From ad166f132355acc438a6b841677c914042a9058d Mon Sep 17 00:00:00 2001 From: "John \"Juce\" Bruce" Date: Wed, 8 Feb 2023 16:23:36 -0800 Subject: [PATCH] Source release 16.4.1 --- .gitallowed | 4 + CHANGELOG.md | 9 + README.md | 32 +- Widevine_CE_CDM_IntegrationGuide_16.4.0.pdf | Bin 459884 -> 0 bytes cdm/cdm.gyp | 7 - cdm/cdm_unittests.gyp | 7 - cdm/include/cdm_version.h | 2 +- cdm/test/cdm_test.cpp | 7 +- oemcrypto/odk/Android.bp | 88 ++ oemcrypto/odk/README | 10 + oemcrypto/odk/include/OEMCryptoCENCCommon.h | 173 +++ .../odk/include/core_message_deserialize.h | 69 + .../odk/include/core_message_serialize.h | 68 + .../include/core_message_serialize_proto.h | 62 + oemcrypto/odk/include/core_message_types.h | 112 ++ oemcrypto/odk/include/odk.h | 607 ++++++++ oemcrypto/odk/include/odk_attributes.h | 14 + oemcrypto/odk/include/odk_structs.h | 215 +++ oemcrypto/odk/include/odk_target.h | 13 + .../odk/src/core_message_deserialize.cpp | 142 ++ oemcrypto/odk/src/core_message_serialize.cpp | 125 ++ .../odk/src/core_message_serialize_proto.cpp | 183 +++ oemcrypto/odk/src/kdo.gypi | 18 + oemcrypto/odk/src/odk.c | 426 ++++++ oemcrypto/odk/src/odk.gyp | 24 + oemcrypto/odk/src/odk.gypi | 17 + oemcrypto/odk/src/odk_assert.h | 24 + oemcrypto/odk/src/odk_endian.h | 29 + oemcrypto/odk/src/odk_overflow.c | 36 + oemcrypto/odk/src/odk_overflow.h | 23 + oemcrypto/odk/src/odk_serialize.c | 217 +++ oemcrypto/odk/src/odk_serialize.h | 52 + oemcrypto/odk/src/odk_structs_priv.h | 109 ++ oemcrypto/odk/src/odk_timer.c | 503 +++++++ oemcrypto/odk/src/odk_util.c | 34 + oemcrypto/odk/src/odk_util.h | 28 + oemcrypto/odk/src/serialization_base.c | 236 ++++ oemcrypto/odk/src/serialization_base.h | 89 ++ oemcrypto/odk/test/fuzzing/Android.bp | 168 +++ oemcrypto/odk/test/fuzzing/README.md | 19 + .../602c63d2f3d13ca3206cdf204cde24e7d8f4266c | Bin 0 -> 20 bytes .../8cebdcc0161125a10e19c45f055051712873de25 | Bin 0 -> 20 bytes .../4e578d6c9628e832c099623b44f56d95aa37f94b | Bin 0 -> 272 bytes .../5b693511ef850e42c5ffded171794dbeb9460cc0 | Bin 0 -> 282200 bytes .../b6b865b095697164ad032c2f695ed828f5754749 | 1 + .../dba39b6cf6524e996397ddc1e08b928b5c92bb5d | Bin 0 -> 352 bytes .../dd1bc1827a331b7aed2a6fb6740da032123aa0a8 | Bin 0 -> 432 bytes .../53c26407b39c997143146a0dce8ff0ac11f565e1 | Bin 0 -> 88 bytes .../fab3c99d604bab7b7bf5c54c5bd995fc98d4d96f | Bin 0 -> 88 bytes .../91e10d030fbdd3374e57a2720f09488f2b03ce69 | Bin 0 -> 204 bytes .../12a72efb395e731ec4470b5f5b6768d6806e9131 | Bin 0 -> 76 bytes .../21de033b9baf2a0e82ae3b4185b22aa0acf69bbc | Bin 0 -> 48 bytes .../97bf96be666434bfa93dbfb36b81baeefed14170 | Bin 0 -> 76 bytes .../a7b0e7dca597331d7f051204096c9d01ba6d468e | Bin 0 -> 76 bytes .../38df40a320f60e955006aaa294b74d45a316e50f | Bin 0 -> 148 bytes .../9962997b5ea87005276319cbfff67884846485cf | Bin 0 -> 148 bytes .../c84663115c890873dd585987c1223193d29aef16 | Bin 0 -> 148 bytes .../test/fuzzing/corpus_generator/Android.bp | 27 + .../test/fuzzing/corpus_generator/README.md | 79 ++ .../corpus_generator/odk_corpus_generator.c | 158 +++ .../odk_corpus_generator_helper.c | 22 + .../odk_corpus_generator_helper.h | 18 + .../odk_fuzz_corpus_generator.gyp | 33 + oemcrypto/odk/test/fuzzing/odk_fuzz.gyp | 40 + .../odk/test/fuzzing/odk_fuzz_helper.cpp | 159 +++ oemcrypto/odk/test/fuzzing/odk_fuzz_helper.h | 205 +++ oemcrypto/odk/test/fuzzing/odk_fuzz_structs.h | 28 + .../test/fuzzing/odk_license_request_fuzz.cpp | 22 + .../fuzzing/odk_license_response_fuzz.cpp | 20 + ...odk_license_response_fuzz_with_mutator.cpp | 36 + .../fuzzing/odk_provisioning_request_fuzz.cpp | 22 + .../odk_provisioning_response_fuzz.cpp | 21 + ...rovisioning_response_fuzz_with_mutator.cpp | 38 + .../test/fuzzing/odk_renewal_request_fuzz.cpp | 22 + .../fuzzing/odk_renewal_response_fuzz.cpp | 20 + ...odk_renewal_response_fuzz_with_mutator.cpp | 36 + oemcrypto/odk/test/odk_core_message_test.cpp | 37 + oemcrypto/odk/test/odk_test.cpp | 741 ++++++++++ oemcrypto/odk/test/odk_test.gypi | 13 + oemcrypto/odk/test/odk_test_helper.cpp | 488 +++++++ oemcrypto/odk/test/odk_test_helper.h | 99 ++ oemcrypto/odk/test/odk_timer_test.cpp | 1239 +++++++++++++++++ third_party/gyp/common.py | 4 +- third_party/gyp/input.py | 6 +- third_party/gyp/xcode_emulation.py | 2 - third_party/jsmn/.travis.yml | 4 + 86 files changed, 7598 insertions(+), 43 deletions(-) delete mode 100644 Widevine_CE_CDM_IntegrationGuide_16.4.0.pdf create mode 100644 oemcrypto/odk/Android.bp create mode 100644 oemcrypto/odk/README create mode 100644 oemcrypto/odk/include/OEMCryptoCENCCommon.h create mode 100644 oemcrypto/odk/include/core_message_deserialize.h create mode 100644 oemcrypto/odk/include/core_message_serialize.h create mode 100644 oemcrypto/odk/include/core_message_serialize_proto.h create mode 100644 oemcrypto/odk/include/core_message_types.h create mode 100644 oemcrypto/odk/include/odk.h create mode 100644 oemcrypto/odk/include/odk_attributes.h create mode 100644 oemcrypto/odk/include/odk_structs.h create mode 100644 oemcrypto/odk/include/odk_target.h create mode 100644 oemcrypto/odk/src/core_message_deserialize.cpp create mode 100644 oemcrypto/odk/src/core_message_serialize.cpp create mode 100644 oemcrypto/odk/src/core_message_serialize_proto.cpp create mode 100644 oemcrypto/odk/src/kdo.gypi create mode 100644 oemcrypto/odk/src/odk.c create mode 100644 oemcrypto/odk/src/odk.gyp create mode 100644 oemcrypto/odk/src/odk.gypi create mode 100644 oemcrypto/odk/src/odk_assert.h create mode 100644 oemcrypto/odk/src/odk_endian.h create mode 100644 oemcrypto/odk/src/odk_overflow.c create mode 100644 oemcrypto/odk/src/odk_overflow.h create mode 100644 oemcrypto/odk/src/odk_serialize.c create mode 100644 oemcrypto/odk/src/odk_serialize.h create mode 100644 oemcrypto/odk/src/odk_structs_priv.h create mode 100644 oemcrypto/odk/src/odk_timer.c create mode 100644 oemcrypto/odk/src/odk_util.c create mode 100644 oemcrypto/odk/src/odk_util.h create mode 100644 oemcrypto/odk/src/serialization_base.c create mode 100644 oemcrypto/odk/src/serialization_base.h create mode 100644 oemcrypto/odk/test/fuzzing/Android.bp create mode 100644 oemcrypto/odk/test/fuzzing/README.md create mode 100644 oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/license_request_corpus/602c63d2f3d13ca3206cdf204cde24e7d8f4266c create mode 100644 oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/license_request_corpus/8cebdcc0161125a10e19c45f055051712873de25 create mode 100644 oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/license_response_corpus/4e578d6c9628e832c099623b44f56d95aa37f94b create mode 100644 oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/license_response_corpus/5b693511ef850e42c5ffded171794dbeb9460cc0 create mode 100644 oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/license_response_corpus/b6b865b095697164ad032c2f695ed828f5754749 create mode 100644 oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/license_response_corpus/dba39b6cf6524e996397ddc1e08b928b5c92bb5d create mode 100644 oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/license_response_corpus/dd1bc1827a331b7aed2a6fb6740da032123aa0a8 create mode 100644 oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/provisioning_request_corpus/53c26407b39c997143146a0dce8ff0ac11f565e1 create mode 100644 oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/provisioning_request_corpus/fab3c99d604bab7b7bf5c54c5bd995fc98d4d96f create mode 100644 oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/provisioning_response_corpus/91e10d030fbdd3374e57a2720f09488f2b03ce69 create mode 100644 oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/renewal_request_corpus/12a72efb395e731ec4470b5f5b6768d6806e9131 create mode 100644 oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/renewal_request_corpus/21de033b9baf2a0e82ae3b4185b22aa0acf69bbc create mode 100644 oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/renewal_request_corpus/97bf96be666434bfa93dbfb36b81baeefed14170 create mode 100644 oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/renewal_request_corpus/a7b0e7dca597331d7f051204096c9d01ba6d468e create mode 100644 oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/renewal_response_corpus/38df40a320f60e955006aaa294b74d45a316e50f create mode 100644 oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/renewal_response_corpus/9962997b5ea87005276319cbfff67884846485cf create mode 100644 oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/renewal_response_corpus/c84663115c890873dd585987c1223193d29aef16 create mode 100644 oemcrypto/odk/test/fuzzing/corpus_generator/Android.bp create mode 100644 oemcrypto/odk/test/fuzzing/corpus_generator/README.md create mode 100644 oemcrypto/odk/test/fuzzing/corpus_generator/odk_corpus_generator.c create mode 100644 oemcrypto/odk/test/fuzzing/corpus_generator/odk_corpus_generator_helper.c create mode 100644 oemcrypto/odk/test/fuzzing/corpus_generator/odk_corpus_generator_helper.h create mode 100644 oemcrypto/odk/test/fuzzing/corpus_generator/odk_fuzz_corpus_generator.gyp create mode 100644 oemcrypto/odk/test/fuzzing/odk_fuzz.gyp create mode 100644 oemcrypto/odk/test/fuzzing/odk_fuzz_helper.cpp create mode 100644 oemcrypto/odk/test/fuzzing/odk_fuzz_helper.h create mode 100644 oemcrypto/odk/test/fuzzing/odk_fuzz_structs.h create mode 100644 oemcrypto/odk/test/fuzzing/odk_license_request_fuzz.cpp create mode 100644 oemcrypto/odk/test/fuzzing/odk_license_response_fuzz.cpp create mode 100644 oemcrypto/odk/test/fuzzing/odk_license_response_fuzz_with_mutator.cpp create mode 100644 oemcrypto/odk/test/fuzzing/odk_provisioning_request_fuzz.cpp create mode 100644 oemcrypto/odk/test/fuzzing/odk_provisioning_response_fuzz.cpp create mode 100644 oemcrypto/odk/test/fuzzing/odk_provisioning_response_fuzz_with_mutator.cpp create mode 100644 oemcrypto/odk/test/fuzzing/odk_renewal_request_fuzz.cpp create mode 100644 oemcrypto/odk/test/fuzzing/odk_renewal_response_fuzz.cpp create mode 100644 oemcrypto/odk/test/fuzzing/odk_renewal_response_fuzz_with_mutator.cpp create mode 100644 oemcrypto/odk/test/odk_core_message_test.cpp create mode 100644 oemcrypto/odk/test/odk_test.cpp create mode 100644 oemcrypto/odk/test/odk_test.gypi create mode 100644 oemcrypto/odk/test/odk_test_helper.cpp create mode 100644 oemcrypto/odk/test/odk_test_helper.h create mode 100644 oemcrypto/odk/test/odk_timer_test.cpp create mode 100644 third_party/jsmn/.travis.yml diff --git a/.gitallowed b/.gitallowed index 5826462a..8323eaa7 100644 --- a/.gitallowed +++ b/.gitallowed @@ -1 +1,5 @@ key=AIzaSyB-5OLKTx2iU5mko18DfdwK5611JIjbUhE +Key = 000102030405060708090A0B0C0D0E0F10111213 +key: "\000\001\002\003\004\005\006\007\010\t\n\013\014\r\016\017" +key: "x\241\334\006F\021\227\007\351\003QM\212\000s_" + diff --git a/CHANGELOG.md b/CHANGELOG.md index 322ee51e..d77a361f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,15 @@ [TOC] +## 16.4.1 (2022-02-08) + +Bugfixes: + - Restores the `oemcrypto/opk/` directory that was erroneously removed from + prior CE CDM 16.x releases during repository cleanup. + - Fixes issues using GYP on recent Python 3 releases. + - Fixes an issue where `CdmTest.RequestPersistentLicenseWithWrongInitData` + would fail due to being unnecessarily strict about HTTP error codes. + ## 16.4.0 (2020-10-09) Features: diff --git a/README.md b/README.md index 0bd35992..bec9f41a 100644 --- a/README.md +++ b/README.md @@ -1,29 +1,29 @@ -# Widevine CE CDM 16.4.0 +# Widevine CE CDM 16.4.1 -Released 2020-10-09 +Released 2022-02-08 ## Getting started This project contains the sources for building a Widevine CDM module. Read the following to learn more about the contents of this project and how to use them: -[Widevine_CE_CDM_IntegrationGuide_16.4.0.pdf][integration-guide]\ -Documents the CDM API and describes how to integrate the CDM into -a system. +The [Widevine Developer Site][wv-devsite] documents the CDM API and describes +how to integrate the CDM into a system. -[CHANGELOG.md][changelog]\ -Lists the major changes for each release. +[CHANGELOG.md][changelog] lists the major changes for each release. -[integration-guide]: ./Widevine_CE_CDM_IntegrationGuide_16.4.0.pdf +[wv-devsite]: https://developers.google.com/widevine/drm/client/ce-cdm [changelog]: ./CHANGELOG.md -## Reference OEMCrypto Implementation +## Contains No OEMCrypto The CE CDM requires an implementation of OEMCrypto, our hardware abstraction -layer, in order to compile and run successfully. To facilitate testing and -development, a test-only software implementation of OEMCrypto is included in -the `oemcrypto/ref/` directory. The CE CDM links against this version of -OEMCrypto by default. **This implementation is *NOT* suitable for production use -and should *NOT* be released on devices.** It is included only so you can -compile and test the CE CDM on your platform before your own implementation of -OEMCrypto is ready. +layer, in order to compile and run successfully. If you are an OEMCrypto +implementer, you should have access to the +[OEMCrypto partner repository][oec-repo], which contains additional source code +and information about implementing OEMCrypto, including the Widevine-written +OEMCrypto implementation, the OEMCrypto Porting Kit. (OPK) If you are not an +OEMCrypto implementer, then you will need to get an OEMCrypto implementation +from your SoC manufacturer before you can use the CE CDM. + +[oec-repo]: https://widevine-partner.googlesource.com/oemcrypto/ diff --git a/Widevine_CE_CDM_IntegrationGuide_16.4.0.pdf b/Widevine_CE_CDM_IntegrationGuide_16.4.0.pdf deleted file mode 100644 index 159f574d5a3a35e16c6f2d19cf8377e10d2947b2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 459884 zcmaI6Q*bU!6lNXUwr$(CZQHhO+fGhwJ14enJ9%TA|C{-zYUXCUgPS3 zC6Tq7xtCi#5jz7j11nKA3lkF){ePLvM9gZeT53ch8Y05f0s=7R4rc!Yj_rR#N?6;u znY%Db*!@Q;W^U?eX3i*Q?qKO=Ma0U?#3mr%>h>R`J&af0n4YX7Sr>f&m*xsH^Z`yE zp%BubL*g3-5iDr7YjaC1bR+i6&B?z=A0?COGLMd)n%r$!YwC?`h-N)#m zfv*RPzO3J$uicIwA!a?X;kS9uf8Wyp!=gEj@%DEF`46<;pYP=~0l$B@cO!}}pSOuz zA;%U+a=A>S4VF|YTG`V7f&$a{3&Z>MLHb4x_C^=`j2-d$5MSP1-VU|phvgXuRLmPM zPv3ZH4{{G|d_K%SX-yF;2jm(5b$z|3Y(gW*q_#jn;eWelILVc9;Vp>DI$$Z$oFf(j z004K*$u>Nxes*4PtXeE-$NLKg-B6f zhv%N1Hw?NrR!ajOAJU%VvmZA`^7$LFzfzVvXa`m7y?^9j*Trp6onhDU$9w|gvRLMn zi#vv){K9kMUmy0pWMu7Gbv;J>vR2c6A@@}TG~ZChnov7h()guYnTVoItJrbL5A8UZ zqPtK~4HiiZ9$OyfsPr$U#JcnQ!uPh;5g0s!)^fBp85>7MXP2aDufW6k$y#Q#SkUG% z)0*b4r}VaG^t4LD{w!IDz0iTFs!z8S4i_7yj5Z3j_5}uPyS;)f;q7k*D9AW*z+nQ=_8TNplESS!rE{ zsBt%6yun6|ZrrfhS8IzbT@{wM?nWNZMiuWmsmPynI}nWGHALI5gWv zT%=(x*x?{wTGH#%r6iF*lQ1F6AtWxj2o&_zi;nyrXsItm)>Qhx=_o)(_+lAh4Ap{Aw9x z8#Fjhz%|6tJ2jy)|C1&$09?veDO8@0h}EL_ISyf;Yx}G-+ZKk8hNTYfSCvc@XkiWu zDD{t_ko96N3U~Fx9-YH!c99kl{8%Aip|#(LYFU40cVe~=acF(hiP2*i>YW{(Wdu0IZ7}q6OJG$wz}@uS zj73gDEf&I7#;;p3EHMN(MmK6(Pg0INI{(taQy(2Y=!r(7cpa+j!zWg+B$pDFUrx<4 zWu&Ju9>?|{ZcLo!JF0v{%aIm1E-~PXJOXGWJLbve9&2+C9gCWYp>%ZMM4>~r=d+7} zte3d-M%+0x<8II*@?2{HBXM*NrV)* zj#ck1R~=z}3=~grs+~5^kQ6ju@@ufhLWk8?Y-p6fq0CARhL4@v>Gep73zg62zJknY z5Xo~5w$%z1AQ&siB&kOjK(n~+HA8IfxHUjrO2ap|2shO!l|y+$M4RPgJGReyRk-0w zs&Z$pWFnu7sM_nmkd9R@PdC$hMjX@V}0Xz zY5XE-6>?peVn@x%5Jq0~tV?DpNP4Rtcu+Xoqoq+{#l*MSwBJ>I(m5uM#r{IIR@M$0 z9ch6HaTc$~p4G$9y-da&AL6vW*d2X<^=18~b)Q*#q+gn3?cq14K%%6!4vTVUfphkA z2em|b_s^@yNtcEV9J+U!?P~t=6Fz-6x$V=4$HSYi)S+#ci}5&T56nAj&0-(BbE@-} zv{}@gcWs{csCSFT!8eoi-N`?)(+C+C8cqa>&I>X7)vc6d59%W3-!kAxA&eKTO)IgQ zgwgbFuL4zl5z z0hG5pbEjU9K#}mz@js_}z3B9m_ohmK@iBm>A()|`7`D zns3Jt6N$O}=G)9GfLKZg&w0P#>ts zHPIxy?7*wN&2P}kn;t|3SrjG!Pde)rGrcb-9B-Pb!Pcg-hTB1-l&nmfyR>lkb8L)s z4nV-Gz?^t;Su;H3)?q9`D`uo(e0_C5%ieE8`tBx}&*$LnkrYELazn_D0|~_kRPt@9 zhd)~VP_LbF+aIiA5YK}f0Iw%rqQ8`82*{lmUX3zG#VGaPV!69nXj8?g?TA0$xXED z8tUK?@XtyZHprFtFx#UIa3T+|Vq*A>zR|+`OmBb6`KddK^*aOdKR7y}yq{K%#fZE_ zOd)Vk%{$zqoqHgkLz2xaWt@@xR#$DI6R5Rr*$AqLRL%9UnkSdAUXy%eo(^UfCwLS3 zhZ#Veo{*##g|HTXUOSr)@%+hLc;_{JcqrMnwockq{@C?G>Yhx)kDgqrPCVrbvIlj^ zwR^KJr>maXLfYBd#?aPslYSX=nMUD)hk0im3JFUSCwZ;dO|hd}&XZGzDA(swU-ZU1 z+$_g_J{aSb%|X(A1jVBuodD)kbgT|aE(`P7fwm4Rs#W3wT7zrsml zsca%~CM$z04Yo0aD(MK(i$q@pvm+5=-2)^DnkFz<387v$K{lTg6l zm}{?+@e*5si6j^P90rdglqf2)Qa$6%MVN*1#B4;B)%@VIva(@$f8aMO;P-nvQ!v2q z-&4cCpZD+csmFg6s(^+6VHW>O75>Hl~A_URqreKs@0&FWh4hDs1QBS+ zBB(&sLO!j{jchfT*M7~*uY$6K#M^DJR|o@gAi zWR)6~6Lcsi32Y9>J3b<$2`^SfJ`f*AR(<}uwW&TK~jGkE{OeW zlOj<4T72&^lGRXxYG632cq1_z5L6Y`N(?5_RUuIuaUU2vqxc^%k49qmApGi7RZK1u z!4Om?@thfJ7_zZ|AT=q8t4Opm;Ie&DB$ecfU_xss5UFM2C^pa~ zlYL=|up|p%o+Uel9wCVv-HBkiGUEw}oM~$Uw`hM*ePT#!fv{wcP`$EUVnl0TH*p=P z52@H9-5cABA!}wgNgWVyDcNEqYwSw?Vkm3I3*;}DsbVZ^M};pT=p`5`ahza-CdOjM z%AX>>S8zb&o)#gHf0Bla4mi4(ACXuRLP)<9BH^`VQk57FTulXq z7!L{rF+O;xY2lES!uVj47H%Hss?_+fQW-lF-79rm=%JLYG1w9hR{kXk%l10q8hMAws82l`9{{y(w^z4J*-&M^1Z*mlfxRAScX&S@BmO#5->;(z*$;7`lQ~ABZ)H;lvGjMx+}HCz&C5Q;PAxjXIC; z3n*gx#k!N1<(-h1XpPlx8XB=RNOy-X)t#W1{v0lC z_%@<5NczB6t`FmsZ5z=q-Ae6;Uvu>ltdaHsa}f0**9-Ze+KKtFR(1?lZ16UMa**yq z>n82R0PH*A>qUHc_2S(y?c#sH?+)BJ^+Ev(8xa78jRb&$!hP^{(jM&k_+H4@0YurG z>nG4olpEqsTr0MNaChdieFn$x~0n?3yPuMc# zp+XtrkiHaQL{G8+$Quzq%-i2zu<-+dvc%yZDZ*m_;)BqQyBFT;=r5F_5bF}9G2>FD z5#ds0G595GBjII>6VRnIR}_Go3(Xh4AX1}@anQJo(d82bPxzCC56c(bAUHCqf9lfq z!RZG5ofJ>}lLt@qlTu+nNHVz}I&sV(LU4pIsekO!@Bq5ZaU@l0Ke*C_ai}M+A5xL@ zhn6oE;OK;RxzEiHJWuRTSdiEUMK}oCgn1z9g?uTQ_X}zu^2ywb=Sv_EteG4zWsTb# z0bqS6U7A01FEe!dB>#rK)O?^=YB-#4IzJ$*+#l4H8VDa4O&IZf@VL=_C)gAI1nrFl zNO~b&Dn4kIRdU%!4iLu=?{|me1Pkud3Gycr{2V4<2$^0Xm zaB1iw_b8EqTAmac`u8M&{<{$8cOGYQTz{7u@a*##Q+IWyE z!yP0x=uBW^IZ!^=bL?-i6Vu{XC$kUCxKiG_aP3$nB7ddg2)7q})b>T&O zjq4~pTVsBH1hp&vR`kDs4g6!oxPVX`E*^$6CEo^dK^llnh956lx zjb=9>5UJaa!s*4$>?=Y>cDBLRc|flUCM@MI1yBBoVwzqIa0rE*9B~sUIj{l9KPxl# zAOoBG5Z01WBrWFhhkj~=a&%;GEW-LY@4y~3KD0hmZdjJZ%!toX5GN!?gbrIiKpfK1+KQAdH>2mmty!JHShZ?Z$KX0J;Ctr_jGh@*xgeV&O}%OEH)A0ldN}&Cb*q z4wwi~jQHRmM^IS9I(8EoeK@RrA-Ca#rq zI1gP|OZM=iIP0RABo|Wl#izeu`bjNRgnW`+SVHp@Gg2TYfL)?`r3{K++*tbJ1sKD^ z9=-1MtL8vQlaE9m)2YN{OL0qmOBqLJn*5t8O$trYNDg;Hu~^NHE^HP(_2b?H(M=xl zqmq4*pmQG!9EnlBLAfiBN{}I)Q{9%rPm=vq10QgS~|H1(2 zK&09b&`dUBRV*?%WD1z)u<~J+Ly|*-lXK@oer2%_?NK{s&0e`)(H+u$ssNH-BJ48S z^13DWrLUzgmWiAlT>|R)l!kQOQ%-bY?D82U1{DqJOe#p`D%i_AQ9r>LzdhHAy2a=V zT?6vOL0+?tgQB;TWPn0*d=@z342A<4qwH#9LB_HLOI&wY!z4;GSl;mN3E9!IFwGLD zlvZ!*O<3eY3dho>TeTJO@o3MON3)clINAmDhPHC~a+_}q? z{PgT(0vT9{?`rBvX@Q3ETNj=ijz1R6xp5GEHL7ON;Zj5$ENZJrR&#b%7_6e95T{K) z3ub&wA90}Yv%q|6?jE^kLZFTqTs`Jsx^wT98OdJLQkJqM;8VqXjGRi?Fl>T?L}*sz z$C9fi{>wp1`bAyw>yeM$S(Bb}ov3goi9+R;Ye7P+)=+93n)KOi#m&Y*296EF`+_Th z-2#l5uUGI|>_&B)_&EcaonJ@>#dlK$zSI|T?`pIC3qeyBj#favVHU)tE>Epz$)z^5 zkYwPY?%rLqW&c(d(k!4}Y}>=UQ7`5lm+9UdHQwz(;_bMc#El&9n&5GD*|V0AI22&z zbNQOuwX^ib?~LJ({UOGz}teP6SCclvVJ=VtpXWJ^rg^0l+~ zyc5>FTs8g>>`p2S7f`Wbtrl@Ju?H!t;0_0;v9R=^amdk+S!i8Bz1kE+m{{3qd~w<> z_%t8a2DYRXhlAku1Ecv?-7dEz$|>L_v$i@0sb{;m(O?zaS8+y;%yM(fF{b@eN%{R1 z@EedcxJ%K{!OLj?cM81;O>Wz$tG5(*;=?ji=__FeQFW^HeyQ4e4*;qlyA72J=&aA? zXk;Ddnd2I7X8prE=jP!ERs4B(?wr!1ow@ljU($7x-r~c7x*q7_5hyXT+SUQOFuF0`a4L zUW4SxVOIqMUcin6 zfuP@w4)u4KF5_;qD~`g%1Y2P(^?XCboh?;k!5W~5h0Gt8yg>B$lOW#wJ?(<-b0_~q zL5`U@eH43_wqvTH$T9XRdW zw0y&NxpjrH6Un#CSJ_+FZ?{h?&7az@*iS$9@%8lewBPA=t|V^w%eLkB{w$sG)(~j|kX%%Pib;D6H;L)r`WZ@UVzVQzv^(4grFJ+mxLQEu*zChoRquOxcj> zzQYu1Xq*BDG03NDdPW0V8W7Kah@!0Z*WEJ^(Bst>sO`g}X{^r|S?beWz-hH0BF_3O zfPorU5GRu>20dbq8jDi3LOwGI$cFY|^8g2g`6nOR5sO7=sQ6ncVIavc>m!&lMR>aY z6+pW#(_}^jjA$n7x-%rkUiA_%lCMD5P;m*Ro6#DPl?U4>wUYHIFY-~umUPW>Y+i9} zgGX-Plqhs;%H|WKCi0{LCPPT23rV>6D%3Wwm_N*IQw%h!MzB`^($c_6%=N1B1d4<9 z9-X^qWQp5$OMi-%^H%PWz!uO3)PGAi?N}}!ol?e+Jwgq>aCZr{T(VApP33W2#74*! z+B{C;+UN+Wo4TjhJm4Ev2n@GZM>s}pXlX|RGXiOLdy+qWI`~&g7YJ^UTQOnm=-nd1 zidd<_ZiI&jS|KeHdcLZO7w4saJME998l1PscLRHKI!or`w>41xU3N^CT6jLgGIw0* zv;FD21bHIr)+HMHICMnsqSqE+Sa6rYNnq$#B3P1(s8tAp^-=N}k)w(0)8wJCgY+=O zg-Ot;qr{4j)Il~yT7-S%k(!lB5oiw5DfP~v5!V&qmKB7=JMo+*jBmr%And%jB=Fk0 zY_*1gBkR6}uyKu0n=;X8K#=3b839&kI#IW|jwOY~344V2)gP0apb zsP^_+KDtnp#gLFp)?xXgb-8xE-qXUq#m0Z~02l!<0Q|b8rB=uTw(6r>Rg}83yvCK< zOtw7Rn{V-0@gv$#*^1y-%Q}-;eW4qoe!7CS@%$3LN5ogrvsXniwP7(sYoe$V?YbKJ zEO*87u~EHV#Q+;X{Y862Dg1nc?=i^}8TSJMwg|=XMvvq^Q415Tim}&dPCY>B0j8!1 zl^powIZeZ7QUE4uQ5_1g`Y`I@Eo+lhjLpP#46ri=cB{E%6?P>VvF_0 z876tXxt2)tEZlHHYMXD}3#mh1kgZT+hz}xEFGh^$?XfS7)@~CRw3GsS&m3 zC*|R}YhExh-gJFT00n}y0epg2YBMdW;FUe8pehlQG@?@BchFqx<@8ubT>bWLiU$ww;k1Noe59DE8#ZoY2xm{~ivH!e)al(6l9 zBWPPnKx54|6WqGOIJ=#SO3e!FPoT}ok+GmXw2*nkfVf3_|>!?M+U5i7A~$J zE+j6rOuIlFc+Sq92I5_!OJArt1F&lO`qanNF?rN^h-RJc~ zbPq%KOTxhYWx%8VkStj&Y28%9PxuFeyzG;?u;i0XR zjZ{Gn3%NVEKCxX9ZdjeP=R{q|Hepa2*&hmMmu5u_@d4_CB#;2S(;*@((EW&3QZ5-< zZyFOI$DID*W7xXD132N5JXAam$C$|^ef zg6`{M+Sr=qom|V=UgFO6x8+dU#Q7}rXo0@7C8AxFZnygc$lRDnP0S3%{nihReZpU! z>tbuo2LAJ&=e6{Ei*^>m7kB0-63F_*tml>}Qlln}>NscyGig`{@V_{m8ZtZJ+Uc!R z^c9!NiQtvtaKi7{xJ?$gky;=={_U(ubkV_fsKy{1A)K{pW;-|YZzzbSL79B66B>ta zryg+qKW4i8Img!e?dhi-`3qZ$OhI=>z@{O6qv1Mumcc4Z+P4Q0%fz&ClUD0-83a8JKXONJk6yc$ zIqkZ+eg;zm_nIz#n}_LN6vg)aGapZ7PNvzH9OB>!c$H532jze2n$~sMY?D`Td>K_D zZkW)CA8Ww3e0q{j=N>e>Iw<)sGj=pGN3!9u#aN+oHZ9z{Ks<6s96GxEE#{bPWf$}g zZOJ42+lkjSn%PWRdG*l|daA%eC}>$RS1HuYyjtMUsp|kw8Fm&g_gvqJMHYCMQ^ehrfX6su24Nq_*<^`^% zAm{q*KXLdoto&Z>2xMyPz5Hcge6`2q=g8i1m|l9(Wp!HQb=A;gb*l;vXy^42H`wD% z+{6F*dVwt{sE`EHiz`ksoH!&Li_A(2fdfi(8H6X;U0DZkcnABOTp%5>vltRCh z;6OPXAvA2e>->1eEV=)8+d`=g;07i=@yEi}CIZrwjOYaAnlO_XM0Rp>W#bitZ33&3 zftw6SNxMNjN&OCDQ6d4BmyHi?5=0^+%T@8s#+Ydjn#(N3O^-khMQPF@BD_~d&r^gV zabBfT#5!y*C|X)&P5aEqw({=8S0H+|xm9AQlMiA<=<4sM#$zBG0`a5~w-?b%5yhUl zZ49^8)3Bi83PwvJ<(<>^QJlT`BJB5?I=d(o==T0tI11*EROoCpK4`b;D^4*eS|PerQ?_J@ zsmZ~rq62s55eF8AGg*;(v0>T<;yGnbir$f-#7`kpMkgpmyG}+^A5FM|xl1~-3!))? zlT>fv^;>khja{Cz(yHWyVYG}?3}de?tQADIRQAp*$!XN$HO`-5Nq>53+dAH1NY=Fq zd~_$FMq3uCbg)H&2v=w;pxnVqN!Y=r?_-tW77;}MQbH)XgFNUONs8IB7Y`@ApseQZ zbZ04hZ43&r23`K?*J9>M!Am$Xn4^&gNjXFPPD;Ul_)-Or!3KS)+?ux2%mv*$tgR zTei%xz}fMf^%dq|FPVgo*fTvh2w{CF5z?cr6dDthiMZalLAN2UzC_pHV;Y1M50wnFl<57gKg3|HZ&;Z8uJ-vka68x zRwYbJtqbZF1?K;giKz~Q&YkWdkB(dT?VkQJ{C-dWm5|TIdAuaT7<^D@P2@s8vZxd> zbMea5IEt1{qs3Z{mfb_QEj@?C@vgaARc40#J(A7ZV2u=f>{~K6A#&=~Gq(-0{MqV} z?$w({nH3w2mru3OO=G4kWCc}z1xN#75`uHDnjFoG=49_MAG=MCKdVNA??7%fHJa{q zW{<$pNJ`eUm*~Ri;phabmumb4btyI+tl4hRn2&X=p^l`d7IhPOjvK}srbuVl8rXa6 zP!WEH;fbFGtH+|XgGDZXaFW`kT7g@{C$Cv?^9W`SUOWHXnU+AejAnY(!FA^zN#Gj% zYD%;<#z433k z)g)+-v90{~Q6W2DO%ewaTDHvGqIgEnvVfR9N7Gg%qiK|Dwp(mqv@xTelbXk@$)w#X zXVRv{HbrIDCWmE3{V(nxhHlBJ_C8(F8@&c4G#mi&WtPXAdzqVW+cfHN%7%I_kdGD96;LcaD%m?N*$=!>S_oN?alVWGWb@ zAVPvfkBx8O=C>KTR7ox_g&qjuI43+9Pk{Ahmib>(*%=mVDtH1i#iZX+iL1Xa{>|3g z`m>9k4gPMgwz0VdJ#D|aKZIhQOW0=k-h%(#58Kue>jG=M7WBy+&&M3;3jNbM*Zajs zFTm-xs>K5X=@UKtoJ`9A437%Dvu$s!jBO1a(H66oO|}-Z*=Cg*g<~lT5`Qqnq(B=I zdHrFp@FF%PNv-Gd{JKO4s5vK|Pgk4iI8B0Dqm)X>Lkc9|Jg$xx=Q>_SwgjV0-78TY z@1Z<+NbP7{Po0Zf8Y9UGEi#;1yc@mZ;(-**Y zwXWH5#7?K)DLi%F)SS#W_AKq*jb7MKK(-78*V$o&CK=BGaP1u2<7umhP)8}psPW#r8ER^5Z;RoEep>> z-~NP+cRWH%u(n`PI|v)a&JR8sP0ZX<5}>;|sbplqZ(`38j!~}d%F`jH&-S=@&AaB7ST7~-dDc06u&w;LIf7qQjDE>^ z{`0(z3Co>g{BABvn!1Dq;xH6vg0iIz-Rq6zvY5f-IbqyBYGD-@cN*JmuoR9FJJ!8a zRD^+=oKH8LDx6_K6=!yWd9H7YL`Na2;Gns=N?J~bJtZX*6PrX(%$G^@-;q2CV`MOw zmX6x!-l809-ygrFV{I&3owJ;eT|(fv`cs{TXDG_Dy}HyK3o^NzVjb`#J9$qIJ6Q*a z$!M-rM%&`N=vHVigfpE`-*=N>F`=JcSFqxA(U7;cHtw zw+$7)XWlr|gRtiNVqmC}Liy+qu1;@}D$R-&UjskFKu^A!m6nrJgM(jV<7TU1Su-84 z;#x^jeHWBbRxMI9ZOx*RbLD)UM@v$#(d<%);bfY&cLZ%Cu|vQFo@zy7P2SKdqy&#g z+#*EUfG6dnw0k8PuT2J7lJE%8dH_Yl1~EH5!UdFowhu z@U3bcA~N}8@-)%1>mE{feSp+;d+D)GyNllBnOPN;z@i5b9<{{(IfgU7sOIhH*W&tl zr75Q5nJtI)Fl4@2A*xU;H04W8RACyvo4C-vqT?Sc5>JOG+csjmh{xA17G{L~R8yDG zm}V(%mQe-ARwdC+uO`ZohscKVK{pqpAOS0y!)7~%St-+a0tllza0*T@n+&@UED<1H zB&XXG{GD*|JX#f5Z$$8>d{ioK8D@j++D4`ayR8J}4bEVUehoN{5B`a)rD!AUK-7|w z4U;WBx7+Eu(`Y_l*?Hw$V2w-kC&P&KCxZ1EEKOEMeUge07(rsOIC&)#jmm4FU5#hY8rWm018TKaJ~BCvn^N|W;sHe~9wrDq7y zd5M&=2@sm2YX?&))_|QwTvVcCH)%r`uF2qGRG0FPVi50~5u36UzZx0ouX9{}?^WYn z!@^T9xRqaUf9`{1jm2N_P`O|u?H8o^V9 zij4)o-GQud*cG&yJ=rt6L9$$rF^8>(A)xvBd_aY@?dwa?kEH8k9iQzyO$mrk9lv+z zv{QTevAtePY{H(U7VXw7!<1`Scj&s_srfKHmmCSB*1Wm z6Cyw~QDzQ1P&122JYB1fiyA`4j?Krd_0&bwJ!M$?j*E#4p2InZtL){I0%JR7;}s~A zmr}qq8^~Wm0)`X;Jxd}g`}%1%nTO~bcVw;t))i+7KKVY0IYFK*q?DbUq!VE_VG!dj z+0#(Ld#vH3_!ET86#Wy`N0ASzGYbgJNz{5^Jgl!IjjVRO5^QQW4`88&USA(;ajj^) zrBt9Sj`oV^gFlwY&zdo=?`$-6SfDE^YDViBHedK4Fb1OLVyd(_Ua&31={hNy_Tjvn zna&nv$mX*ikBg<0-&9`$pM5=v>c8)8zdXiIeLAQ2invkK^*lWt^&HBvZQt+3qW2(v z+6w>71H&c#WGP-`X0`62d)n-2!UCjSHZ(3pOUG}8U$NZ!s^9HdaJGO zMUC#D^7~|{&-RlUp0p%82?K!{0tF4&^8Q!If#fpYr+7~aJD=a;I=r;Cr8`;vT1nu4 zpA9)N!Jl}?q+r-c{CP-zy;dh2&qFBr0heg<`3OFHAlFY7sA(cpxHqgc+6tzx~_OA=q;KT&}2K*e&=uoWJPMbq=r1Y(Hzh z{5j`<=Qh&sY3LgV*!50({cMWi<8yr3Sbh8UT1@9}@XFWT@SaHQr*da38)_Os5)-JJ zKoX2~)sLfXi=%b%*g`L$?JXJSU64fQI`AK+HG}Djfc3NWCuwX?IsqM$sLeo=T9*Rt z_AW_I)ccFvH8dykL7Wd{|l|3fOB5X8WmhSDgu6HL-*mGP0`nXKx+ z#QHV5N{Y9h$mQGV@{s-dS%LZ(?e4kBYFt4Bo1;Y(+?|rel}H;a3O(g4Pdqfr*TdAz z&HDK)Y1jCX4jTSpddoL>r8A!Me^4HCNjU%x>J&nOoOv}-#F+)s8 z%V@+*a|kbuQmG0H`;>H)?V7!(*5hh>S~?gN;FrNGuv9JZSL-xBeyybL9GeOu%=2^u)dJWDm*Qr!mAa*qxg;?Q!Qeh|h|Z!=ncDEe*`o4ojH z)^-1w@S0^@8JtoCc=r3YeTjE)P09oPSkumKG(>>Vsd+J{$bsfEJNSuA*DjzMsa9<| z$ltGFUb0e>pV4pRiTk5|0R5bO>G*nmXuiD2!@lE*gA5xUTY|kd>KhJWCN7k~^lc_3YHIMBbJ2B`C4R-i^G+Nh`G9 zZarS(y#H}KotD4sF+`;23i!AhK^1VTn8Q_C=R2?2{9(w`UoyH~9>2oT^=P$l-Oi;a zd;6p$e5dw!8)^Bh!?`UtJxhbbZA+QJ)blwW{8M1QxCs;+ee6HlCaHVCzq z5RmSzg-X*J)6~+mR_3r4RZ;y>0kcfA9800h8qXxpGRqoGp-QWdJ^5UmtIkiL=85~& zL;ml^td9nGHY{N6r2f*?XX^pZF?Px@@bx=zc%5R-3LoS-FF@IUi-kwUXbg`Nh7Pu< z{}Rse4-~O42#=Y#k%Gq~0FuJM!~I|h)K(P&KC9W$XO7IRZe9`FcPwPd{x0JUzJ%bc}mXRK(xL(6h1$-c<;ZEtTN^&)e zCX_5jOh^L+xw*O|Ozg-=vVvuADy7ye*5@RrWCmS5-WA?BOn)I1Q;)u%OoiE`5iL4a zdybp}E7M4)GkP}M6wgH{4(?iKsHYk|8{MQ#5n|uAdM=KT{SE#|S&{=qmnwj!T-Pr* zk8r;mRbCy^HYa85?bSOJ{g735cVL1lST(LaKlzw?3Ht)g;pm>=HXNiH?jBJRve)$h zzv=elJg_-7Tkr>a6K7d`d=crq4!$4}POl-wZ=4GhJk&rDtaMV0JegUkRR$tFM~;}^ zxsf$57D5|Zi+(~ZmAXh1SXB%3Nx6Z9a57mcrzTNrih@|q>eJ6ZJRrNoKq|E7P;rA^?dBg+G;(rr$pu{UiS)C ziMy%P&N({;nHeZgIT#uqHA?-i`n(}0)FY`Jy4o5>D1MItg~!LmZ6wIQygtDC;&r3fV=J;Z&xFly6z7ikwOnQ5es@ zQgG15_`cHYZ4etSUN~lOeMBY_5(&i2p2gU{@~Yfb9<*?e9ulW)l$Ra)f^o*+Ov-(B zs;m>@Ec5SN?0j3=XopqAf^o#)OcJ3uYgib6%WZN0e{)Qac6$$;^T2NnIQ!(jXQDAE z|NQ&WPg9QpoSy&$Y`jZ-bMh`^b;DNDx1oi_9n9VNFoCkCm%D3G#7+XK?bNR#-Fmk5 zi@!PJn-*D`r&Bc2%jMa=7cjHxJlvW5?@*~4WNwqiY?P7CDPXP5;&ud)Wn~o+-@uYV z_)tg#f<{f7A|8<=LkL_^yLS^0(*^^J6F&)g$BO3G`VO?-Mz;HuMl+0keufH&KLD8LGY+G!e>7z_a%YH*g%s5_pEkG1%+VUN19S$7H|8q!|fR zaH!5JQexn)BAoN}1+P5DXCA{?ap*KVmz{xYFL~Pc|K@_@E_tsi4esz(Szex|cXJW- z?C&)NuIfJ*J|Nqz{bM6`{S9;y$Q3YLw5{y~AHQoLG#aq`g|Bs+R{mf-bnK_k9BLMN~?5}tDf z;%|KTRHYtUKH~I!^Y%1b5N7*5YV2=;=H`XcHh8r-Rb+X4&9%nI`qtSPN;~GK?3eB@ z8%o++Ei5wy;>7Q;iUMU2K+sC`nlc^99}(77ml4|s;G~z6Rg$V#xyE^}m94#>bK`!y z1V+;>WpHV{XH?!{mYEGy8BN(Wf)S-;8iHjDI|8A}XE#7i4Y$r*TAoZ*8UisZjS!(r zTCB^=eLGZzmGj-OwuzB(-!8m5CiuI^1DC^ zu4B&;#0xvGd&ldyJWK;dVuDpE?KYXODloG%f5^6|5QZPMiJ=4~mS}$1kGe7*=Qc5_ zD_bH5RPZdYZ_-#s>oXc##OOMtbZ9^Glr3Hr;H2{{skP6v728MNgg37z*)mdu%_=yi zNv}gjEy_h=a&_vU-&fdNW%xqUb^}_5a^Nl44?y?H2w&QkjQ)EUo~+WKg^0c8YHoh} zVNwfkwS%Zksu0{ew;SL2=sMaACIZzvYuZLxH1fmw8{_?Ush#z{uEXas&elt?D-l_v z#6g%$PB#3KV6`g^a}QW|#P{D_cJ;ig;ojUTXr?im$)Xj~VFGovz81-%a-_FkZ1iK?i(}37; zUY^Gglm4>k`P_v!SORx`4gpb#NHFdXPyc>gq)^}TIPG|I)wde7TO}|2b2n?oR))P@ z&3d#WHaQxVVOOh>=%T)1J>O~pf4FKd$_o6J0;`YD zc%)G+_Q@jy`*Zc!6OKu{n)w@MCz%3(oa)tvUCR~;VRjJ^oC~2@1+3Ab(>~ZVS-(l9 z20aOP2`3!O#Fvgi!xjl#BqTY21=L33P}U{BNt_c;&)=t;@Tm(&ef8jIi#%b9DoRrU zKfD{#rYs>kY0Pr0e+Cj?U^*Agpz}GI_ed|cx1jULhv~q#(Q-1+slgr+_K&(0P>Ndy zw>_iEdxo+@}=kd_KdYO^0SIui?pT?XlZ>qh?=k&y6aGd_jzz~RCDi|!gZei z9@>n7f3SvuVfGn0j2hKpJm`c*rMP=rojqG#(A^7iNysKn#ZDzpZArbHTHU-=$x4bN z_cM_&mjk=g>Ngv2!C|^VhD&9rJ~Mo=jIxoCM7v_G7*VRi(Y9RRUnCh4VTDd%gH|y~ zB<90RQT@eH6}TbI(MFciT3^R^IYguOjbrJdg66v=~#;dvJqT|bzF;&hspf$u)% z)HNKHjFNjE0(LuJrf#F4?XxGnxfdW(X9d@(jDyhablSkdK7HoLle448!QR*X6CY(I z%^rW44u;weZ`@`&{)=x5ucFly8rV36-w4lAr>^>!I_@n|*Hc)y&}j5Dx!Ji4FbhYE zA|;nIH}qI(QOJE8NoA}LCdDO_c@=n0Y0)@5WvH$9%{MH`6loSTInxj_b9A4T5ykSi zoX;mECcggB*-X0pelBW(ZJ)fI6J~<9Uz@l%{~YhY0S%5=DS_=SwOK2nm3z~< zRcBWhhLGl7eGOk@dty-7Jj#zNcT9ZtC^KFSkbj_&-tjskbJ_YmA1Tp0p zaAMt3S?qszIoRMoTF*gizBb>>U$hmv+}w{JfeGD1Eq8rGyAKGNMz~f+*Trp2)xJa1 z}tnl6j{C1@&J#n`6BPlKdm!m{z{<%|Z zmF!9u7eHevDma^1f@V39E#tbjoy^sJz<%3Q@GE`r++q6|e73#9Lm@Gur+itqQDkk~AeZj!Sb{hNEGYpBaWSsWK<08au}tUr`V;Jn`JQjBDnr+{Z-YK9!pjr4VMehy?N6T$1!?~=d-tj-}ajO9?XEK@me z;8^k7C$?aT?9#b%!bZ)Xb3ooXP;3zfy-7rAilRwx9xMrgO{-4bG)E6=O>@|c;&ryV zPIUs=lZ`WhtK54d;dDo2U zS}8GAd&%jxH-UiG<8uEQ`d4k17IKb5+zGsVI=QRmkNp^e;g-TsCT4xOAz?M9$Y7ko zU{2uhEx&({bZOIRZz~xNpF0(f?%&M2!@yMxgP1uHSbbfjpOgwnFCBBnv$Z-|v5c=P z6|@F=n80Xo6V3+)gG*!CvN@wx zOjwOL&?-z!d(i*w!KK58=5?Ij9;Zb?^Ag~~PO6l?p*%nWnwkFt9f`m|_p*STs0qUs zYlCF~0C<7B)|fd{c1@}d>F?Uxb#x+{*ePJIC}`EVBA(ba zRI`?iTfSk8-|5gGO@b3O+ii?8>lg)UI4+*#0S?+{aL!4I-SLBNzmk-@&r-L5h@11> zg_51P8?xlhS4$dq#JhGZU)HbxXZON9GJ#~A0*7tHb~bxl6rVcX*6_yTy5!ptyoppZcE!}gRxCt;v3niTyjs<{t;+ickOqh}jGDvuZ4@1)tB6UU$b zXiKsQ)mdu91n*k<$z_HBqxSTP$$vFwaWN=<#La1;DKI|PDDbz1P{bvfS5i_#*3KT= zk-;fh)oS*Y+>5*4Np4@7K7ECv&QeGT)3eIfVo@6;>_-sDe>O*ugO(QG@%6W!nmo5j zL3%zE9hF1QQt^_?l^G)iwv(ovb|N_&^<>&3ZS;AYV&Gg8Yg!4@4A2dBdfv)aCPqKV zm87{aA{Uot{FqzU@sX*JJjS3twU%Nx7zlL$kSj}uvg})R8=n|#v9px?n;qf2T~Tnp zU$KA4WG>tmO9$gkOV`yi9H2kenId+sMw?&*a+B^_Eg5qA@7xqgd>Us~LPBanz&0S2 zRR;RewiHVYb?mCynGn~u+ zX3V~g#b)gmfV+qzu{03Kh}17@&TmHR>d*nNov(JQC+cW6uooJb-FkTWJ6V$L696Hd zcV>T9$Md|ndA;1p!zB4@#zv$zW%jl1)HD9T zes>!V_*sE)TWeGw-1^>sE1r)_x%)z!$T-wEzwf+l%se;VT2N8{kaj-8)rY&>r}pcC z*rc+24iB2rp$AnBhS86g(`(E@RtLi?)Gc-r1&yEmwK!d4wiUY}^9^F*YTeJ--``$u zJ)e62Ca9pOSBbST9heRbDe!1WXsXipH!Ld9Ymz#kfSdG(E{B=(GKM z(VReJEmRlanXrP0PACFdxg z(M>=<3#>y%%=nPz znww!@5iHkkDp3x^r_9Bglunbu=IptaK5lhkmmy-Ugu@q}I&vp5e!wM}4tV(7_6Iwr zxRwJ;gq>Ds9F4|wt4J97-Pd^jtD0S;-E!`|ZJY4QZ*`et<<`Ecl6-S-fif>|0lp#w zRsEP7Bfo{XU$6__I<)q>AywfVyUPc%5pKWmt2eLddW%6Ol{|S`+wniPX9(|~!wD2N z#m7m}-aU3v{z88YAeL2e<_uecm%U|cp_mJpxt%^zm3eVapEd_BB4^JWCbv=AwtGiT zQnq``^2e?brTOPsbcjAANzzBWP8b%V4E2)ysMZW4QB(hQgMWO%+|$CsI-4D-AzVf0 z3i|YDhj4;;m4W(rNTeyq2j!RyvsKeAPT6v!>RegsT>-PAtyoKAS=v=6=i3h-|E(T< z3Ev+1;fV1{IIsiU3yYNha`W($yee(={O0%Ab}`QXgZQl`P2&3V@{Rg^`-%A8caL~4 zkmOYN!`RwsnAf+wOJh`(!&URR6F%Y>;>XIr1^uJ^^Y+~V?0fM^^qU0YN9Br@-@Lnz zeeTZ*@#WgZnDT%2R${mtR0%Ro*T=hi@1Cz4@eB zR?s(~TN9^Gro^vWimifN`@7JlLuS2Ed)+aiv81lCB(1STV|_tneL-$LvCamXR+~AQ zjyh7re9@A-X=c3lX>NjBNx~)n@JCxT9sCYK(->FNMCHgOhWU?Ta{W)Ntb`#H>t=|R z7GEi0#czIg^vW`@%szZnEAn@x!>kfTfd!kY&6hXqHq3fyKuK+<$7Oo| z@W#*)u%rI5|Im?dYef|w;3yH2MxyCZ_{P7p(+UmVF3jo&$od6n(|~9DQgL8IDCEXv zN1p87m3RkXnSN&m-5<#g(-C~eDoy&v{MvC1VzXm6NM(n9`D+LJ`k4S)6=4k*#zp56 z%Fc<*x8}rgXZUuELP)?au=LZW54=s5bTk!(Rs~db{1dS7=rYJf>zp$qZRq7 zA=P-F&nf2FU^Majivp7jafOxqE8<=RKAl4Bdmd#mj*JK#lmYsCmGDuhwat&P`|8g% zrb?2(OXo%OvwjbYr_{};qPBNve!%i!&4Sa))aJvc z>}Y-LJol5zYOm6qZ75vEKSaOg0`9=LC^#Gy88_4dt*6m7hzDsr9AK(U43-3ZBsA0H zznc+?7Ln*gN&aLU;45dM;zuAzP5@JHqNs{`6(=`mHzzmawYcYjOaG1h1mv{25h`qQ zQAEJMN!2I1mx$1$U!C0rqcJ3)zpZbH%&AF>gX#L;q~o8*#u z`5p4!j71+!cQ6uoqjIKskZklHuCEQuXg+*{dViNE{O_({X8B*P`2Tc-m{_@(IsYFz zLLAIYEdR|j+g`BVD$C2a8>f6uW)$WG85!|{6xe@B0)oNP{h>q>r9c9hf+Z*f$$*80 zX;E?`c#~Ha=ECFD$ONw`TdkVaax?^>)dFBZT1PQe<|0Q5g{d3fTWI*1PiuY5prrCA zUXCw%`n+CdzVlpGcD!<0R`tBDebPaZfE1B9{c+7q%@i!#+kpJB;(6TuMJM)0^5E8o z0)Y2s0eX76v-|`65JX0}uk!~k);cV=GF2lV#%pF%3-24peH&kEazG0lYv01QPZyr{ z{s{ffx%?&1rP`@9JLkS+ZNQ?}721v64ntFU`QGXf{!hxfa!-i@y@%<+PfZP9?c63* z+Hg)lqi|y%`!18KtTSswJ0UM4KvOInH5xi!?w`Mk6u-&6zXOk#W1g;r3-G%R9tK>T zp8jSUhK>0_?L`c|dtInk>!H45Zb8I<;A-jjRhITTTVAEP|G=#L06~3lc0jtvzixXY zI3^CNyCQClYLJB{fTtQ_;RoS>!tyOdYtmyP*$)tW7tMh*k6j;?!|ny#K!8EX8TiX2 z!l0Zj(>F&|`+|DHn=%sN^q2d>i!&12E-=ENiGoj!bCCLiW7HGbg3}hl+l)tqT8MUq z{#&_m4+LO=GF_xGf`t-|3ga2!!HMBTxG6AD3F%Ti&JK2knEDR0A zq=OA5B*9Hwn8ydcauo~17~ve4GlDE2EgA;DGmQH?4<|69I3$N=FiL+>nh0SWSYXBc zi%$*b3jYB&CX)C<8y&TQ$Bm zNe^zu><<5B5c$q@WSNfW5e|;?PNaVwEKDT|Sg6N}L@Kl5gpXW~QUqCC>Kk$%j$#Cr zM*0f(3&S<&^aPgPhbT55lpSWK`t<|R#F`D?gmg-z=ik8ydG45Al^f{;8m9P8-RcT0kKvJ$O5Ij;3bxs~mC=3r!6Ywul4AOv=N%#fX z5L=h;X87=q)?JVf7;%7LIBZ{NSYl6o+-~_!$sOyS z$sO!|b*}QCD$kJd1@0a0FvmXhE89U*xLyCRe>o!Fh_%xF#k=Hp?oYKL^L#lU`0rms z=KGezJ$Kr}uEXkvguF$r{Z4m)g}xxy;ZsAx1K7LlcbKcNUBhc&cY=GOZvR)WwYqO) zy`?)OyngmDHg9O(xNK5;$uCemu}@OGpdrb=>V3k!@ONe+#Cvpjo;}lHbvAGK?{b2m z)qT}r4pwheJrUkmcQpC_%M0XJ)B`1V*d0+`=&=MRn0s<}TzR72Aa}5DILZWHO!^>rbP?kIMC!}t~TjFokp{6^`VMNwXq?vMtK?!?|`|QxuebC`P;%@@_ z{;+@jEp92u9(jg%8~PMkK%5uo#~(I4uV1YC3ymB32bN#$Wk_J3F#IP_0ZBlF7btJ2 z>;m=<{1f#)F;suB52+dSZ=7-CBT_nsTfm_4dt zJH)}Bb+p3)D+=RKS}&B=5#KXK`h~E1@ou1xURgV4Xa;G{1%YJKSRV%&l|v#A8YOgRmYxI-w3w0 z*a)~ZAzYwzNPT(9r~W~D$6qj^8cma{PsWDblmxHs6vh)FxFX_i-lVuOee`!64WJ`1 z=`IeW3x+sxDNW^)&y<9CzvaC_6CciU2x;B>vlViA<@>C6yS7fgSc-v({tol^q12sH zq0{%k1$Fe)b2MfekBym>jmxr~hiS)>g;q&ivo1+A;8Y`2FmzT|;~0iQ9lXQD&Ea0s z^R`x8+yzlwbuOfOaK|>VmZm17%1wr$RcE8Dgkx)Ab32i$HiFT?By{rB6`TiVtJam- z&J5_B2X+g+)}Ty$cFuxcvy16KP8j6b{w>=Dyq2iK@hvdq@*>km6`ZP0Zsp%;PwPig zmV7w|Qfg9kS(nwege56a(sY&GV0H*HQXiXmxxcCm(5W+UuP{caC^W1DN7jvj!oG@2 zCLO6tIr|9e+M@#}w%0I#N@)&&14D%#5>(^zT1Cba8wUsY^!Wg*n-HVz7o)pSLyeK6TEOFkLCQCmj+H#2-Wu2uM8@>P4oRn~>1j?FSO0Yb)NbMK^Thg&yL?G_Z?d z`#2Oaz0BAb%MD|y7~?_Who9y0$BlW?xR*AOA%x|H=yvo)AyWXA9fmN9c6jw?cYK2j zd@_1zVVVLzDqad(X^0X(i7{NuG|%-Za;eG4O!pI?{xlNOf!YMB))N zyyw-jX{}($XM?Ogv(gA(4P?_Z1N0P#OyP!dTr(4rQq&~b%C|w$j+!(Ui!D)`g$5-% zC~S16tQ0`T-zV5Jer$b8j;rGJplo~1E{=vzA_77&7@i#@v%f}S-GPojKf#zdQ(+vg zoIB|CO46Hs>fbhbjAWb5pn1}im~d?P*QDgvJgcHSp!y0gr==ccQFuzxQk7`HR9sT_ znTl&2qv=521V)l;g8ZqVOhh7=%lWFm>h>R7iMKAYWBx}NR=D``E$$oJGiW|RZg|ZF z1&UfC%f|R>|~k=KGsRY0`DV?CK*Hmg7|rT^z2o3xKkf<4%Mv--UR>rxdNrxeGH^O_TJD6i-ZLJgT) zozaWmL(lfqP5jAp)sjO#;Pn`5>dQX&x_ROgzeE1YM*laRm0{ zD^@CeI_~t?6ac$$>KB$XdRYQ8c~~+@L%*igc^@%yPKgdHmn=0!TmLQ+odGt=m<5?Ttlz>vm{=h%RLr+Gw!htpAd zZLKj)+=vGByoH(;xJWH;5^^DVUT)9P#U&7iwG#deh_In=67I+O3D7kgX`VYF`r&!{ z^SXzA2J^l>(cWfnt2#|WayvdU#rHe5kHfIYCX zOtu$6;W92~;K%_cT2QlRqITSagsA2xi(pKA#DR+#`fUTpahQjwTdN4&WeN*}QIxCG zGL+sL_5O^jdpk>&hKm_>Xwb5U%Na$j(cGY$&et*+90gJ=2y0E~MU#-PNdXlpd2E$7%prVYo<6-VGlUL`UEa@FR z&j}6Mw5P~YL%zfLy$J%$auWsVO5*{#n9;0 z?j0T~;O?fg*LQ$@lKlir3tFM3Ov@%IryMn$P!pO1F*-+r>g<@I1F{gP3+`9sQI+A4 zIh&QC_Mpdd$b^}ZHAQDOW1|p5B8J6m1x<@gDK&!00~xwNLKUWE0Ti%QfH%L#Sd7IB zQ9CkcwPwv}#c9cD{yIn$I3U_zO3Tt<%ARC{N;)siwO#NDjVTvq7MP;Ns-fA@cqwXX zI;O2bL;5Y2BQ0vpIM41S-zu>rOdHx{;~LlXn)=-Ivh%t~H{Z7FcLYXFzV&XJrCocfxA~@2)1S1ao_DW!y#WfLo=mdxkO*i84Nc>{I~THq3SOO;j{9`u0%Bqd`1>1p8z zqmY=u1{J1DbRm`@ZRfjl&O=(BIZ$pI+NLb=5<6uC)H27y#$Qb$vvkQVoqW&$kAcG% zuX^u?$*!&9Gw|=%Xr0+;?A$GE{TP$m?~zr?^4mjf`F3P;E_l6%-_lZl$YN z$e@)wS@<||TDb6hqn6DYG@dv~q|B4Z@awAuxTaIHvoQ{_P|O?NY7qLCNzT8xi}WeU zg9NTka16gJsVBrHjwb+QWirtBVi*Szw2`!N#u4Q7W|F-6?7Wo#f=ACDRRNvovIjn{ zgX6F!1-Cuf!ZvHCoq5fODOCKN?N=0T(Ilx&AjHGv^(-O_q;lE%g>!i{(Jf9-C2E2$ zW4usp82TnT6A$a6HFi^(gH{o_E7-#}_}yotfBWp_hQD6u-WUZA-@u1!x?()Y*r++3 z202bM7^X{kK#co3`f*SxYwtSDWpkOoZlqX5FvX9ZV+t^yjF;p@qelBtcRZOkkaJM3 zBj_XP<1mUf%x&;*SS|RxqNjhy6=1ZS&9!n*6k^{h;d7Oea>s=j5x`jEUj9K77rS(jQx}1 zZj9}hvR`Y-(42_Xfap}oUsSUiK}=yZC?+LSPi^d~G|l@z z=Lne7gMVsKSp}V~D7$I1!r4&pvEUH*opv;MPobw&q9d;g)H#B`UC&jZSw`*@F)XBAT0ikhr8t%t zMVPjR2cMqav3+Xg8oLDUVUlN2NqY)GQiz?Vf%P2?$R+(w!wXmPgqD@f5L%K6BxWw+ zawmwa2FF`Xu;C>SAqC3K=_2)YGa97_ z-d=%Gm$kyWcEFZAIj`<_bgZrGbDA4uYgz{W#B*B=OQHSSWrXucM_Q>Urs;r@DK;^8 zv~qM{mLM9nL-|sRyDYyfjsjPAq|LRH7)QO+=+HaSa40vnxSk6wz>7$F65->r^@q87fUtgb9rwC=Xvf5^p>2b!e$2kRR>faAfGtJS zG&S@=-jsyEhiC82xkcYAY8nE=&#yRRhod#g%_lq}0aQ zcFMggoUBXub_v%_K8rN{0ARF~G!ey$}!};+ittV~a#qL**2l(t2{;lJICJ zi0e$k^!Od)n?Kh_(OpMaZWlQo3p4_`BW@o)ICk#G51C$Mg?|Ll?X{d}BvIlI+^0Z) z`tJnf0B0`h=acZ_`n}rvx}y34w|!#O|75v!SDPhyd$Z@1$5 zK>&;0xJSv=74-{!<#sM~vM58J5nwYD#t6_N!1Hn%q*C$omF+z66Z(E*uVjHsAFhvF z=uc^H=Qla@hJQIxP;fF4)B+FzYx=NIvQS`^8ir5d(pVwr8LicH1yRsV*J2vv$m{OX zOQpVy7o`#|61vF}F*!`(Zy-b**@FR_1>G73pTgQWF~~XfiD*-j9C?YUfN45eZ^EYT%d9gwc?qv<#uCwrS4aHy=tJV$D539GVs1+n5{tz0}pH^ z#l)!RLEYyJ65&X<=6zlQsp>Z!)(vhlLLV6>D&fOn9C_j!)9GT*?9|ogj^d=*tO0w~#c9*tCr&6n;-AND4-F9B0Fg zAw1M@$lo_;H;Sj*PpV-9Y>qtjSoqJmeJ8|S{s0-v(J94qj4IQf>tW--7E8$!1GOG5 zlCDvQl;p_BC^`Ipn8Z$%k-WvBHX+xD^j$D3r7iA4zzElkoVTh-vmB z=hI!&T4I@)0Ga#)!0|mT8SZh2f@Yiph1#vqYYB*jIUTLYXOeV>04L5o;$``DF0Xj; zvzLDtT3`U!rq_E2fV-8HuCQn5dE8jwKUu0@AB?&)CR$qsL7K*+&?olVm$XJ{m|HsJ zTz)xWzB0G#R7bW?eCG%|Fq_i9bkplZ)USug?F!uNWSyV+#RK>jD0=$&k$O;i-(E*m zjFs>t?0sIe17$HpSkax;5BHvBIJhDnnHRYgcc&Ld-5T@5E;xU&<{@E)H8xNRKC$Sr=yw?SEwCmwRRA{jMoBXF~Fcdt&mh5lBZt;A+T1@(OQ<#vje6ojKp%2okF8EZjNh-DEBzWMg zIbK#M<5M@(k6a#yjE_cYliocU#gTV);JRZFYd7Gy3qSLEt#LzVKRU}mfG>bJ2>_UC zm>Fe6mY_|RHqPHq!ibMS)+ZZhM2*B9LjYLn(Twg5-^OY#YNobv3D)kGLP2rcyH@$@ zpDS7*S9)7h>uAau42V*0s4$w2oiI3}|3&}tyPt9yX2A6B!$o852Ar+Ac zY-j=*z!#yF4m^zaFR*nTAIh@np1{#ckoTT6J5ESk5X=hx`~=^x(yho_I=O#M?HJ4} zS64-AHWm7^Ya)g`9JWF|Lu>C|92{wnTzwk5stbE z+g8DhNFlcmXignH8qs~)LcykO;0*5~*ZlqzhwO^R;p?!wy-db!bN+*AEatp3qGcyr z7RN-MZAljM1NqI(oC+MYNS@s^(+6P1D8GyDFpSMLj;61fdGK)gWUDKI3K8pOX6WmA z{#1-XV)ST6sGZYZ(U+|_d9j?}N-QC8R$0e$zREM?cwCDIQ>{J6Ja#%x?s$FE@M8wW zgT+$Eq?65*qFV6yh^aaFS(WF0RbX4aDKJbdBOX*W6>vW-XH$0TQO8E)h9d+lM3*FwkA{={zv2A+%XDOF!e5DY@^pXUSM@;TM3|%Z&U#pw02Wv%M@#%>Pfemx+sm z@xRl(S3MryXkt48-xU|uon@!J=FAxxvNyz#6M|4+3p)GZg6+^a(2hmIfkf^=N(qag z>fkCmcOYWwB7sPPYP>5>KHccNYHCVLDIqS%N)uBrzxakqW^XRveDYRr<92UbwjaAH zJF6H(%-Ts zeJ0oA_)}~w^E%J?ozG^moAyLL<5TQx7%-I=Fq_xm__vTkswoF3oe67kpDU>@J9T&M zM@x1VEZ=BxtLlUjc3;F_Q|`)RvD;D(vBS>U(36h+7KUic>k%8N{`v*x_%&3J=4dDM zeCan*xzYhOPrO?HfX7&Uhtr8L*6j3PS42Xw&V|SZE761rb4~zgY`w@Hr!X{d-9I^G zfox{70iaM55KA&rntURhf%GddbQMw5bfjr+t^RCYc(r<>4d><{_<3MgQA*ClK7Sbr zj&>xzJ@Lmt$~TtR{;0E6CZOIUg?M1!VInXj7Gh8)Fri^a6B2Qv;B@f)BkFLHZ>aV7 zkaSR`VV!aDsYND2MtiIl_;Zxe+1QL$o*;TmvE!zgEg8Zctvx-NjA#3N{` zFy&!RXR)i$SA{bK)9`;>>l)}mc*-1n1LeWX94rk|RX(JVUAgF0&?{njXl^);3h{Hu z&cxvy;ycmvssoS;DFPUL1H?NC!h!?iqXIz?F(c8N8x{;GvULH(Jqdo;0MYP1BbWmi zoLF^`)^I}j?f_Lgl?R&m5aTctBc4Nb>|s8F18=lwHc%0xIbXDRcKP85Bg8!lR@x^n zYrp%jj7v5cDiUr1{~MibXheA0z&}xD=WH1G@Wnml;d4gnH~6VJ2MSh-zEDj@YzKB( zp>DiV61{@M6h?Rl1X+n}Se8VId}uQg_94Kq2P4lLx(;|6=}Z_c66TpZn@&VK(g|5# zu-II%J3K3?Ue%!sBjUYhJBj3BD z{*4O|HWE&Y^aDd{2z@}K5!sHTg|ylaAKrH6PP-NCjth_>2;AH^8*Zt`yGOwHgQQK& z8_20gxu@5NapySDH^8qJ(m`z7%YnD2J>av)J?P=yfwV^E7{m{M8M;l(8@zSd0&^qz z9omIN=xg&ft(kHAI?DJ3&b!eKP)gnKb)2idT)xa zAFw^~vah-p^onyO=8gYMz8fTP`3mugeBZaHIm}@waG-sMcd&Wq{a4o=QcutuQ%|-R z^mZT*X?GQQ*Z-BcJK7ycPmC9;j@b8~uAnzu9jPyfpZF)*j$|*m-~2s`JL)}BcgU-{ zJMO)cJLMaNcfp~dJLbKNJK{awh1Cp^FKCj!4XFH9cM zH$J}@FNB{EFG3#iH|YKB9Uq?XC*>#G8+W!p1Crm|JsF<(CvvYSFStJOH<(0X-N5V} z+X2HJ{DI{wMg!`1Xu6;`dg2}afuHlcU)iF<8TVIk?V`e`c-had)$^av82KN))$`p; z?k_LhvLBIux8_{l1)Ouf5&vZmIk>;tYZv3rxxdo?Z^^er*^mDDBg6M9_g7t~{7+Tw zBI3XD@&A>u=$83C6XtyT6)fhx{nX3*9SU%N{ix>nDzBbXy8Qo=pQ6Q|e-`$=#>xNu z=LHFrsW;+4g2H#CL<7WDi+)>PZg^O}T&aW!FZ87x=4pf>eatpaZKFyVjnl}(e;t*1 zPO`*Rq==~#n;5B(r2iS^6#1R&=Ky~y_> zM)}>q5wnA-13qszw%ZLx`wlZV-SIqtR-`Las*;!%!2Osx*-_x>sjD9l3_)S@3-n=CtFvJWwnV*p`Do7jF6aJ32%4lF6eGiA;myyEHkUL3yI`VZ4Z(X=Oi|Y>Pi}(q-MRPp9hy2ay z2Kj=w8*@9RKhrnhM+U%LkxVKXKBtS|LG_dD&e;laoGnl|6th|)60;Mmbq8x%?b7%V zT7t@B`5t)pN{Bd8_MTKVA@7L#4ET)bmg^nS3-mRc*K-Eyb)nA*bM8#ok-8mh>x($m zek6UT{=)qVKy3%q@~lqr^|v_UZ)tC-cc;uAN4?d4Liv*94JS~eLO>UVNQ8`qoQ514 zrEsd+p!B8wPEN)C-qKuqO9LY_qtHUV9`AxUDz;8Q>656sLt8Lnu$mMg6+<|n%I;UX zOM;pha#c^nQI-i!xIaQ+j@gn_i{DLvKjQyOhfF8pG-$AC(0AW_H6C{`^Zfs1YYZkrK@}^s)}f*vM3_@utqw7>|aO z(xG<4r*|V}XM(_ha)P4`=pIsYg2EZ`H~0qb4rR>nnBDOSRNXujZ|sHzolocu`IiA? zP2u60xJrh8qJ+|{er)cT?vbM-Ic62Y$WTDgvT1(A^qK*6mf#UjJ60I|aOTAutQBb41CiWR zLKVlqM5G>WH;6z2B8hH9_^s7UCNRJ;NN`l{TP_txW_I6q+9#<-7Nt0-_-BqKJ#J^6 zC^?-WLFU;ovxHtqN?kE6xj<#LK!Ow9ryTt(s+od=!cJN*DI2!Vcs)-F^DoPKG|GGc zdF7mRU!byMe6zLmaXum z&G5h7h^B{}7ZEaZJY0fQ_XcsLdmr!`3Umt|C?`9Cr0%GeV?4ij9t1Wj3H=TuD&2k3*fMVu9KulF{rlkP)L5jMU{A%8j(qpgP0%)ZUcXt5(Imx2 z(8mjGttNpfhwl^RKz|V>1pvZG8YG8|Qv!b6`#QD9{6v8l7VK{T% z_ot%7(aPKj#kw7)GO{xmQhcb!4lX>DXM8vTmC^Uo-@>Q;shohYbZqs)0d4H+u><&2vq&MOX-~OT0oBa0%Q}NR6GXD`bjja6;*+-P@>%2VD=gf zj>1NzN`TwIpo)Rpza>9q5}VV*%6fYo8Wa+YB;mb~zNYvm`OLHi>3Y>F;#@Po?>kei z!LO>gkAgSq31TI<&27E!Jr#jgX9eq5nRuCeuZb`%M@MeY5XR68g2j`L*P0i7M9Sue zf`-HQB2b%WzMEP)xq6)*@;~J}$H6xRQn<^@1_XeNlNFBo>Ry$d5Xnj`!r|uG^b@Mq z#PsVQ#!Ki+)k?p`LeTY`(e-^bt_=omr>84%Je;2kH7pmo;_2H}*F&3O0mg36sbGuZ z7H*`PJYFK>E>yL+&eH9&5Fbo_>Wjv0D;Z?huJy#&^3n&=#TouZV^3F%DtwpJ#^4qz zZZPaZHeT{*x(uWd{wD**8p!J01<|W9n4L=|ZQ*X!A<-4~GcWc0kmd3b-=tZ1yr0rEvSr@uXM`w_09J}Ta z7SUTif+bH!uQ_z00E!`Kcd1CwB;))Bv!gH#e&{5KZGOt|g|;QBSL4qV>Z-?|^}irQ~@pOhD}d@U&=rAv14_HtD%4)!pYDUwI} zsps)G_ruN^B*~+73buO56)wY48V_^N)5gMmyz{>&#|{85Sb&w_WmTZwz4a_=WD|T>Toa6<4n;&!O-ZJylof(tdgLqN5hFZKUP4w$U3p5JK zq$;C~M(J&fZIT{Btl_out*3AMJdEbF>$GnS0zr~0aH)&QXwyTm|IAdQL(OWn#HuR|i$%s%*W~ud700eG&z|$O`>eE0Xx`$gQ zUG!FuwFLuJWEmkiLFWZ^CN9p@BrvnHeB)d;8On$S>Us?-PA^7b@n#L}TSvxQl%gif=Pt{6ss|Nb6K+5^r<&Vo)6 z|H0cI@S>b~;4y|<3+GAQjtef=x5BpjQ(hs%gk5#10SOZqDxKKwJX1}6;(#Q2?d=Jh zR}}Jgy6!i2shUzS0C9BsRle$vA7+t|{e1m+1KT;=bLlG3>|O^C)lmFhd251^8E7jf>qzO)@{XmGJQ01N7;o1gvH1L+G1=4g?S0z2s+SL z-B%GX;cpp$2Moi{LSs`xiCd_$gxI*>s@R;EOVF`b;DSwbnhV#cn6JSx%0~U$!BHx& zuTyMc1AhCr5oH4h;5+Kj+aCMQFax~{;SF3-9;|K;&uKUn5(i=kGo{SpNm7?If+@#% z6|Cprn^6_tlsAEQ zLHSu)j4b8xZJ?d>4(VeBotcvK&U9()hq8%O@Hr72!>tHndd z*?z^iax7P~btJHAI%^YGzvO}Fri3S8L!2-i!foHam53lgS(!tunbfj)LweDO@ETTt zS#nf?dW}IbgN9~2NTgFbjsfF?jQIK-WQ}6ujRi1QSiNH*7;4Hye zZ>UxLRZJV48)`hzE+rS`U$Xgr|4-uzDs!=f3;;=75-|r&61v470{S?s+1=5(BaxDH zr9B?WZl1=@NcQ4*EP#CVwSmwjCfmc;pa&7>8ki|fCjHUfvtc3A-Ep*PcgMR(*OW?G zuczsWu$-}}xHQLP=Be)OClXf6&shjXtd7mjvwdULO0VnkUPe~l6t-`YaY)1@ynl~M zy}&gVNfxV06cs$o#nCFXs=TU01*C-cHasCStS~IvR_hk)#vWtDNEUyTnZ*4Kn8b6- zNfp7|6&@Tr6Aor|RoszG^E(0KP1bEappZPpc^I*cMr3x~ss7*?{q~Vug2=7VFICJF z9xDgMeI%K+B`BWKUScCg^|TG(ST$u?pat8E1vI118yfP$T_V0TP$T7O`FSle<)(d2bl|9jGSS$M>`(3CN! z?F<`oCv?AB=40aninIhAW%i>+RU}tH%tIK~h@(#bOwLSXZwrVt^9_eTYzR$8*_Vu+ zW6B!S0(6+|p9CUO%71t41iS3M)TP))qA25@v#Tel^20zt2fb`X5T?-_JU8i0_AWOIybHEhtJtw zj=ji%LLEeIMEWvy>vNeY5sDZb5`$w%Mm7$rS!3%TMph0Cb2~BG9foNqBI+=df*OT9 zBZlSTST9aG0gJNrKtz?MlM0|LXpI78wXZkhE}@{YFTA7o1(Dg} zhxv+$>h9y=_vfGy2a{sYBq+3>k}2gCB)iC(Ax?o?53b*+3e{omV2LGes=L4cWX4 z6FBkdp#T1KB|!DfumfPDKMl}Qb76}TZ_|U7UcrfFFr`u)nQkbGrBJ!pOOuu3RL;W6 z=O{=e;^5dZ)KRj;y1?tjMEQ%w$Q)7Gbhl@C9jDOk{&%!|@fl{CR{Z2U7{K$oy?vAp(#~nSej2R2fTQwCi^O(3E2JkPWp;Va z_C46IFs1ta*v{7ww~-80v%kp$%xWH#zjPT2rBcDYy|A%R0%54V@D(GOf9dk?7;1<* zHKKoT5*H&G*26U8NvA1bdZiwlSa1xVfX@}W(qZr%wxetVuTH2^#o#Fj?=0sY#z|kW zQ8gL6Nku)a|BTCib^T3Q5PAv55ha#Te)&sRomHpBhA^ZWn>(4fK*qz-Cf)OGosUqT z*srFWEUn>}z2%IE*VZi1D($+y2O4V zC@mOcd?nMkH1w|~X(r)BCovKt=orL5ql33vd=3zPCh~ONRZ;yKy7vHkk`RZ?(Sl(Q z5yl8a6u0bu{7-J5r`}S_kp%g)ye;t2PI62Y1Zj!m)C@^4vsSzGA=n~2lct?c66y6> z-3c(IUFls}17I>(wt=B%2F{kYM=Yz2DDJbmdZ=vXu3i&mDbGB z)z(vk5HmKr@nI}LHJ9R~u}mc`5neI4<}E}=sX~O<*~I(1Yk;kIJO}YE`I^hKUJS_&n2&1!9ZnESIEI&+yN*hUZ@j>h;arIIjB5uM)3IzVwI_ko%!#(b8 z@pORs`;PelGnH}L|;b<#4p2s9|$AiSL= zFq$+q4%H5}{xJI!_nw=c!+31$qSLAm(je1-FM#@fomzBauww`IZd@RZu@eY|UU}(} z_%GlWN2+bS7$gkikcaTtqU!p{E$#;%rKxnpNX#)Up{%LQ4cs=>Sw;j>1Qs;5*xE;4 z)Dt>|cFBgv_IA*<5)z+9r54)m86*aA0tyry_-t-hek5o5<|gO4erG^iui1PNX5udOL|@U9-fEj z_!>VfZJ6!uAMC_#j0rJ>Y<8W^FQ>atbW49`zCL$2OWkY*eX?V`ErerQm#JjO^mC6g zM&%Sk24zdk=(%=z7HgJ1I>A+fZxU59LK0vZN`!Ea7%;!yXB!MN4aHR|rWcS1^v5YY zidnfF@>`ZAX<)zw|7hZJP5i4&nF^$j8@Uo`5kOqSkgk)%8*c@5Kc&IkTyhf>HIyHE z)MwRxwmaz{{#m%71eGl>Z#QttDGB1nXqzF6{#;pLwa!-1MBmTh-I}t(dnvKraFJ=r zzzErl!u)1?UIe#n+6D!{@yDLSMHDN$P2>aNKYqo|g#7CejQ}05HZj)+nQOQQmmwjI z$&u2DO==Y$i0#L%Fmn^f<8#WclvVm}8z{kN4ygi3E={h~4^CoLpdvAg=5B zuvF5M7s4^1)mD3=WN;G`c8pi|Bo%{vUgaw`5$DdoS6X>^`&=>`w#SDIY}H{zr?&wj zsOF{U>ac94o?bS+Xttj&MNK;X>w>{;ye$+}R()yOz}>|NMT4E~PKGsq0oML5#P^hz z-eK=y+nN}z*H`1=SS)Bd<4l|bi~kk|lr;nH$&pj!?OUD4>cjwdgNmJuvq}bge6D0c z8!-YhEHj7Ay;z==%?6$>N7e`)0!%>61S#Eb?`Mm!TA2j|bOej|PlZpqBL{-=0{MgV zUkJO`inRG#ddjtgGm7Iu`iZ`!`iBj{TYq+rWi8GNktr7;7X;wr@~1OmMTThBA5fiJ z$wW@y)uHN+8N6rU3RgALc8ji+>W{jfkU%nDjC-PkcFsRSc+c`AvSuPgDVC$m`5{K6xxn9ZemRb}WUVVp#21LJka;+*hv4I%f|@oS=@;qdKj`aMx|187H=L z@i=S;@s}rqrk<6jld6-lleUk1 zljCA7$+a9tNz{yoeD(xT_YWL=IQLUg^Ks5a`0u0#PxWodM zJE!DM{%jT+M_ zU6D{xqv}}wjaAoMS#?BgZf3*_(PB*J1*=Vscn+*@si~sWYc6Z=dkwnY*L@|`*S=@F zHW@+O*P|t}Ri~-Oj?O-#yg6o6-IcamQVIUFCLU-{sIB;bC5>2=)Pht8MQg)re>JhT zu(!;4@G0~8mAF7#=C`yAtLwx-E36#TvrtQ#I@&snV~zdZFfTg7?c+K}U7hWUI_F!s zLXjX!Dm5kxrl2M#CSB9;7@&@8#hufo%7vZNxUR87mc%i$GO`xW0__6hpdd~F1Jc^Y z-Sz6zOV7IawoU4kH)*>`?)Srs$st4~3z#tNvt*kps}-l^rB8wyZ%QOXWY{y0ia$HX zQHJV39}F%c29uwkWb@0wMM`32NXKhc1%6pv-z^0C(q>+k`X3)^mj!*EEctgvd#?>BHE8kD0oZG!c zj8wiOX`lio0xk&4xyK*POvtANtkY-k@Y0wW-nEt;<-6G{*gXW7Vdi>FzL@_GCkiOK zsJJxFBgZWNZ7K#(|0-yZUdUfbt)9{_*2roSUbFCEnjoO87oS8d;2AP?Fcnvq9~wlO zVXHZY8aeS8)4Cz0eY(zD!2f3<^`sgMNGx}Fs7I&oVI9hgO-q7VMiga4y(XnG=3{{G zd&2BnltktwpLfZf{0JX&d^^b9q@YvX!2{36ooMn#DA;5}jR((}?@j zeiFSP3T^n1+OvwyIS0>~33)OEThK0fM!%(IO27@+$0HWgGQWpr9X(D(3-uGD$yP`F}bXqsZ8NVBmvG|2U3YnA8`ofVI_?4lu=_7g*vET8t-D+@FHxioQRyYVSvOmNMO>s6K(AeF!n@r4=@yc=s z@WylyowO1e2?wzn;ThF&JXVZW?E8~m<}T4vIqoJi_DK0srG7tl6iD}d=Fef;!jq9z zA}o2R(5+OOkYShIs*)^3IE$TKfQW9Csd6v5rolrok1XGxMnYw*;4hA4T3sOB7*t)v z^@PEZBc|wm7|v(Q^!;8e(|y;gxE6|t zjjFouv#1I&iZvPwmk_`;LMN6yII>@MUVdtZss7m1tm@drYwt#u4Hro$&v&FgVl!Go zXXzTNEWREDIR}gasHT`j%-!QN*K^eK{RapC=+fVjXHp+YH+;B{y1)C!Du4^jH$vXB?}c^YzU zV(;Tx(Y0PC9Ff>*a9BB>mIJ`y=sfEURZ?RaGPf|-($e0)FXnmOHQr@Zn)b&kA{FC6)vvW#40ycIl5JaM6@ge%~jL*8pr zZp;e51TzWMHRJVyL@H6FIP;{6JNaGOFPvzHwX&h_=IZkCg9EG6blE{c&`>(3eW>5J zd3^CNx8q}Q7Oxo^Xlawv4cO9e&lMoRge4soTRMcN+(=`eU*VoYUfwdHC%%7hcu|TNSXJJYCCX?qnJXO6#dR$ccT6kmnb)P(CvZr(sUl zQCU$HL7^FeGSbjg=>@Dy$HV&J#4=Sq=Q<%VmF#wduixQO)tBS%MYkH17!d5L2$f(+ zq!C=jkq=S{uH(x!&ws)@C0Qe9A>}y&i4(`YPYa2>mAapNvcuJVtL!#C)-=mVk7215x2HeNB}$DpD(+?3D6zR4f`z-ydfmPAb(Y`W)?_$ZwAC|Jol3Wx z?{}m^^ws&g-EppZCE>K`@F0wV!Xqdxy)hovvTSk~$S4APndCO2^SeItoVl8+h0qi8 z!9sOcZKuey3B&Hkrj|_BTstZW#g8Ar0*@?Oaky>7{esaaanQz#R*_b;rI)XJS?K~D zy;ZVZR7HvLp5--e(AxjdDA5Hy3RR8^A)tpM!AJv&JjL=1A0%BOJvV6WOV2qxeM)&C z+C{~i8M|vMvBope+>xn!3Z^jc2Y8B2JF{BKRrY0i93JyLk3VOvz6-!%Ce&Z_O?<5wnxT7XM1|JE=G~^n_);M?{p)!rlGg z_mSp|6X9JW!t>In+Z2aH_4MrVA~iwvLG@yA!`%Jk)b$?!L~;|d4A;36x`Wed$2FE9bA-)5Y2BmbfDV)G%>VzvB63(tCCv5vu- zlCg@TYoY~5-P~#px5v+)zGnT~W2H1pg&SWXM7!qS8aybd6(zi+3F8Y36PAiYFys0H zpxA$WBYWg-8Cs&dG`k#}L)SF5WW$!EZon}K_p{f2NZX>$s%lpS&v$e2jkrmF&2S$N zRgXx~(P7;Z&a6YS^-6ffvd8oOmVDPJ^ zUog)Na{#-zOJaPF9>ZT?!)^It3McSUY_UwWT%Nx$A6Si-XljF`Vu+;zA7waPA&*rMjv4Cj#MGrF7A1>k z{8qG)%}JCCEs<-pygxXFeNk#Dv7^HA=A?9*S22mftW+`^B3IRg0UFg7u5gN`qeqjM zX_M+iBYv*`6N7Z6=j2jWyQIyCh#oAbCA3L>2?{;b#jWNN(OUbd|KDyq>k-!tXg|s#YzjWoxwks2CWwmc}@7?eSN1N z^cWztIc`DGao3mGoUoP;R#}p7mj|kSuNU&Vh%8LkgF_#rhgRVOnzC|2Bc-t}I4Mh!tp3RjrOj-=B)q?c4l6UO^2UtWIXeTkZ;@AyxXC+&lXy(4P%D=MEdC z3)jtQIHGhHHI?ECMPEeKM_?U!ZAH91OPZFJJ^bNVZ6E&B*{x$?CRPCgV9@!h4o6ZEb`nZ`Y z&2B5F=ZNL;xTc)!?ID;sV_y1r+r_T{M1^8z8t7_pg$@gg^Y+cf`6M``%reKK!pvkx z%rn^!$ERcuQ}5|ke|t8i5~~vIW}RXO*P73J8a96Cm1DS52d%3|@|HYqmU2?VJd1J0 z4(@8ggm6VFTb6^L66f!gwN0x9^}?;v;{MNmXy zBtj9J0?GUL!G1u)>YWLt=*x$}l5A-4h2DO>gIumVHbrW{eqe=2q+ze$x2FYWD&1}Zuu8dM!Fha#kd1H>b0M~{RwdQXIW~Y^M%Hj=fRhpobEFFVQWfL znT|5jnh;9H{cFsw$8NIh?k{fx;&0wfZ;x3wk(PAVkMr%NV#l6NgoXiA7C?f6H1S4Vlc4XFn z@?*@S8f={3iBjf*9rVIp%a^_zCT?+6V38Na~4P-3~j4QAGY>M0;^v zmdA-?(Ya?o4hy@*NiDA1{2ew~tJb~cM_D`iC2_ttLi(Npx>+fDdp5Ca9-Y!<%ZD6k z&7)QKK5x`-sZ@c7BJO3K7`EV<W@ygQ5k@2KIRslZ zj$ftA!nd2KfRMXf&tpMRyUt`AEu=g?WP3;@z8K>t-}ea7vwyMk#NV?=b=SHFORh*Y znKN$8BfN#}!x|i5>1DHNc#60xIthEKy$Z<-+C-w$iEFfoqFJ@5Avup`UJE|Wzrp0u zX<%5T(9j-QZeQ-Of;@*ji#%Z@LR%u}c}S7NgB0@e29+jOAR#%j>j|-t`QzB*SRp${ zd6tg@ogLeEfXKuky1nbcD0nPQ zED<5@@~j8u+x+K26Z5zZ1ESUruoL7W>>OspJUs+sZ_CB;50(k~5jM13zq(MbaZ_zp zp|)&S-@c+z*jvL(!WN-=hhYFVp8I%BnJPUM(y!)X?CY9HsYV};PA{QNNY-wp7l9M*O;RuOQ#Czh z^5DViO;;%^?XeJTSmC|qoLIw-iGeHw%Ru=ASUIOBUxUk*)>|hM0~66vNXu&cV2+Fj zw}qzF-4x^{6PlJ_GyQ8}C25(FN(OtZ@_O6VM1CJU$8*Hca5x%= z@hlzyi{s*~a0g8lMyG*>-+am&sbi6^JV4YWIej7?)1 zAQ&Low$i_plHnKG5>`GJI!#8>W;2U|5lj5>{GdzDFqB%6j^Qm$`c%oIIA-6dg?7%E zrO+d9PC?Ih&>})3r^gW|S9SLkMzlsm88R7@rvbm*xnXw`3P0s#pb^tI2owBd z5%S6NrS>Z1qsvW*jnKoQ-h!!9;)|+F*I5V&1zj;{3_4xxm^U{dc6dl)T6Aa&%>-iB zi|q$Rid|-|IS#{XcyXw{e0CZ%bAKO*!7;xZx>2VY`+m;Adcsw~V&Qx;>>KO0zjWi1 z@@mfvQIo-Va@}z@JL$H57I5F}a=cccIKexmCetH}g!!!QgL23`ugZp7QgfY^k zVGlQ=2i7#wCZSkFgp1w_Ll0vQ4gQH7yH@!$DRo%*sM!1O-tilH$(l)n`k0YXNz-r5 zYOG1)sVwAf#c@$zw89R*D#Vvja)}zD;o2(MV|y~dn|9wI6ZXvfZ-!Uq#SRP#L0yG<=JnzIb8J5?8 zLNtj2U|UB$m2kL8sr6H2we?l8FT3J$fzA&pmvC5O1jYKO$?)74E#9meuaDe~PJzVh z=2HsX>9e5yj&+!?9-d@ePSxs&0Eg&Dml;w)FjveJ(w5%Nu2zn#YaSK5W#(e{O5?_- z!{Nj!#ljd>T`$uz)09(-eV4c8vW@aN)>1v#;q+*FdPjeEe;e0Du~i$PYp$9hwgsks zS=i%5e0}|c1LdMkoQ?Wc{#HGSJc57d2h5cv5GY91_GFap zi}nsX(dFpUvY^fDwjod1J;R_X?ZL|E!;8tA$ie|CZ%5LMBDkiIdPVabU0F+jNG%(} ztp2ttX2;t{5xOboU2r0-MHx~5)7^%lM1Hql9F7Q3cB`2WV%a61zqd$G5?5ew`3HH z&Xp+D8>Njucz0}ARnCz_{T)RYwac<_pScZmY;;_7-aV(FSUgr&4y>}O6JM_!i?!6_ z4xC`bx$N)aW4b?2yFLeFn#GZhlY2?RjDQX{?;Fwo5iF2SjGdDnR zI|jtLT+WGgWRj7^pX&XZ|Cu(FEDbOl)b0$p+xf2^6H0Y81w?$Mn{=C~L^*^h0J4c@ z1R_oq$G+*%tQg{5l)KnC@EjdtW>HT!O}Au@WC5~OP1iOoj&XW_3unxrf3Gh?CZ6fM zhXhRjnhUEtaWttKap%p@#+>)`_f>|hg}fe}y%_`bjTI`El!;2&_OIq|jdvWao;H0% zxnsBscBN?h&NU^8yai*0=FD&>qB|N=5#7q`zm587-;mnkdc5on{wY zNg*RNWkN?@3U#EgIQgvC9rGtVm=Hk$xoSm1?Lv6x} zrTa@9{kn)2r|T7|Z?LT|iZ!di^!lg`!=3fMt@Se=eyaN?;TZkH4?x`8T7nQ3PV?0z z_os)FKKQU}et{^xswPeh5MuuAZ2@RYSeQvM2Wjjy>V@xb*`Z_=C3+Yjp)xT)?7s|? zdzL<0_9LmG;_~-lrA4(d_i->k;fqZm#on7OC{tAHG2b(^M59E|` z5rUia`SDen<(`c+L`6~jC9hS1Epzy>v&7n zrK~O4ZDM3On2L?|vOJtj-^CinDy!~ze*yz`S*b+(16Hgw6V z2M@w-T(9^*F{C(GpC&{f@22ZUiT+9`5G4@L=U0uT=gtj?QBo5qGTVzb~t)M3q= ztwCs_Yj{g{m5I#ix#pi@o7%Kjh#L^!pes=yb)fc;7B!-DIk}!v!Y~91Gd1-99^jB4 zgQs6m5?>U?Ir?g^ z$EJqXRZe1KmqBG8<~Pb`cfdU^L>$--Pj=WjW`OJjb2= z?K1Rcur4yJpm{0vQp7VMT0V(o!flUkDgr}7(MDkEQ&~I_Wwfjcwy-}hw_zcSw1FgT zg=HJWEsmXZcz2bVbeeNi!dw5P!I)vS1Y0o>qW7W#6`4iX*UutVa$YVA5n*(kukP;t z&JvS0h*%=VR9EgR^K&P8Ap-mIbm6jA#Dk2@`1Q@SwPmM%L$yIxTyd`0Gx@Z?WX6Q) z^VHIE2fx-wmz4PLYdrM}0Dh93A{7t7L(LB7K1$hCruZydj4spD#|# z58uAB6;wEyZEWN!X~fv;#=E+sI+h}@pNa3_tQnI5XJjgZrSjZ4dHCJu``QIC#*Xdo zZ-!7%sk-+n)TfrGhU0pc@iJnSlJdXJf2cGaG>5S*0r&0$~eiR;OmEIMD)t$_9-P2242Y zZ^lPMry})20{)a4{)dKJ*@pU?1qNHD1ZiV$Fp>qW^>VjyBg1N$GX-|}+i>^-XO!1i+lxpe#M(g9Ej+OuT?MpSHt zTZxZ-&j8wUTiXzz|Mv_yX5)b0qNC2o^iQWuFGS)73WsX1U&-8_TyM1z8#XMR{`hgj z20r5bm+bkA8~3U#oQV^tpLFsjP0UBS`EBwVnPB|vr_NM%W@!yex z@zb-iZ~#V!g99P)X#v;b>|6>Dwfx|-o8^iz7$&tD1PSbnRvCcYF#t|=bb5hL`-u{M z3wR9t@bKu!80b)cSPTK#L{P_tjke=c%MU#JS!@t6EgA8WvXu@c(ik+)R2c1eMawPl zzuPBLfL~vqK%oPkQKUma9v4=#k*;Q6%a1%e+6?(^3o}NfV7E`HlspsS>mwO}%}3c6 z_P+}QkyFyp&;XVT$AJ1vpaWba{8l9FJ%d8tyPz%i@AI_uFFE-i-eQOLBP0H+T-;He zp7Ng9|4z~1bh*pZ)k@TLQcVkndm`6U-TtNC(HFj=7F|}?z77gf`zsR&94ZIoh}a${(py}Y0BIQ_qCSfH@DT&=vldXuZ3OuxwNfR7j4P2c%8z^=Q<$LlNr zZiaKumundJ)N`Gc0;~r?{__NM*srSFhncXrWxt-cjQEt$ldb%u+a8YB3O#HcxP9g5 z6}nD`g_n_%nz^6)OSH?CE;Ae5ER0+ee91Wfpfi=x~P^+)ngxftPL`LMh%E3 z)BE$Ikv=)EZIA<3$b)$Cv*jJNe&3}K0yP_uU_*NB0Dawdm`;yRs8^ispJ}IVWhxpF zeTeNIpc;9%D*c((T%B&@iJ;rEeX{PM$+e?TO#O}YTT z#Gfa0AxP_cn8q0|;{K5>*!!=4?>S}W8*ipYJJJDw79L#Qm?sw>0KWHaJ83O??|0M1 zd}-^q0*2?}O&a^kqX+k)qk}Enjw!!d(MhwLHl2%(m_VPq88@!hN)?HR|Xg1bAG+RCgF@4YqdI{D`_0Ux<9c(}@%L-3A zbNw)Y5UG$?GXZVZ@7A$EUUp5AX{bOb>0fITW{COX73$%Bwtw*tsvTPS+6;E7Xpp+t zy*6)Q8*l7Zxwa`Ci1=Om1^s*=tWV<#Ml}>+@VwrfUv1o>UZ_oI{s)JlSGV!#G6fFGP< zuQ)f`;9_xwYN-y@U4z-6>PUnA0>6^tNMtOq`Dc2@XCr0}wJ}ZcMtwF}S8Z8!@7+;{ zJ0ggYA6pQJtSKp|-;*6iv)rC?!g(GTuI<`pmsZ|(63x~2AIjN9(h4yS zSqrM#+>EF`9-4rOMGAyPirID6KyyG;8sNZgksX7@yqo!#wby#y#qyAvk^$EFJ>R1K zL!WmQ&Tiq0+?(24xgF?tl8@RjAIJ3FvpoC)~4L z0dDI!RRNsF0vsT#4{vKy)(a}{JZhEr=s<^g1X+BXx{itWA zBmGw@V_!&Op_hfXTgYJ91)Eu@0i3g2;dkf*^Y(~qA!gM4D{GVGz-5*&5ZR_MDz|zV zg|hbeS;j~4ceZypg7=VSE#7VKMs8M4qqT@9gm>_)9aQMGkH3!q41SrtQW<-Hp!#I+ ztSa=9Dy=<9vDc+n=9|)61SaOf8>zL-Wz6NzP-!xeXdqPsTLM2c&a6w1S>=({+Cl38 z`;ptgXkluaoRqP2=hj=0J_g@~^FZtya4m(b<_-V-E+T(y#jPl29RTknU#@|N9&K>G)H_e*?ah@GIZ{guDmzKPd*vTIX>2heG~O;e>zj z|EKWMf4?$I7;1O;#E511RlUGC-~R+j0raaC9uJu+XqW*LNP8T6ApT2+RpZ(Ty%dy= z%3xJo{z_m1eld6j1jNAqHiX6C5d)Qk0RAU_1Q7WDNf>#tcZw*~?ScPoI76gk3MW>%b~dTEm~ZaPx#WAadRM-s^fti_&`qW5Scl=V=ADH}r?#ci zhy10+syA~_^qV9wEMcmsGDZ0lkuC3Y1JLW)%Ddqd?PLnUH`ic_fEUZ)O^92k4rd>? zg{*0PXfVi$jFswcs+zD6V4vYC<5q^QuVkyAVE!Ol#XL?!-bE;(0jNC`0{~3V$Attw>T21g_M)_?FMV0_gdk(H`7Zi?fx}$GLs535Sh=L=})Plo* zMw;U?98RC}D%>XY3KZxNmLM)@+2*>Ixm3AeyTatY!vKE%D4gh!MJ<+v>!rR{qZ0>w zzMY+Fb^_$u&CROBji4L#qW5PoeCYOdi^?5;hT5Y*H$V;A7tT?u^$zs@;8m`&jM$sX zq>^)=^Kq!k{jQ1)|2jw#wEV`P?WPpDy45(jQM9gWKbVc&VUIZug={Dl9Tkmgv16a8 zPAp=KVRH_5Dnjw}7RU>70)?zHUSsfJ9|-}8-+oZ5@M!{8^&=_}%^aq-+v549&PPxs zZ1{CeER1zT;9d8<(ML!2G@xDgW`1Xh^AXiBW{=SYt0NM0fUYxmWER?_arO!!gCsG6C3;qBJ&wT;^6qf@m~EIPW0*wTz$|e-Xf|^YnkAvjjG*q zcbU|Xqv|PLdFzCQRji3;qWsvR zAZsV^o>_?b7{z~|HxAaq{r|yAjrsp?rS|`BT*pYy{(l-LAbY13-lbLUI}&x!wS*is z6zz2L;i=NC)y_Dt>BT3sqNy9D?xzlH?>Q;>1BpHXLh029ASS%9;Qw9)jQ@vs;QxC7-_y2(|V_;`z`addUD8=1NN)>Cw*EHEEevE+tTrrE&CSjh~KsO+6Qiw2FXf{pG z#Gt+j!dxIQKM&ck%%)voN!t7=xLJTzNx7`qNl;Q*v(Zdhe*M04ri;<*mgcA1_1Npi zJ=t^Gaaw!Y9siFSI;fr*zeY*XglRUQ5VB<#QC7ef(M;6YfCGpg7uT=fYY=%EEj&-? z6~%!CnS_gK24?cbDj11!Q4-imPc0^0omHmNc}1B3rO=j%5o!LG6FZUlP?_7Pn1sP)cS4Mg^72C zuuqvkMfZ@4=8FFMU*#iK(M@62AkOPouvS{^*QRtg|1!NM= zPMb%wJL7T)o35pea1M)bkKd<@2;{@r77-9xb%I@4@ts7=yuqH@&z777(!PQE#Q(b(*?@y^JTZD0 z5nKy~g#~1fE}RVNzd_Q&=Hre2#`g&Wn!FqpFXulSs9hLXY1W95+13n$AKAlsVVhGZL6Am*+xNh<up*<~s)_B0R zv?p*PHl3G}>Bsd%Z)(j|)n`7MV<{cr)r_G^o6d>=YlMAf%pGQ>1(Y!2MV?Ad_97p3 zO;Wu4^A5uwk>QnzH9*HNDr%MAx27!;XM%{GC21v)pBYG-@P@p|8ub<-B=>&;tvi&P2la7V4MpieP`+l(Da zbGqTwEn0O4wn~@ZV{1o{XZlf#vChcQ4tSQ2ICf5Xhj=ik?#O2No7MRj8mwd-Q~-OO07$8!`3QAx2jDh-$m<`N4ceLR)kwJ!9atSJS(HWaw$Gi74m|Mgl2wmrjXJtRck|Bl_Vi}-p2)J?(Aybl>Y6gtVY z;!kh_?;Vtz#^aDAW`yB{%0J9ReZa6ieb7ho68uUf7l)I(OS&1u_mV7T$lzOm^rF3w z@sb^~FP)VS{4~DFHn?yzh^cZN8HhY<%M3j->aOT^FF#RuLVk!`dp!B!> z!Z2b8xp4EdP(4xDdk!RN9|z4rMS>6d3% zk1KC;70zk_kQ+A-uy5C!MAm5O?BetxyASvztY#cDZTP$kL%xsp`SyV~`qWrLdE9P? z%hzxGVQV9N@vhkIjO33Tf@3C1LRl69ul`s@53q&YR$eII0re;Kq3ccRO(5}_kIsBy zaD;KZv_w9_iNndslk1b^7J1KWT|O`8>m{}-A4{qA!a=PA_U51$PHF2#F6Mqzd{fpF z7ho!St_d0{N!_71QZuuX^7;#-;A`w)wRrVpm#$c14>pcdPk9Khl#QKJNKfu+Pw2>` zn1=<_F*50K+Y(x~h<Z7+kz*bw*opV{!$y$a?qhij%c=Pqq{N2-Oaihj98_y|D?mjx5!V z&4SaovZkUS6Y5<}Eu}VW7IXw0e}$-UbPeb%5D11`ZjY{EjJY5(%_*U(a^X&HS?eAp zh>>BWyO#@BwiK{vc+|SQh2xIE`XJ(SZqB&`zKE#`O?JIHR-Amzvl{hk-K*rwvnodq z;qSG2(4uY$DcRlC<*)D$vyQ@(#7@!u@r8yOPC}mSJ`bELRb07hPVfA>c5Lp#x}NEY zKuWa|qV1}}F%_xKEF@?B;KHrIJKz>q$rENW{y+Y1+9%Xx{|=S+6SRS9STOU}QnIeM zMl%5ea5|*tZ&RJSx1|o0|5#p&e{5p5e&L4qnx7xuDH667Iu7pcZ@l##D+OC*tAIwH z$<5U!{HBT@ySTfagQ_@wj(Nfccg0r07M-eu1}qmzHXM4lPDbh0Y?SjDU1jUua90rT z!kWuvZJzw(q^hjv?~Cj|XL6~vOFEh2jv z)Lo}wSmAH}(w9>fw+sDmyn8hAM^{rlrc;#HejJ>QAE|uv~W= zXDbVBOILQb{#luNCrekZCsbIz*{F@rt(Gv0)gOg_C8y{hOZgo~L8;;j{u1y*^qBHx zI73-Byzrnw8jmTd_Tt>IDfz_HY8(g(+uG)hAF2d8-v@Eb6@#ggS>=n@xlf2NH2H9i z5X8Z3obtkz^~pEq+{5FU!3QjpvL((kQ`)F7UKC;TfcFs%VszYr0l_+c`V1F z95o2jFNt4=DL7R?+7h{+EO^W4)d)=41Q#R^STBfUBGS9>&gXAm`F4n|*-qqd;_*1g zG>nj~?O!~4YL_qXGBfyplP;XcSXDLd7=|%oBaIE=qK8n@&+hJq?IK$-_w|#}69db( zvPMUV@TQuYvSc_}AfW|=(l4c9HpWB;8`t&XV}uSC%Q|Q^n3`_`g4w(EZPAT>U;=Y> zCwP4>FB!rZlXSvP`TL)l;m;8QjpZv1S@7+F;+ zL1*06u~3VTS^kaCi*U;?m>Q7^d@}Q~2RgoN*W(i&Bm6mTh&o(;XJa0Tu?9d?_=@YFMH(I0!tOA&t&7}Qo>jI`1D`^fZjfwS&q_XPF_sdM)R#}ob z^fZf(cD{W%Es0@oo7Dr2BiTt;`r%yHH%;iQ=Sx;?4ozIwBd`pISnB{XL0E~_V!{b@ zV#^D~%d0jP+=^^{wvo(EE&&oOFmiD=iB^}*=up`<7B0k9$r4snbC#l-0Sb#lz8$iE zvp=)$V03j^mYTv)?n#SeeFdxk;0~N&6Bl`OI>wY*&4j~>`Xz4CCy}>};^pMCqIuJg zDmbUx9#H=rY?H$}6|caF(7h_#q7BEIpmpnx*q~w6VDGVAye$(nIL9|BHOq&&mZA}X zrK;Vgh+`9$HE)m6Ta(|G@QV^PHRjd=Gcpbi4zM3*rnD0RBMx@_{eXg<@jw1&4ZzIx z|5JuBGyf;SS|?7(a*z>L^qD_6g(b32a*1e0j>>q}!eR}CvpE49dzEsExTWSIgi2XI z@Z%e0dv5uwj3QUC$DtO4JdKxYn9bT6Ni2)6tR3jshP&NyeMqDT4F8F3cWxe4c^&w~ zO>udUCktO2^S1JVhR0Z*C5yi%@L>RbpMzckih9vy$38)lfqZK+AP>g%H2Z}A62ssN zm%vNJTuSe|xUO#(J6e>Twctl755HzsCP&of_a+pb_{prj(bSq*?n!&K&*${&_pIP* zl)`HQMJ5rm19j~cL1apuOCa)UC;2~@h~+;j)&DM&n3*}a*#D0@iHU`ggYiEKr9*Eh zcjd*+=kKfz1{No?2^n_gM54$bz97&jM!^tJLkUP}azUA2!U2Gge}mcOXc5rOnu1mp zOJGtJArfS*JMd)@E)`Zy&BS?Rsy;fU3F+5k^*B;%+uU7{jQ*FmtUf17Q z_j=RWP>8?miNo|&{^>gUeg(bH|B?XzTU+h96gHc+zgwNn<*uXT!*?}?OPn)O}? z?7#1fPc51$I*kX_Gb@;n> zT<5p*5q!+{eofs8F&(S#CA$trqc&t{57v93w6xU>XuE7Q=%RA({x#yxpd2txe)J*) zo^<-Ro-vR1GqPSrJ}DWV>&;l2Vw?!-JrcPFi#E4(8q40`st42St4DHu2529T zJ&)I0&|{D)Ba!%YFnSoi)$I1K;ZKlDwhG9s7@X8HsWd;|qH8pOYhpgXRo`miRNZ4nnRzcySuK@5O{ zh>iOd*<$9ZN8S~nqhFYk1VX^m!pK+lw*SIis5d(~{|z?xM>)?9(+h;rR(B1=nFYbG zybZu$3NAoULj2qjmI+>X5g>y5u~7do%t4ruSde1-2{C^l<{Du@kc8kwnBUO#NIgM_ z#zr2DL5NQJj7tZY-1``h&Vn(V5yg)?-8V=ru<@TR4;@6?d#eRcK z?QjB3^)7`o0!eYd5w*!cW z>Ig1j_ncFqZ!bjZzwVK6ICH>Y5OKKJg@iu{X@kTDMQ2dIf1wW$)8dfd$)&gB+h}6MoR7DS~=$BGVSxG>F^5 zZ1x%-crQrWG45m|75Z>{i(!5t1Ov%o%e{+XR=XqWJ@8Az+abC3+6d=}HNm-q+X3gC zx(Me;9KB6pIJ@mHnf4&oy?63R+d;W~VuLulAul-gC?BY|$G9AQ(P5dp#V_Zz!TbMe zxxTPB0$#X3fNh8Gs_bF*7`VQmZAClbZsqNHK9FzWU(ohyko5d{cAH-+>@hZC+&MP< z-4QmzAGNq_e+1cnAkT!hp;fo3yDc}FFVZ(WgQ>f^D>3c_d(!p-AMkZ3SHc^8bud@4 zJ&*|Y8&EuZenHz#-iYmpZhatOn_&#SwkufM2ncb{umNCf_yVX^(fx5owuyirxL zeI#MA0|jC7y*V#VH>4vaJ4_e%tRrSSP?f7N@uP`%J}M!s;wTo33WBG`ZY+KLo_ zg4p#L6vjmu02)L<%KaO=^W(H0=zH0>2Zc9i!+*qvsqv7EW?v_3e=ecHvd75LNrC={$xKMW3Q0lde?60IgVx?cOK(Q^P zuauy_(~6Yo_Pq^me_!*zOcLzaNp4Lm5aV%4%m zb10@G?ed0s32NN2u*Z&9mW1?3IUv<~vD?A5Fss}~e504FIQXyqd`iFfJs$|H`BwUt z_P@t({Ve$Ujm*@*OXMpkbFry1nLU);_kviYQ1}K$ypU-Wpo<1Vz=`t(kH6{_@-ingv4-v*P4eFa%@`QeZtK$~^?)&ny?Nu`Qr%_==tfifJJ6NPc{gf zF=!)RqN4AKo(GSf@(?%ze(yDosjI5KtXh6;2 z(q^KsWMdQDe1Ev}EgbI3r;y^A#ncGvyUS>W2s_lwO`SQo>#r{{QGTvU5z##O3JO?E zpy{P-jeQ<2$g(wLPt8dD=%GaB1G9HMv%23D8ryQJlt#~ZFZsN+;{@XMf{or)ufL|O z52RwS!{(gxbE?o)L5qol$Wwo0(i21Ss}XYaa3Yf24{ie`q+YdilFxl8L}pT8R>&(w zf2ijIANvMxx8ss>3MI!+l_54J`XlyP$#U))B&8orL9@}rSX1E$ZwfP|B!Ls%-hH{L zG9wQHZ=sXv%zh5~ae)buE~s_`6)V(lAlV8iVIdj9k3i^sS(8;`RQ@T%Ox+x}fcy z%1g-8JONPKNp0hSs}E?2>h?`zxS{O0So-1l4{fq4n%#2qhLFjiXK+L?(Fk3Kh>pE} z??aH#Ja~AmhAQtL@3aUshO+>Wm)y#C%}ol(Q^}W^mDZR8ngzA; z5WaJ!mxsZI_5Q6k8#GT`vRpo|2sHQ|mAZaxaQ|x`eH(8B7Km*v*Lm(>dj^+pD4Ey# z`hE+2_et}8-0d5Rj+tX1|p;`uBKRtg&p{gV@gR&ZI zu=hb7g)5P0f$l-IQ|S!_;-pV^r0M(f7s%=@4q@cbfu5SicIIrgA}Ex_z>B@1U+>*V4+&I-?~iR`%ZG zX#T|pfXQeK05y98Dnp9a@a9QN9K8F2v`gbAxM^P5geq+on#R`ZLhfrlV?5 z6+PnuKSxxPSVs8%uiZ6@fy%~g|KV^|vOCrN80P6UD#cYuztPzo7>^;2INF?DC?FgK z2OAp)+p}sb1Y8bBX`~)px1UK%fphJ!(VQ}~y^0Whb0srk{072lAXm7d( zXT6T_$v-b%sh+5rrJ2&zsxnxHLjGY>?4s~#pk*x%{~_l@c+Q9tD{){LF&*;GGPqy6 ziN}{S%d}xEx!g1(Oz}aH3Q;rl>&viM~FCsY^V>e0lchIVAg z`)bSCp94$n#hi5R;u*PB9oa6-_5uC_eTF8nY{bS3IpMgAMlSeP1`Z@Nplv>04Ha7Dkx>#^&tJfg; z&HqDTgA_4tA|sC(p+OHva)?=>twuNTFI*_Y9$Rj}SYa5Q`KcuT?>sQjs-^X8n)X5M zI)<1LLaXWK!-04%KPHX{{hHKh{Y15Gv}8>dPDHkw?!Q?My;vXF8bWS7S8H|a?d)Z3 zFNDOyj~Ar1;D%&quA6;(6s6S*ihk}N%m=$)i(U{kTe(t3sz#PZjz;Qg!fH+%my^{| z^`uXFjT!zpYv1v>Q&R_MhKI`N5ynChox9j_TXSo3Te}W`h9MVGqJvuSK~=oh{@4E4 z7E%<->TiyRu6Docimqt5&s;^4eE%SYYKj>EQ@%AB1CzRjqH&El7Uk2iUbfDI{foTx zRMyf)gN2^K>@)!DGh%0Jm~Zjr}19F;^bX%u)Uuj|NKqbMV%O(z$A~kBcx{Mtq`aDs@KWb?j5)GuGqlUxP z2pd2Z&)2Kml0RBM{L&b^IuU<@I4I%ft$S-+Q-XptIMEQ+A(jgk@S;me2eHZ+`QfU| zD&6YkDuAJbvxC>m>8bmorru=qDnv zjE;;fC2eSiwBOGmuvNd)y>3V_NG@+ph*f7dRc%YejP{A!tbCU z75y(2fp58`X3s#pCbIX2IT2RQeR5+w#gBSy6Fp{PgzPXp( zIoNXtjx%bqDvh6InwDLZ5yZM(CKuP?O=IlT5M@V(Dn!`)j(sPa8@F&%n37slCygSD z1X37xA5WQa@}Duys_0Yv@)!{@2$wN3V6VOg#DCMbDjd9r=gV+qglokpM8kG1*aF`s zL+2h+dniAFrdObPPmF_|69#2+v?R7xQdA|j$}3TZ+mh5yAx+iEQ#-gI(#MhUSLszi z!4OL^YuC+S=(qbrFw9gB!;`~BO&tVN{llkl`&rAMS#RG@mkR`ej#u3~8sz7k{Q?bo#kEao@kMLkaLw0ZU`3<&1CrCdJFA}IPYLeax>{+7u~50PmP32breT! zw~x#l^QGS#z7>mSwL#ok9nt-`4XfHV(Dzv)qlu7@86q4skc(Mph6!zzTeHDwFL|p3 z1f0}@pjV=#>ftQNI5hi&N4%g7V+C~_lA3H0M+rt=CA7Y;i7U0R7A^Q4>`xbU0|^iR zY_qfEK9o&zP;uzuT?@7w2($LZ8M?KX(S}M6sD>g+SMp@2|19t}rBTHNP4|Ky?D7Xm zQi~`CK+BdZs6>;i#$Zv%QF*eqO2HK^0of)5Zs{|}H;nqLgKs)sxbA98M$m0;J&(y* zJj+SkUC@j+Sk$ucdc!-K*L7{^n%UJw+RKd(Q8~*&#~at+#)IW2Geiv7ro7?~wK8tr z#v(X4rdKj;}AZX}6jn|9gGGk)gtVbgs23vB}aro_W0Tg{rLJ7H?X!phEGfV)V5p1Dtu8YiWudnH>wW`VvnT?@o8iwKW0^dE z<}9q>4*vR6L7) z%jAN+{SVGb5puiJQBIULAvF?k61+$7xWVz;sJ- z0HxKc4~tdc7K&kY3Dh)TvIP~-P^1V2u}%G|yDqzNgn={FNOJ%rm3ym36|E8*q2ora zb0LVwT36+Hz)58oXz?Fs!x=XuD1*01>eBwD1poFA8URZS0GfGG)1jeNWrOSrMGpfZ zTrZrvXIOk(63>F@a@S(JZ7HQQrOvobouWDHa=R@Or13C`79*8LnMFl|tu$dr0d)Yx zy9_zEkPy%@F&OW`+y(VKbhh7zmcy7Mr%DQ3E#|8stfY>EDZB^)hD;2FQ5+XWuz}&_ z?QFgL#5c&6%NjR!KWfq6H9`(8kDEz$`E`WmfXS@e&wT)JndyU@7+}xxvJ^!vh)Pnt z8d_~bqI{-ijRkQjAK`hSHOgrwaHgXb^&e0lB~O3WD69Y zsH5>Ry9CDkgMGk9f;S3LqU=U6ATnbt0{$4I8hqEWd8yBQxm|nE!IcqJlO;xPIc9IZ za+9LlS6+G)T!Y3r@0Swq>}3#LwX7?s_#1|HEq@F#;L^_QjSEM$`NX2`U@K&3|D=6G zA?pN%KR)x%a8xnat{XkN46kWONa=@N`o2&Y?Am5GX^$aVTM+ z86XuPdx#*L`yV#1jf=7yQX)dvHDp?&a)FH!;n|frMeHYS;X1MemJ!Y>_2;iWM>(4m#T+&=?nB zBF*#|@aP5{^q8Q}N+AZfMCRr{Nh7Wi?t1#B)4406_JOIsck$ok)2cH)-F+uQFj)o>5Cg)q>yT?gXt$C^dsKI$F`sQk*_6XR0c| zP06kbQpH4QZ{T@2Dkg!DoZyME`Fg@yUE%5pR0kox!BHved$$N`LvUbS+H)vxTw_mA z&s{+2UER9SNC^ugg$lgvOs-}Z`Qdf53<=uI9@OcA(7F$hxp)oI@3BZkzA}h!_FYzc z;z1yLs1l*L2^~0&djz4=J5no`PJiZ*%@Oi|T$DK}FB~tNIT-nk$vs z!F@DLhCbxn#Wb(&Xy3He=3InbRBBjCwp17>5_HVb=uB5AfaBa>;)$C64uT%?EXmjZ zhT0sjKkVxA!l^9Du67t{k)D~Dkh}=j|8>^zk^{BP>fq_Ub)ij^{{s~+f>8bVyxSzb z&z@sJaARAH@~ONUP&2L3)L^u`fkWVT8URbR-e|g->M2I5J8jNK(c?qaa{3G#9y?&j z$;@c^3ew1Ix+U2|JS9|*gR&Z!;to{!j&j_02~5Gsbl}~*9nfCVAiCK9s*tX9RH0f3 zZFZvjjF5tQ=L)IrO{`Jsc$gC-qhIv%R zaI8rvZU9e*L+?)4D~Xsu?T>|-p2c3|ApbT^^Cgp27c0PhFXkgWmAIbMP2sGu`1|y{ zyT*xpP?s0?owwO9i?Pryk?k_Sg}}Qz$s$~G)W1g@{-IBPK$--(El}S$UNa%WNq^mX z-4cb8l3f+mdOQkQEjY5;#m42*@zM#;QF3Q*Hazm0vGs$?Gai2ytXZ5@2Nkp-#l}G) zGjO4v5PQ?CZmD9K8@48ak;MCU+rWFK=L$2OHHmyRFqBkMy05?xRz5g z$v}7|fLg0uL&cVaJ+Uh0r$%Y{x=fw!pMQOd44sHH8`exuV*Exk?hYhz0!o;7REkg{ zrs_vLc0YD5AruK#^)Ft4p3TYdpfEv_9Ifh7SVaKR?_9T@OZdMkZ%W(8u`AGR(G|dWY)n?)mie`v&(uXRm(9-?I({jRvGCIo+ zYRYo?qEZ=MxKz^qMjN!1C<;9+7jqSx%@_Q}OODZ^*qZ z+5P1VsQPkk~kvGA*T+BG;0Lk>}0(f5?fzPMlPHW(z|F=1#X~hSci*dmpTNDcf4w znP^KhSfguE>^`Z~*6hvL9k4)mW@TIrumS956rLN_J!iMIiPzdtO#|YKo}ue-tLt{2 zZ%_4j`)cp@{(7QX-OGzT8d5!MTKZi?O{yHhoj8(<# zU9?D=2LwOBOh;>HHkip@*&W&V1#HdM`5vtpK@qiIJU2ctg2VD=Lk0kv83Ww;FwbG8%Jj zdLs7kqUd2ndr?I%!$k{^!p5Sa>5iXF%87|GE-4uArWY0aJ}Mf7jliDD15yhKJv<%a zCPV7d(5r$;Itc(@4AHDQ#2NxegB7YqE(gDm_rYh!93tLkM#I|NAVQQa$~dFMcQ-na17Xn{WG}$pUjM-AeigfzRdZ8~5vL_(zRokUZ>2%^DH&B`Zz{Uf7 zcK;>_g<)I6&2{QK)Y7+dwK7l&sW_mI?ZIR%;$6#*TBc~KROU@jS)x^Lrf($01iy~c zs3z|{aNTExW)X9)I_FMd1>sPb^`^$BDrONOek&}sZBwE5(s)`|SLfjW+6jM0w#5%;A zYS8YL^N!o1U$eN;6fpeyhed${_lu7PnzKD191LpNz4sjSivDhBkJ?ja?;YXS&j?}Qzg%O?SX$!*PgeYBL3zx_KkimRSk(v6*^+LUp;faDdOYowT1D_m6_b|uL z+Mg430^v>o8o^L_E?bURHJ+M)>~rgz=;8Y? z=v&~7=gUuQVac+jbRY=-K^3PkGhc)E0{IKP&3SWA|%x_cfvR;);tqBn1IwG)@jyh+wOG{rA z#6aI!5Wzx8o#~#8r@;g zj=+hG7{wFT0=oatu8L)fKqR$mZuU_q_3!iFz)>8MisVS1S%Xyn^zF_piV?h7W^~r9 zZQ0z?Lsv3;F9ym;8M13rbv)n`2nZXwY+SI>k``F|NR(Rv)v9Wt6(eMAxD@PNE5kLw zCwwD6jp8iKap)$X*jzN;ri-TT{^#g80+<}3=eu<9;@NjSu4lWTOIhn6vTVs69D|>3 z-|zt(#v4Z;GCkHdkgyS(#kdU&Pm3O#pVZB*UgZ^bhqtK4z?n;GmHU(bc92{1mh)74 z5lZ7S`&1fWnCHK(lo(>CLp3|T@Z-wsvZ!0;c*N7_ zAT~SC6SvcU&nw^kWyI=RME0!#L}Bz=XxzQ19_ zM-f~!SXRVP(Z0~a0&W$-kBs0&cY$egl^yBTlsogTcqYxR^A=_JwoOj-uo*I+|1HW~ zvL-3#_gSg+=lKGPw=VDAz(Hg?t6*aMlw!Nnd48~HnqP##h&5BLU;q0#I^?4|)caJ7lQ>$6kSLKGJaJ_P zFt7_ah3i%p@Xm-{ee(s0?wTRj#!_}})dylpiasBF2g}?@-zb*dFoJmg-gL&XJG)CJ zY=FUNIqlf@F#i6}Jm(LH)!+;MTc8btic$h$JL0Y)B1jC3IB7lHGIovUV*SEyg)FXu ztiTg8ZWkFULxhn5;?yzThWE_VP&nRZMd?cwzItYm=A{@Q|4%q%qr|sJ>Wp5h-34$4 zT41F@gqJkR8ax+7UMXB7E!F8?{bvmg>cmk+PcG@u8jw+N4heWDEnB*f|g59Nabee)gC)PoP#h%5esY8T_C?g0{`WQ=i z3pTX8;^im;fxqD-qK@Tv#Noy^_Eb^9Qj)$NWQbLGX!qEx5oeqLOO(-u|JXMEuP#N#Hp zYeP)G6|M&*?M@H%0&(FJHn>&??D61tOOk%g0~+PqEnM?r<0)E*+C)sr?3xrOg%!7a z03^^iGCP`e0NUjkpexG#_<()#&pTANFnE@=7MR3OkiYNE*E1PN0Muw-$PR0SuF8=Am_$*)pQ=)jQxiN94Ixi3xX377(K$J;F5;CL z;Scn#)*I-OQ<32E(sJO85Ii(Fh6;U4T8|xbR8hnG8c6UGwP6-nuE&QpKg6z#a!bnu z-M~+0xYI@Oxrvih)a3b!Jq1h-%E?oK#RqO{>fSNKKJ=V)A$vJ+~E>J&t<(>i*x zWtR7s@sZkdH(t+0A{et~mohqw)mZ3@|1-8}FUJ8nS>)`(o~w{_g<}v0pJmN-Jv(*r zN!2}Ef1sAAF*woBh|SxJreX>wFRk%EWsEVMvaJhu>4shC=z$P9b+c3p>n4T z@EI#i@;jOWwHA;!HqKutmHVkDA*LrkPoC8m?Jtn;NlV?Rss& zmHtCUy9LPctu$=&uZWoHAbK7LdrF{k1I~v(pYw)Towoby59KfJ{Gk-oGR_5Yx;(DN z+ol{?U9R@Ic^K1hg@{}_&GvMd!Z;x&S)QJMFuN!!@Wk-{YbX9SuEy(eb)j1|U^V+c zWLN_!I}gO`rdlw2vd!CLgJ-RQ2t&rcf}Aw1Ur5v(3VO;GE)So$)Dmz$&qp4!|7)xx zXl=ED^0Wz==Y4#5>yfSjXUF-k_ioy{t@PH{7MvQ}xX#zjL%y|J{ ztbofNy9r+Mq(H>7=y3O)V3=@Z&zONrL9IR-aDOW1iKnaoJu!UcEPQq=jhnJr4;xw( zAbhWt5)5pv>00=KI$t3~xEWygDGq{?)p|6AayAayGI8nfI|2j3bhom-_tM^r=<|h) z6FYUjF$-H=vwi*)7(a#Rup~_vF92(b;CIdXzJrhy^xV13j1^HA7RBs2b2dF(mS_9K z;qQ>8 z_Kh$|-g@}(Pn@&#S%rA>6R69TOlKZG<`{a~F!D}A*w?Fb_FY5V>>s;}dTNS^Q5(bc z`@aVKvWUw`;D@}6(c6>1FDl~pDPzA`b^7yXzW30z=&jy||7Sb0zu8sVsM+CNhC**M z+(X+hdA`dIbRRsIA981kzE=}ZD0;uH@xuy;qRL8o@F&W~yq^$SA-)l83^~H~G*?K! zfGh_G(&VK-5MV8+79@&l!(+_0Yvs4L!7~fJ#7^?xarhU)(fsYvR6S`%- z2nfNB>JmmP_kSj3>tz(=FvuoQ!Hiw&X$9$FiwYC*jqx{u+T!sy()VbKkL7z!XC zSbuKdFZ|G}^uOI;wbXt1pSYq0>~MXD?{c<%h&vp?bSLbImPku+W9SlZ(kB=N9Hx^$ zDzTi{0We6@M=S%eD;yVo=Dt7X#0G+n%%E#m&yuZ0*~#iz4L4^LyH*;S^8lZMfMX+W zgn4F}V?%C;c_o>uG)+djzJ;h$YnezUy8cGQKPbgwGG+#ry^X)-y=Cqh7mXqe%LiC7 z=5b{jnEv%EM_P~m!4k-JV;m#||Ajz1dwM#lIgHf9rbxfIQ zC@y=@;>AE_^P2y+_htCq^!H3PdK(?tFyOS0ZshYxz|Y9WQ#TFtM*I*YX{IyoRu4` z=2f@RPF!RR)JIjX(n?=v4AnPQYo-*r{xeSRsR%LYuC`1ma{i~E-ck`^l2gs1adcH~ zoL*tYJ&~m|uWst1Qad@TGR5q*tempiPE5-(@Y7{(ZM0QZMV;4{VX+c7k)^{)M(b1N zGg4MXEABmt&m73KVvi(QMjCN3-d}9d@%dhi)%hH$D2lFXY1-PRW~H;ylH&NmEFZ@= zbJy1$HD|nA;a9vGMK?Me*|1#aQdw7aRXu%a8tfG<7Bco z+o0-$^!40?G{d2?M{OW(DKz9m$s1SDZHQ&6#uq0SRz(T&voO+^VAH$GcoPM4`er{` zosEb->(?9A8!$6rr8&!BlcOaDNDh-4ATvRwQIZExc~cQ~AFBoWJ(cz?Us&GAv$MUF zmx1dsE$mFRV|z>f31ld@yors#_7+kNd?#aj=`01$MOoNsP=@>RFYUuu2qf|%U5^5N zln{(I9*Y+;Bux}!CQK-PTSQ$fXjhhQswgh6uzr?NE`zo-X+f^3x=^+{5_dza&+ndB zfl6+mxCZ~dC(zx!BfzUFN1mRXecAxX&SXBP;So0iVs-oCk`C zX-NwAN!-ZmS4JBB9HgQILg#0|CbLC6;TzXiH|9mFZ4OQWU*z^CrPfX5vKUv|a7AM8 zl>IFEUH}!{XY>tS=#-cPV$1!3fw_!;m}sB+2a+7cwP|zNf_q3PrLPlo7CT1sYx#Qb z<>DFvX0LmSh{+i0L*HppL(S$dTCvq;#a-=p4;)rMtlS1L@;ELP5^=D^OVZXUZ9?jV zS}E16ergiNv+Y-Z+tE>y2EeDJ zLZSk-m2sS;Mngtrqxs&1mozO+N9c7DD(g7dHhL-Rr?x3w#KV|bzij8>A zYP?cu*d_|NQ^Ijl8%7I4UP7v0$7Jssr-uvu11tnsW>cdij=I@cjH@EuGy~gFWyt@s zAO8^w`|rdPD?2j>^Z$`}VrFAv`A=5IMdwevT=YvoSH(w0etOXD*FT6v8AT1*(OF!%o>W8So-_7KA)ExE_t~ znxFxLdkRKRi@msaPn_+4}FYK$~Op&Iy-gZ%mtmZ9D@;B z^bSIy8>dbhKk==|rS)*U0nRU&3Og(_jZTEN*kC(#>dd(drazbbJZu-i^@iUvYr^=+ zSxewr$tw_II?NoupqlTdzYn2j*1`Gmt>b4-3N60jFR%^Y!56D%&6yj|LK_jA99{D&pLOdj zq#!x%D0e(I1m|jc;N1$s@p!!L1O_pfzBq=#1Y_jle$X|eUxhdlkPwf7jI{AqBq9+| zhjf5?qz5!01E5hw6EXry$OLExyn-yq3}{6bKpV0G+5s;k2eJV=ksZ(l_&ahVC)7R2 z4RtT_0Qyu+LS8^W^2L8c$tuby2{3??0aK6+7zF$krJ?{}8cG2S0saG}qaa`gN(IbB zA;2sZ!zev|33WgjfE`urgt7p$Q5Y}>bp-4T_zUWSIsxXQY`{E}6TgV^RV+ZA0Si$s zU=hlT|BNCkc18Js-Bc__1%TaAAz%+w1XzM1@xMbabOr2*x&hvRiUE58{tfj;-2qEc z55O{162E}@AO-M7)Dy5Tx&g4Civ3Y9zyYW?U^yy_|AYprI0*Ft9E@%R9D@4Be?&u7 z9ESP<4oCgtEocNP2OO#5C^QhT0u74)fGW{oz|nv$Xbc(x^|5FeU=$4pyh+7zXhi&b zRE0(Yjz^;aZwCAhO+b}^6VYhENoWk~gQlY@sLxRG7Bn7k zCb}8+--;#x&Qh@&O^knyYS1LW*=P#j92MuHsqyn@9-0O?A590m4e%UVfMx(LL^A;w zp<4lOS8*|#1-JxN1KxpZ;%CuP6>HHPz-4GI;GJk*{421O`G6}_T#0Ure~DJ11%Rv3 zLcld>5#U|u_V^d54lM>;iyU`th_n@VK>(Mg6dcZU2UUVnm2DBXTKC~i! z8r`qr1861SMzk96L9_;rJ_L9gJ&f)Gd<50SKSzH;YXKic>i{29@o{ty;3l*la5Jh0 z+yeL+dIH@G_$1l@xE0+8_!PQ7{waDIJrMr{J%cs^ZbJ_OZddVH^bp{4=wZO;(VqZ! zsQ3bU6mTbc46p$`4!8^O6xxk80q#MY0UOa1@snsTdNTeo+Na`+Xe(e7dJ1qqdK&P6 ziZ7vUfCtg`_($l^=vlzOsQ5B^4zL+L5BLh&0eA?#0Qf4}89#vzqXxjgqFwP1(Q7Kc zj&=jSf%e2dKyRW(z_-v|z_-ypz<1D#fJaah;Jau);87Kip#y;Lp@V?$qd&)wqvL?@ zqYuzu06#=81D-(5@%PY2Dt?R(0iHy!0-i#L0Y6dkQ}kEB&(LdtpQG2~$IxjN&!9Ks zN6{DPEx<3)+kjuGcow|_cn%!_JdfT5{2CpLzl*+6@musB;CJZ#_!0CyIu7`QiY@2^ zz#q|x_&ew)^bz0%75|1l2K+lZ3HUQQ1$a@#U(l!Vx6vi^8Q?$A=YYQgzJ-26rvZOQ zX8wod-=l>Tz{p?krKKnYK{?-5B)4x)E`d9zr)4x=G`j^-E^eN;f38pepLqIzefocW`oH(-Z~Q;t z(-9)-xC{c1%pk0mEND3bFDt)sRM6RvDN^Z1#^&OG?ZU)8JqA70!6EqKrD!E{9KN*@;#&&b=V0(ncjE!^dEgaK zv&+Hr4*;K4jcel-@q6MM;# z|FfTY3_RN-Oq9j(DG=Qlh-SAz8(8q>M{qL><5UtIo*ZSKWS?U% z^GUHYaU=9d2t3_m=oM^$JC*Sqd?!AEzaqWJIPxd*C38Q!oqb<39`5=kh!S^$*ZK#x z;37N(kHJ&%V!RsPiyy{E@G<-i=}Cr@8RREsDpSM!nY{tt!`M0Oa&8s3mj5PJ5jz}v zFZPdkm-s4(i;Kbc-wS>6INaHO@EIrJeHwj} zX6oU+m-&MAut(WA$hix*k=w*=K=1w45?_7DZHLLaW7>cclZH(=XH9{n@ zLmzrT3dvxTL%`m~Llj*A5#%Y*^W#_#vh(09+yf5)$&AC(aSdJol3alw!B44ee*qr^ zDSd>0f;Jn7Pi=E2l22|RgW!D=nM7(xJ=s7S$qDj1qhWN6iLo~f z1M?2^8S^D`iMayrI4iQrYziA#ekQ+)Z{q)^DbV!L z4AuRHDh2gjh{*{R%h71HPDr6{!m_a@UZ+;ti(g*QGb_#HUT)Y@! zz|&wAncS^>7H`LIl4)!mvEoKV*zIt45uAz{&W2XtDDw#a6FCX|<|r$o&za|;^+(AI zOgVdj8;Ylb1uOwpQWIZ>7IGEr`*;ds@JN)#QeLr`>B0t}1bzeFCL5&e0#DY2dNSp( z#|4@*0Q6!6c!)>f{Sf#G7BpxY*!U>$V(+3xemH4DQ#d0AuY(Z#c5Encxu=08OaUgf z0hsUyz*iQ-FK&bQwjOQ6D`U3Rko2lo=HV?P2;S`uFeG2RaRJOx^IGjQ9paF;*A6>emjQEqG?*%dEis^NZ510Q`R zo{U9cfVTk4J&2ytaA>?Htn}=ul=SFc+^uV*s4zb-w@c@o>`om!gtIa;(nD#f!IXfU z>`(G}J#LrNVYgW=X31nU=yjr2(C{3~5R5vM2Ft4ChEP=l8w%cdV@J9j91lCjU$djC zL55vr*PqiMSE;AT*Pp4tnUnwNOeJxqa`j9s$;GI+V+Xl3C^sDG9h95!=phwQzq@y^ zQf_Eb>*Z>_UacFT9tgk}`hzHz@(LqpV%;XNJVLHZy-?Fu|osy zH6eI&0}9^IU<#|JpkC@_8u(rf8uc>rGfIicsBzA~+3Rl^DL&FcErWT7$M% zRh`t8?x){x;L@a^T=xqC4G6aUaQ&X~ZF~4M=@&$+R8Ov|8XRx0H-y6tSy@y?G`*lt zp^ZJ%?fi}%<~NaGuv(I#0P&&0AlvbkU9&;_fdK8`wM`1T88#Yfhg2lCWpuN5H&U|0 zl?|kd9%*hrVjn?|)V3eF`t_`(@duCA^uD3{e$)s1h8*WMhIrC{BDa)=zNt1hi-SDdE!fwkU-vUQaptEsqa zM>X#dfIOM$6tS9v6kL7RCEj=`aIP*2R>M!mQsY|Fbkhc@TDokmHviRfzjd~)n{A%$ zxP7Xl%K4&e)-~_DTz9#rdsxqd-p<|=zF|qaq?Jh@`Ad__k{^<@<^6%uz-KA9q`Z@g zQ>Uc1r0q-3&#-4|Gr#>$d1sNV2g4o1E5axK`~Hu8|6TQmt0`r8HXI8*U2f>%)4 z)e~Q(XVG$R_uX&&zO!|T)KwS&o7$_nHoiaqL+Ji5m7S zMs9)U&JyMz5NR!>Rh^J4EL|#YEgmRcEG};?MkP>}t^jn-377-sGyn`V@`}tfUr{)8 z8Odxj9a*@E*+XuFJe`9~c;0?U+<)DZl9tCc#eY>&LYa9wUIgmKV#IO0?nkX4FbqK& zp;$C&YqdlRZbq>iOnKVRF~b%UtQgFB*sZU5#ubK!glS8p)^M~~ZIA@-)?xr`wnQTI z(>Vu+!&W9g*UsdsSl{JH$Im(+$zk?j=YGNh0$+ zv%O>7IFjtL!y(HD#Ev#m>=??Fa9*ar zE2HzSN($aoWv#YuwldjP#Y(K7Carg2R}&en_}o4Gv*je5R8*9C(`ExUZ0>xMtihV; zg*6Y+evP(VjJ8M@qh~L+M4^ECSyXbirKDxGu~XQ%L^`Z77OytaLMm1(AlT@?zEE44 z#`D3H^iY0YL1BnuZWkci94;ty@*0Oz6T$@r`FWvW3U9YLoEY=8%#E7|i`h5VK6i^_bx4Jk>2K5meHG6FQVopf#OTwXyv2OYBGZmBq0kqzd#! zLfsWH-Gq^3(Fl^%gmd?xO-2Dq#jM$6ya_Q9BQp&1y!o+p>JPVGYLPC%uNRjTQz_yQ zG3ON)6z1|8c-tk6Pe1T(`RIeo7N&O(hH*GHWwDJ ztl@Q-xM+T*K`bLUEd~u_S2W{N6E4WNY^;V6u*h>dge2L9Z7=iSAD-fy@B@m0dkQIL zYaVjDtJfvWy!>M8S?X}2#gXh{i!%a$&^2mFi_SSHYAtj);TCw!RV7R3HR+&#N~cXX zTJgP%ZOY0{OBZ#YwV>;uens==c3H;mxTh#{Z|?~YZYl6PQ~$4X?cw?(#Pd-&#Tj5klPhQKQu+M$0c2w-iffi;GeA zMQ}nFJLjaC1Ni}St~p>2mpUC#94|*lkcbBE6~P@p z2O=1(gfLS~2ymHVBog2}#fUG`bRC4op;?gAZwAfXtlL5j_hR(oSqZKS-jAZxBDJbY z+c_r}RMti%P*Aw<$ly_3B4AxdYSxCz-Q&l=b$j9_GM&r>zt=%=SCeXnl;d)^WDpS# zR}Ck)+3LILot=$J=TUZf3&^+zlqEl4?@2Oo)84&QN(TT|L+crornm@gY;mHAI}y7X zj&EkSB;1Q?O^HSwICA6&{Vs}sO(LK{3>vl{G4aoL+ajbX{<$LCA`dc{Fq@d23}NOY zY=g5QWID_uLz%AK&u9!h82`U%Ytx_B$5$ zi<0A*#oeDDwCBMa9HLPj&N?>0bGn%qJ$RJ zgv08+CAdQgHDDT@A!LLDK{L;5@qkL$A>@oW%gY5_8yCqU+DAJINH8q=x+_Q z&yT)V3c7LK_?Nhs`Ij`W3vc=~ef5?4;l>&IiN-~iMb^742QBA3=e!p@`j>StT8UTk zNlB7l;{OuAfHcs-0+ibL1;yhRC4uMP@_B4NpGWX{K<5OHk1_bACbD(UATu^MVb@-R z-^L+-6M0E7VWJo3IFCbnXn*3D$TB1&2^T4P^WG9Nj?5xU2}=%;RFsU@?@DwiXy>Ic zRZ^8Mm9(@*&zjqvS9@qp*eh!9))}XXYqvQI}V?lJmbDc>#Rplez&9I*@IixjPDGR z92q~)IzW{c3=Tu7VU>X`HIFjS_cB8rw@A}%6CLvm3vH_mb+)^_PZ>l`W}3h# zbUMAk$ZBxVpvP1|3jEkhm`)lPaDJm+Z)aTx$X4VgQ_i=mx7l9{eR&;+DLx(23VOP67Tx_$5i_wHpw1WI1+2H1= zAQN%~Edt4bBHAlzQ-F=2ewQ`WA9qc&?Wue_l`V2Sjtx@c~-M!_} zmf`XYW};@IFx@gyo-54rtrS-IP6!`3%o;H0#&kI-2dHJ6GyIBSuz`RodGYaaRCZv* zTF&p~Qv5ap#M>gE$$Qi0NUH3BV@i@lr1}mb6_y`I6tToP&N<7u)X6%VNa~(&TQqBF zmsFeSswSHqZD|(^HCdo(YV-o$2J)~_{}xO^W~q?cE4E!DHRkdjSBJhcM)n+WGwFG7 zN@MG7$5wn1JNwvO-|YCTwQ$fq17~l2;`T+)vcrtibINmi{P^jFs@Ol?uWPvj_s5Iz z_E)wYy7F1{*~+HJAKJN-#+313wGQqXu-R(Gc-Vkh_#*5*x{YmGLb+f~arwoTfzl-!?I=5;zCU7)Bpf}} z24GP|CKnH(Ni?u*kU<)!}vQDq)#!g?^Rc zZs$AZ*Q}Nl=v06&G}yHn@bud*7uVkh?c&R1DYBDuWAjawqo z?3Olf)TRyzm6%-vH1m&~@v6HY?1>bql?PM(Ziy7%T) zGp4S*Yx0yeUHjG#TefY-olBo#yqOP8-+b!y=E)Ccb~wD|U>srGy#5tDeCmqj<0htTkYwKHXU-Y*po%%XRnZp445?K^loeVxd?jjua<}d&MtBjZQRb=ruLPJkJ?f-E$(%v4UJN zt2Sd9LL9FtX2l|1S1y|^VTsIQc8jUKNyU(2wW`S#jiartEm9)WQX7e+H>pXZ*){DA zy_$3#X-m7>Tiu>~!TnaFFWGMFt8@*DqF>L{0=?#VMj+fvWHjt#$mrcf;Sb=!KnMnd z^L-9KC$q#Ou*E9no~NN%C-i$U^)kqv?I~}8m&?=EsAwFZ^Cxo^DBNke~DVVl^OSFK0PG*>59(e?r!(3Yn&PU<;#pNxu z3IC=A80XVJw%e6_249IYZp$|1<_XmbJ8Fq_A3*zr5tIBFjZS6 ztzqh=H@VmNX6b^Y6Szt|k_?un>Kde<^*yZLotdjLhn7aE8{;ae|*`_$E@VXpx}*Rw0;>16T)6K&M#rGMc1eh7M+rvZq<5 z9{RrtV?{Su->f;UXX^D>Pq!tL=BS1&)zoT;=04Mjj}rRfh7bI?;Lbg62@KIyQtW9d zIa^E<^A?(x0v%Z0$rWzn`Va{stEIz-jfW4f<`N~SQ2z$qu>KAHA)_lASra2@4nUrQ z;=fWWuEeuzqCrS#gG_+21{gZB!I0edNX2K*wf;0<#!}$ zwN{HiD=RY-`I7t~rDVU~j09JRAD$M{dpacfWmO5I;cjCSN=V0qFO|2nCpqu|A5;uB z6UjEyQCOTH=@9O7&4FuJxRC^Lpi3gf2?c>fb}6J@iqh>tA-~Sw9Awa>R81h$lfdV6F-!m(n446KRwUJ37`rnfnELDVjEH1HnDtuyddBN#wNl8`4~1lmu_xIXk_9Zd{S(HvjUQ1{ zj+VERC9^Xzb{(Zd0C+Zb@@z0A6{KTH&F#WEH6iM?iQQ(Qew%GP)IIjRf7*$A z9r_e^==O5%q5HOfHFoCtRZo6NNavp}zk+Xl{~R8%>&)97H*a_%_S3yD#lEdO2%hwD zu))!wBPNi~3MC{b<6c6d78?WEmR5^uSVbn zPGAL=ce^|;!s|r6Xb>6R?yxzm4uW=v9Zm<3 zK>{k07UZFjBjHYU+gbO1x`s*7jC|E%zxa}vXSiO&;k>XpZt@Rbjl72JUx zv6AOwh8?se+n^;Yp(R?>U&&HivR;F)HU=8P#Yxf-TpjaH zzmWm*r^Pswo|XzeAKH>$1uZzFfv#p-4v zLyu6_3#!qZ4SIbZpWDaq`jC`n4<(0$G&U4Wa~YBX$YHVu;AERs*1%Q@mlnW29q5S7 z4B*!W0w|RMKs4b5U7;~J-2S3k16GosX1>l!98OIq0%k&o)om6Q45iS_3?MVt$Bu3O zIJT*A4<7u^b}KO&_1Ya~h{K-Jerk zTRvpPpf#Hg$9}CHUx>}LC%1y_q^LSImFCc3@>Y8u%lNh8X7QLvM2--h0LCC|G<>wy zfDJ^K=umZ93(f_-k_}jf^sCBHZD6}qy28;KNZnQAie4&KlXuWCpv$U-;czY;QHDV0BE!ylxZD%$ ziAvQq^cq{SyA~pAw6bP)aci`_pXfjYRn%Pb%ZF&Rg0>dMzh=g(5vp8~CXp%pTr!Ve zV_0M6wFKC&M+vZglU5rNMIoe%%2q5}73*MYm6f&P5bAH)r(Uo{iq>3eQ5jlGOG(>w z0QHOo`EW5crwn!5si~gOcY4O5%2)1uLM}uXcDh(P& z(?nJ&I-T6+$hN7x1+s;j7RtD(DHT&SD=wxVuwKep=*T3LE_I|xBS^(UF>n+Ya1<|a zl>LZ}e_T|lhA8z#M~KYY6u6TP?g&diDc%U^&*%FbP<2FjdZRi^L`bnkSj85hH@-Iw zs`g0uk5?r%Z(K7wifTYOBX=nGs#D-FI;(uoc}Jy zw)GyHrOxW*Dtb)73OOWDCf`J!QH&bGw7F9Ln(%c#n(*KWr3~2ND({10{=5TDd4vqxcYcnAxb=C~RY%(eM^xG8%I@0v$^Py}^*f2~ZXELrp`m0+dt`w4zRD zFc^&z611esQfncW17sUA;Lf`_S!lwY6;ZDhWktVKhjjnOlm}^O~I*Z=^20pJc*wsr^ z1`7ok*B?~%&qyD?jD+|J;PNL_rrN(j563c86*0tr-DMQ%-nKEu5B3Ej#ts2>oN-@a z#Mq@!t?umzd)vkm!ZlscDr+*@iimkbh^AmPEyQ+tb?42r-G}{j*>>0$5}@^ z$GJv&MtRpdA10F9&oCChPHPX*wFI8pB%EXlQCYct*V5W3<+ayNX#uIVN+{5Ur4&z% z*o6|x?SjmC1ZXXqfY;!Hw{h8Xjj??%AB`Q@_6AP+=o9Q+`0c&##y%o%;hFfcL$Rkm zJssP;_YFMyFR_2bj^aG*-Gg=a#m=Dwr)68A{|(56Mk)D|%rk7HztrD0MjB&db$UOT zAac4AY|9c7JhBJFpT}ir^AYZAQ=6LTrSg`mY%39l+j1GFA1F8p1k6ys%1}w>hVolB zRQ?!yGqwibe(>?=fX*vocX0=dmPz|&z7%V1eV)PVmX2L+H$Y1(;`eYrLZ8@C2DT_0 z#)US8h}%_YCpsUSObL@M*%supxQ@>3)t4RH1iMY$2diqI_Xc4iT`j#p}wxZzS88m~y%G9MmD1fCA&et~(PV^N z4i52e-RUAA9nzug4DVY`~>& zQvJEL_58M(&w<*UjD3l{pH3Y+X3}HP@ao9zW18{UQz!An1FyuMI<+@;`tI!Lqd2k~ zi}%GoiowaTchkGMp?9``AAuwjv?v7+P)rt`5nBp;qmw5KGm}|MQ~b+47Ed0O7xtv2 z=b7ntQhJ`$R+`#MIR5dTq)_5GoG-PN^tdtyDrv@kzJBsB-B{mD-)!vy<3iI)agFIg z!*)}X=^NwMCdsJR%Vv|!Y&MxqdacDv0v?CRTg;L{&$+Z(htuQsJDn(yqH46uWilBB zf5`YKAC*(9Q)^S1)D%~nW(R5XZ%-tkE8J&YEp02O+7z4)bw#q(Ny@|=C3kgFz3r8l z4-y5%6fsF%&6cjz``{YY$s56mdE5~*xH$`ajEXNJLCBX_?<;>9WT!qF(7{N(1=?{bqw_X0&iKlao~eb#&Wm=gWg#9=!vAX z)PeJ2HMsMNbwxT&>pUj6aABXR>YVo2_}A?Bkn!Z8nDXcZW&%5hnai?i>G@2=*Nf?^ z8IV+(+&i@_eHc@z8JjdJ<1VW)!w^a(sZ4rWfhjN8JFPT(v^+96BJCF4bi)keWZNXy zLfs<6BGVFSUh15*RZN}kE<>H^ZfRxe^0W1pyL9NKYIlY&oYF^X{jl& z57Inu$MxW2S{$gOgk?M!SK(@0k9lCZ4N6)^zu&=d{*GF2$kR_7LYX+z(QOsiO}WmtNY{@Q(8*BvT%^NpW~aLD4Y!TJ)qoLM3;iUwOIrq=nywD6tFxhPqX>4J z)4@8`-k^pS8vCMQ+#5?~Jv(gh*lw{~hD@7s$KUUN^0!so0n?7{4O=2b_+&-xqE(k4 zdp-8^!}ufV*1JdDFsFCvl%R8bxbVqIvtF4v?VV-Dwf8I=GblHAMn<>2^XDC%GxuA# zhaB+A2h`ENL5hJReh?2*AG^>tkvV(h#Gu=Yyo^aUom0SgFHR&&a8%g$aKa-~)sNp@rocLAV0S=Z z&ttm@Wo$oTzUgW18YceU_cF>0rb zfUZx9(li)SkVKeM0|ZzJhSVbw-qb8aO-Rga)uD;8%OAWO`@Q;5pB+n1?Bfnx+4WiM z%9HnC!?(XAgPzIAGX6tkGRrKM!b2v)ut30h4aiE=>GfKJ(PYxwtQL#i;dHqm>J{(dkV~ee z-eRVuGTIKD5b`eq#L%Yx<1#_;+g&!h-DS~hwSKz=sur`}WRfMbO_IzOtzK~1Ig?oe zz2fY8j&VsQNM;3rfS-0*EM_wjJWi)a>Z!#;kc{+zcK9fW!$bDTbfD1fZo+GKwfSt1 zySx?ndaK9X>Ka%&srUJ-p1Yl|Q@7o=^tFAYx%^u8etiL+n6BkK3{ZTyy>=}?-DbZnRuruqA4r|K@jId{qUg4A?wGU_04zwmZ&}xCgnhP|Z4qjvYczdlbe%k@ z&*dlEEu$~=x0Q@iGQml@u|r2PEt%FLT*wp&McN`mS7W}V&?;K2G#$54Ft+93hPLwB z++2BsCg*Z{`hFX}O-Dj(rY1v|Weiyg*selX9sR`{h2d;e7^@p?9B!F{C$ZCo8MZ4Y5MnhL z^m-&@+p!(ANY*QQqHn_EUX;apu~}rqCfu}lT$@cdDI(vfNQ0%L5+lJ$iYOzu&3-6A zZ8|*gBGs*^>zunK+7g9|s$S9S^lLSDohs1<4)8LWsP+^Khp#OX+H*KTl-q|0!YV<~ z(JaRu!IT`hyb%i>FZV{QiGpp4f3wdU5mLMny7GIskLHKXO0q9v1tP(~$6$0gi>(%i zv%3Jirt6VpIxrb< zKe_l1=hLpWT2dI(e~raq!Op#K`tjCQ621^ypB(6HkJXba?fk6tt8rx>T+FSSf=Fn*m?} zWfZc+Y$H1rPvxiTKId7gKD?mO^1PO3w6dtPiK32Ycr7Cn44xnJdL54;#A00&aVuI; z1Py|KYiuGeMXT2iRm576fR5}{3_6`&M$FJbWWA~@dv{|RbzS=m#y0)9MB{D?od%`F zc^Y?%pn$udu5gE}ya*fV(3icj!$_erJXx3)p08i6e^dXP;kU54 zFwcltDLXaK*(G3ejmw;sNiu!e#uDRt<0fO=$Zaz2H2!2{j7A^hY$DGp4%Y)VpHG8I z)5R`6MwdBW8jsQfsZC^zBBd*IS)Clp3GEDVq0SN2X8ggtoJezoY>wcFGtHHfo%%9= zlqbo22~YUWMRe5wT|59moUZ;aZasI7a+kC1OYGoiO=1W?^2dBG9hy&YKU<8rx;&w5d;ol9rDsdv4{xWdm(SgC{jjytQNZ${JVA+WyM;ew`Lv zxV*A^5&kU0CuNjp-&i$fQ1{!Q2UkH4(lH;pzW0RkJm&PKR4$(@<+zgMhGdeQoZ`#% z-QcTEu21H>T8kaUo&k;lo~RHtRG6ZUn>^EnTMSc8w>ob1G$)_bpK_jZe`)=}`Gfnb zq%+C!WVg&^o3d>=T!~5H2ABqOletq#zp%ecddY5Nd4jw?@DQTiXVke;kLj?aQ*>3j zS{bOxCFAB$i*KGQgR*UdX?l-S?@d~gQI8*%Ua=bxH4|9S2} z>o4mEt$%Ay?5Eg?$MD9NN31>a_OaKFfM*&U|AuJ+t@ofKN*}ErC;NI?dpU<$hdHaP zRn9+=KQWIOwn|$)dcoipr;};SbZ(x$+E8nFTEADjPu#25JM^pcUlGQbGR`#1wA93y zFjdyRIqK{{6{<${Xfry4ER*eSP-S zqZ*v7DbWy3XK&tNmGjroB`&ku9)#Qv1`d>?W%k9E+3mAU=18^#DNyumd&+~IiDhJY z>VoO3d5-#wN%5|vpI$f>`^W5W@7nQc@=o{C(QBUFx?=i0c%}2jqc{nR&ttM|=N9jb zTV6eW;?SL-S!E!l(`~cpCzR(z!Wz;Hd4}EwF5i~#8%2hTLv6!+Q^-Val6Hcv%GaFy z0r#QxGxs^`IonUp@7?EA4RRzWhdos7`g^DjYC4frLnlX9l5glwN)2VUzP?f7NW&Dv zIsR+M@A#ro!gj`}lT4slI*l2DYB4%jE=Fl)Q<@|lGh@lDn5)dSX4X8{lKQgdsOGdL zu3@R{25A_L+n+bMO|i=9P`~m1a+3SqcFCjZZ0YLm?CWVM_w@7) zv5a*O^^Ld8^o;i{;1}30kxMQKIk3s#bPjgVgp6_cO!d-ciAWOb^@$op6;F#Fu!3?q z6_qz=)3fp#4A|gFrqeBHp*&hDNz^kY<77v!l&Vouv+}MHS(`0}%UjP5lxiUE)r8fY zuC;ApRdH)gaogIYHgZ!lyIt85Lzp&AKuz>;Kwa6$GdCUR@Zjw2`9 zqxfxFY;tG2bKHu%+WjZ}qlWDU!DGlUG`O4Htef6lh9@~MNiZ;alTXBU61G`chDYKi z8@9!*3hPW`5kod$b!>Z2=b}7yj9c_2=hefto^-hn;sYpvE@2VTupbT6)$2h1AkAxu zCc-{l#~v{!=5%e6nb&G~0YZwTwRn-4H+eD8sjOwoa2OP8cCI;?pPQdoNJkvN4yhU1 z={n)vn>JZJ%jXXm>n-XswD-}Y%p>b+X5^KPvOFf1Ro%Sq%4E=?8)8G4??8v>8oUci zl}^XmI_T1D19YV}UYq1j>YxkRIs_xS0$V>_nQf$|LN`_SyZDRU*eTc{y+^P|`hfKM z4x2k@3IYY0B^}CiWr5Pn;ep|q(=-zT6Edqh)OI+P{!QS=;7{phr-QdQkzI`$KC4Fc zV3Le-RR2|rn$a;twQGselk@pZVrhy`FFNeGX}MyW%XQ3&C8y%7a@IOo=Ufv`Ln+Cr zFPn~;U;Ez_CbKAU;%TFA*ebzOSRU9!ey#Pb_Ixp3=ycOP8z^rTNV|K+=fpI)+f z+m1yGwpDnBq;;7%y0Bp_F8=HxjMqI>du95sM;AQDWWCq?@;k4-_A2!LYJ`|?)UlFX z`;mh#F1I`L(%5{alsRBv)u#Ybo$frRVAh*$42O})$7yUjQJk0VE^(&$C!G(B5aTtL^a+b#5hmG4T{k zaUup%im9rbkvD46jJ)294FV_{qQrd}3P%&u;)x~x=Ac=X3U4>BZoH#;{tNvZ=gk;= zcQJ&)zi)_ceYABP*|PffVfQR)eF=1I4VYN5I#;eiOO)s!ZM}B0wn5vhJ*~Z<)gW!M zwpv@O-PE@0j5e+nleG}5G%R6&ci#c*p5s}O*Q9ZX-NbHY8`x&{49hpO7g&N=nLP$u zEIUwWzr)$;qpI}Iu6;-~+O~cW?qW@2V3EILY^n#lhul!FH>8PTy$&bqN_2yC zjLvPf?FjT~S4egJ#z2YYd^M<~TpgOXv<=NC1`={}S4%=-iH}i`Od&xMy;y71cu}Gg z=%Zn|cAR+Tf{u34b?vJfV^dQKk_!tOb9+A6m;Ls=_kO$mVPoG7?AXhj50_7*-VNl> z{Ho5mzoU3G{78PZmN6NA<}UHf2lkW`6rX?oiMd*1}z|g-O9YNCRkjOS+ z({3(BfI2=vXZH+&K3Gx-m>tAn{U?W4JE={AICXM~QX zvF)?)>NB{|141#QV&cIKMbvgkifDzTq+&Y3zB`G|vwyH#R*PMMw#PHn`P3TJmVon+ zR|nMT$lVTFe7;*!XXl|%xAbbUOV>Uhi`!=REuXPiusPsrHe0a@@U2U`UG&R8?D8f~ z$I(iatg2J@YUZo~g~rc*8=H<_{yes2DRbFN)D85toA+6sp?2Za?B6 zC>0hZ7NF$iC(4}8i8Arjc(alQUdhBIbDOx+96Jc$0>>nC)m$wX=UDJ6B4HAahW?W3 za6Ax!HX+;$G?ZN9b=a#m84f3`Qgyzw)jOegu)MKtl?r%9J_L~{h+f-|w2+wh)EU4t zo@LK!zi^(DxevKZGI0uWQ0wx_T80VweZ1YL0~5r2(BqcGV`;cPZF3q)16wqv)vFJe zMfbYW>b=+tHN}lcZZHiWLzwbql8mUfFvy*n)`S=A`NL2lM`%4ubMTANR&|I5(gJni zMoB`I%+709Tp9H?YsjWId$Gk}Z+DmKBX{&+9d#1GsjjnEeWn_mul1f=x;#C7{)5SP zy!H6AdxB$oRNvoNF>%1Mu59Rmf#YtjIIweHYdU%CmT_Gl*xLFa*}Y)F;79IlJ=qpV z&V#fZ=pDt%F}#&*lbWQjn6IrDm`hfkr8e6c1h`Pb4@t*dXIya?D+@NG&0&Fnf_aBQ zG#K^9RGk`CbQu1016^uI(x~FP;KaQJa2sEQM>^es z>Gim^`Hc(kHg}je!lldXS{Q^iW~;mh_}sUfE%7lx4b`}?d~h=o z;cmUT7r1!6J8RgSE;XK61Pt~;GF}v2|28NoE??lmhDVXTNHif$=62pC`#sZTkMjW_ZM$H3hhbT+T)&%o{%!U%+AyF zt1MSDPlAxOas3X57We9)n(GbB>Ph%s?t|?+?$8HM`WHF(kq70!2;buFeI`bTW7OoC z&Sadup}NO#^K)zStH~Ux+4qotX)AAQ`!(uCqebIh`cn7y>G2cO!IS;nMpK?bY|f_@ z3QEI`#NS8KahAJzZl<(JlH*1H`K{+6W+uY0i2%oDctsp$FKpXK7I zH=g!Jti;R5f-e>_3lm;Z)va}=!_X`}wT$@6@KPkZ@ktgn>h#b%(iBQrDS**IZtUnG>oxd+SM`|p)4f;j;U~n&(+d3XgiKR{xgxA!X!PjdLt%SLo~-rHD_)2dsZO6&Qjm3+-sDEpnf|VxrY>`mlE)b-PIWiFQdmc4r>q>V z;7EN>+&fa>~AZ z_GbDrh`8bT)g|U{l%MNU(1GxC_r@mbNxi@V(;@9AYWDDR{npEh5{u@C^VA=jpY+%C z?BbKYNQy5+WygC}=8FIV>8brB)y`>D0DDnn{weR&gl9dj&EE$DMSEgQAUFmquPi~| zvt!Xg<;d~hmSkkyWA{8CGv-dsxCea0Ts|imXPDfaBHVMHe2b3NRYl`DGc-J8yobQf znoG~m?c{rI%ZP%^Qdz7QE}cG-$htfaZKs<|J=5>KZvf{6`c=Muv>rQevA^9Es2Uuh_-2IVefkLbI^Ubv zPpFE`i{?o&(ql#V)a5_Pu=E2|7fA~nMGwlQ7pAMt;rqg(L(4cYGDOx8U>Lm+hq4O$ z)?*>Cu5`XFJZg_i()sC^GHc5sT+_xuN67tUG@@TX21a`zYR%ukkK!drm05{D{Uj=p zF0vW|wIRVsV!OB{Xltzt(V{hu<|ux-0!T=b5WmZyS=>DgM3EtUhTq;$J@GIQNoR!0 zIyvB5PAD1U9hYqC9bB=Zh(-f+L{~*kpYVpZ*{^W@ObH``#dk{kH3NSfj8}l`32@?B z+U|sKDrae*a$e(XA-V2sSD={=lxeu%mX;(qlimg>FdJH8cOKSSEtj~j$>!FP4Bt_I zNFY~>lolJLfk8;Sa2OH$&1pktraxNxPbj5Dm^|K@59Oa_>QhmR}Uu}LM%#R^K(#XYT9r52*wyW~68yUxiSD(OuLepopnfs4} zVq9yo=xf5rWD&HlhO4`eN>XrmSxgEwu%fWgyUMnKnge2ML+FQ$sG#<{drop$Exg$KWHc6g$_ zFTdP*dg;LH-`$sh#PII7GKB%90f`M+4jJ%kuJ44fShqmNu-^rXiP5NKykrA;cu)Jg z_&*`yhi2eZ+6XxMsVA@+1U}vG5yFX59Z)M@m>)&yhlG5(-6K4`AX?o`ezhq>v*v|e znC(2j{mdmbvfodw9R266wikW&OB7B8kg+w1$Ae~!fMM0U(N>({^1DQaeoHkMf)NscLX(%YM_)Q1S0A}pa$w_mPEIZ9Au~n z7iKtQUZ#ERsJynC-ykqkSf>fD<7-rG#T6k3yY$yph`FlhWqadXpx=iC4<+3SUH!g> zI>X+ldSltkv=G5X?%DZs{+O-}0UO(+J%OP-zAncvQrer8o>xX{=N!|%qkS-l z>t*AgE%~?U{=Vq}Pj$9Hlkd|c{Xr7EmH0P8B|%+>u9^w$RL>D7QG|rrWhqo6*-{{m zg(<+&opQZosq(_7ypeHz*t~q(EKE$-JfFp+h)Vo>6maa;2U$H7-9%}7T@8@R~uHI z$Mb8OxQl6#?bnbC-=~MW;E3Q+{dJ-4nQfjr<7d?imY*FDZ{dO!`j<*N`K-_~1Q9f> z*TJm?$*j;U&_D#(h@Z6XlB%pI;;|B+j01rtmN>;VQM$bZ6zOmv4r`M(V-szSQ_gDG zrY>GPG-G5pQZ+~X<4}0cAr)gIZo;_ZeBV%Qa>ZqC&b3?@`c=jwLA21b?_Cr`)BQ)( zhQH|7=+S4_g$Z+l3DS|^>YTU(1DqW>sEp31A6$X`Q7#IG2L2@YKS?~0W#jD09IsKl zW&LiI+C7V!K(y9&psyIhht_k%sY_y>z8Gs*KQxo$11BKI>h)qNLD!m-O z4>ut`ABB^d!-yosN3vZDN+YMyB^AA}jzIYz#4ocLb;Pw{gjlKdEm)Q}g0y~Cl4&}G zKl<9jvrvpQ#=l_LQW(h32OxrZ*1Oln{4h2q&bC=L8)PYasT{cy_jQ{@whj6jeLO!| zw@X1%peZYkeiRK=T6Xt$2>8_rO${G#bZ%GOpB|)(H9sh$!~luka}1G0xk_U7&WcoJ zdL4%-C8wcXzWciYtDzbOL4a*N*g<6Z=V4d%XV3~pq5kc5xMoROMqP)U<<9++rAYAH z(Zt!O+;K!v^$bPad)~DwL_TT-xKhX1+-HSsZQf-WwCC|}%YwC$h`Lx8c(sbUhpcbM zA#xYvSL?h)mV11Dc|VjMC?E*#Qp+~&sSG;*yc>P8OZp+SH(P;Sqln^Yi2XEt85Zih zUvOn_-+ZF+@+q1v?V##xXJKQ^FT<+%5i5AmrG6|t;(%QEMVqU7hU!_=I4^EAJ7B$0eV{cBULD7%U4Sg@A<>2QqGpMIwc@9#YPwlj z9@Fo3ZbzSy1D)`Sg#FK3ccKI?iBUH}i<(Lz!rX9zB;39Tk!>4M`4y>itAm>&NjZ8G zZ+oOZIX<#?*#0LKZ8Bo=OeX7;;cF8sOm}goMlJd4+w0dDqu*HgdNSCCEbnV&mHyBu z#G2nwdxZH6Q$|-sC+`}c4k%P7ui3=9tn#zqZ^EV}s8Pj;tyiYj+EU`DDERkxuP$g4 zs77Z)AXp7(sjg62RLb$OD#w~E>s@PnNpgi&)CesKJS-PG=#)E1LtF-40yFE}Xwn&o z5P0`GTB^d%oZ*BzaxP&8MsT7kEgFBe->*#Fy40lXv-$~1Hu^%LaJpIEeR)TL!lmPn z+D-E7mp?1CGOs_fJO3OtNJL_OReI`?;2lnqdFgSltX&bas#1pr}B^FUVGPCb{3> z*6vQDl0-!EHkE$+dxPxq0$nmHgH*yVKbeX-aimA3w2K^|c!#NF+p{@b)jJk|Bu5Xe zjapmL&0;~8y0CYJwoR?)AM^#9?Cr$x;wjVr5RA@F3^Re3Mbmku4&D-Fwo4ceWP+UR z{COCVVEj!|?o80XR=jMmT8R#*z?ucw5{zysjQex7b>%E0N=Kf#XvY~#(D=J#HRI%l zU*Xw+dXvMXxgPG`HrNrKA4b_9Q1G{xFWqnK{A}ZZrrYzaN2+X*y*plF^Q50ZxRMrpcpr~s$g#1 zi6%VMUC5_`U3R8dNhfjQ!rV=KD9CA-WRfexUr1%&p&JIy+G%kcbO8l9daEz_;3>%| z=0KJRr(a_UNclo(;o~ANwYRv$^Vp=$O-Th`_P%6Ve#X|K4C_Qkc?!ALr_M}2+Wc9)Hr#RB>}ul z;H#?BTgF>6F=xbVB-cgYY+J{g!O_M?h2F+Oke9-u;A8l<0oYHilqf+k0 zW4G=InkRNm#8Hxj*ABQuxfASo^F{5|KpG$+lD?h7C-*>gQ_P=S#C1`fFI-HBClL@R z@xPx7ca1!u#b)^+K1>=l6N4&SFkwyrL0X!k(}~LpB^<&guQ)>|IRo6B<2*F53E9U4 zD#iJ*GJWVr9(oIk85gS0NUS+42Z@1H0U;KFfq9)4aw63^Gk5|Q{;@S1Q27)gL$-_L z{}r-5Y2x5FWNumoQgc@|0U?{SJ}wuDCysN@hhPd=h2{{##+?#Z)oAfZ>2NP(xKG#M ztG_?QI(Ue7T{_Saf?l_>HgInf^?!#$_yw?0;r5`p(BsY}e_uBb@!QS=o188r<)WNV2=E#N{^k3q|d*um6l`iSvDq56rGYzVq*JG*|Zu15lg(c zMpi4QUEgP*RX%xwz8s*778icd9}og8%6h_L!BX3H- zb|6h)Kf`Ar`o!dp-I*FA19WQw6~gD@u>BeFFl_oyL0@K6Pa=fxU=M#F<`)$gr_hr* zcj-c4Hn0>Bl<4R{gCeu>C_%sgTD5qqyqwwsc2G=!im9Z!N0Yjor6shxynL3|5Es?2 ziI5_ym|+J>LE<{Q99QNU)yoKfUMuTVNo+L!Pr$GOeA*cW#c*t~TZ1o%Mjfte~EO6X?<}%9kP{ zBAz&s)tg1Ibn!_u#dk<BaFCm5Oq1c3}a?GoNb86}tc2pCSc6x8Pi8eX52*8$%1V zF7X94@{x}_VQ5CZ?ZRfB<(2uZeM3YjY%0Q^{^N^ZaGO~haw9Mh<43Opz1xB4-tF4( z{6OlN+26&s*4I=V#Zd+I3cBhA1#~k!UiJENh#D@kn~M3)Ld9;=-r0F9@k#12G78e= zf4_Xz&-@27vswQB9?scFP6Af*j0_s2e<1yr$)O?dZaI7R_wVobgDUPtOPcBn+e({C z+nTD{JhJkKnDcQoT#A>MzuK06D~Jr_%#25z)tFEOX?)yXaEv2KIRC&076s*Q@*nu{ zM_AP6&=H{o6NaIo&TOPh6BDnk5i_-|Z7oLywV$s?t)EBDpGTeSyDa8&W(5T;2L;I( z|5(sGXhW>#lCthW;nL^g;`*?Cw#Dp8`ae9^W~JI4=OV2k!jJOoTn%$G*lFW3Eisj% z)QL^Mtgk;2hkKQez9jgs_ub$=jAt$g_}RKOsLRQJq#owyHT7LgJSK|O@4NR~CAT@$ zb4<2PIH(JrKPdm>HJ8sej!X{}8KrKxZdZITQFL^#GDsG#)5QosTLb&~axB-*c1Ceu>3yXXS!#raUESV|AtWTIZ-ZqZEVdJ{ZETZ3C7CClN1n~+CAL3a(#Q9&G zL4niS?LTYamCiNqz>0GNzD+f}50NKXNwbA?~5p0gZ$XELj8lxooL` z3kX5f$At7)Q%H(vE|Y=Izj&lbI_yKjDk;qsUB}Ik0))6yxR6dd6O53zB^kR8mM_lVXTXZX3YI z?MD8_$|>!94gEvfL}-TUmn@hBpH}WIG>swems4(7#?p!l)ssN&r%PTk@i){rUn$?9 z^Uvmo>k1A65D$*bG>M8CY@e0+koJE7Su*~QK>_*^ME=gT?0n!;yeq zAK=j#_$diS4{|VOhQcA4?Ydj0T3~sPMuc($hFDncEx>!?-cK~6=Jg^@q~Z0Tiv{K# z%fl{@Gpt!cM*5dDlp$0H>h#*~N-nmPbG1CpK(@y})^UaWw|yqXqvEP#QgdLjz{u$V z`7*yFvUqIYqo>q~hSv$ks1JHLaB`KZ%b{o;?)&elWx1aoG12mru44wi=O|sb2mf=V zcz~2l-|e>*Ri*KmDgQV&UBhM-#hn_$V(}X9$_F#h=Z?KLY-uIR)r&LO25T&%me&$D z4Z1!DGdEhS35&$aiG}+xr&cIQI!Qa8r}DaSjSB@jojBOhjIV_|o$h} zjcl*7t$uMs+&cAlgVC)KOA`om+URWhmL|Wg2YEp6z#NoXV@xSrUDS2&X=7g-e$Q|z zux|=1GA7dDM2&VKYJPQeFa)I4ifexji^on9&!1%>RCK}VuCq;6)Nk9RG!aBF;te%` za`ykO)NSmHfyjpdQ?&Vy_1z&aKY*Rxk@lB>?nl@~y*~CTf2UF>;XkncbXZmDMDi<3 zQ3?BD3A@yZeoa|?m+~dP%P_6ChAJgLzs|s{A#hG@)sSCXE+wYiih#c``rFfF$8g7! zCjOPapvTWsDJrrMWxlub7$mAGwpMdW560!ao=nMnX7^(U2DxqMM<$C!)Cn;h=~pR} zn93iS_*DtgN9e9Y+Eck&*-faDEL!Hd_BzJUgFI!%Q;EjL%z_v`2uAI`w9h$p4A0(c zcyMeR3Q^xKqxx;;DKzA72@7rJy*_U_QB0-J3Shk!)vwXO|JQ@i(zA zBkeK$v5PPZ&K?z?QaX9I@bb4t9dn}9`2>=|9mE3GFIThZ7+B%DE8gI>Q+;#*Pt)(Z zuTiuKO7H7mqSft|(qb`pASiUes0-W{Obe$V+HSq&9pMByw2_Pn7k0g2e>`Sq{j=FQ z{u`-EC%QA$aH<075#eFK&l9G#>PBSMOC{X!z@ILD*+~6Ri-bZfjag&B^8A6f@vUSuxHL79ddeipD<2(v$Zpw@LZkA?| zTwV#vEqWtlG(71gU7wLw9BTjR$m!lk=$-sC#z7RKKkP&gAsG5|Y-b`{oqK}LFY0>t zV2LpShA}^3ETCtwTAPumUOU0iq}WNz6?3lBBegA~ShAW&)u6+<|n`JYy-y z@8)o(GSPgUF}Ejl0?<4VX*x^zD(q&=Snqd6rWmr9yn9Tzu>R$h>*V^!-U-g`LIO+3 zS*Cz<^6uvp!3OUxU(VSYo4&W~(`Fb7ry3`(;RQxKBK^j^swe%0Wl*cePV5L){ZE{E znaa99PwYcuoF1RsG&ufw&3B)E`KvSN+n-prIFWtc^&}4C_d5hqu(Fims>`mU-Xr7n zay$~wO)9E8VAqne0PaT3!_5FTPxfPNqR)x&jHReXrsEPDAaKx6A$>KY6bn1$>A@ps zzr^2)4dcblNc-{$N^~}%ytWI;&ht?OO6Fw9{DZmm02M=FuF1p;y=HKqZ$jYW+-<_O zt-52*A_uoe4w^Pnj4fyEx3CD#iuC@E`2M58lf8?#m!De{5n2FOEg~3~5ja}c;`g_z(7w4qLE!l5<3mrx@g2Bt*!gp}NVhLNt`?Qd| z{@KSH5beG^vHuTkD0u!qwFP12`aib?iIKPJVMPmi;15hVB41RqnfcB(s|00mE4D_` z8Pi{!l@NH!=>1oY!x9o(W;=C3WRz0T%c5M{{ra3{uB#i)xGvbE*&XHu+T1w#mmXoA z9)cm)eH7K_Cfx&={&`eP2Kn*0=*@K8j_a|w45iD?Sf0u*La+VQ$^xWS{j|US=%?N4 z8X&zMH2SvN^Ey(0nxuMLm&;VswV*Vw-h<=s@+M+yMY27oo-pkV=3h+-l=?=Dd9k5N z-=C0%`B9Er9`M?brYz}a5b0=QWz@*dGGf?6f0M=>%dlf>Q&vro@1a;4lpgr$Jj~x~ zeIb&~CyS2&61=dB8JUcJdc-y|;??1$);Tq`JLUJvft=61|+ zOz7{n-LeC-F{~Tj?xe!}-<8hB`9GB|Zf|1`R(JSjY|0{G>S}3hswVw~MaI<9+`^fR zorjl2-Nne+!@-nA*7lpZ>3{SFkq`$;m>S!gn6d!>8PifWvNAPxX3?}Xake01W94CG z`4?Fr_?w-RnLXH+jFsh!rL&WYDOlXz*1_J+)XtfVm*wAWN66UOI9NIV)4cDC@0$QL zIVo8w00aa80P(Q{-d6zP09a@kSQuznSQuD1I9PZ@G(c5aa+zbOqs3_?Ibeas9E z^>5xF{+SmY?9&?(fZ)Oe)R|0Kn>3lIG_xL-{8QMQMv|KajQaSb_D~D7uEjdOa zx>Kp~l@Gxzg2_HI_9KFtHHg&_0o0y@xk@{#s1l;^<^EUd!W@TCzz(U1#uiEmX)fXx z$0!cG z`inCXHC9XTL1wG~_i;)Ro$(eurH$0?}n<&vmLQyKNG-jyfIo)yCTJ#c|O5x$$}l_YU`zyHfBZdW7ZXP#d!Pc zbhfHmq5=f6GTBjP=M=eo!)T$tC>s!RjP=_vjnaqBu8G=750EefTx&GDI)9*nx5H7kw)zvIW7kc&)A{B+nVKD4NSW>U# z=M(OMHNX1e%6T$<(bD?J?a7ZerO$4($;FN3A3i`1NK?$L9vzZw~=9%@FI=u%9RZK3B{-D)D zgxb8Vq@9FUV*+SfX&aoxFt(qw|B`kVg6<|Yx3+b_W{%$MOVuu$=4mi>aq@=StY1N~ zKX$M*qAFO&UKTfaFxYCfx9$jaM`V{EVWObP=SHEEybpHb8M1rb*SNyYb0i^+%XPe) zdcayOPtwS-$<%s-Nb{m=8+nPSQ_P7C{=P}B*!G&*&=U9iuzsVbx$HjNa4&je;#qX0 zdAmo1WsG*I{f3vdhRv?0YbFi}uZCtNWySeEtns5Yq%iR)4cw%Y2C3>FU-0vFkU>T{}h;zXs4 zbRDi%<$G^_vISJY)^~vFb>xa=eYh%Tbb;5v(vk&-uQ`_P!d&auk!T2DZ7fUia8r%2 zwBPAEyjXlZvJ=q|Hp$$wRgP&)lj<5hgQYeNP^PIsNily2>$n5iiYbohs8Z-;=d^h3 zwkB*UMNpnAH1m}n=Y~Th-|zNYbOpG@D<0%A=cK;1G|d}@r7k$Z6pYL>OYJ5QBb>`^ z^k>J__PG7&xWfovjp`tk8wkK_`)_w10Qd{+sXMB zYOQIL_gP1lgti35@US?FWKR01Q@5ZBIws64d-JZw;T48^*qdWZ=y9?{r}H?|;dt7% z*_zLVu5Ks1lOg6xKCfkh&I)X`hY{_8G@VE5!3o zKAO;0XsnE=`^QK78q|5=7XFAhnR2t=9*nL8 z`iMKkQoq>?6}aKP1FES4>uO@9-PJkt`Zch8Fs-zy?E~HJ1@1L_CKBh>-pFP&RSQm{ zxh~#>G+LB$9L$ay!YO80g6Uo9Nud&*9vWKS0b6s&SPv(+M8DMX)Yzrkmg-hyhg!F4 z2_v1G!}db2gxBB4vjfVFJXTfIYzFTnx z`9aA|;siXxTziHHcNVi6bK#nEJ!8}~p*}hObj8M@E%)l4HxIUkanQ{-*fO_dI81(-qm z=YAAf#wjh#W38#vPg`nL3ik4jE+^0KrX}3@`v0n1Dm{o) zarA!qy&11yu=mBjwde?HE;Ygd(dB)8%AWnrS3O^sG&)5hOReEKA9Rb@)$ z^?^E_b__JDQoXP_AW&~g9h_aQQ&q0t)=F%C+ju?HRH3Z=iREW&SF0wKFNyngT(oNM zfTp>Ddph*B#5+KrFurt?w|hR{dm3n)(=4e;?`WDN?3Plcmk@G!{%1Ghceup$I;*51 zk~oz>Vs+qBp`+hJa&-zdEcls$9_&D0x;BP#`fSjZu~f^M>goCpP_lN&Qx|Fkz)Yk4 z?|=nBztgzV4c<24$cpA;5lw0JH{XErGvb^kQ0V-@x~?S@r3Qap2(yV%rGsA!TW7T~ zt+m8jox@JB$$h37tea55VYb~)|D&jNow`aW9f~c;_M&N3S2<%;`+(y0*pCArnq85D zJT&ZxjE&-GJkebVy8LIUVj zQpx0>hwr)0G}?;xOH7K2`(2pkh$y`Y7i#Qr<%pBbq9{+-LnmDtuZ`<@lP;@M6wM2R znq0ePu~U@`#uGpfp{bht?*PU~^1H7UwfoN@Q|+Fg9DoH({>um zEjFpxj-^g_m5OI>j&hZOlV!7(;O)#50sgACQ!oRzs(Pr(i0bOp6MHVDp?8{`k=C47 zwH0wuwv@f=-Se-|;+|+mNB8py$?~y+2Ht~)h8)eV`Mvx+on%Zp8VQX;4iDit6LK4& zQ2KIInYFapl9nCtm2cR!8v^qJxS(nJ%zE(b8@Q`61{YXJA!{MuI^fcKwycD)(|$PA-lv-b4ddP z0r;8Z;+Mx4Dzl@KM?Ck+WXmz%l-I>S$QeZSOv^{u!fz-7bl7|ZX?`Q!V67vYhA_?1 z>|Vvf5VJq=k>5g@YdE~yB4k=aFIq)j`)z_ezD5^6!q#DMD*l$(RT4+wlt&I*0Q;D} z`H=3F61nRik=GSUhFk&eh7-(28a9)s0V? zrY@J#DLFHBww1*VASy}9uz^AX$K1GN_4rR?KG>2l>PN>r8ZzsW+rR@QXZ`~rOmEHm zB&iFG_{(+j!j^$QO_IRb(_GNbk&-h+TIYoeL;B`vhHn&g3{1kOBbEL&R? zP(qQ`&&_}7$q%qaig}vT{0tX^pm%tLqz5Jh-J=Hi%IChu{h_L&J(E?r-{Vp?Ybv<4 zC-)V`6zjRaYtlbD>ewr-&uAS}Jb7uQ?4Qro2?>p*KI=V;QyeSgY7^v`S;$N=%nc|= zk4G7LvFt7G59Z|;P-7v|ZKakNbqk`KUlJNwE}m)JjatsUG0YTK@bA*qgn=Qd1A)2e z-E}Ix)|v=Hq$+}umDy0@GG0776BwJeVvlC+i_DkeA`qIYUi_ti((8jTJ=6JEIP-Ka*n6Z-3>%|AxBrQ?0iU|Iy+ z4TF0v2?@d|Rm5>MpPfH`^4jm=c*d3?!epr5iWVFJ9<$Iz6)IM4%+7Nca^w|H980}X z^V@P7=x0LMHE@J8)q1rLe8%})jBc_J{J z#jC48$`JJk?B1m4FhSWir`qeyGKi^0R=2M-irjaC+>9pacQHv) z6@`$q#=`jsjl{=NLHyTwS3zovpNMT%oLi%2gI^#ptc%@Qi)Ku_Uw5FyykN%45x6)f zQahaXmT$jpMteK*Ezy*ojv0;qs-j14_L(?yRur&c+X4L;g)imRJvL=Yg9zGb~)UIBsaOR3zvrZkf-AwQ9Xp_)^5ZX>+B8_{61B)KW*ZTSsNF=ASwaw_1I_})lz9( zS?rUF!q$tzmglvCs1dsA7X1?rR<))7RDT&#CDLI|P4d*l<8`%*(r-^R8Y*gG7-q>jw&NwF)}>)PYAep=77n|jUIt87wLEt3`% zc_z&@rZ=VP{`=G7KQ|{dZowHpbF^b*^@x2=LB**q*MO~l10m7wP}z_w`U-7nhcLH4 zKUBG0d12$qk+nshtfiHa&6LbKP1Ru7oYFBp@xNmrp_~&1B`Em%O!G&!v3e!P+0N(2 zG%}6Uwl;N|oO(Avzw?+4{qj$J1eqlENidl(Ur*|?A9K}r#%>Ut#QCLN;~47}WKO4b z>532JT={PDS{dq9^%E2oswM4bCZU5MaF1%_RV-R2?TTvU!ME~3ON;5`i<^(at`#1a znJO6H8Q}htI{%r4FYWB(jdv&GBe_1ZWkROxf_x;gP>L>is(UGZqDa>D##P(S%0yli zz!}M6e0b{^sO^=q{(R4$|9cgaYIBY|W+cNZ{KEGSkHdeZ?Ek_BGF&zFd?P(uI{nnT z@$t4F%P%CA@#VYxE*EBN>+**Z9u~p`yj>%AotL*PnoWx&b9r}MjKRS(t%TrU*Zm%q zy+Y4QcFK^|g{I`TtbaLARDveYj0ElK<;}%|y@^;eIM)9{)c@6|ZBv-$5mQNxd@3U>H^u6y){XmEI?T8OaVNnA;>By zXM$;Pq~stg~yqXg!O+?hA{8a`cH^;%T3lNkxd7J<_Ww6>(8@H>_Of~ z)a%Pld<4m+HFy5>-vN+J^H4GiCUS^H5^Nf zu{=HDk-!3ps1i=8IaQ&-YW0r7^wJI*N0u)+Ik3n7QUU-XtdGaJ=h5uS-J3yxY1Ro; zCUX|=Db?pY?w!2%3t#2G(6iY8yCu^)0anineN~%!=-^(psph)hdL#~Pe-U4s@JUJJ z6LdYUz!0^NfBw_g{HT}@-i}m`<{5>Y2>4%o`e%H$Evr~QVrd!Yy@&0Z=-_(E)3jn+ z9T?2TK4N|X2?9(zp2wW=ekn;=J!G(JSgt=)*EySVsA&_rF2vNGZXJnbmV-To&rqb? zp~ri!xXNj1<*r??p4RLEvGc@h;N-CU;PB{juOEvjD{KDt+&?>AT2B%dw$OXKW4+w6 z-0@bhNnY4wu;-P?1uiMM$wZDKZ)jg}D=GvIrOF*H#OSmdj&vGFXPV?!EnC~uFNKC~ z>n23j|4B;O*jd?10G}1;nikGWL1WW^PIs|PSRZNp@b+#jdlW9cd4v%SL9b* zuj8hN{7i-VQFM4r%W4k0QT(QL0HoVr!MCqI&YZIvGQ^3f>8ir=Z93s`>P;#1FSFE; zbw>rICAI!K=*Exx?%76(&>LXEjnfMrhmVEiyP2_OiuSe{VB@?Mil zqd+#+4Wuea^?HGK!rc%e7LuItxom)N56n)@cVR$X#{uHtOj1V!y#sodDo`c2!JYec z-t@^h2}`!Q_3GRiYw{?ZC<-w#bp#nCE&}M}T1PM>uWJso%H?5YoWTUdzP@fdlwaAnHkYG>2D|$3z z!8PO^8OSCWEMAOgRWGd`8$1MwU{j^q2r_-4f1bBDI7;I=x_b_dDoy}($)5Y0P1bES zUE&gYHPzRzWKPbp-4T55oieYQ}5;m^1&L!i6;7b;!9mWy3j@B z25nWw#bl=>4JNN-@Dz^RGl&TrA{i)9{)h#H_lId)x`1XSu80&Ub_aNOBQL_FWcoDP zN}{Y&n&|1l2{lj#KCIt#efpjpsyWPnifgHwrW-ouTVIOe&c9nV>M>|5Rg8Tt1xf5n zb9IE#kva`vMlqc(6=pDXs{pWMv!~itEHAh{PfVR$iy6p#1k07Ute49Ti3*%h(G@8^o5A|v;le)XCqXT^q2Ws7p-LDH<#eRo{z5|3AQ`$xs zs~*5=?cZ6>%N9##q(aL>Ia5Iiqh~kv8;j&NEawb7H#xuI|9GZuSAMBlGb1gEqxb5? z@14_M71VALNUk!xCBv2Y@LRAv=mvDGuVL+H;24VBoWPmkbG?-0-E@ZD(DA~Q#rAiA zc9S7sJSChuwTcF+^%yQ6#dcis z%26e74urFdNdJjv*Bzc&y?)6G{{gJ^5`X$gOH1|XOg46r7RT5t+73P|wMgCi4S2fh z1zVl)e9QIVd=IEJgqdFC$)n5(;=EE;rZ5T6$X&c=wsit=NJ{PxqN)G@@PCzgOQ(av zS=`|B7RyqY^YS-hFRNW?i>GIo-Nqo}jvBC@9j9HckFZjm(|FXUE4&)<{^FFlfi=DN zI7I=^A)X@Ht4v2cQuhJ^D>dpw2uyO|%ZbzV3>dwZkU*Nb8zfKL>GFhFt^30x!?`)y z;uHr*lcMm+ibeZzA!GnZ-=m{gr2ZXH$fOE#*?-G>TX{=EECE0cAB&%rV!Y*(uH(EE z5&ZgV)!R`l{Sepz5YyRp&Hb^*>m7@Syp=$&i?<{xxpZ&P?7FAfW}N>LeNkz6T^854s`xGJ1(3X(ULJfHgv%$-e2 z@{WV!O}|evXINd9{k|vCXRLFDqi3g2q;HmEwo8Q77S)E9MBSH=bjg0QC9EvT$y ziDFtTE3FDFii(?5RrUZbcI$ofZi!Fyu2JPHi_PQL?*J;%>)C(v2LL2-DW9#FUvPO*Pmhq+ICZ$SYK^P$a=SKfD`_295!``0J9VOTBAK&ZE(u$pmJ1&(+(Z}vj#?f$ z$rPKH#F=e)Td7~@5AmB-u>^ufpN>WiI7SFO@(PNgJUxi9ruaw(s=!Wq;VJYiTria|{g+0GxO|?CI z!8y$LGgYdZO|@sgk0c!B0mLU<^#xb1x%DeM+Sc^@HfS~J=RgVNe5KHDbsxoS!j0)$ z)w_9(v2rGJE+v=TV2V7}m72L>84!REFPZ=c^N?#aN^ z0wDBVmhXQUJt@Bw#;Zebx3nYmVm+k7C_`vs?Cw|G%Z+OY3C(DxHWtU`&{^I6$ECk# zKS|t*eAG&hwXqbUNL6$VES~!)f@UA;bK`S^?Vi}#L`RnK?VGo_bN9lqbz4~ZZQboj z?Lb4QdVEQmTv%#6R@*Y>^jf7XPD1})R2*98=y6fa&Isie#YALyrVDRk43P4lhyxU8 zdcdmH^qR?hRd6{{Q=YiwDsiwb)8SHZ4gkSwmAO(sv2NwN*LO>6Q2g3r^SWPnu4gC; ztyxZLk*4^U<*_JKCG0Nu3^TOD^c{eWM&kGV|G+5D57iA*M>mgx>pc1=3ohb&OwoG zk|ryPQtQ>Cj|yLHym5X?r|~MQwZZN$@s>f>PtVVIjufu{AA!Uyi-R@^Cs;I1XO zyS2C$FAf0$30B;txD+Vv?(R}3^yI#u=X-j8=e*x_z2}^F{}IBqcGjLfYxbU*-^eo1 z;ZUQMaC?jd3Yc>_rAPNUN z-=Wh0&6ec$pqOqap`6zs8wQ&ZlUolJ-DTNopn+R8L>tNrtUDc^Z04!H>!Nci(UVrz zQ`!cuTE{j<5oP7(6;IhzO-Mt$w2J5$YW>vcaFTIX*JE?4N3eO=y-NC7 zJ=^Yye6^kja^TFN=Ovr)XuU?C*lYSI1ItVMjs9GgQ;5CqDpt^4??$l}d z?;i{mgc~1L{s#0x&+85$L!Tvz4wIe0dEfZ@w}7P=kU@>SsKUNZ=MGZk++_^c84N6* zCoSdadO!(OM8D%zv=-(o_gA>&d&ypn1*Wf=i^$nKxdCXe0RW&m2)@f~c9Z+Jl?8Ep-CqTTZyW_^GMRstLtOGrG}bpY~;rimR^v8h#Ks? zr}LB|6MI{sFLvlYJl2aef>6>VDBY;+|Ken>9vLF#GRkDbdI;dFM)@%elNOksA4Y@* zjm#&^%9sNA=q{!u=alC)4!0y2aCak%P0L&Ov{49ydVQ$^3SszhW*|FlbS*%szpo@I zvjZjjjJ!p0TB^0K1Wlcz&iF(nq@1AQM512p{WwQXSf&heifX+XtFw6wA8`>68 z%}~mvJeOY_6yLeNVU-%5rJ6B{HSwIllP6b08%Q%-RPp^Q40xnzkoKijY0fK3%o*TP z3aYxC^HFrME(uObrB`H*o{uyEgCNImW|$W1+~46Ifog~H zA|r*V3LpM^8*gGJuP8e{=`f6UbyK5su_aTonI*OT&GOozP4=zKQ=3T864!HyZ$GVK z2PL5}7)l}5Z~FQZ5a}sECWwl-QH?>zcc`^z6O?FUe^!S!GmJa_2Ds~JhvgO[y* zuSOxSng`-QxSSCE$QTe;L>Nui^y-;UvS1NZ_j+XBCW?o><#8^!?QzY6VQEDcGc~U9 z^5SYdA?m28HK#;Ji5oR6H-s(Wt{}*@a{~9Kq+Kn)!13f*x{VXoe9fP;}JK9fmffA(P z#Dud}qfyh5@ulM7k;E3&rwOr&J<9A^D3YWJ@`;fY-I_(q>cbmbg%m`yX%t@AcG?8q zlmq-XK$id?fSx`fAQz{qA^DMQtOx-l@WD>p%R;9o>9}ECs{DSixWiG4k@P~5R&Zoc znL0O>hZ<#1Dp|#%qKWHj;E^aC6K<1cirFJpC(lYV!(uC+@B8xy^C^dp^qik@=64sG zBZ`mMPSp;`b!y99GB)nz0yYW(54JVd*`$^T5Uo)>nI5~Ig^#R$VvW>xLG9KQw_zpqWH_Q=~NCN)%v-a)LR{X&$Z~0(816A&0YV5V6?;d zWAqB1?xaGWsUwV!LvP5j;3c9FrR5lWtLoTB;c;6f`7!1Tp3>@)ai(E(zR0CTz0$QG z!2>^wYp`^Ua!DrOF}534kWzRb4-zD#l72gry3t=^DcVK|1`Aq_^W374=47DPCv{{j zS!0}ef%*836Q0On|D@^Hjn$&(OC?ucUYEdaxb;aHRgs2Za*lg)j_AdcSLrO?`JHu+ za~`#g{LpPu0X)HpdiZ6T9P5W>2Dm2R5u_N-ah?Ucxi5$}Uvs+uq?k-%Lv_%YOJ`%Z zrS>p;XN;JYcN8+YfilWpG$KA!tS)OJLlHOfRY&R4Z4YjsOzENHgBp%h6cHb!G3YQx znvoMs+*X;3h~kB~W7fN;{B9 zvU-QgXZ`B*Ob$f?hkao8!<16rLB^B3XPJ60lhac=}20exb(q41C4PmLqoYA4B~HK-K)=R$|p| z#;;34F7S^9<$v}I@OUd{Pm$nCcG`8ur9du~BsDMkLpn0_a=o!q@_WN?z#qX>bVi$t ze|q1rRIV%ui1Pc7{GR-g_PF;CLBE2w=T@tEPT*%ff23Vj^vTqpcLp~zx&PN8>^P(X zCp3KV23}psL~&)4>ohP0JVR6gFwph52&zuO6W<6V1;gT36AL%%`4Wj7)0c77Bc$EA zgUf-4wui zoJHYzz8@F~FJT6vh#*2%jk;*u*n8CIf+sPi@Lx+DdHlioX6nSde1nyBcK{`)UZJ8+ndP z!=6jp8KS+Q*j5?n>6sh9E#9Q~Ee6h)#k|T3czh{};^0GqHDz3T%|)J#pR-Z|F)zAJRJJ^3Cw{4m$txq;FCZr^GeqMz zV0$t;lSpK_sbRc_x8zcyM}&*{2Vi4T6z~A-GTGilZWd1f?wRhN$VNEQ9pnv;AkUFD z1%qNUBuXh?%L-UXmRPW3Y!Rq(^W zQrg3KM2IMiM(?D|&63;KGr8%sKN_wL>;)n+i!(85G#Art99ciK%26aQ>xvUHeY^BJ z;HTnfNQvhw(H)5ypyz2@S37=?nyR@RENkwig>R$5cc>d%m^K0Ns1RHmy=RXn-+8#> zsXLl@v~2mRWtGs@!a-w-O+KMUdwNY-UYk!xktPjv)x)2{p_}*>E)Tp`(H_psCk8xV z*iMtGSktACvP~yVv`OF_*=V%QA)x8wyM4@8?{^>iNEh(%8d@7QMYz2R1lGGACP8dy z>Pv0CwLIge+QJtTjmsE0D13Ld48KAKmj?@#}24{K|^=CFtnE?-8 zTD=QzX5LO+Bjd21)Jspgc3hKcCNS0CZ0FRf2m1J!-OVT+&)+p%b*v#_&2$35O zkUDwW4&x&6*8}$5qM&B>9sOve`(@$&zV_B;TH;QeRK`NJw0GB=_QPGjpytOTO|>bx zGstG;cB(Q;GzuGwsdhGp-baUk|4{%$fu!K_pc3Wc);suM5+VI;=R`aZx5-35P+|$d z#3+Vim}8AfDyv9ERxglFR1HE+CxOV^HKnymH6;lrne_UbZ7pK0+*`ecV#&-U)He1` z(o7Jd`^|1J06l5E46h{_chP?QNdI9CesNGyXPi`F^gzD$y1^IqxOYFuM{G!p+pBSO z>$E3F%UCUe%mzOLwo@h=y@<3H4b~B}{Izz*djbQ$643_U1JEYK`@do!{ZES@>}CrV z0Xz$zbDVn}+~Rl_C|;EaaiKI%?3Qn)y+xi6t?t2bPq|&8ei3Y;@uO#%aTaXd$=7l_ z0Bz6Zg0Wxg>ohSu|EHxcgP2mbF>YWOr$tE9Ex47B2>e9800drlK!ouStW$ zzDAt1d}h8BN_G((J(%EYtTD1Py%>&lREYJM0Mw=;4VUC@xWZS!6oc)T>qWknad}#1 zcwQ;M#w`RFnSB@8iynMtE2^l%$#O&-2+xs;pGj!f!yohoXF9=~NXdQNQ1YAUqquEf9=XH?lmZPA6qwgWRDBFf#@o zbF%lRJ>ML}B}>2k=|A<%Q#%X+G%n0fJRX-=_jZ)pu==u&3de#yfozOzfQHoOogp#} za$)kW_zE(yuySY}xN3hCkWDfFMfqa#F5HvBLmhDOo&w@8 zq=u1b_#E=!f3pw%dcyub9w00U2PJia>_B*ui4x9WJ{t3l`7XU*8%n8(`-_Wx{JaAZ zktSO9QHR_cX@wRN!x7%LKrO3k<2=bt>Odh031wz>vnri~$0Ik-PUkgdvZD=j(|(Rc ze!XFaC!hL!h-ZQC_s`GuhB1vDzg=|rZWI>d$}0@-2k<$6KAN+1U1)C>c%2N)N-ZS9Q1z!))nV|1Ga+Ge*?tWc!Zu^_Eh=#T(NO=IQ`fK?hsDI0oUV@=brHc zgUY{nZsjOMkc1xqjsvez6Juniwi_A9@vAqDN>X%@>)bRX;&LcGQVyiUVdjs5jRf=`WjYo^>BYQY)T+~LO0d`PhI^Q^6Iic-v72liT=DJKXvv)-fUhK zdlfs3^`L4$PycYX$QOkH%+x`K?Mo5GMV@^sDopUiz3weO2*fv$zwNoWi*LJc0+*IW zZYE3kEZoIL6=>Q-lfo)LI=RoYnQ*J|{aM|X%(>bH?t%6;goz0P<}M;Z#1oyPirojR znnH2_9vyH&hJE5ZuZaxmX}I+O2$d*e+*sJ%on%eeC{tR#PkrW~ukz$L$|IjiV3WQ7escvXqv6aLL&QT|)c|jJs#D}OX zN0L4_Km6e<@>SSOE=;>C*Vb!-zMs)?v#&5>>2lRqw~D(<9Zt1~8ZA3D1_Z?W)|Z*!2e>p4Sx1-z50C>l{BKD3ylt3WGy>KWE4==|+#+ zdlx*9eU0xAc=YWbdMn5Ck3#!fR>Lnc;k!{7tBSp4QLkf>MO}#!9(P)qe#v{6fq74) zpL=?jIKZGplU)R^_)^CtRk5K_Cuxb*Ds}yPVkS-qyCCL!)y`d$u;%C8Q)EJ%r@?#5 z?VTt9vV_p8v7yWJ*EpKRlmWiA>h#xU!L)S^jqz%tdAM~HyAe?BYkeBibM zu~Gz5r|KlU6>4sTxQtai8F7!*tv7Fe+FkTLB>#)~pnS;JyM|#q+d&p=?2p1OQgE#@ zxsx(y>}(XXFq6xOD(a-0#(%0LdRLL0crgWf4Js!RYqb3z;p}Vx=H4I0mft^RHH#Cm zA#$1tevjThp}O!c{G8FJMZWcQBIfmJ#U+GTM+vd2 zOuqAgQg87xu##;VO?2~uC04zNV%@HYgfVbo{-l8fsMj-rKWyJYKdcYZwW+Fa*%+CR%`?MGe1Vz-L(K?RXb2uwBMrZ(Wn4z zafBJz^EY4|>Tm|X+YLwO{QnwIK;sO2d#BIXS#wL?B12tNn)oK_tX{iQKT!fQ(3Uqm zSrjdd-=WVga{F52So2x6uEQ~$afiYj~&v1#~}j|2;?#C8kl?tE{`& zfBeYm=FbZPb1;YH;c6sS9zWK_Y|8+M47Y!ZBgs;as_09JLhML2?^Jr_Ym}h;`!G3q zt=MXJkO3PhF8=jEw>_QJQ!i|UTc#2 zzO*9Puz;deiA;j;`=2tm%LI?psQ}pi|E2_^y=iAvACFAx``I#r+K!0GbmN!&Gj$*K z;SNj8%|)&#YGXefWUDs9sHTUn{w@`ScUqO}^CQyB{W4|ol$d;B-|?5?lXxyP!o|19 z_&9$0JK!b#Oo~lW=G$36Q(cw86+=-Bj`F{*W_VIV`3Zl8v^lznCb}WzI5*k1BT<0J zO=X77|4ghU&dbL|l3dpcW%ou0tFw{nPV|9y#K$Ybt&Dq(WYoy(8XvkmY>);lh=m4i_MpuScCVNn*_B6ni@=xA7J zQH=49r}{*Hv_fL6*{;Ifgoc|wqE{hgqc93e4W?1-4eRyw-&r^~pR&?3YiQs~iYq1h z#!0lm-dl(`XWZ-->VWWyywbA<)fXp#nMkhabg6l#e*@AdB#$#w61{Zy2|85f%A@e* z%02;s8&Izxh~{E*53p9`fD7{r%Bd*dK6@q`QQno*Md&vM)$Su`vWXI)Z*1#yyhd52 zWkv?_+Vr&pTwb7L3l{HsxLlO0EQuR8ZqZpnvJ%kUq@W-i)0LYS24#m75Z4t`w=~zKZ$muI1dA$L;neJ zD~T$Q}Vx1*KQwnB+j-IqncvtgHTHj|ZVMB*f z{3;Vc5fzKpF`DzZBPe{UbA8o|ymx);5Vjd!XyH%cy7Ni$%7@f|kfeqmHpZD;xHr4l zEwMJ^*6c}7;tuAb9vjuvXKB;&(&5LqSLr!okyx? zOrgSM&y{{5tQ=Q2me&Wuw$q!G)|AvlBZf9gS2UpYU|p86K4mRMYO`R?DSGzpdRWdF zz;Tcoo+?Y(eB@X^kfeo77ybVje*Vn$2OxdUfBxs6e+$u{KLnHnV;6J`jo?#h4JL41 zjBX2To*+WrIYTz)5Rq)el*Z&{mN|y2vG=`l_MlrfW`-0@$;Kj>a^Z&9w^KtlmCKFa ztsArjRm& zDaKt;%~9ktEhij7L>VLp3Ab1xp7mo|2QCB`qtuMc#`XQk(4y~QL&(Nhez_CxE0=t3?plWQN$G4Ov%)Rp504Hxj zYj8bAN+f>+deiE3B418?9vd zA3p(y+BO&)(9}?9=+b^8e6C+3looZO^S%(#{F%=CCF+6t4dCMoFUW}`q7xj&srXUi zrb68StKK;@G=??SXKohAe?B+n=4O~7Q;_N&?<;|thK6;9`uny4u$6%2BdgYY4wbrT z)v|h6Ilj7}sF^>7!KxLDIawzWme7z;ct2ytqp)6NM0ff&qM0a>09(rf zH295N(Ybbwgdvuys6V=1J6#ndq`0>LW%4!g=?isSyxNtzEfxj@TPl@1`6rD@>gERs!k27j6>7F(C)n)dY>j;wvUSp`hr);LQd{;k z(8Jw;R3JEC4Sw@&XJopc&;Al$>rKb4ewpgJdP^lM%|KN7Rx9mdW92|-Xn8QG z)4jh0$j&kgZytoGOI?|fS=}YkDcS|#*aHC1?xH8Oyqi>J4?gpI&erQ-v)3l}*Sq5t zd_IqmuG3C?Y&fSE9OjxLO*pVV!1_{Bcku`-Q7yPyXN2a9c@(=jb%DA*Ftu9xU1 zsP*o}FV?y<{UCFrc%2(z{_%3c>ry9`0!yEiAc3vCwkM;2{lPesh=QZGWi3sHR;sz{=5nIakoc@p1f47@8ms;Fyh8uL(n zU;_Z4IM|#$-2(m%VB7$)syFKYur^@)4M;dm^=B!~ZRs*zyi;87RfEm$3hb-19E~q3 zpeic>Xq4VnI!BYKMS81o{0*2%MYO>ZgJfABPhs$LwLxtEhe4Ke;%+z;x-@kX zKwSMQAD9Ere(Nd>ZTJ}Q^0B{{qmjsz&L!h^&Sp}S1G+GNPm<1tHOHW`IKRU6>VQpO z+=)eFLY0rpw9Ycq(g;x|dN{hvUTOQ%1O5BZrjseXpq7WtceozQn%Nrq4f`y|1V`Hu z!{q<<>1Uu%pvaEtGJG9tXIHN(5Wy&Fw}-1 z%h0*xl`fQMydV(HLs;2id`f5+p`5k2Sz)buff17z5zNjcKCEvv+-}VLnvZHR%7bY_ zpMZwgTREikmF@bCKsx5cpgJF(7p=1Q#4kQRg?D4>6IBxJEyl*~Nh8pn>C_o4s{DrU zIB>u@-$e2g%$qz5o}AA}v}RO}S9@@qLGPdV z{syqP9({!V2851cV`PmTd-<{X3XSDfP1wxt+d!ZhY*5B)-_&hx4dY?eqTUE5Fvl~r z8{g-4>(^I`96R-4$>>H-^_R#?R2E3NQhI}RvB97gVy<;TVaxXBMQFhOhqux@!l1iR z>shl_5oa~m=_`jKiVexTHBxZCHH6iR!1>tW-ZrBs`N;f({}9&~lk@WQ+AMYb+b}kw zgBZzDyzyKO?(+U9V>aP_Dmov&SN=E`#p=AFD}mp?pS`hgR)P8ypy{loG;$0@ygwgc zuDL1*u`ms*((#A4s!KZ5cWxiB3s~ar#Ek>J67Gljukn(ZUW6sBGhVSs=tR1lpC%UM z^$fCQKSVJ6z0?mBUB0)sgqSe7(iFrnuzo!T^WlYmh{XdPmTQLHU}}JW=$U*igE!+X ztcD9U^gq7v5#FDI3QqK90J}WhAeb63T}oE|p2 zFOjf<(GUbJ`_%JCH_sy(%Z123B)GZmD_5kYyzgB5IoRh_;ut{kK_1H!l^h&B#q5Pj z4pxKE>7bH>>8Y+9rGBjo5d-h@c{M)PF0m_0_#_<4VOjv~q-yD9n!6yz-d!wz^XwsV zZ}3j`uJ(=(8eUY!b3uQ(biNFE4(L@2^l4-QH#I-d( zQ?sh1ER=x%)kL4LBdmZU0AoZ|O#>pSDEX+GfRm4yOod(ds@^>omj{`&CYsvHF+eN) zrpLYq)KxE>G~XQ0I2A=n1>X`$;f;@SGSFe(UXuJ`AU(dbO-uAtzhow^C6|8a-g%fg zH3LUN$$M}g<+uGW*XaKi1^XA#002e4wogRv5%cMLRAP*BxwFqkrW|?pU!&9q{L8J% z{M_|(MlpePVv9&vAE!QXC^AZUR1yAbZD@{{4N>;H_>S>tXqx_XP2O$b1ZKY*$9AId11=^sHR zQNk&eCF62CU-+phP{qcD{E~_AYS)fVl=&KUu?HOxWgI=`stXkksE2lO93M%v)hsIS z7F8Xrw$A5|U#Y2xJ{UxU=+smqQVdCS-GbZN`Ve|s4V9mt6tEs__zJ1SMkdBYt5fGX zTK_9?Z{&TUcIOB3OE<`BB!OZ^5p7b%5{Vsr%iD5*5?DKb>MC5t)%>3X?Uw((I{KSC zfQO<#p4%$W-|YEzQJ?<#jy59tukpV>$(iyi!Vl!CrhuAALjxyjr#_Fd6i>y68##06 z645?n7gZi7>}AsBA|9MKZQN^v@suNiZ>y=iJJ2CHvLscVDVi8w1_ORk+Q+N1B#KxsDLvIzeH#`2ZY@ zKXdIljnuYX2n+F~1D^et*Kz{yp5)40*6hC=%+#`(Qlm2v|1qR}E|j}xoQwFHQQn{S z8<59taoc4Nu&u(!cfD~Po7*wW58%!H$Yla zV*Xzc!9Ra)b1bABqqy~l$Tq+q+W(9L(EiJ5U#_F}-7^X2>WhSe5SboSWd46s#ihvn zVRR&~QICLp6&h|a^1V`0h26IGil|*k~t=6ogMQjFE{A3*pNA> zFzn*Z!rv1B063hK+f&$UJB9h344ttbB&!-Ow$kDFYyEfxn;lDap#ah^02~8~Wh+9#nz0|N z+8X2FcWgMMTAaCRzWs2IYH+OD$jyHk@{b#Ks9(mRSeZw|vDP$?lQUQ6D@&o|Tp!fQ z)UVfI)6IT>dTsveh+@7W>u^=1rQ@hPK8KL94TZBL6wG=-N*(F63Mf3NHd1K)0UgHs z0ybTBo}~lcL1Q||8h6dv3**v(k)389_+>Ugn%owZH%U>@13wG-&y6hu{@m}MasLOC zTe)@tyWXC5ynn|3!H<AIU@)ek6AJDLT)&M7P?&J054IF zCE)q*ng3^(Pte;xT|T8Ot)0yr*`%zEoX!5-x%1!MH#xa^x&PCA(>;AqZz*QJ2G_T> zRV>El!N4z;rwo|;r9Qq)KbHO1>!a}ML`kL{e*cae$L7nEDY;aFkx!4}yySqHU=##}J(my^p8;kMVxi`tb%f2f=+Y{hTbvs10nrQer zSZk2A=ohz8<~JQ-4_D-I3>G}(Rzi0gA^d49Up()~ zs0<T*{QDL2@uo<&g_bP0KBc*LkPO9H*raqs&X-G-^t12DRQp|LSL8*!h3`8)- zGBJge|Lb%q@%^OmM-&ha6;^p=7VPB<7ud%j4i(8L2FFeNxcq>Bk@6;_!hs`2Wayc= z9#{NR!BW#q-J}d1l8&N%Q*wroyU(Jav9t>dX2HTOn2w#`vFWqbdLO)Xs3e zzEM#`9_$_dpjwb}E;aQhdy$~`(Ph(Gjj*udZx@>#Z(Hva7~Pu(d-(X`E5F|zF75p!Gt&^cz&;xE#-=DL zJ<(R$ER$X$-JZSqd zMBH}#*p(BP(=N;6Ys>=$TEpz8r6#VCcM8ge7I-2W=T2Xqhf_$GhG;en3%T;AVVH1& z8Rai$XbwEa4F}6Br2KPeuOn&)@VA67*gC-h&wIV58F(pv$qE+qEYG{IH<10(eYHBq z8|@`hb;dJz8;g}OT`m-;`|Ssb?$d?tj_wM3XL)g=R4|P68DikIGo~L80878e$5t<7 zVb!7R`P@M^SbUhEQX}`Vbxej?%L`yeRH^?r&cJ>hXcnKuw7u$#5(Qf%E5jP z-NN%PIFE{|q$M1~LNy0MM@X$}Jf-H!<*0s~re+62VpyVG>0N$2H%r1Hm#NSnRG=a` zc+}SUIZ^(DN4s>okh~u8tqhF1kNhRvNK>^zW!qfo-of0DA;QXR;6nCXP5>JLQWjNR znZ2G)U?Y-8hT7;RGki26e1MlSV%?F8mg!VH?FGLbCp}<|sKcy+l(Ou+lYuZtCL?I|@|_ieLRf0#T6V5afFL4sCB$%N5i+$u4f zIw2=NyAX`Pf0TQqheZ`!IPsBA6{~^!Ju~4ab!HBMw~;;)#5~a~pH*cE-3T4De!gd< z{=Cpb#X=fjLXFetkL@#XSdRjNm5f8PbfZp$dAX^<)FjGJVfJGJX%Vs zc_;T7$-K$OKHPWKJb!tDlMu{+L~Nm5aj|NjKEjurHX35UyCZkQwhDTEo><~h{Q4(* zesJmON`%a?8CBMPF;zodrV`G`7`GxxB0cHINBZmn`!eSe`&4Ts{Wc5-PAJur?5xc@ z;>SNECdFo5WN+|Y=yL`=X!Jstw4oe9~t z1t(ElQmzse+FQS0eiElB)4nHr`Q}C?NzWkN!k8(A&)>L6C5fR%D|folO6;eLT486| z!Vj-_E8~YWQ`h~yN7uq-)<>lf(@Cb9FU^xU*sKBw-{DA+XL`BvvH>J}+<6a^tZ@WC zEg>)=9kd&SjOy98fo)rzE9?uYDL-uHqISKp>A%lWc6W42QqMdc4kKl~t0s4As46?} z3^aW@_ju=?C5P~g!d8IHBu%Tz%;^Cls>I)oD% z{O?tcFp2oOY0(l!G7oa_H9MO3_yTpu$~QFoJC`Lot@^ zFqdA`u)}cY*67Ps$x;o=o!I0ZU)DBBCFjpoEK1s64X?OGphu%8RlN~j3bbHmRR1yY z+0QxzHzpBPIdu7I=PS-{(bHX(=fdCKiM&4RdvWm*I`lGOj5Ao$;hd` zi30IqW>C>keHIP8XrPcoJ7==_^kzLyYF@x4gjyk&j##fRy+=^0p(Hxz8FAoiRMQjO z{^q1F@81QczNC$0d}Fi4ZH+DTd_*)684O+yje9IRtZy(nZNR5JTu3kMMDUK?_j_s1 zN@NljoTV{XnnApXM5RC#f+n@p`1KvO3X}DZXQyIDCT?BEHYQzEl}GK<%Pk)($ht z8)v(hGUpnvywY`6+nuwYjtE*9Qgrqv*qk6UH_2D`E{gD&ztt_(ie?q`ZlWMyGG(q1F2H+;@cNna%&cpW+)n=wArP8NbnW8Mf^RE=U?1Kj4EKJ2&EbKJ3eG;6R0V|Mjge1( z0cL6nF#lq+XR^vtDqfxDXip)-E6g~9CN)35w9zkrGXN^1jV^@{^C!R2_iKR4t^m$Ii!bIN~J6ga}@kA}hf-&_RTM(VK zpJVP`yUK5bo$U`;({^8BB zDx?~y1h?4!bd&Vu*}`C=HOtrjnxa={iO-Ca@!%!q#FJNoO@D?!51@d0v19F`j?8%kA=b60&c(Fg&o|t zuYFs5Nba?1jY$=og zAPn^%$cSAJY; z#IHznBjdZp+CB?sgmM22Hj&v^OHD_UG;1LC#}Bn7vkV?DppB|xw_jcsfp<%0OFmWO zg$0G5`&&bE!tuo!jK#8v9&#Qy7EQca>WFOU$%uzqbk8rX-}m?3XQ;0w2u?p2C{eeg znA5|XH76hdR%_MgTpgBE(G^~3j?i*{EnR%b4q zrZ|b9KXZsqs@eXOY=1y4C{(QDW_%#0Fu(NSo-yNxvUU&lYAES_sG-bTFCUSe`~DH% z(FU8>UuDWV?^SFuC4|BpJD>>yqQoTIaL?0av3|ju#q#J^F#J6=!YfSWoEg3HSBL7% z4>JW~aE7d8e`RKzI-ECpj51Mb>9CN;c{4QY80|@Ykhl8Dk5AJ^Pfe&=Tf$UYj;xWa^8U!I!G**}PV|BgYh zp}BiHdPKWHKs6v$;c8U#$I6pU!rX10FLSszDyQl(7l+F|zaP^-EB4H#zg^N)HRP~e z-_5%AuwU1gXB4OfnVSHn9Y~`K4W1?#>+ywWP$U#CMSYdfD?-_ zQ)xF&fO7c}vr(RWN@bnIXyc=}M(1*S;>-t**F5%DN|Qos z=-1APCn&`F?9MNv9JSx)lFR6RH&g;VPY-Cd?07Y}`zsfLblt2i!Ov+(gZ3ZWN{-^( z7Cdit^ZR}0b=9$z)%xq?ZZ6sH{_1v1qzCsmMvW~O^?%{2vj2BnRnY(LsX~_QNZ7G` zhYePGY+g#IcgiZI(y8#@a9d8u?wx6Cvm=VK_kU+)tg~XETh4AXNXyuJ-wXc^tyIT+ zcg7jZSoPSJazZ<-GgtQGpsLR;KtyZykz9jE=4(m%-6yBI2JiH(DaOzH+dDXQ*n6d@ zJVh1tnHMPWc4^A#rm1fFhrc}G4p!<8(#Pu9{_^C~>K6V>@B@{&*O2GoO(w<&E0l%qLPH zA9g^@xKUA^vn580{w72qXm%1G2ho*&nv2M9R&~jJd6k$qx_y~ zboJU^2L001)>f77`wB)`uYoN0-h(zAqxP?t61GQ1l!}d#oexu#Dj4aZ>S;(a;_(ao zi>QTaujHqb&th3iyY?EFqvlS&C7EYkU(MeQD8)8}-9G=NJ$9@J6!PnI;gX*4x8wpAUA80j;km)x+p>dG zAIV=hTMx*y{tId3`0q#~2M37#AHd0h-dyw?_Y0pZjqP%lub4+f*$m5y6&_4K39=1|Kr9?|?2o9~P z3&=;5sBZ<+BK3Lly?xgE7qcAosm!OkHg9R4*=R~;j&{CZxi~nSiTd!$hR@DcBoHi_ zI;Sj9l*%*|`N4Jx)cUgh!fx$@F zTBKRhd!>&LITvBP@xiw*+e367#mA{Eg`2Lih{^O9A1BU;hq(?q8L>o7b&XHUvw-Ls zqh$DHnd`H24DUXtsLOOEtUS#S%;A`c_;q^OWN#?vG7_fB?oWu;q}q2Wyl)#J$0jJu@t2be z<6aU&_WFO&u;Zl~C$vtBO~Qm-D||e)|KV&J8E_}V6lJJ=%u5j{h2AU{mh=Hi{=i3| zv1d&9xJwK&2f)mTf~aJ_-wWW7eNV>l@hdLF;bxs56umhk6ZPq?Ws9p7j$bB7e|>pk zDdC#)g63@&lj+wVyZEDg<9zj5^FWLjVlTO9mma475dYwjQy0_q{)tSwjl)pKSgKlJQ9s zHL7bEL5>VB4errc#Ip+gHYtWZB>mQ!hhKyQ;PjGSg7HibKh3Ad^FiRRDzy1`36xw)DGszBam*Qo z8HplThNJNH)V1e1&_Rj$6vAK*86nsZ=8U|0fM;Mc!`Wt{hxworn!-=^;=IJpIDSe5 zzCyuwRnBg$yRI2c?KhMdM=$+9)9hnoFlKzAeNv}w-yMAeI0@)@SxCw$$d-qcW8I@8 zoOx6mJkTIpfjPf>6``NxLL`5T#o ziQ)-Z1Ej5aDFj`Y4`A9||jykTae+a*AdO6ZWDUBKuF=-W{UWyFh8w zepUL>Y95U%TDp55a5->~HzgK#9!>3#Ssh#Sv9`$49E%YTvJoY{p>xDTN{Avck5T;6;IA^?nWH{LhZgx zkm-|dIct;Q`wQR0kU@bv-jxtX9)WP=m@mRu$JTof{}HU|_;^UB^3BlKnCo|>ej^;& zy>w+@&PA(7?vnzcvE;kMZZoG>7vE5Az!(x%ojSgPRr4r0lpR9GnWUaJ^lCYJ_5pvO z6S1Egx;-qVdEu-vejgD>e?;~ypO#Rjx(cW{IfGrpP_~Yj&Qq}7w5TOd-BYPmu>XH? z_Krcq#n853cYkf$wr$(Ct*>p{?yqgzwr$(C?e5q2y_uRjb7x-NnyQ>rsie-2RI*Q2 z_TE_wDY$zi0^&aMj&1--z=DEe`#Y<)Kj>$wE`WQaY^?A!fZ-1QpnQg+7wbK5x;|_~ zcXs1(poztHK}vPIUfr;uFtx{og6{;?ol|kTtphD~UPEB{-UtdoO|clj{&#(a9T??v ze}p|ogz(n$)euX%{W>pc5^p`UFe|YgJLy-GyrJ(7oxJ+EBW_+uXWDzEj5BFFRaaLU9<~_pR=`{Zn>8Fg3)ahnJsX+0XRtn z772gM1;@nsZ5yl?8>rpyDI3?C)6FQbrDB+X@WhbaAN7X?@hEA$+z=lv6b`F}eN32w zQsYfik@D-r=+H(vA_HNUcNa^hx`~3}F~E%`H39xGmI(bt8YVj06Ni4S!f(zr~?iCB5xnsqp z=Ed=`cw%8iI5@g+2g{=m&e2&e{7a|*Z$j2GCpSB-F}7iA zEz~hDe+#(Eg+=NWJX*A9*K~d56o&XXJ^R1bDg~z)Pi;7pD&DU1<`79}QL`@!w zXFC@)*(=00H(0m6#KM4z<3#55=0a`iPUJ^bNK%}rbha90sq5M&*6cSzUjNYx|ksX*qFK zzVhgCM58R@ajDsRHY7WP>|f`XZozGqkA=vYshgZ0)|#E3j*t7Nz3Um@p6;KumRCH# z9d6S9iia3jSpHjpi2479&wl}t&E_v4+Nqf}(&~l0DfG+tyBhulM7{hEo5w(C;(_dE zKWghs@ye5d^x0|Za*Ee9|cKeQom8{x+_u^lrVdsqWQ-;p1# z9eh3(-)BA6Rog$$x9$XO_5(BSOrKpoOW5Bh-vie}RBK+Z^DX&7^3eyyd(s(sMK7mP z%|D`$R3kM$H$R2~Zd8vJ^{0+c1VaY+Sq8CZhE})dE-(AVXzER(u3voBZQghnkt{7; z?A|G8lH=d|8^>nDi$`?-0gF}~rZ^gGUYGU){-8B(>B-YHbT+KNLn&U;*=Lz^phD!IT1;BEN`7q61rLr=j= z6E=E^>{ZMc{Y?^nKmZi(s1wfq`)3+d;H3dNVWzCDZLoxg8vP5wIb|Qe7m_*Z=EjN- zPsUKwizRt4O7ei-ZS5pZ!gOppS;5BApnIP2`s7xG%?Hx<^1;IcA2myr3&=*f+g^o`$3p=)0fJT61H)(Zr+WR2P*lSo= z)ZWg;hxoJEEZUE+0fIOleF9d_coMcP3q|B6i|3KoM|oNUl4KhI9@m3PT)_{V741iq?pH8xxcL^&#~eM4q|}r=_^nVDGbjGtX1Ri=im!67cgBn zl{~1Ma*LEs=aK?Kx2AZ?Uu_XeCyLPw;KqVArn^`OjPBXAxyvh`^n3%mRHci4FqKK! zs0QpD#nEuJTX+6JWz?iBowu}?A~t)soQhC@E<-Q*uMOc_9929&jFnP}7*eVC}#|nM7x*DRx#l=NFFo zs4XI2bK643;7LqVx;}nTJIk2>v5zXU`80+lr_B(_?bWf)B8?fD0OOS2RQ|IaeJvCo zCzOURRj*i=%uv>iQ6z)O3Ll8@hgR?!DPYFrE56r=r*9Gr6;g9xx9Xw}H;Nr~ihHp! zY7pAe@=M9cl`qOX#n{>7mK8xTk&Yr(42dSv-YO~yp*E4e6bWIh?}TZ;p`Qx|nDexH zn5~v*FJPJrl9sczdxEGyhK9`|SA4!R`Qn8d=76gaf}@kN)zBGuP?uajxGWjae{EsK z0Ue{14(%uVrxw}6P`z6yHVxm`xSPH)VqlM~EtUs%DVIx2q;KpviEuL7)DZ-nh0(t3 zz_BkH`3X?jLo*>KE_dD=#|6d}>VxZI6xaF+DUEvjNLLZ$el7R@^3<&*5hr~8`%?%T zb&;35L7xCBpu1%_;Masu$+Hasxo1*w*Y+zJc=G&MOAX2U52E%A_#Q#NgvZ;7x4TT) zLS5-JKsvF~`ngI%uMhXFj8RJ>!QB~PpDtTah*00_A$cbKR3aY%^GS9G18gMb)8pF! z5&z0`ZStSQxA~_R>cEQ#cyK3h*k+wm*sYNyAd+P5rcPXAON3`4w_RVY#IclpNia=H zcfaouOL;@k_8K>W&4ydL2EXT$brOKxebN~SgLlLo*f6efQUuqLMcP%6+RV}4A%tZtfrJh-wd;A!7nrblZzt8 z<`<#5`iJ%Q*8DxZ#6y!r*#?l*aGlgEYxR54vo6lm6t=(}EU*_D)140D8BSH2Bta;M z1qQWC*<64IsF}rSMM8``bp6EOYKt-6uc8%xX=4kz?c8wINW86pitC2 zmzx}B{u@dy)ad;#{GI7HXsW=ty+%Vs_g-5djx+eJcZNAZdglZ@v06LcHj6x1sS;!L`dh @R*p5s3-p+k|-i{+rbFQDUN_ zPkH1m{TOn7BNlD3NWvsg$v5Vjuew`i5_|@Q7DehSRSoChS?{6RP%LLFj4={6DelSd(%b1w3_&2MKa3@ zsqQ7l=EQbQ>!#yp^*KpC7UvC#TGf`1;-h#kETnqLY+JeFfS@O-`&KcCMmAKte%I_UInZoWTXE;{gpVt)W@ zo`8V=EB0e#VgK)7KMn@^|Ktms(%7)spojhsUzj}>d`e*{7Cp3hLzC?vRp8a^7TsAu zow@3dABi}l2`Tjvo&82pOQHH9q5Ip@`OtDfkh}Dv45&h%O%*s5i#qX&kdcb>3$7=s z=H=idBM8E1#;rKubC2m-kA0u}J#;<)Of;m!Q9v*I(UPDy_I|cJuCYPJRQsQ5W6(;r2?!#0!Pd zVd4o3M015A&2s6hfWYGati;l$n!`!547g zON`X19Zus{>phIfy>t&)Kh5LohFD`+`eaYxt;5!Kna1oHlnr^K3ipEX;3NJ$a+CGB z1a#hjVojKD5w< zzB+f!zAHq$T%$#M>YxZezCzgiyCHur-di>O#7fG8mq{c2_?!uiqdxjpybcmO+}=k# zb~joIZy7`AzeO6_2~SRQ9W<8QZ_^KpOA9P}7AIgEz;!ep3KnZzoVe+5GyujK@86fe zWdvt$-kNbHWR0H967AWngH_c;`J$hBI zBTrp@xVP^63ishtuzTQFpru|a6bkw01g$dTuRP8-m&jUN2HpZm<*2}64*}x>Q+PA7 zLUx|Umu8{BSiv(z>oeomsS(eow{HoZ->mR&ACJzj?~}80YqJMB1+Y%2|7y}q|67Cp zpMu`MdfrM-*8itKHwzmZ!>{tUgQF8Z13L=`oh&{h{eL$1B^{lF4c6o@Dz8j;dJt_d zHJPGu+2L?YHm0)GjyoGQJ}0ZH64xsmHLY#Q@2~7Xeuzs|#o&@WWmSWu!f`LVKD+xs z+=)d>Sr>yP)2@g`P+1D|e|I!K=js+H(_q00oXN@;R29iu@guHh6;(Owvdlw!@Cn?u z=OrLt83k1zUn`jQb-*BoJvRQHMKJ;N&uM8Jb6GY5ikjgJV)}V*V{@6=_qb#|NN`4G ziwjFa0>e|&YWyzrmYNH`{3#$d>uE6HV1i|lsOw8m#>F%L-z~he;(F*%{ECm-D z0BnhnoCe+Gqe9-~L%iaG*7mucdI*DYmLl>)1 z6jz;;A6T=MDle}=IGYhtCuE^GS`c~|dlqz7B>D0fBP@GjLV+bhAE#LL z@fZ5WB|C3Xs#fplT_r-JA`s>sDJ2-8ov_6BGLv4fNf=cl_7?goBzj$#SR-MR!8t#@ z5|}aKYj|?64rhUo=UkNhX>9TsjVb;FE&*^{B)c1YOW5fqP{?twzszjJWl_;#;tWHM zeQQ6bdDjG{ zY1T$i1R?z&cDCTt2D(|n(fX6rF!YyONX^U<^KjY3nnnls1?aInPv5tR^No#+sdv+dqJ~siU)`>^uLqB(g{9D^^OL8PjT+aRWj(t& zJ>Lzl9}mZ--@y5E`T}ju7cLSA){a-h``PvL*2UAY;nRXEoto`(kF{zIufS-e!)r6P zu1>Ws5DcSke-gojTR5~fW~zf^U^sotwl332VuJhi6piUh#QXD2&-cqa4oJ5NE{&P} z_tWw9MaPt!nyUsw6D7^`aN_O3``6P_J>^$6Qg*jr@Jc4vpTulIw& z(>afa-S1G>;3|H{w_Rnst+!?6HkJaF746pM;rL<8w$kbq&8?_RulzFA3jNUQ*mYtB)RS2fR zim^b2!k*9(xy945(BZg&dTsK&4k5It8`V7oY_9Gq9%~gYY_b&m(k-TuhaqXO*kDih zrnk9&ZL_1(LuT^vbzQjvsa9;>P-!eP^Eb+7Q`d0}6Ee_kwC$SPuF{U z*b!zPdp_eDgV8ZoQt@r6MJ>lyUC;M*1hgstf(U?R_~?D1r{VgX$O6#Xf%zA1v>r2e z;u&?^YIS|OJ?%kFrp@&1_Ie*XovIZ6$;PPj=8relKz6>7KWb_bfJf>MZrETqE+<y_+e**-SSqKD(V+g^3z+QhN8qv7bhc;P*MbhRT*T|1#O_g> zdfp}*xrM*@g6n!UTz0PVt15BfiPV;E2f6|tsio_W(c}s(A7Y7@KLN#$4{k|1>=tKc zbRGyo-9d%cu{{%cVc-JOPw=LUza3>lHv zdrmZRPhJVvYR}iW#M&qmw5NbSlRBZh>EpG-oe=H~zjzIoHfC{i6WWl&6q^K&D`TL3 zq-VwSO|tT;)G*DSa6QA>p<%@KQ7Y0fooCz90B@EZsdM7$DwDG@h1g;1T2)6HdR!GY z7yOj@Yy!$?WWw+VW(T(qOD0)~Y5%P_A0XWSuO+wPKpcXl*q>#nkm6cRUsL=^2PgYI zBag~o3LS&I(1D28K5k_pCvIhx4eZCSrIo3rl8a>qOuVSMM>*UAp^+OHxdPk_>thb= zv3ge`GtZiTA5~0CYm-@Fj7VbBtnGbk>+hI~C{aw|kK6WvKo|48wH)`4xu*tXP@vQm zxuLSlL_}6q&jarVKhotMGS^fo3ZFd->r&A0*kATi{vgJ zBuLovDEq{A56gXfZRE0bbX=|*hM>V=RDi>WF>^U_oU!!)82(yl1kaNOoG(LpjSTK- z@bnWK`0jnZPM99C)QODskFB`%*2>-v1UGNx+wL<}Mpz%4G>amzXq>1(92=1rGKNV) z2AYHwd50cZL)X(B(100G5C=#WrCzY4f-NtU)ZwiwZ`|%&$|{?yV;Nvg<>}SqE^c=G zQC)DIW@=e!LBeD9?CqXfS1H@DCGB$C6XrtB&-(quB!kgj0>Stcf=+MgL^WW7c)z z7%Z+L;>_Q<37llG5bbS+@|g~7FbJc88`QDY{w8Rl7692&-O4kJT{d@EHZJG1mD!7X zIHqxQ8#SKo{rK8=Xy2E~Q5G)|=$Z!)=bduQ){t$GbEwy1Z;-83$aY=fn1$c5hLck) zAm%VGExml5JDD21)2-Yn$kz*b^{2tLW1mYX!8T)SbG$l$AJHck40J!FEVZ=gwP|#0 zH8&N!J9TJXi4N_@U0HCPxICFVu3NE{xN6PAvF1E|PMu`gcr@EQN40l#xi~V%lVFZn zMSq@Q!pI?R>xPbZOt)pA^C9!Z{bkH)9d^SKqH(h>DomF((!r=*e! zZk?kuN;x(6_VI<^rZ*G5kf~2}+=x`)uI@Ly;+rXvF{6r>pSv8Vw36d69^!56ZH|0Z zIvWjm6Z_Zulc$a;keVYV!|31uA#QGTVvkNRUJl8Sx;`>vmX55%#e1apdLkZ73ixmF zh>8Ny6q<{V;U`}|`!}cLWoOlBX-{eH>T8bP<90YHYzH`DqqCVI^yK&xFo#kWbbOG> zv_!t9+%)8O(5l+(BUw>=>}9Vnq+V!FlTv{qRPxRFUGkJy&H%Jo;sZntP9&v0&R}UOA*bZ)cZGmApxAA80{ zDJs9pW`KQT@o922Yi`$fIFYuUH*g@;yL!=Pg*P}iuPXKoUuR$J=b_WUkzAt{bXWuH zxVpsshwmi9ezSqWg3&TEF{drf1DGA`g{>|@WsxQ>hJ+l{et@~T_4Me z4U5cD$*-PuME-JKaZ6oo)2N=67F)8xq2ZpyGS(-n}ldf`RQh|!GYdDJn*(`Y`M zoixQg9~Ei|t4V$JVOW8h(H67ZnaDUABE>KD=W0>Vjzbpq06MXt6(mGBBZRu(9?B?d z?hfLYg34ws@f4vq%tF0CdJ=aDTVQYy{s*d4CuP6K*Ukx(h=s$opbm5hH0v!MU? zfr*(se2d5vov=@T1qV+u2!z1;4eLe-tKkgTe^5oyKa}w<-3|E^&tCm%mR(qNFB)MX zn!be$+FW=ng99&9$0xy-ME3@R*34-}>lQfAoQu_2-O?PuyPg1!rm)sMrsE0Iuybfa z$;T{{;yZ|8Ju)=Q!%4yzc?X_h{sR?5Y3x%NnKh=1obnaTUaY-8t}(j(+WO;|!{jKo zXTF45>sQ!w0G!rPLI0U3$Sxu*{x;7|_N zPDSmwqI&W7i{B1CXOo_DN#CWUpK>ZdRW;DcYGidCj@tHkeP@%tbIHJ^B(Mr91XVTC z%4%hGownZ&180+gbIH)9B)AGH0#!B9%Id`5FY4Ok4U7JN6_Nkg1`;Uc%DKz#3;!P# zrK7aKPkB#BsDo{C7TKo5w%pb)Vb2Gh$hEdykl?=^z4VrBec&S#(lW1Drhj@Ec&62~ zBKT>*?uRbNY&GOR{;k=S&*l|y7vhAcX({Tj^PN<)4Nk3X@MJ-Ma;s>3*+D+7h7M{eaNxtHofDAY&wgp5A<0!+dEyapeC%-8QMkkZDcHdZK> zi9=!;XTZ2n4|sU&C`U z10<;ZfRs|^irPXgUv^nEjNy{z55{In1Q&z7_C}5vZ=#gGJ2Qx?=+E>_!4DcO4qx>? z2}bFXS{3Es9#1pK#+&B_l$puEC_jx(L$1ogW8Uo5)O++McvjLo%FO6zEOIP_≧` zL~zrevSol(5(Xlr06FA>PseN^Zl110CUX)QDU zmVscE#rv<%Y~k&ngPboh1c9mhHf~Quf-gyn{2MHZleeazp84IS0@E$~FeqPy!p=$N zl{(@c$&TSvf*-WhcT})e#{9&XND{V+5K{3GM7sl-s!VwBoy9VUl30~(#K1l@{= zt?LPPVTt%I*WW|zRdl}l?`{Thz6+DEJyOOCmHqwMsgo(!nuC4KYyJlDZgy}*_9KGY z1h~K}a5Y&xAd0GE)_TrXe=Ihd(N|YKM1KX*Wt!3PYWYUdVfea_r{Cf7E_<{Oj;(yBsUWugY8dAg zftAax*Xb?|qCWFRkO>*kx|SXKqO~-xG!#I$2hH)?AjQMT*h(en6FqvQu4?JT)S9@D z$Lw=}IK}p{`i3kg|J{1+&vf1EZMS5#gcsV!-cYh>d7qUWaCE$+j+wvT#BydlJammt?qOzI@CE!eH3_ayM zxv`f8J`I~a**v(h7iVXnOj%GMI+#w)SMnfDzJZ>uo~YtzKjKbADv{cn}hpW%V-kxdHeDbH^Qg&ADyOdur+OyrijfOIdUOW?vuN9hf< z=@`J^FPZDbd#o7VL=I7u?5#YR)7o8zFs>OJ5a6N#I@!qz-}%2ro^=Kde_FU^d^}D# zGVhUze*&{i=B`RyLQ(>ab5aQvtE)qmu2 zW3?f8=lrHFA@(xgpy7klGj%lB0@l<2<0iAjg00n9z4-K9Rg{v6c^6mNva%Si1A9i_ zLcF2QF6UJF^l~k6Vf^XD@Chz-{ds@7e%QJlr0Vj$J^I?(`Dy%+^Pvpb@O{4hh=#HG zv2Vii@%jGi`Z|*m>uT%E*b&=vqS(pcgO;>IarP-c5B4a3or8`u`Fd*mR$>)~xXxl3 zxls;l`PdzEc$7{#41~A6)#Z(eN!=;+Cb!x3AwQk+`+lN*+rqM~+V1)=c`>6XdYic3 z>bddpTFJHOSdc^yw2XGBT*9_cksK_1n7M5mz(R|)?PO9dWA3v5U{g3v?OZbTU_e1_ zT3DB}eY}fql07pnVe_G;mTOR0V6(bp#HKtX{flD6LirMVML9FktE&Sl8+;HHWX~PH zpi9LDGdl1p$Wde*wh$>~Bx94N#+r5_gcUTWa8_1mU!*}0DA^ZWRtQjzUSeBpBR|yY zW-1vU8k`%P%m9p$BlkL~hU|gB&u0gAvu2cf%oV0Jf$KDJ#YSD8Nt!l(miw5$Icif$ zAbM66xdKHwGP8Ptf=x;YC60E5FM7;%Qk10^D5AjXPq!OC?yMx<=@6~oRO8yWGCPsxSJqUzA_ixxGtDxEuD0Pq*2+-`E;+U99_LF!>t^^Px zZ~a&{N0-G;Mq!xtMir0=VK_+RA_>U5kM5+p&Hih`~4c5>nY{$ zjMGwXL41Cs_R&W0;=gP)M9z(`t40E|tmdQ!jhAc5;s7bO>{%5IP}XWjmN==<&0f7K zOjG?*&@WT)T$#4!pheWj^TlWQyVwGHc>Kwo^b*G|NwuYXgcBX^+6%EDF0?cstLTHE zU{B+asMyfV@VzaWTkwweFlMhH5MTf7b^?6(ser6(1Q!JCrIUwQ&9nZLATgKAbXfH$ zD2uB#N5sgApXFSkmz^6P<|{Ve5zT84^xiK_#)jdz+u6vUVAqQhFcpae`cH#I!PCRq z9bu(_c1f2x0pz1M(-YI{7kT;o}x5Ad?$B zl;k(8sQFS=1Bzx$*{uKp!(RBo!(MEtnU+BuwtE1-A`3?>55D974STOFnt3@&k(wHR%Qq*bGbS3~4>EiRW`s!d%5zL{ z0*<5R2R4>A?28*-k}lj4@XaQRSmMPb&!fT>bypVRLQQ11iZ^DeoMIi07p+aEv@6nK zm&juY!q1dCR{QO4gt4c9MqkmKg}63vG{W7blaEmWUvHqS2kH~7-!e(D#}i7M;4%u5 z9%@_MkUx%YXI0pN1dJTyDOq!~Igi*JJOiUqcN@<7(;2XjoI6(n1@$L7Y%4qyFm-k5 z?FFc8RlUG0p*pqDCSAPLUxdjM#7V#ZPnsojYcKyv1DJmS9M-%fzlw%JIge8M>Mf(M zN*H9`hRYm6_C~&`X#UlQi^k?-AE!V#^L!&|?;PF*J4;JSV&cMDizXKZ%^w_TF(_@F zL=?3l1mZ_Qe@f(yq!n6tCx5b7yHSKOxm7=?t^jRXJ_#W*iI8Y3JhbN!E~r7>W|s3c zH<1(QjF2Aqu{oXIWwAV&$Ljc4ZM0i2ioz=O84{pCWIlznT_OnohpXW_Sxb~EaNS@j zBG)Tz2hGSY+=_Ai0oZD>7_7>%6iYV=TO1nbXkPr|2S}A}IR1KvC|PbT5S@67*Mu3H zD1lL?E5qdNa&)p(Wuwgbv`vfyVs`?gZJN8NaxP@k#>nF+Lk_hmr{u%9#dE7Gt86K>z5#`4Gj=1SQP5;Elr=1J?^t9r73M0*o1t>X=cg7a^Z~PA)}^breOnx@I4EOtbGQkG zQBq-AFPmFxHaO7buQb3FZ%pS4VtjlfrT7?DF#2otzDUZmvHh&)(! z((^V5VoD_P#uU8rdPJ)lsE1>-8-hC|iZh>Af=qGJT#>016nRp4^GITP;rO+t=x^Lk zKkjfs65wJ6rB6^|MS`Jb&NRuEoh?!lf~h`6)~ma3PR+!Yg*jPgJ$2|=>oDEjTcKuY zKgundwQHDQVy+>KM1y}o1F%;66Izwx@`)&#tPG`aU8Fj}Sz`t=!e}yr4-|@4P<_W| z;N2!u5oC- z&z(Bvf%peU*vRLjV~ItDJah6Sb%`5duVUHSqA9bZ;@=0&8`d$)AUp5v5~thZ7{(gR z`^YOF)<+sZ_{3rZ(bNsLGkLn_-Y&*UPM}7ivg$!8XAt+_HqlO;6qXs7{-LU3*kTur zJ(G_aGP{uKk(H!exCe^RUGytbub#o!7Pr<0IYkLlwz%fVP?d4z(I54dqux=CrO!{7 zgh22^dHKm>i6~;QLdk(ins3CgiA&yCRA=aK?oSTSxA#`7WaY?bis8{-`|r7W7Af7Js(bp<-gcA69OaF3BY&r ztK*0O=MpG;_}tGro>EZ!QIOE^l;7lWVr+y`4pHU@D-W?gqP1tPybKb)+$5ed%x#mz zm?i-J0#BqIZ#L8j>ECe@tCGe-7-{Seo;(YCOyFAfXoNimgji33fAxp!%Yy_UV2>&j zSee_8*RR-Bi>ao~5@STy=tSqyA!Vbg>35Q?b`ebD)+cEz+5>72s+Zw3Sx+;q;~Ss; zSq@}R;HArDgCalw?4-L|efvaDa{&d<1iHJ0NeQL5ZOT_cBYa)E&Ps;I*6#!t- zyn{UDIu3<%KWPf{z4mSnz9HeBC!|_wrn(f#TvkPtQfrSkRxS!{vg-n;mvH1>SVyM z=cC2?2D*(m?F`e{(U_;Pj`@t@VD-F&S*;XJ`+6HQfu=WNS~eMH{@HBWV3o7phy+os zbpO}Wi8}|6a!cBfpdi-LJP@_Hd0ualHPKoBkJ4!6V4MfWUJlmQ<}jOPy_{91$G?nH zfb4%fTSLU<6d#5F=GMoYdu?@kn;(De1$N76T+U^yVWLd%Go+ zsowNDxDxcTMX&B2=H&l#K5HXKkN`kZd%A~ ze{$`~8-n7!aVc7ArmJ^+CeX3=H-0rZC-sQbNHut%v5^0$0v6^etl6rrln_>xVT9KKW z_sYqRAr{dpuJFF&!r%tQ-KlFttRial^@A4AgBTp5v^6>B&Vt!kQ7?mc2YxUMsr zef#>IP%K!{%<&w)RL;GtGB`Z+PW1S{Rb=@t+_es;BwSZ z7f;D6&<*N46x+cq;*IhFQvvzl1LgX^{77Zk>X9+=22q`?3;(%~HGdpW>x&G@G2$u2)B{>0Sa}wafHUi1lE0$o@3C>n7660EF+WM2E5)^3}&3Tk>}&9W6hviBz~9aX+>$1Mf3Das5;# z54wqjY*J=x&hOqH2F8l>(D>m?!%1iGnx;#ML$9Ld#&4@+ST>a%*eDp~uPf#UR1U z6(y5(YwO}#tcv4vaqFutoRZ@J=E&p&umcNp6yXeh#2*}#`39_V-e1vfk6r)M$FI?0 zE?wUp8^S!una?nBjsdvKFUq?aPhTO8EMvF{8!$#^MqS>DFipV)4IUy=Rgjn(f38}D z8W-PRP0+BzKrm`ui>>E~Gf6S=ou0dfzvilQbqE;iI7f|98H!*$NF7E$moUy;8$wf` z%Q_OYnIGpjy!fY*S4*Es>M@!OpNPqisMKbJ-_wr5VuA9Vx6zQC`B$Auzii2WS{&2- zk0Sk7P@$k*_EoEZb7gb97H($15WnewwPJ6pmZ*a57yG||-@DMl`5fegkX4}Dmr-FV zo{`3)eAf*6p4bM=*^6nO`&oYU7VIF zF=zz6(A5b5M1Vo@JM8pf4$pHBQ+CM0SSGy7=LU}+v?xSwhZI5YltH0=(7_GoP2$7T zj~&gU;gbD+F+`F+1SP7`2xWVo)xLap074579Shja574G?V%&~Er1J(N`^ckROrTH8 z=*a{T*!aun)pQA8SlSGjsba?SdaMrsq2MX_)*hCiS4$NE_We5KZZ4bO11K`g2UZn0 z!Wc!prdI{9#f6cu<*~G}0t-|Dy81LHo?`jDvdAVrW(z+*J3vagOzGglm1Yn*dPNHg zRR28qCK)-%qPXQ)g6bp70dYdxU>)PD<9qrQG==G<=^g)*dUyceUc3^~r&FTY(#N0YiN;|llV$uY0*?=^v zm1-AuJNxmHv>tJ8fX=_9vI;k#8zyN8lCC>A&b^)UlR2iIubdf=)-7D+i_{C1n-d~*3?}9!S$D7t3rrP zbBn(fiZYbD(_A1GJQGuU6UOkzK_@lqKY(8SOaVRUDi03o19r<(lD>yytkRi!D}F4byy7MhfVRj5WZlacY@h|v*2!pWr> zkvifuI_zB1ux9eMbeD|p&1>UXup~QKk_$x z0mdSj3{tXn2Mhk{T+8%G+RYHm;(;g-j1QKiUfI+gT(RA=HU_rDhqbtlZ^^c$^A+Vf zO1E~79`4i1y!{s=zkT#^5>{YJ6-et}XHAvsJ5JSs&I`ueKPwnA0ZOH_wn%yTQY*}C zDP+STKcpd5<}o?t+;j}Ng|XxQHazy3@iMG&k)4$MtORl`1gmKn%C@>7_SJeVniERnH&VCDtOr3`+w@|LKf;+y z>swF_Oy4v3X8W+FwIlfM-F3KE#pMU@aT5W!)-8zBEVqA&qMIo&X61BLq{~yI(gF0f z7KGc~UbUpZk1UApID@0wx6fOC1~0Z=3~5zIDjo3KC*-pxofud_!>T`BAREkZTKod& z#*Qi0<7X9Z@4An-gO%%}jFp=nudmPVmY(kJH=n{cw%M6NqyM^P zGqN-PUt9M73NSF>Gcx>!(SDQY|G#K>85miZ|1%HoRj0cbvdA{yciDM|XH2%I13xJ= z!5%bxKQL=Q00hJ!Jh&jDKD28<0I9yXu)NEXOcdC5?KN%d#X&%|n7k`Qd-X-%-t~SH zBzeADfMoWPw=jdLM|aM78ZpuN_w&pA$ck{%FI@@PgYNlE0RDEmAt?1m(JdO&XD<6)uTp^=!5jL%leeEdA) zz9r@rmL~*=QPm!mtn;dAo$B?HJTPP8NRBx{x~_SY!}p{9AEbR_kS4*?=U~UXW81cE z+qP|+`;2Ydvt!$~cd#?h*tTx|Z(Llw7k3{n;=Xi6cXV}iRib`bRhhX-w!dqo{+`r{ z1Fu{rTS4x0&h8>jt`_HQWKRgv2Iaad0`3;=%EpBVvNo>~SO*iTG6rUGfH~vNhCZxS zKJ4xI$+XlLYzb;}Zc`WhYmpu0BA?`Rr_UG4nB$a5jp^3{(xMRv5M-#45fPHuTo96&Sz;=5YAuZs`UVbqfKV3UH=!~5&yj2* zMpAdk2Bcm=tr>CLNKeS${fa}ojI@tj(Sf_+Bu1n_N)#6()$;&D)@X5Da1+GQ0nH)a zp@4qQu_!;t7e@HSJt6|8AA3k}hyr0Sh{D<7&sgt2$cfPh6pX(@?_{%o9PKWTGr}wy zL6gV_QPqF_t{|5WsR$P%M;~m`#E=D?gp-k{3c~<@qF4x9owHi+WYjC{_zo>9!kdLR zA_@e-atb^$P5p+Ioekm&Pf^5rgFejk1f3Gg20SxO0ld=x1i#d)DB2nSQYE5ibRt?B zk{=+}498@;5!MXVv;i825AlbRDMq!SqL1hqVg}c=uyPOul zJD~x69Fdkt^nX?%Y7B~Ln*Y+p^}(QLx>44QSp!MiSr#AiFrs4}+75D?3-`pT7PAd@ z3qRX!Sc9?r{SZzU?l5>T7v0uBM6=^O6jMj^h;AE9gIF6HlkS2B)TzT_AC4VV*p(j2 z%kX5g74L$)k!wTu|NZRJ23e2xXZW4nG6pZ?Ox6~_K6JL*v4-Oq62T$N1C(>*1AcEi zKXPyW(aWJmr9)-nP=s247=lXeX! z`vrR`{N5a~v8xfzgJ=-axw{(P8*~xgEA|ex3C?3&I}p&n75+5ffEWPvWcVqM;?dt7 z{?vbkcm>F**VuV-G&nc&1i3-;M7)&ng}yQK#Kado4+J23WIaRk;`+egv)wSQ;rSqa z8UhJ+k%suLDUB(BaCI2?QFy_lyK(9MVBAPwKYWn#LPt#k00M(3o)1*dC_sZ9siCsn z+4|mo7IJ<#1*423*-a<~lNoVd;6?7BTnc!!=C?zEA$KOnhYuIvg&{Q>_Gg2_`-W*c}I9hxp8?$ zz4-}LxrXpX_d)In{SxA}0cu=x8Mj6l3}Vy^2q9#PMQ2*}X@oNkQOJJ8{`ujrJr^UA z2j5&3%f-G_EuwUFP~e^wt8Kw<9f6(Qnl`uv%7;Ga47yZKa_!A;U8}q#kmBhFGh=?| zecpYw-R}&x^EEh(e0?&YFWEmheNcSh+iq2y8orJ1)y+ApnS5!pqoeI;)^ zB}w+Cg?UFfuGra^^yt116=$e+ki0umEfMkj1AZam&DrO&G3LVE7rK4nTLtb+fyld8 zednJy_NRmIqsKB$u|8lug;mE=YqA_ge>wm)tQwphfJ|e6{EHo+< zI36G}I7q(1P@b*Sffjb<2Y1JmYkS5aAe};;cYJDy2WTlgI2+U}4kL z6gCS&X~yg+Vws!dVIx=-rbQcnozIZLUx(u*qZ8n6>Oud347!?!qs(=w`=7S%?&d+J zE)&bTa+BlVPakXhXm}*SV#9cYAk!F{HJ(Lj&~B-3LJ^4%3?jvxjq+@yJI*C8e%^^yQb( z7)Hchr1LAlts_EpGFBr^wa2?j>LeRzX1!5KT<#NAHaykr3le)77DrmH{dC2#+ayc1d?y8*O%b zy2K5WIXaG5Kt8xRRAmTFFq=?v!S%WI3j50H;dAQruheNRMY~vcWBHcJ{)YAoS`JOb z*dtgqgABTY;3I39$+Oma0vzH;3hN z_Zs&F=cI$s2lO)mTkcC4+o$!M$M#1G*H-`f?Gw$z=c2u6m!3Pm)oJ_Pug9%>t82`< z`#2rzi!cj9I{Y_*Hm^gI^Sd|${dzKXc5hXslA=E26Mcg40dr@f){I`nQHfw8quRQV z&a8h#Mx40DBIFl@p0M#aG42VQf1&-Ou`ZlVxf_`AGP1bB?MshmcS+`22TA!`!&>7Z zcVW7`v^`y6;2rROi}N~`6lX3ap)ZKHBK)M)jEc+VUcOBtN{ciSta8;@1uC)Kz6x9mzZ4I;s=v*|`OJH^aZa&F=0My}6z1 zy8-I3Y{N2=3w2#HnhM-eUM-Ux>x^|+0IPk->N^HV$Z3wSVz&IJn{IoK;Uxvn6(k6F2cRY#55DbEY3_PCc zs^^>%2@YaTbo)INy=Z`yHyXIMqTg6zwzWK>ksa*+@>sswHmdm@9q%m0L^D*DT;v~w z@cEj;kJW+rn<*X0|CO~Rr#+(1z z^63H4QDzw6(BI=^^zX;ctK)QY509_w54z$b75eg{lSS897fu+;6;+#Mp)aK`sxK{p zD~!t1g{;Na(kt1cMW|-(@bf+?Ic1gQFg58aVIie++!1#;7F_u^VTIqzB!KHst_ki-xaYtZlTtpIsK)hJt3^*isVSwq)9~Y0EpMq5C-C+)bTjMBj!;`OAenn6}1&iIdMyqg*P;ChHEznG-s7A~TwF%=1 z^??YRtXI`3x4qGErlmvArOuXA1ud1?bk$E4>k*3QHeui^Ju}84m*+FDPmf5$Uu^Ou z&Mu`)w?>rt0T#STNm-H%+eLcU(3jk2O0LDJJf)6zg&mu-~gtdi)bZ! zgUx~sRnML{zAJwV-9P&$>X%!|4LhBl%w!RcrYXx3Co%5n%wEm>lOo1e1h+#@9YOU@ znC!D!+aIcrSl0JdL@vo4ZC0Desy0FDl*$tC3OVFr(BaIQ@aHD=80*hMeH10( z$~j3~B4(`6yCJ4Q4GcoHpq0LH5U8L)!0qP}*3e-_P)AJJVHZ|ZKrAm*7JH1Bo{7_8 z`Xc$OZfJ9~9KJb=W)(4~4>Jp1$lb^-r-~;4hinWdPY_pz^mjlH5;@oO70QAX?g-6D z*FeR{_+2H<2=D!w&KIZXaTDJg0HD5vEdlR8kjLylDBxyrZ$_f09k5l}%*kUuDu4R~ zQyU1-9AGGbuophiEm^jj#+Hy~%DMZc^G^ysu}JiwhXuo&`^x!qdEALk7$7=H;=|r zw^FLgQICj;w1QK!;jL#f!T32c&B@4>oYG05XgWlq+B|sfv-);M-Y^1p~_n7mU*|)Rb})mNnx*VYcWGhDL3FTS8w9nTPuy(8{@sk zn;x6#PReUO4XxW@nzg~+KD=}=B}ng*lgZye&z@BB~os^HZ3pj*P2+7@7fjOXmk)qE)hd$ zQeAPgha$c(0f7PoGJQIvDkPxRq+ug&%DPk;XcBM&afFOEo4qbqqEFa-p=D&89`zL~3X(cxkelO1{z71);ZqvP)$op*)F65cNv8{=w=2g-tWVx>!yC;WX2f)$5O|l> zJ)J30+-O~{eIFX-pA>Eh<=}8B4x^ZcwVIc#*d$&=&X!AtWMdX4+LV%(hoQ72l^}&^ zQQlC(q1bqD0n_QOnI>nP<;!wz*uilA5i1Mj9n;(%8cQVeT$s8t9qeyaTnJ7r)Fj)aN-58&M=6yv zinyjUmtGRjrPpAL`m_9lg{V5k#j~lC>RmAxT%V|c(gyP)lY|SataqD@_mhJc*<;g% zBt{QuX{y$v4Q$ zhD+YktvPq-#`)Eyxk!2#g>H31-HNE>(~WyQZV4Sz;orN4<*8YA6~ZB1hy9ly>G)MLO7)OzdVHd7$n9gl|9?oq54g}1DV@b0 zEIG{U&D+@`!5yMxLOUHu`a|YnC@E&kYwgn6+NMfUgFWxr9nO##>N%xC3{6;kLRDz& z;`j$E6q?mgXtjP9sS#s5AB^5@Nn0XxW9)M?(&^}04=&*GaYxRZ!h0~Xq7%*MUp zZ-UnhhYsFKf>pb4cq>)iuBt_4BSb4QH3A{b+aM|~F)H~NZ1-4ize2k$Uvb*8E_|J1 zUP!envn-Ln)FEfupg6NG%UsZyqOH_+$lytqp}fl-13ojWaaSMjUFa%E=^mm~D8d>| z2wt^e*k$7+aM8t((+s{L5 z!_VeY*YhjlFN%!KY;Qx&{p~+mpM4SY?oG}^hN9f~e8Oz9E%E0KNu;C^?wLvN4uPv1g8X<NA{d^y5$4ufk3b(bse31bM`%)@!Ir|8Ei+GB7 z{I%G4j5(@OKg|D1)uZw468CCXwv=ZVmX@p15s8hL?m#<(l?Bpcz$Q`2M^HsWHdL*~ z#fa)=z_(H{kAaz_3x(Xxmu~qU#PpJP-8i$F`x2jDjB5tG(P=n4JRV<-d=~|pGUQ4EC!W`Qp%`hB|K{#i1$?;Q04Y(#`$qzpWuA<}u z$XQ22E#{#*`(@WIZbUU#=agCRemrM|6Dwmo2-2y4xx;~~(*)NA!3$Qz-Z&pDQN}rKgJopv* zPcYJw9gs^)L=0ugZpKxRue2lU61w*&=37t0?|mcPJGARkh_54wj)YMYaaqi^2|Pys zJLdWq^_+=9;1^^cq9^|*b-SNEtej8-QIhQ#v7DA^2t*m?s~gz(F5I(nF3H1`O+J6l zaUmr5Bp=rT;XgudOZ6(rq4UcAVsF9<%AULHJM2XsamhWUmwq5%rgn}UhO@!+o||4;e;EO}VN`?JpG!VTqPqk2J2_@}JvG>h(mxf-QJutEG{VL3V6{ zcaIcD0B-)uXu^T_1{41fn(3y#(?EE_c`G~Z)n%@p+mXZgQh(JwRmiPmhf(~v$#_WE z7I7NR_MOjO!tVCAmu`&7=>Y!+@8&wSy_iC5$TCnoVdk!|%8ZOOt6gnT4D9Y4v%jEG zHiD{t9NxEkiMUy6qgXEyeb$&Fcs~Qp899$-pVo<;M<+)ohuAt<%QV%Ls3x^0H7AuX z6+ATweLj(xiJ}25XRIBbSRFozT$+U}_Rh#+S!x=Yfy&<_HY>CH%p54b{v_g;;@+b? zf39pWq>00YYPDowVvJZ}r;F2CAWM%uAI?s0S`hHMmvHhhGU%WJxyI{cVP;%*yI7cg zzj5Yo(72CX^cH=CpW%2;lKA(IthvPBH~ro2PL54MFPfhSc2IP0kEFWiiYGo_0{ zIPV9of_DDpfX)Hwh!xxa~NS=|X3bfWwipg?{6@sg^R+t*KvxmI&;py_1lWE9A5n?B$9?YKk z_NZN$VVR{_Dp^ihLZd5M?>rU4w*S1St2DfDEt=japxZScj5@68p|i zT#3e(Z_B+}euE5v5BqeZsl2+fvb#ev83Nnf`^OI}5`c69Fj{9cfo&va-@}xFsoGtKrk!THtZSwhB*)UH0Igev8F$Qk!oTKQ+TW(gTct z_Xuh2c6o()q8do}({~w?-yGvl((&CtOh&9o)IDHFxtXSnsrRytP9V9SlbA)-gfbdl-6N}>Kxs?4_(;nYV8(hyP`8j1{e5YF>s>HM7_2Q5aLG~@%Ivarvt zuPy1!swO0f;TbpC52=doth4dHB<^LUk6a-dlrSzkAvC2N6x$6pj;#~Ob(}sH@{`G; za=I#s`8RR}6vLlrMN;Me!HCU|*HT{sT4=mU6M@ZSFoVYo<-n=3S(=8FrY@>67Gy8# zsQ5{;bw;u6D8T&s`u-t8&xLozR1fLq2+8_;HjPC|zxXHe#9D?Bi=t)v@EVnp6hj&= zzXbaTg&^44DUeUp z1cL`SkP=_RPc(T~AAuU+0z|aVqb+}OWvChNW-WOO>U#At(8=jM3zk5b!~06-?mDvR z=p|Efk_#EbmKVxN%LZ+; zjg7dF2ad?qzZgz9C*{$#zo*aA~k zEWvk`^!uSrYnN(=9&6*y7!XplELbTzFy4bp;5KC}15IX(m)Xx(NU3dJzZUY?+ihZ_ zg!$XkE+w)mQA8;Aogl`1RIVrj_Q_JXy)~s_& z{@GdivTVOIN8%m_F9rP`Ga?3s?wIAV9m{EZN)&zML(DZ;OTcGj)PRe;7mU!Rqm!X4 zHu$DL<3T18oxkm21`4AXOC>ZQnLhG!>v_U6kB7mV()EfY;Irfek7y5OEd8YoBlM1= zZ45FOb@I;JOC&;ajy-kI{i!-$Gpr>KoM~8RoQoPQD`v5}&>4RE&uk~`n}N1y_~8A9 z>mhX5?JHgZB8ON1V_Zxl>C^o$8^C9a&)-v>E3)>qRP3lR7L#$1V3nMGJ;Y1=@m}_m zlYf|T(K3>>tz)L0yu3+b_^J(Iwq)$|8}H=}%j=nTH7$HC;OxWX)Cb01Wuictbt2az zd1(XbL{pAw%0Ouvx(3RM)X)T;WKYnsdvxq;$=VlrSJuB50diS-%YV1JPYb5SHt&%( zR>fQI+GSQPp1ikA;@1T^akgn*!f6}TG}m@SV!k706BLvr3r3{XsdXFQ&jIDpbc_=( z{C#4(`}D0b{+@4~cb?}w7CovwHoA|~Pr;TX7b{W?rzPefOIOHP$y>>-XEv~yDMV%h zA)l({Q<^eoK0qJBy_G+dQv|0KyD_{tJU6<1IXZqzumu}Mtd8<x4j>H6FY96^B6v@Zh|sj@5~QseQsV2Qu$cA z{g0PqS~)gv-U!c@nJmHiQPlI@HF0yR8#%zqoEy8;wyCZX$gtitR5?q!AZEZ~7=&#h z@SSxb=waQf`iSL~Dng}aB35X7z?3cj0MBd9COeUMX@(m2kX)B_k8=(HQ%{gnP%vJy zKCe3?FGZ_6G#6vP2V59OrAUbG7-SP56Y`hD@7gLv|A2R000y8 z!siFv*7N@3Rm^4zVB-~Pw}DKdw5LEWZq|tbsGzW4pa7EDe&0ewe`l0if;=evm50u3o;nVg^*BMqP zJNH8xK=6blA^;-rU24$BF0WYCbFgHA^}wby=*YtsAPAbZ@GeNQ zDis?Wdyyt~aU&1=vuRKv7xrhSXcA_$^hr|4vrf_%w#~a3$T%3&)s4tUL9Btnbz$jK z?y@EXN%9god6f697~3>nNVgqOFGbN2n^pNFhoc3n8?_^c(s)S$J=MtM`q*w9Qw9vk zR4Q3t98bsHC>fzl_0^|2W+F6ZcjsxvBz#mbxwC)Lsn^p2+A)4u7FDw&S0qqi$3d7W zNv5AX0~PFin|<3}VhO#}EQO`Ns)Dxlk7Ho#F`(T;qxO+B@B?Or_kQiI5u30j#3DL@ z*5|zr$T`I52XEb~c&oXhbaU6cHzE6olT_>`NvJu8Qrwq|!a{R}^|y=4OBb(8J6DUA zM3zfs(^~UFGfR|%3HypWj#s&S7&yNm(^4Q=zQ^FKz5#1Q{|tN@pM3{4^rO;|Csu5! zObCJOf2S0bQD@H% z0orh>+sNlFCJJdbTL26cE4lJbO0#VYs%43G^SXIYVq?Kcv;rZN&cCR-G=?xs&kk9X zp&r`No?XSPXLlvLt1L31{g4+-8MD!{r9|AlDuC3XtqI59$^LUVPXt}xy&E0$t0QuW z#gn(gR?rVmSIWq_Cmg;Bqu@Qx$4R-(B!5fF0-ms=^RjHPzv8km>ELs38}dOpF2pWi zoMNV7Uizp9`x5VzH~=CsWP@BkrWgw~A{3?*Kxs5XZc!stA*~egUR2~`mhX$pOJVxQ zu`iq2`QD@-gTa1y@_H5hh=%x~B*v_Fz+!|&;!qSa6mnTz6QSW!VFUTcm@i#4!9i1;!Q_12AiUhiDbTTeC<-dLTiahq}Jb45~AzTnA1?jPOc0_ zG}vDzy29At#WYjnU*cv~?T5Kh7K2&Jc ztXh|@i_nhCeJZhoy6OlReEPgtS57=zr>oLp-wwCwsJsR2*Vf6Ib|~%IRaR@@RH{dzF;HtW8>HN%pvr-$)isXn-Y=kT|HON3cG10yBXeY)np7s6GFkOb}E;r9n;`x9Uz!m-CKHn$s`A9 zb+~IL9_KWOvTxK;w9~O`G3^;s5|6{CEnGB?xNAO6CCIB?4Vz8w8P}-SPKa3kYXENs z^3`X5+q_W|U5oef7kRb*sYX3RYy^Ei49s54&8V3(DeJw+_PDr{?hDkQbJ~2=1usb* zpx0WEQGfDHa!zeqWKA-TmZ?aTIddni0N);e1p$Ln4>`3+k(kb!-s~-Ni3z73`7I;x z&fz~M4jU+|O4_z9KMdl2aj06cSMjuu3n2ev&8wNMj+Ff}l*{}>!lrk{0Kl!+=^roe z%%R7_Wd|&RV*VZFc+4W!Yd&FKGt0AIbyKD2m^Nw6(b+}VG{uZJzGA78jbl=);=(=8 z)8~AhoqExb*0= zrca%VIq{CvpTRlMm>2QnHGHR7jb4^ zJGoci-i6)P9JspoaN4nThQH&U_n(flVzRF-mOZNRWZk-V<|Yn&!pKMmv^OO$u?E2Y zG+bg?fGQQNq+sJiBV=>hI(vHk=%5&e<)7R^?G+e4aV_>_@!S5d{-cQ>JijhcW?67f zPvsE&Axp3!Pf`YFJG-Aye&@(cU#Pfqd8Zq{w12`_ceSC1jVoQF|>B~{@afB**9(f8LQNh`2m19cwbvvQx*GI39$7< z94wjcrf^+;5{SY5js8ltIT+h>n>WDbS>3-!L=W!T13vK#Z~TZ@+DgiQHN2PkmE61o z5)^=bxi1j7K4AFXg%tO%(Lop3oce5WHB$SVCyb$wPIdQai!m#J)ITQx;p%4h14}o8$*E~jeSEI8&M)+TF>B6&uh=ULH?|B6&^d=7R>rd)T-O%_* z3W7Af7;);f0R-DmAX9tvzt!#OWOv2;Fh8BT)IowZf2w~P+v?o()_#52efhJPB}?6e zFhYH&FFKctgcqZq8azkd-5dH6OfUqMxtYpz2z^7b0`qTUODMIx-axT}7k^4QaympO zT>wi(AYC9X1)&dYt^-RIMxhPymeqqiV8jp~P<=FrHRPHa?P{)rSKoah^Bl#*9RA!` z^4P>+y!v^+r4{=`JE)un+)5jeZXEL1TGr`#x_isz{Z-4+ci`!UwzP|unipdBJF}X6 zhku*)%Z;~ zhK=DqyCR1TUmOg3LJk8dY<9bC*Qe50ISO`|G<~si92Ry+cKh|QjoPs`<4H7KPrizL zG+hV-qU$IfY;A6BP9G(4CHwi*LOd}9jEMNb&zjstB7n%_ID@CuoI3BAa&`qe)IRWM zy(ggoZydfhrB z?^aR3JpFE?g-gY9Pc_2NSzh#2)C>Gyzv5ztz2X;k95kO|E*hRk+nZ}UZ8=-szCf@Y z56u5>ZWaGeo{%j6TO=nv>FYrn$gw&7W*1~L~dMo~&Hcvk3*k;*FCn(-8NJ@z)>vJnS z#81ij`9G>c$9RcuJ%2@zu6Kh&ZeHfz)7j!)_sDA!Be1<```fDG|wo4 z_C}FH2Q{$mIfi7(+Xn8Sd}oR?|4$k)G59b8HBA|T@=lnMI7uL9qi5QT?sk=S6T{YW@gs^7PafV8^#k=ZRKnBY8eYl z5nV_NtXwHx&lHW-kdTO$i7+Zyv``#|5W0ani&k7HUM}?qG7PyOrl2AsDi$j@Cm}O5 zEV7W0nS>eZ-qe?u-_gyN6rM}j@nvYdYX|q%(OY&|UZu{{c88jt8^7DB`WCgyh#DG= zdbMhWvRI0AiE@Q)$4P0H^-}pRWK1wAgo`Tm_tS<7>*dPjN;Q@I^6&e~^h#@~phD#e z)k77S45(kyZO!)GR4f=>Fa1G$5)9{G>=Ja>(E+Jn z9`?%Got=Y!TkL$!*Xk4bo4U%uq2M?DX16?AY*RS{ULW}!@ZK+z&hPRnAkuGIZ;xgS z*vl@q>@KZ+G)}lh{b;{_z_Pa2O3Xsx$7;m>NFnR#YLn05rjXC3oG+Tx`P<{?6O+ky zNSkreHmY)$K{k`6-)R2JOxpieAwN36TsSSAKlY7-?cYXv#NyliiAteFnnshuzaAWi zE~CLm*-^dh%s4uy?WPeqY^V9Nd#2;KTakRhuSyQ}x1GDBSf2k>r7$q4R$|$oD-a>` z2=o&3*j~3Cw}Hd+u(yuYto7%kkjvfwpA~sooF-5dVq7*GE4a*HNJixH_`CPv>wq+L zbQjz5c(@)m*7EC@Bm{_g=ttYOnwpw9+-@_ud^XB0_FIu2-RD8y?&7(`wM$~vu_@kF z>UQJKn>F8G9JgWjIK$U-hSI!2!^5lDm5Sdef&oWCL5cE(21WI?5*7}Y zqWY=W6%|MbDjf!khWBJ;4gXh%0I#FQzB`epFS7QVmrlU-gzT$0YNMm0X>W;8&Bren z^a7o~sgsOB4g%#cQ}nYJ2uA1 zr6p=tjB*lhx#E8V6eFk9*`H?m9y-FX~ zBf&qFGE507)(l1?Fr>)#8#5?rb93{T+k-yBY7tyXC$;LDh_SS^;Sj-es_M9vpX%H{LPwg+1oaTrs+A8rSX*_k#!G&D3l7NkuuUkQfyVFf}C$8X0faSMnbYkNri7 z9F3^1=s26pw*=_{ty3zS0aW&iUCtn8lTjnr3q;1kf(eZ5BBEE$FMlbZQe1lf*9C#v zexp{a&*${k>3(56aNlUq<(YuE_dT3kY5Zwu`1t(an&z7ynB>&rgBeBfsV^(YZsgC_)PGf!;ksn#ukHUGvGyb=++3*!bovZ(xO!-6f2} zI(xNGt^b`eGoC}@s$38-`GW6te&}cv;Bh(kda2IjNAJb${cxDl{rZ4-hO^=GyjH+s z;FbGM4xXXK>Z%&tJ@8x*7vJ_a1{Ld&xjL;QI6fXFJ+bdL!QrsY%gv1)E|}!BHzEWJ z3LE2G)-(U7G(q1 z^AU~qesztHheG@9f!=2V=#2vRHse($*f7#Y%h~iPTU9%*-i}~uFoK7J;=@R#`8yUO zNd%lhj?L-M3caM{oVRT!-?J|JVNh7YZ>dP-gK$iTjl<&+2LU5lbCb(r55q{zjgJ=u zCMocbvwr5iTUl9gsiTVgG^RjBl8}^y9**EI*Mf}1G8*^C%*rGoA-P}}M%98vjay3R z=YZLG7}grqtBOKOoI5N}=XdaT39W&jg^0Ym*zw5Qbd|x2EitFd zM2@!ocegTT0hpX8bBY8h5!!n_!7&(i1~gf(grmk2IUHc-3zmG0K1nviCIiR1gn^Pb z#F9ZkBue_$F8!^#ob^<@!GWSe3wn8$_3dq!(BnQnKf?iNDteiWk*`T&LbKj)o7S(0 zO6*et5KG+cS4O`xWs*fDnROwuc<)0Rw2ag~MvJnbN?o>IYL1-e?asa2AejlkGB&s0 z7_P2x*Ow-@i_f+#k|LeW{@x9-8X0JMfK3)`;F2+y9x~Dl93FX!JN~Og3=b-O)~S4!X}lr zp_mxET%F=m;&E5=Fy^Qi7MUpV8`#^ZcIo2X%3(bbx z3B-@mhG3TJ7+tdgFP-8@vJbk(DFmJCZR(InGS|`I|W0^lUo* zyA=u+SppF+x&G4ZqO~ynF9(3x28eA^oyOSz>7lsc!a$c=!aBv8vdkpM2T2)DXtw9` zmQIGy_yhZ`hGS6(Gll}QAWU}7upK~-2+H9;H)r@L65(Gd9t8BUS^cE{G{}!PfQ%D7 zS+14H=<-JgjdWd4tGCZFqfrc&g-s3)3YK9=@@aQ#)-uJdc=in^#G?=WX?FW(1A@{# zTqZ-W$DM`~kynX`3CxV8^&*iMnHhwtLJlk=f`R^e%~=})`|lPGRk`r@1Ql@oB9&2^ ztV%rpBb`x@DF!2aY#}3RG2QZC1>A{CBJ&RsWpEoRlQ3;aO1h2TFFUnL`On(}+}nd+ zI0E+x@64$9l$~+DiZ8DdvJ^8}rT@hUu#l0Vq@LzayumPFDCE(*@zcaAji3|$Rjpu% zV=+|oNhW3c8XIdBjpsI@V4MNSph?9bNW8vSG~tX(b*q8(Fb&~WK6c>1JX(`s+9m)@ zI~REZTz11M2+c3W@HkXTP?+SlP{2z-eKD6{fEHw)l12z7g-`sy$b@{#a=WZ z{Re#ZS{+2NAdy2nt7_%xUFIw@6g_SE(aR(v_!%SJwSN=EBx| zfi(JDVRE|CTN90DcK-U_ea`!h66!0vHr75q|J;USloYqYDgOKxu}d&Azt{VA?kjn* zZtsVEz9Aqb71j7nzElv9*lS@N9`(HvQ7E)3&ED0wmUoCIn0$81b6p-W4ha^s;olW= zvk;{*fsf3-dU_O6izKay0RvJJEm?G8+jzU?Dar2Exp3>G~ScQd!2L=Yl zRBE)@uq??&vAwI*s?=#CqobSd!a)GXkQ3=T`hA5mY4oxxB8#PR<5SxEgOs6Sr0fpc z*{&~)6Xi-pq!i1*wWybA@9*yuWPW3xuW1@TO0&sS2$Z@0&8va>tomRnRLy-&K_&xp z-7e31ELh~&u_n++UpEU}5zg)@LLNMp3(@^5pLDAwn^uU?gYw>Pu8Bi0#@uCihwa(lnnCK1+8 zMQD!m!PTf8R4%#Z`T6-n8(n0mpcG)-M~UDK2ha8JNiB+npEr;q?Y@_z+a+Kb=hG%( z3)jJVJmWtds2LLkg>oFa?EV%U1WZQ39;CRt)&M;jes$%MN2X+48(MEl!o1&UP;tK$ zb$?f2goTB%+5KJ8uZiZBHG$UGl&%gnLFj@m>3Ar%nft3Tsh*9=d_Tt%;3oA?qjBYB z-_&G^dwU7F;oG`;=2C1cblJ>;h#Q`XiuUgb>-?o~a%EWcA8>7&kC>i3{#IFw!~~%P zjuMJbMMXu<$HH>=ZM<;V3mSDur%(@(&q*l%R0N6nAcBLgMQS`Uif1~KK=3~RMm=;01jTQgr1D?B(Kw#rFb2i# z?qVMIrB%pK$8?*Er8$B}ROZT1zj}#-t`hFQD2Jm4(;MJ06z%wG11WbrMWmEzX7V?} z*0#562Z2b45mDlgNHhVT_@mc31=RuqwYbshkXA{WFfq<$G!Pnv!7y>unhrvbIQ=>Q zLOg~Lw9sWn!vd>bw?2PRn`6*&p6B!A&tiQaG~3h60E?ght)qb3!#tHT+PWyEf3yzK zdhZX`!AJRZo~Bdl|8?Hlu@a zCEfbuqn)qTYCK)8varuVvT3s0P%o{ZBP9(rgaXoP)(IkK7^aF^%S%eeQvi&9rNo2T z4-5`Qz0gO0+idMtizWmJO$vzUBhU)+(Y~3JQ33w9Fk_q@#?5|K*B~W+qmnN32YJ9L zI}e3UVB7y7>Z=2y-k!JV4k;1o?(PohTtbj;kS^&iDd|`mL_$KkTLEcNK)O?;yWu_D zd*9!8|58}?b7IcSGtWG8mbxcVb5OlR=Ulw4;7 z#Rr=Qq?Dc#@s5(7MWbsI$CW|s;1E8?g*W9Mq(tR3@+|x!-Zz&=(tBEF1s!%`FM^V4 zJ?us^DNl|H^J17=+vb+e-+t>Z=zxD1ZA7(B7Jl3vrLQ3$_X#*X;OW0_T+TFx4WB8r zQ`Q2h%-v&VKh8Bh#FeF3>+_qM!=7V+AF?Q=;bv+zxm4NJczM1C_}!o5vEO-K-M}CX z0UYJ$-g9wFP68=WC9PVJJ&H9M%9jkaovaYEI+?gQmSwYBS-00H39O8dpwspmSMN!N z8&M0YHTB*4sgBCO;MG%ym-{+%gT4z<)vgFCj^ zMY^cSU_*y*SHR!Wv~x$Oi11Ka1AMq{f7U+1dfw*H>VfY!Ban?&E%cq&V37!Lcr2vL zs=Q2PH^yq7EYmE9DfiURY5LwI(ju@1RS69=BKGz2xW$X1vi{D;*sPVHzq{HX3b$EV z;&h?{A0!_hO`unA&uMc~Xm+8C+`>orc<+g z<&|3EIYVN%w(;b~yZ2T6?@xT$if*yVJACLG`p3k*4w7F-9r$*p%H_YySsK|XE;RuD z3)!FBthb3;E=KZS}Ba;LZ)OXd)CvN%(7A%m7OUQS;7JXa<9Zu{mc8}oQOiK_E)cvw*UzGp`^ z^(7-jF%h33fEH0Pe`hWHbT=YTZHF$0&N}T~yO(p_gaec12___tRG5xBdxkde4{NNU zuPTV|IvV*1Nd`hHKiCd0CYtgD7e9}e6u=@r3kwfF-XQ74;8e3dAm_3`URY>tX&D|CCO@j& z+@7~oq(pc<6eTD53JP7Y6fu2-{`)A5`-Fxg1C6jR6BcnEnfSUg@Mr->&I#%148}>W zzW}KbPAcqq5Jt$QJSC&#<@C%XaMoh-v-+gD)u6I8^@OwZ_uCvmo#1oB`{8&(0%c{9 z7&ys$xW0w^khp}Klz~W0E&E}GpPQSzKiUxqv2ybEFiH|bl7D>&P8_D_d0;_|HdYAMD5K4x zTdvwG%AqsTN(_cWbUwMp?2x|-D(`Y$4cRe;W%hb_6@gV$SlH~BkEUEbITAvQO73d! zIS6L)y%lUVgYmGC$6orv^G`$L|J-YzRBHk0ESv*V)P17RIPkD;(s~{XekR^-&Dkh$b*GGbcl+K zNz@Wi@$t}z0}TxgksHzRqKM&vFm3}?aON_YZ7+5Gs2RV%()gJRYmJq@U?`;eyS-V_ z%KQ9xM*v-+YfBlw3*N+5ZD1a)CinFAB+INkvOZ#azLs)+b2e9NUBp?-iX7R6Ef$uD53*DZ{>&;gYZjfsHBPx`EP}g2}j26Ke*C_$&(=q6_WMimqQ!4L;wURvMmF zSB6C2uXj>Tj!;!14A7Oo;4p#78q@Gbw4bWb-E(_D_ed07GBvENl1|xNri8yum}5{% zB-tf^VZ?Ht9lN`oqz=s9W1HPSseRE`H0Pys@*F0SFe3T7YLkGwF?>11snRGBZNlbT z@W%0Pdz@GvxtDS*zM<$Js+DBY2bZc#s;z@QWmxJo`^_cge6M_KtMKrZ1bz8Jk)f}2 zqn3?ZD{{H)t;DK4$NkP7=@u2!V3Ly64^8N{7a+Aa2k>ir1s@E3_N(MclF9rHU0iQI zlE6lbe2f6!wgc-(_@np18F2||tf$K+7YSLxf}@T^WaI0peE5lvdfa&hMP*bnAl@;n zo(RHUu=w4)88@RbHGzlHx>=q$7@)z@a1yGI-c#NR3e6dDbY zpxrKmD)OqLE{AKqpZnWSQ_Zih6B3?z=m46ZK}xhDWYLUD^SVU9yEO0R=e!*DK!dpR zUi5y{Eb92P?Ke2jAK`+M@gE>9!qK17s94t2R;yBAV!M_e;@n(P=53O0ixtGnCkp4U zNBS3pRj$wl!VK2zs55()IO=$Q2i(>GY|nO_axZNno`neu^-vzZMYm@ZhM2IX4>(PN zO=WF|6PmkIl!1@-z6}jcc9V>=_Q2}@cC<| z+`1riTyf}OFx7Mc*FG8J#v6Xq&&vVZVW%kZ5rnnIDx7xYm3U*J%*nT>B=WAaBZ=^c z1K$+~yA>?DP*upR7^S!6ZT=f^o(H;6~^B#Pk_&_(Oy%73OT_uu1i{uz8 zKl6aGyqM_ah;NR;jP`N2N0Nfx(25KEITqF?PxTh3NYb3z-I3qy59Ixp%Q_d+&Ccnr zWhZjzS*{g-293J*yaoCO**Mk=o=>AGQXu-yXCLmV1xYnr%y9JkM2BYcn77g12JQ#Q z=po!6O&8WFbrE%MXkV7p6+~(l(U#cWtkb;jVFZ@3<<7jzMS;W^Q*UM(>BJqC_@b|e!l9Zq--<%p}ElaPU#yV7Ix{+ zg@u(3Go0BC`_#aR_U24;!-Sbf_FGcE2S*o|Nyexvi58QU7s>D+g2K&HJ)+%K&hX(f ziE&s8SlG1K7)L2E*rJ8@5eX*EgXAj>6W*rfWzcwh#fgj@|%{7E9V3aCOSumHe_IJ|HyueW`#|g^tbyuSDp}f~T`Oa@#g$9nh zu~xG;Ba@m_ZDxJ%hE|7m7*W3ew$?QZc_kmG@dFFX>6UE0d9&)H)CITF<`2F)lDu&R z#Q1cRM+3VL^OM1fO<) zYax8j+7?yVtCY-Z%hOH4H&YBbaIS0c)LeBoJW*?|rem#d7#$J@%B7vWaq??o#|fy$ zFq#dt2QAb6mosbjEVc){S8FMea%z)Hb-CoR5npsk*h!C>*(b(?rw3ovth>aZQ@atVqUevs z3b0Vj`u_GR2XZ*k{x8cM{X#e+v2tEtE3-_Z>b@7jhu3M)y%}0ogcqO|_?7M)h{)bg z)%NI_^MU}AVGj+9APP#GX_c(7VZzP+YgnRlkLWZXrEUW%+-+gS@A}zoh}&V=+;#c) zh{n*FPvq&U4%x{^Op;)@my827tajVjmcKW6IO7&BIRYwph7!f_Jzo0G8?d*WWt_y% zkHNKIB*>ifrtF+Xbqbn&j^`}w}a+l!V=yLDgmt$6DY@Vx`d$+o>nXWAzR?zzl*+-pUK~!pc1B>nt_#RbZ z^e4!J$JmI?;LGT(KFeNjJg?hx_7F>zZ(ljVM+nRw8QM&XdJy>Ff_2w-he+33%!J1^ zLAEniM6p9sRIlhdgeL~~DQPa1mfc_TL6KGzi&m?plQGYHQT+_r^K$)w0J_iPLbx;- zM&PQn!17IV7GCz0LOQM_poe6aE(*5bHnPEE@RbWO>!2r+TZPg)5nGMiy{3T`J;s+m zKfRSOO?J_)eVjejG4^j*a7?XKV^iG_lz2uR?~;^^;X18eErlj%+0?ej>599VD0%Sb zC?L?5+ilbG!pQ&`}GC}^#&NnbP^mLb5L6Zt_F2| zx==R1n!xi6}4{6%o&sZfyXY|GJkl~Q|s{=isb*vp!y^UzD!8J9{>M| zF&e%cO%B~Ql<-0YFO|JWf>A~z|0)#}i=gi^{ko`RK|;%VSe8Tgln?*+na4G*!YWBr z?3F$oO%pUlZhOwNkGz0*ex8&{+vHGi!BQBJ+_Wr2-4O_$}l4IdqCo6 z;KN~mQ?6)Jd&~~c^<|=Gwqx>8olpDEIcf;t_$GFW5%VAJ4+Gcp#P5!JGPtch{!TK| z&{zOW8Qvd_9VDgYy8ETc%ECgRqg*iH5nD%_ta^U8>Pg>WC z!E5;!hs(=to=!ll*V%47E)f+Qi|7XPV~12zs8E8@=Ke5a><67^nrbq7>0;;O>H6dK zqieQfN*M(sgk-uvCI$r!ttSN+aR}rR1qB6X2imJ(Bh>F*kIw6qgh8ZfDU8gk+q%EV zdvt46FB=AxQ0x%K{rRS@y^g9R_@Rsa`QVp$#R|Tc2c&|o8`SY4TwX^jpst(ouDC=s z$LH?KrFdd|Je|!|`t&gHalV6vSFOS3N48+#?fi1Iws@v^pjaw?i`Q3R6e$m6qztiT$gKr*m?VyI*cSLD7srQc}J8SA~3VQujDqjxPzFUReY?;)rEVaFvG zt81od5lOeBJeM!`xLnJ~A@0%!Y{OU=lrJVby+D^ec1Ip0;VnXN4v>Ab&~SJou%!hNkCc2^JK z`iX00LqBnUbI$!b@!@Jce%YQ;Na*IzuTR&n-^hazG6RFW9&-T+un!=%$XWI3QFQiv z^LgxNj$+t5IYyf==In+y0;z}BS=mGIOtK_KGy`1?4HhxqUXzFrgc6J7CLvf? z6iweC00r>8wD)hJS|kTEL)vq}iu8p-IIb@YZ6nCjyhjfsu5 z43XJ@qS^f}vt*(vN_gUR?2=TIEe#*8Z}7mN%AN+bzu4BKS)$sB3=sM2J#0^fuXm0X z-U!hMI6tLNR$751L}^qC`3?0>7)P=F*QWM82~L%p(P)8miei(OC~1Sc3&F;gCyqnB zjtei?j&JfF!E;$O{3?d337Rb^|NDpLTBt{6iY?$M zj5_gqtpg*;g>!9OKixdWJ) zAT)O^+qu5!jJS@;CaOl z=d;8uIdpc&dO37C0Re%PV5%NZbj$+`e!B}%`8qW%E#ey%y?Xf@v7_#;P56|q`+X^^XXwYP+?*f6oeWiD&pMT`KG;TJ8K-+XZiWPzFkjB_sXmrnwUtL zH6m7js0ND$t3$N=iDO%`WG0B&hxKavx4KKP8Zf0?UxV(qsl~LmoRm$&6;n+ioqH@_uJ4z_KK(p)#RWQ z5STXTB|z=W+#mQLXV^y;Y>XH&V8AUo=UD{991c<#Qb^t%iy{m%d|c_ezPgHoc6-7e zd(~As(Jye){Vo?hFEDxuk5pf7oiM!QC_wqi$p}T&gDjn6tsv`ZunEFr0FiGHruc8Ux!e5add7>h^Nz9)(UCCmb}c^+1r<*g+fuy92V|ivj9* zX=!O5oAE-`X9HL%uR@XM3HKTFr?Bv?a%>BoCeJRi>gbvT>nh4Yv==NflpdZ3acKy) zfy}6%8gk%sLsycejW!ARO!{0eDj)%j{vO06QG~?+oU@&+?O))CUxRZBWOhHY_}N88 z{ekc<0-O8?*1Or@lhHrFE@T3$)O*0wNNqo{zk7GsW}Wnjt@yG=NToH~$3fy^`!)wW zj>tW0YJnP3P|WAvYV*LhuvM&*1)SDISK#AZgI$xuJRdc6&%;hn5c1H}7k#kRYVx%{ z=e8w}n8<|^lKq~=*@M0l8++q%%blFp!_>wC085x_`(p4t(-u0AdJrWaa4mgxmbHQ+ThpXJOm1&nA8z1j!k$0={6)6RnJb!VvO7y_&QL{(p zXAy8N3!-CUd_gRSgJ-atssJ*?Sl>UC%v^PL)0LKKLY5w2JAw3W4nP|ppPPsKuH_e$ z;j>S`Lc?NsXeeoCvCWg)_h?13_}Vfv#eUal?L8(jLo?VgC?Aj=EmuJCq3_t4nuAWR zA2h2(!KlkZo{-I|Jb0S!6|r#uI{sQktNZR8j>!gG%EpF;RnNC?BN}MhRYm~c5=;RL zD6ec)R1AOr9*uP1)m!Rkl;ftq0JcmA3xqWR*mv42Ei*W(uLzTG7n*BmG(vY4Ow-=| zWp8n2^a^sdU;Z&MXxK0z?XC+JOHWPod=i9VC1J?ckDU2(9rk!)2IeF&{Nrn7`{mBX zP96~v5{75I-S}3Z8iM30pE%+yU9738nUR)d1!h{}rL2rG5%i%!35f|-0rMq~NhSsk z4o(OY6%MXsYQ>y$M5d@~^%WX!K1pC;5m;d~MnpvgW@hFXilTb>zA)Sau1bBak5Y)C z@O6_5@8HNsGTZcn-p_)wx^|io2{0p`vR0)*1}km0snkI(DkMEFCI(&>cNoHoKslzW z1e`GC*wyj+sLyD$q7*DPe)sVxvF3gbUH`K0?;Y9FJ8<~P|NIa>>^)C4%J)0&BaD5? zJLI%$A!C)sS|p`0K0a>22)?4@^k}swBlTA6Bw+?viwOdRLKJ8wjlD5U0K(p%Yv7(o zY@DhzM3-LRCt_-;`b>krBH^;nv-7llz?rYXui^qMV(1gh1xEDoRm4`4`$46?5HCRL z(0wF)(^ymzAg@TLT^nd5GcjoeC9cs-UObHfOdf9{a#ftZAcC^k=x8Q$_ldp5HYn;v z)MTUYrK84)UFtMJw}i_skGH(AidHx%Z6SX{7Q6ZLsfdsvN7z$UO>OLHG94#0hJQDQ zQhTng+hAp+a3f!x;gFLXfBy@G-s%LsD#P^}9OX=>Li~tPhexj(#*5n}pBG0FMTNiu z$Aw442#GFUKdchz5V+fJsOj>|w9f=!v`p%0UJf(W9|2w0FXkdCRH53% zptX|}LKF@|?s0Reg610vg{)$)`J`i zff3?I(SH1;X-Ur~7yzt3*)~_+^T$QIG08Ne@xzY(qm7sRV6?W7SiPg z48}Lz34F`ZE+6sLgOO6kF7p)0z1WJffH_5jvJ`fhQw1oI0S_O`zx3yf?Mx047gC{` z%;qc&)~pY#89&o+iBipyxQW{_asm#C>zkh6z{{LOgOn~2j`nB+hvC+#J($2N8MWq4S!ia7}x6rB_-6bjV$m?U09{JGdfl@eGCGx zx-;B^tY#$wLMjtGST$ls2%H*Ou&dWZvD)sW3-ZucBuuQ^iD}mOhx_}9;Z~cHsG&9x z&t%b3x-|p*8S)z69*jFmzbTXS)bV*5?(T?nT00~Y@<*XQt8YIyi7P~5?-Qd2&&QUvGYY3 zGE|#(X?KWw6PsYGlF3UZ=vvs``9*^9C4^4Z`{MoI*W~1cS$9(lqj^D#vYHnMx;oeF+7Zm>OWJZ;kAK zTl#2LOe;Bv!WB)pVbZ|!nV5#HV_sx@xfS5u%(?DZ_nB-djk}i-L{wbm^%__a*5eP@ z@1Tu)%%ZhLgxTyMd{1IKq4?I-?5??MQGNP&>R~gvXqi^-p}KaOJqsz%n9SX8^ZwAU zar{`j6!E=ibH0CG_`XO%Z=cT(M{e)MXZ^%`zP_&C*45S3(NdTZhk);8(ymOu{^i>L z_%*2!E~xf=;>`bbmH6p5^p-IUPt3r;6Z5#Hi>!@E%_`aL3g5kv@uOG75%$9EbH{Y0 zh#$Tzh*sSf>PJ*WF{abGl;WsQWH}0wq&KmkHG;J&drjY~zib8cDGP*d%aPl73zyrU zK9NVacfC5%cT-V3>@QG&71ewmYx-@`%38V4LTGhXK(qQW!6=ELA=bxbAjs5Td(W%S zzlgmey_d?ITSxVH4M*b{q;ufzsPsXOis}bQg_;zLn(kq$gfD1GZ%#jzJa2mR+IEZM zmt{S&?`9@tCoX*F{}6Y5sOsKcs;c|#N)GKsqhauxdMcBS;_;;M&wBS)bLO5qzoi^0 z5TC9573Cw-FyS)%c;c>MyVze!7dp9RR9DlOqc_WJA!8&W0(6k``@-tlat~h+^|&5h+>r^wP11&|9VDZ2x{zPX2Cn5aNq9)~PZ_us zmNzleKw!|g`1K1rar}#Mp#tLz2HasDTlGMX?~^SV-0ct5vo-2!q{Q4(djoFfi`?yX z>#3sdWlr}zi%-)UMNT_DF7TzFK7Uboru)<5t*ukP{-0)$kfNtNH}y{D^KtGeMBJf>DuVGY{BDIl6t6hT=A0S;?ir6Tc z>$ePFwcrq_)qGk{_x1X7bsIqH2n_fv=KdQx(fCLVV2|!c7I0j%>?TTfK!XD>`3p(K ze#WLO3fjNdbYJg2SI7MG7tbVf_X<)5ZIFlH)y_E7+)SMdfuR=4o$ttdaXI&fDtrE! z`ti?XR~&xUl3}yiVyoP+qWYRRrmycGlWXQ*p+b}~H)j8$GO(GcZ^;eYMNIK9Rs}`S%<4*Smg?5sny`(QhL6*(Qo)8Hf{8V( zaE7FO-cdPIHzm}}XMjwCSGyS+J`f~=myU99frL81E~n9q5PSw(@G{~=jE0j@QBfIX zE(UtQe2aj3k&_23u9IrNfZ_Gab~N*?Yl~9rp#si0awqV9SbH@5K=`3((yEl2_f^Z8 zmvf)m|9TbCQNI|jzdu*t1w+8)LW~xNxBMNU01k6apmy^S-K|`45m`Jrj`q{D)1Jnf z0&Mf|vbv6}C&rh+Q?Lk0S988fW#J1yzZhF+<;C@)rhvp{G3xC*j>?q z{k*hMKoh*>T1d&@#BI%6MyY&C^Dhu=*hoKh^aWt`##6%@Embnnd*sm*9Hsq!jSm?u z)PMP~Sk3)C(}y+*d~IyUf*0klHCt+5jC$N%X`Pa}h=>Jl4 zizJ;muxf!NV*l%V28-UM3zLq(#mLQOcsB=Pv`$cnQ~%(4*zxJr2A8+F2pZ|pg_qa! z)$R;}Ja+1L>S5e*$tgD3cT;yx-mr+JjlhIL;CHM`bxVZKHBrAK5I8pcFq;)m2^YA~ zH_ARoqJ5TNGv(;S^wykUeDcm9La&-ght#0bc{J4Jna`cb+x~Qp%YfFh-&Iid{wPir zG&~Y>kDs3r--Bf&__)$USm7&47oyhkb^MgVV77=Z&8 z7J}w{Y?@82q8J;uV5Q!NFW3?r35e$p%=8_QU#Ak|)EW`N7^~jh1!-)Jj}^;{$RO#m zC#Dn*BX`x48;?51$H#1jAh0#FgC#E`Y5FdKz3SW)kccn|6RAtLq3^n}O+h2Um*Jkj z_uoeFBT*%UxW#fSWj{`dgbZ|4e3_!J8L5DgY1OL+4jp*cD6zuOT(@NK?MucFT9quY zICaWO(+Xd4qWyN33`{-#OvUL&w^gfw9wkQ-y|BvkTPn8CC_)0!y$H_?DxZbA!MLp= ze5j7&G}TQ0j@JT1m#j-pi26b^-wP};CoF!W-eiKjsT~>Q=M41yYEO$Ev$;Q$9r(Wh zGVIR~cXkNEd^J0(c)tAXlcN)VcVe!g-FfO|Jx{0q<<ru+kx+7kf9l(u3F5lMjO1G0r94Zce|@zH6H0B+;k-z7 z=^JH$602erfBAD#@e{CDxRftxpXds<%|7JA=&*O-epgB!prS(m!8ph+vAVEf8>`d? z`~nTB?7($1@8PL_@nO=72whbRRfmZTxVN~uv7cPE6`d`_e)W|p6e>uwU5t4-G#sS6 zcxYlHs)$~kJ2sFVT6kQ~^-_*ceEvm`qwv~(pI4uT@mks`OqQqsZsXjNKJ1#CWEX|SM z&#Ze$4D7h3xj4;R|3M=YaIFVoY>{>uXpEB>9BVxE-R~VJ2>>Ew`8DawBA`Tc^z~2{ zdbF*FK@`p)IsWB4LF$y6r(Xq~TNJ+L^Yncy*}U#>imaKR!T{k5>_jVW7T<0AjrOR! zaqJx+UZVyT3v|>y5x+bT6|>!F^ED8EQzgN;-?;y?OjGGw;H-drkgLmRkW-orL1&hj z0IRKD^2ZF(1y-}Nh?wsbJcx=>a7AY?R|k(1d)z$sZ?@_4f8%d5{K0ccyr#ZVRRoi#^B1XIA5F$bEL|`T1uY zHp5fU^uaxt2o#guSk_{DUgmx#hX-ocbc|~g{1JIZbLvv5r@-D-4)rAt{b2dluEUZ7 z#E)y8Dh7yOgR?i>18?;IKfalGb#U5yHEL$CciXUa3m%ujny?9aD^8#0?$OTKS>NSE z?C+tw4fgn3W1iu!b@@auCU%}w18Th7SYn~;nvm15sV>3OPn##v+6wiO!5Y<1;qXA# z>tysq<~`j^d{x(j^SsusVxKEvsnpMrH_kCDN`il88Bp!+KAt2Za-bhe2i*AZ9A;>d5vk z_z3_?Sj#y&l6#89RKxL0Ni%(YhPv5lYoLH0%!1nlJj@p#-u}l1T;6ZVRkB!h5%evM zo`+HDYV&Pd1PsB}#uc%`d6~Bhgdc}?HVwsQ`7WZP@p4x#h#Nk~_vF>w=@NCrjs>b| zWdY!c^Lc(Ygq~x_8<66HFcEg&X$kJGY*cXDMD-%96?Jxt?u2Xf7lG`v` z#9ah>UAPasVKr0OVYv~&wB{bjY%SBkhNCFmA>oE+SVYw2}1Jj%a!THF*kl` z_1>8XU=U{*l}Jg8Np=M&|5*vkOL&(?y-$T=Vr)|tGP3h&*;+>9uhy6$Xw~$x*g#9G znQwpt0aS^8n=0$|kf{l=GN*)~m`~xb1`rR=UBEMU8cto4m*3WryYltsDgRAB|1})W zGXGh|-#|zp^6!ND_Xn;eBe=AOS3ZOMLCz095oFVU1xWM&us!T4B{@c3bq%jR*cz|- zYInKate?4rQ#`le33bDXU^0Tj(XP+G%9Rr^ki|Y$ zdhc5GL||W{sf1uM0RH#jceze%!r!qUq(t51NI)1}Cz)VSd?y&!aU4G~bC~AA@(cP0 zl`~QjgBrzId1FndSi*&~vOF&!K)&HGe;m2^l0FYAUw$NDtf;7j40TppnO>JqVwB=| zSv?h$QQ4F(wJP2QeXC#pavn{T@5j|qv>xlS(Av;)z3c6{Z69eJahHC)vYh8+$j(z3 zHubu4A#W&^-P&px%C6HP%iDh$)CMT-`F|3t|NHXS{ENpUfmn4iGBkGax##$vT8 zJRYERGx?ozCBHwF2@aRlaCBR3Cg@ZH1N@s5bl4E1o$!w&J|-oI^!4|*S+7Wc)^Bp$ z6=|@Wj_c(#|2`1*7I5i6;hOEj^=pn!Lz(aIs`TmiWet3nDSpQV0sY{DRxM+)>$SgKLPkKNCiHl%^+tgz>_)ZIuL2n}GczwQ zFFn0X3ksSHK8Kgva4AGW?-=mV3EAG+!lP6FJ2sqEdzS~YPp&^+dj51i(5f<890Akl za@`yPy*I|S77AKgDgCc4EG=CM2x>)XKc1bPrKhLcBSsIY7?X*4o&4?;w>q;Vygxms z|G~2JZtqiUZDc4p)m}YKzaN+zswfO*KlfMkY6>e;MoQFP%5b;fqS+}Msd_H!A0)QU zuBT|A?&E|{BY}#Jo_w@mC}4US!^{_vj2L2}4=ct&)oq%IN8fcBgz~x@GlOw}anMFy z_0OvrxVnLE0#Y3xz#G@p)FkCmL}rH(R77%5j^OgR%xR?Ejku=DKY-%{#9m%7!7p`E zc|NEl6B;to@`G+lCQs7)y>&pUJ=Skg5~XjRCB^k$w95z~zlhMR5=s1a3_8?A%$^0T zqHKrgDrSGBcl2)o+W`5TeEyVoAk@KgQqll#X_7Xf zkOQbe|4N0z+feF+Pf*m#Dih?LS?#xD!SsECQ3AYldS+=hgYZck183IYjC=yM8?kKe zkkfDL8f$Pct4RZ>;S+QT^u5nWoRJjpAs?l}LwpqmSW+nCo>4(i`@Z6B=NN2(%O5c8 z)#H2Famj-*p5shQB-@vpYgH2Wu)5S{4NDc!%zcj*$SINvG86wqz)*IFAgRiJkY0C? zxDc#6g(1*UF<-8LE*Q|9zA7c}XyMY}_WQL?Mr1B^h75_lt8q+ZZaFEP0A$mM6WQbO z;huE9@EfSh5hIE~He8vzilmXZgq9ve6eXy|Rgv^FCT1+@h7Zg3QMDT*(Ia88i6&ZxBc; zI7LNsx)D--!n{p&_-H*>Z&NLiia15ODGr9@-&k5| z=$f`Z;4_qkoV#m(&nSEvT*O%?{ltxR;Bm`DEE6ce{Iiq6?p^KnX@8^sG*v!~$GB;jWwG<$0V@DDNHha9eM*{Dp{Q2ELBrpGPX1L_%n(sNnpb z#Si3E!U1iogqByEG?wwnd^$$tS+P$%$K#_7W9V##3iGB+njUo}fb*{wt<*nj2e zjvvn)jDip`{4a05HoW{k7n1+EQcF(!_G+*h-J|A?Z|qoJQ>hHaINRz5-86}C4ex}`1ThSGqc^*(JI$f)Q3e@9@A0` zoD7E!#waiq@qoK45E!Z>J$zR4j&i~07DRpSeVM+=c|r3FjT1c)lt)kEKtxkdfVUh< zVFVSSEC3Wl z-{0uUABebRk&>b8Xc=R?T#_$p?WWo204PaHPNtm)i)&fWW(8#amY<)4Ml6}v$~j)X z53?IjVLZJ47T(0<`M;wYY`jqfx-OXLV7S$&YY9FEpbw)B#qdhX%(VS}mD(MKFR5{? zzXsGxT7A<|qhoo7ODaYM;(0Gm_rIg6Hhq5cU-<->$|iw-o9P}fS{Qt(RJY;QY%jYs zV7smV!wTLq;PIC>9Zw)Yi8}63-nCU-252t$0Sp8CA`3iqQy^x)KGTYu77#=ci}_up zbDA%RGeceg9mi$uCk5h~Xb|Yx44SJ2486*As@P22Iz{}BEc719$8R6RIFvM`8A;P+ z{ww{U;o~^+iHI!h9%iqd>es(rb@>Hqltpb0z-xeomoWkNoak>1|AG=!e29!(Aq*hM zl{~No#aa=hygXNAE8T$QzSsA_qG=gxd9X$bK#=+uI(>c$IRV#=wQWZixQYY)4q&Ab z5lkYNfvpTdC+b+~$MyyisXY%C1~tmQ=r>jRg~w)VnYq3X4<}ky{Y-gEPPd=}Dqh`aCNlA@5L_tSNSx;UFqRWiEWgyzIem76TNFQZAKsA(tii||SfZ{G# zdjnP<2^mCwdR0!f`_T;U2!Rk0Ei7qyo5fb%-6AO>6Ui6SXsJC|Q>w2w3SX!EUGD1g z3lrkuNlC3`t%xyxscb=6p3lTJ-xMbVI|LLIpJS~+Z&8gqPwE%*5R6Ie=a%N^*Lscz z-7JHKPs@F}3PPP2xLEw`f$sm@nscr}fVKW%Q6{#;eE6p{LLEy8Dceb#=V7jcI|GVX zuhLkyU@``c;t>@J%(E-o_L@N=Vq&`kP1sD(uvSg=3l>jHl}wxd)g>gmp@;F#uaP$i zJIpLCDRV)Wi{!iSNL%C6VxGp$$jn9Qg zRhwkUm40=z{O4DhuprH~yswVeV~zr@3gCns&>6GK1e^)?7h3Sf z_G(bbu*XKqT)LoNmJu091g}i}oLXErH)OO3Yf@fY>yuJZz~9K99#x){TH;i;Rnfv> zQXvM%d6}oRZqx^=C8N&4a9#0wZ+Il9q`u22Isx8~j*dwlcz_lI&yAim5%A-9P{76YuoAf+)6@E5c6rh_rH#F zam4(05TlXs4fqejyJTJ?@5 zpBs2;1C1KiBZ9$OW$m+ET^>QKGi0F+Y}~BeOhaGFQnF-=r!DTb1aKdvYiRQwI4sRt z-$PdyK4VtNH(ZUO5irSHp(VX|{+uqC9Qmzm7pxH3t>oSb3jSZ{u-A-f*ZZ+X28sI$ z)tlzgWRv=gFZrW9ve_I&Z#jtNG5^sI@IgcxH&WPeXR+-Wohjk9lB(mVSXmT4P>8Z` z*`bUiCF|-*(P}Z@W|PkUz|BfA6(9Pv^qyLCv0J){{Th138?NIr=+5uKtdO~ zIi2Qb;qw5>bCCvdFrEne4utolqpHWuop+x^fPU{Ey#lb-XPoTX*82W!KYQDkb8>Up zYC>@`24N@)JzqQ@Aod=wNy@oY6sSuWXpdDzn=OpcTUsm*NEZF2BKgn+I~M_O1HdM$S{0nPJwwY~O#e6wf__OhcsIq-iG zZnjY6(ZmO`P*{XwR&c)>3q)f$qmnird?6$)H|I^4gWh2wHoBL0l(o z1S3;MtB&-Lq(Q)>MUivG#=|qICBq`&;{86j$f{lz)p~7h4RoU+KnfK!hTd@~*x5Al zj2Oj7*}eV1Gh_cLN;Ct>ISDYjq^fiy>mG;<0AUvX0Q;hr0S`j|aozvo=c_6M?Gqu? zr6lx#on{49RYwr@0_LTkAs~W0IUklkCWh`0#Wp||Kp+;D3)EQKaJio;Sy{h;xQn1U zDI4Gl7X!rPbS+zb<}>5Tv`(4n)}gw39X{@n z5}G!sMKst8i8=vq;qf>^Fixfl?@jHc#QB0TKolFd?68O1$#!wu8lmjEClV)8-m4XA z^gZ1v9B2>Ly~#0}61@d9wq>m}5KRAzS%xfs1Na&YSID4KnY~b(tmI!gvWhZ6GVa=h z9Jf+)ymTUj5w(`bNcD%3ErI^?rUIX?G@ra_u3s`g5kNP(q|P|<3JyQ}m->6_+kM#Y z6}CdqmUcLq(rzp=z+YO8itwKTw6D-C|2th(Y z4}x0_-SLiKan)g+M{^rVo*CyL`hT>&WmHvB+cpX!NOvP$n{MgabZ-Ia4(UcZ1U4Wc zT_Uxmq!pwa=`QIG>F)j(KF|BT=hyjj#&HbCaJ$xAYtA+AdFM5+shORu9%l3p$r?7G-pOmvysNX%4NJ>+Z=HD&juR&s%%_w zm`?zZ%0Ix@Gc0+~b7nI?K*6HpQ76fQDv5Js=&+J*VuN=?vCo(0R5O`Q-GBkavg|!r zGin|fCEd_vsYmgKC(44;qDuYFWWXX(R?)?m$-4!OT^>n`t%Qe#@8A~^mjmaGXV(qXnT6b{Cj{qY2J z1J&Z1m-xs7M2-M-p(D_D!0?hQab2H$G$6fUr5bj+_7F z)6=Kp)k=;+BC3v*wLlCNv1Ijo$>?WAc(M{(La`Bev$dy|p^N+YN3MdXYMADKv_2|+ za`yJN73CJ@V8YGu5keI!rg+U3o1EVN1|9u@?&lMRQ*Ep+!~d(PfuvytkRM{(N&0Vo zNW@*JKI-WIn&s!X%&8LT{mwlQ;FnN{REx~8{oli3Cy>Uec>bgYRdY&=*=F zuD-X|Id|y!yF?456jUOXL~3M)^!SsuN$nPVq#9lL=`Ey*loPW!s+-S#>iw}5Y>m1f zD*n?1^Zxo?qd=8?qi#6}BZ&(yyWG#bYl-$7Lm6o$mE9UkVCHLdAPcXZo8_w8a1^$O z0ZH>{sy5<6NXk`M1%O&*aPvReFE=WCjZ1;FZ@&AT*Sn(xBlG)HM=m!#LW#uol3ZcY zX_MU)Sj^FD@n5M+6l70+*}`+vSj`WAud3LecxB)aELU>iKO8mLbnnr=e$wy*kSKhC zHLc}4zTDM~=!33r1W$htKGHWd)E|9r^>khAG2Tn3gxn50-N~ybtv7a!lpTF9=bvg? zt#lGZWCkiU`fd*St{g3Vb0^{*S3ueF%u4@$HP4^LH$yclK1f%U@x#K&Z5yuP`e<_V zH{;U!Ty`S0da5SQ;zHFMnemmXnO-^icPUITcV^lUO^!Hn_E zg?=Nzsukt0Iyq8kx|V!>YKML*!l3Zy8~<(odxW2)>dn*%xw>AdO5xv2m}1B)(Db_o z55>QUF-L)NtlvMLc2y!%xw01}!flr1UmY5cEdr1~!>N=2&eZ`+9Pv^g2_PL%UFZLI z{K5y%jA>5Yhy;-GGR>uv%%ddWpO{TkXJ)dL zFqF&Rk!h{T$D-bRPP3<1J>)8f=jMMu8WaE!z>RO0z!q9v*OEPv+`ivThsOgY;fk__(o)T%HN`LB;Fg=kNp>NzMX)V^@y0`Riqb{9)U$NzI&>$v`K6 zs2MjJ2PYkAckb)y_je?A@@L0n67#tB(JIFppS+wfs(&Z!Y4!Gdf3XeR(D5b(74waU zi!Tj6kYMyum!nC=)tmO`(HBYbKdneXt_*y#Dbkl(E79 z*wQ2oxmC4%^{GoGHR9k<__Bw%Q*tjJ6;BbgmP({8bAq_0V|d z)qY-0Fz~Q5R~Z*7{a%hy{8Dj=jrH_XB4c4v*}Gbys{4dTaqR~+61CbUJ!xJuQYS3# zUa9IZIkV#^^bfn!Irg7N$-aa!@fcCQUA?u-cc^_+rt${Z^RAeOF+KgAu8Tf1c$~P; z{v-Ewen4qbv7g9j=WsQae{IuQ>nYOv*{X($^}t{00Msvd2-v#G8Dn~1Cg2U2Xww1| z(U+*Kx4$VX%H7QocPO1amoxM5{CnA$7V6O18E+PYz~|JGJuKeCfpZN?MiW#mRPoy( z?j+6%+;t15G?^fUf>2=#LgKe&c@uA0@xj;Lx11(+?c0D+irYN`+Hz3fDUy~2aS64>Oq&y`cpn@{3l@uve74o$F1Tg zYBG`y$7FybQvH*L1OW{4rD?d7`brDUEAe6yo&YfOTrCZybMXngu!@zMJFOiv+Lz!w)BenK|%4M zg!lFr>ouaC_P~>}G0W0`4DHj8Y5EeXrwO zqve(&EJWH1W9mr|3TSOuezxt+wbFovW@&mBf>VV4tP~72Iy&NX;yXL#83x8Ie6~Lx zx;be!B2`c%0cVt#a6#9BKfo_nG4U%S&KMcL>PfAE{k1nYp)#0~WcjgWEZ)`-8J z3QUaWt8Po`78HelP!JvGp>fEmTR^p2C_iLL728Dofu8pI=jKuDoe-0VlSzsk5auxb zOx^y2>IBF^)&0lH!>({Kr^((>hQhy1=e2tkhPI-7#adp!_tJYpd}BYEX=OEa9q>40 z4Sx=7!4f0!WJ`TWkcR+tOjK~_@lO#%l+H|1^Uq?tvBO_;x4qFLpUT*?FFSnMtiQN) zO6Yw*lea9+S_!Q7&2mydQ>JSwgdmg)Y#If!+n8O{XikO=6nN&OJJ*8v!3Gh-ze-B; zT)STCb?Aeq=04d{MTX>0%YU8)=my^M?Nq1#w6+icANR=dTWI#r31bXTl_NLy;iw7B z$DGyFbGQ&z^RKFVz$&@R)>#OsUb;9%cvfZvqfAeSzsXzo$Gb*12KQ%uU+|0Ec=R=M zzvRMub`g3nw`#*Ej29$r))=3aC<`2@uOjyP?jm`Z&5&8*hIe;K0z=K{ZO-?i^0isI2 zR_@27SMQhRMQ$&Psgs*~{{eu3myJ8w*M2=JREFn+VDO+$W_Z|h;_V*HRs zo!RtZgXKRxOiHg^oN@A~JJEaC@+kIkld+NAOrPeqyRyj)<7I3{9*$ElyPbTc&aSVh zqse#rfCpsKWKG z7pVV_7v|eelca`HzCUo?jKxT!q+Uu!yL+nNeM)XVj0F-NQ~+@Dccxv%6JFJa`OuHR z0q^@>6QfGG#Os#_67`JbC`ROXwQ95P$7;F8J}8qhx92CW7K`7H@NGUhn_JU2fdrY} zZN-q;!0jZxpsCFL-t-YU-$=)SnMr$xbgr+s?|lc&9U(ljE+UBq0axN2N^#nw)NIMD zM3I(l$=lXQT8Z}O`F{jFTVV(kk$w8WU};^uYis=*2ITmXwV_%?Wr5W(8-1<2Jx)TJ z*}}tGthR|Ra6X)LEx%|tMT^hT(TE(nx=R~YP31)`)i@)&cA#Ji)B$|L2#I0DIdS1y z7hlO$b$1AG(;-;;FEw;*fH|$%f2XEJ&BU3nFv-RliciBwgFpA1^^f97u=%qyt2YWz z%46c6l#Gqk@WG=k>D+U!hKSy_g|GK@We*Ve28a?dXmUxo?C|5nejeFMU6G%IGy9HF ztM-sUlScdVSiB829^@hhdZy_{Yh5AWcOA>UFCla1$ZM3A|!cUgz)pbA0R2?4=@h)pqF+N-CZ zBH-GGD~_S>0XbzRg;3}(U1ZfU;I{_uiV~EhGJc&zuTsXQE1^RFi6Halvwfv{2MG;P z%{LP>=4W&~KFA}-q|Vr{krx4rL(O|t>7>nIYXHFn5n;2^ALP-eZbs8bl~3x?w3B`s zXkvJeOXK|#)xn$z!uh~d0JcG~|7JSADQSVjQ$)^$Z@TwU=8WP4Y~wR5S!WUu`a=n7 z9z>>LEptwwa$HcL1>g(~K5|b+YP6xg4}2Ll;Psk=X>F$7EHxZZ+!e4?u@g%l(+yN( zhF&W8Pm6;kN$hHVC~_O|aJoezMV46|2?C$02hL0`QB{;UgF?U1hZJdPQR`Ee#37}r zn161z`o(|OZdCS+=N|%e&>;}g=szo@o2qAgV}9@d2p2%w0bumg)5QVp1Q6T-y8;US zjsV&OpvC^PE+@Pde%lUfi>34Cn$P4&?f zDd}S*0z?@}#8`qZoUW*N0-01qHi8NqM3S`ju|-qQ1;cEo2alV8slZPPRmD-eySx3x zyI1~?YNERF@$oKACy(o&qoaBAc%mWE5N>2y5R#P8Z{#jy`VbSS8RzqVf5YwH#KPS7 z{Ls@e@55++TW7GWfWzKWxSV5?sqx-xBz-oNMmm6$d&2a;4QNmhDf;Zxn~$KF_eQ_+ z)LwXCnLmCte^fhSQFEcb(A#`ttu4%_Mf6u_J@OJSOGMbxlNZco!5hYQIOFLUC6B)} z!FJqaNf-^GLCM#WjPbJA$n=+EJD{|gI{$LPPOHig{FtRN`4Ajx<<4%OkNp}-dQsv| zJf(bcrzTeR{&v-F$6fc(0g)#88E%-ub=w>Nyf_dF=1}?$ffHd*d4f zREAJ-%8^j$#-ymrLatODByg2>;q`Z@_15sg*f(t{cIp=jl4=W?$_Xo@WDQ_Sy7`@Z z!jCWOIdGERsn*BhSiOpdpj*PzCRwy2cgcbL8Qs56G$GOYbzhE3Zy;wQpYmBWpOAB2 zpaw;gW+wDVhImx-Idya8wb46cziii~k;4AiDd^iDSKy3sh-6jIln0l(>fWZoiF1g) z5qyULTS;?HS#JF@#kqcr<{y`y7V7+|Z*vxz9tn6YrYxv07$-6o(hw~$E6BjvK@gj< zIl*OsWPm{a8HV1C06_8@@G+EOW9xE2}C|ptD^vzqqIVW%$qzQnGW|fUPEY&>B$0{V#x5 zg9-5zA8xw{hm=5!e=}CzQ4dx!?m)llzfb(~aJ8BA6gLl-gX z!kljyMn8ij3^;c_>96Xb{9VJP59Nn<`6X7x73jhuPtyHX_1M^i<~!{7kN0cjO%(LV zmTf={nJ5h14R)WTuo}*HC?G7M@cF+Vof-+|_jt2Kq5{gp#)56|S7><6SERU_c9Uf$ zXpjD6@1`vHi0Jno!yNO|$D*x@f_k_h1Mc&%a-R%%<6par*6LmYhb9uuWtzihaN8oQfYLkq^hhBv}TcMa&?#l-(y3K%>Jc#Bdrb z*B-F2X~BtXZ%3xr{UiwjcA;tkY!*DJ5WQd4k~lGnAZ@l5P=$+%PTO8s9^(pfJ=h1E zk}oEMb^-5uah>~nG4G|6S@Rbhs`ojQ2o(pK^?LavEEV!8f5~9PucILep~TQrfc3*; zZ;H(gWpj{cBoFy*lol;Vk3Pz@s6c^bYA{|gxpBQuesMKRAsh2M!9!qn5n?J_?Oj}A zO8i*!1!~m0nCltwiL87o*q37{mmA+nZWJy5DZfw?6znMI{``XDlq0{~XCdMbOZCzG zS~nvD-P<$Z3j^|{&@SpU6d?&>(Jp_@WhVU>SMlxJ=Z)&$2+K?-Zj(fhZ?RquEZ5(Z z>?A&2xB2TIHnX4ZzpAziXm!nRb6Kfp69%N^c@!^X|CXsbzIzQ*PUp1&C|$oOfdK9c zfrs;nT*9)WIHPq(HuR=Pgm!Tew+H@O{DC?6NTdC>&BJ^W zzpA(WL`FrS$_;R;3{}$6blGBqdl(0>9vyo3M(UEg>QK|}gq5N8>#xA+Pq_e7!7D6^L3gkuh0ivOS}F`*d)%_*aDSmt zYLl69V?(R#U4^ViZa~0ck9p4{kc5#2t&|8>-PPJ0ey$Q_?7>0p3EHaPKmKF5C=Gi3 zGK)m&$F@klq$YSrsO;^Ex02Ol?*NnanDh2c$eZSdA^|d%D+_>P*`-n;9j|{x{Ar=t z_X@!I5O1wnc@CG z*B#|zhM}h~i*1)$Hiw9TPCBJCy)DQL9Xk4L}Ix*(WeTT?It0{s2M;OsA~jRr2EL!DP{0 zf!fpWXp%s^rkS68L0_GgJP)ex92@#%c)(mt;bzbT1Kk!sZ-5sAcu+FjR|{;|YfSN6 zW0ND`0Rsd06w1Cmm= zkVDu1J?3z=odzE>csNR-&GpcsP>w!{8chvD$Zqp3;JC;~L+E5d464zPamD{HKe>Y; zkM74S-{?KhDS7j3&QfkL$WryMQ!ws^Z&NT{WzAQHc+NVneBpW-MLZCOFrxqWo8<5A zq4e6z{rdN}%Q8j7{M? zSdY}I!0|!~`D2|~93aqbJm$!RR*U0;fIu6JQUeYUd(F`!yt(gmWObqE(Vv@h_Susl zHZzZdCG(9ml=+rx_G41jR~8tsoN|3}(H}P<6?k=*ZN;mBJ{$Hp{q3(t?$`UPF2#64 zkA1a8-3CNi+D;ky=|q25I6QIN3S`E>h6RaY()pe)JAa+G@a-AT-MVDNZ!P}J5M~Ex z@mGW6`o0o!DEU0RM5axuMAFk17Z+DmRj>k+a5|6P5XE9PiA}u9r^Xj)e3S|kzxwO( z(DlQ8cM9#dQ9rBb3l?!`pqE0HSF^})+ z;_F|I%RhM!__i}THm1~maDo-!M+5JZq8XBa)n6-`Z@$B3^oH6L+`d-5H&bt0{rbU@ z6WHD^Gw|j>$^D9r(toe|sgC$Q)9BZy_ImING7&uOzHEn%FHIv_y|nrM+x2pVw(FzY z^TeZ+tH+UL)nJtXKbP?!0xSRXA_<={7*@9(Wsm9OcY7QiFWuQ5AHelk<%vG^)WJzA~p zK@|XorF8bfIAb+FN5gA2bA3e9B~9hT{dLh_$iGYMl&)1^xOSx;(y_DX+jS;F?|`yd zN-brM?lQoL%Yd)UPY1?A4RsiJr%}<5vs2{CsAX+FA*Yix!dOgsyg;)WPR1xf}N zdK}88F8tU;2pg(nz8{B&-#`pCCH|S%`7&)5GNb7lf!kAAk7-2n+RL^nBS~CL8089z zt^A7{(ke-dO6-jyL&fN>Kgdne-H?FMz@tl_eT>#qOc^Pwr2th7x$AY#^tmC1FZ~sz z;F8386`IQR$bE5NjHF3zAmdl8%41HawCGCo=&Jl_*cI&)3hi%Q+q4q-py1;@R~f%) z^134P5=h$XWG-}u)ROu>YLdUq(aGamtU}HUC&>wi?TArc$cW@&3QWT9m@x{$RPLlN zFk&;s(xsZ|xqk0P!<^Ojg{^f!B5kz3LDLrYIUAuwF}()hqA&VUMkHQ*1q6ybn_VC@ zmfgoljc-c;04b~^*UX#i-c~tuZlD#LM3TKnvsB(mW|q?!cI>Pg;=NBjl{}XE$c)p# zNe4znZ3jnMDn=S+`$s08P7^T>h@ynb`S?I#l64$ngvs}H0Nyx1+0=)Z+`!GUzIyNb zBz}17jD;)Os|ffzERq<9w}ZQUZiZ_!R=DjFZ^@E~=F0^*5tGBlR;KX3RB0l&j^YVU z8o%SS>Z?&-C!D1I^G%N?u~IPas7b_ija+-+^ID7nm>1m3dH?M)xUzZ24vJmJz=(5# zje4P=p)SZ?|If9DgRFfs(tyO3222Gnbz<8l+-7+tlrTSl^%>II; zkqZ>u^(w=c;=PG%p$!SMBwWW7uGL>LGi2iN&|2C63)sn!-B5on@<7hiu$i>$EWMcCzu>22a^AObeCALOW{GrC(I^%}A`0@d`C8s_KKO&;I)Qt_YP$ERtjTx{e2#UzV59q{gaZzjKE0A=B`f?C>>{3s$Dw>&=%Ms`%}&s2eH z6uVn%%iS6frN(iUM*`(AZ1!edF@;zMBY#6#vzw_9!R}>3?J!Zt5&)Y{!{JHR-4k_n zUb7Uu-{oZ?Kqa${M(A;*!3iGKBru9)PP|iptJ%mcYpaQ0zsBlLixpgQ-nPgUyiQ64 z*3F>Cbx!59KKDEX>2E29qtO4Jk^Q1_>R~ih<{FU*X$pyi%qYM}qx6qu8^2feN^PVn z7O=r-OJb|C7_2!KAyl)e#C;txQKrBM+GVvRHz1Hf4rOG+(;tgB+u-K~_c7BcgLDXv zu%}hlp&dSle{)_&SIKG+TWK1)A?k?uM3&N9?chW4f?{&5CSE(E9EuRe_PQG#ev6=O zVDnH{{Y;DR^J~3mJVZZ^oBxkA;ltuqAP&4QnvAP4ai=cA_wY(*MTXRtSj!yGb)q=Z zi-Ip0r~76NyK97pmYgON4^J>ENwx=1aAN0 z>h)vrfKA8c6f!0X<+P>UT51?v`P!8<8uECJQP=H`SNuU?t_*LkzM2ukEJy%-+wgI^ z%`A7}j7d5Fh^gki&&?ltV$<7Uz#P}ve1Uicq)7-B43ZbsE7cJh0>?#a9Dnk(WG(7r zY3EGoLZh8U1%>G4cU0MrIql#u!XQpDlEi&&$muD0iX_l$h88M+FqLDN>37k&sER@b z8NsaM7ZyXI>8NgMQee}voHPm?wogj)<(9 zfbQzGQYK{=2{W*6Nu6WGufiM9$de}UG<(103J zF&)2HYaa%9N5(0|{kT1r!}b?Z1ehTPPR~ z@sf}Jx+Ag9&FmcF>^UWjGXy6Ur1vAf1{n&8X@Im!=di?6)%+B3f|<+HjPG{IHl?X9 z`Uq-+y2pt`Xv=ciuB|f?Sf^mt`L*S~9tok%~fdF?WN z9aik*Mi-0`Zb{$|{UtMH-)zQ7hh`%KnxU_##r6HzPfQ%1FVL+ZWx)bl$p^zrsF_Ha zUM1?=>E?ibv;7X?xWy!u{X_u~YFO1i%RpxqC^zDnM()B!cxzZ(mQ8Vd_&&s=i-$fm zR#v$!$P?cAOYr=dvARcN5_K6eePetX)OBLba-o<1`n?de^yoRKGKSKBx=|h|+V|UVYq%7o!!EA!BDO*wgTg&kP`<1nr)Edw*jK!zjV&!(w=bKZT6LCU1t3|Xh>TfGEazDNy3 z75%zGFTIVwS)%m_9SRxxUfIh-Mqah^N!<GRlIQedP;Mbs}k-M`hQ&s-09WF(czkZp2+pVp%d2NgjH^PK3a6PZ3YNRe}}?){WO zH_BWSPN3=3{k$N92z~&IF-OQbCHHHxn7&Pppw6*wgEYteCJ&U+0lSGPLYrJ%Rvzl_ zsK0$_a_M}8x$y%KFd0MPBhI)-xxzqmM(WJFMh>(*K6veA&LKFxjGmJL26SD`=QZRp zJhloEb*b~QO4{*XQfmTA{dVc`%eJSCxE5rN*5g=W>iL+gk0ccjmaO_n|NEKK5aWaS z;|?o~@DxC4MBry35+10I-V_)W;%e5hfF{6lR2CgSFw9FMzfhZy}F`)VmYil=_y z5UL-vqxDkN=C`uF7ieFu4O5^hdaGWm0^OumFfJQx@o0Nu6?%*+rQ9$dmx7)n(XGGTw|t0QN!e89Oa8N&2B)zYqwW7PGkrOWle@zQzWFgbR}j zP!Ij9mKs@r56h72`mAwk1fRB`H@4Y$j?h$CIMKpfqXrjBf3;*{ zmmGQkzNDm0~6Y59# zwa%OAu7V<_4umf$xihfs>&WsO8F3&;NF*(7aw|Gt6IuB1BPK_&!R`dFVGpVDapxC5 zXx%M*hBkw&(=ljYjGfQvf%YM}&{IX{n5KEST{~77Cz`W{!&bhieX{6*I3cQ&Yl(qP zY(Kk2*oK@NqNFFj(axU=J`|6;Cs1Xif$Rm)lJ6=K#Z zs{|olWDZ;L_7C05i10NNC@#UA1g-l<6%i^_&WucL-(ynECA34>$;+5=?9f7pVJNr7 z=9?k>qVaO7btD4aTC*Zcb>tn@`$@lIY4#ZP-*yvtgmoNt3wX!FhDylS(NkF4Em=Yf-DC-^}GF>f?P&yl6-z zI#3`9!4hDy8g@8vQy*?D31=fv75eW5DY^nNA=6HTX7aDm0l%K&LJQ~BSMz=&(+@n? zQlwun<}WwZ3*qe{9E z80F7*$=>h}yN4pDFl?z8Uf%OoscPwe@~?85ZZYf%`A-8RbEn9KjCtG~FPrfxv7FVz z*!RtpLI;4X?7v5?JBqeua<>1B_{~UUcxp;`@G8x0(C8O0f5qdczB5PP-9@=t3Z3SI zM&6#&>A=9ds-tW^S8zzTO4FS(DZ0Y*7l-L!ZN`7du5s8iPZVEt8+lcI299u4(i!G@ zY!GDh+z%KDgRJnz!?9<2*tJ&exBsH<18GAmfpkWXYWmVorICi4&y@s5;2ZljX`-y` zyL)zk0X+%IQ|b*;XF?TH}H= zE03eUD>l;?Qzg?)DK*P~j}N)U5(6bCxQ+r&WO;xcSty6Fn9@G6T z7oF**wt~otA*-Cl@7RBFLi7dIe(`bgamz^L=;w4*-78D3$0>65=CG5GVuH5N1Y+1i z?R$U8v&7VvbA=TLy(u8KZ^sW6E7d(4!4jnd-&i02P+5PUB118bEhVecU{)D8q;C_a zL3?#+wT#tdkPlyzuM$3dLPT;Du-(goFj50MPjj6wE@0D3?V5hwj{fV|+58?hrKlVt{!}1yLc~qLR7C1mB@1*6iZB*-Un&UWJ4+t9p-5*{r7> z|CQ1A@my(W0wS>0U*}{l6>utmoU<%wcI;tY(jKf^bpn>=_2-=QLCx9o0=9GOd3!Z-eEYAIFZz*#4u?fi!Sn9(d>%j1YTtd zRnG$c7C75MdXCn?$hS&>m{B$d95HiuS>NyyFJ8IHsVD18n>ra-sA`k3{sNUtnmmO)KwVn7SR4x2U8aYo@T?%A9H%V{Tzg?XPtO$_LHNm)= zmjaJJbzDEzYgv$`BFNpL!WNcoc#Fl+IMtbE;_QP-0sG!upIw@~;8vF_eTWH-m`+Lwh8aqtE!`7-$f>y!KJhmzK$Gf=1=Ig}h zDlAn+@=I>z729&v_3$K+ zpFoG17#8vGGb3T|$$h>N!QU?gWeG%Yp(LT2YT}V8y(R$0yZm9I#kk&e`FzKhX!+!3 z?pp{VqWR)Rm+qvN_RKR*c$}i;rAx4c!n6O*OfHRCn&Y&4((nrrEf;6f6hwr52 zq3UH;3hBja3?)`Z_37Hq(^t;r&YZeWJ|qvHvKqDnnRZ36OQvCnHS&(;W54H)*+e?5N!M-it_6IE_JXnL7cfS+W4l|Rl zzjmBpN1na3p;F%4<#g#4YG3?S84LMT;7!dN)NtV0PO!ekrtLNE3A?YfZs(t{3V7qP zR?A~0)Ad+?7NG0bV%}qHDstoU+ZHT(TjpXU_bxTY7nPe06mw zFbAby-XZ7nImh`>;TcqZFYk<YtI{sJ2O=34-&8`Z;yNrg{Md>h^`wN zkmqD^tR0q`R@ukyzvhNUH6Uein=0#`N9FL!n(rYP`$CMH>ViR+Rj|;a6z(#dI^}NO z^V-^QlNSFr=TJ#K3G5%o+s6|R?`_UmbbZcHO1TK}Pf=Rv{oLqlUcffhTx~Uw%kg;D z84;NFK{WTU_3_ZtM=gAnePL_kK~l%Z+H(mJ;$|NJa9M zIz_$7WY`|nIn%DnoKmZVdH&f;+nK*@@7$%>>0%P{6PiV1#FU8s>QG=~A}@Y!-G#9y zf@Vu=yZh2keRMr7Y5Se_KDGkrTx)T9=+D49)$4hBuuFb-PQ06A zzwYTy)?Ke%lpkuGn3vxkyz(+*?NamA+#cpqm_H zhjDS&2VQ3QSSfbm>Q!6x7-yjodZWy%T{4T+tP8x)m@-1rmlp!Ey6&>f##k=BNd2tS z?=RvV_Z))~-1eK}zl%Hj|MxQxJ2%uv!x`%18Klq3vPsgx&|h;Io$RoZ(%PI74qb^Q zovV1G3}2f|Ev&nS73mOHgws?>@xzRr`|IVe_YLIz9+K_w%=-u6(;-E2fqPPH6;;d>)venA`9Y3f^PW=_+NdlbTR6odn3%Sg%KA@ftZ)X`vLY!1aUI z_Mrf%9>fHLgg>25YTP-sc#m9EEqiYWX0&)61`CbZxktAbvU<@Qfh7%h7+l-GWAKwn zR0Dj_TmBlM?EXlGp!(f#qX<`9l8*&llj{)89dVpdw}d|sjJ59u^j5&=2ddY^gpv%L zXz^*2)NxT!D`c{)izYxqe9V!Oq0Y~a5cf<->{ew=s@$TFU`z~ChvaPN4GkX9(;#_vDD#jx|&Zf3j&A? zByBU+wAG&KD+=118MrV`&dH1&0*IBUN!7Ja+=F(-rMxyCZ8-X`<*pf4qO7qACPIs z1nz_;us!5|w8oU;#z&80(;iR)>6Pa=i`Gyvq%({JKY}SuS2hd>R}2FNH(j&ef&*5~ z-WBY*d}k5q2*OWmkx2P<9NkLFS~RczN8SEsJz(?|nNaAFh{?TEQ@ykUWD$SURTRd~ z`EFIOz2d(R`%F)!C>^Eb?|I&R{_y#g#SEKL6l+ZFHIvbto{vZ^*ZHA;Y@q9(cXv+p z$)=ZqO;0V#o0NZt=lR{5*V|9pZF!3il}M5l39xt4Iuc zDFX^)m1w^2&USn_{%VO8;CoOV*l;%7YCi)hC}~o}lATMxW)|+GNn+BtT5LW)tMzP% z%WGxg(C#Svq-y2F&jJ9ipl0&KhoVWbEsxV2Mge>CGEr9xUT#8oim2H8Q!Ljwo3<5U z?jis2iDrz9;(s(Z_5Xu>p`*}tLAlqn3NI>SvA5ocX%jB?gff-j(I%au1JZ^s)gk|2 zWOV3HdGH-ijlo~oJB2SA@_(DQ4N;RL#Sn{|or*L|70bx!B@Hh-hM>Z5y+J0xVgl?} zRn8wKJ@o;mHSDUR{ci`6J^GcLMC-IS&M~iV)~)so zMLhd)BF`MpFZY~cia=&GLv-b3d|;*#0005zqKkG5R*p-?+E*yj}8=IuSQqN z%_gM+(9r)p9Ul)h06Kr5t3&=5M>J|{9|NoD7zirn+8|^Ki>*6uF9Z=6Fn{~R-;b5O z0=!765wnE4ozMU4vF5EteU`y$4IXiw*Eq8MJu*2R@$aJI4PBB0+q^@?yPj1~xi=-T zxK%RxLUPcb{t_;ZddAD~=pmd9`}>biMM$}AwG zRT2W$r$X+qP%N8kzn-em4E_;49>3p`lHJnnH1b z2)2!flIj^)7!APcsk$4XVgfgqCP-%jNU*@ng{wBxIXJ2&S24NGjY6PUt75ipwl9}KdA{W?e8VHdRUWjKbS7u`w)Jh| zuU*OIg$XHWrIYT+cN`%#8{%Y0gR0$YufG~74N@VA=~#`&r$BzwfY4rj37KB%MDjp{ z1Gdi^;L!c5KJW?xaFL;iZ0SayDu8w(#LI}Oz=GG1*6%pO4f$@GV3N8Vsg*AyK;9%z z9KcUtSMN<>Wnd~s0Fe<77)9hv7l}6MJRC=n^qWG|6!Auz0*trr1h)J}xZZGuPuB-% zh6OaElm*#*qTc%4^nR@P-!0DSV_n+Hs7(ydYxNvR1>6GR8^%dzl+zzOcOcOqZA@-- zuT|#bI4hc=LJvIQl`LrI`PR;~l0r{1P7yr8%}15&+QS+1@xgkatfp=PO%MZwClGie zqsO5juiwUY)9vT-7E5}B$2J=p3W-1;4Abs~d4!5K04YiD58VF<+;1gvx?jM9gkGY~ zS14Q7By>TR&tv-sIAY~pqnm8>(vQuM%I~PP$*(l^y>{wm(T-xC<^cKmdEbYjn5R)| zl;fKX?@|zl4}P9*R4@0Fd ztw^aCf(zKb>lD{oe!bKeyG?0>ZN;KDEjIsW*u>l~(u{vbl>UUH&6ukvV<7dd^S{E% zcz5k@H^re>(=T&|8;RB_3B>B*A@l>&aW8fT(VXq560UK1K1)U(}|U@JmR zx8RnkJ(OkY?7H-9C3=!#oV_NxI^A9lv#GDK^VHcpUa?gQ9mQ;Blxc8eUw6_CF&g

|-%)uuvl2ylKLB}Y6^{^>vl*THLcMGxjgrpc;-E}ls zPcxvu@$qi$b|)su(`SsPH$DR|akJCsRXLSb;fJT z*-}|b)5I^N@O{KsKEshK&_ve#qbmnegd+F}rM{YpoIJLp!ntRX1DT0h_PrC^K&)Dk zfIrMi!~BohKqrB>!sS!wawc6L;UwFGK0wiUm%7KfyFJd{0Le4~IH+?3D@8mz z_mm7~)<8PsSh&+{##FSEDF#CIf|~@@7u1p_28LNPBX{o7;^(jbMIx`0jtK9-O8$n6 zN`X4Iv9p4Xdzdo6Iwk-fEAxlGFdj%F)1Zp6QkuE5_6b|$S z{i-BHmTjsdc~96n?R`lTG}!8Gp;1c(zD0;Y9ofh8P0N*bmwMWy(fD`RdFVGSH4jSP z!+Yx}lH~E+y8s|$XI=s|gn$SBzaK^yLD}(24B?v?ssb^S*H0YbXq-#YF?m)7RcKb0 z$pN|f?Z;R+MCq_~AM2ryS03?EmGapFj*-3j$}SL<$b7=9+I?62KSytRsohx#ECw#MuA+^}p&9xb*-2 zqt_Z-l&Q^ljH(O|V8FwOfoI_DFSvb|WWf6`+ynJFrQP`vM=^aR`AW=g?jI6l`cM>i zsgw2J)`91QJ&PR=)V5q3ts9aiVhdmYdL|2q`x z^0kk}BAV#Pwy4*!Nwi1CU!ez-P3LRx{_%Vz(>{QCVvFB;w9Z9x%ET^T(Fi=N`SaO) zzboJWcJN)D{y2jSovAI$*XI-Dl5LNKuVY7pRE9pOe1h~<*3Doj>(dX@-^3%Sy;@c; zVHQ9AlCD^=HWPz`&CI8YH@}6tx~hLsz)Q^8XiN?~gS6<6ao9rLoPkKlzHQ=~%MNrFvzR=5p+JVewgaSGjxQ~?!jG_f#QkBg<;V8Zb{KOx?*v)XI00g8` zG$fdS79TH>7)WF3nn7_(0X%0~CpK-;AmAUF0A5=sT^N8*NXZk2HC>N)$LF#;E!Ox4 z{O+E8wH)=iLbFuIV9HQP;>Lf>CcLmlSX@* zq=&mJ&z-4Uz*a`3l=*Bnj{wFQ|Jvha-|})>jS&}dWVl0ff{*>(T4PUEp!sD-BU*aR zwoCVyK!M{zR;nZb`a4yUEe=?lAZ@2F9YBTV6HxSlYbOo>4CmhDKy0?gcp@YKfZ%Hg zXT52*e!KEcZ|a|vP<25oO$T13s@2sz8|tGRQ=kKYkyf?&<02?$bTzyz)HHyEO$8 zJ)HPaz4Ke2Y&a$kDkYMDRfyHZS}qb{8F~SjdAD(B=vo~K;;5lMh}{{Ec8u4`dYnwu zPA8ItEAz7CSTHbQmg9Fp3In^MHw-6(XUvX2{J{ zm0QJm=DiySZ=|0q%1Ie#La#LmPm$GJcs%y~<4sB-3OsjkygZ}kRu&wEUyNPp0l z8mwF==eC8flGMkyvmTEp#2aC~ZBm=A2b$aww3Hgx!}cj`>Eb-!_6H(!RVqb21 zJ&}fzm<)ID0ap$nJ9dt><%-0>5Z@&N;Tk4_m@Kws)NpXI`|#36t&kq2FkmmRl&H4? z$y@t143*y{Px{-5cw-ctJO{J788R|5`A@mPq`&v2_cbsGDSPz{EY6b!S7cDo8yA!> zW`;Lk<>o>caw}qhk2%lH#_U&>_q}S0^eA$h6t!Q6GPIYh6V04(q`H@8KzJVxCjV%~ z^i9w-ivZgv3};tr>JBLQV)#PM%<~SDnWfF>>OxY)2jtHV^nt>oiuzB2yPIL+wbv1h zYYKUm`#))rzIK(8FbDhd)o%qvyRD{QOMZoj*vGL5$8FYJ>_@fRR;!_1;1BmEi|Fj~*lH zj3`CZ3m3%4GdM&6<~6n($3YlyAhkQ9XFqkvHIm9wGAD>_w}`>>Epe={Z5C9{p`gj@ zXU#X)F3>;F*^tWVcyfmeiWa}MyL`WuoH4P1=cqs?YngyJD2+_!g=V)T)VZCG+R5Hb ziU@R0C&aK_`_xvD&ogj?ul*;Ge8)7Jn|({g4;) z1pNHf^hz04&@5(I;#T1hb)kL?u9hp&K~hMGe(Z%+-i6 zozIclpS=*RcOqOBDl*?TUjQH-6ht&hjRW&TklLvcrgYIoYw^!{MTF@0*$HxgNsUQ^ z&Fl*)`k*BRL_ULhW@VX-q4Ou~*_QUC12@cszZT)&gT#90hk0#Xf_@8hWElqv54*x5 zTbR-Lypnc*6Q_|HYfOCmgFrA1uZuY>@9cN}zbq%t%fHX(_uwcoTNC!YUu zveO3Rx2AIu^Br5^B1#O2&fAlcqaQYd(nVN=5OBD79Go&JjC1p7ZH^Tq8@~8Lj6&+O zdnl!4O`#MC;Vu;9IF7Y0E|Bbz7(M~2;x{8flp7Tx;;}xitVNvZXD}0CP=5E|5DET; zs;EpIMpS7EOFwdQ)bJl~X#C$#@C%Qlla=gl)Z@h1lf@Ya zcIBoRlsra^Lv$31EG%Io!%Y0xEGQ`JLk!^Dcq1Tl{^R~^e3V1?k@ot=63j~0MZ_kT zVc4r1_P8A52@4eVU6rC>iady*OlgEjUOzr%b0amQoPmG=>}SNl*wEH@e*Ojd(fn_W zOQ00gZt28n5RJjnSH!Z;p0ci62SE}*DTL*+H?lM1&UJK^zUX-{^i@t*g}rT@#V|~H z*ot1H(782+{4~&WM`GhDz=$nzN%D<+w;*nt-1)uha zM>!GZ+0u2qmlsv)!{i+bUPgC#h`42_rB{Fxd)6FpH6%raCxk5~(HOR*COpcn4fl|1 zK$}HLXcv*;%XLA9*$_%b4KL2ydyLdEx7G|v_LnLZISogUA?UauXSx4v#`a2zhm>M{t$l)$lImQ( zE94X=?Z(hhDMUfb)6_?#2(_EpF|R@>O$Jxcgxi+XHAmpg#PPpGWKdj^#Y2|Ron=$v zU=iQ5tx6y&jgs-y9(#ZpvE!=(@oc3=sJAD&u^B!J4ckoGDT^85YpyeB29iSzi#$pl%Rmb%vca$sC+Z(!Hl^M^_!ifqb(!2uE;Au;=`ifc_xpqr|6=V;L`SNly z44W!~<=m|k3fT&>UZK+tKseRR%_tdF3j9^jjBY_LMx*GB?x*n|n!QE#n%~@7F$o(7 zM9B1wYM7!yt*qt*JW2t?gLA3DCXH2#akafP?$Cei_FX=KpJ^Dw#j_Q3j!Lv(s6Jhh zVf@V0^o&L*-e^I2Il$#J(dG-awM)pArP6NLh(2TQ$j50$PO+?nS}#Oz(iAs;z;c}= z(3a-bmMd2nC9oX8<;_nIfx_t-CpdYV?D9<1{Q)g*w5PI3Dyryn+J)}*n5fHos;7O@ z5T;o4>v$n)&))#CS?Ekru5$Y<{20e7ZIu5X1o%JSO#ywJT{p9AbLK{fXH4-w#&y zE8?qY<@okGbUA**22^hqS5s?DsFg)Wc-6B7J3}!J#p$$L~m|Wi6zNge*lfl-9|s zML{OgAW%Z$D1hyR5eZ>)Z~|bIWK<@AE)ab~g1QFaYLWl9+e4xSXAGFKZ44{yKX#fM z=-CQt0e@wwrF=gIFkD2idudjHL+zC9|0AJ{S8-*9-udMY&3>4Y zAV>Hn$$GVC8QPaWskn+joDF!=(FOqy$BfNb|L|_d&*!0F7}>fpsFWJHHqQ^{`>TkO z6jJhFmr8YMiVu7~AB(J)+Y2H|ucXA9La?pln3$J?028>(c58bcz_nP;)UsoiKO0Fk z1F1g-nXd#co)jtNOAAh9YCjU+7k=w}e=kt)z>(Bk===F9)f=D{?RVUe90GAH%6?!R zD-U&l6d|2c{?qoOKWP!tH>)LFxz2@=YQJhfg10ga4C{2tRlF!C%ZQw4D^4*hmDBz2 zu?IWGPB=b7EpuWAv^4I2iN;Lm7<|`35CQp3xiSme>LKcpg1(okr75 z4E^00&hq!C)`-sue6!+4i;LpchAOAUOJ>m- z=Ohgu+9dwQQ_#!`I2r92DJ^4KYSk?dh+1rO9|R6eQ0G5`Ee0WXNftq4KKowj0(mZ> zW=x>lN{tw)1|V=nzd^&eUx+Uy2?qaMzXEBkZZMHp2)`thN##T{q6HkT`$*bOk{^-ify)aCwZS)yn= zM&lMvY$m4@v9ABFwJOxTC3_}akO1na3A=SD-*Ow{3UZ}&R}$Bn4D4EAXwaAOR}z=& z=lamK>{abRRL`RXu)u(cy`G>YYqHepv>g5o>~KpI&i3?isW`*$U-2L{bK0i6`cUz( zghw{l+#`aqjC_W)o3=?!0yY5@c%_mP2AUX$E{&FfeG>7V1Yxkz2TMT%a}Zm|*CF9Ptmwe#D#?UwKaR07}-K%i>Q3}w<=DTTM92Ll@gb_CUbk@7DHm~AlACE zQeSH{4;&zBA)I6pEUGGP_+g5OZ#^YhSc~nAe%&9xPl~x*6Z3pW#`ILv(ocac~`}7WgZ2{S!{rI@+HUUGbTruypZD276UcLd#Kx zhB$1lU2$k(BQtDv5tAinD}NB1GXh#)OIA7#%~qPvr7AT=5nUOsgy^GwNSEr+BJ`Zm zap7=kT5W852L5lNczI!cl?Fyc*eTy9x}c%H$UpQ^C%VPOQ|>~GIuz;7fx`UPa8$d# zwmb}K4P*&y`A6C9Z?@U!F>XMK#nwXX&FNDnB&jUe{u5XnEvXp7elV>W2>Xvp3N7+r z8L<0XRrY`j>9%p1Q>L&D!!!jZcR$@OCvQZH;)n5(4;JK3lGBBne(s?Q;tNKj&qY6- z^uTaB+tnV;C0RDpGb@>#J(Dj^TY-XV>klM}@42kQePw#H$wpX&g}&Dh(A#E2<&L)d z5!9C`peHfj{=O}$bQGb66SG8X9k0WeiL6v(@>Qq8ki_yuK|6N`U%{X@Ojpgo_Y{`_`asIAXF+ z|Wgk}fEB9-I79!J(+i zSEzZd(jc|8f)D>Ww#lRs2$5b$@wJ#$rc(L6Jdo;Q2_wruO$8(mag?E>-nO>WU{wS2 z33Z_G@%>M0{ak;fJ6?=>!=N+g2t_BnP($M+vd<^4zf?YGhjmlOCEgea4x5pqy&$XWbKhC#F1!jX8hlkZK|akzCOH~uw}TbkQP=-bsOWa$zxB8|tcls^cM z=c;7~373LTSuql|-;bHsI}dk}?B%^%FVl*ju;uVZ?xC)nm^#6#vRfxP9sxqEno3z& zdQth;S$GfW6;+Em+L6VC*I_cBojoWGo!D`U2uGC#7V7C7jZkP09Gjv{GZ=}n`{M(n zJ&{LRsAEArR@tZRFequExr{@5I75P7;gO;H{Qd#Vx2JH1ahunrtYyNuk*}@cmRtx-VHQC11*i2zVXu zy}T7Zllpa{3uM3DpZ-$ zoBoa5wS|{rf)_{fnvhM#x;@|A#SSymokW%|i&U1w8*9TY*gxHkLxlu&esrU_Re1eH z?(+>EF2;0ANv3nKUCzRXpnD|z{3q8Ay4>gQ5%9??hskD^u>w>T8QgM8?LZ5}J4@%Zmp z8k`MbrQvWz?g9gW3KJ&Ua?{2WO^|N-k^?fr*_n32pXAb80mov0@kda{fp)s7LwRea%jU)*J1&R+M2b=? zY@S|62pT-T?ejFzP*q_&)#=hu2FtTD+!vtFCS+%OMfG1La~w(dWh3v129*p)pp?=G zI423=W8!L7G^d02QAXY2#N>Y&H(cB19HI6pFwO5U2EenUH-vKU%mzE9Pi(2b&?SFX z8<2HqLd)BW_&%q|@+}DQfx(x^axk$ee4=5xF)$N+d9n$bVufo)oLS-^!RWiq;tVN7 z3IBTAcvf46K}u2V%Pkbj71lrIZ~Ld8O!6F!L|R6C?YqY8%4whQE{XJC zViLRz&tr-b*LlhvWd=)Ymr8n2`*K$hy(&!GONJJV3O8k%J^SLnW!WGr*DhuJV_&K1 zhnk*3HZ+>3hDA=kl4$xh_^sVf?vY_qFH08oC@j|?L$Uh1)jwUB7B=jLGzvS>bpYa84013b1Hr-a2&GdL0vm>J0!BgTh(#V{9|FA;~|{5XxO`2 z=JlWKLife-n!|%<)JPL)YxC&Fo%0Q?^Sm7TUVj_uK{~{TpC1MGM;o78X*uKBx>uJ6 zA9?j}s~KAak$%c#`)1We?KIW1qA3ZKs?|D|)3TJdrI1ju{N(FcYNaPvh}@pJ7Y2tr zhCN|U*#MQC(W{G?F&?N0aMH!cYvFK(z~GEoZnx)joL>z0t%Z(r6xn}>o#Mos+osxqpmKYw4WqW)FgpWH?S)*wh7 zd>2muMgWCZ(wb!fv~JoJl>dxho^Ci)#D$E#Fe(k3I<~0aX`-j z=L?Avz!^Iq3aC*?0rW4u8n}SHh*H(Q3Zz;T{pF zI+U{?NG8X%UzpH*d(d{af?4DVN&5L;sTUL=*R$6?J?eBY(dLx#$>a7UDnWK469TA& zOxKwwbiVV*S^1_TCpXRQWWjE&EHG44uSmg|_qEJb=Klt3_?tKIIN2u^o^PlyodT8o z58whThWf%%`ZSNrSHAo+I-2h_HD_y`0cmo76_?@#jD0bGm6;Wq_1<9_;M0A7N%R&u(U!DlG^!(}heh7|%lZb;N&m7!h3{5g zmk+9RxPhDUfrxEwdpG&LZq$F`>Og+jSLCq)gUvd&DNwP^eWY`_8uou|HTU=Ly$6z7 z^%m0~TA`HQ{nrtpVWJL!?*sP3afK;<4=4&*s{V;l_HD~)PZU(-Ec{Ut6GmksRPbOZ zo^_14Ud@PXM7JNb{4^0@sYdTuBv+BDrK_<&WFd4;ud5wI<$U;Y1Gre)W^Zka6Cl+` z2{1}PMr?UUFJ|v3}5LCy=I06k$ z+l#x1+|*m2hIHF|1RRm*`{#Sc#p(=4IMWPv^HB33-%to&iA9lApB*W)-lDC~?8q^v zG+92?Q%cwRb8dW^5~F2o4t5g6Q^Vcl+G^>fr{r|US=(bjl$4;+F&OdWx@Y7%yy@x& z*Gh|H+j&dMt`Q%E2v~jgF@!MGNzdMg-22vG$(uA`Ti^nuPpw z>6=p1C3wszLGN!qEO6|5(KJY6YpHkIMJV+K#WJ{}Ry4JBVh5N^IvLS|9|?$<{Ye3%mb!$xS6PTy`&y?wbMRa5d* zS*AMfX0XB50)V)LM|$j-gJ##)NrE!v=(r+bX17TxB0U?H$-RwluIyhrnpB=9jwidC&S8bk+o^aqtqsrl3Li_k1Z> z|6ip5IKf6JQ>8C&O|ZaG8!r0$3O6k*EUnJ^Y*hly+h#`%3Q;lJDG|O>mVr-xuEcZB zL3bdrQOAB?9HEp=thYr0&$mDQk*+GFh712h6sSNOhiM&F>&5bxQ(tj{cpg z<57M0VNR<^@4f9D)8M|X%sNOcMT8=i^R4C1ACgdq!9!cubKU|wxpkK_m%c@LASZ&v zV2soEcqDGZ>Mb0{^QMmwDFM6h4s;UVJ^sPQPD$6O*SH%sd_tM5{rXLGmQL_?(i<+l z5I$h)56o9|y`&WGG}w9*>~tN_y&Yxpk8Ki<+HWn~Nd}NK19sHW8RrDQl9QXt8H8)q zgU6=eQ@Sxy9eZy^wz}9G(FoQ?m=1zTK6PB_2Yo4Sm6#WLL9I~!Hepw&{e6SE1}^L} zMNqENea&Rg7kU8G)K2Bb=leHRYp3`P-zm^-F`ZH*b}kiv?SXxLKPe1qQ{ajh4Uw=P zL0c1__J_Pu&3+;|+^Wg-FQA~7?u;xsE7>GPnL(h|9)Ml8m2DwJ5||uEFTx4T$D*^G z{_p#p0eM5N`?3+qWS@+<^gRB)F#zQc$xMvj`8tyecwzl)(kS{mRo7I{+nTx$+MaaF ze#*Fe>+M2(ecwqZ1{1dSn;3o8`$MznACROfGCO+YNmeM9+;rR-$kOQbLtPG*Z@+Unv|&+DZ0F4(FcZ{YgVO z?Knv$L{j(vhE5(Jr41&>_zWgL*?XVlD}8!`nFM)1Y*PtZYfjpIuNx}^pzFi|D5ZX= z-v-F|NhARN^pGe?%Cqrqh3Iglk?YLg2tfX`0D^eH+ys12ONYj4OX>Wyd=7esY%lL8 z{k#0hm(`A>`zh@iAV@iUu5nmA)>lHG{uB31N=X>W1dtA) zY~l`Xg@h1JOX9ZQ)wu|0Ih!*tY!p>8~d)bjj!v)dp+K!A78Ca|`Z z!{_yynBlT_zQblS%|T1lNl|=d)!}@Sdcm-R_b*`TyNCMf>h1oeOUdRStq8m2(`=jz zbL*XjKBL~B7>ix;D03zwSfn=lxV6iF))veM~PHKHwXSQ7z1GsoNz`BTeeIB}rv7CJ}nF5dh z?sGbPd6Y)R#J((8!t;qq(|fJ1o?E~aN!}czoh5RAK>I%6!z*y|IK3+x_31WDTAcsv zb{7A$z{2a2mVA9t*ML|PSz^v>t=IlBD=@jLjFsw|7M;;<5*zE-=0Qylcvo=)EZrf?Er-vTl5kK{>V~2=%H&bpmh!5BeG-7`JAf!VI zK1t`>KKefSsroA=g#Cf{C~>T#Kfs-{im`1tI)Am6+kUK+k!&m(*hU3|UY z=)BaDRp1nw(F9%!Ui)*xw2`sSqRwYG{+HIrrn{ksxK;YoYrR)C9_P9s%V5OR z)r*W%vGE$?;mdVj{Q57+| zjA|iHw-45(quqJB3*)Fg`^(hu5L_!)JW^)jDKX($$0KnhAtIIWUDwZ$_I8f54<*Rn z`*`c8Lil-!xrI>&?^kSt^%cfyW)!ZC{*?Z>CY6{A)cyG~zysCrD*0Kcd+FC=SF9@7 zOnLM#5FA4GTOM2^3D{$YBC#ReITh}Jkz&*47N41tlA~3|WtxfI;|3Ufm%EWvytcJ~ zyYcbOKaznYAZ$XX0n`eK@K-^8dOpPAYjN_0=mM5w$PN8k;{0Ua9^F?Kw7}LOajRA&8YjIUsimC??0qBN{S`+Y0H#3e^)(P3LY1^&uRBTrZPS*3%VnOi8?sU8~F1rrIV1L zLfxI*Is!{;pR${qI|R-)U%KOy-4`5q5B|l z#5v0AINb?B)0L6XAan;ZH|&AJvwN$DMh|zX5zR5Y4Gu}@F(Dd?K$Ut2E%x%o5-o&Z zc9rQWxtLjsp>lrBZqo}t%NWr}yV?~KF24BFDRoC&QZ2DIpf zFg{#yBmTnH6#LMj%=Nu?r_tG`&QGcP{p|)v7$c!6S>B%^8m4L17?zUN8RXiot?qb?QglC=4Ljy`1+S9B=f+ePePf>sr~pyN zVldCH_`s|a9IgC>WCg8udM!$rH<5Eo8cn!ZM7|`*LrFRepvw0-#jXeNlm?W7L<^ex zE6eLzcChS^qTsCC)|W6FVieWLpw!M&S|%Ski~B!Pyas7aitLLTC3%*e#v*+~-KZ2{ zC^=}vDs6V;+DDJqo&XSqc)~*Rh0upR)-5d+YaJ`PHi#a!-icP z1*;YMNKuNsd^Qoa5!h`%nA$P2CE(vrQ~N{qg0CElL~b}~Q6$tRpzC}6GF80$@zXr5 zmZvJH5@kNy!@;P$t>fP$Hr=bqDaF+m;lv}`JcSY}QNk-oHp6(~EIbt0@?DCS z3LdUuMbHa+f|jk4ae#HcoZp3mlDOAXk!EAciJV<4VZsk+`&_~N@gEWiD+dR$G8@;W zNL&y?doE?^4(DJpE*-#p(gKMIia_Y=f?k3yay1$GKf#>{oO{m(i#o z70X#T`qsQz5hZ^&W-HuLpH|FdtccT*VwjYGp9Lr_G=RpXKqA6FO-jyDCYO@HXG~(> zOY)yf4;tCaIu&-qVILsO#cwWI*B^-5Mep}x4B7zoz~qNJ;@T*-Yg7Y~ZH`VMewbqN zSdIp0vFG%YTv&!0IImRzwtI$55C2o1_;OZWPwH)6f9U}ZeLV9=l*3~cE&W@5U{-9z(j{F!nn-n~RB&o`B{9+? z=mRfPyt;5?&HLR_tYUmIv0YN^{fyB~@q}>-K)&Zg(C^h%*LQtpcz%0KiFtX6n-Re1 zh0=e#2Xlf8f4hAGNGhB{g~`a=vp;o7eH@{O*oc2l@ABHoE63>H20ntjhUQMTCDviN zSjMk|meVu*(~UaPQ;}602^{1B+91d1Ay{fa#Gdd1w|gM ztl8ZUXCkQybD$E?6Lb8Q;?FRa)@x=1x(7R{W)hR$Ts9|GahM{@z z0%%I|!JaU~TEw)Q6KsF6ki?u7rcM1~UObaz_u2P4*;JNp#gYe#yFyTtaDNcTx6sVQSoA8!lx8h)IwmJcZ zJQ2txif90yW{4g^vbYm5*UycpK4N^=Lkw86FJZeyVylygB7ndQV9TN4i-UE)Rzuc{ z;4xK+J&uw)+ZLv)6=srh-ke$C-p>w~@96lO1;zuqS-|THV2ddX^oI9UaOF+R#EHB( z+#ZHZIyv+ccQo4^KdasC7y|cRB-|wmoCBDB!py&W6P)a4rpwoRmiwMebi8%lehCod z#mhEL6IZ)${G>$?qwqOIFqZ@ezX77xfnUJXgVVL^9O>-d`R?_%lsX$lXaG4?86fv1 zLJoF-FzfV(w`8p!T3S&C56Y;-i{i<>NU6?tmev*KWikBO@Ec#k*u%!#x|bB>#9 ztnzS6Qzh>-*{f~5I@fA8r}F`C1u%L;AypZU1AioUp;w%Pb0M5{n-hzauz#I^SsgDw z54&l7FmFrW#G)y1%N0$DdKdgZMY6+AKTyL;;UZ5BIY?v58tw6WH8r zId0d2hX~sQ9gb0Prhw^6uc1R;00-EV13S-qpYN!xOx6c}3jbSS{!2Ox`x;y8s{&4RDRUy}dK%wK`s!UY_06z9}|YXKBJjT_XPd{LHVFpH`C_ z6VmXjJ~oz_Kk@urphz*ue&mo$9LzwIOs}(;K1h(~ zm*mSM;C3uE9!frKy_6fn)c>~^v_^}wRfqTU7p)f-G7O{VhwG9oXU(VbaRAyaBQv3N zhWaKd(up zTy_5O-*=eP0^N9tt>^jOaepG4&%=3tVtbflHF9;TBpBlTp@jyY!}_n;AX%I_x&P+rs&g@y3a{_WvfsPV%DC_fHJ9BgfGPgiPj?6v;8 zIfW4z7#Nw36Oy)4VF01z|A+14=GN;w)U4Q3cw=iL2Swg?Q zcBGTZG~RA4ZH@AAq`~D~HDo6~$=@k3N=dG=U2#vMFd@GE-+%wx2mkvV{O`};e}{tq zFGfPYoXNY@4tJ@C(X-o}iP(>l@&EoNI))_`n&CavIvV>dn18&QH6+X!73PCHdiF+! zJ++Ra8hC9eAMa24#?rsyRrUI;$~Q>&7_k)D7ld3EvGwle>>^I;&?M`&cvNF{ZJ6LW z0F^a~E>EX7Jh+<5Q()bUx2|Vlhn+k6?w;7U-btRwV|5)dw;4uR^DV+JK6d=<4w1{8 z@8D{t?h?nN)GZ`lXF|GU#bEgIV8}~gGvC3>%ey4kL68-guflJ^7ii)MetpRNS>CgG zZX~rW9+LHi;rGMnrFA=hn`T9u^X-i!NZy>XXPx+Vd8L>*r{!Fvd7mJ#_kDEhgu3hV zc$d?wnb)zaYbMgxH{DgP{h!#TG5ds;7&bPnRvoX<=0*jxXEnY_kH!fUL zPKiavQ;$}^Cf!y$EpkN-@8^BSxB5N$>d!WK?k!+F*gj9p z5Mt7__~rIsJ5}`(xKu{-Eg0iXYG;@5YuhCG!2Q168MjuX!`00*6T8;=OXuffw(!Xo z#~;s2sZyH`HrADqhTjD^vcxynNtQEpF=Bf?@mQagxb}a~X~U)5k0AFbZaz-ij-?_S z&}NM8j=urvLX5Uv7VB5k`h*EyA#(3nL+XZ`thchLv3P_LC z9hrT@Y!;g36B_yBat_Zd6*D)J$M)$C9D1}~(&k^CmJAUL#T*?J|2Hz67WrEadynY4=$7HU*=b7gcS z+6up?<+Oh@bnnx}N=)n>cIu}(+h?0N)?xIi3tgr3cpCIan+U(SCzUBtSO`PNYauYf zN{k(8H!WFDg4u2w=j6NNBy#q8-SCd>Z80nQA;`{lp`EfRUV4(f;&?ItrOt-_Mz2bS z|C%-=>S}(|Z8wJP;wxpfdK<{)^S=F6YpY<`wFO;ue8#$GEOL_%5kDfaRRS&^{k_FY4bwNZIjbowh4#U?1oIq z&9%G<9S{1bl&FcC$L@@P;{=m-IvuIg8+$kj^9n{6VtE&Sxe`0~DSV%)O#H7avjQ%v z6ZV%Dc=e4e62#K&d{a4tuo_^s^ea)e>>-gAP|}TDvv|7X=Kas7#l7@qCl2@ARe=#* z%fPk}Dbwc;a8$sJkAhP9k9OMMlM4J|Q^S_f>%gyZinxO`(v56R*R#BP zri%B>`$zT#X=A@MhkyAK(PVW8VtL83lp9v{)n$>xCP~(toosL7Qx}I%+7-Rxw5{3V zuH1(z7kvpslV^SY_RAkuFZ|JNW-rm49f(XO8b{dah@z`PoP)P{b}ac-66Hnf9r!$C zPUjr)BHGH4wZz=L7$Uas3)VTKrq|Dxmc)E6P>nNtS8iN=BsNP|@t&DiBHPP2mG5GJDUr4x_(PMp-x4RUls$9NpS?Mm6ebc(+T$C?O23PG-t4 zmK#_$Cd~#%4aC>7N@%S1wT&kdRjYYRY`p^=mrgW{+H|XnI*gcb-@`vVFGHhnBmZ$>HCb8&tBpKH<%FU5G@gsco`#l{iO^ z;xl?go@BOKC-zz_;g%>^1mBk%5M-*91w0i-Gl~pJ|4h`-hMP>u+nk(`!OQV@emT}{ z?gvTVBNUG{Hpx3=A|u>>Uw)ZbM!4MVo+I{hMKs-{FeWW-c(QA!k~jC6dnAoI<{j{) z<`Zy_9o%Q)*DIE+7U-Fy-n7~NG3khxm(6d^R}u9&Rp7L5j;CVlwCM{0f6lBh4)J8j zZFXD2oWCSH*ABD?~TTi$vDJL5m?B?sz^HcK2oXYNP9~d4uyLy^l!^98U;V zy(b5YTKjs|?c%S5`vSdM<-s2%A7Gz}ZT}SA{69TIW|sfq8UDYxdjE0YSUz#G{7(l? zM2qfDV(A7V_1)iI8c+W&8R1W8?>(z1qp&j?67SA1lkccwkAW4tzbb zPKmLfRtw=HcHx;Gc)HAg1xdPew61zBT~p}pdv%sHv=Ddfzx*j8YkdCEy^CNIc}lFN z^Ln}C#PM{of4e+1Tm1N3y(Crl$ywoEPIC7#*;^#YUhj(|li@h>eaTTM+Ct?Fb^|7& z>2bFBg*{x@_s+w|<)M}(1KL*Ud-d4$!;-o& zmS7UY*Qxg2UN2dUL23#S1yo4SaC_GlzlU)Gm#X?%Fxw+Mtr3K}(YDmqTMspGT*2Ih z4tWhmqRT(|sQli3j)Ie$H)teRZaFVaIKjJ@n=6QB>|?$L@$T02^RF*7h3GQHIw;&z znUpHa5|O)X_N>v8&0vx7ZcaV#)PT?1s{R+ygQstFAl~|YecRQp$3Gs!vOA2ca^V#F zQwu#T5akE(#`<+Sy>%DvD^sTIP^;gsq;!du>u^UOG_Tp}9Oc`WyC2FU1mu&Z#j=50 zFn;0ar;sK1-{_BV`@$=Qhk}#RN)&E>X3wWSJz?NIrYhtxFqRNZMqjc91;)aR8bX;x zW$yg^eWXa?CQS*F>57e$hMzd>v-jgS+3m$<>APEtQ~gn!Yapa#EB{L&SB~)apBvZy z7H|bzjA)|ytl!(%AWn{!q#5zpz4wXa*Yc?T?A!65DY?ZD+=S`MZAV zU``8WF4s>eLV~t0OYr1n13CJ5Ykeq>;;hkqJ^a@I1&5I2o2G9Rk(W)frVrF~-<3UZ zOo=2iLV~2^9_?u>LGP}dzO@AKF~ApE=l+>=@onAcMhBgvMDo7V>w1IaA6KJl0_#T$=#bGNiM&|&5O(OTF@J^c zo1iwJ60Gspkrym|3I4*BUTW3%Tw8*|5wZF9-e_<(?|ulQ=~AN8R!kC^G{H{j*$WdT z#pGtJF9u-JlN_;XcI*<82|5!Cd-Y!i5uznBGuq{y_i)YLI!ek4pLa3}l_KVzxXZy? zSG`T=4gIb_Fb{El2WR)4d3h$+?(lcCto8;gdBLueTUKZA%%Cz}PF4oT>K~P~WfLpr z3Nm`D9Qj93y*%xQuLoGloDpW)1>roxF6HnJu<3Z8SD-6lFniV#98%sz2#s1L4cdr= zanKK`^_(Fr^b+M^neD%Po)CYLe-Vj)R{?dM$fm5UEA&8vi)@^95r?9Pu;b_^i(6z< z%WA@i-Mz$}msnYMJvPSHvK990jXO;7yMhl`hJr!uLYH-_$sMwaIN$QCFre_I|8N*W zil6AgpHaFKKfkA;msfaIQGz{Y7D59tse=r4^NL9#n}lU4AaNv`aoSU*i4dWZvni>Z zD~Dl@T9!MT&01F6mtL=lGoz2?j%!y{xcchcznHw-wJL0VjTEha`4OD>C5wRk7l;LC z^L7=uE(PVFwvXtGqOhpn6P6hpSyPXJ1Teqb*QW^CL<)|-MU`^CC;QVahd>qtCGA24 z(-6l**-HazJSWec)o&-wCwDbX&hm2)7NWM0!6Gc_%G)+Z6=3)jbeEMy87{jOj|^{F z98Q!XRL7E1Qi7EM;H%xNUGIOM9&b;(&mspAkGZJq59nLt#7M2&mK zfJ0!`uAh5-OZ63omUb*9 z+=--9Dpp3XbC4w_a%YT6~C7DU+n?rkK5KoO|rSL(It zj|SPF$ZdVWZGryp(qW}%wQQy8T6#g{%Rc_Ky38#3nE|<>e9l$Gh*pWVC_)v|JLQ!n zb4_99<>!AiXAvQ_0%j?cyd4GaQRYayv}b>5`t2WUWK$Z#H^S~h`I%W)?P~J8B{ZDl zrM&_czN z2v+|%Y#xc$cf(zn{HPe^e0;36VNLK`r+Qwo=QY2yEow4sdMFtQ7{!xdy2Z~N^$I9@ zlS7<2jUVFnbAw)P#5k(BKG%GwLEFB_iP1j5p~QYAgBnHI&2}n&jC@pA>-J9kVRf`A zJpG)TxG79=W|NwYZIr4ckLb5eN?jAy5bmKy_*&RwjBG`MqOGGQ$~`=O@sLSJAO;ah zHk$)WPdU;sw)jQj7?;)iBrCaBt=8M(|P!1ov9f zCEBi(7gDKF8fT35v$3nShLWOFi@b1NZmh% zUvwyqR)s#jnGGbuy*?=ZUK2fEoFmkaS?hPhB{kD|i~GZn9-{x{yieA+Q%zv9s*!G) zY?L+kUALkwSEEwUJExCDQk`E=2o+l|r`sILxA{>#57-=ny}lq`gVrV@?j6p1M8Vp> zJ5Y8b%YQb`rgc3r+|Vb>RCnPH(EZ7=IjgDIT1#F;#&4vRE0tbnLE9P&K8%k4HGoOruLv-jO1w6ut{OdBNt*F7^WIby?0 zH_0fMN1S@mCrMAf)5v3lQ^Te6D5`a7Lw!=HOK{q5l4$J@@jJWxj40&!R3bzJA?ry4ro1`TyeV9D_57qIDf7 z6I&D8wv8{gZDV47vF&8yWMVrLCllMYZR6(D)u}r7-XFLBcJE!gYpvR~dhLFn_q|D@ z)BKEFb}K~ylf}ncP@vH3eI}|>{~clK!Hgl=>@g3A6F+dN8CR6!H}tB8_?AQH)JN;A z<{?sbiQQXT<1lP@TBbPT*}n}}{)f1XnJu%}pE~2+VbvD@)=SX^9HKggiidsYw5IU{ zkT4_$E3rjVRXVXfy5CM8MV~&xrZ%!#y1U-a?n>MRzdl|rmLxO3Kx*IkqyKCD%EHC{ zzfU&)d$Gz)#KOkJ$?<pZThmlJbi5~Y%DbSJUnPDfWwdm^G*8<6s#7o*cg9O3;rn5 z1)JxPEw_>5GvWvAM1dE3x zo`7xDXSLt0JoKf8LKA7HM2;M@vMRUf@X-81I2R?LDuzT&rd@#v#v|sa092I6{l*Hk+AAly8}sRAselhbH_F>* zjeZ2ElO+EQ#dFA>oyT3q{&95VM!c^Rsj0-OA21+Ap-xR#%)(umJd7hT zz*6uMAAb1)Ps^GS51t_lx@*(9bd7C=&@aSd#XF#n`g3ICnU={`x*Rs5HgNvOtoSv% za0R^32^IK3fw5{t`Lrb)=7jLC8HxL5X%pDvv%NbQ38Qzd3@XBuKCQy-%69LmQ{E{o zOLpANC(w_+O-CUQ1JSLOUky`odsl?;?p;rNAf_8>_23uctkZ6dptpVqzM(l{7su51 zB&%VMh3+%n#~?i6i1|-5(4{}=g=_NcEYSc#^$3Bp+<87)R6h@d>~8alAT61217T+r z+2BW&A=v2xX4CSWRRi?NIg{i~RoZY}zDm&93prZPtQ#SHBg~dV!+JkSsHWUn?<9|D zQnx{jJ-+j>ohE#j+C0}ad=mH(iff1z` ztx$9(@YZ5`Mpr17ab=b~nIYzP&9_YV%Xs(LUU>AupW0w=cJU%{lcI1$uFUs4%J*#A zp*g~1#0O56Q~w+fmEA{Gdd6OUNfSg7VL6Mx@h?@1Rpd!70?8}I8S^n}zvzni!g9jq zu`Y{hL>ccaHgmf!1^NB?9c*fV_;#TL{@`{Yet)doRW`wR*8+Hme9?02@qK@65e($( z9CN(>&;#dHGQ@v`wvis{zjn0j#OzA3&RZamn431Wtl{XwyX&c--#z0!@dj5>%%2zvX`}^Fm)q1oX>(9LkS(p{OFPirR zBw6cpmvC?K&b`Fnm3%RBfxs8f&D)#awGi?R7m%Qw#yTeJ{=#^L(i7&KSvn@U@7Fp` zf;;BD=YK`X!O$Q&plJ`S7A4#W?P^CLO}kg2yH6&J-cdZJfAgP``t-lm`lykX<^K$B zn;Db7@?ggPs#tb`vR-h7-{LL8E^$`EqCI3AzwV(xL33?VxxsmtiYj{-%9?F z>FgPsko1X&()9{=c~uRnRH+V|DMw)EsAB)y*S@uuo2=C?p&D0KM3#A^ca2wcR}iV1 zgOK)o%H3mIxGl-J6r2OK;1G2D6O?n(`io*QeO6K1Hkx|L*qLCeF1`JFIFV+0%$aV1 z;>b)NX|IVYdP}K4b_HG|-Pu>iSyo=xX4Lgi&cSM`Y9ipBCppqq#x0421Im>unJ6Xi zH%jUvA|5l$U0}p8{xs;66?cJuQ#G$nSg4vxXH~ES@b#9s!A2qAC z^=UZw@~2B0)WVWP1ulJzE4!L}Ga`ev#jmwBEZ(M>Nhz6FR_Di-F2w^1i)eDnB^&ExKJU{(x*=an$k`1Qh9VkCKe-);yGC1OUtfYnHTDsvEZ= z|2fxDn(B-%S~+KXd_S(yiYeb_9h)?XUo4S8r=BYM0l>3?T2myIy>*}+NA>?v+(3<@)gAk zWi6&NXhgkYuZBKa82%A&EF}VKKLQHhXiC^Q!;;66*YvYQ;iPWslT|N-o4bDDOH-JX zAdu%^@qk*tk233>j_6}BMs@i zHh%?jA6bTBf`KWsV&eWT7k%WIA&G0A`Y$CT0@*q>TIZC%CYu)rwPF!<3-wVB*k)SU zvYwE;y}!PE==bl%gN`B5E*1ff;RqoKa8~f9{ges%_w3wCb!DTore)1Q1n$TRsSPQe zyAK^rb80#qt$$C=Yk<+KwZfsdE$%~gd5WL#OpL2k_tf3FQ&(Fn^d8&ShC8)odfyM* zP;%?6;U{YVWOXUp3LSN7F;RKwxM8jMYPZcJS@uM-myq4kwH>aF9T`X0y+)EJ;xSDLgI z@QEEOt>b?1@#c=kt0qdh$(n}ktHScKeERGWK#SbH6p{!8Y&jhFg)1ceu)=0{VP=yf zEn<$RD6m2li1En_^U=xk?Oi&|#FgIS)83fX*O8OJybbUR7CawF6&@bZgmN{MC~&5s zlhcwfCXXtzh`)!=WFS6Ku7y1h%6AGEwXSIbCV|9^cQQhX+6+4BdEZ326{)nE;w=;$o^>g^uuYVrD9$psYY{A|oE4Zq6|Bu}K2tjq zi84KhYMDCMfm1y3J4#hF>7EiEO;z=ukfSHezY0Kao8JH`rDcA(lP(Z#XhZ}Gvw-e@ zimJ}1#EEj!STs%J5G^9G6Gvnr{qnBI+dS9r_g>^hny+wJW8p!H?RUq2%9NFVVKnmo z)ZScpYBx)L$x*P44&lQIHzL_1UT%8_Xalsl@Q#kn8(t$NQzg&3zaARjOSY_^yAD13?nqv&LpNT!e7ByK`L_%jLAAr0_0Q%XPhl_L zI8Mz^a^^bUEDUONYvgO9UeQ0?J`^^!HrG14uQT?49Zq#Y4SpafPkDPq|28OBbKe8a?ll$s;ef2+6Z za!wh3H>wmSyvS_zM>qyxg^qCbEgw#YV?W@=Q1o4i`;Wlc{-F%c1LY+Zt8n5NJ^qlq zDyeO&Y|vpeIa|q@3*Awg4+t2^tP2hxat&x8BJDe4^}KDk(#z3RNhgOWT<;NxyLnxq7;E5n_+l+#|Q@X zr-MH7PY1KeQ->;xuDGgUcmscLBin$9WlLI|rME)*dEXp)i`xevHKZmt>Vi;JaUL!{ z4 z?9T3q^0wdMAC(+g-B&jQZBc*!)@7mXPGByMYu8RhnTfMs#hvnNG(i9LtK#;?gmygo zH@H^A^yc+zWOd1Fc^#N&r9>1dwu0|x^mc7dCd|{}nWkN!D5Z$Cc|Hv#T`=#*pP!Gq zbvHX+dxuIjbpYSBaH09@RTYV?Z4%MW9~(EDtz657!|DOmifHVXzPgDV(YOO5qi++t zEe^)cVLn+`=G-ajWQVnJ9nLWZnv;z6D9Xb&K zS))1ro9McmF&0`#8L<2Rv2X)<7OutmtFl#I*P^=s^;!i_Cp-U4xk*ZQt17Bh;}m(7M#i& z0S1OQG37dS&^1KPg)($0<7K%wfQ7a5lr;zPv zKn^&LryAb4XOh7puKbo`jnzH#C6%=TuiS{&-)vhZC!ca~>@O~$&dwi97#{t`As!x? zMvV8Y?fb0lk#Rn>d^MI0{?!>Wb7y<8-mZjk1`ww0*oUp-9r#X;(N-FmVm)qXiFNp3 zJ+5P<7JpiF<2g&t9%?`7dCTkZ7Bq-vhb$tRhG!R9PmGvXLDRy^%@Uud^x8-^*=F)F zb$Rxi)}*IPAw2!u#NxI-Pfw?u>QH34U4Xk#`w0~V6)K6O^{&4*{**I}CXIpG;iTqJ zsFA0y^tt*VS99+gjR+fxD(AM=fx5zDN@7WvrWq^EY89_pJf5s)s>K}LX$v8joFF`! z8Ne=CxfDB%Sr3#9un(w;>D)Q}$Qt_>+@4;($vH5%$tp``m22l1*7=T4;%3yQOqS%b zLyuUjT+l%@g-Lo0Vi_s++`njJ;AS%!_+nJbYWHl)`WeYP;^j!`bbgWRRB1VLy3o?O zSQ+5s{`4^}AL!E=!Ef~5E?PZT;nTt3WkDnTtAejPtyM0I?J8le1IdNA?b?)(km=CW zQrAt{_--}zIMK?@aZp)$Kp}&6j9`qUHo_9{r9cM#VJ;AazyJJ{&6Xtz%1-?Z}vk{X#h-vnj zMy{*Fx$9Tl4v0=jobS7^vm4ktg@63qH<>%F<;T~p zc5pAqZq+x4(YY2#OR2}?_-#h7&%r2Ko+g*vv0;$mXDP4IK71XzS2UN?enh(%dGXiV zVcS4(_i_CbH?-Ps4AUoK-V18}l_ps)=A5@qwo(yQBRU?NZce3O(iEdogkmDu)WkSF z0tbiVuW$8(QiTIl^P{FWYLgr9R!?Or8}s9Aps)T%j?VLSDx61OAHAc2^c9&syvu{# zrHr|tJ*mLxrn|UlNWytYpVF{j(a{yQ6kak(-xc%}-PqIaZ(hXF(Kkv7l6+E?v_uht zBIVtZOPnqeo0WR^A;D$`dF_+>kDj*jKP%|{* z_>w%Pd1KF4jV8(noqkO#&UB-qo;n`aFX_*=jMFf?-;bFX zzQ0qd^;j?JD80LF!n_?Id0F~8KNMkTT!wK3qu+h@VRFbfvOgnp<#*AW+V$s@!=*c2za|>=& zp6wVhPYBKWo0K(ni9z4NuF>d-V3j33&A~~G1YYL`v3MCX-_i7j%aW4O?oirfag9`x z^Os#AbaQXw=X*&^XNJH>)ks5&yp$uPX$;}(xG|OhkJHd^+o8q@x%2(CpP_R21a&W- zZgg#gKQ>Qy{8*B=uZ_g$Qi+owNCbY6qSa-jk4Rio4HJDTTTpiWn*s!K|9tPAU>0*+ z9)pWIZTnrZer>Yc-HQIx>fY0vd&nr%7veHM$Q%ABm%}rbiae1<6DLsw7(wog5=0KG zPSYzzA6BYT4Aijzu!yhF)y;D;Er>2#FW^bfuRh06`gl-+wS;=3aq@SBdFS%pBdw1# zAM_4{`krS!E#o*<> zPshmJj;hSAc<^CnM8u07Vyl1ap|9ROO_j)2cvOw*veXMW%{RzV^G=$_O2bWybM4OR zm+R^(BePbLe}uG@ms197>8s{G&3#*Ua$!6zes8Ra_^nPdyW2UayyZ0P4vbpX%rQEWxZbk0TB@cY3K0Vj)qpV z)xvEC%_OlC4KT|k*hyUJg>nDk6%Nx}$EgHzdUY!n%J3d5gL*s@VuZ>&h30+wsfZ~G z!RTAU4g&qWWh#S02;7M9QMd_UY-9%bG2K4wWVz~0-sWqxb`dLF+TnMZDjx0zp5u@v z@#s$)uu;u#A+d6rcWmh&@3oL~4XdvS7(X#2MGSNf;O1T24@W2Rr~-^(Sx8;HOGKjr z&8+LLy#$Ci$Mi5Q1)|o#l&w4)I~p>QTMU=>pJ(cL7p0*b z>`HaHNCw&S1#Hx$U7{{B5LzuhXG(6>tUC@4e?JjeGiWZeTeu(Hmp#LEx?_3n$_35p zLF$m-;Y*eP4iGLH{<049qLTEw<85v#2@j=3)k>jbIQMmHeiQ?|^i)n`%fcgWk#JyE zygb1FF%2=Fy%5MfVA`heNLWSw9a^b?pUbMVQ;}7(%BSvbaO>T~dAzsMp^V*PTj`2o zH{0QK?%$T*%B%WbNWR?E3P@apam4>K3Mzr4Mz)N)8OS73;Zp|+opa3MgLDo!y> z^Gco}4vi=rGrCu#QB&S8ynRGA(C`{H)ec#rAJAP&r3Lh~3C&3N*tG-%&Ew7d{zP|c zf62gYEN4XqCMW;{I}wvGG@}k5Iza5>t1~>XBJzv9;or^ zY-f7N1$Fr3WjPdJNmVXB_DG7fjwr_i@7|FFOlG$26N16w#XChI{y|EDCJ`+aZaNX_ z`;3+xGxGZCwQR9TT=GU;ICR2eDZ?Olm9P^xLulSBM>$m9WSq55cG&o%*(^T7 zF%zX%Y1rtg!&K>pL+QdRtdhmSN3l&ve#?JgBVsvC<)b+VmZ3ruSTX7?>}~E?!O>X8 zPrwJ9b4!mcIjFi?{o~2)JkWRI1Nui;El6Fal(7A~hF5pW$Z}*LM|kmaG!II?dyAe} z-pSN5iV?`=>km3iEz+=s_K{*I%DdLS9V>-vlF6F04WVnz4ryYT7%795o8xrptA}Rv z@@ICKjJtzX3d6CpopX?n(&hq`Jpu>Y2`o>f3hQvh$uQ?VqOm))2~d&yOU2~K&SG5X zUXFhtz3zYNKy19n9gpGoln_wrRprMSu%PUhi0NNiN@E*6^SDF#hZH(|As|U3Nx?rn zBFe!#vg$PKKHAV~L?*aviU@TNFgaY+4)}roFxph?3eiPa13S2*__g#wg+6K_rf=9F zl^-`NAx%`9bfxU^NnCcn6J<#v&gS_M8cZ@fBWA8)VTICUFDip*x-m!lE~K>**tn>X z6-L(peSn3Cka5dZVquGf`7(P^dsEYl$nu5jSD3i`nLor7aVK)*Ox8b zJ0*kpo7;P@yDr(@)?2p6%!TW-34?I@L=Mn%GAYWg&&zv|Do*S0~` zBszh^W~_(f^P6kAvdQ!8{*JUvw8MM_+>9mOuuhjA{ojTj zmMl2^>nodzMjgU(@JyT7ge;rzQqqH2quXOdq7n6Czhty!>B9NWf^P-|kAoAfu5dhl z8YB)T_Yrwp^*@%Q{JF0*x>;M1$x3uCY`k)L5a^>z|AfK!Fq~j#@>c1|-e};2QP{3S zhMCf0@qX)XSaufG^>X(-+4NBNkmBcZS25*3^)lVnVP%1E6GzNW=J#>#;&whB!0SuT zdhAsWpFx_;c7yTg?WL4p#J7`k(C35L_3R__+Ra?aQe@zV760H}fK7^asU(5FVFtFy z;{Un5T0pOe+{Z{wY7EDjAL&<39nW}HBPI?f!GE?;Qib(yxQ@u)+Z&>=^_SLy3Fz@v zQhgU~Hv5UQl0+zwP^{?0zDv1<{lv&T4~kkPq=j^2hYddyDJxunp(e;5qfTe-8NMYq zr7RxOvFvgx-zdW013m+wL1$aQul&~g;a4qNoa-6doOip0y=PpO4@rvseYfpTB+`wr ztgq3I@}}tOE>|u@=w1mt`u$S69Z|h`3Ztv=F(F zl*~=vNz=~QY!1go?yHZg#t@FCzWj=EcNVa z7d@{EPfzJa#X;pxg;P9)P=;*1nJt%SW_*pDJI3O>5#lLZPS_O9vM^!LNaMUn#YHPqfvBeFErNQT!b8-*ic#H*+fOF4iV-)ky=X=xGC8jec)#Dqb9| zNSmJLm&WS%0&XZil02e|kM+Z+Z0jna=ZFf-)MKL<4O-)F55AZ24a!;(Vk8uy zDe0CIwJUFNe^^yt`*u7?m>K;t;B@L^brs}49zZxhL?4wM#{STc|N5rB#woT+Vt)M{ z!-#dPlOjibE~PTw|BEbEvk;AESP%IP)YIeEpE%ZkFy#L2OfK1na6zK-jU6U3fr>8e&orsnu# z5HT3hYnzgd?hX$)n8iA=l=eua5AFR5g$d!7xlY;>SKhvBffu8Ir5X7(k}z} z`yX7$ZEpjCCPaA0u-=~EMQ>EAnSlw8`IKYS4WB(|SAhQkL4VvYQ|o9b=cW$vmjdH3 z?W=<*Ssre&UBAywJ>MfYVXl3Rr1xtk3iugmgG^^y zPTkRiKE`Qh94u49+?@S)uUyG0v6YAjQAI2g(HP1}$sc;U142sfEcHK&8W<=aDT&Su zHzF+lj-28{xSM7ZWUcJAOfi*pTBK)nQfBP@%4nEkIBDvu9Nv6tDAigAn=ykOm85;j zgYOv2=ky?_kQ(rEa?|9Z9YrSrt{;iujKY)OMZ)u}Z8E)*NjjHA~{wHgph?@Q?D63}W-o+nYBt z@aZ{uD{D&tHj>CiEutrp;75HaN(|jxjdgFH1481Wfrvg1uV?E+BWgIkP0u)@vw6hh z<$bVUt-{3Ag>O1OXi$fuNcua?ER>Fzvh-k&MEw2dfgaDSf>R858^px;lKN1D0jsz^ z$9R{Uu-etj*3d%`!4Q_?98u(~#6-S})fq!Lxt5Zqs>-s)$?m%84nnKL_w`sM{U8?C zt6j9?PVUiWC&+KE%*zK>0nbFE7@DwC9i@n>vLAiynMKLbddR4|(*UfiMCm^*tDD$c0LZE#xKaJcu(EQ9kbB zDNYWlxd=tRAN*r)mcG}8aygOU2#LGr_%j;6zcGN`M(>(xImm2!yGS^0E-wdv?r%!j zK(1YAb6wvr8~SnhcO|^h4J6k1mUxJaYrS4Qk+@L`j_oT6R<{Hz=?iqb5{`O>E>U^u0Zd=w zLTZut7j{-i7wT7r@whWaIH`SoG&1nk{2+eY;D`CbgAUUGZ#>4N5;IJS$}^QJg_XQg z*jcQTez7a=Z<`wLFB@cHD51+J5HLTytvrSu?(I%fl%z=Rfx|?4YmRqU^G^jqs$vNz zU64zsuW0f`ZoO~=x()XolQhTm;waZ5dJoglY3tX)RRW)Q{1MRmZoN%~x=JkRax94} z>l$6J9%@he*<)NZTP9P0Yj^@9cbmq`KkNB}k(2PJJB-68;upRk;I=Z9i(la#O4bEj zPZ?!@W1=sa@Ju) zrfmf=>QR&&i#>i3tT!% zS zH!FtC)OeSg<+>5rPd{{+ zOc+}*G%m9r`&O;4b^-Qh0o*pv!@P+fDTM4Fc-D@F(c$zaqmJz5hf6rakx)3?#&FGb z-Sz?bzd{MwVVouk%rAL#kJ_TlmbX0i+V)7rCt4Q!b`CKNox(IJ8$x1bZV~T>Hjoh_ znYCEBCzndY1`Ebhfp#AQQLUEm^Qg*<3-PAg>xl_8ltGf zLPqrZe2I2^wv{*_sUxf7`sV6nFFf~c(*iwdTfx8iu-+?i3b&8wEV`O}dOJ-|L^1g? zbfj;%2=2HD`YtFuey;@&IcDYQRlHV*^F4EJnVX7>^7t5)(iPgEkMTT2dh`p}1{aX(|J#OelG3C z%bjmlO?_M}g0)W3d}6`X4F{i_vO9k<2v+4TqR)p+@v1IYDt(b868nOioc0YOid~7O zg2%=iKD2t%0|(}VG}~tx0-!}kv!zt6&1*LOFw#<+;HTe8RR5&V*DWD(v-uC)VtR{> z{JtF<|Lxk^>S8XMLhmQ0z8oK5*FQwIAgH3p<-eKueG0oL6b^XS3R}&z ztPRDkR2PMz4fE4KftemvLGz8XR&mF!?L|((^`al}VJ{bctk88$xo7!E!T$OT?)cq! zCsEOPH=2KRNwct_vFEP)_HjjfQnNF;&+lu!axJL>)r2+ASQQyg$Xv1gf(5mB5IX74 zc6PG6ZPXvCt-UCiJiBOVLj~v=qcQLxQz6zVQPrv+gqNk3XJ$acRZL*%THNxF8I_@r zq0iM?Zl_SkG*~_-*!l5Z<2p|@M64lQ1c=b24wF1!MRZ^vBdHUsO8uf!?z2UpczUoU z^?Z=^+Ys4Aup$N=Q*`DY=TIau4|n7A)dtmRC0{pHxKpEf-`Uu+SPV(lWxU~L8JM2g zI~YFRAEMP92V#D~0}LfHycGrcyjpq*y8xD_zKBg}EXzlLZol3^o300B&bJFyuXQVv zoui*6C#VUBImM%Y>1F&#g>%k}xL2k|HGIFJ9lW&tjAmATH}45Iyc}DGh>w1}X3;iQ zkejM4brZdjE+7Woe=I1ky{<-bCX~FH?Ik2C1ytqUuSnQ zZ!L|SMb#%;9R)lrY;HZR7_L^XEBOR|6dQppI>sV!g9(edP#dq{^D=?sSGDjIf&xUO zJ|(R=#6jzWUm^u-)fghes2lIoZ%>8Mo$koIYHVkV#xr!gI2Q4oMNIbL2ICScPlYfY zcvgx`=?Q%X_}kxxTwsS4R|OtyAXo0`7~G(z%Y;cuo&V}kKu2y)pFvT2H^JwvosQ!+ z5pdi$igOp_{b33l2p3n4&fq}9z1d}Gx#kEae9z{o%bq3`P8b0jf?P)M)YSW I* zwSE)&6B(Vw_I(vdPyV+jFLOzQHM!IG#xk=VR^Yf{VtyP?35#t3I3_HFo|;FzrNvwp zjT@YN7P8j2>FY4Mip_a63|-D%pW_!V89xWjWNV~j7;+Lh%}lg~^bbU3MIXXPN3SbE zKfn{$ybNF`#zuZHTbN^s4IB=>y$&2EayG>HoDKEOEribUkfRbZm0&O+*;rzE5HRMF zosq|tlG0SE8}nG(#_K1s!7`_3XR1z>iS1;wkfOBtN?D(NFs9se3MK`YHwez3?^iqI zvf1>0wrLqkXW9Hz=OiJyW9ug8?d0Gc=ugvJc*d?RbxxKiIFpJH;Z1IZ>%LHw79&Z~ zrck?Q(G0F^-s_BDgW#U*R&whGP;`%>owVYtwc_fZpxX$jkWM0gt;Uu-Kn`SKM{(kw4g9 z`EykY%x`&rJt<6Pc~XI#fwBXofhLzGTEG#Y9dHBa3M2&i0mK2}ZJYGHRDWtqx#SbO zblLdY6y*5mehOfr1G9BmN=UZL{JUwgep2KIx8X|WRm9slIN_7k8fVcuC$$y~b_)Uy zn)Ow3CM{5;@EK!Mqd171V`9ll_tzU<=Zp3UHQ{S+TVc)#UI?NTDt)^{4hZ+9_13nQ zrRxpT^DcSxG2%Kium~CjS~1MOZpF}p*Mg7CYyZx;ul3pUN#YlrE#fK#KS#nGZHT~! zlZmW+GA+GKDp_nv_Cm-k<~$v9tkm*{G|3vuGcRl-Q#^udqDnkoCt4>;_{WjV^F5$- z3f=PL#*#(XE|5|l?_Qd(l+I%_CM?62^cdp#Pfvq2%a$v=6VS9m8#rv|?YJ>`U}-kTAXEvfgmr6~59QCiVw z2lFwx76-4`L6dOh!t6+Ydmeoe2DFjAbgL5Fn^_{UFrUk}F%lS`8ewiEfG4b%iaiz5rd?Pd~H!|qZF>!J*p3G1Q`#05T=5cwew zJO#E=g_ZYB2YHh~6#HXWR2UCq07V!NQ>=wZ0D0gokc%ul zD3FUN{0ZWwn&=VEIG5-V);Nx+9pWaI$PLaojmQnQKn0mW*afDKIvhXHLkD>c;wF`- z8Fp7rxPv%+39?Qcx#ov)0};oMT?}Dc^Z_X04!UsHKo4nT8_1giqD7cpNa0G%fxAEt zdE^R+n@S>eSmO|)RJdInVLCLizeG8x1E|7um;*_Hnq=XW5Os>ka1hK2$Z?rvWWh`7}paKU=EN8%c2iJ2=kGJ-vnBs3~&jv!4*g&#{^m; zi**v6LMYLO*9BsehR+0+q6|<8tHKokkVzqwsKa4}li>2z&kvW9PU`d3LZvty!Nve~=$5jud z=ZEP;FqkLiQ|kAd-EQrhPWQ@;vg9dn*_f2ef>a2+((e&(2rK-M6Nh74gO z)(qi26CIkte;gWY|2Wjy1{O8u$rsf%ZCI@{>LN^N0woBrM;c@KI1|gFt4fDUdk*T% zFmTMC4RJPmzETELRndnq)fzF4Y*028fjV&4ybB+~g;Ac% zs0&A2ys$>2%kU|Z&B-&-2W^#(37B@W=!_`;}SEg1`t$g z7dc@mmPz(2x>o=QD!%5-iUYQk+J#PZ07ulmd$(6e^P(qs#WmC)L99b@2G-|oL zd*tGqWNoUL!g<-U2xZb@D8NJVDb<29u8b9Y@l3KcRZIa}qB46iO_~DaGz=gmnT9Gw zg{DvyP!_DrTucJ!r$#7bOI9W>CQgP@p~*{DppH{!D8>VMUrBOOl*Y_0ClW#r3?}S{*Yp%n`a1A0%6fL z`pGOxE}k&;Z)NOaMF4R!U2-6G26cw+s%ah(ARrk`Hxn<qQe;QCON;2jXh z#;IJZ^M`p&6PzQ)ffI~_#!c~cJsRQ@1l8XzyEAvg$1v#!j26QEE%Gf6k=MGR zqSW7orzh2s9FZz9jX+b2##37exM5wuPak1$w;uV@|98cx-3$+DiopXuTCRIO7z3)c z5Hk59#*5c+Ns8M`y)a{^Qqm+B6>D!}(?4T3_oul@PJHI;%m4bz1@!aEC+}o!9hJwF z<{m1%Or=Cz0kZuUj9AtiYs$IYf&0ja-3)&Cd$)OpFFafl925`~hJ9B61o{|q9c&%q z9kdnn8Q&5A`scPr406hZT0`USl z0x{srL$%?82B1K)-?2kAgq zhVp=`#ki)}M(8;M(gT-3vi?`t|9j9i;XF`kp{~IU*|$A=egV~h7NE4Cv>;=kQy{6J ztDp*?sUVo(hN#h4pgABt=-7-P2MxwNw!BI=Ah}MS0-{Edp{oB!C=n`txSr@HxvJ=cC(gGU2;Q#&WBS}XKtWfpH_5f z$6VW(lIMvBIkBuOo3G8m+iH-g@zASF-i7DiltMa zp`@n1S$AvjCXAtoaxjR`B9g~@R))2U1IswSp(=Lt^n! zK0_jxdbrisITimr3A$)OP!F&yulKfrtwFHjJV`!Pcm2hTDki|)2=Rz6 z3>(YWnt^{=Ce|JPrU_H8`&OUxlx^)Wxa{i8d;Vy-lBYlCJ27OWt2_1vhh;ks_Fn_Y z%<`WC_+RLn%90}g6Ryd|!T$dT*JNg4RFO0KWkbZm&Gels%KtCaCN~==+kZ-w^Xwlk z7~+_G2m5`HG0c3;z2uFc4D@tNV{<71`5z#23tq3@Q0N{Rf#G0NOQYC0q> z%jSwd-`SY$Lf#_hmf-Dv{XJs#--mOIv48YkIeU!xiQjP9miy!8`!;cJ#4Em=jV;w6 zJ@<2e8>dy)?7wcYF$l5p*i23sUu|p%xEx;2R_%N9$`5}9>Zq!u=gb)heN}6e3MFd$ zoJ`9w!x(%X%giU%H-CUrSMU1&eVm!g)jZ}ZQ;m{7q60*o;ONL^4>6+R<9|E{YQ>rW znx4_orfHkg=I|%zcL_c%stpJ?%Ch#NmFd;(w#wFcui9O3+`bXN+3jx5c#7r!s=gQW z_@dvFFBUbZ! zG4L-;D1*NYXfhl8fts3nt;J!82YC<= zXtO;Qn}6 zSS5pQD^Qr(y*L9mnNABeNaXOb3>HFOK>_;n(<@Exr3Tkf?X!ZXTKq`RG4*>Y|J|Df z(i*8Y=L53hov#E^Nh#n+cw{8lHVEN)16D3!4MBURH|z@Lsq~)HuK=m~10jEYr=oWa zgj$*}HT=pe_`ZvJ!|=X7aM^Ex zS>ll1Ky}fk(c-PaE2Z{A$i(k>+rPkAmEP@hIi_R4<@Q+{vGsOysTa1%etI*nvUu_# zmN+=zNXMLi&ko;xZNTxpmr#d89ey)^ofR;-+)wAF3ErY3BADNES+!4wIxDwSFkLIo0Y`|E&`bd|S zKQpV8Q^JopFC076#WfE64PD;vw+!4jT>pH{mtnP84MDBA{z|iqbJ{47yK8ysqV}%C z8gM+1{cwt-*7tqO)}=!@0kBa z+*|)e)kW>YfFRPP0)mvJG)TvwAdLt}Nw-KzHv@vCN|%&DcL_*1q;v?<(j^T;4h(bN z?S0?R^L+n<_cu86IcM*)_Bv}_>so8=t!VZ;VNA16zx4RvSmGRNx#+6#wVHPGhqWyF z%taUWL0Fsz1s%ViUWBg-cGwPN&E%VKi-N5e2i`7r-ol)1`8#MM7ek`Ff4LZFp7tro zoyU57&-=2Pj}~+5q4XaBda^@5Ut>o$GT-c5W0=ESY1K`dc-PN+I{(2C_S~L`@%@nzqK^f9J9KBD1!oUq_iPBz!V> z7CRMd68{Z#6+5iqZ@DzpTVpy?*PY8j8zo_l+`$_VQb)J(^X2hra0LBm&ZGZhqKnKe zCQ#{R4_sLR=P9Sd`X^Ra6578i=`A<77KO_ z@rOt%K^rb8RIRPS2UGF=Dxs5J3Qp5=?OjijLKR2in(@cx8UtQ@1Zv-!%LP5E<^3_dd%GuZ?Zou&#Z#XHDtOWPMslNuJUo*s@|?J?HgtRnwV0V*VQC4o75O+`^EIrF-~6a>dIY z)<*;M5osO0ghq0#<5o3$8t<&<2#7wT$rMda(JXvsW4ASS;tdPVGAi*QO=F9o7|}tE zhUf1xF+4ig*WiWG$c0cyyoIgw4KZ4!7Pk4VBaNr-aVBtr$F4d?CT= zTZ%38hn)u_8f@c^i6(AunCK*jpI+nq4)1v#(S8<)-L zZUcIWwiK))mab))+TFkv)aSy&dQBQ*QCRJjeEV7&; zYFtbSno+~et>mWXFoDDOX|s(~%Bl>dXfjmh)gp}pd$rg zYkB=kmKud=5)W%^*-~B;zPf$0o9|n9d|VQbMejq$-{JLVgpfq8LB(q%qCxk3p=7_z zmyMGZYQvD^xisXjiU@sriiybPgk;Y7V_;~%+%}UlXA*kH*su2<79PO&3#j+#rH{i$ z^E56f$TWMg&C8VcOQrREDtX**=cOxYyLROvN9KJty*~M^;|>zSCz4fg-Kh*+6W*{J z-awL9;o&M5p~+s}G8S_jZDk-B&oPuR(+g=v^LHJ53m=6I1eYhLp*nLc%7SnoVM4XQIE zcY?F35R;=hWJ0dL%TSRPZJ#2Qc-X{c!C!Oz@L<*q<&T%%uik{zm$K&Eu&iiC!hB9z zd&$-?E^5MyApmf(VPzMN`XG5I# z7@M6*1xHfyXihEfPH|hr7WYYN6Kw0@)X6(fYIBa8^P`d~*|}H~$648lz9AWt>2M`h z<{B@}@2h03tqE1HJ*axv2k-v2%AY0a4{oHzJXG<17a&gSky^QTqu_%)%^*}Zm)b?F`o`quEp|5WM*q&)dwqld|?`KCa&WQ+Z zb)ok45c*N~r0K`br&Py528CgsO0%;4l{qoKHR`B+@lEfI$ap1uMaaA@=DqBKkCIsXFu;Aw!* z{yr>N)qsRdCOc&Maue@q)SVPRdNt{co7SYhyDe9%N27Hz>kBcL&FN+@v?TfIm zOxsk{Wqwo&*OvEBR*(=O<$x#Fc&{Zx56hGglIL5q{5H-(^OYvQRxZgHlzPt?cNpI= zFFBF$?jX^st~z zT!3;?X|xk0M7svKDtQ2oqLK9A^y&`S%~@V8`BYR?l>cIZwe-AV>-s;~L-q)E@7@>d z-h`(!mlZzU@8|%?|B|Pcieq;aWy{IShzi+CyROU^HEmR+&4#*1V+g6JsjU>^r6lp0 z_yHW-iZH5o26%htvjR#!#Buwc+p3~LLv;cE4Ovcy2+bT>N|iphwZ5qFR`MR{_5(&?>?1ZCKfenA0l9j(}q_TN9%(=i!?Yd2AZ+lM|PvZu^WVE zva{Q#e0!45BBp3?P?fQ);_mC}1QpOJTeda(a8Hl&kj$w1r#&a468#dg1eHqqq~mRolSVaw4^!9kc#MN{^|3(`AxN zo{lH1#vn>1FKwe&JUkIUhMZ+>JMJ>fY**#Ke`ecXJ~^XQe^!>Lprj=4Si|1I!^FaZ zlihz2`>mx3oXWAfy6VV}$&vId2LB+*_9?9>e^r<*1Q0z>iB01&*BQuZe@iDux~@ZB zgQXJ!&JoEkD7f_En|5A?Pa0Y7@Rt{d=MJUSAMY{C{}WI&p8au_O*8zME&2V#cwJ^= z%r9$BblSDC(afX^`o-ox5I9wGOZrtXBP}gKJvi@!pu4-9=-rZV1~}XNj+B=pz^u+~DuyJ@&1*u>ni>7}1ZirnIod{~qOk zKAbN4a&+Kwg_yb2tTYHSFcl#?f1*EZl3Wr{@AvhO(s;3ysV3aMZ{XLHIm;lP_wy@c zpYTQPXB582<-}&2ja}|n5TiEetT6j@WZ9ZAS3B(#-J4rMo@7wLV0Nd%@aFgR+pc6# zJc2>|S&dij72M#FL2Q5@X6O8H;d|ZT>X@4JSvU*yt@P{m1a#b4WVt0BL=jN)JpOBn z41$y2FH`!e;Ar^dawEg)C%jquyhQAW)cc8#Pg4(axQ!};OjeXj8ls`;6oSHqk6IN$ zhb3my&(#-lyrZ)H_V5lcV{M@Y1y5keLw&>y-6J&Yyo+t!!+2yu>nC3XqNhzBpYB0( z(eQ4)jiYMn{t`{sICNk5aNk85J+^)CyV2Zs`-fSN!-BXi9w;^oHct7En;Ya z-(==+=Jw-nud4!AMujJuyr#R2{)Ci_>UnL?e^nj7KmPJriEdN=pZ3d){q(Vw9GAD> zDz_%68D2s^e`jn@6xo~>uYbv6pEy~Er*e5-)A2jGGk$Tre`L8H^W=BhWcn3*<}$i(jW1T`T!i=WFmN-m#eElbk4DLd z>@AEgn}cw6yeE^~zaOI*eZB=?(5Y1Hkw^S~K}+q7m<#M%oxIy)BH9E{*| zp+U~g%+~Nj9h-OX(mA0yu0E)>zkYiXo|^5v7>hahL1)HqXh{ivVM~P$cP}pC0aj?u zir90n@v>9|=GP`6Ue3R_VX3`8%1N;F#ym!3itZxy%~bBJAxc&+vox;)$I{^61=nY5 zvr|c1);&C5Ye$1bH;9!NOly?3=H}60w&uOAn8~uEV3^;km3wfaw8l!`6u30$c2eg*QFvzHanDRBU9VfSLI$0uDvr;@+C9aIuU& zzervI2)Z&eOJJ%0a0T(}|jeD!#kJCP;LfCk=S%H$>Ds@cy)v6jAFQ^2-olVW@rqAI>Et zq)nOx4lKkO4Gk3HkQEUb4{~&K6JlF`Zc!SJ(!p}ezcCQk&%x9OFIX*!qJrwrg>9k( zQ;`d|5^8qf3$aE&daI$>4NY;APfWLSCgH&n4X0i;QSk^_)M}#UYQOz@;){kqKUl11 znOuZ$PjU>ZLDVWp5)~DtPH4?nX*bMpgt(8}V@OHVTcwH|-jBTMkh1PFzUJSS`MS~K zMw)k=9R+l^q2V!VKMA}wpF}@~PRXbr)52%t~OHMzKT3ZPb)L3e@`d&{uMY;Nl`J}+SzOi z9K}TVJ#Z7?<+oEYj{QgYmzKfW+S=loh8;;}WG}rzpu(kvX)<(6xiV|sK=fl~^Ce8O zK2kHDgO$Vl`SSwh&Fhjb;&6LN)DgdqGE|<=OpQUxiwDr~LNYRQLHNw$lmyq{FZgu` zf?OASHDv3;$wNabsa0(NL)FY3`i62gMBrqq(&8Fb#OHt%nE7Y4w`vkpe#`I_vhPpp zrwb2g;xkRXis94mhntfo4&IY#m|%!KYh9A@KMj8IjVR7ZW;Zk^_VHAcH-ET13qi-L zOX%f8Tht4Vp@3*MbvEl;g@7USIq6Ki{!2JRK!=#(8)DJKNGK`kSIEo6P?SG)YRtdy z_^i|h>d)w2=eaD{tVY0BU!utD?^WFBvEhpY`xtAI-@3)-{oHl`Qwv(N(a^D*nL5pi zT^hrzg;A!!{wcm|kOH*4&yQj%bsD!j;aim0ql;!)`ggOMB)tzy6T0u(P5viK9Ux2S zKnlEI_Y&_DeGUbM1;`Chp;?q`2qHGSY3NN8)U*Rl5EqnCNdj>c;HE)MUb}vs2>{Xg z?6W&L?hgoV#~^m`8ZYJ&2gIlOkO0K!+l0TLPBDaWhhf(<*>rNYcfH- zahG=!iJyHGpJ@Yqy%sbheSgCq^7P)SMlb^PdO{!o0e>wlBvj|JkiG461(f7RclWFn z(r^6p9~`o!0_kqGfmW86M@L6r{BWLY^xdCpaQ)IvXkAYB z6ZQDVJGy$H>-N1s9P1as3gpT|)$q}^NygfgD}PhWx^MyaP3?bPD*-|dcLn!g&QiTp zG&D>q%|oVt*Vx56B8hYh^w;e&OijRPe%)n#YgT#-qgYW@icZZ>*7%t($IRwnsP8tvN5QpbcS#*I4* z`vF@KFjmNW8v3KRkNc~$*}|F{6`@z7Vq}4zca7%LrnrtjF@d;4&E_s?e3Y~k3op=P zBgjsZx~XYkN>`v3 zM;YAR*$K$Lcn#)eibdkri>#UP-WOq7$XwdhrO#CSIdR3$iYVigZXDF`?ohGI9I(nX zQx;5`dV~xI-+BW9#`I)+vYW59IXM<>cEsg;-SJftPln2GPcb>Im6Ar|%iJ)gSJMP1+s z-Wzc@Xp;PgJkz(iU!$|Ms<{thj*yrv9ueUNTnD5AU&q6Fq0dB`8`& zYRQZVxqV{ewx>L0@-r1V{X* zbFvi;eapz*e(s*>z3>&*AU87CbY##Qu3Ojmp~QyY!Cg+#J0KS~{j~06yxKTbeodpW zM8XQc6CZPJHzsAoz2T2saCqMSPgxJ!M$Rm~=TRxl>im=(IiegbwA2mcjx!lg_TI;b z)*@Dau#r>Ai&-5kbE%XhBzzcQ=8AE!X3`9#;ab*lWtvMHSIn)nTn&aq}ZjC3e+|%{>a1$%nB611d*DaH)_Nr<}SfS9e`3C8O z{XjK16aHbT^`L@YNOf6TM&Oz|%S{X7#N0E^=j{BbT1BmMm+Y7M2@HUzxBiqTqxjNU z+Tev_N^>sTH@>&j_AH;u2R=&NHN;R7v82yt(a-#DM)lAn^`)guyAa5C)DjyCj#$&a zQy%H#q6yM=%BK_Bj~inpA!rz}tp0X;ou@FIac{;9(_Npg0&~7&!+Uwwh#uUSR~b-e zog{uCw#6mP^r3x^d&cQu-EN}Dw0^*|^!icvNU^%$>_i8{OxYF_!fM1DR_+je_&WA2 z#&b=zK9;mn6}QbU6o=eoo|OP^LNfOA@G3=3swS13&iJ@J4etaOkts8_dv+fm)=-fn zBBeL;gko1xw|my&=9Me*ajezMY;vELpG!P@%kn1-`5@+a_@no3oSfU7zBXa8dOr72< z^d%vkz4a3j!FJ~~lbFzkL6A*DRA7Ni4`=?h8zZY8($V>L2|_u^9iI=(^ww?Wu$olL zcGO0~B=E)(jtyMf?NvU+yT|8$(dax)PpQ>ORbN$@vaammbt7cqzU(V*-sQ7+$-=9` zWnlVT(U#urmU{mI_co1n*8#<1qM|clPj!Yhr^`ZYb=WnVfZl2X5sssF{(*J21w{Sg zeub<#?`5~CS$1s<^9OTC_3^af&0 zA;Y9OPTOQ^UNA(hu|KQx43VqwTn;(HT)!fbaaO>1dPD(pbYM{saKR;FOo zdvj`KJ}*FK{D!@?hJhY2xocj-gV7ncq;xZ?INaq%x|x+bA%0{{1E!Z*city!G!lLk zZi-B;=-t_iCDWB?n6+LZJ5ZqmH}nXqd9eDpjn z{4uWd^MqptUKO1w<^kqvF7|tqDHaN2;-@i>f;G5OpHJ_zs|Ekw+3c#OzUwzp4S&sZ z35UG+_D|^ACZ=GgFBB$H2J`1CK87>MRr3Gpk>;GN-f?(1onlqfkzh>S)akdbM$|y z(my{ezjqP#DCOG7E#YZJqZTuGh%&zREm8(TC35j(jTbVr2LVt_yf%I8%mov`_`9$c zS(d+GC@diR6m&@L2S22{Ok`y+sN>%hu0mqH4yaaa_vKx;Gt$8Ao+4@xz*VQR{)(MM zo8c@?p3r+IvcC%-)9)l+g_JXr?a6VPBepE&tDkH8TH3L=)Z?fxivicv5~3uccKdCF zh`z+9C%U1O74Oybj<6HBMG%5zyU6ga(bBXll~et0ZMEw%Cr#oe?p#LOUrubnPI zgt3<0Wx}vhX&P&|>mVsIXlAkVeaRqEfMA}ayl!M7pcXIgLcRn|0sqC5%!5B|No z53a;&Hw}~7>#K&Cu6i`h|L+HU1rQ3T)umin@td8uZxX(V`6mX27bt+R7lmm-!I}ed zzV5(h^I{jg8YL}Q`{4gY5%>lG`A*Jp^6<3c zX;|xDaQF`#hA*xnVc!D}=ld&2CT;$X@Zap9;NCN-^{WH7gs(dbmy9{h8y=qRS|Fiu za}A*bLddtP=)C<#ABSle=JKw4R{4`OfW5Q+4K1+a7!eXDPJR$1y9-%<=DYm+w*SqL zx(O^G8Rn3TtQ8`1a2~UP-AV;a4^y;9zL=&h29AT89_DHPm!>)B;_ zhbROozq|8fT)<~-A$2&z28!V)L9M|cuSUfszQFa`zH!LA(Uh5OA>e2*skZ}&&4!-U2=2;RH zk^*w@Ac!uNqk2k@29#(6YCVHMeC~Sr?KQYy@0y9`6)?H*`uu%J>dLO55_x*TcgwXyCXr-s=@u)EN07Ou%s02L37-slAmEsvX(fDn#oiLGP6T z`*wt&Ui8NB8&sP2C2^ff(u=?P=rCFC=Cjt9yfK^uRlu)e&fn3Afh4PUZvtBwhsFnm zsrp&m**d4o*#*ox1sCm|&8eytzySpG7~k)$AnRV|?}H;^fR^m{Rl^hbE}N9VP&YiX zBt2g;p%|&Cj(#dJrW0a8LNhK7a;+0wq?Xr^rSe2oltLB%lW2j5dZ(ZT=}l3m`GqIk|J6k7W#Rz-v{mzo|{!q8e9{a(XUc=-Y( z6?lvK5gQixIus5HL1_fNGG?+!r`t4ya^gd*%n$OZA$Z%@MKLZemG`fwG(J2CDOXqy zqnZZu0Tmq-=G6HbZshR+Z+#9J<3%{hufQU4Gc$)&T91EzOjP_%f(bn$Po}cm&>&tE zd$Wx{-axR=CXto|k;txb(N+C$RlYg!r4Ef2=29z2_M~7x8zBR%epge_@0uQ<8a{u6 z<|3o|@*4C$NOzRq>Q9Ew$8iO)6&|@9?!v#d!|7ex(S0E|#e&d2?G1;id?wX)dxP+( z=?2$(Q6yW_tUUFsV4ip#YqBEJ`(p*MMY#uzL&BjS6LLSvf}*1W93kvBnkd61IpL@t zvm^+UV8(li2*?5J_Vll5T0wV541cx!hBTWZeP(B5IS_GRHeu1p*AtS!UU35V53sak z5d?>Jlde)zbyPKMvz5-`A`H%$R1MU0hoz6+8bq5pq6?gH3&WKj8sO$%(>AKYd(-^0 z6nz$p-dI?$A;q|M1OgkpdF3(vuZhZBL;OaI3`sn3%Mf*XH3RPrh1!qGO`1rXSgHqD z(A1MNVi>U(BXVvuGJYOW-1Xs)nIQg&=d`+A5e4Bw6z6O%7(26Xx>`RHEJRU@p=5;a zCP`3Gd_O!B>bPhE#%t_yyBgu}*9nOC!~YCw$(?}m8gkt!I%?`OH3oDl9&JtSlMAQW zx+`sRXxH27F{`|>D=9PM;nAD<&CN}=QW3^>pqc9U153YjvTr63qAgcoDJ9Kp$T-UN zYdeX;`F*9R+`K%E3{eedgPWXv&}TK^iDtxsJznZQqn0wcn=Jj`@Rqo9ip9Dm?ET^( zlQ;lUmsMe3ckZ3(;tly8noYcHt?quO-#fxr8=4eD`*Ji_g}@;tB!}!^&|M11{5>n? zcubS+$9D|byqbX+eC>zekJrk@9GbVIn9cW?T*Us4&7um%b_cbIS7sU)nB+^(>4m|+ zo*;7#NbLhzka)JVdeG^#-QaWb?_$KMY#+dvNuFY2{YZ#%C7n_Hl^mtKd7@lO)GGKR zh_e4dTckCokoTT({;l)sB_O>2Zjh>n1@zMOFzLq8~81HoL;Y~lh zcMo3vDg^wbu-(uxrs9Zc4Q^}8zTvqLcm_=R&UDR&LRwT7WXG;iy${N?rw^bnkvG7@ z8v?x0V@I2Z)jRMYjfLU&=&sE>MdzGVv0o3?;T47&S>^g8J>LT_>l~+%om83%px%*{ z)dxMNJ8}pI1le6FFJk!}IxP$}rUfOz zc`auy!7FBHvea-4@MKoq?%tHAl37Y@A&+v4aJGf6Z9xRtx8*b0p zM(BGet?c>Nmx5WYjRbdr7nXHH9?TQj%fS5tJ7E}so!>-fL0)K`0*72}R$x<2K-nds zJAbPaI!DZ9K26ZdP38;83<6ZJH`k;uT1DZQpP#?JKnnQ9gw|Y@L}f;v6i_{rYS54I zHa0xnFX+cG0}dR~pDE!kjXA#0dAYj9U(YisL~L&g^y zo{}QGv=3g8147~tr`w{PD9z(E;{GOBY-r-?xwZRAuQ!cVrwaX~&l zDgd>XO2EO!M)BiyT(58nd8<0^)}u8RP&x9~{W=HpT}I^o#YK-2Abe8#!l$2b0)_?# zcr1({3&l#C{*+(8o&}pN_esJDW-nrwU|c1JkK{@T+(Uq}k^h+}o8?oJ^xhkYva_+l zTNGLYpAwlwy(e4}~wdWiHxRbq>p^-u|)%ia2z!;ZRDb1q=tP8?ZG#0slc3 zO;D++W^jhbN@XQZ5A3Ij?B$;;ezUvYK^kzAQ!*9s$wh?GK$k|AqILsm*rObVj(_D2 z{3qeAMMI~ZwRL9YgfCM7C}n)LA3=Iowb{2ApDah?sf!TcW%Uc6hRFM!?UfBfg@w3^ zNl+Iv^AD&J(DAD0kw}C%2yB``xOuhy`h(?;R1^g8=2s^+& z&n028e^)aJYUA#MCm;NyK*~rss8IbYZIE|+o|H0OZ9|may(qV8}2`s1fYxtx*t|t&trOU#1%+;kDDMu;w zyDKU8zauyQ&h`^tRk|Ecl5u_aE_`CZ_^UQMTb)fQUdQZ+2-yQiXsu${yRo{B<5M@( z6+^Al2a0sL^~)V0kB+yr!s4&M>LCy70bk!g+ti=JdoR0%-4qQ{Pl<_%g9Y=Ic*r$P zb@d9<7FH^j*;@O1yCb#sW2t6A>7CDl2f?@4$KAU+Qf?wuL`-lawNjQZBtAja@~*Nl zD6v8HDS#zgC0T0*627@a`8#m`Voval_mCsF(1o3U0s<6Wrd@Rg^ucsBsXin`1l*xn_Tv^YbdP8QQX@w5OQ>Q z38=Iw_on{A!bEW&;dyEO0rvHVnB$Z{j<7D~l09uFTgJudXL)a=uXn+B2@6yXqpoKS zsnM7e*lIrD9CnaSN@YsB<0E78S+hmhcU_I_ROPMx?_AfAdLH?=5Hf-vX;=pgCQTYB zb%a#(#kq1qui>@(qNFOR^uHg3!*aNx$#N6$7Vx&rO2;ssO>^ogq9dSHQC#tN{7NAj zOw5w`yaj*!jH=(!6$`Nj!M0g15~wvUvtYdB><{>U%gu&>H;v6XS=H$G3<4J42U^ zQ7*ByL;|U6_dt^GXamu$uc*-_J=$MTaP-Zq56*}y5A*3Xc^|7WUNZWVzw^v2uK&uc z7HX~=6O~!?A(<<>>!(m=+9H{=M6QZXh3zK9p2qYLHvh)EJ@6scmoV%d6uT7XgIaet z#lZGj<{*xGT47s(-p?bz5cQGZ5Dw-*zaj*52>hdHxYpoUVe=>F+$(n((~9-;8qVrv zCw$I{0;LyWmL>?P+X_;qGLu_{sHmt=sv}y`Pn~eon5khLb;tnH7b-2~slkv{*?eH? zS7`UG@#ANO#dlx8P(9r_AlPJ8yK-Yp#~Ke`>ZBVY8Wwy20R8|09kfRFMo>2vhVgN8 zt1bd$23Gr;d%&~ei;r9t^RpYhdJO1&nfmb^CoB4j42P5Sv;2uNeU5+LH3GdF8{-_C zL{}Q8cRp+jEQ6Xsz24eFQ`k}Hb&`Z$oV?kUmK+FvGOlk^q}0GW44FU8rLdk;vAs=0 zHf5l*0Xx6_rc@8lW<9>iEs>Hn zVfsf=5Guyd7Us2+cBSb*c!5v~z~EG!?atc8T9hwQ++%^*a~#-jZp=z`0WZb)*Z4_V zsUe*-A5fpi&XF@-`W$gA+}-dgGcNCgQ^Z~(6s7l|>+zgWU>w!~Vq@{it&-H720w8N zoLxT=epP3+vjLyQ!w`M{UsM&b+qxa{TOsMxF$^;~c1e5L}F>R^qLfQ#Hu+ z)uKoK)MO*gx&?FSFt}XGWoFylMQ?a-HBzuc6i0jPgK2Nh5~95EUd_0ksF;&7%jwy0 zr!eO{Zpx>U|8&zy(~3VUlPx_98g3R#?&z+dUl)%-e?H^co$z<=k9TnKZf1Y@sqcSh z5yE;^<9g|b__i)Ks^9dZUU=ytSD=dUep%G`w!TOfs@%0@ZEC2#KAC1zzexAz!GfF* zFbSq+`AHI$dL1tr*s(I&s}L=9xvU+L zEn;7bohn{dZYS=)-v(;;c~0kUh04=HB^HqTfygN`Q~IQ7u%tbEBUr?(3-#wPHpOi z4kuU1uVQ7(t5JKO;{REmc!-QwBjF7-`MVg?I!oGDBu9Ar;-{@CJ}#J;ZBmrYX1IXi zv|6eZk@!*l?^_xeYnIO24(-iYWQ=d!d4z9>5(N7d-H)2i^-vLTJ$dDSr8Lkqo0Ry&|{ewiDrUGdpx6AJCN)13@Iy2F<~-g-*Mn0@T{$R&YoSc9pBrzhi@3f7VY zAqV4_oOI1~|4o|s&fY5{4`<~&+I?dM{bd`k4^V>iNg@(g-UC8Yxe4-iU5QasH~JC= zs#KAg1xi<3NgC?OE8^OJn^5F+lOWm1An2h;=`$2#F^Gd6CPBp(dH<~)KvyK(|H+#i zG}0LS&ul@1ScmFg75avRl&>xfb&KiC%oYw{C6J35&FBQ;*B4QlFD%h8b0 z*`6JvUr(#qag6`IjHF{)%~#K;|MwwNA4GC$U#_)59iCeOFRzO70Dk*-P6?A2aJ`eQ zjg4Wk1DKfS){@sQeQ7}nXkELbR}2c_dt)F*82X@h)C;^ASL9;mLm` z1PaEhj*nw!YkR*P0m5q@^%Y>T|KBV1}+fO0keLY34P{=Sz zK-5n!#|^0ruEjBpYV}hBCVL&0a{14yj~=YTyY8=%cD(wkz&vg_69 zsLh>JlURz=2Z7B)8!%Si`2Sr4O^klIUaxt9&A#8Qmq~&*DA~!wUPkV1gEX za%$S?H9FV)o82lF{DpOycYLo05iXwB82$Uzz&b;t8JLRcbV=AofaJrWlg}koh0hVv zPm|?59#P?V%eclEki6o3Uz-KR(awJ+k(#uoPIK~dxSLQFW5&WZJ8|XwSwSLqQhrxX z@b?d|DQaKjGQ2EBcjSAbWT(b{*qQUPpeAnQCrjKy)?0~*dE(;3e9KiDK9^HBNDF3g zr#x2c8jxnXB5}o_1r>jYGCc0QrPtw7x7>)d+khP>9D3xxFULn;bI8~@<9(7%PGWwD ze$#=rWWw#A!ntJr6^$n9fP+?wZhN~vIShMtCoZe|Gg~Sld1gCg>Q{bS+yuGveJ7G+ zsJNK9s1IIvL*kRnudZA8Lq1*a8pnU&{zf20eGHhO!_nR_tmZBP#>DQ6SZRl7E3yNw z!#dYpm1*fZzH_$hQcK0JzyhQ(ld_U~D#`Z}uG0-!X*5FRBIyEb%<@tA>uyJ{8{2%B zRTkUeJa^ecK|=I?DcU9g||Npz#WUMJYd3jvSpd@@<+>}ZeQHV4fmnlYje={|3 z?T0PU`v=*0cRPIEqSnRCo|JPq$GhyCm64`R8)9(eJbDsLLr~CfjE>ZNz4U3yQW?Ec zJrYI_9E@c#T1?VMYj|4~y8ZbAtGrQboaK&QrHfv>q#s~5UvzV?yXj(L`k+_XyQ^QXn!hETd#ESw#fy0sQi!!sWq1$m zMb|IvOh|SDL&7g;bKlejBO3oecRQ6@XhF0*uwzIhqkAIRQIOB^Gg9pEe79Qv&zwY& zgy%;llo(3N*0b$>Tr8TO6^|lc;fT5wm;lv2QCE^xm;To#$q=9ZBobz;cW;01*UHcE z_xb~C#h@ckc(Db(<^b#@K4s(ztXxS7vvq0z2ZdcD%zPx3o8L>r7k@+&|2 zNebt4DG7o_MPFNY1_v@}>a7mjwkOU_-;9xGUNN^CZ^Q@ED6=Y6-!YYg z4ibIrrqY9{ai7VLG!SF`f;yFWn8rcOSkP?4DbV}tEh>8X%O^W6z;}pmO%W}=m1uDH z((hvl*N&v{qcSXiZlCV=TLux4M#EA>7RP8cXZWKpF59g7Q9A!qP6Ae$XjkTWS3hbk z2`;{J$Y2j7wvRx+Xr#Rl5@9ix(HufxZgcBy>#|FRkNDd!LoQ#Ozq;--OJJlAfqUuK zFind+Baon;?2_VNmmJVai{~~>my*;ardjK``fDq?v`_384ci0 zgjnB<@MKEBO?r%z{vuAoP%CbVpNntGvxn*m5K_DUI64Ro8fq>1i=a+ikyE9+^^oA!6+c?@Rk=;lS~!r`K6ju!bjfohx?+1#}AW*KD*2r zPaYUe+@W_6SoB#>eWp7$qGoMch+wl0=Fkl4kkDu3Q`Y z3J@UMyOx4kz>yN3Tzfgi6RszW{3d0Jo?jR?Q z0>~Le4DVxg^Z^i_^4!d(rP3#J881^QIpsawolS)dZYW~(LEn|Y$5%C(>B1X~vvmZ} z&l)O@pp;~rQ_!uD`b8;rC{yN(Zxg#%5|{4xm($VX{Uyp?_Lqxl!xJTYj=5?l_hyna1DP4 zJ#2{cLE>mNf>9OpHblDsx|M3W#!eIHEF6Q{__zW?{`nG1N+Zy^$?l;jtEtu$m%fP& zf3Wd5_}D|`3tInBBMDk!0z~XK$Rpd@+J@wMazOD9L$6!lw7&t+uYBHouDny}TI?r7mZypVbE#PuN&`AZH4eUic zv41)jF)Tix`=khoko(&YMqR%Hh|han@$Th^8QzQ^z!n9dM>n9yedCi3@o;SOcedfZ3mab)m8dOGZ$AL!V5SO#q zJJe~XpZq=k+!6Ldmi}$bt!8u&GFK<$-MpJ4B%DlHAX8NdwRVDLbM$!b{0DKzn^g16 zy;g!^-?JXo=xH&aVJ)s(plkyh^LfFJSo&nBy4AR-y%4#uA5CC>o7@8p^_yWv3tbaG zS8_l2g^w9~K~D4L8ECtI%yqZ3rPe7{X%&=8Indt9a=4&9O34T9`6J(T>RW5c3Q$uz z+&31Xjpv-#aaNyXx5(MXa|?;B+!{8EU!sUzwueav4*l)^|4|=XXqwnb$v!`Yqblf5 zGQeGCQQcmj>LY3&K*&NIBB(w^q=U^DNB`(fI?*d8lohoyJ1NNsnzlQLJk9_cZZxgJkN9hLZ9Er|WVf}kef)k$vuyO`gP138DI3spnjDXEa+h^^l3iL|}dd=@u;w0A}@5oEj_gC+{ zW)^tw>dMoznn$duu3L_QtM7|HNyO&%EYadlpd}P3aQ(<>$9$N}jIWM$n92WZ?Kd+l z)MQygLlC>ORrlO#CM7?y^q@W}OnTt%3thL58lV?FiAKnpKWcmaSI;k1(l+|IU_CYx zS;Pnf5qG)NWA~PU%~v6uS$94NFH=6nwNudB$+P?wG1|+lzYTS5$D$9kS?)8wTG-3?f8>+dDW)Kg+o@xNi?Zna+AcdWpe!R9dlV&6$SaV0ZLnRyZg&XZQpc0ir#M>aKq1^ z41;|^BY9`yTSbAOhSJK1Zf|*-Ufk}DmhO${;CiDm6Xq2@Z%JY=dFP#pb)-g>*i9_z zh}&wav)a1LY}l;zM>)hQnyl3Q1`pD2ysEkp`LnnBDVOj)vak7ARiFrTc{{nP+znGh z*am;DU8#A^?XRmIQki#R>;=CxHTp4XSjvb5vnfv*k`pdI9WeFohxG0fO5iJbIJ%M6>48PDyb zexLX}fvld>xIvlN?|oo!eqDfR0BalGo!({1`GZ$JsF z&GZWu`=^^_X3erI8M^h^0b0@F;BW6`-4+UU-tVxd`u4k)IJ1E5p%{t7h4ef5 z+~2}1lw(|HmM`Sr=JPmK*MrXggtyhoKRlDHcSPKygUeoBJifR6i-ZrO!`MwXNU}u- zZ4Uds3#4au-M1kL!+MsQM;uPbz}(z-NnOZ9Mtk_N4LT}R&}qrd6?L7}gx4Ni~Y=?{8{b-k%!EDZ1G z13Y}UJ_X9fSB5f)HjKyu(u4#o-S*sQ7nR`Gouxg@hAHX!#+3ci+}nLy5@>o5lN9|(~WeObcwVyo9<3&kOq-Xg-v%V zjdV+I8a8{K<@-L*_njYSoF8ip_F&C5`<~aluX|oo*-VKkmc^7Ed)a_rg~i3a?pyKu zjJl~cBG%*qwvobj18AW#FM^tfp(GWK*U+PzJ~|XpD-G5D${4lUK2^vSr%Rf-y(>m4wF1~#!K^1k&9WUL*uP{4VOw7ikdAEog`hulN8S4KdO^r zyj7)gNeJa_^~tiVI!e%W!CO+mp^PUDWN|6pe~1nSk$lWf5`k!UPQOPxzk9}dqh7powY!6U zC&Zfrea~_;;Cf*`7R;=d20cE*qsF0URV2LlJdcwy`b#;@lFp)bu_%4NhK;aRk-C39 z2ArN&E%J<~vT6BRej1((WnB^T9F~LjNJQz}V+*W2QvQsf1>Aw4U`x4i`Z!Ts1lO61 zBSp2Cm22G)J2l5F%}8CvKiL&wbT-~+MMPe^L4Yr^#UrGX(V=hh zwY`)GvlMq^Gfb6{>$_ilOUo+Io&2^iKO#zl9#`=0b&r#FCVuzLRg~VTUEl!_^9c;Q z621=LL^V8K{NkxjVBY^jn2O=R_K^Ee{y?Td=MEQZ{UM{uJPKh3_1e~#-mb4S{ZMw1 zrkl(phT;}b1|xZ3y#AXOhL18R%VTleXv#+at0V4u_4!ziRtjMNNgxfP}SJl1L9$ zkwu!;{o!WS7geA}G*2vJt%L%v2CM(D9f(k`gHk7S6?2-%O7F^t+z6wwo(vG_&>F5W zDdes;pgKwsIo9)+$axlpDSGlIDC90aXP-HN5G98Z0Q>VqiF2FSl!%GC+z2|fo;L_< zJ8IY=t4Xc;E@dq}=;-xkKApHc7v(gW#Vzn&&La1MQuP>YKYe^x^r4ksJKpCqI$i6G zI3p_*(RCTnRtATCd7E;Rmyn`_@8x$mk_9lz+{EMd69pvxSU+n2_zzcrWFl+zt{CJt z`+eHwDgB?c0gie$Yu(%{l~?Z+evOQX!@V8TF1MI|@TalR-1c6?(V=_IXZfSl?!U8$ z7*0+rSNzSAxUr?oRgT7^%0k2!Y`*QRF=V(h)CjedqvR+xdxC~VPK$|SG0y0h6&K3{ zyGyNdd6{F(8h@gI&nQCtL8Ar$vCbzpgE)w=+bqSJ{8+_V#pPJ?7c>)jX`01Ht**=1*bJorv zV!(`F9Y6>G|d-m0@Ek(uAhPG#(v0?bI7^!oM zCkV^4MMFp_{`RDZ8_SHe!38Ph(yRGYlV2*Nm*7YZzr?<9^`cPv3gU1WW;$NLOay}Z-`9^=T>3N#R)wgHvIGcJ24J+6Z`}va& zRJ2jw-pITb+pd(-eJsapQrvkwLbsX}kP>9JfH@-&B1+e3LGpN`pi=lTEl2XkM=>h_ zDPwFajgB{B~n2p+seM17jV`Oaq5JRYooNMu+!1XgUNe4${DM!zlc9s<2 z(ilGYa3We_o|0H3o8#jpSd`@O&tsDokOb^20*Q7RJo60oQ{Syy?c+!;4N(a_7B52a5%zKW986w~X-0y(^3rh?bX(1oUS2 zUJz2dC=VrBMR*AV@oT(8^IYI;K~xgVZa~xEkT0nt4wM&Tbst8yU#J)$A9tx5*(eEf zy`rs-BM;AR=YMuX(Cb9>rEfdU5#FP_!6Mf|Z6}IAvE4Qo!pkzx2yyv#d&T&pH*ny^ z7kARTs*AS~Z(hhoyeS@(EsdmC!Fm#E=C}2ZJ+c_%_60U?5fV(;IUdR+P=1O*C<*?=B!ey?xzz8nmT}SN>V{}iY&vpjs7_5K zSRaxtEabL}`B{Q4u5`3nB(y!hh|8hB^JwQ13`78-w06UoxXZ0KR*rC=y-8vZb|0Ur z%|>h)Y!PI5B4DwQYuXM2R+EA}_^RDS5mYVt1NQfr{xcH1I$B8da!@a?M`|O_4^-21MdZmd)BnJp$QcrY3J)UA0>3+-xQ4w zgjfCC9Gc5>{`pC~>fhi7nYNp~@8)@zo((iOus~pNbm@NL$aC%DI&SVw*?%*6odbv8 zw3IH9BUdk#;&(k9Tz+bIeg98--TeZdbWo+p_oi(r065*f$2R($zNz*6@qa6zoDTcJ z`1yT3x(V6jb>wG9OFu9oLP8AG6siDeAI|BU(zXk~y0I-1CPCxmNma1WcHa?@>2KRz znT_?CjW<-lYi)Wo5sQ1a3cJ9z`_qh}dJ@nUSAvR4zG%Y^3Vnjt5vh*a;qe{*PAaQR zUm?O?D`%M@VXQ!~rt3A}b185?DT#)ZiSNU{8N6%Du`_j(-q{(v!%p@G_JXjX#?9A3 zLc9*UySR|nrp>Ac{ifK@6ZYd3T_7J!J!5zasO{{;FEw2T0DLMCzcTghZ?E$JtuYfS zlP}uU&e2b+k$ukHBVMf?;zg=|S zUl5fFmx-`-zBqSU1A5|%J|95Aqo37Z-f|!dPgdcpKRWpV^bsA;vt`1#xuzSpk9OWU zXv(YCzn5d{h*<^vWjbtA|2ASmGtEoJjutsA!e!(tp!Z(nl zd#T@=j@E$4ToI3DAYoJM%_n72k%#qtR|NMfT01F0f5DD@tuvVE`8yinw-Q?Dx7Giu z9PGhHB6GeDX@kiexq^zIYOU~sBSbX&s{dh0{}>qm4H;wQwG%QnovGBi^FoDOx^6>j zKu(4g0Q>(?Mf{uRwbYr&y@>0WfkvJmg`cqb zZsxLebUDU-2~qg?7$SM|p{a%U0|Hi{)XL}}v^xFMXh#1MO@#lqkhm|rXm!jmi~z#| zlZX%4Z%9t>c=wLCouBfRnQDyh$52O##v8O0Os(4!S>%XnqX+$c3AEAWa`DJ~qwVTP zsbsb1WG(ILfQ$a;pEJ$0hgow*CYc+PvqolF(yJSub8obH5fH?J$H1JU;O#|{*#_h^ zU2JiD!uE7~DZZ-yRph{I$7>FC`BJlLLo?ciMjO``rng4cwVF5=g*!a}=&iiE#jJjH zd-FQ)7PdA6oBp=C)#M|yBKi>}Ff!Vh1yLJ7F~;`cSa!9)35s~x zIiKgfBSGT662Nv6r(t~BP_zt`?ni{!lDe6F{j~r3jmnbC^1~9!?J010^NeKf`-2NS zh37m^^lHE_e8R9pAGryMfqJ)x?7KJr5w*zS#oP1g<#}a6LJ@|R_*eo)tAyz^TSO8p z$H7h4XA@d6qnwP*+yh1HtLUSsfawIe_sMpvswJ;d%*6y&0N0t({HwT%;P97A~jvRoJBIaN)wYwwhV2`5_hNYhWOH~Pd zTqzem^ry6`y=^xXlE=Xb-Tb=LXjoi9@F8Hb{1LB+SB^u#WME{9Og@YZXY>0Pmf$k_ z!g^D-qSP-`&O|#&!d?6#3CbB7Bi{JA@uc|cknll9;`k;lY)dn6rU0mTi z?5v#7pXB#rn8FS|=!DT|E0*qLhIz@pU)p-;k5 z;pKeQAkaFMEH6_P0+evye02M;4THlt5v3X#11?3?zo2`ZZZ7kRjzmqrxA#0Zn!HY_ zuFM#nVEfrOOw^j%ivmpvh=Cc?L)9n2DBM}Sy^^>aft>8v8Rmv!*b4*!H1s9Z+==)) z)PVDRS*hl)ap?0TmS-^LWP2IrZ3!Nk3?bRcQVpwYf6qU-j<8J=ILRQ?aV`f_{NA;7 z+id7B6{{{?l2O?=#ov4`m&MU#I(@+5!#!+tkYB)lyq1N>N&cR`ZGpVPcsJJo1#VL*%zTEw-0DIBC(@^Ke1@ZGZvVA9I4)k z3tFoW3zKoz-LT}n2|a%j0@P`@j&rmBZ%c?FdknlJ(2C>5{hbw0+4syZnD>j_1o}B_ zEq)7MG8G2oqGii-@D28oe6{{nd}Nt8zZu7AnITjGsx6Erl?<<>D{sHo%6lRZ`A zs%7hk)#*%_6KQB=pnMp&81EQwV-PnBdj<<3)5|VoAsM?Am$kku&MEy|wc_dft6|fX z#P|FzEf41v1{M%q*3gO@-$GQDr}E`ysB8*6KQ*p3@y1hO`~W_lV^XakB;x$5qGgHC zp|wpmr|($-%yiD8adoBZ3nwTsnk9ZxT$nk4RWvXxm)J+4QcL%Jy)q)h|4j@B|sQ2qB+p5YEqC!!(cX`l&?u6WX?%;3pmLO|Ca{ zMNry)*XQwzctzpffk(xdG#IIJ&ZL|*iH+Bp?jMF!rhIb&fn@Hp4JzY%_!(1&=hl>Y zHO%#<{seK4Odm~&RXhj2$HOxL%z=-asetn z-=!XLT!5j>Suu?ociHz1%4 zWjpVORVe2~@t55$_*_FyURLwpD6RjCRM6n}5cmg}mk%w}sN>3AX6UvzXc-a zMEb1$>3u%9^k)b286A}YO&0FNgznk#Gq19k+o0YNgYWjM5I%5O{&;8qIUj+G{@*MS z{}$naN_pLorEq1>k4Had4&HitZw3~nc!7(~_8WSyw>p$kz)|Cz2)}isZ~BLvOXGl_ zA0@csahvZ-z_=Gxa2lG-802ije7(e0Hb1@ai~bqMtI;dgFjQqkk@_-~$L_|EbB!{nZ+5z88V7gmTqtJ(XGwM;ecaGHyEb!pS-lM5dg<%dbsaDxFw8F z^yq(^Rx%5?|I2r0U(EW|r|n|+^+GsyR)z)icyjs7PU!pbIsn4K?XLInDt}0t(RcwB z5s&NJRFTR0iPdELAb-~%ZctF5X64o`7nNQUtotGYqS^E(Bau$}S|@Js^+MqDR8Vj> zPG`v(6miV?mA?ZlX!#*;cXTffQd@!Z%c^?)m<6Zs@P6UN(X&i+-G30*eHhB|ukU)q z|NnpKbOD)Nd}*nG=-wjk_{?_$lUtLU-{1b${nkX1C;*4e{**Wf$H|6b1eXV1IeZn} z=oJ3_%Zl?b(4DuVto(=fEeOA-N=;Uds{g$S{h%~VaUJW9s4xOUQ2iz;{f@tIIfC@* zX{o?rR|-;67@%Af*Fut%kx>~(oS8sy(UB(*uUfszGNJG|qt+hj@9&Wn2pFr;+3e~a z&d+AocwH!VIOjS{d!>aqTyBEWf&%-4nndv~~QG|&Tg8f%!NM-Brt|(NF1rpa z6dSoJPul*^dCy$K39t=qA-IG{^c;W9V<-|Rh_Lfw5YpU-A|c?%D7eW*5gw`j?QPYk zK$ez>t1_O@k77Q+M|AcNnDPfJU{pK|wQh8g!XA)64*u>3WP<}AoJc>wxZ`oV^LJD5 zlQ&((t~`Kdvl`}r!GyIIQV2`|MrN$)`F&7Q*qG0VJ4e`E2JT0rF~++6y!6!u5BP#H zY+#G#%(Ukjm#voBQp1)E-HgtTBP)1mR~Mjv&SuZ`QUTEQvZ@8XX}AiC>JQ$l@#8z){M<&6}17|7MH^}42c_K&;WxWEn-PAKHpjw9!^!SLQ)D*)+T63-7)w-deC zJq~Wy>pbYNmWK05mVx`EJy4$=YP*!X;TcdL@xS%ZqR?r1_*1#`3`?GJsnW!Ey}VED zm14eM>8A?sOY6;$~vcHnsqgHAxbRjYUfL4L>ZN(7lulsF|nI+|8w~cJs*)nhNN45 zr022<3K&YRASfX!e>nsS;Nq$i)bLertt~Zb|Idi1h(_ZbSTcLs4}~!X%-R zgHb(xKW6{i)S(Gt&zzn$*MGZwj`*zii)0v|t^wVCr_=COC0~5gN-qt-?GXEZmK=K* z3TP_XMGXHXoay|~CByan^sEF$P-@8+t+bxrwT}%JbtDwpNUbUq2h0A@DZD# z8+r?W$q;p!QlHPY4&lAHeINcmb3(`65SvB=fcosBeA3c7e#j~CL`}s0sL5_HPZLCo zLaT$z%>0ZNWk6L){xpdovn-LNVCQLHP;c)d3+oC_CS_wc&h}Xv*<$xwt~0q%6YxA~ z+^&!?6D;@PK^N*pG2VE!7~Rh9YP52F3pvQJA9bcWxrz6P5!m@MLe3>rt8dzUkYo_k zVq9mYMcaD#=(h8{X=eih_p-~yi8@=xsfFELufyp8ViD;aXn+#8r3&hZvqI*#c48yr zrOT)zbBeGZ)a`WBCG<>FX$!VU<0APNJxjZo@lRn%op5WnnrT!2FoH3TGUyp3x2I(4 zsq5<| zi{RQUV40Wa;&hI{bEj27;4&>CsSE%w?}w9`iJ?c5xO&~~0?6<{t-m8L-dM#bjsQ~K zjcI+ZidFsp zDv_9WlkZrl907ZfQ@3n0o{z=CY>$_68I#SbJ<(WxD)?ElkRg%^*9 zdP2O_Ge|W1?@gS9Gz|qgC@fI_w>pA9HJ9|z)Cr7TaO z0^PT;qBX=xnFK#D@bo`Pp06XQNdEg)$T`%|3CY324+vG@jRVeI|E~l=>8lIcpAoB| zZ07tym6H?FLz5;OFz*V6_?u3yb#3q6h@+#0sZ{r%ESiO1pQIl7{HLtz{ z3@1x{0IDHt0XsjdPNw(G9diVUdBWM*z0x7j6R9&GPy1E+Y)^m23$p;9FB^yx_0SE3NgenoIU_yFC7h8Qdf-#S5B$(9 z;0Myb@dG3p*?>`nD%gG6*+4YQIKZyOJPt6tW*7lL0a4>NxBY3`-#(Ye%Z1hx!(unc zx!(>;?{<$u+pm!~57q70aUx4Nvg{bEfWm=kZ}I*r5GAr}8M00%~z^TQ7yCzd2m0hNel1m7f8i`h}oJd8Hg&<==QC=-UF& zp@?p<3q6qO)obYor?W}KmEUi7qA)&z^X*fW-?qa;p9*Q}s}tWXCR1S#;nOFt6bblN zn(FYZiF(!r`cE5Qrsen!H@Iv8j(?nf$LQ_$eXo5A+L*%UYOj#t@0i}_;F}f^GO9pL zd-Ar{J3oo2v)B)wPDO474&B}FzjGJ`<_Q^xoZ*m(6wIF9_29VY!E+Q&lYT0q$<3<5z-@5hIPl)JzMnFDpad~~4P!Il3E(4!Jf&|^ZwSSy4yYcO6Y@Yu7 z9dp3|B!V#6I=8d4e=K|CROSSanh){$cc$4zQ%?GVNV=Lsg*y#*LNq{f5CuX=o~l$VsR0YmG`Z zK%s5e@r_$Hju{2$DgJs8A!J19fk8hN^H5zNj=&u=JDEH*rL_E*G*sH90JQMaEhi8JEp?7ZKjMYVswp$y(4^f`-Vpq zc`Tw&y+p7DB^G{iB>iBo{^&CDZ#kJ!hz)RPx>AhbbAg zrVUFYM$(AYpz1q)H6Eg<0Q!PUUGnHFEi#X1G1PW$c2>rr{?curs|Q(HwVtQ>UhLfd z^Y^kMBS7|y;4xr7md74X$?ehkg%62asDLRAUS#q^I$D6VI5Ni--BLw(wZOb8BJ^=6 zOnq_iPUZT}7}2+-NRO>1^SCbM;TrFC06>;QH)5X&6%WQ&q)f(rZ{9LzB7-fLan8O)5-=1~o=Q?|e9EwXRO~{^z#_^T6}M0`xF_b7{!Lf9tF@0eRnjOjc1n`H zChiye?_xL%L70jlBsR?$RiBBZpGba1Nu-M4fH!+i|G7zI>1(_Q{K6tyC2x?dg01pr zh8iQH0xn8p^lu!PllDN$yn896qfVh#_aq3o@s_&L-LQ1ZN ztCUf>do2Nm?3aI`Ji z5fgGmcY%A%(!EF>#&X(}kc#ASCvj6Xo(q8_yvzP4$ut24Qm)o$7&A;mYBbZhlB}%C zejBk-eJ{&71&jLA_p*Sf)kt)nn&WFSM=^!XX8tMw2L-S3iQm zmMO1v>I}Wz4m3H~K}qc|i`Bwan`CaFlVlwh6A7mmt0G8{Noi&7p_C1xPkK?vX2GBA zJ4ahlM#C01`{UIp6K4kdQY8W6}UMk>(h z@1V3)N)QYYYnsuai3m-qSG3B~#+*Wo!epj+M?pg4xi;Q$LtF{*Ump zcDlr`mRK7vvL`+$k5s6=HKCiZ<6lrK5$<@R`5YV{g}C~P)^@fdPgP}=UCs;*6R`oN zq_DL47%m34Qdhq=<(D5+eqT%mW(4J`gX2)xW-j54RTNMgoublTl9{ulDv4y8=v8w0 zYw0=LV`FupH!J`26!J~FTuW_n6*F)0cX_*JIxhk5cO4H;BW-K5Rn00~dhEtxl;=x5ZTjZc&ez ztJSA9u$+Zji;FQ7%V{3(0t8adSJ1DWi$}pYlhBM0v-H>JOWyf65JNsZg1jxL2+Cyi zqXHi@CWveF_)}YE0gW3?q%4iY+ggXCtL$`APR81Umf4R+&4aBkL>dZHKic0vpDSlH zMALi(Fn#`n?5dd~2qY(W$ya-V{jEjJ`A;`i0K(R7sw4OIS4mVL%_E#=c^GTV$;Rf` z_!2P{&;~i72x>{QP3^E!V1b$h8NNM8`IJ7-yN#wD`v{t~%a}y?qyh!mz=d)Z=6*T- z=y`FJ1hVvs+WL*+;vMdg{B}g(O}PkM49!Vp*}ecrVp-pcv_^CHW;bZmW+D7bWS-|2 zW3@C2pBb50>^z`?BSGFJG`i&7mej;IQ}-ywAE0owcqHaxrsl`TvvW{|C(=HE&T`jY z#KENg4u=sPapcw~753?a3`LhJ_uNUNNuxeo_i(hZz84bl9*w1PctgLTjZ1`dt1@_+ z`V+ofQiMb7wy00cvHe`ruljY+z!4SwNWXc?gscqhEWqFN(OBOp;Vki?sR8Yod2`F` zUDM*zu#lX?i)Y7+1nBf>_cHmfuAzVRO4BZQRSIsJZmN$4BI(bWk`xW<+Rw}x@q7ox z(B6j6d;)h0Pc@)47=K1C$ZU+BGBVkcEj{78p2i^^!b0w&?Bt0D7D!EOm#d2aeW)75 z-7@fCK7DLivz~a70!E&zqIkisN7RaS)qC+sMDw)j);ZM1jflTaG}~mdwax;yJ?Rw= z;rbmUhgM5kqjaWd=DG5BQX~i78exoXAtpclePiQnK?)dvSW|2HeG+Hl5r*Mwo-o?2 z?ht(!;6}h8TZmfN0hdJ$~WV$HDR6t%rEuDWrF$y(8Tre`dws0cq-8 zY>9p}AJab0Lnn(gsWVG$!p`zdU# zWa|Zm)aku0e8$F8n*CXuGTx;a<7&s}CV|gK)%@Rz-Int3G9~V3=Pl%gCKiy#bK*ie z(c~-k^h%vHJD({Pq&lO1fJjTs_WJ`k#|5vf#}pmaWxnI?Ljt({PYS5GP8UAP1xtj- zHD1xD3r-m?NV&XT1i|S#N`Ee=ZF<K?aT3gCCje8|<#DJE0+M9Z6+WfANK+AJ+Wl?7Z2Upwd34NG$wpltu8G6!4f>au6 zvsaU6gEC*1Dyt*f#O(&u!3yUx0S&tuWmrX*coEYA+B&;gfWj;Lw@r$MI`rcib^h=g zG*g$uVd0HnT?UlIxJk9YW(6a7l@rG~=4Xi!?O-U70S_@4XMCSiAd+mm3IwfOa*{}t zw7CW38Yd=D*~NTPR54Y}|Jz;tek~&eLz+H@pH{40BU$eFbWT9d_F7?|l+P&n1$d)` z_fY0quM#YPQ$FR(JvM1k>8PMWj!o^vSv3hCbEcIqeNnQ@w%OJM2Q-z;Mb7z9j+t9U znBKd4Yu|G%6Q23-i0Pm)4vX3)bjD}EJCHrmS8|e(fAPipamiu^tB09piH7S`@|EIe z(KzUzrm~FVR0%Y#7Sky{{uzD5IuO?~^-;fC#VXml<^7Sg!&?vaPsTSUmWb}B>8cj? zI5`eBs`xf^Jb+t_HLU>NWWM)y)XrduH#T!jd;b?QbzIF9dKUp^YGPgcrYWO`uYGi6 zuY&;^!S-2;lPH%!#(Xry-+NI(glw++wC=%s8uqs?>%gK)ZcMDiUj+J}BW0N>7I(SW z$cf9$nz&*4@0u(K?~YJ)>E2AeOZy@tH|CK!h@@zs&hwHG_5BEx_#ReD(E&)kPR! zGQ1GWYXG-&YhQXVX^4ZNUakv}YK zUE7}!xcmFekaMaa?GoiP`H(9?%Cp~3^GOyI)gQs*MO7KIYY_vEO0MN&sd-*s^7_fn{LtdaFZg}|W0-wUZc zoT+E1b>E-i5O03BqaoH0lzUsi_)=`3wA9E6^D=5GFF;TvhI%@eg16k2(blknM5OCw z?&a6^MIw)OL#$I3{kzZ4h(B2;mUr{8x#>ItG{oxp+`6-JE=ap^fJCi;iiVB78(MI2 zABcK~maGS&`qp!(>Pt}iTn+EGK=z<3@C?%Il=yl56Q+#}9e>z}5U2Xz*PR9EDTa&< z?(8B&5vQ=6+hjR%otuz$7B>I4&&ycG;uv<#DEB341=1p45vfXxQSH@e60Jl$&RY*$ zU*{6HEvT0{s(w$UOpl8m?du>eT_YYPsP=F`jGQi+qK^CeYg=C8@?%aWVcK-WBRdLWWvMb6_x?p za1Jn4?1YW|JI?CseQAevQ9Zk@XqCRkn^2#PG)$Lu=)xnS1VM3JX+P#vhtN7=+Zmd} zB9`E@H<#sw#e4TPd~GCN6FSzS^q+GvV^tW^5P)!~;5izde!Vp(d>_N`Wa_huJ0jt++a4j^Q?inmVN{s;R=ubfm}Z55nWY-B z{#;$Ak_fXXih?z!a%9n)Qh13GP(Yo@SME5B8%unpeE%dE`4^MU!XT}w5rzGVJ14Au zQY7gu%c8wEGvq?zz0Jm{u^a{| zpVtu`r>bn+{@C z<{JB4ob3vO_Z9O#9k+LJ8tKa`($IkC#iW@&zeof=%i|iSGSpEFseEZ0KW!fRmexV6 zs)wzjP^(N)p3!AjSGuJzjpW8-MnemIK?UGLP%BA;O}=aK==*W+J^Loe*jq^>DTp=3 z{p16UJq|4+?u>y-XDS1BioWKQuwv;jA=7QTk6n(2t!KVbL-#jZBE7!SIOJ>+PHN{` z<(Z;MDZ_g-g|7@gf&*H+I}7I~M=i5A5~7VtRq@<=YKby}QzhG_t?}F2+#H3hLg?aq1hRW;$sWjrJI;<_Fev6;}iaW6; z%wNc}lnV}*6Z5oxE4ppj7O(ooHA2~0zQ#&YCC`BY`yn1`&FPi{C}J~!fdiV0O3`c+ zK!Hg}=|rE;O58hy#r!;KmUyrr7!Y+-$eG*0Y!S~-C?Ea$$%9&&1#PQL)r_MMd(s_^ zVsCz9=&3gC7Y+KPSH)GzX2eyP;)i$KPZQrZ6NgKz2hv9SR)5apt@RmI zx=_HPVNFl6X{=z7rayvleoZP?Bx5xM9m|k1pNT)^`4(z* z2#!=9?U+$;^G^Y3=&17&&$p4bVeh%fRQFVQW%mo+@2gWnz9siwjXHb98Li4DbjW{Z=*oi z3@iMC0gFkV_pw>}Zr+AEt;+{+z;llz~eZ2AWzEAG)hc zBO$(B2S0~_`1YC4G5_P|zB%`ZCjo%{t6EzTrIt1*D-dtuW^*XOLFZeuy}+cykt4d@ zVk(LL>2{N9I0a~STwR&GU*nBmA@}inf$|^Lf@`V;QPJUtvvRkR2Kt$|o7uB?U0n{{ zb*cYDnn>kxA*4Nohbixf{R)yL6GY+xG5BX$9(nj)wMsR&(Z&3 zM9ylDGknG&*O-Su(>>SpJB<##7=e1aI&>S7JA${^q8 zFwj8%qJC$}AQC##UrNhP1MlGbaJ0EPC0$7uuZa(>$C8uBRQqZqfv@g?jDLD5@|e5_GbK6{jPRU8q7?NfAyWK#lL8;GOWdL%rb@wZ*cn!J1dY2Uu&BC zD_XP8{T+-9ysLdhV4e23`ICOuH39KgBbR@K4(R3Q1?!DDnZk>mCQO9xu9V5?z07kx zA2Hd2U{zb~zl`6AuoT+;#$xE|u@)d&h8`!xx_)~X(DH!b3E+D$Y`%~7tyfDFh54o_|dNK|!$rmwP0i|1LX2g|c4NiDnt>Tw_ydlyib1ozwyZzKiZ z0Fra3Jg-82#v;aEMs{Cgdad$tk*h?M*B?;E!64XKVsl+ zi70DK$1+I&STts*%dW;%|BRjJOUh&`$CWj+(fJDenTUh^5nD>e!B^&o_Xaerns2ftCX4L;&rr?}}e z3p2<|2A)I93zBYto@*03yD*@DoV3I-&->GQkjf_68~&GhlG7UoTrUq((g3;x$Rq!L z3Ps(=k;9ZK5rL9czscW!(dsYRxmo>oQ4$c{bxU zHfDLDn?@6C-(OclDS^~!OB0D!J*Te3V|_P@hRgw8Q;q}0VG0{Syut_Z_l+VtJvu{QjeIy-kNH~*SU$VE3B8eq!p9sie zQ`rbKT;^#a=K{WlR+kVV=jMx^aw&+vPhsy{&_d1$W8UX=|J@fuLo(?+)uP-5bk`6j zc4fjyM}=Q%$}UIbxrtP|B=&|^t(3B636kCct(`%NR_n&ehS4w1qS_n3<$&{(#$E2^ z#7kp;T}BaCY-~Ze*t-T*)NsN#?2>VZ=;6r?bCA48sHvba?VI2K zY-DZcEo@q~1Cd8&Ha8gx!+U?j%7N z@AjvqOKF3@$=JE;h_})bCpG$xna{cSDocOxPnmSG&QlhJme zvcz8nkWi0v+yTQGr=d6wn*#N1WbfnR7_| zWAWW;Ob78DmA`!W#{N^lW$R=-m(u(GsI2gpx6iI?vKdEE&y=9W8UP?ic+5%scd~t$ zN*I9ilZ>~nLwmq=b2ep=&KuBTp+g^#*s$X%I*G&TS@#9xQ2jLWibD}Dy zpeuoHm1HWJ3`fWDj_U8g% zXaH1x{RC!oUU_xIH>vdd4J#lzm&~g@XSsG(zSDa`;1Ea^KMm}p8Mj2Hx5`r@&^JgcmxYTir0JkAroT|`2?4zg-@TL>}x2ek>z(G|#nEheP z%^$*})6t6VxN1Km9-gba2~1I4pY=4y`1y`w`;7K61Fp}*m#E}WRhr^YPYEEc@S2Y0 zqu*uYz*vEO`U4lfxns3a-zp&=u)~A?P*|L8y~qCfA4#@9^3XQ5)>w13(EgD3B;u*p0@@}RmxE<71SCKbFeN*qignoT{IE~2GY(tOtoG*eH;!L&G%(Fl`dgq)y72Z(N3-71dqRnEBa zKwkXAa1oc%^RQP7@v8#X${BA>-+CAzgww!%$ql#_KzfkY83I$`%a^Al$n;Ry)!B(n zqV>F5IL}jEr=f2pTj$0L1mWk0UvMKJLY*9T5_h@5YNMzE3*yYiPXISpAI=`$izha@U2egd*=8%FiHe zfi5o^+TX!^3ylgLV-?4-PQHGK%rnfWZqSc88jgOCb^cpW)!b{;H5vr3{||d#6&y*= zWoc$?Guv%uW^6MvGc&ds%g|bB zN@eO?>F6GbPa=-8<*3A1ujlrosqgLf`& zYmgThf7-7E>;|uOuU6gMy+Xz6AM+Xa(s$~XO&eY4Z-8Go`l8M0MeXY;LRWl_jay7- zcqZ5(nql^!3oVa6Su5}Z9@!{h>h65vUvixQ6W0R4HkI_@nX}Aqyif2ZvlTPoa4Ex} zRL-_(Y`%E6iqQ+2`OuSJysR(tz*xKCg_#@ow0-6C!d0*>&?%tW=rf&;&vRP0EhNy^ z_X5+_b@OjVdqkp52Q}fR@Mg`&{h1YdiML%@?syGv^a8y`{xqaBC6h86`AaUmCmMDw z)Z>+Y%=`9t(dUB)LM^`+BKDvcP#TN(SpBM22SSG3NT@PC}X zO`Zpl3OfONnt1j2mKUc*^L`0{tubV|q;Ayyy73-jH z^CB-!@ocrN}|Cgd@FZs z>{qeLdr6o~B9$Lw=H*R$E*VAH!04JR+rl7KRa$yka^b|FS%`$Azy*y>ujY;)$)aiM z#r-~WPQ=zfB{}wm=S~G&sOs9x6e8s@@%EA`agFC2Gw7J-t)%633_V;y$08M8shJ(~ z)49T}CyYh&R7NtDl{DpKvD2{8zZ>0^UQYoJhJj#fU^mvNgzSl%#t6EJS-6Gr@xxM+ zH(w4CL`Q0k-vhW1vdkbil@rL1qm>do243`b8RhQ!$2da&c5*02r01eSBV}r z$zOmAly97P@2IZxINiHqlWihMV@;{{aTKP)pNb~wld4BTY@o;{T;$_g1PXIr1!{6i zz$CWmOCuMK=y{EoXeLLymhCB>qqjA5K-uK|_dK@TS(-)4T6X4kiZBd0ULI_hV|61< zs3s=cPxP&q?uloj%{VdBJdu1`7yd?ES9Z(dL3MbiUQyT=gR!N1sZUBt>~O0R*SR=g zI6nEXg6RizB66f;bHua3i)j%t)CKU1>PJC%zHyTdTL?VUh(%8VG721V(W|pTzQ>CH zFep*NZqZI@RD4f9u`!J#3d807f`t5XH|MPwYr#zpG?Xd^EqQV}SnQt)YF0dvc9O)} zLr9IYF`i_?#uUiM&4^M%zzKoxb+hDE3R;XF=Tq<_Y6BM9pB71V7AWY5?rp5u~^5JV%m@SMo%;=3|t>5AS!8#(h?A1(D~HWtp$;rJDpY8zGl z+gj><00L{H>IZ)x@Sgg$h9~JpP@Lei$@KJ#y1CIbe5tUsP`P2(LbO2C=yak1M9tDo zlK4bUMj1pg$ah#;vLuD`=ja1!@6KvN!+mj5(wLeB*9z1KsB_MpD{cA;yo;0*H(&zV z)`H4U(4eJOWjj^Wa7ll~2<_J^D9YdnyP&i>R<+W2)~=-0u2?7VK*o5Li=Eh}FL(v` zSl{+FQLtFO05*jXib%4ScpjZTbuQqhaK7RD{UoF z&)Pf?>)4cnEvj$sO0M_0TF$?KnF(%@OYvc2wym)kCEis{fqZ4-MVG+dkRPE=UrmwJ z7whGF{tg@=fv&b~(1F+ns!on^*;=7W{$ z3@{cio>l7$p_wcbRec`lZpKE9&0(>Lic@!vCi0`_K$ng34^&wUr#S+;va?SUZ5_?}b!rf;d9Qt509ytQy|$mnMw^RBnFy%L z$aS;-fhRTcm8WX~B*cLZzFsYAu1y%>5|1{Nhk&|G0YMy(<4!&6+#JujT!5EGVlGg9 z@ZS*)jR$agtl9hByQPhY?Ou2DX=gcA_p`g#$Ylzs_61%rXD@o>>o^k&Vg5n4A^Mxf zl&8WsfKWH{>rzXPqZQh1B_A@3uJ${CIRamYd&tpSOhj*_0z(#ymF&5wo(}^4jK%mX zdEIh%;mAm8p9TkT+v8!Q)gm^wvkpIas0b})sT8jQkyHPpxYe0rNFNyUozwu%VD%li z`^FfJ=e)47I{ZeLr(Ab}#VMc5XT3C$Xk7YNvsR>k7|9G~CE;32NR7Drp9^Y`0;Ack zuLU-d&ULp7zhp{-yUDTRHCs6!#a@&zLL*t?e6B$hGO;W_YW~gyCGhPv|8--L`1HJu5??> z_EhRLO8R#llOUVBpYEVF7%sgf`)?0g%tbznM}Z?>!YET*dr{TAMKLG-U)i`=^78YS z<4A(Oq_Ntq=1b^CyG>uV2fsq`%oj)c@87@5*~+G$H5C<+?E?(|1i3HjGa;XcBl8R3 z`FeNtT>7WeSD-Gd)N6nIl2K%&05aDq#DcuaNY`1OF$YTKa!GpVI)plu}p!t@Vn*Of_D*o15LXeV;a`|E)PE{t>cl z9{|PyzEtwoS{#VnhyJZ@ZN|6rhG~88i$Rn){(rCYpL+j44N0l*08~A96*x0{Q)ic- zW=3}Z#2k#R;aIqth?$80iSh9Z0G2>%bh440I^Fp{R{*<9u!Y?G*e9aex0Ew&#gB=7K^ zFF?Ae1-9q2^z30OokscX*n)%{+iiNU3mU-N&0MhQ%MDD@SVu0$V&Y<~fNpFJ^gBnQ zlkEo)08187HzFaJtk?X0m11S8_VQ{Qa>vDsbau4+VQg7nESEC)^b^X~EUtYpno#A@ z)Q|nelN}(yc;}*a;0@rvv($5bwR*Vs<(N%$|2(LyJnf84?b0HTMwTEBEqmWn0Ot

#oY0SN3Warr zfj8DT!G~7Pf70B)q!P9M+^YaGA)Q&=BPCjqxo%kt@;Ku=@mTjIO?RjHA5^_m3^LbYN@Zv0t#>}Y=9rQZD!&yW z)}PpjVL+_-(obu*rf#RCrf2I*;NPn&I?oMGf>!ZGxg?^@UfI=l9kb><@o{$*=R6Hk z8CO#8ceGB5ji?U~r@(kCriG&%su1O8PihinUG3RaE#0`6OtAglQERVmlY|7Esb2kO&V&|`_ z0iM=o8b2E?43O`h_U3=*SyYar3AruO(6kE>d~HAbQ(Vn?`n@V?Jb8eR_9B~48yc@u zOkx{>ru4VK42Cc0y4tvtYVZ0BG~lkbHAbyA<)r1kc)SB>=H>d=;V?D8U8Fcg55v-b zy{R64Oh5NnqM&gxD@nz@s3+} zNm)>H$#Cae%4JPq9Fs}vnpW@d5M=*!y&FBNN9h{5clmI*&m1ukeGuyhN^ z=!YP)obP0^Am5C>Pt3I&UlJXu2|8c)_4&;_-MNuo$}NO`ei~C(?)}I%2 zAs=h-eK;Dp4fnc#-i3Y@nsQsHmI|$WxjmBM^)XpQqcAXiDVVi-8wJ16dG1X=`LQT2 zFpi(o(J$wRHo4vWMEsyixNpO4dAUAnP=#gU$#k~7+aTK=m&$U7eq2J%nD`c8`HgYmz}kx zZA*z58g`(Y2;jRiL3umZa+(G{KYdS`um5_Fo$elLXu%LK{LN$4?fJU{YUyuomW$^D z=F9S%N54N?_k%9#DU0oAi-ru0tKGL6^B0?rI1!N;U89(R59YPHSc@k2*RGu&>VpqI zYcsUG;>}Y8L9;~lZS)V&GPVx9nk{{fYL>$7LTaYLaMWo%ajMKt2NOf9bct^BR*?^O zt|pp;q&k4(A?>mh+s3}B3$ejenSWY=*&W?}(txLH%A}Ny)=KmB^l?|s){EB3HtP(* zhgQzs;HKPVRgL5iVYxdN!%+oQ+CNU?x9??d4-tM_SiX0&f85rm4Y0M3UcO&6r($^X zYvg*qsK)lBTD2~x;sswor@D!l+rL!nclzQSvoGolPZG3LFNl%nZr|-^YWNN=Wj-*P zk7w_+DJJT~_!dhzU|L;$O%GsJybk)MX8H|Qw!3;vuup0!-#*~fgpv;zl$HL(<~d|) zJbO``ush7YgT{>ZC>b|jG~SDO`_J7au#Tl75~dU`GK{LF0m`DYLRiVv7Q zCUsF`VGJx&??@Yp?e?ba9tNbmpEBN_=T@(@R=z(*uN+*J0<$wNfTcj!fAGa;)hCh! zkH6A?HT;-axc}|#ZRzElmFnTWpy`Mky6nT({G}?EMKH4{TV;OU=wmMkbr@N2T z6B6C9lDDZ(-e=}0U6d|sun8tSPKaJg@x#8YvExPRR3I}VBPReg=LT1H`a|0}V?BG+ zJyLH0PEWfkFJ1eW{fzFTS6wpttDB*@Zh+*uwC)Rm_alaIl&n;BWTLh0+SoTd3S?pc zPx^`Y#&(!6cd=>MJR-b3S9dq+uURE4_fB$8>?919GIZTEZRIlfXnTm61;p(B62h6N z+PB*3)%`B9D`X$gSXdv>>DG;HMQux*Am>31*&7VI!%UhQtScRgT9AU3-9Z9Hm60`bleLDKKsKz3AS9@JA8Dx{Ke9P*zKCvMtqvAgn z5s`+&s*16~t%NmE8MShFZ)A{bnh1<)P|=r5{);pY)i+LC+PqeJfOXm1=3+9oFBA&y=o*!t%+GNk=undbtNj@+Fc?T+uLAxTq*@d9Tdqidfg0PWJ zL}8%oK1*yrl?UlJ-#|L%(4ozaRG8?M&5C>#bW>1teyTmE7=qwJ9>A%}8vvGVF{VWE zJc0{R`LBC$H>k^epG_UjbUAKc^Ux|puSt2B*YnXVj`X2nxrES>*qPBwQ9ygU@=-c= zx#QFw!ocl4Tt@6S3-N6EOpvl^$!$5Lis=+b@}HbJs+(Q+8h=}FDCeQQA3OAlOKc#Z zCm0H9Ou)i^5W^^^f6kq~a2phW=2?p+f>vwTS{2VPYdms}=?sze5;9TH9R8-b+z}<= z7x~70=IEcOzY^(&F^92xSu|cw(xMpQ@%vQWxZ`(n%btiCYBH8oo#$T{ldB4@%#c#f zN(i~tU-o=~C1h<*+Cvs{A3Ya^`1ZcwNLT_pPZLZ zl3fOwpocBexbT4xLVpvRyoL@G9WfPy!SX_D&B7V2&NKSPCM8<{`j>_chcoWGVHw^x zuA1wQiSyHfl`N;19|bJQerMI%&~@x4)Ygz7lYJ`)WWM2> zZg`}|^V%+>xp})T4Kxi=QFh*23B4FtNA1M>>TnmeMu9ejk|6YGk8Mrxe4mT!v$-d(5jldwEcukfaHBN>^%cr`W+{Z@bN>Qc$?;@TJ82H801;rr`{@Q(atc;0+~td{7GC$-&r5Jbk-A^q+S}e}6$LN2 zfveqpzC#$~wc|bQKaXP-g-3<5A97~(X-OLl2Oe+0F!%Y^f0lEI4Dr|TBM;A`&K)Kq zNG9e2ahNv(OzKQv$5{x#ro%wTGAi8_i=qPA%7|OIGSL8?3%csSbR9~-1T}m8dR%kM znsi+A$g28BF`swE2IyZ&G(c?PJsRK;r9XY=P)n~01FDon$csXok4N>lTnh%97xSuu z=_h_vch$ZG4#(}{uUi9ojla;FNt}7%&tQp6Jn1q&{siTE2AY1%8ZKmsNd~%YsD<^C z{xxNeGO}P7(w&Qn>>@!8h*oHk6Er&-i^B&g@;DHiu_qWx;#KGJMNw;x7_Ck&b8ad_10XVYAR@64BH5GpXenQQnCt7~yZZPzHt4Bv6e&hmtA`HKMG3EVxD zi+X>qc+reXJCGU=YXyg6Ts5ARe4lIdr4$a2nZ8IE`wTCIzBDCeV7%#u+7fk$WPyz` zHD2r&-afH|WVvBm=1yANT}sb)ORZOqv20uwV<)wN6ig;USL6x^8fn%msri>}7n2`( z#{5`i&~8~*q{pD$xnt}Vdk;R4pDuj&B3c41ClX1nB^$4(;!3$Nq|M!M-q*yt0kWG& zWC*#?R!4dJq4Le+i5`#klFF95JPfc5jfL@e7k@{n859!&4;$`ueZc!gVMyc~8{zED zD$H#$7Wy}m&@Z#$*S#g(pwYlz9sw*n zRYo9&?OAsAQsVZ8Bd@3wE3JWJrMk21**z6#>O}RJQ^X>qN7bvp-;EK)t8oaT@fI<3 zxTpXWTPo_AvlirD3C$*TP?;N5k79z2Wn2)IAS$%cWhaU`Dm#m+yU)HX+ z-I|k?)j{_nyyX%|MBb64SpFb4OZZPatE5q{y?nRj!8BG96$Yi6c8g)G&{9lSEoHGj zb1+VHKvuCV@7zfIsickMyY6_bQylXvvA+3S$C`J{<<*J*9ZsL=DM1cnCrjIJkj8^S zx*dP6DI%^CERv)t;?CHS9Z8apFZNY}4q20^4m}En=5ltjk)IPq#!sYfzdeE+CMi!d zFh=S!UF$t6gYcks^@V{f{S4O0tQbP?khwYHK>RQizE9>#nEc>5o#<{7Bouw3M<}M;+c6t&R$qK&I!VdA zNX3%BL)i7JHyjdwjT7;lj%$&oNadRjWovsO<@|1H7e0i6SJS_c`WR+o-)+_XFhn#7 z(g@O~qBaXvK`2h>5_0E3_Ig1W#id-CXqSH!05S0@)P%_DZ1o}2sdo2|*`Ta9hlcF2 zwwWVhn^SsOD-x6a z2@qCc4*c4lJKFou5dTWgb5#IX4V6)$sho$CV&iKK2XH(W+%ZeVAK1zy5aCS{o>z=^ zCXY^{9F9eHtjf{DKhxNC;h6e=Uo`7|fT=c+Z!(_rPr&vpIf$Y$+Dw@qvk^s? zfFUQPpoQ)t-4B->Vn9h+VFOB%#y=pK7@BF_$7nhoWi^19&zQIKsFv_X17$jD1!g9~ zbmmR+GKW-ZFV!VfBu(St30d|y>V{mJAxsW-tfP7iBXq8&4Q;q~%QPuw7Us_?@tqR6 zZ)@UKAbOmfc?^`Bv4CZcKOJDsPdp zIAC{`onR&XI&w^kj;3W~=}9&M{`G$LC=)WNiRI^7_RS#lI7%#ML+Y~<0bU4LvvBv> z!qKsI#SSFs^N|sp`lCauE58wgKK+lrqOImQp5!&@J^~~f`Z^hn1rD&%L`Jk>i#{QA zj=aClA?Gm5Zq&m3d(BN8!sVoB-NgVcyAuNe*H8MM=OZm9q#O#_vHIOtd8vFJO%0F> z$mx#Nf{2*}#Y1&7fl(t3+`CT?i@gGd?6(`SaiY2{wRq+eL?Dn>o_TSta-nGiQ!kQ-mdn@O)xl)!wi>xGZHx|=b zVleCzB=L*9n(*I2`3e(bE1IsP&l3VgK|O7Wwmlho?iLUB+~0zg)nio)a|rwcD={9a zg+}1R+KmzkU9V>>^I)864A2RnH}lzJ-|dfUWmPSG z`r9sT@SR$tPPB?K$%8ddw3qb6@?%9ufAPJ(fi?*)x`nPl31e42Ge>!(sP|XwU1JWD z-<(4=t7;cxfHW${#;PW|CWWIxDdG;Ek_HEl~mf1ffZ3?Q8YQwQt|ZoLwR zQ@H!9iO~M-HCJEvT+ICe*E#$0(8?U_w+60r?$>^B*;2ac&~w?HZ;Q{%j%7bdk6f^$ zgX$r^gXkCT#LGuEe%I;^T$*)5);Wn>g zB#3a>(xQr^Q%vD9xN!)-?1tt3dCUfSMd?0S>XBgOI4g4Iw4ce02|2*ldNx4>Wv7dG zeMUiw`gCNNDnxs2{M(ksv9w__e;n0vi`4n!|@&DO{PISA83K^ARQF6XZ?vEn7mUYZ2jF z3i{7>4O>r0i*QNF<}>{lo#@!9QOdIGjU>X=DDtAJ6**-(kBSMk$yS(3+m2^5f9$!5 z2vZg7DV19XNvTZG7EtIU59p*+HBV$h2M_;pwOkxnOP2QWJAkN-q8cUM1Kre7JFy-N z)u%?Cg?IKsjUwRxZY45dwRloQn3fkDwdz(qMmY0r$g=@$enlWPr4)42kx8VT)w?3& z@F3`VRnNnOE`m=5Bi}@|K;FFkmH#5X7>^AvW9WPg*bQjm?S4MEbE=g-w97K68r|Gy zM&|c9MNRT_OkMk<%vCZ3Hkw@^a{p2L1L@1xHi%oOm_U@-mG%m7$?ttaae)U>$1!d{ zbQ*D47rSN^O;i5?r=$5n1e?{(&j7*iIy$X?`z=&v&sA{ajA;ZtHnclcq-y(S)BgCg zrJWP_t~F?q_;S^Vw`6Ls23M0bX(t&Eo$8(ImuruW(-47((`BKS|7jKd|2&z(&icPEcI&O%?+>B+E^ADf zeCu)9&V&dAp{+V-0b$0J%t2d+hjv78$O0mB_v5(Pc(A#Sn5!fl1b4Df*E619@~F9% zpDwra`YL|p)`WB$TOa{nUoMy1cco_zJ$A>D-2uS)UBQn%b~l| z?%Ra&f<7-kPY*4R*Du{4I*qqK2($@e1QBaqQT6%t>L}K3=C)r2tu$Ord|J1jCvjmv z(n7@By6Q0Oq8vJaE>91I_7^{fht~Q_iRO_@kaGRH&V+%2Gy|W9PoaXeX72__xu3qJ zY9>t=fi|HAyjwRHUqa$_YE`WpPRPT&U9 zl~%>dUx#(wk0bEQUuK!pvDuxkYm8dJ4&!b6ta%kFV@%upWuvy+W<-m6oQK$sOmQJ?A6sdQpPNFnNN;BlMFa(R_KI@HNR zYuoPTQVZf%(go~lrsDeGp;UcVJ=6?lK`I&{+scpp+Jv-$(0F^l_( zzI~bK%&5Ao58{pDm|b2&ZpGqn6@7}|Pt-p$sYXz{qT@{cWH3&B@@DW#3p!D)nh+0T zD8_D8!6d1tAey$et#AkpMy$hGmSLH8S1_NMXjRBgXMxPTz@)tAK&y1=7c9{zE`fEsZ# zZW~CF%gJK~+0<|wC7#ej&@N17_RFDJ`R=j#JoU&pLOg_YJv68j3HKe=^81*&8ii6m zS11T{_}w|JxgB2tr6sAZeT>wk3AWjc`WuwZHi!f8Q}K_hMFAJ_EI0 z+3**@Tf3-?mMgI@@{WOmskM4EoddBJqWyX~+gx54S#D8dGicA=#O+|JG!f|qD|@xD2u0 z#vv^h2DsJ`fTe4nw1jxe*%d2)oVE5^<+u~GCGUhR!N%-dW6?ROTEwnVYa#i>g z{`SSgSAt0+9xx83Rqh&n+L02T@+*orizA;X&+kLl9vkVKuel&^J~+uKY@Nc8MYSC7 z6#6+9VNx9vvAqiGyQ(*{4CDVUHY#rJ9Hkv0R$~ax7hSgn*Nqk{0$dJym1T!)aTqPXb%2wgJ>;@E(=^bVJ+>(FjkiNd}|9E6D7G$Gw# ztbfRz8C}q)qQGF#&}EAGW`;QJya2bs;-Jh{?mGz~?mE!fa*gElWi**FH<;($M`op( zMA>ZlkGg1`1NBEfDdqC|iU&rvL}Eou_v-Y?3G|6-!4sylk`O*EsgjvB)+Us3E}7jC z177&HC`22o<-T3_@j%b8g_zA+Jc~_Jx`BY&q?MC`vv$WxeecZ)UB*5MvHA0y?zasn ze6B-UVgKk~`<$b$ivjVa;z(BQd_X?@DyF5n;k@V(L_= zD5TlMnhB(ORew*c+Wqk5Av1GHyt8sPb4o4Tx%maZ^MCWz_xUqp`r;Zo$kPD8km#j} z?HU2LjpZYMEU+ZtoLvY>#J+F=znA&0&0{y(>jIaSWG1p2xzjAj>q6|=>Q;r(xKZF< znmpYXXg1048hYqS@4AE%Y)B}9em50#t(fbTSF;Svv3E7nEygL#V5hE*IzOPl;Sw;J z-{er?)~PO@W!bdNIQNFHvPc;fTSMX zd#@%x+Mkejc#e^+m+L=7yB&^dc*VMi?zaPP3fxvb4VPhYQ^C)mKLkDqdf$i;o_rfz z&$2QvW|&n@H)Jh1>&Y{^;IQ0oeQ#BKX7{FVG76{&<8kWe!iD+9C;>SMY5EK|Iua>P3 zxtRQIw#QO9MQyTjt%J}I{*gwwn2#3+DMsnbIFhNo^GcuQz`@Vcs0^DTc8mp}dEc#b z)iO5GOqTd1_oH0NP`SBMR8===*{8+lCmVe_A&cF4ri zX?tM<%n7+tWfAeLqo9w24m2CP!dD>Qs6VdQPiKsqzGh5-J)46Sb|;O{){J|D#$7PntDsS; z8ry_sJ(@WQM1h6>&W4>5J*Qo(6nrN6Gr{_-@pnipItD70h9_*~O`ad+iijw`4}a8; ztX?R}9BTEgGEH3y{7rro2wO>78&0|*B27bY{%E5qU2V)A^@=?^hGR!TidCWfb*a9Z z@%1pYQ}hYdylr1d36`tVW0Q=&)c$&K_(y4){S59x>0U~b9pEsXaLrrNoPJ*r%MMs&jge8}Z7QK^A z)dI=lLpesTZr|N)h75aU3J+q&u^eCwYu1 zL&4Jw_dW`=tBXE`5@jtWK0#efPdQRt>b);vvtW}Ih1|Yp)+17Z4A12V*#vt68ulFa&YtU9XfQw@lBzGDWCiX{0J?>WDmKIC7_WIk+&oped^#XjrXz>`6O}` zuth@MlSm<#5Oz7FIX4FjI!Np0&n5Ah9{CsVziW0275aPRs{l%`qq_Mbx`yC1ItdW~$#X@tB)P zMa&u*9zQ;ssXh0}IA-KEc{x8xBVJ@xExGp7=uvx>+8Og^Bu>UmfbKa!n*gipFy&q!ToRVtxEDRe+%LV6 zuApFr<)9E@R!%^^AA0|xx5RJu9JsCegXj5o4aIJ+i91C~VWvNEqM{|DDyT(w>3Z=< z&?K(nPj6s6J16hv%TSXE6hQ+l^o}}~_zcGZ*Te*N`r-kFXq*IMF7Az-Do2|7w~>Ox z>EzW5uu}}gnA5}YF2W9gP*98E_3G)=KryJohOvPzX}+o7(YfKrceT*@TtB_fm731p z5g&cu7WeM(wi5$yI+q-}eygX_$W}qCluia6fd<#W5Ij~j`Ba1}D`P7=JSp#i3s({mA24##{WK$CO#laT77C)h&>+kMMpctkRy7ZWE?(vgNw}UOo{+2kBRarX6n#KG+?sn2Q_^}MFiV@wl}KPFP-!0b8(ZAm#Ht3`Y$VC^4>X4J_yfF;8qO$?|yfw_q8@+srDX>@RR**Zmm*3B( z*Jph1Ve(cMAhXGoc>ysM;1>?qX*$ax4W@Rg>xzHG$MIwVsLt z9@;wMrG_7Nggu93Ail*NOgJ*lu$C)SU_NiaKd0Ig&Kp{mWX3U<)H- zt2irkW}rxz+&W^qE=#W}6Xh+PK@#8@`1haI*TpiKsWf$VYrhkIZN}T1Fe2rvkpidvl+rm8D6V1l`-iQu;{(2?Hx`yr|%w$CSvs+s*SS7BTMwLRGkr97}-~I zmU6Qa-{+gGj0cZ?NhNB-cd_a0h8+PrNFAh%6nLObqdQQGwk>}UlTJWKI~3h=kCUSH zL_@Me5cO1yahuh4e~29=9peI=_RdH0o!BG$Zj06f?SwcGuAZo2>OEqR+}>uW(^9|2 z^;Fx|dOmQqQ_k|>x^T9jwuE17zeZ+>&Iq`d)`xI>c^)=mrfgaw_r&mAZQsv5Xa8j% zj(Ow_&>KRh@Y1uK$D`KHAl{7-@;w!jdZpD6GlLb8vzxwFQ=y^O@AV&m1F=%9y61@+Rju51sl#vP)uq+b#;<)*KmSiCeQ{krOrl11ivJ=iz;z z85@j%@Q#8~kSCR3%Y+<7A#M;I(~GK>9(R%{=_&>~j)5S=F2ZV@ri{_1hfQda<>d6k z5Rbp|5djoNrwC`GovIy_4b9+?QLF86)1o6 z>xNx72sPaN%(R!P*`ceniIDiIq}3lbjVzy++iQR~D!?fx{Ez8ZCfi?rROPVX2|PZ< z8C^Ohg7^#o1AEQI$6={+wS2#~$NrE0VFM(<$3aWKyPywn9sqc|ofiZ?ts?`npk4u8 z?lC9-buN^Jo9#b{W&h41VTEuq=>x z%Ym|}iDa2eZTSIPDgxeS50AmLt%fUcKRBg*y+jN7@?DKPJ<)0+B|)Rxj@Hv_gVIW} z2wXX`O~Iu!gE?AE`3n78Ezo#vIn%xQ(h1$T zv<)j3C7$=pO$+wggdDZQBolU`dpU;ja>Y^dU<7M803#j3+O$_P8!1t)2j!QHzEN&I?=Wh1J zc>?|hWFwr*!mcSS3<@#2f|W1e9FsEE(q2p4Cc?>*5iy0gfh7hAD*C_opi6_f6`C5- zTzg9wf-q$(`)~fntA#EGW2GWkNo)i62JJ4CJq4X8K)7Ig;9$!10&_0Iszo*fb^hJ* zNPmE{l3E{trHI6o`wH@gvyyw;=uqbW3KrxN@W_s#Ea2!LAhv+4Dfygv8cBPwTJO{R0xQ~oT4FjGML0H(~c!>b#@W6 z3yC9LG)PP#%LRNnQ*DAc*su!s^>qlcs5_@6q7uD#4F9axB;1aFMfQ zu|P{_Aa+#C!Q{dHq*LbxdrsI;xq>LHD34ioN?o}10`D={aJUjnEOTe*GT^f83=!qP zr}9sFv@<{}SsfYlN_=HC<_>y1T_7C=CKqDn!7?CqB^v@Xln}42Gr)Br_{5hL>94iR z!5Kp^!!S1-rRT)2QcLTA19hV>cg>7LVDd%Nd+g`Y#7=a&=|ega#@eWt1c z`^;7cCn|hv6uIZR=GT@$23ejD>H*B)?x5YHSm&}if`4FO7j%Q-ouFRmS+mrpFM)B+ z752#8yYHBL$?{4n;H(Ir`RiEnJJNoL@CvOX_+;dO2#6?vFLcvxB&V=#pccq1cJMM|Z?(vV61Rv;*xj-5GDhc!skBzsxTUsF`E!Sw7afpkI?& z4|ubLzIOGJ_fFhmx|Z`Ie8#+hxGcr;_lS9f@^}>60bPUSlWY&Tn)@O$_AH<9dqF-6 zT!8us)mXnB*9J%&v+pRaLBGf8L;Hz3fW+c>WNj@x&JEvVUZbtmbc$0R+wGLzBVDud zfV^iRfpzD(2T*=hpXvhhjM0hACq@L)&2f##Q+bi^Z~}A9MzE-#e|0Rf^K_4T4b21f z9v=e^D2NRZ#CwMK1$$4Hw`82hc|}-}&b48TH{Su|&SwLDz5>t`7P|+7g{*Iq6W>!VrTj7E64*A=Yib^ z_qm_@_ek=L99*3PJNF5I@e>h5dB%^gwEcTQ?vJl*1f^(BdrvG7;+Rp}UnmGBg{1aR zAP=mK2Z#EWZe@LNM#$}N&0GS{i^A6$cb2%j{pF^fl5Ez)|?!_SL9`paIy zZdm}~0iOTG*f|Dg5{7F!6WcZ>w(UtW@kC#2+qP|+Up%pG+qP|E=WK25o~pCEb$<1a ze!AXz@9ygAe(JuTD;Rj$7O`dWV3i~wL$q#6N(LGkI*Bw@<>rPrW5%ksC zYkYoUOcB_a(MuWYKiY+iv$TPdf@rhePkLiwSmVNA#JuM5mStaA&sF1y!(L-H&o}?W zg+D#5$99foBqoKE81l1rZ_6lhBJE@<$Vp0hu6*uaH`k|V4`cP#}re@o~ zBSumr-W-?`bMiq$w@4^1Z)A6geRI&Lww_!6Wd*gZml2R%335vS%a9$O{0g3H!V^4V zf1#+Fcinyh?ioOUDhDkX9^qEovXQi);b-bH*p(Q`nF*cp7i@h)dYZ*R2QURlXPMRt zO)I^bf#ZLl z`e+5`na$c2_f1!dYc6kCjUU8s2%7fDbF)HI`CWoCdHiCR|2vH_XkdC!SHsodm?&02 z8$rhn=KR$9$ROK|Op7ulC- zP{bufhe3qQ8F?+W2}HXqT59}DWR7KlvF5y%y~c5wyOz0fKf#sjH26wP@IH;PqI6`q zkrH^BGuVlD{!I+{@KmecCUN0N>8V@&!x0g!uUezw!mHVPW$;{wwPLx^N9GPs)I0tH z^rGILe1>)JgAj>KBQ=R2-*dZlu&-)aNDB9CF>gI(p68kOn5UkvPLS3J-Jj24Ei)A` z%iiLte)OI!5Hr(m$XSEWqLtxVJ}_X=j!4@GP2&q#y+yj&m$O?x->C>ZS%2Tj=|9Z-Xpb-$!mT)C4|=Y8U+6cbH`bJ_-e0IR#dc0@=|Qb1JdwOdd5_B3 z`+K&ezPsb*j+ERFwxr%AdtvBK>JIU(jz8Zvzry$^+QDiE!;@gScKxA(M?MRF>=R%X zj}mQ=2vdzvCE1IO;2k&~SRRa(F>=T#kO?n#QYt$I%p=Y->}QkxY)+z^Ot6WwNm`Pk zucI0smqrdaM(>-iXG8?SsE3)d>EMh{66wDMC)r;fkDb2+-AAnbXK39N%f#+KJr`ffJ*wwro@1=Tov3os zptr)(coix}+ajY&?ZSErNPHsG=u~Iq2n)H}+_Nm!MoYQ<<-^QNr9+oKh-FT`O#z5p zB^9;83OKXDwCNwcmd=;s3Q=KJvg(P@8u)cK%$PSnV{3@Wt&Vyv3}F?vqi@{Dh8g?3 zuzm$4J+Twr;pbA<{&FY++n!+@FsWI#`oQ;>B{}lF5pGa6BO;+9O0P1IsDn(CK{;}> z!Tzscjd4JxAmz_{p9?&D)ZE#(pLo3<_xmD@fZ^jhT{TweUU-jmq~l<^9KnFrZvvO} z=NdFGS=l|QU5-mIeed(%Uu@(V6neINgFkUco9k?AMXL%;nQ77OuFwn+tx-*8sq-_M zZ&)v&zQCr4+Mn7a4l^x)J}9JUTkY|t*uA^Lf}^>6Q8y{NcPx-Xk1R1OQ#k$hk%ZDbp~rDv`U9+D@sES^ZuXi*Q|pPK^sy&6SsUjNjXUi)v+2%IF6>GI|O; z99|XyB8^h=tJ6V?FqI1OeE<96FwwaD$)UP9ckZlx>9&!5RM8K^XP>I#ZkJNGIs@<_D>qhHb@2SmsYMK~17 zMtl@MF@lZuna|)qolgLb%-#~8cbJsgirFTad$}y;B4WSOl*RT`@%1;I3R7r&Z@~N>ya7Y{#oIC5Qb*h??(i5`&A@q3rYTo62>}^Jinoy}n zUkOeny&arnm=>B#M9t0f7nHqqM#QjxKh$=|PhaH-R0qdCE_10+1;vih%v9FdLKQ#2SEiE&lWk;BNMPyDWczqRNzk?@qA!0t4W^pusjw-7A87TImm4a*(rN}3U%|;bhY^?Mm8OwcAq^g+xF_$ly(&twRt~iHvDa-2!dp&9*~wX z^==RSzN+v|sX^_hg#N4-U;5VMl*8(7cSrOU?+(`QW2%LH#`#Q1V;+Aw*Tr|U_-+c1 z`M5@pHL#jSirvU5JeU2VnCSY|yE0fN|CT)oH)JO)XA7q$lH?`ZGHLkPQH47rGLO>m)wWuj+THHWp{&mJU)oMktTw`6D|0t z1QT>a%D%*vMDRXLJKQ(Q58&2m0Q$dewgpg(aFWOW9`_(u+`% zZ|yaZ<$VHl0Bs%r3)$=Ran_`rzi44l$>1bJz#oDE03$av%Ra_ zfi8ny)8FYXgicys%8#!nca8}g=N@XGm)xn2P2b6nan5!-@mxmB{`3A04!bixeoc~= zMtHW50ZQTdZdI6K?3ic_JEEAAnJHR%pbCuc34vnkvsp=Vn#;Y|@~KeRwUI+9@@5K$!NNifqRZ2DH&#r_vZD#98}| zW$Q}9@$y7RxidB1;|EC^u0V{&;GcX<^Gd|0NLPedOVqRam##Q%Ws!x%vfVWDs*`21 z(!2mWRN26sDPgt?{9hIS4yX7*-p6{O_C|!2tasDOi$|=gI@LLq<>eNLDzzHr*@k>; z|J+PQqpauhH3!uC#s?F-S=?EXOb*c~?n#(kH0l@|FGXo5E0q%h6q0wYz>6(!2d{Ll z;-9-zi5J&2qkBQD{HuNTw8*=2x>vsKj}Lu~boZ~Zn!YBfDuAsceND2-RBd0?HScHU z;a%5d?~ljcQ?vrQ`y=|!ANS65@hu3fBmE3WHVq?O3e*X7w1~67-xeb2q;6cEbFVoc zWglfqe8QCYx!l32+3g0dtw`L1(M=^6?T6Zc+u1Y<<9g#lm5FdXDt-(11qO=2$J&S5 z<6n`INoJBwa8PvDYDnVH=lB;ycl$@fWI@4qi!s4+`gz82-dSQh_BNdT@#9BKnw3)U zj-WvZ&F zIz1JxK25)-7&S1rOLpq)KbxBo!QkjX;W`4C8x;8XaW41=>Z|7&b8`0vRrwf)?``<< zidsN(gsVt$>g47JAaXMKOL)|?-=bX35?67M4_Z=g)@Gb*C}HWEZ z%y#VJOi{vJ+8b?P(|&j%F;bAbGggGJv2pM={o1kP7g@v`N+oGxIveSpMO5h6elAOOg3e@ffl zGwjA)!euHm=y^ytacQEGud|ZAuSg%-FNMd~AL9Nax5>6&wBui|2-db=h|qP*cTtMq zlWo&GPC^H8nr=0S%JZuI5AXNY;T1o%0w^+=)F#q$nYoZ+vic5lWp~D4>*qYY7?i*uPZEKaq`d7qO4it z4-Zi&@&(|Mv!Qh^vuMiMj}!nVSyltGx%@Qsz|GG5?>u$?hy046V#I}#Ny}U}!PwH( zCn-zTf_jbjUw>p>4Lh%4e0W9FNboUl`uBdhlsKe5#!+d}Z~fdV-8kr_)D6udgLT;z z)^ENkaQnkWAw}J1kgtQxl`59_wa%r^B7LPsXc>`2YFxs~aTnw;@S1*{gznC@3(ZSG zm^{#bCwypkARODGw07#1*hwEDPrXj&TBlv`5>~hLFSU#!A7-5hB#)Oy1w^>gx@Hog z0%4y)??s+b&BHqesGT2^!U88SM1osc#LvoqW~!JP7(J&MH3!XNC@ZkP{v`4+XpFd8 zQR^ieNT>`0B*+$E>{AS|EQF(^g#9*6n(2drY7Z|^L9bj9DbQ!+wfiG%1d1x4#|75PWmh zK=$NRN$o;QBz{X*e5+zeGQsVB;dIG-Tw9SPXb`oDQzAdj9Ri`i4z=#RnDt?d!as)& z&)&)!b1Ir$90<0|k{#f*#GUF?`j2wm5v5I0E)U54Nh19OXFV=41c;CNOKRc#<{*g2 z;w9=)I+nObX`%LCdES$~?$Iq*Wd)@RC2@4D zQgb9ido)>se(g#RNL!7Mw(e8QH$)nSE<1W)YFLKk2#_XsJ~tn1T<(M*nu^ToJjm#as$~T>K>)Btq^sYhrI< zR@Y;QASm4^!Ve#eAHpMuI;1S<;>=F*sfieVwcl-dsa5fseF%6!+-AJMlFgLOEW&z) z>w_yW|63!sHNXjrCpIs&D|btHig>7Rqd`i?zDek;^dM!EF?)3 zB_~BYme8DtnCqi}1gpcQA1{UMbOxT76_|-FrB7kh@ZzfrAEQ!MGh>dF=J9G!Ymu_5 zTv0}tC*Rc!6@8|~}R0-B5Ve%@C3p|YG(AbLo4Pfh!BM~XJ=-dXL#s;l^c*p>g@bnycGD4@=A$; z5XxU?#sXe;Z$vk?p}wg)DGO!u-Ifo&c7qL+dwUPv66+5E*itHs_XmPi{3t}#Py!;1 zVTFV~-|lzYx5sq+qzp3IZk=?j+^_$06U)-*!Lye|sfSMI|FI2o`4=yb9c>R`th3A< zpPY}1OBnt=dp9r@M%u9nKKZZ2H8hW3d(;5N-vx6U8~@g5=(OaECNi)*d&WUjF?DCk zDWU^Gm1oaoX~$#$iBWLnt!axIbqzDhrt@9cT1q6NajK@7p?~brOg~vW=F$X&_{{XR zHji&p^wC@ka>1BmLM`c--awAVOyq37fv+iiY~5Y!vHvsOc$%G zA*8Fpw)SkVl@nMmZZ|GzPKb|+l>4W4eG6xHv0WqOlqkaTopCgl{<{w)VJ@3rJ=3=G zxSLN8<|DEpfK&SsvkaRe-))JRyxYzSTrkS~j!q)>w{Nz5Mj8yf!^E%592Opr;yJ2) zf~t#}GS;nsNt=5Q1;VQw>_R)5c`Eu}aQrccW{%WvOv`2}h`!F^;E!B#v)^Zh*&*N$ z-@G5y%b2jR{h6$FEP?cWH^pD-Z59kTs8cC8tHrna?Ch4|I_YtG${g(l{c9G}PUu6> z{pQREv|&OJJt%P)$Oxnfg@1G4`ZLs3Z68@hsPBMjjl%lB9TgOg_AdL7HNd#xQKIH@ z#7jchOie?b#j9%&!TZ`QQ3P#)Jzm?&@r0#)54F zg*OSwnVFqlMZbplrK42C#F{lS&WTFIc8q1xrE;=Ml&2v7MF>G+9A_~iFoH5d4c&sX z0^$yh8UR%*FRHKl1-r(6v)PjukBEDkBi>dL4~TA9GpSF(HX>Z(1C@_OK8^)Xq#%rs z8S!dw&_2Q|LSWG)`y2lXZ5}j1@K1;d1vPSbAwNiBA+Vbiu&8`|zc8e{@Hm7xf`39O zKu+fmBFiD>VHKpJ3yBK>gqDPwMA6qkj6$^ACkL9AaDS0fPKz_F-y|bsT7gsG#V?Jg zDQJS=tv&`C zU{)Uk15i~{7n)38S=nYGXMHY1ypb-{!s>5l3c5Q5-j@v%#ES;)N`ZX!-#KB8a(9Yb z7?*Zw-HVNVc39&M8TDyos; zd;ZMXWTL1lHavc#^L`5}wP=`%pq=0uK~aIgjvwhr=@2+jIFQr<4}nIaZ%ht2-Oi4S zHRP54Fj4X8_H;i!>oHnMlXp0(e5=^+H8V_p^?nx@CrRHzT9E<6qB<(mW!apaFbT} z5a^q`YEs4(`NM3$t$?#xefDzdM(8oTrx_r%F|c`NjAtIci?9g>orx`G%ga0Q`B*4& zB%?zRLgVFaa*Ie&!c9=xT4BZHx}*%Q^Ib`U3y!D5_R($eJ>**D`koqR%XiApc;;-A zd0*wap2=2*4Zl)OtU;lJhJD#nf`&pA37t%kNcI?5^}N)BLCCposWyGrShHA~jiYv& zo#Bz)%;WcAay_u1eBDAwPggdo88h5thwWg<=_!4CLt>3Yn3QouKhz)j;KSh#rvx7> z?55WXZY#LWd<}6TnoGFev08@Z=K08V^jMPO);{G|Skhs5Vbb0zFA8@L<#-VCd>Eq9 zsvos6qiHh|hc|Z+V$@0^X>&r#>6B84k-Dc$ik@kpfG(!^E10(ESF@Q!!0B5!pN7Mk z6sj|NbVFj|?V!7UiW- zIwiL_c~|(tG{NB(FuFt1BT=PJjv?GZyv@|aj;`vVTgKZ+%JVI;gkwHxJ#7l&&{kJh zuEoG7kglvsFgV6&fz$dVyNAU5hAXw{Z`fvdRzGc+s|(g-;wQ9B>EvdqD~z+AsYmcw z+T?a}JuQuxX`4#Um*LNMuA)QOWRc4LQybjwZY6n(Nmx=b7C~>o>YAE#erVumZ){8* zvQpE3breECeg^A;0$bKbP=*qrKfD}z*}*5*EIo^Hv0*uCx#GTQiNG6w>JrVmkgzAN z!ftg_<`$yQ+AnXqYNd}xjRFV{*RKd&`L!7#`yg1P89WCs;SVC?0S=G06b>3v2y$+e zX7p{cXUUqrqR%qRr2dsDX|eK4ZP|vjGEj2Oy`>nDDxKK^gqFU-OxaAxcs8ge#(C+1 z(6}$=eNHgKyNh9(-XP}wV5;4tP^tG6ccVw8D$`zGz@`1Y?Cj{Pz1T%5&1Zh zxapA?5xaL`ic1&@{>C^P?PsB(sdjQw22nQ?+ zm}vgrfkGAzw*Tas(T*Rt2x3AHd3KMe&teEEl`-KV?$gt>n}uui_DjRJ&KpAB?`yVY zSP}t)@yhxZY@TUzH*0VZ+P?Uy;WR@_Pd_zp03i|@IQNrLh-Q}~q8huEWFd3i*@cUv zE%&!N=!`2-cDDAeU7}K`YfzU)IN{J%xe<9O-+OeeZ8~1|cnc+-)l+q> z6`;(Rr;0z@e)5pFQSeZfqiGu^)9Zd^dfSE^Dhx#^AKELGxS26l+UIK1Expz5SM7J` zD+2Am5n0oBV4tBd?m~0_tC-BJ9RD3L+1c1x{*#)Q+N)IuO(@>oy0fv8AmbZipu&Fb zZXcM$Lm;D$dk~0m*gALL@okHn2g!1-*_eY}u6)cF>A&f(j0gbP>p^6QNJQsU6)c}DgF>j>Y@=r8N4_^Ma^&9yu^i3SyYIdJ`siEzt0_Bo0mMt@{qOlsnD*H1tFKBY2j5likLP|>B2DEhErr%P zlYi4QvX!K07h}8EyKh~-DO}bp|Gv3-?2@|evb*W`e~F#FZ9yGQJYpSzQArVK9P%ul zFT6WC<`&09Z6Xcne)k9jwsi`Bj`P}FIADk>93v4TSu1A8P7R<>8M>8jAfn+n@cZrx zK<7YVfjgfc4)M%{f3!-ig0vBKP?gKQX*nY0;58A$3EcR+5sPDF#f~ebI!~2+-gnhg zoORfm;r_{;J=ryP)2YH~LRSW9hlfH^0a^a3!CYg@5a(UL!;MYGSDFW!+5=TnwD+Pk z+g=eZMhg_zpqm4j5gcQGzCmvN;Hs?sBOP$BbvAp@?YZI$<-6=3P7ZL}6& z*y{^olA+@>f5MJ(KvFIj?NAkWq?DK`0^?e_!B5f?$B3F**ZC0E0q$jkx_QIrV{N{q6PPemoDYeWnNQ!66(_LJ+* zgUPD~O@6#E2*L)`JMT7*$7#w*d~l1}(K#*3v;?rRn`=VUgjK+YGH z3ye`v7pA)wukT0v6a!9&^Ju^e23WheF4c?*WE4sVcR?oPcEPw=2MqS9^F^gRM@rlQ zp&L~Yu<;Ku67HrRGFfXtxD#8j70T|^Wr>zje+A11|5I1=I4ko!_Vq{I{l7qUSG{w zboq0UPd{E&^YH(Ck(nXUKs6F2BMt9@xqXc^qD8NpXa8QGPdp!nSSBxFWX!dcIITt2 zOev5DTKQ(Q$LTod7f{*r7V=uAp2_N0x^M}`5Kj`szcDeJRNi3N;XkXhZKV;rvC>!1 zq!%@)uzEY4C@;(ou0mLKKq3ShKfos;G^XtyNbh=y-VMVQ-}eS__3PeieBcoBR?B8= z!iI46YL+~jOwWQ;+X=v7OZNW&w5988f(_ds?r@D&YQ4G4Ptm2(@6f2EP1cTyN#r3$KKCThUZ}g zHSmP%{?LC}r)7UtaT@u96eo3C0+H;Hmq794{q;;Gn|buDGC>m3TCfGI?c|MV!(g1b zio10==G)u{%ARxb+CK89ZNTi#SR3Ma=Dh-5_UWcOrflriib(uCEll|#MhN!_oejv1 z1&A$3gH0o8maRQeAQq0%y9kF|*u$>2NFEKnMMybpxU4B~t}!DVTcy#gH|6L5*eQC!WsSu3mqFP$F#o@1`fc?HWw3R8kH#9`qr{pbg)QAD!?JDqyn( zRx+n+N`XGk0Y;~4&A+#VQMAI`AH?);;?x_=OTiVwf8T`Vp(EVU`{R?#w5uFmK z4gDH{rm-MA0lNWxa?D|E)*j-;X+##J2YI_@=EwtLF%za4`4p&tet;~59vtIDx3wc2 zrAgj*JBUvL;{@jOYcAo+-TIw8pX*9xIkQM7`>tX4M=}^Z7%bI5yniqC4WIw9P=0mY zv1iD;6>SU=SL$Ss>Inp$R6Z6A25=@4%YnzcA=_2_JaXP$_NY+tC3^e{IfDeIwdAHw ze9MocH3=tqoa>82_9;J&$hba(aeEKf9@^>H>KbcVLo_V&q1Gmy3YmK4S9uWVl8}wb zzgF1*kVQaK;TgeW2J);2L8XmU4tbn657-oLBQ!?x=CC`bh?jgH0&E)Dh&cf*#c#?! zdG^CZ?rq6G4s-EaD^&2Daby$N;Vy9H>R-(4c@d<+JffO+-#75J|I`iU9tU=y3>Lyh zKJ1|KBvEFEuV$7f*sp!e%wHyh`=mW(18#Z`36 zlGKi{Nx*Y~YbD7G1AYx0WZA`CH8|(H)(5u;q42(4TdWTYOmPfnbsomR_hW}Vg{&dM0JHtXCTWwm%%-{MDe4|}l@LB$`4jiLZ%o(t-aK&Pi z8;5J>KK%?oFG{tr6QagBH@;0%-3{jC6J{aM9wuNLZhjn~U>rSY`T}_Tq_*|#4VvK-KMesMLLzev7top=xw<}&N$W>C7}MGHXvDs zoeTIeUX{x=P@32^ECuQ8>HiEjQtTrKq*LXugxQ&uiH>MhP2LLmbmlhg3+tDdm7)u2 ztvNWMh*~5AgaGUnm@Nh5I@pMFrZ}!K1mw8*s)a;S(5UOWZh%!b<6FouXeviA(gnP} zb!ba=pdt0chT@(zUE@W2!!z%R`lGqc0IzcPePO-wkJ^li?+Id}Dj1u}@5D+CoF{)N zdW8-I^#=l6;X80XYMVb8T3N71U|EA!g6Emb(Qhad z^+3781N%WOJL1e@szE5>rd61*t-KUAf|bC-Fx9FB-JMO{&Joq7b%Q^>qVU4{iEHxt zh1>|x3EYmWU~8JgeKdp8w2a+!%eL1EBZTQeypuQierfZs{=rd4Va_o)DL5@Ld~#a2 zWzI<%*B^~5d1;?Z`{S1cJ(^3$jrN)IQ#$G^#?MKAD?CUtga$rI5#4m%IFWPK9FMWCs>G)1>VzW9>Uuu0kYb*A{`x3)gJMF zir^OJGHO&iyJ%dIoMFzn%btTN3sa73Com>Y)k8Jp6EcyBKm(vbKG$@8@hFtsE$GXqN9ZLm^HUEKd^RFOm zX*1A!?%_1tHg&^De>z09ipII0r~zjW!QajD$6>yMCo15^cJZlAq3yCWpCIJPXAdGi zN<41%LZIn52ZX!g9h!7ZyJ=`9cY;zA#*Vl1uLd7)Hx&KGg7ijjD#-{w z&0g!<-pP(d=yyV*aAMuNU^bKsiMsL|3(&;XP0xryO7ExqOwpQAecKjI5Ee6_{>v8p z2b)LY`%o;fvDRKY8 zKLaIYy2_CQm7(GZ{PNenc!hj3MRq%Sd(lM^Hear-(UI;SSnJVWFb$`X+=wZRC?ya| zg}Azzh?m0-vOlrL1KM>M385?Z-iSMCB$0OtTV(5(9h7H|ZZ+20j1coii3%zX@#v6@~WG(94BQON-cR-yio=vR*D)(I3dl!v2DIN{~x) z(tzzZ=h7kq4@6uZVI%H`$!K`|eDvvI*H&8gxy80OX`z-iJMl_uh-J470WCIOBxdC& z`aLen2Cltu5(VIkf7b@i7nBXD8OPditllTL9zzJ!)PWd7-_2}j&n6_VJkJn^d!1g1 zAc~QrXf-OR*hom~X0dw(g&jHwP%qbV4t0K9ur-x1P%f7Jz}MF4QH7bwOS&Xunb8^H zAoO3Qt8A38od|U#Zw0j++Y`5=i?hX*tT!;c<4_5T7O)Y}}UL!Tuteu5*fI(nXfaiv0$f+;a2Nww!gD7v5 zY$-%56;dr!1F;MLZRTVEhO?0jY(4f)Q$wX3t*IQL)kh%VgeP)As>FKG7u&jYe(La; zOv>I$~6DrJilneaLk`mOC;*O6g4c&#LhNC^9He}kWmX(4kYyvS3orv6g&G9uLOr3 zDXTV?X%1y%(3nyJ!DrCxwr`1!{9s4=(g8E$k2n{l)`WEMkM$#hEr?Ma%l^8%Oh9F3 z-@~SUK@-SeZXKBBGZg*L>ie0_>o8>F+7tamzb_8Isi)xQHbBXa8mhhMAP`YJgE*dQ!ODD;UCR3`&4x`P>J@&9 z5>W>gjxhkGN}7R#_CXrDhnXZhsfGl_euRUuYLV+{;rD;_5I+b1L2QR8wC&EucoOF= z9(qy#D*|1t7wZfH9T+F%5Ef-IE1Vc|2W)3VYu*6p zXj!3<2cs~oj@nn7Lak$APT9#7?NhbFS+Ri*P4HXGvY9}DOTm69#`4KCW7n2Jw}7i* zk(MKTc*k9!&hSSLl) z(_(W7fg%VpqPlJAm>|g4#ire$s#@hS)I=?q-%PCF8}ZFELEK=}YgC!+Q>SLrEhmU+bol3AS#M{LSeZp# z9`E>PnD*!|G8hSt;6u%t5*}hsnhEMnh|7{w3-Y0|&sD+%4@3Ko`**JpH$t^as*Hg@ zK%LFbR;b0^Lrbt~Q4p^Ql)525isaJ+NDk3&(zN^Ci;?Q^`tvzSFV~cEN?AABz!oB1 z%vIQ9Pe+z}14y(u;h#pJ3=82T6Er zSLJ3Z*C-_l{5<@#!G9h(r+&gzuP|s>b`bmAA06{$Za`Dwc|tOpN!YbKAm?Y6{9Fdu zZxmnOdSk+%UH{@~x~J(>+cg6Bm$Zk$BQ&=R&QzBlU?+G@NKT5KY?o_H%O=sH?)h_W(+Bv`+ z2hZA6gWNi8fGetT^>0i#gU4#c#{w|SD&~eZ_fHje0liMO&*w%TGXA;pK=CC(T=)ZCx~_ve`_L|j`+jTJ-BLR_#d_SAD%o52nybHsN2jhQL`loaQ~bs z5ttXK?q6Xy z-QsD)=Ev@^$>~7O2P-r#s?=GphYG4b`Z4QndCBm7&8d5Rgyj3WyQ0SbHjSJ6VIxCV zHjLY4JL_HeL?HjkF|w>TfG1}!I=SD{i1ghytk4%_X>K*HL)7~1IKkHT9ZeWbxNkwY zJiY6>&$=x?y&)-Ly%wscwF+ZdGDcKC6bq~3`|{r9XzoEc*o{k%*i`hM-+?t0&Eo%#kt#o{(E)JIeUq+OhoBKa^ zyEijoyb@K`PIB+NR_8gS*MC~K{X{S~mp(;pQ(SWb{*mI;SPPh$Q|$RcjR}E{4n->` zOweV&tT3d%V6Qb-gDr&8xX01rwZnl(Qy9aOtD@|L{d3fN>b(fK!{Xz3{MF@YJ9qps z{Uvamb!=q|f(`PkM;tl7zKff+WXN}Q9Q&SH%Jey+N}yJG3$DjR-_7zFSYe&`oxc{i z%lYqrveR1{u;TKQ2>g#1eBKh{>De_H92baF2~)Sv=$&(CC=$O1c8?us&sLL@z3Q~Y zaAAz$O6aM(G_%NiUMZB_qMlpd97e^mfJ()7!0sW4!TDYCrgkC{(92(?>?R$l`b1;B zWVJuWU{-&^w!PGHa4+qKTAKOeM=|4>=4v-j8l*fJ`puh_Hx}cSG(lGbVSk#$He^Ai zsvG=4UcxqotA03m!3!)Oxt|ohS+a$2TzCMybR^T2(y~?kk8hh)-`(#3`ae@x;8923 zP%Aa+G>+jzVo`6i7Ie)N3YlQIU->fwD5=J@UZ8^Bv* zY{hC7f~POY2NAkM??x0r7qM6)=kgf4{537OLQCPdvki&`2^mm!#|TCQc|FnoBFF$rm;^Nwt;0JrgibKo4Q>abZBHiGmTy4w?zA2JmcQ#RKUd8DH^~QvKuCA5sU2vS zU-eFr@*Y)6KI$+KKR3jJ2e(!%=U!D|K;B z|I&%#gTSemyB*f)iPW|}`^|e%{a({uy8Pw$*$C!o-S8d4#J3jNUW??m{%n|8_UH-x z+Vj4ld&0hk+5%hn(l5iBej0`|>{8to1m~PvApGAOLmK7MUvrY|K1`R3Fnf@#EsK>G9LztgG5A8C%+ry(q~hn$StdmO1_V z+L$4Z2VK=uvu1bkpT5}#spQiBcJM2gYJC7>bq(|T8ad76lD9cvph|YK+IAd3X}46Z zax@KG6qnwk@#J2{=>efOoLuG(8m%HC#7-0bIQB7Ys=SI&Uer)i1-NKqo4S`LQa)Z- zdP49JKfm<eX}vOTe;9|Bo!6Ylj}Jk z=Jb$QQ6R z{^rce(WujddjbAo(ho8#FZdMpW=S!TK|TcxLcWqJC99=uhBVMiEu`2oP$=?Ni<-YB%ZV%Im%{HCjg9J;gs!|Uy6uJ5_Pj*op<9V> zgaT6x{0cO|*1U|*W+qz>KqX^Kv`PbBBKoKrmBM{0#vyQi#8mVHG7TLoOG5zmWQaV> z;ZB$1S+CzoW$CUYDWishVPo_9={*^Zx+u?RHsNAR+XFUpF&h6dluF@-R=%?4;@+4& zY>rYHUy)vE)Ah2_jyH-2Q_7#)-AWu;)NC$CX1N}VA}WCh%uFa;E9;oS7#FCuxc2<$ z=IG}}wyws>n6;r84)X?40LyU}G7u{Y80TItT_~6Er3+Hkd(WJV#8XgA zfkivAhT=L09&tp}8Xyxb$z>P8i%zx^q%CZk_iv>LyRxov(-+~=4$=)h{z>UjLycxn zg6>c+P{OOaEu}OJei{B;8}$+x%N~1jQPhF8Ml|j*J?Gb0pmNtz4T06W)|-Q`g8Q-- zS8-pWbZ3tiFmtFJG!CYvUo09hl5cSo$Ex~J)`?_}37GAp=@K#%b%s}}OlanVf7f=J zx`nuQtgMfHHml1i})LiA!;+ zAo!38g}eSCz-(oC_)L4OYlbMP;dt1jy}&@&V>|V1cN5_w(ImYeuRly3fBxj{ib#(L zO@bNwJLY#L;@s@fJVfn{WgcVB+NjyE9YT-f$?T>7vXAl>HWlXTl-<_+fc6#ZyZ-fe z`|x||8t@s2?D2fFJQ$j5ozeYA^@F`sWe&#u`+X@qYZ`%1ko!ekugfZNkLgIoADKsF zT#ti?*{vB<7>0unal#k=;sWM(sNGVnbhYXr4N^^OnqUMy*w+?t(mEcdRumxi3jnD5 zin*~%-;=AQQ+J`P@KgMj29kw{e1_FB-IIUvlF{9-jPR0qe3OXkAC1h$U(lJ<;Qb7b zK*pB}JsBGv&t_4#<8sjEh6xxkOr(HoRgwZHOc~4?#en<#D$C7(uhhq z6W@LJzDYSIoK~$f88;*uZPch!s{wte zBZn0sp$UnJsrqKhw~6+u`lZV(1J6y>V4N(we?U6rD#g+e$7`;4Tq6q!@{VjO@V$AT zN(Td1p6sUxu2mif!eH^GsqU_uMBR=J!pLFXJq&E~C``u6GI6r{KTlcMD;lk|=P-g6 zikBTVkyr;sG;i? z-uuekKDM4~62FCWOXZ4DX5_D=^(nlSc)Ja(4}}lSGzev7p^GP3_7a!~A7V+otlw`Y z=0eU6d@nj5BrbKXD{BFhyS70oN%!w_ty{(KbF&sQ33q9tciWVH4qgn{I(bC-GAd! z6Ea-A9y7O@Ih_1uETg!%nad0|z4@`Wnmsh!oH}CGt!ZN%IAR>I)A9q>-mr(pN$@Gp zmTjU*@4SuG7v60KS8A9t`~l5xyppAjY$TUlS}*}#PH}fetBtO?9#l1v)@`pZla2mL zlF`cyTQy$KhJD)2IUYv&8ycR+;s4fI*Y!Fo=X`}d5asU@1#<0cIylN8Mf$2n7atzFwOw{oylq+?@LcATOF632qClNwzb2<4M^nq1)M zW*lgn%fOU@{4Tc%r(@Wfk@O6&ugO*#0h)5+=+} z6xHHK02v>G*8)zl9HYEa`M8nsJfVEVL||KOZtmg`L#SizQ?;6RmaiLnj_ual0^~h& zFosVv@i<*6s3YViKSvVySz~_kV^9r9m9i=^Zx*PA)i1S{rHs+sxPTI721uLjkoTCSM3>)jV z(h7|DU5R;T*+zAEWO#qqj4V{+&i+uU5OMSBFsU%q#CldF#6){v`-<^I6h0Lsg-JOz zGji%AlaslB`kU|$TAes^ymh&au_R=%O_J+qQlyT=3C#fJiedLdI&$f6FdMa-4c&y+ z%k}YlQk*KL>eN8G_^iL!c}5hZUsDVkYTf!xgA(d?MgADO*UchA%8{#exN3v()H zAiM}OxzZ^8&9j>l;^Bc`tsp`I&AE@|2k|d;YGM$$n<)B~;%Px9?VOwnHgu|2rm%8? zz>(MuBw90)(ZRvrD+~6ku+d_k_$+R`#6M8XQ85+@4iYv2r|~X5V-a%+G3*}o=fz(_EhCi<66!`^%EA z5^Ax@`pMHgM+8_Z40s>QIJ8K>NtlB@tw+ZFrN;A+Zlk{7p1X4o3vLImrThD2&{+_h zv^-=PUsb9sAGiA7nQd${&aauN_M9jmm@o{PH%jTL4AyCPT@6UBkC!q}S%q~vgD|Ko z3A4!&I%(Ag1J&JBE>A~ZhO|~R87w9E*H|uI0|%=Y;{ovt@LciIk*}ENxm<{}_`LkjMSRP3sj>pk@r63J<_IR`eM@Z>EN;Hm5ID z=4d-nSJBjlCP#{AyfP>bml=ut|1gFzWF}C}O6EXg)V`K5{}>oZcdN?dzT4GLVI+Bv4$TAXl=E2Fy-1bne@Fn$} zk5A4~Q($R`pv%<^$Qj#ztMOkIEV!s(@#)D;T2^gfl|VT#T(fDa=HIg7JV=ghE_B*_ zZ$~re=ACFw3nMKo6d4n=W=b`S46Et6-Yrj(o#ZYX`&o*Qse*D0&>JI{q*7PL++ip) z(;osRFu1^DO<6lQ#PQdjk+!YEaPvCIlr&}c&;UwW536jZni~eaWqL1^0*R?xC>?-r z(A^a&F}>#I09uF)A-4)+?F4vk@S05RE#57wH@CXWO(4Nr6jVs~_By&SsF=)68Tjg zsBo;UML_N(5m1sp`MalrWlEdrw~x;F=d^Hw>IaL8N;RHF-RE|9zT#vuFOl_kk%qpB zRNybj*CK%ZnWB@Qe4>Vulk_f4vckHrtn3@+N(hNl(PYyc^5rN;O1N4PhbS3jdY526pWIDZU3UMePoYA>lC@B|7nNgV$s=c^NON;j> zI3T1RZ4;u(kY#*BDOH?`BD(>G_Dd|rN2uP;2Y7t)&{pL38m*z1LnEW-`hCVaLwbT*$xgS4`%?e@YHF1EH0yrW z-1uTJ4F*br)M3O@OnW#DukA!w%-_P{b8C8!V${qeZIXqWR(!gm_KH#YOkNU}Y8o{wE_$GRBKd1OJ?(csru=2s$f%(}Qjp0h{;eJJ|eng}2tz|;JP+^zc zs}Z*iB$;doNxNyYOj?(RON8BnH+R)H%)NgvY>wmkpxFvY2If~4+eUL5vO z`>~A*ZEP)C(a2yS+S-+Hf`I`k3P>Z^G&YBwUrt%6H;@}>b;P$btC=b(!u>hRb&0+QZ?7{e_IR-g_->jG*^(4 z#g^wmNobHA@lXjwC)Ce1Y!^tfTd8|8%*`u~FEN^56a_4?oQV*}S*8zj0WN5zQqlQN z5)Kzwjg-#ZX$^IMofJnv@4K5ke5p6uRBU->PGiXtsZ3mvqZmEzkax6b2ogjyYWlR9 z0Gy)+1;<-CeVBy!vD-2KHelCO6U>FOd5U4Vj{JN--qh(GwYh!>{+J)% zmCQG2e|3$_AF78JX#Wh5DMnMy(&5F49CVl}a*-C1uv^i-;r4kS%4NDfv^bN0}$23rOIh|WS& z2{sUEb?N@KOF-)H%$0vr3upZVX^W-U!fdJQvs&IA4T|DTu92g)L%G2v4{7UDT%jytltKK%L^y}LK%fO46`=ENt|pFt zseI^{_u}X)6u1Wh|4O+2nGhlK_&1#@<99SDtL#}yX5!dByDJPw7;)Hsg|q6niOf!Q z2*^hUCz{C73)6CS`WdyF`_1??7SzeMiYDhwYKNW6#ySQ|GSACBhp5wHjw1F#{nQw2 z2|GuNNnXcc{&8h#t?9v}yZSMNxQwEd{*+hu{ew@uY+&k~diw-?!7|2Mwjr#d(_ zGM21p(AhZwx*=pt4{;mp!gnBNsn06!yM^kD;o8Vn=_~tE99@?c>{gI2O;2&F=|+E4 z@5!WHx;4b_*IDlCzEt#d>N3aQoGi9pBV+$BFhFs~je`C+^dCTHUrjFN>q*4oJ*X%| z^qjC`4~(jb5K=4gg7)vsBhR2`(wo?$coSTTP*K#8)1$Fomc&Gvgk@Vz_pQ#)wUkL2 z1lcz_D;xDqN-K_n_-oPX-?uCnOiq$i)xVK;3Di*u;`I8+S%Rna6-g`}96ukCb48c&1^ z>s7aDql?LQHxX-!uHgAnH5&Dc?@4-j0?Qs$;eEQeP_x;+ZQi+6Bm&}W{*4q>2b&65 z%c_hrTlCEpCYK3`CP)+|AE*LXDZpDt1qWLu)}1Q92as*n^*&0?j-^G9F-fGUR4I&J zG-&_~#&xH~_nVkgL!#=~J%gxCTAl`R2;_9Tr$+kUZLdD`$oD+@s5LTT--&$}2u+UU z>;~Hk?xH5Y_t~33Zw{!`E%yQe)+z$fW#G)d0(HVox~&{MV?ecpyyJ6`vT%%}mKm5d zFi#&sb)UpAr4RO8Qyq5h)TaVY<~Cc&_$-DqbH{x&K506O@wn?H>njM&d%4(_+7zuhpH!1+qSgJ>nnoKM&x&otyz` z{b;Are${0P&eLUH=A`WM?i}6=x-m6~?o4)rs|_XcQGZ+l=nquDy|;AsjqHi(b=;D4 z09Wem-}sqahx`S?t`|5S{p;(Qon_1-{vx$@iow^Oj!U7V!8-PfPq6%3BrQ3XorR|A zeigaGLxHXsp?IKp6&?evxxYAOkKw%Kj&|7^)w37MS5wKF8qngkWdi`rI|<^W!{BNW0;MC39L#?l4sYPOG#Ggp9rc;6HP9RP@96sH%tuZ~ zA!uB%u%o6bU2=st8*z0O%cT!kLH3 zRyVToV|(++UoXS)y~mI3TP`h?TyrjT?xesOOp~Vyxz9#x=Z0Ky$iAh(;hRg|CWgcZ zNCbv(umRj#&xvl#PtQ{y3-(*i@?I#<59`{(8=j5qr?00t|*PqGwvbh}~P640vyu%Y--W`nlNV%w^F}eZoVvfU<0b=NXy8b+VkZKTU z{JiZGcW+;D07vmXU>f@LT2b^9h1e{k0b_Du)i91)0d-ulFtQ(OaW7dKR)$TB`qMU* zrbUVCP!)OLioR^TvQvE}M*P=mn>Qo-kh3pam}T9Od9n^2e?y$IqbQ8k1{{o#hH3nZ zQkUt1QHk6?XoXwA9AmzG*|kb?AfrdwbLtKDFi#OcZ;QcC*X1_Jv&gaJn+vdo+~I^l zEcB6%yD%TR184Ir zsGmOPfyZC)v-=YYaJSP*-rYc2$}dI7cgQ*Tck~yj4Pc7LGNY#iU-KjLLte-?Ls@QG z4o0f0?@Q1#-Vx?e+p7=HCzD`w(L^$OXtXn;HaQ(RH50p-xIjWVqBd^M_F;0Yp5RFB z{9Bq^BWN~hY{a(G$I{d>M>sZOYU$jZAoQ?ibc+s`jX<)p|{1B|{kC-3Z?c{0R10T%xI5Ps`GcuB+&@f40bxyJ%uZ z^zN7HhZcxtrN^Mpl9MjICoLqTgg^;$5Wwh@CMQXRFGh%fP=pW;5)c3&$cYmjC6OX% z1!oVk5m&i-tHT4!@uO08Jx@|JWDrvD;n1zZ$D6#PfrE$J3=&$wSQ zXds9eQHQvb&n^2Fdr!Tepr0{Fzkea91Y8yo7BL$i8=p(YEvh!BHnuipmxxPZRd7{$ zRd`kW7BK`Ix1VTx6>@MOC=?tH@te=h@7A;bE9e9K1<^-zmH(Ay54YbId;`K2>6-8} z-HvPzw*M+<1H1*%hG0{wHQbJ9Pc`W0c36q98No-q)!&YLkE36uAGIHU4=uP3G zsb5F{k|1rDSPGvFTpXCQPehEE7=9nZ9{B$=B?n8&M2o;E{Ni%(hrk&8#Nfape_Y|m zNc{Fi*#qxs#?2Fbb2A0rILBGZbqg|u-XM=86Y1n+a=l{iF~-5iOUQqM?^zRN<#jLk@$$X=?s>*_BL2U=mm4bp+WX9Dt8_<#mMJ zN%DE_j1yDjU<*DGj)W7@*FquP@U`I_u_S8B+wiwx9FZns$@>J~g8)%ti=0-|Jbr4)%w~GEQ zSsH5{%QIC08y3=)E}GG#PE31C*Q=Klr-g-ihD`;AOa%qurPZIwRF$eC#iHQHTR(&b zClGE#MkR^PiBLttScNum2y&%wnCRIDx~$A(96da$WHGGDpGq;0-B+7%O&MLcqH%DC znsCj|Qdd|8SD)r*upGHSzk7s=ZhM_q_}#s#$hzC68o0Z=mKzYbZLT5m!S+L?3rGo%LZ#JQ|0q?sSX7 zZe8o`xWfvNmDSQ$|IdN@WJCbfsbI;tO4#ao>9H7hP?Ew$j8G5Y$u-E>gA5NpT@#up_q3y=S8b# zlVy5D&Mga_2%{zaJEgmnP_QoffgD>G-=S@*@28wlU0fI00G1E1oSt8kXAa8`PPWV3 zjj!kHN5(c)%SYSx<+s;|z2oc12_D|IcVh;gFOI|ISP-%O!+eT&bIU2 zi#}jKrD*Badf|hG4s+*_+03#i2CQBzEkH%N zgi^>)rF?>-lu(!!lb?@(9t%}|H2Od)XN`M+8U4XPR|4^=;p^!Y{406>tWA1YFCasSlAwMJ^&N2U;_W zgtqiojO3VgT#ta=#k7SUDjt+v#rQrrk!zC93ItqJri2Uj;G>S$cXY?1oUL*{c zLaWw~IS!5qU92x}Cm{q3!%rRoZsGCof`PAbu{sv##)gs%Yf+>@lmaWtLzGA)Q=p~z z141LxwV=3Tw9n7w1x1FP@nNQFmb}Ua8e?y>r2yWu^M@VsMBaynGY>mbRu_}hZzF&~ zdm}Fz9kv_20L)5JVZg&08Ul(lx-jP>uh|Ne#u41HgBm8O`9Td2Uhp*siZh;fCzBDH z^?4s!Ybm%+CQAmIbMEyX2j5R^?yTNxw~BacovdD*Lt4gz*+-?tQo-EC(-R!A0j1^Z zUu~dDcD##RQfw%?_Yg}F=EMEvZ7Dc8TJA<->Q`<|kg25Dbwwv?v^g`)MvO+o2zlum zusOGW7WTi8znnhN#ZUoG={8j-XJnTI6b_h$u7^;H*#dBS2+vD?>`F7IRRYVO~XN9@bJBdR1(dyYQ}@vw#j& ze_rY~&)AwW~N%TA?3lV5tZg;>DWc5as4;0oS=YAu`d~DfS@#@U*Ux zB9hc8OD?yYkpTw#ALGWcz%Ajw10Vqfh}IVs1s2b8zqDOh23QJ2X^RcKfV8Uvs6XjT zv@>=Y+(P~PP5_9->g2%Vlefj?>}H@=;oHKN#19oD7=Rw)gMv{O0Z8=n#UcBrY4x>f z6Rf%A`d(`IPU1BAG%yyJe0F6%32-45*uedYoryyj55n;wbjj?d0(rg_u#iJ@O6L(X z9!ebWLL<6xI!nTfyJZ~MKAd<@Hup!KFgwH`JQWIwNuHB=pE(ama`1tFc=j|n0#hwaix9{K@)EHD9)ZB?$}2&Q_=AulO|XhbswXM=$oZtK`otF zyf6@GVqaN-zSo72D|Y?iD0p=oRc+yE?5f4$jabbPvN~M0ii5vpq`1lQh~r2E&vrRN z+2|G#N~>OV&Ok^aaIsq~vcO|)D02J_Gtp^iycFJs6aVof1GL~G#VzYv&Uc2v|_K9*; z9BFyc?>q%v$A(YW(+<&smw~(zkPOAjxECMJhk?h1!|ca^qqa|WVMqzer@duP;}`N| z4eR?1VY%(S*u_iteF0!=PrjC}H=COvhv_M$5s75 ztGF66`F!Ci))1UVf}eE$mJA|bPJTa>T~UtZs@OjpA37ND4HKb5$aJ}NMS}YTU??Ho zfifJtQBQ`sN{{=P!>%c3hqieRO_ zV;N)YVPjlja-**g zQU7#n7Mhj3DjFmgA_j15s4=n9dkhI&QPM|oalb}&wpeD=pYI`Kx$LYp#Y*FFwIiRM zr<`ZBSodI9Y6e=S;^*jyF4ss_!8JSMEqLVb^DW|*OBa}S+xqX=YA*cm)t>Oq&}pc1 zg1elX7Nn!_-5(fSmwG+1UCo>nCb9T8sl>Y4+Y;1nY6v8uC_D`DD}AT!*;Eihl(vkJw%6fZyl2-SQ09&c()QDCX+VQWNEF;9^+D*pVWJd{#TQ zVn^JjH8dT)HJGIuNrAdd<7H5A^!lii{2^c^InE1mF3SYO&p=ZI4~CqXRB2ex6^|rx zk4Z4~7z{+AY%|s+cUK;+UX{*n;7j-YukI#=5-}C4M7&`Ds{trP+n=EbdRH?i+BJ&-}`i%g#T^!p%@p~mGwHx6JAw*klmo5Wq1ik|}T+s!#@O^{q zqsS?jXvVBWs+~87Q}VaxIE7=M%9qvy58!Tv#Ungu5VYFqElM+A)belSXKH%PAcl+R6 z&J;r2V!IwV1zcXHleH07i@jh)fzoIRX8Bz{T2L}DI4fu(1WpvNwzM_!nWtjBK6@d* z-j2HJ)M`BM;^FddhbJkfh~%ZwA#9_fg860LKW7mCQtRUT_F*GOrqCY~ARYRkvB3Ml z)VBt3xv}`XFGK0OaM}sUD_#eWl`0QtNgnG|_xkto22Vj2v~!B{aZ#Oerp5G>$nzQm zR|+^%iZp2+w7;k9>gP+AzE^KMFLTW^pGVfvMc8%z2A&a%p>RVnAB;i1>;6Ohvn-P# zp~blhc=1OfppZNo_SvR&y%_)*-lU#7Mjt)}(-YUMxMA18^4~zN5J#F0gQ(}N12;`; z(^LzmTT1`DoP|8|ZFY30F*cI>Ngd~PoRaU!B~?5q3|QhZ++FCd+ZuPC&O=|`qdiV) zGTUd+R9Ew>`-1l2d=y=;l&5QG!$|wc<14T*+EAqcD4dg!A2sbKyJDAIBi89W(^02M zIaq2(*?L(j^;RjhgpeMkktz4+=21ee*Ikqn@|a^M|I|JoE{7r_UY#JKy#4Vx&7UxG z_GS@+f!?rFvS!OAvE{HQ5CmS?B|->{$2SN%5*A1cl_>Lrwsg}q`7zT|ik;)b&3-Hw zQa2zWJmiP+N7xcQ;kb#Cv7Y)Ya~UWOph}e9td|5urDWB5!kLhnJvOL7WaZiHoCw$U z+e6ai5!JiYTK>;W@RbO^oz5V5Th1*%DZf$MZfI!>9V<+l7!R55v^3Gx(-GEVf2s$J z$lN)Nu^bg)8tPO!6JrESM?6+Zag!r$Q^_4uQMQnyEc-=BbXpzmGpj6h1rftzx*h*N zK{t3AW1ljL%3EN*ShN~*B%Ux*A^2!I;k>I8*U4=$2i*-^Ga{nGGqnrnpCfk1$4{ysw_kXn6-Z8ZmkwRQR4kT|I0B_H~5<8FYy3U+r zST_wOfohIyx3}ihr~Rvyl<*@pI^2O!%ln;%1>-eA_I(MZ|RH7ifYw8_Lv*v@Ln3y#L$t z4dJ`mOW|ewG!K<9e4vS<`3)HHBVB4>@9lkr=UVqa1LyD%YA9~FyvOn3SQ&SiGS%O`;S7Klmy(|;De=qq z2~|@-J|yV)BWJLa+{c9Y?54x$4aA<2XXw5|C%tYx!4H*nCMZFYssS*X1#Y)$4J?T5 zj{3dD=^6Cht1*Y}74H!Rfu-fZwBVUWhW#`;o;%?PpNmiz4{ScM7NpDss>buC-_;vE zRAn*5RNg5pN)(}o&j}=i5Kfq*6Sy@!-_}G~50v+Jb;E2I>=N-PP}8yqylRL+2&I#< ze+$~zmZu9u&u1tV$Tx=Fk0PO##uP%9@Z@Q7QC63T7&R(RZ>G=`luK+D3(9yB zEQrw(r)}5k#j1QkeeO>^`uGuD`QDa^iF~Id?TaTou;!M2sLb> zV#H#?v&BgU%(KfSw$7EDmw)Py$Vsoa=_C5UxoVW}Eg7UL)g)0&p7Z$Cc2dcfQ5L+r?~MG?z7Xbo$JRFa44036M7_1afY zo=(SPIkQ_+NNH^8t38+o?2mJ7M^aM;b4T;#8}LVuG`eqr>#knQs7v|RZO0ZP-iYaS zBLmu%;NR-YUu5Y~tong#P?+88OSj|KE7#>Vvzbv&yW8UANpZ5_XYHEu&%{87?Z;p;y5-1XytGNAD^)WBkPv_gkOpkT<*LO#b z&)3z1?9b?$^S8%Q@U6!;eMy6gT5Geg&}M;d3*8_f*B%oYF2 z##`|4y5Hj7FWYxRA7y*qUKP7-EFOLZqQ~Kk#d_&rUaRl&L}uR&ug{sl|8D+68PVNH zPW91baH4e)aYoKDxl z^7XQ5nfZ|MtWuuT2~(7&JSTWJ^z8z$C5PI!+wSZNEQ#uXw(u zpP`;6pK0~7Rm!E0C)_qL*8UP{@y+4a2GW$mg%4pFi>-}lnFnJ!?1jLc8s$_{5@%AOjK1x!bJ#L`<_E7LgLSy&XO55Y z&@&ioL%ffKtqV?^5cq>JZYE~je3re#0d{Mzbn+dHglRymnaj#tr`oSE^)YCpmcV$a z=rW-!>~~X81}WRtM?+g#Vpv8eR_7Hp=EMF!E|4*Fjq6Io9n%|k7u3(o2OY<+hGGYF zEYD|WLB?cU0cxKF?FkV=lq%F)f1$%*cG*DRVKf?mIYCB510ir3XD^5W<49Ou{e(E+ z-ChMks$CeXZwbwI@gAnmV##D-cZB@Fwm;UaJ>8zN>~U>*tKvF9s5`QyP&2~qZ? z*eKqbi6h8MPx%%gt3Pk4^z)uzRKKPCUd{T(f}XRVkKb_%o`Nm~3_EEsg?y;`C6ejH zc*k#S7a24zhCOnCsS9NETKssZPQ5`{Gc)MJH$!If3<8#}m4NX&6$+8#K>`BL5jDaC z>t?{1$d+oUl-$B^L#>bzI|{{=y4f6s)|fJ5*g+vMP%BMB1Q$d%#N|^U$>U)1+V6F{ zKZH`0_ex1N=zw}_)C>tK>2FFYZi(tW=UU@C`DX3RQ9tyz5A#0$c-QH%LJ!B>j1kop zwNvK}+b9U))ooz*(nFu{=%?8T52A#ZNGJ{O4ps!1{b|bIz5_xZ7zA_@!puS&+LD><&wO&ml801%>+EB?chho$m$faDTY4fknr zU*e7ugLqCoMA4lw<ar3UpGwK&ob`%K6F%GBp!>Y@}qiVdS z@mj#)Xo_4Xj#+N&=21JWnPXA#tX+47o65gxpd2s63nzA~UczGL*iP+WmX3NMGnGGG z?J8dEBLe0K}xbV`)X@T^Zrb3gV8!3S(!psg6eF|@?VyR6Ys~tmCR1PxWMdju%O-4NSF-f**=2F2WS-O^PT9*k% zYPgnNXd-HY4lnZsfPrcw&7;;J2YL|j@BjrR&1!{0y;78g%DF?CKw;Is^-eEQuV;yM zu)v*;_KQ!>6H6|lP=8GhRR7-b-v;`g^rCo?J6xQXO65rBu|j%SYskVXxS8mUf?(S3L-@PqcF`BE(F?Kb9tZ~g;rQyY~G*8mydH?cN9ZP7; zB~Cc55#Q|yX?crXm!z36!CUFwtLx+mV3|}9Ff8kM2EI^OH-)~y0N2GOwI_RY;J%ci z%ICz$i^@E8c|i*!;}oI@85+{*5a-m^U8{=R<))lKCKUX;YQEt_^1{>yFkJ4H0~^?-5lTEenp>btWIzm^ScGr#>j0ToqH-+Rs-a7KvMzIS5-3jXzw`Ty_S;*1~3wO5wh*jAowEzUg(m!@j3_P?E6|5liSXY*$H+VKB2 zke@_kwlp@)kL|#voLsG|`dREvd5WPiPQ(_1SAgK-h=^BWiXofl!1%DmHV2bez`qch zVlD4LN>k!|f;o%1l+!w}!UG?{7m4}r4Uiy^2ya_dI_qs48z+Y}plcRiRux~2sDW+M z1M4OoUiY26@-=u*-G%V&F6FsXxtcFfa8ty{0?R0#uHZ@L|hCeZ~x?_@S^(O|!~ z-Id*Z0?X)g*C>M#L-l2-*3H+{Xs~1ee~+xhac^1W2eZTo&uoN??G*aepwj{zC!(#5 z1a9o+tSgNlyzSRUG#88tb{fLgid%WqRLS~U`2bPX|Q}HsBgw84uWR$}9-` zIPvdDGR=4#;YdnzJ24PUltFYYHSQ@O{kA3Ms4e`ERzy5XUp51=r_-TqAmOB6{_nC%Qe&()c;^Maq%x!* z0+mk_b{ydW*kV3}rngQAmMIa5ooq}?F^oM?v(umzF)EmgymzZ8TG`IUJtUEw%cl!^ zv6m2kTqQWTSSlD8*@ulevCGGiP9>iWXW$L3J5?zQy%u7Wj1ZG?KYR0-!aa?4*_tlm zqhW~xr-NR|-F*-j!qDO);|zZ1D{k6Gox{<#LoXCPXNf96?iWgWj8ri%6QzEDmVaDM zjnLYguDq<|q=KvrqiD3;VA3_gk)g|GBCj(Zjwr7K`MA{UBEAAl>}S+JgFhkZn*KYX zf!51R7)cIUI}ZUeGXILpt6FU{WpRM{VT1_5oAjNdsRg4((H()3N^y_AK$-Ee3e<{` z(m^mTKv3J3Xu@-&e)9%-vIcpp$4pDOOAiWV&&wgx>PWOR8%+x!i}Q2W z&{OBCq0Cyft6(dat!gZ~oFsQFVfr7E+^2;YL531^4n*z=Nk5tu7w9BUVU(3{_vy1y z_z?||)u*6zhV`q6r-%XyWHdnW{14(y%;4b;eD++x?6!%MP5(_?4uwBfAL4#j4?}z+ zxe@KK+mR=*%9u@^kXn)_kEMo`*?z z^Cjddvr;V-TFTwE{CZ0Px4DxMRG&D0ICU>jzcb;#D(DA+Y zrppaU2oo+HrJ16q&7d|;Uu{`L3I*G7$YIN)+i|sEWQGAmg*eyp(loECAc!oK+;@6(xsPXRC~zf1*?Flf0A` zj_#!~2V@&2jd3ngC5mey3Tr)=QO6*_x8dEbt%ty)APiqTnPWN^sF9P#2z81d+4+G} z?Iy^dxWIt(!2lLF8sJeY@pU}kro*odwZgaA@*f2EwYE;phUeMl&MztI@;yO=N;9da zks8+$n9qfS53yoRHQ`E!HMJz+8KaiHCQ}18ULStvBhc1Zgi=xikL6y4OJj%CZZQ+4 zWRjo0cS9|=-S3vXCFQ2GKT4cTdrg<|l|1~Y-2y{Gh8W8y@qX*W8vIjS}x znqIUz`WRp53i%ABQB&ij2pv+uts%Y0WD8s@AnQLDLs_f}Z*Z+Lv(jt` zf%c}&|4L1||F7OXEp)Dm4Rt zC*E5znsmc-S&~H;wadR{d+h~a8VQHZ86`~fm?Y+)Lydw1`8r%pv|371smNFtlIQLb zsfDn{J;enKKLzZXZ76on>*jj$FkhXWS9ihHsTNJ?Kq9KV0<~?Tksrg1Bj1cfNPc-Z z2vidAVa3r0WTmx-&Ne+A0%3aI7YwSbl@@X$m8b4jw@3QRmVUB9b1N0}M>yHnCwa?F z#zjrtPq=c=NSJz%;|X|r{QHu*5uqmJ(!w>MKj{u?Jo4jc6T+x$$Akjfmbv7YI-8|c zt^63#-7qZ!*$uwj;e(~;7PgIK}^J|@JZ z_^-8)QCt9m7+i)#L3K=S6q}@k94wsp9V}x{dtaq7h+T1CvIAVI0HlH(O+WnA-#2Jc0%qv*j%m?)-zS(wHle$sbg%V-H}LD2;y~jwgpaS*PU=Cy=})%n$5ul z$^Zq&;XOoLi(E?0r*Pnd8_Nj6l)e;2Nwipw!a~4ZM+}T}T}q9HV3UDe!T4G&@BiRf-wuS3)!afo97C7Q4&&sVAZMF&S1Xi@p^FPmUkz z+Go1a)i1nx{?JwoHtb?wu$~YOoQ>wzK%W~MTmpSW$5$A2K!Ac!Y?F0jMJutT<`iMk z|6y@EBlYfab@|I3XQQ#qsoHmS{gS0Bmzg$iUVN_Hr;f(~c zl}bKymfd*P)So>Hkv2yxVe-VbtjOJK34I}|08p9Pu0@+itLrv7EjA95odpc1hb%x(Fb-mtx+e}%$ zYmSt32z3Q|WgSGIu7r}8l~l@Kv2oV8Y4Df;S%tXRjWTwZ7LRysM0yik66pLbb^1@? z>+(*eL+Jvx9fUR!u3bI#YpYC8^x>myb>(TejVY@MBJXCdv(IIgq%T({%`C3ZPxBqk zDv>35DMT9U?r7YM*RpUv=7XQ2kkDYEvOYp4+~WR9thM-&X5Wmz zUop5v+pRmp+>IYycWJQ;jIMq~6R?EnsxkfRWltlOFGOE7*FM`ZHmTX6b(O+&q1}-l z^Wj4goLYKGS?{b-8MDN3<_q@pww6d$7K|(x)|;z3CsRCD!^OWQq~jdk65X_8x-V?j z1JTrCIcNS7R#sc36b_Sl1lQLOIX&f^=}NY9=_|G=Uypa^hZo(SRj-!=INqP{k&~RC zrygFP&j0|y+ls+bAde;9#>C>#){58b#_88!80Oq;({1Ns~IGE7% z2L+u!VR4BAG>0Gg`YCd0qH-v*WhSz3vh=hjZZ0Cy2|1h`NsArW$;n=nIo{cE_6;g@ z{rP@6dnvgNSM~VWT?j3~`>Fr1^`Q*d__^Ghxk-$tcj2vZ*}B2ozJm3Adwf`^a5Z^( zz-vP{7HsS&{ge?u>8R)FFLC%8Jk@&_{Tc0fYgAMCrFiF4N-mz&lrXgpZ_qR&N5Zq~j_s-4#Mv@27w$Al7up`z1MO9biT3ehO;3ehO$JR*B7f zz#RN~ea;lB3JT2zlXPu8C7O%gmj^z(6BP*z6{iL~ifQ{49E%mu3KCPLg{R9wk1Mki zGko&=>QG}qP>?-;Rod?j-OLCK`>?D;@fPQElO{vN);x`Dd*K!Fa;_9uI4+| zfR%V5D&QK7s7969(28(i>~<5#6sN}y5ZRC;yr*vR$J8h|GfJ8KX%ohEQ6MpOj?JmT zKF2^ZGdyIB0@Z@7h1nNXb&b4}hK?HoCj_-YN(KXgADaP4iH6nWHh|fLaz}HZs2fWF zB)`_PSWB_3P?tS{TsJFnxkC(LG1jnISf}%>wE84c)s<_}n4IuD-^@^rfC&|aSe%td z=HcJ{EEL1N;j3$jj~AiWV;0@7LZVVXqK`6~Q7Tf}n@fA7lM)Ru4w21x@}f~bkQ$vt z&{Try+-*=7I@X}<=hcDw+rBkT4Vj}B6v_qG9U#?u(HuwI*oL@pjg_zS$7S~Prc{ER zM!e(ol0`%}(64jTh&ypLF6b}ghG^`7K0>_WHgw`TlD2bJy#TuGOUH)d|wcbDi z_(TZVKIEDf1vLuOfa@UD8V7LavIInBQ_|HOR^66@w_!ANGPLY^s&7C%{NHlbzeiGG zA?Gee;7DxsDl7=9aJa}Hb<`U8G{M;EPKpk|3B|DknH&i0PZNIvE{Mm;K~94Jwb4u6 z&9VS2j%BnC90Kbyu3s&1LASxO|2Y7Hxq;L}73~1ypXwiKO%CNZ8LD9n9&j1g%0NOR z_T;1;R_cN;$F$dAQW^QWlAISSGjTI3E7auVXDugcu$b}`43fs%4Lc=MLHY?OLjBIn zz%a%;5q+Uw0j{LcG~UozgnUL|*_{?*5Q3o#1*WV(3shmllWW1&@Vcgf%CH~i-iqfg z@8;H!j^rM~q@6k;8&vyfAVQ031=3e!<=!em2hrO4DWsB7*3im{>|tr`)Fy`A;ER=LkAj|QQCd61_S$>oHsS_ISk3gRrDATr64X6 z(mhD*Dy}wkSXoDd+k1DEd|M9KBE|8ZW82kzSeg4Tn0!}aaI`u4qrQE$3~#Lh*naK& z(0JB+_xpFR1EV2cl7J5Vjh+K{pAkoBoAPTF=dEos}79~zrg zrC`dEnZq*WwcCH4#wv8*`k^RDZP1dFgMmWHZzu1}@Fop&Dpv*2g-N&XT=*j;To(n# zQX;t5K5C%-nl~m?tyLt=TKCHx#}aJH3|i-8^;3Xdq~SRueFjL3iBggMrNc$!pdzXQ zg|3peZC1e}f#uhW*bg)Nq4p>o;0qoPRiPk)@i$GCw%04L-t*?NPe1MKu;em^rT94a zt=e3m>q=EJGiOo+#jB1%UCh!QBf3XVi%8whLUWcN%vlUZt?D4mbr{p&6Wksx(t*fI z;wK}YML75svQA#`v|Qf@g_u98^9=;e|*+qu7X%JjUS|CpLBskr=_K=BY71KgdRT+8)SQhD4eup zT(7dx5o3oFFB!MDS_W@hx>D|&*6`<0LXxZGLVI|Pg`+c7SR7Ks@T)>oRiYQ7Yr=Esb}^i2sL61h*X#FI4qKp4Q(Rz+mf2oo z(2RbCGFpj*=bb^m_2H6Nxaxg!G{E^5DS;H$Du<_rmT)M&fEP&UW5l(RGnSh08cJLl zggk(x6=hR)fu$)i8Ve1n7}7f9>S&OVSri0u)zySGFR-v*_-JXB$$6vL{t1%rC#e?y zOCEI=ywIcIRwnQAuj7fk27sGd^^IL<4G?|dx>y-~}X*%by(>qKsT=93a8_kvD% zPue-}hiGO9G@%%$R`KD>0Hz|_g(W&_U)I$>K-OAvaF`zW52BTuvd zenOU!-DHv4CKkKvD|YTr#vo~0`9Dn)v5VQU(s{{b7=*5;CY>ylr_E?o;1u-1XwKPw zcp0<%2jWr)6rjKj*G?%pKu!S@5Y2g&ReAl7O6w_{e#-OpRJwP}>f4;gp;0+mF0mcL zB{tGW31&`+dAdIJQ7bCB7^7I=cu~fy^LIR$LeJAjj{7tO5+phnOO1kFfP))!-k--o zEnHyNB1^u7Ir9zcOZ(_kQwug8e@1{hV0l6wVe|}IQI0TuCE;ZKK88PEU9=MWaf(r?JdT=H39t$*3P&s>DNS3xbjVcPpiW1$;p`jY;{i;vS; z1y&q|!|$Qf+FO`dJG_Y5^wz5Loq0Xfu^Z)QW73b){>I8rg@qPSifu zMnB}K`Y)C&&3LmzNzqS3SOWBSJrVY8ecA|*v3hLLY(sx7Ow)-7*%Ilhif|c$5{ppO zh)X)wpFiuqS^YHw@5I6bqTf`xfjPAY{_7r7X%wY8P3=%H^GgdBW(sd4wOCnD6R5iY z)heyZ?9z#l4q<-Z2CyNefMw1H9CiEG#`@Q&a+0MPqUVnmYS<-M{3{C6phMI4wlItT zH!U5h6(rBPxGP(m)RPu==D#8ZGj##wo8_8n{3u=JIFI)P4{vyqE?A@!y&gVa;ueJ{ zqK=(K%bGznqJx@1>Y>?|KW{NM=q4pKtGdcfdw(C*5xq49$jnEZ-$nx^6>*T{Bd(eE zM@-hh(8EX7&mOtTW?SadC zw82`k^f9I&q9w>xAoP|GC*Y$4oa~0=xvw!-6O}VecFla)Ms48#t`_8-hLs3>B74l3 zHD>$`b(Q;!esoad4^}cjiViO1aBzvmT~Ue0B8kiciVF#;CN55PwN${IG{qG`rfi0 z+}@;b<3|nUrZ9}Z9K~7l16m;EVe#kXi5-@`iu^j?{9s8$JUKIOUX8RzcAC`io}g7W z!*B#`ZhOTkj)Ck>a7#X>G@T?=E_XHXN=mgf>S?xNFeSs`P;0VbP>Y?KTTO%&11tE5 zwhk-z4Gv*o+wiI)lbONYFmN+UPGu)~+@Eg6LO(d!cbRh=;NT`nyc2%8N@k!wIINuM zsfupYk;K?~jQnCQ{zBkkUz+J5@C-%_IuFQF#7;j_{0U$)MoL&f@DQQ{O}`8AL^R^A zS=c6hZ@-NW>xL)7wP(T-n1aO-l-p>pH@aP4m&5%D?T_z+n#VH|-+~WLN%sAX#*I`~-Q~ z486Zi-uNsXHKt4bskhAQ$CiBwf)-0+F=$pMzs3RE-$It-9>Ov(8PK(J>l>5&5M*|8OkMI4D^ln5f-o)d0wk^*PwVRo4^r z0Kzw>czV*Dp6qB?+%qbZ%~zEZ!bBLxq15rmJL4ufvT;wZl;&W(=k$-*XM!-gDo**M zES=ee)ImCvqXq)|-hqj?+Mku+Xy(pQKLS- zd)zF}K0NK)T7e8+!LkQYid-vYtK>b=aL#9eFWURbRQ4J$KsVOSZ5wqo}Q#JgUgOu^?5`q@)4?L!K`XQw>g&m0Ak5>@0)$Tpf ziet=H194K`h@d1$GkSxNnFA`grEYR|hjyUlx4s*4{@lAD?^rC`K&cEm<#&MMdIIyG z1QQPBaIN!16Z2c73sjodu9ZpA|NahkZolo9<^73ORk}&OR8dS56m?bg*$O!=?ess6 zs%>^))vF`KYs5J}mCM5YX`J2WxjB(tP3OTq+MkV^YW&4qru?##a>q^^oOPYmIm^>r z|1v8am-Dc_)WcX@{n2US`_+E--+iTfp7njTi&iV87+?frX==thDbrQ|y_K*1`L`h?4H8=<6V6HD;enC`%h92`+p_%u(SPdsb@3paOD5R?fSNQl0bq08XLL&pb?A# zPdV>F|CzeE8c~+}_?|#@0=AgxK|9j*GuJ~xcP`)mR`!{p_%3C<-U={#Xn5s z;J+Cs@%wFf{BUYpTLsx2{pI4&6)bnasxjXEEVcDju)`Af&!$`b ztM=+hH4DGxc-ATQ&k?pMYyWm1yH>U5Lr!tA=8WBm*>rjR6b9z{uVl_ZhceCe?GRgQ zIORa*vMS$gZRgeH`g=0CrM`4=B#(a;Fu9nOLQ-4hmDvNBJ?bX!axE?|E^yM29aqCq zQjyu(oEQw~+ zQPjl#_?XZIU@dTofEx1pkd$v9R6oY1@31)ZZgZfuJl$)QH17>28X3lVjdLXu9kyKe z7$7y#qNjw!yLbYO;lP4nVH$8-hA!5%mox}G<-)dM3vg=R0zzX!g~h{zah}^^mwE0Y zZ{9uj;?f2J`5+ssC(td-96N#vmv=dj6>Ohhq3v|PPq}O&Da|g0i-Ow0fs1JA&Y6zo zt&BRJp?rL&*L)|EqC1S~5>I1==p--2c z_Xl)0rzB%haKrmwppKdh16a?mI$t(1=d-ZzZMh`Q{>?)#Yp$dcqMB}r0w$qJ(0KUr zPO&oH0LcB1jYHBU(WR){t%Mj=xBDJ$#&~VHMPgOCPO7ANt@xy}oAV-9MXJp|vmYXh z00$(cv!~DCfgS+w98$jOse+IQXaYfMcsicS6x{Pm19r8>kgQMv+`m}xEe=Ai!&#bM&OVID^Rk6P%w`)Vv$+v z_CH`l`&|tC^OqTC=;4v0abF_Z^>|91L)}&oXQIl1+bRXm1WxkVx;oU zdsSdNhn1Hx_jU{xTGQGQbOdQ^0S8F*CeDd|Qd`1V5kS!K&DUz_<9kYIp&M-|Nki&s zbpu&kiR}K(;^Zx*6rj0^mh-rZJxI-Kz{{!WB*dLN1kt-vYY0__wm`3Aql?2tDnYH; zxFvlI4xv!YY=IU=ExhhH-N+q(E)+&$(T{HV*)my;E17sF@1|7A%$_fYtT06=9Fde!NaQbk?30- zvWvape!52X$*CvV&2V)5ED-E#z^N@K45i_0k2F7GcP_QB_&zn?u2>}x4jLm}$$XtS zE-20Xx&=A(igqg60j|xa39BsoN8W#&sT=}%P^}@YJUT;7S}&rIvWCOr>?cWRuQm!q zVN~ibX+{-Or9=Qj$oI*o{-KW*2?hKnz$17KRN4mW$G0dqHtGvRr>n5YJ*qelss8RB z{R7K4r`+?FUdKYtRkoRDI{wwqUGY4BkUaib z{~FR`?zD&wNkMu?P&&A_Rro7p3MpR@_=SnaLY|7ltDUcozfZAUaew~e*9BWh%#@9Y zg73%YPgI*ognSFYf0!#Q6;)8NpNru~=8m6i0?t3t?OH|C3nRh=xU-<(NhLyiOo5H3 z(pXWdD{ogoI zKVDj4BS+7J^tlfBig9zUG|6#FCpR|xR62@QV=@D%3J&Wk?BmAF2vAGAwW0|4PQv&> zxc9);N6%pXdU*<1vdc4s^~Wsv6Nu%Sa=Vk~p}rVdKk9hgkp~#S?N5uB93WPE(_77Zc z1`YJFpOt31L=SnbH05}A4JujrH)$-}{q0%O8Q)`K-Hy=D%9DC2k$77g-WD$IMZl~e z3!4EG!2lQ6(~Fyaz7EPw>*Ugk!qVi%OImj$)L1ZH|VxXYNB zq@iblZ%#w0@1f7JxXEs-Z%8$fLEz0sT>FC;14#`(F1c)uBcQOkku89q$xuc0A+@O_ zQlajQFHH6Bl;)P9VT9BaHpM*9-IkJi2|ufbEO$oDJ(V5eA8%Qe{*;g91tro4NYtBv z$=vRGR@J38cL`eVeZ@-cLfdeQ|j)8D-!x(GC>=D2O3eCWJ zD#Mg1&+rk^%)^u6Hj)o0m1dFBrYv%WrqX{N(x2Y#R#hyD|}#p4FY$q7Gyp1x3? z?Q-BPF}~B&`{DBK5BUiw`Fpz|HRVPgB2W-MlzXtC@eHQhd#2HCTBv33&L>t5d1VUpVni zd*^@8H2KNL`1P$(y{am~b6JxStB{7_3mER0ZQx7P%UFS{3IkfoP>R5ct;R4cK9-nl zF_wAP`QvlFfIN#fTvzK{_d@V&|F;Vth1!mDY78#OB;amuulLex?DLFn-s>h@&|?XW z>mb?Dq!1t?)Cr)WG1nYglaXYVB^l;QB;X7-4lf@UX*opl+7=Vh`t{;RijqJ>Vi1WC zY_(?)rQhT+MN+X3GIOYAD~s(+BKw*epa$x0;5=bc?9#t@-3zimF%>ANl|iF!Lk zy?r!h`Z-H>=AXv8$TVDh8l=f%B72bx>Om^uIqg2$%{S}n=(0z*ns4lL4#+P8sg~{l zOR@!@dPucs#TpC$q3ayQ3Cy(GvDV{4A${~`s`H7UT#9#Ow{>8ScLw&MLI(EZhM|9S z2QM)6Vd~h4P^PNHCzxj(aiBmf>dcvDfxw6wvNc$)gWixF!hKz%*e?m5Mp^Ufd!T0Q zye*l;Kbi~d4zMxpMrO&VETn0%o})>t7N8Sc$f(yIZBmhwR(h6Ij_5H3Gc3Ls!nbnn zGV{mX;@gK8G2;#!q;eo<*k7SZSM6*rdn+y0}`r z$sSR646%1`d!%vwmLZ)g50iiUH_1~eF=P$fx0fEH@>W0eHK*)zQj5E+LvL)7dL+Du-3X zZKORrajRqYg>`K0@OJEzJ@{LxiTf<-=em)T$@?j~sYJ0~l>YxlC;t zyeS#e9Dc%+MiVpEylXMcYkGbxn`&j)r|?#_%SI>MW%s1>W}Eo@0dGrnhyZivc*XWL z{Yekl=I=8+j^X8VMm}sMe_JGBCp!#KoQaWi`GCp@c6i&;VL=ya6<49&J5jnwqD{v` zodJM^eGnJ^;N>hrYSj<$& zCzF~Bv;t?sNHJ#_n2H%ijH4JY2I&B!`O3MW z6vtg3RZkNwEC4*L%D5kIs|(f#9ZIzSz0&{^U-+#=%rrUBtu=XC^XK`Gfy+R!cYtEi zY3e~Y2x}Q~mQfAota+KFrV9ml%vgMlyM7cZHfoUk>-gXo6k#HW6(FM6v1}^OiB3^F zvMFlCp0aw(lc=}T{RJ}QsR4H9(F|RhMC?y$-ElGGSUqWONsuI@q`SNi&pk0+eO6?# zfLEE(selUmI8Rj=%KSfqMGmJ($I@ukE^@>supk#NcY6jqJuIPp2pX;6Z|S)aG|gjE z&r7x9nc<6A=Bz4t(s#*MVOMN$&7riX_9A23|jbVt? zaggR?;TzDRXggOO&(x{co~Y>u#whP8EV;s+=nFnxZWUL33(Spt$m>mK>Ele6&*E&BO!T$yVYl1r>G6pnjFceI z0oIFXkAUQ-R=v*{6RxKcGg?u>MPa%%G>oXM^t?iW8r4bRo`cUZQ?f2YX;OTbMere# zDFBp;FE>uG3Zi0Md-H$;$N^1vW^r-3?k@VgjiIuEo^S({%vYxmWL(Z)(yh*M&ff!( zYAAbe{??iux*w{{ub7jsXcs>w9e6-8oJyx+4~yzxYmwp^#K_gT=cpyig)RaaJ1J(E zlJY@MclR*?F)F7B9RWQk5QThL{4B5*K%6c#qiShh>6O!Q`%%e-4##_KMZb2~?1}SD zb^!lcyH{>NeFuB+I+_kfUsN0GvOy)0Ymn_D77(KF_ zYx&B3$2FnR-W$g@gRny*iz$Sr_qWB6du}fU4fxTKI@v$F*nE%IZyDVB3Y%_37-_Eq z8}%=v#n1P<9sEB(3!V4wxMAk3TI=qMPDy#Mdw4gb9*`qsYtAO7BjZus!s)z0rc``&fj--pdV@cRD7Zu~#&WJTW$ zAKUrga@41ujk=Si%U0)v+(t5`seveZJ$ruH?vZl-)Y-r{`@gHm%&(7+rKOOp{i%Y-cJX> zUWW70;!j3AU2k`m&o6U5w_gaoGg_h)+YyI8(}rk^#TAPEKWi6Su6A|4b!jpmhM7Es z9PBZVlCfCDM|Aj4gueCquQS!&I>0Ww&sGqQQFLZT{A995S3b%mv$_ie-H0*T-tPjj zlIAA*AbBLuc0I4TUp@&Uhdkv>IJm%?tjUa4+^fMbPhXE!Kzg*R99ezq;DxHBv{V!e zO@LhB}Fo|rpE@ORo~eA(;-u`Ag&W2Vw1I+y3Dw_&z}4J8#BoLeAk z-wk?F7ZCG0=*jor@lzH}jQ6CmWcD%Nl+hEfs;ednN(t+Fz9*aq=`@FvUApWeI6vk#Qx-*zD57!?Ao_$a?V5 z^)m?M0Ad?=p7Rm*rg82C9`@e_R5P*+srg}aB6l-X1>HO`MBL@5m0ewz%O89c2{DbM zdi*&4w3{trp5#%(`~7}@Ih*(2@;e^$%SWFcI}+%t(5vJ!{B8w2{B zE#iV5Jq&<490-V_HZhNhHfF?Dmoh)6k%di$Dnvu7AQ09-*fPz^wovqvX@zZ_DqjlL zBZ5gh`3j+eg+z)+s><4<$vfof74U$E1!YlHn#Buv40GWu zykHy^XoaZaU}-S`LT{j6&b&b54vgQCPg_sqCDfMDG{da9Jxh5j3;#w9 zr`GwMXvDKe}%LP!9BTuL6c_zf4oaM+dZ9psz z=Aa)#1-gkjrl6g)&Cqi%ipBM5#!XEHiI-A_>woG|zGtw`T`vA!SbH6`#K`V&b?Lr+ zhH;VwaMC%}#WA*O=gJ4MXvVknDj zF1zJk&dRTKnfmy|0y&Fupr4eNVsHz#lK%VC-mqW^+~+D}v4(Io=t)GQJUI75S(L&A+_ ziX(HOw!+p!6SG|(h1s_bqzh~Q^T%B}t?HYpvtsU`BlVZ_f$AXCLxezJDWd8%1qO6X zD++EOJ=F7_Mb2vSXc!=W8a*smcb6T)odj7Q{?n8@%V>65{-VVszW`4Oswn?!+mMyZ z)b=oHAvU;0-Ma2<>S&1%@s%g#8tBm^sdxzW4bA+NMNLmrP(<7yoDCM++LK}z0V@}8 zd|~cR-J3-EpQ+)f+KtE<9;glJ9Fqi9Q2>EOaK61ZF#ny&n_p#(0Nk`8|0ox%&;Z}m zESl;`Q$wQ>3vhaVC@9AVFOR;DHn3Fj^cs3okZ?hS?}FW<`H}CfuB&jLViIRscEbRU zT5ixornP}buOM3^@;yqg{k)9|f($fVKVgsze#Ej_l;kYp6-m!TL4_hRg(V9aDNReQ zHnJAyMwu%f##V-=WV!b=A09eoPbUpyu(3WZuHI#`gxAU*0XInlk@*aGFub*CsFqHY zl*>3e^)NJlLG15X+_p%MuE983ItAWyDYJYxM3#_#<$y-C*Fb@~0lJVC2Xe$U2~%G~ zCh;Jn*)9QTghhKHa&`n|1-V5NfK~)Uk>eSdxo+Mp2H%h)A1+E5=wPn^1u@j47KEdY z{LQ4tA|~&}<#o&0UZ9EvSgn>p+)#ME$bqVu1}Uep`rb3A=wFI~uwUT~U7^BBnhnX4 zWedR2;P3iQeCcCyIgQNNDJGHU8{WUU< ziCXzCwUOPQLZnwCN!uuXUw-x)J$iu-!XA*MgeJGHF<(KjF3))%ttuN4dV|@AE?W8> z*qlBOIcUFrad-5bG*akzi9MQbv=hqfXpu*h!5q?AbWY--n=c+i_33hjksLK)l|%#V zOr`=`Fo>)o*bGw;%QQF+QNXo;6HS32D^MnidV>=gEL(t5`%^<*90OuN@jfp=)hB@p z^x8!>DRtN!>@w;wIt@$ce75XBtlNq(wo{uG6KLou;6jl%P!_HMj%Y8fR(1}c2f_}Y z0H!dL=c(~J1%yr^4h@p3m8EgL12VYpZZNP5Km^I5WE-Yfu#5t4GP1)`y4hs*!Q)4+e!jl17zM>!%%fTLTuWmVZGjusJd#ZWzUkYXE*Jp z>L3*oHjft`Ju)fCdGayL#`vdd`KH4x6X=9cu{lI>j1+=jsgDX3m(>&+CE1e!N&F=X z#Xnvr(?Nk5yyl01Z-(z5u=OraqJhb@m!DM7-4yi}CPS>=;@dz)+fuG|w?<_!kDs#2 z=^L-ku!~$>X)UF6b8sOQ?bzJt@QQ5quzE{Ae7F$BbKBVxd3m5>TyYr)=9AA}w6I9Y zP_~mJx4Cqp+%s@#tG0STv1!;DxCd?Oz+whW?6y{n7r$0`aDu3 zZjU_i26QXKp`Q6lrs8lU>C{!=Hrt54h<)fuVo5&5!@32JE9nX>{)$wU-i!nA9^imn zSkOVCQHXPIBIN6JI$Ws+OVhT6ybpvYGG}4=PYP}6fi4Y~DW=j0nY<3$`K_YpMxCCn zPrSXJS_LX>M+5e-c2-B0>sb-RWb%{fuq!V_?$+hkExezky$)cy*>D%2i{&VWfpkrQ z?}aZS=qtNI1krI?@O3rh24JC{NXZaO#X_%nkOiaJ1SARL&M4sNTjZB!RDDtIs2$KNm{$ zeQl5D#f;Hk?Wz$`^X;f)DWY^{qc&)Cqw2a5rky)J(P#F2DJ=;nd_)TT+b3^Eoi)l~ zdgVEBkMlZ!dG+JW@oa82f4rY35t$wjh&>8;bC$gCjI^rEd+PQ=3oZ*TP|?{SX=+ea z9b{_T<*3gV9Twg9MAa%-$|oINujg0(^eFpr+2@RIfq{XQO(%O^RHs;8-n(C_s6<#v zFf+%I&Mkv!DO`*nKl<&?frGy+1|7l_$q_!JbRa`IM79`YG@yXYHf=i1UrUqLtbQS$ zTz{0f`f#bC%XAbDVa;I!qw*sA>0|8lmWca~8_eL?=r6~LV@Lg6Nn|RKZ-+*1mO7L9~C)uZ-ZXA&1hC_rZ-O zS-=}#R>`?&UgQP(YUTC=!Q9%#<*$UM)tr-H)?S1AYxw%>su3sC3)FjYJt>82 z9gH0yVIPKw9ffnR7PsuWlJywr4LhO2vXqT+W;YsQty|kd;~elzFseApN)h8#0;6FJ zaT2=k#H_J~qJ(lmhyh4sCNbTeCPR|Jq8JR>y1vS6U+1_(0~5#i{jq^DdwpB89&|&l zci+YW3K)D_R>Wux2{_IkBYq?RA%DKX7%oUS6Bc#)zNv|)*NjYDc@cI5XC&J}N;O|G zpQU%|#Q?+w^5{sa#+0t(I}857s$OtVHuy!t#QwD$%^JA+5?@g0)l*Zz@Q&C!Kfwi* zKl^SPfwo4o&~`(#h`(s8;yiV^b0W!YFeIfj`f_xTIi^wated|RPm6%3{Q1k-WGy&M z*n|KiOp+ob@OGrG#wnp-gY~UJ8wtK|T?vq9w7^7EDRY8!5rtO@xxb06 z#u19vrfYC}(5CASUM+i@OboW&UamBlktoR`$Wgin;;SD$f%(_67Ohp=Ecrv|1mpeD z^u>*Yt1+*q8KN7CZ%N#cUa%;k^1XNrP-TA%EoX8o!s>H%8I$XnRDCUL`DDrc>W$Sn z;5_LK5KOB;iEw-~G_bo~ z8Xv@^ao8ZF-tjU=-u${Cnxlj>cT>#shhjWaAS@Em1jv%*dy*C1Of9J1Y9}0?@Zu*h z$L9D-SAEj!tXz#R`gd9!Ik-Qfb-O_aEP$zkxj^L9xkhCP7Rum;D?<64k~ceuz}*8Y zQG0ObJ(PuS7=r;Kazy%8(T?S!tgh4kq^}6Pl*jP1Y|b)<6jp6&Tfhz|f!)QbnQ`Ia zc>7XMHNmJeV2@23dog05AQ|Nu3L7 z7)Y`Oul;4gb7|J6D1$;*VA`pg#xSHrL|sR_0!uvmYR|p!>j3o6IDznwy45#RAQpmUr7^u7$Wr!25YuQ~ zE411M&|lcHsa*#d&Nxq1CF8F8#6K#f=X5Ll>29`0tau`R+M)GHqB|8$IGZ_@qf!5^ zVjN*^m?#m_(0freEZ(>SSs;Bir?$YtZ!7HqwA_NF%me5F6ZARaXtYU7#75kd@Qe8|5dNxE{(;oC)?w9p z2co(s**}=^L8cvsc{%%~h5GNXQk+$y?IPtGBJuS`_)N7^g_C_)4h1%2cs46q_jz-Y zb%C}YKQ(#ZFbv1K+!GgIe50GIy#UKA_Nz%`9`erdX$vy3W6TqVG$b14l}i4u;DK_CCx+{y?jiWXz*Q^`>nA{ zuCixaC?R)7sy*EhIm{zh3;%F((>KS1yM8>VYL#v5VciQNIDs_@ps z`cLWzYaUj&KaRa{xWCPRJ~i9$%|8c*_VeTTz4^c6c8W^BW47!eM|U^*oejOrF0mWU zsrS9JRtM54Uq_3d?th;T?{C95Vi%oz{Z|W<59dOYLdHv~JlXlLUfzE{?wRf75sN{yco%Y~J>Mp7-|t zzAW$+-^{RdH&^}oW&v2ZZ_f1rQ6qc&8ZSM?`jBmyiw5vhOH!xncQ zd%%YOtIGZ({nu$;U7h?A|ATBaXfJb-DkfjwV>RX`ba?inTrP2bJ>SUTtGqs*{-`5Q z?eFsMetWI*-*52nzdd|!^Z&TK*}pbfZ9SU*>HV#;y}tZ;{FwXo`8;>{noPsL<@0F> z$M?TXoR@VtnX~ern|SA|#@|zZ{u;_0f&25b^F3rbpW=uaeaJRhqU!pYEq!ODN+z5L zpLfg0<7!$%eJk{;@BQ{Ayk&oJ_kP;B*XiFhku`XF3+Jym!SnNc_s;L`T7rd(wfdCj z<+qP@C!~2-$VX<{DdepS&P{flr_YkYTFqw1N9yh~ul7%N&2;nG53_I5MYUq@`Kx^w z%ay-SXy3j2CKUsyNo5mDl6~lq0^OId}0We#lfb*!wdf!M39SCwpH@o_D@F9E|jWy~Do+ zzxreiUQ4y6S{8fcg&Ee%c=Klt}cyyN3z_`fw_Zfr>&Q_@u0NBnJmU$Wp zr=TA?##~WJa#t$Aj>*`RA#x-WP7S9}IUS_}%%4OcG-$VOv`cuIr6$YV%sK$WU7xAc zinaSK0>P-`txZ5^Xry)>za=oj(lYDZ>rnwK1@*N;&@>ADwp7uePBa63EhJY!$a;pN za5_*1d_{l-KQtVd1^+y`DfdP}CmNXse#Yanf80$~epQis-HWEO`4D<_jqx(XGohae zNy`W(NDpSPbSm{GsC*;8qnU1fy>S4lC>cV-!W9gy?73u z@e!u?%ZK-S%kStxHDe-j12Cm=Muq-UA{Bf|n!5p4pa;$uk5~Nr*(DR~!r{xaG=kq} zp+6_Q)ox(wu0>3J$0G;MsYE`K85yluG_Suu7uA_ud9Q%Fx@n=NCZ?V(UkiE_EPlpw zF&<8o#dNJas#FQ!7*JWDpxkkG8M@>*HMPeadd@`fk_+oX{!BDBap6o9Hc`qdt;<71 zlD7aIiX??5NRrne$w!19PeJMROf>&dL32goR#kNqZs1shMA671MFswBkG!7gjaont ztn=M~{8Bv;X5plZVAQ81;-C)&uFz`hU!S-5M`_#)$R9=ckx`Ufw0+CG7&a9h*GvgP zw^^iArCgiA?Z5~I7FI%2dc!4?Ax|b4;|DDBnFSn7P45;#hn2B2MA%0VmWQgKnCp!Z zkw(xkJ@X}EW;z29F%%3**LztI?+lV%i%BjLw>7H#dk%pbAs_k8>Gm2?n-0(0!Ph18 zD*-&Lo%h_$>pP+M+-7r-LtWF3T9)%OO*b)sNK0J@HZ1&#!-r%w3vis>H$rC`vEtZP zOwtgRuVI1A=C*?iNE=F_CHnq`hK&Nb1MBdH0IQjlOtApzm31%W9LXo6z$p?#ND{H; zM>iKuSQGBWxGMIr$@Mx)$mqMJIQdUCBLr~`&OnF z&ia-481@N^{_`(ZORM{L{9Mj?nxK_^9V|6H!>G(Z%eVtA5-dc`Ow?Xncx(J@wbpL>|`WsyeD%XDj z29WQX(%90_2xB$>Tbmsy(}ZNh4oK!KhU0q0^2sU!&Un%a@tx8FRVT$Ri~)dJ0h;;+ zJ>vKL6w5v4b=X??i?#t``R4-KBwW<k(X3IvU8s7_TC5V)>Y3#yOc=4(JVL2uh0`bEZfIk4}J~MX4c} zKAd}HTqc759Ss%ntY1pr9+|k=MSS2XNJFB}wzH0a8I*)mMy92T1lw@U7oFxzi0G(o zUww705^{Wb8Wo$nB!rkmkQ@m_plH|zDH8Fyc~Vpb*n+6wHgOW8T*wQM`^#R2*N|mRy{b ztbTa^YyxkbzZ)k_^KhLZH5WDR$%zj4PnH5C>swbCBA<2SdcBgM=f-&3VJsp*Jh&5NPka3`#hmbntJs~^`^tl8j@MEV4thpQiK;}|g{L)Q z88rsMTz*69+yUH`av9`keM5Fhj07aLqoKL_JPiAhmOF~Ev85r}AV?2&Sg-9;(B9eT z+`_w)vLWV7h=92B$c&2+JPT0pSg76N%tY?zX-Lx)|A(=2iq0f#lyz+Ti*4JslZhra zC$?>y6Wg|JOl;eBva{D&=VG6;FaEXquJ7M|tGeo`-M?gWQ8tVXmCPcfzU!m^;^OI! zq;%Q0C=e%~S-UC|s7aN|yHUylo{M3ut=G|jF8#YF(=|PpsYl1CM_SPPO=cZwGxz5~ zl4yzjmcSX1kOY|z{V93%{t$%40;D8SDOE>H5QC0(kK%SyGcBnx(?34%V z-5>n8{Paejx5~#)p3J$iThc1uwP@D2&yMP0YgU2*!QB-Z2(@WX<(T1)A4oNhh69{6 zN9seue@0)monH5NX9n4V+-aMKWm(k((@CDsGi-IGfDWK}-D#_uQ7bpehBRiVJ%N24 zs=`FN>+g{bs$qiJqtS9Du?GW>Z!4vsOagTWLAjT13x1?g7yW}Vqv~e!bn(28!G%;D z7Tr|-P?UaO2@w=4vdI8o)i|)x50w+y0QEd8Q#wy)j#brh3!MQ{b?#TrHmRfkY&pjW zg}J?O+XIxYej9R)a{zatpL8&(9E|1Pt5ukO-Uym8QDK@=ZRsRq;yhJl?b6k|m%NE>Vpc%iSS&xd}2{%|!|x+ank?KGx3?70>N@YU8jy6N=DieTTl8G>?}Ix(Qs zO%{GHlNZlL-F3DYd3h|$Po-FR`et?Yvt6A1;om3Fq<&KP)wb4R9Wngm7f}88Y|HtX z-Dr|<&4B$b`RLKEvoC=I6*KJf7YIRWx9-j3;P^n;Sb($a-RtL7_Ouz1k1LfgQ+u)c zv2r%zooPqJ-lDeLjT-Lk82*&2ZJ#x&1{IVAwH{(BZw#dkBGhW*FOrAD(1Jc2ctzLY ziqAN5Up@B3XEYzAi$YX$6`z*ey6%Z4t)_VH$ zGM{)TLs9JD)l7N%290rm9F#1`C^r5PI313Fo)_SyuJW_(-4bg%sacRIN|rycoC0N_ z7u6~$K@yf_D1QrMfb?IAd2ZVnSy3(4@Tw2N#W1fXJ15(=lVN4zjkY4;Yxzl5m1aSv z%VIf{ay+d`V#(-)C7ts>KKVgWQmo>h+PQpxgxC7|{3FUv^RV{P%4G@j5uCE>BPAs} z?6pQR=mr|6lAyGhlA}AOB0Z*zO-=W>+i`qZCs^9)IDM4g;=iwv9hH%Fh=t4%Fb2;g zW!~5z&fR)cA+*Fv*8-M}6Q{6R|8^aKRogedzfXkSbJ~-*LXanAUtYxh-XjRT(^nq? z6gR1?OdxQECYJGBK!N|YIX;5$eq^&%@!?WxFxiP8QiDB%WD5tFfHB5`^x46P%28Pi zq8vt*r);#OU6AY7?bYopAyihLApfq?)9>Z%bdD6J7{Zrs!zRfYX4Sgr^TM1q!Hh;3 zG_)>nZ*G@s5l_*`k{2^3xkYtImjTmQz_zy!j>(}v=QfOYodO@+6EpbfsIyaGsNcSf z+?){Q?v93P_DEM8T*mOH9h(g3CK*7kbd+>1{0)XK8<)V4gg9lu6zvUh2tdjEzN-ro zJ5d>=o)hJYQ5nUw#0gPw@}9AF5~IWosPN*Wg+{n&ZU39hDND}slH9Did{&-5E33Gv>{;35kqR7ez=#kmopu2)-!waL|2SA z!3-KRDjrjZ$?%!m;t%yC*`dYU!QD9iyZEI}x^HhyAv`64kV&(YojG_mS$I2SOw0my z&`3!_dMA~M6FivL0yKpArKLR7_`0y27#0=k!t<$+cFhDpuZ@7~3u6nHgecFrYm|^0 zFoouBhdu;92L<3NfeEZ!E<6dyDTtw39#m0k7XC9-_nW%>+`|Y+Mc#56KU|p{qAd-( z!u-s3aPxoD>d~PU6)srNH5!5lnUQ&gw`bVkFOfilVm0Wc9ioAE5|KIE;wltj7uSDr z9Da;(0l1ym{+0a>ApHgJq=f*iw_5xg@J=jn9G;oix6UC-SzqH}$HBhFeU8fD1 z2No$b;H_YD1!B0vzbs3$e3mq6&^Ef2JWcgLNAK<#fv|d{p|shtac=$;SL3hKR$814 zWAw>ebM~pG>?c4+PEj&aVGQY2PL8spE!0!iU9CLL9I>!tkzMsu5H9e34t8tg+2=p+ zo+KQ+fQzj7rLjXR1^f0)r-h1$4bGTWX2V)t{5+#!e(kdWgLU>Wv98WZ-J15b-Grf* zqWc*2!E^Iw|6P@YGK;oRaSkk7cT9*m>|!gP2bc;t^tAfK@W*B^?{GOlLeI}!$7?}L z`nIk_+ee&2h!%AAtWG=LBNhdmBp(DJLrRM_O0K?))KdcgVfBlu8~5*l7TrM_$$JtX zr(%~@s}}t5!V1{Tdg0(Q3#TV2;=8+leS)R*JqR~y7nr~Qz51#a5s}nxJOY}l^-V>0 z5bW3zbRRnbV};q0Q!1-OMnB#d0-O^T=J8iV`g9OE4OM!C+xgI5ZIp5SrTlilJ4W48 zUTMQ(x|M}uRCrkA&q1*1?z&kLvvtwmnwV7zxn>F9*ZISoa2QEa&O-mnEAPTa*kY-M z;&@u=lSPr$lG9^^!*{!eZm>hALCM{wL_`$f#@dzj3S*9KfPj?PAyAkY zbSdzw3f$RqeZ-Xe34n7Tpy#G6HR2AOg26>BCC?MqILsv@D}*}t!~&&=$@%LLRq)z5 z9sT;dZMIS+V%=5M=si=jxK~bTa!Ypyv0oq@5#qX+;|_deq%K`?tMdhz9SRTAvJVe} zkuo`GEU^e|rjJoMU%rX4V*kJTO)dFYp`BkwT6hUsrZgfsIgf|}J*;Wty z-g{4MaE@~2nehy*OGenhl3!HPwJXKd@(d@C?6}0g#B&N?hdiu|y@ny1UGVID%?N zrHqDn+aX~agKMlCPKf7V&5fMWij6`#gI#$1Ns!5#*w+=VBIu2X7d??= zYHn`~tU2S!FH$WNF#4v1R=4v2#`%aEFQzWZW7KSThvK`VlX?z%FkS#_Ivj6AZUIQZ z7m#v}mQb1x`&H?Z+#)=ccf+D7(Tg#$37+TAnC%*9~-yJEtPW^HoEn}gFE1poO{R^Y4b`aQWi2iDu5{WdqI zCz^o2;2pkNkN=(T{-y0J-73WF(Y)`%_B*_xnq`gOT_7vje3F z&U!JcA0);^uH*G;_W1jJGt~EM;gUuqVRL&kk04d2y!=jcSqHn^(nI--@r%Eww)_%f zuXz2`!*O-S)%WEn^~bh*{k*w+-u`@8zt;14TmJrmjl~*ee?vYuGFts_UKq=N)WT)v zWd0uk#r2qtVRWzUnzWyQVp(?`gCLT=Ytf^Y9~MZ~@nFIZP>jLq>vtSW7Lg|#n`6Wu zc8QL9eVvtw?uL%HEbhgg&CS!lXFlG`-^dB8pYN$1+gEQCx|yGWGXz&Y9}`zSoAcz2 z?>T%QuYX;NA3tZ#b-vF-uU$iXyuO^Ck32ixA3Rf|<)w#o7JN!np9gew33h)q`5MaA z4ixx0^%OhLMO(nCmFU!xw24Cc7_s*bPqTyA|I)3XsZ>T=D0FYxDCKSNiCE4eQZ{|fNjpjfH4(d{rE;h5wn zVsBs640hwAF$o1jcY?9T+J>S8P6lpZ_Q}arofkI?z&W=fHh;_N1d*;gi!;P7Focp; zG`SQcaTbNfHaR@ypgr5AxDj89sV143LA(BV-Tm7gZ<74*(*N1$xz38gbV<#U9vSKq zI-F4|=h;`Fq+)` zH>>4*#;DJRGxKN%QOhbhdXx!8-&g5&K&E*m%8Bf=3l)*CfQtc-BXk^ue>__Qbx@ zfB{+%g^>lSUtu6$5sRw>GAR|PX5~W43>t6(?sv{|?{8j-nSp5h`!yqtIb^u0nTNu- z)&^E~6(4pc#(=o9`mLWM(f#4L%k9lSe9vRb|^6a5k5)Xg|8pu zAz(%TG@-2F)5ZC6{8^`am0lYS1gprU{oLKt;9KFcPJI%nR0~zbDG^wSl4#Dh6CC;p zx$AZ?B~Pnet@H+?8yIy<$3`O9o{gPd3XfvR!i}RhWwI9#q{sIrI`!)BK<&jfdmYAl6ibLV7R}TW9KPa z3+mQm2MtWBaK_Q9_rjO!gMJ}9_`4K=9TpFUXLkTO-`XE>v+iaigPCl~U>4K>MY=Z( zHiN*Og2|!52$c~2S+toBz!;Lew+eDNS%H--kc2}4#SR|H5u&bE+qk6DnfLSE7!QTT zScx_OuAS4D8-Wu2$BtZhf2pNHn^b zD&-;-zQa~|Im^^4d-^ztvdYW07sU@VfI(<54zi1=^4vt%ri-u)HPb{?T}zP1)q7|k zPz5E6#tK$Lu%;5z*{hXgPx^`K20Gkr)cRZAMPIYx4@pOO&D6^Z7~AZ~2z1ZT@=*&d zZ#KVkw7k8WJesk_y#!T8yh^>@iAMf1Bw9+Cg4NB}rh5K{X3-9s>AtPh8HB7(o zb1`vmvXl4PHi#EP8M9MC@gKKhH7db2SC$IGt--6roWZV+YO_{VyI4geW&f3AQoREc;pO`fOHJ{0Mu+b=eFgg^uzB|0L{nM~l;J zc7vb7<@X{tTH?I@H89fE)Wo?&YIFG1duNq2MPzz86QxFOfxV05VK^v-DWD^hABN7M zBbsdf1O>|y87R`qF+ZEtV7ddC>cTd4ImlgxRhb+2cA~Y3^W~wez__#sE7fw&(`;Fn zCKLlXUe#;ojqJwyJDLW;Q>&5=x?x?p&NWmV z(W4*qZ%4l;{AQ_%Q&Yad$50bPn^Rosu4w6(sOKIsy;?2G&%NK_z{*>};AA{;Y>>d1 z4?JSg7<7L#54met$Auk-nFqclGpTeZJ2iBm(3pjPgkr#MiSbv$s-#;1HjWs7cunom zGWeVdih-az^f(@nhFu-e6_1+s8@5KRVoO+wTg+3fON3xQ6v_o&8)i`=#e|LA%bd)U zHj9yI(<7GgS3%fNKe;+kCkR>?HocjR)i;GDO^yjR>vJRq{Ng_WA3jOyRH_OPg5PEi z-NiiE|2LTm$gR!Q{e4s&2dzIv#M{uqu#=3?W_&_Jx@5MD(P>^leK;Co!>z&R2KA5n zJl)U!K#tSJSZEkIM->cuynrJ&g7@HwxAxM{i6XdEG7S>k3SBVZ?~iy-QoZAJ}$a_l-_U%caY%tD$$3A4KOotXK`Wo^Q88S zHcxiUGt^u|J8`kC{U`S7ZXDFj)u8nH2w^k)^jR3ugJMsLHW3wa@$_)|1B;0~#>haS z)!Ti92cJWVV+^q(IZ`9FgN2E-mhyz!hfQZwPpplQv$OjOz3fX3y=@QR#>Nf3S_6V` z)_(m)sF9+CwTq5x%a_IrgK5ryD=$M9;-A;ji9|KQCV1GD4nlsm2I3B6J}wR%Wp>J} z?gZG-;J?n{z5qDoogh0Y{Y!LJm)_%blI0m>(l)2)y&D+~xatNSWDJRP;s7`>h!8J% z`$Nzc={n}0?Ly$_V4_F>0Gt1U7S$V5z2{40@s2NFUBbt0fN4TAmtOJ@;5dl7>LFF@^(r^CQS~el6-+E3 zszf07TKnVA*V+9+JyhK&H}6ABBBNS%s!|j=DK-)e@dE8M%6EBaii)Iy!Ns`fs<*OR z#qkttk)#k3Z`lh+_cmniC!@ibmN-qQ$LcHu^Gs&g-p<_2>g<|N!#Yv6-0kc&;TpnC z`HrC==;Z2PU6wg4(m`uuS<@tW0DBJK{mAZyUuSuE{=$5>Mf6$w0pvwe;+bw zI2uWHF!LD zmk1!q8)>qR3|z<&ZcNzbIM>Tw zMTi9JF1(;ZTMsctb8EA=-fZq!>dedFbJ=u?yCoLCcoo=7~1Yg z%{3c1mI$mCGi+iJ+1DbYJDv`)N;0mjKWP)i*bSnHF+(I1IKFAM%uUXkIyW1W?Cs;n zCy5aOwl3QJZE?^P2_Y_S<-*|eh61%TlfkVJ9FNt7TOkHk~2amY2U@ykr{a9g8F<_)(AWU-RpFuD;)ov73kl zK5wtj0{q_}HQ%4NyE8_=z7cUJNv8gP|AU$3Kk`3VI9XZ#U;m@^|5C^_x2Qmb{L*g^ z=>*|GGmniK?10P+YVN=D+80S2+Gm{pB5PsSc*1*{irwlK%B$jG2yAbh$R7&S3==S= zUv1~u@NY-`K*%~E^?bTtZy7dy@8|j7Hap&PY8usTu(p>sUyeUJY`!N_^=y6I%sTXZ zXNItf0?r}uxU0OdCf>mLRXZq_M0xn$B))z%i#-o>{E6w&rsKZgNxYjOOO_Se@@{?I zwYKprF|xIO-c5D*r}DfzF9)+(p=}+t8Jg4HLwz{8-H!O(Ce_8E1V0^Zdx`qrA_%2X zj7zs5NGooKZG2a;ABP*Ve1oi=G7U7k`YFLc!MzzDvwKq5IX& zo~d#CnSV8_D?!`@hn=uSXBjf*&KFb{M*O_Yp#c-B$}^QhvWzo!qE-graoMD1??ziP z0?j$%v!^2f=N@`HV6@8}Pa@ByvOwh_RnbpR6x#)8yhWTTnd4JJDaSdwNx977pp@X= zT$9?d&VI?&sWAk6GsuB4a%{tPc)Ql&_#Fcgcki@B`C8!RnR%7eMVo zbW%{qzY1*`8ntikDw5S$r z#=lSp4|L&+`n&kWSRbsWYYByVZ2ANf#YE`CC%nzms`?NMyYs*frZo$4@5C{pUS?;j z3GrlUvNQa_0LTi#s4WQ`@O=ZtOww%-nqDOtesHYjHInyWEVbV2Qo6Z6QD+YURT36r zKio*5L_c;v3hW4RHeC7ihAzKID{O?+are2cEIR0M;)?VePva(28T5w_l*-U1of2en_7bfKc4XwNHR+kk zkhiGpHU#XczgNx+sKm`$#D>15S)m4>M2#lGsCe-3k8v{U+`hi$$T=;i z-dw+NvsGhw;9OHY&?BdwzaAV@d*5yQ-jR9LOLDAcv&W7dK0cb=vKPWPO=ayybYpe; zrvXoKHzCvZkq)Fu19Mz(qj`Med5U_(+s9Azhx6Lh*es%#>auHi<{*%fV^cN#xzH1i0rS55 zp_8tqA!(oe3S(Mw+XwL>SNwHpR^H5|2BsI0DP{aO$K%8lK06yOX+qm>VwUwEn!c4gkNshA#RrbvLSEPovccw9Bj$AB z%K1T5#i3UnCPMQ2lT$}aPzcIi=_CoQon*Lv7ntpsWE}{2VYNH-<6O450`um0Aly_g zermDnRK$^B-b(!Sj&^)syEJOwGEtHm_L7uep#7x+H6$&<(!uG<( z#ZL6ySJ}56B5urg+mJ`u@%zE2T`Jf8V`wJmy(h z2?{ix1kwffo#ln9gim8pu?);qJD|tJM|)L*psY-iO7`GA+PhUjlV@(M_zmbc+amwp zP*wxMEj7b)%g8vGfnYqZ6lFh@I8? z!o7MPelj_^8CE1$Emv)Ph6`{n$pnmAjE9ZEOx`!}+JczaUry_eW;ySaBzPy>97t1a z54}C+bpK>CIw3(Ircao@=vB(Ve0az7j6N&cpW{gGEEL_rDGFPjpdup0j`V~ymy(EZ zT7>A2c@ZK?|2`Zso&BnXUMmo(1iGS@SSNUjxfp?@AKQG&=mY^%*9#Y-tdfPvkuAD@ zRA{ZS2Iu5nu}NAADOP;UB8Wu}T1}X>cdbjJ$(^!^1>Gh2!_ms2?a^fWE4@uGPPs<}MqRq+Q^!$S9`|iGH z5)EIhl#0V$OLtC=UG<59#XGwuUTyMzFdXKyJp@6IY_U)+F|bZ%Nf1~0&b(~RTVFEm zK7qz5k$m4C5R2C&Og0Xxv8jXF(}<87rOEJyG3F(Lc(lKIJXtQP7u#bHkh51WJ6&S zb~blVP=h$O;i#0owj~kp>|;|FT!)4JOy4dDm}t4>8WL0 zvj*P=qM-inniwm8;UPxXhAcGE%;PS6nCFg_jP*?RKVhQ>Q=wjZ4o0`zRw4%vZ@Fz7 z0=M3!j-zkw^<5u34KECKhS$gcaCVt3BsLt3gM>T6(BnO1xoGlwOK1i{5t%au9(R5t z+&c9+V*T+Bj*F40HaE97h-(E|i>vk4?}gY>u*+NF5Fh64_!L9;Eb?~ijBFlkHp5}^ zUpL?+vnPgXq^++H%Ds!K2qJ7i%`mXAlt8yACswL;djRCY^pupwMACZ8*ld<{+rA;U zazQ7!U^Y%YFTKRCrB#-tV!4w3fs3LBm-{KpdxRe=$#=kM6pUrns)P zWb;;7KNP9t#nX1G+9C2O-X!o=TWYK%cP_;ZHRx@v0u=W@+Y9@!%DQD7Ed~fo<}`%J zQ*$FVG7#xU)CW0wR&5-buk)--n}l2dcd zLuYOMR|EcFr8EkhjsW z1Wflh3Yd+H>{~C2KbmLmM7Pxom7xB8PQj~1&WJ;I$0qVlcQ9Cw(B{(2cETWGjXqS6 z5Eo~$K?8l>EZN}?Lc#>Lj0$tfP-!`|-hDDGpL0C4+qs5EXztQNYJ<{!nO*oiuQm;@ zfV-0^aT~vItW7w4Clgoo?#_Ob%vu(;u*ay>I-fGK`)>gKnYYO=<|JqiY|x0YpKMT_ zSF^p|C}$|9sBEz}u_we7%`oS}xD6|Vu4PNhs^f0^`MP~SRL_TxRgGp5P?a_Hc)%X3 z`cWT|Id<@kL({F&$OY<(#kYmS<4s{R0^ap~ZX=NgI5he*>DF!eJs)(6$7fiMTp1(d z@xApjIdYnAW&6Rs8m_Os32RldW*fQm{;_=JyZuNnH{)pAs8x_`;RdCp+vwaDRDoo; zy#ALFk>|ELXR_Y9UIoXb@>G@;)+Do({iU-oX-e;|)=3Px$#iZy`O2emLesXr?r4TX z;N!jk51}E&S7EdD;eN1;-~4atF3sYxOL}J@|A&`kt>x%uI6xs9_4V{fp~m<8>uY`a z>T^cG`{VOGHTH+*y`1ySt8o4eoS(s$_rD2g&i^Dxz{1JS^go2Oj_pP(y7%)>kf2!* z%_kBh0>mEWxJnQcxOwK1TnOe5=2-D}Pm%;lB0k;>9}1aVy)KEpTE^}%+4b%x=ZAx1 z0V4Hh=ZSCA-yfX!awY@EXJYQuXJ8G1jnCJ_ZqKR3{M-8szHiSgKlh@qF2P$)&K6$G z_siSq(IJoL%Y!HNu(|aD(V5-scxZQJ?9J(II9nAS{wK-jf%RPUEqdnua>Y;~_M2vV zE`};In*00L(cxdEv)uLJwSo88*TS-acRky7JGc1qOT90LmkQLUck5WukzUYkOx1-qk}iaql-NMj)k7xB{-=y)y;cDQES!fJmt>^0GQ|5 z+?>C)Glxr8xJ`=Brz_%Qb-vtJEEbl8lNy>4-WS}ZUMJBR8nbOs&v0;UJrnAuGxbHt zQ(JPY;G{dz{=3NgwGOfI%uVX-7sa4 zy3UDnK3oT{OdoM7;Naw|cUkXoc!&HoKqv3&6>fR#9^%8T@Tb@$z zs5L^N%`I;WwMq#HsXdZY4?D)P1!sxpI+j~Qb#d7H_$Z4hT+**ZJOmwp0^>T}fIUa> zOOOVKt%bq+yutejIAv*Rg*6KN&fJA+9kD8{SXULZS9Ddhqb_=VzAKV+HA_KS4_;1% z%3-s`_CgrR8{1EDRQ1#G{E}2l#y8hbcd4hxURNPRa7!)oykRm{O?$~&!RHkr2&fDW zo$#Op_mG8vA|YLQ@2ICUiFvRZKY)t-7gb?(2|pm@z`-XmFV=_XEjAA}lIhw}DV?Qc z4B$I~kA8=L#wTGJJPWOV-NNe3H}h*i-Wa>p`lG+w;LsylG1-pmW}9#6hLU5WtF-!y zhA65vOU=D!_m+>QWWtI!iO^iJW^tHvRGmU}{ZY7&cA=&Cu#!r%`&*s>tqFjQ`v9^{>A?C+T>{_qFrW8i3W z>7w@0w(JZcH3*BgaX!G8G@ms;u}^t&W`7cR^o$g5_wdFnD-lvm9yu8gMeV>hcJ<@g zh=0JU5F8j7#hjI61c7k4Y}q!AqIKIl!K}HG*K!e%<*oP(ryH%u(UU zYfG?0r;uhSj=6hC2>d>^oWw&cs$lXB)QQgDAxjrAzVTTl*R-lvL~A})KgkS&l+wTV zYesS#Em&r|q}JO03^$C|*nty3>>ykrOli~E3{fmqEd~&4;@`|7=ue*hI^4!g==FmN zhlVNYLc7W`-S^>jUf01=!jm)7kyF(wr#sRb;+OUN%z6;Yt1_@h=W-#Q1YC0WaZy!1HWSoS%f*i?0xA` zF8o-pw&KRi_fh_0z=jf}YFran8fgR$QFBKE5)8$0XpwYE8zdhLd9MsgUNuUBYgru7 zN^n%U@+?2%|LqVlE|vfxH7ce2l92j}a*h{avpWY#rn-ZvC0vEnv5;PRd63dfwb5X2 zd8D+H4R?7v$2N=EpYcfur_z$^nfYR%zlIUDE{+#!gSCdlU7!S&ybpD17>r>*n~$Dh zTP;Q^2*L&;CTPRTsSGIuwpAXC_F{Ddt}FJ@O2x;hU!D=}C!Zp!BSNHY{!j2>V#)1- z+d5UO8tp3VAUAgQSybZS7vwt+rw7tg~U8}%7N zmtt-y!lDoXsz|L|z})TWZbw*IvCQg1DxUEANpsFgJ;l$|rOum2ow_=yDW@+}S|<6K zAj1XD1N?!<2>ugnj8idz?P`9f$hKR@Vh|1{j+s0P$F!$v_`I}J(oK0sP!mzmKqw;g zu0QRS5A4V{D!?Dv$vgI@{gE(MpsZ14I6U}o z68&hBzR?Zdl|V~v!V5rPiBg>LZ*AzP;3p%g_MRwc;UM03c;11ixsc%!A@4@;hL!o( z>N=^wq@k#JLMLxR%ph?3V9RQVnl*AFL2m;rdJATi$*2Q8H*ynj=NYIlGS5s(O&6sd zVFQnz&XzGsB@Bq$V`$RZAYrqX;$4GQ%XF`BZzR^{ga!xLQF^-@a$93q=m6&>^hv#;lITsjpfm=pDKB?s6&%j zS9%c@wBqD~WAb+`j9;)$;9K?B$3juAQ(#}RpF;YCKo>Q9Ac zjr@eVC8EhrWkjb-OhPH5nyVS8F~zs*>q2vdc(o>30t<2>XLAw>$Vls0Sx^FgTY;al zRUW-m9;b+2NjMSiimXX;!|S2K>N*WLSxBNF)sx|`fkqA4SdvvG&1ffvA@*}5Xt4v|$1 zJKM-S2Cb3i1;0A0fAnTX(8ex;O1pgoLt3J7fIvjTv;i2A^{E#u3w&n%6cY`u!F(@T zR)yu!`4xTMu;$i9wy!l$0)=$KcD{m9;8nTvB^JfS42a*ttcLkWTip;oO4^WNb2A)XM>TM1Vft*}sQsnYD*!%at9 zVb0y+g7r-wWc%X;x4KwBF@+Y#wz2AhGb4JuKn&|;8Y$N$1Ep$sY$3z7M|9}I&=C!y z&^ZD*BldHMA^~vF&lu>zt&6x(b>cz?ERxImc$CsUy((H@Zs*nEHmyGZ?0T1#R!z2; zn^@s_h?X#qOp+;BYLL>%GzojD79b-bOz@4@SI>D2Fs>RS&p|&^7yaw`zWqoW_KjF* zXAZ}^;ny%d?oPFp{rt%Wvl~WO zUL+S0{;$|>)*=i7^RB@}4^w;Y%@8)9We4HOL+GN-R&!P4NoZ-dVRt;4DS3)-e+P&< z9*SVBUx5UU0tX90%zM!95S^n9R^!~}KF|dJ&cQmeaf>1`j1{F#u=}gL-oN}y_bOS| z$yJK_OAh3O%`HoEjyoxdiIoMRBA}Qr@u>W{ONSrd?dEipfl6TeR@LL6;ZYEBz48EM zg!$$}(Nns!8e+$obOlj?xdBmv+GsHH=h*XQR)^n){UD ziR2y5)<#a6v5^?BWoXZ(Nn*9qPD3PbAgmVksWMCX`9)*5yN_uS*D)4r^yoC9NTHXG=EONHPC_dxhHW?MzSMC06Or@K73o8zE%7bOi%7R(YmThS{R4pToy7f z8(792Kx*Q_S$dSGo~kkN_mn8NN`Ly8CE#KlRjz4pwXUkWJal(iNrP20pANQ=MuB}U z011>|9ZnkMg!uyda!It%=Hp^=;)_smIAy*@OjLQ9<9ktgv^p@ZAu<|9g5w-?ZS7}L z3;9f{^bV64Jgi*fPaTa6MNY}D!ek5%2i49Y2yTh^$0Q1C-vAEp-;(?Jt?nmEWY4OA z%i;sUF`QEK`}H%-huWn5M<@XcY!S52fis2XElbnC5&T<^mx;ce4|jkk1+Sl45rPr2 z0g&g2d6%L~R|%L{{U%GCU&GE@_TUVt>vSs+Vpk2iv)1Y0T{aJKDyxf;**2X` zPjTO$^Bn`P12sAF(Tmb}QA#?gXHwQz6)&w~-&%=ZGY?YNG^aA4kA-s{r29ULwiY7- zSE>vwU2YH2QhPr^eK{=t0?(vPhIb!WexGXJqxIc%921*Od9eL)T@9XvFKVkU1>cR^ z?dPuZkmEexZZVpUmBzpzGi$n%*Q43x@57@*0fCZ)P~!QX$Gp@Dm2%5~rO(aza;Yj7 z3ke+GScb|73-lJ~3$XR&j}nd^ydP=ZGVntae*JiFsrm0wbX$V255?ne;AKF6>Hi|F zS^pzm1v3}R|AYwtWb}XjQD4{08nOGCZ2d&^bNQZL=mevH*=NSqLNHgbp18jW&Y0(o zV`Een^B1~wYwB!%k~i@~DDG#&Uk;q3;)MbX?T7@b_c_}LdI&m^iRHF0Z(ld}dYRwF zOH1ot9RtU(r&(7$44GFm9W7Hgu{8vU3_nfS{p;{3<$oRIlFO0?Iuhrgf6%=n)pTR! zzGZ#y>PFR8BL?c$?Ui&NwewLc(xOQ9_;7W%Xo#>+wW=~h5nuDek9J!`oTefN*$0ny zQ;%$gPdI#S@qPFPm#7&6m^NG95cZWukevmU^RM0RYhN!4=c;5#f1)!w@!rZ%^V~S| zzQ7aeG@q2)vn;9kO?{NM4~Z(3=brymRN}_73)y&)H7$zJ__Jz8?_=x(iqUn&Z9l_< zCGa9-#&hSko-etj{z;)eGQ&P~-loAB5>>*!gzGFi~5vp~iA zsD!DVD&z2TjYFf=%GJVm=E=Rz<|J8WBZO}OqR@N>*Tsi*mWSqN(d3~AkX)!KNvy_R^w#gB8Pqt%Ko+S+YM4Rz4Xi3n_Osc+7={|UY$>UM z$RpOU5BU`9gK@6)6WXt0HE{G`&oWOod8LW`qhN1a_U@AvxZyHb2phw2Z2jPaw+X6F;6qZ9} zPCwRJ`z1jzs^PVF>P94xcRh=0i-btuzcAj&z1GO+c;5LyPD1S}xNnQhs~X7uswNyb z0M#Ny3#L$A#V2zo#o)q85CvV85NnpSeh@`0`Vi%oFs_d{z_=kQA&5u0z;V{ED&nnH z;!F_eU9zeNjFa|I9;>zMigHmfBoC7%#OyULQ9d+4sN0WfY=nxtnTvHRh8t&v+y{>V z`1c2qfy1yVTm%%Kz40C{q-eHosJWo8PIaE`j^ys~=P8Nuy5%Fsyl|M@`~!)IyS(hY z&ck_X=fJbak~3StM!)(EF53Yi-e@YV5B@OPRA@JLgS?GC5JC<=B4%yEW$m+qgcM*P zBCv_@mln9O2jo&>7NI}3O)Kcm+bS(VURY|=PxB^MWO%x43^!|aOh6(QjH3PnXYYbfoWp-GGJrwr=^ zi=@Lsv4*ty$} zrpL8{3S$q;2?hqah^6SZF11RSyRXeXg{G+SGB3y0$Tp6npQT(|(A2?k#D#&XZ@l0X zl7{>eYT}2mfa2Cj%ifYN6-Io#uk=79~@@MyQ>l&)`$0%Ve@5Y&PZk}rgg}a=2S_p}Y4NX5XOJ7kbAe>dadY&TkGVaU zf*wAK4epON8C0TLx8%%3*qqjai&}PpoEti!4R+fM468x}^I*ec{Cz~bHi(I3%I^kM zxWK+~+-ffSr9sioT+j|~Mxr7B$ry-FwoA{-%`7E?CwTJUap`$@H95sXM?PW#w*4dQjl}!r2LY}-IS<`Ci*ynR1GpBe znl?X}`Cq?@9pYIbCw6;t(HZ3H~?ik;Pu6GHe3Yrr+Kh?#Pur1-%*IO1RA`-PfSS;`^h#Q9wLTgi}8yVd|9t>-*isx(Jfp zyC0A;lYtK6*S~_fKNdfda@?h+Zq!PUmov}y#M{Rts1;$Y|SHB z@PqKcQHlMJ8;(K+bU|Zl@}s5C{Uv|=aPS^kTea;~Z+cHr)TMmmW+*x0yUy3=hwkgnj&ZF>idaHfm#mj++ zTdHb&goraqsr??2)KVb6rRSOHoOGvwJ4TP?=DYc{idVLoev2_IgS&1RC$Z zGoKr0b!rs&EzHh-axN>bC-~4+IWsGHb-}Nc)m!;^EktmGEVskn?5Jn+9&9rs_!iPD z@;sop+b}TRBK*M*Quo7wA4KYLN$xtf9pkxc(dMgdCF)$Szb^U4zI$iJ({7~VdvXR7 zAlF5XJ>T?#iFoIJ5lU?}Hk?*T^ymwP%Pt`}Jy!xo%rvQh+bhpMpf~w)RE!cS=Q8Fz zlZbff!l0}#&Or*f<)Qay^sl9;6sIUd$E6q)Dg zh`-4Aj7qBf?U$~OahEAniVroQLm9MZtwK;V)z%#*4m*lWWA>{9mlvI;HOaxkE{&DA z_HntV6xpWo?UawOYU*_=dGG5UPCf8_Q1tlBH(fhF;jT7ssapP}YC4>IEndJT--diR$;YS7pF*&fZ&)o)cic~al9?_zV9-V;6-ol2bf zBv$-L#Ix9{+}m1Eb!w+7=56=;kFCPApD0+A}2E?#kqP{#wEaUGWO!>j4&Il7z zn7lN!ttT7un51p(jVTh2yWgaxJ7i2 zh=`Doh~m!O+xPBMJa}-Qf{KcUo|Tb?7Dz`$^^oTwkd2*_i<6p>_Yp70BUTPhj^AH$ z<>t+sM7M~@iHOKKXsBp7{`PhG5kPwDD$n)kYgd>7S4pp2BfWCj2B7=Bsn@RHFTkG{ zzO^^6UA=M(e^>J!06=i%>ecInw{8&LymtM{4ZxMF*RJ0nB_JbbqF@$?yGcp)OhZ#^ zWb{4|q-Oj!W*DY!kNUtO_*mM`DLVGEu!w_WX<50@tBPB!CM}gRzJ8e){A+3cLGw?F z`0~ot>(_1&;O~i%;`w%k;5z;yxQcJsANQ`2s==Z^laW&}T^BI^aO2tAQjlHCHYGDq zP<=;woItGOFf8VaD1$&uNql!Sg$B( z;C4qcWc?87D4{IxvalYAKf;>1+)R;V%T9rR`PS2S1H+OAfv#J?E3j)uWV>0Wu!05M zXWo@8X1PcOX*4t6h;Z~`!eJzbcm&GJI{Cq4;WDd5R;afkD5@%nC0=Q?OoAmils#ti zO68TTfV}<9<9=yBFLgGP9Clh`ba-L=`(8T^lza@3&+Q~=v{3aK*=J!?(fXG%wP*@? z)~W>6r>Qa$mjD3mYntBhXUYm$>Q1%>hS{|uu%!=~Mw{P3gVQ1ky86;u0c24b-5ilD zrU!4%uV9|)WfSSXVtAjk21UINNlTjD^9&2dP1Qf?>I=2CQL4RbGU^y$w-8fX$Za?f zFdW@+-uL|iAo5-)o~BwwtH)b7;(bmCYXH+-p|kNRJxd*%XB^==Ks5)R!-SVz0Y1v& z?YJYYv0d|u)B!m&DAhXghEViUDBA6f^+(Hw%*>t6cb*PnCj|0TdOGWxcAeqDZWXq>t^fun{Od!~X+4*wQRsf*wvL0S6q;hDlE zb-jrfyy>gzWKen`@9_}{uSFW?l95L&&{xhGSz%`|VARw|k~A6!VxE;N$VNvyoOBUv z6YzL&fXw^+Xspe%K1~jrRIO_)()M!9q9n5I{$N$RN+w2=*+$(?*NJF=odWavE&)O+ zWngv~w6(GBdek^;7#18u+Qh3@6>yZj>UQxh*2v`4D{ylZm8p}q6F7~MNSM85aZRgHULn+fv}mDHByZ{Y0E}?)qRrf8n=$5qp4G|kIS-%J zs{s!>(H}k1bcP;}VkFY1uUTHbW_YBT`I$=nJ+8gX?Tb@5uEs7|8inM8nxGWzdkY)E zuA3cht5MDWGjRT&dHM=*kz=Zc(aogP#;4D2pnEdVM4*?g()vQY#M(Em`>zr#R3rJu z80=#1|916Si|od&&nH^%z_c~vY8${#ClCT#hNDBqqJn4iz>^M;c$b%h*LAw@sAdYa zFWtS_L};d~_M({}!g|$ueE<}`pBy39;^Avrt9Se7%iuwxZqmrL*H^kc`6d*{X-E?) z#!O?7c>d8#BseV?0#Hztd*sE{ZdF2kh2SNS3IY?I0B zuY=2cXZFK(1}m(Dg&8m(M(_82R?$)3sr=9tBWwPwBlO{T8EY~2>rnjR9oj{xPOoZONd*%!=xmEA*Wgu1aWx^!u{l^Y*MH_GXSuz+R#mR+wa=y9Ax6LGX0H3=BS{-jB)0j~g z>qzzTL#oR6C=)@@PElr7AkcDOr}#(`n~b}PT+;ZR4UI1u?cGpW0|#zP#Rhd&;sjBozt16&K4EG0~*mzZXhuK(CltW+W zfRshW(zp9fSE<@1vSf|}Ym(xCcj2m#`~zZL@jS;g1L-!|KdaswT z2&9TA{Drh~Tz-M;>R_MA$!&mLKZIyeWg4;d1lFEO17igx+GrYB+0QvcsM&qX?W)Oe z8YrMJH7WIBdJ0D3!E>Wd?KkZ&Ms-1Xqcd5?&D3rCFddF0c94N`yRV8}+6%_v->wpW zl1sN$L%3S!Zio)FrHyvLwcFM#P20%Axz(Q*0n?31)0ApohB;tIt@_oz&b3m)F|p`k zY+!!Dbm0y>lxo-`MH&YJLQL$*YeLuZ`=s8#xykUEB5G;9QOq)1_`{b8S$lDvRINVI zohfx!k!hGog$hepD1sH*TH=MKE7x!J4!s0qD>h1b$VzqYSce}|5eF9$2iAg3AEtwF zh23hv>mIdxJa8Xf60O{kG55T8n!@{r33}|dlxfV#GnL?q0~FkJ9Ks0P1FQ!7qytuL0~Fk2AK0@+x+W?<9jw40*WAq zcmb0(D7M5#e3fv)c$C|Ddi5K}c0;sV@5vj0kNCzGhwTyPc5tI;M`309>&^S|=!2!6 zG`qW*_DRMhA{kGyap=snTf45$YsMV!$ZfZLtvqqBCe^!<&&KkE+Hd~RoIFG*E+>=_ zsO21ey!Un#&!p`q^!);0U0c|Y&J&+Sb_Q?b-_#3wVQIn{s*JS6*AbFsA+puc=GWP# zhhch++i#8X>Bkg8Jf7ML)#Y_$3G;!vLT)|2^CT3hz&zEjz}!OZWqwWsV0(!W7t@HM zt;l-i5K?4DHep4djVZ(+)kJnn;F+wLSh#^fJBs4t|DQ%tg6H40$(IlvBvU5-z7B32u_fdT|LTU-oI$KEJJa#CH+lICth}bQsmU zke7rA#a6Wr=RYCJ3aPV=tZ0x_&3nqX*NE|ceJq)?Uq5gdecYK4YmYgi-bMecqnNOe zfLFgNQF%=#dL{#-)h#K^?n7Z;ZiCHNX=$HojVfw?mC389aOQ&H_nPA<5|=W%$*OtT zuqJ7vWO06c`n{q@TLSXh$TTP8vvdu2gH;cOv-w>wwKbR2E#O|*l$XXd;g9xEb%aGu zE^CiI)exo=$P>+NKWwQbw)Kqj1>U@r2eBK-KGDiww=A?Va=s>_ph5BYlL$Smn`?Gq z2<#(b?gtVC@|dU5IVX0HO_`?}rL&JQB)H8EONn~^Npf*a7e`ylt!-drYRu;*fs{7B zCDZ*iC+hHmc{p}c2c^ojC8 zdALQ&LOt3jT8q!0rymn?^+o{G`_Wrl67jc==P7Zj1Ah=Y{RJV$q*bl<{Nae65H4wY zv=N(zj)0C#M-Od8w(BVs1`B?na%+$P%My9r%rx0N4;Ny2cFRdCKB66}$@@H6I)*Ox zzqHA;6A_kbP~|oj^p_F@bsxxMXI&~H2LzD^>aW?Gsd$yK85x)a&ewYQH-wde3wt5C zFIFqBV_)_rfCj!_uVQbB1kr{#3k44Esj!z?sKLXUE5iI8c!8_zzpL7Bu8&3$uWHwG ziM$R<#T6BtR>RwAAj@P5{W^jzFYD!1=zuYxSoI&D1z2wa3akC%@3ful;EmO)+9Kl3N;F-%$F&as3fX0o{5~AyGKQ?m7+v z$0Q63;>>*+R8_|Wg_Yjr9Xm$3v%(>^JM&MtJ&O6HH6Usdvt;^LJ78vRd(OA@omT#U znENjv7Or_%G)g&I^;s{#U|B-!9*srVcupB9m$Z&dVmGJ6kw4tbRmhx+>9k1r^kDWb zsY|v=*+FdZ0Mtw(Lr@Wds1*Hq4{!P_qAVm$CxjAGlr#}ig85a0;#I%s*y6YWb_Tl@ z?wn%aD3`BH(j6xj&^5h2r1E+Qrxnr0Nnk1LqaPd^9WGMbRF`c%BI2M%Czo2CvR7h) zT~I9Gk|G>s>VtRlaU9ZAq0?>;UVp`057}ySa-Lk(8u?54@5Zc0DmMH;Fs7JIt!I5z z_2$t{R+N>6@WH-T1+a-x!$b7qV_>C&mW0rj1U}OgG4XXyT&0n^rj`9^33ZwD`wvaj zCF}7Jt)EoBz~gcWYCJGaB(@hTI{tvc*)L%5;LgUH>YTcOa`tAy`~J6lGX4`+s-rge zg@%(sPD`ZL!aVVE26=KL68zLv?ir2-FGsb|5sthPebkXTac$rPRHk+Co-ecD%doJp zzByG;%Zh8Ez)$gd>%IJqU-Zj!U?O@^UthZv;v%$8<=^iu$eUXgqRcd`W(vn1Xz#=1 zisXAA2%e@EWmMwV&-LW%g%JCWp){|M(3*XErwc3GuwzY6mNdvlb+|2vZrR2BF0kgm zOub#^XBXZfOA-jQvN!6JI!Y-I94C%pnY7-CgP$r5RuAy!B7yp2oh80lt|x0fE|_5q znt_B1xB>;@uT2n$&RKrnFV|=F^CcjlG_!R=V?scqPPP(@jkD9A!%1#`FU*O@X&Jm@ z7TA|C_WAbZ5)hbva@V+a_04|**Z=f~*hTr9n#1q`OXl}bH-&J{j>nwb7QuZ( zrs)`;1#v)V?L}OURNactY}YDMkV5H`wjVlc*i7Pk{uY1aUwZUU&ZOreS2{`xbFys2 z3sz%_Si8kU5)qB{(=Zs^a%B<05*@E>fPI@a`cphq34w?yWFI0MVWZ{k7ab7lRdAN3 zv9qbl_P7`Ky<1eLQ^F)Y8E;(A;@7vz2MUURL2WtXfH8cFK5{uNrV-a&oT(vLI(mT8 z>pM|wgbhfBIH)=7F^s^b`ooR&)Rd;3bOzb=6;bxcMs z;WhDxU48otyDCx4BdpANZJ;|w;jELbC4@%Cj$RS5*o}-!ntZG@h!8`43W(Y25Ibo! z&&gqZrg<8tMOlWaCWSG{+k?L7y<-tE3lN>>WGjcN5&?PJTqTV=5sANdD*G?f&G^@7 z*zwuDM>aO~xBgw`HYHBj81?vWY%MAJPKl+K(#e`Sdp%tVhJhH!-qM6A8!atLs|xOu zl}l5WM-ZxUBZEK=who^Xs-QzP**=tr~Z6#uaH~M*)iBgI%0vG zO)t_~C%07)sFQ9(e0CESd;;%8F2$3Tb>HDHyaZs5n|Dc@e>ghzKe=cNIc2=)#F_{S zfqR-jX88)}*7ORIhX8TVzt=~BO`pl#=6UXmK-RPSKJwzW7te}M6*T_oTsausbe~gt zHWVvhW~431l!*M$F@6GpsIipE8NKLUSTIYht?C%4S0u^^M*m+!VV3G6FmVQa0`9eG_^MK9UylxaUGnTL3dM4J0_&i*;^LBcLu?xW-) zxR!H;4!KNLWk(g46YDF3Pz;QtMyaxn3&`&JVZ1PTmw-p<2X|xXfm^KF$N2D0j*sL` zMI_2GUL`bphgZG8H4Bv)yi@<#k`^~?9~-Z9nCV{EtZ3=>vb2}|{n&}khFVInJ@@_( zLQ7C2vT-1RRIEoM@W^~Ggs+|4Ux#OrE^zACoeM5vJB^5+Vp-!Q_%H;C&a*B|8o}xA z7bsWOX!9C(ZO9;ObDGGLqY%=n=Gr%72KC|?(%-vRU4X~f$n6r;39eGV^F!WJCyugY z$t>mg)Ws67TGHF6vv>S#SaMj?CsFkzsOL`fAu9i@)n}AF;?>3<#5nD@y)5#cD(i11 zLS^DWh&5vO?N5BkL3^o&1_hbB~Ui!RDe#tqYz^>zxirhZUN=p&WHG$H-W$qchQrdg=T||H3!Vzw|}gb#=+{?K0c-e;Yh(NdLiUbUgm#>xIuy8~Sxo|cv zFWG=k5j7N2rXNw$>m*lwtE#HZj;$OP`VDOZ>W&P0Z<*+xC0pnTh0O4kvB)3o8HARO zYcoNGFlYx(Nih>HAdlOroY6l8C;8klvLeoCh5RCuWb9?}ADUUG5>t`Zmm5#^p=efr zeIh7ZugP?5W^DG$m$f!+Ma!2EcT$3^^pXy4V0A-?bVL&1$#gt;4+s;I$;w?V3R0Dz`rlw7 zLiC5-@Dx0i_5G+gAxKy`u3Xnc(J(Hgs+wrIK#bl3$$N0W)xn;G1G2gPb=PgfK67NB zf83}m3Dar=T7UUbM&LQ}L*=7df(+;rvM>o>2>kSRLwmZ^FZ(9#y24kphAdM-jkJ$E zuGo9{MT@x%p2bkjD!{B5#-yy21S5l2RF$)`MEQcI!q9t5a^BEw>yUl&o?$OvTXWt? zz9%%pFq5j2SWD~S&pc5X^3Ov#R!hocJpR2&iNz8LhsCo?WPdY`UM$ z@nU2D1l+$EX!hfhKLl4r1I6}0sf@ea_`4s|N1X<%jOI@0s~6EI_NDe}5wCw-CX>R@ zD_#O5BhPpvBLAh~bge?)s&prwD-}nLCKe4qK8(lJa`6$Hc3lE0f_#X{I|U!DQHjJm zYsDA{(q|4lHJ<$!H*Ask5+K)kCUglH@*vs#PXPNL|F~73zNYJUT4a8{8TxF{DZJ8) z-@j3c3ukg~G1akxJdy{M+EMjdM@kAvx0P|in%^=atg8fesVlCi){W1wP9~ai*9K+{ zToK3V#h?&}DN~J=oGfN($f^uA(yt?5+-T~1&edIh+k=_F1O#eJOgkc`t2J;nWO{D! z>hKKEwDQ-IIpEfSo7pcJFH!R@b1Ch2d(M-1)5m!D)jCnnm*=Ub3JVic4U4rBRKzPZ zLiU1ByR{U$N)O`e3{lRF-^lkz6Er2sQki87CYD)OW?0Ck9@D|beS4L2@N-kd342Y4 z{I6`m2Pd`V{}`p{m%VfA-@D}sJ#!dl<9SRrnX_*eqkGZxGK?T zSTL%+`!egiF7M=9nO=MrlY%{TPS29HO0H65l9iEzS^!n$0QwOK&Q ziF$@kdah->BDySAd=7GF4=Q)O2TeAJ`izjeZ5=s@|NFeGu;{zuHQPsZT(-Tx@)!GMJn{raT~ zqi^MB*Z!lpsRj_uzR!0om2kp?&#wKWyfXUR9nSVH-hGdQXj-q8DVR1>@DgNdKh=pO z`n;n|Aa&P=e_!X~TE>(k-@8ca*GF{D&ObI6cGO!>kCFurznWd$)7b9(aq}1NrTAM- zxFVm4UnOwoX*r=pG$}qCbN#>Y;;MrdqNC^mlDDK=G)8R|LFMpP4v>hBWd8+ae2;pY zRF^M8r9MjjN8xnu+B>^nGU;t0!)Y}vA5zu*WoI%9>+~97r-H#pix0TZ6wE!-d(WwS z-h3-`Jwob3!l`{LzC%KbIJfSf+HL|%p$G&?BkWK%}_>WRN_-cxJ zXu?09|3|U@@FvB=UsXXHLPGH@tSTtN>uxR7cftTleN8&@B(cDK7+CVnKeOQfg%AJV ze%`ja6|NMvVN-$YSAZ$nE9{`CAKv&W78?#YZpbvfjk=9LJYw)KJyHFaX8yBBSK38u zZ^%V@4*(;}rVvmTDY|Yw?--TBa;b(PGr@oG+fg?y;IsC^EaSC^!>!a5L#~=;A98Q+ z>9CK6b=mK1{&$>80uR|IyRns7N2j@h=7kWT?>f7^;Ocgb92w^6I3}8$2BI`lai0znnRp$2uZx%CG*^9_Z zsh|4AXV3>Y-?1cU&}x@V1hz3(QJIuxS~nIVO`fI$i;azUgLj7PMBcZZUm4(G+xYQm zgesXkx4h}wUV5y`gQmyp&3bA-6`RRu4~z)wqi|+mAQurbsR!E zjI;Hv!t_I_)%mDqT|s>2CnkTr(I)kI=>^NKd>8(e7-wL&B z`Nq1+XiOKPf^<3T>4DIGP7v=m)dLuQn{s4&o>LrH*D}|^8h;!Z4J)>*Bn_lzh7$A$ z1YLK3 z*45smCKr)=w;!3PlY?6A#~SE=(2;CiPJx#%8x?#|8T+9oZ>H{_Xt!L+TQkU+KsfAp z2}ohFhB{ZtL4}RwG9gYVIAdEAlhc{H%Q7upSF2EX^3y*V8TcnegM|A*BlOqdl$M8?0SsmSO99iyxrSqy-uX z?QYEaDw}>U3*1Pvt?nOL+xf>!Y7|AGYaIv-t`$PCA}85x20FDm)3OgctQYchKg!ZnzR zm@i@ZNns%@BF;(Ufn~Z?MgqiQG|B za6dfacNqMF)&nQq)^|7u0jrhdUeDMpIyO4C^cMJ$O%j9{#AgOkL%+QEuwjswyJy$aA5qd{jlVtCyN-S+O5!+~bSe`4mJaILt)*dbx&WAWvW z3h6RdLNnvqS@W1@Rne5SEW-|;+=w9zhka+$+i>&PbRhl+^)`Es9d@zIwe_sEbPKMWogm#?C6wW)cv+|nzzegWcAt- z0KoCzA71``&D%7(OPZhTpV)A=>Z8f*Gdf5n;@1+Utw5)NugBJMP{!I4qhmHs>Z}bh zGxa&OcX;V80mhK!l}*~;3`cebJx-6`0Eqq;Sz-5h{Y1^adcr5E8eL&IRo~b7WGsyM zzrbpb>*a=C&b-JdqP3?(s*o*phWn>IvS|nmzF5>@oECiRc1Ak2`gH&NTz!_*Cv!{n ze1iKDKo)o>H}^@M{0EUsfV_`~Eod#+620DuRUQuZfA%z!U=4Ck1V}rlHe1&@$hr7`XY{ z1vO<%pE||NoGQopDfc9PrA>zyX@cdR|Ct9Ns;a|~)+^gA4@&D8E~ZAh-Pcvx7gh#0 zPwzT0#MKJ0Yd^W+9Brl}sw`0%!!Mt}scJ2ZQX0zmB%hkcEQEg9wJVZ9(@L*DsZ>OF zOgc}d;#frssk|2p&X|iMizEc8ZL#7rCfiSE#vUc*l&4f-q9?jElI3&*%dh_o|D6*{RjhM8w6AS2&WBD4DRWHI9jBufalR;aZ@;n>FIN?9oKxuBn| zHC@*#ORI24^&> zIe}+@5b@F8f)*r%#w1+D&6b;F5#lh&p@=@}+xT{qtCb`nY zS_2QZSO_BLJGqt1E2VHamb3hsjS8$xOR)sTRe?@SPfxu_UwfJacNMcCk@bixXXCpd z?n(^8yyz1Bt}v4ji=+uBWPdC!hmhxE`ucLsGC$eEro$*S87qfHKMqqgQaDb&ucf>> zRh=|s;57%{sUF~-t4@~H3NXUv?xjVkEk1tH{Q;)b%K{E4=w|oTNz;OZQh1Du_Ak_%?T{&bBo67%vblCk>20xn8LAn zMaU2J)ZTnHaWwJpSpi-z;EJ_@&f{{MS*vGGKfTC1=0s~6^W9rVRJu)-v6LedoWnY3 z8kC)p72$H>n!9<-+~r8V?bh|l9@LXaSZ z7S%a%htGLahy1fZbxGs!bD)H3l2y7+>-?T7e^!KNC$~;TQgPkJkDr$SyPrz>L!$_{ zsGR-l>~vu^L$6QNuuxoMN!rUp`_&0M_CdPfv$H_I7AMWV8UFWh9oO2t^)3=fM9zjz z-A<7}6-rl`MS)o{Z-An(1MFE(fcv36=<5QJv7@nJt#?}HUE)=iLp;ZM&bXr7K(q6i z(U`jK?)cjs5{*X4o61=O+;KE<)jUjX$aSw=2zFvP0EMa!3wfc&%BI4ogAgWV3F~~Z zGNwG!oP5x{b_rl{e)->mg!cct;`%rzl~R5Ob-v?;_laUb;1}PJR_`X4%2tgKX%Ja| zny`MZ4!h{xaAPXvB}-fv`6k7g!d@NNu}bMfP;3R(5;mSTK#h(j&FL+P>kCbFn$lH& ze9XodNH3RwCW`z`+ODf(>*if7jYeVq6yeHUb3QK@GS8i^$iXhl3U9wSS#ynqZZc-g z@85Rys}tA5!Yf5ygq6>W6z1XAih#CS)luz2^v^@6?2NneD&L?3GlI{mqWmQ>m{9~X zYtm3*F07;ivmJ91NI~Ls2brp&wSiP)7#pi3u*W@nbkQ+BpA(i)gF;yE)UuePKtLX} z=+^fQy1T4Z5}W2!Wvb&cmSODtFiAEMDqN;SUIVpc>S5we62im#X{&mA!;AFy(M$-ud3BciG7Wm2`Y;#4U*)6ciW@3+3cUhSuNA6ZeB)lkdz*xFho zHf86YZ{iLUfqY*T29@F#T)ILDOm$SIR2JM-a=FQiT1QV*=UewhW>pwn0(w5K%f!9# zX@1>?sq3Y9@^aZ&B*R`vbXVDJ2|izk;;;AjS&*@iY($L=_I&?*c<%WTaN}?J z9e=a(mHZLdQh$-#WG-&qOwp9J+E$H>PFl>nRef*}C*nsC-%b@Z9W`ZX9nA)|=Gcot zELWKSOuBuslR}L17Ta?1c?h`j+uxx{KwmBWEoUd;?%Pgtn~MQ{N(uhvka9*Ff|vg$ zXmEAJ<+jU@ii=DFH8kn>v60L~`^J zFk|1m!|}=xmkRk!H*rCb*+fm>@VtSKDG63!lBQ*$BId=j8h>|HQmVb(ROtBUIZXjx zl8hOw(m08)qpfkXYNJ)C;h8Po4opRdVuDED-uQBKzL3Ugpwo5B z-nI#uMvKn^L_r-|7o@_qM6;kXO02v25AQW;P$t$NP zo~z1AHi8-uOLN{6%3xU^FA~?u;L~&ZrZ0hAonmFJR@PbeH8K-RqLqlBb$_ZoFIlZ> zpyI!~K}gx=7Z2k}e)a4-gnvZ`B90`@a^8EMbnhO)w8aYz65-Kp5;g(vv3KJ zSm>9y%}p1A|3;;`-_-aP?o|u}FfjS7s7|7x-e=fD5)bZB-i3j+2E&_SCn>!3b?^#> zt?qM@WS^hr67>Wb6D@5z+Y8vSiJmwr_?j|(xV@=BmHN7yg1TJBiVlP<1ngy$(-$;q zpd)5)tUWxOr4eGQi%!X>WF>Lb@gEKww}4gUOrRj7o9mcR1iXo-fkna~Zk;OwD5LF>3QGnpSM>oTK4qlZp*WM?{&qN4#B()bmMzOQ2|a%x5O<+^WFSHwd% zfe*B*v;}!KI1{DFy5b!e?DjXk5D}kprAerP5YAS+%7fs;=$tUTosE^vrkitA^*C#^ zJ@;{8uj~t{^B#8cR8O$)o(9LO1EDrl<9b@3tUtHTnjwS=;ckZRoqjx2kJg2(bH;fG zOKOz54aGF;-zgcAX_#MM*bc5vyH#Ej$>z!o>^=yDPgc>`H1W7F+Mje-mxbSrEECJ= zCn#s9@ZVyF>eG9mJn?QO0J_|NQCJ?|$AD;Q0t zZ$q&SuO%}+PI!bHF5nKDiZJ8aWSbONlnl}wu9E<{v+u@cVkJG5$_KxhSa~@t@1>tA zIpihl+AP#hja)RPYaG7h3iNa-f@|tA^CS~~OHN>p$$_v5Ds7LZwpjw_$;#wnR%BNs zHt0UvV@fUd>lIdQg}>SEdUdnTJwW*m3lI-mM!y<(-=Zhl{L%gHaoV$;i7O>ZaOo zTJbfW1Z4p%DIi11Xk_>5jfp_qyH`2sv8wU(XW#dC8|l$hy3Uiwxh2JQuP8%@qKT{m zh=ZpvF)&oskd0|2S&9QSte2<-RT`a;z28frMdVJKC)!;Q^kRfdRft)v0iLPlwv@)) zK}_p;ye#D~&me4vkHsB|E9Ksnaqnmsc;Hkeg6$+Ri|I6wi^YV9Pegt# zA)1z49jZfefrEb9nfeheNZBsHfPXN-qe%|>#@ z(+Q!43a4(5Rg|F&_XcLLNy_&nmE$CWR%+XvsMHs+dI}|hSrRznXtyZ;cn?)-iNrMo z0;!~|m7r?XWOOd~EjSY819cS*$l6-y_8;RiX`B0~=R}fWM#7fD_l!Z)R~x~~CE+00 zy=q=0gkCrOXhcKxr9oPB{9c{Dxy#lDXXDxiyRF7vuYE0pTp(Ywh*d?eUH)QKGEvQl z+9IvG^+cO0o1T+}q#!oJBb?0*g5IO0X@poYbn10AnK5&$VR)vTatW%R<6f0~pGjef zj>cN*pbPq9Ga;nWWC50uq@8`}AB^#jy|ZoEiy}S~j#%bQ3g2aJOeTQb3X6wj#IaT% zv$Ff6L_J>1`VA=BJd#q!u(olOaUu00O&OGa!uCG97Ut&KlPp(Z$cD}RCIiSqlLW&U z2;vz7UX(r5Z-~!ZQt;C_FSq_!X`{6y1h$mPiai_N#U#86MSmS6cnK#C=UeG7=PZViA}WRdR_n&A*%eKYdulfM)^fVA%OZF* zNSX5(yA0uLzc1L5cH3ZBp)~IHOx2sdn;Hcl;+JSU6k1H&wjgBXD53ZT9xvb^pUAjY zY~L7y!3XuqWa-NtP2-C*{9JsX@)FSg(n+nSKx!^|?s&ZUsNgQ%S!28eOy*w#`p)Ow zE@pfZHty8w4b{Cm@|1e8FDLrtM4zYj)8J%%Xk>$RU{P5u$qO+v6^`kcI}#>xVx%HA zIgvjW(vR-p?iQOAZJeqwz64x({&!rVzgyRMbf52CGu8GHolCVfKJ};Bj!*sV9WI&u zyXY3L!L+*L8~||j{of(?@3S;Cjf#9qTq_3tsRMa%ISoA*r~6D5{0WppXN@UALH; z>xwLA)4Z(XMB~{WExAxkMsuJllJN6#(-g*0lVnTRI^QDq#x|hKvR`bRCJBR4}FzPUEyA;R)fbEH}=* z4tLeTM9G<>K3OdHrmtiVl^om*zqcG$@Zd1~byg|KDC^z%Cxr5~L?AVm;JPd@9K}kS zz$7r@^tjmi5^$Bj_D*tcqlftssaMw?@au&L+lA=3^S<7RTjrc;VPGOSnSBLZQC_4` z*vMI9!^9bdV1`hCmk#H`f%T#g5~L1GGQ%opKcI$uqi#B<()*ZJ*87B(%sQ-=Dj-XU z_&n)qseH=UQj%ZME8bSUpOhl$!8kI=aLUKE-@rBXVDE*qbgFqak~NntX3d_Qsqbq; z?=v#*i~)Pk4)J|YjZVa)Rn-7aGze448vuOg7qy=1^Z-Ue;0LRxh&kchiwFBCkIpuh zpWSL&61T}Z*h>E@`;*zn_o!J?bll79Df}YM;^*X0VvY#9P`bd{K!ZJYr_h!Po)lG) zWY9v&DJ52e0)ypZO|GZh=ENC<*rA~XJjrMVnPHOw#WveAn?fk;)@TgmeTW`}2*?bD z8RP;<4IZnz9}aFapGK|KB~MiOyuCji9QpRBCiy7$=a-8#*PoMS7xCbv3b{C>MrHfG0F{vheQ0p=4YA^$v5?e)EQFr zY$+2?z{z#}e4s+PPonF@foTK!b>W!fRdjlCRCh_vT9Y8&)uj?RaRdeJ-QE0lwBWg+ zUsuFPo>Y5&-F`{z=Py_(_4cS?^z_8t{ST>e7wkK_p;8hUdOEJRPf~u6V)VC^!BS*= z4e1z7&6;$kre4}ZZ88iy_GAq;>Xu z2cpAi^r`Xs7IvmXHaG2OeUytjmfV1{KI}Cvh?xu^Whp6G>g;!p^~Nt5B8E*@lQ_^P z=IAje%h}XrYlS7#DQ98xPmY--<)r2Rk`(=)x)Lqb;;Da_lzV=DcWpJ&D|T3jMLy@@ zFeNtMN$q{L;S#)NGE0#|Wf*^qB`U05BRtT@&csaDlJm>7f;~8aSr2GkL;S^BG!sce za}lxoG#o2BgZDW1?#=v3;GfFqe|En^^=$2TUBoN@i$=Pjb?ba{gXz8?5%MSz$qn-s zBm!p^!$P%eQmQ!Xv*3o)8EP#rvC$tb>@UImrp{*iNl!Idu1w8D>^L^sVN-BxIl|{x zhz>bo4{f^O@;a2tPJ4Q&#V^lvlFT(Z;UdV?@4rM6SvR?@r|XQybl<3bu?hQ`ew1b@ z&-E8%g8mY}tkJa{O}8=CCcG|pHVx#7X$GC{d0Ya-CoTb$Z~l59GAU`YSf}nR2o8y1 zT5y_3gWl@vCVXZu4Fl^vH#BaZ_aUy_b}mOC1Oxl?bf`I~LLO`A`l`N>8m zJhxRpai=5(pIVCg%s6cY#HW@%Redv{WB|=?i*9bsO|~y&2mIU-G1>aqcO&cjgRQyq zYxC9>^Jj||+FLAPUT?T|zLnw^GEaQJ=ZIh0on!U$mIvT2Lnz|`iTC_X*~pW?=GQ?b zfdBg|ohvz$xhe8SpNBB510Ly=$|RsR2rJ1J<;)<(5@9Loxy+|E@)sSyDKw60l7~D5zqwuA!4vn+{;QA zBiy4?Zh(@;#)G|7w_Hl+gC7~30|>N0*K}0(%W!3EB}ZRZKZ}I~PdH?KkFnIr-$tma zaAT8GlYwj1%wF$P7?5^625H4tw6qjS#M|DR$dz@aXX{`(@W%i`Yigp?FRNg4Kxh)`M?R3Cwk1I-~m3#J)a z3%3;mf40O3WDN&J2HMcvLRE4^zS8jQ3hrk219kXV9h`BFSCZ1^SAnfu^ewL+RQN^$ zO%z{`$|+7mgsNPpQNr-B;9j<8udcelEaTUB^Q}m=%}vEUR2zDqM@=5+igbI#R$^k# z*6m_Cfqc`XN5#6*22R%Rj2=?mh%FX*CTt+h3E)Eq#}-Dp706^6sc zK+7DPraWASW-`pcQo?x(IweBoFCIkFj^+3(w0mpMQrJXff{aO~uuQ`Y{)ANhu=?Xd zm6;+Wnm;&&Mnf;w7m{wArpP3Bm8RNI)}Dm>_4}ErX1=_qNu%*!*rPuAd+6J-;J2I~ z=5t!a^+nzYyZz3Y_H@J*`}{xqNUgfDHYh|?o77#od0gsviz7^pye zk8E2Q!yX|YX8dB5TJdROgsv?}d;eJy!$ zM42)=7fN{hh@hits#<;*Q0uTFO-&JFT(sq+}gTKXF>C zR!TzRa3&-nC9HQqAZeU5DX?2E5@{s@p8Px+Hf0^t^KF-EDri5-7fAp{{XguzcU;ri zwl|EUgB2B|NL4~Y2bIv9LklFK7%sroEfIvi_iR_`4p~k^M?gh=dvG@3VR-pV7Me@sOTkMQHl#JDWhoh zSz?)0darVw`4Eftifb85SmYKh^gT{$`aaNfEaQ zEEu@O>&$0yX-t8ep_D$PVCD_x+MDsmZO90Ne|0(d&HGm+YXwQ+3*nOn$S4WE`=%$&mkdN#t~b))dH#jE!oGt<@8F`XuCALkwnPGVBdoA@zLv;9OzSMZzM{_yc6 z{b~bi!erchH0|JAF+H~$=d>WNagchZbt|2Q3;+^p`fAQvSZR~v1rJcG05uou+heeX zfG_l~*|OTWzj;mSy?aeZ_n+=2uZq6qEvEP)=VB?h2x!M{06%p#^4m9|zta7M;cm{* zn~&@IyKfT_MkdmwqfD7D>Nq4d+c@AJL89xDLi5=2q73Y1%}BMYc+uK&m*LgEo1Q6Z zc~3#z)Mlp0Ev(0jjqWj}=E$MUKEy$gbs~pwj9gQ6Ve5y(z|e>MH5u1zfr|AoZk;kq3S%ohP(pH-k8nSX5Sv(_XLdchB8z{Fd6=0|4R*K|<$L zKbbA~^C6NgPT4+KfF$nQ#5YYGKmVS3=00wp!RM(Y=Au33gX9taY29}VZ!eX%cSFY+#-`I63A8XIb@qyfqFDgR z{A%WqnYW9VzNb!x_e!pCRu)UftK`4ADewDNI{x~QP*!}WtNwzWnEb&x6?|CxY56IO$ zvR{mgWfZ!(;ryH;QNli*y}SgH#F%WajV6Bx{x0IT!n%f!R2l;k%Sr2o{Ef`y^fL)K zb|O~&t1AL?woFp4O&k~F_gCg&hKV~4-X}0*eHZXsQ4>l=?>Az;oblDam}-@V zU}RVpE8Q!5fzm+W?a`TH>a$AJB5wyIwqvXXX*z6?HWC>h~!W~`*#=8~3gMKbR>6fjfL zPX<#}-4;q1gGNnS`x#T=VyG+}ot&{s0 z^r;UN_a4#c7~h=nuB3b0Jb?l%L@5bq>p!>Kz)gEKhwoFtznc^?n;^OoCK`r&F+ZhXf()-6S z_($s30ipUs(C=zt_41V&btgT0!7nZ4Jv`r2ry1~0Lo#O8#G<$^8-hj^kQfyO{HOPW6DAsK_PIwcN+bu>cO;w-hD!>TgmGRpb3|iR351>;DL{kxH@ZXMV1^9_(V!%m9H(tVM$3E z`{`PqlVS4u=i2Sw)5(o!3}zXJ4E`%!B_x}ELhw^?R2nQlX3^X4sPiDGqftrBQ+T$4 zyN-EQTsuk*VN1W(>)pF4MF@E%>rCnpV%dwUyumqu%tt&$M%9o#P{~tIft57q=AD53 zthk_e@B03PCH2qN+=*gp)k1rj-57LgHBa46qs|ZE$*Fo6+MYDn|1&0HwUfntGGX4? zJ(*w86}a`pXF*c)fP?&PHvRnI`?z;230O1Un5M;yhYM z2|hkfdyt%V+i~IotLvSOg~oQ2`hsI0MQRy?i}nFp`!z3g!$>XdFF-*qIJ^Xi6uu;*CyL<#WArJ^!OaC`*>EFKyiQjDL%&QfF>6}&BY~GU-N{uAibi=Xb(Zf`O`S30rdc}<}Yw%(W$peQlBI7 zZ=f~^RRb5Lya(?3-#V5#4?jahUl?Y z4*m4KY6^$~{WjeF^u91_b7qHwuatsuV!+u6&6cWcwJ^)xWGfO6{B$pOIPxTsZkbtT zG(S6cHMunSzSuPy{cDF?U?ukFBA4Ie^$Kr7MlemOZj!Co?) zxgDO$1kt&6jUOh(&J>z3oLSshICK=H_rigHmC1&^TCO070N>=0EwB)V!ysp20JGfQ z`^6Pd@F7p)uSzRBT}> zUhHbIb$%#%1|KU0-yerJ9~jTqEV9Kxrk^z3$;9T?4F+WGC57>vr$wsQCO6c-?kFtV z<;=hQ<F7*#|<4xMC@$m^9Ni!N@2WAKB*_Q!5h<8bp5h&WHxw z;^R_#H=duF*3Z%RI#*YXK|$VU z!v_0y*S(I!`3)1j)D2B^Yf$>xU~WrbeHHhQ|KTIRLr=)cmP71Z^QWx`wFgZx-8 zm*&UalP|akzGCVu9>Jv@07K>0>NDdb6Vcc95|K|9f~h7P z_U%I<{F$LMUQ#%!4&tOy zAtMru;#W_>r09QhHaLUI-GmLn95bZ*`r;K>u+!rOu|+n?C~p z%mnI#`lu^fa~z=_AT*Cw6h8!ZbL}MSK)V>v^e8_BF zbm5a__YKmhw1*UP0HfUmwA^am=N#x3LxGv$V>>NflOY{P%3h2R7@9c*-R`39OS8Iy zC3LpU?Br{?0}MW;PSzB&M$srgbOBMPJ`Qya(_pw4yZ(93{}$yZUHohPhO#bf=V9wsor#IpGN%>g11t zqn$2UO0M9n1$ zzMV@EH4K~|w=zp=JvNzA=ENW0FAmS)(+9U5@gvQ|U(sS|t}oHizO1MSD_TqV#5vA26l8b?b{27;3B;5IwCR&Ur~%M}8_qN{CedSc)B_uFc5q z^Ok(*6Tf!LmCnP=F2fdyQo`eNK}k{lbCg6gi1RgIRK>+yjHBU#MhjozM#(s zdb^pJxin==*NURG0C98f(`QTVPhL$C)al8(WCvd3zvUIIfC8Uu*Z$y*XIzGT3sp1s zH0Sc$r)n=+`*+9kX?ChFbPao&Y44_jaDg^3n5s4!o&Jj3Q!!I(XF{CrqKIg9iEDBY zVo3SuZeZKS_cNLW$;G!_I`3cKYZN~$r`%r<)6|CD7O?2|I# zX5eT>xOV^&#qfl_LH?~cAxdS0T)Qr(g5|fQxw=wD$%Q;DF~lBxS*A`*HYJ5%)7w;sxyHbPY(KpSG$t3-t`QiNw>mi%U3_a&xhf$6e~7 z_e*^t@qy#gaVrfX)lh7-4XFd?k8Zm3@TA`s8{KIZyxFLQWFjl%QF`m{$rP!m0mx!{l8Max#(st;GC#7f3Wq`GMLz<`Vx3@%Ljz8Rl{;xehT z;>550@vU^K%~lxLM^m{IKhna`JB-bQ8SP<&aBW|6j0&c5tDd`+wbqc=d3SuYu`_dLok3JMaBkI4t_^ z%IA-~ANHhC@^RuLIeKsyuG36xiXHsb2P0&ii-ZK+irb6B2TnJc6xcU7j^Dq+lDEi7 zxltL+-T4jB_qT4~2XtH(9YHRoCN!}WiWm}|qWD(|g+ajn;0p_hi3FYicE-a9YE&vr zCkvgsGXB7H@$^vouzup^oos#irLMrdM1t1>5@Pju>~G!SqsUqa$4>pymuK6pb#KZQ z;vO_IU;kA%dI8oJAKqqk%S@k6+G~vsnDPpF{hUs=q-vnDDyZk^9i(|vuJwardFigp zz{9UeU*#A`Szk%j{EcOwJ8!h~*__a@g{>upFKdd z30?tF>{}dmHZ+Z21;0>%Z2-R_O~FT7*xN7$1w?+%CnuNr4#*kwq@J0&Ra#>3$N}Mr z9qTuyw6ocb{LY7d+eg#ywj0fumw&uNE$YwUdgnhvLbv)wmx*f~AL|@`@dQH{et*Zz z6XNHgGaURUY=VDdp8WBph4Y?h!_8uXFO#2qA%-1+nxZ|e3hKG1BxZ0J+V9Rs6=5pDdop6_P% zf-K4F>r;W`v>BJDxY*q47}2T z2I9KYS(*;v&RtHsM zpE!PYI()I3dEt{kg}whxi4-@;)fZ_xW!!OpsedUwRG$+b$p_`Y+WSlNyy2scL_blbJ zm|9F;68KMQ%O`Cd)((h3jb{omV*Zkt%qydcr&XR73g)Zeq!~t#DIQ+kAq1V$+RDiW zb$`7X#`5CjI?Fwsr^qqvJA+d@UQEbp{?TgwS`02`)k_zC79^r%$psYVj0z0h7OSzt zZ80O{uSjG?PR&cFOJ#C7EcFXYs3yP_37a%WRXhFRRkp0*Z81KDWBlQ`v*nXG0*GsE z#!lqnlO1PkMr3AQV3XIF|9O8u9|Kq9%LoU0_0R7HyPQ>7=kK~zX>DgU`;V-ei#Ua_ z7OhsfX0j`_#fsI@Oe%Cz4Zj14Ox_vq3xi;XN4IiU1SM968RUavx~t};vojiqbyOgs zyo`t|nt`?_SheK5({X|(rFyjm+mt&+Nq$kZ(UN4WNx3AwETLR`S07v_ryTM$fo+Yz za;dRrp(;7mHPfToJxa^9kBqllf~Fb`Ru?_I(^k{+#EQ3eL9g^4*1k}Q-`w0l=TnB6 zXe4>(cqpFUNvzPrY?Ym>J51+>{LxUuWlYMIR4bpVsCJb^19L7gjc6I?@*r7ao^Tjm zt-F%(Qxw&g&6U_o?-onZ#TDLO=r?)6UZ?P|tcGcy_7)Eu^IjVDS*sw+i0CG~{Blbt zx7x-wz8T#i9=01BBU$X?27Em(h#oxUu!o5e?!9VUkw!3)kQ|G1u-%%5M;a>=fqiJN z32r6iX8I=|3n%T`c->y72K6uK((~{;JWe-qoCk$u4AG3U$l!jU2F8R~3^cKDuH(K( zh?RaLVT+Pzf9=8d9M3Yxh=IkXSiqb34f9OW0{ zxP$9=yQQ@oxP`_BHNo!qV67!<Zfu%nouCH9H_rxG-*0<#xY?6QPZh~ z(#?&6N@3Ha?osV&RHP}U{;DINNVOSt54%`Orz))hma?9iP@z5Pi9~g+DHy^|@sl)1 z>&THa9;BfL_vk%y>q0u8#Mo{g!E9S%3F_Y0I_0~6=F*u)-&I3yKl&HC{EOy~<-E=K zzX-zV@l4~=Evq2bk!MrTTy&l2w$qZ$vZYB+H4)vxT3?nu(5Q;5$AwR%_QqWUi+Av9 z#tnC!7a-HaKCaDl`$J?`8)|;5(tAtFhAxqj{?G1_i$g0m~gl*z0t0t?8=lu zGxL|>R2<;GCy-BT;J!6_^!lE~7CY)ic$rREva<(p2;H*TR&}f!QsX7{a z{wggDgM6r`1W#a{&J?*Z#^Ib4&cmwEt%b~@c|wzm0@KHa2+==L!BPY&dJn58BKRLR z-|8cVn{_NKM^$L9T|ijkB&+RvieZuWf3Ed9`LHfi$87cm>Ag$<|D zoOIXuB&H9}#)=SG=nvfn!*n$v8D+(&@r%5Rg*rug?DW}yK~N2DLcL^L9HJrGa;xC^ zO22#x3r;aO`b<)lrNCSR3mheYC-P1aYGL|~{dSu5-?GU*a&<;`9J-#!4_t7n(z~D; zu*=&WJZ(r=w00llN;Y@=LTG$)hf~uF(E1@2AbfC-mw|~BCS701P)NlH@mCqxmvEpd zKs(&pPrq5!Z@QHrOc)w2O6Q;TwC!rwyDD>6P5q%qN&F`JtBaG*y$$_)BVNu|*FAJ# zi_TwtuJ1+@M*(ga(A`>s9O^!8(U+z6-XF z{WhgGJ6LBIYx~%0$;5FhwGfS7hG*5iYY0M!>43XiDyrUoC{;Y~R^)KAA0Ae;2O!D_ z8K?R$)IODt&`p|NQH|x##q6eI*q_teEl*e@F5QhP`s$-Oeew9tb2^9R5gH4PKqG(g z-pDm?g)J2g>B$~W;ijm|$X)-++}d^1V%x*cRvZ+Ye%GU&Zval}Jd^q4>-Fh}J}>`D z*L#yKuc0iuJaW68Z<#0hG9CTBKiPEj3?rUmymj2&%(PRx06C}w|1jA*=A$HI$h<7g zz=eWc2+mBkjRXu2VsnzJ9zNRoup-HGhh~=Excyk+c)2#~#WOlO+TS04Zko{odt=ur zot#)(@YOeQ>Nj8Qje-4wNooM86h#A_2}U_0h)$FM3RIF1fJQgJRQf4^UzJ6Oyr8?qscH$9rfNwb z3S!Q84J#KeME3P!2&{91f5Sgr5|UtKud)bR$sG;bkU%-9y(|_*vexf*59JZ$uCY684d2?Qo20Aw%J-m^Xg+p!cIBZ;LtYX?|zV0;f zR#Y_SCo5D~1mP(S`D@2J=0xMEL6%u+u(PvY1B<@zi+^BSa5vU}4+(>xXX8Lqlgfn0 zpulv4D1b6w1|-nAH#>;>pJ5#B?3U{}h|L<{`tw93TaZ9J)KGn!c18y20`Iu$WCsE#Y$RfLZPE z`8wIWaY=he34W?S7@DegRRRDIkC^{*1Nq=KD_h6u`1KY{^RcP*taR>DL&Z#Zls*hXL2BXgJR)gR%n@uq-qS(Ly&4bqRUam4HLRE?Gspnhl50Q z$^te-U6;9j#RFo$;$ABl*{`0=Y}$3xB=mOGK4fR>e(+EJ->c{;+$9zJ+8jSOfx6Nd zU2EQx*-pu0a*!gI%G{l>6qjK+V^-JUNACub8_PuwY1Fqm0vI`o8qs4N@HB z!bJ_!uF6KpH_Dx0f!c^t%fx(Qr&ILjeYc8ZWI+NcuPZ*Z zTaR6yYybR6j>VRv>w}f?RMFab=fFu9|E-~!Of@&IWhQ~bBD7sku15>E zs}&h!CG4B!XJl+_I#I-Va}AUhNAWb+O8dJ8f`8Tkt_?%DOxpUITqTngbAIl0VpE#X zt-JSj%bvSLKjn+0MncU!O?&imJtcOoaz$6h+IlZPG5dt1F?(>t?W0=2H(f@1vQisR zwR6cL4;eZMn*-E^?ciRwz+4TPLbuBU#J5o0Y?2E?9pCP_hPc&HyB2X#KI$wo-X$!b zIfzWA0D~Hv&;z}C{3!5_-3`6fV)h;BD?>}S@4D#U(X2eB6(9t}FY=rP^+OzRx01|+ zt-L3lw4HQR^F_SHfn^(f3iK-7PihW~JG4i;5%t=@ z{f1HZ5fZrC$Lc;o8sFM%?NZe%?9H}55wXb#W z-zCq4ir$F4^j+*P-K_~f+-vmUFJhvx3Ua!;ViDB6k z+ZEsHk#BBBM3o9$pg<*-XvZ8#q>N0}N7s7pb4?~x_XD>Nup$#S*{)5Asr9ybHw8Vp z#dvf0`Nj{$&UVU0H6Cy&+%TJIQf`F?DJuVRx+i$aY$^E5&0jRT;j)um+|D(2aA5GP z$4whaRddsyaDzi=^f+nadhGRXL^BWyrghYkeV_Hf`R$ss4q6s}wqX_kKDa@2Q=QuY zs52p7R~cBj@z1x%(@Z-Kc<%QZ^ThWte}Y_mbyP+b;%vdZT+r;{zVK1_ErVEtROd~^ zh?_@j8LKZl6SF^!7iaMa0KofE1DV$>D1K$M%#0jrnLW{&)|6cfHOEHG3fA(HFiiTZ zdcwx9mSDG>z6v(?ff318Mf6#KplCeL_?JchZGD=gx3 zk)JGMl<)nb-c|Q2Gru>@|BUDRJ{f+`mF}12h6X+Sz9{@wi!=b?_qR`eA6F+a#{q64sru$_T`=9FlVzvBl z*WSgD(h^akehY6=h?J` zkG73JpC7#VbLR)rjcjos_s^lX-b;0L56!xHMPya`v0d};`vV`33-5nEKal# zI?`LiVdlR5|2LckWs`>4+&M`#d&YiO2&%?k-1Wz=oGQ<0aVtH;N4rAFwJ-7Ny6~uM zQ>gL5)5{Dhs~n$qOD8NE4c{c%C;9h7;~b5(Yl}VR72~gh`NWa-YMZYRL&n|q8nKoAhHzOd-F+6VXzx-ej}eWQ`63;UWepm5K&4o z%ewW(C(UA*dg>ABWFd@V8`arn#73 zJgKke#N!|5X5L7wD}a=*X1*t$_zTlg6)G&{^7?bF47S718_G%bZ#Qz|g}!v7tu&$H ziYtt6E_ZFtauDmMa)oZucI^GH_}bmo9R|6>PdcBpuzILx-=I}mTb@#%A9Xe!bdgiw zuXHcygMu#At)A;Waxtv}j!c^L$8z;$`YI;MhJP|s>cUBgTbnW@To6ukUQ5a6&klxe zMM0kUicowwV@Opv3G$A@>f>4+#KcPx4Z+uUj#Op4vQ z_kWD#EZp$kdx}Cg`bz*gI0J5gF7nn03ArbfBunli<4JBy(?%*;92eGPZ{<-GZ*ecb zj^N($(RWA+c?o{$V*hTqt;(hqRTJ#AeX9+xBo0D{#MbT45x&vp;Is6jAAzZe);0(evI^dJ?hM35zsoH3D zcDtRkB+>IO+zAX!MMqNY2AvHbj^S?Kyzr6(vge!T{yZ)4afY4be&?iA^?asBm``JO zrezhF|BuR>dzT8SwJ*~sp)Z*ctzo2`f%o3{S^%DU=yB4d=8{E&et*enF;21GaKafG zthHH=Ld-F(p6-ZT+z(n6S0eh3-of>-yxs28;&{u3ZydmDk*0G4Jem!3()h z7#hM<8sWe~2u_8^t43JSwvs>8_5_L6MOKUK5~Dxh-K{I)%mTrB&vk2-)~?5c4iX0c zdD5e!F?}#;Pb`^-m6qkvpqfFodyKp_%jU079RGNq&&~hsO#2}XeRlfhzsd7I zcyOLq$Hp4m|Jl2ISGKR#qKWlstIOiwd4gX%&%?1T2KO19zCrqA2c?68jB8rq%gYOs z!9RPKzvdRZ@uHP+pN@{}<$sX(f7MqsraT0&y)2-xh=vM>2M9FLP~lwWa^Ko$lMzq?8O+*TR1)XxsfRSTxYm{ zxEGNW&S4|O%aE-W36ZHFUPA~e5;B7zevzUrWzENe))yJ1@g7oxEFK}>ns{k!Xs~Jf zbiAHLkxtMkeI8$LJij?-$h-ll0}ofFP9k*(sgZ}7%yw8~8mFSb`$;Fw+;;!@w<^_q zhTT^^MtMTj&Z`7Z=syOl$eXJA=Ek@MU06|6vD@%jo>l$qzV%~r&D*S}=V#k=t>ot4 zAw^sGLU_c~Q?xQEZ%r)(v)>BywzOl!TG#wAa~l1Ek%Z1da-t4kusM4v29&K zwLWq($ycyS-t=U&K-;4FXJ0l}R@BtIe!3NpMLBd^}|;aGr=MMYyg(Nv_mDFEug zNmpiSeA z`~-Fc+McfTR{N8pUkl<6{y zqmv9Enqa7V`hveQB-9gJN5^GLUK^Kxc&BOsj!SQm6VC&C@szg}?ReMzdvUyN9~em6ltesIY)-}xiwjG=sjePZ zrH$_Od!XYw(_mQSeCT9jNgnL;>9&JU!q1V1^T|!Cj^Y&Z-j=hFxjfq$a$U( zat}*{3c@Nv@^r-hB zX*7?~GI?}O=bD$y9p{sdn@E%CE9x3|*H7_gt2sg5vhdc(V?n@C8f(oH1ObSy3UQ?K zY6^6*-|Hb7nDoM#mLQ?FWeV(MJ>FAch0dzq0xl8-+ogRx6A4-1bAR#<*ZZdvWXVO= z((N2*i`_X3Mi*;;BCpbkdL3RwrV2BXWN8c8ajmFf+-J|-N}L<23o!>@-?(SgGc3Vy+!)$^7?dV_YC-i^X3cEecIB( z^3P@cuTG!7-SDY~xROJb+aAoT`m)Z&50Bh5_t9B6rVLDX*3$qnFW+c*oPr`^8~ z)iit}SF?5cz?j)=QqY84XGaMsP=~3Hn&R2(IbU!{sIBTYJYJFb;+4LzC)>6x zm$iJ&_#yttU?NcYlgrNO@2PW_>3M!Z9A|F7g9Yhn&M<`DkH{CJA)opeq6u39H&Z_d z8elTvg&+^R%nL*IW^KtgNKYMq2*7*jAhh)!TAQXT(TsvW+lYU(zxqGpTF%AXLKQz3 zB?v`QbJ`ex*gMEl_@X(vyB*xT<|>b9`taS>U9xx0M>&hyn zU!;G)-q|1ApardXGW&xl`vlC^7@N$*vy?6~^o}`ApIa5{ta~AmhEti7=$cyo5yzNx zg!LYo%ERi==Tye)@s9cW+^WU7;ioZEYxNKpV`g>Ojio^$@t<;v=-zv{mGr__51!B5 zta8xl3+bo~0tAQKf!Ng|TJT2_F(N%@dNXfgC+tO0^W!Tq5jl5stFy%KW>wk}Imz zwOD+%IU+l{+3j=-4+G4xPsFCupd5Nd*$dfx3;IR{syqNX#{7iY!7fav0mwuWmnF<2gO7e1RxeP{XwFju*dfTr6PJsrpQT?-aye zWzz}Nathv-X=opCV&ajf+0eVvcn3572}ZVrG-pz6trXn z3u}V2U#qFRG^(=wmnJjpZl_NUChFjwLD=r;%WpWla=y8zK9qIe4wft@EMJ!=zkT8S zO6F4$bA+yTL3yugWXyeDVpS4jrWa1;P264E^~Fq!g3_!Q10&&0!-BOYU-cpN;(Xy8 z2!wN1vW~WHi2zZroZ5se4J5!X$)8Xz!b|V8;F)t7!NoUhKk8GfC2N#LpgoC+g_<=# zj!NbZlF0E17fC;W+>;$<%>$99W&q&1#zO{m8(VZ$zTt6mDO3f&sgoNkFoN(z@SJB1 zy@=XeTusd#H+`jn3*WL(G3wps5zijvX3)m+ZI}t112J-Vnwb@#U)9jfnLE#3a<)2` z3Fp7wq%)B{urREGhkM<*Z_+&7BT2yAU3DwgtJ=PcpI z>mG^uP{%S%hjzU3rZCjh8Z5afI)7dM{dO`a(&KK@t)&!nJM(;5V-<{370yp&-v-bw zYQbDCZT&4%Ee3{ZB3B)&+-F1_g&RWEI;m#!&kM2YA;rL1^=v*}xQG;EX2!CKQ?68o z{03;c-#81uy{J~3uxh-jRZARO?S{AyR_11o2m~5JG#*`ht=3~1rV+gx0UeRUoBu@-fOVA4j74U)C_xZ;Cby}M2{BQz57JcVp-Bwd5j`4cPp7Q$6Gh^EoV&A zgG=`7o725+;7rv=9$y&?jua22GR>U?(`tT<2^C5haNt=x-56Ge&8(^(Ief7ufNlQb z955<@%641^^~xDB^&eKnc6#uHqlJ}CChTWRNd;$3Dcs3nj@t z40f*+_o~7QEvw1sFJ}UaRIdotFX?V^siyPsQyl@&+<1|$A?3<@X!0NpgE8FAG=yh1 zOyz8Ijc{XkR)lWU-COUyVr~Q7(he&na>htFoRdtxP>W&5pQ#?GTGod&wKz~>wc2Mh zSZY`9@CfNt9kHCZ=|2MoiJh7yu(>hQjBTKCyD1HFpdaD&~`+9s-1Xmt zT43wy9mVpH!4hIc06tMBtUo|(SB}Mb>-M=#%JhMOg>B%-@$>B!ORcrl9j6xBRbCt0 zkIn4wt5|-LV-2tI)EG$PFB1j5BhMYGome^V!FY41Z~M)j*~FG~*n3=qFnG;3e)-oF*Xkm39ETjjY6J|$AUbpJYc(>**=jVmb(`j*;kDNgKu)ni*+I!<2gDj!}soX z$_;ad2s_w#HCT}M-&X`EZnvRRu%-kS!krnX&x6m!CD-5}UK+72?Q-Uq5K6qA!8}fB zCf;}P1+iR7M6r7&W7>X^*je_QxPZqHKX!SNq{HJb)_o7`KxLE2nF#~6?m*YTqbEb3 zOt=r(9vJcJ>okj$O~M736LI!h2#imBQJMdx57)V@O)dJurnx3v%0!r%NMtxEL=*tLtIL@{oh3SU4fpE4(SYCQEblUeda=EoafZDF%j1dqgJJvqQq zLT=Y2F$Iy^3EYOK8R|#ex<^ZPh2rwe9}pg`F+Jdxi6!>HVc&kje^!4(w9;gNg2jra zoE5K?ZnQHx$0Ze%%sYFHFy{EzG{o_qzOXDE#&#_KY`%f?v`p3dfIdJ1uqnFtaeKbriu-M zDHPJes5e11o2AN@_>%Oi~Xt3q-Qe{akDUjb-vZ%(gIpd;g%oz5@)lvVLSliao{e4wp&$ zk1dlN?bF!G2+MgOWjMV!dG1P8a<))Vga+H;FA7%_D)>uh*7?JYrje9q^jVPv43Wl=zp@osvs&&MVz& z@6-o7cfiX4aF;s-3GwHX5J$2(W83XySo9?IEmhOiAXPKDz#$ld%?ZQt8WM`?+)MaR zfmT9)De&Gi&KttzJBwk`i%Cx7Ci;|oc}1*P!yli2C;<+mcFV0*VgP4)JL8fH0v~kg}a~IeJ>VP$}}|| zZ=qC^=Wp)}z(YM8b+=t(H8Ps0X1enAQf^}wCM)$Wt!8aW1=II08CfU+N3IsX^9u7! z3=-EQO0IO-yqZ2Viq1TWAy!$WPB!lT+ic zkH$nMQzu?wnw|`Ucr*E@9Ngwb=RxTqc6+gCrwcuClUr7(B`&DYMd@sPL(MUy9hvMY zkE2Snrb^w}SdHsg6(cV;_f`{put}E_)JrOe#cq8KXc2lO1jfgazpPs{Y-m&zkWw)Z z&m8HEHU?21}blldNz{I23Smwo@}}V*i&&j)YT<0XD?X> zC719Oinvo2rB`1QYv(LLLR!FLhdX5SAU(I+w>L#FGrT8z$Pz%>tr5=zGrQi3jYRj# zie@UfYoasH*w>QeCoECwB*7@Cz8(-660Vl)XpvikC?XD4|3xBP6xj@oci$_N46>ZV zX8Dk=NxyZ0|TPt(|}llfV^#M^b3jU@PlX+bAq5+>Ms_nFH=-QJL{$`}h4hfhUt8iY06 zn!hiA<}ByUzFj}6d2r$V-G`@q4+leTKfLoN!knnOSkR*63Qiaw+2s>eh5K}jm7*KBY zr#w^v+eAD7jb3pU;QI|Prt-QAuNg0CFuE^}BMOx|1VI(hxSThjUx|G@#Q50k_NeNj zfg341hlio9$x=!;jE?Z}Ez_UxtOS-*Ngvew`j@#^+IM<=1@mvvBGNgHX9b&2Fgh ztxEq7L5J*2wVRXm)#$j#bY4Ofo-g^0cZ>JLt_3xH%IVCZqM(6r^B~=9wFRsXbwU>I zj>~9@&tBNVbp=TXy}W2A$M?=#Uc^TxvA7ZQL#^7vn`-U|H@5a@+~kXJjmz=Ek{Ch( zHPl8zTy3UGJhvCM<(IKB-GP27A(x5JA>fc7114ZO9oh_1HJFv zT8+5+LjTP{(~EO7$KGG09enTB@_#RAcG!QTpJ{6=X-dnd5b{au;mk<;$=WzEek9Tk zD_g&S)cl&O^u782Th+>mlsLY#68ptI&G|koaVTM&Km0p86*rz<6D8*Xzx1FEy9e;sacPo{BTzvE=p!om1ES>yaCy;y7CV(MM zk0}qDux?x;o+d0pt93_(ZRVzwbZPdmXzJ#A3OZY?W7JPJ`^#lB#9!&$PK>7V4*^nd z5MDucok=4v;?^>gUcPr<>W!!iUH=4>9aw+=|FHMo0ZnE5+CMX+C@3nRAXOou7d7;* zlt2<%=pi5?p(GHHs-UPNMS4l-ReB8|gpR043spjBp(qeQ5D)>WmNzqV#&hmHGpF45 z-rxKCij=wD{Ofy2y)UjwUJE{z+{($}MGK0%TeiHtUM7oIo-;a95yzBE z(wvr^Tm{oe24d6;@s!J;Eeln0! zNb_a6Yvt*JO1cASBIc7PxOO~1-6_Kdmd4A)KA19d{ZzN1S4DK&s)k?zILXSl2FO)h zJ-3Mm(!y2AS8DBomi;WpKn^$|&4vjwcfg{XtSpLbty=wZ)n7P41Xp(f?cRA=Gwqe_ zGW8IWxVhMrdS*(?B>D+a~|$P!2nGsxr?6wbANsXR1o9@3w#Gt0(q*dbEO$(bt#g|jJKbyD&?%_ZH8 zQAf}mmuRYM+Z{CrL(R(7kB=7U*^e#M$ZadXcLCxiy_7hahD}V+LdD%=u$5$fHBSeI zYBs%>zbH}Yd57z*Qk#fp7FTn9D6H#~g8Lz(;~Irol+a!6+b%H1loU5C;orr9a)M}{ z0T=MIIX?o>!1wJL$AXsKFgne_P=ajA(v-4kLAW6?|imUtAFF?(3`4)_ufs7!X0|36pn8Y&yF@obttE zrfL;)p{DgbVVn25yX)R=Me)l;yIQ+^I!ksMPY4;;a<}GY2L+4yI0OPRo{PXwwR^^4O;B(D1Pv{zKW5>LN2WJETS~;Xhw#7Dkk4Ouyt|P+DtKTcx49+m1pVbn&g;1bf}qC~3;SXuqsJ%U!~Tq`6Dxja|yQ@9+^Z6xekA@7#1 zXB{^O5w-Znur!j8TJ$d2>b}U!{(R^c)j}KX)VOzZW>ClG)WrVp-nL`EdE0Js%BQvA zp6(#d{N&vezU_r<~7 zjh{_XzJ1C@wf1WH(3=vHDi;S-VhAT&3IxtW&GbmAZ}C~qQCw>hzF4WuoUyi)BH$+y zqnl#Vv@Ab|K?547h~8S0dGRrCI7^IDz0fr)+_LgyOxG=HH}7F1qyIvbJ8j$1L^c;lZ}dD~+)} zdY(3E^DCj7NF+;=#XLrqRT;O?&(jQhFA#4~Rw8}s+O?Dimxt6_Riv*Z#VY!$Y8QFm zi>=5gTH{?ZUXH{VoFGj5P{@!%N zmh(_|R6j)s0`NQ!`4k7%UF1(Z7=82rChsgp?1(9G7uUXR1*x*FcrpcrxLhI|!cx5# zh23Sd@+fk33+|=r4Op+(cp4BqaJQ9b(~iGJV9!I?s=yUaqP3^81A2B;JBOJ( zk;U29>rnZW#F9_CvN)V=@hb@-4!!*(6{8^DqMDLas73kydQ_+9Iz7-1h{y`)aKm39n-=1cKXaS* zCP4HmulPs#8ifwi3kV~B0pzkm=DxzrW8Aq`y#E_~;JX|KUASwSZ^G{PBj0~1;>=IQ zwf)LHcS+1|AT1wAt=p<`gzfZ!&*>lNGi{3XVy2_o_j364EDj8o?i=jVKiU71rl(m? z_E6dMcy<~n5h%R%T=;NElfjpxvFK0kLpjoBxV)(4_ad~umumcwPp1MsYC7|K5jo#W zrB8@*$7J7&efYhI*PFkWO6My5&r~d_YWT9Cmha*qoW6}naV%?0Pr83ovPIjD>ZE<$ zv-jd2Tc&@&m(Icr-;%()2SCIL+(*uogssrPn=ifJ2TljIGRRup(`~oX-Y}oJfB(UK z(zJ^9f)p_qy(~SpeZCLm1r%FIdtKj8$7RW^dR}mr^ba}nPv|i+NON;@JG*R;Dh37` z!)CNlxIudSb@U>+whn_upOg^U*f&QtihVg{FsNbgTuP(_>sI;waQit+iT#`@OmaV>rmImikL`%1#3W~dT zaa1pmiMD^|$?WU?{*g6V_sZQ%#XsF=h~o^>Itz6}k4C93T1 zme2Gq*gT34?A|5Eb4j%dH;ydPNOr##b-VD zY1vQ}*~E2j97e21=BI$%%rN@9_3ZjGAthY!1t-UtO2BllaFFqv6vh4xJDvkFfT zXB%R)?w*oX?Otujg=SpK(fwlZPR2t5AmrZW)pIIR2PMk7;>&Bbk+3-uZ1H7&8WrxqN+XeI~AN{Fel zIvmkHX5^aWlcd6ZK(;6{WtEumd&Ut_ZhE{ZrNCZ#BjFnZ6u7}82Ir2}$kiPM&@|51 zX2SC;v8B|gHOe!n=h;+b9slyXu;@u6p-@OmpiS(tasPD*sPufNGqM;DoQADHCEVhA zrs(FYAU$D9?n~cj;d^2CKW@+ETM@>a!aJSyW7XXFRLNL2E?KctA}8bH)6(4fs!>i^ z1DNjRHLn3&8zrsvAgjOB#O(HJTCk}doBKw`putshbygFA(h<<;m~Vs`Fi7?epGSRH5{ zpDc6m;@8{TY#d38;O%#~5=`NfPWL}jXEFI$P%H3U@{}O_66UOp4pyyH$V-v~(qHM`++pqQ0dw4ze1qQ-^}i>_78W0@h?6WpCV*{1b0WT|08H&BZ7ip|&6d|7 zj-ut&(6f_tvvo25YPYx+MKVP@7tS%KJ`9q2R*93Z3$a%&+$V|D_@6V6;JItRzzZf% z2=o_Cw8S#}8io#UFqtqG>(MqY(?oEZxA1UzLlG_K3KxBHfU1U`UOKByD5cMub)vF- zvkDtR2>2g0Z@w%sU6tV@ow2)B@Bz5QcBX;{HkAi8CZ-mXZ4NqO8%>FQ#kW1}%3I9t z5~kJEMY3$LeFgYMg9Q!w;G(jaz8zXuaJ>()H-QSNpuiH6&+NS6m|%x`o*%E3)tfDW zP%}iyPFB+Q!cJw4NiIt=%6-Zw7#0dzwyXt6owF)rHM#;g%B01y-Brizw{jK#H0T^DlfxE}YTTrC_yh-=vetkK z?DC+BNpOA@$zBYq7xtVuDD324?kqi0MDiCBddWPQLqXd7gg*ZL)?RS9S zU%`dHcCbWx!rbq;!oOk?e=4f&Rff{@?Eaox_`@)DAybH+p7)(r_??pY@Yk@TXZ8I( zw(#n&?fr|J!0#l+?~ueNzgFxQ`+~nmGX8JH{sU_Ae_QMqPUrVH`4>X*Xj!ewfQ2|X z!)s11@`$S@5Uy`}i8J%WeuW(o47Qtym&*ODJT|H4#M1ARQey+sG(T6Xns{NA)twGv zd@-c^szs+Dg9>pnc~xitQhPYe*2zg#LX;fBM&0NE>rP>7~43yl9CG3mo3E2(U)CI5dP9>)u>)BeNLVCE!kN+%`0-3-i# z{h{{1VP3#(YkoBo^3xM&y144m?7@02?GRPFCzwT4c6lV@gX>BcMl*)breR~w@wvI6 z97DvIdPeOIll)Cux2`lW_$*nz?0vp}>jrsDu!1Lk($kQQ){Rf(xa{6iuirY4NS=}j ztu)ZaGdC_4mU)+^O3|{`rggeKU6u}+jV>wNp#CVO!MpqXdCI@LA7feKND8s(t-{kO zn_)eX?sUqge8}dP5Q*&cUkK|X5#qD;0-Y4PC&-;~$UNiwZkO0~x%e-y6n}A0YxRC( z^oH^;_<671a;%iRH^k>bC(3hF^_xI)BT#~;(RAWu1o~=I%`9-11e>_ab zHFC{>U%&JVk2xD^{Nn^}g{BfEM4ylV^OEMJS+mJo$pGG1Evpq3!acY5g4)ea$1@+> zp`~t3Od;Oqr@yiqU)XM^dNB6?QHd`-kZZ$7F$iD5ekz&Z7gdMfQ z1AcZ!3b;hIz3~p6TI8r@qxUv@G5FiC!6ObwP0y9eUC)X~+M?Q(>$7m58>^Hl@_^Q6r$z>(YX8{WFu(`F+oF5rKbN>Q@!^K6Ti5o}H~Ye?nZgT6f^yq+yPM zQVbVcUo4M)b+(4hALs>sgSqI!j5{kgg4hC|!EjjA&2~9 zZr2p`cAQ!&IjmLO!;p4_egjks-E+){=t5P4Lg z>`*a9x}#2Z88@MCdznJgTJ|{uzhC|PbNu;NUWU$)dBz3i6Mkw)vf1ZGL%noyLZ@9+ zqL5PtY>;IqiaztS>d_-R2kDLcH#|CO^RyCUS6fzQO{xL69k@L8Ghw{MJ9xz|tT15F z)|}(ItT)Ng>AEKqLZ|qIjGQiQogk=j_!#$i%_rd42&uoG(3CE6>`SHh! z6)ngcsP?3paO)>Sa)Dw{*`iRrm+qF5zOlruKdsWkqEK^XOFgBFwT^O4vY$mO^~x*E za2B247*c&J*wf8I#GFSpJzMA?M-G@=PiCo)?M~(Jg0QDfGH3o?WyHMUcG5Z4E+$|F z(<&@t$_avn*@3$2zQ@B~B`&}9tJ58Z`;ct*aeu`8x<+)9@?PLivCSSA-mSj-#-PwP zaC>WViT~;LqWQ(JeniW z60O8fDh`b--G^i&l0x{&)Vf?Dg+>*xAULhN*Kc-sq0$r>d)Lh%|T1O z(ff_T;M4iB*CV#Zxz{X~4}2;#Ngm3dwv(rSL7HTEDJR^K)&}3Xbon=m%3^$}lYIK9 zj{K2uGn@d{){L2Rh14g%tek}K9JbD|HV~7c=N|&!_VxAE^RuovOcwfBlomCLYf-}S zLc~gkr^7cf)F1$@us5nUm6h9sn3{DZ;?&;@qOSf5LuuR%X1O#}k$Z)$j@{a^fmihD z(A7^to;02^(+C)R>Kd_@Ee^GKI`x8V)@`?yZ5t#(uK=^MB*jEfLhxp1bux8@do`3! zCIT}hpA0fOWqyv$GHm{{vE^Ong+g;nySJnLO(d4<>Usv0#JbkFT(e^d)p2?6Z)Cw7 zLv|$494d^Asl(B|@i0b%vpZNbN~o`D*F2$aF~^O-4DdOqbobS>_DieFkA1guD)M{x z`)d_{dyWogeC4LNuFw<&B9)oY)++SrBq2 zRjX{DJ(75-p0kl7^AH-Gu8armzX!-i#ZM+QN0rsrpU|k{Uj52vUJx~@1Lt(OvZiq8 z=l4ubTA#X zaTBXu*N+CsivB7kO&+!BdL`G5*|ben%=6NBa^Sww9bT)PtMNSI!CNgw&eF2d*3?(4 zoPz(t7xq89w?94qL%4k1*j%EbzGM{Q*6c=cUx3gWLGFpoNMo=t+%b3OQgXZ`}0 zc4)M4V%o`syqEl|tnsv7M&`1s292e!JD@_n#kH|w6GzXboY2AqF0rVD#i0>(j`bqV z_mAVsQ*U&>GP0GqeQuX0R#@WWjN&E$0)=$i2nt~>hGnzOA#l36DK4!01(v}pHEneC z)wLdCvZTE(Yp0s`W7;ToI<(W)w0zx;8;OH zGaJmsvHD-~|e(pZI?3ocH-{fN(;V0StBuVeOpJX(% ziGfJ14#~Czq{?;D9MfrDf->zOR3{Wy$oG{<7Sv#rr=VsyI5)}3%37b2z{TO8dSm14 z4WU76O^NGK#^t9tVWP)S26=gBqbC*pr=P1Fq}Q!Y_bTz%az9OX4L_4JIw39t;tMM| zM85Sz$_V9mC$}52h)eZc0}fUV3dQC9z_LI?vWR%x>f>qfb+gn^Dmx=DSI{(@(g|M#x7wKl;Js zNBJ?k_KIw;o)vfgX#F|3yE{8mGUW_{W*Z zBP$3mdrQzNaNU>w6`DKQT-?Z#bMLu5bZK#o=c-To9^k|hoihDT`6YDZDH~MIAh@G! zpXc>FXu^Hfnq$8*IUOIpwKc!WbL}4zQRxK{Tfgq7ep`_x$^w{WZg19k$ao7+LwrUFK3fyB6sexT@bon!ZMOKYlfyQfd+zik9Ol z^1Ces1pqq5h!&Y1`Xef=b?0RM0!#^hX|&c1bLRTB`(1K)H*75kQfem5WL~1~RgJJKLYaIz1f#x=`_D-(Di> zt@Lc!on_HbL)qL6Q(n!H_BIl9h5jgsv01b4ONjcmT7n-dD_<1?5nmlD4pyn?lKp}`j za?WjHSbB%bkw}0r=HV%T0Z`Iy7x3?hWU_=)1_(vSqo2MRil?ipcu1{zs~u88s6_ zTt6E*T5O{_BE^5qz8glK6nZi}R~d=Z&|trRe=6E9V<_>!>E&)Q?|mTTSmT~bzgvl2 zAx<4_xx;_5(INiEC#4xS$gPajx`;yh)?+OmrjK3sM}G0oC7t8PR9!`3#Hjvwf!QZ^lMNj=x}F@cf4l>!n+Jfae2u(T8+-#IKO|zq#n& z{rJ<-G@6{hbYBL%QCQ|m^m&>#H4}c}O^3#YK!%)WE(Basl~Vfv5Wwq%l$wszd?UBH z<>lFW|6X8_cv~Bvw~NiPWEYg8r^|{0*Iu}3a@|{_xG|^zE@#fl_qp{=9=qwZLea`O zwef1l&s(go+p!tCy#5r~M^YoRv?WO`T5VRTxcEE`k>VgoN8IQIa~$dPbd%MZDQj{5A~-plI65Zdofih8EY(C#&@l~>(SN34P_ z^IYH^z4NBy`jwD*gABvRT}C_}%Wea!fejbp)>jJ0Nk5+&I2r!&d3F>fSgNyS8Wq2w zaVMR;Au?j4A0i%=g`VV+8Fn`$qN&RS2!Oui6^4V$ZF|;g!1`pVFe79qKL1H?k-qHm z`X&C}C~Ab?V$vI9oKtI4l3|&@2=g_+orhJy^CV%7#9 z1Q>J%@vl%QVr5PwOJ7Hu&1fm85_Tg4BqU0b7&zJeyNgYD-jE@9nEymhcX3p5iN!E} zD0J{q?xRgJ|ADjjeB}deXd9LCFl6b<;uuEJNH|j_9baxL4>a*4evC`=WlPBHA|@Eh zuY@I_d+-_Y{8z6VQLq^V@zTe$eL)^-o(YGpbHLYdluCk_NYuKcP?lrV{(cgAMHv*Y z6x2wVe}OgZ^(X-N_=qfvwG9~SEXi~p@wLdRRe?5hx<;_OQar4c*du}zqe`DGp70x% zO-q=?Ma5wjmv`RwVYc~W8%yeQoG9zpb(ESMh1_50>#`US81pwK#hB%|!@-Gk*)2Vj zyqcrQ17VH{h;S8Gin|_tqgpeLmd{R*95*c-rK|(|fjW&XN$ib?mA5-pf7)_k!?N`( zulJOLK!kS{%M+qbh=%u2=<8|kRnPcZ=L9i#U|1~k5+1^ey0a{$=D}@<3zE*fJY3Y! za#vagBQ}|a4Ag|A9jqXf3A7Bcqm$GhXDUsGkg#{PmgacW25J2y8r$$JR2xMokx?rI z>t+q0Kv+UqNv=;>_{WRjDZP29zZAf8hhu?@Lt8$LjF*sIdbHPZeV7fsbEiGd1>ky_ zA3J~wbZg0XcK5n>cmm*CHalRLlh+tx(d?I_Ae1anH}7&QdWL@t-fm*zgu_Bqi(^mm z%Z&fD{@AkZu7QfDzk1zCld4qK(*zokjH47;yX}fu$;j5}PWEj@aSGHvrI;ngPu%aB ztD`%~x)W*PdRU2T+si)ZWc8WQ#H>Ea!DHD9S8%kw=rQrTxV%DU>v`TpMePZNs1I_^Jf4GU zDZJI!<6C1na`k~msQ2Yk32@iMGc&V#Nww8PpWu=TgSSr;io;(?Cei0zxoGBQ@D+2p z$2$_y?M^qTo_B3LF|uXB3H9UUSO`{-h7cr$k~hg}=HAu(_@jv%Q>JPl$YnAmLF|s) z+YO{i0arXf8&sA5Sl{Hq9eI7r{<_L&b+F=e-^_F9PLD2SWzA>E;|XTqxiY9CZXjqmj}vSk1?YSf+uL6Bu{ zs*{MC!<_D#+G9E557-0|0Q3TAZo>ng4$-sx1VY(_bzX0%Omv2Eg-LnZ>SX$ahL(J zx?a%!nEyIJeX(#RB;B;p|Lo#&LSpj|S9s;*iQM>CZuz1Vj1ael;~?El7T0apIYM=} zypV_CzTI%rr|6D1(vl^!xgnyh5pXQCtCzR)=&6>xR>JUBY4);|O$$6-I4Pu5<{6h4 zOMPAOj%eIOd{HVrDKr+KTS(0B=~sH&dc~61o)(yO1;~Az+IKA7JM{wck{H)yMz(re z_bWnWYX$lG>51zZS=$5!p*mC-dT%mIQ)0#;YNCV;c``cZFG?@0Tz6qL& zNN9Lf$-leP94uDd1COab@c@C4Ds++LU$^G5J8o^!ltDOm*ZQ+`N*}v#c(j<9X9o@@ z(tMN{HCo{h6wnQNF=BnKin2o>r56czgv_}rFXb8F+RRq6%(OIbgXYsA+LIy8#JViK z>Wmfcd`iX8ctOv8g+RDDPT;AMC$j_nnwJ!3cJ$L_*C1>PSzZ`Y{P|NMm*8Zr$ER$1 z(?$jRff<&W3Bfs=aMt)7@Er@i?q0673rS75n9Mm0b+P(HAp|aHR!FrtiviL(om3Y% z=NR#8-kF1eh?UMS>BZ%?!m6c2Ex)sXN`(}Q1u=+set`=Jgb=ck+o`kDuW}@ko8ZPC zNvnI>G#@l|rEWTIj^8?gn*T8lBPh9vM9_0n1_f!TYo_Si<|d)^T~J2m3l^j1!kXM7 zr&kQ;C9`)zmo1LuE5r+~@)i^Q@*E$AlVV&J!l8#$ESJ$KnLwYF&Q=PZ9Q%Q?LGDc zy^%8G@Xld!>N^%to}oStDpFq_4$dfPp;d#`xrcX8YT^Ug%6@i_3_*03!TNCx64;YX zr1DsMF*J1Q0E|NvWlKJ6$_|9vv_CGFx}oEw65KnWA#fZ9lf{KI%cw(TOGJW}f&g1l zNCNEC(=c(z`qk{LJK=P5la5yH%+CDOR3J{Lk5a(qpRDef;)=a+n_oV&Dq?kE9IRwC zE=-*Jm@EkH5OY};Gj)Q#2eg$|iZ?zc@men*YTgLOC+PR?#hJ5`&+p%-mPUS#wgU4 zlZ4B~`e++YKfZisTR0`^H1nhgVW9TZuitHNDZ`%6{pnJ&WbEx)J^)8J;r?80^EpKW zVey5FnR00+xsZ#4O4R(UE91EuO2?a{F9=XCF&ng(I~3XSL_9=c<68oMNVvF_RXJGD z=iYf*e2a#bEGw6)Xb~D2GcMFDU%J94pJ9Q6n;GAng$Z$8Drrc{46dlVAM0`|#J1Sj zs}@du#s(A*e;1WJWyu1Z_+{cj$?LqWnmZ`?k~2GX&*uHw6~k$XVfV6Ow&{ghZcC_3 zDo6`so#ZOV>L!(+krdE-&A+{~keqC4+Z=x~+vRia&7p)YBroJ-?oX0gGvXE#q8ZSr zaForYbRX_<2J?x4@kF|$#>N2Gv6U3tp72>Pfhf%$-$ypMH4a%vNT4OMt@`=~8I*yO zrNuJy*D{?MWhX>J0WAk-=3CuM^*1XUZfG{#zg}7&inBkL7)5++3+La8tDbSpc#BKw zKQ_@fMzvZxMvx8co4!`elGhk-=VQQn?rznY&~TOl9vibz%8FhB9wAm^!2(9%K%}8& zixtABXQ+r>N6n^~R2S8fx@mZqzB8A?@urAZ2H9gFw3?t7PSib3axG=SrHnc@>(hB7 zy<8s+fyGGT5NhL6`A)UoBmrhse#ZWQw2)I;*xSBnubb9psEoSqHzN9^ylc+oFxjjr zXTQ^2FCJp>Ce6AxlO+}#LWL~!LfaSG#bShI^IPWcPJrBoYk_(*{-iQt?VHtwPj`J+ z5BJS`Vv?7ibUGUGU_1-()fVq{YoRZbcIXOuy!tCuhMvu)7|G*C$Z4{cpB9To?D>n6 za7A6>q;=f~&1i9IImcR2FEP^I`L?_o<<`W=rw#tk;d z%t~+8;!LeAN=v{sS}DG*@m;R*+0xDa>aP}pRQY9xTvvTM)U@ihR}qQ<7IJP$d`WEq z;uDaM(e!CC4|EQgl<%&QZUi7PtjvId<|?_i$7iJ8Zf7NT7#$0#zs-K%v))5(qEjhW zysWg@JI-9*xQN%+?M|Nh<2%rUMB?DF?)~#ivBWx!13S+moQvl(UbKmR70U4hBUr81 z2x(j4M13?2Ok+B`ma0tMZCLD&)IB-4I5|!zESFe1U3yh2cSRZExuh5AZM}6yZ$zqd zK>!k?4R&(p;%9#ZP`|T!hn;N)suIH|l8Hqgkx71+KoQ^;*jnlVU4W*zi{>n7DaNCt}Y)JhPxN3IG_%~8-jrWx$%k6PS zrok!2VQH(rn!b+|SeRkLvtomw$l`=862m)o_tGbW(Tu(s=Z8^Q=VP|sX~pa}mB{q8 z&gO4~l+B{CD(>GHq9l-wH(RwEZY`+dOjoeAqG9n33AsJ~Z*~85nDT>GR-ZLWvGO|0 z{S1Si+9O`?sttCGlUO8$swSNLwe}n^t;4Fbfe`Ranq60{ zQO{Jn1`fox#B#}r2}Lal>nySE5O)HCw5-f!u3FzWK}JlX46AbQq}@uwKIu-%;y+Hd z(f-C@vl->AoPg$0Vg66cSC~IozPkMGHNDuCu~h*Z3(~_*$g*UQCe?$lIZ5|X7uDfY z^fd#)9KSx~ShGdcdP=ycsaTi0g)Z@VJ7mQcwB3u4qY#kpJ)}to3oJvjbH))P4cuh7ZM=l`Q3oX;;O_%s=<_UIJwSH)CYrh{BgQ12^!c<|uzzksFs+eKr>N|Ro?R5#gPgf7)(P2`xS zOLeg)77m#$H56Q^Cwa=wn!j?_iY{rhN%>fX?_?Q^8@e#%3OEeC^^3>py`|Rd=X4*? zCx3g%Kl)ift}@AVb!lvwYvXM}isy__w}U4EhNR^}_v86_i~tb2&-T`4CX;3Ha_vFp zsG+c0GtHpwX>9~;)Ic{YmlxIzHFJ#e`(jfQ^fkz-OCb^V9t|!9+fG^MjSxCceEV z-z{#L*=RNo&o_Ru=LVD3zdO(R7+Ah9ReyJTF68(RgJs9b@NyBv`FbE!20F+oizV0K>3s- ztiY$gHq8ugqEFjYD>d=D?#SieXUf2PP!$b8?P`zQZ^~PLd|y=gcUN4^U^-;sKlmjm=B)V?1%^}Uuk3`+k`>wWBdRp>CW|E=6_4#(fy>F-;PUw>o; z%p2G#CA;OWhfv&%hc5F(0tLmvLtWAuB==$7Sb9JYm7_hq_G4Xf8ABDBIlFAE?_iXe~-0Kot3 z_rCG(^_G7tYLxn(GxqBzY?mZ9vFu+W7%IPSvP!7upmR;Z9yI!^qOZ?n`@gBL$15~} zUm4$0y%(T4_;Yi}u+L`J?0V-~b3VV!qXCs$TBCUV$=4k=)(YDMH^=fRQ{#6WJ!fkK z0dO2D-uZ}5c2!8&KOJjo4Dt(%lJ(t@Vzv6(CHf@>M68hZ-wGOw1YCeanOGQ=NNDuisd>u^u#=vB^edW^I<^!eS z2b(Mps9G9f#L@vlwCmHig*~NI=DGfq2Qg~9kiFmkXHaL_ z66I{*;&UGf23>O(@8WL^ym!~}9}62l9lhXRIejczZm?MNu>bx$3kF|{$I7uEyIS8( zc-3Zf;-)f{H0RNtr*P(|B_RQAV)oW`M_}wa|BURI`jfm5a)&uqA|kGs^QISKJ{R?k z+p+AXg>FTGa@T}f5_nudTet+Pt?*cOw7RZxdc{Il>#E1!S1jbl@fE@;-wX4xf#mzY zU-!xPyJMC>XGxc(D&#>Dhfy*@0%?IUqoyS`iQJ~;Yf4S%7KX__?b8)H~ zYsqP2(~ML?SNN6F&-gme>}&$CufTeJVf*uHkK%3xo;-}U?gff=Cpt<9ePh@kRe7+$%~Iej?RT()C~{UQU?t^W`J-UrjBrR%Ih2c_Z#?e3;SaYaQ0W=ocii+$bcs?Hvx z$_!x}wqMtKziwyJapYFBb5gC3KF5jO`)R|cIg*gM=8Hu7qhUgv}Jbho?2r zoEAAX33xGJZ)mP&zkz%%MB?U0{H0unOK{9zn!D@!1O01rJ3>dB0;JR8?|({nH05h2 zZjm%8SSc8kN&FfIt;`E&1tK|%bUUr6X_*(k%WiB+2^%TL8F*k#_POFYn1D`!1>;~o zgOY)~&z>Ke;oool^!GNNm|nq@qNO@hw%#WZJ(*SYDtc}^c{aQzo8=mMAwXS#^EkQa z03`a>c=`9WE%=qI-hb!5iYu5YJdz&2vS`AI720Bfe zq7h5yC3y&&^wr&k@jD&y4-glO!TAAj;Q^S_d;L}TI>h~JoqYW42@pUvYs5kEikf-O zZ*@2NgSwah!1tHaO-A24Ac*K!hXbiOnK>%;7vf!=bKkg~8by z{CUXZ{~L?lVw-QiI3f(GPAFh}v?YW%xLKt$MW+u?E=+rC zd_b9yOA1p{&>O^Ixxuq`KKjdS-v_O~4m}F>mS@BS&!#IK>BS)A9|6-w=LVmOYU)u6 zywtV9_o6VdNO)nL*}^lqx;&|*X>`y2@p}m?q`K}@dD5$?JV8m|ro)jt=?G+|?%wbay90El7rRx9ymlDpBE1rjN)6`n~=Ukuxw4*G*Ynu6Pn+VTBt)+2W8 zM`T=nQU`F-|5%6!v*5t#0h`!9r?U#5k{480gwEoE#BSwt2|$3Vj{qiKD8x%K)n1`N zqOR%hL;lDz0d6m1JZ`#j-q@AaXTehclqgTa-*jPe{^7e0V$t;VLDRq-Vl7mdvXMziO z>b>M{#1fx-*y#5w<(ti)OK7s!mCUbq;3HKT&q{{l;U2Dw3EC@h1+zeKObP##Uln_w zG96Pw z>Wdj^&}elKBh}3*IjNKLt|8By@`SjgfSAD{KC7d5n%@8--lwdRMt32U(KNrtXu>(` ziuY4@7xy4jo>O8hILr1q6b|_{e2GV|E{>RKQ7~eXLO~l0)fT+x7GtxLO{3KI38}rZ z@Ke0&g?KL_j98;zwh{09+GbWc=3XW&@6x_`y-R zH+X);jQ>5)hUV0dy844#s=%c@`pfoCi_Pl$FQ=<~8BW=I|I2sRG>{Gp8?HqMST8B3 z5ZD$JhloXk_Kr?Li+D@-)2Yrs-TblE{GRqH&O8n3=7W}k2TN8Tf_{ECxYLsTLClW+ zhJU*ww)xnO>&wA61|zmDQ$mkt^AS&82$wGojdYnFzo(86L<&lA|_qn z2>o^Lgdp8Ymje*CqewdAD(9IZVUcmsHWtfRhY}k~^>~F&WVr^LO)Va)NVd{)8dAJh zFNF3)dS_<T%Nx9%zNDvaQW$# zJakh&9)BJL>oLWHR{jrj?;I>jw553-+qP}nwr$(Cd5`X~ZQHhO`ySiwTl3zlsha7i zu8xk0nEx^(SLWV3*O&T5uKlH}ITUW@c(NQ#&KQ>iIFnsOWzn(V(nMKdYR#~6RT7sx z*SE8s+R7HC*9#dpS-YnwZRnE3=bC-GrLD{A6*LE1R#25+m@qCX8$tk9O=k!;$2XIVm5SoqzbE?QvYIv`VYZv?Wb$E2Swa zQ66giH+KZfEOOAXmWITW95eqlF{?DQZ_^I7{qbbXh)T(H8xodQl|-TuC$sm5*(u$u z2c9uHDtu(9DZ;_r~w#(qnuNcMSb^Hvaw6@8C6$fggbR`X2yT{ztsQIg|hL zhWx+1@jpKCwIDik&$NO+YRtbbW7T#yQ*t3+Pwp$P=xGf;T)k@Lwl$7f5i?Q-Ycpi# zF;_Ws*wNo9H^LP=>)JxIOsseat+b@8kqI{{PrtBOv$b;SqYqHFoH#F^#)lDG%o2#1 zXC&&hqrhj20PYXUqPlT@Z)h!`lq)St)@Cj{Ct_OL0XGs{5);$VisL3|Npnb6LJ@60 z%G~nMmS_krarr%{4TOWis7%Hl97yVv6qXN|Y+s5I$1^pE(wn_s_%tl($ zwzD+F9#IpgM{HY_T2We&lS(N_^P)I;Ux}`80f49?a591#_S2MYTm~&U+0fYPNHNPP z$^1W}6aSi%O}fK7r%O63QuK-_d9c;QD6*@s3W|-*+hSTaFpuw5=A$z|;cyUo5THk2#&4h6>aN2^Yy6X>0fm#tX?CyX#4<_S-(JVx)_41 zTb>o!>~H-mXfURdx47k#%y;dY_a7aAi^6|`_1g!hizYa~;$?}+;{Nv#$7b`Umfeuq zPTbLdwm)zDonN~}@VC#nx}_!Yjp6?u0>@VMoU(bF{$kwr_|N9K{xMLT4u;^$rpE;~ zhwFdE7>+FGENuEA^If{*{j>Rhjx$vZ!PPA%Lu`hz;EY5pWkXh;%SV-~RhMY1m{P2e zPegRXxFwE-VFI4QvMF~hf$)@WU)NbzSyj&o0D$U0<@7l9U2P*UxguCei)rv4?{^6# zOol>nrRO2VtW{jos4_ma5SoUTQo)Bb5m{R0^vcXeC-p&Y?tedPT>t1O?!S+P<6p^+ zJ^bf+`d31nP6yy>78fPf2mjZCfYZeg{Qs#QzVb>k57~Ere?~f)bjfo)3?(r07UiDD zqZ>)M|5HZrOQVM5Ne%1xYYE6G%JNCn`jJgF=_Nj;3&d9-Dj7x%iB}|u{($EIG<*Lk zTmQ!^$tzffla}>YhMTh0*-+foY-K~iTT&Zl;_c)of>3#UrooqpjK~}6jem(!4VBLp zT=gb8pjR{+t(n@()#pdb$|GZU28P`2Q^(4H&9w z^g0}^KakF(+#}4ly(?)*{q>J;De9FNwJWrhSsJm`m!$0f0f-oPLgnA|h_$*w9k7R7ce_0Dx5ZFV8&S&pMQ;or$xHlc}NYzb)AtSwS(eun;g1{M!-_ z551VBjf<%hy_k)mi>ZjIvAu~Yy^N`yxr+q>DmACw;8nNby2>(sfEhg%{rR>p zcs26*F#KKn`|($9JJm+$jSzVqiuK7237|K;`tol3*@rMK4YBe%A9 z1NZxG@&#Vs&(v-AhaJ68_Iq9Q*xky-Pk+VzcJb~FxiFa1@3Hk$xkVIq!__8My9TZB z(3y5TPBs}Q%IE#@_E;QsS}wFdZM*blLJ-?M*Uv}7??tp`rDMC)-pwCRJoCHZwQ7k`NGJ+G-3#q_Yg?5F_$shGl< zLMkRWij4x_-hVhIympO{%v7f?2(0uF*i;B+zNhMFuyoj4H_i)U$5Yw;`>-<>c1(F0 zZm0OO*TeKkn9J3VhD#sZ8&l#WjyTJ_bfI>H5pIH#HO#09$b%u{1l$cHSgJo%8WoUt z&PDP1mEccc>-92@m+q1!+?ik;V+i9;%@;@bkuFfCHSJdrm@BuB;1a2W2|V)rk>*LV zY-_0ytDm1wa|xX7f~X*rPb^eLN1+cvMz+>1R6@_~io9GbV=^h_ZJt+n5uLsVO=^yG zP=}#Ee_-p%p7WCQBZo?qo&vKUI|J+G;p0i0Xv!xLZ}MITk`4S*k|1e6C2(a}V}eek z1JC?aSw>M7T69x-jS!{Vy`?wLqOb#9nvwSx#CaI}?Ii&_3d`3Vk60tjti2Z~>7$i} zyMVA3e!ANd`!3dvM#7gWlc6L3w9l2RgT@GUFn(erD-L(hbcF^(ae05moRnu*L>+h- zBTa=3R~t0~uwu56eh`>cTTz^gHK|5bRl$bZBzT?T9~Ur^(rz_52KaZ^h_WJ|GZY(u zAYApZJqr>AyKq;@$Nr-o$iI5rK^O@`$j{;gUCU#{kLtd|Bxs*n{({OFGKM1VKwH5b z(~GmX{6&ELjw8>!bes~xJc)lc*3 z)K1`D=60#sZ+p?IVy2~;Og@`;?9ay0{JP&qA7$IHe;7$rbTtu^<*^1HKY~9 z6@rFv3;mhF0lWg?H-ZxBP?6LlS=?B&_Rm8Nulzhk19j9EA^~DZt?)UI z1z*EzmkSw3i1AU4!(!UL3_jJG-TXr2d=6&}y5f6SXO%;ZfM7(M^(R49ATnGmXXr=>4~m89RAWyy850R4$KM5ek)~ddN*v2u^z=qWFN*x^WJflO zOd_|||XXwXEjnW#s zCXwo)V`^b(I2rPS+CW!YDf=4?V*EX6UrpAS6r(;oEzUO-XaVM$ckOQgem`H2Co@62 z{y@3G&m^~R#249SU06PPY=5l$cQ&Hsin~r_GtjE9-ADzFJ-JL`to8y#cG_+W1aeI+ zuHsRnY#yF~H{!hpPsJo9Y1TXhnNfjN2#55p8)lA2$HlhWN&}rHx{IAmS#N&H7Ty2) zqVNFVwZ8zrQB;h)B&}V_V{+=<3ltbnPbgvh)zPF@^J&M=A1$!+y8_oID`Jhr$S3pJq0Xl58Um&O%fsWs zUak(%nNvzWw#xEF?d#Gu0<41+_@Gn@fC!g}JV1$o_qjU^FqEMTl6qHcuJ1arGwff= zAb9e|bX(yXH`+Wzxpd%$hrjF+49pUu#4&QrGOC_}V@ApuRtvm%%(Q52ocp`UmCtu(r<;TpM$IYdq&T{ByfiUR%L!T)zOA9 z`%C)e$geKbgT6E@FRSxi3+N_f+=vQktoR^@kTB3n>IC=|j3f{SX`6F~7RWEw6ME50 zMbh{3)+SX>-o+3hhZ*prO9YS0jWoYvc>TpL$T@Ps!-8RwwVdkEDkTKkw z!q`We`J{?)-3+e;6_aJ4hS0%`K-(X8UCh`Ex@BJX?wJ!^{7<{@DzF7cs7vdvz z&%{dHzvv`{rmY+xOwhT`!J?!R2u{(GE7)?)i)0BQ8$PG5dq~~TcQrj&!I;Qub5$Ph z1%2FQg+Ex}7_;fjwZ-<{8V_AXTT}?tg<2x|@71xzu6Xj>?!%$ARjFO39 zfr3pDA)(<}3r z&^WFyd7_yi=X?m=q>qzP)C92YsZIM}%=hdp2d)DVe0?znA7n{ZNEm-DQi`3$v=M<# zB%pXjnqmMe=BRWXFO+YIFg+7xiz)G!<%%LZIr+I0Nv<6A|C&gv{PKLrOQ#bhfmEoME%vCmTa;*^ z6`$EQ2RI-ywx%liGwec>lZ2C5k1J|6sRi?>sC8+_kJWEB1x~$af^tI_am48;2?QQI z@l$zxM4EQl+?K?Wrfk+}RJs8$m7#p>oK!-HNdTFFg4yB0Dj9ulfiN-H;kSoUnQx2? ze2GkB8++tM!sD80;Tn~8%#`80O_C~_gFmJazICfT<@h=!Fep>PeR?9XVx6mx*Q3o3 z*B%hOyKjnLyw6Q>lC$r9ypZ;LlLU4zdwvk_T<2movw~UKbPPo<5K$8%P_3@eHL)-- zC*DP+SwdG&30Uk`RY#Z1oe%+ZNLIZaDT9Xest>)OD~U+daRXqOi(|!wX$kvAN@(CN zOrRqlw(h9PDFW}H`;B?5PBv|`F|$I;vo43pyOzPRCL3ZQ5mHQ4`hHUD9(hd@Cx>%q?zo^L3+AO%Q3i}mf2M`ER z0U~+cfXv}NogsUQ6L>ET7gS@20_ssvCo^^@5pwN`2!Vcp_4xNsN6-_Ie05yEY|X8z zq5+3$tgb1S8R)gS;vePvTRK^uJ4yD6j%u1^RUVoYjxn_yiS7vTF=DreINh`_W6?3u z@e1q0T`0VsuFRKcl<6^vb=r%&gY}P7EVIXiz33V~aaLlTfr%&klMvW_sK@lf>@y4h zZoPbP7qsck`GS|kqlBr2HZ`9St^K492JCR!e!XAHxWv-K;br9UN1ln?c)0Crv*NyA z3`10{t^)EQjuAvC5#lYIg3)v(RW$TFh87jV0DLAWV;NK%wEK5HQ^@|FC&z-f5kU1k zJLC97AMi(-y`HZ>oBWQL8bHIAb3^9E1>;xMrLgVJzto8WM2nWz&}@Cs5A66#_C@N7 zVHwp`*cs7drwrcGWBDAvgdjclJ1~pz@jHTpV9Xsn5H#lrv`AkqkRkOp5@Tb&FYK&xY|}FjfuU)gzuGLuD{HZZFb5ejzM@o0$I-+!!3;<5 zs3fh^HmmQnq6b)Hff~!qw{jprCg3vsGAf{O;i>9H`_=lF2czKXI)eHN2E0RpKQt2g zEw@$j)*6pvT=o?#b*UQ?2uW+(Ry46-$0 zc`Tf8_FPyh4?1fdNV-`07-^(uJ{&wJ$LDn|I-;XFUyL|?jh^G?`;8}Z6&@Dh{fwZh zd_m*guh56=^yQ-%jpSyBnIngtthJ{hs~G=aJo%wP*xrGMBJ2QN85aIl6=7(w)7tL z3(QrjT)O-odaqzWJ>2d$9Tw zD6DI!QLE`8ubRGQ`ocBF?y*OdL(E`0|SQEr5~aQKrkPz^C0>Vk`-*7cbj=M~t7- zi2Mw!#6_~D(yw8S%I9QzTxBXXW79ClMJCPctO-2|%|vy~PpGj<$9PahH}}C`9`V~J zxE`%mq8RLQwGrpkrq-_C5BE(wV8jNMOHKhwdHRc_rp>WZHT(OaqMdb6;FlSIYl z?234=i0Yg7eP}=IFt#w2My?2oamD#r1v3-K?4cH3=XzR*1x=p+pc0ap3n@S1&2Ygs z<5~KDW0Gwmz4n&u9aYuC`Hd}?X~;WqSwm8sxQ`BCV}qY4yQqIWtmHUTiS|-}<{-s* zy05E5lhT<360(g;5)D!xWIWevZ)w7_sU{`Jk^uGAr237)azK!E=Y&`0^gefq3K#?7 zC-EJwg@p4w_64aRlMoa53X((W^?yW(voqh*EHb_RjIX)ds>ZpIkC=O_G22m9sBowTfMvw>i6(BtHm73X;-V% zkh6Q~54%@tggv$SyH-yLMQI%lSH*D2hK+v7xxX6Yzg$@GL%zhUTfgCauYA99TfvLJ zP@D8Z;`rJBq(hI+UV7rveIW7uSUsVQ;8^?9Xx-f7`@gz&N zo7Mh@zw5{HWi{7t+xP2=o&WP?Rp0OR#jFI|Gub~k@PVr`6X$7JI6HbPn`v7qUjZc1ro28J>7A&_5ja19CbNXf2 zMNm^GwU737;r#tP=D1bA{px=Z8`r-sM#FRQpL0QMbNF9Bw+DBBnm**;Tq3^TI>U4I zPfc9b{Pl01{d?cM++U9$O2g@UTRP=?ldPhdDX)~?a@6=PFW&L|DsuSi$u{l^dy{)z z^&bs3GqP2tQDg#!G?lbD;-*7c{69D+fBxf@;BXZrDt< z)7i(7Qf=ZWqb02=N5)EFo6hh$8_!0ouB%tS9x6->N^V}jmkA^P{r^`Re>=MWkX)g5 zDZHLan*@LP4bl~(9Y2~iN zM2~-88K%2r0-6l>1r2U4^De$9NVUd_Bo1_A1ZB}Qo(0&(e7j`#tq7dJ3sJec*PCA0YLZd(f%gFRH~jG~Hxj)hXhR*1D3U(9#atC!_$5?P7fzlo{qifD3Wx%LNX9Mc)55+Otpi`Qc&9tf-jZ-43w7^`ii5|acS{VmZ4)|v9w;`qoCZ8XwR}A z68uVEx5P!-*<(DH@CpuPK9vw%lqjDQVp9CC2Eb!!9KA96eCfDo? zeoA!>RCM>2o5J<|Z3Vd1c!dr;JX+BO>v%_!pkN`Gs_dbYVoDJZRu(wY?0W+kn=F4I zBMF1WQV{SvcsRfx*&>r5uPwv<2Ge9Ht~Lj6(S&4Srb!7Thi60CKW(bRr;{gt4lwfI zqEO1OZM2b-sH>m$L~-1`?@ov<+UJPZR9TA4#BZ+zY3sD&LP3h4n$vuI^KSPb=4kTZ zma)(VLDprwDp)_b_Fj%~JNFJ!UvS&IicuYvmySa!lpkq*u)rIs+@eND*hA6lAg9$x zwX8xRWE)mmRF@~CCIJkmP$EsC8JJ28>8@3ERYRF>KO$4``>(ez?TK)@sTzW`9eIUq z0e|Zi%Buk|Ba#RqVA+x#GWx!wEweTY3(!OR3AxY>I$8aZYe;9UWhiGwu4UY*>~Ov!x3CMFDQJg%oPZSwhbn8w|_r>r|htKuX`vk^C|&hFA|c)f~N6qW7d zuw7qJsKB>NEdG?hW9Q9f(Nh+~BoIsuW3L&=LU0}I2wk9W(KA&*3DU)93x@&YU%aqz z)h)3GJOgX@5$pEALQLI3csjuB;|>LTn2Wc;?DLt>1py!h)@rkVLT|!Zi-&MyH>tQZ z-m{q5%*V=QRv47dkwwZ&#LTdDl5cZxZ9cN)PO3ddazjGecX*Gmi-`MXv&{^%grl%Y30Ka(j)MA3BZ#%c`n?5c>eA~hHCw~fU;A; z1qf9ICV;CNJ%t&RisSSOWDj-lN8#g3RR#W zSd#k+h038|up11Nyr$P*VNlC+zTDQJL-7g#r6h1zS61Q0=X7OTUW{#J^II`cNYytK z3a6|B(MUJ1ps3Rou&UxrRd;Smd~pPs>hCTYZ)MOKZx$6u)8fj%&&Wj{07Esg|8x=BIF!LXvyj@GkM)?3nc*;)WWG4%Et2AT z_9!Iv(7eFl<(w2DX#%WXJr&+|M2a+&<&%9D9xw&;3vLJT=S5;lLP{n#$KR8|tjH2U z_vf1C>60Kz|6$SMxr*VxT95-{^N&ros&(re-g%K`zA{ViPpMX*mvWWS!ameX-Rt`( z4M-{^j~sYXuwjm7fimZ50>yYxSLcp^;sT>sR5k1p5RMZ~@yr)6xMinx;aULe$bZ%0 z&+-OimYpjgoV*YvJKG3T%%#n^gq2*2CgBJifvt-7@wE4$hj!z4=DRT$>Xadm19=`^ zT=|qsLZa@Q^@|3@7l7U_gAq}(O2Lav8VHfOtO*&)^$mCl`6C(#9{^^j5U{DY)hwhu zus3iz$7x(j8=zg3lwUuSx27_sMljK5uK=DKHKKj4K?SkJhJq^dJ6K+V?WYqk+`*>} zR?!ZYt;~yFK*vIsJP=hT{AT1LfZ7X4S5){E)R?P%ywgxV`q7~T6Ek756ra|v!Na&Z zgSbdfP?&vasJN-9@U6A%Zents#=S5X(x06DIW!HLTo3|D zABz@c7p#0wkd?J@&zum{&t?aoF&$T6zAdD#X+v0~2GV&q;z(IU8+#_F3T!q$kYNJm z%7`lIqzbb8GUx&#La##RGjwqd8noU(%X8M_QJ2Qlx-(M@g*wjXIZ}zR&w=%Je&)xn zBp<|D0rnANuFd`9Un>I^mJFUnKpcZbunbyDm4;2K!c)zvrlPz`_qpQjZqc4J^j^gJ zWJWlkD%Kc2aKht?s%>}TOKqiq}M>Xp;h5 zdR0!sx0dV+t=ut;-O4R2-!xls>zX4GG@R!V1!Ap@N8?U(>%_>i+Tw|GtO#;L;V|&l zx5Ylw_4XbF0va!Puw#vl0@k430f8q;S2m}$mVY|7mF6#!;%E=#lVe%Kt#a@X7f_#~ zvU*P2kwPgCXG&+qL1l&D9^ov7ZwPa-Mq_)mfmB3iMHw` zt~m{bsNs2)BMiH!;5Osb4;5GYBJ*JB%a`DpwHjX&m9~lbW%R1bHQM}I2$S8?|2{rs z#S3EX(}3L8#($ooh{dbedLQkqm#I@O&&Q`MWz&@C{vgEt?E$d9dAr3jUCm=Ok?K?y zQTka=LV6gJPEg5^rV|jJArho-;h&Yrz;W0;f1);ZhG?EeyW!kD*_MZx?wt7absMpg zm~G^!%gC5j8^B*Vb=bN5vRQRl{18O3X_CL(S`OLq^g3Oq-!cw6uU3T`WFETT7)k)8 zL3}4+<{wXDHyA*d!YDGp)1%OY%G7(i%Fz$L!mNr6=H-ACvIq5^yMtk822yZ4CG|KB z=VFGYqK?%k9sQT#VP**D`pS321Kh4o+hGc5Zu{*Qg1#DY5)G)vQF!+VCSL)*W%sXw zrKBuG7S82Z<+CF0`uyey)7;iD!cs1R`Mt0Ly%V!C%i{+cD} z0MV+o84&AB(wcgUD{m6LU7Z`LAeaDRLk%`gxyx&@rp=Db3=w%a^w^KIuN2<1zhziQ z8-UN><`aw=PPXg*m#qX*l-_7t9lDOG!etY0{AjgJ(Xx^!@~5F*k_%Y5gIAz9Vm4F* z*-V4V)8=iySgXt`WF#(ncOp0y%626%`Qw&iVho{>BT>lUo7VgngjR0eW50f z%AeZ|f|QUCeeix2YywfufS#>I)H9Z=q-TEC)0x^XAj2evp%kzg78EYpWz*6Ko*672 z?Rn(uzc0}zR@X|yonwTdNRO7p1E3c<3G0T7j=*yrAsm_tqD3S7Z;nAhnF!&1#$z2- ziC=VnbTOTkRbnsD*;tL9rn7_Hv}pt;r+RLulzMsp}1k@ex zE1B9R4t{WJ83=`-rpNfTG7&vFxWBRjB~ooad}q3({$dMZ@|w04yCugyr+Wtw;>vW7 zfhz63xFw{4>J12l!=B02B9`z|Rdk4j4v9uOuiMP>z8@|&>Lwv%BQnFVqAbb;Zfuny!H`4w{VC&%oagmk?L**dA%NV z-P!^`dp2h_;)E4pfoW1`R&Du(Fmn(A>ijfoG>ZtRFjs8%38#^Y;3I6%rQgzZnqsZU z@z-`7>TzDA5n1XX(5j3^KzvGz6WmLspq3u&U~a=yisApCc<6h51Sg>@!9 zZqyFW27Tl!UBV50Bbts|@x?fcB0rWWtb!VW5jRh^0GC)LBVst4{OG1aMQbnuSu zsa+BMj@H1q*I@F{S3GiwngR(mr(%P5V2+9AAT6MulWz$oYG$aO%)8b0Jr@#IJU0cA znsSI1X+i8(_ulXu03ev~12FrdbZp7GRIa2IexzOr7Gd#I-CFTx^x?s+E7#{ge-Q)w z*X={8v3au+_n~Y=arVNAFY<2f!3?7nzYB881|-Z5pbS@i8s9bQ>Fq4=vXFEq8>04mXtb=n8)2&c{7Ho}WLSE*?L8 zDa1smclshi9G2hpg%7NHKE;JWZZaotrTfRYW@|Sr_u(%QH?9n=R(!XQ5`Vwfdwl++ zWD^|8H{R>#T4Bs+te}+|7hTw52*egEYtUid% z8sAoD;d}XP_#roV{BPer!h3%#A9C-{5WXI6uKoOq8e+ z-5w78rCCR`PuL{GW7PO;F5UtE0|eq<>^bd!4coq(Y(ChsW8f^)jEPp|^YwatFO+jD zJT$oavk1Q^s+=j$&wo_+R>6Wj`SWJ?U|zfx-fP46^+5+SXJ8u}lMsGfiiJ%muy)b{Kq|B7WLNg8=Vrb1~JbOV;s`l7H%y$-SU zrbcyr_AL301ML+fQT+7{)eAclEYYRBN$Yvk9hO@GE)qLv_Shft zhO_q55Am=qVm;HKiC^w(Q6sN=g-UM4WK~!D9nEFEyp-9-J$TE%=JMg>-=GVJ=Ch-# zeCDm+rx;b`X;)ESo$9_`|D7cZaeOuvc!?Dcfq59>8K;RlFgu_-(6+Ybp`p{0Y7Dlw z-&W#mC0YsU`ZnCWm&0*u0)I-{7b$Wf{0eTk;b`S7j9Bq$5~rUjd%G4aA7|o3en*$^ zZni$WeH^f&rxrtYLe;F@(>b)m=`tG(UDob=qU2B|pxHKW(62cgnN~QwW*Y>sCRniW zQb=1?aID{1brpeemk0vT4haT}b!1ETE*Ip*v-muy(FRKfvwd{=orufA_C`&Kb3%iz z+IK^$0>SG80v<4vFW9*PT_fjl9*NVLnskuny|_% z{|2WPQs;j40on46EvChO*(-JA$(F4J3p7?x=s=sA;Q&kj;?+Bsb~^`5dKRBsOH*Oe zuh}neoc36lP*-W;EYVC}2hN}!gkZ~Vv&y=g69k=G2Y*L?bL{P0C@-1?X!~ufwtqB# zbpV0_j_T%p(KbN+3IK|I-rVs406F6R0_Zi&C!pXDRZrU@D-alcjmlEg*JAD=w}iw@ zTTw3t+J%y5N%2r`73BG?Ms&=DcBRn`V_%hjf;~|xVGX3nqEyMs6Kk;~q0C@8P<95* zHhEKy6phZg;^2_%Grjq(){5`ywC(5>@oyD%>8K{JdoMA@1brRXQym*7_VsM1-S+HI zArr4;3{C-DKoN%))j;-ghuLi=a}m#=IZ)^Fd(ap*ze@m5cY*{W#v0A;JxQx&copu} zEaFg>R`C=7{yLD@VV{Qi@v6b|Y$L5p7G;NnUgqRq6%5+*g#xMZX(;JfN&>_ zT3o@wbDa=zd+B3e*&27)fSEr=oPB1b(cv-Ry2$*Ig=OjnjDza1wytxBvI$Xx^TH~= zGq{Y;e%2OzZ3JquII-(b);knCh2y zakMAk)=TV$HK||Hr5(itUboX~!t;UP%0v!u$I^<0h9jdzRY9}`sXzA4rQ=Q7g`Yp0 ztd6GhY4;&6Ns|+S;XnN?98JEm%~GUbcC=LHO6K*wcXU_m2JWQG(9O_2p{$s+1;s3}aeU?4EeBRxV`FIk}~aca0qQfmh-Hnl&vriJNv z=e-5J99~~?WnywXeo*;(aJ=okT%c3o*lYa3nZ`F$T-vfIdpPl zhk?cw^lBa;el$}sEt{sKe`PJ7-fn|1wFqu3w1gpzTx|xJqQKon?`V}YtXOV?qB1;d zOAgyrryBM0d>rR-9#u9zVjm#Gx;Aeq;1<2(y_rb)aF8G$dVm$|9gj=zlnL+zAqO9F zmq4XrS{YJMhPdNML~wQ*0#7^r-8|52BSt@jAXQwMrWTz#wOUf>E~Qz0a(3syrt}sp z&++Qq5WiN_Cm)y9ek+b?z2B@k5jOU>HEfqVgYW%RS(81$P4K98zXu?AGc0JX*&`Bc zx0L5jBz4kS>$SbpO!gj&$qkyYn1AZ)-uFQDG12+c@4?gWlodxm%-mep%Shux@Zzl< zj^lE;H0USAg*6d(pOp0#yukHsDlPJ zb?rS4Nj2w;E4rGqe&QoKeuFrxV*XhuCd_wU@+Z(Xstn~&XqS;tvrTs(P!)Qr+rHpX zFgV~ATkilPj#H%MI^3y~-h18B^flYVqi9P+L_2BMhNtXNv4-5XsUg4YkS=*6v1&2- z86K{=T_|bea5MA$xH3E(X(48-e~oKd+@r=99-FLA#W$Sy?1aRUpF0`flwZlu_{wKx z!h;P{Tb!INi8dh>39C?42lR6^;zoX;wg_fG^pdM(k_8xDem@nB-6pO@* z&>tER-O91Agz5}+)w(v!Ku z4bscYiPO&xlqIp7ONtR3jE!~x9-&NIBcFC9HigwGt;#3f*Sqz)c}LEs2sSuQO~NUX zI-Xs)+k(}8&D^|4RKHhxL%GSHxJ8~i_5d00k;7LoT5Kyyd+Tzuo8u(@J={D)TNILv zNHn7>Nj~kHiySe?KFPYJiJtwm6P0x-Jd^>cKlXb<52N~2erm1Xu z<#6ZSZy6w}WK^4vRM%_}ka83pHh_A!mDu)}A(R4*q}4>iPoZB?dXR<6lsoZBvUST? zeKRG_(oFCMF8L$@Y0&S))z~g#gR+WP2$+FD@-tx$&!`M4MZ-E_sL^IronYAz*WQ{3 z7uJ*!ksv}>I*zBG+)b@eWv4X*NYMbc^{sjR1&)ZBf>xI2dNQr;B=#2`lQs)XRa zl@vG2M)X=EoVQ|HY<-2EeRA~E>9|3gii)xTOHeG$h96VCU7f9w2JKb0MSX}| z59?sZ0V*p>fV+Z@MVR`29h+=$%sMFrEdSP-dmbisRs?tLNvR?HYd=F+*^Nh2Qvp6% zdES4o3%?=^A9f4hGSLDJgz!okg?AVB&IrgFCKEnHHS>ou+iqUf6Z6y6S*o-rM67mY zFiaLm^!|Q-E&F&mPuF%qmv`^l5%r`+jGQEGkTAeGC~QT+>MWRf0~H5&&KKw0$|A*C z?{H{Q`ED*A?K37)*b{gV-B}L$yDX>N1>Ra^?sb8Nh)@mbvA{gz{(Y-QAGb6@pV^tE!K}3XjeQaxUW-{_=v>o;YHr1CimOJ)r{A=^^xtE6d z>c+pfsfmQLED>HMrdN2^BMyo$4+s=0NpN>8fwDY0N8*+#E)O6B-Ejjn-UsxmFPVWb zA*JH_*X4Q_u7*j=NKon+91Riy_gbK}qXOBSFy=KRDo;U>Oe zGV<&S5u|m^a5$ySy~0bgmWFfjz8+tdrpZT!RDbFqRPXNJ442V01hCKeloS{5wu z8mRHpbT-dE3e8@g2OSkrW&&=v(JZk%JM0kUcJA+A1l><}A{iS9ILLntPqpQFk(zF(^t2ng@$35;(uPNl-7&uf2&CFQ>x*7Poh5I&a3&J@gc^ zurf+DIvw6zoz^4wPaBL^jw)EhYosKAXP965P@Jw#8x0TG@dS*rB1YyJLZ^94a_WjnC8{yACwHMCaP9yR?tZBC6)7OZH9AA}z4G*au^l zA-h4{kEEF{e%r>LUKu2ff{F3rMTBNQhaN+Nj}xw3elniMV$AC%U#psCY!CcUgWaK9AwYg@A~{`h@N z|9Kpo<-hi>Ox{Q{m;^~4wJL0t{hS--w-#qHmL8t$5&-MvS-Da^$QZo}+x&8k(`KpP zp4gm8`pR?TZ#_%N^%u7{JbqT&#QWO5vE_eo{G7s_8*2!L7+Ef?bF=w!T=3Taj{Wib zzX%Ta!_z?blw}0hmC;(9Z*}UMVWaKOYIyC>U83{{)nxC3Stq@8wH1U`r&2hU)Qt>h zb$D+0Urw{$=)!`v1l> z%nVHbH>UYVtU@=iLB;WEfc-cqQJ~Y^A%8wFe3~$hBav=b`oHy zDZnft>!^I;EJ6$DS?ORi=msKfL#JKNt|HT6s~FpD;62V)mzlR2&fPb>6Q7gLmtPRX zAsKUAM)T`;XAX}`;Ql>8Y4CtEGqp3-`kw*+}!BPxb zbaybnjNs~EolvQbF~z`qMd+7Vk|bja1((8VnE0tF19I_=t~5jZ;~w{4(rXi!BewoR z*Kecps_=!_rKCA^k|2;(u)Xko^1Mr0U}*q8z8B9$u#fX*x%%D}f(ALF)*DP}yL3ir?K_)t&{GhL%eYGi4HsBIJ zt4iN)ocvX#x{`5B5fUYIkrFXCM68J*ZEz0Adua2cWJ3M(vPBtV-GO(~Z?Zb?)v`%{ z%R5kw%*}-|A;3B5Iuj`O8s`jx0w8V`jDxov0-s>yk3)D``)zTw*7m~MkK03ori7(W zHMYjW+krA>s{3}0IeQq=T2(8f-hAli;t{!+q|AxoQTWIeUvY{7K&}S~JROp#>vkfy zOlsQTX%J+Wt<*9Wwb+Xu8Uv2$k!DMXW%DSF$CQasdvW`6;woKL8fIEM;q10J)p zP0$9?SJ~UFu?fJHcSr7Q1ov6c8z~3{kU@y9ByJB~AU9d-?%9G6-U7k<{9&$Zq2l1m zo&+lO;S*t}(MY?j7XGat_<7ikN$q~j)AQtD21dARa(oHZN!khUhDo`b2tTH;ScW=F z-Sa;fJEs^?qHxW&ZQHhO+qSLKwr$(CZTqxs+jh^nnVF34BsbZqmwMYtrE0JGzV%l{ zQ~GJYe|Lsz)gJ#k#;!Qhu0H&pd&4}e>l^FUdDWy^zxxsVmY{qxPx9kI`8XK2cHHVK z0(-@Q$nEz1ytsEhXx1E?L;GZ!jH^3|=9Q=nAKEkX7l z_pIDDTfLiQgnoX$n(a)H`my=b)6tNqd3mZum8ECBuG(z_;liZw83IjLg^Tl^8G_+C z1VaEJ#*R;F_w&v}24=?8(z>}YG}Mw1|C`!gvP#{ai4n8|`PY50SYdDd=eWV(?kr>g zxD40u(tv;m&5i5Ocz+H8{Ut})E!*49=*yFCYhuKvo7}6GpOYU(WLP0t;}`5~dLW*B zgFbr-K@bHmg5+1HwM#VDw=9m=W?FI zCsSe2)sJL+>j0iY16V;DI8VS2OsH5yR1Fz9cjY9vtt`8x#-Fs~2_6bZxE+@KL z(nJYIXeUe3%RDzQGGK9auxeVkJT3C@?mm8tx+V~hp0T-_)-!B%dGuep5tm|~!Op?8 z3ubH_E>sOCpraN=kJsF4ammj-F3mE}6S&qE{9O5`9OsW5;hlbmVY?_3-~z?6F+aI$ ztjz1nJlPJQ*z{$~C^O&ynPD;w;~O@kxZVZwH}tzFdm+51t6m%{2%(@%e9L^XhlgM) zeejdH08W^r5UFJxGpblY;nshdIjO*u5EoxDk$H4v>QTvIst2q;PNy1ei;Mj8c+-y6 zHdI9>Ig2kr!e0Pmq+chB2+pOy{Wg<-x#fL6eP0c%DZI`O)v9O{A&+JPiZSbhQE3dp zCCTxJ&^9Gr1?n9%QH)b;!E4U*$*vIdy+1rWH^O~14D=_wdfpt2T!(LGPl$CFdF4VW zeJkvaB^-j?I%lIfkOj+t#*U4x)U8^7`(>o|K4T+fS3b@yqX_L>_xl#SI=73$BItF1 zno82~0qD!9l$H=nFI_Xl#Sj{OTGM5Ow{Q*n;H+eu$%2NKgm5u6tiswE2~)#eMn?X% zfH6dZ^1t6g(9O`{&79>Dq@TBXWBM|ZKOfPrCdgDf>C@?Q32!&xQaQ-rJkb=fysyxy zc(5SBM`s&J>WD@mjH;)L5Z~$n_){4w>=;8mfG2$92$SdjF|{q;dk%~2wR{n@l#;}>EVMU!A$c1%z(LpS;SMs63mb6lh5 zHd3Bj{@ClUX5t#Hlv%HO8Rt|nm-P%mpWi7&E!s1^=g?N<3Y0D;p5?N-vjo~ceD4#A zw@I$-*|Lf{Gi?jh+cKCambK`@={If{D`jwo)li>Hxvt$~Po$IXEm`FNO4De13mPLk z2WF&Peu3FTq(~Wf1@{eXnRUNmP$&|56(sda65Y~dz+Kq;HWhl1&R03+{mlmvW#&E} z4-8Qhso6xxA}B6~Qj=oGxoWCwjhn}DbC0G!L=JRaO!AOJ zXdfcTN36A_&UY^4*W8a%KnCIRo~&L>H&s$0W#q1r*od%%N!en~B$dIw>g4EHSv7n1 z#|!rDrkS6QU;PUYt??X;*q-Jm;Yb&g+o4LB55)^6uPNl|lS}MCJre_eJ1K?s!o;Ee z(PZ*eI_Ii7StxGT;^`GaN%Q%4xanWaql0Of7_3oI`Lwx0)J?eoA^K*MRAa3S7B>1tTWkcO?a0 zR7|w0%a7;`E9`S`s=^qncj_0JOT$ zIup?kXv*57fYEv8Cn=wlAVQ>+Ms2ykd;t~9zNn!`CO#iaEAc<8GHI{29HmU?VA+pJENu_-@8(d`Gp}YuZ zYPw&+eCz7qj{Bh5(C&Z{nZ~}{+oy~YC3!6VMB$C5w5?nd!hBrItLHwAyFZ2MY^;eTB#F3;=}NN@NKEppfU__A)?)BZ$1%k26ttE8T7YsB;$2836$c=z$h>qf54{^zet?0&2IJZ`AK58FI#{a#6iM@2?VN#e(K*4 z-|2L*C}8VTd-O?7>6thm>_UAzPKq5Z^61l+L5%ILg7g6-ej_`QlsEzBz~ccmfH)}j z<*zY!p&i7qv?=w$FaXDaq5;GEB2Tp{Oa3i=w~fm_tBTbBvCi+2w~B6W=zjZ1_q@RO z)_-mJ{`;LDZlt#+_;GBK^{6*x6fyY(_JQW2-0n$pSqZV0yC7mU_ zV0D8&pr$p!=r||kK?pQz#0%I!9_fH?O>S7G+d+)c1$(9E_&^qrad|+S$9Fk5+5mWM zlTS?hUjvti&MY&z4Mak;z;imFe0)0(7W*em(?=9J=@hMXQp#bKd6DtrfI?IUq0M(_ z3C#gLkM*MjsJ<~BVqbdOiu)2Q#5a#@8H_d<-=RdP?S)JcY>)(ai26z@ti|mU(Qo{t zQ~Bi)RNfcU8*#&v{Zbe@BWC1|q0+y=3jFm06@LLu-;52078XXfWkY&G=RW?e8`dIEFU2Om!v4ET6G6 zobP^BPp;fuf1_L70JhgjmGPqJ4c*LlKLp!d_A=`#!>~+UkJqL69_GeMP3#}!RF|hO z%3d^Z9U|xpFq$2$@%_Upa) zy;H>fd43$Kga1Y*U!Dr0-{t@3Mhg2aF3V}7@8kV>Pl*-`|9O3w`~8<&2|Lv9{rZpG z%E#TIpEBcQ##0u-wjk8yN29O5e4KpqgQxpb+mrkb+B&6n1E=edR-sn~DOW>fV!?RX zEWAE{R#0NjO4uy_kun)vo}aHoi%&`R^7*f~+glR?*Vpmg`!2kao8X9r?(fhc_NCrV z@Qh`RGO+yY->|gPT4X^m+beoTY^-ic{-(;alM} zK8YH#Xp+8H(d$87uDV<~-G~(wiMQny-QPy{b%JT0L=8GjW z<7$<81T+{tf1^ZQ1C*EZ$5HJmh&(fmP=%ZNF?iG}`LYB_+~{+^{m~aWWaVj-tL`>A z3>RLCQe;d1Qp&FAddyHgEy@u1H2SMMQHViIYzR?YuUcjH92Q0W+2!`w{d|l*jFs(n zI4?de8-~fO`J2pg+}76!T`zBseeRk-l{8oqTnb4kg+!4dy4(TucEzh7*sjR=`^AjZ zTG*PDM=Q@YT~}uezY39IoBD^1D0B;F!+&}Tr6Ofx9pU-DD;jk=eN|U)#%R6l8_;D+ z#1C%c&e&$~I{G!mSDW;kkmc!9C?0a#BMu>;qR@j}kGn#R0E57X)A~@yK%r^6LI61) z+WG9kMuX>(pP3D9o7;nbFO_;Q;8C0y6s?c1jv#1GefdFC?wv<6R5&D?B)(;Y8pn+Q zWZ8hGJ`TcG%-BM^6NkGr|9x6O9YBh49%gZSj7ToiC3P-@nAXgr_ zwb)Sp4&B6^kn0XieOx{0hK>pMY3#>PL5TqE+0;VoRz5+F0O(kb>X>5kMp&$`Bem;V^5~caR&%A>r|U1fs3UC901#fugXuHo%hEPCf;oH0yxKocpDz zMCY+vh=2y7h@YinXHdBz^+?b)en3VE#~dF8v9`6ysL*8f^$>-n)J4(Nx`P+z$#G#SSNnEqJ5gC&cbx^c9q%hVn8{BbXoiCC@-(U^q?sb=KP@8I)iFDk7~w$wy5f$b1!g#%b#UReOS;; z!JLts3`!q%EfAaGIh3L+l_D=*G$aulrORQ`GU3IX$z!3a&=iaX*nI=FN#)e!4SH1S zm@nbJ`3#KBW~CY^T^x(KZfk6!yGCX;t+|D6GAqvJTd8A$C-?Xf(aKplD#X0i_ zJz~zQ9|-2YmsFf8mKR7q|B6aVO1YVxCrrLT_}9K2zm&AB-)(Nv&7{)4>BQ|$Us&Om zWl&K@q3Zo2D>(0QYksY!ff^zvfh9P_-{OY|bVMZWTYXm(hp;rjmF_23LTyAnY!eN6 zHUOs5ZdHs+3>KPWZzT=6Zh5}Zds^9!l9KF8Y)NSyu zXdk_J>Q49V9< zms(IF5x<2+F2a1xLSNF@zY*gI-K;{<#D*?FgVjlS6qP#VnLc1KA?{Ty@h71-8SVLM z_mGWEqqrH2V(gyEpcT)@0MW3V4019q3=OdD2DdAVodO-1*7_rNMHOi-| z>-TCqrzy&T=m1LxvaelY)Y)OSk3L`M6~K_}mrvbXjV=IxbkO zs6bQMVP!;~}t}R7-hSgKM(ZXUEsu~1H!#V{qjod)?be~oyrTkpemXEoz zC`z4jqZeUMi~DwbW1~D>v?NGn)bcaf!_QUoVka+Xphw)E1SVP#3*(9i-_`0Cu@Ilj zSWqMtGEvHz1?NXi5j|cHF?!6ELp)U=m?C|-Te!;ITu}I#y1&|E6S(u2w2L__axG1L>IB#R7 z>g`s^8vYaJI{})RghdOKz;R2Vti&i#=HV9KMa?Y#_4e<|_oF4UUAK!6+0n*85sr8! znBM`K+O8}IUjSGbR9a&phNj7riKOo(=28DUP)d5DrRK+fVGY$CcrgQdq7huWI)O%# zb;dQwOVGQ;1n+1G4DHLNF@{??WUY8xzsi@@lLSk1I+N)dKrggGY#p)7d`Fty^M=+B z%r?IPBwiDF)yWVT76rk$Ckj!Vd!C9L+C$))>A0^>a;|;8+$yIst^1h%)a;GKSqxCf z5?)N|g&eTBIW#~^qng~XM@6j;%NFAl8wVH92bH)>j1dV}Ex$OM)%dD$9cS`xNX`DL zd6H}J3~6(+M90|@>4T-Gf$l=$aA9zhnUt2iKokr5!H5{c=d`i5*NtZxM*ik4fSPVm zM#K$Q{7#u++>CiFdRPxL;DJRq-keahv=V1>oO>kkng28nVA19L2diT1i{oVI_~@)R zEB}v>GZ$%J((IWtf$40>5&5@HbZk9lD@jHJ5Nw&ll?fIizS!8yFnWE5JEPKQ@ljBv z$Jf@@j~K~4Bb;7dnz8{nSwZ{;!?Znb%8415P$qtNk?GpL=pR%N2>f& zco&dl5QRXgnu$OJe}O-M;2&13-!}i0jLuA1Av{Y|hIisB*~gb3Uxrf)Q7Rw;& zMm);Xl}T@s^nS%{K8kLvI96TNsDeTI3siw%mwrE#0& z>Si+vD4E5{Wpg9vCW58(s`KGd7x(4ItS$mvNSXPOUX+Xu)%6`#Z}t4YJttBf#0Wg# zYx61EBuBPKh!CQ&-gG+*p;e;xde8~?ZFGxSNOqPGtQVv{6)5U(ujJg~61+=Vu%fDA z1u-@|f^HuoFYW`3Uj7uQrL6*gIQbEW2^YR+!TCro32A#kDGlG*Bz502IdxtGv$4IQ z?D&dHiu;I7%S^ip?s4JPOJ!T-;YE=_#e+tJhn^0H^TQM8TWzR2g*%j9yrec;C~dPc z17z=V<{r-M{5sfQ+MB0yQ@R*BF4!h16zOxgwfo1ugOoZ%ChAQ@=-1Bi*3_y%Lm7L8 zaYszVj5o?tZBUjKW~|NH#XvCMtI=3dnliz6onZ0b(1eD@mZ1nxqOwdn*g+OLn*Ktz zETGbbj~G0D^p1We7Cfvm)(q)xV5wn7N(P`WKly(mavOqS)PCZ>l2}+nI;Iu-qN_B6 zlW=DhXqi;|AFyCg@SNM^pos5uZ5--e4{#XoWN#c!_*Y%2icTz|kw+L5c}iVCjbb%3 zt$z@5Ahs-wE5ZPaDK-%vX@Jn(W}I#z+DKCxcDfe{rF4aP}oQsAjX}%C0tm zfhL^Ip}o;M`hZbX?z(hv3$jW}ciX7kQ1uUmcQcKGkx1kZtI zsl#SbB+#?|1Xi7IDMx@J!gcm2_G6!al$u;y61=TW-RjalD~R3@uoNNCsS^JN8bnOp zx8l!>1SyPonvJg({Tz-d+YtStl&bgcxEe!-&w>PT{-J#Tq1d@!W|yMAVA_4Q+_jCU zc>!=Wk85A4M8b+%p}G>RGKM5ZUsbgWm`C9prmYVUG665c0aCXB3UNU8glRC|viH(t zNMsJ4t1zghW$$-+foiD6aK*!N&78q(4ci2s$0zCd;mZ+O(QtC2Fl(By-b62aQl-4I z5Gf`(IL%(eTWy-)X!kZNxu$t+9VWVFD{XR2DBu)&hp~dxL&-2L$@Kv>rIv^mFs`5- zRXJmQct9(ZDM+mo>r|Q&fj6YVW^#OlV4D+7N@fKav0o$*rPoC-?(Efb18B1Y&bp)G zD(o6)y}B_>G3C|L>m?@PXQnwvqbmkLa?$JsSL`Kg9pj$ptvYQ%+Dvx~=txMNh$`JN z*l?4409`eE>D2l4i`(dG+v{HKPeUtBHdpSccDf)oWwqX4S_N1W`~u^3t|YB)2Y>BP zLxKGO0d^Bbx(YJsxNu_bS^L+c7oCfdQm=<6C28@+@-f8uu>2fA!=AVrS0%PLlp za+5km!tP|QU0fpf@9C#VYp0=M8&r|BwesgVq$O0v>`7+k5BXJk16VX5w8%1$$`J!T zbh-^rv>;V7^cw)?gME|n+X|&}eT6?-hhG^DRg|N78U?-x|GW(%r!jg6o^{T951!R2 zlf&|XNiF*GcK^OF^l6GJ9QLJ&-lVS`TFNrBRv3QU(!wH5jXOcte&XY-vdkmBfe zcJBMXJ|!gz&^i;+o<}WQKFy*KCd1B7^q=}xWWHnWUEr5h1+0GC}7^*q)Mf2E0- z>}ZPQ+RKNF`g2D8K5=@)36$7{xnrzs<&o%<-c9OetOhUNOCJ1;TyGC9H;R5i|uM!)h;6 z0LO$`flZ>d`a)n%mHFP?OPODDC1u5^%uY7TG__bx+z78uwhCU|tfh5`W;$xph>}oQ zF<|&fa|M?uWEAw}ey@rF#tAY^t@CY(dVPUX10_CF*kUOu1xn^*H2lOrA3@)RzUv^f zEVl3=B)LqUIQVhA2NWB{Ry7!!gXYF#)hO|d{*t<$aeo++brM;gksK&JPCx#wbuuh2 z*FX8=GY;E$`42gl<^l3DBiT=0p^WyaN%Uzb9W#fwDCG7t(!oN18e@?TQ5#r$v0{^O zCor+s+Jg~>*G-zE+B-lqv&Z^NTK3M8Xq54|!MX$Ye z?Dcc1FG_)JA0l=hQ%4a>_yt9PND}6;Bq{)T!Do%b9V}_-%-Mi@xsUCNf(@t|H&}C} zT|e82$f1)&8d}z|R!mhrtc&|v+t5BRjla@y?C5yCUP!J=*;~$PW-_O@f{S%?kPm!j z%L|3~T3p-^sGeO-0LxsT-{ikKyUodF=n!B9;)GyecjV3!5bsJ!AT}k?2v4A?%wroN4>6(qi{1+KA$K|M zTlRM8b~O6SE;#r40(KcG*w%o&Y`$LmHV=>&*S$U|%%KyHUJhD3564v!BG}+Zlf`zr z1v;xAhaG)Dpn$1O%EC0oKNzE}kYIS0g|1zqc`^4kx=l+r>?GUEYDu@U7oe@8=jGUS z;!I>KV@UjK2;e%sgOHRjx@6#rMn?k(m@UBZv< z6@B;K?VI^B%>1PLx$Qbwx%4VzMff^S^V0S<-1F;G`Zlz0Y6;s?tC=ZuCNHsFZ$nG& zaj2l~f8^m%%ZL_tj|=qEDwdkXi&-jQ=1W#c_b(q#-$T#{ZH@A370Ny{fA8+ohV=d3 zukWs3cfX%@cYD8{W`Dn5zVYc@e(-r1$XWk0{LB1b!oMsW|7UG+Gxn$z(dVBWe~d)H zL{B6VBoKhvI&K$eScAYr&IlVW9>g{K7vAebEcT=MLIP!(nOl>iD_*M`ZDOcWS(Trk z=PXCc&$sW_I^68_)sOd|9^dbv#lz$7pZ(tNefwtj+>*ULZ5Qw7r$_PT&Z}qh_x)yb zdmq2=9|2x&bA9~}0&I4cvkQ9drd8rs{2vH-c?#JY%**@f^oiU)>L$8s4W~_yb|xcD zt57|PiWBYq>3zS-9CuLeHOGzdoBoRLH-0vI!{=vJ`00Fcz@zW;D{dP<`QjVjE${ao z;UCHMqoa<`*mO?*%%P3h(Q~HpD z<$|;0U|+-yH9V_^+%Wm;$K@)`U9*fphmY|@ew*f`?gMAUkwQf zf!!a=U^(RIi1qAp_OTZ=NO1|_*@dva$3SIZxIi&vFjy*zj2+V{y=@Kl{7D*of0-(oJxNJZ_Ue5;iyan{Pz69k`E3w92@9vW zCz5`nc^~3Fu&v`{0e(#;xJ$BOLXyX@RV?D@s;798YC&s+}-K&G=X~T80`0=`wN5(d|Oi51~ zHL4$)#q&6w^uyHFd?7s8B!pnui zRT5{efB+fzJZE4aMrNoQfb$TR#Tm3UM(wMtLks)l*|{KXYOZiqNEm@E$jS9NZ&tASf`f{49F*ukFoD9jr1hB>m5)^ z=@ACPwoL1iyrjytDS5qrza-JDG*(dmF>EL#I*7Rt0HTPp79#ZA2Hl#5nw2NGSP>oo zRdKcY$wyZHlk>GgSPa$aE3FFia6i(evLbLrSeQBV#<4&$%415qZ z;X0c8+?(|vnGh#Nv&yiZMjQBZvcx%f8?oN0_$8_}6+NSb7`@fTux9=E(8U3Uf6Sy! zbD=Ix+p`(69+5=z{z|8X^qtarA?wwe=wI5uYtcJ*L(x7>2k^{n*^2I#TKQa?ThZHK zDD4(q#8iw``AE1|a%GBb>;#gTrNVz-iWTAM-UednX3ytT=0^#KS0B;4()kq0y#CNl zk>4F}Uq(3Qyv)N7o!La^G*HF5sGI}m_!^6M1z$$5_qBT)&aTMSHMbdpgooCuuY}&? z9!T*ERK*6KbukndE@>nru81wIz!veE=!_|%D0{_3tUUkeL|c0;Y9FJcm8ohhjQ#AB z*S#%*FB-zbuJTw?!&S&$kACwMvds43TTCOneHIoEqR7y?j?l^QR>dn{CpPx#{vi^G zF!ZERFd@*_c8a)#A3kIe*W36s3$0dyn#J~FnGm>5tz|lBddQd-Aq(E9w5~9q3mCD# zgk@jv!M*A>k7J9I#`|@zJal;J?mt|xlNHc)5)@4*aCqAeJU(%E!+N7Z)%U`O-CTUDq7dOKm~3j7AJgSb8r zA74TGWcLFGZopfmTFhE;cN0XfR}G|RkcQR*0gX|)fB)gM#p+BPMkI3yG*<&XgYBVT z3QOBQ8;=`EhNT5{L7OL}j!`JWp&^X)w{Aa%?Fd!dL}=W+JO#1<)or-jc{p{>3|M<0 zKg_z3K#l;F!5u5%)}@*S!@<)69%t!X zo+P}mEDSWf`%vZ2Y%8A41kxlhE!Hh&oH{niSzc5ol(kqORh`b;zvt0kC+#wH3#DS8yq-a$?`6GO z8Xy=fJ@s^IE|WY{L7JIqhaRCqd_N#aF^cK47uEks<*=rRV<^&R@7+^z1Ths{+(Js> zUJe(M3Z0}86vnY^vVaqIqq80n=7GynjJoD-P{H5Ka$(O<8;WLBS;5qU9T1n~M}&h9 z5OYk(xj9m!waQ5gJtSw6$`}5k1Qy<9IKw1IZqK{%#Bk;0S?xMygcO1^F6t{SlHQ_S zs8+s{fX@an6I?_fo?%>cFJ5=HTN$?-KYkx3*2mg(yIGgVLr7O)87GmDXuEj zWXm}9xU3NIibD1unBiCjpejnMeBl*?*4=d-`&WyHMg5&WC9z@MR@b;N1sqJmvY6#99b~2%lG=bAEMWYL29!MEfg_X zF?Sum&0~4aTt5L~Q43_#Awr@;L1lA%n5^AWIAbxqT>0|F7NFpT4UtSPg#-ij7>O`sv+4p2EY=Eiqoj_xAH)Udb$i>n+hk|mlt$G{f9cJTX z4Jl)CwpQa_lC~{k)soLO&LL4_jA&baht8an(2^Ez0L+N;;!=SVA#R|9U;5{}J(sqw zVb`L^Q`PO0cPon-YK?2_lmkZ6BZv$gYS3?%Nnk?JB{$B6FC)NB z!GqV^L}0VzhwkBBBRx#zL--@zsq4I$Tg@yWE4qx?Y`JttK8Qe9uWNm~g`ZZ)JWX1oUkH3@k@ILd+%2q;sqMwY_j)!7uC^15$to8$G zMYqIgq)KG9oZQ)1P&kFHZd5_*zqM|*!Ev2NlYN&JnX@L8(%h>(UW%y&bDR z&^ja=yAj*R({ztN(pK8hixr0!yl`<{XkwS`c_w7Ei9vH>);sUU4Tv1Gp1yJK)Hg<6 zDI$Zx*%U_j94hP#~vOCmAs9>Ew(@@A%G)QqLLd6Wl6BgRDmY#lI6%m=%ZKf zjo6JOw;MuTNH9vd)HJ&miEz$Y*@$0?rFT8TO+^$|@#E5=;z3y+y}h`boG)A+KtWG% z2OPdYx>-JT7PoKlguS$TC#2#GInHTqP791uX61t<@5Lr3GFVT`Fr(A6V!RB$CQYWK zP;cGQ*s#h55ekLC_~EYjh*5CiOUm?s8ZCkTv{Sv{`;@`_sH$vPpt(KBAD(pBvgemR z_?-iJGa0a$M}oHFo=_Jya>yk$36{hbn;1Ev=XyRrU{7La(LK|S%fs7=@coS>4HrsN zQ=j#H^Q$9P>l^F5I<7Qz^D3DNPjHR`%Y`5P=XK^2`G2HYsnwz7-f*dIB@U^L-q~YZ zE|d#uU+D#_nJgMX=^~X|$)X)E0y1DD&Yl;lgv^Y2e}^yyO$-%bH4eH7?uJz&&Ln0? zB>EF1l2IxAL>Uoi+NC!w(a+IayvB}{$Mb-5&o&$%I;H8?|RLISy>L4A9SG9u>7bHRtY z5XQIWC}7bY0QGSI5XNYg$1L=j1s$4YROBf!DG^MY0=C9 z_QY#x4iQDW(FpUR*`6%^%LgHMrKX7r4WyL$x!fE~+4GHx)T7TZVX7;-eJeyGczDZ4 zxqa$=9!`^Cs>amDB38;}aT6;{b1k3;+?zsFS|AQ2mw}8a>O@X%!GJd+$tZYvz8!$h zl_?;IQ6e3x0#aH*lU^B(H`EIEl=DV__=%!VnyrFvm_#1WI=IX_{_g#G2^NCg?Zv{;Q;)lKFU+HhEG)vLDXR-&XXzO$Qi5m)v5L_#SkR}hZFmW{2$ha&FMfH93?AgWF!Q#}p zLSbbGQnv8XOWBjkKhlct)^rx-vjJFsn{(CYE?V*2g)2;fJClM`i%E6Ab+#2wHRXpZ zMGHq69EMD|Z0f8{^-HPEAVE#0uOLZwsGP*FbRzz?0)*Oe*@BbI78*l?Q-`{!I0fe! z#@OT+>O`csvK(hq@cU?b;fbpxd&wqpD}$YBm~MpOx{7ks?02CWrLkrDQoLekX2DIq zAC#Z>tm;ZkO>X1NP7wIzqo{4=V`C-?^D%v`T9_Ng4DiJEogwPK(;t7RMeNR}$$5Ak zLml_u)%YOVS#Mk~i+;An-U|0IcQ(C%^+weNYLpJ?y<>p$HxgOpa2b2m&?ElFhIQVm z%oV^Fg*WsvD_T~Gr6sDUN%*jtHTU|gVxP*WMev3(O9r7lbMP$SNn99squEa996)(m z*Wj5}Lh9aj-y1etz4$bbf^sueR`cPT;rDRk9kS?@9^WfFP20c1^1yssw(DVkP=i@` zzTU7gD{cLytTOvrGVKm1?WGF05o>yL*x^9&g*I}3(Nmlq3=`<4P+B88Mg&nU{+r4_ zS>PV!xIgZ&14O8eacbB!?5qH}5Q21KFmOp61no^D{LW;9I$wDk zitOCmp91?-w30*BhxmeR6=0#wjh|pCMnZ*!Y={F`bCDR8EwMdezDgYnnlR%I=Xxyr z;ZRLbhnm>A0#UK00Ui||n|?rcPnJSLAK(*2X?SDbRhFZ-=iWrJ347hW4B>piAVoKk zevhc=m5KMpKnRpgV8STuleLc-ToGN3+)2@wY9VOQ#fAF-8DqmL0f%`@0-CSY8wNIc z;=x|w>O5@_+slS-(gs?MBbOq~Mz}OTJ^m&weywwyNjTKR+z5Ez@m5I+k)7~``L1~A zAzCesgP?lwKqgJuh3lsbG$zHmS-9vf#(>4%n7jqoLyt+$M**H=fX){2oSD9#0Nzrc zSPfICkz44EH^Nb1w`dU>c7N6%MyA16ALH*UtRV;a2BDwac0o$l$BsbNhkiEJP z;Sa01_AUi0CI4DjIK-B97I91>4=G5!bl&;Tqf-mwtDQe%Q73yNghV)NP<_g-qL{Ky zpsx6b9bOasdOxb6Al=Pi?0ZjkAHr?WckUI^hABmdf+Tj)M2CF?E!Yd-DY5&|LU|#v zr8nxw#4}>qwQA=2n&bV~@Aca5>n;snzGhkKTIQ@q`ng!_w(6~5!qxUgzcg~y=oq_O z@O1{4nl;W#lJjeo|E9!}-s*Goit%aR{xGg@-V32iANZ5``L64mnH?wZ`B}cZD(9}0 z-pla1;bpA)neO}5{q0ry_TavQpPXK+BZW~XIx4L-b@8iybM^OeNZs$7QZU;%;e6M% zEp1Ar@}hgihf3I`!iCH>_Ox%7z8cCh0NzrvjM}~Oon8Oe{I%@&tMl{b)9>qP_aDJM zxBvZo{@m5O_~O^_6YBWSur2F<1>3T)vHzdgRy%I171L)|pE1rhfT}w@83F~=6_?u{ z6br*5Z&N28$P$74`?o|a6Y)Hw=@B=g&}Rsi zHV@y|2P4GQ zFKQ%xXT-?!8eWT&KlvHhyE0b3`uytY?Dk%M18o~ay`IyqORM`Lt_7q{O_d4t{po(c z3clg5?V)b??{iojfAM1}9KN3~1fTDkmoXfEANQ9i<>vSE-910N4|4Xs7(8ekeRhVP zMOn+m$0M|99Q}rv3zu^(cb^6B+u%Qm{pZcw;HaJFHW+u`o4=m3O_feq=4Y^0NG9|p z!_S*g)#!80`9?=isjz)D)^7S}dGBSii9hfKaVGU?DgB4u`-)_!HBL%xL+PrS9voIo zD%>M9Y9jqoSaD>2oq7(B+mGkpb)tsruTKYn9N7)4{z@rnPq!YkwS|A9r3Fu0-8>NY>O?_zOM8p%Q6U znneM5)D5!wM`{G~-Xn&r0eZ$oTAu|9B}-9kIeGTtDmX5K^qXwvpmn&l*w1~hydQ`X zq9(JlsL^g9NizFyhwz$dKLIT$D>HVk<7|R%1Q!E6ejC709t-TfX;_Dhm9s9J z4S<4bI$8%rIDm-YA(j|0l5LnU5p37#4So%dF$xCh6{-mC_PKkhfqntBLXJ6;Hzl2# zjM+hzIM+ZFXu0Ej*zo}~SS0zz9aJ88a5uUo%WE!4^kdlsj2FK%*&{`pU%`v#3IkO4 zy5vA*%tpC{7G3E0`g}<#+Id8TQy|R;G;?%QMEj#?A%>v*g%!{dehLt2M@RQ&Lct+f zQ03vNAP?Np>;_ZxZA|;I?)8RJq$UGe$^5TA_a9*fuLJOVI@pMbq-+6= zJV5AgP*8g`nB>E=nZ*c5InZHAZX!yTxN!kwvU3LW~J;$R_2RgyHxW^MHydnEe$(&+BR+EankO;L*35=Hf4%A z)9L6})JNKEP6`l{;A)b^&_ga{DiF0wr2A9dwIJA9z5y0v2rS<@SXtWvS_>_%ue`jA ztqDUod&(0!)PBoCcv}kPi#lkz;tPU%>7mH76Gx~jTbpgx-sjwWdWT&R;a=4)?5lik zrq;HWc=@$J?W(oT!jx&SzRO3o-hdmh!4Sj)ZCYZi1h~MSddS@_mDb6w$nKYXmnN!rXm&zb zpuN;A1A%qyx0(!r2CynFhxBJFk^P{}CrRfu=TUosT<+WMpgJ(7(^ymZ>yq?IBS3B0 zGE?c8^TLslYRrirQsG_%MWjrSfm2}XNnoiO64s%s_!a?^nehE&14&o!L1H}oYv>hQ z1b~r9JEQL0Esk=`S)1?I;ihYu=e4MVr7d$9gwJ+Yr&@9pwU#-{Y+-8Ld!2gp{Kx2X z>&F1VacqQy8Z)THVBLt@^QIq+XCBS|L?Jd+;oP!tN!csThQ9Lw=$IAj)Vk5+QktA+ z5kRc|Bkn}H$}HiZpv-hj z(s>CJN0IGb`x}O&>3(B2d_8*g!iED?+})3jT7ce?X19MpH4V=mLfu0HQC_THVkXo* ztgxeNLPNNyB^9FBLqsEj&OFe9%rc#3c_RY#Thp6N7pVmM5mwk7hy#*nWg+W2MwVd@ zuy)=sGmNEyM#o!0Hf~33*zLF4sR4=cWtc{y$RSnK)I>407T1qd`(zQ``AI8{BOxX%<#J!lHV7OK{A&WJbAn<4+-6syqI46hw z-QV+Vz|m*9%{quLglgE-5I85Z`kovGQpqfC{CddgnbA4qgBmO6fvT%ia?b$cL+8*Z+(J`7ZJ=vY=!ryp zt-L0F*se#-$?B59aP}@b1ht`i|*QAoz9IiA2-jJfHmLgX#i*?`D%srNRqb&|5* zlZl<1XojvlUvr;;{V&#n543Rf&^ryLHL$P@PoVQ@w%u2baP_SW)-MK>-8hpkK*eF5 zT-iUhjscpm_z&IYocIji{s4yTFOzb|5n4x7#pWt-Q$ZcZdm|sYdy+q48^zwY4gRB5=l`Mq@;l()5)Q6hzlXk8R0V zBppF7ddqGB&^6U|Z@N{76ul^4^N&y~y-F$uteaFc z0_4$%Y16>o%S-u@)~-fFYD#+>Pq~Loz%+ivg{;E^B^X{oHNskpnF^9D9(=ZRxei8c zJ0>n%lNVeHE55i{?0EnaF}HBxpe6zy=~x7@H}2XPfy69YXW$i5acm32_HIdKP%W0F zL8795qsZC34iY8<4#(!hUW+CSSpd<`HRB zP`Y6t3~-~Nv}8ybhG>pyXIjyIh0XxVL_HmlK~FDnO)&(M*mlZMWYD0(xomGjioUxl zdL#5iAUcS`12gEySQ%f*jipMt6cvW~n+Zb%-=L|bMcDFF2VUq=Ce)mySTB&h?GvD9HMqOshaiQ#AGp>E1( z!jz3ffg`PKKoGS7WzbY<+}WCBcJ)}67+_Rye zlsr~wby{`4s!V?Kmt}{jS5PVHMc318VtFsvBe~6{GfY!1cTi0&g1}R}*uSwSIEZab ze!iG?xbkzIWvwDl?^iL(+ze-G{E&(>PRn2BSpqo=lfZlKg^s&j<~$C6V%&1A-#tuO z^HYUkSJ~3qsQfTAw){@nh&yRa*;1Nuwd8xHKN<$_9NAWct8I_2GKjC8u+>7Vn>iwn zaY$JL(K2mJk>IkR9`YWMjD!i$HiYyB({;m`ab=2^)PcJUM*><%kzu9w955C6PnM)q zVi)WnEsKseGwjccmX6($N)5VxS>>dsn^`E&e2jS=@uarEmYE8t9_0;em1lO%th-DJ zT4iy5_g;%umcL>QOD&d5$3Tm`mrj4}j@>U|X4_pwUNG1N6*8%Xs&JaBx?BqPGM2V4 z0jnf+S({GVZ9u7eTO^Ctb%ZCU+{pocu)PKu^Te_cbrrvd2%M$q(pq6nL4$`?eVk|_ z!q?6>-QChqo>48pt3NHxRV52rt1+}Xm&qePiqbhhiYSTZGgz=!27_EBkwPMJf(cO( zR;kwwEj}qoh7!^u5fq0m!>7UN1KAb=5n-skkz!JgPbY7HB-dxSJ7^Wb>~C$n!!f*R zNu4VKZxFQ?A^fsMa$quLr%%F15ptdae|!QoI%f!bgE3sZ zX8EYuXh+t_OG1I_3{^wGu>RQPj?!#)0^FEdThaF(9GndBU1jr7d#dJ0;h zj;Fm9At@u%1Kqw8Yog>%_$^9S_!}epeAINxhJA&|HaAZGlP5;%A?T3r_M+SC%snn9 zeE9Din|mBB28bq7{&8@cN&UgxU>Ic8AL&I7z0k!D2M9Osf~oHqYQv0ypq@?Lq$F1D zPM|QOb}N1-7U8=3y22dhR~{gLDZoevJ`_ zbPI>k%ybol>S`UmDUXGtV<4Xa1(;7D2lnPQh`nI7l0dJyltaG7^BK*1$j)u%M^nC$ zeNH!2Zl8zDXKNsLzXtD9|Kb(md5ekj0H`M3C{G-Mi!yu@E`pPk$?uk*TyIIOVQ@2; z(-PTyMt00Bsdl&QH5(AdBm!D%L&jYh@iN1c?_i*V6{NC?ZbZS?K+6WKBiQIzlt6mGI zdPgga*N>uh%qnquM2}_^QnSVl&*J>I#}6d2LKYV?0^70uaRk2N@WH+a0byjk-@A7+ zuFK6YJ|#BW(DqwBm}~N_0_3&s_qWThx5l?aPrNVU?QB}u?`6wh8EKYw*8H=G;f3G& z1by#k3Uz$w*gw|@!(B0@Rb$pWW6Ub3+UAFDd_TPX4OQ_V?u-|akd`%Xi26THuiFg$ z1btuM-T8hWU&{(V?|ZjeKP^gTYyT4&#qqx)qZnCO|C@ze`yZM>_xt;=0<(R9 zx<@~tXka7mQLP{_@Y=asDgnGL+GP1h-%^}~nD3qUOcKqMqFH<`jGp(H$a8Moc{x2B zuo-c4cJ`efU-dSB%b{=gP9tCS6@4y6ngEr;h9M z{&{&e+r8`U$$UK~YAuvpa$V9;cW+I?L-nfO;^f)kB7a9=3v-iNyMf1zk9sbXFZFzc zm{=saJ)XlJ-((^7sdjDlXxwE<^zrpW&Sgh?5qy*Pd+SpU%Jh4e_uGv`4A2`V{r27X zh4&uf%A}QNr_tYku(cn$MjT@w@)f%w4#-h-^clXfe_eB70IM7aJV@$R{&S$} zGnrY)SR&U_AocUOt&5%cK8WLLC2c_x%$(f7@UfPv2s|`Wna1y|DodD)U$W;wEGZ!i z>E2)-*WZt~g`g?}gvVR9_n>Ug!w#1_yLg%wUy8aGwdLeJ z+B_1^ZAusmB63GDZB0;4I0JLC>`GOlyyD5(GHQX?r*r-b_w0fX9ymxG%Cu`_p822XDA^N)Ed*j=e5hlj^1$eM0 z#yaU`febVUjIoRCv7{p2ppG;H4IQK*WdpHJDiHHG5}0H$kM8m;pqzkpL!sRx6QtK_ zKoG`6WB{i#DL?B>?U9t#5Gwb`KAZ%`BUA#KM&6CGDr!%mpTk4z7uLtQa~ z2)3~&S(1)N`~|u<%*I)7BSk2ZXyu2ngfeG}*&~FtAA|_>NV6pjrW1OKrLBOqjX&S7 z2lkVxZ;t=6-oX2X9(!e(*@j4be?`lSNip(#@cymwo3FlXGu%LBZAV4(^oWwIGdlB! zy26s)$silhpqsF*UKb_K2-AufUIrOlVi&wNmDl-vx>?dpck(N9^71P)oG*^f+4rfU(&5{rhUrLD!)!Nh+A-HvBDp~af`Ub% zuI2`FguoMKL=;pn{KO! z-TlwcWPIA#_FKa!PnIBaCx7WmbImEQnbAvctcgT@#2~FTUiC;g@)Qyo*Mhae<#3$m z7HYU3#KoH*G=TqxjfPuHsjIuO@=WYwTq(x}wp#cddX`cYmBxwpS`Cf=kw{31byP$I zS*Ymgt*Kn^oEC;umj+p@mLoqAxPd{bh!-iM4ZCuzNH!3l@39-i2!c=9X-JAiR#;4x z4K@(lm)B*eZQo!c3qs{6Y7YNV*)OE=mb}fjfM8F z4mYAsI_V?l7$Mp`79CtL-vF=G3`J+`Wk%&ItC4}cHvZ0{BJ(0hwiwtqNz&8sWo{6! zRHT98s1qCcc7nZFZ7gb$nr36y=v%KUvRdt zR=G1=YhWsM6>5MpkfFg5m{juo1Z@%cuG3c#x{==|y}F0XaTm3DfTb(%YsM}-70Pi$ zgBb#1E#Bmj3*=QIVUDgdTEq}*!SuD^J2(`elb`Ppf-q8{tTz}Dn35)TfB%!-*|sTJ zK8s}m&lGc@clB4bgNuT&P{(wo>W2IjUP}kKZV^yOOEsy!>U&TJD8s@bHrC{+3F9w% zd)N;w{g4u((ilhBBo$X|uM7FgFA~Zvki<-qdu+pIGCFy(T2V{92wdd?Su8B>@o>j0 zEif|B%r~ais|*XQSn)rrD5w)Lync3bP%%LuiJGp#@}^hpfoa@(o!Swx4qM7>RxL_T znAbH>A|&Rblnsc9+IbRhWa}HQ`!LKQD1n&-aTuPpREep~;%`VU~clyba32W`&>SzR8 z?`x+hB^9ri)n>eVpq4XveQcm#JKKRwJ66bkhiH#aUO9brN<4n=?+sb=+nzwz0cY?9 z(PQXCPp*YRJY+kH>1Ps|BD$3>QS4g8yE+E&CjVqyJf|x`l|eGs__S;-DfWY|Enq@F z?h*7jm>a?l(}mw?ThtABEuo4(szl$xX9sEYA5`@+A0pm+T_S-+k-Ey>>0?XXXgBmN z-h-DC)puRmel|MctZO*g)0AwzN*bVsVu z6Qe%kAUk&u)j?+KH#g|WD~}0W3$l(i5f-ed=boY{`P7!Q;I#SIACI%fZ?q#`$zyvA z{%B9mp1!AWxii|w+?m5(p%1OlCLJ0O>Qo{3^B+y8GHzzZHcB!z%Lph<{w1Za`ql$Y zA=4}8J!h%q2@Wc10GevzY(kq;=4bXR6+HhwDib(7*YKNV)o2f>HQn4OMcXCwB}!DA zP5(efe}X>G+Lc3!L5Ohg?v2`lM^l z2k|gUtWkX=%KZjMYE-N zbD1cWx2?on&FkY@l2`)MmFRZA))cK?c5r7%vitoV{Qa9GJdvhZhU^!&^IHrqJr8W2 zgd=n580?l|d^(^%WKCdy9=vZgg?S0iZpAU(-ho>ETg4JiEsxs5D&G;vOd{}b2=*!o zm4&$)3EoYQOCUebe<1&Uu-cXRP6{8v?tn2PW3aY%p5r&M%v#!9YPyjxx$kAf&*%nS zGHN#P<1G2YR^#`-uu`oB?0ib2^mSo=gq)NVX~6iW+w0I4#2*!liKhL`ILwz_ z>bKrAEziePUe4W?t+4~qOAZ>d736rksN`toOhXaI>kF|oNNt@qHdUOC_wAylT2^-9 znh0+(nd_yH*a_DovzrVR=bEFqgVR9~cesmfMXU5WDk;jfv40sBm}L^(9bUPHQAs4V zv8hv6UmJNOG$Ma;@oE5$=&@oixR$=`H0tw$I(!nCd=kYgn`6!; z*JPGX&$znh0?W=JuT;PS;14AM--HUYYL-n60uetI0y-CuZqGLnju(AM;NbBMLy%@n+2r7=ifKCpg*$z@Q20=lU=ta^(=2s0W&-CWm{-*vZ5E161|<4S&G z9lC3^%f@vc)qxfzv(aRPcIZ{D5eXn8rlpy0Jr2RN!S?i zXudr_zeMKOsxAATcgMw=MK%~d^dg%@O->IDo2ej*z6R(vArI#pwWQs|55j! zfAsMn`_9ugsf3sp={ol`iI>H6vEyIeAA{Sz=CiU2w<{=P_A_BE&_!QTtf*{PHSJGs zWV50?WY*T| zDur-7Fi|n@o@D+=HGk)2@_$a9?;$1T%3MCtHcF&o$+|EjQiWNyG>&+<>k|1Q<5hJorJqFF$?FPz zcrIah7Hc0tm0JI-A06axKJ#>>%ln$YU{`$XO~KDk=p8=QZSPKbd(`!teL2kLkPdVO zJ4_uHFL)L7$#~g!`@4tt|1FLlezs#>S~)j`t4$x=?x}xc-DBnZV&JgKZDYF)7(Y;l%7~3lcXn~ai7`kP;%0JUT1hV`;?`u7O4%X-W{XX8`_I^HI z4$2cxe}L_A0+jy;9)N@Of5ii^v;5cKzH8lWyW=tBe-(%`#wZ5czWqQ#KvLFkbb>M9 zNoON^!@wxR)@MJnY=uIJ^l2U zBFJO*{>I`}SC%jF@BaU*Fyl7`GzNP**keAIZ8isZ^|luBAMjB6!OP%S=>z`~y%q?1 zW7@0RM#u@DuqLP@$%16HuMn7dZnD@F_V!v&tm0Q>&K(T4O2sbjW8hRe;&heKJuV;r~$>k9EHWl`d;nj6yzK(s~iP zV@Vd1Nu2)~Xoq!?MWS0OD$D&-G5tJiU*jrWZiKhPn95CV-^$gGMHc9)_u=7Zn2*TN zlb|F9SUpLb5ba@6t90p1s8)!0P~%Mf_;VTQ>0{SLHzOaao=#eo*u?)JLM8@7ZizS7 ze1d2n)ZppW{F|&N!dQDNgtEBrc*(PQtRx0@^dajWkSPnpq+3^y$#fh`a&+>}UFh>b z6f!NBBAT*m0`1Ux*J;d+t==bOj2#y-t$$2nKgR$8ob-TY>J%tA9JY+qt5W6x8o95E zeJqLJv*lj|wTvE)K!K?X_x)gU(s+hg#B4w*RJ9#^RXU^P30|SENm>`JpL7y+=L95+O?NB2NZ%7sn|bq=^>*%UyWMyTaU=?xyGhIj6B)PDp8T*_z{)e@gnT2 zp!B8j*eM`hm=6Jzp_FP$Ws*H%L?|~1tpQ7v_r}GEULUT;G6(`EREQ;1Z(#JiYD(xF zy{0GjeZxzQEDWZ!nAb2h#()O1nnuOLbAd=$1ZaweJb;yvHN?t0d4M}hRWuOsqYwdY z0IS1`&POTNaw#p4;fVzYT-g>t9l9Vn#O}pv4ZUT!uxXU9=Mh2Kk<09D^9a#|xgUlk zVwg?caoW(A<(y!&kUhU(1=`Ei$=VvE|9q-`Kt(#(mfQY|^S(qN(2+z6ZXM9YzadZX z9g=|6+exRDD1d@T{(L`=}_ ze4u$9-jX;$R~Q0Tzrh^TcR&xag9>;)tC!>5ptm4pLWaN?{;h2wn`kFPI>LwWvw+Lq z5&@wt5C(u>Seax5tO@0MfJ>Yc3yf_O#rKEhG(muD!fA#868RF%BFdh)GUj3ob)Ozn zr_RWzY7t^@jC2szg3e&eC6Vwo>T_bl^ZC3OAA+L}ydrZ$-JqDN%?^|U93&9<~Tb}+%+2?G4zM4!B&MN}2hD^ZFxEO>yT zB@jgE>rA}JWmy4G|>{g;$l9W}~qqa6(blOs83bi=yM;N1Ix_Kg0WeK@~`1>#{$ z%dXkQ*y5OovGXMvptE>@PAEoQs#P3G^=Cw?PRmEh%VRdvGg~k?CR{?_NE?Wku~r&k zN2QOnuah2HLq-2XCf5wzOOSB^kxc+Tq#Ny|ai`88iVkv%1uRa26=W|Vd*H88HD99N zrornULT4!^C}>teVhsC^Q!HeGAU=5h1MI2F8}!i0e3?cURRaKa+z{WOckrm5#tEkg zW+f`A=+!>3V3G3bDMm`n!$}Yr8xzgu7G;peBfr8XaGb1V3b!?iQ5!Y;ATrM))uy3Y zxFz%h-euH9+Msa6U(cvoHk?OS*Nqjp!YAej;ga)kx0ffbjKoKM`&L)2z<1Ni?pD)u zuqvnH%`_A9zi8?#LPR>je9BIQE#$mhE4-uo> zjWUZO95X<}G{QSv9YgiG$qiskI}mN-bS`Xkh15F3<_oDm!jX(&&OD8^!cs#Xe&0CPQi?s{KsdHEMb{3!S!iE9bEfDG%$bc?rc^erVhqf& z86E#cU49ADqm^;c$C%d%=YIt?oh9rA!onyj+Eg~bTca2NGf zQ>)Ol@@+7hU|Ddyw>BZOS$mxfvr^uvPw2@twJ5zKxM z#HMf!q8CLKC0QdR9>5eiAdQx4X>7{oQu0hX*lPbtM zP{!hFyX&J&#_DzX4^uCb^xe{NE{)g%&jp4!@PHbnnTC=TOcm#su;AkKBaX-er#29M zTi~0PUeCBfLHmdv$>*mC2+r@F+N+8#{PVhCj;v!X^3hPknz7ovF-X9wm}q2?u>*sb zvHm?6w&~{T(#L$Q5C}MuNzEr%n3-5dwr+Y?6ly+uSS!tmvrO!r;riwJz}@`W*=@Ag z7_XZVEVs>PH^aicX!QVO#AgiA9;&t{oqXuw+^ZR^gQ>(Ji%|#Ck-ZvvtbS>7e9f!+ zn9<$FK^&nU^a}zZ{BCoE$aO<^ysijB6zUKB<-=e#eNP#HX0;R1U-xCm zcOWhQtey6z_twQLS&h2h49^vF(y4}cZ59gSJ%ivT8_7}R>W!Y$L5SWMD|wCDxKzJ+ z4^!9%wCk0a#4Ao8gQ2>=dreoG-8^93Vf57bA=tUwj>EM^DmlvZ)6*KaO<>b-)kfXc z^PR;59@+i%Z@bQJPDlb4z-};WRe{vl?XOe{XC-%{PmO^G1f!OYqmfkJ7r)8}xZ zh;Ij5nJig!&ou7}do(M>j8gdUo#r#`;QOo`z~&<3jK{54*?8J|g}aO%`+5aiA>^Y2 zr!0p^X*zX~G~~^uI;QOg>8$qSZKh-48sKG+cXcNWMS9ybvt)&Yr>9U_Ab816WbF|YyfYJ$9ga*L%}ZLq zWt~ax8TMbI5C-Eq_UGUpsp)q?&GRnK0+A5H4T>;TnZA_OmTsQ4ld1%dSW0{0Z>a4` zuQ==$d2R&hgrlb3w%^yxNfY11#a~kK|A5s2K-!MBwc5I_uc~XE(D~y0reLjaGY%a0Xnr3}Iv*Y?HhYg^MU)zz9Yb4oTiBd~7 zD;Zt7jT*0tc&;42pMRyi73&QvHquUKlC0Vq-w_(OzgtL~G3n;uOmjQL*v zl3dbf;z;kG0F3K+8YL}=msxANeFb7i&>ZxrOX-*XkS6LpDd&5$Wl6?35ala)jU8Ye9&;oSe!Xj12ytQpG9hRBH@2X?-c4Fb$qLOI=~H>BOvd^$b@Z@oMUW#dc%d7kM_nc?|1qN1)#Z=Iv-8eFB%Bz8}Oq;XcIPf_(b6 z7R+{dsp3zisPt3H>s>Mr>xViAH@eJM(v?)k8pCPDIDmRZ_f%6bG+&qO!Q?q*mV>&r zk0M=JmZmG6n%P?tD@ zQjk4{joYl)a=K}IgV`x|49A9I)JsA6CAbJkC}JYP=vO7XS51Ilx+_d;lwTWtH#4{R z&;=Acl9&)#Ms0Qq&!0bJV4D)YI->m%{Zr%IqL%51bK!=W;-BZ3C!}GXQn@&fu`nGs zvIl2jky)?IeIV(OLV(j{`b-SRO~o(xO_%6?3})g?o8=v?{E(~rkdf=Lcr}Im6(U|c z?omG70Qd^JTVWA28(16k^_zy=2(LZWoWcVLm(2ZkWwOSc!)m7a`S^10{u7?>hvQvc z@*Df4bkfDC{4XiLTO)#HCqY+w-Rc5Eg*EN$r&P-2IA1dV_a6TZ;?B3m6;HD|cwB!g z!MFG|+448xZQ#xQ?aRClR^H}vp{_fU-nJLo7~Bd$^zO$OGUxXPW0wkVJD*o(5mfQl zJm}p+!}jve^Fg-%XHMw;g2}i0*7aXgJ5`walv!KJMDOxPOTI7uUPk8A)4!+U_Ae3^j(VPRtZZ+(rrw(;8? z$lo{mh4H;0O0VA_Xy7*X?0Yb*8vE~^y`&Ss>mp7UKMZ7lLUk@8xvV3b{^p1s!c)yB z3}ZhWIB>pqZQnvMHj#PIp(_;{;d^%t?Ub^W-yc#KV0YdH1P zV-q0QRWH}?^WE+BWvHI_2V+hGj8l)xjb^gL*D5qTsSt;z>MjZlEBwaLgY7kNe)7_( zVWYz&$m=mA;VfV$^TKZ&O9^16 zaF&c?J-1a2_r!=`J1!6;NMQ6c*qWd$m?BSBR}TCqtLtEUxRNv&Bt{q^l2Z$%^|UVX z8^#Y{7ziw$LUV>7j|%^Vd`+Yo@?CL@l z5vs}y+%0L?d{=OXXI~$h2ywNzFoYEk#*DGS)9@TtZAuG|=_dQgxfqeI4dzeTac)^^ zeN-c#-Y2%Md-FR}+@VzK`+y`dvpP7I84x>_r(t(CO;%Jd_%`grmHc>uSb)pd@6Vxs z^X21N9=hxX!d>wd!Jh<3Y6kN;Nfak&gPe$!{(&0%>!4BA0~l9!Bgw6+Raq)sYfgO5 z8uSWuvto>bkwn#ETQFm_z8ZW4MVVfu9>KIgFCsz4GjSEQ*0)iku9ir;Xh6$a#&=jL zi*4DgWLYYlJDFLSLdH9@xbA#zeS$jwb>dHB9Z_7@Sb%#OPi4KTx3&g2Gpns?Q1w=u zs^Y@ZRq<25vKU`s-z?oZMbWYYIutG!00q2+^(7&QkjAk#sWII+9-m$#<4;j9~} zN^bQvQZ220fBWXpu0}9WS$M>~UQS32`r0;A>rFu~)CBTyH1J>a!@Bks@-9%1;nb#U z-3vR4$dkA(c@Vpn*cIJ}bR2QinaXcU(H(Gu!O1Pjm6i*V-HKvwaExzj3FaL?PK}TFd(a8@AXS)&bB9|<`h9fVQ_;HZHvY7IVoW&R4{Xr; zcp55Nx1vLqE}8!d*xHGcyvrgm1rc1A7<+J0Xz=M3aNI{%zGMB{DuMy5=Rq6(PEWN{ zV_6xKNQF+}FCj5pJ9t2f-JFrL0r8lqW_k^CAf}b-;+kjC*q)GObH(0ZgnRZ85 z_{$dYF2>_{3SN7`a_gU1U#yS$ww~=Od9&7~<|_QQDg!yU^R5|T zA)ggODi_vnH^!AQ?Q0`#!!zqOo<8yGje+~o+=~o~yrG2(CH6Z?r%o{J1`sn4!u-L* zViYF?gm)$D!^PNs;CRa96)36deNAQ@3R+i}cerd=zVu@g#!QKZ-|;PnBpXiwF3%(z zCI+$K6v*e2Z1fVIzYVA%Q@lloX>p%qb5vD>6?=% zX{_uN3@aCdni$uT&=I!?@0H1eCb(4$J~~Gk?Mkvs>h28_oyloEizz>rl}$qoXZQ)k zfALJ0m?U4Qt^f8gwtb2v0+WJbXvN8d^9DYuH8(RdH}pal$~R$^sme=hUxGE9UsnEl zq9T1<2GdA+SqcT=Spx1blMFHCg{iq{*DzQ^A6vVk-l3!8O5FIL$MF?7^7Tt)0T2%(ky@hc}+}dLg9sHSjwpro0o$qPAuFL zDg1F4$w>-+@Z-dk!6|w#c+GVxv@1=Ebr#73r5#$7iBwwSQHez{c0?_-psa#$)V^za zH!JlM2{Pz#DPSbiEDA&7{%Ha{HGXU{9#|~ooP~p`MSU5^5@KE{RYycgL4h=q>n&7e z;-oeK(%E&fjYf&wA_pu-3^_Oik5aNyjEx@vVN4IA37TbzAz3LtDUIdJF_byRa=<$g zk!eyl7ajj`Vc`8Etk@H~Qh-tt5XT05yR=`@QmQ%w!}XJC_?$^TB+l1?Mtp zglOHv5%E>Q>2F^H&m}+2YpTIx!aHvonF47zUXJcfDEfwJh@_B?$2Jn}pEaVlHh^cg@J>|! zfVE@)h6f8K;K!wW32j_Hp24}EL5~bc>+8#2ab6K~0_X}nm!uB_Qk!aZm%;J-Ov)1d z>?aCUjw(K*k}g@N?A#92g35FLbM=_>BJNwvw)ZG1e~)IDUAcQkvrR1wpOs6Jk>Iq4 z+=^*l9lt_@R$ExjEc2i1l(fD`npOmGXz9v~R~*AwPgn{)qL;AX=IN%_Kv96-xuj6< z_j#xYqUH^L3z+l7HcnGD?~P`%r1mi0=K`lZ)Q zPG=74&;vqpN=V7kH$4};EGpiFU8WT8S*GE=j}%wK5c3EP_xeRqtrI}hE7HwYpnK5X z)zpy6*K0?i_sZV+hlcLn zGis0S5A$@;G?-Rch5e%zr4qb!1jshxx&HPx`hEw}^WD^5K~)I$FJsx7wx=2*NJe*s z-%hgzF3BTw#cnqH`@h8hdS7}UrbUAu+(c^s8{D3>sU6_?o&^hB4lRl4=VWg5r^lX} zR4s`#c#CwEXCi z@F+DGT};+=nIH_QWAA>%TO46N@6|7{rL0kFtYxtwmIB$b6xS?0LYlFuY+=q`byUl3 zG{1sNYqz0ERJLHLcy2x_o(orXa{cVR&yF5YYM<<6J2>0e@J@AC?|!gSKvmTMbE*Y{mkZp;X_W`g6$vw;Zv*TX;wHmy42b>eKd)cj&j&{g`rohL*VFw! zf4`0tNalY)FP2$b|6e4+!uVfub5%SYOc_KBT?}pP%^4I8%}t#NS-Jjwg)8&_Cx)>% zvVvje`2Pns{O1x1MpnOEY#IJQqd7Mumdh0~jU|fZxbNS)br@?xnQTj0qk0mII?e&~ zKi(&dB`XejFenS7hRoTbsoguEr2RmWNn*EXdBooDi%rxbPg)knqG)OAWrVEJL!mMm z!H;0eCf}cH6!P&iB9jmu{ILinI$=D~Oc{$fQ@UvY#u>UB$NBz^=lFGrw(qLZ*(6w5&rG6Sy`ZB`qnU0SmhmzqZ8Wcz9h9*N#A6?8ZJNOB^p=hu6^ zsu1}L_eABeONS`)!gn6lI1ddxwEdS1V;cAOH7+?3!M74eosHf^~r>av|z8XF4 z>$TF?c{9y6^t&79P15roK+_~tuaAj2ZRVxfdUSaBRD-3Ozh&eBPc^RVyu>Dw0TYVk zR5pk-1K7;n3g&RRF(x)!oAA%TecMw{U zi83*v$d2NTGw<6Gj(Z`#)zHUJs*Dt(IZkY~_11GIcpr|8wq`CzRhe=IU%Pq%pCcG@ z)uS~!Ej=b|W_6*C$wn)mO%;uOAXKi72D;__FseCl3JkYuwyu0SpSvcYc6O($Y>=XZ z3)Nn$^tXC=vsr&v|Bm)=!czLW)<1d2ncFjyHfpgi+Gx-DZ}ge^F0)V1d|T%nhxW&< zW}uCm4;6{eW*=O5dN#k*w{vxGLVSOLwOel}mSieyI%SYhSl*@{I}v}VUS4~L z2hrl1^VfN4o1#K!S*+yHH5)Fm8Ydl=#+C#ULFCjxb4#=Yd>FNXd(z&>8RrO+q6vI* z$v|dE_NXPZY_xS*=AyF0rdg>FEHHd3sh3P74eL$vhX_h5k#q1oDG{T%U-GVKPMk1! z5;K|$f#&nJ|Dv1co6y|g+6?e=LXQLN`GiZHMZ4`MUyM=Z-|j(yUWmy-lLXPThak8# zgCu%b__&_6W&MJ4WaEZ*uS$@tLm=(o4RS;c8uxHY^J8XMKrTs>aNoWL6tyE8va4)T zCP_>bP(bBBRaqF+AyI?&$V2X8p$%<6Fpx)ViT9P^_CXL~QvI<@SsGgD0HLj?G_Z)x} zfTfKw2m|HpYrDZezRJby;k!C-{nqphy730a_%~{Wz41EtYI~i%@7~Mf%KR_!YR0uE!M=W=+6343JEeLC z9J^u&|1jPDs#EEfT$ykCqKzGJbr>GcwLYNvmsX*I`2hmNBh69Qu4*W>7pI<}|{O52l)td>XTtX=G=*?AF=d%G+ICU+X)ZXst*i`KFE3J`%XB+ za&2Q_(L|woY_qSl@A}MJi|ucVbe%oV`}KUVfJ}4xo9QJOnrEX8L_zPiXD4rlT|2&} zO&_Uclv~TQb+EX5 zXUo^Rv%lVj6ZV_Q=PF1-9prcZC*O+AWg!Lua%hkhrx%A;=tq0Y2FbnugDr9G|MWQc zFG4seJ2U(L6UPHM{2(zPFd$MdMrmwxWpXb@Y+-a|L}g=dWMwZ@d2nSfSW;zXFIQVJ zATuB`T`x&)WMz0;Fd#E9HC-=BL?Bx{GBRW`IAk(2Gc_<`WHMtmVPQ5mF*P)0WjQ%v zG-EbpK0GoqH83+XFk><^GBz_|Gh}3CFgId3IWRajG%;f|I50k4FH&!BbRaV@GaxV^ zQZGzpZfA68AU8ELFH>oHWgs&!H9kIbbaG{3Z3=jtHPly3R6!KR@i}+zUJD??svw|( zqNu2diem5Bd+!YqD`M}xgS~;hfxRO(Y}lfSB{7g;MJG{tq5A^LI=xWAO>T3^oXP<>fB0biy81%D{e7C z;hIZ{$^59fw3tC-HJ250KUZ^rnAyEG2Z?zZt+||-;wa4_B37Q}P%*DMYOWxXR;0P2 zh@GT448yT9PR9EfiLqD*>sdxTCQhU%%=iC1FZTJOudWt>QCJ15Vl|A$7_5#puqM{R zIIN9zF&^t<18j(i*ch8&5;nzVn2gP_1-8Q0*cRJid+dN6u@k0X7wn4Nusim^p4ba} zV;}5?{c!*e#KAZOhvG0Cjw5gsj>a)K7RTXuOvQGx!9cMBK4>LK ztduF+|5JGhtjF+uF;eLCvF3K)j|-O@aR$!B zOq_+YaSqPKc{m>z;6hx4i*X4q#bvl0SK=yMjcaf%uEX`X0XO0%%))Hkf?IJLZpWRt z3wPrl%)wmThx_pW9>ha<7?0plJch?H5A*RPp2E|32G8O-ynq++5?;nDconZCrezfbDiQsR93uDKSL#Q-cPR;RBz8Z4G)tMB}J!n6`1uG9j} zq2h}F;XBJRP%9P19{NplCGW+buQ@{Oy|pz*ikWN%_>3UhQ}a&&ldWo8OAH8?piFbX9lMNdWw`j42@ diff --git a/cdm/cdm.gyp b/cdm/cdm.gyp index adea015c..6689c8e8 100644 --- a/cdm/cdm.gyp +++ b/cdm/cdm.gyp @@ -115,13 +115,6 @@ '../core/src/oemcrypto_adapter_static.cpp', ], }], - # TODO(b/139814713): For testing and internal use only. - ['oemcrypto_adapter_type=="static_v15"', { - 'sources': [ - '../core/src/oemcrypto_adapter_static.cpp', - '../core/src/oemcrypto_adapter_static_v16.cpp', - ], - }], ], }, # widevine_cdm_core target { diff --git a/cdm/cdm_unittests.gyp b/cdm/cdm_unittests.gyp index 42dd7c13..14798295 100644 --- a/cdm/cdm_unittests.gyp +++ b/cdm/cdm_unittests.gyp @@ -64,13 +64,6 @@ 'oec_ref', ], }], - # TODO(b/139814713): For testing and internal use only. - ['oemcrypto_adapter_type=="static_v15"', { - 'defines': [ - # This is used by the unit tests to use some v15 functions. - 'TEST_OEMCRYPTO_V15', - ], - }], ['oemcrypto_lib=="level3"', { 'sources': [ # The test impl of OEMCrypto_Level3FileSystem and its factory. diff --git a/cdm/include/cdm_version.h b/cdm/include/cdm_version.h index 2fb94a6d..3f89e1e4 100644 --- a/cdm/include/cdm_version.h +++ b/cdm/include/cdm_version.h @@ -1,5 +1,5 @@ // Widevine CE CDM Version #ifndef CDM_VERSION -# define CDM_VERSION "16.4.0" +# define CDM_VERSION "16.4.1" #endif #define EME_VERSION "https://www.w3.org/TR/2017/REC-encrypted-media-20170918" diff --git a/cdm/test/cdm_test.cpp b/cdm/test/cdm_test.cpp index d3311ee8..5306fa3f 100644 --- a/cdm/test/cdm_test.cpp +++ b/cdm/test/cdm_test.cpp @@ -335,12 +335,11 @@ class CdmTest : public WvCdmTestBase, public Cdm::IEventListener { } } - void FetchLicenseFailure(const std::string& message, - int expected_status_code) { + void FetchLicenseFailure(const std::string& message) { int status_code; bool ok = Fetch(config_.license_server(), message, nullptr, &status_code); ASSERT_TRUE(ok); - if (ok) ASSERT_EQ(expected_status_code, status_code); + if (ok) ASSERT_THAT(status_code, AllOf(Ge(400), Le(599))); } void CreateSessionAndGenerateRequest(Cdm::SessionType session_type, @@ -1901,7 +1900,7 @@ TEST_F(CdmTest, RequestPersistentLicenseWithWrongInitData) { Mock::VerifyAndClear(this); // The license server will reject this. - FetchLicenseFailure(message, 500); + FetchLicenseFailure(message); } // TODO(b/34949512): Fix this test so it can be re-enabled. diff --git a/oemcrypto/odk/Android.bp b/oemcrypto/odk/Android.bp new file mode 100644 index 00000000..41aa3e3a --- /dev/null +++ b/oemcrypto/odk/Android.bp @@ -0,0 +1,88 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +// ---------------------------------------------------------------- +// Builds libwv_odk.a, The ODK Library (libwv_odk) is used by +// the CDM and by oemcrypto implementations. +cc_library_static { + name: "libwv_odk", + include_dirs: [ + "vendor/widevine/libwvdrmengine/oemcrypto/include", + "vendor/widevine/libwvdrmengine/oemcrypto/odk/include", + "vendor/widevine/libwvdrmengine/oemcrypto/odk/src", + ], + + srcs: [ + "src/odk.c", + "src/odk_overflow.c", + "src/odk_serialize.c", + "src/odk_timer.c", + "src/odk_util.c", + "src/serialization_base.c", + ], + proprietary: true, + + owner: "widevine", +} + +// ---------------------------------------------------------------- +// Builds libwv_kdo.a, The ODK Library companion (libwv_kdo) is used by +// the CDM and by oemcrypto tests, but not by oemcrypto implementations. +cc_library_static { + name: "libwv_kdo", + include_dirs: [ + "vendor/widevine/libwvdrmengine/oemcrypto/include", + "vendor/widevine/libwvdrmengine/oemcrypto/odk/include", + "vendor/widevine/libwvdrmengine/oemcrypto/odk/src", + ], + + srcs: [ + "src/core_message_deserialize.cpp", + "src/core_message_serialize.cpp", + "src/core_message_serialize_proto.cpp", + ], + + static_libs: [ + "libcdm_protos", + "libwv_odk", + ], + + proprietary: true, + + owner: "widevine", +} + +// ---------------------------------------------------------------- +// Builds odk_test executable, which tests the ODK library. +cc_test { + name: "odk_test", + include_dirs: [ + "vendor/widevine/libwvdrmengine/oemcrypto/include", + "vendor/widevine/libwvdrmengine/oemcrypto/odk/include", + "vendor/widevine/libwvdrmengine/oemcrypto/odk/src", + ], + + // WARNING: Module tags are not supported in Soong. + // For native test binaries, use the "cc_test" module type. Some differences: + // - If you don't use gtest, set "gtest: false" + // - Binaries will be installed into /data/nativetest[64]// + // - Both 32 & 64 bit versions will be built (as appropriate) + + owner: "widevine", + proprietary: true, + + static_libs: [ + "libcdm_protos", + "libcdm", + "libwv_odk", + "libwv_kdo", + ], + + srcs: [ + "test/odk_test.cpp", + "test/odk_test_helper.cpp", + "test/odk_timer_test.cpp", + ], + +} diff --git a/oemcrypto/odk/README b/oemcrypto/odk/README new file mode 100644 index 00000000..ba8c8c73 --- /dev/null +++ b/oemcrypto/odk/README @@ -0,0 +1,10 @@ +This ODK Library is used to generate and parse core OEMCrypto messages for +OEMCrypto v16 and above. + +This library is used by both OEMCrypto on a device, and by Widevine license and +provisioning servers. + +The source of truth for these files is in the server code base on piper. Do not +edit these files in the Android directory tree or in the Widevine Git +repository. If you need to edit these files and are not sure how to procede, +please ask for help from an engineer on the Widevine server or device teams. diff --git a/oemcrypto/odk/include/OEMCryptoCENCCommon.h b/oemcrypto/odk/include/OEMCryptoCENCCommon.h new file mode 100644 index 00000000..5e54cc6b --- /dev/null +++ b/oemcrypto/odk/include/OEMCryptoCENCCommon.h @@ -0,0 +1,173 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +/********************************************************************* + * OEMCryptoCENCCommon.h + * + * Common structures and error codes between WV servers and OEMCrypto. + * + *********************************************************************/ + +#ifndef WIDEVINE_ODK_INCLUDE_OEMCRYPTOCENCCOMMON_H_ +#define WIDEVINE_ODK_INCLUDE_OEMCRYPTOCENCCOMMON_H_ + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/// @addtogroup common_types +/// @{ + +/* clang-format off */ +/** Error and result codes returned by OEMCrypto functions. */ +typedef enum OEMCryptoResult { + OEMCrypto_SUCCESS = 0, + OEMCrypto_ERROR_INIT_FAILED = 1, + OEMCrypto_ERROR_TERMINATE_FAILED = 2, + OEMCrypto_ERROR_OPEN_FAILURE = 3, + OEMCrypto_ERROR_CLOSE_FAILURE = 4, + OEMCrypto_ERROR_ENTER_SECURE_PLAYBACK_FAILED = 5, /* deprecated */ + OEMCrypto_ERROR_EXIT_SECURE_PLAYBACK_FAILED = 6, /* deprecated */ + OEMCrypto_ERROR_SHORT_BUFFER = 7, + OEMCrypto_ERROR_NO_DEVICE_KEY = 8, /* no keybox device key. */ + OEMCrypto_ERROR_NO_ASSET_KEY = 9, + OEMCrypto_ERROR_KEYBOX_INVALID = 10, + OEMCrypto_ERROR_NO_KEYDATA = 11, + OEMCrypto_ERROR_NO_CW = 12, + OEMCrypto_ERROR_DECRYPT_FAILED = 13, + OEMCrypto_ERROR_WRITE_KEYBOX = 14, + OEMCrypto_ERROR_WRAP_KEYBOX = 15, + OEMCrypto_ERROR_BAD_MAGIC = 16, + OEMCrypto_ERROR_BAD_CRC = 17, + OEMCrypto_ERROR_NO_DEVICEID = 18, + OEMCrypto_ERROR_RNG_FAILED = 19, + OEMCrypto_ERROR_RNG_NOT_SUPPORTED = 20, + OEMCrypto_ERROR_SETUP = 21, + OEMCrypto_ERROR_OPEN_SESSION_FAILED = 22, + OEMCrypto_ERROR_CLOSE_SESSION_FAILED = 23, + OEMCrypto_ERROR_INVALID_SESSION = 24, + OEMCrypto_ERROR_NOT_IMPLEMENTED = 25, + OEMCrypto_ERROR_NO_CONTENT_KEY = 26, + OEMCrypto_ERROR_CONTROL_INVALID = 27, + OEMCrypto_ERROR_UNKNOWN_FAILURE = 28, + OEMCrypto_ERROR_INVALID_CONTEXT = 29, + OEMCrypto_ERROR_SIGNATURE_FAILURE = 30, + OEMCrypto_ERROR_TOO_MANY_SESSIONS = 31, + OEMCrypto_ERROR_INVALID_NONCE = 32, + OEMCrypto_ERROR_TOO_MANY_KEYS = 33, + OEMCrypto_ERROR_DEVICE_NOT_RSA_PROVISIONED = 34, + OEMCrypto_ERROR_INVALID_RSA_KEY = 35, + OEMCrypto_ERROR_KEY_EXPIRED = 36, + OEMCrypto_ERROR_INSUFFICIENT_RESOURCES = 37, + OEMCrypto_ERROR_INSUFFICIENT_HDCP = 38, + OEMCrypto_ERROR_BUFFER_TOO_LARGE = 39, + OEMCrypto_WARNING_GENERATION_SKEW = 40, /* Warning, not error. */ + OEMCrypto_ERROR_GENERATION_SKEW = 41, + OEMCrypto_LOCAL_DISPLAY_ONLY = 42, /* Info, not an error. */ + OEMCrypto_ERROR_ANALOG_OUTPUT = 43, + OEMCrypto_ERROR_WRONG_PST = 44, + OEMCrypto_ERROR_WRONG_KEYS = 45, + OEMCrypto_ERROR_MISSING_MASTER = 46, + OEMCrypto_ERROR_LICENSE_INACTIVE = 47, + OEMCrypto_ERROR_ENTRY_NEEDS_UPDATE = 48, + OEMCrypto_ERROR_ENTRY_IN_USE = 49, + OEMCrypto_ERROR_USAGE_TABLE_UNRECOVERABLE = 50, /* Obsolete. Don't use. */ + /* Use OEMCrypto_ERROR_NO_CONTENT_KEY instead of KEY_NOT_LOADED. */ + OEMCrypto_KEY_NOT_LOADED = 51, /* Obsolete. */ + OEMCrypto_KEY_NOT_ENTITLED = 52, + OEMCrypto_ERROR_BAD_HASH = 53, + OEMCrypto_ERROR_OUTPUT_TOO_LARGE = 54, + OEMCrypto_ERROR_SESSION_LOST_STATE = 55, + OEMCrypto_ERROR_SYSTEM_INVALIDATED = 56, + OEMCrypto_ERROR_LICENSE_RELOAD = 57, + OEMCrypto_ERROR_MULTIPLE_USAGE_ENTRIES = 58, + OEMCrypto_WARNING_MIXED_OUTPUT_PROTECTION = 59, + /* ODK return values */ + ODK_ERROR_BASE = 1000, + ODK_ERROR_CORE_MESSAGE = ODK_ERROR_BASE, + ODK_SET_TIMER = ODK_ERROR_BASE + 1, + ODK_DISABLE_TIMER = ODK_ERROR_BASE + 2, + ODK_TIMER_EXPIRED = ODK_ERROR_BASE + 3, + ODK_UNSUPPORTED_API = ODK_ERROR_BASE + 4, + ODK_STALE_RENEWAL = ODK_ERROR_BASE + 5, +} OEMCryptoResult; +/* clang-format on */ + +/** + * Valid values for status in the usage table. + */ +typedef enum OEMCrypto_Usage_Entry_Status { + kUnused = 0, + kActive = 1, + kInactive = 2, /* Deprecated. Use kInactiveUsed or kInactiveUnused. */ + kInactiveUsed = 3, + kInactiveUnused = 4, +} OEMCrypto_Usage_Entry_Status; + +/** + * OEMCrypto_LicenseType is used in the license message to indicate if the key + * objects are for content keys, or for entitlement keys. + */ +typedef enum OEMCrypto_LicenseType { + OEMCrypto_ContentLicense = 0, + OEMCrypto_EntitlementLicense = 1, + OEMCrypto_LicenstType_MaxValue = OEMCrypto_EntitlementLicense, +} OEMCrypto_LicenseType; + +/* Private key type used in the provisioning response. */ +typedef enum OEMCrypto_PrivateKeyType { + OEMCrypto_RSA_Private_Key = 0, + OEMCrypto_ECC_Private_Key = 1, +} OEMCrypto_PrivateKeyType; + +/** + * Used to indicate a substring of a signed message in OEMCrypto_LoadKeys and + * other functions which must verify that a parameter is contained within a + * signed message. + */ +typedef struct { + size_t offset; + size_t length; +} OEMCrypto_Substring; + +/** + * Points to the relevant fields for a content key. The fields are extracted + * from the License Response message offered to OEMCrypto_LoadKeys(). Each + * field points to one of the components of the key. Key data, key control, + * and both IV fields are 128 bits (16 bytes): + * @param key_id: the unique id of this key. + * @param key_id_length: the size of key_id. OEMCrypto may assume this is at + * most 16. However, OEMCrypto shall correctly handle key id lengths + * from 1 to 16 bytes. + * @param key_data_iv: the IV for performing AES-128-CBC decryption of the + * key_data field. + * @param key_data - the key data. It is encrypted (AES-128-CBC) with the + * session's derived encrypt key and the key_data_iv. + * @param key_control_iv: the IV for performing AES-128-CBC decryption of the + * key_control field. + * @param key_control: the key control block. It is encrypted (AES-128-CBC) with + * the content key from the key_data field. + * + * The memory for the OEMCrypto_KeyObject fields is allocated and freed + * by the caller of OEMCrypto_LoadKeys(). + */ +typedef struct { + OEMCrypto_Substring key_id; + OEMCrypto_Substring key_data_iv; + OEMCrypto_Substring key_data; + OEMCrypto_Substring key_control_iv; + OEMCrypto_Substring key_control; +} OEMCrypto_KeyObject; + +/// @} + +#ifdef __cplusplus +} +#endif + +#endif // WIDEVINE_ODK_INCLUDE_OEMCRYPTOCENCCOMMON_H_ diff --git a/oemcrypto/odk/include/core_message_deserialize.h b/oemcrypto/odk/include/core_message_deserialize.h new file mode 100644 index 00000000..93cf8002 --- /dev/null +++ b/oemcrypto/odk/include/core_message_deserialize.h @@ -0,0 +1,69 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +/********************************************************************* + * core_message_deserialize.h + * + * OEMCrypto v16 Core Message Serialization library counterpart (a.k.a. KDO) + * + * This file declares functions to deserialize request messages prepared by + * Widevine clients (OEMCrypto/ODK). + * + * Please refer to core_message_types.h for details. + * + *********************************************************************/ + +#ifndef WIDEVINE_ODK_INCLUDE_CORE_MESSAGE_DESERIALIZE_H_ +#define WIDEVINE_ODK_INCLUDE_CORE_MESSAGE_DESERIALIZE_H_ + +#include "core_message_types.h" + +namespace oemcrypto_core_message { +namespace deserialize { + +/** + * Counterpart (deserializer) of ODK_PrepareCoreLicenseRequest (serializer) + * + * Parameters: + * [in] oemcrypto_core_message + * [out] core_license_request + */ +bool CoreLicenseRequestFromMessage(const std::string& oemcrypto_core_message, + ODK_LicenseRequest* core_license_request); + +/** + * Counterpart (deserializer) of ODK_PrepareCoreRenewalRequest (serializer) + * + * Parameters: + * [in] oemcrypto_core_message + * [out] core_renewal_request + */ +bool CoreRenewalRequestFromMessage(const std::string& oemcrypto_core_message, + ODK_RenewalRequest* core_renewal_request); + +/** + * Counterpart (deserializer) of ODK_PrepareCoreProvisioningRequest (serializer) + * + * Parameters: + * [in] oemcrypto_core_message + * [out] core_provisioning_request + */ +bool CoreProvisioningRequestFromMessage( + const std::string& oemcrypto_core_message, + ODK_ProvisioningRequest* core_provisioning_request); + +/** + * Serializer counterpart is not used and is therefore not implemented. + * + * Parameters: + * [in] oemcrypto_core_message + * [out] core_common_request + */ +bool CoreCommonRequestFromMessage(const std::string& oemcrypto_core_message, + ODK_CommonRequest* core_common_request); + +} // namespace deserialize +} // namespace oemcrypto_core_message + +#endif // WIDEVINE_ODK_INCLUDE_CORE_MESSAGE_DESERIALIZE_H_ diff --git a/oemcrypto/odk/include/core_message_serialize.h b/oemcrypto/odk/include/core_message_serialize.h new file mode 100644 index 00000000..619a0857 --- /dev/null +++ b/oemcrypto/odk/include/core_message_serialize.h @@ -0,0 +1,68 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +/********************************************************************* + * core_message_serialize.h + * + * OEMCrypto v16 Core Message Serialization library counterpart (a.k.a. KDO) + * + * This file declares functions to serialize response messages that will be + * parsed by Widevine clients (OEMCrypto/ODK). + * + * Please refer to core_message_types.h for details. + * + *********************************************************************/ + +#ifndef WIDEVINE_ODK_INCLUDE_CORE_MESSAGE_SERIALIZE_H_ +#define WIDEVINE_ODK_INCLUDE_CORE_MESSAGE_SERIALIZE_H_ + +#include "core_message_types.h" +#include "odk_structs.h" + +namespace oemcrypto_core_message { +namespace serialize { + +/** + * Counterpart (serializer) of ODK_ParseLicense (deserializer) + * struct-input variant + * + * Parameters: + * [in] parsed_lic + * [in] core_request + * [in] core_request_sha256 + * [out] oemcrypto_core_message + */ +bool CreateCoreLicenseResponse(const ODK_ParsedLicense& parsed_lic, + const ODK_LicenseRequest& core_request, + const std::string& core_request_sha256, + std::string* oemcrypto_core_message); + +/** + * Counterpart (serializer) of ODK_ParseRenewal (deserializer) + * + * Parameters: + * [in] core_request + * [in] renewal_duration_seconds + * [out] oemcrypto_core_message + */ +bool CreateCoreRenewalResponse(const ODK_RenewalRequest& core_request, + uint64_t renewal_duration_seconds, + std::string* oemcrypto_core_message); + +/** + * Counterpart (serializer) of ODK_ParseProvisioning (deserializer) + * struct-input variant + * + * Parameters: + * [in] parsed_prov + * [in] core_request + * [out] oemcrypto_core_message + */ +bool CreateCoreProvisioningResponse(const ODK_ParsedProvisioning& parsed_prov, + const ODK_ProvisioningRequest& core_request, + std::string* oemcrypto_core_message); +} // namespace serialize +} // namespace oemcrypto_core_message + +#endif // WIDEVINE_ODK_INCLUDE_CORE_MESSAGE_SERIALIZE_H_ diff --git a/oemcrypto/odk/include/core_message_serialize_proto.h b/oemcrypto/odk/include/core_message_serialize_proto.h new file mode 100644 index 00000000..b9dd34e0 --- /dev/null +++ b/oemcrypto/odk/include/core_message_serialize_proto.h @@ -0,0 +1,62 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +/********************************************************************* + * core_message_serialize_proto.h + * + * These functions are an extension of those found in + * core_message_serialize.h. The difference is that these use the + * license and provisioning messages in protobuf format to create the core + * message. + *********************************************************************/ + +#ifndef WIDEVINE_ODK_INCLUDE_CORE_MESSAGE_SERIALIZE_PROTO_H_ +#define WIDEVINE_ODK_INCLUDE_CORE_MESSAGE_SERIALIZE_PROTO_H_ + +#include +#include + +#include "core_message_types.h" +#include "license_protocol.pb.h" + +namespace oemcrypto_core_message { +namespace serialize { + +// @ public create response (serializer) functions accepting proto input + +/** + * Counterpart (serializer) of ODK_ParseLicense (deserializer) + * + * Parameters: + * [in] serialized_license + serialized video_widevine::License + * [in] core_request oemcrypto core message from request. + * [in] core_request_sha256 - hash of serialized core request. + * [in] nonce_required - if the device should require a nonce match. + * [out] oemcrypto_core_message - the serialized oemcrypto core response. + */ +bool CreateCoreLicenseResponseFromProto(const std::string& serialized_license, + const ODK_LicenseRequest& core_request, + const std::string& core_request_sha256, + const bool nonce_required, + std::string* oemcrypto_core_message); + +/** + * Counterpart (serializer) of ODK_ParseProvisioning (deserializer) + * + * Parameters: + * [in] serialized_provisioning_response + * serialized video_widevine::ProvisioningResponse + * [in] core_request + * [out] oemcrypto_core_message + */ +bool CreateCoreProvisioningResponseFromProto( + const std::string& serialized_provisioning_response, + const ODK_ProvisioningRequest& core_request, + std::string* oemcrypto_core_message); + +} // namespace serialize +} // namespace oemcrypto_core_message + +#endif // WIDEVINE_ODK_INCLUDE_CORE_MESSAGE_SERIALIZE_PROTO_H_ diff --git a/oemcrypto/odk/include/core_message_types.h b/oemcrypto/odk/include/core_message_types.h new file mode 100644 index 00000000..0f45f006 --- /dev/null +++ b/oemcrypto/odk/include/core_message_types.h @@ -0,0 +1,112 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +// clang-format off +/********************************************************************* + * core_message_types.h + * + * OEMCrypto v16 Core Message Serialization library counterpart (a.k.a. KDO) + * + * For Widevine Modular DRM, there are six message types between a server and + * a client device: license request and response, provisioning request and + * response, and renewal request and response. + * + * In OEMCrypto v15 and earlier, messages from the server were parsed by the + * CDM layer above OEMCrypto; the CDM in turn gave OEMCrypto a collection of + * pointers to protected data within the message. However, the pointers + * themselves were not signed by the server. + * + * Starting from OEMCrypto v16, all fields used by OEMCrypto in each of these + * messages have been identified in the document "Widevine Core Message + * Serialization". These fields are called the core of the message. Core + * message fields are (de)serialized using the ODK, a C library provided by + * Widevine. OEMCrypto will parse and verify the core of the message with + * help from the ODK. + * + * The KDO library is the counterpart of ODK used in the CDM & Widevine + * servers. For each message type generated by the ODK, KDO provides a + * corresponding parser. For each message type to be parsed by the ODK, + * KDO provides a corresponding writer. + * + * Table: ODK vs KDO (s: serialize; d: deserialize) + * +----------------------------------------+---------------------------------------+ + * | ODK | KDO | + * +---+------------------------------------+---+-----------------------------------+ + * | s | ODK_PrepareCoreLicenseRequest | d | CoreLicenseRequestFromMessage | + * | +------------------------------------+ +-----------------------------------+ + * | | ODK_PrepareCoreRenewalRequest | | CoreRenewalRequestFromMessage | + * | +------------------------------------+ +-----------------------------------+ + * | | ODK_PrepareCoreProvisioningRequest | | CoreProvisioningRequestFromMessage| + * | +------------------------------------+ +-----------------------------------+ + * | | ODK_PrepareCommonRequest | | CoreCommonRequestFromMessage | + * +---+------------------------------------+---+-----------------------------------+ + * | d | ODK_ParseLicense | s | CreateCoreLicenseResponse | + * | +------------------------------------+ +-----------------------------------+ + * | | ODK_ParseRenewal | | CreateCoreRenewalResponse | + * | +------------------------------------+ +-----------------------------------+ + * | | ODK_ParseProvisioning | | CreateCoreProvisioningResponse | + * +---+------------------------------------+---+-----------------------------------+ + * + *********************************************************************/ +// clang-format on + +#ifndef WIDEVINE_ODK_INCLUDE_CORE_MESSAGE_TYPES_H_ +#define WIDEVINE_ODK_INCLUDE_CORE_MESSAGE_TYPES_H_ + +#include +#include + +namespace oemcrypto_core_message { + +// @ input/output structs + +/** + * Output structure for CommonRequestFromMessage + * Input structure for CreateCommonResponse + */ +struct ODK_CommonRequest { + uint16_t api_minor_version; + uint16_t api_major_version; + uint32_t nonce; + uint32_t session_id; +}; + +/** + * Output structure for CoreLicenseRequestFromMessage + * Input structure for CreateCoreLicenseResponse + */ +struct ODK_LicenseRequest { + uint16_t api_minor_version; + uint16_t api_major_version; + uint32_t nonce; + uint32_t session_id; +}; + +/** + * Output structure for CoreRenewalRequestFromMessage + * Input structure for CreateCoreRenewalResponse + */ +struct ODK_RenewalRequest { + uint16_t api_minor_version; + uint16_t api_major_version; + uint32_t nonce; + uint32_t session_id; + uint64_t playback_time_seconds; +}; + +/** + * Output structure for CoreProvisioningRequestFromMessage + * Input structure for CreateCoreProvisioningResponse + */ +struct ODK_ProvisioningRequest { + uint16_t api_minor_version; + uint16_t api_major_version; + uint32_t nonce; + uint32_t session_id; + std::string device_id; +}; + +} // namespace oemcrypto_core_message + +#endif // WIDEVINE_ODK_INCLUDE_CORE_MESSAGE_TYPES_H_ diff --git a/oemcrypto/odk/include/odk.h b/oemcrypto/odk/include/odk.h new file mode 100644 index 00000000..588f185a --- /dev/null +++ b/oemcrypto/odk/include/odk.h @@ -0,0 +1,607 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +/** + * @mainpage OEMCrypto v16 Core Message Serialization library + * + * For Widevine Modular DRM, there are six message types between a server and + * a client device: license request and response, provisioning request and + * response, and renewal request and response. + * + * In OEMCrypto v15 and earlier, messages from the server were parsed by the + * CDM layer above OEMCrypto; the CDM in turn gave OEMCrypto a collection of + * pointers to protected data within the message. However, the pointers + * themselves were not signed by the server. + * + * Starting from OEMCrypto v16, all fields used by OEMCrypto in each of these + * messages have been identified in the document "Widevine Core Message + * Serialization". These fields are called the core of the message. Core + * message fields are (de)serialized using the ODK, a C library provided by + * Widevine. OEMCrypto will parse and verify the core of the message with + * help from the ODK. + * + * The ODK functions that parse code will fill out structs that have similar + * formats to the function parameters of the OEMCrypto v15 functions being + * replaced. The ODK will be provided in source code and it is Widevine's + * intention that partners can build and link ODK with their implementation + * of OEMCrypto with no or few code changes. + * + * OEMCrypto implementers shall build the ODK library as part of the Trusted + * Application (TA) running in the TEE. All memory and buffers used by the + * ODK library shall be sanitized by the OEMCrypto implementer to prevent + * modification by any process running the REE. + * + * See the documents + * Widevine Core Message Serialization + * and + * License Duration and Renewal + * for a detailed description of the ODK API. You can + * find these documents in the widevine repository as + * docs/Widevine_Core_Message_Serialization.pdf and + * docs/License_Duration_and_Renewal.pdf + * + * @defgroup odk_parser Core Message Parsing and Verification + * Functions that parse core messages and verify they are valid. + * TODO(fredgc): add documentation for parsing functions. + * + * @defgroup odk_packer Core Message Creation + * Functions that create core messages. + * TODO(fredgc): add documentation for packing functions. + * + * @defgroup odk_timer Timer and Clock Functions + * Functions related to enforcing timer and duration restrictions. + * TODO(fredgc): add documentation for timers and clocks. + * + * @defgroup common_types Common Types + * Enumerations and structures that are used by several OEMCrypto and ODK + * functions. + *********************************************************************/ + +#ifndef WIDEVINE_ODK_INCLUDE_ODK_H_ +#define WIDEVINE_ODK_INCLUDE_ODK_H_ + +#include + +#include "OEMCryptoCENCCommon.h" +#include "odk_structs.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/// @addtogroup odk_timer +/// @{ + +/** + * This function initializes the session's data structures. It shall be + * called from OEMCrypto_OpenSession. + * + * @param[out] timer_limits: the session's timer limits. + * @param[out] clock_values: the session's clock values. + * @param[out] nonce_values: the session's ODK nonce values. + * @param[in] api_major_version: the API version of OEMCrypto. + * @param[in] session_id: the session id of the newly created session. + * + * @retval OEMCrypto_SUCCESS + * @retval OEMCrypto_ERROR_INVALID_CONTEXT + * + * @version + * This method is new in version 16 of the API. + */ +OEMCryptoResult ODK_InitializeSessionValues(ODK_TimerLimits* timer_limits, + ODK_ClockValues* clock_values, + ODK_NonceValues* nonce_values, + uint32_t api_major_version, + uint32_t session_id); + +/** + * This function sets the nonce value in the session's nonce structure. It + * shall be called from OEMCrypto_GenerateNonce. + * + * @param[in,out] nonce_values: the session's nonce data. + * @param[in] nonce: the new nonce that was just generated. + * + * @retval true on success + * + * @version + * This method is new in version 16 of the API. + */ +OEMCryptoResult ODK_SetNonceValues(ODK_NonceValues* nonce_values, + uint32_t nonce); + +/** + * This function initializes the clock values in the session clock_values + * structure. It shall be called from OEMCrypto_PrepAndSignLicenseRequest. + * + * Parameters: + * @param[in,out] clock_values: the session's clock data. + * @param[in] system_time_seconds: the current time on OEMCrypto's monotonic + * clock. + * + * @retval OEMCrypto_SUCCESS + * @retval OEMCrypto_ERROR_INVALID_CONTEXT + * + * @version + * This method is new in version 16 of the API. + */ +OEMCryptoResult ODK_InitializeClockValues(ODK_ClockValues* clock_values, + uint64_t system_time_seconds); + +/** + * This function sets the values in the clock_values structure. It shall be + * called from OEMCrypto_LoadUsageEntry. When a usage entry from a v15 or + * earlier license is loaded, the value time_of_license_loaded shall be used + * in place of time_of_license_signed. + * + * @param[in,out] clock_values: the session's clock data. + * @param[in] time_of_license_signed: the value time_license_received from the + * loaded usage entry. + * @param[in] time_of_first_decrypt: the value time_of_first_decrypt from the + * loaded usage entry. + * @param[in] time_of_last_decrypt: the value time_of_last_decrypt from the + * loaded usage entry. + * @param[in] status: the value status from the loaded usage entry. + * @param[in] system_time_seconds: the current time on OEMCrypto's monotonic + * clock. + * + * @retval OEMCrypto_SUCCESS + * @retval OEMCrypto_ERROR_INVALID_CONTEXT + * + * @version + * This method is new in version 16 of the API. + */ +OEMCryptoResult ODK_ReloadClockValues(ODK_ClockValues* clock_values, + uint64_t time_of_license_signed, + uint64_t time_of_first_decrypt, + uint64_t time_of_last_decrypt, + enum OEMCrypto_Usage_Entry_Status status, + uint64_t system_time_seconds); + +/** + * This updates the clock values, and determines if playback may start based + * on the given system time. It uses the values in clock_values to determine + * if this is the first playback for the license or the first playback for + * just this session. + * + * This shall be called from the first call in a session to any of + * OEMCrypto_DecryptCENC or any of the OEMCrypto_Generic* functions. + * + * If OEMCrypto uses a hardware timer, and this function returns + * ODK_SET_TIMER, then the timer should be set to the value pointed to by + * timer_value. + * + * @param[in] system_time_seconds: the current time on OEMCrypto's monotonic + * clock, in seconds. + * @param[in] timer_limits: timer limits specified in the license. + * @param[in,out] clock_values: the sessions clock values. + * @param[out] timer_value: set to the new timer value. Only used if the return + * value is ODK_SET_TIMER. This must be non-null if OEMCrypto uses a + * hardware timer. + * + * @retval ODK_SET_TIMER: Success. The timer should be reset to the specified + * value and playback is allowed. + * @retval ODK_DISABLE_TIMER: Success, but disable timer. Unlimited playback is + * allowed. + * @retval ODK_TIMER_EXPIRED: Set timer as disabled. Playback is not allowed. + * + * @version + * This method is new in version 16 of the API. + */ +OEMCryptoResult ODK_AttemptFirstPlayback(uint64_t system_time_seconds, + const ODK_TimerLimits* timer_limits, + ODK_ClockValues* clock_values, + uint64_t* timer_value); + +/** + * Vendors that do not implement their own timer should call + * ODK_UpdateLastPlaybackTime regularly during playback. This updates the + * clock values, and determines if playback may continue based on the given + * system time. This shall be called from any of OEMCrypto_DecryptCENC or any + * of the OEMCrypto_Generic* functions. + * + * All Vendors (i.e. those that do or do not implement their own timer) shall + * call ODK_UpdateLastPlaybackTime from the function + * OEMCrypto_UpdateUsageEntry before updating the usage entry so that the + * clock values are accurate. + * + * @param[in] system_time_seconds: the current time on OEMCrypto's monotonic + * clock, in seconds. + * @param[in] timer_limits: timer limits specified in the license. + * @param[in,out] clock_values: the sessions clock values. + * + * @retval OEMCrypto_SUCCESS: Success. Playback is allowed. + * @retval ODK_TIMER_EXPIRED: Set timer as disabled. Playback is not allowed. + * + * @version + * This method is new in version 16 of the API. + */ +OEMCryptoResult ODK_UpdateLastPlaybackTime(uint64_t system_time_seconds, + const ODK_TimerLimits* timer_limits, + ODK_ClockValues* clock_values); + +/** + * This function modifies the session's clock values to indicate that the + * license has been deactivated. It shall be called from + * OEMCrypto_DeactivateUsageEntry + * + * Parameters: + * @param[in,out] clock_values: the sessions clock values. + * + * @retval OEMCrypto_SUCCESS + * @retval OEMCrypto_ERROR_INVALID_CONTEXT + * + * @version + * This method is new in version 16 of the API. + */ +OEMCryptoResult ODK_DeactivateUsageEntry(ODK_ClockValues* clock_values); + +/// @} + +/// @addtogroup odk_packer +/// @{ + +/** + * Modifies the message to include a core license request at the beginning of + * the message buffer. The values in nonce_values are used to populate the + * message. + * + * This shall be called by OEMCrypto from OEMCrypto_PrepAndSignLicenseRequest. + * + * NOTE: if the message pointer is null and/or input core_message_size is + * zero, this function returns OEMCrypto_ERROR_SHORT_BUFFER and sets output + * core_message_size to the size needed. + * + * @param[in,out] message: Pointer to memory for the entire message. Modified by + * the ODK library. + * @param[in] message_length: length of the entire message buffer. + * @param[in,out] core_message_size: length of the core message at the beginning + * of the message. (in) size of buffer reserved for the core message, in + * bytes. (out) actual length of the core message, in bytes. + * @param[in] nonce_values: pointer to the session's nonce data. + * + * @retval OEMCrypto_SUCCESS + * @retval OEMCrypto_ERROR_SHORT_BUFFER: core_message_size is too small + * @retval OEMCrypto_ERROR_INVALID_CONTEXT + * + * @version + * This method is new in version 16 of the API. + */ +OEMCryptoResult ODK_PrepareCoreLicenseRequest( + uint8_t* message, size_t message_length, size_t* core_message_size, + const ODK_NonceValues* nonce_values); + +/** + * Modifies the message to include a core renewal request at the beginning of + * the message buffer. The values in nonce_values, clock_values and + * system_time_seconds are used to populate the message. The nonce_values + * should match those from the license. + * + * This shall be called by OEMCrypto from OEMCrypto_PrepAndSignRenewalRequest. + * + * If status in clock_values indicates that a license has not been loaded, + * then this is a license release. The ODK library will change the value of + * nonce_values.api_major_version to 15. This will make + * OEMCrypto_PrepAndSignRenewalRequest sign just the message body, as it does + * for all legacy licenses. + * + * NOTE: if the message pointer is null and/or input core_message_size is + * zero, this function returns OEMCrypto_ERROR_SHORT_BUFFER and sets output + * core_message_size to the size needed. + * + * @param[in,out] message: Pointer to memory for the entire message. Modified by + * the ODK library. + * @param[in] message_length: length of the entire message buffer. + * @param[in,out] core_message_size: length of the core message at the beginning + * of the message. (in) size of buffer reserved for the core message, in + * bytes. (out) actual length of the core message, in bytes. + * @param[in,out] nonce_values: pointer to the session's nonce data. + * @param[in,out] clock_values: the session's clock values. + * @param[in] system_time_seconds: the current time on OEMCrypto's clock, in + * seconds. + * + * @retval OEMCrypto_SUCCESS + * @retval OEMCrypto_ERROR_SHORT_BUFFER: core_message_size is too small + * @retval OEMCrypto_ERROR_INVALID_CONTEXT + * + * @version + * This method is new in version 16 of the API. + */ +OEMCryptoResult ODK_PrepareCoreRenewalRequest(uint8_t* message, + size_t message_length, + size_t* core_message_size, + ODK_NonceValues* nonce_values, + ODK_ClockValues* clock_values, + uint64_t system_time_seconds); + +/** + * Modifies the message to include a core provisioning request at the + * beginning of the message buffer. The values in nonce_values are used to + * populate the message. + * + * This shall be called by OEMCrypto from + * OEMCrypto_PrepAndSignProvisioningRequest. + * + * The buffer device_id shall be the same string returned by + * OEMCrypto_GetDeviceID. The device ID shall be unique to the device, and + * stable across reboots and factory resets for an L1 device. + * + * NOTE: if the message pointer is null and/or input core_message_size is + * zero, this function returns OEMCrypto_ERROR_SHORT_BUFFER and sets output + * core_message_size to the size needed. + * + * @param[in,out] message: Pointer to memory for the entire message. Modified by + * the ODK library. + * @param[in] message_length: length of the entire message buffer. + * @param[in,out] core_message_size: length of the core message at the beginning + * of the message. (in) size of buffer reserved for the core message, in + * bytes. (out) actual length of the core message, in bytes. + * @param[in] nonce_values: pointer to the session's nonce data. + * @param[in] device_id: For devices with a keybox, this is the device ID from + * the keybox. For devices with an OEM Certificate, this is a device + * unique id string. + * @param[in] device_id_length: length of device_id. The device ID can be at + * most 64 bytes. + * + * @retval OEMCrypto_SUCCESS + * @retval OEMCrypto_ERROR_SHORT_BUFFER: core_message_size is too small + * @retval OEMCrypto_ERROR_INVALID_CONTEXT + * + * @version + * This method is new in version 16 of the API. + */ +OEMCryptoResult ODK_PrepareCoreProvisioningRequest( + uint8_t* message, size_t message_length, size_t* core_message_size, + const ODK_NonceValues* nonce_values, const uint8_t* device_id, + size_t device_id_length); + +/// @} + +/// @addtogroup odk_timer +/// @{ + +/** + * This function sets all limits in the timer_limits struct to the + * key_duration and initializes the other values. The field + * nonce_values.api_major_version will be set to 15. It shall be called from + * OEMCrypto_LoadKeys when loading a legacy license. + * + * @param[out] timer_limits: The session's timer limits. + * @param[in,out] clock_values: The session's clock values. + * @param[in,out] nonce_values: The session's ODK nonce values. + * @param[in] key_duration: The duration from the first key's key control + * block. In practice, the key duration is the same for all keys and is + * the same as the license duration. + * @param[in] system_time_seconds: The current time on the system clock, as + * described in the document "License Duration and Renewal". + * + * @retval OEMCrypto_SUCCESS + * @retval OEMCrypto_ERROR_INVALID_CONTEXT + * + * @version + * This method is new in version 16 of the API. + */ +OEMCryptoResult ODK_InitializeV15Values(ODK_TimerLimits* timer_limits, + ODK_ClockValues* clock_values, + ODK_NonceValues* nonce_values, + uint32_t key_duration, + uint64_t system_time_seconds); + +/** + * This function updates the clock_values as needed if a v15 renewal is + * accepted. The field nonce_values.api_major_version is verified to be 15. + * + * This is called from OEMCrypto_RefreshKeys for a valid license renewal. + * OEMCrypto shall pass in the current system time, and the key duration from + * the first object in the OEMCrypto_KeyRefreshObject. + * + * @param[in] timer_limits: The session's timer limits. + * @param[in,out] clock_values: The session's clock values. + * @param[in] nonce_values: The session's ODK nonce values. + * @param[in] system_time_seconds: The current time on the system clock, as + * described in the document "License Duration and Renewal". + * @param[in] new_key_duration: The duration from the first + * OEMCrypto_KeyRefreshObject in key_array. + * @param[out] timer_value: set to the new timer value. Only used if the return + * value is ODK_SET_TIMER. This must be non-null if OEMCrypto uses a + * hardware timer. + * + * @retval OEMCrypto_SUCCESS + * @retval OEMCrypto_ERROR_UNKNOWN_FAILURE + * @retval ODK_SET_TIMER: Success. The timer should be reset to the specified + * value and playback is allowed. + * @retval ODK_DISABLE_TIMER: Success, but disable timer. Unlimited playback is + * allowed. + * @retval ODK_TIMER_EXPIRED: Set timer as disabled. Playback is not allowed. + * + * @version + * This method is new in version 16 of the API. + */ +OEMCryptoResult ODK_RefreshV15Values(const ODK_TimerLimits* timer_limits, + ODK_ClockValues* clock_values, + const ODK_NonceValues* nonce_values, + uint64_t system_time_seconds, + uint32_t new_key_duration, + uint64_t* timer_value); + +/// @} + +/// @addtogroup odk_parser +/// @{ + +/** + * The function ODK_ParseLicense will parse the message and verify fields in + * the message. + * + * If the message does not parse correctly, ODK_VerifyAndParseLicense will + * return ODK_ERROR_CORE_MESSAGE that OEMCrypto should return to the CDM + * layer above. + * + * If the API in the message is not 16, then ODK_UNSUPPORTED_API is returned. + * + * If initial_license_load is true, and nonce_required in the license is + * true, then the ODK library shall verify that nonce_values->nonce and + * nonce_values->session_id are the same as those in the message. If + * verification fails, then it shall return OEMCrypto_ERROR_INVALID_NONCE. + * + * If initial_license_load is false, and nonce_required is true, then + * ODK_ParseLicense will set the values in nonce_values from those in the + * message. + * + * The function ODK_ParseLicense will verify that each substring points to a + * location in the message body. The message body is the buffer starting at + * message + core_message_length with size message_length - + * core_message_length. + * + * If initial_license_load is true, then ODK_ParseLicense shall verify that + * the parameter request_hash matches request_hash in the parsed license. If + * verification fails, then it shall return ODK_ERROR_CORE_MESSAGE. This was + * computed by OEMCrypto when the license was requested. + * + * If usage_entry_present is true, then ODK_ParseLicense shall verify that + * the pst in the license has a nonzero length. + * + * @param[in] message: pointer to the message buffer. + * @param[in] message_length: length of the entire message buffer. + * @param[in] core_message_size: length of the core message, at the beginning of + * the message buffer. + * @param[in] initial_license_load: true when called for OEMCrypto_LoadLicense + * and false when called for OEMCrypto_ReloadLicense. + * @param[in] usage_entry_present: true if the session has a new usage entry + * associated with it created via OEMCrypto_CreateNewUsageEntry. + * @param[in] request_hash: the hash of the license request core message. This + * was computed by OEMCrypto when the license request was signed. + * @param[in,out] timer_limits: The session's timer limits. These will be + * updated. + * @param[in,out] clock_values: The session's clock values. These will be + * updated. + * @param[in,out] nonce_values: The session's nonce values. These will be + * updated. + * @param[out] parsed_license: the destination for the data. + * + * @retval OEMCrypto_SUCCESS + * @retval ODK_ERROR_CORE_MESSAGE: if the message did not parse correctly, or + * there were other incorrect values. An error should be returned to the + * CDM layer. + * @retval ODK_UNSUPPORTED_API + * @retval OEMCrypto_ERROR_INVALID_NONCE + * + * @version + * This method is new in version 16 of the API. + */ +OEMCryptoResult ODK_ParseLicense( + const uint8_t* message, size_t message_length, size_t core_message_length, + bool initial_license_load, bool usage_entry_present, + const uint8_t request_hash[ODK_SHA256_HASH_SIZE], + ODK_TimerLimits* timer_limits, ODK_ClockValues* clock_values, + ODK_NonceValues* nonce_values, ODK_ParsedLicense* parsed_license); + +/** + * The function ODK_ParseRenewal will parse the message and verify its + * contents. If the message does not parse correctly, an error of + * ODK_ERROR_CORE_MESSAGE is returned. + * + * ODK_ParseRenewal shall verify that all fields in nonce_values match those + * in the license. Otherwise it shall return OEMCrypto_ERROR_INVALID_NONCE. + * + * After parsing the message, this function updates the clock_values based on + * the timer_limits and the current system time. If playback may not + * continue, then ODK_TIMER_EXPIRED is returned. + * + * If playback may continue, a return value of ODK_SET_TIMER or + * ODK_TIMER_EXPIRED is returned. If the return value is ODK_SET_TIMER, then + * playback may continue until the timer expires. If the return value is + * ODK_DISABLE_TIMER, then playback time is not limited. + * + * If OEMCrypto uses a hardware timer, and this function returns + * ODK_SET_TIMER, then OEMCrypto shall set the timer to the value pointed to + * by timer_value. + * + * @param[in] message: pointer to the message buffer. + * @param[in] message_length: length of the entire message buffer. + * @param[in] core_message_size: length of the core message, at the beginning of + * the message buffer. + * @param[in] nonce_values: pointer to the session's nonce data. + * @param[in] system_time_seconds: the current time on OEMCrypto's clock, in + * seconds. + * @param[in] timer_limits: timer limits specified in the license. + * @param[in,out] clock_values: the sessions clock values. + * @param[out] timer_value: set to the new timer value. Only used if the return + * value is ODK_SET_TIMER. This must be non-null if OEMCrypto uses a + * hardware timer. + * + * @retval ODK_ERROR_CORE_MESSAGE: the message did not parse correctly, or there + * were other incorrect values. An error should be returned to the CDM + * layer. + * @retval ODK_SET_TIMER: Success. The timer should be reset to the specified + * timer value. + * @retval ODK_DISABLE_TIMER: Success, but disable timer. Unlimited playback is + * allowed. + * @retval ODK_TIMER_EXPIRED: Set timer as disabled. Playback is not allowed. + * @retval ODK_UNSUPPORTED_API + * @retval ODK_STALE_RENEWAL: This renewal is not the most recently signed. It + * is rejected. + * @retval OEMCrypto_ERROR_INVALID_NONCE + * + * @version + * This method is new in version 16 of the API. + */ +OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length, + size_t core_message_length, + const ODK_NonceValues* nonce_values, + uint64_t system_time_seconds, + const ODK_TimerLimits* timer_limits, + ODK_ClockValues* clock_values, + uint64_t* timer_value); + +/** + * The function ODK_ParseProvisioning will parse the message and verify the + * nonce values match those in the license. + * + * If the message does not parse correctly, ODK_ParseProvisioning will return + * an error that OEMCrypto should return to the CDM layer above. + * + * If the API in the message is larger than 16, then ODK_UNSUPPORTED_API is + * returned. + * + * ODK_ParseProvisioning shall verify that nonce_values->nonce and + * nonce_values->session_id are the same as those in the message. Otherwise + * it shall return OEMCrypto_ERROR_INVALID_NONCE. + * + * The function ODK_ParseProvisioning will verify that each substring points + * to a location in the message body. The message body is the buffer starting + * at message + core_message_length with size message_length - + * core_message_length. + * + * @param[in] message: pointer to the message buffer. + * @param[in] message_length: length of the entire message buffer. + * @param[in] core_message_size: length of the core message, at the beginning of + * the message buffer. + * @param[in] nonce_values: pointer to the session's nonce data. + * @param[in] device_id: a pointer to a buffer containing the device ID of the + * device. The ODK function will verify it matches that in the message. + * @param[in] device_id_length: the length of the device ID. + * @param[out] parsed_response: destination for the parse data. + * + * @retval OEMCrypto_SUCCESS + * @retval ODK_ERROR_CORE_MESSAGE: the message did not parse correctly, or there + * were other incorrect values. An error should be returned to the CDM + * layer. + * @retval ODK_UNSUPPORTED_API + * @retval OEMCrypto_ERROR_INVALID_NONCE + * + * @version + * This method is new in version 16 of the API. + */ +OEMCryptoResult ODK_ParseProvisioning( + const uint8_t* message, size_t message_length, size_t core_message_length, + const ODK_NonceValues* nonce_values, const uint8_t* device_id, + size_t device_id_length, ODK_ParsedProvisioning* parsed_response); + +/// @} + +#ifdef __cplusplus +} +#endif + +#endif // WIDEVINE_ODK_INCLUDE_ODK_H_ diff --git a/oemcrypto/odk/include/odk_attributes.h b/oemcrypto/odk/include/odk_attributes.h new file mode 100644 index 00000000..623a0571 --- /dev/null +++ b/oemcrypto/odk/include/odk_attributes.h @@ -0,0 +1,14 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#ifndef WIDEVINE_ODK_INCLUDE_ODK_ATTRIBUTES_H_ +#define WIDEVINE_ODK_INCLUDE_ODK_ATTRIBUTES_H_ + +#if defined(__GNUC__) || defined(__clang__) +#define UNUSED __attribute__((__unused__)) +#else +#define UNUSED +#endif + +#endif // WIDEVINE_ODK_INCLUDE_ODK_ATTRIBUTES_H_ diff --git a/oemcrypto/odk/include/odk_structs.h b/oemcrypto/odk/include/odk_structs.h new file mode 100644 index 00000000..13bf83b7 --- /dev/null +++ b/oemcrypto/odk/include/odk_structs.h @@ -0,0 +1,215 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#ifndef WIDEVINE_ODK_INCLUDE_ODK_STRUCTS_H_ +#define WIDEVINE_ODK_INCLUDE_ODK_STRUCTS_H_ + +#include + +#include "OEMCryptoCENCCommon.h" +#include "odk_target.h" + +/* The version of this library. */ +#define ODK_MAJOR_VERSION 16 +#define ODK_MINOR_VERSION 4 + +/* ODK Version string. Date changed automatically on each release. */ +#define ODK_RELEASE_DATE "ODK v16.4 2020-10-07" + +/* The lowest version number for an ODK message. */ +#define ODK_FIRST_VERSION 16 + +/* Some useful constants. */ +#define ODK_DEVICE_ID_LEN_MAX 64 +#define ODK_SHA256_HASH_SIZE 32 + +/// @addtogroup odk_timer +/// @{ + +/** + * Timer limits are specified in a license and are used to determine when + * playback is allowed. See the document "License Duration and Renewal" for a + * discussion on the time restrictions that may be placed on a license. The + * fields in this structure are directly related to the fields in the core + * license message. The fields are set when OEMCrypto calls the function + * ODK_ParseLicense or ODK_InitializeV15Values. + * + * @param soft_enforce_rental_duration: A boolean controlling the soft or hard + * enforcement of rental duration. + * @param soft_enforce_playback_duration: A boolean controlling the soft or hard + * enforcement of playback duration. + * @param earliest_playback_start_seconds: The earliest time that the first + * playback is allowed. Measured in seconds since the license request was + * signed. For most use cases, this is zero. + * @param rental_duration_seconds: Window of time for the allowed first + * playback. Measured in seconds since the earliest playback start. If + * soft_enforce_rental_duration is true, this applies only to the first + * playback. If soft_enforce_rental_duration is false, then this + * restricts any playback. A value of zero means no limit. + * @param total_playback_duration_seconds: Window of time for allowed playback. + * Measured in seconds since the first playback start. If + * soft_enforce_playback_duration is true, this applies only to the start + * of playback for any session. If soft_enforce_playback_duration is + * false, then this restricts any playback. A value of zero means no + * limit. + * @param initial_renewal_duration_seconds: Window of time for allowed playback. + * Measured in seconds since the first playback start. This value is only + * used to start the renewal timer. After a renewal message is loaded, + * the timer will be reset. A value of zero means no limit. + * + * @version + * This struct changed in API version 16.2. + */ +typedef struct { + bool soft_enforce_rental_duration; + bool soft_enforce_playback_duration; + uint64_t earliest_playback_start_seconds; + uint64_t rental_duration_seconds; + uint64_t total_playback_duration_seconds; + uint64_t initial_renewal_duration_seconds; +} ODK_TimerLimits; + +/** + * Clock values are modified when decryption occurs or when a renewal is + * processed. They are used to track the current status of the license -- + * i.e. has playback started? When does the timer expire? See the section + * "Complete ODK API" of the document "Widevine Core Message Serialization" + * for a complete list of all fields in this structure. Most of these values + * shall be saved with the usage entry. + * + * All times are in seconds. Most of the fields in this structure are saved + * in the usage entry. This structure should be initialized when a usage + * entry is created or loaded, and should be used to save a usage entry. It + * is updated using the ODK functions listed below. The time values are based + * on OEMCrypto's system clock, as described in the document "License + * Duration and Renewal". + * + * @param time_of_license_signed: Time that the license request was signed, + * based on OEMCrypto's system clock. This value shall be stored and + * reloaded with usage entry as time_of_license_received. + * @param time_of_first_decrypt: Time of the first decrypt or call select key, + * based on OEMCrypto's system clock. This is 0 if the license has not + * been used to decrypt any data. This value shall be stored and reloaded + * with usage entry. + * @param time_of_last_decrypt: Time of the most recent decrypt call, based on + * OEMCrypto's system clock. This value shall be stored and reloaded with + * usage entry. + * @param time_of_renewal_request: Time of the most recent renewal request, + * based on OEMCrypto's system clock. This is used to verify that a + * renewal is not stale. + * @param time_when_timer_expires: Time that the current timer expires, based on + * OEMCrypto's system clock. If the timer is active, this is used by the + * ODK library to determine if it has expired. + * @param timer_status: Used internally by the ODK library to indicate the + * current timer status. + * @param status: The license or usage entry status. This value shall be stored + * and reloaded with usage entry. + * + * @version + * This struct changed in API version 16.2. + */ +typedef struct { + uint64_t time_of_license_signed; + uint64_t time_of_first_decrypt; + uint64_t time_of_last_decrypt; + uint64_t time_of_renewal_request; + uint64_t time_when_timer_expires; + uint32_t timer_status; + enum OEMCrypto_Usage_Entry_Status status; +} ODK_ClockValues; + +/** + * Nonce values are used to match a license or provisioning request to a + * license or provisioning response. They are also used to match a renewal + * request and response to a license. For this reason, the api_version might + * be lower than that supported by OEMCrypto. The api_version matches the + * version of the license. Similarly the nonce and session_id match the + * session that generated the license request. For an offline license, these + * might not match the session that is loading the license. We use the nonce + * to prevent a license from being replayed. By also including a session_id + * in the license request and license response, we prevent an attack using + * the birthday paradox to generate nonce collisions on a single device. + * + * @param api_major_version: the API version of the license. This is initialized + * to the API version of the ODK library, but may be lower. + * @param api_minor_version: the minor version of the ODK library. This is used + * by the server to verify that device is not using an obsolete version + * of the ODK library. + * @param nonce: a randomly generated number used to prevent replay attacks. + * @param session_id: the session id of the session which signed the license or + * provisioning request. It is used to prevent replay attacks from one + * session to another. + * + * @version + * This struct changed in API version 16.2. + */ +typedef struct { + uint16_t api_minor_version; + uint16_t api_major_version; + uint32_t nonce; + uint32_t session_id; +} ODK_NonceValues; + +/// @} + +/// @addtogroup odk_parser +/// @{ + +/** + * The parsed license structure contains information from the license + * message. The function ODK_ParseLicense will fill in the fields of this + * message. All substrings are contained within the message body. + * + * @param enc_mac_keys_iv: IV for decrypting new mac_key. Size is 128 bits. + * @param enc_mac_keys: encrypted mac_keys for generating new mac_keys. Size is + * 512 bits. + * @param pst: the Provider Session Token. + * @param srm_restriction_data: optional data specifying the minimum SRM + * version. + * @param license_type: specifies if the license contains content keys or + * entitlement keys. + * @param nonce_required: indicates if the license requires a nonce. + * @param timer_limits: time limits of the for the license. + * @param key_array_length: number of keys present. + * @param key_array: set of keys to be installed. + * + * @version + * This struct changed in API version 16.2. + */ +typedef struct { + OEMCrypto_Substring enc_mac_keys_iv; + OEMCrypto_Substring enc_mac_keys; + OEMCrypto_Substring pst; + OEMCrypto_Substring srm_restriction_data; + OEMCrypto_LicenseType license_type; + bool nonce_required; + ODK_TimerLimits timer_limits; + uint32_t key_array_length; + OEMCrypto_KeyObject key_array[ODK_MAX_NUM_KEYS]; +} ODK_ParsedLicense; + +/** + * The parsed provisioning structure contains information from the license + * message. The function ODK_ParseProvisioning will fill in the fields of + * this message. All substrings are contained within the message body. + * + * @param key_type: indicates if this key is an RSA or ECC private key. + * @param enc_private_key: encrypted private key for the DRM certificate. + * @param enc_private_key_iv: IV for decrypting new private key. Size is 128 + * bits. + * @param encrypted_message_key: used for provisioning 3.0 to derive keys. + * + * @version + * This struct changed in API version 16.2. + */ +typedef struct { + OEMCrypto_PrivateKeyType key_type; + OEMCrypto_Substring enc_private_key; + OEMCrypto_Substring enc_private_key_iv; + OEMCrypto_Substring encrypted_message_key; /* Used for Prov 3.0 */ +} ODK_ParsedProvisioning; + +/// @} + +#endif // WIDEVINE_ODK_INCLUDE_ODK_STRUCTS_H_ diff --git a/oemcrypto/odk/include/odk_target.h b/oemcrypto/odk/include/odk_target.h new file mode 100644 index 00000000..cb2774fb --- /dev/null +++ b/oemcrypto/odk/include/odk_target.h @@ -0,0 +1,13 @@ +// Copyright 2019 Google LLC. All rights reserved. This file is distributed +// under the Widevine Master License Agreement. + +// Partners are expected to edit this file to support target specific code +// and limits. + +#ifndef WIDEVINE_ODK_INCLUDE_ODK_TARGET_H_ +#define WIDEVINE_ODK_INCLUDE_ODK_TARGET_H_ + +// Maximum number of keys can be modified to suit target's resource tier. +#define ODK_MAX_NUM_KEYS 32 + +#endif // WIDEVINE_ODK_INCLUDE_ODK_TARGET_H_ diff --git a/oemcrypto/odk/src/core_message_deserialize.cpp b/oemcrypto/odk/src/core_message_deserialize.cpp new file mode 100644 index 00000000..47d4478c --- /dev/null +++ b/oemcrypto/odk/src/core_message_deserialize.cpp @@ -0,0 +1,142 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#include "core_message_deserialize.h" + +#include +#include +#include +#include +#include + +#include "odk_serialize.h" +#include "odk_structs.h" +#include "odk_structs_priv.h" +#include "serialization_base.h" + +namespace oemcrypto_core_message { +namespace deserialize { +namespace { + +/** + * Template for parsing requests + * + * Template arguments: + * S: kdo output struct + * T: struct serialized by odk + * U: auto-generated deserializing function for |T| + */ +template +bool ParseRequest(uint32_t message_type, + const std::string& oemcrypto_core_message, S* core_request, + T* prepared, const U unpacker) { + if (core_request == nullptr || prepared == nullptr) { + return false; + } + + const uint8_t* buf = + reinterpret_cast(oemcrypto_core_message.c_str()); + const size_t buf_length = oemcrypto_core_message.size(); + + uint8_t blk[SIZE_OF_MESSAGE_STRUCT]; + Message* msg = reinterpret_cast(blk); + InitMessage(msg, const_cast(buf), buf_length); + SetSize(msg, buf_length); + + unpacker(msg, prepared); + if (!ValidMessage(msg)) { + return false; + } + + const auto& core_message = prepared->core_message; + core_request->api_major_version = core_message.nonce_values.api_major_version; + core_request->api_minor_version = core_message.nonce_values.api_minor_version; + core_request->nonce = core_message.nonce_values.nonce; + core_request->session_id = core_message.nonce_values.session_id; + // Verify that the minor version matches the released version for the given + // major version. + if (core_request->api_major_version < ODK_FIRST_VERSION) { + // Non existing versions are not supported. + return false; + } else if (core_request->api_major_version == 16) { + // For version 16, we demand a minor version of at least 2. + // We accept 16.2, 16.3, or higher. + if (core_request->api_major_version < 2) return false; + } else { + // Other versions do not (yet) have a restriction on minor number. + // In particular, future versions are accepted for forward compatibility. + } + // For v16, a release and a renewal use the same message structure. + // However, for future API versions, the release might be a separate + // message. Otherwise, we expect an exact match of message types. + if (message_type != ODK_Common_Request_Type && + core_message.message_type != message_type && + !(message_type == ODK_Renewal_Request_Type && + core_message.message_type == ODK_Release_Request_Type)) { + return false; + } + // Verify that the amount of buffer we read, which is GetOffset, is not more + // than the total message size. We allow the total message size to be larger + // for forward compatibility because future messages might have extra fields + // that we can ignore. + if (core_message.message_length < GetOffset(msg)) return false; + return true; +} + +} // namespace + +bool CoreLicenseRequestFromMessage(const std::string& oemcrypto_core_message, + ODK_LicenseRequest* core_license_request) { + const auto unpacker = Unpack_ODK_PreparedLicenseRequest; + ODK_PreparedLicenseRequest prepared_license = {}; + return ParseRequest(ODK_License_Request_Type, oemcrypto_core_message, + core_license_request, &prepared_license, unpacker); +} + +bool CoreRenewalRequestFromMessage(const std::string& oemcrypto_core_message, + ODK_RenewalRequest* core_renewal_request) { + const auto unpacker = Unpack_ODK_PreparedRenewalRequest; + ODK_PreparedRenewalRequest prepared_renewal = {}; + if (!ParseRequest(ODK_Renewal_Request_Type, oemcrypto_core_message, + core_renewal_request, &prepared_renewal, unpacker)) { + return false; + } + core_renewal_request->playback_time_seconds = prepared_renewal.playback_time; + return true; +} + +bool CoreProvisioningRequestFromMessage( + const std::string& oemcrypto_core_message, + ODK_ProvisioningRequest* core_provisioning_request) { + const auto unpacker = Unpack_ODK_PreparedProvisioningRequest; + ODK_PreparedProvisioningRequest prepared_provision = {}; + if (!ParseRequest(ODK_Provisioning_Request_Type, oemcrypto_core_message, + core_provisioning_request, &prepared_provision, unpacker)) { + return false; + } + const uint8_t* device_id = prepared_provision.device_id; + const uint32_t device_id_length = prepared_provision.device_id_length; + if (device_id_length > ODK_DEVICE_ID_LEN_MAX) { + return false; + } + uint8_t zero[ODK_DEVICE_ID_LEN_MAX] = {}; + if (memcmp(zero, device_id + device_id_length, + ODK_DEVICE_ID_LEN_MAX - device_id_length)) { + return false; + } + core_provisioning_request->device_id.assign( + reinterpret_cast(device_id), device_id_length); + return true; +} + +bool CoreCommonRequestFromMessage(const std::string& oemcrypto_core_message, + ODK_CommonRequest* common_request) { + const auto unpacker = Unpack_ODK_PreparedCommonRequest; + ODK_PreparedCommonRequest prepared_common = {}; + return ParseRequest(ODK_Common_Request_Type, oemcrypto_core_message, + common_request, &prepared_common, unpacker); +} + +} // namespace deserialize +} // namespace oemcrypto_core_message diff --git a/oemcrypto/odk/src/core_message_serialize.cpp b/oemcrypto/odk/src/core_message_serialize.cpp new file mode 100644 index 00000000..0e05330a --- /dev/null +++ b/oemcrypto/odk/src/core_message_serialize.cpp @@ -0,0 +1,125 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#include "core_message_serialize.h" + +#include +#include +#include +#include +#include + +#include "odk_serialize.h" +#include "odk_structs.h" +#include "odk_structs_priv.h" +#include "serialization_base.h" + +namespace oemcrypto_core_message { +namespace serialize { +namespace { + +/** + * Template for parsing requests + * + * Template arguments: + * T: struct to be deserialized by odk + * S: kdo input struct + * P: auto-generated serializing function for |T| + */ +template +bool CreateResponse(uint32_t message_type, const S& core_request, + std::string* oemcrypto_core_message, T& response, + const P& packer) { + if (!oemcrypto_core_message) { + return false; + } + + auto* header = &response.request.core_message; + header->message_type = message_type; + header->nonce_values.api_major_version = core_request.api_major_version; + header->nonce_values.api_minor_version = core_request.api_minor_version; + header->nonce_values.nonce = core_request.nonce; + header->nonce_values.session_id = core_request.session_id; + // The message API version for the response is the minimum of our version and + // the request's version. + if (core_request.api_major_version > ODK_MAJOR_VERSION) { + header->nonce_values.api_major_version = ODK_MAJOR_VERSION; + header->nonce_values.api_minor_version = ODK_MINOR_VERSION; + } + + static constexpr size_t BUF_CAPACITY = 2048; + std::vector buf(BUF_CAPACITY, 0); + uint8_t blk[SIZE_OF_MESSAGE_STRUCT]; + Message* msg = reinterpret_cast(blk); + InitMessage(msg, buf.data(), buf.capacity()); + packer(msg, &response); + if (!ValidMessage(msg)) { + return false; + } + + uint32_t message_length = GetSize(msg); + InitMessage(msg, buf.data() + sizeof(header->message_type), + sizeof(header->message_length)); + Pack_uint32_t(msg, &message_length); + oemcrypto_core_message->assign(reinterpret_cast(buf.data()), + message_length); + return true; +} + +bool CopyDeviceId(const ODK_ProvisioningRequest& src, + ODK_ProvisioningResponse* dest) { + auto& request = dest->request; + const std::string& device_id = src.device_id; + if (request.device_id_length > sizeof(request.device_id)) { + return false; + } + request.device_id_length = device_id.size(); + memset(request.device_id, 0, sizeof(request.device_id)); + memcpy(request.device_id, device_id.data(), request.device_id_length); + return true; +} + +} // namespace + +bool CreateCoreLicenseResponse(const ODK_ParsedLicense& parsed_lic, + const ODK_LicenseRequest& core_request, + const std::string& core_request_sha256, + std::string* oemcrypto_core_message) { + ODK_LicenseResponse license_response{ + {}, const_cast(&parsed_lic), {0}}; + if (core_request_sha256.size() != sizeof(license_response.request_hash)) + return false; + memcpy(license_response.request_hash, core_request_sha256.data(), + sizeof(license_response.request_hash)); + return CreateResponse(ODK_License_Response_Type, core_request, + oemcrypto_core_message, license_response, + Pack_ODK_LicenseResponse); +} + +bool CreateCoreRenewalResponse(const ODK_RenewalRequest& core_request, + uint64_t renewal_duration_seconds, + std::string* oemcrypto_core_message) { + ODK_RenewalResponse renewal_response{{}, core_request.playback_time_seconds}; + renewal_response.request.playback_time = core_request.playback_time_seconds; + renewal_response.renewal_duration_seconds = renewal_duration_seconds; + return CreateResponse(ODK_Renewal_Response_Type, core_request, + oemcrypto_core_message, renewal_response, + Pack_ODK_RenewalResponse); +} + +bool CreateCoreProvisioningResponse(const ODK_ParsedProvisioning& parsed_prov, + const ODK_ProvisioningRequest& core_request, + std::string* oemcrypto_core_message) { + ODK_ProvisioningResponse prov_response{ + {}, const_cast(&parsed_prov)}; + if (!CopyDeviceId(core_request, &prov_response)) { + return false; + } + return CreateResponse(ODK_Provisioning_Response_Type, core_request, + oemcrypto_core_message, prov_response, + Pack_ODK_ProvisioningResponse); +} + +} // namespace serialize +} // namespace oemcrypto_core_message diff --git a/oemcrypto/odk/src/core_message_serialize_proto.cpp b/oemcrypto/odk/src/core_message_serialize_proto.cpp new file mode 100644 index 00000000..4b8da06e --- /dev/null +++ b/oemcrypto/odk/src/core_message_serialize_proto.cpp @@ -0,0 +1,183 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#include "core_message_serialize_proto.h" + +#include +#include +#include +#include +#include + +#include "core_message_serialize.h" +#include "license_protocol.pb.h" +#include "odk_serialize.h" +#include "odk_structs.h" +#include "odk_structs_priv.h" +#include "serialization_base.h" + +namespace oemcrypto_core_message { +namespace serialize { +namespace { + +/* @ private functions */ + +/** + * Extract OEMCrypto_Substring (offset, length) from serialized protobuf + * + * Parameters: + * message: serialized license protobuf + * field: substring value + */ +OEMCrypto_Substring GetOecSubstring(const std::string& message, + const std::string& field) { + OEMCrypto_Substring substring = {}; + size_t pos = message.find(field); + if (pos != std::string::npos) { + substring = OEMCrypto_Substring{pos, field.length()}; + } + return substring; +} + +OEMCrypto_KeyObject KeyContainerToOecKey( + const std::string& proto, const video_widevine::License::KeyContainer& k) { + OEMCrypto_KeyObject obj = {}; + obj.key_id = GetOecSubstring(proto, k.id()); + obj.key_data_iv = GetOecSubstring(proto, k.iv()); + // Strip off PKCS#5 padding - since we know the key is 16 or 32 bytes, + // the padding will always be 16 bytes. + const std::string& key_data = k.key(); + const size_t PKCS5_PADDING_SIZE = 16; + obj.key_data = GetOecSubstring( + proto, key_data.substr(0, std::max(PKCS5_PADDING_SIZE, key_data.size()) - + PKCS5_PADDING_SIZE)); + if (k.has_key_control()) { + const auto& key_control = k.key_control(); + obj.key_control_iv = GetOecSubstring(proto, key_control.iv()); + obj.key_control = GetOecSubstring(proto, key_control.key_control_block()); + } + return obj; +} + +} // namespace + +// @ public create response functions + +bool CreateCoreLicenseResponseFromProto(const std::string& serialized_license, + const ODK_LicenseRequest& core_request, + const std::string& core_request_sha256, + const bool nonce_required, + std::string* oemcrypto_core_message) { + video_widevine::License lic; + if (!lic.ParseFromString(serialized_license)) { + return false; + } + + ODK_ParsedLicense parsed_lic{}; + bool any_content = false; + bool any_entitlement = false; + + for (int i = 0; i < lic.key_size(); ++i) { + const auto& k = lic.key(i); + switch (k.type()) { + case video_widevine::License_KeyContainer::SIGNING: { + if (!k.has_key()) { + continue; + } + parsed_lic.enc_mac_keys_iv = + GetOecSubstring(serialized_license, k.iv()); + parsed_lic.enc_mac_keys = GetOecSubstring(serialized_license, k.key()); + break; + } + case video_widevine::License_KeyContainer::CONTENT: + case video_widevine::License_KeyContainer::OPERATOR_SESSION: + case video_widevine::License_KeyContainer::ENTITLEMENT: { + if (k.type() == video_widevine::License_KeyContainer::ENTITLEMENT) { + any_entitlement = true; + } else { + any_content = true; + } + if (parsed_lic.key_array_length >= ODK_MAX_NUM_KEYS) { + return false; + } + uint32_t& n = parsed_lic.key_array_length; + parsed_lic.key_array[n++] = KeyContainerToOecKey(serialized_license, k); + break; + } + default: { + continue; + } + } + } + if (any_content && any_entitlement) { + // TODO(b/147513335): this should be logged -- both type of keys. + return false; + } + if (!any_content && !any_entitlement) { + // TODO(b/147513335): this should be logged -- no keys? + return false; + } + parsed_lic.license_type = + any_content ? OEMCrypto_ContentLicense : OEMCrypto_EntitlementLicense; + const auto& lid = lic.id(); + if (lid.has_provider_session_token()) { + parsed_lic.pst = + GetOecSubstring(serialized_license, lid.provider_session_token()); + } + + if (lic.has_srm_requirement()) { + parsed_lic.srm_restriction_data = + GetOecSubstring(serialized_license, lic.srm_requirement()); + } + + parsed_lic.nonce_required = nonce_required; + const auto& policy = lic.policy(); + ODK_TimerLimits& timer_limits = parsed_lic.timer_limits; + timer_limits.soft_enforce_rental_duration = + policy.soft_enforce_rental_duration(); + timer_limits.soft_enforce_playback_duration = + policy.soft_enforce_playback_duration(); + timer_limits.earliest_playback_start_seconds = 0; + timer_limits.rental_duration_seconds = policy.rental_duration_seconds(); + timer_limits.total_playback_duration_seconds = + policy.playback_duration_seconds(); + timer_limits.initial_renewal_duration_seconds = + policy.renewal_delay_seconds() + + policy.renewal_recovery_duration_seconds(); + + return CreateCoreLicenseResponse(parsed_lic, core_request, + core_request_sha256, oemcrypto_core_message); +} + +bool CreateCoreProvisioningResponseFromProto( + const std::string& serialized_provisioning_resp, + const ODK_ProvisioningRequest& core_request, + std::string* oemcrypto_core_message) { + ODK_ParsedProvisioning parsed_prov{}; + video_widevine::ProvisioningResponse prov; + if (!prov.ParseFromString(serialized_provisioning_resp)) { + return false; + } + + parsed_prov.key_type = + OEMCrypto_RSA_Private_Key; // TODO(b/148404408): ECC or RSA + if (prov.has_device_rsa_key()) { + parsed_prov.enc_private_key = + GetOecSubstring(serialized_provisioning_resp, prov.device_rsa_key()); + } + if (prov.has_device_rsa_key_iv()) { + parsed_prov.enc_private_key_iv = + GetOecSubstring(serialized_provisioning_resp, prov.device_rsa_key_iv()); + } + if (prov.has_wrapping_key()) { + parsed_prov.encrypted_message_key = + GetOecSubstring(serialized_provisioning_resp, prov.wrapping_key()); + } + + return CreateCoreProvisioningResponse(parsed_prov, core_request, + oemcrypto_core_message); +} + +} // namespace serialize +} // namespace oemcrypto_core_message diff --git a/oemcrypto/odk/src/kdo.gypi b/oemcrypto/odk/src/kdo.gypi new file mode 100644 index 00000000..555a8f00 --- /dev/null +++ b/oemcrypto/odk/src/kdo.gypi @@ -0,0 +1,18 @@ +# Copyright 2019 Google LLC. All rights reserved. This file and proprietary +# source code may only be used and distributed under the Widevine Master License +# Agreement. + +# These files are used by the server and by some ODK test code. These files are +# not built into the ODK library on the device. +{ + 'sources': [ + 'core_message_deserialize.cpp', + 'core_message_serialize.cpp', + 'core_message_serialize_proto.cpp', + ], + 'include_dirs': [ + 'src', + '../include', + ], +} + diff --git a/oemcrypto/odk/src/odk.c b/oemcrypto/odk/src/odk.c new file mode 100644 index 00000000..a009e7b7 --- /dev/null +++ b/oemcrypto/odk/src/odk.c @@ -0,0 +1,426 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#include "odk.h" + +#include +#include +#include + +#include "odk_overflow.h" +#include "odk_serialize.h" +#include "odk_structs.h" +#include "odk_structs_priv.h" +#include "odk_util.h" +#include "serialization_base.h" + +/* @ private odk functions */ + +static OEMCryptoResult ODK_PrepareRequest( + uint8_t* message, size_t message_length, size_t* core_message_length, + ODK_MessageType message_type, const ODK_NonceValues* nonce_values, + void* prepared_request_buffer, size_t prepared_request_buffer_length) { + if (nonce_values == NULL || core_message_length == NULL || + prepared_request_buffer == NULL || + *core_message_length > message_length) { + return ODK_ERROR_CORE_MESSAGE; + } + + uint8_t blk[SIZE_OF_MESSAGE_STRUCT]; + Message* msg = (Message*)blk; + InitMessage(msg, message, *core_message_length); + + /* The core message should be at the beginning of the buffer, and with a + * shorter length. */ + if (sizeof(ODK_CoreMessage) > prepared_request_buffer_length) { + return ODK_ERROR_CORE_MESSAGE; + } + ODK_CoreMessage* core_message = (ODK_CoreMessage*)prepared_request_buffer; + *core_message = (ODK_CoreMessage){ + message_type, + 0, + *nonce_values, + }; + + /* Set core message length, and pack prepared request into message if the + * message buffer has been correctly initialized by the caller. */ + switch (message_type) { + case ODK_License_Request_Type: { + core_message->message_length = ODK_LICENSE_REQUEST_SIZE; + if (sizeof(ODK_PreparedLicenseRequest) > prepared_request_buffer_length) { + return ODK_ERROR_CORE_MESSAGE; + } + Pack_ODK_PreparedLicenseRequest( + msg, (ODK_PreparedLicenseRequest*)prepared_request_buffer); + break; + } + case ODK_Renewal_Request_Type: { + core_message->message_length = ODK_RENEWAL_REQUEST_SIZE; + if (sizeof(ODK_PreparedRenewalRequest) > prepared_request_buffer_length) { + return ODK_ERROR_CORE_MESSAGE; + } + Pack_ODK_PreparedRenewalRequest( + msg, (ODK_PreparedRenewalRequest*)prepared_request_buffer); + break; + } + case ODK_Provisioning_Request_Type: { + core_message->message_length = ODK_PROVISIONING_REQUEST_SIZE; + if (sizeof(ODK_PreparedProvisioningRequest) > + prepared_request_buffer_length) { + return ODK_ERROR_CORE_MESSAGE; + } + Pack_ODK_PreparedProvisioningRequest( + msg, (ODK_PreparedProvisioningRequest*)prepared_request_buffer); + break; + } + default: { + return ODK_ERROR_CORE_MESSAGE; + } + } + + *core_message_length = core_message->message_length; + if (GetStatus(msg) != MESSAGE_STATUS_OK) { + /* This is to indicate the caller that the core_message_length has been + * appropriately set, but the message buffer is either empty or too small, + * which needs to be initialized and filled in the subsequent call. */ + return OEMCrypto_ERROR_SHORT_BUFFER; + } + if (GetSize(msg) != *core_message_length) { + /* This should not happen. Something is wrong. */ + return ODK_ERROR_CORE_MESSAGE; + } + return OEMCrypto_SUCCESS; +} + +static OEMCryptoResult ODK_ParseResponse( + const uint8_t* message, size_t message_length, size_t core_message_length, + ODK_MessageType message_type, const ODK_NonceValues* nonce_values, + void* response_buffer, uint32_t response_buffer_length) { + if (message == NULL || response_buffer == NULL || + core_message_length > message_length) { + return ODK_ERROR_CORE_MESSAGE; + } + + uint8_t blk[SIZE_OF_MESSAGE_STRUCT]; + Message* msg = (Message*)blk; + +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wcast-qual" + /* We initialize the message buffer with a size of the entire message + * length. */ + /* TODO(b/164486737): Fix the cast-qual warning */ + InitMessage(msg, (uint8_t*)message, message_length); +#pragma GCC diagnostic pop + + /* The core message should be at the beginning of the buffer, and with a + * shorter length. The core message is the part we are parsing. */ + SetSize(msg, core_message_length); + + /* Parse message and unpack it into response buffer. */ + switch (message_type) { + case ODK_License_Response_Type: { + if (sizeof(ODK_LicenseResponse) > response_buffer_length) { + return ODK_ERROR_CORE_MESSAGE; + } + Unpack_ODK_LicenseResponse(msg, (ODK_LicenseResponse*)response_buffer); + break; + } + case ODK_Renewal_Response_Type: { + if (sizeof(ODK_RenewalResponse) > response_buffer_length) { + return ODK_ERROR_CORE_MESSAGE; + } + Unpack_ODK_RenewalResponse(msg, (ODK_RenewalResponse*)response_buffer); + break; + } + case ODK_Provisioning_Response_Type: { + if (sizeof(ODK_ProvisioningResponse) > response_buffer_length) { + return ODK_ERROR_CORE_MESSAGE; + } + Unpack_ODK_ProvisioningResponse( + msg, (ODK_ProvisioningResponse*)response_buffer); + break; + } + default: { + return ODK_ERROR_CORE_MESSAGE; + } + } + + ODK_CoreMessage* core_message = (ODK_CoreMessage*)response_buffer; + if (GetStatus(msg) != MESSAGE_STATUS_OK || + message_type != core_message->message_type || + GetOffset(msg) != core_message->message_length) { + return ODK_ERROR_CORE_MESSAGE; + } + + if (nonce_values) { + /* always verify nonce_values for Renewal and Provisioning responses */ + if (!ODK_NonceValuesEqual(nonce_values, &(core_message->nonce_values))) { + return OEMCrypto_ERROR_INVALID_NONCE; + } + } + + return OEMCrypto_SUCCESS; +} + +/* @ public odk functions */ + +/* @@ prepare request functions */ + +OEMCryptoResult ODK_PrepareCoreLicenseRequest( + uint8_t* message, size_t message_length, size_t* core_message_length, + const ODK_NonceValues* nonce_values) { + if (core_message_length == NULL || nonce_values == NULL) { + return ODK_ERROR_CORE_MESSAGE; + } + ODK_PreparedLicenseRequest license_request = { + {0, 0, {}}, + }; + return ODK_PrepareRequest( + message, message_length, core_message_length, ODK_License_Request_Type, + nonce_values, &license_request, sizeof(ODK_PreparedLicenseRequest)); +} + +OEMCryptoResult ODK_PrepareCoreRenewalRequest(uint8_t* message, + size_t message_length, + size_t* core_message_size, + ODK_NonceValues* nonce_values, + ODK_ClockValues* clock_values, + uint64_t system_time_seconds) { + if (core_message_size == NULL || nonce_values == NULL || + clock_values == NULL) { + return ODK_ERROR_CORE_MESSAGE; + } + + /* If the license has not been loaded, then this is release instead of a + * renewal. All releases use v15. */ + if (clock_values->timer_status == ODK_CLOCK_TIMER_STATUS_LICENSE_NOT_LOADED || + clock_values->timer_status == ODK_CLOCK_TIMER_STATUS_LICENSE_INACTIVE) { + nonce_values->api_major_version = ODK_FIRST_VERSION - 1; + } + if (nonce_values->api_major_version < ODK_FIRST_VERSION) { + *core_message_size = 0; + return OEMCrypto_SUCCESS; + } + + ODK_PreparedRenewalRequest renewal_request = {{0, 0, {}}, 0}; + /* First, we compute the time this request was made relative to the playback + * clock. */ + if (clock_values->time_of_first_decrypt == 0) { + /* It is OK to preemptively request a renewal before playback starts. + * We'll treat this as asking for a renewal at playback time 0. */ + renewal_request.playback_time = 0; + } else { + /* Otherwise, playback_time is relative to the first decrypt. */ + if (odk_sub_overflow_u64(system_time_seconds, + clock_values->time_of_first_decrypt, + &renewal_request.playback_time)) { + return ODK_ERROR_CORE_MESSAGE; + } + } + + /* Save time for this request so that we can verify the response. This makes + * all earlier requests invalid. If preparing this request fails, then all + * requests will be bad. */ + clock_values->time_of_renewal_request = renewal_request.playback_time; + + return ODK_PrepareRequest( + message, message_length, core_message_size, ODK_Renewal_Request_Type, + nonce_values, &renewal_request, sizeof(ODK_PreparedRenewalRequest)); +} + +OEMCryptoResult ODK_PrepareCoreProvisioningRequest( + uint8_t* message, size_t message_length, size_t* core_message_length, + const ODK_NonceValues* nonce_values, const uint8_t* device_id, + size_t device_id_length) { + if (core_message_length == NULL || nonce_values == NULL) { + return ODK_ERROR_CORE_MESSAGE; + } + ODK_PreparedProvisioningRequest provisioning_request = { + {0, 0, {}}, + 0, + {0}, + }; + if (device_id_length > sizeof(provisioning_request.device_id)) { + return ODK_ERROR_CORE_MESSAGE; + } + provisioning_request.device_id_length = (uint32_t)device_id_length; + if (device_id) { + memcpy(provisioning_request.device_id, device_id, device_id_length); + } + return ODK_PrepareRequest(message, message_length, core_message_length, + ODK_Provisioning_Request_Type, nonce_values, + &provisioning_request, + sizeof(ODK_PreparedProvisioningRequest)); +} + +/* @@ parse response functions */ + +OEMCryptoResult ODK_ParseLicense( + const uint8_t* message, size_t message_length, size_t core_message_length, + bool initial_license_load, bool usage_entry_present, + const uint8_t* request_hash, ODK_TimerLimits* timer_limits, + ODK_ClockValues* clock_values, ODK_NonceValues* nonce_values, + ODK_ParsedLicense* parsed_license) { + if (message == NULL || request_hash == NULL || timer_limits == NULL || + clock_values == NULL || nonce_values == NULL || parsed_license == NULL) { + return ODK_ERROR_CORE_MESSAGE; + } + + ODK_LicenseResponse license_response = {{{0, 0, {}}}, NULL, {0}}; + license_response.parsed_license = parsed_license; + + const OEMCryptoResult err = ODK_ParseResponse( + message, message_length, core_message_length, ODK_License_Response_Type, + NULL, &license_response, sizeof(ODK_LicenseResponse)); + + if (err != OEMCrypto_SUCCESS) { + return err; + } + + /* We do not support future API version. Also, this function should not be + * used for legacy licenses. */ + if (license_response.request.core_message.nonce_values.api_major_version > + ODK_MAJOR_VERSION || + license_response.request.core_message.nonce_values.api_major_version < + ODK_FIRST_VERSION) { + return ODK_UNSUPPORTED_API; + } + + /* If the server sent us an older format, record the license's API version. */ + if (nonce_values->api_major_version > + license_response.request.core_message.nonce_values.api_major_version) { + nonce_values->api_major_version = + license_response.request.core_message.nonce_values.api_major_version; + nonce_values->api_minor_version = + license_response.request.core_message.nonce_values.api_minor_version; + } else if (nonce_values->api_minor_version > + license_response.request.core_message.nonce_values + .api_minor_version) { + nonce_values->api_minor_version = + license_response.request.core_message.nonce_values.api_minor_version; + } + /* If the license has a provider session token (pst), then OEMCrypto should + * have a usage entry loaded. The opposite is also an error. */ + if ((usage_entry_present && parsed_license->pst.length == 0) || + (!usage_entry_present && parsed_license->pst.length > 0)) { + return ODK_ERROR_CORE_MESSAGE; + } + + /* If this is the first time we load this license, then we verify that the + * nonce values are the correct, otherwise we copy the nonce values. If the + * nonce values are not required to be correct, then we don't know if this is + * an initial load or not. In that case, we also copy the values so that we + * can use the nonce values later for a renewal. + */ + if (parsed_license->nonce_required && initial_license_load) { + if (nonce_values->nonce != + license_response.request.core_message.nonce_values.nonce || + nonce_values->session_id != + license_response.request.core_message.nonce_values.session_id) { + return OEMCrypto_ERROR_INVALID_NONCE; + } + } else { /* !initial_license_load, or can't tell if initial. */ + nonce_values->nonce = + license_response.request.core_message.nonce_values.nonce; + nonce_values->session_id = + license_response.request.core_message.nonce_values.session_id; + } + /* For v16, in order to be backwards compatible with a v15 license server, + * OEMCrypto stores a hash of the core license request and only signs the + * message body. Here, when we process the license response, we verify that + * the server has the same hash of the core request. */ + if (initial_license_load && parsed_license->nonce_required && + crypto_memcmp(request_hash, license_response.request_hash, + ODK_SHA256_HASH_SIZE)) { + return ODK_ERROR_CORE_MESSAGE; + } + *timer_limits = parsed_license->timer_limits; + /* And update the clock values state. */ + clock_values->timer_status = ODK_CLOCK_TIMER_STATUS_LICENSE_LOADED; + return OEMCrypto_SUCCESS; +} + +OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length, + size_t core_message_length, + const ODK_NonceValues* nonce_values, + uint64_t system_time, + const ODK_TimerLimits* timer_limits, + ODK_ClockValues* clock_values, + uint64_t* timer_value) { + if (message == NULL || nonce_values == NULL || timer_limits == NULL || + clock_values == NULL) { + return ODK_ERROR_CORE_MESSAGE; + } + + ODK_RenewalResponse renewal_response = { + {{0, 0, {}}, 0}, + 0, + }; + const OEMCryptoResult err = ODK_ParseResponse( + message, message_length, core_message_length, ODK_Renewal_Response_Type, + nonce_values, &renewal_response, sizeof(ODK_RenewalResponse)); + + if (err != OEMCrypto_SUCCESS) { + return err; + } + + /* Reference: + * Doc: License Duration and Renewal (Changes for OEMCrypto v16) + * Section: Renewal Message + */ + /* If a renewal request is lost in transit, we should throw it out and create + * a new one. We use the timestamp to make sure we have the latest request. + * We only do this if playback has already started. This allows us to reload + * an offline license and also reload a renewal before starting playback. + */ + if (clock_values->timer_status != ODK_CLOCK_TIMER_STATUS_LICENSE_LOADED && + clock_values->time_of_renewal_request < + renewal_response.request.playback_time) { + return ODK_STALE_RENEWAL; + } + return ODK_ComputeRenewalDuration(timer_limits, clock_values, system_time, + renewal_response.renewal_duration_seconds, + timer_value); +} + +OEMCryptoResult ODK_ParseProvisioning( + const uint8_t* message, size_t message_length, size_t core_message_length, + const ODK_NonceValues* nonce_values, const uint8_t* device_id, + size_t device_id_length, ODK_ParsedProvisioning* parsed_response) { + if (message == NULL || nonce_values == NULL || device_id == NULL || + parsed_response == NULL) { + return ODK_ERROR_CORE_MESSAGE; + } + + ODK_ProvisioningResponse provisioning_response = {{{0, 0, {}}, 0, {0}}, NULL}; + provisioning_response.parsed_provisioning = parsed_response; + + if (device_id_length > ODK_DEVICE_ID_LEN_MAX) { + return ODK_ERROR_CORE_MESSAGE; + } + + const OEMCryptoResult err = ODK_ParseResponse( + message, message_length, core_message_length, + ODK_Provisioning_Response_Type, nonce_values, &provisioning_response, + sizeof(ODK_ProvisioningResponse)); + + if (err != OEMCrypto_SUCCESS) { + return err; + } + + if (crypto_memcmp(device_id, provisioning_response.request.device_id, + device_id_length) != 0) { + return ODK_ERROR_CORE_MESSAGE; + } + + const uint8_t zero[ODK_DEVICE_ID_LEN_MAX] = {0}; + /* check bytes beyond device_id_length are 0 */ + if (crypto_memcmp(zero, + provisioning_response.request.device_id + device_id_length, + ODK_DEVICE_ID_LEN_MAX - device_id_length) != 0) { + return ODK_ERROR_CORE_MESSAGE; + } + + return OEMCrypto_SUCCESS; +} diff --git a/oemcrypto/odk/src/odk.gyp b/oemcrypto/odk/src/odk.gyp new file mode 100644 index 00000000..a16dec65 --- /dev/null +++ b/oemcrypto/odk/src/odk.gyp @@ -0,0 +1,24 @@ +# Copyright 2019 Google LLC. All rights reserved. This file and proprietary +# source code may only be used and distributed under the Widevine Master License +# Agreement. + +{ + 'targets': [ + { + 'target_name': 'odk', + 'type': 'static_library', + 'include_dirs': [ + '../include', + '../../include', + ], + 'includes' : [ + 'odk.gypi', + ], + 'direct_dependent_settings': { + 'include_dirs': [ + '../include', + ], + } + }, + ], +} diff --git a/oemcrypto/odk/src/odk.gypi b/oemcrypto/odk/src/odk.gypi new file mode 100644 index 00000000..ec29751a --- /dev/null +++ b/oemcrypto/odk/src/odk.gypi @@ -0,0 +1,17 @@ +# Copyright 2019 Google LLC. All rights reserved. This file and proprietary +# source code may only be used and distributed under the Widevine Master License +# Agreement. + +# These files are built into the ODK library on the device. They are also used +# by the server and by test cocde. These files should compile on C99 compilers. +{ + 'sources': [ + 'odk.c', + 'odk_overflow.c', + 'odk_serialize.c', + 'odk_timer.c', + 'odk_util.c', + 'serialization_base.c', + ], +} + diff --git a/oemcrypto/odk/src/odk_assert.h b/oemcrypto/odk/src/odk_assert.h new file mode 100644 index 00000000..149021fd --- /dev/null +++ b/oemcrypto/odk/src/odk_assert.h @@ -0,0 +1,24 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#ifndef WIDEVINE_ODK_SRC_ODK_ASSERT_H_ +#define WIDEVINE_ODK_SRC_ODK_ASSERT_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#if (__STDC_VERSION__ >= 201112L) +#include +#define odk_static_assert static_assert +#else +#define odk_static_assert(msg, e) \ + enum { odk_static_assert = 1 / (!!((msg) && (e))) }; +#endif + +#ifdef __cplusplus +} +#endif + +#endif // WIDEVINE_ODK_SRC_ODK_ASSERT_H_ diff --git a/oemcrypto/odk/src/odk_endian.h b/oemcrypto/odk/src/odk_endian.h new file mode 100644 index 00000000..00dc01ec --- /dev/null +++ b/oemcrypto/odk/src/odk_endian.h @@ -0,0 +1,29 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#ifndef WIDEVINE_ODK_SRC_ODK_ENDIAN_H_ +#define WIDEVINE_ODK_SRC_ODK_ENDIAN_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(__linux__) || defined(__ANDROID__) +#include +#define oemcrypto_htobe32 htobe32 +#define oemcrypto_be32toh be32toh +#define oemcrypto_htobe64 htobe64 +#define oemcrypto_be64toh be64toh +#else /* defined(__linux__) || defined(__ANDROID__) */ +uint32_t oemcrypto_htobe32(uint32_t u32); +uint32_t oemcrypto_be32toh(uint32_t u32); +uint64_t oemcrypto_htobe64(uint64_t u64); +uint64_t oemcrypto_be64toh(uint64_t u64); +#endif /* defined(__linux__) || defined(__ANDROID__) */ + +#ifdef __cplusplus +} +#endif + +#endif // WIDEVINE_ODK_SRC_ODK_ENDIAN_H_ diff --git a/oemcrypto/odk/src/odk_overflow.c b/oemcrypto/odk/src/odk_overflow.c new file mode 100644 index 00000000..a03f0f61 --- /dev/null +++ b/oemcrypto/odk/src/odk_overflow.c @@ -0,0 +1,36 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#include +#include + +int odk_sub_overflow_u64(uint64_t a, uint64_t b, uint64_t* c) { + if (a >= b) { + if (c) { + *c = a - b; + } + return 0; + } + return 1; +} + +int odk_add_overflow_u64(uint64_t a, uint64_t b, uint64_t* c) { + if (UINT64_MAX - a >= b) { + if (c) { + *c = a + b; + } + return 0; + } + return 1; +} + +int odk_add_overflow_ux(size_t a, size_t b, size_t* c) { + if (SIZE_MAX - a >= b) { + if (c) { + *c = a + b; + } + return 0; + } + return 1; +} diff --git a/oemcrypto/odk/src/odk_overflow.h b/oemcrypto/odk/src/odk_overflow.h new file mode 100644 index 00000000..6f3f994e --- /dev/null +++ b/oemcrypto/odk/src/odk_overflow.h @@ -0,0 +1,23 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#ifndef WIDEVINE_ODK_SRC_ODK_OVERFLOW_H_ +#define WIDEVINE_ODK_SRC_ODK_OVERFLOW_H_ + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +int odk_sub_overflow_u64(uint64_t a, uint64_t b, uint64_t* c); +int odk_add_overflow_u64(uint64_t a, uint64_t b, uint64_t* c); +int odk_add_overflow_ux(size_t a, size_t b, size_t* c); + +#ifdef __cplusplus +} +#endif + +#endif // WIDEVINE_ODK_SRC_ODK_OVERFLOW_H_ diff --git a/oemcrypto/odk/src/odk_serialize.c b/oemcrypto/odk/src/odk_serialize.c new file mode 100644 index 00000000..ae53e735 --- /dev/null +++ b/oemcrypto/odk/src/odk_serialize.c @@ -0,0 +1,217 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +/* + * This code is auto-generated, do not edit + */ + +#include "odk_structs_priv.h" +#include "serialization_base.h" + +/* @ serialize */ + +/* @@ private serialize */ + +static void Pack_ODK_NonceValues(Message* msg, ODK_NonceValues const* obj) { + Pack_uint16_t(msg, &obj->api_minor_version); + Pack_uint16_t(msg, &obj->api_major_version); + Pack_uint32_t(msg, &obj->nonce); + Pack_uint32_t(msg, &obj->session_id); +} + +static void Pack_ODK_CoreMessage(Message* msg, ODK_CoreMessage const* obj) { + Pack_uint32_t(msg, &obj->message_type); + Pack_uint32_t(msg, &obj->message_length); + Pack_ODK_NonceValues(msg, &obj->nonce_values); +} + +static void Pack_OEMCrypto_KeyObject(Message* msg, + OEMCrypto_KeyObject const* obj) { + Pack_OEMCrypto_Substring(msg, &obj->key_id); + Pack_OEMCrypto_Substring(msg, &obj->key_data_iv); + Pack_OEMCrypto_Substring(msg, &obj->key_data); + Pack_OEMCrypto_Substring(msg, &obj->key_control_iv); + Pack_OEMCrypto_Substring(msg, &obj->key_control); +} + +static void Pack_ODK_TimerLimits(Message* msg, ODK_TimerLimits const* obj) { + Pack_bool(msg, &obj->soft_enforce_rental_duration); + Pack_bool(msg, &obj->soft_enforce_playback_duration); + Pack_uint64_t(msg, &obj->earliest_playback_start_seconds); + Pack_uint64_t(msg, &obj->rental_duration_seconds); + Pack_uint64_t(msg, &obj->total_playback_duration_seconds); + Pack_uint64_t(msg, &obj->initial_renewal_duration_seconds); +} + +static void Pack_ODK_ParsedLicense(Message* msg, ODK_ParsedLicense const* obj) { + /* hand-coded */ + if (obj->key_array_length > ODK_MAX_NUM_KEYS) { + SetStatus(msg, MESSAGE_STATUS_OVERFLOW_ERROR); + return; + } + Pack_OEMCrypto_Substring(msg, &obj->enc_mac_keys_iv); + Pack_OEMCrypto_Substring(msg, &obj->enc_mac_keys); + Pack_OEMCrypto_Substring(msg, &obj->pst); + Pack_OEMCrypto_Substring(msg, &obj->srm_restriction_data); + Pack_enum(msg, obj->license_type); + Pack_bool(msg, &obj->nonce_required); + Pack_ODK_TimerLimits(msg, &obj->timer_limits); + Pack_uint32_t(msg, &obj->key_array_length); + size_t i; + for (i = 0; i < (size_t)obj->key_array_length; i++) { + Pack_OEMCrypto_KeyObject(msg, &obj->key_array[i]); + } +} + +static void Pack_ODK_ParsedProvisioning(Message* msg, + ODK_ParsedProvisioning const* obj) { + Pack_enum(msg, obj->key_type); + Pack_OEMCrypto_Substring(msg, &obj->enc_private_key); + Pack_OEMCrypto_Substring(msg, &obj->enc_private_key_iv); + Pack_OEMCrypto_Substring(msg, &obj->encrypted_message_key); +} + +/* @@ odk serialize */ + +void Pack_ODK_PreparedLicenseRequest(Message* msg, + ODK_PreparedLicenseRequest const* obj) { + Pack_ODK_CoreMessage(msg, &obj->core_message); +} + +void Pack_ODK_PreparedRenewalRequest(Message* msg, + ODK_PreparedRenewalRequest const* obj) { + Pack_ODK_CoreMessage(msg, &obj->core_message); + Pack_uint64_t(msg, &obj->playback_time); +} + +void Pack_ODK_PreparedProvisioningRequest( + Message* msg, ODK_PreparedProvisioningRequest const* obj) { + Pack_ODK_CoreMessage(msg, &obj->core_message); + Pack_uint32_t(msg, &obj->device_id_length); + PackArray(msg, &obj->device_id[0], sizeof(obj->device_id)); +} + +/* @@ kdo serialize */ + +void Pack_ODK_LicenseResponse(Message* msg, ODK_LicenseResponse const* obj) { + Pack_ODK_PreparedLicenseRequest(msg, &obj->request); + Pack_ODK_ParsedLicense(msg, (const ODK_ParsedLicense*)obj->parsed_license); + PackArray(msg, &obj->request_hash[0], sizeof(obj->request_hash)); +} + +void Pack_ODK_RenewalResponse(Message* msg, ODK_RenewalResponse const* obj) { + Pack_ODK_PreparedRenewalRequest(msg, &obj->request); + Pack_uint64_t(msg, &obj->renewal_duration_seconds); +} + +void Pack_ODK_ProvisioningResponse(Message* msg, + ODK_ProvisioningResponse const* obj) { + Pack_ODK_PreparedProvisioningRequest(msg, &obj->request); + Pack_ODK_ParsedProvisioning( + msg, (const ODK_ParsedProvisioning*)obj->parsed_provisioning); +} + +/* @ deserialize */ + +/* @@ private deserialize */ + +static void Unpack_ODK_NonceValues(Message* msg, ODK_NonceValues* obj) { + Unpack_uint16_t(msg, &obj->api_minor_version); + Unpack_uint16_t(msg, &obj->api_major_version); + Unpack_uint32_t(msg, &obj->nonce); + Unpack_uint32_t(msg, &obj->session_id); +} + +static void Unpack_ODK_CoreMessage(Message* msg, ODK_CoreMessage* obj) { + Unpack_uint32_t(msg, &obj->message_type); + Unpack_uint32_t(msg, &obj->message_length); + Unpack_ODK_NonceValues(msg, &obj->nonce_values); +} + +static void Unpack_OEMCrypto_KeyObject(Message* msg, OEMCrypto_KeyObject* obj) { + Unpack_OEMCrypto_Substring(msg, &obj->key_id); + Unpack_OEMCrypto_Substring(msg, &obj->key_data_iv); + Unpack_OEMCrypto_Substring(msg, &obj->key_data); + Unpack_OEMCrypto_Substring(msg, &obj->key_control_iv); + Unpack_OEMCrypto_Substring(msg, &obj->key_control); +} + +static void Unpack_ODK_TimerLimits(Message* msg, ODK_TimerLimits* obj) { + Unpack_bool(msg, &obj->soft_enforce_rental_duration); + Unpack_bool(msg, &obj->soft_enforce_playback_duration); + Unpack_uint64_t(msg, &obj->earliest_playback_start_seconds); + Unpack_uint64_t(msg, &obj->rental_duration_seconds); + Unpack_uint64_t(msg, &obj->total_playback_duration_seconds); + Unpack_uint64_t(msg, &obj->initial_renewal_duration_seconds); +} + +static void Unpack_ODK_ParsedLicense(Message* msg, ODK_ParsedLicense* obj) { + Unpack_OEMCrypto_Substring(msg, &obj->enc_mac_keys_iv); + Unpack_OEMCrypto_Substring(msg, &obj->enc_mac_keys); + Unpack_OEMCrypto_Substring(msg, &obj->pst); + Unpack_OEMCrypto_Substring(msg, &obj->srm_restriction_data); + obj->license_type = (OEMCrypto_LicenseType)Unpack_enum(msg); + Unpack_bool(msg, &obj->nonce_required); + Unpack_ODK_TimerLimits(msg, &obj->timer_limits); + Unpack_uint32_t(msg, &obj->key_array_length); + if (obj->key_array_length > ODK_MAX_NUM_KEYS) { + SetStatus(msg, MESSAGE_STATUS_OVERFLOW_ERROR); + return; + } + uint32_t i; + for (i = 0; i < obj->key_array_length; i++) { + Unpack_OEMCrypto_KeyObject(msg, &obj->key_array[i]); + } +} + +static void Unpack_ODK_ParsedProvisioning(Message* msg, + ODK_ParsedProvisioning* obj) { + obj->key_type = (OEMCrypto_PrivateKeyType)Unpack_enum(msg); + Unpack_OEMCrypto_Substring(msg, &obj->enc_private_key); + Unpack_OEMCrypto_Substring(msg, &obj->enc_private_key_iv); + Unpack_OEMCrypto_Substring(msg, &obj->encrypted_message_key); +} + +/* @ kdo deserialize */ + +void Unpack_ODK_PreparedLicenseRequest(Message* msg, + ODK_PreparedLicenseRequest* obj) { + Unpack_ODK_CoreMessage(msg, &obj->core_message); +} + +void Unpack_ODK_PreparedRenewalRequest(Message* msg, + ODK_PreparedRenewalRequest* obj) { + Unpack_ODK_CoreMessage(msg, &obj->core_message); + Unpack_uint64_t(msg, &obj->playback_time); +} + +void Unpack_ODK_PreparedProvisioningRequest( + Message* msg, ODK_PreparedProvisioningRequest* obj) { + Unpack_ODK_CoreMessage(msg, &obj->core_message); + Unpack_uint32_t(msg, &obj->device_id_length); + UnpackArray(msg, &obj->device_id[0], sizeof(obj->device_id)); +} + +void Unpack_ODK_PreparedCommonRequest(Message* msg, + ODK_PreparedCommonRequest* obj) { + Unpack_ODK_CoreMessage(msg, &obj->core_message); +} +/* @@ odk deserialize */ + +void Unpack_ODK_LicenseResponse(Message* msg, ODK_LicenseResponse* obj) { + Unpack_ODK_PreparedLicenseRequest(msg, &obj->request); + Unpack_ODK_ParsedLicense(msg, obj->parsed_license); + UnpackArray(msg, &obj->request_hash[0], sizeof(obj->request_hash)); +} + +void Unpack_ODK_RenewalResponse(Message* msg, ODK_RenewalResponse* obj) { + Unpack_ODK_PreparedRenewalRequest(msg, &obj->request); + Unpack_uint64_t(msg, &obj->renewal_duration_seconds); +} + +void Unpack_ODK_ProvisioningResponse(Message* msg, + ODK_ProvisioningResponse* obj) { + Unpack_ODK_PreparedProvisioningRequest(msg, &obj->request); + Unpack_ODK_ParsedProvisioning(msg, obj->parsed_provisioning); +} diff --git a/oemcrypto/odk/src/odk_serialize.h b/oemcrypto/odk/src/odk_serialize.h new file mode 100644 index 00000000..73f4abd1 --- /dev/null +++ b/oemcrypto/odk/src/odk_serialize.h @@ -0,0 +1,52 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +/* + * This code is auto-generated, do not edit + */ +#ifndef WIDEVINE_ODK_SRC_ODK_SERIALIZE_H_ +#define WIDEVINE_ODK_SRC_ODK_SERIALIZE_H_ + +#include "odk_structs_priv.h" +#include "serialization_base.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* odk pack */ +void Pack_ODK_PreparedLicenseRequest(Message* msg, + const ODK_PreparedLicenseRequest* obj); +void Pack_ODK_PreparedRenewalRequest(Message* msg, + const ODK_PreparedRenewalRequest* obj); +void Pack_ODK_PreparedProvisioningRequest( + Message* msg, const ODK_PreparedProvisioningRequest* obj); + +/* odk unpack */ +void Unpack_ODK_LicenseResponse(Message* msg, ODK_LicenseResponse* obj); +void Unpack_ODK_RenewalResponse(Message* msg, ODK_RenewalResponse* obj); +void Unpack_ODK_ProvisioningResponse(Message* msg, + ODK_ProvisioningResponse* obj); + +/* kdo pack */ +void Pack_ODK_LicenseResponse(Message* msg, const ODK_LicenseResponse* obj); +void Pack_ODK_RenewalResponse(Message* msg, const ODK_RenewalResponse* obj); +void Pack_ODK_ProvisioningResponse(Message* msg, + const ODK_ProvisioningResponse* obj); + +/* kdo unpack */ +void Unpack_ODK_PreparedLicenseRequest(Message* msg, + ODK_PreparedLicenseRequest* obj); +void Unpack_ODK_PreparedRenewalRequest(Message* msg, + ODK_PreparedRenewalRequest* obj); +void Unpack_ODK_PreparedProvisioningRequest( + Message* msg, ODK_PreparedProvisioningRequest* obj); + +void Unpack_ODK_PreparedCommonRequest(Message* msg, + ODK_PreparedCommonRequest* obj); + +#ifdef __cplusplus +} // extern "C" +#endif +#endif // WIDEVINE_ODK_SRC_ODK_SERIALIZE_H_ diff --git a/oemcrypto/odk/src/odk_structs_priv.h b/oemcrypto/odk/src/odk_structs_priv.h new file mode 100644 index 00000000..7b1f6de7 --- /dev/null +++ b/oemcrypto/odk/src/odk_structs_priv.h @@ -0,0 +1,109 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#ifndef WIDEVINE_ODK_SRC_ODK_STRUCTS_PRIV_H_ +#define WIDEVINE_ODK_SRC_ODK_STRUCTS_PRIV_H_ + +#include + +#include "OEMCryptoCENCCommon.h" +#include "odk_structs.h" + +#ifdef __cplusplus +extern "C" { +#endif + +typedef enum { + ODK_License_Request_Type = 1, + ODK_License_Response_Type = 2, + ODK_Renewal_Request_Type = 3, + ODK_Renewal_Response_Type = 4, + ODK_Provisioning_Request_Type = 5, + ODK_Provisioning_Response_Type = 6, + + // Reserve future message types to support forward compatibility. + ODK_Release_Request_Type = 7, + ODK_Release_Response_Type = 8, + ODK_Common_Request_Type = 9, + ODK_Common_Response_Type = 10, +} ODK_MessageType; + +typedef struct { + uint32_t message_type; + uint32_t message_length; + ODK_NonceValues nonce_values; +} ODK_CoreMessage; + +typedef struct { + ODK_CoreMessage core_message; +} ODK_PreparedLicenseRequest; + +typedef struct { + ODK_CoreMessage core_message; + uint64_t playback_time; +} ODK_PreparedRenewalRequest; + +typedef struct { + ODK_CoreMessage core_message; + uint32_t device_id_length; + uint8_t device_id[ODK_DEVICE_ID_LEN_MAX]; +} ODK_PreparedProvisioningRequest; + +typedef struct { + ODK_CoreMessage core_message; +} ODK_PreparedCommonRequest; + +typedef struct { + ODK_PreparedLicenseRequest request; + ODK_ParsedLicense* parsed_license; + uint8_t request_hash[ODK_SHA256_HASH_SIZE]; +} ODK_LicenseResponse; + +typedef struct { + ODK_PreparedRenewalRequest request; + uint64_t renewal_duration_seconds; +} ODK_RenewalResponse; + +typedef struct { + ODK_PreparedProvisioningRequest request; + ODK_ParsedProvisioning* parsed_provisioning; +} ODK_ProvisioningResponse; + +// These are the sum of sizeof of each individual member of the request structs +// without any padding added by the compiler. Make sure they get updated when +// request structs change. Refer to test suite OdkSizeTest in +// ../test/odk_test.cpp for validations of each of the defined request sizes. +#define ODK_LICENSE_REQUEST_SIZE 20 +#define ODK_RENEWAL_REQUEST_SIZE 28 +#define ODK_PROVISIONING_REQUEST_SIZE 88 + +// These are the possible timer status values. +#define ODK_CLOCK_TIMER_STATUS_UNDEFINED 0 // Should not happen. +// When the structure has been initialized, but no license is loaded. +#define ODK_CLOCK_TIMER_STATUS_LICENSE_NOT_LOADED 1 +// After the license is loaded, before a successful decrypt. +#define ODK_CLOCK_TIMER_STATUS_LICENSE_LOADED 2 +// After the license is loaded, if a renewal has also been loaded. +#define ODK_CLOCK_TIMER_STATUS_RENEWAL_LOADED 3 +// The first decrypt has occurred and the timer is active. +#define ODK_CLOCK_TIMER_STATUS_ACTIVE 4 +// The first decrypt has occurred and the timer is unlimited. +#define ODK_CLOCK_TIMER_STATUS_UNLIMITED 5 +// The timer has transitioned from active to expired. +#define ODK_CLOCK_TIMER_STATUS_EXPIRED 6 +// The license has been marked as inactive. +#define ODK_CLOCK_TIMER_STATUS_LICENSE_INACTIVE 7 + +// A helper function for computing timer limits when a renewal is loaded. +OEMCryptoResult ODK_ComputeRenewalDuration(const ODK_TimerLimits* timer_limits, + ODK_ClockValues* clock_values, + uint64_t system_time_seconds, + uint64_t new_renewal_duration, + uint64_t* timer_value); + +#ifdef __cplusplus +} +#endif + +#endif // WIDEVINE_ODK_SRC_ODK_STRUCTS_PRIV_H_ diff --git a/oemcrypto/odk/src/odk_timer.c b/oemcrypto/odk/src/odk_timer.c new file mode 100644 index 00000000..67c34700 --- /dev/null +++ b/oemcrypto/odk/src/odk_timer.c @@ -0,0 +1,503 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#include +#include + +#include "odk.h" +#include "odk_attributes.h" +#include "odk_overflow.h" +#include "odk_structs_priv.h" + +/* Private function. Checks to see if the license is active. Returns + * ODK_TIMER_EXPIRED if the license is valid but inactive. Returns + * OEMCrypto_SUCCESS if the license is active. Returns + * OEMCrypto_ERROR_UNKNOWN_FAILURE on other errors. */ +static OEMCryptoResult ODK_LicenseActive(const ODK_TimerLimits* timer_limits, + ODK_ClockValues* clock_values) { + /* Check some basic errors. */ + if (clock_values == NULL || timer_limits == NULL) { + return OEMCrypto_ERROR_INVALID_CONTEXT; + } + /* Check if the license has not been loaded yet. */ + if (clock_values->timer_status == ODK_CLOCK_TIMER_STATUS_UNDEFINED || + clock_values->timer_status == ODK_CLOCK_TIMER_STATUS_LICENSE_NOT_LOADED) { + return OEMCrypto_ERROR_UNKNOWN_FAILURE; + } + if (clock_values->status > kActive) { + return ODK_TIMER_EXPIRED; + } + return OEMCrypto_SUCCESS; +} + +/* Private function. Sets the timer_value to be the min(timer_value, new_value), + * with the convention that 0 means infinite. The convention that 0 means + * infinite is used for all Widevine license and duration values. */ +static void ComputeMinimum(uint64_t* timer_value, uint64_t new_value) { + if (timer_value == NULL) return; + if (new_value > 0) { + if (*timer_value == 0 || *timer_value > new_value) { + *timer_value = new_value; + } + } +} + +/* Private function. Check to see if the rental window restricts playback. If + * the rental enforcement is hard, or if this is the first playback, then we + * verify that system_time_seconds is within the rental window. If the + * enforcement is soft and we have already started playback, then there is no + * restriction. + * Return ODK_TIMER_EXPIRED if out of the window. + * Return ODK_TIMER_ACTIVE if within the window, and there is a hard limit. + * Return ODK_DISABLE_TIMER if no there should be no limit. + * Return other error on error. + * Also, if this function does compute a limit, the timer_value is reduced to + * obey that limit. If the limit is less restrictive than the current + * timer_value, then timer_value is not changed. */ +static OEMCryptoResult ODK_CheckRentalWindow( + const ODK_TimerLimits* timer_limits, ODK_ClockValues* clock_values, + uint64_t system_time_seconds, uint64_t* timer_value) { + if (clock_values == NULL || timer_limits == NULL || timer_value == NULL) { + return OEMCrypto_ERROR_INVALID_CONTEXT; + } + /* If playback has already started, and rental duration enforcement is soft, + * then there is no restriction. */ + if (clock_values->time_of_first_decrypt > 0 && + timer_limits->soft_enforce_rental_duration) { + return ODK_DISABLE_TIMER; + } + + /* rental_clock = time since license signed. */ + uint64_t rental_clock = 0; + if (odk_sub_overflow_u64(system_time_seconds, + clock_values->time_of_license_signed, + &rental_clock)) { + return OEMCrypto_ERROR_INVALID_CONTEXT; + } + /* Check if it is before license is valid. This is an unusual case. First + * playback may still work if it occurs after the rental window opens. */ + if (rental_clock < timer_limits->earliest_playback_start_seconds) { + return ODK_TIMER_EXPIRED; + } + /* If the rental duration is 0, there is no limit. */ + if (timer_limits->rental_duration_seconds == 0) { + return ODK_DISABLE_TIMER; + } + /* End of rental window, based on rental clock (not system time). */ + uint64_t end_of_rental_window = 0; + if (odk_add_overflow_u64(timer_limits->earliest_playback_start_seconds, + timer_limits->rental_duration_seconds, + &end_of_rental_window)) { + return OEMCrypto_ERROR_INVALID_CONTEXT; + } + if (end_of_rental_window <= rental_clock) { + return ODK_TIMER_EXPIRED; + } + /* At this point system_time is within the rental window. */ + if (timer_limits->soft_enforce_rental_duration) { + /* For soft enforcement, we allow playback, and do not adjust the timer. */ + return ODK_DISABLE_TIMER; + } + uint64_t time_left = 0; + if (odk_sub_overflow_u64(end_of_rental_window, rental_clock, &time_left)) { + return OEMCrypto_ERROR_INVALID_CONTEXT; + } + ComputeMinimum(timer_value, time_left); + return ODK_SET_TIMER; +} + +/* Private function. Check to see if the playback window restricts + * playback. This should only be called if playback has started, so that + * clock_values->time_of_first_decrypt is nonzero. + * Return ODK_TIMER_EXPIRED if out of the window. + * Return ODK_SET_TIMER if within the window, and there is a hard limit. + * Return ODK_DISABLE_TIMER if no limit. + * Return other error on error. + * Also, if this function does compute a limit, the timer_value is reduced to + * obey that limit. If the limit is less restrictive than the current + * timer_value, then timer_value is not changed. */ +static OEMCryptoResult ODK_CheckPlaybackWindow( + const ODK_TimerLimits* timer_limits, ODK_ClockValues* clock_values, + uint64_t system_time_seconds, uint64_t* timer_value) { + if (clock_values == NULL || timer_limits == NULL || timer_value == NULL) { + return OEMCrypto_ERROR_UNKNOWN_FAILURE; + } + /* if the playback duration is 0, there is no limit. */ + if (timer_limits->total_playback_duration_seconds == 0) { + return ODK_DISABLE_TIMER; + } + uint64_t end_of_playback_window = 0; + if (odk_add_overflow_u64(timer_limits->total_playback_duration_seconds, + clock_values->time_of_first_decrypt, + &end_of_playback_window)) { + return OEMCrypto_ERROR_INVALID_CONTEXT; + } + if (end_of_playback_window <= system_time_seconds) { + return ODK_TIMER_EXPIRED; + } + /* At this point, system_time is within the total playback window. */ + if (timer_limits->soft_enforce_playback_duration) { + /* For soft enforcement, we allow playback, and do not adjust the timer. */ + return ODK_DISABLE_TIMER; + } + uint64_t time_left = 0; + if (odk_sub_overflow_u64(end_of_playback_window, system_time_seconds, + &time_left)) { + return OEMCrypto_ERROR_INVALID_CONTEXT; + } + ComputeMinimum(timer_value, time_left); + return ODK_SET_TIMER; +} + +/* Update the timer status. If playback has already started, we use the given + * status. However, if playback has not yet started, then we expect a call to + * ODK_AttemptFirstPlayback in the future, and we need to signal to it that we + * have already computed the timer limit. */ +static void ODK_UpdateTimerStatusForRenewal(ODK_ClockValues* clock_values, + uint32_t new_status) { + if (clock_values == NULL) { + return; /* should not happen. */ + } + if (clock_values->timer_status == ODK_CLOCK_TIMER_STATUS_LICENSE_LOADED) { + /* Signal that the timer is already set. */ + clock_values->timer_status = ODK_CLOCK_TIMER_STATUS_RENEWAL_LOADED; + } else { + clock_values->timer_status = new_status; + } +} + +/* Private function, but accessed from odk.c so cannot be static. This checks to + * see if a renewal message should restart the playback timer and sets the value + * appropriately. */ +OEMCryptoResult ODK_ComputeRenewalDuration(const ODK_TimerLimits* timer_limits, + ODK_ClockValues* clock_values, + uint64_t system_time_seconds, + uint64_t new_renewal_duration, + uint64_t* timer_value) { + if (timer_limits == NULL || clock_values == NULL) { + return OEMCrypto_ERROR_INVALID_CONTEXT; /* should not happen. */ + } + /* If this is before the license was signed, something is odd. Return an + * error. */ + if (system_time_seconds < clock_values->time_of_license_signed) { + return OEMCrypto_ERROR_UNKNOWN_FAILURE; + } + + const OEMCryptoResult license_status = + ODK_LicenseActive(timer_limits, clock_values); + /* If the license is not active, then we cannot renew the license. */ + if (license_status != OEMCrypto_SUCCESS) { + return license_status; + } + + /* We start with the new renewal duration as the new timer limit. */ + uint64_t new_timer_value = new_renewal_duration; + + /* Then we factor in the rental window restrictions. This might decrease + * new_timer_value. */ + const OEMCryptoResult rental_status = ODK_CheckRentalWindow( + timer_limits, clock_values, system_time_seconds, &new_timer_value); + + /* If the rental status forbids playback, then we're done. */ + if ((rental_status != ODK_DISABLE_TIMER) && + (rental_status != ODK_SET_TIMER)) { + return rental_status; + } + + /* If playback has already started and it has hard enforcement, then check + * total playback window. */ + if (clock_values->time_of_first_decrypt > 0 && + !timer_limits->soft_enforce_playback_duration) { + /* This might decrease new_timer_value. */ + const OEMCryptoResult playback_status = ODK_CheckPlaybackWindow( + timer_limits, clock_values, system_time_seconds, &new_timer_value); + /* If the timer limits forbid playback in the playback window, then we're + * done. */ + if ((playback_status != ODK_DISABLE_TIMER) && + (playback_status != ODK_SET_TIMER)) { + return playback_status; + } + } + + /* If new_timer_value is infinite (represented by 0), then there are no + * limits, so we can return now. */ + if (new_timer_value == 0) { + clock_values->time_when_timer_expires = 0; + ODK_UpdateTimerStatusForRenewal(clock_values, + ODK_CLOCK_TIMER_STATUS_UNLIMITED); + return ODK_DISABLE_TIMER; + } + + /* If the caller gave us a pointer to store the new timer value. Fill it. */ + if (timer_value != NULL) { + *timer_value = new_timer_value; + } + if (odk_add_overflow_u64(system_time_seconds, new_timer_value, + &clock_values->time_when_timer_expires)) { + return OEMCrypto_ERROR_UNKNOWN_FAILURE; + } + ODK_UpdateTimerStatusForRenewal(clock_values, ODK_CLOCK_TIMER_STATUS_ACTIVE); + return ODK_SET_TIMER; +} + +/************************************************************************/ +/************************************************************************/ +/* Public functions, declared in odk.h. */ + +/* This is called when OEMCrypto opens a new session. */ +OEMCryptoResult ODK_InitializeSessionValues(ODK_TimerLimits* timer_limits, + ODK_ClockValues* clock_values, + ODK_NonceValues* nonce_values, + uint32_t api_major_version, + uint32_t session_id) { + if (timer_limits == NULL || clock_values == NULL || nonce_values == NULL) { + return OEMCrypto_ERROR_INVALID_CONTEXT; + } + /* Check that the API version passed in from OEMCrypto matches the version of + * this ODK library. */ + if (api_major_version != ODK_MAJOR_VERSION) { + return OEMCrypto_ERROR_INVALID_CONTEXT; + } + timer_limits->soft_enforce_rental_duration = false; + timer_limits->soft_enforce_playback_duration = false; + timer_limits->earliest_playback_start_seconds = 0; + timer_limits->rental_duration_seconds = 0; + timer_limits->total_playback_duration_seconds = 0; + timer_limits->initial_renewal_duration_seconds = 0; + + ODK_InitializeClockValues(clock_values, 0); + + nonce_values->api_major_version = ODK_MAJOR_VERSION; + nonce_values->api_minor_version = ODK_MINOR_VERSION; + nonce_values->nonce = 0; + nonce_values->session_id = session_id; + + return OEMCrypto_SUCCESS; +} + +/* This is called when OEMCrypto generates a new nonce in + * OEMCrypto_GenerateNonce. */ +OEMCryptoResult ODK_SetNonceValues(ODK_NonceValues* nonce_values, + uint32_t nonce) { + if (nonce_values == NULL) { + return OEMCrypto_ERROR_INVALID_CONTEXT; + } + /* Setting the nonce should only happen once per session. */ + if (nonce_values->nonce != 0) { + return OEMCrypto_ERROR_INVALID_CONTEXT; + } + nonce_values->nonce = nonce; + return OEMCrypto_SUCCESS; +} + +/* This is called when OEMCrypto signs a license. */ +OEMCryptoResult ODK_InitializeClockValues(ODK_ClockValues* clock_values, + uint64_t system_time_seconds) { + if (clock_values == NULL) { + return OEMCrypto_ERROR_INVALID_CONTEXT; + } + clock_values->time_of_license_signed = system_time_seconds; + clock_values->time_of_first_decrypt = 0; + clock_values->time_of_last_decrypt = 0; + clock_values->time_when_timer_expires = 0; + clock_values->timer_status = ODK_CLOCK_TIMER_STATUS_LICENSE_NOT_LOADED; + clock_values->status = kUnused; + return OEMCrypto_SUCCESS; +} + +/* This is called when OEMCrypto reloads a usage entry. */ +OEMCryptoResult ODK_ReloadClockValues(ODK_ClockValues* clock_values, + uint64_t time_of_license_signed, + uint64_t time_of_first_decrypt, + uint64_t time_of_last_decrypt, + enum OEMCrypto_Usage_Entry_Status status, + uint64_t system_time_seconds UNUSED) { + if (clock_values == NULL) { + return OEMCrypto_ERROR_INVALID_CONTEXT; + } + clock_values->time_of_license_signed = time_of_license_signed; + clock_values->time_of_first_decrypt = time_of_first_decrypt; + clock_values->time_of_last_decrypt = time_of_last_decrypt; + clock_values->time_when_timer_expires = 0; + clock_values->timer_status = ODK_CLOCK_TIMER_STATUS_LICENSE_NOT_LOADED; + clock_values->status = status; + return OEMCrypto_SUCCESS; +} + +/* This is called on the first playback for a session. */ +OEMCryptoResult ODK_AttemptFirstPlayback(uint64_t system_time_seconds, + const ODK_TimerLimits* timer_limits, + ODK_ClockValues* clock_values, + uint64_t* timer_value) { + if (clock_values == NULL || timer_limits == NULL) { + return OEMCrypto_ERROR_UNKNOWN_FAILURE; + } + /* All times are relative to when the license was signed. */ + uint64_t rental_time = 0; + if (odk_sub_overflow_u64(system_time_seconds, + clock_values->time_of_license_signed, + &rental_time)) { + return OEMCrypto_ERROR_INVALID_CONTEXT; + } + if (rental_time < timer_limits->earliest_playback_start_seconds) { + clock_values->timer_status = ODK_TIMER_EXPIRED; + return ODK_TIMER_EXPIRED; + } + /* If the license is inactive or not loaded, then playback is not allowed. */ + OEMCryptoResult status = ODK_LicenseActive(timer_limits, clock_values); + if (status != OEMCrypto_SUCCESS) { + return status; + } + + /* We start with the initial renewal duration as the timer limit. */ + uint64_t new_timer_value = timer_limits->initial_renewal_duration_seconds; + /* However, if a renewal was loaded before this first playback, use the + * previously computed limit. */ + if (clock_values->timer_status == ODK_CLOCK_TIMER_STATUS_RENEWAL_LOADED) { + if (clock_values->time_when_timer_expires <= system_time_seconds) { + return ODK_TIMER_EXPIRED; + } + if (odk_sub_overflow_u64(clock_values->time_when_timer_expires, + system_time_seconds, &new_timer_value)) { + return OEMCrypto_ERROR_INVALID_CONTEXT; + } + } + + /* Then we factor in the rental window restrictions. This might decrease + * new_timer_value. */ + status = ODK_CheckRentalWindow(timer_limits, clock_values, + system_time_seconds, &new_timer_value); + if ((status != ODK_DISABLE_TIMER) && (status != ODK_SET_TIMER)) { + return status; + } + + /* If playback has not already started, then this is the first playback. */ + if (clock_values->time_of_first_decrypt == 0) { + clock_values->time_of_first_decrypt = system_time_seconds; + clock_values->status = kActive; + } + + /* Similar to the rental window, we check the playback window + * restrictions. This might decrease new_timer_value. */ + status = ODK_CheckPlaybackWindow(timer_limits, clock_values, + system_time_seconds, &new_timer_value); + if ((status != ODK_DISABLE_TIMER) && (status != ODK_SET_TIMER)) { + return status; + } + + /* We know we are allowed to decrypt. The rest computes the timer duration. */ + clock_values->time_of_last_decrypt = system_time_seconds; + + /* If new_timer_value is infinite (represented by 0), then there are no + * limits, so we can return now. */ + if (new_timer_value == 0) { + clock_values->time_when_timer_expires = 0; + clock_values->timer_status = ODK_CLOCK_TIMER_STATUS_UNLIMITED; + return ODK_DISABLE_TIMER; + } + /* If the caller gave us a pointer to store the new timer value. Fill it. */ + if (timer_value) { + *timer_value = new_timer_value; + } + if (odk_add_overflow_u64(system_time_seconds, new_timer_value, + &clock_values->time_when_timer_expires)) { + return OEMCrypto_ERROR_UNKNOWN_FAILURE; + } + clock_values->timer_status = ODK_CLOCK_TIMER_STATUS_ACTIVE; + return ODK_SET_TIMER; +} + +/* This is called regularly during playback if OEMCrypto does not implement its + * own timer. */ +OEMCryptoResult ODK_UpdateLastPlaybackTime(uint64_t system_time_seconds, + const ODK_TimerLimits* timer_limits, + ODK_ClockValues* clock_values) { + OEMCryptoResult status = ODK_LicenseActive(timer_limits, clock_values); + if (status != OEMCrypto_SUCCESS) { + return status; + } + switch (clock_values->timer_status) { + case ODK_CLOCK_TIMER_STATUS_UNLIMITED: + break; + case ODK_CLOCK_TIMER_STATUS_ACTIVE: + /* Note: we allow playback at the time when the timer expires, but not + * after. This is not important for business cases, but it makes it + * easier to write tests. */ + if (clock_values->time_when_timer_expires > 0 && + system_time_seconds > clock_values->time_when_timer_expires) { + clock_values->timer_status = ODK_CLOCK_TIMER_STATUS_EXPIRED; + return ODK_TIMER_EXPIRED; + } + break; + default: /* Expired, error state, or never started. */ + return ODK_TIMER_EXPIRED; + } + clock_values->time_of_last_decrypt = system_time_seconds; + return OEMCrypto_SUCCESS; +} + +/* This is called from OEMCrypto_DeactivateUsageEntry. */ +OEMCryptoResult ODK_DeactivateUsageEntry(ODK_ClockValues* clock_values) { + if (clock_values == NULL) { + return OEMCrypto_ERROR_UNKNOWN_FAILURE; + } + if (clock_values->status == kUnused) { + clock_values->status = kInactiveUnused; + } else if (clock_values->status == kActive) { + clock_values->status = kInactiveUsed; + } + clock_values->timer_status = ODK_CLOCK_TIMER_STATUS_LICENSE_INACTIVE; + return OEMCrypto_SUCCESS; +} + +/* This is called when OEMCrypto loads a legacy v15 license, from + * OEMCrypto_LoadKeys. */ +OEMCryptoResult ODK_InitializeV15Values(ODK_TimerLimits* timer_limits, + ODK_ClockValues* clock_values, + ODK_NonceValues* nonce_values, + uint32_t key_duration, + uint64_t system_time_seconds) { + if (timer_limits == NULL || clock_values == NULL || nonce_values == NULL) { + return OEMCrypto_ERROR_INVALID_CONTEXT; + } + timer_limits->soft_enforce_playback_duration = false; + timer_limits->soft_enforce_rental_duration = false; + timer_limits->earliest_playback_start_seconds = 0; + timer_limits->rental_duration_seconds = 0; + timer_limits->total_playback_duration_seconds = 0; + timer_limits->initial_renewal_duration_seconds = key_duration; + + nonce_values->api_major_version = 15; + nonce_values->api_minor_version = 0; + if (key_duration > 0) { + clock_values->time_when_timer_expires = system_time_seconds + key_duration; + } else { + clock_values->time_when_timer_expires = 0; + } + clock_values->timer_status = ODK_CLOCK_TIMER_STATUS_LICENSE_LOADED; + return OEMCrypto_SUCCESS; +} + +/* This is called when OEMCrypto loads a legacy license renewal in + * OEMCrypto_RefreshKeys. */ +OEMCryptoResult ODK_RefreshV15Values(const ODK_TimerLimits* timer_limits, + ODK_ClockValues* clock_values, + const ODK_NonceValues* nonce_values, + uint64_t system_time_seconds, + uint32_t new_key_duration, + uint64_t* timer_value) { + if (timer_limits == NULL || clock_values == NULL || nonce_values == NULL) { + return OEMCrypto_ERROR_INVALID_CONTEXT; + } + if (nonce_values->api_major_version != 15) { + return OEMCrypto_ERROR_INVALID_NONCE; + } + if (clock_values->status > kActive) { + clock_values->timer_status = ODK_CLOCK_TIMER_STATUS_LICENSE_INACTIVE; + return ODK_TIMER_EXPIRED; + } + return ODK_ComputeRenewalDuration(timer_limits, clock_values, + system_time_seconds, new_key_duration, + timer_value); +} diff --git a/oemcrypto/odk/src/odk_util.c b/oemcrypto/odk/src/odk_util.c new file mode 100644 index 00000000..682bf8eb --- /dev/null +++ b/oemcrypto/odk/src/odk_util.c @@ -0,0 +1,34 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#include "odk_util.h" + +int crypto_memcmp(const void* in_a, const void* in_b, size_t len) { + if (len == 0) { + return 0; + } + + /* Only valid pointers are allowed. */ + if (in_a == NULL || in_b == NULL) { + return -1; + } + + const uint8_t* a = (const uint8_t*)in_a; + const uint8_t* b = (const uint8_t*)in_b; + uint8_t x = 0; + + for (size_t i = 0; i < len; i++) { + x |= a[i] ^ b[i]; + } + return x; +} + +bool ODK_NonceValuesEqual(const ODK_NonceValues* a, const ODK_NonceValues* b) { + if (a == NULL || b == NULL) { + return (a == b); + } + return (a->api_major_version == b->api_major_version && + a->api_minor_version == b->api_minor_version && + a->nonce == b->nonce && a->session_id == b->session_id); +} diff --git a/oemcrypto/odk/src/odk_util.h b/oemcrypto/odk/src/odk_util.h new file mode 100644 index 00000000..138791fc --- /dev/null +++ b/oemcrypto/odk/src/odk_util.h @@ -0,0 +1,28 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#ifndef WIDEVINE_ODK_SRC_ODK_UTIL_H_ +#define WIDEVINE_ODK_SRC_ODK_UTIL_H_ + +#include +#include + +#include "odk_structs.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* crypto_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It + * takes an amount of time dependent on |len|, but independent of the contents + * of |a| and |b|. Unlike memcmp, it cannot be used to order elements as the + * return value when a != b is undefined, other than being non-zero. */ +int crypto_memcmp(const void* a, const void* b, size_t len); + +bool ODK_NonceValuesEqual(const ODK_NonceValues* a, const ODK_NonceValues* b); + +#ifdef __cplusplus +} // extern "C" +#endif +#endif // WIDEVINE_ODK_SRC_ODK_UTIL_H_ diff --git a/oemcrypto/odk/src/serialization_base.c b/oemcrypto/odk/src/serialization_base.c new file mode 100644 index 00000000..1b32d055 --- /dev/null +++ b/oemcrypto/odk/src/serialization_base.c @@ -0,0 +1,236 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#include "serialization_base.h" + +#include +#include +#include + +#include "OEMCryptoCENCCommon.h" +#include "odk_overflow.h" + +struct _Message { + uint8_t* base; + size_t capacity; + size_t size; /* bytes written */ + size_t read_offset; /* bytes read */ + MessageStatus status; +}; + +bool ValidMessage(Message* message) { + if (message == NULL) { + return false; + } + if (message->status != MESSAGE_STATUS_OK) { + return false; + } + if (message->base == NULL) { + message->status = MESSAGE_STATUS_NULL_POINTER_ERROR; + return false; + } + if (message->size > message->capacity || + message->read_offset > message->size) { + message->status = MESSAGE_STATUS_OVERFLOW_ERROR; + return false; + } + return true; +} + +static void PackBytes(Message* message, const uint8_t* ptr, size_t count) { + if (count <= message->capacity - message->size) { + memcpy((void*)(message->base + message->size), (void*)ptr, count); + message->size += count; + } else { + message->status = MESSAGE_STATUS_OVERFLOW_ERROR; + } +} + +void Pack_enum(Message* message, int value) { + uint32_t v32 = value; + Pack_uint32_t(message, &v32); +} + +void Pack_bool(Message* message, const bool* value) { + if (!ValidMessage(message)) return; + uint8_t data[4] = {0}; + data[3] = *value ? 1 : 0; + PackBytes(message, data, sizeof(data)); +} + +void Pack_uint16_t(Message* message, const uint16_t* value) { + if (!ValidMessage(message)) return; + uint8_t data[2] = {0}; + data[0] = *value >> 8; + data[1] = *value >> 0; + PackBytes(message, data, sizeof(data)); +} + +void Pack_uint32_t(Message* message, const uint32_t* value) { + if (!ValidMessage(message)) return; + uint8_t data[4] = {0}; + data[0] = *value >> 24; + data[1] = *value >> 16; + data[2] = *value >> 8; + data[3] = *value >> 0; + PackBytes(message, data, sizeof(data)); +} + +void Pack_uint64_t(Message* message, const uint64_t* value) { + if (!ValidMessage(message)) return; + uint32_t hi = *value >> 32; + uint32_t lo = *value; + Pack_uint32_t(message, &hi); + Pack_uint32_t(message, &lo); +} + +void PackArray(Message* message, const uint8_t* base, size_t size) { + if (!ValidMessage(message)) return; + PackBytes(message, base, size); +} + +void Pack_OEMCrypto_Substring(Message* msg, const OEMCrypto_Substring* obj) { + uint32_t offset = (uint32_t)obj->offset; + uint32_t length = (uint32_t)obj->length; + Pack_uint32_t(msg, &offset); + Pack_uint32_t(msg, &length); +} + +static void UnpackBytes(Message* message, uint8_t* ptr, size_t count) { + if (count <= message->size - message->read_offset) { + memcpy((void*)ptr, (void*)(message->base + message->read_offset), count); + message->read_offset += count; + } else { + message->status = MESSAGE_STATUS_UNDERFLOW_ERROR; + } +} + +int Unpack_enum(Message* message) { + uint32_t v32; + Unpack_uint32_t(message, &v32); + return v32; +} + +void Unpack_bool(Message* message, bool* value) { + if (!ValidMessage(message)) return; + uint8_t data[4] = {0}; + UnpackBytes(message, data, sizeof(data)); + *value = (0 != data[3]); +} + +void Unpack_uint16_t(Message* message, uint16_t* value) { + if (!ValidMessage(message)) return; + uint8_t data[2] = {0}; + UnpackBytes(message, data, sizeof(data)); + *value = data[0]; + *value = *value << 8 | data[1]; +} + +void Unpack_uint32_t(Message* message, uint32_t* value) { + if (!ValidMessage(message)) return; + uint8_t data[4] = {0}; + UnpackBytes(message, data, sizeof(data)); + *value = data[0]; + *value = *value << 8 | data[1]; + *value = *value << 8 | data[2]; + *value = *value << 8 | data[3]; +} + +void Unpack_uint64_t(Message* message, uint64_t* value) { + if (!ValidMessage(message)) return; + uint32_t hi = 0; + uint32_t lo = 0; + Unpack_uint32_t(message, &hi); + Unpack_uint32_t(message, &lo); + *value = hi; + *value = *value << 32 | lo; +} + +void Unpack_OEMCrypto_Substring(Message* msg, OEMCrypto_Substring* obj) { + uint32_t offset = 0, length = 0; + Unpack_uint32_t(msg, &offset); + Unpack_uint32_t(msg, &length); + if (!ValidMessage(msg)) return; + /* Each substring should be contained within the message body, which is in the + * total message, just after the core message. The offset of a substring is + * relative to the message body. So we need to verify: + * 0 < offset and offset + length < message->capacity - message->size + * or offset + length + message->size < message->capacity + */ + size_t substring_end = 0; /* = offset + length; */ + size_t end = 0; /* = substring_end + message->size; */ + if (odk_add_overflow_ux(offset, length, &substring_end) || + odk_add_overflow_ux(substring_end, msg->size, &end) || + end > msg->capacity) { + msg->status = MESSAGE_STATUS_OVERFLOW_ERROR; + return; + } + obj->offset = offset; + obj->length = length; +} + +/* copy out */ +void UnpackArray(Message* message, uint8_t* address, size_t size) { + if (!ValidMessage(message)) return; + UnpackBytes(message, address, size); +} + +/* + * The message structure, which is separate from the buffer, + * is initialized to reference the buffer + */ +void InitMessage(Message* message, uint8_t* buffer, size_t capacity) { + if (message == NULL) return; + memset(message, 0, sizeof(Message)); + message->base = buffer; + message->capacity = capacity; + message->size = 0; + message->read_offset = 0; + message->status = MESSAGE_STATUS_OK; +} + +/* + * Set the message to an empty state + */ +void ResetMessage(Message* message) { + message->size = 0; + message->read_offset = 0; + message->status = MESSAGE_STATUS_OK; +} + +uint8_t* GetBase(Message* message) { + if (message == NULL) return NULL; + return message->base; +} + +size_t GetCapacity(Message* message) { + if (message == NULL) return 0; + return message->capacity; +} + +size_t GetSize(Message* message) { + if (message == NULL) return 0; + return message->size; +} + +void SetSize(Message* message, size_t size) { + if (message == NULL) return; + if (size > message->capacity) + message->status = MESSAGE_STATUS_OVERFLOW_ERROR; + else + message->size = size; +} + +MessageStatus GetStatus(Message* message) { return message->status; } + +void SetStatus(Message* message, MessageStatus status) { + message->status = status; +} + +size_t GetOffset(Message* message) { + if (message == NULL) return 0; + return message->read_offset; +} + +size_t SizeOfMessageStruct() { return sizeof(Message); } diff --git a/oemcrypto/odk/src/serialization_base.h b/oemcrypto/odk/src/serialization_base.h new file mode 100644 index 00000000..9e7776bf --- /dev/null +++ b/oemcrypto/odk/src/serialization_base.h @@ -0,0 +1,89 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#ifndef WIDEVINE_ODK_SRC_SERIALIZATION_BASE_H_ +#define WIDEVINE_ODK_SRC_SERIALIZATION_BASE_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include + +#include "OEMCryptoCENCCommon.h" + +#define SIZE_OF_MESSAGE_STRUCT 64 + +/* + * Description: + * Point |msg| to stack-array |blk|. + * |blk| is guaranteed large enough to hold a |Message| struct. + * |blk| cannot be used in the same scope as a variable name. + * |msg| points to valid memory in the same scope |AllocateMessage| is used. + * Parameters: + * msg: pointer to pointer to |Message| struct + * blk: variable name for stack-array + */ +#define AllocateMessage(msg, blk) \ + uint8_t blk[SIZE_OF_MESSAGE_STRUCT]; \ + *(msg) = (Message*)(blk) + +typedef struct _Message Message; + +typedef enum { + MESSAGE_STATUS_OK, + MESSAGE_STATUS_UNKNOWN_ERROR, + MESSAGE_STATUS_OVERFLOW_ERROR, + MESSAGE_STATUS_UNDERFLOW_ERROR, + MESSAGE_STATUS_PARSE_ERROR, + MESSAGE_STATUS_NULL_POINTER_ERROR, + MESSAGE_STATUS_API_VALUE_ERROR +} MessageStatus; + +bool ValidMessage(Message* message); + +void Pack_enum(Message* message, int value); +void Pack_bool(Message* message, const bool* value); +void Pack_uint16_t(Message* message, const uint16_t* value); +void Pack_uint32_t(Message* message, const uint32_t* value); +void Pack_uint64_t(Message* message, const uint64_t* value); +void PackArray(Message* message, const uint8_t* base, size_t size); +void Pack_OEMCrypto_Substring(Message* msg, const OEMCrypto_Substring* obj); + +int Unpack_enum(Message* message); +void Unpack_bool(Message* message, bool* value); +void Unpack_uint16_t(Message* message, uint16_t* value); +void Unpack_uint32_t(Message* message, uint32_t* value); +void Unpack_uint64_t(Message* message, uint64_t* value); +void UnpackArray(Message* message, uint8_t* address, + size_t size); /* copy out */ +void Unpack_OEMCrypto_Substring(Message* msg, OEMCrypto_Substring* obj); + +/* + * Initialize a message structure to reference a separate buffer. The caller + * is responsible for ensuring that the buffer remains allocated for the + * lifetime of the message. + */ +void InitMessage(Message* message, uint8_t* buffer, size_t capacity); + +/* + * Reset an existing the message to an empty state + */ +void ResetMessage(Message* message); +uint8_t* GetBase(Message* message); +size_t GetCapacity(Message* message); +size_t GetSize(Message* message); +void SetSize(Message* message, size_t size); +MessageStatus GetStatus(Message* message); +void SetStatus(Message* message, MessageStatus status); +size_t GetOffset(Message* message); + +size_t SizeOfMessageStruct(); + +#ifdef __cplusplus +} // extern "C" +#endif + +#endif // WIDEVINE_ODK_SRC_SERIALIZATION_BASE_H_ diff --git a/oemcrypto/odk/test/fuzzing/Android.bp b/oemcrypto/odk/test/fuzzing/Android.bp new file mode 100644 index 00000000..f0093f43 --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/Android.bp @@ -0,0 +1,168 @@ +// Copyright 2020 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +cc_defaults { + name: "odk_fuzz_library_defaults", + srcs: [ + "odk_fuzz_helper.cpp", + ], + include_dirs: [ + "vendor/widevine/libwvdrmengine/oemcrypto/odk/test", + "vendor/widevine/libwvdrmengine/oemcrypto/odk/include", + "vendor/widevine/libwvdrmengine/oemcrypto/odk/src", + ], +} + +cc_fuzz { + name: "odk_license_request_fuzz", + srcs: [ + "odk_license_request_fuzz.cpp", + ], + fuzz_config: { + componentid: 611718, + }, + corpus: ["corpus/little_endian_64bit/license_request_corpus/*"], + static_libs: [ + "libwv_kdo", + "libwv_odk", + ], + defaults: ["odk_fuzz_library_defaults"], + proprietary: true, +} + +cc_fuzz { + name: "odk_renewal_request_fuzz", + srcs: [ + "odk_renewal_request_fuzz.cpp", + ], + fuzz_config: { + componentid: 611718, + }, + corpus: ["corpus/little_endian_64bit/renewal_request_corpus/*"], + static_libs: [ + "libwv_kdo", + "libwv_odk", + ], + defaults: ["odk_fuzz_library_defaults"], + proprietary: true, +} + +cc_fuzz { + name: "odk_provisioning_request_fuzz", + srcs: [ + "odk_provisioning_request_fuzz.cpp", + ], + fuzz_config: { + componentid: 611718, + }, + corpus: ["corpus/little_endian_64bit/provisioning_request_corpus/*"], + static_libs: [ + "libwv_kdo", + "libwv_odk", + ], + defaults: ["odk_fuzz_library_defaults"], + proprietary: true, +} + +cc_fuzz { + name: "odk_license_response_fuzz", + srcs: [ + "odk_license_response_fuzz.cpp", + ], + fuzz_config: { + componentid: 611718, + }, + corpus: ["corpus/little_endian_64bit/license_response_corpus/*"], + static_libs: [ + "libwv_kdo", + "libwv_odk", + ], + defaults: ["odk_fuzz_library_defaults"], + proprietary: true, +} + +cc_fuzz { + name: "odk_renewal_response_fuzz", + srcs: [ + "odk_renewal_response_fuzz.cpp", + ], + fuzz_config: { + componentid: 611718, + }, + corpus: ["corpus/little_endian_64bit/renewal_response_corpus/*"], + static_libs: [ + "libwv_kdo", + "libwv_odk", + ], + defaults: ["odk_fuzz_library_defaults"], + proprietary: true, +} + +cc_fuzz { + name: "odk_provisioning_response_fuzz", + srcs: [ + "odk_provisioning_response_fuzz.cpp", + ], + fuzz_config: { + componentid: 611718, + }, + corpus: ["corpus/little_endian_64bit/provisioning_response_corpus/*"], + static_libs: [ + "libwv_kdo", + "libwv_odk", + ], + defaults: ["odk_fuzz_library_defaults"], + proprietary: true, +} + +cc_fuzz { + name: "odk_license_response_fuzz_with_mutator", + srcs: [ + "odk_license_response_fuzz_with_mutator.cpp", + ], + fuzz_config: { + componentid: 611718, + }, + corpus: ["corpus/little_endian_64bit/license_response_corpus/*"], + static_libs: [ + "libwv_kdo", + "libwv_odk", + ], + defaults: ["odk_fuzz_library_defaults"], + proprietary: true, +} + +cc_fuzz { + name: "odk_renewal_response_fuzz_with_mutator", + srcs: [ + "odk_renewal_response_fuzz_with_mutator.cpp", + ], + fuzz_config: { + componentid: 611718, + }, + corpus: ["corpus/little_endian_64bit/renewal_response_corpus/*"], + static_libs: [ + "libwv_kdo", + "libwv_odk", + ], + defaults: ["odk_fuzz_library_defaults"], + proprietary: true, +} + +cc_fuzz { + name: "odk_provisioning_response_fuzz_with_mutator", + srcs: [ + "odk_provisioning_response_fuzz_with_mutator.cpp", + ], + fuzz_config: { + componentid: 611718, + }, + corpus: ["corpus/little_endian_64bit/provisioning_response_corpus/*"], + static_libs: [ + "libwv_kdo", + "libwv_odk", + ], + defaults: ["odk_fuzz_library_defaults"], + proprietary: true, +} \ No newline at end of file diff --git a/oemcrypto/odk/test/fuzzing/README.md b/oemcrypto/odk/test/fuzzing/README.md new file mode 100644 index 00000000..eb7da4fc --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/README.md @@ -0,0 +1,19 @@ +# ODK Fuzzing + +## Objective + +* Run fuzzing on ODK and KDO serialize and deserialize APIs using google + supported fuzzer engines to find security vulnerabilities. Any issues found + by clusterfuzz will be reported to + [odk fuzz buganizer](https://b.corp.google.com/issues?q=componentid:425099%20status:open%20reporter:cluster-fuzz-googleplex@google.com). + +## Run fuzz target on local machine + +* In order to run fuzz target locally and see code coverage, save binary input + to be tested against fuzz target into a temporary corpus directory and + execute following commands + + ```shell + $ blaze build --config=asan-fuzzer //your:target + $ blaze-bin/your/target FULL_CORPUS_DIR + ``` diff --git a/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/license_request_corpus/602c63d2f3d13ca3206cdf204cde24e7d8f4266c b/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/license_request_corpus/602c63d2f3d13ca3206cdf204cde24e7d8f4266c new file mode 100644 index 0000000000000000000000000000000000000000..dc8cabcb1f324b0841ba2624c4e06bdf1d78c325 GIT binary patch literal 20 bcmZQzWMXDvWn<^yMC+6cPpi1x5hB literal 0 HcmV?d00001 diff --git a/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/license_request_corpus/8cebdcc0161125a10e19c45f055051712873de25 b/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/license_request_corpus/8cebdcc0161125a10e19c45f055051712873de25 new file mode 100644 index 0000000000000000000000000000000000000000..608e888d58863f67a23c07e34f765097056fea31 GIT binary patch literal 20 bcmZQzU|?imU=U$oVh~vSW4A2>1KTP96i5Sg literal 0 HcmV?d00001 diff --git a/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/license_response_corpus/4e578d6c9628e832c099623b44f56d95aa37f94b b/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/license_response_corpus/4e578d6c9628e832c099623b44f56d95aa37f94b new file mode 100644 index 0000000000000000000000000000000000000000..e319747664c3a072cb675e92f4c140a260b52d3e GIT binary patch literal 272 zcmZQ#5MTfS1r`PdMuyY9x_oQx7|%_vZN0{76TKI*#RUW4q{+YU|`?_v4NP+07yFkF~xw84*}4WBEJ9t literal 0 HcmV?d00001 diff --git a/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/license_response_corpus/5b693511ef850e42c5ffded171794dbeb9460cc0 b/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/license_response_corpus/5b693511ef850e42c5ffded171794dbeb9460cc0 new file mode 100644 index 0000000000000000000000000000000000000000..0cf77b5db8a598c0ccdd7237a2ad9668abc9d9ad GIT binary patch literal 282200 zcmeFae_&MCap-^a!?uvIjcwT`HjXYBVhKw^fWWLQYylERjsR6!VkgE=th6h%W~Ehj zSNw2DEhn_aF-ag%6DP$1HzWZErz9nbostyCBqc3LNlRPWk`^blB{6-EG^B-=nD1xK zId}K&YOka?@9V$b+G6(3ne%(j%$zxM?mpSvy0oyMK)IhH^>wA6&KpdlO?Y-`u}h*F z)dDqT0l((r8n2;qF3{;KCA1R|J%Nr)_#Jyv5SF&~2f>OiL`02ORl#^WZ`? z$vjKGtK_Tg*9iFEwjnO`XE$#;69Y3=DL*|5--e{`iS*FIlE z9!=>}pQ$bLZ=?Mxt(W@F7Mpr98-}y4{bJI)8`F77hafX z@Gdm1QtG$Jr^nMIkNaQAFMk(pKXTy$TapXi`er3JB~y{USzXcoS+QvUx=3PvosdfZ zg+}_bs6U*DN5gQl!O2v}tUS14mHNg%O`Epmfh8|}U|r$ix!?W9hd}53NI5sXKKLK|;0svn`Rc9p!LI^;WA5Pa+~q?b^})a22fxDy|2ZH0i$3`O^1(ld0MFOo zl|J}KeDJG%@F5?3uMa-%gJ181-|U0`pb!3OAN&p<{HJ{IyM6GV_rZVB2Y=89|0h29 zSA6jQ=7YZu#gT7*AMwHO@xh<>!BS^3)YJ|Fx`KKQ@)!M_2X|3`do zq0)TyR{7wYeem!0!SD0Izv6@cM<4uoANF+B(_@DXU%iiYGejofh!RMO=oKKJz>+3&!@OR({$VWfT2Vd!f zul2##``{P(;NR(kU*&^;)Cd0sAN+nF{2%+^|I7#f4?g&R_rVw5k$;?T@WKC)_E+4X z7EIy`pI*zuuWLWU4eF&E4SuV|U#ll~ew)QlwfNx8hTg?*wD|Dbvdj6h#m8{w{Nur9mpYyt} z%GlqsTPb-*V#Y2-e60oQHrAWNoMW!)=jryDN7a2DP9(}M2PYr%T$FwmoN(cvTF6pY ziUm@9jWgj^*kq_g^JwGHcM6&$Nli7h-{I?@@%MfH7F@Y^Z_}RR-&@At-amNtTN4va z&;N8*$JZKpp7*KS_I~RJf41ob@L%HZ8}Xr67lXg+nU8+H{%fhq&x7l6e)zq0{He~) z?v0_&P%5%9n&KfA?dtA~_RIJ8gkx>%0sR~LNJxf2MxTfzI=kcRI~R0CQ+yfhPel?* zOP@nB(Cw3uN`$&2WbRK=MBl*d5ryXv)Qv^3KnPNy?sc8rz3V!ALeZG&i}ZC5Y@+ci z-r13w+u1pLb^w~*P$ClU+z<&tDQ%xk%GyY(GaQLU=ty%r#DUbNfe1b7iFG(GIA?MtGlkVGeNyl zoU~}n3{7){BxjJ#Pz}hGg`)}Sb}}N<80i~K#gd)tYjg&gu~>XVgaOy%q&l1RY^O(O z&g@Rnot^!Wjj7IoM6@r`47;SeKF3>ZOZSQnrlOm9=%nS*RI;VJ zxfxs_6pO{XLyWH=nwQL$shHQ<*9WNUq`3Z&@L(vJj3iQXd`4k3Ug{edC6_OQ^$lp& z%HsSS=JYEz99{2MEJ=RFu8j=%bdD)rI~YoY$4Jh<6iu6x8=|T1UKQ$!CsL|A5{>mJ zz364F^lIK=1QiSbA4@f zL%BsXWhKvN%HfQbcGe@`W07RC^CJ><|TTNlg);kT*dIFO1c*fFn~5`?&~w$DN?^bt{8=6L?m%|a6ta%s2+_{J>fXK zta_p>uDI&a52&6<|9aK8PBI8aU?LI<8;Hz{s6?MUuohFYGPP<^%seN+YC|HL@{Y-T z5uve2pf{9633f+P%}ix&=bUJ`*)wu3)gXE&50%weZ)#9H>ovnCZ*HdMNBc$8H_Pb$ zrey^N29v$0Hx`t)thq)rMP*n+efd>WbDc~_b6a=J(};0poR^G5)~#*c$YNR$jVHC) zaIfH)PCXrVpvPBODiVvW&05Rj%GXr;Ch}wnh1uh)N1GCc&$@n;?wl+5qUn$>aU4kUZy8~Q^1o4Vgj!IkZEqu zGwUE=*H0WH4lW;I)-`80JCKT7<5Js)!4}sz9v6qnlF4Kl=UnMb?^-b%1HF6W#!y#u z{cJJTlTnlvretT@($|FRYdibr)OG$^&9VzD_@?s8LhI>?A)Hi?h#A!*@&V-_s~uqE zdomS9>Z|oV*w+229vT1NNORTw|DXb`vF>Tx_%=-O!Bl6wr!x`iUmG#Y$#yNxcJo>1 zuyxj2dy~2;nT)R0t3JcRZ&EiUB1tyF&3$>aNqkgoGCvvVPbD_V((Rb*S-Gy19arw` z^*z3<`4z$F)#cPvmtO9p>C2po#+fNw<%}~^jwscea8{8BnZfQGjXs#`rg5a2&;A2fSpEU;Pg|;_u`jI`xnNi*yd^b$-CIcmoM8k9bcYUGRw0$ zuEk6qk92YC8GX+wWB<6q85&b;RK!Ej+WM~LOSKPf$sp3SZ%HDaOs-rXNsLHYK8S@M z_u^Z`Z6AtZu;5yW;l=L^N0Tyt>Bl&JXgtJ`gkbUehuB-h*S2^kZmD=;6Hf2AxOK8BFa%V>p@jCnW~UA&*3v}R=be=%Ee<1FdOLCE z#KdbcA{ohmqpq_j+ZmkP)Ylc4dDfkErG;5u3$Qx%iu0}%t1#!(;*Jk*z?p?>w;wNL zBGTWz2||RJ@Sw386k|KU-2y;jFd14K(N4KYpQ61mSRcHIeI4o+5uuW?h&Zy{HoQ3j zIG-(=wb=V)gG7yb#L_aCrle)AD~H!bHo+ZPqFI|Ty7TFr24x(mX(WBe-4-!*$T3(= zGOk)%7B5je^vT2YmF+DLwyc;{Q^OUEu6p;;^Ib^UTXKMsNYxB>>GhI=6+M=~6kWS)0VGSBDj^XW-kV$uXQ!)}}5xFtAjAvG+}Ex6va;5yqk|C-NV{nS=+6hR2wUc?{(4;NFVz#>(l@ulW@Xrii>=hM=Ocey^%q}}|34Y|)aRq`{zO!s zxBcWRRbPm{=M#~4f5Mag?$1X*^@-5D_r9UF{^FX(fBahCKN70OSvjAb4Z9vNN8sxC zohBY*mHmA21@rkeo{8X4YPUHvSA`U(5rX8i*Mrw}8?-v$!J8JCgqJ*c8}gwO4twx& zy6=9Ddhmp3r$5I%c&=EaKPNqSLfg}y(;hq__36)951x?p^yj<>FEI%2=b{In72i3* z^isxWqDu@c@!-AjTa!F^LWI+w$sWASr~7d{ctZEmp9&A2(8=_t)`KU6I{jJT!Mi*u ziH#mSp{VK4G7p|m>GY?~gC~3<{dvTLe|s9M)EW=I+=K7+;P3L_2RwKi=AlzJdhj}~ z!{!4y-|N9Y>cJoI;1_%FFM05t9{gbsew7D*)PrB-!5{bF8$I}w9{dUq z{v0UT!;QyBgf6;?q?ZK;SGyK2YgD>&mS9A^4a;J@U-w|VgUJ@`jF_!m9+H6HvQdGNg+{6Pah z!5{VDU-ICOd+^`z;7@w+U-#hMuUE_`Eh^92O^A2zBD9w7ikr{1X&j3vxT|^X(_j4l z|9RuoH=bP|oHNO#Gw}QaRTQ|ChX?r+{n}yTLmj-csd{I|6JaM=Uy2JTTwjkLh>%dn z1Oe99FD7DDLX#?V1h3;Ic}JycYHnK9))`#+&gK>Ms-?%7UFB$Bm}5MQYa@wh7-^INF_3 zOXJ;x$)$t+-7VpbPJ^>zuumSO#Yxqo1CthS!udaIFqxR858Y<1jmOuWWJhNi4^?lW;csxejD{t@M(A%K!8$M2>XGtg-{=-Cdf`n+-EHluvjKgiKlUfr%qo21>|RL^gEbCv+MXI!m;>FSR_hQG1T*VJmd+c!x91dXk+)BsG}mcf>y| zr`};*;xyH=V(H3yhk%7JGn*j7s@@SNC_s3pFWRrabUA&YjrLnAj?2}4Pb3ZD@~%=_ z61iqc&S*bAZ@3~p*xl=-dLvGc%mvJ6#=lfa7l}npiZf6JaXd1fD!oX~D8dlt&DIo6PnsoXj8+5fWVic!2WQ!aaFxZV+FD^=@pXr@Jk%S%ns>3_8EB-_yL8ZggQdIQ zK|(dRx38pMLFQ5N$keB0Q`-_JC9}Ys#ra2s1(M2eVrhm|LfiG?dg#3PEkovisYEvv8Z&}mI_8nMJ4MlenK z^rc$Ka(!o)YDq5YSklr`v8qz#NRj)UTID#8&T!_ku4g14bCOT6{GE9`$x3v;Ct(Tq zyI$-(giGCNs+PDjM6NmWL1Yt4z%q(BYgyljCDyhU8HOuGTU19jiYUy;L|R{}dg#O; zfjbEJgnC#aXZ27d(F}~4OH6r=+#i9`snGqba^!FW8B;0BYI;SU!jUq1`elhHSQAO7 z+AYrtWJlViWr=WA2 zP;{%ZR=io~O+=S0#a0N)C7ya|2ffh|B}^N0+8XT#En4Q`MeQqERyLS0VBd0mW|u_O%8HElR9Hl%Gb;!4XzgS0SxtLntyab}2Amm7of)la zX?t_?qcG%Sj^oT2C{+s=&WH`7DUF&+FSdGZW=Qv#%!EiDUaAGNtsKzGy=E2GkJTw1 zk#0vgxMS7w<%`{aC3cD#WmKF?G$7}y=)KOqu6i2j z`Os|L;4tmA!pT#Y%pyXG149fKCSM;$CLM|wd4h)5?4MpQ{c#W+$}{HJQ$02g<{S9>rpX-{VV$;%Oi}{L-DQ(89C8BBF%VqX2Lnb=d6r0M;iV$ zvsPD4?}(G%oP*(HwEBLcS>>2CuI<8>2RoV{eAipj zR4oA7mS}^4CET_oXcTA88n*ZmE7{`pdKSCy(HR3(tlY{fM>!emP-`a^SY(4)QJvh4 z5St_Y(QC(PMdDcd@h$255^eD^KUvD@EvdRGf!<5#QD+gQZKWkfOD>VXh!!!S?e5Il zKb}n*Hc*w79Nq=OQnx}-Y^3?MwQO`mbO?hzfpI46HCxTO{~fa(EMbX1aFU)aBLb;M z#L6a7?OIcfWoNVH%HFl8($cib80?pjl(qd-jlzh9)@ng;pH`jKy^+|!!r7uvVg%AS z=s``AEG?Bik&<3jTa9LISS>}g{>5-eu8VT5EG!y;2!O%vb(@?D!WYv z^oAwgzl=G>!dg8|En2*!sd?#x%UT|KXY2A6E8Bjny(75lT@OFJ1a<3tUL z_}5DbQ%-_YmJ)TL*EuF+M{s4E-rLD)t(YMO1g%D8w_%&qNI^8*QSAJpeLUD09amit ztV2Y|lJ-R%%Q~00tni9pHwQ-DCU$U4A;rs1DHTZ~4#Y12bC#+mcIK#;P-2sAA|3$z z5)llIMFRuu=W}**q8mjQvsyfw37&}%9BOnX7L)c*=wgJO>}uBP(cRxT+6puogr+aF z4z-z*6_k=)U{3_y>ckV#wNbR9X?2aW3I)h*%ig@ks1#!YSESXLessGm0&E1mCrM(JaZwfy=O#hI3=DR%ZWS9Zy*ka(7fS#? zNWbjjX;e5a?TONz4Y+1(Y1+gSLmZ0oTYzjv?)do86rzMS;skZXm_&;k4wldZ@nMYLsS) zu*Yv>1)wYA@{);3;Pe=Om+W4&$io4W*XYX_U)9?1s>rtf@}#UtZ06?bLpxTOT<){{o`Zxj&^LJ3g8pt;!;baNHiW>k-OvA zp0hrTjT7Rt9A=#F9Y1I~%Zm z#67`gkDXv&BwVGpVZ9+VsCdkE7Grq3+gvk5ECBYVdOs;HeHd^f%uigXxYo3g#Ir?x zG`<%}vd-meT)Mc^wI7)%Tc;;M>txKM{r#vd>#3+OosrCzP)$pN9r{E9y^lBw#*K|z zk?ZP{6|6VN9^+U0|FDrG;=fNSIY?l}3C>(gjmg0Qv1@5NUfQ&*s3~nT-n$6;94efA z+LMC5^tk!79<>GF|LJjKk{24$QHnGahYmYhoNttZ@K0jQ$Oxrt!k}{Q7w10G5Q7`D zvJEL{y#C5@5SuIC)!g3P)Y-PgsFkr@cMpm>M(4|B-W6QP?0h~AX{hUG5SvTvL4WHJ zna%A^%e$}=v$XtDEr09lms>MYZ&+I69Bi1mGQ(A0FH9_x zWxP9Y#n!uJr5NEGN9?S!TB?`ZZ??6 zv1lZ5pK)4Ryrz*R$)efd9^5Qi61=%zaw z9mO1MX>F}h=FC%H*uXLfYaM39sa{29KxCp>%!n*;%~f#}$V*kE&4U9@G9K?QRaFYP zqO2#_kq1XDM({MhC7L^}9`(YT(XFPY4_~FlOJvR>i8k(2VLPIIT!rD9a_Mt3edr4> z$T_e`RlsaOxxyrx41MzSniw_;v*3mfVP7f_(ccy zw066w?G1Y^W#OZ<=ZHU>4-6(cHe~G)c+1>{pn2j^XPb_SHKgomTm25pwNXQr?t(_f zYOe^s;#kb)7yk{zC%o^H$vL?kle27ET553iEwzU!+CiS^iYSQ*Skf1+!Gpq9NAE%_ zw5(i;xDW?HC8rJIF6L?r?qcqaU^6IDZE5pkQOBY-<3yr?B4uRfpG;vP=uJASSo;-> z^O~0F(?{>_+`H?h6Ul`u*p@rheW8t=TGDljum#CjY7M2kXk7OM18~?nkm4W@6W>ln zo|7KQn`h_lEQ$9qi#8)2S<$(&E!eVhMaM#ROM?T{&tA~J9&F)Ur-F7R=}jz@sFWfj z{Yg1+(l&&QyW3ZL8qTCg*J7ZUuIuw4?UbldUT(?Sp4T{{Xobb}{F*a#X4P0@wkA`m z(+$H?wCw$53=lcGziEA|HtVPejZqm8%!&nMiyscK7N`4F1(&xqwY0O~(7Z@}WzFUc!gb`1bd0U)XrH4U zXA;N4abTPSeOheRv5}5atUbPPErGO4nE99Y5{hu9dsbVZewTL{Eg|s-Mipy0s->pX z;#6Rjh6ZDV4QPRFG!8p#IRVxWoCC{e7(4DuSm3u`5N)_zk< zM^{dBZY4MB(;g9z=yb)gE8pGy=LRzU-6;C^RI`?Q?JSDn&M1ZZUX=Vk(#jroto(!p86Pi=x=+o$FIlY(Bs?sh9 zF6<@;7#n zuP!O#Rx-ySE%LU%h`eyuwOquN?Cp?8y~#q9qjYnU z9*_4`=XLfFM-WCYOW;5#=B_wxD)V|mX_|HfT0Rz!PL@$8iEAS`=|nJUHX-Iiwor1| zgo{fWp$)0h+>kKz3GNDa&Lq^-s1>~uMW?hkx2{~&WR6+0lSCIyTgmE>X$w2DK&QbR za$7w&d{x4BjAAC5R^6pPPBR-NSQ}eK-fZbLfj~%b3&y`8#ZQT);|fT(gAy++<`eIA ze7Ki}XU2rBKW;-rxn8y+5wx< zT0%?sqP!BBd5o~cBTS?>CR8-2*Q(ZMAD&s~m}24m&gL1(%_AJv?%d~DuO_k@A&ta| zgvVUAZ-wb4(bpNb;Bwjf+R!t-_02bwkpOcRj-M~~CI&vUht!U*t_XV=;@zrSD0LL?3GY21Zju;ko$NXj@TkCY;$#pe zdOY4`0-%j$HjUj#h2W}8Su1;%3=E>ZBgu-&S#v6-7+iidm~Qsf{V=oL)>V{rY&) zm=q$t{Fj(42oe6MY5AJh-Z4pTm1)OosahOaD?YgXuv!9#ti|@~Z{bozt5n&p79no? zWJe zMKj*EtRrPDrA^Q4>tRT18dwvv$`L&zn^^aFxs`Z%LN|8_nt!N-Z94d0Jej0m9(8` zhE0xyUGva05~BA_SG4Grsz)!DdC>u%xoQOCIuh$~*Dl(GFz?YdiT|!=(c*UE0Z8XO zX|~~avnPjTT-V_&<2G~*)f__=k^po=%3^}IQgVWXftJlja>Dm8;rtEr>+UB^JmQ9% zr7aP|420&hb9PTCf^41V*FBaM)TpbH!|n8Ya+ZhsaiNO&m22vy7Xs2#<_UYlYXuo| zE;C2z^G@ecsTq$TG5~fYgglXYET=1Vjw#Jw6n%Qwj&8?XpiJZ_IT*NDM)+n>7;@r?CN{!=m zn3t7_G)4?-LkzvnJX`8{A%trdR zNkEDtae$i1(|63^qZHRj0y-_B*O|H{$Bdc>Do<49+TeL#WgRl^Z=E<=uD%QUACne(xzyYr~sIAdd#j*>`AmbCG&`{-`#D=O>jD?+$1 zHnBfvCnvA31tqse#y_wNB1ND6tr-Hjn!e;kG zlR6@#(sFY;PA^HonrpkW3i`~pSHJwptw#~7@RppS>0mE?f+pK1E_4`;l;t`$t{RaU z+MO;jv85^)7enJ7PA~>Gb;t_Eya>kS+xVHig}s75msdH~Z{;$b@2ZI>^!==rJv}r? zmIxO?f|b%D-5%4Wj7@){1wAuUo#Plvv;L|9&N3n^ zy9n)C9|=YfxF!k6;Yckg7qY|x(~>ef?!kyhWRg?u-MKB~HXx2DEsaLKS(U49 z#?G-s?E4PAZFkK-+BW~87e0}CKApbe4y%FPC-rE};#sJ8F2ZrfEV_k=-a33b>a zdPw&1u6-7+7G|q<`BB#U=+;pcGQ)@r7P@v6;`|iRTx0glRt=h92@xBr#YDhbpRg7q zY+2Vy7#>HATF-IYH+#P-YD90FL}HmUCToLh4{j(MCugroXB}sxt8o@@lE4LV5sTvhS5Q15yFxLN(;F0{?f4Z8 z3~765O;(YtVcF=&m0yCTwSYzIv$KRftHik^n*l4Y?7cOY-rh*7lzOc6(?3u_vvDlb zmb9DWK2gPUaE$8fJS5|U*SNVZj*HH{bOgDIZ;&V>u{==XdV8e}Ns~2Fv$jTxC%<@L zLc~Um$0I+8PZOJ?+qfyDV6)sPqP?So8IqSTvK_?hEwRbQhp&C6SRcm4jD)a}*`hYm z0cPe{FiEHgfqvS*&xuA2@**T&k9rB(&axR6_Qc~gTv8;w-nwwn41K%?Rab;fWiMN0 zw(Q21uQ7gb;xdUhaopHfmYsDGfgg7q9)XE-f z4tUIQlRa&gi!ESKen(=wsJ)FD0bru9)4_FVOF{NQHa3Ps9ph;?Zb01?ZB2>2 zQ_Aa??0yL^8-p=es%mD9&^8hvK=iU!Y_>O8-1;JK`kXWyk#15pnqcQ_1awv-dAzyz zOY^gQT$wv!`o^8ut+INp{L$-_#>+ldzYrkHZDsfD+K^zUqTGoY(MubblE)dAKB)26 ztd%OwaNNXqU%u&HZqoxUhinp64O6&p4&bXI)HofXDDklR&~PEzvO7{e&|PhQXzH!- zuURcj#Bf`8i+hhl$ncb4`23o%6B_w7fo=(Z`wcs*4u6BW>OVqUS#C zQlG`;{aG^0R+Y-8mjQ=A%}bHxdh61*<{E{iqR;g7LAE>m+9Eb~h?zeIGn_X@FH16s zEGEQCJJvXd7ULIy0jh(E2K0^WTv5f%HN#)pt)A|`vD(DE*2gP3XKnbR2IrD|*RD&&2-7ymW>TVDF>5hgfR;HToidFuqdX zpfYPPXD93)*R24EV=WehtZm4HA?*4 zqp-~*OFQ0^d*@1a8Zxu##cI}~vg=s?^n;GdQWe%WtEbxy2%4c)KD#PW+M-1(^|j7g zq6@NhpKzm`JsXd$(IhS^eH<*u(I#$KNL?-BM8az$$eAq1aTCHN^U{ENk452~Tr{=! zF{7v5Sr><5IOG7!)Ql8Ij6tw8Ih+ah$|z+ZEWXQnNtP3d+b2r z$(m$i<6h2i=gd2k^4^eR z^Uo?`+OxG!yScfEvT8}Q+R&xM@UVe_!k$L(!_$o-KXmxNZU8)#Bpg~*=QVK_&UQ^7 zy`POFmF8*u-ZDn^{+l`HtH%kAoz(ZZ*v7Pvrrgu0Y(b?rF2>r?lF%I1xz?yX*3;=S`*@49LtJx&pa~9H8k9GrSefG$ zcOw1F77xMaO<-eU6WrC4&x}edU|V#at)J1Zc@jpTc=4~1vL~~p1obZ?VT-rp0N});Rw7b#v+z>sGkl3boWTW{w1kt`2lzJqI<~Yg%ZM76 zONp&XDs#}@Dee~Yf(pyD{Pwj-oBJ20k0z{drB7}iXfH{B`m`MN2_tL4jj5GpuNu|F z#o~y#yxAUPzTd}+vTt+J(pauyn_K(tRc0-z^wiO-NcSw>6UX4t;91s3G)phB^yKQ( zSxM5Eq@2o|+?;#p08yTh5G!PHuhp?xHqb|GkxW0*Ef=@9_q`G68+&dfidWg?`%RCx zV(Y1yFrqhiOL0+-bb||4^i=NZ%ZUuDuYWL-k{A)OV3(m5*k~IQfsHrW&A!`}nicxa zL$#x~r63b@x4$chE!W33p-i370 zd}+#&!MZUMXmfQh`?I+Sf;#os{Sxw!C_aj`PyEoL8<~p5t!Tc7uCV zYkbtECaud5>*@1JWSDJ`8-A8KvgEiyUV<6w!c}9xZ|q4v;o2{G_LxLD&#v((e^zU0 z(1h8D&=sL6!7fB}yQ9G{=vU+M1`P(!C6+TbVplnUH#Y$En2YGjDrI)M6s;DCe$uC- z3rBpMha{+TP|H?Co7RycXX!feyYPiKN5*3H7^3*?F@4BN@RT;WMi`_uVtpj7#yR=TV zO)=M%%=r^$jm5ghDT`bdV$GUOfC)Sn`+)^6jnF=C3_xR(8ID7eOP~`c{Vo&88&$k2 z&=UvN7v;QP-hhaYhYg=Tz{kGj*dZprm4r{8_o0L+sfQ&*WSc~-5D@UNR#9nFw`VZH z&?n?grE9xoB!TO-%VAOaH6!BHlS@w6tI`=PW^t_GZl0z@KuT{iOIRAr1s%?L(82m* znOU`-AT-%uix^`squp-$*~G(eJTnmD9Va=8SX0o?WCSOQ9O8@!UDF(lamJFE1&|XB zs@F>iR--amC)E$FTr3NshSx)JAD`c8;zD0?oobUexw!WUS%=-6Z6NA}8Qwccg|dO; z*<4xlyikz338R+MHiQF~xxbbd<;aU-WRUdS%a(yWa!_Jk?~`=q)y|L|g}0a* zUfzRL@O#C~!fO4NrLcK3sTnO-$@7b1DQ<1K`wd<(nKo8|H$>FD?!?4| zs{0&%KUD|Y%j;&~-Km+4ZBxtArCjV^5wsG;=sf-E6utIjR&&)|U)HroZ{((3bb7t$ zXi&W}%zIjmRiR_E5htEyt|g{6IZR?kdTLV<7L+ZMb#JDZHPS7;vQ5OM*|TOT5fj`| z0WYy!5hGmICfZbEdGE5wu)e-fwY%oRNEA$Dck63iP^>HwizoqP8SjA8#uiFSyS$B5 z;IelN`O%Mt;2 zG$z{%r_YsTb#WcS)r!5`;t`pM?BM)29YU&OPB^~AIiTgR7I5-LADJ6-VNOJ~{92@T zL+BuG_f3oDDyp*v3qY$N6gyAB`?ZuYOZ-J)*<8jm{_IxU!;l5 z_P(;hjFPZ?r7Q*G09p!5Bx{%~G2^xQE`beMi4t*Z)0FNfa*S~2KJGZ_kU3aOCQZ(S z8AHM$+%uoFRl_pE>Jn|SmiLd!y#d}H9=1VnA|=?Xneb?(R$}VdA1Es@ME> zjrkdcf;)=tJI{}!J;&r7Y2kO$uH#4Q9#X0bI0@JUtOBkEo&s(W_)ewvOL{ALfM-`K zbq+YCjr`X`3!Dxd05$;6|CUlg;2M5RDJ6K|HsGOE`~jCetkfA`8}Kr)l^^k`x`8r* zt-vOJ1SkxgvPP+4c?RwWZskW}P64;@qc9UEQ5LWYcmdc7EaS&tV!#UEHedsAKQIV9 z0=xh`16=($^#acV%WkBN>nI0!8Q28e5`zXfsgE?^PT)3RMZZ#efCqtxBt4~y#KVpu6&X>sp-1c?m(&cMchr4PU@XW;?h*`JaRxb5E=3*gR+ zjPITF?-FeU9{Cmdez>=#ARPoyxvyuW;2i#g(pu)i7i3Ms4 zaNBjz16SWrpiTf!PlCRjKHpfNrUM6nO~C!YFtF(+@&Q|cJAoI=3e+)R@ofd_GOz?# z=Fmo970>}T0h@rUfzJXr19t<5fd?lSs6)VtI||epU=Ub5l`#NL0S*D{fT=0u2cEr? z`hnBmUZC~>w>Y#LIB9Bux&RCV%cfD@T?MKExCO{-X4M7YW?=7h+AYt(BftZdz6TrhY4+2HXqW13cMCe&E0&+6}CIka@nF_O}$MR^Zl$XfLp$ zmHq;^zZ-hs#rHrDJpUN<6_nQrJ#csp?F80!Loe`g=z*vDXcutHd*Oph@F~UvczQei z0fs+De}H>G&Nu+~4^uwy$nP@_GvSXO!>* zICM>+ItW}{Qm9S=k4z|3#dDDR*B7cP;FL*)YBjL&#zM6Pc>bnBwI7(exlkPgsxs;U zZUau7OM7o2A25jF(h59sTcJt;_rHz$fXD7AREL0dQ>YI(d?)qQ!4DOMst$Ozmi7Uw z>I>B{u}*B)n(ws zFzuQTjL;uotfx?I7PuCA;DKJ~fv49&4?GwvR8#I{et-?YjT;M940z^=LbX%iX8Hka z{p~_^0=WOlLUjSy_*9{qzJT=sYyw{R0QJf9)AS#B_9Ns2*6v{3fQ@^oC&0Y!WxRm3 zUu3+14g2XoF!m+p2YB)T;{`nPW!eWUJ4n8I+WB?z0S~`K`+&8FXdiIso74krJwiRe z)!$)$?t`zs%Qyp<9i?4B=X=x#JObPXZ2Al81D^Rl{Q_?J0r`O!fW-~8|2X3aR6nGD zKnJ)Qc=ROWFVBBZ{lMOTVBUZi{*nB^BR``4g^c5A#uKQ1Og>=M8S(+^{uRCgHk_qi zVB62=Cvf69#`Avo71#j0{O|M=c=|l`0FVBhdVnW^r+{@AsOJId`z8GZHvK2#13Yw* zegcF4&3psT{}1yGJn$>})rfw3gMI-o0)xP+f+CdyZUk-vPPw{B9Ri-4P^8WQH(y(% z$`+CDx+2v890slio(FCQ2CpwtJAqq(hk(0*CxFE_6sZfqBfzr7v>#XnTySHNY6Ug` z!@zC8Ex_%-oxow>LEy8%W5AujGr)tu;w8)ra60fDumR}YM0{wjoLfvV~HNuQx{QqKu_6rL{POKv?o zO+C`K%lrv1>HPH1`FQbXu70irtmz-7l`4Tp8a2lJBlXsSuLUpP-H&|7G|;>_1av=A zPnhRncxFJ5ZEk-`bZ;cz7Shjzc^AGIIiBul8s24zs{tC1n$i64XGyZ!EerkKL-9hco}#1Bkex}zHZIP zb_$>G$%8MuihhT(>1AB2z;6NH$ah)Cj;u#3F{XoRC4CR+Yv41HTaDiJ`kCvWll3j- zq@X+1&3G5^kRuNyeVFv4VPuSyqvcYj9_i0P(ogm<|B~N+B;PUco0-%G!R3)>=SY8+ z^ocf)04cBdYQ{JZehT;@@U=Pgb>O9(5)WSYAN*GErv;zY|B1Huw*SyIMj1VxRHAz@BGI540NZ~q2r~zJoObLKla2}H)G6O6?AQJ zE6;MqSH{1U^sS`pdCf@|`4b~OH9&r;C$BuumOne8-{(SNuB7Gz2!VCGzKSlax(l<)FUa#5ZUnczo>CZ}f&iF~0Qzn33&lre2 z$>L}170b~=*94vTEf4WMn-5(o)1Mf0lb?XUg)XN)8SibRZzH`)(sRa3_-8-q2T0#8 z?a9kO+4jIG=qLTQ(f8Ty%5HygDSYxIWlOm}>qz=p1zq@qtQFz6EV@iTrJY1>tJ7QH zP2uw~^sLZtfxh?m;KgDd#^{&OAB4Vk8#cA?I?5i0Gtlq-2rMw7-I;Na@t=4t_UuP# zKi_lLgYG}+#oLjIQjU*ZD&+*BTfGC_pG9Y+mz0wt{nW?cTbrJdTbXebx}DIS{5b8F zdC9e7t-UPu9f3}L(%6~#_~s1hO)z;3IXJQ$>_}~Slg3BJw`?MP{0w#b@>xbsNjsaM zulPfTY>fWIplkgs^fGT*{F9jnsec%{-p}zx+B*h6=>9{$;ESwvsXwhR%y>(AXGkC3 z&p1i?ILa%#j{bbft{W{kGWu7_t0VpLAHlCuUS9sr@So6!p+E9v-mAxx>((e8ud4GV_^TuJl{Z%UWNhe=-j_`c}$0Mf#-g zjNU$>E4~38_Fc;#BgV(94(W%S!%aWR5K4U`=(5LA+P50|*6&e2-*fek)VrDVW2BF^ z9?GEG1Krubuv`_aR`t3h~Ppmu{i?7c? zfB9cn+j;3T^DO6{m;a6RFLdK*hn$NZ{u%8bCtt|9>6CL;UZwR&Mn4RbzVYAfIQWda z%#WP2p8Vg)ioEq^`f~=lq4Vfjq01|;vgJwHP1r?0XI>%CU01@_b);V;z160B{X&u+ zBz^jSSi6yRnVX&>y^-{Mc9-zeFzGLmj(L{;$b9byzZd-ean6gJ8&Cfwa&a8=Qm>pV ztN%hCq-!<%BROY2_n#y2a_)Q*yySI1@;wOt1bCSv_aoyH1AiKPP>?zHpXA#{dKvY5 z`z>Yc0bdNhOy zzhnHGX5C9Wwvj$SddlYarb|2alYWGB-47qRAmeiax{5;11B-bWV|=9C;#(P0&chpI zUefYtq`s|!?&viIYCB{Zx{TavC4B+s>4$83#;(oSchb)kbjP66{miothDmoO6lARf z$+sW;B=B3Ld}EiT=aDJaaT6)hh1UJZ_cP?%2tH={&hhwdB)#}H#+CE`HIgZ(J(511 z^x|vnyyi)7BE6CHUZ4D7(zlYX=PghEEu>!{UFITpJxcw1NWVxrtd+NYM@T=3(_xbB zUoPLAA^qre1?n)_{nn?{Gm!$2H=4&%_ z+lZG~!*};1`G>)u0Pot%*?K)A#|}Yv7NIy%GUx1x&||KOhme@4nk%eTz_qKWj?w{V^={T)NUO8-*O?8se67p_c2&N0CUmEuE55zJ=-G6;v+EIgA@MvZ=nh}S!#Lzc9rVRcfjU11AFPJ% z*i_bqrSog2#0^a(4rTWUx{RGE?c5LDmg$toer7!FJO%wB;!525&AQ0b|2r7ZIR%O% z&T*An2mKM^QC=El{Dp5;Ll?ZaK%L{ekyjagApO})y0d_O`_-F1-7&ga;-t3MQz?GC z@$BPILBD2Ef!ZtkgE8h++B1p|ML zjr7%|FUylI@^C-tTS%{v@wXqr9|1qSo_HV^36$@rz;6fNmV>_l{wVkX4_@;>N8iqd z0^{Es$GkN_Kd{m2-4XPe{g=cCKC;Qmp%HW=`C%CP?N3my@Pm(?C*ySpx{WB2M(Ib6 zT_OEBMf$U(pO$jQSpQPqLB zPmx~7_uP6UeVFv~r027zq+bU~U+@(6*f{)yLVpJO@b94qWgN!ghbWuMT6&ss6Fy_U z){NqRlk%IO-~0^imGbk_XZr(F&>#G;<+Hr=lG%?-`4Z1r{88fb#yO8Cpx?T~@&$6j zYwt>V7f9brdadY@y!B_dcltEwpB*2)@JUeUciH}>)!|33QxTW-c~%IH;DClYVFSK=S}o=={hBK;WY+q2r2(R-Ik zZ#WL0j8c#Eb2|S7e>gT>D|E5HLVinmKJzZ+N!;(YzaG21ozU$$F?M-JpgZz6=w-^z zwudw0CH0=;pN)Szx;-d#Wi#M|zr$V-dpOI!&Xgzf+5p`!#z0W|JBD15awTs0r61XO z%_=t|KZR}>x`Y3OU1iJ7%zuVX&p&hx2&paP$&9y|Ur9ej`fk#<`J_vH^u*Wv)2FBfo|EE0(DmC>_^6TC-}+#TA-Xl9>y47 z>953ZmrzJPy&>azj`TLt*GN5C`YU^0%kD;g{XS}V5 zhcV=+)E|WYJd?JD@459$dW!Vgsl>1Pqz{uGBfU3Iy3FH2(hriZ?PVW1Bkeu~-SNAK zW0iL2)yvs>c48%C_YUZZ=YAF8YMlCzHKG_ z0O?!Cxo$Q?U%ZHTXDpf77-{K;#^A+wK>b_7XZK)RNDLc>SuiGkn#P@&p>H4l0DG28Bv zdl~23h|iaGPkiIR2s_l$U$tzClrQ%-rW41%OvYyneiVAS*U>;Q(xh?90lEJ%h4}vA zV!!e;>q+=@HS|Mq*15FDhfigGmjSEBK`cPLbZDw@?^-DkGUeMN$GB3g(dHld~U#R3`q?7D^q~6Qmw}bck0i<5JS9BIUDm{9Zk#gmJ(jn;gihg1JXU&hD9mzioT?2>OkGPqEl3(sKZ3e$= zly(W-3Fvk{hrS*$AKBw3_o39TLUVqcBTt2&rqr^o7}SH~kS8(^tiLJh;VXqEj@4&9O8ZVg zcNw}#ZsUN`zH`z(@LC>^(LSkf${h6RSJ79a@SD`v1l`uJu}=A}uHP-xnqTGK+j;OC zN11PFm)whMe7Vr#3%gRrf%u)PmK9#rQY@LMi@zp&etsg#H-xk8n@z_&Dr6>E~tWFCHCzeuZv2gSqC`b zKNy)W1^zhrHYqHppOSBwboH0n`2@co{JEU+1b+nl$vpT|;E&|srQH|69{|rW=!p6y zy==btmEc!NM~-{rcci{L(hub+w{?_!!bdTiZ@QHS`TQEf$HUOQbe#K>>wIy_9v!vWCxtNg$LU&Hu_qQ2+k*|KCE4vqYc9MO}2>If2J8}g&xz~Dz`6G2KjMD!7(6#*txim(3a-VkSpIB#O&|QY^;6GE|7~>}Q zanHPF_fI}@PR6Yjx+y=g<&8p@g0A&n?D(d~ZKQnN3Ekd*9ep13{6klK7W;ohe>3x? z=O4OdKg~DJ*>q(A=Kp7-+bP1Q4bW{nS2*r-;~4b8|1^Go(Ml{octoj{qr8?m_3nm(?45qY&DUj9(S_AKW4!Gj;*UM-j>?eQ@zA1z9cRCw_WkSzb?F1R*cWeE za_J{`sU5EsmA|m^kQ#18B=Rz?zdc;k`L{6U_L8XuJD@wiSS^4?y>PmyM7WF>1K85VrS95|9rT3--VS|?fcadUGMP;PbCBYSyb@CMV+U7X604t#tBc&4Ln@i z82Cj|@e3D7w$P|8>o-+g~es+suCj|3Hy? z@8{~(j?aHv?KlJe3ta{DbLeBIizdJDnG zmwxrWMf+&y4(W?&ucw`_svYk-e&635y|wYuFKOd1Xv+oKyZ3|T7a6zX6MiQd&~5&m zxq%YZxasU%wW*{ScrUQA@uIqVsQv7#1s6*hv%OcY98im1S$O(db?LQkwd2P{YRBoK zp@qADe7NEHAHUL2KBNLaDZ2Ru45$}R7nQy6r7zRgA{hrYQ~HZbhiC5yf_vkdMHgkve)YaT*>{;f zUFN$kACQ}tJsmGUj;8*d9q;Nm21=`eD*h1 z?3f$)EafJzQU`_ZHO68W&o|$3@$0Ag{xa>Gpl*JqLJhV56uy))Pk&JDcua<#@g7rSX~-=`_RItK2-SP?%!>E@ei**yl@#~TvE6@G4#9Y#SeU> z;Ki+l>g6c)yhcBNd{+T{TgKd7weQN^>eAdRS3cQTsOJCju0?^ZrHwB?UD$X@`tdw` zc6Nz+`KRUT(ytg_jvfu)zL*UBj4~Pv8o%=V8;ky0kJpQH1J}Ca`8hkrpPL)NC2jb6 zUo!AoQS&}cyKipbCqH4GOIv8izrAtglkk>aBd-?WiIHuoB!M1 z{NJ?szv;>U3i)T*{I7r~f7zAJqg$_5KPZv|fdhT+Mf*ROoF zmAvP8*7-k0o9;sPi~Ri*YX$tT-uJD2zkpw5Eo+*;ku|Gc&@_KDH}G>Qi!y(q`SaU* z|K=NZuKwP(^Y7;d)Wk+vi>CdrS^R5r1Ap$){>b8fG&dmpt?T(0i~ARF(3Skx2ihl` z{Xly!-t9{MK6Ld5+OO^XKzoTQd1iu|@XSP2`b??1_L*ykhT6;3#6WrRb%FAd>jUKz zZwQo6niME6yD?Bc`KCbml$!(PPFbLQ`YnO-idzHaRksDoYbOWF>)sY9UvPV%yy1>O zdE=BodDESN@?~!il(&`#%G;bkd2ni={E=ya^3`_*%GXQ}l!s>o%6s1tD39G8C?BW@ zl&2~K6;vK>40| zf%3ic1Lgbg4U`{P5GX$w2$a86A1FU`U!eSOL!kV~!a(`a`vc|29taQ~64-TBL15Q} z!oaTUiUPZCEDr3t<*LB0w_P3Bb>}sKT~kW}yJk!X?5Zpc?5e&t&Oa)e|OA{`Bpgqc16094SF)Tg*h4%8dsY~i9^O4X%C(ptgGd-Q zW|CeRef(l&LF1(d3T}S=@O3I!epTbo7vHLa?|b8c9Z&pa>SGho8K3w;>SLWnH^08G zP+j`zCwJZc=Y_Yw{?M;l|N5b)c76Kwdw1Q=IRE_IZM$y&=fbkr8ww`Q{OR4hZVwb( zTYBvU_>y|=p`Mn4w>?u?Fy)K461ws_>8WbdN2}GQk4!Ci3AgOQl7c7y_{FQPd**e@ZN0W}M+xnGk-zJU8ZUkH zs>UDwprGWLAJC`2{Bps*@BNnAB=wx9zIE7*e_C+u>)Wns-0_!>sZGb9FMKKV#+BgN zqS6;WRiy6yDRZK25ZXC`vPx;wGle(*MahiPKalw-E$FDW-^2J#p#1s2 zrS{!JKV@8Br>!OQeI|Xrhd#UQTJt|wg1fI=IsWY{SGK_4;QBX3}{y9&2R{kw_ z?3haWbDnhaXUgxLvSShHzwb%U%71qLj;F2~YX30lVyj(ZE$7;5?%KJPwet$|RPxKr z8khC-Jg-gqHsgO-#^vPgJ9f{(u7nP|;9v|>Y+70q zOL{p3>^>)u>H)E~b?8*!^i!tw2v*(zAe`8dWy3dtGO;~+a>*;jIH-a=<6VJcAUN+m@>?G`)TQO ze9%ij+S%(jJ`{h4dKt#4B4uo$uXhsqx<_E44P))+)rgE&bsZcg4 zOo@6~1fFHWd$BS^Kl{p6Ds||6OK*d2cBodDv6#NHp~=gc3jz-@o5OC$Mj8PPkA#+W zXxag7JK=9h*k_s{;}m`wjoJf~n2YEn74fou9Pl)ehr+-6(PO$Nt9A$crIc%<<=Su$ zJWdZ4PFCf8;Jtei_fN<8{!wuCFnAx!T$%5qPk&%nfno5IG2kf+9KAh}bxM0lW5)QU zp9eLE{{(Z{2>t_4d&0@k$Re)at0nuVyT@*RKSM!k$z)9vvVCR`Vd9}_)STYYo(MeQ==Q1VzzfCd z05)f^==fNpb4^zGC+Jr?I*!N;M>2CTOtt?j?a%)x+Ags9urIT;2_Y9S=R#8-+9wCS z;I12)bOsyQy6;9#`+y%@@ZRKL;=K~?4WO%;@6vX6ING6D&kyZXO%uj|%O_M|vaXP& z&;|B}4*WXn!;4*2$@8N`MgWHnJ-C3Y|Ha}!f#wY13n+Kdr|T&d79CySe&Ter1I0Ll zbr-CFzW;t+1HFTK!+*^UNYjz?$7yU_K~-9p=HoM9WQjGSAqF@E}e%1^Q$WgR~| zQ#F+&%uCgWQ3?B|_Mtyd)AXJP&K7U1f!!oXP#DEi)A1op;Vg%f*(d0I$8! zz#o2sEpy94_)i&ps1$xw0$;ij*?L1DYPXyGO6GPOyxx>CB^Mb*f4I!3O1;+5#@8)A z&ilQuDC18YBmAI`9dUUYlUHk%QT6jlMr9f{JonE&zAL6v#^sHU&gW(PN$|Xd@RlQt zyPsbY`u&RfrQt1_7OG}0?*X^p*OGfghjEWx>tD(|*Ay!8L6uw2^}*xixm~;y;J<5( z!>{v>LMEJje79*&3w(@a2V>c9%IoiB8CCy!nQ=I?Zt-s5v*e(_)hBu+aFqd{A|f0Ee^zbD;M`$;EeJwUlfHvj6#~!<1Z*OR3yTja&ePYlCO|M{FGnl_ET1rh0 zbOP-T)Icja!}!6EMg!{}XzXg>f?v%##hBt_G2uP?GV6AVx(_~Io^Fn7$vo*(2UdZH zb-6?ORQo3z^R9$%!>h0*B6Dd+=2q9z{fsLjZTilRockWU=}l%}K4bk91-ljGUPe@fdLec0$L!QX0!ua5K_h_108@QFXVp*SKwGlAbR(-SGZiZ*96 z7LGDDp-*5s>V*y|q;JfDP9s;ubkh=^>65hto%bON`*_~ce}b>zYeAn0ZO6}jnTnL~ z%=f2i2io4z4*U*Y@H24PHx+rx^%KzdPOj&l8f!d$TdL8Ap5x>CPo!P+E?Gk-kdfWs zy90dgLU&qrIcrGz1HMvV)5oUy$J5^t(Mx%*be#v9bcBwe%dNgrm8UYkUSP4Q)uwN< z5nNj1-(|lje3*ONO_)6qc}94<;6Z5xZ<>C%t5xI#^0^DTk#@ev`&l0Kqiw(;e!{G~ z)WA0A<}~a21pMCjSk`UeCV!S)b-00FXh+RYF`kRR_xAL`_m*AYz2o>p**2Mq@6bql z?+N_uX~8e@ZmSJ^(f(=r?7MAvpcl9V_FmRN%8=(5e9H5pPssB*z$5;>g*;bcPxV7b z`Hz7+`iLxz>w$g6h54@IBj@y9?TO6hx#yu_xqliw*D?<_)>SEbT=i5nrxbnnLu9=0 z=GEBF%X7I7{L7=ff0-xp4sgBzjt|rK+vs?w=c-7-Fx4b}fMvO=yaaxhimumdpA?)7 z|LWuU!{}<0g2+7n-#r6)HyPdn{H?S@!3XpHapdYao=L+;$l43{Pc`+X{kv@He$_S2 z$k%+$*8n^E7<~F~!vTDva!=;X#XZIy>cKC4tsPkaT)LLpV;io1l*_f8l)A-N@NO4+ zCpyjk9NH6{iLX6JuHy%7fhN6ng zG==wdVD_54^rAQ~U1IXmU2851%RQgTOP7S->=0ghQCN-cx~_H2UEvn{KhAH3x0<-1 zZKYpr;^M&~b>M#ngf~s>nT!mXgnqXxdQD)LePXzKlqcdHraFXY3$8^k4Xl|6dq@r4 z$=t2R7a-4+K(m1tA2W5>-HfNzerH&8$%oK=USzDIOHw1`6S`#W=$Ib45_9t(&MS{Gi4t>PFfbmj=HfrbjSiJ?9C2lO0egyTBhO~9C(oEFzL zCw!)^`TZ-d2?Xtv!rkbazv6w-HLYuUB&KUV1q{|$UkOLck7vPCpe6jl`}ONmuv^uD z`$w}4S*zMu`21HdGUxgimm@=`J{FMc$|GxLvZ)K!kM{Mv%srVWV#p3=ZwQ?Bs8)KE4wU9bjTm;5ck+ zXkI5Ua^3au$T=lg=Y5RZdx$m8*r#(I{y3TeuGXtZuMt^8oXSqTWiTdq`fg$_-zY@x{rA?dUrr43 zFFYgitYwXMz)jop`GHT-Dfho3eTWaJ#bs2fEaULxy2a9e{Qgm7XiO)5_bQ`m`enw} z+`7dV58jXI*Vg-eml~D4KbiZz;C~KBk)a~OLO@xAD8C;GP(hCfE-k0GOAR0Cnn1rp*`@4^PY)D+eME&&F?E(hQFHk-1s{4 z3O)IGnwotlx}@;ueDt$D*ca#B#~#nl@dPCPX2bT`-)_!*B=Ma!qAxT5L+9ipEDuL!}~CeB#sI8;`DHy>pCrbo|%&rF+hQ zFJ`Csr^n_`y)n=5@n3v7zhMlP9b?kf&nFwli75@e_5s&?#K?6`V!s-;Su9Roaypt} zJ?pZo^^RW`qhG|HbE6L?F=x)P4!_t#Wz{ud)@X=$TX})_tvQMxCJ#L_iKBz(#3xh3 z&y8QkSv@VBJzNDG*e%subE1DwQ>v$Ite<=CaDp8qHl5I9jAq|WHL8veHwqnfi)$I5 z`(OR9>x)uv>p%YTvA}Jw9@A$$xFL|*d#w8k&r6O~dp9R*jvn{$MgHZXEsNb}Z#n4N z>fDU(yWerP_#mYK4EH6gHaOLq#ntFQ%YkDWKKSY2&X?2OtZPX@S9M-k=EtSfz6Oas zYj;1N!t;#ZNFM9ia1ZaOFK3UMfe+g~HrcP{U3q!WJ1Y-n4<8e7s7t5RXpX#^>uxw$ zgP+=|w9pU0la5ccY;4zC-S4b?N%}f6vaz`#XD|H`FXGv~nj;thKc&1A1TQgIoWWM` z@?Q{^GQo?5lb*-3ZnN-W;v^;6Uz1b2LGUIxV9xnmpH?F{OT>lXEfF7ryT1}A|7GCN zuk)DWl`%Tzt8p^6f}EThoiSA+kHkh7JJd1Xv%#H{)8mE~+^my*;EvBK94!N1HCnb& z2EOiv9#fzfp_5mk7oi0=v^E1e>DKh17y4}Fx#jpF1z)AmPIa}*qLZ@!Qm|Zs&_Vp zO>W7_tLYh;5_Y(7apJ!zJ$+^F3E(3;N zX~{w9-xh2P4GaX#71=lIL zuQm$~76I=JTS{;(&%RfEdHB8R6=8wLnY+&%dr)%*k5o?&FQ=a*VAHTAgg=mKnJVv7 zW@5iQ-=+;SMk!~gp0Oqahm7SLj9~?EOas5K0qa(LcsAM?)4O_cwo3&ndA5Q!LL;AU zzFCdV`#a|2HQ?C+UIq3xp4XP&8=fgLNV6GNC4aDlxdIs*o}aGv4|csREPPm0>@!=N6Fziev4-M*d-St2mU91g$TN6CB99uqsWWfBr$~Jw}{QN zr}dp5;SVx>bU(*8r{NE@(T3e@BON|Dmo{QHggux(LbZ3nOJqI;?;?A%@M~7%n~2)d zLt$bJRU(U>Z#K{Sefs8V?21_{9}V;Eh<16d8@}01-cu9Tk7FC>Lc0z4QVX<k0oQ_YB)MBUH!d)Xnx7zt4>4#@@@)(#;sN z!|`UbYis)EW7rttyW30u^R$dc3%2r)h_8`X_mAXXwhCO}OUEaG4=tcSp#{A7AS!Y_ zztG_&nl|-$N+h-Ku}yv6rsq!aWamuz1LKvpT#VC&U&g_^4K@`ajXd?xD8@{G{p5=r zvgt?q@QcpY^t|lM>?yxKUHeiued;RzdGR4?GoNXed0{(7)5DBI-jjC}zGK1dYV0z> zuhm!gnP`XTJDKsZnEi9Dk2ahsh2chEAeRid=7oL02kzS?CMe@SWOE$BcUW%Xh@*ug zC+$hjulT0>n8VEY97@|Ik!VLhIK+=?;?9LkmG%WcIjmv9k9U+ZY3%qd#n4d^^dvO) z%eW19eqIr{8W6hL4gSh`{~^XKz6CGv2v3ukM}g9h)NxA}?V{2^?J`MQJU#BX#6}pk}y3XLE8bhq}*s6n( z9WkH28Rs>9AbK#&wLa$OL2_b*4hmMf!h-iL&`&*miNCpoxz|Uj_BzJrV7{%jDsr%v zHCW0R3-ApVbDZvYqq*U`shd~OR^v){*a_`A@%0iPOs(KrEi~kz@3-i;mOd?>A!A(& z9l=i<6W=X!s&?t46@K97{v!Hct0gsV(HtR-d6nECvkwQkVF~vihi#HWGn zU3*Hfjdt3A?PlQmA-_Y~XcM-SI26OvgT&HfHeu2WNa;r^+ovYigktal0S}03Cq+Z@KD3J8ik`gUDGza5M@Yw~=wz&={PMV8!gG1FFSKK|37wT6#y2YK zJr7xv$Fs}nyENXOi#!Ku{|N0aq+Nko*BYClrHFf&isZ<1;6c`^8{7!JXEAPR-wBLm zv?Z`PrSJGL#5~4eBxVbY0-uYYgZl#85#W*bN@+)Ux!E4=%2+;kd-QF!mzY<(k-ZfU z*kUpK8%{(wNiMqhoqF*N63bq%_GcTir$XfNi662CMNeH{Y{F&!Z;JhgNA9oYr$191 zaT~?RN^)SprCc-5@ukZ(e3IodCN@<(es*a$ zGQx12b#{{*GW%-oKalG(gdYg6W!*GAlIQ8n7^Y^K_g;6IISDz!ueN!>nOa=EP3606 zYIX}gCe=QSSU@^4mNfQdqy|&m#5JAjz8>I}aY)QhOFSg&i-n;E`bu0=B6noWSALfqcm8*YAM9e? z^soQXW%~TE56Cy?|0TdgtYt?|`7m>wY!7UzlX0b9ZM?;Of$zIqtJvV_Z2zJ727iI< z)6k(}`Li+ng4?YwBMsaJ5^yW`(r1=+zG*)nm#@)IA}*0jv*~lcIzw(Dc$ApW&*=Nm zr{FQX{nPMR1Z*OcUuo@xzC?am=Yqf3ewZOK+BM41(E)wQs+}^B`%g6%oBE*OuMe8g z3uAL9vB`=#@Zax%3*u~jc4a_Q##ib@W_j}anY$qILZJzX1r!p4P<7WB4U9wX`-ZEz zUg8O9XAgDnvJD&9iwt>`_M=fnE{ckzk@Gd%A$vp8g6Z}&|4eYCt2FwTMhp! zSueZD^O0PjF4|xWK}UvXp2W-@X=)yHK&}L^z^`QAO{&aO0?fYCQTE$-A}=#nlCu+= ztMuUJE#SmlKQede!8Xnl$96lq6?ACQm&`4nQHHMKc{=oW`Ul`haJ^s<*NOh}vyT^@ z+t&jg44X-ZgSLQPa-*5c?_)ifeB`;}$fR&|llO)jC6+R);wn$%q@A%8-I(8vJUM=& zZ}D-h<^EYRzOur|zHhBxyw6TtTj@OxEtS}p)AW^8vY$orFm>>exW43i19YyZ>}{T< zcQ>1~``dhD6m!k|uV=?2xJeBnlJ4s&nDQH#Jd}f7iVDCk;)+_c0a8z2p zs#`rj>tYo_(P*kzGCc6`9U}sDBRp-Zon6;GvrRK9mf4MpZ`#|IU0QdY@AU=Y)wZIx zdiKo7+&;WVGrX@ShnKA$-d34ccip?v#vVKVA)C?9|E^`^Q~#1-^=y4xz6t`xo#U_)E5miek1>v@qgPe;|=-0hyS+W#sU8OmJK%? zg`SmaxTnpVJCgruW%Ztsh8nKgbaMO!4;8CNw|U3eIu(1*vg_B(ca^Hn3fs6g?=r4s z$Ti=5*SA$?C+(TfmuV4YAJ(R()mZ1-~aJYO06 zk_OLr`fQ#~Ujps_^muertBn{W`8qmzJ{;S9i#?rvJR|(&7ng$PJGBTUBT{|Wcp@&@ z*MNOu;$j*2SfWK*fW^z2^kTh-EyrzzviELoVhpV!=!yJ_xs{a;So+?-XYe)KkbLQe61 z*59ZBXsx`Pyqx|u$jUV;KcD;})=S4IXihIw#zZsEW@7LW+Jg{-C3fytdg-pIJT$p{wI%$fHp*T`uyY2^gRe|u8SJ^4p2D-67d9G2&kL-UqYP! znbqU~k;5jrZ~K57S+QUAha%A*j!!bj{3z?yd#NWt9wd1$!v+X}`h zaaRYpiLd*?^|^@sCalk`pQjTT@4E>-NMx7A9~Y3@w zjm|3NeecbMk$z-%Ke9W7%ocg=BnI1q>|RPdL-eEN_j@`eE|!XHUg}Wyy$Brw*ABH) zaG4ssL~z+y*C{>)$!}$@&*|v;1ZWyQB)lGYW+%%0_}F%=VSY@W_Dk|0!t;zu@*Iu; zGxv|G2S=NIB-2M_qo>on_FSH!bB=CxG^c5rIcH1GMmLpii|OX(Grx-EzI=R%YAW2S zME~BezM5~G=3HpzpLxFGX;0@H^z&EYKhwZD(GqEvL#m8`e!WaYwSqIth2f=~JCuk%l_bSLGhyLp))-A5&9prjb)Gqt~Y=IBq zb7xso0`GqxglC6(cfRoi{R_@+q(5t1<{Ty1BJ{PNV#S8=z!%UXdpT~7AD^bLif28Y zB}3rUffK&mF806qKGw9uQ2DZcmtJD7-}B+$f2|3B&ZN4Bu>3;f**yxFuV z{S6(T;74>Ow?VFy&=vg0)aUK7y=@<&>wa^vJ@Pi^8S`l`aeOP{?&n8JTZIV6sx+K@B8y@Exu4e7V4gpU)RLgbP_L;%=F9t8H1BLywY#_QxbU2~& z7<_5QpSZsXeXbjODC2KEk>7CNy!VG}#+niQH}1>5Q8{ISL-<#^#^O8IM)kOJ@P(55 zk_TUfrw+Ug-xNQ3KR!(Cjnuus5j5?gea*8S-OVO^A4TDxpY)U8G*C;tIV<=szr86b z{?~Gp@d5tE{r_AWcn!Tk6?pa2mGpxQj3;$UqHmr%0ox_aaknvRDTfESCR@0U>o>a!O5Euo%_e>a* z;xHzeFbW(NoHIvw0?D>y{|uGlUrYX1n>My524hlaE3r5W# zr#jh#dVzUL9M?G7_$=I8;~G;|m_L(W4e{Q!#Hn+D)xvpK9Oq@Fh50g`9Od-abHCoA zqj@glCScqB^}{++UT-i96zr~3ZX7!Swx5*;k2r(_N{ zs@|PqR9;@UxQlmr-puDbr^m>BJ;$i${!Z>&`o&@9O9!SbeB*1FcMTX4^6R9H_4Kjc z)P?@eZB*Sg!q|O9-Qs_ujcBp#2eOlQI*dIL!{L7;@WYM7XQ&6xzQWwpU2pkoO#NEM z_HCJqXW3`Q-XD<}dZo+I&mPkCG&RTM=ie@lIM{1njh*d4=bJBnc=DMm;8Fcm%5bu8 zzXl(K#P;3H?F>ucEbHhDzOgO#v``ECf*wg)5P6ooV2L|UU_U0C z5!$=4dBfPbZmtWBlh;}9##iMah7!gmiHQF^ey7HbjzR+w z__IzsD9Yx3$9(W4eTn@s0sBKAqwq^$hj7i5_2{8}%(KQjLZ{Nc`Tj`NA??XJ>BVOM z5x#{!r|DzbukI=^uv3jb>Jv!Yn*0Yhmp%_2R$&{F6a79mUG?hgP5Q0*@#4T6*hNRM zMUV;7Z}x%=s%GI+U+tH3@nR0n;z?5RD((0{a>oFakME4B*o zen_6R513oQtL!5c+>l4!@hx!BM{c--cwj8vGC7nzKt2=qB_DmV#E8M&Qsz+jE%ct@ zefxUJ@jpj%Vzc0fHgzH|a__;n#h0HNREIU=QYYgWu838YK)W|W!#6<73!v%i@h?+n zs5rKVh&el|DqO~F8RL=YEc{T5_n5ii>S#Y>*9%=n!8#RI#4NtP4i-WQ45x0@8&@V%TrYQ@;#o;ycF>d z#Qf8H=?8om5|hWqia42rO8!?o?1?Pf;{t1|OOBrY549i5KGEvipE;(ja%}Db))PxTfnBzYP!}>fOdGA(yTX$tmfJuZGFK;| zs}6W_lsLKvzMl9@H8jLt60@Gd!_1}7z3}DVJ|=!g_O@{TBS&l-i(c%hA~@@W;r#efXs2q32pKXlJ73^Vn0p6+Q?*+>tYR zq*25^;dncOi(nl({0Zjn*TCKf9cO82A=U>ruO6&;dP$gd(Xq=mJ|uY!igC&{aD^R~ z6`lob*1bY#xR-Who@HDo@S9KPeq!wilP+J0$rjmjcJ^^6bejbICc}GE*ne*`UhrQV zSk2z~llI}_KhBdlhs-~7-{f6h$i6@Afb4no-m67qO=MKE1~0P*TBm9U`inKAKRPVH z{6<1NFMgW7X)-4KJ>-6L+f@EG`(5mZ7;nl$Vqi_uhE5ylANp$Hxp%;mGxYcdKYmCZ z9i)M}Aj!l%B!*o<+(Tj=ZNxq5hYu-)`CFI7qnExim)BXq?{WjBw5*8T^PidDmE$#dd;I4y4 zTi;O!-dM@_m)($G{rdTQ6gl7i%(ey4J36+^IsWhQT3SylzM-wW_bhtEHvY%-it)iW zSRaZ0njg>y`;uf|DEmbIHXP(U8@iM{#8%)Io+0t9e&(i>qjScM0r8LQ2LH~s1%c)0 zECr6nP$B0I^ye3u2XcT}Ye}I1`9`WTCO2LH{)d>Kmk&K2u;vK=Ui%|XnWK!L&zz$S ze{}VQ=jaHrslR59qBd)eGA=krgE&bKUQIkl_QX_x`xfwCZQ|rBVH0+E(L9tn+bwi}VxQlRKvcpWQ;v;mt951@FF5&XHff z4`cl0+wc~dkK?!8#5!EWdR&P7C?lQ~+kY!n3VBquo?=c8_h@^Xj*iOO#$Y zMP)CW@-_Ii_w~9?a=AiD{D*fD|4Kt1qz50qLyMH=Ft)f1VXd^c4;R`=4MzS+)_1CZ z3$!Eg&Di=*!}qKrvc4OkofqTlJMcNy_fq79tnZ*L^%JxsG0oM;pQ2$Bvy9F0ywlN5 z!cT>Mdb$5Q;IU$kL-lltIsTFRpS4Gc*wOk^#DavEitk+NK*}0%e25PR`xySRU*bQa zpLx?&B*`2H&4zA~~aT%_u)B%WY>6ZA-gZ=>!>ajd#t(qk&3i7M&*OQ4w*Ytx#;eXOiRo_IGSO?( zhy{VS!ogVcE}Le?D}*jBd_4tB@a9?K->{KCY2B;ky2q|&`)q0cz5J*#b|8nJJoBiG zgIor|v*2kKI=sAR(UsKbl>Ktj7P5d z*rWX@`lh-XeNOXq+CMDH_u4c3Y1(9B$7w-ZIy%G%HOKLd!ie*MLh_%SX8zOc1!||` z8(Ks^MNDwGnk{;(Do#QNiq)T4Nv)Y_^tIyblLz0;u=WfWCe)ufvtbKz->JeIPC}Ot z);BhjYi7#c5X$_N~+N!$-wA*0R7SAS9)-@v?(y3iq7(4t2#7n&{NTN*LN2L z@@Nm6#dVjO8-q$QPhxAo(9MOPEk{Nh8{EN>LKm_zhb z^rl>3+G>F3TULu&nN>o*jk33?x~Jx6&4M=s z%ismX!&$%E7~dp(0KPkvneRD+xt2P^-&t)l8sIIF(W)~EeJ*j||GQ=lDF<_2#GF%G zz?$=T4Jq0CPv_>||88nX$=?6%z}S#m7O>`9_VgbiFE}ZAf?w9oSAd}c9X~SK)0sjI zDOt}}4JjXRtj%+pHG2Jb0)Kq{ZlKM^JFu16V}>0&F5j-k)!NycAo_(-i>oBXef+wAhr<@jP=#?FrE>yv|5B*RZy;Kl51>9hNqyMVI-yEjY0OQcVSCy+{? z0+*hAW4M-@7rk7sHtPjALinc3AK;xz=ZyiU`CMwyugCOuXx;P++%7Qk{$KL{2p-SF z*~w@J`EePdm!NZsA9jc2UKZV&V^sa}8lyg`Zt)Vc?a9GgIacxeH2;jyXW8^v+`k%| zP3F&ye{4<#`8UuN@&|mSoBF2sjpu>4O@cS`dPeYfqb*+?&&F~4wK3ETz&9PGz6!pJ z_P*`ZKg0i|7sqTEh0ibDgfBCg$`QGD&bAq2UKbr{e6X3eTbM)f@yYz{e#n}?^k6!0 z$Xvw&-h>~_!m7<^d;{NTK;96C$9fQ--d--e0uv$ z+`8r&RhbtXyQ$eV5*QQni$s^XxA|OL0o&wSF#esV=_1Ma*S-wv4PfG@!p5Y zT^8Nz&m1LYeG+(M_E|!0pI4AIw-)D%|3q?&#h=q)=2xW#=R6C)cc?ihk>%Y_-!#uh z4w2+xacqyxS!(bqa3pgQo2&HTx6xe_aos_mF?wfD6VLqw7+d2$wHo;55wS6mHz9mj zzar;jDZX3Avp)wJu^Jz)dNmYQZ;pzz(T*BRG_N z&!>5&cKNJ%mac2g<(inE3K&e?mbr|@61-O!RezXaRNh#(xQX|qjURA~7RTb|C*Un+ zP4+eD`4{7xqCc^D#r75b%ylvRc$O#f92u70OUd`t)vVSVs2M{0jlkvJJKQL17>ypM z?h~C_@^p*hu;TkOeRdlqcNARrjX=&J#~boI0f~tg!k-VpFFoM@Lh-ge;OcGKkhtgs z@GSrN?EGiO6RlWc?hT&67#n=hX6xC)K9JdeBJ$1T} z10p-E_-C1x)U%X*o<%cPn=#Nr^e|`v8*Zdg4Gl=%@{@*1@8qjbHohu!F;&)P%uiR! zp1HoM@pTSwNC)3u@>b=(;M6-&Mf}7W#Ez93Cf+GB2jT}OFBhMn*eVywz1I~rf{0V= zx5n~wOZXr2ImYZ`Wd2-fv-<0?Sc}*UU!qpTDRQv;uwxx*QilvZjM_C~FUH^%-90sU z5q=4IMo)>|^V-ORK1#J^Fycx1j6LzH}aaI-_bFxreE=3Ins zFYVBm^noln7q?E#y?+L|V7^yA$4CW#=Ktw)jj{ZPcN`U)FNfMF0%Iz+-`B{&l>cvX z6dv+Na@J#f-WG^J!{^m~hL(kng>Dahi}}jEA)ukpc8mY?$3^fM_&2ddEX_}_vpOYlzoc{y#Umw#b=uYB#>geeaL);}2K&vEjR%Iw^UZBqumw&WgeB*PwBE zj=Fne3+#GL9(x@VpV@|=@iBY?KH{dW=+nE{@8{(`-=#O2adDw#q0vg+Ho69|!TYa$j!jdluiNX3A7#h|sJrS4DO`pz@_nnFne2575mu z_HWWexmR=<)TU{MJZxR_g<-he&ib{{PfRc;511%}y5oRa)>QwtoqD z{Hz@PD0;0O|C{9KA7PFpNB@-Vug}r%PnR71jB`2qZ`%jguK2b(&0N_*U)H6-l_)zS zR@@mKN!BW~dsK9jDvqWwsLBN^pEBlUl*stwe^{dU59Fx$c%7!oWmz`a5 zuxypH$E=}(4^^IZ@Qmo;ZtlCe?_PzERde{^DF<9iVbfJTuU}jo@aPp&iukWw%ciKz z$|;BKcRx?ODx_SMQ(By_ZI(aum)!s8|UgeY=j=HNXpfc%?J{)T0^I{JcU<z9-M9DlahVscG8I z{ir<_%RhbhFnrg;@nMf3mNe3gEGY>0c4DY$qQiwUH1U3HW+LnZ; zj<`O&RE-MVT=#Tytr{KrM%}lXmy$Ph>y_&{*Fp=W&ZYHUh?3N&J5x zgYo&93-$;d&EJAgvM#zo_-OdYzGfAA{GimUUJf2T)Yi+479M;QpHPe+N)C?sZ6s5N zli2NJ<5W{F<7g3GXy-KJQt*U7B2KlsVs?>)3Wd9R`e`Id&q<^Umw}*G-y;l5G4Xa~yn_DxaUSVoz zD{EJD@(yq<`@`#)gG%TjW+%vgs;s<n__HY4ovt@kDTNE zDLBB_B({MAyFhqfAwD!OdMsQF#}>(fIvs+&gza zA@?lj{P%a9d;g4X>|Rp0cmnq=f89q@WzWhd^Ts5mCVH~w8E#0uVWn&3aT~8;7|k>-hHm*cuUDQHtK=9RdHw5Av|BFme)};{BL? zP&UoX36h#R?CFdwrFMW@Yzp|W&_?YDe4=?b=3Cz^@UbV$`&xac<5+Bu7U$uM1U7Il zd}cK3MfB|`@ApE_dD`f6Yi1GcZeh(7!CzxFltu?Hfv&}`)83+*PND}tLY@0Abnf2( zO9g(bF6^;3?sXS=^1In{(lrh{iSrLx&+Fp(wIV~0kYD?OxgJu?^$?>o4|L`U%(Q8w zXV`jbu`#Dz(5Ne)Ht9`lO`*4%`lp-4=2WcBMXZr^Gd%(7^6*Y_$Ul?ZTD^P;x!0E3<4*Z4 zaOoiiXYx_ue_h0VI(b&+BGE2cjW5l+EoR>&F~%J{Bk}R-ZFQZo82N8a*evBj9`&Hd12YAJ8QPzQfV z9@EWY$FkO5T8r-h-;+1)CrzTAp+3@&rb>?gV2<2{d;{X!H1{(>`>%lChskevliY?o z$ZZf`rp(pD=$9y!z{Rz|+F0TV- zCoorH3)iuJL>3-lf3h!b*Cr8@Lodz4ZxE1Y>v?7kbCIj*JvHm#dH5fEoQsc7{L4DB zO`Z{6A~xkm$lAp7r-z)2eD3@RJ&ykPuEJP!nVJ{L8`}rI6MYg^9T|A+{$=oCcyNrz zdcR;)xn>xLtLql;2kw|3OoM+Xe4nrwzZZL^@?P)+EZij_ukmr+pOaSKyi99s?wyK% zK&htZM(|yc(d_fVUa@MYNSz~deCS^d*!jEI4=%pTDrhI*{B84`UuSM^V9f574~O04 z2F`-Vrg9X0?GfTrK6skwh(6lhg|3#(TO#1G|}y0k{~{$bm?<_7W> zSvQAtpk@H_9)EZT;Qx^3<4)fspsI- z(3k%s;dG-%6+us*2hK4jT$!P%$ZUt>x72vb-25gqL#}cA5@2sR9i1(F!vWssXlae- z=I2A|tAGcg&&2QdnBS9%`|7BFPj29+f3HD&sY~nBz-iVYytsTz5pfn%|DR~)^?g=d z{c266ZXut-i@hScuf#$>>-nGae9KhwC(y;ER=J(AwXRtjuD<#C*Bu9ca;*Q=H;#h%v?JgR8 zCj6wnxu56!mvz1VUU2Q}(qI3@-+X;q_o-vAjt?HIj{Nx8a_o`!!fzc5J(;w*A?bI= zX1F8A%G&mAOo}dfDez$USeq?nAMs!R3R|kb?TfE&)ZLEFd2LUl_uwG{!%h_wHgGX}tIBc6A_)_pI@Vo^pcs ze*wG#XFc}UxqDM>fuF?3yYZcb>&TEF#h?H7D~Z=91Ses~2IKcORVCib2xgK$yWQ%? zuAS@0p=IuKuS(ktzuu?+q7?YkO!(6{ZsPf!z;zBL`rg2`m(II3A-Ilfo#$QSdqVNP z9E`n&bsOYYL+#}iKkC_tZ^KV5U4O^aF9dv=!(V#)zK!*32I0-*+N1IJ2m8(l{)~OS z4^UhFKJFbRmi2N%pDVZ~G*dryu$?p5XrtCdrtCR{fdojdua3 zte*+1CT~8Rp(0ns`>)?N*iSb(TKV>g`z8juHy$3ZBJTJzQcK-}UuS%7Ez|FQYVXF9 zskFt~okN?lSNa-zrhhW;oIlqY!3?emPB#?|_9bH)%k`fLu9pp7Pv)A`NfF#yeYz_r zZ+=mDHnmG?$OB58d&#G@=6*7G?jtrKZ9lhK8NX&c;eV7`@wEY~E%B#h@Z2%3%iJfz z`kq{4UIixW`97}wRA7925XN`7Ch!Hw6RrWKBPLBwJO`J|y9Lvc8c*N>o5ubUhriQ4 zCA^ex`)TY!X#J-r12b6DDXixj<}8KvoWz{*J+6I0+vI)kv7STBo!eYXDVrBEe`Tvu zHoL!;gzqtP-y$t-pBMhn_=_^uTFPd*C;XyJ&M!&XT>3XDv9-wcL7ozOMse-4_-!m! zbAGKl(HYo(H6S|IRAgRD75fQHew-TI0zNvxyU#Y>uVLp~_r5K7;(EV*{6eQT-oNmY zgUzMXw{%l?a~fk$V(dwbJCCu17;o9Cq|L+__PH5@oBuL)IcCFCjwjT&6ZmS!se$e2 zS<=^PYyhFdRRYH(>RbpMV`Fg0y+;HNt_$xC+<(z+!h7AoBfJ-XtjT-b@YzA$HOPC1 z_S=ihP{@o5WJWeJ<7(0O`F_Q6c)SlirD1vXyt09%^Fqjs9^^y_`7jN+;JWD1m#Upk zzrIRsmNCWp68^53i^1A>GPb{zi)Y1?HDdg|$UK>cFEGZF4?2kzOTE=FdE#1F0cd-3$Kl{eUi3hqjUL1eV zYHJeDw--r_IyLx2*1v3=9KT;`H@^kym*>)0v#n45dZR@z`S7K2Ja?S_HTbpFR!aO` z4c=>AOQrph*7d5v>yxP8??omw1J`8W`k0zaG9K$a8Kb=W+>|#qo{HZKFs38SpIe*g zcQS`HaTsOH%b8E%Ysss+H+q3DkGU1QOkV|G&WX{34qg&tCW-k*maJy(%=k%c4y|vt z@=YH08jA0~7u{L>6Z+cg!?W-k!T${>b>GBKkAG}qj^+$iqf?I=rkZ3g+A{v@DGt9E zdra&;J^6;PgXd-63;S(1))TYa%QM4xzOwOpd_y*~&Y=6;yQzNf9KMSezgNN9Em2yJ z#0}VAbI>XN_pxdKy}z71#=L&kc^dD&h;30(Sai1Jy(c%glli_YdnXEqsnM(Xy^GJz z{`Xr)4SOMbbQQn9|83>XRs7W7ZyU9iw!XS9R!d5JQcD?g7i}wT*_7<3)EV(h;{O_p z9a&zz*b}M3{~`I4&Q;W(UFi)c0nfS#p2(}{uxs(RZ6OA~C~ZsgTGmV*u@tFKSn;Uq zOdq+1Z_{q#JL~Wt_F}V~LI)N)xD1>e<|uf(as+->zAqxa5$;944o&pJ|IKsc;W9ag ze#~=Z?Gnyqu4CVVip^;Sb{Dqqjw4zFPL$ zIYYWSx?#>tU-QdJ5_3!sPUk&crIQm0o^0e>;9Kva?E?15?BR&dB$&tiK8`*0m_5B` zr){EN_Sa2b)6~34_B?`9X-D{nXZ&*ZKv=ZcRraj5O7N2PuzxSY(I`;gmt&i>b@v!HojQ^G5 zm(pT=NsY5D2{q2dFTI@ptb7zJFWdS~ituTntG>;jo%3(a`YU)ehyIhHmlEu=OnZv|6SPDBiL_Hdo6^7IM(LmWc=7%}jdq6S z?f=bRpdHI!W7Ti7{58TeET4_&KWX>^A7$>uKl3PcZ-@GA#0RrC?z4#`_-yj=*;Jc8 zo0VZ`$Mo6Eiu-I%BbRjMc2eADBYP6J;{TWnUd0D;JnpNJ>%HJWYEp|Y$nrzTH(+<; zbG3XUA#|g6f$=Z-aB|{4ocD(Ka0=})ACCBCF60}j#0Qe-!x4JkL!4zYIIhDFGA$1G zthnz+;I0E+co;sY386~-fPXEl^?w1@J;<;N!Mb}0tZ_NtKG2K|0#=DzeHnOV@3Z)B z^6}kR^VEMV_AT5W^Q`FNiZvqk|0u?}G$+0wYm@Cztf0$3;)A6)+Dqi@5wt72N2&NJ}h#9 z(&DwcSBAT(^(*n>3GuPG_(rRXYoDyuop09a_Munn`1@r1S$4;fI@&d9jH5+kI_#U;kV+x<7qijnptbfgW(KhUs5ftNYpb{QR%h>R!$J|Jk*=@1c*+ zSF8JH!~uu+lkKs5w5UO_N4zJYheu3+a_*&kyIUCP=hx|2Z8$GGKiTi!@i;t@@%bsrP(I?P>r0q@Q z$|c_Oh@9cNgSzn5@T5Ne%lC!7@SM{(C`10sx{fe*9bb4WcoMm=2!D2{$dmsb>-1*m zyBa^X_^@;FWv}Bu`tJR0+SB;6Q$iYR=so<|qsVQPXFTvgxxX8~wjY1?5qzOGzT3Bu zJ^$13?GtmWsbqb?2L~jtCMW)#)kCa@J;Vop2QDheU33xad5ddubg&aB>nqid=u>RJ7wJu3LEe5_QeP;4lk)K;(g*^hR^$ z;ndB7Px3(ix8p1qdo76K0Ujngl ze;(fw-RD#t_|^W=UTMbVGuh?d( z5)0+r@-K)zUyDzmBqi0~kDay#{h{ zVewZ;U*u&3lGqouCGNji$3CbmV4ATmD{R^r;H^4O1!}ObyOD9?!;?DVvAWE!wBG#O zCu@s~zH}FO`Ubzx+9w{X`KE%{j3KM`XdQDE{J;^%GiJx}C-OL#|8h<8%k+U&8|0hW%$>PU>TU4f zcZ_R%Q&Zxf)pE|W5_imF4j1u#hn~2-_U47`HTt}ey|(w8p0MP1JHWSzOXM@QMvu_K z32+3=8(W^PpYKABwX9ZcUgTg2eq2p+P)BQg@OF**viPUGBZ|Y>rMs_leEjFvw_yk6 z#B)Iu`GW!CBsJ)!gV)CgcX93OTpMcBC)#B#;Mu_%a3`sb48|vT{tda5mD>sfl8ch5 zGW=$K9r|DfxiNllBG3FA&ukTW_?8xUG#!7NsrRrSkn55+fWNmV3;Qt}--+b7X0om( zu$H`+7MXc+UCd3xV~>OdC*E<$U)~`Xz>xQ(4h}xE1CryID>-EGcj}R+(x;Prg*$j= zAI~oYcGg^nn`_fpzqQ!NWvtz-(G8(H>%ZN68n{ZJAs2Z}9%O$@d~CKjO$ZE=SW7a- ziOCcF58G`$OBrkRKd5kQtm(n+@v%Pqz7}|lv2Hyr-}BXi2G?H~-y3uEX*j;e>?bYQ z%(HF$}aM~cr(;WM-L?l_0%re(9MIqo9HVEz>`YhUyeBMD!|SQ zT!pVB&bwm166P1am2S>&dT=Rih_567KM{YK_^F)PitjzBfFJz2nYSb*{#R$PjI~h- zf0)HMyy!UsllWn!pFF-_6omhYKXn;&5rSUC55{+34D`29fNM#~PQUmt)UiX^k zCj1^7l9H4CH)+W|qp;^bfJb$~4?m!t*W&zeDZJ+hdCe`fu@;!n?*>-H*N^o5Hf<3b zHEYGZD14Fcm{q4ZdXj)wo|iEsqsxikv?e|V@teuK>+m`8nOHnbzKvk{x2`njX0Rr# z{z4)7BZ}OCyPp@n%siNUxscp-@yAHsxvXjNb?1PW3f3;)6d%a@`z_1?dN$9CO+1Qz zOBuH|Ousp)Fy;?jwhkX1V=g*Vd2bcJWpO`pA?+=tFR?B2m@}<<`5BX^X<8^Jvto)? zop+{~XDarPdki0tb-seV8s6^}2J(;(!qa{+S<)-AwVFJlsdNgtF&VOv$d#I#b8kN*SZr6JkS5e`-tf7RFdj zn{qylbNL3&J(|}hl9uEbf0WFbRn9@QI%Z!UV{ott-aJ^M_> zy_IK{-P?ulQ)o(f#};6a+?OM)*`e$2KU-f|&Hl&#zx9O%)`if6Eb5i|9LO89je>nIn#Df}{3 zvt&bR@Jo!f5*m5%P8E0v{<8Z#eL>?p4zIKpJ$qq&;a1+Q;&=A(p9LcLBhJg|!UlJ{ z&{N=(I($;rrAKr0q@AH|nx+$H(1N?DS1Ed)@Wp;)S~WZipH5G%z(l@V27E6axGkA> zg1v>9_G$Sr!1Xt^%DHfV%I>-6`pgJ^z%#q)^O3LH1CQnoj`R0i zuf^ZsVV%~;_aKi(f2eO1JufYoEdQOw{7(-$_#cyd*P{m(lY3Xhd`XUD%&t2|TQY|i z@}ua?Uk3AcJ28SzbUc|ihn5kG4I#Iyk$0y|eS$n+`1DU`D^cdTk>>&S#th25SbS)x z%p=x#PN&&M8=}wX%*Cz|eE%gLE9!x+WAUF@?qVy?y-99~#H3`Os>nR?N9({h5#HyM z_z&@+wEES}#Fz#Of5uzLclwr-}Hi_=m)A zqDPB2_E9$_CYJ_rnrJHvzJ0tGvzP6G4~grYeFeWYb-?xPmixz}x8m0@zvm!(6H1WH zE)U;npf*Kzg<0Fsc<}4s5}9$BwIuC%WWNgMH&8#IFCmBZPWtJyoAv+a$ain<;QYg> zRt{?{J}9`+&qh0jUjO&l^Ha!6{?E4O#TPDe@YC`!<$ex)&+?DgfYbjS`Iv5S{#o|C zz^SoT{v+XZ{|Dt`o^Ja0+4E8IHze+#$1j`xiI#6vzW2HdU1KlncA;Z$v*<}R0mo+1 z`R%NuY1j?qAU2MIzx1qJ9+nzCHTd{y(Vaw=C82MM9w7SBx9~?wTMqt5X~)j-C~c1Z zZ;s7T^d;n$`Tfx=Y4ZbZOru=$AX~1W?GK1EeDFEm7k}7!@6+a?m3iUIY2$Ky{;wsp zaVQSMtHAJsPRHg$aTp}075(qPYxwx(S_N%5cz^oJ%foJtdDwyQn@E9D5eNGv?;}a{V#aK=Z(c(#eOJ>hy1@- zoanpM|Axk{V7??4m(LpbKP4773RtaJ+*g4Avtn`ob0hm~&_}x1<0vsXvrhA{I&;6H z>~+j4|IdxfoudDtak*Qm#UOO}e_LEGw%6E3jb%H!)R6tgYa}Km-#oM7&(cCtSNa{h z3LIul=T0IXNq&zj$+Mw*B5~Qf@yW#NxnXrOMEk2+b*&+PBgMn7$Rkz>Ji>b`3DS%7nis}x+M?sH&gHgI0b zdEKYf{#tv>Cu_MyosFR<>Nhuk2j1)>hs1X?@wrn^9-Ioj_^A0Ma0y*Yy|Ms)rE2=P zl5_E`Ch1lUu*v=cY~JU9S@MX6)&TQU18gm0X-udAHd@+eY<<**_OdP<$eRZ83alDn zirNpKR?98Rets>t+kr=XxrzPsN!%El6?>$-6qrTMVQ=5pPwmDBsZ}9)-_~3d#phxU zbD^lOmN*xCct3G2N~o_^L|dPR;}zF`I*upDaqKOQ;dtMMK^%*Z<^*}$V#(5ULQIxwK|Lf?icZ_tQ*&#qa7l9ht7vi zouJ<_AM#Genyj$Av*#l5^RV9HYwTLq*IdrAV>-;Xr^eb|J(-*mu0KNUM_F@HJ8~9l zE;>cse;ByTT9LVG;MB(@2R-;K;-~%4ndD?7uFrDL&Hh-U zrSUa-3)ege^%kGN59yEBTU>F~C+SD(^jY=!9->y;Gtg11)aRQ?T!s34^O*M%YAp(k z)>`e4uT}9u#^`Etyk4Jt117dsdx1xC?uXLWLTWEAVr*pzwHK#KAB?s2_+ahD(&K}* z7rXw7^(wMb`V|^U>`U@L{w#Qu`GMbDXzf0huy$phWbMj4-N-!Q>pgFtthH;+Q!8ut zA=>{m+^@a#FXNtlHYV;%E{Wm(chr!va6h<)KZ)x)=Hv6?x?9==*CqXfxbE*8#B~L0 z?ep?Ra~=OVR_D@O$A2PjHDnzpuAdz4qmN}=XntI*VaW-QwP~(j({f_S?W-&H*@aqy2z;dJC{+&_vW6V&xHFs z&fWh`nvpZPZt*(qd$K(No!DD%7XB^zccF(m#&*4x#6F}WBkLB|Mm)#feMkFo+3?2Z z>0^y!3xThi`cAJ(E#I@(AIxh@*}PO!1McDfA9wE_A60er|L>V0Fq3f4m5U|;FGGvUAsuQ9W1j~$y^Lu~JnFB+_OTWMG_w{;S-#_Lx=j^jDYp=cb+H0@1_S!3&2NP3h zA-af{@?S*H;yQHy9W@Uf{8sK4zjt11^Fa5I?Qii-u@HRVN^+F)&N~MFxJPIpW$&ll z_b78K>Ajw`?M>(UTJ(LKE3L^*9>sZ38~8kLKL~7UcW3@f&Cj3thh~pEb^Ez@(w?Wj z`HyFAZEnIJd;@W;-X^Bi6~wTrfflzSFX=v!R?eVL&mpEAX`ELmKM$RV+Sv>L)OW=W zI`5t#Eo1N5(Q>BSvwcCoi<=gFaPzJO%RR&v^fZmd53UCPv%Sb$-^qKad4U$vF3!c?y}e~1V^f$i`y(;8&N+7VuGZL)LtWJO6yFU!55+f*rO#`D z{SdHEqtBu*jpw=GLwH`tS!t!o{;x4q?4bqAhqZid`SUHenEu;e=yz$;3yk3l%lmI% zVEQ+Gt)JPsn|N3D7{1v2f*HEVhlwe_`{WpHrB!q{()}r)9XAz7cVe& zcAdWCb^Zn3FZfi?SAp$oCT06${Vr*G4A>r9o&szsOLK=uRnOp+Pg8y@V^M2Nlg8uYY%ev${MrkiKh7Ud=N_fY z0CAZ%B46cVzptkq*#`slX6G+%_J^KjpDSM2MjR`j4|_3jt+*#8wubjA%2l|3Jh{f5 z8x0ZPs>*$HagWbT%5|Bg+TY6G=O{Xh8e$cHopE@S^Mt?58qt)9FCA`mrx1Hfv8zT} zXL9xt-|8}JymG=XV&`7%9)Vws&e5kQzUz*qEGxd$^L#&1HXVIPHs40@EhGFodEP*0 zajL%mjx*Fzlz^2EJ|0%4o9fNja81Xg~e<2QUzGbM>9b zG`sL03b^MLcM;p5q8Sbn1OiWLLDqW`q$`wwCp;#(!W><5f1-|)pUB?0hQ zQ_uNd;*3;~c8Gj6?$e`p-h5%`uDMe~+yjyQX=f>=C(6V3*IO&yksVVc7u|R*^G)&R z6azn%eopn6rQM#+DP6$F8rrK^T$4N|me)`_xfp)~V#gsbXK}U|{e0c?lYuW*%zf?u z!mccO=_YpC)MM_DpZP1l_-6NrrZUdPN^bYCSGykFRe|=j+#_`c?KScpf3%Vs4|l-x zESfUVR7r!`$yu(SRiV?Wpw8U8O^7>MVl$}AcN($Npwr~Kr!l|Zhc*I3rWNbX!5>jq zBe5QZzgEt@1!z-uk=K&82K=>h?t4FYi_vevQx+XCv4A~+^6P!-0Q}vK4w#rn+V{y1 zUShu_|Hqw+bk0M5-2B^0Ob+SnqRau?&&Px{Cu>(COPR+~QvF6Zh;Be%hz05Psqf^a^jm(=B33#1$1((`&>aC((heuQ;+7)ca;Y!5L zb?nH=HqQ~nv-=V;?tZ|zJsTdyy3Gcj5zOm!=GKVt?}%CD@r>C16)Vq)vwZ&m$G_p* z^;V4OEa(!u9`y1#`q>v|2fwSKbNOu+Lf5VM>6Y z_0U~vf@T*c@bA#77e9(Op_vHtMRl~n@B5CGZxA$>pl#(>KBw(9@ZM)BFL;RCR4!Zi zO6<^zC+KI6RPj8UGUJ#RdH4bNd|ys77L>Je?8%D3VOba@z@ ziAPAMT!HVN{4I~N9{g}VYbkfK34d3Bzubn??}{+)-Oy42b2E>*8DZSx&}p3h9|dRL z0q&^qsd$Oq(38sN!8bzWJHT%Q=bNoLhE1!UHK`pRf7Poql$xVn^eUQ%-iDitbBVXm z2(K`tJxvTE@JLx9T~tO*!D07r_eTMM3y?` z8tIGZxNkY-Z-h3~Kf^h(M%mqU*FEhCX1%v!+wT&uA?-fkq28E$kA#m3@S!*uUSeMy zfu2@8cysXzY_GY&(~HSh65&k0LnEmgN5*qS0+wW2@l~H66@AK{nOxU4+V$1xE(24N z>&lI;0G=w+3~391MR{}UPLIA0JjwGq*@xrPY!B(ARYVcHuyehxt8N?P_c79WH z4`-xvs2d-QpGmLB*c|dchCes;&fs2#maNPsd_l?siF)5-9ap`xPEoIXqYH^;`t9?Y zt$L*o5geS$-<}Cf+7GIHnI~tvVs^IU-%;bq=_L;S_Q{^??QP=m_=f0T_b5nbzqiG3 zU%*IkHy|8CM%dfp4@pKL7PEDpCdxPI;-chlcV}}q5a-}Ivzm)6yAZh7LF+bO9L3u0 zK1t>{!kr!OQtyMvMDjU#gLU|I;5|b9G42Uf-Oq8p?gHw!>&dZXE}O58W=#82=Ya4% zlz)TrufuQO1C9^izlW(y{w_{E%MZpkNj|b+$qB1Ihd+PZ{$6|g?@~r%gfX#Umdo$)bR|KT;7cV5=!05ViAa*B^Sl;7eNq_d7HzU)LpT03#h$P>%F z(S)++xIR|b;OH4XZrv77?3CQ(1rF0W#g~wu%Dl)R2KWZrHgKJFpNc%?__3D_G%(&4W++!PCsMT_Noa-lNSja1w#H&I4ES&lRo=xOMop@Y7Dc zn?H1i)SeI7Y$|hf4fLhBqGbu(s-AfX-1X#7Z`Pip z7Z{v6&!Nt|Q`YJ0J%>8;lj_U^mv$U7&e4AlJ1wx=vQ;{=j1O7H#~fAvxSNl?#8voj zjprx1eDO4U-w=W3Ib_9JoY5=3FZ+%54uQnp;msyu!X&=SM_6-1Z3=GTV=ry&W4+l= zJJ_~Xr{ljR{;xX>KJD%T%>iP}vu^c+FL>Z1_Fhpkqt-OZ1{cvDXAzIDpNhuAdRJqExf$JXDhcLeY>($gGxj=PFE+}9P3ou_a*OjM+HMSkOpn|mZ^qqXMJXbmp97mt^?zIlruV@LBq$KB=t6rk43B7$q0br123GmR z_Jx=880FeSiq1E=)3-;klWHHjZE!-S8g@E&1&CfUntU$yM6Umyyp46GlXWHc?h84O zk_-PN-W}hON00?GdJF1uqZZ#ys>_n8C~wJB$WGfFnToW*z^-<4U7svdebPB7^w!7s zgf7-Z$=;95_lLCpJ-V>e+W&QemoCu_X<8e*pxZ4x@8-D?y6Xa_06c>JF4aC>c{Nv* zjtmrQ2iKjX?OkbBs}1tSUY&13e_QAZi7)R)u9ZxN9;sY0CjR37e)Dd|OwWGk!Gd9^$=^d0YJU8FJD8e%_zEY{fj-51Ju_r&i zt~mIJSp2yxr234jwb?1Fd!3FT*BqnmJt?(w-RNB97q30VyOhiAXMSd^H3In`|EN@C zTftbSyX(=jJ`ay_qf4~qHmyTC%TyZjP>=fh9s25gQ@YarlQcgzifP0KVvX5hmP`#! zyDl@hU`J-KvVZN|YTE4v7U4SH(2u?i#D8fJ{!4@L6CZ-V_)uUT2F#wI?!M9bp|wPC z{}+BMN01p_#>UddFM{0Xby;-Mn>y6yr&Z8MH*(0k*`~wB_ruMgQ4I77FnjsJG; zSB*6IOM0LKl~=!O-7A{!qRuw%SB=c_cR2JVz8_ob5AC5X*|rVk)xT2m7A!Eq2y;z! zNv{PxfsgEP9(Y$;0cj&ivtSrzx811vPto@EYTK36_AvjVeA+7T0Dp&BBzbQScO4aKQ#C{ z{m#QC_urI@PZzDGQSU(NA4EHYX>SO$I+VLT+@jSmzIEL1p);jZUumRX>5*(2T-|({ z+Jx?;FF9S$&{kv}G&o)H5r_>1{Y^YhgW2Is@+h5s#l~Wb26Lc6Ply{#V?PBRiw21m zEIQS_W1_(_Xz+clf$L1k4G9`7qyEtr4UP^6DA(xm|6Ft%>2-&&144s|y(as;Z}L4t z{yo5@d0kWerDA-^R!7z)Xpop;Hr`zB%Z0pt}vFtR?2J zg~9xrN`k*o-|)W?Ej`0C>rGJy|AN!uv%F_G&*G(Kx&L8%{rWY1&|cPU@qKvlL37s` z=<~hd4b+1!++*`z@6E|d7_L) z$~ipqInvwv+?9vjV?#c0*!z`?@K&pAMw4@16MUB>pV{o?`^U-2nT(N_F%mqR-RAae z)@JblQ!p&}7s}-g<32Ce#Sk_qeOG@AT)Ml)^m2iBIX+f9qU^gj6%7NPY|a5?YhObSJANGZ5>ozGq*eIL_)hqc*JIGtWc1EtUwMb*ANU3BuTqR~wP*a^ zVAS2%{Bz2npZYXdR*fLW*QRM+V97ZN7Onk{odT90s$TAs5iA8C1B_hZD|P3n!~AoYa5eB%F*vKPNaE)F%7ZWSrb7*tm~*iHN-?q?|{j-Kwj z`Pmw9yNUU`+dZPU6WPAYonxiTKT_wdm0xR%lfQyz`FJS4ns95b7!$mi_AI`C3Yn*p z`sH7-pRrm%Udc>0t#a2Pc6%eNht53cB;B+X2A#QpEW2ZIeW5jP zt^taD}( z=j+4W@5rvUg8VwCt~j?v#F5k))`jS9r{b@24e=ute^7C~x)j^7e^!&>O!A|^p)rS+ z(93hzrrX={3P1Htw0wx~0em)B%(r!S(0KVQ_Kp6!|DN2$9=f*v$CKwBLkGv+ab_iP zyx1$Rp3mJ-n){qRl}%^KS@zk|T6l~2brpL5ZS2=%Pf$##PH0nUE70diSAQ36I^S47 z%B6FDmvYHd=O0f*1y@A9kD$hem||Z&Bw;exJ67*+ZVl=cO0==)NO9 zeE_mjHtS~&>*xs9(~+!6qgazhBP*pKD|z9gW|jA`>9O}4OmOi&cW?>ov|~^5Rl*xx zE{j&RMnpaCqMjP`kKZt{bm*gmvL#P)*OjRq9;tS9XbdE~7J6L42sYdJ)0}T2uX_M6 zUh9u3ejn{^WX~1z*4-SffKPh!{2eaW>0k6v-(S&HWP-a0Jh%s10hc@SBbk;AaGs&T!Vup3Mea*X^W&>-Qmu2^_}7FhIH!F-dSB@<*FYP)-Ko8`%;Bk-rdalY zEu`(i*F3^rN&6nh?&afIum~pE1%3}ak+c1w1MGL(p-&tDVh*l_ci~w$XCAJ$#&rF3 zOQv__o8WWmGc@%Z{*TPL2^zQ&TDSq4xE|WL4%zBjWUB#|eD2^Lezd`CJjcR)DYyr= z)#9_q=s*1p{)vBk-#9e%fwfQU7wqX@`_KWtJ-N@d(|2(9J5K@oOqV-Yy~hN__rhmS z4L$Yw3quj`wx+2#wC>@O&|@uM3O&&(_c*JNH1FdxyBz@6UFx ze?8Z;evRkC^$!8R@~r0n1NIrmmR)gtUy&@!S^W=9x8w=Q3Jx9n`njTw52i)K$v6Tp z!qH+2MbcQB@3yY?~gK%=;N#n&Gnv9p#KgP~Sok!+e&)8fCO<&7ci5FfCUG%s0Hqg?s zW$w^n?yfxsJx0djQ^RkC_90{8GwfRzBHQ|*cdhTbSJ_;V5uB0u9+2LXJn?%uTW#rg zxH}mB=E(Rb#bZQ{Ekuq@FV{LE`Jt}4QgZVCl;Aq%OKn2dUyJ_JjteB8jf`-_np2{^ z6EWAxZ>xT9{)?TI{(ND?k*?+bBs`Wp)zqhFVM1R{8a=Y90NONb_ z!_9(4{SF`R_jJZ@8ttgBzit1D1;@#0!uO}`{jqrzIeu%BFQns{&zk!_v@4n6efX*D zn9}#ewLWRzJ)m|!}(Uq+R_b9-$Pe7hxA?G;8k=V z|3W_dfc1uZk--shpOB;OL|&6FItILY7aTw0EP~H9G9ja7wX}MCy>5JXAF0l1i6qwO zJ@m__^+%e2LmTYvW0K9i=s$B^qk6X^_Y_l4u4m{Wt&v{Oh?QmFu!s8hvFB&r9W+;* zj-27MVoJI1&f@-#oNyIBLF{LTOE=@hZg@#|L9Qb<6*^IaO!y4?Gx@m72IAO-diXvP zp4CR$d+A!UM}`Lim)GE%x%p0(#YW_1g4`1_36b>K>Iin17=WsFzO zRi_6hRb{nIJvQV}34B}oUCB=xyA$I!sztHOd(bV8!Df`4e>(XKJ-(Irh7((FWCH)A zkfr5gFaka?Iy~SMHu*V@xU;ZbK15P0yI}UB{+T&0I>|w@1^i;b~_SjF+ zQ8CBwqm1VLQ~cXLpZ(x-iTf8=L!?jN+u-noT&j16#Fs`BFZ1w?)3EztuZ2bzE0!xX zk&C^*4gHYgi=;hC4R){yyi|O^@=r?aNv@(z=bOa`kde=ZHi$RCI^H=&{z^U{vNXPE zS_2(f*Eh(-h)Ek;3@yse#QqOH#GZ$<+sK62xur9boSYv10d45+pT@_v2Kai%O4r9X zt=<2tAG`n^plqn(L7ykDQ>S879|oSq#6^}}NcA5^pL!N~9G}f&%PtBzewwHDF|hrZ zw1@d4ut~t5Kgn{kbRQd_HDtL((xX8q8>IJSEiVd@&YH8)i(SpTVtQRV>x_VD=?U0ht zPqM!hdOY`nkmUbldEf6g6QA7b+8IfyeJIpmg7C;-^%mA*_7x%a5Hr|Uu&3A%8ap+l zJ%jcI+BayQ&`3Y^zLNhBn5V~<%{i_+b{Vq)Szv>QU;YLUcg1?JiFtwtV)DzDjn9Xi zlZuS*wsf`aTg^_%RQJ=*)TPig^i)f|*wt1|TU8JgeQBR2{vdi1UCI8c{c?9&?UV>S z+-0CIFMPeh1eYe|>rStoB6%b-j(M2KGb%yL?F+aoh_=5fIn+~Ha^Q)JLIghvRwIWD zOwd&&bXCtCiNxFA`3yARv|j-|tKI;#?bO?je`Y)TYtJiz=fBGe! zbqCY2Wiyz2w%xO>0o@68t6TsdiSBX!*krw{yxx(Ci}lXDiD<6FOUCnV)yI1q_jG-M z_rCQe(;@RkF$)iBk5kCLO)-*+Dm9nW(NBm^riW7#dpCR~R$DZw{VnOPeD2N#r<(T; z&GC+Y?u5i#!iS8T4nu>U2|&Z~Xe+1Ixn z@RKo_ec;dReXX~YxxiVH)yz@h;ShBT-tSXS0C~6OLg3^*LM584lb2F1$R`7hdq9d|KnY z+?}JgUGyP;qsA>GyqPvCrWq?n+>({VoH)(SL!XAXa@S~JrMn~#o+Nlh%N4|2tr(1~ zj=m=u{y_=&tHPIrYCh~As=3cy5~z2VEc_y8TE@s8d4dm>aW21tSQr&wGO;J>(UZWJ zD!7LzK$+xx0dP|_--TT3>#apEs4{lF{X>sB<)~ZjB$w;EKl9d3E0K@3V>eenOs!dO z2I3czGzNdC&c0*tDruX~GKcPyF3WZnMa>rL~#0v8WLGF!bFi z=-KS103X<0b6HXcN5x>rawgF`YS1n~m6<9Nfuv9r!Ueb64J^uC$zqftlcp zy_{&H5gU@?i{gt|G~VUieko%Wc--FW0EdM~@HSky%;4WU!Jc!{<| zwa9v#86(Er8l%Vf-r3Jg_&l(wZf8svti32CIV8j7+1|?@O#NWZhdy$P6mK}=%G4J5 z7AjryvRh*gtP9b73En-x>Z87XoU1I%hsJ=jYRpBU3Babi)Vy2rwr8-{W9>&bpIf9c zr(fI0@SS+htI=PL7f!SXhW4y@0RhHEyrAYDR|vnOSj~@3M__F~d<$~XXJs6hv#dL6 z6FQ+%=;q_bu^pY7_nXs7G?tB?oJkrpANI-A!JPTUua|xFBCnU2I;`udgGf8w#LBR9 zE?gLh1{PLDeVW(6PzcOr=fch{JhvZ z7I7YR6Bl6ZEJKcP%FkfFtE_OTyU>fk;XD`jH9WSmc_u#iiXB|8c+J$i2Rf-Bp9>qS zWY3N|<_-Pmg3bffQN=fhCM-KFIL`zBbHFh)wo$fKjR)&}6KgqRkse<2;6>38HbCN( zTDo!3)jH~}eEg!2@UOVh3*l>=HOF_4*lK4P-HBE%8r66TFY-Bj@xe0gir_9UXi+q| z?ZJCOUG<}*FS4I00ABeJ&&RHG4zP#^MHmOsP%Y2%&$=kI@Js&K8?0}-yJjr-T~K7N zPwJD-2zrP4V`l>USuXVZ&{yt2vuKTI6&S0E{4vQ}+TW{>J<{2dS9*p{&ArE6A%lKY z-$LMDxU8hCLtBo_o=i&`yX5?`Q5}I#w6oUx;0uND%G5JTEq(et>eK$8nAb&9HJ^D- zt(;b}(&SAl;_k`_zX1Wt-)E_)hKr^d4`pc@e@Gx^EAA z9q4{e3UaZ{le)NzTePfo0H4+(@uNn@qm{YR3Qgvo$^Gc??iJ8RA!q#S!IAv6>mQsJ z`r+ximxQyW{m~(_7g~qzdEH|Cd5!<)4G+3QjnMsKV@m4RP78U^Ycy~k?GEk`tfM}i zf0HZ|<=4ubX(g|4UcdGd&eXe`a_B?-N;hpVc5dPbFkc#o8{o9J2EDWD5`G$i4Sqhp zA;H7Cfl2n!??8LGhP$Qkd4BYDyDq`n?Rj`)DQ(?LU;Y8ltrhKHhZi4PLEpa*|J)D# zNZxuJe)$GGNj6E*is(Uiyo(;X;e}e`b`Lg-D%js^ohu_vJhhg(9eB9sggKUt4N351 zTe<+{)xA=CsZae94E4mMZJ@t-oS_pef=}=`um}#p(-#)OAb525lla~W>T}xG`pBKY zw4WLFC-BjR{a^Hw?6(Lg(teM8|a{arO)*u&F46mJ1;r6VrsBfGcaC4r4 zI*=`QNVZg2y=#rqb1Bag*h}hJ^-buL_cY!mhwA%8>zR2A4wL0k$)b`$+@^l6)=o#J z*0}av%Rk9?*!OSP%efEkBzw7RvY%uxzYe~Z!#bd|y8+H~c?aZJ_VPc}Shxs_PwI@q z2-(c98PTFMCps6^3jXGO&qQm6xT0Oey&)#D zkuB!b-)w%J9=?sX>iB6tRn322|BSRezZDnX=Stf?fwOKQbWladmhGBJyc@0c18d_C zX>T%<@0T6B=;6(*A%*90pHt?_-c%ERXdapDDo zs56hB#lt!*J=rR+%O5L1S7xoF=&+70^I)4y(*16=_t3hZf<2IRp1{$+j-W2f4rQI| zO|nCIOt1?*;Uw9iJf`HDgr2Z#+6g`3pYH*Vgq|?MS-Nia>$aXy=K!<9ukk$spX;VB z$-UxZ@r4tM?>s6UQ$p{FuJ*U&%YZ)jtdkwVwS6l12_ZWaaBYNq3^exorugi_LF5(m zue{5)rFW%=Uqe5DE(keoV>e~~lR6#UZgk#7;7~EjbBi1uuVC6sp1w4!HNw%&+W2yX zcaTpw8e{2EZ5*uyKKVrj5`Izg`)&s}j_+d=Wx77W_wixA*WeSCJm$_kdya2$PYUBW z7=MW&_)QFDJcl6@4M!$Q4;^dp1YdNURWmD#xTljCo%bRipXm>c0}nNo=Fmkx|9cgM zI{(J`ME=#Mwg$8F1q&v#Dr4uxvCZ+xq0J4aMMZZ%BwhVmTX4efYcKr^?K3;o$BEED zd&6kU|I6uTwxui14qr*x2>oPj54XQMIn-v=sq^->@7MKw-%UT`@d2Uu1@LotKIa^I zE5KzBHYTrP*JE4CyxZ3z->v}9^6%P=oo(%zro4pm^1Euce69wBBGZx0F4sLy^4&~N z__5o*SPznS6MVUbb07Fv1vTf6OhrzS%}=_JzxsmlvF?)iRoG%DL91uW7JKjH>nNxG z@6EGub=(%az!eP8|M8jw3tS~vF$Z*KM}Tp5d{u{0ww?Y9p2(k4LfzDxPkZ^aCEUvX zokO1Pt*+o6>T6wielbc?<^}pq+4?83hfI85!x-J>BJXI@$*=c!`QJ(!wvbikWnU0D zg14g^w)zyw$A`leyp8w6H(qMlZ}PxvIqk3hY5$;fCyosS{Wh|CM))+^3SdjEI)xA9 z8u%SDT-crD`zX8lPbkxQERI-XG7dAZ1>0WQwe$`d`1{u*>j2k8@<~S{8%;@C?te<~g>YO_aB6+5>G}bG!b*ZAAamiE%c_OgemlKemfIVIxy*o0b{;*=$-r zrtXt$TGTTi9ALldSl!keg2cT8MY7||Z(=KDBJ_7DW0qZYSMgL&cC~bb zvdiM5e@Jpmb#+xS`z$L)MU5-FT690pXAYIBKHA&ESdFMEF8(HMYV0Q5Zk=;Mr{D@+ z22Nk&zE#=fWvgo?-pC~KRv@DW5&Gx%zUi5RkADMF%d~+`R^Gf*W74XwJtOb|b zYk?=l@~dGk?JyU8J{SPkd5lSg+GCxb3+=WsR@dnrc&_1J^KJ}3&Nyu_LsNs(UP=ot zSUw@>Dy*HW_J!Xw_&=5XRdj95+o9tuzn}}LpRwAI|JyM^*>widwe!$sy>AjNYyKJSJ^WuRz`z9Gub3PAv+MyrmJo=vXI(g13zEZB` zBlHAiH0M>H>h)OvS>X!yC3_o0Q<>qj(j|Ku%Qr&&1je!5i!Y*hq4W)YWUn&(Z5{vI zH2Am|-`ms_d?t^jwOoyVt>S4m0$V#aBK8JL8#xc)#JE@?S?j*K$-A*RJNC|6?W2|d z6md0VAF4$@+yH*G&v*-32>_SmEy>NY-G&mrwK}^PvG&TWb4k9nYpk;NH_f9Z=yGIx zvT%>>=~2Eraz(PuSTP9u+Gw*Y;L1~x`H1y>jr;!Q6^x%7{ZNl& ze)LY`ut~G$sh0l33!g&QbNnt=?NN}QHr`2J+unE9mF%!!cl1)SC3oX*FMG1&BH62> zjOVFhJ!)PV_R!w~e&JWT3(X5~zC*Z9o)_`s^CByJ1MRod@6SFjkZUOO(RqQ+1l(&* zNJshj@c)_f;=r>1{dw_UR@sy1g)>%;ADzZY`iKv{;eywG^!^C>x3+V()_d8-u|4Rs zB(oMFv(7_i&A-K#S8Ms#c)o`$*tX8>ya8D-2b^z?e<`%tGcp=T$dBd}^5bUr$lk86 znewNA)sY$7JYNd6dqzb+PG)pbcVC%tW5dX(AKHm{JeGdQ+&V0{xnWdsyxPP}VeOR7 zp3^ulUOVMQ+L7GouIwW>Qtr6i=<%FVZfu||v}enWa|VXGsT+Q?BcHY$xp5_V+8X4W z?6Ks=YJ8(2p6NC(s^)$uz60k5^XwOb@%X?{e1VBQmVjygP5(YjH=i1&4f)jX!1UEV zFkR9IrYjTQ*D!X!;+y|^trO$mFXoahya zcE^;T+-_)}Yo{~L?F~7_r`jL*lG<(mQ!)Fa5z%~&Gi^BS4keE>&TFYtdxSp8Jk|I1V}p?#fur`mR8{-uW*ch9xOA=SjDR^%d6{&R5f%z|%+G}p!BiM8FL^|pH* z^NG12*;sy$@_!vbzqRh=da`>p-?g^Cdke7-8g4A^{_eC;WPzvTL+X2X-t5q3)}b}5 zp|WQwuhtBE|CAp719|?vH6uM-PTN{Dw13ha;oabVEx6Ho@z5~F6`U*WtBiT1VOmMg zjrc`q9%R^OQMPcNb_@7Zo=d(#`w2Wc_-nhsj1R4|acXu<4!T{w?VFUJaTGla@=)(s z>Ya76{MW@A9GR17Yk6j{j!A$NS%t5wTMqNj-DQMihp3ElssZEEc zBL`+grkUUfOTRE8TtdDAbWHM*j?5dNbG_)8hy&>@PWR_C@r=b=*%- z=ZWUySLMPETS@-odjRz{H)#(**?@EgXLE;ye8Z+EbO`6OZ{j^qyelsYere-<40UO| z<`pV}t+Zn5)^jUpRKGS#H|Bt%7j$RM{QT10mOS-*$>Q~?Pk;fX(r)W?5ofY#RBdifZu3<;PJ)F`wMiRl^9Ax~4(tJUd%>yNy%61qaO&XY zXXHu7%X$Y+YmKz=@^{jNm$msP!}w`<`2pqn;^jDu)GrwSgFMG!-0HGm%oL1CW7S9= zaBt1|fW9&3fqxQyr&ipu2=kx0U83~(wb2%kR8$W@oz-_13jPG0j^-1;TQNN!$Ro;w0 zH+WM57Z&Z&x8WLB>J7l_#Bba6uW_;drTcY+HiX zuL%4^YnRfTGoSC@#n>mlL38EZ)Fc0t?&<7#_-3`IxJuyppx$XWpm*rzP3xWZ^}Y;V z&ASB$_g!c|sCj*qwQw)#Z4FmP&GYe%ZJw;?fAc=*!+5svya!sokp9vC4f1C(-t&T^ z6a6oU4w&>jd$TrZs^e{Y48-p(`9=Spn~H^tr#&}B7t{Clh8v=mZ#iT9S$xZ%1CC@p zTpRT$W$zNUwtM!tW-D);4te06hl z9q*QXfOA}Z?O-2#LpGQftbM5F&dcNl535XcLh!#1**c?LD!QOr@*sp)GK1zCh>7z2k9^iIls3Yj0*EX1)(gVuQP&!0oesghS!q2!%|6>zt0&>VX zw0C4q8MwNXal8cI?1Zl|I>IygCjCxh!nZhI@02b3aKNO)(6oIfGlM;CCVSc}bUaDt zGSMGOr-U6G8=P5{vzc?2Tkw|!cT4EAY$6qIcQD)I3i>JyXO5&Z=lmT!Jigl<>Pa^- z>An9>n_m1Jd27G89BDBfJ-Nj0x?Osw(H3u!|9A;waThXGIx>36sI22UpjKpI$=9||d3N~1MBfjb zt-F15!p@pdiTo+~qyW8!;?5{;P#SsnTF;8PJ|djYHw$kGpX@(<%dFO2N3s_L1`~Ii z^-cHBN(S!2FD2#~6&^`nM)A7=ye<3vblLhhVkp{?bM2Rciiso`vgzAF>ayF?ow_;U z{d73&lVxYQq8L>+>&Ml=O(z1vQl%MO#KvAd4{Io7p5%+g zm`FDxnzC%8{O>v#f8<@}i(rQLtXjbyl0MunIdl@fgmu6peX!A*$3DS{sba@d$>`;7 z*76CIvtoyg$)es9@l>X?sBX zYlxFk!j z-d48ZN??|qBL{pib{i7wk8RiZNnUV4*`Q!uN$uPZfJtz$rw&e_jfjWw=h@lY*R$sL zjK!|2wd+WJ(8c~U6S`2Ep79T~_FH`4VO}~nIGAr*Yx`4|;P$?ROi8Q(Jx4qR;e2cY z1*Gj!JEZ;c6-(|~WtR63#%W7sj{;M?K{j&Y0W|5p+TqY@Iy^pu^)M5Euztb78U9d| zz1v;blne3yC_JXvA2}_uo6Q(5U5*+@lMpub}2 zVj4ykA7wu)pL=L`hovLp`+ne%T{3xpT}gcfiT!o^?k}OAA~pg%Q$DHMUstI;_Scbp z=!){;H`v`G(5>}+KF?zl&u8$U;|`Ts#(uaox;>XCj% zdfhh9qm#Qmjgz|@?&JSn{u?I4XG(g|K~0}zR`0>4*iD(m**uTqnR>p-^QIe@qOZaK zJ4s(7+n45lCGv&f6P>D^zy6c41OIzS6OX)lr`{8Dl=F^b=&SbD-N!hCiQeLL-W8+Y znnPsi z26BfxJefA758oWW5Z(CcQR?XRqf52?DyTz#6{^Q~?4DhP=bKGg@7}XZw6y;YvwGWb zv$OEnv|X|rdrel;ynH*pNZYy#Lv7U608Pz$>+XjJD!zy}&5AGb7I)Fq5?^FJdGD`7 z*C;zPK3BEkC*1EQo8K1F+8a){^z@G1PjGpyKBcxO=B4F(;u#&SVm~Cy=$PMUeC~Q4ejT1ju@Y=4Am1Ez*!>fWe0gq&ff-p(p*FF zn;+QQ%epj+^)(H@%3Gn)R@YD~tqpngEzgkfPl2VE{tj`aHK~nnqGQZ;53W84jcV^4 zCx0G1U|4^DNg6W3)WkQ|((-Ro-yzQ+d?bhU=8@Nxn)uSMa^sYA>y~lCcmR zg5QsiYuIyB^lI)7zKlN3uDavd`%}!Y*;NyseQJU~^b{~J1gH1~m*>&XUVJcBu7dgK zeDec)>)qxMd<1-^g~f|kaNa-Q@-6w%!MCzl}cbW-Qe| z#Z&7g#=tkg=_=Qt?L%Edo35mdsqP`whvPqX~0&G*kfyQy1%O9J~PxPa4D9i^=a5j_weBfk{81=Ewk}rdvXTSqe z8AtBpOY<>~-L&uD2k(bITbG#C+3zr=Y7>^uNw_PiwC$LQar&`weZ<7{GLs~s5qCbDF;o!8+@9y zZtz$keKmNjqF>$cC+i*l^i|&5s7vo{4Wpx#);qDXtoPHSU*`SDoXc6eE@KUw&002# zeZoxmoqQ=hmj4XAD0qv?vCiA|xppq#-S&ZTvA1wju8&XZboLU4ILpoKnGe^`Ei-Mz zlF1DRID144tdO_A*_d^ter`73a`?%Yd?I6j=DJ=q7M0 zzd<*A6_rBEoatKzAFhG--hgcIJahh}@7(2@m*Nj; zf1t70hdeqz(~_BDs|TB=x<6 zeSTJTsazK^BGuO%?wZy7u=_OhP#b4Me5PS;U~pzr75yJkRTX7lZ}sa}uYY@2!P&1h zg9pqnCS&rwCc1)srPh~u9@in{nR0#CU1E`|{GnN%QB5nt{?Kxlw@Lh5e$I{1+Bj(R zPH1#Hc)a!4-MgORentD9(rFKCuIZlAf#$=9S_iG{{TBDa9)(6CAKtyIeGoo*@7%rX zkBjLOb3}W5tqExZ6ZfYN%%&Z0?~i~>^Yq*Y6c66l`}GHMqidL#P54!>WM9>Ve6cj~6YmRo_n!IU$bvFJs^h12) z1dcN8dvd{*aI~5>{qTgoII0F83&Bx9^B8=5i+UVCB>6YLcgu9<*)-;6DQD^JeWmbt zyd3B7j({`qmgSWF9zX4^mh%7q>O8$D>(l3H;Z}Q|7V&?od3ru|{J%C&_uu}1Z=UX? z?$0t$NB!o1_B?H&AO9!j=>ydBzdKJKqU>Y*G*7?Bf4o8QLi&e}UZD7BUiOkcOYiUa zM*4^A+_slHq09!?9rE!{>8{-8ZuRYK2p9(h%7sNv>lvTdP@cRRX zonzM;Fr7LYkv{{#kQfK6+#bpunKJ`0EBLJqSnM-$GlA=3OHcHl({YK|7@4V#VSl2Xvtc-NM|H56{@hJHnox%@Z zHsgQsm*^zL5zfTVS!M5|ZqbkS@2?>Xw0S1un|NAOdb%#=lH-4|oP6Gd|HTi`1EYs# zF3I*G`7tZ}9ln=<;~U1BL$a;uOqF47Pe2}W&cCU>wdAw#_6O_yuQj)yR~$_6rF+K| z|LGd;dXk?sHq+=vpll}6QDY4QQ+5a*ZAHcq$u~Pm*cuF4mlz&a;>gI*Wt!wc& zNVfmib$!(SFL`)A_znO|?eEQm0Aui;F*|e?;)VsogEKw8Cf#$%dHhY{Cxu(s_q!$@ z5^kJt)s&w-%-?~3L&wZa{GNHAMY(FyW+{#5nZx|CBI1|=YwT@s<4y5fa+mmO?w-^R z;U*mz+Rt8oT)!OV+X=lcI%agjj_ci8NX_7V8k(RK;){Yh=2OMaesiB3H| z;B^xGKEinAZsLv@@Sr-fum`*fPl&@0{M=_E+L}s#BG6J7{Gf+E7XVAP5B+JPtbD(9 z$6sTvzgTtEvB$FDDP33+!L|jgJ1l)K^_!o3Ay`maRFVPAy3g`xs_l2a_<5bpns}%a z`TfS~#mvD`;n+9fLmnGG7kdHCJ)71?h5N%pAPFcg-T5nG_FGyvz4{ z;*ZGwp>{+cP8)gX6Pz}>X~V8p_pXex`H30byM}tVxwD%J67}ZuK9f5z%b=mjK5&7} zs+TsZ(2I!oPNm-~)0>)Sq8q7p{it~*`wQucF2k-gdyBd9{?mvhbf#iaa*zG;K`r;Y zikcQuwtfpS5V+4m<)>xTzvhO{EZps!*^%ob=FFjZxy46^p21j;3co;~oU!gY7$1Kn z{SqI1E)svFp1xiK-A=UZ0>l-)z{OcMe&@SlkJC@h_c2eO;FJGijo-_-|I6{wYw(pk zf{&i=cqyZ=UTD3Yz4mBmoiVyB6$!pJ2g$9yqh=$eh(t#+Vss z)!Z~Tc&k(H%8Q8yMr_+uGbx?%6u#m6s{#jRbrfWICt=f@r1!;p&kcTSuD|e+EHi#d zmYJ~QD`xe#+}v-n+;tUmsrtwl8%HWW5NAd@7G$C;lWpKT6M-S4=t|mB*_SiS_-FWq z#x5uJqPru$bwG*6P`<9tIM$*kOg1#0FDxRj%3eA-GG2Z&>)h=!{@G{pNXi>kjH1TL$+{Egm^8xakK&g0Hv-29J)+3Z?;<*2K4&LygrLEiU-I=u*C$2T0S| zw$`!eN|-D9o&(Ppypj|4tN+{!+YNtctjTD(zB&-K;LaHe+#|xTQC@cS7l3i8$Mklx z#)^l%OgcRJ&>G;}0}XLzR56@UILXO!-uomR$BJ_*8s z^mn#CAtS6c{F{7lXRR)~%}o3T2JTj5GtqLSXTZb`o|9?$)t>l-)xGfvnv{;OM@Rj;I%un)$>_(^gPx5!x)lTktnDn3dJ5tZRr0~rq zcgI^b?v6J(w-YDNpea`s_B_q^tNk6l%iJAlB^MRG^(5cVPc2cNspRoZxVZ4mN%ngU z?{8j^TGH!$J8y1b?_&GC_ur%j zY<^>1u_f7(Q!~QxT+LyA+01X+vE;z|6MMY9?Du-sc~9)|)_F_rNH?2)%sdIe)17nd zf5U&Y3!X07Ji^^VI$MwrzsQGIXg=wDb2oWJKibD^=Ip{2{M(ZEF)#7mqWw2B@lCd4 z&c08YU~=D+#8bf0M|cXdoa`jYFl{_FOdIm4-+}2@ePH@gADEutyI~D-;A!PuJoFH_ zGQ{y|;oXaD>D@AgyI{=0eSAyLGofkzRNA1g@RchABxQl{sVsYfb+klQjY()qOa~@m=TeRZez>uj9Yp4*fVX!3_EkaAX4D>4q-fg)VKGz>X1c1$ivp0B}k-@S8W_ zr@|HO_f+VcUvZy`$_nx8TUS=n$p6cQW?~2PqF@&?REk;jB{4_Cr7_1IB-?7T zEnGa?vY$6*2ft1m*4#rD&bUl|i`+wRt(6(!2lsK72027~E8(e(MdEcm`v!9!lC&!LNaA~hf2I8k zT8Ru8Qlj@adk16N<2h|eNhN%s^Lcl$7#v$XAmx%1JRsi_{GyXSC@HBWxY2Ld}zsh^JcNXy@ z#+kIbx!%myk;d0{`)l)4f{`>=Yz=Mfna*5f3^e!N=l{&hnSZ14@y=_z{ZYOzUT4QT zkbK(CSsL@@+PM#tzTZ>6UVM6A+EwelJ1>szZ|Jwad%)G}KS2MkJ#%fMT=#cV*6(Zb ztdHy(82tz3YCY~?CBMCTUcfWI-Fn{2Grzyzz&pJ3p!dAtC-LQsa#v`YNw@TI;>``pe<{2f*uTTG{_o@8l6}UU8?31Bnp|1` zd;E-iLAT%BmX~L4E6sD=X1r~e=lk8anIE=YZrR}VUr;$%w)nh)%F6?1T~(OB-wZJY z`Gd{q{K2`*U(MU8`d?tr;qG47vB)h$O3s{5yQ~T3rRlMa8!UTn2lp3`Z}V`blXfSt zCP@xF0q(YZS}k@zw8^hmWbfjrhawRbFU-J5yu(l;1Pc);-QDjqT?B-SbOh4|6BN z)uVuIl3>g1m5iF~v%eYsc&d2tf1Mn&j&F}|`mF^A@sE&U zwvhf@;@#l`2T8N`ACphW3S;mm=_@Ndj6H4=Wko~YE0K3EKu@CQ%h<=|*my6(2h73w z>Lc+@YsjB0Tl@!Yb@h>Vgd^$wwBA0(cgZ+c!CSSyI&zlQ!WSGkC!O#MU5lPXa#o|W zPeRUOgSzRQKJC_gO1t0vgm&8#?e0DQM7!vwKhkc-0JBLkFdLKPyUOHt6YKL4YkgLq zZGY1Mc^Wx)<7TbwhF9)EKG=+ZYdoGCioZ{6U(OLZvdvz;-+Kvq&a_g+V=h`kyu!$k zlj%A{jI3?wj2yadlW!1dPTVX%?K$5>JLmR+dHiR9`GN$@t^~|``@sAU{7I5wzAg#o zmsy(}n2+zt`oOHYm<)4zADFx8zfJGZ^$=GqjqlccR19?F887EyG!K__$2W-w$sT6y z2fr8Jq`g}J`J)ZJ>9K0y^rRQX8-{-JxfJI3JLFZ}W%9v?2mF(FwNd`R;+y1)|3h>i zD;USZx}snKI`%@&T*r}1Qqg_j6T9gA-?fgMnPw)r(1BbpoRhcTh*=%|DA!1=Zt*Pn zaT?0%n+M$153^~*TR5wuJU0(V`2?DXQjWBNDnAJJZaJwCd-P*dgTs$KJC}A!@EvHCYNsFD<#3bls}AYd;Tl& z^SEjjz&dF2;H z!Qat-0s2*)g=hq~vUAz8cTV^z>XSdR>Z*WG{W2+U0KDd-6A=yPqdOE2Y$HGVm7-$O zRj1Bkl%ZqZ%i18BqVi2kk20*)lV1HiICb)P@jFo+vKOsMwBa+^+Y9f$v8CwPr4LU# zHlrzk4`wlW{ze{fvBPW_AN&sOsopuy=|8vV+m!7t;;bwC>Igjbxv0HQ*vqqc)j{HF z9cJ&tnzb=9N<1gM7dzxhIu-3-q&KnV?}I1K*Nvra=bJT7)N>d!;!=+nqVpDtFPNY{NNZk~^?&zs|$-s9|@`d>`Cg_D;GgHtIlJKH4E@~Jz2 zc3SW{c#FQf`Eh=X^IwWfR1jS7qt68^XV=ahm?*FBp5*UK#sn)btDW1A?``YM&eQeJ z{64bKu5S$WlmDPua!zns?U~lS6>G3vMENeBHJtq7p+oi07!0=FeZl?u4&48X^OE}* ztNquU;2laI&N+X{6OH)$xZG{{W@m&4bfTAIKDh9+ChqR0r2g3F5!9b=4hXJUP&@ap z)UUmv;t;9qFL?#;sp86T2lWOs zVapUB|6w1#f(53-)YeYUyKKvpu&MpC>>Wj>`<=o(zU7%%D)wKmF&*B6ro?-NLD$S4 zqPEUDCnp&;_gPbtn}e;Vm^HMX z+O8ekIN2P@3Zh$%tp`@gLi3sX+ONo7|Hv43a4qw#9T}rB5sy$h6YawtJq4$k z{dd%RL&!YR<7~*MUg1zS`rF7OJ#Yd2X=NW?QNLnxMg2;CP5kcX_W-{K`F(G4x7)1m zcDvSh6B{@1bNA8$;eW=oV^z1O1dG5+&B7Gv>tYKZN-3%NrHNJi!W^r4$G!AaF=Nzz z4Q<;opg(%%$g!i1zsZg-D&O~3{Ic^{JJ93j?e3=CPSz>)@BZC=?=#8>&!^Aw70{hV(%qc6&nP_{!gdyc$98EghcCWgh5VkV zvyOez$DJkWdxwC=Q?zFiXEdeTlFfY|^?C8_4?t7GZ^alBvTOj*Y(;(Dc0aW-OKMje&6LsY~^OtQBg#lH_#3=Hxm3%PtZNIO}3(<=hY7N zc!#PUuXXpg?hEK_+co3*81`(p757kbuly|V z$KXE&o`!rdUiK2{h)S^m90vXZ%4l8hWZk^e85d||jFoPdc0oU#?#?N~Z-ru*eP}pK zz&)2%Jz3Vd%XaAQlVRYj1~7;}`H8I;5S>B~iqX!#Q!%1TYUIDcS?3DUZU;X#w6RA# z5BU4W7Clvrvc9;{ER$WxXr6PsT7l1eB_s7Nws|KE@_$f~X z_h8NAe@jxFF#IZm$@czFiW7D#{W=jR3|=9;vqyIDUcvJ-)EA}C13wP`;3XHIA>m*1 zG6%V*jlOQ9KWWHhpQT@0pqn&wpeOqE1FK(q68##(xuG7$D^)%OUnK@wpbG!|v}zZ0 zq4;N-YVfeAza4#`YKI%V#62x3JRe?1it+r!V@Sjr{6&bxyg}2YugLH+kOOCPd81*i8JK zlpndFyc*iv#{N(3sy(Z1+E5(8H{IOb3oj7wzBWItrR45`E!^qe^d9o?4B{RXvQNql zo?bl9V~Ep`)8wn07d6DvX54m8_2l%a(gX3@%_N~7JfG~i1V^?LTbxA#;XkZF~Hi;OCPFr zo{Bu)yVF|U;$HDI?hs$k-QqR)3(vIfs~FUK>oo3NJ8wmE{Cs!lU&x`m-M-!cJ{Hb> z;`h?F_BYz!wzFmjm`fpOQo5B1b>DB+S|MBQKJr~mKIi>a-W`9fsaCpuA9)XPak~^7 z_X&LN#!6?N8SYu<3e7Hh$2ICqqf19y4EA$RU5*ZRg7?#!i6 z8gu!ktbykVPSumg95^6dB6GVI{x*X#_j5MV@jD_msoS`YK6pLM@LW?rck-&}KMGyNm(KzSAN!HbNs5Big>p$z&se(sJrpNby| zGH(zjMkcZb5-H#)cS6?Bl_mm$W?6{&|Zb_HuDlXBgQ}_Vz%t+rldoH0)~; zycVpPt<9o&@h9Ecna#OCFEKhDzqP+o&z(PIPs+R%y~%%VA#=Qzb>U6wm_?s&Wo``O zdo}a;P4}Rd>Xfu5?saLZrhoTC2RhsIN5)udVs)iC^i$}j4Z3mq_7>-lluv!!0==j` z?N#r9X4G!v25*bjBp=V-V?NP*lb(C7@wHT~HKAZ!BUDW^^ceaFd-%KZTaFnx2 z5%zjrtoJ(4*Nbi5kghbHiKu`ltP`#h-%8vbzR;}$v z=3E4gOotZbd;hz3@#1I6*H;dU7_+K}pZC|(V~XD(Ib8C4D)ppc3s!81!cyo3`Kf8J zH|q78Sm;4l)LT(%-QN>HA5?)3W+`=RFaBNVRCQYC`=MP|z6t)EG<$xWxbNx90b3qQ zz6ay~6fD;yVEM`^VEJAGmMPZ%$#+nd-EwM}gd5>SvYK$i{0*)coE!ClpQ^zFqQakW zCtP{KQvvvDf6zp|d3GGETJUpT0;Z`a!IWX)XW=Pe$^01n2o}NNjFVugO2D$>Gr*#; z8k~S-^hvPTV|A$oOGcO&bd1@__%WxzkJsS$tnsen&O%_zNZeUi0B$6Yu0*~GKsOdm zfFtfO!k(28Rt#OQg(vQ!pML^RZ+y+BBej2mj%+;TodQqWKLbq8J&J-!cPK6drpAxJ zlpYq3cVG%6U=qHbPr$U}B$#Y`y>Hk-CdxmafaNg!Kz9;81RUOT{4rmS)-qr3eAf5>kG*q` zkFvV<{xdTmGYR4)R}v&7R7pastsoFZnIv8USZx8NUP`#Mbwcb-ycRJDIXw=wT+S6#-Qz>3+`!WHo6UMeEm&^z_@AvmyU=qRVdCxiT=kuQTk9;Q2 z^X$voYp=cbT5GSpmi8ha`uzL>XWZ1rb1gZ?w&-^bK9u~rOr4`BBEHc{{F6PvJN4v? zCu9yZ#_Qf>hAX41%43`tM@~YJW-HB-NUc@NNQ}Y*Z8*hrC_Y&o~Xy2 zKR%N>qg|QYx3v1c1pk3k;I$d0#O?vMx#aSa%})0?oib-qSN7M;&sK(8(&~Pdd!|mG zqUUbpPi(v815QJhFp6F|5$=4AmH65)o>QeykW&l1^~i2|Ds;rS9b99VuF!Z4?s)3g z$6RDE7cp?keQa_MW!QByA{n1ClKA(8CA%$V%=q-1Ijl09Dl1xy5#y(l!>Yl~VKtSw zE}1`ch5g6LVZ|J6&)}Q-b8=XHDE4hNG63z5pr8B^)#2RhB}cf*#aradC%RaAHo3mQ znQT`R`3)}CS{=c0R^#atcz!h3pKPVfLvAZ(g7o3{pu?csT+`#Xpx0}EY-j)TCL12W zhQD3=gz%g18QOIXf8y7CuL!aahS8UhM@-!}NZvE-A1xEO8(B`wibv4hm!R)2JsZ6p zTW<@w(B46|6#jaUFXnR(5FglN3oxooJ#+I8yykn*ZQPyP^>y0kZnSATzK8V&4Yb^I zwky0;dAb=DUPq$^fe}jF8t=W!^!g%IT*4o!D3A@ijcAI%I`)xI{ z-?6fO=*PkT@p6b+yxavHNJh>g#s~Kdz()+3DX2V#^yABIoc6Fgw?#bm7UYZe41dQD zAMkfP1MZQZGK!jvZ@=bV*1CzgES3#np6rk0X``KPcysZKRz9d7FfXES7w6SZUMJ#5 zn)#tR_;zNIarzG*Fgh$hXW8Bq>tDKlP6YoU{F1oO3Or%#Xo5wy4(|y3!|;>1%H%!d zfj57(Zyd|n(?2(sb+7L@cW;}mI6i*j-UV4db%v|!8vYWVf#s4D_Y?o*pdJ4tkGz)1 zl<#ITXM#z46}b!|-p~2*EhQ(NF*M$dEi!cyW#C7tS;o80-J-3~_509G47=nt=vA?i zMg{VX=`-xa*sSC}a}D1VU$fWa3df)?)p3C%`Bchh_+rXT;%~frmNo+Y+K>*SHgsQFZCpwlo#?OGrayOfF@ zzFz~5((`s)%yTNmeMI!#PHgtd57fvUru)EW_49#mU~U()Ha4yO`KM?!_xZWT? zkoZXhc@^NL$Q+8(TNwFQ%F5TM!Ce^Fxu^6z;UtNTpmVOjBFY^H-L;9WF)9{Pc2%=* zGc3}`|3Tfo;cmnszIpLYGV#W^6S~LPd_DIKznsunjq%a|Y&phFG45iyxDz#Qd<+JL3Uq?3Zk?Uada zv++3+`w4z`31raMOuq%mL;0qkj`&X%)+9G4Cu-Aj z8+-6!n_KjxWli!hh?s;uF>4-Z-5TH*!5~pUK00l zpFh88Nh`rFH+WNvc9i04Wb9kCBSha1UVZF7e;2U&h<6}cgm-X$i+p3J;)}Zz_@nT( zIQz|w#6S2nu@4%sxi)Y{)&$;FZVC3VAiB|Jc+SQWOMZJDdJ%tAne}EoZteMf?Y}qA z(>_HUt+X~=*idxezkgZbMz~`gEW4M#{&Ueof9Z3f=fGlrc+L{L|IT{QnkX{BgXoZUu6ic59ETBdex%niBAffc zsAmVp6T$Wi8@4hVwo%7{&9b4pq1)rw(VLCXVQ51FUTTc=|KEPw32X_BR1&CP1*Vm5+0)?Jmn$UXR4Nw?ZXxiyrtd^z$W0sNUd zY43IB$$K(6g5WJK&fX>=Z)<-)O!*z`0S&|j-G)4H7@pIBy{qw5_6h3T!C#SUXxz>7 z&Cv6ASPyfEJ*jwyG5(J_XIZ>c`EGtwd*H zwaCE#YvP@YjqROUAG{ANu1(A#Z({@b8#{p^;GQ+1hBJc(_wd_?(q|CdyvBGn{$_HU zD)ywQYjHpFHFT&fzE6TDj${wXXKq(=rZ9*8e@R{S$9z<%&4$Ip6Ya7a@U9hqPT`b3 z5*p{iX%~fW`P!tggI5o8iSu&aN{?|z$~`o`Y^D)zB^QdyF83^NHSx?CE+Cd&1${OE z+Zy^D!~aWw=P_tX`t54oP4Wzjm$CC<4^%mgLC@s$N(S+-Y2;mPJdK>r`9a?&h?*C;+Ug5nTAG2rwI%qs{ zW7iT-R+semJ;8fAG0Q`Y_{gKk$3XZ)ts*M3{NbZc~N-zm6NaoiB_`A zn1U75W$(G;W@vgLG~Eg9=P^%7a!U6CpVo}#E5ZMD(BuNk&7@`acIGf(&q07W&^d36Ig~9rF~^}p&gj99@HU(NbszQ* zBM>y1=dG_bvdwV?G~YPx|u8WtM)!FPSGPwoaWM>#;h}}6ZLzDdr<24VaEK( z6|QjRN8o2KWz+HLr|tA}s`qbDJbUY`>Z9_9D+aFCk8EWQZC(Lijxpxf_(OItm#(o3 zc|v1o6|H%WnWALCJZ;au<2_nhY# z4`q@BxegziYw_UaCf@VnRW{xq`ISCh0L)RxgyEl8c_b?tJ8xAbYOqt4)kU#nP0#RtvpEp({VMG+{LHKap+Q+1FL>6@DA>fe1sN zdFVQ_pQfE>o7`v?VCY&LCYc8Lr%GL!V+kr=)10p2F@PTm#@OK zBUcoiXC&*O%dlvYcaMVy)hqfO{GQ*^(a4-xn=d4$;?Dxm_iWlOJ%_pt1HzMlv6R@@ zesq9RS~O3YuJ@8rrVGr%UHF?;{KAxif+P2JLE1=((0PQNz0tyt|A3 z!9(&_$PfKvh#kU?mLBWR!T*V3ZI&A3W<@u3bZ+UVZ!sV3$P&ng_m|~l_mK^?A4xWp zp7oH)=W^n6@plmq2q5G3mmz#U*}FDhsPksY5R!#w+xpoO_&^=H6u;vc=N-}so0!A7 zv?D!#H$3RsBbHzLJih6SOW*ZPbfWL;`0mij2=*I0=4!cg73R^T6=JKNmMSs6t$DeI z`M4dLnT;P?I^FouGekG}Hr*)xx#U2yw_iOetiH?`Q@~=bb7Fw^02@Bl8~WOI zhy`Xy4mKj#eU{I`1}GZ9SIe}I%a$bj-m|le?9JG*ki)T)pV(frkNr(Pjz#$W${x&J z`fxY+FToy=#Qss5>3^W}RC3nd;18GDu~_r40iMrUXd(8#GVlt`n)cZ#{7-(tt_>vGOs}3d}d;i#~ zsUb__cQ&nPoroPbC>!Is#>Pf$jJJbNFZmI~v-i-?aDFFUXnea4J7I+90zIEWObU3< zQl2GG$`*Po{_3z6*%cI9v<)8HKeni3bj3zhd-JI;`_df#pThqhedBJ}p5-eGtg&UZ z_0;$$onn+9javbX4Nrf};$nA&(Y^)-IQKfW59>kHUiFURIOc(k#x zo_9B5XI+UcYzk+}sUa=#>ly!HY^>(^%dPQGu*YxNrH?jj;Lykg(8qY5d%3@2wl~rm_b%v4 z?{DLNu59|^QDdQ*)Ntb_-5=0;6AlZ~=)(`~oNwds6>zh&#CW&&gPI+FeEd~!HhWqf zwAbm*ZYjeDyl1#Yd(RVVg#S-B>5sX3fw_{cVh_JK4Vd)dqwNUKV|aFG@J{BSg?UnZ z-*<+8m$7ryaIA0EZUC-E-GB%UG@;^*p z*4SF&nT&0EQ%mbU=t5(Q=7xsSX)POmq#Wsr2VDjo^k8cfj&8H*sK<_1?9fq<>_lm6v2h6d zJN4>_V=bC|0h!n2W6;u3J_aqN)6rPk7af^%1D|=G`4t^$Eyw6rylf%3uD9uEF!7)J z^RkujvIWG5Uf|GAriJ567=Mg2KCL_PEQfZa`&zV9_#xUcPCz??C!Kaq#J4P5Wwi9* zQ!2i-1)9+~#FMUL9P@3O`5k9E{dv+#c+zyn;m``cBIY{Cvd3|ZRz3{(iD)HGEayGQ zNurg9(rCqb?|sjrl@G4(%dd#5!<}x=v!FV|4bP zzhC~6KK>`~mv=D!{}=Yl%j|I+qm}>s{qkJ(ktX|m(*1HA^(XVE{c;Syy2EjBri=a7 zZTc(tM)uBB|+vn97=MP8!KxB0^l27jt*&ZdmLTZ#Ep+*Tf{GA4x9QSW#@ zmyT@kKmj7pMH-3;vF0 zX=}MFvqdz}gzZm$Fpp*$%jQ!qfIVZ1%hzJ&h&hh`U}~FzJ;SEAYRgC0*o?0pvUe1F zj{Ij2K$ii0a3nk4%(%!|VcN+u1rP6o=$`XW=bT^nrhvy8^JvC=Ib#M!{4Y*@_vSlp zOw2EFhetA>BV7LEJn${}>Zt22HseZf51>ob;juzg^E zj^B)nGtPeZ_kk}}efoCUbfO=m)+Jd7z11g&jKO1peL(pE&X{!eu&-o5=m*<|KYRBM zVmV-AjLmh2dbYZW=T)#a+FZ!rF#gV18|@_~EpZ8mhntLXH$26CxSo{a2{!Tmo{6zc zcQQ(xg48HCv6=XrKA>YZu?iZ|k+)>{!%_NvmY6lsx!9tNoH*x_Gl&xtUeCMzBi+eT zkG~^Eo!h|2LCQvHr1O4fo>yhD)^b=uC_7GnCNYb z5gGy>su>@2_@Xg(_)%O5N3YVBa8z=|vA7xzjucm8oQ=zO&oy(GZ(#Z1s?0wH@KvI6L&Z8Y|+e6VzLejr!L@ZnRh0gT-px@z+DWpl<3G$ksPiQ! zW|@33kH!xgax7+97VtXXv=2sU$C7opXNG-0lkZW+nH*^(_x^#oDXdENRx@TUC53%l=Ge_&($P3LmkF^@ljSNltV`_PrvL=rl<%K_HuZ{kc zF;?9(v9Sui_qLmu;_i-p>ve`jbsASz?MTWA!_SCwPQ&@l653lF9oiRLrlJUhPYXdo?9=os^1NWEsfXc`6 z6v`OfpXuOPF>rGOMmYOM&bzgK#6z)fWKhQcS;fA+-i&>Vj4-1IyqmFaq377!Mp9=c zQO_WgHVzRdNc9H@4$%v~Z{x82-0m`cvEj{mku&(V2i_8cCVFa#n|NI%d-e(T_XP6{ zURL?IQ%>1ElvO?L@xR2bGtS(%y`jULiTXHGnO&+Fy5#Hxhf~&8C*!~pt0t#6ZDhk= z0{oFnJ9%R_v1cXg`bCZp5Tt1x^y5SG*+Mfh&w;DN$_BfKR@!-lbDOA*xxzV zXdiCXQM`)SIaQJ$La}q)$@X*oW{lnWLyZ~RweFv`%a^2;A7hsvbFBQHJY&XhC_gig zGnDc6_wjuHIX1`v#@J5XXZ@k>XjYs4eaNKbv#?^V#^7f?%ZWL|y76)cF7^vohgm*M zK67X&^@f2@DR%(vI>dTRs=Vhl)>Z?ydhSxjpoJcAtUFZPDX{NQ4L^4PZJq&K#v1U? z_tiG9?1Aq{Mlqt}IH$sgA6-H|{B!N^o%t3o&4(tpQQy0!vcd~8Y5NBw_8sn}SeiSa>{5h=A18Xh`bMAMO_QKZFgRLdN zKrH$Vf#I&{dhb2$p;n!P0cSiD-C(*$e#He5uWM+Rdmwj>;B~9Wx32NQ_cq9%a2IRj z5Op%u7Izh9vt9yj1E0;I@hRvHlJ^_%m28C00-k~{Vln@$nEW1sSMZp7%$?=PL&i<5 z?qKVYncQzk0MiGRJM_-$ItJ5J)>D6&R+A^Ra!BK}ebn>!rZ$*z2kkj%O2W*?u;A9P-I7 z&fl%Im>YQ=-SH}P4)MR}D0~>`=i~CCZtyQ&bQko}pBJU`Wwq<*KDjnuepBNjuFXMy z6@Ts^bFTf}l#_-H4#{@4-X4#}qB(Uj9^={a(25tK*XBW?zYS2F-XeT`^COE-p*?=D zpbmEPaoT5}Kb%^QFK}eU8>x-j7keqYZ~FCp;*hVV{{`&vlBt`thvMU~4t+rQ8PB+O z2``e}28@As=at{7zWKeGepr8d6$|enjRic^^GFTPa?R9qK2W zdD3Jv&+%om*wyK>*?_Qeo3oDA71Ng^oBo3`W?W+0lU(}Z>yk@td2F;l`3B$3wfxc` z{5+fc@E1lO#m_f+ zXVU*2ec|l+81!GN_K)f&7X1U~x?&i=A1m4+Xp{iwEHc&wQs*42R|8U{W|zz z-Q8bIA5OogQKmnBmh{8V;j8-MC&9CcpLOGo;%Af%=jw0uh4bU!C#v?3hacK^;C$Qa z^F^Z{{rDXGe7$eK9|u2M)B1Jr)1Q8xr%ZqRRQAKq2DOt$KkIll`RV2hj^bx0?@ao+ zp)Z^t2S1Of{eJi{`6ul=_*qGrl}`U~l5t zT&D^5QP?#e!M=6QCx^XG?e~M-#4+tVuz!m(f>*MjX_H{DO^5ldKU?dyl=xI8to+vO zuB_OPzR}MAiX*|V8B4v5_520($(Ulqp^CD1T+Z{+^1Q1-&h8{vskz?n9C>t{w^B~y zTzu^(ALlvhv)?$)wMP5SILA?@s@WBC#-_3Ugt4XLznC)Mf3NXe-ch(T9uxmpeR8;b z$AJs{?=7Z%2d+~olMd5F@GqE+x3M{4%;r;?2ohl zu=P;J3hDzpj`*9GrAf#=(iRZ&cfKD4dASo>n_) zYv(DRjeO2U^eej&@|WzEk~@pMMzUzOQL%|V$}k!)+&pCQM5B@TwL`v3xE0S@;}l}- zHV#-zjNXnmPwT{*AAdf42z$&zY%!AKtoX3i4`wYYToE9jq2ZeM__?fYuW`rYx{E%n z>A}|b(a--(o>}MK@n22&T%jZ~E4j(mZ6Ic_;z{Ikc2f~2FWE)dwL;6M<)HV^FgCvz z#gEP_xf>m$o3$ueGz(hbZUXY+Fw?J2a5=DefrZ>AD`K1*OTsL+hpQ5gCAbk1-z~&Lx+B~8L9x=@15yK*HP2)}rJVG|TSiQv~ zwn!eKeZjvAKJgA^9A2QfN)7erPvC4lG!Gp%eZPH$a#7yPj(!d>aevd~rHY|4nrD6U zGl%;94Y?D??wwwmx?3?Bwhh_duKZ`5n;fY2g`Tc5 zhzDiGw{P3!4*56_@tS8SxsjgHoDtv6x#u~Yr=zQBeTAu8#u0OBQDOU^k+ zlg9i_@(`0x-8=_5m#tOxyN3Wn*Tje$l{C&&Z;%&$Z|&ZzZ(C z7`wN5&9e~YH%(m!zCEX{jgD@-uxF4fxrcMz*eR}LJd?bVl=}+tC3IfmoRy@Xk!;}} z#}kadp17b9ey6-%os2bmLOtY$%I|iChSFatf4z)BXKVrfe;WSKyZTchd~eJ%w-_>h z7GoAK`w?U7hJQtAqe0_@KbhlAgPDEdgzzYS^!wXtDq`elI!yj1@wi&fXWc?Sl zPK^yUsmdLC=Oy2`cs96=XW~!wb2BCku?Jm+*4YidMsqkP2~*GD%tw517ySG%bspoL z&PWyLkn9e5G>yaSvvthq!M1nzZ#7ow4P^ONU0%&qQJkL&7~jHIkoY ztS0@$T^(lmZj~PzN$ukdF6|5@wt#2Ke~a??5GAFPX)aYZwhb20MBtc^`~b*vi% z+o-!0eMVV$r{=*a*EXSan9lZ)`e#S`WbgkZDbvQbzGR#kT?vus)W9yD_Z!3-|?| zMew2SbD%HQu=1e&+uw+*#PdO(ce;nhqudc`y_9otaH_ktdgtd|l(IUrm>`&KIn0fo zCpl$ti9Z=cW?cHCOE{BPIqqfII$*VDN$Xe80dLa0YrgI8ibZQ~cWJ@cjS z#ID&mkbcTe<9-2mG-XDuGyJFMTQLfJ&G2u|@Oy4ElDC;YlX;Ol z`4$CV=DtznO5V`~Y-jt)1LRIcsSq_t^IF?jZ7H=e?g#^jxR- zaI+FU@U`dJM_-f7t=;YO{#`f1r$S=oS_OMomg2&j~157`b^Y}lAej#443m&l>ntF>mZ;Mwj z#y9Ejuk@RepU+g*Km&e)&G$@UzNgl5Q^UwkC|ABsz=bXmA%bI^lem<%N?H$+E%sk#Bv0e}{sp!81rCcx zIqUrn@{ZP(d;(W`vg3Z<#TY{ga)jz=-8|LFny8i@?GD{q%-pU)rZ%4oB7cz#T5a18 zII~X52bFT&lsOCz7nWQR*8dIA(`NIWu`qHuFa(f60ylAny~eIPiTod`3%qUkBt(Jr zuRJS$kYs=}1p{R}KNvJ#_aC)BwFk&%fFH=R?s@EU=Dg-a2Jqa=bBeR9Hpa7_9H$Ff ziQUd#eh@lXw)phWE7-QW@h8#TeEJdY8>5TJ2e+5ImZ}#;PIkV3%KE;+JA!-8@Lhxb z`{{>M%gys%6Gyp`l8eC$bPHeHK>h^Dr^!y%m+loSR;cgf%7pA+wXVE)l)cc$|GIyd z$NN3p^{VCUeGc>0t+BC3XfKHFg)eH~g^vEh|N9QvzF#TPgysA7ab)>r;4xj6kJ64s z6Zn3mjO0ChKd^u`CwjY0ZCiO%P5)|q$euTCPHFKO)BMU7QCDY)^1U|cjdrZI$)gI7 zxP|Zg;Nzyx8a%xZ+;-azY&wTtlGgUu`om2-N8v_hoW=Llwjm#xcXBgxzLme-{2AEV ztJX~l&6_wjRE!<=8`M9(pSI4}tr(_l(5cpfVlwZ6ZrkT^*YzZPksQ6>ZQP;t(~i84 z>{GD`pJd&uy=^u0&Adt`jm{4wyg#TkeZVwE?HRtooN>GGGa5!7V%OOEIlM<+&z5ZH zEkhO|wj?rox#E5s@L{LiY;z6eL<$89FrdS1?<5viJG93>^0PUL=K#F&iHNbEiNEi3 z6Q7rN&+}L63KrA>R~c|A*OiaB&BZQn`P<+^Yr%=fm>xG)ci^4a^U}S(MA^VyeR;2V zuK2HFlQ}$h1pL;Ccj@SI2SzFgaObcegRFI>taQ&SdF#{oGB(MhPyZrwFbY z_?<`>kzY%?E;4^LKJJXCj=f3o-mhYhz`wm~6Zbo}(xzc7CYB+#4en_E`xP4Fu{L+o zW`I6@^w-0C`IEoN`m5p2cP;j0a&foT!51^Qi=6tgD?Ek!m)XQU6kq%WZFvWCkKV{` ziH;;U8U4gYxxyQH-^Tt(KjZ?$_YmK`z#rv@?Ty1@W-Kc)w(Fa8c;?*fU*EKLZia?t zGnOcEMa1*fuIxk6L7Oks_-3Efcp*86!%_C|pc|i^Vq?1xd9n25nit4p&?29_=)u&6 zM}T1?<9MLoc&9U7`5isW`{U8QFD-wJaJB`X$N4Au!=sIicpWqt0Jj;?ZYDWngr5L8 zV@h1EIOl7`l=OC;H`v=X^KkWpl4&IC9i$({NC*$fYbhO^+Yg00CMW*@+^^|u`@c}Z(>(XYgp}O0nXW9$ENnGe&C< z?WeaBBNxxR;4kpsgufsC2l1EvUxYvRe-i%kP5kw}yOhD*CGi&73W}f)7k7;6&aO1? zLo2@0e3!3l3iD5{gV5#BUjy{FbmP+2tD(IT=%f7P+?FVE@l`H2va)=cypgMIc;yc* zx(oE9J0I&=bf@^HsxuDS`whORb=ZBp(B4$`WYJ$6{p%i8ri(lQlt0;|J#XZk6VRUc z>+BLETo3KlAy>!-5hMRZ88B)M_;{AQo?dQ=Nu$0s-94|6Qbi zqwIgjIvxNX|0C=8CXMC4U>(oa9Q`M(<6BMq{nyjs1{>Z_LWd(&=l>!d4x;~$ONXDL zthK+p!@Y&bKaRb&*&xS{=@Yrv_`(4401*ePfjH`ejHJe=GlE^LS>3(T8NtR9?nkh9 z^o&H8a_+RC6V0&C34&F}?zFsdIr6sSPqBmCa_qU?$o9qbW1Z1sBd1I^ZAmuO`rb)S z_@7CS7-`!)v335QGLDV27yE@7SG3u(bF%-2TpHUp7yg+8utN{T4t)}LEtNlrIM4J) zv{KpLLi;F3|Lcl>T@q5gZ9MBtS7(bca1zZV<{WuUbKGUeI7Dwe<(($ASce12o;Zo8>-J+SEfMsl`f$yhUSIWZ}iw^)3AE zM{iS~x@Y(v`=-XEXBW@PT`ON+wM7ou@&DkNdm-R?P`I~RG~@%<8QA>skB?e8#-`Rr#^U>E+o^Xn} z4G=Hnc>cJ#{c-|u&Jf=^0y&0$<&SITMf7;WvfbWFJW#C_<#>~hVC`YKktWK@A6NGX z9e>;d*m$GTXRt%a9~ZlGMQRN2$kv}HyF$~%snj!lf`;|=f9aWL9J?zu&p7T~sR6=^ zv$kGE-lSb<`^9vB+)T+>udrV?UY zYph4l1wRH%J8ADYFySM7%pdo!>N5?d-}Zy)j}A=o>9S#R*)T1}_Wns>`uT}qO7rR3 zLYcXXv7MyBRe{fVIsEa2Wy(UM72$un z{+&F*xsmG`qjP?H06I2dfiGyCwC+kRzxkC)^b>3zlG_C*@2}t-R5qbatXIj?%;o*Y z&7b3p*C6h)kz5ZPqAxf37#;q-z~SE>i+`VIp7ZwQ-%h^odg^yVW5RiCI{X{m1sc1* zm_9`Ng6$^C#O4VeO9$Kp|E~NkxC2I`$)Y{sHyxMP=-Fe_Au|3|JeR^}G_DxyWVoO2 zY4)nm^L-yYz_d?rR?^2laj#|j5YIZ^8R4*^Z6cSYytfOpV~Wef;h~Qjc>izpAZiuVD<*ZjmskU^-RwBr0dsuhQ>?S zKlVW*0m@;c*nm!k{g~WAr&LV{Lo*R*CUcNKIT-$lt>UK7@cSsfQ=jM_NAzjL_&Z!@3~-6h|kas7@x;$e8Q zY#I;pD;v3<_06(f9Lsf?9z!@)t^K=SZ0l-l-iABQnG-m3bI03d#{0|xr&@OhvCZjj zL?b%zYc~-ObfgjDo*%Sn<-e6Z_a%Fe2?AdycqsK48@ZE@4Us*DyMa$l5uf*W^ni2i z{oY|lhmZZAJ=N4fwa=(-kmqj3DcXV7BaO86nO5RSf+y`YLG~uK-%eT0sp`qL_!{_# zG4^A&Me-tZM&{TSbFnSHK)a4@QTR)bvuxgvueSE;6XD3w$t2Ur2BtHTQuv8vn9dAi zY!DgKD?sA!Xx@{lRp4h0f5c*LcM*T56n`|vE%f6P?>4H{) zs|;J4_nNvyjmsFPn1p6qXZEwT(I2+9tl$SJ&MvYemB69)72~CUAK0m9XnyeV!`7S| z-@>zOZn{?~+7#S+mYydYTsbh#C&xtX$(+IQe}-%Lxi#41((P~q>90R6r_WOjZ7W}H z|NO1(;4#dfm$T0P`CE0~URG)4ZVlc$C=nh)-d2BF-d6mnGND!R-J$faw!EA@3l0~$ z?q2ho6;na^niU)4A5%V@BlZ6jhCP!l7!vf?ABI2JFl;w}`{pD4^W+c1qPZ15IR9Ly zc`E}iQ#c1zUeeMz);-QC;6%Aem4{Sounycrz>Urg1IV|H;N>?qOgs9(WaS}^90!*0 zaqw~?Sd@=69Tv&Q2lxvB%Mu%wfDOxRU|DU$vaSy-)*Rh!!a_dP#ma?XovZj|n^W_7lw1}4HlY_C`mC-VvGIeK>4;wpe@T3vr zf|QL>Hb*kKJEz5zjVZH*e2?PebtV4fEvqjMmyz?)OI*ofVtxepu71T!UI*SKw6TOX zg7jBLJK}?N)S17S`>WXd0;}EOI(!pr2Xc25IVk)=?T*Ph`)r=`6vF%;r{J3$#+F^a z=!F$!*nlSwoZM1|UvYWUoE?*~8)X>lPS^P}WxC>b&v^>_W6OEiasuRcyak@>-EyA! zzw9dxeJj>W|M)t(e~XBd&ZHAu_627 zWyH;C$O*>1M(TlaO~KYzv{!tva7WNC;N9X10n`iSJeJN-D^WcG;$3> zGALh8Zb}dE)=*yY0jhvea*6yeoOi1kM-63z$Wyz46NNFah;|qAUe5twW1rcmwx`%_ z-K{C|%9ESTrBr(bTu>oVna!5$|!x!!-C{}r=I@_H>cQQ6_An($?sV<{bg z+`xFE^zHPgvAn=q`nY2$#ZT(vj|E)x8;iBBj-PA9>m}C+b3B<`pXEoYA9V7+e+fN0 z!kL+Uwca^Cj#tze z%bahb<=JlXb2Eo($4h@1z;La64e(_uLWWH)UWP2o*(mKu7t_cc-m?jNpB`kLGX_eoHq| zJ7u&XxNfDrJiZ}&L>fLYur1-Q!CjHb#0674@lIqW#R*gVj``dl@h-|(5ho5<1~I>$ zAQo6Hz91Q6B=cv+Yd*JxU!R%l$ve>7l4qWOlYpoguB+UOe@3QoO z&;2^J{MIU!$&H-N|ADzx^4}OAV?Qe;S4%s;0e(CAZRa=0Z;W4HuP7yd_RWmxX5xSa zOuDsfd}b^cn{I`-qp@7l=(dfqINuz)En@Cx<7fUT-^~6w6P`T>Ym+QQ@3g2y=wd)>~D-vMuK~}cT)Q4NT#3uIXRojg1Rr1F}@7k2Qkh{TWBu-0k zCj)*FMkbbwm+ng$W&IsMzG(M+*}fw(D>03+FrVeA>eD{bXJFrbMn{;~A7%I%#;OO0 z3h})xKvr~QHTj|Ij?q58#ai%3{VhH{_qmd%L+@riWKAzIL3F1jRyd$zEb``fWbplz zO%eaAm-5q{vdE;e<9QjI##li=s+WAwm7KlUy%zt^j?fW&)9I^w2PWDj))0!O>zve9Dlc#gTRo3O9SwLPG_s_yF(t9Z8;Tz9bM)Q4b2cfmeVg#Dr@@(gRCo%QOh6_+ck zv6^`Arp^1yFw(a`yuGnEVh%A|J-@^LM<@8BJ{DAk%-d-epXSk1{$kIV(t= zb5i&T@Gl?b9=`9{?Zy_@G_fB1$E%6)2#u5#%RbjQv4*)%9ipA7%*#2%%Xu5SA$1q* zswP(|F`B63Gxw~5$U^9#8y~PJ?adHZjbt}P#^o(SnX?*(%S0ZMicT>e|UCN=ijK)c9L;k40;Ka7~^`cwB}FaU2fvp zvdbLf%h~gbi;>MZPrz3^c__{~!3uxJ8|XsUKnF4EE9Q{a9(J%9qGPQe;jpwgV})yu z5o)5{cJ!A$tiuTFPw-HC-NIlUcfn2k>Jd$FJ&I( z2a#m&DZLN>D0Cm?3v#}fA^!!$yHt-d>ECMjCchQ6cL+XLO1bt!sf`9U$|b;>hh0+k z$wIG@909zswf9%3gQs=^*Xn~K@L0H2_Gc+rhV?%MHWo)gQu zlKdN)@p|%a3?|3GO5f6WhLL#S=BA~s*}xb4;I18|cc-M}rHBYp)gg>{*SMd4v zW?Aw2z1iry-uR=;$p~eBKfh#s@R`^7?SPqPh{{$EDF~h@q4&jr>8T{`VV}HCj-#dw! zMI5C_5?YPci1?<&Fk(;a&YTs_4@*XA zd>}U7NIGja@Fq3~+B(F1YOg!`e)pj9!+5VY6C<&26Vq!m?WiC1A$h!#e$LnU;SKvw zf!?uKy}#2RK99N7{OW(bSAEHe-OzEA{mk=McsBSy_=k(b2J{tW4u8#EZlG@`uSc@O6EfdV)p#!<3zN4+?#s|0S=ieNq>#(QvROJ?J=EqqT^d(3n4!{79BpUxLf z)MjwTl!*>A*gP-a)$9td$Dir|xs(o*V<>@rL2+$$wzZl0PS-7+^DD;MN4LD2ew=U8 zG4^DUZw8s8=1hNh`pNR0gYUwF#dpK-VJ~`e1M-9SeCDCq*q&X?*b!<|6hCy%Yp^vXxlfr8PYiI!QG9PV{aa^5L(MayH#j5u za6g5Ssdhg>+5OP-O6@Zur_VC_glBzZpQ`JORcl%OYs^3BH)gfpPTBv{GoqM17n-Xb z@1-_sPJVHcANkGwl;*mZ-%_KHd~Mouv5)XhbALDwzaHjhCNQeJ;zArNmuJ$)F5&=s zne$t};a%bQPrN>)Dxq`A0`@hXW6p+7o&(>KdvqsZ4sDL2O`Va--~St#+}A$U2x*R0 zUVeWnw;7p1^S9L8Gc)R&;iXGBdmF8C*yt+8w6vmYY&a}^gt?TxP_i^R($mh+hMD#n z=L~HacD1F@SS|a*9M*ySgH>Ps%GcVP23HMmIWP%6tsD85JP!?bvTwxT7t&FDwC9DU zVkQsa8GO`z!?&V*DD*LuJ%c)XM)G?Ao?2uie^6~Kdy;;YL-ru!5&mX_za;%h7V6-= zY|>@SN7VtPSZazW6TU zX$rQ|k-ioApReLh5d4EXfjZOL2>s=P>jUfyBWY7KxtaD-52TiNVhh(g?8F{a3ct+< z|EkLwKe6PjdM_iV^s*Mi+`-uC_SL(YNC?TkTvrvxQf{{5Q7HD(@6}1+_?W8GgnxW9Ah0}#vVgXEjRD1<=5{SMZ8dKjb+!& zPt>t4bqBN&n7n)k&iY;O@#RNxKFq|c-ivNx8fQP8>zjr1{1f8btZ&mzFFfD?e;Q|y zxfjm2Rv{aMXUVtuHvI_aW`E#3kg)cGZE5&!=bh*##yqWp*0m>O`TWVh?MAKum;0~0 zoV|J~d-fFe?#bMRui-8{ej(K!^DaDlzwWE-W$%B{-208Z(7eW>p{CO;cs|mm<{7fR z)bLl7VMo_}>NeVue}(c6jK@!;IH#%ANQ@0_#2?~i<}_&E)0XbKA33Cry9S#)!xC+a zn>IL^Y-%2!=xG=pj$P?WUIo3h($2L{*mt%^dpdM~ zwgwuS>_I=;hhB|6sfV%`Z-p+#+xNBiF=tJ)5{+s1wJ)VD@uvXxNcs1!0)EA+)fl40 z?aAePbUg9mox9pC?v6Ib(hcl7OMLVF)bd8ZF>XJ7jAd=c4uJyv zw4-k++R8R^c}E#!5A8R!!#TmESI{lSN)GR#ZNZrypLZDb70)5e9+j>uo4kZM4+B%# zDr{xw-L4#BHW;O$JHU5%l@D8yv3chdG64| zTiv0@;N!>UL1z!FfgdAxUWq*&I$gpXl=awi@P>;y7#nDe4or8^hkKTu#$Q+b%#v8l9)uH=>UiOw)HGFmS!f?+TSLj*B zc>(Wq7TRAW`@gP3ZT)dA zxkYf4e2N&*=&tR=wGe+RVZRa`81OmWd0g=G)bgH@mxR~P65aZ`Bt!S;>~Rcy9@|>% z9Q1$Q*YduM_hZ1T*7^EM;@na%!^mopZW-syts8zOxRhfd{k?ea;3KsYq@Uh+q-cV4 zP{nPEj~*D_gI{L=nMJzQYTDcZ?JRJU_klkC$n!4t-6%97yK3wW?hC@hFNQv?v;Bg| z^G+GQ%O{C8BvV-z!e+*@HAKY#Hi||u^H|2sM z@w8!)=6mRuHpL%wSGoOBy$2@dPI0GtkztSvm#OUhAh^a?j5~1K!ONaX`1hMr$%W3i z#P`%j@q}@qstv>NwJ`4JP3mVcP?CXVh>Ow_E%5@$R% zj#k<@!tSu_0P>i8E@hY1`HAESJvTCs>rWT&D2UwAr#^AT%=%f8IQ83Yd0S^T+Johj zWyzB{Y4Rk#o9tbVJeh+$8DWp9Wh{<73A}q3Fb9J7%YFLGiY%Z%b3A8RbADC7@AdY0 zehWO3+jF>+vI$vSW4ik2m^h!qPxIgf=x~hdY1>Am`_rQ5QgCY7mWZ`s+m@t5INxPk z>ICLaXj}2{)4w^krGxC{j(sR5eFfZf4!}nn7*wZ}y*mJYjDh$s;e(lVs$t48x$Lha zJnX6H^1@+|y0QTjQ{K^al&hfbe)yK`!_0|kUz%hjPw#_^f=DU2P)st>nbyOQC0Y-9 z9vW#l!F&<)9QnWRe9b2R;)&*KE#=ea>s`i@z6J*YgVxIp^w&KScv%A{aVDU6WQ}hi z&%-a)QRnp!QhD;Rm&~dCQ)?he-XZOyhp)rWgf^rHur5qGFZQ2tl*a$EjB$Yz;<|*M zyqEtk6JFe*cLuX2Y0Jw#ARMIIzs37w>;pgjrM>U}?U;X;A6R9l_zw7V_HE%zd$#uP z)lMD7dtg6w!FTH^tF`xaezg|{u$4+Dy@Ro>hnG&r&tOCIb%~Ye@mrup(RLPNZQx9E zKlP%}T%&#V(a70HJ@p#xvyVp3K5pPS$l1q3_Sr`xXCHHUr}d>6MC+Ri6SH_uc|Q97 zZyRgNc*F=j+F|9C4yn#I%OCVaxyT>1?~8l)EuL1xKBIG$0C#xtD+tFpug%@Rcv>Fc z^7+Fa6d6aEnfy)QukQ4mmI_yHi|CzowJ|XNw!}vCV690vdTO8VKK}&h1zoMKxsteh-8rY*0!)q%%q|bNqrH&Zr55MV=POKc|S&=)LfAza;h|!W> zS2jiEbjoE7>6|r>U#$z()f_tYZxsF5d8QffvuY=BiZNDWG=0&{ah&>Y8?iUEKL>{7 zv}kY6tE)?lXDo_U(ec;s?1-K9T5G4`t}@>N)^-yx%|>s%{XWjfGg;^8hJj4O+?R_y zu6M;BRYyKXvh{gALt6@5+2l1Zj64iK62H20B>JSuuL|NmXs1*B2pT)whaVNh#gD4^ zuJ=LlGWf|cepL_`FOz(Jko6IyubAxM@TA{P;@mEcC$R@41A+yf5exh-h^%;lOf-{cx1J*bm`iOC~@3Zuk z?^DkiLyUL2o3pISA41=H(Ridf`RApql_B`W9j@LHKn~70ZS%D~+*je8WUBJnZeu;S z@I0Sq@0l+Ylz#h+G2Tk!iwD5TgH@$12cfA~(Qlt&%uge?#_WAY^A@w`?VzI{+uxjd z)B8^9YTiuU*#7R!TQBn}yp`f}r+K@E@j82nbhXXsXYG7<=B=IQEj(-9%(nTzW{`1A zw`ZUFBRsSneM5BFj=s8|d6OOCY2eVjJ;WG9d$Msk^A>~l4y4hZzFG5@WzL(vNypbX z9QrfsADuU1!vPC=vpJ4YY2(nIC_OWnHjW_AtL$-@ZJXbYjiZrqv@wpLJ&vHpVc*G0 z)Lx9PS&gn)g|1n7^nO;lpG}at*S;aSQTI6?6h;bSji96jRTBv;gL6odnfrj)_AT?9FXlE9Y8kRjo5Fy(W~5x za#j>Sb_#n!Uis_jJ?+g`qvOszj*dGs@%(Dy8?d()`%ewI(Q#GhchpfI5!!d!_R^-0 zb1lX7(fZf8@)%bXIFN1j7EkboenmaS?^`mOSPo~J?ot-u=Y`ibCtCw<`1IaGS@y{c&Wh6n&U<9F}Z@4N!9V9N9JTBViuohwx42+bmrX6i*?5h+cJ7r+epP8&Wconk5&Ay zc|7lNVvN#md-HV@+VO*FLl@k6p|MQ+)<)(><(|f#xf332XpHdQG1Tv5O}1mlRJ|Df za4Ii(=k%vV+t*E~;hp01ghwt4F95bftTodw652EUBJqzDyt()ld?d`x7Rr?44Q|?*Y25Z5bA32Hovb~xxQ!gFnw>APZ?;M!rgZ8iRKa-ZR6N!hd z$4<1NB;8JA@vqn#Y(LQceA-_Quk77p+lh9#Is|JBJoU(zK|Jei%2NIsWd2x-KY52~ zJ2^hjx|a4#TM_r|>X7S9e(;iID;hzJwQ{~kTP$0VSGJ-t_{xCmD6k&l&!lVH548?I zRN23BSc9*@tMi{3X5Agfp798HGj%NHPWFwTyo!!ReZ?j7QQo>UlpndbU%4Mp?zwr3 z!Ye)barV<0FVpTu^z0z;F8wiUi#D8?aK+@WQ(W-n)RAAJ=;S*`+p~Oq@8{cN%#YgZ zmdpwt55r@{%LC-9@-|tyuDWL#GoGHgDD2?XTWdgZB|4*1H&=wUo&P}_b%k~YONKEuFnUaWzeqtk99{~W7~&*y_vmC{Lgqc zH$*CDJJ;SG!8w@<%nue$6_$E9Bs*F&M8OJy$vYvPC+;5dE6}!?Gj?zE8`u<{I57Py4||;UttYk_+p%xn4?kJ=N+ctc|I^%1R+AAL%im1qIKUrC z707*OSa}Ut&j+xP)Y$Dk2Jc&mKGum(*hF+@=I=%LZh7(HQgrTNk^7&uY^f=GZVcqs zwth5Tm`39bv=y7k{eRj|)?X49or`zDJ2-DGh)35zC(N;*JxpsxJV@s)jg+r|@94~V zqfO`9pH)WiDlVSZsASdH8h6FblsD%nzXTtQvB=8ViOYB=x|uuS*gf~H(2a5^C6TM! zJ=uM7C>5A=To7?luZDQsva7Yv9E+@#ld$kGG*V3a${XvY%r5p$@v~LneNz2-6B@T^ zznWpmQl6_4`z{cV%Z)hjjI`m|HRhw?QS6*{)|CU#UudU4JhD}3FAywmnf>HP1cT!z zF8Iv#{@K2LC9$t*{Oz7I%(3_HYipmrE@bS(6INe}JD3xBL4Da{UJb3O&nk1=U!Ks( zJphg0i@*PM$lfZ~@L6No?17vsZL`<-Jb!X6Z5)8^9(pHbp2wK6_mGd0$gXAgIkESK z!qr!?5_qK$pPz5^XuXGz+V z4EX5B@h|!&b<_Qe)K^a%4Gla(Tlw}mr78EIr}i(zw|Q0Ijcl36P~NUxz3kPp$$Es#;@dLb8l#rjlZz`JK$O0?DNR- z0hCGC=?L1md_f-1nR_N9UZ3QTs># zbIx7V{|WlsPWJ9Lc#_XGq)YxHWtFb&^1Ut7eaj=4?jXousMcq^D}JJTi9Mbn5$&6@ z8xH4p>RSyD=xpsBp8v*QU4?JOzvCPJ5ANT+_?z#9w=^|`|3UqKZ*qt3ah=w()@8KZ z<2to#EoVvhRJuZI`2#=PY0Hd9T!ULA1AO{3Rbk*j5B9~CJ7x;{&=j7v4z4;fV@DnI zEc)fnex&$zzMux|cz|3;M{UeaY}XXv&oPY`t?k?@d}x(>q&5BhdR}{HE)j z?dSi;^v+i5rR$v!^W0zW4Dl{q@BALm>3O)9@Vsxdy{6FxKgpW@4t4viY1%ourq3~w zH}QSF=S#Le{iTnsPk)7a>EoKsbN_K&$2)6WUqYYGPt4>w)tvE>_k1+}8gJV+WBc9w zYR!Gw{%zKK$vK=IEQN25VBId}T@U-*W@x}Tbto~d@wM;?N5)OX=sS&ex!cV)T%jrY zWsf%3_C13`|AOAh*>Cx`c%N!ktfK+g>WmpTYfvX8Kfp`4o-gf1R<*w`ob{u$Elps~Gykc;I`@o!1h5!xcWb z#?5)P^g7}|(a$TiPap3tv-|004NLx#oSwk9pg4p3gYXII3(_}SvNN25&6WI4&oSnC z^m%~uaeec{gP!KxN;wMJ>@%)5&bXeUT$_Ey)y5guPk8RcK3OB12IpH5o)rg6<8a3I z1pbn`yDDE(jirn+)N|Ke_m67vk?L`0c5P*TwI5D}7AswwFT_Efcp{A#`dy6|!k3fL z4DO?Fhpw_|%fxQ%HB)o&Eg&DpRQzJ%yssUK%;`fnTHHJ_b(YF)qg?aEsb}(?=h`#* z-qbu%{8fEwF4o}tDBSm8&y?R`4ts*|UB*0n>%A+=e7+XpJD>M14>$*x_YFi(0>>M{ z%^YyF5}z>X<%)SA|7zi0@Aw{y3cu9R{B(ksAU=-5Z98}2S${K{GOEIDi&>lBPc3g+ zS{-iNWrXhLf8kF&b^n!(a)#P0bt&#!RwTo=iC@opHhFrQP5f_K^T53S%1Zj%+J5HwvWfqSb?q|m zmzw22!p?r#aoT*%Zu4~WS7Wo<9$wM6?N0*xXO7d)uk3yj;KahA)z1L4pT2Ptz3s>D z!YL-vWS8TAnz=%2M0fO8Lzg$ACv)%XsXBO#mpxiMDu+9B?e1*Trt8I@RC~8`ugNzoXiCp-1tSCEPhN zZ2&G~t>JR5HBKY<8T2b38_}Nbbp)W_3vFJZdq!b*#)?kT}A+0>s+{n^y7 zH|amqtbfb7#PlV8!U%koY;nCY@w5C-o$aT%hb3I@6%#kR zR!rRKBA2rJ`xA@Y!xLMY{ycFLGL38TV-x>3d+#0}WqIv=-}ek5_soQI2uVOfz-lHz zt;!)$*qJ0)LqJf(dgvj6^xaJe(&8BvlMvemCa9ydwuv>Jpi%~VBA(p zYx{J+y9BVi6M|Mek*JvW`@3gu7-B%%?)~h~`}sV7%x7lq>$38r`Dkx$l3 zoKY?9+BoM~-|HdXXhQw^=GmP2MTxH|9f!?}_?k_KEz?dGXk%4V)vEqsO%|k6w2{WPt}91}-asV-Q%?0>={Q`aE|^ zaD;C}u#>wZvXBcl)80Z~N|0R4`1+>wPGkNnxdUT_FC%y#G(Ku}BZ`Y21uWI)m1{gz;=-JbB>9j~LHrpD#F)F_oF4f<8W@kZax~e{?rv z8a>rG`WMEMIHp$Ss4*?POk=`Nk1;*Qn1Za^I>uvoJY71sC;;ZNwRTXq5m<)teU?r? zv;N!7TJI{Cfn7&D{4!{gI3n`?z5mr>=t6mw{>9EaEt>rq^Lv@kC&`KLBMXWDis$|> zWTJ`iG5O3qvd%?(J+z0-*aOe?ug!!nr$q|K8%N2dvoz}$*3m1bKuc@?(2_g+TTAkf zU%oFFUydwfy|l#>TWZ*Uxi4d%<-xAaKE4b;-Cg#bK04Ql=|}gtVsTNLk7Iv1U>ch| zykDi51a!?~%3%);w?nrnJYR8sad_i}#bKRg1?8poZJsK%l(~Z^^rK9Hu8M^C%i4@Gk0>_mE>N_a;NoHAdfor zHTNRszMK2OycZPPcbQZ(cRlZ5o}Xo`x;s^8Up~PHysK$9LjBlVrZe_d>g{AM(`Ofl zSDAtS#eAM(zx+3IRF`nliqEqaJCJmA=bbv{Rm_}YYm*VVlsO$^J`RlC?~KWB=?hqN}*KPE)jr)~WsaSR6g zdJpqAfP-YTG8ph$i!!93}Gi?jTo4M?+R$ z$5g(F|LZu1`eWy#SpW*q}`0 zJl1({CGR`}4{2?1J-dVQ#QN=w+vC67rjuIUFXeySr>bB#IZRsJ#u}ZmslP_f8|B;9 z2#?2BP@w;&9`8q2D}jq)rrHq{bRE%-*x5PI{>74!FXt z%=x>>QFV$z)jOPF7;g`3sbgKzRi}1XxRtef2z=4FCowPeTS{IR`2r@c_nCC18<~UZ zE(b@1AIc|vruxq()UO1G^p0$4XL{!d?}&b4^nd2M9_pT{E#;T`B>&EgDJ9{|m4Wc2 zD~rMtDvHCxqw&`f?~D9y+gvPQ$sOE=f!;8>Zm#yUD)jUy>q-uyH98x;bCnUkdx;qa zFSg2er3#$X+NxeHGJ)2%f@fQ2N*=&JC*d8fWd-{8(<=MO6|N;VxdQyXeYq>V27TNv zpKA0!q4Il%g=@)uCp@_A9DEXAb)!qha&4d9uj?1&v5WaY9Y?nIr(nb8qq#|@mW*xh ztL!;dHoq?pD^5fHHroHA54UDUM7Qw59neY-u~}7|XH*YUt_bb*<0C(WM~h#rkMo$F z>}6HZ_J%<`#?SjXz$Z!@PMh`6dYFD|2Jyxo`jyXvCqZ%#paZhXX_OJ=C2G$FOa^ z7uQ_`<5u2{GLAibIODTrAo0K`V|j59jH=jI&r#p(v(BEdnD@myHIFv-ZS6~XU;K0M zT=agL-UrsPu_Nd4zOz1U-jnYSwMKehu!!yNF<4x{`}p~e87k+K=HFM24J{#WR-bzq z@s6j$;3u?U!P9yM!N5AVIDB{r7|3q786ND||3>n@1H(iZd|DW4&pZLc1Q>i;7{0;# zCtwIHoHh8gF#IF$w~ajs!@hFq;IX@9K1r^JWMDEh7p-XjuVVjS58UlBvxir)|8E!!bN1@*1M_dg+w1N9U+3-Y|BSoQ-v7}9$Hw-5 ze7o_NH2S5BYX2vuYE0HNV|5k0Npb-BU-&NXtAa8D} zwEqjIpI;G^3%=;iu;l{Th!f=km8-1dZN2WxK21+rUdKd4$2lMA$$OjOEopT;v@Jzoc&G=LXhiIjQI0U+QS{(>7LM<`7UEkw4qwWxJuuZ-dh!ispNvw!SOd2 z$Kcq=eq86;Vc)l2fh^g|y$`L(k&V!a4PR`_&ffg5dM6IgI`59T71+=lku?R+R-U)U z_iSgc{+a5>VOzIu*BtTT3T)_&$f2T%R?1qT6~}ffIpqMh%EWnzzOxN{D483%LLb(h zJ6Z>FU2tx6((c=Kv5{)aIc}XHxv*`!u^|kDCnv#^ha(>(hmSWXxA8E1tWEol-7LfG z?W0}JL;E))C%=Hcggp9SA9`k0mh!0LQy-80(6a*53VM(iJrj)?xqMshNnN?@$xlM# zxn~*UszzAB!{mT3Tx+cEL5|o19>`z$HfU7$eta9>_b_!Qn4aLR*v)=36~9Jsm|RA7 zyxBqMN_NLa>NR4|mA>GV%h$hycJQ6pqB@CXiW87+vWNb3=2AGWDxf-F=1Y*%nLb<_ha*l(mrk3aSx(R#ccFI zgVoF{jsNyIXe%crJ}<^NpEB`w%`pIP*~lDA(LpS1e&n@?$LdV%bzwubz?+=E3~ZHd zP{ly-e0xF&2Wu7U1w6YpywFnVI&QpAH5p*P06ktj8%ZP?@vl4h-ObHVpo7 z(aD${2L@5v(ArwSAPP)&@?Sj2nR6pCiNYVvvzv9hnt4Xy3z}yXUU0j;ma#c#EuA?? zhmEZzcO;x@}l`naOi#R){#9j9XwY3spJyT^E-+0(!Qg3 zwMlNPt2~Rl8^9flz8yLeeSB1ZDt*|oXw!_NHw={S3m|Xny$WFAhp$w*Ck5xjS0eC= z`52~4;VYhDeY5#JHj%f8*8eMcOU@_omdoick++oa-{CEdb>a7Kq4llM$#(|v z_ZW?gKf&*u@rV~X{2ll}BSZ6d#W?MzpPV;hu-<>+sjwEmYoy$v^~O_Zoqj1RJ#sRK zOC2!04!BAN5UnddDiN-~Wh_I%Rr7G*Dw=lYkqFlg-aQ>$9h`~&IW~{ZLGwu5kD`By z#pj`W!SC4{HUIyN#pk^b-H8^L^d9W67Hj0-oak`UAUtyTKtOqYpuP3P zkRC?%v)q}VxVKl(_F($U_}Jc_@dU>K6t#)2~ z{7{q^KMy~Y)8@tJjC2BLq_SJhq<#4WoGCBpN-+GSy!f+eckrD*&bjX$ zlu3t`j+m9=>dX3&+=X>neT~=(IcKr+6OPB%A&l?B9&&>!myC~hENgtQ!sQA}r(Hjl z+=|qlf;{InJzWd&tq5}FUlTv`mu>Jc^P0qZ=v#ihP52!&!IPTg17M`|zCfKao_P)K zIKp13dKUO3KLGgvoX2^)*BHrt&Le{(1E0#*n9$}MxcMnFzz2QU82!Q1vo4J zBb{C7|3bsZeK23_tH=LHzDGJ=KM$XyY*Ou@gXu%0_(@IA`rx9*cUkN>TF>iF+x9De%n55s2=ySX<>X9lj` z0Ao@PGL2~g-$llbxp^MWuJA_;aIR90zB&be!$SNHi|TgLHa>}|&lI|aYP!q2GQF6uSRS#UPx{4YP7^16mO>Zdq>Um`v%j3wl!ZRKUu*u3b09@FSo zom|GK@p+Q?&sj(=^}HVbGp-!LGlg#hJzD2S4a%?T3%^^bbr?ZTRnE?^wPJ65z_@JZ z-0aJWkL%93fl9NWdmQIOdB$=0<`xUPlx#OMhZ%eQ$jset-I-?P_FQW`&$-y9YuGcD zYdv~x;Q9KrK)%Y!4YC(`bWD^w&roM3dY_(~qwAJD#s7CI72BhBxXXb5tp}0G;TO&` z`U^puo1Fix{8syR8*9(Hy5*GreRTK;OjRVMoEdCcQ?fwS){z5+PPw`Bpo zm$4jo10}P3-RQA;I?5%0+u@kUcr333>A@IEa4&qd+_@r+qR&^(N2}+F6Ez6CN zcq=?BG~SKh$1?d8#m>iXF9xm)h~dzEr9U*nKN9T|m+z^B=R6kk#g9%ipMRHg(;jqP z#Y7yY{!!|o_q?Jz)0B%vIBOA?br-hIyEhx5>pgX2#}CJ^72b8V*0kZ9bGjS8H76Q0 zp6}s2RyJ1geNX+D`!=ko-d1L2c+1SQF50ldzfI3>t?_SDT*X5*Iej}<+?ihu-@O5y zzx-uRQft3{awON&uAN#E{ z6LYmyVHVVrf66?&)bC1}@AqBF-A=cBe@Roz!%P0{lJ71#|Kj_XXiv`l_s*ME9(wks zD;7R~)1oV%yh-P(<{eer4w`3%S_WZ z)w6zFuX|MPA@}Iq9`~4BVy%{D%{7i5b(^_wa>vMD-0s}<$R*}XV~i`?7~}RBW3p2M z4;J$oHX`s~CEw;9%eJ}hSibGvckbEezN2zmQq@7en45@H;zJ=OI@x}WyOYvkJqPr8M9tDjz)Pt%^aOO)g0}uG)Be8pW=Ik@{{#P z_+H|_1#G<2=lfHDO&0J1uYG=VjIWIO)tIAwP39<{b+$zv4|R;^#i!1c3)0(W5c?Oq zC#5^@@$fC+#!5b$UMT5r0-wO2S2}hXdwX`_0|(CZ9x_Ae#6#vN_7&W#GF`Epdf=OK zbZiCp)1ar@mvL7_Jvac4mV#sQ&5(UVG~fl#4sce{OT+WW%vvSa1km31|D#uoH*R<9fzInYPUHa96U$&PcJ6#3WlkfDfk z`_^2kzNtQ7>@po_$|pp3!qJ3%fK%c*g7Wkz!>8 zbqAW)$_z?|CFlIMZsblUum8rlZ|ji@PR*yd=mgA|C-WOV#QchYRrH6K**R(I`v;c( z3R;!#xYO3|;{#izvqashWAskJk1g}1@@rG_u_a)B^-<$GGB4$S_WTs%oXM@k{`AnEd@|G?HqfOW&x_6ecJAw9->5P9 ztf}q`av!jMFW_76>}Kv|noX#C~^UzgOK}?!~! zK8a5K3ViJCe#oVhSihAqX*?Sl&r{EOTlDS@_Ooo>6+VC$cCNd3r^ojt=;UxoNr8NE zEqF*ZG}05te`o)#YG;pw4(vS+ykGGj_=4OV=zoniqU6g{yV{4aA#Wvt=!E&qk(|{V z5@FGWJ?BpDC%ztBQLOG>-pv_@jD;@ag;$j0YwR&Hg2)(=2H>&)-Ndqd!4&k7*NI0I z?bX#6c6L&)2|m{jJcOHd%ry(V5`OK}+OcM`i3;b1hum32JdtRLd~AGr&K(xMjkqG^ z{LZMr-Y9r5_UJV7|7lF*MNq!&a^L#i1FVitYsa-oXI0Gm+rT1gtr2El=r^&&H-5BsUo^+q`klAdvTkXSO4@sIs9uziUqGxAOIS9vs2ic~Vk>TDv#oSI+vqOx@1-`pKVMG+0JlX<4=r zD*T3l`wD)wz)xrC+pr1WkC zwEw)%{qfchi^9rlfem-*L}C!C;8Uejjjb~nyJbxbl6xl{%`*Buj};NyrkEJ=)8KO< z{dxiV^$KtjI<;|f9sUyXNqiEVlE0m3PvWE6a40G<#=7Akj-?0ua*tbyMPeJ?j}>>1he6uDKK*4)^)5c+O{ zFQo9T`r;ukLtpp9L(1KwY#wqyJY<0LICKm61%Ak!S32e58-FoJZWzEPS-(dy52rrs zW!ImMj+9t`z#M7wkT*RqH;?+|$QHdT9-=s5*%V)*|BYtm24{>Z@rK2dPy17!9V{$C4S z3WsEyfnPj0-SpYEnE~Q4G@o8qEGD9sd8?kqx`_YX2ydCroIZ4oz&0}?_&U1O8}Pz9 zVj;u>Uj`m+#Ak?}1Viz|HrmskmPK0|E|0}$d_bGJOW{NLq9)*M-Qj_yY0$@R>`#s4 z?OVxMEem>fPa@}q0pG;$0-S1ebEgFBkjSgWr+eHJBkuTEs~PLc67d61u$tV@qWw=A ztMEZ%mH&=6Zby>*5Nq4u{#f`jFcmHB`qRMDI&}SY@pl z3ilDvMnd^3C(2VU3>~1nl=3#@vP<}u9-nW2kBiLWdtg^GdRhj3X43aW#xRMooCSZK z96pXN7mf4R_6FtavLd>JMftiOe}cSVU%Q9=TN8ULIIp;!7{|N$AU{5H?1_^8N0b+V z*z}%hM(8JudCNgFv=#mL)v?1v`3GE~0`Ma<`((bZTJCc&(CIo3#qxp$+vKB?7CDbG zb~JpEym6<>?z-#8gwDu08foJlSNvYHL%g$vcMR?!Yq#4Gsj9&F32{jnI0x>SWk!IPgPcY3hU{$j1wi{js@3fu-gpxivA5dxUmU zz=JBzz^d5;>RB%*-~5#E4>jLOx$?0XP7a6XjOP!~j{MTwx$`ZtZ}ll0`rQwK19hY; zY}Whu>Oao6U{d;?a+iIn@0na<(~qFl=a9{nJ460+r^MNhjOG2Pb;a&>HGtcCp4oXn z%<{fA-gnB1phxBWh{?ms(=@s7yOh7P_{-qMm%xuNf+t@9Uv26Y-sWOT9xW-2=|d74$!V(vwg*k{CD{8 z1vc>aXZ++ld7HW1de9ZRjka@^#qyk-h==g$j!VWo%Itraw(jDcyPW$MzM%UT@Hd1m zs-cT0bqAh|)qjmUwxWy4V~@NQ_3;foR3zNL@Spa$PUfE)uK$NFFF1BF_5kUb$wmDp z&$<~~dx>e^$NC)KKl(#VkH^OF%+Fb)M16kK(e2Toe9)eNVEfa>2K{ytXW% zxeD(lGdAh<9Ss?M!q2u{=3bS3)IRXApY!xQ_)Nt8h5V<;dz}N_6f&biy*&@xGW%{# z5jrR`!BKRDP`2*$fd2mpxGX0x*^7Q-Q=o5P<_`V`^NAPH{?hnoz0bp3bOsA* z1PhVdwJ&!ECx^RfV;A)I)JG-za*^}VdqR2a_cHoT5ZCJS)96G8pGl@~V>>+fM zqw8qvy=zOz`;e7;5AT&@o9M=l6@^FHaYwBG>&*WM^m}-h8JY->=-_i7duCG+u<>Ch zk5Nx+t2=L9$$lq{Jq%j0?;C-RtYtCYB|BCR zd-JXic+ma$VryT9Cl8f(=$~jam3c4K{i@8VG256u0@#;=!}Fn+Q}^lS<_D;+Tub8b zmfj)PlIXMhgFydpbBs+h&H`^)ABSf({O_Ucj^kEj-Fa!lS1kGsRYq4{?1s<)Vn z-Z!xarNR$nvlQHj!QWKx$_QHI%qT==dg0pGUW7f^wg>pB>#ZTqFC%Mg`A%bXJ?}gG zK(c`H^Z$l1M6pS>;`>#PuGa&dN=}bLi_{It9#@QA>2L%1atxhrAUQ0X;R1M-_|zSY z^Y`raeM|d(s{N@B7+OYpFsmV^e~a$AA4?8*^G+qWXN3@~m%BC(N2;F>c|7>MqCDnLX*k&?5&dfLQa@(v$%~yir?N127Wu)G!hgm`7C-hZ__oI|3U&Z9oev8By|KDCMO?w=GU7LTu`88R|1kAe zRQvPA=k2!99lPOK=oGJr{za>gl^A;;ujF3zE7R>e59bX>?gNhu&QjrlTk1I1AJ5vg z-s29p>fAhQ$J`!pppLtpq9uWTeEyD-Gm&^n#vNaeM10RGirE2dzQW$$4S&;JOM+1p zI!tBW*VDf8NA=Ji`^}rijFGW&_8RdC7j-THj)^&@-aMDQouX5%^P%KfX~4DhB4c$C zIHI+Mk33+BkDLpCNZ=vjAL1h)JF39^tenJtCZ-N8I1ZBTo>c%SmsX^*Yo{J+#NyV%Fj1X#K6Z67)8@hPLwn@8RI`(=wN`55Hv zlFx>sz}i@|=0j^r#pHJ8CfVgPw59X81N5EGJB9eL>aNKE{^yDH1FTgP8)hSVzX|NK zIS0w+93&4LS*_$<_0W#a9sIuC&Hg`GEne)hWt@S$h~2WxM5o|e^;v_ZKGtGk zlFmIcZ2RRx=Aqwp#G}S;39-r^i%=h26S}n4*YQD17iY^w! z=Vp%&Tdn4;u^|K7Yf(da8DlTQM^^Cn^6iWrdfhvpz6#@GpU+tII{+M1mkZOjIOQ6z z&V35wV_!u7PW>J1WvZWxjFnhldVtnyI%8k|1M=<0$6ly+!$o!+|5R+Qx+8_;)e|1* zEDC42koD2GR+5Vno^z^w82D;_N8F<$Q)r{~2Sv7TnS2h0ah4;x%HrN)|Fm&7UA_3{ zYymQ%P(bvPAb+jegfT#wP8B-S8jnhxYR?82ul9 zhJ6BlWdC1m^!Mri+wuSCUGL~WyrFKB?A2!foBWsVRkUefY2rTH_W}JO*PKm1b?}xG z_EXtlmwH2$fr+7=W9ya}luH(Qi*{5GTkSLGH_zC%+FNFaDrcmH4vef@@?N~0b{;^t zeZVdc%%VIabRfNM$r~CM@=Q11&YjvHlqf&d$M4j((7!#{zRIQt!qfRJ87PPUjt{2t z*<_EeYi{Lv8+|Dj+%F<0e(*IKoa(|sfVZF!#hv3#@S$8eJ`&}Z}yR2l`{ zK7LO$`XAu_m%gv*&e(~zU#{ZF(krpgkqck89oYq*rY-3;9%R2$&MQKFfq_SndjPXd zRe;~(){%@wdARX H})7gv#+nfCH@LdddgDK|QCfebgz?8XOm6VKlv?r$pN zU(Z=cA#qw$zzaR!g50nkpM3k-iM==7-uuM|gy;3Nqu46NcU52$vD-slYUDjV)1J-! z*S+v*d{|y>&S_6;(S0nE9rnZ&M{lE#7hKaGby-s<2c~3CevP@RogC(v108yh1=b^v7tqiCk<6FAddNkx-(?++ zqUX&tt=uW;QzrlR{o3d5qd&_icyv2<6Z67vbEgq!Zur06#vJsX-VxmjuIrF91Y4)C z-O!-q-Sqf8?EZNsUrDd-kY^03CO*b%@`-nj#kpF@JDNMWED!IXT^l}pJMi(+o_Mlk z(J1Se9$!DTT}lj;&M?p=Y`EnRH>vgopKRISfln2&7Q%feheu-miNUc1!0M=QYA5hp z%KM7_klt9ucy!jGeGYrn;X2CI=HO1v%?B~i2qyA3%uKRhn7+5*$rZp41FXsL2 ztOw?hM|XicZA0L&#d8Z^YHQ4nKgeDZCFV3Idv|k|#e1J^Y;JWKz2;{(H5VG=drKH+ zV!t}$noJ*wbrg%GHBGE%GQLw|@Qp}2c%%8|e7JUB<7i`R9X=`Br`b7x`YTvRc*ho< zt^Sf{=(CYq@F5W%6t2nX6WndP8+{$7uTs|D;x4^9=I3F(9se$0T(6nW91F1zl<+;> z^BZK-)RvXBwPB6F&kOE)xr2ngI<W%F_f4~pb0$kn<*O--z`ICu7$=s z;05FpTo+Psl74%>Nn_DsV&m4y5S$1DjvB_+SzXhodK-DBHiGWA?Qi7E z-TxJQ8DIDhrz-#Jj=7?LV_4nXw&6SG8pLXBzsC%32QS619eV%o;L~Tb2LG2&e>y(> zAFS2i!>9M~{(m>0-a;S$Rebsy+Ny%K6Z!N~p8Zeo=~?vqfBE$P44)pzK6Ae59CY|x z?o>F&J}S|0G1=G~laI&S`Eh5n|JZUf z@xRXVZrYQ4t#&=0-y=7tx5%cm6JCB8S!@1?qWoU`myR&TE7-#wzk^lG$7OD8u4PUy z*?tEpz1jE!H<6F!bz8nSZmQ#+8kHBhH`@LNQvBgJs0I z_>pUL4wa2;Z~^0d0sY}=U|je9z|6e(xM!e?IODEkyp}m}gT}fH`Qxu0t8xUMX{;|G z_YXDJorA_Iy?8ltK?7s$W~`E@Z{V5sdJpg~Fvr{Sv(~BSE%XknZpl3A?u3Wf`x|Ex zZTz=$K5HwIpa?io!EZ+&xto5q&ppob z4d@xKy1W}sd1qYA&R-?@lkzD2rkkl7lq*|$$h+v#YWv}_*v%5kq=#sZ9`xO6cvF<$ zx~r}V-t+$FGYklx7nt?Fv-MutzjPyU~P4x;(b?i<*8 zH832HjX*GY4||@T-%d=+6+Cy~bS?T?A8^XTUs?Nt<@-%@`hnCI!BhIt|1`|VsmeNJ zMm{afCjA{S`yH?mFCPrE2|Ryi@jPg$1ez*_wv>DGpY8nmeOZzXei?q-N31KhwyZh$ zXknY5uXw(rCH?+)OZv`m3IBhgUp3EWGl3qyMFoZ9QYR_0&0`?m=x?*|hN) z+VJ!4Im5#%E;0IFjK8;GdWX52HS1uyY zC+7*e<3_fYfn7=XrH>7N_|n z4svF+=`J2ujLiGpTp*DU`DdBhVu+aDQ`~`k* z9u{iWb9WN$Cxss7_xj~Yp%tueUQu98wkOaTn7ebX`0-kz5EzjsC)Hv;P3}YyAWEJLcL!eUH(&Bnw_a9=!Z4(Ez`{~!46 za`C%q&i++;?k?ELS{dYV*gbW4X#b-sPb#qgZ%z*Fe_3^g$No?Cg!X@=aw}f$4edYQ zq}&rPPYLb+GXGt^c=?FX{`*v(5-%SW+W$+HkBpa(4()$K<)h-|V?+BVyC@$MFCQ1$ zzli_q#>UIXhxXs2a>5Zc-py&D{ZFfWe7rn8R0K}%|D);iP_zX`jD(J9`8CB%p&Enj-Sn?G4xMyo4dc=18T}z4os-YY{#r!zj z+q;kP)iAb=jIoJ3kvbWp9b}wA#=DWR2AInT@`4!T2*KBLug=*w#`A+T@n8Bv z2lH6@v>8_JmMUa%*-pPkpG$%NrVS;rJZ|jM7V>D-)0{B^qjkt1f)VuervJh@!05tL zVT8QVNV^uczDCQ~s`%q&8;Uqb85emNk z1)JZ}=R1o(&wg|b`_fYOr>l_zmJkP%6w{`nsk?F%E1%8uQOZ`o7$mC2v1j62R2;3Kxs^mWxFE#w}mFYl{a>+8~8 zr3*ZJnybT}7U|SpWWPdk=D;(SUTt`~R^S&QnNItL&V78edxUm7Y4-}+6@9N<`)@5b znkijPNmm4$Xt!x?N|)}s^3hfm@z_?U7xlnGeDwsEyR5EM@MG}Ub)KSrE6J5p2VTmD z0w0N2j2RO`#hWe+RqiMVEgMm{e(u8Tg17mPe`Q}z zyKiDx{C9nNC})0Eexu7M5dU-5**P;iX0LZFXZuig|Ep6JqvY;&;qzF{ot=V*m)t$T z_NX5^&^eOM$hA-Jzz^zg!IRk|$mQ&E1%)f>D~dnYeEiEF15e1y9#NhYjXS{iU(>$Y zD+L$R!NqU8(t~ZT3CLjStikxmw^)Nc;+d@NldSCm);6{t-j19qAjSh<&!c6W?YFa^3~={f8}D?ii1|nBT>3Gd3&)*xOFZkm9b6aOs^2?_>y?s! zh3j7#8LE6_OsJkUJ3PtQB)qPsZTWeNKX_QrT=4K9{4AOPi_*3D9x~S<@zV1`vlVvX z_l3_Ca}q5(yg__H{NW0C!y@j#>P%V`?1Y9p*N*7A0-w*w8Tf|UyAhnu1E=SM(>@!g zeJwA=aoQhFnHT}5%fRWf`PJl?az%2<#iMx)o|o`cw5oX}uCZt&mw63Ev$@Qx><6wE z(XQsDyPh>KKVx=qB#(Ee528oiO=#15)rx%RU~C@iQJuXf6Z=t_#+Xx;YmafDA(n&a z82(1@T{{f@A<52TUdkD8mg(+YhhJhU<1U{fnYV6{j z@NeADd3twp-P~$qn+g1vzW~ZBeqCw3+|9LjGh^s3A%6t&qxj%Jxe2Ov#t;#7SNiv#}k+pT*9{)DX+Zlp{DZH^q$oj{5NVSC)hKCvgAq!cgTu z&9GyV^T7S%cWt+APQsNiG$5aDtzp5(Vztgy?&~L1s#(aSp`#o`4(C^^>L^mpHA7U(u3y^%HZ`rA9XtVY+ z#_A60YG0KPxZ3Pt{E{c8a%MW6zVQhT)$%{M)7ZP5_m8-9A|p+coOzxg`3^#h!K;_X z2l6|y@2tFVREz4>)6Nyl`3>g$BY5Fr=(lt2$d;$q{;K6i=E$y>lNJYGhK65WJCZxg zM+Tq%-uIT=_r2$DdYU>fA78%jWzR_8)8@zp`^OlouK*U{>(cvKhre8t9(sVgJC0Vb z${+0=6Es{|uWtB-u~+#9kQG{<)Y&$DK24vC=<_Mb{A*usxo;5PXo7Dnq}>gkuI935 zeJvL6ufWbFyU2!rHulN}z5;!~p;_IZoCi(m4&^JD?;G&gUxAMUrbQYk{9AyJaPdlb z)M#Swypa(T%aSHtlx2?UT~U30{u}O5k;C}CVncvWp2QE~7jncaC*+7X@wNPlKXl;y zx+M=yjK#dG`~?1~Jby%}etO-K;OWZ$-*ZDnyx&0iP&_P=cZr{!iSE(2-V`75Cj}lX zt4yJczdkHhZwmJ9#5zv-@OU|WZyCTo zzMH<=nU`b^_4BXzfc`wrV9hAP3~WwYy+{F*v(8c}&n)>gSOHnfxS7Zb{% zp=WIQMCCs}FVs%?3zS<^hKF8boetS}DtxsfUm$SS!d_-!`%xaX!R1#|E?oI=2wWK` zNhU||z%#?JRsGcM+PmGIp07RdHEd|x@eda6hQZhQ;H&UM@}>L^buRH9coNfd_6#ZW zH9>Fq@jTeHCf(L^HbQUrRoCQqk~gIddQ(5PJhXOC%N22X5ZfINX zEgKVfFfzs)TO@RnlH%*YcL&C&gAq38XUc&00_0y?Mgz{4-`8TA*LAu^+|cPUFJB`Z zKj0qTX(V0Wd2p1)^DlJ%$z4*Q{!Dy?T^?eg8Nb7u{u4UM1{}*s39bZJz6(53@IilxeE5=hjn)QiaHOB+cEc0@{YOD23J9} zgglLB8DkGJ&!~G?!69ID;Nl%~501LLGuja7Z+Fk>+&pS-X9syM9D3?-UzZ;pW6XFQ zT8qIo<|};&Uc{K~^UUt?oXgIL@$FlY9Xm#rC~s{jJks6oAwP^ouF7`z-JO!DtSg8` zgEz=VJ`S8G4{c{#@;&sswzFcmt8@8Cv$G>2UhnN)j-6^8G4a@O`oHrDxB)%c_5=q% zs=*7zS(VQn{nq^B75m!Ze_A)$BOIH@jmQhD2FWHh(1Gj{3q~8WRevS*9l3EMy24Ph z%;8Go`EWzlwiMo53H>R@te(Bj`%P;{V1Mjt*=WkH0&c)3WLF8AKD(b9>iem$_Y?6- z<6H$^eJw#=`x^8rnQbxjT4Rn3u39?^+e!*D+p>Kdsrz!$NFUD^IAerveNWOKw0o8M zgnqYiXQIuYN_p3zOYK$YHa_U`D(G^X=)|G#$4X)`yWc=I*ZMoOvXiwx;4XzeE{8ro z*SYyyb2}fue@>_Jru@MD-8sUWsy7B^5+56puVk3LNAmV<*nGRtAy$%O;U#i=m+|Zh z@++noA3eC;B-g}+oM(>M(5pMmZ?E6bd<^?*lw4~a-2KyyU#kb)4=30weJN?dBjmvF zrc4M*K6nUx*}+~uVquX^P{4pLf-sgFE+uJNKUk z2b#cv`&h?~j88c5Bz1)YJYVp%jc<#B8^8hKTmlZ<5&2{sxML_BxJ-5lWCqDq+kxG$ z`H0?Rb0}M1V%zS>C>e1#GNQ*EX3L0EDUZpBX_1R8 zW0Q+E&VH;UEFI)saCVybJ$Teej*pyaM*n=~>1U3Ig~!BQB+-uK!ufo(&XuOCOMJr5 z9A$gTV}7zL$ljl5Pd$e@#`x&?$mf`=VHUnB+haF)z8yKOk#X&$57p7#hF`LARCmmt z#Lq;z75VI$<$RF894q|rB^+WKMg~-{T zmbc`%W4z_937mBVdo51A=T`Qh z#+sWf2l!&2%JrD8U?H}dspvxJ49^OWhgz4I9DDk;C?ns4-V<($9uxPy)A6!A z*02{nuH3*jM8DXIW@rrfj4%cxbs;%wTG6jW7g~=?dG;c?OI4>Ge5wEs}&YKq5N}EM)1AQ|Ux*i|-T?&2y&_DiqA&-&Pm30<* zQ|`>~+s(QgoQ-4|nZ#vT5p+O1U#|L1?CX}%_cmWlAL?81Q~&DYe4goBF=gE&1D)6x zA2{GGLiThQbW2V}My(iWbWV}q!7j5PS_!`ix;hW|k~)`p&CUvRx~i$1A)IgYpUoOa z(fhAsoMB)wC8?-$8a@kQ+7{1hOPH}R}c{6Tka{uB0S?Pa1N2QPJ( z%ux0YJEsKaU}f#&T5`b8D$Y!&kc&$^X0ZHvx^q9}A7~{10DDeIJcl!hU@bhaO7>{% zr=@j`%?mhNtAVfVg4alY%0myTrK}ph=m!_3)1PD{$JQu0`*gO(>GZK4TcaOaqtlKB z{ZtsIOFUg51RH}c-;fQId(2{?>Ouxb3z9` zQ@7+^+H%U-mt%GjmA{D($2oON?zY!qX!$10-rU33#5W3=uhvI73T3;PU$?$_KK2~( zki>oZOt|fw-Od2k(n04NspJ4Lo^61?izj$EyHY=X`usd_mECR;-^wH8)O`WE|7-ia zgEKny=d>RMM?CRyb7ma+G-oh*oDHw}0p~l6vD{4RmA;QIh%a$k@9nOPE`vF2CHGXD zD>W$oExXn?fbCAs1~Zt0)gRMI)8O+v*w@+9y0U2J1#qez{1PvGE{S+<_HWsowXa!5 zQgAmiM>}nZKOP?s4;$3SO1lrqXtDf=Ra$S?xZs&&G~vn#T)6HW8yB*3>X!7={>N}d zg!{`mb1CFZX*uK7K3vY&OTib>uYZ!US2D8b*Rk7rvD*$l_lwc- zp61WDds_BP)!n`kS#zreJ*Eb`-6=u6gGs|&q2*g?Bh=w{@+=>mtjk2fuNAU?0# zn3s5lbB25Tt|H>pV`o|RS}^t;+SMHbR#MrCcCmv66>qJ!8;>W?sv3!{58fTeg9KYF zIe2plLq(shTk^Hj;lb$B;6cjYfCpp$d+?x*eD>?$C%ONJ@ZhOk<=Y0~!ByaauL(N~ zcwm3W@gOt2D{C8gFypVlg9RPDBRpu2&+DDkza0;rqpcHo;N5XU0v^0_VsF_t`~)7n zPG3Xv1N?p*ey}W&A8^L=SMvk!sd$jXS>)ft4=UpPKzL9L9&|8={}cQGJh&qf5Bz@P zs*T`4-dtnsbnw7mbcIj0H`!c-59`hK!iPKl27I`~!3WLn>wh0U+>wY67GsOXc*6t8 zb;5~PY(4+Vb5Gzz75xpR=ZmM;6H{Gk#LmARpQqUQ_wU%Bb^cv;!e);RFz7+Hn}uvA zoN?A%dqQJ;A2`#yS@3_2y^XzI{J-sH!_I*`o$+vrM&z900$!7U*4jUE}k3f842bo@j$`=H{HycsLUo3ck6U*uzTwA^Lo`kUJpdiIzmYtBn>ZVh zp3q1RL=v=Zxzx=at;DUoH!9Fyl{_){ZTimaxoh9pWkE4LEk*8k5;0rM+?{bJT&5o>V; zy5GX^0I>sFBlhtJih(ooUd$$EAkSTyA8IeCTe6mZ2O3tnHo+zGSALu`Q;`1&YM;p4&Q-Up0RY&d&cB+pA8)V*-ByN@_~ zIQqN?SA`U83BKUKPsvBmx+;I41y1E~#$1cdQTY!mI7h0$KfEHjxN|w@NzPf!&A{<( z_f*n!`s^E|c| z%FC>^NQ;!l*W%Aw3s+`W4?g3{XIzcn_;~n$e9DpgLuJ==zom1b-Rwu<_iM>lZS`6g zqF3WT9?tE4Ydd~+X$d~#l4ET@XU6owSe;dkLrje6IGV3;b(_m-`7IyL*iOv7)s@*h zj`&NlF^p^pZ?!RSJ%D6%6a6#v;AG&aX+rN4gE{on4HgF81Pr9l%HW%1Sr-Pi{;%u_zNA>?cpX zd|xW0t47Zaxp@9I?Qoak7F*|KeSa$WES?V@mV%F$gO{HJKQ9BX=YiKJ?ugJHbW)Ew za(1Zlmf@lLOY4^WEAMwV7@_C+eu>Xe`;o)v#=&Q*&IyDaK9>rgLne-|dx^d7f`!T2 z8*O7kui{g7>kY~~mS*P^zL_!H{QgCucH)9H{+B7=s<;Q&c>B(jM%va{kl@FhpD}h1 z5B)QBzVqcknAi#121y&w2(~u^*G<1ZH}uZF4@b^V z}DSLwAl0T!uJ$Q;phBJ@e~W7U!66`=JIK5y9>~rSKvE4zmxqJTTo86 zw`J0efp8}06Gn1N@Gk7Wx(mh494rG`uD-i3MxPnj2q%#LtMFCJ_7|Gadk7wT^KfIe zN$j#k9%D}jw>^nsp4dJI^N>U?kVE7(1u{$0sq4T*(HyZQ}eZ=n?bmN%H*oy=`^MlaoM7h{JXYerFPyRc_!-k9jIWvT zX%G3NcoFEa|0QA^UQ9S!JVYO{Tt=T`{VxL#=7A3-;6*Vsg`T)8rYC~uwp@3@Hc&bj zAICAFoy11HWw((Qd5!O5d`@>JW_=jj$Jgfs!sEfij`IWLpBfgy2ZOUN7dervE}b>V zuc+X{b#z*lx7KMj=egh09VYA>+DFziCx3NSeh;ys+J6-nzYbV9&#MOp zX6)fky$JPu?7_J2=J#<9>(t!^zey*)wH-JsFL)b!j6*B0;UgelEak^O#OGq}=FBqE zdmE`ETc5_Tfp*L2|8PS8o9W+qzJmVMw{lSH?C8Z6+~FA?=OOwQpFeqKblS5sd!Md! z_UX~c)Q?XN70tu{4|r>Bw2xCBv*D@yx|yMR%7c_ou>$y5{H$}@u%gZ!qo_dpv-ade z$tE^#?%Ktc&Ak}~hrZ?R)IOX8&3cb7+UI58^)l96XtMiT#htc~go$57_VCb@Bz!m; zN;)N{^)3jIm)Er8^768c{w!kd4C3z`etbH7kY9hyo?{%nk+TD7 zMZCdbWE|P_^sZv8#bdjOA5&hXmBe1=nZ7QKb1L?ygV4b#ZSq`gR??>0gHE{X(8U?i zxCrpvbdY_f4Su5iLOhc5nN1hcmu#n1uJkS+bMY|t7u6r|Eu+udSl=8swl?+pKSULvJQu-C)>FA&=LCENbFi2v1^J|Q|{C& zh+PX1V@Vr!>{^gBZq=6@ypr}SXy1kt&m1__(e8$GjBq3TD!|;fjn?^W8vC7WSwqu` zc-afo`z@a{-Q#Lmf&Mi1kNM=&exG#}j@`++=C94f4?iuAbD1rQh1Gs1y+e1|&qwBe z&z48hBD!1tA^H&?IC1a2a0L8Q-A3#Q+9!mQD}xi$3Wsy6BbvEve;TE#7tq)ZJUyFHo z=z9)xdLCYu#l2vcHf(CX-3?yQ#z{Q`8JB)kUd{UH-CE?uI)3|o+>8FLopU^_dn-GhEU4G6!lVB%ybI(tk z_JSCk1%KIi@4%?D>**x3AA z&K%$qpd*R$Q&;(LIv&KEWi8`D*6goN{oIUnk-g>rJq z)d91_yB6MqUWEhG<204n-(&H1eQpDO>J8Qu8KE<^EuQfrV=9B+l`%)@)cC?2&Ejr{ zozPg-MaZGXc=$moXWOy7>>H0umrUtB?|4>zyXpX|>Ua!e6dZNrK*j9ntY3Zze;!57 z!NoD(gv3}Lo2Ev|W+$D`#s1G-j9(qbIwc_&3`Z_Zwqr&b4OgUlf)Pe%*`mEWcIKl! z+l>4pu#F=B$%b*_e2%?Dwt_SHk9*i(ayQqS)JvJ|AH_IU^3fTb z6Za>7G{+Cki5HUJ|4PObcSca-vCPb1 zqZ>Yt?zxAxl<#S^%OF0=xT$08!_6DUey4fTIK>O6aaQKZZQyLK7uwSAT5!wFf8~*X zXYu90`*XnkGT=Xtbtr*;io>jnt+Q9eMr3srUx5ADRR^Z;X0?w9wj zHCZp09djais)+N0+mH=JU-IF3^;L8dbO+IYxN+cNa)%tP2Y0no; zhK}F0tD~)PV8ZG4aJ65Lz2o!LznwAN!DkJ>PxLiwTJPP}0~R(K ztFwWT`d=UKU-3EtXw)g6!gvb5ZmvFH^Qj4u+Jt)YJ5>y4PMvX8)*5p)xK3N?k=qjL z>?F^Te53@^uO~b=c^;eRsr$#t`TldqSD0_lwCy+UgoX<5R!o#F@8ycm-%Ojxez{Zd zTj`m$bEWJkIZ^IuA)k@x`@o;wi(Rjoi`_}a*X|u=EdEon@wIx^#FX!-<)8Tk<9cG%WPkRemfU5Fe!=Iu`=+jXmHNl{_~}by+{!y^c%J@+DXVU! zuRYZJkWT^s)3YvF^c~7)Wc|aU@mVt$&7!TXpC7e&)8tu;whs3!-o)=~Cf&5^L4Gfp zbn~ib@4Il-mG^yi)rB`qSv8uEG3nVwGxrpB{&~_fi~RN6Z-ITHds5pXGhk5GzQ~*s z{~jIx9_C)8=UMD4o;l{o0DDU=XRESh`p^wi$V0O+!x;OcdgChcZC^D2UhP;v@6N~T z7u zXuo!?xw?e^<@LsDgYPo>D<_7DxLNR+dxzz-^9lNS4zf$mFnA(9S)O5%*JF9sbf2J~ zJT{W6Wf#w*|898V2IK|uT-+qRrHuUPiqC1Kf6N(FV7*`YHYGqs=e%pI3 zFmu|8wNaB#p7X1=k2hAkpb`8ako7#h*rsXcWSQowzBJbrrl+f%SUwkZWVh9LoM(#f z^V-jRC!W2)_;iPY;#Hk`(-Ow9khyH6ukGuN)yo*e?TkTjs~XRD;VD7pSxZ?P|20p= zxGrNHg7Z6z&#d#Ror4pMrNkJ9GLbhXB4Y@KKJJ>jyZW~LrUu}{TJBfuEAc8hAcu47qdN z6ME&Fvr_#ZFjt%W_7nfS68LP~$r}1&dBL03WR7i0GOuc7O{2v1)>Pk}zmoFSczF%w zHI&z?9GdeDzkf+yPRC7LEdRWG+t<51_%|CjaqoLU)%f-HeO?~mWuLLLM@93Df*jgZ zzPRWGMnRB0OXJqQBsuN{U@$&D_V1vt3vPRm`>tmmiLj9@cv{%7=Sv3ch{Hy4+==fF zL+={u-P?fctpAU_H;O#UDAVr=^TKwko7PNhd< zHXk^XiSC_HW{+Lzc~Ouyk@qf;$E1J6`G<$U#p%hOtH3?^5a%!GZ;5zwfR_a5i&1^< zg7q|WSkp#r)*LX=STGRip--%Zb<_g(xb>_9@#c6g0?9^65cw6`$?uZ8~1mdv| zqIs4w%qgeC8}^6?v?kX%%$3^(Z(#_Jr=`H18nw*VaAy>Hqt=+C7|r#R*8n~2MRdY@ z;KRph{fO2EXlDcMihIWW>^r33YzLw>gE1p|kE$hZ$J~~!QeFPYPGrM4{+Ax+TO!NunAa~Txvd6+O=0x?=2j0YF*L_m^joQcg zPzTxT45(ee{mAV%@=u5L)OUD1o=~^p?lnExBw8Tc0}1Ua$N>1Z9vV)Cdl_^tXBy-V z!?)7ua5il?3f@NmJ@1-glq&&s2-cA7^!Ty2@NU3)Li8413(RplaT-*wN}zp2-(y6> zm?;bDf-J1j!8!-@6MS$UjF)|%o^RKty{e!?ys&?S&f|=SvDhc{UOl|CeHO+BpCD`r zyt7>ccGUKx^@tX@=NgsiJJd(Qcgd(uTR z#eVYx9yv}y?>jsv=m*&P`2c3Key5@z#EivfdhQfh9rhpD9 zgPzi#!kcWb;og0D8VlWPgmm8zOf<)KL2G&MrIUj^DV=(kotJzEa-%@OLI z1Ju7|Fh{V5wc4@lIRaY;pnOpMrL`-ZfYH7QO1n}F)7Q%JG?p>!+s%M}b|&cXanK7I=uI@3@}Ofppr0aMzU=S>A3FL% zwg+S+v}7T^3e!L7OQHD3%h7l);UzBx{VJ@LM)K)?})kAAhhx=gA znh8Dc2BZVJR6vJsKcFmB#9^M>sR{e>(5EoCK<~IY*U$g)F??T!xo1ddnme`aSe+Gn^;XgS~F{-SeQQwKVrJ zEFv5S9*z^nBJ92$e**=*e}cm8hwp)-;oTD8RTuS{Ik5ghy!Ct)_^W_6Ff$S+tgA->r_VH$uQJIlnG+Y5W8gK;z#A!|CwnXUnMWTLf?DX9I2 zZ+O83A*Oatfwma-puK??R2NY_G=#Po&8w@nV*Z|}O#qrLkVY?Y&jhp^XbwPN;`=1v zfpudmnu}xiNf7+cBb7ayA5|!OXp>wxXga7&2|9G MxN`v%e^yS0HEaTf(O?rGGx zr^CDh))UepZs_08U2ZniG;01Ojmm#XLj>Z6wv$1m4KnJXNsnV~1=*mn2;nXVdQGc0 z?uT#rdK7519(mAvBbpv-CLio$a$$Fy5aoi(0Lfoy-$?l**&BfDe}Z13a^aavx0RKk z1!-}_Od`ra4$1(^TZNE2k~e!U2K(vg90dE`6mUap8>qi;i$mp&&N9%TU533Bh#UGV z?anv@W(7@1w-e6yv-f&nzQY53%|y^s+b?>CNC$!DuFV; z2Kw#!XaN)Q!eG1iOlBDX-xrblvytvCKz|OoH;~+EGAtKx&qeNcN$v)+tQLqT3%Qq# zbT0w-G~`}0(me*;Q<3}qk?u5zAJs$8mn3&SUR>Gg%FBnBLaF-3SJ&{?t=tC>L2(*oOu=S3r4lX_)q}0Ubd4?LtG} z5SHdVf--`#L;HBO#;7f=5M&wE%COed!#A$5K5+=*tOS~M5U(x#*|X~t)($L#@}Wf< z>?7(6c5VmG=ooYUF3+Vv(+Ojh!A)jxH7C5UJ7~U-#&P^Gu}5bK@eRk(K+icK9Nf(f z=RH9e`k}rR7#W!Kr^A^@q#HZnPE+>2Fz7y3H@F}SFN{U_U`)afbwmKxi8)!0wR4`( zLD$h(AJr99XL4X2SGg;g*%Ale)Wp%wqA?TboUn427IV0q#&m%B0-Bfi!X6mf>-)}0 zn}EhFUCV}3f55)KGQ`F6Ihgrl$nY_YRfTyzYcbIpAKU#yFq7@}L5q1A_Ah84vsM_l z^Fmm3AC@7=z7z6AhcVzK^bI@2r7{@Ig!LR@l|e0LF02*s6LEbDX2PDV3Ol}UTI}-z zZ2Eqjz8~me-XzCu0N?J@&Q65==tZD|ofB!r31balD!#?0QCO-}alTNsChy0NPHv`H>B(ISN#%oZnxv;*C#>_~kQJeX7i6xZ(V$cH%XqU|4 zEDjf2KOO@8Fc&%t$P43CJ{Yg^1C0RCjt5;4Wb29(=!z$57mc zI)~1ybb{U?eRHu#=a(ekd%+lyo$mAyCT%mEH$=KMoxy}Uis_ax$z7PibSB(IN$#Qy z&|jQhlH@MQU@j%xCzISKGnf{HyFAHVp21u|xGR#}6&cL=;7;gEE9^tG!P+*VFDr<$ zhIQ~wgdKE83)daEya>LnL;aMjN-LLy$_~i;L1?>CzUitA7W!_jZ=yl50q6ws--2Yr zhpkT`eM&{)#SM!4LB`;pCk+1c;f+G{K3ShG=sc|Lpm0}EIAdt*V2pTq44hAexhPsc z5f??@=!)klfj_L#6|vLRXRy#abZol@gT+PIwHYilfB0P%9I%!|(m6xe)Bn0;3Fwd& z=#nMq)MC&rT<^HXu=S2zp3D$t3{jp;2J;ilb*TJs0za2wJj146K$7ad9fpG@KKV(t;69f5+tBeCb zSU>PV-=iMj1HUPM{AjqJA&j}%vax5d->STX*L}JxmhL+!UqfimIH9dW>7#Kxj5C;e zQ06e^#>-k%Wjw^E4d?LKdGR3S#e>1jBl5UBg!!)Au#cUOGD`Im$wpZl+R81r=gM!nGuI6CD*^7|je#?qUMjTW zL?YZ$QhZAp%&p*F0y>B0K-9frHcx&baDEHhFJ|-X$6)qBzS->`v~k~%T>;ucu){ub z$`%#OejM2~F?%=>q!!xYr)#=^M<2E{|Ub{hzqXEj#ExwqbXwvC|CsU z*=3Mj3A0NfyAfu;gY0gY9o9=Be$0Lg*)uWwb+BXnh~`~@_#1;zTBz=et0Y36bjQ#b z4RBYtF62cI`uI{#jygnt6yuR?KZNnlwjW^gi{5;kn70q?L|&7@p2KNSjMjMCU|ohD z9m0e=_gD?UE9%?n(Vz!d85i(G;JOjPV4}4RkY@o;DDD=@U~a+XM9jm`{xs5UG#8WM zLUWXV)rA6{EfihY!eF|>y;6iOtU`7LOzz_F9UY+yBFK*Gf<2-!!f0&3z8`dfkl!bu z%fS7*ksar=3)#!CFmJ$)=wVI`_ny;=Gw||Ehqy8nurf(QcDy_fBRj|lg;|W^al`Cp z?D#ReDY9o`c4M$#D#PqZ$EHL0%TT8HI7dYk>1ix2a60tIY`N~B=;;myQx5bL#xbC$ zm>$q^J-A5HgA7~`E}*o_u<|~~<_WW(L3Sg|o(pzDMkm2uLDqwPm>yh&JhJs*A4w0A z@G?&#=|Md17XP31z#Q&_`?oW@x}Zxx4lr1qu%=D43y@EA&QBQ4$Gr*ko?d+Y-lZ(p3PvP^Bu?zYsw-h9Whvc{&9@K(jnta z21^t0<$>tEuurT4Yep*Q`_Y~7*Ud|-Q-yF=pI7TGfqpFj%s?>5bB;Hk#VKe`=NPXt zokLKCA9%{o4PlzYI+hRo?c$-;!QF|%`MC_{XQ)HyEFwC`h2FK%0Dcjl!*KS8ewM*< zg}Mj2%@PJ4fZu{#I5U&TDZbMO{&rntumm7IXsv0aMEFK zn?DcjtEWO7NQS7NBI+TMVJDoMC7&n$#~U+{CeIDL3~w-)us%>EB8SZ}F?|zJ@dch? zl8XAF0-ifCegzo;Pr^KR7)&MLo9$kT$5F~)%7dFH?2jyhxI!PHd+0>i`Tt@woQlpo zdEvTFf52ejeN_QZB^EDyKZA|qDj7_)h8GI;nLWM+`L#iKbe<}g2>;|yKW?rvD0hD-I^Ipv}YO)GI0c%gf$?Upu71*^Ugw^8bBsSM4q}BEcO`*BCta_e8A-KPg(r)+)xb20kua35C?oa@EP?1Y@WY? z9uqS9#$fgkeZc1sW?~fGmXAvm-K7F^I0iEzO2~Fcl!PsmC)1M~Lx;(IyqRZ1sa#keCS@EB8eh*twQA4RLxyl3ew1H~rD&dV(rfGm=~vkmS1HpK{$#m8<1{FIUjt2m`#GZ~!wK$rt+C z-))6G&bz%fa|5)wXr9K_;iVKEUaHOXhI$eLZ3Me*fIbqn4QQS=YWuq!k9+y(vb_uZ z{B9duae7yhY@Km8=h036#{aO zg!rFeYX&fG$7K?#%|!2U5q%PRx0>i@=|F!G`q|%o(q?VeeWGk5NHU4gW>$cE*zZ1C zEU(`h@&aLZ;CZ2M(PqJ#vpAMl(L51|`xd#s*+I(d4sB);kxqOl^Budt5yASKcx`4U z^fz6U{$>NEzGg%C?i3L3wL8-`V|3Xx*X!$@C^0uXv_z9A%Q%8!1rChWtm3OuR|nR9>Vl1oGnXqR$e0S zB!oq8m{k&EgN)Ji>)-bwF&<#Q8sZs-GWlI^b4fDKCG|bop-ee0xPJnTwP4J~?&q_$ zne{MdVb@zY!;I=J)+YY@{W5I%p2g*I7OT5xJgK+RAoowdE~3&1JcSUly@=CaB+2$X z?sk5pY_ahq_TASih+~AF-XO`gm?Ya`Otxe_T>@c|p8l3?>Hkf(gg(1KJm}5D-*xv6 zNw#+|+0vuwwmi{7w!G02wlm*Os>141GS35&JRWE>E5V&C4?bKTc)d-gKhb8f z?{8+e|Dt(HD4&1oZ8A?YDWA>SOxQm{ZGSS)Q%b#k`rp-Cbhi{bt3f>n&5pAb&wJ}1 zeIo0U3Gh~g=~6OJS17ZkmqU}SyItB$Gi)rL%+o<~@6cu%gL@d%*JV&&L)hbSOoo+9 zusOyKtj;CVKWnq+W^6t_U^4t2{|D&Tpx;Alp&?LjvHf_Fyekj~NiUP>-~Q;<@38o| z5zUndU3!4h1{udf+AtSPP8tk_JB4Lc(7k?5%A-mlGE40A_IILBcI=Q$P$7%+Xt!`XN^#{ri$#Q?ptsxPEPoE=AJ z#?f5q-{$G;G&sWW@wd+JaU^kGm6#K?LLTrwIhltCr{~dOE+qKm#@)Dem`31+`auUM zgZ=C_6PpuxLL9ID%oCI8!aBq}F_}jo?9X^zK!=%#%O6|!!NNO2cr>R{Aj(iw=O1Hs z6i(r{?8Wl@QJQ4gPYxSh_LFs(yUDVb3}e3I6y156kiDeNKV-j?BKt)kdu5P4oRfgL zDmHf*IZyxRy_)PYkjLdG|ECN{>n7}ZX$-jxrsMR}bzuDy*A+$FO;Lvlk1>jDz{?<% zR0iXyWuQSS165KPsOqrmfC|Ke=IX?}_J=|h$~Gwjb=1XG9E31uJ#dY%L2;0f}E{#T`foewzk3TMC*U@heTBx^%l zPKKk)T9GVkGo0Q`hiO2_dI9dXK!-VJ6j`4ES&h*5r6gHfl4Na($r@xcLe@vAvbO(s zSxZ4U19p2ZmUjWA31fLQE`hR3ws6K|joKMspn)^t!WPatOka>UzITw!vmAJVyL;H} z%W_QKXupRJ?Ta_adpfi$@SVL1$T{NQw#5sl_tIgm zCuHq`yLo_|!0iw|9wWCcOR2IBB+1&3Bx^scZE=Kn$Zd-ugl{CbEusIEHELVTAsp7O zi|08&m|++rz77us()8^nbB z6Ij#rt>JEOm&ZJl7ZqAeb}Yo|ns{C+$X<_wFK-g0(*WmQf7hSQVX#*j17{!cG&W;t z{ONPV^3;($$n9P{TMy7(vFvk!(C6g+?sMWP?cSC!rV5w%&eICGPHY*a-D?hioCkl< z=j1`Vm#3^BPzc}r!ndsGyTgAUyZ-HaHg;RM1269#e{_c07V1O(e(MYir)TL9>qp5v zNw`~*4trhW-`c|4mRS8XBl?p=I>h=>GS7aJ&g|D=uOE@y!HWvqr~Ol3 zP&@dy@5eA*63b)r@@Kr6%##rYx{j}zX6P_Kz!(a(gD4*opf^&WM{oxNQ!)abC7x#m;nCe2I|$xy=&%j}9eUrQ3(nzs-U@iUTsFLL<>c_fcd$P^{YJoJx~ylR z9-P}Wo9tPb3g=}z;T}gZ4zbg5L>#3$tOSUI=m)iN9)G8CM+bdVgz;F3>t3Y}^WZ8t zw+Zf}tcSq(9jASu^B?D|TOd7r&YH~g1P}9sr0;dOTOFqF#5^MG<)1k#9hb{*eQze| z`%{u!pJMus<`Kkvw|_A<-_0cIO6zF){?GMNV!ql5aggS#Fs3KzOqUL^jt67Brsrb(k%1E{sjbu>l_=>oRF{gZ|&NgE;LV z7XDxMVUl^c@vz*w%ogBJbPW2=lm_2}!8sVnV!hP{*->M$sPbt$t?{OE%$8fU4?m%h5p7BmF!(bodJA6w5Xa5R#^iBJ{!5w{5 zCZ<2Of7#&i3RpWTpwTp0TY;9~H4vpeFnp2Bn<(%Gd&{gS@T0+bCpJHjSHufC6CDox zC_@_#A2R*KUckm93r|+yEZ`cLpV1d3T{*L zFFY9<%%O3H>@Y4UjKfVhH^z}mr(rq`b+icfC+pA{0EMCXp**ASm?15PvYg8t=ni(M z!;lAb*H|dXFLz@|UnP_WeD}!Z@OBLG$M&-UzgWzVjh6w=B;gf+%Sd;SP~8coJqnP0hf_*6yP=zjs?s)^-ucS04tDiB48sD z-VNA|g!clDCE){rGfDU`;4%_E2DpucGXZld{z?BNU_yXWq621gD zlZ3AVE+gTafZIs83^1qCpY-nnRv_W~fQ?AF2Cy3mKLQ*}!VQ2kN%$GyG7^3XxQ&F{ z0CP_Jll~jP3MBjvun`G=1nfq_UjWCF@OQwOBs>7PjD&{(w~;XC0!Ux^Px@m4E08cR zU?UP957>=_CjgEmVKKm&Bs>Xl841e(ZX;m@z?{?nq^|^6frM268I2JJH%s=UG1FS&8 ziGYnrcsF1-65b0qmV^%g&LrW(fXhhu7~nP%&IHV<`X~L9fE7qM53msl=L2>l;R}Fc zN%#`rOcK5dxQv8v0&XMWGQgZ_f6~7TSb>D^12!Vz8o+KO{0ML?2{!=FB;jX(%SiYo z;5HI&1I#(=Px@~FE0FLzz(yqe5wIHxe*qjz!ruXBlJEfFG7=sF+(yEjrjWk+pY+E9 zRv=+sz(yoI9n+(yC*fH^h(q^|^6frM2680hlgVX*`KTyPUZG+H{2uMiHn z>G&B-$L=1MzWWo*T!be`m;~Jz+`j}j3wp5da(Fz8aI*<_r=~|q{x>AjA9-NHv{l+i*Pdr=kIR@H6NqV6Z{kAsC1)wP~3@l2$SOd8xs8eb{NHyjLVrY zMHhI3x(*{j+e{Sg?PD-prX-yarcx(|L#wa=TQ9nDA?0%WO!=|U(3C) zn69{CCZWx>-s6ZQMwpgC7(9|N!ucPd9uNO*3+A=uIA$U-B3sia@w0YebQ?1+$%1!lEns!M9cH z-`7#-GdwVVrzJQcZuE^pUy94!1}_JKpI@WUcflbY^qX}MGYNW{&%c-NB^QkDJ07k8 z7Lw6#%qa9PeK7yRaLlyC3>tkD`VTn0FV4RyPR~CIea|tB;K^p35I2NIp_fg@2tI5Y zNiQ-A{kJ0+opbs~dWli!Kj3;ffa^6OPw7$Uy;HDw{V4L68-@Nh3!@*T=>ODF=<{*? znTqF|$c6GK^fz5FiXuE5K~I?KlyG@?Io(}BP>eM7DD>O#e2T}8q$7|4h29C5&oc@? zizswN_%IvHroD`C!OX>@&?n&akjlUHDD-lRvG`K`N5)SeM@qP8IH-bt@==&c=z|M| z4)dkaBJuWNfBHyz_fhC8TrfJxEX*YSdyYcC3+KlIrziOF9fdyI8H+Im4@blwFbe$u zUSDqD`bNYbG79|#yxpY32Hk)9h2!Bjg<@23xH(#wNSyvTu4itGFiL`-m{Ir%!}ZPA z7Nh6I6WBTmeWe>lpo^C;PEJc0h5iy=U+$z6lq1b#O1MItkG4_j%Rvgg8ZJ*&Tu(>F z4&!M+Tdl}bLg8s!Q^qnpk-|cufg1%)GdOy5f8^XsC1bzD`^!xF4M>`Hnhxp$)3Vkmw z_eZ##i1@olp?`{(R~DWQLEke9{kOFk2O<#!Cz$zl6#Bb(`4$lT(=qzKQRw+HFn<}} zk@5c;giR{5RtIO!Zf$q%(-qt#P1IVpyF*k2edy ziJLgF0XL%fVTy%FhcGGL|A2e5 zM>-XZgtP)KEMMUr7{4vQFw+{(7hw`~F}VNSL5z-0gvZTv+*HR+YI>C9e?uZ2!u;(q zilv>BuVino5tJ&cFqrN$(%lQ!%N*a4?i;sZ^t=2=y6?sH*M0p+_gy%5boV{CgILp$dw78cwelI+A`G9123enHxsBSK{rK3B{dp0;8Xd8MK*F zn1yH$mr!st1&dSgR0`gKV;MYtycwkZ93EzmT#0lD|xB#8~`!KRxM_|1 zOXHXb--FA$LJad5!m%%&K2&FRc@T2Iga08|L#u5*K-fz z{B`1H0Pao%CrmoAZi%mB((v`S7~K8JEJAaL5SZzSx0eaHDS?|Vcze@>V*?zI4E_H< zWcTGi^W*{-3Zmct%>T*Ze|qr0dhma32iT3r|3m)*da%qAy@%ZAk+=fKgh*acFwq_p z;jMcKO3W1bJ`#6R+V80p`t+|O>5C{hhJw2(c;>f};SDI*mx5y`_zDHrQ}A30zu^>2 z>{Ao+Aoi;Xyo(}_a0({&vk7{4e4IhxP8<`ttfgQ^G1l%A{);JCnu3+Dj-;PU!A%tU z1l*tC$K=|`@GB`ego1Zb@CgdOPQf!N`1HQ7=qR_kF7#ZG#f@e}NmEQ5@$nZH7 z{DKl*nc{Ck!Bl!7ihlqF-^MW^f9qQ#`AIJsiFZ+O2nE;Tn20Y2E|Dbv`btOQ6pDW& z1vlZCh)?hK$nbx|{1p14@{!@G{?z#X=D!k;pWv^6lHNfI?xEnBaN#ETXGg(Qe_!06 zNbfd6^eg41^>b^kss^2k?HACa0&(2 z{{^c*8X4ah3XZ`sk$w}!|273nJRTXJ-Cyt-ihm3RkEzGvBhp`qW1@~MqTr(x-1HYb z^~p$n$53zpj*0XuDE>thOm7$&pUGcv3dKKwf}3zmq|ay^8NVC_hfr|AU+@cxze&@` z_)k!9I0cV+iqRANdE%HTA3F-pq2QLkVC82c`AMMQU(ZMSQ*jf8-rz6v)bM}9?W4p; z$iwl)Nd8PH_#g$>{sm8M9vL4$1>516NI#k4?@7TYDD<@y|0@*SPN6q=Ig+2L6l_Pq z;W+-y9|h-7a6KjbbqXfdrwNnLJHjN=`S(>;8qLJi*3fG85^FoNC04fjYh8mwG<1Aj z-8_7Q^)+U1a1HWb9qRAp7vSsR=iwjX;jXVvqp1Z1d3gDIg{*cB3UZC0sgdn#0TAvX z9^oN0wRP*^pa1$04>ebR_n`G&?rL7{5Ea`)Ex;EnK_0%Yn9VIXn6`R#u&e)?^#pkM&L(&D^IAhw3-$z# zLR{TwY9S~=h<`n10{v=t54X^D7-at+)ZOR^2Pww9X()noq4FGPaXn;KM^?+r)yjI# zwE3(BTRru6oP3tpx=kVTLGr?T4-%IyU)S)?`^n|9CdHJ*YLV2yy!-Qay1!QZk~?u- z=wmVdp4Jxm!}B(epMGKWyKyT;v=rCQJ?Z^RrEB3Z|Gw9QwQ7=nljrQUn`mkNNcUXc z9oF{Y?IE0``N*?iCVCTQoWTn@bi0xj@KlTb{HCOSQcw1iEJ0^DiOiPPqd+VH1 zTb>-pD*h$ycXn>F6bruV*}nCpQf00=HAjlk$20w59Vb)IhtJO zAQ7#b+LG;8C*CqMYyRqmpDYfieTx+g{~qPK$0^=?(X7*2*Ou)Vvvni9l~!@wDJ*`u zx8C#pcX^JScvofBDp#}VJombCT>&oEi$ngC9B*`=bjX%5bX1BoP_UoEGkCL_0A%R=#7W&Q$ezST>^VT5cNi79;a>n>jPlF7u2d(6+-$sZ^nl8<+C|!L zdafo#rE#8GQ9jS3(R}ye%`(L?M^6|^FPeMI%<`6H{?%*2y{FdPHW$yR$!_C`c;R0Z z?I0)>x@X*k4}SgprE^a6K9H|wdff9aSQN75q47rzzE_Mz?uPrlo5h128lE$oUc{K{ z4usSN*=k=^6~PGqVe)W>kO9QCK);&$QbX zWz%MqJS&^#m;cm?zhVNPgY$A`$u@_S^ASrfDZVQ`7GBx3LLjtZ-n^#w*DG%Bk6xi; zWSpKei@wER%4!$ufiW>0gH;NQ>=N3#W!z@g`*mbPImG1;{`}m(*sJQ0yY&WbfwQL; z`bC+HH<Ro%QN;d$DG4)3uaWr`C?GIsE0Ql|iI#q1?9bFIII()V6Uh+SGbR*vszn zdHW^RD;{yoTqSQ_^{XRl@0PANgE`Z~-S=$#(0EV6XxW^F3*QQc)$jHZ>A56ne%9i^ zJ73rPeiiRlM=$B4mne9Boh#Lt8FaXP{QFqn?hA*74v2p~7+|l^)}qqlc_sf`bq&v0 z)o)G97RNuBcl7p9bh^*kcKs!%o6dY(qjK`?>8!D?OphhE6PUvi7v)-4E)_5MFb*#N(RVh0AX5&wMQndlh9dQ|jOf<*p5%j_hjmow|I%g4ev+ zSs4+1p(z7zqSA`j$ffnx&=nW7C{&+}oXP)jz-i;tm|HH>7HHnI?wPK5y!C?~XHK-G z`ig?2Du+)G@^8Pn;IXCf-u03Q)$1pg9ZBkYJz?jq$F6-sPx&nkq{0rm%exI+KQ?T7 zo92F>LwNs8uMZ;6Lshw+zA!Q6jk?Iu_WZf)#9O`(yDRR}ca<)FQD(SrnZvIy&24r^ zZFp8!ZnM|ivSw1>?zYF@)b*A2Zd>9Vq97$Tkwc!D7Iv-U$1wA`Yd&|!#MJjs-l#u4 z{iLw#^xQ+c6`jn~_>TI|v3;z*+aui26 zb)2W@p7THL{a1h7dUloSYg3zSzeD9V-xrLZoAOA;|AXMxwl^8$X^Kakz_y7RVx(bLm~ zQ=aV@Fk-ac)xKGqn)D@u_4xF|y-&l_7VhvjE895l`GK-&m6^&5Z% z8nb7c#|K5T@y1I-)=x7k=na~+uvy}HYL;yDd($JOUmhIRUbJ}g!=wPKNt;WiB53u)me=EZ#Tvgvxe{T#0im)04}qsw1EzjbTxX5kIrdp|ILa8FE+#6)9%(~yU5t9ily#!#9kpg zsbO)9!+_HLiDCsJ5AGK>OWhUh81JRJKAYaBxyS$fd#BhF!ZR{O_DEpn^U0S>6soL3G%`5X#9Mz^d&>!i@cxhYb{rb}L zl=GqY1hHb1ExjApL`oefh`DUZ__9y&>5HJkr>CL~bUv%x)p_W%_lZSn^;+NUM_dhb z6rNOX-K+3LVbjg+QzGL95Bm0h+doxyN=18Tg;Ay6yU^7&>$fPkzM96Bf2<>O+D|6lDd1sCG_%#uOB_Cxa)5}{P3_}>5It4cv?xC+HKA25%Q0(sYT`N&%Rn$DV1{V zjOz1W_q6R*Qr#w%J5E}*Ez;5>yG}-NPS=EnP6czB&~H=fA50NjIdvZ+J>*ft@=L`E zC-%@+9GsmPc)0zR>;kWHS0l9>>WVhri;DU~U!S(y>!}_-O~Pwurei`8m(;nH>#RPc zeO*zpFv3Wp@&4|Eve{Ge0t>Tl%ilFBUh`O9xbe)-PfLYAe>9xjnPs`>?LPX6wl3*s zUv0-0X|0~TPtii?a$M@?^YPZlg~KLV&EU3L{M3JkW|aDHRE^pfPuY1_y*cyvF4){U z@r7ypap&>6bGr8@zTAJjv~o*s&Bn)R70PqNA2}aDN_^RX}r5y%i!g1)AW}!vr8=uwF6hYmk^A5 z%WFexm!xIgxHYbgK(?fIYEV;!qzdEWZ!Hi2JyDJ zKUy^s7dbBvdUjiG`#0s9V{WPY*ChO^o3T}axx2?&&16-l+m)|cO&0Hzy?_3E`T4Z+ z!Xu*jVmp?$OP|)5ue2vJGUR>TpndMX0LQqKo>gHS58Na4W!I_7q#E@3D%`Q8y_%`L zHNkK{N5UM-oZ*g}iw;d}dAvv|{iN$tmQ2ZM^Bd=Gg{-pwX|>0syerC@S3iJrp4j5x znRjUS53Kd*uUQbCb$4TJ3%yVHWo2lrgHKl8Osg9HGl9m{de>hoFVMBQ)Ffl)&nMM! zSSavpS-yXR*Jl|=(ctz%hVfYuW2b6I_fOUQIg7;&{J!W*zbKnETk3n{51;ES`w92j zPVFlQ<WZzBx-n);Mh}}qt?i!RZt-gME&CTx@nO~y&jwc;cNetO< zf2zcd8T!NTrLgfOy7aNL&WTFrrd(B%+UfbMzf+^{qe_yq(Asu2+N9f?Rec-FeE6Dj zc~WFevK(mZ&YO<^?v*d1_Ca3AemSjW8BauDt?yv3is-roP3CrY8uuHq1>=UMsd!}9 zE=l6FHJ-~IxBQOrHrMj_cdTJ&EvdBJBl6>4tgF(!?=bV=&767YgjMS zg{3!DPO|I2dek@NWbx4#URPNy$5P%)8#%G|Gzw?-}wBDqR{6z!NDE_x>Xsy7Q;N&LXE%HFhmbnxJtdasyUtS{78GY0!XfqR?d8mIo}1il?te@v-73#(Fe}O?er3$; zhP|hBXPG^HCw%heyU;_+mn`a)`ky; zA91eFJ2+eGS^t?rZ+gIdzPEXjSshGg#rk`POg5AiD>0iTE z!oF^`9d}G7GO0^LL_WThYkzLYvtM&sSf_Kh@vL%Q8j`9lnbowpvA%yFkHu7nn0Wd1 z%QpDzyw7H-PC%7+k)m%I5UFkemGiF$7a_>~T zU&r>{2vSRHR^4OSB9{8_hVbOH30esr*+%8jlRTRAp54i_eJb1g%(7y=_Ja47pH!o` zHC7gfDoKCqXwJUtsu!HSK=SggGdDv^*1oa$8hP+8-_q(~|A7fP8FAY4ip5`AlwWaZ zELOLroso*mUiZaWL$P(wvU(L~Eta6i?W{F7_uo!W`JlOCyg>Mv*yoQw##mZgo+^4a z-;VR@#9K#_x(m}+hD>l#^_-f!U}@!SroIGsPRSBRe53b_E32``!hQmvFM55nmoW)S=fR9%Jh@ z^VmJEV=J7-?JZJq+fnNJt9)ftwp6r)`LwO=bk`841q}~9wijv^56BF((%n8tX02N_ zd&vEgo_twC=z#mmvPVaQOjD9=-<7RCF@{I~?byTa{OzAJ&Ne-j4nMiYMqg?CvMZBb zF=~ys^GL?5J+>rYIm1P1ePH>lWv43)(uX&ca0aeTj|p8Jm-q9)(n@2Y>QixV7Y27d z(Z9Ik;m&+@k$IZ3;@5`#=kL>^k+x|2F~ zVz#rLhqLPY2$j9gyKhW;lyK9sN&m(R3k4}VnZSt&7V0;Dq#coa$a4Dpit)VOr)?*f zz_)`odh66KNVfa@qVWc~X02==b`GDLv+4N^Z|A3DBFaL2@AkYkj5V7S*p_%qzWHU; zGk3qY{rR)rm`4eA@UN0*%+(0w46_hETB(z0+a7$bYyZ0W4~{doOE(nmEqGsDdd{TB zR;>1LU~&hi*^|me231?K`SzXJ=`-f~e*NWYq8{V&|1X5%^O4_19QQ z_4#ftRo{!&%RLBw*5HufBBUaCZs+_p(J2>eJe@-C7@RI=a_4hRC=9bxkd*L9lWJILuspe_seY) z!*=E<{OF%&R*-pMDeq#B*SqY3-laJ_~Y}4CeHI4V-=!}vvsWuVQJk+SyWTVOsihNZ%Wh-kou6+!`Z*=wnvD~m z-80nF{n|RaqzZs(i5Lk8~ckq#N8Ht-5RMqV@9!H^>~wUtY7(GlJ552dAIbm*BW}{gkcAbLm>~| zWwymByj;a!bwg!8E4^=B4-_0hdvy= zey*bT_@l{(KW{gxjbB(ZJ74YigIqU>Qq6ijpYuldb&b;R`=bk4IAEV zoK#<0=*MsD6FKcg=HoTz@9YnERgSZ+Ow4{ekAMCBI7P#kOWsY{J@?i2`T865bNEw>*VGRRlz&2)~J*>OG|x_eq6Ko zwdSfmNr9YaTeGh&ow?n5ety7#t()41?7SV~@>qT^Qn<#J|5iHbWyYt}pWzwYJz$n9XR z=@RjpCserQ!kqNUjIh$`wKurb&po@i%02B-O0l(Lamg`FU7k+e3;EmbWdE%Cn02)O z++(h|lgX3rrp1TfvD0y!lOL$xu-*Im(yOtNX{ycx(aH8R3b#%U^=X!B)%}%Tv&z6p zE1tV*;=W@GKT5))keQJ|%fmI>&pNbC>&TzzT2pwX)F+y$V=%2m>C8RBY7t=p?y3pt zTQ5#~B$9Q~I_S~Q_cf81x+i?!y4`KXC3U{b9aoQ;r?1>&rT1}DzLGwN`82zQMad1y zKQyi#;FDi`Ozv!o(#@H}Nk*R^R_-1ndnhTlAy`-JILBoVhkd(#E%p3m-+tFh+Nwg` zqkdza!-lnMAH+_5kz2;BPm^2g$(g9X$|X%<7K@**O&fa1cTqOe+@id!T9xa>@FzvL zydzT6Yt?q{{PlhD_f-t1SMzOG81kD%9OIC&>pb@({4tkO&*2q@K|2SgGW@b%2inyX zecUMUxmCB=^UmD4zON%9nXe>8Hwc()uv`9FmAxzgSao zw&s+O$8B@P1bx@Vmd2M}UG|d0Tuabh(y)AQxXI@GNzR+k&OLS{Qv7-Eo$XEu$K>`- zi~k%M@KUni^JLe6sKWQnj6KRH(z;9Da=&hAGg_dLb@AlgTCbLw@(seXtj+w6R5^ZG zt)HYH%df`uNRPJfrn7a|W$9`09ogG;woVUUdf@o@8wpc_jej%Jit1z=vPjYx&*1-kCZ} z`>cH>9>FgdZaeQ?p1^y-Hd@uY4dFY}D?g84$~;3io9XD=m6$(=t0&SvGtH&SGcxMd zQ|&9477Vii@VzDTb~sIokFI=@pgM{1>2mpZp(`Hm^N&Tp zJ5;`tM=hd>B(iKaV}v@m9x{X9z(U&T79XuUtHfz`WWt1ES&6R z(A676 z^t#haCuBYu?oU+`{Si`9$9G{>$+;oz1MaP*120OG!`j-<333Tq9iE?X|3_-$uBgv< zX=_hSaeHq&bxq9Om9{c%eNsY`CRZ#Tno&`%8n@fwyz{j|Rhbu?DzaZGDI3=LSAPl> zSXX8L%BpC?tXbFcO8HkZ+&Ax9By2R}msXql!$-RQ3qIYL)(&gH15%k+zifW%&zxLBH zHCmnX=XmM)=wpvHjdRoOuRfu3zOO%DY9MCZ)~xeQ=fkRf{X4j)9IrAmXg(}-MP}#6 z>MGl>F1?Zw*CH-lZn(Mq6nEFdq3TJxT#HnkO;|e*PI|_fnz4A1lbb8AKxF+&Ba>*Z zO>2zer>(nTy`w_ME+!{yqfp<}AnneuV{R>ssH@$YJ>nmARt?UsaI?tIsSP;q8?QXU zqrC6lgtp}qE-|#ZN$>l`ELTQ{J=u zkc>??m!z|@Qbde6GwRw&4&lcSpH5c3l01-+V&Px^foZ;+>&}w4%lR^Q)crm7>`>naG>XO z!Se8$+D}>IYy0NST@m27Md_UE?y7AJ5aD%shEi z=akKyt=lJkpL;>?eC8$2t(#8At#~o*bnEo|w_0ZXjGiCH)e{T?X3dp&>tUV6-{CS0B8+FG9N*n9bB{+=rbzDN9;Hf<`;?L3FQX4ifV3BFe` zdX;q3|IvkuOpze-65CJQUbM9wjm@v(pWIO4QFjZ^cE9IPr=8cIrkAXp+{Ja}r^d$R zE+XSyhWroj-tT8K{8Rh0?~K#t0^i?cjIGwW@O9ekj$YDWw}1Jz{$6bvQ-+5=e0*)&tZ70Vrgx?=y_&f7JBBn2PcSY|;j=Y5CcKO#xF_^O z#V6LP30ii;F)CLJu3m0?_;yu9vEC+S@7r3#G$oG#`i+kyo(k|A9Ny)2GoP1BE_ll8q)Yu9 zf?t{I_PrOb>Yfst(K5aAppyBzA#S1MpDDwq;sh<4TYYY=WgL|eOz~p)=q|t3#dH*V zc523?(CKqlu9&sWe&2F^>q(Y*m${wN?jD+4oV@k>u|R{c;V~?=t_;zdtQ@@=4o}`L zOV3_uF@8={{i69D%a}Wdj+9rW3qMU>Vr5e}X0ZZ?y;Ph@;`OOjj}3H;Qr6ZO^GdvA zupD{}E`MF1acZLN>&gvpL#}bF8Q08x(o(q4gkksPYov-j=hwNqg$+eQ6Taq;Im&I9 zS5|oC2w&~WGuM@)%sD-wWbodsW6n+U4)2$} zZ=Sn4+`w=4?AR%1?`tpKBFH5%)j{HvcGtUgg2{_2o_x4(e`aod(YJ&xZc7h8h)>ch zw5ysmMO1LL>EO^pvrSIB%J+TYT$f?c^*W&ZqrJj~i9I|bpL^zI495PLBjTN3keb)% z$PwyY9I3LiPBnzKMofF@m(8L3S9cT_JXxA;>uTy3GCe_7bnLM+yY$SDox8e9$H`Xf z{pTT`)&kuj=lJ*E;>GtyO02VTTk0nLYnSf#7@5Ojr>@QKI@<2hn!jwe>9_rREeG1f zLxXgqHblBUm-JmAl(;3N|hYw+$YidKzZ)V zjr(G%wfUEDO6}3|;eHeKjX%akvG`-q?k2IFr})msFFcmdb>d>8o`1;Vdt;>ImRUZ1 zQ@ZR^A?KB*B(H-PFWzXB;D}55sUSYX^f;>~cdx3J)6GlI_XPE7UdycWQY_N?(I|e{ zHe=Fo_3rQ&SLf_p-I}W8#yxL1v2E?S#SO`)=4F0e9a3uIC}*FrZRYk_Rdk>vVmS*xdMOgVK9`2_CMgcKaIbxk)iY_SsE`ALpFxtL7hn#O>D`7nzVC5nzkl|eea|t!=X>7g z_x_&m`(}=Fc)#Dw2t@8)oXopi(c!X|OAFrfT-Wi%`VzJ1B`g0@)h{qgl;UUCg{2nB zD;CoSj=C%oD2Qy>BK@)~#bMCS>$Zx7l=-KuY^UeV+|*x3E%^EkO(dL6K z-`j*_s+7rS1Zqeye+qipW00S6WdB|pr-s+^_2(HOx0F3Y3QYP!Bo_!qPwpS9=GFM6 zm4B4@aovYm5)|9P^4oTMco9fGW zxN!r0WT$PdsLAX=gR}3xJ{#{E+Q33y`G-h0tIxHJHC;WL;<+|7OOGd4`+2XI#!|5a zc1XJZC3o&*hYd4yS*o>?B7L(LFb0ta;3Va&ycYb0rD929w)ZOn&Hx7T&Nv$-!&eb*at#J%t zO-99=zgW*0b+Njo9lht*JYA#kL&<0KTswEX_rAlOQ17|1v@AMf=zZMzdyRoH$?oH0 zV>Z7pOY=O--2TJ3S;>NlGy9!2KIDXH=z9+)nvbgmc6s&(J)&tjYcYMq4ov8Zh_ma5 zdEvv{!vS}SWh&aAtqA+Tlv$n|5ml7+r$6uQn8h_(sod_5ktd>SbJ9d}R#LB|s$zdu zKV>>;Bhx(N`>E62vA$|mf>q5q=@S>SBnwZ+mWKBENB$9JrJ&@Uw9btcWcgXFP_<`L zhmsWE&zPxNP(GU2>5(a`HhgTS!Wn9=X*F$twYA&8Jh<`L64jyB0|&1&hkWIdIWdE- zpB-nSVyv`%6FBz2OsgMuICV5@?@U5rTFH}a7q#P#KELToHR(z|(xdOvdNTD++UbU9 zzC`-fH}(QkyMw({T1Bh%t9Jg^nU4Z1txvmChqgKCJZ*Ys(H~qB*|^SFjURY%l-A}g zekhieKBN<>)!B5taccxevo$P9QCmV*S$mTf&!29+gZ^<=JE(JvU6(nfSL?<0^uNUK zic7wGZ)I7xiTL7XcYTW1-x_jbao)rI9sYUr(gqcOO=g0m`ZdYneH%G>vZ8A7g$vzV zHnjx@C_mWDH!94kO)0dUa48O+U23nrmJ;7GSU1{IaEc=GnAKbR6(yVX#iF#qYkKbK zd@%>Yy9xG${vXW7NN6u9Jn!F21c1v(i^9HBNHehjc_9FQk_Z672LbBI`&H3nk-~f# zV%sg?8Xyu#=67IusLyMF7OU*J*BmF4O_0 zVYA3X0gk~(0niMm&*`EXScgbcdaz(Zhz~vxfJsCl@SuO-M_>UuWzYwo2|)0ffO_)% zyM=RIfDb+!fZ(%1)`xX?XknrL!FL0&3WN!S{sCE79<2@f6a%7=K=9!}HRzrJ55;IG zV~wC*bmopIlzK}%0E~4dCI|o@49Ie@0P#WJG9RA-93y-{pdPLR91miFFyG)NJ_Go( z5me#`{X7Ak>+d1)$`h|A8u zn$1UefVgN)f;I130{$grJyJV!Tt zoj)PsLYy~Xk~}d%09l`kkrLqRs1CXmCQ%K0#OdGKZSwoz9RTnOy+0sHU9l^qAbD0NfmQ-z~6+L b6B?vL%6cq8&Y^N8CA^O#>Oy2JB-j1}NHrbT literal 0 HcmV?d00001 diff --git a/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/license_response_corpus/b6b865b095697164ad032c2f695ed828f5754749 b/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/license_response_corpus/b6b865b095697164ad032c2f695ed828f5754749 new file mode 100644 index 00000000..225f87ae --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/license_response_corpus/b6b865b095697164ad032c2f695ed828f5754749 @@ -0,0 +1 @@ +{"componentid":425099} diff --git a/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/license_response_corpus/dba39b6cf6524e996397ddc1e08b928b5c92bb5d b/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/license_response_corpus/dba39b6cf6524e996397ddc1e08b928b5c92bb5d new file mode 100644 index 0000000000000000000000000000000000000000..51f67eb6f45ff450ea3514757025dad75ad500d1 GIT binary patch literal 352 zcmZQ#5Mb~Pe)&9``_n9l%6I{+~@fMf(VX%sP# k9UuTQ*8xgPKq6fYJ$2x&lh?fYKA7^a&_^ z14@5@(2NF9ngdEZKxwGCj2Te=3MkzGrJ?3Cg3VR^mVGHhZK~n=nCS9&UbkJIMlP}4 QB4^hv`22Eu*y2c60K#}7$^ZZW literal 0 HcmV?d00001 diff --git a/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/provisioning_request_corpus/53c26407b39c997143146a0dce8ff0ac11f565e1 b/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/provisioning_request_corpus/53c26407b39c997143146a0dce8ff0ac11f565e1 new file mode 100644 index 0000000000000000000000000000000000000000..a2d65a82d61b8d3fa65e52c8ece687ad11b4b8fa GIT binary patch literal 88 zcmZQzU|?lnV2EH~Vi5Qh*1sLdjRf)~!!uJ-%QEv)LsE-N{PS`uy;Ccb@+%As41kiv F008%!4Ez89 literal 0 HcmV?d00001 diff --git a/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/provisioning_request_corpus/fab3c99d604bab7b7bf5c54c5bd995fc98d4d96f b/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/provisioning_request_corpus/fab3c99d604bab7b7bf5c54c5bd995fc98d4d96f new file mode 100644 index 0000000000000000000000000000000000000000..a4ded576fe810d7540ac36f2d1391e33d774e866 GIT binary patch literal 88 zcmZQzWMXDvWn<^yMC+6cQE@6%&_`l#-T_m6KOcR8m$^Ra4i{WB>!^MkXM= SrV7HtBrgbNY%FA8umJ!SD+jRv literal 0 HcmV?d00001 diff --git a/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/provisioning_response_corpus/91e10d030fbdd3374e57a2720f09488f2b03ce69 b/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/provisioning_response_corpus/91e10d030fbdd3374e57a2720f09488f2b03ce69 new file mode 100644 index 0000000000000000000000000000000000000000..0616a29b7b8d7c332d597f338c650b780aec2e0b GIT binary patch literal 204 zcmZQ#5McPXg1d4m8w0~CAdqB$fbh(e)UwRH)R5HT692rMO7GOlr2Gm40|SsEA^^}7 npot763``6HmE0@-0l8Cwd`X<mNjIgCII05V1g_y7O^ literal 0 HcmV?d00001 diff --git a/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/renewal_request_corpus/97bf96be666434bfa93dbfb36b81baeefed14170 b/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/renewal_request_corpus/97bf96be666434bfa93dbfb36b81baeefed14170 new file mode 100644 index 0000000000000000000000000000000000000000..4e6f216d56f5e652b0ee27cb42ee96cee2019eb8 GIT binary patch literal 76 zcmeZ&HYJV$2$G@n2`HTk5<~*5KsFAt@yd E0P{fz=l}o! literal 0 HcmV?d00001 diff --git a/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/renewal_request_corpus/a7b0e7dca597331d7f051204096c9d01ba6d468e b/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/renewal_request_corpus/a7b0e7dca597331d7f051204096c9d01ba6d468e new file mode 100644 index 0000000000000000000000000000000000000000..748c29cff8e661c14981c5078b2cb4a1b7170806 GIT binary patch literal 76 wcmeZ&HYJV$2$G@nAt)UW5<~*5KsFCY-aq8_W?*1n4OJEo01amf$^ZZW literal 0 HcmV?d00001 diff --git a/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/renewal_response_corpus/38df40a320f60e955006aaa294b74d45a316e50f b/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/renewal_response_corpus/38df40a320f60e955006aaa294b74d45a316e50f new file mode 100644 index 0000000000000000000000000000000000000000..4abb16a8b5bbb92fb8d3df63dd0eff3f8f8de061 GIT binary patch literal 148 zcmZQ#5MW5DXbe?gXJA+b1e2dmiDMuEz|^DD=ti&t1sEZMEI>+yfr&vNw6P+Efq`8C HB8(sb|K<=? literal 0 HcmV?d00001 diff --git a/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/renewal_response_corpus/9962997b5ea87005276319cbfff67884846485cf b/oemcrypto/odk/test/fuzzing/corpus/little_endian_64bit/renewal_response_corpus/9962997b5ea87005276319cbfff67884846485cf new file mode 100644 index 0000000000000000000000000000000000000000..892a4edba65bf1e709cc7c507a1ac714561651fc GIT binary patch literal 148 zcmZQ#5MW5!JE?a$3j@O{ASix1C5{0I7#Ti(ss}NkfC`bq4aEQe literal 0 HcmV?d00001 diff --git a/oemcrypto/odk/test/fuzzing/corpus_generator/Android.bp b/oemcrypto/odk/test/fuzzing/corpus_generator/Android.bp new file mode 100644 index 00000000..e9939711 --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/corpus_generator/Android.bp @@ -0,0 +1,27 @@ +// Copyright 2020 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +// ---------------------------------------------------------------- +// Builds odk_corpus_generator shared library, which can be used with +// LD_PRELOAD command to generate corpus by intercepting oemcrypto +// unit tests. +// ---------------------------------------------------------------- +// Builds libwv_odk.so, The ODK shared Library (libwv_odk) is used +// by the OEMCrypto unit tests to generate corpus for ODK fuzz scrips. +cc_library_shared { + name: "libwv_odk_corpus_generator", + include_dirs: [ + "vendor/widevine/libwvdrmengine/oemcrypto/include", + "vendor/widevine/libwvdrmengine/oemcrypto/odk/include", + "vendor/widevine/libwvdrmengine/oemcrypto/odk/test", + ], + host_ldlibs: ["-ldl"], + srcs: [ + "odk_corpus_generator.c", + "odk_corpus_generator_helper.c", + ], + proprietary: true, + + owner: "widevine", +} diff --git a/oemcrypto/odk/test/fuzzing/corpus_generator/README.md b/oemcrypto/odk/test/fuzzing/corpus_generator/README.md new file mode 100644 index 00000000..f6df3746 --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/corpus_generator/README.md @@ -0,0 +1,79 @@ +# Objective + +The Idea behind the corpus generator code is to intercept OEMCrypto unit test +calls to odk APIs using LD_PRELOAD and read the data into corpus files which can +be fed as corpus to fuzzer scripts. + +LD_PRELOAD command needs to be run from cdm repository while running oemcrypto +unit tests. + +## Get OEMCrypto and Build OEMCrypto unit tests: + +* Install Pre-requisites + + ```shell + $ sudo apt-get install gyp ninja-build + ``` + +* download cdm source code (including ODK & OEMCrypto unit tests): + + ```shell + $ git clone sso://widevine-internal/cdm + ``` + +* We need to run odk as a dynamic library in order to use LD_PRELOAD, apply + patch from go/wvgerrit/95090 to locally cloned repo which has changes to run + odk as dynamic library: + + ```shell + $ cd /path/to/cdm/repo + $ git fetch origin 209721cc901745999e08e35466e74f708321267e + $ git cherry-pick FETCH_HEAD + ``` + +* Build OEMCrypto unit tests: + + ```shell + $ cd /path/to/cdm/repo + $ export PATH_TO_CDM_DIR=.. + $ gyp --format=ninja --depth=$(pwd) oemcrypto/oemcrypto_unittests.gyp + $ ninja -C out/Default/ + ``` + +## Capture corpus for odk fuzzer by intercepting OEMCrypto unit tests: + +When we run LD_PRELOAD command odk_corpus_generator.so gets preloaded before +oemcrypto_unittests and odk_corpus_generator has functions to intercept calls to +ODK request and response APIs. Each call to odk API from oemcrypto_unittests +gets intercepted and input to ODK de serialize response APIs and output from ODK +serialize request APIs is captured in binary format and stored into corpus files + +In order to run LD_PRELOAD command, we need to compile corpus generator shared +library and need to preload that before OEMCrypto unit tests run + +* Compile shared library + + ```shell + $ cd /path/to/cdm/repo + $ gyp --format=ninja --depth=$(pwd) oemcrypto/odk/test/fuzzing/corpus_generator/odk_fuzz_corpus_generator.gyp + $ ninja -C out/Default/ + ``` + +* Preload the shared library before running OEMCrypto unit tests + + ```shell + $ cd oemcrypto/odk/test/fuzzing/corpus + $ mkdir license_request_corpus license_response_corpus renewal_request_corpus renewal_response_corpus provisioning_request_corpus provisioning_response_corpus + $ cd /path/to/cdm/repo + $ LD_PRELOAD=out/Default/lib/libodk_corpus_generator.so ./out/Default/oemcrypto_unittests + ``` + +LD_PRELOAD command runs oemcrypto_unittests with odk_corpus_generator as +interceptor. We should see unit tests being executed. The corpus files in binary +format will be captured into `oemcrypto/odk/test/fuzzing/corpus` path. These +files can be used as input corpus for ODK request and response fuzzer scripts. + +The generated corpus files can be minimized using go/testcorpus#minimize and +uploaded into google3 repository under following directory under respective +corpus types +`fuzzing/corpus` diff --git a/oemcrypto/odk/test/fuzzing/corpus_generator/odk_corpus_generator.c b/oemcrypto/odk/test/fuzzing/corpus_generator/odk_corpus_generator.c new file mode 100644 index 00000000..9a3e9853 --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/corpus_generator/odk_corpus_generator.c @@ -0,0 +1,158 @@ +// Copyright 2020 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +// We must define this macro to get RTLD_NEXT definition from +#define _GNU_SOURCE + +#include + +#include "fuzzing/corpus_generator/odk_corpus_generator_helper.h" +#include "fuzzing/odk_fuzz_structs.h" +#include "odk_structs.h" + +OEMCryptoResult ODK_PrepareCoreLicenseRequest( + uint8_t* message, size_t message_length, size_t* core_message_length, + const ODK_NonceValues* nonce_values) { + OEMCryptoResult (*original_function)(uint8_t*, size_t, size_t*, + const ODK_NonceValues*); + original_function = dlsym(RTLD_NEXT, "ODK_PrepareCoreLicenseRequest"); + OEMCryptoResult oem_crypto_result = (*original_function)( + message, message_length, core_message_length, nonce_values); + char* file_name = GetFileName("license_request_corpus"); + + // License Request format expected by fuzzer - [Core License Request] + AppendToFile(file_name, (const char*)message, *core_message_length); + free(file_name); + return oem_crypto_result; +} + +OEMCryptoResult ODK_ParseLicense( + const uint8_t* message, size_t message_length, size_t core_message_length, + bool initial_license_load, bool usage_entry_present, + const uint8_t* request_hash, ODK_TimerLimits* timer_limits, + ODK_ClockValues* clock_values, ODK_NonceValues* nonce_values, + ODK_ParsedLicense* parsed_license) { + struct ODK_ParseLicense_Args parse_license_args; + parse_license_args.nonce_values = *nonce_values; + memcpy(parse_license_args.request_hash, request_hash, ODK_SHA256_HASH_SIZE); + parse_license_args.timer_limits = *timer_limits; + parse_license_args.clock_values = *clock_values; + parse_license_args.usage_entry_present = usage_entry_present; + parse_license_args.initial_license_load = initial_license_load; + OEMCryptoResult (*original_function)( + const uint8_t*, size_t, size_t, bool, bool, const uint8_t*, + ODK_TimerLimits*, ODK_ClockValues*, ODK_NonceValues*, ODK_ParsedLicense*); + original_function = dlsym(RTLD_NEXT, "ODK_ParseLicense"); + OEMCryptoResult oem_crypto_result = (*original_function)( + message, message_length, core_message_length, initial_license_load, + usage_entry_present, request_hash, timer_limits, clock_values, + nonce_values, parsed_license); + char* file_name = GetFileName("license_response_corpus"); + + // License Response format expected by fuzzer - [ODK_ParseLicense_Args][Core + // License Response] + AppendToFile(file_name, (const char*)&parse_license_args, + sizeof(struct ODK_ParseLicense_Args)); + AppendToFile(file_name, (const char*)message, core_message_length); + free(file_name); + return oem_crypto_result; +} + +OEMCryptoResult ODK_PrepareCoreRenewalRequest(uint8_t* message, + size_t message_length, + size_t* core_message_size, + ODK_NonceValues* nonce_values, + ODK_ClockValues* clock_values, + uint64_t system_time_seconds) { + OEMCryptoResult (*original_function)( + uint8_t*, size_t, size_t*, ODK_NonceValues*, ODK_ClockValues*, uint64_t); + original_function = dlsym(RTLD_NEXT, "ODK_PrepareCoreRenewalRequest"); + OEMCryptoResult oem_crypto_result = + (*original_function)(message, message_length, core_message_size, + nonce_values, clock_values, system_time_seconds); + char* file_name = GetFileName("renewal_request_corpus"); + + // License Request format expected by fuzzer - [ODK_ClockValues][Core + // License Request] + AppendToFile(file_name, (const char*)clock_values, sizeof(ODK_ClockValues)); + AppendToFile(file_name, (const char*)message, *core_message_size); + free(file_name); + return oem_crypto_result; +} + +OEMCryptoResult ODK_ParseRenewal(const uint8_t* message, size_t message_length, + size_t core_message_length, + const ODK_NonceValues* nonce_values, + uint64_t system_time, + const ODK_TimerLimits* timer_limits, + ODK_ClockValues* clock_values, + uint64_t* timer_value) { + struct ODK_ParseRenewal_Args parse_renewal_args; + parse_renewal_args.nonce_values = *nonce_values; + parse_renewal_args.clock_values = *clock_values; + parse_renewal_args.timer_limits = *timer_limits; + parse_renewal_args.system_time = system_time; + OEMCryptoResult (*original_function)( + const uint8_t*, size_t, size_t, const ODK_NonceValues*, uint64_t, + const ODK_TimerLimits*, ODK_ClockValues*, uint64_t*); + original_function = dlsym(RTLD_NEXT, "ODK_ParseRenewal"); + OEMCryptoResult oem_crypto_result = (*original_function)( + message, message_length, core_message_length, nonce_values, system_time, + timer_limits, clock_values, timer_value); + char* file_name = GetFileName("renewal_response_corpus"); + + // Renewal Response format expected by fuzzer - [ODK_ParseRenewal_Args][Core + // Renewal Response] + AppendToFile(file_name, (const char*)&parse_renewal_args, + sizeof(struct ODK_ParseRenewal_Args)); + AppendToFile(file_name, (const char*)message, core_message_length); + free(file_name); + return oem_crypto_result; +} + +OEMCryptoResult ODK_PrepareCoreProvisioningRequest( + uint8_t* message, size_t message_length, size_t* core_message_length, + const ODK_NonceValues* nonce_values, const uint8_t* device_id, + size_t device_id_length) { + OEMCryptoResult (*original_function)(uint8_t*, size_t, size_t*, + const ODK_NonceValues*, const uint8_t*, + size_t); + original_function = dlsym(RTLD_NEXT, "ODK_PrepareCoreProvisioningRequest"); + OEMCryptoResult oem_crypto_result = + (*original_function)(message, message_length, core_message_length, + nonce_values, device_id, device_id_length); + char* file_name = GetFileName("provisioning_request_corpus"); + + // Provisioning Request format expected by fuzzer - [Core Provisioning + // Request] + AppendToFile(file_name, (const char*)message, *core_message_length); + free(file_name); + return oem_crypto_result; +} + +OEMCryptoResult ODK_ParseProvisioning( + const uint8_t* message, size_t message_length, size_t core_message_length, + const ODK_NonceValues* nonce_values, const uint8_t* device_id, + size_t device_id_length, ODK_ParsedProvisioning* parsed_response) { + struct ODK_ParseProvisioning_Args parse_provisioning_args; + parse_provisioning_args.nonce_values = *nonce_values; + memcpy(parse_provisioning_args.device_id, device_id, device_id_length); + parse_provisioning_args.device_id_length = device_id_length; + OEMCryptoResult (*original_function)(const uint8_t*, size_t, size_t, + const ODK_NonceValues*, const uint8_t*, + size_t, ODK_ParsedProvisioning*); + original_function = dlsym(RTLD_NEXT, "ODK_ParseProvisioning"); + OEMCryptoResult oem_crypto_result = (*original_function)( + message, message_length, core_message_length, nonce_values, device_id, + device_id_length, parsed_response); + char* file_name = GetFileName("provisioning_response_corpus"); + + // Provisioning Response format expected by fuzzer - + // [ODK_ParseProvisioning_Args][Core Provisioning Response] + AppendToFile(file_name, (const char*)&parse_provisioning_args, + sizeof(struct ODK_ParseProvisioning_Args)); + AppendToFile(file_name, (const char*)message, core_message_length); + free(file_name); + return oem_crypto_result; +} diff --git a/oemcrypto/odk/test/fuzzing/corpus_generator/odk_corpus_generator_helper.c b/oemcrypto/odk/test/fuzzing/corpus_generator/odk_corpus_generator_helper.c new file mode 100644 index 00000000..3a720d20 --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/corpus_generator/odk_corpus_generator_helper.c @@ -0,0 +1,22 @@ +// Copyright 2020 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. +#include "fuzzing/corpus_generator/odk_corpus_generator_helper.h" + +void AppendToFile(const char* file_name, const char* message, + const size_t message_size) { + FILE* fptr; + if ((fptr = fopen(file_name, "ab")) == NULL) { + printf("Error! opening file %s", file_name); + return; + } + fwrite(message, message_size, 1, fptr); + fclose(fptr); +} + +char* GetFileName(const char* directory) { + char* file_name; + file_name = malloc(150); + sprintf(file_name, "%s%s/%d", PATH_TO_CORPUS, directory, rand()); + return file_name; +} diff --git a/oemcrypto/odk/test/fuzzing/corpus_generator/odk_corpus_generator_helper.h b/oemcrypto/odk/test/fuzzing/corpus_generator/odk_corpus_generator_helper.h new file mode 100644 index 00000000..c2f164ae --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/corpus_generator/odk_corpus_generator_helper.h @@ -0,0 +1,18 @@ +// Copyright 2020 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. +#ifndef WIDEVINE_ODK_TEST_FUZZING_CORPUS_GENERATOR_ODK_CORPUS_GENERATOR_HELPER_H_ +#define WIDEVINE_ODK_TEST_FUZZING_CORPUS_GENERATOR_ODK_CORPUS_GENERATOR_HELPER_H_ + +#define PATH_TO_CORPUS "./oemcrypto/odk/test/fuzzing/corpus/" + +#include +#include +#include + +void AppendToFile(const char* file_name, const char* message, + const size_t message_size); + +char* GetFileName(const char* directory); + +#endif // WIDEVINE_ODK_TEST_FUZZING_CORPUS_GENERATOR_ODK_CORPUS_GENERATOR_HELPER_H_ diff --git a/oemcrypto/odk/test/fuzzing/corpus_generator/odk_fuzz_corpus_generator.gyp b/oemcrypto/odk/test/fuzzing/corpus_generator/odk_fuzz_corpus_generator.gyp new file mode 100644 index 00000000..8acf1ac3 --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/corpus_generator/odk_fuzz_corpus_generator.gyp @@ -0,0 +1,33 @@ +# Copyright 2020 Google LLC. All rights reserved. This file and proprietary +# source code may only be used and distributed under the Widevine Master License +# Agreement. + +# Reference Link explaining flags for LD_PRELOAD: https://catonmat.net/simple-ld-preload-tutorial-part-two +{ + 'targets': [ + { + 'target_name': 'odk_corpus_generator', + 'type': 'shared_library', + 'cflags_cc': [ + '-g3', + '-O0', + '-fno-omit-frame-pointer', + '-Wall', + ], + 'include_dirs': [ + '../../../include', + '../../../test', + '../corpus_generator', + ], + 'ldflags': [ + '-fPIC', + ], + 'libraries': [ + '-ldl', + ], + 'sources': [ + 'odk_corpus_generator.c', + ], + } + ] +} diff --git a/oemcrypto/odk/test/fuzzing/odk_fuzz.gyp b/oemcrypto/odk/test/fuzzing/odk_fuzz.gyp new file mode 100644 index 00000000..58f00b04 --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/odk_fuzz.gyp @@ -0,0 +1,40 @@ +# Copyright 2019 Google LLC. All rights reserved. This file and proprietary +# source code may only be used and distributed under the Widevine Master License +# Agreement. + +#TODO(b/151858867): Fix File paths +{ + 'targets': [ + { + 'target_name': 'odk_fuzz', + 'type': 'executable', + 'includes': [ + '../src/odk.gypi', + '../kdo/oec_util.gypi', + ], + 'include_dirs': [ + '../../include', + '../include', + '../src', + '../kdo/include', + ], + 'cflags_cc': [ + '-std=c++11', + '-g3', + '-O0', + '-fsanitize=fuzzer,address,undefined', + '-fno-omit-frame-pointer', + ], + 'ldflags': [ + '-fPIC', + '-fsanitize=fuzzer,address,undefined', + ], + 'sources': [ + 'odk_fuzz.cpp', + ], + 'dependencies': [ + '../../../cdm/cdm.gyp:license_protocol' + ], + } + ] +} diff --git a/oemcrypto/odk/test/fuzzing/odk_fuzz_helper.cpp b/oemcrypto/odk/test/fuzzing/odk_fuzz_helper.cpp new file mode 100644 index 00000000..d87e4647 --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/odk_fuzz_helper.cpp @@ -0,0 +1,159 @@ +// Copyright 2020 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. +#include "fuzzing/odk_fuzz_helper.h" + +#include "odk.h" + +namespace oemcrypto_core_message { + +bool convert_byte_to_valid_boolean(const bool* in) { + const char* buf = reinterpret_cast(in); + for (int i = 0; i < sizeof(bool); i++) { + if (buf[i]) { + return true; + } + } + return false; +} + +void ConvertDataToValidBools(ODK_ParsedLicense* t) { + // Convert boolean flags in parsed_license to valid bytes to + // avoid errors from msan + t->nonce_required = convert_byte_to_valid_boolean(&t->nonce_required); + t->timer_limits.soft_enforce_playback_duration = + convert_byte_to_valid_boolean( + &t->timer_limits.soft_enforce_playback_duration); + t->timer_limits.soft_enforce_rental_duration = convert_byte_to_valid_boolean( + &t->timer_limits.soft_enforce_rental_duration); +} + +void ConvertDataToValidBools(ODK_PreparedRenewalRequest* t UNUSED) {} + +void ConvertDataToValidBools(ODK_ParsedProvisioning* t UNUSED) {} + +OEMCryptoResult odk_serialize_LicenseRequest( + const void* in UNUSED, uint8_t* out, size_t* size, + const ODK_LicenseRequest& core_license_request UNUSED, + const ODK_NonceValues* nonce_values) { + return ODK_PrepareCoreLicenseRequest(out, SIZE_MAX, size, nonce_values); +} + +OEMCryptoResult odk_serialize_RenewalRequest( + const void* in, uint8_t* out, size_t* size, + const ODK_RenewalRequest& core_renewal, ODK_NonceValues* nonce_values) { + ODK_ClockValues clock{}; + memcpy(&clock, in, sizeof(ODK_ClockValues)); + uint64_t system_time_seconds = core_renewal.playback_time_seconds; + return ODK_PrepareCoreRenewalRequest(out, SIZE_MAX, size, nonce_values, + &clock, system_time_seconds); +} + +OEMCryptoResult odk_serialize_ProvisioningRequest( + const void* in UNUSED, uint8_t* out, size_t* size, + const ODK_ProvisioningRequest& core_provisioning, + const ODK_NonceValues* nonce_values) { + const std::string& device_id = core_provisioning.device_id; + return ODK_PrepareCoreProvisioningRequest( + out, SIZE_MAX, size, nonce_values, + reinterpret_cast(device_id.data()), device_id.size()); +} + +OEMCryptoResult odk_deserialize_LicenseResponse(const uint8_t* message, + size_t core_message_length, + ODK_ParseLicense_Args* a, + ODK_NonceValues* nonce_values, + ODK_ParsedLicense* parsed_lic) { + return ODK_ParseLicense(message, SIZE_MAX, core_message_length, + static_cast(a->initial_license_load), + static_cast(a->usage_entry_present), + a->request_hash, &a->timer_limits, &a->clock_values, + nonce_values, parsed_lic); +} + +OEMCryptoResult odk_deserialize_RenewalResponse( + const uint8_t* buf, size_t len, ODK_ParseRenewal_Args* a, + ODK_NonceValues* nonce_values, ODK_PreparedRenewalRequest* renewal_msg) { + /* Address Sanitizer doesn't like values other than 0 OR 1 for boolean + * variables. Input from fuzzer can be parsed and any random bytes can be + * assigned to boolean variables. Using the workaround to mitigate sanitizer + * errors in fuzzer code and converting random bytes to 0 OR 1. + * This has no negative security impact*/ + a->timer_limits.soft_enforce_playback_duration = + convert_byte_to_valid_boolean( + &a->timer_limits.soft_enforce_playback_duration); + a->timer_limits.soft_enforce_rental_duration = convert_byte_to_valid_boolean( + &a->timer_limits.soft_enforce_rental_duration); + uint64_t timer_value = 0; + OEMCryptoResult err = + ODK_ParseRenewal(buf, SIZE_MAX, len, nonce_values, a->system_time, + &a->timer_limits, &a->clock_values, &timer_value); + const bool is_parse_renewal_response_successful = + err == ODK_SET_TIMER || err == ODK_DISABLE_TIMER || + err == ODK_TIMER_EXPIRED || err == ODK_STALE_RENEWAL; + if (!is_parse_renewal_response_successful) { + return err; + } + // In order to capture playback_time information which is part of + // renewal_msg and will be later used in kdo_serialize_RenewalResponse in + // odk_kdo method, we call Unpack_ODK_PreparedRenewalRequest private method. + // playback_time cannot be captured from publicly exposed API + // ODK_ParseRenewal. + uint8_t blk[SIZE_OF_MESSAGE_STRUCT]; + Message* msg = reinterpret_cast(blk); + InitMessage(msg, const_cast(buf), len); + SetSize(msg, len); + Unpack_ODK_PreparedRenewalRequest(msg, renewal_msg); + return OEMCrypto_SUCCESS; +} + +OEMCryptoResult odk_deserialize_ProvisioningResponse( + const uint8_t* buf, size_t len, ODK_ParseProvisioning_Args* a, + ODK_NonceValues* nonce_values, ODK_ParsedProvisioning* parsed_prov) { + return ODK_ParseProvisioning(buf, SIZE_MAX, len, nonce_values, a->device_id, + a->device_id_length, parsed_prov); +} + +bool kdo_serialize_LicenseResponse(const ODK_ParseLicense_Args* args, + const ODK_ParsedLicense& parsed_lic, + std::string* oemcrypto_core_message) { + const auto& nonce_values = args->nonce_values; + ODK_LicenseRequest core_request{nonce_values.api_minor_version, + nonce_values.api_major_version, + nonce_values.nonce, nonce_values.session_id}; + std::string core_request_sha_256( + reinterpret_cast(args->request_hash), ODK_SHA256_HASH_SIZE); + return serialize::CreateCoreLicenseResponse( + parsed_lic, core_request, core_request_sha_256, oemcrypto_core_message); +} + +bool kdo_serialize_RenewalResponse( + const ODK_ParseRenewal_Args* args, + const ODK_PreparedRenewalRequest& renewal_msg, + std::string* oemcrypto_core_message) { + const auto& nonce_values = args->nonce_values; + ODK_RenewalRequest core_request{ + nonce_values.api_minor_version, nonce_values.api_major_version, + nonce_values.nonce, nonce_values.session_id, renewal_msg.playback_time}; + return serialize::CreateCoreRenewalResponse( + core_request, args->timer_limits.initial_renewal_duration_seconds, + oemcrypto_core_message); +} + +bool kdo_serialize_ProvisioningResponse( + const ODK_ParseProvisioning_Args* args, + const ODK_ParsedProvisioning& parsed_prov, + std::string* oemcrypto_core_message) { + const auto& nonce_values = args->nonce_values; + if (args->device_id_length > sizeof(args->device_id)) { + return false; + } + ODK_ProvisioningRequest core_request{ + nonce_values.api_minor_version, nonce_values.api_major_version, + nonce_values.nonce, nonce_values.session_id, + std::string(reinterpret_cast(args->device_id), + args->device_id_length)}; + return serialize::CreateCoreProvisioningResponse(parsed_prov, core_request, + oemcrypto_core_message); +} +} // namespace oemcrypto_core_message diff --git a/oemcrypto/odk/test/fuzzing/odk_fuzz_helper.h b/oemcrypto/odk/test/fuzzing/odk_fuzz_helper.h new file mode 100644 index 00000000..fe90657b --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/odk_fuzz_helper.h @@ -0,0 +1,205 @@ +// Copyright 2020 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. +#ifndef WIDEVINE_ODK_TEST_FUZZING_ODK_FUZZ_HELPER_H_ +#define WIDEVINE_ODK_TEST_FUZZING_ODK_FUZZ_HELPER_H_ + +#include +#include + +#include "core_message_serialize.h" +#include "fuzzing/odk_fuzz_structs.h" +#include "odk_attributes.h" +#include "odk_serialize.h" + +namespace oemcrypto_core_message { +bool convert_byte_to_valid_boolean(const bool* in); + +OEMCryptoResult odk_serialize_LicenseRequest( + const void* in, uint8_t* out, size_t* size, + const ODK_LicenseRequest& core_license_request, + const ODK_NonceValues* nonce_values); + +OEMCryptoResult odk_serialize_RenewalRequest( + const void* in, uint8_t* out, size_t* size, + const ODK_RenewalRequest& core_renewal, ODK_NonceValues* nonce_values); + +OEMCryptoResult odk_serialize_ProvisioningRequest( + const void* in, uint8_t* out, size_t* size, + const ODK_ProvisioningRequest& core_provisioning, + const ODK_NonceValues* nonce_values); + +OEMCryptoResult odk_deserialize_LicenseResponse(const uint8_t* message, + size_t core_message_length, + ODK_ParseLicense_Args* a, + ODK_NonceValues* nonce_values, + ODK_ParsedLicense* parsed_lic); + +OEMCryptoResult odk_deserialize_RenewalResponse( + const uint8_t* buf, size_t len, ODK_ParseRenewal_Args* a, + ODK_NonceValues* nonce_values, ODK_PreparedRenewalRequest* renewal_msg); + +OEMCryptoResult odk_deserialize_ProvisioningResponse( + const uint8_t* buf, size_t len, ODK_ParseProvisioning_Args* a, + ODK_NonceValues* nonce_values, ODK_ParsedProvisioning* parsed_prov); + +bool kdo_serialize_LicenseResponse(const ODK_ParseLicense_Args* args, + const ODK_ParsedLicense& parsed_lic, + std::string* oemcrypto_core_message); + +bool kdo_serialize_RenewalResponse( + const ODK_ParseRenewal_Args* args, + const ODK_PreparedRenewalRequest& renewal_msg, + std::string* oemcrypto_core_message); + +bool kdo_serialize_ProvisioningResponse( + const ODK_ParseProvisioning_Args* args, + const ODK_ParsedProvisioning& parsed_prov, + std::string* oemcrypto_core_message); + +// Idea behind having three different functions is: +// Only ODK_ParseLicense structure had fields which needed additional +// procession. Having a single function with templated parameter T was +// failing during compile time because other two structures doesn't have +// fields that need additional processing. Hence to reduce code redundance and +// make us of common FuzzerMutateResponse across three response fuzzers, +// three independent functions were defined and renewal and provisioning +// functions would be empty as no additional processing is needed for them. +void ConvertDataToValidBools(ODK_ParsedLicense* t); + +void ConvertDataToValidBools(ODK_PreparedRenewalRequest* t); + +void ConvertDataToValidBools(ODK_ParsedProvisioning* t); + +// Forward-declare the libFuzzer's mutator callback. Mark it weak so that +// the program links successfully even outside of --config=asan-fuzzer +// (apparently the only config in which LLVM uses our custom mutator). +extern "C" size_t LLVMFuzzerMutate(uint8_t* Data, size_t Size, size_t MaxSize) + __attribute__((weak)); + +template +size_t FuzzerMutateResponse(uint8_t* data, size_t size, size_t max_size, + const F& odk_deserialize_fun, + const G& kdo_serialize_fun) { + const size_t kArgsSize = sizeof(A); + const size_t kCoreResponseSize = sizeof(T); + const size_t kTotalResponseSize = kArgsSize + kCoreResponseSize; + + // Deserializing data in order to make sure it deserializes properly. + // Input byte array format: [function arguments][data to parse]. + std::shared_ptr _args(new A()); + A* args = _args.get(); + memcpy(args, data, kArgsSize); + ODK_NonceValues nonce_values = args->nonce_values; + args->nonce_values.api_major_version = ODK_MAJOR_VERSION; + const uint8_t* buf = data + kArgsSize; + T t = {}; + OEMCryptoResult result = + odk_deserialize_fun(buf, size - kArgsSize, args, &nonce_values, &t); + + // If data doesn't deserialize successfully, We copy random bytes into + // T and serialize using kdo function + // which will create a valid oemcrypto core message using + // nonce and request hash from function args. OEMCrypto core message acts as + // input to odk_kdo. + if (result != OEMCrypto_SUCCESS) { + if (max_size < kTotalResponseSize) { + return 0; + } + // Initialize remaining bytes needed in data to zero. + if (size < kTotalResponseSize) { + memset(data + size, 0, kTotalResponseSize - size); + } + t = {}; + memcpy(&t, buf, kCoreResponseSize); + } + + // Ask LLVM to run its usual mutations, hopefully giving us interesting + // inputs. We copy deserialized data into pointer data, run mutations + // and copy back the mutated data to args and t + memcpy(data + kArgsSize, &t, kCoreResponseSize); + LLVMFuzzerMutate(data, kTotalResponseSize, kTotalResponseSize); + memcpy(args, data, kArgsSize); + memcpy(&t, data + kArgsSize, kCoreResponseSize); + // Convert boolean flags in parsed message to valid bytes to + // avoid errors from msan. Only needed for parsed license. + ConvertDataToValidBools(&t); + // Serialize the data after mutation. + std::string oemcrypto_core_message; + if (!kdo_serialize_fun(args, t, &oemcrypto_core_message)) { + return 0; + } + + // Copy mutated and serialized oemcrypto_core_message to data + // so that it acts as input to odk_kdo function. + memcpy(data + kArgsSize, oemcrypto_core_message.data(), + oemcrypto_core_message.size()); + return kArgsSize + oemcrypto_core_message.size(); +} + +/** + * Template arguments: + * A: struct holding function arguments + * T: odk deserialize output/kdo serialize input structure + * F: odk deserialize function + * G: kdo serialize function + * + * raw bytes -> F deserialize -> struct T -> G serialize -> raw bytes + */ +template +void odk_kdo(const F& odk_fun, const G& kdo_fun, const uint8_t* in, + const size_t size, const size_t args_size, uint8_t* out UNUSED) { + T t = {}; + // Input byte array format: [function arguments][data to parse] + if (size < args_size) { + return; + } + const uint8_t* buf = in + args_size; + std::shared_ptr _args(new A()); + A* args = _args.get(); + memcpy(args, in, args_size); + args->nonce_values.api_major_version = ODK_MAJOR_VERSION; + ODK_NonceValues nonce_values = args->nonce_values; + + OEMCryptoResult result = + odk_fun(buf, size - args_size, args, &nonce_values, &t); + if (result != OEMCrypto_SUCCESS) { + return; + } + std::string oemcrypto_core_message; + if (!kdo_fun(args, t, &oemcrypto_core_message)) { + return; + } +} + +/** + * Template arguments: + * T: kdo deserialize output/odk serialize input structure + * F: kdo deserialize function + * G: odk serialize function + * + * raw bytes -> F deserialize -> struct T -> G serialize -> raw bytes + */ +template +static void kdo_odk(const F& kdo_fun, const G& odk_fun, const uint8_t* in, + size_t size, const size_t clock_value_size, uint8_t* out) { + if (size <= clock_value_size) { + return; + } + // Input byte array format: [Clock Values][data to parse]. + // Only Renewal Request expects clock values to be present. + std::string input(reinterpret_cast(in) + clock_value_size, + size - clock_value_size); + T t = {}; + if (!kdo_fun(input, &t)) { + return; + } + ODK_NonceValues nonce_values = {t.api_minor_version, t.api_major_version, + t.nonce, t.session_id}; + OEMCryptoResult err = odk_fun(in, out, &size, t, &nonce_values); + if (OEMCrypto_SUCCESS != err) { + return; + } +} +} // namespace oemcrypto_core_message +#endif // WIDEVINE_ODK_TEST_FUZZING_ODK_FUZZ_HELPER_H_ diff --git a/oemcrypto/odk/test/fuzzing/odk_fuzz_structs.h b/oemcrypto/odk/test/fuzzing/odk_fuzz_structs.h new file mode 100644 index 00000000..37d1b230 --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/odk_fuzz_structs.h @@ -0,0 +1,28 @@ +// Copyright 2020 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. +#ifndef WIDEVINE_ODK_TEST_FUZZING_ODK_FUZZ_STRUCTS_H_ +#define WIDEVINE_ODK_TEST_FUZZING_ODK_FUZZ_STRUCTS_H_ + +#include "odk_structs.h" + +struct ODK_ParseLicense_Args { + ODK_NonceValues nonce_values; + uint8_t initial_license_load; + uint8_t usage_entry_present; + uint8_t request_hash[ODK_SHA256_HASH_SIZE]; + ODK_TimerLimits timer_limits; + ODK_ClockValues clock_values; +}; +struct ODK_ParseRenewal_Args { + ODK_NonceValues nonce_values; + uint64_t system_time; + ODK_TimerLimits timer_limits; + ODK_ClockValues clock_values; +}; +struct ODK_ParseProvisioning_Args { + ODK_NonceValues nonce_values; + size_t device_id_length; + uint8_t device_id[64]; +}; +#endif // WIDEVINE_ODK_TEST_FUZZING_ODK_FUZZ_STRUCTS_H_ diff --git a/oemcrypto/odk/test/fuzzing/odk_license_request_fuzz.cpp b/oemcrypto/odk/test/fuzzing/odk_license_request_fuzz.cpp new file mode 100644 index 00000000..463c604a --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/odk_license_request_fuzz.cpp @@ -0,0 +1,22 @@ +/* Copyright 2020 Google LLC. All rights reserved. This file and proprietary + * source code may only be used and distributed under the Widevine Master + * License Agreement. + */ + +#include + +#include "core_message_deserialize.h" +#include "fuzzing/odk_fuzz_helper.h" + +namespace oemcrypto_core_message { +using oemcrypto_core_message::deserialize::CoreLicenseRequestFromMessage; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + std::vector out(size); + const size_t kClockValueSize = 0; + kdo_odk(CoreLicenseRequestFromMessage, + odk_serialize_LicenseRequest, data, size, + kClockValueSize, out.data()); + return 0; +} +} // namespace oemcrypto_core_message diff --git a/oemcrypto/odk/test/fuzzing/odk_license_response_fuzz.cpp b/oemcrypto/odk/test/fuzzing/odk_license_response_fuzz.cpp new file mode 100644 index 00000000..12398fd1 --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/odk_license_response_fuzz.cpp @@ -0,0 +1,20 @@ +/* Copyright 2020 Google LLC. All rights reserved. This file and proprietary + * source code may only be used and distributed under the Widevine Master + * License Agreement. + */ + +#include + +#include "fuzzing/odk_fuzz_helper.h" + +namespace oemcrypto_core_message { + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + const size_t kLicenseResponseArgsSize = sizeof(ODK_ParseLicense_Args); + std::vector out(size); + odk_kdo( + odk_deserialize_LicenseResponse, kdo_serialize_LicenseResponse, data, + size, kLicenseResponseArgsSize, out.data()); + return 0; +} +} // namespace oemcrypto_core_message diff --git a/oemcrypto/odk/test/fuzzing/odk_license_response_fuzz_with_mutator.cpp b/oemcrypto/odk/test/fuzzing/odk_license_response_fuzz_with_mutator.cpp new file mode 100644 index 00000000..42472fbd --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/odk_license_response_fuzz_with_mutator.cpp @@ -0,0 +1,36 @@ +/* Copyright 2020 Google LLC. All rights reserved. This file and proprietary + * source code may only be used and distributed under the Widevine Master + * License Agreement. + */ + +#include + +#include "fuzzing/odk_fuzz_helper.h" + +namespace oemcrypto_core_message { + +// The custom mutator: Ensure that each input can be deserialized properly +// by ODK function after mutation. +extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size, + size_t max_size, + unsigned int seed UNUSED) { + const size_t kLicenseResponseArgsSize = sizeof(ODK_ParseLicense_Args); + if (size < kLicenseResponseArgsSize) { + return 0; + } + + // Mutate input data and return mutated input size. + return FuzzerMutateResponse( + data, size, max_size, odk_deserialize_LicenseResponse, + kdo_serialize_LicenseResponse); +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + const size_t kLicenseResponseArgsSize = sizeof(ODK_ParseLicense_Args); + std::vector out(size); + odk_kdo( + odk_deserialize_LicenseResponse, kdo_serialize_LicenseResponse, data, + size, kLicenseResponseArgsSize, out.data()); + return 0; +} +} // namespace oemcrypto_core_message diff --git a/oemcrypto/odk/test/fuzzing/odk_provisioning_request_fuzz.cpp b/oemcrypto/odk/test/fuzzing/odk_provisioning_request_fuzz.cpp new file mode 100644 index 00000000..984534e6 --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/odk_provisioning_request_fuzz.cpp @@ -0,0 +1,22 @@ +/* Copyright 2020 Google LLC. All rights reserved. This file and proprietary + * source code may only be used and distributed under the Widevine Master + * License Agreement. + */ + +#include + +#include "core_message_deserialize.h" +#include "fuzzing/odk_fuzz_helper.h" + +namespace oemcrypto_core_message { +using oemcrypto_core_message::deserialize::CoreProvisioningRequestFromMessage; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + std::vector out(size); + const size_t kClockValueSize = 0; + kdo_odk(CoreProvisioningRequestFromMessage, + odk_serialize_ProvisioningRequest, data, + size, kClockValueSize, out.data()); + return 0; +} +} // namespace oemcrypto_core_message diff --git a/oemcrypto/odk/test/fuzzing/odk_provisioning_response_fuzz.cpp b/oemcrypto/odk/test/fuzzing/odk_provisioning_response_fuzz.cpp new file mode 100644 index 00000000..90dc017c --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/odk_provisioning_response_fuzz.cpp @@ -0,0 +1,21 @@ +/* Copyright 2020 Google LLC. All rights reserved. This file and proprietary + * source code may only be used and distributed under the Widevine Master + * License Agreement. + */ + +#include + +#include "fuzzing/odk_fuzz_helper.h" + +namespace oemcrypto_core_message { + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + const size_t kProvisioningResponseArgsSize = + sizeof(ODK_ParseProvisioning_Args); + std::vector out(size); + odk_kdo( + odk_deserialize_ProvisioningResponse, kdo_serialize_ProvisioningResponse, + data, size, kProvisioningResponseArgsSize, out.data()); + return 0; +} +} // namespace oemcrypto_core_message diff --git a/oemcrypto/odk/test/fuzzing/odk_provisioning_response_fuzz_with_mutator.cpp b/oemcrypto/odk/test/fuzzing/odk_provisioning_response_fuzz_with_mutator.cpp new file mode 100644 index 00000000..17787a41 --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/odk_provisioning_response_fuzz_with_mutator.cpp @@ -0,0 +1,38 @@ +/* Copyright 2020 Google LLC. All rights reserved. This file and proprietary + * source code may only be used and distributed under the Widevine Master + * License Agreement. + */ + +#include + +#include "fuzzing/odk_fuzz_helper.h" + +namespace oemcrypto_core_message { + +// The custom mutator: Ensure that each input can be deserialized properly +// by ODK function after mutation. +extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size, + size_t max_size, unsigned int seed) { + const size_t kProvisioningResponseArgsSize = + sizeof(ODK_ParseProvisioning_Args); + if (size < kProvisioningResponseArgsSize) { + return 0; + } + + // Mutate input data and return mutated input size. + return FuzzerMutateResponse( + data, size, max_size, odk_deserialize_ProvisioningResponse, + kdo_serialize_ProvisioningResponse); +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + const size_t kProvisioningResponseArgsSize = + sizeof(ODK_ParseProvisioning_Args); + std::vector out(size); + odk_kdo( + odk_deserialize_ProvisioningResponse, kdo_serialize_ProvisioningResponse, + data, size, kProvisioningResponseArgsSize, out.data()); + return 0; +} +} // namespace oemcrypto_core_message diff --git a/oemcrypto/odk/test/fuzzing/odk_renewal_request_fuzz.cpp b/oemcrypto/odk/test/fuzzing/odk_renewal_request_fuzz.cpp new file mode 100644 index 00000000..602b37af --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/odk_renewal_request_fuzz.cpp @@ -0,0 +1,22 @@ +/* Copyright 2020 Google LLC. All rights reserved. This file and proprietary + * source code may only be used and distributed under the Widevine Master + * License Agreement. + */ + +#include + +#include "core_message_deserialize.h" +#include "fuzzing/odk_fuzz_helper.h" + +namespace oemcrypto_core_message { +using oemcrypto_core_message::deserialize::CoreRenewalRequestFromMessage; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + std::vector out(size); + const size_t kClockValueSize = sizeof(ODK_ClockValues); + kdo_odk(CoreRenewalRequestFromMessage, + odk_serialize_RenewalRequest, data, size, + kClockValueSize, out.data()); + return 0; +} +} // namespace oemcrypto_core_message diff --git a/oemcrypto/odk/test/fuzzing/odk_renewal_response_fuzz.cpp b/oemcrypto/odk/test/fuzzing/odk_renewal_response_fuzz.cpp new file mode 100644 index 00000000..8d669089 --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/odk_renewal_response_fuzz.cpp @@ -0,0 +1,20 @@ +/* Copyright 2020 Google LLC. All rights reserved. This file and proprietary + * source code may only be used and distributed under the Widevine Master + * License Agreement. + */ + +#include + +#include "fuzzing/odk_fuzz_helper.h" + +namespace oemcrypto_core_message { + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + const size_t kRenewalResponseArgsSize = sizeof(ODK_ParseRenewal_Args); + std::vector out(size); + odk_kdo( + odk_deserialize_RenewalResponse, kdo_serialize_RenewalResponse, data, + size, kRenewalResponseArgsSize, out.data()); + return 0; +} +} // namespace oemcrypto_core_message diff --git a/oemcrypto/odk/test/fuzzing/odk_renewal_response_fuzz_with_mutator.cpp b/oemcrypto/odk/test/fuzzing/odk_renewal_response_fuzz_with_mutator.cpp new file mode 100644 index 00000000..0073c4ee --- /dev/null +++ b/oemcrypto/odk/test/fuzzing/odk_renewal_response_fuzz_with_mutator.cpp @@ -0,0 +1,36 @@ +/* Copyright 2020 Google LLC. All rights reserved. This file and proprietary + * source code may only be used and distributed under the Widevine Master + * License Agreement. + */ + +#include + +#include "fuzzing/odk_fuzz_helper.h" + +namespace oemcrypto_core_message { + +// The custom mutator: Ensure that each input can be deserialized properly +// by ODK function after mutation. +extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size, + size_t max_size, unsigned int seed) { + const size_t kRenewalResponseArgsSize = sizeof(ODK_ParseRenewal_Args); + if (size < kRenewalResponseArgsSize) { + return 0; + } + + // Mutate input data and return mutated input size. + return FuzzerMutateResponse( + data, size, max_size, odk_deserialize_RenewalResponse, + kdo_serialize_RenewalResponse); +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + const size_t kRenewalResponseArgsSize = sizeof(ODK_ParseRenewal_Args); + std::vector out(size); + odk_kdo( + odk_deserialize_RenewalResponse, kdo_serialize_RenewalResponse, data, + size, kRenewalResponseArgsSize, out.data()); + return 0; +} +} // namespace oemcrypto_core_message diff --git a/oemcrypto/odk/test/odk_core_message_test.cpp b/oemcrypto/odk/test/odk_core_message_test.cpp new file mode 100644 index 00000000..c8247592 --- /dev/null +++ b/oemcrypto/odk/test/odk_core_message_test.cpp @@ -0,0 +1,37 @@ +// Copyright 2020 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#include "OEMCryptoCENCCommon.h" +#include "gtest/gtest.h" +#include "odk.h" +#include "third_party/absl/strings/escaping.h" + +namespace wvodk_test { +TEST(CoreMessageTest, RenwalRequest) { + std::string oem = + "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrst" + "uvwxyzabcdefghijklmnopqrstuvwxyz"; + const uint8_t* buf = reinterpret_cast(oem.c_str()); + uint8_t* message = const_cast(buf); + size_t message_length = 88; + size_t core_message_length = 88; + uint16_t api_minor_version = 16; + uint16_t api_major_version = 16; + uint32_t nonce = 0; + uint32_t timer_status = 2; + uint64_t time = 10; + enum OEMCrypto_Usage_Entry_Status status = kInactiveUsed; + ODK_NonceValues nonce_values{api_minor_version, api_major_version, nonce}; + ODK_ClockValues clock_values{time, time, time, time, + time, timer_status, status}; + uint64_t system_time_seconds = 100; + EXPECT_EQ(OEMCrypto_SUCCESS, + ODK_PrepareCoreRenewalRequest(message, message_length, + &core_message_length, &nonce_values, + &clock_values, system_time_seconds)); + // All messages have at least a five 4-byte fields. + char* m = reinterpret_cast(message); + VLOG(0) << absl::BytesToHexString(std::string(m, core_message_length)); +} +} // namespace wvodk_test diff --git a/oemcrypto/odk/test/odk_test.cpp b/oemcrypto/odk/test/odk_test.cpp new file mode 100644 index 00000000..b6526df8 --- /dev/null +++ b/oemcrypto/odk/test/odk_test.cpp @@ -0,0 +1,741 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#include "odk.h" + +#include // TODO(b/147944591): use this one? Or odk_endian.h? + +#include +#include + +#include "OEMCryptoCENCCommon.h" +#include "core_message_deserialize.h" +#include "core_message_serialize.h" +#include "core_message_types.h" +#include "gtest/gtest.h" +#include "odk_structs_priv.h" +#include "odk_test_helper.h" + +namespace wvodk_test { + +namespace { + +using oemcrypto_core_message::ODK_LicenseRequest; +using oemcrypto_core_message::ODK_ProvisioningRequest; +using oemcrypto_core_message::ODK_RenewalRequest; + +using oemcrypto_core_message::deserialize::CoreLicenseRequestFromMessage; +using oemcrypto_core_message::deserialize::CoreProvisioningRequestFromMessage; +using oemcrypto_core_message::deserialize::CoreRenewalRequestFromMessage; + +using oemcrypto_core_message::serialize::CreateCoreLicenseResponse; +using oemcrypto_core_message::serialize::CreateCoreProvisioningResponse; +using oemcrypto_core_message::serialize::CreateCoreRenewalResponse; + +constexpr uint32_t kExtraPayloadSize = 128u; + +template +void ValidateRequest(uint32_t message_type, + const std::vector& extra_fields, + const F& odk_prepare_func, const G& kdo_parse_func) { + uint32_t message_size = 0; + uint16_t api_major_version = ODK_MAJOR_VERSION; + uint16_t api_minor_version = ODK_MINOR_VERSION; + uint32_t nonce = 0xdeadbeef; + uint32_t session_id = 0xcafebabe; + ODK_NonceValues nonce_values{api_minor_version, api_major_version, nonce, + session_id}; + std::vector total_fields = { + {ODK_UINT32, &message_type, "message_type"}, + {ODK_UINT32, &message_size, "message_size"}, + {ODK_UINT16, &api_minor_version, "api_minor_version"}, + {ODK_UINT16, &api_major_version, "api_major_version"}, + {ODK_UINT32, &nonce, "nonce"}, + {ODK_UINT32, &session_id, "session_id"}, + }; + + total_fields.insert(total_fields.end(), extra_fields.begin(), + extra_fields.end()); + for (auto& field : total_fields) { + message_size += ODK_FieldLength(field.type); + } + + // empty buf, expect core message length to be set correctly + size_t core_message_length = 0; + uint8_t* buf_empty = nullptr; + EXPECT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, + odk_prepare_func(buf_empty, &core_message_length, &nonce_values)); + EXPECT_EQ(core_message_length, message_size); + + // non-empty buf, expect core message length to be set correctly, and buf is + // filled with ODK_Field values appropriately + uint8_t* buf = new uint8_t[message_size]{}; + EXPECT_EQ(OEMCrypto_SUCCESS, + odk_prepare_func(buf, &core_message_length, &nonce_values)); + EXPECT_EQ(core_message_length, message_size); + + uint8_t* buf_expected = new uint8_t[message_size]{}; + size_t buf_len_expected = 0; + EXPECT_EQ(OEMCrypto_SUCCESS, ODK_IterFields(ODK_WRITE, buf_expected, SIZE_MAX, + &buf_len_expected, total_fields)); + EXPECT_EQ(buf_len_expected, message_size); + + EXPECT_NO_FATAL_FAILURE( + ODK_ExpectEqualBuf(buf_expected, buf, message_size, total_fields)); + + // odk kdo round-trip: deserialize from buf, then serialize it to buf2 + // expect them to be identical + T t = {}; + std::string oemcrypto_core_message(reinterpret_cast(buf), + message_size); + EXPECT_TRUE(kdo_parse_func(oemcrypto_core_message, &t)); + nonce_values.api_minor_version = t.api_minor_version; + nonce_values.api_major_version = t.api_major_version; + nonce_values.nonce = t.nonce; + nonce_values.session_id = t.session_id; + uint8_t* buf2 = new uint8_t[message_size]{}; + EXPECT_EQ(OEMCrypto_SUCCESS, + odk_prepare_func(buf2, &core_message_length, &nonce_values)); + EXPECT_EQ(core_message_length, message_size); + EXPECT_NO_FATAL_FAILURE( + ODK_ExpectEqualBuf(buf, buf2, message_size, total_fields)); + + delete[] buf; + delete[] buf_expected; + delete[] buf2; +} + +/** + * Template arguments: + * T: kdo input struct + * F: odk deserializer + * G: kdo serializer + */ +template +void ValidateResponse(ODK_CoreMessage* core_message, + const std::vector& extra_fields, + const F& odk_parse_func, const G& kdo_prepare_func) { + T t = {}; + t.api_minor_version = core_message->nonce_values.api_minor_version; + t.api_major_version = core_message->nonce_values.api_major_version; + t.nonce = core_message->nonce_values.nonce; + t.session_id = core_message->nonce_values.session_id; + + uint8_t* buf = nullptr; + uint32_t buf_size = 0; + ODK_BuildMessageBuffer(core_message, extra_fields, &buf, &buf_size); + + uint8_t* zero = new uint8_t[buf_size]{}; + size_t bytes_read = 0; + // zero-out input + EXPECT_EQ(OEMCrypto_SUCCESS, ODK_IterFields(ODK_READ, zero, buf_size, + &bytes_read, extra_fields)); + + // parse buf with odk + EXPECT_EQ(OEMCrypto_SUCCESS, odk_parse_func(buf, buf_size)); + + size_t size_out = 0; + ODK_IterFields(ODK_FieldMode::ODK_DUMP, buf, buf_size, &size_out, + extra_fields); + + // serialize odk output to oemcrypto_core_message + std::string oemcrypto_core_message; + EXPECT_TRUE(kdo_prepare_func(t, &oemcrypto_core_message)); + + // verify round-trip works + EXPECT_NO_FATAL_FAILURE(ODK_ExpectEqualBuf(buf, oemcrypto_core_message.data(), + buf_size, extra_fields)); + delete[] buf; + delete[] zero; +} + +TEST(OdkTest, SerializeFields) { + uint32_t x[] = {0, 1, 2}; + uint64_t y[] = {3LL << 32, 4LL << 32, 5LL << 32}; + OEMCrypto_Substring s = {.offset = 6, .length = 7}; + std::vector fields = { + {ODK_UINT32, &x[0], "x[0]"}, {ODK_UINT32, &x[1], "x[1]"}, + {ODK_UINT32, &x[2], "x[2]"}, {ODK_UINT64, &y[0], "y[0]"}, + {ODK_UINT64, &y[1], "y[1]"}, {ODK_UINT64, &y[2], "y[2]"}, + {ODK_SUBSTRING, &s, "s"}, + }; + uint8_t buf[1024] = {0}; + uint8_t buf2[1024] = {0}; + size_t bytes_read = 0, bytes_written = 0; + ODK_IterFields(ODK_WRITE, buf, SIZE_MAX, &bytes_read, fields); + std::vector fields2(fields.size()); + ODK_ResetOdkFields(&fields); + ODK_IterFields(ODK_READ, buf, bytes_read, &bytes_written, fields); + ODK_IterFields(ODK_WRITE, buf2, SIZE_MAX, &bytes_read, fields); + + EXPECT_NO_FATAL_FAILURE(ODK_ExpectEqualBuf(buf, buf2, bytes_read, fields)); +} + +TEST(OdkTest, SerializeFieldsStress) { + const int n = 1024; + std::vector fields(n); + std::srand(0); + size_t total_size = 0; + for (int i = 0; i < n; i++) { + fields[i].type = static_cast(std::rand() % + static_cast(ODK_NUMTYPES)); + fields[i].value = malloc(ODK_AllocSize(fields[i].type)); + fields[i].name = "stress"; + total_size += ODK_FieldLength(fields[i].type); + } + + uint8_t* buf = new uint8_t[total_size]{}; + for (int i = 0; i < total_size; i++) { + buf[i] = std::rand() & 0xff; + } + + size_t bytes_read = 0, bytes_written = 0; + uint8_t* buf2 = new uint8_t[total_size]{}; + ODK_IterFields(ODK_READ, buf, total_size, &bytes_read, fields); + EXPECT_EQ(bytes_read, total_size); + ODK_IterFields(ODK_WRITE, buf2, total_size, &bytes_written, fields); + EXPECT_EQ(bytes_written, total_size); + + EXPECT_NO_FATAL_FAILURE(ODK_ExpectEqualBuf(buf, buf2, total_size, fields)); + + // cleanup + for (int i = 0; i < n; i++) { + free(fields[i].value); + } + delete[] buf; + delete[] buf2; +} + +TEST(OdkTest, NullRequestTest) { + size_t core_message_length = 0; + ODK_NonceValues nonce_values; + memset(&nonce_values, 0, sizeof(nonce_values)); + ODK_ClockValues clock_values; + memset(&clock_values, 0, sizeof(clock_values)); + + // Assert that nullptr does not cause a core dump. + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, ODK_PrepareCoreLicenseRequest( + nullptr, 0uL, nullptr, &nonce_values)); + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_PrepareCoreLicenseRequest(nullptr, 0uL, &core_message_length, + nullptr)); + + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_PrepareCoreRenewalRequest(nullptr, 0uL, nullptr, &nonce_values, + &clock_values, 0uL)); + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_PrepareCoreRenewalRequest(nullptr, 0uL, &core_message_length, + nullptr, &clock_values, 0uL)); + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_PrepareCoreRenewalRequest(nullptr, 0uL, &core_message_length, + &nonce_values, nullptr, 0uL)); + + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_PrepareCoreProvisioningRequest( + nullptr, 0uL, &core_message_length, nullptr, nullptr, 0uL)); + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_PrepareCoreProvisioningRequest(nullptr, 0uL, nullptr, + &nonce_values, nullptr, 0uL)); + + // Null device id in provisioning request is ok + uint8_t message[ODK_PROVISIONING_REQUEST_SIZE] = {0}; + core_message_length = ODK_PROVISIONING_REQUEST_SIZE; + EXPECT_EQ(OEMCrypto_SUCCESS, + ODK_PrepareCoreProvisioningRequest( + message, ODK_PROVISIONING_REQUEST_SIZE, &core_message_length, + &nonce_values, nullptr, 0uL)); +} + +TEST(OdkTest, NullResponseTest) { + constexpr size_t message_size = 64; + uint8_t message[message_size] = {0}; + size_t core_message_length = message_size; + uint8_t request_hash[ODK_SHA256_HASH_SIZE] = {0}; + ODK_TimerLimits timer_limits; + ODK_ParsedLicense parsed_license; + ODK_NonceValues nonce_values; + memset(&nonce_values, 0, sizeof(nonce_values)); + ODK_ClockValues clock_values; + memset(&clock_values, 0, sizeof(clock_values)); + + // Assert that nullptr does not cause a core dump. + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_ParseLicense(message, message_size, core_message_length, true, + true, request_hash, &timer_limits, &clock_values, + &nonce_values, nullptr)); + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_ParseLicense(message, message_size, core_message_length, true, + true, request_hash, &timer_limits, &clock_values, + nullptr, &parsed_license)); + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_ParseLicense(message, message_size, core_message_length, true, + true, request_hash, &timer_limits, nullptr, + &nonce_values, &parsed_license)); + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_ParseLicense(message, message_size, core_message_length, true, + true, request_hash, nullptr, &clock_values, + &nonce_values, &parsed_license)); + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_ParseLicense(message, message_size, core_message_length, true, + true, nullptr, &timer_limits, &clock_values, + &nonce_values, &parsed_license)); + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_ParseLicense(nullptr, message_size, core_message_length, true, + true, request_hash, &timer_limits, &clock_values, + &nonce_values, &parsed_license)); + + constexpr uint64_t system_time = 0; + uint64_t timer_value = 0; + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_ParseRenewal(message, message_size, core_message_length, + &nonce_values, system_time, &timer_limits, nullptr, + &timer_value)); + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_ParseRenewal(message, message_size, core_message_length, + &nonce_values, system_time, nullptr, &clock_values, + &timer_value)); + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_ParseRenewal(message, message_size, core_message_length, + nullptr, system_time, &timer_limits, &clock_values, + &timer_value)); + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_ParseRenewal(nullptr, message_size, core_message_length, + &nonce_values, system_time, &timer_limits, + &clock_values, &timer_value)); + + uint8_t device_id[ODK_DEVICE_ID_LEN_MAX] = {0}; + ODK_ParsedProvisioning parsed_response; + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_ParseProvisioning(message, message_size, core_message_length, + &nonce_values, device_id, + ODK_DEVICE_ID_LEN_MAX, nullptr)); + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_ParseProvisioning(message, message_size, core_message_length, + &nonce_values, nullptr, 0, &parsed_response)); + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_ParseProvisioning(message, message_size, core_message_length, + nullptr, device_id, ODK_DEVICE_ID_LEN_MAX, + &parsed_response)); + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_ParseProvisioning(nullptr, message_size, core_message_length, + &nonce_values, device_id, + ODK_DEVICE_ID_LEN_MAX, &parsed_response)); +} + +TEST(OdkTest, PrepareCoreLicenseRequest) { + uint8_t license_message[ODK_LICENSE_REQUEST_SIZE] = {0}; + size_t core_message_length = sizeof(license_message); + ODK_NonceValues nonce_values; + memset(&nonce_values, 0, sizeof(nonce_values)); + EXPECT_EQ(OEMCrypto_SUCCESS, ODK_PrepareCoreLicenseRequest( + license_message, sizeof(license_message), + &core_message_length, &nonce_values)); +} + +TEST(OdkTest, PrepareCoreLicenseRequestSize) { + uint8_t license_message[ODK_LICENSE_REQUEST_SIZE] = {0}; + size_t core_message_length = sizeof(license_message); + ODK_NonceValues nonce_values; + memset(&nonce_values, 0, sizeof(nonce_values)); + // message length smaller than core message length + size_t core_message_length_invalid = core_message_length + 1; + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_PrepareCoreLicenseRequest( + license_message, sizeof(license_message), + &core_message_length_invalid, &nonce_values)); + // message length larger than core message length + uint8_t license_message_large[ODK_LICENSE_REQUEST_SIZE * 2] = {0}; + EXPECT_EQ(OEMCrypto_SUCCESS, + ODK_PrepareCoreLicenseRequest(license_message_large, + sizeof(license_message_large), + &core_message_length, &nonce_values)); +} + +TEST(OdkTest, PrepareCoreRenewalRequest) { + uint8_t renewal_message[ODK_RENEWAL_REQUEST_SIZE] = {0}; + size_t core_message_length = sizeof(renewal_message); + ODK_NonceValues nonce_values; + memset(&nonce_values, 0, sizeof(nonce_values)); + ODK_ClockValues clock_values; + memset(&clock_values, 0, sizeof(clock_values)); + constexpr uint64_t system_time_seconds = 10; + EXPECT_EQ(OEMCrypto_SUCCESS, + ODK_PrepareCoreRenewalRequest( + renewal_message, sizeof(renewal_message), &core_message_length, + &nonce_values, &clock_values, system_time_seconds)); +} + +TEST(OdkTest, PrepareCoreRenewalRequestTimer) { + uint8_t renewal_message[ODK_RENEWAL_REQUEST_SIZE] = {0}; + size_t core_message_length = sizeof(renewal_message); + ODK_NonceValues nonce_values{2, 16, 0, 0}; + constexpr uint64_t system_time_seconds = 10; + ODK_ClockValues clock_values_updated; + memset(&clock_values_updated, 0, sizeof(clock_values_updated)); + // system time smaller than first decrypt time + clock_values_updated.time_of_first_decrypt = system_time_seconds + 1; + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_PrepareCoreRenewalRequest( + renewal_message, sizeof(renewal_message), &core_message_length, + &nonce_values, &clock_values_updated, system_time_seconds)); + clock_values_updated.time_of_first_decrypt = system_time_seconds - 1; + EXPECT_EQ(OEMCrypto_SUCCESS, + ODK_PrepareCoreRenewalRequest( + renewal_message, sizeof(renewal_message), &core_message_length, + &nonce_values, &clock_values_updated, system_time_seconds)); + // clock_values.time_of_renewal_request should get updated + EXPECT_EQ(system_time_seconds - clock_values_updated.time_of_first_decrypt, + clock_values_updated.time_of_renewal_request); +} + +TEST(OdkTest, PrepareCoreProvisioningRequest) { + uint8_t provisioning_message[ODK_PROVISIONING_REQUEST_SIZE] = {0}; + size_t core_message_length = sizeof(provisioning_message); + ODK_NonceValues nonce_values; + memset(&nonce_values, 0, sizeof(nonce_values)); + uint8_t device_id[ODK_DEVICE_ID_LEN_MAX] = {0}; + EXPECT_EQ( + OEMCrypto_SUCCESS, + ODK_PrepareCoreProvisioningRequest( + provisioning_message, sizeof(provisioning_message), + &core_message_length, &nonce_values, device_id, sizeof(device_id))); +} + +TEST(OdkTest, PrepareCoreProvisioningRequestDeviceId) { + uint8_t provisioning_message[ODK_PROVISIONING_REQUEST_SIZE] = {0}; + size_t core_message_length = sizeof(provisioning_message); + ODK_NonceValues nonce_values; + memset(&nonce_values, 0, sizeof(nonce_values)); + uint8_t device_id_invalid[ODK_DEVICE_ID_LEN_MAX + 1] = {0}; + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, + ODK_PrepareCoreProvisioningRequest( + provisioning_message, sizeof(provisioning_message), + &core_message_length, &nonce_values, device_id_invalid, + sizeof(device_id_invalid))); +} + +// Serialize and de-serialize license request +TEST(OdkTest, LicenseRequestRoundtrip) { + std::vector empty; + auto odk_prepare_func = [&](uint8_t* const buf, size_t* size, + ODK_NonceValues* nonce_values) { + return ODK_PrepareCoreLicenseRequest(buf, SIZE_MAX, size, nonce_values); + }; + auto kdo_parse_func = CoreLicenseRequestFromMessage; + ValidateRequest(ODK_License_Request_Type, empty, + odk_prepare_func, kdo_parse_func); +} + +TEST(OdkTest, RenewalRequestRoundtrip) { + constexpr uint64_t system_time_seconds = 0xBADDCAFE000FF1CE; + uint64_t playback_time = 0xCAFE00000000; + const uint64_t playback_start = system_time_seconds - playback_time; + const std::vector extra_fields = { + {ODK_UINT64, &playback_time, "playback_time"}, + }; + ODK_ClockValues clock_values; + memset(&clock_values, 0, sizeof(clock_values)); + clock_values.time_of_first_decrypt = playback_start; + auto odk_prepare_func = [&](uint8_t* const buf, size_t* size, + ODK_NonceValues* nonce_values) { + return ODK_PrepareCoreRenewalRequest(buf, SIZE_MAX, size, nonce_values, + &clock_values, system_time_seconds); + }; + auto kdo_parse_func = [&](const std::string& oemcrypto_core_message, + ODK_RenewalRequest* core_renewal_request) { + bool ok = CoreRenewalRequestFromMessage(oemcrypto_core_message, + core_renewal_request); + return ok; + }; + ValidateRequest(ODK_Renewal_Request_Type, extra_fields, + odk_prepare_func, kdo_parse_func); +} + +TEST(OdkTest, ProvisionRequestRoundtrip) { + uint32_t device_id_length = ODK_DEVICE_ID_LEN_MAX / 2; + uint8_t device_id[ODK_DEVICE_ID_LEN_MAX] = {0}; + memset(device_id, 0xff, device_id_length); + std::vector extra_fields = { + {ODK_UINT32, &device_id_length, "device_id_length"}, + {ODK_DEVICEID, device_id, "device_id"}, + }; + auto odk_prepare_func = [&](uint8_t* const buf, size_t* size, + const ODK_NonceValues* nonce_values) { + return ODK_PrepareCoreProvisioningRequest(buf, SIZE_MAX, size, nonce_values, + device_id, device_id_length); + }; + auto kdo_parse_func = + [&](const std::string& oemcrypto_core_message, + ODK_ProvisioningRequest* core_provisioning_request) { + bool ok = CoreProvisioningRequestFromMessage(oemcrypto_core_message, + core_provisioning_request); + return ok; + }; + ValidateRequest(ODK_Provisioning_Request_Type, + extra_fields, odk_prepare_func, + kdo_parse_func); +} + +TEST(OdkTest, ParseLicenseErrorNonce) { + ODK_LicenseResponseParams params; + ODK_SetDefaultLicenseResponseParams(¶ms); + uint8_t* buf = nullptr; + uint32_t buf_size = 0; + ODK_BuildMessageBuffer(&(params.core_message), params.extra_fields, &buf, + &buf_size); + // temporarily mess up with nonce + params.core_message.nonce_values.nonce = 0; + OEMCryptoResult err = ODK_ParseLicense( + buf, buf_size + kExtraPayloadSize, buf_size, params.initial_license_load, + params.usage_entry_present, params.request_hash, &(params.timer_limits), + &(params.clock_values), &(params.core_message.nonce_values), + &(params.parsed_license)); + EXPECT_EQ(OEMCrypto_ERROR_INVALID_NONCE, err); + delete[] buf; +} + +TEST(OdkTest, ParseLicenseErrorUsageEntry) { + ODK_LicenseResponseParams params; + ODK_SetDefaultLicenseResponseParams(¶ms); + uint8_t* buf = nullptr; + uint32_t buf_size = 0; + ODK_BuildMessageBuffer(&(params.core_message), params.extra_fields, &buf, + &buf_size); + params.usage_entry_present = false; + OEMCryptoResult err = ODK_ParseLicense( + buf, buf_size + kExtraPayloadSize, buf_size, params.initial_license_load, + params.usage_entry_present, params.request_hash, &(params.timer_limits), + &(params.clock_values), &(params.core_message.nonce_values), + &(params.parsed_license)); + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, err); + delete[] buf; +} + +TEST(OdkTest, ParseLicenseErrorRequestHash) { + ODK_LicenseResponseParams params; + ODK_SetDefaultLicenseResponseParams(¶ms); + uint8_t* buf = nullptr; + uint32_t buf_size = 0; + ODK_BuildMessageBuffer(&(params.core_message), params.extra_fields, &buf, + &buf_size); + // temporarily mess up with request hash + params.request_hash[0] = 0xff; + OEMCryptoResult err = ODK_ParseLicense( + buf, buf_size + kExtraPayloadSize, buf_size, params.initial_license_load, + params.usage_entry_present, params.request_hash, &(params.timer_limits), + &(params.clock_values), &(params.core_message.nonce_values), + &(params.parsed_license)); + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, err); + delete[] buf; +} + +TEST(OdkTest, ParseRenewalErrorTimer) { + ODK_RenewalResponseParams params; + ODK_SetDefaultRenewalResponseParams(¶ms); + uint8_t* buf = nullptr; + uint32_t buf_size = 0; + ODK_BuildMessageBuffer(&(params.core_message), params.extra_fields, &buf, + &buf_size); + params.clock_values.time_of_renewal_request = 0; + OEMCryptoResult err = ODK_ParseRenewal( + buf, buf_size, buf_size, &(params.core_message.nonce_values), + params.system_time, &(params.timer_limits), &(params.clock_values), + &(params.playback_timer)); + EXPECT_EQ(ODK_STALE_RENEWAL, err); + delete[] buf; +} + +TEST(OdkTest, ParsePrivisioningErrorDeviceId) { + ODK_ProvisioningResponseParams params; + ODK_SetDefaultProvisioningResponseParams(¶ms); + uint8_t* buf = nullptr; + uint32_t buf_size = 0; + ODK_BuildMessageBuffer(&(params.core_message), params.extra_fields, &buf, + &buf_size); + // temporarily mess up with device_id + params.device_id[0] = 0; + OEMCryptoResult err = ODK_ParseProvisioning( + buf, buf_size + 16, buf_size, &(params.core_message.nonce_values), + params.device_id, params.device_id_length, &(params.parsed_provisioning)); + EXPECT_EQ(ODK_ERROR_CORE_MESSAGE, err); + delete[] buf; +} + +// Serialize and de-serialize license response +TEST(OdkTest, LicenseResponseRoundtrip) { + ODK_LicenseResponseParams params; + ODK_SetDefaultLicenseResponseParams(¶ms); + // save a copy of params.request_hash as it will be zero out during the test + uint8_t request_hash_read[ODK_SHA256_HASH_SIZE]; + memcpy(request_hash_read, params.request_hash, sizeof(request_hash_read)); + auto odk_parse_func = [&](const uint8_t* buf, size_t size) { + return ODK_ParseLicense( + buf, size + kExtraPayloadSize, size, params.initial_license_load, + params.usage_entry_present, request_hash_read, &(params.timer_limits), + &(params.clock_values), &(params.core_message.nonce_values), + &(params.parsed_license)); + }; + const std::string request_hash_string( + reinterpret_cast(request_hash_read), + sizeof(request_hash_read)); + auto kdo_prepare_func = [&](const ODK_LicenseRequest& core_request, + std::string* oemcrypto_core_message) { + return CreateCoreLicenseResponse(params.parsed_license, core_request, + request_hash_string, + oemcrypto_core_message); + }; + ValidateResponse(&(params.core_message), + params.extra_fields, odk_parse_func, + kdo_prepare_func); +} + +TEST(OdkTest, RenewalResponseRoundtrip) { + ODK_RenewalResponseParams params; + ODK_SetDefaultRenewalResponseParams(¶ms); + const uint64_t playback_clock = params.playback_clock; + const uint64_t renewal_duration = params.renewal_duration; + auto odk_parse_func = [&](const uint8_t* buf, size_t size) { + OEMCryptoResult err = + ODK_ParseRenewal(buf, size, size, &(params.core_message.nonce_values), + params.system_time, &(params.timer_limits), + &(params.clock_values), &(params.playback_timer)); + + EXPECT_EQ(ODK_SET_TIMER, err); + EXPECT_EQ(renewal_duration, params.playback_timer); + EXPECT_EQ(params.clock_values.time_when_timer_expires, + params.system_time + params.playback_timer); + + return OEMCrypto_SUCCESS; + }; + auto kdo_prepare_func = [&](ODK_RenewalRequest& core_request, + std::string* oemcrypto_core_message) { + core_request.playback_time_seconds = playback_clock; + return CreateCoreRenewalResponse(core_request, renewal_duration, + oemcrypto_core_message); + }; + ValidateResponse(&(params.core_message), + params.extra_fields, odk_parse_func, + kdo_prepare_func); +} + +TEST(OdkTest, ProvisionResponseRoundtrip) { + ODK_ProvisioningResponseParams params; + ODK_SetDefaultProvisioningResponseParams(¶ms); + // save a copy of params.device_id as it will be zero out during the test + const uint32_t device_id_length = params.device_id_length; + uint8_t device_id[ODK_DEVICE_ID_LEN_MAX] = {0}; + memcpy(device_id, params.device_id, device_id_length); + + auto odk_parse_func = [&](const uint8_t* buf, size_t size) { + OEMCryptoResult err = ODK_ParseProvisioning( + buf, size + 16, size, &(params.core_message.nonce_values), device_id, + device_id_length, &(params.parsed_provisioning)); + return err; + }; + auto kdo_prepare_func = [&](ODK_ProvisioningRequest& core_request, + std::string* oemcrypto_core_message) { + core_request.device_id.assign(reinterpret_cast(device_id), + device_id_length); + return CreateCoreProvisioningResponse(params.parsed_provisioning, + core_request, oemcrypto_core_message); + }; + ValidateResponse(&(params.core_message), + params.extra_fields, odk_parse_func, + kdo_prepare_func); +} + +TEST(OdkSizeTest, LicenseRequest) { + uint8_t* message = nullptr; + size_t message_length = 0; + size_t core_message_length = 0; + uint16_t api_minor_version = ODK_MINOR_VERSION; + uint16_t api_major_version = 0; + uint32_t nonce = 0; + uint32_t session_id = 0; + ODK_NonceValues nonce_values{api_minor_version, api_major_version, nonce, + session_id}; + EXPECT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, + ODK_PrepareCoreLicenseRequest(message, message_length, + &core_message_length, &nonce_values)); + // the core_message_length should be appropriately set + EXPECT_EQ(ODK_LICENSE_REQUEST_SIZE, core_message_length); +} + +TEST(OdkSizeTest, RenewalRequest) { + uint8_t* message = nullptr; + size_t message_length = 0; + size_t core_message_length = 0; + uint16_t api_minor_version = ODK_MINOR_VERSION; + uint16_t api_major_version = ODK_MAJOR_VERSION; + uint32_t nonce = 0; + uint32_t session_id = 0; + ODK_ClockValues clock_values = {}; + clock_values.time_of_first_decrypt = 10; + clock_values.timer_status = ODK_CLOCK_TIMER_STATUS_LICENSE_LOADED; + uint64_t system_time_seconds = 15; + ODK_NonceValues nonce_values{api_minor_version, api_major_version, nonce, + session_id}; + EXPECT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, + ODK_PrepareCoreRenewalRequest(message, message_length, + &core_message_length, &nonce_values, + &clock_values, system_time_seconds)); + // the core_message_length should be appropriately set + EXPECT_EQ(ODK_RENEWAL_REQUEST_SIZE, core_message_length); +} + +TEST(OdkSizeTest, ReleaseRequest) { + uint8_t* message = nullptr; + size_t message_length = 0; + size_t core_message_length = 0; + uint16_t api_minor_version = ODK_MINOR_VERSION; + uint16_t api_major_version = 0; + uint32_t nonce = 0; + uint32_t session_id = 0; + ODK_ClockValues clock_values = {}; + clock_values.time_of_first_decrypt = 10; + clock_values.timer_status = ODK_CLOCK_TIMER_STATUS_LICENSE_INACTIVE; + uint64_t system_time_seconds = 15; + ODK_NonceValues nonce_values{api_minor_version, api_major_version, nonce, + session_id}; + EXPECT_EQ(OEMCrypto_SUCCESS, + ODK_PrepareCoreRenewalRequest(message, message_length, + &core_message_length, &nonce_values, + &clock_values, system_time_seconds)); + // Release requests do not have a core message. + EXPECT_GE(core_message_length, 0); +} + +TEST(OdkSizeTest, ProvisioningRequest) { + uint8_t* message = nullptr; + size_t message_length = 0; + size_t core_message_length = 0; + uint16_t api_minor_version = ODK_MINOR_VERSION; + uint16_t api_major_version = 0; + uint32_t nonce = 0; + uint32_t session_id = 0; + uint32_t device_id_length = 0; + ODK_NonceValues nonce_values{api_minor_version, api_major_version, nonce, + session_id}; + EXPECT_EQ(OEMCrypto_ERROR_SHORT_BUFFER, + ODK_PrepareCoreProvisioningRequest( + message, message_length, &core_message_length, &nonce_values, + nullptr, device_id_length)); + // the core_message_length should be appropriately set + EXPECT_EQ(ODK_PROVISIONING_REQUEST_SIZE, core_message_length); +} + +// Verify the version string contains the right version numbers. +TEST(OdkTest, CheckReleaseVersion) { + // Here are the version numbers. + std::string expected_version = std::to_string(ODK_MAJOR_VERSION) + "." + + std::to_string(ODK_MINOR_VERSION); + // Here is the version string. + EXPECT_NE(std::string(ODK_RELEASE_DATE).find(expected_version), + std::string::npos) + << "Version mismatch in odk_structs.h"; +} + +} // namespace + +} // namespace wvodk_test diff --git a/oemcrypto/odk/test/odk_test.gypi b/oemcrypto/odk/test/odk_test.gypi new file mode 100644 index 00000000..ecd720ac --- /dev/null +++ b/oemcrypto/odk/test/odk_test.gypi @@ -0,0 +1,13 @@ +# Copyright 2019 Google LLC. All rights reserved. This file and proprietary +# source code may only be used and distributed under the Widevine Master License +# Agreement. + +{ + 'sources': [ + 'odk_test.cpp', + 'odk_test_helper.cpp', + 'odk_test_helper.h', + 'odk_timer_test.cpp', + ], +} + diff --git a/oemcrypto/odk/test/odk_test_helper.cpp b/oemcrypto/odk/test/odk_test_helper.cpp new file mode 100644 index 00000000..167d9e59 --- /dev/null +++ b/oemcrypto/odk/test/odk_test_helper.cpp @@ -0,0 +1,488 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#include "odk_test_helper.h" + +#include + +#include +#include +#include +#include +#include +#include + +#include "OEMCryptoCENCCommon.h" +#include "gtest/gtest.h" +#include "odk_structs.h" +#include "odk_structs_priv.h" + +namespace wvodk_test { + +void ODK_SetDefaultCoreFields(ODK_CoreMessage* core_message, + uint32_t message_type) { + ASSERT_TRUE(core_message != nullptr); + core_message->message_type = message_type; + core_message->message_length = 0; + core_message->nonce_values.api_minor_version = ODK_MINOR_VERSION; + core_message->nonce_values.api_major_version = ODK_MAJOR_VERSION; + core_message->nonce_values.nonce = 0xdeadbeef; + core_message->nonce_values.session_id = 0xcafebabe; +} + +void ODK_SetDefaultLicenseResponseParams(ODK_LicenseResponseParams* params) { + ODK_SetDefaultCoreFields(&(params->core_message), ODK_License_Response_Type); + params->initial_license_load = true; + params->usage_entry_present = true; + params->parsed_license = { + .enc_mac_keys_iv = {.offset = 0, .length = 1}, + .enc_mac_keys = {.offset = 2, .length = 3}, + .pst = {.offset = 4, .length = 5}, + .srm_restriction_data = {.offset = 6, .length = 7}, + .license_type = OEMCrypto_EntitlementLicense, + .nonce_required = true, + .timer_limits = + { + .soft_enforce_rental_duration = true, + .soft_enforce_playback_duration = false, + .earliest_playback_start_seconds = 10, + .rental_duration_seconds = 11, + .total_playback_duration_seconds = 12, + .initial_renewal_duration_seconds = 13, + }, + .key_array_length = 3, + .key_array = + { + { + .key_id = {.offset = 15, .length = 16}, + .key_data_iv = {.offset = 17, .length = 18}, + .key_data = {.offset = 19, .length = 20}, + .key_control_iv = {.offset = 21, .length = 22}, + .key_control = {.offset = 23, .length = 24}, + }, + { + .key_id = {.offset = 25, .length = 26}, + .key_data_iv = {.offset = 27, .length = 28}, + .key_data = {.offset = 29, .length = 30}, + .key_control_iv = {.offset = 31, .length = 32}, + .key_control = {.offset = 33, .length = 34}, + }, + { + .key_id = {.offset = 35, .length = 36}, + .key_data_iv = {.offset = 37, .length = 38}, + .key_data = {.offset = 39, .length = 40}, + .key_control_iv = {.offset = 41, .length = 42}, + .key_control = {.offset = 43, .length = 44}, + }, + }, + }; + memset(params->request_hash, 0xaa, sizeof(params->request_hash)); + params->extra_fields = { + {ODK_SUBSTRING, &(params->parsed_license.enc_mac_keys_iv), + ".enc_mac_keys_iv"}, + {ODK_SUBSTRING, &(params->parsed_license.enc_mac_keys), ".enc_mac_keys"}, + {ODK_SUBSTRING, &(params->parsed_license.pst), ".pst"}, + {ODK_SUBSTRING, &(params->parsed_license.srm_restriction_data), + ".srm_restriction_data"}, + {ODK_UINT32, &(params->parsed_license.license_type), ".license_type"}, + {ODK_UINT32, &(params->parsed_license.nonce_required), ".nonce_required"}, + {ODK_UINT32, + &(params->parsed_license.timer_limits.soft_enforce_rental_duration), + ".soft_enforce_rental_duration"}, + {ODK_UINT32, + &(params->parsed_license.timer_limits.soft_enforce_playback_duration), + ".soft_enforce_playback_duration"}, + {ODK_UINT64, + &(params->parsed_license.timer_limits.earliest_playback_start_seconds), + ".earliest_playback_start_seconds"}, + {ODK_UINT64, + &(params->parsed_license.timer_limits.rental_duration_seconds), + ".rental_duration_seconds"}, + {ODK_UINT64, + &(params->parsed_license.timer_limits.total_playback_duration_seconds), + ".total_playback_duration_seconds"}, + {ODK_UINT64, + &(params->parsed_license.timer_limits.initial_renewal_duration_seconds), + ".initial_renewal_duration_seconds"}, + {ODK_UINT32, &(params->parsed_license.key_array_length), + ".key_array_length"}, + {ODK_SUBSTRING, &(params->parsed_license.key_array[0].key_id), ".key_id"}, + {ODK_SUBSTRING, &(params->parsed_license.key_array[0].key_data_iv), + ".key_data_iv"}, + {ODK_SUBSTRING, &(params->parsed_license.key_array[0].key_data), + ".key_data"}, + {ODK_SUBSTRING, &(params->parsed_license.key_array[0].key_control_iv), + ".key_control_iv"}, + {ODK_SUBSTRING, &(params->parsed_license.key_array[0].key_control), + ".key_control"}, + {ODK_SUBSTRING, &(params->parsed_license.key_array[1].key_id), ".key_id"}, + {ODK_SUBSTRING, &(params->parsed_license.key_array[1].key_data_iv), + ".key_data_iv"}, + {ODK_SUBSTRING, &(params->parsed_license.key_array[1].key_data), + ".key_data"}, + {ODK_SUBSTRING, &(params->parsed_license.key_array[1].key_control_iv), + ".key_control_iv"}, + {ODK_SUBSTRING, &(params->parsed_license.key_array[1].key_control), + ".key_control"}, + {ODK_SUBSTRING, &(params->parsed_license.key_array[2].key_id), ".key_id"}, + {ODK_SUBSTRING, &(params->parsed_license.key_array[2].key_data_iv), + ".key_data_iv"}, + {ODK_SUBSTRING, &(params->parsed_license.key_array[2].key_data), + ".key_data"}, + {ODK_SUBSTRING, &(params->parsed_license.key_array[2].key_control_iv), + ".key_control_iv"}, + {ODK_SUBSTRING, &(params->parsed_license.key_array[2].key_control), + ".key_control"}, + {ODK_HASH, params->request_hash, ".request_hash"}, + }; +} + +void ODK_SetDefaultRenewalResponseParams(ODK_RenewalResponseParams* params) { + ODK_SetDefaultCoreFields(&(params->core_message), ODK_Renewal_Response_Type); + params->system_time = 0xfaceb00c; + params->playback_clock = 10; + params->playback_timer = 20; + params->renewal_duration = 300; + params->extra_fields = { + {ODK_UINT64, &(params->playback_clock), "playback_clock"}, + {ODK_UINT64, &(params->renewal_duration), "renewal_duration"}, + }; + params->timer_limits = { + .soft_enforce_rental_duration = false, + .soft_enforce_playback_duration = false, + .earliest_playback_start_seconds = 0, + .rental_duration_seconds = 1000, + .total_playback_duration_seconds = 2000, + .initial_renewal_duration_seconds = 300, + }; + params->clock_values = { + .time_of_license_signed = + params->system_time - params->playback_clock - 42, + .time_of_first_decrypt = params->system_time - params->playback_clock, + .time_of_last_decrypt = params->system_time - params->playback_clock, + .time_of_renewal_request = params->playback_clock, + .time_when_timer_expires = params->system_time + params->playback_timer, + .timer_status = ODK_CLOCK_TIMER_STATUS_ACTIVE, + .status = kActive, + }; +} + +void ODK_SetDefaultProvisioningResponseParams( + ODK_ProvisioningResponseParams* params) { + ODK_SetDefaultCoreFields(&(params->core_message), + ODK_Provisioning_Response_Type); + params->device_id_length = ODK_DEVICE_ID_LEN_MAX / 2; + memset(params->device_id, 0xff, params->device_id_length); + memset(params->device_id + params->device_id_length, 0, + ODK_DEVICE_ID_LEN_MAX - params->device_id_length); + params->parsed_provisioning = { + .enc_private_key = {.offset = 0, .length = 1}, + .enc_private_key_iv = {.offset = 2, .length = 3}, + .encrypted_message_key = {.offset = 4, .length = 5}, + }; + params->extra_fields = { + {ODK_UINT32, &(params->device_id_length), "device_id_length"}, + {ODK_DEVICEID, params->device_id, "device_id"}, + {ODK_UINT32, &(params->parsed_provisioning).key_type, "key_type"}, + {ODK_SUBSTRING, &(params->parsed_provisioning).enc_private_key, + "enc_private_key"}, + {ODK_SUBSTRING, &(params->parsed_provisioning).enc_private_key_iv, + "enc_private_key_iv"}, + {ODK_SUBSTRING, &(params->parsed_provisioning).encrypted_message_key, + "encrypted_message_key"}, + }; +} + +size_t ODK_FieldLength(ODK_FieldType type) { + switch (type) { + case ODK_UINT16: + return sizeof(uint16_t); + case ODK_UINT32: + return sizeof(uint32_t); + case ODK_UINT64: + return sizeof(uint64_t); + case ODK_SUBSTRING: + return sizeof(uint32_t) + sizeof(uint32_t); + case ODK_DEVICEID: + return ODK_DEVICE_ID_LEN_MAX; + case ODK_HASH: + return ODK_SHA256_HASH_SIZE; + default: + return SIZE_MAX; + } +} + +size_t ODK_AllocSize(ODK_FieldType type) { + if (type == ODK_SUBSTRING) { + return sizeof(OEMCrypto_Substring); + } + return ODK_FieldLength(type); +} + +OEMCryptoResult ODK_WriteSingleField(uint8_t* buf, const ODK_Field* field) { + if (buf == nullptr || field == nullptr || field->value == nullptr) { + return ODK_ERROR_CORE_MESSAGE; + } + switch (field->type) { + case ODK_UINT16: { + const uint16_t u16 = htobe16(*static_cast(field->value)); + memcpy(buf, &u16, sizeof(u16)); + break; + } + case ODK_UINT32: { + const uint32_t u32 = htobe32(*static_cast(field->value)); + memcpy(buf, &u32, sizeof(u32)); + break; + } + case ODK_UINT64: { + const uint64_t u64 = htobe64(*static_cast(field->value)); + memcpy(buf, &u64, sizeof(u64)); + break; + } + case ODK_SUBSTRING: { + OEMCrypto_Substring* s = static_cast(field->value); + const uint32_t off = htobe32(s->offset); + const uint32_t len = htobe32(s->length); + memcpy(buf, &off, sizeof(off)); + memcpy(buf + sizeof(off), &len, sizeof(len)); + break; + } + case ODK_DEVICEID: + case ODK_HASH: { + const size_t field_len = ODK_FieldLength(field->type); + const uint8_t* const id = static_cast(field->value); + memcpy(buf, id, field_len); + + break; + } + default: + return ODK_ERROR_CORE_MESSAGE; + } + return OEMCrypto_SUCCESS; +} + +OEMCryptoResult ODK_ReadSingleField(const uint8_t* buf, + const ODK_Field* field) { + if (buf == nullptr || field == nullptr || field->value == nullptr) { + return ODK_ERROR_CORE_MESSAGE; + } + switch (field->type) { + case ODK_UINT16: { + memcpy(field->value, buf, sizeof(uint16_t)); + uint16_t* u16p = static_cast(field->value); + *u16p = be16toh(*u16p); + break; + } + case ODK_UINT32: { + memcpy(field->value, buf, sizeof(uint32_t)); + uint32_t* u32p = static_cast(field->value); + *u32p = be32toh(*u32p); + break; + } + case ODK_UINT64: { + memcpy(field->value, buf, sizeof(uint64_t)); + uint64_t* u64p = static_cast(field->value); + *u64p = be64toh(*u64p); + break; + } + case ODK_SUBSTRING: { + OEMCrypto_Substring* s = static_cast(field->value); + uint32_t off = 0; + uint32_t len = 0; + memcpy(&off, buf, sizeof(off)); + memcpy(&len, buf + sizeof(off), sizeof(len)); + s->offset = be32toh(off); + s->length = be32toh(len); + break; + } + case ODK_DEVICEID: + case ODK_HASH: { + const size_t field_len = ODK_FieldLength(field->type); + uint8_t* const id = static_cast(field->value); + memcpy(id, buf, field_len); + break; + } + default: + return ODK_ERROR_CORE_MESSAGE; + } + return OEMCrypto_SUCCESS; +} + +OEMCryptoResult ODK_DumpSingleField(const uint8_t* buf, + const ODK_Field* field) { + if (buf == nullptr || field == nullptr || field->value == nullptr) { + return ODK_ERROR_CORE_MESSAGE; + } + switch (field->type) { + case ODK_UINT16: { + uint16_t val; + memcpy(&val, buf, sizeof(uint16_t)); + val = be16toh(val); + std::cerr << field->name << ": " << val << " = 0x" << std::hex << val + << "\n"; + break; + } + case ODK_UINT32: { + uint32_t val; + memcpy(&val, buf, sizeof(uint32_t)); + val = be32toh(val); + std::cerr << field->name << ": " << val << " = 0x" << std::hex << val + << "\n"; + break; + } + case ODK_UINT64: { + uint64_t val; + memcpy(&val, buf, sizeof(uint64_t)); + val = be64toh(val); + std::cerr << field->name << ": " << val << " = 0x" << std::hex << val + << "\n"; + break; + } + case ODK_SUBSTRING: { + uint32_t off = 0; + uint32_t len = 0; + memcpy(&off, buf, sizeof(off)); + memcpy(&len, buf + sizeof(off), sizeof(len)); + std::cerr << field->name << ": (off=" << off << ", len=" << len << ")\n"; + break; + } + case ODK_DEVICEID: + case ODK_HASH: { + const size_t field_len = ODK_FieldLength(field->type); + std::cerr << field->name << ": "; + for (size_t i = 0; i < field_len; i++) { + std::cerr << std::hex << std::setfill('0') << std::setw(2) + << static_cast(buf[i]); + } + std::cerr << "\n"; + break; + } + default: + return ODK_ERROR_CORE_MESSAGE; + } + std::cerr << std::dec; // Return to normal. + return OEMCrypto_SUCCESS; +} + +/* + * Parameters: + * [in] size_in: buffer size + * [out] size_out: bytes processed + */ +OEMCryptoResult ODK_IterFields(ODK_FieldMode mode, uint8_t* buf, + const size_t size_in, size_t* size_out, + const std::vector& fields) { + if (buf == nullptr || size_out == nullptr) { + return ODK_ERROR_CORE_MESSAGE; + } + size_t off = 0, off2 = 0; + for (size_t i = 0; i < fields.size(); i++) { + if (__builtin_add_overflow(off, ODK_FieldLength(fields[i].type), &off2) || + off2 > size_in) { + return ODK_ERROR_CORE_MESSAGE; + } + uintptr_t base = reinterpret_cast(buf); + if (__builtin_add_overflow(base, off, &base)) { + return ODK_ERROR_CORE_MESSAGE; + } + uint8_t* const buf_off = buf + off; + switch (mode) { + case ODK_WRITE: + ODK_WriteSingleField(buf_off, &fields[i]); + break; + case ODK_READ: + ODK_ReadSingleField(buf_off, &fields[i]); + break; + case ODK_DUMP: + ODK_DumpSingleField(buf_off, &fields[i]); + break; + default: + return ODK_ERROR_CORE_MESSAGE; + } + off = off2; + } + *size_out = off; + if (*size_out > size_in) { + return ODK_ERROR_CORE_MESSAGE; + } + return OEMCrypto_SUCCESS; +} + +void ODK_ExpectEqualBuf(const void* s1, const void* s2, size_t n, + const std::vector& fields) { + if (memcmp(s1, s2, n) != 0) { + const void* buffers[] = {s1, s2}; + for (int i = 0; i < 2; i++) { + char _tmp[] = "/tmp/fileXXXXXX"; + const int temp_fd = mkstemp(_tmp); + if (temp_fd >= 0) { + close(temp_fd); + } else { + std::cerr << "Failed to open temp file." << std::endl; + break; + } + std::string tmp(_tmp); + std::fstream out(tmp, std::ios::out | std::ios::binary); + out.write(static_cast(buffers[i]), n); + out.close(); + std::cerr << "buffer " << i << " dumped to " << tmp << std::endl; + size_t bytes_written; + uint8_t* buf = + const_cast(reinterpret_cast(buffers[i])); + ODK_IterFields(ODK_DUMP, buf, n, &bytes_written, fields); + } + FAIL(); + } +} + +void ODK_ResetOdkFields(std::vector* fields) { + if (fields == nullptr) { + return; + } + for (auto& field : *fields) { + if (field.value != nullptr) { + const size_t size = ODK_AllocSize(field.type); + memset(field.value, 0, size); + } + } +} + +void ODK_BuildMessageBuffer(ODK_CoreMessage* core_message, + const std::vector& extra_fields, + uint8_t** buf, uint32_t* buf_size) { + ASSERT_TRUE(core_message != nullptr); + ASSERT_TRUE(buf_size != nullptr); + std::vector total_fields = { + {ODK_UINT32, &(core_message->message_type), "message_type"}, + {ODK_UINT32, &(core_message->message_length), "message_size"}, + {ODK_UINT16, &(core_message->nonce_values.api_minor_version), + "api_minor_version"}, + {ODK_UINT16, &(core_message->nonce_values.api_major_version), + "api_major_version"}, + {ODK_UINT32, &(core_message->nonce_values.nonce), "nonce"}, + {ODK_UINT32, &(core_message->nonce_values.session_id), "session_id"}, + }; + + uint32_t header_size = 0; + for (auto& field : total_fields) { + header_size += ODK_FieldLength(field.type); + } + + total_fields.insert(total_fields.end(), extra_fields.begin(), + extra_fields.end()); + for (auto& field : total_fields) { + *buf_size += ODK_FieldLength(field.type); + } + // update message_size + *(reinterpret_cast(total_fields[1].value)) = *buf_size; + + *buf = new uint8_t[*buf_size]{}; + size_t bytes_written = 0; + // serialize ODK fields to message buffer + EXPECT_EQ(OEMCrypto_SUCCESS, ODK_IterFields(ODK_WRITE, *buf, SIZE_MAX, + &bytes_written, total_fields)); + EXPECT_EQ(bytes_written, *buf_size); +} + +} // namespace wvodk_test diff --git a/oemcrypto/odk/test/odk_test_helper.h b/oemcrypto/odk/test/odk_test_helper.h new file mode 100644 index 00000000..1d90dc07 --- /dev/null +++ b/oemcrypto/odk/test/odk_test_helper.h @@ -0,0 +1,99 @@ +// Copyright 2019 Google LLC. All rights reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#ifndef WIDEVINE_ODK_TEST_ODK_TEST_HELPER_H_ +#define WIDEVINE_ODK_TEST_ODK_TEST_HELPER_H_ + +#include +#include +#include + +#include "odk_structs.h" +#include "odk_structs_priv.h" + +namespace wvodk_test { + +enum ODK_FieldType { + ODK_UINT16, + ODK_UINT32, + ODK_UINT64, + ODK_SUBSTRING, + ODK_DEVICEID, + ODK_HASH, + ODK_NUMTYPES, +}; + +enum ODK_FieldMode { + ODK_READ, + ODK_WRITE, + ODK_DUMP, +}; + +struct ODK_Field { + ODK_FieldType type; + void* value; + std::string name; +}; + +struct ODK_LicenseResponseParams { + ODK_CoreMessage core_message; + bool initial_license_load; + bool usage_entry_present; + uint8_t request_hash[ODK_SHA256_HASH_SIZE]; + ODK_TimerLimits timer_limits; + ODK_ClockValues clock_values; + ODK_ParsedLicense parsed_license; + std::vector extra_fields; +}; + +struct ODK_RenewalResponseParams { + ODK_CoreMessage core_message; + uint64_t system_time; + uint64_t playback_clock; + uint64_t renewal_duration; + ODK_TimerLimits timer_limits; + ODK_ClockValues clock_values; + uint64_t playback_timer; + std::vector extra_fields; +}; + +struct ODK_ProvisioningResponseParams { + ODK_CoreMessage core_message; + uint8_t device_id[ODK_DEVICE_ID_LEN_MAX]; + uint32_t device_id_length; + ODK_ParsedProvisioning parsed_provisioning; + std::vector extra_fields; +}; + +// Default values in core_message for testing +void ODK_SetDefaultCoreFields(ODK_CoreMessage* core_message, + uint32_t message_type); +void ODK_SetDefaultLicenseResponseParams(ODK_LicenseResponseParams* params); +void ODK_SetDefaultRenewalResponseParams(ODK_RenewalResponseParams* params); +void ODK_SetDefaultProvisioningResponseParams( + ODK_ProvisioningResponseParams* params); + +size_t ODK_FieldLength(ODK_FieldType type); +size_t ODK_AllocSize(ODK_FieldType type); + +// Copy ODK_Field to buf +OEMCryptoResult ODK_WriteSingleField(uint8_t* buf, const ODK_Field* field); +// Load buf to ODK_Field +OEMCryptoResult ODK_ReadSingleField(const uint8_t* buf, const ODK_Field* field); +OEMCryptoResult ODK_DumpSingleField(const uint8_t* buf, const ODK_Field* field); +OEMCryptoResult ODK_IterFields(ODK_FieldMode mode, uint8_t* buf, + const size_t size_in, size_t* size_out, + const std::vector& fields); +void ODK_ExpectEqualBuf(const void* s1, const void* s2, size_t n, + const std::vector& fields); +void ODK_ResetOdkFields(std::vector* fields); + +// Serialize core_message and extra_fields into buf +void ODK_BuildMessageBuffer(ODK_CoreMessage* core_message, + const std::vector& extra_fields, + uint8_t** buf, uint32_t* buf_size); + +} // namespace wvodk_test + +#endif // WIDEVINE_ODK_TEST_ODK_TEST_HELPER_H_ diff --git a/oemcrypto/odk/test/odk_timer_test.cpp b/oemcrypto/odk/test/odk_timer_test.cpp new file mode 100644 index 00000000..15a6f78e --- /dev/null +++ b/oemcrypto/odk/test/odk_timer_test.cpp @@ -0,0 +1,1239 @@ +/* Copyright 2019 Google LLC. All rights reserved. This file and proprietary + * source code may only be used and distributed under the Widevine Master + * License Agreement. + */ + +#include "OEMCryptoCENCCommon.h" +#include "gtest/gtest.h" +#include "odk.h" +#include "odk_structs_priv.h" + +namespace { + +// The rental clock starts when the request is signed. If any test fails +// because a time is off by exactly 1000, that is a strong indication that we +// confused rental and system clocks. The system clock should only be used +// internally on the device, because it might not be synchronized from one +// device to another. Rental clock is used in the license message from the +// server. +constexpr uint64_t kRentalClockStart = 1000u; + +// The renewal grace period is used by the server and the CDM layer to allow +// time between when the renewal is requested and when playback is cutoff if the +// renewal is not loaded. +constexpr uint64_t kGracePeriod = 5u; + +TEST(OdkTimerBasicTest, NullTest) { + // Assert that nullptr does not cause a core dump. + ODK_InitializeClockValues(nullptr, 0u); + ODK_ReloadClockValues(nullptr, 0u, 0u, 0u, kActive, 0u); + ODK_AttemptFirstPlayback(0u, nullptr, nullptr, nullptr); + ODK_UpdateLastPlaybackTime(0, nullptr, nullptr); + ASSERT_TRUE(true); +} + +TEST(OdkTimerBasicTest, Init) { + // Verify that basic initialization sets all of the fields. + ODK_ClockValues clock_values; + memset(&clock_values, 0, sizeof(clock_values)); + uint64_t time = 42; + ODK_InitializeClockValues(&clock_values, time); + EXPECT_EQ(clock_values.time_of_license_signed, time); + EXPECT_EQ(clock_values.time_of_first_decrypt, 0u); + EXPECT_EQ(clock_values.time_of_last_decrypt, 0u); + EXPECT_EQ(clock_values.time_when_timer_expires, 0u); + EXPECT_EQ(clock_values.timer_status, + ODK_CLOCK_TIMER_STATUS_LICENSE_NOT_LOADED); + EXPECT_EQ(clock_values.status, kUnused); +} + +TEST(OdkTimerBasicTest, Reload) { + // Verify that reloading clock values uses the same values + // for fields that can be saved, and sets others to 0. + ODK_ClockValues clock_values; + memset(&clock_values, 0, sizeof(clock_values)); + uint64_t time = 42u; + uint64_t lic_signed = 1u; + uint64_t first_decrypt = 2u; + uint64_t last_decrypt = 3u; + enum OEMCrypto_Usage_Entry_Status status = kInactiveUsed; + ODK_ReloadClockValues(&clock_values, lic_signed, first_decrypt, last_decrypt, + status, time); + EXPECT_EQ(clock_values.time_of_license_signed, lic_signed); + EXPECT_EQ(clock_values.time_of_first_decrypt, first_decrypt); + EXPECT_EQ(clock_values.time_of_last_decrypt, last_decrypt); + EXPECT_EQ(clock_values.time_when_timer_expires, 0u); + EXPECT_EQ(clock_values.timer_status, + ODK_CLOCK_TIMER_STATUS_LICENSE_NOT_LOADED); + EXPECT_EQ(clock_values.status, status); +} + +// All of the following test cases are derived from this base class. It +// simulates loading a license, attempting playback, and reloading a license. +class ODKTimerTest : public ::testing::Test { + public: + ODKTimerTest() { + // These are reasonable initial values for most tests. This is an unlimited + // license. Most of the tests below will add some restrictions by changing + // these values, and then verify that the ODK library behaves correctly. + timer_limits_.soft_enforce_rental_duration = true; + timer_limits_.soft_enforce_playback_duration = true; + timer_limits_.earliest_playback_start_seconds = 0u; + // A duration of 0 means infinite. + timer_limits_.rental_duration_seconds = 0u; + timer_limits_.total_playback_duration_seconds = 0u; + timer_limits_.initial_renewal_duration_seconds = 0u; + + // This is when we will attempt the first valid playback. + start_of_playback_ = + GetSystemTime(timer_limits_.earliest_playback_start_seconds + 10); + } + + protected: + void SetUp() override { + ::testing::Test::SetUp(); + // Start rental clock at kRentalClockStart. This happens when the license + // request is signed. + ODK_InitializeClockValues(&clock_values_, kRentalClockStart); + EXPECT_EQ(clock_values_.time_of_license_signed, kRentalClockStart); + } + + // Simulate loading or reloading a license in a new session. An offline + // license should have several of the clock_value's fields saved into the + // usage table. When it is reloaded those values should be reloaded. From + // these fields, the ODK function can tell if this is the first playback for + // the license, or just the first playback for this session. The key fields + // that should be saved are the status, and the times for license signed, and + // first and last playback times. + void ReloadLicense(uint64_t system_time) { + ODK_ClockValues old_clock_values = clock_values_; + // First clear out the old clock values. + memset(&clock_values_, 0, sizeof(clock_values_)); + // When the session is opened, the clock values are initialized. + ODK_InitializeClockValues(&clock_values_, 0); + // When the usage entry is reloaded, the clock values are reloaded. + ODK_ReloadClockValues(&clock_values_, + old_clock_values.time_of_license_signed, + old_clock_values.time_of_first_decrypt, + old_clock_values.time_of_last_decrypt, + old_clock_values.status, system_time); + EXPECT_EQ(clock_values_.timer_status, + ODK_CLOCK_TIMER_STATUS_LICENSE_NOT_LOADED); + // These shall not change: + EXPECT_EQ(clock_values_.time_of_license_signed, kRentalClockStart); + EXPECT_EQ(clock_values_.time_of_first_decrypt, + old_clock_values.time_of_first_decrypt); + EXPECT_EQ(clock_values_.time_of_last_decrypt, + old_clock_values.time_of_last_decrypt); + // ODK_ParseLicense sets the new timer state. + clock_values_.timer_status = ODK_CLOCK_TIMER_STATUS_LICENSE_LOADED; + } + + // Simulate loading or reloading a license, then verify that we are allowed + // playback from |start| to |stop|. If |cutoff| is not 0, then expect the + // timer to expire at that time. If |cutoff| is 0, expect the timer is not + // set. If you refer to the diagrams in "License Duration and Renewal", this + // tests a cyan bar with a green check mark. + // When nonzero |start|, |stop|, and |cutoff| are all system times. + void LoadAndAllowPlayback(uint64_t start, uint64_t stop, uint64_t cutoff) { + ReloadLicense(start); + AllowPlayback(start, stop, cutoff); + } + + // Verify that we are allowed playback from |start| to |stop|. If |cutoff| is + // not 0, then expect the timer to expire at that time. If |cutoff| is 0, + // expect the timer is not set. If you refer to the diagrams in "License + // Duration and Renewal", this tests a cyan bar with a green check mark. + // When nonzero |start|, |stop|, and |cutoff| are all system times. + void AllowPlayback(uint64_t start, uint64_t stop, uint64_t cutoff) { + ASSERT_LT(start, stop); + if (cutoff > 0) ASSERT_LE(stop, cutoff); + uint64_t timer_value; + const OEMCryptoResult result = ODK_AttemptFirstPlayback( + start, &timer_limits_, &clock_values_, &timer_value); + // After first playback, the license is active. + EXPECT_EQ(clock_values_.status, kActive); + EXPECT_EQ(clock_values_.time_when_timer_expires, cutoff); + if (cutoff > 0) { // If we expect the timer to be set. + EXPECT_EQ(result, ODK_SET_TIMER); + EXPECT_EQ(timer_value, cutoff - start); + } else { + EXPECT_EQ(result, ODK_DISABLE_TIMER); + } + CheckClockValues(start); + const uint64_t mid = (start + stop) / 2; + EXPECT_EQ(ODK_UpdateLastPlaybackTime(mid, &timer_limits_, &clock_values_), + OEMCrypto_SUCCESS); + CheckClockValues(mid); + EXPECT_EQ(ODK_UpdateLastPlaybackTime(stop, &timer_limits_, &clock_values_), + OEMCrypto_SUCCESS); + CheckClockValues(stop); + } + + // Simulate loading or reloading a license, then attempt to play from |start| + // to |cutoff|. Verify that we are allowed playback from |start| to |cutoff|, + // but playback is not allowed after |cutoff|. If you refer to the diagrams in + // "License Duration and Renewal", this tests a cyan bar with a black X. When + // nonzero |start|, and |cutoff| are all system times. + void LoadAndTerminatePlayback(uint64_t start, uint64_t cutoff) { + ReloadLicense(start); + TerminatePlayback(start, cutoff, cutoff + 10); + } + + // Attempt to play from |start| to |stop|. Verify that we are allowed playback + // from |start| to |cutoff|, but playback not allowed after |cutoff|. If you + // refer to the diagrams in "License Duration and Renewal", this tests a cyan + // bar with a black X. This assumes that |cutoff| is before |stop|. + // When nonzero |start|, |stop|, and |cutoff| are all system times. + void TerminatePlayback(uint64_t start, uint64_t cutoff, uint64_t stop) { + ASSERT_LT(start, cutoff); + ASSERT_LT(cutoff, stop); + AllowPlayback(start, cutoff, cutoff); + EXPECT_EQ( + ODK_UpdateLastPlaybackTime(cutoff + 1, &timer_limits_, &clock_values_), + ODK_TIMER_EXPIRED); + CheckClockValues(cutoff); + const uint64_t mid = (cutoff + stop) / 2; + EXPECT_EQ(ODK_UpdateLastPlaybackTime(mid, &timer_limits_, &clock_values_), + ODK_TIMER_EXPIRED); + // times do not change if playback was not allowed. + CheckClockValues(cutoff); + EXPECT_EQ(ODK_UpdateLastPlaybackTime(stop, &timer_limits_, &clock_values_), + ODK_TIMER_EXPIRED); + CheckClockValues(cutoff); + } + + // Verify that we are not allowed playback at the |start| time. If you refer + // to the diagrams in "License Duration and Renewal", this tests a cyan line + // followed by a black X. The parameter |start| is system time. + void ForbidPlayback(uint64_t start) { + ReloadLicense(start); + ODK_ClockValues old_clock_values = clock_values_; + uint64_t timer_value; + EXPECT_EQ(ODK_AttemptFirstPlayback(start, &timer_limits_, &clock_values_, + &timer_value), + ODK_TIMER_EXPIRED); + // These should not have changed. In particular, if the license was unused + // before, it should reamin unused. + EXPECT_EQ(clock_values_.time_of_license_signed, + old_clock_values.time_of_license_signed); + EXPECT_EQ(clock_values_.time_of_first_decrypt, + old_clock_values.time_of_first_decrypt); + EXPECT_EQ(clock_values_.time_of_last_decrypt, + old_clock_values.time_of_last_decrypt); + EXPECT_EQ(clock_values_.status, old_clock_values.status); + } + + // Verify that the clock values are correct. + void CheckClockValues(uint64_t time_of_last_decrypt) { + EXPECT_EQ(clock_values_.time_of_license_signed, kRentalClockStart); + EXPECT_EQ(clock_values_.time_of_first_decrypt, start_of_playback_); + EXPECT_EQ(clock_values_.time_of_last_decrypt, time_of_last_decrypt); + EXPECT_EQ(clock_values_.status, kActive); + } + + // Convert from rental time to system time. By "system time", we mean + // OEMCrypto's montonic clock. The spec does not specify a starting time for + // this clock. + uint64_t GetSystemTime(uint64_t rental_clock) { + return kRentalClockStart + rental_clock; + } + + // The end of the playback window. (using system clock) + // This is not useful if the playback duration is 0. + uint64_t EndOfPlaybackWindow() { + return start_of_playback_ + timer_limits_.total_playback_duration_seconds; + } + + // The end of the rental window. (using system clock) + // This is not useful if the rental duration is 0. + uint64_t EndOfRentalWindow() { + return GetSystemTime(timer_limits_.earliest_playback_start_seconds) + + timer_limits_.rental_duration_seconds; + } + + ODK_TimerLimits timer_limits_; + ODK_ClockValues clock_values_; + // The start of playback. This is set to the planned start at the beginning of + // the test. (using system clock) + uint64_t start_of_playback_; +}; + +TEST_F(ODKTimerTest, SimplePlayback) { + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 100, 0); +} + +// This tests that we are not allowed to start playback before the rental window +// opens. +TEST_F(ODKTimerTest, EarlyTest) { + timer_limits_.earliest_playback_start_seconds = 100u; + // This is earlier than we are allowed. + const uint64_t bad_start_time = + GetSystemTime(timer_limits_.earliest_playback_start_seconds - 10); + // An attempt to start playback before the timer starts is an error. + // We use the TIMER_EXPIRED error to mean both early or late. + ForbidPlayback(bad_start_time); + // And times were not updated: + EXPECT_EQ(clock_values_.status, kUnused); + // This is when we will attempt the first valid playback. + start_of_playback_ = + GetSystemTime(timer_limits_.earliest_playback_start_seconds + 10); + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 100, 0); +} + +// This runs the same test as above, but explicitly gives the ODK library a null +// pointer for the timer value. A null pointer is allowed for OEMCrypto +// implementations that do not manage their own timer. +TEST_F(ODKTimerTest, NullTimer) { + timer_limits_.earliest_playback_start_seconds = 100u; + // This is the earlier, invalid start time. + const uint64_t bad_start_time = + GetSystemTime(timer_limits_.earliest_playback_start_seconds - 10); + timer_limits_.rental_duration_seconds = 300; + timer_limits_.soft_enforce_rental_duration = false; + ReloadLicense(GetSystemTime(bad_start_time)); + + // If OEMCrypto passes in a null pointer, then the ODK should allow this. + uint64_t* timer_value_pointer = nullptr; + EXPECT_EQ(ODK_AttemptFirstPlayback(bad_start_time, &timer_limits_, + &clock_values_, timer_value_pointer), + ODK_TIMER_EXPIRED); + start_of_playback_ = + GetSystemTime(timer_limits_.earliest_playback_start_seconds + 10); + EXPECT_EQ(ODK_AttemptFirstPlayback(start_of_playback_, &timer_limits_, + &clock_values_, timer_value_pointer), + ODK_SET_TIMER); + CheckClockValues(start_of_playback_); +} + +/*****************************************************************************/ +// Note on Use Case tests. The test classes below correspond to the use cases +// in the doucment "License Duration and Renewal.". Each diagram in that +// document has a test class below to verify the use case is supported. +// +// In the document, we use realistic rental times in hours or days. In these +// tests, we will use round numbers so that it is easier to read. For example, +// instead of a seven day rental duration, we will use a 700 rental duration. +/*****************************************************************************/ + +/*****************************************************************************/ +// Streaming is the simplest use case. The user has three hours to watch the +// movie from the time of the rental. (See above for note on Use Case tests) +class ODKUseCase_Streaming : public ODKTimerTest { + public: + ODKUseCase_Streaming() { + // Rental duration = 3 hours hard. (use 300 for readability) + // Playback duration = 0 (unlimited) + timer_limits_.soft_enforce_rental_duration = false; + timer_limits_.rental_duration_seconds = 300; + timer_limits_.total_playback_duration_seconds = 0; + } +}; + +// Playback within rental duration. +TEST_F(ODKUseCase_Streaming, Case1) { + // Allow playback within the rental window. + LoadAndAllowPlayback(start_of_playback_, EndOfRentalWindow(), + EndOfRentalWindow()); +} + +// Playback exceeds rental duration. +TEST_F(ODKUseCase_Streaming, Case2) { + // Allow playback within the rental window, but not beyond. + LoadAndTerminatePlayback(start_of_playback_, EndOfRentalWindow()); +} + +// Playback with stops/restarts within rental duration, last one exceeds rental +// duration. +TEST_F(ODKUseCase_Streaming, Case3) { + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 50, + EndOfRentalWindow()); + LoadAndAllowPlayback(start_of_playback_ + 110, start_of_playback_ + 120, + EndOfRentalWindow()); + LoadAndTerminatePlayback(start_of_playback_ + 200, EndOfRentalWindow()); +} + +// Playback within rental duration, restart exceeds rental duration. +TEST_F(ODKUseCase_Streaming, Case4) { + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 50, + EndOfRentalWindow()); + ForbidPlayback(EndOfRentalWindow() + 10); +} + +// Initial playback exceeds rental duration. +TEST_F(ODKUseCase_Streaming, Case5) { + ForbidPlayback(EndOfRentalWindow() + 10); +} + +/*****************************************************************************/ +// Streaming Quick Start. The user must start watching within 30 seconds, and +// then has three hours to finish. (See above for note on Use Case tests) +class ODKUseCase_StreamingQuickStart : public ODKTimerTest { + public: + ODKUseCase_StreamingQuickStart() { + // Rental duration = 30 seconds, soft. + // Playback duration = 3 hours (use 300 for readability) + timer_limits_.soft_enforce_rental_duration = true; + timer_limits_.rental_duration_seconds = 30; + timer_limits_.total_playback_duration_seconds = 300; + timer_limits_.soft_enforce_playback_duration = false; + + // A valid start of playback time. + start_of_playback_ = + GetSystemTime(timer_limits_.rental_duration_seconds - 10); + } +}; + +// Playback starts within rental duration, continues within playback duration. +TEST_F(ODKUseCase_StreamingQuickStart, Case1) { + // As seen in the drawing, the playback window exceeds the rental window. + EXPECT_LE(EndOfRentalWindow(), EndOfPlaybackWindow()); + // Allow playback within the playback window. + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 100, + EndOfPlaybackWindow()); +} + +// Playback exceeds playback duration. +TEST_F(ODKUseCase_StreamingQuickStart, Case2) { + // Allow playback within the playback window, but not beyond. + LoadAndTerminatePlayback(start_of_playback_, EndOfPlaybackWindow()); +} + +// Playback with stops/restarts within playback duration, last one exceeds +// playback duration. +TEST_F(ODKUseCase_StreamingQuickStart, Case3) { + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 50, + EndOfPlaybackWindow()); + LoadAndAllowPlayback(start_of_playback_ + 110, start_of_playback_ + 120, + EndOfPlaybackWindow()); + LoadAndTerminatePlayback(start_of_playback_ + 200, EndOfPlaybackWindow()); +} + +// Initial playback exceeds rental duration. +TEST_F(ODKUseCase_StreamingQuickStart, Case4) { + ForbidPlayback(EndOfRentalWindow() + 10); +} + +/*****************************************************************************/ +// Seven Day / Two Day. The user must start watching within 7 days. Once +// started, the user has two days to finish the video. Playback is cutoff by the +// smaller of the two time limits. The first four cases start on day +// three. (See above for note on Use Case tests) +class ODKUseCase_SevenHardTwoHard_Start3 : public ODKTimerTest { + public: + ODKUseCase_SevenHardTwoHard_Start3() { + // Rental duration = 700, hard + // Playback duration = 200, hard + timer_limits_.rental_duration_seconds = 700; + timer_limits_.soft_enforce_rental_duration = false; + timer_limits_.total_playback_duration_seconds = 200; + timer_limits_.soft_enforce_playback_duration = false; + + start_of_playback_ = GetSystemTime(300); + } +}; + +// Playback within playback and rental duration. +TEST_F(ODKUseCase_SevenHardTwoHard_Start3, Case1) { + // As seen in the drawing, the playback window is within the rental window. + EXPECT_LT(EndOfPlaybackWindow(), EndOfRentalWindow()); + // Allow playback within the rental window. + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 100, + EndOfPlaybackWindow()); +} + +// Playback exceeds playback duration. +TEST_F(ODKUseCase_SevenHardTwoHard_Start3, Case2) { + // Allow playback within the playback window, but not beyond. + LoadAndTerminatePlayback(start_of_playback_, EndOfPlaybackWindow()); +} + +// Playback with stops/restarts within playback duration, last one exceeds +// playback duration. +TEST_F(ODKUseCase_SevenHardTwoHard_Start3, Case3) { + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 50, + EndOfPlaybackWindow()); + LoadAndAllowPlayback(start_of_playback_ + 75, start_of_playback_ + 100, + EndOfPlaybackWindow()); + LoadAndTerminatePlayback(start_of_playback_ + 125, EndOfPlaybackWindow()); +} + +// Restart exceeds playback duration. +TEST_F(ODKUseCase_SevenHardTwoHard_Start3, Case4) { + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 50, + EndOfPlaybackWindow()); + ForbidPlayback(EndOfPlaybackWindow() + 10); +} + +// The next four cases start on day six. +class ODKUseCase_SevenHardTwoHard_Start6 + : public ODKUseCase_SevenHardTwoHard_Start3 { + public: + ODKUseCase_SevenHardTwoHard_Start6() { + start_of_playback_ = GetSystemTime(600); + } +}; + +// Playback exceeds rental duration. +TEST_F(ODKUseCase_SevenHardTwoHard_Start6, Case5) { + // As seen in the drawing, the playback window is exceeds the rental window. + EXPECT_GT(EndOfPlaybackWindow(), EndOfRentalWindow()); + // Allow playback within the rental window. + LoadAndTerminatePlayback(start_of_playback_, EndOfRentalWindow()); +} + +// Playback with stops/restarts within playback duration, last one is terminated +// at the end of the rental duration. +TEST_F(ODKUseCase_SevenHardTwoHard_Start6, Case6) { + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 25, + EndOfRentalWindow()); + LoadAndAllowPlayback(start_of_playback_ + 50, start_of_playback_ + 75, + EndOfRentalWindow()); + // Allow playback that starts within rental window, but terminate at end of + // rental window. + LoadAndTerminatePlayback(start_of_playback_ + 90, EndOfRentalWindow()); +} + +// Playback within playback duration, restart exceeds rental duration. +TEST_F(ODKUseCase_SevenHardTwoHard_Start6, Case7) { + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 25, + EndOfRentalWindow()); + // Restart does not work after end of playback window. + ForbidPlayback(EndOfRentalWindow() + 10); +} + +// Playback exceeds rental and playback duration. +TEST_F(ODKUseCase_SevenHardTwoHard_Start6, Case8) { + LoadAndTerminatePlayback(start_of_playback_, EndOfRentalWindow()); +} + +// First playback cannot exceed rental duration. +TEST_F(ODKUseCase_SevenHardTwoHard_Start6, Case9) { + ForbidPlayback(EndOfRentalWindow() + 10); +} + +/*****************************************************************************/ +// Seven Day / Two Day. The user must start watching within 7 days. Once +// started, the user has two days to finish the video. Playback is cutoff by the +// rental duration time limits. The first four cases start on day three. (See +// above for note on Use Case tests) +class ODKUseCase_SevenHardTwoSoft_Start3 : public ODKTimerTest { + public: + ODKUseCase_SevenHardTwoSoft_Start3() { + // Rental duration = 700, hard + // Playback duration = 200, hard + timer_limits_.rental_duration_seconds = 700; + timer_limits_.soft_enforce_rental_duration = false; + timer_limits_.total_playback_duration_seconds = 200; + timer_limits_.soft_enforce_playback_duration = true; + + start_of_playback_ = GetSystemTime(300); + } +}; + +// Playback within playback and rental duration. +TEST_F(ODKUseCase_SevenHardTwoSoft_Start3, Case1) { + // As seen in the drawing, the playback window is within the rental window. + EXPECT_LT(EndOfPlaybackWindow(), EndOfRentalWindow()); + // Allow playback within the rental window. + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 100, + EndOfRentalWindow()); +} + +// Playback exceeds playback duration. +TEST_F(ODKUseCase_SevenHardTwoSoft_Start3, Case2) { + // Allow playback within the playback window, and a little after. + // Timer expires at end of rental window. + LoadAndAllowPlayback(start_of_playback_, EndOfPlaybackWindow() + 50, + EndOfRentalWindow()); +} + +// Playback with stops/restarts within playback duration, last one exceeds +// playback duration. +TEST_F(ODKUseCase_SevenHardTwoSoft_Start3, Case3) { + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 50, + EndOfRentalWindow()); + LoadAndAllowPlayback(start_of_playback_ + 75, start_of_playback_ + 100, + EndOfRentalWindow()); + LoadAndAllowPlayback(start_of_playback_ + 125, EndOfPlaybackWindow() + 50, + EndOfRentalWindow()); +} + +// Restart exceeds playback duration. +TEST_F(ODKUseCase_SevenHardTwoSoft_Start3, Case4) { + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 50, + EndOfRentalWindow()); + ForbidPlayback(EndOfPlaybackWindow() + 10); +} + +// The next four cases start on day six. +class ODKUseCase_SevenHardTwoSoft_Start6 + : public ODKUseCase_SevenHardTwoSoft_Start3 { + public: + ODKUseCase_SevenHardTwoSoft_Start6() { + start_of_playback_ = GetSystemTime(600); + } +}; + +// Playback exceeds rental duration. +TEST_F(ODKUseCase_SevenHardTwoSoft_Start6, Case5) { + // As seen in the drawing, the playback window is exceeds the rental window. + EXPECT_GT(EndOfPlaybackWindow(), EndOfRentalWindow()); + // Allow playback within the rental window. + LoadAndTerminatePlayback(start_of_playback_, EndOfRentalWindow()); +} + +// Playback with stops/restarts within playback duration, last one exceeds +// rental duration. +TEST_F(ODKUseCase_SevenHardTwoSoft_Start6, Case6) { + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 25, + EndOfRentalWindow()); + LoadAndAllowPlayback(start_of_playback_ + 50, start_of_playback_ + 75, + EndOfRentalWindow()); + LoadAndTerminatePlayback(start_of_playback_ + 90, EndOfRentalWindow()); +} + +// Playback within playback duration, restart exceeds rental duration. +TEST_F(ODKUseCase_SevenHardTwoSoft_Start6, Case7) { + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 25, + EndOfRentalWindow()); + // Restart does not work after end of playback window. + ForbidPlayback(EndOfRentalWindow() + 10); +} + +// Playback exceeds rental and playback duration. +TEST_F(ODKUseCase_SevenHardTwoSoft_Start6, Case8) { + LoadAndTerminatePlayback(start_of_playback_, EndOfRentalWindow()); +} + +// First playback cannot exceed rental duration. +TEST_F(ODKUseCase_SevenHardTwoSoft_Start6, Case9) { + ForbidPlayback(EndOfRentalWindow() + 10); +} + +/*****************************************************************************/ +// Seven Day / Two Day. The user must start watching within 7 days. Once +// started, the user has two days to finish the video. Playback is cutoff by the +// playback duration. The first four cases start on day three. (See above for +// note on Use Case tests) +class ODKUseCase_SevenSoftTwoHard_Start3 : public ODKTimerTest { + public: + ODKUseCase_SevenSoftTwoHard_Start3() { + // Rental duration = 700, hard + // Playback duration = 300, hard + timer_limits_.rental_duration_seconds = 700; + timer_limits_.soft_enforce_rental_duration = true; + timer_limits_.total_playback_duration_seconds = 200; + timer_limits_.soft_enforce_playback_duration = false; + + start_of_playback_ = GetSystemTime(300); + } +}; + +// Playback within playback and rental duration. +TEST_F(ODKUseCase_SevenSoftTwoHard_Start3, Case1) { + // As seen in the drawing, the playback window is within the rental window. + EXPECT_LT(EndOfPlaybackWindow(), EndOfRentalWindow()); + // Allow playback within the rental window. + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 100, + EndOfPlaybackWindow()); +} + +// Playback exceeds playback duration. +TEST_F(ODKUseCase_SevenSoftTwoHard_Start3, Case2) { + // Allow playback within the playback window, but not beyond. + LoadAndTerminatePlayback(start_of_playback_, EndOfPlaybackWindow()); +} + +// Playback with stops/restarts within playback duration, last one exceeds +// playback duration. +TEST_F(ODKUseCase_SevenSoftTwoHard_Start3, Case3) { + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 50, + EndOfPlaybackWindow()); + LoadAndAllowPlayback(start_of_playback_ + 75, start_of_playback_ + 100, + EndOfPlaybackWindow()); + LoadAndTerminatePlayback(start_of_playback_ + 125, EndOfPlaybackWindow()); +} + +// Restart exceeds playback duration. +TEST_F(ODKUseCase_SevenSoftTwoHard_Start3, Case4) { + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 50, + EndOfPlaybackWindow()); + ForbidPlayback(EndOfPlaybackWindow() + 10); +} + +// The next four cases start on day six. +class ODKUseCase_SevenSoftTwoHard_Start6 + : public ODKUseCase_SevenSoftTwoHard_Start3 { + public: + ODKUseCase_SevenSoftTwoHard_Start6() { + start_of_playback_ = GetSystemTime(600); + } +}; + +// Playback exceeds rental duration. +TEST_F(ODKUseCase_SevenSoftTwoHard_Start6, Case5) { + // As seen in the drawing, the playback window exceeds the rental window. + EXPECT_GT(EndOfPlaybackWindow(), EndOfRentalWindow()); + // Allow playback to continue beyond the rental window, but not beyond the + // playback window. + LoadAndTerminatePlayback(start_of_playback_, EndOfPlaybackWindow()); +} + +// Playback with stops/restarts within playback duration, last one exceeds +// rental duration. +TEST_F(ODKUseCase_SevenSoftTwoHard_Start6, Case6) { + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 25, + EndOfPlaybackWindow()); + LoadAndAllowPlayback(start_of_playback_ + 50, start_of_playback_ + 75, + EndOfPlaybackWindow()); + LoadAndTerminatePlayback(start_of_playback_ + 90, EndOfPlaybackWindow()); +} + +// Restart exceeds rental duration, playback exceeds playback duration. +TEST_F(ODKUseCase_SevenSoftTwoHard_Start6, Case7) { + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 25, + EndOfPlaybackWindow()); + LoadAndTerminatePlayback(EndOfRentalWindow() + 10, EndOfPlaybackWindow()); +} + +// Playback exceeds rental and playback duration. +TEST_F(ODKUseCase_SevenSoftTwoHard_Start6, Case8) { + LoadAndTerminatePlayback(start_of_playback_, EndOfPlaybackWindow()); +} + +// First playback cannot exceed rental duration. +TEST_F(ODKUseCase_SevenSoftTwoHard_Start6, Case9) { + ForbidPlayback(EndOfRentalWindow() + 10); +} + +/*****************************************************************************/ +// Seven Day / Two Day. The user must start watching within 7 days. Once +// started, the user has two days to finish the video. Playback is not cutoff, +// but restarts are not allowed after playback duration. The first four cases +// start on day three. (See above for note on Use Case tests) +class ODKUseCase_SevenSoftTwoSoft_Start3 : public ODKTimerTest { + public: + ODKUseCase_SevenSoftTwoSoft_Start3() { + // Rental duration = 700, hard + // Playback duration = 200, hard + timer_limits_.rental_duration_seconds = 700; + timer_limits_.soft_enforce_rental_duration = true; + timer_limits_.total_playback_duration_seconds = 200; + timer_limits_.soft_enforce_playback_duration = true; + + start_of_playback_ = GetSystemTime(300); + } +}; + +// Playback within playback and rental duration. +TEST_F(ODKUseCase_SevenSoftTwoSoft_Start3, Case1) { + // As seen in the drawing, the playback window is within the rental window. + EXPECT_LT(EndOfPlaybackWindow(), EndOfRentalWindow()); + // Allow playback within the rental window. + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 100, 0); +} + +// Playback exceeds playback duration. +TEST_F(ODKUseCase_SevenSoftTwoSoft_Start3, Case2) { + // Allow playback within the playback window, and beyond. No timer limit. + LoadAndAllowPlayback(start_of_playback_, EndOfPlaybackWindow() + 50, 0); +} + +// Playback with stops/restarts within playback duration, last one exceeds +// playback duration. +TEST_F(ODKUseCase_SevenSoftTwoSoft_Start3, Case3) { + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 50, 0); + LoadAndAllowPlayback(start_of_playback_ + 75, start_of_playback_ + 100, 0); + LoadAndAllowPlayback(start_of_playback_ + 125, EndOfPlaybackWindow() + 50, 0); +} + +// Restart exceeds playback duration. +TEST_F(ODKUseCase_SevenSoftTwoSoft_Start3, Case4) { + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 50, 0); + ForbidPlayback(EndOfPlaybackWindow() + 10); +} + +// The next four cases start on day six. +class ODKUseCase_SevenSoftTwoSoft_Start6 + : public ODKUseCase_SevenSoftTwoSoft_Start3 { + public: + ODKUseCase_SevenSoftTwoSoft_Start6() { + start_of_playback_ = GetSystemTime(600); + } +}; + +// Playback exceeds rental duration. +TEST_F(ODKUseCase_SevenSoftTwoSoft_Start6, Case5) { + // As seen in the drawing, the playback window exceeds the rental window. + EXPECT_GT(EndOfPlaybackWindow(), EndOfRentalWindow() + 25); + // Allow playback past the rental window, but within the playback window. + LoadAndAllowPlayback(start_of_playback_, EndOfRentalWindow() + 25, 0); +} + +// Playback with stops/restarts within playback duration, last one exceeds +// rental and playback duration. +TEST_F(ODKUseCase_SevenSoftTwoSoft_Start6, Case6) { + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 25, 0); + LoadAndAllowPlayback(start_of_playback_ + 50, start_of_playback_ + 75, 0); + LoadAndAllowPlayback(start_of_playback_ + 100, EndOfPlaybackWindow() + 50, 0); +} + +// Playback with stops/restarts within playback duration, last one exceeds +// playback duration. +TEST_F(ODKUseCase_SevenSoftTwoSoft_Start6, Case7) { + LoadAndAllowPlayback(start_of_playback_, start_of_playback_ + 25, 0); + // Allow playback to start after end of rental window, and continue after + // playback window. + LoadAndAllowPlayback(EndOfRentalWindow() + 10, EndOfPlaybackWindow() + 10, 0); + // But forbid restart after playback window. + ForbidPlayback(EndOfPlaybackWindow() + 20); +} + +// Playback exceeds rental and playback duration. +TEST_F(ODKUseCase_SevenSoftTwoSoft_Start6, Case8) { + LoadAndAllowPlayback(start_of_playback_, EndOfPlaybackWindow() + 100, 0); +} + +// First playback cannot exceed rental duration. +TEST_F(ODKUseCase_SevenSoftTwoSoft_Start6, Case9) { + ForbidPlayback(EndOfRentalWindow() + 10); +} + +class RenewalTest : public ODKTimerTest { + protected: + // Verify that a renewal can be processed and playback may continue from + // |start| to |stop|. If |cutoff| is not 0, then expect the timer to expire + // at that time. If |cutoff| is 0, expect the timer is not set. If you refer + // to the diagrams in "License Duration and Renewal", this tests a cyan bar + // with a green check mark. + void RenewAndContinue(uint64_t start, uint64_t stop, uint64_t cutoff, + uint64_t renewal_duration_seconds) { + uint64_t timer_value; + RenewAndContinue(start, stop, cutoff, renewal_duration_seconds, + &timer_value); + } + + // Verify that a renewal can be processed and playback may continue from + // |start| to |stop|. If |cutoff| is not 0, then expect the timer to expire + // at that time. If |cutoff| is 0, expect the timer is not set. If you refer + // to the diagrams in "License Duration and Renewal", this tests a cyan bar + // with a green check mark. + // This does the work of the function above, except it allows the caller to + // explicitly set the timer_value_pointer. The timer_value_pointer can be a + // nullptr. + void RenewAndContinue(uint64_t start, uint64_t stop, uint64_t cutoff, + uint64_t renewal_duration_seconds, + uint64_t* timer_value_pointer) { + ASSERT_LT(start, stop); + if (cutoff > 0) ASSERT_LE(stop, cutoff); + // We'll fake instantaneous renewal requests. Flight time not important. + clock_values_.time_of_renewal_request = start; + const OEMCryptoResult result = ODK_ComputeRenewalDuration( + &timer_limits_, &clock_values_, start, renewal_duration_seconds, + timer_value_pointer); + // After first playback, the license is active. + EXPECT_EQ(clock_values_.status, kActive); + EXPECT_EQ(clock_values_.time_when_timer_expires, cutoff); + if (cutoff > 0) { // If we expect the timer to be set. + EXPECT_EQ(result, ODK_SET_TIMER); + if (timer_value_pointer != nullptr) + EXPECT_EQ(*timer_value_pointer, cutoff - start); + } else { + EXPECT_EQ(result, ODK_DISABLE_TIMER); + } + EXPECT_EQ(ODK_UpdateLastPlaybackTime(start, &timer_limits_, &clock_values_), + OEMCrypto_SUCCESS); + CheckClockValues(start); + const uint64_t mid = (start + stop) / 2; + EXPECT_EQ(ODK_UpdateLastPlaybackTime(mid, &timer_limits_, &clock_values_), + OEMCrypto_SUCCESS); + CheckClockValues(mid); + EXPECT_EQ(ODK_UpdateLastPlaybackTime(stop, &timer_limits_, &clock_values_), + OEMCrypto_SUCCESS); + CheckClockValues(stop); + } + + // Verify that a renewal can be processed and attempt to play from |start| to + // after |cutoff|. Verify that we are allowed playback from |start| to + // |cutoff|, but playback not allowed after |cutoff|. If you refer to the + // diagrams in "License Duration and Renewal", this tests a cyan bar with a + // black X. + void RenewAndTerminate(uint64_t start, uint64_t cutoff, + uint64_t renewal_duration_seconds) { + RenewAndTerminate(start, cutoff, cutoff + 100, renewal_duration_seconds); + } + + // Verify that a renewal can be processed and attempt to play from |start| to + // |stop|. Verify that we are allowed playback from |start| to |cutoff|, but + // playback not allowed after |cutoff|. If you refer to the diagrams in + // "License Duration and Renewal", this tests a cyan bar with a black X. This + // assumes that |cutoff| is between |start| and |stop|. + void RenewAndTerminate(uint64_t start, uint64_t cutoff, uint64_t stop, + uint64_t renewal_duration_seconds) { + ASSERT_LT(start, cutoff); + ASSERT_LT(cutoff, stop); + RenewAndContinue(start, cutoff, cutoff, renewal_duration_seconds); + EXPECT_EQ( + ODK_UpdateLastPlaybackTime(cutoff + 1, &timer_limits_, &clock_values_), + ODK_TIMER_EXPIRED); + CheckClockValues(cutoff); + const uint64_t mid = (cutoff + stop) / 2; + EXPECT_EQ(ODK_UpdateLastPlaybackTime(mid, &timer_limits_, &clock_values_), + ODK_TIMER_EXPIRED); + CheckClockValues( + cutoff); // times do not change if playback was not allowed. + EXPECT_EQ(ODK_UpdateLastPlaybackTime(stop, &timer_limits_, &clock_values_), + ODK_TIMER_EXPIRED); + CheckClockValues(cutoff); + } + + // Verify that a renewal can be processed and playback may start from + // |start| to |stop|. If |cutoff| is not 0, then expect the timer to expire + // at that time. If |cutoff| is 0, expect the timer is not set. If you refer + // to the diagrams in "License Duration and Renewal", this tests a cyan bar + // with a green check mark. This is different from the previous functions, + // because the renewal is loaded before the first playback. + void RenewAndStart(uint64_t start, uint64_t stop, uint64_t cutoff, + uint64_t renewal_duration_seconds) { + ASSERT_LT(start, stop); + if (cutoff > 0) ASSERT_LE(stop, cutoff); + // We'll fake instantaneous renewal requests. Flight time not important. + clock_values_.time_of_renewal_request = start; + uint64_t timer_value; + const OEMCryptoResult result = + ODK_ComputeRenewalDuration(&timer_limits_, &clock_values_, start, + renewal_duration_seconds, &timer_value); + EXPECT_EQ(clock_values_.time_when_timer_expires, cutoff); + if (cutoff > 0) { // If we expect the timer to be set. + EXPECT_EQ(result, ODK_SET_TIMER); + EXPECT_EQ(timer_value, cutoff - start); + } else { + EXPECT_EQ(result, ODK_DISABLE_TIMER); + } + AllowPlayback(start, stop, cutoff); + } +}; + +// License with Renewal, limited by playback duration. (See above for note on +// Use Case tests) These tests are parameterized. If the parameter is 0, we +// limit the playback duration. If the parameter is 1, we limit the rental +// duration. The behavior is basically the same. +class ODKUseCase_LicenseWithRenewal + : public RenewalTest, + public ::testing::WithParamInterface { + public: + ODKUseCase_LicenseWithRenewal() { + // Either Playback or rental duration = 2 days hard + if (GetParam() == 0) { + timer_limits_.soft_enforce_rental_duration = false; + timer_limits_.rental_duration_seconds = 2000; + } else { + timer_limits_.soft_enforce_playback_duration = false; + timer_limits_.total_playback_duration_seconds = 2000; + } + timer_limits_.initial_renewal_duration_seconds = 50; + } + + void SetUp() override { + RenewalTest::SetUp(); + renewal_interval_ = + timer_limits_.initial_renewal_duration_seconds - kGracePeriod; + uint64_t next_renewal = start_of_playback_ + renewal_interval_; + // Allow playback within the initial renewal window. + LoadAndAllowPlayback(start_of_playback_, next_renewal, + next_renewal + kGracePeriod); + } + + uint64_t playback_end_restriction() { + if (GetParam() == 0) { + return EndOfRentalWindow(); + } else { + return EndOfPlaybackWindow(); + } + } + + protected: + // How long to wait before we load the next renewal. i.e. cutoff - + // kGracePeriod. This is because the renewal_duration includes the grace + // period. + uint64_t renewal_interval_; +}; + +// Playback within rental duration and renewal duration. +TEST_P(ODKUseCase_LicenseWithRenewal, Case1) { + uint64_t next_renewal = start_of_playback_ + renewal_interval_; + for (int i = 0; i < 4; i++) { + const uint64_t current_renewal = next_renewal; + next_renewal = current_renewal + renewal_interval_; + RenewAndContinue( + current_renewal, // start: when renewal is loaded. + next_renewal, // stop: expect play allowed. + next_renewal + kGracePeriod, // cutoff: when timer expires. + timer_limits_.initial_renewal_duration_seconds); + } +} + +// Playback within rental duration, last renewal_interval_ exceeds renewal +// duration. +TEST_P(ODKUseCase_LicenseWithRenewal, Case2) { + uint64_t next_renewal = start_of_playback_ + renewal_interval_; + for (int i = 0; i < 4; i++) { + const uint64_t current_renewal = next_renewal; + next_renewal = current_renewal + renewal_interval_; + RenewAndContinue( + current_renewal, // start: when renewal is loaded. + next_renewal, // stop: expect play allowed. + next_renewal + kGracePeriod, // cutoff: when timer expires. + timer_limits_.initial_renewal_duration_seconds); + } + // We attempt to continue playing beyond the renewal renewal_interval_. + const uint64_t current_renewal = next_renewal; + next_renewal = current_renewal + renewal_interval_; + RenewAndTerminate(current_renewal, // start: when renewal is loaded. + next_renewal + kGracePeriod, // cutoff: when timer expires. + timer_limits_.initial_renewal_duration_seconds); +} + +// Playback interrupted by late renewal. +TEST_P(ODKUseCase_LicenseWithRenewal, Case3) { + uint64_t next_renewal = start_of_playback_ + renewal_interval_; + for (int i = 0; i < 4; i++) { + const uint64_t current_renewal = next_renewal; + next_renewal = current_renewal + renewal_interval_; + RenewAndContinue( + current_renewal, // start: when renewal is loaded. + next_renewal, // stop: expect play allowed. + next_renewal + kGracePeriod, // cutoff: when timer expires. + timer_limits_.initial_renewal_duration_seconds); + } + // We attempt to continue playing beyond the renewal renewal_interval_. + const uint64_t current_renewal = next_renewal; + next_renewal = current_renewal + renewal_interval_; + RenewAndTerminate(current_renewal, // start: when renewal is loaded. + next_renewal + kGracePeriod, // stop: when timer expires. + timer_limits_.initial_renewal_duration_seconds); + + const uint64_t late_renewal = next_renewal + kGracePeriod + 10; + next_renewal = late_renewal + renewal_interval_; + RenewAndContinue(late_renewal, // start: when renewal is loaded. + next_renewal, // stop: expect play allowed. + next_renewal + kGracePeriod, // cutoff: when timer expires. + timer_limits_.initial_renewal_duration_seconds); +} + +// Playback & restart within playback duration and renewal duration. Note: this +// simulates reloading a persistent license, and then reloading the last +// renewal. +TEST_P(ODKUseCase_LicenseWithRenewal, Case4) { + uint64_t next_renewal = start_of_playback_ + renewal_interval_; + for (int i = 0; i < 2; i++) { + const uint64_t current_renewal = next_renewal; + next_renewal = current_renewal + renewal_interval_; + RenewAndContinue( + current_renewal, // start: when renewal is loaded. + next_renewal, // stop: expect play allowed. + next_renewal + kGracePeriod, // cutoff: when timer expires. + timer_limits_.initial_renewal_duration_seconds); + } + // Reload license after timer expired. + uint64_t reload_time = next_renewal + kGracePeriod + 100; + next_renewal = reload_time + renewal_interval_; + ReloadLicense(reload_time); + RenewAndStart(reload_time, next_renewal, next_renewal + kGracePeriod, + timer_limits_.initial_renewal_duration_seconds); + for (int i = 0; i < 2; i++) { + const uint64_t current_renewal = next_renewal; + next_renewal = current_renewal + renewal_interval_; + RenewAndContinue( + current_renewal, // start: when renewal is loaded. + next_renewal, // stop: expect play allowed. + next_renewal + kGracePeriod, // cutoff: when timer expires. + timer_limits_.initial_renewal_duration_seconds); + } +} + +// Playback within renewal duration, but exceeds playback duration. +TEST_P(ODKUseCase_LicenseWithRenewal, Case5) { + uint64_t next_renewal = start_of_playback_ + renewal_interval_; + do { + const uint64_t current_renewal = next_renewal; + next_renewal = current_renewal + renewal_interval_; + RenewAndContinue( + current_renewal, // start: when renewal is loaded. + next_renewal, // stop: expect play allowed. + next_renewal + kGracePeriod, // cutoff: when timer expires. + timer_limits_.initial_renewal_duration_seconds); + } while ((next_renewal + renewal_interval_ + kGracePeriod) < + playback_end_restriction()); + // Attempt playing beyond the playback window. + const uint64_t current_renewal = next_renewal; + next_renewal = current_renewal + renewal_interval_; + RenewAndTerminate(current_renewal, // start: when renewal is loaded. + playback_end_restriction(), // stop: when timer expires. + timer_limits_.initial_renewal_duration_seconds); +} + +// Renewal duration increases over time. +TEST_P(ODKUseCase_LicenseWithRenewal, Case6) { + uint64_t next_renewal = start_of_playback_ + renewal_interval_; + do { + const uint64_t current_renewal = next_renewal; + next_renewal = current_renewal + renewal_interval_; + RenewAndContinue( + current_renewal, // start: when renewal is loaded. + next_renewal, // stop: expect play allowed. + next_renewal + kGracePeriod, // cutoff: when timer expires. + renewal_interval_ + kGracePeriod); + // Renewal_Interval_ increases with each renewal. + renewal_interval_ += 100; + } while (next_renewal + renewal_interval_ + kGracePeriod < + playback_end_restriction()); + // Attempt playing beyond the playback window: + const uint64_t current_renewal = next_renewal; + next_renewal = current_renewal + renewal_interval_; + RenewAndTerminate(current_renewal, // start: when renewal is loaded. + playback_end_restriction(), // cutoff: when timer expires. + renewal_interval_ + kGracePeriod); +} + +// Increasing renewal duration, playback exceeds last renewal. +// This is a mix between case 2 and case 6. +TEST_P(ODKUseCase_LicenseWithRenewal, Case7) { + uint64_t next_renewal = start_of_playback_ + renewal_interval_; + for (int i = 0; i < 4; i++) { + const uint64_t current_renewal = next_renewal; + next_renewal = current_renewal + renewal_interval_; + RenewAndContinue( + current_renewal, // start: when renewal is loaded. + next_renewal, // stop: expect play allowed. + next_renewal + kGracePeriod, // cutoff: when timer expires. + renewal_interval_ + kGracePeriod); + // Renewal_Interval_ increases with each renewal. + renewal_interval_ += 100; + } + const uint64_t current_renewal = next_renewal; + next_renewal = current_renewal + renewal_interval_; + RenewAndTerminate(current_renewal, // start: when renewal is loaded. + next_renewal + kGracePeriod, // cutoff: when timer expires. + renewal_interval_ + kGracePeriod); +} + +// This is just like Case1, except we use a null pointer for the timer values in +// RenewAndContinue. It is not shown in the use case document. +TEST_P(ODKUseCase_LicenseWithRenewal, NullPointerTest) { + uint64_t next_renewal = start_of_playback_ + renewal_interval_; + const uint64_t start = next_renewal; + const uint64_t stop = start + renewal_interval_; + const uint64_t cutoff = stop + kGracePeriod; + const uint64_t renewal_duration_seconds = + timer_limits_.initial_renewal_duration_seconds; + uint64_t* timer_value_pointer = nullptr; + RenewAndContinue(start, stop, cutoff, renewal_duration_seconds, + timer_value_pointer); +} + +INSTANTIATE_TEST_CASE_P(RestrictRenewal, ODKUseCase_LicenseWithRenewal, + ::testing::Values(0, 1)); + +// Limited Duration License. (See above for notes on Use Case tests). The user +// has 15 minutes to begin watching the movie. If a renewal is not received, +// playback is terminated after 30 seconds. If a renewal is received, playback +// may continue for two hours from playback start. +class ODKUseCase_LimitedDurationLicense : public RenewalTest { + public: + ODKUseCase_LimitedDurationLicense() { + renewal_delay_ = 30u; + time_of_renewal_ = start_of_playback_ + renewal_delay_; + + timer_limits_.soft_enforce_rental_duration = true; + timer_limits_.rental_duration_seconds = 150; // 15 minutes. + timer_limits_.soft_enforce_playback_duration = false; + timer_limits_.total_playback_duration_seconds = 2000; // Two hours. + timer_limits_.initial_renewal_duration_seconds = + renewal_delay_ + kGracePeriod; + } + uint64_t renewal_delay_; + uint64_t time_of_renewal_; +}; + +// Playback started within rental window and continues. +TEST_F(ODKUseCase_LimitedDurationLicense, Case1) { + // Allow playback within the initial renewal window. + LoadAndAllowPlayback(start_of_playback_, time_of_renewal_, + time_of_renewal_ + kGracePeriod); + const uint64_t renewal_duration = 2000; // two hour renewal. + const uint64_t play_for_one_hour = GetSystemTime(1000); + RenewAndContinue(time_of_renewal_, // start: when renewal is loaded. + play_for_one_hour, // stop: expect play allowed. + EndOfPlaybackWindow(), // cutoff: when timer expires. + renewal_duration); +} + +// Playback started after rental duration. +TEST_F(ODKUseCase_LimitedDurationLicense, Case2) { + start_of_playback_ = EndOfRentalWindow() + 1; + ForbidPlayback(start_of_playback_); +} + +// Playback started within rental window but renewal not received. +TEST_F(ODKUseCase_LimitedDurationLicense, Case3) { + // Allow playback within the initial renewal window. + LoadAndTerminatePlayback(start_of_playback_, time_of_renewal_ + kGracePeriod); +} + +// Playback started within rental window, renewal is received, and playback +// continues. +TEST_F(ODKUseCase_LimitedDurationLicense, Case4) { + // Allow playback within the initial renewal window. + LoadAndAllowPlayback(start_of_playback_, time_of_renewal_, + time_of_renewal_ + kGracePeriod); + const uint64_t renewal_duration = 2000; // two hour renewal. + RenewAndTerminate(time_of_renewal_, // start: when renewal is loaded. + EndOfPlaybackWindow(), // stop: when timer expires. + renewal_duration); +} + +// Playback may be restarted. +TEST_F(ODKUseCase_LimitedDurationLicense, Case5) { + // Allow playback within the initial renewal window. + LoadAndAllowPlayback(start_of_playback_, time_of_renewal_, + time_of_renewal_ + kGracePeriod); + const uint64_t renewal_duration = 2000; // two hour renewal. + const uint64_t play_for_one_hour = GetSystemTime(1000); + RenewAndContinue(time_of_renewal_, // start: when renewal is loaded. + play_for_one_hour, // stop: expect play allowed. + EndOfPlaybackWindow(), // cutoff: when timer expires. + renewal_duration); + + const uint64_t reload_time = play_for_one_hour + 100; + ReloadLicense(reload_time); + // Simulate reloading the license, and then reloading the renewal, and then + // restarting playback. That is allowed, and playback shall be terminated at + // the end of the original playback window. + RenewAndStart(reload_time, EndOfPlaybackWindow(), EndOfPlaybackWindow(), + renewal_duration); + // But not one second more. + EXPECT_EQ(ODK_UpdateLastPlaybackTime(EndOfPlaybackWindow() + 1, + &timer_limits_, &clock_values_), + ODK_TIMER_EXPIRED); + CheckClockValues(EndOfPlaybackWindow()); +} + +// Verify that the backwards compatible function, ODK_InitializeV15Values, can +// set up the clock values and timer limits. +TEST_F(RenewalTest, V15Test) { + const uint32_t key_duration = 25; + ODK_NonceValues nonce_values; + memset(&nonce_values, 0, sizeof(nonce_values)); + const uint64_t license_loaded = GetSystemTime(10); + EXPECT_EQ( + ODK_InitializeV15Values(&timer_limits_, &clock_values_, &nonce_values, + key_duration, license_loaded), + OEMCrypto_SUCCESS); + const uint64_t later_on = GetSystemTime(200); + TerminatePlayback(license_loaded, license_loaded + key_duration, later_on); + const uint32_t new_key_duration = 100; + RenewAndTerminate(later_on, later_on + new_key_duration, new_key_duration); +} +} // namespace diff --git a/third_party/gyp/common.py b/third_party/gyp/common.py index b268d229..c80d985a 100644 --- a/third_party/gyp/common.py +++ b/third_party/gyp/common.py @@ -4,7 +4,7 @@ from __future__ import with_statement -import collections +import collections.abc import errno import filecmp import os.path @@ -494,7 +494,7 @@ def uniquer(seq, idfun=None): # Based on http://code.activestate.com/recipes/576694/. -class OrderedSet(collections.MutableSet): +class OrderedSet(collections.abc.MutableSet): def __init__(self, iterable=None): self.end = end = [] end += [None, end, end] # sentinel node for doubly linked list diff --git a/third_party/gyp/input.py b/third_party/gyp/input.py index 4c128916..9327a4b3 100644 --- a/third_party/gyp/input.py +++ b/third_party/gyp/input.py @@ -102,13 +102,11 @@ def IsPathSection(section): base_non_configuration_keys = [ # Sections that must exist inside targets and not configurations. 'actions', - 'all_dependent_settings', 'configurations', 'copies', 'default_configuration', 'dependencies', 'dependencies_original', - 'direct_dependent_settings', 'libraries', 'postbuilds', 'product_dir', @@ -1106,7 +1104,7 @@ def EvalSingleCondition( (str(e.args[0]), e.text, build_file, e.offset), e.filename, e.lineno, e.offset, e.text) raise syntax_error - except NameError as e: + except (NameError, TypeError) as e: gyp.common.ExceptionAppend(e, 'while evaluating condition \'%s\' in %s' % (cond_expr_expanded, build_file)) raise GypError(e) @@ -1183,7 +1181,7 @@ def LoadVariablesFromVariablesDict(variables, the_dict, the_dict_key): if variable_name in variables: # If the variable is already set, don't set it. continue - if the_dict_key is 'variables' and variable_name in the_dict: + if the_dict_key == 'variables' and variable_name in the_dict: # If the variable is set without a % in the_dict, and the_dict is a # variables dict (making |variables| a varaibles sub-dict of a # variables dict), use the_dict's definition. diff --git a/third_party/gyp/xcode_emulation.py b/third_party/gyp/xcode_emulation.py index ca76187b..0bdf88db 100644 --- a/third_party/gyp/xcode_emulation.py +++ b/third_party/gyp/xcode_emulation.py @@ -726,8 +726,6 @@ class XcodeSettings(object): def _AddObjectiveCARCFlags(self, flags): if self._Test('CLANG_ENABLE_OBJC_ARC', 'YES', default='NO'): flags.append('-fobjc-arc') - if self._Test('CLANG_ENABLE_OBJC_WEAK', 'YES', default='NO'): - flags.append('-fobjc-weak') def _AddObjectiveCMissingPropertySynthesisFlags(self, flags): if self._Test('CLANG_WARN_OBJC_MISSING_PROPERTY_SYNTHESIS', diff --git a/third_party/jsmn/.travis.yml b/third_party/jsmn/.travis.yml new file mode 100644 index 00000000..1c8ebd32 --- /dev/null +++ b/third_party/jsmn/.travis.yml @@ -0,0 +1,4 @@ +language: c +sudo: false +script: + - make test