From 61f02edda43cbb36efe7ba705b8690fabb87444b Mon Sep 17 00:00:00 2001 From: Fred Gylys-Colwell Date: Thu, 10 May 2018 15:28:20 -0700 Subject: [PATCH] Refactor This renames the "mock" code to "reference" because that's really what it is. Also, some code has been moved from the CDM repo to a common utility directory so that it can be included here, and the oemcrypto unit tests can now be built without having access to a current CDM repo. There are no functionality changes in this CL. --- ...idevine_DRM_Device_Provisioning_Models.pdf | Bin 0 -> 470688 bytes ...oemcrypto_engine_device_properties_mod.cpp | 597 ------------------ mock/src/wv_keybox.h | 28 - mock/test/oemcrypto_logging_test.cpp | 121 ---- .../include}/OEMCryptoCENC.h | 0 {include => oemcrypto/include}/level3.h | 51 +- .../include}/level3_file_system.h | 0 oemcrypto/include/oemcrypto_types.h | 67 ++ {include => oemcrypto/include}/pst_report.h | 12 +- {mock => oemcrypto/ref}/README.md | 2 +- oemcrypto/ref/oec_ref.gypi | 41 ++ {mock => oemcrypto/ref}/src/keys.cpp | 0 {mock => oemcrypto/ref}/src/keys.h | 0 {mock => oemcrypto/ref}/src/oem_cert.cpp | 4 +- {mock => oemcrypto/ref}/src/oem_cert.h | 4 +- .../ref/src/oemcrypto_auth_ref.cpp | 11 +- .../ref/src/oemcrypto_auth_ref.h | 20 +- .../oemcrypto_engine_device_properties.cpp | 10 +- .../oemcrypto_engine_device_properties_L1.cpp | 12 +- ...emcrypto_engine_device_properties_cert.cpp | 12 +- ...crypto_engine_device_properties_prov30.cpp | 12 +- .../ref/src/oemcrypto_engine_ref.cpp | 14 +- .../ref/src/oemcrypto_engine_ref.h | 32 +- .../ref/src/oemcrypto_key_ref.cpp | 61 +- .../ref/src/oemcrypto_key_ref.h | 39 +- .../ref/src/oemcrypto_keybox_ref.cpp | 18 +- .../ref/src/oemcrypto_keybox_ref.h | 14 +- .../ref}/src/oemcrypto_keybox_testkey.cpp | 10 +- .../ref}/src/oemcrypto_logging.cpp | 6 +- .../ref/src}/oemcrypto_logging.h | 4 +- .../ref}/src/oemcrypto_nonce_table.cpp | 6 +- .../ref}/src/oemcrypto_nonce_table.h | 12 +- .../ref/src/oemcrypto_old_usage_table_ref.cpp | 57 +- .../ref/src/oemcrypto_old_usage_table_ref.h | 28 +- .../ref/src/oemcrypto_ref.cpp | 182 +++--- .../ref}/src/oemcrypto_rsa_key_shared.cpp | 6 +- .../ref}/src/oemcrypto_rsa_key_shared.h | 6 +- oemcrypto/ref/src/oemcrypto_scoped_ptr.h | 44 ++ .../ref}/src/oemcrypto_session.cpp | 155 +++-- .../ref}/src/oemcrypto_session.h | 22 +- .../ref}/src/oemcrypto_session_key_table.cpp | 6 +- .../ref}/src/oemcrypto_session_key_table.h | 17 +- .../ref/src/oemcrypto_usage_table_ref.cpp | 121 ++-- .../ref/src/oemcrypto_usage_table_ref.h | 20 +- {mock => oemcrypto/ref}/src/wvcrc.cpp | 0 {mock => oemcrypto/ref}/src/wvcrc32.h | 0 .../test}/oec_device_features.cpp | 7 + .../test}/oec_device_features.h | 2 +- {test => oemcrypto/test}/oec_session_util.cpp | 110 ++-- {test => oemcrypto/test}/oec_session_util.h | 42 +- {test => oemcrypto/test}/oec_test_data.h | 11 +- .../test}/oemcrypto_session_tests_helper.cpp | 6 +- .../test}/oemcrypto_session_tests_helper.h | 4 +- {test => oemcrypto/test}/oemcrypto_test.cpp | 333 +++++++--- .../test}/oemcrypto_test_android.cpp | 6 +- .../test}/oemcrypto_test_main.cpp | 4 + oemcrypto/test/oemcrypto_unittests.gyp | 40 ++ oemcrypto/test/oemcrypto_unittests.gypi | 25 + util/include/clock.h | 24 + util/include/disallow_copy_and_assign.h | 15 + util/include/file_store.h | 80 +++ util/include/lock.h | 51 ++ util/include/log.h | 46 ++ util/include/string_conversions.h | 30 + util/src/string_conversions.cpp | 293 +++++++++ 65 files changed, 1586 insertions(+), 1427 deletions(-) create mode 100644 docs/Widevine_DRM_Device_Provisioning_Models.pdf delete mode 100644 mock/src/oemcrypto_engine_device_properties_mod.cpp delete mode 100644 mock/src/wv_keybox.h delete mode 100644 mock/test/oemcrypto_logging_test.cpp rename {include => oemcrypto/include}/OEMCryptoCENC.h (100%) rename {include => oemcrypto/include}/level3.h (92%) rename {include => oemcrypto/include}/level3_file_system.h (100%) create mode 100644 oemcrypto/include/oemcrypto_types.h rename {include => oemcrypto/include}/pst_report.h (95%) rename {mock => oemcrypto/ref}/README.md (88%) create mode 100644 oemcrypto/ref/oec_ref.gypi rename {mock => oemcrypto/ref}/src/keys.cpp (100%) rename {mock => oemcrypto/ref}/src/keys.h (100%) rename {mock => oemcrypto/ref}/src/oem_cert.cpp (99%) rename {mock => oemcrypto/ref}/src/oem_cert.h (89%) rename mock/src/oemcrypto_auth_mock.cpp => oemcrypto/ref/src/oemcrypto_auth_ref.cpp (97%) rename mock/src/oemcrypto_auth_mock.h => oemcrypto/ref/src/oemcrypto_auth_ref.h (83%) rename {mock => oemcrypto/ref}/src/oemcrypto_engine_device_properties.cpp (60%) rename {mock => oemcrypto/ref}/src/oemcrypto_engine_device_properties_L1.cpp (78%) rename {mock => oemcrypto/ref}/src/oemcrypto_engine_device_properties_cert.cpp (77%) rename {mock => oemcrypto/ref}/src/oemcrypto_engine_device_properties_prov30.cpp (90%) rename mock/src/oemcrypto_engine_mock.cpp => oemcrypto/ref/src/oemcrypto_engine_ref.cpp (92%) rename mock/src/oemcrypto_engine_mock.h => oemcrypto/ref/src/oemcrypto_engine_ref.h (88%) rename mock/src/oemcrypto_key_mock.cpp => oemcrypto/ref/src/oemcrypto_key_ref.cpp (64%) rename mock/src/oemcrypto_key_mock.h => oemcrypto/ref/src/oemcrypto_key_ref.h (62%) rename mock/src/oemcrypto_keybox_mock.cpp => oemcrypto/ref/src/oemcrypto_keybox_ref.cpp (90%) rename mock/src/oemcrypto_keybox_mock.h => oemcrypto/ref/src/oemcrypto_keybox_ref.h (82%) rename {mock => oemcrypto/ref}/src/oemcrypto_keybox_testkey.cpp (91%) rename {mock => oemcrypto/ref}/src/oemcrypto_logging.cpp (96%) rename {include => oemcrypto/ref/src}/oemcrypto_logging.h (97%) rename {mock => oemcrypto/ref}/src/oemcrypto_nonce_table.cpp (94%) rename {mock => oemcrypto/ref}/src/oemcrypto_nonce_table.h (76%) rename mock/src/oemcrypto_old_usage_table_mock.cpp => oemcrypto/ref/src/oemcrypto_old_usage_table_ref.cpp (82%) rename mock/src/oemcrypto_old_usage_table_mock.h => oemcrypto/ref/src/oemcrypto_old_usage_table_ref.h (79%) rename mock/src/oemcrypto_mock.cpp => oemcrypto/ref/src/oemcrypto_ref.cpp (94%) rename {mock => oemcrypto/ref}/src/oemcrypto_rsa_key_shared.cpp (96%) rename {mock => oemcrypto/ref}/src/oemcrypto_rsa_key_shared.h (92%) create mode 100644 oemcrypto/ref/src/oemcrypto_scoped_ptr.h rename {mock => oemcrypto/ref}/src/oemcrypto_session.cpp (93%) rename {mock => oemcrypto/ref}/src/oemcrypto_session.h (96%) rename {mock => oemcrypto/ref}/src/oemcrypto_session_key_table.cpp (97%) rename {mock => oemcrypto/ref}/src/oemcrypto_session_key_table.h (84%) rename mock/src/oemcrypto_usage_table_mock.cpp => oemcrypto/ref/src/oemcrypto_usage_table_ref.cpp (89%) rename mock/src/oemcrypto_usage_table_mock.h => oemcrypto/ref/src/oemcrypto_usage_table_ref.h (93%) rename {mock => oemcrypto/ref}/src/wvcrc.cpp (100%) rename {mock => oemcrypto/ref}/src/wvcrc32.h (100%) rename {test => oemcrypto/test}/oec_device_features.cpp (97%) rename {test => oemcrypto/test}/oec_device_features.h (98%) rename {test => oemcrypto/test}/oec_session_util.cpp (94%) rename {test => oemcrypto/test}/oec_session_util.h (94%) rename {test => oemcrypto/test}/oec_test_data.h (99%) rename {test => oemcrypto/test}/oemcrypto_session_tests_helper.cpp (96%) rename {test => oemcrypto/test}/oemcrypto_session_tests_helper.h (90%) rename {test => oemcrypto/test}/oemcrypto_test.cpp (95%) rename {test => oemcrypto/test}/oemcrypto_test_android.cpp (96%) rename {test => oemcrypto/test}/oemcrypto_test_main.cpp (96%) create mode 100644 oemcrypto/test/oemcrypto_unittests.gyp create mode 100644 oemcrypto/test/oemcrypto_unittests.gypi create mode 100644 util/include/clock.h create mode 100644 util/include/disallow_copy_and_assign.h create mode 100644 util/include/file_store.h create mode 100644 util/include/lock.h create mode 100644 util/include/log.h create mode 100644 util/include/string_conversions.h create mode 100644 util/src/string_conversions.cpp diff --git a/docs/Widevine_DRM_Device_Provisioning_Models.pdf b/docs/Widevine_DRM_Device_Provisioning_Models.pdf new file mode 100644 index 0000000000000000000000000000000000000000..05b57d0e287db74cbe9bb6ed69ebd39695886dfb GIT binary patch literal 470688 zcmc$_2Ut@}*DxATP*FT01O!BpDxpbl0xG?iB=jO3LWzXl#ex(Qqy(f(CkaJ5p(@gm zPUuB?Z_=cC<2mms-+%9W|K~pU``>T!TO&t9`;)tNPGvun#M@(S>YP_Q=~W}H(9 z3o<`ohFiiY9zJB|S9fr+u|PQZ+E_CS5L?W`Vh=>c#hLk)nT?snMI@L71qGQ+nfbMt zg+-b96_~{y2#AU?^J_8-2r=_Re)aybak2gdlKDSaD1?RnF%gK*GaF`p16>wpi!k$R zBW$c4tlZ%UW&uIsyqNj*iG&bf79#$MWKeOjw(%z3Ad*l>?2j9^aApxvA|ATT{JLGkY8J64v&g?X z>e{%$JrGtza{f{_1#fpHuscy3e{U&0U?y6bU+VKq*%XOm{C-=J2=5nAqE;yiFpK_D z^j}p$X3;-%?N?`Q1l$U2Lqy1!SeI8M+9MlpccP9u6FK+fUst(*T~&T5tAUm!%*N`E z0Sq1xb@I<~e?j|$!@s!xPxk)m@+W(rIJmoM+aToN&d=a3zvf3YlSIn_M}VJMSp9BQ zJRPiTbd`u>|9%^SuyAp+g(IAaF#fVb@^X+rt&p;fgPpxQvmjC8_`x2Q?!Ozb-?9G_ zn?Die*LScc+B1O%Vnj&)k|aR^5h2lk$kNY|pWgsCR25Ye0VE^<015F2_&E-c1CU=N zBPY8^PEJOC=@R*6iW?LZSFTXdT>tIb4LX`zx9DhSX&IQ#;N${v z(ck5LzUD}MWF)^&i}V6Xt6OkXY)LImL{!FHHk8 zV9S?{+rn1zM97RpSpRigz(q3B3*;o1h!2ISh!07K16{d52DtD$V!v8cWcLJa3O?2$ zr)IHm4Nfoaqj@p|WEG0~th>GQa}03p0`V=X3seAEKsod8FI{TI-)eRvP!*^X^xqv@ z?$CsH26ph5B1HU>gIqVPd`9QHzj}DAI@~G9F}p6~Us?2Bpa+*1RGJFitkb-q9xm_h zIAycn?N%3q_QU#LK>DhuURo(~LyWq`@Yyh4KPBwkO=VwsczYd(u`5o69IaY!RK{oa zOExPBcsYO1b#Hvxo~5N42|2f+59H2+Uuuid%t zsROP|fd&>W+EE74@Xv9Le+_TYDW&thW1LBDyS*R`7PaeQyc?at(Qg+||4LL{Fs(P+ z%t!F}#&nz~j$+@2@uKk@~Z-u|;2F^Eku@1ayUfc2By#bK8M!?&rj8fA z47hgZ`G1-we~h;_G&Ins&8E;QxIHZmx@Of7#Eq40*GXxC=9(q%U$wb$fHoK4A zI^V}1DM|bUOowYya+sX8Ei8Q-$HMOAM7m_?DRz7DDI&v*nWR=(RTZmE+mK%b<>~Ba zklY0eSZod{7T$Z839@o3<}QWGx3?cMI7EFoee+uNG}+uZa{O&+{kc$WP+`QiYD!rv z`>dd%H`{?#IfGmTXB%Hc5*UTLepm@1wHg?@1K3*)K1rQ%mL+QENGh;KUo0fT) zFks#|9h^mx8U zWH?G~=Kcv-RR0N(2+SnaXr2tgdDuOuTmVTSPr9Cenz8-~*ehB-TlDUWuj9e>0vJaB z^YTK0ca1`>))A5AKopTj#5ym+@3D6``wI$)aVO?Qd}Fa=DeoBOP)$P9y_*Z*>-5ff z=sKCQ7-;N#XtM3AXFHTyT>6c?{S~jaUcG8~tWpUli%3Kht~-}Cqi@W!LAI}`kK~i-jO>Jy?z1n19;ZVU-zdH`#4B0l7 zc_Ee$44L3>_GZmbWvYwBE`sPaC=Ee4 zK)V&xNdccsbzazU{m~_aT|AxNx%VB#+sL0js42eLBmN`kdgtS$eS?gh;pWL(z^>mIotL}0^@T@Q~-1hKGWq~moaLEK!1pg~o9u62?l-bWMH=d4g- znZl>CWahek&bf)5V=!#C?_%OCYEEq0?9QRx6_RE63HTf$gYQNxEy~Q*Cqccrx-tfp!IntZQj4jnR)~lw@-y7GwCVaRbVToHE13|E#Dgmo&;5;4 zW=%Wys04NjL<-8b?%q0eA<(ZpOlZHgJXPRpJwGo)&%lT-*=zd7ZZ#eM(X4sp+uRAt zqvBDm>fR=oN2Ii%e!1Zky>o*iy$(>&bUDk<$B0|TivHX)cGs%&=iF0DG%2;V8h>B{V*%i593PY%-a3oUF~ejmG{NTZSHW} z`O@aCG~ogi2QGDCBGhiV03tNdEJdqdqL>*Y=5~0aeL(lIYWO=vWDn9uzcIi}1XylK zSgLuQsIJ+s^C)((xG^HN18(NAAn{39OZ4e~UfKX8J32rhP)K23<~b|l0>${I?x%!x zyRzmb*iH~XNw3&fE01wJnx)YgqbZjb*WszbVIJ+s;s6Hv0|%D%a70 z0>v_N@0E-dmz&~~nc#a>-`73kIdk8{H<~+Cbs?0jbnc3uvds-{$P9BDWpIKARj!`J zy66>o(9B&gaBg$}iT0VZqPsPD(7q(Q$>rfwmaOr0Q*4 zF8>cm3URmDTQ_m9!q^s*Le&-)V^DwA+4PFZsL(@hYAXM2JJ?U(k{!E|J$SXL-GraSSrTbp$#ox3$eWyD5k$wUepIrIc9Wr-e3+S{*K<>p!n z-XGw|xE<+e*6cWjg5{`&CuF3kc_>}I^JTac-v7qdFf&XjYIzC;E^3XAYo$eLmn3S~ zl??O!keoIyJ9b*(F#oDPg6p4Nh{~M$covWj+^5R?@DqSzSe*V%>{W~%-ZhJNyJ}gD zb_`d~rqh*vASXm8#aMD0#PlU46I2+K%Km(9hq$y#;=b zh#hVWEJ+K{UxkZR8hSk<`||03LaK&#nx_ZXbiYuS78;7+v=Lz?@qsGo|Es~ExUTCGFl*YCrqX>LAP+T( z0_rDRpP;$fUU&A=*SqWejyc;_(g(x@1+uFW%v)y9@$|@B+-JJg&8W%3bIc zJxyeYVmtLjI|IJF%LGk>-bODGB3uUX><~jyh^CpHcVKOIW{4~QV2~rH-_~i4W#`y} zwBaWb#MFOYa)yc*I`f=5ueo%<^5-<&;q^qZQCJLOoS>~f;WolIYyHSM1S9=@e!L}V zag|mo>XC9sX$Qwm;x48=-*Aw#R}Eu~-Iq>WYMb^=3wqW2Y`@OM%h%T_{-wUNa&4E! z+G#CY%b;Qgs}2=4f`z(@BdOe>2Yy|9G&fgfVC4%~vwb|~$3PeudHt!oXTF(~C`u(t zh`Lrlv!XrC@&N0;DZx^a0Y|UaQ3`TWIzwoLW1!HE5zGv%Zp({WM?#s1q zg_fY(1%FAn%dZmj^0lA9cuHOG%K$AIlOf$w)%Ut-(%~yGpae_sPk?dMjYh&s&eyNU zag*ktpMW#bTWL=)q%TapU2d(_mTP8wPXM`3?00eHJ8RlR=gOut9=>1M8}K#xan%E# zJZ^s&p!tM{e5ChVZdJZGctajeA5; z1wnb$@Tr2IAjBXF{I(CZP?t3I6F?HeN1s(NOK3KDfB2YMp!;UNkyX=M$XLiY$0p~K zEqt5T(*fwDEWgu-z%B10_z+g%QIh0C>J!7`@uQq@XECwxoEFRglV;G9$}J%pUz?8| zd1&GI%Ruj8iz1kJN?Nb}wqxaQpJf>RM-}~A!@IRtxGA7mR+oaX&URtAtr<|gKE}4v zWZ6Y0KW?=Hmcz-I9#tg2IS(F44JpZak&UJScWOz|iMCUt3$-Yywi;KYJB5(yKN{yq zL4BUlrrxRC3P(ohZuNAGdSVR!B3^=NVs3M%BU{f&^ovVZKgPQj4gd_c0SJ2u;q#xx zMQd&dj-ABZKcH2n2Px(?BScISGj?nvnw!XbDLxN7%IzrTb|x)fuQ9qCE+S(x{phL; zMY~!7xPDaFY<`n6bW=MELPjh@q7b$i9?_I{Y5A9) zl3pF~OrcYH-!f`b*$39=_+neNf!$DSl@N3kgvfh#fVO&&A2gq@jpMjBMUP=)T*e~2 z>Kcjkj7BzuWk3KYVZvTnUXcd@G=4!anU3PUX( zuzCE2H;LV61IZ2h!25$oZULmGz1`7FS)C#t{Zhge9Y#L=DX3`onAe^i5~J3Gojl`n z%cM^LZ-qy*tAveL#eTDoTUd>!jB8q!&w%*^g@EGeo)xmsUJO&tU z%U9D4h{(ijdNGLel#IuP(|#=sc%o97RMN=?vsQZq5JvJ_EtkPx)BB}P9UoL@$4*>j zR~{}=;`71sF9z4V`1lvF3xz{(W|3O)V!fn2|L%6lzW(`IdHRn`@Iu!fp!C~+ z^X=e@f^iXlW z9UQ2V$PJ}?h#z=2`RR8u$R%0~l-DTT3co5imR${%yqIcsJ)KqA4XRk~2b{`F`0fH( zBDErW`WHbinHK!k%#g+h|3H>Tj?B2`d&X*!0C%v99#)U3zO1WKr4VmJEyih?RBBR_ zm-8J!WtLd>nLGkp@Sw*oZjP`XwVa=)Tp>^<}yvhobg6^E1(5T{;HQ?t|Obv zmy|>&EPP#kGeS7Rwx92=P2&KI5|n`j+9%ys0&Ym~8LRp3b#o5{Vs?4{I}rf4YQbL4 zFRz*L^S`!pu13Mi!SnO zpMcnji@Jy0Q%e$VZfK}}idKjk)%c`yE#%RBdy=thk(7SKk@q!+-SyaVUXe-zJ#}X( zHMhQaG6JDSHCdK?GP19yVWxxp%|i{P>51ef~QsyEo@iGHNY@CW$G{5a>~! z+Je)7hCXD4v^*4_{m`{3tr}&X-Jv_*b3qdl`B9>^x3} zOQR-e1A=_J6gDsQ=J{c`p0mrlmsCPha)#l*qR8rQQ?(i}TdXbDgH-1Hc8B%KOCsLM zA0?<;Fi{R0abw)3LJk{)9|xXHamWwCynTkVHAi(^xMeFaIyt*&+w49RPa69^{|orT zn3gofp`gbxFXgJ@AnOa2a>s5GfjJn9$Vh}h_!6ITSYo1c)2?57{K|5XM>SJ*G3Iuq zBrU!@ah-MY@ZOMZ2n=19vUt%;@DVo6P*e-l#htnd74P_(Y^>u5r`~&$niFcbEugbK zXr@^o^*-_mFlwNfwRQl9*XacXtg4BQcpJTf9`H;xxF(6M>>nqf2FF*f;aOiZ$_JX`(5LH>DjJg|2dFn@&Qxx9l z04q_b(5?dxQ!@=NQVV@hP(OQG<-j_MrrsT^;X4M)UIDkC=pSdtQ|N&u+zdbjaC)I* z;2v0sI?I^GxV=2i=0q6kSls9z`gH7L+}&Dk)bJ#w_fmXSTo3ro z4rND=NdlyIP$pH=Mh_1bUN$Ke$POOnq&P-L+HdXctPe~vcPPl8*YhOSeH|%2gwhm! zx_XA=1MT-^I9h6OOgfiJ`JWsfTu!<=V_6y`$@NI>5~dKe&wod6<~U3+xAt-QP0;4d ztOCMI$g-j7x#_?ny=~SD4HFs8)hl`s)@)T zarcmJS@Zo&xMf=n@o-M@{4i$LKG%8a=GBi=Tx};OL|#S2U3DxSEp+0Hq;5; z5PXtWgVvE^)AUSV-gwvt8EBS%h>WH;inJQTXC`72LHvRrZW9eI)p@F`egP$|*(R0p z+x$entnBIN?Gn%XnEpY1sl{Lw_sQ@&?-j`-cjW4^CL?CWYx7&?I&o3dZn}%40mx+7 z;yLM8$lpAu%%5a5Sl_a3hCE{{=j!|-Tk7i#L~OFq#Ov2`uT`oZ7^zsz++Qbk3V zpSjNGMf4Vqz`La>0Z>z)pMYZ7%Aj0c9jM3BdDHpic`^kSK-#e?w~4!Xo_#mf`1=Rg zU-j*az(OsUcp&)A*LNw(+$O1m&rWlHOJJt?m;0F9=8N44x#GuYRjW0K{0TVqxZ3y$ z)Ag~wwR$2xs~B3xceudd~KaBeUcu8k<3_3$fa5^ zd@6h?7hB8CEB%J9i`O)`<863$M`3hCl%(lhB?g2Wi3drm#zQD%2Le`Ye~J!cLkP4j z)?pKV1^hs_pIr?bV}brZSy&)6WB zaakYC2^~oQg?S+d#r|D-uq90VduFYet$&Og>{e*RNmsis^mcZyaDedB#km3|Q>S$+ zQ{!R+4Xpma6Yg@Zeps%b&~YjG>6tVNxoM5mtHb6k;sqgQHnPl`4B2y9#=Z(_3XmGn zlR4cq-%Y2L#HMOs z80YOUt2ii7Q^5hZVzFsUQpToGgp-dDMgIcMqbR4`7_Jh;E=R&y05HBgCyuZD zy0lX0^*bLI-L0rnsvSJ)L;I81i`+gKrt?aKOFk)zd#Tgo?CRx{vztXa1^^URZ}nr8s1#@Ip=?CPXmjg0vTG_F7A*2Om=tQ9GWza)u3VCgps>usMh|$q z0k`|R9>Rv@_{^HA5D+tK=z_^haCTl{W7VY#mM5ZuwS%+VNC;Jr1GdO0bam_yB!RiP zrO7tkp1O|Ko+x|cbqZVwcPxk|_Yl2Tkzei}iWeYIb%Zs}C#x194xuKsu%}$l0?9tR z8z@nY?&REhacCPj>C~=`rkc2wm$&i0uNxu74pD%)^vDPkDSsg5V8@_0r>^7}opwzS zd7o#n{C+{Sr}IX2dV71SA*Uq2BJAcSa|w9L!CRu{N>aUqj#%YU?qk|1UJ<=S6h+~~ zsDOw8Ka&&+^(C`vRBClfFSKdY(u?K0d#)flag$L)zuZjk`k?_&_vrCKen0A3-{swR9b<3mW3a(8l@PI4pkEx!;SFaWH z$(*HZv(P0io9wVN|0WjCjd)OvjnY*mp-e9jLaI7BJ1!!^{Q6*LcY}d*YocQZSO+4o zpaiv2o4_xo=(Fnh^cCvm_P&1eagIXu>^%;Voo70VJ-EKf&-p4}?8*?fKF7mk$k62U z1dH`brWTb}a^#Shk`V0iE>r9#H788P!>af7Fh}BZVRU=wj(Qjs$-~t{P2?9Z(A&y( z{mG+E+1U-$YNUJKE><-nYCU99<7t2T(MIx6A+)Rj; ze?NzU$*?X6DlWa9qNqM>GS=|~+bd$l6~Zra%a3ZDpGFmk!!4(0Ed;-*g?5HPVw%~9T{Y#ZXmxWGzy2r`QGjuqQd-E^SEc(5Oo4tb;UC*XM|KXgmPcu_0v72TMTtnjhWfkiB9L#=@} z8A-p)3)heyV<}zgX@d;0_zsPtFC{4_9&{I`i{-|*5;lci-2oqfw#Lmg^C2g_B zw=%)YZ@y#Vj{ZOw@57y*i;*b%iAbvvJaL&%fSyUmXR0TVn1 zc&yNt@Wik=C7g>i)Yh1`rc=fr8v4_%eNhA!=7ilvlm}_%w2R>xA{vDnzaAoRM%v6| zv4foq9+c-ZuN>JsQolt&l~JbcQq-j|cYIjdxnOw$kAyew%i&tU)WlhMHP`4v$2KgX zhkeQ|l{^AFS8acl8#N#_I0lGxpMB0YHTMa43~tNmb`i zV8q&SszwB|=a@{?#GxXhV(WrvRNCMif}G;~ zkoLkPHVXN+gs0qJoAZ)qrjE^S?rJP4la&ETOg+X9FIXOFo#w_4;*I`VNx=YHBZd11 zjCH*IJy3S`0HJ>693(=oXo?uTtw95IG@p~6*t4paG00c8!mFx5>N;12;?ly(FDE0E z_Ho_=K@4#AxlUu70Mo)5EmN1g=){tg6*jQ^M!Z0KQ(pE&FL@Hil^`r?@|ewiBtvvQ zDJs7}Udy^$KG4K@6YJ7-gX7!(fu$4qLi)G{<)O-m=cs3{vj(Mxu9C1ORNfC^I+~FY zZ?#RA2@fBfZcQ5CDtzvTn2{Ye-sf8WKvndOUvV0UX^0fdk^M`q1yuox4S!jO_kYWE z`+X9I^S_kAw)N#R+FPFy1eFk80pn>1(y61hZrpz2`+;ihs?#@;W_=AZ8{ydfcf>V* zSj;Rs^Z+k`rb8rupwx>{G7ts3HnX^8#RaWIo zM=k@0(GEv`QE&An5HJo{t{(TR-&|avmb)M(&~Z1DCuG zcLTeD6Rra;Qws^zehi#N_O}fQh+&g1Qi zZ%IDjf*&)HkbojdpEoaCb{hCQ`dZFqPm-srJ~my-XQUF)s5?KhkD~i@NZcxNZm*ml zwrA>0D72iU(~An6aqCDY3s#=s&stu&B;JNQJq_R@{0ovfEORgxq0upd^P~?FtTbjuZDiiM9L#;Bk57;uOBJnVbAeW9FDb=06CIXVzD31RCXO5G4l5Lp36d*7hi09t+ByB-Gd`}a@3PoppVU4PD8fbi4#@;zC``qk=V zqxpl(Hw)ta?SL!*fP)fz;yHTKr8QDj|N1IHw$eGRcJM4B;`akGvI|4{7lg zlsEJh_nn1|64+qayaP_xQ7k8mM3$z>nS1`*{Jyio&7q7QmqKO2L|+F%DafZd_7jPX z2dHT?r^zc>L}>VVK`{3{*bZA1mNiNeTBvaJ8pcLRV#;JcaEB((5iM>s)L*2k9zkn9 zeW6bd=XrpwtZnE5mwC8M5%dn@kFb~GJ^(IZ-=LrV1|?ZAxIlR1qX*d6zGJg|IC;Qu zq?xo~{L&>&Z;AP6CRt`~q3@*oHCc*rYsSlp)t?vInakQA?vshh4fnn?dJmm< zAdO3uAjW=jpI?6xv1ax546(v~P;KbBaUfd2jWF#LoG&RtQl&kp90ND2fA%Kb4M0@B z&I#5fFFeDfjI<;ma{6-u=u@2rHHdl8rGv^V9O#b2y3Ry=2Of*v#Rj*KRN2R0Zn*70 z+GC|ygIPr1g)DB42G_+5%P6!9YN8+UZeqQKhU$?lRgl)=XLWdPwk|cK&{Q&@dQ_s3jBlX~)0ImfQKD`>VZ%*c1#6yMeiO&Heg|{^4lwLX;q|i5x;j*I1 zqQZ{o-!EvqakCv%;*>dmDl!lkmjP3KkL9w7W(YNlR$_C}!=s3cMq&zD#`ok$S24Ju zlzYul0~Qm8Lid`KlWst2I7%uLB%(D@?DIssc?sQDx1&7D>h}IuP#HF#hao!qI>NLT zZ*4XoT?;`<3<^P^W>_{ci`EhCoGkqH3+r|74CVgYgCrM&Kirw9(%K(7Q}w<7hp0lI zOG7UGF27Iq|6a-easYo663hy1r=00)xCpg8G7lAQSE1+Pxd_@?dXm$ndH{!8PoV_o z=E!;8D;_c;x(0>Hg;tQwD!f&CAWygeqk6}k3>J=CmYw#M6O@^CH9fB8HZLRsqOEI} z4FYJv8b74V+K^)|x*X2S=#}PgBCh$KZv`sTPUFO-x?%xtSME($=x(ECtTjK2$E0Y2 zB$Xf%KpkD-IkUi-BuAYB#d1OUiBOf#5k4DgpjM)FNc{Q-*370B(gVf~M1D^;?LG4S zTt^2q9^Hx#1N!p^edm0(wcFa2`^#x9rFV}UM4nDt?y8GvP-YZH6@WsqVP8Odf$R%Y znWy?cv_`L|EE~Qf>EwA%gnY+m?aJ!_`xUcY6&gPp5BTb;wS2p{gb-9-)7o=9(19_Y z+LVWjFk&4Su>o&=T}YL2EOI%AC|s}${5yO647TfWPx=|Q)J#5TzPia1KV_7kLS!X!mUfiDE^i=g3#AP~EIzqI$n5(ry_)U3MDJ8Awb+JX`| zy1W=+S%FD0)(cPIzrvvwy;oktdz39h*t)$%m3wA? zgL#7eFjF=0i*^25i0?Ebzvbci99n#(GTxfg-tY5By8%@X-OTPN-ZZyj^Qlnc7d^n$ zguh8<>&s-i#~bnZ_|eCD8)x|f%f3qK)tChuyqoo)!ges7<;h@GB+ztAXfd(~8=c91 zn70JV^uH4AeeDsz`q@TC&QCy4rO|z`Wa4TFxV7dXx?8@>m-^x0-dL+sZpo-UuRG63 zc4lzwj#xqgj3q!pba08{xF`#hw7x!;Q~Edw=w0RD=IF1XLYI!nA9VIxHdkR2Zw0i62`;Oe#n`zvHkXMxpVdm@xH4 zw7(?I=9}485OocQR3kzC*i8g6<(TrKx}?jcdCzr8gd&^CGM7iwWMpAe8Y<)K2E0ZR zSZ>yIju%#Pw(fT(j7_Zh;|m>Q1Px9ZuUmT4e8>(P{6c-4hAcGjwOgPZN_!nfOg=Z_ z8D`roHp3m?C+{ijzHhLSFK%>2tfR0BQcf2oWF1ImMimGHKAhg$3X2D>82tp8wQhiw zB>Ta;&s;q(V|uaSTgmo-tHGEM%2jT%R$4-H?BOL|c9tSG9<#3YV=eWDojtS~r6G2Q zmbub!qiYOTnDS0BqA7f#Q)F3FWLd8NRLC~_OO@}WU1g`o zMhtMTHRIq^J#eR0O<1KTW zMAYR4s{}RS!YJrhy&UD`v1G??!{;?m3EU846#i%TGt(kKD6)2Cm zH9Tp)FE7m^n{o3M>v-#4ch86%cSBA5l)Zeyhs&NjNRxpUU-c z=INtL4~l;cWg$?1_YKg3u?~e}LschiXU0!SfQ!9?NBN)cO4diiC{`0CtA-@QeVDEh zkHPS`=v?G)U<$4R6mY*TTVm~7q%CTf0a~sj_AIqUeseK&;q1Y^rvSi}tB(!tjqEB{ zoVXX`3VQjW`h3P!v>@B*WW3mtT^m^;!SMngRo_=AAqvMAUyz8`0sFCZ?x>#;^u5e5 zZR&5D_4UvR-e+WjRZY938Vn|>$3X5j(zW#`~U55^*olu{69U};TMVdchKLB_N zvt(9_`B!z078*e0f7bzjZ|ANIz9?_sQ2MRo*-Nn*>d&o$dZpX)Pu!Z&gohq$l7HEByQ1cV5kub?On zEc4nuZIWxJex>GijWWaIq8f#=xF6qhGOVilX|eNo1UDMmk(^}6aD!Bh(Ac}ylCVAD zN3pz;<6%4;g<*s)<94GkGf#wh^|F2#wyiCK@+>nEY5{^+*Bu#!V^;N(4@Q~)FZ(__ zVuby#V&y6l7ei%n@;Y_4t6FvW?!~Z<(D_c`6;0t4xvtwf);MBP_kwMem@PKM>(kjN zD;gKq?+&uY^yc|Khd8@!>+4Pyj5MMiX5`Cf7C^MtjM5?yheqMk?~}jj$??91msi={ z=$&$gkK|{?I7fVgK(;fm-s;L1Rtp^ychX2s!o|9{S;A2MkqD6jm~A0+A~cjNYOs~u z!}DI1!^1||QpS5B+h$V~->lSdjxt@yu zzGV`Veq-YIx&1eLA7fJ`X>9Z4aZ=Yij6(UK+gQHoG^TbGP`Y@P(Lzd5_{%=6^ujtK>y)C$cPHcY=5bekNV7`K{qx0j>q!fjlbmR&k9I} zJ9kxG$1Atf-2+iB6}sP6NoLi*z^Us%x|(1;YSNxGP}T%JcHugHV%@XDd2?o#q934QW(@J21BH@UPUx%?&#KYK8t-LZZT#88QFxcFbMM>)da1&}K zW37pvm0tm|n`~lniRtIv`uMd;=+}xFNXmw_srvU&S8DRYZD&2RRiK!lcxF#^q4}Az zf2xRI&d8Ta5L&&;C@WGXAdZFT6V->uoo*6dh}E)dlXU0)!sOz;f^OixpW;>b;3TN0 zVRSlBe2CL}l)4LX9xRsPm_jMtJ+A-Qm_bDidi5JRV(b099{!=~2Os-u^?b#H7Rfpu zB|~;!dI#&t5IM%mg!bDh6vTvju26uPGk9BaCg3jnRE2Z|ddFBh4^#J!h5uqI4K%1* z(-LEEPNotm{MxyU+oVi+Gq1qcZ{${9;ierP(?2gwk9-?0+RA9uB0^Q*2xgPlWRt(J z2LMjsJUho?Zrcp}?-AS;TQ#C`5P!$|qPtFOVA?F-ua9 zN#6kg??wI&7u-SEo8RjDCe7SCy(zp86dv5^XjLLNcC2WI*(7El;*<(&C{D@zb`(~E zErX4)M0mk1o^6v;^839Nj>u=_d{;kL)R5iGOi;Qh^4%u>3d@$?DIZjqp5Q2tut=0| zeve8q^uZF>43~0_?UR!xFl~pNoD3YBQ2AoOzfGySgS`Wd=l&;AOnuir7JbrhpfP*D zR@m4;Vs@(I`_$lrzFGA;_cm~=nJ!22uMV{Lfx~~ji~6erS@pI2k-(Wx;_;h2GKdsj(YzAKcjg~ z%6f8ZqIZtHLX3|R3z^zKB6&uXe~0+KUHvw}J7eGe*eBsZ`CEW$b@=fyQ z?`cO`{}*d-0o+)#tO?rPw%g3i%*@Q#W@ct)rZzLX&Cq6SGcz+Yqs+{rhQ6j$9khOyTD|ef~DQC+~_f@P?*tU@w4LF!n9Za&8Tt+ zz|ShZB3Hb;YjC4{;)$e95yS6i-j84Z+fN6T;UBx>&o}C&xCS}$_tZBP(Q+}Z*~f^1 z?Yd8p$Z+T{XN2Gkf}IWp@XW7>50!UzwwS1-FYR{Rw=z<*?AQufeHdNaPA1jKtTd~r z@c;WM1n&AjY0a!5tntDe^{ARwO3$AxtZ0fP(@D$l`_*ahbh0W&z;^z%Z~rlb+IqG0 z@#ePOjMW1(=u5mxkon5X)1MU8pQJ_xjlA*biR)C>t(D1tW=GAkXl!K3$?biD5R0dB zl#OEK#CTGzSB=HOc2V>pu{wOh4%ayTGZp)juM>E}epfkmkiU4Xdsx1cV>+peQ1p;y zlUDy&&FFR_=Vae^wqQ8|cCSem-r18X%Wo+eA9eFSvR8bPtIp65?4p0_>a4hU6Xu_A1 zo{nPh9Y~G3ZCAS26lkv#U8C(`**-IB)!B1#3(txbbuwLq&Up~HIMV;-bYO&pghILzB7nRg z)-G zUMZ$rOdCJ_R^6ohdq|NKn}b z&J-h)@K(1e0lni;$Ul>-bidKeb<7}i~JCQ#M^Z>+oms@8RwCPn{ z&}J)DUFzDP3iQ~&GEU3(#rS?w#kQnTEcob4M;z~q7PL1T`6h3yg%aEA&)G?DS|>wJ z3v;S3$0k*}wPIEm?zZJuxLrc?kB)S1By@A$TT}p(4fUY6y$4m1iWe?_LYq_Duh_{Y zct@5GyhLjKTWSA4nos}Y2f9_iMz3DpP*gvoy1Y=0sxs3i;gJz3tAU{AqwSN(Rg1D) zqfqrAg+^BDu=yOC|!W{5JQE5S4bx>LitPzcc3kz3~P3NiABjKxvH|0#wtE*|0 zjGt)OVUTUKl|N;pl`Hu)bM}@2C3j-;IGg6&G#kgF8s-?7%_o{KMYGt>tiE9KvOSf4 z!^Vvrp7oOXWxaj>zp<14t%0u>zMl=Rs$yH3hk0wAeFtqGK^Ow8bmvR&ss z^+_VNYW2q)xa46QPr#jF#76ENk7Z4;Y#7Dv3aLKLm|RbUFsTwdT-(@q*$69u3||oa z8XMsuUJKh0z@#8+CN>?bwTg}`T&&{zk{DH%m+7@@wsH-Fe+dQxLao=~x3-Iar+g%? zdOKr1d{KpT#m4Vqst=+CC&AY^xOtd475^27T5w+1(cQA_I00$;1@d)e|0lqdN~2rt zz|N5T2{Ps>D~P_VIBiwy?pJ(gLak`)iu+iB;eKk*E=c?QbuiFDRe3mF)`mqz2{ztJ z4M41TLB?abN$J0GOSs?_z-gB-gq#hzs2%Z9Lgoz*bX!j{GjqjqvG0fHhqBt6e?LF` z6ld1h#Er3D`MM9Tl9^Tfx+ax!4;gKgQm5ltZIhXHv2M#wJ=p84h@?ZMXO{i}v`p{BTJddq5|Zi*$N|c>#!0<)*9bQ5=^W6fq54 z1fgO1%C#(fPqd7!U&7+Hg_`4_FYA=25cu(p(pO82v$|yP?LyuHkrF=zT`s?D8&DuU2=&DqHB4DURbHR zOyMMRCbgM0?Gt^hvN$}9Ous3?KrRJwW2DE(>rGSIHfXHalolVf)+g7NS9NNg(rHyy zRhj+|KJ)iM1z8-0@P8g=CFtZ8uCpKpuHww?&8=6;&ChX$CqS^nv{PcbAj@t~I*FDJ z3hV=^ecJ3LLD;jt7r@f}s-P~fnM7@vR~1hft1k6PZ^Zb@($ZhTeqSnK3o)g8Uw*b_;2~**=eyq6PJt^-~V%5LXd+XbziLE#%6;Q zo9Cvpauf!XnJKM%o`QAj1k0N2+SANWkV5hL_xu(R4l8JAX;*F``=Y=Uu)SEw*%i@dbh7k8XidH(#O*fJ?|mH1L`P`#)W z1jjXFUDm8YQJWI0cTTZygxH)#D?H+!=sz4dARurolGv>Mm_REkM?Ty}h63wM=sNe| zx>%LzuPq!1E%`?pkbi`Xsh0qL5kXk3It=1AOjlZKGk3X|`umCtl;6lQyGcV>_?o#C1_|9Et3=(3k~kD zOkDb{EsgWP_?{<&u>Z>y_%+HhOgaQXu~!?oLeIUVWlYU>kIUWkvr)CFY_G-SQ)N%!|L43Q$eGh@b1xddE=S=%^B~{U*LTI4dePhuucD4=-U58 z8f9f<{a~CWa8kl|Yr& zWTf|k89pi}k{c1i!dAGm@D)4GlB@EKX`lyf1ySSF9n|3j!z0vJK<{}ir}bh6_zdQy z=m(lvmF|xrv%)CXhfm^c5azds9M1EydOIKuFp(@pOMpV1!y{r8TKK}48e8QhCm)xC znBHXls@yClr(x5r9Z^m4QpRJ}6<*9p>xJoie-bFI3Ur>KQ&N|oPmrf%DBX$b$%gm zn^sEKCo9`lq6Dg}^bPN-l~55hJkJ3=y}mqkALb=JT$FQDE30V>PE{DrCgzv2^Lcze32iY>iY?RKRK5`rQAmTZBlhmryT z6$3+6P#_0o0}T!)B_%|Z=__R>L5$aQ05P#bqtGKBBb@pk^Vev7$_=JrZ-)2}A$5Gm zc9k~ANxU7u|C#pLYg|X;Rhf3P9bC!O>e0eJDCi$@Ghre&Yn{Vj>BCqncpX;I78CEK zLSl}an;q^yvdG$S_-sV(8-Q)*9I(X9Z$|Q$D`f?@2)~~os;VTRX1REGy{suu zhM1tSyn26S^;6IS+-B8@-(115ZU``O*b4Ig-1#6Mb{5DrHL3Rjml2gUpLRTvxl|Jpx;@G36R4@QDwReIuYmn>b^=#h|oKFz@G9Jp?KC^%^la zz?B(?S`&S9d(}$#$a!>YRT;>KZo3fYvo2PswT;8@gC1kedo~cbb){hNVwiM$z%pifzef zh-DJS0o>uwzl8IFXnz;@S^vlwXWH$7H7PDRUk>1=V4T370u^Boyu{Dk!qEi`iay{) zIJ>h1?O|1EYLz-86}@=P!0b%kQ8b9h8MXD}WISP)k#qqz8$}p9L=Svz;}9C7d~`ik@I!#2HGoRwvTPV}d< zPRw22VDUXx{H2hM`47qXzwtY?edJA=_#5FJ1_&mR^(#9QB~xx8-EPGs64g6iDT)LX zHG<{WZktFXi#RLgm;Jt{QnZT3jN`{D{4r&>P7SK|yY!yu{RfCLKc@I0k`I*W^Ks=? z18;w7MzJfPxQ|7Z-U&7j!0wRiWLK8pJmRp(Ebd|$FSbRtTWU5gtH)|q{6X@~no-t% zK*d-0`A(2w<2cx{H7TZ@IHf>#06iJZtN`YT5wI{&{7Zb@zR)T&q{Q zz#F<24&C*3&#`A1`~rUSo$xyr+jzyc_=A?%>Aj|;P%~YerZ?L>kB;&Hmt~C=+0xxQ zkiD_5IDo$6LYsgZE(+!A^*22XMS5FL(tE6ryfNAu7&wi)woN_&!R(0iRHAYIC0_ak;JL8*F?}!Qk4I7UhfuM)a7Fd#{(y&&C$ zC0_x#Rv&-5g}!Cq zbt#B(BlG`+Y8(g}AygW~W-U5r5D?9I`<8uBVeu2cU5{bVwhndhep_`4u@ZTniSZfC zYeW%Kx-iMOihS8c0qY*&R$~X96`r==7%8drjzB{W&?QR|=My``4VrpJ+#<)Yad}_T z)lDYQ8P*Xlw*r7XeK+Dow218ukT1=BAAyd}BcL_)(GbS77m)|{?*nCBOkWe2sd4A( zPb$b$2L43J_448ch_3#aW=e@kjnwfA#O2S~rx!lz2}1``9`s`x-XqPzi;%1tr%e~k zhl6rsHzQ&VxB_0kjirlH&rT127e%-IfXEKl@?y;RLBGd;nBUcfBi6>{J1FMvOA`42 zll93cZ+2X*F!4^Kw(cpA<|KeT=&oUW`k*|biiHp z8F>5ASEd$n2bQA;)OB{@;Jc*dVvX&P%x_7QN6G|DrC2QizA}Tvz#iffl8YO*SiV4O z|19fi!1H++rJG)uNfzE^jQOGM(k)t5l%#>aJo9CShL|={C~`A$cKC;=eIvFs7RGXg z{Yn$c-u>B#8!(6b|N;ed3R++r%%2W;``VyQi)lFm#07$H;?dAzcQr*CY?j#?yi+qc)wQp~^4$Y@7 zAhD0V`#)K^5_B;5EpIFD0$Wp4-Bkl@@c2hIXhdK5ZWK+YRPo5S%fB&fGjlDz7~Im< z=TIY-^xHE{Ysj|ddgL*8m%|^bsqP-A1*eMCU46!z>Ed2>B)$|oQ$3ATu1*{v6pl(w z@@J_lNsyZtcDXs=ol$P*(H8Lvzkoh?Mm$sbggVhUN8+72ZJ=tu9&CNnM!j{mExeTZk)JJ%i369YEuiexJFVn^`<5|9uSJmMJ8-3 z#yF5pE;yccKh-m`HUNV|;uBq}fJ1VDDtg%*t6L>|IC6??EWgp9T@B!er;r~buM*l` z`?WM+oh;cq!kll5%}*IGw7;Uy!Kblnx_82Pxa`;Nz4P^NjTjw?=6gTEWjacs3sRv~^urJs)Y93o(l8JE?@|YM)utXDB-T#Zrpm85 z5 z+h)|mOiLeD4%EVXPs{KXrMhP_rQhLbvl@H(X50}P2VrdkmVV!{T%dd3QE{2;@e+8L zi|s!hMwh-j=ib;RDXV84j6i*O{{8KFc(C2ze+4V4cRLj@(Jh+^tzAV=W3$d9km>A- zJH32wpJblSm40UoE}%NmXoSDD8gc}eDH1je1u(q;Jn0m z^xa;d{6;?nLG?CuRNfPxrPQOk&YmUi0l!;AvzG|X(>DabHJC*fy~TI=m)^7MW{Qw^ z*~1(mr)+wBItRAWY8cxq!!cs%T@PGsm4Dzoj>>= zTOe`qWmbUUGof-U^JpX{rJ&RKPqqI(%#a_=6eBr3m)x_+cYb9ni|0yb(`WU~K=zCE zq#Ky&$C&C^F=M|Y}73goB_3{f-94GekHyq6iBL&LX~FfUD3;rCN_ z5in;d6VdoC$MH>RAK3DB$wQiR#q_h7&R^@ilY3Hd;8skB#(7OcJnPtVF6_G>-UZp_ z=#Q?Ge{%So=c0A2^w(ifG-<+fT%`jeH4JX=#y*-~jB(4B7^c7JZIeT!f2=mAy89n2 zJHj#$2pGNIO~LZi3<09IUU8QP0--%FDqfL~b_S>B(}wpGZym9!dDS2ysXX_hfpFZ6 zTd!3vS(C_WbNOmSbG3+n6rJ?6NX(~3~oXlIaHz+nrHjv$$UyV9Y^clK@e1v`Oo&nFhP|QT}h}jApd4|F|!bZZ? z!O_84X7&WXOY{T^#`|~c99HnFTdh(nwnkJ1g4Am;uJ*NYB{UY0T*aJcl^T$O#6m~z z)H{W2_RHnRrQcM$2UY#YR12IIom)@Itcunue=gWPGy!SU;Wl+jPR|}dvWqB=ExiJ^ z{(N;k0D^bw`qk-Cc4#YsF}vHVD6dEHO@bsvUUYAZAXevnsVnUosTu%AJG5F+i`OJr+>ctGN#sP|mX~!$;VmyJAV>g30RQc9XE*2!fnK2HerMx*1-u;J%2N-D zKEJEMdw}Z?H3AJ!gO30ncvyaiI}CxPb;bSV9++F#+GgO>#oKEJr&ae0hHb^4;|;TX zNtw?$cbc4-2W{H@2gmM9G;EdNcYFzWQgLMI@UZaI@TYM9kLE4FkI%+Owy4j^+$eSH#rw|<~^#F4d&u$&M<&htNptLB@TcVd59h&9Qhg+nLsFz!) zmqMSP{B*eq>op)SrjjWmN-vcrDKsU9NYg*v_xWFbziHv8Y>(KJ)w{fOzNNki;U@@; z72Kxr#ujOi`zH#Fqudt0iRC1A8*!9>^i zD@twxydeCQ*GII-%25gSNPH@rD*8{keDZUKORU1yBBmGUePS7|-MyacpToR_E)*Hc zQy0ch(H^L~20$M&yzoBz5I6$~7I7LHjXA5f2IQZyC>)eJL-ZH)9?Y|h(64E@_HZ6B zh!%MYr`$)AUKd}5VI;st@V3hlL={BCCHbU%OS&*HqNE3k^7DYHK%w{2*!Wznh;gy} z9I8Z7>jYXQ(ej+XNAZnok#2j?t}1va7h*qV6?MvvPCZXsfKu{H$_vw{V5{z3IYhwl zE+9UiZnjEysd9eqF#|++=AdBRyMZGNmsduM>IV5-17VcZ--e}F_;42{(e0wErCJ~} zlL{m++a6>DiExl+a%-BWq2NpvH$)eECJX(}UrX#^a)6ExXsup{&caZXdbGS#HL?1&j*Sp0YZ zM+|{N*MTv5ZR*N2(3@(zIo|yX6=G|cmZ9h^_&GUE)<^s;=;7%L`3{%x5cx+$|57s+ z6`f4(HuA8B{h`Oku+JXF9_ra><@4|77>%8?zzr&q#^N1mdAU zen`bs!la*7vaHQLMq}vc_ll5pe;Ix5xlD0jHjeIeC6@e6{o{;5oPM`N9uEPpsH(}T zjQL!N+q}D50|49uF$1!d6q!-{1Cy0UUSM4Eutx7c$9e}Kmz?>CgGK-;bI@R1ihvrM zCDzCh(@by5JIKq%a(S-)Zwsv&RsoC2G_(eOBBI)e;=>3Eb|ldsEf{+(A$xi^0~bP5 z6}L2acUzi)K-Gv2bJ+OQx``1o9OPQsOnsnBLyy*&3ruCfhH)OeMyIr~{2A4grU(1a z^@PtFH)?r}9j4D?`}6D@VJesz{0aLU*lSYLhLBqO#eu$+=KRSr&!wT!kk26>7>D=B z$HK_>wn6?0zNgtS>~6M~8uR@t9h zUNAHKizNIq`Z%;bHo~^|hQKYG0K8=FaDkV7UaNrYc@7O29_xcFU`msIfFPprFB`cyI>QlJV z!H8AOHqv26{VAY>RX^cIkCvZdLJ#d`eGytVeusaB`SHEq97qgPAhG$2vAdZ>;8>b2 zTFzAjW{Bfh1ExO+$V}XOsx{BGLs!{P3wM2k8U>Yq7L&WELAnPy!Jl7tcjVkxJfsmcZ!c5>h3BJ zQ{N2q%I`if;_DGk7=D;UKV?Y%P8Ym7ErfoGH`a^ZcYZ-9ihX9ulEIr7R=0J2#|UH0 z19XEKeEt)rjp;oHkd(DU6&g$6$1Gtr&NRbC0g&+pv?N`07tj)t*X3Z<=7`FebZ_lW`}GC;MkdjD^Tu5kr&{vVladRa#v9PJb|d!clliuRDfzp? zKknjfnqr3tnV80{%rdp#h+Gd8QfBqHc_usK*bC`@8RWuRRmyl%kM?!At^7JtWRm`ERFiT7bFeZzguQ;t|i2}fJU1;vf4rC98zMn<61YKgUzCN zr8)hJghDg@(caJs=DCy4@_@-&p?5+^El%p=krOUcSR!6408D7zX%w_-Q~=X?Lj~sR zL%My-1t-DjVv%o4whgU2k2a-K)Ox@0%;g3#Os~fNR1M+;=*A@aQ0yihdLa8Lb7;%q z!cQL8+y=&vU4GMETvWS=kUx`c0RH6_9NXohm{x{0AL6ZAL|l@toRA&N8#r1pV}7shcXO$2t+5v3V>e?$V4fHSE#$5d95)&i5J6n|B4Wgx_ZZ6A|Ye_ z6=9|#rH`}6QJ23X3@Z5lPVxVzPQcV?!h<9#7DjsD;oJfX6K44MX`N&d=BBN~yplG3G6$Pb-5bnhZ8ZGQJM`qXB8z(UbUO2g?R3@XL;OU{h@|st&)WMhST_ zDifc3k1Cujm6O9X{A8z|mCRU6nFxt;ITuBHt}Vucrlq5rxpKK`x15SePqLM}-TGb~ zrgG$^n^=YTR=X>NjNu9pK zxt6>%i>?2BYGC7;Z?UBsAI@>cUWliSD><*)(;GUUU=I(y947A7>GCtUXy{D6`IAqZ zDW?^f77&D9>!b!~JBFM`^W7hjkw1yP-@-1WBJ``?l#ap{^A}j-Q3L}6q#cm3NXW0D zt$y$a?SkBK-1Z&)m&fpDS~ZMEjxt@k0JT|kLbx#NC2dSO3X1Ymxq?bI;ugp9FZY=H zs>Uq|NWOVtX0j&HAy=sLO|ejJnDRsO+shu<^@;r0IbXD%1Xh zYjCHQ)O~hTUFuJ?B_9Th@j#lNH{-}c4Nv1{McMClW-r{`=YR0MUJgL4j7#<5`vxt# zaYrd&-koF@dX&0x2i*zo#~b6LOQ=8PuMVC!-jJt#J|lO9UrhrjndTUz7tr_L>x|wv z{WR-4dKh>t=+(YB(eID0r34+5^FNMn@U8YRECaBJdKo10TF-Y)KCJQQ~F`Y}saR6zdLG$eQC_1T7u0x=CQPrQ0bAnYm51Oa$_5yeWRf zkE%U$Xuj;X9eq{B(qd zm~&`EyghCb<(&K0?o;vPNAx;*WMM`>nkB{KGO+lY<;-IW=kI6OmjRTKZi+1ClQOD# zV34(Z3BPn;{AE9o=Q_JzCefx0D;j&|G(oTKTRgIEX}4m{Pi$E9O>`jSn%0_ilqA?R zrH?o@Ee}nQP0t@UF8GqKueLjHOBqf2&x@CrToHGzM)2nZj&4z;zrVFtn=~=(bSQJ) zmHVRC6(c;=@_5}Q^Mx-j`Q<+QM=vPD{+AFX+rQd-{vU)Wzd8{AyTR~(_M-L3(v9!6 z>Su%vz4C*`TNkO#9QT3@m}45rTeoQX;b23?LffR6C9>63hr^xL1M%`HaHD-Y*VVK| z7N3hM69xrwM7N8J&J4*HI~8RNzLehJdcd9(E6lv{*SW9kK?Knij?lhxDne}~+xFOz z0q{eU^hjdGSD*W`ooq-yYlcE0-?C?~C#j0N>kLW={d`7iNmmPD;*G0oDO};I2vE;Bn9$N#Ro^Ufb0Dyqu@ZIAq~ zGFNm-qb5JeS%{$G)Qf`TWggNap^ z{`v(S2`(h2k~p!^I4whb{o;G|`ni3(;Z4B&HnsL}-np!2o67;;0Bt`SHXrNBMnXN zpkP-$Z&CYUyo`!3U58SY!#6$7+wnIfTcichAWNp-NG&Mju$gX#=}h&%n;3MK<3Del zgbDDmK5dNk0t2_vprCgI&bp+e_Fc>~%iXJN{}Py5{5_7;Bx|Bj`ra|N9(olB57E-Z zmSt;!M`QnnlzEL@3#A8bh#4-}3xYL+|I5-r2eg!SDddoYSX3a$TZ2mjDf=M8p?d`Z zBHoiR-Yz(dD_9h=Zjupd-EP2#r;x3Kq3J4$Gl){~UWC)gbQ4hovC|WO{qoTF1|Q|c zmsAV>JDOb@;bYXozQ_2W2qW?hZ}D=iy+J1}!I1HX*m-jtDBy;D#k|#qq_XGMyw(ph zg)hzp%LouYiu(TTf3-q#5^iu~46UOjyKm$rX zOcN7{ZCskfm!aWASqFcX&_|2wkIx|C5ZCL50C0yHP#yUrAjFbRVD`tyb>MYclsE3FgK)Ip;W%iYLn32xN}8D!qZV?w zZJ~!^3TI+^!1p4=c+oMY_oEZ3dB01A@bciU_lAXY`lTz$Z`a4h8-5*jujiH%s>O{y zsRQ9E?&)?I;IO%kx@4F+II>(XiPblDGy@_vWz^Hwe8YbOiA9Vwi|dGA3(o{Ui+zKg z4;2f?Sw%QXGX|R~E5)zCJ|Hq8l9fqXKg-6;aAB@uzBF_>ID9k4-rs`R@s^{b-!ieM z)5Nxsd4`&r4naNo#7X}I!03{rSB^n-jeCb|zT=YQ4zF7jY~9+;YUQUb@ipY1Q>7fP zZ<)A#VN;mGptnYrSD-Lz*lBAt`^g=s0&+cQ;;Z)Ec1Mf^4~}7vPuf&uwzx8YXT_vN z!~-|9ZhS^jGUU*RJZ0Cb#y0!|vJ>@{2BI1ii`FhbPV(ea*dAh);O~C&KCta`@%9sMW`B>oAw82=AUs!`xFv_8 zMQ+5OG#yg@``|6LC^)fff}9%VP=b}GKI6ztGZA?WVFP+l{P5%chsNww0lk5z{te9v z1#Kw!`TPh*;Wz5z5=M2q5F!_@HCEgx{4h=2w+~4QJqihqk&Vf^1wkCZgV~s^pG@(F zq-m-D)vyD7Xhrz8VyqtFEYod^Z_3;EHH(3b(hl(|wy`5a52%wqh?fp2x#3OH+>FeF zTQlkx^oA=qugE)%nHoPkg4URQ_QZ8AJ9F%{ZJFvbeJPH7TxT91REVK_ZmLio$5{Pg z7lI4MOZQJn(Iu+eNE->0PJ_tGR8vEsb1E#GT;wVv zzuB~2^7&--buvKWRq9T8tf>#S7X1m&_7Cee8xx+W-(JUXtrFmcS|j)@9OE#L--ycy z@hGAJ1H|nTqeUJyg($a`K?}A%I0=*Cx@*-S`Av-Iez=t&Wo)LzX>5GpqekwL#H6;% z!uqM-p-bHd&xhaV3QbwCq9#B48C9zWZe<9X+NN22PY6*j0TB4~RW^ZiE6fiIpsaT{ z#PREHRLUhxGkWt-+zVMCFh-)+&%*GKPe=2Tx*3S8(K?5DR}5PkqcQkf$#9y5wzSWu z*XQT^qEnMAa=SdfW4BQKVv%`RFbOL4@k87yM7Aa8$4nJTFf?G6ye0~5q~CFFji;_O zCVTinVg(YEo}|vyBFvMw7M5C*8+CN3*N9e|Ha~m75yNQJW?@@qVH1318?S!-moY<+ z(^hl*Ff*_C4v-ijP*aU)5R`B-V3>-t>zc0;?K1dAzXM& z0J%S(vXEIM8M)fv*NKuRyN@Ubv{kb9rHFfdI%DWV5N#g#01FALF+qOS2lzCk7v@B4 z4@)IB`VB9O2ntc~*>*rJ8G`@>p9j}FYpXwdjti5GaAh9FpP(5yeA2Vo9$uL2 z5zm2oCYt~r(l)qR6ki{DPt4h@gFfr<^fbH3d$@rm3w+~d9nOffpeH|+6E{Eloj(_O zWF;Dpyhh-Ao1txIy~Dtg+cP5ao|uC9VBIrMcX54;hkkz@}{v1=e3`}q&0b^l+=%ZdmkOxxG~R(_v6 zJ@458lnKwTEE>klg(Sm7P?iFP@4-~pAU_T>4ZB(ba>3-gk(c_Dlsxx8#KslXt|g&t z?dZF?{O`Ix+IctO8Fb?yxGa*xC=A$t&hul&-tqvK)O}r#NhR5um)yR!{#Bs#a*LLdK zOH=ag|6n~IpL`9vgQSk) z<{15&;oo)inft5F8O#y#=J9jW*pa5+HaK8CLK!m*)d=^6YKX$UpZ1qm1DPvUc$?LS z+3DJn#phZ~cx~DTI1}EyKCvAD}U_s7hbd%=b-KgPon;zy$oiHYqf%wH!(l7A&L zi6K_B^r$1eWEdR9R?tWS0;-^f-3)h?(!*#rVDSN}1zo+b#aHICW zX<$>vWqZDj8JpvG6YEB~bjc(i&Zp+yy>tjVQ6Xm~3jeCZIAkos29a4!6bL$q6Usy5 z6*h|}13=ZK1dmW5=MCN?^2v0gh7&^m?4{r(R)LNRZtQ!N>2IqSvSIX2kcbm4Cn;-**5Bz~*5A#& z$i31B_|J7Ob+76lRNq`Z5Zrg42^@a*ecJvZM1*ZXNQMXn7l#k z%vnom1aGvpUSD*pywKCu;pucUyr^4~+?)aS0rmS`6WSz$1@c1KkdKz){{kpmL$kbb zxSm=;VzM%0vb<$H0+5Q0`BwRCsI;flYF*D&)h7APF$UsWB;Eu&aQCy+(UX6FkQ~vs zQ|nmsV#lqb9NiEe&BZ%w=DcAZ4G|yd2~OE|1UPqgx_hUxJ57aWMaer2a;j&r>g;75 zb?@rLiBHizRNvU!05*^S8%HCpOEFnENSNLMl366Fnsh=_MTO6m& z>K<#?+St7Ae49YFyVCbY&TO~OHTPqy_+v>HYHq#J;vL9yV9JpFaI5!PI6^AHCyJ> z;wYxa*~vuyRV^=;dzzaar17}8X>OkTepc~del@&d4cSm(PBSg{X*HH!YmU#WeJ49# zAD6A^Z}xI>P_mq@2k8Jb-FlMQIH{YrNS8OyfzO%Z&-N*wFUwa3FS(U(3Um~q%Du0ZR20JISNRUqUfa1 zjeU=`j;)5ZHz<4xeKUP=zBNCX9#J1vA5$Me7;hd~9#b#)1nMoR4a}D@MxW7JdhUBe z18q?`01Plqp&g94A7KQ$^bM?^I(L|Rp3&i#Mx7c|b9u|lb>4_11o9!Mg=KTXbPJ&@`9 z8EPzQPzZIRaj3f6ODLX5^WXU zzptb)k(QKaM6NEXL%cj9<#@zSN#uS&FnR#Ye3!Xg09O}xPGO(; zoiujEkS17?*D=0%L?}@(i!`BSqlsVzecVIX{DRx%s6GH&ilVVFb|Hz;GSUy0GA|iASutU(G>f`4v0Rd+ycoN@h`YQ5!m5zm zsu+DPORFr#Bwhwv;(|4Y+v1z+oakx3-DzG_X)1XFI%yP8l3ljg5Bm>Q1C(r$C2RIn z35;lvMPX`idLOM}ETg;zAuW0eq&)O^@b5n7V=jGUcF4?Nx;{0-%o^ntx(@mdsyAs) zT3j*RcZFw_XW?h1=bxMmJ`6gj^ibV1`p4Dx99|(Ga@BJJ$GP_mUNK8^+(Klf;Ba0T zfl*!wodbGi)in<`-`7XjYbR}Byng?s9cZehzMtS(k!yC(tzjIBjka)73^sd)dtfUj4v#oS3M(t%m9n%1>?Kp zev7v`jUUiigG`@q)&(XXFRUTFmQV(8yvLAFe9gBV0A3^enq$E{Y}CA7vzbBW%yiqd~=}NUlz)Y89ha!htDk7PW|O9_LQV ziK1&4$1$3Ej!?)dB`a;eR_Q5j7FBtkwUOfa_f~sbZKl}PutxV49xsY}(@)}vr`_ek zP5lX<&->wWzFGehbnyEXzKYZI&Kwb=%gQwpi9`%Oi`z!${#7Ppt&P$PfJ*twf2Y?H zfsgk+0Sk?VAe+s5YQysmLxodgLp{qr!O8UEw!LgWgU|Mt>bVq4%5)aQA2 zIM>JPt$w1xw%KS{yLSKY%8lB&2aQ_?8qZcF-e>&^(@K?YO^t14 z;JVgP^Vs<0=#*7L`fP{h{C&d$ITfgX9mD9EV>@y-RIG=0)}$3vW;8^nT!msqGIXnq z$v3i@hLPp61r+GyP>mk{|oH5}fs5-XbNI=@`186(@i!UC?Yw z?@-FX4%M$fGg&?{e)(eyiQJM5*mEwB`6wP>Bwt>XQd?%S9(7S;+M`!(P{{~?TLFdW zPd>3cIb{iT^xtj+>$b`j+|S(63T)QU>nc_<?g_62`t_6mjJ z^@sBnI;u%>g(R;r;IQydXPpHVhrz0wTQuhpPZ%dSSi!m;iG14@z_=y*gH7;+oh&h@ zF}tuej#rml{15W2zQfYVF2g>-5inZ_N@6Na3^Nw*x8R95&QGm=PVG&~;z3Nbcd-kV z($>Y@T-%r)@XA}rPJ=Eld%ZNaU|t3ImUSyzno{6;Au-oV+att^AE6>ZCU9{UhE)ew zQ@3>?brI_+aWA1L0oPu|)nn-f|2nFK{#g#%q7EZz;c-I870Vgp|L(J;U>I2KAt`ah z4x{qu<>2izgW_*2TVK2mJ49*Rd~#nKEbi@VBx; zsT%Pej^B?QfYThMmBw~Fd{If*++0ie2+vN=9`5?jmkl%75;f&q`~2P@u+<-Y@y#NU z+UA6>oqAopFcm?Js4RJrIp6a=5nyFY0}aHz9K%y?Gv49YmbyBM^Ye;py~_~DJi}a0 z>qAikhWx#PCUscbT*FsB!cLK9f%Kiex?b?OJ5=SgF*i-pxj0Ux;8zW>nSOZaukGQ`F$gVpU)tJYl=W zHt#|B6u4?j8-yInN!VaegtO7nNUFt?mL}I;1Q`Z;$wa}3e&JMOgnx(I_F9p`kk$E~cWNrRNwV^kijLV`>Ejk{dWl;OPtBVBEtu2- zh(={L$IT@dD_Y%}t2&g=nO)d_LDRf{2MdYtAiF0#h63fNM5;s-RuDp`fr2i+7!9ag zdJI%I?h6^<7n56k ztj-veBL+9K--uX?U5nrd>j*_uV1DBaAy9H+Y4bp4LI{l%gj9j_ikOP%1SHdgyGLE7 zI2oG{f&3}IyC^8XS0}fpDlczv3dR?p{MtgzAYk2`EIA!cw(+4sOiz@;xLQ|!BBAPE z)K+oAvCemL$#%hfLh&Uw?m0@w3&oDmyZ~bWmuZ7_wG)t=P>8VoF7iCKOLJoW^p z_$4rV5vKShFl{EL_$6@fR7~+pVE9-}@k?OfU`+8#pnD%o;iZ~B|5|d2JFojV;%TR+ z_am3?M=sruT)H0^y`O*JFUIHgOjTMMa%@#FJvGf;Q9~;Bl8RoWVjZa%K`I_06*Eai z0jao$RHTy%C#i6eiXf@jLs}s#DoAk04cYvlom3nl6m;1`66vbPYX+ha zF&HreaS0)lrgI5FVM1(*TcwF*#3tRH=jdDbNy3kpdV`4ury<>Nhp@y+^e)of6>-r# zu<=vA$*3^mX>HdZ+CTr$g0h{GK1P>7B5uUe7+q5JSE9R`tf&g?aksOQr@_Tg>PS8W zh#zSyD3|iN;8bv$15UaLX;zi9A9mAM1)92Rh>rK#<^Icg&i%c!nqu;TbC3HoPc zq80a)V=kz7_X-Sj-+}k*=p5<}mg7BlxeJ~5xC^4Ka(SO!?o6CQdNi4alTCF>gZf<3 z4g2O*lhMJZ^5yaY^6v7M@+^5%xmWI%C(0A#7KKS+Q0NpIg-W4N$P`RL6`-(GN6rS* z`2%2!%)kl%&Hw=>r45u{`Lkkf*NB3`oe(k$U1*oy?Mau={$bE%s3&x_x38M0(1D7+ z_9SHL0$uvF54B3~QZ0}43gxAD3CVlhJzyIlj}>ESh|aGj=>4imgcr?8;GybnAjCLl zaRR4J<}5BQ2D@!)p}o-5)|lU^<3C(VW7qV*f9yA;6GO|p^d1n}m{=Uj;)zINahK4O zJeJ*!=jY2s9e3kV8cFeh-9lUPYf&#=F0}1fT->Fa^po0whx~%=P-1?O+9_P%;qAbq za7Ej#injA(e{7e`3AR%z!7sJ*E0t0^MtHkz<;g`IwiKxSUcG;sB@A#7P`dlYW0U$%r*s(AZ>wG?GC6ZsUx$ z(VlH+qdkjl(*M(+5$)5{$@bfdhYjNAfKp%42t;XU;ndOgP{mM>XWOvi*a0C>I&|1* zPKS&L75heX3=Q*j^lZCr&_7fU;?=kLI&OnOMSTWr8x$PTvFf(qZAHEz9gDZ$-XkaP zhOrhjj+N8nA8yuz-znyy8lyRv;)_I z3c6=I3A)H+C@&U5t}cBjnu0#DsJaHjCGH-|i*bSFB%PEu+(Vi+MAN|6+knYaVyPG( zCdX*B7j`LcU`OK*_CZr6)<8VMA-)3fEC6c0rbL;h~-a__{a{(fVJqy*1}P2+aDf* z8n6+2VsFcKLRxrQ_F!u>c0 z2HoH&*-z8)?jztkVkZv^9q=wML_(2+*vbhdFd9}t4ap_9Q?EEE(k*fnY&gaPc-NIs z1-tN54X?uqq7g4gUW{CZcxVcpaXmZWeX?H&*Uth2z!6*EXE=;Oey_m0pGK+KMK$!8@B-V!YGsMxvk@KcNC2LJ=ip7E#g%$UIeC;E zC*RNxbTEB}el0x3Hn5N6LvYpiz<5{;o8S*(BCSYIayJ=G9wzh1<76c{N66cBwWf#H&!Uw}2hX06UMdm_Jl!uu(`(^Mvu533PgD>!N z2EHaDQ4<}0_*37$5#gC6p!hrHA z`Yb($pAYCy^e-V!ND|V8T%kZH7AD}V<_Syjvs3trIoL54K|W`R%f;2=dU2C@fWJ?Z zKZ-8>y}B3b)9O!$Av{04JX{st5%~(NxQFO0@Ca3avmb(=vAEyMQR243$3%m?bC5LB zmUKnV3?^eq8F>IXIh(8^FG+KMmFz_>eMTL+KUc3HP2RSRu6pDnM z@EFZz@pxi+ALV&43>UgllvKK&%%{`I4w@`JAiIs;M(%>kc(i|tzD-xttMoRZ8|gxN z!&v^Cs{BW0Vf;703)ow5k?qB`y^nW(K&By&&`UB6R1xX-rpdpAOqMRZ3nzp#M9$X2 zNv0xkYyegED>9CU)0jO#fi%^d5A{)^z^dVW~Pa%R)?_DTG zdBQg^3&zpU;Uense0Z7+XQSXT$R-cNcknW5MXGq8EKO!5hv^trNzG&jP_}{pJ~K%s zf@p!+q(oRHyF|Z$DR7Lb;IyzAXMc>oDs*F)#a?7IYQS`u3uTd+@Sr$=eMClqK>C57 zoki>Ru#m;PNN1o`8H6@%7ixD6+JSaLH!QKE7}RzxO(!+hLXfcR$t98~}bNS&RcaAD-`ehM&PMI4MGX$OFR z=)XrwGC&htN9rR0X?WlCI)J8E0h*5l$QXzS17w~6$T|g(T>+5uDnRZ5fR{<&`;>TcsHbGU2o`At5R~QV{Bzrro)+vw%jq=sHdq6M<9zhT`8=qUm zhbpPRdeLz8B92ptLy!^@pvIiMmU-DSIex4LLe4CEzuUmQGapQ8<4Y&$;huZRpG5cb ziTc_PiYu4zc|Gh7du|$E(}XrLP^HR1z@+3eP^}gSpMf4$3-{=CZXMNaHvRMXW*-=H zQUdtNw#C`323kLpq^BpfNtrft@4#-y!ad1Z^3~qm%PR+dR9k=I=kTv#1&%%mF0$5a z7pS3C&<*z~>0b)rK2a`H-lt-!zeI9hA?;2njo0)aXirDhmUO#PaIwH}uAl%it{`)- zw8-=uy}4dvw$W?#8Yu~vktG|+l5p8Y^2B;h*N5-JaW;lelUZ;SRB+c$6>jS$SvBbq z3=pA!QlcUSprQh1K-Nm$x;qSp2`~fJpa`r{uU&zwy;5@JoB_whZRJ^3N$jn@?wH-|*)jM}`8L7d`Je<7%{-B-m$rePX zxE0tMtY5>VSzawE!Tq=xom9=yqerFhl0?3v`MAFV^xh3ZkQQVL6ln6U_$UN}|XLaOq74@j!h@1r*!i3OA&IX4v**rR5 zJzsxVCo1J?J1sJIwcZ)uA)$|XkabXeuY_^(aq3~_d#&T*OA{WX_sgcLr|IX(R>+qd z4%<)A?p@kBg z(ou3t%F;QrIJ-zm8I(XP{zDLEgQ;b9md$2DA(r`)QUYd!Ejz2F(Gc(@$z^@VeY|FB z)#UbLKVJLEgOBgt@bJSMHazn1oh9^R!bqFVgSUqxC&Jp1*J$dlpIk>b2sr70pWV;(1<~; zK1Xa=Ql>~eVo;=Fyt;-IkU0>QqO$aKX>Cy(R2Y{}jQM)hq;;>WRSyQa(qZ_9g zuA63>W?o?0YdY^ZpK#fs*{6QZOcM-FL!!ZDki8MP407CH1yW_?a?s&Y85AIv1T%Hux9`SATDd+1E?fPu6M zYK%Jz>0mm6&Y+Ce&}49vCEKDKiqd&CoeQaCb_*}omz*=2_}cL@PuDzMhXNbbS7_Mf zR!~ApCi$)2Kpt|WWy{j3xw$gm;iyyWO*tqw_`9oSDC;LUdWj5qwI(!^#B5G~g zBJEr)D>C*sPE8Pc+3q!rwG6jS(LQLItF5#wNO(!B5;w>$>ULT`eYcdG*|}V-{IlwBV?9+<-E|N53jX6Pal{*?9th?Jv$GLsv17{+2*d-AKM@P{ac(d|65-Mu?DqA z3s-_IO#?KeHLElmG>0`}SD~x+DJGauwm>5j-0@Y}lT-ZbR zfC63onxKmRNlT3ej;L5Q9r>Cls)C8`991>R3u@)TBwvoa!ka5!s;6Azv|39JPy_W) zf$r2*lSLBeekwukrKev((figQ=^Hx#s|Ch<&awRbdCk)q3Z7oCN8U+a+|i=_HRWro zBcBA-+4(|JvwVRiCKm87)D$CUu}#pT399oo6+QAb!9czy$%(XCzVwxwVhka2NwzWD z>N5&PLYLRirq4b3_S-wcxn%H5!mheIUka~9)mTVXycy>hcf4#4e5p6Dt#! zn_n@%r8%xSnV?Xb?YcCFpv)9A)itQD0*ao&tg@QS<|8`2MQ66?^jeg^pjoGKS%bPY z==pW}pp{syP7|u>YkEdL=CX;(8}u=kQ)?V-m|&P;SYluXlta5Dhjs#XgPq!!dQ5vs zF6hZJl;T!Zx}E1^K=oJ3zAk#3QfvNt`|&{ zMl;3)0!k!UEpoKvfxfR>SKj;RjxCG&FKV*kG5SUQYu#r*zMm*2FTV0lJ*hBME+P zHCKF17z@ZikjZ^5O{Tmd!p=qEi(OjkcMFgHwt!vRvS?Y@6t1m4xrO{d4n50b*50`D z@o0PEzz3OdCYYCNBdNB|w$6cXHQ#57%1kmHrjv)+WJQ^Jl4go_THHdYB#YQw#Z2{V z&0Ou`xc7{2n@ve*j;fp<2PYm+1}Dut0dAvQsU8iu?4U_-HDA-5G&gx&GO>xvq;-|= zQxau09ThaBm+ONb6afrq^#(oFSChwgW!cL^7-eC7RdTtt(KlOzR%%_^qR}^_4dQJ1 z+ZdVhOENCTbSk#j(tejrD#KtY5XjAm+3W_R16X3V{4EKBgboH(;))ZsFk!j;g6ytR8hGEWm%cimvFan2<4 zi{#@TT+!(09bC`cH6$O@=njoH=~z>Y*jnv?o&IuTBWsO8BQ-8fKXkL1zj(b$U5xP* zN_gZcX;535o0B3#l|c%~Ta!@=g#tw4pjBe+#4WamhxDG_qa|s%XZ)@@B7b|y#fPT- zvTpMU`tD1UAE?^!@btB$w_)0SU1xkgQDg5njwn7qLkz3J-(c+jU3mMe`-Gflb{%|n z(blazZrqJ(HkSpYGgqsihlwDQE2*r22?a#PFyhUCLZCbnTC0e~?DnX(7KFEJXxQ3`veAGdc#seedLa!d|7(2s+rHrs@LW1fZn*H)K z8eyr1Xn5YBmmibU8S)A_l|QLJ{#kUf@d*59#|1m$4Y-B&!UD&|!gB@uU~-X% zk-tWa`O{!#um@wEeEobQedWs8O4%646mg=mTs=#irIw}Gl!84a&1FkeD$OQWT3Tu< zI1^pSCAZ6E1cf~y>*Eh-98D8l9x3iENxyB7B)!tv`f9g}4M83PrMCe6ZhnR_pGPUt zAO-y>9tN+ALUhzeyjjr@FW^Hbnw7`po2Qr4!1{N~M~<4aq<_Vmi^5NmHZxn@*`?E? z&xcQv@%IEe3~b$J*`n|kv8H(UhQ*_|lNafFZnHH{tP5Xyd{6lM%Dt%H&!Y|wL>bW| ze`W^*9yjTrh;F>m;L?KvCyKtq;Z8Kf_TBaOzT@@pO>dFe;lW@_AwjN?DMSTRFj>6a zVW%>+N~6-M1ew)lv6*dxEJ29#5|a)uc7@YRY$~G{($jIRY4|gfNJ0{4i^F4{g`$Y~ zy;-qiKne=R^W?8h10N}#Tz=QI$B)hlZzK7Sztp0r+tc^nwI%$XSYu7>Iy8Lj;49(q zh9Oy7TDBt%xN&?$omL) zdQ=`QRXMaw8C$jHw!5Pn#Sd`OR$V!lezU;i3152L5yd)|T=%??UiYamTddgQFb1uDWf|O{1TS1|-~1+&uDn;mf-7 zG*sV%kJ@@m{YbpSc+`R2r~`iZJXn-qNwCt=6mpNkOiV&@GI&jK)DJj1k;S=m0)`Dr zLINrNWDiPacZm}yc)3Q0)}cvM6c9~gFbgVc62l%Obd!zu8CNh~bLD3G$z6G}dh zmryi1GGBtz;f!|*GEKnXw+7q+g`Wj{e!Di&3pTyki;XR2j~sJJqTfrLYLpR+5ic&K z*9*x4UZiiyqpTPT3G6IC*o5YQi78SxgKSCC?~yrQ?@`KUnj5 zc=e9$q{qqCggg=0>K(dk!kh#5dt1#T^zlb7x21)fN&VSL<-5r}pC2dXJ4RJMl{vAZ zThH0u=dV5({P{J_Kk~EB@XY(g& z2p?WwJV37_cxoq?C(55qY;V;@dPcE5J10t; zWkzX})F}1&qcqVKrFKX3nMQ`zkmC`Tid#jL1@x^;U=4(TW#HkU2b_V+AeuZ_xD=QqTaY4;C?mNJ}70wksl-P@Nkjx3T5R&rp70T8r zs$5x1)$OYO!d&4qK|WRWh46(+Xd*6RmEuPBgF;j>lFN=Ws^meh(&Wt%Jp6*Dce^Iv z#7nnhUJ;{=(?p5x-)^$;^3%aK@i>y--$tQ~k8gt#qEsmrDp6p}BdRQT2vmz7kRPZu&rkr>%JP64Jc{QCIRI5EP zgLrC}pYiv-(%-R?u&M2s4Q89!taB z6CpdOArvKF1cir3PxO_bPELiG`I24dGQKT|TFs~+c&#|fM<@)xZNY{s0AzZ+pMgvX z&H$=cSZIQRP1VfRyrU76n$DWedLfnhwM}&cguB^P?E|`bT7{a5ihONLU3c0==qL{= zx@p_%R4eF8VYz&{V!iN+TxOzroi03^h^L(0&-Ns=~8@%X-8w`TnR>tC;^7+J`Ri_xirk1E=7$< zT4ciC;o<9`iPVB3avbC5<5G0kC8WW+CX$F~BY$qwsd#DZxyC2Ey!pDOUg_D!uDpC* zR-TmH*$hi#&o9!8F}}pzms~Hg#kI^MUbHX7M~o{-GPyg`7N3hpWN}Zp-`4N|v8MLd z$M5Lzj8J#26MMHdmz}Nka9O}3uIQG$+7H`IYHm4l(ZDHq3@%roA}Od`5EM#AsZy?B zf=4D3OFU}gQTI@nswb)|)S_B}?oKj|8tfVKdr^auF4@DfD~$%x#E+dAN3-Tp1`)0e zI~2iA`Dh0A@9LDV2xdi-S^08Q5gwQAipOMDG|5YS(Fg8oU%p&tL6~{|$}Te|6QjvQ zOj>#J&uxu56VpD)5f!5d6K;%&@!3NHtvOT|M)u5PGmteEwG|j$4MV^CrT7WxAOU6s zOC5S*F<2}KaR~{G8JI;Kr%qrS;&$oY)(LTO_5|ul3>v$eyT=6`1H=K!{)WEB!RCQ+ zgYEqs{Sy|(t)zx{mmrv2YNa*c!JxrWkw_Bt0nV#<=k=jv36CYOe~gZSq}c%8EXKns z$xG%L@B|6Q9EzbN3?uVN%XdkqO*_K7_8kk?tbd0jes+>1Jox?N?}tC5N62{c+=1{* zr_O}e?0km|d?Wlv_!!9{3EPSK$?$oI#*wTZ_g@Qk=pW1-VH{_nT?}0;cN^}uFtx^o zDhP4*XoO=5C>$OK!G8|BHfAH@uRl(dm0az1u`$Aly1v-?Apgq*62(lc8%W?uCL!LkVP{F&9Z87rfX4B@#ui_Od?%_ zdXrj5Of8)Q-6Iv_-ON-S`Fgv_k%RQ|_N0^?BhM$Mv>w|VVwBeh z%Q4~C-RZp3(_1~rIo>%*`GD?0{T$VN{nOeF`fB|J-FJF}PNVS{^%kR1Z`5m)rUdGB z*i?it^Q>6&%^Yw<-MpJ7p-=s`3BRW(QM|{2! z70HCq1)cc@bSj1AIEv-EG-n1hhcWctOYvjs- zzW4QS=I!zoSvzO>T~EId&J=69zw_X;#}oa@cTEYGkruNTwNlILrwG}358ggndQ&qf z@*VpTYmY@`0v_Ufi@sJ**luRT`iHuZ} zP|)AZ<+2H)tC=z(;J8y6fK-y|$npkEBw*?z>1>O}K>FN8!;L3E{)iuOg+JoQJ>w4! zq6cZ|aZs5#&qcGdV&|gd6zO4`^o&1tHndveY%EUN4H;^CV9;yY!S76;u(5ZKLAQnP z?Kx)DBfmcN!e4X68vT|Hp|$y~$QJ`Drp>K=?ojx*mE<$SeT)0IFYj11$`>~zJ@17P z6W$y?=DnG^g^$g=yL)!_xF)yloI2%L`Q-0$4VkF-HPSPj?m?|cUC17g{^*smnwD?( zL?5NRCi4)Q!Jjb_vXewZV60W_S{c=OF1m*Lb0yyzq<6W64X@{OrI*L%a3ZS=Cy3fD zTdw`arC=>uRUUU+pe(2g=m)R?io*(K29HwlQWv zbJ6lgA7C0;>4D+l+E3mOUz>Q~_AS$o?-Fb3wtX3{d*Lyn{a)x^SG8~F&;!z&T>k$~ z$ft7aLly-)rb57&Y6{r%p`|h3)Y9G=ZZ~!|-EJQM{fz@m{q2SoiWPb)FbrH|ay&_> z)EbRatJCW>7PHC3|2D1NS{*6aE`r^|sm5gFG&sR*fjw4SKy2!(fWm$8Itiji7ME#W@V^ zl%ywkK!aB+A_yYsxy!>JYQ)D^lZD%2mdFv`tsdi?dPjV{{jQ=B9lvd~M-6cfH%9zv zSOd_Tce_67xsjlKnWr-xJcyTqgAJ+cFBk^tF$^+d7*u6a*{dU0qp^`63)7_72>72C zibYa7EZMFJiosS=L_Mj*OR~*U=#yM^fv9aenCK39C9J8t@pT~J)meQRpU{~EHA@IPTEs0{|QUZ>R( zgF$OFnay|*Qc|s2(3n+fA~R64Qe`%KK#5YW6sT6~(FhieMo=l0fgkzplP zlp>ENsG*u_GWa!*YN=|!N>Ejk>Yan>YDzJtt`4eXJA#HDhGPc7fQ^DG55!xn2fU>y zT}c4IshHF%X6gPx+};+}@KRbw-w4m2QrM$EnN#1b z?k}otmfOP>=6~JD?ZnZ9=6IbiD z>MrR7oz5x5Rnv_@n|+zZ>6AlJiYm(~s8fd+hJfFjTutu|8d8G%^|~jJ8Q2;S11<8U z{c!nmGV}N6(>3`dKhAGY%1GWPJ0_!US)q)|TD0QtUHI#llCt!xB^R$0)So}kt^K)% zSM69^7JZb}@V1@5XvgD{pZitG>*h(H+?F*O)nbeD1q7K~N270Mu#r$O zeD~O`dv7nlBX``1Q6#%){)`6`L-zYVSTKKM4}&r;X|FSG=)nntvc``Yy)KYAt8b@G zbMBgXmqn*_B>PqOHEUB`W-nXVB{<~H<_}!1oztcj`Lc=A(4eOhk=7SXx-O7uX6MU2R<*C5jU50DXz= z9>-Y4z1q?G`)v0)_Pf8(oQOLS|F!w2xS!&`Nj&S0xZ^!yhCaiRDHiI3Vpn|+ain-6 z@ppF3pfOl=OhzHWiPERCI(2G$@&{^SPzUjNSD|L=$#_tLY{5_Ieu5Fw8WJLx33HP| z(wzt--gSFk?6vD8{xtClkA2D{$BX}@*9a2lu^P&}KJ>g8?BGej0KTLY0b`xNUn4eq zWyhp#L${U%!@s`1cO1>>`}ow&FHM=cS*)r5eM$EvN6N#O!pEN@%lGwNc=X*5-ad*p zx<}-Ka1o{60Y`(kD>cOJ>|pK?*W27XuGCx__Y8eTSfzc@@S;Pb(8jCA(lNqVaf)W5 zwnF=|W~XwOYNtkH)6CU;Lj_&ZVEqLB485QyTv$72N>9m3VInMrHEU1~yYV@R?oz~=Ia^jX3%Bj3XLe4=cN-Eg%rfG=CMEunJW&C;bdCR4^ALGwU5@d6`(;Zyw zx;VHD%A3<n<1M@vfX6F~RD_AHPZ85iB?- zMRXj0ixyXEZ!TAA)aoe1_`|U4Ustypad5_`Q^tNWt8{tB_Il6eDN|os|Ih<#=RUuv z_J!3%sO;H}>aKO7ruUA#`SywT4kFLGpfI$Un7$CNS*|+dEljQBTR7X9x;ff8dzuEt_i_#~jdu)jJ|KI*dX-+a8^A{N z+PJtLHXgzXHm826VU2+r3@pK^k^>h!C0S-h;ff1NK1rF9mJ`wvt;5Y9f%*eEoCXuQ zWpop_E!&VR4<@JOT*tDQE~a;@KZl3$^z^G`=~5J2AA2=jP+wLMd%GKRoMn?5gf045 z!6Nrcp)v6WB)cfwQ`7Y4-QR~V5zDDhiH_7=P*u$twy6FD?Wt+iZ^6SGNWZujb`Uq( z0u5;rJ{|tc;MrO;nk<{!Vf4#9jxwWrs=$+99BdD|EJ~t}&xp^A55`Z7e@64Hc7s;o z&^FPA;`hh1c)q$O4tGwXLMv$WP8G4zbc>k@GEl9y5KF`yWO0550)2u=&zrWlXq6*9 zcTzdsIZJV@7wqwSNey`6Dp3K399Qv}jAs-KEbx?ev4kH`3Z(C|$~O9PvvYIu_!$lLkgK7Ue_yC-^=h+Y*3_T z>Uiv!uxe4+xSUS?P0y)1l@480Hxgy2eYmIa1IiHp7Q^LWsah>snyUSluIeI-Oqm#; z*i;>`H1*}HTUzc^ce3=84^WR*UsL^V)iw7uO=;_Eo6&X2#{> z$xHIT*MFO2GvGs2o{_^^!C)oLK9C`k=qc0r= z>2E`b{g6hNdk-TQNixfEH~P3Hb~*dBnWNc&Wo~byTd>JCCu_jSns4BpCQ0^*{)R=3 zvm!nsVzGmUqwdB~uE@s5_kZZ~{>*8FD)2D9$LFH2<6Icb#oEL$ z|K6(Uv5l90xeb=VKi}KC`x`UYFb{9r+;#W$GtYpI-40W%jqVxo=z4!|r?_2wNSqRn zi0_G~L>`Gn;)u9ad{8esAGY+ybY6o_L0vov;5O>J3 z*(XWcO}NO^Zt66#Ca=T!-QpE#g{1qK9SVsjMp64};(O5j%ghjM4Gr5ALEGxK2#U2_ zP^3I8TKGJq34x@DH{@U~_mVsxAo*>#O{a!R78Nxwnr>L~z)J3;H{SSk^G?gkd%5*z z9(rMQKe2AWfA%kQAM7=ME^oZtxK3oP=KnB!Vr18{6B1)Lsty|do!W1&AmQMtX*k;r zw1CEkr~J1-iIL+BoUvJ40o*Yzkgk*_*fHsC_I)G2$B0Xf<-AX5F)kL{&7I~RuE%&K z-y>enO&WHJFByNz{mgjM_!0kK#!rPDyCfM{mSf1)m?*%7C zgM7)a<_IPek~s3kk%kfhPX1Dr`Y*ZLVd*jX5aR>C58-yy3Hs)h&A%>QF)+t>`uJ-! z{rpQ0fsv=Pyg-vcq%nM)6W!Lmm+T@ z+ze{aOtt&2!^i-OQuAVMBetzru zrRb%@NSytJe~HNqmhmKaQv9|11J&@B;S-f{3u>w8$x|WhFD=YB=H#1T3Swhvu2+$c z`7rra8O8^5(c;@qlgxV$czoOQa2`N@FJc->efSu{#9wBL5YZMEdCPo<@TUE96BS~F znUiEg^>ptH4gVo5pqr`fnkw1c*_j6x+36^E%C7d{lsD9$edjW44hQ(4&|8V zglE>nse;qublG7+!A6%^GFxOznTf6{CJg^g9Udx3vZ{Dad6*H;L!K$m5fA5KnT8yf zzOdNOSy{p`psH@*IfpbKo!F(0lZRnP+k|S)$5RxLYpPKjOOz=%6yG=JVw02tKix$ ze2*v^lzWNu3$UdO`JoC?GzKlqC62H59?ED{?en+r`TZAhAvVAE z>T7Sj`06Xr^|n-)D+a#U!OMHy|1DWrpq#I)Qn+??N@a@Fd2(q%eNKJBg#{z(c2#I~ zx8_~qz9g?lxJq8{UZ1x?*eHjUsC#4H5%o>yyPkJ*-z+@oJXv@`omE|>T$NIl)5NtZ z7jc&;>y!^nzb{BBCYuE!2NJ9sT@b7zi?{5UgcZpzT`O&sI4Ox84NQaGhtTJS>qQW* z^_ngP9 zVkTu{drrG|m3MpLLxqM$M`K=l;WEdvJP79Vf{tL`wS`*?j~m~z|Hk-{{5y{_k13I> za$1-sc_nj^yp9Pozm(tcyzlzR`i(ow*QqT8vHzr;x>MX+R|Ev|`2Tw_a=A zYUQj++vh}`1%+q%xtf!Ey6s&4piykogY-qZXM0x2Sv~)Owa=#h6npcA7e^nNDgMr; z#GWU|$9AQ{jBs8DuEG36shjuQ{nw@JcYpGeqdz+SvmX&};#P2%UIOme(9QnyY8_bN za4FZwE#pxggwr)zueVc;R_hI}5q;het1N zeY9dl`?c|z<7E8pvmdg1Vf=OYm;TLMiL<0tyhL19c6mvtWQ%yWcuUzH#}m~*WX+;G z*W<2RRsA!!A&*(hFiJg^JnMz^;(BSlX}!GOyg}F?Zjd&ZHpm;y)8*3@R62deL{+bumV@2c2cxxf6ya#sO)SZgnAStnHZWQogF z%X2tWO+hXRjPi@T?cPrBHQpz^uX~MFZ;?0Veb37kdGGNu-e;J#5b+}tKPe=`M8U_v zOTr3fNMh)Ir>l`Bh!$FGjTqOgFNhQ{1^GEVmtSKl%Eh^5UcbZB=sm<-wT~~G4>b?w zw;Y>~=jYawR^<@QUt52qo@uY&TF=xg7~?XemRU>Q%Q#mH(*gYGYVv+yyn`Bj62qUa z(jOO%LKt5K);vxpZv12>UC*s81^$W!g{2T^mfIA&;!s#)iCN7tFvRK0kkBJhbfmQjf2G=nvSt0c2e0@J(X_JJ zKQr?UJCPf0J&Yuh23Jm;=_CFn0BrR_gd>|J%p#W}R#_!5m8{9Cl%Nu9w)cl)tw|(;A67GNvr?_6w1rm zKD^JZJ$oWg3T(~vZ6dn6$SApAXzPnq-*U_T0|y*cm4y#Ks9X?wgbCh-`AF)^cg=it zb#*SGQC+N5RK6@DDlIK3)Au_7NMUoOu`RCc4ja3d@COBL&cDPJ1;cY+;YH;~H zZt7yV@ewz6cjVG(Ph5=LQ@PAY?nAj#xwE-kF2uJPgFxQqRK;Tu336hGHxssgoc1oj zGSFwYZ7uo>GoVtroMJIs&15H&WC(+g!O3~ZEZDT*Y5x41v<(>jAzVc{4WQgqO=vL1 zwr_ds>Rp|RY1(8PzU;EQ&zt_n^u^K6rUY~E%>FMgTya^~J-0J05G-QyP8$0m@It~@ zA8djUy~Nfck=bmvwTR$eH45aw9Gd;zemGO;Q>-ZpZ<0j}Qm zAE>NpL@FGt@;p>2mP;+DNxB%VkS@oUGd;qU;s73C!a`WwgeLF=GbwBmC!}q78*>|b z2YfNq<1^OJ~q&saiq?$%9-{B`TMirA`Eq zjlpksH5&ZjC`u4y`9#SniV|WOh^Oe@F2rF-(l%<1yd<&+8){`Nmk55pA7XY!JcRQO z_#rG{3;_8>mGR>e)9-#tMD}s6ccyoyH`nv=$zJ_sjZE-mYdI$ijU)>8X6-*!q0GLi z1EQSor6SLr^c8uk{%|-o%$3jFG8pR~XKp9aJ0?H6VK@j9u`_%9iq(ndbMqwT65Ca_ zyKStE=%-jz+^FOiXwj|zyG3Pk8W?_N%OG>>K%hVbDHlypB%_hmB8LpR)g_@r+n$ zvQ?r=bA_eST4AqsE=JAv3E?(j2m65hD1MB2%(O>7fSxiwZTT@o#lI9kX+0`3CE-xB}O{Lto4hXHXO6vXd~$kYyBq0fUl+TAPa(j^Z@?E@yP&P7QCxZ z_x5_g?8ASe0KJ~i-<{Vr!bXq(jm>%9qO_3@fyrmpR8iNJ(`HpxneWe@Ko~xj*<;hF z&Z^oE&7R1-FxInbs<8_~a$)w^UY@-31O>%itEL+0K8G-SVlS_1rFK0DlB6UZd&;U3 z+`^&RWBd3zf^i>O%sj32ltG?p=ces!vnTdTDyNe7jeF9se_CdbKV@%0)$kz?3>+== zaRH5hX*c^ z@UL1$tKZd<%R0mybFR{aTTM6NyG=r^{R*y!?=f9zc>wQ_c9;$_hvXldUa`EUyv@EP zzF~ex`9QMUjYd}6vNwu!)81-T$ez8`YF08E_KIY*GFC}>3B4pTiZ8Qe|B@M-ec8MA zMuqO$OPzLXUunKUE|IJOqj-Z~0z-1pZ@kpFmA+E7)NfJQ8<>(#Aatc|%M1Fe-_*8% zX;D5{VC71#Z%BiH_%N5Epmywg@q5f z-dEhB(8u>VEx4q(MfB%q5}bQz%t{`}kX>>&u~g0Ec??^Dt@xJI&R_4U$*=b9|9R>w z_|A9VZcTl}RN~a9E9x$6IFpiR{uN)+ljefVaI9UpExKacw$-t1+qP}n zTCr{0cCupIT1i&0V&~@D=hnI3KKsYrRcBZK=z4p;-J_oQ%&O6E)p*7b|EW*E)4H1( zUt@yWb*D|8lct@QtkJiQ@EvM-fsN+0XF7ky&%6d9jpI@TiOTx7~Txtf^q3J&FosP+o#-X%^m+V^RMqv z)psEPP$TdoC~e>BnZxs+L=^gJCQR5oNvBMi#38#h)1-vyCoRR^#Mz}2{=C^E0;3HC z4LrZDUC)TK$E=M@KW^vP4^M7m{tyPAUs2L?w>*(sjoPY7yLG=@oyw;4sAm`6V_=?E zwE{IteYxbffk#PJtEPUYZ3|SA`mPsc^PQ3D+ubtv*o z3T8?IVQSp`C(j!Z)3jei(@Bx@qq;n6n*`Z39lAyc!cp_uJ?#+wEiW{wBHj}hb+c`t zS!PoagW&gwoRqYkORoC1Tf?TB9iXI;->0pzxcvO%OvOY}b31hsM>#m2CdJefrv^;t zcxt90t2KrhXZHPh0>-;DBAdoA7axLC`{vTG=>zeuv4736XImD(=d(&5^oPEJ1i|p< zoIli$yL71rHOm3I1t}jS=Y)EtKPoGScBR@H6nd2+4nLuUARDnLLZ=UMp4Il@|0?@r zPTWBsd*mvRwLBAkYBdIhg>3Ss5Tg zWgvD!9X*UYxMHb63M-cQr4aj!d?$<^L+dx$l3J6hj2=uDS&RelL*AD|6>d6G%v6;` zPom;_+Dic~qd2=tWfJZaKL)vxV(MG&?{fq;l{ia_41ku^laB5{2Mch9teP{ z_4D{yAATd@t!my3@uZXi4Un%1;rh7WALvF`bU4nDPkr;XQ@Y3KJF+s&zL{{Hp56;1 zx1lA=2uRmoQpi@G_#>y2ac=Tv?uVGQ72xmBK!bUmliuOg^z2F)pYu_)FFcfGU>~hO zV|P>aw0`aE%lmW@>b>?)tTw_bUK@dXPtu#*zBU}cwh0!}lJFGDTXb8>a-y>?T&-tV z2fFG2)557b*JOPQt(u$hdfu=0#S~6; z=wBEZMB$oLqhPeSPBOVh$>ukxMb65Rg zX|pG&fIOaX_U_xFr5Ox8iOcuDRUSjm2&Fskk45cXtMocOr+=5^yVx=Cdz{aAUlHWD zxJu+u<6OzFzHY}mH{tB@Ww*Z$=9l6KJ|GeBe39&Vygq7|aJt+}cD(Ktby}?1Yqwd8 zl6C#RCe-aXvAY?y93)S#a=80AMQ&3%*S-u^0=s1q2R;V-J_RAiGWh@cI{~i$UUR0e zzO3R+-M!zzpGba6LfjF4&~4QUzA+`1-pJwtRE^wv?RB%MZ~1u%s^M@ZE!Yv@Xp5(Jtl`=;Z$FBdu#mQZ2|FV5NEfu=5oOkqoc0V2p(9j#(>|53zk7y?%N_O zKbwmz+lfh|U+x6de{cZzFrG7=K zpb19YQG`R;CP5AGOk5Mw1YwDx{ysWm)tl|aY`WS+cd%6(ejMBgm4_e&AaojH)ds)vRF z@*oD7Sq);)Pw9SO2LX!qpU5$?0!+UY#3$~4?PgC=2FoqWJYuL7G_OT&HA$}BdKQrx zZ-rm&Nv-!0GwUpw`}PeIn;qW#{rl~Q7+kUR?D$ys_s}r_;0*X{mi<0DBx(ckq3d$X zQ1T_lH9)Zsq|ErYj`v5 zHz3;T@_}p0beWNGy;mtbR)If%i08Zs;jBIY7hW`6w0TRlbO;%xzPDhAym=07#Sn|N zy|;A8%q`~w4X-sH8{MOpz^#}R z4`jx$Xe1?oJ8QbKU|H6a|ECYFnHCIW#jvXpA*c4DyYiXHT9W`HvnRLd!(ZI4;$%Nx9->W&_Sq3llU z7g~7^t?oUlcH)$kX3rEMp$q|6_yM+GT{yPC7#l{}jjdB__)PksMXd#`?iet^_~Y16 zOE@$Uvbhe(0*eme-QTEkIz~oR*MTBvl*tuYp%r;X%O6G&=6$&Uj7vpcI!z!NGJ91Z zOAu2yu~iG?8Tlr%$dTi5kr8&N2QkV_3_09SwH$5Ed*M9%`(d-0@Dgg&P({|8$Q`)3 zEI*Fs2btC+<%k3&X3)Gi)hJ*~a$!TbnPKpuctHZTiA~a(n!^jm@FE zSIJTC=rkuitblBgEKSa#wZ^HPOc|-nMf`jfX9aorsMzn{eEJj%%oGU)p1;F(@$e1-A0goY@$t5ShrQ`{jh-yy4D0cTdC zFkU_3&X8WtSWlj7v6;cQbT3jN26Dl(t&7dvgInlw&MbY{k?&v?GM_LBi*ng5{s8SE z$j^?r@cqeI?8qp&Stg!6$|vMXDP?QnWy5;9w!G3*EcR!caM_=DTg|0oM}K1lS-S%> zj=B<5Mg-iEi=f$)g#l*OYVM+=>RORE{^E{Ls=&EDBfYN!)^ z1q4l3YO|_5`>_o>E@$rP$MP1-ScDxpWm~w54Qn~bx$DrmBa%-luqfzNh|S^16IvWJTJot%(Y;|#uFES$=}b}_9vO}<3FZiq0f=5?&xNGrC^LTz}#sM3_i z-ca`5_d5}2SgW>f`ew_EuQHz?GsUjf#KvI4uT$`*Cvw>v6~%V!;4VF1JboqS-1{1o zFq7FW9BqAmx_uG!Pl_?mBcAD&)o3p)9;O=l@)6GSDR%o@$(TBSgLM~G3HPjsS{-d*NR>MXlDa!iJmzL7Qc zw`h$t@zkEnTzY)#4_+X@(v?kI6r=cS)Ek;^WEEcQix;L^$t}5g)S1CuS-F|T zIOT2-On=XhrqpaJZaZ1OubM4K)Dk$Of7;-^ila`SjY&zpbtFo^d6?M3oaN?=#h$2x zSEz*ZlLSATKl6rX%wZIz_UX4(9WFs+39RdF@u&G==dn=;ch)&RMrDt>*W$9;O?!?C zM%`_BW~XZGF?ZuX6U4g3O`bkFwCX!PMhJDbWrv_K#RgV0N$0x&5nCS`Ek$G+@~Z5& zBi5n|bk9TPafuksv{X` z*z$XiLR1{Td0&7Arp~W(Cd|XwqQPFQq{djnwajf`Zxp;~GHwS`+$n2I9^T8POXb7F zIbVR!QzL64@$dVyU1@3YL;EfdGD^~cCaBWsde;_c6~3UbW@LVK@yaL=2vp&`>YtJM z);%)6rVniMaw20xf(oA>T0JR9=;GnTkrhbjVn@dh9|W3kuvN#21hJks3NYQsQ!gW% zSgF%8iAf=!|1z{_t1l_B1HwJGULs3~=p^UiNR}zL7K&8x;aTcqVatXUg-U!b&V&>o zp+rC^|0odgaA?=kMMi)iwnDT58+2gCjt*ZcXs|Hg$d;%aC=lR5lo1LRVZxOupD5_B zhkhboUJJku(-S)=_*4KSOAH@Cu>!X0z<+#cI7q-1~fdI#7b!*;~5&Q3&m;g?|Ux=~% zB15jmPX_~l*p)nNXy9Ohf(a-GvNFWbA(2*~6lcCz0G<^KXg3Z#M1hxq2`Q)zE__%% zO6<1bAT4V%R77MLaT4`h>JK7u$T$lQq4lh#2l9d^j1Y8RB3D|Z^VN1NY&?=+JQ(E9 zDiB6OEC8_Lgo%g8&!6}Rfm=zDR>Y;C^)cs2I$|Kfffs{A0bI$jYSuErCm;L65~Kjh zPQsdSVU);(en?oj%KIV2q*b$f z&Ib8m@U*CsA>?8CTC(EiPrsto=yex*8k>YKyCpsbf0ayfccxZJt5s|E`aImm*)^G@ zc7_X}TFRj`APx)QD&!O^jmJQk>Dd7AF|jg>KM;>8e9p5}D2$DZO@CTY#@N}k=UEZ_ z2Bkz@ww{XwSTL&~z>W$N751=NA+X>;2b>STjxPnLPBeiFx3dbW06+)fk$ibDPdHdMeb4z7Xzp3=}K&Bi4D_(31Lt*Bs!$sb{5 zqO^>vcRII@r|4IWn@$p^(LLXw5ab5Z%7ht(aDh7f;JElJvS3Z4n83xA2RCz0W{dME z$%}9TQ6u(~vnjm*>09*R2;ihJ7Sa$Pc<4VZDiNMxnX?UzgM5V|)s_rx(Uo2TvpPN) zJ@K@<8ytZ-$G$ihalE9atk!O?Z$OHhhMTs!D=bYdMQ>tBmWgX#S&@^GSrSS{NsX;I`2Vbwr2)J1`NgN#-a1gkJp6f^mK(luI*d5U2PL2_? zDw^0AU{S%5)j=V2D-1*ZWXF*SAy&YCJ(V3-t(g(m!pSbcgbR)YVUoeqg#>EALcfD^ z_&{<6TX^a!Z<5dr;oNb&PIt9G3yyej90G(qN*ZIpjhR>YSxS+E|#nT+2 zJ5{x#ZM`_y1a1If6F**DjU(m`A~Z#GdK?kSWOtf_LI{0feCO%u{@3ItrvF}Y6CpDb z8zCPb^#2!fmAGpcOo%#q?F&uc6)mRl$I3{iavPc9k;2*g2h3QU39+Ep{w4y4ZdQ!Q z^pj&R!5)!qmvLDN$yry9C_-F}lr+qwPXq8c)Ql7bEr}A8yXs%M(gD&6gr|!GgY$b1 z3RO{w*L`ygbM;2f@fT18$yYNnjgncDyX8l{Ck$gh1K>+Y+4D>ZOx`n7K-~~1X>5Zn z#YeZ(#fteAT3!`UqUf{(yHRR=x?lj_Jyv4Wt76jmdOQ~p-Pg3UOpe%J-ZhP!H!CS- zEr=HTLat;*R_;2cUxh|w2$dEI-ek%C-EX%M`E*WC2_kugM&2x07L6d8W6u)=MH!B? z103cSMm%FZPBEuond7ufED0Hh_#?JJ=bF?^_zQfA?-JMHsPoL!F z?GOPV0suh5$caQyjUlw8l+;n^G0;}pa~qv| zz%BGi2~zd0)~XHzC3Z__=RvI^^Xl5sq<1;q=E%V3o7Wd_-d`_%ITYqIo-@2pJI=Fi z*Kk0HKL!m@Bz~^fclN4I`*or9^MDDg&)4@3wX0FP@$ZL;aDl%9jbHIEwY*qiJRu+F*$_@Z ze&>NvgKWR%?x)U$cW{RHP6`GyDFg( zY99*&bUQFw4WW{iHkFCSi(8|i_yrue2cqvkF$1&q2nRettDp{`YDqOPgRFu&baJ1_ zydVg|jlJZRXG6t05KKH_{^kWsy(kYlLpm9RF94_fVoA(`ek)NYlR$b zg!q*Jf>Xfp$vnI?+L{9Iv7r_|w$#(bI(bALQd}r>1Uv!^cnO5pVd#KyZ$Kw>ac`eS z&M^$s%>;qwlZ1L<2jPBFpF9fTzs!=<1(Cj>wg3F{u5RZXwEhd3Qdxdp%gTW3i9fza z!9Ob*u^iRSQ(<@x4YW@!?&mJ0Sh&r|Wsxr!Sf=`YUBM%E;-;(vdrzOZLqI%*FC5m^ z)!@^q;;xNEaqBK(H~B7D$F1}cjTV0o0rW$MHcj}M5k9`Zu!kJrb8RUgevfiqc2Jz> zkupB)ofUKoL&qLCmjD5&Tc&jrt(iG>{>_=_-I|jJFrF%m9UYuB<5rZ5nJ{UQT&1l>l!&8v$Xt1z zQcJj}u#@Z&WBK7F#FM}Bo`Sw#6SgFO`i<=&{h_&2YDkA34j=a!IYOw|J^iu+uc1d< z=IkMzH~)GZaY}ol48jd@DZ)qd96W2MQ``m~xI!XqTCV8;<87&v|Cd-)|{v@|A=REsnpq%%9mQd8}_wXN5;E2k0-ND z8ZRL1oinXXdR0k3F(EBLd|Vfj{nsLqAQu??nP7STQ^)Oha@xqb4z_!(3ta3r?5ct< zpMD(a_9vuz6@0Dp9y}vNTAABSk*6D_y+AKd+`aG5droMWmko(W;WMiAd|r@9EwG7f z!i;#y6Sn%O2VSsFAKrays8Oh_n0;f*iR4AjpH)jp@c~an+2uZ9nuBg6mv@lUU#zi{ zV?1J9w&c3bp?F=*D%jBn!kq9g=Qan9+HXYa(Wu`2o=(81i`djA6w62ST8nrl7hIKi z1i~rJFiuB#$nhX8lj{8(B}uoQAoHg~Hl7*fW7@?@3Y6PGi%^?O-T5^kzGj0~%i!8e zP$K?6UVf2<&F>Ln!a{7kc&^L_qmO*>|VRW7u~U z_e6V~tXt4&R*(9Kx=tfULSctLK5~HP8Yg%$KRML&?BGm}rz-H7;^Ib_9rfu$^TuDM z)eBzhL7gSizTpjC^=+_MxFksA#X)$0TY2bja{h{xCm-lSl_1p9Z0?+f$y4A0non5}hI{UAp zzPAtKc>cdf%Kp!Xi?cl5dwb5aeK!XMX?lLgsvegQ>^nXeH+j2$r`u0EUwh+3n}Q>A#99G9~DM4N=u35;JYx3R``_;31Q(-CZ=*pgyV z36@8g%CVNCutjt2TkV@`wp-UK*@`om=84QBobw&Dkz^H;NRkPX^O8l0qvRzNDdfv! zo=Mj-pR%`i6ATpoPC+?yy~cq*_yvdXSe_&wX{UYDPkN(HcF4EMifmF&Cnt|^M(wcQ z(5CTBhq1%bxi`lNa^GsNr+Zjf+Hy|f2y(j;PI?(w*s~RShXe?3hy?n940J6^}*ioST99_AV1b2%1#mmnOPPa{5lhZK#@ zHxN|6@1+!NB)ISF{{2k5UZnc`*apSBuJi7D{D^sC-t9Tw#@YQm*k--AezuY4p_CvwL{OnZ>;2q>Sj7Z;H|-h4?h2>wu;cn`8jt1I-_3>p=Go z?FZ*RB>7tqk8MbPAJhkGb%?zlZTg1K2dHhp_eTE)Z9Cp=0OST2HvqzrlcgVS4w4}N z1Ag%ChN&Aee2?rIR;}Oq2D%#>K@jB~#V&+>-_-*obKl+pw>B_k4j5y=N(0P#4_*W2 zA|GudACId5WJMU`J%!ep(I!B8PiYO(*MUL@K5hOx<@y=@bzhMu#(xyhY`~$VD1@~; z>VBi^gMg;O2yAO14!1joa07`y(zh3m8L9ZY-{KvTKTHsEkHQ0%e`NNi?wOq@?&F!$ zFOcF!`W^ZUrf<}KoYj7R_b^k{djc9#k_mo{=89o(_`N&&UQ1KcwgZu~V|)2Kot0um_tRX_p<^ z)bQicfC$}?G1Y)-W}rhO?9`Z3ZI7pV_(dZW#(_vLAbQVDCkDTIl&l?Hk;GODy z5_7gVlaL&9%~#DF}O4DR+ObQ^JF1{8Y6~2n;AN$BF8U`(D(s?Klj^0*)@yW)R zHaq0(YZbY_C-JU6tQ&ahc9zU9Yxoz8Q7kK$;a8NGnMcp&Ug4Zl-^X@67jbAcuCni_ zY8*+s&l{Mk4x!}BOSX2zuRO^7?C=c@5QzQ_nMia20cJMNoA}ClB8uqTjF02G;`XUgyl&Q5AJA#D9@>=#!O- zgEE@*Fe1cj%0PykCn@(^AgP9DHuMFyd_PaWxs`#IYVWJ z+GAmBE{OnjmtsB9xo-%i#QKEJ7-RJ6G@UC3$L5sgag3kCJAI=-hl5$cxn`YGHI<;Ow3X&nh{Q+%as-5@X=VFp9-j&cZ`qSG6I^cvO3T)8eQN^OZ{H zkTR`*fV2aDY!ZJ(tvxr?QA;I=j>+rnBd~u|I-G&bNi|Ma`fG7f`43Z+_qo^k8*o-? z7i?BlSzC2=Sxb4G`~?xpBN%=U+km={Zp*CNYK-#Bb1i2qZ!K7^B@{6wO?cAs7&N+< z5VR~5Sh+<$G*j1VsP^eor{hHsS?&iLmz}Nd@4t(sstW8~olm${cYoN+iDBq*PHx$Q z`vkF+G;bF5MzfF~yMWjt)ieRa-ogYyduPHtAz^&zN9&;Rd?*&^cY_pHf=|4UzYn_J z<_>1%x|2XKRwf{=rZf{25J zg7~KH>XxBoAM5rhSNk%HBtKPgkDnP1C^!2Oi)j5}#4|q4;+WoLab@r8_AG*SC+9u< zNyN`S!Q*Bg7)~v+`*Mp|{PDyqKDFYM-X}Sv9#SyuWYiWom(IIu7E#}$M8fy9g6RdGk&PMuLt>y9W__~VN({lUcNKb_)mKkqoB zZqpo5&+;Y{w)w+Jvig#XApN1l)%+R7_dki_Xs-kcu52{3Q+^X^hyePiX&TxAGz}33 zdZKDZoPiC@&Sl=_$8wy`G-5j8n{}NZmEpBs2bF1cO0Dd>JMRijDys_{gRKlBm(umF zjCOV1J+}qFD5&*oRa$5Jd_RTnN-kB~)Ol6NrnflkNvgVwuM$_Ji&vm+w&OB3FIwB| z(hP7G;=Q#m*uXcLzT*j1?W&3}mRHX0OkMFbR^w_yAuTOk6ylmMuDT;K7)A_+Yln4d zyblHG$02dr$EVpa|B2fpiqG`1c(hlCH8h8?|n(-+@Ew_kV`b7l*!cpy6$P3fc>Q8}kY z!}OBN(PLAhN9zmc6cJ8P>ttC{ic8~NxIR8JOZ(!9Ko+Em|& zC-ZIg|9k{sw!gmK``<0{;fy7}AftQuaF42_eUI)2F!nG4x;m%w+0*PH&`9-9($8Ir zdz{&nCeD{DTJ{DB;~H9Keos%*STP25IqA9@+LJf)Wy574?qaWQ(DUKpU7GuU>V|$1 z@Zp`k*FHiG_(f1SjAQNPza20J9pZwYwU)joT*bivk$y5L*3Hvd1MLSJd^WtT_kD0m zxK|0g7;nM|w+)O%x+B&WaWB;j^G^eHR&7)4;GBWGl1cs{%piJI;|h=8Ym&*9dCKhi zD@$qS=<@Xp@?+jVxNpD8gL50b@HgLl%;COQYV`7gj3|*8Lv?}PLUjT=MVt`Z$G|lU!wyLpXo-0F-g0Ol}mUkM6_rp7EY9s#)kV% z0;jDor~Zguxe(c@CO=*p7DO1P%*e!CNC58Ak| zbx=!Lm5mxC>|i`E@lx~X&@IZM!}xkzJQ)RK4ztu-FimA!dS5G;_}Rjl6_+9KSYOnY zoMpR_x!)dj<8u44KA&_7{AKCbpWi(u&~b7?pLW5&B%ht%!H0827z;I2(ccU4uADAS zorq?|k!wiV;Au6}ZnLerG|Mt`9{x5tt)-lb*1}yzT}C4lUP41W)IhdXN(&R$9z?4J z%1c|3a$c2b;x+cZo6gMqysw_h%+|@y=AK9?wyH>?ICa3W_#Hz(h++5a@yT`=RSdG) z_xNHP{I(Xu@;L0>=dmB8Nt5ROKJP#44&uK%S)+r+L2j?`DU#`Tu;WIHEx4$tRZY}2 z6^0RR$f9XUvjyv&A3x=e$wzi-m8v0KNj6IyJhJ!LI9w_E$RW2*(t&o#=;;89xhY2C zDsGSllCc_MW*OP6lsFTcjy+Hen3UU!eY^S58#<-{#$zV9LdKmPL?x2_5%p%)+1bavs`j0Y z?9aRuD(q%db>t>)V&}#?Bh@k>Hynt zeH6qKd@c{?^OkHIPe9u~Fs&&6daRrEnKhRpC8~6hE2o?p#PQH=*=<`RtP;^U8Mee0 zX>(NF_Wl;FLZMVizOu>mk>Z=ASLY=PzSKn{lk*==H}m_rV4Lv9uOs(ChPZymV|wh} zApa{cHHW}4-ch62rc%u^4YHgFsuiWGvCgrLZ%M4`>T`a&V$;l{nVMM;H$Z)mI1J3I zYi5Sso`so8c94a+bm0#-l6|UUbeQ%KqQ8egfKjv(&xn$hp{G^kFO5vC%0?CG$j}Pg z%#v8H%pnua>!qojX~VT*Lk;f54YH(2SNxv<)$_zwiLR2iV&g<;r8KC9iI7gJnc+;? zZ*gkYWBRKMglxEMUS=fobtb#WT8F zd57*g31QrRV(iF&+-#l#UD|<>%`nY-=IJ#o{B>068rid9i`3oMJ{b~FW85yMSH_qW zYA0wYvzEfw`WYWm6(mnNY!z|B8uXBak2!Z+Lm#z zK-I+LdI=bf)1QmPr<5}4&q}r*kMA*`*)~yQ*_qh*#VxG&rWe-;=)BEcf0CSGyQVWp z*NuZf>A9Z`!MkksMv7Y}S^r?#$Qvht>#00uK`>y(m|Vm9Sd5x9-=xDM;Hu}LGhSYr zzPHI=&0~+05*JCbg)-()O(C19sZ3Whn!%m2@wh}tF?@h-8^p&1gnL9!QmZKxJ|BsX-LJI9av~muR=T7*j~(pz28+_NS1)NaZjpQ^b~>Re0t0YV6j~1+Ew%Sz|`AXVrTEx~;+ntNKdA{GT8|s>05-`D>UlZ3})wr*>eM*HqN1 z=|mL#9>jfFni}W=C&=MU|9~#t`(uJWB$P~{L`QR1)0X7VBs^&#YDGNtBHNii6P^phVPm=6k)wg$7`&ezXC-YsVXi0^Uzw`` zqmc}MgP`AUO@dfFm&JPrr0?MT)H2XG=;KpiEMg@&CbthFMJwco@Gmhod^d_V?lv|v zf1%T?Rl8qkKV&`db|#j}&r7?;`(-Yd5iB8Gpljf+qK&yUm~E5GAw{B*8CPJB9FL?7 zvyRwCZeq1@+v#rwawzNQ?~xet$+b^*IN-+B^heQ^A%Hc?t}T*JnLFFgyIFOyLMf&2 zl!$0nE5KE8spnPBE|Xa{>=e77C6JTSy~)PW#~*ChCChmWEvW|lrzJXPP5msK5>eYW@X%#X~gHNTNjVdjRC%EF=^A0p3cryHTO z{4Jmi09>zgJVWf$F#DMM*yPX5+_af=4DJNUFk6>mt%OuQvL2T0q@C=YoL*L4=~Gij zur?X5_ob+L=6+Qqz6xR|FWQ5Z=d8o0;ir*F?L)h`O_Ws(iZabo4a_<8pqQGePL62L zJFdHQ6Xx3mu@Ul7(Nk5jPFWRDWOpU{>&22B!>*ynP|2UI0`hu@VZMPBPaAk9w!~X* zSK`T)Zc%(#fK}cKo$nFGpKBXLmoU<|k9j_?bRicLw~s=iZ@G*>yS#CN|wB_PE*W zYI1!`9R05f%Tvm)IGL(yoE0zWx^`ODi;o%(k=;L!%;Tq2k1nva{X2V#{&HQBQQyf^ z$uDMX!{hgzAy+Wm$hQS=3N~uf9qYP*cBMe%=cFw%lFY<#@$an{4W4cqkf0$p$sTXc zXMG&ZP5QTpsfU@{n$$8Qye4j^Tr?YNswpa}nJF6X$UFAlx+s$SPgC=7%5M0Lx!2t; zYVC0>mRFwbxvE>7XgF7L&gvNH+1N3;XSmA7sw%5WnjXJnCP-0$V*%t$WRq_UVbzgj z-;zO~g`4=KPO&JfRJAaLC|!fJoXB2Q@I@aYWAJVNcyt#yIdGeezx7&cE;$hFg0;;} z`~@uIb1!v~v_z~yhPgb3-!6tBkqK#xqc_WTm_@OcWRe0Nz~sJ%C1+5n)HN^7IyuVK zkkpxjQ;Fd`CXO(OH$buK_Uhr3o`|$q@d2I30XB8IH9rl!#!#iw#vyAX^Kd#Q>ZGXn4r3{ z1}UBRKIkaOv~*vm?)R=Jl#cGN1ZZl`5K6&z(TL9|ucd-0d%taACPZ>V4ekAzI6ThB z$ACB@jB9r|pXXEB8WneqR`$4q%fKPPcl#qDgR2m};M;oO3zT_xF{%|V;udWkTUj;* zvwZqrQ&Timl{>U{s)_KL_;x2*Ne+^^6By#VIfx5Y6sD@9;D2VWBTKyquNOe>i>in~ zMr}vGk!6-KaI+Yfx}P4#vlINPNa|c9*yg!`;XGuQ7fF;mLU4<6aT+Ap{&tVlAzrL* zP)j|bcC~et1S|)27%OmDh<7Q?vy@uH;-J7Zpp~F+S+3izn{$p{TT14Q8e0JyVdGVi z0H*VC*2`xUWfl&^CE+Vr7Eso4*YP|7N|7<+I9wvpLrr4g#7=FShVjJeDp+wGavYV! zG4+tLxR?{nXR~uFe`VnK4VK~Y97bBY!>raWnss4qQ5BSv#xB&aikH5w`(y z*vQkDnxO6Kp0?XOEd%c+w7EZ$R$I_kTjI_hMO2jG?FEZN~iD_Yg}e-U1wUFmSLD)$fQ~#t6zALIvVde1hFxWM6v&cqv-C8uNm}JJTDkV zVDtn1nAXHtU zL7d=&2yk(G^>3OADB$lTg_+m>X_h~*g-AEgYvC7>Dn3pr!X9RkVx?L2oJWWJ(9%y9 z1phgkW(`&Y{aF*V0_xwE?<#nW(i|zaA#qG6K{9M87-42GQbME^glYpde+!8f`umbd zD-?4Juh11UIzH3_CC0QA(Ka>ykei4LmT9@blTHD=zdHm~?_Ldgfo4szL;fnRGHLkYWzT%S`tSGUX zRccs5joTJ?t=^j}-Z&KWHh1*bHWrU=n8z@c-Lg4V=bLg*_;xx+w$^1tG1Zal>qAqw zU#W0b8_`U5@->cS|jefj#?2~ASe~4 z=+j+MH)o8SBUx$nX*XW4cBB)bL2bBPmVe9&xrSw6@}qu}AJigqea&s{UUx{uY~e2i zUGO0_p1t&v=I!@s&mx?$=5FAGe)@=7hkSy!arrV3?_ek1FFeh0SpTlTD8ej!Xr>#3 zfo~J%6=a@n(0UHP^SE~VyFyP{SHBlUknJ5hx02uHWwlOtgfkqY$EcrWv9G5u_o0U5 z@^fjJpgD)g=!lpxoQQN&*sCpxS8L{mAunUow&nLSt=h9N*IiqS&=V1rT_A2J;onsH zgO-Sw4!HA?sGuD?3zfx3ujtrB2|(I=jz~TWu-B->zQ~2&-Lh4+oCBRhN(~WtW(_7 zrGOi%@|nHecnB-O75aCLrv^zpHnO*)8xU+$nc>UWK&mMUm})Q@e7$8b}ycxR12!XpJsI(%ZGe>5n1 z(l$pV_-%F75UrD9XPB!)IF<^5^XeXCNEqkhMWcist0&0-U{)3&Z3pkB?{gWAK*{wVG+Khj=fbtR4idsb(YrA?6Cy1dR%oOvM`#~LwYi6Yw?U3Ra20bydDy8c(? z5zBv1c|^#}_D( zT0nmrxB8pmvR*1ziH{Yzb5FwK5{T8%(%vmg?U}d7WRg*-7rEfW*CLmm`j0`ND z8=9F;c;4^VL^sjwE?e;pfkf|A19P9l?E13ioL*T?A;{$8#cQfMf(6gsFJ!Iy0plC4 z^{Vdhb-G>~fAa9DgYbyTNyKKO(Uztec>4mWjee?h^SmfC&YkD=t7_I?YO0t74H^WrbIP*ogwW`qvy23LjDCM(i z*N0=yLi|>L*#nBO|7#Ce|J4H(PX|*%26-bZWf$B3t@C1J2e1+{h*{dWm^yvG+Zei- zikKSPn|$9XN65td&ytg~3n3#r%YRaXjc9DzZHgiKUaS8xzRh3WVGuy`1*X=3%s(FSmw z^1(26Ju!8&dUUx7@JXgW1=~-&_m>`paSF6#yhYR9?*lr^vv0)Q5>fwKXnRDBV+x!e zUInYJ>qV892GZ>_`mu7CMj1a4Pp_yO2rn=B<(xTNNCnCp@Z&>X{Ku95E2~c5{=+?r zVzIxQK$H)beNVSG2Ej~Jc|d#- zayQ#P$#F?9XlHpbhNY4XXTBi{lZHq^29)Xjp08s(Kn60+7G}u6ytvQ5kDhIsC=b>r z-kHcCUwH|}IK#YKzPIbXZ&ZDvaGd>Ud4L0Nw2sj)RrU~z9uMSeVA1n+|LB?J*LjAJ znV~0u`Xrq~GvP#H8Zbf)1rURj(`+`|`2x2d*qa4L`75p=og<=$;2_QUQ%UMqx~oGG zuq)|<9FU>41zbg53og-d=vu4V~uh5bp( zWOu2A4ehA4Z+CkBPZ+91zgA)@N~(%UIA$h*wC0*onJ-3sNQnT6K%2*Kd7482n?*6I zDEb71g$i>w1+9knP{4@}XXPA{xoShRMe(~Y_O||$9Gj=)Wm1Mq?%2?=1u{mNc@9gX z_o4)^T#?!h#=%c-ws3_Gg$jia*rmSUWB{58w}jBEFl6vEGRG`G|+P5Nex--Css*t zIPntQA9hI3Q$t+FvH)iV%tQXH4oH|$G)4l+l&V?WQ}z;8<%q&koKdd&S)IGL4!71?DGH$W@X$z;COg?a2KEdAzJMYrhs>PJ2!8m9n|LRsVD6c&qU?P9 zVPx4*)um)G|G;d*UhZ)X$cgKE1jhK+}5?dlMVUwz(vt`>f|+|i&mhW^?dJ$hulH=DQovRw2~W`;bSjH^P; zUJj+JW?Ey9#2*jlo6CUH4Bfg}`jJP6nLVKAVd3e$5X1r&2t<&G4FE9=xWfsN&T7S# z*jx`%JzlJUz}@J`XMaZ$_4qSMw!FeQF7xM&>`u6uwor3{ipksE?Hnpc7wtLp{`iGX z*Aw@;)lMODaQ`AQ^IOGXHRz~wH|r?)0J3%X%Vy#QWK0ocZ|VowA#&W*O@nNAPHBzS z!qtv`DBF+cw_VDyJn@!W(U@Aj;RvNQQAv8m-c%%0dL_P(p2?6X+1%n)FV?P?+|bX? z;m?OB{%1DmSD>IbFaggoyC$RIyD1WdHV0^E9s2}orq7vL_Lm$`LVFTV%7}nPE}F25 zqqmkN$YcajeA&WzmfoJ6_`(Z^;%`T|)&5Z9zr&=_()^nlMnn6i4NN?`$ZWKZ4HC%UcM&@>^`O$IOJaLfus6uswSy=$|?5u<=tgQcB zeScfo)yU;P_*TZ!&YF2s%Qq_PKT!WK zA}cfdKUe>kh%AO|oL=l6o=#r>F#f*)IRS*M0M37EVr2hcg)%Yz4^-&D`ecvjg^Dtf1oy7YbO9FC#M6egWLCs{daBuv74-% z|2i)${||3(8BoWztcyZ$5ALqPT>`;1xLa_YcyM=jlHl&{8eD?A1a}D#T!PDOverI# z?{m(2_q?~)eZM9$=BTb3^?g+}x<)q_%irKHf34$-!~CHl3pXdp-=p7OdgqIJf4b*C z;PAJ&=U+R^i^Lai`BU8A;4XIDCdSrIoc6|CmYn~(cr47^By8MVB&?jj;lRej^Y6N* z3zvz50kfkkH=DWnzsdqYz`@P~oB`niK)}Jt^6yGAGB+@?GI4gcF*30DS4l6V$;JV! z+aHX{#>x5b%5pW~F?VEfU}m@H2K}onz!}+jSYP~|h5HW>Fth&+-p|2d=V<5(`e?z% z@t^4Ow|j7Kzu52(^*FhhfnWYjcDCeZu{5%AvUB6McllQZe@7r@w*M`UorUAym-pBD zy>R7k^;p<|pZ*Tr{+hd9+@Jjq?qX*HLhIi`T&9jLoGi9ZAbUe@o_{svi)w7Yqc;op z3kW#bx&8)fc6D)bv#{lK))f-Uqj#pRl! zZSG+BpUC8elY!jlg}r{$GAHxz9P{5KlfO=9e*^B1be5IpcUJlLq_cmGIS#hpIpv?Y zdjY}UgE|*01A99QOIJ2KbE|(v`ESBx1#*->^L2p6{!M%Sb+Z1let+cZe}>h+B~|}x z-2i#)fNHGFFCl>a-`DJ~59Qh8FPu<74E^?EktqeWbG#P0)zym06jz3ubdMM)ewU zUQ^q>p<0liq#6@a4UFy?C6H|;m$cgRkcF zw7-%1FkM*K6GMDH-pqLO<@q2+zJvHO%2BJ=)$`6%lJt3NKeNAsHve!fTK<{;;i1l# z55nA*QA1h5CGKZ#GU+snY;1DY7p~iwF`pcziVm-n9w$;ubUaL6LZ>yK^y`gk|27Hm zT)w%Yhoq= z`)y#tF%W~P`i|hJ6D8{^ew6a9dn;h&0cmXHb&BcEwDYov@a{udp)^9uOQn8u4a#Z~ zwvS)LFTVEWx5$a5=frRwM*kpKg#BhL<5#EZWQS4xep@GMiZ50Zv=dZcRztWL>BlHu@L zx?7tH>pPU;*Gc!vfP4HjmKxRDn|v5gf{4)Pga~H^MN0Atn&F0RRj140(csrAnA@ z%*9e;2+Z0gOc9=-&_Z2ixC7op;S>?7%8IbDYb=IS3(e*g#a{@4`8ZXc2D)dJJP%tU z&{D34bC=raQzT}9wH$F@heR^sQ5+3rr5%{6Yn`>v`t6U--y+kXSphA1z6Fit@8`?n-7@F5kcP>EZJyr{EVkQl*3ESf)Bp2%f(TciwF6I z%>T^&R7UG)i(I+Y661cYc*6g_D$hSRKE^*G_iaPzVg9mcBs?DFY=YW-?LPCHOEwpZ zH*B}9(}OHKKR!d`Wc9nyTXFAqS`*-hE1h5}tFTahlgR_qtpM99vxK*Ei7ql#^)mok z+S=-=L|+%HL^IT!j})FWr$4Ew{^*4#mIH6RrhWPxJ2ZR8I@T<$7c3XfI_o)?$azP` zcTJN!q!c%%lOB<*jQT{fUy1yVLV$_qoCZ6bmFKN=d6l8a}NV%hLVSkCw)28vD85ibquq6Xo$KS+T~N{3BN8#o)UEDYY+Wc5y)LwI! zFJpX#@oa~wBXo6+@B^2#;kC0peav!N&vFJU1P!x;r;XIjRd>u*cx2)xn@$-umnn7i z;s>^4nVlOm{tBYkW?!G^guw9~7_H|9-B~fpW(PydK*10Q^Cv9Inu$2Fj3G{R+Y9*a zYVTO+HlqI-G}P8VOtR(2@>S?N9b@OlNzNhPC^mH5>kI#2sMY5 ztT(6+-GUW^TX#}KAl9imYCZ7cQ6!_rBTv2+q=a=oCfq8 zD{VBnq{-|`suI0Hkq6cKI!x#*T$6QEfklbFso1vA$mcf&O1a<%MxmT=uu5n>);3zb9!eVP#Nwryo4qcmgr&LH~%!cOr1)teyWylj;ysc&jX zqVO8o+|^5hG_+T@WZRu@qqh^dCgUrSp^m3$G?1W�(5XexSpVVnJ?WWS5chbiRg# znt8vdqK_N+V^7mc5|>i&)5V9Nkqh&6>cvr#>n#0O5JboL1%j`I zG4ewb=)#rwBzsLz10}LQhsv4=B3nBqH%C}0_2$$52#Lr~N3WamjD2G-hncTWBh|0Z zJQA=Z!kFOv25E)Ym^d@pAXr)^o1P^g8~pmsS6|Q-B4%04$aq_zOh9) zaMVO9Oc`VYDrsuJr0P-RN>Mj1$Id1ahG95`cGd4fCC0E+w2tni#U1eK2+EC0`~h)k zL+qvD8%pU$>Jhlo#61RzSqHs1Fe94_?4Vs1Uz(mD>p`wV}v%r}2n zF)hTOde=fH3Fhq&T;D;kUGpm^;A*J$P=kW~_jpr-FW*iWYgyV(gleCE&)2^XaCrM)d| zKFsu!&My$C*z&4a+aPVvDMG4s79qn4C;lV*1;SWd*=J-bweKx$zcz3zbRW=o13E@ z@XPx%9m06^mRcbdNAE;+=!ZCF+U9Ro{*-bL%NFgpi4x%-@%CHdT2rILBqmTFW#fOZ zf!wlXFtc1ScVeCLuG#$8hs8>pld_U&S+=%3g6F1(i&O+CQ6hBrIcu4~PbpNw%;r|} z3}RfnLfa48(3jSENN%qvFh?%+MaPIKCa>ePh;Syct52af7~Z@s^k;n}bHh*1u;wQA z8+A6e>B^L{=EnBtrbxM^azNgY!u5#>wHY?o;K^s=+6eWHstUXAl0f;P;^QsmUM{Qu4kcK1*2fqYg}iu;OL~Q6C*~ zxF+56h?q^J^0o^p`(kDR6s5;7qh=cCYC4$=F?HZoAXifBZGi1o7Z)OaGknxlHc|^M zU#EN!T6Mhy9^6%nH`Y#BQ56lw8i-1iyJVNygL=Xs>Mr#C`#A^&_2C}OIPf>6k!=}k z-%_;`EV61`1|EfoXR0FF-I3Wwi3fExRKe;#=@2r0^z<^KgZZ+`^sa^@$d{rkTNt;F zk$;XkmvOrvu9|aIX2#G&DQ$D(dqqRt@@TL$KV~$kM_T@B)0=Nv$lAt1oYc`~2=Tr_ z;X{tn`H(_}AQjtnh}Mqn%4cx&kgAFQa$E18A9D0BxAla6*DcB zHh=ty#@x}-&fzT+lY^tJJy3rzn%UZ#S(zBvfgBi(Y^|AGoQ-Xb9GKKW#wN}n8xuWI zC0RWQ6GumojhP-$F4;Sp80(1w{{qS=MmuBEH^0l7|9UU+pYO@MY_o83yzKR{u>tiI zC;R_o*YBSTy_deKzrWC9l3*bLb`V~s{(q|Z{wVaA#DS{v#pr(w{@ZH4|7pt@J39y0 zOR4xD&kp-fHJ=l z_SPw%zvSV7H~ksi!{K3$I79$NDD|OV0J$(>4Mn8qWL%)_;dthJX(Q8z_le78FUN<- z^yb-Rk=g}MideqG`^lBS`(kIV=bHHY+1&FEY1Ehz1!1(-t=+@<@CMsmHlDX(u2fHq z_fW@^rwxu;9`BYsLuy&CUV&<1$GZor=c9i4kdw?A#TLdJ{^!rpnf%0;L9XK39uJrO z*(kRtnNMC1ElNXATQ~axKy4{2lfjDzE0bBlCRj zkQkiV!iYPktygzB&QR?zv} zk!cJ{HZ^o*Hr{dMPhxCUpejdxb4m|yj^Wqkx0|nRkC=qn8Tpmn7cf~i+cSQ#wfv@d z-4o4I53=+Zalvi{e`Uuq=0*06+fyqD9*@~!A)8EMvg_Rk?~1!m1gE8hyiQUD>x?qJ z`0S0)NU?HTEOW_A+xX~IT=jUxT3?)|3p?`Av-Ik7ewKRFIYCdLpb~gr4s56-?!-z# zHFCmzfG-_pggRiW)Lc_#+)6v}lxZdnGLLLG@ogs=W`{Ub3GE*RZ$!ri& zERod&g(Yly>@! zigoz3|G~D;Z*>X1T^DvkVs^_a^I1G8AnJ40wEG2KTudH9x)jyrPQ@A65=!G-8e^+; zS4V+(L{7hne5XevSgFL!t3sa4G`FB{2mYCf@L>)}krz6)k#a-6Q23aIElurUuGL8t z?sR(w6aEMLrC4z}tQoimUX3!c)q@?MrkY(;Z5j4-V3+U*$u8K5E>?lkzK3Fwi2Sp@ zXfw2ft2@nOPwU>ux2LCEe&ChX-rl&dwiW2B#=f)E+MfASiD%;X-`x1RSj_v`kfj75 z^{NnGWzD;tUJ!$MhPV=gyad0HhC%gbJK^Gy>A!>T!UcaQHq$?gp$?+UBU0fcMV_}< z8%nNc8e>-Y-e%JE=Ix^Iyq%cB88jX3Bn}@IT2Y|WGO?6Zkol0@;ci#z1K*TJ@`{NJ z@6^PpGYk$oL=>bv^J2sMK3=FVr{TM!C}N$dNrgIA0|U$_90O;stMorp)X@myL$YFv zC{Un&n1(F`3C@ll=u7c^aTi89y?-sXjGmPZH0(4eQ8-$RHmkT^sg(_vY7PVEfHOM9 z0)mwsGbGWuP?X$H2VeWeAJRahE-m!-=|n+};g~kCiwc85coU?N=HQx(zK4(@!pW%= zvB&g=c+2^Hrb~vnFt08P=Abv*4{h19PKcc($D~aZHGoa!Ug0>cCadd>S3LwViZigAQYICSG*m5DzQgS_4C9{?{apApKKhP zR75Ep>HWT%upx9FS1>gx{R$1_OKCPVL93)ZtXgNB3XVL&f!sEsh%H*)k00yq$(zcc z2hZG_$x4MCr>m2x#**8E@_m3$KSlAC6#cRS8)i8B^H(diiz(tEn{-8H;z)c{zPl*i9Qf_zXZ3@1 z>c&VStv1+=>m^`v?pci&Klmo;7MI++(3}YI%JXVOrJKt?f(o_C>@$V*D9aD3dBd;3 ztKT(E4}XY()PnWev-%LsC2ZOECfx-SPtXQcw^Mkt8<}2oV?~H8;+zmS-8>VI9Y!$y z)h-yxz8L;%S1}9X4Dz$$Nxnj4OKEhFGCIS=^|zKw{XOR8b`zHBGSbiMGGqCSqES&Z z4spRYs%beME!@4n&^?XbNoy`FbdglD`sT5D>|L7f%`k}8fg@NIKi@M`;9qdty-ixyHhM>583|WwVGoY3DZ*n*n1-?G%(riU(()Rgf?$ziXvdM3bd3w7ry^ zi0`7xnW%8e6WNGb8X@9GFZ?DhpwB)AkEe(g*(vJlFRF&iptirCBu*m}@ZDIW^t)+h zU+IePedwXN>XT}G8}&z-!(&H-Mzgx`(5fk%s-h3OGs45Qwh&m=mkC8U!m44&cv(i2 z*hT(JZ{l+TVHOmuzVVj#pBD62c1k?CHG&i@r#b_QY^*5s3;blHN#qx z@#HW=Q^=uSv6^YDloe+?6^`N)6;cjc)!CRJ>zIOY#?w^2%+lWnt=J^zgU3i{7ox-Ri8y+j7MaF^@n8Yn- z9{eOT*W*tZtZtoHaclDmxly`ynHK10{)M6FyIC|8R+Z=mckD8_AlCKR9woeW0WXFv zj@2pV5ur$ccNF`iRYPT~udRok9-R~|Q|f{E@=S!&$6fZaspiu8-nL}ETm@vr!Q}Sg z?Qb&HYSf6O>_eOiKg97U^#;)H{X0M@*F_*3wRJPTJhj5H5*!49WnoN=D453~$9G)G z8JfKu$GK)|Whcm&Bk7*u=Fpr|#PHxatW=Z8b0!3~>i$p)Vf=26DW@qUC$xRnz&o9< zD@6P!z))w`q1En1=NdxEvAr*!G*30)mP=sKbMb=}xe#@Js+!L-;pIk!_qef_sr^b= z)&G!+U+j3`*(6LE8;zrzWqy3pXL6KnMM%IO>FUA}#%WV|Dhp4^aFm|shGDqVG8f<` zKs9o-z3#k$$Gi#lO=m@4U>}!rxU;$cr+j3&@#~4MlCODLJlYZpmh_a_NEB=W2{e)g zcRqslCj?~kGjkk8;9(Qx-%rklqt0=4Zw(u9W0bRnCE_43qzC-o?5Nc`($fx$|HlP~8`#$-7ZtY#3c7Bu`#ta_uEbc0#O7FqD8@E~ou^@s~eVD$=<(dAeg(+(5uO7gpPZl5>DVj>p8ugyJ~a z8I*`YF|y>c@-59_ILg6pD*dYHjyilR#$<`Ub&H%C*ZbA=^!qWC+t|`q-;*ll zA$%%^!%y@sMyWSya&^44SX}TtYpIOM$=FM#3{a)vy+NGxW5^EjG*Ob{{o!m=r8hiP zscCY^olJ|}M0WO<7K}vjSFSX8R<9|9zHh*>jzxSq3>w_pI%DxVWPLLyft^pkYLn2$;dO3~NXaK` z_m)QUDxPA`tkN$^>Q}OX!F{lutIk7m%j|DnF~upi4GYy+a0u zdti>YL{#whN~dbJ5fD9BQFZbcefgw|aykr_J%UQ;nrrk;SnQq)zO}Pl%^&VCAt{VR zu&FEyRiMNyFY&J2^1v|{PKwux6Z2mu@EJp$bVmYDvI^pU<72sdaf@(2v!hyBNsrv$ zgW}sY!Gu!@MM>=09WZtg((;DQNG+x^yL01C-~5!5Ez%mDl3se1I1$%bbMQJCP9W#} z6KlLGbb_>dXbqld8XC73hf?@$6BMfe>H)o^>oiKS73NRfwtda1Za!aWGiA3}>3dD5 zOOqg&4e7|1R5){9u2wo*H36@X6r+P&*wr`_Azgc~FSFS(x3#8x$hAgw)nROR6f%&7 z#0$dY20^#ba8C+tAr8}0R|rJsXgHz9Q>SCnA(GwwSJyN)*WElZ94Du!?^m^I@7V_F z8C=&8>g;2u9tfof?{u>d0`diP-tX2FG=CWzA)r7sBE-ONCqk$vzQU-rNwXaEgtXu$ zjp3)4c^82$s7gUQOzsF z-F5VLW5<4GFe;a7zKDt1m*zbyI0V^j)}H%cHOw1Ddb*hMOS#rR$<1--?g4SmQ@@@@hVG^U;f_Ph4}(Hln7sEKzO!us z%*MgPPEhF@*JKR}_*iM~8rN8u%f{o-Gk31jbR*Y>9N4d{qHGCG`LZ6n8`thN{D9w6>CTiP`t7rF=7g2M)bAVJfCM%S$h1KMex|_h`TuT_CTMh6aO%L{fe} zo9U5wClY^xWBB=$JNtb+i?yocRXi_b3^e-HD0W^)X5pf!kQ6ghNq9-+riK9ot*TF( zqZoRnh8i9iRo>ebz8tamHwZh!985|D`=|vVSj^dSBf&n8&xuPxd8$JFCe0KCwmq*P zX&iIty*F|hUcDtD>k3*~1qIJW(alctpwh9T>n49hP4Il?=(w?p#6-Cp%7`XsSmcss zd+qmmax(p#M%rOw`kRMgYQCQ>?qT1nDX5Ce>pZi8pYsuE6R*r-B5$YE__c_tpb=-+ zzb>HfTtb|%#w2Z{UPATOX7|44uai?3%asi_`az9e8cv&&`<88B^K2lzzMRO%tOu(~ zScyz3-cv}8=zRr!1c^h9H19GwmRI>FX2>K{186UZER zYKGW%BdW4S-AU#OTL$Bop$)e42E6@6?u%nBUp8X0LfjUkLyP)D>6Zr2T(}dOjl9JU zS;-J)B|V^?QI_p_4y(m64^#GxE-kVk04 ze$GkzOWP6n?(9zW74)+9(q{A3Kvb-OzDy`nJUQsnD}|p%aiJp9=MoAf`(E82{v18S z;QY`wkO%!8-#ZuvTK2o>$#m&5c&<|s%^9$;n@*b!X{4dA_CeCn43_H)f#%VUvqhig zNO`&l8Qv-wohVp1@u}#Rn#{v?NG=Mv>inF`Xvj7<0?5AhFwXddNEY2aCys z9v)gwy<=rkoSJWMLVgONM1D#!EaE&Up+^1=fs7fy|08XijW+)~r;yiW;lsgmgG{X3 zf7y8Z=ksO%(TVV9U%>y5oe2LI+7Diocxgj;IUMlc9*>hTu`zQr2Tm_?u>6;;sAWzx zuanBXT`)!04zR9QY^#x(=!jLsRbhnmn^2pNKKctQDeP~4%3MgQxWup#brMBvmTQ!~ zEu&4?*3HX2F}WL-sDHjrT*>66R=qn(T*=;!St(wR*_ytv4f(X@@_c9WyryDsdNn_? zzjhLTbv*HDnb_O=wn^ae{MW^CNQ~k0txvHOgU&q6{*{tOE0)Kx8o?_6{!%Tsr?POQ2;3l7^nh3_n z-P^gx7-87Qn8ynrXMuO)jv2HxX3=fp)QpZL%j?T^9qd1)e17&+3kcvCDCeG6zM_kP z0v!q^7g_Tqx~lXNA#}fPy?DFm;3sU2i{b%S70nyJCsaxj-^R!6kdjB3qcoK~&s_EK z4n&BzS6oLpl%1A%MuuX}wgY}7@m9Pv?bEK>=#~aa`IqjHeMqNG3+idnv1vPUsmsHg z5t7!()w_NF8J)j-QwQ6d z1Qss?iD@ToPH6A$!POzyT|C^1q=^X!ozh520&NAW>Pn(1BG5{6lT~lAkjZW~p(5r0 zK`046iyIB=1ZIqbF)kk}T50>?RdG|&>x`(kGU_$ONL*sP2#$KgKQZBPkKoi=3{_Za z%5bcJl(0$%-aI%9L6i)KpCt5^!&`;2Ga?z2JjMo#zrrJOQfl60ctP)Xlg%mU9E){$LEtC@H?pubudO!0lfD11POvmoYd zRRkEp*#75_F%tCgQ5CNVgSrD){W&rw2J*r_s|%%hR4Za6eXB9@ukE}jn1mM(lZ{2O zz8~T4Nx?qXZ0w4oD%E8~Oo?chB-mSVqL@;Ez*YBG6#Wdjqc0svzQMfIH8U zV=rz(kRh3>Nd>Bc_)dJH?T;CI0A(>k%}ljAKQ(O*xgjl)sodc zH*Xaa5-C*A)2K=$8pT~(Vb8O1(L-nY6U7&OW1l#Qk7QGLPyF4FfYHZwhU4;AzXUOE zeD}Jpg~;hle0>MI-r1V?2bUSv!SV=q)!yzW&zYEqf%OZk2EUdjB}>iP`r%IKEZ8iT zy#t3@iLZ4$&$jK(oM#JLgdW?6@Qz+w%pyEIe6(o{SGd$&%EQAP=U2D`(Ly^jt6v{J ztl*v4eJkZ|PFir9j#fFX0xfStsd-5iHClNDViI)=r39LEC1R z!ovf(g@;b%=Fj11t8@_?Ug%eY7~v@pW9m2jXhg8JCznu}rvzkhWCTUT@XT*nl^t!lKiEjq?;4Z{d*? zFBV#-!5$Uftt(ESo)~}^LqD?o5paC(Hsba$Wf;yx+gSmk_~wy%J7#N<5Jc5mI#fr+ zOUp^!pz*;T;TTVBl6^+p$i;@fm-!ZNgS#vS&1J>m$3f0T96PPs?o(^S3ZwaiI%Y+_ zribs_Nc;gB8E@xDX9V6^n^y3TSw?Zvn`OOJ^x8b7)l#U2Y2NQYacQ4(ig61xM`Q>> z+*jYDp8cGk3f=kWdiuyg%I(Ixa8G&o6Vrcsj{+X)b9?>gP`hef%4IL`A=laz%yhQ7 z+Y31P!6Nc9W|5iUvH6B`U_Zv}GsOJ*u2FHGJPGHbY8ZN-tP-_Q=T~Hf#lW2f)E}SN zI{WP6VN_VBzRK+}Hw&7TM3#LlF|08s87xbN=lmF;4K1C9hTk`_l6$)azskOM$r#-z zh7^d9u%6^yZSQ#=!71P-uymcG&r#Oh5EI}hWaX+bk$tAzIEMY<+bgvMTN;}XUt<^S zE?GTPJF^YF52)+ulX;0yT$k>ULk7t2x5GkC&o%7r>v~!~hixTUVKU}ye1lq$ zh05%ftdOe#-#mihcy`A1s3gMSHZ3klNQ5cjB!NB?_~$aAB)*Q{l*GeYwu{tB6y> z3Q|KOC1fz=r9VHGq)A{qysd%73>U`doJvX2 z*xg709ro5xK_?a*S!7#7R|ZTrPn9{SVnyCMUdcpcD@mzf7G&UGz;J`5&YjgKWmq1? zY0T7lg5WF9A%Dj(8`f2>k;+Rq&{x*<#Sq5-A_y+-202a6OXXTv zHxc)h;ptddQQ{-F!#fN^Ovf|SJek1N`u^bD!8N+7fUMp|54!bt%oe4cG~ZsyVxwu* zl%3Btw|u2eFlDFE{}SO|{dp<%4O$NmXBJd&$JhR?2s)BaNR`EyDjT*VQ|ht{!-<5` zy{TL9PeR$!7S4OSD@XEz?J>ZljbrGc$eE!W^9s3i6g7KLzm`T2 zZ@04?UVp;ur*W2saWRUNBSG3-&ca@OJU4(>OCj;uf+FQqpL;v7mX~}X+0w9omN>8{ zddw9h(&`cO^xja}eqL3*$Ai)}+JbyYu5(p;wqSp6>e5KW5-!p(86M z@rfTM;YPuY{$|^v|FC^RVtl+x`>BoU{>u8I52KKB%4yD2wN`Z~fOqI{_EQ+)YN`#d zm`M7_`%`Ui{>P|b+p;O`m2R$Mxt`59e~&A>Jp3h?Z2`?FOA%j~mM)7nf#+Yt{g2y& zbK_FxVQq0zZj|sRJ5L9;E%Lk{52@O`?E{Jez+TWBxG#zqr0zWibCKDwl$NX6!E|Nn0 zp-!$yhE+p_MBFsRbl=ZQlEsF^(w~=pa!2vqFLJUHmRE7j4tyv*N-nL~TOomvX$@>$ zic?KEp7B;i8Mm((KRP1KyN%g_QpdS=RG&%k=bV8bM zyu{Tm6j|8;VWfSkT@D?P^M@PEZ>0?TK@Ae;@eJLsr}?Fxdg^QeCw3l)oz!}R&j88B zLB9f1PD_yzqHqHXhHDzHMqKa13*6LPX*T_hic2m>i8O8j=?EDtn7M#dwDz_lH_&*p~zIJ^D3Y5gBp@{enMX$Ar6K6Xyl|NRgZRyN>V=)d$Mr2E*Zes60u`uyrM zj!cw)&b*5GX)uCP(T#AbE)6WaVYPzjmvD3rWDFs4rEDcgq!f663)u)SUu_K{Yplv*KThzkLFZ5hATrK zc$4412qRG|5VIse>9W6m*ZOMB#x=V_Bw)fvz9(#qP;jEIU?JIIXsL3+h_(FnCjGae zI*NJ!y&@~?uN#l!-mUf=te%EFoV9Dy-LsyZSQDqUV>=qYPu=@!e*5`w%xT>m|-TR~JOPSd6xIfTZ7wI?D46IT;`_=&Rx;->0iH)o8ewhMFkkpIlnW$;kfd2Q$ifu5PKqz z1r{cZJ2kp7M`XU@e<_Pl*X^jm{`4IyMF| za(t>tdBRj?SPNNZ2JLKq6%aDwP``C3b+KtoeHyxHhh(ZzRV@MBE@Yuk*vs6yj%6M?W7-3s%k+H_FrsOfZ8!9timt zIK4NXJKhGf$vZ@}F{h>}V>Ue@=!sFUu(8%EF=w+rO@I~`IhX6DN%sMd^SLn5A{C}= zC@2@WL!G@dxb-(;FcVr?fOzN|cK%@D#f*uf<783r?!4;_pJwfS76)r+x`dM%%E0!? zxQy#)hFv1|)1jUtrHG=+MU=f6N|F9bFRRMn>dGKEv~kDrTkO>WX7OG}yC^F|kL=oX zhjmc%9nbkdop7K~nM}mONaGhbwL{WoBZfluVu)%=tlk8`DauzolfK&rlbSCYnaMRX z>eSn;=9pmgB_;DC`s3_(s?S27AemchZAbhOF4RZ&P^7)OiUvIxb2KVhBkff6Wbv}vT(f->Y!sv~BR?b(|w$-Qy> z2IIZiHM6UnFSyy*8;MVHhKTlSJ#;vMmF1Pc$ddzI-p!}$IO`=uiF2eXz>&+SEwHZ1 zAjgy!tm*bmHgDx2n;GM=lDQ+5kj^KX#JoKfTebD$e9vPT29kckCNa|32#$#y6>a=FE1 z1Ryh#rtA%H1L3DmfU#;A^mun;#fCG}T&EqmqKC7(M0OdpuEzSGBbV(zhQ3U(mj(j$ zJ2}%$Dvv+q81LD6E?w^W)IBpb11xyl<|8F>QtD!`WE)Lu;@2|_zZ~9RI9hw-3}BqR z@dE+b%f-C4)|zb&0XRz4_2U|GgBc8n)rv2I*qM0C=Ank+Yif3 zdL|cU4M+AnGyz$%T#~|QGWdteE_>$Aa>y;A9~|Q(0E1CEhJgmHO)lEmj@_|1TNM)5 z?)_73+l+pso%ulM@v9@&fc$n4Qh=d|a5_tIZ7HBVtSwicau?3>W*>(qgwB;%dU zBu8Z4$*g#k<=-*jzD>))*x^6@++QwG(KioQsQWqfB_fHFVe4!IP8JHMW4=h*Q+ew& zEv2RydLCQVDT3$H>YOz7W%H_+D>_RSD~)ttTo#|81Tdur$Kw?%exO!j2-At}`*|I- zY1S;6)CcM$Pjphzxhd6x$FZh^xKy{86zAR)Go3Qs{4ZY3cVf%ZUij=3V`&eM$z9np zb2D{aLO)}?F%Ca3*UfwfJO=ka^g^4qaWl~a%*fE%H$FPNbSj))e*)t6Q$Gq4_yH{c zWqYEo_{(Hi_0z}+wjbESM~gi&-LJ4`g^8hAbXq7_7$C0p7U;T0l5qh(PMQEsM+4-Z zj=Yoq*3>~g>j#6D8nC|obE-fjo&y|drSwLmU!bc`rC}_S({(!Y*$=eecU`1Q~c3q-e}P->z){naVs4?*0MVd%)h zp%wWeObqdLf3neg<`<$OnWpXfP0RMvL~oy@wy`JTRi-9y176aQ^DENQ59pX>0Mly=o*@|^nfb0~oJ<`9RJ1`(ga_hnOInOT1@-d|{y z4n!mVoIu?6#bg)$C+a1t5r);Lhvt3bZg0@!vH{$0)qz3XBtQbS#20xqeqcQcT6(%{ zd4Nw{>8k-!l&@}XfI+aoE*oP0x#~~5$zMMfQxvZ0CIGlYj{hR-^8`a)mqAjN4ws^q z@=p83u);qJ-p$(6>aS;gYB}*3AmRsnVzhBpNP~MeXVc?EZ!@pCaN`@Wvan z2`iTYOWqpo>vOWyQ#0^ z;whWj*jk3wd%^)Hq{=Vi^K1+b&rTI@d8e0YHX- z2mlr_SwuY<3wKi$3!agF8Nd(6c{owI;#tiL+r`wYbV$Znr-O*~)JKDlr{+g^cD~eK ze#}3NuqD`^tX1#+#U!K6>c~wtdg2A%?sO!e`_&zA|7DSF+s{c3DxBbNdw^UA8StqA zn&zs4#~(#X7t|F-$yNH~udSrq!j5CNt2;4SDEMyg*#bnq6F<^$!)_RKV{$=fJLjk5 z>*kj^Sr(g4RxZVwXqgwbx82V2YTN*vQT_2BlMdB|o`vinjAYI;-5h)Hib%WN0wgT? zT@DITmiMe+UuZN1RO}QGK;bF#{xlrN=zJnv*D+i=0Dti-6ueQ1WywzT*wv=f@8wNQ za^5d-!bsqZgJ*isnUu@~2xCYlf=82c1xohb@mGXO#t$j?8XhO6UnS}5lryERtF~TO zoyk~m7ZZ+ABk4|qKt`_9C=?J9o$gA`5Qm@u@cQ S9YhX*|xXD=6r;jmZwXmDwyN zqYX#_oOhRDGc8^t%-PiDp@wdY)FnZyxr9rFvwc0ImqnevQ$2^Ir^n-pUkxN>HMVrx<~!0KN=YnYmKufhV{9V@J%(myD9J zxk*06nC@j-DH%&2$NE$?!ufj5GZsrCFXr1AjRMRZ5AH&cz}-rz-ovk=O`}-rbK+`1 z`t@Hj?LggMkXA-YLN3|!#r{$pu~gdcY^Ig%sE<1FgEwf+fAtnyM?;WP;FqLjBYi22 zZ5ye4-snkZLVZlbSMtSYqnXfw%t}Bm-g+XaG-1U@Dzm$d*V_i=dZz5)du_jTYANtq zssdR&b$13@8=d1R!}zKSY=qJkU2OmC5IJYFouP#VC$$E_5 z^=~@JiM-@1uEtt{eP?OqkdHY#-?~Ffr8PQT(fgxqIzYuyAGx&^*|2||^b1ea0oIHa zzI*JcoF8y>{c+YSjlC?k6{p@fDcRVijzp8n@g46L@AmpVFsB+Y=S;}XCr80r?pUa@ zq=$jpr|)&@Nc1&G)=Oz=Ru(F33@Q1-oTF0%wCY1j5I&aM%xu=Thx@Yw+@|;3FIh2g zSugsml$yoVmhbEcNbsJFX(y!B9# z^)&Pj8EMT3%<6+p;?e2|WpxyyKwB2tcr#%rX%mm5Q_>?A21-kzlLr&bopHYQq_d;C z05%3gGXma_PTCeSwXeqf9%Y)(NiuYS+|=I530cZN$K703g_jvrTl>};9h8OTOQn}u zcf+s7qmK|82v*cv9J_R8ikx#gIbB?w&t&z{*?0)|g6)s`0+_UH!tJPuHDD8F0W*;e zi%ioV{mwG~k(UeopAz?f3<$)K_4wHaaV(-2e>}dAvib=Czd&)))pp#<6)rs)E#tm& zl4!#VrI2DyFB01y6{x}yH|IFY&+^^rdw2^1|B3tD4EpS-AUw*`@%%DSsNfeD@Yzl> zeTSc{2CEkfdW-^;W*Vq_0ybW{vAda%2-yl`i1bn>T!96(5w3`);wEjfA3O08h5>Sc z0l1#Jy4`K#O!pIC%Ub|G``>Fr?)MI(scy2DhX5gPgaG-GQRmgd0B)&uu@`W>@uQF^ zyEj4J=X91WhN+^-g)@pX0-VSj9dV#ri>rRHif%t#`psd+o1b0Hx2-eP=wm?86>*Vbq03L?JHCuf{Qy+xqi zK~oC{-btcD2(ZWo>|otYG7ry!n(leM`Z$p@tHHj1%j>dVUDaZb_ll$5GpxI1>DpDr zebzFxy6{HrZ>POa?pQ8>gLs^U%e~F_&NekYRc>84=+i{7BYjCPndWKG>G8YHaExTr zIqi0?NxV18#bPH(EWN@E?}^#0?L_FKwBAHo+nH&N9Ga>;`_JhKkK0dBQYtlY9@^sSLr>wDRQ0%WtmlwUDC({jKf+g*W$4A;Fl2K9^!r zY`i%?>5Ri#4sdW9-1j=F!S$$my}FqkjOLx%!i(=Vn|FYxWNQnD)MzTxC5|*6eCTRv zohSS$-T-{+E`HeIG+StRe-DJa8~@d)16#m_Jpam5^K2G-oW>>i#jH#VoTp2!9(;d0 z9OiTe_ovQXq29#2_mq{>W3=4eK3Sxzh9v3wK+ zXfOiS=dMrWqQ^3T4KArDrlWyH0{nQnhu2gFSKZxOf)Fhj6u@?o!B=x%;wRSVX=}JW z2Be{qw!*9oPF8kk;%QeSTM?QXcGqPEZA=iW7F>VTPRJfY^w=fj0Bq<0Xvk!ov@f+Jc4(#c@-u8r$6hAVSHTxdKv7 zgJNY`49`C378=Q6U?2Kog6eh_WlI4}!m?y!CQ5S=L@-$Me{7-7JgYuy<+a82{O$`Z zI{JGPt6MSYxRIMsY}LgDFiwMHym+BSTdnTstC_Nh52?WNf@ECPzg->Q@Gy-q?JG+X zBf4#Ww`Nyr-&Ac8S!>NX-*=4h zjycy{$KxO|Jmv0Y4s^}K6+d57@as0}Bi$9&2k9PLh?Cdh(Xg22iJ8wZrj#>Q*K5KQ zIi$1uoSgb2k{D`5J}>oFAD`lSPWI_3h~H|bz*Xi$qe7^MJm)<^0k2xUos@0p@<*-_ zN4B7XS1{Q5fLHXH>AEuEA2VQsFd(GY!QVriC^>QKB3`H3%*~?VO|@^EZR z{vM9(?Hq*ydxUs`Id*taE!%!d;BfFc7$@EKt3YIjZ9vMFPj0a9t02#~N)p7$rrgc>HBHt=!%Ch`my0+Ham_3NQt ziHCzgvPQCOn$m_VQgdM$X|0hrD82$&<)pC6LQ0QlC=PIt+D_40~*nP4gQ zQg@GyLQ%6e_(Jc^hi3H{Ls^NJn%NJJ(E%|v^$#%du?j}pFUP)jttc@O2qogiDGFPr z=xO-={;CeZ`EmLl)C}K26jK!KRUIL8tN1#%rHIsax9u?i{l=07eKk=*y4 z?Z_FG9$t${*3`}02c5P@yX6y6`NA=pL+R8gk0mhh2G>?>!q!T{)6SKy12(B-(X_#0 zn{}LoTV<%EELqEG#r%*+?{RU$Wp`Q8Uw~8&ub=niV!2&z{R8kC1m7$ zz3@rAV&~{^MoDAnuo+)^Oliv!PJ_cz)a+?TD~(hoOL68$(53t#`HQ{S74nXZe1$*J zK;WQ_^N`f(|2gFa$Pu#E*_M&PyX|^lAbPPLL$;vYDaYRu7z^WX2 z7qjGofVO{o?QAaVdE-NqoQ_EKW6km(Y4ElSRmr;CM=r_V|teq zk28gu>$Xc*!%#Lx>J~RD?^{C?^|Rz|C3-BrJ9_>;|2@fdZT)N)jQCV@ANt6&j|sqE zj|#E6{jrq+Ehd~;bYt^^v4hCMVovQ$oiLg8v9mg*?THUmajdpi?-qUuKrwTJa1J!Q~(i$&wew}n45Z6@K zcA8LzrO&`i^}gv&L$UIq17Du zkM>4dsoM1R_b-T-?U|kOcsSEi%Z2wim#A-b?FD)G?P)xZQve(okKf=F&HW!ya&`6L zyuHVOn4+1FZI%a;Z%z4cvJ}W-2lJ8T(cEk|+qBVx5+Heg!-zD8!~qdN*yso?0rl9_ z>_#HT6p+dQ{;qaoS*L0?Izvg9-_6RRKJ{6(BTDEXT5N-nuwfbNd$^G1bjN?(&IZOFJD;D4YpAXrrwoxqM6a&57#d4 z5ky`{$lr6BY|)iA?K!GlCErpeCx4TojDei}2Ptg@g~z~hmZD;=ZrwW9txEZ?cFxk) zl%TTzIR!U1AoIPPh%_U`mYzoE#s!7Z^=m}H;4dw*<#|{CmmIgWCStZ15dIku^>k}_?l$R`oi}7U84WOX#c=q3{i?HRD(aI5spW6Ka?Wvb#f~iW zX9|*s<8i6&#STXc>5sZFCY6@tgF^zL@6D;B_37j|YQ|+~bv&eSCdhZkQeJ;8&h+Q& zG{;V!vh3TbBJTFjocL+M65^Ko?^v}{ds-qS!#=~_2H0qXEorFxhXzqoUzlwyzEnM# z=KEYYvlWn_E%$2f^HV(ve5M?cW%u3mddH-<5dtI;8!sThyI^b>%;NMe>QUh8@6;b= zaz3KHy#wbQU+%|pA2gVKM3@UdJ>h_iU}^r;;?c+v`9&)E*8{fVc-HjC471OYtkL1B z&&-^i9q`4sj0azLx8#8r7BDPwNu7%c)@dh$+P*ZZt7)`QRe2Ogn2)LQ=7iq0_DNzWX`{xU&o<28Cy-GnOi07k@V z>f3u+|8FgJh>-rmH=LjPJRXXH{J*`MF(|}R1BCWxTecl-X`#ss=+e5dxceuw7nipd z*0P+^o_`2Y%72#%GkOrnS1sDtH!9`?{fRAf1#ad7bUWbrLZ7&1=xcM6+N5;5hV9-T z$EQ0B*OUR8{oOj;@x303{;HCpiM~>K&9I4s)lkZ!V}8ts)QL-NF@G!#7ral{`xMj0 zlrLlPyA=Q=@HTnhw3;aE`-?_Q@{I;BKIGyp=Nv`1YaazX#`KbNoN`f>H|60?2Yc0h zg;Vs0DJWgz>Llyl`N9W-?0l(%@1jhdyhmocua%3|85;z}&)|}*X>)6Lz_UDJTiwN$P3I zdq;!l>mM4S9^&O)iai;ALuvKNh^a+^yK>7(<8fCBzO##+cPQ0V%Vi*M1!%?WEgrtE zK4}gA62%TNP^6UCJpNSt`pOwFxJ`}`F;m?P9IYpC5X z0UsV-BuCT`aZ=tZ22q*pYA`2@F98VhK4oz+m-b<>)@?i~SwjSUnGAgRhg#mP5+;wv zxEzUDXJ?)tqDXOj59I`K!i)Zk#@40(Ru+I0q0?pHYy zKlVg-<42+@!{RO0H#ylXsRkVgaP@-Hltz1?GMnlrk6R5`yRwSh;O=24i346{ecHid z^=ah-jRxQrxxLBNP|xLYQef(BR^M;3w$^P9fA&X{MenyaCp~>E>|PY%^c+Oq+)^z| z1z9LGrAYDJY@LoDq#umOh;V6E6@U@%p54b6kDKCiOb6@XKQqLcjf?nMh+IMD5ZbhIr8ly3cp^3| zEL@p}NuhOKe=w!Y*;uc}VTlOD8deuaR4~95-NRpqN_=b$wbxTK%IgEV+fq?R>gk|1 zgfOgQ*7MrgYoK!wusll5 z0_%Kk$#U}GiK^N>N*7vwZI%Xic2)y>AnM|(4AwdU3F7D+9$s1+yi*#^5{0a`d(YM{ zyZOX{5(bRGh+h&Dqk`(0h5-y96=Y0N(um8vD#}Qc8iMn zs>-R6OF)o?ntTDGx-QdmB8~rC3NcwhVx5DMN34luI6a8oHHK>gts%R|iDE?*-xwdQ zm8IZ76#EB?yL}Vya}5Y8Fkr#$=jU@E9*Ogp)D{Z^3g+9Rsy?jC%5Y*#D(jZ3n(g{a z*AXWc%B6mm=7<5a2SJX^T)S7Sj*m>`K&tpDpZ>E4_$O{e9x(d@Uk(k{F<&LPBR5|zIiU?>Y@ZQA_2jk{5SDy6)5{M&JWQiS$Q&Y0@&a|c( z+jiKaCX3s%kR)Jv#bs8`JfoH|bbe-bQCZnu zM_4$JdjS6thh#j(%Qez>58C1iHwsG~JTd0%DMf3)`p|A^!ZsQJ-8%nJqDr^!>_rvG zC9`Oj00DK;K7OQ#en=mpH(+qi7BeQ{KQgS33ATkl-x!^1J&Lw2v03Zq@KGDSku)$T{ zPTG7}w!HX9rs+pSTsQ8 z5(3e6wswMMV1SKy4*cOKRwWP`l|i#n;h-wnY$AcJ7-)l*Em4$MDhx%>JKa%4243J9 znjtDE(Vyr&I9z$YBq*8Xh0Kpe7kzc(%YvM_{JIgAvhz+67gUozqTEe`e%b9JGI}|I zQbYF2_HxAJHn;9M>cw8j+(G|S+wWl*>E(90chOOYuxBgMo_MRFg@^ZDnI&|WR^AjS_h2)#$ zGXaR^(>!Z{7cWnV7&S9$m8WU5p|EU})MHDiiRU92_ZuhY$}+{GneUP=eSDraujpcn zJtjZiDts=6?@SSG?Yw{4H_>GyVKDCQw{sN&A6TT=NE34LS5ONYLA?7r<<5SJ-+-7e zab6PTe*>tJ`V-dtIaBpiN36r)S3T+!fabW)YT>JNlXB^C(i>0vDNz&I`_V(OV6S6O zqpX-$?IB(mB-l9DahLCjN0RAapVkJjUqMpRq;nRM&~dHfqUB7$+frxO_Qc6wQj^>L z*f1s4Fm3N7j~@eCMtlOi6RQKPLqJ(%MFW6h^@+*f&YxeV7o+oXABZ)`*r3iYF~`VR z#l_q|wH}SoG-35Ed&qZ@?nc`s=c_k`ncq7A38dH3fc{cced^Yp-S+U(I)ktI#?MFZ zR!$KLs;R#@7d}<)3&%9D+%W{rjC`XYMn;#Moe02^558SPG*n-stkt1N5hoiU*krGG z{*b&&0nclR+m3UazV1LGJwExDFuAW$U0+3V)UD=0S@~L9#{<6%azn$G>iTjKy3#QT z$@?(>THv5La8R=h1wNUd!tY_6bbO=|7UvuaeEMILB0%YOJo{kkOav+i3h@1Sfv}}$ zs4IZ3+W*){IVZmS%g)9%|b9!b;2LRTd z=vbT}2kuM6Spc2hq^O9+e3FL)fD_w*kPzel zBsb(!yd-5Sr2+J%f|nW~vAm-DK!;t49ssrhXqbVkXOn*1z8W1p9S>{XXJD`#0h)~r zV|vDcF)p?Of_5`&t*Se--L@mx3eqBzhFu-;MBQu*7K+faA*rPIa}# z#a}+({QCuhui1`1fkK6!eyuSod0AY-ZCO;9dT$m$zNb!;v^&fE0z9{YRICPWSQ!GD zJP8=ums{u9@M+GDjvM?{z4^{L2GWa|LZvTd9d`kF<5Bfh+}3KRy8vKl@8=8p3n@~^ z;#m^D{0IHYYBXII2_UPS2o?#C$(9yVF8qaC(hpNK)mx!Lww*tJ{{|p@IY}G`sb`|d zeDH@77-dz?=7YcSDq!RT%~l3D9%}O+LVawsQiMxJW_~8Nb8>3BYJ&iD_b#!L^qY=l`G%DR#wLjMc{O1*pe@)!{ z%O#Ni^Dh7k8vs8!(vhBBw;Bfd+q#C2lU=J*hnj;@QrhgFRX)_z3!o!6-3J?h7w<^^<8uu| z{7;PitKYBH2L}f~xOw}s`pw(7FP}U8hUs+1$=A8L!4LHGWHU}`UwQrD=4E<%`YZJ3 zD1V@Q`7!YAE9Y#qx^6rk^OUxg6p`|E0YU9l%^5`daT}9dYSepAF%EQ~q(jWO>xQ{5 z>^GYm%iCGp?+pC)$1V(vsXuP|lvK=$QgtUcDI$e}NBIP#!yj(iyy%8q%#a8T)p~Zh z*2u(-`QJbJcaQx$VE&yi|9j!$aQb78dvmX3;KkQk&wkEwBpv$fTsS(6Y*n4~x)Tn{ z$UbX6vGVLdh)pvy(oSc?s2li7ub;jsDR>z@c#k}K-F>9Ak{!9X#u2U$MI*O+9_ zTCO7 z?|YC@fyQlj`#@paWxVW>RiRCnRzzh|o3Lxklh#XLe4pemXNzv2s*?4kM`}@vOPkK+ z)zQqxsbr6&p;m#>cIW)6v5`Z=+JegMbiI)kti#lzR{MUoDlST_3z`VKlz?wW_sqSt zUl#40C%h%}?tUKEu@7ir_f;0eufHJr#+WgP?dbP>PECSaKbwifrS^nQ9E{*H+j>=N zUx*tVRwTMfr`BUe)VA<17oK}aS1%aTznGrwp@Vtbm1JB@Y3X9%&>-W;vciI9 z(t>q@Bw=9(C6R1eLvZMvGT2W#9H`#Ut4x(opAickYFnAb=6b&@`jitmSc~X4puv;Z zv!-X061uS75lRjq;~Krzdc!!d!(mqD?^8>hsf?|HZG$a)*~mx-yi;$^CoOjl;C+FC#?etmWuzfDry zjZDt^!o-n0{cw!gA^(1cab4Y#ale51kwZ?(vb_d!eJ^t5o`CK`Sj~=axcrYy*ya_v zP0xobTJZs-adP>(@_;Grk%eeUx06SJkG}s9++tWSsaFGb>*x^dJ#JAl$0#9XduX8P zUrOHCpH4Mai%EhDPDHNRG5bG`N$LtwV%I+Wy-ZJ*lZ)p*b@QccbbzbMR<=yd$~J=I zeuZf2WGtimzz^Gk2)pCa%w>=-?{M1og0LG}&$K7zM`Ko520Hn8L*>8El1vG;cCSQ--PPPu% z_aRPr?6>_Q-TI!l>FMQ{yuP(oNi?|IL_s5 zM_8c9+=v!=ewGlfR38gnm|Mybu<2<(JQ(+cf<=(oouQ%zy$8E_va{K#1_l^+c+9j` z$WT?G_eZt2M4kKt>$_<4{^3rr*1fcDjDxs5Io;1Q?9a#g^~8zKh&HY9M5X@vm&ZoL=t51DIbvknR}pz=pmUTO50gmsZuAtfPgT*mn;W2~cc zv{Q-_`_HmHbzP?mf`@#f`ehxhB((i@d`(NrNnFH3$3IDEmYh_3z!gg*BvNy=!#4c2 zOT4Sn*6}Cg9kUw^rZTs%e)`T%W~pll+g&{Q=0|OqqI$DBl+j*sp-;KDu86$$bBB+k zD_Q-Go7=A5^SjfD+fzL+7h0s4@PGBP3oh>9Z0xp@yTty2QXcCjNMC>51!l8>SL_6_ z)(avHYR@cf5jRlLhpw24zWHWRLRu@PsLz;~sJ=%K*+86a#_8CL>JSr?hg76zooIU& z8&q8-;>3NG6UMd|^>sZG&L&Tg2*3Z2-n^D$CrR`u-lApJG(a$R4qnNyfRG*>N$c$gws`l}>1&^TP_87ErQxwg9I zg%AqG#rpIHv@!ell2V^@z|ri;LZ2JCE3$DrD<{qE)r$&0NBwnM;(WggBBIWet&!Bz z^XDJzO#MfVaOI8RdZ1cRpeoMRXd^pI$E?Jw#|dmd`ZI>+K25*5L`l+6qX9STUq|G7 zO>U$WIMKQgOq}>Z1Xdu1eDa>LC$rn#V8i|3#Gn&a&^{xWR-Pq&)*+g^b}B2xdjS0E0m=`taH zxpu)|*5oM@O)FFM*Ng|nnlG389{9Rc8(mWk)jX1aqGox!r#DnlLY3uIQ9-vK?aU<@ zJ{P}mDjN<;TI&xQAG&GP(;Q@xF-%K69#B_prWuQA>>3M)-=&)JW+G*80p#Agl1bIYu!#2a=v(n0~Wuwwlhv$g-Vd=Oa3xU5~{7ky=%Iy6Ufz;KkzLd zDkoQKl7+<3G&Y5^wQ`StB7gJR75>RAYkMOyDCm|N>G`hHL2hZ;SY(iV;6h{I`uC@} z-_UFRWjd;RDr!xMm(c2;O;pZfLv%r{NmJ_qby$r#`wWahq90EQW4UNkL`_z643~}1 zRT=1q7(sdK5!LqZvm>#$7jlBa6K)%|*A5~+d_D^?9y;TrOtSf`PkB;CDYMo`p3vFs&@Y zjBePzG3Yxj{2qds-WPAuYiUx5J`ot;fU#B38!eg5uqi4+ymD5$NOh&KjPv0$CSos3 zWXMD1dbCUrGuPSQRwr*7{&Bj;Nbwx>21Y5$7)>a8{}%hUU0Q^zNC@7lRwC&lwi<_3j~ z=}lgxQ6y8k-Rl$iPnX`Tmj{^-tP5paSwG3tMDsyGnuL6By1Q1_sBlIq8~yWqGGh>= z0or(G@|9Z9t0$AWZ|?P0-OOn~WhQY-6@u>H=8IEOVoD7O-!AB9d1r2oGU|tr<9u_+ zmY9b|8E;k_yV|xdJFiL9UWIsatVEPuc_;8(P3er8Q%k|MOwg;&&Y)^`PU-eUiVe=c}1ZFp2KbEnmCpnE%oz;kDO zrnJ**SlYm*sV`!ozN>tqJGHsGcVe@J+cs0f+@@wX`(!xkmUD805HaMnw*Ov#K zL@2nyC9FPIdE`{ zyk1b$&@duhmHy@a4`>*VNb8uToI6v3;iYum{B6(w>^=0=293DPNBcTeNNB~@DQG;5nfW*H5;=i`bNzZpCsZINF8_?% zLjS>N|NCZ2{|~-j>3`>DO2CVM|Mq^Sf4Q5|@mKyLuK&BXQ<4(k+rfaagQ)^3A@f^e_t)w z=hIhQ z@}G9!$}h@4?*iACjUqe^+$H2jU%q;C=c$AEEhcSiue5?+^cj`@JP){IICC7#r(txgA2Q&jjzFfoUlBFu#sHl zKJmcu7yjZ|(3um#m;92(zameZD0&SRxv_ig#7*&4Sl}td$rInHK)C0>bWgk*ucn5h>gr6oVZZOnYX+Sa!vHMEJMmd8D2 zHsd{R7`7b=u_mo0hWfaVa3pWbdgiVk3TD4NT8*%!sW{m-qW3_s6}fMA-J3L+aPW;m zkR4PB?x2Yk&8T6QpQ<;BN6-R#&O^w5w`LG3N0H zzj`I0s2f(+R#U^Z-2Cp#wS$Qhpase58Z!%mF=H470Y4 z4zA|sG?=^j-c(2SaH&fNT`XmdqD!Qw30Ll^=fT|R<(p90s{#fHo(_UP>Kpv^)? z6D@hLBs7>12?ZVQb|@0=Dw5tinZ#U>9GlyGfQz}eRY-U_R~G?B+Z>%f0Srx6l6b^Q zoGRzFey98dzd=?>w*eBAo>sQT;xN-V!A(%CG3nPZjxR=@oad(0}N_EAQf_PNPbF$h<{7Sh8bt9=bS>f^Wdw@}4eVvSvo;F{Ntg#sqo*c~!H>e;hAyub&VrBOH#HyZHuobNMKvvu3sK^xOu z{rR1q#bIRsg-pyH!4E$KEP3?m*PkRpEmE=2$&zoL(Wp|B_t{!-*)Q+&dU#^rwY{Y) z)aM^VUGhlO!PxtBxd!PC8P?4fFXn;74BE&qbK4xaxn7JR)t(Zfbr}P6m=+E_7J6(m zTu;?b&L`AO*{Q$WGSDntcBYJo4s;Xsj=oA+$uin!QHhotl9?MPP8Mz%)IoWcdjT}y0k(^A%P~j zDNDZgP6CS4#-o-o=CiM7eEd8_3`}R>%|GRA3Hc+zE#C?H9%5%&m!nl_W_vOTRl2`r z%#LYW$b83V5_y_!yFv4nUPhX{X zJ6r$&JU<@YVb`O#_Vq`-W7EHz48}HBq;NXNWS|lSUXrRJgHwUw6s!$o<58(NzG~EM z1l!T3TVW4!ZzG{M!1t@m_`Z3W<5+j?qD@l{`mOjz=x^HXtV7NbbunE$8T^j6z-XU1 z#2#^j#T9Jt0}TIi%|2-ViuBIqtRg>cPN$rG_hh}(6p9MJwujXV2&<6;wsc5u+*WzS zNP$28kt;tD(Gf?k1Y|zre)h|Kne$VGwAmr~q1vD3ZEgoaq zehIG=`uThuhjfeQ+k+w~&3b15O;Hxxem;BGfG%&L2d0*KV~`*-)HyHx`y;n+iVLSFi;iYWfynKMe5&@K?vX zc?<+JSB05-eXfpC=>U<%9fya&v|S#8;-)8+d)XCQhnnBs-pA8i=4o)oQ{RS%lTi9WPY8e1+wEZ3->xI>+TvZS>F77j>fG)BXB`& zULwh$)8BftHm=q`3A3(^;8`@#AJLe>AMB~;J>;HuaDnHxp}7Wa+Ukq9fkA=gkUb7E zDG{Q|p$HPoUiP*49@$#m}dL@g1Q>SqtwiuSFo9_?wv57lTQ!azdU_Cw#v z@2%-0`%ci45E81bG*z{Wxx6Unu{x9UqS0oe7adZBq1_}oT zRUo?)c*$>#Q;xwyz3|s!4l=d=f1LRL{l5oQOok=ft?*sBs8&NleHDI)@x<4-Z)Euz zC@BHXDa@o}|EFd=^G`BRdI4{sG*&%BK1)$=68z>xfJ{Qr*Olzq6M%e9x-KPNW-~&X z=3#GV%oKqv<&g;tc}7PR5OCdccp-)<`BA`r3{ujwc>W>J4j_!+*4b}4GI@RX8BD7O zV(p*7)cAKd=WNZ3nHAC#+g;|0#-+g*mwM_;s;bQVws3d#DVp_bH#ee=+{p#4CRa(l zUx6F-)NTS?lpu>x;((KTCL`;WW)S3UTf(pWtaxz0TyZPn8PuTEIbwe2$mu?I8(@J8 zILE>~k2A+$qP4gAI!I!e*w3D{w>)!ZA?yBuq8~UyWLm9=RA47YykEoz=`2Kg=gqC5-q@epfYa0+6_{Mr|~p zzc%SfBVSRR5+LzR)w%ad%RlE~ZzrSjM!k;IDYRoDJ*CS%4Wu05%IiHnoCsF{09BQ( z(0!wE8GcZOD@OMRkUFZFFXP)(sO#9Q;bKWy zh>23+YD!pn30}Xt9c_-A-|`!yb12!C0TabiCla>l1-J z#kI4VdbR#a83+kD*_hp*Gaq2CE&n_dh&rpw}e(vGBz$CSM#2w$f-9pqi~*jmCryf+=5&xFyg($ zeX2A}Y+e_auzN>RwJq?MKC9=XAEgt40M>J|yY}${UzJCZT-U=0T_&-w;bP2E;yFp| zUS4l`y8W022RB+i#E>e)9Y?40UV0F|ICbo=}ZAkQd6{$Sg@6M0ryNoGW8_bSlW%mzHix!q3cjc7gP&}aW< z*0EsTe5A!75D2#4$cG5=fQwu<0y+Dp$0Ft{lKTSXJcg^V5DIJGVem`JpwP&NGl-mH z4z+Cf>nlCK@na*;pNTpzEzr^%mpJo?hZJyP86} zE})#NG_dY?Vpxpo(8B{ognj7a(8^|z-EW|3_B=?Xgw-`baGJGJK%9;mq^V8m`|oeS zy4NUuR`kDaZC6zB|D~@8KLW7=DXDl)J|ac(0|nIDGpSs6(&n*XtCy5f6_o1vQMs9b?xVm=F;Fc#=4{I^Xu{2Wu*eKCKkb8uXl7z< zy?c!Kp-`FG`Q!MeA#Hj}40}14*K@n$sG%$ey?CPm7#YmM{WynKJ34c zr4xa|#oO8iaTh?46QT;X{__b^K&1&#h`|=dIpG^K?HKZ|?gz6a*aQy+WXe<{!1T&m zDZOu=?OCD<`nMvTAw51oy=G#&7{4UrK_kD?w&FGY^;c)D@Mk{9%B(HC{T2S)Cfo;7 zexiQd-HZ%35Sm9dKLicOcHl$btwFDZSQx!3u!Q0c$i`(gxWn!1U6HXf*y=?Q72*Sw_G5I zx;1hF)T-fIzQVV-M`%u<{nKgt>?VUl$V5z7orG_viNVV~emUPXnRh^E7a9^5bU&za zawaG-d?4vrP`8;>-qePqRISDw7oC$BilYR`i|lpqz-zoXC%R4nqm=Pk$-?G0(Z zaFU2vI$TU-UU$$aFOKujLS;MJz6?%y1vpvuuLe!F9CFMEI`(&f@u{$cjUcCg0;N?n zJGwJ%wB8|WIu~rs%by#&G1b^CmVQ#eN{H8S;` zol^NyV6Sb~x3c*5;g?PV2bUI5!a>LfoSb>_;?jt==%hJ&-TAzfwO=i{Hu`9uNnMFL z1EV~m&0fx)-rh^M7o3$Z^P%~VA^goi92*GZ_Vk!C_yr)XAb?let$T(SrChBOrwb8k zQ7?<4zw3A#M(Iu6;j~3BF1e1>t5+rPuZs>ZKf=O~D>@ZcwqO}p{=@f2r=vy2iNYB^GfHenmEXVA2h=f&Is zpd9PnwHT{Ea)TV%qxN#9cun2|zQV^|4_VizfCSP(!r5^^Fy@V2+T3!w*WF$wj532z zFOjAJ@fNFKA2IDISY6rYb!SHRy}RVl^*_`r z?DngU~ag{IUSF95zncZvG?aU`x8^>+3r{0;dzp^8l3CPKwdS}Ux zH|+Zj4?%{>sE>bSR$Ap!Q4i{Rm($0ap*fQ#cIcCXA7v&3dG(cE1rL%tI0B`L*g6-c ze8ztfD?Kve|Z_rsfWJ@gkR;Kp`h*QhV^9Y{Ep)cOaHsrwqqe3=$rW!iGycD4M z^MDxPL8qOkFUzI_aQ`w3ehal(v|F_xhV&i80oH8xB@Ie3zqG94MKNXpJt!zsP+p6m zfQAZR_`WD0ljU~gbLW7VO@c8pi0Q(hvz``(rxBgl3qv}8Vhfc&>G@uIMbheuaZxbM zN&^y||Ajy9m@X?88@%y-4|%0r$Ooy7UFO?L>Ymr(fZ>^!^5wc=39x$>3xynFrO(=; zbWa{Gx!C3pj2%=P9}I~s1dXVj(q^t74FTHNqlkXHVOUoI*o9}N$$K@@P4o8%BgSfm z11r;%3u(~FN%Ha&UU=yn7!)1^@8ZDZ^1P2B>oNld#T6gnM^~GlTTUPUD&BkJNC6IL#Hz7P$F=KP9VW-5)kD}CV(q$-yAey} zmy~i$(u%@PD?%xsDv$q@y*4xMIehoeJNhR+>-h}cEBbWjyBj=<3TVprAJ(*;2ZkCw zb_dG#6zp{rjb2=RCe-=?cBq1jp@gLX^NQ>p9Y)H>fA-`53zelw4KS6*fqnrmKOjJs zH~VRfj$MBk^r?i^%BzcCBT~kH1xGOqTpEC455WW#C&5rGNUFOr7Wb@6zO!(aR1VlfW#3CiP+<>zK^$1!*$9)rqoW;?HH86I<4eo?;If)Zt<&QU4#S}XyHy3f8H}CCH9LRdC-WLL4m8ti z%`v-Jd^hP29+>E|Zdv)A@7TJ~vR%<6DlISVIDhM%DUO`>gwkF2O05^S5|S_6*>d;h zevxy-wtZYMph}i2HU-*vkT@}Q@WQ-QqYnXM&@n36yI#gX`>p!*sFDz+6`91fdIj`TmR7&jFEG^PB93T^HTEdEo+v-~E`?UUyM}`1S3vv*`ZmioClVd9~Ly!V(;K zsR+|=*PA|1F}{`3Le0nu_De_EF?$s5W}1QyM=nX&ulWmx?TVQD?mxnr0KP%^r7~$C zDL{vd>Uik$nbi%!I+D%A6v5G7at(fl=>#H&H+mW$n$~^yqy;^PkwtfM+PU?HR<$80 zh^0zAPZDZ|TEVMgo(tvvQ0mdC4_tdnDnODmY)8*y{@4|b=~hB?Cd(g{$xt06 z(mMJ10R#^)x0si;i@7U*N?)}Mc@D+*~xS%hm}%4>!vJ1g>_ zEJFZ4By1`)>B&&RtGm5VA(B|%dO;%z{5%-aj;;i$8Dbj1Y0PdFG;ZTbq83X`MfF1)rADE02J5}gw z74waNDN{8o&ay9YM=8+%e6x;!}jwLX^(^vb;RKZse!tCNBM3 z7m0Rla0i=bPNXRb>XWdBFo~loB)pbD@4A;+U6B~M>o#nRLU(7!*uEugq=B2?j{Yi% zDwQ$N(vOg2rcq-<$9fS;Ld(8((!;U+$hNbl378%NKv6OX%Jf1{cC@}Pq)j9g_3Fla zF_e&*ttRGYKZRDX&Rj1wft|6k9n`!^;ZG|k9eu$3!(nGhz6-m08}htN8fla{VEA7i&x;5hj`w+hC z&%E@>z0zXSEbawZx?5}HXE4XutEQJZbF>#;+Lr*!TOa!h-!uaKeVe_b!EO^z=Ycihhksu0O~$o3-prM$nq{K}bm@6k zI@9;@Gzqss?);U2m72VY5^LQOuLnvPAef%k=13!ZW^@;pCqDV-U6qVRfhnPRrtuGocXfF+DI$$yp3aDr&4XEcCpw#N0 z&P()xHH)16y=MhD9oV``;>1>pM!mq$%)-s}DPeEHu*`;fTVoS{ndjxD401BfkGfrb z4ud2$J!g6XXV_;=Cf_`Bv3;aqp+B*BJ`J(=N*Ce(hURiB1|~8z+an4k)x^d z%>nQC5m=r~x6gV*$Ud$Dj%XSXDINlvq)hfz-mL#JDPaKefYnknm{~WAiYaZle=26k z)4~bS6PNO%i+kelQl>IQq?hMj@g>fqr&eLFK&o?J5A#<#eU#nfIZ<;l{Zy+6@H0cZ!)Ww3wi0xEh+Z0e{8{JiQH$|II!6VSg!^6rsx^nN}c3HcR`?vo&pL5%0yD7 z@rN%oS8}xcuX!{l0`an$-iluHlN8z)J#~!--y_LQmD-ig0?l-GN&qj7hIolLLDv8` zc0XZS>& zwp22=4Ym0*l=1>tXBDQ{iMtgbD^{v(5!R%R`t0>v+RdWI`fTO+>r8#BCJy~Y>Sy%O zbsU`3+3Ue~4_TZ(n3bMfPKBy(;^uFt@)C#;RT>199WTlJXy@JCcsD`3Cwk@oVDGJ? z>Uy4iK?oK+cnHCQyK8WV1h?RU;C665NYJ3c-QC??f(8j5^x*F9%!cpp-goD|HE-@+ zYi6xkGs8dZb53`4S9Nvm>Z(t7>p&C>hEjO!FRrc-9^Z^Qr8O_`)X9Y{9MV8;ATI18 z0<}cw&O?fr00IP-Ib9}?x6|G|j=s=qG1mFPVv&Y6<6we6>XW-9-%l)>m5Gr^bi1?a zNNO?6n`&X_dM_TA53AF$!W##tg`A*zjope8hD#vN_E;%bzPpT{Wai6B(e|f$zof!A z03O!7eC%^-cmPqANoM@M!;HV9Uz3;Ps}k0tSw}bvuSr^VJ=E%ERvmr(&Q_XIISthU ze%`LV)FKvhFRW&zvf1*lO)QI^N5A7{sFaI`jN+|MY<=ts2;wY#gNv;ZCmxVkJGzRW z#wp_#?~e}nccaHH1)KL3X2n1nLFSB0_cbGBnL5&N4sOPyfisBS@71^FQEnW79PoWw zn3C(Cq@|=A71f>fVM235EBF2&f4(%j^dSExNe9F3{BUGpB;1RUMv^S1)C-~{6^nbT z)Pw@Uwa5Zxm#oWON*|*AA{GsI&rnF5(_){rftOhfQ zVm4D&WEwVDRKt7V&C5UHnkvVOUC`oW!=p|$id5Sd+(@X+F!tWrq_4&)SG!uTGxj~O zsy08HD2#8j@VGuaoY|4M1mEHz{6&WEVOF+vBl?Tf;e zgm<_X&00)*$_GJCO=VXF_QqBOhgkvPq|d1pQY*%Dn%t3m_k6PywU%!%))uZNS(l%- z%;!y7PUDS4#{5k7n3N!k2VqaCzlW2d)6J>u=5r<~wPFVYg}Ib_YS#WH;4*BS=O8w3 ziQHunq8Gv1+shUeT&5QVHqii{aD@Ob-ev#RL%zU4I&brLu zAcnv8D1Ok_WD=e&Z=nb#MhB;APdQ0&5gRd`laP155<&9I)z=Bp5g@2JA6!#v&TFpp zq|;Z|YUXGjek>e))g%-tW)y@~9_|?U#xeZ`_s&-1` z`)8pn#^REWMDu6K?PLJCxa@BG-rqW|12HFj_2!>yMbTdll$}@>FHaN%qxh2PK31Ar z#S{J{Cyb}LRJBKHFjsGO`w^EJ^;;1~g3lA`406>|34rNyjpR zB69XugClYeJg2D#b#rbH$kf&+f6zAAX&1GOt-@65_L#Qe%Q>A*yYdNv&Z{Jp8}5Y_oUoizw7$09I~Y3brpnVl_K_t&iZWg$T$yI`$|RMsB)198rZn&A zMVH==3&vx0c%;rZQqrbZtI$KF*NI$LCUny^%R`!B3&m8aa^uo(<3Cc+f8w*B0@G3@ z;X10(RBjGFR2KCeA&)O%csM0GeewEhUbw)YK$m{flxBiVXtQ*?U2GaCUr29#;LQ6f zfgOjn#H+e-+JdMre-XWU|Tg9L1`>STtJ-7f!ZvgHSaB=b|o+#Kzuz~=dp)9RM3Tz2Ww zvl3jh%5GWc4bfoLYChAgt*XWcW|=~Iwbu2+wP~}8i#-XCqDyKFHQjx;Qlq~B_)9Hc z?rn~GG1Y-UEkbeApMl2ag#{OOu9mvB@A5$-5~qDvKHc&uXOZf$+)QYB$;V~|oS)R~ zzvCOdFO(sz9OUNok@DK81)MA<7HQQ(lfq{i2^aqb5D`taZ(c37hsm4@DGQuKTW|1y1>ZWI*9F+Z5TdG972Qmi^Xq2-v1>n1ry zr!Z(EdNAf=b#pR2ayyy+t#z*!-cO}8vsF-=NXzgD${$!1U$Zm3XVB~5$7^)jf0Ae% zp6wr*3X&?3ccfjNBP)Ie*yWx9CQ(tw+C=uU21jG=%14;29Zqbh-z7S1Hu9ZKjOz$K0C@qgkG}3iZ49f{1PezO zSGO?jR$po#27gj&_ca#{$4a^-%je&v^d{aRu?mrCMJ_s_4rD$a!5O;PACN>x5+^r* z@m%o8JhZAlj7tR9CWpSiW`C55kzc&lMV!P-S*Tx2gpv6~F$jdwKc+JR=}tZ0BV}i% zmK`N8Js^j#y;0hCdj*7^=^`S^NnqF;aHI<#Gpw_G$F4!Me2I<29Gs_1KeOaqxWdvb zI?}cV+ck-r_UaU@ew4$c_Y%uf4&`J}ou#wF&|!@R3x8 z{FKPkJ0@#FF3s&{zam z+7qegD7hk#YH|XW;Jb-H1_V6k^f!|2{p`GUa`$2rtF9|_&GrBb?H}8t%ea+6TS=@b zPplT4mnIx`>A3Ay4O8>E`lFQAf#5jG;R0Rp+>xzcnzMQPVJRyB${?6)g@jGk&g)zL zjf$&+u&4u<>sjw#Ad|1qy#)2b_pQoMSD!M>x2I!I%<+V%TGaDfc;r&`Mvv{iXP+54 z#&Ng@%36x!KbKW)REYapIsWqyL3MAT9@EX?$;GJM+T${oslro7w$ zfrycJDRp;b*svq3OU1oQuBZiS^97S_8XeuJydsnPp3Dy)Do6_#yjfAz$jQzmzW;w} zOlob@yuK`@bU!o|WmCn&CY^x8u)gd)>d+q8t*%n_j*+PR^H(bVAo)1;m3N#(d}S-z z$VW;4nMlv3<`0KfG z(`88ix&Ix*7pBZg{fw{*vfjUG z4fN2qYTv2+^PVnkEtb={YzRTrN7QU*Or|?P$(W84uy(lDHEWT6Fe>i)K#=uUd*i0> zqZUMYB)|4hEAf1P(|v--Pm9B>R{bg#xb4H5V_2Ost!Ek7S$}3|1MR>n^+{(Czjdwm zNSYB|)KzpwiORQL&2q*58`u8zQsGGs5z%aT$x)i?FZoh{Rs6uhZu-h_NQY-a)nY8D2t84+lqQy57pE~ zQ-v!Sj|i^DTeD-=Ec;q5$8@9!(NjJi#yZ>fHe2$p)LJ#LPNdL}^5A`OUvM{Da8D4W z<4Te$0iTA{$X-%C!cQ5~Nb<<|uqcMt6wk}c6y?*!CfG7B! z`?9j>$N0ra^zcxprZ9!hlCm=RSk0#&wwd>I-<%H06%yNS9-2tM-?nCSM=p&Oy_>@e zJte$?ztKjC;o2{>>e6aHnlM|{QX zyoB!->T4{KKS(IClE)J3`v&Ba+#qvT?VnK(Xj5Tg8no$sv}uLLdT?LRd9;MoW}JCQss!%ye%`0rt?W~`_De=@IoMu$7oHuljbcSgUoA-!15-vQ@9#h(W98p={UZn9 zke{ftA@`dQ@GaNx5N8ONYj@aKrKp_NjSRY6OnGjTmU{3K85*TeqVkeQ5~G=8)S$Yq zJ8J1k!BvstIxd~^Z*UHl3wOW#m8$VzW5=dkVf=>38z?9?AXTES0w%mMu$}Tcm%Z&v z;MjvumT9n0x1JYjTgz{h(lK_H*zZYJj)(Tb$$McfW#8QIMLjA-cUBWp(&;(M<0qZ+ z#!=A*?xfK)kL#pdprS!Vd_Fd7>S_!303B+}?C4 z|4P+vH^lKUeXm?;M#;kY?@hM3j@q`~f&;CC?~l{(Zx$zP7de!AK{Ol1+}u} z)ST&$R*cTTbq1^#L*G}YJ69jjHknGNjLFpq5>7EQ_ z=PXvo)MM-JAc218dsaFGC@EsL^@$0{BN%waex}WRMhwae-i>Ej;6a@FgzRN>0F;;N z_%9#La%_#M-d)^W46kc09b3>IPhSn#eLZkFs`A;@$KNiZp(A0xZwZD#n zNoH+F+oMrR;Ji!NLp4-7Xo5-Xe3E~3CWwbGAoAVGu38CyPjpR0)# zk~1Y2fkbCC{^<_jmcLtQ;r8coXKcnv;G-pb(F5=)3%zscY9-#$OG*5oM{sLS{Wt!h@d6w*81@N%QiX#V zt?J8XaL0}&hg^D-`DUgF?WD*-$Co?fBuNpL676e2V`>)Ld zL`tV>jLY^9l#9t_hGPb6ol504>^HVpb`Q2GYG;uIS!zBVDN=meu+;JYBph`(*Pi2U zc3wh8Dln{$c9NPgj|-K-$hI}1sm`~7(RvGHDH?gk2Z8-Rf0Y2xm{nfYr+D?IIdV$K zPxIJVMKaZ(WTrw5*7+3qpI&a7SaAhOzn&9cg@4j%6zA-B0POcc|Ia#!8x`4cA4(&v zVoask*-~o&gD|$h12jph0Oh^IY%k!!;}Tqg+>A@ZwyWBnuKWs+{&a*t2gXGq`CAWU z02`@kpLAKMX+3pI+OGa^K9nCfm9%OVCZm1?#4Gn^R4>gBW>Sg{v=yjXs^$H0vgeu|Fe@YHc( zk=wxm`lk)F@#1ogb%`Nfo$1p;HChe%nfxL>S-YFsq^2DA!eNKSu_I62FF=I&p>$&c z08Y1=?PUy44)_kX0732NAYET*|6;)5ikqam2v(w-B+9@*>I)M#!hS2loSuDAC00XKcgo?c^Vheotrj*{txIYRtuyq{;L824TAc^3n&^? zhT}8nPiPO&J}B?$XLKS|sV|@_P@2y=1XY6uC@PfcGkE%cQK33RBi+gIU+w5JUL|WE zj^^PTs09+BK|w{3cw&jIvDTgfq@~xMU^X$i`2OeZ%+K3x|9iW6{|o1a@;qi=Ig!Op+&`sbc78})HP4ZxvUkjY=uQ|%pi4K7le9^OYSoN z3m%M&*m)GFqYTQRYHQ5H0rH_^;vlQq;dS>Aa`lMQnpcmo&8+-~-8q zOZ%OyB?EQi$NCpTd_dkG(^P{USFoSE_-V#5i)x4b8vg!urEJV2I>4}>ve#>X(0k4F z!~HG14zA^u7SkloGRWUI+}UVx&&F{cJr{- z8)%{?;Ksz_B5?b5@rB=lKs66jK^H)%=v2H^>(}P8KA;ZtH?eZx#DL*i8*q5Hb^;S%bC=2%oE@3!MzI5K`n zv-+uW+Xi-e^i3rD{f=1a)jsCIA&;&(_0kjnR4Idgp%b$G9po`gxudE;%(dp;!BsCM*6Kc6 z4N~@y4Bxt)b!UE=@zy6@T-7lt?8?@%w1K4~xC~!`DQ|Vd64%hm=>p>btA6D5Zy@8_NEn`vXe^ z#e#1N#SGFKR}JcG$)W^wf%5t|>l~5rk8s{Mw58@aoo(6g!vUgy%v8e8RJ}<)XS}Vv4_OZ#7N-5TlB2^9a8{F2YnQIJT#;bR7`!#p!zG zs^i60^JEvjMszQd`rfki%x2F-g^J?Oth<^Q>WchEK>~IeU^4aiJBZv~bSvV~*~`%R z{n03&Vk|@KCxE=GZYeRpe4s>!I(vQ-Y<}kROgrtW_lOhdyUm!x1|vg7#uXJ|&H1kc zfwB#=P}`uncHZ7ScuFGkFoBEz)N48MAsx)UPz{|fXbG}#6O6)Z%M`0kyP&MtOFrRW zPG(!vRl>t#|CDx3sk(;he_m-;+zWWq6l$$0$Iew-itoA$KG`b}U{-ZanHU0O{bBmQ+!05M(TLechG zn?s0w+HG-m_mf4Gm(D4xivQ_L`=R7%7gx+d(a&anSm2GPdu`0Yx9s_8nKL&s>Gv2S z6L>;WF;m|KbLQejB@!_;O#fz}54o&pZB!&jfB$z)#CN2S{W4DPYWJu{Wq8{_W&F?N z83~1#*R=d}RDa&Z6-%$#JNR#mjTnY?kNq7dVq*epalysRGJApr{~2uf#I)(CZ9lv= zjiVcvFU~;!$$8fw>m9Uvi_MtS7ZFhNf;;M=A~eV82Y#fvOFNfuuoBJKw(<`FQ}Omi z@*p#AVbEoA+62zG9hs@C)TobuLG`D z7OqTv59tFssqG_yb-Rru((H!^#xMj-n`8YN9Z8qR5iJV6@?=4^!nW9RIPMFvi zZG8tNFST8{`E6BuYZU+~J%Mp5BX+xXs`xFuP|>E_eMQrmeQiB{HuXfZTz@H&)!Hfn}JlEQL!*$n=AD7rkKNQ)DXGsHv9D^+;TD& zOg3$#ar&PvqYf@6z&3I_M2M{?#8Mm&BLmY*3eJC>`2z=Rn=1@pC*8!JaJMTYmXoOf zkTo=<1u)sYZffizPd*@Bs5YK#C-E4_;A`+1JYWTjD#2uQ)R2}};BN{a z4D}cPBER(h^GyXY2I?SJInY-{*%=x4q+EvUO=y5e8n+#GiS!_rqCbD%yIdHKv*(8UB1E=A-^3i818UQGQ5V{x_*$OMFXg8v%q23kdm@#;zmTjpQ}%9oLI5 zn}Xja&8s>21Pdv0Ut(qC-gAoBI47f+tmPi zr7iS?eCb0d$onA1{?maZr9-)?=+vF|kR^XdN=}kK^_5c$d({CPKxC_v)S6gVcL8}% z8HtCkxD)nL>H&}6 zTqj3QBv04QOlzzdyOONI4+7}G3n1(#_%{vT0CUz|0I0x(vdQ*pTwQu(pzPe1@_8;i zU8}7ozxKsgat8lS+Vg61-=XtMf>$IEfe*|>x$_(=jj-pmue+a&&rAt!;DjC$W((P=algMK>NN<7D5@~4wa4u zN9eQp>5AoK2?me*X8MS%(u*Db!-I3(53&|~jBKCNzSK&TY~ERd+-lGYQehTSBHQDSf0Jn2jnxWt&FV0x@oqkJP^YRMPf96e%N7khqX2Y#;=q4vf0{{Q?O>e@mTiG z=87Ic5__guq&=ayyN9B2pqTH}3A#8^O`m19H};dGNONr_UZbO>Mrp8*WD2wn9|eA} zLKi;6JF{XDrS>z=@#W}VNPRu-kn^U>JP0n!j4rAItQ>O7Yn|F>^}{E~5XZ6(gfzR` zL=+t$Y1hx2hG8(0xJ=Y>Cu)oDvsu0}KXhs3A7_8YE|Sx>f@kmiM#<3+(?vv+wbM=x zO{=X|ar{e&zG!UJjZI>|@h~mfxQKXGjuf0xu!uC`z&fg#^3$`#j?j9_NlhQ$wOJWy z$W2t0Sgf=4S^L!FC_)xe-(HlqOAqAW&kdhehv}pjy>3l%Lq+@Y@mH5tYc-dL7O~2r zcB|7iv8gKGcqsk5h+I%~55M>COcz1eVZE+;iU*1OHgRLWq3i-r@_Ce^J(kI&tm}1` z?GS4IDU)fB^Q=pQw8c7z7>0#!jK+N-XfzKbpQ`qXN^u)seQ05zye5!QsnJ8mhsVUn z9coKdaiNXCXOn3~ONBKkliG@~r-V{T>UKQ*x1R@_FC?mmAL>p4{MKjlr%Wa?kv%_M zp^iJ>IR1+^R-pCt0bCYfH+i33Ojz#N4WrnPz+OQOiJqLBy-s54bVt|jnC1H1|8z7r zqW>&rZ#%2k@2-B?O?j=fATVBQKn%u%hIYgkiwJuL9nj7`!<>8vJ*~~XVP|}!oGamF zyZpZO)4~m98ozW3UnKHYAEm{$m?S?7FRDRq={c4pSLE?y-@s!1Qxhj_7@2&drb$&T zt^gx^*y+zJ(?`-taZ1n7G^Z}Q88&COmi}3+)gkW^e+)ljK(1Q`qg2#L#=$pUt z#^zVEC$^=}ytOHY!@XeVWotAOd0Z3u024*ct<@4Y#$~&$4@{nnuKZNE^pA#D& z9bOr)@GSf}KeZnl0Jqr;W4*i};NjVtgZd&k>-R{cx&`gSPSf(2XG<0=u4hVk&xHVA zXv7A6c_Q!$X3_ec5pss7vsW*h#8#d;l zTo4O{(8iY-9I|e{+ohU5K(^vpvz__FnC@U~?$)# zrB|<>_`h~_a?9PMHXKQL?A=1JX0sqwmO`)AcUU=m*u&Q&4!GqfDF0 zuOHhyo)nG&vvMB;(r=urm6yNNyyI~+YOsFMFklrcEES`fjk*|Dxj%Epbr-=5^bH*f ze8(86-D=|OVA)q{H{RIe|I*I#{DWVVjJtue!w|$=gR504!Je`K0jh1$U&RIg3%U!2 z$6xBEcbo%w1FJ+(*O%hI94^Mk#tN7AB{9kM+U|qgp_Y@~S9^L3v%m4UFi6#VN`T-8 ztOp+FlnW9-A3ExZSLQ$BM_PcKB>Sw#J>_`#aES==IY8Z_}SMQD%CX95CNDr9nu�Y``Tn;?!GwPcc{-MTF5CY{>4d7I7!nJ{vZ zi?%vQ_AH|^nZ^?Zpp?t=M^gSX-#zMg-2PHOzH=anQd|lXB2oWM%KoR`x107{ggk~~ zio1|35j#69h5K*zwa>n;M*=XK-XN2%9di?7z55iWqMfTne8n(aCy7qJ)aXx&_r@{> zlgF)q7_Ps|Ew=>eLBo7Lxeu0^U$C*inOvL{&W1GN@YZWti>=Bya1y;AZ35L5pXO0D zcGGelDAH0kRSQqhIl9j7EHh&Ylhjs_HKf|mlml&y4*6Eu2hCO5yvxrrG}9Z&T4JjU zjMeFuew_|=1XNA}iBv7T(;_776E9C|_B>%zt@$VfFQN6(QhBrO5-+e(qd0DFU6na> z%-BM${AM>c?z>>L;|#_n9^gaxptp$w=1gZPS+UyTqLPFq6(fR~-6^o9^=AmpPT+7g zaf%d8X8nQvOn*j?wrk{LiQ%I24-dHKhF6mlifTCSR<~NTTIa?{b13{`)m_0tqdqvwg%WL!?(w+2Gkri2d3cDA?zwY#ILzKBX5IqK=BBI>Q*2QfBvUGc)x1~#H1{W>wj|u#IMaD1YWPn&ouhpG_40bP4PQA zn5GWiFoKG4Wut#%^fL{R2eT`=@`nELa|+HG%t`!Adw%7^!u+I`=5@8VOGwh;+X?u6 z{+0Xf>kvnkoP7*_aW~9_=ndeA3WBGk!U#)F6znLs@%}uxsa&Q`AS_|u!!=wrWC`;_=R;Nw=ErbRrga(v zP83YStE)g5L9`b#ZM8vDL+rn+FgsTUaA_nBT0S^rui+h|J}-&OuGK2b-Ulj)VcZ&j zs}U-nfe7Zo9ov5e9P-9htt1rQY7a@i$u}~F%PI$>(16=Ij05Rf=T_g_NteevmVI7` zYd7n9UEL)^wLMol>AsHhmVADKhP?VG8pR;=|9||yR~lmez)0G)*u%O=!QG``9-;g< zPPFpQr=}89RLn|mL&b{~`5~$zq`-rYO(N~rPuxy_I1J*%N7ILf_Kzr(2@>OAxLIl5 zj{JNQYzfO42`#+Nx*kpLsLy*H63ET#T&82R^R z%G+yr7X(sK-ebA(%TgJs_FAqbbhhaaS_SgZ<=h;2*z@%`iWq|}#M5Q)-xi>WPTg-L zq{dR}?{X6gwUWO%2>rQ!xDShH;VIMu!z@C9ZWinLJB_g}SdZ`>U|KeuAxr%$Jc1ub zqr(j)>9i1QRkqLJT9%z5S#;G0%=2lR9CBfZH#(@uP!M7Mcx?>TFfwdUMT^zhGQ26u zL#vz1`ZWZ~rBZ_HY||?}*)5bP&vl7#Vgy%+fSrZ+Pcuwb#R~*I7C4AER_0+R-{Zu! zC>Ic}Z;!}1_N})8qLQbvO?;n0W|=wxiT%xuuVi#*5vqsc2-PU0iMRX&Br&s~gNG=( z9R~XIiC<|q91tX$B~3f)HYs^t2~WRqW5tsq;%zssGt3!C$4ep2c@oH{YQ6J5>4P(v zkl%|4PvTtka{2wK^zy`{s*%(dUMK#sqmyfg9U}^MkEvCZ)}ir$TdZBpY@Wv$$7F^2 zqSSoEw0++bhw|M8g8>6how}(9$z{FbUdWfB`|MBWob(o*rq_UMw!#9w#p5JMP5vDk z(>$!dOFK{y9}qa<@W9HCv#z|_VC;a)0}YxA%!?_?5tp8seuQu|8%WTZ^g2%0-Rm^$FP&Whmus8kuR~F9hzf$El8rh4lJ7eZZPRL&KP^h z(9@7n@U4P;_O4q)-JwRTqwO5~6A0m!Ppn|!ZiO5M@9o77veNmRcWQqq{m1#mSVb(U zGQ^dZ{1qR<;y{aWu0x;3CB(|#AthcI+J>HnRD;xRrbSjsQ?y#qi2 z{8s5`C+$j#Lab-$IWYky`yBXsQOO>b>fe_#oXDsK@{XUXO_|-~2~0R5-SjRCd4#-C zRjto0bA?y)*wQksJTxxQzLXTNt@9gcb4(7(Zd?!`vlcB!J(HBSsH@^I(X6feZ0?_` z0atFCK{)9izGH(<%Jui6PzD_wIwGgh7JFNow4r5ZcB96o6?8J*UzL$4Udi9y7;moWSxpS4~`GOAQ#=N)3bjD7#=*#8_ie zEs~j0d>AvQFjM1o>!0ZCYZh&Sq}Y@lt;?K*7Feo(X2NJUB9uuQDGV+K&*H04_%nLm*F)NLzt6A%2e z1eEVs+;%A@AfYk+U^W8WvEs<1{9&w{w{BBgXWYCVZ?P05MVxDQGfpK4F0m)c?Z7NE z7B%`TM;fi~DtjdMa^V~~h(jt1r>687b-#>QK@5ytET&3mhW|RuDWt{jE6lJd7n%S^ z>6WqOo5{<#5emWuAMXb$qqMAr?;$_5EY9=>Hn@(f8#^HLju*M$A|D&I?Q0n{ym7gu zWNa?Ict9@{zvB&6?1*H#!yTOXt(-a9EqjlhY57QicjL#`-VfcNi+)eC8?VryZ|F^XL|LXP#RyN>>Yyklzdj~rseJdoFlmqQ~>-StJ9+2{c ztylOVO~}+pe}fLT^5EyL>ZBF98KNEq6^45>%s5QqQ&MZAIT4q+i*YC-v0YsfGvzkg z%c-AUOFOrF{`FXJ9lvQOcIxh5vwr9DUU2b=GxWal?xy*$oG%mInw$-Qx{;T|%S@tr zL6)2+n9`Sy$_`bp9@9UM?-VpiwUKRruK=I>V7U3632S69=~Af`GGInP-mZB20PXWx!9mc%B1xL(mCo7Y~9U-_Zg zvVQQ*{Ebkzpuj|bcXy;`QvI8KA(vY-k9~*J+MxjSKG9*a33XY8#HEHo>cV0@m8;F8 z*wb{gluc7Rg-|LgN!}F8E^eO70kiS}526aLGbo-9IIEr{KHpu5>(sw1+2{*)e^5e0 z;SPfz=YHdsO=jjilJ{zE63BcR7P?jqFo)ZQIqhxsd{bF!a!HC&UW3}vEq?1`@cx%; z2PV1D(8A99m|9*#*XOP*z4(bz48wmAN zGDBAr^dsodS5AwT$$-jQV=?T?JFf_@ft%#RY;+38u=F&g20p_Sj$RKCAoC&dc-;OO zHDCA=V3=!$wVa%x4T=RB^=9d#v0##dWMRRqLGfg#t+oSxWbV^#S8a*u7=zF`$(xG( zbJ6b!cjflK9e0vDQ+KxX6|gPa?kKqTLs{8)jPoM15ElJ3gx5{|^O`asUpqT8ag?+; z^mo0@D6^gEApNyjFvFn<+4VQpi7}(nFNJwDfhx5N7Z!eR5Vx6nW1vwi-{Pon%4v8M ztELwP(CiZ;V{0z z*Q+HB+3$qt5@xj(+wKxadoDuUJ)AnRgLUngjWL)bV12w^cYUyd&ty2CJ3fWRmOzrd zmVsf%4SokB9~-QZH^!=vc455*xINPxzPQFKgw%^)cq+=z1XD&>Ac}h z8A$=62AuHX23F$g`^DVqZtfE5_%cVVv~XqUSrQnEeh5#&kS8&PN+Q3N@U@LDT#gvQ z^}_bFp6)1TSG&PI+2~|98yN$ZmXKxgI>nn`f;Rg%4zEhqCSocqLm5K?KvC+kH%t~k z|Lg@-3()KJ$Yd|)#I>X_4lC-jlkpRc)>hi+ZOpr{akrJuF)YMzUldqx;g95gKb9u( zC+&CLZ1F=y`Shh(G@OQB`5XKjA0CQr#t7f`MjyMrchYnbsiQv;zBCQYE6Lm>)| z)=9v$^K)KyXo~wpKXxP14^pRx}l1L=Og|3v@flrYM<` z<#x05w1f{0?}jN@8~m-)!N;33T`81@m3ak)qq19?*8uP5n)~hzrS*-**e)yv=I;J1 z+H}X_u2zK>ieAn|H}7;|8hgZLx(bnBER&DV;wcZ>`iufGre!&ea)iJ8N-f&&`Q037 z0aMMCH#?ljCTS z2fWQWf7A|BHaO^QGl7ishSN?KDsdR~9h0hqxJ>YrH-5<+8`9Q-jWSjrx~&UEI7|e8 z9s$kZ3C%h7PkwV7Kd}kt@KlohAmJP06hogJ63XxBY=e9H)em?Tf%nG+C+{vfQw^gA zWHl}{h>pZ-1yO2#F=*4JX?TRggHf6`sA4wZS=wT=Rc%|ZhL#IhExHZ~x5wyYZHCFD zw@j?LbBS~{Pd_Z);=B@Kh8Hq$<=;Q`=$TiY=7wgVd)Mre{7~al%m+uqM&z6 z16=HWLV97mqEsoxPB8--R<@)@!?K2?&GUU-!TZwczc^(hVm5?ImL-^PW3L;A+r^+( zE!s$7Hgd3v&Z{3!%P}&J&8YLQ(hAMxfYs*kn2HmfM~>WkNyWuLG*9 zkp%0fwF3|5slp*x-Bv^^BjGt;G-H}7s`~YuC?KEYs;j9*EZ(yZLDaS zd@LY}O(f!|D%O|t(fT4zg*jr|U~;vXjL%;C!-|s9zij?q`RoTRd>tHyXq#yyto*Y0 zp#zs`9}#zmgx)WW&kmL7!hq8rhC0Y&>;DO6m>?nEE=B zk~K0k(-#4`kZ1v)nMpW-`%t)eSV?q9m=yHwjI13T6P@Z#4(-vJm^^7gI z-`Cd+agj{zh4=$ygK1CMwLo%>lUxcNdnk{o;u2HFP*{-@o>6`HDt)zqJp?IbfXK0eeYvq}l()$Wib8Ie*)CEuSf!os2VQ!m z*1{+IHm`7*W?>xP-+xidJ!T%cAaE6dsB)^)Dd7Ws3X@J){U;6FUlF{ZuBQ_h#I zKX_#WRqitPv&B|Z|1kC&l`4D(TJtr?gN%>g?q26!9DXr`&vB%Et?|JF=1$lB2ur*d zrn^stX#Zk&{%D@I4m|ZP#_ZF3uxn0crL+m7On|?u5h0%;DD8~GjtK|wq(G_&g`mSS~0X+X!OUTd1R1%o+jbb4V%i*1uPEHT- z%fsb$AsgBJS|$~!vVMpjJs&Mjft*}Zl7C5ax3KU&(M z8>K&r9H`h2oN38vb<_hdfMcxR{B#4;#f|;CYc~-7P2}s%-h#%MPy>B76P!#+CDxGw zPg^qDKTA`k&GS;78X2#oBt3aPw0$7QjgNz#;C@f?;|RLe!@SQr1#jdv2Q*!A5njhH z4z+{U3}#yI@%6h-WbYQzuUgm0@wgOZsV}2y-ndTV0{a7spOXsXhhkW7uXS3ExD8qtL0B$2#nXi%?n;Q~smUjIKz`&|JsW%j&d!SOnLvTZBjr03GvD=evhf zYHvD*yM&wb%MUi_(r9p5z1+2G{~FPdyUJ{E_2V%4Sfv&nnIiU>=`90Q0m{>>@+f8C zES9^Vu)|XRg7(4CGZ9X+_wau%MDG9vA`4dZBIA{}oxWB{`q6U?*JXJ`pp=f-_bECb zTU;@bKAtbu(xxwGObG!xf{Gf00PHH}0c-sI6|JC45i#0R*MT_F+frh*6xHsy4!syG zTQG(c!kgbK4$3Yf12&+Grp^vMf_7~A6B-5U-#?wcZ6in_2S@4vF%+3 zvSe*T&1Y)F_b@;H!Yxcv?Nh@HTI>;6`nqDL>GC*Xek_t#JdIpCS``{|Y0Ax)Ctid- zQhHbKn3lyJQ>gt33?t!?wp-e1;7y}T`eHH`lwY06uP_vi36sph$PSB$3YVUz2NNUo zVU?wPcxMV1E;Y{-j?C=wt|3f5veez;C;Ls;8jNUUxR+wp8<}1vo^Qh5!bbLk1n-hN z95PVx(Fi@T{9-Y4439s>h7NW>LVG8oiS@)D{2%|~9pQFw0JIuFH0}glKeCi9=1E46A=rnFj{m1zj?WHvO$r*P_t&00ER&IJ zp%|F`u3xd?y%QN6Gw@RpyU-KkedZQN;yvEtV3=1HmOmy?O>lRp@oQBZVvZ0XzA-c~ zp)Uq(L0PHm`p1MxNCiTPH;MUuDJ#DIUWzSZJID980Y#sM@NsQF1Q5|!uG24lm92DN z-?lT?uyJlG^vHj6(jzBGaGKSLaww zO~+`)1`KxlpH7y(UkPfFPaxts<+lfByq#$po6JCYCpWo&ZCN3yMjZUlHt z>zb96qT%<(jn4P%%rqI)ceG3X1P&+?q)#KYH11+9*)_3eiZU;z8P^hq-)$7datyJR zTFd|QQ{;&OP|BdC(;4rK7SG~BlN&XGk)se2$H4n9S_%v<)lCT~FVTo}X9c}d6Z-Kk zwtx?zl$9njlZMPbp&fiuzJ-=9W>Qxa|Ew;1&HUYib+LQ}eSad<>59a_z(O@U?FWO;TS842E2bTCr}32C<(*B^WQhwtfI z;rjiCC)}ZZLCw#Q*sYZtVn5Yg6ewYNBG0K_-0`U`wvLA#YO0faJ6(q@H*bni6spD4 z!B<}AFc1{RXX*PvE};76Hc@B1pl4?BJuh<7+~>i?#g?UqnH$sBnhA)1-Yb)4S`Wzo zRpUOtR{e;&bl$k$>kr%JB)&YcU(jdndM7hx=i-m4EdPZvz!_xi`UXHjdpX1_cldY! zKh5lRj3p-^b4G*weQ{13cgV z|KI=76G+UQnel~P{f6085jv=B%A1&$fa5+DUHG{Op9oy>MTur%q5tb2@9ic08vWAFjD{?85p08-D#*jYB46Yg)&}k7@86LaRgmWitP}YPsc)f{YmSxALp_P zP>{Y)6{RAExp`gRAOg)8<1`A7{Zm3F4d>}8izc84X($w8C?U@CJI|KBqV2ogKdF_( zvlA|ksy-yGd2&~!E(gK;9AY1!>&#w3UF_qCdpA$W)#0a>kwGZz6@-c?r{d9QoRHwb zhqnY=F!PIV%q`KCzH4i#)1hNTl~V$a=OF)wi@%s}kxpb@pH_&_@@}0{6#b1WsZ=a@ zd6*XdU!^3pad91#0N3Qjs%kZmhls)~(4{rx3 zZXn059`)CcAVJR7aWi~$)E}X$@-JHR+el;fY|-z8pA-UAKJV@P{HTrpkMS(x!3}lF z5Y0DtMT(lV|9!>KWgctFKX5KstGEV9W4kDchPwdOD+IAN0vg^9DLJqmL>H;=^+7Wh8iW}+N z@yS@54JWPpBwjiMcS&-(BJHKlld49sG!6B9P4B4iFW2@tUb^rX{Q*;+Q zf~bp-(-IONDXGim{WnAA#yesySw-!#w=PRbNa-eSG&}FZy)GM-c@Xudg(9QqLf+yO zKdJ5)ZU0#i`!Fo(yOhJ8U^$tv#Nx!#rzajozNX zRlW5Unk@t!X}A-zbQ_@X&d@oz_c5`iUYc&mHfP9pV)l?SuZ=VrYY{d!@)hNf&%Tws z*QJ|Mey&R?aEwcq((KIV8|-GSl_ZIeyqTKF7gZ%*b^n!tO!tI8pwK`rI~H!SH4FI^ ziuFchIWu7Yokdd#URXNh!~f;~?ptnf0>J>{cb9tGN7(DnGm3tw%df_-A0TCxyvYf@9>RP%k+7`X z{*~D<`!f?b5s`sz6*`2#iqPy8UiHiZ=$w^(K*l>1+7+Nku9AlAz5`30o1ZUL(n0bv zyXvUaQUBv~9?L!mg6~^1b-0{A#2HlOeJw{-8};rw{}e0VF23Rf=X$7s95tfLkW^Pbg7>6=uU9 z1?~$p>Ki;@dm{gj096FC^sTA=Xg^|N&~5Msn+iGwqIi5r45FDX6|&<|nM_8?hMm_P ziZZ~ihL@e>aTu`35?_OC{g~k|D$Hg*tcH7H`?)TI9UJGyL20V!SCLo>1plQW+VKK= zH{O$bMm$-L(Y?b!%yG{>=e8x4DTUjO_dzUES~|}UGd4=9H-?>GzZ&AD@VoQwi48Z7 zNO$O>g<-=teL0Z$5o;gtm2hAnxAorpw5NM#Ze+AeZl!Ps;To^4E2uXFaqx=6{@ zZkB~Vs;1>8*p1r13v99d7)(G0@GK(Swyr;-se8or6g#NFr%+}PrBNwDi$T==}JeWos}gYavsM6vBcB-m<>1MONk+yfqkH@U*0I-h3uA$|@w^UQLlwxE@c zQbGXyVR~;ORbMvYq(RQ%O>~mUo*Zyw4+qS6?xgB>W!+n&>-!1zBognUi3v6(Qq}=; zt0>tbIOWa;!eakw6CnbNUw-rOuCv1SzxTkMD5+tG>w+LLRu3kRcoNOD zeYUf<|L_amIW{%-7e}}wIJWwfwBK4qzf!L~d2zLmA4mr?zcIO|V>eDl7l+E+$^X-|qlG0D3t4Fi(as5K z(a-IFZe-6Oap@@dlZDja8UMRTh!0&Vs+=ohUFqdXs!#~N5`L?u(CzRi47iyIUp2+s z3S@||hT}*(13N31K-0gqB))qczI(zMQP4wO{$|f|bqSQ9;VNg(qB@De*W6%=Hd6)p z*k@66ZJ{YW>%u;~^1f-icQjI-*l2VvuGQF2Gd_QUXZB2)>kyLs-Q9ZpHvTBRednqI zp^(2SWwa}MA^fpq61TSj`y;s zxu%qgmMu$K=U1dL;8wE$qrhj_$SC&dCHVEeFF$z2{yE(WFD$XQr`_64tIo6n8``Od zIbCO;0&hLBsa8jq9%NGmR+xoPA-!kcbzbTCp{g(!zgyaCfMYcIF8qk+R>Jg#4S=UH z530nalBEszvebyWjjxm$0Jbm7>3|Z{n|a9S6&M+5)7v76$Yc zwvvs)Umn1C`kH#iXfigsj!eLU$m7Y1GQF%@DWp{O*n27dR*CZH2xM)n6FgI1c<=w$P(vshcEdewnHx<5C zD@QEWCryZZ2WsPDA2g+Tw|o7YYe-}_hZ5Ua9xUE&RWUh&B)Z0-9!O6_L0911JbUzA zW1%h?=I2@Fk?kodK{KpYgsGSlMnl~ymEqaaD8pYmLuIAt_`CZji~!p@uCE6j7y3NU ztaiKke8a4OpFW{L=noiLKhX|Wz|%JL9M5($~G z2-{6jOOc7pYQZ$^*JDQ};SWB3WE%kCfZB^ko#>g2TkJ!~m_^7%@L)N(KK(vyu(A6$ z4kFAWX}b!leO-PPn|(-;(mVkf*piMK+5rk|Zp${Y0kovh@#yJ^O|K0RAbrA8XM56Mj; z(ZWxNq{x4kT8h2bE+ERK-_d=jyp{u*UkuUXrJ&N>&yB-roIXjRmIu`f$t*eQ+FJfi;#?^?y#ktm4 z#jaq+XBH8MBL7_1{&m9q@%=Pg?!nzzs%%;Hl+V`$`r(Jj?vRJ6Q2E^3WZin~_RBV2 z!c==IAt;NAyK zy~WuFx1rU|LCyiu;h!H~wvndyOwl5I>=ewP6)SvO6_S^MstjHO@4TF4GY#xM>yYm+@s4*E8M^pntmM1x0%g(O%#6IX#J(@e+VcXi~#*I zPa^3*C1MO>GrYmaIOe66_};6NwV3+?N@}naxIrz}mXjdTaA+g6NJvDaQ-NLAgdb+* z>GGRkRohDpLW-$!hkmu$s9Nvwx9_>%z%>9*AmgI$mK*vS;EU&}Y8BKo<|Dc%Oi5R3 zCJBkwoEZIEZ*EVpa0?eIzcZ}JKpG;)g4@RO zXl**ZHj(R}oc{0an}Zi*fpKWG$U5-1uq=Z!&FKRD>Ve<^#asCK(@E_F`*4c?<=2^J&214LhE1=3F9Xf$tTPINMJx}@H z2j;I$hTih-b7qs>ARV-c!h*Lq{3rw~FDASEctJ3>FiA^wy3#6N&Qz{9)y2o{32J~8yTJ96N`b=I_#5T+ zC$HD!F~Sgk<{yy>R;6RCD)P%nCRKziU!6OTkM#QU zleL@*jeRG3Ky4t>uZiu^tXpOb-018R-KlXxhM=T*qDX8%+4rc*8K+@`6GJ}nTV=Y{ zl=M_ED-q|FE7p}bw@pn5!94{PTxX-%-lwRQKj7UM#4n?LBL0%oSCKquJZ(6&;yQOZ zg$T)6G7!C5iB%X?%YxR3H|fboZv=zpy07I4BF$Kh=eUCzbEk-f!n&K2#x;m95WMb(_832UfafG0dGE~-I>aR3= z#-=Ny#uHr{7n2HmbAt@%w-E()A`7KHFvm0iEPp8Ow|N$qI89eI9k;9f8Wp=yaOuT~ z%r_uc{0-`*)vil!{~o&aHq3mwT!d{YQ~4*r2FbrC%od=a_dIw99h72&ag~i|Sb8_H z9EVOC7P4;@+Tuq`WlnK|Gq82fcV+ zI0;j1D-2{#r0xPRM+QW6<||M&5a!4wom~-u4OyiK9_`z6iMf!#bncC(%^voDwl#r`Qtc)EZr&6=}^Mc*+tcpi-O7ry!IWE`W^eFxGBm6g017WL^wk1&%2xKJADrQJ{xJKzi<(kmLHd6_Ba-MiTJ_gKPZ-s^s)g_ zsh%#%xIT1KLP>P74z&0?=M}Nju%w-D$we?0!g0Y|h4N%{&L#I76FhlYTpexv=J&&- zYM_>%AQ0E#mFz zA9&7yAQ;}CsGZjf=eswvP(k;=la4$;1J7|u?eQmX6Y=|eEuey6c_dsg8iK-xOFdB^mg91_-`-G^d}m|~4>QOTUe+!Ty+i7bdUz)0 zDVfz(t)I7qv3I*ArKMFt*Hzs$H=+!63)eOZK!$k@$pc!SV^t`-!1?LP{lUjbutfYo zbiX=V*Bq;eU4K3F5SJ>54%Yf;VwqTvnyIM6&4ubcqsz@UwovqN{tJ*YG-aP^Y6H2k z*Z-VovZvg}+exySc~3ahgp8DVbn5TrPXz`%zY~8G5jGK4^`$*6o`^nDD>m3QSywjv z=`Ao)6hz_}w}z_g>2W?>3S>cI`}tQQ;;vl;wNb6`lhhp;CisPX;+?9%-nEMNt?+QG zh|wK#AFXiG(r+VbL2;-Nc8f5RDLQ*A_R-**5hi4ZRU1XY{loKs!!`P;8@iih{&Uss zDL3!UMDR#)Tr{djvxVwD`6pN1q`y;r{K7&F#@yKR`7)K_As-$r(U8b!(e#rCn^J&9 zQ5bt-nVjy}jX=%3nX^#Ww-PQF+#qH9s-lUE1on;axMq&uM73QGhjNE`8oZ<_B3W7= zUU=nuzRyhC1t}|1()^Tf4~ShIoulym;$Qj|n5}m@!IcLVYxq8()8BWE|>8PA6 zP8VNXNvVbA)I4JzUNUfVqz1o(?h(!Jj7!Kc=pc$g?FRbtgrGtD$Q<#VWZhkeE+}V1 z=&G|X7#l(14V&#&b9<14Zkpst90OAdK#n@kv`Mbo(gN7D9G20g6&n6*xFP*nFAc>o zkzLi9ffg(YbpbX6@^A|li^O3pHkPq*(mCPA z3leSYKj4qtrzXXE3fOOGM(K|Z($>3z{^O+0tQO}{=SbeIGhteq+s&^JXAb-xE~Blr zHxI^L7T$KPff~v7efJQ$VDscd-|^$sgzRh{Z%^J|z>V{nP2_@Vgb?@5#Axig@ZLB< z)*EelFUWA$-TM2o%)Ys06v%c#5!ONW>^G{KjtPIDgX%#t4SA?CA4dgAR66HQ&N4d; zznVqf>)6!jUVN7c2bAkUVQ!efWV5^^3PNePY{OezGOK4epV`Hk_kHgZYAK6H@Qa58 zM4ELfieJfq16n()rFr)QtWcDHOd_vfjTQFh+g=jt8IBK=ZFZWoVkEy|*``K9W?+5y zSbtWM!;h&RBs}6Z8>lPy$vg{F-XwZc5|C;|QDbF}m zI`vB;3rnR|l=0-a)$2S27I`s2-@D+)r3aa!!)vN_b}-Fx%WHsXMGjMvXM2@)GnR8q zn${uFnXL%1L6P5F(Pd;jBB!$^zz$J(ss+HSVa<;Aui$9grwMNz9+@|75zJ=BbL>AT zTn2x9i*$w58hOcXs?7cGWeR1Wg0f1RzKLuYN4$#qNK*-_!Q8{a+w~r5=2LB{eG_It zz0E7I3`{w-UqO>U5rPEr z%*=k~V_~bUrJYwou!%pP*M{z(R#Zvg~h+}ycEfpS?dDk9@W!=^~yFW`G%%hNJvTPHr zKe_9wLGN4GE*$QN?g6Yg!%&%YPZIJPvSDJE9v zr+$^`=x^;|D;*80bz#sb>U=NM=M2VtNTOmKO5&w{$5=lGnGo@J6?UYRn(;`Nu$f|S zN+=DrwdpS9<2Zs?>re9;CyvNA0)*Owej+5V|5^2)5sf0J*KWq|iF0F1+GH*7!vV;8tpqK=o11J=0COz$Ivf{I2 zeK3=b`0nB*JY4OfrX`4@p{pbC9Eg+1cWs&v3=dd3e}YyHFhI-_m;6I(Ks)fKOmIz# z{M;^qCokv=3eWPB!Fa7dxp##epuSS$2ZhH;`NHgfKU&Nv*A!E1eQiI8m>ezQOnc2O zppa*3vU||3CZ8w!^)P(aIRye~G|s0%21tcz$6bc0tRc98>; zRIU2C;`2lhVEfCgAl8!tf|^HF>$=&?1l=de z3UvA>uXlja4r^SXtNoLGBA|{koGlFlL{_Zjug1RU^aQ{@%%2(O zm>57kMMK5EUz2_u8RBnDMyP1D=st*%LaRGh<3@xmbY)&fFkO!55{e1YusABZ}N*+2;g&>uH6moBi; ztS9}+v(7Q%scr0(yTvyMB)|u;LT6jiz$4TuL?i0|kZU^@d;57bfplPFAw2|2Nw(g&+M?qqeG>d|ZhQ9lm(_HbuAMi#L$sF7935HzGYC%@AIDL}bo&Lzyh-V9 zHfvlZ=gHx7X)EV27e%4FL?(PSl!rG|A$IgJxiR|KL>!jHow4*|SAof-w!<$Ysd}>z2ccK6u%CZ^kuId(BPh{>6_^GhIc@V*JRt zVMS(RA_q8Rr375}BAMM^=ID}xE(zCpT%u{PV_d^=)SA6Z8 z3!!9=&yfg_nY0br6q#=&;EAc~66!fLiY;NZXCTy4i5JbGE=t}qgu$Wwu(u-5BeFTm z2s83hYYtfrT~yYAoe6KANaKcL)NS=8UrwbZ8*e=^q7J-s5kL?I)B_vGb-bQLF1qm| zw}7~BB$IgOhMYs3>0z(pLl)U1dH#K0dsHW8*;Ks5 z_Qy*^*&4#<4hNF3gMQ1x?(~g^N;}6>p}X5cF{s@a+LnfQjN~};$H!3I zy!@Srq-eiGKBL^3GrV5H4sr7o2r`1r6TC;+qC?7#ICtY|02prM4Z|Bn84RLubfF5f zc-2UAoSRA-;LyE^Pj#$MpI7izZ|Mhv>n_oKkKes1j3u&Ewb_IDC2!dTp#?o!=KEO7ydDSXYRkI!cgkJs5 z0?*y-FeQKajkM2%+hmVH!f2kdGU1K0a;(}5S3>$aXxtN`#^u#(5|B+_~?aU*UsGB~#7 z`X`!PIkfY(CpRHnFW_i%^i zGO{lf50g~Uxt5>z4-PvN$nXJOclu6T18~kyamjvPNn=R3kL34IS0g9N)%UXdY@pip zv4BTpFr{3`_HU|lt*}D{El-ex9n<$Q&0oZp)tukPGDEb#&AVIo*%wW#?{!Z+l%ab~ z*mQ{OVpz)57U5*rh<{dJJb*Y^N386vmH>9)x6NKck|9-hjQ7PBI^;dOY7kQ?*Ttwe z&7n@40&UwEVNn(@+fw{Zj3b(h-)}C0ObiBwDONt#pSzTO-Pbg8?5sPC^_vzn*>en5 zzuRc6O&a*Rw@i3v-1q6_Gx`Q^j>d~LRn&>|J}@O3M1Sv)*(!0uZhG_-K?z~7JMD#R zrkrLeO%=XLbpG^gk;xqW%f?9L)UWDsAcOC6)_)Gu|IK{7A>n7{l5<*6mc|TyGxuZj z>TpM=ZDO%7bP5`^x%OrD9Rw#_wfVn~hy+Irt1XS?r?y*&IuhCv&w6qAo$z8t`BQFm zekcky_fjLC5mfy)4&TN63XeloF?@a}v!!!2xT|BQ{yH(qxSA?&;-NRIRJnPJU}*g2dvx>d$eRYG!Sc`&Xx zowh3&jJEI|f8=G9`Ok_qw8uxG*vwVc6U-zS*Kn^b@gkX{OirTBa{Cl-_4@u=+hN1j z@!tGdzLS}$5q^rEgp3r-8@wS4s-va1r*3BZqWcmu4rdct$=O!VJ|DD@>&f-ET&&s$ z@$fQ`#JKrzSSGBdkiY_l037pL?4d_lVfvTn3b}_b8edyABUW<|cCSH>KRX*izdc$0 z_@NDMB!}$&p2PE|*>=Op@8`qS?t81Lj_ZqEMVO)tZ^T86Epk0kL-5B4$z3!#nR;2+ zuU^R|Rn1SC7x4?Ak{w63$z4QmB7EXI&b4`3#(=yg-Umt^Cyz6|tfc)lO|LBDHYBjV zBgJ9-8$d;{kTr#JTEGa*vlzU?aQz^wDfMKF6r zm^aRD(F<@3n$I*mq`8<>-anL~$ws}A3}1!1k&XFT==@dWei39a8l4j(q!f?gA-T4< z+$G*2@}grwg48VE2YkBi3$>t}-Gj>E<&FzD`edSMe*_7{;4p42kLku5K7J}U%eoI- zfH5WwU^wMQd)6*>2ywKmy5&bb3FdXcvuKLDKOu7O*z(Uw$S2bK^Q9+7GLwO34Lur1 z8|nun-N7`S;O0uU^7nW2>%I7-eSzU@Wy!S%K62fj(ZD6;)g7ghW8TfeE_XMDdR{py z?EE=?xN*k(zEZVrm9J^b+-pqoy&5LH*@D40!90Z>W-8&XC35PfCe|ZQNf-qm3KK?1abxF?_0r38@SSp z=_ugE^DnFWBni_AK*%UbaO(~!uLxHTkEC?a{6T}ZTLe}w3{A#i!& z@*))(k~cq~UQ^Y$S|)usBwAqeJ*Rv&c^4*f-B*(P-3q6rc|L-dYvQ|9g|kE|Tzl)_ zp#JL5=$i|*M&IP3U=(TomdaTMBg@uJlBwA5K#a=kJ#N{l0J1ZVNQBBmwC#4tn^zs} zaKV}0G0+LJV_SZ>rT(5;zqw8`gYGjB&d%p)pb8;(7SL&N;?05#ZT~s-+h}6bNZ6;> z+ux;|4FY%ZoHueY|YYXxMswl1tMj953RD>`Q~k z5-5|}K2NAf5wd`I0(s4@V|l%d-^V^d?-l;X9)B`{BAeYF%?AX zV6n#DI!Xu4kWMCWIDi1>xOuzm8I&Knc;7hzv?~<>*~^hVaE?9U?t#-cIJ#w|#1!81 z0}BG*l=`9Oy*xTEzyk?HZ82(DEk##5b%_gb(hGYc+gil$4oupG`+?z`$K1~NG&3(m z@B^er5Oh^3(V9cRRAa{62RenXI|+fgL=`PKu)>(|jE_Vae1tR(YC0QjGwlt9USKgMOcARSai<4Q#&=?3uPWxDJ^24eW z3_(dc2dQ%WHb;Lwu$N7RZD6EsqipORAWv57-g=z>efYM2j5Z`-@JDHA_fz1`m((L{ zPA6p#xk&H4V2R4gczC2q6#;$PvV#~m48QZAi-+Qh#c}soZ*Slkf*BSXl1{_ey4PlQ zh7GWl{>ZY05a`8N=sFD-4Uqw+^Ul*RuI&@wSl(D} zl|X_#!j+o_koyOR%0p!u0=2+aSL_iQ_}h%* zNWsQg!EKe=S$i3`I!BZ2uk`d!FvM8x(9hL+g{wZ%%-cgaUAPwGK$$YIqT_V}Go>j* z!~c9yIsK#Ma)o1v)@3} zu*Q}{TUQCS89gSPe|pxMcOhC3r9@HsJ(^W|8>kFLqp{ukFhK||D`SY5uqcL`Jk)^fB<%C{ z1=3X|hElF#`a&lK19dB@k#Dyid8EaZ z-50uE^yFo%nNL$x0{Q`C2`WyA>tmX`98DR5wAne59GIW$#<3Boh@NT2=@5CY^qA=z zF$>Dr!!378bym6cS8>DB3d7yhU>P{{62MCWFlj!Sdt0>a1?~d|+~SU{q5TOm7ISFG z2cZ|LKOJ)0RrL6}5X`Z6*P;??FQRqY{2XZJyCfL6!(YF7B9fpNC4FW@ zJpaV1K?r=v8F)U(A$#skHr@hTkD&NF?_ys{>Mzm5$n;Mk+dmM2q+g+|L%0;X2RF_0 zcwl`AR@OV#*u`6AJl94xjk(>`G^1yNDiC%TMZWZ0d-2kor1Jcjwk%p9aSIXBh5Ot0KC-=Eekoku|S3Ka-f!ZK2mUqa6fS}vh&2jLHnt|yf~>GULJ=ep1g zq4l_s39Bl2KnhUz23&Zfq9RE%^ADjU)Y7LaAV;vxO|F$8`m!49QIWRWI-#y7iI2?< z8_1#yvv##(=q;AeZwBc+`H~eZ6QWESKARejcijOll`Hl9ycwZ*R7O~k%D@FLrgstD zZ*hU&UPt@v%EkTTuTr5{6!8B8cY`tM@7n6)uFf$a8k_|;02X}|sgBH-yB0_A_QruE z!lcSQW>z?pO{v&TFqQ^p{0@M31jfUC8wvQlKfu(i$gPczx*m`MvIME$Ljd`)Gk+8F z3z$|belhJG(+19&2mOzcKol=xQpt;?^FOGKMl_~brtJ4UM&ilaz3RDb^hxCIK8^!4 zvD{ucvO@6`bakL9;C=LduMuc1q(LH#Qw3GgN>mzk^=~YgG7SZYGMU+(18t>LmO*L9Iv)NY_Hb#bg%pA z$=NZ`bC}2Qx?d8gbaqvdH|kY!wBd6}6C?uZNvZ;o!KI&-yOWTVmn4ZitM272{GmXxnU!5ABtkOTBU}`wYA_;JkiUu4%rPS{%*)+0WL{TOlCyDB+ z>YFX*Xx6j+FMoDceaeY7INQ(t@zT5fq-Y1XRYHJMrZX%Rl&R6z16r+cDeEARnB)4S z$Lf@At&Q{a(XVwt@-eE7){YZrfd!qi{(t$qYHzZ&*ESJ&47T1TUJ+x>(iubvw6 zZABa%(Yc`b9$8wJL+@LltshL`=GWjbW}* z#qkL^6h?^jhAQcN*%3_%jq-4a!nLVf1%rN*xYPVhK+#Qs!Pk`ok|#^XE}oJ?qyb5+ zy*>%&H~1SEF?D zslQ&DpfpbWgd!hdG-LR~x(>kbah}{AX|;ME^`U#Eoz@9J&sJMquQhQ^l@zfZd853q zLYtVJU7+0$wj*D$cs;#n9I3b-VUf7wvVEg)Qw!JwMD8R3iZenLZB%nOVl4^lZcp{> zHY%n-GO3jCOHAUduCYaAYw=yrRzhIR1Tlk;AWTP-^0^!D^n#-5ImHz;*U3Fq-`GT; zWTsNIy0b}=pUS`v%^E8w3+FfHR)F@HJ<9g)(cNvSo;fAGA4HK~nKoJ`{m7mXqhVENT&4ge=e-~dVK083`NtWWU#va@jdbVJV70Yp&F6a zS?x$LXIy_h5JU=PBw^lPD#4~x#NDOXLfQoajU)W}$iK|GC0HdxA^GWE_Xz2Hbl#}p zq8a+sG!yi|agM(?=z*i*xZ&!(xiD>41|p)QRU-p!y2)!rFQA}_d=JfgYM&FZtFN%I zzO6r{j`m32JRC08niwd0K>%K~Czv@E4KQwgWCF)GV|3g;I5Id43uM@s&8Lw6n9bey zrgLE(&`DCJH$swZz5g`9UbG$*Idzvfjy;CWkBv;-fd!pst(WSxbw3$-n8(d4UnN6y zJ$1e1Hc{Yettu-^k_))8&)^Q8OD(UjIDag>8wO-w%}+Vj(8RD;U>av1SHl|pnWKcP zvktHHvQzVpiHKY4rbm$GB>3$v`PS$z`7v`#L5iD%T98D|h`}-IjM3Na_RV{Mv}^ft z=&UgK=UAFnfSV>m2f{$Q_Gt{=I?TGTw2NZ}c7eHexk;z~(Ytm28#Y)v>b6-1oUqa; z253_up9u0Lvd?Qpo=)Xv8nwKpHXhg<=GEtmz9pFxOw)7u&k;MuGYs~qJzDvG-wbxtAoZ6q2*^BPXZRVUuhmZH2j_%m?7u#i(*~`A_UDOG2 z`?|<(5gIE=v7@dt^m6*I6G5G^S!S@%^Wtq@__cUu%wzedl`_ru-?|K+6q_k zIWf1$`krGe=RU!kGo)8JtoLPDPj~ZP2v#e3*<-_tQav-VEY zjZgg$`3Wc@^THMP<*2a*Wy1z1fcMSs2({?LPhsi%Y7N3dY3C=|>}^<2s#~pma__!R zbKYIJx*kezQ0{vJS0ZH zQ}X9Nma~IaQ9E~o>~+wjpKWLWg{A0*%)^@zEbWg^&Q)ix#~~OzfF)4% zM*l*+8e!(E)1O4;^qql++_XL&cK){8oku}~C4y)qx$X8J`spz20JAhs)yAf78%*YwO-yE0X|e0Y%z>mTgpu zj!#)U@i*H{B6_e!!1hz>WH238@xUcsJ;)BWuZizp-y75k18A z72AMcdz>iw#KAXcuJoQlr}QIdI2YKWD20tN|5dze)0MVUiO7BAqH{}aTF3&Eco!bx z!nVMLGSMT+pBdYU_}X3!bv7d%OotJ{`iW4DCqFal!^(O#ptz6wi+7u>%bc=T)wAYUPBOV>$a+HxBMZoxd>-&Gpo<$Eno26N9rJr+LAJ!bvvUM0x^J&SfUM5x5P{?uwu3$5P)jjUlM1|af zdM8%>cb0zdIJC%*tKI%a-FY3njnKr;@5P6YuZK_c+X)kg4{9hZ6Pa~LX~Rpz{9#Dc zz8+Qe*4L|WO!L)hGjy-lbk?~a9v}Jg8xJ?3D|Ygs^m|myrfB|8i#)? z^99fwI=Po5VU-aNLO;vg6U3)rE=@U`*M(i>bkW8Xr|E3pGpTZanZoZ2HWbTMeSqsY z3j}rN4tC?NhWr#%Aj=KL;a0q1blF>0zP#(1k{qmb;0w`dAckSSnhQ+C6@I2z8+rd4 zNsy+yN@HLduV|KV!)aDO5ZfBS#m{eUWwx>G%-on<8pK+8r1qG#$I%ed<@q%pW8*pI zYj-3n@WYs6(sO~!@91dZQO4C+3!}GE;X~=si?4reANlu>N}8@0>V!@JqblZbPCI4e zu=Bkb-E`@CN_D~5Zzo&_JLY@(m6JcE^|f}seSP)iOW-dBW8LJUvfRoyljnyIxBY&9 z#Wnt%W?Xu`ivp}W}81CctwgHUszOQ{WXIHyxHROK6G${F_9ZlB!hhH_ABf+8FDp_`X7a7y7CHB{K&ny0CXFI(y!` zs;++a=jF-(Pm$hGf^1v<*o@8DXJ-q{KwmCBEqkO8{4G7$^yI0*$h%M3M{{5{vg6J4 z{{LX_Eu*rEzJ5`pLqMcON(5;T3F(sVmXhvx=zQps?vU>8?iA_n?(S~5`_cb-&wIxi z<8 zxVz<`nZ9jOHA}qbW|gV%GCzHae6_V9;rW0bllA?*DB^>*ZBc*7(pi~Zk}iY!K-l^H z+Iw}t%3l~W@bd8D_E@F${OIvGcY@AMsjb<%QTEMSx+uY?U-00QWjuA=uC{aNHC z+|WH+kMA;KGzEJ+1>sNI6?}t!9<{=+1_$`O}&T z;K~`wW%^B6nE+)nDGV9=hqRvOnWsE7yO+C@qUqHYS5wO_;z8BgJe#SA3Okh?gA1Z% z=eCPR@1{m$O|h0TtYrgDk+Uk4yqg!}KaH_Myp?~*SZ*boc`miEryS$xD&gUi$lUp5 zwD5OL1Zs=ye(VeirBn@#brR;ZSKzbgrm*LWy$c{DTzCCB+Q%?PAic`0mVGa`%armsIW!zlW%hbQlC)(JuN}qT<-@!+)YxH6AjA z7B3#G7{=(DQ)KI@?J_c z@WiTIO5kxmW2sY#Ncv8=)+j&C?(#-y+mBIjL#`!F(}x7MzE&mJxVjnG?V~|ecHyz< zbmtP;xg15r4qn*e&}a-vVBi><2RWYmIu}-7=H(1HC?&9JH|Ed*0J9|>1CB~hT~fSG z*O5_ak7tK;Njt^2s^875z6H`C?^L_Eon>BiQ%JfQt{Atla84!LRSmyqZ!YgT4hP48bvy5rQ65%EjtUz%&$BwGQoo8EfOj8dVgzkW6F-W% z_I1SldLT-?x~)AoF6pS~foIrFR9a9{y!bB1J*d*`q?CbAKWn3i>y-+$Hm#*CWmm!` z@~HM)ur)=`H{CrjqS4w(v|jowxK6t5$@Fc zdHoWQ<#m2(5?z(e;2hgQkbyg@JkGs1u6=^ES;<__z1zez7R3o#7A3XTW@SmZaPXfA z>wqOhx(*yU`X2Zu6I9le>0$Qr`=0*Sm}NONt#gJWd-tv#ANEVghleOuuC`&5T_)^V zlE9G)!t}2y4GAjQwM`r>0@ydUMcU9A>h(J~!cc)-&I7^pz=_PG7Wb(n9r$8jMd5T< z(P3Q!A8g9mZz`1?ml&MzP#h`o7Irq-^2@@zU7C^(Wv4Fbi6TwBeJ@RI;qx}O2c_Br za7NAur^G&fbXsP9;5PsuB{4crPYvb-+k#QvZe2*3TFvKxQ}SIRO;Q;RYu2+GMszkm zUZCMD!oVj@;$3_51(VT%18+MW?>);O5a z_7>citg9!b5Ni?G?aRfYoG&=)5Lxs1{wvK<*R;((IqJ55L;SDKSq!Y$8;E&D>a3b_ zQtTZfXb<({RllT**=c6Ym!SsM=_sp8>EsAGcmN09Oh7Qfw6VB#rgR(->>ig7H>!_x zD1K=4Rk~N|4{E5LhRCZ6VyW_qt$ZwZz2f-+qxUsw_ zdpd-`94@##S-D+tduB2*rM$}Hpig`@Cu~&yYb%pk(1CfNg|YY4J4`?zE(iT>Oks)C zjT`(!vXJF&deuL`i1vq4eeXGU$7mwGEoqW#HJ>Z|oW_^8cV$E_d!Ef@CW^G#gw0c>E z7Pak)XCkW^mr9rLQQ7wUiNKeAhG!ggpU985Q4RSTEnC0n!NrQ5{0SMPVCB`P;Ywm| zj)BK`uAKbG>1RqVH|x#%8Ktc8jK9%0$f-O;oyH`v3L~*W6&*E%-S&j!xdaQUA1CCx zvEd}w{!FXk2{rCjsEv{0IK)iX;eNIx720aZJX1`L1XQV=SK$A$0CgS~fx_A7{M23K zl57)A#MfuF>nnnZQfdI}h|q!IR5h-6SJ`jYW?Y*UM+VsFno(1e#E}@lD57Yd+UPPq z4ydlr{Q!c<_ZA!|H{55EbEA)v_T+BnR&JEdf>JZZrnbibD5dS$*P^6Ylz0U!gNVF4 z3rqK{qUR*9?og=RhuE6|=uF+z2qxSO`-A!Vj8vj(%yG7in`rD(>(w% zC+EZ&*0Zw54xf+V%sNG#U;h7bWVOF^ZbrS2a=d{WzRGr`;I_tQk}i|04mD$lUU1zCNch z*HTz#EhB<}{2GA76o3a~S>FJ@hzshSU@0I4v#H2K?>&|lV$jv&Vze=a`__RY49)x? z>+-!nK)>NZ_OjnN8vJ-cM#hyY^r3@9A*YCl*ta>#csXUg;v2mlK zxGQznqr&o>ugnL|-+(UcVuLVPZUpSigg3-7P zy!YD9rvNOcjAoU(8+bvZwZY`H#B!E;`*?42Y*Evv6p*#UkBfHDCp?2y)L8Vmk$C!8 zX#+wTnPm3xARtmOJQ6{J2IgJsJx*_uyzHB%iHSaiRrF>0h)^2JZxRb`iQ7-=VL+ z==)41Zq>`H0b50{@sXb=CUbYWcX>&PP8r3D<~7lQWlK^`p@E~4PWMenNOQ({htr{pPN>@hW`>uqdvli5o6x z3v}d1l5-Ic8O58Us>P9;dS{@*71n*Nid zjPrrdi0lGjYwJP>(Cg@lGMT<60FKl^<;2juJP{bmeZcUrrDgJYS?`MaUBMu(o~dR33#mE8tHrk zeQ*d95$NM%6o=>NkaB8b%IrfVm7h;GAoxXWYzpredDmxjKUGagCgHUItg@z=H-^uREkmwTgwudFGFU9@4@rb7ruIq2C#WD3ax&O7NsO&vQ?w*t z(4^+>mros!(ghxM6ZB(li z;D9J){_;CStN(wfE@%EXK6}1#q56G!t%FvGnJ0P<04S#-B~kj9ipFfWkOWDUQ1NIA zjSq3?IY1KM)!&}wLI~cArdX}Hs?{dZrgR0!1AV*bHroLh1Z-c2a?UcCozEPAA#asC z`AlfMBNmUw1+f7`L<|1keBJHZ1c^kd?S}0JLi)X&-Nj%_$UOntHUQ{L|I*8z3WELi zocH7#s3HERTiL|s^_Hb;b%`5}2`|Ql4?d~01-9<0flffq5g^F8M<+E{^SI^(x`0t8 z|5dBNlu|!{=uQ8GV(8*$0F-k9FxCPaj;johL9-vTyS@VuzDLeb#A<~{z-C+%q{=aM zzJA8%eM~h!k$Ee#hTf_F02m|ybZQ{Ov2z8mq{sdSU_r+K+ovc1;_#IbEEx;W@V40p zm%Yq}$6Z#8m;0S(c;KKYEO4vwT}`&0$SKC26_;Fk)jNP)PB9n@<*nEu;e@pilzXaL z;DZAgi?28UkVV}1xD1NkbO+vpHY5%pz815ZqAhEC7T3tj<|E8`*83RvCaWiU0Ochy zb7>VoBD-lcRpemKNpB~YzmpBh4L}GraHWptR&TI#gex{k*WKgWl0N{Um^*G&a!(m} zfc{MWQUKhd0H9K~7B)l6EgXLu@JWR-D-R6?pf6_e@LZ45QT`fc2YWqa2q< zKyJ2Oj?W6~gFT;{tn(wyQ1?C|pIV5I@(H7HupK+q<{f~T7J)XeOR$r(E14>fpJU8c zui*tCH;=&Fj>;Q3@d2)|TiJ0qV^;J>tG#3Ap{7DL2PHLSo#&eL22(`Q5_qK~#}Un1 z*XPQmSP8nQM8+je^6M_*5lIdiV%0i#zzj#-0)%Vwq4NOQ7bW6~$(;;{8ijUWJ+(1e zBM^Io)Pt7RJ|XKz<}+>ZVTcI7a+bL~_U$tMeqz{5fwm02uNI98rPHc%OZKx z_LEb(&E9cgP8^EKeH5u(>3#J6R#RadkNQ-j8Bs)|x%M;D>bQAZsN|r5A<}xqFzD&7 z88DcTQtQ2p#EdBa_N?lrj)${tYc43xNQxwp ze&^UY)i9?|>M$&ML|L2RF!(JFy5fq@c4_}8DRrXbklFD|hVx}w+`MV5U8*;~%S36& z<6L!%%FQcsay-905~_Ab7iN;c)6d<%uqlfM0mg{=qqDSXzrK6#^s&7K$ekZG)%TYu z;&B0v05RK}R1W-b?bdsPvAS1td_byebYCri^RxyrHC3kM(Tyy(ZO+|kt5yYmv1Sy^ z^3*z^JIt2f&TILLqU~-pT;JZv2Mug^X7f z0MoOU*4fUq7vZP!6-Zkohq1j4wn(Bu7DNt1BgRjq4RQhEeDtF$WFVk7XaHmf1p5bo zLeP(PF!>|{06pq5WR&AM@Ta8BR}cjF4}`cGP+|enrygS70n(k5GOBpp9iA(nf!$f8 zCZ(Y)8gDR(CS`kbHvnI}Jfev$;lb19?ARUd@uS7G*Z7W(nMQJfW#sZZU}K_L88&_ef#Hj=mM0#hruFWvL@KCRGynl!0cd%BM~^nUh0tm5&*~OB0~H5v1gY z*)&W=Jq1}0Cf~ehVvYkmIK?>*D37Xf8=;*f&g0L0O{Tj)E{ZvPr?}LoxEOJ<`B>!X zmSt0c+fi~vmd__W4hWjLHfn4EL7h^yz{RY12qYhGCVzQ0S#_w!y)v)1J7=~BRO4Tr ztC@*m`>CdwH7*y2e15mJ1J{Z*JdQ72K7D7*n3&G{K)#Kl%O)uVE;<@WR4I=wn&BCp z4Cx|&ABA-|(IfrawQO!a(OcOTe}5wc$%o-v?%0-p_j4@6()~f#$;*Ze=n;k6);z~! zxA=S2lwYHr%GO(3aAf@N5W4e8AmFOtvX>@R{5A%HB3~u^hqu@F81^`RHhM!B?{=4K z$e61II205HQzOvMmw~Tm+LkZ2Q)4~U5b|3bp1HZdD4sr@=&z2>_2uh!-Ncete9r?C zrGTubaWdc*m6n>k+SZP^SqLiCTbMBbHL(rwn7d)*1M#A;8$aH&hg|}O?3_S6Dy9{U z&?ldrV3|mSE0yLyd3+yQvHCECeUNbw`COjEdCa?TO(ry41S+&HHeQF7nK`v&8Fi zBeWoBayCtz?YwL5CekM`UqfRs{ds9E58nRuvFKFPbqAi&3Q$?K7B zAVhE;@}mieb(2i*VntMHtFLG&QtxLjPN(t2l_d`y?6`F@f+3P>nrz5}#$;o1z zVf_9m+TQL->0KY>9f0apjuHtg1jqlynt}Zzf(&WhBZ|9w8%RcO_^ZXuq@5D`h5MO7 z!tqgI>Gbja;EhUKDTi(LTmii!^}VxCXSKrUi15PF26gf7w!AC-RyYC6_y?KDu;Oz? zniE@oeR9JXAA)DtR0k(T=fcGb&R9-liU)c==H;RU1sfqV<$3DxL)Uc|;hIK=7c)?E zp25*g#vj)#E~RI+#DynuvF`OIkNYHL0#w8U)#}fzHB_y&wmS^7cN3R3nehcYlN?%{ zChB&f=r!ZwN0G-yL@ryAu}1NZ;(ckn9$hyaLp>s#_O;9ObdIq;Q^K?y2lQgGj`ymG zyle^zvi@8C^O7t{CF2E6VTENH-)UHZeN|-H;gY9#FgVrJFS}&NU(h|0j8tkytYEa? z*{JT|=up$SF8^Jztgu_jrQFig!u9d33zN{=Q%^EKZ*R;Qq5yyZ`c}OlRI#X zqI$%E%&1EaB^d}{HuqKlXDllx;3B)Kb+8=QmbqYVe2$qyY12~aoFALbkAJ*9c-hqn z>P$Jm1gVikNBJz)wVq{JU^}Q{&0VIBo>fRN?K1E zmhL0GygbT|vaFck3{zD|b}-1BT&nf`@#vltnV~x< z%I>-sV}PeS!n;p*OnTd7hvpzU52ePxdnKjFtUrs_<32QXeaz^Ga*>(sFK*& z2xeaKAxj{zIKE(NzB|2UtKZ-$nkZd`dHhK-?PUPC8pUm`D}K7HIeK2Y;5cfyChi%^ zm|-T4BS&plpsHcJv3Hrlf^DN$hJ*TwV_I3YB>#iW7yYH%lBB3je_OUDxfjtJtPGCn z%5^2FB4YenS%({DwadJR!d``JvaSnuN;@q5{-JiQz}vWmkv|NGIeb)cORq;TXNE;C zf+w50jo@e^r`9cQx1|GfJr#mXYWg({qT`g3g?c2fJoE7<8RQ)AHiO$Hy!%^kYpHrK zJ?V0CF73v26qc%sIOgqin-m(%arbIf^yP>=I9!F3{IjK$lr2{#0k)4hZ&Y~677@0M z7Oqa~dj$Jfhn7!XB7BZbFqOdN>~<+i-<_0N(NnfKoklCCRwuBCj~dXN2`vmLd7!nt z-;;D;tY&MQAtq8fFJ!-3G7}1Bu1Rm4j8j)G*cXoKs!W`ips6BrvEMYI5K8?(nA~wI6MMJZoB4_{e$N%5GJNA?#MAU`7V5E^U} z@;)`ev3)G6w^LFyp6-<2_=KJ4cIwri4J@w@7k6)L7uV7XWPr`~k!a_aB)HCrOpy8@ z&Fn0X)KpFn(q}kH)3m9%rY@e7R}SK?mhCT-lgl{3d%ZmL+p4nG)T>-l@&jCk3I%Zl z=R~oyX(5h#a65K^`tS#dqqa&+ng90U)>8onhcjpMw*G9oo97Qg^1Jd`D)Js*U&;P$ zB&aOljs+MTXJjb1h`dQpp;Tx-;!P?R?Z`Z+Q3Pjk)bE>AP?!AwOA*P{Jb2nxJE;FJ z|3v4$y$L~AjpnzaM9i&Pwt<2=*X!TeD39d8gtb)#u|q-KWw2g|z5%o7EBT}+T*bja zMG#jt4NZtotD`~jxkuzdL46cSg@%fF4@`&81{gV1A25&qlZR}82Hiq&K!*TD!kha< z-d!X(J>tFk?OzA)(Y*EeWluNiV5V7kBzOJ}@h<`R7B??vH;an|MS2j53)X*28l2BQ zt`*l2LU}ePBp{P4Z1w$nh?iz#f1ogft`uFhq2L$zpNG8716)c5Ek{sL zn{fZHXYk($pcmaVIB~XD@t@|aiW0(5RWVJ0n>(POYVld+@sHu4HU}M3$YO>5*Q-Av zw^aV0U4kiMqvH%**J)yIXJ7;TYYtrT`OQENq;EjNAZlP@WNb(B?-opZT{~wh;Njmp zJAn&4|Ni(N*K{(dnCROXlduApwKGT>SQ-KU|IES!+?n~`@4Y-q;mzleYMafQ?bJm9 z{(}7wBeiu%e|PHg|MUa?x~bxTpPO%dMa%IzNktj?z5V<&;;iZsXF5Ge-@c~B#eDr4 zC=l3S{x;g&8!5`k=ce-HLE6yp>T#I;*-@is;|p=>&f{ZMDd)=5SI(w~6ntMI6izf) znb)8;hfybyZ>to|SM&V0*ORByW(aEw3SH`DguWmdR8Wh}d8vcBKH2EQbQFdp2MBf?VTYEf{OT%@Rv$YkLM*r)l0W;o0q!n1)w>?sY?XhXt ztw{7afo?QfcdBbis{&je&j`NHhyCa%K#_BSGP&Pn59Oy)R-|tG>KBcWr|}q8r5(== zJB2ckA9BkYmu<&ylYt`m>^9M>;iQ8aS0+G9x+L;tPx-*(&z)=?+!(D$8X`q&yr?c( z{I?WVzhZRgQMV!Eh9UZvRWZDgEEt@6A|k4b6Dm2BMt)o^>~ zQ8df{>CNqA`40ABTlmoNMS-wKwn5<&`juIgpfAYVc8taut8n*{RK8R*80eI!ESEjF zENGL|2ZRI+hIVt9`4^M^c|-@B(k;bTg1$Qupetev{|~69z|dDY#3uO*HA&F@K+rP< zj!@93(-#UrHLi4g{tmHNE-Ya5pR`GR{@KI&| zx{bJo&aTDV-LFAhf!)avK)ezPfz&?sk&dQ^G%ly8Bo(rE#kQ8zZl8QjaHPZlG$;M7 z>)W0n&|fN0tMtN@qZ-exXxSdR>w&yWbyQPIo? zFlMrd9__2X^xA~&DKmh?!(@Kj{(-xT0KDJIsQ(1e`N0^IQzP%m zz!w;Y*yBC}8Kmpb%lLwd)HGyZxUY=(u@WNqm4I>HWIP!t>zt3i1t#93HJ%|roRPMw zF8@%W!973sWsS^3fa)AKwDiZo5_ljpEtt;tB7BsKx`SniLg3HTK|>NKqK=vN=jX7Z ze7)<1-fX1!PPTZA)~kCGKiQ={M{2Mw{#sH74E7eQj4z0u44l|()hh}pA?RJ}~vyOrBZn|~N|NX0T2YT?y&2I(U%;7L$%7AfxYZTHX9}P;qXR*u*U^U80ZXP&SWVqja)`$aGVBRt&ui zu;ut@96r8w=Iru5MfKcG{N}BJ-Vg{%tz$8*mQ!f#`*Q@%PSfQJyqo_}X7bL&a_Ki4 z<}d1qAb%KRcN|;HK*wC-@24B9{qeJ zsi$Zep4Wn;(fEr78kk$Bo7=`>^by}q`aaZ)35H<8pVg&%3L_Rx+XG#OH?1k?C#mKL z@MW}WuU1ncpRW#Eop+gi+STjbx$``evwDAPy7@FqGNd>4Hs465PachWe~Pqy2J&C{zeGL7gVD*P7)!yxcP|X`TIe;!rFAy@ao{!w>J$8zx zE2O1Yr;QOjtPx9WzXmr?Yp*rhGBK^fKLC6VH8};2CWe;VzaM{UB&z(LUI!WOv7A1@ zN$q8iY`r!U7aNbvGY4B`T0{R1mvIu z-3_DJVfpF?vYcH;F-7F!nauT(AbVz3ygw;CNPnNhq%&WWj81oy%!9CfIsS_nq01wk ztt=g(;EA#7;Ku(swYnnD2){ z9MHU#%F41+{PiR}YXW$ocv<1l0a>>>@o90Qt~bij#jR@qWQ7W9x-OdkB&*z7IXuW!65MY)8bH_rYL%&X5`8?JuidO8Nb7Q(c3QOS+t$xD2iasdnZl0oqv%e?X zUn}=vSE=7_tInM7x*aXUeFc`a!+zzQX7apWA;#5L^l0VxPmA>WBMlFQQii=hY;a

=-}o|l^^Ur8u&jpb?*?pBw1n5w@&2Oc$k3NR zcIyCdd7C>t*87VBJv-vcgpwJuVzmyLFsFskK9^P)tqns*ZqbFk?h6`6ugjFjM1m$; zkB(6Hlt&KuZnt^ZZs@p#w;h^6X@Nh8sO2A6>pe|@tGpy!=^5|0xAWuLR*8ggERPlr z-t8@z`F|%DtS!P}xl;t70Vt}hf zQ>dY%L6Uuvxb1)}TpX@T2>g>K%x%j=OH3=D*G~erO;W$3;3t^kF%arisOJ1b2GCfK zoTSHnEoot~m(AekcA(5i9ex}-PQepFT3_TP^f=iMfXsDgbaetp420m7h>A}g*yr>| z&m|uGM?d))ej=_cZsWAxaTs6Ob0@u)pt`cxB?jh+fPC60Of#P$4%B8lrDGQn+!~-6 zy9&x?5Qi5i8o_+n1Qx{O)h379g3|acR%-)l6)5#x<$zXr%EIe`#m*O9As)7a^HUe< zr9FbK9;CS^p;6f-^}Hh~2|y(%ZWW?1#(BDrGOGRsM>H&`TwYk7j2?V8hHouo_A=x#HvNG)1T{rmF z-cjC4o^_}^20`>f)HJIqX5-I^)BG!(BFiHRAA5E{9)}nH#kM!MBCS-)ff$OPZ=gC zGuTg#uK%iu0)@}qZp3D=7@>D5)iQ-c2nXm(eiCjAkddeKQFK-M8@j)b9T4FQE8kb!fu|2|k@SLj%$p+@RDkRfftAdp&$SMBF*?8MN_LkGq*p(Wtw#4_pzM`So2jpV z!FPgp2F$DFiHX3j!M(fw{AU`7r;n4zF(kLIkUrAd|60Ig>h_*Pp=ij$Bc2NXk14yx zJh}2p0tIgKuB$s^{H^exS#csKP?FA^2rCm;P=zbiEtZhPCtStl9_fv8<1(~t^d-DQ z0-;+6bo$ey89enSb0%7TOTz2PF_vib$)P%{L7JM1lG|UCe9DKLMwY*O_yOU~Vf1iq z5>lf1h+~76eh>SCuT?RFh2>Ebu@#%Ce=^|4EJv@^7i-+*4XVNb^keoJHv2IDl_my{ z(?}g8aVNh@)dsGg&nzEoi3%_QQVb2sOTsv>U|G9J$fyDdu;&_G@EBWIrRQMKjrurE``nNh|$*PcO`pXUzr6{ zI8zfWO+H|;Vy_eEe-8$#ggrp2a0BZ_UILZPA#gQ7{mJ7^Z?wGzJ&Oq&gMDCWeN3mM z;gczxq5awd;n!^fe7z!<=GOiUs*>>eeCh`;L-l>~$Y|kQVpyEup&^E$THAQ=qjEbB zV~4udtph^X?X}y#b+FBSF$g>-F)U%I$6H50a;5YMIjg7k2> zFbpsdCCb9*?1h;zW9ANIO)Fm3%4w^o+2GJ0#&2B+hUnY+JTS9y(0>1B09HESaTX8= z@!_u}(n*`BYt-VuNfm}gl&p&n^;utrk9u|m?)h7>Qiyfdaay$(Y`#a0QGh$iq>o8hJLJ%gw;rE2COZoC@J)HKnhi;fcta!PXrFR=ZY zrXP!q)EYeoB;mjYkwpYk*A_Bl5_^P_eAOs15*!Sju_i9q{f12!APV~3A!Z|1-f z+TQo?Ep?tgWEZ}X!ZiKa$Hthw*1U`LBu=8GH+%bT^$Do$W%zyiXpzRHyGG;WX%LzE z>&Lo{ri&k(<#w&?h8Yxjm=mb?6mL0_K>D@?cU zT}-;_KMDe-jbCKNTzlvJabJtvhQOY@OSG52=lH<``VNNKr0CYHM1`D`Z?RWLZ#Arw zUrQ8t8A>(%7<(`hW;foLwgaPDchMD(-QnBWX^MdBw9n}Rvz+4zY#?h4hP@pH_!O-F zefx0W922FtcYXiOP~oL`&@NjvxT|G05 zyv#1--EK?-GcJh)PU0X+iNE{=dNJ;Se9%leO-R;Iddgx_zOlb77Qil#?i0lqI`rD0 z-4K`J4Bv1F8_R`1UtTX%K)y1)<;7XcLL%Y&h7MREp#eP_e**{^xSEfh4y!5)TFN4oI? z9%niLB7KbjcE=@(U~eOCt~U4VwW&q=-usPCCBTCRdXw-Z*zE%M)9qKa2fLIgSN!ka zwZ=_f63CmS8@oexu75qLLvL1Bha~g=iKel;8*QxvjyyL8t?WHx()SYTzkmw2oVYPO zO;SB@a;|ZbWnERv?8FKm8Gm&1S@0p?_ARisEs8%s?7v;n4J8-Ym^tYoJ~q%^^F9ZC zp^de{(N{*S$+oRr)`yXLjEv>3AWOkdk@YgNB!B#Th8B~%`L%JU^VJPgxm7FZnLYDn zy2aMlE}S=s`t>m0t`t40*|jX%-jc6J?f`CzK|RzX{@Jy@E2~=FglieQH3JNa(Sz_8 zTBJGte6eAMtZOQJak14DHH-*B3#9yQ(^Hi{z4e07hZw6eKOK|bi-`CM@)|-0XTD+= z)fD6b@^cPl?%d8BVQi^NgkA3Ii4$a&QZoc7J1zBz4ke(!0qFDDb zBJlhsNOb3SOta?o<~TLk$&lg>rz&(%PGG>BPCZGtwB`xCQTcnhrwcFc2|*+*$QUrQxK&uA6y=Vp?7& zEsP=Wn-s{5F*Zu}FTc7R|Kj{t_G(BYw+s>g7O#P0j#OCu2hy8_j;Sk zodLmh&{E*{ZcVF&A0ajTA+0N~4W){B+DOZa=S%tHWjqo5n7(HDV%qQuTWrbaIBNx5AQPgkH`JtA#IPd zb|}>UBVp4MarLpRcKznOW&PAMMk6e}1|cP0myIj! zCA#zq5sAg}I5kGnJgKw19nWt)0YAa^o}YEe1SHktWdx-Okg;q5V_}jn^3U0(@H--* zVuFbq>uUR9x2j zi#W6tdMM|fhml@u#iu!dW%ALPyX2800*w`*^doFI@Wfmx^S1MeKWwa|ldJ24&^HM| zm%z8`2<6#8do=+h?QdYPhLE~7iyl;j$u272itiA$glH3BYq`Zka^j>lPH?O<(B6)* z!X@aU#iKTeTP{>IRWEu0Mv-N_I?@%2nl#LFxz`4@nT$|F% zpM`%L{4Fg{IX*Pmj)COG$(7RxwfCtVm|i+CVscCWj<@(s&%d(=o_D{#e;>wNAhq+u zwPwaB?AYFDmF)M!lrW2bV;ZF8O?6{~iA&KD?MRgmB-S5XrO@c;cu)5Zu`o6ZW{4yX< zs_)Z`@I)5wIETYh-pCmYldNFe3xs^(m>^Y=q9WJZ>m?*?cb!qlcnMcX z-i=O3cu*lO$BPuv$b2VNTBDE=b8AP!cJM^UJz2#YqBrxg0;DEqTip>}oW1WK?1$az zAx+G|omZ!|6uh!SwIldl{$EbV)Z5t{gTyX%YV8c7$Ly@)j<~{mLFn7!<96Ho~sAAFpmc^4L4EuZ~KTQ3ojNBTszK z!stP%9XnjJp}BcQOtVZ7gTXYCMhOu)xAN{L_4s$9f>~2*m*NG1yv9&dspe{pz}J=Q zHgFG!EI)hZD>SF@eZl}(6#%AZqQ$+fwyo!}TK;%*lsqXcXP#r*!_2kAmeJ|g9uRc% zDGFth{UV_sU?(uWhjo%pL4<^9pWu>S;^q%`Y(KHAP`eD7(&2aL$D|O6#sCX%?7rN4 z1QFhOkS}D;`|@H&&jFaLBoD(+=d39KQLn%EISTlpc%fsRfJ8yp&M*Ns02$M^F<11z zd#iB9sAaKpI60G5fA3Aoh|KwX)8>DrvFr3z>Vd3u>$DM{hufG--ru>aQ3BqsJ{A~{3}%7 zUKfxoyH>|%b(!;zq&pAW#AF+16pFV}r#1f`89m@sNRJ3pSp|>$tMzrJ?$Sp(|5TkH z-`(!-!~m@%=$hKrh04qIaUU2H;OtRtPzPn{mNhH#3Yfex%>!-@Yaj{4&+ zs+>WP%R0_9843S?$hW_s3(k%>3rLk+V}sxGenEHQ?1Da{t8Ms{IPd68*TnM)M#1XS zquZs&-xo)yV-*C=55h8j=sX#nAhd!@SHO402PU917K4sV+2q+HOiB1DZ{_$5QM0vI zpp%YOPl8W|s)-qa;t_2l03R?j#lZ}b#^P|lAs9?-bBXmg4CjTs{0y+cXfG@={x}_3 z*!lC+r9H<2knS9XCQjzWxDTx7tA}e=!J;t#k$2GK;PnVR-}NudVP1>j3BcG9Aq;wX zub$7$*sc$4_bt`A*hD}}aqQ(G3A{l)iw=2Byn!lyLaxy*v{|POFNN$3c)T6EbhH*( z+_?UphHPFYIcwt`kTVx~?q`g`zc(PAL4VHC|g_Yi!M9H03y zTFGrfK-Zn`9S#d={zYS{q~#fwloP3#2g(*^S3)Z_q>vC>6PE~b4q}ZvVbBTy)6aUG z-GE8_kx9IRNDLT|N!uKM){1?Ya$ge(6@9kjTmDmi8lHqxIux=VAn>s+YEk+M7fV){ z^ooV)o0O~|Qn$_V{>Zc$GY?N`Q@a#o*zHGkvjh#g+(qMLMT-y283N77SG>LSlW7%)oAe(A@xb9P zkDdUj*ESv%rK8Dc1YWkw+-Xv=?JwZaR)zY8kr;QHHG7094k+~d7!n~cJyHCmNw3=GHtOH_eo zNp0N^%&WgWu>%3gutL2R~zRVusIbF}G6Hqniz`gE(ou?yvoodyaA6vseC+WEL@T z0TI7|Xsc>!pf~ev^>N&YHU9dsLx=TsQ^lXZg7vR<>n+vMKZ2n#z8Ug_Fn0^E;zQZ# z*JGWoe1-6uvA$Y+hib|*+Iv;pdP|yO3rsjA*rfW}30dmOLQ!t(kpV);6i0h~k&U!? z7i{&fZo~#g$nsYB-w?!wxIV>cqWFQyd=+ss>He+&@ehuS&I;RU71uyPd3hh=&4orUvyU0_iPCLp7I@{cad9RAd=+;fPLKPWjC`4k|j3&AT&(= zcdu~H#6O%yvfz=*VdSA4LjeV$H!i;+gcrB3ysIoxv-)cXp3Upxu+hh^e+AhdY`@%( zjNzkK|1aX+0yvIlSr-&DGc#Ju%(Bn|ihM`STGGc#IXF*8`q%*+-u(~kdp=)oPl~vg}Ihj>o4g9Hg+tnStBN1y7#^b4H(|i#A8GUVerWOwq#N?)X zQ=XI?mq~JhJpvgjTmG!0CUPs>H@bZh|6Bf>Mh9d{c*fIU1xdBntq&7oa;aZUA>CQ) z)jYND%CC? z+hxOmy8Gj|i6E6~wM-K-HR>B7X^CYAQNRE-!9RxraHj=~ZZX9`NaDTaZghUSl}mZcISdHIuhMqXFeMbPfo~2avZ+& z`|3$LDT)RZ*HhFc680@(exZBK+neQ_b3}{G$&yics45f*I9yxp>(!3=JjCCRi?CIB zJO;>yY9cYVSHR`f~BuiUE(ewKlriWXnE%nP6Z@{m6d&LdAp`!zV0K7ARmY6NQE{RRAx2!|kn*JxcwGs}0nnINd5?dmgCd+p4*`QS zRYVK)1Q}m}Dg)Ps28Hkw!l)`xLBb?gyZ8rT=x-Gb%|c5l%9w*X6ZU;@ss(tC_EB8+ zWbabLg6-)Os>^NoXX7m*87yEk+l|x0_40osnx9C`Gq&gR<7^$Q=s@Q^d#LtY$WotM z_k=M0j`8!L(d2HyXQerTFExbh@JGU{KqNUisD}_%deam^>lA>Xb_tNdwi@~YRY)*5 z(JAs_{`b4s2QybUH^M}me;zL3TjIUe!?XG^AkVohx25F_)EDPAZ{xSIEm^!3^;!bI4{ZH!=bN9#brefWDEA**q@3TbU>tU%pUA8l-SwH9LkMIm9bMlXl+} z7u2-*(75dGM71FQ$42tk*YvWo{v@zS%moaDScg52hVhJ%Ca==6mt-{*y#_o!y~LDB zGf;G&9+-=+r`wcZdvKbAb7yyQlFZ;9T&G>!-EG+u-PNulLEd;;6Tt8M-CXhXe zRN%wTQ{5u!f-8BDTs#fk*ex|(^S$4s-@EXl<|dAC$EMk}Y>A6yG}=*^4q^tpDzp2_ zxa>=T4|t&ab`La}l&IW-`CRW~K1MJ@d0M>gL{J|=+iM_fae=sPfjdw^-Jpev3ro=M zDuBG2Zp%@IdO5x$O4P8Dhy5A1@W{W%Ay2fTM;mHKga8hQ z`efBQ{1$8%7Y{?Z-{;dKT|ki%O5i0MAlVZTJHV*HNGp%~8bL8FyII0bwr}w?B&M6N zV#8YCmF(%ryXAT4Xus5SSsORdmi35Ld(Bh_!z@`^=I9F}wa0bglC8KY%6T`QpcUj7 zmoA&DVdu$4b#yJRlyc@^pf@6~&krvY8ts=i@a<@4E#M^il^gM!p6U8@Fs4#UYKKl6 z^sgUkTDCu-A!%`#rplXMMIn>CpLLK*quI6pz^F}+Afc53y=mD+* zD7iT(Hb%HZTof*|(HiOwQ4%|&=pF)27=RZRDq_5pJbs+w0KHRJ^ynWokwis_s|H{R zZZ*J-tboTu-7$dq1MB#p=C9XL?9S}DcXp#y^cD8sQ^Bb=5-l(y3r0r3J?V0fazp9V zzQbU_U2g5VPa?l+H0pVu;Pcoq+V?L(7GP{tK>B*_aU?B_Lsjmu14f|Rll^0gH#pvF zkw4SL2_e7c=1PIi9_Su7e>5MuZ3|*Ti6$<#N1Bj0SaO_4Kpc z0#3iFXwkg0y_=FvpQCN>)SE?bws%0-a9Bj_4pzJm`wcf=o98;^6Z)1lQhzMxN8#=E zyFIi4wlOO zJDu;><4@RhpRuxLsZAVZ8ZP@R67oR2mGyTJ35QIMYIb@yHFYu$9IltS4z0#`^ibkc zgghP7t!v)LG*CA&@R$JUjp7$|>xmJm{`AuXd2TCdw~@nuw5l zh8$vNcnw%4P$&X%8z)25%XKN-QK9P6{(=y>1K7t0mLs;S0lG6~au3p(+K<%u2;k`I z;=AB?+6`y*n=86I8T=tF6~Jzsk=xaU`-JJ~&)u)OXB9$^j^H;$5wNMTv!C97(RuX9 zck<$uVDqY6GP6!ly%8?llT@6t001<@-3|7@$pUC$U%e8_^C41L$kcY~0L}5BU-u&b z&h__BHVe za+>T4ys{zAI)<5H5=%twEO1?pBnEZ;xelJbfjl_&wQzv1zzp)Y@JW(GtBu~R~3LdoQ?Zm%$c0~{j!(i19J22 zYgSN>$z0Z@S3IiZ0ug4|>3}$d#u4I9(2gW)K1dEat#>b??$LfS<8%c*XNTr z7ag7_e4beA@0Z?Oj_c3&=~}#R+uG8LCy=l1p^XYNs)}%a5ce|0)VdNiv)#qvk369r z37dkK95oQGX*$JO6acBJbu*mD%i=5a_KmU_!LWt!h6;dS7T6BY^SDEc{#E?GT}HcX zbYhU6CYVD7M810!4QS~aothUS^3aq*2)UUU3c!6$lSP5?$_Ax*2VRT1a)#*FCN<(S z`r|1lNy>BOOStwWD~F_d@+HIy@8O916WMtV-1)H4ThzydN5nrOke-6ei!;D0_J%fv zt6AS2%3t%||0|w|emr36=5P6UePhh#YCH23&e_i@>Ll^g;T8&BIw@NDq zAhXI*4rgl2rijJ`Ue*))YFv+^y?fEcnZv#IsGbdjY$_ihY>3|7I-uIL>EI=2Vs_Ew zBquj?pf2TO7~Y>`$4aXSNQvBO4;QwrmkOL_umZXtT9C~*VJ?-`U^eJjt-s+>SqW32Fe@y;geBmAXyKHoitqm55ans4H@fBSKx-<4_SGE2Hk z*KEGomgpt@YkjuKOd)MNyHWw+Y0hEFw_0?D{SLHTqp$k$+Uths*FD0@rq5E2Tg|7Z z_pLhVPL`t_ES-Jj&DH|kk+{3H#NJNKVa|r|Y%Ro#Kq-tA`mM0-O=ZxO$0GQ4b~fqs zxVenhXrKKnlwq~IK5*erjneK)krXfD?@L$EOXP ze*8PP;d^OsTput1>AOa%Z79=uPbXxn>$m81$XYNR9HAkkw=&vSKJK99$9h7sl5Y_QAG3+7mrPnSm6vq`t3Sn zp2Uq5riSg>=>TRr=?W1mEQr==LOha?p>xVk(k+(ftguC{bEg441840z-q7^tYS{K( zMmJdWoTH93ge?^={2eieJVNa+k~h&h&zw{XnIu8_1n31ikz!&aq#>E z&gCFO>CXs07j|mrTZ%hk42S6Byy+0*H?Bm#?)k995lAmi#ur^?i@b>EWa_AkBC zK!6~e@ZF!S7|f?HGvYMi0av3c#5lQuPO&U^7ND+!SsS;?=Pf2qT0e63%y?H*a<;4T zS0x<%*wD9#U0Q=Pf8~uiT{&#nH(9w}MhNuQ=^{!ofTniwFb>IXdQ8(2#Y0oXC>|qd z&E^6qjV&_EzO2qwS9Oe64v*bk(J4~b=^3l4e$k(tu^%U7*Y0(R%|05?7^zt4td~x9 z$Ra;$dUX;QnicKZ-rd!P+!CPEF5E)3S}j&y{Q-u^CX8o>`Kmp6D}8Q-)s^?%_Z^CY zz=9e)`8j#8?M<#?4)n;^#LTZ2tQw3z_P}4=oYM%Dm>LKP7B7NEHSjpE(8(dw{UC#G z#qp|du-)HfT*V2NTQ|P(6-D~Pr=Krv&qp?b1cn1dX}A;YEwB~|q+Px}=!vo7=OGJ9 zU&bQR3}h%wSNxc|-sK8}mrf9JJRF>Dc<|=Y!DV#vPs3un?tl;XluoqD1CJa}WqM@S zFqF-qdy8u{^}~r6zvmwlphs(K^fKHfSqOTSk-It(oc0|L*~LFu5RJ`??7Kaz>JF$i z^M%(v0{H%5>nX2r-WL_A>=>PAFP1Rk+se1x8VpZH{%w!u;i#kWTUM)hwSz zrsba7>tO)Sm2Ct9Lcn!6WMR5KmN?42M@#|Q>98jS8CsULZo-zH8p`yoRhROm35scR z=r<7n-l#&6g{1;3aT04eE7U{TXLivR37^s*=8!V(F=aWP5t_>F8BLw0L#*UUd(MCt z$M<8tl36dok0t&NlvHq2@$5J*Y3S0cF$IY3?Exk$tiWEZ$C*+;`eq`$0fJBF+U)a7 zCfU#7<2~t*Si1PZHA>nmlKRla0J(4T-f^5QhrE$-8eV0aXjC{c_G#Z08J?@tL!G_4 zE2Lg`B1gc!bJ+08c_`#_Bz5P)=bhDSeU;PPk(5({Loa+bkn%_loC~j<>9u#8oqmhBO1%KLB|oq%FXC+Ych1|D_pf@i1W#0Ia? zMQi=aO`bXb-d&)Uyioz5RqBv8+VpgM|LzGNOPHDK)jcQjgh9tpDQTsa@8$$<#S+cfxR-HK#J;g0lUbO><6~G{dyXTga#7t@VD%;6I;| zd8xFyp=D6GJ^3W;s#6jtT<=K1nSlMgW5yBp9f6|6D;Z5|>t_CeQx|e0^Yj<;F$dna z;gtms;=$QK=@rMMrYV2hHJ8mF8k36LNLU3Sqbe; zEmabQTKvsg-RmYz(DxwXZ85fY%4IzZc|jsqT-QC=_0=ju6b*A!WvKm?5P-q6KfVXM zrJ34Shfx~W6DcKPV!@C)7+CR6Ch1<2q9Fak5b+gnj|`c2(+zS9$5PRW7tCk$VoJ-q zqT4xm65D*0Z$;zY5hWSW1-!PgTOi|h1*WBnn+G!?fCk>n2~0kO9U6!+6y4(j#8V>4 z=weEA1}n5sZH`jToF-F)&dGsKC293Q*iATB1u#ENWFPm9hXBjq zA9-9BRTQrf7b4s_i+*#=a_tiFdA49(EICP6vbVAzJk^NWvjE!U}xSod|}YXi_kF{6tIxH9JT$6 zwx))scQAj%b0y!#R)3RqgY6OD>=A$L>^{hy?e`;RH~vzO-q84y&S1J#A)(<+i7-jm z7E8#4WVMDn*4n zZ+4U)V#m8HquUVD5ie9QVs+C!?`zl@g>WZ6CWl~N_vUM z*yB8BaAPWWbdl}TrV(c^fLNYb!SBn{MaZm_n@>8-#iT;Yro>22vA#FXJ0rrU=NsnP z$#0C$H&X18`T#xTS*Dzgtn99Z-Zr1n*q#+;3OH~J;$Q`z%#HjIcXy)#>Dhvu(ZxYF zLoHO=UC9wrtE{Lh~tETy+##p%@;B0oL^I26I`fzro{fwXv@Og`-vG03s{(XZLED#?k5CaUj z7nQma=7iq7!@9}@otx|kgd`&ANW=E;F zTG2y&_T;d)pD-nXhRQ!Xv?Jjw{`ASd>iac(KLr+cG9?5&g9x7ZmwlyfGy$XT$pXcF z_c8{III|v%p|t8S-u9~aJZd+HCJISvC)VbfN^y0oNf6vvwW~D)ij;oxycW7EBZHs& z+xQwg(BbQ(>pFQ2*TZRjpR`rGo7ar20{kx1%PzmW$Kg{YVb7fInO4R?i>?U6idyqh zII6;Z;uHS0-$x1}95=B3iwFdB5u~hEJP6y}T5En221ZhpMK4n7BuEL99BIam#lKF4 zs>;b<{IyJ`l+`eWfJU`@-be+O4%~$}%dd=E#lHx`^pG$XGFg$Qw5S=&m&^H2VnOifroB`*pVELP*`X|p=1mKJO^56UH>_AeGQBlKw;z;R ziT9U1_H$XIB{c$NyvJx*oG-7!QGAtx-%hZi4BvhWlE9hEW*_Ar`}S!q7~$bFcyv|C zarw;`SWy00T<6lli4OcyIA)cn(#*WMxw34Q&;{->@$C>3$4W-vVxKRd3ea7>by~6SCwi#FVT3}W)-dw(24v+E7Pw-jq2Zt=sBQs} zI~p<05j0;(DeuN!tJ%~Oucnmp*84&*BuNpTEJB)jBakC<5lSqDL>Nf@b#RqRl=@W% zaSwJc0Da$_V_dlWh;4ToiGuyQ-Hj#_FC2vJ$+prUkaQk6O(7pYB`c(Etp;RNvYg@- z0Fx3Zx+>c6(d&D@5zqKRH#5U#NeOi??m=^Fu2ul4_*&=jZ%&TNw$Vw7^|8irmV|T# zX)@wwvz&tk;iS!LQp_8lZ+n*a#TG>efmV-h?wG>%oD(k zX)|4JDj3^OkWr-q?&s zM?mW?HC&_@K1zUXkbV~q?M!w`%6o!57;J`^Z=mpGQf!TK#X*WE9snaHx;vi%Z59QB z?Zh6fUc}{VJMPH!FWN8sex4TsrgglRdj$j&T~5&l|ud9xdo+51MQy6x&ibJ z_mHo9-tSBu?|EWjSeWU(3U~`+MRz4iArJo3o%NKKLK-MM-52_3{I0y!Z_HczGVsYR zS~kuWiA>se`>Pp?y~o4FE|kn8!pY_^yYS=K`t&~xPdTlb`e$B^Y9xT*@=ekw9Uq6) z4C!(#>_Y=3`TJW&jueE6Ow#l?TG|HI9vGgn>1HOfzK&ye3e1D$LCz&lW1MBNvIaHS zwH1;O0vzE4{L%R8lf9M@WUnmb+#7 zj$=M&3S_Iu@RXH1LgT>u3$l9I6Y{-#hE?+5vR5rGQwy=)wd1+_25ls6E?t%;#-(d- zmQM=Xj9iPmv@Ch;eUfApK>Me({COQ@92FtP?!y6gfbRASh-BpESlzST?-(izNy;-M zr5*%(okve5OsOY5exVfLa1Lvjo%;fF%|6W`*_wSLd5sZ&5^7j^#CuIo)~$g_jpDed z#!O2oGrmwfPLG*4;!^V3gBQp~vD58vX_>W(uZaH>PFP)a%w<0EslN?~iIpvOgx?LS z>YoP&U4fC|SdMrm>Y+nEJ3#r_?HnF-S-Mlp#DQBf>7XS`!;l6u1UU&5T0(j}VqsVR z6qii}3ip#`L8Cj2K${Fc0)H#bB znVMJ_iUM3ow1L;mB%Ca)BwReKB)TL_iiQqAN)nDg;R}#Z$-ND$@k%XV0gz2-Z zlccf}5VYj4D@kS&jz3a>WRff-T&#b66chyFngGT9MIixX{WpmcEF_$NBbERPWBUiO zq65HK*%a6|ZJ=;*2_V>ssjJi9kWWPab{6~FSsK{FKLY*>4@J@No9Um(38?!Y6qdhq z`#T)V|5L=p&H^O;U$9biSEC7BPnWOE7&MYob~-e^yOwD%#E`u`OaIvPR2lSnh)gs8!byKp(3~#H(@Sl-~|b2vc_@}CQN>zE^|zo*I{DFGek*;iMD`|`pQOg zVj|yxBEZ55TEeJ-5N^@tW(9mhg5~BFDIu(ORs=%-_K~NGx{)~~lfD?N5zKGIr;rdNQtM>Dm4BBK7=%+-yIIo&SR-T8*|6pm zqH>6R$8th&M&~S){8HYQ+fc@Y1MdiB9ORso?<=JU=ES_whYO{3*ra*JdiOjOB%p)Q zfrv4A%JW%SIr?{puhGPKC@4)kN>-yiB@GJ)P2QKH>K-%<13rLA6s8&u8F*!0$X0+5 zVth84Vc5>lucZ9nbN+H@J!T=C-xA=Q^irM3yWgmwL5W`Z13)N3m37LcmbTu9BAs=_ zh9S)6Ce+B7^{+Y*iPdvv8FL|vQ+mbZ3^KX}h41uzJ6?|?n%pB$+a%4t6{FW&pHD2q zR-)wggOI?vcmklU4pvFK!Lbt#raP5ZDIQ{fcE}IeI<(7If-$~4$vQ-odm`C)fa13b zE79ZF|JHLTfx;(Aip}KI`>jRJ(*-=2933^3Jj*RXxQgnwli+#>^Uo;F#Po$rgO>o+NflK30(@Ok~7w z5ekgfr5HurY=CfSKe#b;tQ@+p2t}N#ubGKo@o1B(xebR_Cn7133)UB*b&6+k*cWuD zpXyimBL>dGSIuKOiTZ`YRGLF&^rdlo4#6P)IId8IVHJ5;ed|m(gx|(FZ5lNJL(wE0 zIB7mPJBFJk0n&|-SG@h{N;Lb{mJ|{#n&uE|^$#w7wi4UqMN!yT_8y*#FpDCP%YGe% zDr?c(5(UBLILS_E%lS?K&;BSTsL0Qz-N@MAQ_P6e+$?kmjXdyc!GDGNTaNoll1@=D zeYKa)eexu7_@bzY2ZMY?Nbf2q<)uh)p;HjT!C(@Vmk@wY6%X@w3IeBbq`4I*(NPM{L0mch6?6I#Ro z(xcXg;8U=eCo=M_RMPhR=V3VdA;c25!B<#bUxdYDno_L+MmY5hUM2hh59ce~?Yj|M zJxy5}#>>X95cmg$%pwr1rd zAVG24<7=hbG>2LA3giQ6lV^>NmKWz7lme$rzDrOF@WcCK2lu{QnCiZBd}~}KU`s@+ z&d^Shn^k---k+P|x3BWaEVRHdq4YVT#Vyxye`0f5Sc(tJpOkf0fb3MOd*xGM2D;3n zm$MJXLeQj-R8nS~Wzw40*%RBOAo#QKPJA}atGOC`mWMNSs_4OT$34_~$Pe+a_x8Fp zRmq-$C(;mq>k1zCAdFnVj5Sj2c^fV7i_joE%VWtCNpct^!r6)Q)kafdpo@}4n`WLY zgIbn;twfvgIyJ!>*IIexO_UIsnc-5b<|ANy(F$xED9~j=o_R4%Jtp(Ph9^Z`9IAFS z>#iY-#^h1u><_xy{h+bM=fv`uB#qQoQo;QB0HGGc0K&ZC=heS04+Mfoal({eIf3+Lzl9{&VTgxLX!{bY;s(1y47FIN@yAo-j zKLUlPsAF;D<$CoV1u+t>`stuYq_*q3plkn$)vZ|-`}sK{89E6W-*Fz;S}@keeUc6#Y^*C2+rln}GAwe(e)pjuYb*kBZzxrpXw~UwAW; zc77J6e+(bP0}Yd1;Cg1?Dm8&Xlag9EE@J>}sHu@-a(0^>hT+s*+3mGB zAKh*o;*+mfyNKMXcvcxz+4g&@bILzm+g9Gxc)>e2Y^J;v#27vzI?LTcYaz%5=sg-8^NjurcOnVm)(71(P_(7JT{2K^&?ImOO;dbPs` z%AcgCCl=)5s#MxrPrFePom7%h8%ijQ#VvW1-~Kh$aE{}b*xJ&t^Kx?4nm3N~id$PY zw_QW2&qWNiWM`S0#Dl};LGhr-AWol5tkKr?b^^&Z;};aN9@<^u84>vgC$H%3@6+Ba zbLMHO8tF5q&|2@pqxi(_BtLtRi1)h64@8UcyJGY9FoK^7S`7TIYr|4KV86dPqhS5e zI1uuX7&g`l8aw-Fj>>8Xo$T`x$2!N-9Ex5r#Q%=%g+1SjJs}bbhto|T>RB*;zhL;l zJyP5ZmPoS6zgf`vi#9}gG*(Hd4*jEt4vb4NWUDU!Qux&Fl3@{Ci?`caE@GWF{_f&E zsYmw|5*D|d8RrWF@{OJFBVnW8QCef3C%gl%&&%iY^FR@d=_*h!aLdGQHOro#s5lG37| z-ONp)S!PSfUq)VN3o3X%edy@8iNqiRu{|PF*Twuj^)uwSs55?W@oCPMFCpuI;6s}j zMSX!HXhDu6`PV0X?)~)f;5ZLH3aqu^7v~;fwAvzTm&l7f7B`VX96CN>LDoUTFvuD9xr=;+>|y#!5`h;9UL98C1cv@NszN#%_$>PCmK!MU+ zv`C+N^L2Y0iL87TwFm|wgo)m+KXJVD9r0!rhTMDsJ&gz~O--)B6G9p4GOkIp1v~Jfj1P9;AnNgl{}DkqYXfz3=)3zX zWN?`|FE7k0L|oV$-AvwqfLW(BcqtO=`nnj2)(AzWp!w59Yiwf`ude{DNrRw#*Il9F zQ$k?xY-r5Uz;?{h9P$3uep4@3;KF{5!b}4{-kH1$NY3ZX@#u~I70kLKeaKHXMwgY> z+&`VBg4jCYEbX%7s(+Op*HwBQvweFm24&OL!0r~5urRx2sT5tGD{1vQG>VTtW&OeM z38ldL$K55b8g%=)F}n}1?wZ&PW+0w%`{#tu;v55fQtLd~A={PbQmuC_C-KWo@FH6? z%{ZR@p7U(_q?FOR;Lh3bnf6I}xakgM`5oAn{3ei{W{e>}uK9g}x>em>^PpqkSie>) zsoVOtT4{SrX6EwOD`mMfPULl)_s*Mq6=2sAnQLQL9cn14jD)Alyl5>~7M|xY*d&J{ z>Rb6_XN!&Yd4Y@zsvj{N_Nb_xGVFkQ*?%XfGu3X}2;Kgi%I`U_iuvgn5C{*?LEnbl zSQ=|iq+~A{1pg>!p#p+^<=6H`r9yK!f;xf8Ug29sCFK>!Hi%RHrHS$v?u2?PzZ)KA zcinThD#`Jwh8ihE8ZlX+X1KrTCg}~d4a!1n2~@VEZG|ymcL(z)=!G)w8;T5;Yg%ey z3mc@O9AU&}3Y<@SxvI~{jjh$Kc0xqc3(wM@mvyiRR;b_2r;~dH;W%WKIKpy{q zy%iTz`M-hQ@~{K>DE}v*w_H3xMt`fEaj~+qaQsUm=VR$(3j{?*LRta@6chvm6!-@D zSOpOSfr5a9f`ovAf`o#GhJt}ZfrEpEg~LEXMnJ*Fz`?=Bz{0{Kq$I|}CnvzdBB3WC zr=q6)M2kzzz|26yOi4pa^M?s2G&D3E3>-Qf96Aji79P$2`1R2Zf(ip(4~_*6N(KUk z3JQ)2`q2kM0Bj^U=%3d=V4{JIg$4%$g#mu6jRFD+0SXQV4h{ti0}BcXh71Y<1`Z@Z zMMEdWAY*~X6u}~A{c4zmEvllb<~K7t$EM^Emynn@O~JusWbgRBrmmKfUCb#ThEp=Q z0f$OlO4-;sps#;m8^|2@FR}k37~~IcP)Oic9H_v~0|$Wx2M31)0fqe2G*B>bpim4_ zmaj^2(-5qAB8K+Le%p{_Y&AXk6kV^GmA(X*t~ZZk zIHERjKxb5tjt|1(ZwuTd9z39X_h{AYO|-qMpzgmBucP>xT)Bo`NODl6;ZugLENF#F{T{21-O=ej zIBNl)^J=rI!{v3gRxM9f>ZSYo6F1pH|M!63+6Tx72y_{2X!W#*%wR+FC@#Oe6=vkH z)KHlTV=um;N6syHfZpNY=$76>mGplw(uigBP*y8Hu%Rn1d6ij|$rWf*sxYon8p$!J zBzY>LB{>eqhl4uxXdk=PqhN!H{NQP?W<(L6@EMYSXj@3N|% zZC!I8|2hk0_2RUz+H?z8dSI@$cHwXHRJ8i4VtmI5O=&uRwcM`ThUlxwB4W!!K+5NN z(0$Q6w#ij&e^)i;T{8QGV>22vVN}uowdh_SvUv}s-i30Hmr1W8?U{4D8`r^RJaJdc7mo7N z+}9WQ?c--%Wr(8m(M5|G7Un;n1LP;eCOAu@@+wAp^sup|7GjUqWO1vV-`=D^Tu5~f zz9V77JZh$o?$%6X)Qhesi|W4-i36TvHS;Tm4r_1*)of+yL<`CrE_^krhsG)l_O925 z_CQGD1)v>D?iibjWW_h(V0 zrmkWc3>{u!QkNfax*oO>*oL+{7}znc7xgx8&bia7v$>XWH}0M9{azes23vJlGA1K= zM!9yrxIFjo!E~nM2^$^ecg-waMMXhH{r~y^ z4TrNb-%)=^Sw`P)M0!NtEOEP`U`a9i7g>$^x@b2j<-Z#K0zxUX&8da) z2tN(`GO&Jk#GTF(0HR*gAFu&T(9V3>dqGiy7M}a#Ofki=JqHvKm#L$G;B|(atq9MV zj&gH@7#BVlb|_o8>fN^`ySaRhdqDJ!pGE1UQeY@^t`O~sI(>*{@AWkGxi*R?-}#7%yZ?FW3cc*@$9UNyvmv0 z^7AeAu-dhWU9S%P3+coT!GS;(;^y{f^!j^4y*PpK3P)r}y#TDX%q}x-x+dR^8rHgP zVyu`*d0dr8Yb9vRYILuk^GgXizE)GCkGV?&CW9^_UH18<8Vid_2Ei+x4b^!Grwe+Y zTL;pMr}}qs0%CP@bt@)|_#Q%?M2*s0S(4(oI*ip`)5g9y$9R#+GES?^MIsMCSE(Mi z!nda=t~2cAqV@pF;k~`O)V9pw9`r1jbgeUl^)*SXdqi_STahJ~WtTmXF@g47))tvo z!e-vc^3x*4-nMOW5J(OX~<3|Sz_@W7g?V@j7!e z&^DQ8*|S}J5BlsSLSH@Pr=Ji6bGpL&c50HXOxkU*=dG5>!HvtoyN{uovE5t%D{W*X z?>4h|>Waf?Jl(Y9guqo^0RB5P-tkUrvM$Olo%l3IrXu^wWjiFw9MhS$?E z#Lo0=rE5bhbv2XwI_yGbF01xe_P5&BNz&Eca}C+*0{%k>EG>~Xt}GX&()Yb$I0vJ; zJ-L?$JA`eG7LQ3wU!iXXGNyT2T{?ni=D3&7Uds40&fEJ;qf4C(r#K}MS7u<0B@X91 zIxvtep1*Mz5!-$>u1>=>8sdX_{^DP-M&D8ttc(IaAp+4B4IK2_T9SQtJ_Y_4oBOPU zVI%$R3d!i;qO_B2bhh3zI*lDpyY&jB)g2JJ9P@FZ%t3Pn6RtWOox=J{7XTk+GzW#} zRT?pkzcSKV=r`jfG;lvqADOb(4WewzpLBb;w8lgf#(CLN6vn>f3Htcy2U%f+p{FuP z3a469-|pMa%=)!hr~Nf+CajhEXPggcVeKu>XLj7Ioyk+|khYzJl#AI9sO1*32{=S_ z6iCy*wVcOGXM5>9w5M>t6((8xhK9m~{$~e%R*1%+_!$vYZht|-@B=Mu$*-g4YmB0I zr>ke0KM87^P3hUOQCm)lmz~C9o;w#`i+z^LyJ|1)fuM^ZPcU7#L8HfI=@yZ)jr}7P zOJ(Mn^2Tqny_a60uT?w`4Kb?EyRWM_QNUdz{WaF-xe&?c0+&yshqRx^c0H;xuCDB*p zVQ0g|j->~S9+e(N-pDn?Nr!^>H7^#Af_>iVnJ+7YXH}NZ3x)SqK>u`_!IEr-xiuol z>1v^OXm7hJl#1lsQ%R3V5fx+KPJV`#BmWi`G@fZDICf{V$IB9G=%mEU)n-i1#f+6O zT;bfiXaqxKv3^MPM_30i+**nmxykX+c&mRUHWH$n@H#WTUp&v6$E8m$oisW%U>sBm z7M_p(?L^2~tsbsuLTGfYqbId9nST#$E!JoPu%vUJxTl77L6>jf_tLiIqLDVd7PO#e z_tj=M%!PsOej`hF;f<<%(0TCw_nNix{?M`+Q=gmahg{PpOFAzdKCK}r`b8}1 zQD8GC;8b$oZL*`>d*z=(trj&brLG!}jq}pSIQP;sHtCsJ)oQucgNcxk>{d(1$JcCy zk?qc>klWoWX>ZV!3c^Qpst{w~IUbD-{b^l5>d!A9tmP*dtO7jFB?is1#=f!IxU?R& z5^uerKIu7LSP?h2+nN)os2s+nu=$NgO+arf2nfHYr^PNb&?=Z`I?G$z@F1ww+Dr86 zK_g9Ux`f1T4gk3Uf4K*3kR;#qt=^TpPSw*#;|5Gsp4*mVF0xNuYO@qs@zi0}2EX11 zX{7mky=&|Pqy`oBKX_0Aa!z;=$2>%O zjLVlhFeMcm*wVD-VjUdyQ6Q30yJmzI3g7=>hE^AB@AK8fw{1Dk+iG}qEXL?+nXZrI zHSt55HoTEZ{WUiXj-%O<-VDY>JJ61UfN} ze|A{MCsVf6_Ip0UlFjHQB&kl`g_7<^?k@wlya3~kw;p3Xv4AcVf4-pjY2c1aXF8A( z?iZr97Y|YZ=-`Vw?4R(3CN%=91 zmuxv#Yp<pB$LRJ|xX)b=HM+jHuZU|p^E}3U9 z8lF`YZ@IM(mw^0~*8>}c&%J_XfkWPdDf$u@6p3#`jLR5<>$+_^1mEYqqUwlzLo`Ds>8pZaU)q*bpAx~0MnpUXhLf5My(OzKAdz&?$$ zZQXJG<=<*nq&Ht4Ki^?%xGY; zM6QKV*9ljuWT6z(8J4HB91W&mdBf|eWq)$F@f><&N>=`m=Py|||5jEP{mC)L<-_^r zpsD4gsQaZx?xWTVBHPf?t{sA7`hENdh+6X-HfRez&GNXprtchLdbYm8o|TdH9*I}_ z<;Xi~U3*PKEl&&sWws2If1)x2MWy}y=>^EUz(l51iHmpX| z%$E2i5k;R|_O*&g&Ht?DtOnv`Z9x@}20@M>*it)5+nxJ2OGYEK7cPN`2Oj7n;sYO{ z-_nn)35UNNgwQ|j{a+kY^Nf~%Wl7KHq&&>jpQ9AhP?|BtBrGGp*V|n9+)_P=UTm77 zYsW1R#j@t&=7-eUieK5Ip*%HAg2&Y^>e8RUhmN_L8Cd*=Y?|-n_%g@;SiRgoUHI%j zf3ftI5v`OG@52U74hCjp`>m)ktU0#qPR|}(-4I`m7Mi(?TTY#0;uhy=_8k(}!$)P2 z82c3U+VIIxMCMEY$dohCJh?JlJ2Mh}agBZTe|NF^|IWo)PI8o9J$g+3w3gQ!`LVi= z&jZzzp)qiZw143kY7TO)by4Sj)G%)8SwBuvsDG*w?_c>PUy6JFw)+$R&EmK!r zIoJ3p@7Vc&5%<<{ZEjn;C@oNEu~J%Gij`8VxCAN1p@mXf+=ELXNP^Qskpe-ByBC+> zPLbd)f#AU*Sc^+9``h0=YklYLwf8#bpZiaKN!~XZbB;ORF~@wKF~*eIX<=f*IQ|Vk zgL&0=@}zYQaMNXe9q$WI755y2O%o<0v< zBDS7!Tz2>lO5uws{EB&Uz1+Iq)TIxLJC!|&)l`$!9X9!y4X{Z*N|e?Io3S2en!Afd z$?Bq;VC(t@Epzoz<@fUiKD$u z!7xGFT&)jing0X@dXH(DpPb^LNdK{F_YqM`Aw=G_1#-=clOM*9lVK?)B;xW-9G;m& z)u0_A`#XPD-qq7BhOswVr-8q*l2lW!iT=^IINf1*U{`FfB$r^e)5tJo|%lzb>E|mKW%H&|)CFOrPw7;?bm*wmT-xL%qBP`X(63 zxD((dTUEIa!Z*78b`D3}v_l0uB*K4VvHJhUiek9-+q2!NJT}@W`zf_6D{IWebeHMr zzklgk_noc5zKM7KjivvhL(^o}yl^~*LEQC7`|@r5$D^tSNt03&+qV6#0nb^*JyC~) z4`K+eh#!|K<0qBVPxJNBCFM%|9eO=2bb%XaWD(Dw)StR-T4G_!@VZf$qZVYHXTjUQ z&l8f+w5}l$-m@(PER=!qL|5zbxA-_q1WINvobVe{ZhRV9M6jf_OOFZ)`Vidt^aIto z#Go5s^J@)GZfJVcgPfwM;r~E%f)f}|Qsf&_@n_}#X}SSJ>P+JP@%Sh|@g~4c(cmy& zbBq>`z0{lZ`Jv6J8x6!sNuCe4O`spGg`7y#3cC@0IJ+v%f%BtX+&TTZUQ;S@85bGS zrPl4bzeb~cI(^%u|3Z>Gul_%W{F^sdCNE_@r(ttY$6!(nv(r-3Y_ZFnIh-YGpV12X z6j9}!YP^swcyqIfWxOxv(~H!&?0;<$1oux7`2QvC!$pVE>d{Ox zIXD*l(K5EgPA9nJt>L`)r@eLFT(}+dspudGVT!-#PDR8KBYfokf=q*=`IKHahLwA( z?g8(lC(BdNd|SM!sC}cF&$9NP#^_HbA$_rD#=%9+`lI&POmSwT@AE4!Q4TF$hfS^6 z{g4;OTs1!8{db&)j!sub>#Z;qFVw2&I6T$Q%CNbtF6s!=*qbdyyfA4&cyynS!eeSB zo4ebtp8b`il%@X?rP^kik63eMO-!Z9?lq&bdH6%g7FYLR7lQ!yQP87Km@(Mcqt(0H zfho~%0`CE2?(30S*VDY$`n*?6LZR>+Hh&tY#%RTjV_*BIhT&gYpByla%ODmriTDtHk>M@>d4L+1VV^6=vzco^4-(m1ReUzMhd7JxS!-;yh2W%sU_Eo zYJ*la%~XCGbeNCP2!3#5%6~M8OiXw70L5`7W5xYSw6Pfhr9ijqhmx$e>hzrhj!ygS z*RAUvH}}t^YOj#K?XHhyl-=v0OE-%@O@3qHTrr?-?4*_&LKt(!=Nb=u9nQ;tWBK{V zkN!lzP!J#OUT^7q(&oUB%UK-8Fk$#$XPaKH-A&W8KYwJW1CgGuRk#qpv+an&%uvW_ zK;V*78M;7+I$v9GT!{(pKB`0eNa zi8lT3XK(Z`TbX5q3&}Y(K`5uebAlM+TmDHm^}p5OqR-=ZDna7%>w119qQm7TLM3>) zb_QY2OJSgqD>C;ln(%+9%>U414o>>8wA4H$VWK1`*2CJ(F9XA*q@+uK9}0UwY)dK$JV}hgYJ)rievV?{Ea1DiaGox zhdS-Pa#%@s8hBjz)@F6IU6-7SB~Ia9H4NKHN#fHT^%d7}8V(QYSk^k$WS_5T0l`#4 zZFL7;VYWs{vNg8yd9TaY2;Dww6~WEdoZ4oSyCG}s&EUtov7;bQ_t_r{*G==2{QQZ8 z-DT}kBu63DjLb7Jxy}^JJ2l*4ol*rX(nG#lSwi8jh3M0AA1*Mhva4gg2h(2Id(Vj;_?f@@7L~xa@|i}aO(0)W7D0Fz$b%UAr% z40=B1T6`flU*_6^d0)}C;m&qDf#;-iH z0W;!9c#T6?0NC6z63<5N+etbMVx-I$YMcb=k3qOn;X}C-n(uhlIyhp>e3inwkE!fi zubN1xcQqgq42i2@vT^Gj)aB&mGvyp!nIT6JXJ-JZUm;IHH<@@J<+@9ZfvuqfQ|-$< zqvMcDN_9FO0#=Q|cx}7Bo?v2Fvt-&H()ZbhcOim5FSl#3@Vj-&hiWjtMz^Z1x}{PK zsf90jPYu$Q4x4hk2GIyT#>M*}*XR0-k3;uGldcpIH{j7+wt1tn*PA(uFY+?M1%1NJ zO&4ZW_Wl0hLyLo1CmQm)lmy`B;e-9Ua}K$^Uf$6TDxi2&JIBHaJkou?7E1St21HFr z?@N{Hda_a?1XYK#0=QPz6V`yC`tvFG(2nxx3goVG?AM-;{VN5l6-UPf`T=oIW4=0w zER3wD2IGM6cjb4|O~6`*lw150Tgb!XBX_AM8hJ8%8s3*A4&+z**k7X3gTdJFQ(Xs( zkNNq#D5c4I!g3vdviG8oZ;Ou(n=wo{yk(zy3x|2~r_-G)vKYDZT@DQ+?6>WU3| z26nZ>h;V*my-z9pm8&9h%@vgIJy)ugPspF9U+bxj-FW5cKd;NQ=egknJtQT4`0su1 zzr6awUeD(G&C8fan<(%};g4x0(%6zmYBaPe(m0={MJ^)L)VE7N&`v2O6oQda;hsho z4^Y@O-8zX6r4DeHZgLFDyiEC9{op@rT8Fiz8dz`G#h(>j9s6Hq8Lh;s=ALBcIXXYc zTJAN|-y_VAaM0NU1Hg0c(u+&C6twAt38!IgM0mGqHoF>Ia>sqKK;8plsIkE@2I&Fv zRvOngtd-R=;3XC3Cv9EUTNX6hC}x;{^c(AO8rjDikM`?Pos*});z6EzT(T%zQE@1dt=0BH{l+gP9RODittn915Z@T{n3Q<&z>t)`gS7gZ) zXhWv*7!+>ONdJ>r);J=3pX=JDOL`EP_${B#oyEl@&UR)#+j~HR@12y6F+&Lj2(15R zh_>v1$zVk^ z3E>BHx7DX!k|3cFL^1e(J`33X^uPV$e}43%r)c*~3u^H2+1pfDZtzve?Q}%#qAL?J zmcRoYONYpw9G9rE5;}|K4%4OXKtJCCRXHsfd*?citZeY#b_`J0S$7x@QpdJ8#v`~)4IDem{)*nS48}5#8CwP>Aden5mCuI0}AAIr2R*7w!U|3Tp&|53>X`uFMg4sH} zy%gtH0L>eon+SGF;fp!RYVYrSAHi6Wx_w139*^lMJy3_uv?81*`x6sxh7q*MVM#5Y5v`h{5XQqQiGuj6ye2yOpi!b6l zyu2oJf`&Vwf=%Z0h{&fWFZyTJE#J)#bkS=eR3fTh&Du>HyrR!=#v7=qDt*RBuey&H zL4F>=TGee_AyPzc*|oCyKCO36Ja(s2SlOqR{FA}O^g0iAa3``tlHbP;g!-c5}v?93z}rytZ&B5hqjy5{nb1YqCLwU|#Y zPpHZlE=8BxAyZ`GPp8GkE|?QgH#4{XlQRZVX;|(Mi*lL0*9H>X%RwwVtgMN}<%tc6 z)$#W@k@6nOQs3th?{2$Ozqs_6aQ-bbP(}KgQ_DRAVQd`%?z$d>_b=rKJXM-L-5%b> zFofCm$1ZfqUJM(nOL&QV%Wt876~_T5VH45g=RHY(JaqoOseKoO{<=H5*wWVPB<62u z)hri}Ky_2{5hJGZO#;Gg!^OsTrGVQ69h4-Q5BC6~4$r4Xk+iAePw-uCgqcnoF#2Ac zfmHfO2;Ol%-ipOfo+_U%7(2Xcb?+BRi$^Mn^D41I6B(V6_hDW#}CVuTzMwY&sNtpin{nHXHKAx%kZ!Bw_9d}@^&5l&Gltft0 z^GZszr&&lzqM0+Bt!N!@X4uOfUHvIP)hlU^Y)gT4GD+jp6B?SBO{dMX+2Z8o%8zlmOT}W9@4|FlGjgc4IS^!el-9?zuTW;RQ+d80-W5dEMhbUveuynq=A*wq zWl?yOZAolzDVkY~r95pnwlcP`M7N9jUI`VHf8kNn);>QdMfLbC5I;%8de$r23FY%s z9t(N#8h;nv;(y-=JECv3>V%o}eS~V2FehKL)k>h|z*Yi4c;c$#bk2ix?sV21|3KaX z&AZ!8<=7Qa{gm`5%Yce##{Zm8d*cogG|li?8rHT^nJ=d^$#3qx4AR#>O$;EFpXy-7 ztsvsV~9VTBET7;liQo~@fbt3j25IkRMXJy8{hd;*lS)MIW?3F*dUluzQa?OCFo3)9XZ zjcK$hb_{ZCWh!R-6^}dia?iE7mhLzuf!oCd*V3W$XwkxhqY2n(*Y&+9xbJ(yx6Q!h zF22yx4%#XB*(O7%AKx_M$F~bd&zPPylO9tU z2FXzZGJ?qy?iC>`=Vl09?e3F}+g-wk_HXqzRP3W+a5`17D_p2(W|?Pd&re8Ob>qFj z>P|c8ymAR795kdEy5s6S4G}RX>z)?qV-D<~Uo^^|2=jw54q`SR5dOx3YmU|8Hl>X9 z1K;;76RS@pPzgfAuZd~WQh?sGcb@w9L&OP9&T z&1ScH<}_5)iwhz*0iD`=3i27twh$;y8=Mbcx5WP1qX+X7QUj$pHJ9K-j%?h$b#-cI z-#PoIHwTZ`7>`HmRm0-nUDgC77(K33(EmZdm%QN?hT%8+n!EQDf<@>5rl<0vbkd7k zOm7Md$)6xWv~=#~bHz_RHcuZyhOU^UBw?W(vc~k_p=xrynh5xPQ-W{V$uzWVshU$e zf&*5I!Cy1tJs?&%>8~i(XrHk$7#2U~{bnnzDZ}NqT-q%}5m%o(fMqwPyFr9#@AOh8 z6sOv);gNEkAxw!Yui`s2wRAb`oEEGc`+m0WoG^8|)7*wBKmUomSM^{w?fZmA7<>Lc zeV~V}W|7;y4`f}2yp(}LXYqo`J=0XGS1ICcM1h#C8eZ)k!M%2i0Hus3cinJB-F2k6 z?))l_-9Crz!sUq-16EPBV@H>NxcHtB!Pyp<=64PyY*tHA3o}k}1C;UB?JD=@L;}j?Q$_2#sCES>MtA2o(F(amQT>1Jr%=qFH-6x}J z4r$e5LF2=+gH1{LC|-J$q1fJBvHKHnmtQNQ%!vf&|GVU_F^+U z-Y=%o-sh}{VBhXVM$`5T%}*tmp(icnrzgQe)G?KFqSP89`03GKy4$ha03yEo#6*A~ zu=W0oi?+>5`D2SX%I9eIE=rd&AQhpVnH>=>qMXQ<8f&qf2z!Jl)NMd8Pwn*@t=B-4 zfvN6TCxQS6Z0(t(knHf3W&f~@zdg0X79lu3=v%->gx*D z@gnFl`J>V2lCSv@PYxcc`-M44^3pxyt*F3&ZBcN~yR`VsOVYU7f58$wXl8#uB&A}q zwFu>i-RdCRi04|E!n*Zu=$B44L&}u(;E`iU&v;b#T8QJI2pVBo|EaOIqh2C5OQ11T ztg3ERR@UM#cRBz5!gJB$P+k{w1q&!ra?k@MfT@VHkR{pX!8>N}E7OpuSaBD75YwcF zrwq^#dp^)?;d1J%yFwxfa98tgmQaVRJgfVHglR0`2}P(zjWwpWTW*6sO45tYZvzaYHL7awkg*mkBub8K$-T|&{=NH zTIcb2r%kOt@$T`sB4Mr(`yq#fXuKlJPq0$XvLXV=-k=Xs(CAI6>ax@ znki4JDNouBiBe>0az_+v|IZJ-QMtigX7HI?@Op+*FP+YoOHwqsPGKw{2GL3(-(IUW zrXad^_M~7K=qd!#Wtu0nwbA_c<|1mHo~d%ZzSL5~BcM}o5C?0C1dT@&+xkais6*-z zZbvy&5TaHSQ50)jg2lLVkDkN1NwXGR&TlN=R^M9Ju#=!XrwXfP^p`*0y2|2h4j-b-b4+=0YzVti;NfoKBo3Xu`V#)dXv2 zi6m6MR7clEpX@=80gsjskgwyyZEE0CI)iNLaYz2FOBSDx1YusF?r|3BqO3~cl|Dk(VFAo3 zvo!pD<}R?ug`YQ|(9fH+N^@9Hz@7)w(-m?-i|kH0(DOypE-zud`y9Eer-L9ZsUJNX z^sBqG8EL<CkGZS;b7a0QP~r2%(6}8gEpliXOo)8vM-rwnq1Vjq0(5MY zH-kxRSxl_CSV&tsF?H>ydYrB)|{BJhnQ48vgnK#_yGGDb>2kOG`ygiekkF z%Uu|t;v@Qk*itY~xd16*5_DZc!!ryh*M^ZgSzQW5OvLsJ!q;P_EIem4i_mVqvk_V96TL*fjEG_wtnI}l)p^uLV zz(b466VQpqv8P32XK_naCsLHtiEpj^8Q70wZ_38`B z&H$>jE2l*Ebm>QyNRA8o{t9LYDWld1?!*uN`hS^+@R)W=G*KBm9jzcwWzn2ED?Hc5 z&x(B44R%V9DCr6K(qn&W*ItQNaDWXQ3TPf+$dB(riY>}I5J#ycz^yzhM zTW>)@gTs|&p&^F}g&pJ`>7oxJCu>qruhb?H-57*PNMH0c4wX2Pp*dG|-tTX1R*R-w z>~l`{F}U6qsj_!fvpO0nK82T^c;`uNx%wUoN-6?<*@wK(p{Io#bjmHl44Sa#7p}Il zNK;EDw~CB=uwmzN?8yg(SK zfFOw8Pyq>xz+B@2T016n|Jtcx!d#*u&;wPu)D!=x>X5M-JM{#u)Sp_#oa8|+IPgj~ zl?u$NZGYp*(dmbQ0=>63S9I^LKZ^E99Mr6y^N?yP$@298qeWS{tSj~BMf%4rQZ>O@G%g6N-CMa`o?GTB+{9&ASDg2Y;nH-PIR1IdQ# z)peecXF`FZyUx2k3*SDsH+eO>rwFYA^4K(O*ft3zGx|~OACq~WSaWneq2Z@&h!S1J zN1jST8Q2LOh@XnY13=5;q)sH?E+XE|j#r?ao>=LYeSe0~aXD+`n~7#w~(}V3p*RR!P9%L(f-h{mwg` zcJEv|b%w2U2($;;Ej;+otXGqoO@PK8L~(8_E{*gH@=cAc4m_^vOGdfXhN*smYV0Z!i|r3^EoPQdmmkH4_c@g&B+k3_ z_@x(XpZiqN4N?f6#_r#esf+GsD9NL9))g$KgI?+th@P z_shXoSE^FDHYij&1p!fAn~SvH=p#(0Qokw9FUX#MNml1fug!PR%E7u9v(x!K?HY@N z$^?#%hryI*$I`J^x%8knG$6N=eYF47&lcrM%j|;p-zG5vgH%v*odS*-kySN_Xfcna zF$8$JSV^?PZE5s=V~$_Q<27Pr4Vut&8gM4;Qv4 zyqZ{E@~(Ka@|`D6fWaj5QFU}l3*1kk>c4ynCTiI?n*v=-2H&dC$e834hIvC9igxiR z>i39oWS0@aTr5xsDspqP9uzY{oh+zErlHoAUr~+9t4QQSOhgTs#e5Bt7ZQ>`48wng z=iEu6;4s@AUNX4-96WqG&1|S%Ry*^DV!S^8aJ(TEs2)VuzP)TZLP5@ziTy(F#0?wv zT;6T`?vX~uYWb$+H|4@1=%9&HXwGW}kWy=$hUEqp*+WBA*}LFwhp*d`1A>~3KP#?|2zKpmL->>g%L zEQB+!WKwN>=GFA;-U5Yy9&-y@=r)KoiL~(v>kJAO zjRA=yC!BQ-qHMZOsImJ)1BXHLNtju{(=GgZa;^6^;&I8I#{KFA-~2g3%wQr#AI-nU z=m7~B$kuSmQ=69O%&el4iOz}AtJwG7o#+(Uxs{5(IMd^EOUfLhYiPV!ElMVd%aG=!EGeCU@ zm_hEcw*Ob{@ti%Xxin;gft~mL+>Xh!W!}&@1~&9EjbJ{I?QJq(@E7D4a)0qQ-_=;~ zS<&G8`1kV&MEI#@3VLNZHG+TUJnqd+vi~QGfv617w38!qWk8|p$@{>}evK~RI-H($ zv_|=Gc~8$9AtuzL+nZ$_&fJB;j_0~1sVk(%NuBNG3ajO$;$|KYb$AxNX^oe+GIyCu zn2khwx(9vg`1u7747m>MupiuGW=|_CEHV|m)2+-snzZ}uo0`d|&NJP!IsFai8-qrX zd)H)Z(#3{v;n*cgAK|ig-Q7KB{s^IpuJ%&qiM!edB#5sUA%#<-?&S&hOFxE)+Eba7 z5SX#>7YG!84d{ff&>pBEA8btV&%pSIxhL(oK(QS z7wb(?*6FB*)m0=y#HiMS8`L@2b)&7BA(z6YqvV$kvnGc$_qNC>$O`%P#>icLl)ljg zLWJIYd%V+qXexB?r>*|c%5?PL=}gIrr+c&3(3eSfuWplxBUcs|p6_-w9ge5Z5d`DA@toc6Q<6^bnSl?{(V85~U=^KAzl_>niTHUr1 zRIJbY+PBy}Qz5Cl7V4IgXUV85Y8lzuKGYAFqcu)fOzRdbp@(_Cx&qfE&%`F~c?yj| zO5bvxSawcC>zKPcuX<*haDyd!S)!Gsf&YJzlRtl=ZP0JS=E`N{*-brjQs=Z0U#WpC zS3Ck4T#^{Pxee+U!3+e2thGXYc^Omxfz2`u2a!Re%InBOrl8}%~6*dZb0YS z)%DkATjgo0bJZEAQo1eF4%m_7lqq(k&Yj~S%+kjtiqrB_@Gwxgg^1K9T|FL1T4HGD z6?|c+b><}DH&*WCZ>-LV7kOW^Z1SG*@*WSeS9u6&R(fDE&SeU zX4KH$LTp{pO?rAfI2y)re7Ku>B72Pd*ndFMOixV0*;IC5p zPX)_6ibk5_WeS`%EO9b`ESF~r&3oMLTg`(%$xsg8?cIW(gLP%_Li%U}sO167=|me* zhaCfZHz^>nnO8&^mhgL=u~*Hwe+U(iB0f} z@+41+FI$(TWit87EfTFF8}>M~7jJ%&{ql&|--hm~wwqU51eu*RedLmYWdO6^jYM=V zz>V_pZDpw6cqS%@oWibCkHatbqj1Tk-i-OnXpT*_SBFQ?&Y5LIcW}ODq}n4!L-seJ zG(`kwNy3>jRp{L?6N9GASgt7N44Ru^%X2sJK?wu~Nr5(C(8V1V1MqrG)Nw!MD5E23AmaH7 zK6WG$3a}r&=RlhEk}`RLFIP0(vO_Zc{a}4Dy??(-_Bo=lzmcZ=7u^ZUxiwE%!Gw3P zyzkh;#kp;JDBM=#O}8wj76$VShUJ^gWDs|3>*7eKgvu^uXF?K7OttqY2gcq)+%2GQ z=dx$D#G9MwZv7^(M0elN0)6ZN4pJ{H&dcT4Kvh$Pf9{;gS>)l?{dFary%l#a=wd^; zEN=SvtiqH0{n>h$C=aP^)B4c+$+#X&(t=!N&yqn`m;+bsoeYOs^NibSBhoUlW0c~h z@634K^XZ6-eijc42jM|nnQi@9R=h?1E3f;vIE4%k>mgNnPys#-qC^ur3_UEi*wOA2 z$Wxqj-Z1Myk*+6&O&X~9*j;PT=@7Fm;#&V2spbfE7_2Bc!fdscuJH@x>?p)`kCoU8 z>QYRXa?W^>{#x|{MN$Zsp?qS9ukO!hKyYGhg83b#69#2$8H!%IX&*ZO&|TJJ<%+-M zH*ib+Bmz-s(kQ=s9V?XAB>9{0XUOj@M($m-!gMwRHFN-~{!h+1&RWt$bL=BT=fAV>Jv$}x6I2#?yCnqDJ$K0 z^s53yH!oPd1&!2X1XFqC;AUc`&rO=6Q(kvd2t!`hDUE?Tyb}h$TG2JjCqA?&njTm; zSgzKjAjKt@c)3jck3ei-e$Gns)CpLy$MT}zk-B)R#Q8VZZgN5+8M%e%|ga%4N z%WgA``^Sh0HyY*l(DgL_bu3&jp5{)T75o%QcroeqCR#jz#;iw?ma+QrFx}@pJt}Mr zYJBn~Wx?T$y^0OAbMwgkp5B+2(Yo!LO)LN~@+bgNa~*v7szLUN&r&z7V3T^``0MfY zIIGYUcQI=^mLTs_oaQ~KsnB8#3YX(QnLZMNrRHIoc?l_~3-iIeRQA}4i2Vt8=FPjm z1QVEwy1%VB-(_OD4Ho*pfhlm`7HzL`EsL1UBIeDL#(ATafwo_qyH5q`?!Mx(4az+J z^h}>x#m39LO(&r%Fgqrsmn0M@Nu7(6@Bpd9=3N)OoRg zIB&Nw)f^6-rJW`UW_ElH3r9?Jw;3a*!>e$+uAc{y-}Q!A?Fvg=dO@G>weD;-+aw8s zDc4fehUvE>C~l*?_?B)?-MSYTsDHGr~)=U&B=`Hs22e9&Y-@W)ZfqA#k z4`@h6#bnROfhLZU>^D@>eIlIQgJEIz2 zT?+2ljsG(u?|T!&ME-Mk2i#?yeeQIbG7@^9RKp?c0NJ8)#*ANAql|mx328+gqCw>qB@#Pbxh<@`z8xQT`6R2{_WS*FG_~$ae5i8qZ z7n8BNK4Fu&LkDB@!Hkt4ITPUtb+_2~8Z7$I**y5uS=uyS1%?gWTWYH>j01YYYA>2p z5!X38ykRpRL;)zCHn(#xJ?$}xrdtI^EuEYDT2wdR29^7BHr$@Vy~x&~PR39uhDiSPFo$IX8FnE1uCx ze$7PJUnOmwU+B4|Jzgu>>hEpUibs3cAI{-TG3dVUGkYOT$N5Fjfg(gW59UV@kWqIq z)71f~9->WJc=bqF{lH_bzFEqMS4P!xUK7RSE#E*Xvx`^NSiWu7HnOl6S&ht%84F-x>+Wo%`S~6kN<2xs5(=A3>37wZ%tB`rj@#IEU7zSInI^iQt z@@TPx-o@k5CCNnGYqW?|ZMQsF7_|JMj(QS<&}^hPUVpk}`o-1MxzNp0VZ;n}bjb5G z2)mvpTAB@|;mMbsIHAQ?5_IpJ$MKMjIWS}w#${~GE79qARNb6HKi_=`1q6l~nDdwl zoK=LlTFl2`#K0{Bs&PWD7`gjkTm3Q2moJzeD0V}@r@nQ2Gv_mv8nDyqrVL?}L5aZ% z-P$9t?K0mZ+Hv}|ELDuNCu}mUV*J3yi=knU5@tDDB3>NF$iZr+fnbLXN(4KGRqbEx z%WQgYnG~8FYG{nR93o3*(PSotGz4bM@KhQC_gik_?tN@~L?ON|1-mCt{$N;9k=U*l zNF(Yv%SF94(?(myUw?yqj~Nf7P%kmvQEkROQS@swt*8y~dRUJ{`rW%6v-}9ybOYExHl_ zvRQ7cMYvmYzrT&%>H^U6Vh+QWqkiYkXFc9mldhH>4=qly4&)iLqx+p7FKNfOM--8f zlGjPrp%Yune2F@F_C2P3cpU=Ll~UdM=ASlpA-12wKqDkjdNgR+oxa4p_^nFafTYpW zOXAqTDqh~o*PCfN%w{gPr+uzBkz@Luq|tRah2N_OLz9Z`C{P77Thc}4TUh7LK9g*U zQX}LhCW+0#?_Z$D)>q zb~ps1S~{lRY|>DJ#Id@~ZSjC~5aFPaJJHkC=I|CF-Uut$;L=oe2Lu)o18U>(`8ayY z({!QfCDn92i3oLf^>XlEtGNVkLl?czPEkI6xc2UcyrHomQW5GQik#hf+18qf1?#hN-p=x3M6Ug$`IMhqhy1iG( zVR)9!{AeN_z{fE*)rZ2vi+9?(S3GK`FgVQ#QR=evOgk71f zu%d_NhA@E7C{J&K9N^fE;6UhoGK?cJWs1skehVjL9iB-20&uR;;m@lYE5Eo22IsDvID}SemtLN?!k8Mg5eHHy~B#xyxVJ875BP3 z@yF7Ej!jh|+Tdf?sddXlbkdj{ivfz$6B_Ka3&pEt`1t)`OuNfX|I6H3H2t@uNuILa zu13*;nXb_*#hK39+GKFU1LdS~3Y!VRm7?!7EW>v8d`mptZAwTd&rBk#i{7Us?=@z* zjo7}7RifIuH1)GfJ`@?mb%e={>x451KO)HqT8R}fWhEf zD&mdq^06PjN=QfbVWrYd$4yM~QrwiDI70d;d9AjQNE>6 z9Sd!0`Om7PpP?cUi}r1(wOLz1&0q25=i8H*xp2lva^7{T{MazU9o{VYggM<2q19!$ z9;#;D%uTQQ_$^@$1elr^^tngOhM%ZoK+)LEg^NYW+0@!@|hSwyW?C)p0vXFEm_8A~<7yE^$KM$SS zskTIv#k@R9nInC!Te6$;l1Grma^9jWqoF$b++wsYT3!RINHpi#_^MvZkPqsXEnOmU zZX#&lc_AR5Jf6@rNqxAYqo^d2;=In^Qnc)4c5h$^tAXL=PY_)>vwaUJj!i0I0{erx zwJG;9`&c)c!!UC7MK7EBSg&~w6%B{1{oOl@p)FAtHM-Oz7WXuB;`TIMpBIq7=`rQp znc;Rw5jeUHel{pyhi=oIuG}wf&3ZZW)&K}d%#7$&+;-h=r)#kLHqEQV-#@$IP|ID8 zgC+TC54!u%DJkX!h9^((o`6P);T7@(m2cCy8UriHh_Db>96`KPM$ebdeMWj&Zm^{@ zlvK@C4D%L6@dI;94c~Zms-;HXyTH3c2wPlXSRAoGE`6!<=9thpP8sI7u|F?g;@BD0NQN8_9LUnI9ZF%-xr4JIXh z^zY-T{_^UJdAZLu3 z;3U1rC#vT-ue;6`6v5)2GW2^AH}ki6D_i9zQbGw=+y%UvJ3+CRE&y-D27eyn0Tgk&Ir587d>5DT*&VwbXXG|Zsoo?mefM~J{$5z zKu?v9T4~OOoc92&4GO|Hw+SWjy?^l3hDpTk_Ez=)(}Bvj;&t1@(Mq)X8+DyyN^JEk zS6b>uZNf5{G!Ffe|H13^+K*y$hhdhd z>&>#VPJefM^5^^fi1BC#BuVJPLKKwfUW`uJ&Ixf7T3NAOd|T7XeW8QcvXcPptvNM| zn4}!7HO{utEu!b>w?`?Q7Xd$8gM))V|5bFuf2foA?>3Z0a(IGK7ThTimfMiFnKC_# z)Ed5lp3m2E|Hvz9^#TpuJeXI@cBD@IVo?#P#*Mn)w#?yEk~SZ)y=V^nlKG6Eflicr z*tO!e8b)`wsub1+Q9bD~rggf0&&yTPMnWps_1tEr_UDL}*^@d~mS}4oGOYFWD)+R7 zwYEDA0b!F>b_4@`GLpny%oK*S$yp{=-{Lx#PMQZ8hj6nk8D26^(httA2WMHj2q+e$ z7XI2{|4?^z!diu?t87|dH5E-Ec|?gh0pmP;byg%|e@mcOQmsTCFODY`yFC*I6R%*J zNhkz%eQ+2;_&u3&EpoerU;_cgrA(Y=e7q$!JTDPlqr4a%@JumV+7bwA4XpiX$1>Hg zS#J}WZ4(euQ`BoJ%3MWzj%`4>M)Qhs_vd+P517>-*k7)lRao%-0QzDcuE7sWtA1!; zqg}!~P>RKphz}4pz7N1`YK2xyKI0<{2u!uKyrENlg9M9HWba!38{8&mmm1q&kn^E6hLX(Dye~34w z_@MftOpPxK4Mf)GRBP~DsLh(GqoL{?1sg$q&#fP^+j$d?A zqg)M+g`;TF(B+0zl^+}q4}@)X)(9bbqp@WR?7~|;LQ-;b2JmJQvf8ZsiiMbMaaJ)G z%-jIlxX49dGD+`^EgLbGAA$^Ci$hv-Q?$>P)@hnwLaf2@`rDKmB{SS4szKveKqTC# z05^p5hD6)=r~6zt4MSuJw+aPspvQ`Z=!QkN{z;Wc8kfuGFOfo?`ip+?@e>K+0`r{R zwp6bTlJ>|;6i8>f+Vd?*x3!lfTiCXrbE#`i44ZPBtsy@2jifV@x%X;v5V{mQOlcD@ zK^bsQH3UQIqbtG-VzMP)*DctLsv=Y2=LMj6@I?OnA%VfABswLiD$vWx) z=ZP1Z+5olxDD#^2!^|348!-U1|4>qwX2r$38w%Qp`8?BFf}8bX7Xl@XLG=65e9Hud z=^b;nn?%bG25vy_zCwDGg;`|%STjkovjEaLQEIcs9%K0AyMO3or|7D7K&0w#tS>?c zWZzYY+CeM|;K8l$uZ>qaxO9>^L`l>em1v6B)eNQ)M*RpO8tyBfXBHh$RvHtRhcS}qbXnQA3sGh<@RoL1Jq5y8t5`H@#J|z;RMr{Lh6qz6XpmmJ{<%g9Dgh< zIqcMy7WZGJkJYCP%XE4+e47>%KXVnc<3aZWYcB0u5Do>ng)a(cd}<1NmK$ijSYJ$w z&7E#cdF`SRAe4*nqR&T>CCwF-0r{pLA2>y_hMHBWnJ*9DhzdYMH5p-GtJ zp55i+jIpfYbyt4gj}<~@U8{KokxBS;{4_M;9C^_q=MwG^ zZqc1aQ6jFOdhaHXc0S>FxH!Z!fuPX~5Hq9u{4dweD5%8GMw&DH;M-;LKiI~9ZBieL z*ZLh4pT?_YP6tIusg`|g=9!*Yu0>TQ6dnul>9?@`n1a(;qr}OX;}pY6h(j!t?^ro2 z;lLf#Z;z>hi43gpcNt(vohH8ft5~=pKW()GmtUY6GlY+Kg_)cR8#A^{tKd@ z(m`sd0-{o+h7v##rASkH7YLmYN+6T~Dkz=MdsAs5y@rlR3BC6adM}|!6>#0Gwa+-(`PLmcaPnV z(Ssj=UpiMf$0jPoUC0L}>cXJ1WyhAklMYCk`uBL!A(CRb?!0{U;a5Md3^e{xtbA}A z9o;e6z9s;C*~Szip4aBdkt8iDD#3cX$^HaB`RDR^|6D0^z0dM`8(-YWME2=yv?Z=C zTZ(+gvjHN{GAx{Y#<8WyBP&{&#wGa}ipeT`!CZrCMa>CZ^AVHBu8_^f8VMgcG3Jw!#+jlHhdVv3bW-L z8*`JFW>~5sDv#M<={jUVLA6(NAhWH$@+34@&@5=yfXvraViQs#5E)S+WF6Ob#D!CG z=5Jt^pLdhk%l%hta+J*#H2#jzqFP?^R}dfkCYk7#2JxjvukrR)_507(OhsN%Y)kFB zk%|d54=wrMWr-7|W8&9S4>4YBHh>=1Ql4FNaYP}yc4tds{sPH8rxDpZYt~gV^MU5;;soU1NmMz#SX;v)X>t~nL&ZI%PPt5 zf{JmHwHXAFkWF+n+w5z~&=T?bjlie>1;pj!nQ${n8W1sydx|0Tl9VB84_pBR!!fV^ zvg$wiTxEyN?WioW!hI(GXVt9qH_oT5zO{x3t2)qZ?L}pAab>kjMN!(pk|oZ|S8xO+ zCtiI6e1v(2wS8hK2F{ymy7D9CcT8__T9wRcKuO-wB6lgcLJy1Q|2#Pk3&O|Zx7zeF zwKe69h=G!y!%6uJ0n9*hJ9_xnKmL#CJlWQ`e|SV z*JfVR{9g>R%3roTs3f!YeE(pyy7c9E{imAy>I)UX6o1lUUmLmc!tY>#)xO7G>Hbmp zeS7jcW}&`$sFKMz{!?txSy=q%l*JP68e@%wG@o~sOY=2o*X?r5{67P$qsK=l+2xpu z#d8J0VtbXhm)Tk9%PuLN3HQwjY^ZfhaGax3`sR@rnZE)(^gkZ?+tMa|YfF$yNeLE- zu|6DfQX$Pokfx1B7`VE+xH@+2&DM2f`wjlNPyf6MIScbkg>M;k^kc&&p_vkvm77$6%_%0(sOnWQuX$$mt?gKa>pt02H8b^ z>LatktxmUjQURUQ&$ee8gi9CmBTr=u3YL_Vdx_?`KBs!KOq2S=1WTnGm#<0I<+gz< zHb#cVY1+?Ldly~yIZ*lE9ckdP$fj3Ny1CBL;xTdZhRdBbgSz(+9^@x zc}*VM!V>VF;;jOdQ>zO4NQNxiQ}Kj8809jrj$HeV;O`G6ozIq9X%D&ZJqeAK3Xg+H zQ@FRIs&3@cR*l8N^-7^6k{4~8H5j}|E@>BhmFW2Br@;IrrIzo1vGz#`jb=G@dJZU& zR3D$w^5Nb)wT33$jEm)t?<&i$)7-rO$8|_4<9wk#_V~!e_7`F+OMl5GO#<2>E1K-r z%{WZ2N}J@QVI}4?VIPxr07C9WLr5-fEW7%|)Z|pn=4H}bfx*7nq>m(ob32N8+j0NN z3HtnbIRA0B+&_MA^mgNtoZZ8ye>DZnZnHC%WdKMu^N=b8U%O#MKQ`12co z+7bNYs$srk_!p;uoIjVNps#7-duI2_w(qIsHc@aer}-kG^9p)&!1tlqOh|<&7`wOvZJG?o=+c>kN%Vu zk z-u|&-Vr9NY6iYERHB-pHhu+@|30&!H4YT+HTlUKQG^S?KH=*_Y(+ARvQ1S4KKEb_thwt>06jDCXYp4>W+NC+erS$T9Yf=bobKH*M;9T@Q4zF;E&-!J0rW@ z*zE9{{L%W}SCKb9LtnR#b=in^-sIXeU6>5k_Pz3^d`3(I_Pi%1DaO_@|D37bNYJ~` zFPrrN$LTENi~gW{s+LkPh}9nUW8-8G_B#E>L69+x9p&-MXkRq5Rqe?=AEkJhCKhc@EfvOZU~36K*O2)ipPe z_mF=UbS=Cp1dGkNT`^^alXZslx7t2nMUccP{Ia}uD?Ugnf4pI@Z1zM8R=@oKnWoeK zT2slEE}u=tI_dRhHXAq|GD?Gzo$S=93LPhyF7WJ{5ZA1w%a`D1~S({(!%h#849 z=X%m-CWWiI5foo03?ns>0fC!K<*$yGYPrLnUNA6!=Ybh^E&!*pG}hW~?Ml}? z>zT_GaWxvZ6Bvx>u34c%gVQXdWyGL9k>oICXDV-~(ie9fgNxLR3WqJm39W=Q+z7hdR)D$6U4`g6Al(Hfix0qHZoMAl351^Ky;tR z&xygVcsmTOp2?N_lgli)_kjXmvME;PR<7-<`mqq&?<@suG6+tjhI1wq5IHQ)xI~O4 z|1^`FIUmR|WHdT;uf3vxz$Dh2ug-R{1{VflyS+wAtgo3Od$jA~5&XJchVHM_J97@j zqpm$5gzh}T$;CqeY|pBsukmv;FLUg`^?8A}BG9@GKw!DkoVIZp#-CY;>6>^Ftc9@w zo{6DeQ~kNj8Ic`peM#!~A`CmO*c6{`Z+iBt(?;!_$ zsM#Ps`Ev2qP?D->UQBufu?Eke=Q56P=jj#N?uyBgU9Up`6qs66E`Ff00QLk@k!q|q zWOQPCVh*`p_(z!k+6zBc=ISM6~wBAbu8<)vRW#;pfOvSs}8sdoaV&X z3cVdhn-hQ~ciWu~f`_YJEvdSdTLX-ZVSPm{`BN1O9< zMo(VF^(a0gAfA2pB!M**&DiidkgPhaxQS(mF2{~L911>-m%(36ElFKX zOp(zF#jePRW85ZCmZ}1U5^8AEL)k-R0|kW|*qjOltmX_-2s65uXmnM#(hw6+{fkX5 zo<>Xo_LiLWiIItf9k~q4+!F#%qj*I!oa&2;35|}K6iA8iMD1DargCRRtD}Ov=RK)@ zPbxt7hkSF;3F+2Je6}axt6i@^4E^WzrCyUcwN)eO^?VE}7MOW)%DXsiM}0#O`Z18} z_2V0$Y0|N;{aOzbUel^Yq$->I_m-&c z@xKZ#l*jmWXRsw%C8uXT7D(t`U235YP%`l~FHfVcybb}&|6m8sMmcp)3Ebuw7#h(j znE3t-L%-_(a5gDTtkm8wGzV!Tdl)@Lapl=i=Iqx@WPK1eJa%xrGjf31SzLX0oDxya zWopKlb(D-vWl_Wi^MXQlfTS-%M8#e8s#d*=J76yzNR$}EZd0Z<@7lxsLp{|b-%6}< z_12Jp>!!|Ac*oV8$VxK$7q>ga5yhG9)ug7}v}iu2AKJ=@y1+O00YtN`i3L>PQoGxF zd!bF6i9yL-&l664waVm|nDDNy*bf+~{#jHK>#Q=tj$$xxSRj`tt%GOJv~XeulL=!jSnl z5z1BS8Xw+ya>h16JH967)>#}Jn=a--%0+F;i^wRPU6>_S@RHt%0xJF1umF~;*@o8- zDjkaG*hZ8Hy0S!5pZvblFHX-WH7+JErDld1WqtXY!|!u zkR8f^p}W`m?IQ&QNqA%Gcjc41K^(uT4osZP(Jz=-EagW&yr=3)#-f(D;Pdq(pZ}G0 zB_1t-Cb$ zg#yakdPECcqGCx@{&7JUY*^%azP%CLZqr1TKXe`1bpNlNkL_O8+ylnOq7)Wg;LGy+ z%RBo+nIFcr_?^t};$9uwj!%c{8V^MZmPnmrvrx9dEr+i^OAYSYzoEht$KC!R z>yN8*FP{#5mK2XaQW{J|%%49RW?4U}Y6&s(BJ`Ok=(Q@bEMESYm|=8K(}z!PaCa_S zryfOo1H72mlH+?3;s{o>53>|KU(d9>%Z2xM`=6E*|9732TV4Nl0rQW4RCiMq?#66P z>2~2YTdu*B&*HUnD#QRk^W?2KYF#z&8;Kp)d(pLAZTX3YfKt-N_mOPqjwut@4rX-N z&)ki_&-`FoGTYr1Tg;kRj&>V52_|?`Y<2V@y^~QhtUA|i52;qY`C(%%&wNwe&Cu{( zr|Z4e*lS7@X4#hia8zsknxEET+BN-2lUK3h=X~!(SQ|U{Yf4dhY)kQjwF7-Opq+O2 zaJfI~@c45Xx*K1KAM$kGHW1*+uQ)E+d z^w#aIR8>vuZNm{Ar$vl>qhE>5R?WW9 z`_^V#LNC~&X)*a1Psece;KFy+aCuL>#kU*2?L}e~TWAw99T^#OK!S7vhXp99 zDT?z?ORM{V$A;SBAl4?j>d>WPGh=#gh|9C@r%h<{iFb9}SH^-5^6~0aIgJ`=Q~uee zDKRr%b{oM)u8+U;Qr9G#zA<)NPzVUhy()9tBvMy>Tq&H3GZxG^i-N1#K~-FX^VWYO zFk2-_1exffY{G3jtT(iq_j^2@zIQ5sLa^E9hbIh#m@gB1n_Ev_8}ysXX)G^i=ZU(F zSWg#7<6*eS_tFnC$fA~PXrIIU0g!*-pjYajVoWvxmG+?HDa9*!&&O zw^kOv9{@s@fJEvmE-c(4>T5eN=xHA0H+wI=8uvui|E$GCNcoX=92ZYWva)BA%U;z% zqGI%|-QuCM3xhs^&C z^xQI;XHw8IJ26EL!|V&aHZ>lym^MuEPY5dx(}H6TLUIu4aEhgy&VDFPUq@N?l!h!A~O7PdTWw@~@) zYSF(m<}KQ*zwK?v&krlWKcaOy9&;vkEp3iFg_>`tMG8ZwS-z2C+eyxS`!DrLBw#h` zk77r?A9%XnEX%uDlgZAoZq@pEvfSAIT5y1C?fIiFoPOFSyxbj#_ z3Zg(s?CBGXJ}bX=SyO9T5P6N@^;??lRDm8bgO?|>L!yeG7S*gmo-p8@{%eB*p75H(XFm)cL(}@E`gOZUier&QwaEvE zFFTki#JgbWYgu=`fB(+L>_vTHWLV+Uf4j-Yagvn$tt{Cv1P2Snprg_6#Noe&b$TbOi8ZNqQ#}LAtU==iS-R3-$ zaE#S~7=tX#4>62E#zZF}p%d$8S8b5T>kSUFI00MkJ??n z{0LIDajjo|wY6gkH$aJZipS$;6HdDO)v3$0q2~qCF^y3C`9{>>3RC#p4Q1q05=U1Q znyrc2XHM*#)`}O+`_(Z>iVtUAha6`h#E>y1EZ>m_kab^%CMYvo~Y$)SxcuU>{Igz{c+ANnMvz|#@cfV$b z6AO+3%sn%ar+M6sZHP=|*}ZI_f26fgF>xu#CmzvYn|E(x0>u)w@Pu>LNM%W$9=&p2}VkZvch1WVp|jz~+6+R$Vm;v|lSm$v!QXxZ0b8 z_Bu*HP8%csH&lA9U8fu}`5yV_-kuHgnaG2v&Hkj&;DFZA)02u-lT<b!$m+S-l%MI_nw8 zP8~7gf+1>Ib3o1;0Vls48IWjE&ggEfLir2&=}dS9uk&VQD5j;Y{;6}gRzMM$7<2xG{=ln z{fUerku4Hu`Ic}Hl)NNiM0B{tbuG+@0tfJ%<+JYJ+9VYh^UBv}B9jQpXX2Qk z7ds->FC27%vocQ6lVZHW-#A-~{ z;fL%#*;{8j&r5q`cte^YDa!cAA!kl83!rq3c(rHci&hDp`NjJ%F{i7&3De^;JE zQ!z1?;e1g7-mDi%l2uSvkW_qW7+TfRQOx3vhLXZEf5=@#D*CbI6|ybdWa$Y=OmYYQ zy5@&uk2mv}z>2-R|KK5AZbotJ>y4@m?9U|8rW}tOR}a1jqY97l4wg_$p~gH5U|$5n zm=F0&pZ=y{Lk;LyGy9#i*T!q~woKJPYea%caq6hZMk2?<8p)~e=-}wx)HP|veTpA4 zSL`~>+Nm96we9H{)bRpq4^pNl1TcPQ&b>~}pawYY;7e*j!)YEjy7f ztk92?f>G^=yTPA4=O8ssrWZ9VxHB+(= zOSUg$T4bZQo56i_h1CeRBvbIO_}jr{6PKrPauZxnHjAK71tVv?ddAnIqCIah(Hbq* za-FgNptt)^Rxhs~M_b3nBUgSJ0KbL@VSnqCZueCeOV;joK`uiNr#MPBDl z5AGDap~wA!lC_O}NKoOQ>g zAWnV7jS?G{l_CE^Ujl!^amjl9hAzxbf~)E~SRG>$x8+y*#u< z>xdlv3Y=3cYHjDKH$9aYD=~$fw|j0kJ5=JBPmN5DD)LJWns|rrLQPrz(S-UGn3nv1 zv#Rv@%oXz2I@t{dUSw`UE{{yE^rU@vxi9@)NKAtzi-hAl5=%mMyW3hEmv~N+d5C!k zNI?FU^!Oh_jqA5-O-$7iA|lnC?u*bP)NLf0r>%d*eVhGNk^lL3)4G10A!+H1FHYJc zKK`UavK7zy4W^9F=00xGZn}LM0J~TdO1TcVBQ& zuvif8CI{8i|HteaZ|DZC^{O=H zdh|rsx~{JHg-rdLAA&Vp%D&1i+8oVB^F4c}X!%bRp8wrhHkp+VEp76Mfe&*fz-)DE z>{EbY==rykG7=|_X^e9Vy8dW5Rk1TV^~Ka>(aC-+&7$4{g)hZfqKs25?|6=1!(Q{L zj}|sPD6ws}c}{{~JIEf*29oW&fo*2(-pQY+yz!+k!6wXZ=Csok(DoL=VswI&pUD@idmT!2 z1ujV?y)7C|jt8n-C)YDlCu!gWS!dUZzOD%;9Q9QAY^<0Nawnl9;8)I zn5W=#kc4bZu=4(p*(q^(Lslp(@X1*$Nrx}+Sn0JN{mfgem8Je94Mnzr3Smd{N1B`S zJMx_PYQWPZfykh=;@;@Ip2+xbHtzjoG$hHrQqCxjePdK9C+cgAcrr)q&Gpp#D`h`e z1Q6duWW)yq?Bw#pO?HD@b1rXF>O5z75StzHNnodVX3YLMN~phca3<2qcOY7bt z*To>CSPc0I0QW@h%gr!}#s`SLWna@bULn5n_~N#HZf}$vU=Qt&*{!*XR(a0c{4^na zqCmgS%s7FFJcNnQlv}2ie+@qq=ePy-{z_)ES>3;AXlua z^Tcp5fjlv(59~L8x}?h(KCqh>EpLz=s{UBhml5crxg#01{-AkCNz>4eD+Wsuax3j*Nr~wfUN1Sx_H>VCPZa*ccYdj%(x2|vpxA((DMM~KU16}jS}~db)0HMgWDJ#9KY`6< zNWxA?Mi55M>15U!f0MivnDy7%C8ZZ^ji}ku^A(WFL)bX8&P)h@7{sJ$>|Td>&YQ!l z+gBd09_SnzocoNGJnf}YX-B0y+rc#2uSr~obGfsO;u%sf-mGB|pRlT3O%Ee1*jvaR zIsLL)DP&dH*L`pZd_zuZMeKIYR0}p`c$G#YAxKoeu@M-CdX(nh>@3&8o(M3L$?im^SF5w~G}uhsozC3N=Bkg=wizgGxKfF( z2iC@|ZK~a#*)nOV6CRq`@c5bJpuIeZ#3HEMdi|n?x7;xJ7{JI=wO=1QHcy7&mP19D ziRl-0{II|^FIPv6ZwEV*o*+V$TVSF^#lc|Eh~W54AWu}jU~0Byb&yFcgK_OzW&x~q z&X9nb3hlPqKd1jF%Z|x+mbvZG&8|_j3RUpz+JucyfM%LKPj&W(-Rj2l86&)r0D-eD zTj86RmIvpvX3W@6Y?{1d`_V42hzwv-LoGnUCcwAdxg6s`OIzfUV)EX7(5a22}28i zU$el0v5v{ilFIiTf@+!%+z*45C%UaGs*!@WnkkN{ZRij?bAbivC5~ku{{gc#N?Awp zq(b}JN&O}b=9KP3b@zxhn;?~y$g~>8w~{ot>xYNudfQKCE7J>YwKTSc$9w4OKNzZ9 zdss{o7%odR-;k+UGGPArxzUyhAM6YbUTbhGwrBmZ`*p2qkgZ*smu5u4w8bCqDqPNb zdfu}N2x-dSKpU3WyjU&}tDb$vS)G?m1>C!gVr}pf_ywR^t(R(J%}C<>nl^^F)Ygzu z&-i5-v33om*A~d5`YJMOBsX;IX z?HMw|qVdae2#$ESp&S_Fm|j%2WruE**%QNh-&_GiLPH!(h19VYL` zO@&*0VrUfk7|pJ0CNyiQhVmzM>gK7#CVL-yl1ppXIQY3NEEh`2U*-%TCY(y z;L8YajdHES*dVz}{ZyhFc&qt?UXvP3_gWq#cXPd!Edp}-o~DVJq(1?m`Xo5qz!Jty z|1YEN);I}ufJ|OWmxIBgFso^5C)kL!w|BY7prvk>XeG3TwfX%+T^T4sy*2gQM1 z7^62+s1x5_*^McV%~ROtC|lV8(Tz7T-t+Z4VI`e!n9Ru9M==mrOG1fse6r({2$hz6 z*Vb=13AXGps=&uNqV>{!2I*$>FZkfJu2&JQ<(!MR@FuWS?91Q*$ccEuf5%0nUVk0MgMQ3qN<+#+vz61%ZdIL zT}cuduJ!#OtGVRCN}70ZXzixa@s70iWemQLoF0RZ3u|`_OcUNA#Pl}rjoZ)am1gH3 zB;4z>NaLro3|&%#RMgU!5jAwY>pJ;qOnwEw-S($wjFmxPR9vmUEAtl%`l)?UaLbqH znIT?F-AlcR=Cx#%z6hmVsw3_lQ&GM zG3Hg^n#nWgFF&NLfpbpsCT_h9{-MKHZwmsy+KR}_^fkCF=uZBei7}a4Exsq6&9b&b zdAA$v7~B>Qg)X}({$=BZ^xfv~yBRcggaLhJjV8c}#rmz6+3WW96fqaOBP4$4f~QW3 z_bk7p`};l+^N{{2LT=Eeapct{A_S}r%c<<m>9c<+%CCG!IRNep;joPm)T=DwydL9xp#lF>*V&+BWH_kLUi7gf)RMW zGS$R*st$UUZ2|bgJ9-DAm*}I})rV08#*Ic!T|icpf6Ccb5nV3Lhmu-_NO{PLW|S6) zHS51@<`2@bYS$WkRpRcd7scun2}2P@Nm;?7+TtUj>*i`1k2BBp3%88AUk-qm^0}LL z^YQQ}=U`y!=32sV$c!rK%!Jzxizm+jVG}2n{(@VX%|S%VtJs>xsF?B;0+tzc-MeK= zPsiFr`?KnACr2ipN_yQ&CGOZSE^@o>aq4Vp&x0!O#FS0O2MxkiNFkTY;2%NJrl@2n zQ9~@piVr{;{jTjo2&GCXpjMcT}+eL(VMIv(&720FeKWamlm^_QM zwG^Bw0Zl~6R@_p#G|fH`xc&e}HDsfWl@7J}n_E~!va!5L8y4+Rs+Ai~+I zOu^OiIODs#O-VzpT80*=1BZHq+ zMe~_eCOl0-l~3WfwL!vimhc+@cFUW!0`1A-MX)SpMW(qR~c#-L!z|NL6vho zqh8F7nmQCh2d)&ZJdJ5(Kb$HWd+kxH$B?oW*SNvRB)yux^v|B^`w@(`cm2q0+d7_IQ&AociD7x-y-feQtNddWUnkm<4prW@i9YPEtruP1xY$p2)T9pWa}F## zL*iPu6qH#M+bn9@JmS%lJuee8CYpv+YA(6mq4>lx3VRCs>(_2_L?$ItQYw)seFt+0 zKQ-HA?Z(CIA&{#Bh)`I%e}#&C-w~9ZQ&amaL+R;iqi>2yT)FvE+#PNY48=M(;>`i` z!df4K0DidFuyu4VwF~j{z2QbMl0TEb&W6~l(eX84W>Fliwy|d6>KIHPH${LC*W2Ch z!NQFT#J$yu{}|SC+?@#`qZq1!|1qlFmzu2HN?{2ys1(FC2?%i4Ziyzj0dsM4l`V5t z&&&5N*VRuRy|(iL=vP*MEYvbQs5^O%>|tybKuYFp1%sTQY+OFGx`IadsltLgwcD00 zK1IG)(4$gd>Z(2c$FTUvZ=H6=$JXv5{%jMfFXj2A2w4nj+xw?GAAYOqMvZgl=?5Oz z+fJeWxkmMW>!$m^yU7Le7#o7ieI8TBjvL-SDxS(FJM8>5_y|Vm$%sxH%lrmcXDwna zT#N1GWtA~d4z+7??6Gy(t%3k>BpvNhh0dm5D%l3bP*o6hnVqA&Yy_7PpWNMsv+l~| zn-r`w%d^+u^Qf-}!oowZoAFazuJtGw;>e4;Mo z``?UgyjiXN%i9J^LSE?-`m<;CV$uyBGWg_@L8p`X5WsHTuZk!bG}R%@#>Pg5emjF8b-4be- zs#VXQZyH~&$*xj;j{?TSerV90_8Y+w$&VP_3kn5_T754f;U zH-D02CwDTCA$gg^DRmRLz@qSuY(5d~SA#2J;0@!S;N#mR5|8Lz5eSn?UQ1%$C`>eX zuZ`DM<|wkUaq$#Q&xc@Jc?LiN3`tq9NT-w6R^OL%L@^H#z#`LvHJfJ}alGaTSI3(_ zpA)ArunaDJS;|Nqun{(peXar z#qH}ht?o(jc{RuRU>^~>V&xFd=p=v8Zi_oW=bu!1{#o_s&)06~7dRL;AcG!iEb~Ei zQqW24T>Ofsr@sPCG0PjpbY{6In?z|Qdx`jxIxPkYnZ~Gc06XRRJ|C3@<^|CY3vhYlCaNvAWxI@6p5UVc}u4#f<-AOay#3m34TQsBG3R4D+|KDDg>Fn`Gg3UbW;)QeH0m zR^&f>mGBqiK}>GPul$tJV7u`nt+ zz<(&n{=0Q?{OA7OMg2j~-{mRODT-waC#(JYG{o;Ws6ga4o(>Z?yPc`6yb2CvfEVc* zD^ezxNmYTs_kKB>T}Wl`JR~VM@_tBVhE})-qRd>gs=RTjR+6gcyb60g=?oijo?mioXyXGMRa zG>IRmJ4y@V;ZbCNVMC8vm)z)J42On}#{z>kH~Ffoze*FAmrLtIy_FADM6yDTZXZ*x z%zd@A$F}UUU4N$d^nc#62uwwbKG2XpRNiRgpR8<9yhzTo`siQr?Xgk%zeGr=;a3MO zfHOQK^6%!P{&DKO3+O~q2cW@sV@5RrveqMp(WwFTb_V*EK%LioKIN-eNkU8tst>fM5J9C5f zs;+}fkVf|bl@w&sWR-vN?eWu;Sh%KB-@~9ZJ$Yk5Co2)6VcO!Woo!N@*^@di@1e5B6qUfCJ z?RvQ(L;XZ&DrAwM>K)H-QCl3*^4H%ps%s|=+RONV{&Lxu!lanll#uP_#R(ZwH7&j_ zDI5t-Yb;O1&3CwfN=fT5I_@QfEm31e_1GB$W4Jj}1Y-f2n{ayS{<0Rw`ZbdH+JIY! z87OAY4I{Yg^w)E>Ol=-pzUOC~CDXos1`7xiQZO0VU_M847zdyC3ph$s9`vM3=v+OP zbLLUydSRrc1bQeMXyr_ElDuHCLI{E?@6EDx3C*+_uNQ29&VJHk=*!X1ohJE@3~=cl zmRl)jRK``Gh9JNxj|)G#=96IPt}GA@7F1R2JHJgQ^Gpq#1-Ms7rYS(_nAXD3;54Jt zh)d~Mvs>fHta9m3%=t<0)CvHAKEqVuYx48v%QY8o{YfXa7r|qU!7mfXQ?q1m1Zf%v zYe{h?#FinQV45kBJ4W(=kDskl{6Js!t8g|peanXx-8ul5_U^@mvS#yzjpWY6#P)r8 z=tbh`*+Z7c)%7Wb<@)VyVRZr<>u~8tCa-xLB{U$%(I!MJSs}G;-V*|+Ajn8;q03Ft zen79v72mz~=sQ~Emb0`FC&f<_Lt4gf$^f_JW-Mwd;r#tbQQOS>v0iIG?CYf9&U!^J zFZt^bpt-jlNu>!sLNeH*Ov|AOrX_n%aHv3h!^vXTn%j}TzH+&gv{P}2EQ{C@{k=Eo?kGMM{n6I*JX$Ql(!AP8QsnekK9Xl3f^p=sO zaRAGa$Yk08b{oz6vM%}@Znr8H1=z#Rza-F1Q)}OSa#?JGRE*2>bu%h9Q@mL$^_Dm( zU}OPKP7(@T{K)#9tf8q8O#Joqr9c075w1J(J&J@YS}0)%nB=@7e=gQB%GR zYeZDzmHuCx$XQOn}-n?Pk61h^lRuAS$9vi$ogMTAXCxG6uTf z_c4f)u2>`n?+m@UQdP}=}h-Q z90fg&sPRt%Q-zib*~|Be$@}tj;}@cpDot?Dk)Whwq9=~;$X1kRZ@dnfnD$dBsA|~P zEkCpnxg*$XC3kWmM=GSimAuxzus@)&SQ%)wrn20Tv*B!4uhsg&Ms9aUr#6JusA!zb zx<9n_UH@H0*?j*r{9_`t9jc%B=;>I;Medl0w?Q6S)qcrVg(WH@(U!KK<--oBde9LO znN`N-bjtm}bk~?sT)#f>z=k@8@iT>%uxIIDer+L2kX2Lg5{2nUM|oK9D(Hcf6!Q0K zyX<>o-08C;i|;9VsZu(6dfHHAbMau_5^zUj$J32;6AnwOH3bq1wN#16lFzKn-yJ5o z!5YdMNkDauX3Q#}z`8lKKyYzFb$I5mx8$~9C4hL=Y+at8TZYQhnJHrmj}rtf1Zh7g zD6uD(Wz*E2`y|kpkf&hAV1TTa?&yaFO5>oH3IV@oFQ&S90`eapMP{VFUUvHB!dSvJ2Ez z*Q<80>5HwiX_etm$ae~>Z8Ew{MwQgtFB1){t=ae`}8gLziY!^G{hy(mhSs znO!{_0O}{_>yu%YwG6`~E$vRbe--EW^rA@`pJzC}40)wETn1(a68OEnk#J6^@P=}a zzqHN=`v!JwxajS+jvCr>S)C7-V<)fK36zK)m`T##@~QElFUh9kE0;GTlOr?vP@bBw z0_u9Gy7nk$-E#LErVQZB?WpQy>hV?X<*ak}mpt*UIDk@6?8BFaFi#>+4*+)wAP%K! zv0X82Fd}*}|KJUv;D^_sS09G9)i8mb{Z+XV{c<7EtOP`Dx7X=Zk4S9^3w(9Tr{qyb zTGYa=mu(ecRTOkT)!^oC*@yh*bvKP)Z*MSE%;tIW5PxJ&eFBw_bp*dxoH#RBDKvAX zjHfUm8*t{T1Njt^YkqMv*p&}$vnZ!pae7^9GbmN!<+TVAe9!hwcx7*b?d>U1O?%9- zooc?|e09Wk>mMT4yIu{~imFpN5f(vIa&YAfdVG^0$z}Is_Qvz*4r>p+!tYk|`ciq| zY>lIPX4Tq4zENKcr%O_hj;Y;#@>7-m=ul1^)-}3Gj;4h6dN*!`v;N%BVNX7RUC(YY zrUYhis3Z|hDvuk+fNNuNk4^O4XkTR(Zav);p$zaYu7_q9&L%zx!m+&sg7Hos;;SDC z*%4}r@#v*u%k?i8ECgoYe^YSJLxQRNSd9KJgth z;q1W`QyiT}^Wr>vK5ED%Rne*DQhBd-C2+(^@2n|(emn}DSaDl)yW|FB- z<748tc`eFxbtcyN^7}Wx4#xslT#wUmjjiz{>JE}8h}2H05(^i>h{$xAoM?@?@#@YO zN&wix-SC^Dlx=Bdp!nRS>95__O=ZJL&-NNx0h#UOeP{0CnnwkXtSa<(r!(UZjWUKw zV)QJ;_@`s48@-8Il42-iuWqItYDLxgO^;VDUajw$nWXg=F8kWz{n4YeYcS5}nu}9; zr8g!koGCRA7Yya7R+rk&Dm~u^C>c6=c8@IhMtZyaG>)BrLdog4FA_pAbx`5agI9fL|Y~#o7lzV`^ z0=ZxUTDY9gK+4evV|$>G&0cmH!DhgVSj zeLT9Z-QT+`e#JMW(@83>>ohm6YD7Vq6lWFgZ z2V+d>SVPh2hv$vQ!Lq}hJ%?k+CZ`6-T~Vge?6}IVNhVzjs9XxK`fRqm68gl@{t1-@y$x zQLQ`&j|mjEp(+5L2J>M-hb`%?BGvj1{Ic*qQNqNJpUhT*klW=v5!J3*_RE(bO#wLt(#pmSqm{?92(L*en?axDn*(E$lLcQ8OaB2 ztJq+F7^rYj3{s0J9^wSCISnDR?1k=*x-hlzJ8Db*Zv-43lI0b3E`BQ5%U9PM8#=}s zNxrt&uOjSf$ziQD(&$+4Jt<`=sU1CQ_?(*-+uT~z+xT!Sb+AvS7Wg_1+?ZC5$-;A) zC_swXmoFmqZ6x7gMK#c*iaxn}Tt>I}ohiZNcYzJzpeU*77Kf`WeG7|zz4mae{^)Wt zJ+827d)v7OENc}{*Tkws;UG^Mf*lot$nWR$(2|-~qm%>vat9^%EE(%6+hq%UG~hQJ zKn=cEW!-)$@yZ?7*lF$loLt2z(RF_sNwZ;7EFqW^;TU-L#=B8+Y#EGMp$6pp(lO@A zck4}?O|M4CKrF|p;=&mgFtraCK(G*{E*?|e?$Mp7laMh+1s1ZApW6$QRnkA{mP9y7 z7n+?#s1ugNWDnywB=I@z_0Lm-P3+H+Y85*f{Pqbo>mG(_WEx=_X;W4L3udevL*CT0 z*FdEv{$;K6!a!0t5f%QhfCt;EWRdY@O~nYdp*844Ea_X4vg@(e$ge$AO$~@Q{OOfw zh6F{W6!{94oc>rP8xfE6nl6G5)m>y<7GuoKMhde^Tx!ahR1GdeL#rRCx)^7^U!zC^ z)Fou3O@a}$qptHVgn)oRgRo$}!m{L|kLbC2aOKK+m57|AcSg!sOfi2{%+Z?S7Er-- z6E8wqlfzCMTc$^Z4Lhl1vAUgz?}{i-&#@6j7Pe7Kq&`GcUFY4Yitf_rn_eMd`NmY~2LXT5GR8-*@jd*Ln9mAI|lD-~-7R*T|Le<~m zp8NjYo!{zcKFADMb+)$@xx>k)^j3Y00*biz2Ej!yxv3rHz}bdl>liQ3UBtXYw9VbO zn*&PWW6r=-%J-vU#cNfId(Av54?!mSz`fh7vdBmzH3D}VPw47WFJemdw0pCd*RK{F zW^=%GOp3N05A5gWjtocF-@viu`(4}zjJ?$yuhU(-8gZ2Fa`y%ta&F%7n9s9Z9;HO@ zOS)Xp?#R9isZaJ3s1E&BHO)fFru*hjOzJPQq}n{AIf2=%j>ss-&Ra`-6RDF@Fl}`c z8QJxI`wpwp^@#*-&9<5=aoMjjkzI@5V)k#qmX18AdA~@Ui@!?nxfBmlRuLzxJa>`I ziiOBE-kH92z}J;I=?#6YrOBr;ZMh$F1eQJG4wGzkVy8PP7ab%V{~9YM{Sl$0Qfnkhkat* zO-Ns8i@h1+TK3~~s%>{K7)ijch}1Bz9`DzirwMCH>`&v&1a|gtT9y$dg-1lbjPX6? zBTHCotM-a7?%&|8U`M%16HcM}GL8^fF!3?P;WUHsU^>vq<+FGt>~MSGlIU6tsBbsr zmAng1s%d;iNl#c5*XQRrTS~Hs*Gi4s8Vhq%3!JqU&w$9Ix|A3-z4%0D&5)Zo&mCd0 z*^YGh?*s;W{j1d!Ec{Bx7VQJiaSC4+bM9+<#-fmpU!#$s{Ei2bjRfT2MwG)~uy|rg zP+=b}M-!)`XT)!Ac{NwvJV8VLv!*+hKxL)g{hLbCTAYI9wYgAbGcsVJnH%qul% zqvsP#8h8P>kDQ<0IYgV!U2IpCCdZK^`7G!>7M!!a3#1xgZoc_!R4BooC<$-(+hufESy42C+Ck_c8EdoZOb?rD%87>) z>un~?9nx*t;$L(!%2s4)b>7qVKBs$5&EjEx4C4vylWtbe*7j!{W-QR%l>AXnq~1f^ zv%GP&AIBOLbu8)aB7xW}($xC`8GUSLb7B^mP@5h}w+G8SDl57z<@Of~v zda=xLMSRl{DwkI&xpNOhoZy#PMi$H=t1{;hy<|6;(EkoI`w^f%_T^*q^4k0qw&6M1 zn-M*x>|OIuN6B7i1_#k<2sfX|6T{FlECt#bTyx@yCmo<0^Gx5|`)cRx9WPly~mz|QXJZNFdocx(`tAy(5kEW9a;l&B*| z!Zn=OFpl@dx3`=@2f7DzjZHVynFQV-48opXh%N(~hCdvL1F9fi;9zbX@rDfKT#tRa zTyIzH^~!QzUwn_0xI{H(ON-Eeo*xr*husDv?opm;(iOhK>^^0z7V&xN(p~x#rhjUu z;N3AkD-$^#8!|UrRGkyO$ii0HEc3iR+;C-mLc-nxsQ2Un>9}>;fP4`6*dl(0i?FN* zQT1wRt-kT1GF)@;w_PI(e$dnE{G2B*^;Y)BF*r6fihl|e4J8?ma-JV^s+&4dP$&?| zv%@wdB*?vjHdM2)(2DGOW|Z|;&>qe(D4tk2a6rYwLuJQ`yW)`0TRZo@Xpd9d36yj=;RE9}7LBfk3KxN=64Tzg*q7-;2=m%sR(@x_@XGcq9H%?MPp=p;FzpzI)U z4&x=As6J~#?NEbG)M-ZVpqej^UyE|n404?rKif_^^_J|eIJ(rCoAUI0SSVRhCz9a5 zPsz#%SmjwF3Ohen^eQJ)!UmQNInBoW1d01RNWbso1CLd%a)DuhP=Z<~IHr`(u12>9 zWirUYPyUE6%%Qu78gL_iaA6qXuVXE373{pE24D(#_^2sn$nKIMlNbD>KAEvSKj`J> z!60R^YR}rpL4u~N;X2nT5}H_oTS~#xjSn98#pb9}Qe{Lt3D4$U z(3y@xLAC9^A9csvuXv&Ta@&0huPnGaVL$YfSog`|hauR5owPM96AF$ah=$&5NWl9R zcCA;x^gXw~K>SkTNHYXhxk!C?1No+S4^Tp;aFf#h3gt@S(?@lp9IMj_h_c?audzl0 z6K)u*ZOC4vEG^a5vB!e~JTt}<9tJXo?+ zNF;V?bjn5AQ>%<8CMCP+@xJG|-V$m#m6fZq!9=hcM}PxzQwJiL^`r7SN%LIhUgH(QGq4z-0BcJ1N5<22>MNP0o3-S>6R3s|Omqz# zlOV5rsZ8HjrO!xETDw^!6eMaMHX4A^J1=bpj1DiLzq&`~9a}R^dW#-pxfnBcNnzp< zb>OM#4TdU#AsNd9d!l~$>sx;OD};2aGRVw_+V3Y4%_sFSMhBo$GwiaRs*5OaEqJEf z-VHM^{o(UcJzk{Tv%?7AG6^1^bm#s)CYpK6?l22jSWV8sDgarV-#=3H_Hmy0rfu0DFg@IA87AkX64 znNMiXPCvG#9#HU44@mFS-zZo5(!SL@A^Z!(rxY77R`ZH2A(iqr*8|qH)=A~%`o%|3 zmtA4YX^i51nQLf~C|RDE`l~>e)F@grT89T&ylBE>f-}5jpsAZkis!~udb?w|e5nu( zA_+J;oS4gd;JJl^Qtd1!U_@6_*|Oe z+KU+~opIq!KxK2+yvn4c{!7nXZc0ESg)bVh{OuFfbat7QD&wT1)*w6yf;LlZBdn}J z4$~X_nt5^~v93GWnk}l#QMcnZ$duCoLQaGi4DZxG6o~n6q+Nvp3xn`{rce&IkH_GN z>3oNXN+DMNH=gnZny(M$NPkq$8OsHmFw0y?HR&FxV2U5)CkouULfXxWryDVTQud7}{DvOSbU-|^wky#hEyyUU zy@3-PU_+KDIiHN^%5n5KtyCxtcNKa53_~NT5(xIGy;C|E}+f0oK%F$nc^WO$%VZq zoK1`lp3w|YtM6B>9LOb@k&5e7dK1NLK344Mf`e!v(5_kXE*3cgdZ?UkPH`G0!Z4E>^gQFSY$OYNn7SB}*P~b~|uc9VI7nK)HB8v&Y#5Ed@60b&?&XraA%QLZU)qmW=E)sgO(-}7M1*iZz@Rj3k< z#pk}DyVQke)ciJ>(e%ZkNo-3C)%I3*v$xww;=`F2vys6nK(wg|Dm%_4ZyBxIzHXy@ zNv>xBaa}@#SOUU|vnpyGUFu8Eeu$BTdx~6{q`FlpC?)-vss6rq7DoHNg#Y1M37@N; zP>l_jj{r=0$cf~#-2<9LKDhH(zUuMlOzSwjSZIL51s@IsdJiG9JY_twm%C9Sz_V~e z{#Nb_`VtFG}Bz z72#&;=E+@|xJvm-H^WJdrkBxG9aIYE91YXiWYv*u6q;+wK9`7DM@5#GY5UJnlQ&-; zXz;xIBvYT-VD^k+wvi<1QjSH7CFelcQc=K@-e$B@Q4=l)*8E%!ps=0cZo;T0I_?la zn0lN^^+P1P@{w}IO}SkuCnb+IEzd^`>Vqn&*==*}Z?5%rpFK@a^5AeZb0keEeQ2}! zzB&r&%E@QJ-Y3s*r#rbYJ+~G6jtuO@Ob%uos1=aYyhcWPvv#i>y6y-|a@mKJdE+!0 zOAMJP{O;*51h7gRFt$;pU(|YZ8y;sCxD`#Syjm*kq3>L_7aGV{T^>*04_ITWnTit_ zk%-&E(}yF?SqEUxOJs}5^|#vjM#T9eqHDxxsk%%*4tcaMFpMnu5m4`G{BM_~ZakHx z;Wq{mY~8;5Kn><|ak^n-l(k-p;l2J5;;VM=+)s{@;?dG1R3&a194puH?e80|IcCSQ z@+TJC3r5YX1*Fq!@hvcEU%T;t!BG113}Vf9-U+#>bsOg2a6&b!YH41O1ECHlfBy~9 z*=D&Aq~Ga$If4@Dia^o|MNPV5 zA&*etCPOPD?EHkJAu{jKO8%8;iV;!5W1Y;#G4=lFM1R?=*_qu_rkb7FJk)sVT;jWT z)UP&=tR?XXSQPH~%rx>cRq}*sewOEtj1rqSjQ@x`wr>8<^plrz88t#cl(6@2Cpm>% z_ZPuCIw`e0HR@cgcNj)ID4p^rXmY70-rVokp>Ekd30-CU^g@~af3ExacK}#jyg{G6 z-&g{x2KYu>C zfYU_;$2cNRyw1~-s#gD`Ze zcG*9C*u7FJW^lajOela~GNP2vB+%@veaGFn250ld@rMUzZ6;{mMKM2nkzPjA@tF6e z#&_NZyLGL1q1gJs%D7lSBQ&{7A{Vq2jT@3AF&~|6Ve(5G>8~!%YWZHE7L8E95oRH_ ztA~d1#g1lNOV?-XW>8?&oa9i=D^kzHL%ZMgEfuUF4vq?pJ}0oog*r*h{ai~AA#%Kp zRo)J@Ep|XkwGd8>LdME$k9n=wPMCr+;)*nWc{ubQpr17rGuGj!Yww!}xDhRUrvK7TIh{7fFSp1i_O@zx?tkWT!bwJrt+P87xAE0tBUz3m)N&& z(_A^`4_Ty{*QCT=t=+~ftV!52LRqn2VUKe7$!^unt)D_MKJnQn7D*e65r_=ch4@{V zLAT5a8VPSDuPqpr0*U$+E%nX?)iCobK-rk?D)g6M)6-jpG+3)Dymtnn=+H=2Ks1!C zkO6huWtqX@C7KwdFFS5&Pmy#_%G`V|*>3^PhTcUxOnh|p34+a^cgdJM4|2)iVeys& zEbi2ql%oPr$%gci(V~l`6sv3eL>k_m;&L=)7_US8Fe=L9xi}UTnO8d6 zt9o%RUI(S#_>CN#>sihC{EjgoX+8O)6EPK#P<1|GJ%+!)0`TNDqrc99uT_&XoqXshWp;fv-de($5 zF>+o##e|Bgb86yP6Y7o+!sln3{V@Bsxb%3P7fAYPK@B zI+jZ^iBhBwHqC(U@I3D#WaUG>8w~E80v8=Bt}=C$QY4YY^&#O`NY@jyCziZ+uY6^Q z_;dX=Oo-`34o^2Sy-Gt`8M$E%u>nTFYyLw{T8CB2jZa3)MN#dmRn4Z90WEr3or-K) z?V}wUfbAZ>@j3D036d&mvh>rPdXiyup@w9hL1ym)=a}c60k(sn_HENrb-K-pH*(y) zqewMZ(zKsYk|?%j^jGXlVkbeBJFkE}L&Kp%cgu+-cVpIvi$MymX&$m4co0T0NiyY= zyBQmTE3&^P!!Y`f*5b#dkTvoQ+;@fK5@Y)L0nq7EkB&oQm`U+eZ!9`oz!=z_0-*ce zA2;q#Qv03Zh5)0{S~SDX*||ggjcrr?MV>5|`49w|+o}7sdD_pHgVt6)qf^XY%RV|3tCxlwJfK_>t=E?kVREKySh^t_(8`rv0y*Kd!b9G1P(a?veP ze~VDOrCUAKAV%L8C%Y(mRSV%*U%RPt%&|!^7g&B<{%J!Lb*iK4vZK(O$Z9TWSatuV zI{oy*0iiR+_4_HT$73c3+YgoB{B+uUT5hYS@ZIK|?NBwJ5{?q`g0tSJmrKQ!SGj4L ztb+aSVzW#i`E%$!VO-qr;n#`HP?md2g4c1yd`@l6u&LX@6v}7gl8@*2k zP|fLetSYmQ&o%wWto_|O$QOGYhC`ZaA@JMu(9*UUXh6$@8^jqIi<0-vnA~X(IpRV` zegMQi`>n96wljiQhwELDktuZ6>+cg>5A5%K9y z13X?G3&s*0cy_1^PaOcL=gmg+#@O=h=c=FyLiSHmew=bD zC+$2(-R$!!%sUlcY><uGEo~-CybDnesPOO1%4DVBc5FU`4 zwH4m}MgF;OmOCWQ8@W?h3e40_(|vnUbt#IquPq>!nBLxgQIh_1(M(<(+C8;2^#fu3 zDz6$#*rd2$w|E_s0(`K>AFBQ+w*ID#bs3iz2;(TJ!U0^keaLC=A^pVY*gS!R?lMT@ zprVq6(O;Bw4VKA)1~5!KrIkpO{7OJs*lAmgeIQuBqmdZJd6|>9!p6TK%*XRVa3=}0ao7}K#J$0S=-9(JjpmfWRF`$=l2x~gJWws^;NY#QzB9GC(+r)BbUpZ_+(bTZo?St7smp!c6*g@4Kx zf)n;k9%LMB9!l-)uWycT)#jd`r-@y7=-`3TlF2V2ld&qw^j1yjGvb&|VJ^a>gd69> zZ$U4GB|fdZc=4A}_jpsU(9~9aB4`VFBe4w?EGRN!-LUFUC&nb$*Fk=Xgibjf-QxH| z^zEsU*t)?l4$n#IQy_Y~g(4)&U*`lf0P4&znOYxAq@?xb^#-^ibj3WK5wXJ_lhK2V zXqzcj%B^!V&ryd3&0-LOrz14$`24GM1$qN!h3HUpVMF-s8CBYf9 zba&-q_@ zpa08ic$3&zC6tNmZF-k3ra(AKKu%dda(DNN7+H%N2L4+a%3E8ol-tIBFP?t;x76?O zo(VID?^_KvpOfh}>F;{3;fL&!t=`e3Q+G~XSo9U}Ae@1u$6cJ&BCosFE1qsLGmy?L zOo+Sg3pm@b+dlaA1I^$x*t1*we>VJ ziEO^0{m@%C$+`js^6+?z85Py38AdhSfd9~km? za1N5tc6Z;Q@EpaWTAd%07DmVO4yPZR(V5$i+wO{*)W0<^%mW>;vkU(P5z4=zxEp@Y zD>9|oEYlMMS(Gh8&aQ?s3fw4^PP@9Ml*E4{rt12@ zFvsL4^LJ~ih0E6Cb*AOsIHm%jFZQ7>^xShDulrgk?S|oE?uH!fZaNZG1dKhV!%(Kw z*$((@L4idE0PWm+l2vC){@-U zpzKn}oJ@t=5wlgP)HuwGEV1cpw>do@bn&}UcQM97lh21RFzNUgA!GoF7ob%|eUbF1 z-<9_f5ALOOy-3VqVNML$I9RRKDQI6mSw%%HUB2ri)&uuVX6^|Kg@?V5c29Ye@($h7ktY}|UIwPN*eKuqDl>T7Gb8bwgt<(oXbfFeE0CX=SSE1Y zG(tL}mmH_}Gg%_nS}%Nhfnn{)ghil3>vZ?V;5CFGy_X@Z9_4v3I6P=oQPO6fJHY5O zs`VwvC*rlzSn?P)2{=)`pK$y75>PFaC1=^u;?TT{ODB4rlB%01>5jfjsy zCx}UAHPtM1?ObzaY~{RFaDDQb?mXqOO%fk~Te@ohcmbAXv`+iNzP8`!0QW4guYTUO zv4r!Y!AWbPvn{u>@^(b5-1Bq3b+6#N z)10yCuae^(n5ZnYhY0e09Z=lRbzh@PT45zU(%$^;>r=wp5#)gq?#D|61bAt2_Mz=X z>MTnjSZ-@RF<=wa065luF}wjtnLk^jC{j!O zc?R@2pDfj)rcvh&Pniou3W$B?y*~|4V1zBo>b34IkVghH2caEK=gE=i`IuxzH_yx9 z%I)LtDyYx4=qMkDDSI*7%=fiz1bV>HJ8b+{iP!QeqIANzL<#2wNva56Jiup z+##VtCSqUBM72upU94W{&*y6?tex~r>I^AgwPT$Aq`@b-E3mL2>6W z-LF7K?{A&x)P85~;f^p1ufAVRu;#O?m&OsfsUjA+pckvT`FvKittW5XoZbUy5>f#) zF=!`^=)bS2c*Z057g9*TXTQ>_4X2-#F1D#J%VTMup8~pA*lv{Wv%oo7g(sW0vgeA% zwBNKYFS?(V=-0*-$u_#V17w17gP+f_x2IA)A!z)7_X(xetT-4a)NH?*@d)n+2qK0n zw9jQ`P&A1mEO+aO5TBx=?jGHuSYAR#`I0sdIq7GgF$ov-_QRH4F-z+bRYM4fYub{p z8t3Kfe=K;vIcr`0(Wyrfm6NGpKRFqnFUF9iM}&08p^T>sll#|UxT1%>O2Xpu!h@skLgOr8ro#;d>3*SxYkl18t4IuTBa`9k|sm*s+ zEZs|Vcdr3R=`Qn1u}}&oWXOTpg|r08*181`z~NffzNyR`c7MC=^sVdJrE4+gj!`X| zHI264PQMRn2;|jd0$2#7kM>Rje;66`J|$Sv#7S4#T$Q638(2}YES@heGX%@>JK_7} z;@i8-Lu~npd4sG_+%r=H4hrpAn1Q@?qN716Gzd(F>OO^EoEdHQuoP%iCe+#qGL_IK zrHD1f5_g{q+`u}!G9eIKj6WCrhzR!--{?u~G8^=B-wTpU$VDW#tK?Os?YH`(`Gye@ zf{FB8uJ64fKVEc=Ow=7LV!Uc}GX^2A3Iuf6qPil)7%~UM@VxEf?+5r0ProHQV~~ zRzl16^+Dnqnq+QI_&M*5tPN72KX_c+{KvAMV;}n0GHJHIe_#B+@tyqZjE8^h{xkdk z$GiV|mpZNJ5F5`mdfFpce)zDtShI{~VK1T_;$*J!z8tH1@v{7dQAk)G`%`>V|1a9% zU%TqBSw2FUs4>x5rW`|U=3Vdif1#YvC)w7CH_0uq!b#B;NJo^^Yg;oL`9vT9^YiEA zP^YMDf%#_fWq;ac!v|6QZ$(|IiZG?H!}SOm!lTG5%9)m@b%j%QWH~B@k5y(Ku0*%w z&94POr71sf?rccg({`CYA?AL0bChcnQ!x`6|CL7hgs?r+uWj%~pu^>$%_*+M$+Bp) z4+I&qkE-_U27w7==(=$0$QG*r{n?8XmTeOUbd5#Io-qe5E$u-kEnh$F?CuE+_I zZsPYeakA z{(TdUO}W~^qX;+{M26mUaZMqfg)iR9=DU{H)&O;cr}#_4-JVK0^8`ssl{lhX(kx$8?@Q$R43`LW|23dUdyhCdaz{+l=O zp;K@x77}=u62~`qyv?>K4nRvRB0_!j(xqr5o^ScEhB^JjrQRg%>7bX(?2Z}5?mmvv z-R5tp9cS|$Fa9zq?B8K>-(?q!>!$17?MdL9@Tmb$*pGj*Ql_`IFoWk9&7*efWNXpQ zoeaQ;$ydIM+uspS*PkW|)-bLKby#LA`#zlAnykHAt0SSTx)qi4acEtTAz<(;Sa2FW zwQgQSw?b)8z8Sp<1ZrYdUDIpJXi&`^_9Dy+J${MS@)fz4QhzX#H%k6a?i%z{v9{m5 zQY4EP#@~}y8#Qcj8gTn3uo(#eDDhGZT8?e*o0Sz5-LLZ1N z5^mu@t+Dt?@Pq0UbLz!8IWndWDE|iZt;~zbs=L$Qj)`s{ zeWgEQyu%95#a>R6;xSf?X?i95`!w|0fflJDcqt37<4*AVman?r0y_~2@HP`9kM?*9 zl?LzW#~xf{F6#Z1quQZLJg`&h&08)13;g##D(dQqJ}DXPSlc#V&f#IS(t6mZJymg= z@2*52Yb27S3b!Zj3L_6SnYnFczlyb})+FK4dLqKrWSd*KHNL!ZyX-dHx@EE+mLf@m z^O!CHbSSIVCGQw?>SVHMwazBc$ay!tdGh@EPoqIlWnDTxa2oCY=)b9h{`X-z`1HqG zYqs3-lP9&2efJkrASn0{p2g!7>;mIe`qNl77lHL=D9HcDUw0Fg4Gl#UMYu<-lq)Jf zGLIS2#PNYTA_Zgp0P<1pW?!uZV^%jRiU;{Y_6la$8}qrsTm)C2D)H>m`^Js7U5O-O zW6c=1ojae6=p?~#C^0fAfB=df;Am!XMEe%K`7|;0CMt5eNCa=7+=AqLdZBqF)fp4;8p+*(tfFQOp^GOl^GUa!96D63A8!oy3y~lnOC$Opgz> zy3ZGtKh8oTiHv4C!g`z@&zt#@9(nV>6SU%yHyZq%;7AZYQgY^$E3dZa@2Pa5b};|a zFK*#_FZ}p#@Q8mPLtv}TU#@uCt`=!`cq+?|ee>iu-Tn7PZQlG=l%uGelp*u0UEXGm zon7#M-mbZOmq_MGz=nQb*#oB3H2@3h zY>Ol(`kg>KEv$?|C$#_eUnc$H!7+b+zpBCu3T9LEH!Q!+X*aB@8c7@+$aUEJJ8ekL zUNe6mnQ+@2UjA}c+(uNcB(kr8Y^Ls+iM_0$?l7ABHDh%)m`uZuUDcxCHrDk`%=NwtZL>z)#>c`_9=YJlXFS&V9zaJ-tj zy<0QDsHQtNE@%x1>@`Qn^i7qC#Sa*z4Mit+8RYEw82QWwk1!JVPwz6~aitWsA@y9B zZen>kc7ZEIr!XU_2tc%?vui5G-q)AX7rx+Y;WXN%r>Nr5e&psoS+%2C;x6!01uSO zXYjk$un@=X@s7KopJd)Gc2iDi*yOUHH?TtKdkF|l+~*HKv4k%RfYszm_+)!LW;y7i zi{gsUHu}ax<1~y1mkg_7R5wEz{4Jf2Ce};Qglz5j?i&&o5dpY@t%_ zwvg_>PAz)poysG?LA_L@3-8Be{I=i8na7RKjASRO6YU@{ZOJ;+4f``74y_XdB&pvz zpr~`JrN2(TY4!Snj7iaDU*N@@>7rg*fDhi?;B0 z0-=TLlf=_^Sud=M^RwlA%CTKrPG8Cf^s^!n5+Us-cU&nq-`Oq?<=uJ)h1hV`)m`2o ztQfQHPi%HOe)4E!<8%gLu<5eeo=RA^TRx9RmYEgPz@{fJ6$;@x(qN_emN<3?Le4m`o; zucm_H&mlRpKh>qruK^;b1o~Ie5{Tt|UJFJe=|H3y2FjfEw-LslW)ZxwwX@>QGl#T9 z@z9PjxATwnkmaTIG+ajbzt!u0d92n=1*Lu(SkK|4e0*sJgC_@$#+QL|64_|7vYfpv zOD}g&5GX4A6B<7RU?~ID84{@&?{1l79|>x>JD=}mM$R8){GklZ?;&$ql^kjjxIV&9 zhtNuM1-pDFf4pY2T%gyryfvK5qFG{-O7?0+i$;WCxE|+0;9YP#v~b70>v5sQix*b^ zZGiD#r*QwAi2OfBCATFQU7w!HcnCdW;&dxgF(`AMsuRrmnz@C49{KZ7=oiLAKD&e0 z?Ck9SraJ!bMEXBA#yiFwrgPyzK#f)2(zl=6qn>bJl~Kpnf$8&$TO|)1v-|a0mj*6! zONytnLU&!;fo+_{QOP{zepHW1Dh{XZ60b8QG8%10C$1oF~7du+o z7-ju+zNYUhHFJDj7kGL?X|%!Tm@QW0eN8%-{gA?vRe8DUqzZ?+k-oZ`EfE~$F0$@M zAH@&&RY!tK@baCI=K!P%3JOuz2~1I>**mtsM{jdxRnBf^jAWrMl&ej;-qb&RqG)>8 z`UzmM1C7E>kxD*wKe@L%<~aENcY+W=_ok42aRUM)ghN1At zc^T3moE46Uq%zgBHrn~3lf|kIxwhkjdu*s&xtYwrHV`-LW$WfI&D)4XG&Pa<)?jvF zQ6mhHQ%SIPm>QxsmAd`&<~K$b%2HVXtA9SZdM7ex0FJAsXyl0kE|aa?tJ`*F7Oo z!|tilA=54O9!czgacm&B8=lC2pi9qk|4j%AsPb}&0NuZSZ=Iz$R_!$QI|Rs~wN%#b z5>H$6@*)N6n`{x*ybw4NI>;A=;OHKniViV%`{X*?tK~SsVPF(fkM5^k9!wYo(|hX* zuaVbWq8WaU%q2RHu6kT8EV*lfh%gwTX@uXP6IXQ9Z9dtN+t`ZB>T{-(8L`S7R_2c- zUoL4COR}AhT)0>DRu^L?GMzh_&6mxDniV;QUZ{^wHFYHHFF|FIMU7T+r9zbpIkYc% z21J9!V>}MjIle`o@Qm+5&_A82(8qzVcZ!R?{zX}H>W6QBZ$*jYpJn?}UWdGjZ9B+qm2o61b0~XXd-IaDk=me%DZHYHBv= z0N8)5e1Gkicj)SNm7a53+Ur)jIgKS$LlpqX^cqmcfwa9`3?=~PRQ@H~9I|JQ*w-%H zrU>9aO{L*Xzv_{l=SW-LM!QbglbGF1_#ceXA0Or-CCT}N>wOy?_4CO_;W8euBvPc0 zblf!Xp#)>NFrAEt=EGS=C|Jd^7=o#i&1z-Y)`@}2{z3vyZ~tY@?Vp1L3ae%BxabEf z>I+VAq>u`V?k-HqJu=`08Y8CewceRJ&)!+q6qcB)HpN@h*NN-DRbdw>vyP_9)>>@5 zqh@5hh}#R667L4VW>C`1Cn}WpJh(z^8xS_4!-P!h>%Q{`H#W&t=$Q!~ZVjHb>oH zG+za->jXAI3GPsUgF5cku_>cKTOhNipluZJ=F;^S#qb+)ND&V}##OU)ylK%v_0%Vx!Ns}Ini`7*!u?$Osyg+6{+@>${Rp{XVKBuWDv$cpl5oT zin}e?Xz_i}c24p!SCJ;^U=S7QTu@dAl#j&fWqQ|fcc_=(-k z53FeLe^rB}y?k3AL=SQZtL!Aria5$9=|9t4iB%+dKMR|mghKFXj>)h)DILaPV`q$! zw=q*4kRc*|AH$b>gvMsBvx8U^ivXH+(*_~2V+>{6k+Wx{(mP>v!#aSh-A(OCChy@} z8XssBeZ^N$(4C5waj)|k>pR@qSTXC*vF((am6F}->b&fZ0~n_@PrMh{VaS4J199wr z^w<-5TtU}ZZ75<@LN>-i%>ue&*F{mM(4B}52tdvSczPFWmMy~d+iBe6T|^EJt&-#E zwvG*rQ2GO03CinI;&r$a#g4Nyl7}?}iC6&9yTgN@Mtv)gJt6J$n}Q-picIkU9Kmi2 z>zsgW&GZfqDy?@}l!G(%IxIf*_qr&GqB+<)ohRvYI9?vxZNAvw#b+Sd+_e^Ds9>xy z?|kfui7Qex2f|yr( zMDUBOZLu_Nu*+S}p`$vdUhcK>1@RG$_C#Iw)TTT@g)6}!^VG zj{!%VjAna9(tw`Qxd1$$YWl>z;b@0Ap|*h0Wq*1QfRzZw?SxJd*8EOD)uNOUr?>RE zU|WGRflnbOoR$+ppl$^N?uIhIp1h}ZQF_E-Nk~#^m^ym&>%PdE@3=z+&louClUyrI z9Z8YbPfm{8BxQgys@L8YyN#HrK9V{t?8fREPg-}U=^>}@TX|yLjGuxVFU9z5WCFuI zTs0RQpAWX=-ulfI_BU6fBw^SIjQxEE?@gY*&TBtbno2)~PNZbMZ!N3X!;0!^WA$I} zX86Ur~}=5Vm3AoE0cI<)^yK~hvYK%70Y zIO(we^9NC!vkb#BhCorXBeIq}md``pbfhW1<82gef~9@qh|=?mC9^WnC#~o@s%wQ@ zM0&jlt>bMXN0qMPF)B0BE}B=Lr&&?R2fl-!b5SJ^GvYuu1rO)fooxs*1qsK#&an5* zPLLP!c43&UI@c#?*7C_9Qb5GLXKtAifOJyx74uD&hi z&aKMa$|S{)Th3Df(%A6Y&{B~)%d-OK{dMQj*Ri&&0zNJ%5g4r!pObw|BjFVGSOn|q z@lNCr2kf$D@_%CmHlbUW1D20vgGE#~X6a!kF{>SdyM&G${V;C_j+G$sgS7SeM1Sv0 zPQjKh>vEUKi!qbP(t;i4H;5F)w)a&UgwTQmaQ^zn&XVV7LT&yN?kf}1$jw?5L@E5( z02th$?&8vPSem@T%__AgozpI9L~rJ;V%}Sb3dF;B8L+8W-jjas$PS5PAbaml61!_8NV< zj2v4vsN`oe^X8}bgR7Mm0$d$f4$gF>_}9z-Jd|EuV1^+OpgC2^7pEm4Rk;$YLMw?A z6p2;Csmb5>dUtI2MNDJ){i!C>&u%iz%_6sA=mlBW zcbBc&2J#M$iiY4tj#W|JBkpDQ?A7mAsCuf?3_S^n+mcx?#};#r3R{$pRDUmd+jzP^ z37IetD9Q@+(2u2cWY}ajtbD(uyzch`CpK+6O#EU2k^=N`)Xs5GiR#p@e*Lb@1RUFK zKS0=b+4v2zdY7j%bj?V0YFDGA0z01Kw*2(=*sa_+r>&(#E>B~3;R&n!brWR!6n z{>pJ1cbJ%{%x81>F*L=N2mAUx)74SQzZ7+Hsm=2(G`myjVIi0!aR>x=bv#9ow^sGV z09?PBU$IvE2wwJrxN?9n%V*cV#N!IXB*AJg#z*4X;vmKPePjyy9^y+%qtsXV@`9$s z?cCSa1nOFc^ZYpd)zJg|41=xIbrXB3@>{g^GM*Gi*8f{G37!-;Rdw3mq!CVf=1_S9 z0AC@8<8|Hdhhxbh%wJPh`Img6oPtp`fO~ii)(h8HOur(W_*<7Kc5FFg=9I%m}g!lW?Pi#PAH+6TCdq;c+O z;}$VR;BK;)kg8&uQCt1$hWPmAfP?`SNt@>~aATld30}bfoeCjxn!@{*#jWv?`3yvMGGOH>Hyu zH5l+kB=Mew6pE$&vM4XECW{28EvzY@;$vh`@jSH6IIm|;YBuEvbn!gPx>wUwpXzmeS{Lmp;ZIy+7ezW~)i5xe` zYzb2W0_F1aIGDh{MDz8ZJPdTa^BhT2#>)Xz|8>&Ff6-L`_kRnIL_O`7?o@52l6x)G zcneDDWkeKzA(#lzT>anyIMEIJcPeZK;HJ94_~c{mpY@xkvr`lUX@iYY*aO!u0Fy7t*3Fudge#+}{@*I%baT z$E0*A$fVly5Pm8-uYq~U7x~7+?|n+@_i>%d)O(jkF8+E-r4>PyE1s9Ru}ut9l5Rp-6V5QIh3OL_FJXbRKz1B#-4D9|*AeRfRv!QV zfzr76zo>f)u(+~iZMX@V;1Jv;kObGp3Be^0g1c+u?hqhAa0%`ZAOvmP9U6iKcXw#q z{p*=I=gZvZ&Yb_8`+M^|^yD+p>Sl%)O{OF!K|538JTJHo|-mEflEyXoE(}8%07}csd z)spi~oK6PWq6X>u`TKA>K7WPI` zf(zyJ221)f7me|d_W>my_cA}P?@r|=fxT0__kDM&;PrcvubFS_zwm*059TL7ymoi5 zjEGH70h^fRK;FG@t)G8WJlXSelLs=`6^pVIV!qfiTzM}_jw>8$cYG91wuDHNZ*!_w zi)EEN;MK}AqfE;Q0{`l`sj?*q0%fL+*+O@)VorYv2)*aK<7uP#clpa5k%H>mR-vUL9GB^=$ zMJ~7E0Zftk&4pr2A%KU`97SkoLnVUQpmt1lg6#+%pJK0lMH53VZPezQZGv0)lD2#4jECOF7;Xj?Rq>UKGQ2UvR%2u-41(|NkA4E)ADPv$sL;kClOvTYEBsnq?ayerh1#DV_xsPDG z^992SLIy?4dj-p(^ogmQMweH6!@)z(>>AiUG?}?|*EO{tH`!>_lep4Y7pzwa-qk25 z&V->@>^szn+iqR}-rG!XU!nfU#6t`L2=p@a?69LGxC;>)p{C~SFw1dLR&l;at7J=_g_P?1J0 zXZa8LTXKZ1`<6rkDeiR_kr51;kZi-_M)eP6<9q7twFMM%G4%Ad<*S;@u4mJS+s!7m znj~ocT38jXJ=duu8Sr6*n&iuZE{OZ{HyEOOsJuy|?TZ5ynp*frWZcY_*wU}gJy#vw zo96Q21uJAQ0CBaID zWuwk%+-le!-0DG1Q6`&Cvs=BB_UntfzQFj_@B^lK+q$!`56k&|wIui;B0BLQPc4<2 zHTGBtejSo+%Q6hj4Jtx`__4r$+{HdYA1pupsUA%%K1gIj;C&=&c&v?r-;tBGk*hv! z>(0IYtC1bq7z@dEav{3)%@X@ncxyS|X!+x87i+xe)zGD5h z_lv43VbnX&e%ur^xuXR2DXW8FGRYoP7s_BP5u0t6vjdlwEPoIu6?j?m0c$oU8$3%v z(7og^c#Dh$cTN%!TBAIxt6l%~=K987)UvYSZMQ2%ME?G)1khpAyTmnn{>jRMcGkaf zi1#l-^v$#Wb_F9oe>nuTUH+f@E~j`+G!&riYpN_-gp@%$9{x8VKDzj@wueXRkM`JU(t5IAXegqzFy?zvsQ+J zwOo{_SBYnnHqSG(<>zcLv0V3SZtufX0>D0teEdW*R(XaBz#yx1QNk-^etp!I=0;5U zhi^NjEOR*wrAZ+fL?KH@B}XY`r<0fmpM66Wp2AMZ1@#}c6R+~J#f<(NjLYTdBuPr! za%IBa6cH-n)jB&{`Wg;6%2QK*oim}f=KiYI`{LP-S#!E?Cx&yQ>#K5FLt^Q6|#uCCUkM`e0e@+C=|HY>20q-M@> zE@8=Z*W*uzw*RF5D_IHtbfmkLeUOpa*noXylR2_uPs)AE1I>pWHT=y%?;mJfAF;7v zqVZQX{vTe;o4Bgow97yQLl`J5i}E5Ba;{PhfxR&F_ntcII625@_x9Q>CZ?+=QSgwGE6XERAxnkRSv8|qrPega709j^_N5zdiX-y=F83~EG&7e_xN-IV%b${1zYT$yH%6*zzcWRl_2=CTMWH*wppXk!r}zzyEQFslzlW`< z@w|xC>4q1&xMIV&EZeOQDD4>IPr0(lF6Rj;T5Utl4{IA)#$sD_680J}%0$1>A~wr= z!?5jZnSFGc-CfQ_UJ%4twe2~mSdGABgVy z_v_~J54_7(thJtvt}cJmp;PYp8R}xRuu~52AhBjwD^4yuLEVVXYyGC*v3fWZSqdSR ztI>hUwh-RFWiho71*PcaE-AApjgU}~9+~MK$vH^WBq~9$*`1RNviFRjUx(pP&&4aR z!?V9+rHMW&tYl&XQqY-jSMLHtgt-vO5+@FNoA5@RlUc2bVPN;v$pm!sp>~IDj(ms$ z%QLXY_?3x;q$7b%^K2{*k)XR44H=k;pZ9A37=fbdIgTPW96`J+TD2+(_ERm=0jmg{ zp6x~0&lYla7#26}fT*|6`DQ}shjqK0HX|3*b25hjR^ZlX3`yoZ0bG5f>^zIa)$*8TdM&I3`}fxzx_L~~?AI#i z+jQnu<}-eb{3G4$|0u@u_pKC6UyCO-*iXj-r6^3Bty5g4`#GqQ&j|uykmecE93!%ZD9ny~xl-iuW-EB`pH^&ww4Sgw?gwzt9nZHU^TS=zpy-0QADbHTaz2_yBh@c7n7YZn z4-{XcqU!W^T{PN*7a+@0{F%P%tzwRuv!f4Gf`4lHk7&2S7y%q*uVrO>rfwN>y zuYrB9FAYs^Ot7CCb>^Hp^OB{xGMgjjI_`6UL)~Nva-60u>!r4O%UPS8#2k?72gysU z@(D7(0Uf6qFn_hAx#GZPa&*S7l1igrkKjUM<%f*aoZUwDnFQ)n@%j6Na*x@4*CU{S zW(s(m+@Lu|pSR&ZDVQR2M{uA*^>dKToE4Y^y=2SrhG9&)Elo&|dqgb}BWq1vTYPn# zce>vZ;3g->>6A|wBuOQ&o2#Il zL~7ty>GMYH@`uElbuz{r)MbCWQuS=}gQt=#e$_Z$Zp?wFK`1d|jK3?og|p#)aMpa> zd8~i1>|&9Ty0)nnmwQS~?Y<;AM>c`%tpq{PwZW|e3U`9qswR(wy( zma5Y#QE70DwkQv1K}M(b5u4oh8({jl+TF#UW#PKftyZb;Kz#ZsqahjaUqR9=lt-qJ zfg>Qu9UBZN!J%AEf}YQvIU{ig=^U$=3=q5>L>r&Mr3h&qP5hLsK82;(hUzs)QfE6~ zWl<^LT(B|WHlQo{de?5OM~hw7R90y+62t*9Id0w<+JF9{&Blc?nm|R2v~%XmbYXMW zZs*7Tnf~`S{KP~8lS}5DFoiuSvno4Rzcdb&4em5hDcfGMF?>kx;eO8|dlFh`y8M(f zynbNm5s+-6mRVN3F@udv5%TVvkNhT)Bb5Y`Vus^o2}f4UxKXZoClM26P@M$r+&Ixw z1T2(q7rBLG1;wVh5S>aqsGzD)kIs*ip=nz*iQd!uq z#4I(v5j|GA+|vO|ME%u%6NM`4A}NRRbc`+etl#^|aDh_& zXZ%_4Y1p3DVHgA+X!TE7xAA+Mvo_#M7;$JkOG!hroaxMqT@T(oXd87)S-&To#&l~| zm!?l-w)tsh^)CIwH@Y(4#IabfyN^ytC)|cPmfFx|Xu9e^(-Zo(35=i$>PJjU=ESM0 zkXko))E(uf44C#8Lfwx55l(`$OU$PM+yKfA9OJV|)r>FQJNRwv<7LWT&eT!iS64|F z=UszyZkJ)-I{U5r{SIV~e%?fNt~0I)X<87c?xKbJ?0_*Y6&M2--yGsBanzpNEv*47 zTLita?5&tFxh*#$VJYfo?h@qlB}{)z5`U_HHMdIqbiS@*hh)yNk^1V1#MX?sx`hRi z<#+^GEr97u=*wAdG>`*603Hfp^3NMwDKoZa*Yrqa35_U5V;zeuN?NNI_?$q{=(Fs? z??Tq>iiT9zXJl{@5nGZuUN0anbrf$}hzF{81CckaLiMwNJF%Md8@jtVn6f8P7{fBI z^k`{H3EGrF#p8USn;+M&ro~3JjU9;@GD2Bu(#Owy1#bplK4%cvhGr_!^VTZ@8nK6G zP{?=@_@+Kanq%4}BHUb9Xl2@itCg&;L8QlNGkd_$DIc!1)^vYCHsI@>Q;o4xUg8Z~ z#k)TGADWwTl8`{iczi{!y2w5*!H1?X^-EJEsp3J7{&n9E>S8Yr1pA}jI@aI(m}MdS zJ{8n;+KHez%!_0}+(t$PZ_s;_4hxuQN3QtmWo5v}-b%Iri1BK~2*jnzMH52SFFH#K z_fX9%+Hu9=`14XhVPOH~4ydqwRu@U)o#vv1{Tpm7;s1$+>c2o#EUfks+EhSYv9F=f z?5ozeH}AzT(h#t9C-Hx}I^{wcur0Dc09um2vt8>GrjN}F{kEsU@4TyOTU^;oIC5d5 zmO;Rv#UYYtPDJrRVSU5N#9!oYGXOld%kO$l)>w*Id>?DMp+u)(#g|{8|FA86jq}DZT^RmAsC}z+_}--+kJN|Qc7D;b2H^W5uAmSmNKYJ#fBK^~_ry@qNv^9Hz{9ORHl-QcNf7hjySYD#>ZIO!e@l*lCXQ zTD`V4_qw|b_3ub_Z7sXz^DRe1LbfumaduF^x|ljXKJE9gGoQtRfGNGqa$gtW%Ob&? zB`)a5P0Z;^wRq@}$KL4$<^km4T!6gc?mpla3`=zIE@z3uG-^C56aD+Y%G;-Lh+Nt# ztp5P@JydGnD;u5`Zlt&!pJh7rd>3l*oel;ndu6R?*z~JjgSlDoCQoD%n;&{$K6QGh#H+tS@+vej1U=bXZPx3-WFSVF506EaCfi zgPI@_Z?Sdxi&16#VpRT!ZE~gLuHG;(ccbL~;itq;^FYa%D&EUe{XXD@F zFUH>o9Q?g(0ISvWzvmk^7`6V3J}z4QyCTM@_P=GbaQS>{3revNb-!zkf1S$d^VREL ziO|4I?m5j?r)3!4ukW2*_(+$p z#+#UP^;^=d+1_=?`g9KU$iD+D92EmgjXV1Y_;PrQmw2J`FysVV@lX*wL{}40oO_pD z%fr$mY51BfLATz)!m+V^cTl4yJq;#o@9=z#?qx?eYumLRX4*~`p-=Xtv_!D5h zzfS5TLAg4yn_JBj{idJEAc$hA6D!3IPsSM@jxTYlQsZ71Fq5V|Y2!=QX1(MbH$t5I zH2*9g_%yv&L=-4NrQ6LLIX1|8^MPGBkJ7W&jS1ODPxI3wU{uGFj2Xn2N~x5Y&C$rF85 z@+q2CG{#zMtOQxlTFYYACzYg$x?*|7={?<}*fj%_;EH_i!K~iJt?E+8oQU?uq@|j5 zZ=8x0&7k<~eV|fJx7-VBX(5F!#jWRZ)wDKw$co1}yjZ&Q%uH9O^y7sI=lBG0`;uIT z11Mh{0-|2#2W*{I$K{m0%`j^`>;m9UOf4pLx~;8UJbgk@^)L;?bGoouJKiOmEpMP z+OQ3}W;@B*`VptThv_N3;wAAwlQ;1QklgkGDin-uK>AyS^un8db`d!vQqVk1C&U1SC0|g`scq*q!tY)~=J1y4%j52=CtN zoxsip44b~ElfKSiU0du~+??v*#343_vcK^^Uuvf@ z|6AcPB4GoMfNCq`d*-c&I@Mr?n1avQT=VfEdnzGMuE|~C9m^>!X#D^O(g4N_v-=`_ z;T>1u^Nv=*9C$Q!(r~ae7n;ilel_AAf*1mMRpeu`UZW+Fp~a7ZcLYP{Y^h1kix*mV zzB3vtToMdimNHfO=?T+Ag=Ln-)n6HxYz$(n^9JWX_CDeN1dm(BT5pSFf4sRFx&@E$ zu+}i0K~YQKj7F7RVCRlovv4`1(x2S3n{JY?mtWEzW5cHb)v8rlm0JD$Q-}@QZNG2W z$!4wP5x^}?mY_BxuZ4M{C8>7z(l^hI&;B;I+o&ZI2@?~NJ8^zu-Jdzv>Kqwp#K^wu z#`wS?-~f+nuFlESC)2yUnY3vzGdR;`3%-hkEX(LSUJYEe*yDeSk(k?2r;0Q;9stxg zMgymLn|sz;zi+9dnHmzSIq(^Br}Cmjs(#ARo(%E5h={{W|4iE8^>rb)F(CLhI9P)u|xa;0*RV_|VLTos(!Am2Se!7u_ru-(Vl9{ic;i(2y z#Nb|1mv_eK!nJjsW_&;A1w7j~&P5{%X2WYf{-nof>`@q#S*;eUOV$qdl3xTzUVr(X*x0^!MGRI_$fev zcf5Npr{#Eh&l0p-tEg95=w#|sBi?`T7W}yOh&wZ~8u(QyZAU6KY)|a8!u)P6(S%hcy0E5*}Ofn$W_YJ7>sU;GQ+Tn*GaC)PXNam zkXX1LBW8xA6F~s%u|UJmnrPS^0+Arj1j)Zt-w9@pe*T(lZE2f-@GKP!<-b7XkE{)9 z6_wGxh-1>Qui>0{W!V=?*>-DV!4cQrKS9|E@db{q9qXDK_g6D+cw2u2yYT&-O~2O= zV;g!kxUzWS7F6Ry#x4!zc6FRl_QZjud=L1sh+4AZ?W{b#dsAipD-R@`Mm2`*#_TSGOP&B&Vs)-EQ!X}H_d<+Xy`hfA9NilT135^99mqN zHgtRXUZ0KVkOCMGyZBne0WCy$lT2f^(>;<@09>J> zHvpsCue&Zq8Eb9P>FnDr;9PRB*nXz*iZ6Kt)OtX9Na=uZk{yPxI#qEF9Gqt1;%@=E zr@LFxNC*6J6>BLR_qJvad7wuC|CD6zrL5Z{0MQqg#I5uyB&@mjZ+8yAZv6c!Via7_ zb+rftwOddaXs3R-6)Foi#$GNqr7G@i!{(q7#s&-eZA@EN^xPLVVq-HGam`H(;tlj% zWe{y$M%v_ueY#6%y_N?ZK79mO2+8W*6>wb!J_4%hYj`&=@%grDPYy!r^!i{u|FYR~ zlz9=i4znRY9QE83Zl%G)9RE*JgbGRC>wzAWTA^yV*G#@AX;X{152JT3@lDI3#hW35 zA-qp-VFBoL5P`*>9C|*-xoepV{<{Rs2Ql9Z)cR7LEY7>SJrz+yr}uB*iO1@vF{?^* z8mDzjnYF*yt#GhYQ?vi8W&J-^{)VT*`&w|Y^RIds_wb69JsPFg&f#-w&F4&h{Os*D zDKVAOhOeP@ms)C+EE})aiFo1hDy?U3kOzMHw!?Q;yS77p9mJ5r!XBsR#jdw_}KkPH@ zo%Cym72g+S4@xP&O{qfc6l_&9=)EGmPX|%Hms8)%d}!@&p#D1&fdTcsjHQ2rfSDjy zc=Ez`SGD!D`A<(q>6uGXN_EeH8!DSku$L|b26u7V`BqS3JE>?$JgD`sx{^!Nx87R56iaAzPjnS zsLUi_jmjnTahTJ(A>#yAWCcDZ+UapyN8K9F_M1wk$Yz!n?aj*O4weDGEWLGDvsLIU z5b4{g`l1?Uk zm#QJL$s;iuQ@nk39kn9ZV4lbzR9B~c^Qu*7uq_9hh#vRkbwe-Rq`WJO-pRt&-jN-c z2COK3%@R3v32!|VR&3EEgf4v=wRgC7IjQ;B>2?pgI&Pp5z(qM_6)*WvnI%rCa!!?A@Xitf@zveFiHGPI2|PVp_BQmD zg<8lp5UUUpEI5D(D~;+CfIW&72UfUiOxhhq-r|tout;u~1wZD9H+Iq(&1&G6x74&} zG(hSy=ivBWQ49pQv~5Oy#0h{SuKs!jl{$@N|4auM`6 z`PEa0LeZcR>cy%Pmd!Snya!~AoFUT0qPfFVrO6uQgas$mSaUY@BZKQuEV_}(jt&74h@F?-wLV$&RDuqj)@p>rVM z%38Gl`rwNaV~WTVz!z|kXK?rgDiZ_2WXRYTV6@@NsXw5x$M8b(sIXAG1g!!T{R~2y zhx~GW<2)_o<>a`i+gH3FCCn1^XkU(ZfYw2RJd zF_&0E{MK8a7QHUDu9Q7+s}pb@H65^hm1X6j73fUfc95zlE<@yy7TOWG`=Rf1wD&mK z%XSZr+QGywY5uEhk5N6=+x{g!5cIuNZTNwzNH2y%v!+2-X1pZ8X|?e3ikDkyDE&Dz z>KR*Bs~l-8c4nryI8}rfWw5NmRPq)!!0~)s>&^Tr{)%C^G9C7JM!feE{NoS$m>qaH ziu(LNY;-2aziX*!zB*EgKMnTiX&@bj&y(Vn(E}hlJtfEcksbf`G};Z)cqA~iZQiMx z^EDh%d~3XniO=C>?(5SHUc3k@*R)ubC(qqvo~eBLv6nUMxvQLw^X+{*U*%=_Mz2KQ z#}x_Q`_66Q1Frq?|E{Gt|D>fvZEc)PY@8e^*|}g>KTxu~GcmR>cx&rMsRjGYO3BT} zP6^~?r_`Zjd2iqVqof1^{~-Ke;%MvaU}WM*`J1*AcXN_da)N2P-#~05BsPADEziHBcYT(~S@o#Bhc3z(Us)04=JfjL zI=Z)SZmW~=+DRQDlUdES%(QPQSlB1!0S~eB*wFO)F{p222It-B+NJB*$!b5ObI#S} z<|;FZaU|%KQc7_*gfRcubic@2H$#hG_U%OG``1HldPj2Zn#5iB&fE`nHy} z^z$WMIm2QCSlqDndmd?w*zJq>*n@&8L8^8dR&l3=GcqkMtkmU~KxgLNr8goLNZ+3> z6ASe#(-O}enTS?cGXgQ7=B!wO$oiIp=>$IV&qJ5!QfvEyrWp*Xuo$Aa5>(0O6w9Xq z`BIbdUKI<}REFcKBc1)oXyfZ4Kq0_+gJ!_Z%1whpc>bi^xkE|nGF=6wCQIf$LXMi+ zt8E??|5D8{lwPb4A?D~4_>K=gU#PX={lBrVrwG+trC1Tl1aeo^)apCbyb@D+g4Tg7 zn?;!z6h;ToBcei+d`guSenR=Cn@ez|)PFsmstVWFD?9^fd@NMQv#rtmrqSgzGx}<=DQ3(A%Q2UTaPbIPBLjaUH&E@mQ8TkzS5W>gBxc9LkZnbUv@xcX}{6 zh;B2Jw;-`Gqka0S9Eb6#44sS)Z2{7;iL4||qG;b>@ANauo|Fc-a4xixR}fHo9!{K! zB!>|7N1Z*1)%F(70HZJw7p6hN3a4cZbXSjNO6rL7=h=vmJ(S!Lohb0Ml&zf5K^6Y9 zLSviAXLIqsqVZo1&{0ZJnZIswo3q7hbCf{MN#p(Iau>V5s0AwHX>+hZDOqv8eF#~1 zZ+-67KT88$N#{s2^i<<8q^&mlTH@&Kzv>%O_`Sk zG?D8S%gXiVzeqkI>{_#X5VbMQ;&0Tdbj{RH6KP;QIcEqYeYF7~uI%}lU3y7QjnJeO z<)=ki*SKh1m&UQ96IhprqpTd_L1XnkNgxJEH`rz)W#+r8u6z8O;_t9~Z>W8Gt1tAuR!b zg98BIV1IzeIe;ht2>}ra5djGa5eXR?3FR5qvu97AK6{RViH1e+oRE;SFtIYdWPS1S)yv;1fkQ?{eunZ4_t`Vtm&EwQFaP7$V;cY) z1u+MH4IYjf@B|wU9vkkl3qT6%Bs|=2FIcwxKVGoTBEvs{LxJ5j!2-Y`Jb{CULwxcK z5d{(H2?-qF2|NNKHVzUl6&vz%JZcgAj|4RAipr`64)Nn}Kg5lW(Q>HRJAcU@dBFvY zspJ+lbOcwU&~b_z#a2|c(@RRhmKiSoIo)CsWtO_+4B614@QbDZV%=hiB_o%kv=cJ#sXL*-BTNT^1VI_Zm;2rMbN zcZp%zWc`T*w*8XpnKR|{Ih{^ZRd)o6w{QE;eAxNRdW~qj;?x}pDP57lkszJ^7^>l^ zgpVhgLa9}IrR9Yq6ZQ`Cc^=SYfk5>iKgX~W8!X_%;MfHt0LL`O_ixc(Gv52;TPZW^ z?lL-Oq~vJ@GZ2Bev`Fg7+?*T*Fa;zBOA^s-hw_aY!k)&qa*?_ik=Z~=4yOFaXk!K4 z1X3^{i~b{c%7T&snH+S~XhYm`#m2#-Ciz6OZ)WE8PsoK02b>D3280ZUY-&FA2xA&i zq*Mk6F#wau%)7f>iAjmQPVQowLE~AA)IaV^9|3y>7r=SnYuRI8uLBrfgwK?1Fhy%3 z%S_q#>fCWRxgZ&BZ&)LPSGDsc==nmbpeZY4qlb0;ZlGa z#J5(F7M(PXS3&8G!(_IShpIaCiMJx7bymYh3lB6hBa{hgiQdvf0c)!fqt8G8DujQG;BLOoW0dEX*(NSMNEc1 zMr0M{Jw+7@>3)9DgK8bAL>k9VdBV9$QhReeG8t{HsJg~6?Nw5Q2X@!?p2LgG53Np+ zx{4|oAeN@^xVn`LxPo-}a70{{o*(F*4PC;H16uTsL@Yxa7!Rn`jKwr$FnRWGx2=OH zoPW|@dfjEf33E3;i;HYlqL*PvntQKR$htv#Bt>fk*}@<}LH_4~=H>=qK$Pi_fZp3y*L&bix9FVR3Y$n!Dk(L`m4YsBlYnSXw!Q zPD{#Y@mBZYU!3gEk2PNH5NXAPc53%tJ+QxB!sa;~u(?h>KUaP35rrJxGu``hV9jc6 zk83F7A5Pr%j_qS_$mNG~P?eR(8_Ei77enJoFX#sQ)M+D8Y$UG9J9v?i0xD2WTL+3* zy)9Jx*`o&g!n!JI47J5w`Cp-Rbf%W_ulh)nZ5`8Z5uXI8ht{HJc5dD-A@&=c2*wq9 zkM`3o`*PI9l{Je;74wJukdW8gCXbAH%SY={hkfZ&?0TPY zp}KF$nKR|koviiTY6f6EM2Q}YeA6pS^qQ+|EZ213+-833U}8PKB-RJsc6rq0fTnLM z>s;g&o|vG5U*>D5Hc^vyGI#8hvPs=QThx1Xj7Pxo_wxU{J3oAWs4}u08P`0{t6n@P zlWAM`V-WOJU>$@M5JFx`q4(~a`eI#~u#)P|T|WJ*Pd~IiolZm^eHtvE^wC4^rkN`j zh?e3LDG?vCyw%&;^M2(&s9X}4p*>#~8pQlEX)g|6YLn*(bCnoXnwc4Zsnm)pO`tmJ ztHbeiL37?+(lAK7e$dPs?CPog6oWpKB?|$x8vui%`tK3E|JPqbO}WMCS%i4ETzz8T z65J}Xoe5~g%{}NkSRx_;pK@;RbheM~NCjM9&e&EKU-(Yv!xwnuY<05cnDv|CLycDJ zmgf|r*-nHM;JT3A!pX3=cD*@#hEK_)_X%co20UN%7_U_ZHwN?#=$}8)IcdHXxWa9r#1y~W z=g;>@VUFM7;R|Mp-R;xgolRuagcy+wOQ|*hcQ{vNk&fo?Yao;R zaA$Awn7oOp(*6U_vY4~7%tx2wF>{9EQdpzV{le7s0x03Z+ScPF>kLz-e9hx^q_J}` zkriIZS8KX8%FrsDs$=)dgeh|`dBm>By|iVY($R;HVid#fO)5|ylG#mq`mtoWd?lb^ zcawMMnI1p=rxA>PF+Z#^Y~&4Eid}yx9p9OFi=A8U9llzs1XNZ-OG(BL<<-Z{<>mNw z6qNoblqIhzA9OBMMi$=v)S(%>2Ss-3GqrQ`u2SpG$q*iSqa33G zXzBh?l8yBYnvlkVsMtofF*~2cu~&q#wGofR$^a66?IwLsRYmd*fye0#u&T78$LK)2 zdR%o+B%%zBIacXI)iEbNI4hG@Y8Cn1r8V~^0995v!W%8AVz*3~U%#5k;W!6XHrElB zsBr)5_Wj$-uC>BdwrcRzkK>6v4S$~OaEoH|GdN_1JQ=Un>Wrw?z;?Z^_Z@3i?J?e= zk);si>XOh#X@GQlTch=yFPpk;rAAr1@O0Ei>a{OJ z=9uh_0hTY{t;SB;q4K$}()>=i_-xhA+G;R01!;6-7E??a6tav1Pq=wWQsF|f{q|si z#T3<>HzFnP>2dV}JdY9>?&EnI@qPjp&z|PpqJW!f$ba(Wxd>tgq)^!Cj-C>*RZ5Z$ z^i;(6=~Gp3s*UFWV{!|)vS)=*NOZ)pe1%MornXn_zppsx@W=izX$Xam88NoM8x!Yr zVC6AlFL35!a%@D-=V+`Mj35)_tmmM_1|^A|Rc z-Pp?6meuhI)9&!Jc4>?dLYWGH^h^wS62uIfdFO1|)p^BhzblPNC7#YNc;RlVy?Qdm zO#nF29Bac_qTRN3brR`dPiL`dtt>M#S@^Nf7RUb;U>%USfmLfB1lly%UA2g;Vw_i`XQ^JsIlNxj5L1ABSOe!GCnO=UQ_||MlI;coc z-R4ZJYPG31tyjE~7Y%V4lw=cGTaLV`j#eJpDt}AR**8{uJR@i7OQG8j{owQt)PAQA z>K*@hKzh-!a&k?%P=$dDOcG{w)`w%=@k0yRUlf4d?8J{0FHUf7yBgc7&Qwv7;i`JpMu%&o*^XN5&l% zNIv!IHm7TtF-e6gU^IiV&Sz_?=E%uGB<5hLkVZpCr8L6t$caLBS3^R;7CM%Peg+k47oIb`8 zieAq=P+L^=SQX*@6G62!-o4NU~?xCH}w_e@|f( zK0Rv+A1PKMDyB|y_Jz>GEe&ca&wzLG?p&{n5mv|cS0`JS@U;0hO$EB@S@H(TkDDzl zM8CJ?`G5(g$lDSQQ-8Se`Bl8%S^U;#+)yAG2KH+tlOcjv<@V-UrX!mpy9lSjU$^?=&0xuO37Q;f`|^7@5(lc^) z%rM>ZU8&=mU8C%j0q*sb)Fnn%cGU{tLJ&Cy1`M_~H5FU|@C;7y^IqGnD;SWLiDY=? z(8Mh`2|DWOMEC%GGFBVhD7MpGVrQEklbhf2qRjpGSrq*fo7Nn&>=l(VB(#T+xq&GoIx8YK~;h@n{D}JuHL-?A9N` zm!*DS_sm<>Hs6W^-!r@7<9x%3ekiVSrLT|H}A4-{U3QxISGOnLs zeBUWm^MXeBSDoSz&Jaq|VF@$rdaD5EERL*)B*!CyZjWvA$GE8pd{}1^t0rC2F7ca7 zM`&WMwMPZgSyJ&<d$Mkg?+zO0lU@Nrp#JEAn*I=xJtmv9GuAucBDdl+)MRgcg&gJ14H!e9so4gUzF}mGBfK z0W}AEx%zOk03@=zp(m!Yg^Z1O^9ey(h#c(CDTR&^*po@PzOAjI!T_O`Wwk}?S@{!c zvox>L6bK@Q1@-&+gV_GlYiSA&EJ3<()jKvCB^pL2}E`PWbOIjm{g^qJPR-&AE!oNrVb zwy2Rscl6__Elj?VfL}I%JH&`Mq+p?g;-IVx(6!M2p=ZSZx~WsiGRn%N&b6%$vzKX& zi?d2ILEI2ZD}^t0I~xPn8rRHli;@vmQ9hNssOrU$^b{Y4xC6>QE3_JabYf&&`PM0# z+;^}kMH(E$b3GZShjY>NJI|W_nrH8>x(9>^6~@UAUFPFZKtKYLTJt*V>|)O-0yleM zUH~x0j%1v{+g&D-?z}0IgF&_X6-b;5xeGGHe-g6lC`!KBoY!>?f~7I@h@fksJxKoj z+5eMJ{HdtWb^gw?d_%`0eL$|Rjlz^Pw|_cvooYy%`NE_Qh>UE zlVEpv!TsD552O36!@H;WNh(ui*z9xgQr)G6zXd~#oh6ENY|#9e#x83UVWARqySZLn{0(oG7#MQgB5FDgA zmpB}_Po6`DE?4C4D9@ty=os!-T2B=^Fr^+U3|kjTU=cYG%PabhH3tQ0lLn)iPCIV< z^R=DQhzw#5wh@!{lA36^lF1uyKQg|VzS1Xu=b~S0$-x&7+El+# zb2~oPA|$Crj8mKNaRgcGX5ep{<4kuy6JQ3?o+VDQkR|pwn;M#DXLHjqnAEJtPm=d7 zJA%Y9u_>&omyrHphAy<8%Hldy4|r=v60r2?9JdfL@I_P(|`&&nOQ6OD7|Ee zWDIPnVl1O~cp0YcO5+auby~YVCJVQK?=|7Ot1_nosa4Qi!3*9`Cxvk{Zz9@n;H+`_g4Q{q~V@Cm_!o^8tmqCw!LC^b(>Zspa6N%VvS}U)(v)o|d zEo50E-#@a^2?c-ZSipLznFW=sJOOtZM3o>K!S(h9xMb4Qb+-XTSy>* z;2NA%;qI0ofkK08kO0BmAp|K3cPKm*?(UFV-KYEXKHuHDyKkTS;~Rq?bF8rjbFC?> z-ub?d+-Y_mDOo7dadyy#Bo0tS2-I{YwuOh!W+?=ffxNMvdHZS=a`tb`({%L}mKGLmGwh#ktLr`m@hKQmM~>ZOr6uXDqc+4q9F1#}V-rx8fSBWxnAXy3S+7 zM^|X|raPx?_=L4*QQrJGr6$N)xA)PzN{WUPRVP;iBe@*iVPXj{a9(Sx%k}Rzedh1> z%k6o~e{IQ-u64(B<;fOWgUJK8CtX9pa7${=SVakhMJQOa0k%V@c5jxYGtu)V&)N2C z2!|LkKczCUFS#ShL{H0M&0U(Jm-Yd0-MD<;v}YX)(G`Z;&&Ddo2M^}ZB} zM{BukHEagdHZ`*iIKvIn*_eE9fd$Ky1_ybR+0e(0(eGmWEh$$2ZqOk3yP|~$9*9Oq zJg{auGN*aHA^HWK?m~Z%rO~T+cV5j=)_1j7QQ@!Df$F?uMWgP@E<3Y#-%`)f?x`A( zNf~6_t%lG(;oY~XvVzMWf6VXx2af+wTl7r52p78-Rb0%Dnt@~uFw`Z3&x^@y@vx-1 z)y1G|zlo5$2Nx1`x7vP7jh`4x#PpjE{OqpEe*xMhu+eq{MTF=wrYtZ&JkghM_ZL8u z{^F^KZ&W6wn#fwD5b%tl6vO@QZDr+i-{k`>qt{0Zt9!*4iFOr>AyE=4`z|eIZ4Dhp zb&8G8(ydx;UH;Zj=6`jITaeA9>)znDbhmhlrp*Tay#wy-P>3oy_YM8*U9rT0YWr>5 zRtK8aF#ZPLdb#Ta{^C_cJz^bIn@PoJLrlE%pHv1O3QFf{aVXPN$RDkVDV&L*G88!?Y7H?NXipW8vI+eUR_r?*@1 zMeIKq6XJhk#@PNo!dp*+s}CLb|30EugZ}kXzhTOp1(Lr;Pw}UmuN4X;FMsSpqgCP? zpNRd(G2-9#cmAeSHWjNNPifJTUTtT=p8S;F!qS|OYsKy`}|c--!$$@u`n9Dfkw0K*lL6gB2kx?y>F-{e&KkB@5a zlm@c<@FJQup&9i2H6>X5G1N@9_|!*a5=*pi#?JWS3shg&g)h@<79CbIm(Ys7mes?^ z?9~Ax@}r(e-l$_2%7U`Fbq=<8HlW3{9AgbHp{3_Wz5%DXC0t(xUt5|g*UUwC%~`uI zK3ThgZ>9&rm{PW?MyGMd3%@U9HnU&HZMVvI_@dz_uZ6J*6NIcAY0@45j*tXDEwnl) zob8oG!>0#{69O^P?z#0#j!AKY-Ljk?41(6p#wN%D6tE_~r79xV^I?}TGPJuYidy#rn>a3y(YAL=(M zzB4bEFYN=L0!6UFwq|NQ>*Pc_J^qt7IeN_ThZABB^HQ;y}t`c(e<%)(jTu^)9p;EREHnt1si~gVjTy_HnCz z(2q7_=)~4DLlcIC8kZ*)et*f$#^i8-AhC#mtk3CA(Qj%y`RGbQ2jlz{t+#u-71tX{vOU*EOi8-H^;b^Ss#4oClluL1 z(ltu9Rpc=?h;3;Ru;R5^x3b>tlQAZvGW8C4Iwn~XT^4-ZYdNSmq@xo-n-V)2^JR9~ z{l#RHf`WoB=-GtvRTY!lHxL^y;j8gpt@4GT0o#b0{^C6h4hneE0%{f#5;%VZ5Z&U9 z_q2r=02A`@ts}t;%7k|cs`pJvAA8$&TY53YDoA(>=${2wV_{T!5YZ-xebjNRBFm*12rwGg?&qEi)ByQHn{EWe$OTn75Zp-!Bl3j zy8NV(11<6=lKSXm>K1q*k)!*-K;|ZAp=D-HO@0iX=oV!iX?0oiot_Fu^orX+&`D$jUXsLb_C?YCVU?mGu?SO*G6l_mhGG!x47Q z^v^b#5?ItTHPmNM`{51llFpNEB9mhy;^Z-kiqa1{-|Q66fKfD<9rFk)h@tQi{;VMB zFF>Wf^Jk0x*5`~lJeGC3G&Iu%OwmqjYjWr;yTkpoP<*>yV5O2&-oM(EjfED}@r+fP z@_mLDf{H8F(_V_xOlL$|;#(QQdszt8@YEvS23#6uw|Z0YqY@;h4Mg9M?5ujTBHkR5TR+fV-a94lT`u^F9szRl%cYGc=l-|0 zTh+T!(xXeU7S>aIFD_aU>g`(V94>Nb#+z{b#eyAwS20_+D9x;mr&Srl+xm5*Lhs;k zu}X4j^H11lzc$Qbe%=t%HD{?^I-eKaF06bU2Be1EQ60*Wopn!z(SqZFI$R z30pUt;MD4N%?A1`R2fiPKrpaTNk^uuExR*USsRM~PT?Yu07BEBC%lbd%E7BL9GnrV z`is4Ib2(v)iiXesVRm@)7klybbE2gZTceB76$Ja{iP2iTs@nDI%`}=H1@(?PnrQr_~7PupLg zu(>SrpJ`s_Yy1LyE%*Dua%U|U^nQ^XyMiab3AICo^-;Ab?CQ~}1RmBlHP@9ZZVW{GCJ3fIIMkqD& zw&iiWRn@{^+s^e@38ahPLCU9;nu9e9CiW=BNHMC%vI@d~6fkD5K9!04!X?U6*^@iP zrdh?}ffWj7h7CCRfImQ?^q7T;fr$^s-r7%QnxtKNFgxLy>G$c@4m=_ZR%S{e3|PUx zf?Yn_{6pcvzXwCVpSt@-YO__!w0PC2y;}N(xFK{#e{p8KxP^-jjZNr26)6tqbw*V% z+eU*2JZG%`I$7xW+ILli9IV(k>9l!%{GW@a|ItC=*x5x{u7#29Shb7oIWYNoYRz>sY?q8ZM}F6eu`4 z@3WWG!%I*$bH}csYiKiU)OH8KV#xx_*z-?KnbG<6PAFshI2oxSh0cyK1>KL zd(?O{h9>a-w^WkcszpDk=_B2gr>0Iw3g;;N`}_6~>Z((2dnzoS_H<&ARW zY|%v##fW|7nXqFSgVJS#29}tLZZV9l^J=?cJ4>0~&;Fs!-*f_3wQbZ>*tb=>5sxdx zL}Gb6-VHFdV-iW>h`;&Af|Ki9dA54^_DK8EYrIstk4UMrF3rx$NhK5$O1uOsqXApe zCKnlY^UbNlO^UTl0h_nUQoPOOn*#*PyHG*|)5dG2YMF)C!?OMTc*Q9yQ(TKXn+EBIMdL+!_jVy{5fzKR($z*PFS%P6J*$e?>25C%(_9 zGUmt#z5y>$tA&1bzSrQR@8DArQo)Ic>hHUZ)JSc-%8eH9ZF;xnTp@oH zw*(WX{Q2c=cN2VSME99(Nt+X8Fqy-!lF9cPO>n<4xp-8DpcsKHz`bEX3E&wk0DE30 z{CR7?naO1k)YUA?ZAv-B74g~d>&Q~e4kidKUb$J`D)9@z<0qHYmPv`QMcbGLpNZyI z#Of7MEEMa<5*R~{YoCnVHT0a~zB#-}+=_I%)-~#XI?hL8n&m8f7u-AXame{&G!>_{ zSLEFC{U|jR#8q}JsY7JN{0Ca~2^UYx0^2^WJ^amCk7tvmHxkea>U-87<5&Ei4sqQq zZHG%atmbX+%32gU51JC&6>!bilqU5XW~g-HT`rT#Xn$uqq|1$Ob=_6;wFyqx;*e4) z;t{N?f;_LiR^|#_h6`w;9adTMFWZsRqNnP%3$f^T@!fctp79!?Grw=|yBufGGq`?} z=wLg$;SRfEEJwS?M{bD?I`NLwMGAJ!iZt*=W4&9gdHl+up)c%{N*~1n$cw&J6yGeP zQJ0{&d&u-lW>i&jB()fWSz>Vv37fr_;M4)vG7D1x{!~ab_|upDe&kk9SEQs>Z}-#+N3}x_Y5}o0THnri0tcPU!uwWLhydIbwCkL8V;x;R%WAKbGt-SQYzO zIp`zJLhNin{U3zy78q)4jY`xBH^f{qOY zpL%43)YsM#CZ(F68(s@auAP;=;rz57{aJ*$6@F6$C|qwpvm^iA&w zO$z>@nd>t9X^>TC#V(+wrB<6TJrhBNNeDtdtlwYkaY@i6x5N_s`fR{TM^TQLER`AR z;nmmfnzr63c))d;9@sRYHVFGB)BnMzKTShC%$(pMLp2sc`1j)FaOntQD=Aab> zdp;U2xZ-cvOKAFH9VvZI-rUeQ!tKBi zfYBXo+89@`Q&;fw%Ll}30zcIiKETVhvkwtI?=UMx$NAUehBshW8}EZN->khym1xyP zBfNF-g3%aoU#gG&p9Z>Rm*L-qMWXDU3yRdq?)OYyQ;$*5=q>D6kdVI`f=r_fa~%?a zH_GkH*dY$K@Tt(nEF))-+k>crt?K6&Gc^Vrme1QYBHqQ65sOp{&)hMj{{=OQ4gi+N)ZrXtWsm{WYXlnUJI~L^vs}< z_~AvAkmPe(9#gsC1BW*V^+}Z;+#5?&xv-&kJ@<1g*}L8M*mX^XH_h#x1JPA7@0%76 zkJF>dQ(p(Xb{|a%pmqA`xSd?VkxW}}m6Kj- z%)ub%4xgb$C3hzMHPe?*u5L=1Y_6k?8|w-jPoXa6Tgky=cB-yT6bt>f*avwLwSuMF+UK{`zMS4O%Zm(6wxFUv z?I|&bS9{Go^RxLw7^0QCqZCJ%)!7R>z_)>H2cu;ByVRg~wj59_(ga4EP3LyhgmT#g zt*Tw&dMpl4Z3JZw%v(i(@=bY|mp8&W8*X2HP9?mt0~p0|*hm05J+Ndu1G$Qi+>zj=jpYoh9v zZPk%lnZi{QIP zUk?%me=n-oAO9bSpQIL87>37ds=*rToLow!1Da6nPByWZqOM8qCmbR67OQJ-WljmfXZv zggt*-#D!8n$A*Uti-(c@Z9GgY=z=rT6Ua2KuDh`OWSy@o__g!T?JbX~s^V7Zq1QSc zO2#IeQlERL!}4HGN0}!dBc)0if-62mN_wwE`)b~4z3MVKyzmVC$_mp3%7lLaeu2Kk zyvpDLK+8Hl!O4D%N#|2ox)g+%w=oZLJLTF%5wh&DbRf9dwq85lMQo`Q4e4|Z38NjD z5}=2@n|E}KU-xF`7QRCxlZQ-GsPvdr$D`+o%B~~|9b4oQilkMKtjl-2_){VrVuup= z1RqH-Z;nAdmQAjNOGK~yXz`moI1NR~wM4{hty-;XhPav9J?zNE?DS~Rzyje@qjath z7jz)Syo!A{X#ch5uIq(cp2yLiC8qRsR3@MvK zeBHB`sJ^J4KH`=;KZnx8(-XA2TcHgyFEUv7)hb8n+m9VlJTYfXrZ>K*^!3fH65`xN zHDN=)cf`a=f0P;c53gmdRdRNXMRvwCN?rrEt@CyH`g;Pd!`rVvuj-6PPgaC^3+`MO z8F6xbGMhZHO zzDhvHH6Z4c`4>QlBT1W?e$omAx`7+|$iw5mgT|1m+ISs&ab^}l9 z5YW%mT`hE-KYZGc&ylQerpdVFn^S@c-yYITbCmwMH6<{0pm5viL5*`oaYaW!M+zJX zBQ^59Y1K^Lw&)`BTB78c{HyG7qN=}Hn_g8WQti%wMi1nHTC9@(AK8{n0K&J3n ze>BJc@*2_qFnz5aE1|S7lf3O(y6trg`O~_Zx{Y?9#J{P(`)^3}{`HnWO_vn*mKDC& zX^ISfrh?+IeVYtVq>o8p^18W08KAZ|!aI(;U57kJ$h2l$RVJBonQP?dQyf#Pvz$+j zN&0(M>+l@yBPwpv+xGwt4oE7@Z~gMFFMT;!qHPxP2W9loE;xNAw_OKa$By1i^I!I& zvHHBz1t7Bi%hcogQ*4tB#p$Ibs-Zn*dBuoQJ?G!HsWshp?&0>Cu2Q0d_0KPj zA>o%C8=k4`mIY2HTT7@o`ryPWu0#X8SWBvrL24TFG`9w-F~lywYUdIF3~g9on(=wC zYyPf{l_7=VveM3#?dj~zyU@s`XsqfARGhO|(7Hmqk%8*Cfsx+VFLhXCFkDBoiV@yQ zGmj8CU=qrSMwTr+iUDp#G<>wy(ABKy%&gHsSy{YU#Q(O)09iZkv|P->9Xh?FXvs&V z>|y1|*ebTc>8H4wpDLt=+oF^##9|teG*`=5BhzC&9q>cYE^GwkopJ9MK%3x0c$#x& z4b<|D<>3j31ldNVywq#0UIp=(_DDZe7KX!bll50k3Q{v{FN~BJ z;3{)BOR3z%mY=1}(M-&=iqgq$MWsJIO&L?SB4mZ9jiD-GCCx~YWEzUeo^@b0AI(|_ zZG!*q5eS4I$QdH#Qe#`3%A(7LqJJM^Jt|5aZL@*Pyb4zXmR#1t14oDDLkbuQbPOAM z-t@RIr3RSQ+h!(5G`TIhH@wv$}F+F&kmNv31RnW7%PtCYcf-5sB zF6CEX^69b@u7_(&cgq1j9aN%FTsER7?ub)m%ol~1Mtz`?)nDWq=j!m%>>V%BIjQa_P@0?Y}(l8QJHh$7~S_fdXs7p65?<$}qzp z+T8L|L+fX%`IkxE*|@j<+8H>)O?Hv|EeSp>AtIMHbTFhE3E z+tI%k%aF2msGP2dECS9fmlQsMtokd>5sUf%WzCNqw%}()hhxi>I+CbBb-!2QG4%C? zkl$Z$q@*^VK(aynFKG@&F7@s&d?1kT+jaW|AO~~oN!&DEC_tKi0T$^U_w1s60TSUx zSE5&06Hiv>$;Wl@G?Zo`1nnRE)Xdm%e@vl7V^=I7glKfElb24b*J1|fD4l;C`26*Y z?U4aw*t~K~ti{WvNd+v`H7p*4S7UOb-c^vRuauxZFL)b)Dx z`~JIM01o$hD=2|X&sbEtQ|%g`wqgFZ_i1DX+%N^NihBLKyq(kIE%S93TvnJw1{*IO zCXqB>rG-IS_X*_5m*20>il;8@;Ii=rS4j(Hc!ry9uI$vwyla#T*<7e=i1$;~srvBv zP+U@?hfT0!4f%1bu7Scfg{EggiqI`@x_3dEED%#oT>iWu#aLI^j;2xVl zi0fW%Ok0ZYs6lME>B5g;XlEuU-5m=Lqwugl5P^EC!6w4INcY{N zNCw=T_Y@vs3X2kJHO01NHhA-p3UtY zlUckvw!iYbH2eQH7C;9RZ_`Z^gkLhWEPTR2+U7d;vEPe;p~F4|+xJWTeF;?!*FO!> zV!o1Rq?Kjtaki5`5v&Mm_Td;o@b~O1C+RFviE0M|!9DS_rjUW7=p@r}Mo3 za8hMBvfMYGyyG0B+awn-V9ng^^`;8y3TN<n~ z;0d=Bto5Xmx|5o$u81^W4Albi0bO*Rs8L=ykd73LS*A;YK*426%veiA?1m1+h1R1n zhlE*Vz2R)y@iol0*`?p$Hq}#pM*CEh*7OnAP@4I-~`36;i;5e3&4<;8~j~rt16~TdlSMNsw@p z3cec~cA^zDx~5NjXZvob(eyS^>lffbfyOHm*@>4gbxkL)_YWd*{hWBZygr{5_o4{R z&pdF}JW$!UYUpw$PaIMMYm4tQE9z&0T8s~@>&tsQ?_LAuN4uu?>~>Z|)9>fWl4^6l zoNm3WN<^45Cx))OjNJI!NtK|@T~0+o$iqr!vR5s*tjYzAm4j+~FIt6IeA!a$2k0$! z@Cpqwg_re524V&Lwe_*nVcdbCye+SWN%?;PC{2%$pMdL8XdShs z$tcXU>4kQCPU(}I*ush5`wDjzUOLf>Hd z?c~wJ(C&4A;o}|}ilLKyd%o*%-9@^^bUW|neM9nn73Y5K2g=qfj(l$*crF{SnDBrp ziXe*=8p&adxb#kUs)x5k7RNrcu>KXB#p-L$1~Jm*NUIF0tHFRVkjN9ztWm=P!5Pjl zlOFcbx>Bvz=uAmU-*9Y?as4v{wOsaOaEK_BrF0pvO8IV>J_+(7l()v-an&cgt>8!- zu5K&XRQQIkCDMDPVJ?4+M$+z)%)PN1=2ZNJgm594t6I*JC`K=OCOT%blNEe-5L1u6 zlfKxMNUkR>^uBQ@-@%Cin+AfP$&E3#CK~!GWi^=!DH+x^V!vAhv&0szcd$BgTlI;I zBT;klPJr;luukYnEAxbsQ5_3f2moVhvdEuf(}{&%U0_rJ?z$)>2ZA&J_nAE$c^|&SqLwn^|8KYQ8Hjl4G>h)=4=Vx zyIJCT#;`umF+!f>EUkdnsN>mN~EoR^Z?11wUPGL(N1VM*3Lx(o-*Wefic%R5pLG7g_H#@+gtC3SqJoTeGCz2mxp&Y^qG0xp;H|O zB53;C-VN0veXP%{q43nuYrd0YCU3>_y-=Yb^tRf*3yK#Vpl449ul$m!fW!I`< z#>x3-&jzf}JtHG0tOsEmWJKgbHGTF2XBYk$OP#`M^88{QqtYAe%45EfVQ6IYg+N6M zmpnT(snIQ@kzAxXv%5MT?gY<_RiLLj!XEpPnBJ-Uc?Z;L#1fuDryCoGJjN&q;gc7S zJfUJ~qH~t-t&yd4Jux6d(d*CkfVOw9FAgV3atbVxbs=een@S=B|W66x%GfvxDNAO`qz4# zjJ1$p#kFnofk!>}7IOyMho?TOG0n&`xr_rq095z$Hhg`X~%3_qOb0Fg<&CTl&C! zo@Ye;9mxRYjvSMF>?jjWdYOU}+MZy+tw@%XQlErp%^_LdpiX5Ta4`cp>q%g16auq_ z)GTsDygZs0hO|GN|3{(scdh^HPy~ay-fx!aF5d;Z32I01sxrc&GV2$HSMH7M*^i7I z=UHT}RrL3&M>fZTp7#NFc5}RVUm_&0`vBJ??oPz|uk=dq+_vv3&OY$H%pWI0j3vRF zfrF*%yivB@-^(Z4hG?(+j&nD-;bTESg$HUhtR(rZ^xr{j@Rax;lHSLwdyBlHNC|_I z4o$=ZCo7{>*J58K$6J9j8_2##n8eNfN-xwOLYJMb!SLeryUso-hPxx)< z(;s^H#jAU&({eNAm0!$q!^Xz)@jYlMS@Qagt(lBzp}xi?#B>^Ao-QU&KzGMao-i@~ zyBUN(yAM;WuEDDa%rd*<_7gQU)--Pi+26CD+8s^$)1e(-c{{7gKXmZq3G*K$&i-Xm zO=95eiQqp+S+=BY0hdik5$Dy1u!!XiShPIio1h}XA4qR;olqOJSXmYnUg@Rb%VOJ>^hBxa~%0?l;(5%&)npd-Y0vy)$E%` zx{)8|0G(zJ*Vkk62b+KM@n)$1=MN+ezn0wWk7RFnrn&n{=?0Te@MF|b;K4dpr>Ix_ z3?vMK5$@~(sA?hKxmv*B2!sAiU|;sQt|{afvTzE39oA_Wdhs@e_b@*acb?pN@35)A zYGl#E9{|_;nCMWmEn^d-mr%r6E9@=~ONa5v<5urUHHkS(BBeMucF9Rpm+Z<2q*p{Z zD#ttmKPDm!Mmm@y3BoE8Lv~>_I0R$i&A}pitDbeZpAZj)N-b%3 zsBxx>nT<*LJju9rl3e{DxLca$u&=|g`$d1Tv+b9?uR_`}QE}1S4w%(}fP-P@Mcbk? zA3K(eeq<@-`vlXFW;sENT|rsdSD||pgbz}5yD!`@wnQMh1ObVNu?|#TOKg&iCKt9u zm;;ir1OQNCjs^f?74K*jfHvP9_HQoe+= zCsEa=JJhBTE8a(<8MV0nBUU5$dW~?bIWZ3&&(Bk_P8t=p#ieQef-ild7uKIssnUrK zv*{WoH1<8vP3Pdr7@Kv#GXJ0C==nFws)wwj2q0X+f)qPES6JhQh3AZ#dLlnG*S>DWTG`H06fxBNcpBuqC zfAsMQ+zC#IlBlfrv~R#0c21Z#n&1I#v*H{nec;oZFWpmZ?-$q?_6@ZVBnz(R3Xt@J**P0J zVGvoB0go$sRqCOY#@}e>E`I?&AyX*!&ANJ+^VlBfQRd-WGdXa92=Jnbz#nso6#OsR zujRs7MqA|46RBA|FPgBP9iEGTQM7n!KbC|eS*7>^cIl7Aim1}fhAIWCD4+3ZHK@3$ zS4gvCmXTow3U*Hs4ey!vFRKI)S|5BXJz>7YE7`D7eyokFV_~*Ps`sdamsq_FkMn+- zvJ0pDtC|jd$}+Xz{4589Up7;uj>#!7%$x=7>88w87?m*@(KN*ja$Dm?2$K^M3lOSF zT9<28O>#CQH*@I{C6L2eyzUNjDvrb`kog{qeLe1AA0a)r!ko@iS68u?$&Ro>*cUMy zPUK!6uvS>$9%9e!{c|dz6?bYjS8aAstTOk-DOB8Z_Z`Muu@Zl-Z+DspZ$OaVrLWza zb$Hsk+KI;Ot^Hjge7c18sv3<0tU7YG^`bZHLF$#^J6T#0+Vzk184A*nU(%Jgqe|gw zs|`%a1E%SBuh^lC>o51}g(CF8X?<_QJfld-L|HtQy&$=Uv0d%Z8H!6q(q1tPdr5BXSDYMbrc0eO*165Eam57$ zGU8P!308YJm~o4F+Z~ssmFe(h>Mu3A)<}3#5*S>+N_?OtZe$~6!{dL#`r%We4kt%!Y(uNiNDHV;Kq|C<(f8iqjSG1hTO(x2f zPVpn3)HNdoqesezFTP`M&?qrq657UZ2Tc&YGYW;fz4{hC+au9-@$EOoltXf`L`32m z{ZkBhBH3=%F1h%b*N6u=w0mjO6sqCFtNFC@^W3@Xtf=X|<0&`V!1dphaqi8o9;F{` zDE>n>*)zU9OsNC(!JE*Vf4czn}H>!cS zcOw!NjLQt-8r~1!u*Tm=uAIw{qP{Fa<2G_`>o!#L^_$W=ri$!}upOqG01xB80>`5q7Up8DrM4J$vTzVFt# z!<0p9^8H7WK7X_}A7a^2_1Ca!#;?L`LOG%MJ6-%N7`L)${JiQv3oB&}=`;9iy^tAs zXF6jdg&zyvH<8Df1|jX}yi_0o(;#~8^L5X~UEOA8@@-R85XXDb1g1-$)tIyXoQ-v% z9)g=I(ACAlhoS`IJT-_GYvjY>as+dwFtFH)nmKL>KuX6}Y>(6%9xvo-=bYV1-p~$+ zvm&P>jDbOJe)CoH#?Rg!<>h_)i6gbswk=0GG_(^PPQS5Tc{W-ljmvkCaMIo4ddQX* zDAc16fLejATgr5|C_YsCuS_WqYwz)U#fV3>f)!;Xj}{1->&XII^=PC-0p1<5ms8*V zJD(cv#;6&eLZp-Uq3$biyDm&@g}7B(jF6t$P8383+>$gb@4aMBFALO8rS70QPuP0X zl^^GNe5zc;H2vx@!;{8+;Pn0T=Of*3@?ZFd{JJ&qPlI-`#kLRMWb(e{DR?e`P+ zh%JxB4L)_68^9|0)D57V?#D;Kc{>XXjod<>JBGnIxg$RLFPx>+e!5 z|JEntKdhFP5Ie0z+*)#H`Y{p{|M&Pk`QNvSw)D{Q)L#`0DmUl zyo#4_Pl?DWbAAV=z(_@xk!Ntdh~`avvG?m*z0(li|Mm+oTraVVmLGfeX$I@rNxoJ+G4`xLI}}6tIuaSVDE8*Y<};;Me~jyCeK2&WnYM#8!qAqD6*k zjdS^0u1IveZ~|tXPf<^lI%t+hhz}MdHyjM;7p}@~af9x7c#gio^ZAS@H+KxxYmnzN z6*{|)s~xEr_4_iO3w2pxMGwE3>e|?$p}))8JD5(xIYMeDL#-wb>B<~A{>Ci$=Ip#P za~cNo?h(^Y53Cl_=A#!tHks9Ubh?Y$=BuBHEQoHNjJvZRk!X(FVAt@onlji&i!TZT zc5DXeu;0sC3|>oT&qXP$JnON=lBhMG`Yb;3>*il%$9{%H9q?gRsZ zIwakE9nMEDM*MEwOmhpTjb{!I7ESQe7DYh4i`GM{&ln9A?z5-4x<5R7UN>rMv|wC9 zucE?H37%}S&Dx~p$Xe6i1LJsL3JCnx#xEQP$pyXFo7U3uvGc@((=bnMruPVwPePhv z$bnz_k>l?Mt*1UBN3fZDOr6L$%+bi=-oZqS4`vf4UTMqIJ31~Y{c(Q$ohn?Xi-U`U zkM*=E_Lq-=*zD|W6snFJ_`uy)7!>tt_;NcLH|KF>ONTd z{R}MY?5kP78Nnm$rgZ=X6- zYaE@gLU1j+m2f0)OwbMQ4Q2jVXnU^=Ob>0K)#{_Q3ZkIF4C-W7WO1t1LzH5yofzN~ zIqKe0YZAl`S$uqI<-#fQGC{gky5HN(*c_P~;Ru%Hf#{Wsku_(E&J=DvEJmnrs(jgs zkSls*Q5BH^^>#?k{ZwQ%yDP1|$b)aq;{_1qiMHBTE?Y1E%s-A)=Xe~a0S%NPvGBHu zhTW9mGo^Z8n%0h?j5m0^lCJ8Y!x{bht2w+C26Lf58DWQUOP80-?jzI3ZLc2^h+F3K z9&27M%n89 zXe%_XaIAhUvNrJs7LW=7%oUShkpr{#Yk%fslfRXv32b{M^b}2nv!6tc*=|`wHFLyx zj05vK*6oHUk7;Z(6Oxv&a?t?Iyy^`x%l6_^@rNh#s^ny^sfdEfWT(?Lo6=|K(nP-+ zsREAZ<%(o!;&SXSANr{7iz`U4HhU-Q$5j|h?>%OAnI%|f_Czb+0NV$WE&$uB3yWIA z>A>iVQ=F<1LSN1d&ISuC_mZ`NU^ZJ^OaHRtP1nc|mcJI8aULnxqWl5w3 zNQeThQwM<2@mLdB-*gfw6g(A~s@h7X3D&OS-n->ah}CzY>}#M_yR`FIym}d0i>6ZO zjQMu0PRM&^j5?B~$84n;SXT(-nAJl?8W9B36KdB#4@sVubmPYZ>_y_MA(bUso!#CuQW;# z-tk8Y-{Ph`K(!6D-1*SshM!`WCr1WgbCX8>GexfKJN9e@`a9x&o_3M+UPN4a~`IY7p3G+aV>Jd^=C14 z_A4nCN1Za^=-l6@Of%lL+;xdagI@qr8qa$Du~E@#j{i}ZEIgB;zEW|zSY15S7zD+8 z+k#7|-kfbshLv{?${w0Z;!}fF{OJlbG>B!#UiL4Tj?R`HX0YRgM#%neYt2M|B6{({ zBq#;W&#nSGQrzg^oT{pY{Wa3v=fv1ok3r+khW`J?o&EDN`#+6qa$a(5j}^6U%jy_e z`(28t-qwVn%M-wF^u@FK{SbLNRXAnEWEl3|y4QDzVUeZH!!HidMX5m2_5i@4` zy(+mqT_JU^E+MWq9jU_KCO0(#Cb=WOCx&|*evGo_fut$WcL_US!lXN0TrKXHhhtAp ziV414a3Dl1fmKyBW|AGU|s>-NEsS~%5SVOWF++@(% z277C!Yi1TZD}=Yd}CU#>jk56b_G~t3ePTIg>cwNev3sT4^&2%?9+BSEkVgUHY}U57|I*=npr$PLO{cstq| zxN6(~cx&MO%7~OM7D&lF{%0`^M$PR21^^x@>Hpwt)0ipy2v_zT2*Z< zypz|tbL})DVO|-=s=4H1X>_m-q2_B5`gGRtIjG=Bv-CBI5_xl%mcb;7Lp+YCN3RYa zE8r4Ss80#WIGQ=GU2DGHjevYi!t@#4Sa@QZ>!jOFskp@K;3Zs@$kby+3T@z^jq9-R z9AeZG^7whH4l95lXt16mTB)Y!i9?_YOgZ#ID;t-7gVpmqzIR%@j=RN6!A~6pt%Qi4 zgbGEN?^<&+p&1lbXa+^sV%(`zwH*9lUMHa?^ShRXGA|3k7m_ag2FS=K#&1V2kVVf$ z#_%cNVJU~l1cuIp34}}un?okI51;Dy7^bq&KD+%sll{V>v5uSAX&1g!&ihpjRd>k^ z!V!JO*;X}+^h%oTA5sv7YSeEqxg=`ww}SEP`9AGC+xRZX2iF2X)Y^0T+ACWwq+X;p ztDLCCv?!vb4fZZ&+j2%H>bh%$m!R*v+SpO|;LLlIpY=1OOZlqUT6o^G4dA;rg}JUI z$ipcP2#Xd*+N4_22{}?HdtDwo6Zm?cRDK7=T(n1>Ys<LZ z#~F-Y(gdsE*y;=kQs_-oAEF3n!lNiEd9gBd_uObGSZ+!jK&Vrx=@C<(oE5v#xV&$u z%8o~TIu0sctilUk7S;R93&#G-Yy1j^jR*4WLrwhSWM=T6Tb7E^F3d^!tJH>U;72>!#d+l>-&AHcEcU9fL zK5F;x&SXMT%Z~N}kSXt6X0IbBYP&bC@=x4;XWXj;12+e(yDbkwJKLy{X#GfUM8;5e z>4)0CY-i<9T-qecG}N`i43)b}_K$|=iA0eAqPZuCZP$UxPBq(S1LSm6^tgJFL=hNJWi z5;1WqX82LPh(+lNu7{KfUH=E3f=1{+iLKD@KPpaL-KDuu_}-gzB=OF4Z~ToPjQ@Z6 zK?R%a@bF()6oI%0uLl0&Zdc*lmN~GHPC8ju`x{9?wdv+eIcT9;lZ@pUKJ$9nJQ4>9 z(saznq>{>?KC}aW6dDx##Kt1Xqrf5pSc%kwE66( z=>0lhWB(m+<(nO}Tceycl8Oolf;PeJfQYd+4b* zu`6FX$M$PWI?Om|HL{YpTjBANr>kU8yw+y&FWYfZ7Zed$m)a9~PHeHsgkg?)vy+xj zhT+X5Y=pei4ZB%BK1Ymmddq{-RMeL=<;xYL1`NYk+D5u`0;gbbGXvaV4-GH+lrHuP zM7Ut1H>oa4B+MN&W}l;7J$G@N2{`JAMygRpxM|^7D)XmJjLmSZrZdxUghx7j*S?-_ zh^KbSXZ<27>7(7MNuYIfZ{#sk z>|ZUZMriZl#d$#*QQ=Wh_~Djd8L<@fLZnvj^nA+O&K+LQ%>9>)g;oXRoX$7wmc4U$ z!^%9Cs*-w1psti&Kozf~2nAkyl*wre>GWJ5$TrNTQfZl(DL!AMd%W(`epbaSN!@nq zF|}v)>qop@zG!BLxWO$xuS{D)DUJwhm3V^_=_5-0fotWJ zTjYp(V{BoH;qefYujZKnslu|(XgbCAv|Dnw_46{yoHOcC(u{ek-g{u*N-mv@3e+%w z#-M6Fxo5~Iywzbf%rD*1xPY-gqHAg-ieg`yO<{n$McyNbSW*jp zYvY$-ISDrr`iDoZy2!nXIbRpLaEz?z&nK^kU;=N62Q^n`kawLM%f|0`$qPWm$sK8f z`sdd=k^TLUS7I!9@0}D#`Y`wRRx6ykN;cHeK zL|oYwC{mQ&d~|>54`|D+H;UsUH0AkO)~JM!Ezky>4U2%^hdZU`7u86{cu1|eJbo9K z)c==leSbf$|DQjV?lZQiGitQze>4o0!=$ZbZT*cD8XM(Hgv>ndd4Wu)Nv0D0XMBsq z+JYum)@jCov8xx$CryC1y!_=yhsAQ^{L(?<3sGW7CdIC|7wlO{&T?R;{L*K^_jl8l zXd$d!6EK4QE~jq6EG&L4zLmUz<;IRuW*g)T^Oy@o`1QVl9>FO(>$~|=j4tBQeS8Sc(v~joG+&&|sEF(U9 zLH3AglwgZpr8zAa!1@Dh4_?A)6mza+Plgxb0 zn8W0icbmc|O4*t6{O6$XQb(P{uy8G`Pz*BINr?85xleV52lv$ApRQP&JK zqHs>d(O2tPbFkNlL9wN9Y(+4j}OWJFX))5WVk zy-Gh8xMEl?T%NSu{g9^>de?F}s9SC3N>PwMN$^qw#WfBG9|VsaFqcr`mI8?->GWZp z$XlcqXNOPzc%rNcVHBTRUmqhU+r1wj=vZ1UB zeT^Aw^ejYtHeu;*uN3Knt$pt^+2ksvZ*Z%=)?v3&z8oW^?FK+jyVk6ors#?<@*RV{ zDE?ZF$HLO%Kz;Ld>rU;w71@bh^CGNvu<`uta%*R1AOxJx8fWYEraGW^IBEf>74g2r zn_Jrn+47vl)kFxrKy_sh7X?l|0@Mofy6*4w;!0mx*3!CUzNz}<;F7s2dWyc$=t|xX zYdKUX4(gpMmw(xCXDuq-a|sT|tF7Rz9j5ih;)J{P_O>8MQe{O{eu5H*r0Z|hpK``P z0;ND2COdO7Cd*A!(-j8I75>vPAs-jR3iZ$)^c^1?q`qpDJV17>3iG;b6zm85mH zrL?b}fn6X;+7li)h=esc@bx7_RmqqH>%)l_wR?T!_*Spw{vGD z<7l=gvLOHxF)b#|8%$I4aWG{O;eg|bUr1MNM>8rbr~5E^)P)-CK-9Km+EVO~%Y1Nl z+(&hieuA~E8I)CD4Agh~LG-MxY(5=Qx2(>xAg&W4yTYmPH*2>)Oo&0%-)!C*BAkQ4 zneUa@^0XZs36q4umwjH#B~hr(yUO7YGug#D@kU^9To?Emu(o-9hF^=qe3x7<7JF2F z%|azx6Gl$TT3B7_t zEm(rBkM4K$T91XNcgi#$lXc&n@&?bD+Q!1aQuPnKh+bf*tQH_2IR%j4Pe)UfHu`ie zbxQ;{24{lt-)i>l4eCVrhnY-@=#hw^{DQAZAuJ3o*Acd*C!{AX$5+XN%?n3PJf&wx z4=JtAHy5Y5R4*4ANF?^Lvz^|3>Y@9*mkKgFbTHjXk;Ylk4v?R{yw{WhzMIdNe(g5l6B^&Ve*NZu zZZ7@}`xN@N++OMU?xtFoIgsNpR#1++M{i&c1FhA2Uv7+V=zXUiDp|$*nsJsJnZYp) z0}HY5ZMLABhC$1}k%Sv&obT?aWk1&156M+~3A;(`jhepM)ZkH)V+OyRBigAZo4D~4 zT}dEPUl&a+IaoZV)pLG?0LkAINuO?&N?ke~kWN>cc{_>So%b&QqT zi#^iBlfPeNAWP|eAkMFJZaZ;XEb7r}hDHcsVr`YCT4})sD#Yc~YgLGqW=bh z{Qo+);9sVL5N@x3EUMc?WHs2^+#+3Pn82?ltF?0aQZ3FpRI!f-iD@R;@fzpHnXn_@ za0{Sp(rZ?0c3y&5NMrX)N*C}O(K>`^vueU$_dPMD@g~7|Uo0N8xJBUIxjZ+kCYVnQ zHB9l8WIocuT)jGD5ec5}B_St{%c5y^)k;cB3s^O-g^PG5td4U>| z<}3w2kM~r4bk8Duin%Hc-Di9f@;6>z!jtNwe|amlQ^m_R`e2V_Nr6zqs+sKai|@(o z$v5;HuI+`mFrup8k%|#;(HI_Igt_=k2DGNuc~A5$i~0RH~r+*c0O8VnK>{mGV>5C9kR;lE}vtCg_?&lGbe7d60G!N zZ48fWa>I7_uQ4V{y5_%64H|lq>c%&3=uitTMAZ{WM*f%9GMAX}sRWmc?O>D7yi5Y>xd#>J|}Y zkA!mG)w_+&ot9Evd1(@zT~%wut$50;XH)ES-X;n+2XA`s4)P{+kjO}pgx4TFgVIiv z)W%dg=4mm6I+O`rlYS(CsWX|FFmFNuW$P#|tTnqhLeFqObpx|q_M5PRI%=D9QB{-= zv|-VviLbO*x$68VXw03-G7X!~-^D@^A_m|lUocFSZneyhG<#rW{}?ak8NI4IJJjI%i6O zFHrsxfriHX2O7GGKtuVlw^jazhEhX>pxh$_VskyED+4d);B|05hE!_F$uss4e9CIu zdv>|XxAWv6#|{$Y@rS0F7Z+lFKAWrVq&S}+*?XJunHJMNKc;xhfDB-u5e2u5Xe?Y9 zS7v5a!(L{ah;X`IO#fw|vRrhha_@TO>9UcTwvlAb9J*tg1p3@Jb6<3_=eZGEJ!Q{* znkYx8)n*7^sSh!k?hek!-U>K4@dr6>#2vEr3Ha?p8?2_Rz`%jiz6%R2N5*+S%E(+t z^AOw6YVBSf%+6x72cJVb=Y%ALx$11)i@WqZp@4%kyV&%siuXvZ4$}Z-gfNi2Nx(Kby(j;4NgV=C}U>*Z;=2;pcYbfcI zR|#aoPQltHL`(Hdu?G173HY6E!=0k?kt_HG?H~AN3}UN)nyFBG57?c9d&xL zbLE?#nenBcUiWRW2qs7(=w&tGLU`JTO8Xh zc6LXqt{vx&REk#wSRy#n_^Ke{#;HsDJVzQH9}tGy4BJmmAz%yTq{ z(eBaGADrDm8hb45wS-<%@;Of{qz@C5vq^lX(wryeHj)$9tx(ZY6oc5|C-OtP3kBnq zxyj#1(F@xjl=m&u;*v`mZ|>ndKV#D-Xn)Mppqu#4@N`g5@$N=^m2h?#-~NFxsez9$ zT1BTUOTmKSZHuMGE4ivIm3*I>%)dJtV4e@w-RPXVY|@hXi5?d7L%0<3nKt=Cipz8w zKLd8k!Dy5@d!#sYW_pT#K{Rnu%;Cvf3*);k=7R3Y@QKfRRPp47bs6sB&t}l#;%?Em z?6kL|Zc`kxx0EmPrA8;MH;QKV-IrP{UTA^nRW+3Bzz|+ee0H=xdrqf8Hx#$?D#Eh# zVME-JS2vIXM8qvoN_8OLhSG+WJ_#2E*8z!)pu&YbFfR>BmxivsLaI z+A5afNOTnPb~Nla(tC5}w*$8Z#%wR*ee9Mt(k>io$gMoV1+FnXs&QuSf+Vt))6?pd z(b8M?j0ugsssd=p3`kf=hy0^?wbO*04tj=(TAW8<@#xwVl%;ZJtU1_ds`;Lxp{q*V zS=FY^t$7;N;vs~QFC=Sft&O<9itT6?UE3QQ7Vv=Ot}(dD#{TjhpH=~Tq#BrDA!;^H zy#2#@qdC{+BZi%1pHOx`rl%Oc8K`{Uwazu9xS;3r;TJVO96x+YbE8}r?9F$yw;`J@ z(yt$e+b);kRVUHs0c6Fdsqt7Jf!XXg3kEBX1VYI(2hN8{^IjL|bB!RcZc=ol0 z$4dhf``8&B{ju(jhvQ*2Ij;vO!fPA)Sh(>3@R>q~vC2?W5`ZZjTORv# z<_!kFu7{~H6GB?;S+XRZ;AUxL$+x_I~-)%o-AH$*7{sB z4?A3_4M;!8S)yQs8Sj!esmmD=E!R*V;={s^ZHg}TE%If$ZXPuRZoAaKSw5HPFq6m? zUmdf&OXDZb6=q^ZsBJ&C!iV^74C}g7RTV&K^6mZ9Q-a4&$B0K$tynS2B*X;Ci)I}I zyDOc|t}j*Q#2xw*(@g=0uJ7C(Sk(A)iwz;VZ7BXyq3#AH6lJpG4froMU98F3oLKmf zuwXJdyDNoL(>ZZN)()s>uPnlbk#oBB**PruT#Rw0XK#r&W*j-zGm?d6n0E#kr;7z8 zIbZ*(QtRA#!`14C!iA_6cQ*k{4=zbKW!V54?qX;^xmc-WXn{(Np!y%#vAoqc7+LJJ zZ_>z+C^HVWE|;#@e}-QL4K%)j*(!ADCvtMko9mrK4^487P;s**L%w05ayr{QY^Dm? zy+bql>0lwG3M4JM>In6A>Ed|*?F`3v_m^2^ltyt_kAu|CzvC+B`_ z}mDh^DYt8;IcI>0-cE@r5GG|6uR*2;+#j{7>Wu|e*m|Q+d&*VT- z)pq6WqYaZ!^KhlAfz)bZjgE}QNN%yr>^7}g;+51#eOEf-AYPsg<3^CXj#PnD!qr(l zsyP;fj>P^E^3D4N|GEeb?i90PX#3Ppk9cs?gk^4h)KC4)0j+G?TD?EQ*tn$$34^%- z`4WrL%;%-PO+sj)H-}(`g=VG$lFc~j&DqVJ)=`RQ3V7k#noFsi$QK%+#?=FtY|alV zLsxdRf!QRAVxI;x4790{*vgN@p#s>{T`8h7sTt+_zmd#lN0LW$vpL{;3FCwfj9b*@ z-_A_D)+s0wrNBuZTCKb0H)?UNU6rAOty4}h*-nduGObUZz_=^UV`qJ0in<6CWJMsp0wc5@KcX6Iyvz|E_P8JRED)3Hsyz!9bn z0%Oy%XLOC3YtewFIXm$xB&Xf;3VY5!el}Hgt(Gdk3cgNBEpFtlBUW3ahA?QkD@pCi zXs^Bs;jQ2dIL9J_s70u`0sZosr=fEZ?{sPITUj z--1QrE3U{#19nb}4zr~KL@B5TjF^K@LnEJUh>_VT)AS+kc6R=%&%T&ZPIFkcO^w`@ z{;23)WixC-;jN=cOarvG`_0Cni0_U`*iXD!*;w}xya1&rn_|ZnM}1}@0kW~}lVi%S z9vSV%g-l?$dcxskCg&HOTH3P7Y`58&eQq0pn<`1(qv1<<^_r*VkO3Qe@L${++w!lN z(=1YoIczis_48`ylD5!f@G(HWVHozL=SV0D7OT9R&$MxkNsqJ$_=?v=Z>nGPg({+d zBxqjQS(q&@)8a6WyHnx-9^W$(+%6-w6spN=N zdG)Tko`&_f^E0N@a4W};OD6N!mh)O?1MbgoypdN@132bYm8m)L;EG^~&_OSzPPlAJ zR`Z*mp{#=Xv{aeaUhjn5nRtmmDxP9Az zN?rkumRR<~0}j4n3V+`caDy?s>Q?VOQ~z<3|1tFH0LDk^^$C)thWqt1W(wyLbiRVW^$ z6+uPUYeI`-u*kyVEDvpwZ|fj|)Wue)IZPy%9pq-Rc-%r;}o-db6IhA8~$ z_Wdtfl>Ub2xcs~EoWI7!c+{5KBRZYnxK)t6VUtASek^Nuc;&B1oYy@gw>1t2**T_u zZ~q^II0wW#T z6`t(xn7jTrxF3k9hgiMc8eD4AcdGJi23iVV%%58Cm6`p3t+83w-*F?#9{x__EBu{W z$d1udBRC+PfA_yl{;t~)1HexRR4Zigp(uGGVb6w?DX@3W-ZCwf7t*)e&%_KyktRku z0H33Noh%Gw;~*Sz?S`+`h>P3(e`cWQ|DyCNc>J%QCpnY%fv-jnsi-*q#mCiu^fJWK zl1ON>nT_U=A~$Na;5?AjNW>MkaTc~s$=qrkT+)CuuYlWe$UIY*58QOU>;l>?qrPfs zvfzI&B$%VNqk({+&q!vle1+Lw3h|RG6C(SOgZReq@n2+-sAF7C0)5(b$#r7arU1^Y z>TZO@veA+fJ*5cw)TUbsQ7#w2se~!`@FdbI}BjEIy0TK^}@aWMI0@*j*02%Bw>c|@Q zPb=kb>@yLay7t?^KNe#d9P@IXo)Hp%g5HWc+xh8}whkO|b=UgzGzoZ%7D$EFBrBG5f zX7<9qdVrwylJvr%TAX^;34h0Ox`0?jShRcCyK7(>w!G0q_eSdhJ@Z^S<1-H+h`_ub zIZ1;zO`uu4Hi;%Cvw~!mSX||{Wtjm*C9XP=k9U65Ijm~2qECG%Qp$vx!b&97vomXr zuR5Otmac}L-fd7)832@!KeQ7pL4CGPwC+%a_8ZAW)INl3DseHF@rmQ@_go2x4`(EdxWLB)&`|iCH{%Z7uA>W);bRTaqGGEKU){&>7 zjWKR>Iz}|Zo1S5Ms^I_jd3vjmk*ts#A%bF_<<30RybdxB;^pcoXVhDeNv_Zo{@6sf zOT?)m6nXIe5>NF~OnmxBDaUxi;E;~D)J>j0%yCEWElo8;4z%?jD>| z)JjD5JD@ABSrZPm*`Wu8*YS`G_SU7TN~bey=vnJwm;D+O5#}CgaTZoko<1Vw#}l8h zvk3LqwkWcUkuT+}qw@ci>awwfgDw{19F?*9#VpF8ZDN~6yZOos1?$iOu%apRb{SVl zgTR5pKZS&}=U2U@9ooESnu@1g8M}JpUG%RmrFaaV)QY*3O&LaEYYC1JN;Vt5w@B#L z_^Y|Xz7_9#@%7;A31nG|C1DGDW35Hpe;J2tDy``pyIgZ~5pKDR zUE<8MmD9~Wq=7=Sc2u)p>bB0tiPj_;0c`MI_4G&E!($+x(oq2y<#lQ7Ji zM{qDE1se}^bmSGg@H&#&%K+nU&m8c{r>_|(bOB;=a?H+syX$+mS!bPq-XZp)g z>V8R6b~nzW^da%=7MO0AO=r5!s3;cx2q+d0aJIbfX0b}$jbmFNB75b2MzoUZ%wOi} zlHle7IFSbBO6vzeTU6pcQrU+?z+1#gWGEpE*`+Sa7Z{?s5()wP+93Vb{vtUJV%hyJ z3s_wB`mI=<27~4?4QU_*I1=Hn7v6{lB-cCw0;WrP=d$b)w%;J`w3@3gPCZ^cM@2M| z>DW!q*yfXJo-Y|_L`N}~GU%W5?r@De$%p}t^5wRwI3+utt9xYjJn*kP9z4XXc#@CS zot!_xj~BU0eE|X%_7bfdl+sWRJKi+5%mZq6_l9Trgw)d2w~c?TKAxpYm1%esO;ZJEgfiOg zr16T{b!m&BiO45;;ObEIFYc4Ti2t}>k_hgB={3ri=;z6u`_fhPXM(MUMQ8aB{O{tfa>^IMP)ukQ1Gj_+% z-x!!V=7Oe_UANZWQCs{*qBHi%-dgtHvY2tXy)(`;>Ys#?#KsMST2xS5vl+HiqmT!I zAOrNtz4CeAM?7l5BeYxsK7DON)2m5qRl;|~a@G@aNtz%TBg>IO{zuBj!lpmrX2m_7G_ zKy4{iOGifuABwx~9~tC2Hp?UZ;}rjOT8q#u{^Ob37C>y!ExxIGU8fD|Nha{f-wL~G zd)mSBT>2PPSXW}0zA7#*^)K42|Iy3-+&Hu)H{Gyz)}W_UjmW>66)*2@+shx-IWN6W zn|L8Wbn@vX%d1hs1;Gb$9gRT1;U5>^^rd`+u<89qACOatTYXV$^$*N%Lc(i67DD}u~4xHNaU^1+I_26>5X?k9cl&<@7@-TqsB4r0Y z*uI`WhiSD37~P2X>Jd|WmE;O^RL*)#*ZO5>!<53_BcLGcSo_}SaKxIejeEa%)QHE% z1=SZ=mb4TmFUXKmd^nS5&3j;7b97C( z+sftr(zJB2ChHgnX(k85OKxeRdPdwrQrN7p5Y2^WUDGB9WJkghzg zh=#pVJut>TmGC2nn{m@rYr{+q3i@EhJ-Hr)c9fB}hIBIMJ&Oc^q9Ak_DfPy*{*@~A zmYbz>?W(}$O3RPt{nVswG*w2DSK%VK&TxL@GExj&we4MvzG;K6XET*bTx;8A=KiDB z<0MjXJoO;aQ=V0q%SG+?L|1&1Ta8nV?j@Fb-vTxrG<#G1`UoQ&CQL|1Ek5wA3Gw-o`=o)F;vh|G^_OLWOs;v{28e{rZT33hej z3N950D_8!ogM9pi$;5org3gN1ai&v2xMZ=NYWcGtXNUog7noi(YaZcjR7>n_LIyUOeOWwLE~YTa)X`&??aKX%)2t4|?vH%t zy6ZY-G!ZP-)Rq&sm~m+Tg`gm=o-1`0+=Fm3Ap~G5Q@&nV671$^`&RC`CmS+D_M7HV z*;|Fp0PhtdluifoFZMf{_Ap3ZlUos==du<k9k`weY8A`SFXtB?nfA)|x?V`fW|A zql}q98nTlrMl~yt!b4^VA;i(Rf$9a|QdDz+K}X)f zx2fH4CUDY~@I}Q5eY`7;i%$Uu;}dxFV7gKRNo@s>T)gR$|{k>YbE*{`RUd1}l%-4IRa zWI?a5OJEOeJa1H~$&a~mVX?gpdxDbppz=?mJ~x)kGYwMvp?)+@&znMN#2v?u(Ic$f zlk7Fu$|(?QXWPb2uvS=Mr=T(6fyOCS^YiS3_QZXw3q?%h5F&6faYjViQ8H#iJsNwd zkZF~~eSZoow{&ahPcax=?2GSFT`;m{m*?gNz`>emqw%DN_Bo=V2iQLw6NZ3X7^?xX zyU$6w$h1kh99sl4lgMYHIclWss3n4{!o~=P-`q6~!td--9`4YLg z3#hNNa1dcUY{d!Z&}GoiY2DMlQ`vpD`sTHh>-6r;+(=+o1UXBn`@?S}8brN~x(1?= z;}BCqIq-&el!NW$jU1iF&^6ow?%2iai$g)$hw!!YRF03M^FlAu6?x*=4=Pcx;Cpsd z-Rx54HrG&%aOUSe&0F30wx`@sKMygq(&MK3gTG zTRUB~r4bC-RG2MFmkyrktxNfVF$^Sf!7-4}*OIq_{L$!WHs5G-Dsxh~e(^@*uheLh zJOU@G5TmqgGoWT6pxmXWLbk62%CO;r=@rQ3-yZGZfftKw2jF{Qz-ReH`$#+C%*&*m z$q3(|Wic$!tLir}Pb$a1AX*(iH*YzKD1_P9aeVZ*pS{PMbHl+U+u|&@sV4Ti|Cz>l zx{`g}7lHZ)K>Cbg3pD;4>Hgzyq?<&X-$*%eC&h5(Z5vjVqMJk-mzUiAk&(P&W*^fK zv70(}^rM;lq9$_mQ*JQMp!Og*>FrnJo(n!4$-GzHZ-9+L=+lA(xZj zNNnEOE~Uib^{6g2N7oxYYLFfGG~`y(ggV|t_a_q11CT^Fx)0GB>}f<(e}Rv&^Y%$v zZ`{xZGYd8RJGy7S^VaT&AH;0^^f@TwAD<gdb)h!EA%AFTqmnV1wx^_e*va{Qm{UY~R*l4HG{Zrz^ewmgv&+Qe;>$TnwQGZ*7J zI2cor%1|hor1s-M;C7syPs1;r+oW;qr11;#>uATX%LTh>Y5UeYhVY91Z(*<4o|yGE zbmNxZ23|sC2I!1WSU1MRu@ksm~9*(vAE1;qaQz6@{Vn@9Aa` zm_5IOY-~FO-kxnN?6ZV$I19~ecu9_Up)^0e8O!3mtY|bYaWroG`^Af0UfSZZC4SJ5 zl9+({{!lc4NOPN4d`uL*kK*y&KJ`FxzM5)6{m6soYlH;H;J@xp|0Vs(Uy{ki5`X%y z&ZpYxCv+Y05PH(5qWZ7P>0h;4BIG%LgTbHwpO;x)sNlguhBM!9C4BsvG~J)=Tf@jM z%@~daAwuh?xj}jk{Bc0St$M*lFJmpkegEDSkHTR7In-|xjOfimO8=RT0@<0zpyY5!5Qj@6O*nzxqzqxHGGBRc-3@`5x#<>cvrKFyV$+g2jzFfdJ z(kEYxrq~f~o+AqX#3?BFnYKlu$0KF+Z0aum9rG80skg%rtJjuI#y|!a zxSexNIu>#X@iQke`%q^R;p$iR6=zceO}y)apDC@AeV{|ybED<2IrNeEyQCnJt+)=| z+G=wnI7|vfHcDH_Axs#_>$W|^(kWH^oodG@yTh?01O7-Ed5qe7_QqMLxlfRu$q zkc0Sm&Np)4dRNZykP6*mawhZ#9j0A~IIznFC9?+|)Ers-dH4n6V5in3(d9ySn(d1f zN;33_Xr9zm9HL8#k1{^sir1r`LYHJFg>HZJIxv=nBYXek`k4cT*r+%mN`>`?XtQ1I z9L1dX>O99-T_7HM@o`^76U0tK6j$^6{g~Ju($7 zf!Sy840uq;7nrZ5+(s#+W?nClfhJ1=A=JI_(s#yqIpci#(xRPygNUxZ+?(_9<8~W(jlFe$UyofAlcr0?-}+ z7w@9jBpuWe`r^o`9bPX5Rl~N!)!VXC^eA@E8Z}(Hn(@>Q+`S75#kLC~|7gm5cjW0# zuUnIRBP4dD3q@2#;9WaiJ$AJZMtGe$yS1<1Ypn3BkFXpe3vULz z7$jU+zQuw+MPmmPoi{!>VpO;$!ACfN%`XP+IID8?ZF!-YH>WTp8KywK$1ua*D)4; zA$hp_JG}o?qM>;+Ggw?l8P}}{7v{8S;%@m{7d3P>H4P+)-8kfM)+(}`9KkO?J&!q} z{w;1vXefHpk#7(%ii^Zy66*0!iAZYzlwp#kPW)NcJ)VPWZM>o#}!jkH68=wJA1>hF=u*L?EA^B+dB z>C^JA(kFR8O6XZ{+G0DQea+yX04&UqM*Jj=+HiXeQT$%%x-7&`$QPO`kj~SL!5_eO zf$ik2b9=e!YJL}!)zI6O#ZZ#kMfr$pa&62;6)udtzl)I+t0O1YA`A%;1HX_Jf<{#L?vs~jqf*7^>M;) zB*W?7NS$W%W;0!h388s{RJ^Aqimyr5sVG?JU_Mt_RX6$$K}p-dkKb6pI%Oi{UvTga zJ)9$kS{45VXX1aR5fSE@ziK%C|A9~}+IJ}u3$kN>r)621n2}Gzj1-8GYXB0xdxoei zH~Z5;lCz!Jx+k;B6j^6Q)hrL6nN^@VnS>kL->Sob11HpdmfKoAJk9^KJUojPPS7$5 z(>VF3>cPdu)qd!BnkN3QUF&BS38ZG9OOvRLxVeGdWPsXmW-J@Bj5knk&lZL4k6Z~9 z(JywAK5SN;lQ6mcVi({VVKNcQM=*mp+0u7^kQD@Zhx`=}-}>br4eI{l8tVV~4DV+* z!U@j)?{l)Jhr?&_HF-?|DZa3fTvb37hfeBxu)W~ znw`t&WS(+&!{5ww=}fX!x4hoO>o#zN=G9+(W!pFvk+cok()HYFE zcY~)bjGJtQl7pKyuhsj;%(1?i5Zkzyz%v9=e~M9$2`W$BhNivQ+GXJmkR6!YsM^Q$ zZNzk&pLMfMT)c`4Xe>v)wV_P0Z*5}vI3-4Wc>OVcR3_>kNK9x{z28M*6R#Ba%k32r z328%(qm)3npZoK=j>)~^$;Ye?)h>;sG3%Su_u|*G$doH#R$DHp6oVz$q(4r&1Rm01+aW3d-B;&NA^CE%SsN494Mu1?(?3*-jvO zM+3%o^O{84EpNBF18gSr&TeNB$!eI|$0-d47ug4uS5$?c%Z03bCh)}ixWa5uEbaY= zZ(o>LcJ5C9Ipt<#<{42ADwj8=-Mh(fBP4a#fqsHDmY()j(K(O7yixYn(7F96WA{T^ z1+h|k)yTnw(|Bx;$A8G~JcY)6+2iGwatXJL*n;Pi*6?dvH2u?FhH1mKT>%i$ut2v5 zi^3bms*kHRv($de{Blf?q$8emb5?J6IM$u1I#4V3t^(E%#m473K7Np>t6~t$5_l*- z&wk4CrK>r3tFoIs(ZyN2v4g^>@HRyEow021$SE*V>viOzE5u7ef{X>-`@k|GB!{wC zNoMK9!#5E*Mg_OA)7WRN`!gl-&gh8bLu_->qvYml&mhHhGpme%4PG=kiDg(hKdgli zOhjiKAGW)nolm)E?)hq?fheKGl6lK$*`oncRji9)#YR1noY{S{eQ~#k_G&g?-mP81 zK0x76S88gR9Ycr-WU(Yr9FbDLlzh(b#j_!tbHaQ#=_Ujh6;4)OZUzfT5eDmabN(8t-md>_=wK>#QKIvb36Lcx=;|IGk++#lRvA>!F!7={=i)0aGtC{?|PVtv+ihR3!uh07@d zFMq*?*b47&OC%OD?NSd^6NcCIZN6r!kkOycq%pTa&g}>_FyE=r?v1&XUreD>G$0px zmVL5GlQ_3$Gn3u^+;L=V(S0&#QSU+H7NKcPEGI(0)0&fCe0P8KVT3Kta=rknptH`? z&-HD`n%VSh_ZD!s64p3>$#9Jy)-e>US&D#UCuAzBZq6R4cnj~X{7$6f3}$^`*DbH~ao zY4Oxo;oR)Q#?t}38_c;(-dA{>y!E~DaWxdiY zGuzh0PRp%Xz2m_|tUaHrsj|!M!TKf^9;_9Py=^*dBUWL~G_HS;4Cb(03aes5JSRpY z&~xD$ggVcqNcNZ%PDqwrD!eBbh)qz&OzKA-O&qwj3X1ge0DY&(O8_pFtPxtyQ8 zE&L7G*%5w@#QC1A?j82Q>hqku_hIzY4PB&0SNagHKirObIfZFkQuFSxfuLf*bSo*D zQ2<|_U_-F=xM?_^dJoXFf=3RE)mM|+PR#vvBV5loZR(oh3w_jCEJY)W~6~(Xzfm1c8G$JH%dTX z?6Sfe^e@o04-=wy`qXW%^Wp?l(_J5;`^KR1rGYYGOh4g+|RJ;l>G1PBxJGR?>Lq8O5Ge>ziaex}Nm{ zrL>O43DuImCB$Lh1QSwvtLoR?MOER#V#CU>yJH3pOsYw(W+kEWd+8{R4fR^omE{yC z=>;>9Mf)SA$)u?ewzm=vmG;L#dedIb4UP>5%Z}MwZ-FfoAkcV5>}x6@ZNE^j#V8K6 zIO|ddtBvkF#dpZ6rE9Whle2cUJmHgQ{GED1%@7P)l3r0^UI=?s~9 z{n~vBG@Z)t`k78S{G)kj-G?5MDuUUahfi&ODMagI@^xbJ?Q9pi>MyzBE+mK=^GnK} zjn;hv@k&@q8v*#clx)@Kt7=Qi9fKMq7|;2~bn<@Bf*s-7+=otgFWS58lqXpH`HNP6 zZE%T`vK!^_detmRsB=pyag|tHzce*O-M~LI`Y}*)ok-p<`JD3+7}?U4e?$(oaOXK{ zZ*p%DB0jZpdWdQxgWs&^oW#$#!gD>~5AplqcK4dPLv+wH-6Fu~k*ODJKqn#>&7Wsq z-{$_Zyt|F|#EVDxhg*A#r{avT(}P-GEp)H+cD`HB_7U(szQE>DgNyGL;zGj)cZH>#C< zM3GBRMHb{)DGX#BFeq5(o7bAtiY=H3DS_JdBx?O(zM|mGy@QL^kMd~1MD}c%hwbRy zt$c#L@V!&EsO)p_8>1>X@o|xsy_da3hxj52p4i3&t#ps_rFI%F9`^(naBwgZ3xc*4S_aR; z4$gq_IKpDOM>u)5mG-({^%-Zd_GINS!#}08_NMKz@^&E`-6FqT`AAGONeR1fSQtkq zXqZvE@|gyZ{15itJE*CD-Ty@q0i_5ky$Xm*lMbP)^rj%a389A`dKFN5LX%D?(nNYE zRFx8XhY&g>^d33_-<$8uId|`K=6v_r_x$$UnS1B_yRufYCRthQ`8?12{eB&5)Qvr^ zJ_OjJu`^Qy_pEA$hBrI!)*YKOL`X9XBJ0FyMXLiV5;*G)+lgHV{WLm)gD+XGUrl|# z$?cNM`eAuU&CJDR`J!J-?~SaV0o#3LI~K?W%;C|a#>L;-Tg<1txT1vVvj0T>l2K;j zqWQ6J2BFICDE$t)M)-crYL#%=gGTXk9v;$zQ5LdQwB_fKoGv-Cz&(?SFQ_`*d$D$G zA1yW023bIUPrdesM|^$eL&)A~Gm4mfx9$Pj2~wmLk55MnZA-d3dQmT|8Z42MuwmFt zg^1{FC-tI`sVyzL*3b#80d6UO$VkN zdA`6g@wwPuqLpMYi)HK-Aa1~>M0Urw(lXRqFL(p@VCQN7v8E<`AOF`qm*z?POT~^8JN@0 z2pHknujnG4j>KL0NJZ7M58vkdfEHEc+9!;_a=r>FL)YH>;U&i7Wx7f~?R2T^U{|>AC|5ur@i?-tQ`sGPA7BRnC_S0LUHbnnh}d8?la#f~6z3cZ%Mwx@vez17mvY_CQAA zaB_Gp|1dBcCnU)yBSmAk*IbaStNc<16Pg<&GH^T!5L2*8b)u)V>v2>pjbH#?oY-|UcQDF zKI!q(ueLu1=I@(^iCXd>_HFSc)ud*7-tC#9X{W75h&R~`c;#;89>1Y9%#bnV^uYIZ z(*FuA?o+mwc=C$7856et=@lQ+gtNddYSKxVUU~|# zO6AYVW(TXmVl$E&MQZq*CCSn#n`%Atx~0Pf9g>n!oLW4)Oh6GoHf}JsC_cHXujcMZ zO~7z~-TeI+on_Y5Pqhgv`zemhBBv}%fN+_KR=qLLEz>fU%n5;4^UBW$it5^0V$< z)$qjT!1`O0ScXgCYAXKPExi)KHNRQ!DX1d6+?5TH%>OC-t-^T@jyKLoFd@!8fO>JE zg59dH8#NXy(LYsV?#BVQ7~n!Ry>}quZQ;MZZABT#O^Dw&cmY!kdgKkrs7zxso7blq zIb?sOGyq*=+Px9{5S&}VIvW4Mw`v5nDV;iic1xr6Htq6j{kGdr-qI!9G~k*P!(*8_ zjb0vPaRcCk?2;SyXi6Hyb)B1kUHBMg)DW$Vd0q&4;~ZJG8x9*eU!v1j0t)fVvX0DsHmifddqCLp+OL3(m8Ae))~&rg6)lWWl97LnADu z^VYfWjG8SFHCN6kc3YVNArYEU!6V_+`nveZ`nB?;^~&I?`1A!-@F@~r=EQ`NUK>G3K?87-ia0UR*#3&N4&(5o>TUnhbEfFw z)y-;76au|t6j>djzmA~K#Q(^${lWPSOOyPNAnvwhA_X0gcrhoBn^-!o*`-(YOrzaz zHAl&ss&-?nGw*xix7-=Dx=f^qFWlB~X{ZL$dY(VtlB%%eS5<|1FIaMP4f@?U3W*O! z95N{3?wJ;DtrpndH7lG5{}%;fRtc+dXTsweYo{{{OvZ0)Qt(93?6OolN%4Iifk9jl z_$%1?cg%CkgT1o`^WAaE4vVGOaBBm)Yd3Su>uA$oYv=6A;g<44O%0_2=P{i$_95bY zuVbOB86>~v;0(jytRLOgWC|>5&JupG9EH$Yl{s_X-h^Kxt-=Py{njmD>Dob_1j@A# z{Uuq}4qsd$N&F3NW`HW+w-r}uDBP+Bc4#Mj(N{F#u`ExX24_wOQ89Qc+)DY0z6jP0 zP$!dbr5}Tnlw~9xO_o~#Yxe3fVWQGT9(k||AOkI%5+9ul%WaRcocU;-!H&0@)U6Sn zg-pOya{w87yDUWX;@7ExbkS|5x{cWf=T$t>LKtLm@MM1c>@}>%+_3Y%k{>({P}Lfo zbLZFcqBU~MAChdmim9SsTtB1RXEu|!{YQ|@@1u0;Cv2bBPbny9BmRZtC7fj+muXfL zxCsJ@*jo6_9ZXd!bFr-{AK?4!-2C`&b0qWOldZJA`IAl_)-fH zXOP>(@P6{)n{B5$6J1*@zjoI}J(&8nnpK4gM$Ddi#rEAlKAOfwN@txa9>O~4VQm_g zPc>$VF}umN%$!Fh%j4b*;c6DHmGZ+6HJ(8Tr|Q^D=naSXo5WLb2C*IhhOwF$>sfpM zKY#}Q69Ju^=<A7g!M0o z@=kpjS_@M#ui@r_<&9R?K}q9Cv&rxH=zWWM=jMG02MmN9n@pz(iO?;`Hzho$XUBzB z!~!*1$!a|%`HVbJ_N9}n0`=ml8*>)%qb;|Eyj%0di;f=1G38Xems1^=;)iUe?kGl{ ztsx`^VjVM%Pz?Q<>te*FdmKYJNQ`g~3|5g5z!d>cbJ800F|(@{aFRZH7C9zp%(M~O z>;(31(BNUW^*MOF!qVd*qx@R>3DL{*%Q1D*-m+TNz%E7Maq;~x_1^WT)Y7k%=Zi) zho06|7UEpS>BMvw7yIr_;cW&aW&tx31EOS(~N3 zDm8ZLgS$!OOAWpuMrzo{2JiQ}_!Y#DDfz=L{N{qJuRwAJU+{%I@TSf2HX$c(F;6eTOLg;+$$`kT`qdmdeQ+0&33KlEl&;KKc2`#MkC!7^C7R@zo0c6dR{P+aueGz+Yb? zUbwYNMD=U3Be#gH5^fm`?TI&k@b+dR!ZM7!Zk1bzKs;7t$O-tx1ve{>^AqyJ^x%2+S`#*!R!W{4CKJ7b6r z{UsX(uhf@9k0VohEQZUoT-oF#KTc9i;aru0{v0Jq=`R_peyixsqw~PDP77LF?Qh1v zWkovcIRYZBZKp~76R5?1IGp3u)azz6yvdzQI{<$N!KyXs@i+BrX;p$B4j>h-6b(NP zMhJs1l4e+P^TxygG{Moua#ioB@|vDd%3STZ2`ETd?yI{yjCtiutd@Q-YKbYmo+1F3X|bw$rriI=mP%6egTZjab(+1_N1lcoxxI+F|8o5@7tC~>^q#u_&(_2_%XT%y)*F;k(zFSXrrzR5B@$6ed9bFT(fQ{ zkuR5CHZm_|3RTH?);fuO3{&y!w>BXE5JIBH>&joF0RY{Xz2t)PpIG%Fd!>2iD@f{A z65}s`@uP6G(I_fP1~(`;-12(Q}WkU4C{l*KBdnxCfj z&>*Q&B;m7uS+D8tXRf%*h_lar{SO9~f0qdUbwJYp%Q(V{;%}<)I5X2-fcJXHfTQ2J z@P3r8$`r1oru;!XitDNVBSSRgW#QzwXub3LzAa31mx()?WlPNJmw7gu;ra+TjhfP< zM&kASW;^qZ-LXk@VYfAuER#l(Q`29fp7CMcK;P1VKlV>>xped8u0z&TD-<|`^V2?1 z_<2tR=clFrcR%gv-}`C5c;Te)7R%ai%sY)f?@Ir^{Qe)1a9Mw|LmNI)WE#s-I@=re z`#XS~`lgzDBQ&`K?a(BuseudfaJNiO;SbJ-eDtWg2&sMJqsy^584MY6KE4S@iv93Zjg5*4(7%ri~SZjGxJkI zoLnoyjS|TC#;fY_+&F99^T?Q8@jcdEmpf1!N3aq-z)+)V^Bj;(c+eciW^h`f$;A<& z(rfVOun!2<3}Im7k+^BdJ?5`)hYBq%cP)P(@6?5!sLs961<|Ncv1J$=K1d!|u;Sy2TePo>ZJbZDsO3#gXCz^D=>_x3 zUbT2J3w^xX))Ie4FX(?^ehY1*=-?GgFHL)s*)ucHoA}e3Hm1%Z&(1(V=j`M8%sL!u zGqAvCm!STz$A7`lJ!kPWNLP0$r@-;V7QKad)k%!@y*h z=gqXw^8H_)S%o}>y1lxex!{NyPJSy1Z+5D0sc`32$GGE1A(UzbTzY4$mah*Zw>lMB`H-gx3%xMtkcK-yZN3rkZ zTFv8XfUk4yX<1l&X^%{J9y}=(HK4#&nv>ni!n-e{=vCYvW|J0Vc%js0V zhN6Op41K?CUXJ(faGt=_>~GM2@*VguOrrvvMA_vfU?&ZGmUu4iFlCBAMKCo`+p z%q9UMu5FX9w0bq)s$eq02fhi74wZ;#_ro@Anox@$E)Hy=Z0iHeU;NuVL-RazeH+xx z%@X0HY0H))9kZoFZsKEoJsE{N&THP+O$+t@FPcrP_I}a8#xLM}sp@IpI;WX=Y<Jd0bDP8Lgj!~+b+32=t(Ft~)Lach8%O8>`PY4R+E%6>WrooG2gA-*U&Nrk+*@*+KtM*+?4>1_l(M@ zY%{WYwoDdoUbTqzDoAr%K}JC{=U*{E{;F~y5bV=iL6Dc+cz!SO>!qF`xvG0tOQ7l! zGJAZ2AGuWbrtdT&Rn#>4aeDPs=pFvAf!OEIow{Pcp-n{w&+~Vs) zKZH7cr=dba^MPY+gC8|3p+9=(t=uRT9&@cQDHv9XdN5 zyd*|!yr;1TUpmAOwgq_em>INHT8m0aKdFDn{{>E&T-|ps z(cU>glJ&0#@fsbq-PBbu1ZZ3lNZ&92w&t+XNpqF|s5&PzV4FfXZiY2XUC52kZV4&o z29hHMaQH4?jwNfeY7uQ(vX*$aylWM5cwo#!fC$Sp7MX%~BpUVHRzMC3<_93iM}?$* zXQRp&hi8y22Sq&28fH&_x3m{*R+M+iDESHGjnk&rf9nW!^!5Ku9!vVj%Y7|*^HgrO zmT`*?$>_srV{R9@-6u{WRr(Ww**4ED=2$aL7NJ@D9O}eF;+IL*64qMgdW8O|bvXal z$zsPOkX+DMfz90&@C+01@u)DFChPR_atF%RUn}{&l=-zLE|pF|vuDgPLzw+LvnpL* z_p246bl2X&WQD^6?^^#MI_y`SQ8-mxBae!}(hSs# zbo0_-2MJPBO>cfL^kgtQ?vaCGOf8I#Kb-yWWfW1F-oA{A5;jE)4Y|c^tiM(a-c=6j zDnEtn#Ad)7;R6Tg8idj4ttyv!VXxA{txZ6(a$!+?#j9EY&1esi6l8)ypy3g$a%p5b!vLaq5nqOazo`@Jpc`-wq6Pg{9&1-~3XiM(?d?W{n+u3%d_MVC! zjx8o{xl!eUZk4Bp5r1obm{@xWeswu4ShrFa89MtcF@ibLc11rxd9koHAlH(|0zg>o zrhnllYKP{Y4$)wpW4F`*YecYY1TR6JwHgHvSz*sXsikcqG5WobZ!0yBfN*K;MwZ`D$X~IaJz*9!bW&6GD3Evrjh@(-%HH~2*HpO1ZPgTXdz!?t;xHm>-3-&+ z*d*%3W{a0F%rG?LNeEeZTP6{ZzwQX2mAB&;J4Zb?Us|sR6$}!N#4-I+9FMzN285Dk z^{Cnde46-y4h^B(MqSYap%H|kpCC;B*{}+1kmx5SDZRwOm8wRgNldq3(u|HX(w{sd zJFxR*)8`1v8(*Nj9p89wHi^u zPi9K?^AIr!vKR53{M^7EWyA`h?0sY{B7TWA99yRf@yapwxETIU{{FwMEe*1Aw$*IZ zG0P>{58s6$B6!6=k4XN3_r5VuwcYzxMMZgZM@I#vhi!CUf3YK~02*efzKYYDf9{Co zi$7%pUIn6I>zi9;k97ui#a!Q7zUXD_8`rNei4BomOT@*cKTr(0h0D6BQ>=T_#qWKR zJ-hiESMqlLx2N?_kA4Y^CUmOK_^sQ_ha8oke!7h^d-w@9umiz?HRMr2WDSBGDl;z!5ZCwxbB<8%o}m9tM`AixtF|(Xs3uC zl(NeD+qS>6zUzK|@NYurzhG$Ez9awN!~gfI`%j4p|9jc|=?(bj|1u?nyAN~rPiSNB zhgxlX!-95AdsfR-h6(-IBKKWfFR?tx5ypKJ4~lZK3`nT4-eXf>On<7oSM?mVy!_(~ z6uoDGpe(t#$s@9q#)Z+{+6$>607hw{m0I&3Na@*>#<<2f&8SKyaU6#~y(WKY75abr z!ao%0bK$`Ef2~|mNYz6Y=><&v3-6vdrA!_7JmU3ZPS>P{7i#GK*q(lh)|(*L^23v3 zGbyw9Z1ORm7MR$ldb@X71MlM7oGqPPn0;>fdpIfh>(UsN_A;%_d`HxanQ%2bWr_3_ z3Q=kjN{mqENt9GU?Z`?pSDq|`1L+I@10sfkwY^$~h?s*c-qwN@2I-`-k zP5~K!U#rcuQFwWE7WnA{;o;goFX|%pi_h|*k4=7U0HOUv%-~3alj>j>#zcc&Yoks7 z_d6x=2Y9@8@dKRO9mBBFWSc+mX8yqY1CQY#`zFdTMgx2+JohoTwJ5(~sUMobn=8iw zmJsw9gF|LtucYenYS@6vR9V85rrP)E8>dS35lpvozx({!A0M^_K-nH#i)$C5 zx40QEYMlL^^jVRnOuM@~s7y(%_ykd|cmB{fskn1^RMT9iN;-A^U6)Xw}WaLQhnt>bLo-NPW`nd;mP}`!i{-U&~=sDM8D7taTIl;Gx zLnB?AMB-rQJ+l?Og3LM#OV)nY_3N(|vGDoU9>fI?Uh-v%<02OTG8bS}Z>wp|>o%G? zUB36mC9eCt_rU)uLDF`|XYm_>p5CUhu(i37X}0b1SBFQYy{62M%yV1rH#CUKI+n9D z-u9Gzc8Fivj*ZQgnbiu~+m779rGRtt2Gv(D{_g%&IlNNTv)W`oK^|F!79ekU>B9mK zD~phI3Qz2_&ITNi?+}d96dz2dZO!;=Ca8Vh{?M(=@U)J50M}olXCXY@M^4_Qrg%Ij zKL@&O^pK?GG>D=Vh_`H>{!IyAE_41M88LnKV1z^+$s+FDmpCeJbUrJ>*>7Cs{P4>F zhD(tfOZ_`@r&;J-H}P@g4$yFP16fPH39&0amc9+^;eM_A^UN!fB}5gcXW(V}90y+$ zi9a4!Xp2HD(R740Lx6_TtDUZ^M&+dfZN`hP9 z#HEk@w1xwFA<&@ax~{Rl*U@qkygr1c8d3S3zg5nz$^e0X;O$&5911=`>y=21Gil(f z#mF7qQl>vA@oc3BI;dRkZD--}4 zCmTS|*USv%UoVWrBhNlKK+K~LGq}MSh5iU%rti#e)s{=0#W;Uz3N~C5Z6qiP>6w7B9ggJ)vzUoTrrT zk-^_#e>nesr=cwGvmJNNYh|13;&>cx05$bl=XglKSb=li0Rtey7W!O<(ck2^;JGZQuN#TR(AOoqw@Z$i(%u3o;rvEb{jR>Q|LB zeOxbSEkxUg_k3}_3y zmB#*%J`u--n5v4pj&v!{SvmG4ieb@MfllY3>^V?NKmc{D(W=dlW78l$^?2za8D@() z^)HkNX|cH_hFgS2_`a;v(n`ZqZkuOVW1?wx_h1O67~c9VOz;Nr@4idppYvczF|zy~ z?QLGj7QNVFb5xJ`WgRR3zU)WBRr1sT4=D*4e8OvR&cQ{n&~R+Jv}eq+ zX@9#5bGK7+vy<`m&BbMcS4hPHD;C_idD}=52Ok<~9uqm0y<4aSS@OQ2Pc~pz`VSjT^oPe8n6F4s$eX zl!>0azunJS!r~gnISI^`=piFp?#gh^zS;@&FHr^zvx16!Lkka1O7sV{8+&rs7@ky^ zOy(rEi!WwpDbr0g$j^D8HC#xs&-C^Msbf5vfBC$TYaMnk<{oxsC#`?hk)<%4L-@M) zfLJHBtqftg-=$IKFw2qXZ(>92)&i8x7Epd@xTsl755Vsw5+bT*8UrK*W>$Q9X<0?{ zZ66~w214ogFMZD17s`oakL`6=x1DV-I63%cvAq*|se>ZIbPdz=(cud|a-);VT9olw zVKDh2acGuO9yEsh!YE9oN-*KfD3dT?1r}o{4qfx3SA->c`&RJT= zN(hl^W8~9hg)VyKqa4%I5O?>-QfftSEsmy}q*QiHz6n76U#h>NWqmm?J}fR_lar<7|V#{LFe zI$YYxwUxg%Iu;Di)LDFh$^af`9$!dBOoQ<-p^nF0Kw$O8LUt^(y%=jn(#IwrnyryO zOZJ&q#B<}(!awj7Cobg1M=eWN1uu+mG{QC7X|>vTcEY-%N0h~rZ4^-6!liyLx3gP(yy$ z!J}IxNkN7+#!>{UKh0zD{lU_iK@gR6?WgQMhXh5;Ei4>i#`=O+?|V}=J@tD_%bJh? zrtB;+j_>v=y^hQtAvOmoEw7E&)z+#CpvSiC`?dfJZeFcLeZ*9f>m%&EbRW`w7XGlH zW8kc_$1*q<`ecNhT|;Dv{(>pX-&-Em^M3Q@+m_fYPcNBV1fz$8< zBlhwY5yjY?5%)*>Z7Ev@j(V+u`|sR`^d9OGstU&#nb4OcU$E{9D5E1>7iJV%$*uz0 zD~f-{_8RqAV2=s7-Qfyd*3UY2kTH&XF@*6|^-w+@7tDNcE&U^d9rE{xq~4}a(=EvY zUV3NW2-dn6y`xho*Y37<+9vNv3U_4q`{;_1)Y1;T7pHSbsw?8mBSa0U32V+c0$j$xli%@m0resq)zZN zA(O&zmlb6?087r;la6DA@i4fs+Q;FBX-x#+<)CZbskwhx$IcCbK=l$?cz}$pw~w&9 zZ8|vI`Z{_*-KqAA6S_iYY14iVgx|s3Mos_)t7=k{lbzTRzF~pOr=Lb=W)}f;jUh&l z?0aT)SVZ`QnurW|Qdj(AZ|xjRwKQYHi@x{GZcAqP>Tx>bPqea5pcD-Abeo^OTI;%B zRNWIq-#rlCiP$4Mp~}%*Ub2WN?H{>x_fN z8F=V?;GX}%cbId+(*a#M^4?>{fXkx-6%T!>6UC*a(0z!xzvk~?H^M?@3=IYuGv1;C z7TIKxRc;xpjSot4KgPcFGBvfZTv4F;DKknQyobLz{QAc&yOF>2(Leq_0^KFXQ#|;m zo}B+Ke)tDF-}^@i4p&R0%Bo@CROa*Y$*>+B+eIdV}GDbARC8 zTQ?J#37^utV2aEk3-+=E#ISmKQB(qT=LL-+lWM7?7@lT-Zab6WlqYB5&Haq5?kC9R zl~Qbizg_GX3k$Egh#k+f^+b0$X?L>TfQU`a$r$E?^Y*4}3xM_sknl>HZ!fpx^Pm)4 z^U$^3{4OVfU1c9gF|tSD;x+l*)^RN!JL!*ch&X9ngu;uGqNYIqqRIgq4P$|k8c@*_ zME`umQTdrJMV1;s!j97saE$y6K4mMA(R~@zv2wHZcb^wlPAzl{-Dp)FnJ#S&%u68Z zGA;)(iU5q-1<&i1I>bFM?(VBwpL|{F4)G^dY#u31;Y#YCXxs8B5tZ+2V2fV+c<D>N4N# zKQ8L+{n(F)wQ44*?=gF;{>XXBh=m733>v168yjO_@br05M-)oTDckSA5a`TdIF8kx z@;G10Lxp&M;00SOnWB%x7X>rd-E7fizJ9%9(@crIa@oItIbHI1G(+b7b-7!orm+hW zP%11hs6$E8B*$!nn9VjqK-bx#Y2kB=Alu*+c>1Zs_)6LPUGZ2@>Z!DC`q*iU@DHEk zW0uE<%xY^pCQ*Af-?(NPRGury)Wq%}NGi;2d==6dEM4r_WNYn)4%dMnB3=fC?7_++ zim5o6V++!YQ3(tkb}vx^-D}N_XAtqLXiXNABSNur)RQ)&|vCxnYN zdT=nf-{YKf%hBB(#WrcxXx4Q2{~iv$f;)FN(@nKt zPw0+}Vt-n0)W{enoqv~eT5eXcu4z0s#xim-AxNoG!m|l|<8GAkU;vhG(XZ>hM(sA= z-5yscJ2Ud~4CX0KI9qFpW9JgYhb|OidB_1wDn&&*)%T|TcZn8*zwbbK{f!)e2k&&g zi0E!-mV?@96oOY4NM$m{O?VzyU(OaXP9$wbp$O5AKh|pvAeouw@t+gAB_WRa4+5be z4QOrhWyZshjODD=wA(eb^zv#Py(=JZ$lW%v%wKpT2O6zXa)xi@`b*r`w2K8y?Eb)0 zQh!}kBg(orRR#64%EDJDF$RMB)vOkUoG^$7`U>ewy4jp#(%0eJ_Dt6uyL{mFUFUiD zcvM3XU$#lP+2{#!+~$3R0Mb`J*|(bk*+%t#4y>uzP(NrP(psfr(oRQ?74kHookp(< z$DQi(dOUPhow?g}8zt;|Uyp!86sJAHiSK8w^(~;o!tX+Elk-$?^C=i_?(kYmK5PnvY8}xsfPqyc zc?^b_J5XCb0jbTEmhzAd{ zKcpelVEW!RL@1twpo8zUi8xW)8Anc3RfNV`bUXzcGfHN{Jv-#+(ADny^55U!AVs86 zV4h}rnmp?@g+hgaye}|>oL#-xM_m0OCWCdq6+bk}zQ@7z>D(%8u@e(8&h3P%;t9Ts zvZgKVm9f^pAT##M7yf;RqAEvK1NGqDQk4kE`UtMN|9N~NS>)Ap#wC2&k7xI=$^47=lbzhHcHU5P` z*sRv-B4c(vb>*KliGe03DNPF_%nk4kvj)|O-wLN46OGM7h_{=YmHVzdRxzRYS=Ryj zGHf@z1fFw$wU|F^S1Es0vTasI@O}8|TVae8^bb6J>3b5jlKu>|QB}6cbC>yS;)}{_ z`XCNXQj#(Arf`1i{x{X80qGi)I}R?lyVHlI@ea=tbk6=}l`cHKxf`yD3~*3$4#|KG z=|q)Cxtb?MMMPu3)&vI%ItrdcO~?z ztrgI`hhw)`|AT_-pQy?HwhOL0`|CK;<1L0#oEKY@&o$vsFLwQ^gY2JP?8dMV*@fV# z9@79-r$KIafidUjCT{t>3_kv`RrJj0vp?g|bjW9@q^Hbsd{gLSqgy@K1O~m?F!V!; zoolrYad&%}l*j%J0CP|>`NOP4k3Y13*~DIBg3{zcn>ah0dFFD0?3lYp4Fy zd0ESE=`T&FL3H5L--2gGvx$weHq_3F@nBhGF`MakeBW4FGwSGuq&^FKzbglKUTVXQ z0&qIn*Z4WV(BTlgX_gH~Ygb0mgz#cE1S&YMkUzPgXEZTG(-liv{bYWJDD$Fc8hKF` zs645s@j+1R9;4)MDM^80Mo~=)DRW7diR71l!CiYRz@V25hQ>jUB*h8ko721AwHrcq zV01_an4GEIbT7xHe;KFK?=L64zQcJ(qBsBtiJ~BoIh_KJA3FkkLINp8vz01r8sev$ zGSYfRN0Q!gILUt?Ef{m&{;Q2mbtO|GYkkq#FZQI-Il0{_p%C;K%mHN7=2YJ(@gug6R>REWcv9^*J71RpI=A|ezW9JG{j$KUZe2ojatt7 znVaEN+weK|nC$lNbfghu%5lI)jjx%+1&t}uCvUDxPtO~cIT zp6%AgpRW_y34Vv!Oat2~N0!THHA}91h=g4|pkx|VRbyy219<9(sKAb*7=VVw>z`$- zJ@B&FjIb8r9qG^d6N47GSaaZa%Z=fAe;Psus9iH9Cjgm)$;|2t_d7 zDznbByETjrVy70h8F6EVfuX6J(eJ9)IC-Eong#SR$+^+2!ggws(Se3o#L;PEIHlEi zJx$CCXODD4AFM;ls33sIF3hOvW<{#s)tTQ*AoV_V^m@t%9sg5FJM zFqThx$#V{IEn$tKkrJy#wcAJy!Y%4HKJmzYb!!G)EeNVaB4($|JORLVkx8fdaOtvC z@vVDONu!LtLoEHHl$zj`NRG@Rd}b2YtIn&YvVmY z_H3Nj3J)che6?ZL66*EH&0QY{n)@U+?0KZ|y%<~-;&8FQJy!6I8n&>{cKyd1u|2`U!k!UofZ>YMDJ{(NrnU6pTB-1eU6G8^^!)j z&H19gPMx!Fegpi%b*Kz+3#%Em_wRp;DL1Ndpi{g3uGrLFrehliCDyLWE*(I_QRPt^ z6*WEvPJR_i9YYVPxux;vo=SiHFpv4nl2YFZ%hG)Lw0{1jy}q>wJ323ie%|JI7;-fwg|Et`<)2ahI-xi!2sF24 zxfkup=CV5H8ixy6dp;{Pb_R-$g=`Y+zqPhs`gUKpbBwxY+9K>OIKhs=eTu&wHzdZR zRKiPA2bG#=l3SeY!G?5`pO?t?C5Vt=hO>0LaN#?JGJP%!3qn#JRd7Z-XtR@~`p$c` zD)3`(6DynckC~qNkpmci{BAvpc7~4&t@70R4Z;)GtoF@KAP${@=2zBJ)HzmZX^f5e zDWT|;Xd)mnsQKgmWj^WWHHi}Q^y6CW^gtL{KbQ29)9Y%(bA3amgY$ep_p#F*N+OIT z-yE|JLu>j9HGfHC49SB%iBGpHp2_-0{==JRp4ac*aNYJzVj#&L`Kp~kpn z>A{+y?9JeVx_?|x={)vrynkZ9_R`0nt4w(&MD;5*g8h?&V5Wc)ody(6QM2T8(0ZK< z+_kzSEOu=?Z$>%+xsf5#axEBt4P4v-oSPYf znp9mEUr)=9;swgFH@psPi+G9#H2K322*pA{w=pYJF)joa0Qm%X4kL+Ov7vM&1GeW@ z6Mod2EU$z#?CK$wYiN~UE#GHzmXWvUR-G z*viv>K6$nxlcZoa0h6F`gjX+ZN@fT4Gm;URS@B;$OG}IkU|dgp10Blj_VwY0b0WDA z$bR3ZF)DP9VS(2#Y#Mo$E{8StY+3TD;Z&MocQ7QW3Im2<3M|zW-M3Du@boV*F>>FdN zC9%L;BFkK>27MHB@R9bfBb+pCt`M$7xuATf&n(%y1=-llUrKwbZ3q|kY|@cHcnAjY z5~M`hZ9QNmK4%t;V~ld90}f$!^W0w=Uq7nwGh&N&pj22%G|y>XJ;sWfj7vSViN*|J zsuk{9ms^^5VL$3Q?e%l>&CHGfOvMT zK)u#PvtzleZ$&_?*m*8MEU$KhLC%3v!xa6f!q$c+OUkQivx1A5mz<4L{@7D^+P^Dr z9L}j*^_X6IRWhzix09m(QK3>j68tHPkBMPwpf!{t#?pe)}sPN!AknC|fdEaFRzZWzMxp1VZbQ=WT< zQW9C`I;vD$%5gxJ1gQ?LmH3}AU-~=6p*La2q6J48;^q0j>N!7fqhVB<^b)`t3qqw+ zdAH|Qo_T)h`1-#T2Wv1O-#HTYdDX~n%PJjT-HBwg_#SnFeyS3YT!*Q(WYH`EfQf5- zK6K&w6)F2g?~^TKZW7_OPOFmMX;=pDe%)6E$i94eY#NiK%ZbEcj=o{4c(J7~HR1iI z$wiuzg1xSzaR~9GL2JRl&qI_wE22xH!`~J*|8vLTFD+ru`~E6D>CZmHp|{$*trlp*O75XYo3t`R{NL)j#l3cm8&In}7G#vw>f(ZE(5V52Anf zo-P*17#sw3KDog@nZC-tfDUU!)!0vw4z*jWg1g*S1CJp<ZA182fQ(ey!X`(uu>-GvtSbr}>D0@fpsZ<=*aa$LuQJqM3o(Yu9rn_Prk`dc z;@t8?Y+JS8`jw(BCaLPdClnMk{}!?k+Gjta$xf+BqNQxIreu728>bdaHy#ThrxtH! zR-`z2Zdm&m$UhnO3V~Q!mrC81);8R9Ks{M> zBSZvwn=FFx`onWv1CMwtKs>nix4z_EHhQZa{w72Byw7{)EXfH|p=BREe&25TH?=yB z(fO21N+$`N+9&>Ez&pOmxV$$N`BBz|?2hvr$jw+O1%dAUqL%?Oi|1tY^fCK~d%u%( zU(cc2BpZWqD~-U67n2mXe2mHn`f7CGB-&FjC{(}T1DG8c7Hv!(Ld5<+?>o!z$|YBU zEA>ii)MhCMeU)>AMIF)C_>4P@;yC^hrObrN$UmVW`XA;gQird{>}H*O{nv#l{xx)_ z`ug2YM?q7VqNa$Xc9UnoR`ORLP9)ISq`iVgH@eu~pcxwWLIcg^^ga!d!W^H>=67|2 zHbHN16wTBSD9!xV?z+!#+Kp5?7%^SHTbGkv%#J6W{}CD^>90l;Rk>BW;N{=eUR_ea z59d}8u66U_i;Qrec4*Dy;JF&czK*zQKyHa*=J~ipSW0LT21bAVI_+j;3zY+B(oOAL zE3@1>VJFy%0hNQk+rzL=u<0GF33nw`Oe6*zxgkS%hu}7gTcmV$*j>^MXG?sOaoWbq z@J9m>`{a^|RBZY0TcHb2Sg86&kd$;w{%$M#OtOd7x;-srs1TSznQ{6vE?I;!cXf+! zd{v&+5a$oP+sZE*?oXUE?8I7=i$?cKg*rJ(xDFV~h?8;!liZ7A;ALW>6o6e#Xc3IumA5+Jw- zch}$)SSM?pah|=O@jh!k`#ooWIOBc4WMo7}V9c4!Isd==x^DdiU^^2io*FA9P>7y* zTl)MDGoIYWe``fA;!Rh;c>w|2Ej7GXkxt{!3gbWR2l4Dg$5wpC!6i8~Rv;(be_UFu zZ}knaMiLU*Dy{^~6$M9XgkrdtyZPgdVh8<3^j2q#;B`mNE5r`hb6M(Sb+MfuwQF_Q_XAizZD|GOyKpk(evA^0Wb}7 zb<3~o0Tti)#w>7TvG<|Y0Qt+#_i3XVh8_Zn`Qa-A&}bmQjuwwT2v2G^toS5ZpGVMT z(%iB%p3<)785ahwSm%@WI)&afUWIgT+zS#iyrNxq4UKt(Qbb{Tw|-yOrTmSvG31nc zaK?!pH46@r7g=?U;pgwxPlxsw!1Xg!hiT`i^=$hiD7a z@0?8SD$Stk31J0qK}fT6qdFm1qOR;hlY)#Rb}SL(>LqT=x!Dal?yafWhGvbByPmA7 ztYfBrGldO$o1le*+FqTVdTZwU2hNR$=*`n4uBuxR{wM<-uRVh|Pm@^%o87 z5CO|PUO&UgD&CoIela4Kg3^>`k)3YK%lIAwsAUbM|5QN!&s;v?pT<#ckNJ(o~ zg8}RP;Y@BnX#*Em6cpAy8%VaZ7LuM@yB*h4AGaCAaMpFV z+dXyURvEKqzm=_KW~iQOZfx(YNEGE8Rv(gKcG*glQ0wWX$9Po@!*# z9P`(v=GRulk3hjW*G-=msXdHG@a2Pve3@)Gv~%<7>}R`-co(WIJzd`0j~5@@=k=NZ zjg_vOv>!BTF&di@CPn)RDmE222D8Kza;a%n7KhXxqLkKryGgG+2l z!_@?>4uEpRPaeLLFxmSdbn{c!G%oiMt##wcN(XA}CUz4~bD@X6?;@xk zLW4Z0#&)}BX@e~@hm^;%R$GT$uABU|BOFwi)RJEiERp5x4_rK>V;X8190}1|JzfwJ zdawX#t|!H5efDvC*qZXbU}!VaUgS~PQcYSFJ`)LOi+*2m3VzxE+2mV8$Y!W7dC5`- zi^??&H3t!VX@*7sO5MGTaHM_i>WAC#9mwl=-ad_UcIylt!%a;JTNK!Alx zuGO!fiz&P6JyM)K5%GxKjOvTiDiDyH zrJc+p$93!5HaYho{fA7h0gnrBivpR_3h$Ec>(v2k9~<)bcnt z#BcrLTZ$VXemIaHWmh@sAw?<|0#I|M5UOQb4leb}c(z&TjSp3!@e8pCw%6PV8geDm zz|3S~V__zGpdhFg7$Y)@?PU`F*rjB=%v*pYgr?1yICdXVFp|@ zMl%%B#yCS^%nx~y`8NVSb3fS3PwQN+Y;D(;@CzG%Im4MU!I=&U@d!Vos;YJ8rGAX< z#FfjGs@Il@oO{$m>*}i)``{0f(h^^E+%7fbLNX2t7n`7Mt{+nt;ICQ+&BZ9NsHQ@q z)kO$tjg^qkx!)i&h-`V`*kf>-=yKwLDX~vXIG8X(C)(V2!vnfvshfvNG!hK1*`@!q5zC_7e{#a1PavQ zj`SUZ-Lh>h?|8e4#7RqW&T!b_et4+)?w|>{uaciUUYE{9byIWdki^03KM>K`0L*`& zFon7LEU_kwPiXrU$;$jFE=^%V-37YoXN%$$=ir6C8GL=S=J2eEr5zXzqFz~C9jCud zY%;EWM7{`TF5=!}U2~l2)e;_*vG!JlL30w`NO*dC(SGVm{|Fem@L{Cipy7`g*s>F7 zDz;eedb{g8ZREO0`%9hMa?2ZRaS&2vNk%&F*{=~J^0b9|C3*-EyIXMi3eF!NLuwNk zmMh%$4n|V9!_+r!CBf$fV7|S}e{AKS61cuGd@*J8JBHVcVcx%jcmD5p#0mc!qxOH* z2BmqrAQirIvv4~k-6C|RcqqB)(e`6W&%eD)b(1^UhohK122xt_Fk1E4^GV59!aD(d z9JGFVZNYB;`8sD`AW?D!->_IFj+UNM?|q-b0RP#H=fU&Ck>hGVgD`kkN`RS%dq(mQ zeB!PDJ=!JzCh$7kp7&E)ph@XD;ceG;=3ptQQ@KCOIIJeZ()$KE5TN`R$iy^k?5A-% z1o;UAU^m1zb4YvI)68FHaQR&IJ--AxBB6#^6(qCz8Dm2O)2tYA|-*BA4%tg=Q;WxZc^SDDvQ{NM{k9&yPn_Ob$t{RT<{yt{z#sZ#s z&8~~CYpD-KxbHonz>rxgjUb%5tR2M$Q(wVJN)1bYsR^BfwePxBpEJ%G2(*56znj}! zXja7Zw!Sw9cHD?~QJJuj(`^6cBHnCXbH3-WxG?~PlRermcwKr^KeO$z+`yVicUoYlkm z($vimt%d!Xl1;N5fp_tS$60G4p)YK;yI1JDMw`%f-J#_3`E3IlFf4rNpyq%Ry0Pyp z7SiY2W&sF`Om}xQusZSf;(p2ismq1KJqDt>=6mHYTZU~RIhgf5Yk@<*V-!@6Zy80g zAbIo+$qS14h3%)KZKjg*E2WJ`RH*T=g&bw+zDx0w3k{sxXlgf13DP^zulP7vOJ4Pa?uRGTa=L3 z^heyXuRuKe4zYMR_NWqzCtAZu`v|g8>ID9HCT2Wsdq+()!7N~&p|locn-|yA<;ov} z-GiE{=Wq9+ug5V|a&fB#OL1!5`ldIznpZ z!>1u1)bc$Sd{DO%2ZoNmyQ4(Hx$E2RL7?lNz?`FabbRK=7SRvD*Bt#m&9c~H`R>_K z(;CFWUaM}cQaz+8SZS^rlhyRon==7z{)}urUbnU6h+aK1HoXwR@D;$Qxi2EpR7E45 zzgcm5aF@qlJ9cpSW*AoGR2KI}>CJ?QA9%zxF}=e%|*82Q@Hk%vZy z?AegYkL;$%&g5eVVx7_gnYv*0N-u=rG55(~Fx$1Vgo7#-a&2wU-}J|>*kJQRYHeU!TRhe%qo-me#^md7z)XM|9b2yZ5kX; z;oi3Wnd_**;KjdC+}! zIh%bT_`-}Wr3aZ0;Q3mq7xcM;?=)_ird5}k;-K8cBZi)eZ&6f8Sy(K$Lb&-VwD6ve zPU=mgGb_a!5w4W;Pn>%}X^9V_)auCY41Dj{BgM**4PG>_)H~Tj?Itv@6IP7;5Vm+- z$O(z7ujpuhg`>Fe0k$qh$Ms{_(g$_GnHNEOpu$HJA47EoUgK!1HGB1$)YT;RcuO!I zk4n_mnciMRi_;)@m-+$=dEv;N(qP8L?ro$4=Am-sAN1};U~F9VQD4~CMN%!)Kvsp* zpXP0IX7^cJ_v!WPCF%I8N33)k!Yj@1jm)FlH~R836q)S?&mg%V8-zNLv5?ZOmu}~as7O#ruk;R3;A@0WVrmI zb4xx92*9={U8gC&t!wZtmSCCN_gq;U9&cK31RotbO&^SXgA}C+75>U`yqOFAX}pW; zD;B}VE%_s-itt+$Pq*ujXO-|*v5ITVhqUgwYrV`qBm^btzhl@W^P0~MF4tK+Uy1Gh zYA;(Wcp7yZL*+^>Fin))CQY_39wObod5S@@aE)<8%ibWia6=g7K8X*|m?E(o`j8z}uVkXJJqGJ^~n*?^6IKL2kDUf2T|1imrPm z{8<5*&jC^~UFpsu(xAm@RAwmsf)EE)afIx&CRJ%Iq^Ua1WkVzMX&Gy;i-lvH4{HTn z*v*}B(eh`7OgaB>ct-@hTe-MI1h1}Zrh@qhrG&bs-l8)DN}#hS7&_vQe#g)D{c04yhKiwNpo& zB?7s;=9>()MN=qWgbb9|dc?^0PYDUU7Vr}z-Z0JK)z$daqcQRH)MXM}nXvi_F3IXw zB6sw9cG~QD+ zS!K|NWD0rZNW7iO_orR&W$8ndYYWPl&~8ogp3VBY_G={uh3dmRc>jxKC;b=BPTbIG zw`)7|z{ewe`m@7W3g&+Bc3gPYSPsE6!K@#1gPX22N?PRey~aT!AuWCBcm$88@l64yB)pJa4@cUVRhO2OIIJ^Do4F67{&#nrP{*WUVTJG#Uy1n zit~O;#_fDyFfBiV%O9Zy=Z`@p%euBezy|YCqQRXqz^vuh^y&6-_7cMu_e@9kd-r-r zZI8F+J<)Ch&r1iN#kN7e#n@OVy)qsR}h{0!V6X(YTp4rn9*BmkmT+vct982;v$v)xpQNWdX z%wNX?-=RP@``Z#^c@%^#o-J~#=XnVr*oX*8*dq+(^T=WrANUzLyFkj zk>r$|lN#aYvW76zaS7vvx)lggS{p~xLIr1-Il+R3bhsn; zBdJBDv-XtDw7*fiL0qlAS+*jMQ7NAigAdJ%QNe}FCM z=kI5m5D>;@{ZlhZ9AH^#y>1a%$sFAk1xB9Qm4S?b^bZf2VnvvtIa%=0ndcR{+$Fg` zbh)AL@?%<92ekxxrxaR^s7U%wv3gM`KSEpLhx|j|y5uLkPVpc4x%L4q*+p%f zAx`#b8qi)E|0k3;M1?lJk(Fb~W04e_V<@_QiGu6uZ1+;%x>=z!N@uJ3yb8qPnU_9mqq=5Cv}bN zJniuq_8BE6{zvfl|L|Vf5GX_|(wvKfz2afw{j?k#3&y><3I^-x)1P-g-05n5(^5Hl zqAmy!yqY(PyjaS1n_XY3=M7Bu1pH0jxLP3~JYPH4@W=Ov)3m~I59g~h*BBcRlV1K0 z$wKaLqB^WJ(}o`JZInds@H5m*P$xM=1vP6bYDfNh_g~OsSMsE5oev5?<zd9m^KiEy*T3=!)#Po95pMgieU-H_(KgY3dlMEG{@-rAzu&ZfK8vQ!oA@e5 z5K7JY?)|a#&KoF+F8jckdDrGUah;sM6cNa+T(7ZhHK12w{tvh6KT_qzyG9;%pzOqW zZ{@uN2B$T|x_{Wr?-+FTTi!Q5Wf?!3e1V^8e95ucXG*Y#(Ch^QsK~?L$h5@{SUcM& z4a&2wWbYo2?t(VH{>8s%S7^vH(EI6EWXG?s>u3!wm%(u1(qKlvJLaJ|!_RN_h@^x{ z`Ahq99b2L}Gi=pqJE=vLly=f!0ldl3>%*pJ_EM!hWfT zsQaXX)+WlROXWw$CNv`_zPFWYIiKP;7-3f+E87(}Ewn#XCg1UyM`z^6K&Isf!FF_- z_~|qt$%tI*aXCAC9oTE|0Zu5H^VF?UmeKimNV~*Sa=CMk{Y~jt^S@)LSZ1%9Smcu_ zJxys9vlmey_Z|^Tri1;CVSyYp{uR8Z9ltssg!pnDs95L)UXtsU}9Re z>TAH4X!KLs(#!h+&TYG(uf&7PUG;*3EjWor!c`0s#-yVdL!QrWOOfyT=b8Eh$ z$3zK4bf1Rw_9Br8NogjHd`!*Q_bX(s+yF_5=?N>uTnLSvYc`=4CPYwv&E@CrfeG@>6^O zYdzsK6=OHPLEEI~B)=5$4U#nj@zV-zfQQoW$7Fzco-L~HB10ch)13<1D2%ty)sCJ7 z<^aifPFoo~JnNpu6ytYUDE+FoOtjrViulf7R-cHVmdsMS>C~4i?^F_p)_JD(@d}b2 zze}+<+HtuQ*j>t*$+#hrg%4cxtAJd6 z9bHwFz#-QFF%v`>_78`wyCEQwOd3}wPz z^9e_TwqU68bS9V#H%(mi;B3KBf^8n(DgO!G5H(rbz+ zvbcsLfX-JTlW4U&tJ{F5y`oBIxUHzi+4!k9W_Cl*W^PkLD%DLb*d!ZlUY zt@&It^l4dN#@r;ww7y2b&0|NtUaQsua(Ka#VV*U5E^x_LUwY^gH~)g#rRfN zYHNn5Qx;#72*6nTI{*QR3OS$wd>7g{M>zz7T#|h<>74kaA z+G3mfT0v@3@t(b@OUHRE1p@nNbfn81BEfNd%F0k!osKbe0_0q9YaK4>8>=}+tyfG( z+Rs(-C5x%p^XO@aZmd(#E)v;!W47;2oSZ$-zQOmeI5EilNgzhO8Iu-siLag+pWbWV zhX_AezCLZCPo^^(w^GeZW)DyS+R)CJv4|2^j5VvS&eVG>ZZ@UP8sc*7+wLgsv=+q( zCia2oBKy`H-$Xnrh}dJIV=s6;#0i?Gxwo4eosJdvz~(I4v0h9Pg$me^=;y0J6-*!R zFec`WYXIk}3gfPUsPq7ZvdpI$gDZ&H-RRuGjl2qW-Qw{gf_PA-jDN0Z`cFz~Q{dIg z2E1>hj7myC^iC&!_?%iO@|)0$)kB^3yVI+i1fE(0yAwpD z+qmqC>2nQA(T>Im`s;V2tdmlMzj%9=x>xpkUg%du9Z@VLLE~! zc~AEAEgizYRMr~o%aLXi&du+rnqrEKM!qK5*znB4ZsCvY(QLut>1I{NK6}A~<52)0 zmG4b?ZO-ru*D{nJCKe`|^mRMs(%#aHFjq_T$#)%CZw}phSrK2A96fTBI?oYNw(XOC z^~mMi2)vr?ut~>ZI8iI7=#1jw6&oW%VWyetE6}8$ju3kEj%wfd@&g=7Pzt7l273eG znNq7#5*d2Td6TZh%!ENF`dFDy58v3_2n6KsTot*q%m+xXlXdsf-h$Pv>tB`gkBA>` zE(rgctE;mo+XinD(Gc0p6iig2T|{vPrmZ(8fK@K<1Tf;nDrHu()Xp`vt71T)YbY{tH2CE5 zeV<CGtK!T5=VRF$ErPXP zs;}L+{L$80Y3}RL(GY_&n-4%_gtap6qCW0oM9%D}cQq>`BQrWP^l!1oKE1xO)$jS{ z0@txjeD;8Llb8XTBf)9+5VqAR`&eoW_77$054f;Y@=J~oy%tDx7g=o&in)`G1)AFOlf2H{$ULWIp}C>Of#wBT$N1iC*`5uK-S>h5 zm4*VTo9x?i*bZvq$V+O*#BlF#6Q37x4*kEEd5(e2-Q0?({z(dLq=0WYf^omnGv0?kxMN-{(SF@v5XYGmtF-3Q&(bQ}|c*n4b#>_%q>vyM-5UsG82 zY2{gkX!7}_OuT7B5N+V}DxNOyncuJ#Y*fJN-wQIR&XQaZFj}9IIPo~GwV;-#MNONf zBtDU(MATmR631AUwIyWhKvia-h=7UQwnoPjK?alex)_8wHOp7*)I-A$t8>6D< z^R80#&=|TjA+P7mjQ#%-bET&~xSEu_I%DG-UDpcSDD_^9)n|<0d8<`=&g5Fy7eb<=7X#MM+h z6z|yTz_5SpCJ?mo1izs~2YCK{v2V20qi^ErW_nbdSz-T}$5DfFo%L@zR#h%u#na*W zV=8Q&6zvjunHcovawd>r3!W(0t%L5Do|(;e{QEpotb{IWIi97Ez43S6>y0tEQI;`% z*3Q*P>KxogGd@ju2!UhD=#o}ek!RC8BPJPUqN1%3eE$Zo0Bb%afegmlsSFd^l|5ASiB?o~>4v#SI z{oCbzu+h1cLqvh!y+kC88YV-oPQmWmWcmw&>z~+fc)Tnm8SYxYfBR7~z)hSov$KuB zWgh`r2*}^Kc<^pSxqvs{K$^U&v^X4 z5bInAbuPgO(H5}b2+bjguYtL5I&nmp&c(1gUw>jJq8st8-@jt!BDSb%`JfCa-f8Bb zo&sRSL#752t%!JKnITcp^t21DT9;0q(5pH-*eJe=hG0Y!v`RWd9TIuoHar#4Nym(a zkh2cjeDJZ~s_t=qi(~B_%Kh0W;LPdNLQJ?07jF`4Edk9-3V~y?*mfmgI}Hzc>E66s z8qpcvK|H`}R#Ay+SJe9I!}CwY#NC4% zY>HlhQ2NuB<^COF0-Tl4ZlM*2zG=c_veRPR!yMPf(-0bOLamp-lACqdA@9j~+`x-f z_ZHQ)6#omwPJ+PlJKpxzercZK!9R?ZWWg%ro%TCvd`p8&TYn8A zr88t3$B(C0DFaXG{dce!i4x_j;+r8M)eY+pBy@%LF%%Obc8%qN<)OnXhn8EAJf7-( zNB@O_UK47+`9qdyA}oh-bQ2g#`sAsOdTz&jvB#k5kbuvGlzWjyHJqm&BhHe3rx7E* z#pfwCdS4DJRrZM?VEVp{AiCVH!4DrH5^L37zR7Bl+tBSI+mo}%8yz;)4TZBi0Kl{U zcuXDmz^IE*(?u@2goaN;Ag9aR2z^JSJyGQ6k7UAkMW&lrz22^`fv0&uw>N(czizv{ zm7_dNt@$D(nvO*Oj=<-bCFAR|yK35xMuOX9Nk-p_e&?R#*66jW6l!!gvd|aZTvIi& zk2ZgJxQcaemfSY#k25Xv^P-LRejb$!k9fMs}8soRZq6Q_FLdf&kI+pKq1gU4MD7S#sEaSa^jKT^1 z5{{_SXU6?{?kRaQQ3CR(Ad1mC`-Y9Jj~J-sy8vZE#^<>F5tPp1!Xix1jRv%NtD22U zk3z1&W+pGT|8XMt+h4|*)!+O@UAN*7j#Bc-pB9Xavj3LTKWtevlmNBnO!HudjNu~7 zjMPL%6Rl;5=1qy_i~au_l97$z3bt?eA*q9QBTV{w#>KfVg~VduSD(z7IB6N7ofsn? zEOqrTg3IpT5q`MOKy2=v^RI+D2v4_k)n>Sjws@d9nB4T|>SHZxGa)NeR zimH2b7!JGbww+B8UCFi${*$#e7CAmldzZGxZNxLsD#-xd`MGm=9_cU*m+0bjUA3ke z0Bj&WdcCUus7RfBt@i67cJC~GDp*LfL9ash0BHN%M%|E4fqLn`ny)4*RSQ_9HlvCC~ynKmzm&Kf8BTaRH9lf3!|ad@vlZ=`2A zqw5wE$ZWIbnpMX{_~XFxbGOs|vtxvq+k%+v`RC(cE&Yx|T=J%H$Zfl`o%8LR9}uba_KCZBR-I#S>*#u-sVk|Os|z47 ze&6N5_dr)|ZUbiQja9nsXxfPP+-I(^lCrtezk4BUz1@oY{=643Fy2^Zzc>9mhQMjL znDbq(dy8OnA7Z+`IXybjfh3)s`RcN*4gXpUVKM-cbzrT8sa>FrY%FIX`!OZOcOQO!J8Y-fk-l^oem zCM|aLU7RL(6)0*bbD!YGFjCR7aykJx=DtY^vE`THPwbf$aTuMiROxE=C|aBQ(n@mM z9ZM5PR_Zl+`;7Hv4R~dWU4~IzNQOTJ^Utxfq=Y!g`c%I5}_5++^!)0|fN6~BOG}b90O`>n~1d=U^ z-{Q8m=qpwipniuleF)0kR|&evr%|<}y-VQ{`GoVzT4DvC!m};uKN-WXL|&0wJAK^otAz+l9~pg67WDf<#-K5WhiD#sU^Uqyo>T)Www>s#UGoX9nd$S) zwax8$rf?ei_;(EG08iaVkNMM`-ImjZ7cPsWv$3Icq$o;Q!1Ag={|C@=wB)zUByIki zjZ)$^nVL~3P9Ti?qSDK7L^HC9jmK*b;7Grq@N~v9_L^xl%6YnIDrESJ`e9;?g{18P zh*EvgLxx7hmpW4XCtk{`LM)IzzTDh&Jt3Z|Q+KDIIBdQ(%Vu8hB+)zA_rONhG z_PW<7zYiZW*Ra%d=*0dG)lfm57C^> zono&Y^_SEpP1EdC-14KOAm~Y0o^P5PP1oZk5hQ+b4nXB!6_8jTv5b4a@X7Fb{Ca%s znvL5MrZkxQ85)!Ecws-Bx|iCGA9naV#&gGjFyVAnGSE{AUgmw#O8NX-#DcPL4hha| z{fLxqRzE(^%W9v_dl z$DD%RE%HwgKXg>n^x!SzeoHsMrJMJLc0WkrpoH)`0|Ou-7K?M|M&==Bq#8L8(%-9uortPx$S>rjlYGRy8Xfxy&w$ z23M-@3T`YAI7Ufy0uwGnZo5KIZX6B`#AO(J3MMp)zJ~)8pk}|?8X1+ zOlv`#`q0f%YPd0l;4ZAZ_CyH$7Vk3CD>^LaS2=k@el{%A8K+5Z%$fNpy1_QVXjF(Z zt3xus#FE>CU82dQdcRh?9*rZ$uZ`X-(*wQQ!bIzSw2{zETkyyMN9w{NIyT_)ALHV6pfjW}N2LR(BwC zA50Lm@bX^3BqkfHQ{(6{tT7|%n!wV1cQ3P5CtF4?;fb+9ELqFDW>%5^{cw~?{)YwMkAfG?hu4m`f+igCZQtOL(-p9uZmw_i z3AY6+XRhtXV}Zq6X4+@uZ1`h$_|d_%Z0_W0Zj+Htw>b+w#5hAsxsfUXdI3%XlH51= znH4lIZYqNB>Buk9aDfoF@$Qfr9%6SSXZW9NvHxVJ{R_6>>V}`YdaWqB_@Q#e(dSq4 zOdt;>5!+({B}t#yKez(ekK8F)S$T_p0et@NUh?wq#J|;VTn)%9cHkC@3-tae=hfq- zl-8E7@4A=odeMG=E5A$hDm4ASZ58_OpaI*g&A-Yj1eAr`WyBA5ggRTR8}e2be;OsF zn5XbOyRMGRWVYH9KKpgu#<&}W-2jS=6pjo~rG1wAp~o8c)M<(1u7APB^IYKRR}nC9 zjAyxXwLy#WSl5nx9s)~w*0A#Fz>OP#1p|B{*C@le{EPhs;4DZQ4A_1{iN%5A zC(LLOW)d;mj~H(Zk_MZ~mY)8>8{%yGs+LMvd$cN>EYkCYeXdv;^;;NHP#5L2eV8Sx zg{rdttsghJ0mI7O$CO3VEqhT^YfL~2b>f!ih(6WXJeV@X0TmmvzQ{vAP# zSPQ2vtQyFv%{f=WyTpMRR?tmQ4`oNZG<8oSBI_6}i{hXj>S<@%eSrU7T;@x!r44)p zu~xDa>_0n#1Z~8aHm3mKi%+;}Ti8y_Lj3c8`l+-WF76zics4cHUtGB?aheM4`5u>} zEN{SU8u{G*j59cf3A-`Td73AgbfmP4SILd@zLE8v2qR9cKDN&6o0tU@nRDg`5&43f zU?#es_A*U{iPDa-qKihSqJdnizhmSr0d7Kdvt#pP$q4Zi4t_foXj4yK({GDt=98g+YyjaY&iy9IYzKl ze1AuDQ+Tl`i(9g&deI|uZ2nbBYnC|)Tnb|`$3D91$cLS;$afcZGi_j1sckkzWmvPU$L`f|$sU8<5jxaSE4~HbbVJMwp`oMTIcd2_o zxvoQG`(sVx`YLb+7CRbpv5z70ymEPdS^Q(4e#aPO@cfRiAifK`2=!HseWFO_wx@Dz{oU2>aL6m)^%vWnLBkTuQe$CnCeR=6oB%!ZQfRSsiQeuWjUt_UC(!}aOzQ7rJ z7iH88LLoR;LomSu5KxfVqEcZTtMWe8`Bc$paf!96ak^U6atA`ckNW~W$|$V7F3Cla zn}qz_WX!c@BeP7dn27r#nTBGH>%+I?6cuqR^mS$y$w9e)1HKo5r7&2_i^$8G3O7JF z08X@d4=x@Aq=jzbL*2;?edxBd$$( zL2ku2$_w@|$82741!xuaQ1FYG5Irl_@VG%TX)-C|Qwr!1n5KLaimv z9B$GznI6}unqK(!bNK_R6M`y|gG{U_PFlhBm{|oDYcqkvHa}e#zFkY;AL#OR^6d2s zPp^;tj3n?-xl>PJ8lnA$EHa2*4U%UhBR;;6F~q*gr7~qd6{U3LKX~_=)o6tIf!iaj zUckr5D0hI#$vY9ZwaO{hpZ&iiNgBQms6l)`0H{GJwrj50qCEHPIDBNE%K2zG#SR?{ zZ(Iv+LJSsC?N^QM6ZZ7|N|J{X?zb<54{TWNc?6ZZTu59{RKEf0i=UqZ$QhuSbTVAg zRRM&TU>U2JL~$RKttg$B4mr0$#NuG3(9NY)%>)sA2x!@SFqHwPsg6fgi!VJtvqfvq zweol_>s zk#Ak2@2$z<5vO=7bsZupT4eE-&4=iMgC$t zAotSmOPbA`I<%-Ys~3Kp`uK2XBQ|v%aG7{Jw1l{7+Y#(+t#JC6egv?}K|D_?t8*J7 z>r4-n9ufRGjTq$+aaF>VeH>`}QW^g1c`+d;G_h21?x`0KQZWaTD+O_oZpR2{e}HiB zQ2`QF+b7tg6Yc9KPnmw|q~z(q`mkt(Q${#3^KknLs&Txx$~ZiUv-a5f^Fs`a3Bx{@ zMq3NWhlAW4F(A>ZP5`^x<&O&4_~~w4l26?kaKgx+yKKg?MCIuo4m!~ney&7PnH$rsZjag^)-t>(ta6DvBXbW3;FTZ=( zmYG8NjQtC2gT`8Z#VRj&aEz{h6F&u~CzX!c3zmJ6<}_s!|HF8PV=SBh+VZe^ti*`^ z(=Z3e(S!EmrLP$6GOynQenfutecoqWH$i0HKVI{8l(Pzp*LA(Xer11kt5#8;EuB1= zwr8k%v@2oUS@^dGKOM0|3Da}7*vc*vXO1o4ELzTh3B>kdvSs;4nDW26_g4j0`P_eb z(wy_Xw%YW=quzf{*7VPDY(RiA6r`H8a@5mj;pY4R)9aC0Fwr?6S>uqmcGiS%{->G-l*xF<#`lIzjYQjIbBhJFXdY+zpZzz@!KZ7+W0 zgijU&7z6x~NB?-2gk;>E=1?G5<@!sutao)`ocOQeV@h3X=bUx-t z*GbHH^In@M`(=ksBk6r!)%`^8?-*zMd(z=O1uwdOd|M#>&-|?3`pFwhht&`2*GA8H z#!G)vyasrO=qq}_p*=QqR4Cj7oR0rUXumb!Vw?#uO4c;EJDM#R*uI`J>6}cZ`8Q3$!RMlJ=8|c`j*u z>fWfOLGl`EJ~Yc-IBs{`JKhtR6#k7GrIdIf$F6>srns~AdWn4HbbITLT>gBX`Bl`k zrUh%s=##H3rAq1PgaFC)8&@$er{los^0Ir(xI2fTKr5ANG`Rx`&l}WH(<+AcRI{d1WqG&CQ*MId@|9|_~U*^2Ezl!|@q4hEnEVp|6Ei4RO-16_q zYWyYA#wAhMU-xj_z`kjfr}m3dDMiPq7v#(Aud|lQ#f`&~t0c#YrO+5j^&|I|vbI0X z@r(0LgSxh*{4uZ#;YtCGJ`N^XnmfLT)b~9G_Y_KneJkwm?9Xv^&3Mf+o~N4<$XMp~ z9f7d@ki>pQuCr5(N`CQeA`D)lv$e0>^?nAQSQA4jasXP~o^8W*6?(??o)RXg#a0I~ zzoHrSgdWT1qj90y>!=oSg3&?U;tw+X=G!a)bCQ~LIF1DOa<5;VLO{eKXM&Yq@qsqN z>itAqN6j+{N(y?v{Q0yab}q~zl;LzpoO%Zm`ObGpstYqJr* z0exg$&d+<%xelNN9*~>nz=%Smctz@}3a>Xx6ZZv0)6&-5Ofk$@G?Vk%(M*t5LN{|i zpDyT@x5;MVp7q4kI2F-!)Oro~nWo)>fc^X&1K#?Gi|brda#^@0<83$2ZKgmB*7%o1 zEyV{jSPpJMCVdbu>V^kmu|Z^##i*p`n>?(zy3|%cfgcKd4bLjZT7iJi&7tT;svVfK zvnNB>$7wHCLEl+*8P?Fs#Wac+m0wX_y*BP*!D{IF(4|*G&9NqHxEULFB=uxTGXq&L^9~mEKuW?Og(hUyV?* z{6b^QN5peNBEsYl!B?VMu2dk!!w-!By|^{-a7X~>jDJd;9)BLGSj$*>UHJOidYrh% zfz(jpF8ddUrrh{lKN)VFBDYQT9d5%*NDoWF78a^b!`3lYKnx;uZC1Yo)`2N_)|rvN zH=LAU+&)S6IwaGzkFxJkC%k4xt1BtjMP+e)_M~L8>|~$@gBV|4TPtD)fTwQ?p>f=e^JCc`5SC8{0#;y%(<>#KVi zS?(&sCE~rRKDF#|ZqTXLVj;A*+t48M-PH+`_ez--f#z*`cv-pQ50{mQJ9|t8I+=*EKK+*yxBy_}GLyt;+&Ih$Lk=93J?>J+8lZ zvtlM3D%UQ4=mictWj4ncuRO{^no+1HSkq2CD==a^-o0&EqS~Q6JPyJe8OK7rmY~{- z6|?oCik}ddq_ueOVc>Bna;I(qber#BGCUTp4y_sF5Hl(_^sAX=pO$wJHO?2H zZoNKXpr_~?jvjMan?KcJZsFc$N82INj@ac$n(#AU%%hA zsd~2EW9lml&!p~Gd$!CSR_Tf3qRIbjWO1hsgG>Aa{Q2BZ$p+E~p{)}=D#)OFIhU&5 zh)Rbxoe#%R*`4NA+@w0Or%X!IKtnIlCQK#-@g**ejWG7Rv5?QUa~8d(J${5&Y%4=>kEvWM&K@ceoKeq z+Xk&iYtMy)fu$tP$HYP1P+aTIcXi}{054a){5^XhHDr7hNxe>vE07II7U`%y?Sjan zbE)XLrMDUK3IbVg8@8TDxQ$bJezQ*czP%zP__VG$!#UlR!k)%QEh;wo)o;dMle2VE zv(1$+Kt8Po;hoG)H#&#IP`O*WRc zQLAOxQ3;)`bSh-G#XxO1b5BmkoDGpu|&u!y{6jtX6F*mnI$8@D#_n=ws6~ z#xKl`U)6m@IAbzSrM2P!2KqH54=cr$bTaBQ9!!2SRI#3)Sm_9SB@DaXm@@cTh#M?q zHI%sN>H%LJKq?yTGTwr8mXnt33iwVe2OR9&4UWFha28E|-F%1BQ=xr$Ma$;pJh&pM z&KUSAXFV&9ENBBjR~|)khIW-)`wR3X19= zV2Y@?;~)F$oNihN!i9e1{ya-w%<;k$eR9ZCJGtEDITU0kX;UM9*QbGN!X0Jbe(QZ5 zF;(DbC64xJWOSZgS6oSKdt)>{8D}LMM&6|vkpp}OLqTJL8Le;kHJQS zXub6X+%RCt5zc0+xEsm~IFS`6Z%=)V<*VSoI);912>2i@_w^0md1+fduJK|2$|rhr*+1TsBrO}g63pvU@RkjkALNC(C(zYXv zc{8c8+74t=_RD)yF3M@-NT!*Q2tDS5e)CR9hlRu4${)(j#ht_gV#oTz&EHzB z)uqO_heE&q0YnCcSTe-hTsmHVuUj`(50#Q-@$1RW+8d5p7eYjfeLL=;N6Im8E?Li@ zyLGq3^68VwI+P1_?bytYR3O^q2L}Gf;-B~`YV^j(4WaRFhP_xwQ=4&GKTHb8rURaW zP~uth;#wglC-rV7HTk|3<~K|8qV6u9M$|jk*h3qX?vf~a;GOE2)vJsCzeFZNATG;d zX%HG?HujK5#NTX~&K!1r^JCY89^)#@K00=tADeo~rLnJ9m-#cagc@OB<4j3VP2)=O zea$(lqZO%s_!vw1hn=O%4n&_lrJ1QV-G#S~Aqp(bDbJ7emZyULV8u#Yw(}*B{_tt@ z{Dpg}?lXce?E)c6L4zTk#rWjbtvcJ`kMdnR^6=&{K#LlE6BOb1NF>$CN4e_1V0+*A^_r~WAW8&Yp;IXBTCuAza+^gPj+OeB0R*-FRz{^et&W<9PL5eHC zuzGs7*?iw5uhJ5180_vW_sv$iiKOQ(+nF7bt?a5yD3a?4uB(Q(hrtZmF%Dt2wFa$vW%(-mL{m{TA_;@gF0kjv+6%(ok(ZxvHO*o9R9 zmjES`$djC(9*4B5g!gYTiP`bo)XTlv@$;We@>*YhujaKA%5=Ei>fqof@Z-%)xofIY zB#5nxiha>rA3S&<1K@Hs5A3K?PZ!o$z14PlrPK-{>&|*9J*>bZygV#c>Io}(!V0WgYF7aZU z$ugAV%2DP9qCrX*w`EHZU+nZg!~U&T2-g3z#vx?INpxj$7C$nW3KNC>Wg$oW;D?YI zYV7FpA(3tH@~!qLA)PeN>=*NS&tBvd=#?d5vQ{6pOO#T=Uu3Q>ZkKCk=ikpl_x)x+ zT|Qwo3zyDgxbX`xasq}SNB!5&9a;B|Ft%fQA|=&+YdgtZm$2*^eajMa%^3ZbtR=tO z+!r(W%a{Ub4vdT2>8XZ#4jgKf?bML)!aN}oLL^akJsuh@rF&WL+A#UJf^2NmeTyoCwRb2E9jW_Q9QS#bRYqu2;pPR zp4Vfx-P&e;>a-t&4w=8qJ6)I7QuNIo^^?zM+d7rNKn9Cbs^qB`BfWMF8`Mj}T6lOu zbXi#zogrTedS61J@9i5U#HSAr$ z+Zfi*fYv|DOb!kUtBT!8_|BCRtUk^S$P7yjNT{aQ?>+2_)KJbo-dNoaJ;zwL^XcUD zqM_x1us5LJg3VbYT$$VLN95I3+L)W3tQU+p2oRTy^(!j&*Ts%4%poQ);dNUtX zIA6$(;!D;^4vV%@!X>|9v2e2)F^_V8OLMqIqTh$LNEX@OGp9CQ4kAleX_r4wY$cFUe*bK4{w4^bA$Mrk4AUrxxNcfK3 zKv(iR;YcD(uHe+&W%iYv>R7Qu2)k*mnbKl+>qh^%%i2U;QKO7gm#p!)prhphz;g7=r}5Pm)%)M2AN*}F8jsT~ zUNk&xP~uYW?1~J>^Pb|E&8_{@2*1$1K)Ypk^UcD6l;a&5pnU z)D(l^Xx62Mf_ki;6LdDY$o zQT@IEuWQ;U zJ$^30U0Bn9G<@$MGh0mgrO_RzFy4-Cn?DlaO9`)QCilV)4;PW`3X&C{XAaX+uHe-e zM3dQB#U+NeqG$HpUXI?Dm=J9Oea6?&=H0lfHoL@Ut5vQ*do5O+nufQ?jvn(ob&urP z*1o=8=zLr^5{U0antQ)^OL8WM?HEv3H%(DeD*XPm1tgXzHA(sx0_m6FmbEN(Yd!P` zAAj5p@*Xm>zPD2bZoeAV8Hgg^WlP2(Uwev{pJwgk5=qki^}&Mipdg_-deEBNeD!Oy zQIDZd+o!h_RzwKW=4uHiR=z&~2IOr2&f(!JU8Ab~Sa)|es8(TgDfdTPUBq{($O3f# zl`PX{;07+m;x=cn4G%K_D-Evv^GW9GId6_nF@+_=i<3f=9ZHDYYPW^SSrG#uXb_Q} zE_(Q4E5#vq&p_U%$7)C$r0x7ds-lj|J}oGjf{A=>o(deG9U_@O8p<6D+i?+T|7q#k zxYiogJD;pmI-q-$_PxIRJ>_hs!T1Vu$oLp9Prv{VV{_iPz=X+d_|k=Mb@A7_)Nt$d zs>yJ6Gsj+Df#BtpZUR#qhN@FZlJSBr^8(m1RG30)=g_~ETVT*M!=`fa$Mz!6Mt@^E ztsdn{8^@dvRq=YE&$m*E{pGUTPkr3bEjttMse)KBME#`DdX7K#&Qtb6s7Jk_f&wmc zyEx0>=d4XO5-aX926t6oT;GB=rQ9rMzFX0Qac(ww%L=O+?gk&xf<~GcA=c+7!O1vV zVWW=s;VBgKbTR>D{VM*tt_?`_7%#gXZnP02KxfO{(Hnl@X_f$`qW1I2td;cdHS zc8-^iXkMZKALZjZjeAxq4lm<+ZnZ5Ly_;Td;ECBzXm}Z#1bDoYN&PFJO%k<$@{&RS zzeBNEQHPmorHbzMsT7v2%|@g<#J?ECxH((xKdXzQVqcYDBc#%zi zU5Pvgt5;nk>{S0V!)+ZCtV%K>zSxBRL6i?8_5B;v+q$kePwI~5f3AMg^cRRte-U-9 zFKk{XQJmMCJn#Y?Xc|T-;`6uw$PT7&Io|@~K5IsO?mrlej2!$ouq^-o?r7C`N&R;U zP-|CbQ|C;)!cn6m`8JT{hOjqZ;ec_Y%#Wgl+PuK8-Bg(IiF`j40Mu)eiBgZ=0F9NO zE$#Tk9m?)gH!5waz1ISBeeOHVUF3d}G`uIoIY2MSNX1M@wE&i~QMB}*`!q;tboGil zF)r_r%XNKmmB$x>bln_Ck2@loX6%O_+@>sY->8|1Gcn$4fQjCb2kF@F09Ii;a%gf8 zpJ@k>=!sbXPYu^z4&w?gJTVJ~KAk`QHNZpDjzn|>vhhd)y;sI&{sq-)dVL(UdgSDq=0&PLuC&g3qtlOrYf3;n3U5P;KhFU8&GXkdGg4s)qnWNM_*DHX>2BSmN5Ct+ym}%f zvtA1FT33bVm=NoRs@o)FcvEuVh2g$@DjuCdqsY|d`Acy(>3zsN@xIXbFFF&c!WC>c z6?}Z;9xkP)Xu3W99OHoA!M?|yX3|_mYt>kiXmtem)$rNeVT;ME-@TyDI1rn3Z$tva zg6s0()hmtcb)XH8?jW^x&pa{Sna&GoBVN=^klqNAfO{&-t1^-5rLN~?AybraJB*$O zH(>pAipn3cA_Qx!G7#xOY{L@hBqr~r>{QI+QWO|@V)6-ZtR3>sPpE-ce*l~jTYmS= zXPXEg+0u7$S6&(U0>0%twKTg_q=q#EdWh}W$7x0?0HSfR^ww==+P5KI4chQr3k!P^ zJ`etpSZkLH!<48>`zITR+#v3Vb9i%2o}|*Er`Jy!3R1&m8x>2bxsQV_8I8x-%uLp; zxYSLa*RVX)eNNNa_NK4VsfQ)S>0HHE7u`26zza!Q8!P9QTXJ*j?HF`8xEE?)9pU%( zg0E`5k0F(;Oj!GZ=eki<<|c!!jd)VKYrYB;R*yzZ+&Y{WW}EfJuMS&e0@lOns0XrkS-ZMg)YusK@<^z{jiH_xaKo zMll(_LI;_*nN4Dj9_jL9R+n01JhZ7#AamF6hWl~qHz719F1La=v;~`m4?nh$0b>m9 zu9dZzY$y`1E$>?^$E~XO?H^vv9Bopz_>Z4D6?H9Mc%u5v_yV`kS zc>}_IW}f}bn5tb7eup-M;sMQo@eLkuuFe8s$fIzWe#icgt&0PG^x;gPwwcgbFgF4~ zjv&%ImVl4je6(n}=3u!}p9cC#HP%buSk36aZmR8Z78~|eoWLFr-6v~pnWdP6&PRcY z2F4jh45DA}7G<P;!Ip(C}@A?KQ)3`lxSO2c}n&}i^h+xsaFhZyufRdzx?dfol+38X8*#u z0DT%L%x>B>`+3X{*;dK{x}g5CY#lomT9NLEp7>{X=#NDtmwPj-9zXs)jne=3i9lJz z1zi)dWa%)JB8uEZ^7lFg<}dwY^ZRl*jRVEyQATD?G}A!5mKJfV;>_)Q*UdrqPm<>J^nGaS(f=cFXD5pnv^AJ`#+ajdsVzs~PCI-pjF5YQWz=_LK$ z&viyUvfuls!*O)EOwYYU^Rt8xBfFUbvKPY0>NtdMOHsDtYd1>X=w7PR31t^>`Zdij zs05(Z!lAGyfLc&U*Gs}S;r*rIec(qAkJkDc$YGZNIo~JpEpsuU_5Po-qnL!LO(8fa zH3*~8{-Ot;|EJ$M`zQ4cr56vdqt0LT9SB?D_$lD8{{CZ`wli*K&-zV*VW&kj_5pItIu|q8pxUN-KWWCgU#pbKR}z7yvGt@ z$)1lq2N#vY??u1ZP8A@pTZ($>oaaeum~wYGv(o=zmB{P0C$PXV#>+eni@(~@G$fU+~B`|ID>>Is_={jEY z&s)rd?O2a>_n4=6?R8Qd8iS`2V)*y3T{O9jMN#ICZ=NqStb=|YXT~2z;dr}nV>_;7 z1vt@*_9X5Y_BCFVJBu87nuw8#bWnD-}}$eu+%S!Wz|0qxjT=6t!9m zUjNye>e3>!JI2;&EYbFyko$2x(xhB@(y{A3)p2~`G0#!|+yKEUA>J4KFSFwS>Ns@L90-imvcU}{9`auN5Ud4iE1VXo8Y&r2+IZu}fKHHDHg zljVeH`7L%cDydRyW+ZXHsY}fEnmeOYx~N~9dx#ds{3f5SACJ6B4#-|3T+Y6Qe$}sj zli@lPvCXu?<=5e-D0yEH=;iZ#ZkHf`53-8J8=pqES;B3->=uvSEl$^*Q)hU=5_mC1 zptHGj%6eqZBwTnoK&>_+9)3RZL|5@eg`o9af634_pJ#r(D3xk$Xh{DybMI`aJST)p z_NA*T14xOyU!-YP=$ogJ(uO+dz{nH5D(b$HEAGJ2$98SgP@k@Xw&;0(C$TkO2lwik z+SN1hm{4sIZpy6kX3QbPHFz-}#P@+@O6j%Jgo8_i!k~@VyRT<)eX#8W)o5Pc)ueM* z`s%8x!L2i~j+{RIeXgyKs_!qRbbB{+t$?f44PX5>pR4v_4LzV03AsM@Pv{6|fH5~Z zWixHpbFDd^tW|$)%f38}s-eh3nM}!9&@}6f>n-2Mb5Bg*8YI*;xi*QFZy#xPCTBD9 zgVoJqEUNZ;&FJyHh;T7wMBXi)b?778+1)7$LaUAG%*o;hXFAU)k(*~K)w;=7!*9tc zkD5ruM$qJKc29T^r3!%rL;MNkx8ta8{D!$l2BSr+G!Ph7VT0WtK@&&E79j9@3Jj@D zy4dmni*fmByIQqJ)z*i#V)1G92Js8LY(;Ha4Vuzp>~_ zD=s{MYOc&;LiM35fSCT#3mFL}E6^W+oCRx!c6pu!xomn2-*I@l7+xHBkuafk*e~AO z-tdaiOe-+`*EPZ=t^}nsq%ktLVG41 zF%}-JAD7zMbWEx=_hgaDfrsjJ{d;+imm)Y{TW{ER-Cw&!seIySuST6ohb2)W0Ep#H zNy(c6-QJvf6g?&MY@W9sT!PwV_^_4DG;Vr zo~~UTIvJ_$^XKYLyI%AMc(V#tyRT4gg8857>2qK89*Ln; zclea4>97YW8<_^Nn%?E9x98Fqx1Znvw;7ulZ1Mtpx>u(jo#Ob|Z~yU=cyTO27~PQ5 zYtXw{2L5K@UCNMqXyHfh8{U&e7^DtG44$EwbF!%| zb6Wjkyo%rG&wud^l2$wS@)=;!t}xwe^N*NoNbLOxiftCfe3UE(Zv_vpa7q1|+muSA zRI&lQ#!i~3tx?tb`dqJ(dw#Bq&PuP@Zvk=~{tpat3CbRjIqn*fu`8RMVH7L6hIsZ&s{r;j(m*zyJDZ9*+9 zc5D1P01LU9`JAAA)N7sLpBd4YulhXuA{pbAe)2<^$osD;cf#Xgu#Qh^iF%o%82jq%`#JwQ#t`pg(`uFeIbN|@%(-49yN%y-%6j%kzB4?nvV6A_tOnGpx?;G zh@`zMf&m5eE*#xCZ*cZja39qdNo*80JxsLXiz^q3+$wCqFOpAv z=LsO;%`^ORBMMu!y^Q0z#PkTFanGZ@;vFQ0y-)f4q2as4;?$NC%VLu3#DW-J5c0D$Wp6nZ1J?mhjLu`?yk03nIUqC@daT zn+PdYwmVb3n3gD4DL2$})8$RZ)GoGF{2(;8b6Cn+`P*V z2S>ICIl0{$^bmB5-`kgauRA20U7am9+)D$7tC@?R%^myb)z?JC^Bqyr$MB{$`|wbY zf0bRrdLX5=53_5R8*hIXyTvr}_O{sk-KlilVNFwjXNG*Ih|6lO=^2~azf1y7M)$}bZ7Ti0a zAOYk%;TM#DdV6&5$8qwXvT6-{5rTgJ9vgwmr#HU@m(lEzmNr%TzTe7wkbG+W&v?(z z)>wlpEJu7@J%f)uzzX^FH`<1B(Vd_(P%he;um(ULH0g z#ndu@^R>^!wxf!WLV-&6gkPM)V;+|p3E*M)hQIr$bB=73jnJ6gKmzXzoEd;nAWdF-(aTF8$;1+884Y-bs!AeFv#>u4NF zY$L1&%0&=#ec72i?5Aep!knxF|Lr6L7-wWiGvD45Z#eS~$R61)7plsHo8(oat@a4X zwh;kpBLn3q3}cbd3py?5;*xhN9p^Mc=@yO=F3?9A3NR!yU0hUGBDIv_>Uc8g_ve<5 z7jDJbWLBLYt@e$+<412SS+ymrK=Y|q=$507?n^SO7+Nso2Er~zqX+I8`^1inYpwcf z{ZZIMRMsmPdhj7?czAtyZ6!cZMDFc#wacfWfmYpeKC6VHMu=PZN+D#zwOzHw*IxO|KuX?x_v^KIOx$-qk)AdO3)|HhsJIK zE1*-gHIGLHWX+ON8{cwJqik8jx0H*Sc*^)H16R%xc(HPcFe2-@l_33HR-5OXF=Cce zzf+<38r?T}4s>iBjx@KCn82r%E|-rK$dCq!#t04TF3m)12HU^1SEc$9>%xtZXp*#s zv6;PmA^nZyQv2sF{FnOt+-?c+6#jpL1Win|0?v2Z{e%u z{!3K~OEBX;Pr#Ml4$_)qVpgh?R$6hv?*#fr9aknYRKoh_zVc)y*Gsq2!762|u8c(E zmvt&A6#DAnN>~hZcM2%~b@E=X0d!L#rIb2g!BYH0g7vFrtJ~9DrmSOucMLX5limau zOtboWsj}IP6HQB@m7QF7WLu5z8^kO!8mgos-e0|+>~H*43P5<-%}n~Khhl3 z$g}T*InNaB{}8Lkt9Hv$0h8`kIpckydj((JLUL?B|A4r)<*K~lCqa^(>Ao_59rM|s z>snq7MmIHwAD}_qKA3(qWEZQDoY3gr_#22eg z>=F*pfUb|SRL+a*zmzq!Bh(vpEzc`4i%pzA zzkaS{OiWci?b{r^zBNE0-S+4{G4S=-on-EO0hhfGXO(TVnbYmS@t9vA%WXlHV! z>W?o-W`$;i)Jy(7+q!>R`KX7csABlsH*1+46QxId7Hr_Lb^P=J8>azVMs#`n9lj~( zfWg1?mHrD&^w0iTKs+)=whuQSdMY5SSSVyKNK_tJ2aX4F9 zl=}rHz=(a!i+!we%#Q~rW{PfvEmvzN*SD!9VAt0lTbSvEI-l;B(Olv^u_YkNi=zT2|J)1r6<=ctK&0s2Uxh158@s`@swD}P6VpMEWt z6?VwtSIp@G9=VMatxNtB#o!IPb_o+7qS@!3a?1Kux1OWwOQx-yMWm~5+om(#F5&@A zBZqXm-lQl3TCMvbPnU{497&oxzh=i@kDi$OM@jr;=mfFcTqK;m5OaNq&T-G3nC!$O znz>G>rz72lF8Lb2yl!{W-(Ey{RJxwE12tdxN;hJEk~ZXr3!yYpiIg*2Mi*n3kEM5~ z=3NL^a%-e;>>?%bC8b=Z&O7Pns#JEylNIfik5fG7Ia!XxrTs)R#S$?d@pyIvLK`py zj>w4R@SNb`4?kd+Uts!6T;MOUlMOk!FA_4S4GfkW)#+c;s^MO^uNXDH-8#!SsDVT0 z2K5`MCkA&yppG2@Pu5&*_&S4~G3%4%FGR8m$Hi`bi&-gg2>Yt_scPYX;m6?}xy7S; zs3IF@JIFY${`WfM&0?rq>i)ej2PN1jZ`f*B`gAZ%ESHmUd~qxGb&GIZTzdHKjX39O zXXXSqqdhfbS(j_=%}_u{ByN&czw+twu&Z#Q7guHZ?4WE{KWfgiEUnSsFK z>k;;Fz$+boH95JMAF%?du^V0^-x{xOG*KNPKYxSv-|M*W4O#M~j9XU3?H!4=&8@-H zhY-ybTe9?lOPUd%Ho#898*b#J6QE`C;tD&1qzU<(?W1J5g;~-ja^33GLo)P26cMR* zdcJmYzvjEaZKt<<)VdhDSjK+KDWLx(R@5&{QQ#En)M*hREKRzCV#NaxBNca~f^M(6 z#OE0`N2B;UIZ2*1p=yyEwKum7TvRz9!I7Zj9|agB+yC3CCA6DHhpPV;c4 zrzkMFu%6T#eL~T8t~gVFt6Xs+a+R-{#y4O}!=l|dl7fMYql3I(obD5LoLh)J$Y#?R z1R`emS)up~5y0gfEj2BD0^%)oYAm6N*q8KwMk+OOoynrSGi(SEtMuaE-Q;>Bp*T13 zXvL3&jSB8f9V@(D?G5Irq59O)ON1Vd2FBSWRU+s@&l?>c$`Tk35i~Dn8TMLIU(X#@ z;+)Nkmi@&*h-UR&Ybz;tCJm&s2_@JfpYf_)yxRvG1gN1MQl8?rFFN{-uHL2Kh}w&@ zFZT=6Vx;I9s0R<)4Su1S^_QY$g{$?ol9bN4bEjREsy}k_SWjw=nWNT2&|m}59raI? zN@s4AMO){wmfVF({s55LZQaa7a+~IgEx8BI>Iv>mxQI$*xZjiGsbknt7=}Z+}xIWVFlUP0& zLNQvrJc=4!(V0XviL37hqnH8;)%OW9>Jo<#N5a(pB~F{W@aXp9_HP|Hhl(2;6A%M6T)vqmr%-5$f7C_=^eut?3~RjOIy{5H?QPgV;yC{NYSEvHz?gCAmg^YBb~vI27lROsY`0FMoXR zd%)ah<+8SO^dAvP;P028U6*C`OSZc$ta~hYl;S~0Ks#9$t^OUUSiH1wB}D@M$JB%u z#+$#cy0_gvUh1D_me!^l*iePrK9{ERLM_0-^35l!+)WLOROp3dZRwQvp|J2F4W}H% z*IG$Od{6_cP-V(np<{FJ^9c!f|AR1zvFruhyjWrwYFXP%s@lw&CF!0xpJ!g(uf$aB zE&YgEP6k8f3qGS(b4Ou8c>T~dJq*f}!Hkv1Is^HVEZOmDY21$v^JM&B@Ka5u&wN&O zt(wF{|7^x!^LyKbIlzrYghET7KSJsKQq?XrLcRbi#9=PwSSc{>9U4s(aoje-E@A@(0kaoM8$Q zo-3F9&_X`uLmyy0A>5G%qYZyI^qKePHtPa63n~8|?WvPYW-l}; z*{B*3MJ2JN)?eR7fK4$uwdtBhWh)uLkyaK`>2q!XlC%0kYm7uD4Wz!!Ct%BTVNx*t zHo9$R%BQi#lYV8kA=*EQXdiX9(;JsEKs*QBZ*i3RR5qNcG`bOjDsA-{e~O|gDDrG@ zfq+q7E~fZV)Gk)5#g`J$iFwOHSnNB~tm4<}RuZHxq~%YyqUEJUuvMw_HfZ6r67zru z;kLR5syCl5?mxGnUC0csxMo{~0YXJ}2IM-FyR_GCjyVrUi;ECkcR@N&pR1ggWr{99 z>*d-+(YgeSkC_`a4DL(D=cg0qB7>rhYBnp7cb{oIe0-$bc=U17d#1a=+A(}t)gWQW zPXW?{RwhG{P3oQdB56sv_$!id!tdsN1K}?^DGbJ;&}4U=C3E&}1`l1kGd#2aMv(^E z*LyZw)Nq}?d!W5>z>&1g5JNYe_S1aRAxg@5r!3nj>LtWM_>~9D=s6JWtA}rfs1P_} zSSC}d<%t$t57dS|KrmS6&@$rSR|(@MdK}m)9>cRf7}z<(W<0WiEY$enKN&^Dm%wl7 znq-o?Uf*wdQBPthc{Vg?Omz(PGnKw>wqEIn@$lF%6Dvg9dmcsfFdHY-7#Um#yp}Kl zC?Z$?nn(IdklxZ!Ol9i3^9sCRR-i@IcAteS&^g3qv9iP<|K z9!l5W!&;a1BkM?ixFCq7sYc~*knpRm#faeU#S2c4?8?N3k8!;gx_?d4(lRGEcI$oOg_)s0x>d0oxx3hf8OleYn#u-wi({RqglhwO^V%2m*45>Bk~s{ zfsNK$EmJK9Gr_gg@$cW0nPfP=AG6daYR)5Q#{M zK7xFsHkd8|Cev3aTFkOVUIYK=v-&}PcI4_`U7Ze9=Alhi&vnmd5$A@;|=FS zd&b?MZF5=QD3>Wc>|}q^FzXh)H-~qt%mO_tojz7z?_A;=>7{BLE@uKNyI>@C*?0jr z(|tog-Q|lH*FTBk-NxGf73GmUN!1RrIGHT;@mpA z1JQRhR1XWvc5XwdVKDJRlPqd;LUW3o_2QDyxzcg?!u$__k0!#+o%{DUuhK8K7~nV3 z^-q4m%zfInSSoJBy(IbI2Jk-rQ+Xz5mnj3?rQ?QTlcR|s?38a+@pdoyH;G)`#2U!@Ui0Q>dQzfqBCM|(18IXB8J+usd zXfBA?jmgvnA2UcT7(OU#5+fv6t}oR35=m~*!GED??2=ZY@G>Ef^*OcqVTa5HZkFgt zpnxCHsL80vQGxw*(Ype~aq!(E<3|fx>q$dw0B;`QYv1hl6~-Z;j`&K6sX4E5%tS2Z z&EKr|vKZ{$Lz9gcH<>>?zJYU>KAahyRxqTR)SOWHDfWjLtH<|}?zs4S$F3Kxi2L09 z)Y?T<{o@f5(fz!9LH`SD7x{eY*}zq%qjR*!2D#F>h`M|*md?{I_lbCRDAKo>K0vKq z-4Vle=yPztb8~xhDQgwOopJCxy;mVDYsZOtA=4(G#LnpYdBj%Sm>Uchv?dyU=(OXD zJ!1?@E_f+Y1Uj;Mrx0*;{eFDm)&zJ=bKhc~bs~N$d+~~eu}bU^-DvyLwI1u^DA&t} z_1ulME~KavsOPC?!>;Uwu}%e?lji`xcdOLM!^=5CD>pe~8I{|cOGg`qcEM0o6*<0P zKV3k7TKe>J`euqYPa|wa#769L_Kf;bT;3QKd2GM#(UpGSFbR^DKrvf8$v*(7d2kYx z45MIp@TvxQf$A{bZl(S3<%RZ|>r7onN%a&Fge|=WtmW+IWDcVpAS}q*X)eABGYN|B zEOD(dai)-L?|*+gcMD!js|6VC$p6})#KG{v)@KmN)OkH!&|s6?A;zs;f@wlLYLkge zm@J8{i1Uzrd4awL1cD9>)U3EJVg)pe+cJ`_x(N$MPNsj2;JL+XvbKXhlnH^A&oY|Lv+1+7_hTb?>FX@yarf6n}W*x z^=Tsc8C9f>I^=_*CO7km>BQ{6MlP)ox=~N+t=Ak8@T}B-2KxNiUXpicYO{>?myHjG zNYf>oEBP7@)(xw>DF!+mVT$gC)^5HPD*3TdEt}dmHTc{LV*2y{vuH3qndbFwIzj>czZZ-UZ4KLQ>pE9)+^^Ure~?d%M)oe zd2S%uu*!p;B?uSX{ZE<>70tIsC9w#u-_(o&>sf>Ersva5Imf<2(M5(1@MQfN*Gfya z-uVLeo=_HoRB2(c@8EZv=~EVEO}B3Z$TS9FYyxH}=lP@-HOjJSGACXDpnJeMv=Sva zDHk-$TEFY)KUMYzFs1Wmo#+ohFmG=raIb>yG%7Gl&RSj4_sXhZPdUlGU@d`;*j0T$ zKUy@TYm=<6wS83o@;VT`Zcf)fE!*6^A2w8H;>sC`Rv-1#P44E#(!^+AdbB-pH^$ny zHKjy=VURWTz4=@cJh1=;)S$CF$uMR{5l*W`GAaktdmd)1Ia7Z5!-U|5x&>7f{d*PMawUjb?J)oJ@HHxnYu2 z%QG`EXNoI4HWx+^ew!cH^v4tscD>>^)Ch)7!A5YLd~9r68oW`DIe#%_o?If0cH-Z) zicjf@M26~NfQmoSg5WUfIdP3lf`DmwXh*(M!WOFd#n~_)>t9*w7 zdzuHUZg8$L)_acXEMeazqjh`}N`tlWbsm^pjOXqE;)#3Vx=*g%B};igo3QPWC=_p) z(0pKrTl%T&;H^4|u$PcjPk8vVM30>G;wodRUKz7izcC^`#C6W{8P60H>HfZX*yOw+ zKR5e@oSEOfm)UFKx?+3U&6iHekNA!tYP;T&muqbg^0%aat6LzzeKI|_Q^(>)me|Ve zSQwz%kT1n&rFSwwj@uze&9DrmRz&$zdmbU(N9+48$@}mA>f3nDZxJxje+>u2J`7M> zPXDOVIlaclcI1wGOvnIUW$|E^jlAQvbvb$|R8eRr!5&}PCF|w1L?2Z(hs3ZT@)noI zxec*<$aDX#7VjgGsVKllId}f91I0ox8Z);xm#rt>%;tz855#X~vTG)o&E34nrMOtHN)NlY2i@CNu{!m?9zDL+5b6 z>Gd5I6E9;bi}YYSV1U{J;<+EjMA8!lMRc}m} za|1{Ov_~y;{eISYw|w}2u=mzsQGR>h=qLy%Ez+rgDBUr@Akr-=UBZwKJ#-5SC^3X| zgOqePh{VtxGc*j{-QYXV-uqm?{ha;!+xyw?{^Oi;o&VOweRI#M`(A5(zn_@?1z1N* zEo>TS5Lw*(6Z0Qdf^X~3#79EoKl8b8v_@xuYb-=;Ew3D=KOH{oHfMK*@*iGM{3{rTnk6?-*+^M zvr^Kes>ia{H^QQlwi3 zK}*ce30RUvT!g@yeK5C(ZDP$Bt(@<3ojthgGcYsUAeK(`OFQqhXFw)%@%87#NesA& z9R4=#t5xw7JpnG0_i|!m7DWLcCK5zVVzs0q6CtndA~<|0MUyV$yc$5{`qC81Z_#?V z8(Z-g4vb7Q*7&x9??04<1RR1tZ(BZP2}obViiNBmtYpHc=va3lIY=dn3vjvPqo=#= z+Vmuhb$GDI##Sp12+abH=tQMAK@5?pS%=|9s3!P%aQH94n-kJN*&&WWJhgcKh)!!9 z6qveycL>ANHJ`QMo}d<5DQG)p2Fq$zipfN-`A6}Yew;L~Z~|tzeb~1Txt4&XC56?M zq2YT*ic7cHBj;Xf+`j^SpAHNx&}6clc6vch`KxHBn1TF#ZUr4e$*7f<;~R0k;@Ix_K5)ktViIf;*GHsy z`^NrKWWmi!V*IEi{}MOm(}wLQxFn3UJ|w69eMha2x@{9qfQ8*~M|KNai!e2P{LQ^V zMEKVm?bcra!jP-HL8@emVjB@JMy`UFA>yZu*%F%EzHLjln}3IV3_Y>0%l+mG{BP>1 zS*Z1~&e8B3U?C|hyqTz#A}kEaw2}1#$#k>%l7%dF|cV z``qb7Cq**Sa@SNCkrvTq+vxic^8ElKR1KQey=$8M4WALV#>6H@_a+ba(#d-}=ylIl zilS9HM70P*M;_F$GGl``DHL0kHc~(a&YO;vPrYY|G#^?4K4< zpe&rrd0AxmLSEeIi@Aw&81<@+M8Ut(%B5A<#J+1Vq~O&~E>;ZHL`=xwnmEf&c!f_g zj7&DmS)cDl-jJ;WRg$%+76D@wWfP3U~D#NvF47sC)RFh z>@4#dkp(;sHZ7YE%z!?raEKHx+b19ZPxs-6+YE~y3NY>v7|nxN4g&YDB=>#&Pr<0E zv+zMq-Cb8<9|^D8gIm}*wu+%fVe5N7W}VDL!KQ;a+5H7NI9XEz{j1g3$YTar=Bh?{ ziVQ7ATADa}DZw`%Zt%?nF>&#BLZ0BloY&L{j=eqoGX#t2&8r?~0#~6Bcw0&m{iAY= z&_hXGa`{!wE;&37J3*23D%eDqDD~VxFhP1qg8G1Yc~PrLc0Y~RsM^;+uh3UAGYMnc z@wyXLJ5Z{%u*U1$HrgU@eo$|D4WBqQXMF_9iTf>V7Biy$r3vA}fa>F-nQ+EP8oe8mcQYkg zgQJ|mpmy@5UeDs?SicqlpFya~oq^(~%iaXlopF}d44XK0Z*{I?!Hgr1o}b8kCo(FC zb~@_Ttgu$%aL;&W9%4Y@>B_*IUe#L6;G^*HnKOZrkWo%va+||I)80*Aj2rmrV1pu~ zg|$3Q>#P;;C4Ee;Q3|$-OmCS^c>1QOH;*dKRvz3WNBz|1Z4pUWiAxnGj}pB@F~l7^ z?vgk+jqaoSVA3W;m>s;(BpOQQsIezO$67w~vnuXoH%0d^06AQldBJk0e}qi6qc<*C0lyNIA(2L4lE?>A0rPY(H6Zmi1KimqLN{yg=VGZvH?yBsgpJ%=?R zc>nbrZ7#35jBv5hVOm1Tow=Yc;N?eZO#NMtCUrtBuzktqmTKS)uF%tj%7XikowzCb~ep(aD)wEHFFh<=m6DBqA#@!Qux|SI0@)XCIbBK3}E{j4g-S(G=mK0;3w4fyBnLRS%}MHPYcds zBqnTi1l2vrZfS)PP0-f(k=B@;Wpg)w(+y1>eEhT3vnG%j_zdNYrI`#A>@pC|MGJR) ztgZO^?oNA3?M{~5PN4A0dH~I_&tsB9x6bA?GSN9IyU7_3cYLuX{w3@*CQRzL`qTG6 zX27z?s`-R1FCpL7!ZG%d=3$}6p|#y?Nw|I1gfliA5Ev(&Tz|IJ_S&PKs1;s{Ys)s{ z;?qxJmKKoUcP?u@m$DloLMs!;ozb}u0q?h$^Ty9g+#7W1oj&T6&BPRKx4XZW+rBQk zpg*FgXKUek9mjf#j^iWMegWFMd~cYlXWf;Tfto9t%a7p+v_yN#hh4MhovG8o41wLn z$l~%bry}e1U}M^UGsON)H&1H&e*jyt4-(vir z!~T@rYqD;(2`tu(@r)TvojC{!yY&SHot7kXa#m9XJXhcS5_$ebgo$gX<}y7cg)p6I zYshU#&IOe4!H|^Sc(H?z`fTl}QLV=|H$S#UwNSw7*wEy`5KmdhBel#4+0HPmN?arFOjp~Q+r=K~(X56{y-S$UYljwqiuUp@% z2YB?|z z6F&-~+T==Q561W6JifmI7!`<@m;0pOzyfUfMMBkbKxe zgvs-pXKe_TC8uXF#^|u^-Vud&136+166b002xhK5I(! z#X6T;m>T?9(>v3kz1w-?I=zS98v0NFt!+um2Rx?bwRJ_uv`B}_=h``aPNk^%`@7B9 zK>%w@hi!=NZQQ7#&0beuI8e+-3VCw%mJ#){atGclxNd2c#7t@apP;;GK zXXGLalqX$v?a`YGESuF`fg`E%XSMR4y%HWDuIsJGuen9 zoeEh+O&|*ghX|Ov8M{6t%M)kV%Bn1LL<};j^y;s@z1>?rG5cOrb-l5*f|{0^nJcTm z(7_5Sc^2lUL?M59Kp+3im7a9QbKT(7)1!mDYa_)_6Fg6yx<)S2k>gEHE;7I}7Ns_B z9r@SE6kJEDRLQ2^usw$+XjHx{Vb@+m?^lE?2Xk(EM=pXMn-reiq|8={t9Uj>SJ0hF zm28rLrq4JMAOFQTp!5QGTwa6Um|LMoZbQ*03n4;%^Sz71vAoeej2Y(P{#M-eW5f6a z!uq(VQ_~5w#}k_hf;{0>FEb$3}wT(j>t zj=!KMp1aioI?B!DAba(yD8eUYR-cBIn0_b+h4^{W(7-JbCj^%E5-;yua`67OO63Vk zBWCMLa%@8hqGQ>Uj!kLyu|n(qf|II}!+>9a!h0n5NDb5YuCb9Fg%-Xr*O^Rs+YGA7 z5hXlV?c6e;iTvxh&y41+n^qXTZ#i#C4noCinn>Iz%!Y%G&IfN5X<9B=4!wNP2stV} z9Z#37ZbNjnSo|eB4!SNm{|oDd7{*op+h~bDI4&Erc@4i3DAP=-j@97+pB3ESeS~2wq zzSz0+gb_^y`KM&ZfAyAsn-uA8cDQe1n$E#%INQsSht$1eYG*Gda)>VfJNojJuC{bl7#P9yomjp@a_m4_m=3OS0lu;y;X+76s4yrSvf895N zwM^O9Pj07<6&6szM&;#CbKVK#DO5vj@1&+}Qkdo^2&Ik29tdRB35t|9?O85#eR4x6 zxy%zp)C9AvTzsaIu$<-ae5~8yMM_42tz=df(Fx}j{G4-UjQ8##KcUU7H&$b0X@L3& zWgZ`ers~WDJ(s8;OW7CuZH)347)d7?Xr*u`wXk*h?zOV>Yn(oyom=Jsz12wz^&GEA zQ7E5LO!t5#)xHZESBXO`=SdDQ@JZLFi+Wf=99T7F*P&LlUSNGMX`0UdbQn_|P@uvxsFI(ViCl#pf8h_^*?A|tlN!XE&%r)oz z>Osw(Uhe1qi4M4|s&F4Vte0J8N~Hb7Ay$&wiEgy!LygdnVYcb?K=T2^PNnbmB0zWd z430e&4lT_RdIlLcX{h*Zv(n6PSB-@(jDy|CEP;U+* zeEE9c0bdUFV>C;7OohD3G^ra)(TM12;li*rWsIt+TV)?NjTB6AyC9Qdlf5XHtRXOZ zc4_qr)s!|96XS69B=v!HkSK|D{f|U#1CT7`W_R}hC-fXXgJjxi;lWIwks1HWy!9EV zDZCB5cA9lQL{sji3@CWw?7U9cZ6~U7FRkl0FoUz9=Xwz{?PSa4Bj7`o)C;^%IV%a96m#18@?ag3$~!=720K$* zRlbZ8r)ITWn-nQ9AQD5W;*kcZEaXP3RmceCgcQ`L9sjmnrvMe!S65`KC zDVx7`&-aey@1;HJo^jq(i%gl2-iiiM8oL8A0;bla<>?ftd>Ixtw&=BrxB9IG^#u*9 z#gX@ULc6*U%7iJ=Kzyrmplkr6k|Y$s1XC%(dU|}8-Q}9Eq{(`kf=L+tZlJTOA^J0h zRD!2mahueKQGfXHpfqyng0GG}@NDI_Y#nc`xp1rz`Ddw{YE>D(J<8p8;YM zvAK*iT&3qSOxh7l;^l2`#X!#men^@)$xXXF<*!tKEyy*1e z1G77I?TjSLDuH#FgjAc4P)2;J^6i@T-pNg z2TWv73cEPQ%h=0%7$GL%?RL?&Ai%<;Z^U3Qh=A*(T1fIs)IOBcCqu&)Jez z?+{}6e9$>In5N_mZ#8USaU4%1Qeiv)(7hX$4VU_XWEqybvKvV&JeOD^_H`Fe@kO2~ z`<8G10xSyPDMFCSOK+@EBQrku51uea{0qs1KfOf~`*$e)T(pmEzWFYYB40GLsP44| zoxYE(cG%w0RhTQRB(qXxFpBRax!(KwqqOwDA9DDIsKkSU{37k#urG=>gpp^gFBkNB z4;;0_qTFuaqJyL3x_SSErkOyHar$OdM33%FwPF8)EMgT2ryC}qlSE4c8qoR?z`swv zTWHavrJ>YQpQ)hl-D8K<%+kw=G%$!Bt#56iJV=t!^fO_1gzUIhH_dT8ygJM%W5_kpq)btqse&?+%8Bk@I1X-X(|hWXE%A z1dfYjrdDoSM=FuDB{0$m(u{}^Nn#Q;y&@)$`O|24z&NR@tGE`vX5YkdIta%Apb zL$af5s3}l6A|01hE2wCtN}Br#;SGDGalop?@`~UnYT^SZjrQchvf$)a#JxUfQmJhB zJD1k$}ylp%|KSu`!QP{bu-*~f;kdnhaqHuZC-^HHF15fs}R zBl_+$bzIWnLwOo^|A6zX!85m|V{Z2lHNDvDRp*8(+WU!rm(?TX&FC5Lh)MpMgC?(o z_;7Qw7Nb`m)CKLyvWzo~m<)UFxKdU+>Rjje2&rBkk2jEz;s4@@(t=|v!i{6HW^6ku~H9mV1PYs`2{RR2DU|}`Nw0J%zUiBAXA!o8hwZB(` zZMuZx`=`uy_6U*vI06+yOHo^RWQ+O==GT9cRycVfvtrx#XtV$Q^01^X7Er+~X0b3V zjGEH{1OPl#c*T7q^Rd5;A7R}o^cYWK&FJ+gv$b!du4)tEcU)-=gx4;k;8S7iB0Rs3 z2hp?ayoT6EqMv~hTbj@Q)mQRQ^LxJ+Qhwf5cPMLEk*3yy_Fnt&uO4##h5LTTHhTUg z_j{gp*ODlI0?9VqyeXDfM_Jk7i;Gg`!X$As{kVkdcP@e_kl=*s_k&jBs};jSS%H++ zas${%|EF;v-Ts8|6hA_y`o|1ICv(l;zlh}!N=(f1u*j=u&V2QpyAoi)ef-@RD$T{% zrttNr6k%FKiW{5Kp10QRC-i5XJnrJ{Su+~;@)FGs4C%f8&Si}DW1&URo21C?(Ta~y z3|6Nw+G%$&o~yVyJ2@1CUhcWO_RV_DhunrV3T+r|ALTff9~&u|uxSx&C>P=Ryj*VT z3?C-q?+2J)5VIkPfmEZbbJaqlO?zk*&rq$z(%~-vYwFp!@47zyfxB;v)L(vYxG5SP z(6*5M1t_!fUEq16=26g;FZ(xUmD!r-em@$saJZNkuvbL zvN29}L@7jfB6@8garnaTSbF@E22YV-%@)bAWA(pi+kMoxxYRPNRiTqy{QeF3TVdhk zqTq}oUG_nYoU$EDys%HL?KX)B#t`S}NXptty$(G#Tg6wVcG_*7197og>D?;1_j%vQ znm!b`a)%11nno#U?;JwplcMUx$;~$gqq`-NnrZE%5*v~evCwNoIbCv9_6oJpG2ub}w;i{!vu$%&D zDtNwTjE=0aqIl26N_>__`$yw8qFwq*+_}PeX>dO{JkB1jg%}ADJ*X;q*(a_sk#H@h z8po`}+1YK7TEmv?{p7sG&F2l_aGTzp0Rs^tuy@pSz~kY;I`x~L3Enz|OrPN8NuyH9 z;hT@_Yrg>0EjP=*0JmcG-x+$Y(0QKn0W=rMWcC-}hlfAU8Hmd@A2`rV_K6Bnx7m;H zK5rEzy(X~dH0Y(iQ$!p=-G1(QeWCYJvfl$Ek2}S99M%u!6^>ZXtFIFChVX#8iw)sG zo%j(Yuc{A)5)t?3LVEQ^BLC&!(eJ;B1i!PURh3bx0;3_hcb_~#gF*gu2lzj@dQWSt zihUL?Matq3Q^Tr^>V8;|%B|9Dn8i(=tQKLHg-5JL z=t|L`$~HFtk{_BeJ{p@f@ZX3JIdTV{q!b0$^vL<<2iQuSJx3@9l*ga%Qn|3oarM)< z0IWZ?yj%@Cm|q1sZ)GhysHUHin^Y^C0qve`MU^e78!@sW4i{X@_&r3KAVVIvuRvOg zt;Z`6#QF*vU&+r&7^}NCFyl(@?N+OjD|AGBw!Y2SLXRPx^&qiyD>27)rD4S_E!D=K z{S1j`w;?i!iu3JIE2o$rfu_MZe*wOPbNoeDYl<}W)EUi;nB}?cMK1v#|BhMleT`PJ zS%_XU?AetwL>ggY@x-kx9V;x2h{)TGl6_PnV40+pPu) zHY=3@2~83Un6Ej%*B`onfn)EiZ~ih?^Q$Y5E8A@D(>9h8Hq)>v=3G@PhIN0!oqLMf zxZWBO8w%Fo`e5}MvvF!c_MyVf{u&k@`i4ND+{WVIN5Z5opJU+|?=g*|2@ipx;Z!mU zWd~P!{rJQsno%||=gN<|jKyzz(gDYk88YxAvRjgoCLr<>_ltx;X|L#{Z# z0E04IE~=d15bPi!{Z`bvOtA%x2rh6J9Vvy{Px=vjLuM-{iie3-#xxlFt^(x%O3~!d$PHbWv88@6-H?|5DR!JunY|!a)B?u{a?p}xA@KqIeZT*9Vb`e{ms(JQ{BvKM zszu$Qw0%t~jXr?kF!+24?+}z{q2rI)p9&h=}n)l6L%ao*^GwNYAJ{ob#O0{s284#?BMa-6y9Z+P%YaqJ(_| zDnL&fahlN!CJ!QC9!-e&_SWrSJ@_V03*GWO4HXjUab;y)@Wj>LemJ492R#O@a+vEx zg;~Obl5FGC-9Zz%7yD9K59QCqi$ssD=%tPyz(xEzEes@)x%r(_%}q&R{|NKy_At*57nq?^oJxF1lm)G zioeoK$i&w>Afkli>CKyL__t(r5{M)m+$0?Ne;$omHhb2#q5t!OmXzfHdREhh(Tn1hG zr%EICuuy0(#Y9}HDgz|)7-(P!6M?@1oAd)CxbsL{~qcC_$gP8T_G(qvtLDLo#dp+${N;krrqojIo>h`$rRQ&&0RzZW zJBBy4Om-x{LKpqt6LsGYH1FJS6BgfF#-)6`jO$f%=yl$-DJCYe%@OMSnfY`10n{wm z?>u!9yKHAZtg0Upcx}xZ>Z)o+pO_uFsXQh^{)+HSzF_3cTwvGAIP%J~H?6%cOaBFd zD-3ks+&l54??!osrUuxXWl`Z#U=c^Ccz4>`GjkP;Ipr`-a8`RmO9A@^l>kh*P7YW^EojScWT{Rxi zlcw09T8!mwb`M52kZ0yTrDy2pSVxM>(-rF%fdYrJlSD%bKqL^!n)P_{IB&&qoT+0a zO^<}%!Kk?_9x}N`%|yV|5@~52;H9hNqyVr?69ehd4#z7Ssp#0+&eVQ?^~U)Nf-MTp zg_9_PEk`}QX7~Xv_b$ahZ_8=*O+K%I)h~d&id1fe(Bs{SvT#qcR1DbyeK53F*=(NQ zb{S5jEt|OT%3$qs=|S6fh@6xlV&7hItB$IywG&^1#D4&F>xwq3bg(CwWT0}fG2iUr zF+NPd?l7fsj(ZbZLw1(JZ4aRsZX#h3?iG}651VV;6jb}>eMLAiCVmw(Ww z#%IEEc0LtFCff;T>y98R3!nSoe&I6Dn)`UWP=E93@^VucG$AJBS@%kZpi{#td+LkA^y-fJAeNVGF$rdo3e6l9 zx{8PR55?e&x~rGoFA&3YI65?GTC)WcFDtn z@wAUhnM}G|WMG$P&DQSWVmr21MiJm#QYUsRVPUg49j-QEKs|bZ+L6N)I4mVsW2Duk zRQ{Nxe!jw%$Unb+na1kkTd+H^nG|0ZyK#;Cj;Fe%^NDAQZ#31?`s_?t`duY4sHhc! zPKYy2)masIt2!W>S31?zPnytC$R8zIKQ;7o3D>$5E49m|3KdDs3eV$4Zhx%K%1z25 z6YO;ZRW)jtY76_h3Cjwqh;afRAx_ z38{HE8P!VqYE>BE4E(vzVWK8$tJG_otDC!y(vifx-iW==zK2)Dy49EFLMoYpYBG?# z^L%-MYJ|3>o7$2gJ!8|bqUp?5nT7h>UN7UCwZ9PM(uE$OV{9L% z=N?Iqldm*_+TPiK-+PX;xiTm22qAv~crVeQHEMQ`d9Nr1i6}8HEwh}B`m*rsDp!{G zZ8NJal%L9&tO5KEi$q^bz2$@+Dgc30q^HJpV@Q1$-yE)ML0xWS=Be3!teiu6J$BTD z_MU0WEZ`8ej$3;9JPC_((Bf{8^?>} zo7j0>zEwUpqkN__&F@f6)|6XQ-2fNg*%gcVh@dGp!uO>eyHFIQ7P1*%=^Xaf`f)0n zWOUU3%mKY>iUDxF_I&PQ*)fiLi;kp7#dWI%R9k`B^*>c@DUsg?8$)$>x^``Vq70?y z$45(Pq!aF;VTEBdWLi1(neC5g9YrZ>Q@g;CC6+`A`QPr0+`VOqn7pebf70CLG~vlJ zifmN1%X>daAVn`u25c6p_|f%qZtIM#uGVfi+i&~)c)Y*xS#*BhDnywf@!7W$vkysU z@hO=@s+}SFcd!ROxZOrRq4$R|eYh+(){KUA#XyYIpYnHWt-Zy(ZS@-j7_61& z*OrE`hM+wnK3V<8aSAG5yGFuh)i{Ls7Gtu%Uk=C9zt@EFiPgqRYtslvmiuHG>DZ#R zJHBt?Io+5IH%ZWe#_Xkx*zPzT@{DJE?NX?s4}V>krE&|)KP)jA(X=|&QeG;X$c$qg zUCM13vDxrb~ z9x@z|U=~BZ0UV)v?Ib4**6Tj~G2snEg>h^#y<^Rr?gc_JJvEFWt9}pmUz)hhqrk4< zNUO;ew_!`iA=F}z5SxqM={s*089e93&xxanG^P>T*5u@O;L(1>0Zp~(t!DMBZoq;( zp3##y+2d=sEA>`sAgWY*wgpOjN9 zBC5ukBuCvm#tY5!XG~um5fEz?Zw@KUC+`goGKE3(GIxOoxx%`WiR1K^CdsF!iFmQx zNa83r84lM@cr1T(yOdII$ysN@xe@_vt@l5pe8a+K z!)0=fVo)*}JtL`47B@F4DDOj>B1g=CMIrCP8j=U?C8E3gLjm`PEK1Vu`20h*_3yJp z{&adXP2*_~cTPq357stjcWbK7&V(VS8_Ive)Mm9Qpj4!w|!&f*_BDsQ#}g^rWg4tiUbiq+Fjw>Xl6JDoZ?_Ei|$Rmvhh z@47y5TbH8i7L`a&qmNSiG{Wtza8Jz1VcBdG_l&TgefP)AJ7~+X?&DFti=dn3v}czT zQ=CZw${P9uK5+?YXdRZniyWqz^0a(glL$BX1t0}YqI_isd@&ksA9|N`-i9ULV!K{5 zLH{bb@<;WwawP{jiUT*M$;_gxR^XamQSwV`;+;>U6hLSga^vkEPdQ!}W-b_-6*cU8 zEhVPC*%u{3rMoIDJtT?U#c)H^KDC_-@jifDpQH7YY5f0LU;ndV`~OhLQETjm+HcdX z7pmRG5)pRaZ;{PcFm;x`!9!D6@gbP!U^Hs`Opm;mrkdXrbxdGC`9uO#b8+ew>&c;a zKP2{MZt-(C7{kQabMCB>C)AQIdjP5{VWqPjWY8MiX2$C+`Kfn_b?Ez*s&g4uHvSME z7|E6}YKnqCfmdc?GTH5abNHQ)^kiJ7CiJRLdcJqlVsi&D2t%nQ5DN zYxBWXw=*3Hxgq7Dd$Nu2)6m{Wu^haDT|abj6BPiklvFubypMh8L~uII#51!_rseg} z3_Bj>fq?_tnr7;iB5$W=G|NZp9*nH0+6s5sn!61{q?cGoN^-9FDP=B(L z-|_$#C-p(=oEL}x-DmWaonA(ZM#R|%sl;jvt~eLq}4`~Dv6E=p5&vfv%mLQ=l{t}{{?oA;WzjKBQ?Gm6fa4d>mRIhVCk zZE9+-UgT&Tb`a;Lddqr)UwkkV)a%^7pZ*v6T9usZ`m%088F} z!sl5mMxL-1K1S=}@S+^W1vo$|*osA(IP2<_?vpMsu+jUgx#x5GC0iuaVSKaGfPJ`b z`6Xb!@2nDf2_Q_v=QND1?-<)Z{u>6TLq_KY9&#UVBKnwx1W_p5S$;*HEzAgqcF16_G*!A`Mw2r z1ge<#TY)Xhy0!v@gNVDY6WZ+t1uqWK>v~IWd8tJyMPHMkVh{2`ncnAeKe`F|9}6^h z7(Ez0m^D%L;e4L?I*bl%$|FbNkCZ!&lbCX4cMV4{q|FSDnY5b}aiFNrvuQpe)8+;IoyX-2phQpr$*j zXh*Tb*$gjEbG6>(*|wZ7`SdPO)2}-q3)~&*udu`vD*Dc{)?)|j1DS7DeR+^(Yg7_B zZD5-$DqrM?pI=dm;((D~6|veia(|fN^7%#RE+Y;FR796z|Fo`OaGRI&1)0Cx6Tv&4 zk~fPNKXD&v=x}EJG}&qcDe;BnVh$&mM0MoIA}NIZSEF7qu31E)R_T+u^fh1O?xsFP zW--Sb?xQ12BxL+bOg5bRI82=jvW+4owu7|kr84TC`TLJ3N%kywoD9d1%mrtMY#edZ!Wy3$FveDV&2`#!u2h)huugCMhoJWFrNJD3tK3Wc#zwnW;>UkbpBGI*kn9I1e9fhGXF^Xv2y$BX z)FdJ5!&&T|v;3Z<0xP4IKq3>fa5n#O9o>sN9G0dBP16AX#g5_&7om-^N<;EgzG}~N zabQkfgI|pSqU*584KNxdiS}Wn9)Xy8gZUFsjo zhH_&Z(E1aCXuru;CUw3|w@xPW9}`K(h`H$BSeFYr9l=}7sX(y4j$Q#q z_J>1euS92m&>7G-9zuLn_#+ksx{H9+K2>nT8nUOStWUKYzBF={SIkkc(B?n!#DMwj z^45l(FJql-f|~wbVkhS~M^?W@$@oxHkJ_S6mHMF|x0F=sk0q>bAo6;JP9x~ObEb*M z?ExOw+aPlz#C(Dl0)VFn!@q*sfFjaSRIGbx9~jOdY!M&_{pMYcKL;6E`Uq(J(ui*lE*$4 zBym65Vnh-Wf_Nj%4u@{61V?(Ms!H>X=y{9VE4+JwEx@r3ZzMy`<%W|4k^W(wV`6GI)Gg}X| zjmf}u{mJE)q2>({6d2Fm$?9dUfN(VpQ@V(&{|c36!mn}|=@7-8p)74JBEO57yNP4e zq!+r$Mh*!z3l$wz`!-b2Wq1|j}5|inesM5bs2CFp^Y8S3+Eo5(l5m$ zm-miWh3MbAsE~Yukbc~aP&nF|<^$kjH12uOX{i0{O$LjnkN5XNNkIfnapi)2-K*(6 zfy-XC4tRn-FWTA%`5Mpe~nxPvNeO(_`VWj!T9k_|< zZl!(Z0iV*1mrF;+;U!vxG~Gq0uGOi}t+~3!_JKP5B@Hv4&2yjEx=*6IJ+a3ClTufN zFauhMIyS>bAGzjD-iAo|+oD!2YO%TF&a013ncxEDA8dk;=h#=lRGuG>nRE5*(#n-x zUhb)S3P-%t3oQuAoF;6T4Xz$FE7Ya>F=BK?NzGV?wb4hlve`g&n6LZ5*|)+|NjC;Ex>9+gwH?{?|~e6sjMyZ+>qDv1|tleqN@x5k5xZ0%%#ERMd_M5Id)=4yQrL3dN?C3X+^*GF5>Dwlb^- zEYq@w)a!A*nWEFm|0EGS?xPSM7#daTV4SbZ_?|Xmn9+bH?C~XY`T?UasNwmr0b5)P z$99Q|F_%G{K`)u53_ENHU^8IF^5V{II_a$9(3=8$UHguEmK2DkFHf<`1^F!n(%sN~ zbqAXjmUYDAEEZZ06?`rsa$v56SxNbp;LIL7PHs;uaXwmwNf_S|qWbYRsjVAaQXZ3) z5al#Lg(}tx_LV*ETRumNPFj1--FVXq-=-UINOyoOm!9*cvc|mUN6q7~Nh7js2L=*{ z0EYp+7#?1+Jh9s&u_4P|$;NSBSH`<|&<}vhx(~%1j5aGJz^Szs>`jSM-*?RqJV9Ig zEuo%$1~8XNf;9qzfjzrRF@fGo-NX7Qh7}z=(!BbX{2iT*x#A|$=`uA#FOdD4Ps3kg zP@xf=W(W37^Hs=y^fGztD!@CF=6cuF~E;Y6lSyIHy|Pp zxCMdyhs7L_#MRNL{&=P@PrcPB+Cvdkqo5?}FF@bCgGXrVr;RdXiBHeZ^E5UL1Ks|* z?7-KqSwG^_N_v(yu+THggJW#eibiIU9!>UA|e*RhY<)^DW)5Ymdg5SLlbFNK3CIAzkazs_jC0WMTR!Gq0v1QyWn)NoEywwNQNhMPx@qh7PgA3zubftgxCyuhS<8-xmFs^05NZ0Y#NOD-pMuJQ(KutDia52Fi2p3k zSi_m4m)~JnMc!6RKcA%8&?v+^7;%JNcSPoVQooODobaE#YmZ%Kt)A5*X;t5E%IJ6X z(3DxG$Gp3*b{UyN<~$m6WbP3%m8QJ7cBXrp7TfiZYN~eiELi~vXz-Gp3#@4Yg=hto zdCUPtDHW}=P1KTRlUVFKK_3Q&?#-teV&|r5^wmcr%bUDX& z*{)ac?ssxV;o`pmvi)HpX*hwln_4Q-eYWWTG*FJl1|LF&r z#I5hcB*gVsdk5hJc_GB-pmv|Q@TVB0j zJpG7%n1(7Hrm|||@vYuBZCL9m<8kBK0fc^D?eB`{YKi_&s+HO9Ls&+iy(ST&eS3LO zHzb^wKgh^wfssU=OxRKA@!@J?Y5lw@l!mg`(8HHwlhb=U_dAwUwtbAXE4`&gSV^n` zZt_va@?Ot6TmIl@*@3#OkBEOypRDc|KxfDnJVk&@Yu>;99r!6fxo6^AKy>1{A5&@A ztvcG+LPbM{r--AJJBzGHCrKv9LuU348RNcp@C}#9wJ!W@^pE1CL`c@ssM&`>iLLAE z^)mW^ZMhBi!KDd_=CnVGshqISw>pQNy?MYsnp+S;nLtG|>9<|vkC7;eeRv}YfK8Fl|MzDV zrQRzl5toRa{Y~3OJBANbdofadCogPF{;p&Bnz+eQ^VE z%HpmrZ1o33?OhZL=gkkNX={YnE1}D`Qqk2IzD(!G?Ms)rxn=u{rQ1J|otm`YV~f<- z9ovYm1A$LVKMRKm8E+#nhJ9{gnobLryr*Viuxl+Ci{p+L*R1fC?#j$j(H1Oa@8@!_ z;B)88iEpRqW(^|+!R&o(tzW&Y&#Vmp7kO_T6j!kBizdM>K=8rceQ@7Z{ z;L|6!v|}8~ywur4z794{rKQ4*oc3)ynTs@|o8B%;_=L2st(!Tfev_R$Z>a;4Q_JTK z#HX&zur!FgS|@@{lgM~SEzUksaEYc+;)Z>W8=enQv$TI3vp`dwmG4b*n@3*qF~Lr+ zdqGSpi!q~Jaep<$UCWzhibk7$voPuxtA#<$=qK*Daa(3cU4E;5>WlrC5C|fClxl;E z7ySAw-Sf-+61!W5#UT7biZ%VO8DrSn3G}@6IGm$j;u)5xM>gyS*OqwfoKO#@;-iT| zIM>+`qIp*bqguAH$zD^)U35IhDubQ0>Azg}Plt=$R9lXoLz5}pE5s@4`rXy4yU+Vk zm|Ylym#sH9_wfA0IzCd;VYCN0VQfg(#=jlNsM>1I=Ipm!cj&=&#eVv6|Rarch)Vu;JRb66Ye03G8M-24rqY5k(A>cpReQ%=BWY9 zn^uGF$k63WqUtEc$=uKkKn^u#tbflk^7bA6lr7A;sJJoV;MRwKW;hl0dXQM2{HEWT zy||?Jw^CDzWZ;oqU}G+kmM&K@Y3Jw9hpoff-z&y6iRxr%3BnM)1fEWBlTNNad(u1! zV4a49qjupN*tWdc4o@i%H-&Ui!W^G`|K&}y?qU7I+h01w%<>BAxCQrdMZzLfB<)c1Y$c6huEm$eFG$9ykf~zTFsj05r zzs{b#5Ms=^LcX3at5~Qo-&8iKS9)8ARY&SvJT_Bn%Egs(N6Cve}oKVSRU0C|Vu z^n~2+mnc>)548D*k(VijEAhmL&bvPY1Y>rti{;6&+^G|DVcee2cRrt(ZiFSBU7^XD_Zxu8>*7NW0N|+XF$dk3eLuC(t9G9ey(`FBP5;wc0QKZs4A*?OdEA9u zwNoip&+So|THZJw>_KIc*d|_tA(om>!f5+}*|=@Nf?k$A(x23dU_;JLxB9TeT zf%#p|-LSSnI>l8er%eD;3sW+wbyENM_e5oY>6XUV!NKDh#@?kuX%rG^8P54E2Osxj z<`nxX1uW(|5|{o;SAWS;&$AxXkQvEBV`8$-!)WQC6%peOKVtryj|9D@wdSE?KQxJ$ ztiQ5mgY&^OC{H~Yw$NbD8ymUvNzU7UM3WlVd^%}<#z%{SiSO^@;r}~8MpxOojE?>)TNeh7kZ$CvfJnbpCJ-alutU2)WMK?&wGi;8`agF8) zCi=3TZ8Yn&2uIc4n6CC{EDYk;`bLv%Dd)%^GdvwRr7Pyw4Xm>1a`Y`|b~l9cIsZ(q=h*{q+p8^=ofOLxbLFB3xlcgo{C>w;Tpso^Pxj|g76odj z!Fcf8isc-OpBU=P9skze@|bY#VhJ2Qpnp+y;~T2lMo>pwHaW_V{-6(|saf7H+(o)! zP>f)|wsrzwDb0ttGv!-<$@MZf*Y$vdIWS}(b6weho697EnRu#^2b63_C!^fVr$z)ko8YJ6)_w>-erD7djWvL|(X zahxWLHb9#pF+y?bMw>oIdyEmfsS59w2`i>3Zt|UkQ9Euq&DaSU+uFH@UExHS>@PYy zAa^mzOGgAW{%3_o>^0Sva^+ulHMbf{Kh_><@~>kapBT6-Dy)3CHxN0+f2dh%tonZk z)p=Vv27AmA2NIzeeh;F?ivKgOIzs6xD#N)Q-5G+4^2{^kzeBP3T48t zHnI7p%w%dIY77S{&YHj6u<^=w@9FdZB!el%csm;Z_{87iZtiCULZ&XK@j4p0yxFk_ zMN4RrEFUiZsZPV7hf9v=@0#097&UUZ#Nj)CGy}R zbtCiP9tk6hBmRUg#5`ajYq$YJOpd7YX#4P0ADV4?HYkw+`0wa0l8;z8@4xl@GCA$N z?>X#$e1dvMyY^5g^HUo`n+RNfK5hJC=7Atk$GDAfkTEHN9%?u54rOGJH?&|LjX#2U&AzN2nkfB3L*3;%!r zs+{A8WwjhUqf(-Yn)bUMpZxQgknu)TCRqIc{w0I|?V+@M{U@{jlXr`r7qQH#>=rex zl>Qr^YX2Mm3Kji}SO3MkKYh-G^JKU#lP2;1ol!&nlY#55|HZ5SgLxw=f=gfi{1o`|Oavt(Ry~37Gb#%aCmC&PAX4l+UsKFD4FYDd7?N97b?o66NDG ztE6kNpe&6?B&aDEq+J&{*bbDQ>^ZFN@ejQ;?AG^LWZMGgSk$LsAwF2}(Eo3Q8TkKT z5sb$bdv`l;A1`}rH*93e!^Rm~K$MP;?r%a;l8#py?CN9hg}l02``9bm+j`j9)A7Ev zcX#x0q7wlM(@9HX|FgD#L95YMk9j`akW;HvN9e8%>l8i~{rb}njylZ#j;@%;vXqZK zk#mMj9km}E0JZa%=L-*M(@BNl0&gvzewCNMJO)bQ(xikIMJIm27kn)P$*N4eBmdN; z+p{c-k@scdvGImGT`FvBY0pJSMsfr1qf7b8!+QOUno5xAUP@ll|#)X!)9n<6F&d z6O2DLDhJ=(_YpWX8)i~Ap1VR((Oz0om=rlbA5Y(UU!+VN<2tg13gp~!e|(8hF5s_-j))`$AOkEK+FO}5|(Lh^?ma?yqQGdeGV3okAK^Ul72PPsn= zf1V{oF=O!&5eOX-x|Z#Uy=vQ}@}7-YdlfdkM5NpNS|!ZfGUmu&X;n#)uh)!&v(m(( zviCQ!0>=|<&QQ6m8+V-4E-lf$?M}{Q&xpZK&*a}9F_^-Su*eo!*Z5Ges`SFzhwCck zHM>=pK~h|0&&>~cNf);V%2UiQciNtgK9Ct{I^?Gp_&FH-TJW)!M5=z& zVDVwE?CVvVFuD1H_3%V4_H_8-((lW(+`Yf`n-CGXXom71^Fp4aq4|3Id>~9&e7Y>b zNwM!|&n!#q`IS19jCV?Q`o~FUpa;q==Lk!Zzp=Uo)6ZEfNXPdonEQ26<`d5kCsC^m zY1<)SZF1YlKr*#f*wZ{cwoBzExzRyTbIOwLhx5*6q57`eOftB$@O{Ob@P-26xI^zN z-S-5{sndj)ailfrir%r{d6I3<6nV6?J+tu{?3B;p#)&Fp0oj4lL4h zLJlBvJZI_xsdt>ZUK}>MFDmicm-Mf_#N9W)3uTNSpD~C;%l=o15&JiZQSfm0v3K|J zrV|uE-qoYy)wH(*Tg!X+)0rXje00M60(2r`0(2I1ygJri$dYs-BL7iP&)(a^*UQ%4 zo9?gVDf#=TfP9cr_m7+kADz%&DtbtXLrNo(#y@T=BisAiD3XjaKb`P@meBF?um#y8 zdtrtoqo_>Bt8ee`L&vM;X6FEc& zMvA=-vhH7j|EHe#N0EQ&33;%Ow~oD+f`{8{5BI-=5~br+@No6;0=>4jMb=fce*?C) z*Hb~#{%=)^sy*1z$%jsWPk@dWq-pK#LMO=oAL9b~+W7o~{6G5sufF`NySzqVJESTS z76ASawZt#@KP#r=!pCXmh2XCNpMFSxH$g!cmi2^0;NU$+)n(g!MfuD(TQ8A_YR$&p zJeDT2elZ*X_d&_P6HVyE8mN7BJl1YEn9YMWyI}fubkzku!pVI(Mi;9IQdZP7P|@AJ zo1wkMzu5gV_3Oa;`$mWNY2lxVFF{{Ds4XTZq#VEh3Miib{dP)B(A&Y<`YduRr`SqF zM8ry}$C^Cadg8fd@OF=Z+MnlCCw9dy#^(KexcyGd8xK~GAJiG3!raw=OTo#KDx;AJ zesL;oynZL{?_{K;WJ`tZU8P_-+;W+J+!VyDh@7v0@g+XImK3VMA}Mb4&dY$Z(o?{M z-AtlqX_G34fTd+p5}NAGd;BbzZO*oNGwqLlH6km&$ca$RTKP4dzC21SJUW6kmVc6cx?8Y)ybo;&zPs=F(_Mc}_4dAA=4M+8{5`aF_v@7# z&Y<2d_-k0dxzWM(<4-sJ8 zF#RhgY4T zX0PKzM6!D8xgtBNYI2v)1+V+YTQibTUtbS$@io8_s=6AZ5 zbd)aTp4h$7ls-FTUcbgjl3Ce1GMzv~Ol!-vC*%x;^H{{{5l2k0p!u@(cHh=TaLfq@iB5!YnBJdLFu zqx(e}$B~yN{w2g@Fz;t#1h8@X#EMoVqxtT`JR-2SSf{432$#>0Ag0`tc$?iiiZ6_H z$(#X&O&(pvragN|0)i*wwR+I0GFpD^IQ}GGJzb1DLlPz+IP3iRki8dBReC5u! z?2&OLA-1_(EW5;)6t?GPiIp6KIXvpRik|9EQ+w&2L9=;==3=dIxv@UQ4(yV93O>)o zR&*}2Z1h(Tk!PYHzP|L>DFu}#yfC&^ojSdR;UDZ&edZ-J-!|NbH0OyRWt@dDApz&t zuU`gUX>Qim*7vuU+oYp>%5wZg&ij$qhBLn-WHurMmxy7{@K9jwZk4ITC-<929^Xde z$Z&5rPF{9DJkUO1odMNJw%Ple*kHfE*+?2VIsD8S5`E~tx}6@*U3jVk=NOt}i&DM7 zLsr<};8S}D#&}MI*P1ZFUvdJ_Cd}a*b4sNb*7GzMah%OtZ#W|+x#3iAB0M7={d)4H zath6pP|2Z?%FFWZn`ez|`jZSVq;7h`S|lp_*4)(8^rsO`;+t|8NqgLp6wn6E;{@Bw zCIjim{g0sviMIOwrwXCa-`FV_ah0f|nGB*e`U9Z#F-6>X zXsILvafIf&%!1t1FUo979<{(hkUBqH(G^Vx7~ej@^9;#tbd}6rsbMX!<7)YymWJ7OX!SoJub>nU1C(d7*F+OUtxIy7i-&3WsLRHRnZ zXm8Pd1Q%@aN)-)Y#hvdr6tIn`iDn9T>ljT-_5QivK83+9cq`?}$xF=otg5SCyxik=kEUUsK&if7wqeChSFo%_O)7DYN~BrAI+^$mURc&*qUPfu^$HQ1d^t z|F97MN7?wwgoFf5vn=b2m~EtKa~m41d-h`l3h*sW>#ocp!};dAV)LjmzJ}|Hc3Cr@wxAdwXl*G_m9yy+W#i z3(({XaL-E|93dwcMD#l~LG@RNRrHz&;Waq1OXT3-py`*n#8ks%4H2-yXDHs&bO&Gp zqsM*8)y4he?YXFygiqkfZl(5qqTbp|(=`MK*w@nm@iI@%g%_;MJrZ)((yAtN|2tnM zaIaP9qj?^mOgi#sQ?iz3J}KQ%P?n?`Z6MO)*|#jZju9%VrdHW*)~v;6)q)yCsgC->FCpJlyU z?Ny*Vy;Y7N2+jzFvPP=8och5Fa9cxGwO*&s$z8qkdol|z>y)dNBWaM9X(P`GPRx~x zIU8x67GS$Ij_x>ZoF^+h^!JC;x5zL+-cYrKPf)3#*H-@H4B#K=VCEt|RYvb|HHpXY zU*T|VOCPxumeJaDQrC=>EC)_j?mdiEWq_iZen=DCN%}HvsJB$DTzDx5SWbG;Div*X zm?3?AK4*5iQiiUPoIt-kwzx)tLnVIoLRjIW1C#GcW_FqinlHL*T&T#`t4xTa>yBjd z@p{zdhUXHt!^^JEuA=z&&LLu~_L-V6wogZE5~p2$oJ0M;vGnkNe9;na@H!fE*dj)M ziEfIa@|-HE`FhH?5FL4Y;dgxX25Z=jX;QXd+8 zI+DPEhaL`0It~7QW(oB~R|OGHsd+xYFrn5zxtZ`RY*->AV0Ss7sd#+nz%yc|TQh}$K-U+A^&LN*s(_DByEYi6YW@Z6iS#$!Tdp&&IEm~Iub z&5J`rYZO;o$~-?rmpd}_0{P)t@K-%6vV8icguMxIYNanmc1NqPGLMmrHn6h;W|v2| zV_UL0rsUFk2_?MLLofv-0ReRUWvZqZuGVV77FDt?fD-*^yj3qOuy{R(Qg+4e*3(rr zfMOhhYX9K?I)XtgE+Uq@vB)=i579{mZWn-%y*DEn*p9M-oXoYUShyIKS&u-v~TKGEf1=29Ux9cUn_uwF7&#SfG-;DlL;jynNAp)bKEup(pGr|b+ zO;m7RlB^%Osv6F*x~j&?RJHjFZIYr`P`W&T`W>BS0bg_0iK58h92K~G3p}OBnMOLi zB6}LQ5MBobf5;j8 zdf$k$b~0Tb`mFG!7ofOCMAbxmrydVa^*Q*Edw*m|P&gjg{sK(jA;1@(;f$IA@8$6@ zCIw&oX79TJs&2oKd+vKS@E~R4xKor?aaKKrTg%OgC%9=;`gGJ*{F!FZAgFrC-3YP& zYa6){s#@T@Jd@z_6hk*~ zRX`=gkZQQPk$fI>hm<^OZC0{iH*Mtcxm-N^Z#wEyXPJj&ZBR~;_yq15=yKQsJ0nit zrt68srJ^>BytG+9%&`u;(H^t$UnZwX4h8XM`&QVCR=T5um0^XYPdi6UnD9nt3#VT5 z7kyX7F=T(H)GoSCOax9rVQmjo?GM$%k;{v2Vg~~N-ZUX*T7ayIVRy-Nyw6$agjF8MkqvX{U#~aWMnvE|i;_`(Q;?v{aLxPZL*Z*#M(X z6+pRcz*F?SfPN1bL5H3GJ%0X~g-L3K*<6jJ>lGxQ*Bx8R?>`r_SR>q z(U{M#V9J`R6zd4ieEO!EM4zlxino22<{4Loe{=`$8WqUlV#^~+JvGt@N;%eE^p)OQSUD`&f}8$)8P`r9 z(_Rxo!I%rG2r3ScJYm1vxfjt>yVwZ;wJl`>ySZu9eS>qU5qbi%RXhkAGK8Mm>Pvv> zTcl=f8W$c~%!Fr5n5zCc3sOO9yV;wgN}14KP2C?ay6hKC%*$G#o?=q7)UL$bnl44q z;n^xujRe0@1I4u0s8`5lxL{L-^bVlwyt&aG`txZwNI}*bW zSN~zOtE{9H$Apz{MiY4U10_PNJ?Sk}F1GiIK%eUD8-?1pNa~&5XIlhRyC(jMnOl39 zX$xCqx7bEc_#9gwjRI~;v`mHjP|tqCsWN23%ev^YSqwO3*#eKN^^?&T(P+#yKe3<{ z+m>X<3MSL3SIwj0UAjWrzU}VKtn>;Y9rU!v^MGb!g@pxRIYqT;J+~!S!cTybSJArq-1lta4=5M66EK|SEc)_%)3wR_Qkj5-blH^~Odglj2z~md5PenyXq=Z}Q;?a4PM<<* zL8dx~Z94YEh(U9ErVKVazHpQksG0ez>QOnQK4)GF;e-=N@%uJk7zQG$R)r7ya}&d6 zfR3tS2pipUFGLkD7oa_SnFS1YjBuE=YP)5n)#Obso>`z%dI zp`>jCDvq$zkAkO0+By}K6}W+on&Xc)s)OhniHm_Xvu9b|tzX9N3q2X2nO!Pb4U9EH z7z0=j=Fm}vn$xG?KoJ5Ox?gekL3HYKXw1;Ti&@1KmWbXI;NgK1phyQgyOg#^#+p*W zoa*T$muC|r!1s=!8Xv?2VemH^Np?@Xjp1hHK1w9Y7UA-P;H)@H4t@q=;DF&E&+xG7 zOF4jb_;V}^OjXd*^UFVJ6|I;y(u!*IA5SSW@X}b;TcHZPsXEvViU3PaRRyb7X(W(Q z)Jv`Spe`g&20k}cLTu&|$%Ea|qtk)QSp3d%nVldfw%=^Vok?t(YQL0l^=)5}J1WIM z_&6MuvJ-J5ald3QdXy6Desl_Ip3W&&Yh3o?jnPYqUSx)Xsde9`k}Apv=fnwXePrxS zR0W{}{Oh_ZVOW8wq=M)~ihxK0Kwx+IQUVZ{T^hM-#%HfYHA3hMfa3K#IY4jtIs@3m z@!O}Z42wT%j72tJV3Q>Sn8dvd<;3DBQ|+D(GRr*Jic0%&OGP6h9+>kD7s*#_1KBwa zaq7@wqW-%#Y0(TRi!OXs{s3qcEH0N0LRTC1PIWGPrwPi6>%*)W{M|hG8+U2b4hUzP z<*#++eBJ}iH@R(BTas)_VmnEAZ+77Y3`oS&NY4)1-IvQX0UApQ=)$F@N+fU&>W8j^ z#E7A#ad1o8PjSAA;5fO}meIW-Cr_#v;H9l6NQ@UbvQB=u4|CsJk%oABx12mqScr9K|;`THYan#@r!ZU=%F=$p~rYKX+mnAW1x*W$7X+7IJ zi%Mbu=Lw9ZR`^D=EV#eEm9)-Rn(OHWSfqfTuQ>o;haGZ6 zhD98#b2hvn5-2b~y00*r5V!c)#;t?{KInG9wBs|7&+D@n1DgWi*kHvJIy_!}cId8? z?x7Ok76~1+=0j!ey(*yJJ|S?~!KtFgZ&}MGp$BHJO&TqFIvQ&IA27gaJ*s(@zP#^guw`U;~;=5k5Z7ULSGQ{l)EhpD1O{c z(_-=`vbX>ff%!C0;5}a4&Bk^8o^XocAf(QuZz6ErgpwAi|DC@0FVeM^_G+0U?e-+J zRamU3jR-`FB|GxG~?;&6&Yk9+1Eg|2^LQR8A3KVU^!hP*z_`3PBh}%MK?P_!VY*S^l zwzowYpiiupFzox%G)poX8k4k%(MiW0%vl`K#E@GwR805xtp+LC>IXi5{A=@@IeB4c zHerEJAE$yojKPz-|A-HDyl*dIP$aP7q@Y3CD4gupFIPiyc}4v(a1EZ1#@Z@u*fXxB zFjYV>2?IM?sgJPQ9FEDE`)sK#FPJdDZhKM@@K^!uE!|L`;p`MtHNACDB_()=A+?GP z4xG|~rgEzQX6+o*G`?~pP;w7FWD7+JWzL>I&sEAZtO3g)pJr8e*_qcF;^}i*vn?Zy zH@3El%XNaWB|T(qD%&s%kaLMhUS)M}1$4G`hVdehu6U@{=vzGW0M@bPywRdyDk%|& zg!-~%J!OR62*j46LDJ5~mtnx%w8#V(IOU1h-67thQ4-C(dNL|bXK!<->arczw15kg zP#c5*eqO?nyBo_=G@U~H4C#n+GSxux$&l`nx@lYX6(#3)d)l{VGHug6o06_+VL6LK zu06-~Pr*%GFBoSUptIJW9x60b(1TEdXG2d@nR5lQslmPf+&z~y8(@}93m6+^^QKbH7y~(QkAj1fi zYV$KPHqG=`kEvh!OWyQvrUolrjUK7Dx2s&ZvjMdiUp$xMPw4g;*_GDHtG`zqn7RjT z(;a_P@sl-`G=Vo?zDcdv%ZP`<=6nP-R+B8Q%Y#zhAl(6z9y4>Q7AA+g?}rYHrE}F0 zNM0#)$VsdC4f*1zJ; kaaPtRZUj5K=PeV0f5LwzN^MDPSPU1A_T?Mtv3kFe}l> z?P1J9wIA_rUoWy`j4<_uEX?pdGA7ghn|8^(kH5km!3}LHIK9x1??0cC) zYDM%)hm;ntSPl`Jtb~AD`lQ0^1b?1hDy^E(;jPoV9Z8uf0-hb2+1|#!?Bvo0XwR7m zx2OT6xta0G6aiORAwL;f;Wr~l6yY!*zRH!NE(ot|UkX zCbxoIt8e?8G^ZU;YVv`ZtGA3;Vwmcsfm-tbrgY(aD5SBa$pK1HZX5FH6ZxF`1nersXU1-M3sg76X7cMT%=gF=n1*+ z>+8F_d)uOihZkw}!F@d%-(#kMyIv~CT|?qv2fxwEw5Pp&xlVrws|Q%`%gPhFe_}|kscKTM6fW*%Sjs?o93s*kIrlUOoUaEj245GZhK7Om3vumvrR0tU$+nLycTtb!X zatoPM^mUSJgSWvB+JKOklz;PjKpsSFXPs5yQ0{Y$ql6!1GWj!+Nucs6;DL?rYC(ls zwuw%qXR5gn^Wn?xaEOMzMV(gu9PmH@=Mcz~R$HN1SZ(y)v$`%}0qmW}V&Nc%jD+U3 zkWnRgi7m{N>DwgkrZop0=c<}(S8d39;ag$ZI|OUyF|3>f=lSHK`2xsB4M1g6^PJ1= z`ip~ya52qvo|Y1=ZH5kK^?3@@-sIw-DU#w(1sBM<-SXvep+Wo?|6h22-MC?PA+Dzl z5~u6pC%1ubzkZl`X2H|(V{6*-I#*%X^3V)bNvE=tA@r)xkLTmL9?#jXS?D$I<5l6= z0Yi~*{V!h8)5Xk5kH^ciPfAFwLj9tqwgst&rlt)z4DZjAj3S`Osm%sqTi5)xzC_s-A6Oia7ClAlmy!9yghtMJ$P3n)voqFn#Y0<(6*(cZ6C7a;7?L-&)YQ-Yv-&HOeg{||4fvrW11;y?X_O&>MJ2SfP>=jsIG2RvGOc^$ON>`U1rIZ?`) zR@?9H!uqF)LVNtjJwSt)$wAPV2p*?Y0R=Z3d@z*KDtNa+o-8UQjPFIFRb=GPwYIn1 zM?k8JvYyIC6%^};n{eeHWuk{Iobm|3Jo@kwSJBvpa8VQg5zv~vA}GQGJ;mF@t zQSYdKXQoh6AFrRvl%NvfB;q?uY_!cFQ<%WKU6ce39Um15wR zt+xi($el|fUFfU3U(I7;ylZHM+%+_|tM$uCMa_Uu-_Wkyzkfz_QIVxAC#+*qq2vK_ z;})rS^&>*_ocA`#Ae$?$(q!14Frqn0M3#C2-Ao>BM>mExL0;bkAk65J0oJ9iVnNqy zs&@AYBT%k3n5a|M=x+c%PlKJ236$8PvUG`OGUv-VB#k4S08UT~AMJhuR(fS`2f+GF zmSNK?fVSF5KdgzFDdQBTS7H=~&If9+yBaIK*3uRY@XXTGA zyvd9SNfb3p^Xdq36!rPvfkzQKxz1(iD|n3?nGL#cO}VkhBIxU*xtpor731o!cx97(T~u-`_?j|>ay#5sjw(N_je0ZCoeEU3AN5+I-O zChPZSFr72T@UERdbOVdh^!d=!M${zwI^x`3CYYv(eQTc&e=mOiI^}EKoCKsnmkF+{ z()q=ZG4gGZ=8CaqLhavUV|$)om_bI)zknkEv_SDiOg_+pBH=_ z!oAF=}!UO`gRY0j4*L_N65?|!fum+8_(q3lxBj_|XP@Rh z#QEF{URdzKk&pavC$RKTvtCm~g1Wfq?U>q+bINc+y?&XI;L$5Dx0KGgNom-{i-N2- z`usUb4O*^qKdaHYJf{#Prrb&lQ83t^8aMa%gk~-6h#I*wkhVnY*5}d&fA#+177}i} z?_deOM4}Yf;4(dzu>F%3E=wF(4ZN^(i@nWfamDdFmu5PRab7f*H5j$}VuLjAO)JnD z)WCQ&Q0J-5@!dfln3t4a!z3;lTffiC%S~D91pZl4gufSeGE;J>KhM0B#m{&9Dktzu zYzBez?KThG&2>)XgE_^%=NDIs%&oXuOalDMZ8uwCXA0YZCZT#GtR6&eJ$t$G*Wh2%GoZs;0KbZ0)U+CfFp`@B&qQ9o* zpHmG=)5m#z#5FB{fw;0q`7X}*?PQqE!+C!g}=SPbcY93GH564Z$me-mT zvx_q_>SG-#g@JArss!QTvl!*SN0dec>0ayWEaqAyu0*ugMtvqI%e7p0kp(%c6hOg~ zTh+I({9n!Mw$lR`UU)Ht8ne{DY^CF6HAAc;$W7jBP!6!zl50_ObMYunzaP_|j&+v{ z=7Yi*=HZ0-j8zeO=V3SAP(75?3OH)v+8R!(}{w8nH;geBT^eg>HEv#Lk_4=hj1Wz*%8IqWNBMLT%Dsc?(qnAkhXiA&`KA@q> zZOso9>mb%|kfzYfhNF2M*DXFp zjH5AF9MX@HJ_~d?JQ?1Vn8k=9W^Fb4v>TO1{oOC_c3KM**Y!jeup9UeL6&kf6$-fK zA%1e^5Y^X$n_CDMuQMSl>({iH2F_XM8*=AHzz%y8e4Y>KG^_fufXHw%H#l*GG-&Z^ zMC@c-&9lP-VI0@Zz$Aisj*W|h8m+-_Yp|FH2o87Rx+A#*@i~GmzP6hLX^aQtm%)^5 z)wm%5+)M*BB@N1M=gzXN71JE$>c%!081X+N(A+>Y%IvXD<3iy|Fv6a69&FBJq!}j; zYJ9b=XF^sx_Z_I&IT0=nN!Y1j*L9>rvl4|ru0;IFsF@a2S@F4E{@7>~ki?8Yf|Bb= z8J*yJdM8`Iuewf zV6Y5gjUZGbYCuiSixXIE)>-g8BxJQjm}0cTXY4Otr_VJ=mj2oP^C?Pv*Ujz1|MoAK z#dz?rSh+j%p00jKkzEX+;$L5mVkxalr;EDUyVA1oz2N)W%@Q6f_5S6#vVF(Vi(NQI% zwv8zz4fE>~1EQ=7rIeZ@`P$L$LGy0sqUD~wJDjPYS9@1TkCaMb+VEX;8&E3C+@i1y zW)O-gcGR`yc?hn|Qi-SMf<*H8eQABBG3fV2J#A4^jaMoX2IG9XXe{J%fJ&$7fvqEV z@FLG(p1m<|9t-zEd2L3E?x+jqg@lu$D4Nzm3YqzwOFk;SbS0Gz0D)*RH+2J+4etne|htCAVP z^l|3d-NmkjiK11CKJk{|t!C&=x1A+I=E>w4+QJDb=s>2bXuC}KVk8neM7{9CRDsv# z3GsHdbV8X3G^(vjIX5n=s*=LkkBX#R#DOgu_zmjHO0@lN#3b#v8!ar2NF zJOfc1uBVCPQ`OM2AWVKm>cY98Cj>UDV7F#sgOO!L*a?N!uyk(eqnaMI*Pv_8)yPR0 zR5im4BJ6E8_%}JMDBn71Y;&NB#%78)1Kau?+TBM|OaYWt3JZ#qP=9Bz?$QD5vL3ts zC#W2zWJEC9xbB13tczoQkNl>a8ab3ubtYZmeiBF8h1$PsU^}`$dGtymsAqh4E9MWu5Qo@SkU);ree5MK3*dh2G>9QX;AP< zu9HumO}Y~XdvwkxzU^c?U1`@-G*8nP&zV(X3bUCxP zwcW~JgoZ%#vw-LC{brfTINsN^#QzLD7z*~Ba z;kk715iBIk99hW@7Ba0jN=8G>G2-`}+j^3D#K}!n*U+bLQ&&Sv+LUZf zF)}xD8M7}W!_^2hFCPGLL|II|@3N*yFAvjUG_@rNYf`vPf5C1+8pnwIw#dF1rKBbg zgb{bTfbE;XH(7yV7Yq6dTywe_3yP9aJT>S++p#`O)*K8J$ICMbVaNv|)n3*TE-qYN zV`6H$MdzkCE&xgv6-jz6+2^ttH-1*;^A#8m`=-${l`x?iu3uHsx;emvXTI&?}1|KwlXx2JadenmRA3BT17Pe3ovujv|)dKp7AmhW0hs+ z{=ptoEdI2ij0|?wL`x3bpQrLCI?t+2a6LkSj7f?48_vQ!37dpySdP#_uFX1<3 zZ^Casx65V>JQ1I={A(g74nc#5MEh0RtX0^2T3?=}+5V>Q2qCd!j|wO571(7G5}zrv zJW$%*Px7&xP9BVP2CGL>Ruj3PG}nh1)vXebJL?kue0jV{I-dc*Dw$%zGFaO0!^))8kK){>GY9g&FCz_L+6El^K3EG#(Y-Cd<$R^<623lfK%+ zEzmSj*ejs%xOe9$k%9RzxdBjqbwg zrKa<~c~v?YyS#_uMxKnO08f>yAz?g4LRK@#=2!(u3VhiYNIN)ZylR?Njpk8a34Lzq z9?j7T#4Q;JOV$%QG*`M-7-w>bBbwo*{xgrIsJQq{D7a8|MyLRmX{0%e#rDQUx3?~z zNat6aFWnprn(RY*tiM3#ZN!>_eg-hpT#T!%0VJw4=yA$B(we7Y^HKkc&3a60Y5CEX9G7;@(Snvab|sf0B@7=v9qwGLXKV z<74u}m$wp`v7pq_+t%#dDy-AtTf8s~6*}UQD1T@vVoA$R$OXnhJoIJcP#{}Un1!01 zs)b=JMCvsaP79uw!1jSIig?9{F>aq~)6e6jTKagcCS4e*Q+03Sb!P%xX zBFA!EEG$QRghL|CT%)%b-^a1E%Q;?47P~_0$+%kKJM?ui))Eg5aB1Ipjoiw`(Tl1t zF0)g*--9x@4&kXenF|ECoPGJF2|LsEwRLEn>{>;@FT{+1ikzts9U+S)@&nkEEOyoa z=uqjX=wL4F&}&XgL2?B;_JZPakU}%s=}>`a(?>A=O#d3N)yA%*?k=&ooT2!!fsL%x zkc+mqd8DobO&I=NvbCB&@6(2!t2z~aOnQCD&nnV2&bZ2R^xGXPb6u+wojt|O*ikhJ z2--y{0R(ly<@j(HT5+PDF=4Ynt{q`lmS~PzqbqbsNo8VTl*@R7S`*z%jFAemFej#W zTpH#UZISNL3ZDjeU}PHuuIdh0GSaX+eamWV>!KS>2NTZpP1mtom3&2uHiQ>ChkZ>< z8~tkrgIYJ94-t$jmM1-{8ao6ztsIU;dbu=fo5r|HXBh)FKH8nF@rymRPbboOa=eSm zW^jV4f52Bl(v4^gFx0K=at<7v%do3arq|YzC1Ux83N8G;u#2i+lT9?krmYaV5fSlC_{ub(r!|U~i%&f1nfinh>fmPBO&$2el4CHaUL6U5=(QWnaxAF<-!w&Zd{86QFzPcF z6iNGtK>9kgzGWF1lTuG}d~MQ67ntx#OqY&dt#ge~XrDkr2m>~6sdX)o+6vZQpa{UWRe%AF%Rc=iVPW8hGG&y-)YGSowz~JMB z*Q$cC=@|qn+9935cnxD@dl9Uf8D(6jq(#T23F9y|ZKPM|Hb@r_s{&veb&;=P?N3;P z{YS#M>i;q`9Wj^qQ!PuMXEjLRlwpLV{b5gXKuF3=Ph-K3_U?-|haFpjzGsB=(Zy4n z7si?X&|d*MJFKx)CE>(gHNHO7g$MM?zOxvYU=;S{bD&dj>tB!V|DL<|{|sy&lDL|4 z9Q|+lsPSL9*AN%v=jWUILjND~-a0C-sM!|`A-KB+4-UcIoyOf=8+Vrk2m}po!J%=2 zyL)hG+}$m>!|Qza``(>5_s(5&*P6B7nwfuCO`m;E*Qs4qzpA}<{r1T7^E1a{mQ7#s zT&cO7t!sLR*W+86CH)K?Qjx3c71GtNw{A>bjT1)XF)k6dr9_6;)?vgY^S^Yxo@Oe2r`HP@oXEpv)^Bp!%)_fkmkOoEKlp}DE+$Tx6=`_i_009<|~x4J!PW?IE`xQM^Obyy|-@ z^F`!IVHvSHJ)RE!?3?_a4;)RdND1Z}rc&IxeXG2IP&9j#po=W;2BCrSlAsGf6?k=8 zyx@~Y-#N(Euey8y@!^FkU&Lgb^k-c6x=yXjCfs%Ll~@cR2hxwP<^{Ud7kh%u~>|CmrMPGk;qDS7g z&-#EX4ul3#a5lGZr#2^+APY^$l6pD3Vw@jWkC=4Cey3CvspeNS#2}XRku^q-14?F| zAJsPP_KC;TN=yYcYlUi)WY0ZSOBCB$_7$ydoy8^ZoBZAGYq_?z%Wq6Ga|hrx+}+9= zgU#gBA6yu5uk?>mVAx-Rr3M~5Uv6`6!1McaZ#~uYVkLfq*>>7*Na|*1Aq}|P>LEXt zrNe}6DQ|zEUayLtC^{18Nx-z9FQ1)W`{iCluQBTE)k<5D$fd!DTDM+&nv+3#D&5|H zTa5?$S#;}yu*7Sx<+j7raH;!SXdXm4w{8<{;D+z=xoyJfpRaWVrttW$Ki&p(Rj!<& zIj&4$F#nyP`y1c;tk=G)0eeYah>BH2wj1&?AfnOcIP0m5LsW%5*;GMmwIam#?CmeS zQN8@K8O_hv(|?-Zo1KDNO+?=__<#NJ21A;E^{g9Errx-Wn7gEDSufV@nQ6R6@I&`d zBa)z`41Y!WUv}clpvR`f4AiX_hXQ9$E+S*WUOb6#qk)QeJ=F1 zh~r|!di>ltS7{13c`br&XF_B9H>AJFWHU6%sTp2Q@b=q=$#3pJCU>OzhC5Bi4#U%? z?B+r_eE1^V zitOVO$$Y4+x+(N}(#5kr&!TG?m2D6o*t@RXTN~(|H%0>Xoi@NMyG5gPvebm`dr@f` zGW6#i-yFMUlj_NG#lmcmCL3p;v8~Hf>A`prq*(Qixfe%lT%eavuE)1D({sS~a$lWs z&+uLDr+y);ewcBin$84a|Jah{7z-fuWdzW16RkY7bykyQMUxp#Sp!lpbDAbRfLxX6 z$OHI0p%vV=TUEtzN&`XrQo!v(C!%k6RkjUkRCkVJpEDfgPvEKEg*UyT{9Fd;|Skx^)Yir zdSixXc?D&5f7sBTcN{B_DawU%h6s^kpW|+P?U3>Ea%IclYXjo8MYOfb4XkE!+!0D{ zxig@a*N25bHdX$fZ3m<4>kqnCL0bd()p#Guzwz(O^_2Cx3bHeKSmMX1u$b`|%a<)qR9eP9eWJ<5`s%g5G zw?wr1aWsa@EOKOeg0$iC)?jd+rNciiDs$LWs_D@g?)%EYb?Ei@D6ifwM%}d^dj2IX z0c3Yy1jF)vqqz{~jZ}j7ajVSI1kKX;`Pu4n zy&ZB?eo}@%uk`G_=j9VEKgrB8mU-q;`uP0EILaky;US=^Q>$(6XWAm^eY%NyZYqq6 zabp899zHJU%Z^kTcSzp0(CVMS)^bx}dF5^S(8dS~r5;GIJnRs1}ppK9y6-pV@GV*~c{nV3BM1r0*m{6A(!{hn?TK}af$MD(`Y@o&o{S3hG^ z^H-_j&Lz&Yn~g$TRvNePm{_(FwGB8D{I#d_%=oxN2{+EM{m&c2ug%AT2W3~8j zw2I^0xgR*c&D1)qHka6y8#l;`DXjeAWN6h_3ngx7yu)qXj+$)GBFDvSj_5M`v$gG; zpGE%W~MH?c`sW=%asZB1d#FG)nLYv_Q_wsqnm%C_Ug9}=qvz{wpk*2w(Pd$7Se>d8ZR3Tn zf}~$o-g;b3cYuM7p9?vbPChydC&5KdOD4JBn87$TcORhSzUch)Y5F4u$Zvit7J##_ zMJfe)HH#ji*w^n}Yw(wHq-SO(Jd`8VC*AKYo&hRTLj2Y`vdZ|WJhRY7!!B+ z;v>$VPyRxkL?2y9@O=y;f@x`Z^7HPK1bq`OMvhG-WO@a}XWw z_BCqAJHce95|A%DwY5Kh?f?-<(FJ;r2;8a`>YPd+O)d6WFg@8VFMx!-(fBCvj&g@bu;1NBt*~qlW?>1B+=z8USfDBcQN>Y=Fi8Q zQQYgJLBu#<(y|S0%2P8b(-9-Pf(GHKM0raF@iFm72|SB{fd>I$vYG5YZJ|yT&{XUP z7x8?O{T94l4Tp^D(7GDuQ8#t2A`U`SCPVH}-f_J#zuf^jNBC2PR=$ya?m`Yi#22rc z@&Pa3O-AkjAMt<|JVIVZd{TW{Mrt#9FBCHbCn4@SN#`laub%5!0qn42ah#G+n(2}&(W5Yx(137 zE%-+7cLsDIKR=-t^`th@!I4f9=wY34W$>ac8nV)K44FGCpL(j2vY~RMuK-`}?F4rLc1Gs7Gp3MZ!#Xs6`y%B?qAA$QP)Sr2>1^haO|!R2{Oi ziE_V$Uf&0gB@ubA!b>X44@b8-giz2@?@AeRi(z0VxKLIS<-$kEHpk6JD}U%OSowV{ zMH^(Q>agQZi7m=X$9>s?5s{Oc`2U&PFHt!P((t+0X}P~Rglx^*ziyO`d_U{LO9?#q zbCz<>Al&pYpFhEO$**Iy|K~IX^_;E6IVN;zEIVE4=X1hc;ONmFxlyX{^YahkN2g0@ zeeNyZ=S*G~J7o^E%(bl4P7D8)E@**0N$j~T#J2-tluxQ)LkpdrcF#*G1Twn+Hslm?!qVTq;UBaCDx+r^*E{ zG1LuZyaaD77F@vp@vKm zyLC8WjhRhg2&9FQWqwsAGJT%8qfu&HG~`z@?P3=U;=B*X|B-ZSN?L2O{b8*k<1sku!#FS6>a(SYK}tNiM=i5 zHz+6@_A!?W3Pn}DF^N~-R+i&roF40<=BpxT3RwQ2J1l?b5HnKi;?u#xFxr~%oG=bd zRFd32y*94oyY_-p7^Nwg2Y8*v;8y9;j;SfTayw1xl?APHePg|&*ch^I3yvWUnjWtn z)H{7|*(*irmTTfTv}vmR-k_-(;pc~Gk<5aN>BR9Y8w~tm@}^7mLHnh_)whdign&bQ zWan>+@Afvn^iimQ2hrWq;3(6(s$#r9ZVzo@2DX|-@h?mBOU0LR|8NQsJnt<+^p8Vj z%$y$~RW1?dt2BM?x+!@ITIQ_c44GsLUFCr03%Tk#FVCmG=DkX_>-m`>&NmoA%>hFy zj*gk0P(W9%aOfK%MS9uj7S-zT1MSur8*3u*gnN^cH(e7+ajwoOFL$t5DYoL2qK@!R{nq6U?cyBbaUY zuR#ID^f1_ph`G}bf_i6=Qq*efIeR{yt?1L(oWoD)LgRM%P#V=P>b+A8s>%;1?Amwt zt3j$EX3V&b)kqiYBG)JK_y&{9dxFy<+t#+lY3g*gztDi`fWWNi)7=X|)9FUz4OupN zuT_)ADq~BYAP|V@G9ZSo@ZO^WG36BIb?*|z>yVs50woWJ&Ppn_*A@wjL#|ycPEGls z=Yb~eq%i73hME3*vn`}|hCaXBl}3r#XToKaMDZ9JWvG{xwu*+*A_$F%yU$yyFEnmA47)p*$XGqNr=p4a8l!DAwN(Dxm3*voK)> z?y&-LY&*;&`IR=(RFg!xx(6D`6YPHJVKX-M1etn&we)L6;tpA6Bm042{m|2$VFRQ@ zx<#Uhk+Pf8j0eCh9Fmt2PjtD2+n~_O!D~DEx72#!GnNQg#s=guR)tzxiMl@yDxv9! z9@piBI`P9AqrNk5mLJWT8AGOPIRc}l%|tZ=bBPFNe#gJz3YBi4pjXJswQ(n2D`lJ zdlArz#?tcoAEu>CRHEy-@M&?)Ngt7+a+Kmy>MEBsl4*)DbZUYM$&V-#c}x|vRy@A( zMPcRdI71={MF?n=hpaHftscAxsFkwF31cMnlITWK`nk4b@mYvG1TPD|){8(+C0O4pm3!&r`Xq63R-mPCo-+9tTBLNO~p1da3LT=yW$q~&d@*VPZEN{@QM zTwaSdEZ5VGh9k&0?vmtxWd%Oj^>^69`tldLu8FkR;j9Jb!(ud)_8{D}ik33fBT%8M(c1UR-u$xLH_ zxMR3>SSb{w6W4f_Vh6u-d{pt-wiYLWjFUKw&PVb7|MwuN_Ubk9izNGt7|V-p1U50snCs{VyZkzn0PeQyR8^GCQ(!@%*pUj;998F~p4+ z{@InO`|k?9I^T(YNisd;9e6*~`jHO4{DbBzDZEvSRhZrFV#$%^#3;b5+qSvcyn4uV z)?`)p)Z+CjVOUrU{AAR5_PXE=x_S#({iqwTj)Kxjnw|CLVf`?Fb{@F&M&pUz{V|N- z^+^r+h$nuD^!51?DEz#;oU+=gb6JU{+Pc|JbR_B0-1$(WAbk6J+{+m!UT-uF~M1gh>(x%E|nx*t$kE%2A8rm=aEHx43}VPOR(LV0ZvB zo`cfwlbap5$i>tu%cG;?obdev8Vh%ESt2qbt|(h0YS7V)XDQ=jX~sbd;d65QuFXs? z(AP0`4b5O&B&)CgRf(!{<28{IMhW9s|4Zw&=8&kI=#hY*I*P^;Sv2c>)SWtI9_tdE z;6xJ+3B6IL81m|g{(|58IIwiiUNx|kve3K}E(=FeR93FB>d8}hije?^xN{o8L{Mf5;pn6!td7}$-)p;`#1P6LCIoi zjQWK9Uvau6Y~?e~;#Dd3xaBLv?Fx5yq7r+28T?0(nbH#YW5q4?zXdx^dE1U>EhJRT zh9iHlr`O&!x6K3+e6mL;SK{N`0)bpE*K~91%Oq-v(qt?MOS|baaYwIOjUT;k@a(j= zJN=`1qf>fDzq^8=Wa$+N+S>LsLoZbKDr;hy-o>uORaKyLz>rd#T0^PO!??y8^UFGe z-(AMvkwHCT3RJWdX)e`f*e9N%#41879<^kNye|(uYei|dV5!RGm=R*sOkvVY0>$-N zK0L|aemfiQ+w{! zDxVxfV1-|{4VP+>)4yI_P<2G-(B{nu4W$xuTGKXmSm~<~QT=5}Vlr#vAMH|M(593F zRhj*HPHD+IOiEA>UXQEG`S_Zfe-f77z??CJ5JM8r`2rkWeM~tSxpi@}XLN!WaR!{IvMY=p>~T={w7?Ex2gL z>qWn_s^egW82zI{-3QR%o#Qq=`Myy@7)yCjBw*MA`4h)%!fr69(8f0z4BcDh7MOME z2xKtr?<~wQsUT_)=nJmDQq#NXOQ_hOV70st&a;%&AS7=3TM~avN4TerKZ?KaR!u)Q zbMX}0F^RA(*LJ6|;H$eBd=Igl)@#qMXQY`=#0Bn-&b=Qu6>IrVOPd z|3&2=q@GL?mE{o0#{gA)Uc&xDGQW{-Z}{BWUwm)(yVC)e1+)n`R>KHDAc{=sFqOsi zFAQ=`THAbP2E2A{S$SL|dXDkNv}ETOEbX`C-*kVH#dki1>PVWIWAyvh9OIh=D>l4y zr)eFRAMq;8bkZD{D`yw)&#yMrN%`7=_ps`3U1uy;pv$78JES%xUZ1>^MnZBD&SYil zMp+lb;T9FW=vye)tgDgYQ(tqI0q9EWK1!2KV(u)kjaj$d@3|Mqv{uNkaD9V;Ijlp* z#4TuD(Hk^7pJcW=6T;p^l4@$N7J91_I;&O2w4m$gtu^T~>%C~SFT6gUSG#EUe2abR zeDySu?R1VBaWvgYcW3cgYIWh)P@!BYX0lf5ZOA-@^hPXU$ZB2sH0bxmD8$Ep;Py-~ z()&;eUt@cbfVJ4bl|Gnet_EF_Q&ukH*H4PU86X4a&{?k8(D~iJtXZrai;XZ} z#EfR>O^2_4Rr0y`E+!0uIU^Dmrfu!RXyu{Tsx2QA|HOFm zo_AScU6e(dy<2T-xOsEqCGV_?vxV(7<+dc7-^3HN_+>K`;rsIex07DfDLb#Uh1o;nQ?`L+ZvIP2{vgJq?t^6AeZS(K=6(HP!m${U zbas5WNpVE+sT8YMmrG4=+MkGJ@su$yj$i?`(H9K1Qw`9oqDXapm5!)!2+MI{{*j*K z8V^!^?%!flwY)N}-V4-Hz0Ghn&@xW6&gNJIg1=WB#f2<%n7`b{rO$JEfe~-oHG*jl z^WWc@{wddNtL;vJj*78lXD7Y$@J3&j@HFYg>RmWDp^xYOkm_W(OZ2Eq-K;GmbkZ!5gpr+*Bf`%F`nN1-NnEr|j8ORyJ}kldK-T(OCkid^Bf9-uRiFE3~6`=&Pe#nJ^VxvSI|vNP?jfEif_| zJ!9&()NkHlEy3ToO>)d4!>Y>Xy>FIU6(SsjoB7keYd z?OCSU0Xs=rk!t432`*@oM@7(PleOSYdPchuQfcH$zyaFLnzSpIkecdP%6H!jzufuE z5e~WrcVQy_In;E@TfQS$$o?5b1F!S;N64u?UjDjaVx))^hbRX2~BNwEQ z!{Oe3Qkg5lkEq!sYow#gZhxMZ+veav!Y-H<5sFTjD~PO77_W{zA5t== z3}2jU3{!+Ssb3ugbf=Z}!LN|~Q@P`%40~a}d*k6!7i!K$P`YKeD6*W!$$V!}?@-(T zS74ASUK9y^L@Pd4Kv%!QW15ve>T*z=FRM|9lN}Z$zm;?@+aVN^6<`fLOxVG)8##cX zFnaA|M`*{HH|ZO-SR19Y3Hz!H%h@IAXL{ZljRM=^)FOANV7noQjv0L)fXy^TN4ne+ z&V=H1HUj!Zv;p*gUju_VPeWW`7Ddn1n6KHOj*>(x(Skuw%P63N_Dlkz|NKc0G+d_R zU8OmjOH-0CCGaHU%V`ebtVs zn!E9p=Bv@n{k63H7x2`vX^2 z`_?YM6nLP`|0FRs%Q=8=MmTi%b`v-PVZ>eK{QG};B!u;L0H2))!e5JTHo5`foi&SM z4c_*$iDDfbPvk)eAcCm%hF&>px2njpa;#I1O ziD}-Cx5z_=TGo2ye|*WCmG0b6KFg7@1YuXNAG(;qH?zt0csp0OhtMbwr0N#0zVU1P zBvu+LW)T$R3_Y`tMn|I{t#2?*IpDhkwUNdxx+j4DxPP%GvI!`_rBb1R{EPLkT;oBNS&6fL}-q*6T1xPrNQ&%tX;zWzI_bWu&E%7ob+M4InG7X<_-J2HqnO{die(?R1`< zop`w@i@@%qY-}Sm

4vLE4_mSlgM1yW}ff*f9p-ZCOE4u21M z^Vak*K*iYK%J9W_4^Y)4~zmsS*)AU0W+R ztg7ds8WLoUU{Jl!UD+X(pdX5*o{CHy!B@7F5jlZBkTaSP_y93lO9|l1rL+YmdHq>B z;q=d#TACg>DAf6}d4_;(Zly+=ioa%psN@w8(9@2EQCL`nvzppPKOS&(@e$G0?-MhY zzB;1tgnoSR#v9HzI?0?U)zz)Ta|iz@LE;enL1!5Wf;@cAnYi<{D%nlFYC0?>c2F@_ z(R5wRBjv|Ia9hx6U!~C-+*|DP_Z%l#S}h4`Y)ppyy)ts2#M)|DzPjW7$JfZVc(1V6ndw5_p^#ri6uaM18PC=xgo*m zC=WYYm#z!NXrgIVVltqf2d`4qK1#qLEUn~1KC=4#L&__a1HthO%tfNn=VxC$EGS+& zcWnXJLJ6{Q)d>d(hx%dLW0K%w(wE`{8}z)dP}xx$V!|_Fu?kdU^EB;7CtfyENP}wZ ziaXnfhqvxiPOnY2miFn|bdxL)68E%p*^8307#g9cV~82g9Nt3nQpI3_An&7OuotZg z5oU1YE)}9bG)Nrb znPSZndL1QY^G;;9!fh}=RPEP%@arL+R?4Fv*Pr(d7wyyEf-zA%%e?PV^2ut@6Ht&l z^f2#JGibKxkj+sK0raBaJXP5Knw2y@ZS(D=zNPJOi!4g_bfqw*xUu>*SS-@X#!tPZ zs<%a{5?{j1J3ScsPznWY_3+ozoJKJg#GO%t;LUT?8y`w+h(Om20O}4bd0yb4*DyR( zGY`*ZmXa9#QqIyz)ONmz0hR}3?!W(?d&o?h7N3PdjxW!UVyC-3R{R8U$?lOrAF4GG za^gNSnIfytW`%!A*hgvmG1x$gjoH2AkFmc8Jk;sNq-Hkms}t;6@MN82x8(}47u|*u z7y7&x=Tg7=P*7qXvenRMLmDC~D1^)q=y7@J6ctfH2`+y2=7ys~iQr1}J#1_%;X$P` z!U)sgU}*(fF-yf<%058{$b{$dKtgz)nSlE+)%&dt$gYz3wOzRSjua`pT*DXUJ zb_+Y++Z<_6C4okLsL{kH^~rZ#UcVe%h+1G#37jZ4!L`84a1 zB3&o(%Am^gY@TO`5)fh{iW0YuTL;&tD(#%Q?g^c*h|nCVP1#sSPiUB>qx77+5kG!a zJ2>%E{WSJzk=X|9-cp?R@tvDM#B_r^3aXnN`9EQNzwP; zuHJ^{JNvMIpirpvnF?{r`t5{=eYgI=Mp5GM1v5BR#>I)k%tzJI&vxEm)kcZly%@rN z4KU9Egs^)s>$FHD4D;YUh2IlP_lJ-4DfFuaSeoaNVYa+;}aow9J4I%$< zM#IA0AU*RL8$^*cK&Ng$rm9z~X8eyIgWluKI`g*Ro~oSwyF018+L!)%-A7IqziHnzL~D>HV^gTElBtD!%nhJ~~lPeQ+7_8Ws_o*1r6kMUQ&1M0urqOEu1Rke2$UhmeR-nOKZ1 zm6_(XyrkJ*5SI^QmM%;xs3MjoX5msF)i1d&Uyr3X#ciow=i1!-NV7%!KO;hS|3AVgBqIDP z?f%F3v$rRJBgtAPa0D7+wqD1-j|JI}zvlTnp3Ek6DG9b_*64oBvs&aW7g&jfMB#tC z{d0DM;LAb9vEu{8BxP*p43l&|&?UeZ`lP8}Tu)Xv-dH;fdHFn)j@YDlI{eR!-iQt3 z!)IM@lk#%k>m6TRoIen6O#S7s;Fdji`N`)9M=R*OKc(DUsLboJ{;AVvH+|NQA?t4# zI)gYx=5qGp!0lmn=F;N=ZpY;i*W$R~IdS{=)pLizNg%|mA0K}b{WSv}>zT7RIclbY z*hSeWz4}K)3cAfCC)u2t_W*fgPV!ljVNCPCzOAhtZY?*u%aE-*8mq)so7<=mzDgtf z6l?4=zv_9JWMl^H4yF0~z>;rEFK=WQ*SpZ4F{Ma-{20Pfn8M^(G_Y#6q5aW+OO*9D3Kio1 zThaF~t^F6}9JW$XQPI&~AY-+xqcze?V&^^ws>cdFUbn8l4TazPJX#eksOcBz^}wzPv;{g? zz{zJU0c<>K@dWs?|t0^6(15iUGHqD>eZTmp03X$k$)taq)>^-XKuH zuN`7hCu!oxW_8#rj|<6Ji(C$ClYYy`C3VLgUZ)!XO4=0lB?zKMe+4@>;)1%o-!LD5=^h@3bDT5RE9)_Id(lI zTe~2z{HJRO)t-?@32eLYYk!g3+Cde>Rjkfm@v4$Fm-(kUAk+;n5Z@Xa$bvNa&=QIB z1gzc-tTD`&TmBS;WEP`Z_6Y&^S3it|{^W&vuM6GB*OXxU;`6zfUs}`tZcrSI{VX>GK&XQ-M;AS9XEW&t6)RSH(-EQP48-p9f6tt>d@7;;@Z%(~v>yaeQdkQ}BoC#Fj)z#?RT z#4d^TkAdgtX?hS`Y&Tf@*rH;_RO z(^Yb~{AztAgy`o40d4XFNJY>*5nNnV_tmn1W5B&n+GZRUY$Dl`IHdsG5fw?JHN*hr z-l_x5)n20@O3LGi`67DBz#)|Z-WUjallB4w`7oe23Ll8`r@a6p!3x4_c zX8fnfqyZ0F6g87zwH$jsI*V31`^8I(9de4|c3QDfn{qH@e_cFyK~o?J?8FGkc)o|8 zs1hcNgu=HHfGje|FXCRT-!afD6E3R~I>c_#qHGtWeeZvcxK-Be{$@QmZ3&*ftwJZ% z(v&DtR_ZG&QvkY+LN9l*=$_JjVKe7r{#2Fbcs6!1PGT&H;5d4E(EJA4)w#pbG{q zid-_7195AfEhTPW2WTyo;^$}(h!o6mD6yKb2{$cUfHa5+80njylo}w|N_4|$(gxa< zZCZCL6E;N4C0hNo0;K^CfW92W4Pmn;mQz^HjH7M`Z1@FY!FJSakSf`Y^%=)9__U-F zNCG*Ig^9zu)8V>GTGn#?>bCFMQ(Neeamv1xj>%?C1(>VBhX*4Lq*9O_Py)7m2@O!+ z*L(uVl-AYl_2+*53a6MAM63q7mj@l=61LDWxrXe~MkBf!ZUJdgN)`!f!oWTQYBjRU zAColEmFnMCx6h-J!T63LiU&q^Eav@oV4?UQMQ*+7z_b7ZRp4RQ4=>%;e*_Uh!WeQa z*j{wO@{5(LaTQqP8Z!Y4zLI4=Z29fO2qeve!gq6#i!5rB#L z?bj-hVz;iG?eN9vP^Y(u`J6C98%=r4OtejqVQ3~E%)C8qRKW3QK#PKOf~$mq@-nH! z4v>4|bk#FJnS?B`{r)2c{1C^Hc0h=y(Q6 zP=hjBAT&(ohooRyhoiYK4go{@oMZ*q0VFgYkc=)QSbT6z(|NTkVyogdfof;4XHmTW z0OJt35#ggI;pB943HU%-{ik9WIJGE0x!Aju<1r@@S67n!JEQ$El-yx(FGA<;Mk|kGre4nHqFvHM}am15UYiV)^b(=Hg_=sJU@t| zjba!XDDDnH2(pcY(SH$V*uBC4$>QF*7c%yCI`qvjAO zrYwa3Xg$#Y?ULasrVemSUNb$3D-Xb)r2L-^?60_m6!r@1Axo`q-?XWy6wm}aI1L8l z?R=gqyYTrezxT@~W-ZrVy%FQl#(Ac)5Ak&u>_202(I^0N*><%FC3;S(n?LaUBq8B!R& z{n;mV1w*oiif72OHn-z}Z6^4E^xb;EzP*dvOj^39nr=BIAQT6$yjTL5!J1e&$R;fY z)E$#8J2?0{8`EK7<3q1OC`qqEC`A&Zcs_q{PsFu4Zw{)rG@`Vr&-N`s+hdBR&*f;Z znX>7GtFwEk0VGOM#fxvGLW&y@=qse!e~(0kpJb%wla(aZH)v;WkiloDI-(9?G5u5m z_VJi-IM1<2^f-RhGleg>v*k&_Ri-evWs1{Hw4~3q>NT3vGzokoLlF> zPyssr?xCKpjsci1B7P5`bXQy2t3ZqAviBxSE+l}UZ?AT}l;e@RIw5@$82{n;G;}7G z4KS^mTycvn0+=qK%;#7_B8@cVb&NtD>J=#41W<;ki0kMM?jByNmWFB*fQDkPhvlU~ zxeRm)c-oiAg^j;&=H$x+(ZRWOdxmC70}Ha%Y*L30^cM++#lU)+qU!ikWIFxiWVo52 zua_z(DPRuo30f2!;I~FdNQlKQe zn*3_@HJc-Jh(W<1_4#mIu=1qPc!HbORz010l}xcQuvS%|Uq=?G`#~?Xz`X#(AvA;q z=sn^PpU+my35fxiDf&Pb4+bK*a4<5E?lsgsVcLJ^LTMM@H;yX6Jjpys&8Ms%2Q7YU#LCGl7#b zKzR;RL8v`j;*bC)P_7bFb>1w|-(no(u%-Y^LtXX*IfGp%_=`4-9Qo*(l5^rJYz&;g zN%~V?^CARa={VsiN(J!(KgG%meBz+Z8dxV9 z8ePawYUObW2q;}HT&Q}zvJPn@Hi=s!2f6>`k@*0Nd0nooOQ=*&=#4B!krfJ_gqSL@ zo5L+DjfX=YXhEMwf7&d_e+8f<%i~V0^u>yJ9|GGS=KxRx+lcwk7I}ckb6$sF2G=e+ zE6h}k%Nc>`BR`pykSzHcF6* z9fs2O7Q(dm3!DO>(oo3;L-yPSK!(8+13wa^meL01r-I}@v<{p%YO5|_f4>$DpKjqB zUTqk0A*rI8cI|^pNFa7Uj2DXJw5gwH+6uuU3ucZtA4PtOl4X5m@weuB43ckD`N+kL zSZ}EXKd9iYM)(@o55q87nphaQ0}lUn90~>>w-4tCiwx05JCG!p!jd0eWh-dvcEnd0 zwbv)U4lf{sa%Yv(UyY)kY2hkkG^>f3z(gsB6yk=EGg=V0fY3>yi)1OGdLP)vu-E~S zUAb@aRKbb3p%MWGEfQtgs6@`~+=+!hYY9McI&Z24&Yw#ui|5p_3=07}T>?W#%SfkG zALhH$%Q^NW4rkF?aFQfKuIHj&A9MlJSg770plV5ynHq@IQjWaoXW>8Ikg(In{96PY07)GDg#d+&heGb5A0P*54j=wS;cT;{KH@e}^w*8AU4T6U z2hOgvJW(N29)4n#x2Qj5uWK%qtdaRKzVjOr+2w#+44AUtLjDJNZy6QW^KFX;4S_(A z;O-6q8VT<1?(S|)aCdi?AdNeXTL|v%4#6$B!|UJwoO8#x_uO&i!@KW|_dfI(bk(MM z@2b7mp0(CoYi7g*&mbVjC~FULENl|7|-C z34M$gx%J|Rtybuf(N|^sgBQeAAv=0&&S)iY=L%*0OlC$UfZk3t#heZzE?f13yZU*j z(evx}VE2RTZ0g4w?A}XjQv5npWLyphpZJ&N>Tb{rz9#$1hGI&wSPWR$@WsxPhEd&0 z5cD)@tlXnhjU;51t}brnX*VT(l781&hkdD(Ni_5cB3N^zsNE3=c~2(3ODzUD(#XBL zb{oz5Tq>q+sLpd_&KcB|yfzR215i9fOe8OTIWI3E9%24&hqSisSUrW~s_T0N0{!;$ z^8j-=j%y4)hcAB2K-YWhDvg&QizjghLSu!`ApKc?^eBpR067af1L_4(-QF9 z22}gHs^X=p*A{L6R>FIYB^vz6ssC-Uoc8b|ocTh9XwqI<3o#prWi95Ty%HJ+RocAu zmnE<@qD#O{&H}{ouuq?P`snT=0s#sCEM#y1%gFp1>Dwaht!>@-QrzE5$c|k5zWA|; zQx#;jJmBh)5i5-}pQ0OL-jPy_nJZ%T6qXq)O|H`nf|MYf!HKXMLX(aX`I<&WK0WJ8VITeyrZc~?>W5E82ovsQ@o z)P8)}2;1zAV9}@ zI(kgNy;yn`yce)tCC*AG-45|EmCb;!z6h~(7G#A+#AI=Pc3@9TfS4xXPx*kaAoeLm zy*4~G&o43>p6#z0wzL15YGgh(w!(h%M)lS=Puce;v{AE?rm*cx3|y>J6|&D}wpNXcO?CTR6Z}qeNgdPi3GMkq zwzd}BG^0Dqqg=a2R($_(UdS`!ooxGXskIp7lV-Vw>rwm4I;HJ1p`8Zwf2~03 zFaMux-e=f?xVa%w9SXfx^V^Aao{_Ju=TVEwVO_^B5ZeaXumYFP8c%d4bGKBA%{}w=jWsclUb9N$jc)R3|0_;PT@6`!OUObgTtS zSr~k^W4m(oq293o5?|w=D<&Nu8w&=dRQ@4gID`0ork*I-CbbA|7-R~q6t||6E>ga0 z7^F7+ct=vkKH8dw5wXLQCzTNaLN=BUm(2W(g#ld*$eV!$3zePare);}XOBMZ($+sa z7=En#SOCT~y52yo5h_=@haM1@Vm%n&{!JKH#_Rg8@0ys0(_bq{Fjek^_o`2%*FJL! ze`m{^t{H$5ei|-f;Pu|O{XL2;+<)bvN1;2cvD@uX&FA$^K|bD7J$EEnKAhR(VsK(y zhq$PDLV-7?!B90Ei!{#U?z5le)*lPv0gXO|?$EZcixB)&BdbC9EjN_^(m6e^sqB|T zo^P{-(-n!5c9N{9c?YS(F9ppl#VqliU}KG{E;3_S>2oV9)+%F}By)R+^ZBaFDc&6~ zRXnZdd#U{~noBLX1OAYmnb^Iqhy;cM883;yOdxc;OeBvIQeM5P14PJk3w53u)Q}f& zSljQ9c^4i_Yoe{%VkjC`H|{~At(*$TH2e}?couzemdYw$SqO5HEeqL} z*w|HD1x#~dJ``Xm1wd>UOO>~Q$xbL#Mb#$@7n{u38+sBe$m>-t!;5pn1>)d0V%&6h zXTwDK(Npt}AO3}RBOS32LtDt9zrIIw7$=5&1WzX(%teRb&{-j#6LVqNu6rPSGG$eEdjdo2isBh7y_N zr)(6BEN4$esgPBT?0tzDdn{fP2z04hpd@80g;^NzAT44jR@D?GUY(v-kKvJ^ohtr! zMuV0D{jB}$NaDzerH@d5R+QJSkuZVkp@k{~d0qsTA2Yp{<`{C14qL)qk+7Z#YXN>~ zxD^Kl5Vq&8y^V3;y+SAyX{}?*`5-6pY@D2&Tw!6vJ4FQsY1}DZ=V5cjMh0ZsKP|%9 z-Z+T(xmjG4Nap4ihZ!rZGRPLA8gmt8lx=2yV+v>l^unedydJ;~vgcWq+K*D-QOric z@|2h0c_OpvLY;<1CP%or;8f$RJne=zT|B{eYb1UvDq&f!09Q#7^HYwAd6$Pdxom0J zBGPYS{Ai2}7}IlQM=CS~9(#M1cplDI4MHOH(K7&+q)1g6Ua{5Fo_)**fN{h&)NLQ* z(CBcI&6vNFu{IzHC6Mk)L{S$JG@@HsN(WJDK{cSx8Wh^b{i}_ZjkRi0sm)yH~q%P+1j7eHZS!kt8ERt3mc}efg~h4vbv|W2#SBN zu=KkJt3Dq}xOP0;bJ5V;jcP`_m`F|@YiK^zspx?;0Cyc%ZMJ==0T_@5Nd_n@6#4D7VO=qM&^Ngc|}NDLFu(JUku0!QjOPMC^b~q z350eZBD#%iS%?5A4OeEdjFZt6vCf3}^10hSV1_@^q6lG_(nW)YQ%$WjbD)v!N_1YF zhrTMnph_s-O#gLQ!p2mQ*>zp|)XBA9GMDi>2TM*-QpvPmVhueeI~ioy~xuvx0 zf$(V5;`y$`KqziBB0(Q&@n`GsXi$jNQMI~vjFDUB{(+~1wG|>~TSZ8kp~YHB@tG+# zq|!0W3#szS0xv#*DGyCBWhk}z7b!b({m_hMW-UM#PUTBu^9l^kT8Oahnm~%xWyHsy zD91Km$2u4UF=Phjo{{HgN?~^TB$YdPe8>Vl2PhSnqwU9M1Ka!}EyUfr$W*yY?Hg+( zlRf5|1hW(2Ow8rvTq#wM(fH+(uwx)KFpSNm+et_=7yF?+fWYRPul0b(Fpm~LI%9P7%WvKydifv~H|gbhU7q*1U-vL8lIy_Hu6(my zoOgE}k6huPTS}RY8P*w0YHq8^5~+jP8Jet(l#|676hg1|5@^VG)|89I8L+8z_s&<- z{nNw{@-!^~yBv&mX72CuCad2wQ!bC~U?mQh_vSw;;?n6_3UDYy3d~)mAfkswX@8&L z^e&;zO!nQYnEtZeo?GdasB;%cfDB!t!Y?^(?{N5@bu#R}(eM-kn$>k{$$aRo1+}!# zO863lcf29Q%4cn|6of>))k}Wt=+5nZX3Nf4#QtrK;d)3I+^6$>V?;~aVALI5iskgh zYbq!_sSezwFEFN~ZGbeue|vfd;b~$H{`{_)iRHZtp=OL~=q;ozilyEhE%-9Vj2&5j zNeRbDZF0JX&+MwP65d~*>0*dk3d0zxQjl7prs(gFE9%g{|9j=?A%Ho7@ACf4z-ja4_{zk3*Mm2 zUdE51(N{bF1ymTxkQa_gcO9LE~V zCBAa2+eH(URt&~XxBSJPvKbyW;tQfz9m5Y@6|hK#Z&57)*|24;C7 zb4CNyR0w??J%_MCspQw6-{ud|C*M3Eo1EV>rg?ZNW$k5EvnnUI)jPniAL{_t6B=rX z$I}p9skIsgx|hkzyTm3VtME8bzO@yV3LOJuCm^7R>p*j`hS})}{hJ;P@v3?pRjf?s zXTpTc6>BLz07FU9;*@G?fFcRzq6hRiBEr z3}s^%6MDWv)l|q;S?vbD$(RVAnmRq|Oza#)HATrTrC_mPoG6>RDq~<)Q@PB2h5f)i za=$UO_ww$E^s3G?AlWw`d#5zFgOd)FWuqGtEh^5)T#U!s2m1QlSe&{opiFLNHa3JBuLXg_FX}z z=s-B^=tUS-F(gm*FYu{_^uSC)aw_EfdTo8dbx~^JFWN$}%HgPXIi4S4e*)#AJ{Gv# zITK`bMI+7E8{+8|nw|!fJ1algGGNG6CdkY=6KF=!G0XI3kYuKIrhw`KxQv9irCQ{xZLo$E zqwYoUKtb`mHlBp~))u`q3bj9%F3e;Q95OYW?vpbZDM?XLtNRMwpv7LN#p^YxB&!nC(zodM!Rc7@Ed4>u_ zrf~l6=X!7;{+de@STkBXimurg$ViS%d+UIty;jfOo|_0SS#_7JA|%~wRn-E5(x)2v zi3Jc>16oxu%g_&v;r7lGF^&YiXzeVk{aiM373OAUOuwqywIu`^MgF$N^F$V#G5eds1x-D_%V+y_ zZL9juvqpK1Rg%8=P1wSS{Ed%p#|qHdA+)4lIhoXo7IAc}{{ixhtho{V@pKUX)v{9( zpFdHcg#6q)+Mh^U&T&@l6i9{lxGLg|lo;~0FiP5%nGF=#Fk59TNqizVo#Kd8?q{Aa z(+E9YV#6h!ZuWK;U(F_o6=`a(i$W&fL zfG~OE74t!$MQ`v&~HZlxcp{-ur|hs?6w34}|4p zE_`-lFQzOuuRbwaw(@}Z+G!O4n$Efzq{-yPsvKc&0fqSE$X5D~NU;}{0Ed1mf`9=9 zaB6m}TlLB^qwR8f@}H>{YmH~J4@x{_$hrGi%oq_${RSe$Wfu#h;NC@2akfB%gZ8~8 zXuF8;1@qe4sv_i^V#?n2RO@u3wL(GO{EZUVDwJ*zc0kS3Gux|bpsNO_xJ1=*xA1Hx=xY(Zl^S5c*K}eKLY1%EssAE|xW9$z`JF+oH|U#Eat%GT zk~((yOjSN^`hF-!s+iH&PdjM5BRjN zo2k_sBe3ZuuA$8z#_<~0R5kXhU6GyTg zy_ZGa%;-HkkV_X?&Kt8Vj8)ZKm3Rb{2gUkJqSDH*cGg2m%tc>Mgz@iP_mO-e1YhCO|`7*U9Eeuev&p@t>y;k&t&)RK96P)n%L) z93vzbRNbZ&OI^^-?BF@jOi%r(?6W#yDYu6{UI@iHi?(66Jwf+Lp3fnXgDU0t?i4W> zziZi3J(g4ecCaRGn>L6zQ_352!8=-J7whlupT}8WmBv?U?k)9xf%~pr{*IGUYo*h? zVw7p1(kxDWcBkmsz4M1U?r8b4_bF*PUD%p;YI>%Y7?Z;A=!=M1UPf_`UWv`ytkJM; z#4J-2;5b4r-;IG9BCI)+P1y(#r79^XI#p>nicJ+)DZaK@FRdDxVVx`}f*zSs)N7%I zjbJGnDNvIYdoL-omY{8oiUyI|?&s1{t(+bAY^A0mmhzN5$*}b3>2L^yuDZ=Lvr3NKi=s{8 zG>=W?Ux=E#Xqs_uOf9z9mc0Cl-93QAY69UBVn+LAh94{|8C za&Mgesnm0<=iUJ_>G$!L%5vE zqomn&_y|O}$eJP4VwEUNH9smbY(|@e%gm2C+I(!9IQ$htq`A&;Jh$vl83re&P&i48 zCkKaF4oG+A5b-caVBw-Gvkdcen#q4!=BA}a|FkLWK#_R?s&Ss!yl!Tjkm2NYdW)o_ z3pSP4?r|M|q*ry?*ciE2wuTl38-q3igH&mzWjYph?3oGzmyvCOKez*iw)7oB2)=)x z(0_8vlFt|-u{uZgZiI2p%sUxhtVvL0CO8Zw>`bZeqpgG~9E3XQD=F8J;EfaMdS7%b z(^@9&YxN_Vcy@S{1||L&C~3bPMUa}eS*0MRcy@Z%YB;2pSVWRbJd?gA6Na`J4@Bd0 zedBlj+*flf<%~lqKdh2hkCUcEO75xJ9P7@(XpBi$AOSoHx0oeU&nNqD8V??O{RLF? zh^I@Z(HQ?Z388DKfZM!>TBRzQAF9nL&@t9xt%YqsR7+L*5yJVZAi+XyrSnpI!b|VV zZ(I4tPvPP*v6f2f+&jzQaJABKqWLQFT)8OCkjTUTrg0w4!Jv6%^f_$iOr2bMBwyC~ zi1;;1pnQBE=(fBQ#JZ9%EOztHz?IQlE30JrZclpouJnTFFojl``JlLoAB1SE0I8xz zhL(?JV3B_xUklgCqbrYQfi%aug!{d{^Q_~P%X1VIeZ3FNo};U3o5mS$*5roptqBut z8%K(W$cB@2M}By$uUu(lO;9TFsQ&vIr=T(4U86@W8O?CyyyN5DzuRK5hEbv)CmKcT z_HXKKB4j+lLpgWljV2tsktQ)FoOy4D+p=TAg5m#Ta?ScQu9-9qMeR4vFV4bp(*6oN zV2?|Kh|?WjA-Nl^1$UtYI|8gCdJugh2-k0_Q9*;}7 zgrCP-HzFta0AfT(j6cv$zjJQUlwrD7DGnW|K@B2u15(o zceiw9tQTI7bZ!`T248Q~s+au`DRNFYlNidybiKhkGC#>UlW$U1#9mY>RYc?aXTcRj zJ5r>$YIr6TfeCJgr{>vReq#sGd@yBwulP{)e3O@}QWRJjpa?J<6MGZ(?yTa<*oUh(}F|?T0>xYg}*JT*s~%K zGalL4^}hL^?0h6iFPpyRHeLD7^Ikj``tgH5H(LGzM_c7nlQoKCQ8qhC;)FV# z>SjqOG)bidr1p)S{Jc3W&=a|0(a?v_)=um=vB|82WeGVWDqwC0LTY|^pk`91@0SnD z_Y>?j_&9sFt}Y?p-%Vn9HXwfVc?U)(->WXF(JMN5Kg=BTsz^9=eps#;i+jRPeA6fM z0(#3vZ*&Oe#W&0eO&{WxSCnIxax(2x8$O2h6n_Uu78r9Jc;cI}W|(fr$1ijQUpr@B z-rh?`+LYr$j@wzMSgwi6h9RI38Ho@#RK-=B8>r+%8M}BG`GEVE^T0 zb>d;pZ-XW;Y$RA!s&t{_bE5aPv6H0>Xoc6YI*4!{bN=&O7H1@jGPmcI-sa`=J=pg+ z6`<&_5x#&2Dv^Mtp1;TV-RxI(>jFm^;F%QidUZGZGGOpW(INUPFXf^3BXS;*P$vue z*7$g%L8rS@*JTuPDW}%bd*W?Hb&#i`L;cc&%qsL8J{iUw{>})(&Uf*Ght}f-p`S{O zwEsgB0*f~v=?t+H`{WR_V=wX#HQ zli%{AyKVS_Hl4i84<;71@~$5F7JqaDpE);8>#(@Me!9$NO-evw-ht7_+uhdDBZF;$ zr@HmTQE6X&O# zegnoVHz7V=_a*Kkua1`%t8Ul7noZujWb(5Mn-9(x%Q5?GpBG+3kG;$l{L+T^C)TkS zgQlTu)KK}B%48+_AMNHG`C8a-pKdGs%sJku<1oSRQK|FW%iJ#S~SKKGqQyJ=NU_~GQswAWvT-Fq8S*fbdBS{EG* zjklt+@`R65Yc5199^i##1gH2?oh{s`Yp*` zxq&vDInB4RH{e8MX8SGNiR&tFqPm%jKkNerV@!$nK_<*l%)yJwdkAoBccfCwf{U{N z%dgn3na#WX2g#p-9~<`8&f|?7ZL9beP7yMMs|T|ztEYqLB+k3Mo6EK_dOs?7L!1Cd zlr6ku`k#nyE8%w`z2BU7`4rZ;>Lyy?vjbcztgjwLd24lYkdcU}AWA|5e!f25OM548 z4(t|i+4u?452jodo-5o?l$^eu34*}Xy=PNT_g=P$Fh`@JV|C_1mghRy^flhYnE2i! zOaq**B&{e5c{n2~Z9F;Vr61z_u=4h~H{xVD_;=rr;kL_x=V#Pmm4j(k%V#2!tup@3 z*TtO1$(3XW;nW*Be;n;aDOL}XoIV*w5-Qsh-R?(w*>j)b`(fiOJLO#;hgVWM&NbrG zhCAVwuJNA4z@DgVtaS@6x9xnT-;plhZog!OoK59g$4N|lp;k(B6l!NKCJQ@Wx}z^w zg%D-zhf!n*%v->Bj`P2RG=DYew!e+*2{oQ_hMC5{%+aFm@bQz4fu~R=kfYbP5J>%y zh9A9=Jv!Giysr0a&JxG_qg;DV$Z77cQDkWc3U9vcnpOFaDutc(J{-7dMw~c^@%ZT* z2*WxDFWro?F?XU{r6!y+zba|c;AWi8Op@3`QM6<-3^Hdd{!yU z_!h<45Sf05PRVK6iMBgO=XKZ|%491WQ~W#4euZ#qIgT=T7+KdLxX+x^VAJaxyC-sh?O<1E?yIKo&oxoVI-Y{}&59z*rtK-{8nRSW ze!?U;V-#|tpKVZdc=HFAO;>!{dtR8&ood9%cg84!tX`FhLKURFJF-rr;YqgS)saNq zzTie&(s_=f)0;@8kk}}9V~p<8v_9;pT=s@!Ez51{Eq34B;g5%zMK@~tt|(G%d+1wn zNqe^=J6{Bq!i!~Ye1!>93Pr@UEXB?QO}{NCddgyP48JB5PPhqQ22y={<6H5UgVezo zyRP5nCE|nh4NB9=yE1`mu#lC19c~=FEkl-%(I>E=bh|V8gzJn^&53Rwd(W4-G&W~R zuGIiv09oC5GR{lST|d{w#E5a37!D-PhS6ZrFy}v1LJq;FpS|?k4T(*xZ`kk?-xGHC zyD{4zUkaVcF{k2BsUc8a+<;R#;VVYl^kR%EMSrmU4UimDiX|W4XI)ZES@!=Q-CeNA zM-AhS*Z<5*%FpiyoLzqSoO%x{XAW&0&$nrtuaLxdudB+!pINtRC1FR zDaW|bq+~ItLFwf@!ROaLeV{kwEvf%r)93P8bLqUR=?rF(Y*%B^-XYD;dh-?aZurdS zd9?WFe&l+LZXx6)eZ_{@iK(ykt9xu|eRM3+@2!*PIjuYW$ldU!3uv**tjkQr^1R^8 zqety)v-*P#qh4Ku`AorqH`nV9*6((Ye$lc;ay%5kca>@O3VZjpp17lSg#PWjnNEcLrfRZwGfsk#$v__cnb8ojcnHyCH*V9{|1IQTv3Nplnzl#+$s$y5N+9Z!d@3 zqP@fnuA64Og~6jS1sj&rhP5GDG$i9RxDr;Xk{Od6W9ss^4?w{uz@m_*hz+&eCo=Ep z4LJm~8*$Xg`sHs-{m;8DGE(E>&Lt3oI}rY4i4m``IA=?q8o)mC+0vF>yH>@V+DFmF zAOY|9>W$nQb@GM_EJ3mjAa?5}Gl-|QG(@Hu-ykx`rdTGP<%iM+zEA)*UprBJo z!cG&eMZyH|#Qlkhzc34jX09xfGDrS11vd1)S&l>LM+X;2VLex{wP$Kx^mEMG=8UA{ zzU92?HX>y5jPidy3T+f8(R{_JVvn8(F2GOOu1?F&uf0j@g zq8*Dl+h-WL)ZZtxde!u3Gop@r2~s*>na($t5AE>tC79eW;2aqEDCE=`pD8P%NK4_@ z%-T+l8v^Z{Q9_ZG>8@EmD80oI<+$g=GQrIvkp>Ex%WJ%%YsCI4URGu17QHBa5!2M4 zOo;8(d-%N#vT*@sA$p7-gl23mc)mHc^{7<%tf{>Bf02DDp(E8`YIVj3}(raXY=YJbaf_!Rt zizTZ%bidwhk)ribKKq;+^ToSz_<|DoDOjr7NSz;V@RS_2Nus%mbnrhrmvx=6$L zVvNNS*5zU~=hi zKPy0-U)~BA*Pco3_8O=DFoBHhc%ofKyOzyt*d`n7RU&~UeG^8&CsfEp88*;zeC=bi z#)e>cqCM~zX8;vS&VbA2(w7yQowgSd7O&+`oTr796?l}k+{#ocM zo0OhZf}R<(X#6kFj5Flv(tpLtxvl6~_x;*1ukYe1e=anVVa?I;Xtv3E?iitBKuhmc z|K)!Zw}o7b!9nvx2cIc!DX@yZw34dUH6yk}DwBWA9BgxLDH|ZAGXPxdZJy}jGyMcP zqy-bc4yNhRc96BxyW?|%!iER{I;m+wLcfc_fsY7s0Lox-fSMp^bgo0s@xFvaBdsay z&k@bpu8HQbJRi{4y(x?V3S6C%`)e&dU5SZAMNOX_p)d|y6X@g6i zj)W1vF+vyzzf##=sqwoR{E8`@*i@h&<81du3))hT{=%ru=2N8#4$ml#?MJiN$r<(Z+)N1=%;J|TT(jW6=&>B6OeiPRcVtG zpo=C5nYVxgI6dN375iL&a-LJtDJh*4{7IRHjl3UF4b_;JYb`E<>Ld419F@8v+05H~ zcuPf9FLMyN-d~)s4b^G}&$fJs5Dgt@_i`U1;|LTIyy7Cp8tO5o)N=dI<%j;Yfj$#4 z->XY8wrfk%w?8il68L#RV%O@M`T^ex~Q`al-=nPeli4yF(MvtjM1muq#u8;T)Jkou9z@ zasQtjXj;iZKQI4bd2NW^fuk#Z)&0DVZ1P*?;8+}LwkP<~k7W8qfGd-C=s%Yv{-^lx ze?&6=M+!Qu0Jd-cb(}$W)gGS{)n`%T)Ft3shk<{Ae~!3^z0pq}hs>{HYh>r|Fnju6 z6LyF^%zsc0${P#TrICdZpjb@kwv;D59;A#AlOCPNJ+B|+XmG!Kbf4((pACd6^v>=& z_>3B~Z~7j-4HJqw_I}%auSra5B9;QaPS#wsU8aS_wJ%TDI^^PiqI~xz!W)1{=jd(LkK3*#RG)V9za@72dNq4N>c;#_Ij8^pyjPy^ zF-=0MxV?RoGVi_3Yx9)`1P}oJ@VnU97>~d3f+hagHaxm#Dl$iH8bdThM_HLHJ@OaS zUzSgaxR;zr>T6Z&Yl-mtuoTS0ANR8t44^kvq-_Zl{eXOjH7yQUGfxs8b+JE2ExcJk z+c$;r!VEu1S8)i1Pl8*e&jKCG1c~+C|NLl7y06+QT$)w*0Y>0@l~Baq}}O#*yLtNlyZgPEuFs^8{!LRwcMd# zgz^293uy=}PICSwHB`bq1V9b(OvZ{ppdv9hbRks0u2A5Q4ICk|GDe^o$zgZP6@JVv z!-+30ph;gzRut53t-T^q!~4{u74C>db56enZ%UgWB#IAZF|w`%Ks8S!U9w+6sS`rO z2IkY!_BYXRz-{Y%nh-(Av75gnZ*QSiKs4Y)ywE}9$Zl)hCuv{6!_LI?$oE?8nl6_{ zOlnL+d`cev^lcf@%x+FPkJZDxG-BLE^cR?l>U(|x%M1ahpn_<0tq`>i3HPqysOwLN z(8XQ*6&GgQzz(w+Hw`1&*pTaKzKJdB@KW!CI1kv%Y;+lK-LeuF4-H7$ss=1;O+h{= zd&+`Oq6^4SW3)`D{_b^v65{kK-}mjuU##F{S)vwV4)Et;nApo^!{AYo!xt-`(|R9t zv#-^D94K6X&zl@>;osz)nisoA&ky{t#jlH55a{dB2L2#)zFIl>EY-q8UkYIeD8i%R zbB@4}B69A8qHzc2aQ%VT__%#d#BhPvBPD6VDkBxV#Y$nByzjAUa9s|5RnPR$&v*<+ zq78*VfHg5Q`?!Z^GOaA=%P-t(n;sqLWUDz2{HA_>lR1RV`>PfPgXbD1l~Xp^ueM0J z#S$nRqh;=I@ijIC2iHUKMUfocq52}AlQgkegGj7pF(u1h$8l+PO1Wb9YHS?p+*Gh+ zbhj(xxd+R~ywBU&1ZP6W?2lA6^J>bTxIhhRu&IhZmcibKn)no$-;KdSJG7o&(nI}W z>J)YoqxkjYH59F&e&Xg)lIz{l6eaDns=bR@Y5fFS7%{0C)-+V05DNvIkBw!REey~8 zs6ITb&m@(^Fp5IADOgmw8}L~)4OPhot)yH_aGBH^smqjZ4tXW>cy~2kN*~y3-e=AyO!Xi@JL;b@E zCw?OY5u#R#l4&{$N=CRWIfeia{TG}hGseJzBqC7AeM|G#!N_W=0nqrLYg>{p{DRWA zuh^wmE1noTFv7nq>3}~{aPVl_l=E8ZfcO1V6+=}cPK1)%2*Qb3*gl4&XWtEAj6^Uq zJ~Wcjz;$!Ls*MKH4NwpKAsG6ajNa1@YLUs?slGs~YP2*HN=zn}3tIeQxPZn;Fe|7$ z-c|EU;xxTgQdDxGU6lXpiQI@PKijn&g5_VCot{o4y!u^j3=SeMC^N5SUm}BR6RIpY z0@@Bum2jl4Ng6}mbj}jFw-N78zY<8`|c>EzuVQ0L!k%76V_!#7>cncqNUw7umE z5?wxPmSwU7qM;7lPiO4HBhZ;!40~pKINF`A7GrmxH#2EsYuC63QJ~ioT1u~edQ~^` zPsg_W6oH)P%}RE}{~e6r!p^>elPIW>?lphWD#Uch$cuMHlHUyHlnkV#Mmon$)US6; z$V{r?^KrdYeY^KeV{fHTjpDJEwkZntNDeXDDlWb1FWNK+XKU3$eLCjUHHCIFZ^-&G z1*7*^pNjttz2o~%9D!@k&!>=?^;rj~*?b3s{#ZSyqra)`_N5z5qX;6SDC9_7w=y15 zpQ;Q~d`Pp2O*!SdCV8+K`Ss6Ol_wJ!j;m;g}Pb znQ%HOk(M>cB`;=3K<3R13Pl~N;djRzkqL!*>?BKEE6Ij5FJ#Ta%+AkgKES)3#kJg1 zGkr^!F1=_M4~8JEp}6IO1~_{9rFsuaRN->D(qkxt7c&=>;!E1d?|S0+g|xmV-C1sW zK-jXx7<}|C*f=T_8VhyD%dt_-V76i&-w@s<9OtK32Fq500X3}H7 z1P%0sx|K=|!)>d;*Y!sQP!V#@l2AL1y&zDrlg-X3Iw!hYm|%Gbf9c$ejVK*74bs_h zCrlk(9~MI(%hPdK`)sbtL0{|G*PIk-r_m)S&D;KwLLYJM0j2aGi3#0+3?fc35rmik zf-u$)rBc{xrxCB~v3CEVEs+b+ zmZ<$qs&liyqp%7iQmR;1s*hpT4AxNkR93p}10~}lpI1A%-0gMaSMwQO;y=SU&i^$S z$3g<&_{RE;g!$if5m^E3oSgp^tUK-W@KzDK7w|PdU(52b%cMF=EV5deQPh^s|4P?s zhEXY~)rZB9?BkR_L`4%d)YVQ(BfTytLJK@y&-Qf%R@;_`7#KKhOevV%%xjI)$nOr#-fCeK%r(b;FcYB&v7zLU>DysB2 zSeM{EoMc=eqJLla6}jz+!p6@UTc7K#tA-a!Ms!yLBHo5FnYXyJ%q^}lYWqG?7GI-x zydlDUgBJa17|K8c9q$QAUsR+W5xy>5f^Gcmr8rC#fH|#~f?&3@`Yk*=aP{xTSvZq0 z8AWZ{7FMMI+;vhszwC9doTeYi4z4J^D6=S?@wc4?nkVwe_=69|7)>n6&4p7Jh8@Q+ zEl|(Ueb#;7`p9<#-M?P&QSJ3Q>c{#p_HuZq>qqS=NM~&c$=38dn{`wRe}5Nj`E=3T zchkG`%TcqDKvfey-Tt>T&)qvJG24vlsULdQSN^D@&$jK<8wTMwSVb@eyFi+w3$8d; z4gSG?-k7V5ki9QtPo$}2@P*!7ejHb=EZqdN+yrUxWkg1%ABHtc{5L)b6=f{>r5$z% zWpGaHUS&JJjHJI2=@yG=Ko9mE0O2p8cBU{*+ObA!ep4LMft42GCYSvWB?bH^Xwp#g z(%e~JK7O>`SISaHTZ4eF2UOQUx!-TjtxzxaTB>^ggxJC(5jpEk^`HS!Zgm3Tk0Cb48+ zvJ=#Ngbo2BvnRwI_C9|8P;(kjtdN-nD%8W`zXAyZB)Z{WP`^0)h^Ug3yAz%oMBO$< zb`?xGuK#)J0g8C*OwYf0pC){#@iMYZM#8V!xH0O*t^1=0H$7~?KidB zJ9XL@N6K$b+~&UgIv55XBR+*|e(`z4N%mE0&ZOP^v2^Y#AEId{8;2BTgt@3y?J%A^ z8ghcS8RxAaYBh}MVu!m<&X^z|H4U8WH(z0h8oeRmjkQBbCKBa)Me}T6{@MJO{|2js z+y~)6Bg~A8*bT={^TSi=Nj_Y)8Sx)IFJ!&md~VqR69f8X^W=Ubcjbf=qs%cB45c*! zesbvVB=*G($v53oHbTeb_gs4|R~zr(mv`htG$*#`ftxQo+m1K~*QlEq<-}4Pzh`CZ zI`CLNCgh{UvmdWYRUKn}lQ~>P#Yq25D2jWf$@jHhGhRvFm!Vs%O{uQEq83tdB(9cV z(I$Wn%lkJjIA#f(FYpbjXH{b51d*>z`k;CqWWG{av#4Cnwsua2nZWI|c_w@+?v2*Z z8SbD&e4%{D`~+{GhxzW$fmg>{P_x~Tc6Fq(BRc}Cvsv?lJ%Gw5UB@@jL0`4U%f_8?o=OZ@BSVV8ZtkhrN4zE^>pX|p0e zf1KA1_(saTx%^v)jyq?EjyC?r&o;i7STJJ;%E9_hy+T#o5^GmprVniz#(mVduc~aw zw363di!%1J#>=5#KZ-wq@P5-BC-$ss@|A8g>^Jw?4;lqq2PQA5bHmNwbOh~EOX#!~ zulbzK5w>*2bp&?Y-8C5MwD-?-e!o>0pl6v$e4rT;5sRgtzbibzfKJX(e&<<}5F-c=90maBi;z0aH`+vi-iq%eP?_#wryMUOac*kIz$^IPB(65!JVz#pN8@$8Z55|?6H2)%-#(Gnkeoy;tv`u!NPweF9gxZ0PB!4O44t+mE z21zGwOTHl9mI&YD4!p+y*@q!e5G(NIhfJ1HhH9MW4;-H!Bi&|VC#Gf*FIj;hjxc7U zb^9gwzg=}5HRySc0+eB2E?*1EKZZ#Uyw#x)|6gRCQ*dTYw1#6&Y}>YziEV$eZF^!{ z6Wg|J+qP{?a`M-yb9JhAJ-vI~?XF$b)oZPO-$3MVgPwj#+?#<~C>zQ6cX4;M``gwK z#KkUBkqfA#PwPS2!Fs49W~U%zhGr&ZDgyAESy>R#f5$HfwHOXJe88gpVzc#gm;#?b zP8R62sGbGeS)w^agapT$(h?ZcLUs0ncLK1Ybca+=m!~80!q7CrU!Is_+l||3dD3n&T6k@y7FfSLaWn##lkWDZs19E?18awX*9#1 zl;h97i;(=fGJ0IP{L2#uQ89Nn!zGi6Es@?*Sw_4{2nTIMm$9=7dhNLEB;}_Vn4v2J zwDs75$u6^5nIe^u`zEJ(vsGc;vsqKbk%(ka!=`=85-jmwe>kHwLRSM{)0%?cR-gF` z**>*<1@%NXf>Cb-Vpk(y%ip$>cYXfpyd~@J45)fAL7FT!)6KmE4+w%dJ0 zTO6Reu93OU`ED`#%mG<(V>gT<{-!oBI-Rvh>VaW3M)*YpSL%1MYZ_zTEfjyE+d1&LSX)!ezrW7=9te($ zyi%7UMak_dtIIrq3J(Z>W9xnTl#7{o1IAQ`3p=HN9CyWq z97p7=wf+S;4$oP8%^O2=2pB(#@Nv{N*Ud5I>v8pYZC%CDxB(lU1pP_DcUA5vdO0Ld zzeJyY9Pzf0QPh+@tYp7h+3o7Sx!HW}fNk>J5O0fhK7G6CZI0XH7#zFqqeO88U{>%) znoYjwbNyZ*{v-VXgdLiX*RSkyFrncJTdW-a1-jQ;?;tUUqa#FTC1Uf-C*l=IacF-p z+g$r>(7Of7ZXv|n>kCTYq$6x@y2usjOBxnQUjJPf%yO-0C7wUvk)x78q?@_0q1Kvy zUVAc?u-)j3WYSGYLB{QOrr<6o4pWrHq|jFhqOu3?J;%xHx7}F}m*1zG#UU0@5)BhY z%*#5j2fpv9ecpYHX3otZ zrXs2E0;UvILtA_Su`*;k0=0cfWS`@|*W{6DUSH96_%rW2!Wc8;&B>WJZ|%}| zAynw`5FlBBNdqY@7@36_fxx3!!92eAx;0}mk1$@@fJ08`1?G2lzTZ8lVT4fFeH4?( zDNqwZCBX=3*-r*7b$OQt&zN2bd=r+dw$EHVB+KD7kpf{SWL>BXZAI`(0%xvgau)fl z(g4D$`0Pa8q-Kd5>Chs9#AAwoXG|W3e3IG5^5rGT6dMb}3w_GFXNPC!X}f7x9@7nT z4+-jz!|qqx#&+c`$!>q#!d?__V8>WBrP#@|5{(jd#;y<1$NUfR#|9F_-%4jLAKv@q z|9SST**)-lLVuz9N&8jz^!kPR#rS3W#rvgw8+3s2haeUsqA-oH`_~iiN zs7qYsswD8@xw)U77xpbi&frf@+m=&L$!3aNQ(@>`+Etv(E{gb5$LXg!8z1KjQv0I^ zGGH=%;n+fO1`NJ}u**@$RO9ImK^>9EUeKkkOMz0!I1tEMgxph*OpSfk5St^aOk*3& zR%t3z@JvdEa$B`{NwXuRrfJ5MhIXW`wdXSnsbjZM4#FSY6&$fB+i>N5RU8i#9cS_n z*>%X;zP9_eRa42#1jo1%6Y~=)B=E~5rXTD`)g3h*D?U}fWK+pr=%ubHrK$%^#-gS0 z{L(2CNKRJC0um-#7xBp`^v)g2K8pNPO|=1z7DGkD!$h)K3XV>#hy9 zmA4M>{MS$@mWRT|*lk&xTN=S{4%%kI{t9BHqLg@vFMYrM!npNnv|@3y`L4Nl-YFb- zMZ-lCaNr-Z;jFM%TX>h5h)1C`zFCv-A_)iCw8~|lZ%%{RIgv+6@ekIh4Ex(Q`7(V zPQPb^ZzagtEzQk77vk+_@$OES1~lXa#?;f7{6T97OLCE(T*>E1`nsRj$#F$J2ruk| zem5hS+Q3UKkXo;jJF;%j38RQcfT0f%eu&d8LgRdFAMq-}$R36}411rzo;oMOOt17U zd?z@=fITK~g+6H~Y{9M#ClEou*Db#{P>DXPHyGp|Vkd~vu9-U`e{k#`%Hk5sEeUPN z9V5JLD37AoO#t;@Ae21h>kvssaPk5<`M?Ex1j`raRt(ep?3~_Qu=#tkHEo1ump*O(Tqd7 zR}}jGmRmdr6ok73<9l|GP+Y>BgqP6|a~1(o{sf^<(qvrH&{6S2qkHH#RM&Xc1UW$5 zFHT^JF#}Ezy@8WkaNNL}U6vow8lmZUzucPl+mZs^SRr?L34~=Kx#f?ILJ`xV7+_Arl0uU-V^|T=MF}Ii1e!IT zT#@5x)?`sSQPL_w*ryOqHqSR*YQdb_Mv%q)4}E^5XoGoP57Y}R0@OoraKE8JTdk72 zhP#Re4R3h%gU6nzLBnl*t>`MXHO6^RS3m!r?B1VS;OnK>pn?9A{?vYse#yNkd$m{5 zSIB>m|B}BFvrBsBcFqVMLH;G`7N(jPD#(|yEb=~Jw|T%z(! zP1h2v#$Hmmru>`qH8@!nSgpCtx#azb_7<0`-B}~J1o=qRF;3N|QCT1(#b_RYcgK?# zXRC$V{?k?)E6{@c4)rexIj_b(l2M^ml@je87Ic@xF=F}QgtiuadVks*AD=k5HUTxh z>`?F#10m5uLHe4+Y;4AwxFch0h8)_YpU|MzK0{&pxQ@yiJ7cD}9^9H+YZSe1$QoK} zJf+TSmBgA$t4}Ro+*jdlOup6ybAdNFehRxeWy<(M6U_^o@2NpZD=+I--rtX!4w%(X zL57hS(ldIkF9QUHEE!O+bOtAuxMmn#H?)3$E2r))WSFpVAp2bOs=P3-Wef%|Z5|)D z%~~LDvFYf1e#7HN-<&N|pg-R%vTC{Jcs}(|zMJaue4#qqsQLb*1+fhPu$$l790`Z0 z{R-S85sSg*GrerRYuRx)(Ltf6*ygjiPbyouPUAn={xF?R=R5goLzv9y(cjA-l1`!5 z>NY$oha~WPjTcuJXg0k%kgxQ*FMCpz7kIdInz37b?T^f0hh^yc98cL@K2NvVaJ#Im z+Gz5c*;d!9*lGEG;@I}SxN?K<{Mh~=@OHmN^nSdf$ie5oUz?lh;dK3+sOj#;=h2PD zs~L$|F&eq3J9t{X^SpHDbM3_E`Fb%F*Gz%s*;1IT6ZZY+Y;Lo01elpMjay@ln#X6S zoXg*ldGTEr4hFfWE+Co3HVtXenI_KVu2`^HCX+JzBb%>Ht#tLH$W%eqtLVkzr}5t4 zgn$oJQr!z0(`pC+1DJgerC;sIFSBP7iUzj?9_MKfiDI*Jf zPciiLP}fVNa95LjQJSwvY6M=;Wngx1=Nfi>0+S3b(W?Detdnk6bsjoyK5x|V))BK{ z(dt*Lf=}d@0YC6g){@kw$R{<|Zh_aLDuv@L&7D|j(waTH7#BxG{oD$P{+04bceTv6 zeL**2jYX;>_8J1&x58x(L#dh@IWMblj;unp#;IXV`8!j zaj)d}5<#|AcVR*~xc`NJ89mKF1DEi&S`<1HG(*kYqu6cRS!mcvQF`a{9IeCL4U#(C zL<;q<*sDT^zKwnpsM9w##&<~sES=<-p(^x`I)n(J8{jiVhtJTQmugM zNBOK;CaT?AUXp6bqr7#;WDJ>~SWjLhEY~auQe5eLfUD^wRq@JTEbLhWPR|6aEr7&9 zbQqjXhdSji&#mJ$0qQ?YV){2YS+C%mOL_IwUy&&iz7KZ2iQ4k?71-N$a*&|@`eG33 zNU9jx%D6@pWIOB)M~i^R55HDEYR8_| zo|@L1TqXGyGBm|Cbc9xFjJBPx`z~{8%!MMAu#!2{XpE$e(xeuh>PeQO_n+#OfTZGi zydZG05*1}ZqB#nYEoHX!*Org;69Yq}_|XEndzmn)QZ){VRBSNYsoDio(~ zic}=zFF?JB*HYKD`JWWpv+D=E^>JCi{{Z>rjKz9plTvRb65>8nogZ3hQf2#R?7%v{Y;X}?P6Fdfy<&gQ7ph$xraVKX#pv`zM^Ev=zGF33s$;N5J| zlM2z!UkfR@RCf5b+}0{x5pBafuap6{LK3k9nM%4PNSymS1f$+BkUCpb*~+e*aw%0M zes1fC=1mVTT7Qvw8bBAP>@w5!6=?=YH-L%PfssZvU>sx(X;4W21y1f~)d<#zwFr?N zRx1FzND`6ql*`&h#ifLPuua12Q&Nu}9u+?>Z62mv!e#R`lH1cYKzYJvJ)~kUx7Dci3V@1Lskkz>267_A* zxef%g-e)PKl6aZ(ln{HzR)U=WF&T-avTe_54vvv%5k13kMp&_EPrUx~EMZk1?G4pu ziAJGSP9~>Y79vqiI?)x{EyNKBThXnZb>2UZVX36NS-iE1pEt8GwiIq_6`#T{D>dd( zsRAy}1y18r%pJ>7U+x(@q9d+8r&>=U|2&a)4?(n%laBtimd!f@As?Ss4TKaN zijzV=WQFfeX^9{tR+%4Jp{ZM23VkwoB5DAyTaly!u1k}Qy1V54cFjemDsduA05-&K zN@PlMOn40$vVs-nh4eyXN==rCq>Q*Q>#ag8PUiT7qJG72+~m>!03%*B|A7j2Qu;dv z=I}oR7l3e4$NdLXc>e95m;$F%Tmcx@4@CAT1!Is8|3mQqMdIRx#o)2HjD!DoIE+L4 zZ}v09SRamx{RcJ9`gjr?t{-Ua{a=K4bWac-!O5Fl29zJ zNtpjIY9I#R&~Ko&Yz7nH#7Za*>iC1e{<%N6aHIbL=6@rgSes3%UHSQbIAU=` zu7FV_70w@s#1J}yq5X$=l2UsWB5^dwA0+oH2IH!Z{s$QGZI?3qP&+x zB{pt#?$AbsQ|njByoTLUA+vt9;B818R8NLU)ze?2%BQRns+7$ovtzqziI#5JWur0V zxd?`oh9HJ~hOql=K~j=J5_BP1)kXvHjPT1Oq5nHuLKy?8`ecrJwsJXj<#o1^} z2R9v#q>T%JfRv|VA*3Uc)flqyjxo%7BzYssS-R;1Y}=PhNVnYeM(kdwi3dZ{!v#P? z8d$NwZ;ydBO1Ep8>GC`2dBnqMy=I*cvEr%9wdFT*shspt6H6_Lz_yK`)E=0UUlI-3 zd}7V|7Luf66Hm^HnlQGWJF#FfGcQtKnL;4wdr?dhGx5cy*%m^FpU^XbVr?mYj+Z4? zLf{vGSz)>T#h5=hIdXGJ6rfA+Z(x}c&ar)~tFLGEA6T>KC(owUR@EjAv(=JDC+ z###P4AI1!L#u4TVu3NL0<1zFL>5J^O!L{$Tqd^S-artuk`%{{eX4#Sp9A`r zyz86hIWlH z35yD;N){;Hf?S{fOFGb5kLL;x~Wj0S9w2YkGb%XJX2$HrXK*U6tXIni{#cux}m$U=1_OthtXM?yZDRN z6AA1A?ChSo^1%%W2jxrCK-mzs)9*8EhxMjha7s5)8MFPWa~OO|$AYfqot3BA*h_;3 zx$#T~@A-j1eN>K|6#DO9y6ir~Q8Q?J^hLxsqktxGcTFX9;@30V+l{Vru}s<^gEB}W zP(&cszsSI=+s`i5qW)^?_7nrnieqL$h4E%f)-B6{CwG=VfrN=3ZoFuOz)884L&~WU zYLcqdqk?4_?Gu^ z$;y5~<0&#SmG?E{+R5riHRF}ziM7rn5VX#AyVZ@{R)Ii?po!_={$pb%l-9WDH#cYJ zK_W#5)Y(vA;~=x+nCVg@d&D@d}zK#z8BI6W-g^q`&`cf<@hs1+@;QORic@*W_ z1emEd{^ahc2p6FGY<2tolkhFS<@;;pfKuWq`jrRFb|KuMvY~HCodz;)zogt@>35-i z_V~Y$U3Fh{j4;zs6nV6toTUatr?M1QjI-FmKBSSX z>-0f};2QM{1VR|EGw|W)#*_W84Ju?P%z%8z%fXx{#asfPan4_oYV&r1Pv=*(*#mb# zfrzJ(z`!2xDkS7C!7WV|UN#(GuE6srxg;rmLIkpaP?j@#7MV9lm3{LO=Q>p_en2a6 zhd#%p=o)Sy1gE4mY4)Z_NFwA|jf%YZd|*FHKl`4t*lHxD9l@)jSmK_?YM!^0TU^+x zFFO^{!5G**rbhznEaAWKufD}gVApWA@Upy+*&_R!TRZn$*S;x6P}2hI99903S48-M znp^qTtiO_8%xZ7VBA{>KmgdY?!Zc@=yx2XokLdWQ&vng}EFD=sz1@fyVbZDtDtW_j zd7;7#q5Lp6zx;yQjRv2U^LV5leHSB6_Sjy*w7zk>gY4SA^gr;%2${jW(nQeX#YZO& zW$%&RfX$%CdD2`9b?R22A8nHswBH$hz`O)T35;eLPE#Mn-!lkd#)Nnb@^2dvQ7wao z`(Gv}l{9IV)1M3iH89o5#XA)*8M+B=(O)7@3PCIiRj9Jmrc|etdv=oM9#x@)jD-6X z;LfYD*(@NW_Nm+GSz3P!c-<9J1u z<0wX14$(4!r~S+AFM$Cf9}5P~s9E9|^GD7&-EMQBk3Yu2Gy9_lU^$4009d}{8HekB zE*Z6M$veVs4rs_=`5@(fi#^(E0Isy5^6IbV6dU7>Rq_3){j67CF>l#Q3;|@EA+c~N zdMd&3gkfn0iJfv%RUXxF%er&rC4r@6Qh(#!Q9gBF1(~c?$i!1}OQVJ{O-yW;Cp72B-rzbnV`79n=@klao?Y5++(2!_T-PKEVUoA{7e0o+HrLn#`pg?bTCz2{EBr=Fa&r z;X_t}383T=~}^N@?|$`1w_$RiB+h^8gaw#6f_Quw*vBYPNg6WwfuUk7?Hiq zA;~^#;`(`Jm7YSX`#&gePz^(-Nz-^kz0q2QqvN37_T7SnCKPV$y}0F8Bl*drj#N*( z_V*x|k;D!9Jy->4&p>T{Zm|D~U%~r^#TDj@+e`E3VJZ`5wj6}8;*i1k1f)?C zeDn%_wi)er2QX4&3&>&3y8s4Whwg}r_K3?T)Y-|UmFRW{Z ztnLnifda*16?P~e1X}NFJ-_f`sPee)dG~S?-_gJ=}EJFM|hz z!w#wWryX+u%qk>sh~qW{p!rTw{o2hB{5<#=y(6%OJQ?>H@lzsi=IG~bNi$S3SaG6x z*lx@hLFr7MnOAW;hEC(!q-b=4LFXBoJWWRg#gYX*wK z1u#o=q-3Dra&V2*BzsHfGn}@eR>91s`6xLYqC z%>KJkA{!L;WYruT5<=}-NzOM0alaU|WEKIjiPgWt-)7#6*ZS9452<>BrM0k(5)|%N z5?jlH*O}56g;i6b=#)ZySd;UpT$31S?nFo5(sUHQ@G6uN@@Z-9WOq`Wyo;~bdAcl!Fh6p>7Hbu@V$3SX?_CXCP||Dxy+fxV{b(p zLCdjN@A%xP8efN<`7T5P+dp6;hOK!%AI~PnhFs@CLmSiSp%**s97~}vdv>YwzWWW116J69@2vFfZh^vbi`x7(>y`c>VMap;xdY zsd7zQVx0g`Mq~`5mv%VQuI7}&QS7za`QLC5hBag=>}^K%hUUL8bSFdH<8yzvWGGrG zbl9JBX-u*gVg6uJwkA}Vcd;Df^VpsreM$WRxc3-U zSJ;}p+m2Sr)>e&9-N&_;l-Dz66)fA(&fEKAAj^n1^F`h43qcQFyTq~A$TnMza+dO~JWk?~c+S)f4e8GMCC2DWE-;ahr`q6-_Copd(P%}Zk>p!2>Vkw_ zv6;$C4_YYg<+1zllrY3-N)bm*CbX(fDY6Aah3axw8%H1)Bs$-5{ry?_D^+fz_u4Zw z3bi?9S%DT@W^WFI1GSKCSkSa=PUrq{RalJe>!MU4zppej?w7Y`w2z+ORUK$#+5P|w zNdD49o|qL`MFtgt<4sCil^*j=RAsYGgEbswJ1$J4FtiQL_H?t=mW9}FVQyt$C#R`@qY;`w&LyDQyZ(aN+5ACZ~=W&wh*s!v32+?qj=K8<9GGf=ZybZ5&Skmg#InmgjG}lUymZk9Mi@>lPqgApg+Evp<7e97DUSXgv z8O}B5{IfpQ3!W|_6s5gY6Z3PlI(gNxaHS> z76krK^q>#{@1=+^tu?(mD}|g=51OJj5)Yf8m^?#LNy8ph%bi-mJ`27*IYD1}+#l#( z>0vkW&|9bxYx4DHe17@-&j@}q`yyYEoK$hLof{2H;n$ms>$l(@*yP*Iop=vvuW1oO z=lfB0#~K@`4=NkH4b*7Nk5{<`-8`F>J(1B0M&2kqbT$U-Mj>o5C%+iDb)9V_*8eu= z9YwCWRA)&#EEu8>($><+7{%^6@`oTxn>Rry1H;LGfV+kxxqIszQ?z3D&1CNOG@Gz%5V8r7l=_(&-RoR6)2gQ^{N>$|QQ=jCIbEg zTlg3F$P6BiJK&=gzs0U+RedjkQz9w94fYq`_lmG^e4~JxO^}qUOy`{@5-)`xG1l=S z5|)+OIBkgHk+-}~re+RD8dfXN>_xDiIh=$g=6E|>dJjdd}p3UB@p2}3?&0p^?s4%=8t zV$#|IMlwZP4VzD|z4hp?%&D5A=BE@G)OskpOSknm5gYK%gRX`F6U~1)_H?9uqR2Q* zbE_vA7v~v@iNzcv7A~z0x>@~fP)3I1MonEt%=S!^NpMtIz4%%c+e+caO|J^x08aGn znia$uPcR&~1Zy=ABXj&}hAwX;A8LL>zI=XMoc})ltc{h8_JKnNdA8-xA7Oryzhoyr9@`?ojC&_1vi6 zE-92+O%$M3U_cE=gs-r7CroC6`4E;Mi%Qm{=1S%|Pfb6O{I}vsSuhUs`vGo^vaECz z6S#?=emZ#Wj8XH1d>jM%WY?oO#c=g#InH_t7jEe?pQ^VuWH_*{Lz%-^33#2=oLkw|nMW|-lVx5Wa5&cTyo@Lu7@)2e! ztOGk$L0%aY5N)uhypPB`)3&SJwgNI`xMBF=sX@|J^``Qw@{*BzXEpzH7J}Z4{!F!x zIt8Lw6`}YekUKckl#3Ohr&1IdT!^4a!(Yrr*jc6=?`!&HHGN_a=YeVGa7e9U^;-&J z%ppdmn0;K#s=Cg-G~B*{c!b-LX;3~ju__JF_ZaCw_zAK~N>**ns!?a5N^Pjrrn-j7 zxioLWcGvK(=lb3?)e4(Wf61Gkg90q)5s>2sg)lD~{>JMK>dxoz+!{tRkceXotR}IU zB~0*%%8d^YF^$tUbT=@TJNHE@2AcP?- z@Y$GdbxKm2H=rOqQ0LieG|jFY6_T>-4tTNSpJv;OFZSNQ z0UiR{)umR+R{s4aqJ)1i)VpSTv&7$R73VG&r&Lq$A+xx8ln8w-icBD?(%eY=KUNiRCxKDhhy(O(tl1kuL z&(?1w-yHL&A{)w&Cb6njFD&o#Gm(bSIR8>V{pD3G3Dk%%$c-MT9GDB>!s>5F>k7=$@TfJd?J7ZSMmzhm*LfZ}j}kf9$1eYy4hKKv~+ z7Mwt3CI#}>TC-Q4o- z{8*RZ0iCf?Z-=BUd&|=&svW+UOI`>ZR$BDpV`bz^NG}l`I;uo75Id z*#J@RuH(ST#>!=+{u!=x>8@33fyLT1=3q_mRt01u{{C_$YGs;qc$#$23MBDW)S?b$ z{^!+d8%Ta-Rf!C-B!+Ip&o~Tn+T@Re4sU;clUysvSxE^^p;$Wkzr*?Ky)|DcQS&Gl zu})Dpid`lW!^{t}v(%fM*0i_c#Z-*4O^lps8Hqt==NNM23f2 z_vt6fQ>59axKiS`Kx)b{BACNJZEe%GFxYzWZLP9-4)7LvR1fNy;k&3 z$4SvjZ$`~x*=lDVch*-dww@$?rm5uA!d2-ZaG6ooDfSt-J&G?^vsgz|wWwXunHQ%3 zt0GIPghf>yFxhSy(bQ6Ix0Gb53U8Cbl38aUY>uhM{6mFLK7U8iaQu~0<#;Q^@I_#I-$sh1DgaF$bi+B zb6OZI4hN@)%q|1f(C250C#XehiZy>n+mreYtz!6IfL=ZTr{#i=pPWR)V8Q_j)P$Of z+(eNtngTgyn@>hvPvOk|XmZ*ytB#q$8MJ`W(a@G^>X7T0lm{me%)SYBcN^tBVYF{_ z&i2kGR!mM^uwLj`$aOs@(@01>B7u#h(oEmJgN51>OJM>~y_q#fu5T`)$2EQS!H*o{J$?Q(L$_;Vn-y zuPd*8mUjOAqe`pi!|`PL$4qx1ef<14XRtt#|!o_)hln-oQ^; z69(y*se{~FS;DP~q(*}z#7%%thytYjsZG3$-!|W=lmpjtlQGlsGOQWZn_kfBkl3jQ zzpmqxM;p18dxr*ok5_wJ6TNxMMJOLQ4RHQ+ct>G=Os%ti)@>gkTzZ*KEYb^mHdZ0K zt##?yYHILIBX2xnZ4i{3vvrmlR|-br84;3Q_q`1UV9<{`J;?IOwv-QF3}3uCeN*qi zA1FqvDM_z$HtB3kuWqew6)I)0p=ZpQ)~9V?ZKT<<$}-7u_~kEc6|{|Tu{p$>#ybh- z7uIdCdM4KOI7B#P-yt0|h|Qfco!USIZWqR~4X*uTGQ}yYRb4Bcg1~3Mz<{AgUlhYX zF7fY+I{sdGZKS56T#^nYC8w)=M2cnD5ck<$r724BE>c%;_80hN;|ddTI8H%)MA7&e zTm^EZ&g-R=`7-E8Ka1=2h>DAGfCf;^nK68mF7IA)?vD*Ux!h4_a`KivEhBM5z+`UU zUER9__wg*W<{`U2f4JT}5s)_T(RVu4Qfh6R+-Q_L%~D!_EAI1*-x$rfP5Pj@&PpMr z+)*$qliiH}Qj-o5^rnTltBdKSbWnLWKEoe4e4Kd__kL%-q8rvqnD91wDyTB*JeVJ8 z%uHz|bZAnydvf4OKb$^N!9Q|7dX~Mu*huZ186hW^f85IP?zzc0wDVT_onas$DR*~- zFf;AQiC!N4y&Vj8f5hG}36PG}iqkO@-ny5O)U*#X)>JPtm zHkP$Zh=O~8w^$b$6X4EjM^0%($FD>v@vj28iBY=cdOr-THHn|Rcw7S zLgh5%^|4t*xc|eEKMInk+b&poM;M;+rZw|834dK;Y{vxDziMuB0j!}wFek|JDqc4U zcFhMke5-CX|M1kTlxR;{mP0E%T&6eme^|zvP8xo1Wyb0Ewiz4OHM?@bkZ+tk%B-O| z_O`_MEAPQH1f6@wo9#I?=+j?EqJ|_6<+F2t(^zh9(w6G^pz$;7X@AuO`$FLn>5=oc zntSeSX5THV;X%sz72QA0^>kbP<;=Hn^sN@Kdd%`lo#yuC*%M$H|NaVGqN2F#FwsjP z&oGH3OPAt3sGct+B~}tZDTP_Y=0$E;`*fmCpt2%E%Z~8>7DJo?fEhto6*`?#kC!TM zJu0c3`$)GaC3y-SmT~Cbig*)SI>Dfp%n;Z=oMwCDoe!midN%ySpx55-Q7G(J{!kiv z5TMZl75aUDx_*i&Awto?eQ0>dQUXzC4_@WkJOs6yRJm8;Num2V#kI>7Z}o)eWk~<9 zD;hklG2cO`wgB>py@Yi|^^YK3pvmuasAULrz2!--x8(FA_SElBBKDN&b7iaMN2f1G z1(KUp%f*gCx*DzK0bMBLsczJC)m>%4Ori!LwE$X=U&~Khg@)9QA%h7^B`Ia#b52usF ziK|N*0YSCB8;4F2s=>7zjvPq7s47ZqVM*T3wHf21-&UsFR-;@t4`(x8E0(s*D!0v( zrV;4#(FVNaVEUIiTzZahhc~h)$i5 zHY%XZq&yf&5GL^S&B$UlfZKoQXBMy0Sv?r7{svl6WK1XNur%aqp|`kt9Z>hG)NdH^ zX!D3C)vGr&yuTg9^w=NQ>AY`McuPu*f`R1cZ!Kxo2zv?jolR2}iai<6+2FYi58du; zGZwl7VlLc5pzmAL0>inmFFcj5|?ryV313pS|A)>!HZAYl+E= zt>TJl42S`BQhHDlyIVCSs(vDovQ7k&U-oD77PPIJn2GFR$_7A6fi{6&f#R7!`;`_p zR~F_oO8FurMA6-^EjV&=|da-$#0b&@4X$2J3C%E-TH z7(A7rKi7&_>KKWq!ojYZkh#&`S)Az~ zhj!~-SP$O#lP@@K+}|Z_jqLi`F!Hl`_Hf$l%E~4IrUX{lW_V^fXMeA~qxg&cCO%UR zSRRl@u+F01WhT>BVU=V){yx`nXxi1gxh0*AoT=hfdOY)nGRkI}0x0Pj>0G<@x6ErA zu4}ELBEE)Bemb!%C)k>qZjsHDs)c^?a|87KzayC&0M3L)s&RGrjhexLR#+R90j+FK zw7sH1SWSp*M)!~1z5%qF`}NG~`TQP!CF&a&cKa{uKLWLs0!U%JaXfu+peya+Q#s_K z*+M7b3C?d1q|4lo1r8!P4lHIny3E`us~{%=oG9<{t25UEl78c70=s>(UMq0faZl&I z2~wEZn4dUp+rNIV!9|`=QFAQ-$dfH5Dv@k71Irx*3(92D6GeES+TP*o+NLvts^2pV zJGfUYS=mK(oVBft3*<~#_ms>J0GM!PK~@oCVAaXmZk?89h8BHCSaP3y`AiWd5rhAv zNJHBVF)5-KVj9F6MX4DcJU7HB!YKZ5@;+;qQCn-AD$Okm@(8C2eN>zvnCMKCxjqH$8!?o9S@Joa_l^PI`QP_)_7Ywq!;B?uM+z6YC)QAQf#@rS+T|9 zsAcFOa#*@qx#C#rST;pJ=5k1FHTfjyGG4~Hwr($X7YO9@mG|Vn59muUk`0dEg}2q! z&m~wz_|QG;S0YxJ3oGRbMLS5GIbsc%TZPy4OGLxd#CE!J9ym$jRNTvO%%ONRXKWG+ zfuFoqFD`>udyaagd@lx15tVGf;5jBhGnnh+Z6eb+C>taq|J8Ir)EF3t3{0+66rQwj zaawv%#3*6}+O9o*5L6#=K(3rK=b>67w#(Ze9GA040aQENB`HdYZI{Kn{k&*I6woN+ z?;5#>`8Gt~1Ho2-?@?d(?M7d4Lg|tfMuv;nJ3JCQH1af%Jsx~I3_g!(8YZXzc+b~P z2hIn1L2Roj{Fdmc9Ld@K+D$Em^`G6y>tacLCUl$pyHzwnYRiH9>9)<(+#+0+xeyco z>zK)l*2FqSSfybFmvz}TkG*2cFp9~44RgRRY_wQ0!`Zl$zOsP38xat$A>)eNjKVWR zez!xzJ>u6*Ib6KdNTu?km|6<%(#|!(yeLH16f_25BtzW<7fkKdm9^d`Xa3mcYPQMe z;;emm@CuZ!@$0;EK^EM2>Wx)nGIl{ zX-GG7yXlC_M>*3K{M{&PJ9lChXFlq=byX%1AJj%1X65@T;)}-8wvm!rsbE3e+*3^C zpU)SRO%~1?MEa`xP#FSRTbo11JSUSSOIxc;9d)SkxOtwm3s>vd9A_5&%J_028+I;0 z6V^tlQ_bwzWW$Ny(r40aN|qvBM|I(?gQRac{P*DTiSxK};r9RAAX=7!YxNR77S!Mf*Nn5++e6h!qWqboO+5=AjWC(R6j(O*?R<70av zT`wniMVIo;F6PIJmS_Z(D9t+a%TmbplBQVM`*p345Z=4_=j71vm{wii#=Bv@j$w?& zD#m$8UGMv|lI$8!WYK%XY`XDT*Nr>?{NJ#Q!-pYeH}Whxy?B9eF|zd`RDdOx6%uqF z6MH0^SgoSre!euS3U<{pdPNiHX=9mX^rht3Rz8sd++1st-M_U&Wk+?ca@@vwhiSnd z83D*urK`FKi~e@ixzwdnM%GSIH;WPO%2T7PxI*9)OU>zr&`)bS-<;M+tIV*}b4;(w%h+2VMiPCtb5}NjV8F_3tj;lSKjwBA#cGwn}6@6W>osaN# z9dR{xJ$AWnnEK-DAW_IO9uXu0qDaP~Dv{0X2QM5+$h>ZSRR^CS_E|i^(9Fb>pYXvn z5qfFSJjzw--{E}P`G0EFZ?9bIY1^xk>Mvj{OqX=ahGq5S3s`w9z7>5*o!^!?%VK6q zOD5G?qN;q-&Iz0@l+# zyNII!4^X|aym{*m*sA>Czn0kob}N;;*SpuM6YCAFU*$ZGZ&eI`Yoy3rzLJCB99Giz z@q*_+%-75vse-!?s$#=^6>xlynPJO?97V24XRdTIcDr-U@pXGX(|Vj$2fECxM*Lgr z#QCt_OOm{t3tz+24A`!6U_Snndu=t_PUd^&WAAc3zloix;dAj6-MDpFuQ*CIYh3@NWw*EgGaB4yd17mp(9RKACxuQ9n_)x69$jFb-S zqlq)wwrR^Z*X_W{)_0$o5huXaqNRUp=`dQjq-cmToe`0*g5LfD=T_qo*?J_Dv|xH zKih6d!DH*8{A&D?7&fo&h;{^gxfQC!>RC7{qH~!96^bZ@TA9|2#;+dp}U5#x*^>YPDVeVb}Fkk&@-xaJ;j)Hoe_i{blyl zN@&cp(gbIsLp=CH|jXs>0ds!^UERp$-gd#%CqJv<_*y%?d(Ce zrJ8-IW!q`iujwj!sjh>6wr-h4ljEv=!LM{bwxidE(bfCy@ki=oOa6Son)Ml+E4-e3 zYja~uV@+dEV_zP}`M7MeT^3MFU0vPYq71gFsEUKfjM|;UG<8eW^L-wY=9$5_;3~pv zU2j(pn6{~}`?fN_Pxscb(8w?kSD3ne?!eL#z^~8Q-WI^8uDb7R01Beao?mH~cNKq0 z<0=pA)+w#6Zd@~I&%D76b(ys}DynRj-#Mk{2h!c{f1L@3r;8f!RNcuL);cK0hbx4> zS2MR%IS9)LL6L^jUc@tu7x2znI6{ClHx8hKbk%?mx`K0ee$sbL?7`4l2Ey*pxzY{8 z!>=|sbAuT7G-<7<@M+VjA*%e+X`U9e?cT;J)4b5XK+_AWY8ue!v>fY}86*RJ7XD5= z!|cF0XOwckRz_cS`g@b|(21jKRls_2_}q^+CFk9i!`ol6f`S1iSR4LAlmFsMt>b zemS%8wuV#Ny^-$Q>oX#I>sCBW^07ZEd)@sWH4#|rdA~f24Ny9z+;(_usonbg?CmjM zT>{d&Ei+V9WoY#7#=iS|WzPyUeW!W=uC56~KV|Zyh~kN}vZTFbmeZn>u`8$}w4KyY z(z^SJ+Aa!29AwCYRt;R0Mbc1!$Uw)mCR96f-9*?_FbabNIZW50L_Z+J@~m3anE4a( z=&<|FtpV5UNh&Y>`|>#dh~bDk-n`t1-pDrRG#5R$%b?;>9%P`YgzDpzgj3RX=>8^S ziTWN9#mI$b2iFJDIu5-zqB_d;j=M|VY3=FlCPGi*FLZ;|9l@NAviTD;PfuTSiQ`14 z+tfx3`xy6b?~5ql_PjCErdyT*oj1Kn*mps@S)a8GkKKuWi@wKc|4dK9Cgj^IO*oXc z3F4$VBDfAms(dQJtQ5I#ieE}wg-=jh{)g<`pH=gA8%Gr9;vX1NbxLjNO2~cn2RYQ8Tzp1MAbjI=oszoA-U)ddcjgUhOGeGf(%|>O!HAL zUQbI&4kN)zqegLJ zS4m+eQeU|%2vYr9g5}LgP%wPn^eUPF2>`18f`x}31|rrp)NzP99HuRIVZN5zInLvzNysg?q3BCNJX1QKaAUsA2^$>LIeZu` z!HEE4dg>_tfKsFW6O*ShTF*kyaUT_avR;E8(uE&jnDT3zi|n`af5P+I0ahdWEdH|YGElZbs!8LbZr12stYvPXN3;Zkwh1kh znS(km>Q+_>M1)0HHKUqKizpIiP!De)g?8aFp_pVU4Y`K6NL9+JElQwFxlG}qA?pYp z%vjhTNh$6&OXyAPfjv(EyQ2Qa_xap|PZ#w;0Z-sx4Z%k#JH5Mqj*l(%{IJIF(g9aL z173JgT99#RJmFV8Zeu+%)nYj5SM&jyLs4}0osaQ19lGH9%^8AcP@S+|w`es?pZ4~Z zGX9K+yykbbf|0e{^+YyAQn#&a`f{Ji-3VS&>|_u;lneUeNEf|v*J5&5%LE@?KnnZ1 zZD*2M+if(ShQ_D@U1EJ}V8mr3UbYD$&BaG*Drf}kWnu)+IN!f6JU6dhYEj-giqg6W zR@@|jio5B%>8BQ_3|fyYU%!F;y+v+(Yw!2mmP5q0`75f`s=rmF`Q~A~)0C~MtZgps z63BV*Q}CDY8gU!>fJN6%avg*8?~!M@VoLjo!zEWJ(5d!_*}SDtFak$;*%*l6RWxtU ztWfaVj@zb9O+rC`PF(>zK~!tkg-bCL@2Gio*U6h=KeusgZO3tZo5QU2Yg4TJ^_+ov zZz+FObL_M4VYU_mkCXT5t(V3jKWGtqeJqnN9h42w{rWEEDRU<#ezZU92jh7mr%pUc zho$pm19vKthNQ!EuQav{t{8K_E z9fnWPWlm9z>D~}AO8Y&Pi^I*;3+2*=)lCK&f61QgpOQ%O#eS(p694!dtw?WE+8;ln zJc=2sz=A8eXi*BUwmE4NvRur$Xi>wiN^zHwTd(L4&Lgz1kLm(=tL=~L5Im~|--Uhjes3yw#0-GVrF`WM5GP!I z;-*SQbw>>_Gp)aKR*|T^dm)^I;_uf5M6Vj-vL{BuP=v`AZMP>6m@#R*!GzJ7WUx#d z(wsWr@7Bq#*$Is7qRbx^ZFi!ZKzq7%aMGf-o{I;|ZuG#JJ()5#G6ZG#VohF57?|lpu)H&; zucq}){$HDvR-!xJz{1LF_Mo)$Hm=rY3^Qn*E=5)%xw*y+E0PMK(q{cV4&I={OqKS% zAawdgu95NmryF;l9w-4wJ8D>!0ndwv5USI7pHo3PF z>x5jkI;8*GweEs1LT*qY1R=IjAnS#Hz&WPh4cK)5TEE_BwEZRv#wkN=Lv;S-^Y;^^ zU#8q|qm&cw&CwrrS8ec~IE*TnKxsvz$lo~OD@M!-E9#&Dqq+5eKC45SjT4L+M9>9^ z&?uxtZ8Qf=FK|hW{XwL1MmJLTYA~8Vm2-%BYLPL2Yn|0Hk(^V!GLX^q~19nsDfhB!vB1 zEGNx8{x`m%Tc95#Yk0%676~G*0gR#(Fp7k&10|^j9p`#4r@X|GNm2;mHYAV>A=oT! z@Wi!L&MoDLLQq2M?6J>{!$Y>H6;WKG{Wy=&8zQggOS7i#v z#Spp^T%xuoB#lo9pBIGJ{vm;ODdB7ts`*BGYwG{xFKu)z;)^J*`et3U*a&Ts{b@7f zLy7>DDqEjwo?=8Bc0#fp>Jkyc3vK(r)}jlvMd6%I=NPV|NGe+CZ0<6rQt)SK{f*Y1 z-!pcRx<|s5cuW#04}LAHk8H1`K8m@=I*cR&!N$iw!lBv#JMNrW+=DkR!x_+1orky) z-65O5T|9@Kq=brG_I!XzDlcR!OLIj@sTb{YsLSi zv>EGQ#hQ3=;*@nNL8sRueU`oUw&8DtQ`!@3&`I_wPm@Ga?XvQX#hrPQdckA)! z*t9im1 z<+;^Zs~pCwEs^|-iLByPLAb!N`YqQ>$=sK+#nhffV$@Jbs-wlk-fsvtx!bV&JI0>K zZl3W%js*c6Rp={%5J~}H7{63OpnsLf>ajL`+VR}0?BOb5Qs`kSQIpjL3=V1StUD-6 z3PbGb3};+rClg{8`B272skT5^T#Qu8F^;qOA#TsBo5>or$q3OPmp|??Ek>6x5Y->0 z6`XFSl#!z~eIj9;<%o4Mg$vFlRTI9rI(RyfCLG{0Fj@B36^pmIKXU*P;3f=Q)gFV` zYQVEf6N&*0Y!(H5iKxA}B*kduQ-&iK2Z7IOG*9=whc& zyY%Zc753*+@0zekShGYp?sRCT8$G!BSAS;?V#Cwbf!Bn126>_D>dr;)%I~j-T^0&X zKmu9Cp{!^KrulegWic{i;ZV`FeA%DENJnTkP_#!o7ytseI$$XNB&+#i8HZ~lGelw@|*DTTGQTb=#tgM zi=fPE9&_L>woy~Ia%$!7A;*`gRE#9$Dl7_|g&uE)Hr0`}OsdB)byb2DPey8ju~NW_ zp-?5uj({-MqOK0^?=xXc4n-($!jPsqbzm$J+>Ay6D6r-wN>=P!Ny--QjU}T*$IuA< z1we}ygIEY4;8YvHwHQFyqjslA034S-ni8N=lpP_;+CR=PyY*kNQ z=BSh$nHg=xWRnmr54uKpLog1K|I3NJ2ApEQ$&b4#AlQ&C5hP|XMas4{5`K1Ehz#sZ zp@8~?z9b~ilQBU-D5gFhMl`*Ht%6pp8!I@XA^{8BL?$4C1WiIED$i?S!(J&{56UaL zT$;Q%mc_QBlR0_ycleopMtIQZALL-^(&iOXbiVSy&4qFds}i&_xKAkj!oIN`IxRSb z%2NecWo#D$pi+dSLug`NxAB<^HS%u|>sb?Ajo;Q(k?HL6r2BK6M%ELrRt%_@nI0xx z?l>+5^qpO{Lr%qx3b17Ri-NK%MJeo9xZ*GA%-KKBC4$DNsP8FW`6XGP?aBg2^3{bF zsN z%77FV_eU>W$=}*Y?^Y^p0S6kC6x))-J1h_O*4A@#W}+#aYzwzGRNVGNh{nKK(B)1jBRfM6=Sqix{4 zKq`}&p&i}nh&V&%^DoPy1s5{etBcDLVTGp>v0?3_kaBIWaH7YW6YuX-cCxu6+ub|`<=CK%qYwuycj7GZl52-S{~Ar*FY9-Oakt_9C=6(w2mn!LDFNv zjS*eZV__u`KODiX_0oI6SS_BX^7%mjFgEfSUVUtnW;0kFMoQlo=xjAlO0r^*>F+If z`m-cvi0p??XL;H04w<)re_GNaZTw#ei%p)3HIU(SuzMO=8Oq*tCEo4D#JWgRhdZ`y z@(D7t@3xc-HS3{#kuo&{?{>*1c2nd%;0b+$OtCUaar=GXE1NmDc|QrZSkGPllPtjb-y;hU zvatMDkbthzgk2CLQrA0;&u>Iz`7lDFqF}TL5d!K{NF;Bmgvfe0uA67JPSOM`=-J6D z5BHVF$TO8wyS=SaJQH|Sd!B0A=z%He9n3bjOmHIgoNTpV`&EumPdS~L{hz+Y>j9=% z$6IMpu}L|vM|q*JU5wWQ)O9&McT?_)JUZLauOavkgTAT9Izs1mUe=S|3qPI}TB?(y z+!wlBGtGxR+5d_Rg1VAGf)`qnu88XgnD+2+%}BdDL1=wOQ51DF-Idm-qHv!a211aGoh!yrjk^06>>`0qabQ0bPhZi^K%vBPu1_L z>NobgGpokIyMmpz$xtiZtyeN*jI#3l0?~M_G5pWKaQ*iJ!$io$&cXTrA|Ke98UJgb zF14Utbe257w!2vpX=9>ovI%K}YIr@;$o4~4`v2I_N$Q!(xRDMJd1ZRe^ZuHGYm{t( ziTxuOt+Cf;BPDsJp!9T*5x<w??nq=|NW?{6H^_&sx4YKQAFw8^5sU1NwNF39{;fS@?1%>H+x?@c|sc zvVBlX#+nAW>OGDHgnv55ed*tCR@u4SLMuV8nNmuI(lU$!@|GC-1+c}zD2tBDU*|!| zGjv)51f>{2C9B;uW%O^XEAs`<59kd*KE_zBiCv-9(@&R8am+f%@-<(`<~nBs%#MSc zO?ceZLl%Q?cy53{_Ds+pQXjBQU!o6RY#$W2IkEBMv|SON_RaVF>()Ow7OK;VuC>$E zrDq?nDmh7E$3B0hxz*E6+j9D$UIArh zx8(5&vGpWe3iRjsKI?$?=dPEbc7rq5;9uM~GN;06#ZH=+Pk&kM41-=VSj9O47FLxsEDe1$^G4Db@MF`@Z9;sfu;|Lo9eUQSMS z)e`wc6a3ig8sAv$y(LB4lf|73Ern;W8=|ZA<5))BeXg5l1H7xH3EcpV=IhPrTJFK= z8pz%%Uvl2Q2oJN@w3OVtq}MV$U}n1hkq{A!&*t$)T#cto>Rs%P5a3ym7_l32Q91Bz zDNhQ!QY_-!j5+|m20PNZx;`LsF?*xEmVe-T%B9T5!yIJw#q50Fcdy1bR~3`NG!%uU z+?d-!GK{$BUjq=$KVZEy|N-1=Z67Q0E| zug@GPm#w-xNNgh<-wc#b{8JogddKCox|dw@aA+1T5pZn{+^i!L3iEd_{W?4NBD39& zBx>YyjoDxSyt%jAc$PcK0_RzlxRpJ+CjHt3*|u}IdzN@{cWRF~?V@Oge79wK@@T&f zG(Qph>o1IHM*b@OcGW}VN{r*Ab?O8So~Eey<*ahRAMRWU%Kc;v(Lm&Dwi)v1UfzLZ zUSv*K$>45`L0YA9tke7s5D&Vrgsy9Zb4x{+b3eekOx?jQnjmc}%mcl%Vv?yl>{y0y zPnoAN4O-fZUlkU zC0pF_;z@DpmUZv=$Dr7ei|DKwxCedDkS)2sk+3W;n91XDKBCrZt~o$3IcO2I>j^qO z#w|74xJT2G(0k&0LpZV7H*xop_K&9uJnZ zEQ5ZYsQ*oyeY{|N%l|{2+zn|-VWdU(IFYVFw2A0TZa`#H9mIg0CI0>AIOf7|Z725c z7va>%8r|rtvR%PXO!=I*rlQSgyx8BWfSPCfnp(3ZnKW9qoiS#x40w$&b$S_1k$M|QgT+_5zi zbG5Uj&0P8jaGJOpW=!Q9Bn z;y#unzV-P5v&xv>ctE!gewU=YnFT$s0Hw8dt;Q1T_2!&4{3ntpW}Z<%dXs13?k;{@ z=_m`Zaj>yp`P}lR>e=S8$w7&tw)NXzu&AH52GeDgn%1^UG~nKHEx|{m1T)#yK&MvpmeKoxN&IV%<|dA zt0f9dgHsnR3QL$0mWI4ZaHSY(Gc>LRMFEO5+lyY+;{p)p>wUA)Cl-_vgdPM7c`IY= zFuilpH{S;U$?|&G4)JNqk2aM5CU!R%_=TANAGyGe$TUKafUr#CrclHqI`C+3s4$iR8(w+tw zFuz^(K>$n~-@f{QG91Htg4Z5Iy|nu<>G!AInN~%Cr;pK_tJe{pn-O7{A-j=9HT;Td z{CRHJZNszP_qL*6SGlreL-Edgetdj8b93keUTXxbvtD(*fW7c?`|(b^K4fR|sXL#nA<`w)y*p1_(*4(~f;DYXn{oVe_ z`w782?K1$rf#ibHJFa^swtn9xoNSemr%x%nZ5Zo#V`!5%?D&qCKLU8?qxYAuD_;Jn z^p==EWOD@HblV7{6X2Wn$!5QEUY68BDM+p>r>+q1LzPEF!bo!%vPzcs_(K3PBT-hRsX?qOjlW@p~3I| zROQ^oA`?|AOT}GXN9eDlXBWFZlp%iTy7lH}IAzzW)7T9U4|~|C4k+u6!%SW1`2foU|6A3*HOg;$6_P2u zve8lD8+`{;tQj>^vGA$3P_o>yme|n1E>?(LJTYEg@03DsC=ECzudn_1`*-R+s;tmA zVC4GoJgr4bCu|m^7U$PX0h?(6+l;pL)cL>3Mwq?I$=)`n`7f-gHHSHzMXI-2f;t>7 z5$Cn<`He;7m4cHQIv!EPI1-CxzZW*e3j`vvzGlY5VaeyxVgO{NzjEa#ZCT-gVnvP4 ztXaKVyAxseT{)dou|Rhsvi)=Fn9@=+&$k!YkeYv(hDPi~rGMiM;(7mG<2sKIs3$N6 z)ZVr_r!`frvI9f1`D#$B)n1Y8<}RWo%rvUR3=^At#6JR4({c1k#jnQUc! z+2*mNW{PX`JcA;~te!OwrK=}LvmYR}2;owjTDqq*_+NVQVc^XLK9af9E^leuGNmQ$ zWe$*2&|EZGVJGso)>SQ@Rh8H}n&}R8G@dL*7P2zzP?}+S(B60_N<*`2+n_}l?xoXJ zscw`Hb*L2AP*ABJsa734Z&SDDAZe3~&wHcE2JaLhGnW~f*wDiKeh*5Y!pYxmuIZ`S z5h*zOVzSOvZq456Vv$?MV%3O?TfBJ5d18^ZB2VtT`zus5m)2awD`KYqAaFQOJi!D# zDnv}SV9DBJz3U|ZtV9hfYqGiGdd=*5O?F*NwK<3066?{VmSLufOXH0O;;zd&3z9Sr zs7cH;Yk{0ui*4NEbEcG~73XVZkhev12Dt|L@LB$aP)m7-aG~AlMyLd&&#@8fe=f!E zEg!7tZJ(mHLbOm->TR79*s-XZ}l+fU-Vx! znZEOvRJXiDH!x3ScBC%1RJF(f9qjdN>oe7~tgAP=mNOS!q|W(eJDaObF8yrX*+Dz| zYd*1?HEML9vX)#@5B1kKtR4YNW^}2eSB-0w z7}|9PLcjeM@#_AP)7A+L>K|Y4wVoSxQCt?6p89pb)afeL$ZF>O)DdvG=4BELF#bFk zf%Xn(;Jc+}vkc>3h1~(1?b|tU^qr^Ow74Vs2Ixt^VHBesioXFj)E&vbWWJ6fe!l7g zevEuRxOM=#FT!j2!Ap10vICVJVC4F!IRE#{jXy~G$G2S)ftm6Ly6r~Z8f>UPj28dT5jjqwxLb`b1J|hw1w>+GJQxi<2x=b ziUP;{uR14ZX@<(>P7N(S2f9*N(6Pzf{fRP~+l^EcQZJ(|FW{=k7eP<3SSu*VyG-re z>83w>p*alKhna5NSLthMlnq+`YoirUr*Oy;-SoE2(rc>_AvZ~E zrtsBM!1dn;>8{Iyj;+y?GI6{9&`)lk?%=PbdICspkmwLC<=u5hN}e`C%l>iNQFufib3N zEe@~Gi<_fP&+ew5FCpgq7wR>p$&H2lA%5i-lW=4w3vT2-3i>Tba@a?S{Gg8_3yS`V z(N9#}2$;EFY0P+DlQ*z!jbtWo{eFcyFNEb;`RNuBajsU%?Fc*5Z+} z0OZPKzr{6(!l?jl?V#j@m`g*-8>#FkgSse;B-LCc;JKxPvj0C_o zieR*ocj*<2Nf$F-f(56M=su5VoAPfB5cIML;)yzLw{X1O;N-^;?`TReIl@afqkZuv z9`dCVVkiL-W>{UtffM$4usMkOKU+aR-A1E@nfb@@R`t8R7Lh`sO%-?5(GjkYa^@VK zJ!VXp26RJ>E<*;xySAf;3e6;l5l|gCaG8tb=YP{n~J%JJu2vgl9;;wlUhtFE*+`R zNxXDZLXLK%w{Xj1mi(niOOy~k8YYLzKdH+u{}5WJKDcM4rK(SDySo)1PRbof9ts^w zWC<+M-X=o&b%wo4)X0-KJeO*ki_IeuxFo_em;y~gUOieP7+6R|QDoueAHPvA$cg-5 zTzSG2vz6c#Jsx%-vI;M{(>g)@$}BWM#}?o7@)8;kdKUYfgIbwZqiarVtpZ+Ot;M*RX5Gz1yc1sveq+AoEMT;E?@5p5AY^*G~oK=BlQd@)ND zaU|Hof)UB|zi$V^w8+svf~?DoE|Rz^C0yIxN8gGok6Etapl$FK0kL=*KL=Li?PA=r zhzP$Py0SV}@>A>Ni4vZah%x9}qs+tO;fSzP{W1*UY8eBW%m4BRq&XmDfeSxn`ASBe z7Lno0p9m?B$_icCnDN?;`8oiE#xU=MkXXR0vw|b(CU@s*poJF$!R+stO2uz+99++4vBsUQKrF zcD8~l39>Oo=mS)9I{MnN7U_8*Z*fD!%ITt)@ahZ&dysXwIe*V~-gF@`Y6bl&G_GvG zaOOpAf@4=FB>p6^upiun{F;iy{xcmP$^568jT#Zu)RDf~#APv%xbPuB-pmv~C8*=y zyr}R6WfhtXD(j~+@@7{-dpf=lBW+A6<6e5ld1auau5;SJ_gMM%4@F&GB~jObG!Ma? zpnz4bkbN7SgP;*v&J9JuqwSEQ)j!U2+CEcXURfnsj$t8h;5t}a7fDpc8U6dGlC_{_ zd@3Azl!BLW1%+_zp$jeaVUz=@%b~2X+9G;I)LxyYSjx*&g*`YkM@Q^Y8MRs&R7cG|IHaL^LJCXE8RCvEmFbln#(|314OdOI!)LXdp-0gRG)?>!kyv z^1`E>Y8#j8_=TqtcI_o*3ra_@jj`m*v;^LAD5r5#j$3l-<}R9ijeHn$fNteCG?M-& zAu@BCw6t<5|KU=BFTRDwdAYD^6dcY5j%1;*W$FdegreL3u_7WFO=Jk&!RNtz%0XcWSkAoinc$R~JIRJ?`){1A9c|pmYZ55JD$h|8#ADqeVPOg3Ya7QC4ddvW z3?5doAs8vx&<-4*(NG(SUYxDDmIS7sab0*ID|`9oxpBX5ggr+ppy}?Oo)ul5)%_c> z>g6GP|6Tme-JRab5x2VO%Yd!O8Jtv^k2MjMk>nF&reUV$L3DN$pHluL<~fB~!Xz<2 zANAwf%i7Qtwwgw*5HE3NUPWGKZ#))P6Mst4W%AY|kt;2J_qXBjQd6TNr5`;t6wEZual z+96=8w)EYnu{F0o2!5c-A?Oh)qA80T`y5>O6ynLBd>cAjRmj12IT~)6%~|45-T4jh zJVj+o<=QUF^%|+HPi=HRd!QopmR5gXf60g_qXOcc;xDn3G^&$k=gbP~Lx8rCuoXmSmIN5aKLJK`a}r?K{DP^^{7w~?FuM;1+HxTO4}0b-jO33<*fFH2bI z{NKeT!HF%;Sr>TYzsTJ0%Ht|?Q3z(a^ z9(ulYlkoW)o6F~_`72<}^b9vFOH8{fk6n%?-tlZ6D)a1y zs|a5z9~P3&D6~tf6ID!SX&hak$|2%dJ-<}3WDTeD?aQah46M3F|4#X|lD@QK8gY@) zagC~RiJZ(5e#@CsIX5d27&#VpzcZ|`xQvdQmg2Myn^%RLb~M{;nGLglk zbC#BCKR8>CL7r@UonNUX`@+{f>wLuR982cRblF-yk zt~(BiQVir?WKX9GvW2hK9_HM*RQZJ#_y|{EUr2K*`0$i5wxwAt1h% z2oohBMVWIz5`=MtNcZXLUR)U81;SZf0#)Om}Y!cL)K@+Ae~J$2-!Hg*G&Ki zhOjOef+WY32@~%*B~6XcG~CEFaQ9$cAwbez@Q7gk!|{awzZDo~7egl(4<}PI7-lAR M7&0<3d2yKk0jLfcsQ>@~ literal 0 HcmV?d00001 diff --git a/mock/src/oemcrypto_engine_device_properties_mod.cpp b/mock/src/oemcrypto_engine_device_properties_mod.cpp deleted file mode 100644 index 7e58b7d..0000000 --- a/mock/src/oemcrypto_engine_device_properties_mod.cpp +++ /dev/null @@ -1,597 +0,0 @@ -// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary -// source code may only be used and distributed under the Widevine Master -// License Agreement. -// -// Mock implementation of OEMCrypto APIs -// -// This file contains oemcrypto engine properties that reads data from a file -// to decide what it's current status is. It is used for testing cdm code. -// The following properties are read from the file: -// log_level: logging level to use. -// 0 = LOG_ERROR, -// 1 = LOG_WARN, -// 2 = LOG_INFO, -// 3 = LOG_DEBUG, -// 4 = LOG_VERBOSE -// kLogging*: All logging flags found in oemcrypto/include/oemcrypto_logging.h -// can be turned on (1) or off (0). -// security_level: returned by OEMCrypto_SecurityLevel. -// secure_lib: If set, then this will be used as a path to -// the L1 liboemcrypto.so that we can use secure buffers. -// current_hdcp: returned by OEMCrypto_GetHDCPCapability and -// used to verify the key control block in methods like DecryptCENC. -// HDCP_NONE = 0, // No HDCP supported, no secure data path. -// HDCP_V1 = 1, // HDCP version 1.0 -// HDCP_V2 = 2, // HDCP version 2.0 Type 1. -// HDCP_V2_1 = 3, // HDCP version 2.1 Type 1. -// HDCP_V2_2 = 4, // HDCP version 2.2 Type 1. -// HDCP_NO_DIGITAL_OUTPUT = 0xff // No digital output. -// max_hdcp: returned by OEMCrypto_GetHDCPCapability. Same values as above. -// srm_update_supported: If "1", then srm update is supported. -// srm_initial_version: Initial value for srm version. -// This will be ignored after a reset. If this is not set, CurrentSRM will -// return NOT_IMPLEMENTED. -// srm_load_fail: If set to a nonzero number, then load_srm will -// fail and the version will not be updated. The number is converted to -// an OEMCryptoResult and returned. -// srm_load_version: If this is set, then it will be used as the -// new srm version after loading an SRM -- ignoring the contents of the SRM. -// If srm_load_version is -1, then the buffer passed into LoadSRM will be -// parsed. -// srm_blacklisted_device_attached: If set to "1", then a -// oemcrypto will act as if a blacklisted device is attached -- i.e. -// playback will be restricted to the local display only. -// srm_attached_device_id: If nonzero, the id of a blacklisted device. -// If this id is in the revocation list of an SRM file when it is loaded, -// playback will be restricted to the local display only. -// security_patch_level: This is the value returned by -// OEMCrypto_Security_Patch_Level. If the key control block requires a -// higher level, then OEMCrypto_LoadKeys will fail. -// max_buffer_size: maximum size of a buffer accepted by DecryptCENC and -// friends. If this is 0, there is no restriction. If it is 1, the -// minimum allowed value is used. -// use_keybox: If this is 1, then the test keybox is used. If this is zero, -// then the test OEM certificate is used. -// use_fallback: If this is nonzero, then the installed Level 1 library will -// be used to play content to a secure buffer. Decryption and key -// verification are done by the mock, but then the data is copied to the -// secure buffer using OEMCrypto_CopyBuffer. The filename of the fallback -// library is hardcoded to "level1_backup_liboemcrypto.so". It is -// recommended you use the install script to ensure you have the right -// filename. -// -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#include "log.h" -#include "oem_cert.h" -#include "oemcrypto_engine_mock.h" -#include "oemcrypto_logging.h" -#include "properties.h" -#include "string_conversions.h" - -namespace wvoec_mock { -namespace { -typedef OEMCryptoResult (*L1_Initialize_t)(void); -typedef OEMCryptoResult (*L1_Terminate_t)(void); -typedef OEMCryptoResult (*L1_CopyBuffer_t)(const uint8_t* data_addr, - size_t data_length, - OEMCrypto_DestBufferDesc* out_buffer, - uint8_t subsample_flags); -const std::string kDefaultOptionsFile = "/data/mediadrm/oemcrypto/options.txt"; -} // namespace - -class AndroidModifiableCryptoEngine : public CryptoEngine { - public: - AndroidModifiableCryptoEngine(std::auto_ptr file_system) - : CryptoEngine(file_system), - options_file_(kDefaultOptionsFile), - srm_loaded_(false), - srm_version_(0), - level1_valid_(false), - level1_library_(NULL) { - std::string path; - if (wvcdm::Properties::GetDeviceFilesBasePath(wvcdm::kSecurityLevelL3, - &path)) { - options_file_ = path + "options.txt"; - } - } - - void MaybeReadOptionsFile() { - static time_t last_check = 0; - static time_t last_changed = 0; - time_t now = time(NULL); - if (now > last_check + 5) { // Check every five seconds. - last_check = now; - struct stat file_stat; - if (stat(options_file_.c_str(), &file_stat)) { - LOGE("Could not stat %s: %s", options_file_.c_str(), strerror(errno)); - return; - } - if (file_stat.st_mtime > last_changed) { - last_changed = file_stat.st_mtime; - ReadOptionsFile(); - } - } - } - - void ReadOptionsFile() { - FILE *file = fopen(options_file_.c_str(), "r"); - if (!file) { - LOGE("Could not read %s %s", options_file_.c_str(), strerror(errno)); - return; - } - while (!feof(file)) { - char name[80 + 1]; - int64_t value; - if (fscanf(file, "%80s %lld", name, &value)) { - LOGD("Option %s = %lld", name, value); - options_[std::string(name)] = value; - } - } - fclose(file); - InitializeLogging(); - } - - int64_t GetOption(const std::string &key, int64_t default_value) { - MaybeReadOptionsFile(); - if (options_.find(key) == options_.end() ) { - LOGW("Option %s not set. Using default %lld", key.c_str(), default_value); - return default_value; - } - return options_[key]; - } - - void InitializeLogging() { - int log_level = GetOption("log_level", wvcdm::LOG_DEBUG); - int categories = 0; - if (GetOption("kLoggingTraceOEMCryptoCalls", 0) > 0) - categories |= kLoggingTraceOEMCryptoCalls; - if (GetOption("kLoggingDumpContentKeys", 0) > 0) - categories |= kLoggingDumpContentKeys; - if (GetOption("kLoggingDumpKeyControlBlocks", 0) > 0) - categories |= kLoggingDumpKeyControlBlocks; - if (GetOption("kLoggingDumpDerivedKeys", 0) > 0) - categories |= kLoggingDumpDerivedKeys; - if (GetOption("kLoggingTraceNonce", 0) > 0) - categories |= kLoggingTraceNonce; - if (GetOption("kLoggingTraceDecryption", 0) > 0) - categories |= kLoggingTraceDecryption; - if (GetOption("kLoggingTraceUsageTable", 0) > 0) - categories |= kLoggingTraceUsageTable; - if (GetOption("kLoggingTraceDecryptCalls", 0) > 0) - categories |= kLoggingTraceDecryptCalls; - if (GetOption("kLoggingDumpTraceAll", 0) > 0) - categories |= kLoggingDumpTraceAll; - SetLoggingSettings(log_level, categories); - } - -#define QUOTE_DEFINE(A) #A -#define QUOTE(A) QUOTE_DEFINE(A) -#define LOOKUP(Name, Function) \ - Name = (L1_##Name##t)dlsym(level1_library_, QUOTE(Function)); \ - if (!Name) { \ - LOGW("Could not load L1 %s.", \ - QUOTE(Function)); \ - Terminate(); \ - return false; \ - } - - virtual bool Initialize() { - LOGD("OEMCrypto Mock With Options " " " __DATE__ " " __TIME__); - MaybeReadOptionsFile(); - if (!GetOption("use_fallback", 1)) { - LOGD("Level 1 fallback ignored."); - return true; - } - level1_library_ = dlopen("level1_backup_liboemcrypto.so", RTLD_NOW); - if (level1_library_ == NULL) { - LOGE("Could not load backup: %s", dlerror()); - return false; - } - LOOKUP(Initialize_, OEMCrypto_Initialize); - LOOKUP(Terminate_, OEMCrypto_Terminate); - LOOKUP(CopyBuffer_, OEMCrypto_CopyBuffer); - level1_valid_ = true; - OEMCryptoResult sts = Initialize_(); - LOGD("L1 fall back initialized. status = %d.", sts); - if (sts != OEMCrypto_SUCCESS) { - LOGW("Terminating L1 because init failed."); - Terminate(); - LOGW("Continuing Mock without L1 fallback."); - } - return true; - } - - virtual void Terminate() { - if (level1_valid_) Terminate_(); - if (level1_library_ != NULL) { - LOGD("Closing L1 fall back.\n"); - dlclose(level1_library_); - level1_valid_ = false; - level1_library_ = NULL; - CopyBuffer_ = NULL; - Initialize_ = NULL; - Terminate_ = NULL; - } else { - LOGD("Terminate mock.\n"); - } - } - - const char *HDCPCapabilityAsString(OEMCrypto_HDCP_Capability value) { - switch (value) { - case HDCP_NONE: - return "No HDCP supported, no secure data path"; - case HDCP_V1: - return "HDCP version 1.0"; - case HDCP_V2: - return "HDCP version 2.0"; - case HDCP_V2_1: - return "HDCP version 2.1"; - case HDCP_V2_2: - return "HDCP version 2.2"; - case HDCP_NO_DIGITAL_OUTPUT: - return "No HDCP device attached/using local display with secure path"; - default: - return ""; - } - } - - - OEMCrypto_ProvisioningMethod config_provisioning_method() { - if (GetOption("use_keybox", 1)) { - return OEMCrypto_Keybox; - } else { - return OEMCrypto_OEMCertificate; - } - } - - OEMCryptoResult get_oem_certificate(SessionContext* session, - uint8_t* public_cert, - size_t* public_cert_length) { - if (GetOption("use_keybox", 1)) { - LOGD("OEM Cert asked for when use_keybox = 1."); - return OEMCrypto_ERROR_NOT_IMPLEMENTED; - } - if (kOEMPublicCertSize == 0) { - LOGD("OEM Cert Size is 0."); - return OEMCrypto_ERROR_NOT_IMPLEMENTED; - } - if (public_cert_length == NULL) { - LOGD("OEM Cert length is 0."); - return OEMCrypto_ERROR_UNKNOWN_FAILURE; - } - if (*public_cert_length < kOEMPublicCertSize) { - *public_cert_length = kOEMPublicCertSize; - return OEMCrypto_ERROR_SHORT_BUFFER; - } - *public_cert_length = kOEMPublicCertSize; - if (public_cert == NULL) { - return OEMCrypto_ERROR_SHORT_BUFFER; - } - memcpy(public_cert, kOEMPublicCert, kOEMPublicCertSize); - if (!session->LoadRSAKey(kOEMPrivateKey, kOEMPrivateKeySize)) { - LOGE("Private RSA Key did not load correctly."); - return OEMCrypto_ERROR_INVALID_RSA_KEY; - } - return OEMCrypto_SUCCESS; - } - - // Returns "L3" for a software only library. L1 is for hardware protected - // data paths. - const char *config_security_level() { - switch (GetOption("security_level", 0)) { - default: - LOGW("Option security_level not set. Default is L3."); - case 3: - return "L3"; - case 2: - return "L2"; - case 1: - return "L1"; - } - } - - // Returns the HDCP version currently in use. - OEMCrypto_HDCP_Capability config_current_hdcp_capability() { - static OEMCrypto_HDCP_Capability current_hdcp = HDCP_NONE; - OEMCrypto_HDCP_Capability new_current_hdcp = - static_cast(GetOption("current_hdcp", 0)); - if (current_hdcp != new_current_hdcp) { - LOGI("OEMCrypto current HDCP changed from %d (%s) to %d (%s)", current_hdcp, - HDCPCapabilityAsString(current_hdcp), new_current_hdcp, - HDCPCapabilityAsString(new_current_hdcp)); - current_hdcp = new_current_hdcp; - } - return current_hdcp; - } - - // Returns the max HDCP version supported. - OEMCrypto_HDCP_Capability config_maximum_hdcp_capability() { - static OEMCrypto_HDCP_Capability max_hdcp = HDCP_NONE; - MaybeReadOptionsFile(); - OEMCrypto_HDCP_Capability new_max_hdcp = - static_cast(GetOption("max_hdcp", 0)); - if (max_hdcp != new_max_hdcp) { - LOGI("OEMCrypto max HDCP changed from %d (%s) to %d (%s)", max_hdcp, - HDCPCapabilityAsString(max_hdcp), new_max_hdcp, - HDCPCapabilityAsString(new_max_hdcp)); - max_hdcp = new_max_hdcp; - } - return max_hdcp; - } - - // This should start at 0, and be incremented only when a security patch has - // been applied to the device that fixes a security bug. - uint8_t config_security_patch_level() { - return GetOption("security_patch_level", 0); - } - - size_t max_buffer_size() { - int max = GetOption("max_buffer_size", 0); - // If max is 1, just use default max buffer. - if (max == 1) return CryptoEngine::max_buffer_size(); - return max; // If 0, no restriction. If something else, use that restriction. - } - - bool srm_update_supported() { - int supported = GetOption("srm_update_supported", 0); - LOGI("OEMCrypto mock %s supporting SRM update.", - supported ? "is" : "is not"); - return supported != 0; - } - - OEMCryptoResult current_srm_version(uint16_t *version) { - if (srm_loaded_) { - LOGV("SRM loaded. version used is %d.", srm_version_); - *version = srm_version_; - return OEMCrypto_SUCCESS; - } - int value = GetOption("srm_initial_version", -1); - if (value > 0) { - LOGV("SRM version from get option: %d.", value); - srm_version_ = value; - *version = value; - return OEMCrypto_SUCCESS; - } else { - LOGI("SRM initial version is %d -- reporting not implemented.", value); - return OEMCrypto_ERROR_NOT_IMPLEMENTED; - } - } - - // Convert uint24 or uint40 into a uint64. - int64_t unpack_odd_bytes(const uint8_t *buffer, size_t length) { - uint8_t small_buffer[8]; - memset(small_buffer, 0, 8); - if (length > 8) { - LOGE("OEMCrypto Mock: programmer error. unpack %d bytes.", length); - length = 8; - } - size_t offset = 8 - length; - memcpy(small_buffer + offset, buffer, length); - return wvcdm::htonll64(*reinterpret_cast(small_buffer)); - } - - OEMCryptoResult load_srm(const uint8_t *buffer, size_t buffer_length) { - if (!srm_update_supported()) { - LOGE("OEMCrypto mock update not supported, but load_srm called."); - return OEMCrypto_ERROR_NOT_IMPLEMENTED; - } - int result = GetOption("srm_load_fail", 0); - if (result > 0) { - LOGE("OEMCrypto mock load_srm returning error %d.", result); - return static_cast(result); - } - int new_version = GetOption("srm_load_version", -1); - if (new_version >= 0) { - if (new_version < srm_version_) { - LOGE("New SRM version is lower than existing SRM version: %d < %d", - new_version, srm_version_); - return OEMCrypto_ERROR_INVALID_CONTEXT; - } - srm_version_ = new_version; - LOGI("OEMCrypto mock told to change SRM version to %d.", srm_version_); - srm_loaded_ = true; - return OEMCrypto_SUCCESS; - } - if (buffer_length < 395) { - LOGE("OEMCrypto mock bad buffer size: %ld < 395.", buffer_length); - return OEMCrypto_ERROR_SHORT_BUFFER; - } - uint8_t srm_id = buffer[0] >> 4; - uint8_t hdcp2_indicator = buffer[0] & 0x0F; - uint8_t reserved = buffer[1]; - uint16_t version = htons(*reinterpret_cast(&buffer[2])); - if (reserved) { - LOGE("OEMCrypto mock. SRM's second byte nonzero: %02X.", reserved); - return OEMCrypto_ERROR_INVALID_CONTEXT; - } - uint8_t generation = buffer[4]; - if (generation > 1) { - LOGW("OEMCrypto mock. SRM Generation number is %d, but only first gen is parsed.", - generation); - LOGW("If the revoked device is in a a later generation, it will not be recognized."); - } - int64_t length = unpack_odd_bytes(buffer + 5, 3); // 24 bits. - if (length + 5 != buffer_length) { - LOGW("OEMCrypto mock. SRM length is %lld = 0x%llx, but I expected %zd = 0x%zx.", - length, length, buffer_length - 5, buffer_length - 5); - } - int64_t count = 0; - const uint8_t *ids; - if (srm_id == 8 && hdcp2_indicator == 0) { - // https://www.digital-cp.com/sites/default/files/specifications/HDCP%20Specification%20Rev1_4_Secure.pdf - count = buffer[8]; - LOGI("OEMCrypto mock loading HDCP1 SRM. version = %d. count=%lld.", - version, count); - ids = buffer + 9; - if (buffer_length < 9 + count*5) { - LOGE("OEMCrypto mock bad buffer size for count = %lld: %d < %lld.", - count, buffer_length, 12 + count*5); - return OEMCrypto_ERROR_SHORT_BUFFER; - } - } else if (srm_id == 9 && hdcp2_indicator == 1) { - // https://www.digital-cp.com/sites/default/files/specifications/HDCP%20on%20HDMI%20Specification%20Rev2_2_Final1.pdf - count = unpack_odd_bytes(buffer + 8, 2) >> 6; // 10 bits = 2 bytes - 6. - LOGI("OEMCrypto mock loading HDCP2 SRM. version = %d. count=%lld.", - version, count); - ids = buffer + 12; - if (buffer_length < 12 + count*5) { - LOGE("OEMCrypto mock bad buffer size for count: %d < %ld.", - buffer_length, 12 + count*5); - return OEMCrypto_ERROR_SHORT_BUFFER; - } - } else { - LOGE("OEMCrypto mock bad buffer start: %02X%02X%02X%02X...", buffer[0], - buffer[1], buffer[2], buffer[3]); - return OEMCrypto_ERROR_INVALID_CONTEXT; - } - for(size_t i = 0; i < count; i++) { - int64_t id = unpack_odd_bytes(ids + 5*i, 5); - srm_revocation_list_.push_back(id); - LOGI("OEMCrypto mock SRM revokes device %lld = 0x%llx", id, id); - } - srm_loaded_ = true; - srm_version_ = version; - return OEMCrypto_SUCCESS; - } - - OEMCryptoResult remove_srm() { - if (!srm_update_supported()) { - LOGE("OEMCrypto mock update not supported, bug load_srm called."); - return OEMCrypto_ERROR_NOT_IMPLEMENTED; - } - srm_version_ = 0; - srm_loaded_ = false; - return OEMCrypto_SUCCESS; - } - - bool srm_blacklisted_device_attached() { - if (GetOption("srm_load_version", -1) < 0) { - return scan_revoked_list(); - } - static int blacklisted = 0; - int new_value = GetOption("srm_blacklisted_device_attached", 0); - if (new_value != blacklisted) { - LOGI("SRM blacklisted device changed from %d to %d", blacklisted, - new_value); - blacklisted = new_value; - } - return blacklisted > 0; - } - - bool scan_revoked_list() { - static int64_t old_attached_id = 0; - int64_t attached_id = GetOption("srm_attached_device_id", 0); - bool print_all_ids = false; - if (attached_id != old_attached_id) { - LOGD("OEMCrypto mock -- ID of attached device is %lld = 0x%lld", - attached_id, attached_id); - old_attached_id = attached_id; - print_all_ids = true; - } - for (size_t i = 0; i < srm_revocation_list_.size(); i++) { - if (print_all_ids) { - LOGD("OEMCrypto mock: %d) revoked id %lld = 0x%lld.", i, - srm_revocation_list_[i], srm_revocation_list_[i]); - } - if (srm_revocation_list_[i] == attached_id) { - LOGD("OEMCrypto mock: attached device %lld = 0x%lld is revoked.", - attached_id, attached_id); - return true; - } - } - LOGD("OEMCrypto mock: attached device %lld is not revoked.", attached_id); - return false; - } - - virtual void adjust_destination(OEMCrypto_DestBufferDesc *out_description, - size_t data_length, uint8_t subsample_flags) { - if (out_description->type != OEMCrypto_BufferType_Secure) return; - if (!level1_valid_) { - static bool warned_once = false; - if (!warned_once) { - warned_once = true; - LOGW("OEMCrypto Mock: given secure buffer with no level1 fallback."); - } - return; - } - if (subsample_flags & OEMCrypto_FirstSubsample) { - final_destination_.type = OEMCrypto_BufferType_Secure; - final_destination_.buffer.secure.handle = - out_description->buffer.secure.handle; - final_destination_.buffer.secure.max_length = - out_description->buffer.secure.max_length; - final_destination_.buffer.secure.offset = - out_description->buffer.secure.offset; - temp_buffer_.resize(final_destination_.buffer.secure.max_length); - temp_buffer_length_ = 0; - } - if (temp_buffer_length_ != out_description->buffer.secure.offset) { - LOGW("OEMCrypto: offset into secure buffer is not correct %zd != %zd.", - temp_buffer_length_, out_description->buffer.secure.offset); - } - size_t new_length = temp_buffer_length_ + data_length; - if (new_length > temp_buffer_.size()) { - LOGW("Temp buffer was not big enough. %zd > %zd.", new_length, - temp_buffer_.size()); - temp_buffer_.resize(new_length); - } - destination_ = &temp_buffer_[temp_buffer_length_]; - temp_buffer_length_ = new_length; - } - - // Push destination buffer to L1 output. - virtual OEMCryptoResult PushDestination( - OEMCrypto_DestBufferDesc *out_description, uint8_t subsample_flags) { - if (level1_valid_ && - (out_description->type == OEMCrypto_BufferType_Secure)) { - if (subsample_flags & OEMCrypto_LastSubsample) { - return CopyBuffer_(&temp_buffer_[0], temp_buffer_length_, - &final_destination_, - OEMCrypto_FirstSubsample | OEMCrypto_LastSubsample); - } - } - return OEMCrypto_SUCCESS; - } - - private: - // If the SRM version has been loaded or not. If not, we use the system - // property to find the current SRM version. - bool srm_loaded_; - // Current srm version. Before an SRM has been loaded, this will be set from - // the system property. - int srm_version_; - // List of forbidden/revoked devices. - std::vector srm_revocation_list_; - - std::map options_; - - std::string options_file_; - bool level1_valid_; - void* level1_library_; - L1_CopyBuffer_t CopyBuffer_; - L1_Initialize_t Initialize_; - L1_Terminate_t Terminate_; - OEMCrypto_DestBufferDesc final_destination_; - std::vector temp_buffer_; - size_t temp_buffer_length_; // Length of temp buffer currently in use. -}; - -CryptoEngine* CryptoEngine::MakeCryptoEngine( - std::auto_ptr file_system) { - return new AndroidModifiableCryptoEngine(file_system); -} - -} // namespace wvoec_mock diff --git a/mock/src/wv_keybox.h b/mock/src/wv_keybox.h deleted file mode 100644 index af3bffc..0000000 --- a/mock/src/wv_keybox.h +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary -// source code may only be used and distributed under the Widevine Master -// License Agreement. - -#ifndef WV_KEYBOX_H_ -#define WV_KEYBOX_H_ - -#include - -namespace wvoec_mock { - -// This is the format of a Widevine keybox. -typedef struct { // 128 bytes total. - // C character string identifying the device. Null terminated. - uint8_t device_id_[32]; - // 128 bit AES key assigned to device. Generated by Widevine. - uint8_t device_key_[16]; - // Key Data. Encrypted data. - uint8_t data_[72]; - // Constant code used to recognize a valid keybox "kbox" = 0x6b626f78. - uint8_t magic_[4]; - // The CRC checksum of the first 124 bytes of the keybox. - uint8_t crc_[4]; -} WidevineKeybox; - -} // namespace wvoec_mock - -#endif // WV_KEYBOX_H_ diff --git a/mock/test/oemcrypto_logging_test.cpp b/mock/test/oemcrypto_logging_test.cpp deleted file mode 100644 index f21b4a8..0000000 --- a/mock/test/oemcrypto_logging_test.cpp +++ /dev/null @@ -1,121 +0,0 @@ -// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary -// source code may only be used and distributed under the Widevine Master -// License Agreement. - -#include "OEMCryptoCENC.h" - -#include -#include -#include "log.h" -#include "oemcrypto_logging.h" -#include "oemcrypto_mock.cpp" - -class OEMCryptoLoggingTest : public ::testing::Test { - protected: - OEMCryptoLoggingTest() {} - - void SetUp() { - ::testing::Test::SetUp(); - ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_Initialize()); - } - - void TearDown() { - OEMCrypto_Terminate(); - ::testing::Test::TearDown(); - } -}; - -TEST_F(OEMCryptoLoggingTest, TestDumpHexFunctions) { - uint8_t vector[] = {0xFA, 0x11, 0x28, 0x33}; - std::string buffer; - wvoec_mock::dump_hex_helper(buffer, "name", vector, 4u); - ASSERT_EQ("name = \n wvcdm::a2b_hex(\"FA112833\");\n", buffer); - - uint8_t vector2[] = { - 0xFA, 0x11, 0x28, 0x33, 0xFA, 0x11, 0x28, 0x33, 0xFA, 0x11, - 0x28, 0x33, 0xFA, 0x11, 0x28, 0x33, 0xFA, 0x11, 0x28, 0x33, - 0xFA, 0x11, 0x28, 0x33, 0x01, 0x14, 0x28, 0xAB, 0xFA, 0xCD, - 0xEF, 0x67, 0x01, 0x14, 0x28, 0xAB, 0xFA, 0xCD, 0xEF, 0x67, - }; - - buffer.clear(); // dump_hex_helper appends to buffer - wvoec_mock::dump_hex_helper(buffer, "name", vector2, 40u); - ASSERT_EQ( - "name = \n " - "wvcdm::a2b_hex(" - "\"FA112833FA112833FA112833FA112833FA112833FA112833011428ABFACDEF67\"\n " - " \"011428ABFACDEF67\");\n", - buffer); - - buffer.clear(); // dump_hex_helper appends to buffer - wvoec_mock::dump_array_part_helper(buffer, "array", 5u, "name", vector2, 40u); - ASSERT_EQ( - "std::string s5_name = \n " - "wvcdm::a2b_hex(" - "\"FA112833FA112833FA112833FA112833FA112833FA112833011428ABFACDEF67\"\n " - " \"011428ABFACDEF67\");\narray[5].name = message_ptr + " - "message.find(s5_name.data());\n", - buffer); - - buffer.clear(); // dump_hex_helper appends to buffer - wvoec_mock::dump_array_part_helper(buffer, "array", 5u, "name", NULL, 40u); - ASSERT_EQ("array[5].name = NULL;\n", buffer); -} - -TEST_F(OEMCryptoLoggingTest, TestChangeLoggingLevel) { - wvoec_mock::SetLoggingLevel(wvcdm::LOG_WARN); - ASSERT_EQ(wvcdm::LOG_WARN, wvcdm::g_cutoff); - - wvoec_mock::SetLoggingLevel(wvcdm::LOG_INFO); - ASSERT_EQ(wvcdm::LOG_INFO, wvcdm::g_cutoff); - - wvoec_mock::SetLoggingSettings(wvcdm::LOG_WARN, - wvoec_mock::kLoggingDumpTraceAll); - ASSERT_EQ(wvcdm::LOG_WARN, wvcdm::g_cutoff); - ASSERT_TRUE(wvoec_mock::LogCategoryEnabled(wvoec_mock::kLoggingDumpTraceAll)); - wvoec_mock::TurnOffLoggingForAllCategories(); - - wvoec_mock::SetLoggingLevel(wvcdm::LOG_VERBOSE); - ASSERT_EQ(wvcdm::LOG_VERBOSE, wvcdm::g_cutoff); - - wvoec_mock::SetLoggingLevel(wvcdm::LOG_WARN); -} - -TEST_F(OEMCryptoLoggingTest, TestChangeLoggingCategories) { - using namespace wvoec_mock; - TurnOffLoggingForAllCategories(); - ASSERT_FALSE(LogCategoryEnabled(kLoggingTraceDecryption | - kLoggingTraceOEMCryptoCalls)); - - AddLoggingForCategories(kLoggingDumpKeyControlBlocks | - kLoggingDumpDerivedKeys); - ASSERT_TRUE(LogCategoryEnabled(kLoggingDumpKeyControlBlocks)); - ASSERT_FALSE(LogCategoryEnabled(kLoggingTraceUsageTable)); - ASSERT_TRUE(LogCategoryEnabled(kLoggingDumpTraceAll)); - - RemoveLoggingForCategories(kLoggingDumpKeyControlBlocks | - kLoggingTraceUsageTable); - ASSERT_FALSE(LogCategoryEnabled(kLoggingDumpKeyControlBlocks)); - - ASSERT_TRUE(LogCategoryEnabled(kLoggingDumpDerivedKeys)); - ASSERT_FALSE(LogCategoryEnabled(kLoggingTraceUsageTable)); - - TurnOffLoggingForAllCategories(); - ASSERT_FALSE(LogCategoryEnabled(kLoggingTraceUsageTable)); - - AddLoggingForCategories(kLoggingDumpTraceAll); - ASSERT_TRUE(LogCategoryEnabled(kLoggingDumpKeyControlBlocks)); - - ASSERT_TRUE(LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)); - ASSERT_TRUE(LogCategoryEnabled(kLoggingDumpContentKeys)); - ASSERT_TRUE(LogCategoryEnabled(kLoggingDumpKeyControlBlocks)); - ASSERT_TRUE(LogCategoryEnabled(kLoggingDumpDerivedKeys)); - ASSERT_TRUE(LogCategoryEnabled(kLoggingTraceNonce)); - ASSERT_TRUE(LogCategoryEnabled(kLoggingTraceDecryption)); - ASSERT_TRUE(LogCategoryEnabled(kLoggingTraceUsageTable)); - ASSERT_TRUE(LogCategoryEnabled(kLoggingTraceDecryptCalls)); - ASSERT_TRUE(LogCategoryEnabled(kLoggingDumpTraceAll)); - - RemoveLoggingForCategories(kLoggingDumpKeyControlBlocks); - ASSERT_FALSE(LogCategoryEnabled(kLoggingDumpKeyControlBlocks)); -} diff --git a/include/OEMCryptoCENC.h b/oemcrypto/include/OEMCryptoCENC.h similarity index 100% rename from include/OEMCryptoCENC.h rename to oemcrypto/include/OEMCryptoCENC.h diff --git a/include/level3.h b/oemcrypto/include/level3.h similarity index 92% rename from include/level3.h rename to oemcrypto/include/level3.h index bef3033..d2f2d1a 100644 --- a/include/level3.h +++ b/oemcrypto/include/level3.h @@ -37,7 +37,6 @@ namespace wvoec3 { #define Level3_GenerateSignature _lcc13 #define Level3_GenerateNonce _lcc14 #define Level3_RefreshKeys _lcc16 -#define Level3_SelectKey _lcc17 #define Level3_RewrapDeviceRSAKey _lcc18 #define Level3_LoadDeviceRSAKey _lcc19 #define Level3_GenerateRSASignature _lcc20 @@ -60,7 +59,6 @@ namespace wvoec3 { #define Level3_IsAntiRollbackHwPresent _lcc39 #define Level3_CopyBuffer _lcc40 #define Level3_QueryKeyControl _lcc41 -#define Level3_LoadTestKeybox _lcc42 #define Level3_ForceDeleteUsageEntry _lcc43 #define Level3_LoadTestRSAKey _lcc45 #define Level3_SecurityPatchLevel _lcc46 @@ -71,7 +69,6 @@ namespace wvoec3 { #define Level3_IsSRMUpdateSupported _lcc53 #define Level3_GetCurrentSRMVersion _lcc54 #define Level3_LoadSRM _lcc55 -#define Level3_LoadKeys_V13 _lcc56 #define Level3_RemoveSRM _lcc57 #define Level3_CreateUsageTableHeader _lcc61 #define Level3_LoadUsageTableHeader _lcc62 @@ -82,6 +79,11 @@ namespace wvoec3 { #define Level3_MoveEntry _lcc68 #define Level3_CopyOldUsageEntry _lcc69 #define Level3_CreateOldUsageEntry _lcc70 +#define Level3_GetAnalogOutputFlags _lcc71 +#define Level3_LoadTestKeybox _lcc78 +#define Level3_LoadEntitledContentKeys _lcc79 +#define Level3_SelectKey _lcc81 +#define Level3_LoadKeys _lcc82 #else #define Level3_Initialize _oecc01 #define Level3_Terminate _oecc02 @@ -97,7 +99,6 @@ namespace wvoec3 { #define Level3_GenerateSignature _oecc13 #define Level3_GenerateNonce _oecc14 #define Level3_RefreshKeys _oecc16 -#define Level3_SelectKey _oecc17 #define Level3_RewrapDeviceRSAKey _oecc18 #define Level3_LoadDeviceRSAKey _oecc19 #define Level3_DeriveKeysFromSessionKey _oecc21 @@ -118,7 +119,6 @@ namespace wvoec3 { #define Level3_IsAntiRollbackHwPresent _oecc39 #define Level3_CopyBuffer _oecc40 #define Level3_QueryKeyControl _oecc41 -#define Level3_LoadTestKeybox _oecc42 #define Level3_ForceDeleteUsageEntry _oecc43 #define Level3_GetHDCPCapability _oecc44 #define Level3_LoadTestRSAKey _oecc45 @@ -131,7 +131,6 @@ namespace wvoec3 { #define Level3_IsSRMUpdateSupported _oecc53 #define Level3_GetCurrentSRMVersion _oecc54 #define Level3_LoadSRM _oecc55 -#define Level3_LoadKeys_V13 _oecc56 #define Level3_RemoveSRM _oecc57 #define Level3_CreateUsageTableHeader _oecc61 #define Level3_LoadUsageTableHeader _oecc62 @@ -143,6 +142,11 @@ namespace wvoec3 { #define Level3_MoveEntry _oecc68 #define Level3_CopyOldUsageEntry _oecc69 #define Level3_CreateOldUsageEntry _oecc70 +#define Level3_GetAnalogOutputFlags _oecc71 +#define Level3_LoadTestKeybox _oecc78 +#define Level3_LoadEntitledContentKeys _oecc79 +#define Level3_SelectKey _oecc81 +#define Level3_LoadKeys _oecc82 #endif #define Level3_GetInitializationState _oecl3o01 @@ -166,14 +170,6 @@ OEMCryptoResult Level3_GenerateSignature(OEMCrypto_SESSION session, size_t message_length, uint8_t* signature, size_t* signature_length); -// TODO(srujzs): Change this to LoadKeys once V14 has been implemented for -// Level 3. -OEMCryptoResult Level3_LoadKeys_V13( - OEMCrypto_SESSION session, const uint8_t* message, size_t message_length, - const uint8_t* signature, size_t signature_length, - const uint8_t* enc_mac_keys_iv, const uint8_t* enc_mac_keys, - size_t num_keys, const OEMCrypto_KeyObject_V13* key_array, - const uint8_t* pst, size_t pst_length, const uint8_t* srm_requirement); OEMCryptoResult Level3_RefreshKeys(OEMCrypto_SESSION session, const uint8_t* message, size_t message_length, @@ -186,9 +182,6 @@ OEMCryptoResult Level3_QueryKeyControl(OEMCrypto_SESSION session, size_t key_id_length, uint8_t* key_control_block, size_t* key_control_block_length); -OEMCryptoResult Level3_SelectKey(const OEMCrypto_SESSION session, - const uint8_t* key_id, - size_t key_id_length); OEMCryptoResult Level3_DecryptCENC(OEMCrypto_SESSION session, const uint8_t *data_addr, size_t data_length, @@ -214,7 +207,6 @@ OEMCrypto_ProvisioningMethod Level3_GetProvisioningMethod(); OEMCryptoResult Level3_GetOEMPublicCertificate(OEMCrypto_SESSION session, uint8_t *public_cert, size_t *public_cert_length); -OEMCryptoResult Level3_LoadTestKeybox(); OEMCryptoResult Level3_IsKeyboxValid(void); OEMCryptoResult Level3_GetDeviceID(uint8_t* deviceID, size_t *idLength); @@ -354,7 +346,28 @@ OEMCryptoResult Level3_CreateOldUsageEntry(uint64_t time_since_license_received, uint8_t *client_mac_key, const uint8_t* pst, size_t pst_length); - +uint32_t Level3_GetAnalogOutputFlags(); +OEMCryptoResult Level3_LoadTestKeybox(const uint8_t *buffer, size_t length); +OEMCryptoResult Level3_LoadEntitledContentKeys(OEMCrypto_SESSION session, + size_t num_keys, + const OEMCrypto_EntitledContentKeyObject* key_array); +OEMCryptoResult Level3_SelectKey(const OEMCrypto_SESSION session, + const uint8_t* key_id, + size_t key_id_length, + OEMCryptoCipherMode cipher_mode); +OEMCryptoResult Level3_LoadKeys(OEMCrypto_SESSION session, + const uint8_t* message, + size_t message_length, + const uint8_t* signature, + size_t signature_length, + const uint8_t* enc_mac_key_iv, + const uint8_t* enc_mac_key, + size_t num_keys, + const OEMCrypto_KeyObject* key_array, + const uint8_t* pst, + size_t pst_length, + const uint8_t* srm_requirement, + OEMCrypto_LicenseType license_type); /* * Level3_GetInitializationState * diff --git a/include/level3_file_system.h b/oemcrypto/include/level3_file_system.h similarity index 100% rename from include/level3_file_system.h rename to oemcrypto/include/level3_file_system.h diff --git a/oemcrypto/include/oemcrypto_types.h b/oemcrypto/include/oemcrypto_types.h new file mode 100644 index 0000000..ba00f7d --- /dev/null +++ b/oemcrypto/include/oemcrypto_types.h @@ -0,0 +1,67 @@ +// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#ifndef WV_OEMCRYPTO_TYPES_H_ +#define WV_OEMCRYPTO_TYPES_H_ + +#include + +namespace wvoec { + +// This is the format of a Widevine keybox. +typedef struct WidevineKeybox { // 128 bytes total. + // C character string identifying the device. Null terminated. + uint8_t device_id_[32]; + // 128 bit AES key assigned to device. Generated by Widevine. + uint8_t device_key_[16]; + // Key Data. Encrypted data. + uint8_t data_[72]; + // Constant code used to recognize a valid keybox "kbox" = 0x6b626f78. + uint8_t magic_[4]; + // The CRC checksum of the first 124 bytes of the keybox. + uint8_t crc_[4]; +} WidevineKeybox; + +// Key Control Block Bit Masks: +const uint32_t kControlObserveDataPath = (1<<31); +const uint32_t kControlObserveHDCP = (1<<30); +const uint32_t kControlObserveCGMS = (1<<29); +const uint32_t kControlRequireAntiRollbackHardware = (1<<28); +const uint32_t kSharedLicense = (1<<23); +const uint32_t kControlSRMVersionRequired = (1<<22); +const uint32_t kControlDisableAnalogOutput = (1<<21); +const uint32_t kControlSecurityPatchLevelShift = 15; +const uint32_t kControlSecurityPatchLevelMask = + (0x3F< #include -namespace wvoec_mock { +namespace wvoec_ref { // Refer to the following in main modules extern const uint32_t kOEMSystemId; @@ -16,6 +16,6 @@ extern const uint8_t* kOEMPublicCert; extern const size_t kOEMPrivateKeySize; extern const size_t kOEMPublicCertSize; -} // namespace wvoec_mock +} // namespace wvoec_ref #endif // OEM_CERT_H_ diff --git a/mock/src/oemcrypto_auth_mock.cpp b/oemcrypto/ref/src/oemcrypto_auth_ref.cpp similarity index 97% rename from mock/src/oemcrypto_auth_mock.cpp rename to oemcrypto/ref/src/oemcrypto_auth_ref.cpp index d909c97..472c1f4 100644 --- a/mock/src/oemcrypto_auth_mock.cpp +++ b/oemcrypto/ref/src/oemcrypto_auth_ref.cpp @@ -2,18 +2,17 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // -#include "oemcrypto_auth_mock.h" +#include "oemcrypto_auth_ref.h" #include #include "keys.h" #include "log.h" -#include "oemcrypto_key_mock.h" +#include "oemcrypto_key_ref.h" #include "oemcrypto_logging.h" #include "oemcrypto_rsa_key_shared.h" -#include "wv_cdm_constants.h" namespace { @@ -176,7 +175,7 @@ static const uint8_t kTestRSAPKCS8PrivateKeyInfo2_2048[] = { } // namespace -namespace wvoec_mock { +namespace wvoec_ref { AuthenticationRoot::AuthenticationRoot(OEMCrypto_ProvisioningMethod method) : provisioning_method_(method), @@ -202,4 +201,4 @@ bool AuthenticationRoot::Validate() { return NO_ERROR == ValidateKeybox(); } -} // namespace wvoec_mock +} // namespace wvoec_ref diff --git a/mock/src/oemcrypto_auth_mock.h b/oemcrypto/ref/src/oemcrypto_auth_ref.h similarity index 83% rename from mock/src/oemcrypto_auth_mock.h rename to oemcrypto/ref/src/oemcrypto_auth_ref.h index 230be00..b5c7879 100644 --- a/mock/src/oemcrypto_auth_mock.h +++ b/oemcrypto/ref/src/oemcrypto_auth_ref.h @@ -2,10 +2,10 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // -#ifndef OEMCRYPTO_AUTH_MOCK_H_ -#define OEMCRYPTO_AUTH_MOCK_H_ +#ifndef OEMCRYPTO_AUTH_REF_H_ +#define OEMCRYPTO_AUTH_REF_H_ #include #include @@ -13,12 +13,14 @@ #include #include "OEMCryptoCENC.h" // Needed for enums only. -#include "oemcrypto_key_mock.h" -#include "oemcrypto_keybox_mock.h" +#include "disallow_copy_and_assign.h" +#include "oemcrypto_key_ref.h" +#include "oemcrypto_keybox_ref.h" #include "oemcrypto_rsa_key_shared.h" -#include "wv_cdm_types.h" +#include "oemcrypto_scoped_ptr.h" +#include "oemcrypto_types.h" -namespace wvoec_mock { +namespace wvoec_ref { class AuthenticationRoot { public: @@ -73,6 +75,6 @@ class AuthenticationRoot { CORE_DISALLOW_COPY_AND_ASSIGN(AuthenticationRoot); }; -} // namespace wvoec_mock +} // namespace wvoec_ref -#endif // OEMCRYPTO_AUTH_MOCK_H_ +#endif // OEMCRYPTO_AUTH_REF_H_ diff --git a/mock/src/oemcrypto_engine_device_properties.cpp b/oemcrypto/ref/src/oemcrypto_engine_device_properties.cpp similarity index 60% rename from mock/src/oemcrypto_engine_device_properties.cpp rename to oemcrypto/ref/src/oemcrypto_engine_device_properties.cpp index ce206de..aadde98 100644 --- a/mock/src/oemcrypto_engine_device_properties.cpp +++ b/oemcrypto/ref/src/oemcrypto_engine_device_properties.cpp @@ -2,16 +2,16 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // -#include "oemcrypto_engine_mock.h" +#include "oemcrypto_engine_ref.h" -namespace wvoec_mock { +namespace wvoec_ref { CryptoEngine* CryptoEngine::MakeCryptoEngine( - std::auto_ptr file_system) { + scoped_ptr file_system) { return new CryptoEngine(file_system); } -} // namespace wvoec_mock +} // namespace wvoec_ref diff --git a/mock/src/oemcrypto_engine_device_properties_L1.cpp b/oemcrypto/ref/src/oemcrypto_engine_device_properties_L1.cpp similarity index 78% rename from mock/src/oemcrypto_engine_device_properties_L1.cpp rename to oemcrypto/ref/src/oemcrypto_engine_device_properties_L1.cpp index d8da467..ac8a87a 100644 --- a/mock/src/oemcrypto_engine_device_properties_L1.cpp +++ b/oemcrypto/ref/src/oemcrypto_engine_device_properties_L1.cpp @@ -2,17 +2,17 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // // This file contains oemcrypto engine properties that would be for a // level 1 device. -#include "oemcrypto_engine_mock.h" +#include "oemcrypto_engine_ref.h" -namespace wvoec_mock { +namespace wvoec_ref { class L1CryptoEngine : public CryptoEngine { public: - explicit L1CryptoEngine(std::auto_ptr file_system) + explicit L1CryptoEngine(scoped_ptr file_system) : CryptoEngine(file_system) {} bool config_local_display_only() { return true; } @@ -31,8 +31,8 @@ class L1CryptoEngine : public CryptoEngine { }; CryptoEngine* CryptoEngine::MakeCryptoEngine( - std::auto_ptr file_system) { + scoped_ptr file_system) { return new L1CryptoEngine(file_system); } -} // namespace wvoec_mock +} // namespace wvoec_ref diff --git a/mock/src/oemcrypto_engine_device_properties_cert.cpp b/oemcrypto/ref/src/oemcrypto_engine_device_properties_cert.cpp similarity index 77% rename from mock/src/oemcrypto_engine_device_properties_cert.cpp rename to oemcrypto/ref/src/oemcrypto_engine_device_properties_cert.cpp index 932af52..3774ece 100644 --- a/mock/src/oemcrypto_engine_device_properties_cert.cpp +++ b/oemcrypto/ref/src/oemcrypto_engine_device_properties_cert.cpp @@ -2,20 +2,20 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // // This file contains oemcrypto engine properties that would be for a device // that does not have persistant storage or a keybox. // // Note: We also define it to be L2 for illustration only. Production devices // are rarely level 2. -#include "oemcrypto_engine_mock.h" +#include "oemcrypto_engine_ref.h" -namespace wvoec_mock { +namespace wvoec_ref { class CertOnlyCryptoEngine : public CryptoEngine { public: - explicit CertOnlyCryptoEngine(std::auto_ptr file_system) + explicit CertOnlyCryptoEngine(scoped_ptr file_system) : CryptoEngine(file_system) {} bool config_local_display_only() { return true; } @@ -30,8 +30,8 @@ class CertOnlyCryptoEngine : public CryptoEngine { }; CryptoEngine* CryptoEngine::MakeCryptoEngine( - std::auto_ptr file_system) { + scoped_ptr file_system) { return new CertOnlyCryptoEngine(file_system); } -} // namespace wvoec_mock +} // namespace wvoec_ref diff --git a/mock/src/oemcrypto_engine_device_properties_prov30.cpp b/oemcrypto/ref/src/oemcrypto_engine_device_properties_prov30.cpp similarity index 90% rename from mock/src/oemcrypto_engine_device_properties_prov30.cpp rename to oemcrypto/ref/src/oemcrypto_engine_device_properties_prov30.cpp index 96105c6..1276676 100644 --- a/mock/src/oemcrypto_engine_device_properties_prov30.cpp +++ b/oemcrypto/ref/src/oemcrypto_engine_device_properties_prov30.cpp @@ -2,24 +2,24 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // // This file contains oemcrypto engine properties that would be for a // level 2 device that does not have persistant storage or a keybox. // Note: this is for illustration only. Production devices are rarely level 2. -#include "oemcrypto_engine_mock.h" +#include "oemcrypto_engine_ref.h" #include #include "log.h" #include "oem_cert.h" -namespace wvoec_mock { +namespace wvoec_ref { class Prov30CryptoEngine : public CryptoEngine { public: - explicit Prov30CryptoEngine(std::auto_ptr file_system) + explicit Prov30CryptoEngine(scoped_ptr file_system) : CryptoEngine(file_system) {} bool config_local_display_only() { return true; } @@ -77,8 +77,8 @@ class Prov30CryptoEngine : public CryptoEngine { }; CryptoEngine* CryptoEngine::MakeCryptoEngine( - std::auto_ptr file_system) { + scoped_ptr file_system) { return new Prov30CryptoEngine(file_system); } -} // namespace wvoec_mock +} // namespace wvoec_ref diff --git a/mock/src/oemcrypto_engine_mock.cpp b/oemcrypto/ref/src/oemcrypto_engine_ref.cpp similarity index 92% rename from mock/src/oemcrypto_engine_mock.cpp rename to oemcrypto/ref/src/oemcrypto_engine_ref.cpp index ef73967..0d11aa1 100644 --- a/mock/src/oemcrypto_engine_mock.cpp +++ b/oemcrypto/ref/src/oemcrypto_engine_ref.cpp @@ -2,9 +2,9 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // -#include "oemcrypto_engine_mock.h" +#include "oemcrypto_engine_ref.h" #include #include @@ -17,19 +17,17 @@ #include "keys.h" #include "log.h" -#include "oemcrypto_key_mock.h" +#include "oemcrypto_key_ref.h" #include "oemcrypto_rsa_key_shared.h" -#include "string_conversions.h" -#include "wv_cdm_constants.h" -namespace wvoec_mock { +namespace wvoec_ref { // Note: The class CryptoEngine is configured at compile time by compiling in // different device property files. The methods in this file are generic to // all configurations. See the files oemcrypto_engine_device_properties*.cpp // for methods that are configured for specific configurations. -CryptoEngine::CryptoEngine(std::auto_ptr file_system) +CryptoEngine::CryptoEngine(scoped_ptr file_system) : root_of_trust_(config_provisioning_method()), file_system_(file_system), usage_table_(this) { @@ -123,4 +121,4 @@ OEMCryptoResult CryptoEngine::SetDestination( return OEMCrypto_SUCCESS; } -} // namespace wvoec_mock +} // namespace wvoec_ref diff --git a/mock/src/oemcrypto_engine_mock.h b/oemcrypto/ref/src/oemcrypto_engine_ref.h similarity index 88% rename from mock/src/oemcrypto_engine_mock.h rename to oemcrypto/ref/src/oemcrypto_engine_ref.h index 85e4128..c99abb1 100644 --- a/mock/src/oemcrypto_engine_mock.h +++ b/oemcrypto/ref/src/oemcrypto_engine_ref.h @@ -2,10 +2,10 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // -#ifndef MOCK_OEMCRYPTO_ENGINE_MOCK_H_ -#define MOCK_OEMCRYPTO_ENGINE_MOCK_H_ +#ifndef REF_OEMCRYPTO_ENGINE_REF_H_ +#define REF_OEMCRYPTO_ENGINE_REF_H_ #include #include @@ -18,14 +18,15 @@ #include "OEMCryptoCENC.h" // Needed for enums only. #include "file_store.h" #include "lock.h" -#include "oemcrypto_auth_mock.h" -#include "oemcrypto_key_mock.h" +#include "oemcrypto_auth_ref.h" +#include "oemcrypto_key_ref.h" #include "oemcrypto_rsa_key_shared.h" +#include "oemcrypto_scoped_ptr.h" #include "oemcrypto_session.h" -#include "oemcrypto_usage_table_mock.h" -#include "wv_cdm_types.h" +#include "oemcrypto_usage_table_ref.h" +#include "oemcrypto_types.h" -namespace wvoec_mock { +namespace wvoec_ref { typedef std::map ActiveSessions; @@ -37,7 +38,7 @@ class CryptoEngine { // NOTE: The caller must instantiate a FileSystem object - ownership // will be transferred to the new CryptoEngine object. static CryptoEngine* MakeCryptoEngine( - std::auto_ptr file_system); + scoped_ptr file_system); virtual ~CryptoEngine(); @@ -82,7 +83,7 @@ class CryptoEngine { size_t GetNumberOfOpenSessions() { return sessions_.size(); } size_t GetMaxNumberOfSessions() { - // An arbitrary limit for mock implementation. + // An arbitrary limit for ref implementation. static const size_t kMaxSupportedOEMCryptoSessions = 64; return kMaxSupportedOEMCryptoSessions; } @@ -148,6 +149,9 @@ class CryptoEngine { virtual bool srm_blacklisted_device_attached() { return false; } + // Rate limit for nonce generation. Default to 20 nonce/second. + virtual int nonce_flood_count() { return 20; } + // Set destination pointer based on the output destination description. OEMCryptoResult SetDestination(OEMCrypto_DestBufferDesc* out_description, size_t data_length, uint8_t subsample_flags); @@ -167,19 +171,19 @@ class CryptoEngine { } protected: - explicit CryptoEngine(std::auto_ptr file_system); + explicit CryptoEngine(scoped_ptr file_system); uint8_t* destination_; private: ActiveSessions sessions_; AuthenticationRoot root_of_trust_; wvcdm::Lock session_table_lock_; - std::auto_ptr file_system_; + scoped_ptr file_system_; UsageTable usage_table_; CORE_DISALLOW_COPY_AND_ASSIGN(CryptoEngine); }; -} // namespace wvoec_mock +} // namespace wvoec_ref -#endif // MOCK_OEMCRYPTO_ENGINE_MOCK_H_ +#endif // REF_OEMCRYPTO_ENGINE_REF_H_ diff --git a/mock/src/oemcrypto_key_mock.cpp b/oemcrypto/ref/src/oemcrypto_key_ref.cpp similarity index 64% rename from mock/src/oemcrypto_key_mock.cpp rename to oemcrypto/ref/src/oemcrypto_key_ref.cpp index fa0b108..412a3bd 100644 --- a/mock/src/oemcrypto_key_mock.cpp +++ b/oemcrypto/ref/src/oemcrypto_key_ref.cpp @@ -2,18 +2,18 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // -#include "oemcrypto_key_mock.h" +#include "oemcrypto_key_ref.h" +#include "oemcrypto_types.h" #include #include #include "log.h" #include "oemcrypto_logging.h" -#include "wv_cdm_constants.h" -namespace wvoec_mock { +namespace wvoec_ref { bool KeyControlBlock::Validate() { if (memcmp(verification_, "kctl", 4) && // original verification @@ -45,15 +45,15 @@ uint32_t KeyControlBlock::ExtractField(const std::vector& str, KeyControlBlock::KeyControlBlock( const std::vector& key_control_string) { - if (key_control_string.size() < wvcdm::KEY_CONTROL_SIZE) { + if (key_control_string.size() < wvoec::KEY_CONTROL_SIZE) { LOGE("KCB: BAD Size: %d (not %d)", key_control_string.size(), - wvcdm::KEY_CONTROL_SIZE); + wvoec::KEY_CONTROL_SIZE); return; } memcpy(verification_, &key_control_string[0], 4); - duration_ = ExtractField(key_control_string, 1); - nonce_ = ExtractField(key_control_string, 2); + duration_ = ExtractField(key_control_string, 1); + nonce_ = ExtractField(key_control_string, 2); control_bits_ = ExtractField(key_control_string, 3); if (LogCategoryEnabled(kLoggingDumpKeyControlBlocks)) { LOGD("KCB:"); @@ -63,19 +63,20 @@ KeyControlBlock::KeyControlBlock( LOGD(" magic: %08X", verification()); LOGD(" bits: %08X", control_bits()); LOGD(" bit kSharedLicense %s.", - (control_bits() & kSharedLicense) ? "set" : "unset"); + (control_bits() & wvoec::kSharedLicense) ? "set" : "unset"); LOGD(" bit kControlSRMVersionRequired %s.", - (control_bits() & kControlSRMVersionRequired) ? "set" : "unset"); + (control_bits() & wvoec::kControlSRMVersionRequired) ? "set" : "unset"); LOGD(" bit kControlDisableAnalogOutput %s.", - (control_bits() & kControlDisableAnalogOutput) ? "set" : "unset"); + (control_bits() & wvoec::kControlDisableAnalogOutput) ? "set" + : "unset"); LOGD(" bits kControlSecurityPatchLevel 0x%02x.", - (control_bits() & kControlSecurityPatchLevelMask) - >> kControlSecurityPatchLevelShift); - switch (control_bits() & kControlReplayMask) { - case kControlNonceRequired: + (control_bits() & wvoec::kControlSecurityPatchLevelMask) >> + wvoec::kControlSecurityPatchLevelShift); + switch (control_bits() & wvoec::kControlReplayMask) { + case wvoec::kControlNonceRequired: LOGD(" bits kControlReplay kControlNonceRequired."); break; - case kControlNonceOrEntry: + case wvoec::kControlNonceOrEntry: LOGD(" bits kControlReplay kControlNonceOrEntry."); break; default: @@ -83,28 +84,28 @@ KeyControlBlock::KeyControlBlock( break; } LOGD(" bits kControlHDCPVersion 0x%02x.", - (control_bits() & kControlHDCPVersionMask) - >> kControlHDCPVersionShift); + (control_bits() & wvoec::kControlHDCPVersionMask) >> + wvoec::kControlHDCPVersionShift); LOGD(" bit kControlAllowEncrypt %s.", - (control_bits() & kControlAllowEncrypt) ? "set" : "unset"); + (control_bits() & wvoec::kControlAllowEncrypt) ? "set" : "unset"); LOGD(" bit kControlAllowDecrypt %s.", - (control_bits() & kControlAllowDecrypt) ? "set" : "unset"); + (control_bits() & wvoec::kControlAllowDecrypt) ? "set" : "unset"); LOGD(" bit kControlAllowSign %s.", - (control_bits() & kControlAllowSign) ? "set" : "unset"); + (control_bits() & wvoec::kControlAllowSign) ? "set" : "unset"); LOGD(" bit kControlAllowVerify %s.", - (control_bits() & kControlAllowVerify) ? "set" : "unset"); + (control_bits() & wvoec::kControlAllowVerify) ? "set" : "unset"); LOGD(" bit kControlObserveDataPath %s.", - (control_bits() & kControlObserveDataPath) ? "set" : "unset"); + (control_bits() & wvoec::kControlObserveDataPath) ? "set" : "unset"); LOGD(" bit kControlObserveHDCP %s.", - (control_bits() & kControlObserveHDCP) ? "set" : "unset"); + (control_bits() & wvoec::kControlObserveHDCP) ? "set" : "unset"); LOGD(" bit kControlObserveCGMS %s.", - (control_bits() & kControlObserveCGMS) ? "set" : "unset"); + (control_bits() & wvoec::kControlObserveCGMS) ? "set" : "unset"); LOGD(" bit kControlDataPathSecure %s.", - (control_bits() & kControlDataPathSecure) ? "set" : "unset"); + (control_bits() & wvoec::kControlDataPathSecure) ? "set" : "unset"); LOGD(" bit kControlNonceEnabled %s.", - (control_bits() & kControlNonceEnabled) ? "set" : "unset"); + (control_bits() & wvoec::kControlNonceEnabled) ? "set" : "unset"); LOGD(" bit kControlHDCPRequired %s.", - (control_bits() & kControlHDCPRequired) ? "set" : "unset"); + (control_bits() & wvoec::kControlHDCPRequired) ? "set" : "unset"); uint32_t cgms_bits = control_bits() & 0x3; const char* cgms_values[4] = {"free", "BAD", "once", "never"}; LOGD(" CGMS = %s", cgms_values[cgms_bits]); @@ -118,7 +119,7 @@ void Key::UpdateDuration(const KeyControlBlock& control) { void KeyControlBlock::RequireLocalDisplay() { // Set all bits to require HDCP Local Display Only. - control_bits_ |= kControlHDCPVersionMask; + control_bits_ |= wvoec::kControlHDCPVersionMask; } -} // namespace wvoec_mock +} // namespace wvoec_ref diff --git a/mock/src/oemcrypto_key_mock.h b/oemcrypto/ref/src/oemcrypto_key_ref.h similarity index 62% rename from mock/src/oemcrypto_key_mock.h rename to oemcrypto/ref/src/oemcrypto_key_ref.h index dab47e8..894d240 100644 --- a/mock/src/oemcrypto_key_mock.h +++ b/oemcrypto/ref/src/oemcrypto_key_ref.h @@ -2,43 +2,16 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // -#ifndef OEMCRYPTO_KEY_MOCK_H_ -#define OEMCRYPTO_KEY_MOCK_H_ +#ifndef OEMCRYPTO_KEY_REF_H_ +#define OEMCRYPTO_KEY_REF_H_ #include #include #include -namespace wvoec_mock { - -const uint32_t kControlObserveDataPath = (1<<31); -const uint32_t kControlObserveHDCP = (1<<30); -const uint32_t kControlObserveCGMS = (1<<29); -const uint32_t kControlRequireAntiRollbackHardware = (1<<28); -const uint32_t kSharedLicense = (1<<23); -const uint32_t kControlSRMVersionRequired = (1<<22); -const uint32_t kControlDisableAnalogOutput = (1<<21); -const uint32_t kControlSecurityPatchLevelShift = 15; -const uint32_t kControlSecurityPatchLevelMask = - (0x3F< content_key_id_; }; -} // namespace wvoec_mock +} // namespace wvoec_ref -#endif // OEMCRYPTO_KEY_MOCK_H_ +#endif // OEMCRYPTO_KEY_REF_H_ diff --git a/mock/src/oemcrypto_keybox_mock.cpp b/oemcrypto/ref/src/oemcrypto_keybox_ref.cpp similarity index 90% rename from mock/src/oemcrypto_keybox_mock.cpp rename to oemcrypto/ref/src/oemcrypto_keybox_ref.cpp index 70e909c..7467628 100644 --- a/mock/src/oemcrypto_keybox_mock.cpp +++ b/oemcrypto/ref/src/oemcrypto_keybox_ref.cpp @@ -2,23 +2,23 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // -#include "oemcrypto_keybox_mock.h" +#include "oemcrypto_keybox_ref.h" #include // needed for ntoh() #include #include #include #include "log.h" -#include "wv_keybox.h" +#include "oemcrypto_types.h" #include "wvcrc32.h" -namespace wvoec_mock { +namespace wvoec_ref { namespace { -const WidevineKeybox kTestKeybox = { +const wvoec::WidevineKeybox kTestKeybox = { // Sample keybox used for test vectors { // deviceID @@ -69,7 +69,7 @@ KeyboxError WvKeybox::Validate() { uint32_t crc_stored; uint8_t* crc_stored_bytes = (uint8_t*) &crc_stored; memcpy(crc_stored_bytes, crc_, sizeof(crc_)); - WidevineKeybox keybox; + wvoec::WidevineKeybox keybox; memset(&keybox, 0, sizeof(keybox)); memcpy(keybox.device_id_, &device_id_[0], device_id_.size()); memcpy(keybox.device_key_, &device_key_[0], sizeof(keybox.device_key_)); @@ -91,8 +91,8 @@ bool WvKeybox::InstallKeybox(const uint8_t* buffer, size_t keyBoxLength) { return false; } - const WidevineKeybox* keybox - = reinterpret_cast(buffer); + const wvoec::WidevineKeybox* keybox + = reinterpret_cast(buffer); size_t device_id_length = strnlen(reinterpret_cast(keybox->device_id_), 32); device_id_.assign(keybox->device_id_, @@ -111,4 +111,4 @@ WvTestKeybox::WvTestKeybox() { sizeof(kTestKeybox)); } -} // namespace wvoec_mock +} // namespace wvoec_ref diff --git a/mock/src/oemcrypto_keybox_mock.h b/oemcrypto/ref/src/oemcrypto_keybox_ref.h similarity index 82% rename from mock/src/oemcrypto_keybox_mock.h rename to oemcrypto/ref/src/oemcrypto_keybox_ref.h index 3609a01..8dd2fe6 100644 --- a/mock/src/oemcrypto_keybox_mock.h +++ b/oemcrypto/ref/src/oemcrypto_keybox_ref.h @@ -2,14 +2,14 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // -#ifndef OEMCRYPTO_KEYBOX_MOCK_H_ -#define OEMCRYPTO_KEYBOX_MOCK_H_ +#ifndef OEMCRYPTO_KEYBOX_REF_H_ +#define OEMCRYPTO_KEYBOX_REF_H_ -#include "oemcrypto_key_mock.h" +#include "oemcrypto_key_ref.h" -namespace wvoec_mock { +namespace wvoec_ref { const int DEVICE_KEY_LENGTH = 16; typedef uint8_t WvKeyboxKey[DEVICE_KEY_LENGTH]; @@ -48,6 +48,6 @@ class WvTestKeybox : public WvKeybox { WvTestKeybox(); }; -} // namespace wvoec_mock +} // namespace wvoec_ref -#endif // OEMCRYPTO_KEYBOX_MOCK_H_ +#endif // OEMCRYPTO_KEYBOX_REF_H_ diff --git a/mock/src/oemcrypto_keybox_testkey.cpp b/oemcrypto/ref/src/oemcrypto_keybox_testkey.cpp similarity index 91% rename from mock/src/oemcrypto_keybox_testkey.cpp rename to oemcrypto/ref/src/oemcrypto_keybox_testkey.cpp index 3b6b91b..6035181 100644 --- a/mock/src/oemcrypto_keybox_testkey.cpp +++ b/oemcrypto/ref/src/oemcrypto_keybox_testkey.cpp @@ -4,16 +4,16 @@ // // Test keybox. -#include "oemcrypto_keybox_mock.h" -#include "wv_keybox.h" +#include "oemcrypto_keybox_ref.h" +#include "oemcrypto_types.h" -namespace wvoec_mock { +namespace wvoec_ref { namespace { // Note: this is a valid keybox, but it is not accepted by production servers. // However, it is different from the one used for most of the unit tests. -const WidevineKeybox kKeybox = { +const wvoec::WidevineKeybox kKeybox = { // Sample keybox used for test vectors { // deviceID @@ -53,4 +53,4 @@ bool WvKeybox::Prepare() { return true; } -} // namespace wvoec_mock +} // namespace wvoec_ref diff --git a/mock/src/oemcrypto_logging.cpp b/oemcrypto/ref/src/oemcrypto_logging.cpp similarity index 96% rename from mock/src/oemcrypto_logging.cpp rename to oemcrypto/ref/src/oemcrypto_logging.cpp index 3379fe0..935b2c4 100644 --- a/mock/src/oemcrypto_logging.cpp +++ b/oemcrypto/ref/src/oemcrypto_logging.cpp @@ -6,7 +6,7 @@ #include -namespace wvoec_mock { +namespace wvoec_ref { int logging_category_setting = 0x00; @@ -49,7 +49,7 @@ void dump_hex_helper(std::string& buffer, std::string name, '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'}; for (size_t i = 0; i < length; i++) { if (i == 0) { - buffer += "\n wvcdm::a2b_hex(\""; + buffer += "\n a2b_hex(\""; } else if (i % 32 == 0) { buffer += "\"\n \""; } @@ -103,4 +103,4 @@ void dump_array_part(std::string array, size_t index, std::string name, LOGV(buffer.c_str()); } -} // namespace wvoec_mock +} // namespace wvoec_ref diff --git a/include/oemcrypto_logging.h b/oemcrypto/ref/src/oemcrypto_logging.h similarity index 97% rename from include/oemcrypto_logging.h rename to oemcrypto/ref/src/oemcrypto_logging.h index 0fa9f0c..ad776b8 100644 --- a/include/oemcrypto_logging.h +++ b/oemcrypto/ref/src/oemcrypto_logging.h @@ -11,7 +11,7 @@ #include "OEMCryptoCENC.h" #include "log.h" -namespace wvoec_mock { +namespace wvoec_ref { // The constants below represent integers with a single "on" bit that // represents categories of logging This allows users to specify with @@ -62,6 +62,6 @@ void dump_array_part_helper(std::string& buffer, std::string array, void dump_array_part(std::string array, size_t index, std::string name, const uint8_t* vector, size_t length); -} // namespace wvoec_mock +} // namespace wvoec_ref #endif diff --git a/mock/src/oemcrypto_nonce_table.cpp b/oemcrypto/ref/src/oemcrypto_nonce_table.cpp similarity index 94% rename from mock/src/oemcrypto_nonce_table.cpp rename to oemcrypto/ref/src/oemcrypto_nonce_table.cpp index 6e072ac..5412a96 100644 --- a/mock/src/oemcrypto_nonce_table.cpp +++ b/oemcrypto/ref/src/oemcrypto_nonce_table.cpp @@ -2,11 +2,11 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // #include "oemcrypto_nonce_table.h" -namespace wvoec_mock { +namespace wvoec_ref { void NonceTable::AddNonce(uint32_t nonce) { int new_slot = -1; @@ -66,4 +66,4 @@ void NonceTable::Flush() { } } -} // namespace wvoec_mock +} // namespace wvoec_ref diff --git a/mock/src/oemcrypto_nonce_table.h b/oemcrypto/ref/src/oemcrypto_nonce_table.h similarity index 76% rename from mock/src/oemcrypto_nonce_table.h rename to oemcrypto/ref/src/oemcrypto_nonce_table.h index 7b8072e..6b24ac8 100644 --- a/mock/src/oemcrypto_nonce_table.h +++ b/oemcrypto/ref/src/oemcrypto_nonce_table.h @@ -2,14 +2,14 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // -#ifndef MOCK_OEMCRYPTO_NONCE_TABLE_H_ -#define MOCK_OEMCRYPTO_NONCE_TABLE_H_ +#ifndef REF_OEMCRYPTO_NONCE_TABLE_H_ +#define REF_OEMCRYPTO_NONCE_TABLE_H_ #include -namespace wvoec_mock { +namespace wvoec_ref { class NonceTable { public: @@ -35,6 +35,6 @@ class NonceTable { uint32_t nonces_[kTableSize]; }; -} // namespace wvoec_mock +} // namespace wvoec_ref -#endif // MOCK_OEMCRYPTO_NONCE_TABLE_H_ +#endif // REF_OEMCRYPTO_NONCE_TABLE_H_ diff --git a/mock/src/oemcrypto_old_usage_table_mock.cpp b/oemcrypto/ref/src/oemcrypto_old_usage_table_ref.cpp similarity index 82% rename from mock/src/oemcrypto_old_usage_table_mock.cpp rename to oemcrypto/ref/src/oemcrypto_old_usage_table_ref.cpp index b82c123..426e2c0 100644 --- a/mock/src/oemcrypto_old_usage_table_mock.cpp +++ b/oemcrypto/ref/src/oemcrypto_old_usage_table_ref.cpp @@ -2,12 +2,12 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // // This is from the v12 version of oemcrypto usage tables. It is used for // devices that upgrade from v12 to v13 in the field, and need to convert from // the old type of usage table to the new. -#include "oemcrypto_old_usage_table_mock.h" +#include "oemcrypto_old_usage_table_ref.h" #include #include @@ -22,14 +22,15 @@ #include "file_store.h" #include "log.h" -#include "oemcrypto_engine_mock.h" +#include "oemcrypto_engine_ref.h" #include "oemcrypto_logging.h" -#include "properties.h" +// TODO(fredgc): Setting the device files base bath is currently broken as +// wvcdm::Properties is no longer used by the reference code. +//#include "properties.h" #include "pst_report.h" #include "string_conversions.h" -#include "wv_cdm_constants.h" -namespace wvoec_mock { +namespace wvoec_ref { OldUsageTableEntry::OldUsageTableEntry(const std::vector &pst_hash) : pst_hash_(pst_hash), @@ -47,9 +48,9 @@ OldUsageTableEntry::OldUsageTableEntry(const OldStoredUsageEntry *buffer) { time_of_last_decrypt_ = buffer->time_of_last_decrypt; status_ = buffer->status; mac_key_server_.assign(buffer->mac_key_server, - buffer->mac_key_server + wvcdm::MAC_KEY_SIZE); + buffer->mac_key_server + wvoec::MAC_KEY_SIZE); mac_key_client_.assign(buffer->mac_key_client, - buffer->mac_key_client + wvcdm::MAC_KEY_SIZE); + buffer->mac_key_client + wvoec::MAC_KEY_SIZE); } OldUsageTable::OldUsageTable(CryptoEngine *ce) { @@ -58,16 +59,17 @@ OldUsageTable::OldUsageTable(CryptoEngine *ce) { table_.clear(); // Load saved table. - wvcdm::FileSystem* file_system = ce->file_system(); + wvcdm::FileSystem *file_system = ce->file_system(); wvcdm::File *file; std::string path; // Note: this path is OK for a real implementation, but using security level 1 // would be better. - if (!wvcdm::Properties::GetDeviceFilesBasePath(wvcdm::kSecurityLevelL3, - &path)) { + // TODO(fredgc, jfore): Address how this property is presented to the ref. + // For now, the path is empty. + /*if (!Properties::GetDeviceFilesBasePath(kSecurityLevelL3, &path)) { LOGE("OldUsageTable: Unable to get base path"); return; - } + }*/ std::string filename = path + "UsageTable.dat"; if (!file_system->Exists(filename)) { if (LogCategoryEnabled(kLoggingTraceUsageTable)) { @@ -119,14 +121,14 @@ OldUsageTable::OldUsageTable(CryptoEngine *ce) { } // Next, decrypt the table. - uint8_t iv_buffer[wvcdm::KEY_IV_SIZE]; - memcpy(iv_buffer, encrypted_table->iv, wvcdm::KEY_IV_SIZE); + uint8_t iv_buffer[wvoec::KEY_IV_SIZE]; + memcpy(iv_buffer, encrypted_table->iv, wvoec::KEY_IV_SIZE); AES_KEY aes_key; AES_set_decrypt_key(&key[0], 128, &aes_key); - AES_cbc_encrypt(&encrypted_buffer[SHA256_DIGEST_LENGTH + wvcdm::KEY_IV_SIZE], - &buffer[SHA256_DIGEST_LENGTH + wvcdm::KEY_IV_SIZE], - file_size - SHA256_DIGEST_LENGTH - wvcdm::KEY_IV_SIZE, - &aes_key, iv_buffer, AES_DECRYPT); + AES_cbc_encrypt(&encrypted_buffer[SHA256_DIGEST_LENGTH + wvoec::KEY_IV_SIZE], + &buffer[SHA256_DIGEST_LENGTH + wvoec::KEY_IV_SIZE], + file_size - SHA256_DIGEST_LENGTH - wvoec::KEY_IV_SIZE, &aes_key, + iv_buffer, AES_DECRYPT); // Next, read the generation number from a different location. // On a real implementation, you should NOT put the generation number in @@ -176,7 +178,8 @@ OldUsageTableEntry *OldUsageTable::FindEntry(const std::vector &pst) { return FindEntryLocked(pst); } -OldUsageTableEntry *OldUsageTable::FindEntryLocked(const std::vector &pst) { +OldUsageTableEntry *OldUsageTable::FindEntryLocked( + const std::vector &pst) { std::vector pst_hash; if (!ComputeHash(pst, pst_hash)) { LOGE("OldUsageTable: Could not compute hash of pst."); @@ -189,7 +192,8 @@ OldUsageTableEntry *OldUsageTable::FindEntryLocked(const std::vector &p return it->second; } -OldUsageTableEntry *OldUsageTable::CreateEntry(const std::vector &pst) { +OldUsageTableEntry *OldUsageTable::CreateEntry( + const std::vector &pst) { std::vector pst_hash; if (!ComputeHash(pst, pst_hash)) { LOGE("OldUsageTable: Could not compute hash of pst."); @@ -210,15 +214,16 @@ void OldUsageTable::Clear() { } void OldUsageTable::DeleteFile(CryptoEngine *ce) { - wvcdm::FileSystem* file_system = ce->file_system(); + wvcdm::FileSystem *file_system = ce->file_system(); std::string path; // Note: this path is OK for a real implementation, but using security level 1 // would be better. - if (!wvcdm::Properties::GetDeviceFilesBasePath(wvcdm::kSecurityLevelL3, - &path)) { + // TODO(jfore): Address how this property is presented to the ref. For now, + // the path is empty. + /*if (!Properties::GetDeviceFilesBasePath(kSecurityLevelL3, &path)) { LOGE("OldUsageTable: Unable to get base path"); return; - } + }*/ std::string filename = path + "UsageTable.dat"; if (file_system->Exists(filename)) { if (!file_system->Remove(filename)) { @@ -228,7 +233,7 @@ void OldUsageTable::DeleteFile(CryptoEngine *ce) { } bool OldUsageTable::ComputeHash(const std::vector &pst, - std::vector &pst_hash) { + std::vector &pst_hash) { // The PST is not fixed size, and we have no promises that it is reasonbly // sized, so we compute a hash of it, and store that instead. pst_hash.resize(SHA256_DIGEST_LENGTH); @@ -239,4 +244,4 @@ bool OldUsageTable::ComputeHash(const std::vector &pst, return true; } -} // namespace wvoec_mock +} // namespace wvoec_ref diff --git a/mock/src/oemcrypto_old_usage_table_mock.h b/oemcrypto/ref/src/oemcrypto_old_usage_table_ref.h similarity index 79% rename from mock/src/oemcrypto_old_usage_table_mock.h rename to oemcrypto/ref/src/oemcrypto_old_usage_table_ref.h index beede04..7aa1c10 100644 --- a/mock/src/oemcrypto_old_usage_table_mock.h +++ b/oemcrypto/ref/src/oemcrypto_old_usage_table_ref.h @@ -1,26 +1,26 @@ - // Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary - // source code may only be used and distributed under the Widevine Master - // License Agreement. +// Copyright 2018 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // // This is from the v12 version of oemcrypto usage tables. It is used for // devices that upgrade from v12 to v13 in the field, and need to convert from // the old type of usage table to the new. -#ifndef OEMCRYPTO_OLD_USAGE_TABLE_MOCK_H_ -#define OEMCRYPTO_OLD_USAGE_TABLE_MOCK_H_ +#ifndef OEMCRYPTO_OLD_USAGE_TABLE_REF_H_ +#define OEMCRYPTO_OLD_USAGE_TABLE_REF_H_ #include #include #include #include -#include "lock.h" #include "OEMCryptoCENC.h" +#include "lock.h" +#include "oemcrypto_types.h" #include "openssl/sha.h" -#include "wv_cdm_constants.h" -namespace wvoec_mock { +namespace wvoec_ref { class CryptoEngine; class UsagetTableEntry; @@ -32,8 +32,8 @@ struct OldStoredUsageEntry { int64_t time_of_first_decrypt; int64_t time_of_last_decrypt; enum OEMCrypto_Usage_Entry_Status status; - uint8_t mac_key_server[wvcdm::MAC_KEY_SIZE]; - uint8_t mac_key_client[wvcdm::MAC_KEY_SIZE]; + uint8_t mac_key_server[wvoec::MAC_KEY_SIZE]; + uint8_t mac_key_client[wvoec::MAC_KEY_SIZE]; }; typedef union { @@ -43,7 +43,7 @@ typedef union { struct OldStoredUsageTable { uint8_t signature[SHA256_DIGEST_LENGTH]; - uint8_t iv[wvcdm::KEY_IV_SIZE]; + uint8_t iv[wvoec::KEY_IV_SIZE]; int64_t generation; uint64_t count; AlignedOldStoredUsageEntry entries[]; @@ -90,6 +90,6 @@ class OldUsageTable { CryptoEngine *ce_; }; -} // namespace wvoec_mock +} // namespace wvoec_ref -#endif // OEMCRYPTO_OLD_USAGE_TABLE_MOCK_H_ +#endif // OEMCRYPTO_OLD_USAGE_TABLE_REF_H_ diff --git a/mock/src/oemcrypto_mock.cpp b/oemcrypto/ref/src/oemcrypto_ref.cpp similarity index 94% rename from mock/src/oemcrypto_mock.cpp rename to oemcrypto/ref/src/oemcrypto_ref.cpp index 35f3865..716fea6 100644 --- a/mock/src/oemcrypto_mock.cpp +++ b/oemcrypto/ref/src/oemcrypto_ref.cpp @@ -15,18 +15,18 @@ #include #include #include +#include #include #include #include #include #include "file_store.h" #include "log.h" -#include "oemcrypto_engine_mock.h" +#include "oemcrypto_engine_ref.h" #include "oemcrypto_logging.h" #include "oemcrypto_session.h" -#include "oemcrypto_usage_table_mock.h" +#include "oemcrypto_usage_table_ref.h" #include "string_conversions.h" -#include "wv_cdm_constants.h" namespace { const uint8_t kBakedInCertificateMagicBytes[] = {0xDE, 0xAD, 0xBE, 0xEF}; @@ -38,7 +38,7 @@ uint32_t unaligned_dereference_uint32(const void* unaligned_ptr) { uint32_t value; const uint8_t* src = reinterpret_cast(unaligned_ptr); uint8_t* dest = reinterpret_cast(&value); - for (unsigned long i=0; i < sizeof(value); i++) { + for (unsigned long i = 0; i < sizeof(value); i++) { dest[i] = src[i]; } return value; @@ -46,14 +46,14 @@ uint32_t unaligned_dereference_uint32(const void* unaligned_ptr) { } // namespace -namespace wvoec_mock { +namespace wvoec_ref { static CryptoEngine* crypto_engine = NULL; typedef struct { - uint8_t signature[wvcdm::MAC_KEY_SIZE]; - uint8_t context[wvcdm::MAC_KEY_SIZE]; - uint8_t iv[wvcdm::KEY_IV_SIZE]; + uint8_t signature[wvoec::MAC_KEY_SIZE]; + uint8_t context[wvoec::MAC_KEY_SIZE]; + uint8_t iv[wvoec::KEY_IV_SIZE]; uint8_t enc_rsa_key[]; } WrappedRSAKey; @@ -68,7 +68,7 @@ extern "C" OEMCryptoResult OEMCrypto_Initialize(void) { } // NOTE: This requires a compatible Filesystem implementation. // NOTE: Ownership of the FileSystem object is transferred to CryptoEngine - std::auto_ptr fs(new wvcdm::FileSystem()); + scoped_ptr fs(new wvcdm::FileSystem()); crypto_engine = CryptoEngine::MakeCryptoEngine(fs); if (!crypto_engine || !crypto_engine->Initialize()) { @@ -102,8 +102,9 @@ extern "C" OEMCryptoResult OEMCrypto_Terminate(void) { extern "C" OEMCryptoResult OEMCrypto_OpenSession(OEMCrypto_SESSION* session) { if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) { - LOGI("-- OEMCryptoResult OEMCrypto_OpenSession" - "(OEMCrypto_SESSION *session)\n"); + LOGI( + "-- OEMCryptoResult OEMCrypto_OpenSession" + "(OEMCrypto_SESSION *session)\n"); } if (!crypto_engine) { LOGE("OEMCrypto_OpenSession: OEMCrypto not initialized."); @@ -117,15 +118,16 @@ extern "C" OEMCryptoResult OEMCrypto_OpenSession(OEMCrypto_SESSION* session) { SessionId sid = crypto_engine->CreateSession(); *session = (OEMCrypto_SESSION)sid; if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) { - LOGD("[OEMCrypto_OpenSession(): SID=%08X]", sid); + LOGD("[OEMCrypto_OpenSession(): SID=%08x]", sid); } return OEMCrypto_SUCCESS; } extern "C" OEMCryptoResult OEMCrypto_CloseSession(OEMCrypto_SESSION session) { if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) { - LOGI("-- OEMCryptoResult OEMCrypto_CloseSession" - "(OEMCrypto_SESSION session)\n"); + LOGI( + "-- OEMCryptoResult OEMCrypto_CloseSession" + "(OEMCrypto_SESSION session)\n"); } if (!crypto_engine) { LOGE("OEMCrypto_CloseSession: OEMCrypto not initialized."); @@ -198,11 +200,19 @@ extern "C" OEMCryptoResult OEMCrypto_GenerateDerivedKeys( return OEMCrypto_SUCCESS; } +static const uint64_t one_second = 1000000ull; +static uint64_t TimeStamp(void) { + struct timeval tv; + gettimeofday(&tv,NULL); + return tv.tv_sec * one_second + tv.tv_usec; +} + extern "C" OEMCryptoResult OEMCrypto_GenerateNonce(OEMCrypto_SESSION session, uint32_t* nonce) { if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) { - LOGI("-- OEMCryptoResult OEMCrypto_GenerateNonce" - "(OEMCrypto_SESSION session,\n"); + LOGI( + "-- OEMCryptoResult OEMCrypto_GenerateNonce" + "(OEMCrypto_SESSION session,\n"); } if (!crypto_engine) { LOGE("OEMCrypto_GenerateNonce: OEMCrypto not initialized."); @@ -215,12 +225,15 @@ extern "C" OEMCryptoResult OEMCrypto_GenerateNonce(OEMCrypto_SESSION session, } // Prevent nonce flood. - static time_t last_nonce_time = 0; - static int nonce_count = 0; - time_t now = time(NULL); - if (now == last_nonce_time) { + uint64_t now = TimeStamp(); + static uint64_t last_nonce_time = now; + // For testing, we set nonce_flood_count to 1. Since count is initialized to + // 1, the very first nonce after initialization is counted as a flood. + static int nonce_count = 1; + + if (now - last_nonce_time < one_second) { nonce_count++; - if (nonce_count > 20) { + if (nonce_count > crypto_engine->nonce_flood_count()) { LOGE("[OEMCrypto_GenerateNonce(): Nonce Flood detected]"); return OEMCrypto_ERROR_UNKNOWN_FAILURE; } @@ -240,7 +253,7 @@ extern "C" OEMCryptoResult OEMCrypto_GenerateNonce(OEMCrypto_SESSION session, session_ctx->AddNonce(nonce_value); *nonce = nonce_value; if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) { - LOGI("nonce = %08X\n", nonce_value); + LOGI("nonce = %08x\n", nonce_value); } return OEMCrypto_SUCCESS; } @@ -311,23 +324,23 @@ extern "C" OEMCryptoResult OEMCrypto_LoadKeys( if (wvcdm::g_cutoff >= wvcdm::LOG_VERBOSE) { dump_hex("message", message, message_length); dump_hex("signature", signature, signature_length); - dump_hex("enc_mac_key_iv", enc_mac_key_iv, wvcdm::KEY_IV_SIZE); - dump_hex("enc_mac_keys", enc_mac_keys, 2 * wvcdm::MAC_KEY_SIZE); + dump_hex("enc_mac_key_iv", enc_mac_key_iv, wvoec::KEY_IV_SIZE); + dump_hex("enc_mac_keys", enc_mac_keys, 2 * wvoec::MAC_KEY_SIZE); dump_hex("pst", pst, pst_length); - dump_hex("srm_requirement", srm_requirement, wvcdm::KEY_CONTROL_SIZE); + dump_hex("srm_requirement", srm_requirement, wvoec::KEY_CONTROL_SIZE); for (size_t i = 0; i < num_keys; i++) { LOGV("key_array[%zu].key_id_length=%zu;\n", i, key_array[i].key_id_length); dump_array_part("key_array", i, "key_id", key_array[i].key_id, key_array[i].key_id_length); dump_array_part("key_array", i, "key_data_iv", key_array[i].key_data_iv, - wvcdm::KEY_IV_SIZE); + wvoec::KEY_IV_SIZE); dump_array_part("key_array", i, "key_data", key_array[i].key_data, key_array[i].key_data_length); dump_array_part("key_array", i, "key_control_iv", - key_array[i].key_control_iv, wvcdm::KEY_IV_SIZE); + key_array[i].key_control_iv, wvoec::KEY_IV_SIZE); dump_array_part("key_array", i, "key_control", key_array[i].key_control, - wvcdm::KEY_IV_SIZE); + wvoec::KEY_IV_SIZE); } } } @@ -357,15 +370,15 @@ extern "C" OEMCryptoResult OEMCrypto_LoadKeys( } // Range check - if (!RangeCheck(message, message_length, enc_mac_keys, - 2 * wvcdm::MAC_KEY_SIZE, true) || - !RangeCheck(message, message_length, enc_mac_key_iv, wvcdm::KEY_IV_SIZE, + if (!RangeCheck(message, message_length, enc_mac_keys, 2 * wvoec::MAC_KEY_SIZE, true) || + !RangeCheck(message, message_length, enc_mac_key_iv, wvoec::KEY_IV_SIZE, true) || !RangeCheck(message, message_length, pst, pst_length, true) || !RangeCheck(message, message_length, srm_requirement, - wvcdm::SRM_REQUIREMENT_SIZE, true)) { - LOGE("[OEMCrypto_LoadKeys(): OEMCrypto_ERROR_INVALID_CONTEXT - range " - "check.]"); + wvoec::SRM_REQUIREMENT_SIZE, true)) { + LOGE( + "[OEMCrypto_LoadKeys(): OEMCrypto_ERROR_INVALID_CONTEXT - range " + "check.]"); return OEMCrypto_ERROR_INVALID_CONTEXT; } @@ -375,13 +388,15 @@ extern "C" OEMCryptoResult OEMCrypto_LoadKeys( !RangeCheck(message, message_length, key_array[i].key_data, key_array[i].key_data_length, false) || !RangeCheck(message, message_length, key_array[i].key_data_iv, - wvcdm::KEY_IV_SIZE, false) || + wvoec::KEY_IV_SIZE, false) || !RangeCheck(message, message_length, key_array[i].key_control, - wvcdm::KEY_CONTROL_SIZE, false) || + wvoec::KEY_CONTROL_SIZE, false) || !RangeCheck(message, message_length, key_array[i].key_control_iv, - wvcdm::KEY_IV_SIZE, false)) { - LOGE("[OEMCrypto_LoadKeys(): OEMCrypto_ERROR_INVALID_CONTEXT -range " - "check %d]", i); + wvoec::KEY_IV_SIZE, false)) { + LOGE( + "[OEMCrypto_LoadKeys(): OEMCrypto_ERROR_INVALID_CONTEXT -range " + "check %d]", + i); return OEMCrypto_ERROR_INVALID_CONTEXT; } } @@ -392,8 +407,7 @@ extern "C" OEMCryptoResult OEMCrypto_LoadKeys( } extern "C" OEMCryptoResult OEMCrypto_LoadEntitledContentKeys( - OEMCrypto_SESSION session, - size_t num_keys, + OEMCrypto_SESSION session, size_t num_keys, const OEMCrypto_EntitledContentKeyObject* key_array) { if (num_keys == 0) { LOGE("[OEMCrypto_LoadEntitledContentKeys(): key_array is empty."); @@ -450,9 +464,9 @@ extern "C" OEMCryptoResult OEMCrypto_RefreshKeys( if (!RangeCheck(message, message_length, key_array[i].key_id, key_array[i].key_id_length, true) || !RangeCheck(message, message_length, key_array[i].key_control, - wvcdm::KEY_CONTROL_SIZE, false) || + wvoec::KEY_CONTROL_SIZE, false) || !RangeCheck(message, message_length, key_array[i].key_control_iv, - wvcdm::KEY_IV_SIZE, true)) { + wvoec::KEY_IV_SIZE, true)) { LOGE("[OEMCrypto_RefreshKeys(): Range Check %d]", i); return OEMCrypto_ERROR_INVALID_CONTEXT; } @@ -475,12 +489,12 @@ extern "C" OEMCryptoResult OEMCrypto_RefreshKeys( key_id.assign(key_array[i].key_id, key_array[i].key_id + key_array[i].key_id_length); key_control.assign(key_array[i].key_control, - key_array[i].key_control + wvcdm::KEY_CONTROL_SIZE); + key_array[i].key_control + wvoec::KEY_CONTROL_SIZE); if (key_array[i].key_control_iv == NULL) { key_control_iv.clear(); } else { key_control_iv.assign(key_array[i].key_control_iv, - key_array[i].key_control_iv + wvcdm::KEY_IV_SIZE); + key_array[i].key_control_iv + wvoec::KEY_IV_SIZE); } } else { // key_id could be null if special control key type @@ -488,7 +502,7 @@ extern "C" OEMCryptoResult OEMCrypto_RefreshKeys( key_id.clear(); key_control_iv.clear(); key_control.assign(key_array[i].key_control, - key_array[i].key_control + wvcdm::KEY_CONTROL_SIZE); + key_array[i].key_control + wvoec::KEY_CONTROL_SIZE); } status = session_ctx->RefreshKey(key_id, key_control, key_control_iv); @@ -520,14 +534,15 @@ extern "C" OEMCryptoResult OEMCrypto_QueryKeyControl( } uint32_t* block = reinterpret_cast(key_control_block); if ((key_control_block_length == NULL) || - (*key_control_block_length < wvcdm::KEY_CONTROL_SIZE)) { + (*key_control_block_length < wvoec::KEY_CONTROL_SIZE)) { LOGE("[OEMCrypto_QueryKeyControl(): OEMCrypto_ERROR_SHORT_BUFFER]"); return OEMCrypto_ERROR_SHORT_BUFFER; } - *key_control_block_length = wvcdm::KEY_CONTROL_SIZE; + *key_control_block_length = wvoec::KEY_CONTROL_SIZE; if (key_id == NULL) { - LOGE("[OEMCrypto_QueryKeyControl(): key_id null. " - "OEMCrypto_ERROR_UNKNOWN_FAILURE]"); + LOGE( + "[OEMCrypto_QueryKeyControl(): key_id null. " + "OEMCrypto_ERROR_UNKNOWN_FAILURE]"); return OEMCrypto_ERROR_UNKNOWN_FAILURE; } @@ -690,8 +705,8 @@ extern "C" OEMCryptoResult OEMCrypto_InstallKeybox(const uint8_t* keybox, return OEMCrypto_ERROR_WRITE_KEYBOX; } -extern "C" OEMCryptoResult OEMCrypto_LoadTestKeybox( - const uint8_t* buffer, size_t length) { +extern "C" OEMCryptoResult OEMCrypto_LoadTestKeybox(const uint8_t* buffer, + size_t length) { if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) { LOGI("-- OEMCryptoResult OEMCrypto_LoadTestKeybox()\n"); } @@ -869,7 +884,7 @@ extern "C" OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey30( dump_hex("encrypted_message_key", encrypted_message_key, encrypted_message_key_length); dump_hex("enc_rsa_key", enc_rsa_key, enc_rsa_key_length); - dump_hex("enc_rsa_key_iv", enc_rsa_key_iv, wvcdm::KEY_IV_SIZE); + dump_hex("enc_rsa_key_iv", enc_rsa_key_iv, wvoec::KEY_IV_SIZE); } } if (!crypto_engine) { @@ -918,8 +933,9 @@ extern "C" OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey30( if (!session_ctx->InstallRSAEncryptedKey(encrypted_message_key, encrypted_message_key_length)) { - LOGE("OEMCrypto_RewrapDeviceRSAKey30: " - "Error loading encrypted_message_key."); + LOGE( + "OEMCrypto_RewrapDeviceRSAKey30: " + "Error loading encrypted_message_key."); return OEMCrypto_ERROR_UNKNOWN_FAILURE; } @@ -931,9 +947,10 @@ extern "C" OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey30( } size_t padding = pkcs8_rsa_key[enc_rsa_key_length - 1]; if (padding > 16) { - LOGE("[OEMCrypto_RewrapDeviceRSAKey30(): " - "Encrypted RSA has bad padding: %d]", - padding); + LOGE( + "[OEMCrypto_RewrapDeviceRSAKey30(): " + "Encrypted RSA has bad padding: %d]", + padding); return OEMCrypto_ERROR_INVALID_RSA_KEY; } size_t rsa_key_length = enc_rsa_key_length - padding; @@ -973,7 +990,8 @@ extern "C" OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey30( unsigned int sig_length = sizeof(wrapped->signature); if (LogCategoryEnabled(kLoggingDumpDerivedKeys)) { LOGI(("message verified with HMAC and mac_key_server, key = " + - wvcdm::b2a_hex(session_ctx->mac_key_server())).c_str()); + wvcdm::b2a_hex(session_ctx->mac_key_server())) + .c_str()); } if (!HMAC(EVP_sha256(), &session_ctx->mac_key_server()[0], session_ctx->mac_key_server().size(), wrapped->context, @@ -996,7 +1014,7 @@ extern "C" OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey( const uint8_t* signature, size_t signature_length, const uint32_t* unaligned_nonce, const uint8_t* enc_rsa_key, size_t enc_rsa_key_length, const uint8_t* enc_rsa_key_iv, - uint8_t* wrapped_rsa_key, size_t* wrapped_rsa_key_length) { + uint8_t* wrapped_rsa_key, size_t* wrapped_rsa_key_length) { uint32_t nonce = unaligned_dereference_uint32(unaligned_nonce); if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls | kLoggingTraceNonce)) { LOGI("-- OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey(%d)\n", session); @@ -1012,7 +1030,7 @@ extern "C" OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey( } if (wvcdm::g_cutoff >= wvcdm::LOG_VERBOSE) { dump_hex("enc_rsa_key", enc_rsa_key, enc_rsa_key_length); - dump_hex("enc_rsa_key_iv", enc_rsa_key_iv, wvcdm::KEY_IV_SIZE); + dump_hex("enc_rsa_key_iv", enc_rsa_key_iv, wvoec::KEY_IV_SIZE); } } if (!crypto_engine) { @@ -1061,8 +1079,7 @@ extern "C" OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey( sizeof(uint32_t), true) || !RangeCheck(message, message_length, enc_rsa_key, enc_rsa_key_length, true) || - !RangeCheck(message, message_length, enc_rsa_key_iv, wvcdm::KEY_IV_SIZE, - true)) { + !RangeCheck(message, message_length, enc_rsa_key_iv, wvoec::KEY_IV_SIZE, true)) { LOGE("[OEMCrypto_RewrapDeviceRSAKey(): - range check.]"); return OEMCrypto_ERROR_INVALID_CONTEXT; } @@ -1122,7 +1139,8 @@ extern "C" OEMCryptoResult OEMCrypto_RewrapDeviceRSAKey( unsigned int sig_length = sizeof(wrapped->signature); if (LogCategoryEnabled(kLoggingDumpDerivedKeys)) { LOGI(("message verified with HMAC and mac_key_server, key = " + - wvcdm::b2a_hex(session_ctx->mac_key_server())).c_str()); + wvcdm::b2a_hex(session_ctx->mac_key_server())) + .c_str()); } if (!HMAC(EVP_sha256(), &session_ctx->mac_key_server()[0], session_ctx->mac_key_server().size(), wrapped->context, @@ -1382,7 +1400,7 @@ extern "C" OEMCryptoResult OEMCrypto_GetHDCPCapability( } extern "C" uint32_t OEMCrypto_GetAnalogOutputFlags() { -// TODO(b/69867568, fredgc): parameterize this. + // TODO(b/69867568, fredgc): parameterize this. return 0; } @@ -1452,7 +1470,7 @@ extern "C" OEMCryptoResult OEMCrypto_Generic_Encrypt( algorithm); if (wvcdm::g_cutoff >= wvcdm::LOG_VERBOSE) { dump_hex("in_buffer", in_buffer, buffer_length); - dump_hex("iv", iv, wvcdm::KEY_IV_SIZE); + dump_hex("iv", iv, wvoec::KEY_IV_SIZE); } } if (!crypto_engine) { @@ -1491,7 +1509,7 @@ extern "C" OEMCryptoResult OEMCrypto_Generic_Decrypt( algorithm); if (wvcdm::g_cutoff >= wvcdm::LOG_VERBOSE) { dump_hex("in_buffer", in_buffer, buffer_length); - dump_hex("iv", iv, wvcdm::KEY_IV_SIZE); + dump_hex("iv", iv, wvoec::KEY_IV_SIZE); } } if (!crypto_engine) { @@ -1670,9 +1688,10 @@ extern "C" OEMCryptoResult OEMCrypto_ReportUsage(OEMCrypto_SESSION session, return sts; } -extern "C" OEMCryptoResult OEMCrypto_DeleteUsageEntry( - OEMCrypto_SESSION, const uint8_t*, size_t, const uint8_t*, size_t, - const uint8_t*, size_t) { +extern "C" OEMCryptoResult OEMCrypto_DeleteUsageEntry(OEMCrypto_SESSION, + const uint8_t*, size_t, + const uint8_t*, size_t, + const uint8_t*, size_t) { // TODO(fredgc): delete this. return OEMCrypto_ERROR_NOT_IMPLEMENTED; } @@ -1757,8 +1776,7 @@ extern "C" OEMCryptoResult OEMCrypto_RemoveSRM() { } extern "C" OEMCryptoResult OEMCrypto_CreateUsageTableHeader( - uint8_t* header_buffer, - size_t* header_buffer_length) { + uint8_t* header_buffer, size_t* header_buffer_length) { if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) { LOGI("-- OEMCryptoResult OEMCrypto_CreateUsageTableHeader()\n"); } @@ -1770,8 +1788,8 @@ extern "C" OEMCryptoResult OEMCrypto_CreateUsageTableHeader( LOGE("OEMCrypto_CreateUsageTableHeader: Configured without Usage Tables."); return OEMCrypto_ERROR_NOT_IMPLEMENTED; } - return crypto_engine->usage_table() - .CreateUsageTableHeader(header_buffer, header_buffer_length); + return crypto_engine->usage_table().CreateUsageTableHeader( + header_buffer, header_buffer_length); } extern "C" OEMCryptoResult OEMCrypto_LoadUsageTableHeader( @@ -1932,15 +1950,11 @@ extern "C" OEMCryptoResult OEMCrypto_CopyOldUsageEntry( return session_ctx->CopyOldUsageEntry(pstv); } -extern "C" -OEMCryptoResult OEMCrypto_CreateOldUsageEntry(uint64_t time_since_license_received, - uint64_t time_since_first_decrypt, - uint64_t time_since_last_decrypt, - OEMCrypto_Usage_Entry_Status status, - uint8_t *server_mac_key, - uint8_t *client_mac_key, - const uint8_t* pst, - size_t pst_length) { +extern "C" OEMCryptoResult OEMCrypto_CreateOldUsageEntry( + uint64_t time_since_license_received, uint64_t time_since_first_decrypt, + uint64_t time_since_last_decrypt, OEMCrypto_Usage_Entry_Status status, + uint8_t* server_mac_key, uint8_t* client_mac_key, const uint8_t* pst, + size_t pst_length) { if (LogCategoryEnabled(kLoggingTraceOEMCryptoCalls)) { LOGI("-- OEMCryptoResult OEMCrypto_CreateOldUsageEntry()\n"); } @@ -1957,4 +1971,4 @@ OEMCryptoResult OEMCrypto_CreateOldUsageEntry(uint64_t time_since_license_receiv pst_length); } -} // namespace wvoec_mock +} // namespace wvoec_ref diff --git a/mock/src/oemcrypto_rsa_key_shared.cpp b/oemcrypto/ref/src/oemcrypto_rsa_key_shared.cpp similarity index 96% rename from mock/src/oemcrypto_rsa_key_shared.cpp rename to oemcrypto/ref/src/oemcrypto_rsa_key_shared.cpp index 2aa668a..1166564 100644 --- a/mock/src/oemcrypto_rsa_key_shared.cpp +++ b/oemcrypto/ref/src/oemcrypto_rsa_key_shared.cpp @@ -2,7 +2,7 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // #include "oemcrypto_rsa_key_shared.h" @@ -16,7 +16,7 @@ #include "oemcrypto_logging.h" -namespace wvoec_mock { +namespace wvoec_ref { void dump_boringssl_error() { int count = 0; @@ -98,4 +98,4 @@ bool RSA_shared_ptr::LoadPkcs8RsaKey(const uint8_t* buffer, size_t length) { } } -} // namespace wvoec_mock +} // namespace wvoec_ref diff --git a/mock/src/oemcrypto_rsa_key_shared.h b/oemcrypto/ref/src/oemcrypto_rsa_key_shared.h similarity index 92% rename from mock/src/oemcrypto_rsa_key_shared.h rename to oemcrypto/ref/src/oemcrypto_rsa_key_shared.h index f39aa8d..5910b37 100644 --- a/mock/src/oemcrypto_rsa_key_shared.h +++ b/oemcrypto/ref/src/oemcrypto_rsa_key_shared.h @@ -2,7 +2,7 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // #ifndef OEMCRYPTO_RSA_KEY_SHARED_H_ #define OEMCRYPTO_RSA_KEY_SHARED_H_ @@ -11,7 +11,7 @@ #include -namespace wvoec_mock { +namespace wvoec_ref { // Shared pointer with specialized destructor. This pointer is only shared // from a CryptoEngine to a Session -- so we don't have to use full reference @@ -37,6 +37,6 @@ class RSA_shared_ptr { // Log errors from BoringSSL. void dump_boringssl_error(); -} // namespace wvoec_mock +} // namespace wvoec_ref #endif // OEMCRYPTO_RSA_KEY_SHARED_H_ diff --git a/oemcrypto/ref/src/oemcrypto_scoped_ptr.h b/oemcrypto/ref/src/oemcrypto_scoped_ptr.h new file mode 100644 index 0000000..d631858 --- /dev/null +++ b/oemcrypto/ref/src/oemcrypto_scoped_ptr.h @@ -0,0 +1,44 @@ +#ifndef OEMCRYPTO_SCOPED_PTR_H_ +#define OEMCRYPTO_SCOPED_PTR_H_ + +#include +#include + +#include + +namespace wvoec_ref { + +// TODO(fredgc, jfore): scoped_ptr may not be the best name for this smart +// pointer type. It basically works like auto_ptr which is deprecated. +#if __cplusplus < 201103L + +template +class scoped_ptr { + public: + explicit scoped_ptr(T* p = NULL) : ptr_(p) {} + T* get() const { return ptr_.get(); } + + private: + std::auto_ptr ptr_; +}; + +#else + +template +class scoped_ptr { + public: + explicit scoped_ptr(T* p = nullptr) : ptr_(p) {} + scoped_ptr(scoped_ptr& r) { ptr_ = std::move(r.ptr_); } + T& operator*() const { return *ptr_; } + T* operator->() const { return ptr_.get(); } + T* get() const { return ptr_.get(); } + void reset(T* p = NULL) { ptr_.reset(); } + + private: + std::unique_ptr ptr_; +}; +#endif + +} // namespace wvoec_ref + +#endif // OEMCRYPTO_SCOPED_PTR_H_ diff --git a/mock/src/oemcrypto_session.cpp b/oemcrypto/ref/src/oemcrypto_session.cpp similarity index 93% rename from mock/src/oemcrypto_session.cpp rename to oemcrypto/ref/src/oemcrypto_session.cpp index e76754c..bf3c1c3 100644 --- a/mock/src/oemcrypto_session.cpp +++ b/oemcrypto/ref/src/oemcrypto_session.cpp @@ -2,7 +2,7 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // #include "oemcrypto_session.h" @@ -26,12 +26,13 @@ #include "keys.h" #include "log.h" -#include "oemcrypto_engine_mock.h" -#include "oemcrypto_key_mock.h" +#include "oemcrypto_engine_ref.h" +#include "oemcrypto_key_ref.h" #include "oemcrypto_logging.h" #include "oemcrypto_rsa_key_shared.h" +#include "oemcrypto_types.h" +#include "disallow_copy_and_assign.h" #include "string_conversions.h" -#include "wv_cdm_constants.h" static const int kPssSaltLength = 20; @@ -47,7 +48,7 @@ void ctr128_inc64(uint8_t* counter) { } } // namespace -namespace wvoec_mock { +namespace wvoec_ref { /***************************************/ @@ -285,7 +286,7 @@ bool SessionContext::RSADeriveKeys( return false; } session_key_.resize(decrypted_size); - if (decrypted_size != static_cast(wvcdm::KEY_SIZE)) { + if (decrypted_size != static_cast(wvoec::KEY_SIZE)) { LOGE("[RSADeriveKeys(): error. Session key is wrong size: %d.]", decrypted_size); dump_boringssl_error(); @@ -306,16 +307,7 @@ bool SessionContext::GenerateSignature(const uint8_t* message, return false; } - const uint8_t* mac_key = NULL; - bool using_usage_mac_key_client = false; - if (mac_key_client_.size() == wvcdm::MAC_KEY_SIZE) { - // If we have a mac key, use it. - mac_key = &mac_key_client_[0]; - } else if (usage_entry_status_ == kUsageEntryLoaded) { - // If not, but we have a usage entry, use its key. - mac_key = usage_entry_->mac_key_client(); - using_usage_mac_key_client = true; - } else { + if (mac_key_client_.size() != wvoec::MAC_KEY_SIZE) { return false; } @@ -324,11 +316,17 @@ bool SessionContext::GenerateSignature(const uint8_t* message, return false; } - if (using_usage_mac_key_client && - LogCategoryEnabled(kLoggingDumpDerivedKeys)) { - std::vector usage_entry_mac_key_client( + bool using_usage_entry_mac_key_client = false; + std::vector usage_entry_mac_key_client; + if (usage_entry_status_ == kUsageEntryLoaded) { + usage_entry_mac_key_client.assign( usage_entry_->mac_key_client(), - usage_entry_->mac_key_client() + wvcdm::MAC_KEY_SIZE * sizeof(uint8_t)); + usage_entry_->mac_key_client() + wvoec::MAC_KEY_SIZE * sizeof(uint8_t)); + using_usage_entry_mac_key_client = + mac_key_client_ == usage_entry_mac_key_client; + } + if (using_usage_entry_mac_key_client && + LogCategoryEnabled(kLoggingDumpDerivedKeys)) { LOGI(("message signed with HMAC and usage_entry_'s mac_key_client, " "mac_key_client = " + wvcdm::b2a_hex(usage_entry_mac_key_client)).c_str()); @@ -338,8 +336,8 @@ bool SessionContext::GenerateSignature(const uint8_t* message, } unsigned int md_len = *signature_length; - if (HMAC(EVP_sha256(), mac_key, wvcdm::MAC_KEY_SIZE, message, message_length, - signature, &md_len)) { + if (HMAC(EVP_sha256(), &mac_key_client_[0], wvoec::MAC_KEY_SIZE, message, + message_length, signature, &md_len)) { *signature_length = md_len; return true; } @@ -455,7 +453,7 @@ bool SessionContext::ValidateMessage(const uint8_t* given_message, OEMCryptoResult SessionContext::CheckStatusOnline(uint32_t nonce, uint32_t control) { - if (!(control & kControlNonceEnabled)) { + if (!(control & wvoec::kControlNonceEnabled)) { LOGE("LoadKeys: Server provided Nonce_Required but Nonce_Enabled = 0."); // Server error. Continue, and assume nonce required. } @@ -476,7 +474,7 @@ OEMCryptoResult SessionContext::CheckStatusOnline(uint32_t nonce, OEMCryptoResult SessionContext::CheckStatusOffline(uint32_t nonce, uint32_t control) { - if (control & kControlNonceEnabled) { + if (control & wvoec::kControlNonceEnabled) { LOGE("KCB: Server provided NonceOrEntry but Nonce_Enabled = 1."); // Server error. Continue, and assume nonce required. } @@ -498,17 +496,17 @@ OEMCryptoResult SessionContext::CheckStatusOffline(uint32_t nonce, OEMCryptoResult SessionContext::CheckNonceOrEntry( const KeyControlBlock& key_control_block) { - switch (key_control_block.control_bits() & kControlReplayMask) { - case kControlNonceRequired: // Online license. Nonce always required. + switch (key_control_block.control_bits() & wvoec::kControlReplayMask) { + case wvoec::kControlNonceRequired: // Online license. Nonce always required. return CheckStatusOnline(key_control_block.nonce(), key_control_block.control_bits()); break; - case kControlNonceOrEntry: // Offline license. Nonce required on first use. + case wvoec::kControlNonceOrEntry: // Offline license. Nonce required on first use. return CheckStatusOffline(key_control_block.nonce(), key_control_block.control_bits()); break; default: - if ((key_control_block.control_bits() & kControlNonceEnabled) && + if ((key_control_block.control_bits() & wvoec::kControlNonceEnabled) && (!CheckNonce(key_control_block.nonce()))) { LOGE("LoadKeys: BAD Nonce"); return OEMCrypto_ERROR_INVALID_NONCE; @@ -602,15 +600,15 @@ OEMCryptoResult SessionContext::LoadKeys( enc_key_data.assign(key_array[i].key_data, key_array[i].key_data + key_array[i].key_data_length); key_data_iv.assign(key_array[i].key_data_iv, - key_array[i].key_data_iv + wvcdm::KEY_IV_SIZE); + key_array[i].key_data_iv + wvoec::KEY_IV_SIZE); if (key_array[i].key_control == NULL) { status = OEMCrypto_ERROR_UNKNOWN_FAILURE; break; } key_control.assign(key_array[i].key_control, - key_array[i].key_control + wvcdm::KEY_CONTROL_SIZE); + key_array[i].key_control + wvoec::KEY_CONTROL_SIZE); key_control_iv.assign(key_array[i].key_control_iv, - key_array[i].key_control_iv + wvcdm::KEY_IV_SIZE); + key_array[i].key_control_iv + wvoec::KEY_IV_SIZE); OEMCryptoResult result = InstallKey(key_id, enc_key_data, key_data_iv, key_control, @@ -627,9 +625,9 @@ OEMCryptoResult SessionContext::LoadKeys( if (enc_mac_keys != NULL) { // V2.1 license protocol: update mac keys after processing license response const std::vector enc_mac_keys_str = std::vector( - enc_mac_keys, enc_mac_keys + 2 * wvcdm::MAC_KEY_SIZE); + enc_mac_keys, enc_mac_keys + 2 * wvoec::MAC_KEY_SIZE); const std::vector enc_mac_key_iv_str = std::vector( - enc_mac_key_iv, enc_mac_key_iv + wvcdm::KEY_IV_SIZE); + enc_mac_key_iv, enc_mac_key_iv + wvoec::KEY_IV_SIZE); if (!UpdateMacKeys(enc_mac_keys_str, enc_mac_key_iv_str)) { LOGE("Failed to update mac keys.\n"); @@ -766,14 +764,14 @@ OEMCryptoResult SessionContext::InstallKey( return OEMCrypto_ERROR_INVALID_CONTEXT; } if ((key_control_block.control_bits() & - kControlRequireAntiRollbackHardware) && + wvoec::kControlRequireAntiRollbackHardware) && !ce_->config_is_anti_rollback_hw_present()) { LOGE("Anti-rollback hardware is required but hardware not present."); return OEMCrypto_ERROR_UNKNOWN_FAILURE; } uint8_t minimum_patch_level = - (key_control_block.control_bits() & kControlSecurityPatchLevelMask) >> - kControlSecurityPatchLevelShift; + (key_control_block.control_bits() & wvoec::kControlSecurityPatchLevelMask) >> + wvoec::kControlSecurityPatchLevelShift; if (minimum_patch_level > OEMCrypto_Security_Patch_Level()) { LOGE("[InstallKey(): security patch level: %d. Minimum:%d]", OEMCrypto_Security_Patch_Level(), minimum_patch_level); @@ -784,13 +782,13 @@ OEMCryptoResult SessionContext::InstallKey( LOGE("LoadKeys: Failed Nonce/PST check."); return result; } - if (key_control_block.control_bits() & kSharedLicense) { + if (key_control_block.control_bits() & wvoec::kSharedLicense) { if (!second_license) { LOGE("LoadKeys: Shared License, but no keys previously loaded."); return OEMCrypto_ERROR_MISSING_MASTER; } } - if (key_control_block.control_bits() & kControlSRMVersionRequired) { + if (key_control_block.control_bits() & wvoec::kControlSRMVersionRequired) { if (srm_requirements_status_ == NoSRMVersion) { LOGE("[LoadKeys: control bit says SRM version required]"); return OEMCrypto_ERROR_INVALID_CONTEXT; @@ -821,7 +819,7 @@ bool SessionContext::InstallRSAEncryptedKey( return false; } encryption_key_.resize(decrypted_size); - if (decrypted_size != static_cast(wvcdm::KEY_SIZE)) { + if (decrypted_size != static_cast(wvoec::KEY_SIZE)) { LOGE("[RSADeriveKeys(): error. Session key is wrong size: %d.]", decrypted_size); dump_boringssl_error(); @@ -844,7 +842,7 @@ OEMCryptoResult SessionContext::RefreshKey( LOGE("Parse key control error."); return OEMCrypto_ERROR_INVALID_CONTEXT; } - if ((key_control_block.control_bits() & kControlNonceEnabled) && + if ((key_control_block.control_bits() & wvoec::kControlNonceEnabled) && (!CheckNonce(key_control_block.nonce()))) { LOGE("KCB: BAD Nonce"); return OEMCrypto_ERROR_INVALID_NONCE; @@ -899,7 +897,7 @@ OEMCryptoResult SessionContext::RefreshKey( } return OEMCrypto_ERROR_INVALID_CONTEXT; } - if ((key_control_block.control_bits() & kControlNonceEnabled) && + if ((key_control_block.control_bits() & wvoec::kControlNonceEnabled) && (!CheckNonce(key_control_block.nonce()))) { LOGE("KCB: BAD Nonce"); return OEMCrypto_ERROR_INVALID_NONCE; @@ -913,8 +911,8 @@ bool SessionContext::DecryptRSAKey(const uint8_t* enc_rsa_key, const uint8_t* enc_rsa_key_iv, uint8_t* pkcs8_rsa_key) { // Decrypt rsa key with keybox. - uint8_t iv_buffer[wvcdm::KEY_IV_SIZE]; - memcpy(iv_buffer, enc_rsa_key_iv, wvcdm::KEY_IV_SIZE); + uint8_t iv_buffer[wvoec::KEY_IV_SIZE]; + memcpy(iv_buffer, enc_rsa_key_iv, wvoec::KEY_IV_SIZE); AES_KEY aes_key; AES_set_decrypt_key(&encryption_key_[0], 128, &aes_key); AES_cbc_encrypt(enc_rsa_key, pkcs8_rsa_key, enc_rsa_key_length, &aes_key, @@ -927,8 +925,8 @@ bool SessionContext::EncryptRSAKey(const uint8_t* pkcs8_rsa_key, const uint8_t* enc_rsa_key_iv, uint8_t* enc_rsa_key) { // Encrypt rsa key with keybox. - uint8_t iv_buffer[wvcdm::KEY_IV_SIZE]; - memcpy(iv_buffer, enc_rsa_key_iv, wvcdm::KEY_IV_SIZE); + uint8_t iv_buffer[wvoec::KEY_IV_SIZE]; + memcpy(iv_buffer, enc_rsa_key_iv, wvoec::KEY_IV_SIZE); AES_KEY aes_key; AES_set_encrypt_key(&encryption_key_[0], 128, &aes_key); AES_cbc_encrypt(pkcs8_rsa_key, enc_rsa_key, enc_rsa_key_length, &aes_key, @@ -963,14 +961,14 @@ OEMCryptoResult SessionContext::CheckKeyUse(const std::string& log_string, LOGE("[%s(): control bit says not allowed.", log_string.c_str()); return OEMCrypto_ERROR_UNKNOWN_FAILURE; } - if (control.control_bits() & kControlDataPathSecure) { + if (control.control_bits() & wvoec::kControlDataPathSecure) { if (!ce_->config_closed_platform() && buffer_type == OEMCrypto_BufferType_Clear) { LOGE("[%s(): Secure key with insecure buffer]", log_string.c_str()); return OEMCrypto_ERROR_DECRYPT_FAILED; } } - if (control.control_bits() & kControlReplayMask) { + if (control.control_bits() & wvoec::kControlReplayMask) { if (!CheckUsageEntry()) { LOGE("[%s(): usage entry not valid]", log_string.c_str()); return OEMCrypto_ERROR_UNKNOWN_FAILURE; @@ -985,10 +983,10 @@ OEMCryptoResult SessionContext::CheckKeyUse(const std::string& log_string, if (!ce_->config_local_display_only()) { // Only look at HDCP and Analog restrictions if the display can be // non-local. - if (control.control_bits() & kControlHDCPRequired) { + if (control.control_bits() & wvoec::kControlHDCPRequired) { uint8_t required_hdcp = - (control.control_bits() & kControlHDCPVersionMask) >> - kControlHDCPVersionShift; + (control.control_bits() & wvoec::kControlHDCPVersionMask) >> + wvoec::kControlHDCPVersionShift; if (ce_->srm_blacklisted_device_attached()) { required_hdcp = HDCP_NO_DIGITAL_OUTPUT; } @@ -1002,7 +1000,7 @@ OEMCryptoResult SessionContext::CheckKeyUse(const std::string& log_string, } if (!ce_->config_local_display_only() || buffer_type == OEMCrypto_BufferType_Clear) { - if (control.control_bits() & kControlDisableAnalogOutput) { + if (control.control_bits() & wvoec::kControlDisableAnalogOutput) { LOGE("[%s(): control bit says disable analog.", log_string.c_str()); return OEMCrypto_ERROR_ANALOG_OUTPUT; } @@ -1026,7 +1024,7 @@ OEMCryptoResult SessionContext::Generic_Encrypt(const uint8_t* in_buffer, LOGE("[Generic_Encrypt(): CONTENT_KEY has wrong size: %d", key.size()); return OEMCrypto_ERROR_UNKNOWN_FAILURE; } - OEMCryptoResult result = CheckKeyUse("Generic_Encrypt", kControlAllowEncrypt, + OEMCryptoResult result = CheckKeyUse("Generic_Encrypt", wvoec::kControlAllowEncrypt, OEMCrypto_BufferType_Clear); if (result != OEMCrypto_SUCCESS) return result; if (algorithm != OEMCrypto_AES_CBC_128_NO_PADDING) { @@ -1043,8 +1041,8 @@ OEMCryptoResult SessionContext::Generic_Encrypt(const uint8_t* in_buffer, LOGE("[Generic_Encrypt(): FAILURE]"); return OEMCrypto_ERROR_UNKNOWN_FAILURE; } - uint8_t iv_buffer[wvcdm::KEY_IV_SIZE]; - memcpy(iv_buffer, iv, wvcdm::KEY_IV_SIZE); + uint8_t iv_buffer[wvoec::KEY_IV_SIZE]; + memcpy(iv_buffer, iv, wvoec::KEY_IV_SIZE); AES_cbc_encrypt(in_buffer, out_buffer, buffer_length, &aes_key, iv_buffer, AES_ENCRYPT); return OEMCrypto_SUCCESS; @@ -1066,7 +1064,7 @@ OEMCryptoResult SessionContext::Generic_Decrypt(const uint8_t* in_buffer, LOGE("[Generic_Decrypt(): CONTENT_KEY has wrong size."); return OEMCrypto_ERROR_UNKNOWN_FAILURE; } - OEMCryptoResult result = CheckKeyUse("Generic_Decrypt", kControlAllowDecrypt, + OEMCryptoResult result = CheckKeyUse("Generic_Decrypt", wvoec::kControlAllowDecrypt, OEMCrypto_BufferType_Clear); if (result != OEMCrypto_SUCCESS) return result; @@ -1084,8 +1082,8 @@ OEMCryptoResult SessionContext::Generic_Decrypt(const uint8_t* in_buffer, LOGE("[Generic_Decrypt(): FAILURE]"); return OEMCrypto_ERROR_UNKNOWN_FAILURE; } - uint8_t iv_buffer[wvcdm::KEY_IV_SIZE]; - memcpy(iv_buffer, iv, wvcdm::KEY_IV_SIZE); + uint8_t iv_buffer[wvoec::KEY_IV_SIZE]; + memcpy(iv_buffer, iv, wvoec::KEY_IV_SIZE); AES_cbc_encrypt(in_buffer, out_buffer, buffer_length, &aes_key, iv_buffer, AES_DECRYPT); return OEMCrypto_SUCCESS; @@ -1111,7 +1109,7 @@ OEMCryptoResult SessionContext::Generic_Sign(const uint8_t* in_buffer, LOGE("[Generic_Sign(): CONTENT_KEY has wrong size; %d", key.size()); return OEMCrypto_ERROR_UNKNOWN_FAILURE; } - OEMCryptoResult result = CheckKeyUse("Generic_Sign", kControlAllowSign, + OEMCryptoResult result = CheckKeyUse("Generic_Sign", wvoec::kControlAllowSign, OEMCrypto_BufferType_Clear); if (result != OEMCrypto_SUCCESS) return result; if (algorithm != OEMCrypto_HMAC_SHA256) { @@ -1147,7 +1145,7 @@ OEMCryptoResult SessionContext::Generic_Verify(const uint8_t* in_buffer, LOGE("[Generic_Verify(): CONTENT_KEY has wrong size: %d", key.size()); return OEMCrypto_ERROR_UNKNOWN_FAILURE; } - OEMCryptoResult result = CheckKeyUse("Generic_Verify", kControlAllowVerify, + OEMCryptoResult result = CheckKeyUse("Generic_Verify", wvoec::kControlAllowVerify, OEMCrypto_BufferType_Clear); if (result != OEMCrypto_SUCCESS) return result; if (algorithm != OEMCrypto_HMAC_SHA256) { @@ -1178,8 +1176,8 @@ bool SessionContext::UpdateMacKeys(const std::vector& enc_mac_keys, return false; } mac_key_server_ = std::vector( - mac_keys.begin(), mac_keys.begin() + wvcdm::MAC_KEY_SIZE); - mac_key_client_ = std::vector(mac_keys.begin() + wvcdm::MAC_KEY_SIZE, + mac_keys.begin(), mac_keys.begin() + wvoec::MAC_KEY_SIZE); + mac_key_client_ = std::vector(mac_keys.begin() + wvoec::MAC_KEY_SIZE, mac_keys.end()); if (LogCategoryEnabled(kLoggingDumpDerivedKeys)) { LOGI(("mac_key_client_ has been updated to = " + @@ -1276,6 +1274,17 @@ OEMCryptoResult SessionContext::LoadUsageEntry( ce_->usage_table().LoadUsageEntry(this, &usage_entry_, index, buffer); if (usage_entry_) { usage_entry_status_ = kUsageEntryLoaded; + // Copy the mac keys to the current session. + mac_key_server_ = std::vector( + usage_entry_->mac_key_server(), + usage_entry_->mac_key_server() + wvoec::MAC_KEY_SIZE); + mac_key_client_ = std::vector( + usage_entry_->mac_key_client(), + usage_entry_->mac_key_client() + wvoec::MAC_KEY_SIZE); + if (LogCategoryEnabled(kLoggingDumpDerivedKeys)) { + LOGI(("mac_key_client_ has been updated to = " + + wvcdm::b2a_hex(mac_key_client_)).c_str()); + } } return result; } @@ -1510,22 +1519,12 @@ OEMCryptoResult SessionContext::DecryptCTR(const uint8_t* key_u8, int out_len = 0; while (remaining) { -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) - EVP_CIPHER_CTX ctx_struct; - EVP_CIPHER_CTX* evp_cipher_ctx = &ctx_struct; - EVP_CIPHER_CTX_init(evp_cipher_ctx); -#else EVP_CIPHER_CTX* evp_cipher_ctx = EVP_CIPHER_CTX_new(); -#endif EVP_CIPHER_CTX_set_padding(evp_cipher_ctx, 0); if (!EVP_DecryptInit_ex(evp_cipher_ctx, EVP_aes_128_ctr(), NULL, key_u8, aes_iv_u8)) { LOGE("[DecryptCTR(): EVP_INIT ERROR]"); -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) - EVP_CIPHER_CTX_cleanup(evp_cipher_ctx); -#else EVP_CIPHER_CTX_free(evp_cipher_ctx); -#endif return OEMCrypto_ERROR_DECRYPT_FAILED; } @@ -1545,11 +1544,7 @@ OEMCryptoResult SessionContext::DecryptCTR(const uint8_t* key_u8, if (!EVP_DecryptUpdate(evp_cipher_ctx, &clear_data[l], &out_len, &cipher_data[l], decrypt_length)) { LOGE("[DecryptCTR(): EVP_UPDATE_ERROR]"); -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) - EVP_CIPHER_CTX_cleanup(evp_cipher_ctx); -#else EVP_CIPHER_CTX_free(evp_cipher_ctx); -#endif return OEMCrypto_ERROR_DECRYPT_FAILED; } l += decrypt_length; @@ -1560,18 +1555,10 @@ OEMCryptoResult SessionContext::DecryptCTR(const uint8_t* key_u8, &clear_data[cipher_data_length - remaining], &final)) { LOGE("[DecryptCTR(): EVP_FINAL_ERROR]"); -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) - EVP_CIPHER_CTX_cleanup(evp_cipher_ctx); -#else EVP_CIPHER_CTX_free(evp_cipher_ctx); -#endif return OEMCrypto_ERROR_DECRYPT_FAILED; } -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) - EVP_CIPHER_CTX_cleanup(evp_cipher_ctx); -#else EVP_CIPHER_CTX_free(evp_cipher_ctx); -#endif // If remaining is not zero, reset the iv before the second pass. if (remaining) { @@ -1582,4 +1569,4 @@ OEMCryptoResult SessionContext::DecryptCTR(const uint8_t* key_u8, return OEMCrypto_SUCCESS; } -} // namespace wvoec_mock +} // namespace wvoec_ref diff --git a/mock/src/oemcrypto_session.h b/oemcrypto/ref/src/oemcrypto_session.h similarity index 96% rename from mock/src/oemcrypto_session.h rename to oemcrypto/ref/src/oemcrypto_session.h index ff81932..11be519 100644 --- a/mock/src/oemcrypto_session.h +++ b/oemcrypto/ref/src/oemcrypto_session.h @@ -2,10 +2,10 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // -#ifndef MOCK_OEMCRYPTO_SESSION_H_ -#define MOCK_OEMCRYPTO_SESSION_H_ +#ifndef REF_OEMCRYPTO_SESSION_H_ +#define REF_OEMCRYPTO_SESSION_H_ #include #include @@ -15,17 +15,15 @@ #include #include "OEMCryptoCENC.h" // Needed for enums only. -#include "file_store.h" -#include "lock.h" -#include "oemcrypto_auth_mock.h" -#include "oemcrypto_key_mock.h" +#include "oemcrypto_auth_ref.h" +#include "oemcrypto_key_ref.h" #include "oemcrypto_nonce_table.h" #include "oemcrypto_rsa_key_shared.h" #include "oemcrypto_session_key_table.h" -#include "oemcrypto_usage_table_mock.h" -#include "wv_cdm_types.h" +#include "oemcrypto_usage_table_ref.h" +#include "oemcrypto_types.h" -namespace wvoec_mock { +namespace wvoec_ref { class CryptoEngine; typedef uint32_t SessionId; @@ -245,6 +243,6 @@ class SessionContext { CORE_DISALLOW_COPY_AND_ASSIGN(SessionContext); }; -} // namespace wvoec_mock +} // namespace wvoec_ref -#endif // MOCK_OEMCRYPTO_SESSION_H_ +#endif // REF_OEMCRYPTO_SESSION_H_ diff --git a/mock/src/oemcrypto_session_key_table.cpp b/oemcrypto/ref/src/oemcrypto_session_key_table.cpp similarity index 97% rename from mock/src/oemcrypto_session_key_table.cpp rename to oemcrypto/ref/src/oemcrypto_session_key_table.cpp index c7a1ae6..e8e737a 100644 --- a/mock/src/oemcrypto_session_key_table.cpp +++ b/oemcrypto/ref/src/oemcrypto_session_key_table.cpp @@ -2,14 +2,14 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // #include "oemcrypto_session_key_table.h" #include "keys.h" #include "log.h" -namespace wvoec_mock { +namespace wvoec_ref { SessionKeyTable::~SessionKeyTable() { for (KeyMap::iterator i = keys_.begin(); i != keys_.end(); ++i) { @@ -116,4 +116,4 @@ bool EntitlementKeyTable::GetEntitlementKey( return true; } -} // namespace wvoec_mock +} // namespace wvoec_ref diff --git a/mock/src/oemcrypto_session_key_table.h b/oemcrypto/ref/src/oemcrypto_session_key_table.h similarity index 84% rename from mock/src/oemcrypto_session_key_table.h rename to oemcrypto/ref/src/oemcrypto_session_key_table.h index 3f6a4f4..694e19d 100644 --- a/mock/src/oemcrypto_session_key_table.h +++ b/oemcrypto/ref/src/oemcrypto_session_key_table.h @@ -2,19 +2,20 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // -#ifndef MOCK_OEMCRYPTO_SESSION_KEY_TABLE_H_ -#define MOCK_OEMCRYPTO_SESSION_KEY_TABLE_H_ +#ifndef REF_OEMCRYPTO_SESSION_KEY_TABLE_H_ +#define REF_OEMCRYPTO_SESSION_KEY_TABLE_H_ #include #include #include -#include "oemcrypto_key_mock.h" -#include "wv_cdm_types.h" +#include "disallow_copy_and_assign.h" +#include "oemcrypto_key_ref.h" +#include "oemcrypto_types.h" -namespace wvoec_mock { +namespace wvoec_ref { class SessionContext; class CryptoEngine; @@ -65,6 +66,6 @@ class EntitlementKeyTable { CORE_DISALLOW_COPY_AND_ASSIGN(EntitlementKeyTable); }; -} // namespace wvoec_mock +} // namespace wvoec_ref -#endif // MOCK_OEMCRYPTO_SESSION_KEY_TABLE_H_ +#endif // REF_OEMCRYPTO_SESSION_KEY_TABLE_H_ diff --git a/mock/src/oemcrypto_usage_table_mock.cpp b/oemcrypto/ref/src/oemcrypto_usage_table_ref.cpp similarity index 89% rename from mock/src/oemcrypto_usage_table_mock.cpp rename to oemcrypto/ref/src/oemcrypto_usage_table_ref.cpp index 8ad51bc..564632e 100644 --- a/mock/src/oemcrypto_usage_table_mock.cpp +++ b/oemcrypto/ref/src/oemcrypto_usage_table_ref.cpp @@ -2,9 +2,9 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // -#include "oemcrypto_usage_table_mock.h" +#include "oemcrypto_usage_table_ref.h" #include #include @@ -19,15 +19,16 @@ #include "file_store.h" #include "log.h" -#include "oemcrypto_engine_mock.h" +#include "oemcrypto_engine_ref.h" #include "oemcrypto_logging.h" -#include "oemcrypto_old_usage_table_mock.h" -#include "properties.h" +#include "oemcrypto_old_usage_table_ref.h" +// TODO(fredgc): Setting the device files base bath is currently broken as +// wvcdm::Properties is no longer used by the reference code. +//#include "properties.h" #include "pst_report.h" #include "string_conversions.h" -#include "wv_cdm_constants.h" -namespace wvoec_mock { +namespace wvoec_ref { namespace { const size_t kMagicLength = 8; const char* kEntryVerification = "USEENTRY"; @@ -84,19 +85,19 @@ bool UsageTableEntry::VerifyPST(const uint8_t* pst, size_t pst_length) { bool UsageTableEntry::VerifyMacKeys(const std::vector& server, const std::vector& client) { - return (server.size() == wvcdm::MAC_KEY_SIZE) && - (client.size() == wvcdm::MAC_KEY_SIZE) && - (0 == memcmp(&server[0], data_.mac_key_server, wvcdm::MAC_KEY_SIZE)) && - (0 == memcmp(&client[0], data_.mac_key_client, wvcdm::MAC_KEY_SIZE)); + return (server.size() == wvoec::MAC_KEY_SIZE) && + (client.size() == wvoec::MAC_KEY_SIZE) && + (0 == memcmp(&server[0], data_.mac_key_server, wvoec::MAC_KEY_SIZE)) && + (0 == memcmp(&client[0], data_.mac_key_client, wvoec::MAC_KEY_SIZE)); } bool UsageTableEntry::SetMacKeys(const std::vector& server, const std::vector& client) { - if ((server.size() != wvcdm::MAC_KEY_SIZE) || - (client.size() != wvcdm::MAC_KEY_SIZE)) + if ((server.size() != wvoec::MAC_KEY_SIZE) || + (client.size() != wvoec::MAC_KEY_SIZE)) return false; - memcpy(data_.mac_key_server, &server[0], wvcdm::MAC_KEY_SIZE); - memcpy(data_.mac_key_client, &client[0], wvcdm::MAC_KEY_SIZE); + memcpy(data_.mac_key_server, &server[0], wvoec::MAC_KEY_SIZE); + memcpy(data_.mac_key_client, &client[0], wvoec::MAC_KEY_SIZE); return true; } @@ -130,13 +131,12 @@ OEMCryptoResult UsageTableEntry::ReportUsage(const std::vector& pst, if (recent_decrypt_) return OEMCrypto_ERROR_ENTRY_NEEDS_UPDATE; if (pst.size() == 0 || pst.size() > kMaxPSTLength || pst.size() != data_.pst_length) { - LOGE("ReportUsage: bad pst length = %d, should be %d.", - pst.size(), data_.pst_length); + LOGE("ReportUsage: bad pst length = %d, should be %d.", pst.size(), + data_.pst_length); return OEMCrypto_ERROR_WRONG_PST; } if (memcmp(&pst[0], data_.pst, data_.pst_length)) { - LOGE("ReportUsage: wrong pst %s, should be %s.", - wvcdm::b2a_hex(pst).c_str(), + LOGE("ReportUsage: wrong pst %s, should be %s.", wvcdm::b2a_hex(pst).c_str(), wvcdm::HexEncode(data_.pst, data_.pst_length).c_str()); return OEMCrypto_ERROR_WRONG_PST; } @@ -163,12 +163,13 @@ OEMCryptoResult UsageTableEntry::ReportUsage(const std::vector& pst, if (LogCategoryEnabled(kLoggingDumpDerivedKeys)) { std::vector mac_key_client( data_.mac_key_client, - data_.mac_key_client + wvcdm::MAC_KEY_SIZE * sizeof(uint8_t)); + data_.mac_key_client + wvoec::MAC_KEY_SIZE * sizeof(uint8_t)); LOGI(("message signed with HMAC and data_.mac_key_client, " "mac_key_client = " + - wvcdm::b2a_hex(mac_key_client)).c_str()); + wvcdm::b2a_hex(mac_key_client)) + .c_str()); } - if (!HMAC(EVP_sha1(), data_.mac_key_client, wvcdm::MAC_KEY_SIZE, + if (!HMAC(EVP_sha1(), data_.mac_key_client, wvoec::MAC_KEY_SIZE, buffer + SHA_DIGEST_LENGTH, length_needed - SHA_DIGEST_LENGTH, pst_report.signature(), &md_len)) { LOGE("ReportUsage: could not compute signature."); @@ -209,9 +210,9 @@ OEMCryptoResult UsageTableEntry::SaveData(CryptoEngine* ce, const std::vector& key = ce->DeviceRootKey(override_to_real); // Encrypt the entry. - RAND_bytes(encrypted->iv, wvcdm::KEY_IV_SIZE); - uint8_t iv_buffer[wvcdm::KEY_IV_SIZE]; // working iv buffer. - memcpy(iv_buffer, encrypted->iv, wvcdm::KEY_IV_SIZE); + RAND_bytes(encrypted->iv, wvoec::KEY_IV_SIZE); + uint8_t iv_buffer[wvoec::KEY_IV_SIZE]; // working iv buffer. + memcpy(iv_buffer, encrypted->iv, wvoec::KEY_IV_SIZE); AES_KEY aes_key; AES_set_encrypt_key(&key[0], 128, &aes_key); AES_cbc_encrypt( @@ -265,8 +266,8 @@ OEMCryptoResult UsageTableEntry::LoadData(CryptoEngine* ce, uint32_t index, } // Next, decrypt the entry. - uint8_t iv_buffer[wvcdm::KEY_IV_SIZE]; - memcpy(iv_buffer, encrypted->iv, wvcdm::KEY_IV_SIZE); + uint8_t iv_buffer[wvoec::KEY_IV_SIZE]; + memcpy(iv_buffer, encrypted->iv, wvoec::KEY_IV_SIZE); AES_KEY aes_key; AES_set_decrypt_key(&key[0], 128, &aes_key); AES_cbc_encrypt(&buffer[kEncryptionOffset], &clear_buffer[kEncryptionOffset], @@ -279,7 +280,8 @@ OEMCryptoResult UsageTableEntry::LoadData(CryptoEngine* ce, uint32_t index, wvcdm::HexEncode(clear->verification, kMagicLength).c_str(), clear->verification, wvcdm::HexEncode(reinterpret_cast(kEntryVerification), - kMagicLength).c_str(), + kMagicLength) + .c_str(), reinterpret_cast(kEntryVerification)); return OEMCrypto_ERROR_BAD_MAGIC; } @@ -306,23 +308,23 @@ OEMCryptoResult UsageTableEntry::CopyOldUsageEntry( data_.time_of_first_decrypt = old_entry->time_of_first_decrypt_; data_.time_of_last_decrypt = old_entry->time_of_last_decrypt_; data_.status = old_entry->status_; - if (old_entry->mac_key_server_.size() != wvcdm::MAC_KEY_SIZE) { + if (old_entry->mac_key_server_.size() != wvoec::MAC_KEY_SIZE) { LOGE("CopyOldEntry: Old entry has bad server mac key."); } else { memcpy(data_.mac_key_server, &(old_entry->mac_key_server_[0]), - wvcdm::MAC_KEY_SIZE); + wvoec::MAC_KEY_SIZE); } - if (old_entry->mac_key_client_.size() != wvcdm::MAC_KEY_SIZE) { + if (old_entry->mac_key_client_.size() != wvoec::MAC_KEY_SIZE) { LOGE("CopyOldEntry: Old entry has bad client mac key."); } else { memcpy(data_.mac_key_client, &(old_entry->mac_key_client_[0]), - wvcdm::MAC_KEY_SIZE); + wvoec::MAC_KEY_SIZE); if (LogCategoryEnabled(kLoggingDumpDerivedKeys)) { std::vector mac_key_client( data_.mac_key_client, - data_.mac_key_client + wvcdm::MAC_KEY_SIZE * sizeof(uint8_t)); - LOGI(("data_.mac_key_client has changed to = " + - wvcdm::b2a_hex(mac_key_client)).c_str()); + data_.mac_key_client + wvoec::MAC_KEY_SIZE * sizeof(uint8_t)); + LOGI(("data_.mac_key_client has changed to = " + + wvcdm::b2a_hex(mac_key_client)).c_str()); } } if (pst.size() > kMaxPSTLength) { @@ -336,12 +338,11 @@ OEMCryptoResult UsageTableEntry::CopyOldUsageEntry( return OEMCrypto_SUCCESS; } - size_t UsageTableEntry::SignedEntrySize() { size_t base = sizeof(SignedEntryBlock); // round up to make even number of blocks: - size_t blocks = (base - 1) / wvcdm::KEY_IV_SIZE + 1; - return blocks * wvcdm::KEY_IV_SIZE; + size_t blocks = (base - 1) / wvoec::KEY_IV_SIZE + 1; + return blocks * wvoec::KEY_IV_SIZE; } UsageTable::~UsageTable() { @@ -354,8 +355,8 @@ UsageTable::~UsageTable() { size_t UsageTable::SignedHeaderSize(size_t count) { size_t base = sizeof(SignedHeaderBlock) + count * sizeof(int64_t); // round up to make even number of blocks: - size_t blocks = (base - 1) / wvcdm::KEY_IV_SIZE + 1; - return blocks * wvcdm::KEY_IV_SIZE; + size_t blocks = (base - 1) / wvoec::KEY_IV_SIZE + 1; + return blocks * wvoec::KEY_IV_SIZE; } OEMCryptoResult UsageTable::UpdateUsageEntry(SessionContext* session, @@ -503,9 +504,9 @@ OEMCryptoResult UsageTable::SaveUsageTableHeader(uint8_t* signed_buffer, const std::vector& key = ce_->DeviceRootKey(override_to_real); // Encrypt the entry. - RAND_bytes(encrypted->iv, wvcdm::KEY_IV_SIZE); - uint8_t iv_buffer[wvcdm::KEY_IV_SIZE]; // working iv buffer. - memcpy(iv_buffer, encrypted->iv, wvcdm::KEY_IV_SIZE); + RAND_bytes(encrypted->iv, wvoec::KEY_IV_SIZE); + uint8_t iv_buffer[wvoec::KEY_IV_SIZE]; // working iv buffer. + memcpy(iv_buffer, encrypted->iv, wvoec::KEY_IV_SIZE); AES_KEY aes_key; AES_set_encrypt_key(&key[0], 128, &aes_key); AES_cbc_encrypt( @@ -558,8 +559,8 @@ OEMCryptoResult UsageTable::LoadUsageTableHeader( } // Next, decrypt the entry. - uint8_t iv_buffer[wvcdm::KEY_IV_SIZE]; - memcpy(iv_buffer, encrypted->iv, wvcdm::KEY_IV_SIZE); + uint8_t iv_buffer[wvoec::KEY_IV_SIZE]; + memcpy(iv_buffer, encrypted->iv, wvoec::KEY_IV_SIZE); AES_KEY aes_key; AES_set_decrypt_key(&key[0], 128, &aes_key); AES_cbc_encrypt(&buffer[kEncryptionOffset], &clear_buffer[kEncryptionOffset], @@ -572,7 +573,8 @@ OEMCryptoResult UsageTable::LoadUsageTableHeader( wvcdm::HexEncode(clear->verification, kMagicLength).c_str(), clear->verification, wvcdm::HexEncode(reinterpret_cast(kHeaderVerification), - kMagicLength).c_str(), + kMagicLength) + .c_str(), reinterpret_cast(kHeaderVerification)); return OEMCrypto_ERROR_BAD_MAGIC; } @@ -641,11 +643,13 @@ bool UsageTable::SaveGenerationNumber() { std::string path; // Note: this path is OK for a real implementation, but using security level 1 // would be better. - if (!wvcdm::Properties::GetDeviceFilesBasePath(wvcdm::kSecurityLevelL3, + // TODO(jfore, rfrias): Address how this property is presented to the ref. + // For now, the path is empty. + /*if (!Properties::GetDeviceFilesBasePath(kSecurityLevelL3, &path)) { LOGE("UsageTable: Unable to get base path"); return false; - } + }*/ // On a real implementation, you should NOT put the generation number in // a file in user space. It should be stored in secure memory. std::string filename = path + "GenerationNumber.dat"; @@ -666,16 +670,17 @@ bool UsageTable::LoadGenerationNumber(bool or_make_new_one) { std::string path; // Note: this path is OK for a real implementation, but using security level 1 // would be better. - if (!wvcdm::Properties::GetDeviceFilesBasePath(wvcdm::kSecurityLevelL3, + // TODO(jfore, rfrias): Address how this property is presented to the ref. + // For now, the path is empty. + /*if (!Properties::GetDeviceFilesBasePath(kSecurityLevelL3, &path)) { LOGE("UsageTable: Unable to get base path"); return false; - } + }*/ // On a real implementation, you should NOT put the generation number in // a file in user space. It should be stored in secure memory. std::string filename = path + "GenerationNumber.dat"; - wvcdm::File* file = file_system->Open(filename, - wvcdm::FileSystem::kReadOnly); + wvcdm::File* file = file_system->Open(filename, wvcdm::FileSystem::kReadOnly); if (!file) { if (or_make_new_one) { RAND_bytes(reinterpret_cast(&master_generation_number_), @@ -702,7 +707,7 @@ OEMCryptoResult UsageTable::CreateUsageTableHeader( *header_buffer_length = signed_header_size; if (!LoadGenerationNumber(true)) return OEMCrypto_ERROR_UNKNOWN_FAILURE; // Make sure there are no entries that are currently tied to an open session. - for (size_t i=0; i < sessions_.size(); ++i) { + for (size_t i = 0; i < sessions_.size(); ++i) { if (sessions_[i] != NULL) { LOGE("CreateUsageTableHeader: index %d used by session.", i); return OEMCrypto_ERROR_INVALID_SESSION; @@ -736,8 +741,8 @@ OEMCryptoResult UsageTable::CreateOldUsageEntry( uint8_t* server_mac_key, uint8_t* client_mac_key, const uint8_t* pst, size_t pst_length) { if (!old_table_) old_table_ = new OldUsageTable(ce_); - std::vector pstv(pst, pst+pst_length); - OldUsageTableEntry *old_entry = old_table_->CreateEntry(pstv); + std::vector pstv(pst, pst + pst_length); + OldUsageTableEntry* old_entry = old_table_->CreateEntry(pstv); int64_t now = time(NULL); old_entry->time_of_license_received_ = now - time_since_license_received; @@ -745,10 +750,10 @@ OEMCryptoResult UsageTable::CreateOldUsageEntry( old_entry->time_of_last_decrypt_ = now - time_since_last_decrypt; old_entry->status_ = status; old_entry->mac_key_server_.assign(server_mac_key, - server_mac_key + wvcdm::MAC_KEY_SIZE); + server_mac_key + wvoec::MAC_KEY_SIZE); old_entry->mac_key_client_.assign(client_mac_key, - client_mac_key + wvcdm::MAC_KEY_SIZE); + client_mac_key + wvoec::MAC_KEY_SIZE); return OEMCrypto_SUCCESS; } -} // namespace wvoec_mock +} // namespace wvoec_ref diff --git a/mock/src/oemcrypto_usage_table_mock.h b/oemcrypto/ref/src/oemcrypto_usage_table_ref.h similarity index 93% rename from mock/src/oemcrypto_usage_table_mock.h rename to oemcrypto/ref/src/oemcrypto_usage_table_ref.h index 1dcfe6e..b9cf64b 100644 --- a/mock/src/oemcrypto_usage_table_mock.h +++ b/oemcrypto/ref/src/oemcrypto_usage_table_ref.h @@ -2,10 +2,10 @@ // source code may only be used and distributed under the Widevine Master // License Agreement. // -// Mock implementation of OEMCrypto APIs +// Ref implementation of OEMCrypto APIs // -#ifndef OEMCRYPTO_USAGE_TABLE_MOCK_H_ -#define OEMCRYPTO_USAGE_TABLE_MOCK_H_ +#ifndef OEMCRYPTO_USAGE_TABLE_REF_H_ +#define OEMCRYPTO_USAGE_TABLE_REF_H_ #include #include @@ -13,12 +13,10 @@ #include #include "OEMCryptoCENC.h" -#include "file_store.h" -#include "lock.h" #include "openssl/sha.h" -#include "wv_cdm_constants.h" +#include "oemcrypto_types.h" -namespace wvoec_mock { +namespace wvoec_ref { class SessionContext; class CryptoEngine; @@ -34,8 +32,8 @@ struct StoredUsageEntry { int64_t time_of_first_decrypt; int64_t time_of_last_decrypt; enum OEMCrypto_Usage_Entry_Status status; - uint8_t mac_key_server[wvcdm::MAC_KEY_SIZE]; - uint8_t mac_key_client[wvcdm::MAC_KEY_SIZE]; + uint8_t mac_key_server[wvoec::MAC_KEY_SIZE]; + uint8_t mac_key_client[wvoec::MAC_KEY_SIZE]; uint32_t index; uint8_t pst[kMaxPSTLength+1]; // add 1 for padding. uint8_t pst_length; @@ -134,6 +132,6 @@ class UsageTable { OldUsageTable *old_table_; }; -} // namespace wvoec_mock +} // namespace wvoec_ref -#endif // OEMCRYPTO_USAGE_TABLE_MOCK_H_ +#endif // OEMCRYPTO_USAGE_TABLE_REF_H_ diff --git a/mock/src/wvcrc.cpp b/oemcrypto/ref/src/wvcrc.cpp similarity index 100% rename from mock/src/wvcrc.cpp rename to oemcrypto/ref/src/wvcrc.cpp diff --git a/mock/src/wvcrc32.h b/oemcrypto/ref/src/wvcrc32.h similarity index 100% rename from mock/src/wvcrc32.h rename to oemcrypto/ref/src/wvcrc32.h diff --git a/test/oec_device_features.cpp b/oemcrypto/test/oec_device_features.cpp similarity index 97% rename from test/oec_device_features.cpp rename to oemcrypto/test/oec_device_features.cpp index 5d31313..9bd95a6 100644 --- a/test/oec_device_features.cpp +++ b/oemcrypto/test/oec_device_features.cpp @@ -7,6 +7,8 @@ #include "oec_device_features.h" #include +#include +#include #include @@ -141,6 +143,11 @@ std::string DeviceFeatures::RestrictFilter(const std::string& initial_filter) { if (api_version < 12) FilterOut(&filter, "*API12*"); if (api_version < 13) FilterOut(&filter, "*API13*"); if (api_version < 14) FilterOut(&filter, "*API14*"); + // Some tests may require root access. If user is not root, filter these tests + // out. + if (getuid()) { + FilterOut(&filter, "UsageTableTest.TimeRollbackPrevention"); + } // Performance tests take a long time. Filter them out if they are not // specifically requested. if (filter.find("Performance") == std::string::npos) { diff --git a/test/oec_device_features.h b/oemcrypto/test/oec_device_features.h similarity index 98% rename from test/oec_device_features.h rename to oemcrypto/test/oec_device_features.h index becea2a..f8929d7 100644 --- a/test/oec_device_features.h +++ b/oemcrypto/test/oec_device_features.h @@ -4,7 +4,7 @@ #include #include "OEMCryptoCENC.h" -#include "wv_keybox.h" +#include "oemcrypto_types.h" namespace wvoec { diff --git a/test/oec_session_util.cpp b/oemcrypto/test/oec_session_util.cpp similarity index 94% rename from test/oec_session_util.cpp rename to oemcrypto/test/oec_session_util.cpp index 8a0cdcf..48a5ff4 100644 --- a/test/oec_session_util.cpp +++ b/oemcrypto/test/oec_session_util.cpp @@ -26,14 +26,12 @@ #include #include "OEMCryptoCENC.h" +#include "disallow_copy_and_assign.h" #include "log.h" #include "oec_device_features.h" #include "oec_test_data.h" -#include "oemcrypto_key_mock.h" +#include "oemcrypto_types.h" #include "string_conversions.h" -#include "wv_cdm_constants.h" -#include "wv_cdm_types.h" -#include "wv_keybox.h" using namespace std; @@ -102,14 +100,14 @@ Session::Session() : open_(false), forced_session_id_(false), session_id_(0), - mac_key_server_(wvcdm::MAC_KEY_SIZE), - mac_key_client_(wvcdm::MAC_KEY_SIZE), - enc_key_(wvcdm::KEY_SIZE), + mac_key_server_(MAC_KEY_SIZE), + mac_key_client_(MAC_KEY_SIZE), + enc_key_(KEY_SIZE), public_rsa_(0), message_size_(sizeof(MessageData)), - num_keys_(4), // Most tests only use 4 keys. - // Other tests will explicitly call set_num_keys. - has_entitlement_license_(false) { + // Most tests only use 4 keys. Other tests will explicitly call + // set_num_keys. + num_keys_(4) { // Stripe the padded message. for (size_t i = 0; i < sizeof(padded_message_.padding); i++) { padded_message_.padding[i] = i % 0x100; @@ -187,7 +185,7 @@ void Session::DeriveKey(const uint8_t* key, const vector& context, CMAC_CTX* cmac_ctx = CMAC_CTX_new(); ASSERT_NE(static_cast(NULL), cmac_ctx); - ASSERT_EQ(1, CMAC_Init(cmac_ctx, key, wvcdm::KEY_SIZE, cipher, 0)); + ASSERT_EQ(1, CMAC_Init(cmac_ctx, key, KEY_SIZE, cipher, 0)); std::vector message; message.push_back(counter); @@ -223,7 +221,7 @@ void Session::DeriveKeys(const uint8_t* master_key, } void Session::GenerateDerivedKeysFromKeybox( - const wvoec_mock::WidevineKeybox& keybox) { + const wvoec::WidevineKeybox& keybox) { GenerateNonce(); vector mac_context; vector enc_context; @@ -269,9 +267,9 @@ void Session::LoadTestKeys(const std::string& pst, bool new_mac_keys) { key_array_, pst_ptr, pst.length(), NULL, OEMCrypto_ContentLicense)); // Update new generated keys. - memcpy(&mac_key_server_[0], license_.mac_keys, wvcdm::MAC_KEY_SIZE); - memcpy(&mac_key_client_[0], license_.mac_keys + wvcdm::MAC_KEY_SIZE, - wvcdm::MAC_KEY_SIZE); + memcpy(&mac_key_server_[0], license_.mac_keys, MAC_KEY_SIZE); + memcpy(&mac_key_client_[0], license_.mac_keys + MAC_KEY_SIZE, + MAC_KEY_SIZE); } else { ASSERT_EQ( OEMCrypto_SUCCESS, @@ -299,9 +297,9 @@ void Session::LoadEnitlementTestKeys(const std::string& pst, key_array_, pst_ptr, pst.length(), NULL, OEMCrypto_EntitlementLicense)); // Update new generated keys. - memcpy(&mac_key_server_[0], license_.mac_keys, wvcdm::MAC_KEY_SIZE); - memcpy(&mac_key_client_[0], license_.mac_keys + wvcdm::MAC_KEY_SIZE, - wvcdm::MAC_KEY_SIZE); + memcpy(&mac_key_server_[0], license_.mac_keys, MAC_KEY_SIZE); + memcpy(&mac_key_client_[0], license_.mac_keys + MAC_KEY_SIZE, + MAC_KEY_SIZE); } else { ASSERT_EQ( expected_sts, @@ -313,7 +311,6 @@ void Session::LoadEnitlementTestKeys(const std::string& pst, } void Session::FillEntitledKeyArray() { - has_entitlement_license_ = true; for (size_t i = 0; i < num_keys_; ++i) { EntitledContentKeyData* key_data = &entitled_key_data_[i]; @@ -480,7 +477,7 @@ void Session::FillSimpleMessage(uint32_t duration, uint32_t control, memset(license_.keys[i].key_id, i, license_.keys[i].key_id_length); EXPECT_EQ(1, GetRandBytes(license_.keys[i].key_data, sizeof(license_.keys[i].key_data))); - license_.keys[i].key_data_length = wvcdm::KEY_SIZE; + license_.keys[i].key_data_length = KEY_SIZE; EXPECT_EQ(1, GetRandBytes(license_.keys[i].key_iv, sizeof(license_.keys[i].key_iv))); EXPECT_EQ(1, GetRandBytes(license_.keys[i].control_iv, @@ -494,14 +491,14 @@ void Session::FillSimpleMessage(uint32_t duration, uint32_t control, } else if (global_features.api_version == 12) { // For version 12, we require OEMCrypto to handle kc12 for all licenses. memcpy(license_.keys[i].control.verification, "kc12", 4); - } else if (control & wvoec_mock::kControlSecurityPatchLevelMask) { + } else if (control & wvoec::kControlSecurityPatchLevelMask) { // For versions before 12, we require the special key control block only // when there are newer features present. memcpy(license_.keys[i].control.verification, "kc11", 4); - } else if (control & wvoec_mock::kControlRequireAntiRollbackHardware) { + } else if (control & wvoec::kControlRequireAntiRollbackHardware) { memcpy(license_.keys[i].control.verification, "kc10", 4); - } else if (control & (wvoec_mock::kControlHDCPVersionMask | - wvoec_mock::kControlReplayMask)) { + } else if (control & (wvoec::kControlHDCPVersionMask | + wvoec::kControlReplayMask)) { memcpy(license_.keys[i].control.verification, "kc09", 4); } else { memcpy(license_.keys[i].control.verification, "kctl", 4); @@ -527,7 +524,7 @@ void Session::FillSimpleEntitlementMessage( memset(license_.keys[i].key_id, i, license_.keys[i].key_id_length); EXPECT_EQ(1, GetRandBytes(license_.keys[i].key_data, sizeof(license_.keys[i].key_data))); - license_.keys[i].key_data_length = wvcdm::KEY_SIZE * 2; // AES-256 keys + license_.keys[i].key_data_length = KEY_SIZE * 2; // AES-256 keys EXPECT_EQ(1, GetRandBytes(license_.keys[i].key_iv, sizeof(license_.keys[i].key_iv))); EXPECT_EQ(1, GetRandBytes(license_.keys[i].control_iv, @@ -541,14 +538,14 @@ void Session::FillSimpleEntitlementMessage( } else if (global_features.api_version == 12) { // For version 12, we require OEMCrypto to handle kc12 for all licenses. memcpy(license_.keys[i].control.verification, "kc12", 4); - } else if (control & wvoec_mock::kControlSecurityPatchLevelMask) { + } else if (control & wvoec::kControlSecurityPatchLevelMask) { // For versions before 12, we require the special key control block only // when there are newer features present. memcpy(license_.keys[i].control.verification, "kc11", 4); - } else if (control & wvoec_mock::kControlRequireAntiRollbackHardware) { + } else if (control & wvoec::kControlRequireAntiRollbackHardware) { memcpy(license_.keys[i].control.verification, "kc10", 4); - } else if (control & (wvoec_mock::kControlHDCPVersionMask | - wvoec_mock::kControlReplayMask)) { + } else if (control & (wvoec::kControlHDCPVersionMask | + wvoec::kControlReplayMask)) { memcpy(license_.keys[i].control.verification, "kc09", 4); } else { memcpy(license_.keys[i].control.verification, "kctl", 4); @@ -592,22 +589,21 @@ void Session::EncryptAndSign() { encrypted_license() = license_; uint8_t iv_buffer[16]; - memcpy(iv_buffer, &license_.mac_key_iv[0], wvcdm::KEY_IV_SIZE); + memcpy(iv_buffer, &license_.mac_key_iv[0], KEY_IV_SIZE); AES_KEY aes_key; AES_set_encrypt_key(&enc_key_[0], 128, &aes_key); AES_cbc_encrypt(&license_.mac_keys[0], &encrypted_license().mac_keys[0], - 2 * wvcdm::MAC_KEY_SIZE, &aes_key, iv_buffer, AES_ENCRYPT); + 2 * MAC_KEY_SIZE, &aes_key, iv_buffer, AES_ENCRYPT); - int key_size = has_entitlement_license() ? 256 : 128; for (unsigned int i = 0; i < num_keys_; i++) { - memcpy(iv_buffer, &license_.keys[i].control_iv[0], wvcdm::KEY_IV_SIZE); - AES_set_encrypt_key(&license_.keys[i].key_data[0], key_size, &aes_key); + memcpy(iv_buffer, &license_.keys[i].control_iv[0], KEY_IV_SIZE); + AES_set_encrypt_key(&license_.keys[i].key_data[0], 128, &aes_key); AES_cbc_encrypt( reinterpret_cast(&license_.keys[i].control), reinterpret_cast(&encrypted_license().keys[i].control), - wvcdm::KEY_SIZE, &aes_key, iv_buffer, AES_ENCRYPT); + KEY_SIZE, &aes_key, iv_buffer, AES_ENCRYPT); - memcpy(iv_buffer, &license_.keys[i].key_iv[0], wvcdm::KEY_IV_SIZE); + memcpy(iv_buffer, &license_.keys[i].key_iv[0], KEY_IV_SIZE); AES_set_encrypt_key(&enc_key_[0], 128, &aes_key); AES_cbc_encrypt( &license_.keys[i].key_data[0], &encrypted_license().keys[i].key_data[0], @@ -622,14 +618,14 @@ void Session::EncryptAndSign() { void Session::EncryptProvisioningMessage( RSAPrivateKeyMessage* data, RSAPrivateKeyMessage* encrypted, const vector& encryption_key) { - ASSERT_EQ(encryption_key.size(), wvcdm::KEY_SIZE); + ASSERT_EQ(encryption_key.size(), KEY_SIZE); *encrypted = *data; - size_t padding = wvcdm::KEY_SIZE - (data->rsa_key_length % wvcdm::KEY_SIZE); + size_t padding = KEY_SIZE - (data->rsa_key_length % KEY_SIZE); memset(data->rsa_key + data->rsa_key_length, static_cast(padding), padding); encrypted->rsa_key_length = data->rsa_key_length + padding; uint8_t iv_buffer[16]; - memcpy(iv_buffer, &data->rsa_key_iv[0], wvcdm::KEY_IV_SIZE); + memcpy(iv_buffer, &data->rsa_key_iv[0], KEY_IV_SIZE); AES_KEY aes_key; AES_set_encrypt_key(&encryption_key[0], 128, &aes_key); AES_cbc_encrypt(&data->rsa_key[0], &encrypted->rsa_key[0], @@ -742,8 +738,8 @@ void Session::TestDecryptCTR(bool select_key_first, for (size_t i = 0; i < unencryptedData.size(); i++) unencryptedData[i] = i % 256; EXPECT_EQ(1, GetRandBytes(&unencryptedData[0], unencryptedData.size())); - vector encryptionIv(wvcdm::KEY_IV_SIZE); - EXPECT_EQ(1, GetRandBytes(&encryptionIv[0], wvcdm::KEY_IV_SIZE)); + vector encryptionIv(KEY_IV_SIZE); + EXPECT_EQ(1, GetRandBytes(&encryptionIv[0], KEY_IV_SIZE)); vector encryptedData(unencryptedData.size()); EncryptCTR(unencryptedData, license_.keys[key_index].key_data, &encryptionIv[0], &encryptedData); @@ -895,7 +891,7 @@ void Session::MakeRSACertificate(struct RSAPrivateKeyMessage* encrypted, memcpy(message.rsa_key, rsa_key.data(), rsa_key.size()); message.rsa_key_length = rsa_key.size(); } - EXPECT_EQ(1, GetRandBytes(message.rsa_key_iv, wvcdm::KEY_IV_SIZE)); + EXPECT_EQ(1, GetRandBytes(message.rsa_key_iv, KEY_IV_SIZE)); message.nonce = nonce_; EncryptProvisioningMessage(&message, encrypted, *encryption_key); @@ -1198,15 +1194,17 @@ void Session::VerifyPST(const Test_PST_Report& expected) { char* pst_ptr = reinterpret_cast(computed.pst()); std::string computed_pst(pst_ptr, pst_ptr + computed.pst_length()); ASSERT_EQ(expected.pst, computed_pst); - EXPECT_NEAR(expected.seconds_since_license_received, + time_t now = time(NULL); + int64_t age = now - expected.time_created; // How old is this report. + EXPECT_NEAR(expected.seconds_since_license_received + age, computed.seconds_since_license_received(), kTimeTolerance); // Decrypt times only valid on licenses that have been active. if (expected.status == kActive || expected.status == kInactiveUsed) { - EXPECT_NEAR(expected.seconds_since_first_decrypt, + EXPECT_NEAR(expected.seconds_since_first_decrypt + age, computed.seconds_since_first_decrypt(), kUsageTableTimeTolerance); - EXPECT_NEAR(expected.seconds_since_last_decrypt, + EXPECT_NEAR(expected.seconds_since_last_decrypt + age, computed.seconds_since_last_decrypt(), kUsageTableTimeTolerance); } @@ -1232,13 +1230,10 @@ static int64_t MaybeAdjustTime(int64_t t, time_t now) { return t; } -void Session::GenerateVerifyReport(const std::string& pst, - OEMCrypto_Usage_Entry_Status status, - int64_t time_license_received, - int64_t time_first_decrypt, - int64_t time_last_decrypt) { - ASSERT_NO_FATAL_FAILURE(GenerateReport(pst)); - Test_PST_Report expected(pst, status); +void Session::VerifyReport(Test_PST_Report expected, + int64_t time_license_received, + int64_t time_first_decrypt, + int64_t time_last_decrypt) { time_t now = time(NULL); expected.seconds_since_license_received = MaybeAdjustTime(time_license_received, now); @@ -1248,6 +1243,17 @@ void Session::GenerateVerifyReport(const std::string& pst, ASSERT_NO_FATAL_FAILURE(VerifyPST(expected)); } +void Session::GenerateVerifyReport(const std::string& pst, + OEMCrypto_Usage_Entry_Status status, + int64_t time_license_received, + int64_t time_first_decrypt, + int64_t time_last_decrypt) { + ASSERT_NO_FATAL_FAILURE(GenerateReport(pst)); + Test_PST_Report expected(pst, status); + ASSERT_NO_FATAL_FAILURE(VerifyReport(expected, time_license_received, + time_first_decrypt, time_last_decrypt)); +} + void Session::CreateOldEntry(const Test_PST_Report& report) { OEMCryptoResult result = OEMCrypto_CreateOldUsageEntry( report.seconds_since_license_received, diff --git a/test/oec_session_util.h b/oemcrypto/test/oec_session_util.h similarity index 94% rename from test/oec_session_util.h rename to oemcrypto/test/oec_session_util.h index 6a2ff55..235407a 100644 --- a/test/oec_session_util.h +++ b/oemcrypto/test/oec_session_util.h @@ -12,8 +12,8 @@ #include #include "oec_device_features.h" +#include "oemcrypto_types.h" #include "pst_report.h" -#include "wv_cdm_constants.h" using namespace std; @@ -66,10 +66,10 @@ const size_t kMaxDecryptSize = 100 * 1024; // In specification. typedef struct { uint8_t key_id[kTestKeyIdMaxLength]; size_t key_id_length; - uint8_t key_data[wvcdm::MAC_KEY_SIZE]; + uint8_t key_data[MAC_KEY_SIZE]; size_t key_data_length; - uint8_t key_iv[wvcdm::KEY_IV_SIZE]; - uint8_t control_iv[wvcdm::KEY_IV_SIZE]; + uint8_t key_iv[KEY_IV_SIZE]; + uint8_t control_iv[KEY_IV_SIZE]; KeyControlBlock control; // Note: cipher_mode may not be part of a real signed message. For these // tests, it is convenient to keep it in this structure anyway. @@ -79,8 +79,8 @@ typedef struct { // This structure will be signed to simulate a message from the server. struct MessageData { MessageKeyData keys[kMaxNumKeys]; - uint8_t mac_key_iv[wvcdm::KEY_IV_SIZE]; - uint8_t mac_keys[2 * wvcdm::MAC_KEY_SIZE]; + uint8_t mac_key_iv[KEY_IV_SIZE]; + uint8_t mac_keys[2 * MAC_KEY_SIZE]; uint8_t pst[kMaxPSTLength]; }; @@ -88,7 +88,7 @@ struct MessageData { // server. struct RSAPrivateKeyMessage { uint8_t rsa_key[kMaxTestRSAKeyLength]; - uint8_t rsa_key_iv[wvcdm::KEY_IV_SIZE]; + uint8_t rsa_key_iv[KEY_IV_SIZE]; size_t rsa_key_length; uint32_t nonce; }; @@ -96,20 +96,21 @@ struct RSAPrivateKeyMessage { struct Test_PST_Report { Test_PST_Report(const std::string& pst_in, OEMCrypto_Usage_Entry_Status status_in) - : status(status_in), pst(pst_in) {} + : status(status_in), pst(pst_in), time_created(time(NULL)) {} OEMCrypto_Usage_Entry_Status status; int64_t seconds_since_license_received; int64_t seconds_since_first_decrypt; int64_t seconds_since_last_decrypt; std::string pst; + time_t time_created; }; struct EntitledContentKeyData { - uint8_t entitlement_key_id[wvcdm::KEY_SIZE]; - uint8_t content_key_id[wvcdm::KEY_SIZE]; - uint8_t content_key_data_iv[wvcdm::KEY_SIZE]; - uint8_t content_key_data[wvcdm::KEY_SIZE]; + uint8_t entitlement_key_id[KEY_SIZE]; + uint8_t content_key_id[KEY_SIZE]; + uint8_t content_key_data_iv[KEY_SIZE]; + uint8_t content_key_data[KEY_SIZE]; }; // Increment counter for AES-CTR. The CENC spec specifies we increment only @@ -151,7 +152,7 @@ class Session { vector* enc_context); // Generate known mac and enc keys using OEMCrypto_GenerateDerivedKeys and // also fill out enc_key_, mac_key_server_, and mac_key_client_. - void GenerateDerivedKeysFromKeybox(const wvoec_mock::WidevineKeybox& keybox); + void GenerateDerivedKeysFromKeybox(const wvoec::WidevineKeybox& keybox); // Generate known mac and enc keys using OEMCrypto_DeriveKeysFromSessionKey // and also fill out enc_key_, mac_key_server_, and mac_key_client_. void GenerateDerivedKeysFromSessionKey(); @@ -331,9 +332,14 @@ class Session { // Verify the values in the PST report. The signature should have been // verified in GenerateReport, above. void VerifyPST(const Test_PST_Report& report); - // Generate and Verify the Usage Report. If any time is greater than 10 - // minutes, it is assumed to be an absolute time, and time_since will be - // computed relative to now. + // Verify the Usage Report. If any time is greater than 10 minutes, it is + // assumed to be an absolute time, and time_since will be computed relative to + // now. + void VerifyReport(Test_PST_Report report, + int64_t time_license_received = 0, + int64_t time_first_decrypt = 0, + int64_t time_last_decrypt = 0); + // Same as above, but generates the report with the given status. void GenerateVerifyReport(const std::string& pst, OEMCrypto_Usage_Entry_Status status, int64_t time_license_received = 0, @@ -372,9 +378,6 @@ class Session { // The size of the encrypted message. size_t message_size() { return message_size_; } - // If this session has an entitlement license. - bool has_entitlement_license() const { return has_entitlement_license_; } - private: // Generate mac and enc keys give the master key. void DeriveKeys(const uint8_t* master_key, @@ -404,7 +407,6 @@ class Session { vector encrypted_usage_entry_; uint32_t usage_entry_number_; string pst_; - bool has_entitlement_license_; // Clear Entitlement key data. This is the backing data for // |entitled_key_array_|. diff --git a/test/oec_test_data.h b/oemcrypto/test/oec_test_data.h similarity index 99% rename from test/oec_test_data.h rename to oemcrypto/test/oec_test_data.h index 23e5d77..dc2d09f 100644 --- a/test/oec_test_data.h +++ b/oemcrypto/test/oec_test_data.h @@ -10,7 +10,8 @@ #include #include "OEMCryptoCENC.h" -#include "wv_keybox.h" +#include "oemcrypto_types.h" + namespace wvoec { @@ -20,7 +21,7 @@ namespace wvoec { // The first keybox, kTestKeybox, with deviceID "TestKey01" is used for most of // the tests. It should be loaded by OEMCrypto when OEMCrypto_LoadTestKeybox // is called. -static const wvoec_mock::WidevineKeybox kTestKeybox = { +static const wvoec::WidevineKeybox kTestKeybox = { // Sample keybox used for test vectors { // deviceID = WidevineTestOnlyKeybox000 @@ -55,7 +56,7 @@ static const wvoec_mock::WidevineKeybox kTestKeybox = { // These are old test keyboxes. The first keybox can be used to update an // older OEMCrypto because it is the same keybox that was previously used in // unit tests. -static const wvoec_mock::WidevineKeybox kValidKeybox01 = { +static const wvoec::WidevineKeybox kValidKeybox01 = { // Sample keybox used for test vectors { // deviceID @@ -87,7 +88,7 @@ static const wvoec_mock::WidevineKeybox kValidKeybox01 = { } }; -static const wvoec_mock::WidevineKeybox kValidKeybox02 = { +static const wvoec::WidevineKeybox kValidKeybox02 = { // Sample keybox used for test vectors { // deviceID @@ -119,7 +120,7 @@ static const wvoec_mock::WidevineKeybox kValidKeybox02 = { } }; -static const wvoec_mock::WidevineKeybox kValidKeybox03 = { +static const wvoec::WidevineKeybox kValidKeybox03 = { // Sample keybox used for test vectors { // deviceID diff --git a/test/oemcrypto_session_tests_helper.cpp b/oemcrypto/test/oemcrypto_session_tests_helper.cpp similarity index 96% rename from test/oemcrypto_session_tests_helper.cpp rename to oemcrypto/test/oemcrypto_session_tests_helper.cpp index 1a1b09b..d016362 100644 --- a/test/oemcrypto_session_tests_helper.cpp +++ b/oemcrypto/test/oemcrypto_session_tests_helper.cpp @@ -82,10 +82,10 @@ void SessionUtil::CreateWrappedRSAKey(uint32_t allowed_schemes, } } -void SessionUtil::InstallKeybox(const wvoec_mock::WidevineKeybox& keybox, +void SessionUtil::InstallKeybox(const wvoec::WidevineKeybox& keybox, bool good) { - uint8_t wrapped[sizeof(wvoec_mock::WidevineKeybox)]; - size_t length = sizeof(wvoec_mock::WidevineKeybox); + uint8_t wrapped[sizeof(wvoec::WidevineKeybox)]; + size_t length = sizeof(wvoec::WidevineKeybox); keybox_ = keybox; ASSERT_EQ( OEMCrypto_SUCCESS, diff --git a/test/oemcrypto_session_tests_helper.h b/oemcrypto/test/oemcrypto_session_tests_helper.h similarity index 90% rename from test/oemcrypto_session_tests_helper.h rename to oemcrypto/test/oemcrypto_session_tests_helper.h index f0124c6..2f4010d 100644 --- a/test/oemcrypto_session_tests_helper.h +++ b/oemcrypto/test/oemcrypto_session_tests_helper.h @@ -26,7 +26,7 @@ public: // If force is true, we assert that the key loads successfully. void CreateWrappedRSAKey(uint32_t allowed_schemes, bool force); - void InstallKeybox(const wvoec_mock::WidevineKeybox& keybox, bool good); + void InstallKeybox(const wvoec::WidevineKeybox& keybox, bool good); void EnsureTestKeys(); @@ -34,7 +34,7 @@ public: std::vector encoded_rsa_key_; std::vector wrapped_rsa_key_; - wvoec_mock::WidevineKeybox keybox_; + wvoec::WidevineKeybox keybox_; }; } // namespace wvoec diff --git a/test/oemcrypto_test.cpp b/oemcrypto/test/oemcrypto_test.cpp similarity index 95% rename from test/oemcrypto_test.cpp rename to oemcrypto/test/oemcrypto_test.cpp index ba65907..6b06598 100644 --- a/test/oemcrypto_test.cpp +++ b/oemcrypto/test/oemcrypto_test.cpp @@ -33,11 +33,12 @@ #include "oec_session_util.h" #include "oec_test_data.h" #include "oemcrypto_session_tests_helper.h" -#include "oemcrypto_key_mock.h" -#include "properties.h" +#include "oemcrypto_types.h" #include "string_conversions.h" -#include "wv_cdm_constants.h" -#include "wv_keybox.h" + +#ifdef CDM_TESTS +#include "properties.h" +#endif using ::testing::Bool; using ::testing::Combine; @@ -63,11 +64,7 @@ void PrintTo(const tuplecurrent_test_info(); @@ -681,7 +680,7 @@ TEST_F(OEMCryptoSessionTestKeyboxTest, GoodForceKeybox) { ASSERT_EQ(DeviceFeatures::FORCE_TEST_KEYBOX, global_features.derive_key_method) << "ForceKeybox tests will modify the installed keybox."; - wvoec_mock::WidevineKeybox keybox = kValidKeybox02; + wvoec::WidevineKeybox keybox = kValidKeybox02; OEMCryptoResult sts; InstallKeybox(keybox, true); sts = OEMCrypto_IsKeyboxValid(); @@ -697,7 +696,7 @@ TEST_F(OEMCryptoSessionTestKeyboxTest, BadCRCForceKeybox) { ASSERT_EQ(DeviceFeatures::FORCE_TEST_KEYBOX, global_features.derive_key_method) << "ForceKeybox tests will modify the installed keybox."; - wvoec_mock::WidevineKeybox keybox = kValidKeybox02; + wvoec::WidevineKeybox keybox = kValidKeybox02; keybox.crc_[1] ^= 42; OEMCryptoResult sts; InstallKeybox(keybox, false); @@ -709,7 +708,7 @@ TEST_F(OEMCryptoSessionTestKeyboxTest, BadMagicForceKeybox) { ASSERT_EQ(DeviceFeatures::FORCE_TEST_KEYBOX, global_features.derive_key_method) << "ForceKeybox tests will modify the installed keybox."; - wvoec_mock::WidevineKeybox keybox = kValidKeybox02; + wvoec::WidevineKeybox keybox = kValidKeybox02; keybox.magic_[1] ^= 42; OEMCryptoResult sts; InstallKeybox(keybox, false); @@ -721,7 +720,7 @@ TEST_F(OEMCryptoSessionTestKeyboxTest, BadDataForceKeybox) { ASSERT_EQ(DeviceFeatures::FORCE_TEST_KEYBOX, global_features.derive_key_method) << "ForceKeybox tests will modify the installed keybox."; - wvoec_mock::WidevineKeybox keybox = kValidKeybox02; + wvoec::WidevineKeybox keybox = kValidKeybox02; keybox.data_[1] ^= 42; OEMCryptoResult sts; InstallKeybox(keybox, false); @@ -774,7 +773,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithNonce) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE( - s.FillSimpleMessage(0, wvoec_mock::kControlNonceEnabled, s.get_nonce())); + s.FillSimpleMessage(0, wvoec::kControlNonceEnabled, s.get_nonce())); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys()); } @@ -791,7 +790,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeySeveralNonce) { s.GenerateNonce(); // three. s.GenerateNonce(); // four. ASSERT_NO_FATAL_FAILURE( - s.FillSimpleMessage(0, wvoec_mock::kControlNonceEnabled, first_nonce)); + s.FillSimpleMessage(0, wvoec::kControlNonceEnabled, first_nonce)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys()); } @@ -964,7 +963,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadRange4) { vector bad_buffer( s.encrypted_license().keys[1].key_data, - s.encrypted_license().keys[1].key_data + wvcdm::KEY_SIZE); + s.encrypted_license().keys[1].key_data + wvoec::KEY_SIZE); s.key_array()[1].key_data = &bad_buffer[0]; OEMCryptoResult sts = OEMCrypto_LoadKeys( @@ -1038,7 +1037,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithBadNonce) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage(0, - wvoec_mock::kControlNonceEnabled, + wvoec::kControlNonceEnabled, 42)); // bad nonce. ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); OEMCryptoResult sts = OEMCrypto_LoadKeys( @@ -1056,7 +1055,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithRepeatNonce) { ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); uint32_t nonce = s.get_nonce(); ASSERT_NO_FATAL_FAILURE( - s.FillSimpleMessage(0, wvoec_mock::kControlNonceEnabled, nonce)); + s.FillSimpleMessage(0, wvoec::kControlNonceEnabled, nonce)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys()); ASSERT_NO_FATAL_FAILURE(s.close()); @@ -1064,7 +1063,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithRepeatNonce) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage(0, - wvoec_mock::kControlNonceEnabled, + wvoec::kControlNonceEnabled, nonce)); // same old nonce. ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); OEMCryptoResult sts = OEMCrypto_LoadKeys( @@ -1076,6 +1075,57 @@ TEST_F(OEMCryptoSessionTests, LoadKeyWithRepeatNonce) { ASSERT_NE(OEMCrypto_SUCCESS, sts); } +// This tests that a nonce cannot be used in new session. +TEST_F(OEMCryptoSessionTests, LoadKeyNonceReopenSession) { + Session s; + ASSERT_NO_FATAL_FAILURE(s.open()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); + uint32_t nonce = s.get_nonce(); + // Do not use the nonce now. Close session and use it after re-opening. + ASSERT_NO_FATAL_FAILURE(s.close()); + + // Actually, this isn't the same session. OEMCrypto opens a new session, but + // we are guarding against the possiblity that it re-uses the session data + // and might not clear out the nonce table correctly. + ASSERT_NO_FATAL_FAILURE(s.open()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); + ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage(0, wvoec::kControlNonceEnabled, + nonce)); // same old nonce + ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); + OEMCryptoResult sts = OEMCrypto_LoadKeys( + s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], + s.signature().size(), s.encrypted_license().mac_key_iv, + s.encrypted_license().mac_keys, s.num_keys(), s.key_array(), NULL, 0, + NULL, OEMCrypto_ContentLicense); + + ASSERT_NE(OEMCrypto_SUCCESS, sts); +} + +// This tests that a nonce cannot be used in wrong session. +TEST_F(OEMCryptoSessionTests, LoadKeyNonceWrongSession) { + Session s1; + ASSERT_NO_FATAL_FAILURE(s1.open()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s1)); + uint32_t nonce = s1.get_nonce(); + // Do not use the nonce. Also, leave the session open. We want to make sure + // that s and s1 do NOT share a nonce table. This is different from the + // LoadKeyNonceReopenSession in that we do not close s1. + + Session s2; + ASSERT_NO_FATAL_FAILURE(s2.open()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s2)); + ASSERT_NO_FATAL_FAILURE(s2.FillSimpleMessage(0, wvoec::kControlNonceEnabled, + nonce)); // nonce from session s1 + ASSERT_NO_FATAL_FAILURE(s2.EncryptAndSign()); + OEMCryptoResult sts = OEMCrypto_LoadKeys( + s2.session_id(), s2.message_ptr(), s2.message_size(), &s2.signature()[0], + s2.signature().size(), s2.encrypted_license().mac_key_iv, + s2.encrypted_license().mac_keys, s2.num_keys(), s2.key_array(), NULL, 0, + NULL, OEMCrypto_ContentLicense); + + ASSERT_NE(OEMCrypto_SUCCESS, sts); +} + TEST_F(OEMCryptoSessionTests, LoadKeyWithBadVerification) { Session s; ASSERT_NO_FATAL_FAILURE(s.open()); @@ -1191,7 +1241,7 @@ TEST_F(OEMCryptoSessionTests, LoadKeyNoKeyWithNonce) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE( - s.FillSimpleMessage(0, wvoec_mock::kControlNonceEnabled, s.get_nonce())); + s.FillSimpleMessage(0, wvoec::kControlNonceEnabled, s.get_nonce())); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); int kNoKeys = 0; ASSERT_NE( @@ -1207,7 +1257,7 @@ TEST_F(OEMCryptoSessionTests, QueryKeyControl) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE( - s.FillSimpleMessage(0, wvoec_mock::kControlNonceEnabled, s.get_nonce())); + s.FillSimpleMessage(0, wvoec::kControlNonceEnabled, s.get_nonce())); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys()); // Note: successful cases are tested in VerifyTestKeys. @@ -1234,7 +1284,7 @@ TEST_F(OEMCryptoSessionTests, AntiRollbackHardwareRequired) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - 0, wvoec_mock::kControlRequireAntiRollbackHardware, 0)); + 0, wvoec::kControlRequireAntiRollbackHardware, 0)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); OEMCryptoResult sts = OEMCrypto_LoadKeys( s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], @@ -1256,7 +1306,7 @@ TEST_F(OEMCryptoSessionTests, CheckMinimumPatchLevel) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - 0, patch_level << wvoec_mock::kControlSecurityPatchLevelShift, 0)); + 0, patch_level << wvoec::kControlSecurityPatchLevelShift, 0)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_EQ( OEMCrypto_SUCCESS, @@ -1272,7 +1322,7 @@ TEST_F(OEMCryptoSessionTests, CheckMinimumPatchLevel) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - 0, (patch_level + 1) << wvoec_mock::kControlSecurityPatchLevelShift, + 0, (patch_level + 1) << wvoec::kControlSecurityPatchLevelShift, 0)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_EQ( @@ -1289,7 +1339,7 @@ TEST_F(OEMCryptoSessionTests, CheckMinimumPatchLevel) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - 0, (patch_level - 1) << wvoec_mock::kControlSecurityPatchLevelShift, + 0, (patch_level - 1) << wvoec::kControlSecurityPatchLevelShift, 0)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_EQ( @@ -1331,8 +1381,8 @@ class SessionTestDecryptWithHDCP : public OEMCryptoSessionTests, ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( 0, - (version << wvoec_mock::kControlHDCPVersionShift) | - wvoec_mock::kControlObserveHDCP | wvoec_mock::kControlHDCPRequired, + (version << wvoec::kControlHDCPVersionShift) | + wvoec::kControlObserveHDCP | wvoec::kControlHDCPRequired, 0)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys()); @@ -1376,14 +1426,14 @@ TEST_P(SessionTestRefreshKeyTest, RefreshWithNonce) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - kDuration, wvoec_mock::kControlNonceEnabled, s.get_nonce())); + kDuration, wvoec::kControlNonceEnabled, s.get_nonce())); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys("", new_mac_keys_)); s.GenerateNonce(); // License renewal message is signed by client and verified by the server. ASSERT_NO_FATAL_FAILURE(s.VerifyClientSignature()); ASSERT_NO_FATAL_FAILURE(s.RefreshTestKeys(num_keys_, - wvoec_mock::kControlNonceEnabled, + wvoec::kControlNonceEnabled, s.get_nonce(), OEMCrypto_SUCCESS)); } @@ -1406,14 +1456,14 @@ TEST_P(SessionTestRefreshKeyTest, RefreshOldNonceAPI11) { ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); uint32_t nonce = s.get_nonce(); ASSERT_NO_FATAL_FAILURE( - s.FillSimpleMessage(kDuration, wvoec_mock::kControlNonceEnabled, nonce)); + s.FillSimpleMessage(kDuration, wvoec::kControlNonceEnabled, nonce)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys("", new_mac_keys_)); // License renewal message is signed by client and verified by the server. ASSERT_NO_FATAL_FAILURE(s.VerifyClientSignature()); // Tryinng to reuse the same nonce. ASSERT_NO_FATAL_FAILURE( - s.RefreshTestKeys(num_keys_, wvoec_mock::kControlNonceEnabled, nonce, + s.RefreshTestKeys(num_keys_, wvoec::kControlNonceEnabled, nonce, OEMCrypto_ERROR_INVALID_NONCE)); } @@ -1422,7 +1472,7 @@ TEST_P(SessionTestRefreshKeyTest, RefreshBadNonceAPI11) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - kDuration, wvoec_mock::kControlNonceEnabled, s.get_nonce())); + kDuration, wvoec::kControlNonceEnabled, s.get_nonce())); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys("", new_mac_keys_)); s.GenerateNonce(); @@ -1430,7 +1480,7 @@ TEST_P(SessionTestRefreshKeyTest, RefreshBadNonceAPI11) { ASSERT_NO_FATAL_FAILURE(s.VerifyClientSignature()); uint32_t nonce = s.get_nonce() ^ 42; ASSERT_NO_FATAL_FAILURE( - s.RefreshTestKeys(num_keys_, wvoec_mock::kControlNonceEnabled, nonce, + s.RefreshTestKeys(num_keys_, wvoec::kControlNonceEnabled, nonce, OEMCrypto_ERROR_INVALID_NONCE)); } @@ -1440,7 +1490,7 @@ TEST_P(SessionTestRefreshKeyTest, RefreshLargeBuffer) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - kDuration, wvoec_mock::kControlNonceEnabled, s.get_nonce())); + kDuration, wvoec::kControlNonceEnabled, s.get_nonce())); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys("", new_mac_keys_)); s.GenerateNonce(); @@ -1448,7 +1498,7 @@ TEST_P(SessionTestRefreshKeyTest, RefreshLargeBuffer) { // This uses a large buffer for the renewal message. ASSERT_NO_FATAL_FAILURE(s.VerifyClientSignature(kMaxMessageSize)); ASSERT_NO_FATAL_FAILURE(s.RefreshTestKeys(num_keys_, - wvoec_mock::kControlNonceEnabled, + wvoec::kControlNonceEnabled, s.get_nonce(), OEMCrypto_SUCCESS)); } @@ -1460,7 +1510,7 @@ TEST_P(SessionTestRefreshKeyTest, RefreshWithNoSelectKey) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - kDuration, wvoec_mock::kControlNonceEnabled, s.get_nonce())); + kDuration, wvoec::kControlNonceEnabled, s.get_nonce())); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys("", new_mac_keys_)); // Call select key before the refresh. No calls below to TestDecryptCTR with @@ -1474,7 +1524,7 @@ TEST_P(SessionTestRefreshKeyTest, RefreshWithNoSelectKey) { // message is not actually encrypted. It is, however, signed. // FillRefreshMessage fills the message with a duration of kLongDuration. ASSERT_NO_FATAL_FAILURE(s.FillRefreshMessage( - num_keys_, wvoec_mock::kControlNonceEnabled, s.get_nonce())); + num_keys_, wvoec::kControlNonceEnabled, s.get_nonce())); s.ServerSignBuffer(reinterpret_cast(&s.encrypted_license()), s.message_size(), &s.signature()); OEMCrypto_KeyRefreshObject key_array[num_keys_]; @@ -2082,7 +2132,7 @@ TEST_F(OEMCryptoSessionTests, DecryptSecureToClear) { ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( kDuration, - wvoec_mock::kControlObserveDataPath | wvoec_mock::kControlDataPathSecure, + wvoec::kControlObserveDataPath | wvoec::kControlDataPathSecure, 0)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys()); @@ -2095,7 +2145,7 @@ TEST_F(OEMCryptoSessionTests, DecryptNoAnalogToClearAPI13) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - kDuration, wvoec_mock::kControlDisableAnalogOutput, 0)); + kDuration, wvoec::kControlDisableAnalogOutput, 0)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys()); ASSERT_NO_FATAL_FAILURE( @@ -2107,7 +2157,7 @@ TEST_F(OEMCryptoSessionTests, KeyDuration) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - kDuration, wvoec_mock::kControlNonceEnabled, s.get_nonce())); + kDuration, wvoec::kControlNonceEnabled, s.get_nonce())); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys()); ASSERT_NO_FATAL_FAILURE(s.TestDecryptCTR(true, OEMCrypto_SUCCESS)); @@ -3769,22 +3819,22 @@ class GenericCryptoTest : public OEMCryptoSessionTests { ASSERT_NO_FATAL_FAILURE( session_.FillSimpleMessage(duration, control, nonce, pst)); session_.license().keys[0].control.control_bits |= - htonl(wvoec_mock::kControlAllowEncrypt); + htonl(wvoec::kControlAllowEncrypt); session_.license().keys[1].control.control_bits |= - htonl(wvoec_mock::kControlAllowDecrypt); + htonl(wvoec::kControlAllowDecrypt); session_.license().keys[2].control.control_bits |= - htonl(wvoec_mock::kControlAllowSign); + htonl(wvoec::kControlAllowSign); session_.license().keys[3].control.control_bits |= - htonl(wvoec_mock::kControlAllowVerify); + htonl(wvoec::kControlAllowVerify); - session_.license().keys[2].key_data_length = wvcdm::MAC_KEY_SIZE; - session_.license().keys[3].key_data_length = wvcdm::MAC_KEY_SIZE; + session_.license().keys[2].key_data_length = wvoec::MAC_KEY_SIZE; + session_.license().keys[3].key_data_length = wvoec::MAC_KEY_SIZE; clear_buffer_.assign(buffer_size_, 0); for (size_t i = 0; i < clear_buffer_.size(); i++) { clear_buffer_[i] = 1 + i % 250; } - for (size_t i = 0; i < wvcdm::KEY_IV_SIZE; i++) { + for (size_t i = 0; i < wvoec::KEY_IV_SIZE; i++) { iv_[i] = i; } } @@ -3800,8 +3850,8 @@ class GenericCryptoTest : public OEMCryptoSessionTests { ASSERT_EQ(0, AES_set_encrypt_key(session_.license().keys[key_index].key_data, AES_BLOCK_SIZE * 8, &aes_key)); - uint8_t iv_buffer[wvcdm::KEY_IV_SIZE]; - memcpy(iv_buffer, iv_, wvcdm::KEY_IV_SIZE); + uint8_t iv_buffer[wvoec::KEY_IV_SIZE]; + memcpy(iv_buffer, iv_, wvoec::KEY_IV_SIZE); out_buffer->resize(in_buffer.size()); ASSERT_GT(in_buffer.size(), 0u); ASSERT_EQ(0u, in_buffer.size() % AES_BLOCK_SIZE); @@ -3815,7 +3865,7 @@ class GenericCryptoTest : public OEMCryptoSessionTests { unsigned int md_len = SHA256_DIGEST_LENGTH; signature->resize(SHA256_DIGEST_LENGTH); HMAC(EVP_sha256(), session_.license().keys[key_index].key_data, - wvcdm::MAC_KEY_SIZE, &in_buffer[0], in_buffer.size(), + wvoec::MAC_KEY_SIZE, &in_buffer[0], in_buffer.size(), signature->data(), &md_len); } @@ -3899,7 +3949,7 @@ class GenericCryptoTest : public OEMCryptoSessionTests { size_t buffer_size_; vector clear_buffer_; vector encrypted_buffer_; - uint8_t iv_[wvcdm::KEY_IV_SIZE]; + uint8_t iv_[wvoec::KEY_IV_SIZE]; Session session_; }; @@ -3994,7 +4044,7 @@ TEST_F(GenericCryptoTest, GenericKeyDecryptSameBufferAPI12) { TEST_F(GenericCryptoTest, GenericSecureToClear) { session_.license().keys[1].control.control_bits |= htonl( - wvoec_mock::kControlObserveDataPath | wvoec_mock::kControlDataPathSecure); + wvoec::kControlObserveDataPath | wvoec::kControlDataPathSecure); EncryptAndLoadKeys(); unsigned int key_index = 1; vector encrypted; @@ -4316,7 +4366,7 @@ class GenericCryptoKeyIdLengthTest : public GenericCryptoTest { const uint32_t kNoNonce = 0; session_.set_num_keys(5); ASSERT_NO_FATAL_FAILURE(session_.FillSimpleMessage( - kDuration, wvoec_mock::kControlAllowDecrypt, kNoNonce)); + kDuration, wvoec::kControlAllowDecrypt, kNoNonce)); SetUniformKeyIdLength(16); // Start with all key ids being 16 bytes. // But, we are testing that the key ids do not have to have the same length. session_.SetKeyId(0, "123456789012"); // 12 bytes (common key id length). @@ -4407,7 +4457,7 @@ class UsageTableTest : public GenericCryptoTest { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - 0, wvoec_mock::kControlNonceOrEntry, s.get_nonce(), pst)); + 0, wvoec::kControlNonceOrEntry, s.get_nonce(), pst)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.CreateNewUsageEntry()); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys(pst, new_mac_keys_)); @@ -4454,7 +4504,7 @@ TEST_P(UsageTableTestWithMAC, OnlineLicense) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - 0, wvoec_mock::kControlNonceEnabled | wvoec_mock::kControlNonceRequired, + 0, wvoec::kControlNonceEnabled | wvoec::kControlNonceRequired, s.get_nonce(), pst)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.CreateNewUsageEntry()); @@ -4484,7 +4534,7 @@ TEST_P(UsageTableTestWithMAC, ForbidReportWithNoUpdate) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - 0, wvoec_mock::kControlNonceEnabled | wvoec_mock::kControlNonceRequired, + 0, wvoec::kControlNonceEnabled | wvoec::kControlNonceRequired, s.get_nonce(), pst)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.CreateNewUsageEntry()); @@ -4514,7 +4564,7 @@ TEST_P(UsageTableTestWithMAC, OnlineLicenseWithRefresh) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - 0, wvoec_mock::kControlNonceEnabled | wvoec_mock::kControlNonceRequired, + 0, wvoec::kControlNonceEnabled | wvoec::kControlNonceRequired, s.get_nonce(), pst)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.CreateNewUsageEntry()); @@ -4527,7 +4577,7 @@ TEST_P(UsageTableTestWithMAC, OnlineLicenseWithRefresh) { size_t kAllKeys = 1; ASSERT_NO_FATAL_FAILURE(s.RefreshTestKeys( kAllKeys, - wvoec_mock::kControlNonceEnabled | wvoec_mock::kControlNonceRequired, + wvoec::kControlNonceEnabled | wvoec::kControlNonceRequired, s.get_nonce(), OEMCrypto_SUCCESS)); ASSERT_NO_FATAL_FAILURE(s.UpdateUsageEntry(&encrypted_usage_header_)); ASSERT_NO_FATAL_FAILURE( @@ -4543,7 +4593,7 @@ TEST_F(UsageTableTest, RepeatOnlineLicense) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - 0, wvoec_mock::kControlNonceEnabled | wvoec_mock::kControlNonceRequired, + 0, wvoec::kControlNonceEnabled | wvoec::kControlNonceRequired, s.get_nonce(), pst)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.CreateNewUsageEntry()); @@ -4574,7 +4624,7 @@ TEST_F(UsageTableTest, OnlineEmptyPST) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - 0, wvoec_mock::kControlNonceEnabled | wvoec_mock::kControlNonceRequired, + 0, wvoec::kControlNonceEnabled | wvoec::kControlNonceRequired, s.get_nonce())); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.CreateNewUsageEntry()); @@ -4594,7 +4644,7 @@ TEST_F(UsageTableTest, OnlineMissingEntry) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - 0, wvoec_mock::kControlNonceEnabled | wvoec_mock::kControlNonceRequired, + 0, wvoec::kControlNonceEnabled | wvoec::kControlNonceRequired, s.get_nonce(), pst)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); // ENTRY NOT CREATED: ASSERT_NO_FATAL_FAILURE(s.CreateNewUsageEntry()); @@ -4613,7 +4663,7 @@ TEST_F(UsageTableTest, TwoHundredEntries) { ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s1)); std::string pst1 = "pst saved"; ASSERT_NO_FATAL_FAILURE(s1.FillSimpleMessage( - 0, wvoec_mock::kControlNonceEnabled | wvoec_mock::kControlNonceRequired, + 0, wvoec::kControlNonceEnabled | wvoec::kControlNonceRequired, s1.get_nonce(), pst1)); ASSERT_NO_FATAL_FAILURE(s1.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s1.CreateNewUsageEntry()); @@ -4633,7 +4683,7 @@ TEST_F(UsageTableTest, TwoHundredEntries) { char c2 = 'A' + (i%26); pst = pst + c1 + c2; ASSERT_NO_FATAL_FAILURE(sessions[i].FillSimpleMessage( - 0, wvoec_mock::kControlNonceOrEntry, sessions[i].get_nonce(), pst)); + 0, wvoec::kControlNonceOrEntry, sessions[i].get_nonce(), pst)); ASSERT_NO_FATAL_FAILURE(sessions[i].EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(sessions[i].CreateNewUsageEntry()); ASSERT_EQ(sessions[i].usage_entry_number(), i + 1); @@ -4645,13 +4695,13 @@ TEST_F(UsageTableTest, TwoHundredEntries) { sleep(kShortSleep); for (size_t i = 0; i < ENTRY_COUNT; i++) { ASSERT_NO_FATAL_FAILURE(sessions[i].open()); - ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&sessions[i])); std::string pst = "pst "; char c1 = 'A' + (i/26); char c2 = 'A' + (i%26); pst = pst + c1 + c2; // Reuse license message created above. ASSERT_NO_FATAL_FAILURE(sessions[i].ReloadUsageEntry()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&sessions[i])); ASSERT_NO_FATAL_FAILURE(sessions[i].LoadTestKeys(pst, new_mac_keys_)) << "Failed to reload license " << i << " with pst = " << pst; ASSERT_NO_FATAL_FAILURE( @@ -4670,7 +4720,7 @@ TEST_P(UsageTableTestWithMAC, GenericCryptoEncrypt) { std::string pst = "A PST"; uint32_t nonce = session_.get_nonce(); MakeFourKeys( - 0, wvoec_mock::kControlNonceEnabled | wvoec_mock::kControlNonceRequired, + 0, wvoec::kControlNonceEnabled | wvoec::kControlNonceRequired, nonce, pst); ASSERT_NO_FATAL_FAILURE(session_.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(session_.CreateNewUsageEntry()); @@ -4707,7 +4757,7 @@ TEST_P(UsageTableTestWithMAC, GenericCryptoDecrypt) { std::string pst = "my_pst"; uint32_t nonce = session_.get_nonce(); MakeFourKeys( - 0, wvoec_mock::kControlNonceEnabled | wvoec_mock::kControlNonceRequired, + 0, wvoec::kControlNonceEnabled | wvoec::kControlNonceRequired, nonce, pst); ASSERT_NO_FATAL_FAILURE(session_.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(session_.CreateNewUsageEntry()); @@ -4744,7 +4794,7 @@ TEST_P(UsageTableTestWithMAC, GenericCryptoSign) { std::string pst = "my_pst"; uint32_t nonce = session_.get_nonce(); MakeFourKeys( - 0, wvoec_mock::kControlNonceEnabled | wvoec_mock::kControlNonceRequired, + 0, wvoec::kControlNonceEnabled | wvoec::kControlNonceRequired, nonce, pst); ASSERT_NO_FATAL_FAILURE(session_.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(session_.CreateNewUsageEntry()); @@ -4792,7 +4842,7 @@ TEST_P(UsageTableTestWithMAC, GenericCryptoVerify) { std::string pst = "my_pst"; uint32_t nonce = session_.get_nonce(); MakeFourKeys( - 0, wvoec_mock::kControlNonceEnabled | wvoec_mock::kControlNonceRequired, + 0, wvoec::kControlNonceEnabled | wvoec::kControlNonceRequired, nonce, pst); ASSERT_NO_FATAL_FAILURE(session_.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(session_.CreateNewUsageEntry()); @@ -4835,7 +4885,7 @@ TEST_P(UsageTableTestWithMAC, OfflineLicenseRefresh) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - 0, wvoec_mock::kControlNonceOrEntry, s.get_nonce(), pst)); + 0, wvoec::kControlNonceOrEntry, s.get_nonce(), pst)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.CreateNewUsageEntry()); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys(pst, new_mac_keys_)); @@ -4846,7 +4896,7 @@ TEST_P(UsageTableTestWithMAC, OfflineLicenseRefresh) { ASSERT_NO_FATAL_FAILURE(s.VerifyClientSignature()); size_t kAllKeys = 1; ASSERT_NO_FATAL_FAILURE(s.RefreshTestKeys( - kAllKeys, wvoec_mock::kControlNonceOrEntry, 0, OEMCrypto_SUCCESS)); + kAllKeys, wvoec::kControlNonceOrEntry, 0, OEMCrypto_SUCCESS)); ASSERT_NO_FATAL_FAILURE(s.TestDecryptCTR()); ASSERT_NO_FATAL_FAILURE(s.UpdateUsageEntry(&encrypted_usage_header_)); ASSERT_NO_FATAL_FAILURE( @@ -4862,10 +4912,10 @@ TEST_P(UsageTableTestWithMAC, ReloadOfflineLicense) { ASSERT_NO_FATAL_FAILURE(LoadOfflineLicense(s, pst)); ASSERT_NO_FATAL_FAILURE(s.open()); - ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); // We will reuse the encrypted and signed message, so we don't call // FillSimpleMessage again. ASSERT_NO_FATAL_FAILURE(s.ReloadUsageEntry()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys(pst, new_mac_keys_)); ASSERT_NO_FATAL_FAILURE(s.UpdateUsageEntry(&encrypted_usage_header_)); ASSERT_NO_FATAL_FAILURE(s.GenerateVerifyReport(pst, kUnused)); @@ -4882,10 +4932,10 @@ TEST_P(UsageTableTestWithMAC, ReloadOfflineLicenseWithRefresh) { time_t loaded = time(NULL); ASSERT_NO_FATAL_FAILURE(s.open()); - ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); // We will reuse the encrypted and signed message, so we don't call // FillSimpleMessage again. ASSERT_NO_FATAL_FAILURE(s.ReloadUsageEntry()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys(pst, new_mac_keys_)); ASSERT_NO_FATAL_FAILURE(s.UpdateUsageEntry(&encrypted_usage_header_)); ASSERT_NO_FATAL_FAILURE(s.GenerateVerifyReport(pst, kUnused, loaded, 0, 0)); @@ -4899,7 +4949,7 @@ TEST_P(UsageTableTestWithMAC, ReloadOfflineLicenseWithRefresh) { decrypt_time)); // last decrypt size_t kAllKeys = 1; ASSERT_NO_FATAL_FAILURE(s.RefreshTestKeys( - kAllKeys, wvoec_mock::kControlNonceOrEntry, 0, OEMCrypto_SUCCESS)); + kAllKeys, wvoec::kControlNonceOrEntry, 0, OEMCrypto_SUCCESS)); ASSERT_NO_FATAL_FAILURE(s.TestDecryptCTR()); ASSERT_NO_FATAL_FAILURE(s.UpdateUsageEntry(&encrypted_usage_header_)); ASSERT_NO_FATAL_FAILURE(s.GenerateVerifyReport(pst, kActive, @@ -4920,10 +4970,10 @@ TEST_P(UsageTableTestWithMAC, ReloadOfflineLicenseWithTerminate) { encrypted_usage_header_.size())); ASSERT_NO_FATAL_FAILURE(s.open()); - ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); // We will reuse the encrypted and signed message, so we don't call // FillSimpleMessage again. ASSERT_NO_FATAL_FAILURE(s.ReloadUsageEntry()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys(pst, new_mac_keys_)); ASSERT_NO_FATAL_FAILURE(s.UpdateUsageEntry(&encrypted_usage_header_)); ASSERT_NO_FATAL_FAILURE(s.GenerateVerifyReport(pst, kUnused)); @@ -4937,13 +4987,14 @@ TEST_P(UsageTableTestWithMAC, BadReloadOfflineLicense) { std::string pst = "my_pst"; Session s; ASSERT_NO_FATAL_FAILURE(LoadOfflineLicense(s, pst)); + time_t loaded = time(NULL); // Offline license with new mac keys should fail. Session s2; ASSERT_NO_FATAL_FAILURE(s2.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s2)); ASSERT_NO_FATAL_FAILURE(s2.FillSimpleMessage( - 0, wvoec_mock::kControlNonceOrEntry, s2.get_nonce(), pst)); + 0, wvoec::kControlNonceOrEntry, s2.get_nonce(), pst)); ASSERT_NO_FATAL_FAILURE(s2.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s2.LoadUsageEntry(s)); uint8_t* pst_ptr = s2.encrypted_license().pst; @@ -4959,11 +5010,14 @@ TEST_P(UsageTableTestWithMAC, BadReloadOfflineLicense) { // Offline license with same mac keys should still be OK. ASSERT_NO_FATAL_FAILURE(s.open()); - ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.ReloadUsageEntry()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys(pst, new_mac_keys_)); ASSERT_NO_FATAL_FAILURE(s.UpdateUsageEntry(&encrypted_usage_header_)); - ASSERT_NO_FATAL_FAILURE(s.GenerateVerifyReport(pst, kUnused)); + ASSERT_NO_FATAL_FAILURE( + s.GenerateVerifyReport(pst, kUnused, + loaded, // license loaded. + 0, 0)); // first and last decrypt } // An offline license should not load on the first call if the nonce is bad. @@ -4974,7 +5028,7 @@ TEST_P(UsageTableTestWithMAC, OfflineBadNonce) { ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.CreateNewUsageEntry()); ASSERT_NO_FATAL_FAILURE( - s.FillSimpleMessage(0, wvoec_mock::kControlNonceOrEntry, 42, pst)); + s.FillSimpleMessage(0, wvoec::kControlNonceOrEntry, 42, pst)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); uint8_t* pst_ptr = s.encrypted_license().pst; OEMCryptoResult sts = OEMCrypto_LoadKeys( @@ -4993,7 +5047,7 @@ TEST_P(UsageTableTestWithMAC, OfflineEmptyPST) { ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.CreateNewUsageEntry()); ASSERT_NO_FATAL_FAILURE( - s.FillSimpleMessage(0, wvoec_mock::kControlNonceOrEntry, s.get_nonce())); + s.FillSimpleMessage(0, wvoec::kControlNonceOrEntry, s.get_nonce())); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); OEMCryptoResult sts = OEMCrypto_LoadKeys( s.session_id(), s.message_ptr(), s.message_size(), &s.signature()[0], @@ -5031,8 +5085,8 @@ TEST_P(UsageTableTestWithMAC, DeactivateOfflineLicense) { ASSERT_NO_FATAL_FAILURE(LoadOfflineLicense(s, pst)); ASSERT_NO_FATAL_FAILURE(s.open()); - ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.ReloadUsageEntry()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE( s.LoadTestKeys(pst, new_mac_keys_)); // Reload the license ASSERT_NO_FATAL_FAILURE(s.TestDecryptCTR()); // Should be able to decrypt. @@ -5075,7 +5129,7 @@ TEST_P(UsageTableTestWithMAC, BadRange) { ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(session_.CreateNewUsageEntry()); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - 0, wvoec_mock::kControlNonceOrEntry, s.get_nonce(), pst)); + 0, wvoec::kControlNonceOrEntry, s.get_nonce(), pst)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); uint8_t* pst_ptr = s.license().pst; // Bad: not in encrypted_license. ASSERT_NE( @@ -5094,7 +5148,7 @@ TEST_F(UsageTableTest, UpdateFailsWithNullPtr) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - 0, wvoec_mock::kControlNonceEnabled | wvoec_mock::kControlNonceRequired, + 0, wvoec::kControlNonceEnabled | wvoec::kControlNonceRequired, s.get_nonce(), pst)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.CreateNewUsageEntry()); @@ -5124,7 +5178,7 @@ class UsageTableDefragTest : public UsageTableTest { char c2 = 'A' + (index % 26); pst = pst + c1 + c2; ASSERT_NO_FATAL_FAILURE(s->FillSimpleMessage( - 0, wvoec_mock::kControlNonceOrEntry, s->get_nonce(), pst)); + 0, wvoec::kControlNonceOrEntry, s->get_nonce(), pst)); ASSERT_NO_FATAL_FAILURE(s->EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s->CreateNewUsageEntry()); ASSERT_EQ(s->usage_entry_number(), index); @@ -5136,8 +5190,8 @@ class UsageTableDefragTest : public UsageTableTest { void ReloadLicense(Session* s, time_t start) { ASSERT_NO_FATAL_FAILURE(s->open()); - ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(s)); ASSERT_NO_FATAL_FAILURE(s->ReloadUsageEntry()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(s)); ASSERT_NO_FATAL_FAILURE(s->LoadTestKeys(s->pst(), new_mac_keys_)); ASSERT_NO_FATAL_FAILURE(s->UpdateUsageEntry(&encrypted_usage_header_)); ASSERT_NO_FATAL_FAILURE(s->TestDecryptCTR()); @@ -5351,10 +5405,10 @@ TEST_F(UsageTableTest, ReloadUsageTableWithSkew) { // Reload the license, and save the header. ASSERT_NO_FATAL_FAILURE(s.open()); - ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); // We will reuse the encrypted and signed message, so we don't call // FillSimpleMessage again. ASSERT_NO_FATAL_FAILURE(s.ReloadUsageEntry()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys(pst, new_mac_keys_)); ASSERT_NO_FATAL_FAILURE(s.UpdateUsageEntry(&encrypted_usage_header_)); vector old_usage_header_2_ = encrypted_usage_header_; @@ -5370,14 +5424,13 @@ TEST_F(UsageTableTest, ReloadUsageTableWithSkew) { OEMCrypto_LoadUsageTableHeader(NULL, old_usage_header_2_.size())); ASSERT_NO_FATAL_FAILURE(s.open()); - ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); // Cannot load an entry with if header didn't load. ASSERT_EQ( OEMCrypto_ERROR_UNKNOWN_FAILURE, OEMCrypto_LoadUsageEntry(s.session_id(), s.usage_entry_number(), &s.encrypted_usage_entry()[0], s.encrypted_usage_entry().size())); - + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.close()); // Modified header generates error. @@ -5387,14 +5440,13 @@ TEST_F(UsageTableTest, ReloadUsageTableWithSkew) { OEMCrypto_LoadUsageTableHeader(&bad_header[0], bad_header.size())); ASSERT_NO_FATAL_FAILURE(s.open()); - ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); // Cannot load an entry with if header didn't load. ASSERT_EQ( OEMCrypto_ERROR_UNKNOWN_FAILURE, OEMCrypto_LoadUsageEntry(s.session_id(), s.usage_entry_number(), &s.encrypted_usage_entry()[0], s.encrypted_usage_entry().size())); - + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.close()); // Old by 2 generation numbers is error. @@ -5402,14 +5454,13 @@ TEST_F(UsageTableTest, ReloadUsageTableWithSkew) { OEMCrypto_LoadUsageTableHeader(&old_usage_header_2_[0], old_usage_header_2_.size())); ASSERT_NO_FATAL_FAILURE(s.open()); - ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); // Cannot load an entry with if header didn't load. ASSERT_NE( OEMCrypto_SUCCESS, OEMCrypto_LoadUsageEntry(s.session_id(), s.usage_entry_number(), &s.encrypted_usage_entry()[0], s.encrypted_usage_entry().size())); - + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.close()); // Old by 1 generation numbers is just warning. @@ -5418,12 +5469,12 @@ TEST_F(UsageTableTest, ReloadUsageTableWithSkew) { old_usage_header_1_.size())); // Everything else should still work. Skew by 1 is just a warning. ASSERT_NO_FATAL_FAILURE(s.open()); - ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_EQ( OEMCrypto_WARNING_GENERATION_SKEW, OEMCrypto_LoadUsageEntry(s.session_id(), s.usage_entry_number(), &s.encrypted_usage_entry()[0], s.encrypted_usage_entry().size())); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys(pst, new_mac_keys_)); ASSERT_NO_FATAL_FAILURE(s.UpdateUsageEntry(&encrypted_usage_header_)); ASSERT_NO_FATAL_FAILURE(s.close()); @@ -5435,7 +5486,7 @@ TEST_F(UsageTableTest, GenerateReportWrongPST) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - 0, wvoec_mock::kControlNonceOrEntry, s.get_nonce(), pst)); + 0, wvoec::kControlNonceOrEntry, s.get_nonce(), pst)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.CreateNewUsageEntry()); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys(pst, new_mac_keys_)); @@ -5460,15 +5511,15 @@ TEST_F(UsageTableTest, TimingTest) { sleep(kLongSleep); ASSERT_NO_FATAL_FAILURE(s1.open()); - ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s1)); ASSERT_NO_FATAL_FAILURE(s1.ReloadUsageEntry()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s1)); ASSERT_NO_FATAL_FAILURE(s1.LoadTestKeys(pst1, new_mac_keys_)); time_t first_decrypt1 = time(NULL); ASSERT_NO_FATAL_FAILURE(s1.TestDecryptCTR()); ASSERT_NO_FATAL_FAILURE(s2.open()); - ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s2)); ASSERT_NO_FATAL_FAILURE(s2.ReloadUsageEntry()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s2)); ASSERT_NO_FATAL_FAILURE(s2.LoadTestKeys(pst2, new_mac_keys_)); time_t first_decrypt2 = time(NULL); ASSERT_NO_FATAL_FAILURE(s2.TestDecryptCTR()); @@ -5498,8 +5549,8 @@ TEST_F(UsageTableTest, TimingTest) { sleep(kLongSleep); time_t third_decrypt = time(NULL); ASSERT_NO_FATAL_FAILURE(s2.open()); - ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s2)); ASSERT_NO_FATAL_FAILURE(s2.ReloadUsageEntry()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s2)); ASSERT_NO_FATAL_FAILURE(s2.LoadTestKeys(pst2, new_mac_keys_)); ASSERT_NO_FATAL_FAILURE(s2.TestDecryptCTR()); ASSERT_NO_FATAL_FAILURE(s2.UpdateUsageEntry(&encrypted_usage_header_)); @@ -5532,7 +5583,7 @@ TEST_F(UsageTableTest, VerifyUsageTimes) { ASSERT_NO_FATAL_FAILURE(s.open()); ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.FillSimpleMessage( - 0, wvoec_mock::kControlNonceEnabled | wvoec_mock::kControlNonceRequired, + 0, wvoec::kControlNonceEnabled | wvoec::kControlNonceRequired, s.get_nonce(), pst)); ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.CreateNewUsageEntry()); @@ -5616,6 +5667,86 @@ TEST_F(UsageTableTest, VerifyUsageTimes) { s.TestDecryptCTR(false, OEMCrypto_ERROR_UNKNOWN_FAILURE)); } +// NOTE: This test needs root access since clock_settime messes with the system +// time in order to verify that OEMCrypto protects against rollbacks in usage +// entries. Therefore, this test is filtered if not run as root. +// We don't test roll-forward protection or instances where the user rolls back +// the time to the last decrypt call since this requires hardware-secure clocks +// to guarantee. +TEST_F(UsageTableTest, TimeRollbackPrevention) { + std::string pst = "my_pst"; + Session s1; + cout << "This test temporarily rolls back the system time in order to verify " + << "that the usage report accounts for the change. It then rolls " + << "the time back forward to the absolute time." << endl; + // We use clock_gettime(CLOCK_REALTIME, ...) over time(...) so we can easily + // set the time using clock_settime. + timespec current_time; + ASSERT_EQ(0, clock_gettime(CLOCK_REALTIME, ¤t_time)); + time_t loaded = current_time.tv_sec; + ASSERT_NO_FATAL_FAILURE(LoadOfflineLicense(s1, pst)); + + ASSERT_NO_FATAL_FAILURE(s1.open()); + ASSERT_NO_FATAL_FAILURE(s1.ReloadUsageEntry()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s1)); + ASSERT_NO_FATAL_FAILURE(s1.LoadTestKeys(pst, new_mac_keys_)); + ASSERT_EQ(0, clock_gettime(CLOCK_REALTIME, ¤t_time)); + time_t first_decrypt = current_time.tv_sec; + // Monotonic clock can't be changed. We use this since system clock will be + // unreliable. + ASSERT_EQ(0, clock_gettime(CLOCK_MONOTONIC, ¤t_time)); + time_t first_decrypt_monotonic = current_time.tv_sec; + ASSERT_NO_FATAL_FAILURE(s1.TestDecryptCTR()); + ASSERT_NO_FATAL_FAILURE(s1.UpdateUsageEntry(&encrypted_usage_header_)); + ASSERT_NO_FATAL_FAILURE(s1.close()); + + // Imitate playback. + sleep(kLongDuration * 2); + + ASSERT_NO_FATAL_FAILURE(s1.open()); + ASSERT_NO_FATAL_FAILURE(s1.ReloadUsageEntry()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s1)); + ASSERT_NO_FATAL_FAILURE(s1.LoadTestKeys(pst, new_mac_keys_)); + ASSERT_NO_FATAL_FAILURE(s1.TestDecryptCTR()); + ASSERT_NO_FATAL_FAILURE(s1.UpdateUsageEntry(&encrypted_usage_header_)); + ASSERT_NO_FATAL_FAILURE(s1.close()); + + ASSERT_EQ(0, clock_gettime(CLOCK_REALTIME, ¤t_time)); + // Rollback the wall clock time. + cout << "Rolling the system time back..." << endl; + timeval current_time_of_day = {}; + current_time_of_day.tv_sec = current_time.tv_sec - kLongDuration * 10; + ASSERT_EQ(0, settimeofday(¤t_time_of_day, NULL)); + + // Try to playback again. + ASSERT_NO_FATAL_FAILURE(s1.open()); + ASSERT_NO_FATAL_FAILURE(s1.ReloadUsageEntry()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s1)); + ASSERT_NO_FATAL_FAILURE(s1.LoadTestKeys(pst, new_mac_keys_)); + ASSERT_EQ(0, clock_gettime(CLOCK_MONOTONIC, ¤t_time)); + time_t third_decrypt = current_time.tv_sec; + ASSERT_NO_FATAL_FAILURE(s1.TestDecryptCTR()); + ASSERT_NO_FATAL_FAILURE(s1.UpdateUsageEntry(&encrypted_usage_header_)); + ASSERT_NO_FATAL_FAILURE(s1.GenerateReport(pst)); + Test_PST_Report expected(pst, kActive); + + // Restore wall clock to its original position to verify that OEMCrypto does + // not report negative times. + ASSERT_EQ(0, clock_gettime(CLOCK_MONOTONIC, ¤t_time)); + current_time_of_day.tv_sec = + first_decrypt + current_time.tv_sec - first_decrypt_monotonic; + cout << "Rolling the system time forward to the absolute time..." << endl; + ASSERT_EQ(0, settimeofday(¤t_time_of_day, NULL)); + // Need to update time created since the verification checks the time of PST + // report creation. + expected.time_created = current_time_of_day.tv_sec; + + ASSERT_NO_FATAL_FAILURE( + s1.VerifyReport(expected, loaded, first_decrypt, + first_decrypt + third_decrypt - first_decrypt_monotonic)); + ASSERT_NO_FATAL_FAILURE(s1.close()); +} + // This is a special case where a group of assets can be licensed with a master // key. In order for this to work, a single session must first load a device // specific license, and then a shared content license. This shared license is @@ -5626,10 +5757,10 @@ TEST_F(UsageTableTest, LoadSharedLicense) { ASSERT_NO_FATAL_FAILURE(LoadOfflineLicense(s, pst)); ASSERT_NO_FATAL_FAILURE(s.open()); - ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); // We will reuse the encrypted and signed message, so we don't call // FillSimpleMessage again. ASSERT_NO_FATAL_FAILURE(s.ReloadUsageEntry()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys(pst, true)); // The second set of keys are in the shared license. They will have the @@ -5642,7 +5773,7 @@ TEST_F(UsageTableTest, LoadSharedLicense) { s.license().keys[i].key_id_length); s.license().keys[i].control.nonce = 0; s.license().keys[i].control.control_bits = - htonl(wvoec_mock::kSharedLicense); + htonl(wvoec::kSharedLicense); } ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys(pst, false)); @@ -5656,8 +5787,8 @@ TEST_F(UsageTableTest, LoadSharedLicenseWithNoMaster) { ASSERT_NO_FATAL_FAILURE(LoadOfflineLicense(s, pst)); ASSERT_NO_FATAL_FAILURE(s.open()); - ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.ReloadUsageEntry()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); // This time, we do NOT load the master license. This should // generate an error below. // ASSERT_NO_FATAL_FAILURE(s.LoadTestKeys(pst, true)); @@ -5671,7 +5802,7 @@ TEST_F(UsageTableTest, LoadSharedLicenseWithNoMaster) { s.license().keys[i].key_id_length); s.license().keys[i].control.nonce = 0; s.license().keys[i].control.control_bits = - htonl(wvoec_mock::kSharedLicense); + htonl(wvoec::kSharedLicense); } ASSERT_NO_FATAL_FAILURE(s.EncryptAndSign()); uint8_t* pst_ptr = s.encrypted_license().pst; @@ -5692,8 +5823,8 @@ TEST_F(UsageTableTest, PSTLargeBuffer) { ASSERT_NO_FATAL_FAILURE(LoadOfflineLicense(s, pst)); ASSERT_NO_FATAL_FAILURE(s.open()); - ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE(s.ReloadUsageEntry()); + ASSERT_NO_FATAL_FAILURE(InstallTestSessionKeys(&s)); ASSERT_NO_FATAL_FAILURE( s.LoadTestKeys(pst, new_mac_keys_)); // Reload the license ASSERT_NO_FATAL_FAILURE(s.TestDecryptCTR()); // Should be able to decrypt. diff --git a/test/oemcrypto_test_android.cpp b/oemcrypto/test/oemcrypto_test_android.cpp similarity index 96% rename from test/oemcrypto_test_android.cpp rename to oemcrypto/test/oemcrypto_test_android.cpp index 755dd1e..e5a5fd5 100644 --- a/test/oemcrypto_test_android.cpp +++ b/oemcrypto/test/oemcrypto_test_android.cpp @@ -142,10 +142,10 @@ TEST_F(OEMCryptoAndroidOCTest, MinVersionNumber13) { ASSERT_GE(version, 13u); } -// These tests are required for Pi Android devices. -class OEMCryptoAndroidPiTest : public OEMCryptoAndroidOCTest {}; +// These tests are required for Pi MR1 Android devices. +class OEMCryptoAndroidPiMR1Test : public OEMCryptoAndroidOCTest {}; -TEST_F(OEMCryptoAndroidPiTest, MinVersionNumber14) { +TEST_F(OEMCryptoAndroidPiMR1Test, MinVersionNumber14) { uint32_t version = OEMCrypto_APIVersion(); ASSERT_GE(version, 14u); } diff --git a/test/oemcrypto_test_main.cpp b/oemcrypto/test/oemcrypto_test_main.cpp similarity index 96% rename from test/oemcrypto_test_main.cpp rename to oemcrypto/test/oemcrypto_test_main.cpp index 631fbfc..1dabae3 100644 --- a/test/oemcrypto_test_main.cpp +++ b/oemcrypto/test/oemcrypto_test_main.cpp @@ -4,7 +4,9 @@ #include "OEMCryptoCENC.h" #include "log.h" #include "oec_device_features.h" +#ifdef CDM_TESTS #include "properties.h" +#endif static void acknowledge_cast() { std::cout @@ -15,7 +17,9 @@ static void acknowledge_cast() { int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); +#ifdef CDM_TESTS wvcdm::Properties::Init(); +#endif wvcdm::g_cutoff = wvcdm::LOG_INFO; bool is_cast_receiver = false; bool force_load_test_keybox = false; diff --git a/oemcrypto/test/oemcrypto_unittests.gyp b/oemcrypto/test/oemcrypto_unittests.gyp new file mode 100644 index 0000000..44f6a99 --- /dev/null +++ b/oemcrypto/test/oemcrypto_unittests.gyp @@ -0,0 +1,40 @@ +# This is a gyp file for building the OEMCrypto unit tests with the reference +# code from the stand-alone source code. +{ + 'variables': { + # Override the variables below for the location of various gyp files. + # Alternatively, set the environment variable CDM_DIR to point to a recent + # version of the source CDM. + 'boringssl_dependency%': ' + +namespace wvcdm { + +// Provides time related information. The implementation is platform dependent. +class Clock { + public: + Clock() {} + virtual ~Clock() {} + + // Provides the number of seconds since an epoch - 01/01/1970 00:00 UTC + virtual int64_t GetCurrentTime(); +}; + +} // namespace wvcdm + +#endif // WVCDM_UTIL_CLOCK_H_ diff --git a/util/include/disallow_copy_and_assign.h b/util/include/disallow_copy_and_assign.h new file mode 100644 index 0000000..37b79c2 --- /dev/null +++ b/util/include/disallow_copy_and_assign.h @@ -0,0 +1,15 @@ +// Copyright 2018 Google Inc. All Rights Reserved. + +#ifndef WVCDM_UTIL_DISALLOW_COPY_AND_ASSIGN_H_ +#define WVCDM_UTIL_DISALLOW_COPY_AND_ASSIGN_H_ + +namespace wvcdm { + +#define CORE_DISALLOW_COPY_AND_ASSIGN(TypeName) \ + TypeName(const TypeName&); \ + void operator=(const TypeName&) + + +} // namespace wvcdm + +#endif // WVCDM_UTIL_DISALLOW_COPY_AND_ASSIGN_H_ diff --git a/util/include/file_store.h b/util/include/file_store.h new file mode 100644 index 0000000..ef0bd60 --- /dev/null +++ b/util/include/file_store.h @@ -0,0 +1,80 @@ +// Copyright 2013 Google Inc. All Rights Reserved. +// +// File - Platform independent interface for a File class +// +#ifndef WVCDM_UTIL_FILE_STORE_H_ +#define WVCDM_UTIL_FILE_STORE_H_ + +#include +#include +#include + +#include "disallow_copy_and_assign.h" + +namespace wvcdm { + +// File class. The implementation is platform dependent. +class File { + public: + virtual ssize_t Read(char* buffer, size_t bytes); + virtual ssize_t Write(const char* buffer, size_t bytes); + virtual void Close(); + + protected: + class Impl; + + File(Impl*); + virtual ~File(); + + private: + Impl* impl_; + + friend class FileSystem; + CORE_DISALLOW_COPY_AND_ASSIGN(File); +}; + +class FileSystem { + public: + class Impl; + + // defines as bit flag + enum OpenFlags { + kNoFlags = 0, + kCreate = 1, + kReadOnly = 2, // defaults to read and write access + kTruncate = 4 + }; + + FileSystem(); + FileSystem(const std::string& origin, void* extra_data); + virtual ~FileSystem(); + + virtual File* Open(const std::string& file_path, int flags); + + virtual bool Exists(const std::string& file_path); + virtual bool Remove(const std::string& file_path); + virtual ssize_t FileSize(const std::string& file_path); + + // Return the filenames stored at dir_path. + // dir_path will be stripped from the returned names. + virtual bool List(const std::string& dir_path, + std::vector* names); + + const std::string& origin() const { return origin_; } + void SetOrigin(const std::string& origin); + + const std::string& identifier() const { return identifier_; } + void SetIdentifier(const std::string& identifier); + bool IsGlobal() const { return identifier_.empty(); } + + private: + Impl* impl_; + std::string origin_; + std::string identifier_; + + CORE_DISALLOW_COPY_AND_ASSIGN(FileSystem); +}; + +} // namespace wvcdm + +#endif // WVCDM_UTIL_FILE_STORE_H_ diff --git a/util/include/lock.h b/util/include/lock.h new file mode 100644 index 0000000..55b5e03 --- /dev/null +++ b/util/include/lock.h @@ -0,0 +1,51 @@ +// Copyright 2013 Google Inc. All Rights Reserved. +// +// Lock - Platform independent interface for a Mutex class +// +#ifndef WVCDM_UTIL_LOCK_H_ +#define WVCDM_UTIL_LOCK_H_ + +#include "disallow_copy_and_assign.h" + +namespace wvcdm { + +// Simple lock class. The implementation is platform dependent. +// +// The lock must be unlocked by the thread that locked it. +// The lock is also not recursive (ie. cannot be taken multiple times). +class Lock { + public: + Lock(); + ~Lock(); + + void Acquire(); + void Release(); + + friend class AutoLock; + + private: + class Impl; + Impl* impl_; + + CORE_DISALLOW_COPY_AND_ASSIGN(Lock); +}; + +// Manages the lock automatically. It will be locked when AutoLock +// is constructed and release when AutoLock goes out of scope. +class AutoLock { + public: + explicit AutoLock(Lock& lock) : lock_(&lock) { lock_->Acquire(); } + + explicit AutoLock(Lock* lock) : lock_(lock) { lock_->Acquire(); } + + ~AutoLock() { lock_->Release(); } + + private: + Lock* lock_; + + CORE_DISALLOW_COPY_AND_ASSIGN(AutoLock); +}; + +} // namespace wvcdm + +#endif // WVCDM_UTIL_LOCK_H_ diff --git a/util/include/log.h b/util/include/log.h new file mode 100644 index 0000000..be9b5e0 --- /dev/null +++ b/util/include/log.h @@ -0,0 +1,46 @@ +// Copyright 2013 Google Inc. All Rights Reserved. +// +// Log - Platform independent interface for a Logging class +// +#ifndef WVCDM_UTIL_LOG_H_ +#define WVCDM_UTIL_LOG_H_ + +namespace wvcdm { + +// Simple logging class. The implementation is platform dependent. + +typedef enum { + LOG_ERROR, + LOG_WARN, + LOG_INFO, + LOG_DEBUG, + LOG_VERBOSE +} LogPriority; + +extern LogPriority g_cutoff; + +// Enable/disable verbose logging (LOGV). +// This function is supplied for cases where the system layer does not +// initialize logging. This is also needed to initialize logging in +// unit tests. +void InitLogging(); + +void Log(const char* file, const char* function, int line, LogPriority level, + const char* fmt, ...); + +// Log APIs +#ifndef LOGE +#define LOGE(...) Log(__FILE__, __func__, __LINE__, \ + wvcdm::LOG_ERROR, __VA_ARGS__) +#define LOGW(...) Log(__FILE__, __func__, __LINE__, \ + wvcdm::LOG_WARN, __VA_ARGS__) +#define LOGI(...) Log(__FILE__, __func__, __LINE__, \ + wvcdm::LOG_INFO, __VA_ARGS__) +#define LOGD(...) Log(__FILE__, __func__, __LINE__, \ + wvcdm::LOG_DEBUG, __VA_ARGS__) +#define LOGV(...) Log(__FILE__, __func__, __LINE__, \ + wvcdm::LOG_VERBOSE, __VA_ARGS__) +#endif +} // namespace wvcdm + +#endif // WVCDM_UTIL_LOG_H_ diff --git a/util/include/string_conversions.h b/util/include/string_conversions.h new file mode 100644 index 0000000..efc0867 --- /dev/null +++ b/util/include/string_conversions.h @@ -0,0 +1,30 @@ +// Copyright 2013 Google Inc. All Rights Reserved. + +#ifndef WVCDM_UTIL_STRING_CONVERSIONS_H_ +#define WVCDM_UTIL_STRING_CONVERSIONS_H_ + +#include +#include +#include +#include + +namespace wvcdm { + +std::vector a2b_hex(const std::string& b); +std::vector a2b_hex(const std::string& label, const std::string& b); +std::string a2bs_hex(const std::string& b); +std::string b2a_hex(const std::vector& b); +std::string b2a_hex(const std::string& b); +std::string Base64Encode(const std::vector& bin_input); +std::vector Base64Decode(const std::string& bin_input); +std::string Base64SafeEncode(const std::vector& bin_input); +std::string Base64SafeEncodeNoPad(const std::vector& bin_input); +std::vector Base64SafeDecode(const std::string& bin_input); +std::string HexEncode(const uint8_t* bytes, unsigned size); +std::string IntToString(int value); +int64_t htonll64(int64_t x); +inline int64_t ntohll64(int64_t x) { return htonll64(x); } + +} // namespace wvcdm + +#endif // WVCDM_UTIL_STRING_CONVERSIONS_H_ diff --git a/util/src/string_conversions.cpp b/util/src/string_conversions.cpp new file mode 100644 index 0000000..7e7ecb7 --- /dev/null +++ b/util/src/string_conversions.cpp @@ -0,0 +1,293 @@ +// Copyright 2013 Google Inc. All Rights Reserved. + +#include "string_conversions.h" + +#include +#include +#include +#include +#include +#include +#include + +#include "log.h" + +namespace wvcdm { + +static const char kBase64Codes[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; + +// Gets the low |n| bits of |in|. +#define GET_LOW_BITS(in, n) ((in) & ((1 << (n)) - 1)) +// Gets the given (zero-indexed) bits [a, b) of |in|. +#define GET_BITS(in, a, b) GET_LOW_BITS((in) >> (a), (b) - (a)) +// Calculates a/b using round-up division (only works for positive numbers). +#define CEIL_DIVIDE(a, b) ((((a) - 1) / (b)) + 1) + +int DecodeBase64Char(char c) { + const char* it = strchr(kBase64Codes, c); + if (it == NULL) + return -1; + return it - kBase64Codes; +} + +bool DecodeHexChar(char ch, unsigned char* digit) { + if (ch >= '0' && ch <= '9') { + *digit = ch - '0'; + } else { + ch = tolower(ch); + if ((ch >= 'a') && (ch <= 'f')) { + *digit = ch - 'a' + 10; + } else { + return false; + } + } + return true; +} + +// converts an ascii hex string(2 bytes per digit) into a decimal byte string +std::vector a2b_hex(const std::string& byte) { + std::vector array; + unsigned int count = byte.size(); + if (count == 0 || (count % 2) != 0) { + LOGE("Invalid input size %u for string %s", count, byte.c_str()); + return array; + } + + for (unsigned int i = 0; i < count / 2; ++i) { + unsigned char msb = 0; // most significant 4 bits + unsigned char lsb = 0; // least significant 4 bits + if (!DecodeHexChar(byte[i * 2], &msb) || + !DecodeHexChar(byte[i * 2 + 1], &lsb)) { + LOGE("Invalid hex value %c%c at index %d", byte[i * 2], byte[i * 2 + 1], + i); + return array; + } + array.push_back((msb << 4) | lsb); + } + return array; +} + +// converts an ascii hex string(2 bytes per digit) into a decimal byte string +// dump the string with the label. +std::vector a2b_hex(const std::string& label, + const std::string& byte) { + std::cout << std::endl + << "[[DUMP: " << label << " ]= \"" << byte << "\"]" << std::endl + << std::endl; + + return a2b_hex(byte); +} + +std::string a2bs_hex(const std::string& byte) { + std::vector array = a2b_hex(byte); + return std::string(array.begin(), array.end()); +} + +std::string b2a_hex(const std::vector& byte) { + return HexEncode(&byte[0], byte.size()); +} + +std::string b2a_hex(const std::string& byte) { + return HexEncode(reinterpret_cast(byte.data()), + byte.length()); +} + +// Encode for standard base64 encoding (RFC4648). +// https://en.wikipedia.org/wiki/Base64 +// Text | M | a | n | +// ASCI | 77 (0x4d) | 97 (0x61) | 110 (0x6e) | +// Bits | 0 1 0 0 1 1 0 1 0 1 1 0 0 0 0 1 0 1 1 0 1 1 1 0 | +// Index | 19 | 22 | 5 | 46 | +// Base64 | T | W | F | u | +// | <----------------- 24-bits -----------------> | +std::string Base64Encode(const std::vector& bin_input) { + if (bin_input.empty()) { + return std::string(); + } + + // |temp| stores a 24-bit block that is treated as an array where insertions + // occur from high to low. + uint32_t temp = 0; + size_t out_index = 0; + const size_t out_size = CEIL_DIVIDE(bin_input.size(), 3) * 4; + std::string result(out_size, '\0'); + for (size_t i = 0; i < bin_input.size(); i++) { + // "insert" 8-bits of data + temp |= (bin_input[i] << ((2 - (i % 3)) * 8)); + + if (i % 3 == 2) { + result[out_index++] = kBase64Codes[GET_BITS(temp, 18, 24)]; + result[out_index++] = kBase64Codes[GET_BITS(temp, 12, 18)]; + result[out_index++] = kBase64Codes[GET_BITS(temp, 6, 12)]; + result[out_index++] = kBase64Codes[GET_BITS(temp, 0, 6)]; + temp = 0; + } + } + + if (bin_input.size() % 3 == 1) { + result[out_index++] = kBase64Codes[GET_BITS(temp, 18, 24)]; + result[out_index++] = kBase64Codes[GET_BITS(temp, 12, 18)]; + result[out_index++] = '='; + result[out_index++] = '='; + } else if (bin_input.size() % 3 == 2) { + result[out_index++] = kBase64Codes[GET_BITS(temp, 18, 24)]; + result[out_index++] = kBase64Codes[GET_BITS(temp, 12, 18)]; + result[out_index++] = kBase64Codes[GET_BITS(temp, 6, 12)]; + result[out_index++] = '='; + } + + return result; +} + +// Filename-friendly base64 encoding (RFC4648), commonly referred to +// as Base64WebSafeEncode. +// +// This is the encoding required to interface with the provisioning server, as +// well as for certain license server transactions. It is also used for logging +// certain strings. The difference between web safe encoding vs regular encoding +// is that the web safe version replaces '+' with '-' and '/' with '_'. +std::string Base64SafeEncode(const std::vector& bin_input) { + if (bin_input.empty()) { + return std::string(); + } + + std::string ret = Base64Encode(bin_input); + for (size_t i = 0; i < ret.size(); i++) { + if (ret[i] == '+') + ret[i] = '-'; + else if (ret[i] == '/') + ret[i] = '_'; + } + return ret; +} + +std::string Base64SafeEncodeNoPad(const std::vector& bin_input) { + std::string b64_output = Base64SafeEncode(bin_input); + // Output size: ceiling [ bin_input.size() * 4 / 3 ]. + b64_output.resize((bin_input.size() * 4 + 2) / 3); + return b64_output; +} + +// Decode for standard base64 encoding (RFC4648). +std::vector Base64Decode(const std::string& b64_input) { + if (b64_input.empty()) { + return std::vector(); + } + + const size_t out_size_max = CEIL_DIVIDE(b64_input.size() * 3, 4); + std::vector result(out_size_max, '\0'); + + // |temp| stores 24-bits of data that is treated as an array where insertions + // occur from high to low. + uint32_t temp = 0; + size_t out_index = 0; + size_t i; + for (i = 0; i < b64_input.size(); i++) { + if (b64_input[i] == '=') { + // Verify an '=' only appears at the end. We want i to remain at the + // first '=', so we need an inner loop. + for (size_t j = i; j < b64_input.size(); j++) { + if (b64_input[j] != '=') { + LOGE("base64Decode failed"); + return std::vector(); + } + } + break; + } + + const int decoded = DecodeBase64Char(b64_input[i]); + if (decoded < 0) { + LOGE("base64Decode failed"); + return std::vector(); + } + // "insert" 6-bits of data + temp |= (decoded << ((3 - (i % 4)) * 6)); + + if (i % 4 == 3) { + result[out_index++] = GET_BITS(temp, 16, 24); + result[out_index++] = GET_BITS(temp, 8, 16); + result[out_index++] = GET_BITS(temp, 0, 8); + temp = 0; + } + } + + switch (i % 4) { + case 1: + LOGE("base64Decode failed"); + return std::vector(); + case 2: + result[out_index++] = GET_BITS(temp, 16, 24); + break; + case 3: + result[out_index++] = GET_BITS(temp, 16, 24); + result[out_index++] = GET_BITS(temp, 8, 16); + break; + } + result.resize(out_index); + return result; +} + +// Decode for Filename-friendly base64 encoding (RFC4648), commonly referred +// as Base64WebSafeDecode. Add padding if needed. +std::vector Base64SafeDecode(const std::string& b64_input) { + if (b64_input.empty()) { + return std::vector(); + } + + // Make a copy so we can modify it to replace the web-safe special characters + // with the normal ones. + std::string input_copy = b64_input; + for (size_t i = 0; i < input_copy.size(); i++) { + if (input_copy[i] == '-') + input_copy[i] = '+'; + else if (input_copy[i] == '_') + input_copy[i] = '/'; + } + return Base64Decode(input_copy); +} + +std::string HexEncode(const uint8_t* in_buffer, unsigned int size) { + static const char kHexChars[] = "0123456789ABCDEF"; + + // Each input byte creates two output hex characters. + std::string out_buffer(size * 2, '\0'); + + for (unsigned int i = 0; i < size; ++i) { + char byte = in_buffer[i]; + out_buffer[(i << 1)] = kHexChars[(byte >> 4) & 0xf]; + out_buffer[(i << 1) + 1] = kHexChars[byte & 0xf]; + } + return out_buffer; +} + +std::string IntToString(int value) { + // log10(2) ~= 0.3 bytes needed per bit or per byte log10(2**8) ~= 2.4. + // So round up to allocate 3 output characters per byte, plus 1 for '-'. + const int kOutputBufSize = 3 * sizeof(int) + 1; + char buffer[kOutputBufSize]; + memset(buffer, 0, kOutputBufSize); + snprintf(buffer, kOutputBufSize, "%d", value); + + std::string out_string(buffer); + return out_string; +} + +int64_t htonll64(int64_t x) { // Convert to big endian (network-byte-order) + union { + uint32_t array[2]; + int64_t number; + } mixed; + mixed.number = 1; + if (mixed.array[0] == 1) { // Little Endian. + mixed.number = x; + uint32_t temp = mixed.array[0]; + mixed.array[0] = htonl(mixed.array[1]); + mixed.array[1] = htonl(temp); + return mixed.number; + } else { // Big Endian. + return x; + } +} + +} // namespace wvcdm