From 20c8f790ebc2d2aa8c33bda1e047f8f29275a0be Mon Sep 17 00:00:00 2001 From: Fulvio Valenza Date: Fri, 11 Nov 2016 13:34:03 +0100 Subject: [PATCH] Initial commit --- LICENSE | 4 +- M2LPlugin/README.md | 10 + M2LPlugin/examples/example.json | 37 ++ M2LPlugin/examples/example_mspl_log_0.base64 | 1 + M2LPlugin/examples/example_mspl_log_0.json | 1 + M2LPlugin/examples/example_mspl_log_0.xml | 36 + M2LPlugin/examples/example_mspl_log_2.base64 | 30 + M2LPlugin/examples/example_mspl_log_2.xml | 35 + M2LPlugin/examples/example_mspl_log_3.xml | 38 ++ M2LPlugin/examples/example_mspl_mwd_0.base64 | 1 + .../examples/example_mspl_mwd_0.base64.tmp | 48 ++ M2LPlugin/examples/example_mspl_mwd_0.xml | 48 ++ M2LPlugin/examples/example_mspl_mwd_2.base64 | 45 ++ M2LPlugin/examples/example_mspl_mwd_2.xml | 51 ++ M2LPlugin/lib/commons-codec-1.9.jar | Bin 0 -> 263965 bytes M2LPlugin/lib/javax.json-1.0.4.jar | Bin 0 -> 85147 bytes M2LPlugin/lib/javax.json-api-1.0.jar | Bin 0 -> 19754 bytes M2LPlugin/lib/mspl_class.jar | Bin 0 -> 85222 bytes M2LPlugin/pom.xml | 47 ++ M2LPlugin/schema/MSPL_XML_Schema.xsd | 1 + M2LPlugin/schema/old_MSPL_XML_Schema.xsd | 1 + .../m2lservice/plugin/AddressValue.java | 62 ++ .../m2lservice/plugin/BadConfigException.java | 10 + .../m2lservice/plugin/ConfigWriter.java | 47 ++ .../m2lservice/plugin/HSPLInfo.java | 52 ++ .../m2lservice/plugin/IntValue.java | 33 + .../m2lservice/plugin/M2LPlugin.java | 187 ++++++ .../m2lservice/plugin/MSPLParser.java | 629 ++++++++++++++++++ .../eu/securedfp7/m2lservice/plugin/Rule.java | 172 +++++ .../m2lservice/plugin/StringValue.java | 31 + .../securedfp7/m2lservice/plugin/Tester.java | 61 ++ .../securedfp7/m2lservice/plugin/Value.java | 36 + M2LPlugin/test.sh | 3 + M2LPlugin/validate.sh | 8 + NED_files/PSCM/userList | 1 + NED_files/README.md | 1 + .../TVDM/PSAManifest/BroLogging_manifest.xml | 125 ++++ .../TVDM/PSAManifest/BroMalware_manifest.xml | 125 ++++ NED_files/TVDM/PSAManifest/broPSA | 22 + NED_files/TVDM/psaConfigs/broPSA/psaConf | 92 +++ NED_files/TVDM/userGraph/bro | 26 + PSA/BroManager.py | 462 +++++++++++++ PSA/Config.py | 167 +++++ PSA/ConfigLoader.py | 90 +++ PSA/DEBUG.md | 81 +++ PSA/ModuleLoader.py | 69 ++ PSA/README.md | 1 + PSA/boot_psa.sh | 14 + PSA/boot_script_psa | 23 + PSA/dumpLogFile.py | 30 + PSA/execInterface.py | 248 +++++++ PSA/getConfiguration.py | 124 ++++ PSA/interfaces | 32 + PSA/json/psaStartup.json | 9 + PSA/modules.json | 16 + PSA/modules/BroEventDispatcher.py | 41 ++ PSA/modules/BroLoader.py | 33 + PSA/modules/BroModule.py | 73 ++ PSA/modules/CertValidation.bro | 114 ++++ PSA/modules/CertValidation.py | 65 ++ PSA/modules/Count.py | 463 +++++++++++++ PSA/modules/MHR.bro | 492 ++++++++++++++ PSA/modules/MHR.py | 194 ++++++ PSA/modules/__init__.py | 1 + PSA/modules/ccount.bro | 346 ++++++++++ PSA/modules/psa-utils.bro | 40 ++ PSA/psaConfigs/README.md | 1 + PSA/psaConfigs/example.conf | 92 +++ PSA/psaEE.conf | 17 + PSA/psaEE.py | 147 ++++ PSA/psaExceptions.py | 14 + PSA/pylintrc | 280 ++++++++ PSA/scripts/current_config.sh | 30 + PSA/scripts/init.sh | 14 + PSA/scripts/ip_conf.sh | 57 ++ PSA/scripts/ping.sh | 13 + PSA/scripts/start.sh | 20 + PSA/scripts/status.sh | 37 ++ PSA/scripts/stop.sh | 21 + PSA/secured.bro | 111 ++++ PSA/test/configs/post-init.bro | 19 + PSA/test/download_exe.sh | 2 + PSA/test/download_http.sh | 2 + PSA/test/download_http_google_49.sh | 8 + PSA/test/download_http_google_50.sh | 8 + PSA/test/download_http_vtt_49.sh | 8 + PSA/test/download_http_vtt_50.sh | 8 + PSA/test/download_pdf.sh | 2 + PSA/test/gunicorn_brolog.sh | 3 + PSA/test/gunicorn_start.sh | 3 + PSA/test/gunicorn_status.sh | 3 + PSA/test/gunicorn_stop.sh | 3 + PSA/util/cleanup.sh | 41 ++ PSA/util/kill.sh | 5 + PSA/util/pylint.sh | 7 + README.md | 267 ++++++++ copy_psa_sw_to_vm.sh | 32 + copy_psa_to_ned.sh | 51 ++ docs/HowToAddNewBroPSAModules.md | 372 +++++++++++ docs/bro-architecture.dia | Bin 0 -> 1844 bytes docs/bro-architecture.png | Bin 0 -> 26345 bytes docs/bro-psa-architecture.dia | Bin 0 -> 2365 bytes docs/bro-psa-architecture.png | Bin 0 -> 30073 bytes examples/psa-conf-example.json | 76 +++ tests/README.md | 1 + 105 files changed, 7159 insertions(+), 1 deletion(-) create mode 100644 M2LPlugin/README.md create mode 100644 M2LPlugin/examples/example.json create mode 100644 M2LPlugin/examples/example_mspl_log_0.base64 create mode 100644 M2LPlugin/examples/example_mspl_log_0.json create mode 100644 M2LPlugin/examples/example_mspl_log_0.xml create mode 100644 M2LPlugin/examples/example_mspl_log_2.base64 create mode 100644 M2LPlugin/examples/example_mspl_log_2.xml create mode 100644 M2LPlugin/examples/example_mspl_log_3.xml create mode 100644 M2LPlugin/examples/example_mspl_mwd_0.base64 create mode 100644 M2LPlugin/examples/example_mspl_mwd_0.base64.tmp create mode 100644 M2LPlugin/examples/example_mspl_mwd_0.xml create mode 100644 M2LPlugin/examples/example_mspl_mwd_2.base64 create mode 100644 M2LPlugin/examples/example_mspl_mwd_2.xml create mode 100644 M2LPlugin/lib/commons-codec-1.9.jar create mode 100644 M2LPlugin/lib/javax.json-1.0.4.jar create mode 100644 M2LPlugin/lib/javax.json-api-1.0.jar create mode 100644 M2LPlugin/lib/mspl_class.jar create mode 100644 M2LPlugin/pom.xml create mode 100644 M2LPlugin/schema/MSPL_XML_Schema.xsd create mode 100644 M2LPlugin/schema/old_MSPL_XML_Schema.xsd create mode 100644 M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/AddressValue.java create mode 100644 M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/BadConfigException.java create mode 100644 M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/ConfigWriter.java create mode 100644 M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/HSPLInfo.java create mode 100644 M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/IntValue.java create mode 100644 M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/M2LPlugin.java create mode 100644 M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/MSPLParser.java create mode 100644 M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/Rule.java create mode 100644 M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/StringValue.java create mode 100644 M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/Tester.java create mode 100644 M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/Value.java create mode 100644 M2LPlugin/test.sh create mode 100644 M2LPlugin/validate.sh create mode 100644 NED_files/PSCM/userList create mode 100644 NED_files/README.md create mode 100644 NED_files/TVDM/PSAManifest/BroLogging_manifest.xml create mode 100644 NED_files/TVDM/PSAManifest/BroMalware_manifest.xml create mode 100644 NED_files/TVDM/PSAManifest/broPSA create mode 100644 NED_files/TVDM/psaConfigs/broPSA/psaConf create mode 100644 NED_files/TVDM/userGraph/bro create mode 100644 PSA/BroManager.py create mode 100644 PSA/Config.py create mode 100644 PSA/ConfigLoader.py create mode 100644 PSA/DEBUG.md create mode 100644 PSA/ModuleLoader.py create mode 100644 PSA/README.md create mode 100644 PSA/boot_psa.sh create mode 100644 PSA/boot_script_psa create mode 100644 PSA/dumpLogFile.py create mode 100644 PSA/execInterface.py create mode 100644 PSA/getConfiguration.py create mode 100644 PSA/interfaces create mode 100644 PSA/json/psaStartup.json create mode 100644 PSA/modules.json create mode 100644 PSA/modules/BroEventDispatcher.py create mode 100644 PSA/modules/BroLoader.py create mode 100644 PSA/modules/BroModule.py create mode 100644 PSA/modules/CertValidation.bro create mode 100644 PSA/modules/CertValidation.py create mode 100644 PSA/modules/Count.py create mode 100644 PSA/modules/MHR.bro create mode 100644 PSA/modules/MHR.py create mode 100644 PSA/modules/__init__.py create mode 100644 PSA/modules/ccount.bro create mode 100644 PSA/modules/psa-utils.bro create mode 100644 PSA/psaConfigs/README.md create mode 100644 PSA/psaConfigs/example.conf create mode 100644 PSA/psaEE.conf create mode 100644 PSA/psaEE.py create mode 100644 PSA/psaExceptions.py create mode 100644 PSA/pylintrc create mode 100644 PSA/scripts/current_config.sh create mode 100644 PSA/scripts/init.sh create mode 100644 PSA/scripts/ip_conf.sh create mode 100644 PSA/scripts/ping.sh create mode 100644 PSA/scripts/start.sh create mode 100644 PSA/scripts/status.sh create mode 100644 PSA/scripts/stop.sh create mode 100644 PSA/secured.bro create mode 100644 PSA/test/configs/post-init.bro create mode 100644 PSA/test/download_exe.sh create mode 100644 PSA/test/download_http.sh create mode 100644 PSA/test/download_http_google_49.sh create mode 100644 PSA/test/download_http_google_50.sh create mode 100644 PSA/test/download_http_vtt_49.sh create mode 100644 PSA/test/download_http_vtt_50.sh create mode 100644 PSA/test/download_pdf.sh create mode 100644 PSA/test/gunicorn_brolog.sh create mode 100644 PSA/test/gunicorn_start.sh create mode 100644 PSA/test/gunicorn_status.sh create mode 100644 PSA/test/gunicorn_stop.sh create mode 100644 PSA/util/cleanup.sh create mode 100644 PSA/util/kill.sh create mode 100644 PSA/util/pylint.sh create mode 100644 README.md create mode 100644 copy_psa_sw_to_vm.sh create mode 100644 copy_psa_to_ned.sh create mode 100644 docs/HowToAddNewBroPSAModules.md create mode 100644 docs/bro-architecture.dia create mode 100644 docs/bro-architecture.png create mode 100644 docs/bro-psa-architecture.dia create mode 100644 docs/bro-psa-architecture.png create mode 100644 examples/psa-conf-example.json create mode 100644 tests/README.md diff --git a/LICENSE b/LICENSE index 8dada3e..984f944 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ - Apache License +Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ @@ -199,3 +199,5 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. + + diff --git a/M2LPlugin/README.md b/M2LPlugin/README.md new file mode 100644 index 0000000..d251be5 --- /dev/null +++ b/M2LPlugin/README.md @@ -0,0 +1,10 @@ +Testing: + +#1 +mvn clean install + +#2 +./test.sh examples/example_mspl_log_0.xml bro_json_config.json + +- This will validate the given M2L with schema/MSPL_XML_Schema.xsd and then convert the M2L into bro JSON config. + diff --git a/M2LPlugin/examples/example.json b/M2LPlugin/examples/example.json new file mode 100644 index 0000000..0f1b7ee --- /dev/null +++ b/M2LPlugin/examples/example.json @@ -0,0 +1,37 @@ +{ + "rules": [ + { "id": "rule1", + "event": "EVENT_CONNECTION", + "operation": "count.bro", + "parameters": [ + { "type": "object", + "value": "OBJ_CONNECTION" + } + ], + "action": "log", + "conditions": [ + { "type": "interval", + "value": 30 }, + { "type": "threshold", + "value": 50 }, + { "type": "source", + "value": { "address": "123.45.67.89" } + } + ] + }, + { "id": "rule2", + "event": "EVENT_FILE", + "operation": "detect-MHR.bro", + "parameters": [ ], + "action": "log", + "conditions": [ + { "type": "mime-type", + "value": "application/pdf" + }, + { "type": "mime-type", + "value": "application/x-dosexec" + } + ] + } + ] +} diff --git a/M2LPlugin/examples/example_mspl_log_0.base64 b/M2LPlugin/examples/example_mspl_log_0.base64 new file mode 100644 index 0000000..dd816aa --- /dev/null +++ b/M2LPlugin/examples/example_mspl_log_0.base64 @@ -0,0 +1 @@ +PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9InllcyI/Pgo8SVRSZXNvdXJjZSB4bWxucz0iaHR0cDovL21vZGVsaW9zb2Z0L3hzZGRlc2lnbmVyL2EyMmJkNjBiLWVlM2QtNDI1Yy04NjE4LWJlYjZhODU0MDUxYS9JVFJlc291cmNlLnhzZCIgSUQ9Ik1TUExfMDI1MzU2M2UtYzM3Ni00NzdiLWI2MjctYjMzNTc0ODg0NDkxIj4KICA8Y29uZmlndXJhdGlvbiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIgogICAgICAgICAgICAgICAgIHhzaTp0eXBlPSJSdWxlU2V0Q29uZmlndXJhdGlvbiI+CiAgICA8Y2FwYWJpbGl0eT4KICAgICAgPE5hbWU+TG9nZ2luZzwvTmFtZT4KICAgIDwvY2FwYWJpbGl0eT4KICAgIDxkZWZhdWx0QWN0aW9uIHhzaTp0eXBlPSJMb2dnaW5nQWN0aW9uIj4KICAgICAgPGxvZ2dpbmdBY3Rpb25UeXBlPmxvZ19jb25uZWN0aW9uPC9sb2dnaW5nQWN0aW9uVHlwZT4KICAgIDwvZGVmYXVsdEFjdGlvbj4KICAgIDxjb25maWd1cmF0aW9uUnVsZT4KICAgICAgPGNvbmZpZ3VyYXRpb25SdWxlQWN0aW9uIHhzaTp0eXBlPSJMb2dnaW5nQWN0aW9uIj4KICAgICAgICA8bG9nZ2luZ0FjdGlvblR5cGU+bG9nX2Nvbm5lY3Rpb248L2xvZ2dpbmdBY3Rpb25UeXBlPgogICAgICA8L2NvbmZpZ3VyYXRpb25SdWxlQWN0aW9uPgogICAgICA8Y29uZmlndXJhdGlvbkNvbmRpdGlvbiB4c2k6dHlwZT0iTG9nZ2luZ0NvbmRpdGlvbiI+CiAgICAgICAgPGlzQ05GPmZhbHNlPC9pc0NORj4KICAgICAgICA8ZXZlbnRDb25kaXRpb24+CiAgICAgICAgICA8ZXZlbnRzPkVWRU5UX0NPTk5FQ1RJT048L2V2ZW50cz4KICAgICAgICAgIDxpbnRlcnZhbD4zMDwvaW50ZXJ2YWw+CiAgICAgICAgICA8dGhyZXNob2xkPjUwPC90aHJlc2hvbGQ+CiAgICAgICAgPC9ldmVudENvbmRpdGlvbj4KICAgICAgICA8cGFja2V0Q29uZGl0aW9uPgogICAgICAgICAgPFNvdXJjZUFkZHJlc3M+MTIzLjQ1LjY3Ljg5LDEyMy40NS42Ny45MCwxMjMuNDUuNjcuOTEsPC9Tb3VyY2VBZGRyZXNzPgogICAgICAgIDwvcGFja2V0Q29uZGl0aW9uPgogICAgICA8L2NvbmZpZ3VyYXRpb25Db25kaXRpb24+CiAgICAgIDxleHRlcm5hbERhdGEgeHNpOnR5cGU9IlByaW9yaXR5Ij4KICAgICAgICA8dmFsdWU+MDwvdmFsdWU+CiAgICAgIDwvZXh0ZXJuYWxEYXRhPgogICAgICA8TmFtZT5SdWxlMDwvTmFtZT4KICAgICAgPGlzQ05GPmZhbHNlPC9pc0NORj4KICAgICAgPEhTUEwgSFNQTF9pZD0iSFNQTDNfU29uX0lTUCIgSFNQTF90ZXh0PSJzb24gZW5hYmxlIGxvZ2dpbmcgY291bnRfY29ubmVjdGlvbiwgIHZ0dF9hZGRyZXNzLCAgIi8+CiAgICA8L2NvbmZpZ3VyYXRpb25SdWxlPgogICAgPHJlc29sdXRpb25TdHJhdGVneSB4c2k6dHlwZT0iRk1SIi8+CiAgICA8TmFtZT5NU1BMXzAyNTM1NjNlLWMzNzYtNDc3Yi1iNjI3LWIzMzU3NDg4NDQ5MTwvTmFtZT4KICA8L2NvbmZpZ3VyYXRpb24+CjwvSVRSZXNvdXJjZT4K \ No newline at end of file diff --git a/M2LPlugin/examples/example_mspl_log_0.json b/M2LPlugin/examples/example_mspl_log_0.json new file mode 100644 index 0000000..55cf865 --- /dev/null +++ b/M2LPlugin/examples/example_mspl_log_0.json @@ -0,0 +1 @@ +{"rules":[{"id":"Rule0","operation":"count","event":"EVENT_CONNECTION","action":"log","parameters":[{"type":"object","value":"OBJ_CONNECTION"}],"conditions":[{"type":"interval","value":30},{"type":"threshold","value":50},{"type":"source","value":{"address":"123.45.67.89"}},{"type":"source","value":{"address":"123.45.67.90"}},{"type":"source","value":{"address":"123.45.67.91"}}]}]} \ No newline at end of file diff --git a/M2LPlugin/examples/example_mspl_log_0.xml b/M2LPlugin/examples/example_mspl_log_0.xml new file mode 100644 index 0000000..9461ef6 --- /dev/null +++ b/M2LPlugin/examples/example_mspl_log_0.xml @@ -0,0 +1,36 @@ + + + + + Logging + + + log_connection + + + + log_connection + + + false + + EVENT_CONNECTION + 30 + 50 + + + 123.45.67.89,123.45.67.90,123.45.67.91, + + + + 0 + + Rule0 + false + + + + MSPL_0253563e-c376-477b-b627-b33574884491 + + diff --git a/M2LPlugin/examples/example_mspl_log_2.base64 b/M2LPlugin/examples/example_mspl_log_2.base64 new file mode 100644 index 0000000..7672678 --- /dev/null +++ b/M2LPlugin/examples/example_mspl_log_2.base64 @@ -0,0 +1,30 @@ +PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9InllcyI/Pgo8 +SVRSZXNvdXJjZSB4bWxucz0iaHR0cDovL21vZGVsaW9zb2Z0L3hzZGRlc2lnbmVyL2EyMmJkNjBi +LWVlM2QtNDI1Yy04NjE4LWJlYjZhODU0MDUxYS9JVFJlc291cmNlLnhzZCIgSUQ9Ik1TUExfOTE5 +MGNiM2ItYzA2Yi00NmFkLWEzNmMtYTkzZDA5NzJjMjYzIj4KICAgIDxjb25maWd1cmF0aW9uIHht +bG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0 +eXBlPSJSdWxlU2V0Q29uZmlndXJhdGlvbiI+CiAgICAgICAgPGNhcGFiaWxpdHk+CiAgICAgICAg +ICAgIDxOYW1lPkxvZ2dpbmc8L05hbWU+CiAgICAgICAgPC9jYXBhYmlsaXR5PgogICAgICAgIDxk +ZWZhdWx0QWN0aW9uIHhzaTp0eXBlPSJMb2dnaW5nQWN0aW9uIj4KICAgICAgICAgICAgPGxvZ2dp +bmdBY3Rpb25UeXBlPmxvZ19jb25uZWN0aW9uPC9sb2dnaW5nQWN0aW9uVHlwZT4KICAgICAgICA8 +L2RlZmF1bHRBY3Rpb24+CiAgICAgICAgPGNvbmZpZ3VyYXRpb25SdWxlPgogICAgICAgICAgICA8 +Y29uZmlndXJhdGlvblJ1bGVBY3Rpb24geHNpOnR5cGU9IkxvZ2dpbmdBY3Rpb24iPgogICAgICAg +ICAgICAgICAgPGxvZ2dpbmdBY3Rpb25UeXBlPmxvZ19jb25uZWN0aW9uPC9sb2dnaW5nQWN0aW9u +VHlwZT4KICAgICAgICAgICAgPC9jb25maWd1cmF0aW9uUnVsZUFjdGlvbj4KICAgICAgICAgICAg +PGNvbmZpZ3VyYXRpb25Db25kaXRpb24geHNpOnR5cGU9IkxvZ2dpbmdDb25kaXRpb24iPgogICAg +ICAgICAgICAgICAgPGlzQ05GPmZhbHNlPC9pc0NORj4KICAgICAgICAgICAgICAgIDxldmVudENv +bmRpdGlvbj4KICAgICAgICAgICAgICAgICAgICA8ZXZlbnRzPkVWRU5UX0NPTk5FQ1RJT048L2V2 +ZW50cz4KICAgICAgICAgICAgICAgICAgICA8aW50ZXJ2YWw+MzA8L2ludGVydmFsPgogICAgICAg +ICAgICAgICAgICAgIDx0aHJlc2hvbGQ+NTA8L3RocmVzaG9sZD4KICAgICAgICAgICAgICAgIDwv +ZXZlbnRDb25kaXRpb24+CiAgICAgICAgICAgICAgICA8cGFja2V0Q29uZGl0aW9uPgogICAgICAg +ICAgICAgICAgICAgIDxTb3VyY2VBZGRyZXNzPjEyMy40NS42Ny44OSwxMjMuNDUuNjcuOTAsMTIz +LjQ1LjY3LjkxLDwvU291cmNlQWRkcmVzcz4KICAgICAgICAgICAgICAgIDwvcGFja2V0Q29uZGl0 +aW9uPgogICAgICAgICAgICA8L2NvbmZpZ3VyYXRpb25Db25kaXRpb24+CiAgICAgICAgICAgIDxl +eHRlcm5hbERhdGEgeHNpOnR5cGU9IlByaW9yaXR5Ij4KICAgICAgICAgICAgICAgIDx2YWx1ZT4w +PC92YWx1ZT4KICAgICAgICAgICAgPC9leHRlcm5hbERhdGE+CiAgICAgICAgICAgIDxOYW1lPlJ1 +bGUwPC9OYW1lPgogICAgICAgICAgICA8aXNDTkY+ZmFsc2U8L2lzQ05GPgogICAgICAgICAgICA8 +SFNQTCBIU1BMX2lkPSJIU1BMM19Tb25fSVNQIiBIU1BMX3RleHQ9InNvbiBlbmFibGUgbG9nZ2lu +ZyBjb3VudF9jb25uZWN0aW9uLCAgdnR0X2FkZHJlc3MsICAiLz4KICAgICAgICA8L2NvbmZpZ3Vy +YXRpb25SdWxlPgogICAgICAgIDxyZXNvbHV0aW9uU3RyYXRlZ3kgeHNpOnR5cGU9IkZNUiIvPgog +ICAgICAgIDxOYW1lPk1TUExfOTE5MGNiM2ItYzA2Yi00NmFkLWEzNmMtYTkzZDA5NzJjMjYzPC9O +YW1lPgogICAgPC9jb25maWd1cmF0aW9uPgo8L0lUUmVzb3VyY2U+Cg== diff --git a/M2LPlugin/examples/example_mspl_log_2.xml b/M2LPlugin/examples/example_mspl_log_2.xml new file mode 100644 index 0000000..271e230 --- /dev/null +++ b/M2LPlugin/examples/example_mspl_log_2.xml @@ -0,0 +1,35 @@ + + + + + Logging + + + log_connection + + + + log_connection + + + false + + EVENT_CONNECTION + 30 + 50 + + + 123.45.67.89,123.45.67.90,123.45.67.91, + + + + 0 + + Rule0 + false + + + + MSPL_9190cb3b-c06b-46ad-a36c-a93d0972c263 + + diff --git a/M2LPlugin/examples/example_mspl_log_3.xml b/M2LPlugin/examples/example_mspl_log_3.xml new file mode 100644 index 0000000..94577db --- /dev/null +++ b/M2LPlugin/examples/example_mspl_log_3.xml @@ -0,0 +1,38 @@ + + + + + Logging + + + log_connection + + + + log_connection + + + false + + EVENT_CONNECTION + 30 + 50 + + + + www.black-site.com,chat-paradise.com,chat.free.fr,chat.gratis.es, + + + + 0 + + Rule0 + false + + + + MSPL_b1a390f5-21b6-4cb2-b1ba-711e399d4833 + + \ No newline at end of file diff --git a/M2LPlugin/examples/example_mspl_mwd_0.base64 b/M2LPlugin/examples/example_mspl_mwd_0.base64 new file mode 100644 index 0000000..fefafa4 --- /dev/null +++ b/M2LPlugin/examples/example_mspl_mwd_0.base64 @@ -0,0 +1 @@ +PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9InllcyI/Pgo8SVRSZXNvdXJjZSB4bWxucz0iaHR0cDovL21vZGVsaW9zb2Z0L3hzZGRlc2lnbmVyL2EyMmJkNjBiLWVlM2QtNDI1Yy04NjE4LWJlYjZhODU0MDUxYS9JVFJlc291cmNlLnhzZCIgSUQ9Ik1TUExfMzA5MWQxMzUtZWI2Ny00OGM3LWJmNjItMTIwMTVhNDdmMjVmIj4KICA8Y29uZmlndXJhdGlvbiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIgogICAgICAgICAgICAgICAgIHhzaTp0eXBlPSJSdWxlU2V0Q29uZmlndXJhdGlvbiI+CiAgICA8Y2FwYWJpbGl0eT4KICAgICAgPE5hbWU+T2ZmbGluZV9tYWx3YXJlX2FuYWx5c2lzPC9OYW1lPgogICAgPC9jYXBhYmlsaXR5PgogICAgPGRlZmF1bHRBY3Rpb24geHNpOnR5cGU9IkFudGktbWFsd2FyZUFjdGlvbiI+CiAgICAgIDxhbnRpLW1hbHdhcmVBY3Rpb25UeXBlPjwvYW50aS1tYWx3YXJlQWN0aW9uVHlwZT4KICAgIDwvZGVmYXVsdEFjdGlvbj4KICAgIDxjb25maWd1cmF0aW9uUnVsZT4KICAgICAgPGNvbmZpZ3VyYXRpb25SdWxlQWN0aW9uIHhzaTp0eXBlPSJBbnRpLW1hbHdhcmVBY3Rpb24iPgogICAgICAgIDxhbnRpLW1hbHdhcmVBY3Rpb25UeXBlPjwvYW50aS1tYWx3YXJlQWN0aW9uVHlwZT4KICAgICAgPC9jb25maWd1cmF0aW9uUnVsZUFjdGlvbj4KICAgICAgPGNvbmZpZ3VyYXRpb25Db25kaXRpb24geHNpOnR5cGU9IkFudGktbWFsd2FyZUNvbmRpdGlvbiI+CiAgICAgICAgPGlzQ05GPmZhbHNlPC9pc0NORj4KICAgICAgICA8YXBwbGljYXRpb25MYXllckNvbmRpdGlvbj4KICAgICAgICAgIDxtaW1lVHlwZT5hcHBsaWNhdGlvbi94LWRvc2V4ZWMsPC9taW1lVHlwZT4KICAgICAgICA8L2FwcGxpY2F0aW9uTGF5ZXJDb25kaXRpb24+CiAgICAgIDwvY29uZmlndXJhdGlvbkNvbmRpdGlvbj4KICAgICAgPGV4dGVybmFsRGF0YSB4c2k6dHlwZT0iUHJpb3JpdHkiPgogICAgICAgIDx2YWx1ZT4wPC92YWx1ZT4KICAgICAgPC9leHRlcm5hbERhdGE+CiAgICAgIDxOYW1lPlJ1bGUwPC9OYW1lPgogICAgICA8aXNDTkY+ZmFsc2U8L2lzQ05GPgogICAgICA8SFNQTCBIU1BMX2lkPSJIU1BMNF9Tb25fSVNQIiBIU1BMX3RleHQ9InNvbiBlbmFibGUgbWFsd2FyZV9kZXRlY3Rpb24gc2Nhbl94ZG9zZXhlYywgICIvPgogICAgPC9jb25maWd1cmF0aW9uUnVsZT4KICAgIDxjb25maWd1cmF0aW9uUnVsZT4KICAgICAgPGNvbmZpZ3VyYXRpb25SdWxlQWN0aW9uIHhzaTp0eXBlPSJBbnRpLW1hbHdhcmVBY3Rpb24iPgogICAgICAgIDxhbnRpLW1hbHdhcmVBY3Rpb25UeXBlPjwvYW50aS1tYWx3YXJlQWN0aW9uVHlwZT4KICAgICAgPC9jb25maWd1cmF0aW9uUnVsZUFjdGlvbj4KICAgICAgPGNvbmZpZ3VyYXRpb25Db25kaXRpb24geHNpOnR5cGU9IkFudGktbWFsd2FyZUNvbmRpdGlvbiI+CiAgICAgICAgPGlzQ05GPmZhbHNlPC9pc0NORj4KICAgICAgICA8YXBwbGljYXRpb25MYXllckNvbmRpdGlvbj4KICAgICAgICAgIDxtaW1lVHlwZT5hcHBsaWNhdGlvbi9wZGYsPC9taW1lVHlwZT4KICAgICAgICA8L2FwcGxpY2F0aW9uTGF5ZXJDb25kaXRpb24+CiAgICAgIDwvY29uZmlndXJhdGlvbkNvbmRpdGlvbj4KICAgICAgPGV4dGVybmFsRGF0YSB4c2k6dHlwZT0iUHJpb3JpdHkiPgogICAgICAgIDx2YWx1ZT4xPC92YWx1ZT4KICAgICAgPC9leHRlcm5hbERhdGE+CiAgICAgIDxOYW1lPlJ1bGUxPC9OYW1lPgogICAgICA8aXNDTkY+ZmFsc2U8L2lzQ05GPgogICAgICA8SFNQTCBIU1BMX2lkPSJIU1BMNV9Tb25fSVNQIiBIU1BMX3RleHQ9InNvbiBlbmFibGUgbWFsd2FyZV9kZXRlY3Rpb24gc2Nhbl9wZGYsICAiLz4KICAgIDwvY29uZmlndXJhdGlvblJ1bGU+CiAgICA8cmVzb2x1dGlvblN0cmF0ZWd5IHhzaTp0eXBlPSJGTVIiLz4KICAgIDxOYW1lPk1TUExfMzA5MWQxMzUtZWI2Ny00OGM3LWJmNjItMTIwMTVhNDdmMjVmPC9OYW1lPgogIDwvY29uZmlndXJhdGlvbj4KPC9JVFJlc291cmNlPgo= \ No newline at end of file diff --git a/M2LPlugin/examples/example_mspl_mwd_0.base64.tmp b/M2LPlugin/examples/example_mspl_mwd_0.base64.tmp new file mode 100644 index 0000000..ca50205 --- /dev/null +++ b/M2LPlugin/examples/example_mspl_mwd_0.base64.tmp @@ -0,0 +1,48 @@ + + + + + Offline_malware_analysis + + + + + + + + + + false + + application/x-dosexec, + + + + 0 + + Rule0 + false + + + + + + + + false + + application/pdf, + + + + 1 + + Rule1 + false + + + + MSPL_3091d135-eb67-48c7-bf62-12015a47f25f + + diff --git a/M2LPlugin/examples/example_mspl_mwd_0.xml b/M2LPlugin/examples/example_mspl_mwd_0.xml new file mode 100644 index 0000000..ca50205 --- /dev/null +++ b/M2LPlugin/examples/example_mspl_mwd_0.xml @@ -0,0 +1,48 @@ + + + + + Offline_malware_analysis + + + + + + + + + + false + + application/x-dosexec, + + + + 0 + + Rule0 + false + + + + + + + + false + + application/pdf, + + + + 1 + + Rule1 + false + + + + MSPL_3091d135-eb67-48c7-bf62-12015a47f25f + + diff --git a/M2LPlugin/examples/example_mspl_mwd_2.base64 b/M2LPlugin/examples/example_mspl_mwd_2.base64 new file mode 100644 index 0000000..19ceb12 --- /dev/null +++ b/M2LPlugin/examples/example_mspl_mwd_2.base64 @@ -0,0 +1,45 @@ +PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9InllcyI/Pgo8 +SVRSZXNvdXJjZSB4bWxucz0iaHR0cDovL21vZGVsaW9zb2Z0L3hzZGRlc2lnbmVyL2EyMmJkNjBi +LWVlM2QtNDI1Yy04NjE4LWJlYjZhODU0MDUxYS9JVFJlc291cmNlLnhzZCIgSUQ9Ik1TUExfODRl +NDM4ZjktNzA3MS00MGRkLThlZWYtZTk1NWU1MTdhMmExIj4KICAgIDxjb25maWd1cmF0aW9uIHht +bG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0 +eXBlPSJSdWxlU2V0Q29uZmlndXJhdGlvbiI+CiAgICAgICAgPGNhcGFiaWxpdHk+CiAgICAgICAg +ICAgIDxOYW1lPk9mZmxpbmVfbWFsd2FyZV9hbmFseXNpczwvTmFtZT4KICAgICAgICA8L2NhcGFi +aWxpdHk+CiAgICAgICAgPGRlZmF1bHRBY3Rpb24geHNpOnR5cGU9IkFudGktbWFsd2FyZUFjdGlv +biI+CiAgICAgICAgICAgIDxhbnRpLW1hbHdhcmVBY3Rpb25UeXBlPjwvYW50aS1tYWx3YXJlQWN0 +aW9uVHlwZT4KICAgICAgICA8L2RlZmF1bHRBY3Rpb24+CiAgICAgICAgPGNvbmZpZ3VyYXRpb25S +dWxlPgogICAgICAgICAgIDwhLS0gQWRkZWQgYXMgdGhlIGZpbGUgZGlkbid0IHZhbGlkYXRlIGFn +YWluc3QgdGhlIHNjaGVtYSAtLT4KICAgICAgICAgICA8Y29uZmlndXJhdGlvblJ1bGVBY3Rpb24g +eHNpOnR5cGU9IkFudGktbWFsd2FyZUFjdGlvbiIgPgogICAgICAgICAgICAgICA8YW50aS1tYWx3 +YXJlQWN0aW9uVHlwZT5TdHJpbmc8L2FudGktbWFsd2FyZUFjdGlvblR5cGU+IAogICAgICAgICAg +IDwvY29uZmlndXJhdGlvblJ1bGVBY3Rpb24+CiAgICAgICAgICAgPCEtLSAtLT4KICAgICAgICAg +ICAgPGNvbmZpZ3VyYXRpb25Db25kaXRpb24geHNpOnR5cGU9IkFudGktbWFsd2FyZUNvbmRpdGlv +biI+CiAgICAgICAgICAgICAgICA8aXNDTkY+ZmFsc2U8L2lzQ05GPgogICAgICAgICAgICAgICAg +PGFwcGxpY2F0aW9uTGF5ZXJDb25kaXRpb24+CiAgICAgICAgICAgICAgICAgICAgPG1pbWVUeXBl +PmFwcGxpY2F0aW9uL3gtZG9zZXhlYyw8L21pbWVUeXBlPgogICAgICAgICAgICAgICAgPC9hcHBs +aWNhdGlvbkxheWVyQ29uZGl0aW9uPgogICAgICAgICAgICA8L2NvbmZpZ3VyYXRpb25Db25kaXRp +b24+CiAgICAgICAgICAgIDxleHRlcm5hbERhdGEgeHNpOnR5cGU9IlByaW9yaXR5Ij4KICAgICAg +ICAgICAgICAgIDx2YWx1ZT4wPC92YWx1ZT4KICAgICAgICAgICAgPC9leHRlcm5hbERhdGE+CiAg +ICAgICAgICAgIDxOYW1lPlJ1bGUwPC9OYW1lPgogICAgICAgICAgICA8aXNDTkY+ZmFsc2U8L2lz +Q05GPgogICAgICAgICAgICA8SFNQTCBIU1BMX2lkPSJIU1BMNF9Tb25fSVNQIiBIU1BMX3RleHQ9 +InNvbiBlbmFibGUgbWFsd2FyZV9kZXRlY3Rpb24gbWFsd2FyZV9kZXRlY3Rpb24sICBzY2FuX3hk +b3NleGVjLCAgIi8+CiAgICAgICAgPC9jb25maWd1cmF0aW9uUnVsZT4KICAgICAgICA8Y29uZmln +dXJhdGlvblJ1bGU+CiAgICAgICAgICAgPCEtLSBBZGRlZCBhcyB0aGUgZmlsZSBkaWRuJ3QgdmFs +aWRhdGUgYWdhaW5zdCB0aGUgc2NoZW1hIC0tPgogICAgICAgICAgIDxjb25maWd1cmF0aW9uUnVs +ZUFjdGlvbiB4c2k6dHlwZT0iQW50aS1tYWx3YXJlQWN0aW9uIiA+CiAgICAgICAgICAgICAgIDxh +bnRpLW1hbHdhcmVBY3Rpb25UeXBlPlN0cmluZzwvYW50aS1tYWx3YXJlQWN0aW9uVHlwZT4gCiAg +ICAgICAgICAgPC9jb25maWd1cmF0aW9uUnVsZUFjdGlvbj4KICAgICAgICAgICA8IS0tIC0tPgog +ICAgICAgICAgICA8Y29uZmlndXJhdGlvbkNvbmRpdGlvbiB4c2k6dHlwZT0iQW50aS1tYWx3YXJl +Q29uZGl0aW9uIj4KICAgICAgICAgICAgICAgIDxpc0NORj5mYWxzZTwvaXNDTkY+CiAgICAgICAg +ICAgICAgICA8YXBwbGljYXRpb25MYXllckNvbmRpdGlvbj4KICAgICAgICAgICAgICAgICAgICA8 +bWltZVR5cGU+YXBwbGljYXRpb24vcGRmLDwvbWltZVR5cGU+CiAgICAgICAgICAgICAgICA8L2Fw +cGxpY2F0aW9uTGF5ZXJDb25kaXRpb24+CiAgICAgICAgICAgIDwvY29uZmlndXJhdGlvbkNvbmRp +dGlvbj4KICAgICAgICAgICAgPGV4dGVybmFsRGF0YSB4c2k6dHlwZT0iUHJpb3JpdHkiPgogICAg +ICAgICAgICAgICAgPHZhbHVlPjE8L3ZhbHVlPgogICAgICAgICAgICA8L2V4dGVybmFsRGF0YT4K +ICAgICAgICAgICAgPE5hbWU+UnVsZTE8L05hbWU+CiAgICAgICAgICAgIDxpc0NORj5mYWxzZTwv +aXNDTkY+CiAgICAgICAgICAgIDxIU1BMIEhTUExfaWQ9IkhTUEw1X1Nvbl9JU1AiIEhTUExfdGV4 +dD0ic29uIGVuYWJsZSBtYWx3YXJlX2RldGVjdGlvbiBtYWx3YXJlX2RldGVjdGlvbiwgIHNjYW5f +cGRmLCAgIi8+CiAgICAgICAgPC9jb25maWd1cmF0aW9uUnVsZT4KICAgICAgICA8cmVzb2x1dGlv +blN0cmF0ZWd5IHhzaTp0eXBlPSJGTVIiLz4KICAgICAgICA8TmFtZT5NU1BMXzg0ZTQzOGY5LTcw +NzEtNDBkZC04ZWVmLWU5NTVlNTE3YTJhMTwvTmFtZT4KICAgIDwvY29uZmlndXJhdGlvbj4KPC9J +VFJlc291cmNlPgo= diff --git a/M2LPlugin/examples/example_mspl_mwd_2.xml b/M2LPlugin/examples/example_mspl_mwd_2.xml new file mode 100644 index 0000000..3e3761d --- /dev/null +++ b/M2LPlugin/examples/example_mspl_mwd_2.xml @@ -0,0 +1,51 @@ + + + + + Offline_malware_analysis + + + + + + + + String + + + + false + + application/x-dosexec, + + + + 0 + + Rule0 + false + + + + + + String + + + + false + + application/pdf, + + + + 1 + + Rule1 + false + + + + MSPL_84e438f9-7071-40dd-8eef-e955e517a2a1 + + diff --git a/M2LPlugin/lib/commons-codec-1.9.jar b/M2LPlugin/lib/commons-codec-1.9.jar new file mode 100644 index 0000000000000000000000000000000000000000..ef35f1c50d7c41278bc31f4b9fcfc8fbd708d55d GIT binary patch literal 263965 zcmbTc18^tdw(gxw?1^pL_GDt)=0CP=+qP}nwv&l%JKyYm&bo zZ)&LaLFb-s=EbOXIV^>7$>ompf&xNL2b0k)3-X6+xAe6?uJLd3u6iAh%Nkyukp(0T zJsejE$D;@|644gq&YQ@(9doZZL6jfYcF!w0L2DVh&gUyVJm*>_Rcc;`Z_@}_2Y}7o zw)Oj%-ttZ?TQayGt8e5HGQAwpU%&o?*`xV+n3Mp zTld>=-M6z5@gN;wFL!k8b6!t7B$=Ohhk4|5im7X=**w|HXJkj!KGz*2cX{Zx?+Mp; z3_%q#>S*|E86hDd|Ttkf_FDd4D}axiDRY?NZmYI(y&6qBdVh z#^Qg=rw2EXT9WbAv;x77M0R}ew`II=;Dcd^2kRtL zk=5mU973#Rda*8IsQT zK+7RgJL%TkdD}&_Rm*+_p4~ZZzg0Q-x_?ycf-PU8rVZizETbc^o~om;+NR zFmQ>4zr(RCNO_J5j3%9udhM)dHRGe9oPPK#!iX0icJytV|DtpmSQ^tiZ7u>B-ZXwf zphm1ZU5<*YZ$XZXq#@@e?I8I`tA4x`%sbgN?Eranp;Mlu$h4coqi0m;y*htf@{#no zW~gkmn>v3K+Ok5wM*v5|DFMM5=+-WkN|KgWQE9>CshDrRRf%ZH8+XzGel-j-6)nS# zuY0yh+5xaEHRY_PB*rnTS!1t}YHkixvb{65)(VGDV=KiS=}zoq(L*yVzHm3mTgjMB zcxlK?QJ+W}eO(TN@#X=$6C|2jnwSZVuE7T;tF^+B8DHD#XA%{pE-$aD{%e#S9EIx<9piFLd2WT179En5L?AoN!a)yYZX z9?^8m6nRq+9e$QU=QVzK`w0k9w12b;XY`}}2G{OKh8UR~kHf8sSnCcqBr4lL3}b-z+fdBt!Gh zDauiwjZXp>>y@>0B#zXxKT-)up8g&n88qd(uifrZH~4DoMX|6{Yk7FKDJE+?nL&n% z5?`I;67El(e=htQ{+Ye}aeDPJsja)fEgt@+%~TBVh`Pl}dNRB%VIik{5A*H^%2e^v zST#R!A8%DO^5XY-Y#tB`H?-dj%kNh8Vb!#pSk%?#q4io_H_*)eI@<#*p%>jMxOany zCfw(LnXh4$y+ZLRG4dbagV5H@rfKuUhs4GhS>_&;yqw@3oxX}Hj>IhK@(NVFHFglU zPkzktsw*v*B-JGclSi#I2C6=>gEs@v!}z&EvNRq6J{iuKd|0AcZ(n)OndI;MyaEA_ z!n0TI=aQ6LN3yy_32*#Kx1kd3I5pW4En>&BSU^b<>@oaSN!D}I7UD+(R9@gY$r3A% zF%m_Fne6!s@~7$Nl4bMKE2@8+Sw`>9-cYS!72#+()D)NEWQh_9cWdEOFZ^xI)5YC$lT}lrf3ds=!e~_hYqwxU@a)x8WTkk) zCz%7#Y*o(Z8(1r+Yk(2ANiOJcM}{}VpD5kA`&!Tw#=iEP0Ew9+WWgZC@%XMG0F3&V*}I0wJV)R}O@ZYdWg%*4sZ(i*)!vI1OtG=2D255nvYaJ1k0sS6m* z{k2ci%`AVrhG{8ii&T%z5-`g7M4$}$B+Xuq+M->0oCvsCet#uj6=>z}X-ZnTG9tGnX~jE9WHPMYJG)DhaAvCL6 zxV*aPobK0O_sZBe^x-D;}dcf4=BK3|`RukKC2*cEAPodYAaN8F(BH`q3$*;=eQ859`N zgKxUZIqwHvV9RH8-=6=rsKm%B4^-B)NUtj%QQnNuv2Mh!)QNt8Aj~p5QCbQ;)Y&Xs zzrG`duQk!C8fxipd=cK~RgA%2LKw-%^dQl+YWAp5Jr_*XuBr4@QY#PXirueeQ~A!2 zjl|B^{^N0Hsmk! z!;jP1b3JKQD1h=ukzpToJ0dUcJNSfo!&)kzHR?7BH*e*q$k!;$?YdgB5%+qP-?z~r z*#f!dR6iSYcNDVe+hz?bw=s3eCh! zg`3By3^RN5+FtC0PlpsDP*tyWLxfEr1)_|*?ShC5#a0<{I-Y%*sWoX*4N)GUy>|oZ zsk8g0+2n9sKlft5Jp68$ciI->k%C<_Gb*Xq%e6~ayhg{m1=^IKsGX~Un_k(jsM6b) z4L^~fs&y@oewMKW6_Mp<%UyVAKYbA~^%G7e9PY0^Akn*@BBpg~6fDjb+BK4azDwXn zkf0UH2Y;0e_y#8GiC*d9PcuMdx10t~;(~daAY9*@eBa9=>{32(d zx|g6xRCcBPxq^2WdcU^$jZiAs6pnqBH34hJV(gv?QT62;#1wA`m7S!U!8pY!*iLv+ zHGVS9Nv!0ti1w+W*RI3Dv#*IOiiy3J> z8UXb^>)^yq{|KENDk77d1OrEhWa!l}=?=+`cp>?PDGd({#-6{dK`1{F{@8jZLXH$E zX&zzg(f!zC3N*A;UKF|5^fBWPM#+}+p(!46G21BRav=^4kl5-`6v?$Zp-URti?sYm zF9yF{-&8XlW8=7L@Dz}csGV~11*PDIJCu)D+MQ7oPdC6U~x(B#@tj5l>AWxyVQ ziDgw|c3%J{O67434i2`}YC_pX{)T=!RKqT#+IUL83l)2!Yzw2|tKk~27C3MBiO`5y zyqpNV34Vx>_ee;D;z(^q@jZgK@T!9)399-x{enjgN(R-3J}~JYnFRig#14kJSq^+A zo(;)yk)B1yH=pr^+2K3Tbh=`?BjPN~nzA-wy~=M<)o+7^a?`gMcs;VlrxfdGRJm9S zir7M$!}p`-$5G2ZQbe94$7OTE&D#U0!8^~zi+C=c@f15H9MUi5E(%^+YnR7r$Ll%Xe{q)v3rU+qDNf;V*=8hjKc0pcXpL(&^aguk8T zaOKv%=>>*Y`!>i4g>skt_?YerC*rU=%l6vrJ1$GrSa~C7%E@?O`j@g6<=TB(I`Ngp zIufa5%+`t1vl3JsYMaq~QD6v*6m@9gb|$k5qS?Bj*N{>n=i|qLbX-~qw#HOP3DNh# zvteb1U`#JY@fZ@zb1Rp&A%HmCzz01hTBXlS=+^} zL=4owTsVADvNqe~5ga#Usyv;2m-Ao1OgVhVO9WyPg3z~uG`dzxr^(hwGK4EEQx^>I zXI6^o(#(`;jD;2l=SfC1#X{oTUMmG}CD^3+h_wry;Ic*NrKpCTl?>PrvAVl|wv=14 zXy2S-x6PQjKuYzB;J(hFg=gvEr<$aB;;nAi92G+f^T~8eUMm_)i8U>F~6ERSQ z_0wLNWL+5Fml_(<$#vlF!qLPzI^2NHbcV{+L)dnW!az+~oO9JM1jl#RzdOn9S3YrN zQO@KYPvx+*TIVnWun2U1M!bR-?0TM<#TV1a+J~Ie6lb3LU634G{E}%z#`|lHoq7>1jTNR*zuvyM|`i!bg>f~yq=0v!Z(lwAJ@k1mP@iUT?chE+|&Ks9q zO{JWIE&H5>aK18aXKu@R%G1)H8Ihp<={UW5avV>_C`uxf4gC$t#b1ZniF+MLC*)Ub zVGjUN$rH8$gu_MU>DUnn49zULrpV6PlZ>G7y};u2fm;1!zq`2%Snl;B%q@o;nnlGK z1XT7q1XB6_?HVs&(Ol2kR-WlYRn(^B6-<377&Bl=Xm%YI}- zsvcR!Y^F;nw{oIjjcV3s{4%}qVBK))?bvBL?m+dx0>m{EY4U8DD)Xc51GxowSt?uj z@(_>?&jDqHRL&O-b_Wp`!tKY=`e>^XJUf-DGT$TK2s^2(#0vy*(>Yw~bpw2>Ak;(P zEVotEyFpuZ=a%n^aykYkw8k5po{*Au>2$9*I5d-7Wq{UTnkm4OS5&`qZ$9=82Ig3# z5UK?0P*fHLxyZO*KHK+YnOZ5$ybSeB5Z>P_6pij^v7lV?#FR%yqRyPO3f~wvnFerh zV@hCTL>WC>zq1{sFM!JZJs_{A`Kk3%jkbr9@s7xpYiEWHMijuWU$sB&ZaZSS~4 z;b@fz~KSd4} zEf2^?X?Dv*&4ne+lqm)qF?4hy-*=?FeBD`lrzm}Rdw=gwb$Hx<-90_o+wu2wBeS<0 zvj1SO89LlEy?uV&gU%Ft$9y1W)zP-YoKjmrpfPS$^+!t?X6$w>xV%w~35f|b1 zI58beOo6|a!W*6EtThIjQNAk0DuaVNfE>>FJWsVkCZK5PtW!eh*?gXI+N)6Z?JMmV ziG}mzAwCU1q9wmu1TS__2;vQ=|2FZs4>j2gKhGfDiJqA7sjIC~SbjeXcU}Ap- z>XjR;MVV!v9%3hyu2zq~o*;dndzb|jwnJp6m<^AlB)Ii4!DIZ6Gi71*tyaz?DH_U2 zxwq!!i6LIshGFGG}}g1;WlwyaGa4%(Ur(Ka?-_m z-3(|b@l|x7OJpeiaT*C{8@&r@jrnbv)Knz1u8Lw$;EhNoa6x=u4UKD!<4; z3;JGtv5{bTsH;?n?$K`@(9w5RyHCIa9vo#3&aH62MorZ1r?PdPjOf?q3|OB9DlzO% zjB%n@)rW9%cOTYIyBWMvHeRnQg@@Hn`woh3h6%dHrqm4{ass0Ci({@s3tR^vYU1eUp!8g$h}Ct0sL^zBy9cQpE`@7H+CFPiTOxTKZtEpSdNWL{} zgiGEbnZ#eP`)V0KG&hcUuz$qicOQ8->Uf3KJxVCJ8^q;<_Hz;axVvm2A%k>&*&;n% zv}V*{QupcQRr#a8UT8Uh@w!G|@Fu00qNO-nDM_~>oY|ewi_-lI_Zkrf(;p(|&#xRl z1)r@Du4G1LPSvAdM9=V(@z}QZ^AM3bv>_LtId4W!a2VfvS8teu@DY3=D?X8hfi?TC zIr)k%A8=?>6yxZ85*y#5(|BX;E8AHL$b|U|%pm?CyUw5Hf$x4?1Qrh=xPQDK=nqhX_u_Y-i%1udT%}vbMkxl z`*z3k^Oe`1&d1Apa^PH`CvE}+f7tU2(DODldtdDJR!oynhDK(sv7g4F>V(!o@DL;e z;MiJ2hfA>7R<>{{D_p%$D|PkwTs!WoMgiECw!}Sd$OADrwV2jN>$J|L0h(?*Xw_T8 zw%h}_TqNG6m9`~tSN6SXtM3)s&@4>YSAWt4exN z0sLR~>LfT3?*q3*UveRN@pQQQ91}Ah1?9z+@k4BZ4-I?4XAa;5uv8UhrPY?@)HSr) z3L3f%pn~eB!nV`Y$NJKbMcY*AYiX_(9h6k#DePI?znrtU$LmTPtLw{B*#}_8^0Lv0 ze*zfK{8um_#lu9pdN_a6h9F*%O0Y=D+f!h$okcqPEaJ!fMx<%*-_`Sk_fOAgK@p@b z$ZL$F!cyLvTekc?^{h}q1ngs0#*cN-yjC`}0&WP|rW|Kx(cQC!uV!%oL1blRwB(u1 z9Qy|c_Pqf6zUwPhUX3APdsMq`L5<5mB*>1{O&{#}wRNVCx`L^{>b8l6V5Mb#qD!TE z)MYVsZu(s9_|MJ^!s|fQtJAF+!={8r!uj4;@0;+Ka~mBsO8mXJXg`@sYsg}3$^P(? zU41t_4qLu4p%0D8?7Hbu^~0NIN~527v$S4i8K8JmbTQN^P^_Y;&2S1U;3915A$EpQ zY#JdL@jhxfc9AW_hOL1x%aDm~9PmvAqME z5Y&KFut6{p#cvF+W#VqRQM1PoiGnIzD-jMIZ>L_f7zkpc;N9bnsSQNfCJgy(eLC8M z%6n~@R)l8e&6wEz^!@Y;J64xL?c<*-sF7{`xOuV2c)mHc(YP|JP#u*wxyX3_TaZD= z@HXe6L)yDyn?udd5CheN!`gmLEWVZ~QB$^6BsEp`{WLcm`tS~BG00E-eB_fm*&%uT zP%*s)GOm#sF+wHC*+2-ixBi#N*!v81<=yO8t)_ zTzt^yq6M(L9sc8F9_xpM#iy1Q>|M0L343}TdpC5)v?~(l=)(QYm{qhGlJ=j$M>-s_ zB888vgjEz%589O(N33%i{Iqf<#FIuj9J9g5?O1z#KXFqJYVDL=M$!S018S1G6Np`J zY{PpZ*#2AiQE%+vM3>lO<(2UAl?CV9!Kz#}Z*dp!-?1X4q$dGdmL7dx)PD~ddCQb7ofY1-wQiAOZe zRg9d(NGm02oHsm8x*e6j|<=|cr(nU%rJQdgz+*XxO-_h2f+kGD{EBd z7(e^&=uf>M5QUN2K@LTT6*K`bfW8%E@|`s-PC!AkaZ(e!q~^fbh_ zk}9BFQ!FB31=^)p^wQ9-#LVtm+^Tx8RVPByY#$3-CeFPA$=wbeGuTG7rq!xH`P2=h z(wzJxJ7Gj%W*t~)E2P&Rv{Gp`+P4cCTyZMyL@Ymga;w&F8`I%OW)wL=+bu?6Av_l} z(LDvMjC9esJcd1NaQDd*PEaH6&J#|EK6B%CLC8X`V-$hY@0#8IBhI!r$ifa@a^2i8 zW}fnQ2BXryT@f}QD~L`1A_>a?J=K^%#27=9FA^@-hukIqohUoj>=R7$0wd)+6B_SB z4DBt5^3E-PieC%;1qSX3b-qj8irlWpomm`t1IGhqy7LqB0)y&?seHa%*r@2y5d$sG zIqGuB@Q?dwMaKc?@Tet!+ReK*>$2@pa~*vX4#ohzf6xcaMF+Hhs!xvffJ2}T%{%A#>F@S%#p<|M#y8mS zuJRQLU^;KItmYfe-kJ&O$DO~I2Sv7 zR>);`A{U&z&wesQnFI5e8qkV9q2(~qYRHf+lH^Vc2Ws~qAT@m77F7H0z7{sZj<0$c zx-+_)oL!%kFI2e|qT&{4c_%|HqGx32g>iZJSgoc|FMtU#h3c?Xs;pO}2w0UuUaQP< zh&qwnF6j=1jdH}U=??KNiN01HHxQT=K~o8#xjd;=Cb*I{5i40STwP>$Ol0lS%N!Ny zdZb@B4^c&q2U7&tnpE70MkQFhY#OncyHWlU`b)O zoerCN{~ zgY!8;^Q=kRhuBLkdD#zQW7YAt$VDUA6uj2O53bBbBbs`!+Y+a@Y^jkg14^ABD*M_$ zd#h}bx24N$vA6QC{ZuJ`_=G<9jkMx^g*_Lb;tN1r39w%k)=X<-6#i}n!_Uv&YRy5~ zgW8O^-r?g3irF!JDP@AhSG>EmE5hPVV)OjfhL=;w(yF@_0g)(r12|OvD7%C36j8o4 zJ;UHBP2MGJ!pu>&85}s{b^W~+J+e6PlKIA!Eyv%FzR15jvqXO@+ytXL&*G_${1ToV zRb#$?%W6gR^(({Q#!Sakv0_ly{QQ>o65dmj+xObcX1}IU_Ewu0O7_&+Q&!ivXZifb z%L~psS2qCvtYug9O~q6EPjt_zcu&F-`&1*BvKMALrJaUZw{-o?FJ^E`M30k%b4^cz zxKK`X=MvrWw9^!GleePuH19HJwoe&*Q5Jp}aECPY(hJ~cv*Nb zyejUN50KW7)=+DW%p4f;7@4qRu#~U?7@z}s!Aik|utJ#g7{QFNrWk#()3JTAV+`?x z5ri3pA$>y(;rc8C7{PV0`xwK_QhKAtqlUK3QbsonTEh%sggN?511P~i;sn(wn4lsC z#rh56gw=@Zp-RGW`T;z)Tm!JdX|N3#Cd`xit(p3CLS+&=OOWG^{%&ag_SAiz*nL0x zE}{Ey`TBTag0gDkKV~V)e0GL}tskS62 zMw=F`zDAgoTT`j7Wr)bRrPRbH0?WCz)Ho($=)%4((2MSD^)x@biw zD%mL@?%^OB5HGqw8bcS98*i>7-ozx{s)$pnAT4KN^?NV_?8o>Gj9MiRjH+2n zKUern)!lb=(=5R^)$dXe_Qin9KmXPD>Bsm55C65qc_2VQ?EhomCvI))(?i zZx%2qURxGf5GDA}nstX0*jYZokUxPL6-l+P&X}kIhemaxWYsP`ks&lc^&5)nTk**(GHMe;jtKS_M0i?viMP*qG zi6t$rMIJQGO8}H~zBN>#LwG=!`ht0jXaOkE8Hx7%3g(ehE+IJ2QCN6cj7gLd9Ba6c z9oeJW#COxXh-#`3BHlp7TJX{t`nn~cVXD^Unv}6KhxAyhN8OcrraE0ZOGbA}Y9>ix zAqu_RByF`2VbbsGP~h4Z!brP4Yj!JtVQpC%jAR}`Y19y#pT79|6`DE+c?Hk&n)pT9PASjsvH4HOeK#9S1I!-pZHzwMX78V z`k|VnOUAneXip-s0TkC1GAU@+gdaL80v?hq+S9JGbw4t`=&|?C;QniB)ZDQgjQvfG ziodDB@jp%tStrN;BR8xhH{?)8zS+gG(VbYgid8O)ul%a}>z(#8q=Uvm2`Q?DQoGxw z>8(UEH0OwPYxGH(FX60FhD1O1WQbP5BE6GCvK~!!!8si4f-SSb$093MjMGTBz`a;m7M0% z?$LK{m58mS0AK6ga40?Vn2~nb4%VJew4UD*BDnX%9Ow}gAZFnrx?VEu-6GVCiSBvr z%dmng7DEl(eNHh{N(1f{9ywRya`FY9$LTQ37aGY`rAb}hSYqh&t>+5@k%NU%&B6#{ z+=vXp_shl0lcn|ra6-(RlYBh93(RTs;OYLRhlt9Vm2o!py?@^AcZI=f2I;91ueL4w zT=}ULuB`fu)OE65Lle4%d){ik>{ReuTJA_MNIm=({HgUUV8x}9aaGnHZZg5i@rAai zYv705L>g>_Ybhg}gc?z(e;elo4p={M(c82QhVB&OWE5j%Pu_bV$L#Es6rW$Red*n} z>u>WQpUnM^MJYcS_5oGuMZ4YZA30F-^I*;mf#Sd}3cXV>6xUGFrsg(a6}2bd;bhfY zKmKcayj(sQJtG1E-4g%Li4hyizr8Ll)jT{Gmy-CO*{}7H=%B>K$ozJ3g9TiJRe|n* zfe=EG_yV&^k@b*(B&2a5K+e9E<}NLlS2V-C3|5`K=^+N?QnY%NTDY`WYw9*_Y*}A= zR9INx^Tm44e14iR1qy6^HGEsXOg_6@oo_l!e{MTmA0EnPa|-{y4_uNqeh7uRp^%JW zlopO?$$&9;*%4DTJ1H#4g7G0_NA2AphRAPivV!p3AHc z*XfA0#xL@=yPnoNa#$PglM?^C@^eki^^Ei7mKD}zmZjyTX4RIaWhkUa|9bQMI9H;d z;+C+13GHBvO)yjk&W3}*!w;#!#p$e@eMF^tr2}qLDuM+TbQ`m+#a%_!ZRTFe77Olz z>&fP;bMqQYYMM>m%Q%bM8p>Nh+;?o1HfAW(#4=IRSNebYBQ)L>Eb z#C>KZ+gK-%=M+w7m_?Pg6!|SDUVdr>h*A2DbL&X!Q6epjvlOe;LUD2iK?IVgkx~AY ztY&@)a2S75FD_>di-$9V%@}@eV}u5^TB>Lu^X9eY&Ig-ScJR!iLq44x_Lxk1nfnV34pDX0VVRALyj3@|%$;xqJEQn%( zdZD==k*f$%e!$amJgfmtO451}Snc-`GrIImNVq0GF?A$myUuK}&k-B8t!%N7dUMR& zm>PO;F1TTEZE0O~U9jLN(Q+9IPSc_3*+xd(A^q~>lZJ-9g^pDT7E|V=%ha3|?6W;O z!hcrPlHr|4ke2HX3|K!{mMIQRzr^hHd9$M(G99sniDA`)qunb#*cB_yD1LPL{g!oe zD&4R&RCp*`8lf0yimW^!1bb8_Oj?gjoig#@S(H$9J7Fp} z6-RAh`q&hL(^{Flfmz?r)pb8nb!^BL7t*gr2zk5`Xr)@tx>zC(YyZmK9+?!8!0$#| z8k1{PjHx?=^FPW-kn!pobL|hY+THiUh7|T3#(MSVJpo!D*^~6rq)*H;En=kq-oDi0moHb|Ey0DVxz|3(#Z9Fjz zoz4Z~1%k**uw4Qnq)phh5F(9wCjIo5%GPa$z6m)Og||L7d|ikQ7KIyDgx8+2F^nKw z&WH)mE-GXeZ46rekeRhR0E|AI$t@Iyrwa<=*}2o@?vKhR@a$fj-cQWp$L;&Qa10Q< z|9TeJ&hmKKM<$&qROe|@PB)kWCdp6p5w8+FgbS0y$e^Xpzm`&Vq#dq?dw4uWEKOro zAmgeT-~5?*jy$JikEO|F@P*5GJb;)c-$9){>k%i2O6fnxcR=ZLR9hTv<<3x7=^aRg ziV}f$`72h+U8n^wjNH(@iOVwzwzKe|hI^0`PU9_~N|3P0Dtx$Eb;z;skHMxQ9a8Fr z9uu07&TdBn*Dmjt`>!G{;yp2!4EJA9U0_eWJYmaRLp{@rMWR{L6>j-U=ozD66$(PO zHGRU)N<`zxX;6POpz+O!=mx0mlqd6v+5^kQdmwBsgW(!&LcZ&iU?>KmaBI*Iq1R*A(1Mj~It96EeK# zJR)tzXy1y77L?ph{=@Kcaew-(e!zhwvMSvaC`LEkV;sIpJ|&z}93sSiQlR1#*j>~L zb9ROg_ug3UpaU{Tiwqc(i$i(tB0M#ShvgF}3Z?Ty*Mm}s@&oq_crFo{ zGg2iGLIG52Fgu<24_CPaKOz|l2cGn}ED_T64Z~K}er3gGjJctC)~^Qzyu2Eq|H>qd ztFE;JGp8Cm%cU!bCUeuOqR0wr&eMQH0*$;Z#&c*pm-;0MYJ}5&!@yYyV${Tw9POXA zA?yZTRRrMHG$p2eN2-REugRO&@RuMLbEuzvLqWZQAe6j9gn+49HdHd(ZO@13{VEyt z0FpK*bk&bYS#PZ>?5}R;$u}UTG5WBR3%||q{X+}VuM;|Lb<(vK-bAmz;kM|yVcm9@ z{#u1@=JZgZGO*wua{B7vo0N5PUePIC!ljG(&x4Pua4)Sqlh%}F9+ zS_zsgAZ@Z`e$6c+%pCD-Zr~k6JY$E@*4>tZxtMZocXk0Zyz*Hrz7qA>=i3WpgF z-Rw!LbItqKWU07+7bASY;Hy-P=eMy4%>{adaNd%CorjgdPQr7reXm_Q7}j!vVkKFM zSs~5b@3#CjvIwV9Fj^MT#(APTKRWabvxrrxjzQE1R6A5&iuKddRS9~?EN`lI+s`vJ zJ$eJ=8kUPAWd)ZKRb@ z-GbxyJuX^Rt(qz1oQ35u>_(kB)pPXsM*2|fruQM~b^TknOUgP$50TAsXA5+NCmh5A z$og0xQ6NDiUl_OBoZjP3>rN1X8Umu~QxBqi{3(k};`N2(n6nGgV%^a=PQ z`|#GMFCKDa)h66r{Y9p?(JjN13s#rN)uT?^jJe+5T$;vjkF=~)-tKe*=$azg9m3j3 zVz{L`AH(;j%mTVhRZbTsl2+)c0N?gW?`D_>?E0sEt}lgl%ylI8Jq+So$mYR6FHodR z?A*f!%((c@;4d(tG@jziPlc$lqhA*DVvL(ww6$yOMn2@^QpOZr%Mbg#Sr7Y}2S9i} ze^e3;u$tspEWyFmXy2D^8{sV>M;zR}1GMG@KVbVMJ;RSIo^^LFz9IW~Gc1Y155A zig)SVD4*Oyt-nCUu9_G=&gG2QRJEaxf8_$+ybhb^jbJ<*LIJ~M{TwZUIimjyk zTbpgf299^cBj^+cUniMiD>3f}%;_t7>cH0U4I-@B^z4p|#mgS#m!{~A&qV0gb%Ey8 z+{7e$(7<(5q~2F^WXtby&*bjHY_iG|HpRK3Bh4SO341s{&5vxAbEaIyTIb8Pim8%c z@G2>bS~4X5^l5Orety#X7L^E4d?Q|akMoHeTMY%USon%GnDrS#3Qs5$ihSFpca0|7 zP_MbHcqyg7R#J%OPqg5caB?~jCKb+ar7oDyb`k@EqmMb8xW|gNgbNx!mCA8*IoAa> zDz}7G%|jCLsdrHCnGQuw*JETB5R$Lt%8F2)AA1C$>kX>VX0sg8I}Jo6>)U=mVQntX z$brp5|G6%v&*)Z7JwMY&fB^7WYBBH>hcK(G2VGdAjF6ofNSsXNSK(GXPc6oTVvxXh^9LatboD%k-#J3eu!w15e9F0lz2Ax&fR z6|A}$m6oWL(ef^twe<{4bC?sp_CJ$gXx`runq9pRHzd3U>hjLz{pL>`0y5{}UCRxd>86*JwRJa@4rN`Hg|peF z6AgF5^L$3<3Tl$;8%7J>;F>-%ZR_-alMjCKt23C%mdfZ%O6#>r$0>-m0Z9 z0qjQpd6i4q@tO(P1nC}2*F*l&I~}@hzmUaqTRQs(p>QD>09&eJP?K83<%`Q%?1t}a zPkD5&3@Ya(Y|{PtHEa~BEA#xo>HYyUvto)XfoVkS%Mn=JB%=Gl;Bv*1Rq$pqPs*&1x3J+5t} z7Q$p4ZLiiEG!8X8(EWjkUiT&_O>7Ft$QYYm-X<(fJaDe6Gf;%_Pc1|BS;Q)YY>^Z4L?O=3=Zk1A0-ozwMrs>%trXL^flnqiHv$_kszjHptj9Y zKPC?0cW~N}IaHrOj>oinU+vj#{W3wcD2{(nAMorDapJeC(E-uL!T3oUgW0BOfmS9) z_)Q!l?Lc!Pw<;tX0z-fK0DsY==_PCUI@1VrZw|oZ5`Mj`-8AeU_s*2ronW?-D9;V; zm|zU;=#LtVnqW*3U=A}JFdQ&N{$=H(rWAS@BXXm1gFD6)CKUP@GYo!xBMfo+NCQT} zl(34J#f(y>6vnB2J1a^`surx^OuGC{0TIrw28sO^ZPL2Q!T`=w0$ zAjpT^q=E6%Ty3Prs5WX1&(jVvq>cbq2fc{Z(UU_1;WmbnOWF6+w*OJ9`R2=OPsBh% z4%{*})_Z9W%|KJ~!{d-e@3#zuh%sfY>@<)L?PqW5`kS3PxD*8%*`ehQJV^jso1$I2 zuAO_z-h;L6n|S^Ggls7@fhg&nq@6eb&1E(z8K<+3OnkmyZ((}5JMHCrnIVkP(U!G2 zT&ug#;n{F3nNZ-3ND_pCnlgd8G8`Ts=Eg;TTurW?acWx+m#oe(VUXEKyc z8b>d?tG1Hwdu{~w=N_9YARN7s|BteFU=lS-wnR^zvTfV8ZQHhO+qQMe)+yVzZQFj; zeS6-Uz7uh$U&QzQfE}58W#-zMEBWDTtSi~+@rPGjzyUP81vReMnB|Z-OcXo2Q*vPa0jHf0$=l z2WT$h^Ao%5xh=z-jzg&sV6J&IOkyeoq23LwC%}I&&zqf^XvarrM{8(H+cUI5W@cv0 ziL!Y`SmhnWT%=8X-6OZ!7R7uenY)z6XDv5s{wVxYPW~P#bmTiS5H0Qihn;^;r7o*> zkg49fE5j>%fBn06P%cUcpa1^#%OChZf0&RF{Kx1kk)W-Old+rAzaFiW&K2h6;J#p} zrNjMIY$(WffT@wo_K;i2gl7$anZZ)VV&@$+0)Cv9oUmp$@gyn`+w|cFIEJ}P_%$9v zT}axuU!T?!C$D6DKR({Ddx*A9z;-o|5HS=Gbe8P_6R}TvrLmjsGz&O6uJ&?-6gjR8 zH44zpO`Ioo{e@tQ(o;#Q3;|-9s2I>xdheFCuQxkL*#O7kjGGlCq2dLqln`(PHF+lC z)|@M#Foc_R#E=kd!ksXov}~?CFutK zIJByegV`pdS{bx8*u<|}ZZsUQs@l;m)aVRg_^? zQ#dKsypJ%LO;8?)p-GR^03>9au4UAiWPM}g)WF6yxAre6Fc3QNk|FW7nDM6cWtSk1F|QGg4f%HSI(r zSThCzWcR8G8P3PDPsOR2DT&!P8S?uNBa*ag`pPI3!+9g8O=Dx7-fD8wKA!1kbe?9u zf#8ZlMW9~`%_(Iu3qJUIU_o-81Yh%axGKFcxf>7lTKG;#+(o*$Ux6cS<1qC&t5#o|mGqegcEV8cpRTwFCf_Av!o*0n=lW88WaY1UYa#N+GD^{G}0Q{hb99iC9W)d-@nGdyryPdY{p(#4yhQ6*^hWb z!Jxv~XDI0YZx;y9gcFhFM~mp-M^cFHKYZEyuM6~F7pF+o+)h&!`K$WDh&p9i&E`^# z-zIS({(x<&Yc=|S*x8V?S5r*DF6Y2hGn@)t+$N#EvC)29i z7$`>S{+meLiC@7m{R};Hfb;q*B=dGt-qW=84UNz_CmWvAozGd0YD3q_;@dKC3aGE?k#A zj5J8Q>RVWj`dHJq7w(*0ef#E|Q*1ZNsADe!Y&y03m60^DcSp-*%l&TKBvpj}y6S)CtTm~KsM z9ZT~qZ9#MEz^F7GhFY!y{VJ#zT1#9lTZ$?YVH2M=yz_^2_J8|BF}BChA!_Ei5#<3)9l*_bXtIR}+xVt^}_zugVq{b&c~TG_Udp7(@Ux+UAE4Fcpc$u~ZB#(u%<6 z$55J&wh%#HQFz1|s9_@LGK3Cq5=HInzI71-V_O7WP}6FDWYL$4NQN>?7pc<44ma&1 z{QT6Ah>dHCVBI9AmX`Du)H}a4XGbCt6#=5+%C{1W{nKcry@9LGeUKGtB*TrBl=xFJkC5>5 zJ2lbs52q$V{>x1s#wF-YLa ze&(Vfgj3*APsO{OXzQJf`MtHc6udf!Q#EnG!3+?|C^39xfyAwH6py$LSKj=B+zLka zgb0gC`s(HYOOq;NA)BC^2u#kp&1epw%~Deb+C*)suINu2uTaxODUKQQ;R+is)NRK? z$W5Dz{`X6^>mj7#%`||b-Hc2R70`5sdqKT^p0jL04H3!LIl}(_+q9+QaUyT1`nJsy z(g50&C*lP3+_U{GZl^T-={9)bxfna*KTTE^MRvU zEVZRsrW_4w{bfqAI~;qYVNVgrHvpfH2GQsQrgV5&+|TvDL0yvW-P7d(uIM&^hzaw&t8Cr*-2NmK;&oDa;hA-h2>S6zU>!ubUD zwvW2^GnZ&sSvEU+L4n;dRCg1ln`Xv%VOtcRd~}d{vN^y>1w)v6-gAQjcMRiQ^>WG8)7*{5A5l;cc!<;6)Lfn-3&d& zzUF2EtwC&v(&~?gTQqo(u<{M#@{#k^a0^<06szXXD=+_%Zt#d2@u^EphMQeePd$KNFr#949}g8e;CUSjivS)xo6ALY z7gk&bFmYKAoA0cPd@63R6MDj# zyn4_Rpe46F8ES3^3b~Gr?-f;x6VI15I&+=_f_4$1@sv3Dnz+KjY{AI}NC3BJEaAh% zWZl(MKuv>ouMBU0PZn|Wn6OE5oO@wqxcO1>x{dg@+#yGjK@KEBunuy3EjMHlu1dh3 z=Y!tS`#!05ar!yvV=nhvsWv#J|M6KuZJdKWhobHmQ$Cm_C1a)*_FapvA%A! zQnfE>TtiRf25;lu*rW|^!)up6x` zTxxe1C6)bPqP)~9#z2)BYgD|!Lr$bQ7j+8pd>!gJx01`FX4AFZtaL-VR*y&*U9DYJ zQ9G{7&R@G*89_CyB}XhlVtAjdL}?D_a)RsjBk&2wx&>KWs@X;D&QEy;S&H1wux`uB z(ZMZBF)dVkzoma&94{K)8!nQ(BfrNNe06)9UgA}S;K*wl{}uNTb-2>K_12!WeRBIOI0MpTtn z6)9IJ@dZoQTdO8)rdh#xi3+3hGVX_k#n8^9hx*tJp$v26;d;3`VfltL`povG9&i1z z9*7}iOW){x-e@@HI%c2le4oU{)%{fqObT7uFNVF>qC2bu$R9N}80fG<8v5znh)u`l zDK^{>0u^=UHsBX74+y)H_rPw{BcMUU=rA(YyF`!D+v1O$HnV%;w!jA|LdZsy%g%mq zxPze<4i1O|!GSX`k3=`8GKzC{U+*H4XE;L{Q&Jg_oL;MlPMiC@fsnf)S%kezfg|}i z<#~-1X4JV^y@3Mvj$VGyvd`ZBoF*%{!&l>%bE~z@bLP0j%F6hzy-f3TSg9~d18&tB zkc3&zpT@DV-xA{+*>g3pQ@8|AdFWQ=(=7KS`cYtg=&B=*|IT`eJoBc6EeVRfj6-oe z?{e!ynO#_9J~OV?+Nm-de_k$sPl^?A-4(#pbRrhJ55YtWp`90_LaI87BxQAms>ZOV zncnYNDZt!a_ii>s^8#}ZFSSL1b3`~x3t46ucafLqI?@zZGqxG;kiUcM%~|ogUNz&P zKrq9XMM4hTV~@|)w|fFbDs|Yb5YGvDf@GRKBwaH~+zp<}dRd-^ zIHB9dK=exaekqjK!~mk(+<>Bk8^$ykRqpkLo%9XLYGl$L^_7QD2h%bN_`ACQBlD;u zyXVH(rV1AAvGsBdc)de!_`>bTV@kHxk_l*`px2;l%!>VL6dNYP<#O^{c5Jr;lQEe>}#d&VW?VBeoJOKT1B{1oxl`cC)^w%##+=*YK zIX@C5+?Z8$&QkqOFo;L!fcd0X+-!|~Er7yN?ebbdeImk^S(5b|9|*$*+)9-xPV{#h zIA?jVjp7YJot!A~T3!T7mDQACvCmB5%|?`FIX*}E%kN&t)IqmA5cxa|!5fE+iVN-E z5O=NIqjSIctwEf*EoBPpOxRzKr!A)ngwbs}*j+##qmd@@mvA{z)%5hJonlbV;)fKB zW*{<+W9kt1CyvOl?B7Uc_;PF%m91+C%1x&|l$AFlT4#tCB8McyBDD8d4_QUC2DVgt zX>dqu7>EW2-D&J3$U*JwN1^{lz01RwXaq(OBP2D^4;epy%EA?^9j4k8rvH>-Z>WO(0wkna^MVbI{kf+~W&M^J18V20ETOrW4-lnZxw5?A zg)Fligu8`6@m^JBYnaooF#1#ZM0P2#}AY+qOR1wjmO)9$0A_yGJ2remxpp7O*hc9tfuAR`>+>z~DDt%u&Y^VJ z2k^hgFk84dytE&gKcOFmX0HEVG3@`Os*6;%WwDfzzD!J0)kFLh)bfl|HP+W`LUGp> zfRgS6;hZS7E%F=rEIB!$=-MVKIong-^t@(VF$;@lZwkVvNq`a7dkVvS!+eA3eOz7C zdh`g;`Z|wuJg?ZdU8h=IpPsvYHbG{f6$iJk(%>Rp2X3m-<|sljA+{9d zqrrg_DJdLFvW3;gn=;E_JW?lxwR&6ZG zl_pXn<_80eD`BvJ-#!l2!FTC-!AVK1hsTms8dUU$Mvh9&)10IUSuK&Q>R^&~_adYp zK1IPCf8_wJQqyBjh8Ds?)S)2}+_mUM{s~Dm2T-nm%`KjM$uK{RWC^5b873k{6`41V zq*6Sfp>{_x9AO`im*doCnuxW*c=h8qB3Hdr36jn2%A%&e#R^nDhP2sIV-e~B>s@8P zA_J~`+naF%C0k_se|z9!=V z@v2trCUe1jHVvP!FKgc=lcFC@|L({prJC($GFyG>wO^)u*(6N7M-#)5H92CX7qUBNg1If-LqX&5v_(h~5mGI?|=Q`N%ah%$1{CBWpc>iXozdm$z zF_Ph_vr#k7W8w90Mz$^F9WoTtvoqwZbx_f_rgDQ0h;`gHsITTAT6bfGIJk+L{+EaF z_VH%8j87Qn4`tIOp>>9Ak*uQv#md|uVcK?BWp-G-&VNC8vm0?9*da_H1bhob6=0E) zW0mL-iu)QC^dn5pWZR5U*58o`pUbt&QkCc@!6HiTrP6k zIJ^<14;PrOi;BGzy9i!NI-+$O-n;ShZN*R8z0KYLnY?*2oPuhYiAyp02K*5xveF7VDe};VT85fxVmdMD(?R{@D6pLXfZa+LPzv z%&hs~18M4*7;JXxdZeHQz!>Z|8hPP>gTLF^z%=sG0|8N1CVPnj#qvV$^Hy?}tavJ# z>A{+u#XXRyp)8<`wO2b_3=Ej6kP$67L{lQF1wGE z`!$FZ(Xfl0%y1SM;+eTvQAF0Id6NVdR>+GRIDj4O3oVU;2o6D_D*s%# zSvg6SklEze;2!IVBtHi11|#MdD%kW8G~eKHRH6){8Wk8osJSG9mq^2^7@Sy79#nch zJ|mGtpkK<5|12eVAT+ySE^Q$6ED1YDbg?|UBXyCJ7P{6FtMOcw#$dGlowc&4|wRR zKBmBMgk}lY72blc4Y!-|XGPrF>!F3;I_sfD+&b#1fva}j;poE$g+cUL^lwJ|nIpu; z!(4=l<^&fuGhu2MWYk-Zs)}avfZA7KnkCD`tc9HHXwYYUQVV^ayV#rVYp~PSc4--A z(=xWHg}GnUQ3yo0(J3_Dh=%B0QAYfN=tKJ5j8{yt!FaO);|uQpWrA;i9kAPp)B#zH zk00n@7DLADl7ta4CqSMF@H6 z)E0$!gCG;-mE`w^17s1%cKtfbsP)ZksbUAXn>~y%n=GnbeD$k#TgtQ9^!tF}9Dmn5 z$#(cBi#x24t@|s%w?g2z#M^ty`FAhH+ja8;ub<1fbj_hiopCLKX7Q_W0iE!v*TGHY zN)GbfMqO!ZDpFpte(+27?{;&UkS>2#CSKzq@JUaaDfjju?|gUr+A0#RZ}5y@lRAYC znBb*MK}^cQUXr3+!vdB0ZLuYZI-k4#0pfUR-q*u~NNofhDc)8@9U_c?+#yP&cSeeb ziU$E7nT+i}ce(hBCh&!i^!3DarbM$sm4D~PkqT9X|0J#1g{jaan9;(_N0em$8F-28 z2$?%)8rUbV4n9D{A;ja?yRdyr0LAV7gfm%#M19Cib|GMjyc?g6ciO)vm39riF1_}O zh1e+ia)|Zlfpuc#MacDBu)i+A@?xo)@Pv{8m7p#$*VAMi(T~ z&J-MKlZz(ad{=y^caToT4mVFq8wXLG%0)T&Si?8v4hQ?-clZ*ocqi%wOt{A%eGNnV z6n6L$^upakT75qW-75G4uQ@09_s`|uKc6D!`w2LM_NLg>$x8L-VLZJR5OVquJ3c%B z9;m=4-XT9~KjFy*K^dmN6@4UsQS|@D_?RdWj48cP!rq*PYcpQOVT54^D#XOOz_;m2EIihD>YU5+VFGXx?UrUD1 zvibBUSu@{r+3e8;i`?h+{(8K)DJPR>?rrz!XP)hMp6kOb*{jbh7C(@Q)3m$Y)?Z9n z(0M5H1XHi%IjFb5t={~@kq+Frez>&2Hw;~+`;q_$yU4gSBah<*U3>kihi~O!%fDBG zRe|;_3A%84&fNt0wvcY2`8^~Dgj>BeMH^ylL27}o!$`Lg4x0~eU7eiHUTl7G3cYgB zfL~bhc*#z^biwl8>}!9>4aYill=inDml-kfjCH!_3wbdZ4=R#Yt|VRd z$1omv}>VZg zE)&vpV#*+hLMdEFFJ+R%Sc2SfxHyd|0+BT?t%%@15E=>-kdtNNA((O#nZxV=Ex0v1 zgCi`jxvxU+)45m%f!(|@e+7Z4k*NiqKwgR-hpqiSQB>OwlSwc26Th<@@O z{1H2BAj=8p4MA}n#3n0;Iu(sj|~&r3l@gc$6Qa% zjsGuRYdtJ`_0P2)+Z#>5cYD89HR?@}YKRSTEk-*mZ;EkrJAzWRv!D&- zPkC%_@R66~*o+`1vw8V@zGfN18&4d}EsnzdD#j;l5388j7yEkgy z81`!+C__Q*3exK4r#PMta~OyDy~Z$;a}Tk^h^EG4lx(=vn(UZtw5&BOpoj&@y#NiO&absu0Ivja(xBugB%sV1i^ z{U1}|l+}ynh+}`=Z-#>^CHiKB?;us;9vk{)}o4vTJ1*=J1{V1V?*dn00sr zMvXcu)00nm{%Cu$8~t&;8IjQ$Y+J93v2%@~!=`El`u@ovdOWe;u)H9d{>1AjiJi~4 zV-u-A?vUk1j$_8%qh)u}#_csGa1^Q-uCw1v2PGb0!))=Wo#k{LvX3dXW^f5#&5f6q zQQv9Zm@U4(kTx_PcYFyLuE?ibCKuCBBx$#Pr>+4%vj~=W1-jafEfYo9!6&9AE7D}GgtS}wxVNp%G!@`P3 zZwqbpP%R-xBr? z$W~e`Da=sb+*88+?1=QBt~g+Fx8|V7agdk-n<^l4!#?Nj3$aW`TP{VknZ06hus4;j zl&x3HtIct#<;eOCMOJxc9QP&mCwBCfR2>-2F3yOUkl=DVE^u{E?=5iAafK~X8Zr*x zai`{H*H+!`3o0v@dZToQ3X1dew+k)3thDF#3$ZUv*NH z26O!Z|Ly~$_To3#8^<)|ZycWjU4Flc$&bf{5piyXU(AeTHR*#(oM(*;OJ6C%uV1Vs zBia_Fua01a}PK! zC(I*PEcu2Y$dX|*5Dj5;44~*R@Bu8iU+pq4kEb{H#9p9G(!DNUK>>bpwT3wX+2#;` z4b}}H8Yz;@7gvfG^8_j;<>W*l3@lnyjO68VZ!3N1frbC*y%RvV+)T@Ih6ZpT1MPtO zgh5Lh+D=ip%N8FXrrAYdVj1S5P4DCvJyoecbwzzPpugjkd{SiD_e_-?V3Cy;hzWu~ zmbV_ssX=UJ18eW{y~j;BJ@G0b1K{e4PC{3*PHN@=q^jfM*k!i&1L8E`bL}uc2Z1^@ z&~xoD;=;hD=`@5Zus$oiO_)e@x5hH)X(Y8C(G}^7kljzfk1-cZw=QvEcL7{~yYfYH z=e20w)33h)3NdLDo3?YY7giusCy) zg(_$>jjHL9^aZoyd5WJlkC5>!dOwP{$2XtxtaIP9emsGSG*7F;b87sZ>)4%lYP9Ct z>l@Gy-3w&^4hM+dFBIU zi=Qv=feB?898W^rz7nqEJviyRl7LR1A;`A&=1i3*)MeeRbVv+wLn-~kA7??$^=(SC zMd%_q5?LbaatU|EvNNx1HqJ`x&LO&VmWrYv1^ESQ>ii5(&tmyPTX{u9;7z&mX+-pj za?GO2qEt&rsILSQ;#^G({t|;z?8CAIGD?xraE)5-5F3&O>mrT$%7KJWZM11(ar-Kq zA>wR*1~Hfr{ZeLFK{7+~v#W9idxlf)_@wgm`}>CG`+2Cq-`38+Hg-#SQH$DDBXE}K zBj{{}_tmT4gx2bXe|5{!lqD%?FqN1fG<}LKkR@565!MdPbQPbNFn}zgJ>9J9iqAL> z_dF^|=N+Try>b^ia+ur?K&H9+i3Q)elxZx9i==|3m->UgqAo*a?1a zaXS=@rlIhrGrUq&wiZ4%M6+ojV{L&#r`<@$aw2|1bGK|uH380}D>I4?QIzKE>NzOM6jqo)Ms&O$+sv8DIB)SN;>mHRB9^$fL zl=_HeEeyBqtSu~a>ZTp0aU-j4{eTHAzt*_b{r*q;%g>>h2Vy zX&+~z=6p@aI98-Up3FPvCHJ75YRPJ&cH6s*nu>nbJQ`&_jRhxl;``&L^RRnwi!3ZO zm}-KkdJ<{?_Cfo52sHkpqET`tb+(z&2k42Kdd)7qvgWEIM8Ccs+Yg=qAi&E6`-U*W zW*`1mcV-l34>8n?Gtb*IyD+osW4RWPHQe^^6tmf|A(HC3ff0vc)QW*K(mlSP{Q&kG zI>eFa`~G(RCol&L*BuVi$USEgfYeS~ps&QNmcVvd$5h~A_&F`!rx-qu6a30?DfS;I zf37lbDIVmHl;D$uTS5^s5}_^ejneaL$H!-RfEtcB;>On$VyXBLbA1>eewgVX_6e|C z0Dvz^{I6m-T%?_DggsmETkYQ;tO6gEaI}y&yx=$dUt{bqP|QK8UN30*RfbNs*!iSB zVRnB~p_rK*!nz0_Jk5P=(*Evx#LDU3!puqb=2A}sz+)hUdqcmX0czfc6GG+4)K9)@ z0-6H3*6wJP%!3z$-|!~crBcwvvStHz*yKpPukLvO}mpZ(gh8Qn#-dw^s| z(R2U;!YUMqF_MhQ^V?5}Gb|$(P4(OFireoR-%Y=g)cFvZcUpG~IrLZ<>;89`BOpR1 zul%Xlpnh8Uss5+RP2it2p^))E_7ge$7s3U{azpg-!3A#*q&?!^0;w2apmGVwX+n-G zotuP%i?a;iK3JgO^azF{M*0P-aUF3VdDGo{ZQ}k)K?8pPdixC+fQoKS*l&UZ;)4d~ zabCf4NM1K6uQ%duI-SgtNwmL2BnF|pse)Uo@#m}nj8St?Az1=9YJp`sJ?T+ryoN)E(CLe1v6Y?id|fplH&t6RdcRuqq|66IT*rdK#Kad`BQTn+mPrp@->PYqPn&|LMO zpIX@Fe>*kjqwO*e2nYxv2#*U0jSGm43kZ$~$lryIgO4O7JVC-WamKaqc>nPx0`{gn zB1Ybtv}}LW5!fkOY6%(V@d%hTc$lFQGsV-nId`bKg+WvJDXiE#)mfvaffXy|EvY3L`i zA}AstC?G0$vCt!i0CN|7697hx^mf1hTT`(u*CVRgkD;Z0I`b+2Cu0km={x-M&_5yV zzib^Hzbexw2N&|)uK{mlzdcAyBW_I>zk`5C92dvrAitA>H3puWb6O8{wI{DP=%JkA1b(x%A4d!Cve=>gvNa4l^eaPmfL z9A|^xs62-IvE|bF#f=2%f}YH}@ZC%a6B_s(D%_=Fi#iz@Yb5HLcM%Ec_zxmB!vL`| z5|;dUr?KW1py0zrM?YKzhj(w>BDE&hGzs_aUpHH-1A&;)VeBi71m8ea&_rk*UVMe*mkq7SFN4b9iG#Z)4JPT zfNBF82>Tt_Qh>5HD@M| z%{ep-#93$EG;i2pPuIq@Zr1@8E(w+^xlSHAHvDZJh1=dNW0f?HPwagg!n2Y?L(~r* zD~~w`s(^~$=))0gJi=aqIt|%h)7*UOy1c&mL@|B{F}+>FdB*PTH)3LQ;ec|4p5|qE zA#aYc?!Q~Jp1y>`SyAb3f_Y2<>xiRI`q}DPXE*B?v6w2B4$!>SaZpl^3alJrP`b8v z6|WD{wU47+S^TXjOQKw*aw0zW(AH(Vj7@J<&MPUeHAfds)mgqvuENaK?`10sTvs9> z9vCz3fD7CT3#|%-DoLI+hC$--E%CQ2U*92&HB1(q#zm>rYy^zqT{jke=qswB)7L=L zNb#uS7F`7PLU79(IB-Df%HSH7+c&b=dSY&vT}Ia}iz|Yq-`+PlaBq>;+Z2ZZL86|sHx?M|k zkfaAPac_R9SV<)(Wdi|OiH<*(2#Rl|1C4fpqpA%LG(F-^K~}IMKcdkOo(DJn6b^Gu z!T(K}4)vZMH223XUw(d)|H(c7Eo}UM0E*)RBJ+cxKj@jX@DKD90bz#DtsJNq`pg>W zaPt2CSx|IkfWe7f}DD_dxl1OMtTN*{f?rFf|`J$ z;^U!=11(tfOT!*9G1&R_-ykzEL%=+tnWeP9aIUYJ*I-VL(7?8M6E6-ch8Dk9=Yr3HMs#KV56G0lflk>YXheYF&n}bb+he zxGblBeXYLJCe_p4%3_^k9^v!eRP$K?=OitTb{S`(u%2VgTD>{{x~0m{+}g<*u2f~= zJk?(>hWtIgtl9fo{3i;NYd!*!91e4U1>fZsrEAt)ufO%h10IPUZztAM)u*AT!>J>v z<6nHdBY;6}Z+6#{;SbV|)&wY{r5&&hwu2kR9WXZ=W$#V^i0-8^faax+FpOvHf~8qi z>&2+9=7Zml2+QHHf+($$Z#Al;>lq~3jWCPC>zkiMfY)mX@mNfi#Hg!^-N2%m7`yrn zkX-~s(h#cIo4p61(@Uw0lhtb0QtpdL#VDL}?QP-`LPQpDCS^3q{(Dvsh3H=Q4?Dm8 zpzZ(2V*hJVqQL*sN{d#Mw4LXJ`(m-bfYSo=SHRF9qmE4y*eu4Ed&`r~i%YnZAdg)i zS|y>0!N$Ub2#o;z_Txl_(b`2IifggomBsr4K?tft4MfMLJ!|hG)GUCrVw{qRlK7FwVwA%s*aoebjk=(jGSd0=de0KAz0AT zi)%M|prTCK8l$gliso_mchRZ!u-bke5$di|AN`6;kd3)bMD^Y!cqLo7A3?RlL!GUn z!wP~ot;*3cnlq&PIw3)mF#}38;;-VOTi`i!{;5l+4EcykP_=SYxmgtxmyu@- zO$rpRR#F7kb4|rcG&dCF{@Q?%2ZbYr=i9`C0gdlh-`t>N@ZtDiGNo#bcDKAnXRFKk zQ+9htrRso3lZn*^<9W(v%Qchsb#MQqXe{zXY1&{`gnO3Z$-8JU)a}lIBedfALZJab zB!$CB1zRj66yZ009J=o6N!BHUE^_dNG$~vVA)6R=Q}gV zDw4`#6|gQwv`pPVv1Vn?t zNJ@M(mM`EFhux}V1y)?>jA+H0eIDPZQK6WD@ADlfL`ht>WH4oRdVjwH2-)q(MQLoO2*k+gz_UPi(cT+Sff z(MkL?q6S!y))`U%FA)D<*mwiKo#N!k_ymbKvGVkz;(Bp=f4_WbF=io|KdFw(&&25en4A9V@(DV)+x=@uG+ODO%BI}&*EEv+NJv6(RL1KR zkc%ovLRR@^RBv)ULQ)g8n~ji{DHk*%K4GvVUtkXa;jmp9FNIOAE~@fm{yY<(X^vOi zt|otZeZAjd@IsNnJJaH30+WKo$>{$O8^s~_UZP!raUus&=wmP}V=nyZsM4r^a?NHBsU^V*0WfYztG2p#)v|VIs8+!q zr#lAkc75bZ4F84N zk<|SWa#>|sD?hUS0tjc-SjPU2jv+GzoX-@FniXA!yoC%5$1Hhd5T;NksZX!b%N+&Z zfvAFKWsmUDFoyL5&?3exS;u)8oex6sjECYB*x3Q{Jj4ANgzP>1HJ3shGx_Ha`4~E&Us#>_AJm}zgAKIFReNM@^PVmF68~+IK^yL zO*>3e9!)EpdB#gzNIRy}Lk&w5@Z?7-Xc%F}}4%+19_sioC9W z!HK+Xcmaq!R{w|_j8*$c8-%3NF}g)W;WfTRh|H~fVUJ8@&({sQk?iPe&^3Q)3Q3bg{71uL8|0bqe`Og)SEnQjmZD)Lk6~Cj3Q;J=8tij zt+>OhCWQ{cK{6RYuRTf{HCLH45^wTpL|=A%^pG%Wse0O6Z=&A2HEKYPIFI^hv=l}h z`O0-EXgDS|q+l{crddbt$!3$@dIxuTYKD9fD>Zd~{GhffrXo@7OwVGRH108EHxZf@ zYC_K^gJRxTrd5KgWj5_8-uOn_E>X1%A-SD~=W3*LWW7b*?-43s4FDXkSbsFiC zT_%kjL_S!y&?Aw;Nl@kBfCZw8wKU6+v-qyMggxbegBZ_!5S~SK!mp&u76dX?;w(TEn;Bs{%UaQWWlP zs-UP)hfOSPAyM93_(xpYT(&P+*uu)N=%Zhiho^~y=`!B=)dRR{`gW2|Q%fE9-FM0~ zk{d8wg2OtgRKh4{&Q78CVbRKw`j{SxRz*U5KW;Qt$#nD3k@G$HmL3a?FgBF=gC$Cz zD)<%y2L4>tH30cSW73Qum65^2=1)@DL3DsJ|o>dOXh1XBv!Q#2}qaZHs6>rhZ2_XusPpQl<{%A%>}&JtRm4Tw}}ZD(9us zO37P>!Eq$o*gEkHXY-{Zb=Lkis`L8F@p_u6Hut5;2AdpbkZY42s>sm3mZEQXd>qI5DixBD$2*dlyuVENOiE^&Q8?QE7yOC;Jb>xZl+8m z2k*TiVQ$Z>+!MeX@=|HqppQsKn>SB{$H{P;=RlDzY!0n*XJHC^Br-VbO82uBB{%LD znN(w)9yj3LADj#dTnkt-`(-?4VQ0Qkfi>+(pJv&_C~=<@9mzKaiFjo)(4rxtt!KyO zbQ+|2_!;ylUG>9^R_J@QTQY~>nvvA&?l+m<%&cOcly@~l+77_!^gvfG(Bk(=0X$g( zuB74HS#%FkH0pG}DSr~Sxt4rVyHbkZX9CTMH z_;#-b_1C)q5!nRxy=5f!F-T6yv0+^sF8?BPYvNWGc#qPoSiB97K9%ZWB3L0Bd3Ni0 zX6v2^rBj~b^h%c`%M=8SS9GHMvYjK z9*ATjh>Y18|8)@VG%$6*GzIpBS+R2P_+1fpz|>S()9c%?^DPfaRB{^^HyZu_(Dv6s zkpAGxL4Bdt)Q^kE}SE z`JOtJ6(xD{ee(B+mHdpB@rX)cgrJT#mMD_XaX{lyU1=97;yx^yB&d{@NJiy7x2pl5 zqa{&DD7C?VzU!07M&>wRki|vHBo9ShblO#)J@YBociMf&U1*d?m;4NO5!`XH7T8}Y zN`@4sIqKXd@EO2(l}Qm$SEKimsr50UV4-X^i&%7YQjiL6~?Arsf1F=OD5-|6FS+0UCHTQ>Th-=1-YAB ziV8@2F2hDf%}?+zz>zW0LPE(4E{Q8zrU{+88(PV~TarRIDrFmjx-S6KneFP<%)KCr z7Demk)~phR_umg<_VOKqhcJ0NH6u09lcwZzwy0e1DgNf;?fv7f@50~D zvW$y)f$JHkM$UUb4Ug?P5<>Lb{I;Ay35NFA&Ejfs@fxjA8}-f0zBUfb?Rv&IA#No# zROIJ|$rE=#zq0u*QeY2G&c$Z&f(2gVKGCjx2Wyw~mF~#*>WyDt@7{jmr``7S$FQvk z;GXn+%T5kzesi@>()C@7N+cJ6x`6Aa&U`=ctq}Cm199rM`O`0n<`$6vjo1?T@fqt*6v(Xht)$_?1=&h9qF&@mw;4VLO!hf22wgptXTaB+bv$ml^Z z_OACjF#W0az6l3FtY8ysHa=-mZphhk_Sq3H$`;Y^#V^M59TNXdc+&LbQwrETH}={X zdD!mFb}$vs91jG68wC1xd3SkFcRoI@Zj8Yj;AY<%up=l5?*@Vg*{(5XyZw2hyP-?} z-V!0cqe_dZWZ{e^V*ZIV@x&V)egMR##)Z=v(8%DXxh_N;<6?Yt zpp?7Rqm;W!F<1}ZlM-JKMnHT1=J8Pw@eye_rSO*kO2cVh!T#kU5}a#quYN}sbDVYc z)QBrvQefL~#`mS_4Bfk#vbrzJVufAS5GD8F_kH%>S=kkA`6aTg6wf1a`*gj|cRI4z z{?lYPFA$s8*wU#yZ+_Yk%DUr6;@-s+)!Jkckznx^eMto8VF6#x!qEPDM;5*YlHu)h z*(Blo13*T3MMi2l2cLMp=+1#}I`K7g?qD8}w{&mS!rj=qh&!8!xK@1<8;32fgDcdZx?O&{;tRwSfo9@uCf~LJQt`BJxsunw&;}s z(2?xtJ{zSLqjB?(;uWi?&}4biSei@T(0L59%gRbJwUpCNeyO4|4ktb0Gj^Mqi$6D4 za53_0LEH`D0nRkAJ2h4GosriMBZND}OZ&C@8!6iP)gWO0u&j;yv!9Wtsy^t?%*S7L z2<*(7%~zNzq=_jlE+|Kj6$6e^_#22R07KD*26{(DpREz33@#UjuU_S$n~XYC8o>RR znxMDtl0ewkEKGm&{A3rS0nkrfNW>i;^bK_Wb3w@Lfjhicu_5pj%O5;}=9R3EVrY|R zkIJ;0fQ;Y!u09I%W#z|V5!E3Q^0)YxRMB;<@!nO4blJB1<7Q;V(K>5Yn&%s|@rX92 zK=ddNA++(ZBrxko>UL#nx`z6dR8!&#+sRI2M>_ixL%E-4w3N+~j?IHFsXd!LY{baNl|j20-=>V_SS1qXE0@^dEKh zD2J}yi&vA5Za3|$b@Uy|edxc_8c6IvyPe{{abxu(qiHdJt8$m%yw4iXJtE>+^Gro> zkerv4nw2_~G?kUzGu`q!t%YZR^OA(fa)0J~kXmZrW=VjxEFXJ8(;uTz@Zk_1+0frKS;FC~~pF zMXGa4-g8x@>loTPvpiA0f{J>8(MZI8fgt!t)|hh)pEB; zKT_A9b*uFILDFGT1VRfd5_mQ0yelZ(zCrpemb zH%;&;6b`eJo-681a!YX}VuF5M;0=#-+Vhp0^AADZYHloRhAUqM8Me2sxh_V>0?!e| z=92{%G)rROUp~pr36R}uH@C5TB~@*1>W)^L3fWcZ_M^K5T zq29M%YGUuFb@)b?w*~$Bhb2T##B4=hgFz4aB#l}goqx_9UU9|<)koZ|pB&q=8M7*D zK#_EvQb(5Ivs19$#IjLi_Da{vsF5LSvw6zDXY4tBahyOids~usbd3U)Ls9}++{wQ6 z9`C>}`K0^#Mk`Ekb_*@{fdX)K1{d)DI z_nAOpkJ4bsnKf#6pY|iK_XB+Km0bUKtnt2b&7JniXRz>Lz7O;laQD`^C;V%Vu}8|O zM``($Sn>|0^$yj6x`@e5g_+kjam#~yJe7jkQl?P#e$f_w4pKuLWzozR5b{W~DIiL3 zn{{!9qoK^aNavf2Pe^3v!BEy3f9%m*oCl2OT>A4(eW)={uXd&j5X4!@*O6~Pc+TZv zhT^@zDB$$sHtJ`?AAk5ypc!jkzZBV`YAraVD~%R5CqC}XN|1WtvFPfCBC2M1ZPzwy z!0~LqF0TOYk&O~`(~t75LuZ~fV$ip9Ben$eScN&cH zQJ$y6EFG>L01g-WA^ibqg%^DD-4ENn`-xjbjMT>vx?FL}&1QAceI07txhOha{$78t z{))e1=JJKv>$fRVkN64=!QcPMJompzu=9R?ezyW8Ds(|>XoCNh35TV-yQ#J1|5#!W zb+C4Jv-PlX{Eq};Zj!t*Py{n}%fP1i{%sLgM*cN;9<6VdaXw3Ju+2ajX0TDYe!ly9hJ&v??To1&vt*G(!eBa`MV1VH`6Cy7I%kqMR~mlL5}F%yuk z8THBI!8l~N6N_~pdc$Q-mIowI7?!2r(~>LZf)c%oPY>JMPY$SoIzXwg=f-;>>M-fnnbYHoJ;VSfjB2nXT!SV>ZfX=#u+NDaZ` zks_=_v)V}_y0XgaG$_e@%*8%od*~*GBCSsuI}9hdL}C3pU_%IG7|GXh<>i`C_afwR z8m2NJ9aC<;V|Qpfko(w*X6%@Vu6B(h(T9Eu!&*JyGqntbUX8i?h3$Y*=G<@~wMAjk zhH%Kw(6Jt(&+wYo;9HH?p4pg^xXSi(zXybmvYyJ({N2zQC!z@08gZe)egPcB2m}MD zAj7iZR!WYx{!-#8ED9K<3!COrG!)3^>XpV!MiXb6FE!@;9MSS4%A_0H@u3BlW8Zu2 z5{}_s;$Mhzh@5|#uvCQuvNV6SAXP?_DaAk3+KqC9K2bms9;^YBsHjyEs@&8RYIn=>vqCwF-KRLvaF7kl8^ zb~OdHV}=ECHxPU2ivBX}&_JyZ`@~?&NA`^GpsL#&AV{gHXi;dwI|Dj(k|*tyJv?mY zg{;}#77}k^{r}Y9{pK=n!|R?}o2Cv{4ZL2q_|Bl-8*Blor#~1~p`Cq<(>if^nbBxw zjkV|!AB~qGj_ZT3{>MkxF*AD8H3HAO>TJZ2?s`Np2kTRys^eG#v>XSFe1uU94q7>f zTaxC-5M{*7@7$@DJosceodubw(;~U4%8Bp$*mi5-%RxbaJODKn1~k|Miw}ghX74Ir z8Hq?RIm1?dKm;0BR*0VSxk@ahRr#QLXWk`7N8ItVKUbU$7-99U*^iLZ5e*9|#YKD!WSd}>Pmv?<@ z@*m&E{B<3l={hrBgrVO_KVn_Zqh744{EM6LoJ_+)k6S1f<2oI)`Ikr#8z@lr==a!5DI`0*#W zw6kczsVQxv+0PW~ee&<;4^-wJWSTPx){m}S@DU?fezTR5h%ZRPm}pb1)g04}dk+4i zy^M5?Ki=8!@Z8YjST1?HVI2Hz(+8z>e-Nj-o3@$V!5edNWXL$1tpF3Q?0QT-(Fno?p&Hbj#=aO)XFVn7zs?ij)x*Wq@8I}5e%l4MQ z3ch=Ge5R7RNmpZ*eJWl@XF=0B63GYQfmS(dX%n9JVQ!|lq(Ye+)2@e1laQ_Rrs-tnp_-d3aL9cwOpMTUlPR3L-9j_C5g3@`juCdohmuD;EVD^M7xz#HE;pcU=a^p2MA?>_p^a%|WYJT9 z2q}PxQ(K&ia0}+fDi4`g%h1QLIHdU|2CU%Vc zz~(tFMURiAz-v*B9dYo;-Fix`|Lv!hYRrfgsx-5PW8*~Xf)bvl(I@tapZ}pSp>B!k znIkk{A+vU56noT%)1p$o^=^4!&R9LCTdfrHD)5KD>KwA>^vz1Bs{MBVCzdg+_F%aE zD_0jbx$Adh($$B~9wf&OaC%pAu?{%Y2@ivEDXS9sz>`ws-^Ti(x@!`E{}ssj70v z1;TsThYEc?F>hJ=Gbh<%zY>ydddf4QbM!9bu8_QxwmI-~EiyvTXS5U9ed~UDK{++dTPW9j4e~6(rxbUpMc1gJO63_#*Wa`aBh3L`S z9WUHYGF^FN)&=rp|2hawj{kK4H;2bmCz!FG0yr%Cx7;!yR8?jYV>^CCi z8%~fiSj9OwXzcW(x0w!G9b*~vJ7(N0=(W1&Fapd}jP009QBJei$ zR7ZIcv+=%LdE666{WPmO_lKR;I{*2d@S}e#m}-)h%Lnt>IjNrBQ{|3T=~(ra1eFNh zres*lWL60N30Eq6{|m-AP+Zxiqx$`4R2<(qC6(pNJG%bAZRW=L^1dOd&6(DG&kK14 zx^S|z0v&uWD`r-NmB(J;h)bnLelHN*idZVoCsb{O-VJ6kh)DVN>wi@_pp5Okype!` z4G8_$Ci$99wxFBz|5NFpi{PKSoc8-=hMRp?A^d3Og*9;$(H{Vo0+mb}j4Fl>@hv1o z6+>kRmK2W!6&(={DvpD!*3t2@xb{g?zfp5@BSI%>MH=MCXl&oU-PeY4sb{ahy>ao} z*jAS&_~jlRq4lE8@wMf5-FcdG^EunO+iTqSw1GpcEytM=aX@AM4D$Mkm7Mzmw>bz?)G!e_iw}stk^{dACXHtnhg4sqkRD3JCvE1}kDzaf+FwNX26i>A`eG=|$v+Nn%99wSv;!_E*EW zTOe9A5SwrE3>Gnu)f#l+|s459yL%Y>O>4GawqV~`{_T*DdF zc4BD8cN+B;8*t2N7nV2+8}Kp2Rxr9KY!Tg92uy_mqA-OM!JuGw6cf~7SQgNTa6uzN z1dRwr^#>TFI#Dbz57H0$4{yV1|NrHIH9~iEXgbEk{++wtGvPJg8YAJDOc)Mpl!WrV zTl7@$RB&u+VKO9?$~ZVg#Ss{|hFeYSlX_M^8_i`w49ho&*b^{tDfb{SI$ja5G(vjz zP+43VwqIo8A~ydS|DS#R(Bn*Yp+R~&*1w|I62U9Nz=PCS&q%*=aKA09tk?|Cg&-D# z*@;S_{!)yI9f9^CcI!9}M>H4#hY36cgZ%9p6uisRUr=-a7RmxDItO6IYiPluBCbLI zS@wg#CYEWuz~I%3<=JAcz=N>cej;VUvt&WP>rVC8m6I+e+K$=CTL>Zuf+32O{r75W z%vCrx4?xy}h##qoBWNBqhX70u6s8em3;x(-W66rchLjnuATH&rG7`(6r>hgJApYOZ z*VB97RlMGhVmv6>sE0jt+20(}&NoG81}&a}kviovD8>H2MgRKbi^Bsdr# z&sgWfEWsGDJ)3c%Rp!pjFoS+^(hjnTbT<3}vWZx-W)0K)k4HUNTUjcqGg|67wJo;9 zyB!Zy!(lqGk_s{TMtG^(P@J?u#^HKg56jG)Ikv!Ao8@3F>5AfpLJyJvK9&Np?<%@5 zy08|LI^j&3?0M4zFm#NehQkGun=D-h6qAWB-@)RXU`2|%V|zR+;K0)KB6{%|(+k5C z3kS`X)Hq=zG6@tC6%x{DriCcDyWuga#j zTEgE6@U?1;y!y0UBbmj!5kl!(qCIMjnyb3Odt+!W>Y9IHI00L1Ry(&(nfW6y$!q_G z{v*HQNUYrv@%s~9*w>>)Y5xxUa2k8PkxYDjz0M|r?tG=#9?j~?teP|3l)U?mLoQke6V}jd%l#spEuA~XlQ)` z`!Fa-E>*XvY?<7Dyv zX6mLK&d&z!U8=FI5VV+D+dhYabf#KMKti_^X;Nqj~mkX{m(s;P}!?QazF=}Rnf>|8Ro^SW^I4UwL3NBPf9 zlfHzO=E>^DsUd40&|69)Sh(5l){uyB_Xq!Dvjv8aN_oouwgEPm&_rlWhYNAvsMajt zP0;WyskzYttpx30{;1UFa_;Qb&8@fG&t`frGPY@cY;L92?>^G?z4L9~Ft?jETzX)N z=r3MLzM)0oPnQxun`Jn5Pz4f0gCOY>3EjuSdq9jqKQc>ddu1nBjCQ!&#@9JeQ`m<= zDD&M@X9X~xbpfd4j`R5GYi>t1g{WS+ywpBMv(birQhZVe;B~l`x-^G-aCJ}6s%GBS z(9X}^o$D|$T`W2oo=mUjF+Z+i*RJQi{L^|lb1v}G^U&S3>fEshjKg_yIKP^7-frvt zIXV+;7%JY)OuWO+*5$ps_DRpw*<^aHshO$@=U(5bTs@)AT7!o>=6s2#!`0*Hp&jUA zajfGU_#*R#%D8sK89HS7(>O>BE@LGfO!*aVVrB2~C)|VVLnWYd*PqX{Eb|<0(fS_F zJ&#w|G<@nB05|nm@umRuU-4%$C1R0o5bFf2TQDhQm^M?Jo@A`UHBUPzXMDG^22OEk z!m%SXAxwp}r2Kvg?R_%K(QD}X3-~eTZ&ZEp(}$dYfT&*OH2wSA&T0&RXCf_cyZa$D zHS6KCkW8@ETLSjMoIGbxDZQB^*YNJ^yqjE{+Fxm=&lXPF`zdxVR8^^bhao*?M=XA7 zbfmQg72eT;wWM)sr zY3Ho>T#HqGXGepNcfb=K;rC45b)iVVgqXsG=esYh!K)UhcPzvFsdzm6n>OH;+YeW>w}`WsaNq7G7_!9jSWZ!*QIwK3Ge8y!+RNDaeH``Q1Q*PD9=x0ScZk$ zU1J!BP*bwJJ)vr7!*4l9&v`*r(?2`wIg)PO$1Jb(N9&_FA4>JnFOuh;h_v5zTpk*V zPW7JOvU55~o6@o_ODeMYipnf5vVf2D$4io@}MVU>I+6_*6O%$91t5gI3n zEUR)R++Ioyb4OM=FJL|B+co-v>``{LvX{M=k)Lkt+W+Qll=s!wsR^q@ETJrWUPxbr zUI;H;U5s83Jz;nX{}U?8(=gT)E?-wpT1mMmzrcCiWxs%al7E7Is`1tQCnvpB?Q}{SOL^X^`tr|n+lzMJa9>gF%H4ClCqF^s-U|I?dEd^zp+>cz6|0rP=kCk-Prgr0 zJ7RpBwlf93Vd|H#bds#I>Q+o38wnxGx3lGGNdVSXMlA8@u9y`5_Q-;<7 ztvgIBnGQ;Ga*f3KxHDUI1-_y0r~P#1QuI8Xfuq)LuM>=dy`(i7@rJUk(V$X^UBh}C9i8F1DW!L4Z=-mo5&A8Wm4OjYC zg7p==oB9a^_d8E)Id9WKj~Ki7is)jx00qk(mERVZ8vn58?_01gUbaG_klBJ!08t@P z8^3oUA2HilB_H9r=8`Gn54UMn6tb-L9#(F|uL`NCmoSkzCDqXMy>wKCv!XZl8mcBr zax_}V4BZtJ?Ui{mH8^^7eHCX4E8K7H@-4G~wB>?WWr2X?fAqBFv^lOL>|TG@BvMk~ z`41~Wn-%t@4;j(e_I(y7E7(GtWGd>$X=8Xiua1Vgc4AWwyku;fQsDg3oXZ?~Go6bF zpQ?5$5X{D>L6QB&XkqvoXA=g)7&zNX_|xy^4jvnZ6TGIifxd2TSQ)^ zmdZt*?BV4jp(l~y6Zg4YtLAD&u7;T3lL2SlX=Sx%u5W#vHurf>SJ=db({_PSA;Gfs zBgB(ruS$R{cjeFdm?dw|=D$fsHGyUNON+j6X}0uf76cD%n!}YtO*u8HnkDJ(`x5== z2ZtInGtOPbr5`wkSog76u_qNA`)HtdW zhSOh|S9q)w_q_Eg!6U8^bVu9aVms^iE7ANKs*-Be(=T-82cIeSc%vOgQudu6Eg#Jq zfdonUM=xYUQ-Ow-My0(4kn1wAtapXoG;01j0X0Ryjk{2p;VE!Aak)&$B~hV`#!xKS zN#J=`C__RHCQr7k#7)GR&qS;31b_QSWY#f%+tDEsZll2 zd~S~l&ZKy@yv+~Hb|%Ke_l(ZiaY=jjlo&0Pl$aH4GByPxBDUTfvf+#7o_xu3N4LmI zZ`NagwP_loUXQ(faz>^1X8t?t$%5`}<{h?h9+5U-0jCiI}c*CyGyIp?P{bSdSrVf4w zcChEChRJSM%rj%)!vXt4+`iOSLfdMQG1DZW|RpdF@)@BKrb0?R8#QAH$0?h(vq~| z>UB!yxBO&n?HK{RaE8#FQ66uGsPl)Xz6|T13-9@jp6rzazGqEx_h}K+ZW_*R_)W=5 zJPTt>6$rfWZedUL(qsLMztao+kWc|`R*GMfP%0$553-wo7~ z;E5ed#;Bz9%;Q#oo|z);#{p#c8-Z^SL>^GyViO_Pa*8pWd>A zQ)f*nR4j0KX$jc9z)4QcWVc9fLtpxH(WqqcU-4aBp~|ULL?G}HqcET5U&o{QeB+t! z^$3`&2pS1^1{4iUDi{L^+%1@p2^$G?21Eut4Rk8_1UOa@2MJ^bOa}5dFm|xCpv)k; zeujRBenJs!6{HIAC5RJ<6YvYLCuC731r}kkIaEp;4>)X{M;yIxSqv004zUgEBXBsI zWI*i5UkzsT^lgo1{Pawg!^m0&Rv3WED+(Z1TgEM-zF5bC9#E4@)~D?0o3?(wOI)sk zPr4#no?|&`U8_3W>be@x-2u#OS8C0%9HXusd>@8C^cF&2 z)~7I6R%TMtCn;C5Bg&J>Dpy|TRBfd*)|0DQDIr&}V|a%2Ppd9aNMA9dofDw%$hgnN z|I4L2S9;C)@|*XXFEE!&n#bf6XgLw(=4v+6~9tHsd(jFOyEaAknvtf)v_u z$d<39j=FlkjXU`zUU?xbY(JCjIufJroFv_O(W~t^iO+0a$@p$2)U@*_K6_E$?;w-h zT`^hoeLq?vK3LkFuKdYc{>f7QNu=}-t)%b!@z(BS=kEmfpRw*gg-<`RBt$y7zbfo} zRKjWlmJ0usWIv}|$C;MM>eAZHB=mgP=^%3vgA?F9KDjo3G8Q zk}9rv8kGyAoFs~Bhq$sA~*Zwh%LJ3 zM19H~H7g#I@T7sfRq$}ZBcKIJXX1S#g1W#FPy?k?CCh`gkm1}+sxxA$;x-Y_79}(3 zE)j20z+%J$B@@kOEEbQ5t$0D)YU(i&Pm_qvJUwD6*gwYdtWegQ*TkP&e8%!9 ziJHonL5HALFHq~!=K8uM{m*2`gnODCL`<1AXml7+AV?RHEh|FTxkhbHbWfXyNLXfq zqRs-ujAeuN%Y-ONQ{*FIJSXk$u}CvRe`bf%W`WaYgF93JYAS?4He2q1yCl}QWdPb) z;V=|{%L+hIs(pN_ebkg&FRK0T3cywcAb%#nn-%WH3cb!8eP@uO=a;Mxaf*vziVI|l z3weqQM#^m<)jp&G5H=H#oe4l;g==SlYiEN4J!3mNoHq*`u@(BY1-cNB!ar5EBSw~I ziegKV0-&6@(!Up}q3Y`xI?Xx{hW&oLQ0Umbw(C?iQbi)Sz1v)nY?o|lm7LsZ&LZLq)Bk0QnB5(@o0|56*i*d_NM&hQ2B@jh7 zX86i4vfg`5Iit-x_MOH{c;XV%>ZM6pFm8XFD znPFe1*hW^^pFoC>G+m!C-B)9)eNC%<=P9856wtL{@9^$Qz?j_p!avTT;)Sz`^wfUo z(BGIGj=(>T!{L$BD-2qQc}~pu@MG!7p0EJ>4WGKg%J}eG>)I-hcELe}3$cDdF&NmIFa>(OJ)&`59c(` z?Q^=U{^F0;Rh0~*&)##!8#f2UdC!C3;b7@coJuCkeIxtjBdb0uddAF{8(DxhNiqHA zxwZ_1Gh5SINgaK%npSvwN1$GJLz{-qCF)8#oc&~2D;97A54a&`>X_ExRo2j!rQ@z_ zex;hTWndL&l&2c_y`xVkhJL~|tfM)zLm1B0KC|QZH`hx*hdZD{iS*il6q#AusG8zN zfGB@6inGUwn)*9q&3-FC<@pex)ydScx1mi`r&~m)TSaG+rpAz>#u0sm=>&oRb%66~@j;x2^{6jGq}RTr*D$2lQl!^ZOx%I6Gcw_+EH8nk*N{_NXr|Ypz^!Q@ z;m*x^$$+{hwYXMBw`4}QW=6MSMz>)`w|K^T1B-V#%L^#77`SB!+%h%2b~3#-2X2jq zb@~B1{lYrm0iDX<-19L{gea%BnWqBqr*iw`h5Qbn_U-wgBnGDlkRi~77*HK~z&rfs z#9Q|%P+y+VNRh3BCD>TRwob!3A^N0nI6E#IE?PqUpZAlKV0s1nAVLr|4mhj!3MH56bN`3{5e zOH<8l7xSQxa%i7{l{=GDYzsqdt38Y-htAFIllq{Kd?-LWa`4SebfFd$MLiT?962ak z%$tb>=pcr76-GaJol2V00v%x=1d$WIeA>ekuP7;?Zkx!)Bf3xVeUKI7>5;m!To^(0iyW$#0qUPF9sDWgo5+NgC>rv)&{lBauhKjg zZ}{xo3DLrwPcn*ssxp78Q!xz6DDmGMCQOxn-HF7`njEH~4=S|jQRZ36qBalD5dPqK zi>Fh!AM&X6$)~?~Sd-3`&}FuAKXC1n*zCuTD{2f9WJ(>&9vUTU+++X_lhT&{mZ9xs zD1G#!rOW_rOVo*GQ8xPR{|`Pz(mTZ^qtmzbc0H?JVd*QIPKPW8h3^HTTCbo#asUs zB|ppRulE-V*JN~RYA-<@MoSz^vzDC0CM-5?#zqSsi;dT{1rJx;v3fkVdNr!4R5(ra z4~8}Y{jI4auqHzNRwzC4og-#U^mPHEdW?i8GfrxulNgm}q0CN^6_diD1qyH`^qc7e z^Tvvn$al)3g^8rrs7Wt4U)lqKA8>=Pny{xJ-ZiQauhcxfze3#Y%OcIsVUOcMyI5hF zkvDNmG~+Uik4jH;236kN!D9eI>andX*Z!Tg^4nr!hSJ@%3H;BaoQdL6ht62W)aGM& z*G#Kr#O|DtvhwChk#OqNb$J%|#Ey?QV z9k}&e8|rX6*aO=DgB%zrUA-=I&oM@Gv|f2@R%FUM;Kfuo!?-+oD-YnBqqyG|`$l`8b3_snF7~ zQ^wQ5nWQUZFk+lU%4wO^q@Q!5ixs-)1mrW?huBbP7cAKaZU_DAGj3qI3!CO zQXpp^%VH0z#MBIV`l-qehH3!mV%UxGLlXdUCN(Mx`*R$ah77M{5I_rGb~k>_Fb{!84U z|IRS`Ph8#qKkm@~ptk+LS`^otS+1(z>tu&ssTrmu5qvFnbZqLKipX>M0 zOM)Onhtecq)mYY8*I0OPQLrK~wq8)*GkfE~akaB9AN4GU#q$qeU_nknWmiD%&@H*x z#hBNh0;$MfZP|dKM!#~n_3*2+n85ndUi#$=H>buWMhSkdJ&Wl-E@U2+@)`f3-iky3{3~7SiPF|Jl{R}21vYJo1`|fW=lSFU<+0LHgg1=KMTs|ueRVv|%FS(4RX`NGKQ(4beok9>yZ3-WgBNKoZ z1|CGfXz@*)sYnwLnJ9QW#1Nm`%q-P+kbLKpwWxunN4!$^4eEcD1$}?dQsDt@+>ii~ zhxq>QHg7nXI$3*ywrwzrnz?(pnVNfmvQ(CCE;i0imj44dm8-t#1VRxBW_P#}B)1^7 z9LG;m#^okQh9r_;p;tjLpO8Uo7BSl#GDOLn5%{SO)ZZcr^vlx+4;`l^h)r!!C2|Fv zPtN?A`onAO<@NL5=RHzCjME8g1U(<(_v+@3ENSf3`;6fy0k)39;v#cJ=`_;zbKg4u z{>0j>O~j4#T`a_hw#%sUVpC}VvyZh%QqvW`f5Wu6_SIqm)w|P>%j)x>Q7G)zc}(~r zN<<${(iMC;>zI#=}fdy=l1ZXeOIlK<4RK|Ar7v=GUXjLYy9};pJ5%3hv71sl(*llkapfntQ|s z#d$jw?V>~SCP|rB&1F)xjdnbjzP2<1PZ-1?&=eQuVGTinBH~aAmq_@Olo*~?j2s_& zpdZUn{O^b`6M3iRU>xG?ukf#p#2ZLcnw2iITIw3PI9(AuEpW~n_ATCVOzI6;7|}xk zY}!JlY%`rKHpnML`o)9AI$`Q1mSS<4pT=|XZF0_m$Q;Cfv2>d_!1Q8Tx)sxtavPER zg;G*PqqLrc!7%U{rc$(Jq8oxFn;yTpWYJ;v(?e*qp4tm1y#*a;TNtOeLQeU&+X*MG zOJA!iRH?{Y1pCdo=DTp29~~cgMA!7N>yU*XOI(m?jm^^(c;pXvrmmFrLeT4S7B#Hc zu19>jZiz5qJB(sVsqvQ4ppA#|7=vU0Y#4;U%wi{h{!i31LeOTS(M8D!SCEI06gtTL z^S|_YG;?G&b+<7#b#ZZX_Axef`oZMk~&lQXUE_Y zJ>fWyOC%!SGNnVMnRHM5$a3l1*d_w&V93n%XNI{=T&{>l*A_&eAiU3c$i4ZvO}yT{ zDR@7NeoK|dC!tK#Q{jk=LLtt}s78{d>B6K%i8Ko-zV7e-L#nd?1*eoGGbcx(QT!TG z4VYGg_EU|Il*v%(Dl!;n2MEX^eVq9U2>cdt#|GJXW)cLyAgLoDm0&9r#mS`GAgfS( z%kWYp8{%=OaU+96l0|1B3fcAf)!es8|v(9piz6N~l}F8Z!hKZfjDs6tl>sn{+Qhou5-RLx@scwdT|`Wxim z!yq!GfHp@>g-&r&hffBN*joG64l-;l+}(BHvK~?q!jN5KCjVnBY9zfg+|KLh_!KLx zAvd;Col2Q_xQ?8JYx8CSV?o|DkHw+MwhW7(4Ye>ms7?`cZ;#uqpt&L!kJ?=g_Jf>o zKR6-6B6MEQhlrGmmGYT`lH^+lC}GZxQ&2Gvo8+(2XZ$B|WXk}FS_p8hUOT%4~{++cXr0*0gS3dGFg9zhK5U;FkGwT1;jPk(NxdUN+TVQ(FmhO zU6|}7-fhaQ4KPfVCbDXkFeq~%upcX0DDb5G2w874E;6<6DOc->~kFe%=N9{6Oca82`HS)q%^FR+v*ZwP^( zT3)77G&wRVmJ%R5ez}0rY%lwQ7H_jL`F{*;9}l&$a9%IA=`^{-`SDo@4o6fKN&!?M zze|^fqWmcldxFHBr8KOA$--9x~~K0mYCu zZI3=#6{Z1WpA30N@IGZB!s?T4KUoI=+CbFB@!4ZAs5#$#x2tc#g{MbpeLs}PzXWyd zefzO)x~?X=(K)Jh#X~Yk6t~u=iR?armF#ML;bh`PW+vB) zVFs0*me~6QElHZCSVkjbw&isZ+WpCB!I*LL;ssUsce~!e++%Nr5}=A6#FFp>^4$o< z8rM3PcFXCKjQNDPI6YElMESvNw$aSR!l{**in^eNl)SpTx0n8YM(lBFVv_kfILk<;uS&6o{*UR4)7vl(`AtHy4=l$dgNkd0 zxx~mpKP%{|%5-l{#b+op=88W|1N!ih5x1_y!k`UwyqB%ykwpD5DMR^pkj6?i#xWMKL}WQ*Km zs-qNkGL`J_nEhOFdvcw;erGyaVh|yyuO!2exn)$4<>=Ud4{luxp#^eIzL3`zn6jiG ztI_2b{<*7nzddc{$3*9JpEy1t0w;5JfkhVA@uy$^)B?xpN6X5rLM ziOu})3n~~0Zo0zgCBeXxXYQL!bZwgL_F7F_40rdy5}|TKl=^nSUOB{f@GGO{B?$hR zBk)`Ll?f1otE?`Xlk@GO9 zX*`*_0q9DI>iY5I`^ew%E5?8+64uS6xh56~AMoXnszOD(G!=Wf4S?;Jb{HmW`&TWU zTGTJf@b^8^##+-L+dNKAagnS>>ak4C@x|p%7I0c5iw9AdvcJVI@M}od#;CTUQ5u#c zdx+|#NVkof!_M5_v8A5SbJ$zN5zK4CWOtGQW#afkb1>iWpUqktQhK3N!w(=B;DNYV9(o>xW~Pn z#x5MN;DW5P%lG)>o$H<-y!qI!5qxF$Q#y2_46qd=cuC+n8baN(*iU=_d0)PQ0ORZ# z6Gk4_qD0qWWj?-sUjx6@o^Cy{<`Jiv@sn#R7Xx64PHnPDd_ zpD|{UNSfR~V+|e07wN^PI1C?4Qlj2W96cOHy$(lx4o}{o)Ae){9DAPqA%(Qbd?nA+ z=;PREgkfy-^Yaa(_2(O*rq6Gjp^Enf@I9KLhMU7Ik0pUse{ourIOp7;dfF_aA}?C# z7{*8*UJ*fGRUqmMT#s<(ob4W$Kj?d+e26*E~gYv%fCZ*A8 z>v`vxYUVEqcKf@h$g#-7cIC(1+fvtZayH!cR93#_ZfYv#Mf!Ulms>5 zeY6Ox{0KC$-Z8-8gvR(hg1+IvXb_As;DY$5A=-qwA%sSRECj=7A{+d)hJ<>8pD(+E zghVlh{HgFJg86B+G2#5Q2*bkqc8pP)mL{d>vKr50jbmSvGw9sb>gP`JIT5c@f+zXi ziFcSnl!uy^LL4X6OVGj(^AjS*FvMUvz0!@Eb8D^-9%BKn3LPy6 zM7m!9JAJt*DQbT@yxa-RES?ybCoJfqc(G$7zR*|5MHhOjK=q;!wCLYb3||UZrp0fp z<~SMYy+-_KFA!>;yu>Yty83R-bskTmf>j2chr#+`lq`N=Z!h@x$~`K!IM_+Z7~=-r zS-=8=;chZ76Qb8?TUulW>XZmUX8qD)Nmqxk{`FG!5!m5%NP)JB?>IxzdGT4k;*a}S zeoN+BZ&4rXpMnV2=YZb-?;_`aP~?9}<}S7-=H@1Pzol~nSuv|LZn(}@rSLT|gcj-h zrA%YpvSRo|Xpud+`al4|0FBl*q}NTSK%p>sYGa)PH_NALA28=a%!XdTb^t8`{*005 zgwz?>5qwPXDyaQo^(s@v80XLCPQ9e1(m*U4Nd^uq0Bub zgOr|Yd?GNsJeI1u4?gZx+?~W=el=V<`lJd-gma|;GjBN={>tU?RKiMQtLu~s4PbP} z^_7LxaLMB7`9T6$|#1WHevsg95ho~3dRn_*su7*b33;Of-B`j#On6Wjla6iMRDPAp~f z4F{1E3s-dFia;{c(K{XOcB`Ro$J-!wFQi}j!Zzs}gst4(8S7X{etN}msS+};foI;l ztqf~D70dB_O&6~=y6JEf%E8weKS7WQfG$rX)fl@1^mPIKOY zZgd*IXtj*t%2d%pPzolMakMm=NJ-gh0IS+g{7MQ#tc|>c*wc;#_7OHey}(PbRxC=~ z6B|pDGRP#SjmSV6l1+~!n#adNYQk_%G1}SA2OMMC2Ux&B=Z#tupjF8@eFzsBPe7>O zihrRQ$H9W@h7Z&*gNBJFN(j-ifDaaXM#_qhE|-HCOZG^W#ZW*3Rhn2l9x{^Rx6Dj* zJ>J!C-)y0@(4wI5T`#{Grw`fP2y=1&{4ByRwHfng)XVJS)!2N1GiV8=JgCsrlYQ3= zt-^sqJPU+NS4^!PZ02Ain2Z|*vsS$*H`bsDE+tCq%7a~PqdN+)gT^Gkm`kBOIy9u8 zTIMP3*DAJ^%9FIQY1GVx%TW4B=U>pd`l?_xMzt-)>!7Pt4XZ}z4F@)(caY*gJ;CTS zXAMk&gcdj@w^|?|KG*|EAGT-NBX=mkY;i0)%R4Q$JUyM5v@COJ0_U;ZHK|ahiB+kV zTYa8wp|tY$cOavU20X4x<|F}T37MqCSN6X)(Mww=?U>8$_(a-ko6uJ9henqQ&COtm zhP2}DKA0wJ?`YeS4>f`re9Z5ogJhxrUwJs-Yz$=LJa64TZWnvZK+shcR|)9)Hv(!n>Qt_;C5 zL$7Nrl)w&Rwl-PNWi%^1Z|S{xW4Fh89R4v5sbY$_I>^Q4$Y;2*H@BxI=|p?z&fAQl z0D!ZGVfXl;{p8$POs(-P!kAo0u*14^g6znExFO|^w$4HEd%D7DyS@DxN;_&k4J&LC zvZGszP^{aW`~0Ss*Tyy6Kc*VK+GV+2(nJwv5pUpH2`yEFrT3Q44_>}jnIuh56{s5SeE>A&NZ|( zu+;n8*)fonv0CAV_B>Qlp2p7Br8&288&RFgRlr4Wg;dC}CnQ!Dxu|UulOyzeb58>H z4dg!JT+QP0dU&%0cDfRV5cMNd26+gEQ^eo?sf=Y#K;I)fPm7!w?{9ySRW4o>H86GzBdP#`()7m#!lIj|vh{6UrjLg{sQNR?VpNUrmnNZ)?Z+#Zg)xgsf(}vhM*P@(LyFl;UrXtF$BtrEfnyXfLZ|6t zA%A)I9fH5V7NN$dCct!Z|-~3&jL-~Hl#;JWMcblf1x-PDq4T>j=aPRY4SNDv?irqKsg~fX^{n-_-8Nb zMPp8M5ScFkUR>8vz7Nmj-{50QH&>)#+lI2<&SO*9vZt&x?vrnBiL>rvGU<%E_!rc3 zYVgb^4D}+UumhQ`Ee=>F(?q^d%FQWVZBtG(lqoP}oAU59rR>oiGtTDv%+Hf!SG`24tsj0`8zTgJH}w+Ps4f%ZcUvq6p!1FG@C-o*N37WrkB zA$sX@Q?_Wn#?1p?i4cKH@(7a#ah>D&$sD6i})3@B%Jh> zrW7o%h{h@u2{5!%Q!KO~7E<+=HCyx{dE!Nl-xxeB%SKd4O{w|~GdT|)#kK>XpoiyT zGkCB~iRQ`ADJX&vym5DoRI*g#v?cPNG4OcpkOSDtiY2{uNEy6`0QSib)d*Nu9-`5z>(W*kR({RVAI|N55g746$O04CYGUXAe@|j5K6b)W^s3gTwFCy;eG>#y>^AS z$a9XULiRt!dJA6&Ba=QuJIJw0s7KBgH+&VLV_LIJVuf&&J5y7*>xw+{F1TKcPUofm zkR3kHm6uNxUv42sN>)krO%QJjko~o2fH*FchYN|@bqV%XlkL(8H_~H(RMcbcSQXJx zr*eCFdpiGa?!(*Jh@|J(X+9A*F$13kFCC-EL9ZxY7Pex%pYDN({-VF&V5bxJMbJ?| zkSF;eus=XOJc5Kz+c=Oth}#Az6f}GmKpNWTTAEp>DI__L9vIRQEx;f!4TM7bl2IK zw%~6yv0q@R&*{>#T~-Qd<1`^y*Vq`r)^XB~BdP8q$D8%UtfI!92OafjFP7RX7?UFA zpa11JiID?MOnyRe%1;RXSB{ghfv&BA)9(O$+%la8uJckZ{2`uSt=QFEihfx^8b5j= ze;T`k##^CUV>SNjA;YIYfE-2N?cg;n1jq5}OI0cVd5y0&ZasKN0@1sFNiQi@&oFdr zEDsutQwZ}q5Z1KMH246I6(+5yiM{m+D{$-SH~#1dzB3sx902e>G|thmyKC@<6FBny zBw}401!FYQ`jKAaHK}30DOHOH*$YHZx0cD`_d2dQ-OXQ7=$nmsfvzP~di7q=xL8Y607HTw)iAz0v+ zlsINYC&tX)?eCVz9k@YrtEovSE+ZBQzS0v5{zJ4c8)D z6vyPEs%<%ya5~~BxHprIr0tZ%r5YyRPv~>B-Gi8rOD&S36%?{LJ^1p$=oz>id8}nx zCV10HmA#f9=z))m?DmuyERTu0$3c~O+XT1~cgr#ydPj=O)vK4uQ6P|NWY5YItFc8i zp83@~9_@N7$l=UepL_zb%%%C1x&pyj?&*vwu~d;rWp*4F!++pSu*gM*vQ^V1vy8+C zx!1l_Nk^0P*U#_7p-yegpl24zAOF%k0;*6*U;7Lb&d)IU|4yR&ZsQj2* z{5dCjul&9;6@t>bGvIjSSPwdiOHLQ-EMJkiI^90L#A#EC4bi#T)zyt&RRTF(1p}a@ z25A!}V+F~K0KQ!BFYJliBoB%Ek7XlGVLiuTPmw6$f`FCa#)PURa6{%<$D#G?$ige< zGfOqoxPIBP(;SjAg1YPupc=sBo!iH2W{!HpY-tA0@j ziwLsp3J6=+At|Rl1(5Bbuk+NdF04f?g!v07kUjH`sY5&?`Bp<9zAO zcWD||d0fQC85x&3YqRG7$SS!oa>e+gDWZ$9#|-Z*mtG@iS~G3Y%ORw>{v)R2$}8c3 zsbM{haznpE&HNeXi1~6QQ78qoCj4>5WTziqAg)L$(=W9?;*ngYZ+76Hzx3q8N7(?odaTGp*WU zrWE5y=fMKiI2)VaEqa%Q0)LrFY%FbC4&qzlLnu8M-vPVqY zq7Y-qEhJ+U!ly624-QSo2n}xqXB)8NKvulV!wML{GX5}w=C^}(B>#Q)Hzn=2{QOsx zG+V1rQ2dYdJZ||nC5=q*f+$4&Z-u-@VGdj@knn~~wf9S2&xNBC*~6+6=-Iat^{Jk* z$F}QUNbIc?(K&1ia8TZ`Xk~>P3ML2C1iqyd9wqYVY3roDHn%MTRvPqf=A#Hc9OSdX9NL?-n?Sig1er)<; z`Okb@P&P}XN->tni<+1W7GLO0?K_DuAjI(`Z`LKkvTR5`l{EU^`GKBmhG3X>+Q@46 zNKS~kjIr`6uf<2L?Vi<+R&PcC&?qQl_9SB1=6TT@%W zLd{4Y$ad1U+1WttpMBTNkuj-+LIVuf<2r9+Er!nzyOe5;n)X2(cB(%?ZPTxh0Y_@f zWiyn`iv&%qO-)R*48kLK7sf%~8a#be7Vf?`qzOKBVs5R)2Rg*^rB-dL#TGpaa&OG+ zynYmTH|<#q*W#}qRC9Iha=M9z*=JpwfQdNz&{R_)QIWNpe2#B`7@DEO2&$N|NW4?$1_C%@oN zWVknPfHsLSYfs?utj89+MjRLijKMR^$r@PWk|h!vi`8LD!%5c*B1xr)O6SWrv6G2M zf$CE=&j?W(DH@uwg(!BQte>=&&K*iBYGC+9w(*E>lN>LRXBlOc&n+D|Ys{s&2O!o! zIRfIr$fv^QKbwt-@hJ`~$s7#vkAY=mm`$-eW(2Qc2tJQF0N&7u0~rPzw_IRGko_Dx z{8ZAC>)7MSGaj)fE{!X7>fe@D8q2|A>?%xDe^SWPe+mN1B8|F@By}uh=b-C}YY)SM z6~=4$8NL?_RtAA)t>P7r!X2=P#+KsVheB}t*zUJ^xT&f!gW9hi@6`c9zdkl#o4RRz z?>W{gdj+at7Vy>;w}RN7;QhnMtW(kEx2p`BBrTbP;!vYx+5)zfN&3OVBQ;uk_S!aFbk(F7ZWy36yUT0h}MsvG+Qm^xm@I_KhZf}ZU z!axI{ZoPt)>1&B@9)n5Iml2YzLfYt@o^dWJi+b6D3aw2d7-}7C0;}_4TuD5KZg}HG zg%0-He^DFW!8xnagv=XOH)#5b1bxL-b2lo2%=`IgCE<^l_OHmucGjOM^LH8fKZy4K z3ZgaXTnS43EV9|3@)P5~(|a&*{&aT!-9#55FA=pW2;Fh21jh^8=3|P&VL9a&w^Y2+ zC8@Ll>_)~d7EfPHpEnVnd;e?L>ZqjYqb52pYNZ5L1Gp_G(Eam4cd7*6?)ykia$fw! zs%sHA?W^5KT*?frF@$5`B8aO2{hCGXI)}CJw{T*bZ>oAC(zbaW3PrzlulRw>DP_b~ z+K{;gk+vR#^j;jH3QWNv_XqGVI7zjjqN@`8x|g`J^+_oqi7ILU3ZD7c5NhOesNyS| zt(+Q5OF5Ex;v5=I6anqxMQYc_`XiciC?=oHUrfToLP+oso`#rb_6O%-KO0yq*Y@a} zKLhEMnw&u`*zY2#vyX|2Cg>Cn<{cw=GiLks#b6h9T>yWOM5RaRAkgd^pl2WQmcVc| zJg)b;azOV&0_`W%%)4e@d9GdO6{t1)-Ub}Zu*-QjqmtrnLOvZATD`U`Mh9XO+E`uu4wi<{(}Tmn_&Y0>;vL*@RZ6xvW@#_*Za=&o{3_^^;EEk{AjD!A9wFjZCEsK-t52XP z&ILoq6Yzjoqd#4oTM2seqdccV7zG?AM${gp^m^aKV6g#A2I^BVYdx%TvEFT)p#cec?bCXo8Rf{8pBErFGo`zC_hZ700t z8oJOhbrGY@YCZAH$986g+OzRD;fUJc*}mqDhdY{KUGwToe|p`uSkJYw`12>?R@v!! zKwl3g2y;YXL}tP(JRcHk2UMD-zSFqEj|T{tC829OX~JL5|#Qc#}QmM5UK9o%I{ z#ZMN`AoqosKP+l7?Z^=zg%UV_rdcexBgRn*w=D@YRTKx84@pW+q{Ib4HYd-Xw|=Na zvS8$g)qAc%XOlF8sBvA=eLM|DsXrAP)qu@vx$+^O!<|7m`9nl=VAfC$B~IZbgoDTr zA1;_m&Tgm;>Sw6pk)G*bcvW_i+(uGlhXe<_7SX=qT28Qs-EO|pjD6I}RnhE`0i7-? z&HT1=D=Uk48%DEK!x6RNS<%C~%ARG&SM<96h&YL+#!|Qe?WPZ`f&uJHP47igifuL| zwW~nlCCQQu&Jkn!Mz#G#?YAcgI_%l0-$ZB5uU(xsAUs33x&UK*-)hW!-$EI+7FS{3 zATKX_oe`-}%P+Sbu{H(LjIr_>{AoPBtz_JtU;y0$UHa@QN&w@@O0w`Rf>zIENqiUs z%;m!P4Qab)Y+cPqLjBsB-J5-*nEc z_KtT`sLw#PFpdq<-IdpU>av{-zq+G$*(X0^v_-n3rx(GqTn?p>;P`I1Sns*x&Ti)r zxLI>P-M}-ScY}d7@?6$`P5-LRTHm1$CJCm6!IAeWiqclk%kyGJun03 zS9>d)BS)u04HNaF2Ot$tSm!Tgfzczz{D#7cizEO`CACJCH9DmCd{Lq9!xHEffi^X( z!!nSyHFrVLH-m<3<`4icjr6`XscCH?4VN{jo$dDdU5%e?b@%=k4E79T84NfKCQO<& zmR~D}*JJgo0xyYI$CtkgZkP9{bPmm^jC?-t%dEKB#MnkVS3+i;1=?CN+>ZaaXX`gI zE1;pxEcMAsgg#r8EdTzg`{!|UklnOO`;C)SG1qX^E1(y0SW1W z{nMhyEqxM;c|?E=uv0W9;P8Yg%LVewp3B3jaa=Mi2hcEv}xtE9uTOI5>Z7=nT-O(>SYJE`$gVJ0$n zJkWJrvm`%OFENa^DR8FI1)lWZEp*57vXN%09Kex$U%j->zX-+QA%}|SrZ8sDS60gv zZ7*#_QZIBaINOB2(PQu~uGp8KWFyLUTr}vSVrbpCASYX-r5v@Cj?oK^$dq z0#oGG0pNLn=n2m+`1y)JA0C4xI?4DtnG)p+Vd7AyJ-84$mW7@0noyNrM7#{m{~FR$ z@LC^OICC14eQt#eH?`+ELv{sf;Z)tLko}3p$7sjRa$s1O+P3sdjm$TbXjj8LS_6N`>$!RpI%U#K;OZ) zSaL{-tzk!t7SSzs0Lr4nDQEtAZawJ^lMMYih<{b+O{i}KD{rgSE-zD*Xi$460 z1oi&oUHV__U2;}v@oM7eC4K)F`|=-y=HC*;e-D~JIG6rIIsdm&&i_fw{DpG(N5js4 zERz4bERz3S$UyoDsjPgq16V(~%U=kYe|lsLWdGC)ko$+Lww*9WY8rijhWu=1y&$>i z5_;?Jy@2Vz^#W|^v7x}f@dm&(u^uMXCQX?IRX1gj+2fjRQ7gXw)(fZx?PfJD=i?c! zfQX#X*s{9!2XD0xhDqIO`T}X=F9oY|)9eQ|4-WEd60+Khu-5-kYI2Si( zfgySucAT(Jr$mFNP=CYGT3!*r+-mAMbfuz8e~16vO7+d3t+sYD?%WUqYS0c2!`T2+ z=ehlzP}+&MF7sFA<4G`H#&2Ei z0Uv5Hfv}uq90!XabKVgIJT|TFNnOk|(AF^pC)3SJ9dSsOYwvYU?=oj!=3{olCxMO< z4fbEgbj{Yq{Pe{1UMcgOFq_DjwhmuF3{_@-&RL=_zuJ1+&4Mn}`0`h5tCb@(z(+R` zzIr+jZ&7h#@6wAoLVgu;X3v)rNyL=pJjauix*`zCV*K4z>+la(?K$;2;gCd3oz;&b zsD1PC_zY@z(N~O&n6Q~#vmvpnOptGYa&mk+?b07!TD(XVia0}i4ocR@ovwpr6TNMW zy*Pg+x_`8R{Dpw|j|=4ggbU=4=;hz)GX9QU{$m39U+vfb?~2iMAKS$KXE8GSYsKiF z9*{p2BR5g}MR|@!lGr73Q-2CR^ylWlAK{Q~_D*EipMB|YF$I5r!<6R_!@MA5_AV%7 zWA;QiN`G{`3;XV@vCQ6Vte%O7!a1LEpEl;zb)cl9E_C42?1rx(1=YmNtoJ^XsSxn? z`*3RX-Bw>{``|g(4~J*JP0ZoO?-k)0;*ib(BAMRMC_f@jKo^Y0`l~W=2g0t11ow)z z#fta0ulLI+fK~hP9Gaal0>*{KnKPMPBVG)Ra7H!$Tv2B31g#0g`R$GeBM!)kr0d*$ zRqHQ6luXNekZ_nOH+Ak^Hy;h{lJc^1^qIo0fI1AYLz{NrCAq1!Dj^c>$x+5BA20() z_Y=6*Nf~*omeWlszRPimI^HnmWd~Ofc2Vk-YjMFJh0`h z<^r2nN#c(M`m{HFxGd zlT35EC7dmjEKU-aTB(*5o^;SU)nJ$5Ldbnt;6QH>{r zn>Ift$_!OoeyN~MEM&8jPFpn}pOAiZ;*klF<7^8+vxNV=8qlh%3H&-+^kc8^A+8o& zi0(wxg%bJr^VoK0IJU87Y3o*y@Z7kg64zSxtre#Kbx@}qEiJb_$sM#ZwszRv6G zu9IJwhs7e(*cn*X`Z}@e4)g=1>ZvpJH&5##w~J-`#!D1>G_-T#7o|CnL^La_YD1n_@Q#d|KZ;Xe9AGsK^( zo&T+v`JE?e{j)=npr~fI!-({oYwG#|z!7onT#wGfo05LaP@6F@zrJo9T&)qA+m+Es@=&OK}5c>-DImmU~r4+j*P5)CDJANv} z*L5D63jkhn9&1S69z|hOdEV{@{W5ieCNg9n!q^$AebsvaKvAgYV{^_HES@n&B>X~A zlJHI=Rt8>H1IP#7N<2X_1c5PsVhnA}5Q~)He25tMU5J74$XKEh(3(T}(s%<80y?Gy z;9WcF(mASJ-3+l9B?Dz-rHE!2Qn7hc zO~jFJR}3)(orNn#PEePk42bX*Q?oh9$N}J24Y}!A(KmPEOf%lkUSHokr9$Ihd5J$- zcz18mtVMbu-D6oh@jw#4YX4!wUzR1n370TMliA|IOVhuJ^rWoxKH6A!2iA zNzb&^aRT0~38vc0-;W7g8^M_d6F6>bB$!>|z^SeuGZPdR*6-Mz7E=4+OH zo}mmad6Rfb3%NKAEiFc)L8~&UgGv&_o)aq$DlC(Wf1dO)9Y?e@mmX9BGyAT8ldltN zrXsfUzTK(MCCYK~deCsVQ8VhAxKRvQmjgpsZ~a?4+)&^EC(91ZJA|Vy zSk32EA{Na{G7XVdp`;Z(C1>M?yunk()ijLud?q2(VtWY|7XzKawkD?y7-zJT4bA0W z#^JDUW#_YT4Eb1W`yD+7LXL|<@EwQRkH(7fLm&u**9rdM`@|%ybD>-TDo>dQD zo)-hX8lH={^W^L~Nr}0dE@CS=OK7FmV|hlACMTYbe(f8z@oWpv;}*?r3Ov2rj&XcFIQS~-<=El7^C2}ARmEIHfEU^w7=X6UG6 zJ&`5S3!by{1e|$UJAH%sv)a-M^yL2b2~eCrbI8ACBKrI73cJ5wxLKuv?tCQ+PG7+f z3&LuOTO=-??g7ws5{L|y80|3^$=hpjd5w{*MN9tvY2JM$m<idd! zTY8{%yuwVzyVNqxNRDo_P5p@rx`YU=zjebyM@mbZ8WE(-qCQvt#Pyx=XU>k$0g}d_ zxa#j5!D*UG#m@P$J=1p<7n1R%e*!oe^W8r&M}8JHN09?{6s1=HJV$X3wJc>ZYxs!T zH;q#ED0~xKoJewHT|%sRYoh$@_Gq9iB4F1H&g`k1x#z~<_7k1t8#;Jstb6&Q#m$TPp@=#X}J@Y+f4SA7-hNv-L7{ zdl3W~8<>Sv>1HyPTpIdfi)rUSfF(~Cjf3epGk9DQ70M99&gTgc(~Ib(vJAxgY}7ge zt+9S~Q4ao>QJ3=5s2iZ5$g5eo<)(PBugbk~d*bp-vD?j&SzjQ*O6-#k*=VuvD|CK; zs`o2r?h(^uulO4sf|dG2C+Ne7X)eu88m%JH5;1mH%4rL8=Hn+aCcx*O1S%>>QS`~U zb}*FH@W~s{#1l}+ACE-*Cb6V$lBOHgnQ~%NCma6MCJ+|uM5%b6W9r%AB}JH2HAS&q zcGlGeBDMC#32tw=oH=j*RlSoQ(b_`)tVIAs|7JYdI+z>S{oRz7pdw{O(1iT+R1VHB z`*fVuF-FgJhV@1@g20M>L!*2ShFfedc*eLGYeG4*JADR;%%|s-y7?s_cx3Pe?c-mu|)lw;OOWd6`s~M z^IXR>*tjrNS=s zqru7~lnHd5tg@z+@=`ss11KhUre#x;N%&Q5KCbFuJJIZ593vxxLO&HszakMAw{-VP zi2%%qsYdhb6DC2I7&hrOj&vzpnYDznNDM&VkF9t+x0fdbpN0cwo@B!P=%?YOgOjg) zF-kNjlZuR5JiUjXr^X4PXSH;7cK>RF<=+t%zAAd6fX2=0QAm9Q4uvjFt--k<6&!5tP5t|dJl4-?@#4Q^DM4i~$;sODYO z1a+oH49fcG=*3p)Ce(005laiI`@+u?E$D0q(N@2tz1xqiI=&uUL+zmTO4)fJ>$o!K z+7RqDLuv-<;*{JK+x`Lfk-@13!V!}`VM0sg)Z&m@-Q!p>hDrp?bW(;NS~ucSq%G^; z4UU>;SvW5Ojj|p=*L8mJH^dK4x+N*ScO%-ayykKp!Mg69__|NSNM&a5_tZ&G7yS3ukBJhgXx#Dn4cn(DfRtu}<=RC@ssJy>G&n+k4-XCs5>M zg@=G$GwRtzyNC*ZT{sb&xBwl!QxkT=diTFM-xlus8b!h-=NEz`t}X=_jrBHWck!#! zp>KG1TeDQrZ|Vy<|L}hM3gMHIQA1i#P43Q{$^A0D7tKD8AG9|UPTvlm-J2#VIwOYP z@40jgd<`jhBgqxq*=Js5C7`s|12j{|W~1k>;U>qJ<3t!_Sd6zThBV z&BVQ9zg04}a(`@Eo~n+S*Ya><+2aWflqk(tl-EjIhA`Upjm6K#6YZiw$hT`tp&pXK z)iz7F`K?$HGej4XQGNA&@Luzc7{Q32mNzp$GZ$f$UG*>xb97YhEp$AR2Jo!PQT4FU z_3>3Qu$>l-LRa`^>}hLIpx!m@lH za|?ad#Eo}448Uf(4TWxn<7B>Bu1BgkibhX8x0q~}Pb>$A!C63B08<;$A{SqDZa;>k zm{+6Ml)LO+Ic^$;KEQ>M09Mt?y>&o5rK_`M1WLcz9J}GV1h5O3TsQ(SNp+Z@pXs=Z z9x;!aK$jgT?_K*(DMQ+h52<8!g$P;14cKi(twD7Xck5F&g7N7*VrO@)N zjoHwRcO)G@Kp!)ZBvQHo?#4-tkVWUCa?QekwA>EJ@ z7VDLIQcMm%CUHdSv>`+}g=9p&6DV6xRx!@RJB-tELy+ro{4EA;+(5h77EGZJmR20a zW`X8m8b^O08z3p1QfA>%YbIgzP6VRE7|`XK$hF%tcAHdADXe0m=11m60ZoWG2Ym_bF3 z(t2%-diR|yohPk+UaP9zXzO$%U!&H#E#>IrP%aXv8=HlET_)QPf~ax}BfFvu(*>cM zwWROnE4&LI)z2okhPS5&=Lbn`mlvLlXai-#?(}AiFjA%4P0OO&Yasgk0-DMG5%$#> zY4}z%&8ZErXU?~Jc1BSX6pZCyi1#t;uJ61E_Lf#(%#9k8Bd@ow$iT=yuRNT{IrJs^o1)pWS_F&+gJP~yp_vms98u+%H%DJk z{x{hz>Ktq|>X8*=G#nj5tC0*NZTTkF^@wj8rbf@rPS zd`wcf?gaROitOve-P2T1Af2WQvUYb5a-qhz(aJr#r+Mn=Icf1+ zoRN(Eile;Q<%GF}prsx5!^3k(7EkD)G4p~E6gHU@%jDN?h{jQ6l63A1khik5+K)1V zMs|JKDAw8*Agx_`N?#`GJ5OIE>~utC*4!s(i)vr!qF*R~?4PX83$g29RfsO~G}Kn8 zkw@DQgcob(z798|&F5%``z@1x$Seyc5zsqP9%~ z8NK26z0Cc>Y8uH#Yb8YzzBKo97NR2{2q+|sKKRhO=0%CVV^^}6p+XICxp9Nd9<)-6UKIMCs`S<9VZ8oE6Ezl;`8(8cv3m!8B z+p`-Yzv{hsB_~>w*5k@H48S+qUl&Zqc5Q&xWoRhzCuC}X-yLux`(<+k!@C}Ao&sWxqqI6h-wMxjlELw4()drcb1ms9ZSbGHKkf(`T>R+r z(KIt~oh(^BOBy-_ER0)2a&C%19?Of#s%_-tUVxsvXya2i!77()!n!tg8r3)kgrYjk z469iCnRRR~J3;i_AMa^fUWpT&HYsAX%yPm`N}O(2r#-Wrs$PI*IJ{gJJl5K3JG*B= z#upnMDk@_&?B^fx&wBc5i6?BFU42ff*?=U0+-P9uSg;lq>bffWukJd4id6m9A4>yR z&sP+oD+(;AauSvlcXog#LF(5UZXi{wI5J8s3NC78U~NgPokmhrtu0PfH1tysK~>G> zWPeziQom~aXm(J%pHE#4mru&PeBKB4*5_Zdzfd%^9u%mB50Gtqz8R5GZCQTvr(}{TL!?{VU_sag6FlP zDL?A4^8xrQl%W#aRNZ4$%?^$s)b1|d4naWNl7 z5%>DQ?gBM4VXxyz2JXV=dK^W4-Co^3`oOkMM?2Ua6cNSJPVqe$Hgat_r)nUYDuA0n z;6%3j(Z8^RYXlI)&ADqL9u#|JPe!|976>vSOpG9wbH`)A^qR}xk%3j^s?hP+Rfd!B zLrU%vll;-U*;X#oily;vMW;ol3QN(oc|Emi!jd%0(u5wNNDZNa*QI9vRsGd;=7qD$ zBj-8$J?f^NmEybUtgx)16`1H<*ZDP9vkaFVgatVJ8|g9n>SYx#}qU4l)xtIWuhyaiOR&~?uJHRJ*MKxmlSv{t^mV#< z@2>1?9Pu0;T5krP`tVAdEKJ>%kI-~RnOTk#s_V2{67!q3&l#6n)eKZRz(BR%iy9R;3pM{BA>up76TL?WqHu*?FXf7iXK23KKbxVN`0G~gL z`2Ipoo}$!3O-3;H#6PhLyB-Gr(9Xs;_S&`e{SK3k_%_|8_pWEA*RUYt?hlqG~U;%9L2kQZTCZFWLpdLC-=a zGnUVQ3XA0?(A`Wi=O=Us659ev``A8&)}VHkZC*U2Et(|`BPf$wctKP&%^>FwAI^+lPg3zp4P>#L@RN$(W1)V=~*<*-6h1@#m{AZ;54aY z)&4Ytyjyi_AxRK@?0S2QKf;n|$9p0%_y4i?PSKUVTbp+(wrxA9*tTuku9y|uX2rH` z+o{;Lo%+^)@9y5{@8I2UA9kOt@r*Ur;avA~-E+?CcNIauQNNxQ;8gWFS9tebDEKNd z(=DVmMaE*js{q}TqwZIv*&0pzY7b?)3rbzFy|;9@dAYW` zUo?kRuUdJ{eEqiBro}Xvo`vUG4j~p`Cp$z@(%+E&uB($PM`U9yVM2}qD|;9{>VNnK zDyCSlXh3aQR*jA)BPmNobLuU;dh8gVXNpRfdSKkSoDN4TZ3q!wn&?6*skZZ<%YXd@IUknSiu=WY#UH)xS z{Old&-azp6hkp)Qt6=FlbD5HrraS6yqeTs1ir?kepSUo^B4E2uBQwB-c6^_HWP#H5 z9F$H#jSUdz>yPcW>vrMQj4?v4 zvmms1=pm`50FZRKNGHRI4uX6yauKFy(XZ3cm_+06OD|8Zd29(VG2Ls1b-`@Nkypa% zd6?nF`4BKh!L_aiy)D>7*^p5O3(&zczvXz6c=e$d5?FvhjiNN;XZ?|_{K+ia#Xz?6 z1Y{V1sG2Pm!eSJaY6^)Nw1iq;pdU>{Vmxfpqu<*E1kE|Ke@#a1U;w=B=Fozlq8u*V zAaFg88vyFN9B4J!;BALU02QJBW!}%sxw~(^U@pY&dX!z!3!1}qsEgR-N2`@DZ#M(-!oInxR5 zm#Q+jcuPeg3>ha_eS^HO2U1bzuKeH(H*^hp~~BZthJ zEGI12lfd~wj57fXZR=WFq(Tf!1^}i?h=%xx4jPckP^yZ!EEL2m+6ZDm%c4&>k6Ws3 zg!`>JjFoqqs-E4;9lPLk#aI*3?}XerBySh@IF&QLb3B$Yzk$(UPDTvA-I)!{(#KAm~bN z(Lrnnb#sLH;~p7{@v{(Xsjppz}B@auQ#)wLz*#88%x2OdR#OJ@e~Am zC^8{`bt39G1F0`=fz;`{ZJWaCd3Woq4NJyU@6;Y1^(}26GP0>(TQ2%Xd_yFjL;3aC zH!f0gN)lG5`74w2D0fei;}3o7i7X`XMT-%J6Jqa>r5V=o{nz!^^VfGDJalKnAmXL| zIxbPG{$~25Kt662?(w?%FC}oHAj!)t z5;hioiYrLidB=ISz+xG9DlFK@7!kj0GW-~3g z71mSIE)AX8`g20zV#Fz#ezCZy*;4JWXTuBGQIC=bHDnm|((1DI(a+wd5OO2G9Ju_f zv*Xq{{RsMNgkOp#MsK#iEgt{T&UzNHF&NQYadx_mK=_g|e=##30J}OE%*h&6_9`Pc z*FNvmYk=5W)3$)#<(x2^PA1^S(?;oToTJG0L@1x@KU?d#-Kba-33x18Z?q7mv{C%+ zm}jrYv_j4KMDX1+%u`PlLJMSsc(lf!g>7U+ONS@{aqGl^iTi@jYZb+lPRUt;|@QL%BZOwB3y z!yYI5S4A*h5T^>CX&?Ub4Ih+V9L$KI1UW?`PVNb6=Jm*sVtcdNo`#p;R$U z9|{?<7#VVwi$bk_T-~}=83l`G;CPZcdK5(-Q!Da2)O~a>viZrM8;3flGN^b?%zz9x z-|R^G&$UvGV?HlsQNS=M&)o)bu<)D8#w};-XZ5hW z-3Mb^^%AGiWjF9s^dX`cBkUgHme?&}HxUIw;MnDhFEGN~rY=hctS4jC_0FdIgD(SC zlz7-1Vl@8lO5e#RoWljy@b35Ed}sz)!OsI`?hVh>GgJ#@NI+Ph5j`?3ojm(rI1@T` zPCBW+B`u4LieXUm12eMa{@=m#HRt&Pn}jE>MDwc&#}|aiFpP)pJpIUfggjxgkcO|A z(bqsCOtB`cRJ=-BOpr}-^&v3>gfdLOJcuIpzgQ03UPfB_;{^1eO~?p?YqWKsts; zVqDhNdx>i8XRwOft~HHF*QasUrx8T%Z`7xcn2|kSn00TYl%*%xPUpBgiLvQkApVpC>hP!#JZpobR}v zYljxtsoybQN0!tKap#_$e&1$h=>fXYdSmcCfxDGLhFL-I7qc0_p?Sv-!oTM>Jh~w< z^zfJ0=kW>p#lzS?V;%>CVJGPB=f8PsSvRCeUkcTqq7wr~Fu&eY95i9AfaM|8q$qit z!ELSN=e>gS!4zO<&vd$JDf6{GY-%U{xo#@`(!-BKOXvEAQ}HL39U0OF7aA4LuOoWv ziTttZs2dWgnA3K4Q8(1kgL4|2rNEB0G;~x~@rQ_I;Jg*u1jUc8GOi{IMAp*}COy`$ z>FIVsYmv5CZhdYvU?}87285IN+aLNEd0{vx8o=`k!DFs-QdjY_t|Ard*C!a*Z-@xM` z*Y~I-k&)=Zn5{uH&xnRiQiWW$7T@F8o`yA-wpcrGHXf*?@&q`4$+z&x=!ar)uX5Nn zDm_G-e{sIGXglDzicS{oLTP}x_7hQRMES*IuP0c->#`<8H3&&+z~o*jgN@>xFDMvO}s)43hP5+>;It3ERQorl^BHY*rsT<`W?Ozm3>q2!E5^^PmO_CxQ zz%0^8fRvhILPUo1&<#7HS_qG$I-)bvDnx-PPtwT@r{p4K&Xvo*%12i|SJSMU5oXP9 znLBak3uD90g*R>6Zj)BBKG>h?@jOQ`44LE1^jASI4q-2Rm7Ii$EHcvdh=(FK-a45) z?DfE%7F`@=dN5a|$Q_ntH$VrWYJQWgq{Dyl)l9)tOWsiAdc?qc>)=??YxF6h&&+=^ z9ggm^GQeQ}$hm*Mw1jAx(&cfc3E&6Ah*F5$&suE-hHk4JXD?I{#iXZ^t3n` zawo%zK&HQXJiZl&?}%w*jHwqYgH{bJ`F(4qi8Q!)`VVwN7bOb?Q?kztIe07H8;mLN7 zRX_G-Ro->*KG{Q!`>!ir26oAJXH-89Ypr%$gk@jMS+BPbTiJMeg;kg`S!-_j|F!&) z@Pp?p0b;xqK)?Bq3?P3O)iIIkx2gG0SYCJjxhKb#;N;aj}5LPFqttzw39iiTvxP=2F(N(+{M zQN}%7>T(o-A(r{DYlEL9Ye3}$AI@NlxTOcxkuTy(2CE`fV;Eir_$#z$91@b^+h~zw zl*mvB6}#KlEfMQ#DkLAQRf;g?v-~J0<>Gf|wB0&VtGw4rerNJTyT);ZCSXL^yt8^p zP|A)QUgv)d@#{k`V7Gx$(ximDE;@2!{7$PSs-H=WAv4^mp56iS?${-tkDij3!&dj27F@~ZUQ<)M6F;`19J_A#PU6(ryVQYas5@ltU}l+3)F+OU9lXOu89JI*&&D6k zg2oJnC9@%d{I^V5I^S9;0FY5!V(_$I!t%-JqRZ_*xb_Zwfs?rNiUb-DVgErHCPy`< z%FvSrxR50Kd7Osc8zA>xAWxg^t{dP_3Kjmi8L)Q82(p*=H=en{_f@wj2eO4eqma+o z#dke503b4cqw=6jBNDXf2ZEzWB}PWqP6?%#xXg*}_ZjdE zv$nglLw(BkX$D$wW&~>pvD{2{LFm1+ZuNGs!}AjjEw?27Si=7hxQzfFmp z=w3S)e-<^9030S7!%kK7P?DI;mm`UmAKnsbJfp=Q2~Rw9lqtI&INhqMjp-93t-)J>$T;OOZXWl~j>V&OGXuCK@hyL6)zX^Yhw znGb?_fcQ9!&!qAjRxlrk(BowPk$O_dp5q-0CNDA)w0^2J2nH|9rJ+%hy9a|&Tb=~s z-)bW_s;0Ur(}Y5*h!ZOf5vpY6$Ek|cfBW3DbCZldkS1FB9Dsgb**WLH`m!)JUb4+$ zD(bC5AWPl3^_I8zR*&usZ=~ElfXC8d;!0q0LHawp=6jgadaP}~?OinDX@%zPxQsO|Xe{o6>G z{$A#^0et9i8lZICPZQ~ew$KLWxSteY#;Ubo`nO=Tbo!~zQ=?iN%<21rRB4l~{XVLM z4&k;+IgYmQNnCmu@Mq7SpL|%QQz?gydoU;g2kZlxmONk4Q6V*Zjy(7Yr$L?Aq%-z4 zL?@zF(j>@zk02lAbg>54o^!+^E+8dF7(3==ttBqhYA#w04;xC&w&Unj+POB?%`Qo7 zAW(55Sy*vyGtSn+OV0&fgJ@5h(l;#>+A{JySWA(PyG_#eoP2N0z$Zzy>U zuI0!KJ2)ZN)~{*fbEV%vBAE?5-w!!;(IsuE#%_Q0vT+$Ug&d>TbFANrE-mI*4qdg$ z5!&;`7qsJw-$s>Bl+qe6Gnj-DUCTg616Ek1f6ZqnJ(bA~?{%G6sx&I><EQaEuRT zlKX~v4&rOc$-jH5TDzFW$O|_>K|`G(Z~x(8q0~tqC8T5OAPQ}iK1>_eJ*%-J8<0wA zTA&Y3o>cuB(Zu{_dr(-X22$w;H8&rWppy@aLPjc;3h4;%9wpT62X81agV0QU*d>16 zv1_@~=M1)z-J~Ae9e9a6x&;x1^&9<-WIX|$fs@r$iSuTWN&eGd~KixYp?y1ql zljR?p{8-C%=KzkcMr%!B3tXO7!F9T8qoQ7bKC&!SmPjQ;lsnMp@7I8=rpm?h(?fS? zD&70TRSTrTTx{Tvqd=1KI>T-TBWO4Ngm{Ku!c1$P3#gOyJ*_Y_hszSJU`ET&Cv%w$ zqI#>?6o)AtGXnG*EhhvoB;@M!iJ%WHHjM%?;3lM`kjzAA_w$S;Z<}7!0eRUp;g>%9 z4RrhO?=_#bwzn=XW_Pac*{v95zZ94Ic|6uA)J?*gX2>Rh@ty8|2EK040_)+rZFO;P zjQL>fbWWTAdvBXM1F?@$73PbCyP5rF9DYUVq+saw3vi2CEkKb-X%)CHx63UGb_TM9 z$?p6iZio)&l4xMnIB)-|Tgtq71)>@VUaY$JGraX5jnjN{v2z zb;yDlOEpr+RHj9YKHSF@6=bTfUl)CA2x3)+1=w7B_%h<_cPaDCw{P|w_TI4ZEm%Hl zY)D%(mMFVjzgUsBVmwfGr%nj)fb;Xip}i#Cw>1bX_`Jj>+SSzK8CG%-Z6Z{9g#hAc*j z>kf~m9t{EOr;m@$b0f>e5P6}=UqS=t&q)uqA6Z4$?H+TVm$TYMbz#|#j8 zzz|txd>DW*K^Z-VL^0zCyBv;)J)Gy_mTXCQbG-{!sww6g5Db_AS;55--7g3omMkEbS&*m#BreC|9#252fm$B91)A^IvxRt#?bEepd^2MP5O&{d2=_z!J8|KtDh4;XT^nj*l~^A`-+ zf+rhlqcCq_v8)KjeTodpL5Jf_&4rtLHG)xf zt}3KsQ-m=Q!nemoiEykdpbKs_PFgggg#E%CyTg;cE}T@VCe31NI?z%#1?Zu>e7%sS zy>_IQ6D((w6#Z-8cqQS}{UtT~2OMgmx1Z93tpcKQw3c_xJ~ae_D1q5ca5y+U169i(6!+N{qXTg8p|tlt(uj!f6W%+ z1jlSNGl&wB_u-uswqKj-4w?2(7C+tGgh^f6WQspQ{wwh2j5$IdQ`!uW?3~F{#2367 zLQ9yy3?YJtG;H~fW_`LMA(EH@{t!a}ceY-HZrWF{51a>`_uradfyO^k6cAeL}xYv8#15mtQN z{i$-kKZo~k8vF=k0=-s~9ryyPU?FlwGl5>haHZjPpd)Em#PNKSG;qr}?Hq5S8uJGl zF5Jsc^vt-!V;YrNu%=U1G(EEEYJOarrYc$|!&lXps6I8uIYm1-+P!xTh+bK;xz+Nt zA+gP%%wbmFvhR75^^PUJ2rzLs46iwjS*PedmdO3NEB8BnFwZ<7&Luj)ZhnGp&WQXz z+G-|EA+1}PO=o3g%r=55ZX07o&*X(m1&g3>B*Q^BUUR3(>)SMialugTdZ)WULcsIH zP4aRC*XaTiN?f_siy?*@brssvA6!GOp+;&&d+cPEa8ZCqBGlTq)4Rq*bP_}|JAI!5 zN7fy5jQ&-y#eDuSS^(lQN>f)>bxvwc3taht^c(9rE#e% z+3lmA=WDyD{wb9s(>sTBvpmjuCfd~#+4suhcS~SsLB2dGvq&jZ8J^x-&`v?0?O8K?whNW=^zUiDHS?Z_jd;|HigEy!=f$DdliNe)<-*ew<)Q`#)y$-yER4kA zpHakSBcuEfhPo|kSf+5`pYF7F^ zFIz2W;%3e$?wpW#AQHtb?V{rxO=qEJhjXJ#V3r98W|woT%&SFfy2;if&5yZ|F(PeZ zE4Zq>K%Na`V5NZYV7Y*dz!_I*0y%OQb5Rw{6pqr@2NE$LH$1?h1TGEefbihB#?KdX z8`xh6{AOWCBmOrW)SOsNmjQmQk*9#zZSLs# zF%)hin4Nvs3Wd&CW4pKG@yw?&e3?c>9kKdqH`e0O7aW*(fN!sjtq{mk>Q32Y^Dm2J zu|THK?`7g-?eu(>WOg2mxbrTC2=pTK;)IkVt9S!3Qz=c!6}lv!sz_|Q0E4=pv*_G; zFEGoWXhMnmLefJW>Jt2VH41XLwf27)3_h6^t30#ne}>y*v17AE(>4swYY5Q^uCcCl2TPJm1F@1_ z+X)DX<*I>oC8w4+mj(+nE*Wa_bWf3_B{Q{q9< zAIj|*U9j4TfJ-N*&ZGD0^odd59R&=L+TZ(ZhaGxZB|5!{F~CaS8r>|ic8ZK3^SnQy zksYPJ&e+DB`tY4kkqz|N8_DmMVO5yP8!w8pcrqB(X!Dwu+$-B}v2Vu)Mb(e>>3!(Q5(ccM9Rdud~znW=IB0Ken!}%}6ezYPaGxVcpKEFTNgdlNg${qmK_A z;O9jN<@=<7^08+)Ku>#?p|mn3>x>h;VjljHuX&^xBH`Y6VN&y_<4BvJ7O!};z3dex z9DyDtfw$n~y~z~=1lP`hQ|FsEwa7S0umvU!mV%cG2@^h+$TCUfsK-ItcEEJYblN}f z#^C{mC&TmF^UdW0nP8w#<*k5k%4wS{7t5uMu2FhAK{K$#XSB_O`mILu8CGG{ei^7Pat$L-mXR&2;O&p3yAYrV#&QYd!t*C^P*z`njj&yB;uR-*?4_-S!}Rl2-pQ z$YKUOQ6P4b6H&E(Iw)pCZwyh)21O>HnQWt1|L>gLleeZh-(isNkbRSCM-k_v66`Es z)qfPLj#HwEZq725Ytm$4pa38*_}+ggv5wA zr4w<;B8F(hblz(p=9|$`4awF&9LcDz>Zs9X^LGsAHsr0tu4wJ&%s;qHWiZoePhfA@ zMn?jx2y$kPZYo|;1IKGpZq2Ef^LYFgfn49HSBX!EZK>FyJiGoOH6+WJ(N$uFCSH<+ z%>f-#gi{29TYYL^G4oq)vz1{;re@n^#2TY~oCGd220N~nE&PqpFZ zAb-gQO8a+fHv4&6gf-1-_IgbvDZ!Jolxb6D2aU?qR#Fq#9pR8UW7y1~fGDyksTav% zreXKeU#1WHr~_kSZH%OuO0BQ%{l(vSvTQrq)Ndn<=1e(EW-nU}xg76XT7|2^SKQr^ zX_)wi!LSBiWW<0av8W17D~+PP?3ttResm%%s%9!=^cDA6VR`(Hw3Un&%ov+C$1pF^ z7VTCywP5ROOhbWzISxB`&Rm_mYp@LjvteAZL znrm2+m$+Sh!e0^aw^!*8I1;h5O`$hd_Jt8A6)JD6g}Tmmi7mn+m&JIaf!$swf`TG^ zs=^)duT*lu46snB=Y15;kO@Sz7T;SNr5k@3(0+cGtG!(0hb(dkN-qBk7a6~ z?3+XmfB3N>N)A#KbPi3crwZ?>nmazqOd>fCK>OWz2V2uUOqt?59D7Ld__6Q4V($l- z3mJ5K{2L0@@t}aJ9nguu2i&&U|ErW|b5lEg!@pD24edPsazQ7nDgL!4>-${80qNlY zO@{x}Y6p^}Wf^Shio6cTL;_-wnW8a~FQ(+$(DtXeCr{qzoM0V~OfxB=S{HHf0Pl6v z&5d9NtMjA}rWIK_$Fdukq>mIgAdBwSn0Uo(1~pV#(}czhkQ7EBLoffW1+c=wApxdc z#*s&BYL=vd3T|r|4oRz)W$$73z}Xx00|u}>U!YD@DLQUQ=IjAga2+fOIZ7%tpjQr8 zi4;+#79iAsDiRW6D=BiDR+cR@rufydpNlb8V_v zv}>Y+)*spuCambo^T$8;&3U+@bL&*veQ;g-2{N5U!Qx8b{#iN)r!bgAF!T)e26dtE+F7 zI1{}v4g^Duz8A3^oGucj)vADtnf_=P}EDP*Q#V;!E+ba9*VvH zYyt|gd?ECX<3oLvoR@LQFr_5wuCYh@g8Km0=Npi2Eg2GjyAQuG44Y`mHQ#YWc;kr# zWNepDXx-YRXK5ANkGSnF6^d*1Wn<{*dN4#)ZyOwn*H8%5Xqtpnmq;)Qb1z{9c?o^J z3+yr~G_-tsA??;MmaJ!9M0iTC(My2TH?EKnwjt!z*o&Z(HMIX;yCP-R_kQPibC@VD zpNJJHkGx%n8VW~+6?qVc$oJ>Q<}Q1O?@;n6MCeu(_}BSK=^r@<|30rR*Ij@0ucwyC z0VBCynXaSCo%b1*hkBKAbK?vIdOY&^p!WM?OwDJ+}=vcAZNjT|J&+$mk@ry zgOw8UcTA9qNoSkieDFFCuIyr~M|lh{V&=e9@i1SN{30RFnY4*k6_OaiL-bsg^c51% zEaC_^QGO+>|*eAsUcD%w?lPAk@?$cq=WupvMK8qv~1iQsT9Z zgNbtTz50HLQLXhZbNEhc0L<%_S-j>4bOo%z@-k$KNE~;_qmuJpoEfppfez9qVETTv zu&?+t&A(u}QgHvo?o3aLSdp$@!8H5hWx-G4b+>`3Gd{R2S=Aa}k1tVWWq(397U_o1 zd{OYp+~8D2@U>th`GUDx$>DPq4sfD%@koLjTz{0 z;aX=8OKNYCWuG5Kq1ou(IHn#=-z9C$sopsQeoWs+8H1WFY?_OXH9}@R2DW*_#&tTZ zs5X{se37vx!xf4{m&1c*_XGEr0*Idbp(|e!yo2pyhNGSArlX$o$m=B5aWLL-!xP8% z9IWFilE0oqoE=*&@%TKUrGojlHIZSjspDGEMtiDzv74#{w$yfh06UA>XkPrYIQ(m~ zM&j3;E;yh${R&*K2mzQaQc|tV**(md^&gbFX0bu+c&7)FW^c~h0Xd))!68-X-ZVYt8 z5^hz$Na02&N8R*OO z*6kgx`x0x%Ug7)!mK`!ULHn9-^u>pa^F5SyAbZ0)hd5x=Hu zFm)@SOJd627|UpECy{H;9H=0|C6dIfF$cIt=-V)imEY{&d98byTNy|isbYwJ#K|HJ>cpOqIH|7+Q9$CQuGdXRHO!(a9z%`}f@X<2 zKuzid;F})Uq@+#o6m++WfbvQrnp-qHfD#JP?sORHXG^v+G4}s1G)1iYF2nXHu)0`S z>oA7VN=(U%k0W1Y%#gxmW=aet=gh?BD%5%3F(^}v)fzlRnw{|)9(wvNl|N0M+Bit3 zQ8t}7v0{3m(uux@xrG#C{`z`Afw1(z*XPN?;R)r2%DdoZpbPF1!9DBF-R~h*rli;4 zVbh4WD`%<=KX2R$?wFcR?x(8)d}Xx)=Pc&W*X&-b$>uj_MTZ`VqFd;_mmq1aYVUm(DRHKTO3`GO`am0~j3H(=>V% zj?yM&&W>4&Ku7S&*_ad2V5ogGQYoxhv8&KKQ*>9A&7+6ihGX`;WlAmh_p9(te@RXc zZu%Cl=5T7ew?KS0{ICFJUjs+{5d1^%{rJ~Ofk%OPML{l;itBp*I>htAc}^7Zqul&n z^dgQ6Q74BUjuJI=N1@IlqzzU(c#a}NB>@89RDq*UIw|{_g#cHc;iMCe=n-@1ZpvuU zz5@cOfdwT8noFET*i8<)i9UNa&CJM- z;XNe5D%An=44ROHa!j0mnT;zmqc? z?tCEw*d!}|Y(yN|sy9t!liMA13nQ2j934MpQey#OM1_OYejJGCCNF=>XykC+eu z1wn!pS@h=s-@^8 z1!+J$q!=+~xB+Q?%pfE3hy*T)qdXB5mgJ~}kQg#wFenxj6S4{E3o7!M1Sv^;ln7ri zsW~Yp$rzU8*R~|vdXp53fe45gi#v6^p-2c4mY7Knai$SzL_DQfJ~b(X>pRIrWq9Y- zTRI5nyZFgwaP`kGF*oS1suG)zd$+lK_VPTui9*twnt`q1LH(%l(lw+ycCm}-IWJ=e z`zRjN26K@sL9g8LPdel;oq3v#(A2nj@du2TU!LRZm3cH6!)^vPA!8O&>Xr{Z7_&ZQ zCcpJcQdmk9W%b+F>-N-RRn$p|$H>1?b{DQUkPN?GxE~%y599E!I zEB{?TNJBuNYy+5D`~dy%UtUf8C;jlxwrtY`d3!(t?$GrYD#>$#2>oBA;f%jX!(_t9 zuc%dqKNSsAujq%qp0ao4BUR`v43F5ayH;-uK@e_aIITj#+(Ej!<>8{x2yf{)NeubX299=5tPfw0%;Gn})2O54tj zZmoa;z@N3zN?{9h-jVYhn@|UI)7=F6Ozx3#C6r@(KF}j5Jot$v9Feh5zu*zc%wLcw z0?<; zAo!m2zMTpS&7O%+cwhWIE$A(KpyBAv&gp#*(aHbimF|Bo98XhYi@)p6 z{|GSbX5PIb^HS>%;a-f}GyvTBO`k+0d;B#uV;*6g7+0nS=5WlSHFAD{_Xdd$GunW* zaX3Hsf7FaFGtocQ%x#*@*v_n%Re(0Mv}YrsR~X@4wbe?rnzgF@VQr)e(|3?RfY% z9$Sv!5vD`EaIAICWc zkd=^l81n-q~; z%MG2>zB2`(z2np8OG2NvGnc3&`n57g&dzNb&yc3K%!~6+O3r~;4v)2OPG*yVE7K8w z3rtE+FCG+Mh3##HA2SEs^QI2ixp6b=7Vc&!3~IkE|X>spx8FKAoPv(*#kon*vV> zM-E7~L+S5Ch4_kGnp+kk*(jAF?@vfzNFQNWHb7ye49{gjl`0VCq_kwcq?zdM6b6mA z8U!w4W&Vj-7pz~+Hg}8|lSD#l(oTG(m&nUW=tT_DG>?UgB}EF=woD9>a6!pMj1B0h zB~U%n{bDVmfGJNYoeCdM4_xISyPfJCa&EO%Uv5)X{cc>?N-&7#ZH~KgczF>Wn9+*c z6Z^LCd^5Qe><(T=s{$@Q`{LX?&!l>!n#2j^(Hmd?10iRm8A8#EhC{zmN&s)fl8_do zeeLN-eX}d|Hh)32pNY_J>*&>J5Yg00~k zg4dn<=iL%W5>nO6xT>-CJTt~ef0Q5Nvv70#^CWM_0qP$GTi%#f9f+?azir&6C$mUa zI=VfDG#jRig-v=Ve;X28(^rQRSz|Xe7t7*@ayVEn8?jjzU$zb0eegKrJ&!R?L2Fu} ztdH>Xy9%3a9V{Mb%egTfdkeKn2Eo~Po4dv@BN4d583$p4` zW@hBizNhX({YdThKI23vQVz!2NF^3GKDv;iMpa9PpJ3402Fb7UPQ25jQ(fSEMckKv zTV14#SdM!KsJrU_W_RcxHgHp=|J5DJN>Ifv$6rU;B&9x!kRV!DjX_E4Ej3VHPl|3N z*shaw4UdS6BVe}Q^4fnf1V^|T1f!BBc^SG+hnklrQk>68>}_e0l>h$!3H+ov*fnH@;%E zKX=NW0|qUH?0xPx5Y4wW#jreR*|GA3w#^|2Rqok9Vq@zowVb1!?1S}8bnd&5vc3D# z_loFn0610pg^b5{Jax%jp7oh^?$N&S1svnl?iN^z`-D!m^t35=I$ULL$rY}E+G6j* zC*;7fGvOprxNKwx^ua?5{G@R1Ii$q3`W<^@fT5B>LeElph&}W+@gU_(c zUTywup&>p>9-~*z1kD|}4i4To&`{d&o!FQGxurbCpyvFUWr5YF&~<@ws{||ohdL|) zcb+HUS~BNITK+Bp-}fR1;U?kYS<+R4o%7=9rgdWZlxWk`X-y~rZ`VAdDpepMeKK!l z+8u&8(I-bGdS_k`eia$Ls>NzO|a-sg5p=cvx!!-Zw_KZTO2X^+WRxa{*yRE^bLNIB+OfXEHB}j2ITj)zYkE+ACN)z%kvYwU5lrG z+xFx6l$&}1oX5NXFVlag;rI^|v90oY3?S9l2hea-B*@KIc&zi0!cZuv4*MNfJ!?gS zWfUN4RMO4Tfea|BL`300fl+g_>8!RX{+JySo_dhO2(w(U6O`auVu%mvLB$mjB@L(n z=KS;>2KdA!&>KlINI5|X%HYD3L&DY+8+#Tb(E&)()TERoYgP~mN|%RocN|{Y-BD<0 zEM-|lvzl~1O=2G-Xe*)_2NCK7)5&6TFoqa`RmgZ23MONokWQqJVF!SeK? z)itRE)e=$GPI{W{}uJLNlT7r%gkqcHqzdh=2jt`qZEnpk#u71q7zj6Iqap5JAyOSC9 z-csf88|)0RHd#T zDZ>QH+ka*HUU3_2LxvK{5J~~R;FBvdHIdHDJ&9-8?Q(j1La(e_qzin2BHVf+*%r7* z*PsQR<9$ReM^Y(VU>)VzCpV(y%9y=NGP7^krE)>JDqm=;KJ><1{4BcNh|3b9|56&e z%vVuKky&k{MorVq2uPOc2v+*DVu~^)UZ98whPd+#@})7$qYr7i%M_t($kwqkytP{S z`uzHM=G!blq^}*p$gR(IENOlkHUn8IQGt(5Q@kW<+vqgi4F%`Jbl%=pD+xr>K~g{{ z<2A4+L_a*7NW{P*oFkmu`b`vM_!NjTq}QD?t9D&vQW6^&tOL%?fCn@KXO_i)3rOf4 z3+%zlq&m33U{&tconA^$vZ!XjhE8kq+tWzGw>>Q%6TNkbHr?;uBc_itkbxI5zEbHOD%I^`0V4~ z=DGi;n%LaQ)YSU_-J|}mx<{2P9LE0@4J8YBt@Hgib^!iXGd70KmUe$HoWF+^0xZ>@ zl7G*K`v2+L_`XjA*~Lf1&C)Y(Z_7L&_JZ&z`>z>7ZT+-I+|xt*7?U{^H${3fn=QIC zVc8g3{lb33P=sCv|C;{k|ydD(lj1Xc>CB`cK)& zOh*c}Cl96pBjZDNC?k-Xzw)74eu19JS@j>H)Et;v%QflErbJ&8@PS?Jd4iMM!2#9NOUHBhe zoBxl!cM8vY-`a&^n++N@R%6??)!4Qh+qP}nPGj3{oHS_E@9CUtt+#9LYk$`}=RVli zUhh20bCR?1AHOl~aRX@xi&!0MYnOVI1>`1ae+%&=d&l6gLB`=It$#l<9^#2&99eLJ ztVhTk>WkQHF+73E5SQyoC7W(4v70_S{6mu@Dt|XtC}ta9gWj|G2rI&jFLwV#S=rjnrlcre~FvLoc!=5k2Z|}Y7VLI0RE5pP`~CD z{*_1k7ePKC=`w>3sq0cP;yyu0^EXAyin1J0%woX|UMHQ8a*g&{!qt7IZ=o`ED;?PU=$_$t->|(B`CVJ|O+t%0GdBW}j@j?Zw zcL`-NU|IAzstXwNSLiQ+ zr_h9ySo(co12R@e_Nv!=?URsTQ9eY3Q?4c^E?g}R+X#4e{eg#s@1Tu`^-}8KU%~Ay z?2FhUj7SBHuEf+eaX-6r;p8@9)iejfdh>{(fdwM>t8_=pd8uc8r(c^vAS*n2#lWwE-r1&4m_`iekJqKVT)T2DV_v8zq+SrGKM&PaWt2-I=)X-@3;OI`4^+=cN5xmh>w88pcJ)!^MA>8YVo#_*B7Luoa_AT~$4x6L zWx#UrUCW|D9Uo4NQ*F&q&-XvTHovZ!e`RH`wXt_}GI26;F#3Df{2#Szn(C^~{qxTI zR|o?CCVy9$_(?JBI-(FcF>*;1STOL&YYz=;BT~?HNu2xQ3oHV@)+jB$*~J*sAa>wq zIpz78@wy)dZ#z|D9*+tNLLfXwP5I^{tJAwg!R1tbRmzwd+vNRr06l;MKo4L$juhml zh(w5z5!`OK76Dse8^CkALgtHN>os{M@>&;=elH;GZLNPFD?r7UOM;kh$D3i(=%_=2K5nE(1hw&6A^M z6fsF>8%0FzElxnZIK6<>U^mI|%jaZ}&A5KT z(J;sK{x_iL=Q9eLS+Aku_rxp6-UTaj5HXAfcwCxf2x_F_S!&Y#o#y}q*)lAnb1=@F zawW|gVu66^kd=cbTz}?n->51JTm@uKURFBbZ1+o=tdoMg4d5;R8TOdR-7_%KFnmryl_Olv$JBsc#xY7v zni030dd_6@C3(1!{3QG!yoG{CqRm0BcD~{#b>Ln*us+?3l)F3H;g&_0-C9 zVvTzp$MVxMg=|iBCo4FP3kdo^$k|%uu5ljC(%OmZwi4Fw5M=t8XJ7)@B~18Yw@WF> zK^1Y;dE>F6DTo}LOF3?59LTM#5jUx)VEcM05aUQQ_8aWjir#mxZB-`Y>RIB6PhP=q zG!stfG(3$>G^aZIS{7-GmoVrPuAf0v;wn?lM=dAK+xeSGn!W1esj!>HigViUG*frd zXcbSn6)yV$uqo;`IC4NN*=w zq1ySjNlTin@7#C^!e^Sqb05pROfuPZ`{(9)&6yAW zh9Rh)afjFac$DVI5)2Ng_0fhnkcK!6bd;~4ltCy);!zq6d~qM!)I)|ej^hj`I$o6( zH`L_vg{-i@f}t%sKwqBRv+?X#GV=tWH#>n(86PL_uD;{R%<(| zYRs2DU0ZN~9@Jw@L0xsJnb^>m%H%T}Tl5^fP-f+}J3TwFa^)DGnzdu++??9lXXt)A zTu^#(goLX8LA}R;R??NXJ?b?l?lFwWod$1&0`|RIbfKv_7(3(I%6A)J#T3$WCRq80 zEk>Q74mjQZ>d_}Q=HVjuU9{Wl0bsme2qrySq5*D4>@iDhKazNkuCU)n%f}5r!_9u+ zDi}2YpoM+KphBb2UBjb$2tS)=$G25>-PHY?0ekF=I>~UbW{L|-cj}TnzsgZ}BxZri zO?k;?a_+BD5$WZ6zJ>l~r5`wH625OGe}Lh>1Rc$LFCilEeQ3wb$*r8}OWrltk4?zW z-mFKTE;YAqKfQH+|3mcUujAWaDI`ZHdkZs%zxh`Gv-nn~Toq+TfJfK>;Lh^j4ov;I zPaC=F894qk;L=E8#u`BD^aRjma#o61z?DJxIG;QXd!5~+VB+O)^)x2V=?uDw7F#K7% zZFMQ-lV&BuAr$O#xv}V#pcN&QYpq?F>dM}K%NbeLaF&#8S%ULh5^c#zXU=4;^8JEyBwATc_~;~d z#_*|7-h+&7_d7CQ9<3&RHt*xDsO;6&3kx*({u;FWgF+T%CfRq~_EqXxo*XOp)y`#v z7VMQ%ogmLDLxd+j9m?pKC%*{qcVYv!J~Cl1oyida1MS3csfvE~9Y z-DkOav@?p`j>UCm&!g|G!;@X>L+h>5_SI}`yC?Bxt=cBvRU(;GKc*TZ5{57uym!Bh z$o8?4$R>Iqj{9PUUpU*@uzlWQohS0QhJJvxCx$(H7mUHXtb>P#uRB;h=cg$ zjW-!H3?rPp?}1p7<$BMLwTB!bHb6|ULXazPxp%S6MglD;;6n#=zorYzz>1XM} zKl%|vBV9cRZVPjxV(@#GU8{nv+l#Ct6_^lXRZfX9x<5glPnKkdUQQNrvvL9a4Qn3% zKorD3aK$ADyqPBuKtOzd=D_uj!u?(9`d{i3BgHkDHNKyLQ2^!_5Wm7*tVALl@x1w0 zr4=wR^hB2HRdxO9jSXq3$EQhGuka9}6$j3v@xeVwL|Q#kRsk$zf0`a^a4?dsZGZI8 z$`%YdntRGa6%3e3P?k<0robQpXmY0gK#YJoii8FG&gSDWT%s!_*jQMj2`C?E`F_z` zBUe^mA!87IfLBtT>Z~>Nh;^ZF*)*pZQrK`Uv3ZuS((ya)mqeBlp~chUbuGV~EjRz@Hr!qN!)bAb|3r zNLLy+rDMl+XSS>zfTMn^b6u%(s8qyeVAvIOU#`G0{M!YTEWbgbkffb}UQb|` z+hZQBpj)U)3a}Z*7r6XqDkL_>edNo+A_Tdj0=KXh9cvHCO0YJxI%x_PhFBa+=|Ybz z7_o5w=`e&sG>+t;dviHmDZ140!b-$1o)_UELs_hN{r$vg)PAW)HeOfPpGBfMZrFxn zxB8hY@($6T^=_e_4YInOPd>+G8Xcl zI_awOicsXiTwaPbCZ=s`!=A{Oye4lAqSU+@xXcLs!24|r*)kb&XJY+<<0{`roY`sCY!dq9j7I|a@oGF=h;oM z6}0z<<^}DAcUN1c^!C#er=JjFJ#>+H#1AJkl+>-hO$1I2%NW);S2N%~!`W3o{Bcl(RfPuBxx9-|sUZ^h;V{ zs`7UH`1k2mp9Uyy3NXFW0lvgPMe+W}SNMyx@LxwlHj){PpR=p9GkOA40kc_y=tnqR zbju|clIQzOyD;xvBPFM6kd>K2pdE`}C4NUYi89?WLK1#{oocQ#m2tz^sD36RDn zbKLH-X0OQGh_hN=9mWqt% ztu~AxRa)as6+#wb+{fqocx z^W#}R&#*cC2`ca4^$)!|TFU-e8ZcxC1BQ&hP$mD>q@8}w8FXj>K3LT<-YO;h99}co zA~B@~xI#vQL>VoEtzd@Vge7B~=WCTOb!-t4agEnS>ruw(_M|_jD+-o`KRdwCJs4?` zD<4r&bIm@IPBC)472skmJ!0Gp$l%T)_M4TXh>RjpoHdVSNxJ`%h3uM(OqH-00sKy1 z6rU{oSPw>1o@l@CoA7)my7N)Unan%WMDJi4`D-rBDu7Lq*lLM8AvSE410n2JP5ef3 zXAC7O`Si?^;V9#sjG7ho@DsQ8s(pvTwBDh_J;D%VF4XAL8>g2+`3<%R-i)W_tsSui zbY4Ft3~YbZdDoGeCgMa#WhaW3@vAQ@-FOMZ<^=Mk2LVT!sB&u-?`$OltC~EV7Z!Ukk8{<(&)g)5IBZ#9pJ(*sQk3ar< zC-cGytNf{Q;`y_C`0t(UZ;{h~w#eyyHRZ!)lS#zvXQ2Om-LU=nIn>}^8mGUNasP43 zxc_a@{7SC+3q|vb$mw5G)8EvpYCEnd17efWSUc$sj)+ebOH#PJG?R2Z;mD_WRJ2ifP5N3?ia-r-wjqEZ#vYQ750w%SCRwXmZvIg1m?b&^;cr zLX>dd?Q_#)-8O@4#^17!hJ7O^;O#fa;w}_UGjZhLkJH{JnaD!$Nx-_^4t6^8F{GSC z1;F5^w3R5XijQYBNo6V|>T?qWH~~X1BE@d<)NML$S>3jms(LyOI@r(rcCfc+ z!h?mv5C}wS<~Yi(OP;m}u4&Gsa3rwUrd4_Vd9bg6=;bi25ab`NgpQij-fnjn0Mq6e zfRMh@1PWy9D-Nc1Tkj1t5Ab`LA2{O_eFpR$PR?zM&yYpbZwGrbi&@g)z~8Ci5Vc1+tvb;%JvvE7IiRc(mygPX4WIH# zE}tv$NNg&p^3(f|QyruiF7}84)NrZDO$Uu`4*QI2H=vEW3axB)%Sw;bZMH(YC+d6` z+-3^a?W1ehaeJvB3hicwmt!E4(l~0vFer^dHnkG-B7B>1XU{t%{>_iB5p&cl6l}OV z*D*XK>h@ya8-m%md!vcHR)K!gW-o^RQ=4tm?if#yPGkb`3d8)el19O)O_XrY%JCt5 zHqT;YOp6KZFDSznI`p;lTeHCfH5jXZe2DhvV@bAHn36 zo4j!}q^VN0991_H@^gW}Fkh}B9_gO9fS_Dm6}sXWUP4j09`bHYVwFl8iH?U;**Qpx zc>Zl>9esbonGmijjdyRR`smS01S<~Ca5KUEmA`Guf#geS?nMh}+iT=ScW+`Fq#L*u zNCY11^rL((JOJf^Z&FoIZLzyg_P=4<`fp=`!T_hS6THsi2Jgr(@kXM-&=y{BVgJcT_~>CTp%JOl>-8dQ@_6%=Le&6^}wQ=awQ>A2VfIkIQC|b zXZ7d2@0+|Yn)j{nZD(8C08Kvb!3I0cX+!`otRZFNxbvM#gGP2dK+6d7alN#*U7?f9rtnueR zviQmZ5+5FK$!c+pdNJ~aC%UP7RgJ9+qBaQsrzDmIAN;F~`}|#X+Yb=TEbBY)2>59a zExtVuU+ten<#X)WqMpEd9LOWP4!>o^>Gf(+GTo^$mT6x|BWKUANNrQ{OmO`o(Q&Mc z$}?wl?mJp@md|=|G>X+l{Fm&NpSam4A02@=YAXb?)hzQNSGHRU?VhO(Y;l`Q7q_cV zF;jkHyI27B9tgnRBWDL8UbIa=8D~jDU?cwK^dqfb)01t$EX$H{8GqX>n}^J;PPTQG zKLc+^GmfVkn4R&k_hIt)y(bC4c4=plj7cYIysXJ#M7Nw!>a0Sde8$O)4W9)BT8`-e z_8#z}+@wC&+?O9+0puE$^Z6jmoq#_VDuk+AHi^pXZLdcr_T^%)e^9Lb+F|~}Z2L!f z#NSQkKeoyIS}A{uiuwD{@&`S{-{R^2R1nTn)cR-<@EHAc*8B@I%P#_mUtXh(xRJo0 zARMZua3mi?L2UFtnctyXU5vUY1w_P5W0Mc8sN84Uz*(h2=QSWUJu zfX3cl6184-UlaI-hCLshm6JSSZWi`RzGYtl~P*jCdGIu+pJkGuOxc)C{0!m+hza==PZR^S_x3i+=Cny zF@f13h~xDEIm4g%@MKh$7F8POJ>IrjVe?{Ar+fErWVM008BOA zuB>W)H`QF=T6aoT0oXGrv;#|)l^R;KVJZ7hr*xY(Qh)JjA|rEfqOL(niE_WW6=?n8 z1ufsO1|AILcQB}nNqmV8{^Jjq=8DJB_e+3k;rnaV@^3-`Nt>U*$}N>hMw}_Ea`bs9 zaXX9z*sK7``AiRxN^emU^vdTgEIbMYWEAYZ?>dY-nUF45M3PDvRJPb!;Yjd#1+qmJ ztkC|pv-xEK@fy9-37OWu5==Shek{`#{t*i12NBdFq9z-DP|DuK5%wHva?*? zYyvc#0TQc)q03|^8W8rC4RmI=IOcvR$|R{8js)oMzl9_DN75xK!Cxb&en?;R%|gRo z`$DLjl96dxEFG?GYoc=FHnV4LaO4WV3uF_}PtEIh3Fp-B@^V-G`5Crqej}WU{9L!8 z#eZlD1yWQ&T$R^Rp#;TcvWty8dJHBHmh8AICDW(sVTq3oVB!AVEEC5&XopGKH-!Xp zm1*aY&NEjl{_N2zc0#+lOwfX&k~g0z!OjkxKBhtejkpOFRra@PiKE8~(`1IMIeo-3 z<}LbMYK1-e{04GBiuNcEVRzW?l`y#C%fGqzLg6*B!_ASMPaGYMRbb*O7C#ISD+H9G z3XOti?d@L!{YJJz2znnQHR`6%jOemfC=Fr*v*g^PuvkZIQHCY#KYfhI6ozTUHzzsf z&`4aPpCWTVI{|C-<6%%J_vrfr&*PZpW7dy*Wv|E0PybF#`1KL`3(e)<#Hnr6<|Weed<5H2SHMR_ESVcSrkynM}e&((Nw{1?V|)4B`&o1(ufTtl)!Qm ze`4v$=$C+whEi04DpH*~85uK~>ZdV+UO+A!7mzw#05lY9 z=SoPL(oK?c5cXIZE>ha6-a8DeYJ;BP>>$B?cqa<%i6^pmJR8ClY2q^X9WE;f5wU;N zk}FL235a!WH2K<+E0drt5TL97G#vjinXlI5U9h#J8D$Ss>Is>2+76z}Ns8YJn!mER zK~mj2$vt&p2AI@kxzUNd1f{A}1_$L7U428CCgV1Bawm;sXtaBGUV1!CWj~1o-Z`4k zJH{rtuyaNkR~px9OjC3|-6?4xz2yP}XVC1>26L7ZM9WCO?$1+{m0hVpQ-Da#(nFGyVq@KsbPaALZF{rCS_)WFk7{J0JW3pO)+RBz3M#oll$2 zzPArpMYzMU^uGKxNIPfc8?JihhofTRmM`~8q7w)zJQ?jZ$|auHucD|586S#|M!vJ( zWE>J|Eg5#08EwfeP%!i6X1ugx2W}yDdt*8w_Uz@aVR&we@z2GaU4cKsS`I)cP%IKq zd3qc=QkX^3Rt^_kPn!$6s2*8XS6{zZJJT(>K|k0}9PHfQ)YjtF-MbiWb6L6(t-S8} zfy2wq?yy?p8w*X2c)_d`*U&Z&G25BG+Q6G3G7MTxtI^3sAxl%zb>ly ze7mQ4?`f5)9KQ(jSuCX*Yv}qJ_cK?en7eW556jM`MXKR|2+c2#9x_cyoF=oH&n=tm zR(BL*?}!jP9^5uJA%FZ~`;CL(_8|apc$)#e;!g>MEcL8Sob*hL9R6V>_S>}>fSRzM zSIx@ZEoU8D=jBy}G}LGxnCjB0^f+57vUoiK0%VAoA#wZ1A6VnLpj>@SwDX~t`5KTo z1LjB5qWYTb;_!BKMdwCJDt+4<*w#U{XZ)F=7W;L%86>QvzqMh1=sd*~iuv*Z!Bl@4 z7!5F}dQ;aAb2qe!nmVebg?P=@8ssdW0L9;#m_kdiL>il~__KV|R|{}enq^%j-*v*Q zR>tg=f$%zRSfiI3l?m&YmQ?#~^r+ig82WO}976L#fNT7{;dw;PMXSEmdt?2xFD!uP z4KgJ14zw!gx>E#G9KiF|sxB=3&C2`0uFY?mQsO7iyXL$N&aeQ$^Zu+Iap4drHP;Yd zzn^(W*~%`JMX}Ve{8`P=VX6Ft9!%o&sD#@{OPh})PI)YB;NE`sACx6hSv#D@K->4c z{l8gxrvoTUv;fMIue1iAisiP2hT&im|7P9I+I3?<^S1+%i80GhJ=frP(Lb5q!x`3) zVz;QCQ#Zvl1V$oUj~85=1gUAa1IBn4R>{^sNlSRRi){WtyU7n>9iVz4K$q}v#_4&myquMW`KE6RrgdeXEn)CRP%;g=N z+t6%4J(IyL)82?t3aJ~0HadGpIJziC0M?O1*8VQ70nbs~>&c4nWy{!*{P+qvN*Gi@ zb)KhR#Em%dGUbG^C0vEy47tDz|9Bpl&Uhjb7NWl;8VTWuc11mT#y+(+2^VU-sU7Bu z*0$73ya;CQqeLm))L27FF~6}E&Ta@dFc0}bvCC(_3IwF#^4!hL>{@2IDSu|k*$i|) z)WsL~5lr?H821TGJ2YZJ8RH@&A8uL;(i3GoAa4SbzFB%<1Ac@6F{;m`Ze6bJ8#70NxEu0i`5*$N?FFCvhgw5MTUEZpCswfs?Zdu-Gw0+hfV;yXcUYY?#w8S~H@% z9^)byn;^}sq#1!PBS{4@v12RkFgVvh-QX7B)uu!{v@$$8c@HS1eBIFpktB}}azWdG zIV@M7$DM8hM&0I#@&&sIjwgT(0_yjHNIZ-qV@rfo&xfPNJDH@Krh-L57WKjRvBADj zqCxW&nvk;x&qw?oLM2uyDQG#N|M8A3a?i0bxh2&>5OR`cH%+RF$ZS4_OhJ!u6pf~W zx$3HF)>B^=c>Sb=IRL3c;9d_Ik|SbzCJd+Bd(9ZQ$O|7%b>IWb5g#?cw8my8CGy@f z*cj=GoMus$B(}sPY6hdmsBO14x8Y83_Q6WS$Uzv^6vSR9ZcAWlYgv#jicaxHrF^4n ziTgb3A?g}gbtV4dyYS^VJkFE1I+s<>^SW@x`?09cFOR@*8k-!@T!+1vI9FTz32=2F zXXwPTRNJn@1~ebtDMWA!CBsnrYr^Jgd%jdY7LH5TXlF3qSa`~!3_?fWa z;HofwF)pGoVJVajaZDH=+~9JEu>!NE_m?-4R^0_d9)vF9M_0%2Wo_<>?R|0vBOT;J zyI?*eiu?fZ_+gRN;x#v@y2q|3Ou?E>6*N~|T(qpQz@4VHQ42lt7IJ2DzY(jS*>on~faL!kZic9_L$f6t-;CK%sEE#*(2pOeN^DGu;gS1-|HO^QQfG+W2TewoMhr3VdVf<*NSW z*ZSYl^lm9*agnDB*q-fZE023DW;L#Mh$e1`s9UyWEy_uJq4X2pRa?aJ`v%lX;6HB` zitMokvel{zc66af3HVdPE<)k~*VLhu1H zO<-7DhdGFO%nCZ@!QybtoC_*WS@or@}OBKhQyeao}!yMV@}Pco=} zUD)%zEh!~llKpDhlpMJPq#}{FVx#Y}eER{s2{Cq=*7*7{Xu@pHKF@XnscWw}qH@3o zR`grMddHDqL241XypGUd?ooyj0s*k50aZCFrS657h7L>pie%q$WUOdiPvId|o$?|L zsS)gyZ5SVL$xUrmU)z!Rnn^9x*877SvXpBfQatQ(nvaA~qXiO0v_UhULUQ@R3#~g!uY3X}EfZW?vXbA{3M}Kr5v6o{k7g;>4 zpI}YDl*8+?pRlZfT=SXcZfOJnodiN}wZm$H&tW`_(K_Qgz=@-t8kYu{0jXA*>6Wp*S=d6Z}Y3{&Xx#q1KJsS0XL3!h79$ zB(U|nG+K~`KzK4sW-_UZ2sUzF^QI5GA-yV^Sv+9&pP^1Lns0HNHNq4-=cNqCKBYOC z=A|et8CN+*JxKSkY_|!WCAeCB(72AU6LUk#qd*j_coa0%*bLycpk|eJsrV|LgVUh} z=9F6{iICIvC~Y-X9vBAAn+dAV(VZ`7f!Qh|1$D$!8-_*nqxWF^D8OgRhNvW#!lkP} zQ?mul$t0|_kZHjUvN5LwoS%mJdkWPlkK{eLH`8?ar~N)NzH)h9?0sPt#STw+>ptL5 z2;+Q0PT0+=aW|;RzmS9L4+D= zMj)B4HfD7T294eK5F$m|5YxomFE=tIvB4VT-* zMl{)^)r$xLNrt9r? z4|U32Ce}P_lBVZ0O)A$C1gAb68N5Ct#kmlYufhRJ&VKOF8@kDS#mSm%;1u>S$!(y^ z(N;I!?}`d>@<2qB4WH*miHqqlajbRds-&=~RIcv|f~G zxbZbDeI4um`$b>O+{!u2Mp0dzRZhpwSIu(w_wuP8_P*vgI<$;!{QDLuMb{=mOX4Ht za%3sy*zhG3XFmCQy7BVsor`wNkvbpW>0C@*?#SftoL@ZSZ7LF#e78I&({}LQp{~I< z)PE*pI*C0+)jWR4EaOohG{1rSI&(YGoPNo&W%;@LRU*(_DY8hV*rWuzWdo{-ZmJzi zud>d0+2?dgnzov>eF?=wa%7%y1|xQns_e1BtdnTgUHJ9TbLG4TVMDN^R3%*W4tWVJ zxs<1Y(DGC2sU)TTNhu&4i~dMjH8(wM+`5QiR@KBPF;zz+X+Ld<>+S?%aG9pq%QH$; zX!3hVov6$MIKdZoq#0y4obOa}$)r1p(jU26u%r4`1oq4AsSt?~o{HYnjv8!WB{zg# zT>7_XI%GRe7IJ_Q1kqM50;Fn3vsRg7ng9GHS?+WZzu4-ic~mF9=TX7WVfsYQS~w3) zLIVzTIfn{{$y}&N%2?G~aDIU~Fdz(1wjILss3gZsISLH|GOogFZ_R5OBM^}$7d+f4 z8sjvaY@o-XpLgE;d`8H(gLR4iGKfsIB3{IfSS6DC)l71F?8>oSv%;ltf5j%5c^GB6 zmX*dj+>;H5cVV?FFDy+@6G*Z+)|&7pzW$*N(bEk_>z&CL6D}d*w?O{J284ZXym!@w z3iqLA+6#HGP{EQ``?}^ALuEeYYodF*x|E+{VxYn(8-*Y(AU$r)%yS{1DyYVgCB8uw zaZVp&kdu{XLoP7U1+%JEvF+fdI$BH1PsFS#JSxS-tKa0cWte}kyG==wh zv%N6iT2kc+Jmgqz}d6gVUxY=h?1X~}xPwT$R>idh7X-8JBT7vW` zcp;4)o5@F5kC$Ckedq}IoA=}4yyhvCB@#}$H-!*FaVNZI*WuN0ipvZssNaFPlkb}F z&6&RIjoyC{Oe#5jEvhbJeEHH_*QAktMEu^gx!^0Y;jIm-8&gJ2@3N;A6rn2d;^;xV?Z%o#Kfe@@volom3c89+ovmM0E4OJ!!!F#+SwA&1U@@IS;+(asE<42MZ8h zObK?>>9y{dmP&hUdrgC7(YWj^Myaoyg7+nq_t{_|tIgQbhYjbvC(9+S2Ffch$s#D3 z3Gz8Mf&GgiTy$&o#_gcEk%WPwA2mN4LN-sXcHi8C)?l+(*gx(XEK?1vAs&t1=Sx}g z_Dc6R-!<)2xSM+UFIhGiZFU@I)=l~cKX6_;e*Bhfe6`jaZT{`}z5PNU^|fS9`o}iI zo(Luu?`#8eHB6DixrSP5xF^tx=@2Nry-Eu*Z_mIfsqG&oKG|_&h_xC41QnOV7WVGi zkuLMq&Y0(^tDCpqR(!~&z}~VQfTldTnfqnc#l2@f&AUD3YK=*LBfoAi*?E8yImEW~ z#XnZ(V&wk9<>h=idUkQauaVV?HdgyEoj;uQ#3TL6!#|(6(@>$(24#_4qTns9FQBAn z_IZ`RJ3F4elpD3k5U;i-;j=rtWW4Kyv49ieg!^1Owd}>>h;fYd`f-&c+?j`uR>P^Z zmYIF|rt|9`ydd!sKb=7WkRD|~gvXyEXZ~aJ{+F)bD}Ky+jt?#9!7VJGI){cZms$^f zRYXWBRH<0$+*&{S-0Td?g{xOO5!?j{RtI$8)!PH5?LeGu&yG|Ew}wc#srxqj_J_&( zYDq7|8AI|-f_n~FNsIs|A?+J`pDI=?8i)QkcV5bN&7w2MsZX<#-!@u6fSOpDvQ}@R zVSjC(Nvu2=ikO7K7v)tjTk?qmk5_&d3rJ54`71T^uo{mcrIJ9U5rvTeT;FJgf!h>o zX(C-*`~hPmaZn=eA<(mQDPmXwaH2h>B0|YD4da|lw#*gk(wT|&yeUC?TFV4nOn#+o7dluji(V?iUb( zL+8)hm*IOff(z*r&`$r9t1#NALN!)LIx1=ngVkV+pxK^cF}2caIkc$!%#~*rW|kR| zIuH?zN&p>o5J!lB6Dwsyx24eKh5I4?9V;Ss494ja!vXVzV){hL<`~eS2;2M`f@3Df zx+$l2ajq~zn}7Q2D===u!~JR}zss=i8=mEz$Jz#e^HzU5LW4)JZTZ@oHPGOA4I;O6 zfwPYRLnhhX&B5g4tRi)XN^yc73vvLe<8V zymMyDK5mpKmoI$n{xqL!?OlLSi4ha>{a8cD7Wjh!jCqZt-i)Ls)B1RM(7wKo5*2?n zbpc#~3STvq99#a?InJ~51m|i7o>kS+IDI&kfX$I<3p-6ujkLp&SR_Jn}v2ErV^WEpw(KZbMi zcH8*I0?UMS197QAh)DJb!U{ozh;;yQ)$v*Sq|ksw)AYdi42RQZRd8*OwPx~W8tk29 zf{ckR(zR-r;qG=+k$c}CUEI2Hr{iJX#jET7F;VkisPJ0 zlhT^?n#fPv8n^%+F<&ZlFU#zCA?rYF6kSUA^q6=3{b4(Zv$pqEe& z`43B>Pq6#=PR4F4g$pofAr8ieXX{CwoRGGVQG*eX^x6I}{BF2U$mu&{(3s{E#KHM= z(1%i?bUw~o>|cQdXbIui0#HX?Qbb!CfNg z5_%#yAY<~oK539g2PBZ`s|DW>Qp<%+9Qj2V^Mn9}D#wQG)5bd>x42q6(gvPVKrI0$ z*OKMYj!KoF9F=?_p>@0~RXZ|ENib4FPmW{@xReW)`QGu2CEhq%tgNA#`Eds~U-b;v zPmUkOK{73S!nJ@-dE5g1yB|2CwX#aK?<*UPa9^qZ@suM860IexE(|Dz$`7u>ypQgk zckUZT90%6q8#>B*m+ziA>>;u-%oOKedyecPHlFB_Q9QV~Au;qc7+D4ly_$-kzfzo> z7+_n3o+GRahKyauM{twQHByRJY&iFH)dFdFK?cddb^+d}qZlDPII^vXOWAGyANvKo zX>gDT5whDCu8uZrSW%)OQ8~OEfi}VU9>G1eCaws);l#>5W-wpLvQKwZ+La3V(goO} z9;K)U;3Q$!16py{uaJ|0X(R>?BnFt4-l1m1M|@NfI0+1UIL-5ShlK3J^W=U9FY`1E zS^1*=)&yR;D^G7>_BB$NB<)Mn%0d=?98UN?dTaei4e{;RS{i2L712{3a;1O$1AO;z z$8N-yf!ByIaM%Md$7`(iLGsG8-y7HuJV}6Ob;(P5khXJt_m^z-qG{Dat9We_{5t8k z0kt)}PgN~a+#=Oc2QFix9tro_Z}W?v66Bkz#*7N@W{my)Hdxf;YaErFGY>CkU#!x) z#cz|%oD+@HnbrzdSSCJlt{Oz!mmmLNY2KJWJ@(#IE8m@iATVGVl!ZCeo@nsOddj7J zDx$9r(leOx_Y?6B=VnSO#Cy7DiSJ&25U}RGSS_*fsBDg*`!ScpAV$S~T+AsW1X@so2JvUTlUTeO4{6&@}cFtGGVApiK9It;E#> zHcy?%C#$|}<_y(Vj42<6#-gz~Bl`Ys^9v6z)``w}uZo?R916*$?=JB8U!CYqg{}nQ zRl#@{)rpJ`Ou)*4FReHEBD_6J|c>7d+>6TrO%3*c|{ zrzGP4=n?<)6|joy1w6n=L6_cPv9i+2C50hp-pBSpIVj4+dr@|%q$9u}ZbnKh;)Vi>6BLs2he9BFCHL58qZ9}LHv zxiSQ_j<6B;F$LGSlbrbloC&-uNzm!VEmVtxqMTqrLIHJ~3pu2i3yq;zq*>G`fQ2oK z(@GB{eMh0@7KP&# zuY@7d&pG=-dl)#VQd`|I0v1nyDRpR`gTJJS%v=w5tIiEw;>HS}GU)Hv^hQ%blZ6PO ztbC`wVgKpGu_oQtHmWNse>`WPpE8xr7`ia5-VCL&5~k1jJsnylCYLrd#-&4epL z*Xk2L`pA?K6i+`3<#)~80XJMM+B3sg(SHdejjEgO_p&eExxS&j+Q`QmxQxby;efnn z%0Q$3g;2R!OR|j|e5sYLLDe6glsGGSufWG^M`dBm3c0Cs#yylD43@Q`ULkfmyLP~t!+9+dExgb)3u1rRdOwTyz>5ph_Xz=g$0nF$C%bb$ z_~Uy>7D=7vt9p+<9Jp<+lpq7B$xoT!!~GN-txJ>RGjJ5v+Vmlz{Q+<;OhRd#X&(xs z6bhURA;YCtEs}j?LmC`~U^Un^2#ul`3fASLh##8r?kgy9(H$e-K8H8JT1YWOnX0W# zM$PL8GQ2I$&?qeAiab=k@3j;>?Nsh`39$Ji`{e@BS@mc3ktAS%{R^MZzZ@2<6nmrA zSdcnTsUWykdKYQkEoCJZ*Pxisj1LU;s5N|&Oha{2mBh@AAm1`P1!X(Wqn$+JD6mTj zd))hX(jSaPZe5T&{0qke>WCnVdlNx+(@Y+dzjj)*B46d;Bs!2a`iW=oNCD^4ivNV+En65+_N~+63o(Re)Kvbn^Iyx`Qo2s;i z!13M7MRvIYcPshwu|7N0T!7t@&1i0GJEA%I1x|v~v;wMRkOH+)u(aeJN_WW-HFU%>7iB!I!VLU4SUM*+JP(%eFgp z}FC+RPz}kbcHagSytJ1DU7WBRa*}4+?xgh2gtn ztYR3m^gD|pugifHiXgF==1xn*&hY0UBN9sr-`iS^&%ze?GlGT%R!K;@LLTIE~p6HI2Vp?tb9Ei;(nZGZIbN80SkZ3?Y1 zu*5;M3Y*=BJfsJ?ySE&!4Ya7w9U@@{$hH{#2URFzW|%7968qD|$vc%bm!_JGeJuOZH? zDnJM3MRqQIgB>5QCyh5-QU@}<%B6d_JlncT+H4LV8+WXB9#xXfsD&>r389By?11DG z)x+81>Wj_T19>EQ-i<^o$+jqT{je8i=@yxS%d)MBc1wRFvF77x4A+Gdy7fe`-UjgR z*gn;|+CJa-I6F3O{AImFb78$PX!UMiw{_7hsL^Zw{NZcULW}B$#K-}5Z8?Y&m!5DK zUM~B$J!OW(u9(i+Qp$(~(Lwq+dJNvdJ5(F`u)uj5vQD_1M{zg$YaK9RXXsr@D^WC1}5%+>Wuf=YDbM$PtK>l2NoSY*#`{ zhFPUd{p;&sA_Vd0THw(c%7f}WE;CB+q!yM83_E>%X4Z%0v*sz9)qs-_&M$XaBkZv# zG0td{t#v}ewZ22Y)?k<%)aX-S5lnfj5NO_PN8P!igTE6+679@4I&$QWKOr-aRJd>N z1^f_@V>)@g;mMruU%vyPNV-iDV<_m7MmZ^R(v_k^^{j<=%DCq4txFwZ__^14YD2k} zT_&0U?v|@0OFEOcsRjrN+rtBQ0QU z7sf50@~jPf>^SdU2so$_{BWxEtt4Kr5EOpANMEVKxv<}ni|{1W)(>HK$`K8>aqGEQ zd_Dt{reBGT#*Sj(AU4b#y?eD@gf1n1P%k2ENLZ0yeQC;3)-pum@&xrYH~g#~^G!5o zGYu;SIqyTU!uOtW1F!Oy)T({Tq^_#j?b6}ay&gTd^mir=vB-br`wDL;Dn<$M_@bl0 z87Ml9xtcDHC49|_`NM>vC_U>jMkq{)nXaC;8UKwJKzSmXWRg&K>vez-+!CNL@Q6*V6y%b_6HS)bJW)y zfwP%tH5sEJD$ykYH7fVhB2`0PBOWusQr#b?Mj+WJIL!Pk?qA@+WDBvRi}S;9C=AGOl9z#XZ-8}uVh2fc{mN+!lr(^? zZqWi4Ncmj-tx%L$TX?ZVolOfPgF45YCUKPZ#Gj}Isq(~|iUR}hodSv{_uBi0XqC}o zxYC=S_j1X&vp#uB+yiwEso5V;oKZVB*ko6Dtp&*%T*3s7V#w~+4N4Bk;VP!i&`XCs zQU#|mggL0$emYJ1eb}H1R=2HAH1FlRyEd(+U3p$5(hId5e|Ga~4((pLOQq$nl_{!( zn|Y2G@<#5lZ=lSDy<&_Mdx{aMWXjpRi|U!lS|w!qQ$}UYH%6DrRP2X#Hh(MufKwox z2!7x_Kih9v^6_o6H;+4?->!k1oBeJa7$J1+!I9%H4ouk6BWBwDdS0--F(av^cyf$Y zggFd?*m%<79uaM9TNgCSNM|K+){OAu!BKV0$wyr9ac83XNZLtKY0*tiH7F1xNhHab z=Mj*`vF`-}pLl1_`yOmKJ1{m8*JG?%QSrWLbxZVm>^?n%vb4_ch@jx@$PuUIkZM6T z%GR}$+vW2V15#H0I=vo|4%Y<8k$%HFnnKF#w2p#V>URngmR2l!>XcNL5yqu<^+%ah zdZ4aC!F0q2S()ufBzk{?D{Sj32HloM?SrwsZTzYHfr>0OXVyH`S6ob5E@H#fj0`xH zCeT)6?28w9YQ+q|iK$h5EGBzvT);%mKge(LVYRS&aC)$M#It9|zOK>>lb1w5x)t39 z?JaJera>@PMK+ZudCAu;e1tDPkIIV zRF6ktIE{Tg62J)jty=q!E;=g|K;NirMoCbCb|V!EqQza5Edg_H)LFwXE` z4ZcyH4;@hd7PczZKA>xA@jUl&b_jY|suqbU;Z?~+rC7f>9lJ%3FB%-=lG&<~@GHiW z36m}k44%jA0`a0DTryZBN_Xx(fWf*#e4oZa4h-OFVNiEg-$eh;MNOZ<-QbH9r=6CJsWF$*uWpgO&jbD$LQh4*|+@-jMKBi=Wl`2<2+5P zeg9kn#_)ZX_I9IceOd)y!JxVIXz@KJDHH1j%8k>WReBDSpOwu;O0JRb)r{KqRgYi) zj%o$ArhqB`JZhm>0>(Sprm`k@xlmBWB+DEE}df8A3-R?q9j_5tex=Gu+goa1uIL z3#~C-S#V~hiQ4}4*q=OaIkOhfc>H>D zM0qZK3;YJ)!xJ##geAW%Q>}BQqtqi4iR7VGXPS-&%R+-0MM&dUE*5BuMNfX7MBntEuWEj!4RWcYKszs8@O{?kV5gYG~-@)8D z*nY=pD_PTY>&%;rz*k9s9_XXH2V6|YLC!2bj!L*mR+~9QtGcWGybaOae4zCI^lS3M z96~xcpvu^ev?{jUlOpnFgz!ThLTE)7y6!V!iH6nm$Nt@KrSow8iRBq$|Dsq^1|+2@ z$NM?})4Eg40kVNKz;WtWkK{;2E!je~A2)`ricT#tvn*nkQ8@yPdSpV)GO!lBKzmuh zH>hLF7WB-IBsDyi8I=N;eO#CIt%+U={hi^Gn-fnqz)mr?;NSfZ*6~3 zULdh4w$!M{$*70w&cJ-V zX}E;=dHnIjUX*-sE?4{T-K8ivoAA8wCCkZm$IW#{Ek~$@Q*kWi|NVX;szc^jcNOkr zH0iv~To##5NlU8EZs6z3(nL};+^9WFJzPCx9SPoA$a$33U*MO_Ur?p?3{Kk*TJzVzc$ zZaI#o>3;4)xdkI*Ec^c~8n0cRWZ$5i*3P z6FZWZiWs(z!ay;)iU@V_Mp=>Dw0v&OXd<2$Za-O?Okns3#+NmhvC_hBjW+oA`xc-0 z9QooW=htHTuMXVTMLHnghxh1jmNWxbOc2~hQ|OF#$;pYV$U-*m_oVZCH$B|>ZQbg3u4b-n8W_wl*Y&|;~k^)SjC*qPErcUr5VaC%Z>fX0%4WttV3v1-(A-TXy<`8R_bNNQ?Qb3nZ@0ra>3!3gUAH_S>_ zk+ua;Jl*fA07zBE2Y^)Di5Y9@iY@a#0N&LAk9(vc@)XaIl7?q>PUe7Tez5CE+CDb-*|T6AkxZskEbg-)4)E;6n1 zmke^P(rpKQrQs-tv9MG2niERQ%L z2sG|=s>?*gSx1xBqJvy)X{GD~(miA0Q4tp;VOG1}=pP7XQ;@oF!(2y>-lmzt%G2Tf z0d{&VzoD{Ulf%|=?`{ySa>!uN?|hgB1tid=Ga6jE zY~Rpj`d-JggL{*!-dLxnFRz&s%AQ}m{r9klUGR4Pd#}g=rpPy5J5ZZuJ%1dBP02`E zPqNh5rKHsaWly-i7ncCU#&FN^ZPTf6@Vm(ID1~q39b|H^>ae4LZ-qY19V;jgR+)c^ zlROtA2W-?SiMjw~jYLtigD66-Y0VlVD$L;y>U&AR=~7N+@N-febhL&IInOQjzWMRw z1BD!gEj`R&O<_QJZ`!+|C!JMXlk4UVGLAm8#&;=HVYWgNj8732r!F&7|%0Nhc784VPn2AazD)} z+6qVFI9%IaKs^>1T!a3eLZ7+JOl9(64p6ltMAbs(0B~*m*`Q{`s&Oti zFez5CV@TJ|1xncRQ^9KTm%@}$LD5hrELP-47rb@)Xe%d#pZf4xcT}pjZ9@c zfuAB=9kkQBP%{>%Jr2~eK~yKCNEJieZbB{=990D~WY;f6mCV=sIwMx!kk=ZKX+V7M z$iPTS)Og8~QqXeQMKI&3%|gdDBuy~0huS2l)5HB8B9$E{HMa#?idrXl6?MgD4r$!a zz4&3??--eHprxK8QG&81xboWPwZ$spWQ0D!7z+HbfcncsKHh12cVgq?(XDISW;Px2 zRST2e20q4?u6F;=#U+Q;f=8`_4pLgRY%x>Xp&1y}XdMdGfSzJY@$U|b_6tKa&A@Y& z1E`3S52F!U#oT5Vk)gkkdOK+WdJKW*RDRc_jpu)&qP)^(e7n4PLtzs;JH^>@b*A^8 zV0N}bY)kLYt;3d>r3O4-%rSbnf5os1@_vxB2K^XJN|MFtJZR}&3gOEZaEiYV)|vnj zP%JPC2%N*TL1LDektTtxu=M{qVnmXh-c*wxA*gj^#)Sb=1%=mlO8H?rnP_yJI{AYTE+7%*P$9K*^zA^X+P(Rt^k>wl8h^iH_9eqI zNcd#_%df>_!)nE9`NOcV&g5h(8+X*c46tgqPcc#4d6Z-}>+1_qHbaOUA8T|W-=9$0 zzAOzYtFTn=@M?F#eF^${5>*(0;73H*RsUJiE4eX>s>J}*560hHihN}Gd(H%~TyYwBrn%1y-;6%-6-Lh5@Y= z4RWCI7Qz1Qv5g(Sg`LV};>2pUBwu$1`4qG|9v9`wAd<;+0IAu)H2kT}r+16t`k0JR zPNgEmD5-I&b6F@k)x`uMzIVwqG9CA9Vt&1rL-c60`#hIZ_s zroN;~9$8UV14wylvo~(*pWepBMoqr+p%&s7ge65)hwepHY*CHWd^_$NO>S_8@CP5@tk+v~kD&?<>H9^pJy30X*Qt|%bIl9Mu2wU3_b89*}2R*2J z7IU9E%lDSc!=m0@Il<8udfJP74t*3%_q)qVbh!j2s?E6eRuM{9|K(yE*fejkZDy?i zQMODN)ccsDa$drCAl4aWR>Lw$=&wJnKH}q*(BZ~2Z2Vvf4$Vc6qU_4@C`_$g%De6g10D!1E)WtK@R=gKDrx((8wqn{^Dg$fpBF%xCv91{4CyS+Ncc3K<} z9Jh(4OVrpOH^~CgK#SUGd6)=ZzccV{2k3|cdC>IpH5>$wR!F^JWxFp4&Q#{(P522v z=MLHi9xkNr6d#-FNmy~X3x^qMQrdjb(=G1;}VDCx*^BOXJDu`?!8J!^v z|BS&$#L`%jl;fI;VmcjRQcyD9h7O2O4Zk>y#GsJ5jJg4FG|FH(zov>YaEiqYsa8h8 zFF1RfMOV*HJ3~kjg2TA5g5Lud#dL-eMk57&3g?Ds`V=Wd0TPW+K|+H?2nFsFP6S2~ z&iCmk=WBix#H+(rzpi5__(%T zwXGhoCTQIHjByivO?%BtAL>(%feP}gM6&=EzSjA~Vvh^vRD5ZU?!mMLQLeB9lP=I7 z$&%O5@UF8*H^n$qeH^=3(RV(-H`4J+M3a?r9jTd?Q3r{wnp830eq<264$FAhD$IaU zWdZam<&qf+%-_G-Ry^*_QB`z@9x?KrqGiupua5D8TKhdNrP&!c?i4? z>tx;RoyAmdtQp_76+UJHDqW>scJxJF`uBrw3=w(RlY(+HUxxMdU01PQSwjg2uBAWr z?E-I15q;U4s6SlFAikL{zqDg4w|{Z*5;v-U-hKVs9;T3%+JF{-OxFdF>HjAa#(zP9 z|7F4$oz!i!DF!#{$usOHrVke5)OJ^6fW?6?ljl%^FbGkj7EftGY>~RIosp8CI!4$g z6;A*jM<6Ep(#;?!A^DpJj~;leci-#dG!TRLagSU|Xrg!@9gylXj!&i@p&PETmSGNq zT9JU>C?L)Tkr1iKcZ892l*eS1bdp4@ykJ3JOSKU}Ls+Nf*t5To0naz!p2?FlQ*aN5 zQm_{Xu?V97sIf*&+#so+r{Vz(DK*?6C18 zu1MgJXUD=~$B?qEvO(lJH;`XMQ?=2vRl_FFu^qmmsD(Euu!z=!RGJ4~rECD=*E9~> zjD0{&dVM4qwG?@q14aILpZ#+hKJfg>Zui~egvQZ{+apYBOKeT-khOF`Z>fGGrs)j4 zGWozy7nnym{p9z8{ua88WZYu|Xi{t?rLps*`0tO@JGTa@v5Dr2;W86S4e%ALq)(71 z*^e$l0H;C0p&S0c0@y^%f7ipeaFgA)(NZuyb={)rgxI^GOKp71+cHGU`yRZW%z*X2 zqwU^bM-94$na8r+a?hG-nzG4PVrym>pdx;oYH_o8@Zh#JEXNcgi(x+n|2h?ZFUjA0 za^2#}-P&P&zUZBC4R#(jL_GCoiCL#Z$B4YDZ-yiCG}FG~(ClgLHq}y|_P#HF-SD#Y zVcNyv;ql7nShv^{j$fy-B|NSrIR59}fpk;sy;7_b!%e2k?mhI8Pg5j@_dB!!>E;OG9e8%jkyJ^W282x zwyj)+=kT~U&yw+4?CNt1EMzfEQOu1R!tkOP5>*Zgb4OA3X2R&D-Z0YfnI=@L_nP_q zU5=~0k$LF$l~K1%)PmF=UIKpEcikY)-FJxpJ?}j1U)84poLYInsr^4Wd;IIv{trh? zZ$)iDy!JoN9$LblWXOT$v73q;0T|HzOLNNB%V3FVLvd^6S8)ort0kXBpTXOieuxoF zMi4W%pKQ-sj2(aaiKT>xiudW&Kv<6VP^kuL<*KcQnL@)UjHjyP5NJN^7QlkE0u!*3 zLbS|flnIEdQ6?7%Qkjwci8JoABrQXJ;Ga6bu6x02#p)9?z|_-8Be>KCNtee-2m4E$ zLs!)yMH=!~tAh#<#Ip)8$)?2wOV!!dFA|7Tmq|ESE678YPX&-bkcv{5lxw;Uv*Rke zqZKmV_J{ra7~ohszPy18DW@`&LiYd5#**aCn>0y&(S<%LrvJ^*SdGE3f3o@UHbUg)1I~Ze zpNtE-?-#)Z9J%@W354^}$?4kyK7v1Wz30Kx34zk@6=DYT^#|SuxH0pm-2>G7O{>5n zFqvXpE>}&erV+FYPGk297WCzu|E7xO+JWlF+q9JwrO_dA&EI~&{n z;ypf^Pn>7f7Hf`=6n?AEQYv>AS8q^iXrE6k-LZHZTDMNCo_Ids44N=7fM$;np0c|%AwHh$o_Ja7=*TKA zY6c=m3L&16fM`6(Xw4Ykf%>&;$*;JD5MZLIHsVlC10jyacm+^%dT|p`<}frIO`!BY zaIa!o6|ri?cgJxy1gJQ*AF*YW1fBjcQVBD%q)6q`9o#y=d-W&`UptkmfTpFXpGHzm zh>Fojy0R=8;Mk2^pe9tSXFLe#3g%(^hkB@6Mt2}cjh^u(1}mF6^FID7`5yP5f}LwGru8kzSUng2I%=2$cl!S2BDtt0Q&aK0keY#iNfT@mD_& zf4{TtU9zEnnHd`{XL1=!_-o=y(DWa^`p*FwQJ-NAl{m$6nz@Ys;Tc<#tmD+xg*$G+ z-3;11(&n@XY7Payi9R91AR>|>a9|cYI0DM-iY%oiwJkZ?-g|PP%NZFAlCl|pH2UDm z8A+rUB4j}8CG8zPJVg!iH>C^RMnzEl!NC4Do?_w{YkE%hQ}*{rg&t(j0i>En56yW- zd~=&2!)TxaUAlendj;Pf!e$ZI;RY7jqnkEc+3w}z`_Zr+S66iH^mX3z)r|{AtZv-= zjWSovs31djoND0F+cY$Ax7d}L5P_SI-?zmm;aZzc6S(|#U-=r?i#o+$v+M}v>=i2R z)+FuB2Ehp!vd)Yvtm0`tpd)%y(4%Y!_9(rRQfvc}qipmz9+b&+7lb}#)_F+l}uou!b2cXbKym)Cc3RL$)%I-n#x2rSKGUl3yuiM-6+< zFP53*59H&U#M>o>vr2p6KF(2lY%Er4R8n4&Lw`t-?JZ@MfqZ|R*7w*c69hJmS#8r_ zDX^C~q`p;Zj@Km^Uo}bU6FVk<+e3-)VX~W7E&sUG7HDG1CrTw76oLp}AQs5_g;N-J zohyho=jfzFZp+TG11*aQ<3s7zvZ8_P0h8j{Wy#L*7fO|SaNgFm)x(Ij<7!HUx^dpp zw3)-2nXP(HUj`BKlAB6^zWH7~m?v=BLX(5b&)r(u=LNy9xw(zwYX46~&7QrEa(*Zy z#-28;>7KqZca;XtOyA&yhZ^^t9Vm_pl_jY)P(@lL$N9dMk}4r-Sn#mir5-%RPka~{ zsI26=s)hZZQ4EoSuQ7aSzS`HH*gcb+!>d#R2 zvg$(`l$A~seCfAcf!QU0ul%Ij^{^$q4q**{?|8VH)JW4T@m3HHQG3T~pxVPHg=I^d zmFL{`7;R~D45jIFPn`#O$)7y?!8T%ESRiDt$#_mb@`~6+O6TJi@QlW&I~I);F3G4n z1l`mW2ZLvwpGbQ~HdPSI7LtO~w+j#PqlnITiG0F1RHn;%crIU&j}xRxvv2w!UAvq9 zM-omBP_Dx(czs{DBI^Y*3%ffzl%=O{c*xBsqufGhtoqlDctt4f*r&yM?Y4U_df)D{ zk=^~<@ty^nwaDQC-*#8{$&2wdt0aHh!zMa&!ydXolSKit&?Sk6;L-O5`{vT~i-!BC zVOUqM*<4NdO|Wz(xbEMo@SEaEzzw@ED|lE03B?VH*<;dI(HkZHfM&jHSGe6c+-oC< zC}oFb0cY4#_1TWBoKNaD(5JJCaQDA&_eg(~mWcrdrz8NL`9Bz({%@b)Y~_9%z~Hp| zof32aCrj7@l^ft2nW+~IDg*D{DHec~M=W7N75`gYy?#IToF&u%b#2jwR@nBdent*~ zn3Y_Pi4LxJ|7Lm$bH?q%<45hjfRGjjPN1@0Di#Syc*p=CmJa}81^Bgy^IXOpC=A1G!y=JR=KRVDmW@cmVP+>v;%+-91{OM~$d_Fz z#)=}f2O?pHFX--M6Rw4};TB>%{Eiq{pFc3WvKyfR-4aum=rk^&j+zwm{Y0b`9r~?~ zF%Rg4{dQbgu<_Zf7I9ue4<=nC>Uqt(riP{$FOI4*vjNR<{K9!#wVjuL$IL*Z?M2i1 z3TL{#p#a2cHIVah!_}=P>SppeNqno{IN?Gc6X=bYH#>zZOsa?nZ5%fM$=H zr$~0Y9I{}&V#jWbIg6lx3(v)C262qa|%e=)>-3l4#K zbr~JR)=k$C?75n}suc;zYM1o52U1PMBkn%`J?uz|o_^obFP~MEPSsTJ42W8(5 z3^LRo-)7GqEc^b>0)KzGX>$p5tPe~1pIv?2mj#!-uo0`asK_# zlCY=i%?7Tv4#B?*)^tKca(@m*g38;Sos~5`f1Vc;EE;Je-2smSTrWyrkTc>%N|rgK znb21Y(#rQywQst9zP;pqJr6AdX&tFE_eXEbG1dX&%jOCGQAehc@3$?v8RetfrFT)c zu&X3TnXhS;XbZsYcg8YyC9DFc!X39$Y9Lz^(P;Z2!X>1dbr{ zz371h%=jpQt@GwU)rsdP(A&$f?AIl)W=|J3LQomU#7S(T$Ukdz zAVan%H_2Hxh7gMbgx6adM|jBa!j?mNBvKU0BHokL@#_=*HOLs93CCf^CtTuQ_BRHa z+a;9K?xmHVXx-t@{8@df3;Q&8{VY9&Rwf#4UR^=UVnsOWb#`UDpnZS~wD&wm1 zCji~GXW}a$nt5ACh&C(lz91d=p}`j_s8FEB+K2LVBKE)LH}h&Z=84g;h%vQftL9wp zs~aa3n8}6BNh^-T(8gVB0c7JU1Sm!k5tD4f2=~n#QDh&zGiv4YH0U7##Db zub&grWZ(m61#EtcbTJ2rDDBZFsg0TJTOq5f`%XC025H)Z>sB5((}n9vb09&BoG)0? zv$8+P87~4e7jA%!6diKXSSGo*iUUD<$fK;o!?h-YL=@GD8G@vG^W?qcC76Pnx>O}W z6;sBI@wFZE|9m^z7vAc@5ux$T@z9L;fuDyHqE2QLyH>|WuH$dUeWNWUqR zPL43`fpOlwRs38P-yJV@oqoa8;P<=zFMnPQj^-V?Sv$}4RxWO~<>X7}D1HCw#GrGZ zYGje`=R;NzAsLq!LXfZTCDox!ovys|`ptL0Ur5*Q(|M$UO4`)@b0eA14nn1d8?%0h zM=hv;rNX3lPbU1P2eWmM2*>E8$U@N}4BeN!PTXAz|L*rzbv9^Ej-%_Cq zQ|1FT0q^pI|7=I$e>ijpD{ubuBL8PmHw?%b#a!#5-g|*$qDG^(t1b)Jyc5JMGsS$e zh(N)`=j<*q7Ei$iCmpd@!1No^OQDM#`jK{o^=Y3leDhSqquZw0^gUbhbs z$gG--D8g&s%`D(CiJWEB5(+Ib|Co_E$MlmXj!h}th^k~gBNFYfM0n(|8q^(uN>MXs z2R%KwoXEqNbUqKjs*yv=5anyWA-{BCo*R>Z=}N~~Mb=F1PL8@A~OKJ!ro z`@$dZVTFGTQbU>cm8#Md)iHm)-)cmT6_=RFS`*{3)}YHp$Be9gSvSl0=1R$wE@C&6 z?~YUDFd@s7tgX`B`IaxR=*SZ2OX#=mIOOQZrh?2NEo#gYlVr{%vh#aNJOPAaiXm4h zx71~CFVRt+QrfE-SoJQeKi)+^;AjKz2yW&h1I|{$x_~2R8%sgD-0s^^X@GbG*0KJY z?hDp|o8T9S-VCU|P=e#y`0LNo!Fb9tD*h}Pm*!pHz_DSJl>Tj^0Hs2%c?+$pZ%!~{ zK82SengYQ{Mm`Cnl@2gS-P;%=`si!MCUe$Kg+u?x1d^gxsm?3OnlX11JmScuI0d+Zn{ zRTT@j?r>^fZCX5ZkXb3>SBmiLf`_iKOQ2GYO&H0*dOe3`Wuu{UP4yO&MYRE6W!nNp zO_K(QKrxiFNAk))k}+R;s3Fg;B3{^3Hfz z6$jgj{Hu+qK)Y3tlT%=cgtL{=4KbJNjjbokY0d9yt&tIhVxCRCN)FW-E8>;AYR=`` zFSWmwRTnjxxUO8ernFy3qKx(=jP<`#*&NgN7J4F6MP4Q{DRF9tLwO6^ZJ|7PR#7@} z#sBz_%|k==+!-J2qNV3VGYYPRL8IUPB;+#gxg^*_2fVp zyOllyM_vowJGJB~;_OY$u`GG=z?tX8v)L^);okZ_~P zOmJf}YAIFIb=E3dahQ~E6JV8Q;&?qY)LJYIQ6Lxz6DAZ1Tu{S}Aiq(7G{0$#tq#e! zprbIfrRa9pEJk=?6O1)qFDxoV3YLH7i7LpxsEWG2U1-Yi_HVMYyHlHR9ze;Gf%uQc zzW>7}-Wwo1`=|G~1eB}-JCqvjhc#|;ol?uCI@EYpeuN`F@un#?66E-XLq1*;PYchr z!IoA7+gHQvcq0jkd1heF*ev(^lR%{rTQ0X>j_44^LQpD!+u%2hIQz1Bt51E7KT$j6 z=vx&i(O&w8(eaSj&4~F<>lWMbQp6}TC+q6kQdXk+61BpzhoYFj!Xy} z;peN!688>@hL^gOm8R}RP^B@lqcR1c_J0Ff57|Q8a0@<`s&!*i+x@T|P9NZ6Y9tY- zvSCFchDZQwNh3+D8h>VVVxY%ugMomp5%bhF0sPQm3A$B4_^Of{-Ml_~c)M?hb}Mlw zb~^r&wC@($6&6ayatwB%w_IHDPIee)*sja~ zyx5d$)?sZ?>9P>k?h0LJqxJLtR~iV^%%>g-RQQoci%0KATY%;F-GXkF$>NWcR62E< zooSWEV<12y9*Ozl+~URx?9V*Nc0fK!{ws;RJcpnr!!x5e5jX>BfCMpKYZ6>hQM@1V zXZTK})_k53!LGQVH((4*lA-jss2X(QgO&F8e=#*a=`Cq6~|!U$4C{=vQpFmww-cX`aNR-3V7njEyum9bW86X7|V6 z7Af0NLx%ogPMRW`znB7;Net|jf2{bV?YZvGo9*XdjdHc{-aRh!b-w>%dcF*`*0v+R2^jwcaRFOV<~|M-1LJG~b|*niSdnp2R$OC>6b#HlalFCArhS@C=yatD|1JUB}4ZZqVKie2MO5DcB!L|JV%u=iAh3)iu+3|+CVRa-`5&3Uo1 zQ+%qJ%i*&!cjeMn*vtuY$x=KqLCnS87J?xcvNkO5N*6>g7{xLDD;G1yW(21mO690H z|6q1Khg=|Nio_9Gmm?V4%(|p!IdRkubz#&R(qR2}AAfJ|*XQiPg01bUKUF2=ij>7`bar_5l)c;5$uukf?+4#rMfNR)HR$Rz_+0e59qD+NQ&Tu1aXXQ!H*5I0> z(-NzqOEQ-Gc|p_ zilsteEO`@E{#oWVA=s-N%V}h1Fr>&Rhth_cQZB=%>{)~gW#L2ub*Xh-T{#Iys&u|X zff+GH{g!C_<81iK`MrkebfYPh9uyHb0BsNz&~n(4)T&=Z&4vvs+JC{gC}~e(n;qsm zv&D^!LSf1RT8?cci3=#O#9%y88mIhnn}p3C3ag-tjb#^i@iU=8@1=~ClX#GE^Ny~RH7Mum+?tu!Nh zFo2F@KSQP*n|tBU;IE|2CA<=dp>V(FMIxCIDhJG39xC42Jr@s0M(wHtb)ZSiHZ7W( z1LZC)xM}?kwZTz0duGt0sWMm|mK0LF%!vD;F5SPkG}zQP()upYCKiPZ7}BWKRB*o= zg)3hRn9MAX-D+c?PN)>iHD12}5h$kzBJ*ZMIlka<@2#>!Vjr(KYJ5ocHZ@Gx$r7+f zE|pT3dX^kjY#9@021H*u5o(98u6?pmy+AeXgR_37FGV>s?>r0seEpmm=LHHi!1Cir zl>9ixWN}Klpc3H?e6OklA3;KB;NdL(EJDJ00cB812<3bcXEboGZLm(VN+1NK1u#m8 z=X@Dszzjmtc_C-|dE@$X1Ma(CpZGW zjf@Rx|DRJjt${VI6u>o|h@QsKO5f2jI%*qYfDbOnlo}RjA!{^2JQH9LCNyN|Na`5O`58D-PW>&Ch=z z#3#Q@mT$G{%)uLbkus=#DA?<&96#RURN=?z z%#?E~@FD|J5p04+99?Aaqf5+$@Qf6%<%;B@PZ3(>bCWtb)`yDp$_I2*Dz~ z&7FSJnrAU- zEP%StJOs@q{vG_W&Sba{Xf(ei4io>FJo6)4Fq|70VH_J6u^c;W=mo}WlV*o*9DV|5 zN8yM<*^x#s-l69n!d)wYz|z8G?BPrF z;|K5GiQ~M-6XsFvolo$k?`=XonNA2Vy8pXeY#E;0Zvn;)nHWEQ(EeY_#lKEVvl@h( z(lYXwtOSroodf*oh!T)1lggEvm2R448y8(_kaOQ%Ba(EZ8_Ao?XX57_*X#DvocrA498TG; z`!W3=$_obp(5~)wtWOqgqJ!NwYxcRAx`V6RZMd*zZgb(@Hf;5}gFi`e90mhJl^x}n zAxJ&8&W7!t< zN@Sxd-zR9etw&qlN-lRD3{}!}g{&ga>bBp4?kI8jT=m=DXfA)q+?lm*a=j3K z6=m>NUisSFkLoVd%T~_sGJR+d@@|!l@@}hz__E*H4&PflpZOwXh%$eu4$}Vw_7Eg9 z60ryrVX_bbnGqpes;9tV0%^AxE3c2%jJ^^v=0X8iVL{i11gS~k6CDd1CM?=WY40eb z$2u=#>WFHgHZj(0Yh=WVXs~77qzE)ZW#yQfkj_q?7AbA_P)%*OGdhw;2$poadl|_% zd1GdNbjDPzHm|Z=Z>vz>la|OkqtrBr{~-?I-h70_C{W)lLMKD7P41#(wlW6W>=LJK z6BK86*~Y)Y0$M;%LygVAEC7u3oPe~JVl(4MY>!#Iy@yL2Rb1F7uUC5kX<=t#)cz55&Ss_&7u(* zrLfyFqZY{blDlavWWZ$f^=740=!{;Uh7JMY6l!1@%rZ7NWD5@Ao)&}l4mtkcFk3<9u8$^jI zpnZ!r%or_0tkX0tH!pDu7QUL0b>yL6@@nSqgLu+B6xCu4C3~qkXb*i&XK2Bek6#vF z55BC91P)>#3EcdZuft<;UquX6PyI7MiHAb+3d7@pTx78vJZlx6wQznZOHTuZmwNhy z`6;bEaby}ogn1m^O@T^7Y9>bDr({wBef!L=Aa*IO!fCE#$HqwkWZXt)3twyg9dDb z2)H~~-sDM1Jm;X2&Dx~*Z0ZZ_%=z&56fCBd63*13nKO&covMonXjR5W~?r zlL#+g*lgy9$|EJWGTfZziDl{B`OZW1=KjzHKrN@Kw<;Q^@TH}n9Wdh~Hx1X@*#|)o zwrv~vs&m27Z&pJPdp?E*DITWRXGBXB?8eauuR!AIK zMYQK@ftVB7TrfzB$uoP<&iYxV!*2`3E)Ug8mM4+7O(-)4rYooZChn8kDxmTyCJ8c2 znOeE!>Czqbu$sF?-zt+#271N}Caslg3le`_ZVgu8@h z7LUEi=ZZyW=89EljGWFCNF|-iRi_!u=Z*=qYX3jZzA3!2w#&9+J3F>2wpp=l+qP}n zwo|cf+qUhbQpw48y8AiZ|JC2;Zm-+D#+vUt$Cz`B2?woQLOX5p?XgR`G7RN3@@y<; z^MvF0YpIU3s<>oM&RXHrNMpbiyWSokvpK_h67q<+rQgb=Z_<+xV3h7^G|V9`i#&;= zZ6amg>{hjn40R*6olhKDR|S>gDk)N7n9stkYJ#XfT<=UiA7x1%u071M$TtMbMQ@t? zaDGg0xLg}AoEAZr>w7!RFS)4`=j?A5CtjgY9$sQc%ky@`US&lwDl!48b3D^d$W><= ziDZ4ulUY^g22!P%Z0=zYz<059Y4jJ+MS{5DfJ`wuI8~5Is-GYRQ>(MlX7C_Bs{X6J z;7)qZXNK~TjXA4`C=3)bA<$JS)Iic+`3mz28r*E|Y)#FyS`=4A6`e)zF}e)xY$ikE zMveXGQ}`!^Q91Qi>qPt0cChy{^lBf>D5OYeUXsJKb2&XuD^RrsM+WR>!`}nxK&!U7uSS((YOAY>gF1I>oX-1b>& zw#St!vxoToS3D~F9uE=G<@g-0sEd{vnhQJ7NBM6X4(cN=PgD^6HTS78-KfvAq*(Jk zJQ!aiJ9r9wrK?px`#z}0424{AOL{{9KQ7s|mCq2Xj#S}k_g;$4j$Sw~JUKcm4)<3p z&wn#-iLmeXL+II=pqL)p%dDQ@`X%8C$iU+TTjvU|4=?M}h|Er_$RhU-nmp4g?~{CI zrv-&D_$58}ZLbGzmUyiq+a;0av8Zy#bn>!mcGcju#y<8fXzVR{#;IDjOiewlpg(Q5KREm|heXxGfJS3ZI*oF^_o4Hbvd2ULh$7%)q=vQPt3t{dD~eDxK?t zrbm9t1y!0o$mRpD=%LjNd1-|{*zs7{gQV<gI8@+hf`cyIl4iwE|QR zToktWBRV)75kz11DK=wGZ-3|v1-ilf8Hx@iMS!|12vs04V)URf)D;)h74ZSGDyH^C z9A*VIe>A0s$cF5bhBwZF>lfrroD;UlPT&zYH80*++_x9vm?wXl2(xEV<$&DJ3S?2( z9*d$gBqGAUbnPHn5>fCDW0KtCh@rsZt=c0VVGtP*Jz_7h ze8u=0#uJQ>;tK)8qUG}+vQt~=NF0nnW{=47fKzQ9jh;bmri2%`w5HTB8&x+x>PquQ zR5oUU-_QD+)ui5hr$Dqzzd@XIE*~{wh^8_$mfg6lEYadLn9m39IPXES!dg;zXA#3I zenDnvuh|1DY0!A)KRK#YvLw3{$Bakq_;A)pCIk2>Bwxz{4fHbhShWcEWTPfJ%^7 zdVfxlCm`zL2;M*4PB=;O;=Aha+Yd@7VDEn;%lahE^4PQ^RLh<(q<-1XqVF^ksENpC z#$rA`&CD&76u`4FP$qS`l2l)_8|oLU$sw zZ}%xpq_?wddcis}Uvfat$b(tvBQIi)zD=|i?_{_pq;mT5GES_>NOz;^oPZKHq|1QMUkj0}nT+rHse^6TDFEP>TBm%GF?p^w;LF|H zwgECe(c9K%0BY}x8lwwuF% zo`>HUkiaCy%H?+q927BIkSrv@P-V{;B1mhco7FN?$WiL7>7rMV%IoS$Ns ztHcEsx;rD`;l)(ZJf3P}>T=a0PL_7hDN7G*+s7Q>`#bo>c0~&hSir)OSvO7AHYYkWf*aa?x6r>{Y(4+<@VT)>4VAst0;&l_N*0 z4hrC&A|@=*Mki+W54N!Wq!UZnrizSIPobIJJOV@d6KNb2c|!1;YKn<(!KPB#R)jDS zx!#%Kh~cnx>1QK^ODc@@ z*tc6;^2!NRV3t2_^FpLD=q{P+n~{#rW__vzx>6~*#&g=l#%Ay=5nnMcardf;eGyji z$UbdqMGZ2}V^T((t9t@lQsaR_2pX=beSBx<5Ac3DBZ=sYFm^a)K`4Q(&P@wtb9p+q zbmnBL*(O3sWI5QY+5PzDBdZ8}AMfniQG_;FG2~L%JWP<&cJSHbu^)o8g%su^)DD3n z)a}dxJ_|T{Qs`MY1iQ*DFVN~aYbF*YN?rNp$(z&RpypU)VzWqS{jl2b2jIJ*z#j^K zm!SyJgB#2xI+-bq6L86igA~Bi%WJ*Kbucv<(`ZjcvIO||e#)SZ#u`8N8WURo>AIs2 z1!7@nW6^$bRuF$V|0pU#_D}otgI;YmwH`v%bA|u=C?Qa!u z%7MGLKS-IwFTH&2~wg1tpKXlSTFSCZxY z07Yp*UrJbSS0xaLP9X7kpRw(4Mf31@SOaWm7JZB}Sd?oiP0$dAB=9QZMK6KjrsycA zG0_$zB5SARY%J_MX35Hc8L?lzZ5iXB_<5<6_wYrPQ{gb>gANJ3tm^qc{Y-}HIsRgm%O zb}eI8i0@!bB?Yw1i(!gp$cZwPm$UODf?epjZ6mF~U*saGG;7sh$qdo5i!0d_L>kqi4&u9-3suIBBZ9{HS^~{tNK*iO*5U!{G znQP$>3WlfBbr&(|>i7yu;YOvecodK2t8tU&uFnpOYs=n3Zc>qH^UjxLM5wGB0HOPr z@&_BHt@zbX)7|=|pQU>Oc>Sb`Tl+l7a;>(cb_fNGWB72C&&{K1VkQXqc-mZ>Tp!Q3 zcXP#sFR?W^-gZvT(;Qx6n+o(RzD`p=;Cop7c~IP}&RdOuZ!&uUD6hSsHCVmm-?N%Y zQeheo_i@=bE>A-OzrSn{$4iUTntMmok@`$SMeTllcUrS_lB)Jiz&y2x@U#;rN^s z3Jlg7J7FR#L^+J2liCbKKyz5*@G%<$ZJw>6Kn?T}JeE{6(VOrx9v8y^IeE2&fp_ql z=|?YvcqN`NjrKJ(R{VKdca$-loAwHOB|3eli1G~58~*UYMpjt8$nCokL^sdcn_5-z z1NN1R3~!#cH&wcI0`Q@U5~FZ5-l0NwSkr0Rk2w`Z#QoJpv7jm`zTMR_;^Lm_fv0>K zJ5rB5c(ABUr&ojA&csiiw*}-JbCYqoITG2Ycfd4ZyXY1y- z{=J~oCsLws|6wk}8@kjdAklZ=&{=A`_i%^d4MEB$XiPJ$GkUBe?E^INh29-MG1uT8 zh)7vMR@$pNat+NfdZm5t*qin%Nx5_vYNIt}euKT57ZmO)=#%VQYiThj-@EofCUik2 z^g+)5gb5a56Y?IKx13KTcWJIjMS!!awykhYZ0xxU*x z^{jJ&ru^MCBwRXQj6nXLqLXE1CEGkfTua9EK-hFY+AW_i*;MUb%1#)KMx@%9w2lM~ zu^NM2a$ej7*X-=+kj@^{B0RYg-2X)Mgng7 zYVr+W*p5iWO&Uk-r57JV}3r#)#@3->PPfGV2!BbABuofm-tb zx4eYYp-$T0wI(lJCNKI`zKIY#EOSDJ`@#r1oo;u!4AZnQ$m@8uBwP<^>9!`_=`Y=1 zZ?{mrSSbx+hP=_4n49B7{=u-&=BNv5Mq<@m^K%H8Q37>iaaCn0dTBKr3X2`v&9^PD z&5|iz(rcU64m(g^Bf~}4>_8wG4w(wjJ^S|rh(_v_6g}2=+BU91##A$kj09WA%|{Mv z*Z0k}%{-N8xq)w7q#;q&MaMBDA6EI#2|fGrwM(N3oenj{%Tk_S+HYag?B!QSyjg`17 z6_p|@*Gk%ZQ00}st?MeY?ZRFtwP?*8Ma?=49okHvHJMz!j?xDQQTL!f*Ff^W)j3J0 z=yO?}#qp=;(xYgLKz-*;&B5E+jIN}cf!Sn9QqnR`iULybSQ`dD?^YJY#cf~5yIowgWRF87M^kU zs}1Pe1>~`+9ZQ9ab*~pkjm_atk;D%?O4~tk*fjY?=S_m_L7Xx3_j@BrVPVF`4Gt{{ znNP6)30X&3HA=N_$Qu9uL6-49SpH%~N!xE%|4-KGO7lEKjco)$80mKhWkd)CLSgyu zd>mSe_;E1nENcU!8koJmTCG+)et{@lHt76h^610tu}LqchpB6? z&!uc+QGPOr=mi9MvNhaNJ4dG+&+3m*CI36&TquJ zZ;(pn*H~RQx84MO85%0QWcdNXzKwh%_WU2ju9Z>sSl;orc=p#PpHN`NT|#a+v|Ylx zsj6AeRE&7k*24i}lX{F6dq*@xU~tuej3sGNka879#r zL*JNW*0hBD5f;Sb|O5w7F>u8Qj{Okm&^_&T?)s zS!GkmDwpgK2OG=5yJ_$^_GohOfR_8?=dMG#|k~r=p*UMKgpGQozcKy=z^INa&?a zIT?NUbEZG&f0WvR?`dQU6N2yjOowC`V?!DJjdcGpi%l$eg=10};CP6A+zLS~aL7wg zr%3;eR_6GN4K?&Od31C;hUr>lMKO#-Z7+O5GLccqFTW3a@_WV_8Ae?nF8>dA&P;I(=AcI-vZ>;|McRS4gS6=_?m!h%Lf1>s~tmYfFJelmyv@$3Xnr3Y&Xtf}NG>~y( zWnt?Iar2LT#mJp`(H%v!b+~Kr3a=>LeyY30z$CnWu>zCr=HjO?gg&bW=^TzOCboRO z-hY60Y4J?*_eJ2@@=f*fiuP5|ps&lwE9o)GDq>EADq+R9R*mJBKY04&%D8gOoVH3J zUECU^bIRLoAD(FuaLiw_B^qynVB0ufG_<#oQ^GJBPjY?+G_fKG^7mP6A!v}@*m>%v zHQ%&%qa$BKZCJf5OqN*UNd`%R7yvT%rFT1EH9h|N^&FV6IjomNVH}K=kWeH=!%r|y z!n3Vk;IMVDOI72gD~vQ2^xkPCD@)91BDL(;+{t7KS5C&&Wu=T1+WaEY`hrMi@RZ!> zMz~@f)mH-}WV>>b09+3O;YePfp~l%amG&+7Zbh&H%ar8X^W zkB2^Z?;jP($Q#8!WB{v8{t7J2Zw~yL5TyXi!;ZtCQ@FL z(wGq>y^y+8X;ETxku0UtAo`ZEA{k<_LL=ROeZ0c(LO#gkzA+y?f67kUZ`hu{ae$0G zhSs>)8MK?Ez8FNbHS6$nUSN`~f=<;bE|m$^#Q0mIo!v8)zoTlQYPwT>sbpnRsXioM zT@lcvf--VvzCdZbNZKT~%m~(?!4i%2QlK(g^`4?$W#Z-MPsX0Hxl#3Jc)sGZYwT;c z-i}Iv9!_%!PGcd_%2XnobfSW$e}xr(xVmT!Wf%@hGqK#Xi^|J3tnXO4CdBBX^rsne$jlO-vCzP0h-^SEX6Ad6?OT#ol;S`ym*ii8;$S+T{Y7x~eomd(hFLhu{tY zZ^n8UeWW10IOHivlzQNfx@LpYM&l@QnR2TVMopY~DvMr+N$YI)gSz&4e#DQVE3{5?%NaF=k2tmK7MC z-cKF{`k?lJ%2tsbR4oXq!j2{f)Xs<%RO*A0s91nkfH+vLK?32H*h^j9O23OhbuuO= zW-i4mjxMBTkJ4?joTntlD@%8LZS_*^Si25I#OAQqVo`wYU3SzB00+d7qL>8d{VUv5 zmiZ_JcT>j(`MH`+U*?P9jK|VU(WJNlV6}x>Xr#DRmLdE%fhh&2>#sFalQkssRPNf) zgplJ&>^1iK2J=s>cTzL6m8)f_L;c&P5<1J6DRn5~3&)fPDmG7h4Qb5@(Kcc{Pk3bfYZv|JyKabAABO!omm!50wb z?x+G@+~@p(YP2`|Vm%NY<>+I1xS!gAS0hn(=b>F+N_JG!$ykE)YXtT-a{6C) z=^#t+2~m5sL#4}Lxb{u47YDsr?4t+=hc4-p;^27@Y8+U4`JA3}9>;~wIUB$`h1Baj?tpd_zrQLzyWc`@m{Aj!mO zc3Rsb8BjOj6GGe&tlF>0M!+ar`>pTuckN+dta_=f-jRuDE1CPf!90w~d_}#=LKfe| z%Zb5mOY-rbOd2}Tyh4Yngomy+23%+TsZ9^0UKJ%G++$S;Z~*ZpCjosIkRh`b#6&wx z`7you_Ge}#Bq-gk_4g2&a6Lkf`5sk}vBU@` z-rnhy?&tN$NB_8o`|1-04-D0*w3Vmdi4X~1UaXPCcaxkA%b`)Kr4-w$wK~Ex zWLt3lUf&~h(I1-mQk*lN)B#u0DA%lK~44x0Vm%$GU?VCTV#b zR}$j?9`fQgyaIzI8G&}WQ+gyLL zS@{m~`jlM%$tg0Q5AnwG<(Tnw-#&TcO?`3Set7m=sR211=BwNls=zW=gJy)DuCUw7 zilE3+z2orG=|e~5E-QdO>3l6HLKvG#RdTyC2GhOUucTZ)(0_Z&_~0(szjzHnkCk|r zro&5o)VzOiW69}FOgIUMusxti&geN9T7d4ZEP&fd73m@5>~_yv7NU_l<^x!shyQ}}TB=>de zU-%aSToCxe(Uehz8jrn5_WqYLIU0*IRU#uOnWXEVkc4uxU%86|C?W(|QY7RV%mzW$ z#mMq{+(;P9D8r*~;)Sl(mtcyXFXB&k#uJf!b4u4XblPW{)^$nwaQM9HMh95>=yr{0 zZK@K5jxhVDA7%Pr)~O+9gj=flvg=gN5q_3_8}rx<3mDTR!_kXjym)Lzy@~ofycMMe z4mrAy8Scu!{?K($n+KX#a|i+KGG)L`432i=jFVwVn7bSUM$Hiiz|p}N_zd%7Qj}I= zkiaqQf!Fbw{2|p05Tq%vpi^T}!ptE#wM-bIkc;Rif;RCu(#1ac=I%R-LDW26 zA?a2#fJyRKC@TMeTuL`#y+9>xX!E@L*Oa!PobEKthUf1)Gk{`?SHe~ug#oL((t+>h zwtA0O41kr`TvoLBzOJfW-JER6)~2=HZO3gJz3|f*2HNSYT!~7WUEY4UZ9ilzk!bXG zL<5k8Bq!+d<9WnrbQz%MD$b7OF;}{)497QM39Oym7L`Jm>GnG(CodgK#z3HNhUEh| z70_9;2W?s5xMJ#|77udiNM z&6SNh)6?yv5vk%q~Urrh9-lr`^&6^E4U6N@{ z&g{a#a1x7=tFX${LA^9On$}^_kWNM%FIoecO+j*~5-*p6O3v88IA$^kH0*d(xR6Sg z7Brb``@o&ix*BvqHZX|za#Jm}(S3O`1In1#Wzx4Pg_foIQiVzrY;gQUllV-z5oP|v zVzzNy?(5f^@~v~At?~8h_Cr=OovOj*bCc?}ZWe4zZw{l4y5jPIO7}#|z3;$xEQ~*o zm(|W#Itb4yi6+vC=hYkU;ux}8+Dl^YQs{w+y0jS2#~a3=j|0x`CH(#ERZIpI;wKn8 zPSxi0#Pgh|wMp9>bHIlMhlm$2gm`gWeikCb6dzu&Wh&YpR%W1Q8QwHC_a}9dAlFWR zim=-Vn*0z=Qw=9fG`0pBi=&#WA=1T&%d&Nv;8m?-OC?ieyE$yaqUqf1fsK=NVfUK$ zN}BKj^T%NtKh+6#!|N<_g_gti?B#U9o4XnA)HRru!|v+jpB3`G6ihQ7JPxyGxoF2K zL%htB+r0^9YdX9kFyL;#Qmga&Xr2IYpVBwoXV~*QYSw*@&z-Jc*O8B>k<3q|o1v2I z5vgmqCVIO7k~>O9FHr8Vm0L(!#cKd}jJiaZfVisl$WL5M5;!oV+ zC!Qi5i}xbjCJ!RcfVgOTVB*E2L9^{QjvAks?`R0Xw(DH=t`C^uO@T&%{Gx2(pI>RjPNx1?wjq5+c3g+HB%!Sgr2ND3bTKU z;1!nmLajezDpx-_O=UFuITaw$wfdte_v%Plj#~2#acV`|P;qI@;;H@y7r{BA=6gD> z180fjwS2)@=>jP$0r;Iy0EaToFg`MnC(}rq{Gue<}Z!vC$ zQ96rc4babQx_z$ud#v4jDz+tLhfl?Snq$ixz^-7|!r7BR)CHEv0(m7lVFz!CFl=?s;S+alDG%YhuBtD_7k>Qg%5&4mtXi{zoedOb1s(V){;QOZYWX+=p z(@LcH((ZJ{QpZMC0lcCF7_$7^B5yi)>-p z*{fm622rX2TaYptw?p~3KDKCnD@fHL1)UzUR890#OL@+A#ewI#O(2hUe-}+NO5-3N_Ll$>`rP3RpmP#Te-lB)m7a~a)@4p+{H>)IG{t?Q&%{l z?Jg1O*FOLo%HzN{vegC}aiZ#|V~@$mW&e(=qu(ND}`7zum$T%cv7bt6`q! z?5T;5GYpz{BR*hQV6?ce;AS|Xm;2?(q)4YQ<`RC%THoQYQ1~gDsgap|{%W~Y{{v(% zs@Sjbh*3xUcqa#F^1&N+XD2WZuoZQ%zCmC0ZLIfiJ15AQ+1eO8nHvh*n3~%d|Cj8L zt!QnD!jI^~D(=|k)>QXIx?B;TBduVKK&8x&B+$7&OG4A7(C4#mm2!CA6*N(NK7$0x zS4luLkG~s>Y&w&%3(<#m?UG~qoRhw`)`rj5gA1Y-m^`99c`^FE!ehoicY$R??x09R z3fID%1{*7N(u5u96NxZMf1d8uE3BJA^!S$^BjHLy--G)!+D$eCcgM<6_qq#LEM$>C zknlyw&1QF47IQxNoL8_!200|X1bg&(^k&p7)|LByl2x#;%NwsPB9~q99&SM3Ar9YO z(ztFtp9%RdoT`U5S496Q!$2d7<6Q)_6tfd_NGD1R5h0rvz|f`?ADq!8826FkHd&c2Gzn9sxS!qGJ}|&>+JajR~Elytl@M3Yj{pO5zFB(3moE+J`YkO8!TnFs=GdpkA^u zzTa2^)F^=<^6@xv0g>v^=U+%Iq%h*;`|ll^H>4jw#Qxnn`!A6DzmL|&0?y`EM#c{R z(N=Y-nSWDT7(O-`M)gtDb!hzsVZ!sv$VdQdOJ$8&3koqRuorVik_8zu!gMqKUfdS| zpbr4J0Ed{FdsdphdtJld)xBkFCE#^s6wh4tu+Zx6bUev+?U?bt_O!hpxY_Z6*rm*Z z?+Xk9*5;@5^Aso()ToF;R54WR6N3bTg(znj80}3U!WMz|EFP8o6Tn^97A4Q8O6{ z$FeBcX~1OmQ_`vo++Mc^_K>E|H_)0fSa;&ciHf3j6OQ8QK--*V=l2cGxk>?O%Fomi zdMvQ>Qse8or%n^oqmK({R*p8O8Vq3c#|;ewqskP=lDu6^hwL_Khrj9$Th$g1W-})&(!&oTvG9uVpI_78vp;(f>WmWRGIM_JO z6k9p<8aS32OG?d?i%aVa0+`l9H!Tk#L!D1YWz)z>jg5DxA)o~f-AQK?tmV7zK#-4< zhx*bRhTh@Kg{l&DKHGLP5&dgVrjc(!-9vGWJ+6sNGfR23{3z_me3oS;>;zsSOhcADcNIUjUfSk?*ODTB= zP8=SCBj^~&Yt6>3H)d;dY5`fuW|dtu4UtpVaKI~zjZ3Qx6=Cc<>`WYkAzFdCzZNMj#Ml`9ZUz5f*SROFLK3jY6GhDj;i%p%KoFs{CnPdnlXQm>m z%gkd$#FiX~kD2Ys_3rLw(Nnx>Cb`Or=oMh!lNo*kOUBBV>GmC~x9CyXT%x_xDG1Zf zz6gX`W4e@;gtC)imuFrzdzlanpCV8NP}Pf7g(V<9F@B@!ZZ5gPTi0PN?!etpuQTk= z_Tvdd)lpDoq?T1Dwq$SFrV-d@HlJ2^w{2OU5)bO2F0ur#Z~{}h#EXpKwGe^2$^s(0 z#hVgqp~0)eI~*I?w{XRXt>7!b(`LjqhQR5k9unzh=(+Qhha?vI(3maL;T?XmdJqTC zju{{e1|gITg0uwI$!B8HRlxFGqPVSn*~>7CqZ%vY?otBAFKq_M=#V&qAP_L1-J;sM zmJ{q~@G;q6<`qfvs5gBQn-jM$dk&j7NefbcB@EWb!j~AHpf|%ZvyfL*B(x$k>%zgD z>~TU)*n&`4lm6B%)uDDc7O7eTD;?o00hhbG zs+)hAxO--`^2TFDUHqWX@d-W{>t=Y0*1o3@}|+?zh*n zw77=E6&!{ck>SX9%Smd1TNG*aar5j}s8aHk~lbcGy zU+6{xG(ub!2w2658<%?zb-le={;M!FS1V$C{N;!);3*1X zON(a3d9de|oM+_}_o>NYMVB%9hOP#Tkf{1CHlyTv`|2`dhi{4z0G*X=fF{#YFokG~)Z4R3F&I+f#> z!7Say9JexVe74ej!8Dj`fSu0IWSQonS}j+B2A*5=t1K^C6@g;Yx7T5kA?FeW@)5H{ z{{;q>*g3y5MUZWv-iVQtau<7-C7h7sdoEOi?rLt{{kjoO9g~KyA{n-=#^(Jpi~m4V z`>+Ky(w(?)EyNg_B>>Lh3AcJoje znKkkM4L{Y2H`-hv1jYDIhOYbARsm5S4TZAuk!2R5QA2ta7xr^q$qDhm4Idrf~I z(tF`P$E6%YOd;^x1$=14iM>=G45iMX2!L*{H6rycBVxr~pby(BosBpXa$joFr3B#| z^S$nAm?>9Wae-vj5(}Nh(amPMt+hdFgV^yw^Ez}~#zUkx0y6S_{Wme)gr?q-l{`Sy zv(T{xG$YEKI7Or&8b)Bu{0PZA%fP#Yi#nV+36PY1WKq3*FQsZ}`4`Vqq+7!bcd38F zAO=oN>ge0+q9I&Dozt5pHqmBi@{t+rCuZHbfnBHA2&;}QUBcNs%SFYx#sdLb4K?3H$tJG)KF)?wa)%`vrzqcz z5Yj<=W~Jn<0$MGZ3tqt=m`1H2Q`^iJZZG_i_Mf}4)j7WimYIM^m#;H_DOPRq`5(Wy z4TR#&E1Qw=i~tZA#I0`@`YF~Ofm#lToPGS3UgHpEb>{|mGI?dGn-ug=Jg~Lkv#L8j)CVTKSGC%xMcSyg_y7+w1g95;uoR;4 zA)}^mpA zl;+5iGKOu9vW$(6^W5RZ3`FSMfxYQeCv7NR5I*NS7nI3yIoTqPR2t$v1?9SeeQZKE znpj`B$gg+1fCfTx23(B1m_=o0aT;_2&)psR|D3VJi!=IFB3!wuki*u=@llenL^uA4{SwyMDEn9T}Pt9ED{i%?EVsXhz?`o`Dq^#}v%XdA*Zr!k7+cYtYMw(og?=-*3lqLIy{5H-6>YEZ z>f-fnQ9eR=c?=SizviOxRh~sZkNDGGRS}a@VWJz`WFYxlIU9V-WC)F{#G$@|1`R5x zy#oCKLH|9W{XHW&nrivm%dfV^`0W0;olHL(D{V`I4Cx`*pwg?aHF-dXK3fk3HRwLv zeqq#*%pfR13#o$49S%IE*61hLW(KI9UML@qf%k3jGNOa0m$!I!?XVU00MK$m3yCx{ z90S$<1!RmEowio-K`MqQ4GOw2xPXddXX!vh6{1~02gBtHnCcr5Q2I~wr?LRU^@WBx zl0%_t9sel-@kkd$?gN*E=3;nIkvqz2s?NIF%c;@B5aGl_@{O&AZ$Fkf*u_wG&SIM5 z2i<H?^odP z(|zKQAEVB5kp;K17L_la;=-9IG7azy{Kn7Z9d?&n_aFYn%-RP^+?d#AIJSzz^yW!h zbBydSiIgp%wPHsz1c2QOr0Z3Q?felFcgIx~r)wO~L5c$F_57=hZF)F`OCTipH;QS@ z=I|o0e!vT+e>hqxziMR}r;b4`h~aW2JF!YE9il?BHT^I=T0A?|35@4&I%LCzoMu++ zyuM)7s$kh${+)BXAb+b&<&!YAIXAgwVkovT>9@(ws5LKMVtR${=sK{u$n|}up@T~j z$?5qsh37X~s^zlt!tn$s4bggmapTeBIU@6Iq5Oq$lD=6^4GL)tL5*r7(1NBh3yRXB zq>Ey1k+mcp#yiH9;9&t@`gC`9f5pN|8l2eI>UX~+)CI;X@0!sFyG251bd-%du52PQ z;c#nqGXk`fHWV2tD(V3K$_ezUaHk>9D!Hnf z8QUi^Mu|N!T=hki*x?9)JvI4IWfJzUn7O%BX)j#1j8-VN%vP|LbEjf))ww0Inh`j% zZvX0_0|lpygFZbN^f;}NqPetm#u}m?I%WZq!BCF=bSJp&pQuHX=E8%>JM?E%PSy1G z+2WdKm7LzuEbM1`7V}R|f#SNQ*wXFcHp^#d-bE3mF&5j zC?hBA-KM~$qR?(0OXb$Es}9|jUmhp%v9r4FexrVrefOC zgx?mz&X7|~eX1;Wc+Z(APpk`6Wa=d3w4ux=K917CN&IT02naA_!f0co=H3`!3VkT9lht ztJifZZ=av-6@*6S6&Y}ouDKqDBz!2Ew-X4qgj?7cFd~AGrj0R*tYPZk8Cj%TB^PZ; zY(8W_K|jhp9UxJ(JSY@MaIcw|VCY-7(9N4@W1SReSrlNdxvqW$s+3VJOP|tUK9KRE z))V*n2nL#MAVFF~>-I}gXP23LJ~O3P*YV!T(TYKtJ+7(yrUec6q`ZOUAn(_adgTkk ze5EA_UX>#-PMQV|=1)&&=-FlYMv<&rlpA4746_gFZ<*v2WUc^O3g(!<%*L>O@THD~ z#j}!t#7peUdiCYT#`F%*UNJo{=`y#3O0b)AAC?*my}eW98l7j%SX-HCa=wSNSgTqw zq1nLNHWM{z85QdsoSD{}Q1KW%fqNTFGf7xjHu#bq^CRSPx74)NH07t{c3pzc86jse z3_~gGu&u3o_noG7vL-;RjC#2AX3)^)OrLcrD(s(8nf*JB~ zZ1^mrdt?ABh2sEpqsb}~*GMf9#QXb=VJF~QUmC$=6a32rk4&n1|I=e`M|86iE$Ca+rh&A4xz=m<|iTp-wsC$7rB0nu<`2TU$8@57EJXf!f%zo(nqQ;J!t zB?otpWu|-VfoTVhemG4gp(8`;?xlxVy8GZZ-+xqEe6qA2c~2U)aOWz|(3veg5NkYr zI2~^XN#@YNI&#f?`g>x(zzyU*1DQ!13yu;ptHSq*tcCO|Xjk@^GX`v17=%j^kn|8EbItxZf5$H&_RnoV%-y5j7zldL%zskHOs> zH&*SdIc*ysr!qN`#rJ!_be3p!hBC>3`#B|kFc~~@+qyqlJSbs760o!=CX`udb}2Rg z$}q6j_L~mduhM|cp{39a!^Bge`c&3t<1{DrDjyLRnb=&hTuCT<9|$L%S%#@Cv4u1-o|%-rj8jq4&131aU%i=T-Q zVvm?Q<$#G694LG$d?w7|ie9-u!{68=XCBQF+5tMe-!rb6+dCKg3zF(wtSgp(hA(}` z&h1Gkw7U3ISVeG9uU6N)>|iff49I6MpYL^T_rP>oqp|=}p)j%;W=6kaG_6DOn2#}x`U;xk&IqnzQZ0icRt z!P`=s^O4>LvUKT`%E^*LMQqpiMXJIIJ2I$l= zTBjbiMOR~_l*}UN(&61y2JZcv=nliTJs0>D2KD}kt;>S7;1$i6+f`4uBP4)^9_&)kx;F~oQ$Ap8DXJ!K^9oMh>5U8SC(9ZAR{Dsed>K?7=&G-V-)D)!hJ@LZVj}i7p>*yb_akr{=W&)Fbie zOEUi5nKx$Cx zBapWpEpFPzJ=GQv=1j($-$5RCNlLdN6m`t2Dft~zasTsSW}x#9l7~NTR(4f(Y6c!V z4{-eBp8X>{Cr|JD(naDCA()$Uj(4@dzF3Sjk8@>&GrzNt*AkwxqPY)Tl%=!uX;kaT z(Vev|N^P>6<+Z`-s^*cjGatB5d1UPR({xM z@nIcbN?MK#3(sP zsPqQzJ9)$U17L2qgTY;&uj~cfv!9?-6y?`nlh$*00{_kw=WK(Mp3{e~gs2I`*J)>*Dq7Y)$E3@A_t4a{SFw zp+5tHMh==YQTU{l-!J&9eH+fL&rl!Dx|cl^rqJt%MM!n+xBWrgdr1ZW@=HW}=DQI<-|lDV%}4=X?hSj^0ZFq0 z5~>P1gg4T8W3D3bztWh$OxcPxcwW21qwAf?*}Js1YH9n^?AqZaq}4I7v9MU((XqA) z=av^Ua0$c;zne%1=2WZM_ej3{4rVQ`KTufP1+qp`o7&9a>lUoFfp@TI4`_91-&=2A z&upD=u{&IJesbU%>IzxoCd}k}Ky;o`biPA&W`o?&&0iyNrbBB-%EwW0Hj1>>p4lim zwpDe0L*1Z>v~4Niid|%q1a~W26^5QeU;ytq`t>QNE#@tq{LFN=-SeB&H;%4yb}g3b zc_YXhw4tphaf{QbttXNQaKnribiHi@y@!{1_w^sY+iw?n>GHrpKxp5jivQsm3Ic0x15W!?yq?;nO8PrqA;I}*vS9kTNm;*XrN3e@B zChaF%aQVZ**K zQ}SEQeYh~C1ooIy=%%~&49I;Z;&svF;%*(YqfctK@)J!HPz?G$kS%n8iGDTxnPhxEjF+PJD}X4orm|Ym3@>Ck#@(YY#N2 zyA;1+#dQw;%5l@qKjzNt2wQji&EsGxu!Y6o-^U%V_{@?TCmP6o(0=qp&Aacar{2tl z>Fy}}Rb5*cNq7ZS$yBSEPgSplW-09^3WvY!6Z+7@Rr%1ig-#$uXrnMez(9=40Sg+s z;PJBnoBY?#RC~oRyKtHF8jO!tr|Ud!sAW-AFY_yvMaO11Z4qH$_tJs_YeJ|=|DX#B zOxf`=qlE|8sL#Y8XU>Vcts#aNY;ooIM0~pJO|=uXb%yoZE$pAeHgd%|qtDqFSUc15 zZRkoXnPQA7ikGVK8B&{&vd|e5yGd$Jy?L%X@SEHZ-QyyMYUqm~q7H=tv9jqPsRVDh z!DE40&H!mqnhfd#jox1(OwJVvf4Ij&b}7_%a12BG)oQQ8a|Pd!`|N~K!6GmE!!HaX ztdnLbpx7K>PP41@T?ChjjkS}1V*hau6)toR-9Pe6s~Bt~V6cgvK_PX~9JnZZ0F$_u z9du1cRVyLko575vrSE@O6p;kpg1##Z zdzHo{qQYMHk#>!FnO$-{O{PEHEqxODQ|E+C2Qg<#VDHK0TtZ*O_;V5 zP>F@ASb$wCK)wq#nMV(DC!c;OFxIN4PIaS%2fj-o$<8WQsjR2GX4uqtQKo8cNM5AO z&`q@1piQ-@l*-RdYP1rfCJWx#Ya2d(al*J13&4Ug)Z6e zE+=ska)O;)i|W?=`|}hLlM6J4T4uZ<$$+Vkbj(yy|1s+iBsojRLJ+?lx5GNltuhQq zU2Jx7y8${$DrC)?i&!cZ#1q;s(=e8Fp?b6PTs5-0%%Y^L!VnR+>P%Q!r0;zNW^ZC- zRFZxh89lui(cUa&j(&RM&14Y+oqh8!MBFZcdJW8-`|?PnL2yO0voB4p5P?J@~~m{5w__8Gj_H}hQQWz)L|`sfTk{_O|+z{>KnSz&V~G`J)pL~Y$59r*m5*TCY$N|&}-`2DBV5gb?p`3M<7sbAr zD-6Vz4l9YjvIg$rC<&?9?tuJIx+9kyi(ph4yoXi4q zq+A&ZoHAV+IjIgW3EI%2Upo{vnzT;F8)KkSN{eq#r$rmwZx^ISQ2YCfF4 zxFmz-~y^o%}brw;ZTAQ?6l=>bLMg!WEH;X%u?s_n=yy9 zgtKnZCGRI6I$ffvjlowlV6I<7tIinLOmLJ^S1>q(yHz~&{5vaUiNS_-;u{x+|1~a{ z{}&fywkQm!Jhr6i(wzK|sG6gdh(8hf@+vw&G9kefp;dy~k0%|f8LLTi==V<4>I8NP z>$X9kF^PSF9I{I&DStM>tO1@JF7MuIYPNu?3ekE8Ea6PF-Im}8*nHM+9klds_(^4w zv89HgnP1;-`9&j`_ssQ~Y=$#IlF3%h-=y`+A6nYGsJ0(wk)X7Xt%Pc#{>In0IHtuH zN+nCXnv`t#(cW8EIRQfk*F@)6rH*iurEs5@uCOO6l^aGXbEX%O9=QoyqSwV6MTRDs zmx`CQ^?AH-ZY8P?fmHgDE=HNK=DC4miDX{z1k|(61x9Io<|gpl#G|JdV62j0wnD~b z(JbAsml032&C=96aNatQ4eBrpJ(q<-+S3jCa3db)5V{4tI*{6hz7?@|Jj|h-TT59{ zFo7%>E%P?JL!@_C7TFsz)nAS+UN#^PaW9lHL3vL*bu9Woj?glKI}PMtoEOi5+k;+Ah24c zB^4Ug9WxL_r&VEGN!GBwaw;||V8`(1zZSF_^^6#IGMvcv&4>}=NTw{1FHVxEaN-p! zGR1=7D6waUa*GVcMo3S^IntUf6W9NcGwc#K1@+X5S8ZJJB$AJPXx!da#o&N?{!R-< z<%yyZm@;j(@@Xq6)g-Z)Otwvkm`#W}1GddW>J?$}56c9${VsS%nCsw{VbZ$rPvQ(6 zF@>P#or%NpCEyidhG!!;>uo0j^LJk{_n1!XBU3!oEElxTiWH-F!(Fy&+n@by)HxXK zos}k=vCzVQOxMP#ItO!qdk+0#Yq=!fhPY?2x0wqge3hNLJIwtQI~~(#w+r}od#|gJECHL4zd2nrCqG#nNv>?l%EYd+oD*Gt`YMd!L$@wdr@Zw=YC{(-jY6b#Si0<@hNT7hnh z%^@1?%~7A(33g$acMEdQ+z0H;OW-UZM5fp8(NMjgVmM&v+y&dr;OS3*lT;{~6hzJ1 z3)l_X0fHZrGCCMWN`N1Vx-KuR8J%sUt;}p>|;nL z9dyYm7Yyiq#H^q4IUu9Mlw9}vDtSSM*H@8 z>{k5+X+-IxMXI~pbUi)HsA`Q$Z#ys?93#<+j?Id1urQ2`zvdoT3j08%43OtOc&%=r z1HaMh;_jXF${}V{gl$t=XmjT7y4WT@o#4=MtDY`TdcPk{ugFQ6ebLDifGIj9*_^Hs zDal(?Q*P0);gC6n!VnyGF!?j1Pp-FoQ_>Iy;S-Jvr;aaLSH=YzUvxNK%3v;I7-<_- z#6!d-c?5Pcp_HY~mZ5{vsHg&a{0ebUn-GkJP$oYmjnzBu)@i_nf#1en42` zu}*3+i_jB-EB+mnu{RSKdeX#^2%o^83d1X!AQADs1DE6HlWcbrljm1_e15>{ z1BJNK>+@@h_!{dOqTpkm9oc|imuY1gwKDUVRXmq!o)i2-ibJqY7dqVlyxhuwxfmfi zI95#PRWiq*!7Dd+YHf(-fq0Ko3Oe6m`HD}3)w&j}Xw&IbFgq{FZrM;CtnNJ?y;JId z?N3$&9veCMnB|9G{{*G=D|aMuc2#4L{q{8yMzymrJuU?0ua#88EXEzsll#y~)!ngC zqXH|>nc%~I2UD5UFr62|gl|x0LZ{u%ljmm~$vGLOoeXPtUR}=w8+GFl=f~6W*z7wG ztHcyzvn5{#g-c$IEW^E$UTUiMRfKSt(5R=?(Zc|Q2l{!cG}Hk;FbLQ2`M$BIn2}=I zTlcQTKR>O^5NaP%0ClivLXYB2Q_-a@cz6Z6+0!m>xY?ZJay41irxq01>)_bTdKCia zu^*bo(Ct0~E;tJ*8$~(xgvO{Ui#Twhx8- z(>4i>WX7cu=#~#YwVECT<*RN*J+XLn(>a7{gijEX{=zl_s+)Zf$ zgvGZF4z&-pyP1yunORgD3II=QEw9lM*{|b{p|m|alSPthwJI>}XH_t(eQedcXaPZ! zLSq`YySU}KeAb4`w#D_dZ2e1LYV(Ut{9Pan&~Kv86S|Hf=W(MH>UiN-n$tC)-xwG` z{6r)7cj<2#-GE!?l~gtf;`-K3e(6EPY`6}cA&`M370E!#RH1mHsR|MS`*#Evmg{-c-ehy^oG9vZcYeVl_t62YG4Q!OoP2N zGtD|6BgBQf_8Kt`6Z@zvHs3k;LB>xFy1&Qu5opcM19wcGVLwj&ZT$1TWlyL^jm&w2 zSF9BNZjR2(%2RWc%q;+7BGnSJqg*FbSfFOA+_rGBS!*7JHaNQA)U)BQJV(<8@!|BW@$tA}tgh6cO?(y!r<&b)&;r%l$b1jc8w*P(zgsMZO!G%EUv1r0-j43$_M+d)G0U+tF99}f%fngp}Rxi;% z!?R`f({HGbxvUzW^)p*vGIMqkMr)3>F4c)}21{T_1xuK@wTh*w9zG)$<4e|8!j2b_ z{24-Yh=OI}0s1>@5h}cJba=ekJbE9NT~XoMQ7E6t3;cGm7WFPM9uQZ6nq!axLXNPp_nun0q504bZsJe89XI zyybkxxyznk7;XW_#A(VnAYmHuHW};-SHf8i>+g zTj5ki6au6bk$alR^7rmHh>F?doq5{d-sWd_qv5yMbx6f;l%ty;>o8}xJ!1>vY^!kQ zlK312(A>mdNRzt^qBmek%LRN(O5+Nh!Pu1ab+Kl^OB%aO5`S_8kf9&y`Bnbr9mK@< z+)pCG!*t&5i`Ww$D}Ka6O2zsHaWc0`>y-4qq1JijtJUP2MBv4O1&`Z;!lQR|7j&exL6! zy;{o=grQlHck0UaS|W6p;mL8z*u3bwiIH-(Rr(^3QHJVh0~wL2b=BKSXrSt-q~PEp z;3NcwrHdnrtwGHjIGM(hg}Mqc+DJEFt07mhk~cjK-sN@ZH!%+6-6 zIq`c<{Ny)0xrA8yFj3MoZZaL-mA0B(+ON~SH>lQ$2E3?IS+H{ATeUZ$YgJGkc9V@V zemMqA3x@*L1sx)vGTCboxjZm^%Me1uVxzD}wCCr#KbZkVc^ zs>AAP5~mN|sj|i6AEX=u-lxI(+0Y!a?u0-3NFb{Z?h~hU6m*K3z0XBkc(|v3!L7PK zQ#=!qV6M1GXXek!06V+QE3lPuxFjrT+aB|ldXvJqtg%&k58O*f`t&v9={?DSSZ@Z+ zzNNqsmbV+&PvKbMU`c`QP}(K2_LGwf?3l&T^~Fg%4kb7$C%#} z2d=M!X{L94dA_ryT{x|bPh^~Pa=3-=H6df|)YX=c zfyueAk@=-!>mw)3C!Q#rw@MsgB$o<`jJNH%Fn9(e1ToZ>*VFO| zm*EriLoCLRbC|s>9ZS;-XDRN+9}oQHMIB+Yufv(PKW(l8lF=)CIi;)`w9Fzs;F-7a z=FnO%M_pNYkXJWP8IR<(_+qer0%dHMCq3n<*qLZP2OQ#!Aq+tlS>U7`@{q)yk9Tll z+Fe*t(Gi}3e>3+DE-20^?G z&F~B4-y6+?ROZX`@A}pIkB@-=OC1w&xBr)#KRK>X5>x;-^lQF-ueov&AM6VMd`O^A zX();u6(-UraD_oy%hYV_y!zQ1-y4WPay%sv65skKF`q;?ajxDK0T3;N^0FE`@jc#> z+#RERAKK2dHM35JT45KItej;m=@U0;Q9}q!iR~{cSV&7I!4XnI`_6}w3eDbuT>mo* ztZY^)qoXPt4OEjd;_h0VCzj#5NtlmycixS709$<%8&#(Hi|>w!(rU_-R%<`fj-}Q9 z#v0}5K+pX4(K5jMZ!@X3H5_U5Cr=V0BwnMaPCtBmft!d+eB{%j27woHSR%^@Ba@IPzZ&ksUxSl(K z)RrM_&4fOv0ZoK)1yVTUbbg|Io`p@;o0ha6N9uCO08@-&hw9{pU)Yz{`>z$&zlB+L<42MF{BxVH4Y z^L5}#&23OXt|HDrP5g*S^VCF*kj(u1DObFVxq^$$KKZYxHJs6tu}iaKEns{4pS8iv z^G$c&l_7r<$4KT8Yn*ZuC&Jtxk^gm@FOk^%2pa4iGVBue)sJYecYvd*sE~EfsFiSU zu=x0o#)2!yrmFY*AR>O_iT%Gikc#pK&dw%||556ckinqMh?LN{V82QCV1Y z^F?A>x8y+asdnyZVE1;M3vUQs!AxSa8nTgk)aBlBsk(9KjER0o6ZH2rmrT=N zEe4Vc3JvFqn_+@h!2I}+84ap}(ET5*Z$TaZe-TOg{|ESPXhL}_FD&pKP2B2|(hNY>2f8Ni`(^D>n+?ogLO`5 z=^E-*oiOfDTla6}zC%GD*~z;Eg3dS%e!DV0%8T(zgXWPEw>PEV=z!HTb9NAC&4WB} z3-&sxkvRSt_wT7QmrZ^9Wg(Hyne91n_5!Dlu*f!+)C!J_F^0>L0~y>@F~K8a+L$BR z?5SywhOm}vRRo!BCZ2m(Kg~QoqK2u_J!*{{n`;gZ%qcYEqZ9A$zBSlxe)5m3K8(?4 zk083l8$*vO#%CBt-GaMf{ECAy$C3RpxNbpRU5jfBxbD$yI;c}R7(zXUXUibl=@)DS zntj^r7B6##7HGbu(Y;CtzlrTL*lu0Kb^YrY#!chv3C2tMXY`;R+GSU4@5<;FsQfMZ zXV;)BM2ZcIYaIwbCEklfzy{~lqkQ}oQuSr>#M8;T%{4wkNGo8w3&Kz8NEg9oUp2eu zA|G;#PV4F9-9OCGyJvFiW||a>;9fqkr}9n+|Md5b7yc^s-T?mU=o8L+c$l-n0k*F) zy|*4dUp&Bwlh5`V1)no@DTKR~2Fm?Kl!jO>b z`E&AU|E59PH-`)CWeV<71iriLCr%FIb1J@Xg5KEk&xtJWNQxpf^t%vnzHnF9R!cOzb?&=+`sh8@j^2bDEhuvw^P(QMI@R zoBENP?{HGx|5(PKgqT^RhfL$4`}om}7~q_gPa|R8LS%yGDJD53h9H!QRq`u*&tg!N z%CyfO6+%@prB7lbRKJs>v78Cj25zF7iZA`I#*g`eR(t08`IT-~R6Q(h9H&vSh<(m|01_mV zJyxura&ckEDY5tL`Y3SM_kvbt?5Z0-Jt4fwmw9nkq>q-;B*#J{*C0jKkjX-laMDT$ zW)%@0bYauj7~4>?&lW>ke!5p9kl-jETf&{ZQ+1j*V%fn9d?!WBgW%0RqDn+WU=6|{ z#syqFmAH_j0H<#Kq{Al2VF)4Rd#i>))_F%FVrWl@BdY7uCEL< z*DN*l(NaJ(XF=fdEV2+>FLkt(p7TY=7_>8b(;3HNy1e)@5tkjl6KNwXx-HM@_vRN7 zqpq?T@P%*rb(b^Yd{@ zyfseMexXa=Py1m`!Dmi`?Imh&=yLG%BF%}p#4p%3SC5N9;4;FjK6l(UxA{}+p+Y9) z$lbz1BT&a;Cz~o8Dy5IGB|%MnalLyr(zx9j*&!Aa4d{w|^$I3jn;6Ih0RypiBv=QQ zR?T7reg*Io71#kyREvsa4P=lpSX2}yaf@(a!Ly)*mz#&|i+uBXUn#3HBCJ>mj8o+D z$Xd;{BsfK9Fg7h>b|TAZlyXaV<;Pcsz(8Spi49Oli*hZlJqKK)otw}?DJ~+Q{t9^Q zZBR&VtlN1HP)^&0f*PaJl$N-ZDfStMt@G>LY~$KL)FcSY%J(k zpb74(Vr(S*Muk9vS&MM>5R)7^RkA9Rsqi%k`j1bxz&{#G{B?SXcir3ug;W`GfG+UJ zoQD%{J#X{10t0yWfiP>wp~MFMdPw7GY=_<-4!n50M9_EbhuZgBl48%%xX7%8%?JE2 zpKakQ9IL;rdMqk9XBgnL(2qyXP%E;)H{v>YH_!Z#wcxpzs{zL@svK<~#1Wc#C@>Xk z1tlCnv9^IDK}Lzo;6x+zjPk@?`0~u?l%**d`+gl@*F7AQqs+v9=_{Md_6srzfru3) zK*VT*#gz|K@%ZbXo*KAq!=nYWGdOQYSAV^Kfx1aaBYg0+63ltzPfi_cm)^-a^NJkV zVk$SZ6Ki6ouri4?%OwO!ugW~7-4pYe+$P-rp0rDQC;eL8-@4Y47K1xEmxy3Fz4~3` zE+xPxHnwOB+e9kkn^`IIN%J*X6-Vo2Yk{m8f6s>Sm2_Q>}iA1+$-Q;J!Vp^P=W2X<5)wv(Sh^7qzDd zgw?;Y1Q2!2X_14nwTZa6Zv87%U$Uk<E1m;d7m1JywvwD^_ zr(unU>0&aNG3cVEL;J-G8oF7s zm9c8DikbHeJ2!5iWMt8*edqJdA*n8pK{G*hV%c@!$6o;UP|nnh=wu=lZ(3PFM{bJ- zh4N*uc4bGNp4A77G)EAyzrd?=S9F&Q9mIJ5xuHUN%Y0(s336O@N znm(|q!&J2)26LAb2F_@u-Vqm23hVQvK(4IbIBF!*o@C2-V(a0ZrFn%27mEFTnke3OpL43L&IC8b~ec(0oNxdAsXx_amYaNDG)aK+!!4 zQL6nrVud@*pK2MVrju1zamx`gMj0I6whx2;OcynJ%CRXd=_Z2DO_=PXA9hDb@bzjN zh$_S?mZ`~X;rrJv-OR@(a0f2O4f4xcJ$D8vFht8M+l}@eT6j199t%g(qgfJc@r6>0nNb z@;4s$1V610D0qSVZNkI+X8MG6yVmkPtdX*Ew={%!sC6N0;@tf7lVrW-61W$OZ}u1` zFoJZUNMP%h%UYQR;xVilLWI)B=8gzSLDE$dOr$SwRNC`KU$CBSuBcu}OZ0H!gYZU5 ztCJQ#h&2_ym0SU%^K0=+x@||8DHtD$M8wrrefs@aHQc1@dD>qqh#De0CB7Quyxt{j z+IN6(Q^=YlVzLQp%`tKm8@v8BN@@W$?Ad_nOl4al?33kgt4%r#fBZ#;#tQq0jYgBj zPoYb>$Hpe8RSF7vJ%$pe%2*)5N-Nhz#8h}riEP9U!+K>%-dnt6pPJ2EQlp&hPQK0g zHy2X?(zm(WLUh=xWmhcFlHyA!LbZ8(5c>a9eUYP9~vxR_ws*w2z2 z%Q!jcvor)}E>Ao8cqiDWlFidUhgh)kt|U1b;mg(Nm>=tjqHpIDn{oZ;FFx6k4{ghs zRdfEbZwrJ?e~j`@7V=hL)*hx+d@Gn5r5?-5iqS7%6#T}L8)vu^;om~M<<$&#GZT$L zX|{dZg*9{PtLb&0%!@6iRjEcXIcR5V3$O6Ek`EDWYS^$W1rREG8?3%@+MYnWx>b`9 z(V%>O?Kg{YJlHXXJo7Pd_2x zj`GGEr&eTShX(2bB1iE@ZLmd5*$z}(=E5~gr(VeMHlCl>Er=7f|BxDKFg+ma*EQS^)=%kboj0)+= zVQv;+T|bgP;UwR=jydBAH#tS<3;@z1bjUp5s9l?bJJde4}fvGQ$}rqvVdfL!_)1R5P}+|8*+Su(@io+ImEgVthMjm7`Kz<<{JD_ zNFPBZxtnCMCYDQdDMQVrEVEU-EN}-VXTlcRy{o&N!IUtPN5-e*-<~yFrcRu$iiub_ zEzGvYcuOHS%GEJpzH_IAIN!?r0kh7uC2iV*fE#v^PeWV|y!v;j4^%EdK)}(lnWTb? zMNowljxrvP9G@BlOPFs!-gX`ce-Ds4nfHQXVaSDueuHb*@6Cq-8&@I;F7Z8QPmNMF zXHOSCJPSa|(r<2Gld(eZTOq5mm%B&-5ZHxnHk#qML zr6+XFc>SE0F1Sw+T^0l_@bb{r^_im`CHx2~=frY({V>VO_iObo>+60VStPUu znq)Tfg4fo$A671pcIOQ}F;j*;QEp0T)UJ^b#tUfW5+;_j$`9l+=rwn;JjTz+SCywr zJ!;ptjA`Rg%mHfCg1ihi%>^H*Gf{KGbj>EtV9~E+l7Jp%)3HaKnNoUVM1nln*v-Jr zt&*)({FfhGAk|Rrai=8~PLVamB*0hqwi$KVx2P~oA+!F4t(lf75RuuX0jY)AHtH-9 z&6S-E?I)O0OHGry6*lGf9QpS=%wDNgARQL5<8#rnq5KhYq4_l>+Pop6cjfkJEX)yd zK{G$fbF|9Sg-*gbB1(S7LKn{E_qi!MSBdR=;wgGs{{lrdj?h>g+f@O$T-<{~+5s6dZk5DSmSQxg}eYF@9W70F4yWvY8mu z)RcJ^E$)=SA}R-gv*=ViJOlcJ0pCVSKb+sVxJ}3?@mcZF`Vs;ZtT$+_ zS_%ivj!%OyF}^mb*Z8pw%F&*JoF9n30q@rdx=`u(ZH7(n!|72E;@3CsbTpyVI4PWm z9G1daxyQRXHt@sN5y9h{Zut#SqA%;4qDZK221~Nt&}YSxJRGtbxp6Ki(M_Us^EJiX zxoZk#LKNZEm$sUwaAJ03Pm|p^wN7n;>*f=&mnA61aXU<%RPE($QKO6vdy>YYxiAP< z6#*Xgvu5|x5s$1MS3DBU*o(3Fulu@|GxE6~*nlk9v3StOlcl+P>GMjok#1YgAur3< zJUKY-5i|CZhv|$}+}s^yl(;GTa*66G`>~=h*-93`LN9+1O*d{XAoYw1=1!l}%1Z26 zbY1EXd?_SR&upq4pzx*%ygN|rq*l3rvX@M+PuJ3ETA~|d3vvv|O;N-~mM&y=zZz6! zFL)VN^m4Q_WP#+|Kh|I;m)h)VjIN#XT-qg*2 zHwhoKCc)9!^P4y5mp{P{!OlyxWAatrYJ0e<0>SvkHjqsq+Lix+Oeq}oLPXfnH1;C> z*ul^|Y|F9;DP8_S8LemU0d~fKtTGPKc7f7LjL(bxAQYtvhX3c^ss?35yBU})P%`G; z8`DQ1)i7<_J?(P;pV?Z=%9GG+JKXq$Gx!bODtcJk#Xti12UM*%<&>%1n*d#WlhXTN z^D~R(biZP>-t_97R!NNUi@1w`M0He4ydUb`LFLCsKpP?NK9pVkV;4M}35LvzCPOS? zT(z_WzRayi{n{YU2B=%eASa5lst|(#X}pvqYQtudBrYkJd$g#Wl!#Vt{!!Z3TDaG? z{ymdW?gNlOPM||NMOr(dvB0u9o?A)9YBVUiqhR~=lv~}UKUBzyB(;99xTowo$>5eQxz*&$vZaQk!AqDSq8JCS&d=LWw_U8I)62GZ@_T&&h4!+( zbR^pyA><&5f?$i;kFU`>i%%1eo-mlptH{ejW{(&wM})7)U&s{qBA6Re%0qN>(!OX1 zmsXAbdZiG)NwV8+$Hu;?{qJh*^IQ7!Zzs~h4-L#QwDa7~Z7EV}RvylUtbv!ax8-6u z5(t*Mp29dHauy-?(W=69mPW^LHq;*ycXM8=2~`#*=Zhfc3zon4ocT=}4U+z-#w%}P>69yG#BK*LznK%l zs&7_=c_O#tp(O3ebD%l;5(s8db&0I1zR-cV0=snS#7@5QO9hFx_uCdpDaJ@km=Xo8 zZXfjNL^u22HgRH?FU+yq5bi$x%82xcd5my|@rr7A%FL2}Vf7UK| zwR~}yC3Ph-CWn=VcjvPqnfJ#$MQ+L>9BL%e*`tPnwS;OS9i2%D=tN@{wJM3oP|43g z7o}Co=+sl8)#P2z9Yd1-<5bLxta zr#lPpn&Ya_=~DIyxx#FA^>4X|fJQW_IUcjxTCg?xlzD615wt4>5?&3hp!&pRV`bLf ziLHqdW6~MYNElVyXh{cl;kg_5WpM)p3&UzU)_KRdP+FeY1A0&chvh+pi`WpAD(pIr4{#Drhl@uQgwSv|k$hYrx5yf<%p4<>DPN zkxgqB^{!;e79AGNt_aHBblF84VS!e1p&4>=l`qZ*C{?B@xu`RgIpvO~4E3%tlzxBC z$d1CF{sOq$TYI+)=XiBsFd5+8zIzupSk#|?txZG1N{A_teWx;b+&)pk$cGI)F zGtU4@(GX_G?%jVV!#Ixp{!qVx{ghX`Zq;o^qU*9g#75s~_SpN?AHF;dM`5+g5noO3eE zE#&)fc@NvZDzf=_aJ~3&Y}V+fK2f2|V!b)MX8BK@*7ola^CL>9y9EOF@E4nobzKw#}9+!#6VLvP9DaGfaVwh=sVLk2V@?_nTbat zZWiH$;T37Lu5>1lH){Tlz8>JDEsXF>inm7D73;SHQ#(iYkpezF^}f-L0_nJGO#8-P z@JFo|cHt@9&bEl7JCNyGTqLPWAlS5_qWFrpM6^Q{EpQWYD``DQfcHqP=wZY9_0(MPMISKlx` zXv;1ca-&GJM^)!vT;dwvTOC*K7uNiL?7d@ur)##hTd{51wrv{~+qNpUlZtKIPK8xr z#kOsuvi~(_uhp~H-Y?ed-+uKx{Tc4_8aT#zk73vaf2tL|Xxy#Vht;%<&vVXX7?*j* zWEO|yy=D<7`tRKM_&xdg|G4on`{#`hYJx~e z+j>yNw*um9c;9gs|NNtps|WZ7By4CbfWqB2fyZr;~I+{e%#ipMgy4v!b>>y73L z7w_+fuMD4Len=1+@k7JGASWWD7b?~drb6)EC=S;}?^D_mIDXVew?$L zCd8v4PTJer+Fw9TMY@(&)B_IB!OGPxTDf*gJ!I!wqc>L4sk1dn%dOgd9-jOjT2D;a z)RW3^7QenhSCa}F&R&THJhwx{W2Bd$?u0j6qg=zPJBi`$xzN9wgA)>$HqV>^oT7ZZ zQ8@%G1_p~Nx4L98PaWDgK#iU)iGOzB4HPoxI(eLfQ$Ex&S;g!u8+*wCbtt>)q5)Ra zapy5xY@3eR2|+H0LzS+U*-jT`u(OV-T%pRg2B+|lpxTjnxb+Kr<3KzRWMuk>?zR958%(-}#?MSq^ zL$p;OoxYZCrcn9#OXz|)mzuxLS}T+tm9z>_kQ6=gPf^fTMsT3rJ-LK^{U*3=8sI}n zUt)!Cpw)&9DMfEmYY(@nNLTW&p+sgqL@w|N7@*wH7gH5FMY^n|oDotqVIDDr2_@0v zYfD)D>1P;{6sed@k-(3T)}a;Vd{v-BoI6b%h?|acgr?UOSSPGeNeYT2V?1Gi8z1iq za-G6-djlhqB)b@Xc`CoUUw|C-lY^}GV5e2?JZp$6-g9tn*8<|XkJ?4HbN3)tk7&-L zYzL)Z^VvhCOA+Pii&eWLzB36b%Ogh6mZM%h|J?2|Z~Ut%9T#xrV-j0%brmoI<_G*} z^}qI)Ih#7@8#*{R*?Z_4+IiBuc(|A<%fw|eBKF+Uh-bNJP^t2@P-KLmyNXq$ol{Fd zkQ<=cEV7&4Uh;qxiBSs+v$JeklYfcag3?nBSuuv|6SP2LrlEO(bcQQ*frMZ=(gHVS zU=L1ZLNb$6zd9cc-qZXz}Bfx?5 zS|&Uun6HK}zU$kcoM)m-Q<8#5DTnb+J7`FvTkRs!^>Cm%3(i<5eyDAV5=ylk!MWD_ zgyn8TmTS&J%dQ@qO2~c{@&N2_X&J=X_GJ9sM2sMj-*TjwI@-1Hm+yjY*NYb*XU`bwT@+f{o$XCr%dlM=QRmk zwJ?+%2-72P2feT_zNB6td#F5}(W#$QP&brh3b8}RJjcl27HGP3-|%WE09%J1 ztJd~6DgN@)mrW8^$_QNY^P80K^uZCk<`4Do{Ogs&-+ECPAkVZ0*iXD+KYil<-`WQL zq8H=eG0N_@WMb5H?RMD_eHW>~t&|3%Sm|Hdgb11(XD~BYgpSs28!SMi3+T+ql*!7M zq~;6J_>^m>utplnS*^9}h#UYv*8D0X3bP0H0MTGZ8jVEF0#Ahsm(JOWI&Rl?BH0qw zpx&3a0+T@M#Qa1b0#prZ0TRL^k4MRL!n9^L~QyL=Ny9qZ=ZuWrA z0kE>AHpyL25qyUy6RYgd)awq!?^j5kKgQxH1Q6$u4EvkeakKhSv@qVFlH3$O zZ!1Nq5le^V8|jFp%hVumo3>mB+_&j|Jz8=cyd_7OawY&@%O_f9S2)mlcH`8cPo?OB zdKS$bsvC3g2yxA>yS-ek8#xIY4QbY_7NEAQ8@@)lLLQLzi0(V^k;1d-m~$Z*(8Q)~ z)xr(ZZOyfKW4Enb7z%HH{ZxgcfhZ0;OdITugwtqD{LGr8D=#pbB)c?~ED_!PypccE^j<@J&9dUdhi5{eA)*h7TA~J(Q`C)KmB-FSeXw}# zMg2gCx)9F@2m!zBgsuz zZ=jd1p#>^!d-^5;r!Za++g7_Y*2=-tPcO(4-}lVHrzf~X7Z*8Z^}qLuHr`fh=Z!r4 zaJ~cdt5=zvJI#BT$BX#=ukUzJXd=7rSF%`oS&6`s5t%>vWyjUJM#t`+K zh@}XFY7jdft_D63J9mbhE@wY+Ubr)U4s5B)DxTV7j<|E(wMMQ%-Mx1A&iWRbHnSv$ zou@4koDe09f;f5wt)dxZj{4#PBizX3@^8Q|xdgU?f&1|fxI2V>++Cp3_AKiQw$45< zrg$)*at;?c^^;=d{0gk$6ym@W$Q0gZoy>8JY|t=S!0>46i7rrBcH3eWEp~suk17u1 zH*&E98@v^63SeXL8f%9yYK0a)ULLz2{Jxr@$g02S&2z^Al+Ba_S6g}Df4wrV+S$&x zErxSyer1q%8Xu|}FN#BgyoicPFJ?1{d|5+35_q*9N>)O0yKDBmgnyptKYA`6H?Sq} z&r0ui2$P`(nfwVzd9;9(_wR%-Gbd9!V~ant-h^EiAnRSKL_Z{nYL|K0D6lT8DH6vo z6iwrIGy1F5>8>VSJ!A(Ii&0~kcptoGMi97NeX6YxJ+BWmAZ&t+NG5v^E+3%8>mPyb zNEE_?bC2L$2f>>Tn1&n{vd3kXwsdhg;RfwEMHh{a5jj(WAOM0K#Nr=|y1RyKK0&13 zPbD`ZP_w|IY#JS~SW_s2l2%VPvRV$9ahYZi#$}&Tljaz-rYOx|_s3%6-lWE1lI@cp zw4C3;SW8d#(HnPYtatQ*+4&>@8TPqHG#Be6*7~7!@%^16t*kQ@#RA3Psx4qR4%wEl zyr{A@JF#Ohrm+_{>H9voQH_vtcUHE4d8;WQ2%FR8TQkv8ts`%&F{$}Tf}>m)ceFm$ zqAaceT|@h+ocj@9@x8TTEOU=MA>9b|e)6E3(;n2MN=B&yv$%xg>A|O8?7pGPvB&yW zmEt!&ba`t!c}oG_xR{?Zd-vjzTR?;MBY&n3Je(M@D+0Z(pUeP^inF+$v)3c5aI+6zloQ6D$#c6dFE771fUJL zRA?CLQGWC?kVm?Aa)O`Prv3W#|F29eOpTmO-Txz#|HEYhlV@tU{*MCsf9=WrOF?Am zVrXM&_(w%#syq?YJYcd|v|kLwut^Fi#TEhK|GIP$GIVp#&Z`cp^>Z}jkca7MnW zT7qIFyyUHzAKFfxQVsDsV{JF5)ygL`z(pDvcH}hSti8_9QN26zRcE&rp_wruyV{62 z9;Ud4&$wTZ%XrE^Z|W^R>Tmb2cX#;zuA*TqcvCGvWK4Ct&n1tMF(!XGIpBZC3FiVE zy0>xyF40Q~fL^2Qo?Q$z=pDS~j7`WOl^ABbK4bJf&}sB}y{6Xg&~pjfaMtPtcgngx z1|DswQqI=2DHTuOVlB3Op*42FZM9?Hvfsr>+fVyd%x-ORIR-o_XQ@fSRrHMAL*|)b z54uN3*K?^4?I8mnMoKed3;znjd(l|hB>9My>lSY!@swbufFn2=?RjOB&1sNM>S@FV z=e|+=InX9Dt9vNXih4Q24t$=F^?-w$F3M>7e$TWf2TUD!R!PB7>vupQiqxn?C>paX z!^An~2|FBr?sh91dqDWt;L_P)QoI3BjQ}7A@&6lTw1d5qi>tY-sk7-n0?c296I${8 zLDU@u%~h=E+XZ!LG6+aCbc=OnV%HaQ|Nj=w^dG{3p2L>`2qy?pTkVR0MGZ4aWGPcG z^|x>^%wPXoIMD#%M8n5Ue%b1D69!e|8H9Je()NdS3|2t!ylD%H)Cx{~n;Sd>2@&@f z7QqMK^%Wjcte}-DQ-djbF31e#tV*VlS{%2ojXfdv$71E)j9-VArI&Abmy61EkWhc{ zWPZ0X-u8eu0;!EAq0Md01wE0sTDU!Z`9-7C-l?K7MJ{;h2o#eFY->gwTt#Gf}(bdHnlh3)vvgMU?B&7yp zz2Grxp*9EC+@~k7fwof79DTJyh@4a2GK+r<6Zd=dDcqCi8*n4;Z10>M_VR0kzq1PV zf+M(8OQ^kLiU|&or_9Y|SSs$u&MuSutx0O%He_7b9o5KJkw}O>(Im&DeqN^BK86g%e0ky_8Yotwu8U58=4}A)FN8S!D@Boj--64iHXM3j@}l z!rAY3DvL6^|I320-_^@smGke!8)pYYJ4@&PDqsF1oBvB>lbLdsGX)4ZOn`vH{&xb7 zsfVGl%Re#Ce;2%*WYg#s_^T*#ZfHr6MQoN$5)80^U>>s9KMUSJFwds!Oqy z92+P|zKCRX)e(s-3i&Z&tl3;M?5IVX%+NLdQ8;|GI3qmxZoCq8VUS8H)0A#6VW17( zjz9MkrXb7dv(3ksJ<~M~4;+cYi~g*lZYCyQ zN>cQUrPuIgi6EJdgy5_B9bU3zhqpc_tn*@qI)EeO=Y~-+wps$)dTfK3#e}^}2F6eU zPSRn!7qTXcY%Mt2LCDR=t5JbTYZN?^=vdVBUl923&{F*Km(~XWfhPlY7YhCx8u^n5 z{*&;SChFQ}GNOiF-qOTY={2cj%66_5Nm*vtSYV}}6sfVeCIX3c`A^tTG`-*R43i_G z5%qbW-Ddq92}APnFP3a)Fm`k%MIR~<8DoaC0iv>I{tM$pFIo8bihu8=a$}o@No%m8V$Z|I06lHf9 zt`hB7FwBHBA~IaEg6M7FvFs1v-Gy2$R34a$1f9(6vhVPXZpl+(sZrN!?9>a-MezC2 zLPPmTi&y@*82htNg(A8gJfvBPl?+#r8))8O<+Ql41bNRgqt;R7MtW+x(BvxoWoM`$ zuh*!A)b+5JjV;KE&sW%tQL&S)U)&ZJaw)!+SPoaoc~-eF9aCq~*4Hv+Z$33;FN&wE zVV*7Y22CyP?xAVMSQgXvnaC`(LA9t@mBv}JVz1IgSu+~G!L#71Y&O$NRDJOPdL1T> zrwR#2Zp)qt*W>wN-1MtwrE1&J%TFL?aXPF21mCRkiC#;h5_2B7sDm6GsEEFk!s*6gwrW8XChj9XRqdE?FvS z!_^Sx%TuQS^1^A8!0D6h)fN|4Vjf`7O_)bZ1OoM?d!DucIb7d*(vHY_QEuXh-d{YM z+EzK&wd54W>wv>FNbsjyjcW#q+A%Rei)hP5axs5EY*fmJ{`ok9s| zVaINQ3ss9?&fvg(S>?}thLc-;B!8Kls}Z}qU1Zi0Z7g5aZ|x}^8L(;3KYix2^RMb+ z=}CU<)V8%tb#7~ajtqZVb>b)X1H=EgZVevGefD!}As+eM>O%qf80npyODDvX1&V~% ztM=O1o}!lw_{crgiF#7CNgAV-FE+`|8Y?v3?7Kl4VU729nTv2G@6o^hazp<2<4TBL z8t?`@E;Rr={aEl z+W!8#4pcoXI0-0yT#yipJ_}Ied^U8DNY)i?wY!|j3_9ZQQR0@e?o1GeK_vdM)Z=He zD%BuG>Q=gfi=Z3VPdCj@jF_*$G=a#b<-*p}{xdF9b`hFY!F0(rW%jN06%~AGLWQo) zCkH@gSV>nyu~Dl#vAR-+LB|wW5RnulW)2dZ`D2UEsh?a?otEyB@%+Nz)LM-|Ry>aI z@CA3Zj1D8HudO=8q3Es!mwO#PlVucVq-) z4igx_f4|#ai6yZVkR{v<22XL2(pIQg3LrVTFh6aA(P6e@lqmEJwU65 zkDAH1O@?uH6|IA1jIl~4z!-h6rD2UMJo-A*a4ge5e1Wwn{9@iPm2uA^*T%*jsX5^< z2iWO;=0niK=+6l*Ro5Rxs$JHFA=elHynUJb7=E)&U)rwwjcUzomL|RbHd=NE$vOD; zZtMd#uE2|SU<@Z}X}4uarPa%ESL2uClPC0Zl8UOm@j6L%_m?70^q07t=}R(e!w5ab zKEa6XLCvTc6m6|&8d_TTrh2^vB%W1kTF6^Fg6@W+|B)`Po5ZoF0VM?kprrUW6#cIl zZIuxg(D#OCtq?bc;kABUBrlup2O@SCi;bLE8nlu6y4UXcn&8%emBtWCdh<#$8-~XF zjYiD^cma`a5S_@mV<)%akkcxzt}&?GmDGBRUgdY&>s1Hd=XF#qAyi%!ks~j%*J&pX zy6!QEF9!?dFPya%^(9@vZd(>lSkBPS=pn&~MzFs4Q{lb9_PAn4jZ~Q{gvnDuZit6X zQ|$=r_$hr(274eL+{;v=3}^`|g_Zj(ve{Zh@)!Jbhvs?*A2=fr0Za)^z%RyNzq^;k z#rt=THV5}w1_PU5qAg%-0cw|o;)a?H*CM$P7;`@^&bVE)!JL8vFFr0HZ$R4{`$yY5 zeAH8N%o!VzLrSs0aXex8GTM%A^=g?yr)ys_fXG>`58^rbyR z;i`=x=Z1L`!)HZE9e10IA&1>R3+r|(>~_cBG;uHDo^@@Nex3A3$qz2hsv}u6ZI+2V z07v^JZf~N5`;rql&Q|wL%YgfYN*)I7*CUzeu@&G}-hq~`%Kz+G{>oeb4W0alqx}cB z{+<~+GZ@>Om>M(K7}}Y;8k(Cj7}+xXGe7<-M*9zy|G$CC^ZorE<^RRa{-c!t84k^>zLs9>WY|K>FK&$>kapN(0JnyvjRJL0bzeMf^wqGM(2 z_3!YnTSeDKtaSlDP4+cO_xLb-eME0QsM}Jejhhc_Uq|{)SK_ zj{+p;qy^bez=IjS^*R%^HALuG!lbe&qRTXfDiS6thIz_fAWTZvl*sgKKLsU$Z^Xlg zgHI)Y1mB>0(i2sH@z zkk@0?u7RFX&CgO`C6~C3?E%a3_)7c%JqpDuz8ndD*+pJr_4oX?<%B&R1S4_7sJ~7t zP`hR5<<6m7b+8CTd%0!R{=}(2kqXmb#;D8NU;4bW3r2V!eX~_FRRf$zr6a&p5$3&C zTnO4qHOUSZN{mjFO#U^I0y1Ky0DwK9=h_+VYC=K9W64q4>+Xfq2~M3Ne13Y9n4~2m zIT~LF^Wd*gSmmpCQe-&P6dl%EgP(bPd$dGZ>zHI6WdsX71Gy(%?YscjEV8o~iEJo= z=`?c1MB8SM)Kk`3czuLmoBOu7`E@44UcN~LoA6B>whsn;z`4lKS)@VJ&ob?M-Q>>#!z8=gEbzbI%~Jvvl`1!V+`b^fyl*o~EOgpEo&njy5fW0&sTTjh$|# zomFsg<%c=PRlGJsTmRm)lw@pw4l>D`u9a<_}X} zTtc+qko{zQc+PP!d2$^I9k7d`0$zy_;B;}z`Qf1 zf#3JUYusOT_eSf+W~zGF^!YA#*`|N{Maa8XDS%?sT-o#-C!&G8uc3U%{zyN-`$l*MBfWXD? z+uLm4*T0@g|IJ=Ph&1;P0G+DR--X}*Rcku`*BC!j5a4k{CCN?v!KM~>9zos`h#X)d zNkXv5_^qt2b6r>3<8{)Y6X5n}V!VB~dqeC4=~DjF;&_CJTuJSVRs!|a31D$N(E?+} zzDV40K=Ap~;uz#e`P~*|)|Y?3*^(6|RM%_z#O?pJ!GL z;Q=n{&&naFG&4SM>Z^h?dIgL?z<*J*tmkvYp5{6@o4CWZS=Q=j0=gz+3z-+w-two5 zlCdoOKl5nED(2FM9;_07Qbxxyt?7rJe!-hOeL>&g@4Vj9W2`@)T>MFS`eZWrY=O8~4*C#I2Z6>&M^H|S z*H(2qq~bG)&F$+8LaAFyR+X9|s{t0rF|qn1@SB-R^MK}WcdUw<^hqC^sfa^LMR&Mt z@UHV>csY3TNVSsn32gMy=i&Gy_Q~X%Vt)U_1ad5+uoVZu;h4yOb8O-SaE3eo*VrUm zW8H3*9kpjs1#ysZNe&&M^Q>l#RVW6`4XK?Dn*_unJq2s5h+5gr=E!j2-pDopeyKyx zW+_|WCM-!*ITCR4=EnF2*Y}V|fIIAj4|JsiiMO@j97#wK`90qs)m_;0_}{9jF{L_{5aByOaT#^itTD(+QY#s z^nfb}>jVuu4}6UPPH_ex3GL^LJ#D!8Y3{bfor^~cm{JXs zs5V8))VZLNRwOwzMKHZeR>NS4x!ds-e~+#j!9i7|DT-kf(t{psVrcl2#)C#h>Mv`j zw(OZGMwGeXv={UE5A=jJ16OC6i7ov1ffTCJ;R~5rrii=8=n1G6VkXcgC=JtCte=^e zA+R%H`zLmdNh|NHF$Lu4t=J^4);0XwkYXJKM1v3uDc&6r@vY-Eg035BJl$a`g<~z{w_29)eaevi4p>_2bgETBbtFA) zojwyj@foz{nv;S_tX^|A`czoTvc*XGPz|^*JydEbl1fGKrbd57kpa?+4>gC+Z=u(R zoAXOF_`vM+{_V7>AM9OjlU{BB--q~79uEzEJm8sZv~R%RYk7rLy&uGsm|&S z>NL0$a3WK)R>h;iiV6DGx*O^=PZQbIX{qA4y-Qa(l#u?Tkf~5A6c#xVXeZ_-qXnOS zX5EZaZWeO5dd-I2CC#cJ9Fxg2FnMvO0v*_8ZnnLDYHW*!paCf`?%xp(LHSI+IvBIw zk~}&WLWS7rI@q2z8-u*yxXVaMS%qTk0L7xq8OvBhSK)`(Yotyv3&G3m1|wJoT6Gq1k8*vMRNrYAw0R_W zxO^nIw4mSDO_Y#R{)oJ`N9@i4BSKp?bvz-sX(DQQLM=oK+4w}4OF8=}RpiuWMyg7c z2Ac2#1v8ED$<>S-DZ3ujti(S8NTsGy=2P_B5i(`W`TJ_txj@9bIdrVgn%-vXasvHT zCrA&Qb@`1AIt5Km^~AI8wt$}6u-gU*F$@{Pq7)i1S$>DX)MNif^0D)ku0Bxz9p<@# z(dV`i7xYDObDpqe@=s}v*?nCn=hTCE-|}m5EXpHOZcjg?r-2`ejzf7ghUL`xi?Uc7 zYfNeZ#}%;5&{@9OUsy89%o=U9p&L`%M2rpJl`N}rkGa;JAa~` znr-)`T5g{mp7=b4&TaUADWGFW&j`$3hHL{HlsC z(aes`&V@N6&4#C{lpf;7Jw4N_``p)!wSUV$W<;9Cc?>1}BO6 z@!8z!B+ar4k~2SU(xCU&u%AbVz8{l?n`R$mtOAeOwt6iQ*KYBDu2%4jQc`%B;!+11$ zI9wwkI*S9_WF+U@T4@0LXrPG1yK?M`Ap5M@u{N?PIl zmZKcOn53gcN{EIvlM&u0nWk6~eqts;Qn(aIkCwrkvK%;T(}wcVu%Ec-Sy?f6m`$I- z4vxnmJiZ-zdd+^~yO>&hm;Di<%utLTQ`-!!aH^7i64PiA>KjMKT{4*JWXz zknbXc)XN;~IjRC>>NOt+QYHXb`+aD^td};`^fSGvm}kCRlMRoKUP2Ac$IkZ*c8P8c zr~|I@dre6Z?8{g}<^r^EyaYMX5tOPDRk>V?q|iO}Y1|vLw=6Tx620aWl6!s^!u4R_ z@ArMTcuy1ee14NscHI+~r;j*ouC=x6^TVB2hF{?97c1R2hP7)Ubpty)f&{wfJGlrg z#a*wsSk{21ld32}=N(pct*EX_7$;d^_w>N$G9saoh(uqYVs^wvriz#k+Ydw;_gEuj zi>uM8{njxswB*Uh$kfJ+Hd^w82bc6~%Ru~gcn9G*?;p=T;UOa>C1h}Z_G@q_M>%{` z2y-^?-+=Qnz`WbwA9y)L-@kr)emj2K?}37OVH8d{*;36WW;50%7!@MGCDaaRz7M0W z(;{n$)ul>YaSoPEeDMz&%(s%6R{Z#;e8AKRi&rvo%;)U3ENm z`;WV0)xpM-GCm@`$7F#B%_Cn>g_ok`TkqH|PL9*nC>ky7>BxbXo6Crxf<*}q=Oa3m zFUUjI2_a{*bH*z>e4E1wv)6u{*#hqJl5knQ(c7g=Z|#`2D&dO06d(`U@{C~^dm zl_KVJ+nDRW*3Z_nY|G$$nJITOc0OPCxIkldSBYj_ceRk9JX2g!u`p}Aoa*s|sQ|Pc zkS{wq78CviA$?zDxswp3d6JM%a&d=tac$_jJ@G~%)8W$(VtLkY&3Q~-VP>m-sDwR< z`<@}Lf7t)4EwOs-lDz^jq;C8>tM`9H_&;O8Uq&@atMaRYhyd#cDoG`V|4iGtsdqB4 z5}hLPwjeY{GW)~uXT!^mQ#rX8R6!YSFaBJ+SH>=R^M#S&&>zY-atBvGiLN=c>VP_l zcN(^sFu}}5^D`SEH-*`l$YufO9>|T&f)nc&;Ji=$f3Q)G2wDC}I!Gc@p0Qxc!D=d2 z6E}!B;N6`;#q*DM&g>Du1kYS$M4}4QL{&pnX9!7GCT2kcOOhrS09C2yL|4ryCM3mf zkPbh9nyrtAT9`Q0B2@vYNYcSjNpPo}i06j#mZ1|%UQ{3AN0_&n7O&nNB3yCs_beOj zp2U-G7U$pC(YAjF8fW4*c8(wYR<+eU_eQ$YE>vDdGp5pKGH9LMj?Ec2AcoAw4*Q;d z4mwwK0X}X(IJB}jm-g0knQFRhsO}_jJgDz>bh)GRy8Uo2%`SF6mV^N&e|juyk#+3> zPb={m38!!=DY;3gldSVgl9Cl}tL%y*?Sg{kiM5uTZ8?&6Ezj0k8fYz!FrwF09S*o* zW@2>Uc46NyM8N-R-FAMMHerlQK@&oLG??H){K^O&?;=Z3FWRrIU3s z_~!86gAd_RaC#$K`WUWfzm7UAYBTb;)-dty`6{Iz1vFQ^V8>9J>>FMu4;%*9;_;LF z>^ew#cz%&yys~9^S(kpFOsqUiyXqcDx(XVIzA{D;;7SV4&3qa%G)!I0dgcg2>A#eF z+jjVRWsc&<)kOE^RtELKditw62FCB$#nol(sa2x2yX#xk{r{M0i$~DsQvi}7C&b^R zfqy=Lzf7UNsPx&b2qJdhqLJhZCjq?N&Q8dRRm5dRGn5fdnrB0Lb?({gY@y-$l`m57 zA(I|`>_XI9P#b5HnH=_^+olNghQ!45aB+RqbyN_&21vdkR+cm+T+wP&#%3Xj4%=b7 z{DgbhNqc#$d(zHE5lKy2w9--a<4nLZtcP5w3$UMrC#_$OZSdD(4XBvm>lx{xDmD5` zME`_=a56fd-DG!d^$HR(sD30sTw)zNTBKQ@~;j)b4IxKx@fOH>ihXI z^4}pyYPK+L6qD_PYDHaz?7If47kfkT%nofJls{9#T`Jz%4#Gq!EB%InBjN7c)>e50 zKOvBt>tHt7k9)=UAa&SC$Q4jgoJ#6L*jZBN-$ z-Qw*+IYbVRHbSTf^{^Q6HT8(7vwOlh(gR<#G=`_CPO`lV*`rglLQ&^gkz|0d-*+}5z^N2I~CL*}JSsb2WZvHESm=d}nYx-L<>pFQap;8bkfA8L4FUtU=EU9>Ju zci&bDdsTkYsPRO{tk7gAE>F$fa4ebre0@E1zfDxx{D31o^(w2^o zccutrtHn&wXSJBt^28Ke%fm#vggo*b1E*UhD|hcZ596`4ro#`gnCHF%Y=eEM{8e6g ziURgIh*{J#$Vs$82wCa0N?4V(Oz_T^9dcdt&QN=eDcmN=h6kUQtUxY^J-h;*c*Blh zwWWlsbIq0Z+2?T@+hl_O*EhW9|6y*{f0?Hd1{kE^pg(>3ThqNipWnYu_p;Uce*a+F z{YnGgkDn!Gg#q{}nIh9523#J=vr{qT~^e+%bEY5ysN28-tkrulh+v zWHJsaMOH?{-tDW2ahyqyH?L2%+rpwc*!V$e2C2B@U{P24Wyso06Wcn;%x3D8PyctW%&W1;-d;KBt&wJ6iPrrhYvLv2IiQ7)E3YKhj3s6*iv2dYvY8wW;K zdKhS@UFxPP;C;l@u`o|L2Rh4v9vlKeu>*tqYXaJsS^;UrD-S-T`A2uSoaWzlX& zqhuMeuJug$!A~651i5Dx`rQ-)#t|+j+v%6L_ za~Yj~ftZVtf+Q!B9rz?qzRk)@p7=QXygKIY>><$JkuiQS+lWYCyLIREV8)%RH;I@% zVB!WRAa8CT8&GJ5876?90q`Y)9gi3B`v$jYQRNzP|jOCc0* zabtwOSTXjcSuiKSoZ=^W>S2IkBY^i=VF@bw;e%ktQDI_~DTVB*@KJC z=+y)8?C+K-GTm-_9GzD`)VxHx`KE1Xn4_Dkb@k`zOI)3-geBuj9c}sSF&tNz?f7<` zTl>W;2cL;7PoJ~g5Q~a2zK_I%v!e0ws7!X*okM7C7_=jN7-+KPAcVnIh8iL!jk=q+ zsq-|`C_R4jUK~G)srmef%Y2uBm-HB(8bkb0(`=lq&SJ@IC=qXwJRsT_5*{BV(1N6Q zv>I>k&bxM?z4IqT%`o2D8#ku z@vLaOv_=KJ91eP!bjHjcbv;fJl2nquC=oXEy&ecm@j#O{6c+$``6-lFe@45 zGaxwCLH%2`!CwZ-U({sm0gcB2Q>GYuW!CK40;Kf6Yb4p~&euyabWctdek~A1j(Bb6vA$7C( zf)>*yiQknC5uvt={ZSu}s8M>QH#61YyTe5Q%3NXYgZ1K$S4v}j zgLXAupxLHeix=CI3b&c?_D8rnI~}0R*SagLuH07`KVj0=sC$IUIP11-ef^)Qr$ZqK zmDZg4bON*sQS->tWaFvsSGz{fhQNRg366tA43r>AROLCu6`9@{#a}@)Q2WU-^4ESK zs;D@Q7z5RBL$X0bdCVAekn3oy&!$b2SNuviiXu2VGB66aJ1 zXn}g-(wHG-G#aawz0WkHJ8g^u}2U?!{J?}3vP4kPF~>8dMKHqhDm zR0wq%(c}09OZ++GAAnX@7r#(sJ{*(!9GZ0{gW9*;$Gn-%WFfi_)FT70(#d`{%c!3&7!sD3gsYSR1aTeoYLKB-7LWt@OuYa=}8$c4xrS?O^IT<0Ni zM^p+oF-1GrJSd`V6c_6Obau}o9TWB|tO842qECmVOem-zw>#Y=jxY5+Yx%YgxcEZ4 zZZ^5((r3D z7tibxgH~E}tdQL(z*U+q08X$>5His=`OHIDllRwM9e4n;XHUi?GY;tHhXCC?^Z&{# zC1U7i>f~TyZ)f_C>yE0c@+eBEx}|h@nA-GeiYK;RK;2UTUJ$HGRpeT8;g-M*2QHjR zeQqU_vJt-`H@AYwp(9B3^xi3V`B_A?tvvIje%fAkFX(yaviSY-{Q$}fCqt9kLmRIM zCj^}2fOaaTNmF4I2rqyJTU6uj%_ok{gtntAi3N$c&lDWoweAd zRr*zRncbtiA5Z0CU?8p4v;#K8xE{IOs>vNzg=OEiXW)y*mw9K|%9ga}k8owz^AzK! z_Pa)Kv7kjd5wpqBpnjGrNC&iTasy);6A?kKE~$?Q%^GyRoTU& zHGIvK^J~V&2>J&3aU)=3Nv3i9Q#(?|z-iD)!$iX-4G@t7$vR~RtW`8)kDElEE+XD- z3%knYs!Su1TbpW;60q)BSq&1ljP7zzf(+rWRbV4pkebD@olseQCcrRx?E7(rNAb~l zvo4=wMIk9=AQ-H>HtDK=SW{?UK5*jdbh_#kKxBdrFutoa6x}UBSjge!Uz48W6HC(= zuy#VEtV@{KB23$df5~rzl%M95#rKcJWDaHwb6g<{#FX7)osdN*8|;)&Ldpnh&_^0O zH`;Q>p}c^gd-{YDpaMy#VVOn7Q<#!Vks0hIGB`t%{TlNmLHd|qRSf>fc*m0Y8uCQ1 z8i98%eM9x7C?}yUnLgGflOzVFO%gVPU}(6En^5fz?A8(il{Of9XIV#bI{TLvhD#S5 z-uHdRcfk3)oumj+a<;QwlUvraoxxK4E;#}P7~WNnfwqI)k$Kc=Vw2nl67w>cn^ZU? zr*D5*0`dE8Xb($IF9F_#Frd?5`I~Qp=^u|H8OlXP3^nvaDzBYR$U)RWWC#qVDHuJ8 z8Zt#XKVID?uNW1$wzgJkg%yf{fo|xFzGENWnud;|ARY7tgOh_-q1+MGkvP!WKXt%lgZ-X%)Ga(s}^@zJ< zmt;LcuBf-!`cH%Df;k}VkvE9DG=+L<_D-iUJdTk0m4C1${{&L$UlW$;l?pYYep)9Y85Q@0(CY47406UK+m8?R?Uz1=c{Id%`I(#o`J`+ zY6P5+s6(i4aRgT+JpE?OC=oa5PTFflxNfNfliXSKVTE`-b;(mXxL~9Ea1zMCIY#LA z)&suL)kCxg!uzU5! zp&iL^n~%VvZ;TXY=jT+2ob||1tpRUI$`JLO=_0OAi`k?IIfbK18NU(=SKgS`S15eW zj*AstFA-zIZ&p&M$F5S3$L~WlazGtdoux|an<_Bq$j}yQ=LQ8!hJ^xCgFUAsQ~cNM5pXXohaU+8IStMb`M0ck_KYV>zi% z#C5(N_T{xXGbv&Shi)}4_o|Vg*C3OicZVaO|HE}1Z1~OF$5Lda9&Yy88h3NMw>GR+ zbxm3{t4zBZZ82VRL`@|SEx+6^#jjP5zK~y@InAc^jG1J;`laLho#q$M zmgGpB5;g3@uQbQ`W*^pQIOR#nTa}tmxhFlRU{``piOVdQ@tejcYcAs1`8dpsy#)nf zgs?&|ABUfSJM+vyA_3F>Ccnj8}Wk1L~H3hxS(_edd<@X|o55~`KItD%kOnpuQ0`jPC3{UX^L+T#QP z*e>M<$0J>CNWmpIFzJ*RD&&L#*Ezb*dPe^^#i)5vZphHy8cOtei2~+z^quvLABSjqxe-<({_PHd%-e| z8dgFr0WxrBDVoc5!jvxZA{N&nz9lGqIud_(*=#&s~mH*7dz+iM)yVGZ)%Ok_pT$n#Syfku%APQBW?`K`b2+zi_-|QO{3#2L;1oe z0V~*z8QpF~c@XibzX0@Bj0!#6l2H^A&WK*tFkgw(Ai|9`ViyU?oRB(&m^`KMvrZg( zJ+k9;g!(lh@(vW~5P8ucIxVWUVH86=l0bpnTP%Fs;Itjkd397#r9Y}`8`|;pS?rK3 z{svY&%ulzw`)v!gyzgzv9%p|c!oL#*uMXPj9UxJ-{u_yc`5%cQ1eb+@ z;1I~=t2(cu65yWHarA-V2Fk6ThM%skuA0g$Tc&wy^=FtoNWTN(SQKYRWO?$e#2}S= zNjiCwEO}0m?eyTG;6_Mulu065qAVHCI0yc1;Qo-{C`b$xdLkX^wrB^gZRmdG{^a0F zNDY)4A|08wSO>ms@ctM;{>X&nK(QmDrC5`0i*exDhVRb~?u2wlQAboqR!6!ZT9avu zo08X*YsJo8-tV_Zp_X=oRq+cR94k{OsA8w~n zhqY{lZOfUgM{)jzIlMOTNh?qLera@B1kB`Fr*R1O`-CW~&OUd&s7tV*o+WdF+eEOo z@i0q^;KL71;)7Up$p445cMQ%f4Aw;_n%K5&+qNgR&57+Vwr$(CZR1NOnb;F2H+!Fb z>YlsrpIvpTy4I@oYyIiByPxiUpXUg%9C@5ZeznQ%mM_eVNTEv_1uy6^vP<;GLPVtE+m!o zF*jnLsOxo)zkB||K7@nj??{7j&j7HQi1bicb7-QFyaw_9`nLuSV{+C72?mBaad?>n zS1LS%12-z&8Yqd2kX2LKd78FEwbm^sIwSxEmjrT@kPE&fOJx!O^BBl zX-&vVX}LW5kg-J|33=#95dbm|<=(UTW*$shNi~SOcST71+JZP->=3f zMysLHe5W)LT~4XOjNig84lQ}f3+L2Aqd`)u<`iZe#^2f(Bx!DZ>$L@afccIy=&+76 zc>OGzf8(#`8))=pXP}bihQH+e#Xa`q`R4NsGjb`mZ1=#^Hr+Pf-r%urqb`7kr^DUb zU2Q$MmlveawXL$VW9r$s;wCfWTBdMeyJSXr%;QF5uk9wC9mU=q^|`YU%b`lmJD^eL z7~Ttl&lrH1nDt;Y&)O%u#(f%HSzyuV?Wd)MDe*Uo;`0Lp{GSLb3LmAX8BxDzc^rgn zIJ;5qi%Ebzn1*QegWMur6Tg{3yAmPH+z;$#4+I@%140BkQ+E&n79S(5i=$s)GsM^-$_F`IOvDK@#} zB(~%!82FSsOZcQe%s8dvH1I2Tn(*w-m0?zX^V-~cLvVt58NKGI(U$3#xO2B{a$02r zcWq}MHK(6bExzHT&BwxQ%e4~84iZIh^_G&=g+%%DmSfxKK6#+KzFT3;bddL#u%w8h z^I${uln8%tJ-B`vqeU{~kZzdM#R`$jFrk;E2RlU+L^}Y*@WQ1vL!9Y^AsEb}Y@FCq zO;~;bv8o5q_+n}J;;e0l8$1x%pR@UGN7-z}YnYhyT*u%RP+7$trcpkSk&UJ?hL|Oj z`_WL9DJu;D8ReK9wh2PPmf~vJArcK(%ud9|k+chBsl*IdVojEkBGsZQd@;%E0iMRF zc(=@pK-_j?SQca4V_e~8Z2tQGzoDTL#9!`3uhnr^C9wjk%g5}sMtDIGaz6#hy0TL%k!v;S1IceOGh6a8P` zBEQYe&HhUVw?sw922~jC)7;%fhm)hCL0h%OdU=M!t%r|F4J`&LFkhsY2*Ru}$G+9p zZOWYVufv`2fTq$ZB9;El9WY8zoUchs2G_^RH^U|C-uHx;b<2O(0i+$KD}ZnIjA}po z!TOFXZwMmiLL47Eom-Qej>)o$?-*`UCW-hwsz1gXu3B7p`~GLk6x`aT(b1+)FfYFm zuTdZ2Pq4JN!7KNlty!3)};~o6k8bHK=B}8CErT`%vc*^yKf958E z*rMA9QKGhra<42F{xx|_miu4~=2PMyiyV*wb+uuyM#!9K1a z_;5&n%IrtqhN8tDpedBi$WDAy)#5`*zLv?;1zu|Hd_??Hzx+{-6F?qiUy!DvadU>h3F;FCHmFTUgjS zChMt=5eI-Hkf)@h@aF4p>oAgwgdCqjyGuZ9{s}#z5&5 z{-l{WOy*!^XEI*vaF&~XH_djV$2o>|_Fvi!yp-Yh^~#+G5jAWVv7ud57Ma=19cQ=( zl{9NO*W0}918-eXI45`Z zT7y#>d{EX7KuhNIns0Lq9z+KaSoK%fC`QC8{%L0h)_$_GGlstTHW6t!xmDCWR~fkX z|Bc*e@OV<(-^auDJ95kZ-y9Fc->(0^^D$+=B!tGF#N~vlo7oCo7otKW1dQ+O4-!X~ z3P~#|hX74M!ljs9cKfrQU=lp25hw;B5`nnS`vY3@hhRYaVRBHRy>`RR_F9LS`sER?jtjnl2VdNpI-^pFMi z_2O7uF8hJIJcxSO4wUE>X-0lo*7UJIom}~M*O7>W&0l+=bO;C$AOh{L^;CXi>f^Xn z%Ic5#DtvP?5nn%Eb+w`<QLlikGxXKrl>lNp=at*_KaDUjZ{r9y*E^Oi+~eQ9QOG<00m z{-A%lnIC6QFcG6Bf`ExZ$`F$!g=C46MUW*SiBPOf{6KB?O2=aXOUmG4Jy^8v5vNtJ zdR+X~jYQ3%uFPynBBrddwPI#N__`>tE>8G*6m0V{@7AJMHQzIrjR!T_LNg`4?)~+) z_vHWeCV1Z!butU486KxwJ`w@T&Q%VKhyBBK5d<%(=A(hJ=OR3y2Z{jOuG9YntMy8t z+@Vqa2ENU>4+2s|a+j}!2>l!w5DtNd-X(~36A>w?&Q}VQWS|>}K#ha-8w@2pl%~v0 zjL3BZVjF!9hmJf~JilfHSdf>RgnA&%!9E79`zn_o(ty&8s&y9w!HtBOa^w(8A6l1h zq-w29_XPMw9otG&yeQI_8@2dlso2drC7e^^BlA!rr(>}BTN+C2BsIunsMb-*)&~dt zf_&FnuX4IA?XHcm&@|WEd-#`EmT)&_5)b^8w|CL4t`ACT>M{=AuXajcVH2+A%CRYzQDu+2MUp}Fc>_IjL?|cD# zmJ#}xIWK8-HQePIg0%$K?*mOE`j77wgAg36+EfWc9+lF>J=jk+>>4Ku- z7*VojzYm`3^diLdV$uW_I{PlSC=J)VqmdYk;}pu6?PD{P;9FfOMfhW&1lauy*Kk^# z%cAPbgN1sn&9xtYYL+^861h54`38HVn;w0*$*UtnLTVC&jHwRXJ-z!kYtLXMw}M6N zJ#f`=oVl9)mWP8kdm)_lG(C3)M;vz^acW?MRSR8*du67fcw@KL(Tfaqsg1l?c(S%q ztA@*^2wC2~cwW--MFL?lCdor<`ZH+$T^_F(_wcy{%V#7;<2Dnw417Bx0C#KQcvPa` z3}TziFezZ|HVhYD#16x;DS#eyH#ug>BWk~+b2Vhe0Neiah-K9i1w*f9mn~5WVfC+_^opsgDvj^3dLqlHH0ZRA&F)mH;S`E*4skfjmL?{@Xq+Mo{rm3^e zHcVO@ylG82EF@-LW_2j(*a;u3@+^t6WarUiNjcOt^gZ}7IjiyA#!UlUu}~K2(AFEY z6xS&%E~z8R)GK2wpLi7z1qgQ=gQ9_g4H#2WOpZMO2bNn3RL*pdCV&ISEe7g6ztM$h z7auCb<#qW_s z2c`0{I^S;-rBTKlbMn+X);?;+75>q21|Ehv?Tve;rkD1DP0pX!;K$yV7YA6^b%(w_ z%z?&JCte4-=>cOvTclaa>TYkiHN|?n@B&>LT=v`>GK^@9MJ|0afa9+07gp6u)Fx{; zOl$!=;ngB^GEOah6RBszGPp%DC$B%KJ}sX~6D4D(2`Fq$dUT8z$1ZIx$7E%s2C>!- zRaHs%*|_8q^>hG}dL3)NSI6|&!4r+X`dNwBYV-jQU`|&$MqTkk8tt{`j0~e8cBtxS z@@*9Tr?js7ru7i4PnnR8VVO?866*GHH2HFnjP>E_Mj-n#;K%QxK(Bczqh?h?f0c`2 z`$!Urk99?FN5q}T@V^{*C0n=PJArA^L)4p5drEM5^FKc2co^mdd?bROgMey6&?=UK z9j8C&^T}Q;zh&wot*PZX7n$rzcq>vGm!%=C0uUOOktgT%TsgmRORkqlT@m@EpB9^3 z31b#M9)9u*eG8qsrV^C)EhxW66O_z-ODgg5Gpqsl-p|Xz?_+NM)SJXtXYUS zFqCFHTg@PoE!&H|$S@Yb{v9JAKuUR#+>YE@PtE%bxW+m(f%lEx%20X6^AF|qutdWF z17i71l4sP>u%Uaa539iicud~zk>|1*Y!aCaad-z$$0Rn2lzcPzQB!OED&EfbKrbmS zFPF-Y)mN)89(MwS&u8zx^u_vS$3?Fd`IxgrW>pD_yfE8lj{^U)rHYl+y9$qx)iR2| zkl7m=2gZRYR+}9=a|cWN*uc;VlvjQ#75DmfTzm30W|ei^%{e*AwT>^77W4Kxrp0_04uDQp6|Kzk5$;FSL{DZ(-wHFp}tg z3j+8p%zT_Ncjf*tD{1FCQJxpi>|Ce6(H6397Om87?zQJ~c87PiB^*eH&-Hh=W^x#$ zAD!bL-)}DWPvl0Ns}B-w|IBL?YoUFJ*yJRtSiThGsqn(WCn3d_dd8MCD zum(4!ljjajG23F=cVR(mF+X52Kd`99cs%Qww5W{z@gPfXq*Y~}b_HZaq+9jbN~ra` zFujU3YLSI@DESh8me15{2N_K1n~>qPWJUKukq*LzPdq0vb$+*EqWfS-@u2gBS9C^O zQdi3p9S|Mc_VomIoA^3sZWR3FrAb0}+{Q9{dq(Vi37-34P%? zB|uc!HOD;o58?j>ef=L-(Eg)6=4^c=!Tt@fR=zju} zw{I0Qm*2Lo|5e!j(sRI7N8(>wyQP@raoXXMmJT2zt2rEY$^?a2Ol@U=|5;{04J{5l z7}e)y__wKDC;I~b9yurq0j!EIp1&gwjL%0Q0uhl4Kte&}yFo=VHt%VWZ>+T(nY!5C z_=a9NtnMvspS`!t0o=NO2krS##0UviZZwhZxzIv}jSvWp?zysxgjvSc@lM*PIVe3| zz_XHs>6T3t8`I3Mso@oE#-S|HtCUn$WkJ1JFjvS^=xA8;bQ^1eG6eN$(OkmV8RttP zTa7X%ImQ_)rm%;mw`@R3=#lEzU{-Fm0>LsGQxq#BCu^}MY&+CwvednfqpQKRRXs^P z3w3qqaiYR%Xl%@ui2n8$1ZmaBLE%O3jC?*EH3kTZOM~`g1X*QQru>3G?=GYZlq$_u zA2BmS_qhD|F|9$=34fNYT!U^0!f%%umO@i$y^`PjkduV-Bz9a>DKo<4B1W8Qyo;Zv z)*ulr7Wu9@2?#yowrEv@rr)4>8!W7Bzwkc4j$?m}7gQEO6R=zSy3fk1~dWCu_+ymtf&aXCgk< zl#cp61s+C+;(W=~@3AzsJ6T^I`*7C{5-T%jsGQbt|y$me$ehIURw0E%> z+A@G9>z4TAw$`hyQ`71FW^&qGc9-MUab=P$z~TF_aYs5h7>{XWmrXeV7BW=LRP!6j zcU$(KfOd}*FBw1La2W>?aP1&!FQgmEAbdUKi-(5;X&re1IE4GRTVl(nJ++3GDkvG{@q_}<7n*tCtQ5wmSXv%>pM2IRR4$cwiy?%R;AJo(DXXs2Haj@rf13d( zxpW??;Q#nR^-Z|`KNCs&Z}I4VMWPlSXieRfm6L7GDTpv~R4LFvp>YYUM#^Q|We^G` zXjxOJEZB^GvV2=mt!QPNm_F?qw-#w#5!4hclO4cnCu5BcW?E&9U5#B!#kcakO-;;{ z|E%xzjwjM$-PhOS8lyY^$#&C@%dGEEQ=Z?G(GN{J4Dvx6&BPydz!TI8?vyMd&XVn9 z&xY(bB@z!OcusUce0a)sh^GmCUCp5~I_JvvvZLzMjF-K_VQK957s{=UzTjW>q9=XGO0ABK3#sha0cj;~+U?>V>;xhyQleL3U zraQ#y^7vQ<@I`*h0!WkX76GP_=}$~)INh58G-SKOoO(%at5EtVZqHHr23|i(hi%CH zWPt<#Z}O`okDTFi@?D}^3BdOsrQchJ!B7xox}||LC=Ll+bhq)tIvM>&fVNv=$@KS2 zls?j11c19tcNFGTsz=g^Ss!5_BKfBjFpm6F3>bxCkoepmv2CPCc zNP6xZ&Xa!c80IAV6ag}lf64%}Q2gm{=>dHS&pLqO^)~We(%UDLIO+G`VR!P+w&5qT zPi0^p*{2rp4drXl`BNRZN9IR#dyOKP{EP@7Y?%3)m~jFSvQAU-y(DMNp@2gbCm?NO zsk9e6${r*P(uO9J2uF%hCl=pGC(wyUqE)CAOEVA9zUwnD&@LjgOnSH3pGB&V{Veju z@8NIgT<>446$UqGFQZ&FSVhOjihw8bz_G>^RYwN*U)fl&TY%78$fbuR3I538*ZD<4 zmiG7$4o<@RCvKshj!6g}v_`1)nGWgWK&Mv-pe!z&t)sG~wxzVCv!%JE@wdE5)ML3*kDZoPsnoR>g($7n(v7=tcbC@ ztE85LcQwswaDb7qr@DpWi6L~5GE*DKz(`i~`UYy%#%2%ossSPSfL7sdtEGl$b6?WQ zYN1ViQPQx!%F0%snQ$}X<|?wz{OZ<@ytB$4fsN{*ZHzsD9;-+wk*>w}0cG$a2$h}5 zov)<5EdwW;6+vXG9SeG)c0ki#(KWt4{vn=k9(`w32l@Ou_MdAj^2luNzjXu^$v(4< zn=k#+j6)u1Tmcp=JKi#$&9Y?);v^AFeDrfG)ky+!x69Hd6T9G|;nvh~v7W41f=eAQ zTIS{=`c=+#X2bc};n5Clor zV45Z+>pEcuFPwT~Efu{r=&)ec>@6kA8J^>)1*XfqE5TEmB6pQ!;~{ z`74FipT8z$qk=Ocxgc*BwD~I+iypny$|RBHDO5@^&mYT`<1!y2rt_9px0ZG%dNo_) zvz_pihc3va)(`;Ij0pN2jt{O0Nt!DnC)Jte6**uD3u{~^-B2PHp1hDaUTtHY>*tdm z!p*T^RddE zJc_>+?J%o&>YoVdD_$GwUmtf5+`k%o9uw1@vHdzF^u58x5lEoD^GOe08aFo^P$JVj z88Xw9n^pUDI%N7y)vUF?g2iBC^jofsOA7`Am1 zGOqFE795l39n?<;;HxiqbcQhO;L1a4cUBn2>omts_@U_4cLO>;X5bnmxp#*0p*YJM z!PYj0%j)%PE!&+z=;&ho>Nalh1DSkR)*Y-Qc=F;A&rE~S5hV|CgETC8d}a7+o10J* zed;WtOcM9colF095fOJIw9_05sCXxOV(sq(~lA1W8^x$f8wdhE1y3`}oQBC`nqJsC;h$)76h zS7jwlgG+vOTUQ!BfRc{a|Sol&;D9V0ED}62G9LowJ0>p#?ddr9P3$pIB)eo`du4nOg<=Ami)>k z^MRuZ3V96L*R3&4zw4W90=@Q_dX(hF)zck%)h&75q>-hAdvGH{KO6rB6uG(&Mt^-` zt#?}WPf8@g3?4WI81i(()PW41?+4O(fcXg@8h{1_j9Dps${*78l2!Uoo%t7e4PfWI za)*dQ=WgyT*`n8wJ_14|L125H0^4N=2#Po$;H-o9gHqyul-xjOzQ|d6V18zK9od>I zYfH}uc{v#MV}Tqh$d48&tx`WoQ$&Q$770=lr_blfi`1_5%X1k{)576FXsGYM?T_+$ zUN9W2Heq(x8aZN*)Itty>1uL;-cgZNJ6d!~5;^60P!6GE1(IpJ3ExT(4Y7mvZY?VV zA*>rygz^;_OZ*8J`dAW4g?zamrz#M&-fS%Oh50{*7|v)b1oK|&Tl!LuHK--dZbHySS@2J8%XlU5Q}_BoSj!(m-q!k>fsjuV=cO{^;parGn0y2a$s&rKWk7d zSNzeONAWyjzf&1}El0{RSDrZ7q9a7bt^hAo+IuX>|Bf1DIl55G1$0JHzb!!XNHMn! zF@0JGF|U8giV}Fe;w*P?n)bk!RCclj-sG|B8?=g}K&EL`B==_n#yfSUiA0`1yo@{Y zbYjDs81Uh{$s~2fu3Jn;>R#xy1761tB*#$4p%fDMS`^d+>ja3k2=N>A2DDy^UxRDnU_PR3Lv7=K zo+3EbX*q^|19jW=;Ra)XKI@FNp~MZC2oYHa`CQuIx=%)-v2BQ$rFjx=NVLBRtq{PBav6__-wz%e2RLNY<9rL2z^Nu!@T1CqoJ z;O5pz+JVnnk*RavH?jthrJG#IW`g1lPnUus1{8kf~lXrh5-^pRgOOs@FmL=pTD6zpunWHYa zD(C&e8ZUrT(Hy>nnkJBabBJ^+fUdGCv)Z)6u-o-D*g$`&u*zu^k_O#p=*Aq@TqNX8 z%-&LP{!5&cHBPSWt14MCDW)%uX-4xTtu{W9W-aEosogwFhV@HP=AVERR51j#jA<7K z0k++5xu2M&LL{Z!XqknlrBsyS?8am0tskf_Q5+N*l7Om--%>hUBANU!F8@TV6JT7r z;F+T#o&O2@5mC+@dO_V~!uty!`K4D0k#LNQ2jaE0=vZE<2+@+L1ST47qwUeLa9S+L zbggM;joG{zf+on?-~_%z?!ODg+7$WjgZdgK@yuh5CUeb%9$zivts&)EJHplMB1%($ zMa3c&kA>*sS-HKWiDmA5mSh&vllw3tv_&68VqdvX=sFRNnOx=!dQW-I0cl2#y|GY$ zIDz&_Y*9u@dIROO*uPT%nf--A*hB4f=__!mgG_mxMtA5CZ5=w(T~l(t95iJ zF{fN`kAg9f=SbiaaDTwX&_B@*m9}q8H&F7R#xUCA0n-zZW`bBdEUX*awlJ%Q_Hs3H z_uMmtyai!pI--ixzzV}|Y{8by`btbrD(EeJ<$9fcsC4Ewr#I5q`fR&bj9cl0%0L8W z#h){o3DuY@BhSx%S9^(KRvJ0EPR^y-zPUji^hTUDwzz1{y#$r;T40bZf$L z!3{Ay@}623q?R;gwLilH$9B|9CLTT+EsF}7BguNsF(eQ6LB6~H7g!7(`#e=`nAiWlnrem;phro( zWKhe4!M4D;fUqsW&5et#N!G?ZZFQQVCPNQlM(XD1?PCdLr#KDm62rgkp^=^dx>8On zHSU^fMcc&24y=yuPBllPzQuo15))oIn{#_LVt?V{m+lD^dT$1}vuA*K5Axx1DIUnWQs5~LO?L0u{2)h7sGTLwG6j`ry=b!g>?phM?cUKk1 zVKC4HHbp6%9A{)`g82H566UabZpFUlbhp}Kh232fXkJW)>r-~!+xCM?B~7T>)4CZK z$@cf@QJVYH0Xh%I+ASGkV83P2^O~9^Xu^n6Qf+YroYl{PaWlwhD2{}31LuYq`icnN zU~2m@YJU(H*!hLf-{sXB_TV^y^p3CyL&$t$9S2Zz})kJ{T$!qY4w}U-MD-p`*ktO~&PK#RD5=;qYmrs!ZtuCC-}p*sr6z zHwm+M!6eGYvu&B*2Lb@|kK2#HRet)z&JE6a*QGL!$)g=9wGKkZ)>d*m%$qDNvW((ZNq z@Bv7P+7oCm6zVPc_;4CAra>U~vnq^1-Jr7%zCfH{I8v`L`aqT=WG}?njr$Fz4=%h9 zBLo=W+x6P*yS6iQY=o@yzo0#< z=AKk|&P~-uqY}Fu=Epg*f3)wkB_)XYKfVy|Z%Jk3$M8Yi0SN7~uKjw2U{@%RZT3tQ z=FD-ZmmX1yS+^K2ho0?Q%?>|zJZ(zGnx(16;MDd1=y|>ohxhS#KE;8Zu|hP~{x0cU zJsRF4hw-G$P99_uPRVD)t||4zvxRk~%Xg+Eps@*;8)4tj+t6KclvSM?Hr08?AeD`vN=a&@5VoK6~ZyAJ@CjsGzBwMFTG)j{SoD!qi zrljaE8bq9n1l&YQNunjq)3Pw@nHr^zkK!fZ#$l^(t`2TB5~aSH$zN z(yMyyc;2HdVZLmXo^D>-HxQ(ZXs1^ar`Mj9x};cDO5_`ahS2Cime*^u^Hf)MDoux( zGDA`TK*!NTnPky~g{H$_j6vwoqwwrCt9R-(yNnv#hJXv6f@{^#tZZ{_IxUJFtk-3k z!a`1(YQ+K<)KS{E<^gu=Mk85xpWR0VJ1F7cTJOYS*&--(;Q(U@(@1r)5o;>+Ja@=I%Dg12IxC~ZV?(%!YI*fBcmO3QcMF!15`zdyvt{fQ1N7{ug`!!RYj1Rlg zrv&9Q3BxWHnVco~^Dw-^5r})%!$QzsfEFYa^?HTnVSX46tHA%V4Fd6^c1iMpbFPrT zw*!p-CR!bh%g_lCc+aEor(ZmI<`0>^6S%hok)$^8DtbLd5w(wS<OS=?gVnj}V=0)2Jn+ypCt$|^6)MZ2o=@h2?#Wq}8u$am_ze390 z`S6|X9|a7sG^Pr#oESG=8k{uoe=13~3G$ZN{NbbsL#yrMU+ib3gJ#Ve#UJ9neDym( zXY)gtvWKll-tE&5nxGty@}W0QQ3|d4!0ui^cQ1A-V9BV33v6;Yqh2^0f_GS=UDLKO zeg(k*gBc51XJ2>$L@~1Iz;gkDG16WR11z2RXM?8gh)e@KsWGHID(@{x11uvtCXo0R zLXwKNT6Dt*e-hzb$xSo7aR^~73-q*u^;g#p#DxCS1z<^bVH}~oEF;Y}k|Ch7=J_VN z)}Bg0SKhCFA;&!Qfw4hE!QxGC;$K%}6@XDPv*gQKRT>t(d8@V?`dQ}9JNyghOGE8t zPir_BrdD^HmkQhSf`xVouZ;cb1kR-Mk%^A8$2lGF6@{5O6ou|$s7+ISs{UK8U%o>+Lno?z%iEXPfP5T1=~$1{{Jz0}!{!$=XY?1B3^vC1L0^|O&Q%i)o* zZo>#WVHpECurS=ei)My)gKaRxsJFjv(fzzYzi{YSD^$EC3a(OlM_aXybS`@TQ70&s z4Oduu}6rH;6+e z-y;-BL23o%z2xfp_P7=geBS#?jSHTF zdKL0+j}Y5itPP-3<46)(MQ#|+Ef|+7AEX@+;xC$DND)xnL#i8GF(U220$6sF>VfXZ zs2}b=f{T#VU1oQe+dARBNpa0>3na~&F2?bjTrAGem6Ts$pV&$jZauk(^2eb#~KMod4OaF=)p?siJjGq0?3R^U{x%eVPV$xmp0{ynnR?f@e?cA5~K$B!mR*REeqeBQi%<# z4xH8azH+zuA}MplZp;~^)zA?uh#`j9cbV^}v?g-Lb>F6FM47lp$I0o>ZVK zDLP9GTe`JefXEP{_^24yid49Y2}(69g$<@AqSXCEV9jGVfa2ONYZ-7nZ_8itz4H4esVd4QZ{&jk|V-*ke}Hj zMH3+Y3s8I#MMnW&5(GQ0D0!A{@B2IkP0V}7Lq5j15XT!X_5D0ut313jU(ad+PG8dH zlK9Ixee823^+Bo7Vv!{JW-+9510zW{FG8c z{4fX*zo9sw9F)s0`-~vQETy5>JvTFI3qYka_w0esb`s&xdX2l*Z*|r-<~hPjm0ZfccRS1OPCm~ht|)S z|HCgqv~DA_#a6ev<{0$gfUqxZU*-J5?Huy{;o_V~T5r!G>%art$0X;$`3743-BKcZ@yY?(vk=K+|f zZuDHaxuFsLB2DvgxNDH{sRz^X5n2?MoeXGFrmQn8jfSWgx{2|=Nyp*W4YcC^=bu=k zoJK)T^naT8>zCJI$wvjCaMqN!_rPpoK4d~>hR0Q$`C8pTUnCP6TOrN+@yzTPm9r|U z>5XXU`sa}GwtBPylV9qG)MpMz9?iPYGezi=7I2zXJ_B?=K`&s3@pyyoz;QGY67I2; zf1kte_Z?|gd}ZE{s?+}HHuhce3mY;DDLQS!dwIH{edrkHzY)_egr1-Nal$0T52ic# z1OHu)K8CH#^LdMHsx>Ng=MEUX)#89K<`R_=j;~x%u9a?~r7IOq8j1wtR}18*AlCq>bCtLw23;Un zeKf-a&Hkbl`#WBHwn*c6)eUR^e_taZEj>0TK=|>a4C|ZM;eWJ7B5&ksVyR-}YGrRB z{2%JIMkbcx_WvO>_P?)KX~23U|4H%do4%Zzj)xPJV^(z3`SV(*O^ZTk>Tg8 zJrstN;m6qc>JA{dows8My2}s9G4)q(*g0toWmeYy>_fxXjbB%(+;b+r*O1jo-?=;Q z<1+Xx#cX(JC-$Ws5pF+Az9(hh&`W=64fR<*w}!2;SFhdRcl?Ey?xmf0B75l#BOJd* zWPg{sx~WrnZgXb%Y&h~Gndq~5M(o&8WPg_%nqz+#8DeCAml>*Kf0r2Yw|-`X?_0Uy zh3{LtfrS66If%pgEI#mOd#?-QWPjHh(qZVn9OPxlMspN<NJeM$#6f zgoA;AqO0MRzE%ZCt|DP-Y}=K99bu=4vq*F5LC1|XMOK`xvFTC-sP2zc;$dCH!;Kq} zj5+r3vW;#9y01r64N(}AO1N;PM#cRbbLML?@!?B4-o8rCP9l!D^H_{1A!%T~;_f@> zVZu}h-Aj3Iq6S5?!4HCQ3Hlk3awfHOB&>ejqg%#G=Tn3Q@yZ<15@R1T*jTi9V* z7Khgv?DTVZoa)-Rn2rL!u$3_>7I&i>^hJRAHj`xFoLX1!fe635gtpGI0d3Wg?bfI$ zzwOydhH&z6X$@O{P&K|wb?9Xw^;5UpRc+FGd3OA)ULc2Id+Ze3gw8i-0XYu00?&>H z_^wFQddo)cAa@#b5OWHrk!IEgtJZhIlYF6 zwCs`Ex5nIk1fnS-i7-XI%=Z4gwY3Azv`zP^G{TZ;iRsvF;1mZ<*$!Tf2okD` zhMr8rzcfWDiVKh2@JM^r``I6}5$()=m@t(Qx zj>ULEdnAB&kAqI@K!;-z4z%bW4C}G^_h__-9FK6Rd*~)gl6Pp$QeoN$YMtEVXn2II z(Ut;W(#juT2<`8Ihl$(4bIt}@P*@y=XBpf}#)De2^nJul2Ib)H=> ztWixLxMaRL%u*WmUe)mboMaMbEhsQm~ z8Z-RI4X8-=M z1bj|wfG$Nmf!kt@?C>q{O*AI9Ok!-lze?!Pa^Kis6SZn(#6bFE{)h4?ne%I*m6Haa4IMCPhwW`#xgH zRBsla(s;@?EhaDIyI$ecX}ly+l@~aCfJO9U*8oFv5{22orWF%$2U_6U?@@!ym;v@|>H+2=coN#0ZMJ8^m_S zJj=y)QWy)iXVqWki z=6<2JIk<5`d=;e>W^dKWk620a4eTJ)#l&CCQ#w)N5dNH&%eJt5p^eh(gPXARh#Rhw zuH&`5MWP5h==jcO+OFdzX_BP!cK@v3ZhwW>tem>P;=d{D**)>e>t`#I6-wprv){ zKG(x?miOVljO|f-pthvX7Cvj}y2flyN+6`;dtm>2W4^?q3453%z3ExU@__y)Ehp$( z12axYNG&4o5*OVmlG4%%Wyc{98Hc>7&>|x@CVw}Eh>m`?-Yx6MnKltR_5V=zj?bA! z@3wBo)*ItZI<{@wwr#7Uj&0kvla6iMw(a!kU1y!D^IISGUc2gK<;~Jo~ zd2;ShWcfR>>F@B7cel(7-I#J)K5g-x{3Mpi1&wID^k^K>)`%$nC)0alC&riAgY9WH@{S#$=P?!@I=BNqclcQ?emaVk4j=b=)+P=t<)=fTTWp|Qm zqHmu#xy82%dqw@~2M^c5$3HLX=xcdZ2D`(;{7>3W7}uXYyQ?u7;6}plMOk)93p~@8 zzi?9aFDwQs&-tE~-$XC39s|5zO|$O8iQL%nZt66v9@~!sze&1Gy5=_8wbm~v!20!} zp=;5RJND{;uv9*Ec}N(KR4VuZZ`g|H3eqD)l1tN?BVU7qs-^pK;O`vZX~)7!ByMR>KDOvSdVPR7hqN> zyT#Pa{Kd`yl{Z25D~R$NQu?6ZR6;!u7KrK z$%1IlcG-i!PT%euTD-pU3wK{_LpOI1M_foo=D({(e3QLfYkqVcW2+6$Tl6gy9tj?M z$8bd!UR$ZVzL8*DhSZMT+%4G~uqqH#uU9Xs%39G|4_Z2Q@KhnQ;~S@2as`BVhg&>I zh&FeL98^EwVl3$;fR#ORCQ}UDAbZ;T(`PUR<77C2;1z)2&xK(V{l=LKYBxfmL&G%o z*NFP95gAv@S&Q0+q{7;Zva&z;@ zdungNAsvJRpH?a}=R4xf+KBC7Z%nUI%gOcH0}!Vp=v{4(xGdb-U9hNa26wN(p*un+ zJ#;GRJsweo?F7))R6ij!k~eXK?$$Z|4-7o=`pJ36t8OFxpUfpycwqkOmU9Dd-Zc%s zy)S&dwtSl)KPRu?w1K}0cNoKeU&4$d3Lu@sqan%^SRM$r1v=GP9?)@beQPPG1r*F^ zg<;_^m@H|29_< z%)6;pS-w=P&}c^m&_ily_E${S^yxSDk1p4N=_}p%mHzTTJn1NN*_#l`GKmV~A9zct zaE!&M+@|MLXQQjM@E6@HoyD`{+O}%dw6x>L!9Jn2oi<>-@wu~mt;}ZY_@%I@(m__w z(K*p~;m7TvW{SZ+_lLbuZZqJ`2s2}-T0_bc!r3<;#;Rncr(i!nM$suOD=|Y_mD|J^ zRHJI0klWkkJt%^-fM(lAwO)$OI0Wv5S{A{kw5?Zj9efPYqA%0x?O@2dXPDUJY#mSG z1%`R3d<5HQo|@qSb}|^^xBzsaU?wiA>Zf!X{Jo+`Ios`aNnX4lLLVOGb1yl*K(hxj zW*GfEA<`b89%*6-#3fR^P7;rXvLZ85eJiV{B2xDYb*R#+fpC>%Kzm@%Xr@y;7}_Cm z#{Q`zb=3DoY3-(E-1h~nVMiASIR7|NAk0^~Ep|Si8gKQB+p@hoYq7fa=hG>*WY;^@ zyyY(_%iwKEt#bGH_s6B8g(o{DU43CLVSQ;XWqnK^oT&zVOwzAk%KESb_+00HkLS zDgCH4006DkAW1hS)PU>G4$>4sv|p(fPX*A9dR>iJB|0A-L2GVtvl74Hs8-%6Z&`NC zk^^p(FK|gT|80Lcz9s|bBK^l0e8~NK_x1N}#(3xRy_oq&3Xz>SX8(l@fq8ali+s3tfN}PXI{henlr50C zEvo@RT)W0SH{9#GJvrR#hCOb!P1^x?+ct5HHg%U!n>KlGBsk`s#(iIE{JOm`AgPDK zDyP*@8ak5Zoe!k6xU{*fF>YX^W2xVwKI19UvwD;0fWN_CsSp)?3as$=z&XUfyJ1rE z&6!#m8{9!!PbDoWW{@9oezEk6rEC>~kjnzh>W~5cr&f?_%0dA;GE7D6kO5W?qYAM& zb}ujR75(~UEBvc_NKk{T2KT1|Kl>Gyv0z`+UqipTz^p{=EiA$mW?SX2mTse8Kb9iM zSkDRYp&?WQ(wSH|4Je+o2qea2>hDIk^YQyHiOc4A6^-Cu2Yd!kiI|W#Ws91k$&v*@ zk_caTh%dxI1AVMCR?n9T4m&=GR^lO~M6I+JcRDJ^_^U+CL}`;j16h&Jps&=%wEEr{ z$fsD7kU^zI4&pxq>g2Zu;xNLRLYC$PEJ*f=^WY!ojQYrB>hzpA4r7%7l%>xCMVecv zORna@OWy(%t0ZLDRCGp`AtniDNuv@oBm(%V#EMhCh5SaV>O2U)(5w_@CX-Yx&(_MH z#Y(Fp`U;AnpDwesqK=cg%;ami@JKh&Vq~tdnLtq*5v^)~C=*QPl@caIqA!GP8%+a>l?W5iU4o;F>FmC@AyTA_3}c&>$=v)Mc9g({Jbp!t(Ly5PsbdbTt}=~ z@$)YzUz*=p{mez0x(l-nYyNauZo8U1;^Dc7x%r0yUM*tO0d?)(@XgiVb-8TSIBw!% zA)!!UR=M0bPMP5@7p@10BAa~*i@^20m}{WgR=;JtgH{bU`q-~+|0Ruq-7o%_D9YET z_X0py9>`WY3IzI79?oSfq6`jpI3y%>(?HavmUYGj4z5T*G(aw+7?6XGV2h8hHo)gc zVyR3rG3lWapRuaGv{&a>Th<3~q|^K~p_C|9$v4l8ZP^fwDFsbvTlI!jZ9o25VXK=< z;V50(hfFGeeb0-@YPb|ro&x;i9cb4$Cy_*plTnqxnS)I{c|VEPC*>FrW-E)k&AI?H z&l=6&-oed~d)@9dy9OD|8!~Ou8<}vp%t?FIY$& zE}x10JP%W+bny_EGj~{7CLbu{1NUYn0IO9$KTBpguPv%iR-w{r@*qG+Nnz-j{DQFB zMhRqhDU z$_~L=weZ%CwkL1KEw{~gD~Y0?u)q&xPEEaQVD6+x^fHHsvcMXlDX2jOWj%p;%mCF6 z?k#x$Uxsn};?JobY5ffMk20MVbE!TF~JiZ2ceD}+i9~Qr{H{1q3d*H#av_sd?DNWgrAZZinkZiFFb7OBHHY#z=I zP2PxI@8_4g1Fvrc?k!n%*^ME=_Q=#L^Ya1oW&ph-b$6ewOh0fkf?E^k+97*DWRev}hXtOGX9YDJlt#gBiDA^_Aq_%Kgaycr<2sV zlbHLiCM$Gj6v9JZ&wpo3^|kAAgy4wJn_?#*_Au~OgD*<{5bBOnSIRG0zu)|R=C1t{ z5UNRw7g5T)q(^;)= zrhznKkWLw`MQ6+)l^S2ISZ7#`ntBaqXk?kH*(Q5_(tBLBO3%_9H_5I=5vGpJG>+Ap z{ccIZu(BP~+EUbZf1CB%M6i0n&Q}sU1nHt2r&9`Or68@URIVf0YQej8wlog-vvQGN zC$t@cpn{7bv?=9oP1<#ZJEj1omLp7+INvkuMx9Y*QSw)l@{ygMbn2eqerDQ`llJub zk*9;b!(-2=k*(@MvOO{1u;h%8gchT0wIABZaeivj-ZVFok#&jXVwGr`VlL={@ZZ{EB zKl|_dO;|S7#75NpmNfBXA}Jv4?~VAdsztWznsJMWdm91K8LCj$ci_X-d;J%}fg9vf zjO?NhbU78gZWUa^29$;k1S9hYrVP|6+mCsAdazwo7TRs2Bd%W2x5u*h4$s`2VLbcp z>9E2!sWH_sJr;C}lplkT&=x;5Z7@NAL8%a|b(LfHpcVUc71|&jn?bsE{dDYxsm8ct zFss`nt12WXqdz5Q?IpmRp`u0Fibw?#s%l(q|(x-gthLy*QoO;moQ)~pQYtXi=w_Ct7KU*(3;Bgs{ z$H!r%<W7$%2E+Als6KED{~TcgJ%fB)^UOJ}1lODAY$eF(J7ZPS zec|!;Snf@>z?$FH|2D;1dYGYX4C(8?&EKQ91N(*l0>tPjKYq~tkLGVVPiIR@=l^&3 zj#l&1&_2Tc>qA0*f{e(5P%M>~V&$r%b*to`oE!56 zd3|RL(@hcl^6p50_^RmtQ9KOh>kWg1lXh>6qo0x$3eQ8cCkU1*`HBvvpL`qVUn}|Q z3bqq>n+b_{;V~G?d{@TuLK_Z@Up1beQRK%TK}~S);YoUw^qiD9W8^oxvn~Hj@-H=o zpTT;K@jrmfVZF`rKSAisJLurjTfE~1;ho3c#vy=(OVYtdVbEzPq)0b+n`CB3uh&q- zi$qU%^jE@+L|yS3@Db)U)T+4NHoa=m8ipHFk)FnHerbBt3J%DYZiRU*S~kO(LlZ&; zJi8%2xwVn)$IGSSMkBh4LVN=3$=Ad;v^v@G2$hlPV@>AY0+Q)$8kG)OLRo83DK0kF z34rG@!)#A;F{cSO1YgH+?Ir~R(}?eq$E~I{&B~zL?-F3x+Y)Aj7#j20G8^@G^@iLl z<_M*uFmC1mHLJ{IX{mM72ymYfIJNzAd}{7ejZw`r?*Oxwbz?QAY?)Xl^Cy&V>p036 zGv{Z!fI$yB@wk>328^i)%F~TrBv?!sk8|7>MXlBJNjMfabEiUDwPmTxCT&1^J>zzZ z=r4(;qN>N!Hdd?FL9+WXlWti(lhDsa^HS7vD)S|7(YOp+?GX31a3Sr14^5YJ>}}GU z_OMZct;D*rb(ts!~!p~q;39!WNV z@o~)Q=*uRHiMY1FUo|b{5eO~4ufumHR)f=Xp(%Mpw7-knK;!kO&7;@wvj2Q~uw_cE6T1e>WTP5qE1z>2oyp|W zIjia#5?QZE#!k%}Hy$X4Joum|}d#LQHNg#m12B-omgHC%vYfrpK?bLQEs!_EbGc>M)opb#w#m!9ix7e*?eYlZ7qq^oFtWgRCl4+Ejp{IPTG0st;%Lu z&e_+xU4`F3XaW`+TbU!Zk?e59ik~hkDcrjc{{XhGNQ@}4SnYu5qRJX21$GjzUKuYV z3|EhK;N!PLl#rPnTj~=1pE;^yPnqzlL5+mB<@2)`bjqn%q!V4Z2~vATTrTSzRcf=V zG0Za}dNQ@U_MIR8v3UT(_R!ay;6pPdhRgnFx~R6gtzbn=w>F1FIL=R4z4QJlx=T01 zSU6+4&Ha8ooneg@0KH(A3&DHjBOCb9GO-?Pk4|Qij+_;gX@G+(1#*s%ECq75kSfJ2 zYcOekZwh5n2*UwvX|FF^}wt7yLXoLs3!A0#B-g=LGNmD~fvm z1plss>`$)f`}JNnEnZm1A~Ouq7s*BEA~J_`qhH}y3Ta|h;)Z-inWgnjY{<$@zK0a> z_xlTFRR|&$PNI3rl2T(=s&shk@);Vg5}fxd06c;87i`;J)bmoC50-$Ks!^4?lD`sn z-GLmzC-~d0pdj8^i{uJ{xEgt4hz{X=64jJa_`_fvqdme@vC(qA3|03O^+6S-gJNOH6q97fikdaQv2RmTQt0kf zXv-H<6%*w%wU=D&RDGhijVZijTz_|l>T4S6y?wZLyYXF$Bq(UD9%-HCl`KB7;|H#3 zJdli^RI3Pl+j+&@@y*!%64cbXw&+M9A?t{?N2(EvXqZs7_efGJJM&b*6L?$DU_yq+ z8<;o8&CC%Vf)9AWcK7ZC1=bo->S^y1t30CgW6eJ@6mh3qY#xV3G)YW7B)+M@!WvPhNG9N&gbHCRKH0 z>IIO+uuK&+WbV;$|ELbH))DpgyiLN+TK7R)ih$-6i6*iF8U+){Ifo@jlsSi~MsREq zPAd#rN%BN9Llxy3b5xqkCYnPMWC(t_IpG*t$F~0Js@6(YJMw|#5aIR!(0-SMG?WXdd<9nwSVAn&yJH!8P<;d4vsAeo@V8V!Bc0k9gPC#E zQD(N#tYw|vz5J-_)OrB-Ucz}`jC3}0pu177o?_qP#WUN@z07abSoSM~Cr36BO@%?I z3__X`63=9qrIebZA7`YYiZk5Nr4MLRRN2F*$8!%;cC0NME+h)V6h+X(Z1xbY8srxN zZWmkzY0$bjmXx7A5s~18u|_x#YB}axU?@7ageBsjRrh0HhE-Xhb__u-X|2?^;~y#i zRQE@scUl@%?bWyB0Cu!Hz;6y2wxv+(qbjO6YbwgC+;6}bW!QAJUy~iXygWsnaOup5 zbqBL&6rm#>thDXE@1b|p2UydM*oQ8nslJZOD~y#MBy#Z;A1rX$Ax}=18{Q#OiE4C4 zFSq7*1v(FAwAMcYtBSNVP9j*^h_;qQ`1M!~WpXVYHw1{3n=mevo`LGCn0ow|=c=l!jB1YNo8oN)jXPu@ps?{MO(+QH{wflRz(F8D?;~n)S)-}LN^ohc zpTCgf{sQSLQwMSb?K^ubBr1iQucDZ*WdF+9Tjjbp2K~&>);rvK@p;KQ;W^8#(z@SG zY}l3m+))va53M6M=&Wkh=Q5DWST5^|AtR~@URUVhaPac>^i9QSzyES{_tnGc@$+&p zdBR%)x+G;W(~73h4ATfT#nJ>*P7<2LX)U1GteTQlnMA;W{C7}BdQcE=unuG9vVC;f z8;=j^YpV>YOR>|jkjzx&dIA1|)5Jv35p%V*TW`Uiyb-#K2Qf8y`6LIdO|SJ)oaNu( z>ed@c;O+s>faekmRxO>Jg(>QD9kDp6BNkTX;*1au?o>PLISPr}f7z~}#?H<$>cv0I ziiUggxDOA1%FS7S5mXzg4AG7q!etws5%u2E%Fbv*Digc!ue!vl5JgYXo@KaJ*q)## zPEOI<)(X9;8uTkQfRV2@-*2$!p3ASc6B$2qZlC5hnNgl+?uTcWswdRUI zF>VmP({ef(RIn9e9}3VO3?_W!f!x z%!oJd;n@X4YRqjpavds-Rf?cSPU@^oByDO>UK%3zuu)*~Xn;dU0P|^Tebvv%tNFaI}b$Oocg)P5NkIu%IAdV5QgD$}S zUw13C&hXY27&R-R=gArc(u5eBjUhcsjrWEittFNvblOz%9f@RLIkk4Fi1dm^r*P3F zJhbbAtM$Ruf`gt!r-t;VD0m2<_14!#eYAHnN;O{-f_7^_ZiOb1bFQMqSxOf=s?*dl zfBMXYnGkKAKd+XU`kMT9RE};P#?=j=uQNkp4j?DVsHPW_ks~Y3Arj}8j+>jjae4ez ztvZ|vHaEx*3j?($#*Dbf@KSq6Py`v>c{1rhfMz^k-blfd+uXD#;mF&+@WYmrFL~5h zBA!6u0lMactzWUmYj^*hZf>RkG0*}%h19EQ%>tBq-#~Uim|v`+z5rLA7d-M05z?NM zDEso>HYg$hAmIokT%~CrxCEi%LTvadW)3njP!PWas<- zGkf)WW?o*wBAhSO8`q!wRu;;dVBoLwKXmLp&biv#vTA%UrpPDY<5pD^l=i5N_EeCb z_;F2dzFWQjnOiB_rRW|u{SrBu(nlBMidNXmaZ@rp_a~J3aQ=>m1905dL+3?A(Gz+R zsl@BLOXv%++;4>MqZ_oRK58dSnWIZox9K2VwqJ?9w$nR4ru(N(O{erz4V1zrWg*d^tey~3UOzkUmjSbYbS zo(6Nj0W`h3H8zbs{!16AFosb=Jc9(gXB+mB6B?*M&SX*vZU8|)#5$s49$Q30Ug$&$ zDdZZi$JpBQxQG03U6gZy`dxw^x;mit-0GXCEjEdboXhM2fdw3w69-A*0bDlesuzr9 zrxi-ge?L#Q z!zT)ZCc>kGI@(YNW5Wi4mPde!uqY*nnX5 z#uiHS+6h2m9L2>CD4`*y6owg)MyR%t)ns_k1=ye=jEZ^^(X+!jsU{6z$|T7o6BsGldZo#_t@f=!s~ef&4$R3*$jql{ zWJ+gpb9uPy8Jy3E$o*FrRX;pC=&euG-_1G`GW9tLXF1eHQ+c^>rq>6J&1!umbO#wb1`y7nKZ(5T)>&7;L|oSxT{67}!YAO=bD zb83&#aurLn^_c=-vAMa;Q+3{e(5&`L#jITy<7p~v&Nqd_ z9nZ%yIbn3|6BBY{W9DUF8rj0Gi&*Yu-YSS-;8^+-978{)0y)OFrnQQkBh|B`+zY&F z!vrxfYOiT5Tq_-i8<}Sq=>=`FpM=Urf*jVU8SANIFiDo=4W)r!V|MrX{zn|no;FJ* zDRDa!cIB6EQp4wP-yzrIRE&D*O6FsjTH|8LC{TM3?qR1>j`mTXD+ z5vtq%d9Jb*e;|tTe0H*ARE7?Gm+73DbdS?b3bn1wpvu25(ZaGOO~61!&qOH?vfNCc zt9py|(!t<-PFrWAi-Kbd7li1!WWBfg*&Y5J$LYaV8lG@mP}vS=ve~cR7;N<;dR0n7 zhx1O|2IrWQB*2kWeVS`_age$M_%w-kH_4_`Kvx0<4SA=vC^@0*vs7YNx8&J1BU~d^ z^R2D-NWZ5}odd=RIR3VqJyWKu+NI5(CZ#b>&)VVeP`42VEyu=3<-CLWip0^n6gROy zSg(60pC0}F?spA%-R65AuY$Y7NX5AP{Y}BjSg8$!{w?2yVDh)EJ$?oT4i;gRhHqQ^ zv;4P$Z|gn-8XoYv+)mf-U}Jv;;Q0%FK5$>SR$p>*-mlRmUs|UN-DL?o*+A5Uyk)*z(X= zV=y^l?mfFlN8BLg6^z~@uv9`wPZfUrkq{ToinR$WX}LZZkqu7l3BZuE-SY3Y%@02D z5AN-6yiZQ`qo<&z);IaMpp_wJN30DjXe z$p4v5`Gpy;KGzl=@}}Ve_Hj+BeDkvb@q*2LV0_!x^nhIClM>9MnCy2;#TJ`4Kz>0; z%QE~}*GxPx3y9=oHmX92+DzD`2xhC2j}TQJCv@)y>+mf}Om?znQsD!P#$Dx~ulWK+ z1(%bM@6%Zg;ujWnF@=oqZF2v7YW}16wQN z-RFIFSHg@?9XCl4e5Kv&=$Y&#;e|wEFHX&|`iouV_B`NUoqI4!mT}BJ z$J67laknIQlej*ymHtmYeX%#;( zcYdCLo^O|tor(!;;p_C7wuDvnS$c~pw#Gj2ER-&!YI>(o3#*=5o{Am#RHTvBq`l(R zk8wJk^U-(Xq~Dsp=Qw}HE}c})i04vaJ1`6%vu_J|paM3uFguST*ka=I&O-%Li`4) z>p(+yufkO8CB1r;+mEaSED4ywi|MV7`NSGoI_op_Mri3IUDp$I{hF;%uzVaQo}aht zb*Pq*eWJz zM)5scI2&&U(K*s0?^`tmy28#sI@ODIcu~jkrI%Ly_O?wM^VFI^ zPmV`%<9Eca_-@?_l|?VkuU}vya(lBd@C3)kndm1#@h*HzvZ`GkesEz0{%lNKxcP$Q z6S_9>MtQ>SLX9gum`?T)I7_FW>&G-fiN z@&iIU?kDC(5`ZEpvKsnqNLxFuMdFA{vc&Rdc6hr0_5N2tTgv-+BAuV0f#iNdvxxrS zgx_t$Cs_CUzSB*5q9x$pP(97rIJ3R;J?;LyHYV@q_l58qWb@e&pbYD_TNIGZaa6bj z2P|YhwConZ$VK!V@ z@04eTTEa+B5LUgjZ9Ijgkfxz_FLrc7;@CyYRaR%N#uA0t zR4j;=$!JCxz%xKeoXk&_-(30<1-=rNK1uxw(`RRjym{vXqq=JAK+* zS!}-HBlsby#e(rI6}6q@=`&4`^GvxvBxhSpPO4w$?(Q)w@;N6`%3&nsfh)Tpm>+b( zlh)T&X(9|&X|(J*=oC+O`2ZoT#;Hk6XLF^=#UC|_cIZilPc%W2V;-$lEJ4fzV0hKS z9@bwKPi?|v##T#CMecSFugIHVPh5=);syBQbD9yBSWo?{^VyQnlr+E9(o=i-*Ycg}9S&sr;00AqUn5lr=L#;CF2W#H z9ThSR@ad&jAgI248=tml9!(0RWwt$zlVF_Q{4p+q{VpY{RkbtF-L$iG-v?f56(hnr z#PC>{k=I1snMh?6MQJqUpHcPk<3lydas2#82jCox&tMa1efp!)vRAKkMEn^E5gvMH zOV;PA5bo^nhTUYGwQjmgx-=4w?-#cCN_l=y^+ z3o&87pKP=s+O~ph^*Sp>--JDH^^wHP6KnP=lah>AcDRVF+Ik1O{W|68$?GC)_%MfOLoI-=kag1?sRliXt!bVE7Lym2z>`U-^olmlV`!2D&bgFEzonuWEBg=Sb}%rhsApqzqq)YlLE zep>YK7@Z~^^%!@5P&&Zo5fz_rXl$+skJL|j4aJ1etWY(GzR%oIBVh5HrE8y z!d!AxVQ`yAhn*aN_tUF%P>;+jJI!YtaCaBVVNxkk-CLHHIz6W$DS_rH#8Kz4QWxJ#o$?}AF{Vi?P$A}R&u{oNC9J#s8 zm3#9K&~9t+>h~^L;Se*OaZ$`p*)F^EPZ~q06W$KRJ`W%GmZ^(KT{8 zZUo~oNrxmG zJ8<;`??*VPAHHWlcaf(B#9yfuv0<4u!?|T40Pe-v z7Bq5x@Yib9A-A=Y?EAmb+IN=(yj1=zS}6W29Qr@%yW)T7yS0moI{LTV@ig&(EE71H zz)uDqKtg)Z9wA7^?Kqf!!Vk|p0m4lgy99p|vS}GD3+Y@H>*kb->Uk;4K8$1xFj`bJ z%<2h(nqupAmoxgWBjdOC;+`tq#rJHl8TdrQfVQ9JI~_OMAKoV$AD6uRA2Ueypc>JY zLs+7dky?XYWdj-4Bwy{f47wycjW!@x2Ad&AVQSavt`jUmKuiq^HzPk}!*|ERpn* zy6Gk0^<59F^;8ZnoIJ;(Q@372aCck|qJDET*^nfdN#!}MC>{tB<3$b+NMYJFnD0vr~XuTW>T-m;P1 zM2*c(UM+gkPZ{6EWnc*L8O5Hl!^^zYrD$34Ota2)?*C#dBNv~Am4|4kxWjB1XVK#v1#1ObrK5avSE}al$&uWdePJ*ILa3b zDna4l*beHjwrY+zGA_ zGIu6XhVg$|fXwK(%>NOIA(m-=hrboJtA*GhzTLZGdcZ3$Z z^(8(vy4Xm8J_ESn=VF~%lh-?LXLXLmFqzkR#h)s&&E&L*irsXhj3(PC-2_SDwHMS> zN|slvUBZtmKCz66Dudgh9S z?=C)|(If8ha;*|rjdteJ8^Pt8HqMNJd#%!eHeBmcpjTkOQf<5=Z)oA_j%I^7kp-f_ zpT0(IUeMxoYa>@SIR`+$-YZjqF%D;W`%HMa1l2s&H73IkLV=Z|8k-4>hx(@f zwMt`~2#ui2K+|-Enz^z^6sfMXEUQ|p*Q&L!F08LlmQ8-z3lDYo?pq?Lk~Ruuckyn# zFT+h{U&A`=!VjamE$A?Q+0uG@s%>Q#-*HShBMlUp7_0ESUeO%;ko2!}pQKuK`*KIS zw|QJC@E+eK`J8c2n#^PEr|xcP>&!S1eaA%^$|BYRw-FDRhKDCte+vxoHq)uj$ST+T z)?L4ZYe0&|k~}tCPBJv6JVKsPX2cdwhdGuUx}se*GfEMw+#=lL8s)`!AQuHjAd5iD zB~8%vpXpL&hLWlqp@aLu`LkKSewSyxG=Caj>^;bwuZFj6kF<)NLll#Hpc?^1)oCus zYV@RjLa-0dO_Fc542anjBr&p8Vs%(j+D-%{I)DRL@*sp)b~}L;csMKM?ZXODrLPaC zmeeM}S0zH@=mH)YX?l||>RAZtGA9@zbF&d_=+lTu|9nf- zH32&5C#7jdAXQk1n~ic!YI*XB2JoFS%V?j9M?_^4#T#iIo5sbaqN2wWAN@(y+S`9+ zue|pD=_$)8EHd}A%eOy*!o7l!Vi$ebGr1#&6t%W5*162+q;?or=8CiAP8LowPR*GC zDR!7I^MUt+j$oEGh=5>*qQGYl(&?H>#Jpts}q&5-2|ySQS^tKCqk;nt$SMIgvMx& zPBaXS`3J(i59zk?l%BC|NqW5`{yo?8F4Sr)?&ZB@T3dMGYcG*`+?xKV$(31j$E%L; zMD}JSnsi-ikY&|_=;?l9q9YXzH#zSG4HxTmJ?vHrl;juySAFmoLlFKpM&>Fyg_}=5 zua4cLl-m(Oq{(%tgKre}{S^iVw36M|O5F?<-uLPufp}#$C{J(Kp&h9kY(V}yi`gbw z+2Z@FG}m_o)O)k*=8#zTe)NalnW;6iyLdmf@=a{Lk*0s3sdXX+$JZC5ZVC)#D!t z@J%O72I@m75a*odMgI!As2+_~vi$MkeSSx<9LtQ#Z1rw_C8nwCrJLa|XvB%3=Z<4K zNgB_QfZmv|HSE!mY>Ecq{#+a?LzZ^du$~UE3Gw%ZNWjuD^=#Tg?H@u-=&?km8~dq~ z5nC4zy@Im$i)d3INcJze&={d#d&MxG8t>Ma+U4ZMxsjKgy1Q9uYB~_QGPzNltF)eG z$IrfRk9`!<@#J`Y!*d!6){ZZ#%xSwQB$JvWSDD$qAspo1_L$*doaw-bU)%htyf9r- zZ;`}0S5Mn6@7G_MzHiM3I-V@0ZULN$Vx6i(0BI^!yUdsssdbW0jY)Nas}y81Jf&u> zNniqX61?)e8k_1no6hf8*p!ib<=x+}p`X8U8?2NXG{ua;p!6jpp<1aJlfJ5N$|$NvTW&!_j{fFcRYzl8`XjQ>MX#s7MG zE4tddn3^a!S=zZ6{wve@{|{>FmM*wU=-+xYmL{eFrnp1l*5p$CM$&9#Fm3)c2GodH z0oj9&>jIWcDI+ZaO{RGYxZon`ykJmUOE_7$Bwka>AXzs_+&mgWn&M*Wt+Q=E-cmm; zM3%2>3mWQ(%QWZ9)+wJC-xsf!?vKayzd5|{1~A{6F*Am_NGJPT1X_+hoZ`7JdvI-i zPy}|5dy#FD8JR}|v^d=)6DuEW4-*Y%)J$DVp|$(gINddSZ1i?7`GB3c*pK435|*8W zV?+e^cL&UF+Qbf@v_P+-cJ-1M%hSYfUrYSi+q@7kKAOQNJ#X>%Q1HzGKAr&auGg9> zp5p;f9=d&~E)O9aKDxSGv}F14^itEusF14Pz+^L-ffp8@%DuRd8|zp9kOA0#Np^{1 zS?PSYD>mcMxr8uM?X2b$i5mSHg?c+-^OfP2=VqWb5oW9Hsbbl9xOtUEXECqY)2b0O z_b(#b3nwPn3SC1rl5`1evHo?FL1r^-N&RvKFqwVTlCoV*6zRb#RWu8W z&7$21k`LK+JzVKD-Sj;^=H|K6$V?+{Y}WnEC>5FG>4FKIh+_1V8rc#^?I;vtE|V6K z#DRgPneLsa7LwEXcbR#nkCkF080nVqU<&^gcA4ug0T_;*12Lnz;*tGlK`);Y;!RWd zOiwx3U^H)FN5OFzIx!-`jHQR(0Gx^i8Mq1xUa%-aHYX|geD?;^h7zT*yZbQCn8u<7 z&OnRi(#T&qz;Y@!7K1YEgM35yBYb)XhO;^eyG{W^>E0l5XF=B;Y)(dm(zryioN^kW zv-+mYD93P#w+U!|sk%Y)*(HGxqn$+su#xh&$W& zv`9~Tq?`*<6FGDEw@Z!~SD}#%JJopnsNi%$KX&nS`C@reG3~sYAr@oJ{jes{w#iP*0T|8SF?I{B_&b^!Yl|$ZSZd0Sbvy>9yKvf4wj`Iy z4k8@)`MH(E$)bYejI^xnO(jZ~6pGo~f|%4gp%Ky3gkvM%M7_|!1eabP3b1y+EM&!{ zGlt!zGo0W|1E!)jm&whwGnn9FH7NG%6=r++RvE}YFoTX$g3ACKowyBCdDSb4K1z2g zbIGt@|Glf)k~{V0fV4g*<}}!>4_!dZ)neEYW9?8KgXTu@8X3NLD-G=F=jNIx@8HgNK4T!4Z{*I|EAMySUhKcH zxt<%iU^M7Bek6odF13(GP115T!##Kg46CLYUv zd^kYKVHA$M)8%koDKOoT*$^E%yR4BtemW|OMEP)PPWz|tx<>)Jge!-jZW>79pTn}l z=$q@UHnRyPjQBA+Ts~UJgmN8S9_xGU_D9yE?eqvur3GBB;!RcgOAKscE0}z}bA2Fg z)Lc?Weq&>NvTaH7B@mlY8HL#PCT7%VEiVs6HFX28jGmTfI&6_}LO7EiW#eoztGMR7A!KswLP@hx?)HI~K4ls;M= z)ltb{UlE%2dLf_24Xhz++w&@LiD#$fOPo16SPPCd!k!*@b10Om_UBa*lUC&&=%3&d%<$i>IITRO#m8x8ph|11?0Er9N1{R(FGUmJ(&1H)kfUDct6q zx>jY@fTx&(Xt+@`ep%01Yp+FL1 zHcjwq!7YfYQL)2=F2Qs*gHnzQFY{lOsuPc_&>;%G&(^A+ITSQ_ zFbx|tu!`Y;6JvNDp$hmw$4(J{nR(<5AxhR-vh;4Es`17eBB^G!!eq#=cP2R5UlNa` zh#6Vf=ueJ2)|nqrfo?Wo$}>(xuE>~8LH*K{T#=jYB_R*x7&Jj)OxjX2DBk3=v|l1~ z03Vvn)0NQJHSGq;F*P(X$yA}>H5r_`a(4o5c1%}ZYFlS;lm_y$&w?I{)v1cuGLPfQ zYOJa6eB+~eQf+K{MUSy!dR_j+KSW-9|sW%#l1X~^#X{L|a7bAz0ZE4<@*gsp!ZKez# zc&)Mirt>7$r!HyAbne&1Y;Cion~qaNIEF)ynbVKG=EMw=)JX6ZDM~)oo=)jcO@%E+ zHe)ds<(_PWbkoNplj%F=rgx5ck)VOYvGkZXw*&d%HspwmnC3@sU$8E5#+5{;uT+x}sCOb=axuI`hrXNBo@%01jBi#yM(ZX> zoto5`Ys`mML=kMFXi;I==V|v`viIH@Hrt%3%hZnYE(LZKUlKIzg!fz$3lQ1tL)Wg-K`YaYs|qLl;QnHY*w7cPz=VA#0Lkc-!=%O$A%W@|0j+-vz=p zoA$&!d)XHA%J%8h=P9o+yrhk1OAGo5wV@9;Otql#fg2l5eL^}pjcmi;GLrg;9X;ww z`Pv`!*h((=>)>xMC#jDUb3iXMiH^^5MtWb6RJ35s?cLo%Ysw3I^hbJ z&?h9~v-2J@(q@IeC_Cx3m8wG=l?o-39MuU+hFot7x=G#zJ-5Txg@f<4*6@&cd7HaK zYK%w#`#gaMS?lk>{2-%q^#OqKRr(&FP|ivfW% z&bMZCKW%kyXLrZlF!63V!!p?RK_DbkA#J3_z`fAB$!lf(b3yw=l9$2YR;)Ln`X)iK z!vy=R><-PBb89|gvh3~}?GxIj7wURS^c(MWHI}z2eV$z%eAB!sdk(YStzZlNM&nI~ zq`TC?m^Ull-`0PAJ8zRyjQ`=cFt5Cnua{vHQ9N?%ZVJ1jsqOWs`GhFhy>{ zJn0}QJ{7_K4Q;~T0?qVO9hzB^y_-|B`Zw&rRe?kvoB6Uy69=}@rQH{;+a2FFKFmXr z$|lo@$#G*j$HWOIs3>sPQ%M3F?RrA7Nj@71MFjT-5mQg%;|LR0PwFN4Fug)QbB91o z8g-LqDS$fN=rRLpyML4s)g}$yOaa<6v_Op+LB46<^KCN$XJsTr-YB&4(HZ-t@xOon zvepQz)hIBzT;&~^3O9~k_^RTv(}SEFVwXkT`hzyPgq+ZhJn18%hmnCsJSuB&=$U zv{^p0B%LB%$VknQqmx--^{+EVOF9vpL|dG5Z*J_m?Njx+e9;b5<>s(30iL&gjP)Wt z{x=dngp;Fiw+Qgy#zmJXKNlxaIbBB-*o)biaJsCNX^TQXXk3OfN%>8HEz0a_v>(-{ z*A=N_v@aOC`iM|s->^i&}#o+0)Jbd*ks12^Dg@_9hDct1lnOsX)--7eG@&%qgbqO%Nh&O*+~LV=<2Ln z4{qVgwBEUt($RSzeH(c@Ba5>q66Q$+>04mIKNPkoA!_jrYx&UtiW6)Bo!r?RvV<841-e(E=~ z<+Q4dqS~0#d_MkGqdMLkMK5;L%bset&MbUh=7duu;>l{taSz61L_7j6zMa$x_pq)P zFgV#&gb`i}6|H!pZeHWwr{^cj{Z!=PRSUw*_-Ds-r~_w4E~TDq|a2(OE9Q&%ad`!idB>$jSwoyFNStnHM^X2b6JJlLubdJiUCAfNXev?3CZenV58Z-mQ~X_CYVMJbP7c zdv9I@(_{76Mg$c_nc+u95#|P>d|elc#t%Y^48$=}y_;RKv!$s-o{wTX%pZ3`Y!^$s zAm&en-s^wf;^S<(7+yTZ>CPE2EnX1kTQxEhc{fJF?xhW5-934fkmBP_w~MikCYQoJ=%vNx|jK($QjW&q)R4B0)c^T?k ziQzu2${@@Ami?sBQu|?AV9!E=?y=a*ij4`9kQuGIg1Z^`5qTRWs_$r1j=ADuM?MyL z)Y`IHBSlK!6#Jc(j4^86CdNkg%mB+plquRi-qy}XH~DDLbfVlm8Dh|Ty4)gkE-Q#s zUa1Pbzb2zH6?@)NosnJryjMTtwTn3?ZHk=+y_4?DD?T6+_sl*8^O^wneBjKZ|nZ)9K@(BpE_oaV)4=O(V^ZyRf)Y?7p6m{DElu_&||(z4-^ zTCa`s!7gN&Z@A!9*!w+I_bc*_Se4oYmt2kGY==*fw7RZCN9C90=bhy>C7Z&oFSa_* z#UimZ=#TKt)j3eCjoDIkOn$h2Nib{79!H07u?|o0jJl+t8=gYTc+QO*L;hwf1%9&x zf*+g9g&1o&=VwtaRnLi_=-tbY6>>uD_EfFa^M-x=N)=k$~B ztBuCyQ!~!pTPMf3Iaeo0;W8=d@a^#l_t*X@W2NL~8B^JBThHWv$s#v98zP3$0p192 z8Mi_C$hZ~n=So7f-s$$^+t{lbZ+nbPvx(&9D>E9IQ*XIi1ZUV{ z5ZH_qE_GWz)G8>>dM8Wr_(kvWWC<^twA;MOktgpz%{0pDDt0B4N$K z9_K<%qrggen(`-k%C%jmBj=8zkcY>;INv*(ey+^?)|v20L)M|(vsl~Kn3OYY{uM;F zVdr)%OOLTu%M_!({PHC@#_=jnf1^`LV4_U1;qpv=^{x zHaPY*x;tY^r~`NO*e0Lc_BIr@3~m(krI2CHdpR{UmYRXrmC+|t(2Sp{00 zd^+yI`{tnjTU%Meci)^U&1&<#FQxOWPoZ>sDU0ZR_d{%raW0&=#>Ur*TpGI37r5?D zP^0(>pfop`SK35~e-hcTUBYfsehdzzl6Uqfr6XRbv#|o;@<+VLs77W+G$j zl-hmlTDcR#*7q7v39TN>i{tlUs*G?Ut6+^+hv3+Y)JZZ4H$Mu&)lpe>yz$ULrHOq- z#`kqDRoRtZxz>y>{@F&pclTxngjp@G?qa= z_^NMt@mp#s`X%TqFqyuEVIE)4?s-xa${QYQ;jP?#2e%s!&AQLF*gR#Ykf1wBuFhDC zbAhv5f#_cPlS)f+83XTnj*U-ri8iYm*Pcw3K041j@_hAbdY9RoHqF5iohB-Q_Apm0 zthr!RRtwFG1NGKVuch^Vn|YrgM|EsC0q^c|Y@c+#A|ZQgZDG|=jBfDO%|Z7<=KA&^ z(Rm_0E=}$z4!?^5UB=I(DM-}~j- z#?ji}*%_c%+T*A>@FM3cqWSjjs=TTr0~=Z@pAoN(mT%2Y4107;pG-TGKlsY*vwRUI zqw(eGfwpYI8|V0#eQ7!UlGbC^zETJ!`EtAyUqMp0)WRn3s@HrrU{a-_AeXy<9!7KV z^e#yRC%fyFo84E@OQ_w0G?S&@4wap&ymw{=U%KpNslqCmv)~O^S~nDVPJ)W#(_(zo zBmq_nC-29MWr@dHQdT~dPwAfJ3*VwmadaYUH$T z2ptHHeMHPYiGFii*k671xJ|^Qb7+R1$55z1?l9^_UX@bEXi0AzV@&QVX`2t`#?Y(c z@X@-0*=U(w3JW%tpK6o9)2?)o#;Y9m2>pORATQL1i7Ol?d2Q{KG;!^c(hFZ=Hk5Z5 zGfV?5*H@}*Bmz!1Ef+ufB;&yprA}-!b?jZMkWQ)Gi2~#&IHtzSLu<8}-2+67`Y(#= z$puk(=Qgx&^sBqgrij{%nMW|{-^AU18u2)jd(M&3UwF1-GR9KsfiVG!c4##u0+&GV zlp45X@734A)TZZGu-ylZ&h~#*J5J;vD0kH?XkPAhCs)1WuJ{Vkt{b_k+ijwc_rfVqicdpE53aDGd)_K@ zR^va%VhX93WHAkBvL+?y?|(&?HbG_@^bW&iT0dZtiIVKbQfdN=U^tjDzp|muzoYKH<1@f;EA#9-0tKh_etX*_&5QEG?Hg|%mNigG zu!L3)fVCw|!yS$r#MimhPR)CKCvX4WQTWZ!W>O&$QhuIcaDj!S$z^@Wa1c}7WtPio zHtzX4?(2+D&G-k%4UCk{VQDef+eV~GT-72|ce!kI8W%I2$z+40zkYwXQL{ZG^I|(B z-hmf0@AS4{cSTcu0ZX;!g=$K*s#bemW|CLO6D{nM(lYu{)yPUiQ;n>AoI1&xt!dX3 zQpHD(-DdQWA&5xN(bbEw~@dk=zKLgr_rhLwzEmwyMBB#bo)_KM&P*C^3XCZn+z%}k#%R1F!bK3X8l|G*SdbjEDtDi9HXHo8;XFX;oh_aS*l4=TQlu?Dq!l2oUhvFdUYhs0IXU|kxoe8}kLjONxLo9L z9z5H6Wrsr87iTQ|qJj0pP2nicWX&MCg3D1!>+MOSP}7cb>XaI!fhIai)DZp)hL#nD zX&H3EMyRd?w&$JIb3OU-DvImgDw1h~c#hqW#7dLwLTM4uW$YUF7dK zTJBi|oZ1u+#QRXq!2r<@BPr7|>?zs4BjDBPQeQ`dC2^~0cEI=C65aXTu4Dc)A<1{1 z3cW7*FwKCxaIZ(|1p0&6;d=s5{gv^D)!!C-Rs)q3FY%W)*iX52iZ2FREhnv@UwjnC zOvZ#tWssP*tInh#6wp z)HI&TOPh_coP|ME6Fmh>(VKF}s*8*ea<`xa+Ok%~o$tdOCY|xsAClc7Of)WCP?^02Sn`uZRuE0{w-}qv4>NT-!DCS!;YmIjAN^Y*CL=v^aP+x+_pR)rg z<0@p8bNcYmy|B#_!1=>m^(qk5&zvr1QrX7Fxc%42*O8_kiN@72^)X7HRWP?!t(5+z zd*KVZ%r)UG=o8xMt9I*3t0N6iSIuKO^W3h_&KU+DLa7$ zRI{rPGNCm1ETg*11kWxKNS%7Y!6Z4+=7Lm1ZalMB01Pn4o$NJt6nJ_IbhrO!CAY;ZvW zRRWcP#uPOWnGTZ<855cL&P&v($4C|~G&4v~;z{`S?eA-L_a{O?b(jk?;HchH{eM!O z`Tv*d$_kTP#UP+Gg6-=^9xCvU*Z);r3~FO%=wRps{rA?8==)0w-HHUwDZ_*q!*__? z?J@jv9ucQnuZM@TaGtztVqR~z^YlJyh<26JgRYua>^C{PNOlc&7pbQtH!5}GY3SmI zhu%9bSJtd2IYKul`}?6t4vZ3066jbI7q91fMu{7xwFB=eAx_E=~$(!T3}>9I+I8g0@9P^~$?ceS->XfxZ$o zuhF&7VPDCFj3NCzmZ}XUnUwsh-(T5cOnJzbkN1%Wnr#)yQg|8h3byjxShzy-c-Y}a zm96ShmfV{0OM9<|@)q1U7HV=R)^k(7+dE(|Gx1c&eAgLc;}saa=LfN_$Ej~ z=tANG(d-2q>3mmhNhdYLL}+>)XHTeo-;6^K+Z~=(=4Bl%nm3~(_V8a1f9!{=?sQ2q z*LIknWO*)`nWM|5>w@hnHZ_u%dw9$8>Qba#o9UW+Kp#KB&=sDqD737?V%yhb>Nq~C zlOWIS8f%cS(@f?Onev)O&4`*K~jiNYG&p!O6arArp3XZYgr!6qM}!H83X z4)lcUkBl(-MQ0S6Kdr|{-hZ2tY9fF7`U<6`Nc4=-%SD--;1~Fx&NDv0t)@tq8IN<7 z@tScw67Olw&KV?uPs>~uD2@Y@yD}2h27{_GyG*A)-?yO<_ZwZ%xg@E1k?(_Xn4d-4 z8%Yt$LHChH>o-|~#%BHuCY6NiEZZ&`rim`uVpTFj$7i!rcTGK18y*JIdl%@5NiS>i z&*{$K{0MwVNN3CMi-B18-v$M_`>H+ zq-|=qI-jTFtYv z4(aoVoci+ZVbAyZ3&AbNGmQMcSCq^yE${LSy#Me$y?^+<$IIhm7@`kRx*Tb4pT}OQ zc^o%?Hu{RZc(YiZ{W*6BK4CBE6bP|)==Gh| zpcAyZQbg^%xH1v-?V2BKpmJeYlihwe;)}U4w9;E5Ch|TZ1@b7JEj12=cfFvlo(sX6 zk0`Tqm;FFqo)DQ^;Vo^NPcd#ZxCrN z3!MrSY6HbxH!E`98QP3(&6H#$n^|DyW5mu))_M+r4zi#Omk4p-7eU;d- zI=Hp{x$jF!3wuL8y1O?Y8Ks_VhkUaMAFX6V=wwOD;L7n7`Ihk}w6%r7rd7w|Ip;Et zm*?_~(1o_mofhRW9lwa;K1n>InR)sVDW)PL6@=$F9{MM!?FcPOJO^Yk=T4=aC$lMf zcb~h8HZA?zh3L8~41O6(w@8N+M42+wIv*5b`kXxz@c4^kE6#}06tP~ENuAV3hv!T| z$D-5YBno38BrWXcK6#ORAg>wa zU}fMH{4j^2nu5G>>b$zZ)xQvArelsNE)do$Z?@fB~ znB)ND5yizOMwvGWUNyCqnFNHF(|sj^wBNRNe)vLoUwd(Fe5~o_DEm$AwVMGqFXNtR zWMjuF;PI+KEy>3a#>hKXbn?TZGv{m!uN!yKHHkQZsNB`wx2$1Rd=hetfgI_Y1wy65 z&#F!1J}_n}1Wk^xGSM!(k6tvH;_>yB@s_-FajRy!`QajMvz%6g5VgdCFz_}y)hCy9OpD`0C?z$~!ECPY{iGSVFzdK{ zs-76wW_XDaR(n{ue)Y2t63`Si4h!ej>%&nWAgCyb!7420Iz~cdq8h&Jm_MJ|%pM+H zy9J4``p|)KmBM(6lqs&U`;wY?xMmBLmC}_g&9*QL!C9x9%9>wgn~{mBJ6Q8@?~(Tx zUkV%DY|k3GDh;udzqA&oVkA*`KhVUkoqp-da$OqJr^OkvOC@zF(vMZfsIemzBA7CE z*|fX}@1IMTb1w=zCaRy0;=OcoypxGAiZ)uIx8RNyYZk6TYuMoS-)Y#1m%T)_;lv~5B*e$TGfd+ip5+LTauLuFh$zsB8GynfTHtHObU5$DZLN8v6x zC2_>)QqXJ}H1i2J@^?<_XGWH5&@@w_GEKP0LW;z*7ihL>dr0^<9zD6i30}F>xtn6| zfalOFA{c_9lIVZjHFi_YA;W^sURb+QxAJXYeA>*1QLpfP>TVRw>kRzaQn8wJx92%* zB0RAAJrbL+s_+^xowRx<1hB0*UC$F5&Q(y`M0!0{vwOi=O7Psr=)Dcw;+s#GYb3g( zDz822eTGET@mP83wbwffsAIF0QnBD{bgF*kbw(>OlsNTHb4cGOIsbV zX!&YIluwAnB#@R6s#U0AB&D}XqLH+Xmwg=8my^Z2S$<3m!tqjxWKLGpSn8Vw#%y_J zmDrdgHQ3(5M{9vr}I2u5R0RmBAs)Z_>qZDHSyRS z6t(Q7ajU8B8Z?I9ryF^6ip(^6^RbRI2U_!xly^G)OWIemX2z2%oP*xTy9o^DHU(J& z(vU)@*&T{Sju=~U^+J!+?S@#m+tJNQhP!M%*b7;~qT*=rjlnXeDY;oS^<#07z7%v3 zHjkW>V^48}`VkK~KREB^pQd?2T7TSRGft4Y*)EhURs~{T=4)kNQvTgfQ7&uX1oPeb zZREH8e2EOQi856e!xC@O1m(U)(+^)0v~_vQC&F%jGIGeB#*8T2ZSt7uM8Apntf(MO zPv1j|ln2SlVe)Jd@^+#x1O4aSjo7D~XZpx^EgQ*w=ch!`JbG@OdlSyV@%WClJWIbz zmu}_@ZE4qXLsaQCYJsp#J+JShl5$}jnbO>^TgZ1f1J$hN@aSZ-ab|B8oQ*3WtQ1JN z+)%@2?}lyrtg<;Iv@ti(B%qy&!PWgVX(RH;BDRYljpyuuU+s=9nh>!SeiWAcJkhvw9bTtYJq#Byn6s?%G!dxtG%cRT~(2MOik!5XRe zIcI33VzT51hy!QX&uufKI$RR;*23+1{%SRgG*ry&Bfe{_U`0Ywg2-|QZ@A-Y*XvXl zFfFn!K6q-cD<<-0VAPLzVfOS02Jf9SVb4}ZGQU6mJ=PUc>rb)|;t zRMO$K^V+L2?vq%$InEEXj4Zb~&{SzM)+v>#uG)GF#PY05ePfbAkz#Mp;#6MOd-0UJ ziD25GnRYQbpIshp$@_+yIdKKGg-6dT)AZxY+{DJ@ zj#eQuuOint!&B_%UozBexiGWWlwHrgspn%Rx88Yr4aMcHUdjfM zW87CNY1M@Czy{hX9Opp_)f=`-HndFG{u_nOuRYYpXXtXS2abf7(5E@@#u>`j2InIy z568E9?2uy1LZ-idn=9C&dadBM7MY;7ERfEbDw1{jO+l%n58cxXE*c>d3mJhA`?VLi z?ys1>d1gGM$t#J~$F%(AR8L!>t|Y-5{w9o1A72$&;N3Je@)}yD1=>mklj>&i+| z?v;3<(p=qmQ8FA5Bt@BH#|ejdDle`*NU;Q#%cMp_ct`{#cXxSwA;iL|HjmV^Y# zP4NG3${-@=_Aw$|`Jf5vy%S!KGGgp z`EUV0CdWS&*e`|#Moh?2VvHr`!pM{OBY8$PM?T_SVd9_9o)?0T61le<@n=&y`M<^&-=r_)2`V9s zpuPaxd>etN|60AQl$f}@vN)TQo6~*?>M<)b%isy1pqBizO(7wHc_R5Q666(BfQ7(&7uC!0ihP+_0_?6#p}dyx3kbk6sLF>jZIgI^1A1rULjEKwy~y{e=U@;a=Ae zp&Txqyf?7l3hXVu2#S6JFw&1HBO?8`E`grDLlXzao2y{R5QG6WX(9spy<4j8T)TS~ zs8kA6;)EfU>-_=ge?k9$emUG?(h+XA!%iY0odDhAJdAi|$nV8p`*B$E{@|g;xn;d) zANB)J{mth0V*gn}`Q;d}{o-lq3C|aRr^N!jf(7QOr$O=rw?~Nn&l)fba{DEpC@d*2 zJXG?q<8LLytat5~3>DlUHV4lu3;Gx{%rn1rIzqCTxuL`ViGx4MeQX zpbi#J<~DGe;U#&3CvhN`k|f;UWT5wdk5V=_b;A3FtEB#3xT>v% z+Y!P~b)jk<-hmS8ju3ui2%)0;OrCaV2lA@_z0BWqAj&TZihRJMS3w8jhw-Xa;}OFD zOWj3`9Gx5tjh)26VxWVaIn)+%u%qtHzg~8W-?j$>ngrhdyz)!)pKw4*Z|G>QZ)gYR zyKef1w(k4W;yp-BsE>p*=(1Y?0;^12JK~UkCUl2!^mik_y#pS(3?dI~9uU#}7aVs7 z3u|i&X(4p87BI2wuXK;LD6#t?O&b>qzc1Iz;3CadGGBP`tix|6#)}|xGCy?;q>1y2XO--6<(AJs7E#+0gP85oL>0>0Dour zvacb|_$Q#kk9Fd@27C&@N0J~gT!NuxZXis9kNL{J_TWc9g7uILNJbGfobeG6^;ZyV zFY?(z7<5EH{gnf2x6)mNIq>5thQFld5a_J@ph3W5X1^hf`Ll2eiy=973{m&MkEXvG z4L0-$BO{JEDwuXP3Uo{ZyICEun-dDcB>1uPSA}4k^&>QdF-L{c)azOfz5fPn*k(PA zjyMQ@B>hz(SPmYTmLu3tj|imO`Sw@lfNvPUGys+(aS8#>KTS;^e%yJ6ymez2*v$>F zU;}m_9s-;n0o?Jh96|B5{umk1+kuTZPtGIEfgeBfI=oV7fjXn0 zIthz;$%-%re*A2`K2@FrM$uZ3>A+&Ha3PF=A3t%a0=g`K(Q-ig0UJLr^CFHpDt?mQ zlsuLJl#x8WU!mid5GKKopZ9W|Z@mO|`+Oin{3?tv=BW5-p@U1X1lmCusGPvY8%j~c zLGa^e$hP}R1Mm>(fh68Y5@8OU__?=^)68}*vjlMTK)Z&Wmw3tiAx9Jf4tsNugE}}u z;MOPhX5IEv>F1vT|4;$b!7dqvD*PeJ3}XA6sr|K-E?rd65K@3nu>MI<{R@bLq0!+J z?uAAUj4AgR3w@90Y#=68tLPz6Bb# z(1C&orX}JW_#+T}|7hF%1;+sbu{tc*$?l%MyO&qX0keSu>wljN-$=09{YUxXFTucU z4`XfUWPxCf=Z!t$Ecm19o$c2W@Bi(qu(5R0@h><>4XeMRVAD7b7sOE(PKMTSDk7ac z_zlRwN4F1*LuPJ>gWwO~zcxGA_E7KnHyj5iXESGrBjm8QXKtY0{Ug%BWC_09V1b2R?tqL2&Ygy+Qm}Kf!{00}ux} zIXhUvsgRiq7UV&I>5M_L1v}v?zl{Ls$O;+tv>OE@u-N>83YlF9;*8%_$c$K#?(LPD zIRFuMfc+efI1O%Q5-IEOMGhEF92gE3LvaUT4E)5zi#()oFEQDx{=znd+Ixs&j>t=X z1;Oq-*}9K72wqz9>pB1|g*6so3f!#ZS6yJUMx}U!DMutFziI>927(h2=D^QMg5Gnj z4TCmtu&7x40AURLl;l@!V0|+VHVpi6uJBJN_+P4U*r=el5Q6mvD8mUFH0cBRIiGsht9F>dwih>QJSj7mVj!H#tNZQW!0n_bGBw<~|^B8du{7j@^tA(;3 zaIPHS7?mK*IU*7H)o`%-+;``_(m&+Lg4d_$IS+2P+!L?L zC7(YI)aW}fy5W%_B7Tpd1lFAor;HfS+m8UpCz9>oN-IT)0Og?Yy^7Sj0IyyJ$O0HB zk&sybt0V7ib8zDy2!{%hpTz@Ef&oF!Mt~tWe+y2YMnR{=(tn7tbPF zNC4OF?U91DeYzJS;x8U9-qo-bM;wShb3imD0J#G+f(3a*`~^tX!VylsB9LrTPzy9U4PdbI z`{p}{fRq#sotz*JaNa;9xGwgokQ9tXSN7+?BX<#?9PX6*ue82dpn+K(NKpFn5fFZO zg0h!ncaU8f-dpL}TkV5wTJ1%D2yleh{bui$LIXph74Wtv*8Vxw*GGs$;4fXmFCEuD zMVte_J_VmMTaGvfexU_36=L{fKLcz}IrR*2&Jp#Gs%IvdKQ_3)Zqm3~jX3D&%EYfM zSfy^hK%8~NOg=GYG5N>3AM7OWX)OYvBR3jkc7D_P4*F*_NPIy5|L>FGJ6Ml6<98bk z?uHFCfH56O74#+8;pRd!!Zi5ZXth*=4Ak0@*g;Hy#hh$G81rYn2o}T9iZBL#CxYKu z)!Grp9MOk<<-pc?y*d%*9NmR}MZwmnvbzvQ9npi*cakx}KqCk}ut%(;8v)KgzB%F@ zjDRy5)1a`AbRDo@d+L*Z1UP%up8u6(_LqG22D*6}g|SG`OG&`1!LW?QK?E2_E|Fyu zB}1M99UcLD!M5nmF@zcLJ5J%q#|wEN43r$mI)|qa#=!4562WX~=YTeR2a4|_vj}63 z=s5a2z09H@qG2DXife;|Y5r(3zn6mitENrFh=#i$SfSX10(YH7juX(EolHbv8AHSFCy$ zO*I74Go(8}FKHNL2kQR;`M*Phj^YwvQ(U_QxYj^b85r&o`u~CZ&ly5TfiIESde{O7 z27*@^U~~IOtiJ#sK0|S^oRZ)Ln)QM%B?qIO67iovu0oxStRZp`CquivLMQ#c-$DJ% z*&5FLF3R!Qq!L&hU<7F-tbS|ce}O(+Kf0_LQ>s%)NZBO&i{9~<{sbat2wr4R+S|cy z2FjWaP;kZ|+?Q$gx;Ci>CkrPiu=fz`ueT6i`y<{DOCGMytCfa{bl@sN-2Df{#47)Z zczJh63kx{)`nQeeUIl{A<}BM`zNxMAf}+gZK4cywl#rw!qkm7J?#cyKsp0l z!Vc5i42=JTainm)ZNq1EV8rVLc>?T$12%X~`1d2xzrv3=pXYky)3SJAA_Y*%IS=#r zG|(dmd#4bJ9&w!4Snm~272wtDpr^x%MRNX)*y~4#oocvF&jXw(O|-v*CEomBJ+X{&R5Jk%w^YzryFIHh&$oeTy5 literal 0 HcmV?d00001 diff --git a/M2LPlugin/lib/javax.json-1.0.4.jar b/M2LPlugin/lib/javax.json-1.0.4.jar new file mode 100644 index 0000000000000000000000000000000000000000..09967d8158efd05ffaf33d45d48544f680ef0d52 GIT binary patch literal 85147 zcmbrm1yEgEwgrm2>%raK9fIq@-QC?GxO;H-;1ZnR?rs5s1$RgwxPFq`uV44=?)!fK zPt`7}4y;}Kj5*hsW6Ii!vfvOHATTg6AkGHPq9Fh9g8>2o0u)yjW{{SbU;+xuOG}8W zs4@a2UdBK`QdEErE6ji{vOOWqZ1q?GwPG7Fl3hj#spZG|>w0kK9IoDlI~x ziZwGPh=PyV8GR$o(2^b6CRC;aNqB6h|EtnZ2ZhRj)9mpezgJIwWjjFHyH~-rVd9FO>xL(BxQ%WddUc}ikjgVhz9PP~u@zHaTt$Jr@rUEUVoSe@ z93N_0TMS>N&$zkT)uCCpSK=nNX8Ax7|LW7&^J;aDXB^cc;5))`EW96HCa$M$=LpQu zN<6PwF&6~!9DD(!n0X`44in7o!vY!^N=0HI}w!uL_6#t`Nz`ps&-~9so?H{3Get8Yp-(2TEFGT*w zg?2{nX7)_~&2oZ&UGCs)!DwM?=+%L9URS^U9HSqFehZ;`j}BbW_;yYW_&HH3bEQ488L*JnC(ieWYR;P%06o>A?vfD zsSL>BmLT6*l0#){B*OEwkC)fFW9YJ^io4t*AR7qly(@olJ!@y`6Zha(U?u!}MsSnBIo}Wx^%5Xyf;947w6opQvU9-WLVGzk=tYOijy3l z`SH97tjB((gSojudCEbWz5apK+1V!0F5Hjj>T=_E_Y;Q~C(f_EmA|`%qce@l!erj# zy%UcFwuOVjw7m$|gBS*#w1rFT%{=(k<&Q(^0RNg9#qDI&5HBp)$TD>ph05#(FP1K!`4q^C{9z1Nq}bg=zM&q~+MdKmlPGbO&YH7)GTxx+fw8lCv>J#U-kf z{W0`?A3Os^ zLR?F-y^$+|id;QN^KQa}RD!C*!M1Iq#^K911`*4vx0m*Uzy>RnDS8Jjii3^2L$ zDXBjaDW1w1SERj*!rp92PRY2nES`bvg*wx=v}Eq0;Lg$E9;Qrh$62cHcR$t};w$bk zIUL|_?x|I@aEI-UGFd(PnujWGv8K3jq;3eil8hiL^g-L=DnATglUR8R_p3-0 zWu-M#?RX+#vQ>ID0{WIl8fNU7HxktLLOh}ioToaE6lzNUH__$*4%hK*`nGIRT@Wr6 zexpt2Y%{F)a2?pP4dmz%>1M+z_K^DQa=FTVtb3iY0;a)1TMJD! zVl)Yw&Jdg~z*0Ik#J!$Ie6CM~F(Iy3R?4&MQHEY0&bg-|FGRF&LGTl9gK0gSBxy)) zzX;n=O~CV3wyN}4%-J&reaTd$i>^e{LV4S24Vo} z6fG_+?+Ef4Yr>Yl3pS{hK-3eg5<2o!gq~y-99Yh_&fLzI1smgy$J~aRPpoOL5n_sW zRhjbD@c75zdJs>gaKL(5KoB@SQSidkCO*?zXDvjwFRAeiJS(&GagSOvR6O?g~LX zP-y@sMGwrJ2U?gC$t8*po@5SEsjaG2`;yL=xXju}p^&VU*!2xa)GRsTDgaB88iRZv z`OxnA9aQJTG+pDXJ%5J;8I5wGTsG0WXSP9#`I1S9=om7-p4dOF4wEs8=(ZB4UIi`DMx7>!UEH#Gp_2mbGDDQdi<6`7~{q z8?hl64@WRv*GH@}Jrw*Aufi+nDNaCF&el50X7|-%KS}~nlb{ne38D9- zoIN+m6-FS@e`@<2K@|<^`GOEp80>0+m^=X zJr`+m;J(YZPp`j##;7L0kQDrp_v{lC&+4YF6WNV|t)36#%sWr$oV8 zc~@ro(9wy=sO@Nt7{@Ji&<4iKkTMl*MPMH(5tvB}Y4HPYo) zPb>>q;gJVaSaC^n8Z)@72j>x#xEmLjfP7SuF;!+O{j!KWpu6!zT286PvCe)4amR-) zFCe?%zt>*hp8oKfIl1Zcv%?C(29Z_+lUVLm3hpE)iGIO_vZxzP#hzKo01G}3@qy~n zEs!liaDBG-8)DvK`@`~*{5f}B)1ys}d=|>(C(kM<&t?#BZQhKfMaF?@UzGa#{Y8yL zu-e0r*3!m@J|wkdMVp;Ek^T!F@$)E!P?%UiU=U1v$^L_G)#zhZ6OGYTf$v3yVSn_R zhaul{PHO-41Og?$%?4DK&_`>=(-YBWdK3Fa+1UMk4k>n~93<*fkaYNyxU4Sn97*8q6L>BX0UZ6h45kX>+)vgQcNPsJ%rBkJQdMW56#Xj zsY2ONOkOzT*{rkOmtL*a&QP8HpfMYut%EPn+b~l*E`8Y9<^}0=*m1bhhZF#uj9tm> z8}oqNr)k6DiMS7*?l3Hy}BewA-yyn4aNhjn{1oNBasfb+O?6+2(%Zef!;8SKte zilPkt1xRhXex3#fok4h#9yj7%l~4p!riB~oIk$?RI8&%nI=XLMU9-6}Q*LpL(2K8tT&?>h*jrv=IU&={k?&Ny? zO#-8k|D$sHb2bI_rks9j%Ku8H!vB5M|EWYN_5V42!~Ex^GH*(j(d3s_E>8KXyzmYq z>=nw?FlKB!3ch6vfmRp=1KJ6EZCS~2iCF@HgItB=qw=1~9j^LO>}qJ5zULnJ9fV+@ zM(Tm7F{M?TAyn%fpVidu?NQRaz_(YQd$@c&g+$AtYjXQd%5my(z&Q6f#5nml#yI;p z!Z<_fDt!aJ3%!TtdHtH~rXLtGgf%q%>LnCph02juU?$y^ii+WCnOW9OXtCFPr`g1T zWr@|oC~m7(f76{ndeud)&Nx`?$LJyWos_PY)8z-m#F&6oH();-6{5#iSI9PHzZiR- zhej)Yj&(U+IEMEaox2Uqi#XxM8F6)&N z8&9O_H5G01siqE&dL$D0r(z;JAb&pOgKQi+q{H*X$F48(z39v3oG6xY>OKP_XpN*Z z*z}q|s`TUs#(>_XSFru8S7|y>I27|2uQEzTfb7`TeBhjo2ToSV^T)J#Ar?|i zTV8Itqb6k1k6Sb+^gGFe0sDvAMrYR?HU_NJn3iRiQI)otAKg9?=KyLiTurk|jCs>^ zmo!^-Yn@+iErHeBg`mZHauZCMT1>ku>MnIKV4tyj4N2Ghm)agbpzpGG)PYr9N>6b^ za@oXb`e-eTn@@nraNk?7dL(MJ`GpQ28Jy*_Rs{^&a&b|7M@OxSYRk6$YEc74XCrM7gb_`0imTEnx; z1-`uhly>{1rNwq^%aNCS?=Y4*TcG$e%j_k*-r|tI+zYtxPy0SBuCT3MXLszSBEKGd zSMEUPtV7NHMKACtq;rWZ*|JL|5h(e{J$Q3n9W@SoTjQOx5){`+uQXhVtW=K6$K(df za^eHj%=Tj;y~p1f*RU_vW5`>kO^NW2yz%F4jQg+KSlHRw$m@^2?4~>}-}eqfAb5F9 zMNzTmGh-EAR!dO`1TcmJ0-K$28FP-Eq6zrG{9wcQ1R^x%$;W_PV2VZMGTlmLah{X+ zt;PYwqXol>c3W!c&5bco#0Qu-L^U(tO+beTMM8KeS;iflRXdY}?z z6CbBB+v0=yHWZe2j^`q~ZM3Nsm%$jvgN7~jRIysHb?XyG7YT2s;~{t7yXb2Wsk6si zYuoB@uk>SWhLu17Mj&{r{A1H<<@uW8(WeYIcHq$`o*}jRV(Ny8Ypwm3_k_3F%1h(r zGJ$KV;qLJibSXwU$~^n!e&5@g3;0;Lw%4dddM}|1?AR=2<3_ubDFO0@IMkKXUzrid zl8M?1xL61ovM4ojneI5P4a8^y68+-)6YmH& z$G0j8+doxF{%kjr|6n%}H!E9HGv`0d$9L_pBnSlsMFz#<4u$Ftr6d8hKah+e0i}YN zS2a*S0QX$A{lxFfM2wo6u99h89m#mAshX^Lq?(zLl&EbwIbsMiTbh@Yp7x1IS2;N& zO5cz%07%x3Y#pLozMn=1A#IMz0Jod0VM%N35Bw01WKs@g#`u0JPB9)HJ_a?c|Tw- zTQL(}#wFN_5K5mq4_W4CuoWnja6V!Tg2=nXNMXS5GLmCnkuLljvVgxtmh4}V{Trwf zMkcNf&VSn)|BJ1kJCwdVl%NFE)^6d#K%(kvQPsjOTIt+GcJczL1QaA9@SnjBEbPln z5QZt7tt+FhL;Ivas6tc^me1LBwSac;)X_NMI^8j|tttT}T!!^LmpFm%`)vR$pLA+- z;;LgHagH><1GlXMF(m7M&0=3|2E8!wclf{;D3I!Ltt)kmou&PhiV3Cg$b#uJ9~CiK zSYe3e!aXx$69N+gBS9h3wE#HjIGO-J06QHxUb?x(Cdilzm{|s(C4kb>3r47dQM!_tqU%h{TuzV^+Gk?C zkCEo4Bq6>ySp^Wh=6=ab&f?pB&_4=dK8J1+xjU`AfB)S>;qm3-0csQfy}0J`Z2d`( zo1#grj`C>ZsDi$=i`(4@R?UplY1Ert+6bTCcEwSM&7fPf%CrQ}!=l<3xr z-mODQ`$&-z0XmH1T0*+0LnpD)ikMIZr<^jF4OO~NH297!v7oDO0YsKKwWZe4bl5 zypVH{XXVV>1nS24d`T*raVfc-@VmqBH)tZ&F;y_G-zGx~V{ioU#?o$>$BfLnsB z!W)Z+PJ=XeM8ieZ2-sR~r{)yG4jcvzgtl8{By-MlHmmeIxNIT+ki=o?2MHS(oJixj zooM}e_j3OP<`|8Km&Wb<%sRbHgAu+Ult$Esj=!p<24Kw! z4C*u)n%STk+V(WccM&&_dG7r|vrV)X+p68>(SDg;@ZOLUCsthBQ~4AR$k~d%70#0O zx|hkir>@4Up_LA?V0@Cu54#pCgCyI5t-FuV*_(G6jSXuMd#yw7)zzVZy-+5o5IuqY zp`a*~ZG3*WH9{aEb`g)pC^iKz;ru)rA*WxLcOp>j+kmkl^(^%~5eFRtCO)Vbe6#tN z+ORhB{@Tb?^VJz)$)5nK%+f>a8^;o_uBie+-%Qz-JIG&%Kk;(^r1}4XxPq~@nThKk z#2cG9F4O-@1J7nIXH};ydVh<=X5N&EfN4Xa)y9UzUI&h&D3?SQ;mm5dY=Pe?ZjZVy zsG`9HK22o2?&$9O_;vb&a1RH@65zFS-q@b9E%2j$1NLw7M&04{kIp`)cRNa6_P9Ja z?Lz0iuM(}9O1GV=Su!ibyK&;i`k21e2*b}-dYGGuAg&spo1t}+&DpPQJ7d;X~3V}c0_ zmB5;{Gy+J*rLdpRkMcd@|8X#$4O=ur#hBt)Q+6aHq&h3L_K=v!`LgjsPg0gKF=%M{ zQWIB@q(OMrtLuve-Vf#*O+DMJA&Vee3!;oSu0396SzTDt6o>f{u^L!~t2f^khxn19 z`fOJYhx58Sn4x<0+b?6}q>nF%y&1#sFBzNkU)}!?WBk7hhRDBzq1bcwK!@w|W@6z) zhpSDkRH&c2lV5HZc07#i1P!ohQ4IS=VN3?d=tMg?AuY{NZ*JCMCpG zM=tt}hHag#hMa?-EEP_owTRMUpK>3Ca|{rzlxuo)Nh+HLuhmuvb8HM<0@gj3jV}R3 zM*je7jZ92>pMOkZStNui!Hb1Sp^j!pYJ(OrIzn6?C`zMb$}9zKV!n29dqB5Y;P zJlWp^zxPwv%8!|$hZv?Y@GbgCv9iGY(H((>GsMGq!}#)7r z9ZKjoOJnvI?4TfMDO_yZYOz`rVZ~a59a315Kp?3%2R!m-!N6AtJO*=fukWkF6DQA} zVCg1@`3L#m4d2x^CR+3@{QR8IF_slk&yI>`AFhintZ&&w+!D5uLyEZ@GAg8_h0u)9 zvY@>IyW{`K70?jOJ&93pelIC6R1}J|z#F4=jAuVhBQrhW(052x#0m@kF$HQ_bwCoEO{6slWm4OWj?k$X(hd!6V3MdgH7N(g zQO!ovQ&Z-!9u(FQgL;*vbXqyL-jrgAO-z$DUhhUaLN@=FiY~fCU%zDbj^6pA1x6K9M}F(cT?CSD@uT=$yd>!>npT~qR)Kg@gGXS>L>@{v4F-6k?ym;5|Lydo|XX@-Re{V--@gDWf=jhBnz zT}%K-ai28_nmMR2`~mt4l4T!+#J9#a$gj}ypPlO8$f!3++)P~EoX!3$>E+#_INhP# z-Jy^qpgwIr%@yvdexAsF(~TrG+fN;DJT|wRI9I6J`6l$mB%okX)C%$-ljkH8EKE^A zq>m2B_lr*+smzKg)0kN!^2?Eav7DKSsiCPMn6Wt&%G+d(Kis#GQ*SXu7#46D`bl zHBHfP+<&nveO1BmSXy|dO#bbM-Bz>Mw@6>ig}zVd%mKapm;7IaT*XnOqLOh1E+lld zJ9}=cO4*x2@J1(}!N*QVm@njO7>nZc!cLdXmZ>$&MTdFB5>ji(w&qyI_sG9Ghc4CS zHoc!iLZ+QA$Ld~>rg&`{t(`##eZJJxEkk3~Lv@uDSAmYBMtPX5{q9K+7KFxD2oR6# zvwTqcma32q$itJZ8ZKXG8_qp@04*jQuRY1jN)NXxM2d#7NHH%AIH8o$WO0JGSx{qg z)(hJ{#bTugrVZBKe9uKa7}fgNTl>mvmH7Vfr&a43zVUSQL-ly7#QJ5}upK=xU289OkP{RtfI3rXV& z@{gKy69B2eCiu!8tO+BkA1r~!zzhm*P1BD?QC2G|#3-WN?SZtLQ`u$rV9HE3oc z5*(n2%Ltypr^RW}42?F^b;LdAe@QyC?7oVyzR(e%xUT_*g?f{(D8vnBFp{ie8hNO) zyKP2*B^Z1F8$My)ZA?cUq?W-jU;hqm=e4ACH&{1NAyd3a;BB{rOmnR%q4&Db$4?Kh zwk*b7$qvtx{aLZ6B2-pWLl5y`AUkheBy8`f9CAr*PY#YwT>N z+}ZM@xgsCS&cBW&bT>Re|Dxh)GNHi#A8y9>KW;W|KmS%5OLE%&JDbt4BjaLgVv#6* zkrB7jDjEwy%q$Z9!_5Rk{YStwA$q}j(FU*s?m!k#QJ1EuqeLK5_uUS1*$&ol{O_M% zzyt7>ISmcTf+=)ooxZ$-%5vFUW~Ww;YIDZLBv2z*0w{mBT|#nT`=Q)Ant$d^m1tC8 z-+o#4T14?|GV4s8Soz*=i#^mq(&iVR5&YsaN4=x(yreMX;!)SRo|L&dojoqq?-w{i z=hN`GJg6JU`aRvAwpEXpjYneA5Kf9OZ4bG_sg*CS47gnLR9>t|uBc zXk~y<`O1i!aQ>~D>jtp+qM>g)AIx$n!y`~a&XK54>6NL)UQey<1%H!C32R!eFxWe- znZJQgVTfvh(g|N*(!&9{xIuhj4fp5ibjc~pHr8Jk{l!j^p*Hyg9 zpO)KvZv!@lnY^Q%-4r)ocQ56`Xb;;KekeOnG_KUr@buf)c$SP0NZ%-J>n|zot+Vs* zBj@k`qs?>NzJp$d2&=SYnhG+O5!%W%(gM;j?2NB+go#d<{QYdI*w z_!=*GSxj}35d>1FNo{7CV=MCoX3$4k4N_`;FIjuc5{xp>K*a9@YCS7vq&}&h+>*W$ zoSznYp8qX~SO*ehxPDl^1 z!4UAVPr0-}ak|u)>6PSrB$@IHdxRmSJG`qTmQmu7@2B6tuj)?hIh(!{!dL zc+GZ({W-yB%x?k8ipj(+@25z0djA8naD%E9iG-+UJW^q|C<%RVQW~3TolxGJ`$9JR z%6X2;Wo~*j;Fa59hRK)g+pd6;jC+UtUfSp^>E2m2ocd58s$de zhDpvZ5Th-=n2~UvQE-q|hW!%3t78EE_{-i^b4V6`8cUyiFoxJ#Z_4h7!!HIVgg46@ zc-s}+kbk8o|4nP+_kQ?;e|>+oCKOQwu;D_rQ6Xm^K*Uv-r3Q)zBqPW(q0qg^8R0kL z6SWZ-Bwh!;G1JSDJJk@GW$VDSfwZ?+m`_b)XKXxPKfi$H2V}<-frY68;F?Ws>Eb2i zwTI%symn1ZPsf&%>ZVcb0qS{6xkTK--d3v}8ubXnTS(v>iL`Ed7E*@6Ga(B>^~ph$hA+R5FH#a^xGduDkUh{ zYL(cvQ6aq8eiE)IJ|}20m;q*KJlp~|Dsh0(q%uvb-10aMtz8Y=~XK!)|49k9@6WXbOGO8cdDDctj%FELG@l_JYba@ zU0NFOlF($LxRf68!>Qj;8JTw7WDR1!1Yh(pb zq{uDx=X`=M(Gr`oc5U(0ffFM?Sg*2KC9)%a5V!^d1aemfBKsu5j50()bzA7vZ<_a+ zOA8!&BXPFB%7PYVERHo;=nKzrZixtZ>y)}yt0LBybloXGo z4>p8P0e;DM?hUoX%{-=*Kg}r}Zhu}Qf_!$&?bCu2g#tfHdDnCSm14o1!~eIMf%&}l z@0x*se&sCAkHvPR7Q}QCw@v~n`djisYw6UQzBIUd{_Vg|1?t=$H-m@8zOL^s0*jC^Wa`!d-4?HfkU@CbSjH`0>zNwVuwQd$`rw1v2yqOP;KYTg>rWiB7 zc+?H`Zx){E3mwQ9r-23|sZvP;@P$Q+`gWk&IZ7Nwx(Hi&XQj zB~A`P9H;TPOm%#3oiw$$ToUSjM%pCwyV_<=L|g3ij6xK&ZQg?S84a)D_uLDUaW zH9LZb>!4Y?GfSSZEYi1%2$#iSg06Zr{fy}#`%P1_wX&Q-Gqc4Zd>C#( zR!WSI&&15ph#w`{fpg;!5{|vb%1#)E!|wIMT0x;X!{iLC=T}hY6&=8d=ud^!SvI zyUZcSM3m=6h88e+I~XabaCN6IX@eC_6xrIfY+_RlsAe&Y7PZFT$=u!>I4fGuoDTBo zj|0;hrm>|;V}9HmskYG+HFPvp(k}LQq@uPH!KkB-qljIt4p_}6e~9Ynvd%?+*Jz)m z&Wv$FWUuMZ6U;x^sRv&1wm+SL$t|U`rwGTgyVhUQ+8B&8XQ=KY!HmG z9*$2>bh&KNVv>I3m}x+~s%=j-ac@M$)s{9X#r$kgDxa2o;;)I0e_-1OlIs}J+34k38;5$EEvqbtKx zJK^?kx=l51}^z%)GZn*$^ihRfljKckl6rofm61#n!Ev zZRBtpRLD2Zg~6974anG#n({sDqA)E6udh9^`Z`XnzwFgCnT zFcyczf<@y^&nM##>U}CMpD#&5FrC=cS!4$cCBSWq!3!dtQ+K1vSmusM=>bJA zY!jh^xv-oj9#ikf!9{&T8;a#E@;_?0v^QnJ-;+}+n-vFQ74S!7sGC|<98q+&Dm>m#&0ob5w8sE3@8HKL?58rNQHp5Obeu8Tx< zW%=Kt=)1qvW)%OIVI2N8L{gosqp-@1G5iW8GgeIJ8Z*1zVwUwdCzX`WerB~+QD0tZ z84AHPf>Bc>lQinYb!W|g3jU*@gy$S|2ueGmg#XD_^1ws>6y4y7{}pr-krqi8nu(yp z`A25K^4hxf=Ue2g_G^jujWU*G!RrC8ElAQ+Z-(lp+Q;02TGY@wtbz^n-go=GIObh+ z2IHw%GX8?cqjBb%dzg4W$Jg7`SH{&vhwu5!b(0EIMI^^s7Vo~{%ne}Hp!+GxWV7s^ z!u1d9#B{@>Co%A=<*w*8zt`}w(9<_KM0Z&Kz9`DjuKY~3T5@{li&|9Q**T~_joXsM z;mBsQDV*5@yGj%*jKaKo=1IqI?m67R1wClKaw%l;-Q|u^!HxUv!eCTrx_G-LTjfy( z_qp)*QUur@(Ga%L!$#HF6$x6;p!d~|B;+`pSm|Fx?atFrT)I0<%+C^uyjG=gosySp z7C93|!fZH)tvC`i!Y_{}al2^CueIh~lQes1A{8POBBvv!Bbi3HuIPa_34KA! z2@wvZ)jKd~qvrZab4~tec1h1_{M`K2@;+zKXEgOvev*4(yxJ+sc=NTt`xX1F zL3K(>f0Q?gz<_mO+7|(rs@e2-b7?Jd&Zj$Pf!O28Vq9FiXTy2ss_q?74-|}7F^?Rz z78Ev1n+tozjy;rN>YDpYpkVvi(3#Kg^KIu;D8tWhpdI{^g#EJy{Zp~W<$oDb&cWn2 zAO4Zx0^^k6-uho*uS)Z*g>CPqujfQGV7yVvp%rS!sH4t!P{4!e7pX$C;d7N_wR#%qLH(UnKQZg+hM)`8J$p-RX|t5 zcwr>qori7)6MUyi4XLe2OWPGC6)4=RTsxmA$4(+jP*)_EWF`9q`2vN_sN3pXK%w+; z7J$vTcK0FXU`-xnC)(=L_xapw&1EWw&!D^e5oVJ=3Y0n>X&cI1HKsfru@Kn>;U}&< z)M#15a8MZNeip9r#AkK{RwnBRHYO{8aaXlbI!~ohh?kaV5Kk$|Xh)&38nGz`>wTX$ zW!`i;*x5te*#cx=beu`M3udKygALflX=;;+fQ;Rj3i%3k4?7#aCb3ryhR^2hPB_UW zW$K?&zEb#pBFq&?(*J6$+lB)s>Vd3Y;Xho#-qMsHb{Rl2rhDDRfHIm&z_+x#QM(@0 zq*Q>Zwy*6)>_|bPQcRoLkimLv|MjaJ6>@4Pn+}6k3dcBui!xKgw&p75s^7Q_fm}+C zv#<8%ArYsZ+$Sa1XQK>W1i&6}xPnV}Y*)5cIEz-TV^j9g*sZiqz%Aao)ao%`$*zUs zeZhpAgkM{Xix1%A6WE7PCulEBSH`;6Qp6p6I3v03L};p6q9G8`7^8TSDdqv@3Ff|d zL#aZ8&6%3XnMd6URRY>tzJ#@6cHHg*^ zXXKD?K~RuA@qc>G?6eGv5+c9n-*)QTA$Ms^JCMo1gm8qiAYqoLm6%Ydg}uPF%iDY} zEki7RnAS|S>yLz<`%1pDYh4CEcBs?nAJhkG*A0i+vJHVvMpiPy@(h5=aDxJw$!&Bh(y@Z~$_+&Jj6&iUWy+ne>&n+U zCk_5QvITy=#n$`-^1~0z4_3B<4sup<(p_=$KDEiff^-!&0ioZlP9$ZG&G}YmX8221 z|5Fj-AL!?gz4*88hSK=2X+42Gj!QH}RYh0fh``vS7B>?yU>FKJiPP36xy%C7lB7oP ztySGSP`~60`M_Fb?6V`^Y!{;EhnG7D$7nj}10+U#SA1R8-8^*>3It3Anu2f=E(rjX z#nhx&6;1pZ@&=Cc81B+@uV=4@&l#g!m2Q${FPVqfca2Z6GXjFbWUOm*kjXHu%}tcHSC18fEE2S_crkCt9~14 zUq$ZNmHXRFPm$(XeNvCzU%#0J29k(U$#!c@%qlyApkOK0Yf20nyPXJ$O&Sv*MoV%x zFAqcxs$?f9LovMntVB$o;1?(V()Ij1Bm_wDIsF=7qW()QM)QC0<3ESl_*t2LW{fa} zecSbHm-Y)th;n@Z>OyoBad59#hNe#dzyw%6Dy8C7vmc7QDH>TST~KH|IqC2G@;VNC z@VxU@B0@64?=y!X0|U2*XxPro5CMQe&zcS8;-qA5z_>HXb)4WbvC}mch7Mk#clNBH zvjl#G$|x7NLQk_g*zb1fDz6 zgwB{+up@zqA)B6=8_U+OgADVIl*4Q&7WO}A_dl-TQK1>clu8+TZvk_Su7}H5!YXN9 ziNkBQX5Fw>Lk+g-|6CJ?2H+rjk^lpP;8o1Ymo^?O_bZ=CUV5THdjneiFMFb6NOH^(3>d3;$!|YHM9EZ?_W-8>OXvFmzl*QW0)bc6`BQ z_$3aq2&LA`{g(?u7lt`qs41by^mWBjy!vS z7@e9zo^m}Xg+o7|zZi=rqa$_BTTZG7hmykP81I+m14kPK^WQ9=_)jgiKWDOUsV>Od zasI!|UH`lW>2GWPzr6wg{a;r99*g;JUP(ap?{6XEW^QigtmxoiD{bd!`v+mCsM`E$ z4f;(rE2~E_f1)KN)^`skjf%>8>>;(TcR~#zCTdK!Pfl@jt%iMtLk|^;*@{lTdwXky zfL*J&_^pxe^n0(3@t?U3--U#HL7C&SL)42XMgR%K#;Rie$r$1y7$&6W&L-Le+)Lk` z_PQcqQIW;?O;MWl*1zC9z-Jxvsj+;q)~dTstgos}N%NNed|gpu0Vsr*XszJ=1gvYo z9yIqYJpq&yYN<^&jh<59Cz2tPcPMbL=chcCXB2o>b#8IUJNWE-wjvJNA z1b6JKk8TRv%oB@08d_Df7Og-nftw6`Wj;peha6|5GgGNvl9lik{aU4?W;Vv4WZ;r& z*0o%bfkRlO&P|!CImyNxPBMU84Ifvb7G=#a@>O>+$15*m*0V4$p$tODLW&FKtN9_1 z(5n2IXIGsBPO%onFUCKb36KL>BK(5?5l8L~e3ft{jZS zn4+<>o>l8E}OU+qzJClXTfBtC%@ z#Pf>KH-(poMhsq|hFqP44y5?9V<$mJd@8yn@!eGi6YG$$SJcjbH;-}j-72gkqqxy! zp^p^PD-jWnyM_GkAO7#&$4b%Cjpe(bUBeP%&v!{%^@pYM0ygY(;KAK(3?X%O8g6VL_GYZJtw`$PoNP}r_h z?0Bqv*b$f!s0cS=7$Ky~^|!;pPdu1nsP;SUtM|^~L@6yvOdhZ;d;zRw**=;*0@&k?;Eg?szGBGkm}g~@u<<2np04CD5}m>S>D6hjJ2-Dan6q5XoU8- zHhZ56Z>pEXpLR;k+mf`j#bVY;x9VFat9Z+~qDssYP6`{o$?!~ic7C>cxG~V(Cs>lx zJ7u?)f3)W?-;!{_*Raf)yR>0t>XFarKP;#Ad;f0z{MD659i4-S_krp=@p^7ZV+x!H*>ux9 z7TL{D)(C@eqj8BbtXjFl%d8pkRID=EgbDQ(s3iJ}NC#*C_EsV_oVcV5 zTBe5d(oLHrC)D#BigNx?5gWqdgSiMP}50z}f>XT~}bS&!Q1Wh81O zmjF(5XNOp;slt_Nx=AO1wo4ge-XgO(Wl}bO=;>MEz%EtJocMMOL6nN@{ZVZ{Wih~X zgk?`CsfZ=okE)34W#VnDAI2`WHgM5Nb0QbIw<|{y9b&e9=BPR>18H^$;{?{q17DV@ zw|VU6)4Ok6sa>ie`z#ZYu}t*MuX_s7o8S>dp@P&_7& z6J?)Cea+o76Q(>}{SN5+Fe9@OqZJGErz8;}g&n@)1l=7{wm`S5P8DP*P{!oTjr?cv ztDHR%vQCw(nXY6%BX;!aQ1{2fqY?}0I}FX1dkEdFRCGuGcjR1*i-Q7Tqcw^0heDei_J=fTkFM8hMg#9k-X+-I&i#+YNK3CH!>T&lWT1f*o-8DFXlO4ZsY z?4h2W=*On4!Jm_I)0=e^^^x)@1K&U;|^5O z0&<4Q3~Y?W?yD!EET2C^ztkaj$@oxbUzKO)48-Dv-4U&Qe(R#=GCG>vhqN$h%`baz=p;Zc=x4`T*C^o;?u55w@}Gp)UpzHpFla&sv8dtJCL$Aen&o$F zDp^9w+)ZDH#m$rR$|l86V4GG2)y$$9Cu|j$!9Jw6Y3^0}B0FIB%&x_-!ENYfHtqe= zoz&)gbLL#pSmWl_f0$I@Sdd%aQD{$XAZH9vrTx_x>6vl|&l@5r$pQ6*$qjsx8UQTR z5iHZvQm;f5?GaT7{Ph*oWLkow5L;73UQN@?1uD-HWPh@H^2Hps?Kf!M>epOFZ2TaH z8h$w8(E{=zYdbCQ45;p~c;nO!&ty^k_**fMsu#s$_g$#VBm7U`?EfY?v)g-m?LG7Uo5%h}@bPg+S3~T7 zX56Mo9sgiGA?c(s#GxH^1E*v~-js4cJ`lM#fU>tKX`3UN9BmB?g26MPiW7?9EupH# zNo8{q5kUiEWruWRXx`O^yl23oo1OxC_L1#>N8*XIOV6+WnJE#%i0Pc~%95=o=aDE* zvyd*=piVQfo2`htf~=;5+{r@G)#MszJi@O$I2$mWOXDzaLj zuVhkwCnIX%rWYc2IqabcS>t3FM|>WpFER7CBaVg0$&5k$X4(u$^S$JB? zo~H;!a(Nxbz@FbdhbC0%B?L;>^rm45$BA7CFq$2CKIuWeK2agr0SW)d5Wy>qU_%8x z&iU+t_IeRdC82r@DnL4jSRsTvK@PrzGq&G67}yR8*h@Ww^mJ6@fO-E7M*$P zEDhsTIkKNQ3JWIrY1|J4fkLLdaguVcHqc1|>?%qGrDP_J;)ZL5N}Wvlu$URS@Po5D zLQPPWC=1I9%$6qowL`{JhxG)RN(*aeC={Yi(x^dZi@$8Tf*%~-L7}{~hXngYiB%il z=TO5dTrK$({3R?Hxl6D#7A;ydJXO^EXI6_m4pF^p$RU4No!KR6E|YCuaowv=i$~-Q4UYsPIqb zatDMfak40sdj3rTDl>`FJ<{(e$D$3s$-L)Ol)Qam&SES>pEz^bw7>6`xn(kA6z1?Ek~ z#CkvN0p<5tkSN4mK#mKH)azR&yWwK^&?VLkW~e8Vi%Gm8jPia^GIclP74T!MHU_fuK-kSQRc_qs8XJ(G<{sHBDc7l>7&XEcSnwm0+@S!nSgL6W4Y2JBF@Id8v# zh(*@ycZQcu%RHcVR*@>u>uzWCe%szKR_O%fj{g{q&n|S#73D^=k~E+ESscG!rAl24 zGil23)W*0>&1mCb(kb;MXwWGTrK*kjuF5#y#Ygu^+|G#b2efGh|L0uvB?0Bj0uqa8 zzy+j5uEB&F)s!2W{LI;e^cx4I_b%4ufwM&j_JdbqnN2!{6$OR~yamyBEt)cAQa7?U%VjLKn8hfFtF}74!CzzCiswF2kZd(z?)W>YLtwgaD9D$VE98#reue1=Y>=}_ ztMm2~j;q_|?+L+QP1=F)!yPIsX7BL<1ghjot9jfouCQhnf(-*kvc=FdO)s&9+W(S zChi7b^}tUVmBgYl(jv)JUCm35Mi{i-1Pl=C_M3A?exuuP_2xfFqOc<} zU9NXcXSX1reJBDu99W4faahOnTR!)9T{w+`I6OBSdK@ti4|GquUn1fU73<7p2mXhf zzr#_c2fUr(yW)@hM(qB{DE{Ar5&gdo$A9QbY#siAn*TE(la+qUAoHVqmY^>$J5Z@1 z@XOOSPZ*=3fKaZ01fmd77!2x4uB8msZ&;O5`g+0V`t_uVi4ouar7%ffvlfSjC6S)V za&(z~&Q8C-{QP)+hxdb|4xI}KN64V3n1t5Xp-h7!3Nr_->6fFU3BcT&g0NL_Yk)dN zAx7;qF{5AuI~mc8F}GhBr?1rxDT%T+mWI+$41Gh_rm|`YZ!%no>byy#8|d7WIZKCo7Q$u+C0%H0KE)O?9W8+jlZe}GZi)9J z5qnxofV8^}Ls$k>bSXPh^Mmr4p>autk*TyT=T++0IC7jDh6$}Wi)5$VzB%LuLh=r+ zy*=*=5M9x4z7F-s`E=kd3M?&6`;`ze)S9sTQXT|x9@86CiW}zN-ti?%xUyPvuXfhe z)$I!|V`CVVC25|z+;vfr`w;E)c>E|hh>iK&0T}HViyRpn2|rChrSc&BKs~N)6wKYP z3+Np0#!MBWJ%9k+puf3Hc0qq7~2aZo`L*AmmA;9UikJ-MRHMYMsb{=qJf>Yjmv?L zujxhCRHdWF%-x>Es4#(9VX#@$k0P?iDLkh~I~Dn8glmh!Nw8l$YV{0Y5kDJ>*O;~* zTe}8QVhiPx*^Aao;<#JwP@sLs815>!Ld_1DX5d8$~|^|97w6UmVK6$OQlY)%zQ1`$yYnw36pHGL7=JWnHyFO^4tf9-)96 zISvAdhi|Xfr_Va6K^Njnt-Tddti29fnf-P*9&jVWttHK;ziumGjiE>lJk`F z^d4J725?-L(TA!fEjZl7RBqqALb9pH*q28q#UMp5#W*Q8D&9&Gr})q!vrv&b8RDRa zn?5qmf9g4o)>nPjY*idR+z~>9ut5b?q(Z%Nn{`~l=SA8=6{q%G>C~X=$knmQvDpGV zu<2@EqI*xXu*D1<`f)v$=1omka;xIL@?h~=U(-_c7Gl_;%nb2IPd!i5He(sPqO2yK&r(IxBk9Go<1UUFQPP4#I}=CYilxBP=8373W|Rg%q=xK#R3cTDcn zWP5aI2DCb2y0;S~qs@cbcNlmKTn1{!Dm{L^ad?Z@49k!`OR}ny*Wja>q@qbkK0aCx zrnc!m7xK8vi}o&GJxyuABj0*)H)6XcZ@%m>M(`w_;zZFZ^NH~E&77y_od8}9BE_> zHrvPxHfK9l=f+XEd-Xa2DD?-#=R|ekER@+dAp1L-d&s(2uOVKd_*I|S!G>n(gv)ca zaI1PlMWf;v=|pK~s}QRvr3cWbo_=0F0W4q)0rU`he~Nwcw->bVRJmSc1Js#(WNbIk z$kqrjfqgbwg*9aX%q|E+Bg}z z{X?9REHC}-q=MiL94tYDS5UBz4i2XVE8S@k1sM(|c<8sc`)d(YLPB!g;EyJ5SU9+^ zAMc1z7p5r{>rcDYwU&nKuJmm0FL!TXyNHMolx7CGTAG2F2yIl)Af+A1{xH7hD8Y?f z2-J5NP9&s+wfqwA`c(7wW+;~o-fRWw9g=SWE*U%ij_G$Y6@3-+=gt|~J}QgufgDH}~dqB$qxBv>4qIqNrFVqCY5 z=aEa9_if6*4rGBfwbZNc5_}|j1k6BO8 zFe7C{;;P2>l+fez`oFUFXJl{obJ)?0Had}Os2w^_Fq_f|*xe66jmQ~^qYf|=X6hPy z>qbTLWXT`=VY~@MchnBN&SZz5vH7Bkxb0mSms4u7Dv?L?U@q$?d5o(B-~R^v5qW>T z8GJK(Dc`&Jua5w9|LG1Y8h(3V{{tTRZlGJ2L-DCb(U3p{kCJw}wgUDlZ*NQ0gNUjH z6~wQb4!Rgns9Q{!&j9+Y4jh zfdOR4bf*p%3s;M$k5sl%f}~Fmu;en-76^EUg%rQi4RagAU&hMCo)SqWC~Mjx3gje^v_gPCw%VN^~Wh*{!Q>hNBXZyEEVBbUZ&)%oRWWa{PMPayS}aot>*tPK{v zJ;BL&g!WCGCI7~OecJ%b8~arPVyE?e77Qp(@Qo#m@*Kf?Gv3GUpuJbGt#hxtsI zgytvxa(y(^ZgL(`YVtQ_Hz8ovPIcR|{{575rQZ3{8n}DP9XL|0R2tq)J%WXTsj$LS zbMzF(&DLnPUu%*c!-L_WL=krcXkKX@J2nJqvxNE7Tq3Vcj9GsS*VTNxz3-u@%Ao4* z4%+e>EHQ7veYu(mm9H}z3H zha0y$DXqb1C398b8wI`caWF9jUCi8$)ZmmGG|z<&6(<|zo$%hqv;&jlPj|ITi*XFe zO*)gx1@s<~?g-M2U?7$V`&tJ)uG_oM=8MeuxgrK6@QEF8g21MKjI@WVenbfSeA^ql zfR=DXvW%Dqj&Ls-X$q13CzLjUXFi6^M+OWjC!tHuV3yb`*_Y33Xs8#nNHNG8ADSoZ zg%9!#AL~t=oUXud4M`--?AI=Y{3Xi8;ZCo8Pmw=4N02lZ8NI*#y=hSE%s$!YWnaw6+Fd}|2xMeQ$p1@{* zkeTl3`eS5_XZz-bVykyeP+wb@PNoV7OaZe>8Qt6tszvdiE%UXfe2MNEr+_UtO)4xVWu zZc4cHzL+}FhdamBsL}%$+BqrC)@vEY9Dh@XGwLn(#+^=G)B9P+NjKV@k>Y#x8PKW| z0UytJxY?C!1GLmr0G$u|R9faeW0TGwHFSHfZv9l{2PCfNdKyyGU{%_4EJ_|A?4G4S493h>8Scfvs`w>ckG# zCDRglGuX(0oN*CoKoe0h$d-@WtVwGwkd3j*jT|l!HZG!wplWVI&ql2CIEoVp8{?T91XLpIcCX%n zUtl2el*08l)B=_z_ZB~4EWv15=gIYyt>38R$T@Sk{KHIVlraX zn6ZJ-VREu6OiRvi)t+7Rbk+8NKV2QMEm+;ETDUF9jz1$N95fzOnaA9y-9xp-_gLe( z*Du?gB zx0H;39L9d9zbd8AOhC)QvwJruwHp}?;B`MXLVZvCz;qr3wHxd9fZV5EpXVMZ^rv6x zJ0q8Y|5yJB<+f>`Hk*Mz{i>;dkKE4}pzg-qj~74CPgq~MTYhMsAb8E2&=)#^H;@)D ze!I2}K_85wOT>&E5#I5A+-VZ-3&9XvPhLjt>jL26fY@6B+)zvER_y1B)|r69R^5%n zSv?znSN$5$ksAQv?*B;{AnB z>GU6!G%ql}YeU`=Ky!x%st&u#@83QDgwc2bJV{^fHKc>)9^m$v8shoMQr|ED7ARjC zn!UGPLi)Um(sIw(K9_%M(|^u3zXOY_xQL`~9XWV1Hgl9M?p&Wv+qE-jT}9FI?&uO{ zy&zG&C9z=Z9(%ik>Nf4h+V_C^2Grbs`iKA$IfXM1IQccy{Dy*pqJB~QCO~r4Z%$sI zBM34>XkNfR1%_B@UL?IH0($y&HFqiRU>qEkZduX1uy^Y6;2uHnd@cKS=z}WFYxX#v zaxK-hW^`s$Cp)1~cbaxRUwA+>It%&}?h+#Q>l2`$ef(PFT4M%>$SxCjzhrnt;!1x@ z3+)vm^r6X%UT**3Wvr zNB8~xj`}-1+Y6B-5D(NW(a>ykdtwLEq`J(uT32&xxxU%a{h)n0IUANH`_XbGfymOe zI4&~kGIM67nJ3nh(^NBHgzm7x7bU&D*hJae8asFiG8i^G`jM&vn=|u#L#0{njhENW zhK2|Rx_|cI0fs)ef3m5%?w7u_p|`2#$5@fI#^_Kk3>SIoc#vH?L_K9{UJCA29c9%W zzRpTpC`la?XDF5yx0l*D+_JIlZlQD8+ICbNi+^3Uu{JD$rJ2t5?B=Y>&YITNq{VrE z1%3Qf#Y*+Bt2}_jwf3#E%ku*^a@?db>~u_snsh?;xniQ8l|9%B5zyolneLAeOc@JP zUq^U`xDCM-N6((k35ppyc3@oQ1=;jj?4Wg1Jc|@rE+!LTJT`@Nsk&a&-ostBo%1|g z`$Q9~>2J4+ zw&V2_(tRxJql)E}WASOFjn#P#JUh~*gVXi3Atibv>!d%^tJijq9^qjkE{7I0Q$#bY z>)_xdza}})O~dF;fYwNC_LcQW=5(GVM&Q02kpHAc%*G-M4rqS3TV4#llX4y`z}l5q zj#|W3C0JJ&Cz4vs&yVc_yPw3Z@IzW8ZGw({xP}bESZ8AQGmU9cVvedp)tkI)JfZh6 zBgdkFm^;O89K4U$-<%#pe{CgM4WWwL;sewAK?Cj)*77lwrUE<^AuH!N*^S?8{PM|u z>eR`(&B_~3tXKA+%-WF1zEjJ%cQJqGS-Otz)cPJ<#V7-6N6iD z`Y3V$nAZzimk9-}#c|LFPwJCtjrA~kS?r_50E|N#5T&>cK=F6&0jrS@G;Kb*2wC0y zptBYzRDa6>mA7-5ojmTHG;ssKO-i5QXXGuK>O_QLV(n$pC}|=JEs2@ffWOUO$OW&n z>z1;;cZQeZrJ?&^a!YfOiASQ^w|!2!wTy6?XY)z5zz#lZ?$W~z#w60S=7M149M)5r z_7U^Cvp=s4HJeZ7EA++hup)M+Z_<&tRGrP7FngLH2v+MiGnvm?2xE@zHw++99vFI2 zmdj9Hwa!ORy0V~yn^W4Xi^a!y5}3CU+XjUMCny%Q#0XschteA_1*TI4jOH4{a>pgo?k=7z#Q`F8gqdT{7Sj>|sU~GyT9~dW z>EcZf+YnqlGFJD(2t*ScmdquhS}Xl^_@2S9DpPgXT}wr*by1=JR!R~#){x?%`eMkXKKF%mxIAVRQUqCIGb3q4D% zWA=zY7CI^ezfkf?Cnl@KC!19Q{u+@d?Mq;8G<_ms60Wt(TeqHm2nf(&-sEZ4RM@!w zA#_)VuR9KFHnY^|c!r;x6#mGNCpZF5o}45D=#&P4L%=7CoM#F#+b{y+l(w${kw=7; zCs`JLnTdy)7e$}O3k6-G=MhiWC6uN^BE=iR^&*Z?@(19r%d7vvh`gkfNebR9EoNw^ zihi^mcJg7gI~iwI1Wt_3@k8%Sc-yF!=kqhG_cNgPGr_N0c=LmqI(P@ccLxrLJGn=T zLrUb?pT&=sdziX57m}fv)MIOj!7)EAXN7L7RG%_(7Tg9@(d!ceV;{Po|2-=2BQ(#Of3`aa>4g$P zLml9+3zOfIKQKigbG4v9^58*4R2EgIK(n)kPx>c#{~{(6j%a4*DE@B3 z90XY&6uTJ|l%YFdk$e7Lg7k9)d}w`6#_8%n8{iLNefx`${VZU)04CM5esE)*7cxH# zzT`N7S>c|p2hVVy>)C6=w-4qM3UbQ=HLYzKOes(S$8EqeAr4QZ@>+;7;YzeKYwP7o<9TS}3 zBc{FI>p@LSdrQDH6jcO2N1*?5E95;Q4MEapvcm5o3z6#k+-s? zQqXiEQFxNWv4M&999aR3dQ_ynYi!80{pxlUr2WZhAgYE?n||eXR3&``S+KToA3Oap zZr~@q9c=JC!%{EcIRIb%pf{i<`G^hlP>yz3#|B)qgF=%dDAa>6)X7tq`NU^d^)Hnu zD37~EFZal9(N8xB#C@`Rrb3b0a>UjiY{8u`Cn%{X67khRth>_Z&-By<Ut9{dIB zJnWPhexKv|wR4vjEjmUU(SO3<8s<_F;bH-qw5PB?7d{wgv3`TK-llQd*KT;oe~s&k zi^8tJE?Vm!S4~(XeKh(ggQAW*Xmgiyy!x>?s7T8NrsQz3i7+D4bHnNK z^8;@F+Igz{OQdJUajY(rz0X1){a4yywm9H*71Hw^`!jgP&utmO)P$e&tIU_1jJrEv zPeM~Yuz+7I>j_cc_mJo7rt?RaZ-mn#XM-%f!9^Y)IGEpxb;1(O{f(^R`yolt3g~hG|xTj zi@=?HWS&9AJ>-i}S$hB;QFO21z_Njb(KhbGO&zIzeW{^KHh9-vFRnnXZP#B|Meif8 z8Hw0>*xB4Xp*|{(4n!nXJY=kKi9Mt;)kKBbKV_;*1D(^^+Wcigt?V7(ZlQr?x@Ub| zcZULAdU7*2A|+7h)A+YumEm7Of!_Lq^%owI ztc?K0%ZSru^YCLF#ssh;hiF0!JnI2&;}-F9=J9IIZzFu*S-jaUKCJu@`~uQl@6fYY zmy~u-^dFKEf;#}E4<{3RN7Zui0fl`5H**S zdm5V0Epq?8z-RA^oqFH2}Wj+93Gh}zkq`kc2%`_3H{pA0E#k8w#AV!aaN zk~!c>addbkFlI9=k4Uv+`V03n?@Xs!`(*0VtWIy=QJy*xdk28K8&dvdB5w)IH~tP3 zGUq;aJxg23utf~wLnw~Z+yn1Ucj2KY|7<73`~_~ZcL!_>?7N;t0&4LGkuQ^bl?4Re zF2bzkU>gY62Oe&T+#`kQfR9slD`Gsgcn!f53fJw z7mUguXySd{zz0(4Z5b+NAFNr13KF?WGIaq(_e$QC-?OVl-W?lsx0g1BULA$UW^Y43 z{G`1u1;+31^6+m6W>O!$#a&*Zj`!InRT1t`xKYTVP$)Un3NZAN4Pb7H=}rr`&+#AR z^Ky-C5@tMleJfWODq)R0kSWZX)lU+SG7!}=rkCw zLOMYVy-vF5axEOMgPc69+L4id&J#En(IXT-;$nWO2k`XS!B5s6+3BM+7Zq=V4kNnp z_ProDM)lA-iVWj<%Obe}s6q|_ZW{Rb(L6-v@38mghO)l_StTI%wue76^ocou(5_T0 z|5D%{(7lX5XYpMkS(5&&5Uu#Wsa8nB2V_54T6(RJJCR|G^zzThpQ;zF|FQKbClQxc z7?Y#yI=^?u*CnEg^7=@ai9&wh2))|QQ|l`m}PYS-NR{*f348EZ%#^6zq*nO73{G&(_ zI+G-^ND(<(Mm_9g45>nO+bY10n3-geKcqn?kDmeUOQNen0O&|@(iPd78Mb!gN{LCH zGW9Kz_?k7x5JZpiRlo)>Jm!m8g851aLy%UD;sn;6FcF+oWdi64VH2WGdjwq^9`E_; zEtom_JcBoR(4{27ubr*o$5Gj6?sX&YjTa%MFTL9?2|6&uj&v1(aqm1u7exLm zGEomdu{-=hirBbvJQ77-8PaW7=wxmbndgK=Ucg`D{Hs+z0<6dNG2~+WRNbLmC}jsg zBd%ouGs)G86k_xdMy8WxW4h(+^3|Y=27MolI<&Qh%`B!{?eww31QnJqrn+&1zphKSbS;F;E=jCZE;eIzCDRkI+!6bkKm0p zQu^~szSk_Mm z|50j7$T6#UmUwnTN8#geEpi53BmYr>c;RJ*gdsvnp_B+}WOdql0i)tkVZurw+UAsa zEkcL#QDZ_`6m^<<5u;zD9Py8YshShw)d+10MuDTsgsPENC~L&^>PC^H%*#*-WZ_y= z^~y$>qt1jYkyhyL^`mg{*j35ItPz{UcPR0h!Y&b;g!8lxm7}x?o_cI)YQa)fgrq9; z$dy6i%9MkY$Og&Kb(BGB$pTdY_y(wubrHd8Bmz|m1S;tWm0DrS1cMbQ2B;8qP=R5} z)Pt0W2FXx$<3Vai0##51D#Zwud|}GugOpH&D&Yu~N@2>RgOun7$`Eyw!D^raRRRPm z@d%Y{VQR$!RSX0wZ3vYDVagPPln4f>P<0VOYC{553HS!dkagq1YN!HL5(Fy#2$gbS z%EW_|Xa>m;brRnXr5&t5Fi?i7g9=g$7N{a5P^m+x6bk!m>Cl8K!3dQKVaoV}l;3Oo z-%IBT`|BqG5vb%NREquIrAGkNb)wwFB&vDpaf0i@ynVq(o>^%_si=X`$O(>!Mgrz5 z%J6U~(}B?@d-VgL4}b!wAP2uf?=p;w(w3f}l939+HuwD=Ca(&m+;lXU{{s3;1_{O!cox*S|WI|AqMD|G8KEQ*RZm_}!DJhvKunwLaDFw27!6mRb!*83yE_ zNKZQ1=FLa%MNd%}l~7G$Y5GTz6e*Y_;RX1Q{5iWd5nD;!+Vp$p33uuVm-qX}$cin% z@eNZTk5uVgBqj?-<~x!JqnLrl@Q)h!)yWAr@`Ly&&}|wCHHput9GD}n<3VFcDkK%q zBG%;8)x0sYkazFG_!P#`0;=AWTrZvkGj-=W=WM8jW{L z!cCMzKU4LALM!W?^FA1`7(#*3 zk=s3H2|7Q|R>gxHeEGaTNJJMBEvzA@sr-a?Qg1M$Ot6un`S`$aZ;$rI--_?0Ybcz^ zF>DKPCe{!QWES?t3MjBeu)v24Uk3aIn=hS(Um~4@Ukytt8^=}>h%r0{H!li6E%z#1 zR5z##z^pk8;?8`h07ys=2@-}K0YD$@=4XQ>k>Co|Qn1XibX->S1X>r{qgf1e;vuI2 z30yGmRN6s0!kL)sD&4)n%s!XixyGDsBbM|h25i6Km66zWUF@hxag?i{V!ll(>>#Qp zh^{iu5nSTiV#sQQy?q@gG70)pt)6RZJhU7Mx|!egOd>NRS9; z@#aj4Ut8|CTf#TUQ=9iiq4`A zxkhErOXXL{%)t>SV*_X6p_D)_S33K<_qF@Xd-nbJr|ov&IZ~Eh?fe>Mb*(F8Xa)m~GfgNtkW8o6=y5u$SndtFRWzEjQv0`YkXb zFUl0 zj_T?=#gm)H;B}xInCe=rB_Wzxiz%?14By7A8YzV&Q1fVMa>KaZ)Z#;5mIkv$ash`D zmF(F$pa9O|c!s+epQF(;Js=IFp#*BJ&hofL2@7Yr3e{;yIpyYq9qGuigIPF(vG+;)$gxKw1wA2ITDdw+i)XcXs!T;xOlp8w$tg09gS%{edquY~rLj_JvP;q<)E>j-N{{To@^dbs{ddavkI0GgqG&`p zcToe?iKe4Ey8%sAS)RzI@h58VC3ZsNBCXE2DQTDq!&jo{$p^OcTN=k7GsRHVg%i$2 zM(SAkk5ZDsL~BKU8$>yE4T+`VsWTZ$k;7T-YL$WLv%lfuCSzd7n4C=5lJ&6|>@$vS zV*R8DGjWqi9B`&g$6B(9Y@}$5AQWp{8GH~D!IPN=>v(i{uiTQv!Rlhrx7ZO(hi zXFJAR95bG?Q*ufa3!Qbv4^Zh@Z!1NZe!EU67nZrqV=6056>$#!9qS$*=eI`&YrobVwh>@T1`7&c&n^}cqO?a zc}AgKYAEZzwV_DCTv4hJDRbF!DP6=2S2Wuw{lGuMq&}@5L@(M?V&_HEw;ffq&{*xe=s9aBz2 zq7yENJp#*xmkZqlHw%sYDUKymEbm9;^X_hh?Oxa?w?r8~GhG1Iwe1X;y`LEQ&PDAw zmW$SwuM~k7*0}w;w`e2-lr38TpQL&x=dP6i+i0`Czn?+Yn{3LKOHBB|s>WvKr+-Hk zb&ga7vela1AvtA`C-GZV3ZZT3W8sq zuCQp^k~=zDq`M5@vRN(7}0d&ah0h!avV48Uf$<{K#tw z3w-fgU>9B{^>7W!)X?R-ce_skZ9E*&1iOPa>*@@;$P->RckLzcLa5aUMI`G9BOv~< zo+vcI^c=LYjo2;Q`^e+AFbc~Y<>@jUozJE`9#8h%J=8)?Y6w_{zTF_+4c0giAD5D3A}#n#hr>IqLB0DnF|O3hw&wW@96+E+UXH z_+c0~9obGcIT>?x6DjtIrQT`YvGCqn-=l>7){G}LJjRB zB!8q=%f?5LpE$6m7IWSYlHa+aa{GDU|G`J9$*$-<;`{KF0y=lPM*l2gQ8gsIl~lfn z-LtjQ2`MTs+gO~@_|h=vf2T$#*Ayolv-jfLK!5RRZZx`xO$&E6;`GMvA+eM|8QtuU zYH+921W7e))$PyxteekGhLt$&dtS?2w>h95cl?ONqqJL~&zwX@9s@&1Y1IQ`F! zOHR;~{cfQd`C9NyrIDa0llw_-_Hz{IJaHJDKOx~fkR&?oh0c1#*uEoj;}`!yB>eEt zLPTUp5oBHIKT^YPCLE2$%VF@GoQ}tTJ{@g%eY{`6^e|bOh~s1lV*=D7>?bY5b}K?a zG3=>_>jn{AHl)E+3}!8wn=FQd>c^-^n zXh=s#CoUZ^&P*Kl*9zdeUa@X|Z!5H`zu>>@T@m-UEKN2702lF@< zY@#m+-YkQGYx^H~1n`Ql#Wh3`OCABEor23?qvp)(52P!Q{Wc+;vFzH}i}u(fWv%+@Quw=R5nInz-Zb?c;8R z7Mo;r`fFG8L7#6*QtniCcbg>pBzd^Yce{tnK-T7_MHr?`JGNGBYpWc|gr)KjHM1f- z|L$%@mS7E{a+o3@G7TN0z!_Qm+v2tZm@X;sJHnOztt|}8e;nmfwl=2!E6f%CG2ACr zdj&R*#}9#=1~j2@kw6mxT7!~=!76|cJt1WA*) z8FyHx#YtNYN+)0 z)F`$DbaY-NkQu(gUfJCBBDx$(1<{mF#8ta^&pdE<#Olpb<(Pt6(q6mJM5Idd*1~G0 zJ!jiYm?^ds(0%-oFx}ARkm64^mucA#PQeL#J9zEq4uMQXVrkoGC<@Jxg6C?%y%iay zTYKQr{Mk6cy>aR( z+{fI5&Qt{}O3vur+NB&{WB9FChcx3L%}1V-XAY}s3`mF()-oplsBwaU_6-&@K5beU zU;zOfpqB2t?#dUsFPTRejzc_}Kz8Qq5a3;cR!En@4qE^>8v?G~|HET&ZG2^~vA|F- zi2R<$ma_|@?ub%oWsnVeC|T`mB_UC>yg7EDWZ4ezfvy6NfV;^cQCj7TWI26 zc!B+uWB-|Q{~Mf$R+&=8Rz~^iA~s5(1CgMhX(TLG16ERyM}$^6lnexHluLSJhZJOB znw&KXQ2I*z1h%<(v5(1fh!I7%X}3QZj>cxS*=(IFJaOxEJ&q3=1M%41dUp2hdEf4O z-WnVD>i&T1h2V+VBixp=qY42?L9H4@=(qka%HA(9BZWLn&IdLG z-Glo&7+3Y~xxBi@{D?n)0ISRMQ3reG!5#z ze$7XLSWd7$>^lq4{<=@(&uU&sN#|L&+Y3pyAe7xb54?)Ac1UYWriA1&HGVZ%yZyU+g z&SB;zG;^tCcj1j2dh^7`;<~g)TV1e!pC&W|6#ry7+Y7KbjTcXqzwFUZzFb#(V27NoL6dmtS!FE+TW7KG4SWTY51+!EsDfCdri@?q z*HRhO`;o@(*CSdf3Y|^e$`pSg<;0cn3{H1ag`-l$AF}eY78SnmzV!8SZ=Sv34Oped zRxnRFKQeq@oP6Ea3T-eI%vZc-rNYA^4Z@h5d|mk+R(GHqaCne5!Ni}+eNOl3uP`61 ziaO-H0hLQ)*JLQ@fq9LXe8T$GZ$SOCv}6WmMpdCik-%`0f%z~3V@#r8`OP_?tRB!5 zykM(j{Yr_u5ZO^r>j=oYJi!g3Y7uxue~!|t_ACY&6BAE54zYhhDx{zMSq*=&pIWvr z8@g#a#43LhO`BB^WAr;`9s~o5$t73o1Z!j_unBrI-wt~Pk~~EX4)kimsM>qESu@$J zi{>VV8KO)N%qc6vOGrjeZ7`X2Dhgv$MwTFdc6mGauIuG`+-cy@z4I`3UdtiB8X0^G zkb9=1zJ@X7j>ZW6j#&^t)%4z_k{NoQ?4CmJIrQEqW3J7*pLcw2lw@fbebx7c^a=)} zJ_;dlEA&rrhA*=?T>W0xOD5=UFf1U;ds**6xe4>A+c@s|xG~c%);TyC>f&IRm#j-! zfc)lXXM3sJzXb5UxZk_!!wydrA_+h~Uh{fa<0)_p5yHY3NPLjr5qFN-c|TSOfB2J& z^~8>rT@`|clt1beU=(~Ssq(KXeRxB4tJ&xm}Y_JZo66s(P`6nRK9~oE-dIZUofEx*0)HG(*(eGGjhZGbo2svGk^zt^GFOn6nyhylz9`iue&Xd z;mPUtTh0yTnlZ>tJF@hU-Xc1mgqb8pYA?BFXi(VP@cMyghu5nf#}Z3K0i#3C`H2R1&zxk-0g^ax!3h91-i|ooq|8m`KVJI5-H7{GjB~@^VW2-EbQRwZ$(+R( zE?mMZdEDZJ5Ze8CaJ;Eo!SZ}Or{Jya@gUs6jsbzccqU087e-S>M)&$dWn|%vnK54T(c+?yb!p~I_*yJJiR(U+o+cIsr*lxasWs{iSq@4)Z1xL<2491o6@Lg6|y4bS`aBa9ddToSzcG#OJ9?CVu;BnM@xO)C{B_1t7h!ze0`DTs2J><)3 zKmI{X3JZ93V8tw@f}4C*HETTY(b!^ZYj3t@Lm~Nsl$@NKAK3uoEWISD;E$BVeTfYu z$-nz7MWrroURs2Mk-yD^HDbl!G6U0Ho4BjT;tIR97rE%UW;o!af)Ml)l#{<`nGdB3 zZiEw`1BXq~Qy2YOxZ^wR^AkCUFIE?FMKA;JWk1B20nh3-1aUq{O4I;ua9k^~F0M40g2jdIDvlc>E#}7dl558g<5Q7p& zX`{BQ>~=s6niuRZO#5^s8rw@Wk?L&rJmHU!5YJy=)3(kz-I{i_ZgCXp2CucZLXYJxpY}nXs+8Fp}5Aj5+@td2|?ZG>ehV2lsBU|-4!LbP8$ zPtfwaJ&^xQ3ztn#IE!!#mO6}U(6yMo)mB-X#U(qpyw%NuXq$C`<}9ik)_(ZGqd6VA z)1i&@wyacb=#Re&5%#f#NZoaWc{CusV+3+F*%IOSm;h)MgJ*>rzAYn@=Zh08=y>M% z>n@$tx0kUp24FC8O6wAB5zQ2M3QIBy5RQXV=kYVa+!-IP^qg5 zu;~ou%Gegus6wMlqaW_I1@Bedk<{jDaxeda@?ahi=`7VUJp5aJZNDk#p5#re=_O?RP$+X%~$>f8-A_cPo7Z5SP4)?^T%%$|?p;K>|X4*<5 z#X};3gP|cQqoE<83*U^@4kRpE&dw8ZjsBF(>h$WA$dEymlPh(*nwc_lz1(bX{d#{p z(F1DPj{t?|)Q$Fx<`&P|72GqF9%uuVLbm502E!Dfr)ZyROQRW)2yRO|CZQwV=SM5W zvnNpvTtzyGi$EcB$awpC(5I1gun!7N$SogpheFR;hchZ=k4)%rA*HRIVlOfTjgj0H2Z4ANK+$ZXCmSo{t>uIlGRXux4%1V!k+ zF91swWjt-7j_2-z;DD(pIH>1SSQ-{G^FFq&D@}w=iB~u1R}W} zXH{qqc+b)L{(q$;orcuc4w^6KFzU4|9M?x+QRRwpGmpXsf{Gt zykNRti6op)-OAsEJGSD-DXM4-7l|(e35+>L{ji#MJr&^@=UziS=VOl z6b9RqM7KsQflub5^=D#qOywKf_Om5j=LUu?#bA`23F`pq0aWY+);9no5Wf?OXR`p6 z;I%s*N5*Q%r|}#jR74}MrKZU?UlieFO#*1>Hgv^Zo$!fYwXUA zGDmTLS!A``iAiOGYok}DxGOU$`Vni8DgxVJE~yG%&J6I{0)%l3FKAmV3IRR^jB;#y z9-N0wor&oS2-j~}x5eGANZJ(oJJDmZ@Ba={cs8bszPZTs?WF_Xx$EVfrq}d_7-L(L zJq^T~q8Sl--z%G#AHa7(pORkwn$hamu|xe4mw?||b?t7Ze`lQ$uysJ*K6ICP)*09Z zQmr1yemgI#;Bxx;7hY=74}5#T^>$K>r!J|A%OaI1CW&vgR+e(w;EXYbj8>l#+Zp+q zNOd3=qKZ9WnW8Ske*@gU6(}}R&dJ1koi0VA-xJz3P2Wd7;FC3NGPqqjElS@GR$Yle zy&nA>sy`ORI!&JxyzdceO&1s!g|QU)t|mQ%G|4D=&|yD%;aM1G(1JOOVo)O5w13Tv z`P{SWF8Wm?S)B=FNZx{10q6j~-+a8^epax>P#XDwEJg^NQ4_pShVe37TV?j-4{&5| z;XQTA53%38Qz;NpDCcOuw5$9Rtti#M72gU^(NhK~40?mzup^`UX+3RbA_9UzjkhI! z*$lbG19@krL_OyeZqk64Qdh806@Miv@pNuRS7-|l|9sE0_g3|G54v<;luDlN=i-ez zVkvvhw7f&C(jSxNM;GwFBV&+9Z4Z~!7R0A7B`@d~W>1SS&)f14CmVoJEf<^5ri_$i zfk|~iQ2EG(3wJ8fdymy6H9mS?tU6Jpuvaoj9~ zE(PFG-pX_F^u2*UsUm02*f5Jy7{p=By`O~!eiZ!i%zE7WjVnhqamJ=o?L_*g3P}#? z2A0@&I$$l}i5YqHKKtg!N>Hx(eJ%pI0lwwuza|OZ)FmsU-zl==+XU`^2g3d#MgH4Q z+c-UR=K|2wq+J1C&Ve+f8@~%K4|}92{8yR(n{d7s(p*5Hkm0uYGuFF+ zjg6On1NmHtH%pPOC*WQu&!`K5I8cljhYy-0x^#02RvoH8 zPQ*6H;ZD0R3Mp{RzL88{gI~1|Mkue!3cYxOQJpjKhm_%>vhq!}@+>1*l%z`1R0%PQ z^halhv7CxTWu(ZWe3K=`FLH^pr7C4(Be7ML(D6W9<>3k%HXQU~2Py(KXPM+bk!{;B zBog`(^JpxSjM=BeKiWrkC(j_6<<#d7t4*uPa0!bNC3DOL7^ME>7*ly)a{3(SFX)TA z1oaX(l48UEUQ3=RvBf*Fa>-F@vmQ&N-jITGf_`g@r0+>B2K_xo1{lT6TwtW`Sb;bw zWv=26&6lMfeCMLCUCuO}U(lPrr@|4cs!TEH0OGa}kI{t+RtfSt`23*Q*dr;R#FRQH;iMdLnl9jG6+mpZ>TsQ4U5H(&i%_G_A3!yI0_WBn`e34}dF=G@bK zf4|U8LdTbO?R%O|+#vE6G4(j!HWi_Gfp&6V{DyFv@71vvW;_{Xqo7llOaB3yE}-ALIB zQqo@qX7=$xa-8kL+?yR2pZJGl)_eG5cLAa}Y{gpKK@sBOO6+sdvUo4zQ>inq2ziC< zfBHnqQ#P%o7}tTr?*pT#CQ1~U#}o=%Av{y_*-;)BhCpusBaHN1H~pH8miqCLohL{C z!aG#e+-p8O`|&T$8|ifOW|VL3Et>Dy>;Hb+{sF)I_ig)EpX9%Vw?d*7zU`Hfgw2|9 zs=;A(`RDC|bOq4Rg!@s4a28Y2#1;9n2nqUxBB*^|j_7$N`=-3Q3FUyC$l#)hDTW}u zoYJ+?HBlgN?WT1(8Ma;>mlqW`!Sj1r(_4BNEomz^bFe&v>s=yg0bM^af1H?5-R?XZ zivkgA;F4|?$V$qITT!eIQ1$SnFjqnq_Lezg@xyzUVq^4+n1>MN<2QZJLa{4!)?dC4 z3kj7Xl>AZhU2C6wfB*Nxv;ObZ`2RTkzXbpPL$s+{)kXIJi9_Vn|kL%CR=uPs|u-P zIe7kedgn=&*QH1AQ`YL&`wOQ3kM~_sObDH(P5T2@TSxP;7|zfwas8nX0x~Y{KcT@) z2r->V1F7Cd0}&Fk?MD=3!>QD=vQCz$xio)=&Fjf?*XsU3eR695*Sr+qmEi1y_&4#v4p& z(39q%Wt8s8R*UCst9mT`s(~7`=x9tc_${R7rGa7L02pKV&?TxzfObW6qqGi^+Ewv8 zEpM`dVY*uC4F6heZEv1gh0w8$==#THF){-}QfeD6CHg9vaom(aGMPRd2*yoIvOIXs zZ7Y%Pa+CuphQW}~8F`b#iA+xcY$XqzSVGg&Jz$i*K@H^GeHH{AWCw^`s5VMN)Rx)XH{Wv zMC^ix=^46e8gQpx$#sN15(0Z@ zMwj+7(L+H2Cb+LxU(n65{kqW-UW|x0o8_?meN&b^A=zs>+h+#(=|wsL+8(x(d%bWK6bky!fCYB zWC9&&_U2{Zg>>6=n(tJi--C?i3`q3G z;v1fCiVk6@e|We#WC_*U8|HkCC&g8G$~u0=wIch%`lSwkp;S$5cPp{&qH*-WV8sch zQ1I7Li4a3D{0+%{AnxnoPu3Cm`F9klGZdQLpSM%MX-;O-Oo*z1lg1kBX9Jk8A?b5E z`3)}aFfD~aT#VK{uSQH7z6|2yH5YkYerla7lpiTkUTyc{MZ}}CzZ{h7zUY}Y%ZHYb zLBl(dRy8kAGJt+V?WoSg>6GRdP-C92c4Op0hl?Xn>gi9QfC-A&sOtr1FUY+;+YDFK za0ItK=K1-(BB~*33|*QU&SQKTR>INxXr+Hs_}s2w6J_6B^QeF9n*W0s@BfH|{}BXZ z6lLT#zLo2eII*-r=?T&G0MK9=h~*GN@XEyC@&4f?&HFtPt^Em&qAdb1T6{!g2=73b z@7a;RWe|u|h9Kk2Tz4|lIU41@2nc}B^N#xlQlZ%^5n!m+)f?+&>ypn)!8(!4m)tKS z6q#*yS8EN1< z!ugeoWtR`OF=2pVGKEjKk2-oiqW7=t_=1l%-TIC6wEv^Q70drsc9gZVHTjSKMYZbp zBv1_P%bEy}D<#qJM$0A&iH%Gg$ZBpxQ!pAM8aN54cx7Emdr+Xw=u$Sc#ZT}n?$a7y zE8Vr^quWo=>{aFOvzRltk5@YdW8pRvH%H^!_T|ZT&+NvN>(hx}?-z0(nW{=x01L9^ zwhEJfBh5mZq65MSDQCpfx3c3jIQrE=K_H@XnT#@fAn}yAvTQ#&x(_F<7`@v;WY(vA ze^nq?D7~3VtI@%?<q=Y_7W&{Zrc0P^#^%GMLH&66~Oxc8?_Y_7v@KvmV8Y+uuw3Q}+O{c}MD_y?LIWvZngE7f@ z+TQ_rdE@Z0vq)uZ(cF_Lo?1Tv3{4!3GXRgK%|}Md*#fy0%rSPKJ)1Zu=yi_05y3h^ z>NMD31pgOfnaN#^3TmoLJ2d1Y$cV8&C&B^Lr~qE#f(1A%-l~G4{BfCnf)TVstVxx< zcQh`{kG-}CIg7^k)!f>eh>XSci)}vcQGoYIe*T1lP?o{ej{ZtR)9l9YMy;c^7@EO+ z-1cEb0~23jJv@9mJ-w-vTg9GnV*9YY`yP~NgCWA50h*kmycx#BTraqYU20JiJpEqm z*tY^I@+M80HCH-5*>Pub`Sv#qP?PmM!cds0yk~dsk^N8Ar)2e_=0+PBGqR96Eibs? z)Pe@u*qUx>uV2*d69bhE+dsNx!JUgQ#y!r)9f9O{5#H>@2pDVzlHl}u3X&?D`+5uq zCx2O&J6idg(&tt(4h7;LTXr6v)mUVVrAYopU*NSxO=1q!>xOGLJ1YIFSCNnXp!~bu zxiH6L{zK^QF;&i#MK*2*gX(=F{xB1MIOHy-v88}DWH%gvl zoS@(UcR|QKX`NmWxOX>AxQ%&K3oH529*=2uq!y}^y#)mkX9EecWTyT3y5 z&CTpB-5Zcu;LY2Pt^Q`6ep1LS_4R+P%qI5SDZW9D{rs1&2&&63;HmFGfeZ6brSw1W zfBz$a{Cn2=pW#AH#$M^a{6#kI$r);k(aHeIQ1W>)hKm@~x1>l5tBT@DiABST$a;f? zU5ONI9>XA?Uj@&NPNCSCwpFkkYsjakWw@BJxT%+$og!}B`|TXWfY|uefbl7xlN_(h z_8qRL&Xeu;_gRh|(9`}=8XV+Ddnff_Q{mvHQbDoaNMJnVg*-?d&OiN0oX4Wd=Ap`$ zL&B(-e+=?@=re*N$rNEkh0TZo zpQTUzVBfJb0lWbjcy)rl#VQEOkhz7fYN9tcm|DAf4osCsN5EO(6t*`dV6)w(oTetT zfgt45|6npHxe%wf%5-8Ez@0Lk_7<<{S+9pp&E~N)Mb9F2AF`KphVFmMPdHd1f0VzhPwgnODVjyZ zW??pdEa@Zhx1W-b#24NM-08Bdl4sZsu!}jR;f`-w|FC(~G9+Euw3?$vDKg-3H8&q* zC%#y$1J^>Aw&0A54zz&RIAopL1&8-QV_iEX|6ZtbXC>e%Ho(AS?F#3D$DA+RL-AzO z9+|}XhCN_(7q7XuiGo$znsK&=v~adDV0%b0&a2LevSx8HQ^%USD))342Ond_L{aAJ zpX&%PI91M(QynVr?;z_vPS7q+a(fj(v`s;XEb0>A{ z!+K(OsrU{ru#!qdCDKm@Q)r50riP^aqU_d&B*f_O(TDaXE+Z|j1o~l`;P^pCTM+&<7BJJ~u<@O{l+`i9c1QHRMMcPd1eZ%$kB*+8@#N$!otT{`m z4qD7cOCBYvp|Z$FyASL0T#}o1vI~eY1%pN**8}r@?JsLhp{rGp9Ul z!GQA5T7_n)RhcExsDcKdC*B{>bbWVRe?sWz%IF8)2AL=OWXxB0kL9*p*sF5I@;Eyx zo-Ndklj(e-Mwo88!8M06P+`?+r&gy)-3jj~EM^k;RGaL2biw9GfUcJw?#z)h7Vbr? zsn(leIy0=UUn{wY_4-Cz;!^kQ-WlG(tus;sQa0a$1Ekx=3^8!qxE{s5Yg(H= zyQRn-3(`+A!q0-~HX*GeSvGXH!X_nMT^~wMk6PEs52deAy?!N`>~9v#x4D9yzbjU< z>-3;}`Mvr9l5p1 z>5ruWyLaGo?xkqHDzTtU;=i2K?UjR7<@2R3c8iV%HJHe0@CM<>jvNgV?v}0RwZ87--bGp2#2&EOmQA8D52Fvs04&gU+B-1p<*7~dayQ#GpDm+@Jog2D6oNI&$~TRos5E$fKE6+-=zW!3vNGFd=rh&ct2v<|w$q`~_^3 z4uiBB9#)N_f_X-w9_#kypmht~H%{*hXqS}rZ}!Dsg~qAw7b+6pd?r~+w(26|mBu@{ z=a($*&Qk7Q8v5OW$VSdmLnLhUty6`3l4?T?i%@}_qGsO85&+jEppaXSRfd~L}F?s`zO%wnF+WC%g{o@6*6Po_!4@p#P`t^W(go0$9utB1p_ zIB4Ykf=pr3Bl`S1eL?Mb!kid8MW7d_i0T9CTpY_jj|4Uv!-7mfV`Kb|s5PWyPhHTO zK&q_pSP$hG;=Rx-RmZ~{x&X&zHl=13LATP}D#EL&`-Yr&kI4HtJ@?~tbK;3BE(|ex z3l%j<-fINWH8xC79_$X)BR=S}0~9kV|0D7*DG*0~)&i}=BGlW89u72aNzrSY>|9dm=|E_}hzA?@w63!-$2F`Yl|Gqi@)eZcH zV|{H=)El-^nw06(0ZkSG{$NzfwCef9%H~iB@^sCSQfm~j+G`DLz%|Rtwhr>aouHKbiZQ*bu-Tcv&~_eYk2wVcP%k&IS#`-z zAtpY@+n&y#hr(VE9P*fAgD^QM7?sJLhNjS=W3XC@>WrbD2oFq^y=W{ia9uEi;vo#q zHx+WPw-sts7-_;yv>BMIM)NG5y4ktx?D=3owI?fG6t(0mMR6BBL|D(Cwx(^U+=0!|vPSN_ zR~ZZh1R&5pd0-mGsORd7^s&Dw`yMPtay0ZVNU4ArddcxUd1q2wy=ik1F^+OxJaFqi z*cMKe!#(0(Fk4iwSOs4VW7vXmr2)3T`*|6KyH?wRXR&5fsZs9Nr}OEja@JXWQMYxP2>sBk7)Ns4Cfah{*wWql(-ZnPPA-Ni zi%ZxnQMSnRCEQ#*M!NK1@$M#*n%mafS@#s4&~t{;qw>7RVzgj{9|)%*BT3$dGDQjS zqyIUi7}wD}YA1nsIp8q}qSE5#xGSk5)xDx9?fZQkTl`szyQfJOjGq%?L7_zS%(o1#^l82g+@!_{RqQ3#1#g4@qs0$UC(8Z-BE~`t+(VJOGgo<|r9I*% zzUxJH6V$gN{`q$5jDLzkr9?l032y7Rp$8>(`kC~}^g~a3vsEHWs#SCa`4vX2#opT% zl(K~@l6fT5C2Mnt1<^GCuaMyym5ke&Z-oYAQFCtrQB`g#3T>mI^v9~w76#7vaN|at z$g@F6en&(8927CW{X-!Lm%Na;9G|Y1a05l!H<9J4*tWY!2c;G{yP|Iym+CmqVth%L<8dbu|U}+*7i{t zund$?G%1HN?ZF$Qtq+u0t69SPF;d9I68p(47Rk2~OKjFlv=+L_bi`pTtd%xHFQq!Z z!P?J-Pv{TN%PDozp)mr#y@LZArz^gbt+#C-wd?mUdOpZJ{IADG4>|D6(ISsp)~lrB z58v~CNM-LiMD(~y_klPVZ}H)Xiwu%Z68e}$ zFNxBK84cSsOJruNhPo(~KWzQv%cID44kyljyAb@0PoU@$ZoN+8{ z^qnI~HSX%%GYRs>5oy)oJD3WH*lboq4KE1+6S7~djvzZqdB;C~!J9m+fvK#S#mKLS z|NX73+5czFncId89~ZEv>`BK+(MGwSe$zKDO@qxjc3hV;gLO7{s9eyGaY;m}#pfOw z6M2O?hDT!#mAfQ&#**Sok;#5P&dUN{f(D;#LZ>T3pg#?eFQsuhB3SP_geoSwsLS`_wR1YNTfti;5}R8V@r+=?mHcyJRPh?}~T884M7ji!w0 zsI>btrBGo=8(0k-e+ENny!`Au9{We_+x>77%u1)GygV~N&#g0^J286nG+&o=k_BHb zR;S#(2#V5)X?%ID&7BPQwBEDUdNPJg0lHLQ$-#*Cd%IjeBd|F}CdFJ(E*89M8R4(( zFvaTwHBa#JjdVDs30*a1mAlhhjEopI{W{Dz`5x;KD)Q_-4&|Xcb_C0Dhh%`gWFD16 zde6EHCiNMJERShLubpmI7>ZtsS$hL(^rKLl zp&!Cf3bT2=fLw9yt4fow}d>IOV?zV;goEYnahBspVNRpN_6dcZFdk1%b_xtq= zOq_{YMzW~HJ}$H=*fM+au3wGusxQ3JF_-lnzQg{RM-O0EDmnP`T2A35HPB`fB4{?{ z0J;)N&Hh8tBe;0=me|%Q&OAW*a~4RBvUFEXFzJM~@73UCvn=oTTeq71DUL}qd!wh- zz5X;twG#u;QBp2=yv`X@bX4;%FZ{Kh1@0v}W<>D9!i1VnB0r|@{l_>kv9M4`p@g1I zR>z`V9!_xqX6$*?MQIDINb9Ox4GlsTcUntCH+TeaNU^uT!Ibv-T_T%vtNYJ$^kk~P zxH`AYFM4LAA)$f^d-^;2YHK9cz^~cdYWG zUxbGT2rt189RsP(?N3%-dnznw{G&2TUPd%Lc=&7Hj&l+_6L;QhZUA~md$R~-C`q(% z*(!4xQTJ_uQ-ov9nw8q_XZLV8gF%M{*v4EepZv99azEu2eqT;4{u_?R^;8aG=4M-S8YRmI zx)p6kWW>g;U=?e`JhWCLK>8;CyD4*9$g|t^q$(_A5EjVPJY#HpNVKRuWi?c7>PFX$ zKruN{7g;U1vY6I!J-Z=_Hor_$vkSuCV}(xE)#)aL*TFrU5rl%PQauD@y=Qi69KuN!qq#sdHN>S6Cz#lxT$8NRGX+qxQ~JsTr}~4DFo^-7yu)7Ks6M=;l`+oNZV(%QAW3>Y_j<$-x1bXb;a4>g&_v!#KXEUbC065M*gg}otk zS~dgD?6fF822?dZbMS@yxdzcJz^qR?t9-ZxS5hk0%Cr%))7OPKZg-8S#5~GPtw)BX zn1NWYAk)NHEYa1;`K$7bP{CQO5ZoJJ{oH9Gttf1BhvzDSffU}-blDZYCCy_qqxw!U z{3ZX`>tRvMo~ml;(QwHDY;|MV6}n)e9t7!*BUv%&L7;0_2ySim%c0REB&P!~t7PIH zlvZ*Z)l0#;f@4sca>sb_Jg#-FV01c zC%^yVNkV@yJ1>5NH2c{9^o0Be11Wh&6K7|S|FEh^nM_L@1I_4E4z?bCS28eux6<4WP3l!S~O*j=WX#E~MF_7cHJ zVyH%1dD++Lsq;|T|23#++CF>hZxUpZbi|kPr13-lCH{ysB~Igq!AtTHOUkSUL4$Yy zE%~I{#d8P#4%9j0RFy3^%d1Z}5m6#YzpOT1N)aVKR2IJiz2oGwC zh9m2ugjGm`>q+2oAp@BGJ8&3U_Ffa-7L z(;HK$BHa0-8i|c`^lADtSzd*YM_i7gOl(@ICk1^!BP=!vSF7!LYcp35m09@)u>#Nq zqe2*l@o3}0E!Ct0{U%@I_vhve%>*%h+RHQ>tIXv3&2-jA)-uQRsZR2KOJR#1^E9?~yt!}wG%;5h6t|T6GO>?K z#Y(|Rb^k!rS8x_fq(|p1Co>#^Kb&j$|`*$#*A5(wHVvls`Z`QNX`-V~R zrH=Y;UP2=2tM~e`IK#xjmvwJCsTo_2)E?ikAhQI^Pe&!)Z`aopu@LiSrJ4@EUC~uDh zH6?Lj#u?^NSZCXZc|EY5{Z1(Qo6DzX;=opqU&gr>+NKiqQ}xdMDV=mr>Qt*HWMGD$dVcq1?2Ox{EkgLcE#5-s58RWBax=2N8uB0WL;N^l zXB?AEuh3|Dh-@*cZ^*+yR8sA@{luC|Q4(?svM7Li;B})>Ib|Z>1kqCQ!F%{DF{Hup z#fnZp3$-h%3fZ9DTQK1ZQ$BBdNb zTzEA~m5DtP6-xBjfI^rw5-Wrid>&naYl|T?HWLh;w4|Y&ic~Fr4z_5!!d=Qf(%+Az z`L#+77Lu;>EWe|+$3t^OyF|vfON_60Nq;kO{Py^D{zI~*P;!R3J&^I^O1%ntUg!)2 zyCXycrWBPvO!v?#ai>%e{253d*wOJcU^^uNlxg5Act+jrkjeE2+WyJc=e~wT!m}+G zt`#c_c!hqP&d8d`ZErlHQ>s3ZDz z#-t@(W|Qy@9!;sXl4z;cNOBaO^4KGd?OV8=`~im*(x3S=oP$DH;{Aq)`00yv5U`_T z{TQdrzgf;#O4WBYVm(=B<|;EM%Y0BH2+DI87drSUc|3FiQ@h_bQbm6_S;IR&oJ`Tp zW}+HLf1XtAYddi*-_c?Ht<|sfo9Wu8TXH~9nLEgJ(s5YO^|^eQJyXk4sQv6Z&1K2s zjJkA^_u9U?gILaeKp|7R+Jyi?X+Qk6?)z1~6<r*@K?Y4abSg8sPAbLN6&e6XcM-o0I@4CkM)HN}xGC%d5IQ37^|2_w zuzVjfe)BMQ>?l<1L2hvDmDIwP%;RC&{26Pex5w4f_S2j1m5<)%`$_Ozq_B*&f=`+BA2;ZSflrxXTtTUagYs^p z*QI^*Q066m^f2UQeE9Yq2q6gi8QaS%cA}B@85m?1ymo*3V<8|;>=9qtt3!JZ$Di9o z;IKKSt&l;QRHp|uR(L`}s#P)*IgHsQ1u2Rd7wIXsMtlI{P+KZ_8|sIZO`QM6bG8t2 zOdH%cPGDawmQoQt0+!ffMKP?u^{F7UT!5gaDlaH0!%IqMv^1IKNCtER-pb)HjB88}vHed!Sy}*vGy#QEZaioKa zCkExP?_u83EK6)t-0Z9Fa1kdH*TZ`#|Dc9bJh8s~Z*>WK<>KFr0AUfW+z@jBf@u{& zqkrY%>QAQ_)fSG-i57RXQOGFz8jg$o5gTaKrq<*x~J8#@Gb-YVne4gm^SmK(L zaJ)IS-U6Ebc|(C%kp-#e6#efTk(l08!d;geq0gZFBJ;HJwNDDl2@@~}?2 z=63qAju{{sCSvM}-xKEpiN$l(!pgZ#x~AE+Lp`V~EF6ek>JtXOiPz~p^~!{qyJqVhe1 zq;f5p?oXtw{93Zc78!(7+Q4$LT`MXWT!3B3)cnKRU0%!#zc_(bax-kMu3B2xloDak z$ruGn5O(_v2pdAR6VU1`b~h}ISHGIw@0*w@lc8o0q}#$pd2FS_$4#M(GHP90jQ zRDlK?(^3sgcCBGWSs1w|r^}k)xg=7@iux@mpC~@6Hg=p3fYdvev%9)^plAQf=|-&f*A=v54hE=vzqwR()`&g z5g*&2gd4xWG-q3e1gGcd-aA4~t;LjpUOLcQm$B=&>%58c3DfxvW6Iw)cy$BAYGPbd z9v>90?q;@~0k&9+)dK!S=h0?v@p1$6z`D*~>LORzn}1mCyYOw5VA@1k&+OymkD=|` zmF#VKw8dcB#4K(hHZxf51MzEkz_npDUD}$}#jdb6O*A1XKWcW@t?cv#Y?y9)!cMqL zceA#-H%11OFDZl@X3)uIUI?-o=b~htv0t3<$MSy? zDSM%cpi)`8u{VOLbs-?~ZwpD~Fl(Q%L^Jf;_ASfp31qrz*>7jF82h-{9Ka9J?v<7jAN`=%MkvGrPBsCH zLMoyY8Tus1tdd@`5FMq0U@A#!Na1rz2pc`G4&vKpTaXh)pA#e<9yY@$rZZJmkG(D# z^)Vi}vmmw}G)aZ;ME87I-vK zO6K0H=k&=+)fPsPhhrCue`5#%{<=Rd+V=hOAFmw3SXBK9%h}m=L-21LLN9hBO8?^e z&Tu}r_tngjKDi{bIYz6xWj}c)HaSE-d1f~7iB#p1^XC+j^C*0D34L_E^{$*UH26Xs zY`@fnRE5zuyw=fzd8c@-r7aEi6cD(@Ec`jyd8zaB+9yqgA7@YZ&NoMi@`fL#ucx)+ zvqO9meHDTZioi;t5KqBB94*4~yU=kTH(@`lADKC11pB1Df5W|hQU(}(U&#M&Hc_(gw;&nPNS>_>;ze^8RT(-uT0MWfiYi(Z*#g+`5~ir+ zm$OdGXyT=wvpf4kHCuuq+db%8esrUIT0ya`Rp!ji%*^9vcgFaikKey3e**Z%iGqGW zh+&ap^#`&<;oO)q1(O400XJ4{rAAtVzM(GDt``f&Sk-tBaa%Uv3mgXbW)ViF650re z+PQ}5pYHDT+8bN-Q#pM}v1%+UQiMg2N2J2iV z)}1n|f3i?|6e7|QdRi>jZj)mr%yHgy6IdM4~yTBUc8noGsr0Gr+ zP(G<=se}s=&iZ-b?sdtzETU9+B*urHY>Ohjnh$}85o6{c`fjMn zy{G`{=2tE;4ykhc$9@oQXc(@W8Jj6vBrs9-INvi?zYt8^QZA+79qBivL#`XcoK4mX z3R^5LrQrxCS!@CuMr^_d$^^yW9@;v4LnWA>bh@i-f;kP!0SN=}zAS#N$fyiiR);AU5kIA5V9`d5T15sG{RFjQh4MN_DV9&1q8l*B__%r+0-TRim z^mXTDbk<%12!a_`6n6u(Ohn?RE@dIzK7|OT45tjD4C5qy>L#7L=7;77xhNSN%+vV! zskrbY<&v$Z%C_3;k=$yFY3ttEMe0}jSHVSF2Pti5hZ<6uW(MkAoOOv2b_jI9MD7kb zu));KIf$#{;6f6wj&()A2H(;RV@E_Ntg* z{jp7MXm@hBFbBj}k+$#;BmzUWVCHDprtBQS;IJ**z+>b|GMQvRB>4!-bb+DjuSGWw z65NuDj?2)jxH}MWKSl)tq@O|-GYu}3BmAx!M7lMGMz$)e7M`24Ino2sLK2RZ(s436 z==0jqx2Kgi~|$){J`@?Bq%swHApeo zd!+XXw(kjF4psvsLsd?mQ6^7d5j~|bOJWHucZR;Jz9K!A|7o5IU@k*KK_Ii(FPergtzoS$&1n~NO zaX`{lkP+ZIu^?IxJzcb&i+i7a&>ns2luPSjx9bd<>wVjf(GfQHCOV)-_J?G=G1$tk zxE{SN^b*atO_)c>oxgdRIpp`#D(=9T=_BL65W6Y4hV^4IAt)pwp?Fm%auEGFO(HT_Itt)Kq;Ty+DW^m_8@I!CJqGPs zO~&WQ4H{+JYBaiPCu$@R67@<|olW^sOWs4-(%*+of*Ug~8|Tr3l6kMZ=A7eZoKmHN zJ?_1e-tW1up0lqxjfDQ5H~2u4_X(JjbC=?Im<(WiZ4kVoSII_-qP=h;cER0PeR}#H zhT|@xqDw&(LtAUd!>U&=%8qeUSFVS4jAm=BuWk3wcw3jlbj)~tz9cu8mymp#0g&Bn z9u_b!`$id`p-%(}JB1_!N&ANjpCwPZcY9KNF+n)LgkQscl&E2{ksz}c5PSF4k(3l0If|@ZRNth$=L!|odP$JsRqROC zYf-;_LI$$qIMFSh)gXq+!f#aLbmi3N5-e`uAwVvAFhPJUTcb)p#rrxFp@r8hIQUu) zBABEp;X`R~E|yy^%MSEZ$%&ZhwPoFxa)A9XQ>p4*Y|@UIAu@l!9ncf6o2~<4aid@@ z^bHu}y1QCK=(3TCVUv~F$qLQf|NS8XT5lnfJn=heyNMQQfr+&k5?*JqO+ATt#_bsz zdj5jv)4f4>J2oe@{oI#XEKplS$ueVMgEbq^j%)=zMvJ1EZ81iJ&Gg+ZgV>7>yBt>u zmq3YuTslgnW-TDjjx&r-U(xn4-oL-uyK4s=?&G#=lrg^%|-bUVil4gPU-J2(_~*(Sdi$)BRALx`WcOtn@AD!jB=$KArDn9O%(EEzRatGJffwo9P&QwyfWv@fU*>8$ zEn2SUl0y&`sigyyPAvr}_B6)%kK*Xrjl8RB3wD2c#z{1ufDvD}8JqlLgKDs>p&&a_ zIj8p#dmr4*Gisvue&xkl%rveypmmxbr<1`ze`Veay6|Aykqn z7#M2SkLm`IxC1jdwehaa@bsz&p-0s`?E|^B$$Zk?%b{(YIrh2?0Ls>u(WziJQ^A z?@r_QtAis^aoUw@tnp%chHmdfO%IO_%^Io*B!_G)le7w?m%&bT+8O4`H3hmc=bD4H z0ou|`MJ%Tl^uN4Z%SxTkrG(O8PH{PP-8vjxlb_*EP1;;72dW1@nD;rj_5;V%{a_@5 zD{+E#4%CXnTLTtm|A>2aiVf4YUZdW_e1FQ@m4<0m6Ii*tVR5p@zL|Sf*vF;u&On~0 z`<8;Rw?rknbhCUhc=G1C0e(Q78{J!>kx65`(b!wZOKvj&c;gMC62eoL9)AA83@sJTd%9$noaj)C=&YWvbIIpM5f_*5fm zobp;~JDYf&H5bz(1Mw8xX#+)t!cuj}wJ?ObO-c~AYbe8Vq&1I6uraMEWHL+UZ7Ep@ zW>;htPUeg)cSPoA6bV9R@Nf<;5EU(u#cN9@xzh{vlcT?V$+>ipi(8J&+hVd9%wiGL z;m)j4(@_616=XS;&ul^%Lt2~g4R@xD6H&9@Yp_lv${1S-wj$0Cxh?PPewtH>v zE`7o;+h3Rnx8?(>bes97H1vI)WBVkmM_p&On1lN{D zq?n#ww3Wgjqz*yC(u68jNY(!AW`QRqs3p~SPAI1m=q?y$}4#3JCH@u-}4oi0y{;08hK45jcSyD)oTxHTU`xF7n2TaLDKZ z`uC{vqxZdpp-Fdg$$oUQEoIggf`4}u<_!mWd^As0PV!h^3QtkP0g^{@07H$ty)F8= zDz;s0@kD;nRpABmuFayK5i(0VEiJcUT)Tb+i&A6Kb zgMRr6&LJyVkM#7Csw&Ni?Wh`yHVPqqRT~u;g*xqHnH`T0wUCTzzZ?}T&tZ6L!a-Okd!5LM2Q|3SDYLM6i#$5<& zok8Xl1~tv#XQpx;s$yuww=BALE(RkQsl#9IJLiujrzc*Au0|D*y^yQrwDTe8dG zc((bSe#)d;2r*kDgF%W4K#R7dp`^xYSP5b`y`uaCOvK&h)XgWMKdA<7tj$?`Il2Af zIJZF zz<32Xbi3Z8^737ZTrbh}V5?OwC`jvAT5bLT<~*XPb!=PL!&wBmPUvVR(Tz2;AARLaz@eNA^9#yo(IyLOHUSoYa;kN#v6K^EG-; zl3Gu4phhNIbpZ0t#Ktz%zY6wk1H^N7g#46*S*eE1JqGtXt{MxXoVy8xil#emrZ`2A z#?-)V-^c8ROl0>kiIM$N?Bro2v;ZB8r2c6}*)}-mX(CdcO@?h;B|<)P3AJ7}8-;VN zqMtx`>DiFBFhe?FRUu1@yV!=KW=U?SI+Mas)mgl-R{K4Y*vs5Y$ej%O{%O&gEIznC zF8()LR%n!;5K}#Ps-z$I>S>b`@edQoEj9sI#MpW7N4$cji*oBiOa-8o=tkx82djE+ zl@**jik{%hRFTuhKISO#D%v%+r3$V)|7c1b975444gq6a@1CEX>uw*!I&mg4@P?bQ zYb}37;d61iIJ2&1`Al!!ugdvtK4B~$J;V|P`(A;&ZnDO2_p^>|!g>Sx6oc}dJLqSS zwt=}M*3(PZ%&1pjG5ig31|#gjf>Jf`pJbE-^srjEG=KIbh>xx76+AAu-|2v*wjyOq zNrSRC(YKG1^2M@;6EX|tiCJ0Xg-iPq7I5NRykU74F7&wu7c5-3hL2OVwg(s#7-McbOOCF;yx4)W)%(Y!_!SB!_xJn&YIdcB+9mhrzn{sX%;e_vwaYql-W zApejv{S9C3D}XZ{Gs{L$T}yDsn7PXq@JiJc{JLk!Gb=**B{s(D62?HGl!t%VJq&TZ z^|?-b(SAzZKd6r1v@MqQ^YDrg58!XopmN~v&g2n>ayw9_R&C-jA&o?OLzl~k{0H-2 zsqNj&Qz!I$mo@Mo1yB9~5d2PUt|l(7PJsU`wUYgp>Pd|1zhM%;8;%uQjP!68B;?{g zj1*{)o}WVjV*PgU&4zFWbla}9E2&T5_n7bFh*rkY%wItM$@g29JSe9!3!hzE-%Lcy zTgzVGzfK^A2(;X~1DY5t4CYcXu-;)Dl*)#S=;R-X?Dz4J)8g(C^#;mG0w=BzgZr^3#y1gv48OsY^ zaJ?HO8d$~h@F3Kxj!Hb)bsp?;&B%rXfC z;W_Bq-b*py*%yC%)!FRdR~>J3@%KThZI)?8phSMkel(fCcv0fVVhQT-Lhj3J%F~HA z&9m1r_TXEu2>Go2TFrUW=Fbn3?&gm28f-F`!X71W(SjBgJ+;dvVsT%I;-gD+IZF9u zH?|m~x=oCC$BRS#3+q(I@JAFF>?6likDpU8iA6upSl7l^wMkigKH5 zGi?+`rA-&{vxsS3zXg9vOq@+0OABV9{<41YlbJGy6F>d>2`!7Put?b^)D;dxfKs^@ zDsQvLO?Lo+fQ&@x7&{@~8s#s+{c|+ATF8e06ROmt8H<)(UAzjX9>#=S)C9#>L9E9L z^SjIdz^OQZkhV!?4^VyEGJvvC!lup6-5Nn~62krcH$guMpORYoO*Jb|s5gw@7CvzX-a{hNJvL?l~K+`<0Wt)-vAtd+hyc*AaX5d%>B4 z3J^fo(VWKIi9_zuD43|zsNqYNbXSx`IR;r_>=ZfGfeX%0R3~fDY;qKDetB#?Pdr@IwZCp`Z&1X*Lqkek1Zyjuy8@^ z>S+Z?D~mtuQixm5YEY%z$KBqXOsr#~AXl_w*fJ7z>a8kM>x%JcO#XykGoQg2)U>%S zV1K(34I58C@X5EVC(>4!sYNQ-*dOlAG%(_zXPo=Wc<4ssIgFXoQ8!CbgeMDc)^!1T zL{g&7oa3lbB%ndpw*(h4eI~b0V1y!Y)NVMZm*S8tR_IEtYN~7>A{B_buQ)_QcAEh$ zptb|KiA13MZTb0zh6J4Oc!Q4cun;o`*#VDjqF2|(EDj*pq4h!5ggp9%`tBjKs~Q&# z`z@DS>*aSHd}A`9<*cJwoN%2^uX=}SiR z71_jNo2@ zg#c~-W8esvjPN@DQcp%m5Me)Q`bazzIKxQ#z84g#PY^NS5SU9Z+5Q;n4gE>|ZnV&_ zA+Ev|PNWG@30GNlNqEfQ39n|@MYk0H{OI2tu4HY|*6Qzw==n!DkL!OQ5&xm0|F@7R zR@ZS}R7d)=Qco|DD#Fw*+|Ehv2C^2c(@)F>4-6vzW0Z`(X^!S(j|yv?bUcIUi=4nP zv=7WoI`7lqW8tAshT1ze#DuZ{b>sdlyYce(%ft0Ww4eXq3k{&cw_;RYM|laH(1_fZ2NIRSzwuN>?SUQ^GKv1dx2jt?;>fAqS50YJKQ?=E;^X$AR1_ zv!|_t2CC1HD-dFy^Q}W5-pEvXvr9zG5bs6ZDwy*{>a1n(#pWVBs=_~s!^af32-1Mk zkqH&C(dr|b#Hi2I)+XdomGU%ldrsL^)Eh%s>625cgt@;FPf#0)=hKmDE$3sV_RbzU z(7!Wmuv+2Heh2r|cBe};$ARm8<;juA22(z22^`dToK-=oQM?Y7LG@Y+VL_1uH}#&H zIG~q~XW6Ar4m?6UzVq!{o%B9Y;&Lb_sJ)b?Wq0Ucq|uM>3Wet#qFC<1Ua{99lEZVt zPnif0zC!r*(Svr*74EkL5Szl8Iw}vw1?v%$;k-dpLT_iOFgr+Gcn@eY*Wr3YiQuMt zZdR^Z#a>2vJF~yrX~*(6Yh$o`##5gFFa~jMP{alEXa?qO13@0sH`u>qf%ey0Hl2TT z*LCMJ!V(jcnUMF7=Gc;s)7a@%$n~G7JILKn&YSHx-50l7ZQ?oRdANCM)=tV$^@kZ6 z$Jx}9{4nb*J|x;*vF!Qe^*DYvI`GnpH2g_u*T(ZWbYFAdi1@jF0F>8b;v4+BW8@Vv zb~nbu19cgWvV!DYVhHJZZ9LkS7rxKv_6H+O^THa)5i95?k8cR+RqD|m#Ek+q_FPyV zX-h2EzSN?*?(awWcNQG=0LH|}5%q<^L!y40!65NB_=p18CKZBb_IR{JWu}#Q9M1~P zc;JQbhYwC=k6E~{AmZ5i1P>0VRAco9to>gSL83UBCUOXIkJMp4iVIZMrVSCRXC2Qd zygN;pqV=hPC~{8nOf>z(!jNviZbBCOESuf!K2r1R8g09joT<+ zz<;3rg7?gcqNG4F-b-N5UNHnTEhndOJJ0x>@}_a~etyoLG6JR6lbb*}vlyo*F?~}A z#et$wQpxBhRWO?GtCR;qQiZ54FMG}|6HS{n7?X( zxJr&er?@MIox)qeQs_Uf6}2(`heF4$I;`-a%#O*+=!L1|>eFS_ob25b^r7W}##kje zWp`lH0n9uk9GZzzRbR$o&+#kxa8#CyXq3aPy6GrQoA@DvK*mSE~V7Bd<-6y9j6sdU@?sGGBeD5}iBWf*3@Trck^?=n>19HXzx( zhPx4TU2^_tYe^3>!ZA9g_b2EtLS~QXKDQ6tFM2S5qrM}tq{EG+6GvF2(_vd>zrmY2z&`vN;u-D{ z+@AWrD%t;WQcU;1j+Ota7&Si)&{om^>T6=TxxvvG_eqdRLmQGo)XR(e26SM zn}u$pW9Yv7+~oX=+~+gP|C;T5`!Mr&#{;!b`%7m;98Q{xj1)0Qo^7u#n3M&^0TEGv zVP79xtSt^Q&tV`+;o(k2cAK#f0#Wj<33k{+aX^GcASetlHK?TTCpu8bkbJz7?l znf^hiqQLTurjloJ@hI;Dtk5{ey2XDvz>Jp$eIFdmIH4IJOu#p4J?s1m!s;V65M|R3 zeWPz2%J}%C;qj(M$#GZ&E5b#72=Ivsk#~NDaW^N+PPuc%ZZ)cds(o-z?{waZ8Pg0a zMA1*W>j-{C5eFywdsd~&;kkmq5(s3=tyr2 zRrMftnBRdkd9#T6+w~K5UUJ**0z{k-n=R4NHVj9>;$B*%Ay<_QZh4L@8u^^t;-c*7 zS_82njBY&`d36a`C4}D6DWNFa5FJ|Ru*~LP0>47RCn)wIR113%@Xnp&l0kl^L_JFp4kGO+lHI?~n|Wp;KhF@+e!DuP31@J>2vYmcQ0 zv0)=x>A1MLXr-oW4hO=x8UCE1#XmCRN>8Zi3sVnZ=N|Fq>D4-yK)2~v4`}9=HeZ6l zxK*!%r-xy1;Ed%&lVy5_*F~esX)vMfLfeYy1WPR*oWVt~CT6$!*mR~U8-CLz>nh(v zVPGB8f$51zJ%_2*RK26WQoFM~`HkR(?vqyDI$yfyE$d78iPjY~iQ@NbFYGNL(0zS~ zuuyD30qrX}#PtfjOp|*kq1ki*t!=i!c0hmJvS!=~R_phK%f0{Q;LNPTv++Qs5BbJSmQ;F+|KQHuSd$dHT z{hwV5x@_)UUf;H>2_|sav6fIGCYCETU~MLw`^-k{eOES0UD|zfa&v_wI#(4u^A*V@ zi>*5X0a8Z*R?RtS^$Ox13(PBrR!F{UejR@N)DHp$@6NuD3ted`brYG&(%A=gL;Hc< z^^G%PFmAnGaEwiL4^VyoFmvn9P4jxK5wvsU!JW&lruHFAdfq|Ro$KfKb611SBeO_v z6*b=lfMtvL?TVQ~QtR?{W4gxFUc)%aEq-`HzjA5s@NUbZ0=Cz)jPT1_miGou>$fKR zm^MM%=H~Xc>00tD@cA-oZa})Qdo}IczTIv5k!sa^QR0^-8^?2rtX@g1Cd<6wF&;~e ziAKB)8`~#(Ghn3h2xnK7JtaVR8|q~dUeD61$~0jjc|^MLmTT&lr+3#&H#7Pw%nh8n zIYhTlsE|S>1+QItPLM8M%8u1J3_Hdmi7!a2 zDeSeSid%7I-hiMdSmPZgwvsgr`qS2qjVZ)!BC&GR=@9yIa!wk{=I}A_WTrctdixu zIk~GN+OKIT!G4`!_(#L_I~Mx}z><6V#jw^^Aph1*sF1#fcz8&0V?lwe3d>q^+xo3mp=!h}Y9bATD z?BFH}|LG*6>ogp|Fdew25Y9tPkdDtR8jW#4!#Z;oEa5QdK%)#h-L4sm5>_pGS2&g0 z9o6PpJ<;H{E;UtO7DsznzmW-+Xw@1 zUJRwF#2w4PcfB{oaRq9eJucc1puY!oktlf%fv~*it08A ziE>-};L2F9zuM>Tab=U1@q`Q@Z@CaWP=9ewhRRq~<7>d`io+lKO1F*j3~U@))R(33 zT3@Sl|ICugFD|4hzAhogGXYGo#p*o7n;D2jD(p+r3umSdDIfnjui(itU)D-#XkY`7 zQ*$Vp7NjD(G8`Xos|vMINqGQq9tc+rirnoP(F{vaj}qjU`J*ZEiC4xQO7R7x-J$9C zFLK41fA3W`dJvAD{r188+wc4aGz$yO81Ctzl)P{H(Io0QVyPyyPEPy)oQLe2AdwSn zAuQ!MsC+t69K~H`oFoyEVpgUsqhUaMA#V;ARJT0&b=L~MTYR_AZUW}oeE3V^ifW~b z$9Cnox$qO8!3wt2IBS!GkSIwD&@_NIg*Yy-r~x_n#udN8^3vV+nASM28caW(FM zGzrK(y1)+(cVS!?obuWH+eLX{+9mcTdUZ~AW;2wz<9(#uLw-(x!R+dLe3yAlgDrOX zSS`5Wz3|j0++qEe=NM8{37oDIO!C1I@E3knsN>y08~%>Vv;&gE=<~#>E1LMr$oc*6 zzq<^gFgv2X?+#-W^`Bt3e_;8k+FJwcEWH3uWdCwe{P(y2s-Dz!{$-%}Cv=Nqya{Z> zxZHxam>qh~fe}sg2M!V*N~YA@91X%b(vLw==ls_w_iF3+D|?4`LltYi9rZlDKNM-+ zdDsoV8tCpEdVc$w=XJkwo6kb~|9-s81A@4V!IY=_bimf&OMlt(CG4ml7=+|2e5|7> z9F2lL@)50RFdjQI0mMk@iwhohL<5fmMhoX|89K?0ASIC`$zc!5%2JSHlgbL1J|sjx z%1+4Au!v`5YJo;1X;l@5KO=tvK4T6yo^}s58zN*awq;O=XlQ#iBn; z50^=vDajoBkj=VOD{95r#G4oG>$d@tJ8^7u0~I=xBT5d`H8tqUDd=@I!=)Xp&zE$K zQ=>)AjCgVr_hd_19G%i5Dsb{y6O`0oNTj36rB=SwMYFgM#<3qbTi_Zm`fXVbZKThX zIiKi%hpHJAYjZrwDV-GP*C@seL|r)Bo)2dd3u~wDooh!{WVBJ_zdrQ4ont7SxsdeF z0jKep6jvtqYSE{Q7qqlnB`G&A4$liBeZwg7aY1s*h!PHLI7n^zZd( zOnMet8Jw;gTKHpLP^+d^(Yk_(xRgJL)>znwfWh#zn+Q5Kws1SfCuO72>s6#UkH`kh z*14vgawAj|P3-<@3gm6O?B|Ex|81_w6!i(C%BRQ_D+O+EEZsk9Q?98v7Ze_-kp5D? zJUa-4nAgBDwqkArU;oUlGic-6zXGLW(BPU|UAu+@xU_B=S?l;29z58II2II!!eij` z_QZS~NuGpoT;{8#9({BXns8Xj{aj!Y&(zhpIh4iPqj7u75dWj~db!wVGcq-{WPx`4 z{N00YIxg(jyeds*vDAHctxfL_j%~jvAB<*wvR<((_wm+iYW-4=17p&Fv<7Ib|1?YxmKq-;8347SFMhHBf_|0Hh3+LLnDtIu^U`whv4E(PL$9^W*{JxZNd?q z`(kjI#KiJdN%4PuTqOky&$00YQIeQQ`8;cW{Au)j(an zlES=pu3R|1o&Cc6S_!HYvPr^-jO4nQ1XMeY#v7$aF5~Ndtdm|$AI^d|U8=u_-F@r# zGoe4RS+hgj&nLIkKZten!gXoinJ?roGa50T(~9F7N@fU>gA|4>a?`TyB55GO^OEBf zbub5U7ul-g7RpA51Ib>^AwcFFX@VA5`>CQh8*QQ-sM>27NN${chF zsa8i?kt+Y^ZVfq};vb@rmjVl|4WY(V*X8*F0QEC6z0CPW6J4>zYJ;vEB(NnVwB!}p zFH>_UDv|g;0|`xUxO1h#TXBc*5gI+Om=EWuo~TQgX3n!8_QvR~7AG9dL-;;noo@uM zcf2=;_Ex-MzVEktdI4J5s4?@Rw)X^HrLl{>Lalcrs-M088l*`NGd`DpPaZm;|0xYp z{Lc;K|D6W^ll-bRp?#8HAR-(|lu z#2?gN7R88D_%BR-#T8f1y2*Vb0&kt5l~3X%JdJ}jyl8&p4?F7z0&$k$wx-wy`)XTX%yM<7HjFU1ebTIiO zSjve^w={5K+}spd%DA#h=wMD`-`GWhZI02K1MKUr1JU~lvb@a<+^Kdju8daKSJ<;k zzU4VWEm@$QwG7n@WU6Kld@7(7 z8oRs5up)GxxL<}sd!P=fD|wrmS7XOBiWe2i9+HnFx0kUms?G7rep*RB<6et%T$EI= zJa{m=Z`wFXP3cL0 z`m$B5w~{pLb7PHzyA<+bu#mDO@zx-SFY$o41g9hzx|(-tZE+PBouA zA5o~+RAIs>b)W`SjFVijK~=CZzrEK{OI}(2g7wCxR%&;wpp_-aP_sq;)WxAK^sR51 zORV!Oij7Lk=t#r74)>_XIQ6WT?|+BMtY3(t$iD3N*8gJsb0G$+?pco$qu)fMS-9s6 zQ!{|U=#@M=y>=rOv~W>B5H)Mkjp_U08uVf}c&)En`^cbp$Juo|y!&lfyGIBUOVcLV z>sQt-)67}aJ=ye{@FJk@Alr{ww@hoO0Cvmz?l*BRxz=gtjOf`EH5g^BR>Dzbj#f-k z&6BVNQm>i3Ge$@}bPcYfvXzv_ckmPmySqfcMKFFBDZ$d6NFFND(0!1C7k9Lv$ubc| z#KH23i0GtuZt@j}wyeMP6Sq52q94#C{ny?qp7svVzch=%q(7bpvRyDoYf=<`?^$4T zkWjCW9hTLlO!w#T$abqOqMl+*CcR7?F)l@TQouVAMV4nDJ|9}pBjDus!nqf%S(S}t zjkV^);6p87uqsn+`nftrE&zfb`Lw3O4nY&tUCzX}FhrxO>_mWmx)KDBp}fXG>dHz} z&0sd#g1)@mUbVo8r4bSvzEYhIfsM5i3@6P&v%}}zN$v|(K&%Hn--B2X5Ojzduc4+g9q>11?^#cYc>g|5Q6 zC%bFOuqJPlt+mQ(o0Lp-W6K)GEj+V?8F)$n0|7nI-g6O|6!?9O)E&HLubQ-hE{Hr{&0}c{G*2l60z3 z;uLQ^89Qkt3ym1-q-3hvb-o7|hLu7IwmLz#c5wUCz)~BxLQIGjole@1IyeC|YXZQw zL6uaBN0XT;Dl0!KFB^51NAvr3KJ@yKwau25iJ3cUZR7nrhgl@YJp?W*D{xPJCLT9~ zv9(0_f=it{c=i{h^dy4NM6|C%GT=H$C7`m(hj0sk{u!^N?g&NDFJOAZ%>9&WKGzj+B?P#MbCJ|TTTv;Ry2XvHy@g4X$)8?Xf zL&p|>lgk`^{TSg)pB$3uVyutZwP=xTQ9GJ=YeuZq5Y25))ZGxl?SO7;+)*nEs8KadNxsC*(c+RdK+p5hlXjq_8rAqYKvOJ?d5*X^H3L+0XNIsY6bu zI5&uh>zslJYY>a1&&7OYKvn{FGcB!L!lS=LHlIR)&VDK$_J z8!qOkq3*#5h=^81N-wD{GcM+^p&cX9zcFMr?hFnLc(>~j?-e_I8u^zPXlNY}`txV zQ`V2 zL#=qGSYMdaD``Qu&cqXJIpP5Kgc!j>uv;UTC}p)lYv!imsLaRW;LZk~rpF;+hGo9{ zf)sMy>j=L6tob--K#ecfboWE$SC5uE(c~@fV@Se&Z@=9szl$Fb z;4|PStF-uu9Q)fS8vc=L7Ga5?zsoo@*0v_(Xu!wWpud0r0IBIsIv+macDTAuyoQ!n zkF_eTMoExwRwKY52iji`QLy)9+!CVZqz;l||=I$Y``@s)G+BwG#mcT5LA%ORRQD<^0 zP*FzgkeXuZQ;+`yHxGBCLuxb76 z_d*fDxBV@rV^X!m+yZHOiNw$XX<~`Q)&glRktL4uaTg#mZq<&!schTFN<-`#LovRw ze4E5dL+;wDOpm@9RlA3tVjKgi`njVkmT+}y)wsAIqM$;J zjKZzj*B)M9Hd`RF@?K8A}7?=u+bzSy`slN~YRcgR94)Qnk^YlUe6=;{qfKh;9A9IHuMu3l*VUPFDT z#X){B%hhkf{0W*u@T(5XuF_gUW7y0V?=%Bh z1xgalSgf&3+`U%t97SDoq}-t^L88d|ot{P0l*&{oLU4q8V?LG?X3-v&p+Ptd=Lu&% ze%QsF+h^>FLVHY|>esuc=VmCNv-Acyy<3h;(LuEyJkDzZ_}sK`mrAn zb9)fy=m=Th{gb;2OCQAFTRaJ8&9*dak$l-TC$QhT@C7T(kXgdUR42uK9fag3^hH}f zUh%g~EB*4{lYlc2HM+U1{vsc`dV>u@trkqJ=}JyW?5yHzCU~z@^0db=iQZ_2 zVL8e$b8);}o72kj?#?8ryh(x>?Xu(n^zUWcaY6&&-b%S)lee5NByr#8QJC(2I@6#k zu67;|6O(lXxAsWP>q?==Y9Vba;z#jk^Z|U2)#oCiudv^RIWQEY5U}8})|(A_a+yv` z1+|{HEVh7nivz?v3GCBs3@8BRWte>F;-dg-PR7$~9$_z#?5{)-ghKqYzI3L;0Shg@ zDdHH30a>U=t|&?^zG>q`Vio7B4giZw_0>h5%k-(bh<7C?Egb%3s^#UDJA7zr}u*||*z#ObFs+CG}8;U-*rg+VRuP39pR7K8@g>e5u`ji>A6=DZvK z=*m+`akl`s=(o%gK*uN5r~!@Inm4qkYdk*FT>$5xl5W%E^i~btU8I(SN?Fs<%F9H> zo&FvVLd9qF0c%P94#1*QGYs#pRO>jpZLnb-i4$cm{5fs1mZh9+HvAi@_ymWCGY|%A zf_TfRiAa@tvM0RH|AVo?Ch{cYcexkGcbfw)<84< z_A^|~HxuLks_Z=AvEJSQ{zi%-o2*m}TyZMKDK zvxJRYCc#)N82dPrBcJqPwa`raMWRV~?Xq-ie?;+}E1gC$*57XZtT?ySIF+WOaSr`y zaPo&vyvBv(I2|OdRcU03%72W6*EqBUip3Y6jJc-VyCK>|#bQ5(g;uzLb=`grD}4b^ zc7(StQK_Zvoq7|8#N5+bXKxZbWn=-1M8Y8LARQ-4TVZEPN1UQY)oRBxA00Fe$?q0f zKgxPx;+~JDyhGPPF5ZRAFbPSgGI;Z@CNbX6i?I>uN!6E7q~&5M3@8rIBBlY?6HN=x z@<&xzJb08nlEHYc;f?Kz6Db#MmD#pDJL#H*8}SBR(L+7HoVf8tlOxJMRjgSQub9GJ zh^mu<<+eeTUdF2U4ic<)V4TC@s|JTuARvOr;U}E=4&P(k>m9q{3}h_D&FpP&%i7yn z+1r7W&xTO*y^Y6Mg`40_3p@cw-q_&je}qq@czDD|a6$cipzhEU?go;`XQkD1pGBx{ zHri>klTY1m_qON_J%3Yk9eG>6b}QBUfr;>l^q}k7O3XdW!MIGF$`j>cABC`6>vcy; zJjEFM)L!Qa=MKJ?OpW#`F&$;(#^g^g_hg(mo`w?p#uw#%qK@pJ5yhe5dsK0n(*| z>WP$=fpzkXir8BfZpCa!#-4I=>Ng_EK650j%OhjW%`8PM%u>7%V+km-Gfb;VZPmC) z>G5hMooO>&NnUT1=BWb*nM7u3Gmnz`0702Tpvs&6PtRx_p;Zp7?h;(uC6TpZ{ykof zKRM4Q*a%>;+l+kH-Qb-fAK3B7mKwuP|Uy-$eXhErscnlpx&boVb>$Ooz>|o3U~Jn&C9y{ zmJi99wXI~vcklGe@x?JVgLmt=!AZcw8_f}S`hPc?UkyaHPlr^QV8^0U?xy1jw7%<< zK0?B!6!XO)Cvbxwgg|_P9@L`v%CzH|lzy6-IjNc0-fms*O1MV0CV*8NS5HXpvIO1n zzPl_NIkZjt+%~gx`Xh^=)x!L(wU`xG@bZ+>()*upwobgoUmpy_(sSd`zacab$QF49 z$1SWTE1Ax5Np~q|%=5KJ82O2qG0(L1E_yevY~A|6GV4I{OevX;9{TUn%FECJ$JrhPQ&>`@N zL9T}{J+`abx&~c>mg7=-{}&l!3)~leGX_b0sWff9cQo3q!sZ+N$3&gjOzLY+-!5i# zO*Lk~)=yH5fX;5U6kq-)0L@AIjH5aIEL4#3Cdrexw2t`m;sd#BXEZyPFhtY zVH8mn=iYZ1o#f(yrafh6BA2XL4%J{xN#ijlBN}lXnPVkB+0Bcp_!|4{TJMM0c;oSB zxbbg$mtGFvbblafbK6WIFsQ&DMJ|R8$M+x7aV_h9%BQpWlnNOnV_Z*Drky{@RbwZ; zOaBoiTDr4_ztZ>BtiHgBLwY*?%$-Y@>$GVZ-=Uf@#S5jTKaS0}dzYNEs&9ki6LsB2 zp}SVXbv`(<|J1gpQPY#D&!;@KLhn&Iz7oODo*IJ+|D!g7Lmp8?lV+P&cftK(xE)XU zAfakT@u{ASV$%E2PB-_=pGv;^qeV_mx9XIOHR9dWXP&D`2b!{$HoYF?Bx}cg4Xwv7 zPa4rGZ{S+UT!+{)2!gQr5)6X%bPR%Z#!7y59Z4hHf~rd>(Jnq{_&Q6AoIkfu4KZ+M z>OL1`Qh+cJ^v-5%v&mVXi_7b;s}9P4ql~T_#87yfETb5|DE+Zb#=3V`$Bi|GI!85} zUN?D8+u`H|8Mk<7k&x;nSNF({?Y)QZFIHlsnK6F!nF?3vMPkcNiBGaN#QZVz*}}Ue z=Z%+}t20}=*aoid%Hp-w;2d{(9)E|`b9VM~|Gh1V)HIIP@e0cT@{h$yN%jcUSC&QMtD`)udyxl^lRU;N*bm!Pu8n#&6H zTWfSaX_F+-S{m&NY1l~RO;oUN(owR0&(VoL*}36?Zu4DrlI48Zkeo6P2~Xv;gZ#^Y zneRfetIO?rjdxo~87Y_J=u-TmRVul}+#Cs|w5M;>aBVi5J-l|d{Kcq@gicf8z}D^W zRz)F|=@=bzX;)|B?KWQ)@LnS@D0w3QNHZgJd;*r-;rzz zF?&J@we8z@0$2N|H-E&uxm&@pfPVQc?f{$bGnz1eFAaj>SkF=~o01&vvose!R5w81 z8}w?Jbc^XYpu9-7v6^M39C_d8HOwwmMgDF^&S&+kUhS0PQDv6W;OKTV{++Ek$V z&csBtB%@}R4mgsqu!p+l0LN-AM!mgBuzY@C=o~3o|0&u zGI<^~Sl>QlIQs{4_eJjSk$$|Xq~RasN6em_FCNx#JG)~pCb0PFr*`9{F1qGT(llyr`-D&`heDoJ zTw=*M-6?+J3F|)6p~98hF%2KKOWk75^9#+UU94xv`QqFlcB;jwX`ncogqgqaO!hQY zBSuM}jBSgmAx*r=2CwS-k^AmBO}?VzG(^|z(FY)c=ZTE_$8qEH9eQ|9RtnMZ;dID* zyL5?L(50;4qDq~+Q2K*nj&}9iI^EY7FSf~GvpfS?QAtfO!=uJNYQW|=c$TMZVWMwo zU?^&6XQ*!nyK`=_Z+aK5GHVOo8u^(`bJrWot+BC6+@_Aohe;ogg@TJVxiF7JUjK@2 z8A``UVZm#IF)axV_gKdcukz3iqmHg*G-#v|TTOw30t<5NV#QD4t%T0$HJ1g0_)6Qt ze9;DI>hmRmg&u*)fsaF92ewbW)po&p%e8HTtjA3@%t{|g(VzsOPex(4m!6GWqQZT9 z%0SG#JCI#?OjMBW5zQl}hH}!@#^4@#)PKIM&5XT6cD;IPHr492T;L z#S)BeOL}&{gmykK$0x0^q4m>jUmX~alRS-5CSqnKnQQ6uZSAas6iZ!Mb`?9D;M^B) z_bDaoXNih->QZ*S1yfhwMW*WsnxwR#V3bC)ah@~E&a#!PiTJJ{ltpLKLKr(LGsrQq z$xF-Obb78JJ;9CpP83yL2|fE&BkA!*G>m?Fsw>d3SHfk|FGJrEaPYI4O&a5{^CZbd zejs4;>GLqBsn0fh^5$H0K$J~>x3oQVDx<>}`_4A3NY+?)o9^K60b5#?g0U^*o8tuh z^9m2>?nJLST_Dqxj9QWDeoZ~sb%E!5Q#(_G;P;VY{p1g%oD<6O8EdO5PgQ&{H5fhm zUa8PNRgrh9bmvTC6tTSeF;4nSKl{`0Q_|S4(r8j*IBM^+gxgvQS`A#DP@Ircv0!$H zyYz`^@HaN_+<%%c=vu8zl5r1w^Was^CNtkU1 zWwN(kO%Ax?u}(DDwWNY&IZ9UY#HZu6!?!7?E05O}-Aoor8GQSc)thsg^c=zoY}bBX zc}uL(r20XH*J$U0x<9&5CvQ?V#aD~x86nc8^O+-lhRff1qJ#^5zu1R)>!^OYz!`&n z$&%S$Mare*MO_ zy<p`?JKWfLqioW|_F!s@xV|L-S|mPh!)NC1t0a zsoksD^(#Lv#H_)`36}(Jl*fSyOof)z)QZJ&G|GkQcBHQ3dHGXv zVTlpNFKf#EED&(TprUBFWcE7U z^B#vpTM@Z+<&7ipIe8*I%8MVS6jW?Wx;&;{u*83T6L0=`>PM5o1?tz;LFDMG!HJJd z0^XwEih=UIDxX*1R4pgQ2NzC@$HnorSE+$dRLimo$pa+Phx+K5-U*;jtXA>lh; zm&s5<_|N{0N~yB#}}mY5UF0 z7iCPOKSH{*dD|n(;P%li17QndCGgB#CV{<(&D|w>yL`Ii@i_LEjWf~T7{*@p`}J_!O_pR?=1yDY z2U{)`jrEfTIdbDIj1+Bub!kr6I7x0r>gGRN{2+QAV@KxQ)g_7@|Di9J1-tpzD+uaC zx;=b93A!YH8^-*E?ULa?ywc=$r(wXISUKj}ioVb7f+VH^g4D1$HyKZU!ZaQiHWEH{ z@d~>iY+O=eOSs9h&UAM@KdXMmcvGsPPBykSN}h+UlUvW6sU04xEYAbQmSJ={v8|So zi)+z)pEXPRhXKu8`xK7L^UPr17lGQf^|vRl1h3+om3uGxD05``;Emg@p1RPxpv)68 z=jT;%C08tkL}mJ61;fw>$yHtr2Kol<;SIXfZDTjVi1x=X*XcK&@wxfSuGtHEWNHSI zG_R#H7?ZEe3WZhTI)A*wU-ErMW@OT3nbSK~Zi~M6dSP7BO!_yj?%7!7@b@I6f_Y9i z)RD*%x=DIBIk_HDo_Q!Nj}k3xeunFzTfA<~lg)%3FXx@{Cg-UfLX7PXX6`Q7mQcPM*lT2u5NwjH543S2Cp;!HKmd9el6tt9(4RjWIM$budyswh<{is;wxqx(~Xmk)T>A%bC%(u3n~ zzo4(JxK^B)%WckW48k1=9!i#w@5ZNirNHm~osxbgqa17bRa92cqsxsS-4t$o3T1Wf zUpY-@=4Y;!RAQT9%QPEHbiUGYjvS|(!tfa;2A}pl`uebIkFf~qyomJPvJ1`lU&ZF1 z*xkOJNxiro4oaDYP*Ob|8xdI9|4oM+f-^U?wS^iR+FrJ@0axyA>`V-83&AbJeil5p z)|cEJ7tSb*TilBYJKf8xbZYt}vPlQ^7_Eir#HVn5%--7jLp-lTA9mb$(Dk%?a@lo~ z_+Fhk6=SA%nVrhaGqgJ^o%K@-Rf{?7q@*5Z!u@MWJvRol)Y?wH;PpUfO6Mhs4*K_-;HR zb>e!_-;Fosn@5#Rbbp*TmQs}~s|+$Wnx&SksElvO-=VxwGG;0@RcI}X_INA&V(g1Z zmKB$nljmhCJ=iO~FI1!7H67iI)D6DBq{PsPN_$g~=;n!6;6N6E0@^>w7R)i)GH0i@ z%V;_i0wlv^6Y)OV_#u}T`n z=5YLSXI&bJ4hGC7`SsWj7S`8CHX1c{SkADUmpz_+o{N>IE{=oKIYi5hMzwi8%gzPc zWMoc|PUfG7;N4$)R)C3&)9qzNA7Ri|ov{#WQs?9BK}CU0uL z+)G(TlAYJ6=RJ)PbQh0MuP$ZY90j^5T1C&Mb^2$KVoFCTo)3G+wT^Zp?wKOXY5@pM zg#WFY&gC}(4l!+^ZP1Q;Phz0uOk~opYDutPat|xpUz@41dvx;JJ!J1WwYW))`5II$ zl#4lzhU`Pyk*ba}bwc^y6i4if7RNpMw=+WB4b&>n3baX4h&(1R9oK!p+^E~8-)HUK zssB;?ZQp&^On>%DQhYz~40*d}Mo%E&LGU1`sHhMd&|#!h^Dw%rKWw!?#fgQW=R zrkIit({&kf=9@w?*TuyYl`h{D-)Vxm7eopy)4#3<2!TuI!C(JJIVu|_TqX!a9zL5n z)WOgKY%(4$lMEqq(4UztZHzA)n?Y@DjZAEBABnn%fcpG5lqu8!>U7x@+$i{i+GFpl zcMs6Kzz-J!l@l2IKcnoG4pBiks+FZVoTq{}0?gkjcFcbJ3~ohWQ9~fi2r}?MUH(5Z zoXpMO;jp#=5|KCE(|ML7{En00Gkp@?SEiYgf zTJUr>K3p~kq!KYB?Dodq_yn&n3^D8c*xm}XWp;oeMnF6SYur73cV)v6yHQsT=2*og zYn}z1^MFHvz!3zOPY&V;+nbnyc;yG(uVWo_XeBUJs zK)S$ah@gt|e}MJ^d>mXlv@^OScmOm9K$Hj?-2j!kPoq81k>*$HB1dlo945d-R4fPl zaUX9lu<*f(Z7nP?F9T2!03j+?NqPwA$ZG6$K@S1G6aq6pqGBgNt?p9{d^!W$EC(yb zZ|(Zb8h}E;4`O@3BR>eV7f9=1R#8_Y1{r8qL%{l=RB);NPnHVQ%--e)I@MY>i z(ynGocmEB}w7-;)=^%7xP=UUHis*AF7!D>LteH#4Q}=qH5BndDVf4};oV`zF2ZNkX zZ_Td&P{|*ybQy#d*jGe^V+?=t_74JxV>Bl?9|6a+1uKaC)?w66!2ALRA|v3!Dd4OP zf!O_-8RnJcZ1$dF`nxVT2)JZ+L|t}2H2Kd{R+P+5qh<-~#cVH*8<77#el zzj)H#&D^|J0LKACB@Kdd_c;$z4i5hBYxVoh_mvK-;RirX0xYOJxRe0mi^1D|ue=Dz zBYn>&Tddjyz-s|Nh#g@a#A!O1EN!U|J$xV`moz2h0v(hI6d!R8HOq4t@mDNAF)+Qe z`?JPjL;3?rK5N*hauL)RC0zL-5J!QdsR#4IdbVkB08a(*VDB;fPG_$k%{$VZ?(bd+ z#sh2!FaTmj*&^i7PE|gc^+6ip?5;$1cxBlOWN@P#n-@;~O$5J5i601s^@H8{-LHwk?n#vY{_=1^)wr+4n1LWkAczS;5cSPt3;MI+!O9?0 zdAgJh7{(V=BBJZbQ9KllI2k-#Z&C}iI8xB`#=s^LD}vqvDu=@Vd++pD%RU_ca)!Il z4Ct;2bVqF6#p-{@?;8JCxX%4Gi+weFQxEi;2tbDgi29w}G>=IZv9z!=bUMI&z^pFe zWBo=Ou-^gAVOPU{r)%2BDS4EmO!QG&r9E^X@`kA84lp&!w%c?`5( z09qqDslt1Qa{u+thgak0Ma4HC!CDamOzaT{s4%xfu{ZzSEz^gsp7&b-*MDi8sQj_k0p90p#i2ji|@E9@kqVTZ1V4yfiX-JO>|NU&;=gzuPBy&&)#(eW z6ZWP2cVY$7V59TC;SSc|_f+1+?haB%daw;LycXDkvji9haopg`JdT7T;kfqUCz=76 z`Lw*j-c;SMrnY#%r2H=wLr2{3vP6zCVz<-2CEW6L)kl)MwKg$mLo(2D@ j60xP(G9IYe0blb$XkaiGfI!s1f1_XzJCPa8pCJDO&FjyG literal 0 HcmV?d00001 diff --git a/M2LPlugin/lib/javax.json-api-1.0.jar b/M2LPlugin/lib/javax.json-api-1.0.jar new file mode 100644 index 0000000000000000000000000000000000000000..d276c793c70ec7020c9a169a935541093e2835de GIT binary patch literal 19754 zcmbun1yq$=^9M|K=b<~L8!74T?(R-$K{};d8YDy->FzE83F#D2K#=A;==)xgd$0fR z{k~c2Sss_}-!o@s_UzdcM?o4K0s{mF1_q?YDMbk60bzhZfXIrf2+~W+i80Cw%1Mfe zDyuNairo%^fY>T&%Xczi_)@J3u<=^D1T{DeL?YAnN(3`xH^(wl@KXsEn}Q8*ROBVKu6klx z^2{=a8ql@b`9a_lGJm+QY#e~T?1N)d%SW3ES{O{f;z4V*P8tbt%n`0nLMX;8c1iA= zN)-?bGn?;MYHoP(DLKn6S&+9$^yYP@Dc5hb_R1DN6g-dPIq_NF8GPy3yCwJH z#C|i5HtN;#TB0HgaoTJ?jznQNz-Ql#`{gTvjRp`S|AVBfB3NB8+<0~gl}bh0LCEBh z-XXQpPAHlj0h1%flU6o^wU8Omj^3xU*Jpr8D6R-(rDWo zwqq3AbySqTxSww)K|6M#(xcw%!1oJkts#Fl(N#vACSYh$xl)np?$>t@Z6bJe4XPjw z4Kr<4XBi6$0s;vR0;2G*YJ~-=_%F4B1OFp5%)QdV{-gPSUx@s0p{=2tsU740vK;sC z%dHIE4BZ*5obCTNB$_`W{Q{*obg=xNSmgX)fF0~@862GK9Za2EEKQwN2P@$^nNUE+ zZ(7%~t8>Cq;RqlE7x5vst(~K2NML94r`u*foE|meQDK$rJ6sxIl^2a)o7FlXgrsRX z#Y)@olke!YxzfDs&8-WV2>5Vb&p+|)5`kw3%L%u3uS42y^RPG3?df#mCImS<9owt` zpCas6$a~$%pToRx1@avLe17T9@6ldn`d`19yRFTLhOPa2J?ibDen*LDdQEJ?eq9L1 zhdl;aZ%M3=a}_PKgfEG+Ddx8rDBwsj`?wZgd_gEy@0&cV4avQz&~P*(97V{&al-e$ zii0^GcIq*`9OXWdBj}uz=;hUIbLMAgeSWv+jTilLx&F{XWaW#M&>@DL3#*t7C1s{; zgSZ2mTq{+fvIV>{R@cKTYr#Y<$J!&Kvwff3v1#elGuC(S0Y)N3qxiNc(br1LG) z6@Cq-Z1VuFAD-&lo0=Iz~pUaM0`=;xLLCc!mSFDKxEevBxv-Bezy$ zNi6gZ^UiP%remT(jW8MZ%o@D6m?H+9)DJ)$aV7&;5vws-P;X~VMbVo+J@aD|s+vdu z&vZo65=s1uJWjuYa8NlHYNsA();!1<s#l@KgYw(Te>L@{@x~f4c2)tvHJUiy8 z!e!7qK=b@-@ghNOTR8$>x+#I3URfy&cSuKZys!@t4b--Nuu$|N02ZV^5e}79#DW6) zb8W9~C>AT;T7Qlfd>?-9XAb-9Xjb5Mu+m-XzW$4Tt3ApLf~a-Yp$x0vvSXL}>0P|C zY2N3MRW~&m8cxrGT=x3CL}}ng#UlDzE*IT9`e87bhNKYJ$w51pW+BZMCZEi|#PU6) zsz~~vujQ`F$;Ubm8sg^)jqmWH#XvfjK~ve@iVO463U$%p9J*bvf?1 zt9~9n2A=0}o9kZIvSinCpq=-9>)W^CyV;N?ZUE)i`CTFuIjg2NBP=viG*-%)u7m2 z*PI(0+#@el=)bIGQ6u#!*nH>N=|reAB{e@t;dry~*a>T@d(6l7FEDRQeK$WBtyAlb zFlM^utef_AX$=(Myg0BnC}*IabAVN)03527MYf_y`q8s`3uMKXc33$*hhOWPz!?1T705zvVevx3@rUGJXwxVWS&ic!!({M_h*@|RfH%(H2P zW=fL&;D^_*yu0yxSuS(qdvW#FpR_VKmGF4KIC%Y(&IaRhQ%u~MKE{h+Ft*qyRM1b2 zKT?r@L8VmcR^uoOk$VT(T?5W*IG|u!i;_#JgTkw_-ra(bwC(QTBj<}No@i0~VGS20 zHP(;q6qCDklg-<_?(y6?J_{X{fgft8IE6>{5!g%3si*IXhWRFSNS0(@Tp~sLQWo5P z6h~S)DD|c*+r#l=^%G_rnU!gC&a4^EsAyGlToW2=t~x$OF{flL>(F(Lj+cGciuZPL zV%=Cjvs8sJ0WQ;*@TpLOdKoyWa#_Y@{d=QZPO%l?ch=a!(76p9 zQ!Yo~-}y?#m4r`c@*!x(U$9f19l>H_rousuV8^I&%?|M0R2i42tS}ygJ#!rKzB<4) z)a=1}PiOW#wRhx|+6Yl&nglD>Y#a7Uzk0i0xPWs178Mu#hAW6e++O}}a`RARb=wZ# z4D2ra&45hH*7s_KZOAV0a_rk`yI?Y1JrQtIlj&Q-*ZXJiV~vOG1jh0Q5$-3tRS934 z>-%zY;Y*}qBf!PMmnwJqh}1nC7sg%dn$cY3%ZQK{h`W-b2R3~P-Nokz#b0UO@t+)H zPX{a%)m79E8Rq3|n6S*+O;wgsv5>=1P%;xFX6muYWOg9kHj=46DZz~&>Oh(~c!j&V zvwR|Bue zQEB=aM(`b!i9zJxS~z_DDgvz_3I?zk1TPi4mn`qXAUIIgjP&_wT#$Q+&&J-WPD$c=B-;y{F`ME0jajLx3T!A&4RJ zA&eomA%r3Nqy@TaI%m4)8i!Sj(ks4T$PiZ0bPLB&kR{5yn*M1|MwOKf7K%*M*MkZ? zrdmvgw=D`Srw4EwG`nig`BL5HsqyrG&-dH&2V1p2e}UPxnd3!i)c0P z?tZiy(s67$jjwMr_{}zEixu0C7^Im5t4jK;1dcOGv+r{!NSsMz6V(RElO3@II5!H|_J8AtKCq3{c zFL_FUnN-8(DVNM{Ei!4|D$QrQ^@JY3tsO1HgHv{EeHLm=i=yN3Qk%3q*LTFP0To9s zCh3JnPm^_KH5zm(oNm8c$d;|;f)?n?3^S%_GH%SPIak7fy~pk_AYFVh+j#W~eS@vJ z6721<ov}C=GCOalF``%Hs{++75_~hu*%+~qVC9_|2iz7q zAKcLuI_b7x=Y9*WSAvMxj*?xbIulHRhK)`6kvnn>rh0Fa+du7ejA-{n^tkG2_~v{* zUd{VfwlRl*lpE$-dQlFl+DtQ^C}PjY28YY(>K*7VkE}W;nwF26B7#_0k)By&gmRW0 z)a%J0VlXZnd)?M3U$l4bxA#0pyiDK)W9O`)01||EXZg>xlNv!Hn z@wAn-H-uyq^L_Aom;C)&QxY$#2|W9)J3cA0FU-8w)x)8G8KO z%dSd8a-GjG_yXnzl@%1)-!r_$ORvulgpiG7hrniIn8Tc8qo|d=WV*CwxCRjzbmyT* z&N0EFavp1-GCzEswOnow^1L3yk#>VYgjq$0XiQgmV3vD>lMnHnrPmBsG^0})qPfwqC9X>ra#p{42R{je zH`RVFbI~#5qaUWd$y8y}V1J?bb#a`9fDeW*V6`}}cA@leQDOI8swfuw(t$HuQ?^;T;L&Z}5iz*>*F%(Y{4YifHw~BqgG}h(tFmtXgQVVq)L+9ACT1ZC^ zv?@^oiAVVC6Tjp4;^{J2w(t;GC7a8sCFPFZzhK`5~fMT zpdb-te;2lYZf9DoAWZH=Wf65H+Bw7%(`eh*%{9X=W6k4hDq>KAMOZhJ zal`mN%iUnvq@ydt-Y1<<8kDPS_Qz!1xXxTi+N`p5c*fkLEc0&r4rGyniUwkP0tDQ4y?AcM|erm28> zKRP?62z9sb?}_p9!puxa0)24Ob0D6Y`6kRdiLP}*f6a+}AGAW`<~Z-=_2s$z)$P$G z)C#_rsK(qx)#r9s1>*{BrGc7}6~ZgB+wK--^_*E*BP-jMmvl0=M3%P^vZ>Nem%5$%SbLOZG;{j=^dKGpS zVwrAlK5@M!`Htr%E=vH;laWksI0{xMk7J0EX zK{UeFPk7(fmjkR=WM8%z_l|#}>0NU-%yt$vi@fRhO0!0^7}cQF_`K;jCCAHv11CyU z%Ux+7PnM$reKmwR`EE0fWm8S{sk&wg#I(`pI9}MrC@CcAW^A1;gqDu1;|Oe6{isuI zI*-<7dF<&Te)))D>{mJYL99bl8x5g+u~9R4G=@=$c(I3v5eTolbe<0Tt1fpN8BkA9 zPZ6;{LBPZZ6@jla`%n?wXx3E`mSnatE+~Eiph|nQV|C_G=+Qcw!|#(OU4Q-~?RWi@ z>xAb2i^S!PtW1qvemdT$xFM;o`xtm4Z7#hmdB$@&44Y|1Dio#>g;on25_?H@2t}zd zEFWh=-FX%KTw!g%Wm*Ld#{YUa^=@5f%iFi*1qfH4e-r^;6UUj&KI=3u>auLt%G2<3 zysm+Xo0K*O@#A*qOUDi9Os}`X<)bM!qvf-vMR;e9Tv&N2t2HpZtZ#NQ(-1^eVlq>e zzYS}|a5x6DObBckGH_!X)%P=DiO>(uB3g))y*1Gdb`xt(*HH;=h83o9j}b<$+7)y% zyqL<2i^Dy<(rY)ygoTP_NuTWpB;ZomO=XAs?DBry9?F2tAE#nSbSN*{l@d^ykXXEo zi{rTcbW2B4lsepFU~yX>ofEH4c+jEag9Y9N<`Y3ZQKv4AAYB2Xgg2x$RAf<>TUZ;7 znTJ>=`xaMssxcZdkG||+Lk5TAv@L+XY~jb<=XJ`^v8s34 z96C%f!eIoB9U3JBI4jA8muXm+Sj)-T35t^7#2WG`&9^AGP&ftw5sH~6yT_!`$?%$u zxiEW1(1l=alNtD8P-JwMuvW;#q!-zHBo_GssA5mCFe%i~Y)P%rLI?VZi~WUZ6cE)N zd@U87O0>=7XvqQq!8D%4K9LA4=Qc(rD9^a?NxORc+xy$QLBM$F+Ufe*JKI4DHFMbT z63jv-@fFh0rJMyV?U+Wo+Tk}(1TB4;=-Y{5YW#txj|2-d%+DeNESv!z22jTPf0Xe* zxELi-KoL}^&|fEoCGnRf^<;-fUdieH z2!Tg$X6Er_p>O!}jXPM1@lN)3_7{U^6*Y0@ozo}pW19!lL#x#5gf#s$QgaW_Zj451Y}meY zhbo^17CbLPgA)5l*H%NykXDUSKhx*~F^ZLrEB{i}xxw5uG22Q)b(k8rZcQq&Oa1Kl z&5sjLW10w|A81naK%xA*&;19Z`zes$q68ng4k>VEjEw18YwI%4qYX_hWJLEecN&Z* z;VWy<-2mexcAAfGcgj7!f?rb~9heykN;&t-Y>mi#8v8QK=?9Nr$R)vS29PWlQ9zdB zeKN-MdU0z_*J0f~VQWh4e8ppzt}UnZ1CH72=cco&{a~sswy-+(NFoz)wE97esw)wp z+9kbOK|$4wV&(hB#eit4iQ!TMIA5w66I>H9ZB$zMlj^&Zp>w*x4;fg@YGY&N)NI2# zn*~~FFO{g4-bj-KoMcr$?Qv*yteoj`n08$j*pv$92Ny;@l|&0BAQ!P(w5?n=2z=EZRn)SW^GI*RjRe~6Vk%M8RQy)pvj@+ zv)BNzSjf^1I@l6Zdl+3#8YTI6jHudM9MWr-Qyv!?&Qc9LBv+%~xZ%f#?3AOIw~O&Gr%-!3uu`lEz6=Zz2tEboHcA1(iGRR0i00Y&0! z?BeQV`Z%PQbA#e=gK~3&LK1^|w{kt1yP@)aI0G0rl9aDqHv|3H?B6-6r2E_Wo zAhj#bZ?Wh^FC>8}A!^B;KjIHRUtikYF-K9S_{0~)Jo-8W-%l6?A4TUvF|@KeJQu~k zVCi-0>+feH`3XgrTgmq>D;zDDvcHL@#PZ{N}gIhJ!H-&;>twl zH(A+~iV)=aHb&89)OEBW`K^Th>P_x}68Z91+toUeCSiPOnx1_$Gjf}TtrbM z!V_@$j>L4dTH3$AeZy88h&M2D13tLl&vYbL&X6Ci8@xYfI!CQ;Cfvs@5}Q;`wmQi? zv`PNaDQLDbv({@837K}R7^`h5g5s`rpkf>$=;l~MrwENj7u7{vR2e#&8s&1N;)^>$ z@Jlq-T!3g;r^Th>a*})oAPZ0WZC~+pV_)XMC1?TRP{rr0^pp_GT%-sX^F*^;zt5CX z8qALH*3+ttPP)Ns`&cY=vdKLaXJ0Z=w+A%yIx244wv1k7MhIdL?$V4*5Fc&O$CyqG zu34PI&rz``^-pBTy+n&(OV5L#Tg6>d7Yw3t(Dkn!lkmytbfc=62T0#2%wZ?I&ULLl zL%#-x`#@4NkNmYf#TY=!w*o%D32V%N>I+Mt-u;!skRf_JoV!lVF`(X_l3I;4{_-8t zg1V3^+S5S(l*vmwp;G=CPrT1?t)(lxS*Z*sHxLO=sQX@%TZ2E3Uo$?sFv;H`Tw@fz zdm?@`G5F)=`+m9~kpLLzF8}c)`d2e!d1Pj?Kr<7-n2f=qF2G1b#!c3XKv7c7&&9~6 z+-Qfiom5>j*f-*VxrGhY2N?wA3Va0)7JW_K{q}EGR=y0fZ#WwmR)(PFFw*Xdj$<b@PTEhfQRtK%#Ezeb54i zf1WpijF>K!2}pqJh6f9mgD5~M9K(w5NT<2NE9c9{?-o{Y?-}2pozYa2<;__)^TtED z0a%Qa4XZWM5DB(XM5XvY!zV{;()140J!y`<$^H<3VA1w1)apo^kK&?SHaN(Wd|p1f zCzXL@3DfYo3Y+UnC|IoiE3m%LOdB;Rs6EtD7-mafplv;770-JryGx`BW(YiOXOU@6 zHNEeQp0?p6V2?v_~BY%+LxP3F$^ zohzlsdh+2nza?y0#JC@0^;cP%(rVp8ocTvWU|Gubbf|0Oe#E6Pz}e2$gTyTCP(_sU z6Jw@g zvDxUW@ia|M>-uMl*v1%7VkCWLLzbq65P@dK3^X$jp;G1b^uSYjpMXwZwB9UNjfvJ?W{t!PvIyOX&O4X^c$3|Nn=XvHsW0hU}(*sj+y+wZFU> z4I45pwgwi7!Uri)OU?YjmxyWk!avQ7Kj=k2mA8n_F-{yg3d71F`@Loe9Se&!EzsSLWELmBJgHa4`u~31$IG?`>w0>{-7m zH4J1Qcv8g~=GZkI7v1Gk+!#+dQOA{f*{-q$*^67>`!j-jf99aO`{gMq47q6dX{I}6 zrglrabD7sPd(c!e9_MrFYO*eO*XuQvy*Z=)$Yg}i1;;i!Tp`p-$CmnBF2hPRa&`Et zZf~#3GHpV5Hla6qtWQY?Uf8k>a|%uPdQ;0K2Dzw1EX7)uw1Ywlm7`wPEg1GcVI~V# zOrVYop8dYyv>g5QV`aBif>gnR^FlPX!d?zS)2Fa7?i5O^icp6nc65&ncE#?hFnA49 z34T&%5#1DB;ou%ieT33G2He=gp3PJM^NtiZUm-broP4QAnkHKnwU!6` zSsEp*NwIuS$CyU;CwvM6RCAOT_^QHocF37e#79KtseIZ_ikawXJgA$E1yuzuj{Axdb^cvvXJsgCp#VlTpnL&1V!W@oiDV3-mqWjCG zIsb5JsMc_;1uMMCnROS|V1t+m>q;55(L@GAnQ>K*6-yuJkUtXoP6K zr%**#HtUI-NNqv6!M?@72?In0Bl{kU<79bRqL6{v9%p2FWo<8>EP7p?%qD*UNs2iU z>JCSK@1QND(Wy%m?C>h6KGKj#mQtg)B$7GUngtBu%MidkB>~kWC62knL02r)P^%Lh z^iU-yW)jkUNUYWrYq^ablA3#gD2Z#|9P6hZH(Yj}Izj(8a#SK|%%(x<^t?{gh^Br~ENua6r2s@~-IbBLbQgP!&Z|-PwTCFYKh}!D}9aIhyDq7Vy z?z<|sy>YQR)5jS9sC!D0yk3fS*BWS?g%m3=fZBSz!R(L0;DbC4xWy%e2HKcPNe zCzT6+$7yVepEU-bw_W0~If~=4`gn&p&lSn2Z}1fi>64xFQer7ZZn-YHt#e*mR#D1I z80;25HXdxQK=Zo{C)kr=9wT0JP!>!^E;(NXs{M65=$=hn%|jlDUQ;UOBw1P%ClRsmW@%6`Oj45CsoMPbbVUc1xM(}9vhTr?J`K>N69Y2}5Q!W5QWU(W0 zqu>7C0~5lVW_1I11sCL>;>mv~P5jsoKmD)IeQ81gg%2ApNDCEm;u1tuWlo~Ipj$kY zJPiungPZ~WQ%sx|0=?K>_c9Zm47p=Dk!glDOe08By}8-wa7OBb@9N7p`soI4vweBA=Go^)8*@lM_zd-5o}-!NdZm1fF5E z-3+qquy_(BtxJn zu^SIlc?k{qEpVYrN&;?UYmF6VvjZoHYMz)TCM068CvWsiRzLV!#NhXzdCc|CuuKB;qQR8}k z*0WRKLyH+OB*}K-SGe+|l0uo0bsi2Ob4&fj_VXi6m{M+fqqmv5%gRMr4J!p&DKC}s z&ZdH5cCNQ&6OEW|pI7#Ft>hl)32aLlC4&YasZdD*@CAkPJJ+F_*b5zmS_vDTj#Ig5 zRd+DnTa+jC)xil+Kn;Hs;eD&@gFB}4|Ja90^7rNU6;A~xdpFC!a#;oH*4lWYz!q!> zjzD4x1<#zs8cbPgat*qq2B)OzU-fsei_Scz$8M>7 zcv$>p@E(KMcM#? zx+hFx#)c43(QfqOUsSobH z_R{RL8)cD$uW`aNBnJz7PhU>h9$0V(r;`FRBAn(su{vrIbmJyHY-hCzR!TDRbxh_v z@WHr#>4}lv-oxX&{l1iB+fFsTNH})t^XtLv_8X_ui#fSw^dsZ2?jJ#&=CxUZ>5l8o zz>kxX!pK#e^_8bnG)QBls{xG!enkaoRi+G+A&s%uGKRJ8f{mm zV{viV%xbCVG(8%~%|-Rl&d7Jx=xkZfF_aVOT}3&Zo1wb|d0v`{sHrM?U3}6A{8UW_ z1Le`CpDS`|^GOOu##k?z^|<-10*yFAo}hSGf)ls^Bw>TKtc9g+-7zJ*Z)N9z$!YPM z*Ieb>NIVnbC3c({bvY`>jm4U-jVk1^S(Rwk-1h8;3GoZcvBH)5#@h$#6p0zVck1a@ zTy*%9R~t-$dqk9n`3B}NS?d^ysBo40x5+&vwG3VaVcPegm^{cNKF=UyKQxifP3ZU4omU1U7C8D6c z&#{(|R=tSyR-rvX5{>4?ztBbPH6*- zjLwKC4M}o0wN)b5rCu_37oWLCDuI!|w(W`>@^blf8Svo^he{%&aQZt!5z#ITBgAO~ zZaQn8LdW(jc=T)7Ia2fL61gaV6-ud%H5KjGAgjGqz9hqRS{}vF%~nWkzGTqg&pREM zaq5!Jf?F?ejAl3?%X zMCweib;>7dxE#Qq?;n<1n4QBOuvr?Oqrc0#nY4CKf|4H}tS#WQSonGcB|mW+lF}yF z*Gt22!6Uyyr7#QI*h9KG5h947D5ev=N)X=1icbt*AqUA zLD%ZwQp$b#iu%ge-2v};zj?|nPP2Gp#Ekv;zRyIOskdKtksByUc)LS#4af&`R_KVL z98y}DA{a|ui%UEov|tMFdh*pzxq+yhc@^J5NyLM$0mz|Dl(>9ymk^XeK44ie+(GgY zpR;25qe43Qqi{&fnbm;-J%8sqDZkVunC)CDA(;=XqrY}~?FI0nmA3!qX6)EpHJMp3S;oZ`Sh0x_<@rre3eHfl-v%H+;%^ zv;BG5_eb%pOOFuAO=j*?;Yh*MVXPodGCs#?5%(CIFtUCR`anebgZ*?P!l>yta)1!li?NZ88$#~EZmw1JU`MQbsMUbMP|Q*uB`Bp zO&nAJCzj*zRno-}xUf%9b%C6DcAmO(Q*Ao@1v#aXX~9d94~7MF5!f#vL&oFO|CDX&dkPUskdz3O9G3=%4)Am zi`oon7~tl}gAFm2XXuw=3zkZ+s8~&WI|(gzCOVO}t00G^4Jn@(4rwjcO>O>&uJeU; zq|)_bBjw>@4q9bH=T+#eJWy3;6Lr=T!kdv_oOeouDHs~sXz^?#LD@E-tla!1IMiO ziT+R$medRWy@6;mjZI8E@4eGC>TgD6`8!@bW;*dXDnjCe^)u(oIFsF&<>8P<=>G(xPlDfnrILp z5L};$x(6WzkP<;;MA^Z!t514fpwJoiN2hg`($Rh~5k+Y3$2${Hpj`2mlqDM>-ITSX z=g{w{Q|&Xoc`Fn|-dFbSgR4PI?^^gjs?*=He?LUUFkCHvkKYi-GN0hNQ z{^1XQUT|fj72$yOui!hyDVE&EXJe<6Lh3M{D8hJY-VS;KQw_sxs8}g!-LqXe)IfE z0T~)d&dFmZZQ_&pQJ|l9M(NH0e&rG1^Y4~K{jZj!VCdv*>O?LIoO%0i>x7E5Jh~#r zEd#;RDd;*d{%0!GkXj0~w5{P1{(>D!6;p9CY$U=2mH9I9meSXdw@}y&It@-a6pDEh z0BnZE^H-7Ei*hLI5the3H-{dJ&ZDn+^xN95U{-j;L8()a)}YK(B8yWHbCI19PH^R* z28yctUIv41rQ;e6zh^^WVYCWmWwZnswU!yCaF-eedT0v2cKX;bj3LmQW)FYmY3-XTD5vH$<8Nj{F zq){I>liX>zXxRtF()(zo(})8m{2W=WW$@9wxVr4 zg;&n7tC(+Nq_a05?;7k?kR!AQrVB&m-5bPpd^kgywK!<138G#Q;Yh<6l2N8^reUVe z7z2r1{gv_Zk?|{?5)}g43ZB@-*`2}OB;B=~?>D8i{sTAhiOD24?@w+TEIrL$GN=+)A78KU6DCCV;$3s>Tqk#~N#2%9#e{HxGACh@qZJ#LuYf(mwar@b zl9VDA-AS&a+IWG4o_R+;zhPAbKe(e^^WtSEsBIfW1{K2lMF&vqg4c3EG0HOS;sVbI z2tIp(-<7@yEUh1|T@U}(0EajWV@g3P^!n?`0Ut)S@@b2IU4$QoplEmu#;P05(|oRt zWKvR5mBh6QjMr%xx=JqM+P>oXPxrV9yzP3baQ!o4&e~-1bQ2Z0pA5*hh-y6O^5;kQ=TR#goINJ z0A)TpBJ!3d<^cH`jMzhr0IxgUnlNicg?|Qe~!vwi%Ooy9%CU_w-s2GE$JG+u!d(_ z@coqhQRtjasjJasA8CrkJ894DZrRk|pG25Sx=np}LdgLH1xv9?L#)Th^|OG;h!Fu| zgg95-Tz6QHaz?BY6usAbMPj;G-)Onp)|($kf}aGB<9!1Y^&exg`?=ePS&d&u!cU$2 ze$2*9NOdt`1j}#PEM+)19YI1A>j6-wBf^OTIz&=6y!`;ivc&@u%8un*LC7n@VQ(aJ za*aktUO3&}4Z&{TtOHX-NQU^GW-w%6;C2wzYiX%M05IqY)80&+#I#Q^Zj3U`pK%%4 zp48+9^?XBbX`e@D_RoV#Ef%#zPqy6NYIANat{5UJEh<1SKVZxh(ML~YZySQRgZ8)% z;N=XaU+6HT-4`i^P92@LC4q?~8ylY-%+RZZ4E79@!K^M2e6ij1Vy~QAnWhI*BC*%Y z9Oe{V7nh-sMck?s=c(zURrO*yHQ2(7oAPKh06W>W7#JADQ-#;r(gu)?Aad%~h*pT! zy3X?f{7#=GTn+p_1eXS9-JiV)v)2@8KtZehQPBS$(%cIg*n0B#Dx$Oi?Bhe>OD~kQ zU0?ESQz6QaO7>fcCoS3uz)*bagJu|&BP)q6sdQS6fzbgi(EbX|oRb7bZGY%6^&{){ zFv8Wv=`E-MyfmZhE7*ut$`sRB%yXXz@#rti3D&m0V?-lvJ6>i0NRBTlRDss8 z#vvr{KfBA-^i}A_noMo#O*Myt^;sWYtLxb^6@}cEjWFpr^Ip{~G*kvWZF8hyrL?dM zfQ}B0&&RFJh{-t)ImSU2V&V6!*>B1hECYhsOLgcYvSeI;aLXuu4|XT0@ts|IW^E}Z zLy8X*5H8D8Qm~*~ta7((zuNf)D#>R*bl2Q-q@IS&Wur2i3|cl@H2A|URyWg405w1$ zQ;N@xte5R_Nwe19^ip5*(!R!bf*=QBl^1Gn?$=M4eb}gy>mM``fnPg!|{}sLobS3 zGxt8Tb#ke~k!N%hqf=AJQ7*kqWY^2)Ex_VVZBCl>l#$5Cp`@_h!@JkK|3Ec=Hc<0% zKT2$%U>G33es$sD;QsxuF8oe^4eLMp4F(12-%;*Y0nO?M-4FTyqFLa3|3dlGvirQ{ zFG2yL{k81p!2h2X-xorDk^J8m|L`3@$Nm3=bMIz;QR*LYenI{i_J0ifa5(;cxc?U& z|1Yq=kNQ7+$^D%D!^yY%Is0EU4Ak`_0sdl`@z=*6yx+eBICcLJ{lD$&Kwf{){q)=~ zQUOlP{J;PvrvKd%?q}zIQTShLtbmdH-xfX`#<`!I`$av!FTB48{5*mmzx&}_$nO>r ziSl25f4uu1;=v5hW1NRm5G23&0Dckyrh9&V@85BLYomP(_i#Rd>^Hbf^uNLV(;&rT zz=tjG_x*6cXbR(RfRFt3W2}eG-1o((U!;ijH>`&(^N)cZHX{EH)P?;wpog8{kAWU` z+milb2lz<==U;&SDE^1ds=qT<12mFH+I-lt`_^{0TyU(El z9wz_9+duoRhxO6ljbWGeZ#WN2#E%(zSS9@3O3$DC3(y~}^j<{&Jp_I~qj~6m!@I9E zK4#`&4*hpe>iPG@_g?w;I^$!whrHY;-hWXE%kRAWydOMX|1j@+pLYL6`~SH9o}+(F z!aoLom@>Ri9si;rwtr&o0r-Ct$&Vo)rpxXF^I!CaZKf!RK| z{r;YOd(7*@yY+oG>lYny{Tt%nb6by5AKngsw`L#SKcoKhHhXvp`aRe~<^MC@AI14F j!v0-Ro&tY@{ri1NK^pQ$s6_=r1(FR6pj-s+1^NE~{GXc0 literal 0 HcmV?d00001 diff --git a/M2LPlugin/lib/mspl_class.jar b/M2LPlugin/lib/mspl_class.jar new file mode 100644 index 0000000000000000000000000000000000000000..945ae191c78217682a95527b2b5df06b6322e963 GIT binary patch literal 85222 zcmaI81x(!Sw=IlQthg6c z?Ie@@5|Wu@)_T@nd+q(8Bnu6L1@Y$18;DA;WGRUM_QHaIfshwh129P|NU+EQ6r?4@ zRn?f~C4LP;KwQcX56Q_gF;Ae#GSQC?kJYHKPIIjP-24dzp(G3crrICsgz)vF@L%6b z|Mv@+ME>U&ki7oY7HDb5Vg+;qve-I1*ccew0G*v#q*RsUnE!cE2t0hAgB zJ6o&HqXN!u{=Xi6L3fBw%YYH|qVu>r!}${d>E9$Ifs|969t*rSDeDM~O$wCqLLO5B z%30X7#F!_UG?mNgoVsqA@-J-rZA1hm#xoN|ClbX#IitLpaA{bp7*<3HM=Y1Reb@`d z_a3;CD6-@$S?ZKq`1lL~7=%2NoHhXk^)q3}N%|Ab&gbFWizf)%*4J+*zEKIN1BgEt zH-3tQij=pVJ_IhS2h~#w9q}TVPRB!!+?MVw7|X-G|Kcwn#Gm{)coDzWu2M4A-j3|$ zj}423kgm{CQm4(>!jwK>AvN_Zm-@Y*;C=C#cDEvpYk&*`{#%i{iiOIdb;uILqhA!W ztZJ5DkQYf5c@`dCGC6F3FYDr$O&vG)>Bz@bG|SoW+xzfCom-T98rfeJAE7?rs1bzt+QfOOjN57l}aT;y>T9mFtu+=-&|keqJjUFHBkY@?7oRK5kU{Zu zsw_)~(Hg<_+LRi4wK0y*P9{1>+PR0Ly>xl+_~O@)F22A&qiL_0%}rdfl(10fqKa<$ zrgJ{(Q*`wbFUWDauLV6sTBiG}0KxMa_vkEhxoh*RBN)%G)P zYj_vs-GrfyFeuW8Zh>8`%JlrI13tpw8|yXgX9TsL6u3@XxyTGpx;SUIxbKAXo<2#= zs#3U=KP)PPO-sSoiT(6~yHyN@Xfx)&A@v3_m^-{eIsx@JNNN8Bsg#!kbYviV*T{{Kz}ckPq)@Poh$5L7m|P=nd;wICIVU#g_P-## zZc)eis0lE0zD1k2J;Lv;B%Y7BWx4QWeRMNhd-PlLG5hHLaD3X&0>O&xE;=rpxunFY zx~fu-y_q)lUs~4;;LJIM4EQ8m!Z3mDEc$WOUU`NLZPg`x6T`I>Dxkhs z#&4vG%h@_Qkq{X*-b@?d)T0)$u@q+(d=k# z$VV8NPM3y?9+>7mA+yD{fFaljhLPOBW3DVryZSf)R^=;MpEy&kQxiAPw2A)V-TA4e z2w3;6_aUP@F@d`>=g+K zq&+2K^L}`WkX*NIznmwi5WX}OhNy4O%c|ui3yhc|Wb0v?c`NgysFiBCC&^aGplwZZ zYa~*~IS9-=|I9zc=xL(sw7UG6%s#WSlm8Wi@Q~{HjkV6&VwFC|uiZwGsxLV=wVn4NO}*MSw;RNYL}h{9c38G0 zjW%0;8}IBY(NE*e-kg!V9ffMWJ_%dtwZYqE`XKSCfq+s@Ogx+-H7p#XEHx|=!!}ha z4C6R;4~>eq3T?vxU$BLhYD>xi`NsFtmc8R71kL%vHk{-JmSA2rghDs|JA`!C20dFp z_>~sH%ZTx1Xk7kF%3{LC=86{q7tNHI#tF$i&m)aJ#*$Vq zK!P6{yg(i=>9a^2q!8Gd44jE)(t&ybCBSm{2`myvCIn_617ov+<4Cr-yjG_n@o@s9 z?f`Bfq&Y@$=t5wcE1z;`C;2z*JMj1PFim7|_?JOGl4G&Fq+23!2tr^*GH@=QNf+t` zlE9C{PsJ{`&j=! zGOaQo0}Vj)%}_U9-Xy>l>!Bh@5Ask6M#B#73_<{$kqRXC)m~i%@8c`K3?{C3qMqgS zd~p<&3Um`y*PJQ2_44-h_Jgd9?B!QMR*#jnT{+XW^UNUg4w#vc;-Qp(k#&`{RIOg%YVVMI&RCqG= zr%p4Q0a06HCe%k#-Ic~K=8=!cAs`ai@(=NB11coT3d8+Mg0U{N0uu=m2^R9!LUM7G zt+xHCe21f|DHN_tn``QaU8-Dj*nM|^%XS7SF7F|AvB2aXF22|4>BLKt$R$DEf)n^7 z0vM@>&g7u$PEHgutHHY-wPW8rd1Adt)_ngv*DUY0jqA7PNHeEol~50mVemQ9EQ;KU z@yR{HZifh>v9(fJ!rY%J-?NI;-$9ZJeVOjZ;EO@HuomN$zE0@C%4ZWD(hlMo?r)OK z)l1T6Y=!=f=wZa|jnk`8@BUS&>HdbOshx|Z@jsCMN2yi+W8`9Yy621Kt!-^f>t}pE zJ(3D)BWCF^iZM~YR@@95kco*q_mPdrMFkdCC%peBA(_^iaG8YTdKPE%lW)#D%iiYx z&%e$wJ20o&rC5(z^ym*UNgRh}pm&3g9m>icSoe^yrM|*Xs^aJ3eUpIF?K)u?JNHU# zw#}3WqWa>?jr!V?J{fjZmV^jl{A%4~$abWv8*(T?x8l{iE;U=1o$;2ST#65FkE`WC zV@qI=R2f)LCDSgi#aE&EsJR{Aa}DJL<|yUL#i$6ile}YEbqr?PSXj1nHu!SMn1=YE z!tsu~e4PBEbq*82(LQU`RIO+G7MTz>w@QTIK_xo+qB^*UU0`!mNzOLC$8~JEK~;F? z)VInIgt4Dtuxy*-R`ID+nPFdxR_*rY0YFhS){R4Nb_HpU} zbsfzv6BO%OoP3Do4*7^Hv#NHnUlE(Tuouddo|p~h+r}a^$jv&Bpv{+(OW+NaPYXGBF^?zFjfhklO>z^&O5mK;qd4qy@-zh1tgT`~w$x+zO0R>Ca_#AvwM>Yu0 znqMsB{%I_t+*4GnwZmDQPnUUiS2@hh|LrU=ZFb{~w2&I7S0()h+d6Khy$u|#+dwg5 z?~^7-Ly^0u#N=e}XclRwh^C*V2z)7@+H>B4@@cv(Ix0z77N^zcl=u+}=c5Se%3D^I zv1C?!`&juzPLNj7$+|c3j+)qH9ON6D&`;t}lQxJzMMOoWwL@{`YO(n2EOL@qaeZ>= zuzESO@|4;08SEc;69PV@Xe9KymdW?5h?0G^u8QI~ zWmNj8dl1tvS+Ke!JmYJiW!*KKNdrDVc*zW%Kl-?(eo58cHtz2pg<+ziQhl959KKa@6U1Fx(eE7eEqPJ#~#ZbqLeY^?zhak;WVtv zUB@tFC5a+B;UcpR@1?;9xpAmH8!uSwM5rGXu~fccWn+ZcP$JPOBJxm-uFH_o+4QA9 zdI&ovR)?zTqZejIFfGn95^tRISEB0tm8jf*BdU`b(AZSf z)W+2KpQ`vjU2n3Iyeu>uns3#ThIO4z9sS3rMlEa#FSX!F9a={6dMx_{I|>Q68q-9k zYjaNw{yXR=<;^1vh0-lXoA4he(_n;D31Eg||AX zA>rPYXuB^vR;)B9x}u2y?goCiOP)c~&=b#k?lc5v(3KtWh?+GlnmQZ+4RGQ*<iccdiSxPs&-Vcam;9D;c&^0o2}w1g8~v0z z&q#-nQ#SgID4>jibjOAqabYMz%#R^V+)xe#~WK1@*zO7uX_^YAmvhKzs%m2DlQE-)NPNr|iqT7CY0w7CX*Ap`~JK;%aOv z0<<%6w={9F0Q>`(nx}*5fBH;Sefud^thN&xYb3%PYosWsCBuE{5veem@!S}8grZNJ z60ogm3P!f87zGg-woeRk!czQa(09sVhm z1y^mSu61uih%8m}Nz-DPbhcJSy_bDF5?m@Ia~PGQDFvcg1Ta#A(28B3I+lNu|5pu{CY{VPUl%~e&0RVJd?)l z{5DQ4h&+k4cww8$`ir#$V}9cMs`D1)8oB2duEH-5^2yO;N}hybS>5g-Y3%~e9ZVDf z9Xkf)^Nx)wfK;8ydt8?YrjvG`iBoi~wsa0|?|h}kSmWLE_XB`VkH{AGlVZGzb&i6} zK=_$bXlL9WAEw69E%aU~R-E_k-Cds>x5>-%KHNjtt?S4_D1}l*-Fb>QM?7Kce5U~` zvJW(@yUDCdxQu4L=l%gW%yy+3b&IdT)U=>1tPS+kjp0LUOr*;dpxai@kMmv-SxgiW zB;DQ06LIn&0@Yx6+bWf$>hDy7-~{Dt3|{`JWckw)7U-{ZoBwOJ@yAN00kku=cXcy$ z`aeyuy#16g8mRx?!s38iehEf~EJ=mbQbxaBNWF+&tvF0LaBvgEeS%S6Jr_S0lRyID z?gz2l6d(rJ{M3Vu;D=!}E1xl~P4&*m+kDl1cL87b{`&S26{7L&EqmN}<~CYiwC^N2 zh~mqQ>=3mG9`!~FVQt~(fF!sn;39P^kiYCyb!g5o%QZLCJ3!oL$H_>S`IfH#$fj&} zzEdm6>y|6kAIIT4&$LP4jBWEk(_yGW7J$d4HoD%J(6#Rt8N)OhH>Pd>k+=k2u-8^4 z{R0-lFc9WGtfE)%s}mBDr!#B5Brjm8ku#RbJlkf<*#Ld?=`EbRc%^0qAia6SBj?9Q z7Veu*SwPVslP050?fPYbFCmoa(?FaZPVfv~fg)6aLYsb|e3ui~9C^JoKlR*-;h_IW zrFCT8##FamGQl*-Vv$HwcIxa03kQWz&ZrF>qaK{zY9n~hR+q?m$j#Af(RW-1DUF5Q z!HjG)SWrh2KTv7NnXrkd^QdTIcF!oE4=lJRoy9}budsq;(6{&qQaC@(kO_6neKosj zBJ{vnF>|6;jW?8c6Ad~Db6>13L@RGtvK*Xiz7RSn=Wc7eEWA+)Lh2UKzxIHE+dY?) zetMXSOQ`8phttIL5DNI=2&pY6SBSw&O|2eIC%3H@ZYj5|9-ih9P{H>RDV6=KT)HsX zUg;?c72!k3Tovmb-p+Y33F0~@jI8T$deGI6q2aX&wR39nj-Af2=kRAPc!RRc>40fUZl zw|n=jP`Sl0+R;HiYJsIi0F5nD_`Q2xs2-)j(tdy+J)pb@FuO(iW8%`BRtoCHDsNZf z4qs|UK8jhn5w>AtbOYD%_8;9X;>DM(`EBRm|7Pd@m=P;k8aw|V{sWw+B(VBl4(A=y z!zgpfIOP!n#@8v)0J2C}37dEYY_6CD=5hrBE+(dsY}H9t$DCKtNraM(*ILZT&>XqL z4(sE_sK*(o5Nm<^x&sl>tukKcR@bX9&;BiswZ9%$hBP4ryS)eyKoehpJP$<1L*v#) zQ@;jkQOK?iQ|Kn8*pVO5mmKW&OJ?|%OF1Z+ra18WWMoX)ex$UBna&X?tQ4O|P?Z*s zILBuT%c`g}FJztJ9JX635ovfS;P>2gA&(Qba1?`BZ{uB5$VJUOF$ zoc-bi?o=F?n$stW0vVcWXoDe|AfSSR}) zwvzt*c3EW~- z6l>a{yXn$3J`IZl{L}-}JGHUFdRW`d zgo^vwA4H?$Q;2ODKec*YeQ@=#tZ84QUgD(?-l5@P;bGw6;GyF^{}UIXKN2pMyv9Yl ze~pWX|Kzs-a{p&Eq%>N;azzj-UA0GD2D%Tz%!EHazIZfaJvs;3`j*lb)ex729i2k8lBxv8DV zR}$ce?~BX^3$k`ZO(pbvYM!{Kk4fWZB^>>^Q?5jSI!k?`asRAs} zpSy;0l^O?4f_iu0f4klVc2*bOSJw;iSJ%t>ClpjnU+sspsgjeuhv&bU-G4RKuagz1 z*U3s>Ytq6<^<)EL_EEK1tT?F#8Y8+D#ueHY?{v>m>2PVjP)R{%sGqP9J#ULnTUafU z`A+(!{>{<-lh+G`LzD^}0;qZ{&+VIMEMNO^A-tlab;g%H1moUlgohyd)3cPM4bmXW z?g=fQycO=QMbO3~J@KG0s&<40^1f=3sYf4cUCok-ltxfJ*a(q>CpXSa%OMYEPX7m$ zTu?)jA-E-=UpjRJ8Q=<(SvKz1V{|nk2O^lLE{!vsEnX*75>;c3`exUUmkR z4Wy&<7Bwltg;ZU#+9=`_At@_!lV${+3tiUl%=SdaXHCcYf93Clvj`6(mSACuH3G5I zj0ULPqfAw}NR!I45#heJFKq8&#(8jWceffpiSxdfb_sv*3@|Ot6rNL$1u{F@#l*!W0%>Li98WJ<400lr3FF6lbrvP{LpQb$eu5Ah{16oGXwFou(zL6wGFEYm3SrSHjgAP# zj7%4ap!vly_h=d$s3~kJYf;V7nuw$j`01jjOcMb$$qcfHfOlCO_9D6j9Rb{ znq#l{L~qS))7?=f_r0KYc4N(@L9pP`2@^3dGz_= zd3TouLh-B;F&0R*p%OxJPlk%g5xyqL_MZAEuW7JZnOap{JdNxQRmL~&v1teAy*LMF zj`7LKZn&WbXJaX-SHQUO`3pNcx~SzgEslQPujcfiSwwCKl-Y-sN4;v+fVlqQ;snXVE_Z8n^bn$$pg&NPA< zX7$!XDF0}^>gSpzNh~dyp93g z**LYX;{e3m0QWzEC(Vyfy5``u%DbOf_xnxTe2uzs4R4OMuljb}8Hqoaw;XXhJ}3Zz z5%gF#wcGR_jk_O)>_$x^PE_5b4MQ}lc!@kw4o^FfpMLx%i{K!f&%!HFj$dovpUJ}V zC$fm!89RA8{BJXo=>HVLs;S>`ko8Pnb5+D>R~~tipfH|TEtY#i8eEhKdpD)(;+PXv z;~Df5?fIw{Y?c&eV}B!fDZvQeR@O5|70 zD{=Pqb_`@!7Q{w^3o*0%(!F^aOFV_v5CiW{rKZ?PN;Kaz`T4JsyhGIJZlA3fMA?!g z67+Nr!52|!vS#Vwd8&uadC3XUxVSxe%tuSByBrQ!tz4g9aL9 zFN<;G02#~ft&M5ZWhu6hK+AxfvGuwm;iR~36?{)DJbHc09@lJW^lOhy7|}Xw(eelW z1WQ3Cuk#!iWXY8#1D`&n<{D|Nh5^V!YaVCB}>LOOrp3Qzs^pOI<6G z9xQT0C-P9Kb#sTuoJjreB6@KVag@k)!4ckC)VjZ3F&a3V8P=$jXjhov-B1renXZ%u zt^g1J!RRCl?O5^^BZa?W^v4YXIeT++OFQ%bO>%!P7|EBFS=L_Hkbv`HZ#!`Tbiv%P zK;=rRFhQ^hM>$1JjiXz`w0~aa8^M1P)r^7cnc#!&;Wp<}p4)HUyN|IIYY@x*3eeb~ zvS3-F)}ICZQq|#J*mU1a0jYge(~d%erp1J3cu!4@L25rz9D$9!@)O7m2mFuQ&tj~l zpqS#un4qm?r5m#DhZ>RHSM5z3h{y0Pn_5;M#5>{b(soEGG^D)#u>PaE^HK~YNh)}> z2pouhifGx>D5J^-dY~vWZ68y*_7;UZB_)c)Db}(xMz;n1RI)nHm6GU6cQ~-B%R|=` zwafMW3}Er6knU5sJAIA|Q((Msa65=u`9Y+f!Au1x7F@8?QnoKs!CT zi3Mhi$lR7hCx`0`8F9Ab*6~MB89PYxW5ze9dmppagj3?nj{Q3GVz<>C(oUL@9<;Jr z1YixZHT8bJoizi0AAdf>z3`Lb zGSUC!&4krIi)ki_)DpVJm^rhvI?3{pCqXQMDq4$J!G(shXuh;EdXIjaZ9+^8N2Z7|rdj0E*Bz^e zBqU{8N>IqwSYYICbgePUK7zt5$>DN8@D~32PGA;C^;KL+TElm%BC}Zh^0whOMB!C( z+mu-CDvnkyRJmgqF>PD4SJW!<0>5r&ys<;NmBd8yrgQT>#Gt**&YlbTJpqxZY12kJ zdB^yo&*5t9D`thwL2MK5n?)8`5kt0mJyf9Hc(qMW9Qk0u_1r;=SZLyyrj(tJSl0V| z((Ee}_db+a&uLP!*Lqvke6){KFg(+sAYRAB7pE4xG%FnE7?0EmZ)>4Z7t)(tXsR}Sg*U*dYvbIuN6J;oQ} zo72AEs~7Wx#OB1Tb=crq3W*J)^&gY#aJ9hMqTdDk4LvQ+`Oh&bxfl zGP;-nssS9abU#SgcnQZCaQRQa1ce_Iee}wrt-rG9k7<>(s0!de9xq8&bxH}VUoo>) z#v|ndZEXxn1`7+jPUl-TQ3fQ)v40u#26rmh5+k_oA{ zk7_m>r3AOmhbjBk{0^M3%9;oBzD|89A->svDL2Qu)JD*nq#@IutqZ%rDekNT9o=s zZgEox8o58(bkGQ`CwmC+XLPnNS5THNS`iJ@B7Jz~ZdZKrD)goX8dTnBv~`HOWiU?I zdTV3X@0T~dS^VghBrEM?E93Je#`69|bmOjTsgGAX&Fk59UrMM9U~6TFK(dtEV$_?3 z^LBq69-h-;NT$CTciUM5sB9>77H_JrIxm||x-ZDs_rw+ck}32!7SQpnCl9xdB8|ZC zVGV{LeKPCq0hh%MqtJzW0UjUOoGl`saB%tLLGnoMHOR#x|2kpA%c=!4&rsZ%&U|lN zq^X>>z~u)y&dnF29NyaF=;Y8Wa-8~aMxR~x<_Q_bB&_Lf+~3hU%7?;GEp~}<(r2^` zZgV&Z2?6FPW3EA`>+9C7 zg#q0jr7Sq1>u-p!6Ch(YyCGTy-_qO!yRUCEQ1K6e6uZ+{(r|)~*RTP)UkO4@Si?iGWX20{9v2%(atpvFZ;G zWBpLt{?cnT7`Vg=?=C}9(&GQm`Y{j0wU^=RK@~#$o7JZOljKWS+PIiH{r`l8lz;}p^cvQv8| zzw&VGwvOF@`TnE*1>)?@Edwpw;Cez$x9*&Q+C5^zzE!*Y?({Q@A2}=g9RoMwQUF%i+>AUj;uhfYS*tJVr(OzzH7& z|Mmmw=oT%W3>V_vcZ)OnnCAGf5E(jY>GM=XPVdM;X3KN3M4hMzPHtmbp=6nScx3S( z0;D&r_~8T*jUW5f^^7g9@-W6~JZP^F3Q}ygq`^6mbCd1P=5)R^`mvw2Nw4P#B3*#~ zC4Sz1Z0h4y2WLvulTV>~m%9MI1oyt2sLi@9%Bd{U*_1Tt^YLutN8Hm!Oi)*<*is;; z*dzOa-r@B(*GEZYK3tBbX0|C}QP=Fm0VDwo0^M4aTW{Kh$D>b#6p5;ho4*r zxxgFLeH$fy(jl;y_gdvs8Z&I^xVD=Di9GM2Dx^l$&SZmw@!Ma4*NPlxTOnsm%cC36 zD!8Ry_Ad;xFDd0br|4|@pR>5sf8rn6cB|8_#~5?3q0uS^@F z#p~g6?v@1Nn_*KlLVz849m?BnEjVd63&DhVZ5$h(N9le~`ZhQ2+^+fwv{WVlh3&gm zqIa|xP-VM|Rxcuk)h)BQ7B)>;2Zk7`Qx@4&teBQ1tJ?#@d5=zpNgaCIQeWETTsOYk za6d_zLmf_tk6p@T*6dy+O_wvn;8>-Oh)5b%eb%kOoS948G0LhN{fvdX9EP~_;e&!4 z>$n>pn4X|jQBEqidN}XV;4QYMO-$ZE)BK`%wSu#o!Lis96vOUr`Zx*$CNrzS<$I`- zUD+c#>@UMrgIf>QM@2w|gS^^q3W2Mf1M-$@4{*bc&KHWbV#Jj~$%eeorz*SH&r?}5 zUSIfj)QfHP0*1`5Gx%-|EOPgpVaujP`RYB)v9AliMd-bI@h#=(@uGL!Qe|TdAQ6gC zJX@C>s~`EO^dRi~Ovvo}vloWfM)&6qHFHhIFX%I$yeI>vV`MW=zrpOe4}t}(v4@SF zLtpXjfLZg8pXj>CH@G+6ZZK~UZwPKcZjb@@|A~Gc4T{`HUWu~(SEBqeKb5d|dRE2nT^gLSLSi;x~;9fo;g-G zZ0WZAAhki=S$8^kIvaXZPRCfWc@sj6;+&wT@M(5I)6~L~TD)p=YAkU%Ln}C*ZTubI zqF(j)R!B?Rwp4g2K9~+On;O*jnW@nvdB*d%{V&_bAfs*?@a;a$|?$gVwS{UQZQ=D-y*xFr4jGBYu)`<|k<-%nQd+-48#f zSy-N&LB|v6kh~?HVsIs*yTHOI9LqP#s-tlVu6JXtn~sdv-7griRS1hD3853R-Z@&C z!?Mn#4UeD!&1Ms&+*HL#Y&q5Rd&qH~uQ$7sA7Wv78>C#~A7r71v^wea=ibd$#ZRAf zKqa+9{yy|F;of|9uUJ<9wX6K2w^LCCi2ldhC63s=PU8E`FQwmwCZ)j1ASFRjNoT=LJ*#1zQKn=V*c61n<;A5bTRG;p7y z)dwp9_Y4iRyH;E{pIRkhDbt$TZynOJ(w@!cQz<_{i zW<#UQY^3yFVRhV8$Qkxlxx4i4xDbj?wzVg?U7;;XXf7X|>=ACgjshN>4sorH_zo(q zr=cg<6v4dVvDzI52QF^=Y~Gydk-Cb?q$KWaeL{g}T2b552#&%9C$#{>H5XC_OEg6! zCsEYu1US!-Z*!``c2)q5DN_4dQda@66~Q)>*Qz|Er3K)NW!$Y!+>%$E8NoKRm*6+V zgaE#HbAe`GnLLLS{N)gD2Y(;*_kRCukz6lP*IK<&_VKT4W`C3*HK3EZsmt%}Yp?$& zu~J@o9j&1W?5iKE`(eO@`Kb2vp+7R&;HrDUZ|rN zp`&IU7*6M*N%MU1@P)1n?ImYNPL7j3Ub%!n38^nDhwd%AKHzW0E+=SdDIl=F%vYOq zjR3RRT=&pOVGhuoh z03ocw=y7>aV*Vf;ZsN0)UVeG8zQvcprH+AeB*%;h`Bs<_90~lzKdS)BCM%=tES~Ml z^Cz2-7wY8qip{$CqSCBhSQdVeQBOMZ1g*(7VEa^X(6Y0AH7{hObz(3j zzRQU!ZP>i)kEijNsP{%$eHLxZ?$j(lxc{L~X;&m`<$H|XZ4nO!r0c2sQ-&{N09>pI z+ajk!wfIHrH2g&}E;9cVRS?F42!UQV+QJ44L-Ua`C!Gj~1NUhZbrQe?2@O!+&z7HH$a;pu9C%mvV>LU{!q5T1ix%q+ScX-xS+8 zW=)RPK1exlm;&8EkUaBD;OK;%H8rYItf&J)Bu)eE6e@Q7< zx0nk1Par8#38lJl_=+G#G8T$2JsME^-_4F z`D(~Lj_-#W_;2${g9Tq2GLYxCTyd9RNH13Sk&AOh7n#;Ipgcq%16&oPHQ}a^i9#k| zL03!_j81zUO2mAXiCGnt`fP-=I3Yq~MFy|C5@S1~P`7#Q_ApZbb&MA&s2?j`OSy&;!XTZCV0a#k!9 zo+cB?y|lhWgsI|dyVe9BLZLu-^&_y$AN@KGqswCxSKZ)4vr?xw>dh4y>Mr&~g&a%D z9MKBn8Z4#a+EtuZF-wkPJI+1!Vb`$>* zfDoOhI4U2To^6Yi$M5e~#%!@Iu{2<}ZFaK!m2SoCL%pXw1>bQ3GjDJX`#xIva+L z%A#h6=QWZ2*zsES7cBz|szS@}uVIdQ1$}3Ygx=O-`S*3k#%~(goCA#kxQeQ7GUl<- z{+*pD2kGI0nP0SnSR2312#>eqfC3&Ow&b^Hkavu&Vs;400o_6qd^bcP1qN(4u-&}b zRBm_)AE$Z|ughiRwI5^;l!7dlx2qu$zx5R1bz>@bGgN^Tx8%|{!V5Rvt6g$WIQ$?J zlocY<2}zGd^u%S@CTH$N;32`j_+}+Yi8%2rwNYKvWCXGecGINuQhW8vjS>x0h;xox zJd=p{A*CYUyKaPjpHzv690cW8|M&dnZ*3;upH8ZZsja<>DZtp+)Y)0V)WzN2$@+iv z5C3|KjAUJVtoK;`v56~;d}$`#OnO~;KbxgLK|;a2fe{fQbs-#QmSG48PS-bQ8}=Yy zBJ9E>$@JZY9>1-}c!PjeA=TQ&N0Qlkso}`a7ZANwjm_fRck^<3`E`qf!~VthoB%>1 zGb!jT6b;3oxI--S1gT2oMuwGCGU6a(1lQL>jWm@SIiawh&jVVFXI`QzBgXMT$N`rM zhhk-Y(ZL|*Efjjo9?rxF;fhJMgEYduxYW=NkV>_-l(;~l#eleP)F<4Dp966mS;`Y@ zYGP_@D9q;%QRAhfl*LYg`(ee8FkU9halkABi?@4xh)vp$RKBnv?%N0AcgsDQIb*`C0fT$Gr|e}#P|C? z;9=F&tVQRQaMmM<1s!V8TE#7UFS&mcZ9+BTY zvY&e=DVJBZ{S!3KZ{)1!Xw!s1W|UD%ap2%YFx2UU1$U`84fSBkb;pJH)w};>ojbrY8X6@O~R<1?H5 z=N=#4o5}eM3882K%OiPXvT#C2NgvPiW=Kg$i9j~Kt9RVLqTdr$;#cSoY+LU2m#krR z;LJy$Tca$^rGD?~Fi5#?o@&K(%iD2ObH}?LKjXl=`?4r&W}mg|RxRqUntWn-;zomC znIP?I6DPnewSrKMdeb6&Gf#>r@E`=3r3y#=z~D3v=eZ4o@1nV#iE=^cKyCJ+EOAIw~6W~y(}sa+n3r_8S@KHQW8Z26{xL?_qXKF;>JYUUZPg&jZa z3gSz}-D&>|5tiUT#!TJjjI`oa7qtEwKmBnPL);E%Wb>*E|LvNq%D;D2YHaDs)Dda3 zH{rAMm^KCP3KKZBFywM1q>Q&as zJ=#R#{POgCP563sD)J0ZgMvBvC5^;Us56zPm z%V~eykmJ_@Loa25CVzJ6Ow9vwjf9VMF8cGk=ud3J{E0Gsy2wplIkG*rE4ZfHtOlK? zdcf2}DXNcD%8IGJ1-+Hy6OgDa%Tl+a>GyYuxlnV|4bn4A#1VHsrqN!;gJj9V#>JVR z@F%OcYQJ35<>`%uP!Lm#(Vy=3z!*t3gLWjdVl&=$_w{bs!v<7pd_AHdoXUK?^={s< z;<>ToPDUfDDe*cNMTsJA<@N1aIdia+D|H(FA`%|D9m}byMN>UoHH5Axe>!A*li?`z`>CgK^t=M@dGfgONxd&Kdn+WcFE_ zsG3iiP_p9MGKt_takS{{D9o@a&G`2O`s&swdAY_RH*vd zZGJqe3L5cuR&fzHM0MX=6!)5hO_FPNDW0?h-O!~L7HP3($#Gjv8|`S1^U5;Cx=DC@ z?jr37F2-NhYS=g;A=UCyK;Tq~@%4uE!Q5kN2%3Onod&EMza`uv=(Fx+tc+8nN)N{0janzu5j{Y@}ty)l7{o?Cfpq%{~8bC-SeINlww# zBvi-hzl8|E0m){G(aKwwX}n2Es-Lx@7^K3IX?(+`p|r)yLs>9PHJVnruD73H-Rb(5LdBPT$iIq!sGL45*#WPG44k)Qkxw^1nRpnnO6iM-lIh8!mD; zCVCmY!>7|#D-E>77s=I_W9KnTA)0fNrO^eM&kvh_M0K%bl|?*Q;KMe%fVTTq91I7Y zTunBATn2qU?p%V60;&N(4mrpa5v^@0><7SYEvfhKat}Fo-ZF8YekixUTXwDNiWYWA z=dCZB7IcrG+v5DF>4~HH;TM5zo;Ao!FShW5Ghb>14oT^VR zDHXKQti(76^SO&4vRwZ>6>Z*XmA;AicBmfia}J!DfDY@yhF??);UxTaGh0?7f@DxU zh=;MUycZe%c06rip##rZ?lgDv{jI=m)mZVeajycu7|I-ukfDzT8a3>F--}&^7gkC&}So zd83AUASbX86>Z8ohuJ+PL&F!t%ee5L-{EHEm@dNeQf{Y=8S9Mfw(;4`a4fKYw#&#w z;i1?K6y$rP;sf7B<&~xZfBe7RR3wgSvHL?$luo|Df!)$!7o@z?-Jde*Q2GI|F{Xp5rR4sqnDdfLsF zGbp$|@-WBZZ7O6rrGOzkDW$e@LuL8)>@zPEQM#w;GmexegpUtz?RnQtTixJMr_K;R zUb8~lb(CD>AttiUkozGH*khm5L;)n0DwuqY16!-_5w7J@!T_IS#4MIF;Whf>+ zH4A)8P+uTyS41jF3AQEJPC>ljv1+$~b_#`QDhc$F4qVOwoD`E9WbGVsliJ6T-m1sh zOT{%<#68l3Zwv3UP{7a_uR}S03c!v0W?2}#9adyx;(gTEKvmyC#MNXJPchRwX8BJE&e~w-YGoK^;`R%v2ELSV;hZ=reR|{X>8lJ+1R#i+i27{d7pO9^}g#rztw)n zv37dg-O0{%KjR)_oagzwqT$d;LkMRr1vW?o8&sm*NF^e{msJJP5e=&0hMx03-B1sK zLtQ7cn`?tDi$=GzjIRI@fTyl+4U$ASyFEArc8h;!>R903yOaRpTkrLvLPWVPg?SFV|c6t|CXf12EQe^=msPHs+y%60(HEI=jvRqIS` z9RaYJe}(@t6#llTA1j&H*PG23IOeD@!e9`G%Fp>SQqC!^Nu~y}JCZ9=uoV1vi~39` zRQfX)#eLxO+tm~J79x&IK4v6O4je&f^;RZc^Zg9k!gb>HOSKt<5TD7cH4P`@6O&>C zk??uik6DTR7(Ge~F12L7&SUrlSS-7um80+BMD3q184V_0GpPw99*Jv)nBs9Q=N$JO zRi@Cj)R>fUb)Xwbfbj-r4ajj#Ms3bs?Ari}T?GM{BAesO#)QSN;97uQEn14aTWMZJ zp#t{6LryR!>qG~NJ-Pc%b6c5gR9F^u=gnGR{D=mBGJG^13`g$9U1xCz+jyDup|9Sv z^LTs)Q%@dv{c=_>x(Qh@LY{OP;h0ii9OlqPyY59wIx4h(GwG*ZV7;p_0Vk#s1~PS_ z6pMs5!%{U=)v8c7yE63CU%N49#qJ$hz;5h+nbj1uv9b7vN+6@>0&wd6XRbCPVNwZI z9Cc8Kp|z^2m%%o~BsYYq2?k2PPlQB51RZ!7no58g4PlOPbw~Y1-`sUUgW(Nmc%8p% ztwP;!gu49th)5hjl_7PGDsgXhcJj%=XtH?!x_SRJd)c1(`rMhZD8ed9qZR*!b^BAK zHD49JMj=J%Md7)IP;%{j>FJW{9;oNCYhQ13*S8OL^P;9=AW|0^Zw<{gciyW=d661N z%v=f^_2r^DyVf6>us>Bi#_V3fiGTP^pLO?2s2Bs5r?4;2ahhpv#p&5!r=fa-F`41q zJopMJIMcCji)(LOKURG2iK_BhBAh&yf4fOX@w5tfKC`4>QjI-9=3pWV1&zI z-7fbutd$}qAVO&`7;rBSk->CC!qs2gdG_Gmd|-KHvo6$NAP2H)$5B2N15gC;)}5m} zq@ThXEAXvmn#V~J`r-n1y3HI>@+RR%^+tU(v8czw6J5 z;By$sN5YCALF8)E;!*^Q#6ZHhmC=x-f!~dU4GqCOOK17LIca)OWv~{1l(PTgOaPWp zYNWq+zhAbDJ@c3<_{vIn+9}SbIaN$n>XThy#36Z)0}eM*3s*fjHC4fuCVgTAhi!JU z;M7XLNLhTsMwP}vx!ERVPhep#NLSY^1Cm#3iDMwd%!1AT@@Zm)9fKIsFmXz;f45lQ z(n!y=LsKXY?*gSve8qQ1MWr{p1zGj0MAr5S-b0}w72RiyGWv2m%v#bc%DXOa@?Im2 z27m159i#%K-Ry}gP*`EEUP;Vru3ko9rpLr9Zs53(7`?IZ_WapNCdui+hjZn$%^8XZ zHf&%n=|e{5CuJ>@&Knr6cjF$HPp9ra9l;sK*>aM1OAk5@p7%%i_0Kf!7p0KBa4NWh z6JqmFU%iy4yiwx_@9PM6Zwuh_lR=@jNmhI@Pqx0*VWmj;@+|mj&KMgILtW#zd-4;L z=$H%AQwV072v#2bdgwWfA`$2iyu<}O0rLV`L%7}sb;VE+Qj zUM_er$!UZUV+D^KawY(`gR+R=n1WhABx>GLqeJ?WAeK)j%n8~YMX}CQb~cgV*%llB+m;~u|oGXed`ftc9U@`0OSnOoJTC#MoHhYy0A zqkWL=3~iJ|y2bmDbYpb<$7`cQEU3=$3Z6-NUmYvP5zm%!J`FI6(NJa&$-^bY44SUR z3_0X6X_lqU#J+%>-ZzvoDhF#KjhC9-P=G(J3e?5{iQ#pdlP)w?Suj=>^Bo49d z$v!49LBYjHTnL_!rO(I;VLw@5VQL)Gar+#VK|Vr0!f%lWv;tQH$Q#K?Bo6I1BcLv1 zF#9b$rFcA2UjAmY-B&l5rh}tdu+en^FsJpFH_RO&1A$lGlyHMT${W9>1pz*~Mn zkk5P`tIU%fn;7y8ek;%P#eV{NEk3$1x>HnOvEiR=Ha_TR&KRvN{+0Zw@gcZXao9w|yT9t5u9vAdXReolR`^ZX3@d}l;Qo{s zyv*<^H<Eud){IT3b)S219`L*P-WYAMDJrA3eB#a5p-iyn0td*HH3ZE4O{vLLdT?v34K8^fy_L!VKq4W3P zW(a6z%GmLuemvS}x^|EuhQil^xx{Lj4ykGAI~w3J^TQz4q<03`-{InhlJF8nPFcd^Zeas6tiF6f8|tVD4c8d( zuMSo*89G~%<<#ecXT6Wdvbkc}clNP*?5JZ8ca6&-?R=3q@-I)l0W?4vr!@Dm+go1a z@#mOG(SnW#bW0$w3^V;Evz^H3C4ku8UX*s#gUm3nlz%{ZbChAvHHOcQ6uZuNl`mVU z<47s%H_38+khJ&(x(2>qKOYkqA4*=pu`vGeScHGqxe6NmjnC7w_@5Mq|2wPyqZ$?f zRzd*R60c#WgQy@V+FgHgvS_aCoIiwMt)PSqxrurW({{H*s~V-#itMW3!zaF!hb@FH zajZ+&qgnc8e^a}{`wc+EB;$BFOQ#d4ttSuN2$bE}E}TVc@C2_9?b?N_!yCZf3fYxt!Gl?n~-&G9gwLFvdedm zbv+pSB0l@;J!El8n00)1 zO{U~+jXzXPz2vN2*3k<{gvt)n!$OWbC_{&3I9;Rx8c2jOzwJ4Mwb7K3h3YW872`xE z%7aI3>1L@7{0&-O;Hst$;aWFw;#W709sG-=W{)}6L^gaAo|j)ah@`za%>=+(@YCe@ z`z+CKf1LjzGbuV+{KG1Vh}W`T6+sQ$ls#**jgR6o719_{Tb;8_EiDl6$@hs~vee+9 zvZWAc(p|XTv5GMy8P13&`0M`VucqBlATHrT7RK4t>#HoxiORjD#QiyphWy$~m&v?& z&gV%lFCGvZxK=7yCfd0shq0g+Bo1@!-nX8b=ED>m$3y8)mMv>Zj>e6qVW`NkN*YG? zMP?WA1kj_#$+fv7j?(K)d!YH?6XRNo>^=yr0Ms21}kbwvqG{TyT>i*j8z! zi@sdvsocz_W;BY*e&9<Pkn|9&ru~vRX6+VwXz?zbC7+Vx-`DQZFW5 zb7IqZ3@y6R-i94zSLX1osiqLRggY=s+x$LK+vYyM3My@?YC)@A%SYW+iAd=zH zWzONJ*MwhlN>;-6NUS)H_Yd-l@!<5~MOLh^z}$wrFk!DFdYm4#vHa^T%WNp1ST^S) zF`l{|+46;4XS+U-5A}w*(%u3c*U0ZHDf5|ZU{SBmu9S|nf|E0eDt;s5O*mIEV>z}2 zLlN+3{${rbYrrU*C)2#GNZh(fjmv6ZsM2IFF_yV?m6sE`4>z`@49$U6xY~SLIZ8m| z#|r&nlu`S-`EFio12TwEtCT}a8a3ZF`P{U3bRBHMUYP21L#?c2_^6OT?V8RK{nnzDK9yy2uNK z35pdxcKHDK6Z$fmsYMZba04o6#YnJE1N$GM3n+tyIqy0M1L-Yxq+o~UDTg?!2^US$ z^aU!#1Um}SFQ0s6j(V(jGcco16{0Wo1vh%1Z3!3i2>InFqC5l(9k$WR2fWuFIDxN~ zXonyksv!2ph^#~eJ#*4^o_%FbdrlvYOfcE&4(Z`?OF6^^(k7W=o>2lOGj|q<*i}T% z=d0+Mb0~f=q-J-THoTn+WWc~!n$nF%-&<;JN8&dcw$Q{f(%4|EEkIt|fa6+X1# zLmnm+{z^^Wc<_uEwkhUyF)Tji7VJKnG#%2BQa(O=G zgi&??0y36a2lF)-+%xk^_Sj0vsC;Dhg|Qma<}m1gTG*Gxz+P03;l`?63}iu#uF1K98i@^ z*2pNW{z^;8opf~rNZkuG2yPGqQuk!E`T=W!{U^UtB*g^EzCXX-pnv>&{}yWe%d8~| zNNC&X8(IPgi~sJf{Q{1o}QtceUE`B8j#krM(GDZ-VF0c$CO0!TRU%7!H7`!`=}{ z;vsEF#wm7Q!9JoCBybuIUCg(@s?YulH;iBui!)e=)v6` z{xEdkl;;o?_Km*tM|uZ3Xs@KNX9f8Gzt1c~LF*@o zniu6Jr-Yr|Z1uK81AET*hHytXESek+HIWY!3XH&@rgi@<1Q`L}t$iAYvA}xTd?@#u{ z*+i;mxtw4Sp8x^%Q-uZwNxIMd^ZiC!%HQaV&o0tEkT|sgbsAuG437> zL;TNQ2zd$;@G!O*S>N^=dXGd!UehRXBZ`1`SoS6p6n^*;xhY>VeW<8n2pjs+?2mg5 zYp8~`ED8KkOl#Y8Sl&@s=O{B+Sz|Ia(nFD{H>P!ocM>zySr7TKrb5xhGSW6Sv%AVI z4HJOnQ>rG;D`d(+Qw<0li(HRq*~t^I|Cqvu(W&G~a8!6X`T;)g;w#}W0|zP>QP~r5 zDS_&Y~VGc|yx8MB1N+0sU?IJj6+ZAI4V;K2OFZ2Vd zSjpryGsYIl)d#rxu?^8u)yUYZLg=K-nHoBOO*%gaP?CRUeYyX5K)-cS{Jo?9|8Y@F zC2pl+W+}&l6Lqu33d~}HrcZJ)@502IHr;UR1aBY&`%j*^VJ8S|E zZs5GP^uFhg#|3!dq1ShJt8h0;-ztU^ZBpR`@x&ZvJqFFIqaFLZYOx zDm>Z6`(Xedg+}^-VwhZ@Mi-`$wiH>OWuQ#K3h|EI5|XF^qfQSXx|3`!LAEg<`1y#u z$Q=_MJ7@3}9gy8oGG^zBiQih;W2S2DuMDO)R;^GjvQPw?D@3+SCZc1JDg(H@Mi$af z?fJw7nvNr! zQ`EcRa{G?q<$}Qm+Eh>J}+jZkL(xudzM1n=vu2UKKt)EVIj_0AFPoB3V^6psu~kWef?UY z4z(2z(dQkr+Gv0giqQ}t$i8h)GbIyM4F0&pj0|!_z?z(PtD$sTsxTiTNUil`BUMgG2HXJDzZayRr)VnC6>%>VWTu#~dr`n8mL zyG*BAnc*SySvf<{!>F_Rng3^tqf<08=8U#(`|=jx%Naj}UbBObKAcGL*R}K~FV0%D z^5}00byBaTUDylNf_me+H^1iI(TOcv89+_=^HS==@3tTR)C21Nzxj!ksx`k;XZ7J= zNx3&7A09kh<@VOMNMstc$q!(5CspjO$AdudBrM<8D(O{j=~Wi1u2GamY4t1@nsvh; zWyTG3rHAr&*=zKRxz!JxNnxhuGp0PNe}8D@6y7FzDqeaNb$$$qLw3UB>D;HyDjLg-^}t zx*fDvfjog2giRMVQqU^(-C$B)bOO#Rol_Z7`cV%i%zxe*c)5V5GhH9fu}1bH?R)}f= zm`C_YA!)^>CUTvz$F`r>Ov_k(SUIp7dG=|h|L}}_>+J34vbzAg24t4C-B=?YsjaEm6N#ursx6!hc8n*f1 z1gL}spn1rSra8FO3x*XrO}9`6JO|WS8FaV22eHp(pgRFO^b0PfX0%|on6Jc_5a zQZ;ivf0>Bm$Y#aEVIJ{lN)D7v--pcita5W9I9?j%i4u45}A8Fw^u0wLp#ES(N8>T*P7jjpiMRXZr1|x8R!MxOkx{+ zLk!V365NCQD8l@Kt9pEAY#>uNi}uxf`rC)#?hg$f-8;y8RrPYfga~R?;zG$s$X9vnTIpXJc(|_%Fpe;lHT*AL9y5Q#JI<7ot|8L~ID$Eh_w1zS!2!#AiPc#uDpj4x@#Wi+aJ zS3Kvw^ze$(E|ZK4mbe96u4Hi-83VfGZLNOQ0e}vfYxXG!N zcJzv?95!E`yY^s=V2)5;#3hY<#RyzWRA$~VlCWmw0$qawC@QQ6(#fJJdJ_p!JhCs9 zQ{w4QEXwQIgYEE(Gkv`VeW*H-hb5-Atq=tbJ(&XqV6*m9iF zAgVbjT0;Z4WjB100EFbYTUw_nl>^HdmB)UWu$>)}Hn_jsp8Ed0~&%iWI z5h~EPKnWnSstNu^hT>Lz+0J*k zmTvwxB!_3fk4p*`Buo0dZC`xt%CcD7E%fuL#dYvyG9j`yDM&lgQHhK%7d7mwCb%B_ zo}R^n4rt(VwA-af9hnO07{Q%S8cl6nkhXp?Z;Xc6DeS(L^_cuJWMOUyGkt^nAXp%l zn%Ncc4~m|%s}N*ZOOEeN*!CoGJT$7g95c-22OJDGvgd~gqVdnB`Sa%)gHj-{iyFnb zVxca2wc6YjSX2XX|U49_RJ2V_F3s;Xdm=U z{K+A8QcD(B#+p zteaRD%jxh#;o4@icjn{IvZX!truOq1F7H3SRli5vnHcJu|Hlya|3%z=P5@98esXgl zO`(P4r;tSe>kh2d>GkCgwVzKq73D#HdD*Wf45|y@EVVD%?GMxKJKug;+4Xsfd-T<% zo0PZ3J%@VxWOnWq#v-8HAc&vlBA8Q3sYhVDEtE_7hF&%8!_soGQm2`mFGocfd2ltA zdv`LK*W44zWXQizM&S16mMN!lTI!3^zEko@?bwjcf7pBX>gAAJixMSP79%$7N1rkkQQ>39++)~`K8C5=Bih9+*&KrK@lBQ4&A%(=yoX~g55|3y4O8Cv+{VA8xAY-PDI4Qs-GF@Bk;AoO zRKNi5N@y$Ph!fjh*{xZOj(1S1AYPdDG$CxQGudkXdo&NprS+T0DGnI^iUAEh))w{h z0IIin)5Ttr%`WUCcVcHIF@K6=N5CqWOWIVXsI}E=*R}0&%jgAS(IskPVX;uR7)_;b z5O-wl$$@6U5xt=r=z1+&#%{yMQ&-*X9>pbZ&|0>{h`7`A1w=jKmS(%@8=(iUi zB>YM-4o=1=O1H{`LMx&PBCh(yt5hSgTgUYaQ9ohS&i;h!4jmj9zJ!IbJPo4eyd?+LJL`yp6rIZFNfO zdf4sy(cC|x`5iB=VyR(QNfHLQmZ<8RKDtNHs!9g_*Sk=|%CxaB4N;P=ybU-uQ7WxA zZvNhZedP7(!v)~fB?ixlM4*p9ZsyQd~7B(gvE|eRn(1!`{_g*0u#A z9uxBVafkOmk1j)iPMAb{Tak+R5AA6HHK+99vw_?e;Yj1o$&#nd5R%0e^xG2nY>VAi zV@vJif~S%Oik4*ws0y;tFl@JhzamdiZ~1|Y;11h<6+`YU@AmFv5keCr{A33_sf(kT z*)Otc$1udat-}BKqXHBBz>(*ZCQtTDrwE5W3eNpvm^ozNJtq+_BH{n>`c-$SlB7&v(7g5K8J=%b%fwM^^)C@zV>wuZL}R7)OhU zmu3i?A0AmBV#;&xfj+}!6-^cFrb#FSd}F+Yf?&ezHg-1A^o8ZC7yB!`C;7$DdzNtn z*emdC5K>dQ$9P*4MSI{VIh=mX!{=;!W_U_N@W3=#uMTN`j8Gh98ya+iCO}3kKsiB( zzWC=u)6kg{B69^QGYZ$kr*N;};1t@T}D+G5ayhSh#z@1k@Lm#EQ z$+LBIPuF5?R|R03UVn)NV&@52Cx8$7HN>Af#@~XH#bg!#OSSpig<3ruRIgE?QO5nt zhMM%th1y~wZA)>?3a~U$#mSiRk0xyO{JcVoTi>zZ3-BS|1SdyQTYG04@CUKHV9r3X zU!Y{#uO{MugOWQgP`8=RUWc6WBOG>=4O-~Y137@NyPBI1qCJFkY5ipCd9@(inzK$|op^!gq?gF%nc}MeshX*mStQT-bTPhXKCB}t+YVUSl4ry*D@f|y&lKN}lEdCWY7F~&rj?39J@ zk9;-KpsS-nCg5sixyiV6x9?zCCE)LL2l00MP6}@c$_zk7xC$c_??0g()}PC7HYS$j zrp+jgsji`LvJ4PO5#m96orLge!;@NOLyU@nOVHi7snwUBOI zOhchToYV<(KWWXxp70$9NQ_f%N@3TTfSpQzjdHT`*TRmK6ySb5nn@43!rHD;-%#o$ykRNR?zbHDn{Mg9~~V6&}NV0j^myBML;!k3z63OkMmqjLBC0r%HYB z#VFaOS1eE(vZJ~^VatUoGGsY0u|p?Wlc};g(aO>purW(3h$Wi|oa@Mw8tCtxNVkth zaZ_--woRhho!x11v8rq?zz4dByp)t?omxc+EjJ;)7!qj}cDz_n_O9A-#~UB+H});k z9y=()=AnCg4e5O=_4UilX&w#B_aB)Y9h7xntCxH7cX-Qm6*5PW<81KEbH90l=C-`r zpbvh+;N$+j_=t?$b$}&O_T2`O{xgmLJnzS#>P>4O|zA2A2cUR5M!NHcv{FXo}snbJR-BusFG`_^pcP&}g@ zILYb0Vb-|r4}C3(yT#Pm%(Enzii;}BhhIeb1TL*OkCkNOP#&?sCg|-mrg~DeBO$fGNT^ z&3ewd%_?qZ$p>OeNUu$4wmQBsqPncGXz47>ma2VcyS&{D9jJ83*e%PKGwrU&jRQM9wr)sQWNa^8 zW`K!JSn>UncP zeg9}cctheWR$ykPdxOo2gT>;HLn<8}1zku38XQ&3ZpK^%#&jhc{8!i<2Yof3H@%&g zAn6bx|6B+(P$cL)Uf6)uB-A?lR+4Zzt0?NDEhjb1^))%_Bcb5Q0kl4w)EwzrE%Op> z?Z!40zrI6=Z^?m5j67+pUznhwP|}Y`g{^5kAuKAXg11odroHr(j+e-VKk`gV4G!6V zvyI*>&`GOC_Y{lY0Fj-3I#|>)ip~Qjf%WWUO zbp0efdTWgG(O{~e!{KO%J5q%?JzT9c>DX?+L8ffP+8FiI+HUGPf8ZP~A(a8M!%>Hx zXS<1VzznmTc#fXrz|J#lqj`slYE`&+e&)8zK*OgJD<#p-(PNG3BRB3f@@9{m--;@? z?B(?}`Jtot&Bhx_2cOSn$-++(T8uUBEj*36(tvgLaYAyfk~Dk2x$UKMp{Mheh~0ql zzg%@#JE(QBjl>hpg!3}VSLr0@pOQ?&U}zle!iglxsB%Z>JrT2s3{P*20q<5Yb)L!okV!tnUUL^uZHvm~kq4`u%W zvz2xXNiQ)5{UZa6DH|A8B4<77s{}#O1?H3aWs8=>ceiTof%BgosTOhIEJ<4f3 z5^!5sVnG_o>mtSoTYv$njM&%fmWM5wk8m8Am3mnDoqldFL5ImPc#R5G<=6qm;YHGC ziiQzY2rh($x=Bt-LKAb%B)gQA8QX7Ihw-iy3IjQ87FdjPY05ifOKHsl)Jt4fvm=Ce zjd}v~$6-NpmQ4f06n{YhB>f}KL5Dcw-N`EZ0{{2j*3M1B&oURp_YnOO#2>!}cS;sC z2LO$20gn$dI{Ux*6T+=b3nJTSyVST6w&w+8%OF7OGxLGS)gy7Z#$vBoAu=cBJ42N0 z2vard$lOrVNgdvQw|RMx{G@aZ$#&p%C_MvxFQ!l19F)M{{l+iXlbVe7Jphv+ENw}& zmiXLNu~&%)RD zNbW-*B283ZK93Mo%tJTqxjaN;>-a@t7ez#;@UG63h)`~bj_ixV0Jm^~VQXxv?1Am! zn*GFCduyks*E5hVxII!GqfC5LT{v&YWJK&|cAb6Mix#m3dh`Mn&8iCD+k8t=#4i$n zd%9|A!q9?f)=Ytgla??N)i9EWzz-NQe8!pUmbu-CFPZvkvCZwuO!jz!UZzZ)Qw}$S zT{kjO)cfNKV-hOGvm?`KHP*^L`08yq^I%x$Yt7P2&!WhUkMqRb-PkS1yS%?V?p(HdS^*@}b(Pxx@ZSkp6!GTra9O1q-NV|zC}j+VwZRkTM1 za_oMUUwTI;lWM|XcMlJhr-{On{GSdy)Uq2Wxt(0bsURWr9d1;g1_O?A*ym}?@OYIn zj&6Y~J|pIN7_WDP$;)_rW&NSpmz^?=D~Ct&CMx`7YB4Ja0>U~V_ZMa#0Ih|=v=;q> zMv~<*oYJ*7+N3C(N#PJCR5T-wSt2R!=n!D1%GSFDRXUQbny2BjO9769K7q1F`rX9Wf@^;3oSQ)j0wjzYwS>{()aDg$AK?)0&w|(hK(A{*cSdcl*T&6 zR&f^yPanw&pVJj+Ed!Drk`t2cv2(!0FI!nfl9L_?z*gq)$KTd(DVzW8_JjZTRgaKg zmjV{VO+y&@x9KVxHX62RzQUM z+*p{xQ#EmWN^6hK7_hCMc0yn8XON|n5LZXX`6rk$K zHuXibiULD8pZ zMr0m?$Gr4Jz|J+t=n3Fh^#x@PcEMvBeZ_R0ku{+6B+jihgB8}&?}0f~;E)%itj%+v zTwCg%dKaQLWygFnlYahbN(+X5vKbTu^MmcBE9pDU+(e(ow|4W@D@SWuTRn^kpFA!w zY*A#H``nn(#U(6yvRl3TH&sq?1^p6fwRywm*Ty9Tw0GTgLIENd}fEsiYEZjFX~aUhMlS*AjlS6TCR|13a|uEw=*g z3DOT~qVF+c81NAo(8KJ+7TJRg^d- z5i>2n#V;tKQu(4GDOd=8n2y4f=?z21VM-+QK`?MzuQR{+LEq@M^hVJMc$r_e5Wb6J z8Atgo?0#jEb^76yWqgp5l5u;VmDTyz78uW@a9~%ibaNHoG>KXBj5EAtkd$eKlISKx z=9h+@O!YiIOS_;lZG2eZ*^+p^;I4F7k4>2PIZv~k6ULk-+4^s(CYDhBD}tb;&!FUT z-EHG&j@WH<#n2#Py0?2~!b^gai|)XUAK^D^HpCV$H;oyCnW%?xCR%MhP zB?ZeWB^bwuV-2mv>Qv1-T31)|^Jckm0IgBGYW4=psl*k{A$;7@%5rWIYD{}9WI8aL zzL42gn;I0_bL(+cFbwPiA;z->qpE#=WA3c9NAN2>ERRrf_lU7=1Ki8@XsFZU68vBT z;-_^ITo_H+mzpW$y5>g$n^zhuW=7vrd50!g4qLV;AR8F5=^ezLC9G=>N)O3sor2iQ zE)f}RQ3tWS!_m#0IRve6IUSNi**(1%OfJH;WV(&!QgqW%2nsG;Rn zk)c;*qFG6zpb{aYnE)AzfV!C3W|5&@WujV1BJI-X!DAsKz%8I8MQ%CKuw$a>6!IZ& zRyFedvy$L9ReycF`l8T-tPY_oF(f%8jhXmBpJh4)gou;){tLe0Cj20f3V8KP|0om_ z|87iH(lasyWPARrY)gMcQ2h6j`uYNzEg1}l zc!qc&X&o;irrO<@uu)LfM>i0%-T1xf!w=zSA)M(e!Y0ns-ygGX(wdDgrZ*>bfON4{ z^%02}4dlm_osaNU;EdJ0wC758i(Oj!7gBKiRDq#%=1M-P5@0x~Pm@JE$WOZcSg5qL zR8X=t8=Zl7YwX|b8t(mDOELNqaz2@+{gm$>{^Jn$dLb8v}!mquG^cP&_hug2 zM-+nI7qyOQ4sYBV)WnvUKmaG91ql*WL0>qU7TVn%-q@Ib)P97<&ZF~uh}rd#%yWb zc6F1yrk3A_;qCGOJE&&E^pt^2LT+^3ZZh|Dbe`kyh`Y6c&P;8mU3ai=D|o?qQ$#4J zs9c6UpHN#2gn$F`Wh8Q<6QR~AZ-@M~&jcRCLl-^cl{KL%r>j3Q+5~$MGx{&G^FP1_ zUX|ifbh$Kn)A)qF)n>7JdB-^WF2|*Q>zeOs^Ik^E2F{fdEEI`m zP>fEqi>5-_!*PvF^_GzqG!luvRE%D=i^f9QgK+g^2Wln(OF;Tq9dZwB6TNSk>3R1T0vXnO%B7 zQ``T?+X?^FKp85z*gF_n{%d9g(3Q-8-4}9Zl;%*svb6A^Vyioayo<i4VtHmkv5w5wj4*u;AtOkaIJrnbmXxDC3*!d43JBz~- zq)WN7@yCZW-OMlrX@(0z(}nOJ7F_1>E~qIb4PLsB=3-4k#$+@NHVJah&|T1#3I2YU(3*#yl$X}~8%td2WTM;@SrHELm zAQie337-h#)`_r|GqjwIrJui{qIN?7(gRX$EL!oYg-5+(ugQRf=KVxe)@BFDSARE^ zcuaf|P3lWt{sZlJvTbhuy-x>@_PkeaJxM9y^L!s4Bmxz)RJR#<(uWbHq_a-#Q3J{O z?{77aBykO3!$3Zh?3tb6ohX-Hp#;vWaT1X*PzD56$!T zJnx1V@G37d7Z^HLup>;bgcNToKOpZyoiOJHyYFN?v~@PhLNKAuJ^-74_m^BA9q;SPO?ye8KY{ecOEf@wyqATkl4jH41f!0@Oe%VTwy;a z*+bXmeHAfFGA=eOCNoWMlL3kO61QN$j~Tg)woEO0V{mvhx6$R!#KJFgkLG$k#9VXn zLrwElL=I~4sB*~wXYtr79jGc8r{NkoRcUY1#N#FGmLT3`YeO<8Rc=Ry zFE01)o1C5Nyc&o1@18Fy!3UXvcn^K_ISfZv9eKs2+-7YrZ%kyrA|WJ! zbP^FGJ#daNVn-EZ?q06qxZOA5FkvSMayz)xPeV4xhfCF07UBo=Y<5l@-KwreiNsw( zQvKl32H;QZlvObc^?Q9hrf$!8w>c~hDb2jrZdG|V_B{Pbu{KTZP|MB1a5TkwqTtqt z(RvMX{93U5x9I2G!22_ChsQ$s;;e%aX$CM4w6^u_FFw$FU!SgDs?xybcEPos2hp*u z@vx6cmBUP4P2ks)Y%jAB&F@@0R!5ngBW|nJegEProuoUwz`Y!Z9>9=GCg#Ud%e_>% zpWO|^Dsf25B|WJ}#kPI3dVYY9(1>@|!IjtL*oH@eYL+fzl-mlN#;WG_BlEAm2fnB} zkd)*US&+k!X>)W#Q%L-j>v-cC^!ns8kU?{h%5dgm5*10EMiUV-I_Wszb34%DNCnP~ zDidW+F+*$6R=c)=oR?5hQ8I>MWlV^2o*<8$xkXy8oVmm^C@XQf=pT|%bNG1HlT42dR0Oa~No?yD^Jn}X$NV00O0iDsD8nxB@{qlq16 zT}aLul8|ojw>4EnRCNoxLaj0dOWP$gm+CN$=&|}9GQM5MLPLfp1ET}y6?S0)iz?~j z0^P!pvy>9d_{KrXBm*0Q+I(RZC_=={o^9EJjb(8J*}8G@x8T9bTpmGj-ELjFA?6F( z83rp)?IM6VGUSS)peJ@^Gko(Y?3^ES%yS7eLb*Yn1Ci2d{+?XeS^#r(M$ePgk44U1 zO6vEd8bXup7EWl-HRM4uB+4?B4u8$b1K}ZHK{7;!w+BNqlx7qy%{7$to#zCE*&4LD z+|S(*)MXUb?i0i#cBb`{w&BcQ`cy1h6mJiKWGEKPKmpt}*_djASbt_jTXrb?P`yAx%BT8$eUimx6dw(4Ux>8&N;4?7_C}!C4Y++ly%K zHUqM5P(s_ITFc*P5M*A!M9EMEyB`>e&`<>{*h#Fe{eD-%GpL5AcYt4xlz&_T{cA@3 zI}8Cg4*yM0`d@KKSxW{uHUFmUWm$8tB_=wEhp<;fioPCL|6uqV7|$MqJ!US`MEBI> zjq3epEp+v^&@k$vpPcO%L03}u7yjN4AHNzS(uC?6SWY+$kXb)f7UWQ_ zC$<36iN`!gqFC-btC|hzL$M3y(RUtpu7s(mCqjO6Mb-q-0~tgr zN{h`kj%Cd~5Hf#;35si$B2i$;Lg!+ZZMXu-cO^fGqjZAbZ>~)^2EV1kC}obpS)1mW zG!m%QBc)JE)^z_f9fFz;>E{592LFtSr}7$bfQa*a)6{2>}K9n>RKE=tcCnjC1#WGx76Bm?b6DH}llw-|ZP3u0*au6jLs)~x0<*G_iq=ALZ zeA?PH;SSzGmu=x zoR;f<`Ju&P_pa;I?hlqb#-KbgXN6;fHIHKCqD3GbRR z6Gp$l3NFXJ~vE?W-YtbeXGO|H(?OP<9!+=cQ&G-u;4O66ZR z$yV{IoiKObLm^W!=URGx1O&1gnn|1YHB#L;UP4r9`+bqsOoB&97)DZ0#ieMb+*@B5S}sBM35@qvlP|M+FcEZPJCE$WBr##D>IkkwnIauE zbKp%6Y`_SXFN793TCJ1IA{uP}d$j#3dVO<7-HjcLXc(E4JUc&fjOg^!GAOq+<=TVL zbnDF1t=dzh&@(N;p!3LN<+m}RazV+0pJ5_n=ut=NrDe`{?HuOHw(!$BnLf*s`saqa z(N-B8p=rEI$UWbMT&OXTC{bV1Cl2Av6F?6TB%q+gPCW)XB484{?A~?{VlDZS^YviC zEraC;LTND375qBbGw3wM7V_kiz;e2iX$Vml-Ru26A}_W*lf8Bczm5@Xn8v0olnPjX zGl8mZm?tlrbEyRf8|YpeXS_fh)~dAios&)T7)sIOGsU#5Ykfv*-e-{>lbk0yWTx1k zV}=t?xZ_oTu}X`E4=Yz4HKR^?c_n+3B>r~ETD~dRx?R6;m_E@ytQfsQ$x4B{vxQKg z*)JOfKUUHal?YE|egbNtYQTpb4Zc^QnV1V#YE=fO@`y^nG400RN|yYMq_D;@c7(EK zuNb;xhA2Y39P;Yz5uVpV1!qTYp`Y!RL1`~Znxm8v8;4Mvbq@&%%8D&b&o2Q({z68@ zzh)j2CU?3P1x77kBb}y5TilL;T(`)O>Nv*wsnpB$^B32!hBo~)>BjJ zNhb)`$y-+3bP4oDHm-5S3^zJUQ~SgMmhIyFhz>1rxL@Ug=7$}u+8HAllV-V8MKK<6 zfgY3RtUT#<5a*M>%;*gnsnch=6^AJ%pE2l7zo-tIO@^WCj(c}Ri%mLcICB3o#*s;n zqt=}4Rvl(NbfeK6@75Kk`lSb(%H}q9Z2m<8fb|O&M}wJ2tv=ABB$_Tmu-cHqIWAgl zas>T`xh}OK^brkKovkiqZsH|hIE~~d4~_r*-bL{>W2#JB#J=)kE-9Wz@Kff7SH>xYvG*j6&34x-Y1EE)@mDdG8iy7(rhG)`7B z@jheBn3k&@2>Il?*%Rl9IB8CAwE!evY2evNGqMs)DVb($Grfz!`joP+(hrFhriYcX zncd4o^MLq8=8>+}@JlOi7vqKP;@_q`j zSA|U*mSAeVr8u-1>tS%hPb|uDtxD#;pam{*2K_z-Zco9kuL~VTq7Bk2Es|F)?4}1| zlReOjdn*q$SiRhSAu229~bbU zr<=i$sJNTpDZ!Ln0J4HrIZG0w+N@dWem<^(nBdP`1wp}&_Whu!n4K{Ai87nP6O!#4 za+;$3##}})Fu=df$m!kCc%+U$p>;}W?o#Rk`lY#crBOXMg4M{YKcg+j*DuQ*QyArB zIby(^Z3b6KecPe5B{xdSnw97`=Q4tW(b){Pn{7t~vxZu6N41eWm54t8`Rbg`n)P;w zFMvQ(g5cRqK!xmyDgs)hrY*bE0*bbzt-MqJRgYuM6;uVZ?%tXUx?3rq(S{3-9lUf2 z*G{&c#$EWeXwYU}>u*5!Q?UjzXn#ivo-Q} zpH}$M@w<%+wUE`t5N2hH&YZNAH%!Tuvh+?$a(_?q7oX&>AksTI*rNEn^>`%Fd$>Oe zQbGGa29w|ez}-k9i^6xYYlngse<_jg5J#wB4@Y75$$Se*b0YAKK-Z^Wa@g^FLF3vn zXjjS%$|}}AP7KW|LByUXjh5b&l(Au^v4)U2Sz2%E2iz86KA#-p@4E|e4zgb7By0CFF_zt8 z?Mk!+rJD~|a^5zcSNsRjHiMN(51*|~mNFP}r;v(jdaV00uV6o|yuyER6RgzW^L@s* z>g(Tk_~MIOSKO(vLp8I29hY9F7Tp^|J7?4>7dt!Tgokm*YtG=8qRCz^!SBnsd<$2I z>AqDQYR%-6EtQzY2_xrhX?GLD)zexv$`%%U{lmq&tn68~GH#|n-r`N_ma_enX`i{kTUWYXhn+h_U{hbTdSZ|g*r-QeqgvUTmak8KB$yp zfFyGaIfGR+U;4SL%F2)PrA=PY_kS4)z+Q@?n^vNz8Oo8`nz(-XY)}4}ye9&Z!Q6wP z#7wa{!5CZaV~L!Y>P2pcH8!;C7;Lfe3|zcxTbS3qM}bSu$Hn3J1M{NOG~ort$^k)1 z1%~NX6ox~$U(ZCvPy5h9A3s-<;e^*VHKrB?74L=*?;crX9}@ z;@Tr=^e@PF^iHhx_}a4NsQT-Df0}Um7--_*re)$MgxR>M~rgvMgBiIkPj{{XYB`sZx22VntvV133oY zyuozE?cDX+u;L?Ueyu)#*f3XPbe}TLirs%&JgNknzveXIxd}x%am8zk= zZQlqRF5W))7T0q9zKQ>ta>ejX{gOi#J@OTc1r)s2Dn1b4(JnA$T3|qml+07CjtBBf zb2$7~y|lXoAYM8d{+%GETPuYN%VR`!>u0QnKFAkye5$#+ zeOX6&2A{ABrgq7%6!=hJCNQN=i##BXIOYd#Fd947c@K1xzOfN)DSKxCsA6}pA~aS{ zt4F-a++=yEWuHYp1Xfws!hZNq99XJftCRvKM*#XX0L(?=UrzCq)(_moQPT0k_=6gO z^c4VDr+Bw=4?o1wMpRP@#A^VIvT{)MAV8q-a3O;jhMtMTrVmYbaEV9z2zz7Luca$z z#U1IQH@Mh8*+1I9+P~q?l$5#18d)pwy?FS?b}rZ7@^o1vH*;58DSIHN*2K*5w-V+* znft$byeTSL3M#;nsf7?>8VD^hKs9|ULD!2DEl$oj~A9pzVhgoAe(45b+|+;yd>kbZZ`{LV&3}{ zP4*IoE$5;^&!A5Ubxw0STxT|$&PtQ?)q674oc`Q5u}a0aZ}C3a{)7z~^to=$8a6bc zu{1QGIlA#C2q82e()J@CG`}^|hLuC>J*FG3IK@@*!nbdv<2Qg~@OjLz`7{ohWc(3? zcGfdCdaLmaCvzQfIUd)bZI>9g))o^OosXv*z6!t#3Dv2SbO=kaY?>;6Bj1`2tw{ea zC%3GfLD3Uu30V+BsQVX3$yd8J#`$m)(jX{oGi*i~iEf1R%&W?5U7+{#V438;cuitR z)RA=T&hxRi7b;_%Q&jPM(v98VSl+#&%H5$B%+Ng%fa*iTXNKKXlFS#^hRzhjEz1nA z25Rr?JCHR;FmJj~nfCK+foCb@P8m{U6m{)VNa3KXk9PWircIba&q<{7saEyqz;mdf z(gi!!%kMqW3U=F#9|KEFqHr-SC}ZDSX?M_ihhEeias>`3A?}Dyhk46 z)7c(KgUe?3fzVj{73vB)&OttJjuh%Z)~GZREB!UZ_9xWgmH~-dgq9k2nY!+T`7Oq{ zsILg(9q&OI>7xbiL~@S@y-P;-*S$xAB#HY>?^th9U|5hXh?+>#?Cvqv*1#L&o`X%Y zQ!UO{hsZI87n{;r_Bga`5nc-X3Rj)TMsO}uO+a!;c4BhO^g9@w2J_3s0}s9M|G)8_ z|FhWmKdGcCsS}^@#Lz<(=sGp$sjt;yS%#5Ct|;7vK|!*2cBs`INo~pSP*B4yV{pB6 zixR9oO;HIy-0^+*p#{K*r^Te#Z1m?x`rt)K?C8nf+3sTusE}T8etXY;D}A2)zA_^C z3jZNZh@7~8r-Y|X@0UN(rzXZM`Jqqk$%on#+gP;@IvZ_x7o7L*dJp|cFyXA&h#QD* z_mefJ0rlRH6{Xz_gsB}1sPN)Z`~$IrX{JtNCe z)ZA@E$|Yuai_Drz6P-=gvaX{7qhdVjZ?Tpt(RZ?WEmpTn*63Cay%;L9ES4)ohIcP3J=)9QLWz4^s)^t<=1Pj8) zV~eH7Tu3}4u@P;EKryynFZn1EMC-fMgg(9lB!_|DJ@pv}n0T_QrZuU)V{dPh4=t6$ z*Yt6mwBP{1#W7zFrE&%rLb_rGx0H6hRiMpgIn6ISFv=8elJ$nW)B_K}@l+6%oR*pU zTT@ougwG`eV5MC)n5`C^E;kxp+x|G;C&r7ky+UM+vS^R^!OVH-bWd9ytjp%E=?mtu zC;2McQq?q=HF+MD8qKwY$3xqm>uKuou->A0Z-!y<&W7;d59Oy}HZ6df!CVdfqK@xN z!C`IqTj3APoWzx#1T(1asl)ro)f8)g$-NAnw3EH9U z#-?{L^!L#GN){xh$&>oRpZ%^bQ=2$80hrfSvZVPbs!aO9;@7FZs|9g{Cydk#xi zJ{MvL3CWa1jO7|XBN?w@86U+ndX)Za=tI1QRQv?6$w5AP#y)CBa6mWt==ot3k9;%| z@frcwnyObO-REfQ#ZN^Bt& zZ-;BD0;MI6?EGQ0i(FC)N{a;W*(yE}QCTQH3;2)80OLH85#SvnLCLQ1&(O*^AFe@Q zK50O469WW_0T-vlVbIqn5yU7D)T13l-9xpz<$-f>paPJwmucai1zL(-VFqQ$Ne{b0 z+qw@0;AE)7c>^Y1Z` zrZGyn=sS@bHJfHDIw`md5tQUq;d&bAC}9M^4S+JMfM7F6&f>Gks|IZ3&L7G5)+#+L ztko=)ad z2swd_h*rZe3ylHYLm!@<58-*eH|e|jmS+MkvuV-pkyt4zZcH459}3)p&vx{($G&)0 zzwYk}7j~dt8r|=e?@3eo1}8?YDh%9%C(A6l^^*vNV3<~^7%CUVVGSJ*P-W#drEcK` zOY}sI6D6Ra=W@i+z{d2c7;Iw4h21=2CmDz&g5tw>WH@)*qNlP*6!-n8fbJ4>u97gx z`s&-o=Jt(4aRZ^fJU%aD>N20dEk|x4=Zcvk<0#?f z2-ml0o~C@~YOj~(BceI{p=|t3`rOn4&gGvE9fUA32+|+D)T!6gE7VVHB2Gc^7vWFa zZ(tGnnV;J&^@^S2Xp2rSy!+-Q);?+$v?Ow@w@cfYz<%Y>ojK5O+Go0^s`hyZdO6NJ z&}q*}LV`KhyqUhRsD5p&wb&%vyI~ChQp+{!yKX1@`f{QdCNEZtH}y_y;Wmn>wHN3d zjL$gI1D?@-2SID$XTUMAL(}$;84>m0j+3gD-T%bB#3cPI3wmFG>wzQ9&nHcb?4f?% zDJq2lNG^(_T2=x#MmOb8cP?z3n#5+AO8%4oXz5sS4TVi}J5Rr7|H{hv*WSB3G+hw* zKs=unDIM!or@>fd{jYK&Q}q~_+1h2bCa%S&+TQ6c`W@4`WV!{Q)``j+ zB_ONIj_QX&$d_F&(cNi&J;@m&r5KqRBg$j>eeu<*>*$-eouqN(wHPc>+@Y(bs(V9U z&!KyVA||iAINjDZ(#(k`@XKIS$}nI#gV~)Zsu^n61)-@Ute5h8RI~8?L-z zI~rUgC*pi8#A-N{79P}zVvG;Ws5!l)2fpY~pzTml@(4gcd8({}7-j>`hIY3oZLCV! zMJ+#+r^l?n`yI@-7obd5bHWrcPxSjp4mPr_^8@c?g#UOi`+Ji9FZluhXw2|%wsQX8 znaIBkf-0?sHW&~PbhDMj!cv;>5lpCwp~CZ~7{+ug-+`XWg^%WUWV~J8FH{Dy?34lz zV86GbO0=Wa#SISkr@1YrfrO9exVr5Rwk9U9IH7WJGTXj03LWPsiao9vD{J=R-Rmj# zOGl@|GCd2qg=Rl5^6+qdUM-~Ecp zGuWD-at{<(+WDv6{O4~!06yClEc9_lH*={o{Np7bS+PQOu_1Pi7Ew?JPTl81k=07T z=Jlj5gFS0lZk~z^B?juxUD5|;IwLBd8}cP!Vj@VE7hIO%YNy@FU8H&UNLmKKU)SL2 z7wnrGWgTX-OVFNB*bl8N7A9qzuOU_h@1VIXvwuLeIVKJFQ+!xx7h@Z+n|u*_3tmOi z80D=v=t@6Ja)SXnea8DOCJ}3=?+ZEhe%zxUGAj8%G-Y0HesyG8lKfeTLbWt1+?lYa zMkcq{O=v?NG(>0tLy?)Mv^s&FgXJz%cNLD9%AtPs0FDz=U8$d%Gn7xXb3vj;4+{(iBlhJ=1swt``@+v?By1f-ma^s~v zG<9;LF1izlC|>GdaiOxXu5Wq)!Rc4MQ$1)t|2H5h4u^dXxNUEM_PcsyuVm?fvT(DN z(d2!^yPe%3=;!l_Xb73{kra1WmXh8l?3`uOMP_)SyH8ic;2t4&e=E_>E~@a7S>c;H zz7m2+!7kMvJ3H0`=P#hY9O>@lM{iT$HxGpK$9;1tQ4t;W?@zhRH`R{(ur`wsg+qMX zB=@=@Uc2zO@zO@+Zq-k)8gE!C2k=mTSZfBK3kBMSdKJo zm1M&l$M-4&VE;&aqBYEO$`XW0^v@O-*ImnYHjSc-ckIVB8YK9+1AlVE)JS*Wwa@6p0A)-z@u_=dM zH4=VPM`18JId-}r#ZDsSZvSyh6ahwLr#R555F=V`C4q4yOkTY^LzI_?dXXRYTwYB= zx?XhpE{D$mqjC4G9wjr;-AT!0G0zQ zj{Ma|J&n6u$-i372c*>8A-ROZC)H6su%r(#?ZZ$qYRIp1KM5?7lir5!#ExgEpm9o9 zc{CzA)9=)RmKk-0Ju@M@qBx&C6^@BLJN%9q-o%p1Y{0Q0sDE^v|FwJt^o@K1>dk@H z9(!loKX2pz3L46*K;R}ie}!K2#WO7F9wXxK$)Ofvcv5ZP&9|5hge;?&d;!QuRR~1# z^(Ug($^h>8&w*cfUUYCxOq?yS`SVX=#T$K#XYc$yj8?kZVbMbs(JJS=ZL;}4QZrH=)wh$g`|unDoszOsh+XzAq6 z<3_k_Qa^ArJ~V+GZv7c1&Dyh{b_QNfuYup%zb^{@6@UF-i_!mM9yvxy?)My+&zxOV zi}smYPX)2B(EW}QinJOsCXyXZAkRxbD-eelPwWhBKxaC26+%PARF zraFb04~X^pU%>}H52pNdcnp6|z&o}n=y3KmeD*PWLJ-&~n5XSv`f5`C8fhnO5!MjT z&=&*j!-tXh6-P_Q;!wJM=7rZE_-uxfl+O5@KhLcwt`A?NIBZ8~Jywsb+2pnX zZ@KKsQJ&g6>%1!oP@`qPjYNL(U0fGQ%KBcg8VQ(^SvmIC-vTFU?%?Aj^RM?A*!z3& znv1J#EGi_r;RX+mPUw!fg@<&Tl*MRUqU+Xj#dMg?qak(Cl2GY0_4^r;)e z@T>E@{x7!bc@wrczYe%6tU^xVP@^>aSqU`o)f-X|Yrle5{&_iD-+CEsfDf_cA0Ogh zgCzhs&nIVO>t^)neU7hw@*@*VL_E40AfO(Aei5af{Xi5r79`skB`o!|_Br?*XC>f2n1= z&8{|C%^B=5aXqht36Z~z4D6&ss~EddoZD*pz+>h}+b!iQvmd3M6RTo?qxfe!grc#z z_B)&b(#y|wtB5&x-o!5`MS4w242(fPN{2!mgHYlSnj~HYaVX61O6Y>XLQN~Y$K!c! zcz_9oIc$3X=zy$9=bqY(6-@7#POD+Mjk}$F-Y0|8TSqnw@8rmFY!Q2E-c3C|tbhU@ zc%72#gO_w!bc<$CKk?5aWI1Ig_|7_>K^(+W5pi6oM3O{)vy6U;SoyUsjFsNGxd_6$7Banc zb3BVurYv<@l6mF{cxbK9Yc6%TC0MtXYBTv+rE*qdva)7ZkbJ}ir3ZLb%@yTeERBmj zi#dX~Svi7VqDkYuiH3NMwxha64Aot^@2q=`y=sugkez>5M5WnGWS2Q{AP}de8=|K< zE)(0A)7C=A8FKj!RoXjG9-zZ+-akcaZbh#P%N*tr3E$Shoce+=#FTL0V{)xWkC=oc znKOGTeajp9UOOGu#YBDd(S=&SG8ECX6@BZgBhmz9d0$;Xex2^aBWI;J=^z zF=Mdp_rX1I#0uCbMob&;-bveVdHM1>+}LrMb*rxOV1KMd8UrpOP`R#qJJ~cHQV$wx zHlcQD%5>vStT$A@l1{7I73(=(KL@WyOfZ-F<;S-@O&YFnYXOmlf>n*f6q781icZRR z6%GTQy9fsS0#H<~tHCfu&qBO10JeziXB>50vZSK`Dz&)yVcW5NfBzh2WNby%oS)deIngzk9Iife-Z1CrTzn3Kl4{9-_>tP%?E8B%YCL&5=|qzeh;A zwr$d<##7`AeyGJs`pA&Z9aqYm!V|S&xd9eqUjBAuOE2^A<*Y^E&Q<8U$E=9$b+hk0 zu}N1Gw+Opj^SAqrw~Q4GLJ>30ij&U1V@h*z6{D=+n~-Rd0)?Qh`I}bJ8Hmk23|7_r zom!046So10*els>dTotz)A=NC60OHjojkHJ4sDgWLxE+hDZ~%$F}zQBUm-8#<9iK% zEnq)7(mo0h!jDM=$6C3RJYi%NEoWHX10jkD{ZAh_RA=8|m7qdvsKcDdc=yG%RbqbZ z?y~>>bqh7@eIZ;urU2VXT4|Yr2RrC99H^P9VhQNbmpF;KKJR%R?ChXNyx&Lj@LLkJ zB=BhB|6@+_SL(Qmm5Ukc?;rm+<=Ve{cuCv8QP#t~Gz=xKD5Bcc;n3yHs+vJt71)7^ z*m&$hvx9JK%_an!f>V>2ES{HO$3d2bEI<39t_q?pQsqL-l-aW;Gq}CJIQt$=Ui^U? zwg;Sfm|~~;FoNA}?8UijQrpf%TEHH(A2OwnKA=e^|NUqFxxJV)7s7qI)o2mvS0<~o)r z;GXgKY#Uq~jU@r3_mfmlYXL&rhS=?#mg>fZ_b5BgGWAlX+2E zqN4-no1gq*pQMgx3|UO9hRui$gMYyf;xItsadWXMe=Re^_q+BLia{mXMh|yL%1sC; zk0g85GJWL|bX8W?qRs=u(em*%+7M#GHMs`HDN~DQM2E3v zAQbioWWvo*>|)}D2?umPwXcGka@5gqOo+*_XC8Ti6v)WhT%wZu8wt_TJUER*`6Yl0e_QHq**pg=wbu{7Sy7`~)G&`Ia1>~*RC1fQnZ z!-$+tKMr}~N`6aa9Nr2mwi?74hfz@F9tP%aQFR1>Rwjvr%}Ok%G=6Jpc` zlr9h#V3-agvgSZ~NMznq`A-75h4aKj)x;VQvzox)nSG*|#pG30ep`fxXBm=()LLt`n5+W^@%H0-9d&L)cZ<1Qkh?bi?KmZU5{ z`;d0RSaY>fVb^yPo4eS69XV%TXY;$6ZQy{AA>?5qGFf~RjoVF|OWJ8`xt30;Sjema zaMQKgYh&BsQx5HY#~C?^yrFW%mM&Xrg+kP%acMFqA2@62*~8>d8RH>iPDJQ<)_?#F z*O4PmI;TE5OdUu3m9lvf=x7|)_uMZQI-ViCYB`*RPo;Jt9_BEE1lDYztM!A+wcm_K z#P%@SI^!CM)9jTjbeNt9-CE~X4jbHDFB+`j?gEe{mA1^A&>VU5W;F5OwO-F%In%H*yc+AEg)fKM^tx zzY@egGhnCjgPP8KYFJ!U8l-Lm3&6uA&rcC*GxTku&83rB8)R%b)#UG(dKt=>;_vWw z&NBVNi|gVas_aC6KE*+2HZL#RI(uArgUK!_<52byrw<|j`tbx)=CK$Ohh`?S^h!!$ zAG!GG3#48dKh-p~n#)=4n0m(#m)^pRq)%kv!!x~haHV6xjy*B2xC3`bOht$-5ldKf z!>j=bzxWF}bpj;wdk#BV(g^JlLY+pg`zeVT6>u!1vR!w&5Z=#0m9f9>M}qTAI6{D( zG=XL`f$E+5XYWvqSRjSEc%#9nJ;3yAJ0S;EJ=h{(mgN)WttEVb+{t{|Fhs89%JBO- z3mELKX5S9hDexd%VyR$+C+wenpRX`n5}MJDFSwM%Fpn?V%?AxwXD&j?<$?X=pIdhnIJg7Y@xb+lAp9qVaW|F}y<{ z4}NilmV_IHK7RVMf*}%xRdNh`hfMzwfb-Xt8es<)doveNv){;VhyUe;N>P+!5&>Rd z78ELz3$2X;Vo=RV)J2sUA`XUxvxenM>yofDxavIE>a6@yQwIM~JALdLl#D1l@{Tsx zoVT|O^g-~8G9@B+nUTk@Bv_F7>V14JZHyRtp>q;yX>xA#usK8xTvF8SlO;lT4D6j2a~!QM^u0;BuNxQPOc~F{Sn@ zU~-WVr5!69iuO`W1uoZkKGKL3U<@ZP)v2Hc^!GpUNaoAqK}vHQZq>QyrZ?&D*g4c$>~BWD^G` zSIoJkunkI$Jz(x^wr%tnfA|R1_&k&DRY)8Hy1LQc9t6=i1mpj**WSzCNUDUKcIy11kg?Tz<95TN|>s@p9dt)FyNfcx)_L8LWdP(CU_g=KGblj zvYJz8+Z64?g>D!%jqEfJe4!-?D`CB+W>(d;Ta-g}r#*$8(Ev(qlYvG_$+B0M<3TVx z9K;QetxrIyEmD$XWvu+rEzS%15}WNd1?6(Usa4fjv6(D(RI-Tpi2ZoRmDG;2LY4rQ zAGII!OKS4?8gpjn_mO^u(Q@v%Q;mg=FQ1rj?%q~pS7T8?a8%8G0|{o$6M%G8PU!|o zf*DU@znjn@4O&daLe0_8F3nQSHxfntv8yF|b;Xj6eCwDiU|r+%TYjTa!z04)hoT0X z^Z46{_s_thzjq{LRn!&b|6y!!LK%3k3RMUT7E1pBU@QzI9aqCa2FK_o4xp_BEhSF5 zZp;srg0q{VkXNAAeE86L58~pGqHd+t=y)`obK&!0v#W)VKbnM{VQwlrcj4Xd=}aJJ z?8u;t2*eN{a}P+sFvgplBf`-Mwf|MvVy+E&*qx&UEOPQ?JR@bjtX8%EsKYu2LJ6V_h0< zfhMb5r&jwptq~`m0gKw8kSEal)-QHCPdv`Bol3b&mut)2Vs@twnk=U~dzv3rls;N@ zlp0O(h7?ZVi(1{3pFg<>&NUD5^_pr%t*W&hWE?v%Sj;CsPr|5^D(d9x$WD&ggp4& z!JQ#y`myu9fetq*F2L~NI7`4LGue4%;vAiZ)9=b)v4FF+{$rjL+A;qcTBQQ%F>Ycl zjp9%E$XuQ7eT;G_{`O1Um)1pq>IO5u*bqXWEkP_Eb7Yc~Bfj{M9W?kDGiPW6P4twJ zECfr4_zTKz6UMenG`NZFF@JMU9{`-^N(+yiYWJf+3qOcUKTLEx%tzPJ7tBt5nL~<_ zNA_%(DK13v@ zvL584f9@tNaauC*KIBJm>1!KQ|1Ze#IEBm{1WBPm3)W{ZiyZo|~dW5^0R3;Z$-2SuEieSpL>>!Oa+F6hu(*2d8U<#&;eElrHf#Kw`0 zjD#Un{zn(3o-wzY=tgFkP51m4* z>db@Njfq=|r(Ke-LG81Z-PRKNIyl@2Y=H9}dsJ=9HY+FJT4&dOJ@2Y2MrB$UF?FmC z6a`(Fgq|;O$b1%eN~0|wq&1|Lw<^_tAlu#NbS0Kk$rc~J$@z@4P)Chfm`(*516^}; zY^r36-c)l*?N=ZNi)A?_W{8KOJpl*GxQ8l+OI}?Q-dp&@O}Qn9zT#*`vqkoKyk6(r zq5RFK6TLt|(iz>XoI!H}-nbpi$0{eyLB49i*< z0LJ~B|9`U>Qi>}7vv2WVCVL>M&?+@$iRCOF;-UbkTBU%N5sh?-T6HasSk+ox#dy`s z2}Jbq7f`)fpMoW+#Cdr2x}3_&SZO=L`at!KhIl~nzGLwYEYESB%f$7F#y)zp=c45? zy-Rt_Qr&-O_9bBj>CuwBC-u!tl6M%jPj0Vdp`&-e|qDyDm zG{nH$WhVFf{03Ffbw6)C)RW5ZoXmYBs&3lfI!+}mwr{?FF3~?z2TVnQ7XYSzyp{d+5-lqHkHQF*b$c`xWP+nL za=4KB)DI=I%F>L@&tJ*P3)yRe(X|1E<$+KKKeYQs&*aWGXQi(chy&u?cfcN~2i=?4 zNms$$HNA$NrynNW??z@Ewn274Y>!C93@3_o*Bnm#*K#kSR$}wD*JG#sNB;$edtZ7Ot2Ul$+ZKcS2Uz&_n+ww}EHp zxb}lS!~mC)HIn$%UwZ1n?7FQxpt|JD+XsmRq55eRtx9(2&xjZVmF++G2V}28i#~Qe z8uW;ysK-H^EAe8|Esceuf6y@oV15c;@!LtGO>$I`_$(wA{u8y-VaPR$y^WqagPnq( zhp3RpNe2Ej7Gl{!^{88ID3ypdjKERlYRZbk4v+sMN>iTIic|XX7wf!RoX-VMOvl(+ z{O+CGw)vy0+1NP=33u1*9Uo(SzTd|sPoP&DottaV$FppTGsWq{+;hLcG8Kde%s2a| z;Exss6a}C0h1zbwT&%8X06k|h==3|8QHYnoo@fop2TY?eSw{MSC75dqYCn83L3wh6 zFgz9ys5zRT+NEA04;NP!9y`(_tz;vQ@JKdn8;VYlZ9b*Z)Asm%QIfW#km^`Cr-Xqw zQd0({(Wmx!-@^D9Q*Hk(fsq{+8jWdz;=zk5S*?ul1olt(QD7y?6E(6aM(ue?hkbkzK@F-&{su3Q z4vFr_QKHl`Qn=dQlf{@xv^0kBEmX=?;|Y#qsW$$dj7jy45YC#l$a$TfhZ}7et80+2Q3sYBB73GP$EOfd>DXVhmdIN z$^x1XkNud0m_*THA_TiXFagI|teQ8cK}*MSGfq6VJ*&K|tn6W_n!$E2?A$MEzuAEEq36mZWhw^I&%>M5C^H#i|LnM3MvRNr zSw5oE&MNEtu?`=^dQi}_?x;-<>lsz!PC520tkkAcyx?io!VzT(^t|!*M^3BmhS@=B z&g)cD(TvtU$2y9+rxjEwZUA*}?i{>vjPSU}12~~?k&fphF;B4ss*kZIZ18G)QM~JX z$ktoBvSD>0rkV?2*^0vb*y~Lq=lpE+n33-)Y52#n@TRkJwXAbXvgOHJs(NzfdAtZb zK*Z+f#iWAd;8iWJ5ceS=O#TDP7W?liT#3SX#KqQLTvL?0&G$*d865EZd4^XRvB_MuN?SP*MWf0NCpm)3eJ3wp1))4?>^d&{C`aV!T8MIMfnLE~D4CL9 zJ}%q~fAga(Ln=XOGWm*512iZms}K!ep*6>%CuL5WP}Ittpv*MRU(>_A{r-@ zrb5r7+3|%~A&ko64=w~w7UY9vL#XfClsSBo|!vMALE8(&oJH(vG`O4@!GE4V}s?0nS86 z*;z7M|EiQJ4dROoK$|@lVZ+&PNNz)De;m>2$s*+o?IBu?bt#ZH##pn*kI?*=-=^{* znxt*}2b=rRu3~D!fH#B(I(Frk#%mrHFr3?e`E4M9ew*TXpx>N|Gp%l0yl5w+U@ zIjpHpNhs=VtTMrXIaNagYhzt@p%H`4fM&7I{8tgdCE15TO992tqeEO14lzK#jSFM6 z=imJ{7@>rtb9dh$DI}4KWO~Ikiz6*K;sxEsPa+bzlVRYroT1=?QxrgkhN2C|>m$t~ zUB}hK>!hlU5zdmA2{;A*OoB)_Bb)!f{WgEaiYc3!x|)~?8`+z>S(&<6{&&Gm%6}hr zZ&lZ^iMcJJ%~I8E0J`47?O^*0Xa7Z~Yam$7iDBz%d8306yXqs_i9@}##e|3{@W|l( z?RuN(VH5QAeMU4yYddqq?u1Dj_XFA~^U{@Gc%nO4-g3jQ75R2)J(-Grlw+B*s=2D- zbVod#tM(*>bsS=HiL>c0C#fO|M1v2!?%cRC?4yjGf2U1~z?LKnYdEG!F&E<>aHOi2 zrh1b?eHN)8&3pfHYe4QKh#8@X6QPQs5WMu%+rrJT^*ym$!%{Z7;7*e^!;VF@d)gnp zbwQF{sqYbUdJliVn>fWil}e-l=_8JbCj5N-2v}_if7+P!XY#R=O&naR-gA)zxt~v8 z&n9_BA;}m3P{0)b-|MGzjjE)Np3ot zLTEjs^&Z&*;u7j#eb6s0#glTZ#1&voUdT4U6C|MzP|cZJMgpWnx_A~o_=sqNuU
PhC1KpiNvKx@Gzx^+gp>oC z6``bQp+qjnO^JKY@WqzmEQ3^a63(;lVPab)+poF%x1(oQ4cz8^RXik7Zq$6}3yUWu z>~kmj?Nzib_-%(R{VmsgHxKULMzc~MlDb{M(5hDF zK#ea+6(C370GIPI^<~XM_R(8gOrjX3{G1BcJ&E>RTko9km$EO}89&zt!~Y9o;d*~z)e*pt z*LD?p`%$OQBW7_BDaJJeDg3r&GM<0zZf{!>`oE^%-4jYTJ>{?-f_3L$e~l59wf8 zI=fHiu{Fn7qfHO}(gA{hvJCTKuY{3cdqS+U1#So2NLiDVuylH0a5G(+6gqq3xjil} z7G09Xa9zIngmZ_|E{d?u+Jj+%LH}VGpe%dZ?((HXsRyie`R`LaMM@gS>!}r3lfq7SjgNjC%}Db}9%E*g)Tsfh zv{iiCq&DKC??c%eytOm%(r@vb|Xg=QIk!kg|xHh z^qZ6HOlmft%NppPbVirL=c8EXFk)F2g%w(iNc$7uCR{?ZVfp()jKtIg@oBPjJw6PN z39|#PY+9HZ@>Q)k^+&Oj=P=4xFpwkjgZp!lqakSJlPE|klWr{s*rEuD6jI+LiH*b5 zNn(GgRdtxxdgHb%Y^F^o#S>$G;}@g9Um0y4Lx^VW7fEwMCU)qXlmVw^!O5zjgLSlW ztXb2>4^a|(ON|xZEaqMFi;9l~tTAI!=X2;#tR>Ygrsg zm27DQoVDY-&uNgYsgnBhQZl+ENk75t)6zuA;oQ(}4b{Ez+;MdMBt||}p=QCym$NSr z|AGX`x|G^Q8su~&A1JA9H8S-CN%{CSr8f~>i`2Z$dD`12F>h`4&CKj5W*kICYFc}t zqQhm|Iwz*)Zq?+ZvBYMcZ-sywBIa<1WFqD8U5+8eLEqn^9>m*Qse?$Pq%XK{x0Yur zgJcXPU)CQHsXvb`!Z^r^)Maf9+|w!=oaxcXkX3DaPKzPLqOJJeoiXE8O4?v>(Uq(T~(q>yVb4U7IO z2raowcLCiGV~+`EH!W-#&y7k(XHOus6i~iwAOjz3{wo#MbPEKMDl5urC;g_E=yGmH ztTES!CEwRP9$F1T^rFL>&&}~e22h3V%iG)u$9K%5AC#Ouf;cd?Hb)1l$RC;V9Aq{1dHBw@H4UpYCQCdfgtl|Wgv$cbRAAODQV&7e#G*k zJWzK$>M;MB)F0{@yHI~g*zEJDr?Yi&C*JP0(V_n)JOp32d=0HOR z6a55ijzz9VdI)%qG;iBx21-6JAqX^mmN-X^`D7kHe;U-$mnm-fnJNgS?p4BysX?1= zZk;-oRasEd%Ga8cv zyHQ!~%KH1Yh~i#OpFrS5cNKX;vIUm~Vg-Z~CDnC>=skLo{mK8+SaKZIyUW~XHLT{g zwiyY9@JU)r-s(*NQ_xL!vPW>@kkeR`N`a;h zznGkQ(}xoTnUq&Es6ug(uTv%D?2FqhP3#Ajrrt2(B}=Ruuw zSA4oF7wgqdAjmD0S5(8V8|MYbC#_#^fbRo6L>^ICW}Jg&b~kNE6qiFh*jU$>Ee5r( zm?8X3-o7?NdBySVZfd^}JSV{c+`6c}8Bf9yqaVj%bCCfkfg2eYmgMuu`g_5EH&7ok zcd5}h=!-W|X7gEnc6)efz8PHM1kbAlJ??Kmu20D}mS1uacdRWJ*jR0Mv9y7u+md90 zCHhReQqf2*z2rAh-W;57)gxmBL1tJ!V=2e~m@d->D<8=@pV}RdXeQI2l3<(&MP&@a zhCHEdP>ISXmrzdmv6B9}>C`})YkND z=ONd%{*okBfA{(b4Yu;|Hk@c3R0$`CewrraslkTmqQxO7qSsUhq$IZpk_p?;Z&pi% zq;jm*S4xFw56}(pd*@P8F7(5TiMjMugHH}FT+Nd3$wJQco3nem3Qy#VWBC?`Tir61g=*F*t|e)C0c}&?IjSSZ?+- z#C~}@G|NItC5*o^&(c=&#u?^&16 zan2g$EooEJy}sOlFzQO8A*P~c@@X!j-TBN4Q%~2wu*ZmRdN-<>qRqeMw649Z`=CFr z*c>M+e)mMnT>z8f?#1eJsbi#X8PESEh?58P4R4Yn8HTA9H!_R@?q zcp4SfVqZ7bhJ)uLpjIMFW7RCo>vlsQ;gI9b?H4gJwln63bHt(~Ai1T(<&43XQR_Oa->EREpO7`$z&V#E6j%vGIbN(^W$z4NwsI-c?N@0^@39~&g)eU64I~M z>EE9>Z*4Mn%zDOBq&eAzzPv@+?vWU6~; zDrc?az=^i|%0Wjn@q-lUW}AKd(zr9|^Z_D#>?5t>i zBZyx_m>Ty;)rC*+D2DH0p^iiO+x4vIvw{5ppV~ct0ZSZmJ^Oxe#`QZ2FP94S_1N2e#v?QF=PtP!i4Bb;UOs71kR!<5B0>q$$-QC6faLYp!b zM>fVR7c^aXg~uOacoAw6t`ECX^NzWdZ;9Dw)@I*1Iq+Dm&l2b!;dVJ~UneNHJZ+F# zAoFY-0Syh1ZPml^2)UPzXq&IgWR6=LsI44xfa+rwA96~0VjSk~T(coU~YK~IhK9#y9T;a_>MpV6!Sdx!w4LO(D zxh7J+W%@+>7zA~wvV9$;d~0VN(+@-sWZ}58qq>8tn_4R+x((*I^NzVgp3^yEL%u^x z0nH46&@34*k^=7@+J!d@6;zz(;*n4VI-FY~FTEio{wMj|UT?awS#9v2s-KlPF zs$HbEDUjYVAM$>@prpF9bM9G7CAp2`unN0t_1=`cby)!wAAdi;!*L#8(M)B^nlTi{*N$n5If;xbJXDCr!u4gTTj0>gz< z;9VH_2hcKi6bLkHDVS2*1G2aFZC@2#5!q>Cxn0GiX1XZv`j&k>bso0PKC*U3>gheA zvC6yegGS05aqi);fPH7fn{0lh@Gdn6eACsceN-ynwHJp~=p8$XQNp$P%H}p0i7VOa z=;=G{Jn&6VmIt6JbBzLMq4RHAmRk=pi zYLP(RJ)A(^WD`xM2V^LqAn@Z2)0RgtE8O7hcDrb!zLDN4g0JV^i$#4S;3)=|wb?nb z-{{@w7Vr*wFP!49rB|-(!Jzin;r+mi2HfXB%{99=N^naAF2=cB(9_4D7l(MC!R2^* zfI3sJp-kJ zTlVH0X!5t`R`*a(TFs6Sk?w%k?Y$E@xFWqHKja;Aak~aR2N@s9Ji8+T|A4nDBY8`) z0xAIK!4x$3_zv!{6@1qn$?d>eD$y+z_%7{LE6H1-6;L7gF3#)b{#MCrJo|+gcX#hV zj29|_ca`AWcg``QKtAWK_Z<%Y&hp3#=?)S6IB2C+@)mdHuK18>_wbH4S_SjkZPt-9 z4XE&MX{(q`Oy1{m;JO?!HVWyFL!txMcuI4!Z4{o!wKKSdjJzwu`c}G_zSf?0^@~HmkPKk zI3pB}n>4ZFsZAzU*Sws}KKVWHy5Ig+B6^#y#>U(Ipooth@+ zB$MjZ(2|NaO7w?Qp2eHlN*9wprJZ$ z%;LmkHUj^pWL^v|ey1!^<9U1`U1E|fy$Z|tVbS+}#a$`PGB&T>ev*_``zNv2ZOBL? z`44_Xhb#1C>&HNS@Zd({Pdc{WimU-bDZs!;*BsEQ+1px~|6ODqDnD{xred-%;PmFkvS8QW=(ppYHO32l-*ra6y{c zfniIl-N;#`+wsjdcAJ8|894*o8`_w=z*HOF8nF|GkhhVBIM&AB;cTsNsfo#uoPN0wDb3){bJ-Kj3YZB`YQ9Zo*wIln=@5uv|4x?s zF-gE?(AkJ9al$(E%+-|N27f+l$FGyih7iu|TMlJRIi?uZJW0$1g_DD6EiU^|J?MqV zt!hEwC`jpMHQt_Ix0qEV6@{Ew|KlUWT5 zV%l$+8(j9kTeTF?N^rj{I+>z4>SwH2Si-^9?x#o>vtp6p>9KH4VtTNz!+@gRaiqQW zw5sKr&r?~nC3rHqN#tv!0AdZ@_~m>4)Q9MPJQJ!YI%U+QH%o*c|M^VIHc&+qI zP21xaI#C_(yMbss4-A)Y?sXa4f{$J`0#azRKPq2oey4l|yO5bXfH?yc>;dio1Ec>a z>lMuIgExI_k{rs+nVOz*s+N*>;6sXt<)?>%PO2d$Aiu$n>VKBIPqZs7epHGY?d`1% z1&Vfd!l_PVKIt5xKTCESX=ZW)U0)x;w<&Om>v-vY+!$bZf6l;W4$^5x1C#7gcznh- zUFV?Lv!S_KeUt$gOfb44y*T~tg;+Y)gl$&#rgh-}3zJkG%>y5;9tXJ?u%2#j4CTEPB$GPx|h6an`H!gBQ z>vNPKY~uV0`0q&P1?iEh$i7y+l{hKa88c~?MDlSIb}MrCKIsjQ%w~D@xbT zkR}Y&u`1zI{@kQ&mYDLxT-jUS^>2N#tr-U!kEl}1p9}IlLxnM@)Rlr4Um!~GVLI{) zyf*DKaGB70ifg$}9WM9_m3|jTf1`iRT-Mzqqs0{%LV;YqlHu}*3ga!oS z4`wOecuG?+?@HDmwIjdvqW@{%tY8g9f-*GG`yWm`c`1qKe9t_JD;xVSEs!(i5Rsp$ zFr+Lo5R?(aM)F}8sXanWucfKZ&UH)pfOezy66VDbeT!??1?H(wM!x zA=KN~^aG=k&!&S?=ckRlTvx6Va&Q&Mi{T(a&kvpPgG<}!Wpn|Y^VQLL%5=G@q)! zdt-`O?9L(?>W69?IArguT~nF8ZYtaPDtL%6NM@TF$6ODlx~qk0Mv@-E*ZE3a^bGW;}j6SHd1!R|dv z*1TWz;;&MUy+$;UqS{n;#UF>~Z{2$34Gb*xY+bDF|KQdu z|Jn*LKYhL#mE*-P20?>ryd^Lpp8UuIk}`vzBrA{K1np4yC59c#+y&vRN+Jjf89MNZ z=L25Yaz}nX;z!PPuidzrIJFi(TLD3ao!^Es+QOZIZTu3!Hh!Jw?11?Lp9(bE_W0Nf z=quJqtMBrs;=&0V$~grg5S^=y0m2bktwL{H1wu?`@fUj*-#wSi}u7-GGv3Awz1hD-Z47aLr^<9v7lHtu2Tc9c!qnl3@!`>I!GA5F2&R%KKxBBAq z#2#6EnHm1UIc9j4krCA##jbp5+NQ^)>5+H~koFHhym$;My2VT-UL; z71j`qo328en4;WqsZfq+)9nzNt8b7(Q;VruE`8Z8O2;rWNntIkw>j6WJMAnlsW?7i zE2%(PF0<~3ST)|_f~SR8JSp-OpdVfTu^;``{A6(`ieRN+(D3vtuvWhA?=o^~B!aTjP*L5{t^v~~se(xKtmj~_VN<9O`+;JHNCmNCgmA7@3LilSGxx9lGuu)QkFjXaMlhE7R3`6|5J&G zs~|*320sRN&uGd_GPqzZf5}idO&L#bH z%8E3MBdDExLBDpE5kXEAUh;p~H)+gE1> z);*(5wNJ9(V>gxE-?(5ZBbo?d1$jwkH9yKG?6gR!;u)EG=^)eDhAYludy!h;_Wbed zMGP_ItxPd$QR!vhClv6e+SxlzxlU!@xb>#bL8EXfDqL9)PhXOpP`<(KE8vl5|lKAtgJ>lMVpI+1-5l73b_F+jt3qFB(Fr5*&S#*g@TkbIT2^OclI z{Rcq@6G!%!MwkWN-T{qsdG?DOLyZDL)*P$QE}K zG2$xLiAu}y0WbvFd+ZGSB?ZiDUQEmGrarp++v=D6qGoy@U1Lnywqt9`8fxS<4C9*; zP4Xp-A{b8CB6yrn@pb9jvooi4ECL$VBkU=`?O`9vS`j8RHVl3QAB?GMzw7Ag0;9}9$#a^P^yw9 zZ+aqGfWv-CIhj2h@iyv>w>tZkO<%5uq+Nug5Azv8fVU8@_%|CLX6hR!=7kKmFhgNG z-S3=_TgC_jW|_Ym20X>gD0io9!<`!*TI@U^Ij0il(SCbVb3p#0YDq|bQ~q>!jx8j) zp4K4ODo|~d8ZNa!9erX_b%P)v0PC21@ECsmG+w%wxaZI}C?fkBHOfsV)|^}7+xIat zdJ=jXdLmh*JlG-FAsDV7au~)G>@8(rGvxF~i}>GKa0>pk;Cw9s0r)xtfvOGFlntAe z5DoZ_$MldyNgql02A!a>OY^m>g@1D^w_UZK;48#66Sv*B$XNm7*^7ks`73Jhs0gWY zt{KDujJgbF`)?x3jwsUVq7MhLl*{?crDrG)Spr##^n4~7x;O4!Xway(=l*XC&flIc z#qQnh>|JDSt-!A6zX~xRCngTbhw71y#Vnj@gU+W2E!-}wDeNl@{|Fli#e0dLG6h1y z6#8{a+QLB0QU|0n`JodhEwM4$_2JFM`so%{8;|l4rtb7dP3&*}h;_NIWnTLQac;6S zbaXMca0Z)Gcc`k{b-6VWq0Joi(HGrde}{k5hbu}1aI}pVnNg1A5)lnEcHs%Q(!b{Ra*-r3l>D&1tZ{eTKj4!OmZAe&=b9zLVBS=n}#+ zA7%W3nQqc+_d8L~3sFoyFJoF3WqQ7zgv(rc^$zAkcySJa+ln^o4SJas?@q#4 zxzEy2Sv%H;oc;+g#Ov9L8`ZU=F#DL({O%_*K#3H zheG#uQ4Mt%!3_HluHy{oCHQg((Sw9uyhffLHSaC$22fB#URI4@;{EF_ls)uu8V-1WaL?UXru1ZYu=UjUGfyvJ)eY>gaeOx-W zjULYUg=i0z`IA(@AH@ciN)+j!nXR!>Px0Q15r+lZKwzizM}KUI-}0)-I@nrU+5O~H z`x{-rf1<$4G=|npWns4l^AOXpkMU4O$kRac1=F;%CCtOw4D3rzC(xW~tI5LNv*WI$ z^qY43P6VX5ZO#F~x}B!)eSXS(LP;s%ZY0Tv!@2{P5>j&Tq7+pJ5rf=Ki{_YIi;@{H zzaA^H%IT@X4=H|y0b$?`b}=yL)*tHoS1${lj;)K!d|DxOJYah_M2HGWQAbcBK1q4_k9 zUvm>Mzcn1ye0Lcr`m{hKAg2$dzO<=+KjUJwX@Rrlx;s)(-Rx+>=8keVQezQx?0O!w z+`pa}Ij^;bgi{5I@uYRtxr0Vcve(FQ4s9Wk(20p8e?>!S6BP2szaMqU2BtziumsJ;qGv;)mP1s_YfTT!-HeG9zB$t z=S4WAiq>q#`+jKLJ3Q&H1D`m*6REVoyL${CqtS888_ht^F#qG$jPrM6^rs;2$7cUO zBs##RwEQac!~jB`BIp3qbZc3gIH3c+iWwU= z5;8SuTk$ia3*z&8!A_LksfkJVBT~DImV|!dd!zZKXNa7t$j-{-t84ij3Kh^yS7I7y z-p|87a9G{wf7mi^+KDO=N7?))&YQ_N!f6a!G)Y}JC)k3U68Rot52GjHTt2P5kqy=O z#RY@Icw04E)fl?!aA+o*5<`Y4T+=2<>tB#ov1(Zi0Ht!}iWzuHPl=8Qx zv&=bFkPzgdyo%3af^*W+Vf<(Nl8@y`xN0j>$%g8==!%|WvBhp%DSDEd=dk!K4Ys=r zYqmJ#n0LpV-TIvd*ts8ZfJhF`ZAYLQwiMf;YDyat+oA@KPXifoxN_&zxb}*I6jtiL zCQeAeV641vx-##9$uG*s({*Dw=n_iIdg12$=$1lM;$Q=>qoOmm$Rh3ZgetbRtiqRe z&~b0B+aZ>!^`ZMh-YT0}eNZ*_cpFDA8+1~g-)zwWOkJ>B{}~c|C{5@UHlpXfzY1R1 zhvg`s?cx5|_P_P)0+<#}^h~TA>;M-pgWpkTr^x*{_eJe)XcSh5)_8vULI{Kh@FDb; zC%1s$S1coW$J3|J)Dtl?<6v0JdMD0@^dp`!=WKS+xUzeEJ)Yf2^X9_E_nSeL2esu| zLV?TDUD*f=2aqoWS>@;ix{Kjo*pLWd8P(9mOiyV_6<2X`EfeMIa};;zLErYc_lA~L z68nFlDyZR=denK1Pexfn)~;om^o?4rv!kJqs+$4d2csdii$I zZJV|*Z6BkEZ3-lq6#0lmBr7J9t~yBtAUXhKzClB`?7n>f+=4V0I(#(4XMPkK|9Y=a zD>mq%zB8MjCQX6`O8n0;9TF16VXwwkw?vUF*LBoMxYMq#eiSD3$Awk-*KW)84iUxjpNKUw6+j4Q?L#+o^G07O@CW-Y zaZ+u*L%t+Q&TNb%<7Ag{+JS!SqS;49r(@%PjkI^x8u9HW!W~8e$|ZP=Bw%6s+V}hD zR47-YM6#Avx`!_%CA-zjZ?YZh$#x`ohuAJE6phqVE4Bj+g}Q+n7>@2wiL{&)vGB>K80G0Q)^Q4o6tb}Jf-PQ z(a&iYW=vpApeP3Ybcu3M5=5yRwc8il@7p zj?Lqgm0JWWsS)B^Se1w#p=V4@d?I*Go*B&=Afn*k;m1hXpx^i6^A%jZBYilDez~Ub z3n>4f%#fx)4;6pzWz&9H2MC$3EznAlqe1n?dDNYO$6>u6n4_N>yFc@qLhI_|>_( zU}uil-d>x2(U!1)+F3J0wUBM4EDxkHS5U2-zJLJF_&9k2B_cp8$^3CIK=r#B|3^@e zAG7`6_5rfPfXf(l_t1)$`46_LJ8MP-G8(kG|#NS*Q1 z4LNE9nJ{H>t`wc8^84ks)E!16xb-V?EWe6k`O_ZiWnykG-NvYCRje5W=?JO8FXZSH z0Y&d`qM4RaGF{TlQ-fP6K=ci0{uA}a%+*vOe$svU_q0JR_1{Y|?`eZRp!vg@R?4&^ ze6@?96;9%bDHB8+HBGZV@%K{^wG{}!42XZ)Dt76W<}Qx9{& zc~v2wIz?Z3s{ah2h#v!J&!`?*^ZcP_w6jrBLxC~Gnac=wy^9;j1z;fI zm8%T$o_x!S)Mn8tDS-aS0AFej8FHDTc*O<=p>tUgSvQ964O$`|tiYip7FsIP+8Ori z$GK?V^|4%rezX%MQE60Ll$?k&&`xt>7!6c}F&j}CC}%MS?2dOA8w&nM7V)w-^4WGZ zIRar5`EWRFFf_=0B^5zgNj<(cHE8{KbrgnOB3>IG7`bU%8n0=`q!#0*{N;?e!ihC8 zVN=2lSAnSZBkM}D%{tRJDNKBv0PR-UOAiWjpOzO}y7pUx{jub$Y6z&`QyGp0`49{$ zx{K<3URK1&Jh-?hY7L*EMDPDhp`PI>^#+SdHM`8R{QLc~c{9EhBnmXupJ}wTYU zRQ{pzKjKV$jE#+zPs>x4lY3<@(ZTa96`vTMKZ7>1%J=+GCug=CVPs@#<~0PsPYfSO z+LCyl8RFEdo{xW2=H$5FTfh0Cei7t;3#)@R_%aJ~!-KZkt_`t%HGuncK!FP`W%yNV z?ELhB=wprmxXvsoIZdaO`R`r_g#O;WZcQ{XA@3>nzxc984%irA7Bj4AR1~_P;aPeH7SP5wDC!3$zo@mpNVd@u&f&teL}l6&C1ESl$Sppt*ZxRb^_t0pbH6~u4;?wn*U}XJ>1ZO4Pb5+AyD$h zyWn-sw$t$UOqw%-&W>)Do86EN9u`cz74f7gCO)gr_P!V2w5oiK^XOG23^`S14T}VW zUzmM;XcH$`bLAtM!7Sf5PU9!Hw)LC{ch6sp4n7L>@ zuEOzbW)-;4npbVJcP$vE*&Q3^zP(f7TKn)$FkU1!9hK@eN14-?fQ~@S9Ny%hBxz#E zRNWkhg4t01EvFX@l8*J;tn<>(2J&_osPnu;5(Ku)&!ySFn(QR3Vl9L@;{Pr1>V^R7|^R*UbWH|FDLNS$xUbDK$X8G-}xV zQ%sO0+`tFwftz~E6rw0xUHs2a zaVBcTGli&<2s7g~ZUg(RnEQ2tdJdiK&`7Y0Q6A2KjmeH3eGq^PhzqCBs_OVru}9UA+OEUv$uTg3$bpJ|Oqp(O%Px6mth zL{Ta$D=Mij%Q>KM0lT-nueC{N{EAEmS7!@JY)tpY1S4fCul&>Z?eh1Y@T}KZk#3JD z%waZu-m1Ou1=AX7-P0PeL0>pigK3Q{?`e(b09qpwf$wz;`T(twC_rmu`X5>&4uIAO zq3$nQBY%L_s1@^`)<^_QYh*IUtV=eYgPA8qNHT z)(Bw(1)w#e_%E%In~HS6@`2N^w}r`m6ral$F8hNUipXx`kJ|FovPQYw;hZiV14L+8 zs1zF?b#cv5CGZ{%tfOkn=t1E`n<-i#YoSedusY@yVePiulT8ZW4s5sUvwoZ=&I>IoYn{dv)emrFq?@AaG!ipI*NX6|h zFM=q9CX`&59%AB;B|}+`8vv>M{R00PoP*32*H;^&D2G^TA*(C{=cSu~=3Y1hlUh=( zJoi=ze+d@$_&4!2gab9=gEw7?c3nR4;!0=s=I-M$V)KSAC+aJ2b@zpe2(f}bR7INC z#7xM+5*O0YwLfp{)m=i!!fv?UEV*KY`_e*JG--G@uNpoc1L8AM%>`n#&FZVNCq<=8 z1O?cK3*Yi#QtD;)avGAub*{_=x$##)7K+(Z+~GRvF-<8ayL&0~R7jnDPkv%m|I+U^ zxFlDEC|{T?V&_8CwOTYDhP9Ps>L@UYYo$?Gt6?T@n|A+mbb5T2%z zlq!3t)R1VHikzE5$xNCjNf3x_;s;TZlWZ2B>5?+ykWvBfMG6?4Sy=L?@;_qh=+6&S0Dgu^HGkzZY6kkbB?9^>B8otcvs<3mDpM zJ_B<&G+rE^eYScaGX@wCmhIT(&ntNLyj~2M6p^vfoBOb?>>l(H;*y zvZ1nx81<(2*Iv*v>NX4tABoLg|M z$C67&JU-V2BRaGCG38g(9eb_nMmkJKbUXQz?GQfy6?V8Dk!4xmypKg{m+VY^-NBi8 zujCT;NiNag#TC<}WGB)eHS2Jc%B@WdubA(UDYuZo7TRw_=|45IS0;U+*~>A1LMWR= z0P5}eOmXzFeobmly#LB~r0eU{0;0KQ4K2wGs|`mWzlFCr+DdM57G&pMy>Lx#Xj6jO z+P*u{>__1Rl+8|lBCI(H_EY^$2iFFf85%EKt~LQ!lbc5869g=QJJ;yD`whMObU_<9 z(!1y%I~v9B&R#-}-~*SHrM}6};9URN(a$1Yw!^+d&0i6Ls=^!KIe$mMNBt!$qKh>& z5RrXe`b+!#jG>Xn&fmi|(4c;aIbd`$+<&?G!OiIQ`sNg;&2Bg68B^IhBSEnOtA1?Z zWQHSJAUxUQi{v18t@riRO=5!sodmO$Z?O z5fk)uJd&N%#wxXfEJKlB@1u~SoVb^`e)vdGjlmzJv-qk>)f7wgxhw7mq305$6{^f- zni!F-xOEo$Y-+R14Mj#wx!vyRqfvu`V<`G2xt^gtRX((c1yQV1LD?6=jQDq?k*fG* ziQabIE=Au{vfe*g(~Iym+eDdWkNS|}729e==*KMgNl3f}b9hWh64~lQsI&wZW5hUe zPD40-xP>$1;)V#n%*NFEhEp|1j0;=1m$i!oIUgif_{7ur5rwdrvGzXf`uCIQ6?)~z zMW+i62ledx9@3fAub*(YlZKg2UQ%6pssKhbzWTH*W%l(CUBgc#`$PT}_SBBysq0fr|z4P%Ob<)2j6#h$Iqwffa<4x@D zg#&-L%lS|I)_eZ|jl!t{Df43S34Rq>MOoPP9DHh63z!T<#u;3DeJ9qDUH{8_+BVQz zUhyU-HOf3O3+;`OxtDlOqa$Idi!G3K!5S>lm^H|NgTVX0Guntwlz$b{OJ_0>BvhPw z%9K!mO$ldK$&LVoZv9AnPi51*q~8;J`fhnZtAsJ(ofoq$X7C4jlb*e1-8x*=YJofY zz?*c%h|w_18w|0zu$1S4il{QizEhG+{s5KDrhIUoqzi-pwqCw|%`hOEeUf!V94ZKD zkZiR=J;E^bL_W~Sg%S1g?MG|4U_R_4=eFvq%?!2v1@Xl1BQTI@^(u?+cHO zsP?J~Z6T+{330~A{xfj` zJ6!Wuidafkt6(yl9A6>z!jhSGDD@}u7#Q;msJN&^){A!>JMKUwMO20&)>?LHRG z_$wS5utnF~`x)*b1nL9S2hh;a56WC)L@PiL`#8Ydh6Q|39{@M}BS{G<^3jM%3)4yQ zNs9>!DJarP3EvKYy;Odp(D28I&bb=GeFt(t1^~bs-JeMpxU|qUv7|HAb=0M^u(LMT z)-%_&v!fGLkd^##+Wa?|n=X|R*pP7?==NZd*Uyv%{O6Zoe}#Rr`<))*-&u@V&#ia? za_TmK)far6_?eu5H~3{1qKb;L|C;9ijk*(b_T3gJ_$E+H#-EVDl{CN!_Dj@1T0{RE z-yC1bk{7^^0p8zTYu(?ElP zr@x;G9_crE{F2-2rxg3&IplL-NmPQX8;FPS&w6=_@|zr#buIO*9DvF8*F78Q3g=59 z(Cs#XZuie&;)nhlL|GF(yI+INFw)y|0G0dzC?eP<>1Xo5{tXzP zXQpdpKw|<3wSWEkJOhv2X8^!Gpgu|e0V)bq?JozLfR%%#{oj|re;0Jv0jXO6z!V3n z0W3EAnH&gygDLdGX!>tDtN*CI{|&yM{%jAdd6E7fa5SRdfd6Gn>uT^n;WYjYPD&Tq zwE%$U0k!eZ39TOJy1%TAzhWN#sXidEd_s2t)Kvf#eA4=v_JAt?CFpm3F?< zFo3%T;DSR3{Y=2g5Zh4y|7FCT z&XQJ{0?1dul>X1^MFgm)e~B)yz$ftQ>Q&O?{^$Y}b?bkM+5;@lzXVg%wKX!ZzgOx0 zTNm~3o+})b2_pwo@C~p;g4K>cQwm_>_e=C2_4;3#^>5}!CG!LPQUF*L=we_CmY+!k z`1(s=@NU`OfKN{ki1GS+H;8|~!Gd`47#vVH?|_x)pVON*?{6{^vebP8SWVnpC;qz9 z!=seLo&cb}0O&ufrH$|Z0rdB)8tp_|yEgzT1OMOwSYG!t;S2r-SWH6br=`z-tNqvI zc9L&jkpemkcD|E!M6d?_pSwhN+24Qybz=y4Ny;1OS=s9UUjxecsTVm|mrM`f|8vqN zmj4aDycOUjY-#j=A;+zK(u@I+!4tQ@KialY;Wx-Yz~pr5FJc0-mv>}bQ7MdbR{Xv2eUr4o-xJz(%tEjZN)ZMzW+XZ$32_!y3s0kWOpnx={ zk))=9p!i6&HmFFI7O@i2N^Bd0@JAbsp&?j81m|pN@674>?!Daov%kJ??s?3anR{ji zY~h)|e6+8N$mY-t%U3yG4hV$;_EYaPIq^?9t1^Lf&0NFQkAyroZk)y>G zPZ8K^0+SBQmKOk6S~c2yvDYcy>c}~kB8m${A(dHC1)z9lW2`2;A+#n+jYp#4WS~l= zUpg8RSMsLsS60eHqgKz@)qrSuDCK7L4A!2G%^=kJQEIaBMS#q2o0#YE$IkQXy(F&M zOj4WOUIjqQ{a$}~GdV9VR{XKPGbfZI^EAP$%sK06c?rP7hznL^YwpQvIYbP#^w~>w zhOnM!1h6bykqlS4R?4|s=d?^9f;(vF+m zyx!n&0)zC-K1>3JQlH-}?Gs(QKl_WMoj}q`mt_7%fF(!R&d9h_IlZ-jrml~`XIra| z{%v{{fP2a9i{YhwWZ$MxCTZ*xAI;FBa2i ze^2p*0x>A>*8+k-D54tonitzoO=VqbJLk}vkb{xC6X2=azkw~uR5u+!Jt^edsry?(FghtBhaT}QTp3}H0y0{AP);tZ#Trqe5xrLw!&0APn3 zkGnJ&A|*Yunu%eM7P({y9s~?QZy*rxx<0-7w?E>0ml&4N7FAha))Q+44BpUY`u3}$ zlyoC&ZC+2<#mr z^A>LVbV08w&2l#lmJ9?%J_aTYi~; z0d3#$6b6vzT>a;OL0R{Ku=@6Dg75dIhOH$!mNMmCEdTUj|VL8#5N#pKwuw*q7qhI7ztyc>L> zwJ7P|p05G;vf!|eFw4uEaZ9WD{^J1BMN@fwym`A~d01t(0T$TiTgT?Tb)_~~dJ zxhizn_qB2G9-tS9F6VzX4c`MRIgpUXDVZ z%ncbC<_{Q7mIN=YAUA#4SO7Uv)j}7K=l9EX_;VJ(axTrFlkn7a8K>Pl9*|gt19UK+ z?JVu6{D}Ze4};;8m#5Rp2<@Ut0NmP^LqQsI`n3KQJkL@d5DO;*B3HS(IuFkjlzVf> z6u^^?YU>XB%^Xf0o~OLYNYQ=M06Y%|nKG zZ(VSHt@2)RK0lfdkWCkTby$AWPMY6+1ppR)FBmq4vdHW6coOtGTIBKM7m|zV`5&&r BDk=Z~ literal 0 HcmV?d00001 diff --git a/M2LPlugin/pom.xml b/M2LPlugin/pom.xml new file mode 100644 index 0000000..6d4dced --- /dev/null +++ b/M2LPlugin/pom.xml @@ -0,0 +1,47 @@ + + 4.0.0 + eu.securedfp7.m2lservice.plugin + M2LPluginBro + 0.1 + jar + M2L Plugin for Bro PSA + + + mspl + mspl_class + system + ${project.basedir}/lib/mspl_class.jar + LATEST + + + javax.json + javax.json-api + 1.0 + + + org.glassfish + javax.json + 1.0.4 + + + commons-codec + commons-codec + 1.9 + + + + + + org.apache.maven.plugins + maven-compiler-plugin + + + 1.7 + 1.7 + + + + + diff --git a/M2LPlugin/schema/MSPL_XML_Schema.xsd b/M2LPlugin/schema/MSPL_XML_Schema.xsd new file mode 100644 index 0000000..0693133 --- /dev/null +++ b/M2LPlugin/schema/MSPL_XML_Schema.xsd @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/M2LPlugin/schema/old_MSPL_XML_Schema.xsd b/M2LPlugin/schema/old_MSPL_XML_Schema.xsd new file mode 100644 index 0000000..15b74b7 --- /dev/null +++ b/M2LPlugin/schema/old_MSPL_XML_Schema.xsd @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/AddressValue.java b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/AddressValue.java new file mode 100644 index 0000000..da2ac04 --- /dev/null +++ b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/AddressValue.java @@ -0,0 +1,62 @@ +package eu.securedfp7.m2lservice.plugin; + +import java.net.URI; +import java.net.URISyntaxException; + +import javax.json.JsonObjectBuilder; +import javax.json.JsonBuilderFactory; +import javax.json.JsonException; + +public class AddressValue extends Value< URI > { + + public AddressValue( final String type, + final String host, + final int port ) throws URISyntaxException { + super( type, + new URI( null, null, host, port, null, null, null ) ); + } + + public AddressValue( final String type, + final String host ) throws URISyntaxException { + super( type, + new URI( null, null, host, -1, null, null, null ) ); + } + + public AddressValue( final String type, + final int port ) throws URISyntaxException { + super( type, + new URI( null, null, null, port, null, null, null ) ); + } + + public JsonObjectBuilder toJson( final JsonBuilderFactory factory ) { + + if ( !this.validate() ) { + throw new JsonException( "Invalid Value" ); + } + + final JsonObjectBuilder builder = factory.createObjectBuilder(); + builder.add( "type", this.type ); + + final JsonObjectBuilder valBuilder = factory.createObjectBuilder(); + final String host = this.value.getHost(); + if ( host != null ) { + valBuilder.add( "address", host ); + } + + final int port = this.value.getPort(); + if ( port >= 0 ) { + valBuilder.add( "port", port ); + } + + builder.add( "value", valBuilder ); + + return builder; + } + + public boolean validate() { + return ( this.type != null + || this.value != null + || ( this.value.getHost() == null + && this.value.getPort() == -1 ) ); + } +} diff --git a/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/BadConfigException.java b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/BadConfigException.java new file mode 100644 index 0000000..7eba209 --- /dev/null +++ b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/BadConfigException.java @@ -0,0 +1,10 @@ +package eu.securedfp7.m2lservice.plugin; + +import java.lang.Exception; + +public class BadConfigException extends Exception { + + public BadConfigException( String message ) { + super( message ); + } +} diff --git a/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/ConfigWriter.java b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/ConfigWriter.java new file mode 100644 index 0000000..5703382 --- /dev/null +++ b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/ConfigWriter.java @@ -0,0 +1,47 @@ +package eu.securedfp7.m2lservice.plugin; + +import java.util.List; +import java.util.LinkedList; +import java.lang.IllegalStateException; +import java.io.OutputStream; +import java.io.ByteArrayOutputStream; +import java.io.UnsupportedEncodingException; +import java.net.URISyntaxException; + +import javax.json.Json; +import javax.json.JsonObjectBuilder; +import javax.json.JsonArrayBuilder; +import javax.json.JsonBuilderFactory; +import javax.json.JsonObject; +import javax.json.JsonWriterFactory; +import javax.json.JsonWriter; +import javax.json.JsonException; + +class ConfigWriter { + + public static void write( OutputStream out, List< Rule > rules ) throws JsonException { + + try { + final JsonBuilderFactory factory = Json.createBuilderFactory( null ); + final JsonObjectBuilder builder = factory.createObjectBuilder(); + + final JsonArrayBuilder ruleBuilder = factory.createArrayBuilder(); + for ( final Rule rule : rules ) { + ruleBuilder.add( rule.toJson( factory ) ); + } + builder.add( "rules", ruleBuilder ); + final JsonObject object = builder.build(); + final JsonWriterFactory wFactory = Json.createWriterFactory( null ); + final JsonWriter writer = wFactory.createWriter( out ); + + writer.write( object ); + writer.close(); + + } catch ( JsonException e ) { + // I/O error + throw e; + } catch ( IllegalStateException e ) { + throw new JsonException( e.toString() ); + } + } +} diff --git a/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/HSPLInfo.java b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/HSPLInfo.java new file mode 100644 index 0000000..941fdc4 --- /dev/null +++ b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/HSPLInfo.java @@ -0,0 +1,52 @@ +package eu.securedfp7.m2lservice.plugin; + +import javax.json.JsonObjectBuilder; +import javax.json.JsonBuilderFactory; +import javax.json.JsonException; + +public class HSPLInfo { + + private String id; + private String text; + + public HSPLInfo( final String id, + final String text ) { + this.id = id; + this.text = text; + } + + public String getId() { + return this.id; + } + + public String getText() { + return this.text; + } + + public JsonObjectBuilder toJson( final JsonBuilderFactory factory ) { + + if ( !this.validate() ) { + throw new JsonException( "Invalid Rule" ); + } + + final JsonObjectBuilder builder = factory.createObjectBuilder(); + builder.add( "id", this.id ); + builder.add( "text", this.text ); + + return builder; + } + + public boolean validate() { + + if ( this.id == null ) { + return false; + } + + if ( this.text == null ) { + return false; + } + + return true; + } + +} diff --git a/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/IntValue.java b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/IntValue.java new file mode 100644 index 0000000..7276af8 --- /dev/null +++ b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/IntValue.java @@ -0,0 +1,33 @@ +package eu.securedfp7.m2lservice.plugin; + +import java.lang.Integer; + +import javax.json.JsonObjectBuilder; +import javax.json.JsonBuilderFactory; +import javax.json.JsonException; + +public class IntValue extends Value< Integer > { + + public IntValue( final String type, + final int value ) { + super( type, new Integer( value ) ); + } + + public JsonObjectBuilder toJson( final JsonBuilderFactory factory ) { + + if ( !this.validate() ) { + throw new JsonException( "Invalid Value" ); + } + + final JsonObjectBuilder builder = factory.createObjectBuilder(); + builder.add( "type", this.type ); + builder.add( "value", this.value.intValue() ); + + return builder; + } + + public boolean validate() { + return ( this.type != null + || this.value != null ); + } +} diff --git a/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/M2LPlugin.java b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/M2LPlugin.java new file mode 100644 index 0000000..1ad1f18 --- /dev/null +++ b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/M2LPlugin.java @@ -0,0 +1,187 @@ +package eu.securedfp7.m2lservice.plugin; + +import java.util.List; +import java.util.LinkedList; + +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.FileOutputStream; +import java.io.IOException; +import java.util.LinkedList; + +import java.lang.IllegalStateException; +import javax.json.JsonObjectBuilder; +import javax.json.JsonBuilderFactory; +import javax.json.JsonObject; +import javax.json.JsonWriterFactory; +import javax.json.JsonWriter; +import javax.json.JsonException; + +import java.nio.file.Files; +import java.nio.file.Paths; +import org.apache.commons.codec.binary.Base64; + +/** + * Provides the Medium to Low Level (M2L) translation service for BroNSM. + * + * @author VTT Technical Research Centre of Finland Ltd + * @version 0.2 2016/03/22 + */ + +public class M2LPlugin { + + private static String securityControl = "BroNSM"; + private static String version = "0.2"; + private static String devlopedBy = "VTT Technical Research Centre of Finland Ltd"; + private static String providedBy = "SECURED project"; + + public M2LPlugin() { + } + + public String getType() { + return this.securityControl; + } + + public String getVersion() { + return this.version; + } + + public String developedBy() { + return this.devlopedBy; + } + + public String providedBy() { + return this.providedBy; + } + + /** + * Perform the translation + * + * @param MSPLFileName + * : MSPL file name + * @param securityControlFileName + * : output file name + * @return 0 if OK, + * -1 if can't read MSPLFileName IOException, + * -2 if BadConfigException. and + * -3 if JsonException occurs. + */ + + public int getConfiguration( String MSPLFileName, + String securityControlFileName) { + int result = 1; + FileInputStream in = null; + FileOutputStream out = null; + + try { + // Check if the input file is encoded as Base64 + // TODO: We simply decode into a temp file and pass that to + // MSPLParser, should refactor... + // NOTE: We do not delete the temp file. + boolean isBase64Encoded = false; + try { + final String inputString = new String(Files.readAllBytes(Paths.get(MSPLFileName))); + if(Base64.isBase64(inputString.getBytes())){ + isBase64Encoded = true; + FileOutputStream tempOut = null; + try { + MSPLFileName = MSPLFileName + ".tmp"; + tempOut = new FileOutputStream(MSPLFileName); + final byte[] decodedBytes = Base64.decodeBase64(inputString.getBytes()); + tempOut.write(decodedBytes); + } catch ( final IOException e) { + e.printStackTrace(); + } finally { + if( tempOut != null ) { + try { + tempOut.close(); + } catch ( final IOException e ) { + e.printStackTrace(); + } + } + } + } + } catch ( final IOException e1 ) { + // TODO Auto-generated catch block + e1.printStackTrace(); + } + + System.out.println( "isBase64Encoded: " + isBase64Encoded ); + // TODO: fix below. + // replace quotations and \n from the input files + try { + String inputString = new String(Files.readAllBytes(Paths.get(MSPLFileName))); + inputString = inputString.replace("\\\"", "\""); + inputString = inputString.replace("\\n", ""); + FileOutputStream outCleaned = new FileOutputStream(MSPLFileName); + outCleaned.write(inputString.getBytes()); + outCleaned.close(); + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + // Do the actual M2L -> Bro JSON config conversion + in = new FileInputStream( MSPLFileName ); + out = new FileOutputStream( securityControlFileName ); + final List< Rule > rules = new LinkedList< Rule >(); + final MSPLParser parser = new MSPLParser(); + + parser.parse( in, rules ); + ConfigWriter.write( out, rules ); + + // If the input file is encoded in base64 we need to convert the output file to base64 + // Simple write the config again encoded to base64 + // TODO: Modify ConfigWriter to write base64, if needed. + if(isBase64Encoded){ + FileOutputStream outB64 = null; + try { + final String inputString = new String(Files.readAllBytes(Paths.get(securityControlFileName))); + outB64 = new FileOutputStream(securityControlFileName); + final byte[] encodedBytes = Base64.encodeBase64(inputString.getBytes()); + outB64.write(encodedBytes); + } catch ( final IOException e) { + e.printStackTrace(); + } finally { + if( outB64 != null ) { + try { + outB64.close(); + } catch ( final IOException e ) { + e.printStackTrace(); + } + } + } + } + result = 0; + + } catch ( final IOException e ) { + result = -1; + e.printStackTrace(); + } catch ( final BadConfigException e ) { + result = -2; + e.printStackTrace(); + System.out.println("Booyah! No can do..Just crash?"); + } catch ( final JsonException e ) { + result = -3; + e.printStackTrace(); + } finally { + if ( in != null ) { + try { + in.close(); + } catch ( final IOException e ) { + e.printStackTrace(); + } + } + if ( out != null ) { + try { + out.close(); + } catch ( final IOException e ) { + e.printStackTrace(); + } + } + } + + // TODO: What do we return in case of an exception? + return result; + } +} diff --git a/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/MSPLParser.java b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/MSPLParser.java new file mode 100644 index 0000000..ef4dae7 --- /dev/null +++ b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/MSPLParser.java @@ -0,0 +1,629 @@ +package eu.securedfp7.m2lservice.plugin; + +import java.lang.Integer; +import java.lang.NumberFormatException; + +import java.util.List; +import java.util.LinkedList; +import java.util.regex.PatternSyntaxException; + +import java.io.InputStream; + +import java.net.URL; +import java.net.URISyntaxException; + +import java.math.BigInteger; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; + +import main.java.mspl_class.ITResource; +import main.java.mspl_class.Configuration; +import main.java.mspl_class.MaliciousFileAnalysisCapability; +import main.java.mspl_class.LoggingCapability; +import main.java.mspl_class.Capability; +import main.java.mspl_class.AntiMalwareAction; +import main.java.mspl_class.LoggingAction; +import main.java.mspl_class.ConfigurationAction; +import main.java.mspl_class.FileSystemCondition; +import main.java.mspl_class.ApplicationLayerCondition; +import main.java.mspl_class.AntiMalwareCondition; +import main.java.mspl_class.EventCondition; +import main.java.mspl_class.PacketFilterCondition; +import main.java.mspl_class.LoggingCondition; +import main.java.mspl_class.ConfigurationCondition; +import main.java.mspl_class.HSPL; +import main.java.mspl_class.ConfigurationRule; +import main.java.mspl_class.ExternalData; +import main.java.mspl_class.LSTP; +import main.java.mspl_class.FMR; +import main.java.mspl_class.ATP; +import main.java.mspl_class.ALL; +import main.java.mspl_class.MSTP; +import main.java.mspl_class.DTP; +import main.java.mspl_class.ResolutionStrategy; +import main.java.mspl_class.RuleSetConfiguration; +import main.java.mspl_class.LevelType; +import main.java.mspl_class.HTTPCondition; + +public class MSPLParser { + + private Rule.Action defaultAction = Rule.Action.INVALID; + private List< Rule > rules = new LinkedList< Rule >(); + + public void parse( final InputStream mspl, + final List< Rule > to ) throws BadConfigException { + try { + final JAXBContext ctx = JAXBContext.newInstance( ITResource.class ); + final Unmarshaller um = ctx.createUnmarshaller(); + final ITResource root = (ITResource)um.unmarshal( mspl ); + + this.visit( root ); + + if ( this.rules.isEmpty() ) { + throw new BadConfigException( "No rules found" ); + } + + to.addAll( this.rules ); + + return; + + } catch ( final JAXBException e) { + throw new BadConfigException( e.getMessage() ); + + } finally { + this.rules.clear(); + this.defaultAction = Rule.Action.INVALID; + } + } + + // Implements the visitor pattern + + private void visit( final ITResource in ) throws BadConfigException { + final String id = in.getID(); + + this.visit( in.getConfiguration() ); + } + + private void visit( final Configuration in ) throws BadConfigException { + + // Handle in subclasses: + // final List< Capability > capabilities = in.getCapability(); + + if ( in instanceof RuleSetConfiguration ) { + this.visit( (RuleSetConfiguration)in ); + } else { + throw new BadConfigException( "Unexpected Configuration type" ); + } + } + + private void visit( final RuleSetConfiguration in ) throws BadConfigException { + final String name = in.getName(); + + final List< Capability > capabilities = in.getCapability(); + for ( final Capability capability : capabilities ) { + this.visit( capability ); + } + + // Might be null + final ConfigurationAction action = in.getDefaultAction(); + if ( action != null ) { + this.visit( action, null ); + } + + // NOTE: might be empty! + final List< ConfigurationRule > rules = in.getConfigurationRule(); + if ( rules == null || rules.isEmpty() ) { + throw new BadConfigException( "At least one rule must be" + + " present" ); + } + + for ( final ConfigurationRule rule : rules ) { + this.visit( rule ); + } + + this.visit( in.getResolutionStrategy() ); + } + + private void visit( final Capability in ) throws BadConfigException { +// final String name = in.getName() + if ( in instanceof MaliciousFileAnalysisCapability ) { + this.visit( (MaliciousFileAnalysisCapability)in ); + } else if ( in instanceof LoggingCapability ) { + this.visit( (LoggingCapability)in ); + } else if ( in instanceof Capability ) { + // ? + } else { + throw new BadConfigException( "Unexpected Capability type" ); + } + } + + private void visit( final MaliciousFileAnalysisCapability in ) throws BadConfigException { +// final boolean online = in.isSupportOnlineTraficAnalysis(); +// final boolean offline = in.isSupportOfflineTraficAnalysis(); +// final String fileType = in.getFileType(); + } + + private void visit( final LoggingCapability in ) throws BadConfigException { +// final String resType = in.getResourceType(); + } + + private void visit( final ConfigurationAction in, + final Rule rule ) throws BadConfigException { + if ( in instanceof AntiMalwareAction ) { + this.visit( (AntiMalwareAction)in, rule ); + } else if ( in instanceof LoggingAction ) { + this.visit( (LoggingAction)in, rule ); + } else { + throw new BadConfigException( "Unexpected Action" ); + } + } + + private void visit( final AntiMalwareAction in, + final Rule rule ) throws BadConfigException { +// final String type = in.getAntiMalwareActionType(); + if ( rule == null ) { + this.defaultAction = Rule.Action.MALWARE_DETECTION; + } else { + rule.setAction( Rule.Action.MALWARE_DETECTION ); + } + } + + private void visit( final LoggingAction in, + final Rule rule ) throws BadConfigException { +// final String type = in.getLoggingActionType(); + if ( rule == null ) { + this.defaultAction = Rule.Action.LOG; + } else { + rule.setAction( Rule.Action.LOG ); + } + } + + private void visit( final ConfigurationRule in ) throws BadConfigException { + final String name = in.getName(); + final boolean cnf = in.isIsCNF(); + + final Rule rule = new Rule(); + rule.setId( name ); + + // Action is either specified in the rule or the default action: + + final ConfigurationAction ca = in.getConfigurationRuleAction(); + if ( ca != null ) { + this.visit( ca, rule ); + } + + if ( rule.getAction() == Rule.Action.INVALID ) { + if ( this.defaultAction == Rule.Action.INVALID ) { + throw new BadConfigException( "Undefined Action" ); + } + rule.setAction( this.defaultAction ); + } + + this.visit( in.getConfigurationCondition(), rule ); + + // Might be null + final ExternalData data = in.getExternalData(); + if ( data != null ) { + this.visit( data, rule ); + } + + // Might be empty! + List< HSPL > hspls = in.getHSPL(); + for ( final HSPL hspl : hspls ) { + this.visit( hspl, rule ); + } + + if ( !rule.validate() ) { + throw new BadConfigException( "Invalid Rule: " + name ); + } + + this.rules.add( rule ); + } + + private void visit( final ConfigurationCondition in, + final Rule rule ) throws BadConfigException { + // Handled in subclasses: + // final boolean cnf = in.isIsCNF(); + + if ( in instanceof AntiMalwareCondition ) { + this.visit( (AntiMalwareCondition)in, rule ); + + rule.setOperation( "detect-MHR" ); + rule.setEvent( Rule.Event.FILE ); + + } else if ( in instanceof LoggingCondition ) { + this.visit( (LoggingCondition)in, rule ); + + rule.setOperation( "count" ); + } else { + throw new BadConfigException( "Unexpected Condition type" ); + } + } + + private void visit( final AntiMalwareCondition in, + final Rule rule ) throws BadConfigException { + final boolean cnf = in.isIsCNF(); + + final FileSystemCondition fsc = in.getFileSystemCondition(); + if ( fsc != null ) { + throw new BadConfigException( "FileSystemCondition is not" + + " defined with" + + " AntiMalwareCondition" ); + } + + final ApplicationLayerCondition ac = in.getApplicationLayerCondition(); + if ( ac == null ) { + throw new BadConfigException( "ApplicationLayerCondition must be " + + "present in AntiMalwareCondition" ); + } + + this.visit( ac, rule ); + + final EventCondition event = in.getEventCondition(); + if ( event != null ) { + throw new BadConfigException( "EventCondition is not" + + " defined with" + + " AntiMalwareCondition" ); + } + } + + private void visit( final FileSystemCondition in, + final Rule rule ) throws BadConfigException { +// final String file = in.getFilename(); // Might be null +// final String path = in.getPath(); // Might be null + + // Might be null + final PacketFilterCondition pf = in.getPacketFilterCondition(); + if ( pf != null ) { + this.visit( in.getPacketFilterCondition(), rule ); + } + } + + private List< String > parseAddressList( final String string ) throws BadConfigException { + + final List< String > list = new LinkedList< String >(); + if ( string == null ) { + return list; + } + + final String[] parts; + try { + parts = string.split( "," ); + } catch ( final PatternSyntaxException e ) { + throw new BadConfigException( "Internal error" ); + } + + // TODO: currently expects valid IP / hostname + + for ( final String part : parts ) { + list.add( part.trim() ); // AddressValue constructor does syntax checking! + } + + return list; + } + + private List< Integer > parsePortList( final String string ) throws BadConfigException { + + final List< Integer > list = new LinkedList< Integer >(); + if ( string == null ) { + return list; + } + + final String[] parts; + try { + parts = string.split( "," ); + } catch ( final PatternSyntaxException e ) { + throw new BadConfigException( "Internal error" ); + } + + for ( final String part : parts ) { + try { + list.add( Integer.valueOf( part.trim() ) ); + } catch ( final NumberFormatException e ) { + throw new BadConfigException( "Invalid port" ); + } + } + + return list; + } + + private void visit( final PacketFilterCondition in, + final Rule rule ) throws BadConfigException { + final String src = in.getSourceAddress(); // Might be null + final String dst = in.getDestinationAddress();// Might be null + final String srcPort = in.getSourcePort(); // Might be null + final String dstPort = in.getDestinationPort(); // Might be null +// TODO: +// final String direction = in.getDirection(); // Might be null +// final String iFace = in.getInterface(); // Might be null +// final String protocol = in.getProtocolType(); // Might be null + + final List< String > srcs = this.parseAddressList( src ); + final List< String > dsts = this.parseAddressList( dst ); + final List< Integer > sPorts = this.parsePortList( srcPort ); + final List< Integer > dPorts = this.parsePortList( dstPort ); + + if ( srcs.isEmpty() ) { + for ( final Integer port : sPorts ) { + try { + rule.addCondition( new AddressValue( "source_port", port.intValue() ) ); + } catch ( final URISyntaxException e ) { + throw new BadConfigException( e.getMessage() ); + } + } + } else { + if ( sPorts.isEmpty() ) { + for ( final String host : srcs ) { + try { + rule.addCondition( new AddressValue( "source", host ) ); + } catch ( final URISyntaxException e ) { + throw new BadConfigException( e.getMessage() ); + } + } + } else { + for ( final Integer port : sPorts ) { + final int p = port.intValue(); + for ( final String host : srcs ) { + try{ + rule.addCondition( new AddressValue( "source", host, p ) ); + } catch ( final URISyntaxException e ) { + throw new BadConfigException( e.getMessage() ); + } + } + } + } + } + + if ( dsts.isEmpty() ) { + for ( final Integer port : dPorts ) { + try { + rule.addCondition( new AddressValue( "destination_port", port.intValue() ) ); + } catch ( final URISyntaxException e ) { + throw new BadConfigException( e.getMessage() ); + } + } + } else { + if ( dPorts.isEmpty() ) { + for ( final String host : dsts ) { + try { + rule.addCondition( new AddressValue( "destination", host ) ); + } catch ( final URISyntaxException e ) { + throw new BadConfigException( e.getMessage() ); + } + } + } else { + for ( final String host : dsts ) { + for ( final Integer port : dPorts ) { + try { + rule.addCondition( new AddressValue( "destination", host, port.intValue() ) ); + } catch ( final URISyntaxException e ) { + throw new BadConfigException( e.getMessage() ); + } + } + } + } + } + + // Might be empty! + final List< String > states = in.getState(); + for ( final String state : states ) { + // TODO: check valid states! + rule.addCondition( new StringValue( "state", state ) ); + } + } + + private void visit( final ApplicationLayerCondition in, + final Rule rule ) throws BadConfigException { + final String url = in.getURL(); // Might be null + final HTTPCondition http = in.getHttpCondition(); // Might be null + final String extension = in.getFileExtension(); // Might be null + final String mime = in.getMimeType(); // Might be null + final Integer maxConn = in.getMaxconn(); // Might be null + final String dstDomain = in.getDstDomain(); // Might be null + final String srcDomain = in.getSrcDomain(); // Might be null + final String urlRegEx = in.getURLRegex(); // Might be null + + if ( http != null + || extension != null + || maxConn != null + || dstDomain != null + || srcDomain != null + || urlRegEx != null + // expect exactly one condition: + || ( mime != null && url != null ) ) { + throw new BadConfigException( "Unexpected ApplicationLayerCondition" ); + } + + if ( mime != null ) { + String value = mime.trim(); + if ( value.endsWith( "," ) ) { + value = value.substring( 0, value.length() - 1 ); + } + + rule.addCondition( new StringValue( "mime-type", value ) ); + + return; + } + + if ( url != null ) { + // Let's assume its a string consisting of comma-separated names + List< String > hosts = parseAddressList( url.trim() ); + + for ( final String host : hosts ) { + try { + // TODO: let's assume all the names represent destinations, + // since there is really no way to say what it is. + rule.addCondition( new AddressValue( "destination", host ) ); + } catch ( final URISyntaxException e ) { + throw new BadConfigException( e.getMessage() ); + } + } + + return; + } + + throw new BadConfigException( "Invalid ApplicationLayerCondition" ); + } + + private void visit( final EventCondition in, + final Rule rule ) throws BadConfigException { + + final String event = in.getEvents(); + if ( event == null ) { + throw new BadConfigException( "Exactly Event must be present" + + " in EventCondition" ); + } + + if ( !event.equals( "EVENT_CONNECTION" ) ) { + throw new BadConfigException( "Unexpected Event in" + + " EventCondition" ); + } + rule.setEvent( Rule.Event.CONNECTION ); + + final BigInteger interval = in.getInterval(); + if ( interval != null ) { + rule.addCondition( new IntValue( "interval", + interval.intValue() ) ); + } + + final BigInteger threshold = in.getThreshold(); + if (threshold != null ) { + rule.addCondition( new IntValue( "threshold", + threshold.intValue() ) ); + } + } + + private void visit( final LoggingCondition in, + final Rule rule ) throws BadConfigException { + final boolean cnf = in.isIsCNF(); + + final EventCondition event = in.getEventCondition(); + if ( event == null ) { + throw new BadConfigException( "Exactly one EventCondition" + + " must be present in LoggingCondition" ); + } + + this.visit( event, rule ); + + final String object = in.getObject(); + if ( object != null ) { + if ( !object.equals( "OBJ_CONNECTION" ) ) { + throw new BadConfigException( "Unexpected Object" ); + } + + rule.addParameter( new StringValue( "object", object ) ); + + } else { + // Compensate missing value: + rule.addParameter( new StringValue( "object", "OBJ_CONNECTION" ) ); + } + + // Might be empty! + final List< PacketFilterCondition > pfs = in.getPacketCondition(); + for ( final PacketFilterCondition pf : pfs ) { + this.visit( pf, rule ); + } + + final List< ApplicationLayerCondition > als = in.getApplicationCondition(); + for ( final ApplicationLayerCondition al : als ) { + this.visit( al, rule ); + } + + // Require at least one condition: + if ( ( pfs == null || pfs.isEmpty() ) + && ( als == null || als.isEmpty() ) ) { + throw new BadConfigException( "One or more PacketFilterConditions" + + " or ApplicationLayerConditions must" + + " be present in LoggingCondition" ); + } + } + + private void visit( final ExternalData in, + final Rule rule ) throws BadConfigException { + // ? + } + + private void visit( final HSPL in, + final Rule rule ) throws BadConfigException { + final String id = in.getHSPLId(); + final String text = in.getHSPLText(); + + rule.setHSPL( new HSPLInfo( id, text ) ); + } + + private void visit( final ResolutionStrategy in ) throws BadConfigException { + + if ( in instanceof LSTP ) { + this.visit( (LSTP)in ); + } else if ( in instanceof FMR ) { + this.visit( (FMR)in ); + } else if ( in instanceof ATP ) { + this.visit( (ATP)in ); + } else if ( in instanceof ALL ) { + this.visit( (ALL)in ); + } else if ( in instanceof MSTP ) { + this.visit( (MSTP)in ); + } else if ( in instanceof DTP ) { + this.visit( (DTP)in ); + } else { + throw new BadConfigException( "Unexpected ResolutionStrategy " + + "type" ); + } + } + + private void visit( final LSTP in ) throws BadConfigException { + + // Might be empty! + final List< ExternalData > datas = in.getExternalData(); + for ( final ExternalData data : datas ) { + this.visit( data, null ); + } + } + + private void visit( final FMR in ) throws BadConfigException { + + // Might be empty! + final List< ExternalData > datas = in.getExternalData(); + for ( final ExternalData data : datas ) { + this.visit( data, null ); + } + } + + private void visit( final ATP in ) throws BadConfigException { + + // Might be empty! + final List< ExternalData > datas = in.getExternalData(); + for ( final ExternalData data : datas ) { + this.visit( data, null ); + } + } + + private void visit( final ALL in ) throws BadConfigException { + + // Might be empty! + final List< ExternalData > datas = in.getExternalData(); + for ( final ExternalData data : datas ) { + this.visit( data, null ); + } + } + + private void visit( final MSTP in ) throws BadConfigException { + + // Might be empty! + final List< ExternalData > datas = in.getExternalData(); + for ( final ExternalData data : datas ) { + this.visit( data, null ); + } + } + + private void visit( final DTP in ) throws BadConfigException { + + // Might be empty! + final List< ExternalData > datas = in.getExternalData(); + for ( final ExternalData data : datas ) { + this.visit( data, null ); + } + } +} diff --git a/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/Rule.java b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/Rule.java new file mode 100644 index 0000000..0d173d2 --- /dev/null +++ b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/Rule.java @@ -0,0 +1,172 @@ +package eu.securedfp7.m2lservice.plugin; + +import java.util.List; +import java.util.LinkedList; + +import javax.json.JsonObjectBuilder; +import javax.json.JsonArrayBuilder; +import javax.json.JsonBuilderFactory; +import javax.json.JsonException; + +public class Rule { + + public enum Event { + INVALID, + CONNECTION, + FILE + } + + public enum Action { + INVALID, + LOG, + MALWARE_DETECTION + } + + private String id = null; + private HSPLInfo hspl = null; + private String operation = null; + private Event event = Event.INVALID; + private Action action = Action.INVALID; + private List< Value > parameters = new LinkedList< Value >(); + private List< Value > conditions = new LinkedList< Value >(); + + public Rule() { + } + + public String getId() { + return this.id; + } + + public void setId( final String id ) { + this.id = id; + } + + public HSPLInfo getHSPL() { + return this.hspl; + } + + public void setHSPL( final HSPLInfo hspl ) { + this.hspl = hspl; + } + + public String getOperation() { + return this.operation; + } + + public void setOperation( final String op ) { + this.operation = op; + } + + public Event getEvent() { + return this.event; + } + + public void setEvent( final Event ev ) { + this.event = ev; + } + + public Action getAction() { + return this.action; + } + + public void setAction( final Action a ) { + this.action = a; + } + + public void addParameter( final Value v ) { + this.parameters.add( v ); + } + + public void addCondition( final Value v ) { + this.conditions.add( v ); + } + + // TODO: this is ugly: + private String eventToString( final Event ev ) { + + switch ( ev ) { + case INVALID: return null; + case CONNECTION: return "EVENT_CONNECTION"; + case FILE: return "EVENT_FILE"; + default: return null; + } + } + + // TODO: this is ugly: + private String actionToString( final Action ac ) { + + switch( ac ) { + case INVALID: return null; + case LOG: return "log"; + case MALWARE_DETECTION: return "log"; // Currently we only support logging + default: return null; + } + } + + public JsonObjectBuilder toJson( final JsonBuilderFactory factory ) { + + if ( !this.validate() ) { + throw new JsonException( "Invalid Rule" ); + } + + final JsonObjectBuilder builder = factory.createObjectBuilder(); + builder.add( "id", this.id ); + builder.add( "hspl", this.hspl.toJson( factory ) ); + builder.add( "operation", this.operation ); + builder.add( "event", this.eventToString( this.event ) ); + builder.add( "action", this.actionToString( this.action ) ); + + final JsonArrayBuilder parmBuilder = factory.createArrayBuilder(); + for ( Value item : this.parameters ) { + parmBuilder.add( item.toJson( factory ) ); + } + + builder.add( "parameters", parmBuilder ); + + final JsonArrayBuilder condBuilder = factory.createArrayBuilder(); + for ( Value item : this.conditions ) { + condBuilder.add( item.toJson( factory ) ); + } + + builder.add( "conditions", condBuilder ); + + return builder; + } + + public boolean validate() { + + if ( this.id == null ) { + return false; + } + + if ( this.hspl == null || !this.hspl.validate() ) { + return false; + } + + if ( this.operation == null ) { + return false; + } + + if ( this.event == Event.INVALID ) { + return false; + } + + if ( this.action == Action.INVALID ) { + return false; + } + + for ( final Value item : this.parameters ) { + if ( !item.validate() ) { + return false; + } + } + + for ( final Value item : this.conditions ) { + if ( !item.validate() ) { + return false; + } + } + + return true; + } +} diff --git a/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/StringValue.java b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/StringValue.java new file mode 100644 index 0000000..e7cf383 --- /dev/null +++ b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/StringValue.java @@ -0,0 +1,31 @@ +package eu.securedfp7.m2lservice.plugin; + +import javax.json.JsonObjectBuilder; +import javax.json.JsonBuilderFactory; +import javax.json.JsonException; + +public class StringValue extends Value< String > { + + public StringValue( final String type, + final String value ) { + super ( type, value ); + } + + public JsonObjectBuilder toJson( final JsonBuilderFactory factory ) { + + if ( !this.validate() ) { + throw new JsonException( "Invalid Value" ); + } + + final JsonObjectBuilder builder = factory.createObjectBuilder(); + builder.add( "type", this.type ); + builder.add( "value", this.value ); + + return builder; + } + + public boolean validate() { + return ( this.type != null + || this.value != null ); + } +} diff --git a/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/Tester.java b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/Tester.java new file mode 100644 index 0000000..7d5da40 --- /dev/null +++ b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/Tester.java @@ -0,0 +1,61 @@ +package eu.securedfp7.m2lservice.plugin; + +// For validating the XMLSchema +import javax.xml.XMLConstants; +import javax.xml.transform.Source; +import javax.xml.transform.stream.StreamSource; +import javax.xml.validation.*; +import org.xml.sax.SAXException; +import java.net.*; +import java.io.*; + +public class Tester { + + // For testing + public static void main( final String[] args ) { + System.out.println( "################################"); + System.out.println( "Tester."); + String validateRes = validateSchemaReturnError(args[ 0 ]); + if(validateRes != null){ + System.out.println("##Oops! Your MSPL (" + args[ 0 ] + ") does not validate with the schema, reason: \n" + validateRes); + }else{ + System.out.println("##Great! Your MSPL (" + args[ 0 ] + " is well formed!"); + } + System.out.println( "################################"); + + System.out.println( "input: " + args[ 0 ] ); + System.out.println( "output: " + args[ 1 ] ); + final M2LPlugin plugin = new M2LPlugin(); + final int status = plugin.getConfiguration( args[ 0 ], args[ 1 ] ); + System.out.println( "status: " + status ); + } + + private static String validateSchemaReturnError(String MSPLFileName) { + String ret = null; + Source xmlFile = new StreamSource(new File(MSPLFileName)); + SchemaFactory schemaFactory = SchemaFactory + .newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); + Source schemaFileValidate; + Schema schema; + Validator validator = null; + try { + // NOTE: assumes you run this from M2LPluginBro folder, modify if needed. + schemaFileValidate = new StreamSource(new File("./schema/MSPL_XML_Schema.xsd")); + schema = schemaFactory.newSchema(schemaFileValidate); + validator = schema.newValidator(); + } catch (SAXException e) { + e.printStackTrace(); + } + try { + validator.validate(xmlFile); + //System.out.println("####" + xmlFile.getSystemId() + " is valid"); + } catch (SAXException e) { + //System.out.println(xmlFile.getSystemId() + " is NOT valid"); + ret = e.getLocalizedMessage(); + }catch ( final IOException e) { + e.printStackTrace(); + } + + return ret; + } +} diff --git a/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/Value.java b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/Value.java new file mode 100644 index 0000000..b49ad90 --- /dev/null +++ b/M2LPlugin/src/main/java/eu/securedfp7/m2lservice/plugin/Value.java @@ -0,0 +1,36 @@ +package eu.securedfp7.m2lservice.plugin; + +import javax.json.JsonObjectBuilder; +import javax.json.JsonBuilderFactory; +import javax.json.JsonException; + +public abstract class Value< T > { + + protected String type = null; + protected T value = null; + + protected Value( final String t, final T v ) { + this.type = t; + this.value = v; + } + + public String getType() { + return this.type; + } + + public void setType( final String t ) { + this.type = t; + } + + public T getValue() { + return this.value; + } + + public void setValue( final T v ) { + this.value = v; + } + + public abstract JsonObjectBuilder toJson( final JsonBuilderFactory factory ); + + public abstract boolean validate(); +} diff --git a/M2LPlugin/test.sh b/M2LPlugin/test.sh new file mode 100644 index 0000000..552c45a --- /dev/null +++ b/M2LPlugin/test.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +java -cp ./lib/javax.json-1.0.4.jar:./lib/mspl_class.jar:./lib/commons-codec-1.9.jar:./target/M2LPluginBro-0.1.jar eu.securedfp7.m2lservice.plugin.Tester $1 $2 diff --git a/M2LPlugin/validate.sh b/M2LPlugin/validate.sh new file mode 100644 index 0000000..8ed7968 --- /dev/null +++ b/M2LPlugin/validate.sh @@ -0,0 +1,8 @@ +#/bin/sh + +if [ ! -f "$1" ]; then + echo "usage: $0 FILE" + exit 1 +fi + +xmllint --schema ./schema/MSPL_XML_Schema.xsd --noout --nonet --dropdtd $1 diff --git a/NED_files/PSCM/userList b/NED_files/PSCM/userList new file mode 100644 index 0000000..e6c6643 --- /dev/null +++ b/NED_files/PSCM/userList @@ -0,0 +1 @@ +user1 19ceda366d4b785cee1daa69f75f0caff81d1f73e0ffd19d6556002bf9c98ad0 user2 19ceda366d4b785cee1daa69f75f0caff81d1f73e0ffd19d6556002bf9c98ad0 user3 19ceda366d4b785cee1daa69f75f0caff81d1f73e0ffd19d6556002bf9c98ad0 user4 19ceda366d4b785cee1daa69f75f0caff81d1f73e0ffd19d6556002bf9c98ad0 user5 19ceda366d4b785cee1daa69f75f0caff81d1f73e0ffd19d6556002bf9c98ad0 user6 19ceda366d4b785cee1daa69f75f0caff81d1f73e0ffd19d6556002bf9c98ad0 user10 19ceda366d4b785cee1daa69f75f0caff81d1f73e0ffd19d6556002bf9c98ad0 test 19ceda366d4b785cee1daa69f75f0caff81d1f73e0ffd19d6556002bf9c98ad0 test1 19ceda366d4b785cee1daa69f75f0caff81d1f73e0ffd19d6556002bf9c98ad0 bro 19ceda366d4b785cee1daa69f75f0caff81d1f73e0ffd19d6556002bf9c98ad0 diff --git a/NED_files/README.md b/NED_files/README.md new file mode 100644 index 0000000..dcf2c80 --- /dev/null +++ b/NED_files/README.md @@ -0,0 +1 @@ +# Placeholder diff --git a/NED_files/TVDM/PSAManifest/BroLogging_manifest.xml b/NED_files/TVDM/PSAManifest/BroLogging_manifest.xml new file mode 100644 index 0000000..35e7a07 --- /dev/null +++ b/NED_files/TVDM/PSAManifest/BroLogging_manifest.xml @@ -0,0 +1,125 @@ + + + + + BroLogging + Bro Logging + Offers network monitoring and logging capabilities + https://www.secured-fp7.eu/ + 1.00 + VTT + VTT + Copyright 2016 VTT Technical Research Centre of Finland Ltd + + This file is part of Bro PSA + + All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + Freeware + + + + + BroLogging + bro + network traffic analysis + + + Logging + + + + + bro + BroLogging + This plugin converts MSPL to Bro PSA configuration + + brologging_M2L_plugin + BroLogging + http://195.235.93.146:8080/v1/PSA/M2Lplugins/PSA-brologging + none + + brologging_M2L_plugin.jar + + + + + 10 + + + 10 + + 2 + 10 + + + + + + + 1 + x86_64 + Intel + + 1 + + + 2 + + + 10 + + + 2000 + + + + Debian + 7.0 + x86_64 + + + + + cold migration + stateless + + + + + + img + + brologging_M2L_plugin + brologging_M2L_plugin.jar + java + + 1 + + + + + 100 + + + 10 + + + 10 + + + diff --git a/NED_files/TVDM/PSAManifest/BroMalware_manifest.xml b/NED_files/TVDM/PSAManifest/BroMalware_manifest.xml new file mode 100644 index 0000000..a4fc38b --- /dev/null +++ b/NED_files/TVDM/PSAManifest/BroMalware_manifest.xml @@ -0,0 +1,125 @@ + + + + + BroMalware + Bro Malware Detection + Offers malware detection capabilities + https://www.secured-fp7.eu/ + 1.00 + VTT + VTT + Copyright 2016 VTT Technical Research Centre of Finland Ltd + + This file is part of Bro PSA + + All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + Freeware + + + + + BroMalware + bro + anti-malware detector + + + Offline_malware_analysis + + + + + bro + BroMalware + This plugin converts MSPL to Bro PSA configuration + + bromalware_M2L_plugin + BroMalware + http://195.235.93.146:8080/v1/PSA/M2Lplugins/PSA-bromalware + none + + bromalware_M2L_plugin.jar + + + + + 10 + + + 10 + + 2 + 10 + + + + + + + 1 + x86_64 + Intel + + 1 + + + 2 + + + 10 + + + 2000 + + + + Debian + 7.0 + x86_64 + + + + + cold migration + stateless + + + + + + img + + bromalware_M2L_plugin + bromalware_M2L_plugin.jar + java + + 1 + + + + + 100 + + + 10 + + + 10 + + + diff --git a/NED_files/TVDM/PSAManifest/broPSA b/NED_files/TVDM/PSAManifest/broPSA new file mode 100644 index 0000000..8aa35b8 --- /dev/null +++ b/NED_files/TVDM/PSAManifest/broPSA @@ -0,0 +1,22 @@ +{ + "PSA_id":"BroPSA", + "disk": "veryLightPSA-bro-1G.img", + "interface": [ + { + "network":"data", + "type":"data_in" + }, + { + "network":"data", + "type":"data_out" + }, + { + "network":"control", + "type":"manage" + } + ], + "memory": "256", + "IP": true, + "os-architecture": "x86_64", + "vcpu": "1" +} diff --git a/NED_files/TVDM/psaConfigs/broPSA/psaConf b/NED_files/TVDM/psaConfigs/broPSA/psaConf new file mode 100644 index 0000000..8e53402 --- /dev/null +++ b/NED_files/TVDM/psaConfigs/broPSA/psaConf @@ -0,0 +1,92 @@ +{ + + "rules": [ + { "id": "rule1", + "hspl": { + "id": "hspl0", + "text": "abcd" + }, + "event": "EVENT_CONNECTION", + "operation": "count", + "parameters": [ + { "type": "object", + "value": "OBJ_CONNECTION" + } + ], + "action": "log", + "conditions": [ + { "type": "interval", + "value": 30 }, + { "type": "threshold", + "value": 50 }, + { "type": "destination", + "value": { "address": "91.197.85.151" } + } + ] + }, + { "id": "rule2", + "hspl": { + "id": "hspl0", + "text": "abcd" + }, + "event": "EVENT_CONNECTION", + "operation": "count", + "parameters": [ + { "type": "object", + "value": "OBJ_CONNECTION" + } + ], + "action": "log", + "conditions": [ + { "type": "interval", + "value": 30 }, + { "type": "threshold", + "value": 50 }, + { "type": "destination", + "value": { "address": "81.209.67.238" } + } + ] + }, + { "id": "rule3", + "hspl": { + "id": "hspl0", + "text": "abcd" + }, + "event": "EVENT_CONNECTION", + "operation": "count", + "parameters": [ + { "type": "object", + "value": "OBJ_CONNECTION" + } + ], + "action": "log", + "conditions": [ + { "type": "interval", + "value": 30 }, + { "type": "threshold", + "value": 50 }, + { "type": "destination_port", + "value": { "port": 80 } + } + ] + }, + { "id": "rule4", + "hspl": { + "id": "hspl0", + "text": "abcd" + }, + "event": "EVENT_FILE", + "operation": "detect-MHR", + "parameters": [ ], + "action": "log", + "conditions": [ + { "type": "mime-type", + "value": "application/pdf" + }, + { "type": "mime-type", + "value": "application/x-dosexec" + } + ] + } + ] +} diff --git a/NED_files/TVDM/userGraph/bro b/NED_files/TVDM/userGraph/bro new file mode 100644 index 0000000..33778b9 --- /dev/null +++ b/NED_files/TVDM/userGraph/bro @@ -0,0 +1,26 @@ +{ + "name": "user_profile_type", + "user_token": "", + "profile_type": "AD", + + "PSASet": [ + + { + "id": "broPSA", + "security_controls": [ + + { + "imgName": "veryLightPSA-bro-1G.img", + "conf_id":"psaConf" + } + + ] + + } + + ], + + "ingress_flow": ["12345"], + "egress_flow": ["12345"] + +} diff --git a/PSA/BroManager.py b/PSA/BroManager.py new file mode 100644 index 0000000..c908f4a --- /dev/null +++ b/PSA/BroManager.py @@ -0,0 +1,462 @@ +# -*- Mode:Python;indent-tabs-mode:nil; -*- +# +# BroManager.py +# +# An interface to Bro. +# +# Author: jounih / VTT Technical Research Centre of Finland Ltd., 2015 +# jju / VTT Technical Research Centre of Finland Ltd., 2016 +# + +import threading +import subprocess +import os +import os.path +import logging + +# In the new image, the broccoli location is here +import sys +sys.path.append( '/opt/bro/lib/broctl/' ) + +from broccoli import Connection +import ConfigLoader +import ModuleLoader + +# A simple Thread-object that is used to call Broccoli's +# processInput() every now and then to keep Bro event +# handling running. + +class InputThread( threading.Thread ): + + polling = None # threading.Event instance for waiting + pollingInterval = 1 # Polling interval in seconds + connection = None # Bro connection to poll + + def __init__( self, connection ): + self.connection = connection + threading.Thread.__init__( self ) + self.polling = threading.Event() + + def run( self ): + while ( ( not self.polling.is_set() ) + and self.connection != None ): + self.connection.processInput() + self.polling.wait( self.pollingInterval ) + +# Exception class for Bro related exceptions. +class BroException( Exception ): + def __init__( self, value ): + super( BroException, self ).__init__( value ) + self.value = value + + def __str__( self ): + return repr( self.value ) + +# BroManager is *the* interface to Bro +# +# Allows starting and stopping Bro and loading new modules +# +# State management: +# BroManager controls an instance of the Bro network monitor. To keep +# state management simple there are essentially two states: 'running' +# and 'stopped'. All changes (e.g. loading modules, adding rules) should +# be made while Bro is stopped. +# + +class BroManager( object ): + # TODO: These should be configurable: + configFile = '/opt/bro/share/bro/site/secured.bro' + broctlPath = '/opt/bro/bin/broctl' + + SCRIPT_PRE_INIT = 'pre-init.bro' + SCRIPT_POST_INIT = 'post-init.bro' + + # Bro PSA installation base directory. All directiories are relative to this + baseDir = None + # Module directory: self.baseDir + '/modules' + moduleDir = None + # Current Inputhread object. None if there is not connection. + thread = None + # Bro Connectio object instance if Bro manager is currently connected to + # one, None otherwise. + connection = None + # Dictionary of currently loaded Bro modules. + modules = { } # { "name": BroModule } + # A logger to which Bro modules report their logs. + # TODO: this is a quick hack: a better aproach should be implemented. + logger = None + + def __init__( self, base=None, logger=None ): + if not os.getuid() == 0: + raise Exception( 'BroManager requires root access!' ) + + self.logger = logger + if base != None: + self.baseDir = base + else: + self.baseDir = '/home/psa/pythonScript/' + self.moduleDir = self.baseDir + '/modules' + ModuleLoader.init( self.baseDir + '/modules.json' ) + + def __del__( self ): + self.disconnect() + + def isConnected( self ): + return ( self.connection != None ) + + # NOTE: it could be a good idea to use connect / disconnect internally + # only and always use startBro / stopBro / loadConfig externally. However, + # now connect() is also use to connect (or check) if a bro instance is + # already running. + + def connect( self ): # throws IOError + """ + Connect to a running Bro instance. + + Creates a thread that starts calling Broccoli's processInput() + periodically. + """ + if self.connection != None: + self.disconnect() + + # Note: all Bro modules must be loaded *BEFORE* the Bro Connection + # is created. The reason for this is that Broccoli Python interface + # only registers event handlers for those @events that it has seen + # the moment when the Connection is created. Thus, loading new modules + # requires creating a new Connection. + + # TODO: make the address configurable + + self.connection = Connection( "127.0.0.1:47760", connect = False ) + + try: + self.connection.connect() + except IOError as e: + self.connection = None + raise e + + self.thread = InputThread( self.connection ) + self.thread.start() + + def disconnect( self ): + """ + Close the connection with the Bro instance. + + Stops the thread polling Broccoli's processInput() + """ + if self.thread != None: + if self.thread.polling: + self.thread.polling.set() + self.thread.connection = None + self.thread.join() + self.thread = None + if self.connection != None: + self.connection.connDelete() + self.connection = None + + def _loadModule( self, name ): + """ + Loads a module corresponding to 'name' if one is + found in the modules.json file. + """ + module = ModuleLoader.load( name ) + if module == None: + logging.error( 'Could not load module: ' + name) + return None + + # Create an instance of the module + instance = module( self.logger ) + self.modules[ name ] = instance + logging.info( 'Module loading succesfull: ' + name) + return instance + + def _getOrLoadModule( self, key ): + """ + Return a module corresponding to 'key'. If one is not present + try to load it based on the modules.json file. + """ + try: + return self.modules[ key ] + except KeyError: + return self._loadModule( key ) + + def loadConfig( self, filename ): + """ + Loads a configuration file. Before loading, each module is disabled. + Configuration rules are passed to corresponding modules. In case such + module has not been loaded, they are loaded according to modules.json + file. + + Note: this function should only be called when Bro is stopped! + """ + + # This function used to reset each module, but requiring Bro to + # be stopped makes more sense and keeps the state management + # easier. + if self.connection != None: + raise BroException( 'Invalid state' ) + + self._disablePreInitScript() + self._disableAllModules() + self._disablePostInitScript() + + self.modules = { } + rules = ConfigLoader.load( filename ) + + self._broctl_cmd( 'cleanup', 'all' ) + + logging.info( 'Enabling pre-init script' ) + self._enablePreInitScript() + + for rule in rules: + module = self._getOrLoadModule( rule.operation ) + if module == None: + logging.warning( 'No module for operation ' + + rule.operation + + ' (' + rule.ruleId + ')' ) + continue + + if not module.enabled: + self._enableModule( module ) + + logging.info( 'Setting rule %s for module %s' + % ( rule.ruleId, module.broScript ) ) + if not module.onRule( rule ): + logging.warning( 'Invalid rule: ' + rule.ruleId ) + + logging.info( 'Enabling post-init script' ) + self._enablePostInitScript() + + # Note: broctl install must be run when ever the local policy scripts + # are modified. This means each time a module is enabled or disabled. + # However, it is not a good idea to run them in enable/disableModule + # functions separately for each change. + + self._broctl_cmd( 'check' ) + self._broctl_cmd( 'install' ) + + # The 'broctl update' command is only needed if Bro is already running. + # However, update won't update all Bro state, so stopping and restarting + # Bro for any updates is a safer way. We don't expect this to happen + # often! + + # self._broctl_cmd( 'update' ) + + + def startBro( self ): + """ + Starts bro instance and calls each modules onStart-callback. + """ + + if self.connection != None: + raise BroException( 'Invalid state' ) + + logging.info( 'Starting Bro' ) + # Newer Bro versions have commend 'deploy', which must be + # run when ever the scripts are modified. It should be equivalent + # of 'check', 'install' and 'restart' + self._broctl_cmd( 'cleanup', '--all' ) + self._broctl_cmd( 'check' ) + self._broctl_cmd( 'install' ) + #self._broctl_cmd( 'update' ) + self._broctl_cmd( 'start' ) + self.connect() + + logging.info( 'Starting modules' ) + for key, module in self.modules.iteritems(): + if module.enabled: + logging.info( 'Module: ' + module.broScript ) + module.onStart( self.connection ) + logging.info( 'Done' ) + logging.info( 'Bro Started' ) + + def stopBro( self ): + """ + Stops running bro instance. Each module's onStop-callback is called + before bro is stopped to allow any cleanup actions necessary. + """ + + if self.connection == None: + raise BroException( 'Invalid state' ) + + logging.info( 'Stopping Bro' ) + logging.info( 'Stopping modules' ) + for key, module in self.modules.iteritems(): + if module.enabled: + logging.info( 'Module: ' + module.broScript ) + module.onStop() + logging.info( 'Done' ) + + self.disconnect() + self._broctl_cmd( 'stop' ) + logging.info( 'Bro Stopped' ) + + def restartBro( self ): + self.stopBro() + self.startBro() + + def _broctl_cmd( self, cmd, *args ): + """ + Execute a command using broctl + """ + cArgs = [ self.broctlPath, cmd ] + for arg in args: + cArgs.append( arg ) + + logging.info( 'Calling broctl: ' + str( cArgs ) ) + # will wait for completion of cmd + rv = subprocess.call( cArgs ) + if rv == 1: + raise Exception( 'Error: broctl ' + cmd + ' failed!' ) + + def _enableModule( self, module ): + """ + Enables a specific Bro module. + + If the module is not listed in the Bro configuration file, it is added + there. If the module is listed in the file, but commented out, the + comment character is removed. + + Note: does not call module's onStart callback! + Note: Bro must be restarted in order of these changes to take effect. + """ + # See if the module name already exists in the configuration file: + path = self.moduleDir + '/' + module.broScript + rv = subprocess.call( [ 'grep', + '--quiet', + '@load ' + path, + self.configFile ] ) + if rv != 0: # No match found: add a new line + with open( self.configFile, 'a' ) as f: + f.write( '\n@load ' + path + '\n' ) + rv = 0 + else: # Remove comment chracater before the load directive + pattern = 's|^#*@load ' + path + '|@load ' + path + '|g' + rv = subprocess.call( [ 'sed', + '-i.bak', + '--silent', + pattern, + self.configFile ] ) + + if rv == 0: + module.enabled = True + return rv + + def _disableModule( self, module ): + """ + Disable a specific Bro module. + + Essentially comments out the module from Bro configuration file. + + Note: does not call module's onStop callback! + Note: Bro must be restarted in order of these changes to take effect. + """ + # Comment the load directive out + pattern = 's|^@load ' + self.moduleDir + '/' + module.broScript + pattern += '|#@load ' + self.moduleDir + '/' + module.broScript + '|g' + rv = subprocess.call( [ 'sed', + '-i.bak', + '--silent', + pattern, + self.configFile ] ) + + if rv == 0: + module.enabled = False + return rv + + def _disableAllModules( self ): + """ + Disables all Bro modules. + + Essentially comments out all modules in the module directory from the + Bro configuration file. This includes modules that are not listed in + the current module configuration. The main purpose of this function is + to ensure clean restart of Bro. + + Does not affect the currently loaded modules in any way. + + Note: Bro must be restarted in order of these changes to take effect. + """ + + # Comment the load directive out in order to disable the module + pattern = 's|^@load ' + self.moduleDir + '/' + pattern += '|#@load ' + self.moduleDir + '/|g' + rv = subprocess.call( [ 'sed', + '-i.bak', + '--silent', + pattern, + self.configFile ] ) + return ( rv == 0 ) + + def _enablePreInitScript( self ): + script = self.moduleDir + '/' + self.SCRIPT_PRE_INIT + line = '@load ' + script + # Remove the all instances of the line first to make sure that + # the line is included only once and that its the first line! + # This might usually not be needed, but let's make it anyways + # to be sure that we don't have any unexpected side effects! + _fileRemoveLines( self.configFile, line ) + _fileRemoveEmptyLines( self.configFile ) + # Only add the line if the pre-init script actually exists + if _fileExists( script ): + _filePrependLine( self.configFile, line ) + _fileRemoveEmptyLines( self.configFile ) + + def _enablePostInitScript( self ): + script = self.moduleDir + '/' + self.SCRIPT_POST_INIT + line = '@load ' + script + # Remove the all instances of the line first to make sure that + # the line is included only once and that its the last line! + # This might usually not be needed, but let's make it anyways + # to be sure that we don't have any unexpected side effects! + _fileRemoveLines( self.configFile, line ) + _fileRemoveEmptyLines( self.configFile ) + # Only add the line if the post-init script actually exists + if _fileExists( script ): + _fileAppendLine( self.configFile, line ) + _fileRemoveEmptyLines( self.configFile ) + + def _disablePreInitScript( self ): + script = self.moduleDir + '/' + self.SCRIPT_PRE_INIT + line = '@load ' + script + _fileRemoveLines( self.configFile, line ) + _fileRemoveEmptyLines( self.configFile ) + + def _disablePostInitScript( self ): + script = self.moduleDir + '/' + self.SCRIPT_POST_INIT + line = '@load ' + script + _fileRemoveLines( self.configFile, line ) + _fileRemoveEmptyLines( self.configFile ) + +# The file handling scripts below use mostly sed magic to do their things. +# This might not be the best or most pythonianic way to do the operations, +# but as most of the file-related functions above also make it this way +# let's continue the habbit... + +def _fileExists( f ): + return os.path.isfile( f ) + +def _fileContainsLine( f, line ): + return ( subprocess.call( [ 'grep', '--quiet', 'line', f ] ) != 0 ) + +def _fileRemoveLines( f, line ): + pattern = 's|^' + line + '||g' + rv = subprocess.call( [ 'sed', '-i.bak', pattern, f ] ) + return rv + +def _fileRemoveEmptyLines( f ): + rv = subprocess.call( [ 'sed', '-i.bak', '/^\s*$/d', f ] ) + return rv + +def _filePrependLine( f, line ): + # Sed magic doesn't work for empty files + # However, in that case we only need to append + if os.stat( f ).st_size == 0: + _fileAppendLine( f, line ) + else: + pattern = '1s|^|' + line + '\\n|g' + subprocess.call( [ 'sed', '-i.bak', '--silent', pattern, f ] ) + +def _fileAppendLine( f, line ): + with open( f, 'a') as fi: + fi.write( '\n' + line + '\n' ) diff --git a/PSA/Config.py b/PSA/Config.py new file mode 100644 index 0000000..9e1e5b1 --- /dev/null +++ b/PSA/Config.py @@ -0,0 +1,167 @@ +# -*- Mode:Python;indent-tabs-mode:nil; -*- +# +# Config.py +# +# PSA configuration file parsing +# +# Author: anon, +# jju / VTT Technical Research Centre of Finland Ltd., 2016 +# + +import ConfigParser +import os +#import copy +import logging + +def resolve_psa_home(): + try: + home = os.environ[ 'PSA_HOME' ] + if not os.path.isdir( home ): + error = 'Environment variable $PSA_HOME is not a valid directory' + raise RuntimeError( error ) + if not os.path.isabs( home ): + error ='Environment variable $PSA_HOME path is not absolute' + raise RuntimeError( error ) + return home + except KeyError: + logging.warning( 'Environment variable $PSA_HOME not set' ) + logging.info( 'Using current working directory as $PSA_HOME' ) + return os.getcwd() + +def normalize_path( base, path ): + return os.path.join( base, path) + +def getboolean_default( config, section, option, default ): + try: + return config.getboolean( section, option ) + except ConfigParser.NoOptionError as e: + return default + +def get_default( config, section, option, default ): + try: + return config.get( section, option ) + except ConfigParser.NoOptionError as e: + return default + +class Configuration( object ): + _instance = None # Singleton + + def __new__( cls, *args, **kwargs ): + if not cls._instance: + cls._instance = super( Configuration, cls ).__new__( cls, *args, **kwargs ) + return cls._instance + + def __init__( self ): + config = ConfigParser.RawConfigParser() + #config.read( 'psa.conf' ) + config.read( 'psaEE.conf' ) + + # Hard-coded options + self._PSA_HOME = resolve_psa_home() + self._LOG_FILE = 'PSA.log' + + + + # Optional + self._VERBOSE = getboolean_default( config, 'configuration', + 'verbose', False ) + self._DEBUG = getboolean_default( config, 'configuration', + 'debug', False ) + self._TEST_MODE = getboolean_default( config, 'configuration', + 'test_mode', False ) + + self._TEST_MODE_IP = get_default( config, 'configuration', + 'test_mode_ip', None ) + self._TEST_MODE_DNS = get_default( config, 'configuration', + 'test_mode_dns', None ) + self._TEST_MODE_NETMASK = get_default( config, 'configuration', + 'test_mode_netmask', None ) + self._TEST_MODE_GATEWAY = get_default( config, 'configuration', + 'test_mode_gateway', None ) + + # Required options: + self._PSC_ADDRESS = config.get( 'configuration', 'psc_address' ) + self._PSA_CONFIG_PATH = config.get( 'configuration', 'psa_config_path' ) + self._PSA_ID = config.get( 'configuration', 'psa_id' ) + self._PSA_SCRIPTS_PATH = config.get( 'configuration', 'scripts_path' ) + self._PSA_API_VERSION = config.get( 'configuration', 'psa_api_version' ) + self._PSA_VERSION = config.get( 'configuration', 'psa_version' ) + self._PSA_NAME = config.get( 'configuration', 'psa_name' ) + self._PSA_LOG_LOCATION = config.get( 'configuration', 'psa_log_location' ) + + # Make all relative paths absolute based on $PSA_HOME + base = self._PSA_HOME + self._LOG_FILE = normalize_path( base, self._LOG_FILE ) + self._PSA_CONFIG_PATH = normalize_path( base, self._PSA_CONFIG_PATH ) + self._PSA_SCRIPTS_PATH = normalize_path( base, self._PSA_SCRIPTS_PATH ) + self._PSA_LOG_LOCATION = normalize_path( base, self._PSA_LOG_LOCATION ) + + self._CONF_ID = config.get( 'configuration', 'conf_id' ) + + @property + def PSA_HOME( self ): + return self._PSA_HOME + + @property + def TEST_MODE( self ): + return self._TEST_MODE + + @property + def TEST_MODE_IP( self ): + return self._TEST_MODE_IP + + @property + def TEST_MODE_DNS( self ): + return self._TEST_MODE_DNS + + @property + def TEST_MODE_NETMASK( self ): + return self._TEST_MODE_NETMASK + + @property + def TEST_MODE_GATEWAY( self ): + return self._TEST_MODE_GATEWAY + + @property + def LOG_FILE( self ): + return self._LOG_FILE + + @property + def VERBOSE( self ): + return self._VERBOSE + + @property + def PSC_ADDRESS( self ): + return self._PSC_ADDRESS + + @property + def PSA_CONFIG_PATH( self ): + return self._PSA_CONFIG_PATH + + @property + def PSA_SCRIPTS_PATH( self ): + return self._PSA_SCRIPTS_PATH + + @property + def PSA_ID( self ): + return self._PSA_ID + + @property + def PSA_NAME( self ): + return self._PSA_NAME + + @property + def PSA_API_VERSION( self ): + return self._PSA_API_VERSION + + @property + def PSA_VERSION( self ): + return self._PSA_VERSION + + @property + def PSA_LOG_LOCATION( self ): + return self._PSA_LOG_LOCATION + + # @property + # def CONF_ID(self): + # return self._CONF_ID diff --git a/PSA/ConfigLoader.py b/PSA/ConfigLoader.py new file mode 100644 index 0000000..d87a9f1 --- /dev/null +++ b/PSA/ConfigLoader.py @@ -0,0 +1,90 @@ +# -*- Mode:Python;indent-tabs-mode:nil; -*- +# +# ConfigLoader.py +# +# Loads a JSON configuration file and performs some sanity checks. +# +# Author: jju / VTT Technical Research Centre of Finland Ltd., 2016 +# + +import json + +class ParseError( Exception ): + def __init__( self, value ): + super( ParseError, self ).__init__( value ) + self.value = value + + def __str__ ( self ): + return repr( self.value ) + +class ObjectEnum( object ): + Connection, Port, Address = range( 3 ) + +def parseObjectEnum( value ): + if value == 'OBJ_CONNECTION': + return ObjectEnum.Connection + if value == 'OBJ_PORT': + return ObjectEnum.Port + if value == 'OBJ_ADDRESS': + return ObjectEnum.Address + raise ParseError( 'Invalid ObjectEnum: ' + value ) + +class EventEnum( object ): + File, Connection = range( 2 ) + +def parseEventEnum( value ): + if value == 'EVENT_FILE': + return EventEnum.File + if value == 'EVENT_CONNECTION': + return EventEnum.Connection + raise ParseError( 'Invalid EventEnum: ' + value ) + +class ActionEnum( object ): + Log = range( 1 ) + +def parseActionEnum( value ): + if value == 'log': + return ActionEnum.Log + raise ParseError( 'Invalid ActionEnum: ' + value ) + +def parseMultiValueDictionary( data ): + to = {} + for item in data: + key = item[ 'type' ] + value = item[ 'value' ] + to.setdefault( key, [] ) + to[ key ].append( value ) + return to + +def parseHSPL( data ): + to = {} + to[ 'id' ] = data[ 'id' ] + to[ 'text' ] = data[ 'text' ] + return to + +class Rule( object ): + + ruleId = None # Rule ID string + event = None # Event Enum + operation = None # Operation name (bro module name) + action = None # Action Enum + parameters = {} # Dictionary of parameters: type as a key, list of values + conditions = {} # Dictionary of conditions: type as a key, list of values + + def __init__( self, data ): + self.ruleId = data[ 'id' ] + self.hspl = parseHSPL( data[ 'hspl' ] ) + self.event = parseEventEnum( data[ 'event' ] ) + self.action = parseActionEnum( data[ 'action' ] ) + self.operation = data[ 'operation' ] + self.parameters = parseMultiValueDictionary( data[ 'parameters' ] ) + self.conditions = parseMultiValueDictionary( data[ 'conditions' ] ) + +def load( filename ): + out = [] + with open( filename, 'r' ) as data_file: + data = json.load( data_file ) + rules = data[ 'rules' ] + for rule in rules: + out.append( Rule( rule ) ) + return out diff --git a/PSA/DEBUG.md b/PSA/DEBUG.md new file mode 100644 index 0000000..5a6c6cf --- /dev/null +++ b/PSA/DEBUG.md @@ -0,0 +1,81 @@ +# Adding extra Bro scripts + +This document describes how to load user defined Bro NSM scripts on Bro PSA. +Since BroPSA loads scripts dynamically, normal Bro configuration files +cannot be used (easily) for debugging, e.g., for redefining variables. This +document describes two approaches of adding such Bro scripts. + +Examples in this document consider adding a local repository of file hashes for +the 'detect-MHR' module. This feature can be used, e.g., for testing. Normally, +these file hashes can be added simply by redefining the bro variable +MHR::local_hashes as shown in the example below. However, because of BroPSA's +dynamic module loading, this is not possible. + +## Option 1: Using pre- and post-init scripts + +BroPSA allows users to define Bro scripts that are loaded before or after the +actual BroPSA module Bro scripts are loaded. Pre- and post-init scripts must be +placed on files called *modules/pre-init.bro* or *modules/post-init.bro*, +respectively. If either of these files exist when BroPSA's configuration is set, +then it will be automatically added into the BroPSA's Bro configuration. + +**Example**: + +Create file *modules/post-init.bro* with the following content and then start +BroPSA normally: + +``` +redef ignore_checksums = T; +redef tcp_max_initial_window = 0; +redef tcp_max_above_hole_without_any_acks = 0; +redef tcp_excessive_data_without_further_acks = 0; + +redef MHR::local_hashes += { [ "afba7d3f3addd136afb4b13a49703e979fb4f590" ] + = [ $kind="sha1", $description="detected T170.pdf" ], + [ "f2e5efd7b47d1fb5b68d355191cfed1a66b82c79" ] + = [ $kind="sha1", $description="detected 7z1514.exe" ] }; +``` + +## Option 2: Using BroLoader-module + +BroLoader-module is a dummy BroPSA module that does not do anything else, but +triggers a Bro script file called modules/config.bro to be loaded. This script +file can be used to load certain Bro scripts dynamically. Compared to using pre- +and post-init scripts BroLoader-module offers extra flexibility: it can be used +to load Bro scripts between BroPSA modules, not just before or after all the +modules are loaded. Since BroLoader is a normal BroPSA module, it is loaded +according to the load order defined by the BroPSA's configuration file. + + +**Example**: +Create file *modules/config.bro* with the following content: + +``` +redef ignore_checksums = T; +redef tcp_max_initial_window = 0; +redef tcp_max_above_hole_without_any_acks = 0; +redef tcp_excessive_data_without_further_acks = 0; + +redef MHR::local_hashes += { [ "afba7d3f3addd136afb4b13a49703e979fb4f590" ] + = [ $kind="sha1", $description="detected T170.pdf" ], + [ "f2e5efd7b47d1fb5b68d355191cfed1a66b82c79" ] + = [ $kind="sha1", $description="detected 7z1514.exe" ] }; +``` + +Add a new rule to *psaConfig/psaconf* after any rules related to the +'detect-MHR' module (e.g. as the last rule). This rule will cause +*modules/config.bro* file to be loaded. Start BroPSA normally. + +``` + { "id": "load-config", + "hspl": { + "id": "-", + "text": "-" + }, + "event": "EVENT_FILE", + "operation": "load-config", + "parameters": [ ], + "action": "log", + "conditions": [] + } +``` diff --git a/PSA/ModuleLoader.py b/PSA/ModuleLoader.py new file mode 100644 index 0000000..5bba03a --- /dev/null +++ b/PSA/ModuleLoader.py @@ -0,0 +1,69 @@ +# -*- Mode:Python;indent-tabs-mode:nil; -*- +# +# ModuleLoader.py +# +# Loads python modules. +# +# Author: jju / VTT Technical Research Centre of Finland Ltd., 2016 +# + +import os +import json +import logging + +# Modules filename +moduleFile = None + +def init( filename ): + global moduleFile + moduleFile = filename + +def _loadModule( path ): + """ + First converts 'path' from file path representation to + Python module name, i.e., removes file extension, converts + slashes to dots, and removes . or .. from the start of the + path if any (thus, paths will be relative to this directory). + """ + path = path.strip() + path = os.path.normpath( path ) + if path.endswith( '.py' ): + path = path[:-3] + changed = True + while changed: + changed = False + while path.startswith( '.' ): + path = path[1:] + changed = True + while path.startswith( '/' ): + path = path[1:] + changed = True + name = path.replace( '/', '.' ) + logging.info( 'Loading: ' + name ) + module = __import__( name, fromlist=[ '' ] ) + return getattr( module, 'module' ) + + +def load( name ): + """ + Loads a module by name 'name' if one is listed in the + modules file. Returns content of the variable called 'module' + which should contain the module class declaration. If anything + goes wrong, None is returned. + """ + logging.info( 'Searching module: ' + moduleFile ) + try: + with open( moduleFile, 'r' ) as config: + data = json.load( config ) + modules = data[ 'modules' ] + for module in modules: + moduleName = module[ 'name' ] + logging.info( 'Scanning: ' + moduleName ) + if moduleName == name: + logging.info( 'Found module: ' + name + + ' (' + module[ 'module' ] + ')' ) + return _loadModule( module[ 'module' ] ) + except Exception as e: + logging.warning( 'Module loading failed: ' + str( e ) ) + + return None diff --git a/PSA/README.md b/PSA/README.md new file mode 100644 index 0000000..077e397 --- /dev/null +++ b/PSA/README.md @@ -0,0 +1 @@ +# Bro PSA diff --git a/PSA/boot_psa.sh b/PSA/boot_psa.sh new file mode 100644 index 0000000..6560168 --- /dev/null +++ b/PSA/boot_psa.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +if [ -z "$PSA_HOME" ]; then + echo "error: 'PSA_HOME' is not set." >&2 + exit 1 +fi + +if [ ! -d "$PSA_HOME" ]; then + echo "error: 'PSA_HOME' is not a valid directory." >&2 + exit 1 +fi + +ip=$(ifconfig eth0 | grep "inet addr" | awk '{print $2}' | cut -d: -f2) +gunicorn -k gevent -b $ip:8080 --log-file $PSA_HOME/GUNICORN.log --log-level debug psaEE:app & diff --git a/PSA/boot_script_psa b/PSA/boot_script_psa new file mode 100644 index 0000000..963536f --- /dev/null +++ b/PSA/boot_script_psa @@ -0,0 +1,23 @@ +#!/bin/bash + +# Place this in /etc/network/if-up.d/ + +PSA_HOME="/home/psa" + +if [ -z "$PSA_HOME" ]; then + echo "error: 'PSA_HOME' is not set." >&2 + exit 0 +fi + +if [ ! -d "$PSA_HOME" ]; then + echo "error: 'PSA_HOME' is not a valid directory." >&2 + exit 0 +fi + +[ "$IFACE" = 'eth2' ] || exit 0 + +ifconfig eth2 mtu 1496 +dhclient -1 eth2 +cd $PSA_HOME/pythonScript +ip=$(ifconfig eth2 | grep "inet addr" | awk '{print $2}' | cut -d: -f2) +gunicorn -k gevent -b $ip:8080 --log-file $PSA_HOME/GUNICORNz.log --log-level debug psaEE:app & diff --git a/PSA/dumpLogFile.py b/PSA/dumpLogFile.py new file mode 100644 index 0000000..c07a199 --- /dev/null +++ b/PSA/dumpLogFile.py @@ -0,0 +1,30 @@ +# -*- Mode:Python;indent-tabs-mode:nil; -*- +# + +''' + File: dumpLogFile.py + Description: + REST resource to dump content of the log file from the PSC + For development purpose only! Disable this in production (TBD) + +''' + +import falcon +#import json +import logging +import sys + +class dumpLogFile(): + def __init__(self): + pass + + def on_get(self, req, resp): + try: + in_file = open("PSA.log","r") + log = in_file.read() + in_file.close() + resp.status = falcon.HTTP_200 + resp.body = log + except Exception as e: + logging.exception(sys.exc_info()[0]) + resp.status = falcon.HTTP_501 diff --git a/PSA/execInterface.py b/PSA/execInterface.py new file mode 100644 index 0000000..a6300c3 --- /dev/null +++ b/PSA/execInterface.py @@ -0,0 +1,248 @@ +# -*- Mode:Python;indent-tabs-mode:nil; -*- +# +# File: execInterface.py +# Created: 27/08/2014 +# Author: BSC, VTT +# Modified: 2016 +# Author: VTT, jju, jk +# +# Description: +# Web service running on the PSA receiving the +# configuration for the PSA from the PSC +# +# + +import falcon +import requests +import logging +import json +import sys +import subprocess +import datetime + +from BroManager import BroManager + +# Bro instance: +bro = None + +class execInterface(): + + def __init__ ( self, home, configsPath, scriptsPath, psaLogLocation, psaID, pscAddr, psaAPIVersion ): + self.psaHome = home + self.confsPath = configsPath + self.scripts_path = scriptsPath + self.log_location = psaLogLocation + self.psaID = psaID + self.pscAddr = pscAddr + self.psaAPI = psaAPIVersion + + def on_post( self, request, response, command ): + print "onPost" + try: + res = {} + res[ "command" ] = command + if command == "init": + # receive the configuration, or init package + script_file = self.confsPath + "/psaconf" + fp=open(script_file, 'wb') + while True: + chunk = request.stream.read(4096) + fp.write(chunk) + if not chunk: + break + fp.close() + + # Make script executable for current user + # hazardous.. we're root + #st = os.stat(script_file) + #os.chmod(script_file, st.st_mode | stat.S_IEXEC) + + # Run the init.sh and return it's return value + res["ret_code"] = str(self.callInitScript()) + logging.info("PSA "+self.psaID+" configuration registered") + elif command == "start": + res["ret_code"] = str(self.callStartScript()) + elif command == "stop": + res["ret_code"] = str(self.callStopScript()) + else: + logging.info("POST: unknown command: " + command) + response.status = falcon.HTTP_404 + return + + response.body = json.dumps(res) + response.status = falcon.HTTP_200 + response.set_header("Content-Type", "application/json") + + except Exception as e: + logging.exception( sys.exc_info()[0] ) + response.status = falcon.HTTP_501 + + def on_get(self, request, response, command): + try: + res = {} + res["command"] = command + if command == "status": + res["ret_code"] = self.callStatusScript().replace("\n", "") + elif command == "configuration": + res["ret_code"] = self.callGetConfigurationScript() + elif command == "internet": + res["ret_code"] = self.callGetInternetScript() + elif command == "log": + # Return PSA log or 501 + log = self.callGetLogScript() + if log != None: + response.body = log + response.status = falcon.HTTP_200 + response.set_header("Content-Type", "text/plain; charset=UTF-8") + else: + response.status = falcon.HTTP_501 + return + elif command == 'brolog': + log = self.callGetBroLogScript() + if log != None: + response.body = log + response.status = falcon.HTTP_200 + response.set_header("Content-Type", "text/plain; charset=UTF-8") + else: + response.status = falcon.HTTP_501 + return + else: + logging.info("GET: unknown command: " + command) + response.status = falcon.HTTP_404 + return + + response.body = json.dumps(res) + response.status = falcon.HTTP_200 + response.set_header("Content-Type", "application/json") + except Exception as e: + logging.exception(sys.exc_info()[0]) + response.status = falcon.HTTP_501 + + def callInitScript( self ): + global bro + logging.info ("callInitScript()" ) + + if bro != None: + bro.stopBro() + del bro + + bro = BroManager( self.psaHome, self ) + bro.loadConfig( self.confsPath + "/psaconf" ) + + #ret = subprocess.call([ self.scripts_path + 'init.sh']) + #return ret + + logging.info( 'BroManager initialized: %r' % ( bro != None ) ) + + return 0 + + def callStartScript( self ): + logging.info( "callStartScript()" ) + + if bro == None: + logging.critical( 'BroManager instance not found.' ) + self.callInitScript() + + try: +# bro.start() + try: + bro.connect() + logging.info( 'Bro is already running.' ) + return 0 + except IOError as e: + logging.info( 'No running instances of Bro found.' ) + bro.startBro() + logging.info( 'Bro is running.' ) + return 0 + except Exception as e: + logging.critical( 'Fatal error while connecting to Bro' ) + logging.critical( e ) + +# ret = subprocess.call([ self.scripts_path + 'start.sh']) +# return ret + return 1 + + def callStopScript( self ): + logging.info( "callStopScript()" ) + + if bro != None: + bro.stopBro() + logging.info( 'Bro stopped.' ) + else: + logging.info( 'Bro is not running.' ) + +# ret = subprocess.call([ self.scripts_path + 'stop.sh']) +# return ret + + return 0 + + def callStatusScript( self ): + proc = subprocess.Popen( [ self.scripts_path + 'status.sh' ], + stdout = subprocess.PIPE, + shell = True ) + ( out, err ) = proc.communicate() + return out + + def callGetConfigurationScript( self ): + logging.info( "callGetConfigurationScript()" ) + proc = subprocess.Popen( [ self.scripts_path + 'current_config.sh' ], + stdout = subprocess.PIPE, + shell = True ) + ( out, err ) = proc.communicate() + return out + + def callGetInternetScript (self ): + logging.info( "callGetInternetScript()" ) + proc = subprocess.Popen( [ self.scripts_path + 'ping.sh' ], + stdout = subprocess.PIPE, + shell = True ) + ( out, err ) = proc.communicate() + return out + + def callGetLogScript( self ): + logging.info( "callGetLogScript()" ) + try: + filename = self.confsPath + "/bro.log" + #filename = self.log_location + with open( filename, "r" ) as f: + return f.read() + except Exception as e: + logging.exception( sys.exc_info()[0] ) + return None + + def get_client_address( self, environ ): + try: + return environ[ 'HTTP_X_FORWARDED_FOR' ].split( ',' )[ -1 ].strip() + except KeyError: + return environ[ 'REMOTE_ADDR' ] + + def callGetBroLogScript( self ): + logging.info( "callGetBroLogScript()" ) + try: + filename = self.confsPath + "/bro.log" + with open( filename, "r") as f: + return f.read() + except Exception as e: + logging.exception( sys.exc_info()[ 0 ] ) + return None + + def onEvent( self, logEntry ): + filename = self.confsPath + "/bro.log" + line = str( datetime.datetime.utcnow() ) + ': ' + logEntry + with open( filename, "a" ) as logFile: + logFile.write( line ) + + def onNotifyEvent( self, policy, title, info): + self.sendPsaEvent(policy, title, info) + + def sendPsaEvent(self, policy, title, info): + logging.info( "sendPsaEvent()" ) + header = {"Content-Type": "application/json"} + ev = {"psa_id": self.psaID, "event_title": title, "event_body": info, "extra_info": policy, "hspl_id": "", "mspl_id": ""} + url = self.pscAddr + "/" + self.psaAPI + "/psaEvent/" + self.psaID + + try: + requests.post(url, data=json.dumps(ev), headers=header) + except Exception as e: + logging.exception( sys.exc_info()[ 0 ] ) + diff --git a/PSA/getConfiguration.py b/PSA/getConfiguration.py new file mode 100644 index 0000000..b1c647c --- /dev/null +++ b/PSA/getConfiguration.py @@ -0,0 +1,124 @@ +# -*- Mode:Python;indent-tabs-mode:nil; -*- +# +# File: getConfiguration.py +# Created: 05/09/2014 +# Author: BSC + +# Modified: 29/10/2015 +# Author: VTT +# +# Description: +# Web service running on the PSA interacting with the PSC +# +# + +import json +import requests +import logging +from psaExceptions import psaExceptions +import subprocess +import base64 + +class getConfiguration(): + + #def __init__(self, pscAddr, configsPath, confID, psaID): + def __init__(self, pscAddr, configsPath, scriptsPath, psaID, psaAPIVersion): + self.pscAddr = pscAddr + self.configsPath = configsPath + self.scripts_path = scriptsPath + #self.confID = confID + self.psaID = psaID + self.psaAPI = psaAPIVersion + + def send_start_event(self): + logging.info("PSA: send_start_event") + logging.info("PSA: "+self.psaID+" calling PSC") + resp = requests.get(self.pscAddr + "/" + self.psaAPI + "/psa_up/" + self.psaID) + logging.info("PSA: "+self.psaID+" calling PSC done") + return resp.content + + def pullPSAconf( self, execIf ): + + header = {'Content-Type':'application/octet-stream'} + + #resp = requests.get(self.pscAddr+"/getConf/"+self.psaID+"/"+self.confID, headers=header) + resp = requests.get(self.pscAddr + "/" +self.psaAPI + "/getConf/"+self.psaID, headers=header) + + # NOTE: pylint will complain about 'requests.codes.ok' since it has no + # way of knowning statically that it exists as request.codes is + # contructed dynamically. + + if resp.status_code == requests.codes.ok: # pylint: disable=E1101 + #fp=open(self.configsPath+"/"+self.confID,'wb') + #fp=open(self.configsPath+"/"+self.psaID,'wb') + # We don't have multiple security controls inside one PSA image at the moment. + json_config = False + try: + conf = json.loads(resp.content) + logging.info("PSA JSON conf received:") + logging.info(conf) + # Handle different config formats + if conf["conf_type"] == "base64": + decoded_conf = base64.b64decode(conf["conf"]) + elif conf["conf_type"] == "text": + decoded_conf = conf["conf"] + else: + # Use default format, presume text. + decoded_conf = conf["conf"] + json_config = True + except Exception as e: + logging.info("Could not load JSON config, reverting to old text format") + decoded_conf = resp.content + + fp=open(self.configsPath+"/psaconf", 'wb') + fp.write(decoded_conf) + fp.close() + +# self.callInitScript() + execIf.callInitScript() + if json_config: + self.enforceConfiguration(conf) + + logging.info("PSA "+self.psaID+" configuration registered") + return resp.content + else: + logging.error("Bad configuration request for PSA "+self.psaID) + raise psaExceptions.confRetrievalFailed() + + + # header = {'Accept':'application/octet-stream', 'Content-Type':'application/octet-stream'} + # resp = requests.get(self.pscAddr+"/getConfiguration/"+self.confURI, data={}, headers=header) + # if (resp.status_code != 200): + # msg = "PSC is not able to provide the conf for: [PSAid] " + self.psaID + ", [confURI] " + self.confURI + # raise psaExceptions.confRetrievalFailed(msg) + + # TODO check script validity + #return resp.text + + #TODO: this should be the same as in execInterface.py!!! +# def callInitScript(self): +# logging.info("callInitScript()") +# ret = subprocess.call(['.' + self.scripts_path + 'init.sh']) +# return ret + + def enforceConfiguration(self, jsonConf): + req_keys = ("IP", "dns", "netmask", "gateway") + has_req = False + if all (key in jsonConf for key in req_keys): + has_req = True + + if has_req: + logging.info("PSA requires IP, configuring...") + ip = jsonConf["IP"] + dns = jsonConf["dns"] + netmask = jsonConf["netmask"] + gateway = jsonConf["gateway"] + logging.info("ip: " + str(ip)) + logging.info("gateway: " + str(gateway)) + logging.info("dns: " + str(dns)) + logging.info("netmask: " + str(netmask)) + ret = subprocess.call( [ self.scripts_path + 'ip_conf.sh', ip, gateway, dns, netmask ] ) + #ret = subprocess.call(['.' + self.scripts_path + 'ip_conf.sh', ip, gateway, dns, netmask]) + logging.info("Result of setting config: " + str(ret)) + else: + logging.info("PSA doesn't require IP, skipping configuration.") diff --git a/PSA/interfaces b/PSA/interfaces new file mode 100644 index 0000000..ccf3246 --- /dev/null +++ b/PSA/interfaces @@ -0,0 +1,32 @@ +# PSA interface file +# Place this in /etc/network in your PSA image template + +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +# The loopback network interface +auto lo br0 eth2 +iface lo inet loopback + +# The primary network interface + +iface eth0 inet manual +iface eth1 inet manual +#iface eth2 inet dhcp +iface eth2 inet manual + +iface br0 inet manual + pre-up ip link set eth0 down + pre-up ip link set eth1 down + pre-up brctl addbr br0 + pre-up brctl addif br0 eth0 eth1 + pre-up ip addr flush dev eth0 + pre-up ip addr flush dev eth1 + pre-up ip link set eth0 up + pre-up ip link set eth1 up + pre-up ip link set br0 up + post-down ip link set eth0 down + post-down ip link set eth1 down + post down ip link set br0 down + post-down brctl delif br0 eth0 eth1 + post-down brctl delbr br0 diff --git a/PSA/json/psaStartup.json b/PSA/json/psaStartup.json new file mode 100644 index 0000000..846d571 --- /dev/null +++ b/PSA/json/psaStartup.json @@ -0,0 +1,9 @@ +{ + + "name": "psa_startup_file", + "user_token": "token1", + "psaID": "12345", + "pscAddr": "http://127.0.0.1:4321", + "confURI": "12345" + +} diff --git a/PSA/modules.json b/PSA/modules.json new file mode 100644 index 0000000..a31322f --- /dev/null +++ b/PSA/modules.json @@ -0,0 +1,16 @@ +{ + "modules": [ + { + "name": "count", + "module": "modules/Count.py" + }, + { + "name": "detect-MHR", + "module": "modules/MHR.py" + }, + { + "name": "load-config", + "module": "modules/BroLoader.py" + } + ] +} diff --git a/PSA/modules/BroEventDispatcher.py b/PSA/modules/BroEventDispatcher.py new file mode 100644 index 0000000..5bc0cb9 --- /dev/null +++ b/PSA/modules/BroEventDispatcher.py @@ -0,0 +1,41 @@ +# -*- Mode:Python;indent-tabs-mode:nil; -*- +# +# BroEventDispatcher.py +# +# A simple event dispatcher. +# +# Author: jju / VTT Technical Research Centre of Finland Ltd., 2016 +# + +import logging + +callbacks = { } + +def init(): + pass + +def register( key, obj ): + """ + Register a callback for key 'key' + """ + global callbacks + callbacks[ key ] = obj + +def unregister( key ): + """ + Unregisters callback for key 'key' + """ + global callbacks + del callbacks[ key ] + +def dispatch( key, data ): + """ + Dispatch event 'data' to the callback registered for key 'key' + """ + global callbacks + try: + cb = callbacks[ key ] + if cb != None: + cb.onEvent( data ) + except Exception as e: + logging.warning( 'No dispatcher for key: ' + key + ': ' + str( e ) ) diff --git a/PSA/modules/BroLoader.py b/PSA/modules/BroLoader.py new file mode 100644 index 0000000..f97aeb7 --- /dev/null +++ b/PSA/modules/BroLoader.py @@ -0,0 +1,33 @@ +# -*- Mode:Python;indent-tabs-mode:nil; -*- +# +# BroLoader.py +# +# A dummy module that loads config.bro file +# +# The rule for this module should be the las one in the list! +# +# Author: jju / VTT Technical Research Centre of Finland Ltd., 2016 +# + +from modules.BroModule import BroModule + +class BroLoaderModule( BroModule ): + + rules = { } + + def __init__( self, logger ): + super( BroLoaderModule, self ).__init__( 'config.bro', logger ) + + def onStart( self, connection ): + super( BroLoaderModule, self ).onStart( connection ) + + def onStop( self ): + super( BroLoaderModule, self ).onStop() + + def onRule( self, rule ): + return True + + def onEvent( self, data ): + pass + +module = BroLoaderModule diff --git a/PSA/modules/BroModule.py b/PSA/modules/BroModule.py new file mode 100644 index 0000000..1a7e0b0 --- /dev/null +++ b/PSA/modules/BroModule.py @@ -0,0 +1,73 @@ +# -*- Mode:Python;indent-tabs-mode:nil; -*- +# +# BroModule.py +# +# A parent interface for all Bro modules. +# +# Each Bro module should define the functions declared in the +# BroModule class. Futhremore, each module must define module +# variable 'module' that contains the BroModule class defined +# in the module. The module variable is used by the BroManager +# to instantiate the module object. +# +# Any Bro event handlers (@event) should be registered to +# BroEventDispacther. This dispatcher is used to circument the fact +# that Broccoli Python interface expects the event handler to be +# a module function (not a class memeber). +# +# Author: jju / VTT Technical Research Centre of Finland Ltd., 2016 +# + + +# NOTE: any communication with Bro should only happen if Bro +# is running, i.e., the module is in state 'Started'! Otherwise +# Gunicorn worker will boot unexpectably. + +class BroModule( object ): + + class State( object ): + Started, Stopped = range( 2 ) + + broScript = None # Bro scrip's filename + enabled = False # If the module is enabled currently + connection = None # Bro connection for sending events + state = State.Stopped # Modules current state + logger = None # Logger to send log events to + + def __init__( self, filename, logger ): + self.broScript = filename + self.logger = logger + + def onRule( self, rule ): + """ + Add a single configuration rule to module + """ + return False + + def onStart( self, connection ): + """ + Called when Bro is started. + + Bro is already running when this callback is called. The callback + should be used to pass rule information to modules .bro script. + """ + self.connection = connection + self.state = self.State.Started + + def onStop( self ): + """ + Called when Bro is being stopped. + + This callback should be used to perform any cleanup actions necessary. + """ + + self.state = self.State.Stopped + + def onEvent( self, event ): + """ + Called if a Bro event is dispatched to this module. + """ + pass + +# Example module variable definition: +#module = BroModule diff --git a/PSA/modules/CertValidation.bro b/PSA/modules/CertValidation.bro new file mode 100644 index 0000000..b8063eb --- /dev/null +++ b/PSA/modules/CertValidation.bro @@ -0,0 +1,114 @@ +# -*- Mode:Bro;indent-tabs-mode:nil;-*- +# +# CertValidation.bro +# +# Certificate Validation module +# +# Heavily based on validate-certs.bro script +# +# Author: sl / VTT / 2016 +# + +@load ./psa-utils +@load protocols/ssl/validate-certs + +module CVModule; + +export { + + redef enum Log::ID += { LOG }; + + type Info: record { + ts: time &log; # Timestamp + op: string &log; # Type of event + id: string &log; # Name of the rule + }; + +event on_cv_config( req: CVConfigRecord ) { + Log::write( CVModule::LOG, + [ $ts = network_time(), + $id = req$op, + $msg = ( req?$mime ? req$mime : "-" ) ] ); + + # Possibly setting up some root certs to trust + + switch ( req$op ) { + case "add": # Add a root cert + break; + default: # Invalid operation + return; + } +} + + +# this event occurs whenever a SSL connection is established +event ssl_established( c: connection ) &priority=3 +{ + logging.info("SSL established!"); + + local cert = c$ssl$cert_chain[0]$x509$certificate; + + local id = ""; + local hashes = ""; + for ( i in c$ssl$cert_chain ) + { + if ( i > 0 ) + hashes += " "; + hashes += c$ssl$cert_chain[i]$sha1; + + } + local name = c$ssl$cert_chain[0]$x509$certificate$subject; + local message = c$ssl$validation_status; + logging.info( id + " \"" + name + "\" " + hashes + " \"" + message + "\""; + + send_log_event( id, name, hashes, msg ); +} + +# A log event for cert validations. + +type CVLogRecord: record { + id: string; # Operation ID + ts: string; # time + hashes: string; # Cert hashes of the whole chain + name: string; # Cert subject + msg: string; # Trusted, expired or some other reason. +}; + +# Event handler: + +global cv_log: event( data: CVLogRecord ); + +# Auxilliary function to formatting and sending CVLogRecords: + +function send_log_event( id: string, name: string, hashes: string, msg: string ) +{ + local source = ""; + + local rec: CVLogRecord; + rec$ts = network_time(); + rec$id = id; + rec$hashes = hashes; + rec$name = name; + rec$msg = msg; + + event cv_log( rec ); +} + + +event bro_init() &priority=9 +{ + if ( !Log::create_stream( LOG, [ $columns=Info ] ) ) + { + print "CertValidation.bro: Log creation failed!"; + } + + Log::write( CVModule::LOG, + [ $ts = network_time(), + $id = "Init", + $msg = "" ] ); + + PSA::subscribe_events( /on_cv_config/ ); + PSA::subscribe_events( /ssl_established/ ); +} + +} diff --git a/PSA/modules/CertValidation.py b/PSA/modules/CertValidation.py new file mode 100644 index 0000000..9511802 --- /dev/null +++ b/PSA/modules/CertValidation.py @@ -0,0 +1,65 @@ + +# -*- Mode:Python;indent-tabs-mode:nil; -*- +# +# CertValidation.py +# +# Implements a certificate chain verification module that utilises +# validate-certs.bro +# + +import logging + +from broccoli import event, record_type, record +from modules.BroModule import BroModule + +# Log event: +CVLogRecord = record_type( 'id', # Operation ID + 'ts', # When the cert was detected + 'hashes', # Cert hashes + 'name', # Cert subject + 'msg' ) # Message (Trusted/expired/etc) + +# Key for receiving Bro events. +CVModuleKey = 'CVModuleEvent' + + +class CVModule( BroModule ): + + def __init__( self, logger ): + super( CVModule, self ).__init__( 'CertValidation.bro', logger ) + logging.info( 'CVModule init' ); + + def onStart( self, connection ): + super( CVModule, self ).onStart( connection ) + + def onStop( self ): + super( CVModule, self ).onStop() + + def onRule( self, rule ): + logging.info( 'Rule received' ); + + def _sendRule( ): + logging.info( 'Passing rule to bro' ); + + def _log_event( self, data ): + + try: + fmt = "[%s] %s (%s: %s): %s\n" + line = fmt % ( data.ts, + data.id, + data.name, + data.hashes, + data.msg ) + + self.logger.onEvent( line ) + except Exception as e: + logging.error( e ) + +# Dispatching events: +@event(CVLogRecord) +def cv_log( data ): + logging.info( "Event: Certificate validated" ) + BroEventDispatcher.dispatch( CVModuleKey, data ) + + +module = CVModule diff --git a/PSA/modules/Count.py b/PSA/modules/Count.py new file mode 100644 index 0000000..c306f7f --- /dev/null +++ b/PSA/modules/Count.py @@ -0,0 +1,463 @@ +# -*- Mode:Python;indent-tabs-mode:nil; -*- +# +# Count.py +# +# Implements a count module that communicates with ccount.bro +# +# Author: jju / VTT Technical Research Centre of Finland Ltd., 2016 +# + +import logging +from collections import deque +import calendar +import time +import uuid + +from broccoli import event, record_type, record, addr, port, count +from modules.BroModule import BroModule +import modules.BroEventDispatcher as BroEventDispatcher + +# Record used to pass configuration rules to bro +CountConfigRecord = record_type( 'op', # Operation: src_addr, src_port, + # dst_addr, or dst_port + 'id', # Rule ID + 'address', # Address to match: IP or + # hostname, or an empty if only + # port is matched) + 'service' ) # Port to match (0/tcp if only + # address is matched) +# Bro's response record +CountReportRecord = record_type( 'rule', # Rule ID of matching rule + 'ts', # Start time of the period + 'num_occurences', # Number of events occured + 'first_occurence', # Timestamp of first occurence + 'last_occurence', # Timestamp of last occurence + 'period' ) # Duration of the period (in seconds) + +# Bro's record for indicating end of a measurement period (all records sent) +CountPeriodRecord = record_type( 'ts', # Start time of the period + 'period' ) # Duration of the period in seconds + +CountModuleKey = 'CountModuleEvent' + +class BroRule( object ): + + ruleId = None + rule = None + op = None + address = None + service = None + counter = None + + def __init__( self ): + pass + + def record( self ): + rec = record( CountConfigRecord ) + rec.op = str( self.op ) + rec.id = str( self.ruleId ) + rec.address = str( self.address ) + rec.service = port( str( self.service ) + '/tcp' ) + return rec + +# Bro summaries a produced in measurement period of one minute. +# An object of this counter class is used to combine measurements +# of several adjacent perioids with each other. + +# NOTE: because of how Bro SumStats works, reports are sent immediately +# when the reporting threshold is exceed: this may mean, that the reported +# count does not sum all the counts of that period. In addition, if the +# reporting period is longer than one minute, the same events may cause +# multiple log entries to be reported, as the counter simply sums counts +# of all periods fitting into the interval. +# +# Fixing these issues would require: +# a) an event to be generated even if there is no events during the period. +# This event should preferably come from bro (SumStats) as otherwise +# (e.g. using a timer in Python) there is no way to know if there was no +# event, or we are just experiencing a delay. +# b) another option to fix this could be to always record log entries when the +# interval has ended: at counter tick (or sometimes using a watchdog if +# there have not been any events for a certain (long) period), before +# discarding old periods, we could check if there is a full interval +# (i.e., collected periods before the new timestamp form an interval) +# and trigger a log event for that and possible the new interval. + +class Counter( object ): + + DEFAULT_INTERVAL = 60 + DEFAULT_THRESHOLD = 1 + + interval = DEFAULT_INTERVAL + threshold = DEFAULT_THRESHOLD + occurences = 0 + queue = None + + def __init__( self, iv, th ): + self.interval = iv + self.threshold = th + self.queue = deque() + + def tick( self, ts, period, count ): + if self.queue: + if ts == self.queue[ -1 ][ 0 ]: + # Already handled (i.e. end-of-period report, when + # there was also a count report this period) + if self.queue[ -1 ][ 2 ] != count and count != 0: + logging.error( 'Invalid state: may have missed a count report' ) + return None + + self.occurences += count + self.queue.append( ( ts, period, count ) ) + + events = [] + + # Is it possible, that we have an event? + if self.occurences > 0 and self.occurences >= self.threshold: + # Yes, lets iterate over the queue to find all events: + m = len( self.queue ) + for i in range( 0, m ): + item = self.queue[ i ] + start = item[ 0 ] + end = start + self.interval + # Is there a full interval? + if end <= ts + period: + # Yes, lets count it's occurences + c = 0 + for j in range( i, m ): + n = self.queue[ j ] + if n[ 0 ] + n[ 1 ] <= end: + c += n[ 2 ] + else: + break + + # and make an event, if they exceed the threshold: + if c >= self.threshold: + events.append( ( c, self.interval, start ) ) + else: + break + + # Let's remove all periods that are reported or cannot macth + # any new intervals: + self.trim( ts + period - self.interval ) + + return events + + def trim( self, ts ): + while self.queue: + item = self.queue[ 0 ] + if item[ 0 ] <= ts: + self.occurences -= item[ 2 ] + self.queue.popleft() + else: + break + + def reset( self ): + self.occurences = 0 + self.queue.clear() + +class CountModule( BroModule ): + + rules = { } # BroRule (not Rule) objects! + + def __init__( self, logger ): + super( CountModule, self ).__init__( 'ccount.bro', logger ) + BroEventDispatcher.register( CountModuleKey, self ) + + def onStart( self, connection ): + super( CountModule, self ).onStart( connection ) + self.reset( False ) + self._sendAllRules() + + def onStop( self ): + super( CountModule, self ).onStop() + + def _sendRule( self, rule ): + """ + Send a single rule to bro module + """ + try: + rec = rule.record() + logging.info( 'Passing rule to Bro: ' + rec.id ) + self.connection.send( 'on_count_config', rec ) + except Exception as e: + logging.warning( 'Config exception for rule: ' + rule.ruleId + + ' (' + rule.rule.ruleId + ')' ) + logging.exception( e ) + + def _sendAllRules( self ): + for key, rule in self.rules.iteritems(): + self._sendRule( rule ) + + def _addRule( self, rule, broRule ): + + broRule.ruleId = str( uuid.uuid4().hex ) + logging.info( 'Generated ID for BroRule: ' + broRule.ruleId + + ' (' + rule.ruleId + ')' ) + self.rules[ broRule.ruleId ] = broRule + broRule.rule = rule + + # Only send rules if connected to Bro + if self.state == BroModule.State.Started: + self._sendRule( broRule ) + #return True + + def onRule( self, rule ): + """ + Parses rules to Bro module's format. + """ + + # TODO: currently only supports one condition per rule + # => otherwise rule will be split to many conditions! + + # TODO: currently only supports tcp-ports. Broccoli does not + # support 'port/unkown'. This is compensated in the bro + # module by converting all ports 0/tcp to 0/unknown. + iv = Counter.DEFAULT_INTERVAL + if 'interval' in rule.conditions: + items = rule.conditions[ 'interval' ] + if len ( items ) > 1 : + logging.error( "Rule may only have at most one 'interval' condition." ) + return False + iv = int( items[ 0 ] ) + + if iv % 60 != 0: + logging.warning( "Only intervals multiple of one minute are supported!" ) + new = iv + 60 - iv % 60 + logging.info( "Using the next multiple (" + str( new ) + " seconds)" + + " instead of " + str( iv ) + " seconds" ) + iv = new + + th = Counter.DEFAULT_THRESHOLD + if 'threshold' in rule.conditions: + items = rule.conditions[ 'threshold' ] + if len (items ) > 1 : + logging.error( "Rule may only have at most one 'threshold' condition." ) + return False + + th = int( items[ 0 ] ) + if th < 1 : + logging.error( "Invalid threshold: " + th ) + return False + + rv = False + + if 'source' in rule.conditions: + items = rule.conditions[ 'source' ] + for item in items: + service = 0 + if 'port' in item: + service = item[ 'port' ] + + b = BroRule() + b.counter = Counter( iv, th ) + b.op = 'src_addr' + b.address = item[ 'address' ] + b.service = service + self._addRule( rule, b ) + rv = True + #return self._addRule( rule, b ) + + if 'destination' in rule.conditions: + items = rule.conditions[ 'destination' ] + for item in items: + service = 0 + if 'port' in item: + service = item[ 'port' ] + + b = BroRule() + b.counter = Counter( iv, th ) + b.op = 'dst_addr' + b.address = item[ 'address' ] + b.service = service + self._addRule( rule, b ) + rv = True + #return self._addRule( rule, b ) + + if 'source_port' in rule.conditions: + items = rule.conditions[ 'source_port' ] + for item in items: + b = BroRule() + b.counter = Counter( iv, th ) + b.op = 'src_port' + b.address = '' + b.service = item[ 'port' ] + self._addRule( rule, b ) + rv = True + #return self._addRule( rule, b ) + + if 'destination_port' in rule.conditions: + items = rule.conditions[ 'destination_port' ] + for item in items: + b = BroRule() + b.counter = Counter( iv, th ) + b.op = 'dst_port' + b.address = '' + b.service = item[ 'port' ] + self._addRule( rule, b ) + rv = True + #return self._addRule( rule, b ) + + return rv + + + def reset( self, resetRules = True ): + # Only send rules if connected to Bro + if self.state == BroModule.State.Started: + b = BroRule() + b.rule = None + b.ruleId = 'reset' + b.op = 'reset' + b.address = '' + b.service = 0 + self._sendRule( b ) + if resetRules: + self.rules = { } + + def _formatLogEvent( self, broRule, status ): + rule = broRule.rule + ts = status[ 2 ] # end time + occurences = status[ 0 ] + period = broRule.counter.interval + + # There should be at most one matching condition for a BroRule! + + if broRule.op == 'src_addr': + if 'source' in rule.conditions: + items = rule.conditions[ 'source' ] + for item in items: + service = 'any' + if 'port' in item: + service = str( item[ 'port' ] ) + return ( ts, + rule.ruleId, + rule.hspl[ 'id' ], + occurences, + period, + 'source', + broRule.address, + broRule.service ) + #item[ 'address' ], + #service ) + else: + return None + + if broRule.op == 'dst_addr': + if 'destination' in rule.conditions: + items = rule.conditions[ 'destination' ] + for item in items: + service = 'any' + if 'port' in item: + service = str( item[ 'port' ] ) + return ( ts, + rule.ruleId, + rule.hspl[ 'id' ], + occurences, + period, + 'destination', + broRule.address, + broRule.service ) + #item[ 'address' ], + #service ) + else: + return None + + if broRule.op == 'src_port': + if 'source_port' in rule.conditions: + items = rule.conditions[ 'source_port' ] + for item in items: + return ( ts, + rule.ruleId, + rule.hspl[ 'id' ], + occurences, + period, + 'source_port', + 'any', + str( broRule.service ) ) + #str( item[ 'port' ] ) ) + else: + return None + + if broRule.op == 'dst_port': + if 'destination_port' in rule.conditions: + items = rule.conditions[ 'destination_port' ] + for item in items: + return ( ts, + rule.ruleId, + rule.hspl[ 'id' ], + occurences, + period, + 'destination_port', + 'any', + str( broRule.service ) ) + #str( item[ 'port' ] ) ) + else: + return None + + return None + + def onEvent( self, data ): + logging.info( "ts: " + str( int( data.ts ) ) ) + + if hasattr( data, 'rule' ): + self.onCountEvent( data ) + else: + self.onEndOfPeriod( data ) + + def onRuleFired( self, rule, status ): + logging.info( 'onEvent: ' + rule.ruleId + ' (' + rule.rule.ruleId + ')' ) + try: + ev = self._formatLogEvent( rule, status ) + if ev == None: + return + + fmt = "[%s] Rule '%s' (HSPL: %s) fired %d times within %d seconds: " \ + "on condition '%s' with address '%s' and port '%s'\n" + self.logger.onEvent( fmt % ev ) + except Exception as e: + logging.error( e ) + + def onCountEvent( self, data ): + try: + rule = self.rules[ data.rule ] + logging.info( "rule: " + rule.ruleId + " " + str( data.num_occurences ) ) + ts = int( data.ts ) + status = rule.counter.tick( ts, data.period, data.num_occurences ) + if status: + logging.info( "log events: " + str( len( status ) ) ) + # Rule fired! + for entry in status: + self.onRuleFired( rule, entry ) + else: + logging.debug( 'event not fired: status: ' + str( status ) ) + except Exception as e: + logging.error( e ) + + def onEndOfPeriod( self, data ): + try: + ts = int( data.ts ) + for key, rule in self.rules.iteritems(): + logging.info( "rule: " + rule.ruleId + " " + str( 0 ) ) + status = rule.counter.tick( ts, data.period, 0 ) + if status: + logging.info( "log events: " + str( len( status ) ) ) + # Rule fired! + for entry in status: + self.onRuleFired( rule, entry ) + else: + logging.debug( 'event not fired: status: ' + str( status ) ) + except Exception as e: + logging.error( e ) + +@event( CountReportRecord ) +def report_count( data ): + logging.info( 'Event: CountReportRecord' ) + BroEventDispatcher.dispatch( CountModuleKey, data ) + + +@event( CountPeriodRecord ) +def report_period( data ): + logging.info( 'Event: CountPeriodRecord' ) + BroEventDispatcher.dispatch( CountModuleKey, data ) + +module = CountModule diff --git a/PSA/modules/MHR.bro b/PSA/modules/MHR.bro new file mode 100644 index 0000000..f974e74 --- /dev/null +++ b/PSA/modules/MHR.bro @@ -0,0 +1,492 @@ +# -*- Mode:Bro;indent-tabs-mode:nil;-*- +# +# MHR.bro +# +# Detect file downloads that have hash values matching files in Team +# Cymru's Malware Hash Registry (http://www.team-cymru.org/Services/MHR/). +# +# Acknowledgement: this script is based on the Bro Cymru's Malware Hash Registry +# example script provided by the Bro Project. +# +# Author: jju / VTT Technical Research Centre of Finland Ltd., 2016 +# + +@load base/utils/files +@load base/utils/time +@load base/files/hash + +@load base/protocols/conn +@load base/protocols/dhcp +@load base/protocols/dnp3 +@load base/protocols/dns +@load base/protocols/ftp +@load base/protocols/http +@load base/protocols/irc +@load base/protocols/modbus +@load base/protocols/pop3 +@load base/protocols/radius +@load base/protocols/snmp +@load base/protocols/smtp +@load base/protocols/socks +@load base/protocols/ssh +@load base/protocols/ssl +@load base/protocols/syslog +@load base/protocols/tunnels + +@load base/frameworks/communication +@load base/frameworks/files +@load frameworks/files/hash-all-files + +@load ./psa-utils + +module MHR; + +export { + +# # File types to attempt matching against the Malware Hash Registry. +# const match_file_types = /application\/x-dosexec/ +# | /application\/vnd.ms-cab-compressed/ +# | /application\/pdf/ +# | /application\/x-shockwave-flash/ +# | /application\/x-java-applet/ +# | /application\/jar/ +# | /video\/mp4/ &redef; + + redef enum Log::ID += { LOG }; + + type Info: record { + ts: time &log; # Timestamp + id: string &log; + msg: string &log; + }; + + #global log_malware: event( rec: Info ); + + ## The Match notice has a sub message with a URL where you can get more + ## information about the file. The %s will be replaced with the SHA-1 + ## hash of the file. + const match_sub_url = "https://www.virustotal.com/en/search/?query=%s" &redef; + + ## The malware hash registry runs each malware sample through several + ## A/V engines. Team Cymru returns a percentage to indicate how + ## many A/V engines flagged the sample as malicious. This threshold + ## allows you to require a minimum detection rate. + const notice_threshold = 10 &redef; + + + # Objects of this type describe file hashes that are registered locally for + # detection. For now, the file hash type should always be 'sha1'. The + # description field should contain a human readable description of this + # file. This description is added to related log messages. + # The actual file hash is used as a key in the 'local_hashes' table and + # is not present in this record. + + type LocalHash: record { + kind: string; # Type of hash 'sha1' + description: string; # Description of the hash + }; + + # Global table of locally registered file hashes, e.g., hashes that + # are reported as malware even if they are not registered to the + # malware registry. This is useful for testing, but also allows admins + # to add monitoring for files not registered by Cymru. + # + # NOTE: use redef in a configuration file to add hashes: do not add them + # into this file! + + const local_hashes: table [ string ] of LocalHash = {} &redef; + + # + # redef MHR::local_hashes += { [ "hash-value-1" ] = [ $kind="sha1", $description="" ], + # [ "hash-value-2" ] = [ $kind="sha1", $description="" ] }; + # +} + +# An enumeration that describe all the possible file states (for detection): + +type FileState: enum { New, Hashed, Gapped }; + +# Objects of this type are used to keep track of currently +# transfered files. + +type CurrentFile: record { + id: string; + status: FileState; +}; + +global current_files: table[ string ] of CurrentFile = { }; + +# Definition of configuration event +type MHRConfigRecord: record { + op: string; # Operation: add/reset + mime: string &optional; +}; + +global match_mimes : set [ string ] = { } &redef; + +event on_mhr_config( req: MHRConfigRecord ) { + + Log::write( MHR::LOG, + [ $ts = network_time(), + $id = req$op, + $msg = ( req?$mime ? req$mime : "-" ) ] ); + + # TODO: + # There seem to be no way of creating patterns dynamically (after bro_init)! + # Possible solution: redef 'match_file_types' in a bro-file and restart bro. + + switch ( req$op ) { + case "add": # Add a new rule + if ( req$mime !in match_mimes ) + { + add match_mimes[ req$mime ]; + } + break; + case "reset": + # Remove all rules: + match_mimes = set( ); + break; + default: # Invalid operation + return; + } +} + +# A log event for detected malware + +type MHRRecord: record { + id: string; # Operation ID + ts: time; # File detection time + hash: string; # Sha1 hash + fid: string; # Bro's file ID + name: string; # Filename, if available + service: string; # Service (e.g., HTTP) using which the file was loaded + source: string; # List of space separated addresses + mime: string; # Mime type of the file + detected: time; # First time the malware was detected + rate: count; # Times the malware has been detected + url: string; # VirusTotal URL for the malware + msg: string; # Optional message (not used in 'macth' unless its a local match) +}; + +# Event handler: + +global mhr_alert: event( data: MHRRecord ); + +# A log event for hashed file, errors, etc. + +type MHRLogRecord: record { + id: string; # Operation ID + ts: time; # File detection time + hash: string; # Sha1 hash + fid: string; # Bro's file ID + name: string; # Filename, if available + service: string; # Service (e.g., HTTP) using which the file was loaded + source: string; # List of space separated addresses + mime: string; # Mime type of the file + msg: string; # Optional message (not used in 'macth' unless its a local match) +}; + +# Event handler: + +global mhr_log: event( data: MHRLogRecord ); + +# Auxilliary function to formatting and sending MHRLogRecords: + +function send_log_event( f: fa_file, id: string, hash: string, msg: string ) +{ + local source = ""; + + for ( i in f$info$tx_hosts ) + { + source = cat( source, " ", i ); + } + + local rec: MHRLogRecord; + rec$id = id; + rec$ts = f$info$ts; + rec$hash = hash; + rec$fid = f$id; + rec$name = ( f$info?$filename ? f$info$filename : "" ); + rec$service = f$source; + rec$source = source; + rec$mime = ( f$info?$mime_type ? f$info$mime_type : "" ); + rec$msg = msg; + + event mhr_log( rec ); +} + +function send_alert_event( f: fa_file, + hash: string, + url: string, + detected: time, + rate: count, + msg: string ) +{ + local source = ""; + + for ( i in f$info$tx_hosts ) + { + source = cat( source, " ", i ); + } + + local rec: MHRRecord; + rec$id = "match"; + rec$ts = f$info$ts; + rec$hash = hash; + rec$fid = f$id; + rec$name = ( f$info?$filename ? f$info$filename : "" ); + rec$service = f$source; + rec$source = source; + rec$mime = f$info$mime_type; + rec$rate = rate; + rec$detected = detected; + rec$url = url; + rec$msg = msg; + + event mhr_alert( rec ); +} + +# Actual registry lookup: + +function do_mhr_lookup( hash: string, f: fa_file ) +{ + # Uncomment for testing: a known malware hash brbbot.exe + #hash="2c9e509de4b3ec03589b5c95baba06a9387195e6"; + + Log::write( MHR::LOG, + [ $ts = network_time(), + $id = "Performing lookup", + $msg = f$id ] ); + + # Log all hashed files at this point + send_log_event( f, "log", hash, "file hashed" ); + + local hash_domain = fmt( "%s.malware.hash.cymru.com", hash ); + when ( local MHR_result = lookup_hostname_txt( hash_domain ) ) + { + # Data is returned as " " + local MHR_answer = split_string1( MHR_result, / / ); + + if ( |MHR_answer| == 2 ) + { + local mhr_detect_rate = to_count( MHR_answer[ 2 ] ); + if ( mhr_detect_rate >= notice_threshold ) + { + local mhr_first_detected = double_to_time( to_double( MHR_answer[ 1 ] ) ); + #local readable_first_detected = strftime("%Y-%m-%d %H:%M:%S", mhr_first_detected); + #local message = fmt( "Malware Hash Registry Detection rate: %d%% Last seen: %s", mhr_detect_rate, readable_first_detected ); + local virustotal_url = fmt( match_sub_url, hash ); + # We don't have the full fa_file record here in order to + # avoid the "when" statement cloning it (expensive!). + + Log::write( MHR::LOG, + [ $ts = network_time(), + $id = "Macth", + $msg = hash ] ); + + send_alert_event( f, hash, virustotal_url, mhr_first_detected, + mhr_detect_rate, "" ); + } + else + { + Log::write( MHR::LOG, + [ $ts = network_time(), + $id = "No match", + $msg = f$id ] ); + + } + } + else # Do a local lookup + { + Log::write( MHR::LOG, + [ $ts = network_time(), + $id = "Performing local lookup", + $msg = f$id ] ); + + if ( hash in local_hashes ) + { + local data = local_hashes[ hash ]; + + Log::write( MHR::LOG, + [ $ts = network_time(), + $id = "Macth", + $msg = hash ] ); + + send_alert_event( f, hash, "", current_time(), + 0, data$description ); + } + else + { + Log::write( MHR::LOG, + [ $ts = network_time(), + $id = "No match", + $msg = f$id ] ); + + } + } + } +} + +function check_mime( mime_type : string ) : bool +{ + # Check for direct match: + if ( mime_type in match_mimes ) + { + return T; + } + else # Check for patrial matches + { + # A clumsy way of doing this, but we cannot generate pattern + # dynamically :'( + + for ( mime in match_mimes ) + { + # If file's mime-type string contains 'mime': + if ( strstr( mime_type, mime ) != 0 ) + { + return T; + } + } + } + + return F; +} + +event file_hash( f: fa_file, kind: string, hash: string ) +{ + Log::write( MHR::LOG, + [ $ts = network_time(), + $id = "File hashed", + $msg = hash ] ); + + # Only handle sha1 hashes + if ( kind == "sha1" ) + { + # Mark file as hashed + if ( f$id !in current_files ) + { + current_files[ f$id ] = CurrentFile( $id = f$id, + $status = Hashed ); + } + else + { + current_files[ f$id ]$status = Hashed; + } + + Log::write( MHR::LOG, + [ $ts = network_time(), + $id = "Checking mime", + $msg = f$info?$mime_type ] ); + + if ( f$info?$mime_type ) + { + if ( check_mime( f$info$mime_type ) ) + { + do_mhr_lookup( hash, f ); + } + } + else # mime-type not available + { + send_log_event( f, "log", hash, "mime-type missing" ); + } + } +} + +# Make note of every detected file in order to follow their state: +event file_new( f: fa_file ) +{ + Log::write( MHR::LOG, + [ $ts = network_time(), + $id = "File detected", + $msg = f$id ] ); + + current_files[ f$id ] = CurrentFile( $id = f$id, + $status = New ); +} + +# Make note that not all file parts could be detected (there will be no hash) +event file_gap( f: fa_file, offset: count, len: count ) +{ + Log::write( MHR::LOG, + [ $ts = network_time(), + $id = "Gap detected", + $msg = f$id ] ); + + if ( f$id !in current_files ) + { + current_files[ f$id ] = CurrentFile( $id = f$id, + $status = Gapped ); + } + else + { + current_files[ f$id ]$status = Gapped; + } +} + +# Remove file state and send an event in case of +# any errors were detected. +# NOTE: this function might be called before the +# hash lookup returns: nothing during the +# lookup or after it should depend on the +# stored file information (which is removed +# in this function)! + +event file_state_remove( f: fa_file ) +{ + Log::write( MHR::LOG, + [ $ts = network_time(), + $id = "File ended", + $msg = f$id ] ); + + if ( f$id !in current_files ) + { + # We are fucked up! + return; + } + + local entry = current_files[ f$id ]; + + switch ( entry$status ) { + case New: fallthrough; + case Gapped: + if ( f$info?$mime_type ) + { + if ( check_mime( f$info$mime_type ) ) + { + send_log_event( f, "log", "", "file not hashed" ); + } + } + else + { + send_log_event( f, "log", "", "mime-type missing" ); + } + + break; + case Hashed: + # Nothing to do: event is sent if the hash matched + break; + default: + # TODO: Log: Invalid status! + break; + } + + delete current_files[ f$id ]; +} + + + +event bro_init() &priority=9 +{ + #Log::create_stream( LOG, [ $columns=Info, $ev=log_malware ] ); # return True if ok + if ( !Log::create_stream( LOG, [ $columns=Info ] ) ) + { + print "MHR.bro: Log creation failed!"; + } + + Log::write( MHR::LOG, + [ $ts = network_time(), + $id = "Init", + $msg = "" ] ); + + PSA::subscribe_events( /on_mhr_config/ ); +} \ No newline at end of file diff --git a/PSA/modules/MHR.py b/PSA/modules/MHR.py new file mode 100644 index 0000000..cfa7d33 --- /dev/null +++ b/PSA/modules/MHR.py @@ -0,0 +1,194 @@ +# -*- Mode:Python;indent-tabs-mode:nil; -*- +# +# MHR.py +# +# Implements a malware detection module that communicates with MHR.bro +# +# Author: jju, jk / VTT Technical Research Centre of Finland Ltd., 2016 +# + +import logging + +from broccoli import event, record_type, record +from modules.BroModule import BroModule +import modules.BroEventDispatcher as BroEventDispatcher + +MHRConfigRecord = record_type( 'op', # Operation type (add|reset) + 'mime' ) # Mime to add + +# Bro's response records: + +# Alert event: +MHRRecord = record_type( 'id', # Operation ID (match) + 'ts', # When the file was detected + 'hash', # Matchin sha1 hash + 'fid', # Bro's file ID + 'name', # Filename, if available + 'service', # Service (e.g., HTTP) using which the file + # was loaded + 'source', # List of space separated addresses + 'mime', # Mime type of the file + 'detected', # First time the malware was detected + 'rate', # Times the malware has been detected + 'url', # VirusTotal URL for the malware + 'msg' ) # Message (not included in 'match') + +# Log event: +MHRLogRecord = record_type( 'id', # Operation ID (match) + 'ts', # When the file was detected + 'hash', # Matchin sha1 hash + 'fid', # Bro's file ID + 'name', # Filename, if available + 'service', # Service (e.g., HTTP) using which the + # file was loaded + 'source', # List of space separated addresses + 'mime', # Mime type of the file + 'msg' ) # Message (not included in 'match') + +# Key for receiving Bro events. +MHRModuleKey = 'MHRModuleEvent' + +class MHRModule( BroModule ): + + rules = { } + + def __init__( self, logger ): + super( MHRModule, self ).__init__( 'MHR.bro', logger ) + BroEventDispatcher.register( MHRModuleKey, self ) + + def onRule( self, rule ): + + # Current only checks uses mime-type condition: + + if 'mime-type' in rule.conditions: + self.rules[ rule.ruleId ] = rule + + if self.state == BroModule.State.Started: + self._sendRule( rule ) + + return True + + return False + + def onStart( self, connection ): + super( MHRModule, self ).onStart( connection ) + self.reset( False ) + self._sendAllRules() + + def onStop( self ): + super( MHRModule, self ).onStop() + + def _sendRule( self, rule ): + """ + Send a single rule to bro module + """ + mimes = rule.conditions[ 'mime-type' ] + for mime in mimes: + try: + rec = record( MHRConfigRecord ) + rec.op = 'add' + rec.mime = str( mime ) + logging.info( 'Passing rule to Bro: ' + rule.ruleId + + ' (' + mime + ')' ) + self.connection.send( 'on_mhr_config', rec ) + except Exception: + logging.warning( 'Config exception for rule: ' + rule.ruleId ) + + def _sendAllRules( self ): + for key, rule in self.rules.iteritems(): + self._sendRule( rule ) + + def reset( self, resetRules = True ): + # Only send rules if connected to Bro + if self.state == BroModule.State.Started: + try: + rec = record( MHRConfigRecord ) + rec.op = 'reset' + rec.mime = 'reset' + logging.info( 'Passing rule to Bro: reset' ) + self.connection.send( 'on_mhr_config', rec ) + except Exception: + logging.warning( 'Config exception for rule: reset' ) + + if resetRules: + self.rules = { } + + def _log_alert( self, rule, data ): + + try: + fmt = "[%s] Rule '%s'(HSPL: %s) fired on file %s (%s, %s) from %s (%s): %s\n" + + text = '' + if not data.msg or data.msg == None or data.msg == '' : + text = data.url + else: + text = data.msg + ' (local hash)' + + line = fmt % ( data.ts, + rule.ruleId, + rule.hspl[ 'id' ], + data.fid, + data.mime, + data.hash, + data.source, + data.service, + text ) + # Log and alert + self.logger.onEvent( line ) + + fmt2 = "File (%s, %s) from %s (%s): %s" + info = fmt2 % ( data.mime, + data.hash, + data.source, + data.service, + text ) + self.logger.onNotifyEvent( rule.hspl['text'], 'Detected malicious file!', info ) + except Exception as e: + logging.error( e ) + + def _log_event( self, data ): + + try: + fmt = "[%s] Info: file %s (%s, %s) from %s (%s): %s\n" + line = fmt % ( data.ts, + data.fid, + data.mime, + data.hash, + data.source, + data.service, + data.msg ) + + self.logger.onEvent( line ) + except Exception as e: + logging.error( e ) + + + def onEvent( self, data ): + logging.error( 'Event ' + data.id ) + + if data.id == 'match': + count = 0 + for key, rule in self.rules.iteritems(): + if data.mime in rule.conditions[ 'mime-type' ]: + count += 1 + self._log_alert( rule, data ) + # Make sure that a log entry is generated even if + # mime matching in Bro and Python aren't equivalent: + if count == 0: + self._log_alert( '?', data ) + + elif data.id == 'log': + self._log_event( data ) + +# Dispatching events: +@event(MHRRecord) +def mhr_alert( data ): + BroEventDispatcher.dispatch( MHRModuleKey, data ) + +# Dispatching events: +@event(MHRLogRecord) +def mhr_log( data ): + BroEventDispatcher.dispatch( MHRModuleKey, data ) + +# Required for module loading: +module = MHRModule diff --git a/PSA/modules/__init__.py b/PSA/modules/__init__.py new file mode 100644 index 0000000..0da6d90 --- /dev/null +++ b/PSA/modules/__init__.py @@ -0,0 +1 @@ +# -*- Mode:Python;indent-tabs-mode:nil; -*- diff --git a/PSA/modules/ccount.bro b/PSA/modules/ccount.bro new file mode 100644 index 0000000..4a4883a --- /dev/null +++ b/PSA/modules/ccount.bro @@ -0,0 +1,346 @@ +# -*- Mode:Bro;indent-tabs-mode:nil;-*- +# +# count.bro +# +# Bro script that can be configured dynamically to count established connections +# that fulfill certain conditions, such as, source or destination addresses or +# ports. +# +# Acknowledgement: this script is originally based on the Bro SumStats example +# script provided by the Bro Project. +# +# Author: jju / VTT Technical Research Centre of Finland Ltd., 2016 +# + +@load base/protocols/conn +@load base/protocols/dhcp +@load base/protocols/dnp3 +@load base/protocols/dns +@load base/protocols/ftp +@load base/protocols/http +@load base/protocols/irc +@load base/protocols/modbus +@load base/protocols/pop3 +@load base/protocols/radius +@load base/protocols/snmp +@load base/protocols/smtp +@load base/protocols/socks +@load base/protocols/ssh +@load base/protocols/ssl +@load base/protocols/syslog +@load base/protocols/tunnels + +@load base/files/hash +@load base/files/extract +@load base/files/unified2 +@load base/files/x509 + +@load base/frameworks/communication +@load base/frameworks/sumstats + +@load ./psa-utils + +module CCount; + +# Definitions for logging framework: +export { + + redef enum Log::ID += { LOG }; + + type Info: record { + ts: time &log; # Timestamp + op: string &log; # Type of event + id: string &log; # Name of the rule + address: addr &log; # IP address + service: port &log; + }; + + #global log_cc: event( rec: Info ); +} + +# Definition of configuration event +type CountConfigRecord: record { + op: string; # Operation + id: string; # Name of the rule + address: string; # Related address, an IP address or a hostname + service: port; # Related port +}; + +# Definition of configuration event +type Rule : record { + id: string; # Name of the rule + op: string; # Operation + address: set[addr]; # A set of related IP address + service: port; # Port +}; + +# Table of currently active rules: +global rules : table[ string ] of Rule = {}; + +# Add a new rule to rules table: +function add_rule( cc: CountConfigRecord, addresses: set[ addr ] ) { + + # Log 'any IP' + if ( |addresses| == 0 ) { + Log::write( CCount::LOG, [ $ts = network_time(), + $op = cc$op, + $id = cc$id, + $address = 0.0.0.0, + $service = cc$service ]); + } + + # Log one or more IPs + for ( a in addresses ) { + Log::write( CCount::LOG, [ $ts = network_time(), + $op = cc$op, + $id = cc$id, + $address = a, + $service = cc$service ]); + } + + rules[ cc$id ] = Rule( $id = cc$id, + $op = cc$op, + $address = addresses, + $service = cc$service ); +} + +# Event handler for configuration events: +event on_count_config( cc: CountConfigRecord ) { + + # To fix missing protocol 'unknown' in broccoli python bindings + if ( cc$service == 0/tcp ) + { + cc$service = 0/unknown; + } + + switch ( cc$op ) { + case "src_addr": fallthrough; + case "src_port": fallthrough; + case "dst_addr": fallthrough; + case "dst_port": + if ( cc$id in rules ) { + delete rules[ cc$id ]; + } + + # The address is either an IP address, a hostname, or empty. + # A hostname may resolve to several IP addresses, so we deal + # with a set of addresses instead of a single address. + + local addresses: set[ addr ]; + + # For some reason, |string|>0 doesn't fire: is this because of + # something made by broccoli-python string conversion? + + if ( cc$address != "" ) { + + # If we have a single ip, convert it to 'addr': + if ( is_valid_ip( cc$address ) ) { + add addresses[ to_addr( cc$address ) ]; + } + else # otherwise, do a lookup for IP addresses: + { + # This will block, so let's do it async: + when ( local h = lookup_hostname( cc$address ) ) { + add_rule( cc, h ); + } + return; + } + } else { + # Empty set of addresses (check port only) + } + + add_rule( cc, addresses ); + break; + case "reset": # Delete a rule + + Log::write( CCount::LOG, [ $ts = network_time(), + $op = cc$op, + $id = cc$id, + $address = 0.0.0.0, + $service = cc$service ]); + + for ( key in rules ) + { + delete rules[ key ]; + } + break; + default: # Invalid operation + return; + } + +} + +# Attaches a observer to each connection for each rule that it fulfills. +#event connection_established( c: connection ) { +event new_connection( c: connection ) { + + # TODO: a faster way to find correct rules should be implemented. + + for ( key in rules ) + { + local rule = rules[ key ]; + + switch ( rule$op ) + { + case "src_addr": + if ( c$id$orig_h in rule$address + && ( rule$service == 0/unknown || rule$service == c$id$orig_p ) ) + { + SumStats::observe( "conn established", + SumStats::Key( $str = rule$id ), + SumStats::Observation( $num = 1 ) ); + + Log::write( CCount::LOG, [ $ts = network_time(), + $op = "add_observer", + $id = rule$op, + $address = c$id$orig_h, + $service = c$id$orig_p ]); + } + break; + case "dst_addr": + if ( c$id$resp_h in rule$address + && ( rule$service == 0/unknown || rule$service == c$id$resp_p ) ) + { + SumStats::observe( "conn established", + SumStats::Key( $str = rule$id ), + SumStats::Observation( $num = 1 ) ); + + Log::write( CCount::LOG, [ $ts = network_time(), + $op = "add_observer", + $id = rule$op, + $address = c$id$resp_h, + $service = c$id$resp_p ]); + } + break; + case "src_port": + if ( rule$service == c$id$orig_p ) + { + SumStats::observe( "conn established", + SumStats::Key( $str = rule$id ), + SumStats::Observation( $num = 1 ) ); + + Log::write( CCount::LOG, [ $ts = network_time(), + $op = "add_observer", + $id = rule$op, + $address = c$id$orig_h, + $service = c$id$orig_p ]); + } + break; + case "dst_port": + if ( rule$service == c$id$resp_p ) + { + SumStats::observe( "conn established", + SumStats::Key( $str = rule$id ), + SumStats::Observation( $num = 1 ) ); + + Log::write( CCount::LOG, [ $ts = network_time(), + $op = "add_observer", + $id = rule$op, + $address = c$id$resp_h, + $service = c$id$resp_p ]); + } + break; + default: # Invalid operation + return; + } + } +} + +# Events to send to Count.py + +# Measurement report: +type CountReportRecord: record { + rule: string; # Rule (ID) of this measurement + ts: time; # Timestamp for this measurement (start time) + num_occurences: double; # Total number of occurences within measurement period + first_occurence: time; # Timestamp of first occurence + last_occurence: time; # Timestamp of last occurence + period: count; # Measurement perioid in seconds +}; + +# End of measurement perioid notification: + +type CountPeriodRecord: record { + ts: time; # Timestamp for this measurement (start time) + period: count; # Measurement perioid in seconds +}; + +global report_count: event( data: CountReportRecord ); +global report_period: event( data: CountPeriodRecord ); + +event bro_init() &priority=9 +{ + #Log::create_stream( CCount::LOG, [ $columns = CCount::Info, + # $ev = log_cc ] ); + + if ( !Log::create_stream( CCount::LOG, [ $columns = CCount::Info ] ) ) + { + print "ccount.bro: Log creation failed!"; + } + + Log::write( CCount::LOG, [ $ts = network_time(), + $op = "init", + $id = "", + $address = 0.0.0.0, + $service = 0/unknown ] ); + + PSA::subscribe_events( /on_count_config/ ); + + # Create the reducer. + # The reducer attaches to the "conn established" observation stream + # and uses the summing calculation on the observations. + # There will be one result for each connection responder (c$id$resp_h) + + local r1 = SumStats::Reducer( $stream = "conn established", + $apply = set( SumStats::SUM ) ); + + # Create the final sumstat. + # We give it an arbitrary name and make it collect data every minute. + # The reducer is then attached and a $epoch_result callback is given + # to finally do something with the data collected. + SumStats::create( [ $name = "counting connections", + $epoch = 1min, + $reducers = set( r1 ), + $epoch_result( ts: time, + key: SumStats::Key, + result: SumStats::Result ) = { + + # This is the body of the callback that is called when a single + # result has been collected. We are just printing the total number + # of connections that were seen. The $sum field is provided as a + # double type value so we need to use %f as the format specifier. + + Log::write( CCount::LOG, [ $ts = network_time(), + $op = "log", + $id = key$str, + $address = 0.0.0.0, + $service = 0/tcp ]); + + local stats = result[ "conn established" ]; + local data: CountReportRecord; + data$rule = key$str; + data$ts = ts; + data$num_occurences = stats$sum; + data$first_occurence = stats$begin; + data$last_occurence = stats$end; + data$period = 60; + + # send event for our broccoli + event report_count( data ); + }, + $epoch_finished( ts: time ) = { + + Log::write( CCount::LOG, [ $ts = network_time(), + $op = "end", + $id = "end", + $address = 0.0.0.0, + $service = 0/tcp ]); + + local data: CountPeriodRecord; + data$ts = ts; + data$period = 60; + + # send event for our broccoli + event report_period( data ); + } ] ); +} diff --git a/PSA/modules/psa-utils.bro b/PSA/modules/psa-utils.bro new file mode 100644 index 0000000..5b30e47 --- /dev/null +++ b/PSA/modules/psa-utils.bro @@ -0,0 +1,40 @@ +# -*- Mode:Bro;indent-tabs-mode:nil;-*- +# +# psa-utils.bro +# +# Generic utilities for all Bro PSA modules. +# +# Author: jju / VTT Technical Research Centre of Finland Ltd., 2016 + +@load base/frameworks/communication + +module PSA; + +export { + global subscribe_events: function( events: pattern ); +} + +function subscribe_events( events : pattern ) +{ + + if ( "PSA" in Communication::nodes ) + { + local node = Communication::nodes[ "PSA" ]; + if ( node?$events ) + { + local evs = merge_pattern( node$events, events ); + node$events = evs; + } + else + { + node$events = events; + } + } + else + { + Communication::nodes[ "PSA" ] = [ $host = 127.0.0.1, + $events = events, + $connect = F, + $ssl = F ]; + } +} \ No newline at end of file diff --git a/PSA/psaConfigs/README.md b/PSA/psaConfigs/README.md new file mode 100644 index 0000000..e9ea7bb --- /dev/null +++ b/PSA/psaConfigs/README.md @@ -0,0 +1 @@ +Runtime PSA security control configs are stored in this folder. diff --git a/PSA/psaConfigs/example.conf b/PSA/psaConfigs/example.conf new file mode 100644 index 0000000..8e53402 --- /dev/null +++ b/PSA/psaConfigs/example.conf @@ -0,0 +1,92 @@ +{ + + "rules": [ + { "id": "rule1", + "hspl": { + "id": "hspl0", + "text": "abcd" + }, + "event": "EVENT_CONNECTION", + "operation": "count", + "parameters": [ + { "type": "object", + "value": "OBJ_CONNECTION" + } + ], + "action": "log", + "conditions": [ + { "type": "interval", + "value": 30 }, + { "type": "threshold", + "value": 50 }, + { "type": "destination", + "value": { "address": "91.197.85.151" } + } + ] + }, + { "id": "rule2", + "hspl": { + "id": "hspl0", + "text": "abcd" + }, + "event": "EVENT_CONNECTION", + "operation": "count", + "parameters": [ + { "type": "object", + "value": "OBJ_CONNECTION" + } + ], + "action": "log", + "conditions": [ + { "type": "interval", + "value": 30 }, + { "type": "threshold", + "value": 50 }, + { "type": "destination", + "value": { "address": "81.209.67.238" } + } + ] + }, + { "id": "rule3", + "hspl": { + "id": "hspl0", + "text": "abcd" + }, + "event": "EVENT_CONNECTION", + "operation": "count", + "parameters": [ + { "type": "object", + "value": "OBJ_CONNECTION" + } + ], + "action": "log", + "conditions": [ + { "type": "interval", + "value": 30 }, + { "type": "threshold", + "value": 50 }, + { "type": "destination_port", + "value": { "port": 80 } + } + ] + }, + { "id": "rule4", + "hspl": { + "id": "hspl0", + "text": "abcd" + }, + "event": "EVENT_FILE", + "operation": "detect-MHR", + "parameters": [ ], + "action": "log", + "conditions": [ + { "type": "mime-type", + "value": "application/pdf" + }, + { "type": "mime-type", + "value": "application/x-dosexec" + } + ] + } + ] +} diff --git a/PSA/psaEE.conf b/PSA/psaEE.conf new file mode 100644 index 0000000..05482c6 --- /dev/null +++ b/PSA/psaEE.conf @@ -0,0 +1,17 @@ +[configuration] +psc_address=http://192.168.2.1:8080 +psa_config_path=psaConfigs/ +scripts_path=scripts/ +psa_id=BroMalware +psa_name=Bro PSA +psa_version=0.1.0 +psa_api_version=v0.5 +psa_log_location=psaConfigs/psa.log +conf_id= +verbose=false +debug=false +test_mode=false +#test_mode_ip=10.2.4.1 +#test_mode_dns=8.8.8.8 +#test_mode_netmask=255.0.0.0 +#test_mode_gateway=10.2.2.252 diff --git a/PSA/psaEE.py b/PSA/psaEE.py new file mode 100644 index 0000000..7d90378 --- /dev/null +++ b/PSA/psaEE.py @@ -0,0 +1,147 @@ +# -*- Mode:Python;indent-tabs-mode:nil; -*- +# +# File: psaEE.py +# Created: 27/08/2014 +# Author: BSC +# Author: jju / VTT Technical Research Centre of Finland Ltd., 2016 +# +# Description: +# Web service running on the PSA interacting with the PSC +# +# + +import falcon +#import json +import Config +import logging +import subprocess +from execInterface import execInterface +from getConfiguration import getConfiguration +from psaExceptions import psaExceptions +from dumpLogFile import dumpLogFile +import os.path + +conf = Config.Configuration() +date_format = "%m/%d/%Y %H:%M:%S" +log_format = "[%(asctime)s.%(msecs)d] [%(module)s] %(message)s" + +logging.basicConfig( filename = conf.LOG_FILE, + level = logging.DEBUG, + format = log_format, + datefmt = date_format ) + +# Enforce logging level even if handlers had already +# been added into the root logger: +logger = logging.getLogger() +logger.setLevel( logging.DEBUG ) + +#pscAddr = conf.PSC_ADDRESS +#configsPath = conf.PSA_CONFIG_PATH +#psaID = conf.PSA_ID +#confID = conf.CONF_ID + +if conf.TEST_MODE: + logging.info( 'Test Mode enabled' ) + +logging.info( "--------" ) +logging.info( "PSA EE init." ) +logging.info( "PSA ID: " + str( conf.PSA_ID ) ) +logging.info( "PSA NAME: " + str( conf.PSA_NAME ) ) +logging.info( "PSA VERSION: " + str( conf.PSA_VERSION ) ) +logging.info( "PSA-PSC API version: " + str( conf.PSA_API_VERSION ) ) +logging.info( "PSA log location: " + str( conf.PSA_LOG_LOCATION ) ) +logging.info( "--------" ) + +# instantiate class object to manage REST interface to the PSC +execIntf = execInterface( conf.PSA_HOME, + conf.PSA_CONFIG_PATH, + conf.PSA_SCRIPTS_PATH, + conf.PSA_LOG_LOCATION, + conf.PSA_ID, + conf.PSC_ADDRESS, + str(conf.PSA_API_VERSION)) +#confHand = getConfiguration(pscAddr, configsPath, confID, psaID) +confHand = None +if not conf.TEST_MODE: + confHand = getConfiguration( conf.PSC_ADDRESS, + conf.PSA_CONFIG_PATH, + conf.PSA_SCRIPTS_PATH, + conf.PSA_ID, + str(conf.PSA_API_VERSION) ) + +# start the HTTP falcon proxy and adds reachable resources as routes +app = falcon.API() +base = '/' + str( conf.PSA_API_VERSION ) + '/execInterface/' +app.add_route( base + '{command}', execIntf ) + +dumpLog = dumpLogFile() +#FOR DEBUGGING ONLY, REMOVE IN PRODUCTION +app.add_route( base + 'dump-log-ctrl', dumpLog ) + +logging.info("execInterface routes added.") + +# Inform our PSC that we are up +#TODO +''' +try: + start_res = confHand.send_start_event() + # We don't need to enable anything + #proc = subprocess.Popen(confScript, stdout=subprocess.PIPE, shell=True) + #(out, err) = proc.communicate() +except psaExceptions as exc: + pass +''' +# Pull configuration and start the PSA. +try: + if not conf.TEST_MODE: + confScript = confHand.pullPSAconf( execIntf ) + + else: # Do local test setup + + # Check that some psaconf file exists + if not os.path.isfile( conf.PSA_CONFIG_PATH + '/psaconf' ): + raise psaExceptions.confRetrievalFailed() + + execIntf.callInitScript() + + if conf.TEST_MODE_IP != None: + + # Only run ip_conf.sh if all the parameters are present + if ( conf.TEST_MODE_DNS == None + or conf.TEST_MODE_NETMASK == None + or conf.TEST_MODE_GATEWAY == None ): + raise psaExceptions.confRetrievalFailed() + + logging.info( 'PSA requires IP, configuring...' ) + ip = conf.TEST_MODE_IP + dns = conf.TEST_MODE_DNS + netmask = conf.TEST_MODE_NETMASK + gateway = conf.TEST_MODE_GATEWAY + logging.info( 'ip: ' + str( ip ) ) + logging.info( 'gateway: ' + str( gateway ) ) + logging.info( 'dns: ' + str( dns ) ) + logging.info( 'netmask: ' + str( netmask ) ) + + ret = subprocess.call( [ conf.PSA_SCRIPTS_PATH + 'ip_conf.sh', + ip, gateway, dns, netmask ] ) + logging.info( 'Result of setting config: ' + str( ret ) ) + else: + logging.info( "PSA doesn't require IP, skipping configuration." ) + logging.info('PSA '+ conf.PSA_ID + ' configuration registered' ) + + execIntf.callStartScript() + +except psaExceptions.confRetrievalFailed as e: + print e + +logging.info( "PSA start done." ) + +# http request to ask for the configuration and start the script +''' +try: + confScript = confHand.pullPSAconf() + proc = subprocess.Popen(confScript, stdout=subprocess.PIPE, shell=True) + (out, err) = proc.communicate() +except psaExceptions as exc: + pass +''' diff --git a/PSA/psaExceptions.py b/PSA/psaExceptions.py new file mode 100644 index 0000000..5b9bf84 --- /dev/null +++ b/PSA/psaExceptions.py @@ -0,0 +1,14 @@ +# -*- Mode:Python;indent-tabs-mode:nil; -*- +# +# File: psaExceptions.py +# Created: 05/09/2014 +# Author: BSC +# +# Description: +# Custom execption class to manage error in the PSC +# + +class psaExceptions( object ): + + class confRetrievalFailed( Exception ): + pass diff --git a/PSA/pylintrc b/PSA/pylintrc new file mode 100644 index 0000000..f0a6913 --- /dev/null +++ b/PSA/pylintrc @@ -0,0 +1,280 @@ +[MASTER] + +# Specify a configuration file. +#rcfile= + +# Python code to execute, usually for sys.path manipulation such as +# pygtk.require(). +#init-hook= + +# Profiled execution. +profile=no + +# Add files or directories to the blacklist. They should be base names, not +# paths. +ignore=CVS + +# Pickle collected data for later comparisons. +persistent=yes + +# List of plugins (as comma separated values of python modules names) to load, +# usually to register additional checkers. +load-plugins= + + +[MESSAGES CONTROL] + +# Enable the message, report, category or checker with the given id(s). You can +# either give multiple identifier separated by comma (,) or put this option +# multiple time. See also the "--disable" option for examples. +#enable= + +# Disable the message, report, category or checker with the given id(s). You +# can either give multiple identifiers separated by comma (,) or put this +# option multiple times (only on the command line, not in the configuration +# file where it should appear only once).You can also use "--disable=all" to +# disable everything first and then reenable specific checks. For example, if +# you want to run only the similarities checker, you can use "--disable=all +# --enable=similarities". If you want to run only the classes checker, but have +# no Warning level messages displayed, use"--disable=all --enable=classes +# --disable=W" +disable=C0326 + + +[REPORTS] + +# Set the output format. Available formats are text, parseable, colorized, msvs +# (visual studio) and html. You can also give a reporter class, eg +# mypackage.mymodule.MyReporterClass. +output-format=text + +# Put messages in a separate file for each module / package specified on the +# command line instead of printing them on stdout. Reports (if any) will be +# written in a file name "pylint_global.[txt|html]". +files-output=no + +# Tells whether to display a full report or only the messages +reports=yes + +# Python expression which should return a note less than 10 (10 is the highest +# note). You have access to the variables errors warning, statement which +# respectively contain the number of errors / warnings messages and the total +# number of statements analyzed. This is used by the global evaluation report +# (RP0004). +evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10) + +# Add a comment according to your evaluation note. This is used by the global +# evaluation report (RP0004). +comment=no + +# Template used to display messages. This is a python new-style format string +# used to format the message information. See doc for all details +#msg-template= + + +[FORMAT] + +# Maximum number of characters on a single line. +max-line-length=80 + +# Regexp for a line that is allowed to be longer than the limit. +ignore-long-lines=^\s*(# )??$ + +# Allow the body of an if to be on the same line as the test if there is no +# else. +single-line-if-stmt=no + +# List of optional constructs for which whitespace checking is disabled +no-space-check=trailing-comma,dict-separator + +# Maximum number of lines in a module +max-module-lines=1000 + +# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1 +# tab). +indent-string=' ' + + +[BASIC] + +# Required attributes for module, separated by a comma +required-attributes= + +# List of builtins function names that should not be used, separated by a comma +bad-functions=map,filter,apply,input + +# Regular expression which should only match correct module names +module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$ + +# Regular expression which should only match correct module level names +const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$ + +# Regular expression which should only match correct class names +class-rgx=[A-Z_][a-zA-Z0-9]+$ + +# Regular expression which should only match correct function names +function-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Regular expression which should only match correct method names +method-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Regular expression which should only match correct instance attribute names +attr-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Regular expression which should only match correct argument names +argument-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Regular expression which should only match correct variable names +variable-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Regular expression which should only match correct attribute names in class +# bodies +class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$ + +# Regular expression which should only match correct list comprehension / +# generator expression variable names +inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$ + +# Good variable names which should always be accepted, separated by a comma +good-names=i,j,k,ex,Run,_ + +# Bad variable names which should always be refused, separated by a comma +bad-names=foo,bar,baz,toto,tutu,tata + +# Regular expression which should only match function or class names that do +# not require a docstring. +no-docstring-rgx=__.*__ + +# Minimum line length for functions/classes that require docstrings, shorter +# ones are exempt. +docstring-min-length=-1 + + +[TYPECHECK] + +# Tells whether missing members accessed in mixin class should be ignored. A +# mixin class is detected if its name ends with "mixin" (case insensitive). +ignore-mixin-members=yes + +# List of classes names for which member attributes should not be checked +# (useful for classes with attributes dynamically set). +ignored-classes=SQLObject + +# When zope mode is activated, add a predefined set of Zope acquired attributes +# to generated-members. +zope=no + +# List of members which are set dynamically and missed by pylint inference +# system, and so shouldn't trigger E0201 when accessed. Python regular +# expressions are accepted. +generated-members=REQUEST,acl_users,aq_parent + + +[SIMILARITIES] + +# Minimum lines number of a similarity. +min-similarity-lines=4 + +# Ignore comments when computing similarities. +ignore-comments=yes + +# Ignore docstrings when computing similarities. +ignore-docstrings=yes + +# Ignore imports when computing similarities. +ignore-imports=no + + +[VARIABLES] + +# Tells whether we should check for unused import in __init__ files. +init-import=no + +# A regular expression matching the beginning of the name of dummy variables +# (i.e. not used). +dummy-variables-rgx=_$|dummy + +# List of additional names supposed to be defined in builtins. Remember that +# you should avoid to define new builtins when possible. +additional-builtins= + + +[MISCELLANEOUS] + +# List of note tags to take in consideration, separated by a comma. +notes=FIXME,XXX,TODO + + +[IMPORTS] + +# Deprecated modules which should not be used, separated by a comma +deprecated-modules=regsub,TERMIOS,Bastion,rexec + +# Create a graph of every (i.e. internal and external) dependencies in the +# given file (report RP0402 must not be disabled) +import-graph= + +# Create a graph of external dependencies in the given file (report RP0402 must +# not be disabled) +ext-import-graph= + +# Create a graph of internal dependencies in the given file (report RP0402 must +# not be disabled) +int-import-graph= + + +[CLASSES] + +# List of interface methods to ignore, separated by a comma. This is used for +# instance to not check methods defines in Zope's Interface base class. +ignore-iface-methods=isImplementedBy,deferred,extends,names,namesAndDescriptions,queryDescriptionFor,getBases,getDescriptionFor,getDoc,getName,getTaggedValue,getTaggedValueTags,isEqualOrExtendedBy,setTaggedValue,isImplementedByInstancesOf,adaptWith,is_implemented_by + +# List of method names used to declare (i.e. assign) instance attributes. +defining-attr-methods=__init__,__new__,setUp + +# List of valid names for the first argument in a class method. +valid-classmethod-first-arg=cls + +# List of valid names for the first argument in a metaclass class method. +valid-metaclass-classmethod-first-arg=mcs + + +[DESIGN] + +# Maximum number of arguments for function / method +max-args=5 + +# Argument names that match this expression will be ignored. Default to name +# with leading underscore +ignored-argument-names=_.* + +# Maximum number of locals for function / method body +max-locals=15 + +# Maximum number of return / yield for function / method body +max-returns=6 + +# Maximum number of branch for function / method body +max-branches=12 + +# Maximum number of statements in function / method body +max-statements=50 + +# Maximum number of parents for a class (see R0901). +max-parents=7 + +# Maximum number of attributes for a class (see R0902). +max-attributes=7 + +# Minimum number of public methods for a class (see R0903). +min-public-methods=2 + +# Maximum number of public methods for a class (see R0904). +max-public-methods=20 + + +[EXCEPTIONS] + +# Exceptions that will emit a warning when being caught. Defaults to +# "Exception" +overgeneral-exceptions=Exception diff --git a/PSA/scripts/current_config.sh b/PSA/scripts/current_config.sh new file mode 100644 index 0000000..715d728 --- /dev/null +++ b/PSA/scripts/current_config.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# +# status.sh +# Description: +# This script return the current configuration. +# +# This script is called by the PSA API when the PSA's current runtime configuration is requested. +# +# Return value: +# Current configuration +# + +PSA_HOME=/home/psa/pythonScript + +if [ -z "$PSA_HOME" ]; then + echo "error: 'PSA_HOME' is not set." >&2 + exit 1 +fi + +if [ ! -d "$PSA_HOME" ]; then + echo "error: 'PSA_HOME' is not a valid directory." >&2 + exit 1 +fi + +#PSA_HOME=/home/admini/SECURED/ +#PSA_HOME=/home/psa/pythonScript + +COMMAND_OUTPUT="$(cat $PSA_HOME/psaConfigs/psaconf)" +printf '%s\n' "${COMMAND_OUTPUT[@]}" +exit 1; diff --git a/PSA/scripts/init.sh b/PSA/scripts/init.sh new file mode 100644 index 0000000..25e869b --- /dev/null +++ b/PSA/scripts/init.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +#if [ -z "$PSA_HOME" ]; then +# echo "error: 'PSA_HOME' is not set." >&2 +# exit 1 +#fi + +#if [ ! -d "$PSA_HOME" ]; then +# echo "error: 'PSA_HOME' is not a valid directory." >&2 +# exit 1 +#fi + +exit 0; + diff --git a/PSA/scripts/ip_conf.sh b/PSA/scripts/ip_conf.sh new file mode 100644 index 0000000..e9d0eff --- /dev/null +++ b/PSA/scripts/ip_conf.sh @@ -0,0 +1,57 @@ +#!/bin/bash +# +# ip_conf.sh +# +# This script is called by the PSA API when the PSA should be configured with IP +# address. +# +# NOTE: This script is called right after init.sh script at the start-up of a +# PSA. +# +# !!! +# This should have the base setup for IP. init.sh should not change these +# values, since it will overwrite these values at the moment. +# !!! +# +# --> (We can change the logic to call this after init.sh always?) +# + +# Just a place-holder as Bro PSA does not use this script.. +#if [ -z "$PSA_HOME" ]; then +# echo "error: 'PSA_HOME' is not set." >&2 +# exit 1 +#fi + +#if [ ! -d "$PSA_HOME" ]; then +# echo "error: 'PSA_HOME' is not a valid directory." >&2 +# exit 1 +#fi + +# Please, define the interface this PSA requires the IP for. +CLIENT_IFACE=br0 +if [ "$#" -ne 4 ] +then + echo "Illegal number of params. Should be 4 (IP, gateway, dns, netmask)" + exit 1; +fi + +echo "-------------" +echo "IP:" + $1 +echo "gateway:" + $2 +echo "dns:" + $3 +echo "netmask:" + $4 + +# Note that now we just replace any existing conf, since this should be the only +# DNS for the PSA. +SEARCH='nameserver '$3 +if grep -Fxq "$SEARCH" /etc/resolv.conf +then + echo "Had dns already" +else + echo "Didn't have dns, setting" + echo -e "$SEARCH" > /etc/resolv.conf +fi + +/sbin/ifconfig $CLIENT_IFACE $1 netmask $4 +ip route delete default +/sbin/route add default gw $2 $CLIENT_IFACE diff --git a/PSA/scripts/ping.sh b/PSA/scripts/ping.sh new file mode 100644 index 0000000..66d0b56 --- /dev/null +++ b/PSA/scripts/ping.sh @@ -0,0 +1,13 @@ +#!/bin/bash +# +# ping.sh +# +# This script is called by the PSA API when the PSA is requested to ping. +# +# Return value: +# ping result +# + +COMMAND_OUTPUT="$(ping -c 3 www.google.com)" +echo ${COMMAND_OUTPUT} +exit 1; diff --git a/PSA/scripts/start.sh b/PSA/scripts/start.sh new file mode 100644 index 0000000..e233888 --- /dev/null +++ b/PSA/scripts/start.sh @@ -0,0 +1,20 @@ +#!/bin/bash +# +# start.sh +# Created: 1/02/2016 +# Author: jju / VTT Technical Research Centre of Finland Ltd., 2016 +# + +# Just a place-holder as Bro PSA does not use this script.. +#if [ -z "$PSA_HOME" ]; then +# echo "error: 'PSA_HOME' is not set." >&2 +# exit 1 +#fi + +#if [ ! -d "$PSA_HOME" ]; then +# echo "error: 'PSA_HOME' is not a valid directory." >&2 +# exit 1 +#fi + +echo "ERROR: this script should not be called" +exit 0 diff --git a/PSA/scripts/status.sh b/PSA/scripts/status.sh new file mode 100644 index 0000000..b2398ff --- /dev/null +++ b/PSA/scripts/status.sh @@ -0,0 +1,37 @@ +#!/bin/bash +# +# status.sh +# Created: 1/02/2016 +# Author: jju / VTT Technical Research Centre of Finland Ltd., 2016 +# +# Description: +# Script that returns the current status of the Bro PSA. +# +# This script is called by the PSA API when the PSA's runtime status is +# requested. +# +# Return value: +# 1: alive +# 2: not alive +# + +#if [ -z "$PSA_HOME" ]; then +# echo "error: 'PSA_HOME' is not set." >&2 +# exit 1 +#fi + +#if [ ! -d "$PSA_HOME" ]; then +# echo "error: 'PSA_HOME' is not a valid directory." >&2 +# exit 1 +#fi + +BROCTL=/opt/bro/bin/broctl +LINE=`$BROCTL status 2>&1 | grep "running"` + +if [ "$?" -eq 0 ] ; then + echo 1 + exit 1 +fi + +echo 0 +exit 0 diff --git a/PSA/scripts/stop.sh b/PSA/scripts/stop.sh new file mode 100644 index 0000000..b8c4da8 --- /dev/null +++ b/PSA/scripts/stop.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# +# stop.sh +# Created: 1/02/2016 +# Author: jju / VTT Technical Research Centre of Finland Ltd., 2016 +# + +# Just a place-holder as Bro PSA does not use this script.. + +#if [ -z "$PSA_HOME" ]; then +# echo "error: 'PSA_HOME' is not set." >&2 +# exit 1 +#fi + +#if [ ! -d "$PSA_HOME" ]; then +# echo "error: 'PSA_HOME' is not a valid directory." >&2 +# exit 1 +#fi + +echo "ERROR: this script should not be called" +exit 0 diff --git a/PSA/secured.bro b/PSA/secured.bro new file mode 100644 index 0000000..8a7b403 --- /dev/null +++ b/PSA/secured.bro @@ -0,0 +1,111 @@ +##! Local site policy. It will be dynamically updated when policy is enabled/disabled +##! +##! This file will not be overwritten when upgrading or reinstalling! +# Note: Bro supports writing to files, but not reading from them. + + +# Disable checksum validation +redef ignore_checksums = T; +redef tcp_max_initial_window = 0; +redef tcp_max_above_hole_without_any_acks = 0; +redef tcp_excessive_data_without_further_acks = 0; + +# Implemented policies + +# Enables pinging a bro node +#@load /home/admini/SECURED/policies/broping-record.bro + +# Count connections +#@load /home/admini/SECURED/policies/count_conns.bro + +# Weak keys notice +#@load /home/admini/SECURED/policies/weak-keys.bro + +# Hash calculation +#@load /home/admini/SECURED/policies/hash-files.bro + +# Interesting scripts + +# Log some information about web applications being used by users +# on your network. +#@load misc/app-stats + +# Scripts that do asset tracking. +#@load protocols/conn/known-hosts +#@load protocols/conn/known-services +#@load protocols/ssl/known-certs + +# This script enables SSL/TLS certificate validation. +#@load protocols/ssl/validate-certs +# This script prevents the logging of SSL CA certificates in x509.log +#@load protocols/ssl/log-hostcerts-only +# Uncomment the following line to check each SSL certificate hash against the ICSI +# certificate notary service; see http://notary.icsi.berkeley.edu . +#@load protocols/ssl/notary + +# Enable MD5 and SHA1 hashing for all files. +#@load frameworks/files/hash-all-files + +# Detect SHA1 sums in Team Cymru's Malware Hash Registry. +#@load frameworks/files/detect-MHR + + + + +# Some general scripts and some other scripts that might be interesting + +# This script logs which scripts were loaded during each run. +@load misc/loaded-scripts + +# Apply the default tuning scripts for common tuning settings. +@load tuning/defaults + +# Load the scan detection script. +#@load misc/scan + +# Detect traceroute being run on the network. +#@load misc/detect-traceroute + +# Generate notices when vulnerable versions of software are discovered. +# The default is to only monitor software found in the address space defined +# as "local". Refer to the software framework's documentation for more +# information. +#@load frameworks/software/vulnerable + +# Detect software changing (e.g. attacker installing hacked SSHD). +#@load frameworks/software/version-changes + +# This adds signatures to detect cleartext forward and reverse windows shells. +#@load-sigs frameworks/signatures/detect-windows-shells + +# Load all of the scripts that detect software in various protocols. +#@load protocols/ftp/software +#@load protocols/smtp/software +#@load protocols/ssh/software +#@load protocols/http/software +# The detect-webapps script could possibly cause performance trouble when +# running on live traffic. Enable it cautiously. +#@load protocols/http/detect-webapps + +# This script detects DNS results pointing toward your Site::local_nets +# where the name is not part of your local DNS zone and is being hosted +# externally. Requires that the Site::local_zones variable is defined. +#@load protocols/dns/detect-external-names + +# Script to detect various activity in FTP sessions. +#@load protocols/ftp/detect + +# If you have libGeoIP support built in, do some geographic detections and +# logging for SSH traffic. +#@load protocols/ssh/geo-data +# Detect hosts doing SSH bruteforce attacks. +#@load protocols/ssh/detect-bruteforcing +# Detect logins using "interesting" hostnames. +#@load protocols/ssh/interesting-hostnames + +# Detect SQL injection attacks. +#@load protocols/http/detect-sqli + +# Uncomment the following line to enable detection of the heartbleed attack. Enabling +# this might impact performance a bit. +#@load policy/protocols/ssl/heartbleed diff --git a/PSA/test/configs/post-init.bro b/PSA/test/configs/post-init.bro new file mode 100644 index 0000000..9a54276 --- /dev/null +++ b/PSA/test/configs/post-init.bro @@ -0,0 +1,19 @@ +# This file can be used to make Bro PSA Detect-MHR module to consider the files +# fecthed by the following scripts to be considered as malware: +# +# download_pdf.sh +# download_exe.sh +# +# Usage: copy this files under Bro PSA's modules directory +# (PSA/modules/post-init.bro) before booting Bro PSA. +# + +redef ignore_checksums = T; +redef tcp_max_initial_window = 0; +redef tcp_max_above_hole_without_any_acks = 0; +redef tcp_excessive_data_without_further_acks = 0; + +redef MHR::local_hashes += { [ "afba7d3f3addd136afb4b13a49703e979fb4f590" ] + = [ $kind="sha1", $description="detected T170.pdf" ], + [ "f2e5efd7b47d1fb5b68d355191cfed1a66b82c79" ] + = [ $kind="sha1", $description="detected 7z1514.exe" ] }; diff --git a/PSA/test/download_exe.sh b/PSA/test/download_exe.sh new file mode 100644 index 0000000..12a7dd0 --- /dev/null +++ b/PSA/test/download_exe.sh @@ -0,0 +1,2 @@ +#!/bin/sh +wget --no-proxy http://www.7-zip.org/a/7z1514.exe diff --git a/PSA/test/download_http.sh b/PSA/test/download_http.sh new file mode 100644 index 0000000..8786a6d --- /dev/null +++ b/PSA/test/download_http.sh @@ -0,0 +1,2 @@ +#!/bin/sh +wget www.vtt.fi diff --git a/PSA/test/download_http_google_49.sh b/PSA/test/download_http_google_49.sh new file mode 100644 index 0000000..b9a2d97 --- /dev/null +++ b/PSA/test/download_http_google_49.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +for ((n=0;n<49;n++)); +do + wget www.google.com +done + +echo "done." diff --git a/PSA/test/download_http_google_50.sh b/PSA/test/download_http_google_50.sh new file mode 100644 index 0000000..d8c124a --- /dev/null +++ b/PSA/test/download_http_google_50.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +for ((n=0;n<50;n++)); +do + wget www.google.com +done + +echo "done." diff --git a/PSA/test/download_http_vtt_49.sh b/PSA/test/download_http_vtt_49.sh new file mode 100644 index 0000000..8a55a89 --- /dev/null +++ b/PSA/test/download_http_vtt_49.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +for ((n=0;n<49;n++)); +do + wget www.vtt.fi +done + +echo "done." diff --git a/PSA/test/download_http_vtt_50.sh b/PSA/test/download_http_vtt_50.sh new file mode 100644 index 0000000..dd2be16 --- /dev/null +++ b/PSA/test/download_http_vtt_50.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +for ((n=0;n<50;n++)); +do + wget www.vtt.fi +done + +echo "done." diff --git a/PSA/test/download_pdf.sh b/PSA/test/download_pdf.sh new file mode 100644 index 0000000..c72daa8 --- /dev/null +++ b/PSA/test/download_pdf.sh @@ -0,0 +1,2 @@ +#!/bin/sh +wget www.vtt.fi/inf/pdf/technology/2014/T170.pdf diff --git a/PSA/test/gunicorn_brolog.sh b/PSA/test/gunicorn_brolog.sh new file mode 100644 index 0000000..85e18c1 --- /dev/null +++ b/PSA/test/gunicorn_brolog.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +curl -X GET http://10.0.2.15:8080/v0.5/execInterface/brolog diff --git a/PSA/test/gunicorn_start.sh b/PSA/test/gunicorn_start.sh new file mode 100644 index 0000000..1ab5ab0 --- /dev/null +++ b/PSA/test/gunicorn_start.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +curl -X POST http://10.0.2.15:8080/v0.5/execInterface/start diff --git a/PSA/test/gunicorn_status.sh b/PSA/test/gunicorn_status.sh new file mode 100644 index 0000000..76c75d2 --- /dev/null +++ b/PSA/test/gunicorn_status.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +curl http://10.0.2.15:8080/v0.5/execInterface/status diff --git a/PSA/test/gunicorn_stop.sh b/PSA/test/gunicorn_stop.sh new file mode 100644 index 0000000..93a429b --- /dev/null +++ b/PSA/test/gunicorn_stop.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +curl -X POST http://10.0.2.15:8080/v0.5/execInterface/stop diff --git a/PSA/util/cleanup.sh b/PSA/util/cleanup.sh new file mode 100644 index 0000000..2523c00 --- /dev/null +++ b/PSA/util/cleanup.sh @@ -0,0 +1,41 @@ +#!/bin/bash +# +# File: cleanup.sh +# Created: 28/01/2016 +# Author: jju / VTT Technical Research Centre of Finland Ltd., 2016 +# +# Description: +# +# A simple script to cleanup the development directory +# + +# All paths should be relative! + +# subdirectiories to clean. All directories listed are cleaned +# from generic temporary files, such as .pyc and *~ +subdirs="modules, json, psaConfig, test, scripts" + +# Specific temporary files that should be removed, e.g. log +# files. +tmpfiles="GUNICORN.log, PSA.log, psaConfigs/bro.log pylint.out" + +echo "rm -f ./*.pyc ./*~" +rm -f ./*.pyc ./*~ + +dirs=(${subdirs//,/ }) +for dir in "${dirs[@]}" +do + if [ -n "$dir" -a -d "$dir" ]; then + echo "rm -f ./$dir/*.pyc ./$dir/*~" + rm -f ./$dir/*.pyc ./$dir/*~ + fi +done + +files=(${tmpfiles//,/ }) +for file in "${files[@]}" +do + echo "rm -f ./$file" + rm -f ./$file +done + +exit 0 diff --git a/PSA/util/kill.sh b/PSA/util/kill.sh new file mode 100644 index 0000000..539a6b6 --- /dev/null +++ b/PSA/util/kill.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +PIDS=`ps aux | grep guni | grep python | sed 's/^[^ \t]*[ \t]*\([0-9]*\).*/\1/g' | tr '\n' ' '` + +kill -s 9 $PIDS diff --git a/PSA/util/pylint.sh b/PSA/util/pylint.sh new file mode 100644 index 0000000..31ae01e --- /dev/null +++ b/PSA/util/pylint.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +pylint *.py modules > pylint.out + +echo "done: check pylint.out" +echo "" +exit 0 diff --git a/README.md b/README.md new file mode 100644 index 0000000..893b0ef --- /dev/null +++ b/README.md @@ -0,0 +1,267 @@ +# 1. End-user + +## 1.1 Description / general readme + +Bro PSA provides network monitoring capabilities to end users. It can be used to +monitor user's network traffic according to specified policies and log security +related events, such as suspicious connections and suspected malicious files. + +## 1.2 Features / Capabilities + +The list of capabilities supported by this PSA includes: + +* Logging of established connections during certain time interval filtered based + on source and/or destination addresses and ports. Log events can be configured + to trigger only if the amount of specified events exceeds certain threshold + within a time interval. This capability may be used, e.g., log network usage + or detect abnormal network traffic. + +* Scanning downloaded files for known malware. This PSA's malware detection + capabilities are based on detecting certain types of files, e.g. PDFs, in the + network traffic to or from the user's device. The PSA computes hashes of such + files and compares these against a repository of known hashes of malicious + files. Type of files that are to be scanned can be configured. + +## 1.3 Security policy examples + +Examples of the policies that can be enables using the SECURED GGUI includes: + +```I; Enable; Logging; {propose, count_connection }; {traffic_target, address}``` + +- This policy enables logging of all connections to or from a specific address. + +```I; Enable; Malware_detection; {type_Content, scan_xdosexec } ``` + +- This policy enables scanning of all Windows native executable files detected + in the network traffic. + +## 1.4 Support, troubleshooting / known issues + +None + +# 2. Developer / admin + +## 2.1 Description / general readme + +The Bro PSA provides network monitoring capabilities to end users. It can be +used to monitor user's network traffic according to specified policies and log +security related events, such as suspicious connections and suspected malicious +files. + +The Bro PSA is implemented using the [Bro Network Security Monitoring platform](https://www.bro.org). +Bro is a passive network traffic analyzer primarily used for security monitoring +of suspicious activities in network traffic flows. It is an open-source software +with BSD-style license. More detailed description of The Bro NSM can be found in +[Bro NSM documentation](https://www.bro.org/documentation/index.html). + +## 2.2 Components and Requirements + +Software components used by the PSA include: + +* [Bro Network Security Monitor](https://www.bro.org/) +* [BroControl](https://github.com/bro/broctl): An interactive interface for + managing a Bro installation. Allows, e.g., starting and stopping the Bro NSM + and updating its configuration. In the Bro PSA, this component is used for + controlling the Bro NSM. +* [Broccoli](https://github.com/bro/broccoli): The Bro Client Communications + Library. This component enables third-party applications to communicate + directly with the Bro NSM by sending and receiving events using Bro's + communication protocol. In the Bro PSA it is used to connect the PSA interface + with the Bro policy scripts written as Bro plugin extensions. +* [Broccoli-python](https://github.com/bro/broccoli-python): Python bindings for + Broccoli. Required, as the PSA interface is implemented using Python. + +## 2.3 Detailed architecture + +The Bro PSA is implemented using the Bro NSM. + +Bro's architecture is illustrated below. Bro taps to network traffic in order to +captures network packets. These packets are sent to Event Engine that reduces +captured low-level packets to high-level network events, such as TCP +connections, SSL sessions events, or HTTP requests. High-level events are then +dispatched to Policy Script Interpreter that executes a set of event handlers to +the events. Policy scripts define the actual actions taken on each event. Each +policy script implements a set of event handlers. Events fired at policy scripts +may, for instance, produce logs or notifications about the network traffic, or +new events for other policy scripts. + +![Bro architecture](docs/bro-architecture.png) + +Bro provides fully customizable and extensible platform for network traffic +analysis. It utilizes its own event-based, syntactically C-like, scripting +language with large set of pre-built functionalities. External C-library, +Broccoli, allows interfacing with third-party programs. + +The Bro PSA is implemented as a separate Python application that interfaces with +the Bro NSM using Broccoli. + +The architecture of the PSA is illustrated below. Each capability supported by +the PSA is implemented as its own Bro policy script (Bro plug-in). These policy +scripts determine what kind of information the PSA listens to and subscribe for +related network events in Bro's event stream. Plugins filter low-level network +events, e.g. establishment of connection to certain address and port, to higher +level log event for the PSA, e.g. *"there have been 100 connection attempts from +certain address to local port 80 within one minute"*. + +![Bro PSA architecture](docs/bro-psa-architecture.png) + +The PSA uses two interfaces to communicate with the Bro NSM: +* BroControl is used to control the Bro NSM. For example, it is used to start + and stop monitoring activities, as well as, to install new or remove old + policy scripts (Bro plugins). +* Broccoli is used to pass configuration information to policy scripts and to + receive log events from them. + +Currently, two Bro plug-ins have been implemented: + +* **Logging plug-in**: allows logging of established connections during certain + time interval filtered based on source and/or destination addresses and ports. + Log events can be configured to trigger only if the amount of specified events + exceeds certain threshold within a time interval. This capability may be used, + e.g., log network usage or detect abnormal network traffic. + +* **Malware Detection plug-in**: allows scanning of downloaded files for known + malware. This PSA's malware detection capabilities are based on detecting + certain types of files, e.g. PDFs, in the network traffic to or from the + user's device. The PSA computes hashes of such files and compares these + against a repository of known hashes of malicious files. Type of files that + are to be scanned can be configured. + +## 2.4 Virtual machine image creation + +See [PSA Developer guide](https://github.com/SECURED-FP7/secured-psa-develop-test) +for creating a virtual machine base image. + +After obtaining the base image, install the following software components into +the image: + +* Bro Network Security Monitor ([installation instructions](https://github.com/bro/bro/blob/master/doc/install/install.rst)). +* BroControl ([installation instructions](https://github.com/bro/broctl/blob/master/doc/broctl.rst)) +* Broccoli ([installation instructions](https://github.com/bro/broccoli/blob/master/README)) +* Broccoli-python ([installation instructions](https://github.com/bro/broccoli-python/blob/master/README)) + +**NOTE**: Bro PSA has been developed and tested on Bro NSM version 2.4+, it is required to use Bro NSM +version 2.4+, as the Bro policy scripts (plug-ins) might not work correctly in +other versions. + +Copy [Bro PSA](PSA) files +into the following folder in the base image: + +``` +$HOME/pythonScript/ +``` + +Configure Bro and BroCtl (default: /opt/bro/etc/broctl.cfg). At least the +following options should be set: + +``` +BroArgs = -b +``` + +* This option sets the Bro NSM to operate on 'bare mode' in an attempt to + minimize its resource usage. This causes many of Bro's default scripts and + policies not to be loaded when the Bro NSM starts. + +``` +SitePolicyStandalone = <$HOME>/pythonScript/secured.bro +``` + +* This option defines local Bro policies to be taken from SECURED specific + policy file. This policy file is provided with the PSA + [secured.bro](PSA/secured.bro) and the file path should be modified to match + the Bro PSA installation. + +Change passwords for users 'root' and 'psa' for security reasons. + +## 2.5 Support, troubleshooting / known issues + +Known issues: + +* Connection counting / logging capability currently can only handle detection + intervals on granularity of one minute. + +* Bro NSM might not be able to handle all network traffic packets, e.g., due to + congestion or because it does not have enough resources allocated. In such + case it starts to drop packets, which may cause monitoring module to miss part + of the network traffic. This might cause Malware Detection capability to miss + malicious files as the currently used detection technique relies on file + hashes which cannot be calculated to partial files. + +## 2.6 Files required + +The following files are needed to run Bro PSA correctly: + +### PSA application image + +The procedure to create a valid PSA image from scratch starts with the prerequisite instructions defined in the PSA Developer guide. + +The PSA VM image (KVM) is available at [Bro](https://vm-images.secured-fp7.eu/images/) ([checksums](https://vm-images.secured-fp7.eu/images/)). + +***NOTE**: You have to manually change the PSA ID to *BroLogging/BroMalware* in PSA conf (PSA/psaEE.conf), change the VM image name in copy_psa_sw_to_vm.sh to the name required by SPM/UPR (and possibly legacy NED's JSON PSA Manifest) if tested in a fully integrated environment and and run the copy script. For a local test setup you can use the default image name, just replace the configuration file from NED files as desired. This is due to the capability differentiation in the policy framework. + + +### Manifest + +The PSA Manifests are available at [BroLogging](NED_files/TVDM/PSAManifest/brologging_manifest.xml) and [BroMalware](NED_files/TVDM/PSAManifest/bromalware_manifest.xml) (and [legacy JSON format for old NED and manual testing](NED_files/TVDM/PSAManifest/broPSA)). + +### HSPL + +Examples of HSPL: + +```I; Enable; Logging; {propose, count_connection }; {traffic_target, address}``` + +- This policy enables logging of all connections to or from a specific address. + +```I; Enable; Malware_detection; {type_Content, scan_xdosexec } ``` + +- This policy enables scanning of all Windows native executable files detected + in the network traffic. + +### MSPL + +Example MSPLs can be found below: + + * [Logging](M2LPlugin/examples/example_mspl_log_2.xml) + * [Malware Detection](M2LPlugin/examples/example_mspl_mwd_2.xml) + +### M2L Plug-in + +The M2L plug-in is available at [M2LPlugin](M2LPlugin). Notice that it contains separate plug-ins for BroLogging and BroMalware. + +## 2.7 Features/Capabilities + +Bro PSA provides the following capabilities + +The list of capabilities are: +* Logging +* Offline_malware_analysis + +## 2.8 Testing + +Test scripts are available in the test [directory](tests) or in PSA/test. + +# 3. License + +Please refer to project [LICENSE](LICENSE) file. + +This software requires several open source software components with their own license: + +* Bro Network Security Monitor, available at [license](https://raw.githubusercontent.com/bro/bro/master/COPYING) +* BroControl, available at [license](https://raw.githubusercontent.com/bro/broctl/master/COPYING) +* Broccoli, available at [license](https://raw.githubusercontent.com/bro/broccoli/master/COPYING) +* Broccoli-python, available at [license](https://raw.githubusercontent.com/bro/broccoli-python/master/COPYING) + +# 4. Additional Information + +## 4.1 Partners involved + +* Application: VTT +* MSPL: POLITO, VTT +* M2L Plugin: VTT + +# 5. Status (OK/No/Partial) - OK + +# 6. TODO-list + +* Instructions for adding new Bro plug-ins to Bro PSA + diff --git a/copy_psa_sw_to_vm.sh b/copy_psa_sw_to_vm.sh new file mode 100644 index 0000000..561a59f --- /dev/null +++ b/copy_psa_sw_to_vm.sh @@ -0,0 +1,32 @@ +# Uses libguestfs - Installation guide: http://www.libguestfs.org/ +# +# Run this as sudo and run this file from the folder that contains PSC folder. +# +# Make sure that: +# 1) SW_PATH directory exists in the target IMG. +# 2) Make sure that intefaces and boot_script_psa have executable permission (+x). +# +# WARNING: Using this on live virtual machines can be dangerous, potentially causing disk corruption! The virtual machine must be shut down before using this script! + +# NOTE: Change img name accordingly BroMalware/BroLogging +# Remember to update PSA/psaEE.conf too: +# psa_id=BroMalware/BroLogging +# psa_name=Bro PSA + +IMG="/var/lib/libvirt/images/BroMalware.img" +SW_PATH="/home/psa/pythonScript/" + +# Copy python files +echo -n "copy PSA SW... " +virt-copy-in -a $IMG PSA/* $SW_PATH +echo "done." + +# Copy interfaces file +echo -n "copy interfaces... " +virt-copy-in -a $IMG PSA/interfaces /etc/network/ +echo "done." + +# Copy boot script that is executed when interfaces are up +echo -n "copy boot_script_psa... " +virt-copy-in -a $IMG PSA/boot_script_psa /etc/network/if-up.d/ +echo "done." diff --git a/copy_psa_to_ned.sh b/copy_psa_to_ned.sh new file mode 100644 index 0000000..64f0c79 --- /dev/null +++ b/copy_psa_to_ned.sh @@ -0,0 +1,51 @@ +#!/bin/bash +# +# This script copies the PSA codes into the NED v0.6 implementation folders, namely: +# 1) PSCM/userList +# 2) TVDM/psaConfigs/[psaID] folder +# 3) TVDM/PSAManifest/[psaID] file +# 4) TVDM/userGraph/[psaID] file +# +# One parameter is required - the full path to your destination NED v0.5.1 dir, e.g., /home/ned/NED/. +# Note: This will overwrite existing configurations for the PSA_ID and the USER inside your NED! + +if [ $# -ne 1 ] ; then + echo "Usage: $0 [Full path to NED directory where the PSA files are to be copied (e.g., /home/ned/NED/)]" + exit 1 +fi + +NED_VERSION=v0.5.1 + +# Note: If you use this for other PSAs, please rename the PSA_ID as such (the config folders have to match in NED_files/TVDM/)! +PSA_ID="broPSA" +USER="bro" +PW=" secuser" +PSCM_PATH=$1PSCM/ +NED_PATH=$1 +USER_LIST=userList + +TEMPLATES=NED_files_template/TVDM/ + +if [ ! -f $PSCM_PATH$USER_LIST ]; then +echo "$PSCM_PATH$USER_LIST file does not exist." +echo "Usage: $0 [full path to NED directory where the PSA files are to be copied (e.g., /home/ned/NED/)]" + exit 1 +fi + +# 1 +################################################################################# +echo "Checking if PSA user exists in PSCM/userList" +user_pw=" secuser" +user_cred=$PSA_ID$user_pw + +if grep -q "$USER" $PSCM_PATH"$USER_LIST"; then + echo "User existed in PSCM/userList, skipping creation of new user." +else + echo "User not in PSCM/userList file, creating new user." + echo $USER$PW >> $PSCM_PATH$USER_LIST +fi + +# 2 +################################################################################# +echo "Copying PSA files into NED $NED_VERSION folders" +cp -avr NED_files/TVDM $NED_PATH diff --git a/docs/HowToAddNewBroPSAModules.md b/docs/HowToAddNewBroPSAModules.md new file mode 100644 index 0000000..144e1f5 --- /dev/null +++ b/docs/HowToAddNewBroPSAModules.md @@ -0,0 +1,372 @@ +# Adding new modules to BroPSA + +## 1 Introduction + +Each BroPSA module consist of two parts: + +* **A Python class**: this part is used as PSA's interface to the module and + to the Bro script. It's main tasks are 1) parsing configuration rules to a + format suitable for the corresponding Bro script, 2) formatting Bro script's + outputs for the BroPSA logs etc., and 3) communication with the Bro script. + However, Python part of the module may, as an example, also make more complex + computations related to the actual monitoring task as Python allows more + flexibility compared to Bro NSM scripting language. +* **A Bro script**: this part implements the actual monitoring code. + +### 1.1 Creating a new Python module + +Modules are placed in the *modules* directory of the PSA source code tree. Each +module's Python part must contain a class that inherits from the +[BroModule](../PSA/modules/BroModule.py) class. Each class must define a global +variable called *module* that must be initialized with the class constructor. +The constructor must take a single argument, a logger object, that must be +passed to parent class' constructor. It can be later accessed using a member +variable of the same name. The first argument given to the parent's constructor +is the name of the Bro scripts file corresponding to this module. + +``` +from modules.BroModule import BroModule + +... + +class MYModule( BroModule ): + + def __init__( self, logger ): + super( MyModule, self ).__init__( 'my-module.bro', logger ) + ... +... + +module = MyModule +``` + +A BroModule implements four function that can be overridden in the child +classes. + +Function *onStart* is called after Bro NSM is started and the Bro script +part of the module becomes available. The main purpose of this function is +to pass configuration options to the Bro script. Take function takes a single +parameter that is a connection object connected to Bro. It **must** be passed +to parent class' onStart function. It can be later accessed using a member +variable of the same name. + +``` + def onStart( self, connection ): + super( MyModule, self ).onStart( connection ) + ... +``` + +Function *onStop* is called before Bro NSM is stopped and the Bro script +part of the module becomes unavailable. The main purpose of this function is +to perform any tasks related to shutting down the module. The function must call +parent class' onStop function. + +``` + def onStop( self ): + super( MyModule, self ).onStop() + ... +``` + +Function *onRule* is called by BroPSA once for each configuration rule in the +PSA configuration related to the module. This function takes a single argument, +the rule object, and must return True if it was able to process the rule, or +False otherwise. + +``` + def onRule( self, rule ): + ... +``` + +Function *onEvent* is used to pass events from the Bro script to the Python part +of the module. It takes a single argument that is the event sent by the Bro +script. This function is explained in more detail in Section 2.2. + +``` + def onEvent( self, data ): + ... + +``` + +**NOTE**: Easiest way to to create a new Python module is to copy and modify +some of the existing modules. + +### 1.2 Creating a Bro NSM script + +Refer to [Bro NSM documentation](https://www.bro.org/sphinx/scripting/) + +**NOTE**: All Bro modules used with BroPSA should work in Bro NSM bare mode! + +# 2 Communication between Bro and Python + +The Python part and the Bro script part of a module communicate using Broccoli +Python bindings. + +## 2.1 From Python to Bro + +### 2.1.1 In Python code + +Import required functions from Broccoli: + +``` +from broccoli import event, record_type, record, addr, port, count +``` + +Define a record type for the message. Record contents should be a list of field +names that correspond to those defined in the Bro script (see Section 2.2.1). + +``` +MyInRecord = record_type( ... ) +``` + +**Example:** +``` +MyInRecord = record_type( 'op' ) +``` + +To send a new record, a record must first be created using the *record* +function. After this the record is filled with the actual data. Each of the +defined fields should contain *some* value. All the fields of the record must be +initialized using suitable function (e.g., str(), addr(), port(), count()) that +matches the corresponding field's type in the Bro script to ensure they are +encoded correctly. + +Records are sent using the Broccoli Connection stored in the Module object's +member variable *connection*. The first argument given to the function is the +event name, which can be freely chosen. The connection object should only be +used between the calls to modules *onStart* and *onStop* methods. Otherwise +message will not be passed to the Bro script. + +**Example:** +``` + try: + rec = record( MyInRecord ) + rec.op = str( 'MyString' ) + self.connection.send( 'on_my_event', rec ) + except Exception: + ... +``` + +**Note**: Broccoli and it's Python Bindings provide a very simple interface to +Bro script and not all the Bro script features are supported. Thus, the message +format should be relatively simple. Complex types, such as containers, should +not be used in the message content. + +### 2.1.2 In Bro code + +Module's *init* callback should subscribe for all Bro events the module wants to +receive. This is performed using utilities in [psa-utils.bro](PSA/modules/psa-utils.bro). +Thus, this script file must first be loaded into the module script: + +``` +@load ./psa-utils +``` + +Subscription is made using the function: + +``` +function subscribe_events( events : pattern ) +``` + +The pattern argument should have a Bro pattern that captures the event name +used in *send* function in the Python code. + +The Bro script must define a record type matching the record type defined in the +Python code. In addition, an event handler must be defined to capture the +corresponding event. This event handler's name must match the given event name +and take one parameter of the defined record type. + +**Example:** +``` +type MyInRecord: record +{ + op: string; +}; + +event on_my_event( rec: MyInRecord ) +{ + ... +} + +event bro_init() &priority=9 +{ + PSA::subscribe_events( /on_my_event/ ); +} +``` + +## 2.2 From Bro to Python + +### 2.2.1 In Bro code + +An ouput record must be defined similarly to defining the input record in +Section 2.1.2. In addition, an event handler must be declared for that record. + +``` +type MyOutRecord : record +{ + op: string; +}; + +global my_event: event( data: MyOutRecord ); +``` + +A new event is sent simply by creating and filling the event record and then +calling the event handler: + +``` + local data: MyOutRecord; + # fill the record + data$op = "MyData"; + event report_count( data ); + +``` + +### 2.2.2 In Python code + +In the Python code an event handler must be defined for the Bro event. +Event handlers are always global functions not related to any specific +object instaces. BroEventDispatcher is used to pass the event to the +actual BroModule object. + +In order to receive events, the module must import BroEventDispatcher +and register itself with the dispatcher using the function *register*. +The function takes a key (any string) and an object as arguments. The +given object must implement function called *onEvent* as it is defined +in the BroModule. See Section 1.1 for more details. + +**Example**: +``` +import modules.BroEventDispatcher as BroEventDispatcher + +... + +MyModuleKey = 'MyModuleEvent' + +... + +class MYModule( BroModule ): + +... + + def __init__( self, logger ): + ... + BroEventDispatcher.register( MyModuleKey, self ) + ... +``` + +A record type must be defined similarly to the input record in Section +2.1.1. + +**Example**; +``` +MyOutRecord = record_type( 'op' ) +``` + +Event handlers a defined using @event decorators. The decorator statement should +take the defined record as its argument. The actual event handler function takes +a single argument that is the Bro record. In order to pass this record to the +module object, the event handler must call BroEventDispatcher's *dispatch* +function with the key registered for the module object and the received record. + +``` +@event( MyOutRecord ) +def report_count( data ): + BroEventDispatcher.dispatch( MyModuleKey, data ) +``` + +The record will be eventually passed to module's *onEvent* function for further +processing. + +``` + def onEvent( self, data ): + ... +``` + +## 3. Loading a module at runtime + +BroPSA loads modules dynamically based on the PSA configuration file and +module description file [*modules.json*](../PSA/modules.json). The latter is +used to map *operations* in rule definitions of the former file to correct +module implementations. Each module available at runtime should have an entry +in the modules file: + +``` +{ + "modules": [ +... + { + "name": "MyOperation", + "module": "modules/MyModule.py" + } +... + ] +} +``` + +where: + +* The value of the *name* attribute must match the value of the *operation* + attribute of any rules related to this module in the BroPSA configuration + file. +* The value of the *module* attribute must contain a (relative) path to the + Python file containing the global *module* variable initialized to module's + BroModule class' constructor function. + +In order to be loaded a module must match to at least one rule in the PSA +configuration file. The rule is needed **even** if the module does not actually +use any configuration options. Thus, the *PSA/psaConfigs/psaconf* file should +contain a *rule* entry of the following format: + +``` +{ + + "rules": [ +... + { "id": "MyRule", + "hspl": { + "id": "MyRule", + "text": "MyHSPL" + }, + "event": "EVENT_CONNECTION", + "operation": "MyOperation", + "parameters": [ + { "type": "MyParameter", + "value": "MyValue" + } + ], + "action": "log", + "conditions": [ + { "type": "MyCondition", + "value": "MyValue" + } +... + ] + } +} +``` + +All of the following attributes must exist: + +* The *id* attribute must be a unique rule ID (in file scope) +* The *hspl* attribute should specify the HSPL rule related to this rule. The + *id* and the *text* attribute should come directly from the MSPL definition. + In case the configuration is written by hand, these attributes may contain + any string values, but they should still be present. +* The *operation* attribute must contain a module specific identifier that can + be chosen freely. This identifier must match to some module entry in the + *modules.json* file +* The *conditions* and *parameters* attributes may be empty lists or they may + contain module specific key-value pairs. Each of these pairs must have two + attributes: *type* and *value*. The value of the *type* attribute must be a + string and should describe the parameter. Value of the *value* attribute + can be any JSON object. Although, if the attribute has a complex values, + e.g., an object, changes might be needed into the configuration parsing + code. +* The *action* attribute must contain value *log*, as it is currently the only + supported action. +* The *event* attribute must contain one of the values *EVENT_CONNECTION* or + *EVENT_FILE*. However, this attribute is currently not used. + + + +## 4. Adding new configuration options + +You are on your own, bro... diff --git a/docs/bro-architecture.dia b/docs/bro-architecture.dia new file mode 100644 index 0000000000000000000000000000000000000000..f947e085c28e05ac772b3a782934d87e88cdc88c GIT binary patch literal 1844 zcmV-42g~>$iwFP!000021MQt#bDKC6$KUfQ828o22oRU1NoU&W&hAXN-I;c0A3d^B zY;7^}3OR}QVL$tdi{pUt4G=A42zo94%^6y1;uBGvyt)}IIA6UUj~^Z$^l%d+PMIE(wI1W~ ze<%#mSTq_BZm%@$xq$$2l02Q9;Nt!-Q`cQ@_U zUD&NV)~!1dPgaz1h6vwxIi)njD9XHYw#N1S#4{9%A$F`=puY7x!Z|&0{C6mf&*?z6 z`zhlt&E7d9!SUoRv^ZepfdqUpc{~;_Lx=SPmf7D(vwu%wG7WK64@krtpYN^tO*`hx zXDFrk?&A$dL}u;aG!b|hVtDy9F<+Aa$0vqbvCRQXi@e$RRMgAu&J9eqt2Ak+E<&`y zEI0pdH(hJ_3C^jbp&2Ll+gHzGLZ^S@8P7ZWg`+4yEYL>UJNh`-X%V4BNN_XwY!ri4 z?w&9vShyFh72ORfZ#V)*x&QkFIb?l0EgNUz@KH1maqhs?eHSK9bi;(#mYMt-+R4v) zUU7(*lNn{vzFcUjU#W)_C;NSSBD>wd_5zdng12vcN?Cx}sY4eh0vg%o+R%WW;nZ_S zB5@8TMHZZ-!DTMu1$~%Qh~Cq)`6XVm(KKNwAnW*8;7;`-+nJ^C89DtGKk{cu4f3Q0 zO_SQRhn~cg7Uo^uHsE#QM+dNOCiA5GC+4kEn?u7S75jyDrE7x&R|Q9=(L=h7M!d>V zvR}JHOA>Cx@t`OkXffX;ycev_KKd&T?=dGc^n6;n{0R2wQ8`pSqqy14oE8V%=|NY= zN0}rCFF_5XnIoaw=g|^ZpGX|7mw6D+^iruAE=z^`^pMKQusam16Y!Xg!2^aPU#6Jw zbl(>8VdU%37yPlrRF;SfPxoxM2Ne3cz}h=TwNGDuS3r^uq~c(F2}A-v89(7|$mj`-{t&Vn^Y}Z0$lC+a=<_rr{}k`ay&NDF$D)!*Jp_{729Tg+ zAi*t=fRg~p?g@}S+>7z1c+@G6pyE-lc?28t$P|;3RE3l}*j}&MetIjoA3*v@=L$#N z;ixnc6_0wzBd0NsT-iKwpLk>e-2kvhK>9>Exf2}VBIb%r-I2*vWam(|JBa(Qwo=etr1evIoSKApbYAf_RiZL}{lMpj(=E#jE17(TqjR@JWBQyj&iscKi93XZ2h z33AU;t-Y6V+jq2uz*IgkIZbtjwtF{G%6m%-OGaB!H+~!H#_mAf*adY1x==T^Qa4K7 z^luTM(T2RSq~6%oJVLN(3FQPwLE4G)yH=fTHT8oSQ?pgs zb=6mpE-@O4b9{j$*={wbFA>2BVvIf$_!rzC8pdQ_bw^Com}1uG$HOc>Vg5kbH&wLiplAhD z&8mkrtMbk3c8XT-Nj#&1dhbKJ4z#}(A~03(YrHVgvgB6oEmQY>Kds!0aVG?g4U_*^ zLzum;=X!}bIz_;M%(zU&)F5(aNhVXGWb*oOah-Zg*tI^Yn94-E#Kj#6!!ukIA9MR7 zin26T>4bS0g8Nn6%BP236u*$HCJV~Qzhe4E;nB{Oo*;U$8v(y$@|Wf$UQd(9tl~lK zAhjfD8!xaFVpFD|ebTbF(D-(G2c#cbHeFU8VXnliY%yCLf$BSKKiqfN&XbpBrA!vZ$ZV3|HNpOeY?(R;|4o=YE!6CQ@cemidU4jO8cfX78-gDk~ zW1JuF*L^)YgKT>D-fOQ_t7^_!RRqh+ioZd`M}$BiZ$3+iC_*4FNg)sz3-}k{H+ysQ zmEgxqN1@Nk@bK{SD{}w9A;K344MzwBZuI#dOhf2aIs`%r`79!+{555N5vq-`wFY-g zh4jMUsO1Wt0P|Jd>U5z>(Pa^l=7kowbxnk3%~Y-G{M_91+}z2YLv=(W+(&s#lOu{s zV>@)Q>4!&&fdoXw-@gNnUEA(oGC)T>(Z@W#9y;`9P=|oKLwr`5c2FRY&hDXP&ZFfv z{_8tl*HdF1oyC7gIFLZr*QVtV{V)Fh{_0v2_-&S5OFDxu9BV*I`{cU`Fyo!p7HHQ`*c0z0{ zop${fQWu&y$$YtVT_vT?wUf!IDPA6)l#~=2T3T*PRb%6IfqfiE#>?mF&FJdtT4;jG zDJh+Wb1qTS(jp-vr|`PFC@74DVA0N6Ulu6kzcxqT+aAlNprB}MY~*&?|5aG%;N+y; z;^r(XJDepNnxpukG#D1*2Z2R`yzX!HysNdDS5;N5HR?st(b2gP!oY~}yt~B0!D+kQ zElT$|4eo$~;h_@qT=!9>$0j7SJ>Kr&n^-=#p&)BSe{-IZ#wi~%+_V_^t5WFH>Vp>QBkL5bvE;xtE-B@oPgyRRJwBT|<7q{Pd8XkdRPYTU%Ck1a>fYJPDW6pPn8uadESa{Fy5p!R5RAv?RL`?C=eZWrn2fwekvdajEW zm6q0)m!rYII@=tos;X*o*yz7G+X7qO!oWaK0W*E%X(fn+L8ozje}8{{eSLd7F)ogR zWNZI#m4ShQrlw|KU|?D6Ee%;tON-~*qTY3=9nJ zm-~3^ma)0H8$a2t)~!%t+5~;tgM49`q$%FNfA#7WPvvpd2;Y2-)r?)+!}R3j`EF6! za1v{NO-&ryX*Z6Z$Ms5(*>FlhSs5o2(?^f%a*spf?hq_&Y;0iL=GN9c4(s2uv){cL zG5*)x+Y9&V)gW+ltKFe5zGWB%-;b3t{)~^G&QJH+Jvh)&e|~*5=*He4!-%%%Y#qvaTE;X63m$0LVZPPDFY*;-R1sY{~zFy!8Xmy&*x-g8%$!| z0%Lpc5A1{A_TKiay0(^*f&%P5cQ?1CW>?lvpKg-vTKoF?$T~Oe(DaWp^QfTXZd`6vGT$@g$RF*i47&EbBs z+Fesqb1F#8>4oa5TB`lYq#sl0I~X6Ce-<^1_2X-p*CfF7zr2s>19v0-pguM>2Bw9K zjO^5o03Sa`vEbV`K_{o`h=}2O`?d7};3L5GHk62f!!eSTjR+4P>I%kKTU~v9qk)Wa zV;yr}^OMtVsluq2nCGj!ni`efX+2JfV>bEIzA#u4FE6jtGGLu1EJ?}9T24-Ek-fRw$m@827D2EK`*lB=z%l9H4>Jv~K4 zL80_tsJA!j@JHa{;sUM(gdh^n^S6s~Rsv2=qz%AbEw_2M8J(8R zx`l;BY9uP+D_^j>!>sD3WuBg%ZP%-z>{io%_-_+_{*;8*DA)f6UQJDR{s6|P!ovFh@b&ct<9v?D59VqBgCQbfL+(R? zxx9TRw!OC}m&)Zlobn0aKH|k-2qcy$`4B|NeO-?e(VGi;7)VCK^X2}p22Jb6mk?^k zV3BA5_P|R`TU$>}9GXIQw3Nz?|MMrFtE*r0a?{C4Tulv5nJ&@#Lm{yeD=QQ($j1i) zg+eJY+R|U1zk)@|AOOyJyB4W7KXms3@ZkBd{umj8M=SM$BXXsi^{*lo;WHj@5y*WgGc zmrjg_KQ}ok0wss!`uV~h;{=OTe(j5P1|ep)MN3L6`S2s8e|UWEwy877hLBL#{lU4h z3PMeUN$1n{9JsjL+>qkwGP&V@%U4?5T@I*~0;C&tNDAqP-O`6a6OwRoxugP4xi)G{@-m4%}DWSWVnCkEAB0n^$+ zd66Lk5Ewk!x~@laWE=nD2S^}IYn!)+2M_pfEIcr{Olq1>ANo4ylfiw36p0`4IA|l#5N4@9?!^u=6{S(tJissuR%bqhw{->GIT&X0i9RquF zakQspXO&fI3_4sL0|PUC7Lp=eU|B|8iw060(bh2U%^%vC(jjUZ$v=I6>pkz_=IfS$SBb)+4vCh0--0J8r{{gu zbmXGL5YwltUD>rTek$#Bo?2ZU*>+oaRvB!FRTep%OZY|y^Rrs(dL+8Vxac1q!Nw)B#X@W{+)aGlq(3r9dk-Z+~n(U_3e zTR!-METnGDkuX5SZJ!mMs?)ovL{854aNKETI+BL|*8Zj=Kuxt6e&b9W?$!Q6V@*j( z$$Ta@osQ=DzxEA=nzBM*;LRR8XCnkjiC@^+7I=Bn51mq{{_IS|0H;Yqi$FG|qJm&= zuVgy-)i(hVqK_*GBAI}=_oM4s)6r7jpX1|8FX#aFO$X=W-7+8!F$s*~%PmEjnH3x1 zoNl;+v8mc)Ob8zd8cL1&PHxF_|a<}nA`PAXH34_%=*dg z2{{CUEDUVorFoy@NQ3LwFAWQ#BYes6(L(Sa=owmxv1$$;t}f0m8nh3SwQ5ClnrG+6 z$DQY2rh9IhTI`ruH5u-VcMl}EpWYCm(rY&=%jrF}Kiu^pAS6TgN7qlnWTbU9+8!g{ ziBpH{a`gG;N_`07Ivrq4#bHSr)RRp)MuNY-9AKpK4-^Xw();L`cZPU|Lw~z=Y>*^< z*}KwtmgXu3Qw9(Dee45Zr;qf|;JV)N*JkX@A84oL)v@jRgUMXZ+7f^2fBg6qLj^F4 znyRwX;$?1)RTT-}AT}($Q_i5WT5D2a;*u<~n8geQ8+CLIuVG-d_JvnmH4h*-i*zW<4C2qEb5JM&I+?e!C zRs9o_k~uj!p=^cY(deatff1#LYk@!6Y<||19MtJ~{XNM3$+L7;q*|d~ys*DNJg~)o zHuw#!NZl8M^fXGyZ>DGb{ma_grc*4^>u!kCs<05AtcIOEVL0u;MJ5ETK!hAS^vuzr zRJ;D)?&0GfL>CkkzQ@O=CD(jW>f+MExjOeNB{_cjBi+cV$AdcW>&@iaY1NxLb`_PT zWlv7pciA<$xtXnxMV@!mA*ZJ&JI#GcNZ5q82X(HY*cVTqUP6%hfxY<#t=Kg)s^wz4Ngo?_qH2=?E`L`+?euvSf7dSZj&HW{-amd_lBq_T|U0O zWv`|!ojW+#aD3jzwa!58H*W+T&x&Z(BF-<{U|3@ z)Fy`m(f?@3a~P}cv+|CC!M3|lMf}Oti<5fc5W39H!K~5hut9osRijcwDU-zVpFnc- zWzE9q9eQx0^!*Zw06ZY{;Dw0-csK+i&<@t^`4IX4_Tj7(9K^>vgSxQ3oQaj5o}Qh( zwV1lyC#+LlEAWU-n#*;sE!yzC!#o@2YgL0wy$X?b+}(e_k( zwKOp`kq&E4Q&smy9Y8*Y~1Ks?ZfR7tqUT;>6X*}u^1{1I_zfz1x|LFZ?uS+ zZ+10TJNCa0#i_Hf^t!s30bvUw1V*~;ytB|yos#mltPMm`+*{nRlP0M5!$tyd_fFz4 z5KKCVX6i?Ka`OYtcmP%e1+cc&H5>UaCT}M4L9B&<$*S&`mSSBy17WeSb8?3B6Ggxw zCIomEf%L%J+sz&^UM;OgKc8Kui_2kYscdf8XR&K^3pljA$4CG63~u;eD4yI+*ag*q z;ev?V3B&}5O<_^tM|^yze8^OXKAI5z?(X(54ATN&jlaIXL&Dy#s97|!Y8vTWoB8A@ zdAP7+u#ui8H}ZHkQmS_)CnGz2VlvQre6hH-dAT@S!Q2GB@|s`Tf9U=5r?xZO9| z{qo%X?3?g_ER29F7|ySVA5V{07k5``Jv~3~Zc@JpTk4wopU@=Hi-mURJ zjn!6byWE`a=H%??d1P9dOf}JeND?{qcPBx^q==Egtko=o7M5p11Q7m79zqKJ+Vz?K zT9>Bj{tIQKB;-VnoM#Z#rAYFepd-|kd#3>8i~7lmHc`QakQ2yYz?U+WpEZ-4*hsl(I8fNM{W zKN%dJ`Ro&U{t0!1YNZKyj78Hdpv@{tV`TscTiExex^S~uxM2G+Q^Jfg- z_3zQYpDg#L=bD>;L6;g%+Tm&q3}X0ix9#PgnktNR%m%5$L#;}Rj2s)H+^_H(>YWy~ z-=k@JKRx*VqArjyX0@EWKA2}ezt~8IqPW;U+?EDgRIV%+{a*NThr4joah^?LOpmAkj??r^P^`|NZ;8r!O`KyFhzra$^YU&{P}Df=E;TB<$VmlyJF&4kzx69p z+j=?;ZHyRB9pR5$YP{I#3~I9Va(TA(xvH%ZM>e*sTHBU-gU)?FxTZJL?8u>=uEsTB z1!kP9ss4U|{CZ7D{z{$*Aqd4253PKp^W9D_N&eyd%=D~!eBwvjc@C7wURGuVtvZH> z*@|AG5KB4+uP+C4>ydn`Nr_B}(ne5dS_QM3+Kg*|?0L300-0eZ)7HMm5iAn%-yiM9 z47U$ZB=0A8I1~>8VlVUk*_0|X63z?{jC2Yq;u$KBG}pkQA}RP2AY#~C?R7Rm@6Hjg z>2!-rvxVX9e}1gsVXsNf*HCoe=W^>9PQ|~ywPt{x=gHh8Fa&F9Hom#6XCf-P;L&_? zL4*{-09R4y*JiG8T&QBnLoBWogQn=Q7vEUR0mAy@ue9*+`kI=OiVCC8X5qQHmYSMB z0|Rw>d4L?-rDeB~!dql!G;v^}!2ae>Wi#%hGO^xqc!h4`3k$=%|^~(VH;g@{c5rRfyO9{n3- zpIz&4DxN+wf0%!sao~}r+Q%mM6Di33&6ASrI63RsIr{Sr@TH_a0Xesw16Q zM{icL*s!t!9qdNL@gS9RrlOn_xuulNA0Z`x*ABs+yY6@Ac=?S{=KVl9WZm{phM{10<`A+PHUp zRB;6b#EzRzi}LC^o}OF7g@e-eQc_l)4+kUsRG20`TUSi_sES@Uxg3mglu-+}>ln^9 zHUt0kh2TeK>q|2-mdk{WZ%u-nHajhA4}%AD8D^_xMN2~_WH?j;K*2pWY_xF{`-*QQuAChPyXkaM&8;# zW25GFwtOva7dT#CL1K{%&GtsanZl=cPdv82iLdE29K04AA3VH1TkoeFwZ^0?6E|C` zO!vj4ySt{|9C_cJu<%sgJl`Zd%qxjq%B#J+(%+viz_n{lZ0`!VTy`dEZ4cPMmiqd7 ztRht+UPsd(SMDGVJ@iJ7@O;t#aW$_Nt9+{>KU(d1XWiKe=On%yPDF4rttA^ng}SZl z_PL-VSzpA~i(kn1QUC`;xm`1XedRJq-RK9@0n+;g+);pl3MZj)T+v<% z34~K;WfRl6rpC(I`W`aK5D3WTou*X>I@*O*mD?yU3bR@0!$-CzQeQxxKib&ax+3NJ z3GT;rn9jR*v?UIhDPV>fQ&Lvb#>9NuF{v_8G)t7a1%I` z%vh#H6(g}d{6aXnypU$Id0TzdZZ$sM(Q2B` z>rw;C$Ou?GgzOm^{aYL1S7T&+a^9T`nN)79`aK%s{&9@U}d&tAzrk`2{?Wbzy6HISYLWIYa60aH?Mr%FXrN zL@EO05e^nfKtno}-D+XIkKf}=W}&Q2x87ZCa@v&O?b!6J1e76HpwAeY(sbb|%gQFz zeKV{gAOJ3%pPAacuT-briQA_VkV1KKZHB8{psfW1Rl!75)Y&9goi6WFjKlTXpSM(I zX42z-3LG0s?=Dv?vmpJ*Pkb=3u?0y<1xa{|A7X_Z9nbz^P!(HS$Cs!Jf+zCPZI9)K zP&WaZm_xm5U|}&>W94K91KGv`t1WLiG&HpA{oo8ZP^f&pdoN1k8i;$(+7@*U_(p7> z@o5<|$W;l$KL4t$Ew4;dYh&3E9SIVM`22lckaJsSdOqRB^9cpwdH=7&h#gvv zlarH)(vK!}lmf6oZ>;&PH8#~yLL-5IE;I6C;7ompUEYH)H;)<(?h&fzhbc)y@6Z3yGT z@|@tLCW?}Hj~!gP)MRFDc=|`!mY5jM`|%Sa71ix{E}x8{0wxv+_8_lQAtEkL#lRZV zu221*mCP9IWY(?W)Tcq#5PUR9Aj9(`asi3GtXOZk6LGk-6udq0tG3(y!1$|XN|UtI z|0FPJ(81QyhGbQ;uy9x}7XE^P(U<5X6N2DkvnVRnRM!xtrm{av5)28naT3>;mj!)& zL`C$8%xeiGUO&8v03~fMQ1VPoA@A%g(`g{r`+9M@(U&de3H|q*waQHV`tE49Iv7n+ zO^e|0XqgDDLM0* z5j*){dp{*1b?EAX!as%AS&|x!PP@_{&EfQF`RZ`t=0r^o_7$ACPIJBO(9iAqkHGQ= z&(BYTP*b(F)7*D*8|UWWy`OSN`0b9i>w)g&m+tL#dTMg>=gITYl^ZVT7dP}Hp{%V7 z$Km`NrUm`iz%T;NtEpM^O6T ze>u+Zi&46st?>WBU1y6B&|yQs=@LeY2@jMy{~zF?VWr~#;B0PfRH)NwadQhvh-uDU ze~#gre$roVeQ>{uc!PL)a^`N*`I>~kt=%;blJOpRHh~K)Y)p7q-xmKYpbG!*T7a>& z-sGfY{?i{tO?R1Pt%XG;yysJDZ7Cng^wjm#dausz4kio4Rc$S;>1gRM*3UMUP4jXa z8k?$St$~av)-$j-?OfbNpUeZ8m~3>G%?o>kqtq#_hP0;`#Z- z5FOpz6J?ylIx6`7jIzqXY_-K)v4$)I!)X8@)*5(toMk#7=Rh7s%}YVSPZfj~os?#4 zYP)3L%=nI8#!FqEG6rNjB_D}dcUQaNu8x$R^9+ErG<$l&-66b$EIu1kA>%vtn#|Uv z-u6tRKCSs$diN7iq3@X>0~*{{vNyxn-Q&WuyL;Gr;D_qcawhAlkp%Rsru;4Lqc*w5 z6!W;aG(M{(9wGRcJ`aP7UG@=P@jm0W6dpY9t>Gr1ez3Fe?C#2@a9v!;2H}I!1N}d8 zBd>6WS65e6i#46k2k{#HejC~7v@Olg;LIE=o2GGakVi>)wMjsJx4n9%?69C%0sN3> z0{ivzamq^h+ePKJh$Y2cTk`g=+n;QgnB)V4{ z@9)E^s}qfSB{{6s%fGD9+O-w{3x_g5u1Uay=YClkOggY@JK%sGR?6|4tfZnph6C{1 zS#R(EBfhb5PpeitiESraj(_9sc03gc^7yP8w+X|c+#e4xvU=T*b#?k3(lK?J9+-o6->q=_na--sK1LoizU582P!9+SlkZ6+m-61`FmDo9Xs(ZmPf2Gm;k@PUeqcmo4K&Ev96O!F+P zv_ORl5aCyV0OZ5*#@TswTD4Khr|_+^a&=8LfI#~7ozCTu4AclZb$N#^*)0l2?Y2@g zv;1Et-eFY?RbLMW?B@ zruOph*_K*Yk3;=JC;^9)^#vgKf0sR~_D@X!{LZSgrSK11uIL>7>w15AKx=5!R9i&s zL==K{x+TT9qp4LUE0O59Ex%jVcInlbX7mzr{u)@+xy(K1vd79E?bDge*NJ-?pshganWb&M)85Ah&^lF^cOMFg@K;3|TET|FW4EE73~u z-iZ$U_D$sr6Io8hv!Hy>VGwu zkuU9+k;UHwpGDK{PaF^dJ0Q#mEdR2waBg9*>AXHk;IO5O2p_tBfQ~dcZXh|+(ZTyw zfJv)ippxa4-I|*m(1A(~3>KGU3cknehb}6sP7gqG^uVGJe*?~blrvVD#=`FCTDZ^H zAB{5kfWvAU=q@3)OXt^3`a6H;<^qEB=E?=tb!6Zz3QC4}y<4~1fwbc6ojx!HE^AYN|answ7aFO?eGC(U)&nvBd-72s=SZ7u(GtZAvafnv=|3|P80;!Zc_hS z_W<$M_FWM@*_v4dH zk|D35e`%abZ}!C1QCki4h_TAFhJ)=mEG&gm#vzF%H>llDt)vmKON3=FD}K{Kz_#2Q z_H3DOSwUUX>g|Qz_05jDrrS`u_f=7u+Y{j(K7qb@CcK3?_9O=f;@sRT`jU=Xjsoe+ zKTW7NcUm_N*fD)7N)uy~lPeadpq>NyxM9w_J%f68dB*ng z*OD;eTWu|hoRV5-ep$)T?upO$6bbUT!QIX>L(W4(7ehnzHV1T+N;EM$r(Xjbxn$$9 z2{}SeF@i%wwJI#9##qf>yS60^r_OudUk|>70|%Y*n0)^c4H}#D;yt+)sQ>eEcxo z`&|ZWD=S+I3-nsHy6V`O=?V?H0%mzTHNUwECOeFKB7rKBVW$4zK0*shpZcpI40>;YE8m_@s!M7V_) z?lwqDC)~)+*3{0H@~IYNMDlaa-5h8l2b`;`ztq%rltnY8u&XJjxb09VI936<`fmU4 z<3PehD!l&hn%YnnM5GBM#0E=3IrpY7tqJ%+tfSoQlVi-2V<(O-ou&{mdq+Cz}wzM-`*8cP!`m< z`8#i4azL(UCT>P6B|YE4w9eyNdA8mMf&(tHViFx0Rb5u8u9i~gP!HwkR6yx_WTE}R zLGXqrD>*ng`P5(-?B8h!SKnY>STqqA0`jO2@1rE`a!q)OOHW*?)3LdP3T~17+P{D& zt**|1Z%9t^+%+xc3c^@FG|edzhOz;?l5?H15Z!MnQ|gwHELGk_uxS4%D6GSqas>7< zMzG-oYvC@zbp*kcEVJ7U0QPlJ<37 z4r_AOqtb}ud&Hc!UO;@Pz@tiAYTBE`l~qmbAInqlOSh{i5o{fa!}rn9@Okm}4E`pa z?F<)QhDmS#<~s#_L|K2ON1pYT1+4E$rq%{FH(Q{!avI(xj-Gux2LA?VITqp z^8O2wQj8^q#NAgB#|pc8r%euZHTHEi1%-AWq1>`sO78{-q;zbkTaqpj5LL@0a>uoH z@C<{U{-_iU^f8^Xt$ zBSq70#IgHT#M;rRL%|;%;CsQip3kf@H4}+?tdtZfbp7$uDG`xvuF1kse-bWkMrNrP zfK!m|&!Reu-AyM3x@jZQgyK-_?$L?ypKm!Ti}Nmn&Jx7#PKoI0w`Frc0VD5+qJoy6 zu{?ag^}Hx!XbhNev#)i@E3PdSLsF9pio)3!g9G1z5*ue7oo8q;R#&A&U`jHhXoFtB z#>K3W(Cg0O5UrSQF~x{27C0gk+MJexpB}?a#bdoq{BBngmTCi2NK8Qi;WMns1{h0O z2j?sKwJ(%#aFy!CRds8i6m-!(kO)a?pfZ^g!a3?u!n|0h{?NHn zrlh3f*Zf2Ue&ED#8TcI;Yrw@2WDar`BKYasqbXnX3 zOda}6+Re@2k|3?}tosZF@ptiQyw*|hPYG+-ur|TNLuVtLQwjRgS{GMwax`Q6{XKeP z70(CEVsGl=UlM~udOY?iG(@itDJWyWxnLg|O|WhcvxNBv1e!jaz&!&%pl~j%^@@iP zeukobB}XqfkF??xYT*gmx^S|VmZ5}&dvy8Km|GHlNGJCScF(&qG(@VfFh3j_Z@6mD zLmW8;P++IX%VWsUHiZc4)re?X#-E1%0=tIsH(zQlLY}N9gP9}W7Rnc;ht|jQX94rBFyUic0e0x_zaMmNTZSf}CQMoa<$8>}MEB$_cnj?>~-QBjfoIVinjW1|a0PV!6&peZPH zQ`cc78})`LqJBQC< zRy^Bi6ckm#yr`i}C@SHpS(DHWQ|%3mrfDPOD12 z1GMsuk&ezA40c}n5^+jE`%h9@@TAJt% zr=~$cZ|*VhB^PXLN~!X(W8+XqVj!>o2G%We+-xS7y?ZBKs@3bgiN_L#swk}Yd2Y`3 zXfYWIYK(N6C`H7^iNs+Q{9~0>u~bw!5VX{#Dal0iw4MQrvffDdoa9-00%43~E_rZ{ z!YsM94Is_dXz(9GqWg>~Z*NsWo^KiPa=gX=&kubYnecC(e8M4IL9A3BlP3h6IALIc z;`xl^F)xm+-jtrh1$4)$&{4(=8J-Xwq_20tu!Qt~VE9l{m5QJ;+CQ8dotBsGy zqijjKBl|ze?2(jAPBB5R$J-fQt5^xTjt=P?4<$xM9RdQkci$Ycj4MIH zds{$n8M@>ymww2t=Q=n0U4%TYVJldfCVZr?$kzOaLM-rRRdG`>3+GvR6%{#!Ty;6I zMR}W+HXDXU4}Z!Yk^)2(3kK)M9)tagGCD#+QdSk!2=>6L)wHyHo+XdzTR##cvJ+!T zk`Br*7*=3qADvNFg*piu|#N)0`_aF5`{f;P{AH5MNUb-V-!U<3g|FKrIq zrX8M&IkPkW9h#ma#M#(;Uzfx7fiZo^(4z3!yu+NFLB+yF^;d273)?5}x1Zm4OmhfY zNjXYc={P#Zlm}!{7f74_$~Lk!XL?WhJ2pqZuY0LJDmpecHaa>fp3=19Cox|R_giYB zP#=hxXG?xULV9GR_ZOz+nS?_T|6h{r(F)3&epwwMh$zWK>zkGt*(I|lAB0Y&NcgDB z%q^^{I62Sk9p3x1AqH?pE1CJPtffCG%}l05d$;M(0SN4m29_r?A|fq5KCrPdtyZ;e zsz8v`93yxyIXS?_CeHc7AMGYAyQLwiszxPUmQWEsms*_y&y1kVBbj>H@|_xPS3xyP7UQndJ~$%TR8C`l8T(qY|87dn$vO65Y|sU(*B zGi7uFJmJ1=}mJBX81NdNt4QIUpQFQffAW8 zBw89%@vv3uy{8}5=IDrEL#N&Mf_?zs%2VG;hY++Iz0#_r=kCzqxy#)sEnv41&WPIbqBb6xbz)3WhUY%4;RTCfY zZDww+^E>9K5@UXzQG;!4Iy})u*^y#9TL27*?<0?<*xB_yOH?znBe*~b?ls~K0jeS*3RKGEl zrLvF!pDsN7g^tc^bH2ntJi3r9+g!8i>YB)lGll3RCJP$W3K0iJ z?tBGOfRxk%cZ3J^KU7tYj~8T%*VWX#6+#XRvwi!{9bHfOlP~^7qSbuDx7ce5K^s(%1eC@o9``-y0$B;sON!eM=kO57Yvm=dj2C z;FLi|{8C$qSzSGzYNGzH{BNdiS`?Y!6-hi%n^#psZor{PMl;`HixzoYf19n94X@WV zQ;VwrEWm5hGK@t9p0<`br`5DV5{Y$NStmxJw6vh(K|7HEpCOs$L)ek?;qYS4f=4$B z-!E2m;1P1C*fCx_*eBv~Ntjd?1@}o)8daB}hUP7MGW+FLgWj7y19T~iH*t8y@t2nv zoVKzkC~V_Xx!g$9QTIV6Gcii0;fN}es6C_)QW@~Uk`mEVTOZ=cp|%jktx@<}}3 zM@ei;!V1s$orZ+L1w19OAY5gAvt`B&8*BBDGRoFt6t4?SKj)ixsatN0>3qI>vGY#2 zSmsL*-8O<>JMP+6r!i9&dNjyCNoE?|N-8PE^sWJ!xHRxJ$Z4EQsVdkjh;H}`coPbL zOZ%IYG)%~TT1Pu}G2}~yXQq#YE&8XAppNp@>+R9=6E$21o_*`o5<0n_g$^u^pax(s ztRU;9LC5NNc0l6w(RsR9hTEms^?)6e0tJhl?i?;AcKI&R7XP9yDj-_h5(dRC_|;%b zho@ksCMqwEjvfiVuGQBGYvLRqSd>sR6S#UoBj(lK!e6=wN>oO7ew(Ey{Y+|UGLuu* zUI@!iGi1UADGkO_4UCxB>dSD>F7mP9Z1J68cwu2t9UWDJlWPb+P+a9ZjG59xaGmKt z)RY!9q`#x)kT-)?Ri+lx*(dXF!y&!v)Q8pqg9i0DZr{6Cqq4bgXCr7OsYYkyfPyR~!G}f*43ZoWnSCDt<^?Ilw zafcDLu)$fB_#8_3RvJ8~8!mEBGxG}0;gXdN&V|w0HyU*;XXkLC%$VG6NH{9Z2=E6Y zdi+Jd5)VlQUZMoCf+{a!zT>je($GXg9Pa#`Y4LfH8rHy0ONY6oBlrZ`pl*!FBbLAK^lH$)R4mU? z+zDT=K7o0B$@~$Sgf9XGz%H43+5U81H( zL_oN|wa??ZP(ROU=VI+ZPh&Y&tl>30OqP}gYVd#@pAgfz;c!4m2v61wV7vGe4evAjXBkP57O}Fi_OBG3Ucd*{~FY2A#8THW-(F7F);hIdc8d53 z%u=IqsV7bly$a;HNp&pRy>sbkT18TI7Je7gJ~@;3^x84w#pFjq9IK-JRdisnKN8a7 zu^lfg6U*#;iuNLgl0iA6K^Ks}(S(iGKCqe|S68cBUxFPFot`*Fj%mAGy^}q{N5E?E zBB*n0Y66M)Q#4w1T69+5+E6mr)L_Tz-8=CxX=zRW4jsF;7RRHdjJNL+r8m1iD4oAS zcBra^C)3#3AzoS{fo%;AcyCytewdc_`Xj%yk0=%8N|%d#EWF<1(BwIvP1g0i z3?R+v#9TrvogL*HCU(&KTNzFQD==_0F$HB)&ACI*yBEHGHO|gcTsmef9F&_+tv7kk z39qQ{bMqjJh(HFlT^ygBL=OM{)i`A`CkGVagIv@MhxHG}2FJa4dFq8)d!t@1p>IC< zxuWoW5>f>G7K**6sFw%xZP26H3{r5m8i)1qNvHc0#7$n;z|6G&af|9b z;DJ9s#C98pqf?uoypFQd^inF zh(smp>YQ&P<$v0&vBDIcnwjeE?&(+KU}ksz;&8jUmEJa2cXWDl=8wiml3pAZmON7m z6s#zT*tF>A^cZ3Is6ONH@NgnE;qb<C#8Dl z*JtQ@dgG4M01h4e7w1%F+mwO^ z(8JcoThI9W7(G3e0BB%PM0r5~G+WxfqWNWEx=2NHCuzvW$Jg6(Bl}-R0p0u+Guhqp`& zU<_g1FlH9E!Wh#v&aR;2GLho?Gr4&p&;(%7MX48$?Mx~_ zy2oe6-8u-8U;YN!+U6HCt-jxch1+S0e^s*{9hl+3+=g@;e!ly9^a+9+2r9@Qv`7W? z>}TnMmFJS#u~f??L3OE27#2G|sOHuCoTG@Mbut5ewf)a z0vXM(EcNo?Lwrd}g)a3mMK|uN$1PFd>nM?|Ks{-g3~`lqJdXEYJX3^z;m1rM_{7zuw-zPj$!ed$BDG0}=LNh@7GR&08aIa>!2yMDulv zFYav!rsVLQ~5)9a(&U0rl%?GU?k?xX@F z@!+6=B6sTI&1npxDEjB`LCHzq+GD~HNU5x?qy~qQF_=R@6>Y{oP(8;Hi6=QZL0|V9 zc6MQ%RDCFCqwu$o@3InzXP1gw=Qp>O4Wbz0HK0H300ekB*@@Id)rPA?L;3-@%$-87!p%O#8Ar^#3U{^XWO_El_p?A=v-=I<~s{ z{@m#uDk=;Otdqh1rYbhh*2>n_z}6k?E9swHae(xqt^Q|ozCLHu4*5aQS5Ol!WAxy8 zUSmHZh|BZlMSFNGo08`PDRf3RZRP3+R*EJjHMm7sVKQv=EuHl57eqOV7S?X2N>T&3 zdg*+glC=qdbyF-g)jihCgn4)%dw9yUvJT@dDDL|G1T|@hEj+%nw?X4YpYtD-;%1uSi1Gd2wT*cxgzN?4%BIo zfbFJuwH*n#1Q@V3dks@-f}vb(MvHz;UEPuE)5Ao*T%_v}Z+T05(dzdS8l|K88i9fA$S4d`pNVgc)VyNQjP7lHzWzi3FGD1+8hr?fo<~ zrMBjvd6+H&!Ix!JSuGM7!4e}_cA@?gAeuCBk9C~Ze|{C;%Q>;Z)oJ_l88RioFgE|= zGU|EEm73SoN}$t|g_6T!)Yd$>eR6a8nply>u&4q0wz>w|hbNXU#UwRBW@dS8#lDF5 zQZ3wnfhS6xaHUhc=|ygbic&HWvCDmrOq7TakfrNgHu?|TukySf*ypg$lj93^s>|9Q z_haNFLqd0kvm^k6Fj6by=XNEZ!=lD|?Z-Tqusp{g+4S_!e$Pp-9NqD(o-iUZX3fXs zU+^z~)$qF;zL) zoIJP3d{yLCm*%FII+;Zw6b2dDMBAGVtn8`aitC`ua(E)|*?qn8>vKwCr+r-FZS>>$ z5UlKW-!lZeCbl-0nQ@;N6j7g+LW3SkqVX8%O98wF?N_Fb2~RXXnDg|wiV6{$5)11r zZVCR+x#Rc6bQp4S|0&-;xs?4Zlgr&56Cx?`^DS4F9FFs=j4`02Cmd3Mo^=w~J!@-i z<1eG6VlTcbzHPmyJ&Al&N5u+&g`Ml^*{#s_kFqQe$73}eh^K$a z?4YmzZv~WiA4at6clA6TIa$AZm(BX*A|s`zw_GaBO9pC*LC-CXi?qoc)0|_C6E`i?7(h zlA12o=@XIhull5TX5i)zG5bq7j|^X)PzufH2EKYt7JHW+w$VgMYUC*?G#>}LI1Sn`bEk$K#XD`vL z=?5;mt7|>UEUloVgu=i1{&XNIDT%S|zA`m+@oa?Od;QN_5)zV|+ak3xRV5`1!~oE8 z(DuZ~##SA44CYX)*82JH9)Py-RBkAji>8_y4l!}7$BjeW&DOe&UBU@a9WY1V0DbOF zK!7U_gOjHOsNVp80sz!-x1L||SGm|&d3sJxm(;krDjYRCGO?YnCfk{&^F0_D=Xh+; zYSnt|Z&TY^koo73@ZRpFd^+9eC@kbxE4dwCeiD$7IIp#duI0En1#J*54Q3;Dj$6d| zoTWS;3XJkWvY~A#8M+eAIocRI3W$b+#{zP`9jI(va@|S=eerItuAqI{#Mt-;gB|%g z^AUT_z`RIZHm~hjsXN{#E^;79h0os3JPAn)Nt{0Tf>bask7rsH_B-*icDn0^A9-Y&-5w7No(=OiwTUuad4h zEXw9ucJ=wh@vq7Y5-hZG*ndf4i1g`twdq(0l9sqt!)`B zy#Nd*<*_~pBnE~@MjRa+psYZ40!UB@2?-q*0~-JQ6K{Ao&}z^~mjEIifVRPXmeAVT zT2fL1ek176J$3TZJXO07|6L_Ze`vs{r|2Lx*KJ^41DGggM17MLjwX(d8Pdo=MJE`l z_a7bNFQX)JdU_XVsbdrMI#gz!40}8F`*-=+C>cBw9Ii^scpCf+t}E0HQ~cjQ=QSuB z9kqy#F!DY3@X;AQ*1*0541~Vxlj*f$^9thgEvzJ96g0^kf9UIukM}zf)LTJWyzJ)w zmY<`jNpvc_js@Bs|2Rm}(g9$3fW;Y34msDQ-xR?a{hIi)r=ILdTEqY-(6;-T8Z|a zCzp&J7jN(2kVDJat=HtpF^dfz?ru3RhLx{0^Bv73y-jP&yr&thnu?-tmKpKk4&_S690N$TJ}M zgM)(uHo_Nh+<^{&3&TKfFSt~JX3o|j!2a6M>g(zr{audBF!Fd7(JMS41+odibzXhL zz`$_16eU2yBt=U>0b~+R_U3Okax-d;b62CHqI!FJfLH4AB-&!nz_(szrC|GOYke~p z%(||Ra%E#8B0fq2b(QBYU#_?hNS^{tk?;G=e1q*#9cTpaF}_{$4ThOD(jnmH>Wu!C zlJbS4W7BEIO%FxXN7L7%ZvsaU=j8>#4kWUioTAbJ*^P5~I*(yVm&mi^_@~LFaQ5S4 zAPx~Wc+}kN{d^>8{yK?@jEpt@gY1p}g)(!di5T+QChlNWynk zKYMgAi-Ej{PxvvCkzbB}3J-uAm#{%_&@P@WBAi+pNS$V)Kz#1&Q>K!Gsf zN{;mfI@t_iW6an4C?GO&(j|L+Fw>ct$x7TN>h!nrk&>?NuZammW8*1j6!10Re#Wq* z&HsIJKl^^eVxJd}CnqJD*Lxp)Z>g)~;NqJ;h++1Csu2s6Qv8!)R-x==d?N#2~V$?4H^jUNB z>y^2N=K%p&{3oD&2g-_8>xhW{J$IfN_1g_K>X7!))tRgv`D&~`=5#(Tp{H!E19Dp} z!)-gbjJy^DRVytm{Vw1w^%>j=x}!QWM5?4Yccs!U;&_5cTT9-Ix!6{c5I27lS5;LN z78aIB*ML#8hk?cV>)&Vy)90qd54EzkX5-(Trj|)mtMEJB1zDnjo}LwLC1P)GNW1E5 z$<9>877$~(INi&bW=rlBA_lzRsCvv&RKb9whNtJTK;QupcG4f1H8mwAcjAwGvX>=U zSs`tUFv|L^=9-N1UZ4|kcG`3UoN?!$w8(*X?_V)OZ&x<$({~BG+|9E&&eLPw>soCs zq3$MO5fRX~&zGCLCy3ZcHnza6b(V)70PQ52xqnE`OtKG^H#4q$5&hT#yCC&nAZJAc#KX zJJ?~NJVJ_d_xCl1@F&XA^IVW&PJ=Ye`Ez-BInZ;lxIRqgM62fLG#mjMpv)P^TPqOT zzUSvpVqe7>7jdeVfrwh9PamVi(B%AiyY1~c3M0ajpu6G=CO;_PRpI0h`7OIWK%%9>+w zgDCPOW616j;1%-vPeyKbcFE*6iaGFa9P$#gg<)5Ytp|}RJUmo(Cs^98W(hAhRW7R!<%83JwX_g^YwDQ`- zVI^pT`<1W5R$S${y^oPi0lycfnHcOUjP)Em6MoL)IQ4O&OTJhF2iacR3K{guD}46T z_5vB}f_(GF_ABb?q%NDA6&I0Fg2XmTEuRd5)Q`q1Bm0fsn=PcT z%l2r2LB{puz;&svPe8F`z*4&jq97K(neghk?H+}G(cvFO?8@QEiPwN}iH50t&^BQh zeh7yd#$#WFDPz|XvVS{9gXWHnIOrzF#b?k*;AdL7n5L66McIQo4fGkVyx?n*rB>Xh zq--9XXu;d(b+@2ugR)TglbdQD5uui25gCI+`k;lE>FF!(;{Vvl`=nAR5S^Lm%+N=D z`^q!^j?TJ}5Ca>7f%Ec;e-A)d{3p{jI75Tyc{)&APYR|upiekdHGck7AbL{yl?;gg zH6to8SaDvPU8F0P%D6<%rEX@(C}G9wm=Pk!V!2RV@K*#PAISo3=%Hk%?00TSHVuOY z$=Rk?Xwnf!lnOoFBZNS853Ea-a&sjKAySC1`7fW#&t39~zqR5}9i}3M@LCC`#f_!k zm=F2Z;v8ssIKetC2O068BBt@&4=0kE)imBQ>*jC7-iF*8ttjX0=l~oQPD%b`6{T_t zj}F|Ru3sY~7Gk2ZwJ+WG``+ci5%OShw_e>g_1F9W{%m|FE}?n5y)2{DZs^!~2sPBxVTKQTDoe_4;Ciq@BW1|G`N# zD62wAC=~-$4pn5{WCpl|X}xw(voWY*#=&WJ=TQ7_>4AsxqDb83KB|;KV`Q<- z+Rxe8MJFC=d$(K$L%ZjPYsRv7fI3qz27UQPLBU} zeCDC( z_7~j+8od|##2(8_=2L?|!PPZejtH+*PS6r-7-i6P#o5v-1e1JFLyu1z5=3*+~|8=v*si$?191wi3qe?U&q9OJpTAV_U5C3mK;KySMM`Apt1&!lOm)! znUbc?JF(zR-92HdL(P7R4;@cKs=kpzDQMqnvnJb9y`J%2+A6jHC5(AqUQjHI>F-ba zy`tFjf;M)9@jg_XQvTWTiGztr?$mTH{vBi~VlVEqKl!}~6TGg2vQOLRm9d92PPI0- zEQKCMWam@~Jdm#)B$=nnsBpG9h~PCq=;@uy2tuT|sG+vcIJHX>bxg@YZ{G%@>0*UQ z0I&f($}2>W$9l=54g^KlS_@P|1qQhfY45GByp%n+v(?bhLJ-ZVaz<>?0VF#Qw{5~9 zg|eMVVMc4aN#<2cycxV)ZI#TPI*ua7M{covX;&b~wI$9>wyc4&u|EY9;$4)!6IRR@ zz9l1JQq@rZq1SeVkqE+6+n{R184(phUU_sfLVg#rOGP?wCUBXXMfF6aq|cO{kyADi#KXw{`)CMO!|nO= zY@wxP8vd5eG=PeBWIb!rjmL8sPZ}kf^n3RpeALKk3n$|@WxBO516m|AGPE?B)9(V< z!gr$H>Twp?+}IEvPg@LU#-*f2FPc`5t&@8`4udshR9Bq7%D=T93tpJlb+`G5i@WW41a> zX!wp#^LB{NdJ!52;sPjSnWg-sP%m6nemCA$X~K}W4%=n-ntuTOMHx5Qv2+rwQqTjK zK#TQ)xO{>PAs$4Gj*pu4AD%!Uz6u0vM_LZFxb-U!429r}zoJ`|Ga(CKRU242)&5}~ z#Mi|TmNu&ae*Dt0^%e}Hme3vxSBJ@o6`9j;kq-eZf&}d=zUQzRDh=v=TC&t(ef;a_ z2mH2WP9fHd38nsTkSRHK>M!XaUuWg?jb}_swzQ&M<$!X_fzTABv~igIeNnp>1F>?} zEl5=5h}tgMHVWG)%Qoj0BV4xu7i>;;jkj3}dpHuTV&3j@%NeGL(qh8n!E=|mPx-g* z2cP20rIE$xGc`>-#euLe0KjhOQ2;RR&sXzswTuEr+{Wf3g&y6sSAi6Ee^E<^#r#7T zNT2A7?9r=eh0@mT2oyW zLz4!7CuPo)3lpnrYzQ^|hC>e7s~wupXyQ!#=NGqvyR5i6JCAs})=6-~XzJQptV)w+ z`r2@bp5(C!zJ?6eh|0L#9CsY&c7_-Pc)T_4YrwM69}>(`JXqi-lVi zj27g?6cr?@ zdSa?kh&S|q)8=`?PqFWvJSFjO+7DOS72waJ(~8e|)k{d>;;}cDf4)*A7x&9aQt#g_ z(qN{i!doeZK%%=?(8KS;Ii@1;#`aIXmIuZa2Zp zg=^V(eiECo{S4R^1h;nP*N4`l^0@xbTq+45TI6jo(_5sctY528?Qs}F!P(SHPp^N9 z@l~4f7YXY9EbStF&Ip?Y^E!h)N*Wqv(y+b$dve{vbTM?3lhp!9&Djs66an*{S#bmD zRsH?Lj6_gIO8DLM*)vCjI^?@#B;8m}QO~m^=IftkJ2M|@YX{VY8~Wk(^$e%FVrR>e?>UJlCf^)ie3*kY69!BUdJml6w$NmJAxK-}PYN z(b|%@xmh(om&n;wvBQ?JvHi0$wrW%CsM7p#OQc6!bf zU5K=#Vn#R8{4QLGZ3JC>{Ob{DUoQDar$=`kANlheFbVYNbjwO00#B3rN;=g_{&r2) z4sXLga`fLMgWB<7!|B|`QPb6QlgtGSXEXJ72{)!?e~P!*6eyw|uJr2UThNEqw@Ntf z(K6i6NOhBlAP$E;;s0a(k$^Chtio2MNGPSxiMrsSY!%W;Dx^1@YAdwkcl4sEdoO#M zn2$fcFL~i(4%L%r9{So^JX5BO-Uuqi9uC)1I4kIPyy1|*s1}UG*p++bqJx(isCgwH z7_nV@WJ^@Mk+;eEbUSMgqn zp6ozdt(;U*T7m=*as>x#xUmj7sxNhV&2Bb4J#nRRw}F7UPdZ?0c}SI*wgW z(teau!GfN;hlntT4`!RoW)1bH^oiEtJb4H2KAxBC3vfV4Jh0aOr1F6+#)5-S((~9@ z)hkJbbOwocyZwMDd6$nTdcn29&p0v*;Agk0s=mssao$WW3A0T7n|T?Mj!>}^al!xCp_wk=CR`gQiWsXN5^kK1GlPI z_-&q+!~a59Wd0e5v|g~5op_$v#(H!dwO>Pck18p%f53^K;ug8Jb-mweA}uW~5I6P( zb@mkff>Aj-deYq&gyE(XU$&awOjNsBmwjUysLQRG-0AAK@GWt& z$wt0P0R*BOfPg7!sR^|7asudlN_ zDgDIi$|jtU(q}8c+vk3K*D|cItl{S3EJmDe=W$~s-?IqIJoc^85%MplI&($-pnK?ya%}O1bJa>~J@Z zeVZH>Huz4-WPa`-)bE=m4=T++-mK#27mLCwYKRt9pj5T zN);6MKD<5}BalQXZ^nfu#X}(YcK`lIz_i4-s4=cP%}(+_2X?5V@+9vabbv4%MOD{! z&~p|A)`F-(m!jRS^pj&F86RcR%8N6*7hWlxAe`Qj_t!yKJr8^>r*1;Ttq~#~uv2Tw zcA!SXq^PYf-2mJr=dsb`f9B$#wIwX*>*qPL7%x9XIueQ!YQa1mvC|`It;%>{uMMX< zwmY%su_U?Zyzbrudm87z|Ar^bj1rrIVX-3ggjNoV&YfJjGIhF5tim?4siVC4&Wqm` z#$^QU5E4)(GYoL{OZ-7z<;am2D<)3wpC(Y z$3G<)$V_)@%SFt4MyYAW2$G_FjZa^;{j1tsmayq*v8Wt6Jtso9OqBCCz0rMKIQBE8 z4#M3BN;aqO+??DJ1{MMRr;rk_{?jc;GaQ;w=p5$pl>gRAg}U0LWG-5HTt=6`dYe*RKi&_8+E_Q2%Sp zs&W!U8$qN|sNf?}A)nHstHvd^csaqUc({si(bj#YAv$%+EWt2>zow#Ss+Q&2G0w8d z9SKa2gkPu_h&cehV}Imw}tFUU`jKwetJ%YlI-8PBg>|CIHM9-R8b>6 zwxwC@c;z!K5D2OD{W`z5x|@DuG}ZI=qz^yg9(dZI+cqxEwOQlZyj~%r`fRb1;NU2q z5bxjke!yhRt+Nq_U~K27{&dCn*Cc6rpW>NVWH~H^r=9MmoB5LoD<^4~sfgnZ$B~tXc31#WL5i%urep=BZ9qXnk_xURkrl24*u=ZN+fD%{UF9t)=+saA$#{F#97<86758oCHh&S5nn!m&bqxhoHF&M^jA#re7NBV*J^ji|kz zhJ#v3bUI_kCkJ}k-zA1*rmwG4f4$G3!6QiG0`8aI#(rh94408LhxKb{<4(oESsxYZ zpZ?e7>?NtFedeg&yY!&tfENmZG)sr_c%F9WIr1R%%h*)OY3z_|$DGfL-JA@I7G1@M z?Of+Jb*a&+2(7@|1Y?m}(0tBZU!_E^+!4D{aJm?_D}4snydp=9Ov--0KV-KIl4EEj)!ApQx&Hn)%uNlAQ>S-Q_h*o}9hd$wI9mKCyo zhyC>~ow$h~Bq4{r8QwhlmY>gB@wV4ik|3ndS`7o#{Mjk2ZR!ItX+@O>`TrGZyb(-O zjdZ)x0jUU~z0}V;xR9U{#e^59d2UYDZexp}j5)gz9YY=o-m|gEsxQ|$WT+d-AKl>c z@GUamdzO{-F5-R&!y}($!&G+8&j8swkM??e&%LU^UxT-poaOjhDeW6D(=pM_5 zv@rb8ju&M{Lg+LVgg9Ey(#a?vad8m%uXQj0`;x3|Sk`QaRjWE}sID{!>8tF*Hf z-?V~~0rY_{TJ_bV7)=fJ^$5AZ*5T%o z7yqPD*Jh89a3Ssz46_kOx47h3+-A~jURK)oZh06Ds=jhsU$}o9U+;0eGeU*3KVp;3qw~5F+L!Gml%RqXj@QBk literal 0 HcmV?d00001 diff --git a/docs/bro-psa-architecture.dia b/docs/bro-psa-architecture.dia new file mode 100644 index 0000000000000000000000000000000000000000..f828bcaa78adc5b39f040669ccbbd90636c408a0 GIT binary patch literal 2365 zcmV-D3BvXtiwFP!000021MOW~Z{s!=e$THEJg*r=Bz5gHDRu@Zc7bWTz)Vq~F9vNh zGIwOjmFQ&BhyL~@MLDr#$rnkKM;RK(#WsD8Nb~#7A^DN|@u#n=$ao-WMw9q<0!(XS zka(UfXdK>7e*gUQTYvJ?-PMl^ihtlgVTxA<|3sXLXSb6jW9uJoZXO>W&FCq^EJ@9X zZp@6_{DY$i-|#{=le;U!*fp@g42#!_S21HLooyH~V!R@^lNp|W3DaZ~FD9~7QEr|@ zNoqXc=yvkvK7UMZ3Ntq)I|pp9aY$w4$jd5Te6d$|v5k({3a25B_kHp9iDY9y(?NlFxWIRi1wFKF zm-F4thIJPW>n6N7$(%w%t#}V&hhpGkITfe7_B}cCR z9!J?J6_77KBko-EhACYf25+fEgOx|RV9V*(L(OHGPWuLv_Mep5f1nwiMWn6y4HI}a0R*&jku8(QX-&d=Jd&T|MRuiWiWhW~9cs8^ z{Z+mw;d=s}Khl`g02*`!G;pqguMp6{&H)WP3FsWj++%w{&yzTwl6aBV;f$KqfZlCg z^?0+IudBZ6;_f*{d3H$70Oa<8`t4}-fdh8#XYMsbD*Kru0|(6e87u;ar#f(SsMaZg z13(=)PKzAn98yP)7eN0>!#{CYi65ZAHR_6M=wG)**h#pCGJeQEySPS9%l^y9`pfCj z=uxRxO#$bG0^S(~&aOj}QWEdsoAB6F^rSuKFYkc^?^*4x32#`!@x#h<97ks%zJUmN z$XmvqBGTN(_PDs9KDgU`1ovQo;O1pa8kvY>~}LDG;u+PS!=QFMZf^2+JA$V;cBF#Bm@?Sj-!pcVyDKk^19wxAXM9tC-ZCoXnp|-S%Gzsds2N&FY%fHLHJ@ ztbTOl?RB1hv#x=sa^xMz7lL?%*NM@o1j-+LkGEF@t*It&&Riv5?BFzJ;rl#PM#H`Mdc-^?iD;hoV z>%nn0G4cSLQ?>l)ze)5!L{Qp|tmj|B9)HyKR=<)}+1;F$``iiru8or_o1B!uwQ+houk#uJ|w$z@CgY!P)wWd8yduP)g(6pzJ_CRL|tqs)jp0F<| z&qgDoy#K_E@N}MO-c!wcl}@PBy+L`eCo1YJ{`J)|k-sG(Aogo{BO;=Y$()1pSHd2X z^owRA)okQzG8zpT)lX!D&H`}+)C$CrwJQ)u-arEJ4%N~-i}cQ-i)lgu>OmBWZ1tj0 zgm#tTXowvjXsk*Aq!IlcBf7K98`^4R-Vl{!-u^%`?+(?{i_Lnm`ErZR!0BNPM(OS? zAs-PlkkFQEFgEW}0^!bB)?k*zc%LT5ub+O=vj79E#guo{>9v@Vti`|!t;KZKLqnd- zTWWW&dI&pr(4m_Al#^e%Cu;H=4f*kL)n(YPvv?TzYS|Bn z$rzFSN%jL`TqkC1M#O#}Sfsg6HTPBeq2|8PaNnh5H2F#*_M8YT(<4_!_xt#n;I5d0cn4;%gTI;d3PX_uo(d z(!@8wgx_u_)Wr8K>wXR%BL}TMRw9sELaLk(i5&Y{ZfI3{j$FB3^#$yM1^n|0^nQ-q ziD$(f`kX#T?sc6b*Kis!1bu7@3)Is9C?p0@ssPad#}QX*)++dtm7W(ZlT{rWpwleQ*aOmUhfkIjVK`gQ`l6rM zhd>`|*6skyWKLzx+8t`m+C8>r?dsU4V_zQ)t_bz9$pfmr zmq@`-&^CcM*kv>v^)U&r$OG?mnI@$nw|i((8aXL-zgM_8vQg==kb;Hs^9DTAb;bFR zU@U19OOr?w(s1Vvl)IuPq%jgwcM%%8hDt?f+`c8VB(dvEOkIMJP*QOKzM(UvfitCY jm(;{`QDTzMBm6|tyDRyG|AZ-C-Cg}3xQEm8^qT+xISRs@ literal 0 HcmV?d00001 diff --git a/docs/bro-psa-architecture.png b/docs/bro-psa-architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..6687809e0af5cc136825d722d58d1f7dc25e2708 GIT binary patch literal 30073 zcmZ_0byQUC`#n68LnA5ODInb;NVjx@bV+whh=_o6Nq2X*fQXbxcXxNg@8zWk7r9Uv@Gnn|%HP2su+CyKYEUS2 zZbfMs{1wSTTH6@{LHrB8LtY5obHYO)q$2o0g{q?O^U$4?n z{!miHQop7D9>Xf8Z5E8DV@YwKYiVUAm-P)!M;1!-BMpKSwuXDuw%V4+G!s)d<@d*ta~}?(M~2@#;m_^7fZP($bU8OEDa}0Udak4*1Z-})!*Mf$`;!%UN9;ReF?4F zc0ow{WzI_ALYOR08QVXG@!qPAzs(?LjA4QhTa-Ll8k!6Z958M=zBwF*!Kb5R4+}ox zdjWwsD8q@pTXj6iEw$hGC*nd#lgX(`LPa;AyT98au;L{D!I^GW&Wx3q~ShS-;GW3QIx&$qWsyZ9_HSuewCO&pZ- zmD#szAsA7ZWcJrz5g`zx6=>i#DXG=rjs)~%+V+iRVy~U?Al*4X0^)`&Zmc54=_%^@ zX|Uvw@LN$ny2RVtR4=a?)X!1UI4_r_l1E26Oux~pdOy8Y*A+mD{+C0!9EAyibP8fZ z^>+_Ac&r~u4_Ex!O_?H6Mm>uBGxN)W#`fY`FM;W)q?yny++HC90IZZYLox?nW9;uB2OLg zRwH4-AY~O8am# zBBFsWU(cOfyGRfRadG0F@+Nov3X9!Vof4#^J`m6}VbTT`S~hV~#&7=WLuzzr2X`V) zlPwW4)ZZIi%af3p7H8m#?KfroXg9ipmRvQ;i45;f>|mm-Oc{(Ridi5#FrjmhFo?<@ z@mXN_e&_twd7@5{SkcQRH^SEg+^Z53ThzzUAPiF{E$(fOieq20NSUI4eerC_h*J31 z0Lh_0qM~8>YP(~38?Uie=Y!qYjZJKgPw&3|aV=t?{DghT1a6Wr9-wvqQF~)@f1_N{ z?H?SfT&{?ky1lfL^X8d@#fz!+ZFsOgIf@mA(U|tm1+e8&ZwniaJOky-BV zHZglQ4WS`{>m5{G5Z*0@{4AY*MHc<~kSRQ`si48e(&L?1v4S4^o+WW@=J>YD(mKA~ zANhv6oANlqq0#J^Ip-RJdO>a+@O;-o&J=qVoR34p>s1FnX^RZ;x9h$CzzH9{Yzy_B zdIDAQCPIgg@a^e6e7r`u018+&ITah%zOQfi6}iGNS6P#Fs}uZB z-nDBK^rgYyCth4CV?oir_Te&4HQ|aOgbiAWUPa$lM-|Z(_~Dhd`KwV6sH3JY@3{^c&u<)y$AO+l_PbFHGIQ zyO-&#@aj{KsSyrUt%kdo4~B%pl?J=w#>qzHSCvRHCQ=1MgMGxy1-W%QH=rJ^C2ur2 zlI2ZeW1aG>#Tjvx{_x7@FB%;?V)r5->hB%6=2m*Rs$?%x<`fOI8$oFWlfl7r;_!ZA&%-F(#bk?VlVrv2w}?i@(#ikie0f(!g&7c(j)1#F9gWLrGSSM2=>#k%A?uV}6yB z27mwFCkI8#AKZ?3{n5@59~o9ih$&_UPeGm`#oNnUN)ld>1&IQN;_OK=wf(&X>+v)b zMdDV^2Ar4I^vpRnaD>8J$v(p7W~4xeRVS67i9_B8wlG;MjxyTLC5x8O(^GjUTC%n_ z-Xs^CNAq2ClQwsf(ZC%)8v>R4$W+wmWsK6ET}o!umab-e*KnVf_XX3S-< ztByRM$OTw_RkuxItA5?BcdOIb+oS!8gdX$TlSVXeHxxE*wi$4l2(2V^<5yoZN=PI2Onn{;eVy0C$!a(byV=?)=PedGC23;+h~|`6 zGrz?z@pnpBFv;@yyY-Qi?S9dnR%T*96e|2cR7J@e-HF82H~nix^iMVM^iNV%SpOMU zUAtZOw{3dMalGHA?CSc~_6K|J?s(<$Uz|H%|6nrSL6(Kds?NttR%xQ7K%bJBq*B>A zS^cN0f(0u`>`t8rZ{^aAQg?w|#}DF>orV}9B%p~Ln%!6>Q#4sB|IP5vV{|e?@0tW! z#GZ;OoSuMTu8CD)-7L6-v5cFJWpW}cN+2>qJ3CN?GLh_cb0a@P*9ghk@dxnG%>)Pr z28PA31f`+QE*H2d81>#@Ocgo5aje|sCC!^@} zU%Up(N`=X<`+j3(l^7f6ivWrivQyrvi*_#<*^9(*f$%!rp1^EwF!W{g6mb!hT z(O;B;Y;(iqN|{B@&kAwJ0}k~nw*S08+4(j0ny*8~CW2hQIObM~O`AkH$oGvkT6MjQ z^hkl%r}rVi+kMc#;kb!2xB0I2_y1_rnimBz8AhIV41bHoc36I^n%Jd`3vuf21hZx_ zFe?YdDuZyYkcp|AkOpcxQLddz%KHZxA)zQ-Ll7t+5WKH%w@dB=FLsKQ75Gb>+)q z5A6JNninmd%05?qR945{+&lQaC;Fl$%TdNv_bz{9r!fdT@!nU{fPjd2duKIJ0NPpV zZ(Ewzu*9ah&_XeQABU#D@Z~LA7poBgd9d=x@9oYc-q+lO?x2`SiUK~(9rW_>C{zGi ziA(|;6f0|XTFnZc7a5}DIS}^;)R~2}U7)IR#|j(gVE-xr9A%y}Ophf!PLvBNKjhlu zwc2i$Bhn$cM&D2Pjj))1x~j3vElNgvV77mBbzBi(56MBA!-fX8GnX~e@V#`$G}3p% zUj4dDgeFOKNIuycQ_%YQO&#Bvhp0h%!YoB4kyBoEZq?0XEza{|8kMtfbKQN>Tk(Q8 za25F!=eL=-s=$E9^%x7q@dtfS7DS(*PQuOTriksgE<^usR@ikKbkY4;DR4EwENZ=k zet4$#8^fE)yu+5~hn7?Eu+-;PA-RLXKPfi*^XGXF%kfSwGjWLo&bK+2h6xPxNWrwY z$P^fOv@laWnPWKCT!$djI+(zT7S{2Trbd9JG7uxxELT}k{2;-ks$740DS>dUYpU59 zdDGMcQlDc11QI}0c(nf&4gF^tjFtdT)?3DmpJ_jJwDL1;$zGwJT~z%p4>0P~qBE+<>{Q?%&Sd$&}(IK6GifVPx zW5WdCD__8{XqE@pEQ(aW6`kSYL|upl$$9_XUFR~ph~Yc~q>>HXz+0;Ceq|i|0BK=m zrM<*!T2*`z5K;A3)QXj`$l(tW7-}1NtaKw4#K?rH^_=qgOo#&~3Nt;@H7%muXZXZh zV3^??gb^-`xL|l3neS8U{|2g*jaIH$^Rn_d#ec=XhKGfeCh6sER%|BIrv~v^?d*g@kGr2|TMi%ut9x1711m*mZOG%y_kPoye$#0B&cg`l zykj$Th|v(eX$+F0abQ#Q?+q9hM0aGHs=t9TqB%R~Ug6>|E0CNiYbjv5Q;m*XcQMmtL#QWE%@`9af9fmo8gpZ16d z6AL*BwKA|FM%bC}VW*}9*sUq$Kc$m425BY29 z0>+6@X(EPH8P(;LGc!U3T2qWzyd)(DQgu}+6S`(zKmybOyrV%=0EvQ|_xIES8rTke z{de8*iL>n4ls*gd4i;4`&W!ZxghR=HtdWyj`5B^nGvA0Z87V=7i{I2;M1|EDo9Lxo zH?C>H2a@aP=*Y^-GBPs$GOLzjW^Tk@c&qH-P}$+{lbOddLf5`XW~L$luYK zJYtv_GnhH%(D#D-Gx?X(1UV`dD@DE1?|r=_eLC}*nberKS=C<3f___nh_#GgG6gSM zGL_qdD!A#SiU|SMo%n~2uCDvRqC%ER&gyEmu?ba94uQr~V4+&^ZAwbQuV1I(_}yaf zt~##LTUrDTl|j4;BnQX@fa2$v`vld3rgbT6O&PH#SFaf-xp=(MZ^(=*QKS1R$77m{ z+^8G?JD^-Rfp5KcLwtFLzG-%2BcyQ$Zv?cO%v$ynMx53;1kQW)8sE_0J-;PDU zJA41TITH8zPXI6Rd{D{ab*=IlJLMEc)ZlrMK%vQqvP<~mruFv*u4I%xVV_aec|F_XRO{pAqDO7YN^9SN?SWQ6j9F(zEuC6MZ<8Wk`CTy z5aM)o(u6BAE&Gb~5Cw0{xd+DVb`D|{6+qO-!%dT2NJ+c7xPd{`wvs8CI9zP=Ub3l} zkpg(&^zy>@_@vMOvL<5%9i|hF)5Wc%RtMyeY~#OHy6hb7{Qg}ODYY|t+RARIsF4Gv z+H9j*{~)11%~>b&Y13FrI!R0!h(-Ja>6w_gs9@bO<(h4_hUE?phK7bfs&h~PsTMhc zpP8K)B$6jyrp@A>;2K=@#-QaB5%@fn9IJ!9kAEhLg{(YfE)*GWN{eLyH4^$@>ll_zy$eKv|5FQa7_r8 z1F~UYn?t4Y)vV`5@ifiM%uH)Z-0r0$r8L!e#mP7-`G6G|8q_&@@*k3SR`rA;@LZi2 zgBT;4Fzb)J#q6aNu#)%Y}ke`nlY)D8*e2%NZ@b23yE2E>Mju-C*g@h({ z$?m58PQncZPkOMYX2MEJ_9g_9c|N^mWo0!gYWvWYJ2oT#S-z-;#Pp@Bn~O3tf0}q> z!_~x-tM;KUmz1K|hj(S&zIHHsbefD82vqXfwr<_|f2+&>sT|JpS0&36#urcQffZB{ z!HWyIKr4yGK9Q`l;!m@CdVG-c|4Sphy4wFWjNxPTg?!O-_Y{VZZcE4H;P=W|a(x|I{ za&IVty}Z38D5E{u)3nEs;Q~b-c9g&>>o(Y>d6wo#MIj&{)N4Hy|E)1*+x80TGG$*u zH|CfoMo;bjP@@H#@}CyGdkGFS|9I*3vwa;6I7w=p9ZA!0KA$hU8pj5c=Kq$D8%{VJ@lP<88VXX-zuYBBk(gy3`A zFEYi;Mo6x04y962QQh6$2?z*iRv3I-+sX>KJUoO&M2Cj_yuZIsPft%Y^qbM6og5$kBA%U{O&P5G z;ll?F4ZJY%6s|JQ5#X5W>golGX(_^!;LIlXqeTvjVR3PBtz%qW*{($cA*!54)#*xL z>^T-A3EbSY1$hsf_#H{@Z7nrtV^mV@f{v>_(Ny@vJFq0YrT_Br8msSgX6NPx1_nw> zO0JHU><>| za$_u0$k(sPbvh5{V@hL|wE~BYRJ634>;17{q+r_q*WF}VOn8X{3UYEB_C8k&?k$at ze=TeA4Lq`HYsZaP_58Q)E)QC=W2>8+b(rv;E*m=X#&#SX9p@VCJB)GUJUkjTN)8SW zS?KAfYb=y>byE#0-q6$k9v*Jj&^d$6@Hy>Iw)spd=yBYOZ+O2FN+u>I#&jz7;pO@U zDAc|QgrLnex|Y192Mmdb_i6uZG2_~X`~L9VkrcFw@5h|~X{@SLl<^R>Gn?aOaF?Y^ zt(pGTVHjOHd9<{mqN0_Rm8+|(=DhcVxsCal^M#+?^g3UPvb}w%^?2b!j>+SpU84z8 zbXFFHq2ba_h~C4)L+Izv)3)^;9U>dW@Q|mA3jc?*j3;6;vI1p#uQmhP*rvutJ&P?( zca_VFi?H6+fB?u@1!2Tyv=nL6>U(W%?U4VDj{A)_a zf~NhA4K7yJx0u0AvU_`b&)!;5VQ*-d(QleEvo-ba-|0`3H#oSsA)h~6a}uJ5awJA$ zg3X+3_r0tCI5&8Ab#iiYaq-a}Y-CL`;vcYO4l827ECLA?DcP%B;24i5aE#xjJ3oO(o9l}jdQgM;NeOb`(fd>$TN ziorfSWIsJH!UR0*ydu^~O##~-k!%-VK4F_2T`qt)rk5gU)b|@9C)#d`D)GXrZL>N! z7>+;faWmC^_u{s-we|M)7LACTnuZ4KO6&PQIqN!|EakXFKy9r%@kRBaprVRH+wKlq zoLjYe=4EbfwlY%v6=Y>soti4zZ;K^!M)xj2p4u$Jo}Zs@W-;W5PD^{3&@_ZcL>${W z|MBC;)uQ(sA)y7q4tXc1(+MjJA-lJ4JKdLjul8$3NCn(%yWYG~oO-H-naWb8=OvDe zs(2%|T@!?8(QdNjfA=v@Y;I0aveuX3v5I7GZ%-I;30$=x zKR-V&ugtJRn45cYV#4)cw(c9BAxww;Qv0`o*Zc436_uD#OU|cnnAxM2HTh}k9v;{Iv2;@vh9kyR zc1;@zo^5K^7nhg9j@#siINS^@6cpYQ#mqL7(6lrTXXhQ4+jITbQ>8PlUUiaX?N^U? znx)z`ucSI2drBZo1pI03=6y=QaD_N@^R!dTnv&#Vd3@8+rpZ+N6!h(Um=0e-$b-3=3nBC{#S9rK%f)=nP*S_ ztexxBnSPL2P9`=Jb~btdz*k-z6`}>L)94G7MAJgdlk7IDawyQ^R|_R%LoS`kYky=l zB%5d0kMR5`2_c3P#r&K5;`QkKSj*tZCqk~qBr>h=^yv47p~+ad044f@O4CCxy=?5| z_jp3ILsSTPoyI`+SeDHTz{T6rzRQ~c$P$vGQgm(0eTXCXRglkhL;ME9)E4t=v-Y0H>=4`US`kKRBCp$UZbU5-)!J7vDVUk||c0 zDJP+09|Zl65hp1F{qWbY`nzP|M&ihyqymb+Bqe=X+WWmfY1y?NB{Kj+W$w*v(R$a=M@3sV8EuhLP=g4z|Vju ztqi;G58Edx0d6BQLKz%SfuCS@qe*^?dObgq0;l=m@w-^69ZH`2v&m@b*GLN5tA zCG0DTFvP$AHs%(#f6!ILi&gAPGYc~{H%}LK8yp_)v8tN|`MQ?#PLCOTnjRq{f71G3 z-yTh?>9MNnYl7UIQ#J9i{1qp=7`>;qmV!6pA$8}cB}t(te6qM62PjZ*0G+1=`2 zig{6{oePos4_Ai^1_lP8=sp$!eJP?AZ-)X1dXFjPWL_TcHP;8z;O~hga-jR?lL0Fy zY0v70js}c#{PJk&>BxPNV7n$Z)^P*>&178Sk@t-m;Bp#OzBFk1THte98TA*sHZMlM zpJ!mbs|u&*GS>DSplN*{uy%aqa70AX4JzNJmX_x<<-48kO}M-3V4+=jW-;7)JjelJ z$jgNf2+WYVn3uTPC>D#IDoE$&pwIU!4Thum<_VxzMxD7h!ib!qZlp@UY)FO@*L(Mo zxL@DiF8V(`5b*IS311P9Aw13JV)ei7xQUQw91`&t=H-3mP7E=}U*EXdxIuaO=oiVM zOk~uPIqKpCdx(?tzQBL>d%9QY_G+Yh)2lIv(bd0y|Ez6nGQ4(+xU8&%{ruj8N;52s zx`fO#XUy7$@pUR8p=oSvhu7mx#?$@QWCj6mqXL1|lBU|n{=rT__JzJp;d80>H3EH0 z+R)GssBpwR00f->md5LL6uHaJ_I=aQ};3pW$y<%cQUnqiibK^2P%)Xw)ULGKOqdSq@F>T9#G?=+M z8OxZA{cVJkBV6VU);r7<`y>Dl=^S22N%tymcC$6c0*~H;LtiS?*H(_foUO8!@cXDA z)olpDzyr)&!fSQl(U5&&q%7~r(q?5{5w?xL5kgwFio}t6MLlUS1={8b+)p=k7Z|md z7jJyQNVQNu%a-&4s>tX`n))BfYiB?u3LqdjTD))z@69Z!zz0UZcvAg`vr zNg&cl7p2i(Oa3-e5EKI5kyF&NaB1g^ZB31LF_Idwv08GLnebRo>E5yYTzW&}GlNK{ zSa&(wKTFzK+!@LbF=CKFgr^P;@$tI+;i2+b0Hsm@T_koE4NrBmY6io8k(VX*NW@F5 zXp%{Rb{Pr{bT~FsdI6Ce3F~gUN|+cDnt_Im{GS$}?Jg=!xx0|ah%dN*l&FpfC(c~E zYSi0qPHld=cG@an?eFddDk0kQIH^GYVWG`W-&5{2K#zWw7yQj&lz@48DfZhm(2=e) zkdvQe?2`o-B4io|gyPY1#H=2QEPL{PQuv!73HCe{XKkkE;EMjWKeL;`-bhrH z5qG4DsE+SS8OG>6d)~jW?k=#B%bC&+`s9`L$twL@m5v3SJG98Myh0ErOCOcZ-A*|* z5XFN)miR7C>+a~ZEqMTb1~Fum?>slHGcb-2Ew$^JZd-0F#6d>gfJw;acx8!$e2Bxl zATCOZ`Qt9y?Foyv&*r3Kmx7mUiQSiK1zHM&lf?4XM{3b~?QPt589)fatY8z^R zWrU>DmM-JIE!R4#fE!004BB!kuw$t~A%vJw-r;)B6e=$#d$N4NXf1!J0Sktf_|kS# zMhg*e#f5qG#r~BK_(ZAr49E_|Y46?v=J?sdi1nR3w6x_=Kn&e<#fZB0Zd_CRG&6)7 z2MkRm=aZasCk(@cg9PZlh~Ntw3Nnllpn~W&mp`$yt;YC#<8#5d60Ef|n_WCAWCu*y zI)r>qM2J?Hde{kk9SGMDA|Oq`JZ@}MU3MRXr->Q@w(($M5+04f8#o&|-1yz-c^@DY z!NG#05wau+(vFBP>Wj;BI7kWWZpz|n1Zj&Kvt%%~pq;Itr#0+D`phdI=lr;yzE9!L z8T|rS7a8`vm_D~{E~mjwRp3g^%r>3|qS3u$kQN@w_@5UG5J-ubn5CTgFCM^nrcQBj z60ajoB~fx7)wOD)O1jw&HtiA)#%6EqE*_jvGZjN<$vFLDu;yxNUUxhZVqm#*VTcBsO_&W zYP+;J-({#lbKqxS%B7iKyB>E*Vb-XMReMgmA87PGqyOQx~4B<-L2DI=t@LZ^(7cW&TDx zQ7CrOIb#>!zDZu+0e;L5M0gf*^5y-R8vZnNirlF^T^*g(wY7>mUnM1sG{vjho>BsY zpscnweR9mkrY2?|duNNT0?0m6nrs`hP1EIm>l2oEfBCZMGV0KMpKhm~ z5!gt&5I}Gsd6AHiXbQpyE8E!YrEuAZQ%2X+oUKKPv{P5`R~k?VF9KZx{`eFqyrx(_ z`hNg~IzCR^WGMNU90~lXd}_euxH9=8$B1Q>%F1iS#yQki-%5WtiHQ)Uh?d4-pD|@; z9$M)n-k2H(ts(Yp&Uw+!ALA1fy}i937h7+xPu4aK0h2J~-Ua|#CN7ECeP*qsf)z-+{8nlE5cjQ{1x42C{NX_h#DnEPc)u(5~L)JWd6^X93%8FFMWtp?!ECa831rg(Qk z2Fc;m&IH~bZq}G(YC-{#LjLOKU!W0L*`VokUEND+gNcu&H!+!x)ovRd1-n^X<{vO* z>e18;ii*wR^76xzKC-LR)8>mw-6gL*W@q0pOhQspzqJS+KM={gwlU`i^gH~P&u`1n@< zJOl1WTtedGLbK~6GZ7)7AGr4J_LegE+Na&1;=dIGWK_ItUYF6b125nQ!!KoFiMlh# zxS5rB2qPrW6hH$5EWy9(%3iziY*^S`ftEF~K)f4XqjEq$>!a zjs=f`laqx{MOmJll9ryeXKrA1P0JPGovW_*(eLdz*|b-9$oT$RK`)DHZ7i?MUY2 z@D$+7htq*KC@3g>eSH|Df|e|s0Du1*8yf=B9%;&GICyxVPuSc9oFR`AVqsBHQ5n!w zTufCI(pF$YC;*Q#F*^%*6#uK1r3ZlH+b0twbE=w}Jcm-aHs=a3gwB9P3E!;8Y8rTM z08Vqm_iEv4)}|u4Mdt-;jxs%H+Q5k&JitmJf0d!eA$f(lzxMIuk4nLmW`pZ_L}b7E zpXuedjo00Ts9$>Dt;KNlhk>|NM6+9S;p94#5Nq{FCHP+DPv%$=PBjqb?XC%RbYR0! zgvn0|u+Q=^nsX57;l1XkCl_Kjwl%J9%o^3}4di2g8Qe>EOBSsd$JMZyP&Z%Q0v}%7 z-o7aK>m^04*+7CxU*yEZL>urSC`FOlZEVK}_v`H#6HP)dd$q;R1KM($LV* z-n3t@;wrtMsI?l)2SF6@dw}mW28#^rI%%r}X&)aci`6g#0Ct$H`u0a4)=GBaPm{gC zYZ`9p3w~?q<5cbLQfhDdZNU6wy0ow};Jok)a81zD^uifT_r=D`c@O%dQ}yn4I_Y*Z z3$w8_Byg+`QeQAZjiujBC50>p4K!lg)@fUu=nv~PJ)W_}3+np7o=+x$X(^khVpRtU z&9VtaMFxf7ux?ZSGtU>Kq%s3P%}IYM0A;3C{OfohbPI-z6oot5j^oRDrs|Dm*FIX> z@LeK1!)TKtlE6GR-#{XYTFDV1GfG7Ul9=z`G|)B?*q7QXD6rj$J@P~ z7b(!Jl$4aDq@=;Y!KKH`hPnEWuUUW!NNenBn6T4F)6{ewk;{Ia$I%b4>fh&?vh(%K*=(v`Z5BJq7NvYw zLi^Hd=|#?tbTVVh9lOGUbINDS7~=FGRH2|S42TO8vvT;?)B+l6OG#K&gMk&#x}}M{ zO99P|p9F-d9A{WRN=uoV^hgN_t;=_-Yicq)Hm&0Qq@d`sOX29~SYmwt+851$S)M@fqlMags zrz$kP *nx^VaqZ3ZTuV5pypOJveDwX0(24=7@{LR$M^(?rehG8?L(W#!O*@fkF~ zZ~J;?s@M`{Kl~>yqU0g{OuT%4e>Nf|DS0?shXPvj0cPJ6r zcfmiV21Z>g=kR`0AOkQfBAI2o+wTVAP~)JWVGWHnbmIxhTx^AfwuE9@Aan#WFnL0> zVi}+zV&cgnADk*EYzKmu5^j3ZBVxjOHLjwGJrN;i#r1W#iFM+c194fP8}JIs%HB|s zg&U;g4F3>T+uCc4KLjFUT1ojrLhKIQJIxmmqnE+A9(!n?ck3^EShYmF@L-Lr;NPU| zkdiVKmMx{H4w=;0wQ{|M&e&k&X(v@+M0K;2+IN!l>;gS2O@x9j(|ZNR@m)}N107_` zR7Hq27LXb#nFffYNxrtT{P}$1mtI`vk3`Jx75=Cfx1va3tE#q4f)h{kr$2&wHfB@= z4BYJcbbXu|*kP>@5`$&|z_S=V3WTQkjbvwV9kLPT`qu2>U5zI|Tnb^5cQNV=@DMx_ z8%-$vMr4q^OV0SFErov7HNwmj zU5U1A$?`XKuB5}mD1u|mnnge^q(G}`=R@rC2_TcabtM-E{KNJy_W2t zP`mk}7mGj1!=TDI^w16x4>7I$2&dAeA%Hp8wwJI(Q%}m;zC|7W5*Ssm9ld6pqNW4V zML_-Wd*z(ysYiV8Q;2{{K_doCCq9zU#)ipeK|S^Cqf4+uIrjK$np7B~m6GvOu}(dJ z5=1RiBoSUeW)eLg4W?5R07r}0C7^x<(WSA5i6qV7>79B+suwIpB>2YPAP|B^LRGxt^@%RUROdm|LEPmAgp`XgDT zvzyD>EKFU1Nb$S-Mqfm~Db|4LyEUw2v7&KHX`qOC;5`FcRBTZwXch^NNKpr#&DO&s z%R-1l!^n~M2=mp7>lkEQybZn5-xgM1{LA$4F*ClONc@x{pAX(y_z>peBnxDZ(BN{r zalIeces+}HIMLyq6pEfBpn9)1&IbBqcieb@om`!=+YCy_=Evsd$5LP7dY19g{x+>{ zQQl_3VR2*yyOJPA8|}1aqONmL^v{Vlt(~7Q+Pq*b8pvShZV`b1Jui4fn20=C{?fq> zd<<5NItPVqiikiX7ibW0tS=hOa80qS)Qwvgd<-cti$5N1zk2l*1FaoaV+;Yj;L&N$ zT5oOvTp^YwkCV~$`8@e{(f`xNvoX1>oW%z8u4TgK5hV7`#w2G=?8y)xhB{0NqFqg^J(Q;7=QgFfnY7ywBzmAyO4-Eq;i^N5QYy>SMD|ycxihJQrYLZG^ zL#?$-bM0^FnS+ec5OH%Rr^#PSpg=?l*73e;XJ)30mS%W4pm)vfJP|o+$@I~VB(eVo z?+>6~XtV?)CMJkgG>rWrjVbP|bo4wqc0L-x{oN1e8Use03EXu6rcy+uk`R65*}^y= z#fcN4q`+A@!e2SE;3RwlelEyQa%t{pnR^zFjhYv5yaGimfRTV$q!DD|K)@pcTJ>Wp ztS}thSD3i3j99@%+)DH~wg}xL3(SL4i0-vBK%zezso11q#!C3HL>DnhRMe9OIV1*` zC;}7c#mjts4bwZox(e$3$bo^;Lginyr46*)**PF0;TUPcB_oVMwE*v=K=g>>#rh+| zMWIEtvkB>oZ-zIVljM~&6AK~!v?TsHlfWhf*kv){Lga_PMgRiFgX)u~bE8$zriD2F z==eg;q%{|RT4;DpMrvx*@Ay{g*i3Y}Tq-Q94z0oLF*M0Fc9EsGN*H}VQb`71$`ips z8rwgF}VAW!Vi)ZtKPJ^2KtNun$>(3ug$nvuYuEIvm`5e0+IHYV`Tz){G&6kM6?i zKr8--lQyt%^>T;oH#Jt&klV`Hj~kz8Wr)9((PCyO);v?r==Aiomb$uYRduzCj~%(Qo`rrDLQ&(eLYxUSS3lNs5ds2J;X_jEl&Vr2KnkB6gHlPfboqXokM>l_LU1WAc_yr-upM@d+Fa=!Jk8$(~r=ycZRR7ODp znvD861w;7DwP#7$RvFGXBa@D{@c4KN=_EiJ3LtOft^^_`(8AjD@8hU z-cRR!dH4X@sz7Vj+5A=%2?B}SZs@p6bGEj=tngO|#GdB~I$En)dAP~|&1+j*R3QH? zh5AH-X>=DA7xQ1=Y!QrzLc5Gf>Q;g33dS8BQVNd~2Z1bWf$B3! zQIQjG5T%BkWptEASsBKG;D0{>NSv0P4f>0ocJJTkJqte*MgNqU6Nom!fdT_h^WPUOOnUlf_kwf={h;o$KL2!wVIPB>G!xEZ9TrpCmG<%|M#AZk#T zGN|P=G%h{ec@CK-LuhcC`+6GtdcfL;94QEJxmuo?TWL=HbcYWhsq7@fg@k`1{~~g~ zg0Zx|p`fTJ+53w&KNtFeakJ?I>nmGyM1yiZ6~_2C4~OocGuH0s_vEuz1`yYL*k(ml z)k%9OncYWAsJzUIg!r+b(95u3fjHdv-@dt|3GirX?_lB8Z$3SaptZZaFyaG?Xfr-F zbp_a$SJ2fV|A&EvZlD?@0!`tl48vid83~$Bimb0kB=w?aU^^kRZ>7M5I`lR10dgU+ zCX*>CJsWCi%Rm?Zg(D zzn=5SDnKX>h{+|0WS+S}y|TWW1mHKN-cPWro119%t!zk{2a?Jf>0g57JYir^ zR$%G5qEnjGPzRda?!(z8XFbMeWsDZ?_;?gE^sujs^?RK5ljk(RDC%jyQ~b*g+{qHa8no>YPxq^O>fI7qbo8D zRaLPM$$40Xh0EDqWv1vs+Y|8zX0#`#fG{0WkA^I3B*9oxOlfTV>=A~<{Ax)VQNRVl zzl9Z*m;XvzMF5(V`J5aen)b9C9nFb|0BpU{9Pk2--0Es}WaK~adq)Q$GRycZl(hNJ zPWY9mu(TXcOti^}l#Pw*xf%QaoiEPM2a-|*xVg9S(IQ&I!e{XH?D(Ac6-h66PUPiz zrI66`bM%yy7RGS^1wGB3G)=7avUeN@3GY&iwXMsD&IW2MK^vhfJqd03E}581{4D0^&dpjMm7$QP99b7j!r}VQA^->U5a@qqo5e zao{Hv4)z!oRnQf|TV7wUb=vrYZ|LJ_Yz*`KzCt4@aP3N-$4{SL+c))Ea)Jnj_f?!y z=x)EJqU|yzDr&@eLNZm7gvi5 zmsV3ZD4(!Q*jfiX!GyZHr-x@qaEPm`3o06FPfwo!5}X+g4X9eUs7%BdKNeS9U0$G} zqTAVgOe6T#YfhJ+`z^e;OhMsMRJ5HV@I6CZxP*kyCvt9KKU2%XoHAx=rorxky*?vt zZGg(EYsY&hxG4FXJ1Qy~N?r>x{!yncE-(CBI5FVtgrlljr>=gOo}M+3;Og#%et9L; z*NYVV6NryriWLzM#A0JdxVml{!TS3CJ2?T;L-eZ->Qx6`d0JK4Sc+iqf|X>B=U!O@ zIx+7tAY+MK`R8|lB~UzXrF|F!12tCIz?ynOyt<}ZaBzrYTFdpbP+6 z-Y$Hoo)pSbL;uRlC1l|PK7Im`4pM3Ttdzq=hQD1>0S$)b zVNg9k!9QnWt%}LXN&Ak6gzgoGrg@RalPG1`XJ2|w+(vB%em7>((&q(0h`Q)~6ruuL zvF^W2{yI;MvB7rcbf+Lgi~$K!=>&oTBp@Ex)3cWAe{q7f>iN}b@QDAPOpmAkKjE*d zOKxyz6e`Bj{^BHyq21y;Cy(nj3_)@NvJAuGx`9Ls8tSAeJyB@eC7^qkp1qqzVAor@|C?>#RAj5Iek58p9BO6m@RFfQHPgp)Gt$9Iq)&kJ53at+@sm@)8;h>SQnYOe;tKhjwo|Of%tuH(iaB{b{15p;_7Y_Y*riMbXhu_j`szL}0Zr zuA+b&7piIUG`JG+xYakL+RGzhh#Zgj+v&Dkp3r2~m;av@0Fm@9)V03hXue&DM$qT3 z*%idJnnR1LZVdn9VS%xlI%%8YRcyv%T(5acW3%0S^TgDW|LvlJZUgDa0LPP$ z;2Zn1`j03+W&vE_WqLJ6DQe`o#`jJ)3l|zLE;9m0#Cjc%zu#d{1XGicWGs1Z>5h&f z^4Pwjf74-%XfGjU=yNtSV%PD|&1EAC`YvC+6%e|?9wC%X-tSFaElj!X;)q$+R-NSN z+WT@a?#>zBukPI)+6cJ~wu*MyR20!*o!Py)2TnAjjLGQ?Tn=(A&oUi&(8UKovt5{`I@r7 zLKnF<+HQ7@nwrcPIq6wJB>k&*aTw#~w)il_BM?RUQOK=y@BW5}bl8-Y*!Oy6J(Tp; z^Iedkxw-xO(b7}}7xyDUxBYh2f?eSo@qeRL-|3)$+5;xsxieajj>Rv482TB=nd`WD zcz8IaX=3`){Zb@zLZl?i^*e;0_Ge1SE`FEmuPiPSu(73)kX(t}AD-nWlz||-sJlt*61=4{`*eYXRk~9PQJ4(y;x&$d)ae$1m1#!W<}q6 z1xd!9F9(@2a)J0Yb$ndzyj4CevwFAyr63H&ZZqj~FJPRZsWI1&u!=zQjrK?&(ReGW);nmjyb7`EKHd1~kw=(031>Q+{pPwgVU zUQWiVyHageqf%u-L0kt1b4Sg4UEYUmKubKQFHU)e0g3}s1B1<)T`0vHvJ9Yr)P~ht zkl7)7b$th3uF=z;Svl&kx3=^+8sf3A>+qbb#}38F;Pvr1yF5Vg-tCnAcz4y|KRS1( zCMP!-Nn&_3FQez@?#P0Xto|+XR8VMi!ySKVPSE)4;(ODE{%wxE@siA$_$H(UvoZUe|c87;kvr$d4Dgq|ddD;$^+hs&N^$qpIt!$iv z^Ol_GXy~-mbR%m>FuI~9H720zFgwGLk^W`*v?YA+u>2K)XyTH->brOIC5!sipFWZK zZy#;xJx-bexgUc|^ZNphCu?E-VMpgwLW1N)^W9Ag5dazCElMGklt5}mjBfFiYJd1R zGXe@J)ptS4^ye+R=RgC^PKe4_cMIgYo`UIf-^xj9wi|f~(;iPc9$iNc7q&W{9#x#3 z4|gY~_zRn2PuE9tQtRyw4);My?Y~In@%He%aC6V#ceCyO*q~qau(aeoV#z9xUx5eu zTD3aNX^IxCuL$dO>{%UniLt_RmFekC*;BiL;+QbvbC=QI9hW*;KmaxAv4~>I=EcZn zRZiQUkpiuKysSDyJotY^`qsef7xA(ZIV#Ca2^u96J1(|(;bM7=xX6Lzje_YnG*$Q>- z3t8wtEqo6!P7okaR}U57qxBb=nTas8riKDw-DlT1~fI$ccD z1XQlE{F`1g{IIv4OF2(o5=w?m`iM&gw;BZo1l4cP1o2U4j<-#dYc01;{0Wo0*R5=)ofZ-!H|;ee%qD>ze|*?oI3mQtV02H( zL7=2nj`^hoJ?V7C^B{c*2^X1WU;<1Ze#7)}n~#P}>FjjWl#{+Uky3y?B=`W_syI*< zC?U5W=~uF?Jl%`++08wQk1teA8Za;4x0z1*7_%2NtS`RTDM(YZ-SwjWbTy~k(gzqq zdQ?=Im+_7~JZMJCEq})I*SjCiE1hpAb6uf2sz(!2L{B61ss}7~hcgxV1^G|6UNe8O znm!xh?MC^mT z&a-ld`M~<~NnWujzwCmv%#@VFjTr*LyCf0+EurIq)U4y8{C$J3e#91*8GHAJD z8XHr@z2%Nu7C#-x8mwxhe~1_%K0sk147RtnyKTpdZ;7!2e$sbZ>&14l3=RMCZdXG? z1(lFQU?C~`nIV@Dzfyb6kmKWNbF+YyBHi0=YH|~~y?J(geZ78q))3monCSit^+TrZ zp80^A(7YMpBfpP}_?D8F&afWB1!!Ez8E>F7L2g(E)!Wg3Ysn&fp?Lztw_m-P$r_D) zZtxT?X!#+08=B9L$X>Mq+|u_DsH0Ow2-bgEO5c7>AMYnTWJ1%>>Ngc)FBlpV{?k+P zZCKa$2!;Gr5#!s*Yf4I9RTa4CH*ItS=^L%-;O#p%#C&`S60!=F0`DGTe8m^*!9b9o z?Cgyb0PUN2NRc!4d|9)ef`S4-rn=_ob>3xl-iKTB0J<~aK!*_nZsZ-wZwIB6Guww0 zp-t1%=MC62H*enjL4|$NlGQ&i4!~I&pN?n6pvCg9%lN;_+;vM@eGYeM}hNnBSB3>Q$RC-_|ZLcTgyZ z`@s78LiS7>5w|Z6reaHmpVgIdt9tQ2_6t12-`F}FOx#4zXJlg3T(io+imSUsh-q8AhE4GWD0$-fQtOdP#)(fQb`mmKo!xaI<*70YhVO-ScKvtj%3_)6=?pN!mc#)!vA8IauO=!M zrn!B*F1UxfTkUEu|7=!#AJx!m>apO0QYYxSrAPMV{w%cind!G=>T| zbkM-6fDkfUz#G*h2!`rE%$ha@P!B*R)NkTS%o#}HB8W#4B1_ySkzQ4|&+w|8POG%o zlZ4EP=zai`=jeLK>+EbtswGLRR}BW-3}H)-RpsU7ctm33&_d}QA7^u8&yRfZrvnb7 zT&CjVghvTkjiv-Cl^ay@h?H;L=H~S3iPWs7rS0G;#$$JUmXKxWHzye;QMkMQ;W zYcx&Rm$I$&8>y(&zi|CrURrAH>JoeL2S0}ak#+au78U}pW@k3UQ%s-#7`b`6FMd-r zC*F%SMwS8TvUXF^4%7Fj(VqyxBB42B?O^8aPH~i0`ua8QASg;DUB+WXDF0G>5ZJa? zZZ>)+di63wLePA%do?Aosj3p!exG{MhxlVz<7*I2{LWnx4;K>*Q!teu_Rjf6)|c*+6N?J?P?gwQE( zZ?UtpS6=FFa&kp@J|tddeitxx+S{@eQ#Z%t6<%Gq0GCP`Rc5&tdhrt0)V1FdrS{VGP{FW6X*G8t4R@CN&@b zW2%c$Hpfk&w~y;kgVR3s@$Y%FVu{H}f$VlySeT79^3#X7xKJnOg4VWA$Y88$pSi&D zxVYL{(ZPENK1z72Yk)CK6n19#*&L$oq$-voZvsneQ>&%-t53&kDyz$*muV@o0Z9@0!S$r&TFxtknFz(%JeJdS5)yv%u`)QWs&H#r zRV96+gX;XlD>mjfO#UPIlzSgnY)^Mog)LX2L_MNz$VWK)oE_E|=*AVha1Gw$>t3hv z7V7WhI4teXx^f|96P9R|Pe7nf==pMK8#OLYrLeHxy4>o+RWhKru29f<< zxLQ%3NOi+)sbX5q`IVURXELUT%A?F4s9z21d+R=X$VZ`}raotG4S7$tO}l}_H3>ih+o_=u_d>74eptG0aVbIxtEbwX@W3ZEYRdOs;YP!E%);D&n}>5{7okSrSv99>+l zd33D zrMfTA@d5yyGGWwl@$q-!I-Zo8NXy6opG#G>KPHA0ee=Xu0*D-CB_%I}K2Ui0Ft4yM z?9Cerac|G(&*uO#3n(N&XaPcL5aS*X_$ve$~4 z%uGzs3D4oZfG{H=mhT|}Gi#6G@Ywj(0NsXXCMHZz%*@QbIqAa0>(Tp#MY}<*Y{cBhM_;F^b@kMGHM76@Sr6l{yTIFN4scvv|I}KJG}et2Z0P8 z4);?3PVOqv5d!9rx{xZs-x8cG|Nk#nAF1^ajBQ`t&xTb7QvKxs$w4M~w*d5etJ?v# z(B9r{cTh7oCnx=KLVWy`*S?;Nj0~7H#AduX&<7D&RKrFf61jcOJV`^MfdU>EclUYI zTNo6;BA1nwO-(($bt`Q!S5uV=G))4pT$e{EU!n+&iHv+^V{--;3%F-yr6e@7S}93{ zhnrjW;X^(io>U|)0)bBjpFFGOC$_j_>S@DPFxz|$klEJB|hPt{p2YdhZX;bJU z=@{R)Msf1+@W{!^esd*4Nc5*FU+`U)4T>TnSAspohP70t8l_`wdXGS8W5P*p&k7Z?RO$=~M^=mrt-H3Igqy1JU=YXd;30rU!N_DeSXEiGmfU+rP``Eqjoud7^R@%B_7yR@<;5Xs)-mW zK7c0;x{*~!7q;>v?OvR4SXAUFlt1!+j=+qcADfo~VIT@RhL6=CDHsLu*9z(%`m zHy2MYEPSjlexj_UrRBE2R&(hx#q!Fr-XjJg=sqsu%h@VjrTby$+YMOfUwgYN*YDqN zY-|*ND65R30c)WG|FsOboK;|@TRLnl@2+6pmxTCk-ZrAdPWr;q0?%gp%zd~3_6ZIG z1v$AgmAo_(i4?FJv74Fw>9o0d?>f_4^1G4CQr!wH#8a#so%K#^yDbs5`aWpTuqw!+ zNi?P?`;D1fTPL3PDg1f(C$qJ6=uYg1UUnsiB zUH@z-p5L)5!#nm*p~t@1Xp!Mox?FN*x>;K{fOnP=kPZO+@NIPMX_f!QoL4O0mdeT$ z7P^d0O)Xu7XEt5W=9+EKm)U5<#dAtq6xd09$jQiV5^gLpCo6;KqQvuG6*c#2KZ2Xi zsdDc;URR}(;(7X{tmPYMTfM|o!+uOyAaFs?fmndWeiwY3^lj6L`)Q7I4P732eTADQ?E zR0<=jgppX4)y)N3y?qlRS+VC1%L58rb&J9#9Z}!DT^-J^K8Lsx{(5SvT(`g|K<@0U zulbd9T5ntVj%MJYr}y*wjoXD>3(b5+ePQc|;xb;yL><+%0kwY)WLdMIOjr!y$pdmV z;mK`Ztd&ID7q+q8XNvC!IeYGnjsx;kTH2ITZ|gEnOP%ZERzs)ZaB-#p*Ymlse7-%4 zLj=O&asW|T5I7;RM6r%8n?ESXmDD2x8rIgZ&kws}O*?}1iv0*x^wi6DqBZ?MDB7}VkxYr2=2`rF3bH@D{7H47ff%PyMP>VGk4xO|;yqQ*J2O)x_* zaF6GjB*n^#CLoQaY}e(yy|L@gs-_t+Yc*~gAMa@dOc7Hf5IA^@X30a%VO+*W2bV6& z#;R$mpL))GZx~QZmDpILw0#)%rs}cwk+beZb$e_@MR_za$?o0`{5EnDEOETXGWOE@ zxTEdvyA?K%KJv-UuitMc*n3Wd7Xa0u*ih%HgZJ6zm0{+YOgySW+ zYM4t5my3%d{_bWr$d2fi%U5}hz99kk=1=HsZ*QyAy%o&{r1g%`(n%2!PE+IZ@-Jif zluS=B)C|mMRBt3q_Vtx;(lxZSwEP$tusu1b=en_29#yLje*UG8)IAT>`PuQCqa*R$ zoTrD);%C#dKcN#=GSM`ovGvPP^?hUTwZ3tSF!H-wGq12?G&DFmJLw~W<9n)1;oVie zYSYrvAUrq<`{>{4v5Y>8K_DEd;jSq`h-jFUt6;`1{%m`^xzF8j;nzk=@niSu-lijW zVGj>|AD_TfLzs!R+DMgLX^Ls%9SLh~=q*mId-`Sn+^bchQ2i(Y(jT{jeXs)Xc6b*P z6BC)=(Ll?+;)R{7#U)#DaZIdRyDisVO4za9nzL~`j56;BEbr{>oS@gqX26RDBoH{p z$Iea*eW=7eKM+0>wfgY;=w6D%{o@Zco}TRa`5+%qotc>#(#*zs`{+3G9)fW*x z9B@`dHR=yDh8KHh&dxMnI6%2Q0KPbz1Ue6b(_XP|XD47Qwsj{C)4gf1D*oYuQ|@eZ ztmfyM`j7VZlaIe&4sdhpH|+$bU9Cx{%z7;uYAwm*uw;4q-4}|n=JdkC`tyVJk^t{0P z1iXCNfFmP={z-z?j#@b8-yRC*5kpQ+9{P3$?S#B0C)F~Q-xxLqMw60lmv1&Bx+bfg z$6Q0b5C~%laF|3yH+8#AR1+mP+eT2|d=c=5&>Ps^*~!bvNyLazD9o2;k z7s^VMV`8H&Vq?Rrp7{CswUuqEvOO=w#Kg=7y@8Y)==#tVA!M1@eXiQ(AW+k=;rii_6+Euhe4Jp&p1y{w{qb);-*r1-fSHW(y17{}93X=z?w0Fkdt zge{1OiMNnQ1Kx(;GHqKq$KAVv%$eL=Vav35w4@<|FkS+}9H^y02MCeEV+M)OGCtz` zb6VQ-2ER-66xRJ+iOv+lBhVO7?-^0yUT_mCVwJ)!y41yic{i+U*7s;A6d7 z7P|i>#?u&#G+@d(0Io4?rFktX(CXruV z)|Wxrr5GaU>Ub{{ELfM&^%~SRGGSCe8mzTHJ%Zy#E#{gsvKj)Y6H)22hx3cS9a(SP z5@Iltmy&`&Z|IBd;Nd^T~iZud`e2bhes0S#3=)U3ou(^o(JKC&nzuN=-^;S!s$dZ zb8zIRrQP2mzc0V){JSM$ZOx|j`QPFV`?`D&N6G(Gp7|3whWt~kSu+YJMSTm0R96l% z5h{A&BtDS*;wBfN4l|IIyJW1yV%+?`B$*#wz_s~80T&K=`=381zyxDv&YW)tuGUsN z$Y_BKM)RDZY_>7_6HQHZK@XjMD3Vd(smE$L6sp{D9q-;<`FB+YyKw>q{3;4{g+{Dn z-T_Xbo~|xh0B-gNuBqt)@Xwr`oE|4Wj>yT)U2=2>7VF?WmTwE&g0@qr#l-{QAPx@< zxO#YaxVoxoYSKVe2cJAa(3X19Vdd1q-24eh5@bD2dm9=mDk`d~q7rDw)svT(XFu08 zIzGNWTDkzd9Z}dkgNhAt@J@i<9~ohBvobX79T-U8s6`-lAX{)mCvOFM)n9ejz6V@3 zUjIr?LgEBKHyZDQnWj)m;wIIvP{+Z0-nen&F_r&?3Y*EJy>VNh6G2t-*+nPQ<3ySHH=ymkAMKWchM3c7~USZRCZot62 zRsbrc2Ag~Gw1hj=j{|nd5eVV~^mhb&Y@feFj^A24=i%<|ygs%1>lgQLxM6%eFv&N+ ze*Fr#Om;=>5)>am0Lz$_l~>o*MJ+7s4@kb02#<>5d-el|k}|<*Wk{}0l7kQjSi<>v zc^?xKAzh&aR^aWe+kH@Y8Rw?6%jM%=z3S8T=x0+C2%Lea4ir1kgb(!h2elCBGwymY zz{*adX1fFkGQ;GkXY3>G>k5#$A~2vou%M7laU zKJr0p^>=PzUA(Z%n%||%ATq?MR|T6X=&@&|qobps(5{}V0c{Q_`NPA*f#6IU!f!oR z228oBIxn4)h=njb1h)~?vt!xm=|2FenH{iRf9?%e{VQy>3+0N^N1=N-ufxI$Ve7NA zTRS@^>%6KfDg;T~2CoG*-gR15b8sj@Ny;g$?#q^pqCln$V3V+NK%S#QItCLyv#@|# z9f+Xq;Nxy~f%FqYa=S!O?bokbM-6f`u~AXP#Ka8D%$gb+P_UF&R4_9z@bU2hA=K2! z$jH>Ry0X%Gq{#5+8xmbkL1AH?y?&pwECk~IgG?l3+|u^;n>p&aMzMhP^*TS@2cZ<; zU()+a$pFQeSn9z8Z>W0#r&11#wvrN%%Ayo@W|xit_MGB7z|aN-HLJECi$;R0GASJe z+jn+wp!Wx_y>aN-dSoRq-rOv+rKPe9TZV;1mFN}0fPkI-;g$i|Bq*~*&VwpTBsS>N zT>*o%wvNu*2Ei*?{jZKoeRNWn5abjOSuo0!Wn{2p+r5^f_R-a!;zt%%QvY!1uXuPI zqfl0`=}WPz)Z*T6aX$|<23>_V*Wv#BDYaaxvKCYqUPq3t-?z3L%+KF*L`9~80o2yj zC3P>9YO%L&MMe_Q(9lH4s=*V1^la|?o>}RElvEK6c|)A`P)~rFO3&LBmB-~KGJ;;S zSCY6X0U$mW8rlht)rjm%S(z48V$|D*Czr`MAAS@n{`^^5+Y$iJwo^5)C0Y4FI;tMX zeCy~nx_PA;bXJCjG)g{pnkZn0Dm`KWrZ6lE2wYK9Q%9CA1E-aRjct2#6LuPU^3a(m z@z&7LP*Lf7iHZGH*T&G04tVriTVM=xc0!S%vO^Wc#Wy6?5WcC<4(X8uLN~0Z=s8`b zydp4#VYNV1Y){yh(ych=HeDe~_E|jD*1pXe1#w@ObGW_TGNn;5t=Cl~NsE1L zbycs_1idKi9306y|2ie*%IxfSn2-qzFRpUw~@@9YZVz_(4j3?K)@N|CMPE+Xcj`_g~7iADDj|#HP;jx5*)m-zYi<$UC$^z zFFzkl6-;t+Vgd$jL_|cOOxJ>tQTg&YIyxG-`mzP1YC1Z(g@s&kq_HtERbRi7Q&3!S z9LanbcLzKW5MqJB35^kLmHWx@w46^$(t*TJOKULmJpgE}kz4}MAOZ|O2nZAvagXj| zlaL?`TI^P&dmbO}uiIK!jFp*RAG|lv0{u67&=f$8r22WW9uI|-sHmtwdgAF>gSW?j zF-HW2j=a-bSUu(tIgE<6ARz;14gIXnZpcg{6u%i_BRJ5e)o(LhM@2=IUswnWXTOIU z&GZh#j=C5`g($dI<*V*9$1Ya=J_E@g< zl@&{KbJ+BiwY8W$JLrz$UT4~=W}*WLI7ZMd1Z3_O?BLGMZ#yCX@c-sk-@JLV)Sn3k z3kRsVsY&I)Bzoaj!>bD0X(r5@gw$aRzkkC?t#jX99@h5(6$yCHP;#E{O-&|1c#q6I z@rFhq%&+u{3|=NAjDJ>$WjH?!^EqjpoD}8e-hjZKt63PMJFe@H&qW_k`a~O1HPS-$zEm=Y+WE zyx2o084NcXNIQH*TqY{3AV{U7!Br6MjV-`-%E~uuvy1bW*+B242!cO6UD&HoSSB`;O0r|l% z<>k=Qswgj~0{_p;3)pD_i(8n91|&EaPYd+b)s4XdY;DDV^o)H1jssj0Eri(;aSKKa zWL!^mm6auMHg|SvJoY*17&tgOVavcYF!NhYO3~TW@8425#YIKoQz{C3V!i6>>LS!i zw1gkxnrr9j}K`37bH~FgL$JMa6M9608dyeOz2( zZS0^e9x2|}7)YQ~>G1hC=M=QiBWWr?j4Ebu|&+zDQAmi!@pE)u=IyP3} zSlQmbxNH=yr-6Ny+R@GqA~a@lcjj#9?O0ic+gx1xySrXZ7!jmxV6uuIg<$3&UsCh= z^G|e42&jCq&}L(|JdoYD+9DQXwGFw_wQJWR!{$JH1uB8x^;fI;)ayMwA3*179wNhM z5PJYo(?~T^)>hZ8L!~}Zr;PP%IL9`bMMcUgEKW04C|(io6W88P(i7)k4kP83WOP6J z`%6E4ngw|fs5#yaI^JON(-z024C!0qw`5-4)Z04~8Ztq(nq2PoHu= zS(~3%*VbNMU#B4_KX}V;tRM$U*bpruBCgT>Xaax&Q{c~MpnD3b21sXuW&r2YngeJs zL!RTepKa7P$K8Wb>2od?`rw75BZI$xU?5D9;P6dBN&!70FtFdYnBOxWB$R}SiikkN z2&yUz3kzszkaFspLG`e(AaizH)LysYv-VivHo{k>cf-qCIdHBy%yzWoGkBrwd5`@y zsGPyyQqcK#FF=X`Iorh4lo-q;j&dg;O9us85RHN4hL@Mu(%KqIVW-P^fpD(S!r9t)tj)$g{tun2 ztnZNGgUK9wLD^{ug38dk{22j*q{lEmlOTcoit6S~DEYujSoB6lM=PCHG$0d(a`@j9 zufIgxRVp+6zktBCM$ z2`4@T;_oytE4Z%i3_=V$JA1kU6u=-a#FGSF$iEju_R)R5h#qr|!B_yHCgUvodXoX+ zI|NNNM0Dg8*1ylBK;M>1B;Dt_IAG8^M=~3KwT*z~!*mC2V{I z&px}ldU~`{nEU6z#nBPeonP*Ou|wp}^Mk5Y`z;e`NOl*Zryktx$;MpRXl12zKme1C z4b|>0-o)3ULM3*h-ca;(%hmf?YIsJD&K!=r2QHoC{YLL(em>r`iVAEjtU7MR0;PRFeZwu$t$&kT|=x z*3y}P8~VVBwCC=#)QuAz+uGwk1$)b(e+Eb}({cwH5x3`)Rhr!&dj+{uke3&;3SwfC z_1%|_*6TrvNfkY5;)N$tEP*=H+#i9J9y(zzE||?L=8Cwi&D5WJ&9#vLqyu4w1*64* zmQYH;z%ZIH0oSqGyoB&IK`)d;Sh(TZ8Z<*`{Rt^u_Cq>5|Fbblfp>YceKLh< zhX7wYCkKEse>rpYB*Z-Oc!$1F5lji^F<&HU+h;Pa_-vyf;uW(7G#f^=*cO;9? z&xM&E9XUa6JX%*<`AIUlp=f(6zS5Gczg6xi@)jWMdC6^!OjO9>3rWg|AaT!d2RtT^ zYNmjuMw0g&fhA})xos;JYVp83iR!xrOi$`1Bq;oNw$v6XE$x+Lo=cv6Pxo#^ES08g&_PoU*|?fhCksN zjZd)jr-^hJM#&1XuA96nCCG8ekM-29r6v2}82|KiVw zF!EmK^`}1z>#MpGWN@-;>>9#bb@x^Z{U6-&hx?xE?H!Ee3{Bt-T5drgQW(LBmib2n zNM8n?SGzRsCgBg1?qD{mT6N~kd&0d%ggX34e*KnHK!0lBAe_o=UUEB}hGUKBde1did1odi{Edsh1j)VMNYtPRXgK@y&yt^&tK9F9v)1f2|NH&;% zqet?r92{Oe$T2Q~A=6%ZziZdB!o$0}$Ez#EZl$Fc^>lQ+T^2$hC@>+ku0p$&Y^sX! zXfA9=It1-4-eFdKD$ZJ*?(MY^6*YsP@+tsE;)T$>J^PT