPIsnp zle$-0j2tFAbCT|;GOA8hWoNJigt;GGZ3ZuWc>$Oum&G$Mxru*48Z^ZQkx2nRKUa-` zn^z$%X-Dv!i1>fCcHQw*|Nq`OcEYh5h?6AAER@-imA&_B7}=}HJ}Qx2RtN{lJjdQM zGbCAu$jHcyhEe8yAF40k>v!+{YUFg9`T-4}gzI`bZ3pVt8jjP~YdZ zd%*#4^j;^fAiuvb|0^C`3J44iv>C4%?oG}SlK>%7BQNL=yez~XN(ItIASvnn2@7U$ zeHhqwB)FB%bBFW*G=6tO-MfW+__7HUZ`VP_Re-uSS59*6H>7VPZGbKU@q>!``df)c zqtoET6Hv9Ouf#cXIxfbG9Ha#Q_A_|%u4)7FPs=&){fXTKy!0=b7r4>EKVB|%4g8fg zG7|^R02&~oW49VV&0nead0^L`2QKry+uBt-D+*UHFKF74?tk>SI{X#{GQtFlnRqAz zj$d)@-t_{CX_tdq+Ozg8EhI3OukNY%BEVY#x9NKkTqIJiVgD=c_LM-UFp7XXNxMBI ztOz^_HCuL=-{L_;cJDLKSyb)Vo}gfd0}i7y=QyaRHaZdy1kwRf?o~&M^NhDR(n~A` zb$Xw2{;H{Ucanl|^1(0j*uBp(TzeKXER(ulEI5R)o(cBe{1E}Q!=!@(pkjst+fx@9 zl%L;|_qT2Kl)BsU0bFm(aP3+9x;s$+A%lv&`wU*@@4z|sCXR|pOr8Gs-uB-wAXMN$ zT7R`I<2Qvp9%y6WsJ!F;MM^nez?{GQd zJ5_)y#J}ORnEP_LbElZjaNxF6d5x#6Q|O!8=uHK1l6P{c^!mobp9yjZSqy1NKV!z=5=*cg)@PGpa*GPBM^F{T#15D{Ovw+=Ndpwjr&>jU=r?V*m~dN@^+>%{Gmeg7fk z;*hY1rT}t?0X}qFd604i`w)FDfHW_eUjQtKywixt>bz3ur-@eAqBzwSjW#HK1K#e% zOfich%?2Y4SBLhgWN|k8jyc#BT#a@Dh~lpT3Grx=kg8U z0i$6AAXO9Wrs@MA#@z)yy4Aj|vW#e)5{#1f+A|0RxbA#@hs|zkznnqJypSU}T&OJ((e{wUW1G(ZV5?eaasSrVQM6wkRjxJU#Q-%##J?44qDJO*C|xO_Qly=EXMXnc)YH zu%TRMlF==0fu8x_$n^4WrR9e)JF<<nGsx@a<}#kVGrw9~cq9}9R?5-ur!Lv}+|0s$YCmt;9nw)=kXyXV6!z&Pspv(e>dpQRY34)PSIex~0 zjuggD9RS|pg0DgRsL`>;N4h@xUCENfvsiTY{1l|Q(Q@k@o)=9M9le2cSgiBWoj;#(Yg$v)aVmLE!qQvSwJx_}&`uz|G@ompJ8fC`LsOjm> zn1{raGC3idrVkO{a?jP0o%#P@o!=6Nqb!*HZH3oe%(*;~sdlA!)0Md}*2|asuQXE<+>$^USGzm?7<;YGC!iIg zo$gNhII!yemfc+bLb#Ym!DLg6@v{dH9_Zc?xBV&$9PtStUHVQj{&xOZtjbLW-we{tU!6YD;$G_+H;{pa8IC!} zw|bIW$_Fhtn<X>!AA)CVqn*A?TP%)^pIo_U%b~>4(mzqeDU@&#Emis zj^EJ)oP@&#*L}7BCeK|%@PU~Z&D5D<0>1Ouq*nrW-Xn-87})_G64SHN==0HHkC@(?boH)BOyF_WJ^SA-Q%r$Qw*xmn?`R4=*0{}#3ZV5mXy z2QvSo6K_85hD#9lK(&V1{%m)ktZ^ZH27q447Vsp0d-+aBoWRugcAgjw6|p{n*oqmJ z1R7prT2#qB#=862$o1Zi_x3cZe309%*Gu>GI^4U(DDj*OM#i3>T zCj7LzP+{Q9m$dX}uy+C|N@v0qy4bNB%lEgT$r1bjl+QL5gGd)DPMDVR24Bcqga zs@YF^giqec$zY}^PA&~P_9J}cZq{8ypgiq~WatWN)xKs+MjNevRyLH8Pi30MH-L=a zvRevMyX_uD?BL}XoNSmv_gQ@F*PwN7d&!p}`4_Lv6-mn~E~41LqFO*u#C|>gP1z*Z z;gR4@coc&!4Ag&CnM+7AMJYKoH;^0p&6Yzn8JWj-mqv{A6MMQzh{{G-#wtG0u24YI<&U1&2t1<5SJL51_FSYdy<$?z z4wGZN_0(qFDZ(+K)^<#kV1ag~J1xlY{!Q5lF336>(p-uERuf5|E-W&3r2fiT5x`V@ z8++lL@{7De(nzy(1gv%k6q6qykp~FNe{6!(!b#=U;>60s6N5zF6V2Ou7{ZWb28pn; zihF6U85*?Oef>b}f~yhU;()_C9FU7+aJDx@!rb(NHtf~h^JiD)dM~kQGxWztWZlDG z4z}tvL<)5cdWFh#pQCLXsjh7+Fl%SMaN)vxa|dzgX|gMf6yhHbW~r`lH~apd315+q30F-Pz{+!SqW! znEd%jLb78SH`+(83qGybq$3%31s@*e<0wS=C!p>|_}|}r>j;53sLbz9VOc(5#F%Ef z-?oBj`Supwl~ZaDwqnTG+cf?Ad;}{S6#6-5O?M_7&elpav|!bjB^Q<`HWmEYg0>@N zmA&=3))%Yb&wSXA7nr7JwJZWB89SavUC?<0PTb@fO=*0;9(mFKS#-85)ju>lBT(~M zlbB0T&487se4uzVOQq{l^l=kUIdn^RjIn@!+Dwe%4HzgAevI23z{MYDfl^(cLn0pw z$9chFJn!~4%kX?pz~1C&Un0_%pgCX&5CE890Znf8R7Xi?s0OOsoXd+WD1|Zy<=owi z6PN52lUy?B(%mJI-{>J?E&6&wD^y!0kZR1A-av2j%0zE;Op?oDxLLc-8{e%BBaxp^ z5Ceqjlg;sVkzgR2`Si|F`H3EZi&{2yjJa8-*0Wa@E0@~(O?*zRYO6^gp^%*s=e90J zrZGCy#q|B@>uegaf&fCP$H_~-`m8Wr~>p6bpo~gkK(%v^@a<>gW5>T-;b{n z@avWQEKu#A>&0-1d8|e@hcGax;hj3_Ks%hC2u(~e;koe=|E|)UH#xMpQz@BYF^<#w zYaMfeXOq*18m~%mA?_FrWg+P}K{2Ch{@15PeAeZvPv5jK9Pu{_vFjRFoc)lUu9<15 zM>jjSBl+P&v&Jvig@Kzo0uoWqp9qg%j|r;CvNoFNyifO7GE7M<&`7eE^JkCB)u_H~ zo%ndq<_E|{*4krR?ajq781LDihZRGJI$Zm{8n1r%)+U%I&_dNnNoYHH$h!yn6|v!D zuEni7bP^@P;qCgRR$NAv#;mhZmyD9}#7=&^9epowuvZV_obLAKhY`MeQesy1RJ{G< zL#=FFo3j3(Om|u1J5Oa!%x0RILi?6a>6D0GfvH??(sO3=#?Kw`a<$%DTDsS&l~Sa3 z<}Z^}ZLiN$cZ4Gs3y17$jh2T9mT!e#J>}44U*eDt6z(FOwOQBZ#jY;EViDS2)kOssIVDAds1+L zJ5w$7v19ftzxf)YEg#P5=bXB{SF<7(9)R@I{%qj|`e`V!}-dwBQ ziAvkipQ|ABmNBW@oKm+_2=ws*U_T!8@94A_tai7K-rqGmj9QD6nY9!lg%54|A^%Wn z&4VbLIBY<7E^9>**$N^#_)~r{p zo;XS7@IU8JD5}FKfkDof!QzO}<1UfC@^o7H!mOxty==>!iUfDb9cxSQaV>E@^G5UQ zk=Is;e0gdI*qPBrXUfaVtyF9{LsUeRFx4fwFVoX1?VH4st7e#tn3dfopJuA-W<11i z&F2SP1-r6OM5!Kq8_-^*nBkrH%l6T(BW~xcc!BT6B)d{X9ih8dmb(122kn}{?EcYv zZP>No{`K_C3LRogE&N8bd+bL0Z4)imU}JI=;w$RKhk=Y&+On z+vw-!=JXUucp>@*nPt}zKINX=X|?tQ1fCBZ51qyOh6CSz)Y#JWpM3lK5h+$U%1xn@ ziyW`|V{EorB%OL1=EICxB;%Li4!}-f6621FP|mU|((orRTq0pl!J0M`xW^ z{@z)Yj%71!V48Qnz4y^~{Eao)PbKOvt^0#sHV_^^L9-n)JQ081b?p#Ng1X_!M2Lgv$b^)*!{^NoJ@N_vASUwWD z$|+XMk7t&2NvECt+{+^&PX^3r8EGmtG&IsQrj@%(zWf@$o{1XFPQ)&1M(l`XsP~p= z_(N&^^aYM>-E5mtsWu8v;z`OeI5*#)8{=8b^d#+8Q=rpSlunzTMZ#2;vOx2Sre~oR zrsSmUicOKQL9GPpCpSyi;7q?-stkGgmy)62)-`U5u$sOEgOr`Mh2aZ4HD4dl&h?W^ z-L&k-Bp81DGVaupr0n}P_LA(X>{%2w;d9+wbxQ8spl?b=jHdy`?gsAkV1MPg_p1SJ z_S`0S^FLZ246?p<^_wY2t~e^uQuJYr4BS`d&W11~S-p+zcWz4X~qWc~z5zfoG*;*kyhl-af(F%|db+wN^`C=^F1a};{(gh+>6 zN({|iJ#l%=Y8`ARmXxYFYU-zlo=Uqt{Z2-uyh5Sj`KipSK{40ppn7Fr&wi-(aQ*g< z1e4%uY*4=3tq@G_6;cbfDPs9<%jh;65ZGUK%qpNrP1)dBm;U4!12#x_b$?gk2W?(w z4r&*{hw6-nR)3&&;RHd@bGfKru0Z@D{_AP-na%O|o_)Cu zM=HMB66%ESnn?QG*;v>y@eiuih_ zdZv`*D6{yrEKt*F7H1Q$pe_h)W4#KLLrTL~hNb2%DAX~^E>1Kfo$P1npwMF!f`=fS z0G0=iu#o5%v|#)6P?)oZA;1TM#g#0JYFw>T=+Iu7h(mF3a9@7T5tJJ`r{D0HJWVIp zSY1{OJ$jE}J^lN8l?m4wtzx@J_GvRKS#Ijr_aeKo`i%w&`8qZi$Gc&)tDz<|~ zPZfB|HPtyl%b;3o^_YtGx*B=E1fdt1#R+ z?5NcIHALOq>))qo|B})Lj9~IKA_@*w4w&b$f<^GL)IzR^+g>k@r}{He_!n9CD}$9v zcF@2yoBE`mJi^O1SUJLXgWqJ-S`A)z-vH^j#ErLAsG3jV;9If!^nB|k5#+efL^E!BEiuOhlb6P~e8Iv#F-$gC zacAvGm1wM(M~SJ01;Yl*FG>HCi%gECU@tvtXlJSFN2tw6mC&<}RLpmR<+6*%ei+=b m`$6P;ixhjPPbVX6i$S4$(e* za8C>P#(L-wmE6hWz&oGnE}a6t9d^-Dx^pP6jdd3I;hyE=hfh^i5Agu6PaZlPV14M= z-k$(p%)r;7Lr0SiA36$rKfL!|(viRZmXL4EsELUUfyVbrI{KswjF&}0K zv*EKlcYu2aF7b?b;sr)2GKzQ|E7!PLh ze(r*oow^t0j~qJS^1Dx-WbJv}fAwIiZ(js_W^hO8(0(2D?{@E(!c1fE$B+A!!C*CD zwkvp6vKnAg~{+twZ&f$-`#l4`O(FNb9S)AwrYA!IN7`*Ovr9C zaFb9?ocf&7DoO0A7nvT;cVFmrjk{~>&D?uu-_E>nJE^K?*n*l49&^@G8jd4hcUz1} zj7aP&Ax$M({WyN)0_UUeq;&Pzn$Lyl^AA9QTK(K5eQdt>wAHXzU2^qHco?h5&wUrR z1Z(;&OjATmU0P**z6DAwun}5JjF7cDDrMpcOX)uRqy?D5D-~;jfa8Mc5eJC(fx6mb z-;16}`nAPNH_UXTtWe3^vez%-Pj$rk3OV$}C=BeLV7(|$Y795WR=Tyix8@2hTNNp* zPBesvTeoVkAta~RWjvi&iQD2oL|{A3iRNyMF*c3v-%ayF{EnWeM>|xDW}jV8JRaT2 zdWP2c0oQ(WA&~#i=4O0(8_;2PWWs&mx|Hk8n-eg07&+*vLBr<=&ih_oUM;cG;%LP( z2dr6sHPO0s&OSFt`^mH)i4ZPo+bgnlJ=SHB)5K0#?fa)o&Z?^WR^~DMDF93ywGKy3 zaOvo=#R!=z<`|($2TpRT%Ker|Djjlw!*(a4d{F&;c1)r|2e?Cp7qzzMXO?0V9YbD8 zy9FU-IhD44KYDfBj-#W(_FJdF=7&`~9W2cDn~S=bkKQXq#jUqo(+vpUoz}px_!J-9 z*A%-9zPK*OhQR2ldp+IK$v4+GI=3vZdBBmc!orbrC>v#qw z4i~%7mOOd0Z{Mqwdt5NG(fLF{@tqqu^$9IVbC6?5Ay_oqRjm*@dY2=}EkCE(!;!o| zyZmh;e0s>bMjJ^|UWm!g3uTw}{x+t>`Z1RF(k&6+jR=m0Tnbsqw`x-<2C{M`Kv60o zVSRl5Qfr)~aDtb&qJth73}$5>A{5+>^V*Qy^2OCaSBY5S@HGK)%l)m5X2EKD3TcNB zS&xpn%Pe8DHZw2m<{HW_EVaF{z?7|*A0~pSrc`h_pm$6PpVtL<`jm*5u3hR$XcpVQ z^*y6GVlVCV-XG4RMsa;l%W6ynud`gV9LV+=_tV^(PWHSTUtd?gPA6A)xhvD+q^O%Xss; zcx2Ft`*j8w{zY9h5zk~fz*|4h4)P!iAsk5d*a_A0zC!bci_-3Paue6UPtq&&3*Tu{ z7pFc^_vU}R^n7iuPyS4d$c^2NXnDuA&LOL@R6)b-G?_ImR*{=DN7D4D>2^jTIDU8W z&6+N?l$D!JAuiK(sf`g6!>eui!VUp^WMrQ)q;6WEhMR83XOSk_;#1s6n$QiO2xHO$ z8fNI-$YeG$T#;sOZSKjqc1hm%4xbUy^ciBKgg8Wbu~{1+$7*S5nYP+6U*(e8cX$Bm zGv<;A2W9ISnLEegQ+~E38;u+dn%mi0U=W4`3#h0%%#H z@{4-gAGpvD~5D|Mif)Lej$VuqNJQ@_V{T)08iRJ(`}I zi`+8tAQt^Kt@m(NrpbwoAf&0Z($+E|7%{1mytH|g1scb|RU@cE7pXLv=u7WEAe@{- zNs=*q&vQPK0DXLqv78%&;0DRcU8knQUh=0}MLKo1bIbow)hvaIZPc0-y+rVmdXUDY`R)-zuVhXo;GS&o3muxsY7oWGqH7a>LjsSH~9>s8ENe;)TOy zb&as;LFodj5l3#EVD;3ffnl(s#J4gf*;SWf^W{2lnQ|h ztX4h+)Wa4lxY)}nHJ*zVV6T4s2lMdOX$~2S2gZIgOnp0cMd^$0{JnOkwG)HX;-%_x zJ_=7%Chmwll_Nb`!(*lE;X|ToGP6Ibn%XO-tK|i@*ZjBQ(7QeB%h9n8!9l2nC=*^c z<1Ki812Rozb;4!3tr0gzd3#3-h}EG(4m(yYp7_Qb<{sn+c}iVp!Cg9t5i7*dtzQ6i z!FzOui zC@Hb+n(^$xR(OHR`nXwcRXU7jTH$hRv~(9ZY07jgO;ZtbH3{(s zAgDuW4gH(o3vHn*vUEW!;tA&>U99YVplSX!8}L&X5by-AsgJaXxvGr;X1Qxr?%r!N zZ}sT53DuMvw3X5{9BH*3OJiTJfpA`n6?kQtw8I1S5HYSf0yu6i^DN#%Ok>Vq35nCDN>6Rno}Xv#S+1zP~e)qRa!mvfzIFPAi!!}zXDbZ%C-Onoa>Vh^K{ zchNLnm z63IhOB|Yj>u_v*WVsKp?7`atfKKV&FJaqK3k^a$I2B?u+pg^9Do{tt6q-S^KHs6Ln zy;2w~1c+|J3;W)D1(q1MVPvQV|!FR?oBGJ(R?lzzSxyM0O2^IZJ? zdl*kx&T>22+wwK@TyT>hzH9Xc#d#WkZ6@?fHo417$m>Q@g)rwBzxRjmz+CLYYxQS}JjKRH9Zp6_JM#F$mCd6pZ->#-E88!9#}n6K>Fbeha|uQ; zOP!tV*t7!8h1($U9SLd`#vh+jk?UhwgAK7}kn!!>j$-SsShLFG(+?OzwN%Dp%x-cn z$cx+RRxRCe`<^Yqx!&ghSuF9WA%({}=3Nlu2?LkdfDECN;wxuW3LVV}fW%c63N)RE ztHCD`7gxM~j0NC-hXI)XL{z| z0MBrh=XIFsd;gtudkl)1$$FKsH3#eP=#DAifzqe1iSrkbRla!q>EgbYI1^ zAp8CIR{iWBCG}8+#eB)P`%x})@BI{y%+_dqMhg!k!&FO4cr<(fnleF+k?k2R{4yTB zy8C5NlqFYA=dnb-_pX53-7}Ns#2h(~#g;(P?3D%D-AqL29jSy8B%9I?g6ftMg1V@A zyGfyyK>|Ng4Vf>rTCX070Er-Qixtw@Ki-$T;#3XR;m>fNi}rWy+{#k@_#C!y*R3=$ zQC2#CMmwX(FFqr|C)sa=ueit#%>MY{2`h`p7tA(-ZLtRUk;hNcM3VgAVBti5{}?=n z8beTUE{w8U*Q#10zq;17wQOANeILQzoo3so8isrKsw+cv=v|k2-8Npu`kfqf+o8j7 zU46tn9FNhZ&gVBQPud;p-0jZl@he>Wm{>mKkhVL>qPi1mgRzg@e=TUIa)eEP$c!d3 z|K6mfmE#D~ot2%fZI}Go9MYo`bfYCdFR5rOX)i7RbuBN6fw|h4NuX=ck`Wm$D2# zXz&v>3{{D?o0p7w{jIXZ*4Ev|9>kDnj?ZQaMTpv^#JWti49pZp^6I@016eTC zh-JvGjdpvk1aX;77n)B1`8H&));7M4FKl2BX+T;@+V-}zetcR~&u1J5!ViY_?qSil zvPJQV@Zb^X_C27qT+yQ}WXsRR3f0-Nzq@0dB}*Zv%X8d#uWPrnEy{|w!CUE6C3x(= zRbP;Ms<^UN^UUMN9GzaGt%FzI44R|XGZQ#L?D{q38*gb#X=r-&F5~-eB;VceP8+Lj zJkI4{tyG3@lC_Rmfrfjo4{X!soT;=JOG>x7P;YfRI|ryTc%$+&PgRTbkgXFQM$k28 z%net#_^iEDw|kBkDRm!xwlw;AYqKX?uOZvtc&ZianPe5ggjGI415zapcfQkpF_#?; zyP+mE*)1_M`miHKDZJm70A10O+WkU2nG^OiJxy;O6-I&Zzwlmibko{jO%$;Vn z&l-*aZJoA^mr`N|VehXq0SjZZ_}Z3w<|Otdws5+|Ha%Ek>ro6;DKy z;youL`MP@)=CCM_xQ#ZC`_%dKuv)+6{2_-{rPdh9A`$QJ?VpyrBh;fd<{VG6iRJj} zp$60$LetegzC(Aa(s9UL9U=E#Fi(UM;j$aUyc<|YN;v?zW9zO_#q71cC_B5vah%6+ z&1W}nOH5hC;CNlgYHdgRr&!prbSEzA*)^gWtl*Z%$Khn=1bR>|l0?8>n2TeVY} zPVeXG5_H%kDi?ZTVi)gaRX1UY{nzT%KU|F9e=JU5u|z-&CO{{*Jji z=EGY@^!4n1VT%X4xd=b^5t96yfOpIi-A_?+OP|8O-DiRcsL8D_(2kfRI6;|+rtsES z@v^oLKs_D3q0~b?{$9%DYke>S?@C9Ow?@zQT#uYAC|8Occ+J+szM$HB9Z}`D_5rW_ zkmYp$y#}lY?jy&-K#^4yF;tj^Rq{#gi+5e2m(=UXTY_Q|Y6odKYVfy<9aS2r2JI|D zG#?``H%YmL1#8RETcQ@3I?^hW)lXlH3GitmW}msEgZ0v;Pw=(K_T{85Vh=~aupdl{ zd^%Z@$=@Tc9Y39Ie3wxqnCV0r(@-y-VtpEaeN>i zW&4g~f1tOXZ!C+ip^UK9;YCiU=jDaIZ=;OS)iCi!35E+8RelSQcfUPfMmgM(Yfx6@ z-ILjoGBNLhW7=ytRIPQAMXIpHl7ccE<{p=r9A(B-mtTt~yosfEtWoL9bDkQQRt)F+ zJ>rf5rJ5*TcXx|KX0kmZuEgf@X#O4Oa#OZn8U|}?M<>7b#8;7;9Ou?nA>`@g#?43d zW-r7gZns#O|4@^*f8IOp?GEJOy&Zv$BCGrd(~fG8@#Thz*CrGm4)5=u0_v;@K66?F6pAL_m5DDZT-&JZ!8w^C`I-``FYwl?cM{O zDh96jM1MhKuwb^XBDicZZ79!sCNFb)+EJNg;F5yhz$v9tD?!-LPo6-_!5DO{7|eO3 z6u}K@TUuIAQt=r1AkW1hPNTuiWz^KFEYSRpXp80C%a`*-j*Lr9gD_;%{aJS7++4$o zTkPITpXaNf=AEgH&J&J~-_^Z@Xc`Pjt+wMAC@!X_StV}DZH|TS<;5K1YAL$6skdRI zIg^zFEoxkGw0m*eKiN5*eDTv|3G}@?x7F#OAi1KzOu?ul1`{xBcVv!$;hx#PUNQ zU|mY%tD~nCC)EYR5e*slJ|TFr$F+>9Ss0@DgPU@`X!LNv`jd&;>lu`gCIc9Ye;UoI z+j~pU2Ov4*mf^Dkl2-zv?~VBl#kj)12GBMmzOS`R$BE_6^0F?VaJydjlU@BF$l8vn zQXn4ja#VhOaTt8@X>_M`7rU24UIji_Mk7LsmxpJipyS$=%&av-16`^XV%Sr2Vp#*P&Ab=#hmz&fx~ zGD6CyqdP=qcXMKVXS!N&sx_9$Djw>ft&YoCU0=j_rJEVm`rXFN6C|0oDbTzh6 zx1R=vcUoTz#$>RHJktO=Xd2EgvVf-ODJ7;~W9u{Hc4dJskKftrGKs;08t>qc+)Z|pxql3y{2%u{I7mM!>0P*%@rk@QA z3)w<%^&WK2j0zan(LaQ}zW?p|pDHWX1?1PeZIN@(aU&XFRIB7rrONqz4~+b@+Gn|d z{BqYDA2S`uh!6QOo(0C84!cJGw*P{3Pi5`;z^s`5TtuP30S$=%GGM?*W&|D{C{idS zl~4on>*X>xI;a6D00vCeZuIV89;jf;0LU*_y}t5*qk6?J00X8;Lj86?{rwpL{tN*B zmj?iiQX|3w4ZoAoL4%M&5(9OnQ#Un7@bv?x!Gi_gKmY51LHB^M@*q{%pDR3AV*B&I z{`BrYedkXv_|psi^nyRV;QtpdcyiYdNsC(h8_Fr>^z*&zA<%8C4zje=$uqbBikwT< z0D(wv?0>b`_GIuwuB>q9&s=0+leQu-xG4&L*h$6p_nj-e`$7T2Fw<`AI1Ih;$L*Dh z`rY|-Ha`a(82~RWDKQZI#hO$S))sP}ckOlOLT>r8h=bx}F&7eyeVJQ`VIYqpN0@|wxi09|53xid-G zyibh)2$tDL79?K}WEl_^@&oUTRq?^~M|3#~NPlT%4OJ>I7H2i>qRR<6hUCr$Bm|7g z#i^V3;v8q%{N1wkrYPa|JQJ}yEa^gB5&^&JBluGmXw~N3yX|vVK~nhsGy}d5I~I^# zI8>Gm1@I27{5JH*GP~TXw<)5Kr2s4WCwVPA$LNvNhifhluHudne|A)JwJwtcAJ8Ky zFYoCtakpV=Pz||{S5}+{+)*@aAdv2qY0BE0-{J3G{^I7jU;4QR=tljTCu+Max%5(< zd-yy_KgmdUqmh>-GLp?$x5HVL==+N2cR1PYFUFFqeHp5hLBOxY$NT?Ihe3ZenAVDQ z11z-n$Ewwp*{9WEjlbAZYiFklMz`|p>SoI_msfByn!W3SvGbmZ7ztOAJ!`@W%L_KMYwZsf*B0roF$)*nTsjKj{Mo69C4 zh3>z4yK{KMQ$`+vQ=|DNBO zxd2^Ch+F+zQU2%aK8pZM$$q7<^2Pye8GZrKWn6600mWDR5HKaNt;bmUU(D(M@;QF> z01HgCtrh&AZ}Z>EaWEAypIDz9hv5B$kiYKsB_q)GTaU<%v_A!0G z+RalJ%msx^Qa=$On$b6yFt}R)q z$p(mU`JCN%8p?G0xv|DBM!Zzdx7X)5WFhOpmMYQpU;Jsz*6}_3zYU5+vk5)7h+En4 zs4sU$DMs_z>DZOry&u5grE|mXeHfvpA>l28O*L`jfpa-g@uX{uoVufLa}dB+iXX8@ zEsU!U)YNKTyBQBKll^jkYX>H9C8nX%4OarH9a8ijQFJ9X%KI8p8w2V~^h`eP5Vnu9 zu+8l&?9}!GhnEaWwJl8XR3n`_O!K9$o{=8^F7+w)YHgQrLa;OiszjcMLN@^8*CE)U zZ=@R10>?CLCZz+IrJ(IK(A3n#vy@MSr7eut*ZN6QvoZ)VZ;cdLVPq_HNNa~bX8*+H zx!OqpJ;}Lay5^#}`-oQ&V?Qt?xtXYLLNC6%_I@6P9zLKwEXaGIx)3mBb{odA6rY5O+A9-F%}R2kV{@dTV@wO-8cDeao^CplpqQ z(xvz=lH|)9A-p5CtuT@;tM50>I_%?$=a$1>(`RC zEl8eO%FdJZE$H}sPqs(RCK8GCoD1TrOQxb3XQZ&;D%mr8{#FP7_ZJJw062)0Tcoca zh#E9Na-2v6Y|C!rop#A96*Rf09H3sAwZ$=sk*cDYC7!j9K8R$pDJuc{r<(v1XP!Ua z2AHoSKxub@kupw!?QX8|?n4N81@TA*@ zEx{179x1fd{?&~9J9az)wad2WPJ;pVd!Si?_guf_aGrB_M?){TRahMph%s8rdR*pU zltoEEEr!YuZw{4{ZS}gdLO<-PI+M^2@HL|$jk*3T?bB>hBHKiq90GwDpX7TlMXCU6 zg24mrOI3nYaZ*q7%?yZ5yqX`YwRi;u!#m8~+t71+{0n1m>)ofI$2Kiecs*r9qdDBk ztgB||-JOXFurLtrEbG#uMw*dsXIO9EJWh9sIa@b(c&5Dbl-R!{`u_+I;PjbWJ(kzF zoS6NbQDNZ`>aq)>cjs?DQSe!AHVFz5AX~J=OHYd?qD9p&R&-_33J}|0X^&&Xcbs4C zb_-2pWvuAEI^ia!{{+N1ugs9zsj^q9`1SHSeS52Q2QC z4ev(FXr=r2?~h=sfhl}9@;6T>{LwnoEl2?0O;@}%A@u7R`RA`LFTJ}SvWkBwPM*@! z{C?-bx&gHkdLdO?8H=vjWm*ovQ3TqgDX+ZNtMZIcQDJGdn6er#x0aYKyR7_;`ly_V zhCU;c7#{yLHR-Kfz`PskSkygTQeiA<8^DMir!PS4kFKX>m-($tf;0?FBnor@3<)jR z;N#+Fresps&_uL61^kL=WL3bn4|G@i6oAC`oZY?b8$mSk5j&f1xZLLhCl=9y%m$h_ zc5ZG~(fMSyg$IX(BuGvAl}|59PZZ8}na>oM3eCQ`JCXE?i-~TUFl65+JL0~QwcMJW zpV?&su_Cd#2g+{r^KNg^`pY)Li(Kwx9-{e6^M`Jh%{< z6a0B1TsFpIFS&3omO|v7j=hXFf4cE%T#4N`b7RQ|vKJ|QU&xsK_)Z%J($%f|JqR_q zGuu!jC`0k7k^L>ZydC9{C^az+P_uxc{viqr^|YB~$LHHlHZd%>bgB2rT|a)B^%28?6-bwL@u^Rpx^2p#y>`JW|nlkON`fVE&xVN{M@gjd^&5;nIp z(ZJ3`@FC7_p)cS$_J|d0@CzerQ5O?(xA43*?6bHd%>U5?{~2ODQ30x&Qk{a2Z8&|? zlwvY}MXv*ja87z&W5;A7U)7lcrNHxHlPYO>(Z(?x+U(`>#=f&@5@W57{OcL;qjU-M z^1B^$W&_B|&+iW(JzftUp!3t-Om&a^eY_DA8M&+=Hcf}7U};|}?QE}yhsb$6bbhv* z@KSj?Zh6sjZb+@|uG-`PU9@c(z(EWG;-OpW8B@}pp^Jvl-mfM#8T3O{B8&I zLhoiC^;u_>dE^Cn4;FzA_Vtq)>5 z-p@UtFm7#f2@XH&&r~n1@jw$>q-+ghzLXawHt+7-lmX760P7DeLgp_upqGCyAJaqg ztq=SY;QTLEC8C?OD9Fnq9kM!@t3XZD;}}xJBY`8em8_#ycW~tGZHbi`^EvWa$(?@p z&A_)p3vUBdrc-Y=HOOyeNlhr9=yOa}K15n9gXwx%+4*b%lvk$~;q?H!0yL(E)bKE) zs`~RGZE8$hyuX#ri8QefNkLLtZpkzN&71ahiI!+G4U&Tc27$iF3KH0g$(Zf`WFAM_ zrRzS$(v$Ebv=H*rP3uzY;$NjCBK;($zXl$883%n8d0TWBemrcC^pzO4YdWAnfZY$1tS~_2#c_ z*62@BUljKy|JffYgSI+}j)*}ChrZ>sG00-Iy0x^uNQ0D?e=-+4jBl}g#{@W7M;Hl9 zdEXEtn!P&5?l!;d_C*oh^yQ2A(@$gFS{F$(^P96)3GsvsdCsSwjQmp02hjd{W_Usa z)CQ%8@+H-w03*FLbEVxDY*49dK9q-2>mThtks)`s8EJEew#3c0uig5G+!0 z#54{b*k%fo-7PyE(hq=4*`Or18&tmZGQ1w&(<9%W3#}^0?m^6UCHavj{h1O^0aj9T zuNY@S!m>_bb|bDC`J!i!VDZW{WxP(xZIN{vP{O!FNL8X|=Zy{kc{5jS1iqEF*991_ zE8np0;q)8ZL^cYKyJ$1SfHE&a6Y~)0`L=&MlEtIGAm-6VqxlhZJqNeZ??R9fF+`)w zaF?=do=|^f zq%6F-^Jo^w%>*0k>|`~nbPY1DhD7J}u+BYTxZEYBbu-%+HR%Wo8gksR8ZqLgznWXv z-?=OAxCM!GUCBywTAC4(R+^s2owe;H%R`8V6ZJsE!{o$tNW0N96)vhl zZ=Anpk$L%Ka`NSxVCvwc)Atn=G&JtL`ILOJNpWK&#kHeasdDItEb)fd_lQ*cm~`tH z9}MYK1#uWSH-!jUUG^HmOz&=+7|OLc{<^MTDC7dlwy7&!RIi+W7t*(LA3sVR->Fg_ zIRx;Ics&^AaTE-UeqL`x5^zAXlrT1$%A#l|0*O?erT;m$aH7DpkaGA0BP-4#B4K&p z)tN99#arn%tS&z1omL1V|M+CIao{E4r{4n4L3CI$2c9pD`iyd;o|Z=4zVUl8DFFhC z6R3x?T?qGCJHPb%G6y58K~LMp5aBHNP{wnEn=s$1l@*mjyDenDX+wPS-2gZbT~^=D zN`a=ewe_PI5uvH*_xHl#;*GhcXw1AxLDYQOv^-_D*K@4GD#a~U%z5ckK*JJNkv?=l z0PEp3I^##8FaXHGFfaI<0P2k3MRD)$6BRsk;OX~k$gP;-*K1`(oO5D(v;T1A%b=00 zenx(T92vQ=G1Op1M>eecL^T9n|HS9i&ExM|+W*|?GXROw(=m-_sGtDjfV-bV#`W1} z-^qB75pP}&F&_DiMHJy%vJPC3#K-Fhrb?Cs_&P;y7C2D^4U1)8qNuIz)-A+Ne0-Vf zKqt9yTxUnf0O(mKd^`SM;^jZoBpNC}Yfb-)B!4oLbf!aw%9E!IAZYW1=a=KEyjCwJ zyi|xB!V#*afxuB}NVLtbVFlOuLFJYkUz!5J1;Ya{tw!y_Ad8j49wWJE^bKFHo*sbS zM11MhbXOESO-b;P@vtMP&l_BK60vOh@z}@{@nk&QeS4ilBMoBeU9t6YwXKy3f_xQ^ zat%@uK*=ESs&hrM0C(Mag0`=2TsblYAfTfgr-I0xi~@#dQ{*-;qZ0>o&#=;By<^GC z(+N=TI(KRw&>2?M4>xOc^Jo_wxnM#K#q~P89i7)0FxCy^}~rP=w$M z>QZSd?cPHe9@?F$K0RGX^;-g3FHIhjB@J=6A1ciiGfV9>qu$jxvKqzeVvI)B|iB>TMIR*|ZPxj>a|lR)mqlh6Knoak}ke#E^qY);mq# zS{pIsWwniu??E%!d6uS$c!TwwIWx8a<|u)k@;jQ7>lUUNdl=}9{K~V>$xRX)zqsSJ zS9H1YXh6*@;*C3hh@Q*LFVHNF8Z@?b_dZuH0;0_%3(i?ls3|P@Xx)gRoLlKChzV+GQqGONR|usjfo8KYVKFja$F8{pB%{(`zgXH}-yPDlF?T*jRJTfZPgI`h(!C6# zL6xqa7)8Tmc_n3~bT#km1WY|Allk#TG>EUox5Mq8N2w zauf3Nab4-EMzd*yY16KQm#pgAQ1g|YLhI0^8{~!VvaC5^3nEGE2>7yR_laxfOK(1H zb92GRlN(lTG2pYe+Fpv$kx3?0=5yv5HGP_fhODTC z8l~M{WK$?kh7|fi2FsLd8UD=U`Of0&&l{BoGw~D zX|G2BOVMx5RLA*(qOci`6dq{yT;^ldWFNcLDYryka@!Uz|Gb!fsU5g#b;Dq}MVk`R zzyV1mudHvN_C&*yP6LSM2|twsX@Z|h*sjt#QDXMJVE!8E^Yj@xk>mC?_jltgZ#8swtj5aS!5NtyK=T|O_^c?6Dv@S73(N5D0>-gN7B8}-dNujBYBO~ zlQi_9BgL%04Mm^hj8lh70l{o%&$bO=AyNG1l%r?(E^2#OZLLg3qOKM>4wV}5JuWay zuu~w6WamkMEZ_CGx;|payZIrd%#|gydCoa;0iuUl;dYAUl^`X*^T2n1i@fot%SZFMQEORZ_7s^(=VGoP7)-6 zNbKs2CU1=ra1Nbd3> z?9|l^16bl6B@_O~wi`$0Pnk$b);NtnthlMkc-dy8YFoYxJ+d7A(uG3>bQ(B4>BGyK zb11?k;1s8D53S5+q_vgjINu$bFe_>BW2?K*1kr0|RXe@0LKZW+RLu*0FrYK3l0mH{RFt_`h1$IlIYXCtX zdWP_yX!sn!s%zgrlPiu3RAS$D{47K3#svx5UTGEx%F@oraShsI5d%2EJ*}ac&gbUJ z&PwY`oc&Nqh^qKPMD{%$qwA?JKiifII{-;h+|l7P7<@nZYnTL2HT@1&Vzd2gHgtrF z%cnR3RLISntv|_~{h?%CY)COt4w@}(p9Y2RI9jENFYfJnFlQ?0rcGzaSKM^i#nM(# zzveZVY7to!M_1nReLhCXU0W5({;>IqrY(feLKr$&%%jc!FmeY;ID(T{UGtorj7G5L zXNPSYHe}~l#R)gwDF@E&Y{h+Pxg`7?cVTgRjx9^~Ne`xjtgx?bJbh{%ljrGC5t6yH z)a3Eb#JYzWK9X|lvzYFarX64WoqHJ2nPQp6A|TGqx-@yXBW#*H(^ZDEnTCjiWSgcC z0_DiTh`z2DUaM2U?@`=(>!wAwW0`WU0z!@g`qn_0)M+=tw$b((U0~Xo?*xY5T-*XC zIs!O?D{ip9rz*iCu};_$=U(xeORWaQneKxI6epLsHwc5=JRoa`E>_I78G_P#;JJ;< z=}TqW7fzV(;rjMtzzKYbZ+D8Vhs3tic>JNH+)bavo4!7w92C=*kFqF5m9{(L;O|q5 zYXcqT6Yvz}l*gu#v(SME3Xo1XdBGiXc zy@@73#e=oezVkhb1JSpKx;gow97tF#iGwb84Gw@-90Q`?TH24 z(h!uCrJepQlTJ}lcPx|g;xNd;diGs-HjBlH4E03DX!07@a!(iLdvz@~r(D8AZOWM< zPY6Mix5Ax&2qosgN&_@F;GEzEpn;^`!|n7wcOpzD zYaGBKLF&HV=$Uxq)Wz;Bmts}HR6(^!;K1gOMfEE7)G%q=(D7q?4X(3({xpo=q#exJ$g+Za|<52aO>gz!gcp*(P|Cz?ICa%L_FcYZ`JjyaI44|B=9gE400IMp$ zsO6!`LrwJw0q74DmgTwh)!BT4i^*3$O2A0JaOePM=>h<;jVc)LQ-55}^rt~xFC`3S z`{j49FryTlot=Fa-+VPogvwu%tt19MwMLu8%G&DsY>t(CE`H3I_(YMrn3k5tK(}`^ zra}Zg_eUWi58SGix~&$@)CXq$4z~DnQuBW*_+Q`g^QM1>AY}AhD^xjmxxnv~NLI94 zk=2AhmUdpSIEYW2hGV_ob7BTaetXAI0hOeHvhtMZTa-sEaHY%&1??T!j1Mep3m5qI zUoZXBasFol&V(yyL*;YDbla{dBw3#nabzx=6*whg=LbOIhSZ=7F7mXHG+m|th*kgh zON+SsJ%#Ta$8!Adzy9ymFA6-*0#On9t9SCR_r|>UG>#P5H-|U-x97dZDYOC|8yg49 zgYugd_a22Z!%@g`K!Uo43(%d5F}QS4et8G*92(JWrTOFg$yonjHQk1QPfzJ8?r#eB zZ(4Y^H_ZXxJ%_rzkDl^BYU)q*|Ec~zz5oB5_a`+{g*9DOwrMl}BLV{0+b2rAn9EG| zAELy6594svy(Mev4c`oH(gEYmL&|PjK*CztZjlHFT{uE)ro6eJbQy zo%gx!FVW3!kj4VIVsT{4hyHtn;h&RC{}@dEVa{t&h2~de>{3D z$>A6hvov2+go*8CdDGPbr>n3PhH5Hn&`-of&vc{Zr1*kVkms zBAQ2<C`%*pNbB6H8SS$Eo*q7q7|Uf`$!m?-mqh;l z$K7QL+IdboxZb>jz#%~9NuT#p@}`o7-+wg6f3F?9I*^igbBuz1*|h)ZS_-fBo)ESa z{{6^7AwePlsdm7q^ZWFLKW^9W_#Px0<#rBKPb2i5mZ~R@%KM1Admj zN^?+11_Ln7y48a60rkgRrLcM&{l%@SHfjN7*OLq`(oO-->oMMkhFl%YpHPYUqx5>03fk3mlAtIfIYQ^Yox+jV$ZOYHgzhjtpRaNIol zBb9gikW>5yX&$knf5fCKr}zwz<#ruam$F7R6?e#Y7X0d$>z=KU%5 zX`#tRU~HKksJocG1aww~8{sfrMHJ?m}gMy%oBc7>rS-Mf3IHJGmpJKGa}>bx+`wJ*(QDO zePsRO*MK@Sh4h&GqchuVcryr&H^!d+^#Izw2K3ZzyfMRUe?3X!B(U%3k`cDt#o@!X zNSWg>+f=)IEeZqw;H9)}bRKvJfRc<4ZecmTNIgW%UcYaJT5Uh^A_oRI$vWk9&fof} zNq#i+OiT?A8#oxkaWJbmrxw$W9J|}p%viQ%d{Q8t9LMr@>A6+*Fx|S4i8+%UEr(&# z6VP-&T;$|_0tI5PmpXF)@8@Fp#nrN-7Fg+qp|<4BmyY){+_P-Q=FT}1*o5%qftFpm z-29i=mKS}`5jYqNJs;V1mbj7eog8(tuu8eoOHv>9(-nR4>OA*glCHst5c|F?2v|&& zlvj;^QtBpNS21mLR+@Im3u~10rA4r2$;Z&Wv5vvp?q_}A_xgs$Epsym(?2@tO=z_1 zqGW-o+y})JxQc8tTrmz+{t&{^wftm8^>c z(Zf&^GP%jtyuJmTE!k)K|8Vw}VNtbF+pvWJiXtVgA}t`@pdwuo1Jcsnog*rOz<_i& z%)rnwG>p>S4Fl2*l0y#f#yh;fAJ6mX_h%pb$KJ=WueGmh<$134dj@{k?`y79x_z{j z`4%kiuEofc=WiSCnbzq&Em_GcuB#W1we-@l5cLQX17Hzd<&&yLW3a^IOn_OV80k&% zmlFH>iM1Chx5m5MLD#INAS|rGr7)AaK!c}T5Ex^thfUE{@a+yuNQ}J^HZ6*@Zz;Mj zw*znch+3HV#>RPD#px>9EV>*;(h-%(_D4`dp9@Rad!ytLYmQMz)OOxh0+pB;Q-FeH zHR_;p!VM_>%x;uV1p&ZKhYwY?!+Dx&>NZEUAik6jf0_Q#6fE4Mb=cf{2PCBs&t~X* z@m*kcD;e7{6P}EC!I2kpd}#NXQsX?+v0TXm zB!8gCecbPvs@@&3{jBj5hlSwHafS`ggdia~;O+3`u{^oP*`kXbyuAstAm)a<+TiFyTpeHp!pHWF z{boh#)0=i{`)bW{$jYb3XjJK}K#%PGuHYT6Df7&WLkyaZA zs*9t>6B~1p(YjhI4{rQpQuk?kGaX=un>_M?1|ht>aZUaHMh?`pS`XM3M$B$?tU8l$ zZ28CRhxkuThm0QP9_~$5H%(RF4I#5RayVVBnr=A-I?Nxq8~=&Q8B}`idjayzbN9Ib zZ{lXx_rb@1;8CkOjRH+Qety|keqz(98eVz6nHbmEX)t6iSnx?)WM*McC-PMd_cLEe zzT`;3T%qC-MI>|31MrK+HBGTjuV)%WtN{gy$4##57=c;;4|nOQ7I=PN^*(=F3$(s0 z)j3l0-gfAze&|eEw%dMVa3=HuV6zHO>knqI9E5{%K>5}HP)yuzo9kkPnR$y*Y9@0T zxt6UZzzp2(p0HUs9xvbe0)Ju^O~&ESy!U{^*s%sPo`W@)GqD125-+fH%K*~xf&fL& z!0`EQ3k0%FZH4l^nVy?)9uVg>_=gvUjl$Di{AA zW2Ovij$jB+ZxAOF116>71m{_s{Eaa(_cQtgs4p7#gH^&r0hiCdIK+)XD+6;wYC6Gf z;dFU>37|@s^-;F63B49m0Ik>Uaq2gRy=WE*^hK`A^OwR5ku?%|pzUcq%PZ(sS< zQeU4WAahxvRMXjM;N9MpXuRv~?pCvN9Iz$i;dnv zxHD~qz5)f7*1Tn1!O|_bmf#6KA&?#Wdw+MLL6ghl2u;s(Kau=VLVyiSmq>ZtqU7+}R=R&l07*1;h zdT1UkoIJ{NFmYajC0dfwm95L4`tYrC#IVP=yWT1^364#y-bpy*7o^6z{ls0IMRim+ z_1!ZbZ;y>3tcKz>a<@S?yRSaUIre!wKI*({@D6b36}8>=YI~&Gg7*R6bnpd?H!Uq~ zauj^NR(E(N$Fo>gVgisSlS4#t1=89b7?5Ar)k|j8)G+K*?z@m37Ua*M_IWMN-r9fw z!0{?EKzgC2U!<$_nXZ)j7wPIMj%7`$?e<|U2}Qvft?>HhO8w{$$+tWOUo+g1MdU}?c&P?BIRsIup*s2&1)9J*FoIVDei_^Gdl@5;8RSf}X zq2dLSQg!<{r=Ss_I_P&UD`K6gyJl5XRHWE|1k^zpCEZ7=h}7tv-A@}eG8b6d9n|F3 z#fb9ab|EgavGEXrnZ~%=T_J8u8|C`Lx$wvv05>^~D%{GFufkSj&0~Kk+Q1H*VyKLn zRgRTT&9ucEbEv{+UX3lp#4Qs|9Ngi4<2L!BVpAr_FL)gGx}QN;o{(6zzu0zwNE4TZ zx5}_B?7{xGR+SeFwVm3jTrxc;6>|#yxMWr;sUv@(N8XfQ@uR8%vs5@VM=JzHH3dFi z#L&&|=RIx)v!+?jRMj5Fb=P^SHpZ|@)I?tC-PQF!$ct{ln#Q;b?v+pIPuC6$=GH=^ z{|N5!n&o@43~RLMTO@1s{Ot9zv>{fLL+ffal06Mv z?z%PCA`#DRr9UR|2uk5cc+8?%_O$zKQJoK&w%3WvxAy~R;=no&>ssu9OP-;>-PrN^ zi>dy#>fWgJ+N13`oH{}Q>vAW!DJQGGBDP3~FrWUE!P>07lfY6vkJ7T~h<~@A#2%9S z`rZmDxMFk1b$%N*TQ8Fzq-fAQw6Wj$M@XqBKvLmWqxHr$0DVp(08G>&oG3L@1}5Qr zuFQXG>$p54p(;oYjOxp>`%W*g4IsG#FZet>E&m@r51&WI*Vk^EWsYWAr*l+MTZ`Ty z6dbgmDJfP8SX7=(yj5ACg6EEM<=M`;C4hqD!X-Ca5X5gM3K(T><)lb|so`Mh=f@Jw^1}5i9JV z9L&%HV$CyO-9@4kqxPy`mztZ8PPnM0yGR1=yjQJxeqT-dq?$fh$hU{CEfnb8ekYV!R= zewSc%4iloFoC*gZx&V=Jw>Mv)DMy{FH+CCJzK;QD+dO)$E^`~kG z9~JxqT1^SYisNAo4oBL`dd^wEUimq%l+Uq0;QAv>3fVJ$K5Oys>=pk#JKWdJp`skr;DR#oXTNV%njtLDnApo!6 zgD`(Y$BS>eTo6>-#yD^IEn{c+?KP#(BE+u_@||T zdQ{?sw~7m2tDBKdGh&4_i*0imOK=K8PEwSh9@QKDV0)E=^1` z-;6e#V=M>!q(ORH6%AF@qrt5Ff}NB^moYARfw{H5eC?BVzg5TcSXff-ectx>;tGNo zQ^RlR0n9kxYkr)T5LUx2sQ?^kQAd6Q&T+|){(^!U!FG6&=>!W%HOt5%9xjxZ8yOMN zSnr#y)F3@R7b1M0g5Q#WF2S{5T0FxgH=ZjnRnsc*galy8*{$@j1RU+EX`{?C!}2IwYw478g-Bn${Tg2-d zSX?FuT4R#CoR+q?U-=Xy(4HT?&m13qK%9Zu6N1rW1s2;X+AZyc*LfJ~rN2q?R^rX> ziemDv@)q8J_4cQ^P(x7>!|n;vFKIDy(rw#!X)R;twVd^10QOu8u)7#E5Ynt8ssnHw z5)e7J<&t)K#bMl=IzbPTa_foV2}`o+n-1kO#!R~Ioz%bPMuYJ{9H53ku8PVZt{mx`X6663s0!t#AMVmBQ_h6S1l+=Es zOKulb<2-!+156b}!hxMbXE*~i>%ndi4yTi2Oopl=&yPZoO@Tck#21WtL!Y!HA&)%A zBxYbP=p6DevjQ_do$DBM^``*dI$hZqFN2gQi11xR%cikj@m=pl!VCOk4oe7jq*7D3 z%*2=+?bfJ3Z3YN^QlF}nTB^p;VEINtd%AKN`)cUaK7K4t=?%L(Pz2XouJ3@p zR_d6-%e(%nbb>)YT>-ZGN&v<%uwVRDv6_Nf1NQwj_8qY{4zms7ysURBylv74N?**z zZK#c>k_3=hYs5h0ErNdnHs3lNvH?@^U}k!Xo_M+R{*!X}o&Sa)Y}M%-Bu)8h6s%GE1~a{tA`<|zg+La%^$MNespQ54RiTRh30C9%3!g9FaXE5tC zj!o{g>|-~@ryEF#s?NVj+U52H#KljI^`W_7ETT#KF}E<2et3y8h7Lq$9>qw)9G?h( zkomChl$aWNt|!)O+BV7+&m+R`n;jjbxy`XvMBrcL*%TVZ@NRIyUqx!AkwAPk`HCb% z%;2^%!@G!j$qwUJvWI$&K@x%~a+<2wXzyBYcAFrdbFWa-)yd2^>W-ps<_`ET2E z$-0E+Zu6gqWWPWAgLFuWJCGV))!rL^{V?ZkX@h(NoZ<{HlR0}fK=8rn1-NK$=zP-K zzeQbioSNGo*%`6vOB1sM(ql(w2$bt8Sb^wTa6mx7?5vEpqS5$L5a8|~fHUK0x#&;N$NX{OS(#>&0?VPQ zB~lJf9s}akh^R9O;^zb1a4)8Xfd!#iAZ(IEvc5F|hV}5W5_55NTN68MA|p_kF{<|Q z;qEqxQ#HcSu}c2f`^#DBG6@hw6L|7-XjA8`(s|SlW(s0>SOUyx9~cJ+s?@Y|8)PYoR|(hU-n7@H~`J0R1cKupd`r8Y5bARZFX7EaqlD>Ts2K!pGj zu+cV)-r#5UhMkf_{*2{MPxmfzw%S!t^E;6mJxR5XPdu_F7dvAqMs(wKq~)1&;`TDb zx}P`{z_OTn?73Tf>k0+9t{`zYh-Q8rz=8LPLN%slQ_BEkIRZG zWv*g`X?J@Rp4-hdxWS+yMY)PjSirw>Lh zlHU3{ZKnaG7j)`h#qs~cy=DSxml_OR$3m}l0m3`W$fAb&yDWPTfWoFmO6d+zV5xC3 zIW2~tf;IkDYBHc;op$t4lXzKhq6>-6v!U;gM5#~I)izdONkI+4lB~B2GKA2b%0rZ6 z=kKl>>@t^S9gG4DThN4v(`tk#ST%L|(^^3n7JMhsj2h=uh4{Fw`Ke|Vr?u2f%6Qp& zT!;w9bR8Xgbw}B-XTLFAq3dj3fXV7~&IYZrS|syxHE`@w(>_7@v)QG&^#S<+XDj7* z<($4o#;0tLambjHwf8@Q_De^f=$8mQ9^Z(u7iUPQewv8NE~oSd>LQjo@Oyih-W9_~v+1bO~%mlZQYW zaF1nyddS-BK{bX_eW=B0=m2H$iro7LhRyQCD%}G+kXgOziFnA_GfI!0v5I|GmzG8; zDlk}mh?L)Hl0I1Exc6|6?jXqL>_i;Mo9d63l5C%L6f_B;h3YTa2y$&Xst zWHy>LtwX4^?HAxI;R4*IZ_i!l>n0o~?h2o}CfF~!z=dE-v_i9o>9~+}(yPb&pNAP7 zMGO{mT~~&9W(&Y4YNzNvx*Q>e-=76MdJjuj-pkTIr+jgrvA5W$V^j~O2O9nXWO`Iq zn6>~apN?VVy9xP}94Nq5wMP8Y4MP@Q4R{>eFii0@a7LTnu<)dEGjq`;v5pic!TxsskP(eYJV3Nnd zO5AOppQCc)3ctb*#;7TePmRJ7Fie`Iv&UQL8{2(UkYrAJ3hcu zj9S#-WRE-)V4qF&8gRaPlZ;SsiQrn?QM5{C7PxU<<#V>B;;WJaJTGs`q9zgLo7o26 zmO-0_L*e%5O5MhKmo$r(MZ1-do)GYqo5Sr1y$Mi~M*N2}&;;ztG!p}+HPzH>~e_`n(VhLqqRM6a@H^PSM(S2P+I;mSort>-CyH!ZnSbSK@< zA}fD1zmpS?cp6K-{Q^6yCh>h+;FM0u$y0MYwjUvQSFL4J6IGb$bG~pcjI0E-^btf64>o`d-RD#WXf>ABnDBBI*4iT^p5C%HzXB-gmuvM}wtC8@9QU92{agJrwv3@nrI?!Wt0y zmRb(6L*)}mJD6%8YN+u<`a)SM*8>2?sZAsU*yYS=JNd@Bb|zTcsnlXx7-$+s0<=?t zVBrwW*UNK26?E02JGwMgR0vSjXn&nr9y!(-7RW`Z2dFpX4p_t`T=Id^0L5f6TL%Ew zEVn8kdxVY#P}kh;H>Og(st=n-_e&dgREe-dfj=b0u7%(-=EWPTXXn)nx`_r0xZGwZ{8g2TFlX3e=^k8=`y zTKQlASkRIL6z75dHX665JWEa^rg^s{>_(=ydbUi+k}-`*b^|v34(D05m|+3C1ukSD zU9#IFuW0oLXUBWN)VN2M3C{i7m2M?^Hb@?JT)|ZtMM~>&lOELU@U%{7{LDW(S)wHG zbR@;+Y%cV~y62ATkC~Ra2o7X8mFF>ouH>U^j@=Ulp%Z;ACzRawsZ7CQer%%0ter&j ztrqeqU~a;3^Mu{99Spkl()UsJ>65>boc{-Qj5OnCO?}NAsHtb;S5z#2<-IbBn2O15u zIP?hP+tgq*a@PPC$6*Y4aABJP!ZfkN2mv>IL}F7Ph<--DUn@>oEt2qLp+uf{AGSva z2NHD=iFaZo;4e9O^=B2#iMiVuFBwI?8_zHoFp^Q`O829l8g*{~l3NO#InJDmd;Wd8 za-cZr$8jz}qqBAX@;CC1c3I@~GVM$<+oc3DzxIdsl?@di%41&#7e3bgsG6De<(waWp6~Q~9!ZaO@d{|NU9Ar5>hz$h^GTHz$ zoLlbp$be#m&CzEksl11y%Jxgfdg-~4GuxM1-urj#4vFhX9hPVU2R~)3O6&3-7fw2B zpThvairs-3-4d*Jp~t0(jV=*SeK||;JE#3%%po$+8;{O&A;HtsqB_s7F_hs!=5N;n zeeS3O)j&~i_u;9B*SJ?Ir94lnrvvd7gt^Kly#35a90wpsh}eqm>BwIi-G}gsfE7}1 z(xs)#ZcKs2-#Sqv!?3*?Z_C?Qj3zCUiBUbT2($*2&6bt%nB6l{8R9R^3RMm?CuUOG^gJ1q8&$A#K*H&7o1lgMl&U1 zKEsj&16j^Mn8P*(|Nmd&`;K+tzDHx$)3hQ}uOr|5jX>Xj^33ta;?IOjnP#T6xKRhN z{bU~NDCnhz!7PyPxivEj`_7fHQdsahmNEmL!^CAP3J-R<8aZT=f?Pcc2>9dn?Uu6| z>JYjs31G3BxGUluO0Eo`590>qiE}>HHV}CV9(Z5E*~$LrsaozfNFu+L_~cm#xL~Iy zm$7&2+|k6lGik+r!D>tBQ?yMpbNMu3AQ5Z#mRh-8kJsJC`RoCEKkjME=a$8G=+#eo zAl;^Y)DORj^wLtt$X%54(sY_3=5#V9cSor_f5k@e_kjsySG?;^bY7&5Q0kmmwhPf$MIZHdBJ=aH^63h;Xg@Vo2TTczosVE(Oz=>%xBdj>Pf7O5*h9z{y;tj{82u z^Bm5tMv6xI0X9%~Iz^js}bK;^l^=$UOXzImD-8sIr3WLV)5=u?U1a)nUWL`gf z{l~xsM@L*FW6pm5EG@4bg`Z#r9T(grGWwQoyaKCIje9SVi9;RGueQ+-^h$DuKjEBH zz;mFIOII#5x6&lycXv5=oIaOA*D4;Ly@uaIIK{cU-!WkcSa#NbHLVNfD*J3CmS@nn zQ*5f4;B3Jw%AE_!A^cWk>0yRFF__V%Tli2USG&6GXk)QyWtIv7M7Ys5`8(*Eu&~o@ z+>MEaGGgZA3U;NOkoQ(cFPO%%T&W0qY_w-ipUSF)tFoWZomfm;H^rITC$arbChX@k zDXF(OElhEWDX);leFdt+v!Qcz>%ua@due zGzMp1QP>JpGD<6*LRjr4Ls}X6jC`Q8Dr0859s@yKhvw7P(f)bU{>$i`(qI<0f?Oj( zb}#Ssz1AB=8KssGRZvk{?{{Wy&2$H*yGfiz=5-dWQ6F|DEUMUy%-JzncgAzUM~jSL z8{r>wcFM4x){sOky?kaK-RhGL1@pfVV!siYTRyzP<;rAtwGzMMU$zZki^c1zIdR84 zJQI$Z7}$*Zi(`<5Ua$Owl;{^TReYA<5vePMJ07di!R07n-*-y;v1UBtvgc>*EyH_~ zyZH=34p!Kt5Cxy~E!aJk0z#9hOt_c>Rq%uJTEZb;oz?r>`Wh2V@zB+mq60l&{6~~t zFJ?MocC&Z-;u%Ic7CTF!6H3p_HUs#I&1HpLjn3 z$dGc~Q&$hG;fUnk-|yNu`VJ^0a;Nwi{nJg#r-l-NHES$2L95~6Z=u7ZU2d1W+kPh zGK-8ux%|kXbk*<;Jndl3CP6M<&PO0UjTlBE!ptuNw9}G$X%sjL?VIT)*iu#}I;4DL?g5}-Vp<~Rxk z*P?YpQ3k`fhl9d)jo)s}hx`G81fmV(1&c)V(EqR!MxS4cf<6{dJF`?>XLFPlJPbKf zEPm!|8V4(sS8X$m=b;|I12huvQpz&w-N0+guJ7Fm^ADAPVF+;HRu;7j0Y@I^53yX7 zdKqxAx@3pmO^vdEIHVt?$GSl4#1M%>iE5;5TYdg$rMCc+4D)cIHC%$ z)Q`gQF&kS32MLvxsIKdKfk3&Vc@*#tI_{1fq5(YN>`u;ka_z~xVEE`9FJ>Za>gKIl z9>QzaJh1Qx3iU3F73nqUB-i?AtK7pAd$C@t_LN?1h5ly0%)4Iveh+7K7b-?FOs@FW zttayy)3-dfCSxl(k|9g$0w&-iq|V^^@LIuOg^2_l6lg4Fg-HqmZ!l+OK;5dTJX93C zp1IYGms@FDy1ss!V$IQ0_)^KYW%O2fWaR$zNsZkuQSEMM_T&An?fUS$D@haiYOh@1 z=;0UKeE9CtmEXRQ7hW+suiU!o++lh9^0j-l^PTi%6DLo}smV^90@J_CCQ)S{Ef@^ zOZOhyI$o;zY9>sjo*AVThO$Li8GB%=T*VHBxHvYUyNqtEJcWiZYn7=6j_=u_IS zqSCIlK27d%Fn(4yxGc>u`=kUG*p>7?(kOt+XsOB(Ei$pcxfmhjp|*Bp!(p-pkKY;| zg;A=?iYg=8$h+b=4=^eRFUsS7^t0gWR~;9p7LQp@%~)w5zU!nX@QGu*SvwpY@ zfRl5W@{!7O$sV$bp?Fi3?#?1A!wPM4X9{(LS3@8yW9zlu-Q9gOBa^GZWE^uU0}EWH zH$&-~#9Mslf3%Aq+NNN~*l5`Q=cU&kSi*pm{k$G5ot1;$jR8SlGN-gP;ur8tS2sA*aUazqm+%uRZ-uKNH4@o zvGgQ2McCcCm%3i(;r;z`_d3Z{PbknL&>m#cDmp@SIcwzWBlnFiG{QjbWszNFrQ2~= zu3M|o$Xb#_lB##zWu`gFp4P!g9*n}slzZ|b%VCEhDv0gI?;r3Bk=&?w{w?{A$XA}q zrGt7>&K+;jXM)h9q^<<&zf{F@ihGg@ldIZB;yd~7`@l)xm2oUNaQdzdcl|6R8yRaO zoRE7c=f+94YYu3eThiuV=+{a1* z>&m@64Jw2hRxf2XIYpX>-$rNoC`l+6wc+V;o7A&)xW|kz6N)@L<;_MBC_A@!mT?&j z>}X-Tj7J*kXv%79ZyyS|KS{Lne^24OFSz1J^JH^sPJTflp35qCm^r?~nrBOqL_$@y zjEGfRry2F$*upbC<`XtH_8|1|{W%8bM$M0TQBwQhTZyrAJ9sY3YRYEWH4PdH>7x&f zVlMSTnKdJ0V?jD-_ATF!*K(9k%CK>8m`g&O4365lq@_?j030^|OZ@NZQ4j1VR+?M2 zxi-@Z69exY03G^P;qopWitlfYdZ7Zc&HzLrer|$gI0cVg37f+Duv57h6FZ}p-b{}YGan)A7r6WziMGt{%}h7(#|0xL!eIi{?t z`L^xa_m}XWnRDm_tS;RlHJY!EOiC%tv9x;UcuRx zj;b3s$zloJLgsBU4*j~~*yWniRB2yxmi_1k7nD8Bu3Q;FUDF{=$oABX>EG3Mx6^)) zi!p*E=_G!?L#9siHQ3_8&NOfLe}w&8>eom5=HVf&F^%{D;XhjU`6VB(C$^RaulW+W z^VDORLV(yenYC7sAD|%JhixGx)x?cc<}Dv0D7Ejk-V)hHM*32+AUr2kB-kG%Om;zw z`}h`di9FXS;bdd=c=P`U%yC!kD;dE;%3&>-s7>UNyz*GgPi*j za|iT~MlxliHSsRvQV`00UltMk)3v0qU%3{{m@cOKj}5=%b4F|1no9fHFj&l?Brxxh z9!!Qut5|di9XQf%#3$XuITZX}K z`HW%JF?($qx}zxj!r!DJQfVrx{t;q#DDrWWw#jh3Mxiy6C4qC0z2%H_m%~aZp}>&S zxJH+B=Uyd7tWACDpe*&W@YaC;A9zYXZHvkiz~O!TX!CEy3B11U;-hMHH6n3C(K=tk zZf&PsyT@cJb0zD5Z0{h4p}n=VV}UI)lpH!9(p5A3xxw?53wP-HBV*LePRxj7v_!JC z6lh6zcs25llzntb2-iwwd#4N2q*-)>s=S2tqd#%wEzy7$vt8RXZ7&e z1Go)35g@+oA3tKMMDtbf35to#UW#f`vW+nKx^#f=SkfS3ABr7tJBZT{7!6x^+Y3?h zS#jq{qeZ?(d|6{3dm56xZm2Aq^5LuE(az*AjrV)&qPpTtWySfQfB8D+TABel_HFhB zNaxIsh)o7^3=LRs8#mTQ~V+SL-G} zzHgR(VUZyq`107?m!U10*2bGz zm+i;uBdzNd3#>--92Tvj_&{Y0c7xodDdUPq;e?ZN-41QW7?a440k~OjbuqG%RR0S8 z*H8K1?y_92sPMvFZ1~8;|FH(ENzWy-*ks2B`M z(}{~YleTM>ql!zoKtL3~w>g|1WyDA+_jIbKDuD7S!fUM4qFy2RS!QfX?`g(u)FGPN zss1EBi8zgoHx0u)01kFB{ss~_Y^lar-?@+3pMTHXKNqF4xiNj z=lJ|ONdL>-5G|k-#_3~k{wtys=(U#(>&5W|ays4%S0vM&{|vj7}}> za@Tk$-6`?g@ucvAOBOxWA!!Mi8-B7cp4fO%uO&Zca&vq~sZjf)IF}0dPye|0<#S}^ zo3kEc@&CMedjCgEFT|;0_iR;Xu+3O_Lt_Y%+b~1#%6#fFHcOu9K5vZjI>WWO$-va2 zLK?76=cLJq@N8G1UuAG|g*~)11hH3{sT}F0*MH6%G0MqYqvC#)UiyAp)s$iMTF`iG ziemJb@g{YI0gf6x+nm$9N!}^8tnAHbYg|1xt~%9lqVZL|$eZNq6U@EEi}Zpe#`C{- zLjSu2{KC41*8gmQ=Xpe}UCeKis8j4aI!l^kJ0XPCw{HH>-dM^B8E{fLxf3TStWFZ^ zyx>uvNekugOT{_Qvy7ld9egZx(_Emeb12_Knq*jVOj$EhIBC*0X*~@Ql3k&d+uM#J zaKaenHQPw;ddLz<@39+Kn161my}XVaNt|_;?_H=9@iy_nhQPH~YBR zzh@DM=!b6_8dWW@KT5m=+vrr3%1WM?id|%xx7}cPd6I`1MIrf^>(AnVfi8zGe-mLrLyl_WK5n z@`+b|jQHf(95YX%Nep-lIJ7shlV0yn(2;v&Gz)PQ4_=FgRA`^)J|j#znA`5QFmQS^ z(%q!`qh->!3KM)I0AcqZq5m(Z?Uyj>04s6iochamOCh@Tgsw6&elD~mh*8Xlc?g@F zPgb(cit&uoT4P&c`VewN>fEflPw@b*Hf;lamLuQ$KGR5UOV>lIrj2ibp}}}0Po{kB z!yy5(S-p>Ojcz(4xEKYT7*Z_0TEgJm4A9Hqjsg=%w<=Wxnn!$7bewMCpH4D}I``!!V7=*jt2 z35eYHR=p&`x0EqoPFUj#occcfmUw>&`ewuWIKJ*Mf+m3npf|AQ@ z6KvZ${*9Z1`>TpL|7^uuBu_;A+O{fjG5lJ#RPOYgr?choEB2vxvY|9KuB|3iR1jv- zD-jmgE4%9EN_IT=exL@qIiIKER`WPUL@a?{x1lXdAOD&2^W2L7AoEa7I~@f5v%Enz zpF@b7eO&Js5KR^+UOIx8{Y0yXv!!}sQ|JRDV$DiZ)+yyRzS63SRetxf#g) z8^1J)H9b}IO$ra^JZCBl5{tPJT=nW2L+iER`}W#Kow6K%_;(+^u6w?K5%fHAup|E0 zMqKhC#cP%1iS(BBrsbT3;@-eA?e2VvOy-zdl1*fPC<}?>C8X3-bB_aqz>7WIO4Y%N z{huYI@kRDd+?x15`ARa!Gxlr@D+mk(qTtK3y{!*zGSkSF7qZxAQYjU&A`?_IK`h@@ z`rKFh&&)WCEjB(unxbm#_p9_rwEmMP`5hrY9|MAm_Ocn=f7kt-`Tl5yu$mtwQEs~Y z&A#ezr8AwebrSXVj@{O|(BL(~v}9z*4~um*s!WToV>1B(x5N2MqX3qTg;tR~EOEKE z^rh&QjXZ;MPFkQhq<(>uCXoncs5XdLu4A~ASq5bf>kzcr-0Vy{ICkEd&9NCQXD;~_ z+WeB?|8fThrA%E9?#C}zWqK0+%lR72{i?g`P~($MDRB+7`eJQl-Yth(jJt5HbGP9P zm%Qt=>6){wq|^(ae!?ZGyO6v=2f_yr?+9pOOa_w_w$ z=h1@=dX_^sc0_C)J!P}50GR|c?`stWYhY4`_qsRGrJDFfoi`?uX(GUwf{k z3RO#*B&JP%eGWurgX<`DZ;^pj*B613V!Z3v&yt5tXpX6P`D>*r9$zJw23W^@J#X!P zOPc>2{)>k}Kvq=+i}Ta37uP*}tTcBbV`o$iBebt}?}%_3<~hzJST4kTe{Fcx&$^Oz ze5+|`-qmp+b0RX-x?VsLkJiyqxyeAFER?cR9s3q{Dpm9+)^Vln7$NsJRK2X0cr<<} zsIHt7b#$A+kpr*nBPhPCFLilK`c@gSisOz6xz``3CBm+FV?G~*HLPNsTxEBwkhh%w zI;GEr@PRy?Mvrr+vkbQEIfJq&3uJI*No+Y*!a2G|dvm`d-DNFFv50@Z_o34&c@`Iw zeaD8btHW_mtUK5~fTfO6TF;N-G0G!xZ+%TQJF}kUyw;fqErELM>q|fM5z?JhBE@hd ze0;`}HaNB-M=fha9nX`?srTXBLoih@%U+hhZNqNO;)+D3mf4>=R_9o&R^MB}kKKQ% z^+6(^o@s@Fm8DNPQXGDy&HR9CynybX0#k#|Jvdb#rE&`$ssyo!n8Z&TP*pO$V1tma zf}Jbs<$1N-w_mIjZTEMBufCvtn1R#%g++KkbBw+VSVLU3l#EiznYXxJ%gNmUkjgtz z&Eg$S>PIDomGvWm8sgbLB+(lOrp7PDea|f5qDvnH+E#K8&y7zj4P)CZ&xo7Nhf9kz zxNTI;)p0OdO7OhGM~?+%nd7)X&er*}+}13Xs=zypg1N4QxeK-q?X3_>kaPggLV zaZUgBziRcrd-p%)_t*9Xe7gQ_i|_YrlvNBfguyPeN#(Um=`C`D6>6{u z^8#s6#}D+$J+22$YWw|-JUQ$%27h!MS3f`Bw)r{~E?4rOWJDFi+XZ>=Gd9u7KHS} z8Eh4AA2KH9Jhm?#bno%5>1@ z<+N`fI8R_bTt@W{q=L(PX@!cQXm00v!(>s`y6@y%0anYqNk~Y!4%jHWFqG?Hpr8(| z`fSIA^7xna`|nQrpEg?|^4d-E4OX|Lz<-~3P2(dq7Zw@1soLsV4-y(WSJ(`8#X-Q(8cV=rB z#Sb_h<6;-8h~BM(+uJ6m6)DrNAt$aW_EqwRVx z3j(-m=5y8calhVcCvzq2BNhEN5UENdJB>e(DHXnGo4S9$8)2 zK6$%zVy}rUkHEZ~so~?NPs~ATGy!BQ&dMnI(ast64?1ICRAMDYKG)&R=y8>GBhS^d z%{VahTwqDbLUAp=Ton(oJ64+IgM21Qs_^)Z1@Ve*6{&cgC zh1cMv%5!`gpB*qkpga6*{Ff8=>ks_TcUevs{|lvA|NhrAjQ3kRe=MU$lpPo3?l?C2 z)62QCNM$o@27Dr{K3|P7Ozfpop*y(MS4k{xy1%0(=iYX1D^=76cilFOZeE>!GO5{T zx_aOU(M47(aR~KQelD+4ESpFVrOj0#3pN`#@14!;u&`vv8L{piFrZytnl=V?aO5H| z+zw^Od;E2yo>-t@mcHQ`8W5t?q5lvweM5-!4%g}K%XWg!)=@y;8z4D^jq5Amku+;1}r2L;{n)OXD?EXKK2 z-l3pQPz_+6k5?)BMm7COcXg?C%eOY-fxaWMo1dO1`771 zh}LziOCx)AR0V=>EUta(Sb2JeCa*i*q-(O8)PjrL`5&z8znbrt!nn8_G`-AoTbhp5#9qHk`leXjx?GdBjz3dH;7=Fje6grA z3VpBtE~@6osI`$vB_XBRNQ@Mu0~k~c$=g2SFR-am3P(-#_ART$n;!0CKnMmK9bNR} z1ZO#+ItYs;360+^vb>&F<>cwPh^VcDq1w(ehj_6p50%0lK}xw`8C6f`eLvfF&qMDD zHk%oJq2s|AQm>tuXu6|>^PRx!IWJT)dOUm~JRueJE>7uN;Njy6IbW3PpXJz}ti_97^NvB(+sMJ-yT_Yu7PQum-0M{LzPQdaiB_G%uVi(mwTH zxX17K(<#;$%Ocyt&w2Gvn*AQV==Ztufl_z3{Cetj_iYFio6RQ`PCiV2H5iqVIH6^K zUE1XC=iZQA%^audS{VwgF)Q~p83QjDEeoz&&Ws}}H11ZSVb{A*8Be2O{W25-UF&^% zY8pv04d;_enS6|Ay=S~{o3|Vg`a|Ph#qZfz6%LLPm_9{nFDyeXSk#_BUzrZIfnw4S zYjd9664ZaF>a{PL+JgPwQ2qPfbKfg!x)pNjvDRWOqx++y;)DmRIijb{o{9Yq=|o*! z+=NaUAF8gIk0)C>?swg3CsndOdDlFn;bl&zJyMo>#gdz5adEBwXxsg**bw~wz6Akv zAYQyxj~yhkB|Bnsi)2Cg{CUMu*Pz*nB^l27u_m%d{q?HbjGkWA;!dD6g2!U~4RL}8 zpyonuMJl4Q2yp)FH~}8OS49f@^ldqNf3Rj_K-RaQ&BD|Bt=*j%za8*2l-LAmB(-s)|wt zRI0S72q;J=AT=t|n{+85G7O?1AR-_&^b$HD^biE;CG_5;_s~LskmUPv&l#P$zq#k? zxqtr7fBA^XyWhRnUh7%UdiGwW?p|o$S&&hZlQN3>OPBpG3!n^_$Hs#FfX2y4UmbH)G_Ho^Y~?aFtkI(X3KI=@_~YisMmP17WUm~x}Lr$IzelP z;j%Cx8A?v_axHy!MORRMmFCN4fo}`&KX~)M0!CLYVBzAuM;?oQ``(?0M@pMF&q_OI zcWaFW2D&Xwa~ghH65-B5GB<)$ocbz96w&LCleM&soTO}}Hp|Yb-u#?0BrwvngUeWy zzw%qLRn6U)!IbhdER4U0m6*>i?xc;Vf>T^$(9$--x|h+Nxmm-nPx3adc9prl1?PPz z)(hgjDJdaQdSB&pT2HzA-TV*Xb2Ga>YRx`<9noK6^(+HfLBd?**zwR|x6?XL6S%lLlNNpn$a&c_ zyv;UN{5)2QT&0Ms&v>j5va?iHp?b`?^NO;sTPzcg#d0C|jF%Y1l}1fPg>V}@t$0&z zWLax^)E{Qm@f%1*aEOZ4*mX!l%!(m9=p@{DsTw?H*>;?QU`?}l{*lE&?2GujogtHm z2F07M6m(`w^+mrQTIPS6Z~+0pT|49NFMfwz)?qcZw}(8xZj3q2s_@`x`jGjed69kk zcMrj)4z_<8KSMe*Tyjl)NdJUmvXQpOf+@Wa%MGuT3Q~m{+*WmLIWY{i;2fi{@K#8b z;cKw~A2yAe$u=(%tmfv$ZE2Kw^Bc8sIGJw zg{3=bIVBiEDQ~u_bw`fvI3>?~)Ug{ek-E`?aloPD%H7VwMJVd+hGk{F&yufjiO$4{ zD5DH%OnDvwYot5f0#2)YXk5vbW3HObbJg7%9^T?9y87Ll{K%(|0zeJIh{OI*{1MpK zFaX!d*@Jw<`=DZfj(4jkvBP$@>E!4AnFZbP0!;*`FO!xX$i8W9IJ#k_P4Gyud1Xc7qY|ISafO;9RDnz#^TI~tZ zBw+Maw6gP^v|NvR6Q)JsJ!9^TG*o9#uY2SRiIH!*CovtAf62e5S5grsw&)Hb^M~St z45rGS4L(8H4^`c_nHAzJTjmB5$QGJpiEm!)+c^G;W&i5^C{*Vpr}Vy~k;zw#P1qk2Qc9*7LP_1H=;Apb`+h~*&yP{G7|GiTcHt3&LOgJ%#TryYr$z^>R`P3rtNnQpti1qYvw76=#H`UXD_< z-ppvPninIlE6Yr_h|`E>SvV`iv?ykI2*pddBh%L&<$pN~#<8$J0n|5pgjz($*1_%o zRBpEld1`4<2^Z0$Uz)wr79#=y4uRpz8*3X7IuZy=TYwH+jDKs&ICcq9kPXS#gNW-8 z#(n%C(8b?>Xzu^8ejqCX$}As}*uV37ipMv%9t~Y~{@s5B^~6{@UiNC0VghnLb!do# z=C+s##v6WFK+k#8Drw*9u8o*g38n6a8ZzNbfLKqDaSU&pmEJS^>V49$858aU-ez0^ z&s^+AEOQqI9tzQO6dk=U6lJ4cL50N}>?pNEiU%z)PnqLV4%@T`xUQ~j`50TVZEdFB zirQa(2igW?f~{4ME*gQh?IAtT?uuJmnC$i#k9IG{K^RUT*aB@!vbbd^WgO)M@uAg& zi7Ht;Nu{5OKbcj(Ox(||y2$n2Bk$aMG871A@tjp1u5wKQ2;%M0Y}M`Q16`?9n@N*4 zgAEMl;C=YW$-rS*0$&*1L^PYq~<&V5#EU+XiGH@MH=Y2UN6;vFyP z>=&6n*V{=?iQUE)W&A|9cXSb|5~fJkVD(=&2l3GJ-eOsSS#%V zUAVjf$};bvuxvIC1l1mZxMo$j$vp;S&{Q-un%PY4F8wt=ER<2+_Fb|mt{nT&@;jve zpoj4Ia?dn@oA=t#)!(ca zUM}ny8IhKAbZoTOp*oJP)hntB%{cwFt$+09A{*#EQx_$9Raa}|Y8=aq)+L(O9Y z6`2L!=qdZOuZ|fgA}?h$xH%x?f@|B5?86c7Gc|>)5p*D8LnA-Qrl|JTz^GIHI24-m z+fkKMjkf7II{DL~8)Sx#mrY?Ayj;k+Y)M8r2L}k`#^+>r?hrolb_e8~8Q zEHWVpkc`X2(IT2%G|Ap-UAe87i+o(>gMV7BcgK}V<7=jrSTyyw?NsA%B#Q60=;A8f zA!7_Zs4oR*J*)MC)9r>mx=}{#eBqi|h0`ge-7XDhVo`!}>bi1sh*(z3hHmkt(Oj3u z=@rbst`#ifIok0XU4nf#I+NJw#XWsglhxqJEX6v-BMn;#YJ~>frG6*H&*&9A)MMPo zsSaj#TCDvBQnj2@Gcz}56ld4S?}7dv)KDdpHM~=1ZX736v1IP>OU^L2*_Cg6*S8`6 zs~v>k1tMbLi?j0I{!=E0@0YQM70aJ_T;@*H;jxI>K-lc!KcY3k2j(E zy29ALhsF|1rEn_5ii?b-2Bh6GEeu=F&zou9t(GB9+q3Dz?&=ft;6%**zO_;BcnJq& zf`0gWGU;HJNpCqt!M3JK!8sCu=JD&iUC-D6 zPD8m!#h2UCr5U9eV}rPk2MOd1Ckz2vX->{QEgXB7R`73eEfRhH)guY%c|HBsy3g<@ ze3XUC07Zb0TvG73T(W=6iBr6eL^osSEm;;fJb=FC@}3i{%S}q3rgT&<@CQfV*n5@j zw!PdoWKd-5KVXGj*F@Ejq?`Ngq+Q0Z4J>};Nr+-(L9Beei7}i|i%<8lfaGxc?By2K zEq()Re+|(8pK18VoW0U}Rr4$6^!LA_lqaW!tHHRQfCZGqgq}u$Aqh*{vl3zFN@Ay( zap`Z)S}2Y)|7lPOFCW%;w!D?~!d$^(w0x|kJ`MLW}Om147Kb(cpIcRkk& zyY_9GZ|UDn-V8B5^VW0OPu+DX@#!2U;#6^uk@F8t$9E$EA29@<>hE)WO2guT$ztZ{ zsminWb^V9MXgHhzbOD}(gs`e?6Xry}MO{(IN8Bt6j;7G^EKjxg$ThWQkK3IRybssEwarlZBHuk;to4Pep zA!6*E=Z=EiNHvlQ37&YLuF8_7G$3T%Q{fLFYO@pWPFtIS951>Zm9huUG%^4cF`2!C zU8*{9e<(F1fQ~hJu04jy#1k?Q+oHnhz2jO~f-otz8`A=0joDIF%F`_O6%a}Uc{7s4 zuVa_Aj&MVx62h_s4NI5d5!uk!6)g4Qy>JnXFuuwH;tdv7^+x_MPjCmy^kBGTyppuP zLn_`sNI<$DKgSD6G=b_5B=a8B3i+mN!fuxRqndQb?og#eIjZE32_O-7y5-#`5aPK8 zyt3`N{?0|)m}PhC)^y-Ief!oDu6MAUOi8EUf#3(3Xx^8_(p|Y5*tPz7TpFK1Ysv@T z6xyf06)C3ggn%0SvY*@gGpuIOiCv-6-7b{P_~DOuNKLu{vn{vu^;?hg35UgiBY~%1 zSk@!N4o`rIx_^cAk$C5_xd70$)WlkU>xYQ@MBPIQj?v**5O7k!;OdiV<>o)h)&RBj zuH*2dc&9myU=9gQT8lh2nQJ;2LHiUhMKPThFYp!%WA=;T?%gggV`*4i2}0MnXIkxR zz%vZ;_UVDeR%%-05@W!7*%2UwCWIdHW}nRR1ZAU2ZBmlKc8<16lDyFJiwQp zq^&k01bZts^JR(c7;*new)riv{|iXyyMK8yhjS#SveI@m^=$=bzx*C>BSF#IyYmV8 zZ<-$D8l#n+=iBnaEN<}q0Twmrk8Uvu^}pH@9x#)~_OMGB18OLRrGVSH_>GY)&!x}z z(=z%V`NKVsMPd&9Za}#W=H{|)ZwK}a@x%rSAYSUw6H#-vzpnI_t+fMEs?+qM!zHE} z952ac(2dnlG5mwM+`6OUL*9Ag(|kGYvs>c9-viW-e0oErgg=N%#PX3`=JfrllF~iZ zKJWZTmdk;`{Vl&-uSjIFJE6&&*#EvvMc~Gg_ z%tQlx6NjXvZjkz7Vh>9IU*~jpYd$7zJOgrPFjMgh-MfeK^77vHR|Nz{ETn&OpbS9T z%>QxnPZHD)s;e2POVwdm%gM=BJYf^lmzX54{?0BHLb1+W3pmv`1l6Yor93Rt#V@Ch zNPpoUUF_VBM)nbMg0{Cm>D_;ks)j*{RqvMA8SHsCtffAOuZn)BJbokyY8=8sjo#m|SCPAY_&T68fEFI{c5Fk5VHN=0a^B-mr^qQd?AhzTo_tL4C&bsr*PJnq&*%)xdF!3RvxUh$oq zdf#E(OPtZ}MY!5b_b5NCbQiF%^UO7_Gysv;(MCdg&6kb-2|R0#aIe>wf~=Q{FIKpI zd0`CQQ;_m{@%uiUG2Mbgtv5D5wP`gE%}VP&C|2amW!x`ikVG4MOGE@eQ^w~>%B5?w zkdkZc9e2-j%WbnlJf)FAsb?twNrKfLLM(0gCnZ+Efy1LpUe>*ZTeR%b2-6I|V(5r2 zyVvMO1wMq*Y>s4Hol5kh3&T5)p5a+cI<=-5xmSd6Jsxm8+op6)fs{ip@KWc3T;N1i z`Jn9b)E5)9YmZ0sC8OR?ML&x1K_jly(66Bb&Z5)F8bM@>7s`Q6Y_VaZHidHTI=~Uu(Q=U|+ z!eO#tbvclUH2ry-F#~;#Ri?6+>$k1Pa~@_Xbi^QEO&ahq{+w(=`EVQaX`RZalS@T< z5*D*>!w&LJY|UGlj-IR+w@y8h0ne%nmDCbcy_WP@{`FFP>G=AZJ+Z{jbJy1kJzqNR z81?MgGu4RHz5S&iEZVNT{B}Jh^CS;tPz7uR{u2NLCw@oMUm81-;-&Udr$xH~ ze!kQu*S*?036yTJR2}PPP3$K@#1_^wpP2mLi;E4{vHTvO!ZUwH(OeFO4LJsfeA4_XH zvq+~F#!54qrZ;#cB=oZNa<_NdTids))35R{qZn16spZ`0j(49Bu( z@Jq+{!xD>-Nc?>52^NW+y=Nl%#z@7*#l;HmUGS1QLV9R*CmG7H-1LWjAGjW&$D&;m zQ%>!IH)CGx|FzDw<&{ReQNM1!3_KM;qq-)a8#-fJaT^UaipW zcs1?2nO@P_KBPWo#@E3)pTR?+jHwmGjuDsoYw{}o!Bot}O*%3~A(QXVp=>6S3Znmr zAel->Jv{b2%{HYEBX0HHS0zB_=2B;Ti2CC9Y0r*XoTrU-aVEYt7%xrfuwzPkQjTws z=JXiAf3|?oiw|4i?yvfED$K)kmtR9x2v_KCXQou|Ezr1%=U0dDKt9#rB84vu{|H3= z27{E(02@|8i@+kD1L479zyZp6KExe61=Ye}7RGp@m(v$bC9g{R!2%Qg=xDisa-+QD zOPa);YRsr5jZulqTkOU)RvT*&z*^U)Jgs}}pYexFx+BXl82vue5XYY79AKP{kJSaV zsTn37`O$K*{rBvokN0Lizzu3RbS`|AXW_e2lXPN>Ig8>EwG@`oz$>~RIu+V)al4LCWki*y>dLwUtjDRxd*t}ZTE5!ESD@C4r>u|#Dn!#7gaG3+mGO) z@8N%!YjQh-9%@}$(=TY)V)W#7)+3#lAMq#ZYl+n+tYY>nc5=lw62>0wuGJMUM?$3b zALDE)Y0dO#m6etGoevTucHBTmjvN`MQe>BM({gbszE@Yvz`}x1431gZyU_717Xqjn z9gDLU^MX#&b<36pcXsjIU!3>P#jh>%dG2)Gr!U*liPc(u{|mYo9UT&MM)UWcq+P)g zmqz6Db{()TBO;#`YR;8Sj*8${GKpr$XsyR{3thQE<1ammCEk}zVy_LCKr?P3ix^Dh zmO1)!ky0fN%d2|*Al51I#k^A-!pq`6TPFH1aeC^S*h`r;7DJc&_n&u-X5cv=yO{Jp zM4GpoAxBzs%5?h6WJj_qI5T>(1oEqO(Q0xE{kOlJzL^Yt)i~WngnMT>WRR1k9jbK? zRYXFSLdx<&LA}RHS9k$ z?D-2a3ogMvE0}_=1jEpGr}ZYrc~*vWzU~1ukmyQ`VO9b-iGls641b5=Qbb|K$@#S7 zPHj<772pIrqH0|Fi>Mb~~L(fn5y3j_-wSE6zr#*c+!mI{Fz$<3B`oEjaGWGc4NEWZ`* z8VGyiW`vDPJ&n7kz!h+#ciW#*?E zb~hXGnZ~@3G5RUjvOYb;LtiAFVz5+5!*V~$I^|mpigpX>c1|@*B%oqRC0C=Ijwd7mAt?}&erQ_bF87xrlS#;#-qu% z^CsQN7;?XM=y=NDr`PpsdtP6~VZTha6F`08*kC<1`&mCHvRr`APwn4Rd3W#!iz~+l zGR9Zh7SFDi4=_>=rtNT@z=e)PRN6)Xhb&sq)a;WWVCBo6aE)4nG;^ z9(|g1Pdo)xT+?eM;?n)Zw>%NoKEsWOS7E1(&VPNrv{HdL>2x zLm}QT)T{xJZg%WRqaW>Nc^AkBzGxR}*ZY8(rn1+9Gj^|GRj_m{%OZg_MMbEx)&d@5 z-`4biAXjT&+Pa@?*35P3h6YJ(6;c#!^GEuUXym&R#|F@g%S+A;8YF8uW(DyV3tugs zi8<@DvOC(o=z1&wb5Y1XY0#G+E@U@$C&?{V?qFNM!4kMzld~1j+~8-AAAue37P*D5 z-5qf4ZMIm9FW_&9$*I*e)Q~()#=tsZ@eQeIhF(=l;NLkdcO>&wtd5zucRQGq5 zg&8p($edraVoO#<4-huJ6|S+QB5{sC(4Q;hlFzcZvCTbB9uD`9ies<>r>$gS;wsbsxLg0`4{Wah(uKB00(Hx9A0GvGS#fOi3NVs8;MWJ~YRu=2I0(fw zP_fm2`GNpyj#9+9ttybNLeei5ua5ftRz=Dw=t>1$zZ4Qg0z4F^!~B0*ooW$Gc? z)d^lb4hNhV6%Doaix&llfNn)QbopyoD6Z9P;}5P%vgWuC9C;@r!TIfLfF2!js4}2c zDsvCeJ$+T=_Cq=u2@{C72>zE5v5_p*qy6*t+55kK3ju%gHs53Kw@+exPx70aqbql) z4*)Q0!b1E_;yG~8;lR~pS>@fePyl&#Dsfiv2z)VRfBN+6ctP06yS-(sg69IcQfzge zQ-yZKVxT{!5hJO{3EQncf8NalK5~P*fmOT+Au7AyNeUb(cnZ%AIQ7r+c8#yV6R3I2 z_D;Yd4wD1Ku4eNymbIzwRRg~V(~c72|qV~aa+6HYzvkDTK&S@^_+uU%KZnx)`;7OR0Esz@fPQNB z-~aL>i}cMBSDb;LA;!g>`Z+e}+xP$RFyLA&AgGQLUPt_#t^Bv2DLB*@tvWk#{PYbf ze}3mXtBgP~z-xk4_fOjJ{~Z|ox3Rpckz)p0j$xZUF8!Yt3I&wXG*_Vxk1zh8euiiS z+{`b>Gw=I&?ZJ+Lg!9^M;>xD9 z#kqkNc<5j5FJCeOc*c(ApXu`V=ev3n$v_|Oz6lFcvmd^C_SJu$|EG>`|C#^)*x!Hl z-~XTe&yx%(cwxe$GRvJ_&!Y3Ke_T6VC3{>q-(X{B@Qv}G9qwPf=jn6z{ht^9aTmZJ zUp;q8!^u}sT8wY+)5*hoseSEu5^K9kkYcxfqF39W9^}iemiSp$aySiI%D(ng{~sOS zEEkUQGxXymYGA&pJ|NEQAHNp=_~~BVJN_xd%8P$oIQ)I!z-a&XF(w{44Ya|06<{0m zZw4J}0RXWW@{xX|N6+8C%hdUpR^c&;R7a{qxr{a}N*fq;3DqlKsgBJAXNB^IIcdqVT6U_BYe?r?32VSy4bI zGequ3pMP`pSY83cKlZYz~4|9LElB}V}$AJP3+AoRm8aOc>$bCTA-&GDgPyU^s`&;w=&*uNn=KnuM{sL_~=_NhPaf4EOc1>NT zt@-wB2sJWBirI23UA5S9{E9g?n!PnjaAavuWy4;~x|dhVW#t0WyyIP8ww?n%riAdz z?Ck8uA~qphcseYA^Npivqdo3gH2mkWfUOAN3GEaOhkaX%YU-LZ;#jq$nuTVP$N4F5Q^_F-3s1IBW+%+WDEh)L+( zyyDqVBAJ9W2zaK9x5uybNQ8jCepwhPg>5g5Nkax&A_S(}-_mcQMu}M17efbC!8})I z+UlL)>?{6093H!$UpftTwwI%>LbYGM+;Lr8LZp4hu5#xn{>Gs+v(^jVZH0UDT}m8*5b{Arp=Te0pO_w= z=2;pdWBmf?Zp)nfuqU0hEuvO~bZR9A7UJDFS%#0~tY5c)k0+|zRj-7jiL?3(^AS-H zgsMCAha>;@752>qFu*WXRYe&JoZY_>Z<8OY7B4m5L*ud1^>QaV3Il4kq0&l*FL{LAnPtMSkq-+iTf2&dC+1x zo~&RWRx3d_3WGd~zQxBRY{0fE?efOgi#8BwO$O9k?U)-nfy8cVO`EA;5~q zdkzz)rY#a8@~t}JZaWet*519<2d6}fSj>FR^dX)4LR15BX=v7W!a94gKYJ%v-VIwq2D3V^X9`;ijo755?3lAWY?u$ zK34x={v9F#O?lTG&NG{Fl5?vgFp3RBb6hJkLwnv8oacjYh1&r=`O4}e1a!a9^T?25t0*!-8J*w53YgwD%If&V;K(hts(yg zs`T}|npmqT>v;hz2y74Cy~Q)rjbK*~KW9+Y8nLTdKHzb=)9lH40iTNn%k~><^lE`e zDp#3SN8H~4y`~!4E{YWKKdhVT3gCQKAH=M;lE6t=23?Zdc`LFt9cy1E1YBG(ZH$w< zd2;PG@5!@+VspZuIKz3+7u`wtkP8xSD~beWHBqbXt7^CL=&=6IY8Rr`Ge$KJTA~Q1Zv@e8|UiJ(WmEI z$4?$3G}6ll%uEDPBc?6|yKj1_wcEP2&Ktbnd*r#*{&JE`oGSkntLv!Lp3!m(XBr|a zg!{;ULH1zsnApU7V^tfq-B7uuqL&kyOiXIVotDU1DJgUnO!)MIw}y< zv&-zg*xHq5GcZ-|QZS#0-o$S3#9aXGbp>y<^{6xEXIxTzI$qm6M!4`;vTaVE`S?W% zd)u?aHn;~#VGMGf+g}3$q5K>!Yu(pQayr}kERkW9?3Y?cN%D;k;3PW98{|m;B6|u31g@%To|Z*E(K9f$ zR+qhP8&0BTACHr~NvDi&Iw~5#=C-Q{%u$u0Y2!P-N6f^PQivR6<9?bS!*8Bey-ms% zrE50z7Nu!8bA!)39S1HQmhXp<08>l@k@7el}p}&<6|30vBB)A&+!-H$h&CVm%vQYd)Vq@Lw3ohnW;w_ck$$m#tC%yi*-yIvQM3pNRKp<8C+b7Rk+j zxJA)5&%!R-jilSHlv0iqZgoh{C#8f5%RtN+KdP=iognRmQX`k{WF2i|O;KvZ0G^ZM zjt9B?YoX=W6wr5>5Xn{uQIGc$`v3N4)9yX!*u~v_mMy3=VtF_*yZT zEgFs+%+fY_YW`*2!gRc#1BnnVA@}||_0LVasNyz9N=Aa(?%#P{R!`vxyg)1&0Anr8{ zR3`t`_JB0`ymrQ;j-7r{DYuo6r$Ab+34wQGYh|)ndg>wQ>n%u9_2#C^9+~{XKS&X? zV_*X1I|1vKvS|C1py$RvTABq{vha;!a8X`et0XgtSab~b3f3=IT3`jh;lltx+3576 zyfssaV#<%08dGNCNpMjXZT8+7wt;_=^>VAa?Rd{IM2kIc<1?KS)kJEI7Qz~A$p{~d ztctaYWB5Yc&}J-X@?s3+bm6 zreS@^2Ofp|L}L}486rgVR(6#bkI406ZMEBC-CODrq1BXCn`d3g3jQiS=Pe743PcLE z5vrYrKG?9FzxQ(RZ=nEzmIb>tXobc)6dDaYaLf9!wxc)at_tv+*|$CLSIf z!w)_ul%}f%GbeEVN{@Ws^s5q@3!b7au3oP!&nV9>y;`j8Oa_3-P+^_Yg-m<<9T=efaBR#dw71B~CG~k09+1L(O|B|CGvgM8^YFPvxRAM(W$M`;hb;EX}Kai*r5u8Je)NwAcM-U*kR&wUd7yq{*4?Drex2X)r3`txqcv9XgwyWE_?Gj z#1LLhDpFQDRgc8Vuv5=rg-1=MvD-#k7p|dzN9c*^mLp^|5KG0_YT|500F8&YpI8)N zTF2Bs-MCB_B-SyWuk&=NYUSHB6m@8Vm z_M?M09r2712&M9-Ft>UPLmeC{MZI^uO&;u@rc29aw~AE9NN0V}qZ(VSSYF#$m#3R~ zTBgIe+^YXdaCKQie>P>?#OnCz`={B?us%`6fwEs;n08akziA(&Az^txbU-#yxINc{A;Gl!1l;nD$O50wZ_}u{znS<}DPI($a#J@${7-{{G z(GbDp($6Dz-U7BC?va@?g>tEq$sXTy(pBX~=^U|CF`)8I<-gH<$=`&(R3|>&0pqi` z*vRRXx;Z;VU`A4Dxsz5qrUgVM!}<^PLDLPa zc|l^!**xHt?N<0i%&FXN7Q(m%JTS^y#y%Weu58!e7F{UG3UeO*a{a81rQL8bAKM%V z$PCkb6{~l>cS3wH7ZML!Idi;8{ay~Bh1a<7}*OCB^GEBu{JkQ_3 z)9-o6-vya#%z&!)w$_mnj64nC41>o=nJJriWNzYX319VRla_`La;|71 z+&&s0baV>YU#?%?8`#iSK%}We>Qw2-n4mpf-*HNaQ^xZrDgqVigT&YvetXWRfhxD# z+oX(ZU&xrcU`VuQY*0>0+3MJP#1W#>SE!q7q+iB>CT_p&8TaxWeX%9zxKlo_ps%kR zV$E7C=pjMe)+exOKNbRyA@XFm+O+$O1GQv`7e&$=aYYD&EHv&NT|6UUnO^BgkBE>AV|oA3!o( z;K=f+B?lm5A?d#JA)%(cfqmZ=%7flB-!KB73g;#fJOl6qoiz#9mYJ4}zzJRSl*OT_6=x$}OZa^fdfQSK&5RvY{0v@380 zTp?`^`B@d3OY3v7^jkiCq_8|303Y-xGjS)4rQ8gdiC?9;Eo z?$|01=Pi{iCmkx9wD%fzhQRUvK;!xLSUs6M?}9X(ZoQ*cqV+BkI|FYBX0>2U+izU+ zI{VJA=!UMRUXRy*#qqhJEpl_HJ)($8r+!16@DecnT4!(PDeeR>ngJF33a7_{Z`;zO zH z8rf-TNCj_6>V8*xgOCwyFHO@UB8DMSYWKbTG>{^-2m{&RZ8}U&d%xUFp%V32_Q7qS zB|ATsS*=>kHU23J@?ki4;j{X{1FhCb3f_}&hKI32kBGDxu-A+{@uELZU)v5|>%X_` zcQ0#Ghss*D3BlV}f?wR4c%t((PIavEHcr>oG`EePEv?gVf7F>^Tn0C8wI) zzZ6^!ZG3}gL?KvBov{whl|yJHtapqm$-dVG{Siyn!|ZyP4DtFS8-m%xDLxK)eq3rFXr>TesLCnH|blwXo9Do131lijjOb+83=wRF7RmweU`oHA%0(FbLv}c%YIhVz5G2&R(o_mTh4MsZ6 zd#90|vi8is;E-ggCa!V{SFd~5Uz6s(^QwmSa)G$NHJyxj|5^#`zWxwx;T-$3FusDm zbom@rxGe3vqAsk`&>N-X9Ht|{UtmlRf0zqD-OCE(ex6&r;wBG*jNRTI!X0J+AQU?W zC|hW~;yMx1f>f47dlH(nTT_L$<~rJsDWQulX{ic=y&e+MBiH!A(tENQbC<)d9MFu+ zkX`@lFOZI4xZs&O9aMEAC-f>E+bW767j^*fPapk5Lz*h($b($qv7*oA&qW<;VaMcH zjoPZWS5O@VPVjQ)`RBeVYaW>vyGV7tYP;-e5M^}z0iz#~jk0;+&<-*?O?4=ie1I^k z$J26>+fJ?llwF0}GE>&37L`>y9E53bRfWq5rawwxKqC<b=+rdkb{p8U%7F$n40V>oRgo>Uvh0BPa+&QoizT22E2a1zl9v4WY2mGrLV_kEz}4nKjeYD4{1@5XcEcPO_Lmf~awMJW z*x#gMt#LAIyMqptV~CZV4H0b1u}6zjtofLdyYQ#-0~g&F1`8L;?gp%==$BB0jkhBX z!QmAB(Bs%1@-}foq3F>eW;P4sr|#=jgW?t)+X@?JjT4}Aix>8$s99Zv`zrAZb#!yn z>GMTd8b*j})FBB#f_UL0X!?=p>USm-Hba2FflJR<@kfQ#DrUs(j~@;^?d8s*d%huI z&7)}{WQ4*dpqujsLfW+0i&LVJlcK%7U0^-$?t8dE4=;g7^eYXSK6LQ2imi2lT4M8v z^FC06=@B!*X7P(W%g+;5#D0R9x|0P21m$bx!3{u3filCDL3L+fVmD=w^6HrB{9Jnw zGVPbfBd0jn1}N)u&n)Njq;YRhHvJ65)EA8qGERMuz;JJGCPR)My1&zkk#HElLM_6^ z0YPtXT6R5)dJqw&D5E>O?L1!_Y@-L z^Dg)(lfo7BJv_)+qY_Zqv%&X|QBGzYZ2O1#x;x+R?-5IojZuJvo%)ShIK*_^!w3Mm z;+S3lZS8g{$uaT3ovg{wCeu(wstq06tSi0o`WjbJgajW&?-hCrMMO-v0o57&N}n`P zpOBb(lQRA*x=2|YNYA)2x+5U-woe?Tq_6HC1X^~fhEj}|aTNiI!zSnl(Y$`p7gv4I z*P2{_+uNG2&mTCYC%*6r%2!{Bw=D_v*qWP_hpn>eDI#9>-p+pZaVO4Te<)35KvJ5z z0y?(>9L8Pr;I7;6>~^lijl5vg1+2?rK3nI^TOP}PVXNJyx0JsZXRO=X! zYmCo_tNEzQktyUUi^5yftZ6$_)Yy5Pla!n^wR{@h^3Y-8j@q1B2`7K$oXs6M!`k<` z4nW+`8>}ab!^~ocu zEti$Stg`Y5{iZo)5E0H_$95Q?EeGDA1b&3a*iSl$tiD>p!msLVF zBS6~lhUf?SVa$$X8oQ6lYB5F!3GW$joQ#onuypT!QE3+m|qLB)mwSOKkT@SdU@8vEBxs(4v&y^=Aab}{a% zrs*2ZkvhBOlxiE%YZ!1o!r(DG zoJewj#hNjt^o+k52?0WWn z@y+^qiBHq+m_6`HDc}nk!%#ylvq*1J^&Xo*>qGfPRpS`mYqr zkPFbG^)K{wp(z#fYh`l?hc9J?rkn3IV*m)_R$tQ*m~*A&ke!jpuc~S((0m$=A@>PS zQOLW*Ph!sIKKuYpHE5}-OS8B)|GLo~;|hLs0aV?Ieh!+rK=L$-_Se!Hym~^@&3aT4 zLi}(|WeQtLy6NM&EEpTNJjV(<7b?5?;<|nuDQyBT=eUr#T_ zmZ~g1QMU4-s^}35=A5|l*Ste4ionUmHn?+)jrP|>gKc;nzP~{>hQ6hM$k-#_Nz6Zma4ZlB@J){OHp@% zTrZCmDJOl}M>VPDbNdJDs$FEYVGWX9uvd#GD70Lwh$nA2H47$C9p1EcT?=Z_cukPfS#4 zi@~l=>x^aCRl4m-^_b{cB&BGTMC$XVD`8E#l1v+Ow7@~1!u`|C&7T&%rRRB$YnZEy z1c*AKP5g;OPr@2&e5K1B=I&&o74TSDg+O}9UVY21_STL98LDl^ z!>F3Sl!dfRyu z8yQlVMo8;y@7L8dsBl^2&H$0#(ak|kyua?T)G3P5d_>%|%W}S@*7u>?!Vu+8%{&KA zQ5N$7ikiid41+AUaeHr=RZvA0tQKavg0_GIHWYhmEJMsSNQ^yn4Nt<4+C=7LXFlev zRkSMP0}O7nUP)2msa@>o@3cQ2Tz>gygqKc@$8SbY;844@Rpzwx+(GqR^L8_DX2> zbqHpC2yo$(&%YgP4vX1jFVD&R#PGkFNaEc?t?Zk|gPn;PfO?;Ye0Br=kDX=-?m8RAvS+yZG(TkNfASAHl`#wj7+k zsSxhOQ+eZy@)Zzj`Xg?JOh(Z%9!_?Z4n01HB}z7*FJT+qnVN=dlKk}-Vk?{Jd=~1u zN@0|Cv>=WG0Odx2j09(Ug#yBt!vMcoy%;^_Oqj57g{#F17s!sMv_sOQe@qcD7zRjK z+-5Q?R=-Wnakm@3Xk=%{-0_f@(m}IRBTq?&_PA;&SGmJOuiMmmeI=?1qFIBk%CcwP zGBVG6TZRAagSg6_NlRpz3qTnBk!>b29L-Yhw8^h7YECk5k1KDMlj^;G1E`u!2M<6d zGPU!^(bMnc2f$YW?Fi)!K(5&L&f^ClBMU~ZJP8-XMbp*cOaLMdd`r)*GtlnwqYi!W z$RV5aD&YCs?=L-We>A^p(+S|BCMN7h5K%;rrDh(4(ExDQmi}3`F#-PCU$d+72A{{vnGU0kqVXBl|4z-?k0y@sPFdE3~*#8GERi+x5rg z>9ppe^*iS*hl;>wS&H@KT!WYdrw*vAFC06$Vqm1abzQO-P%;1lrDKQi*frv^Kf|s4 zgFWW^Q9{Ongfu^2ueE4ch}XbI*iiu>wKMlyj=-e8|1uzqxkC5<*n8`MDzohkc*I~p z1q&ES6%lDcI#p1l^Uxukhwc;+Q4o-B4oDwTQV!kS%>fR5Xrvpy%{V&Fy)$!}d%wTF z@8@4g?DM{Rul=lg)>>URGEcZcUFeQ#9KVIEL$#8FE)frr{3H7sf5BRN_0KQdk4|Vd z8-upxhm$9%XWLQp{R{nto1rd;d+71>Ia4ujTbP-q)0&JPUb0G#w$SQld+(WAba$Rm z_rxwh=~@uq3RsCts_0}?l%(K6ebTC%(uik%G(OrET|A|cJP{j=16UNIE-R6y;^|C1 z(y5NC3n68=iFO1;IvP=aPK%S~RqrT4ZbZ>sjBBOD(rT%X4g_7_4lrE&X~e192N+yk z6Pxom_q1;p-zX8*O8n9ZlA=mF{cVcu%OviY=zc&xJko?M^Eljqsjq6YV2aRiZ$AmW z!HQU$H~I+dI}e%N_Lx$Kr+b%p_rgB!HPL{y?;w#%mi}Opb>vPHMd*x1;*(^MH6Xw_ zJRNB~7UzULcm*l@9TyS_W(Pl-A1pSQbQ&kGg=L#PJ+L1>=#tQ^aiBD-45fd6Lwsi) z>gv_6=FB3Op@vtyRN#1$19*x}?hFDwZ_znk-0L%~beTNoxy$UvpW1)XQIk7^E^|D_ z)5`G@xQI{t)0rCPRLV&owr6Na7!LPr zEIUXcta}M}Cy9B3h!m>FjH0}3zk(-co~6DnjBWHSftnp}8aB&qLYAS8<3!@Mok{;H z0jjB9K&UE-ke#kg%x>b{Uk-(lGEIG&n64@%;k0UiiD8pNOips{#AX$4yK`}aD*4bv z2eN`GRZ%0+;E&Q2X+2%Jq>N5>3DnB1wk9!{KH@Izsf_wrrIYLEXfig`PIZa8m}^T6 z50{$#^fWhf&=b?%^S&nmBBwA9#q+5IF~_F0>5j`sjv#6|Q&&p6?$c zQXBF_TzzLEbPaI%$a&Tpsu>NZ8WcWh+Ly&>`Eh~Klsof@p|yo&_7Ga-g7k@{+DYv} zrZi#@3dYr08Ju0TwH((y#KFU~IGx6*kh^HSXX**vym8^13b=ABd+A)6r6ii$I8VDb z;uj|9YC&W}0|lNw*yxQWcuY@Eh;H2L@Q1pxgNa(6zN<^7&JRZ;IP>kC0cJCrPt>G0 zHL;!KDeUn=9goayR~@jG^7KE6sIj0ycGz!qvJNjR(Oiv?g*vl*yiPy#yw}#KBh2uu zVCtSIwy28pG~0=tRLiIaVshMXS6fY8DQyOILO;*asQWZC6erk~Cb`=z^T03MN3|ohpg|rc9-QS?l30%u7rp;w7dBy6o7bKKH?MS zcfCUhO8Lv-o{^%yb{%3~V({Vf{nX(tzOk43T?szH;UxNd*7m918U!G~In>~L>k)mV;k5uUy$1-Am7659v$ z%RSmMa$V`2R=7}JfUig(zI(dNM}^HbKui$-lJwok7;tdg-ZHuAUYyr}iO}dt56jW+ z?ZY*E&3V-hWZ$0c_4G)8nL(_$7B-N5*e&d53E&WKRE7EkP@(sOeF}^sO59Xw) zkRV|Va?aEC9%1pLjO<�D_r)J0E<3u>5c{i}hzBJWla&CXS;o#i*HJFJLCzB*}Tv z1F}XJL(>lJd&Vj|L5fi!0OAQa&1`Zv>37BOHwKMXO4qQ(9Cd9wP=%L}1H>0b| z5=~U_yz@YSEh7XAabOgRUm!W%j%M<{!7e;r#Ou6Y2O=nGi}I^eCwvsx-iF?qBfy+7 zA2{(zzH)D4E)pe;q*kONwmv$q{@#~_t2RZ7e6o$pB#T{#*<_d}YZDlc^k5I$|qp(N=sQg_8vRgQ4~N4gA;3+mrFgenec4^>-bfcvXKS zfje^`ONMt~JvX$@RIr_{wc^>}?Q?ZLH)WPMlOLMDjR;YI_oGCRQ+MhY3ETfaxUS);jpsmJsKNhcDw)%2_R1mVrGYUE_|K4RnwC$GJu?oZ zBeyk_%e@UQLXmREymG^u*sYh_;aG__vl^cAB|&5aU}R0U8WclxE(zD^3qQyZfv$BA zO-iThiAv9&-6jsgjFLvltJ!lLrsVk8YgxIJfhg`tjDULo#3q2m*amzvQU1&j{%-BK zAqYUj`{mZw@5ODB7;eqmOE*X&mTu6IB7Z;xixk@d^zfG4Wo^S|sFg*myfbrzEgGGnZ?b0Dll^n5uaqtnj4* z{qd?WKqvrl?|W(Yx|8e7q%}U^ko0@RZxJ)!&ytj3SKmcH#>`SyN2O1QsTSH>qM@rn z5A|B!_NzOx*r2pts7=qdrej0mmH@+`GeIa&A^XMS_fD%GRdW;VfN!Cm%XqCL>-GzyQO^u#0vV53S?d(__>KwCSwi2x5Cc8`TpBSlG2LE1X9owUhHW z(uuJ-IXOP?R@we?-YALNq13H52SUKw=;(-BXXwUaDAVI20aXA^$I1UJ#Kv(8HOMUHvi5|{O_C-d#- zmaw|ocP0wiD>`k*((kIjB8!fea3lA51U-ktv-oAl2_M8_eNRX>mWofKfODY(QO2(e zNT-&DpR?S<eS#fz3v-%C8|XT(Pzpq&Qly4~2~5 z_nbw!K6+2Wb&rt6@J1?zgkdVYeWpOV6gQH~bRGsLbe?QV%cWL6tJxaC!gw&Km;0#w zbJ#;YaazS3c1Hr4;LLn`SStx1?v2YNgvmO=?{FHcR6Q!B;t-uQink18R&*Tb3Dlg- z)p+K|JxOVOrFxY@|r5VzrPv~*d2ChObY>lX^Vk1`@^B4~}x2XnhM59gG8)0O%0 z*;f++Ps%lJs&4gqug41N_zmXjLU{8#w=)&3<8IibW)eyS-V^(%RWH8l40vRy*(11k zOC%c`E^*?np!VaGLM`P2D}#bUy-C3NY;k`;WtO+%vM;y>Ja1`GDG)aVWoTU?i5YPe zAdc|Rmmbq!ao+NoX^pIZfAgW{#zGdv(bSqic#~I_%|#5o4OBBOQ6lg0zBf$IE!C%5 zE(4jDYVejY>vAhxD6yh5_OT;yo#@scsKycYbSS;fZR14`&vwS^y(f8i??i$3vGt3GmH9qb< zqq16;!PVWfNOXOwDz+hLWZH8av*>CCgFo7I#uTIIF!06la7x4w) z3VDG2NxhFJUKZm~irrhVSK5j~RmGgnrR%r??muCbOo8BU_rC(?{+EiNr>m3lx@a1{ zvVD5Rjucg=mDsk<1Sv&PwGt+iUpOo=hl43h8Qk!iL+e5Dno*PsV7z;0suuSSB%7^T zqGLkk?@~K49EjrC@~#)PPpcC!DBS=&aViz~DjK}+bUzo+^(Pi-+M=?Y96nn8OX5!3 zc9yrF%fWTXR_Y2R2!K-0v_)T6Ew*mvS5B?!j9@X+RA7mV^xD74VyK;9$l0jB&9n9P zEH3B$a&F_<4_+gN)++PcadLrjvw3!_69>xJNr{K@CO$-LzP6;>nN7)T3yyG$prPA} zDGML?aa#RkJW{7Y`G++fL=8L$Ur5%RtII(=z=RP#_p}9ATYL0FN^G|xT$dg4!Sy)> zo$VVlA}c0)R?EXhO}yf#3onB%ivV5QbF;5~M^|ACwsK}J=`Z*5MYiUC@w73FA#*(( zH27q-Idm{U#+CF4a8y3J9-oOkU^ePYze^+v0i^lqV5jtMlbAGo7Wa;YDx%VzLi5EUgok z0AD>}DeNHCS6UcAX`16?wc>2N{K_au@H5YY0xgw;UXc?tcnc_?wU*>>Z`9i73 zxf!igpTgQD`JSqIFB`c>@iRXc9uVCuOI2n=r~x65uQW0T z^)n1prCr6gTO8Hj;e3du7?}FzxS7Knfsi1r#YMU=Un~qSM1{nfkwopU6FyBKz*HrqHbNdJd~!um~`cZFdJ$$ zl&`+QpP`RkeA?Sq$1Q$q3HfUna)o0v?;wzRJmHZHfb+FwDy#KK^<&eLBP9b->Z~~W zGTg=|49VL23tfpKydxbgIR$i(C5~yHWc=d(8?jV2@EPE1^0QR;+c{M2tgZ^k_0GK| z_w%Y0Bnxz%(GGqk{g(Q?72sauvyGZLtGLucSbSx=Yd4m;kB8r~+c{guGaofGl*=yB zt#BQ_*B?QMxf~vn?YxL`sl$XXae>gn=Q&Tl`)U#pUl+5(eDmqveh?m^Z>q9Owde-v zja)`$f_*Vi?6o5#$02mO{uZ%E7gNA66PQ2Vx4TA|SMd>IG|}xR@eVUrSkU%;BpJ%V z<(d0d_AVX4FY9$g=B*HUU5#jYt?8yWWEF56L->(N3Pbl{0OB!)2k!Rem5UqF*xi7uxoq>)a`iHkI8X) zWLHB-mf6F7$k^!Bw*y*SYQ7A~8%1yfJsI|Zx15cqIvM6*;k~VXg6{HZfr`%rjuqG zMAD}|jr83`WuJ76fpYp)e)SpMx-Qa2@UW0st(Jseo=0h5A0KrU7?pR$hnUrz1M{Xi}Mvj-zi7gAdzSpNK<{DnI?y>O&*0eq#=;uNESx@R{0gvSENdfNG zR-tt{O}V|;VgYhlabPwzU8${=V$g^RU~xxfm&bKX~16h@lLB$YZ8Te{_yrRwsO zcUULXi6TinTpAu{L`-@9S7%Zzg4O5d;7aHRDIXR3Z$k7J+x3X&YS?}s;`pT@|Ng$g z=4%uaVBUCQ5FP8iTNuAX_wGmQBk{)b@o12f4$^KoQNVjaIf=r|mNPAFe2K)if@DU1 zZfAi_HdJ4}a;Vo>AOqw<1fPX3?WZ8#M3dyw?F}bz!^;%(K(u%qID49FQ;mtEzN>%n zU_X8^IO`OCU^a5ru!5<%^kg866Kq^hia(=GOBfwd%9-Kb&*qctThaBk zG42}Y)%B#xu)4-xFcY-5x8GRor9sUd?5fgtk@HA44@_t8n7>bBD%(z=e7HuK zzi`bcgx)t)m+mbCFB5#v*V;L;gu82qxoWgu7KQ#73~z#| zb4K#Cs5q*oNM@h9k$pjX?+|~A_+Y_ED(~RHdTbJCwO&lsvqpAB%JqME78KbssTY`VzCVsz&Q-sf zp}r+@#D;HhV4Z;df=y?N4)VTH7jsh+(U~D^w;zb*3)CPN7azvT7*KRNPxI@wy`Knf zF%^r?({BPWhM{BBC$L*>TQ_vp&nLfliOdLJdpvA0K3FYwaT5)aFiicYywbm7Ug8Z< zE0&n_>HFW@Isc+5#`%7qugmQ|oB_%{o2BcWA0Yyh_pAz@y_oiTTYK^2Vg{BJIJ2Nu zSSd?EJu_pma%!$N53Xx1;?R)%2g1 zec=dbJy2Y0%l}|*{MG4vC*a`!>Er$IrhoomZcDd8w_cu}*3;!|{_QbhV@{fobz^G% zx6F?MPf+`{CCNtlUq1i;y8UsJeeUOkE7zXv9YrW z%&21<&-QTtC0xaAm$j#V-{ktQeySe}nzs|qVpivzs`LF{EyGR#mTB|g?Eh!u!v1Bs zST`_Sz%Z8VQu9BX5B@L9jH!U(jhqDYD%VdnU-vIw-0cE2Fgo2_9?T*=rsRz zv%LLiY*r=3QtWiy$p2zZ!jzvtN6Ed)>~C%FAN|EI{>9t;wi9h0U>VD}HkN+xlWAebtQ(e8D*2eu&|JTm@5XUV6O5t+od3PLp8$RTEO>YRGfEb2qH3xpsuW}%rWSGmfUFRHzh2*M!G2+ zqB@V7oS4u|W<*b(!NtYhJ*;+pP*^aAhH3XU1?MAL4Z8K7Ys&^1BN33Yh;5H*jved^E zleQc}MqRg|jcsk279}z5hCB{iIjqnXP$T~ksiUK_R_VCXP>6EUS~N1I~O`H2y+_U!cy<(o3Bu0rqfF|^MS zL!qs6J@yk79U9dwAvktChwYSi+1UCGQdlH}=v+pvIK$8W!@l`uqhJ=8VFlUT#M6sY z6P;QKfR59p3|Ukxh0mZ~xmJ4ciw->ZGzg(p>v_4-W^WM5YVx2rDxFjUa{d&Kl z0b#byYzx5nd5Tg;XO2wqwI7Kbh8)xNNrtZMX$&#UIL&mRSIBO4b~1Lkj@??_+6pn~ zHf6*WXg}ED_cUL;^>rS>qmiGTHY)dVuFriiS5OE8EsCCkH~<}(`4>`tv_!VHqvaaV zQte4nmm}kN<}eqP{E*L_y^?>)!^2Yq1k@ofOEdC({XzxF98~}xhb$mGeC|OA$v?e9 z6>2Xl{7avmMUH-QjwEK!R{!|%qt2HParxN9s_Y39Yy+l)B|`N2wxL3ROxpd=T*TVk`Cj z7SS!C;xoMgcyTF{R)Sb}%&5txXF(w%d0ak1DoUFKUtc4(yI zj_zl1@ZE|H&x4e2!oH26(32lqU_c8Q8hRD!7cP&qFV_+c_J+_a-toqlJ#ZQT+>B>7 z+r#w#a85)N{3kqLamXUAU%y*?T2?eIFE8&58z}88Nom4UNrB&*vnh#vBzJ_UV$D=P zKEt#efF&&}dsl*Q*A}_jM8qZ*c{^irQl}b`e{#EJmu-q*9R<;|sDLb_Wji-TOiT=u zVGH}*aAI1X%y=?+k)XDz61*k)Fnm#5*n*=zm00DIQ!3zaE={ov*?y=|<&x0BMh^4@ zd0|Fvo>5(Wt{s};clo!|Waq*FV<@}e5F@OMm($i>fzW6`T=g3fW8gFex}i_bj=|_TUsfzE zCX)k-kFKLw7cU0J3tINJvly(cOYk)z@{Q7X3UAw(41a!1Pskw+CIH=KrEeP+;a8zF z`iC~3nGCn)MUhw zojBKe2zob#nve6o)y|jO#qqtS7g90hHir>&!jH@C$85XG_%V?}M`zAlBOxJo-rov6 zE<1d4kU)yf+r71$E}=7(!gz0(Ss^^iWGv;Wz-uTKmyPUk#V6=3qTjGgG8uzTN%p|8 z#1f5@Y+qVZqP@1s)-Yf`SzBFQ-Iql}@~pn5;k-L$){(>`x@t_$5)8@<^ zljcWabUgM`(y{DuV24uIGJ{YEHDWP2#}r|NX=E@viHIwA7Qsfq$}o2 z=RhE@9vX0P4Cct3e+@YBcL2ADGb1&E6-wQ&!d4rV#;+o1VIgirD*oGnyLA)Hb{E3( zj8LPmKe`^R3MRjMqt09<`%4!Ir(~(_rXgfd-*0DsH!`-9;yS%dFm7>kwCxC8JKw&k z=X%!XdBf|hUA=xYZAU6{wCePNzEjT~Atb9+ar~f7(!{j<^8k3oXPZ_-PfISV#k++g z=E)od&;>cmB~|!GO%)ZIIb;?rm6K!6i)OmQ?QD)!qo$`N(VDoZs0eb+Dkb_GR-9U0 z$x;Bffjazx)j=p;v-aM5ARhI5?uk<@!!dl(j4Avmxa_KP#xAp#c#G4I2d^ z(A4-0b$KB$Y{@_5lR4AGgj83F{l&p-m*|qCq2>Zc1e6c3~FbeeUsWFdrH@E86#EQ6T7R?{#{(u3&K z4|(?8_jdbbB!*_h#Dx4o^R$MHLR4y7@pF@+C7bInEj)!Ea~kt32Z;E%;|P<;GJG?~ zetYu&tRf_Xfkgz@ChS;!rB$z;55L50*C4rWfydtEjG$92=_rAD^OfzcUG&WM&wsOo zED$yn&dD<*Vd!LJ>>GdRz-RGMIKcJMOXkh3kcp3Xl6S$(wJi9R4O>nV5<3Xb=Mw$# z<8;;0-+ZN5(sQKy%_w*j3l*ajsJ}O8Y;CnBlu=WocXisiojkdP*_WxRg(1k~kn$nNRdL+IfX2-_HW@YVHv5gjpe$Y8?3Vp=?M-rWvFP_{an6%*%SSxLCp0H`PeW(`2aAAgasbM5g%Mkk(tp4 z`@009*?Xn7DE~?LP-kkM6J)%>FfI-;ukmy&B|E$0b*ys1`{3q#;sIci_h6BhCrjSY zHm~zu#L*Owqv$4uyt{~qh)(-5&x~Hq4l7pXo2X4KL`2U%ne&8|Dlo)7wLr%bf6yh0 zomdO=M??8fknZ0MtQ1;sO>>@~9YJMlluo61Eh#Dp#<|JaV!Sd`B(s&A zjP!*q`D{2lrj<;6I&kVvCZo^v#wR8=PNI^=y+I(mYPQzm#}{;BVp$b|k-G1Ed;)C2q8wcHB?H}RmE!GVF6P5s;-+d8xOc-FGHH@=W}<;t5Dq03NB&~DR!wOl*g z`jw94_NxHNj6tyyxMX5+5BcLztuhmSEZFcMO--)8%}<9w6vKW@Tb#>PLbyf2ATS}6Oi$G3|N;g1zg)4TVB%6nOS5{KW?V za}XcW-EOU}0#z<5naYLUG`Uo>4in%62WZu=QScpyAry*k%Jf34pOPPXy?@VqJZihx zqX;_c=wh%FTq30fr08HY?644Sm)FVqG!7m!i$+r-?sSBzN2T94ATrYgc8iS1`=%B( zX!SFPsLZj1YMD3T3qD!M=bj8nk2i2bhvlFk?d0XG8Ry%9S>=y`&Zl*TJf$MZ z`}mKC&#?d}4=$8)W-~b{Aq*30JvLhvSFPRG;@4WNHW9&+MghFbX~X8;>d%NdPvx}z z%LlCy(FZ<9^pu9TFg?|opEx-?w;HxFYbT0j^f9r9RQP*Ta(%Vm^`vgmv9zA^)l@3T zQ-xq^TMaxfEF85{^>|G%xR>q&?ygbp(6&1!ZWGXMdTOK8pScANiLG0$1D|60n#M5l zAFUMP4z#s5HnO_K0}pS3A}TQ4egHo+M>Q|P2f#cQPUh!!TI=OhR%et}oo`_F7qf8g z=?jYGCegEo&%gOk{~5M_L$6rQGwt)7b4GR;h$ep%ch5_BWMpJ>{jRZt>J}592U9l$ z-#9eLv4N&l$g^p|Z{CJtlh0u)5jhxLy?VPJ#okIQ!aLa&e*P&>emCkNs^wd-ewXX=Yeu<6Kc3HDrIc@3V$2+^IcD}}g zta7GFYn{Zgu@}f9WFhn+5_)ZD$hUX;*;)*bE}}1EQfw?WsR%f@xRvG2fchC1GNcnXX)% z)WikadlhD6nI4}hfbRROhKgP}BswOtSV$nHK0;oX@GdVe2eqBeX$+;eC@3hBOQ(K< z^o|WR_D8O7uSkSed*ViKsr-JwC?Dt!+r8tw>M&Yj5C{!8IB?2cnwz5n!I6T=zGonG zpfgn)pRVe;P0Hig81L#LdbBeOqu{((7uP=2SxG*!ChPJ1FlT5@r@2KJl#=zfW67jf z$3b&~C!Et6;qTNBY>%PT##kcW=tQPpCO){Leb01&zv4tN+EiQKB zC^0COC~Pf@JzQ6DnTE{hrBX8pe;;&tS}=+|7ZE$Ah9T%n><`AO3W0W{+ARaCx~t8h za-gvdB9I);^b)6=*>v6g&3p^sraJW=6&Y%bk9TD{ zJ0hofxVgn@-SDsaGtIuL?D{05*PUGb>>=OYBUaNPeWC?Ja{A2R8hEI)(MM_ykF(bU9Gp^>)gWL{J=Y-^%ThTSNNg}iE?+237D9`AoL|V)}VwK%}PB)59&>I)*n$nuB=@11mwAo zRZkjag3ne}RkfsoVzES0<0V5imR5-RA?G6MsGdw~%4~ucm z^4fLV#;A6_EGI+@#EqOplGLU1=Ww$@f%Ptj012{?D_XtVjZMuF zVwG46_`InvWJ`v(D@JYF9syWf4r9n-|a3b-9x!cVtMynX$dO(ATsDMJC9g z+vd?3=4yxd3f(eo|63S`&1lDI)(Ni zR?=)SEFmcgF7JhnzZ7y}@WKX%N&?JUexBol8p0ZR`^+BVj?|yXGPgGVpq_Y5SmGJ z<;sh?xt}_ce28T48x-87pg?dJCb@f1?;Q4AKmO3ERoA4Ccl6H7iz#{5F)yO5jTHhl z*wV|@?r)1e@u*c=LpWDpKr%?xE`&(_VE{vql|m1B^iS2Bvqa$kPHpGG7r z+Pz;m<1?lY_@;L=Ax4eu&4K)$xI#q^vB6)x^OsydPw6B@>dc^t4Q2VN75K_uKcoCy zT`$XEbO{HGu@d&)9g~FmcJG!ZnA82CqTq9^jktNeWG4vT z{rIL2(ol3dcP3<^@7m3q6u0L|y}i9DC@Je@?V1`JGr5DDPcJtqlx~ZM#jPzqOS^dv z6WSnA!j5~6u(ukqx1K{f0Bv!LUmtU9ru)^LWR?cv<-=yy^Spd*nDz8K7DWO6P7f=h z`PR#q$e-;Ht-^};Pyg3{X36#x1E<=7a^`j~PaVzqah*q{C&?;XP5RR+;6MGnm-`?)Z2@cd3jW_FJg3oi8#;>0#3O@7f{v!pPZ>x^AVQ?DvY%QBy z8(i1}=XpbgnE@mBvy(lX z3vPYw3-^dWAv@`ZVZ>avR7}VIeWOXvTj`LKuu?Zs1(lj6iY$M;L&cNu>e*|b;nhj) z*1wR!Z@B)$+p9g|Ay0teb+uob)AQVTD6pq^=TP+O<&zJpI6U_=aS=+d&g2wSCOrZ7ldUkouT~q4xADH{n#ioIqUshT-hN`O_|7&t3ERJ8GOmlnQBDn?Y>Na~~V3i%KGPI9ve#XHE{r`f-Xz-J$j(jK0P*Zg|9{=sv8f6J2#)>Hl{ zKEtesmOJUlx(MU9OVX426CUmqpy_sDSNl z?y@}0@(s`aGfMurBfp(J{ds^6+T*wWr$u~Z0JcsZ3>O)lUPJuJ-l%}1wrH$+{68&1 zm<$}Gy4@nn{{QNXzg>y1sT2?Q|7j6s@e{Xk-4dPo4SWBqBR8Y!sF{|+`7b?^sBH{h zx>5?e=dpHz%)t}`A_)-Y7cN2udFsEyLFd7SL0nIVQOJ0}anGxF~u%6!Gm?QsA3!e@4l5B|5kLo@Yn zrExkozxDRuN=gp8 zOG(;JldFyG#M&v?3c~Tbj&sQ3 zbrcUA zrp&M;@sz9-G!N@qA)`*vdI-m39;-YfWL-hg#Z zltaaFw$UJn-znuklej;+KPxlnIu={~%RY(eN|MD2NujXQ0y}biZOx){{chg7P|$5b zb;fDehgPMerBB^Ho_?moa%*`|HEF~wx~O2Zf1xAT7X#x!XK~iQOVHyg%yEu|n$&>! zRMdswb0x1z?yezbCgvs;K|_&a_ja|Q1*@p9Tu2{@6NuYyDbo6mPHxvR+%L$=Iw~G5 zz(G5)d=lG&7uNdm5MvQb4tcluh`shc&Z4$(te)C!arvX7%^9LZkz^cQMg(>bVw32p ztEm#RDSb3oL8!OjrH8$*mW%gUcNYTNpFgfN54{Mpsn!OpfM9>C6#dSw=>SJ&i3v@u zDY#Im(1P42i&~w~=W;f_#>07uqcd+!@hI8Eit1kbFyWAdw4+_9go*=e+uJ2BY%GvZ z)~gxA*+=XbTGtjYW_hVGd^bP-1c86o^3>BO`!>e8r)D!Na)>N%4E(FS+PTLN;B~5zi=78rZe7H zucBD1tk2b6?_07su!~Dr8lmJnD3Mfi-FH4o3IF5@A<^%79ty^rQasXja)NPv72eoY%zRK_y^K3Sg#MSo$@sGnCUK zZSM(x+AIFxxRG*@_rkyBz&Nug9cTLTEE4I0W&Hi>{x0$V_Eks9d2ZQMueV0kwZ--_ zp*VtaGmV|SyY%~C&4`X2U|F-2wMTJ1``zZTbhE*NwvZ&iE8gNL$(pci%9FMq?NY^7 z^ATKH)H5;h!%k|IxqVw6x*emvyB4`3)}MV5Q)vCmgJcaY22u@Q63!@tC&Iy)vn%82 z9P2IPX4WpKQ63sxe?%C0oLEU7&+6f^#gT15DEfemLq0>1lIwb4%VvE_1>Wh-HRz@1 zbMNNr8n(WA3c({^jK-t6x6Qm?bqi2e!7_J-NVjL6GxJUyC%j53+`D=Qz*lo}=bp4{26rItnGUF|;N)FpOj>9o%wOsfIr zGY5sJ;|5v3n?2=OmljcicgV>T($hsx1XhPeu4!nKsI}~-Q-rI6+sA|vN0l~7neyg9 zapLztwD~XK-cY5W64ZgM!i&66{F`_AizI-mMrXqo!Pu2GP(HCm1%RaFpLPHvMt zz}j9z@gO_=5}ActO>G@q{{0Pt(C2$cXW>ke@B;}5Ne-@0bklZQ!DnjL4K%@xU-TUc zmj)DTQ@pC>$}@=*_=VM5k1JV6>+6vRrCpeE2M8s=d51c05rLaH{o>ghfoB5G3+bZ; zFkRE-07@4jtmpKTxaA~ckLaN}NwyCCuKk>OMn+XKQu8ZgZtge5wb;Mw%D;i>M_Si@ zCL_9YL~@`qYN6raPaG3Eo#Xe_Xz`IhL9D~YBFk@xHCA%)m>Z(7^5>lzUr5J})aXkJI6DOvNornF_tqRs;ze2xZrlkwl zZ5~{Y-XYIcd}x5Yr#4gwC5Jh&_LnsmIFFw{tKCvdAoLO2#A&BdkKUbx^GcV}NS4Vv zp|%q|gc4YO>MS=kEi!0g!QtV2lyLST=Q(DD^HMR6tJa+wxbk9trN_%i*_5P2{=%)k ztgF>;8WtJKLK10QtY`bVI6Ex6H~WRXXU1`ymyq}F=bpR%%3)`u%M$ecu)hDmQ zrH^^&%%w(}5iy6H$kcMnbH21UzfsY?gTbEw?66|R!wQ*_1D?bkvv+S7Pz3X9TdzFN z3BQ2-6zW{dL1AGgmlTvnW$+b?20%zVr~d`fcdM~t>0CtG%O;YCN$)Z0Q)iv ztKrftQt-m%S)(e3Zj&h5tn$N{A~uqAyXD&cmaSGcv8yBp19>`;2OH&2XB5oMSE+m+ zx-T7tIc-i;-{^cMm!-;}T)6bX3h#Y~Teunz0#3~cmE8RSO>%q^#2v_GM@$rec%K!GVm+P}`=xklX}NAI08Lq~%z2H00GJ(MV+g zC+xg882%Y4%Q2s@x3@h9eRa1G#RO4vS%P}PxgD@2BqXlqb!m`8Q&wD?x1s~0qsdh{ ztshh}jMy$g0&BXPW$+nPHI%)015rCPyL!@_*{%` zO8Y|iammMnE-1QBcT%>Te9JQCop%;?;fQ7ZrOx2UjR-Wb8-TXagX84Opx%kp`!Xf5 ziI*wGxGYmx4i35SWw7ALp_0W(h9XBq>ix`rCLWaE>Vmiwq_)Sy`_cy+k5hgj!JB@N zt|OWURhKV@XDS|Y{)~6yhCZ(ZPZ|A8N?5WcRB_%BqT1ZXp?TyxyCRo9vX{o?$@}g4 z{heG8<~+(JJ-X&%@b<)96*5WHc8R1rFXX{OU!*AEibXQB<1L*LD15PLYOF<+ic3zH zWP;?YR78SI4$=8|#baF#*AU%s)L|!SS`@=m#&xg6958_KohKJpu7{!; z8JmXP8s<>S*yWZ%pk~i6929J_#~E2@!Zw}^=Ca_art0Qk-*b+IUmh$>yC-&qq^(m- z-mJ@wJZq z4(eq4^jKfE+4lDwQ{B0H^V8D<-R?Ta;Cz@n0rs&FmpNTm63f^wGR_aSciH-152PE( z6IPw7Ou>ZW3KMq&c-)VX=j?@QSjO+sT5%W6clfJwsbi6mO|0=Yi!@P8u8UGNe$4Y1 zx%E|RzooqJgXQwMxFUUU-B^Qs-%&CB2_1q(3eQdRBl%MCJk$~CtBRvRzVL)IeRbLM zq1dc|Ck$aVuWvm#s%}3?68><-2vUpIxz3woJpcuIxMrl$Mo_|}ugBG5sxjk?vty*B zu#}WPct<=|PL3y{)=@A5dREW9u$LcT8AxPt>LuCU1S{pEW?{hSWqFP|7JR4|2^R&N zZ(-x+U(!S%Nkg~FU8l@S6Fi{%vvu=_l8*IF1OF8E$z=a3AXjrA_Pg8bE=+g zEsO-`DU&*EFwBfv56oH()wL=Ei&@u&S6;U@9R0xKh`2u;rSEGEdHnhD**%U8WiCzy z79mJ~PDCblLfS*cR#f>!Zr}KAk{EcV&Jg5L4(?u0E%6!3zPK!P84vP@GXgt}#{w_l z279%o!53&R|g$7FEUu!%iuwKHbtXQ|U7w;1QV#+UG^m zA9x)qjFg)-T71fK(ne*u-&%z~`C#&nI$gS`w@2N+BtI*SX|90b@Z}V7D&ke^Oa@mA zJ4x8Q)yD{b-q^HBJ6H;LZd}BEf3H`J>zuVc5d0pVm~>6;dl}K7f!Izc}W#K&ciAnSrK33PnRU2uQC8*_Vy<9o)cLIJUf4M#7Z#Eg@I3 z3^_K-sHm)jgnA7u6~4IE}Ow~v?5$63S8>JUx@wP=F$Op1`g z^>-z#D%_EXqvIA!{2Ae+zE>Aq>S=LL;BZXkA~Q$-#j(8~R*!mDQTd)95|erM7sMTJ zoQB!{LH)UXTv^BPLwGrG$Z+sn;5?O?xxv_8J3DsXM|2N`90Qgds9Ax-$~j)+*3seB zHMo!4lWkLc)bSy3x?rhrJ8>mzo++P`l<=DI6Nr@m)rl1}rHf11#KHm%55hXNcQ^Aw z^s?=gsA_>RlD@bX9n^78?F}votvlvs=n~g;F$Gb1;~~d4a+%BdV2Evrll^Lb;nY#F zY3N)0))VJ-Cb61d3^L6yvavn4VCouFRpoVU!NcPz4kXhTPxb)w+2J726Je{tSz1e; z(L3~WhXC82XzCW@pgYz*Jl@O~8b)sJ7QyKuOYf{s6F2Jk>AWv37xh(nPp*s>$|2>d z`Zv#K4v4$acw}t?%p22N?;-kEAZxAW;4ft%0)`B0uUR zPfx`6Y;SXp;!IPzV}ILB;);|!>7I43l47=9YEW=+?PtlD?6}R` zn*!*io~v8SNQU*YBe`p~EB;2AQTlC-g%`2s&dQlR_uR6gNFatl(&4&f=bHGgGQrb0 zHnt_W=9+}IDwE)S7EESVOgpl@3cjauBRkIfE^*Tfx^Pfex?@C#5Dw5h!rsOcIx4_; z_nBTL;>~9lfsz;7=8XrLcfzKau`s`S;VE~=_S6G~-3NXQ%ef6VjiwNba0(fDPq>YO*siRG3YQMS>TvA6@r#XpEdAcJ`w6ii415c?F&!*1rrVcf~Vm~+0 zir)Ok{**N1)|l;lr?@9PAZ#HI(|DC957UZ*%O$3`8iH2_HM#Eaqt|;e7E>)uO|7uGQWZIfxwF| z{h3EXTfm!;hWPyX3q#cGgX%~d@^7rzzXj^CHyDE#Eov$2l%14!*)!DSIl3yzVfRhJ zT+GJ6`)(J(wbs;6vvON!YXv9xrj~&1<^Ga}MN!o-^xR^;%jVb%w+I zyW*AQ=Y|pkH|9IVfJtuZDqL#3U`^a6d%T)0y$xY4` zkbo*d>nQRJRHtP*)4QqZ`!-faLe-|(1K$5fq@y`d(891IS0@B z*80}F-sitjX6}3Mebw)ZeO*%o@@HP_>7@Xjr*k~%e#b=nmPdGyFLdOA`%KHFId{g- zO;|4F@bYT0>+N4L?dP9_FS(kze>9i|8CE#2$=#1zS20X3h2**NYe%h&)T+H1m^ywQ znLU%%R-V7$suTy)Rv9G`TF|RD8#n{RXN^@vK5cEKO87S>C5=y2=tniFlh^S+yW2!Y z+E-X9l7x~2LNSsi1lG9gV-Y4$8jQpDY_Y)qZg|1KP=od`)Xxirj9w)s6JlY=HpMl6 zdZMc>PS@zWS?|9~-7cAUMn6*Qvp2B=}2&+!08_BxqX~{7jDay*Lw0 zd@Xhuh^MKn=a})y$=iN-;W1FHbUtcF+hhDWHr^!;cOV#((E2?4vl5reIxXOlXEr!u zZ!L^{2)x|U)g?6Vkx8(Io2OIxVQqO;$7z_lHZd%YSH^anM!(x@E}Y$mk;g>qH`!kAI>@60ZBuDsy51TN9 zNOJGxBuP}Bh~y2sk~Hqrnejjp`6u7>iz5)q}&tE5GJd1%h*=T-Nz+H>wZ!mTeCM zv$ywC@y2_~&uK)w!gr$6^dXx9AjWkqQ##4+gKj6G*woX*HHB4c_000?1~6)h?0L6DiWEr1mhDZTH+Vv@&Y{P)+%hpIQ=`us$XOX}dzG8y zef_uc6sWxYD#~IDLqfC)9|(72VaY6+puA;Oqt@#=p?um0%l*fQ+J` z^Hx|JJH*(rCf(I>L9AH?GppAr2NMyFA@hT3qD9mOkb6E!-QkuqnjJV{h1V#P!sb8E z0+92tAKG-J-`0GQN5lN{H_!Jk{c5irv73ld{toEI(Qz*rXxCZEW9ug0!a7$j)bp)? zv;3-wV%+b6UvfHMLp7h>2-V-cWL14Q(e+k|(LdO)6p`7wn z8r^Q|vlSL$32%b#+hDxr{^6L%mHuIVQNdxroQ`N%)ZWl7F7oYu1TP}@0F+?YyliE* zQ*RDs`JhZRK)1TyDeLJC^W>MdinlF)oy(|#fV$U~@YCM#!IM^h=nJ5a7$rFGlnX*6 zYB&h~8#%l`sUGdNi#SN+Gm3WY5O7hpPyUqCna*^@9Wi^%$lA0v+Ct`%62W*xNK8uA zl$>?jwf^OhPl`X-~-O zMF6`xlLl8$YZn_}*uu;E_UEHjFllF}xIQDP8wHEU7rYmwcPN_rmXVP*jvfc)jU)?F4b3Aba)Y z+ykNZwj7s%YKzR(6cP2_dU(wzHI-NQB7%H;e98j-IFr<#Duk|0Mo{-Q?8h!W0p+U3 z!4lAN0BE&HC()TGP)lPoD#!Eu^9%P%O-np-$IwYT=;;!J{s+znEsGGd^*fka zsH}Wp9iy5Xu}OAW3aHEas3Uxmb*=ie3P)poEm)LyY!|gqG0Z}%pr`O%(@owXySmR+ z;mQPpwj2eeIeK=Z`CM@v0^3n^b4&gFrTMS!hhAlt`E9lcS)HGiRn_X?>dNInl9`LE z?K)50@0Hjncn~;9#<9zn@TlpOd&uuzUKxs^xUB|;#(ZyHn?*l>yT8u9X%F0&Qch-S zGHmZ0CgZ(}pZf9+vL;4joVIGtY_gi$F@t4-`rhpa_E#9dVi8#@8y&-l9*?>L|MaHE z930xkj4T!D2RalA!+y9FpWXrqYct;NY$3*bAJ1gkC(HTx4(x3ZXv;1uKi2*?jNgC~*8*%JpBO<3H1nSA>(?Uxxl}o8RkwXc%2EL;A7)&O8jWygRN{dm% zN0(X%y{TP)uFitk@N1_Yubqd&Y90U{E8Ggkz&Pa;teb~9*%#(k^a>tGuH#QczbnWg zT@H>#YHMfK=p!jY<`!br9AHZ#3k}myqF<@;-jK-B3Ejc0j#DUf5x=E;0BI@cgHz^KYN3;)JIg zZjT>tWFLQ2aH^Fb`O*jG*;iN!Q)+np=uy!TDoI{iR5Xo8O|4L)d|M5;&2<$>k@y9e zGXobOIlNLEQ0Ll(&C00ag0#|Ss9B4izgl;^(KTNoyxBkiN8*p1xeSeW~U20<1_7=x(Ex+F{SMLZD0njh! zg(Fq2@4=L>NE?vB60GZ%0!mgS5k#6n@7B-d4o||8cQv;eS zC+L)^XywIlxgVeE_|)kbTblv+ASX&?{)=xvbQ7pZB6-o{;Pm9lTa5?Xi4YE!d8oVq z!*q9?w2e)1)7a~Z^*JPIW~_d%z)tvc7njZ~w%IhhsDgn4ZC4(UtLR=vdgtVLQpZLb zwT~U;5vmEpf##}(AnQgOZSsdnedU@?)iXKfpQ>3=i##12HXheUp3V^P5rqbD5GGSbGpSNtVz7o3)v*a2ZjG1TJXU!!2D z?qmfziFq8M`BW54A}n#uXIISWq=B)+)ZE<7ywrI7`>xKCHD6xQ)|6E82 zDpfEel4F%KT1_QvbVzsDne1nj`EPXV_e|9H9uz!@;bqc53xlU0f0vEpEPtb{#cX|y zw(l?O1Q6518VA@@+|?CjEkpikU$`y8)kGf?#RrkhucVkd(A**jBPhQY=$$FS~szNR|RX?+5Bx4)hQ?Wjr z<~N!A@#!pU{U>Fs65gZ772(%+N%#%2;2VSTiKtN_F}3@)!yq~J*WTWeFLQ>Jc|;dh z$b$b+;&75I`yW{|5=gg6r+773Lu*vd;ga0p<=<`-5@2EFM+6!ej~2MR&DE^YRT;s? z#t97(d@f&M2?1Q^^pqynQMtt1yn*(!L(3&b!%|?5Ypg&S7b}J31Nrr@ji3@TEK?rb zb3eqp+Xl=*`8)($dEb)S8eJ4xU;$rPE$n=m5NlvF-xLX1f||;|bL0 zQ)pTf`|&iUG}n+spnVs`TTdZW+B*MX&``L+Zgr$DS_|M6$IBy!32;oW*$%Z$in1_5_7bGG6J2kQbhR5Eo=OHXG74x z4-CqCYXP@lBg5wew)dflS9EoCZ#ecpjNx*sh_OAa$OqYMCX0%ScP4)zuDMLMtNc5O zr>7?a6LUnm^tIut@T*i39r;d^H1j~Oz0NLHU)=q8xxrg^AaI94MJ2QN6nCHCoDwAo zFgIZFuzz;-$&l*z-d&yB9o4A_D(3vy6xRi#a8ZxVdNKf9(wysPJQnL5LOKjOVgLdk z3>~DEh9y!7bq=|Ry%_)OVyTZ8P%L%^|YncRFjulNA8s0o4@D91oPziMi3D0@k zCw=U^cU*^@j+?E`^GN{IUv_Liv z7;jb}JLp_F1=0z*!N(aaXe1uz3fu^{Y1J^!G?dgEKnL>>YhAbYT%-y8v>1?dC=&t- z0@=idnO0asD;l4IC&B8Pr1`qFPU~jX$34Lv9dc{dgJ=L+-A?;@`Eye(@g-reFN# zg~A@2Hu2;|txX|!<=a>bYB}A918)$teTu$8mt<=e@4PS`N*x(U!oe$uEItlAMi(CY zwuCSPU3HXl)#jPyFNQ%tpwzT9ONxma2Xm_NQ_Ews!69}=3B)0+8u262XuEBO%$B03 zO?t*G*ozyJ8+-}mtS(#9v!Ar|6bBHpo=1&Uh{Rgn+==z=1%udia81-R`&|_wKV5B4 zZ6CCRs#+TmwVtIsUe>k6)|6;FWH}VB$sKY>ObseJtyN`E=Ml*9GfcrpDl5Y)g?Lui z>;_U&YaSk%K?_j3Z*PeVkOyW^y31H;ONfEgBe_G!U7sK3I2Xpr#)g$_t1A8&ASwLc zPUjCC^T)$&r@A>!kJl+op93kn1sWy4WEBF7a%a-n^ADIMB5vfBm2#eqgI=RVe>QZ^ z?2qnVV20&vj%Zq0NpbTUs~*is2$^Ji^yFzQACO2WdyghVa<21`464 z5yfWnoeL?iT;v_qq=F5M-zAc1a#{z^IkZR!5>g)ZNz8;R$p<(!B6Mf-t&cL>H+D$a zW{M(jp*Ng+t$AQ;1|MHj-42s3=;Y*dRHdb9< z1aIYP1jeV4lS%-?x2>X5X+o(>scV^N+AOPIrxgSjY8|vZZ;FHBOK$g^7kuulg|?<_ zUk@BA%T-jf+<`y=j(V&W0Y+tBkr3&znX;@*!)f*+@Gv+vH$=`4*D$_BN0kPa|$CqjHA0rFy_ z`mlg~IxDS=Jwry|-Zi0$tS6-t<#xuCs8K%sk%Q9Nc#XwOY>CWxTeHhuG>824R@!%5 z;GwAC-Bg$-msOIdCNTG%hvj&wP4DP6_Ew@aYe26DGK{(Q!g}Q^ey&QZaZn_#b@}0= zM6>hC@HqlmY;nm{zcAWzYBI}-GPbB^>};GC>Xc4Uhs9I7PC6Bz|XG>4a_o?#2_Zr16|uh_^FJ*G{zCa9%#Ntk(9b;f-W*=g;5ndxh7mB80MW z@t9aPZqC)&sVRtcbn)zJFo-qaN_jvYmMLSpyt362pxHy|zCR6jL&8%vJ6&uQBf;c3 zD4Wh~S@ZZj$dPkpMPq^vrRR*Fa~GI6cr5DKP<;3>y21SWERDaV-{4M#+wtdi+GpA5Lt#)-9}b!clh^Lpzqy7O8;(xvPOZ7${)XUmLUO2ErtX z*E#8g^EGyqYvL5_j5{`DIzm68%8&QuyIU-$?#IZ~AqEg_#)8M`&rw2+@4D;f^biHw z%!Yuf9=DxxE75P;gO{bHQIn98#sz3j`OGaG#4idK&bxTh5d=p^PfeASn-XWCh8?~R zFCmmlekw1bq?SJZz#*IRWao3PC*f`EA7|yc z*#r+;j{OYOk~^O^Jx(de%L^Rrn=&#Shukl+8tIjFtBt}9wfL39Vy%C zX*=FgV#~{6q|k($03D6?Ubr4Dj5gxS=c$KQxQ^1mf+WL|#x=5P6PUr3=8B4*6Yyni z&bW9|svDWRtL>>7EjNr4i3;6z&1a=`(Jo{j`}<`{LTGd=CrV&@Q^W>Ru9j)Y>O9Ug z<4}0K80|8ru=K2;j*hZ3@J6l!j3LVAxk>T{`LM0N_~yC`%AR2&dr z5Q*@IGb@}Ma)*rM+C?l5q9@X_?|-{y;t`p3FrIRXpXeO{FcN6#OsBt9>uHORjg4F0 z^bE|h1X>`VL1^ufzx}xmIg#DnT}#Kk@meQqx5GHy004~Gwi`KX7Qj58cXT~QHm*mW z21Bx{pK5DsyG@rS1U5su?NW8WSna z&C9z{r$6lhj^}cfqb@{|OKM5pQ{KUq$zP?#mf+yfpZOS&NWki`+%>3H!qoq^#lUc?WW%L13uQMhe-xu;Kk0eJ7< z5s&RHEo8+%B2sC?3(Bt?AxEAH`h(Q|h5iz5y!J4WMk;u2{PvgOSC{Xc;v>U(v5SOQ zdy*&ZBSJ(=QsqGg;bf`eK~|ESQXm5g-4bp=kCu5K_Hp_fPV-^%X_A5+&Y;g_&pxbo zEdNd}FI3Oc;5JX3!d7WFu#ZhJBM{Xf1cJQ8ovT{h$Vhk%I+OT{2Xy8ghk2qDfk(l? zxcqD?CEC+DEGYI64a}aSkgTV^O3#y%Y>m}(p{Z;18E&>yX{nilu#n3$hH*~ zrops?DSs3}(vf|QNH2M{K`OOZ25U%ahHQwuX9a`lG6eQq+G3)rSnZ=Eekuk|D5OfX z0UaHwBoocrX~@aj6@XHO4V{RxUMFR>5P#}vVD4f0^7Vt2GFIss*s@-gIknU$JSf>pceOQ(yLyc`zV-r$?8D- zC6=}F*Qq13h|Ha8VtziH#R>C*mA!(8C8Y_*)XlFX8HZ?}E&XmP=@@$pqp z$Pm} zx2iRg<*F5~sM+Z5hEcX`(IsBTI8T5MJy6iqg%-}N20hWS*~-;B3?|=df_c)F1O?Tz zrLlcgl^$n7$4{T|&7ttCe`NyEQWRE<$Bp4zmveGlENbYWo3T{5)AYa?-khAA>w<2g zdAi5;>{13dv;xdIfyG~cf(15DlA@X_c6L`lk!KvhSW{_bNS`p#YMqGb&H!Ecy=2WJ z)4i^NcT7*~JBUiY5Z1jgHl4*fbbc%vKg`Wx z2H=|-CIH#jDz5y)0a)}{0A0n3+B5!0JH$J*Q6;a69(jPiSYq**SOSCqAhSI;Um<5A$ST>tC(Jk_2Ftko|fW z-kj8q{A*}lSohLH?v+)dyMq7v+>@@x%Yz!Q%9PCBkN)+!CteM_9KebHJAnVEIY3xL z_xuyLpMukJ=h@g(pO!9NXB(-_T2c?v)g+IaXr50AC+4avOXo3i@!|FbuW!G3bQvoO z2--a#;aO~c30`dDYSwO#mM)c{w}(`!HZ6eCv+xeoEOe%=#$db?Rxj(l5~R zdNjt@U8wPk{kD_4PtJH>z5xP5mL}P!T3cJ`85sP=tIwpJmgGhPPJ0lkU7=f>f`n`U zLfcVeXeiJR&tqx3YRw(yX9=#D&&>(^g%c4@CdHzGWTjsGp&tSFksB3we~{c4NXk>d z8sYAt)a2x$V4kHc(?Q&t-VvNAR^4mRgAuO56n}qzlg2p3)ta7PN{!ZBD{4|06*v3g z48et;?8Wn#uGXTFqhm!+-T9GAR5l;6=~~x#?DP*x30rfm}VnaJ$jzCAfW9Uvsraiyt1-tYy4z<508^- zAfKC-vMO#sP}PX0(-#yyPp5q9-26hRr?j z;OkUsw#7^#G}Oezg#KaC>PUesL2yp4#BNn1gHlEsTg8S+>!%pzD9`HUjL4liYDrGy z5)oxUwgkm^h8vLM39ai%aL_s0JP!>JTEq{*g+F&>!Cu0#cCnjSYZF2~^)X1*SWKXV zxglsQYx1*i5Ol0!@_@R>+sLYo#nFoDB(1>fHtJnuxj8vA+EI0M!Gg%>NS7vW9BF+a zfPH2pg!Vm-=6fv{Cl&j#e=yhIez?1YkZ z)7w@t$s*NJY}Bo^?7E#aFfdRB*JYIs3vz@_kzZQq4LMIyB{Wj#$r~($e$BnQW-JEE zgZCb9w~p1B+F3O?m6xrr%zZT04S#HC$4BaZ>7Dyj&)YZ zjr&HeOe`KM)Ey5CQEj7b^@vG=I4)~5$fxhx^90c8?n6N1;taguVE%q^o>!s;jO9pL z$uAL$gV@8!_?*^!504#nS#B-l0ZMQ3B{dmM?FAqMAGX)%GModir#l7`LP`(%$87X9 zYcv`xOj&Gl^gnhBHBJZFeDtGB-)-0pDr|#Pzs^~h?VwBa1+vG-Gut6LSMP@iut3C? z^wr#`Rr9sRwbBO>)tGt&w;fHz$~5TN%3fQH-}(|5+464suv zyX|jsB5>g;B_;Q!_V%2_X~QJL>=qy+2XcbvC!ExFeQ?QRrDM&ca-{GB9@CL>RLX*0 z0Kxf)VyY+;6&)Q4y9J#-x7=vH~5TeV1u!ocQ{7S^K@=^^Ju!7(N5#|5_d0qxNf!(sI6*{4fGOL-rg~|p2O!A)Tcqd)%PyhwLKOhJc-ckV5 zOFF^2prSIj@$D=?!$?qYFk2_2JsY15adNQ+LhfulQT&{=m6t%jkSM0d1;Su0#XUyf zqmWA~ULX)C+5vsA9DRwn3<9BNm;{nofX>jinK~%d2a1HWX~_~?CYD3%c=<}kE!<$W z&|ppL>grNPpEQ2SIa5IlPrJn;+=p`_Og}1gM;lL+74E+zZlISFn*H?f2yHtkn*act z_0~X3so$hPiRk$tYcr@y*KUk)LPR2^!;k{A;ktaH%S!g181pEfxy78tr_(mHA_*O8195)+t9H+aB4EKz$ zdTCNxRN73Ufa?UjKN?(bJev`;-1EDnZ4Ushz>~0`fU8vEX-(9%9G1WcmPQd;J^>mD zpyn5ulbgHx=om;VTQTr?_QbPaHQ!xPVK&T{k8P9d1ZgMM@V3fFUx|^Sg<$8nLo6za z-9vvN?Vaq40f$>NalGHm!RJTV)V0?zbw(kl|uMk7=p_mORcGJal)^ z2eK2(eL&t0NY32o9zB@Jrr=;?E+{MvaRbD}vH?9@*erzVBE2n1Ujs)``i8i}x5uhW zO{3l|@OHR@UPJ^|TZ|9vcNcn$BUR&eWHP9u42HrVg|D5NKdCc_S*<+{;14q0`kHvf zXdc{$Hzi;4tOHEV$)tKGgw(p~-QXUOuZYtJfDDGifT9(hFegNU94X=zX}%LjEW5Mq z9gWEY7U?iMM40|+By)l|diEHla7XKzt3}7~K_#9p#cW$hh?Dkq;{L})LGTCK8+^qD zK>ZI;<^iO6?SDZWZazx}z$LD-jQcmM090XJg*i3HGHB;dU4Vgk38WdDVwhDU!D73?S?uT_W_e)R?0zzPFYD(rjq_9j# z;SLX#%Pirq)Ksvg#vMIc%Xz*o)F3Fwvs?CjzNJu#pyV-^7JMm{?div>n6kS3fP`NO z1-RUKG%!nH|1)-w9Pu8&goC*NwwtgnQBXA9(hq6zp2QXCU~}z>ht~_CfSO$h^R!Ga z4Pm(uNZXsjd2YIFf4;Den^rD<#kRZzN5E1-MV(_@Nv{gU+&1g9Djd@Zd7 zlW3mFEA6#XGW@V!nK`Q88tA81zff+u!J$j-_Xt)qSHIOE?@24GW5$AzJCP#(YMsWC zfG_}Rxk}>uZ=MNb&9;(L+&Aix0pC&Yt8b3wyT(Z~9Pd0b&St;VcbWwDNX^3qQWJSA z@vv^OrMQipQW9T&+f1SsBh=3*qdmiu8eJxT#Xp;m51r_VJ1z%^=6P1qMS%h4}AipjLCpo}$&2+MQ z+(OTWCHYS``FyG6b6fKdY3|X2c5HQNeN>Q@mHkxz`Qy-C8<|$}dj=1I!Bv?Kfc`)F zd8`_F;871PqD0Yu|rLe<8Ex!!DRkSTCaLJCM%g5dVY z(2W53qeCK_ouuQ*^(|%UpThK=8UOTu4E%$Vfy5lrere2lFUgaqactzh+ZRCb{=>yQ zPl>?|9zM=O)||#B_G6Uc&}-B4(wW*`XBZioQrV+q!q;vOec|To_l+!+adQKM%1Nmt zxy_Q2hcv*6;l}r3u5*~#2a*Ud0-om8)lngG04ND8D{B7aoge4GHhq6eU%G8=tMB;%9H zn(t25-&^1_{*RK=E-YGf{^wFo_CNNwfmo>A6aQ@PT0{M{`Ynm8H0f+}Z;tU}rl|r< zkqc6POOF4x$UZ5cEQ%=*?O1~d5ejHkk;Y@p8z^P*FA3{eR|O;aJScJSAfY4OWP&{2 zTAL+SxFmPe}A~{@SC=x%OG!a0k^#jw@^Q zH{73#nrej0#E)oj%%AM&f4uA42eF%&s4lDRIK$$6PyyO{CsC3+cK2mF87HrG{b`0f zG52PLb8@Bs5kUY)OzPZnolL+#I%c3u`qh=9rvBfPal&aG8V_^~Mhk-n^m~0vc66@q zIvvxHP}H)LL0BUj^E8}6y;SGz-srt2xnbU} zR#s-N`-C0h`C9S65K;NbBS?&}=yo7xs)Cp(g1lYP_%R)AqRWAUDFz>hd|SO)sOSaU ztqLIBp^z#TlBCC1X(Y(T-^n`mZkT8tRhHGQl~pq%G$*XGgVs7}LSycw&g<+*R(M#m z->IRiza!u-XIJd>Q~UgU@823vFF`_}%-LtZp2OY|wL&kjGtM?gV;v+TDOu^m9OGhP zARZL7ma*Hv+4r#yTLLF!9^c#6PekD{NjhE9=ztTr!bwyz@pWn|4MJjVJi;QA&@l6p zmFep1f5d~yuroDD?gLJ2B-NQ%B20MPKtbBQFzGXlkVuRG2ZGJ8{CCp9yyzE>oMz-| z%cgb%T^8#TCR(K_yZP-Kkel=XB_@_D$7Sn<4`(oVP{hY^bn43zsz9G;Pl|vHu-HyeU+Hkjd%(N z>Huv9t{RHm)~ux^85Im|jn4;@2X){|RHs_#Dk`}2ZwN74Rt||f4$m$_EZp7M`CXh` zbX;7N9w^otv3!p-`~u$tq(MFeWRmg&UfR?9L`^C1{nCNAaZWsD&(|7!k@cZBxOk*! z2EG4nYsk=0xq#8yuWc85CesO|GA;^Y3c@uNLB>3%nK8sKu|GfOdQ9n(Q~i0k31GuzXM3%*q8g$Sr|cmKk{p$m1z>bd^(3Z* z`_G^7XMYlgUIe62^Y|2pOUHB=m0h!fEE`^a;J|FpisKQ@Y^JEu$57c_>8=!bnq4hK zRqUU<<2SD<0{YeZcY(_EUL{J#65A^)S5U5CNw**Q%&r~Kie1OB_KQ(LY%DbZLN-e$SzpTonSTY%z7u%6c}~+4|eh7 zJ?3)Nd*<=?m#T^#E!R-%cmwaHGm;2tl#DLdN%}^A6?N_>UjAE6DMlmv*KM>M!b1vt z2i~QhpY%ERX9W0Hr3F;ac?;kuRN6RMxZ2wdv8a>Qj&6`$_X+@EzPAm~sTU2_=AkRdTYzYK>0m5rz*q~XvLkpQ!yt8Fpk0Rh zUZ?I>0sRfG?6K>gzE!eD2!kxxQQCB^zA?l7>d@dW_DBTAO>?_x)F)6-|2YYR%mz_6q zQ`hQ<#WMh_ZYwGArQG$V@RQ9;)O@5g9pVmgh~|mhQHj}BARUm>|5?}h{z*JGdKa%r zp@)-2f_kg@4#lVsnR-X&tr@-eG`)oRK+SN<;wjA8c+oz(*N1ft_Wo+SGHwVcb_*1A zt_S27{)Ni$hc^#KAGUr;0hc2vk|GZZ$jqf z!TgA~tc;<-Tc$Bs>DkFd4-WcvA7&-}DbAOw906j0(d|S8PPnEYi~IKBIy;6u-HNdn zP9}N(zD%z~OleK^JBnY|>R>CRPoO0J+mc?1WAeNjQUn;S_20hmH~Z?d1I|x?Yv}Yp_$@{k z{0`hKHR-#P?)MM*XQ>)EzeLiN?-eM&xQqA67^yIc91#77`~%klq_h`j_ZQ#${ivVx z0r;MTUE1{a-<P}p(Z~)9{LlXU=es(s@MNiZ`?@pQm!6V~danRVT7F!~v%Bq zHqsx=*F3+qCL4s=eGOCJmRd?J^Ldkci{`ykBsE1}eHO3y7f@TuKLif{^2KEF!jfXN zxSq1I;X(A>;18`rmVVmOj*In~Z!s_Nmrh>7555=bUQ!h~1{i;g3HXe^sVP`BGHCJV zZ1KleE|Gi5Xf#);4T~N`-*P@bxjnjGyuLy13}e7x0k0W?c9aF-c>i_JKoECByOCwh zmmfdbyg=PJkBjAeMvfmn7VZ40pUrgU^;osJQ=V2i??yEYt={;KQ-1wO?9GyXv+wj) z-hKIyjxbvB-S*I}p;(S$`vU^gI~|dO5P^$VrEekcCLJ-UUI0IUKXuQO_wWi%7qljq zb@SwnrKWkapGTO2w`#XELg(2l^%sucxq4w*y)|hGiI%i?&Y3l{#oEQo8O%R6LfDS7 zCmdA}bc16XrqkdB9*!KPfFapcsuN!h?#bPY{HVPh(p6Ft`2ujm*7OJN#-0Ub6#>p} z#Ty(?9~-M6#STn$6B1gBXOwbXITELva%VUS-Av=%X0XXy^TD-TR#jVgHeGdR$v4Vb z=tU_dJu{PBY_*QIi6w@Mp61ue_eL@6UKOfF){H%>EpDnGIs3*p{fav^Ta5f_gefoU zYs*{6B0=&|S_X!%A4l3?y&sNg57A^bFnM%h#9zdr2m^$>p=xcugSp#sPQ6MF#d~zC zRGLW$$B;`Qb#8hSZSGN@R&8{BN?u{Eq(ER}bq!02#X{i)NLt}1pD%{vPWIukYjh-DVObb^zFh)C0|fEKsyfyYVwcfOE5gqj`5#avSU${k0}32x_( z5*?3%9oy1`+&y`Fg#V)C=e;l?eKwuF8|?&2TB6bgjDUY?#3M%G(NPy}Q!H@f3tl$mZes0Zf?koUgFL#&)UQ4zlZ9 zJMzL86?fr^3C(A&IwJ2u<o;e)sXJTMzPLh4I)Py9f z+3kRqD*n0E_wu5?do=fy?Vx^Ee?}ANAONGFj2QHBWICG8yd0ol7mM#P!DZ4;!;)WH z!%5;qp^l|==%IxPmc9Q>NKYC+xMHj7z@%fh*7tN+zw!F`8lTfgl0l^j=$=p3ZgvcxxA3Q+IxOuvHKK9hxLuhO*IEr|YP08dzIJD|>CCUQa%gAcw!^wppTX0>Yz0 zkW^k*jdYiEb!STL>kTD;p8gCL#OH0AU7R2~3H`lJ-!-c0px-JFAASQQ?yP0ydgIRmslVMA})K!Qy>)BMO+uBC*e4KjrB?LnRvxu1<7B4V>z zi^i?IgwbISvF-!3M4w(c9Mqvk2z2Zi`@=$npu8T6+n%Zb-yS;+!g}8wpgIuM%75XC z+}%7Q`HQ>1fz)9C-@0b6FeycPEafxr$m`Owq`uR*N=1?wqcpx$!hNK|p>QwF5~OGs)Lm&21bD$_4e+lt z-@Z6^Ow^&Na_bA@eKGfFsv`5z4UD=3pUT%NuMvS@lt*kK4ENPK6Ht!mn>muV`mFX! zF=0vw_1&Ff!F8eJ13?17cpS@Yp|%z^4`Fh~N!ULO{zTJdm|mm5-|5}#!cdu9)l?5g1-BNr=Yv%M1ZKh z(ahoO;UIc&VBEMRX>>jPwwos|1d*9qf&W*6Pg`WSwJ~NZflf=knyK2dspKt|!A~%& zqfH=^)3q&UJz4@$IP{F$nNs>H0~3G?WyU)5BeMA9{e`2wR-xudX3g3_#NHdH)@>sB zxqLNWK~BpFvc|(kq51Vj2h1INt-}D_N)|Ia9bff}{XPd}8j+C!55}$mHhHjw+EVV~ zQ%zsNJoz|7(`x#!yu&O#u#k480;9pceYwJZ;V)dTC&HI3YMjm2JZ$Bsc&Ka1f;`uw zuk$wW!%#I2uCvRlT;c{hQ>tIL!Fyp2%2X)AarOuAxzjw-QP|xwSnIr+ie!9k6~s4v zR%y^BZgKuNO1WmZb}Ikssa6SWKI!p_tgz2%g}PiIzL0kQbto1z6zIh0pa2 z$sEUgqwksOO>sMJOcDv9#~rF&p!lohS8S^Tr>n%sHy!}?tgwbt@31a0HWY9Q$){TT?+$( zR0M`T^PcQ=9-1O~s1D#F_b}JEIL16xk4}vp*xg4x6>zkMhIV0AzbfY$~i9i2iQuuR;`5IjOxPqa;*@i^fVbS)zR529x_faks~b zlHa|%Wer~V2<#KSyGa#bizg*?1Jjb`X+#8@!9$Ha=p$0efk6Zsky&gzys~hM&z)8D z4nSbHZB~U_7MJ>cc8dkkZhZSfJMMsD_uoAX^PK-HymFb{Yi-J6%{hm~JBj_yy%?FO zX|4^^z;ZQ9U!?4zr$irw$x9|CosHA*7#tpEt?*cY)aUh7`}I24wOQ4@GO9gY5PikL+y zN7|5c#7pWcJ0tzn41f`mhZlZapf)+7*!5l>B_LUt&OBJ}l@WQNRH;h#U~I{Dz5g;a+P<$|wUr*$1gL%u7w-@<$y6!!s zt4cDBz{{mL94;9Eoll{*GZkHU-XVV2Z~HZY4o?vtw6mgW!m^3aM*iP5{ypr`UOF=y?^Ywj)6w#9F%n38VOs zL06~GLZYSPH{zirlN+q$9T621lim_r8vQ=N=n%1wt+K*Z$ld{GiGglBT~; z9Cj#P@L4^)cSipU+Pg_e-wC9EYN_4WqDErV1!OidR zXReYDg+obr|33B!-}rs`Y8ZF4(`>2LS)*z9GA5|bS?YsZ}HLCvwJ8bF6zeV zWozdh9N2&A!oU0+el>@UFYO0Bk22;P@gYOH#>acd&CQUqwM9dVO zlxpAj`H?+VOO(A5zGqaPt;Rv0On-g__LrQp*Qq;w+u(XwrQ2`vVoQIyyl;o_^E=3L z;eHx2L#q4fx`n=Uwq)8DSf>lOanXZDXQNd95>0H87+2nH|K#1j4W zmj7%a|9k)c$LF6sdX{95ojph+c73-P=VW?UScq^8aYv!6R19@j^cIE_ggpQ|a-bdl zBS=A(EDULdm<9~=pC5bVa56=5E?s!1RJ6PI8cwHVEFr)j=dv-8^O~ZJ@AoK{EWIp4 ztmJ(1cs)$4@htgI_FUw;B8a_~t$5?6dc? z_u0>Lex~5Ml4>DR!OD7!^$pj#PnYa|i8>bMu)aAYEDF1m!R(B7l!JKW)TWsa1)>? zShXC?G9N|ucYG^;{;$3J<8^#w&ZM{B*CxEAuX1Wt<&`2dHjyR7(=OTga}(#x6nglu z#2O+x8i1v5&MvWobXH|ReP5IM7srlWw0ap)@Z+rx_My}k7$y7OAvHl8n3dD) z27giF{VTh&oB}qZxpSm+pFZI~o<)1*l5O#2jpiR7>|n8RxZ&u}!KGhGEZq(^Z$I9H zS4`xKsc3N^NO=Bpb^iV@`MzXe{ieu=kw2bzun(3mpVarfFufrCq+a8wJ9_;b$wk*k zj_c!YIWvRK`FC;)N>>E_qHgs+-#S}6(R=Y8l~Bjy-l`rnz}8QfHhM zZ6C(2`h}etcGje3b2S~&&qBqiK>-Iuf|(u(`pLwjw_A947hn8xAdvI>%25J~p#0S; zDXFAE+^i(WEpMru1+RN zRI`t9f~$a?o5yBm6=m7p;TIs*{*b-(+nCy|3h~xfD^HW|#GLmgc{(@UkjZKVo^G_T zoTY`k`~u3trF{XlF+Zp;`U1Yi|E~4J@;l(Y1wuaTjX0V()!VP8#Wb;*k|SDw^&QZ-M_w`o=68=B_!4<6QOjzNOy^`3$tekaKen?taER&<+be?j%n z)|D>~Y&YnB>?jSy+A>R-UJ5-L#p~2IJ8XfPq)gjh9;j-qmnWrF7FZaC<87Lp9E%xz z)VWNW8OcN1Cr6Huh1G6FK&eWHObop83J8ZtnrVX}1+#DDAQ&;guGN*^)o?JGJtgoF z1Gt_?NKR#zTUn`CSuE!3VPMb5g|2UpJ2>vmwm@DQwMQri4*bZf|EEp<$JQQw3Y6nD zT}hSaZ80g-s!LXy+FT}`FJGOzYDlRq9`Vp}Y^^lFdZM!F4U@FguHskyg?Ja1C20XJ zlg}?BugYdG4)xUj?7dS11VNL6gD23#Z1m-bg!2OP?@sE}?`jzUThWJkq1h_7-`^*b z-qv(r_FWX->j{wngp8q;QooDNt|w@P1#343IGdgxB^zA1`0UT~yT5^mSdbpOSdzL; z<(g+_z>sH#`~zR(*aCgn&k8sGkRt0VmC%DHkPyc0;&cpg@6p` z;#iq(YgC3}>c`cQqW7t(R~eFNgxq0^U{eD=l9V83X9i=y#H=(T8Ey^Uq5k|WM^hA_ zgk+(L`HVZ_qR~;pUK-(CR~Xbr?vR;LmW8vaHggf&_~8R-aCI z{hFk2<&#u-J(=4b;idoarPX`*lS4h--KQOlJNzScVxsDt6*p-r8c+4qc!W%AHhp|` zPG6okuQ_580SvgvuI%dw-$H-EAVNYV$1*M6xwDR8bG|bOaBu}6bq&6SLDmyhE#Rja zG;M_VunAj1n9T(f${wB1s`sVg1zTpco7$|k)-t?Zm!J8~4&4%TSe>YH*`}8ZRxLy{ zC9CSZLcyu_2N%C%6k-%)1!0y|W>ieh!Z)Z_|Mr{?r^%Gx1umVeV}!uWvm7)fnnqtt zd*1tQz|vr>QHb(BS-YwGx*V%%K?^Vs4kA52991*5b8cp~EMB7*J+wlgfR=BUF?m^x z0VW~WOg>}q^$W-Vm^PgOgZqtIJOrMp);HZ0FcS&EngK3vJktXAda`Zf1(RAvS@%uN zqIwB*^ZJ`E3aZ^nm)!JY)hEv1xKXMGeC>MVEU0gpmb{Fkgijb11eQHbY)V(4H;q2KD75XkNjB6Zza za(8>sMctjxr`H$ZbxmcjRysqOmUHrLkulY-qutFbi*&LwG|w`83JF-cuaXZQ6$9e-M-cflvITveRTMAMz9^A)q#)$nJT^6DgUjOG-BF!SjR!_oue+k4 zL)x@1lir$5Qx2Ut+tnyvAOA5X_@0L3Px*>zvXotHK@e; zVd}LEbTPp9j#EME=9kq%g%}TRL4(KM;+gO<-kLuTYCay1x=CrESpHr(t5R{?`GWEV zKKI$FjRNz5%xS$?rz%CSG(N&pGByAp6j;PiJp{a=ijSFL(?vyJFtHnKcJ5Ss=B$=) zWk((IdhB{4>mrm{S#v}b?LG_%1oJH~^3CQqlIbNO?H1zDQ=TFgR(eT}vZQ&*7^juN zoV~M@*rkz_MDff{rODC>>#7~(P_252{Ugk9M-7Y>LE$$-vrr^maziV;_9nSdx2seb zEQ3_ujkcmOxF|hbA58xr>P}B^QUeYu+MM^$WYkQ4v`((@Q3%pV@ey3=u;Ggb!4Lp6- zv7ya>wTjRbsZ%?cFCWv=qu#wbEzJ?&bA%*C``}Zq12P`-q`Zb5p!Z;99P9oqK1Eq% zS}JH68L6opPjx{|QUWqz&IvZ<6Xs39Wp$gYZ&yn-eFMGkN zm$@bp{Mj$K(nZ%}G2MhpYWIs9152Hu9^@!YmTx1u0bj}6ySEMblIV0YKn}X?AkY4w z&sCpPDc)h-kH%#TwQvLt*SuLLpX8jgIA+wJ?q93KVy3+|Vgk!J|0V%3r|J#qttwuz zu96tap6=Q$<$`;wT(tdC36r1MQpjJ}Iq6D5(=|5SMUgHIpGzI}!>`N$9&LW=sYp~B zspLR|OYE-pa-{N@6vD*KDJ7cA_#^Oj!CD-uw?dSTFLl^>X-dKl96cQ!eR|Jw(`hH2 z%poA9Iju#D)Uiqml+nIGaic3iNcxx5Wu~sZg(Xkj5~-_fs@X3kiby4_GE&;OS)#sv z-6_CGi3=bUE{Kh!T+hGt_)EQi{XJ3|ZLfil>31ZE5FPdIWjd31IzI+CCB2Lc(oUAN zc={py_KwDPw$uv#1S=e-@K*QoPdx!DiB1``K%);uZK&=taOEcee;2L%$gP;Py42V zh~=Fjh;=ZlJ*3<}fg&27z1_%k4Te6zO-KCE!f6yb#qz^+#azy~hE zQ);$HtFBl&wpf)J!&?~U5j}N;Cp)`MktmxvZuLSn<$-xeqFD{yb zl!0#TRaw2e;?AX`e*Q;zmUx>kCrz(4vj}2l&lNZ>^)^rNZrt%0%r0MS=xQb+iOoA3 z$+ug;brd?S;|jhoAk<)VIqN6}-*^gg%iKabz*ifJgH7iO*mN<-SyV3rEFCJauBL#S z`^p&7N%FjnEtdj*{b)t4114nyr6@<`vQTEzb&se|B=-*5`ljjTR1=S01Tn-=`Xo(k z4;S62%^(7T7HVO1bkrROaqmxeNf_QJ3++NF8~s9tQPL ze5kK|+t^b}b~z*Gxq&qCwMvi6w%q3Z)^ll1QCsQOZ)Icnouq`hw{x$f`jn)V3ltt) z!^PQ;UH||vuXzB1*Aon{AvCRhWejFLE}mjQMt%KdJ4XfIe3vdxSa|bupWR4Vo$A?i z$*IC4rv&*ts8#%&{qsi7j-d@di%ARHx?7kW_ zjpAn30Hfqzv3%K?J@2I9HV1?>p9Yw7Tan65E z(C*c(b{HV9Q{}OI+nn5Xdyd^LO-hmFVNaSI9NCB=m86U}qO0r5kyM|_3|q3mV(Fd@i6a_8{<){6?ryQQ+Y!RehFKhMQn#f2XaF*8NBfC zIa|nqgiE!>Ow@#P-d^yy*ASg=zC2B2=B<=vO%ggSjSAM9XF0^NMSG*3A$VmgW*z+A zx7`mSQQ%`yZa24NS=|g{z+F;cN@^~3Tzb>ov08U77O(9-g;^jQvKZ%^3bOI95l5U0 zf#6Lae!k~+uFxr&RKYv@t*L|+OVW`3a=y>*(;oTdgy}8Yx2zJ%S(ZwU?%tbUM9BlRi~NNci|Si|C!~%S zaN%Gmyo>EpJ$@_2R?+Q?shCPZnou#t6)XsA!MnRWgbG?^3d<3rA#Lf1n*wA{gb3qB zOkOLalJAlPZ0gugwI(#Z^J6%J$=A+|>J!TX1r%X7{Lzgm@>)&;?m=T_jRebMrOC{# ztrbY3r&_=&1oLr5M(4Kg*EY?}d8J7p^wEjTZSdxKb`r-?v(vD7)2Z$4dH!tfFSlJk zy?y`*vRaS3bMq>hRO$lnR1-B#mDhpmVD7P(2ll7iMg^T zj!id^6N-zK*HO;isaDcneSS{P|Mo?fds^TEoR%6FxU%Ok?_b*De{mfA#h^Mt>$Nx2 z5@Z$8Cc08o?U*-jI#cL>f6gaKNz(Yk9@v)#pY*-fHFNak>`G!liAp*+8e*e!-*j$U z)8>_Wk<>E*meU0wd47}ekTWY?$=;Su0EXS8Hi(o@8E{j{)w+;DBcC~0=-GtiL#7)H z+J(0@ioQ72k-Op9>T_B2MZ{`ae1>A05~^e%m}I@G>{r{j^A*xm+Zh=OzSoq+M*AZg zBr=v&cQNfS!ueK&rmEJ3_$o)13RL>_*I;hax9Lx^W}S$T%^i$fFDq5S(`Du%ic63D2VEA6n*`Kl|P&^qi=cLZbvA+LncG<4c+tF#N@PaiX2 z5pqq?1aDT5td9(@9el5AeB0~zcFvmepw8?iv!JfS5)0moj7*n~V zSy`2D86FHswvD~CDt(2_?*!L;-b|b=(WTx@8|1TSn}Rx-?+VXQ z^LRzLa=wCVPIdgoc9H&<`nzsrF(){EQ@qi!gbs3xPJ{v}Jmss}ZboaIpRvOT802)~ zGx81+#(=dxf!Z-^kB>krL|s@L`(I4-KV0gczq9!Iumyn)cS=&fhnDSirhjr9pTJu6 zRnNX6)ja?9luY3;W|_=IIl6(&`Q*p-nzG)SduyD~U{K97QkLHCI()-JRS4?fC@ko0 z`3+r`0R_O@N#wCByx`%8eR5VA-HPa=S!KrC$pMtE9T~upfr+x6C`G!!gC~+ z&tq*OEy3Fue<#pu@x$V1j%J*9^O$sk*~~~Ro9){Gtr-eZSQVneB$-uspux)QQReln zVS^Au<;KCNY5<%h-1wM%=j~6P^j*odO1eyY+rEX);Om#mOpOuOwa?b=Vt7Iia|T(( zT9pL}6|xG)WYk}Z#P4%D{sylQkE%!(aiqwkHL9<$ zTblIc=L9YR1*arrzD(;EmB|ZX%3SUQlFlG-l{Uq?=O;ZslY%HMP{+n$zDT-9w9vbF zwpJ^OERGIkouQP~>Iz~}ys8=~IGvufIiP=4HtMyq)+o3MFCvVs8MHqU@BEooguR+m zFK1K!nKk$4K38v1l~>Ctug=l9Xl^;o2S!t(K@rnMYqK5xakEQ^wo7mmw$tZSmv=tw z9&?jV68EK?lJXRDKH6S-C@S>)UUP4Kk6jBaDlaiC0kP+{Y4G*+5lU(d~P5*ia{JJZ$m6;UF zq6G5!Nq1Y%6@RwPyLEURHnKWv&fvB);e%x`!W&K^^{~nXK~Jsge!sR-A!HRB+VFI4 z?H$QFrz1~`i`mXgE7p55#G=0z8VjF0q6!>w`%^haGPLEm=?N#Eb?kn4ntw(=A`(=@ z1YE9;coKr?aLc3M(@@=dYiB^Ok+mDZDaeq7o=nq!NQ&Zq;jX}x{7&6Ak-b<+c`*j2 zLkZhMnMkKPEb2*!?Pd(B80&@U5|*h4PUWb=**NPc$f!PtP!yY4W;DoU$`)r>%?Dn% zY1^IXS)Y<&G2y<#9?Gg=6&!Jxr$Q_D*Xr>39wxHc)q(|`0#KvN?2|%hXFhowms!#j zK-~hMoXXmxFs~uPQi$E~842+a`jkTzhmQOrzN@ZTwbWeKR9)dfCJHn!&(@XCFYgR9 z3o9>5)3SKFtlBZZMe(fv>Id6fBw2nr`4tlTvfc>K}d1~tkcE%e<$k`}R&=ShT!iCmYwo*(q4#xX;HG2_bXvL z2>8MbQHwRg_8fp!-rNHT(De#pKHk?qMTLOfoGIA>(YX8rTGGND73vo&hzQ-7K@OzH zTzoVqLaMF3GqO1|lAYQ6qL_HJv^O;hSBbOlns8}$QYY+IOJv;ZAiN*Z8@F0Vr>bM8 zuA*(O)9MsEDv9{mq)U(z{y5lw9{1|~bL|VMNm*?h+ZZOlx_Piwl?PoF58&F3NQnm9LqslRw=Iys;N{-6V zmlGzhrs3*wXdX99D-wmDScT9K9W)js3o=dbkq&Q+NRMbEJMx<3@^K+66m8Ooo;}P8wJd90@DK66{X$gBjKe&d%MCFasv)({kjMQKj=bRI5rfj6 zT^ud3SgmePe=wk><2E;^R&1+B8>8K)xYSc*a^k|RUw6?AugM#ePj_cWbHxhloeSw7 z8fxj*YrLZDqW*~L*2r6Fm*w$0zmU_Pm5#jrD!Rxxm+N{d3)(!$fm~?s<<7@6VMV(v z3MtHvL}yNVsp3srA%6GmRmw(*z)u8_>q4kFq8I><3^GaZ=EquA+N+jGqZfM^e<8m> zgDYH_wLcj;e}|n+Ehp!&GRBE`IzvReeu1enu))l(d>goT!N8!V1iaR3b1Ds}ZhtH+ zQR-rad5qcwBNWQ4CkhcQU%~Ck5FIZkcPjUovsszXD>5f^b;r)B@mV-g*4%e6aZHCc za^tZn@YkVMh<8zE_Bo}cKl$A0yE?1d(}NebB6D?&0L@io#~srlgEB9Ip!sazj#8Vq z?PpC54hyUoJDeCb&l>i|hT5&t28SfnxGR7D>H-A$h^MA(yH0@LxD5{7Kro-wG!x(7 zzOy_|Y@}#VEC#}QF^Y+`cR1%Y!2dM0IGhG>BY@<%*to%u$2pq;rg_&obLv0NQvVVP z68F1L@KsRn=t(HwI(zBSX>d+j1(Ykbh>~o+!nFH)$v^*SViM?la6;X#-#zYl!-s;y zeQiK>h5+vTU9UqYoGNv1{|6lvD3}y6pUC{%yY?!KpMwy5$C(skeTT~B%UTL(+m+gNrY_H?}rFly+-!%yi@Cv^< zU3M0*3U4ZN_t%N`AI>>3{x~>oE+R4hjS_m`pZ{4y0VHBfPTH~m@#uX$OGMxtz%(Z0 zpB?{U$53%H$f~86D-WEG|7PGm&O|Hjq>oxUa7E;|0h>w^4WZx3>flG|-}(X89)kIc z7rN2+5A2(0ZryLdMrY4h`No6ZUx&fJtkh^Um_GrJ$Ep8Jy-p;N31k@>3PUCTbp5!% z{5fyeKm1K*<h2`=Q;Zzp(*B1A^#2{e|7{20bBda;?f!L3$w%LfKtrV-f&48x{F}M_rIFEb z*eac?P!)9k%@h&=%|Lt78x|jZAloh`C%%yXi}DmNL7Jl9lgv!;D4p>82h)o3nLoQ| z>yt!z@+72v&i-V_(MA5>BAm#|@nrbal8f8QL{I!dMhFD41$}mdOK0cEOd!f|mu_V; z6B(SEgk}{$5kyeo%=t*sL3vkua(zhe(80p#XugPFmhIbwrs)c=oJ$9n*m7uZAbpEqZFqM~A2{7S*uwqr%#IIzPBHK; zM}_>O%{WqpX5%fg)2 zzQt5^r~%SvB_nRQYiA!#r5|hjr;M6l4k8?e|FrT$2I{Ze{(na5N55XOReG*>;7a)K zJ5mBPXDlz;JlQ&sulTX3VDzW?SR3-cUxRS4cNh5+djI2*2YCj?@qTJ6mros?LRiFP zM(Or=deAw0`63w^v943c^?JSyGV$c`*(+3oV(a0iFEv%Tx%VtF4I^?T@0OzfxQ%E( zyTXTE<5K&Oflh$i(X;O^uV9R`T5q-(yiI;X3Q zX?`dPk$C-Cc*=W{6IQRWZ7c1k86Xeu5gnr{G6^`uSM)nZ z*H?xMjRhkNH}aN8Ektr_9jNQh4^~r`e%qZQv8UB4Jk_n2o~pB0ZWgS%pmPJ}I|NzA z)?dF%;@uE=c!1kXz@4q4#~eSk31iyCd3ag|`<*l*lu6Ui@h+c6RNg1LUl9R{2X#q( zh-H+30NHVdSOVSTsUf`s3RsVZiTIISbXp&QqCd^y**qR(xufX%Q-p-BJNyQ5>6E{0 z!AG)s5nuNZ$Y4^viGO#!f4znpcM}_r2J;ULCTJ=uDvp&5Jvmjjt>OwB|7|LYqeONm z;=TRS;B)NG=co_lkS>W_;@4SB<&}NVRa5H_Nz?T^4cioQ*cU#LN8qr5aNSls7)}EO z9PqkCQ^vZB8UGHlDab%H&el6v&Lpx)=2#9+?g!INHn}RV{5DJ78i&0j%OZ-g2ikUy zN<@gToK8Mk`43@xb_n1Z>|VQY&@PGJ*EaDP;HfyhCb5b>*y8^PS%VUwSKaGv;6D{Z zy9-b^|EFiA4-dAQKi+nQ5%5ferJ4^k?SFiE@e;B7XZEh`Wj_W73#p{r4jgX_FStdfpY6Fi`KgAVMIY1KAtZoi?iM^8Up0S3Vk?O}r1D5` zz^>@zc^=J^0dsYgVvFf+&$ah`r6_L^akSn)S(6Rn? zZhlBuc*ta*xUnJ4&l+-x8#Ok2^u?3$6Z^l6fV&Rlg`2V89VG~Ur2VK1QMxYcC6aXZ zII4+)qcm`AGvaQ`V7~i)y}*BcTgRnJ_p9xZC7~ChfALYFaK+VddXj5w3|fEZyZ${8 ziqQmBpo;t2A^%dF`D4HS;W_^6vqS`lCxb2IUH$*iopYCg$#Mv&{HL@(=j#Cc1~VjN z?01v?+c-_FK^178%1LOy3-NE$u%-s)j}9WJ_z%H%_c*Y^4)$gDzuOD{qb4<4K&+y9 zyQcny^3{Jr{y+YbSOKbNF`E5b`(E;YoxoxPVij%g>%$s@q z?LN=~Ct+4QzN7UQG757ilvh22-XjeDO%$t%TW)!|`P`LLy` z0o-V$dyF<^AY{@5_JH!~sKMBq!Crb?$2S4YgUuSiE~FAGNrn%@4iiZ)!aMImxZMQl zh^>MTqXk)X+|Bf>1?}`7#`E%kW)TaamJd9KpZT3oFWTH4{PIC`I)fROzG$;TM;v5j z31;7Z`bTi~38DlnS+xo(VH+@|IVx_~CM*mzhpZ>`^Ljk;Hc`{8Qe@N|fpFZes$I)k zS?;Fbkt;-!*Yxo1i@J$w)vk8q9*7BFTyv0IJoK*P(rAg@Z33n*%lo{;{AZS>u{eR1 zs)&v|66gb>U!rl-X@i{Hwy zUif&sHUn@W0qu|L*%50U5 z7q%%_VC|x&$v`;Ob*<5B%&XQCtZrSqt7%2)fvB-Tfqn+}t>tiK+874ndAMIo zP(X#l0=Jvah7Y~EQ`#BE(pR7z;$yxZqdt)v)z;3ru<&{i6sG+B7RvgDxe?QVuK6}f z$V0^uG07;to-c}jq-~|W@p^Atwrch45t5T_HW0#|gEAZAz`#J$Vhy^rD@(Vu^u>!8 zQCt=()u`T&uEXx%7#xC+TBmj!IEByH2(*Z(AaWsR7 zVwp`&zI-KAdVB@+1L-gIreNk|TsN9_7CLS>xzwVQ&huNUwZ3r~aVmR*D^>&;#3T+A z%m+9b9fx@)*n-o7DIQ}0iR-1Wx@mg($=`Wg)Gl++?lSN%)Yvr(OkQBFTkH3Hl43T+HT*`%W-Z8`JQ& z$!9@`%sBBjRd3J;6K6ZofUJMb!LT1IEkyZU3t-Jl?4$o&!CqNp9<_MK%lP+wb~arh z+IBd(E4OV1-Q$PGpP3iA^)onna(|9vwe24-&)uKk0CDyBpNMSDijt_6GnLlX)0N?> zrc=GJ+w8}`^bZWRPy?PEpAgwa9^kL3M}9DC4W%4foT!rX+@d9%Bli5Y zYP6GVgXZ_zsGKFhGgt6VA3-Z7E^xuHp4AJu1u;eNj6S7~B}N7uVy7GGWm&Ue`%zw^ z<+2~0&N12?^s78_%V3v8_86P=XB$KpkdHZP{>zErN;W385V`FSE$;aLPJ+N~1#m zK4`6>7<3;L=<4+IAf?N*NoKt_XN3iNo9~j=Cx++Cv>;7Gxc@RDrT41id{C?=q2^%C`*iZZ|IaVSL)kj$J2M0e7 zl^VBvi=-kRXVb?JQHzc{n(ujiGry^M><>ab4xmVfUr{YNdVLuXoF)&e6c``RFz*1j zKvt#BY~`5srBd$xa^m878}F4dQmh%{(V*PgWr>aMXXph{J_NW%nQ!k?5~%@jT?T*? zvShbr1Jzz+gFgs=)!PMV{xc9c2qg%`uZX?Ou#m-QA>T(P$*_|ufWB4XmLEH_)UW@ey=48w144u z#_tqu!f?Cj5Jg#`nrU}VL4ww}XJ1fHibLd{!+BwSvDT;}IBv3hC3x(LZ%T~0*}8TS zte=Wq<2>l^3?>rM+gN=H%!f>KT@sl(vN|*w{?@ksfQ*0SmO!y0Ic?;{pgm}}Gy3q> z2$R?)E3kGJkX21lfV8jw0zK(v@(z*T7!o*o{fXjuZXI6EZYaKNp-SQLVkQIOlK6VL z!3jG4>>I0qClm~18*YcT&yjk~(Slp4{W*19?+QD<4X&A+Rh*tcctKn9DI$n8>4$M& z_4`c@WdQDe^{ne?1t5^L5O7nYo&?}k-{cuPqHfw;yWj$LVdT%j;7W9LdqHJKsdq{J z_9NT6MLd&GgbsD)S|y z0=->YalT>mb5$_6`K9vJF?fJ%JU`_Nr;ewhK;y!8+yx+_T65YA^F9}jI&Lx}A@#Md z8rYZ>I#bEb5{~-22ZtW{M?sOQq{q({G|)DAV;QJS7m4Lb@16t`8iq3@eU}JUyyHc2R4zfUMmSA`|{>o2JHP z3S7c2&=L+O*a>dU&TNbqbs3{$Pjl9O)w=%a9wev7dCUv#KlVFIho8@Cnb=@HoZZ_C zsC<1~8meEwYJ1xxHHa^XcWj+1=Gik0~u#Vu>Zo9~`@xyv|7QzEcV$>a5lxb=rP)2KcD z?CP1W(Ab+sISah>*%Q`7>0``fS8Rl?n3vK-OhBrdi(mEJSn^fddaPnrpr<_3y{9D* zzdN<(ErY;gx+=A|U&T1ozJ+&oM4w^9Bf}bYnuB8W1jKN9HvXei0>&1r3>Eh`8PUth zYIo-0J+JTVzliZfWQ=%FAKR5OK0Lmp z_x)XURoWYmMZy3xL*BF@fKy3px``T=cj98u@Kp$hZ&ce@wVQ*%#`Jxri9F+X8A|FI zsi~>Sbx^_~-})YKA-nQfKB*&$i>5#>qKlA><8A?<)lm>tk0SzlD9_BE0H-CR_r+j2CTF^Iz^-7yz_LX7V|+Xo8L}j=rj{~$>9CL!#C}V3ZW1~z4%VV z?!*56yo{@AT(+kD#t}N(-K&>&t}D1w6t0A{iHf;9@!q++`(@3k0Oh3Zpt(A%^T$G_EY6+^i~hBIiPkxV zC+X{3U*#Ju!lZ*!;){bjZ3u`r_?X%wjD;`?6%D(VtpeoWid68}_e$G7628$FAXOf7 zJw<0uwYks{K;*3hkezKfG2wx_HUfVgzdjKw>|#e{o=Np3L*)$1QD22D-bii)vJ~9t z?rECo>4{#SAQMH@ZU!%c7I7kF{u(OWrhjm-*}4i5O1Oji$~avpU3(#bD*Q!kTi3`i z4q1`9@;R%p)ZD9SCDWMz=(f#onDPjE_9cf_7PENEoZ=MtwDyP_qTyGo-_p>BiN-5d z?;WU?TRY;LRHeKT@4O@gG8DN^V z+$uuuHqLlPb*J|u@@0LC>0>M1i;iu6$bsOPhFlO;vzNPLH~mzFH$=Dvg?MRFWdj#S zg~$%C#pcB+l{F^xU;;yo-X*aiXY7m8S_-pNRk@Zu2h$2OrH<$iK%1M|s#H~>pL4FA zlpeAcVC9c5t(>0Ad?nYC33TRJnS~;i6-TcwI}2P|c7|Nzr*qH{_AFTrt%{Aw^xnS% ze9Q%!!mO_DI88Wz&rh=|#v*IK5|BRcz0hM25Gt#rIpBb>Fl^9O^M0?ErMqZAMKdz6 z1~;gwKbWn~nt==gSBcd72R`pFi?SjnTsO4E*Jw=Y(6|kd=k^Z| zWWxsHNKVoy*@c*UZ7!(3$Yqrse;#b^Fg6TOUbM~OSBgZW{Fsa)eat!XQ%5XayZ3JR z%llabuQ%<3Bd?G8DZEVE#0tZd`DxC^7u9znEs9u0@8|TjG6ar($YQ&dyR)fWu-r;Q zCZQ@DeVUD7$HWmcoFZQ~k$w-_Dy|Y~POGqJI7cTU!=9?-aJp@fku*~IRi)=%VY;N=J7h$AQz3)aqe;y|_-o&UD`Xc3 z9G7T#M9V_PXQ`!w^DNS=VT`J(kJ~c2*z2|h0I7AujScTEBiyYt=JFWt5MD2TGi3iQ zefcAxe8-Dr94=(eH=k=O->`wcLdQE;x85sjZ{Q`NcYF}&w&-(@&^Xi5{K4;{#;_c% z1jFVF|N5Q}e)JLKEB%H9G8`ttONY?1f;^NqKo?FxA7Ky#RNv@xa>5&Gs1-P55{oAn zcl*Q~KX9H;3dUtzP4%oTlO`UQfNnzPX(^h0(MEXNG<76+%|nQ^3{Pk!kaa=m-ZE~s z$ZG-;OC>oHwY z%mNsdK@t-iE0N1$*S2IL=JxWc@*Nt1`469J65jp`yNSw~$Zmqp#srWc>L4n{Qz?e_ zt9C6Cmo480c>><@^k{ZW@2JL5Hh&LwEh=2C)KVQ#^;4F+Q=}t47H24uwX9ce2J_8) zcA?nrYkucP7fQ}56z1!{4GNdTKzvCmI4yo!idf)#=@O5de1NvG1U=ImvAVb`%|W#1 z*dp>i=@xCM%`7CVsu1+-X7Ib7oiTS9-HpS;{546%=$t+m+;nIT+-c%bZOO`$4XNI| zvv5CixPN$gWo3pSNz~407WM6l9@&Crl|JaV!V~SVRqT-Fk|;=?_K|*(ozdU(a5-l2ZF7 z{~af)Np(%l1m8eoL%nFd#ur36lm)^XNJ}!6E%4|q!geI2<*qtqDtFg(=_W_g6`YcV z9AwLI+-@w#SJX_#1@2`MXFDzFTRS>B>e-Zr%#`yzG$Ni!TJp|n`uXvKHD?R_>57fL z;&oKmQ?U&8)~CuWo~Qyj&rG`qcrM@YV4?NrZ)%(4Q4(DcOb_{$NZ%BVLZ06y-E8Vx zgKqvD>8x?~aXwY;Ii%5<%>^;k5(7A73<=CxTIxAk1{)${|611kAIB8GW%pUf zi|cjI19|F+bh_i?$gWtTI9^tIy+d=fNfTfnsvav81k5E2={&Kzo!ahBoZ?&%WUfcvRtz; zc1=}YGIR7e8iWs^RwJHytAt~LQaybo5<)N&1myPtj)7ILj*U~r5pG4ClSjW*#jK8J ztJS&-$MY|+5kB@dt;Feqtiqx>`_ofVWsTM-)|MjO&ND*p3n8=f9jt-iKsy?qyEM-8 zURou?cH~V%0W#<+B2<}Y*?wI$$@yb21`5q_cYnzJF#3E2rszu9ubS}Q`S_CaTr3U9$Pi4hqg=)8T$J z3*qYnz3j^Im=>Aa^G7(E&@`ab3Chm$cIbE)ib_Q%7{#R9SVmgYBzBeB$>>881vkxR z_p=Qw9Cy{YLj&hm<{K6}93{9E4irPkril>*=x=ClL*B!1d5b1i_&v-Xg9vWJP(hr#qF9*B?*VBR6d@1 z`d}c@e@r)*peTq#DPryfO?tr7^Eh!`ACT8=d8}7OH_Ga?7&r;g?e(7@=4N)%eyz)l zygs2W;B)%pd!mL(wL;^&wWffiO-o^xM`=anXOwVoZzZ2nXNVn{bah_Z)P__jnDeXcycoipX=fn8Fc>U z73YLoOoJtPfC3W+?SLL5yvG;+dY!ub}neIoB9e@F1x+tBh#61f{p_8;{|F<9rbIN^@6GQXr@uguBzK*Y~F?k=4wK9s*_P(hSGt8=m1~$iaBZh86$>8 zVK{2pMQkQOH|+U4m6jJ>d(vXois*`I*~YsP5}Pb0l&5Zcue|vrq((zSW7jzsY887{ zTT(4!(=P>H)f*6_i>|IQ@F@=tkN~Fr0$5*O|xJ2(M0L0lBffP%^v~v zJRkheQjy$Cc@g%91s*)s_V5tg>lT$h?Tgt~PgdZ}Es<7d%UQ`bC zKyKvZ9ec|Qdma=6NBV$Tl+bF7i`Q=H0Q<=X-a1V7;?6Qg@(Z)70yCGMJ$DTfMrwpf zAuD|z)ca;uK+L+QvFCNRLci-ct$rVTJ$O%%OgdMNJO+-+1MnGkPVz23db^{kHB%<^ zc_7v@NT$d3<0~(JX;NNcMZV9S!&S-UuK7y|5Q@VRBO77wHf;v`A+HT~Jem%rAB zZL_TzGz$COw;oXR%9SDG#UX@zkq_I4P5Ci_pH_?8=iMb4ZuL2b%)3CZ7xrxrYYle6 zFyYcLb<+)lIrgn~d@~$m(R#8>c zkh|L%rhX0_*Ijqrma^Hu3lT{9D&E zZ19mYm^4+1$}94f`to+|?Aqt);CRb7t4pj@TW)YvnE+#5tx!zxojWw-p7OJ|vqMbH zgC90V9HZ9X0eqOxY^p8vQC)y9b~JN zbdW@xnrYJcmu(C7p&p9~iw~Qlby2p6_KOGT*P*~kKDNS_?lDo^CvLXitT%yb|_*=_QEyy-E zKf9$Vt(q*lxmeCFep;_|F>HSL^88I!{fU@Qc{=nJzT_#=+ky*g5^;8S?bmdAoUjN| zHmsv6y}-MCnn&Ip{x3^f%|%5=-gq0n>3-y{J+=EzD|V2MOZXP(3whlWc4moGOmw1m zAYMG=)dN+tWgF$RWLaa&v*uE|t!=Vq$5`xJGavGl4>ZAjXyR^*?nA9T`S8{*mb(bF z^Z|dJZQBnEL}pSht}dpJ)~@jVc5L%#>ab+~Rqc3_Dr*bX`@(KkecO)qR>;wLcJ*i$ z?Rc};GH$~X>oo`6gnpLi?|MbT|Kzg%?%*e#)W=d8rNI2{u>J3ldKXiET%bw1fA(Cq_THSf(RG7lr?B2tVHC(xa8bK_$W>Gk;vT z{pk2%I$eSilcOlZ-|omi{mv0mwJB4PE0hQMKYwzR{h*0i9{0H<^dE9R&p!f9$p8Q6 z|BJc(vDW`_VEO%@{$HE?Ul?D*%k>;e=FdFK$UWsVde(K@0S4cBXcg3Mx?lTDS->*o^#~nplL{MADjF=6rK^R#J@=Awx$jrtHR9q)!)XT3 zX}R&5@{TdoqeZs{k`aV8jN9Hlt8%%xZXvli;g@4&lZ;(e?Ya9Rd8RD~?Z!RkD_@gT ziVVnd-aQSn;mgAO%5swHuRpGyF=RX+9&PVe`${{{@m@Bs>DpIVpzAL5U;N8|H;h>7 z!#4|WyovLT)8CnJd5SEAq7*olezrlU{N}bnB~4oSq}WMK6Xuy(hT-b-FmzfM`7ru5 z_)>6T?298iU2X0JU%NTZa_>cTO2b?_E}mJ1_V(8i9B z{C+I!&NOk{33QXR780#W73H@fhBoUuobv>VvszR4j5>z9O$E#7#1*Mr*gJjH%E zJj-YCPVSCmp44Zg9khXgvUCT1X@&f%*bB4ll)kp}KbBH5NhG3v>sW_@4K70t(RUnd zbfaAvPwcC2E4G5fZxWid@^sEndrN#}ZjxMCt7YxYU!M5CRcin98u6_ovySfZD<&p^ z|M|zg{6?H8Fr%`0c;=u;e=9(@5Td01bG_{4U;f)QY(%{6XO;)p|Kgwi+n?Skf%~IS zsQs<`Ur7iEpFm9pa=UEr*vEexO>7jnf3mZi`d^aJJ+C^jbsz;@x@k+t+Yj33FiB~6 z-9R^__p$X{H9j)0uj3LO%j9LA%M@)-z3`nZKUS?g$<~_rT{f z_{m=$es2Swf8ge%HJakMwpp*r%ddy=Go6}$^Ud}1eUX*;lpjZQ}p!@OG6&{jkGSIEk#b^aycc3)5+OkNKrJlc|Qtv9syq-%BtLNvf zNgAkqaO=`m^CSPOg?sd4Ze?d4z#~J?dbym|cq3U9m3$nI5kJoGV+j^q2>nw~Kn$Wv!=?h|BXFw$LpBNOf0d*l1lh|B(ABUX-pz3-`x z^|Y&G0kd~51UFqx zr{$w^^$CF*rucBvT>-axuqoKP#a}V)6jr{n{$s-28qTED8EkpG6WF;lg_v%O?meLb z0kcB9XiC!X<=%|@Uvh$<^K$|a>Ke8xvmJ0NoB{)w6BI)C@~@84JtjFnqr(kDaQ|(k z)V(QJ{#!^PI_TI9u)#5g`}@89k3a1xzuh#5;`(if~(XZo$`0sr8 z!27)&h)IL~JzCxn?*q=Bu{MZ`8|dCY_GtP4bAbO${y&rdkL4f4`2Ml{A8w!i!^hs- z@#hp?;5(fyC&+)uyo=4sZi8+5Noh`9-?|`~r4oZQC#E*|Bh?eealy!^G z7lS6w#+1b{0Rhgcr9bluRA&5k2E{5khj!k>y=#+_o*>OMU3RSze&v`l>yKv1qX~-f z_wPv>7~INth1uh~ySbO^<+Uk+oE7^!z#6N$JVV&Ii`_CF>U*4S%$Q%bkJFH!i^a|9 zH1PbbYMiP-Zp&4uKTTorPH{v~YwMhxD-1x!sC~_hyn3$I;g9$e(fNXt9OgbWRTju| z;jjI?)ms$WELoy@8Th4In1J9;V3r*~h-0bJRVTLXma zq%%4?xw>3lEPleS#|59BYdHEjC@ajnq_iaTwDpAQqo4HtCUrXF**Ionl!pEr}mfy z{p&7D;k%@#u&n*JNcEx+&-S7sTWQq|q3IC`DNeENDDpb^&i1i*@RLyCkb~CZdQ+*r z^yiq)C~V>@2m9fWsNPe@3=ljl_t!{|!nV@bpLeCHFxzVb@y-ETbVW7(&Em?iHa2n* zA0vXnhhok7Ogr=C%HV_Mt_*by@aOi+xb?Yla(GGNc1e)kizdh=f3amMW=*FXYF;yF zvF(Qs)tqinrbB4h_m{!^Sh8$HU4lEw=rJ;`l-8J&1DTq3gM35lG1yv~?48daLmCyv zKfWUOfB(Ka=>2`)>GGS3Pe;8QxqL#acEWlIFJFzx!z=iv0F89L?aZeFqmKB(!ZlZ; zl3A2FoM*8dGt|5Ejc2e2;B$92rzNMVfqv7??kr7;9>QW-Z;6fsc1sEse#YQA*rQ8@hH)<`jNqb|H| z-7Ly=3c*)?y|P?)XyBYbRmc!NhUfY27xFqF=NE$&yoxDMqPP00!=0PSQR{m?ID@)? zABaCt+c!tjq^oAnS`*sh)t?853LJYyn|Bh{jHzsaa2u^m+}V;K$D8YP#U)Km^%@{x z(zAB9wt(GwVm#ZnHFNHQzrBe^tgLnDaTUIGqmYr3eyuFI1uJA=u#AjIhid#mz zaAk2^vyKzY`X&pPgTIgwlz{>Oi!I`s8>kw`bL$w1l8(vt9n5v%ru<2A;j}XY^LcZ= z=S1vGb*iYZ+$ZWNtzc5g+}^MNgn%t4hU{}b-R;`I%;b--=~}# z9hFadI|5KLZD{ zL0;5a$qS{~@PWH5q-%Q(@8UvhzI@((Q$5>hUnQc2%hUaknwmPHv3%hqTjHl2UfzO2 zj+5-sxE74RuD^(@NivzfJY?&xhSRcp?#Oao`CJ9Q)4mo2s$STDHOomlszZ{+_$_(M zK4uy!IdZ+ORmOf{&lyn^>gsxUFt4c{u6*bWVbepPhHhwW>g(0tKg9G80?h|iO-sjw z-&2SBeZ$LZ)X*;1lH`XIv8jvW0KW>U!i8`_R}G4`@9zV3@RwH=4L!)??) zMU{gac<}pQWB+d(rhmUC#S*v~(&!P9sU{Bf7LW2w-Uq8=p;e|2#?Onn-icawBd?j( z>x%hg3d9AuGLqh9r71)EXE576fQug&TQ(T+I=Feem*qoZVq(HBoxG#94qt50XV+8r zeb1c%{luyGs6p47FMOVvnVHMxOqN0_T(?_AQDju57v358AM39-rZZ6Hq}nkL^D-jMX|!JEtGp#oz41RS}CS+lj)%T4pdlTLHJ| z<*%!)M6G+X3@;@qJ)bYJ1Z&t?RaJFo%s|ZR7?Z<=Q;~e^T3cy7@1o>YF^=oQcnP40 zFzmyEaJjULHqqvYf;XxUQ#U>QnuOjMXL1z-5kURg(@JCg7A5>*GBg>6Vn3d@c1nT6 zVJEj_*<+5Zhf}K{XV`fS5|}0PE~~ZESz6+mz~IvMIUYMxfOuvH{t-Ky)!x}jNz^dj zS?*RR)rSUO1)5Y%vk=7MEn&E;%W6b+jgoX|Ex?{qU}W#e8nvdBEL5z%>ve2+_XIZ) zyxgx%V4G^H6xAvj-nFa_l%z_h9Ab(lJQ%QAm37A_dd(;lp+!9Lg&|EZ$UeoDFGkU@ zKhAg)AK?1XcaiF&RQ903Fl;=~lZkC$D)!Z>84CWgW!!LGXja(=3)ivgBBFw)Zu%L8|^ojsQK{&mS26X{|+SnMTFE&xpkpKk6Q!% zTfn#TIqH6XewNB-FU?fq=UK$OfiPgd`z#xoEl0Tf#^rr9&ZogG0X+vkJjF+qgJ|OcSx_?CLuYXaklPt!Lzfk1Z_7(=@#2 zaArGoYiUGqW0OK^b{_uG4GdwS7;l6yydv=z7l5^6UV}X5qarHwgKmAzA$rpQA(yPH z?Jc)yX{C$JUGT{9{7~&P!B?Tj$r2|;nB&sMy4#3>>V|0nW$#ljNeQ$7=%u_|jEFJ2N|9 zi8^O!D9?{)3JiCG%(=1s#y5~#-AQ0SPgQ)9E{1inHiFM2s0TJ!R}+2a;e~X48|ge; z%XHXHTjSi4ZCK}5#lh`DgL z&aj?g(ax^TaE!slkjS{QJbgK!dPk2h*(Q;VopxP0Z$C$sKN7F?YvANFE?+AvM^SiZ z)X)UTN-w*&Xwov_H@5v|r5SxI zlYO|O+6$^eAxJA=CVeeQup~L=>C=G)SLFKp$TIA9KQaCL+#v0IdQtlVo|FywU@wqgR+uDvc`I5`!cy0r8G5{zfngr_B!X`Tqlp*$JtMT%J43_ zWX5AoclR=RXs7M|X8wD@ZT8+X>9Yx1_f4bpDIAvEw#OyKHizE!(+#$_qazCI*&qO$ z*4*sy0*@Q2;Rem&5dDy+H;ma~Pa>tHmjI?!^IIkYx%7*|A;6Sgz#y|%Dp(X7LX zz>Mb?=Ea2YLs67y_)dJTUj0~14Q!)MKI}A0<(LZC;Av8FIrcSfN2wlU+_%4HI$QpZ z){Wiyqo#A74@aimwlQ?=Pl~8HBi>~UbvR3Z5mqNF%IK34OvM(4SXJ0Hp&*(@CMI)A z8yZK5iK5HW7bY)aif`N)%H?BYW?s5g8?<6YuRKPdrB%rWacNewoT;G!N;t)Jpyy{h z(a_NF4bL##u0S@T)0~0jUlZZIJ%e~ADR1}e$26D*jkd$>Lh`s)f(s{&s)nnPhD|-1 z7-L@1cC1V`ZgSgpA;pdqos3VT+G1(28sCFr=*&4>*}1ISi+{MOq(8n#`?4Or`pVd~?emdb(>^8G>~2TDJO``u zT>p@wRTSgSLN?qB$To+(Gtcb%V!)vI$Uu@|0FJ4IML0e1Jm$Gx7OD$+hu`nxs|ZX@d(SLu^p|Yx(+W9 zMduJ6AGLoGs%b!ZM_tqexyj7sV}e}G1o@1l?rgzKZvUe5+AYmq?UIpYh(75-?1gv? zK7AsT-Spilqy{u`)E}l@q75`H$&M)lN& z7;(-}pBDIHe%sIxBTxS-!2Ht~364Ir(lVOMYPd?A7l-+7IrYCB7WNWxOp)uLo1D|vt%n<$IJW+R6Q6DT$n zWj9bK_6%}qZEfB5gU$rY*TSPjSX`HYdX$np$KWiV4-J>Mxz_6XW_4Y&4_|sQBb(Hh zt4zBieam7-Cp0YC?{pS)yiYiG7TG|BdjWi*aZHnwu-8QV$9#Pk#E z1ML=y!p&fBi(alLY{SQ9KwNbc<~Qv+5QHg5BBL+9kul`5$BGo>>&n%decuL5mjK!iNU>pEnB;sNogs?>`&F zVquT6d85|-2wP7-JzGG1au0SIuH*jKTy}4ZKgG^XrjYzu3f}y@Sn1m-Lue#_r*zlw zCz6gN*#Ivnv<-!#HR;LnYB+f4CtN?Mt^PM#X|rYj!OOAnS(MGTY>vSB-H2*`1aE7g2YVfs+7P1k2v2+fcxni zQ2VNX{(Z3mGgxveHxQ~Vt6g^g4*&Zg zCc!ZUn`a*X-n_+sJb|(oK+1>6yfZr>Jm8uqxL@eqUZFVu^CiVf5!(;+KG+;o9YF}( z-w>B^@_=veAJhNG^#6Zs`YGif6(Jug>2v<_ejbt^^IaS?219E|iO!KfZ^ZeE`pi$_jehg0@!aG}rtAgR^CM3rX)VD9TYBl&$=IUpwph z3vQsJE+w*@h(MI>n>Pyd3tkBf4}4i*hbZ{j95R2}?aH&x7_Xf_zt-3i-#^0wJ5%pP zhPG?}(|7ML&DhI2{O6kgh|l|5@9)cYdljp5UVQ;>v|g z6`|A7Kd7+zuDlH}Yyn*!6Juq~8jG|38zJPKtxG5NtnKjK_{8s#by|;nhen6qhY+e{ zt_EjLtF;S#_gxBgB)}KZgnv_+Q{@t2(V0%sC6(AC68PuJR-krsI!Vu0>>If@H&NGE z$J`Kk-`}W_pFbc))hExTmG?($OVPd9bX{H7FCFYw^@S%NKG^iIHF=L@>!T4yQOoq~ zZ%Ld>5dU&vu1mR4Pd~mfSjA7So|hMD8ZDT}+TVK3R9T6~^ajxlDzKBx@RT{Og_#=E zdH4mkEDZAI=|4w%tRvGxmd_vCm+iYrQKpo~$`X<6baZ*xt8VcwCjA9vCp1*XjwvF( zzvz$RMD_^N2J~upmTc)OVU#N5h5`(|&n-YNzuSC~=Hp6LKK=Y;W}W!?uiQ{ufsNT{ zKG7fZa%Lu91m=<4V#T=6&B+ObINseX&+<`2U+=9Ci;wMTs{#T=zB^mDQJQI2JF)HS zOuN*De+8Gl8D1>p$SkMDyMS-LxG3ZJ9}Bne;)t3S-KrtwzD5|rP6Qe2sl|6UM4uA< z3C=!x7IZZ|`0BX7NZTS$jI=EQja~a1!QU4f6D2N+&^^4>Z{J z70UiLf)ps&{-R>E z7VKa=suOSS%fxKH>e%`mZ^X0P=9OXG8a?1@>!V|C#)MCjTGH|7DK* z`S6eB|8V;$Om28`!5c5WMX8A$;(v4iKNfqT^=sVCBU67N5`^vRDoQPv-D%z>a`-7% ziJQ!YZB8U}d8aBRQwck_4BFQu6ILlghAl-8QgSWwc}eA8L^i&Gd{_z?r&}8Px;H|t z>J~UG29C4XdHS_G|AhSN9V8;nN_-@hT<322!ruS@hi5Smye|Zc-25Pa&p=WVVRa;g z>xTYpCnP%RroQnl3jz$*K=pSl+*=w#3`d15M7V;r6L?Yj>WA3h;!l7RdowQYa<9ILQRedvF+!ibR0F-~nRDKKw#Y5p@3;z@Y`{sjyX2`} z7O-%jfp8E9vg!lf(gzmtKlDfo9jP`A*t%ZcrMB%{b3Xu)bd*ZSNo4a6scetyKtN zz36DUnbD^|Gsv(yRcn!*QqY)HUc0$WAyu2Nw>J@1;Bm;ha(Oan_Du}bXk#~77+wew%dUe{Q1KnNRs%HnxZ`#XT$ z1MJql)i-ByjcdH06d39ZIHDPHQ`1e-d)BVg3%I(>mtz2wDxp3XsLh0l5k?)J*9YAR zSsMcIx;ZsbY8I>(IH`-vC@mGz%4w+rC$>TS1YGDbGX0rCAS&>rprD`@h8?2tIqMmt zE}^R{6Ui@{gvpbh&uh#&;#1?LBiwzDjOM=cc86#>%|>y}eCbr0{Go@pB_t$>=jFL` zSv=40sH;y{mHs)W3j|oO!}jJAt6Q0x)Gb}j&%`Jy%?E;9AnmRR*cb?`=YeX~)1}Sv zBk=(K_F=ecttvow|F*Bt@*PgRJxNNJ_=QVSorN$?H(tX9Q}fz@YvU8cocj^uI{-Km z%z{z2GQ;E6mkZO8^ug*@-TyW#B2AWqC}ne=OfcaVgy#s@`(>Y#-O{w7h8e- z*1LU#>l!N;BVac~ZBFrN2Sl1z#69Um<1@|0_`ne`(g%>kFIpRgO(oG~1!Th)W*x>^ z&Al%B-%8uoC|gY=lwJCMK%Q4r^bnxW5ZYF*3qaF}h&DBVjYwD$0b{ST+ewjIU0h>x z1emS;phVDx_8Ehy^Ay42^6-9n_|BKjMf)nMtt(4P14T9Szo4?_iVg&nD)KB6zs@Dy z(Eh3i^h;Em$h*RP7pMx@9&3ajE~~O%C?>mKlQ*`#u_;4|A;R-^jkMeGnb7p$ksh=d zwvPzlDYkohem`OBXPUc|@$zF}z~@sGhQ_Ae)>BdaET-@541qe-G8aZHJqOjM8_*2b zg58>5QnTz9vVMLy?}H+|Ka5*<+!yW$zqk~9^o^5w_7*r*7Xwg+p&EBw9V7gXUS2o^ zeN=s^J(P)p%V}8}m${pTtq_oNs!7L*YTpXbM%{$vbQJhmP!p*S6x~owpU# z4j)mr8MrTb?DW0p^Hlo3(P)Uf-)5i>xox4-N~3qo&Ge;dp1$YdvuE>c{;&zE!lcsS ztjvey+8Y;=I`Hoh&7vyFX>wiGW~RGeu}c4QAZ`MOBg9A#x2SX8(8U$VsY@6@(jAnN zD+s>x)p3K~ky2UdX=!7f8S>5zZ!b#ZkF+Cs>G+MG6ldwpu2tB0E0F$16>4MEex6A% zza(`Y_Z2QEyn*^SBds6pLu+heJO<=-92BKzCc|9R~Hr6rPvcfRA&5tDXSLD@!t;8!#( zn{0u5&vYc!GCKSF93qcUHk7ByH)!&8UaVpt-e~tBTSd$SV56;!frbF}?97-~9TS-F z9{KS^8f{<7tGI9IX1`thHhNpxfCZb-+U9H2G1jH3I@v!2uMOXdm8yEQCh0WQA&(ce zLpg@_I)-ZMic>QhLm&Pg#*v3mew>-+LlXmsAm107zm5YW!3)evQ&y#$wsv<~)>4(8 z`2~yk)p@XP>urc9`Ku5@_|CR03wNamkMP18IVJAO z>Z_{^^u>ct(s4~k4r0qmK-V;qI!jpX*-Q|#<>(P~Er67*%0m`6?Q1ioJMu&h>~D_Lk} zGfN*NFD3Aa0ybd%FN-DkqRlxNmKvp+?aC)oYVab?b)hAjm5hEt&8Gd4NfRlB`NUZ3 z7yoNy&$==-&WF0peE@=g_;Q!oRF?4|b8W`@yxfGBoz;g}^tVfsb5rN@3x~aUZ_COW z#b(6CU3@fsEkwf(zfA|H!_u5j+L%Z=NEXusP)B^2mG{Ll_MhA>Kfd;g&htOtkzAv0 z`QZ`i7hVs)_WQ}QjycyY-l2fD!8>yL#JTQwZ6dy`Wbp|WQlu1Ap%*1QsZ>{cL>3B^ zs0F>x@mVRaE%X;p?3T^1#SxnSgw#yphIiQfMK=}{MJ%3KTKi;W?~G11fo~qMF;?gZ zx}z}DnM7Gj%WG)S(eK_7(O{;WqSInI-tdCh!2_uFZLCNCJhBy>ekwxQ3D?f(yja@y zQ4v^iy&(p+!I8mQnT-K7k@Hv5CC9^)5zTVQ2r3?g^VP>M;;!wli25Ty^cH|MmE<=R z#25|a!y@Ot8BpnRYLw)Z&`O7L){{JFj5yi$&c;+n|Lfa}O@I+l7hzabS(3~Bn%C)D z*x1z0`e%2t4^>rF38JCVWxV!_QRh@`$`l@Yo>Xo(y44hI+F7ujQ14mI=fd$_9rF4OaNUbvG2 z?EpxR^MtxPvsq1~PnvY|4iA~41!(7HXP>XncG1m03SJl;N8n^+ZY{;0+?biCYbvEi zD0h{_OrhFSW$4(UTXF-|J<;42Bkz|##U@joquIPhm!UwY(QO8cCc&Tc`cwXk|)i-WI ztY5US&6O|M_1{yWepauaJVhDW7H@wo>+u9`hs#w6bU_9Lm4c21x)#xGnd{DzAt~BQ zOrA{3&jaqN%o3HC}ly+C1(5wK!&bh2A=8!nCX+7=H=Cq;-D z$nErpa=q!%a^@J0`STGJ)bkACO8n4t4T>X2fp=6;AE{_;x^G!8uX+IC=>hs&bGIj!_fXhG(m za6tjY;nAU0wI_yc(p)v&mxpfo8O-CgL;X>Ok#npE*r4DT$z^?23@}_RU6nwE9ySTZ5b$!xq&>H)R+4g`*gIl}+ zM_Ff=BaOznV=`gAtR@lMu&1VSENqn(o0B&~-3}G|rn}lfZ*70;Q2S#Vv)n)bE>amN zI&26|7Icu|ov||%+MDgFV^fj4=ZHxJ^uE70h1@OH`@X$Ntt^@vE^R%e>%%~m&T^Lq zNe^T;-HU9-K$lddC_%|EW2uIW>y|eExDII6Vt;(Sr5nO7qHh@LP**N@ZLUK@!sJ^7 zo%R6#`ln-K^W<<|92TQ(D91?HDD-(g`wA-ww8Wl&u6{*|r3D#)Qh?a*6Wzi~2wPkB z@im@iUk>l?_SV+ZJ-a&*VGx*cMyfVNFu731yc*D1VmIm7TcP>i%hMTv*JAd=@atx< zZ(6XQ%4ho|YTrEnb<#>dnXuOQC#SRDu*l=grz#HLnBZ{TUEUamT3^-zXkpje&5z** zG_$f?kA9mY_Vn;3&k;&DXo%iP+0ev^`!ZQEFYmV1Sty&MKW{SxyBU-4A2Z+=+8q`PA z^d2UQ4qCTpS^}*Onk3mzIr$J5x!vT}-ifg!v7M}kK5W07@!mhQUR#<9$1?-E9h`GFA1Z{UF zyP4UBlWfs$x~tVa0QQY<8ZtN6eOh-2UYUKbBO#}goRc6Y6TKqtgPYqQ@7ebg2B!}% zDg4W()#a1tZMuo>JW_pY7$glbj<{4oT$rvd&@B!4^s3nV_d`dk=dzKE09DJ?*F1L5 zXRJ|MSWM0V`w&PHNY*Wls)r89htLp}inR!lC777<#zj7U4GRHBKQ^`MOnj zwr`4AJa+uZ?EC9q#q_%JYD5>2I>K5#6#L6qGH9-e2E8VAW4w@af$Vbv;{AK2Vfg)d zA+zkDMR?g(QV9_GT1lo`DC=LeTbxNNQhRJ_pwc6Xe%JlmH)Bp zYPvSD<%_?&=0LP+;-M5Ni&pG;7f3W^M!?>2ycQH`Y(6VUH!S9bHXA%eX*Y5E|ie8{oHZugUE4HF(*&K)p_zdpbJgO$5+U# zt{xe!xAvKgt9o9IXPg{~yhzRYM8Qh?dtS|US)o`DPe5ipEh?$Q3&`jnZrT^YrTDWB z646DbIZ}EkPCBkG>Bv#DQhi@~A-1A#5Tz0T+dtCQ+L|*1_$zl1BCyLU9Bh7Y zfT{w~K@Q4+bhp3q5#0ef23zgGNpVsC`GX>b`+*daZMmwk#J?`1eV7W0^MXaEoyg?_ zxHsZ-+lYYSn_;D(2c@X&2PfSqGXo;Y+5dK~{_`3)GjQb4xuBJLa$kI*f3FV1asV~% zU+_K1nGG0k>jGH%WrOU67Y{W2-$|e#Wil?04m`-igV#|O4TfLroXCHG$WDCSu|(En zXfe+(qW1rWD)>(e6E6m56|;8PogN36JK}5>Xaeh5u)BXip!l>M82;d52xzy;-?=mE5*2z4*O6D03pbpX4=v%KJ9DM+#*-k?)TLw zZcn{bULk_ibl%sI=`<;cD5nMGNlO#em&Hean02fliEC)_ndTe&vvLj!;-L6Wo>WC! zm3q8ip8hVj1Dqza+nUHNJSRrVB#(N3UpXinn^q1@VctG}!(o#=-w&R~3|s%X;V<(S z=NyyF=2YLA$;!XPzSlB9TcRcVZ@=-WJiL2b`G?W8;txCNja+l~gP9y9hgWV_%8C4l zZiDL2K%R)tW9YWWXrdVQVq(9paVvfti_3)VsBf&{*2v#?upTef$QtEPcR%(MqZLW{ z0GZx_G1ZBeeKfPb?Pu&I64CY7@g!QqsEgw`WmN=4m!&CZ+I@oyh3=7@KYWv0@!bn# z=ektxnQ8G>XPVH`W@Tlo33Wap5GHMx1v8XGU0%3qJjBj zU$2(hgH3;xMr{bBoLbnJEQx!6snFAFt?BOgGL_SF&|>SC9A zZ;E=QP9)J2x-DLM>ne$5xRK)|i#N%Z%+d*ksCS-FTScYAXF0d?$@k}nH5Fs)jzDqU zr_T43tFFhZja*X|u~7~oSS^@Syn)CuWnyX^}oJKl6zFR?_Q%{o&+WA#RL-ubL^e zZGS85S87{U43cfEE7Ir)>^~zle8TI3OlmJRNLRpVlN2DdYcorTh5cwg@nF zot4Acg9qJdhXCtIFR}U2p|Fqt{A0YWm7q`n7>f!;4mAAVNiqQ@-Iyx0dEfu}N2>FW z@&9A||0j*#ZD`QhITEwjTt4zy@Y&~TxxSCSGaX~?K3uc!3>^PBkWq{GP+NRfq=AVM z(G>ldZw9uCW{n4{V>(EDJT6&9N<}l>Uu?cJx25e1(#st{gO+c;yV`~nJqw4gcx?`z z>`~nbziJx&@y(h3YDvh(@=okpj8&<|ZdsO@z6+szcxXb8u(GxKTwGSRZ(#(<=iC5MO@_I*(ywOj18T1gq#@JKS_nH5Jx=H_$ zw0=nE1CmJ+*!G4WK99nm|M6AXm^DT( z09ymqM{XFvAEeDH?C%Kniv_ypCzj-H0hniZsBu@3ZuAR#5(HhsC&e3TT=pSa6 zeqX)X(h}gw7y-T`Yj8r?I4?N5XxP=pv>3mUyHM0GDeR{|G*HS7cyk<+9=n<~|(HLjlxdCI;1kKN(Wwf^4@pS{iA$ z&mD26S%Gssx?!3eZRZc$=o28oWQPk=l^EafnRHXWf7=cF`1+8pC%5hjoQAMFLE$b+ zDGVL?FgDjjVy0_9z^#sP<&I4P2Y(2f05P0l-|#ZGuKhPe5WiJtN?r)FPh~A8+FZNJ z#c{V>rTgKbeNS(}1CW^AlZhTq%?GUu1|crp39ramKRvB<_t+yi>M&A_%~c|=n2>N;iCgWIW;kBzdFpZm9o%%5h$C(GAxmcKvx zfEH0~HR-)M2`AiItXlQ2O$ut6y}oI=l8OniN30D!=xGYk&#pK-Oc*L2uV-Q8DjytL z)~6`S8GS23Zq9FEGp!?8VBsN9p4i%}W&pq9e`|JHfG$!au@w+kRSGhFW~<_}naN-K~5?0011C znKr;VwJNS<;g&-Hhg^FeA6NZn1q3eHS_+peSzk(d)!2_7@c~+ImLDs_m5S(7;UdoHH-Ap_A_(Q{F9$H zQ33=WVDV)Wf!S3!iX1VzKZ|!Sq5f6h|XzbZb83iq#xy%Kb*C|Re z<$uaiqvx(bBYa^Ks0XfM^?e69vW z%da1K(JV^%bKbdBvoAl=#1Ml`FBNiLpJhOZV0Qq}c(xo`l(nYGz-y>b)XeqX-R}{C z@@U14ZO$Z$l!*8KPs|ZRu(4INrUGD2Zee_Tqzkguf@ne(Cz&YjZ~IBCLHJW$BlO@H zwr}MZD?F=RGvb)<+cgVudQ5s{ZLTLy^FRth&@nH)`qRWj5ANc7svw>Flx zA>jmn&^{o%MKqF0#j6l>_qg`i+adDwE6a>kHbh;ob!VwZk{cx|W%H}B zE#r+B&(A2wI$EQv;{$d%?0R)%^5+=%T^z1!S6xrKwJA=-m!FDpc`zC+(A>v+tw(WA z7PI>kSHA+sMnVKKlLf_X8xaJ`j$~Os(G7Z4J5)CjvJg{_X)qs6q@kG-!|$so^nF7H z1t*Wjk&%kBhjAMVbldtY^i-il%oRZRuE?@l*o-+3sk(@OR7QhZFyfs%Q^b23EeA-I zb07RZ>3qVjsM5La_Az-*wc0cl+vR9!E`JrZk}Dye zOc81jm~6#jsc8LcC^#M%+gQVdj()US3|xjkk?iaQL|S`0n;1$Ku&^Rpir@ zVtW^z57b%-24cLrP8(X?$X9q48DEZ~-b-4}3xzud!k^M|zkR*KlwDa=mW!H4qxek5 zK4jz7>nlsGr}UCVGQSlkV(K=Rx2whI@kK$9@eNuefL71$Ady=tJBuE3tK(VtExzT2 zM)8*F@Ggfd3Sw>Ebq7BgdN*)rnx+dvZ{?PE=inoNW*x57%iefZk3Hw zx7NRjfR}=aSXD~rf9!RqiHbZD`yR~%A6UltlEWtAYoxs>KcrjETAMdYNO{|cifL?GXfAJ|M+o2;gwZE&4#PdiAi>6evuqED*T7Jl9G#CKM z+qH?e!LN15Q~k-F8bfqT`f(oYm)vP-8|CgLU*IbmjEsKT4#E%=K%%^u2-C*`V9yhg0*Kdz9O1^GUP_;3T-%<^@%ljSJA6=U(A4Xn^ z`AWjratm*h(Bb+5f|UX2L&!^|>CM`E&UFIO+05(Pc}gE>4@nwTQjkYb){D76rj>_C zttPmB@d(8rH_x-)&2!n(t&!cDb5(nj`a)dRj;-xw?~94AdE5BnCvaosKEDqh$bl6C zX`v135orNnE$0SUP;SG<+wM-x-9d6EjGvlqtu_Ho(K2j9d!pLgc@M!k2__>{p+a^i zHvNW9+dW}?GPmiw2qnR6qY=a1ic)ax?CSJo^5lS^c6Jdc`w_qP;U<3#bJEj%0O3!P z^mp%o@*io5W%~mN5s!2jfG}@oZWT19l9>3pg*br3uTlQ0)0(;Y(evH<$rQwH3q=Q%qp=n6m008VpXo zXSP1JO-PWl%cz7NN!Z=^Dq*?CT}O@Lx8ru%?6&-><5}mg76wvjd;hqm!-f3(RWp@q zJGDwdw3wzCA)dS=e2)b-`(g@t?LW6g3FSA&@EL4m;MA@%jc2(VazbIR2eH2rZ?{u` zzi;+*cMP8q6qiemfsO&CLvpc+9qiHx{;+ z>=Y`<{qLtCD{bmM)0 zdKJcYN3eUzB!?^CQ`RS_=RSAbX(>d04S-_kSx*9EFvKu!b5iR{o^1sQD#@HNV(33|a${(Hks`i~OJu_EKsU3) zNH(@cgs}WNFOb;Mtk&;A8{v`MUSWjsOO!`Ia$Bml`5ud`<)1Zq=oX)(KbI+4tqS^( zEwP&R)n$cqpgS$#4T$wdsLTW{FN|vaYX*%O@42RXS*ATi`GYlrB&aIrV|n*q6PhC) z6rj6|DqBFU@wx*~u2KxKSYtQ`iZwqiP%j#&CHY%7?}}%r7iT4isYXr3E+0_{ssbMir{E<@bl_7P*PZXO$`l($n2_^Cc+e<7v@RsW0+dxi(~#Js_M%iN zaQGA%fo#W?qnxz0cC7lSj{z^6h3hL^p68LTQvxlWu94B#lJ@_``@tJWO?8jP3j>C6 z{`MGy#NQMjvTjSpz3cY2|lTK&DgY1x`k&z#(4`m@hM0FpG%bELSP@sZ;~Vb55M^P;zI zfJjv<*TPl?IU<X_`B^ zTwZ9EIWNpCwTqUN zI~_OGaT}0W3Z8KTRyOxU)rk8}T^F#l+YF$h=8?v%V(-G_%k!jQKsbGb6FD{RI$>-p zZ<-kT=@v$2zL!xZjuDKTAAV4R%gc9h@yhS~Jk#g+!m|HVdDPSP(LC@c=WUeD0u^8l zoR@mN@v0ohlf#RB#Lk=dNe`8fgOp5aR+`r032^(f1@1a4=IS!h2b+jB3+s5)T_y5@ zd|?lZG$nmA*Ow1ooHsB)p>P1FC3uL#t zBMA`^^@Fo^ag(R*z{(W2r2PF{%hZVJ{h$Q6-9=&)nI-4*rw03U&GL?ygTQ{Kq_^7~ z;gu06GuU2=O;;gH`TiN&O#omRLV;e)V&VKbFv z*Ld-sTv)e?rmTLAVG5F~`-fVNpJn{w4!marpoi1IsV;&y@zZxWmqvEF)q<-fLK{?3 zh|Rwx%DX%vX92?F>|Q>k{|m|<13o4gqQ&z|RK0M8FFNJ%Usm7nYrhcJ!GEh}T<$f1 z`8I;-c+WG#1FH--?h{1>Ft5U0o>#+*V2sg*F)O{203 zsj6N6bgep6A67&JcNV00Z-QL)c&qJG zk;bPYW7f~%8nw4p!`o|_v*B47(j*;el6%j&slv$Uz z7Av9EjiTBgI5~;DV5~kF%?Mu|IhoF%+mdIbl`Z-51?z`L;Hg#y7fsbQ!E@PB9WP#T zqZ+v#tt&T+7H&H8Fe17sVpMsMpaLobj-n_aXtA6|?Qn8Sv5&~G7+nJ zK?HfG{=ib_CyrJbHE%Ty From baa6594292c25e3bb677b9053c0ac0ab4ec5483b Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Thu, 4 Jan 2024 10:21:45 +0100 Subject: [PATCH 16/21] missing property creation on test Signed-off-by: Marlon Pina Tojal --- .../tasks/scanners/TrivyAnalysisTaskTest.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java b/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java index 8a9430da95..898ddc0945 100644 --- a/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java +++ b/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java @@ -82,6 +82,11 @@ public void setUp() throws Exception { "http://localhost:8081", IConfigProperty.PropertyType.STRING, "url"); + qm.createConfigProperty(SCANNER_TRIVY_IGNORE_UNFIXED.getGroupName(), + SCANNER_TRIVY_IGNORE_UNFIXED.getPropertyName(), + false, + IConfigProperty.PropertyType.BOOLEAN, + "ignore unfixed"); } @After From 1817e5ea483ed7d890432ab0583369375e3dc030 Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Thu, 4 Jan 2024 11:03:52 +0100 Subject: [PATCH 17/21] fix test Signed-off-by: Marlon Pina Tojal --- .../dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java b/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java index 898ddc0945..a828952952 100644 --- a/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java +++ b/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskTest.java @@ -51,6 +51,7 @@ import static org.dependencytrack.model.ConfigPropertyConstants.SCANNER_TRIVY_API_TOKEN; import static org.dependencytrack.model.ConfigPropertyConstants.SCANNER_TRIVY_BASE_URL; import static org.dependencytrack.model.ConfigPropertyConstants.SCANNER_TRIVY_ENABLED; +import static org.dependencytrack.model.ConfigPropertyConstants.SCANNER_TRIVY_IGNORE_UNFIXED; import static org.mockserver.model.HttpError.error; import static org.mockserver.model.HttpRequest.request; import static org.mockserver.model.HttpResponse.response; @@ -84,7 +85,7 @@ public void setUp() throws Exception { "url"); qm.createConfigProperty(SCANNER_TRIVY_IGNORE_UNFIXED.getGroupName(), SCANNER_TRIVY_IGNORE_UNFIXED.getPropertyName(), - false, + "false", IConfigProperty.PropertyType.BOOLEAN, "ignore unfixed"); } From 9d630412f88da39ebfd421513207594d00ec8886 Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Thu, 18 Jan 2024 11:22:07 +0100 Subject: [PATCH 18/21] replace resolve with lookup Signed-off-by: Marlon Pina Tojal --- src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java b/src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java index b703ef0b51..bb446f0cc5 100644 --- a/src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java +++ b/src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java @@ -77,7 +77,7 @@ public Vulnerability parse(org.dependencytrack.parser.trivy.model.Vulnerability // CWE for (String id : data.getCweIDS()) { - final Cwe cwe = CweResolver.getInstance().resolve(qm, id); + final Cwe cwe = CweResolver.getInstance().lookup(id); if (cwe != null) { vulnerability.addCwe(cwe); } From dc6995fc49545802cb52a4bea898f607cfa51830 Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Thu, 25 Jan 2024 19:10:37 +0100 Subject: [PATCH 19/21] address comments Signed-off-by: Marlon Pina Tojal --- .../dependencytrack/model/Vulnerability.java | 17 +- .../parser/trivy/TrivyParser.java | 22 +- .../trivy/model/{Bitnami.java => CVSS.java} | 2 +- .../parser/trivy/model/Vulnerability.java | 6 +- .../tasks/scanners/TrivyAnalysisTask.java | 283 +++++++----------- src/main/resources/services.bom.json | 5 +- 6 files changed, 133 insertions(+), 202 deletions(-) rename src/main/java/org/dependencytrack/parser/trivy/model/{Bitnami.java => CVSS.java} (98%) diff --git a/src/main/java/org/dependencytrack/model/Vulnerability.java b/src/main/java/org/dependencytrack/model/Vulnerability.java index 9fca02e150..e1475097ed 100644 --- a/src/main/java/org/dependencytrack/model/Vulnerability.java +++ b/src/main/java/org/dependencytrack/model/Vulnerability.java @@ -108,11 +108,26 @@ public enum Source { RETIREJS, // Retire.js INTERNAL, // Internally-managed (and manually entered) vulnerability OSV, // Google OSV Advisories - SNYK; // Snyk Purl Vulnerability + SNYK, // Snyk Purl Vulnerability + UNKNOWN; // Unknown vulnerability sources public static boolean isKnownSource(String source) { return Arrays.stream(values()).anyMatch(enumSource -> enumSource.name().equalsIgnoreCase(source)); } + + public static Source resolve(String id) { + if (id.startsWith("CVE-")){ + return NVD; + } else if (id.startsWith("GHSA-")){ + return GITHUB; + } else if (id.startsWith("OSV-")){ + return OSV; + } else if (id.startsWith("SNYK-")){ + return SNYK; + } + + return UNKNOWN; + } } @PrimaryKey diff --git a/src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java b/src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java index bb446f0cc5..5e81364867 100644 --- a/src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java +++ b/src/main/java/org/dependencytrack/parser/trivy/TrivyParser.java @@ -24,7 +24,7 @@ import org.dependencytrack.model.Vulnerability; import org.dependencytrack.model.VulnerableSoftware; import org.dependencytrack.parser.common.resolver.CweResolver; -import org.dependencytrack.parser.trivy.model.Bitnami; +import org.dependencytrack.parser.trivy.model.CVSS; import org.dependencytrack.persistence.QueryManager; import java.math.BigDecimal; @@ -44,13 +44,7 @@ public Vulnerability parse(org.dependencytrack.parser.trivy.model.Vulnerability Vulnerability vulnerability = new Vulnerability(); List vsList = new ArrayList<>(); - Vulnerability.Source source = Vulnerability.Source.NVD; - - if (data.getVulnerabilityID().startsWith("GHSA-")) { - source = Vulnerability.Source.GITHUB; - } - - vulnerability.setSource(source); + vulnerability.setSource(Vulnerability.Source.resolve(data.getVulnerabilityID())); vulnerability.setPatchedVersions(data.getFixedVersion()); @@ -85,15 +79,7 @@ public Vulnerability parse(org.dependencytrack.parser.trivy.model.Vulnerability vulnerability = setCvssScore(data.getCvss().get(data.getSeveritySource()), vulnerability); - final List vsListOld = qm.detach(qm.getVulnerableSoftwareByVulnId(vulnerability.getSource(), vulnerability.getVulnId())); - synchronizedVulnerability = qm.synchronizeVulnerability(vulnerability, false); - qm.persist(vsList); - qm.updateAffectedVersionAttributions(synchronizedVulnerability, vsList, source); - vsList = qm.reconcileVulnerableSoftware(synchronizedVulnerability, vsListOld, vsList, source); - synchronizedVulnerability.setVulnerableSoftware(vsList); - qm.persist(synchronizedVulnerability); - - return synchronizedVulnerability; + return vulnerability; } public Date parseDate(String input) throws ParseException { @@ -123,7 +109,7 @@ public Severity parseSeverity(String severity) { return Severity.UNASSIGNED; } - public Vulnerability setCvssScore(Bitnami cvss, Vulnerability vulnerability) { + public Vulnerability setCvssScore(CVSS cvss, Vulnerability vulnerability) { if (cvss != null) { vulnerability.setCvssV2Vector(cvss.getV2Vector()); vulnerability.setCvssV3Vector(cvss.getV3Vector()); diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/Bitnami.java b/src/main/java/org/dependencytrack/parser/trivy/model/CVSS.java similarity index 98% rename from src/main/java/org/dependencytrack/parser/trivy/model/Bitnami.java rename to src/main/java/org/dependencytrack/parser/trivy/model/CVSS.java index 81853e046b..9a78df519a 100644 --- a/src/main/java/org/dependencytrack/parser/trivy/model/Bitnami.java +++ b/src/main/java/org/dependencytrack/parser/trivy/model/CVSS.java @@ -20,7 +20,7 @@ import com.google.gson.annotations.SerializedName; -public class Bitnami { +public class CVSS { @SerializedName("v2_vector") private String v2Vector; @SerializedName("v3_vector") diff --git a/src/main/java/org/dependencytrack/parser/trivy/model/Vulnerability.java b/src/main/java/org/dependencytrack/parser/trivy/model/Vulnerability.java index 66585025b4..059975e84e 100644 --- a/src/main/java/org/dependencytrack/parser/trivy/model/Vulnerability.java +++ b/src/main/java/org/dependencytrack/parser/trivy/model/Vulnerability.java @@ -38,7 +38,7 @@ public class Vulnerability { private Layer layer; @SerializedName("severity_source") private String severitySource; - private Map cvss; + private Map cvss; @SerializedName("cwe_ids") private String[] cweIDS; @SerializedName("primary_url") @@ -93,8 +93,8 @@ public class Vulnerability { public String getSeveritySource() { return severitySource; } public void setSeveritySource(String value) { this.severitySource = value; } - public Map getCvss() { return cvss; } - public void setCvss(Map value) { this.cvss = value; } + public Map getCvss() { return cvss; } + public void setCvss(Map value) { this.cvss = value; } public String[] getCweIDS() { return cweIDS; } public void setCweIDS(String[] value) { this.cweIDS = value; } diff --git a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java index 93c74c8bf2..4f34ac3e6a 100644 --- a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java +++ b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java @@ -18,37 +18,27 @@ */ package org.dependencytrack.tasks.scanners; +import alpine.Config; import alpine.common.logging.Logger; -import alpine.common.metrics.Metrics; import alpine.common.util.UrlUtil; import alpine.event.framework.Event; -import alpine.event.framework.LoggableUncaughtExceptionHandler; import alpine.event.framework.Subscriber; import alpine.model.ConfigProperty; import alpine.security.crypto.DataEncryption; import com.github.packageurl.PackageURL; import com.google.gson.Gson; -import io.github.resilience4j.micrometer.tagged.TaggedRetryMetrics; + +import io.github.resilience4j.core.IntervalFunction; import io.github.resilience4j.retry.Retry; import io.github.resilience4j.retry.RetryConfig; import io.github.resilience4j.retry.RetryRegistry; -import java.nio.charset.StandardCharsets; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.util.concurrent.CompletableFuture; -import java.util.concurrent.CountDownLatch; -import java.util.concurrent.Executors; -import java.util.concurrent.ExecutorService; -import java.util.concurrent.TimeUnit; -import java.util.function.Supplier; import java.util.ArrayList; +import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Optional; - -import org.apache.commons.codec.binary.Hex; -import org.apache.commons.lang3.concurrent.BasicThreadFactory; +import org.apache.commons.codec.digest.DigestUtils; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpPost; import org.apache.http.client.methods.HttpUriRequest; @@ -57,6 +47,7 @@ import org.apache.http.HttpHeaders; import org.apache.http.HttpStatus; import org.apache.http.util.EntityUtils; +import org.dependencytrack.common.ConfigKey; import org.dependencytrack.common.HttpClientPool; import org.dependencytrack.common.ManagedHttpClientFactory; import org.dependencytrack.event.IndexEvent; @@ -82,46 +73,38 @@ import org.dependencytrack.parser.trivy.TrivyParser; import org.dependencytrack.persistence.QueryManager; import org.dependencytrack.util.NotificationUtil; -import org.dependencytrack.util.RoundRobinAccessor; +import org.dependencytrack.parser.trivy.model.Result; /** * Subscriber task that performs an analysis of component using Trivy vulnerability API. * - * @since 4.7.0 + * @since 4.11.0 */ public class TrivyAnalysisTask extends BaseComponentAnalyzerTask implements CacheableScanTask, Subscriber { private static final Logger LOGGER = Logger.getLogger(TrivyAnalysisTask.class); private static final String TOKEN_HEADER = "Trivy-Token"; private static final Retry RETRY; - private static final ExecutorService EXECUTOR; static { - final RetryRegistry retryRegistry = RetryRegistry.of(RetryConfig.custom() - .retryOnException(exception -> false) - .retryOnResult(response -> 429 == response.getStatusLine().getStatusCode()) - .build()); - RETRY = retryRegistry.retry("trivy-api"); - RETRY.getEventPublisher() - .onRetry(event -> LOGGER.debug("Will execute retry #%d in %s" .formatted(event.getNumberOfRetryAttempts(), event.getWaitInterval()))) - .onError(event -> LOGGER.error("Retry failed after %d attempts: %s" .formatted(event.getNumberOfRetryAttempts(), event.getLastThrowable()))); - TaggedRetryMetrics.ofRetryRegistry(retryRegistry) - .bindTo(Metrics.getRegistry()); - - // The number of threads to be used for Trivy analyzer are configurable. - // Default is 10. Can be set based on user requirements. - final int threadPoolSize = 10; - final var threadFactory = new BasicThreadFactory.Builder() - .namingPattern(TrivyAnalysisTask.class.getSimpleName() + "-%d") - .uncaughtExceptionHandler(new LoggableUncaughtExceptionHandler()) + IntervalFunction intervalWithCustomExponentialBackoff = IntervalFunction + .ofExponentialBackoff( + IntervalFunction.DEFAULT_INITIAL_INTERVAL, + Config.getInstance().getPropertyAsInt(ConfigKey.OSSINDEX_RETRY_EXPONENTIAL_BACKOFF_MULTIPLIER), + Config.getInstance().getPropertyAsInt(ConfigKey.OSSINDEX_RETRY_EXPONENTIAL_BACKOFF_MAX_DURATION) + ); + RetryConfig config = RetryConfig.custom() + .maxAttempts(Config.getInstance().getPropertyAsInt(ConfigKey.OSSINDEX_RETRY_EXPONENTIAL_BACKOFF_MAX_ATTEMPTS)) + .intervalFunction(intervalWithCustomExponentialBackoff) .build(); - EXECUTOR = Executors.newFixedThreadPool(threadPoolSize, threadFactory); - Metrics.registerExecutorService(EXECUTOR, TrivyAnalysisTask.class.getSimpleName()); + + RetryRegistry registry = RetryRegistry.of(config); + RETRY = registry.retry("trivy-api"); } private String apiBaseUrl; - private Supplier apiTokenSupplier; + private String apiToken; private VulnerabilityAnalysisLevel vulnerabilityAnalysisLevel; /** @@ -149,14 +132,7 @@ public void inform(final Event e) { } apiBaseUrl = getApiBaseUrl().get(); - - try { - final String decryptedToken = DataEncryption.decryptAsString(apiTokenProperty.getPropertyValue()); - apiTokenSupplier = createTokenSupplier(decryptedToken); - } catch (Exception ex) { - LOGGER.error("An error occurred decrypting the API Token; Skipping", ex); - return; - } + apiToken = apiTokenProperty.getPropertyValue(); } vulnerabilityAnalysisLevel = event.getVulnerabilityAnalysisLevel(); LOGGER.info("Starting Trivy vulnerability analysis task"); @@ -184,9 +160,9 @@ public boolean isCapable(Component component) { && component.getPurl().getVersion() != null; if (!hasValidPurl && component.getPurl() == null) { - LOGGER.warn("isCapable:purl is null for component %s".formatted(component.toString())); + LOGGER.debug("isCapable:purl is null for component %s".formatted(component.toString())); } else if (!hasValidPurl) { - LOGGER.warn("isCapable: " + component.getPurl().toString()); + LOGGER.debug("isCapable: " + component.getPurl().toString()); } return (hasValidPurl && PurlType.getApp(component.getPurl().getType()) != PurlType.Constants.UNKNOWN.toString()) @@ -203,10 +179,6 @@ protected boolean isCacheCurrent(Source source, String targetHost, String target */ @Override public void analyze(final List components) { - final var countDownLatch = new CountDownLatch(components.size()); - - - var pkgs = new HashMap(); var apps = new HashMap(); var os = new HashMap(); @@ -300,27 +272,12 @@ public void analyze(final List components) { infos.add(info); }); - CompletableFuture - .runAsync(() -> analyzeBlob(map, infos.toArray(new BlobInfo[]{})), EXECUTOR) - .whenComplete((result, exception) -> { - countDownLatch.countDown(); - - if (exception != null) { - LOGGER.error("An unexpected error occurred while analyzing", exception); - } - }); - try { - if (!countDownLatch.await(60, TimeUnit.MINUTES)) { - // Depending on the system load, it may take a while for the queued events - // to be processed. And depending on how large the projects are, it may take a - // while for the processing of the respective event to complete. - // It is unlikely though that either of these situations causes a block for - // over 60 minutes. If that happens, the system is under-resourced. - LOGGER.warn("The Analysis for project :" + components.get(0).getProject().getName() + "took longer than expected"); - } - } catch (InterruptedException e) { - Thread.currentThread().interrupt(); + final var results = RETRY.executeCheckedSupplier(() -> analyzeBlob(infos.toArray(new BlobInfo[]{}))); + handleResults(map,results); + } catch (Throwable ex) { + handleRequestException(LOGGER, ex); + return; } } @@ -344,66 +301,72 @@ public void applyAnalysisFromCache(final Component component) { component.getPurl().getCoordinates(), component, getAnalyzerIdentity(), vulnerabilityAnalysisLevel)); } - private void analyzeBlob(final Map components, final BlobInfo[] blobs) { + private void handleResults(final Map components, final ArrayList input) { + for (int count = 0; count < input.size(); count++) { + var result = input.get(count); + for (int idx = 0; idx < result.getVulnerabilities().length; idx++) { + var vulnerability = result.getVulnerabilities()[idx]; + var key = vulnerability.getPkgName() + ":" + vulnerability.getInstalledVersion(); + LOGGER.debug("Searching key %s in map".formatted(key)); + if (!super.isEnabled(ConfigPropertyConstants.SCANNER_TRIVY_IGNORE_UNFIXED) || vulnerability.getStatus() == 3) { + handle(components.get(key), vulnerability); + } + } + } + } + + private ArrayList analyzeBlob(final BlobInfo[] blobs) { + ArrayList output = new ArrayList(); + for (final BlobInfo info : blobs) { var blob = new PutRequest(); blob.setBlobInfo(info); - try { - MessageDigest digest = MessageDigest.getInstance("SHA-256"); - //todo - need to establish standard and requirements from trivy - byte[] hash = digest.digest(java.util.UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8)); - - blob.setDiffID("sha256:" + Hex.encodeHexString(hash)); - LOGGER.debug(blob.getDiffID()); - } catch(NoSuchAlgorithmException e) { - LOGGER.error(e.getMessage()); - blob.setDiffID("sha256:0000000000000000000000000000000000000000000000000000000000000000"); - } + String hash = DigestUtils.sha256Hex(java.util.UUID.randomUUID().toString()); + blob.setDiffID("sha256:" + hash); if (putBlob(blob)) { var response = scanBlob(blob); if (response != null) { - LOGGER.info("received response from trivy"); - for (int count = 0; count < response.getResults().length; count++) { - var result = response.getResults()[count]; - for (int idx = 0; idx < result.getVulnerabilities().length; idx++) { - var vulnerability = result.getVulnerabilities()[idx]; - var key = vulnerability.getPkgName() + ":" + vulnerability.getInstalledVersion(); - LOGGER.debug("Searching key %s in map".formatted(key)); - if (!super.isEnabled(ConfigPropertyConstants.SCANNER_TRIVY_IGNORE_UNFIXED) || vulnerability.getStatus() == 3) { - handle(components.get(key), vulnerability); - } - } - } + LOGGER.debug("received response from trivy"); + output.addAll(Arrays.asList(response.getResults())); } deleteBlob(blob); } } + + return output; } - private boolean putBlob(PutRequest input) { - final String requestUrl = "%s/twirp/trivy.cache.v1.Cache/PutBlob".formatted(apiBaseUrl); - try { - URIBuilder uriBuilder = new URIBuilder(requestUrl); - HttpPost post = new HttpPost(uriBuilder.build().toString()); + private HttpUriRequest buildRequest(final String url, Object input) throws Exception { + URIBuilder uriBuilder = new URIBuilder(url); + HttpPost post = new HttpPost(uriBuilder.build().toString()); + + + Gson gson = new Gson(); + StringEntity body = new StringEntity(gson.toJson(input)); + post.setEntity(body); + LOGGER.debug("Request: " + gson.toJson(input)); - Gson gson = new Gson(); - StringEntity body = new StringEntity(gson.toJson(input)); - post.setEntity(body); + HttpUriRequest request = post; + request.setHeader(HttpHeaders.USER_AGENT, ManagedHttpClientFactory.getUserAgent()); + request.setHeader(TOKEN_HEADER, DataEncryption.decryptAsString(apiToken)); + request.setHeader(HttpHeaders.CONTENT_TYPE, "application/json"); - LOGGER.debug("PutBlob request: " + gson.toJson(input)); + return request; + } + + private boolean putBlob(PutRequest input) { + final String requestUrl = "%s/twirp/trivy.cache.v1.Cache/PutBlob".formatted(apiBaseUrl); - HttpUriRequest request = post; + try { + HttpUriRequest request = buildRequest(requestUrl, input); - request.setHeader(HttpHeaders.USER_AGENT, ManagedHttpClientFactory.getUserAgent()); - request.setHeader(TOKEN_HEADER, apiTokenSupplier.get()); - request.setHeader(HttpHeaders.CONTENT_TYPE, "application/json"); try (final CloseableHttpResponse response = RETRY.executeCheckedSupplier(() -> HttpClientPool.getClient().execute(request))) { - LOGGER.info("PutBlob response: " + response.getStatusLine().getStatusCode()); + LOGGER.debug("PutBlob response: " + response.getStatusLine().getStatusCode()); return (response.getStatusLine().getStatusCode() >= HttpStatus.SC_OK); } } catch (Throwable ex) { @@ -412,44 +375,34 @@ private boolean putBlob(PutRequest input) { return false; } + private TrivyResponse scanBlob(PutRequest input) { final String requestUrl = "%s/twirp/trivy.scanner.v1.Scanner/Scan".formatted(apiBaseUrl); - try { - URIBuilder uriBuilder = new URIBuilder(requestUrl); - HttpPost post = new HttpPost(uriBuilder.build().toString()); - - ScanRequest scan = new ScanRequest(); + ScanRequest scan = new ScanRequest(); - scan.setTarget(input.getDiffID()); - scan.setArtifactID(input.getDiffID()); - scan.setBlobIDS(new String[] {input.getDiffID()}); + scan.setTarget(input.getDiffID()); + scan.setArtifactID(input.getDiffID()); + scan.setBlobIDS(new String[] {input.getDiffID()}); - Options opts = new Options(); - opts.setVulnType(new String[] {"os", "library"}); - opts.setScanners(new String[] {"vuln"}); + Options opts = new Options(); + opts.setVulnType(new String[] {"os", "library"}); + opts.setScanners(new String[] {"vuln"}); - scan.setOptions(opts); + scan.setOptions(opts); - Gson gson = new Gson(); - StringEntity body = new StringEntity(gson.toJson(scan)); - post.setEntity(body); - - LOGGER.debug("Scan request: " + gson.toJson(scan)); - - HttpUriRequest request = post; + try { + HttpUriRequest request = buildRequest(requestUrl, scan); - request.setHeader(HttpHeaders.USER_AGENT, ManagedHttpClientFactory.getUserAgent()); - request.setHeader(TOKEN_HEADER, apiTokenSupplier.get()); - request.setHeader(HttpHeaders.CONTENT_TYPE, "application/json"); try (final CloseableHttpResponse response = RETRY.executeCheckedSupplier(() -> HttpClientPool.getClient().execute(request))) { if (response.getStatusLine().getStatusCode() >= HttpStatus.SC_OK && response.getStatusLine().getStatusCode() < HttpStatus.SC_MULTIPLE_CHOICES) { String responseString = EntityUtils.toString(response.getEntity()); + Gson gson = new Gson(); var trivyResponse = gson.fromJson(responseString,TrivyResponse.class); - LOGGER.info("Scan response: " + response.getStatusLine().getStatusCode()); + LOGGER.debug("Scan response: " + response.getStatusLine().getStatusCode()); LOGGER.debug("Response from server: " + responseString); return trivyResponse; } else { @@ -464,28 +417,13 @@ private TrivyResponse scanBlob(PutRequest input) { private void deleteBlob(PutRequest input) { final String requestUrl = "%s/twirp/trivy.cache.v1.Cache/DeleteBlobs".formatted(apiBaseUrl); + DeleteRequest delete = new DeleteRequest(); + delete.setBlobIDS(new String[] {input.getDiffID()}); try { - URIBuilder uriBuilder = new URIBuilder(requestUrl); - HttpPost post = new HttpPost(uriBuilder.build().toString()); - - DeleteRequest delete = new DeleteRequest(); - delete.setBlobIDS(new String[] {input.getDiffID()}); - - Gson gson = new Gson(); - - StringEntity body = new StringEntity(gson.toJson(delete)); - post.setEntity(body); - - LOGGER.debug("Delete Request: " + gson.toJson(delete)); - - HttpUriRequest request = post; - - request.setHeader(HttpHeaders.USER_AGENT, ManagedHttpClientFactory.getUserAgent()); - request.setHeader(TOKEN_HEADER, apiTokenSupplier.get()); - request.setHeader(HttpHeaders.CONTENT_TYPE, "application/json"); + HttpUriRequest request = buildRequest(requestUrl, delete); final CloseableHttpResponse response = RETRY.executeCheckedSupplier(() -> HttpClientPool.getClient().execute(request)); - LOGGER.info("DeleteBlob response: " + response.getStatusLine().getStatusCode()); + LOGGER.debug("DeleteBlob response: " + response.getStatusLine().getStatusCode()); } catch (Throwable ex) { handleRequestException(LOGGER, ex); } @@ -504,21 +442,28 @@ private void handle(final Component component, final org.dependencytrack.parser. try (QueryManager qm = new QueryManager()) { final var trivyParser = new TrivyParser(); - Vulnerability synchronizedVulnerability = trivyParser.parse(data, qm); - addVulnerabilityToCache(component, synchronizedVulnerability); + Vulnerability parsedVulnerability = trivyParser.parse(data, qm); final Component componentPersisted = qm.getObjectByUuid(Component.class, component.getUuid()); - if (componentPersisted != null && synchronizedVulnerability.getVulnId() != null) { - NotificationUtil.analyzeNotificationCriteria(qm, synchronizedVulnerability, componentPersisted, vulnerabilityAnalysisLevel); - qm.addVulnerability(synchronizedVulnerability, componentPersisted, this.getAnalyzerIdentity()); - LOGGER.info("Trivy vulnerability added : " + synchronizedVulnerability.getVulnId() + " to component " + component.getName()); - } - Event.dispatch(new IndexEvent(IndexEvent.Action.COMMIT, Vulnerability.class)); - updateAnalysisCacheStats(qm, Vulnerability.Source.NVD, apiBaseUrl, component.getPurl().getCoordinates(), component.getCacheResult()); - } - } + if (componentPersisted != null && parsedVulnerability.getVulnId() != null) { + Vulnerability vulnerability = qm.getVulnerabilityByVulnId(parsedVulnerability.getSource(), parsedVulnerability.getVulnId()); + if (vulnerability == null) { + LOGGER.warn("Vulnerability not available:" + parsedVulnerability.getSource() + " - " + parsedVulnerability.getVulnId()); + vulnerability = qm.createVulnerability(parsedVulnerability, false); + addVulnerabilityToCache(componentPersisted, vulnerability); + } + + LOGGER.debug("Trivy vulnerability added: " + vulnerability.getVulnId() + " to component " + componentPersisted.getName()); + NotificationUtil.analyzeNotificationCriteria(qm, vulnerability, componentPersisted, vulnerabilityAnalysisLevel); + qm.addVulnerability(vulnerability, componentPersisted, this.getAnalyzerIdentity()); + + Event.dispatch(new IndexEvent(IndexEvent.Action.COMMIT, Vulnerability.class)); + updateAnalysisCacheStats(qm, Vulnerability.Source.valueOf(vulnerability.getSource()), apiBaseUrl, componentPersisted.getPurl().getCoordinates(), componentPersisted.getCacheResult()); + } + } + } private Optional getApiBaseUrl() { if (apiBaseUrl != null) { @@ -538,16 +483,4 @@ private Optional getApiBaseUrl() { return Optional.of(apiBaseUrl); } } - - private Supplier createTokenSupplier(final String tokenValue) { - final String[] tokens = tokenValue.split(";"); - if (tokens.length > 1) { - LOGGER.debug("Will use %d tokens in round robin" .formatted(tokens.length)); - final var roundRobinAccessor = new RoundRobinAccessor<>(List.of(tokens)); - return roundRobinAccessor::get; - } - - return apiTokenSupplier = () -> tokenValue; - } - } diff --git a/src/main/resources/services.bom.json b/src/main/resources/services.bom.json index c0412ccc2a..7125613e1d 100644 --- a/src/main/resources/services.bom.json +++ b/src/main/resources/services.bom.json @@ -493,10 +493,7 @@ { "bom-ref": "service:com.aquasec", "provider": { - "name": "Trivy", - "url": [ - "https://www.aquasec.com/products/trivy" - ] + "name": "Trivy" }, "group": "com.aquasec", "name": "Trivy", From 296302ff7989de987cbacba24ff0e466d7e6317c Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Fri, 26 Jan 2024 14:04:41 +0100 Subject: [PATCH 20/21] trivy constants Signed-off-by: Marlon Pina Tojal --- src/main/java/org/dependencytrack/common/ConfigKey.java | 3 +++ .../dependencytrack/tasks/scanners/TrivyAnalysisTask.java | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/dependencytrack/common/ConfigKey.java b/src/main/java/org/dependencytrack/common/ConfigKey.java index 4560334ee4..b63983aee9 100644 --- a/src/main/java/org/dependencytrack/common/ConfigKey.java +++ b/src/main/java/org/dependencytrack/common/ConfigKey.java @@ -33,6 +33,9 @@ public enum ConfigKey implements Config.Key { OSSINDEX_RETRY_EXPONENTIAL_BACKOFF_MAX_ATTEMPTS("ossindex.retry.backoff.max.attempts", 10), OSSINDEX_RETRY_EXPONENTIAL_BACKOFF_MULTIPLIER("ossindex.retry.backoff.multiplier", 2), OSSINDEX_RETRY_EXPONENTIAL_BACKOFF_MAX_DURATION("ossindex.retry.backoff.max.duration", Duration.ofMinutes(10).toMillis()), + TRIVY_RETRY_EXPONENTIAL_BACKOFF_MAX_ATTEMPTS("trivy.retry.backoff.max.attempts", 10), + TRIVY_RETRY_EXPONENTIAL_BACKOFF_MULTIPLIER("trivy.retry.backoff.multiplier", 2), + TRIVY_RETRY_EXPONENTIAL_BACKOFF_MAX_DURATION("trivy.retry.backoff.max.duration", Duration.ofMinutes(10).toMillis()), REPO_META_ANALYZER_CACHE_STAMPEDE_BLOCKER_ENABLED("repo.meta.analyzer.cacheStampedeBlocker.enabled", true), REPO_META_ANALYZER_CACHE_STAMPEDE_BLOCKER_LOCK_BUCKETS("repo.meta.analyzer.cacheStampedeBlocker.lock.buckets", 1000), REPO_META_ANALYZER_CACHE_STAMPEDE_BLOCKER_MAX_ATTEMPTS("repo.meta.analyzer.cacheStampedeBlocker.max.attempts", 10), diff --git a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java index 4f34ac3e6a..b9fcfc699d 100644 --- a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java +++ b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java @@ -91,11 +91,11 @@ public class TrivyAnalysisTask extends BaseComponentAnalyzerTask implements Cach IntervalFunction intervalWithCustomExponentialBackoff = IntervalFunction .ofExponentialBackoff( IntervalFunction.DEFAULT_INITIAL_INTERVAL, - Config.getInstance().getPropertyAsInt(ConfigKey.OSSINDEX_RETRY_EXPONENTIAL_BACKOFF_MULTIPLIER), - Config.getInstance().getPropertyAsInt(ConfigKey.OSSINDEX_RETRY_EXPONENTIAL_BACKOFF_MAX_DURATION) + Config.getInstance().getPropertyAsInt(ConfigKey.TRIVY_RETRY_EXPONENTIAL_BACKOFF_MULTIPLIER), + Config.getInstance().getPropertyAsInt(ConfigKey.TRIVY_RETRY_EXPONENTIAL_BACKOFF_MAX_DURATION) ); RetryConfig config = RetryConfig.custom() - .maxAttempts(Config.getInstance().getPropertyAsInt(ConfigKey.OSSINDEX_RETRY_EXPONENTIAL_BACKOFF_MAX_ATTEMPTS)) + .maxAttempts(Config.getInstance().getPropertyAsInt(ConfigKey.TRIVY_RETRY_EXPONENTIAL_BACKOFF_MAX_ATTEMPTS)) .intervalFunction(intervalWithCustomExponentialBackoff) .build(); From 1cfe0f47fc78acee899522360ef43295a53ab539 Mon Sep 17 00:00:00 2001 From: Marlon Pina Tojal Date: Mon, 5 Feb 2024 18:45:31 +0100 Subject: [PATCH 21/21] address comments Signed-off-by: Marlon Pina Tojal --- .../dependencytrack/tasks/scanners/TrivyAnalysisTask.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java index b9fcfc699d..9fd9006875 100644 --- a/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java +++ b/src/main/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTask.java @@ -422,8 +422,9 @@ private void deleteBlob(PutRequest input) { try { HttpUriRequest request = buildRequest(requestUrl, delete); - final CloseableHttpResponse response = RETRY.executeCheckedSupplier(() -> HttpClientPool.getClient().execute(request)); - LOGGER.debug("DeleteBlob response: " + response.getStatusLine().getStatusCode()); + try (final CloseableHttpResponse response = RETRY.executeCheckedSupplier(() -> HttpClientPool.getClient().execute(request))) { + LOGGER.debug("DeleteBlob response: " + response.getStatusLine().getStatusCode()); + }; } catch (Throwable ex) { handleRequestException(LOGGER, ex); } @@ -449,7 +450,7 @@ private void handle(final Component component, final org.dependencytrack.parser. Vulnerability vulnerability = qm.getVulnerabilityByVulnId(parsedVulnerability.getSource(), parsedVulnerability.getVulnId()); if (vulnerability == null) { - LOGGER.warn("Vulnerability not available:" + parsedVulnerability.getSource() + " - " + parsedVulnerability.getVulnId()); + LOGGER.debug("Creating unavailable vulnerability:" + parsedVulnerability.getSource() + " - " + parsedVulnerability.getVulnId()); vulnerability = qm.createVulnerability(parsedVulnerability, false); addVulnerabilityToCache(componentPersisted, vulnerability); }