From d6be91fa3a581415f5b57f82f40ca401aa4f4c9b Mon Sep 17 00:00:00 2001 From: nisnislevi Date: Wed, 4 Dec 2024 10:36:12 +0200 Subject: [PATCH] for PR --- .../certora-review-execution-chain.yml | 12 +- .github/workflows/certora-review-mainnet.yml | 33 +- .../workflows/certora-review-voting-chain.yml | 44 +- .../payloads/verifyPayloadsController.conf | 12 +- security/certora/confs/verifyGovernance.conf | 11 +- .../confs/verifyGovernancePowerStrategy.conf | 11 +- .../confs/verifyVotingStrategy_unittests.conf | 2 + .../certora/confs/voting/verifyLegality.conf | 10 +- security/certora/confs/voting/verifyMisc.conf | 9 + .../confs/voting/verifyPower_summary.conf | 7 + .../confs/voting/verifyProposal_config.conf | 10 +- .../confs/voting/verifyProposal_states.conf | 12 +- .../confs/voting/verifyVoting_and_tally.conf | 12 +- .../certora/harness/GovernanceHarness.sol | 43 - .../GovernancePowerStrategyHarness.sol | 14 + .../harness/PayloadsControllerHarness.sol | 8 - ...ification Report Of Aave Governance V3.pdf | Bin 382971 -> 380694 bytes security/certora/scripts/run-all-execution.sh | 136 +++ security/certora/scripts/run-all-mainnet.sh | 122 +++ security/certora/scripts/run-all-voting.sh | 209 ++++ security/certora/specs/Governance.spec | 968 +++++++++++------- .../specs/GovernancePowerStrategy.spec | 67 +- .../specs/VotingStrategy_unittests.spec | 5 +- .../specs/payloads/PayloadsController.spec | 280 ++++- .../specs/votersRepresentedAddressSet.spec | 29 +- security/certora/specs/voting/legality.spec | 15 +- security/certora/specs/voting/misc.spec | 6 +- .../certora/specs/voting/power_summary.spec | 90 +- .../certora/specs/voting/proposal_config.spec | 27 +- .../certora/specs/voting/proposal_states.spec | 19 +- security/certora/specs/voting/setup.spec | 77 +- .../specs/voting/voting_and_tally.spec | 64 +- 32 files changed, 1821 insertions(+), 543 deletions(-) create mode 100644 security/certora/harness/GovernancePowerStrategyHarness.sol create mode 100644 security/certora/scripts/run-all-execution.sh create mode 100644 security/certora/scripts/run-all-mainnet.sh create mode 100644 security/certora/scripts/run-all-voting.sh diff --git a/.github/workflows/certora-review-execution-chain.yml b/.github/workflows/certora-review-execution-chain.yml index 1ec7db0..95e4c8b 100644 --- a/.github/workflows/certora-review-execution-chain.yml +++ b/.github/workflows/certora-review-execution-chain.yml @@ -28,7 +28,7 @@ jobs: with: { java-version: "11", java-package: jre } - name: Install certora cli - run: pip3 install certora-cli==4.13.1 + run: pip3 install certora-cli==7.20.3 - name: Install solc run: | @@ -47,7 +47,7 @@ jobs: max-parallel: 16 matrix: rule: - - verifyPayloadsController.conf --rule payload_maximal_access_level_gt_action_access_level no_late_cancel state_cant_decrease no_transition_beyond_state_gt_3 no_transition_beyond_state_variable_gt_3 no_queue_after_expiration empty_actions_if_out_of_bound_payload expirationTime_equal_to_createAt_plus_EXPIRATION_DELAY empty_actions_iff_uninitialized null_access_level_if_out_of_bound_payload null_creator_and_zero_expiration_time_if_out_of_bound_payload empty_actions_only_if_uninitialized_payload executor_access_level_within_range consecutiveIDs empty_actions_if_uninitialized_payload queued_before_expiration_delay payload_grace_period_eq_global_grace_period null_access_level_only_if_out_of_bound_payload null_state_variable_if_out_of_bound_payload created_in_the_past executedAt_is_zero_before_executed queued_after_created executed_after_queue queuedAt_is_zero_before_queued no_early_cancellation guardian_can_cancel executed_when_in_queued_state execute_before_delay__maximumAccessLevelRequired action_immutable_fixed_size_fields initialized_payload_fields_are_immutable payload_fields_immutable_after_createPayload method_reachability + - verifyPayloadsController.conf --rule payload_maximal_access_level_gt_action_access_level state_cant_decrease no_transition_beyond_state_gt_3 no_transition_beyond_state_variable_gt_3 no_queue_after_expiration empty_actions_if_out_of_bound_payload expirationTime_equal_to_createAt_plus_EXPIRATION_DELAY empty_actions_iff_uninitialized null_access_level_if_out_of_bound_payload null_creator_and_zero_expiration_time_if_out_of_bound_payload empty_actions_only_if_uninitialized_payload executor_access_level_within_range consecutiveIDs empty_actions_if_uninitialized_payload queued_before_expiration_delay payload_grace_period_eq_global_grace_period null_access_level_only_if_out_of_bound_payload null_state_variable_if_out_of_bound_payload created_in_the_past queued_after_created executed_after_queue queuedAt_is_zero_before_queued no_early_cancellation execute_before_delay__maximumAccessLevelRequired action_immutable_fixed_size_fields initialized_payload_fields_are_immutable payload_fields_immutable_after_createPayload method_reachability # - verifyPayloadsController.conf --rule executor_exists - verifyPayloadsController.conf --rule executor_exists_if_action_not_null - verifyPayloadsController.conf --rule executor_exists_only_if_action_not_null @@ -64,4 +64,10 @@ jobs: - verifyPayloadsController.conf --rule action_signature_immutable - verifyPayloadsController.conf --rule action_immutable_check_only_fixed_size_fields - verifyPayloadsController.conf --rule zero_executedAt_if_not_executed - \ No newline at end of file + - verifyPayloadsController.conf --rule executor_isnt_used_twice executor_of_level_null_is_zero + - verifyPayloadsController.conf --rule executed_after_queue_state_variable zero_executedAt_if_not_executed_state_variable + - verifyPayloadsController.conf --rule queuedAt_is_zero_before_queued_state_variable executedAt_is_zero_before_executed_state_variable null_state_equivalence + - verifyPayloadsController.conf --rule executedAt_is_zero_before_executed + - verifyPayloadsController.conf --rule executed_when_in_queued_state executed_when_in_queued_state_variable guardian_can_cancel no_late_cancel state_variable_cant_decrease + - verifyPayloadsController.conf --rule checkUpdateExecutors checkUpdateExecutors_witness_1 checkUpdateExecutors_witness_2 checkUpdateExecutors_witness_3 checkUpdateExecutors_witness_4 + - verifyPayloadsController.conf --rule payload_state_transition_post_state payload_state_transition_pre_state diff --git a/.github/workflows/certora-review-mainnet.yml b/.github/workflows/certora-review-mainnet.yml index 72031de..be40947 100644 --- a/.github/workflows/certora-review-mainnet.yml +++ b/.github/workflows/certora-review-mainnet.yml @@ -30,7 +30,7 @@ jobs: with: { java-version: "11", java-package: jre } - name: Install certora cli - run: pip3 install certora-cli==4.13.1 + run: pip3 install certora-cli==7.20.3 - name: Install solc run: | @@ -50,17 +50,26 @@ jobs: matrix: rule: - verifyVotingStrategy_unittests.conf - - verifyGovernancePowerStrategy.conf + - verifyGovernancePowerStrategy.conf --rule delegatePowerCompliance + - verifyGovernancePowerStrategy.conf --rule transferPowerCompliance + - verifyGovernancePowerStrategy.conf --rule powerlessCompliance method_reachability - verifyGovernance.conf --rule cancellationFeeZeroForFutureProposals null_state_variable_iff_null_access_level zero_voting_portal_iff_uninitialized_proposal - - verifyGovernance.conf --rule no_self_representative no_representative_is_zero consecutiveIDs totalCancellationFeeEqualETHBalance zero_address_is_not_a_valid_voting_portal - - verifyGovernance.conf --rule no_representative_is_zero_2 no_representative_of_zero empty_payloads_if_uninitialized_proposal null_state_variable_only_if_uninitialized_proposal - - verifyGovernance.conf --rule post_state state_changing_function_self_check state_variable_changing_function_self_check method_reachability userFeeDidntChangeImplyNativeBalanceDidntDecrease + - verifyGovernance.conf --rule no_self_representative no_representative_is_zero consecutiveIDs totalCancellationFeeEqualETHBalance zero_address_is_not_a_valid_voting_portal + - verifyGovernance.conf --rule no_representative_is_zero_2 no_representative_of_zero + - verifyGovernance.conf --rule state_changing_function_self_check state_variable_changing_function_self_check method_reachability userFeeDidntChangeImplyNativeBalanceDidntDecrease - verifyGovernance.conf --rule check_new_representative_set_size_after_updateRepresentatives check_old_representative_set_size_after_updateRepresentatives - - verifyGovernance.conf --rule at_least_single_payload_active at_least_single_payload_active_variable creator_is_not_zero creator_is_not_zero_2 empty_payloads_iff_uninitialized_proposal - - verifyGovernance.conf --rule null_state_iff_uninitialized_proposal null_state_variable_iff_uninitialized_proposal null_state_if_uninitialized_proposal null_state_variable_if_uninitialized_proposal setInvariant addressSetInvariant - - verifyGovernance.conf --rule null_state_only_if_uninitialized_proposal pre_state state_changing_function_cannot_be_called_while_in_terminal_state proposal_executes_after_cooldown_period - - verifyGovernance.conf --rule only_valid_voting_portal_can_queue_proposal immutable_after_activation immutable_payload_after_creation immutable_after_creation only_guardian_can_cancel guardian_can_cancel + - verifyGovernance.conf --rule at_least_single_payload_active empty_payloads_iff_uninitialized_proposal + - verifyGovernance.conf --rule null_state_iff_uninitialized_proposal setInvariant addressSetInvariant + - verifyGovernance.conf --rule state_changing_function_cannot_be_called_while_in_terminal_state proposal_executes_after_cooldown_period + - verifyGovernance.conf --rule only_valid_voting_portal_can_queue_proposal immutable_after_activation immutable_after_creation only_guardian_can_cancel guardian_can_cancel - verifyGovernance.conf --rule cannot_queue_when_voting_portal_unapproved only_owner_can_set_voting_config_witness only_owner_can_set_voting_config single_state_transition_per_block_non_creator_witness - - verifyGovernance.conf --rule single_state_transition_per_block_non_creator_non_guardian state_cant_decrease no_state_transitions_beyond_3 immutable_voting_portal insufficient_proposition_power_time_elapsed_tight_witness - - verifyGovernance.conf --rule insufficient_proposition_power_allow_time_elapse insufficient_proposition_power proposal_after_voting_portal_invalidate - \ No newline at end of file + - verifyGovernance.conf --rule single_state_transition_per_block_non_creator_non_guardian state_cant_decrease no_state_transitions_beyond_3 immutable_voting_portal + - verifyGovernance.conf --rule proposal_after_voting_portal_invalidate insufficient_proposition_power insufficient_proposition_power_witness_state_is_failed insufficient_proposition_power_witness_state_is_cancelled insufficient_proposition_power_witness_time_elapsed + - verifyGovernance.conf --rule creator_is_not_zero creator_of_initialized_proposal_is_not_zero null_state_equivalence + - verifyGovernance.conf --rule insufficient_proposition_power_witness_time_elapsed + - verifyGovernance.conf --rule immutable_after_creation_witness_creator immutable_after_creation_witness_voting_portal + - verifyGovernance.conf --rule immutable_after_creation_witness_access_level immutable_after_creation_witness_creation_time immutable_after_creation_witness_ipfs_hash + - verifyGovernance.conf --rule immutable_after_creation_witness_payload_length immutable_after_activation_witness only_state_changing_function_initiate_transitions__pre_state + - verifyGovernance.conf --rule only_state_changing_function_initiate_transitions__post_state + - verifyGovernance.conf --rule check_new_representative_set_size_after_updateRepresentatives_witness_antecedent_first check_new_representative_set_size_after_updateRepresentatives_witness_antecedent_second check_new_representative_set_size_after_updateRepresentatives_witness_consequent_first check_new_representative_set_size_after_updateRepresentatives_witness_consequent_second + - verifyGovernance.conf --rule proposal_voting_duration_lt_expiration_time config_voting_duration_lt_expiration_time proposal_state_transition_post_state proposal_state_transition_pre_state diff --git a/.github/workflows/certora-review-voting-chain.yml b/.github/workflows/certora-review-voting-chain.yml index b0dd432..a219666 100644 --- a/.github/workflows/certora-review-voting-chain.yml +++ b/.github/workflows/certora-review-voting-chain.yml @@ -1,4 +1,4 @@ -# Github action for verifying the contracts under src/contracts/voting +# Github action for verifying the contracts under src/contracts/voting using certora-cli-beta 6 name: certora-review-voting-chain on: @@ -30,7 +30,7 @@ jobs: with: { java-version: "11", java-package: jre } - name: Install certora cli - run: pip3 install certora-cli==4.13.1 + run: pip3 install certora-cli==7.20.3 - name: Install solc run: | @@ -50,29 +50,37 @@ jobs: matrix: rule: - verifyLegality.conf --rule createdVoteHasNonZeroHash + - verifyLegality.conf --rule votedPowerIsImmutable - verifyLegality.conf --rule onlyValidProposalCanChangeTally - verifyLegality.conf --rule legalVote - - verifyLegality.conf --rule votedPowerIsImmutable method_reachability + - verifyLegality.conf --rule method_reachability - verifyMisc.conf - - verifyPower_summary.conf --rule onlyThreeTokens - - verifyPower_summary.conf --rule method_reachability - - verifyProposal_config.conf --rule createdProposalHasRoots + - verifyPower_summary.conf --rule onlyThreeTokens #TODO: uncomment with certora-cli version 6.0 or higher + - verifyPower_summary.conf --rule method_reachability - verifyProposal_config.conf --rule startedProposalHasConfig - - verifyProposal_config.conf --rule proposalHasNonzeroDuration configIsImmutable newProposalUnusedId method_reachability - - verifyProposal_states.conf --rule proposalImmutability - - verifyProposal_states.conf --rule startsStrictlyBeforeEnds + - verifyProposal_config.conf --rule createdProposalHasRoots + - verifyProposal_config.conf --rule proposalHasNonzeroDuration newProposalUnusedId configIsImmutable + - verifyProposal_config.conf --rule getProposalsConfigsDoesntRevert + - verifyProposal_config.conf --rule method_reachability - verifyProposal_states.conf --rule startsBeforeEnds - - verifyProposal_states.conf --rule startedProposalHasConfig + - verifyProposal_states.conf --rule startsStrictlyBeforeEnds + - verifyProposal_states.conf --rule proposalLegalStates - verifyProposal_states.conf --rule proposalMethodStateTransitionCompliance - - verifyProposal_states.conf --rule proposalIdIsImmutable proposalHasNonzeroDuration proposalTimeStateTransitionCompliance proposalLegalStates method_reachability + - verifyProposal_states.conf --rule proposalTimeStateTransitionCompliance + - verifyProposal_states.conf --rule proposalIdIsImmutable + - verifyProposal_states.conf --rule proposalImmutability + - verifyProposal_states.conf --rule startedProposalHasConfig + - verifyProposal_states.conf --rule proposalHasNonzeroDuration method_reachability + - verifyVoting_and_tally.conf --rule votingPowerGhostIsVotingPower + - verifyVoting_and_tally.conf --rule sumOfVotes + - verifyVoting_and_tally.conf --rule voteTallyChangedOnlyByVoting - verifyVoting_and_tally.conf --rule voteUpdatesTally - - verifyVoting_and_tally.conf --rule cannot_vote_twice_with_submitVoteSingleProofAsRepresentative_and_submitVote - verifyVoting_and_tally.conf --rule onlyVoteCanChangeResult - - verifyVoting_and_tally.conf --rule voteTallyChangedOnlyByVoting - - verifyVoting_and_tally.conf --rule votingTallyCanOnlyIncrease - - verifyVoting_and_tally.conf --rule strangerVoteUnchanged - - verifyVoting_and_tally.conf --rule otherProposalUnchanged - - verifyVoting_and_tally.conf --rule otherVoterUntouched + - verifyVoting_and_tally.conf --rule votingTallyCanOnlyIncrease + - verifyVoting_and_tally.conf --rule strangerVoteUnchanged + - verifyVoting_and_tally.conf --rule otherProposalUnchanged + - verifyVoting_and_tally.conf --rule otherVoterUntouched - verifyVoting_and_tally.conf --rule cannot_vote_twice_with_submitVote_and_submitVoteAsRepresentative - verifyVoting_and_tally.conf --rule cannot_vote_twice_with_submitVoteAsRepresentative_and_submitVote - - verifyVoting_and_tally.conf --rule method_reachability \ No newline at end of file + - verifyVoting_and_tally.conf --rule cannot_vote_twice_with_submitVoteSingleProofAsRepresentative_and_submitVote + - verifyVoting_and_tally.conf --rule method_reachability diff --git a/security/certora/confs/payloads/verifyPayloadsController.conf b/security/certora/confs/payloads/verifyPayloadsController.conf index aeddb95..81dd9ee 100644 --- a/security/certora/confs/payloads/verifyPayloadsController.conf +++ b/security/certora/confs/payloads/verifyPayloadsController.conf @@ -1,7 +1,6 @@ { "files": [ "security/certora/harness/PayloadsControllerHarness.sol", - "src/contracts/payloads/Executor.sol", "src/contracts/payloads/PayloadsControllerUtils.sol", "security/certora/harness/DummyERC20Impl.sol" ], @@ -13,16 +12,11 @@ "msg": "All payloadControllers rules", "optimistic_hashing": true, "optimistic_loop": true, - "prover_args": [ - " -smt_LIASolvers [z3:def,z3:lia1,z3:lia2] -smt_NIASolvers [z3:def]" - ], +// "prover_args": [" -smt_LIASolvers [z3:def,z3:lia1,z3:lia2] -smt_NIASolvers [z3:def]" ], + "prover_args": ["-depth 0"], "smt_timeout": "6000", + "build_cache": true, "solc": "solc8.19", - "struct_link": [ - "PayloadsControllerHarness:executor=Executor" - ], - //"parametric_contracts":["PayloadsControllerHarness" - //], //"rule_sanity": "advanced", "verify": "PayloadsControllerHarness:security/certora/specs/payloads/PayloadsController.spec" } \ No newline at end of file diff --git a/security/certora/confs/verifyGovernance.conf b/security/certora/confs/verifyGovernance.conf index 4860d98..a9818ec 100644 --- a/security/certora/confs/verifyGovernance.conf +++ b/security/certora/confs/verifyGovernance.conf @@ -1,7 +1,7 @@ { "files": [ "security/certora/harness/GovernanceHarness.sol", - "src/contracts/VotingPortal.sol", + // "src/contracts/VotingPortal.sol", "src/contracts/voting/VotingStrategy.sol", "lib/aave-token-v3/src/AaveTokenV3.sol", "src/contracts/GovernancePowerStrategy.sol", @@ -18,9 +18,9 @@ "solidity-utils=lib/solidity-utils/src" ], "verify": "GovernanceHarness:security/certora/specs/Governance.spec", - "struct_link": [ - "GovernanceHarness:votingPortal=VotingPortal" - ], + //"struct_link": [ + // "GovernanceHarness:votingPortal=VotingPortal" + //], "loop_iter": "3", "optimistic_loop": true, "prover_args": [ @@ -29,7 +29,8 @@ "solc": "solc8.19", //"parametric_contracts":["GovernanceHarness" //], - "disable_auto_cache_key_gen" :true, +// "disable_auto_cache_key_gen" :true, //"rule_sanity": "advanced", + "build_cache": true, "msg": "All Governance rules", } \ No newline at end of file diff --git a/security/certora/confs/verifyGovernancePowerStrategy.conf b/security/certora/confs/verifyGovernancePowerStrategy.conf index 3e431c9..22a188b 100644 --- a/security/certora/confs/verifyGovernancePowerStrategy.conf +++ b/security/certora/confs/verifyGovernancePowerStrategy.conf @@ -1,6 +1,6 @@ { "files": [ - "src/contracts/GovernancePowerStrategy.sol", + "security/certora/harness/GovernancePowerStrategyHarness.sol", "security/certora/harness/tokens/AaveTokenV3_DummyA.sol", "security/certora/harness/tokens/AaveTokenV3_DummyB.sol", "security/certora/harness/tokens/AaveTokenV3_DummyC.sol" @@ -15,10 +15,15 @@ "openzeppelin-contracts=lib/openzeppelin-contracts", "solidity-utils=lib/solidity-utils/src" ], - "verify": "GovernancePowerStrategy:security/certora/specs/GovernancePowerStrategy.spec", + "verify": "GovernancePowerStrategyHarness:security/certora/specs/GovernancePowerStrategy.spec", "optimistic_loop": true, "loop_iter": "3", // Needs 3 for the 3 tokens + "prover_args": [ + " -smt_LIASolvers [z3:def,z3:lia1,z3:lia2] -smt_NIASolvers [z3:def]" + ], "solc": "solc8.19", - //"rule_sanity": "advanced", + "smt_timeout": "6000", + "rule_sanity": "basic", + "build_cache": true, "msg": "GovernancePowerStrategy tests" } diff --git a/security/certora/confs/verifyVotingStrategy_unittests.conf b/security/certora/confs/verifyVotingStrategy_unittests.conf index feb9c18..63f775f 100644 --- a/security/certora/confs/verifyVotingStrategy_unittests.conf +++ b/security/certora/confs/verifyVotingStrategy_unittests.conf @@ -20,5 +20,7 @@ "optimistic_loop": true, "loop_iter": "3", // Needs 2 for isTokenSlotAccepted (A_AAVE uses 2 slots) "solc": "solc8.19", + "rule_sanity": "basic", + "build_cache": true, "msg": "VotingStrategy tests" } diff --git a/security/certora/confs/voting/verifyLegality.conf b/security/certora/confs/voting/verifyLegality.conf index dd109a6..8326597 100644 --- a/security/certora/confs/voting/verifyLegality.conf +++ b/security/certora/confs/voting/verifyLegality.conf @@ -28,7 +28,13 @@ "loop_iter": "3", "optimistic_hashing": true, "solc": "solc8.19", - //"parametric_contracts":["VotingMachineHarness" - //], + "parametric_contracts": [ + // Excluding DataWarehouse! + "VotingMachineHarness", + "VotingStrategyHarness", + "CrossChainController" + ], + "build_cache": true, + "rule_sanity": "basic", "msg": "VotingMachine - legality rules" } diff --git a/security/certora/confs/voting/verifyMisc.conf b/security/certora/confs/voting/verifyMisc.conf index 09be0c1..cc66b54 100644 --- a/security/certora/confs/voting/verifyMisc.conf +++ b/security/certora/confs/voting/verifyMisc.conf @@ -28,5 +28,14 @@ "loop_iter": "3", // Needs 3 for `submitVoteTripleProof` "optimistic_hashing": true, "solc": "solc8.19", + "parametric_contracts": [ + // Excluding DataWarehouse! + "VotingMachineHarnessTriple", + "VotingStrategyHarness", + "CrossChainController" + ], + "build_cache": true, + "smt_timeout": "6000", + "rule_sanity": "basic", "msg": "VotingMachine - miscellaneous rules" } diff --git a/security/certora/confs/voting/verifyPower_summary.conf b/security/certora/confs/voting/verifyPower_summary.conf index 53e9623..c52b168 100644 --- a/security/certora/confs/voting/verifyPower_summary.conf +++ b/security/certora/confs/voting/verifyPower_summary.conf @@ -28,5 +28,12 @@ "loop_iter": "3", // 3 is needed for `submitVoteTripleProof`; 2 for `isTokenSlotAccepted` (A_AAVE uses two slots) "optimistic_hashing": true, "solc": "solc8.19", + "parametric_contracts": [ + // Excluding all other contracts + "VotingMachineHarnessTriple" + ], + // NOTE: not using sanity since onlyThreeTokens fails sanity on being tautologucal + //"rule_sanity": "basic", + "build_cache": true, "msg": "VotingMachine setup - basic tests" } diff --git a/security/certora/confs/voting/verifyProposal_config.conf b/security/certora/confs/voting/verifyProposal_config.conf index c7973fd..c22a18e 100644 --- a/security/certora/confs/voting/verifyProposal_config.conf +++ b/security/certora/confs/voting/verifyProposal_config.conf @@ -28,7 +28,13 @@ "loop_iter": "3", "optimistic_hashing": true, "solc": "solc8.19", - //"parametric_contracts":["VotingMachineHarness" - //], + "parametric_contracts": [ + // Excluding DataWarehouse! + "VotingMachineHarness", + "VotingStrategyHarness", + "CrossChainController" + ], + "rule_sanity": "basic", + "build_cache": true, "msg": "VotingMachine - proposal configuration" } diff --git a/security/certora/confs/voting/verifyProposal_states.conf b/security/certora/confs/voting/verifyProposal_states.conf index 5f1745b..7489406 100644 --- a/security/certora/confs/voting/verifyProposal_states.conf +++ b/security/certora/confs/voting/verifyProposal_states.conf @@ -25,10 +25,16 @@ ], "verify": "VotingMachineHarness:security/certora/specs/voting/proposal_states.spec", "optimistic_loop": true, - "loop_iter": "2", + "loop_iter": "4", "optimistic_hashing": true, "solc": "solc8.19", - //"parametric_contracts":["VotingMachineHarness" - //], + "parametric_contracts": [ + // Excluding DataWarehouse! + "VotingMachineHarness", + "VotingStrategyHarness", + "CrossChainController" + ], + "rule_sanity": "basic", + "build_cache": true, "msg": "VotingMachine - proposal states" } diff --git a/security/certora/confs/voting/verifyVoting_and_tally.conf b/security/certora/confs/voting/verifyVoting_and_tally.conf index 0e7d32c..c5d8534 100644 --- a/security/certora/confs/voting/verifyVoting_and_tally.conf +++ b/security/certora/confs/voting/verifyVoting_and_tally.conf @@ -25,10 +25,16 @@ ], "verify": "VotingMachineHarness:security/certora/specs/voting/voting_and_tally.spec", "optimistic_loop": true, - "loop_iter": "2", + "loop_iter": "3", // Needed for `getVotingAssetListLength` "optimistic_hashing": true, + "rule_sanity": "basic", "solc": "solc8.19", - //"parametric_contracts":["VotingMachineHarness" - //], + "parametric_contracts": [ + // Excluding DataWarehouse! + "VotingMachineHarness", + "VotingStrategyHarness", + "CrossChainController" + ], + "build_cache": true, "msg": "VotingMachine - voting and tally rules" } diff --git a/security/certora/harness/GovernanceHarness.sol b/security/certora/harness/GovernanceHarness.sol index 13af2bf..232cb68 100644 --- a/security/certora/harness/GovernanceHarness.sol +++ b/security/certora/harness/GovernanceHarness.sol @@ -68,10 +68,6 @@ contract GovernanceHarness is Governance { return _proposals[proposalId].payloads[payloadID].payloadId; } - function getProposalCount() external view returns (uint256) { - return _proposalsCount; - } - function isRepresentativeOfVoter( address voter, address representative, @@ -80,42 +76,6 @@ contract GovernanceHarness is Governance { return _votersRepresented[representative][chainId].contains(voter); } - function updateSingleRepresentativeForChain( - address representative, uint256 chainId0) external { - - RepresentativeInput memory representativeInput; - representativeInput.representative = representative; - representativeInput.chainId = chainId0; - - RepresentativeInput[] memory representatives = new RepresentativeInput[](1); - representatives[0] = representativeInput; - - - //todo: call as external - //updateRepresentativesForChain(representatives); - - uint256 i = 0; - uint256 chainId = representatives[i].chainId; - address newRepresentative = representatives[i].representative != - msg.sender - ? representatives[i].representative - : address(0); - address oldRepresentative = _representatives[msg.sender][chainId]; - - if (oldRepresentative != address(0)) { - _votersRepresented[oldRepresentative][chainId].remove(msg.sender); - } - - if (newRepresentative != address(0)) { - _votersRepresented[newRepresentative][chainId].add(msg.sender); - } - - _representatives[msg.sender][chainId] = newRepresentative; - - emit RepresentativeUpdated(msg.sender, newRepresentative, chainId); - - } - /** * @notice Returns the size of the voters set of a given representative @@ -126,7 +86,4 @@ contract GovernanceHarness is Governance { ) external view returns (uint256) { return _votersRepresented[representative][chainId].length(); } - - - } diff --git a/security/certora/harness/GovernancePowerStrategyHarness.sol b/security/certora/harness/GovernancePowerStrategyHarness.sol new file mode 100644 index 0000000..45a20ee --- /dev/null +++ b/security/certora/harness/GovernancePowerStrategyHarness.sol @@ -0,0 +1,14 @@ +pragma solidity ^0.8.0; + +import {GovernancePowerStrategy} from '../../../src/contracts/GovernancePowerStrategy.sol'; + +contract GovernancePowerStrategyHarness is GovernancePowerStrategy +{ + function getVotingAsset(uint256 index) public pure returns (address) { + return getVotingAssetList()[index]; + } + + function getVotingAssetsNumber() public pure returns (uint256) { + return getVotingAssetList().length; + } +} diff --git a/security/certora/harness/PayloadsControllerHarness.sol b/security/certora/harness/PayloadsControllerHarness.sol index 441e617..114b95f 100644 --- a/security/certora/harness/PayloadsControllerHarness.sol +++ b/security/certora/harness/PayloadsControllerHarness.sol @@ -35,14 +35,6 @@ constructor( return _payloads[payloadId].expirationTime; } - function getPayloadQueuedAtById(uint40 payloadId) external view returns (uint40){ - return _payloads[payloadId].queuedAt; - } - - function getPayloadExpirationTimeById(uint40 payloadId) external view returns (uint40){ - return _payloads[payloadId].expirationTime; - } - function getPayloadGracePeriod(uint40 payloadId) external view returns (uint40){ return _payloads[payloadId].gracePeriod; } diff --git a/security/certora/reports/Formal Verification Report Of Aave Governance V3.pdf b/security/certora/reports/Formal Verification Report Of Aave Governance V3.pdf index d46845e45047ddc0af46e04b29d979ba683e1228..a3e7850075a3077aa6b2cc46957e116d53f3868f 100644 GIT binary patch delta 187491 zcmYgWV{oQTl#Mg7ZQGjIwrx#3vGc~6*tTukwr$(i=Gz}zTh&kB?x#_8tM93E>vX?Y zVuLf)a__TpPbl4gacbL`P zD)_o8?(XrcUh5!XH*n^mhJ^ zF|xQC!*hVx5emEwC|t&N^!uYkAIgA8tZ8>rb{cCDsI&$imz&xGy&8{F+3z|UvNa=W zs9%!;t~;tFz0_|`H8``O4o(uFnXCjG`p4@MHd5RKPVHc0%4}WYaZ<0Y?hY51G%GnIaCHe507qYw(#&#^f}2~{Ovwc6 z8B@L70UheS$qMEx--L@E22_e$?hzaO;{GQ&0Qh0hnr5qGI6b7gYljPi?*MsW6g4Si zGI*mR#1Gq;S`G`W(!;#2j=Migs+DCD(K4)Yvi+Ty`+4{&SwWe(u#8fm zJk%^VFEJAUXxTvopsAP4YL1bP0{!7smGLxzZqR~`EODgf#-20L;H*PPtEMj@4MGK7 zyi1r?P<~8#l<@vD*kE}=)~5tTC9??DNFKf#(Kk+Cwss(&*p1zqu)WRp`E_VV`B#bL zjQi;gKIAQ`_$`X=s&wKJPkU!yWxH0CPxhzjt<4WucD1ghP%Hfzep6g_wS2TW)7dEv z;#bk#Egjr8(cLR06OeR_JXYK1vXWT0;vx7cmK_&tdU9-XrcH~#EvzEroyzPTOYG+@ zc^o3w_4cP8u#5Xu@EZR{&O?^jpBGU#>m0h5I(U{ijH}ufQ@ajRyM|Cdm)zkNF+b}Z z0bHmY0hB-G{x9wQ-=CWDzQ@!ynK?RyIodOI*f@1qICZ#lV!w8RWQ=E_b)r?NU*+PI z{wc7|XM4Oo@hzY#y-Ixa0i&7m3`i~11NZ^wm+?RKYv7z67dq%iOt9FH$AjdMNLJFS z#!#n5j%z)>_s_@I<81HeCs%z%&s)GChFzD(``s$X?%kD#_>0A4Oy?g&oW94a;pFL3 zcR^I#tGS2dv{b~CYmSFtkgIcy<@WAw4RMY?;Yv))?fm*qN|cv@H%VVhUukQjOwH3? zit7xh>p{$>(e(a4Ap>E1peAKq@!ui+31H&#=%y@d3AqXMmK+Y>ihiW+qLlG zagL(nEC1F}VmGDwvoiGb;$vOAz4h2Sv@h)(SuMKXdgiW)cF)HSdSEpQ7p1Jak8|t% zK&^(ymE@#t8s*xxqto=5b)G5iN-tJxtV1#GT=7}6z3y?QPvYgzD3 z(N?>k)DXH(M@6-v$x8ZCZy1f}>AC)}J{@o&;q;8R0q5mwd$qv1qH!pYjWb=n34~i| z2cyh%Ejk9Tx#d`Dr#+>@?R?z%0wfz^qoza%Vb#>`P996G^Aor z(t=QmF9g>&VVg_KbG}g-ZmLo9vblu8@_PyfncLdC5UB){?X8uf5Y@}tXI{_|=pSq) z>+@aU6b!)fatXAUZKyY7WH?|7pjXAmHokkd7&RF|Q6wk`o?Zed6j{B9hmuYOD6&Yw zp>C=tXfBN8QB1CRiF+$b>f)dj_AJYU%O4_XMaMm|SxhUQpNB=;J~7dmIo91|iu5<- zkfE`{6LwWcnPxe(Jg_m#b4JbPkYzdGSf?bqjXfzXQDoIF&OgL%za15<6BX=bEDd7Z z1sTIFNA>snv0(yc`y503MVg+JhyuFTVZ^({Qx{_)9I{9wumzZmQH!QTibDxKFtDf{>X6rVN*6h zeSAlus`;xa;paRq1>NF60p1z;@gS%Z<{W-(8v2{yvc4WrHIYMzmYBp!S(B7&#f|4W zHxi~{rV!KS4>AV?ULByaG%7eM*E$3ggfAmNWG1Qm?^Q|ABQJkpfJ7;_-@Xs(>2HZaSwQ`1u&r9HVhDr=VUARx(cj2+W@}2ZbC$C>Hp6R^Dz|7Rr-L2xuNS z4M9OW!$BbcG>@}}q@Sv}=WKz2>Rr!u!3;^s#vM2HfLUUtr3-a+2!YBQf@`UeVw5Tw zn@|ol1GU=CUv8Q)M>Ui8*b28Ph_uatU~G2wm_V-zk1@8a6@jxQ(U_**+#(cQiOn5> zH3-N#_`ihCL7)Y|A!+8nM+7A$T8DfC@MU%g%_QjnKmM@&_|x&@Ptc|#HvGjN96T>3 z3a;41Zyy%ivhCfU9YW6FWx+yea3t1N1j4^TaU=#g73=+2b=v>1$G8}Pmg3<2owsF3 zgR79jUde>>087;BM^E(cH%qK|8i2SBkODN<3%;tVCT!0V`cdU_u|B-rtE9hsFy(ZY}2fpU-)om^w>eieU8z%)7a?kV(H74R0MwiJCS!ciLa zRwH<6Wjg@Wh(vJ8{VkrROv^yq%&pAS2TYs_xRyvCLt5w(4`m?y4T0wJ0C)Z4WRt8? zDFkY_59V3|v!Q7@-N$5>x>E%YpI2hF@i!X+=dZdMTng1a61%P@- zyvrj-&~uR#aSPn_{4eU(jiooLbk(*t(5*xQm9KZ3#NV81iz+KGRYIyBxUOB=@2EGi zUoJi7K{_6fkt#&{7&WIMk%ZwQJc&5+!20vJ3k0f0grg3$sfg0r0w4d+N4f_Vc_g0Tuk+OZEswRw^2 zH)VV*Q|c(3mlPfzYJDLlpj_ggC_fRb-#h`fDHLaZ5 z1r1jRcW%G}8Xl?5$<0?Fyb^~~Op^=#%+nMob?Umy_d|g{>&$L{1Ux6@EA=ww$xHwg z*8nXQ8k4@Il)Mvawi`gi(&@L{OfE02DZdbrQ_Mg67c(cf`uu)l4yi}U{C?Fbd+z*z zg~D6k26p_>L{Kh?jTynUVEDO_U&-c9F>Sg1iRImYoNBn{1g7ExXGtV1L+RrDjp|9u z(=tpN-2~(GGssNyHp|W|zyuaE6;F03@n>!ip51c#i@%wh1=rV5=HM@(&MYnDJxbYz zNI6)<;H8Yl*&vJ`4Eivcq%EZ;lK19O@KmYsV~y~mP=@{>zz~q4_aTL1LH-Svq2)F) zT78dCaUb&uhHV0j(#8;31jxvQEW#}~JA>NjZVGU-QWn@I^ak`kM=ApcNwm4{2*${yq>z&=?e%%!5Nw9b_hxomFVt!EhI@>?>%Oot#;yUcJ zn>RJA+JiY!9OJ0wmlZdn!boGX?7U!M&fmp)g>g7oSU_1ZI<{(upDj_orzE31w5r z-H>^ufYDa(G|vmkKdXy}E1@tCeo{4oO{;u_a3+h=d0WE6O!*VcPT4#>J+!%) zA8JVZfE(Gr(_OZILz-M-R+EJxp`87=3(&3#2zKC|ZHRI!=|~&!t`yW;n$uyrDO)(4 z5BxGHu;#@yv?NT!4{}y$SIf*P-06H`9xz-bbDf5##^upKN_n7EPwjbnczJ_7;ctW6 zyQz$mbt`gvU$;nyCXKgW*q*pcCJjB5S3kK20pge8BNkhNqS>x}1>P{Ka*u&2DjWj^ z-jJ$OM}aBUE(0d@bV|9G;VLEL#EFG|DLmIXN|0oghuEM@9*lw!DP(A5N79$4p;5%L z@9@<28H8e<8aFXda4OVhxIL*%RM!!b?pB13QXvq?)JHm~#!Blv36DI=JWS++m41Ou z0QQ&}_z1~&{IZEnlI}l4q@5vBnG{q%9%7OF-+5El{;<&34+}|2hCnC<2`uWVMMxg& zsyw~2mt}l@`!h|aDjj#KJ-C}oZE|QIrpe2cc9>Iw!6lA)hKFq_#9FNf9+;IZ)Cm_R z;ZY}Y2n4wcgD;>_H&T`?0Nk4sxhUOfmoXJ)1E5rXut~(EA0{jBq*CZ65~j{Wp)$*d zPPpLRo*0H5^0!DTl3VqxYnys`-iM~d>R73Nt5v0&|J}cZjox|N7TgB#1nwLl^{5V* zRVejnPvnv>jNlh6yjrhJn55SI{JM~K7d!;4yrW;LsVcwQ(x8<9=JMSP#_liG-2UZa zSet#U$9VQSH{*2oq}6p<%4!xgzRid^Zxw$>(jwZt=Y_L&_44O_Inx8*M%%K7f_V+J@4&UtU?E%3}>k z7XwPB;Zl8u^-}6=+=(mp?{G@3(urXXKcH=(15quJirxpnE1PHaH?+vR_Z?qTc-g-~ zratpybbdE3bMVh+sIpv#`Mx41LIvAg9>U@zuR5ID2TKF~`X#ws@NwfM!4_Je{`ql04o z7oMRMi-3#w+?-0D(xV0f=(D*rK`rfi%Z;rxK^<+DKUP){Hp5U0XcUP6#2t*F_#!F% zi}lvxM&Lg?JpR_H>E`f- zA|RW(i4J#?hIP0lE}9Ok?ET$b(c3S-03nV|ggFnEAV4>@Qt0%-;`QyINI#C2yfa`~ zaPOk%uZ9_@p$PDDOh!vs{>XfV=S39< zna}gfr(0Z`4w6DP^kU%bGo^nT_SA2%%8c;-iXZ<)Y{&|_^PHf zY@MzUC4LnNU3akswYMtOB%+ea2i^J$i*89nFgiewPx*pgza6Y~!wQ78&&!L$>rL_D z{xAYR@8>Pc#O>+){&Demh`C0zwjQHlk&?U+Ev?3Br&qfds*oqq1j&a$B?+sz&mi`soeF{a7$dz%{`0qTgvAL~;>0;(0T5sKWno)FU zF-HJz0-vc|t~U4iScY+S-IA^*NxHmAtAZK!GDH)^vxWQX^5M9=d@=(=fb2o8Y=J@> zCOAe67=5?|2zU`t#)F0aiWNjbZJYyeoT<#=z0g^QZ+ggF2p0BruFza@I_Bx?y9u`g zy|Cl&BOo36BkSOZyO?$LkobHZN8?hOA%B2LMx$~yw&ULG;gZ$ zF_y>piD?P)1PgeSX#~)DG zo^P+3w98B4Xf@K>JAoD;DvhLiN9RuMeoIc*TC}t2Z4}qcZC6+lZtaB+ops(u^- zVVg+CUp%X~Eo2VHz8lSC_Ilt@+_2S`)o8#IqyLiNq!ICmBG_d_Z2ysS3>6 zh?Oa^W+C%$w&d6c^=Tp$ym0X&9K*S*)>CprW9vBBhE9cErlD%PyIXrWJihF($zhPg z(8fy69f4-ZN80(yunvhcq4-zW>LqfhAZThITnXl~BdZOB;r*f9X@K0EY$ZD0eB$|V zJMR^|lZS!>bLP?pOQbIK(!rFLbfc}?$Eu^P39Wla`URGcY61W`Bn)=?$1i(_X<2Y4y)G=ga`%l>ehf;E4xWUJKf^< z&RMLGp|!j^luey3HgU@0uVOK5Ge?jmpGY|oys9j}Xr&}B%6mrBRSEE{EuKm$uXt0O zBMe1^hma(0RRCgbYlv)dzIJ%7QrMlknx_KejwKQF)+=SDoK3Y{I7jPA7XQ|nmuHkq z$E0ha8x@&VY3DF!^!leT4Ww15lfqSLz-8j;95NjnZ&wx%^*wWUQW5AXKXbhbzMYi# zB(eEH8$p`hi{nq`&+*#oqlST7V3@5`R}9+;tQ-uV0?0K5Q{^N`vOAm$I(+mW>*v6{ z9Yi};heYO@DbWdn7c*1XeTV-iNG@X;JV{aVOY-ZStXEMo)zDaF#D*;*q2Cg1DnR8I zc6dF=AA5wGBG{ck4)%U6aav;HqQ8Yo+MpoV8x;n}zKFxkCWwKtHfPmpL4{Icjqs8{ zjo1Vo;{ZZZ#%w{mPPtDuy(92H9oeRfE8~KoK!ydFEF~&Rh`zr|Ckexd$AJiQWI#$t z+2MWj4!)q5i&4PB#ZD1HRaZKE!l9wb`*YY4I)PZlU=jsmcq+H^*5LdMU^5~9{>fD^ zXuy&9l@rjA(hHt?<8=FIWYVj5>#(ROo(}whasY_g6sV~}Q!2ka7D0VlLTvH+B~}@D zOv5x+LCuBjs}@<~IA|#<2=SyDF(DWG%kt%}a}Fu^Yt{jj2s0BYlL{{3_ZTGwcR7h= zuN9~(B3S3R7|9Pu^#xVSLAKLBh14K!xjQICNl}-*riIFk8XXuBuIukOFnVTGW@La=@}T$# z9#D`Rj4O_>!HELzgb8e5&eTc7FUy1_`VD|NaDeLRR3~u#i<|~LLKv6;o|+|(2@t3= z7rxFf!;V6rO2c22m=X*;N=V_7;iaNeM11;PdTu+)(pf}*M6zV=HWDHzuVZ2oa#*!t z51E(g+DSVRQ~fEqrHUl7B+`f6r^wcC4s>Kj>fP$uS-Li3gzo^} zp}5I*hLeM@w(3THE~0}V!R!jlLFn6-R1mLOGPPQ+*VV~@z3@;wo@}-*plxRTS}8ve zW6JWl0-wjzT-~a2kt#tRN*oy=csa-zN^_3B1F@TWd@~o}iQqYo=Nb+vvT@;mnVhzG zQX(9!MEjF#nQ&Hx1Cp7^l80eZinW#1(XT${>crxE;~Rlv-K9+ z%je(bHC)GLh12c$_QfY$*Y$zl!<$=&{PbI8X94Q%n9ev2Uvg(^1Rb4)9hw2MXyoZT z-@a{=^8$up)dFm5P19RVx9ecddH zR&tkV)?431)UHh=S92|{d3XSl1iT=ZK%f(g;S#Vc4Ki~)B<0YQKNZFaNb(hJ6nIE% zVxm)=#K9TR{MDkAdxWm7S@t5Raurc1QAnDxUL%#}q60B+r>|lnjaR2)1B4^E{KaA> zOzhSqc{8I9bx2HwH>}%HBmba2mV2WtBVty)WR4Auu#vD+#Rg&=&qD!XBF@AdYwiS0 zSlmfWf;k^qCL*X1*T0AUeSe|ddr27nPG``+jZ1+6yO|cUU9g9}2uTGuL?PBVi6c&x zfrF`3QbPp37wJi8d|OyYQB`g*$}y#kkXytP3euU-k~@I&4I-gF`d4b08&|d(5iY{T z1WKZHQhEmc&lJ7f16ByY6gbn0E@HYj2`5X0{{p@}41BzkzyZvUny;ev#G`+TDtj@Tj;<9o6_+9JseyfkK2c*b6cN5mJsa@TdWeFBrj4 z2SPWFkuHhgPl7%Dh&=aSuoOt%|~A^!>ZR< z>`xiY6Wc7DtN_@}vxF})@*rWn-$rc0PC9b8f^CD2IKSA&>dHJ#7~KwbEYExi^NqWf z9c_Ba(-`)o3}VwoXqp%fHY-C5bX_XtEWy3$rikXtF^3~T>qa;J-BmV2-O5-`R}#~= zJuEMB45WHwBl+BlrA>G6bo6&>>q(V5;;=O}NBA{&svv)+);OJMxMs}WnxYtMFJ>W(%&KNIFVgtCSOWseq)7#cAJ56dfQ~!SB-~M_Bw0&;Brhjx5 zx7ldN9anXqXabg-Iy;v0cj(^XzMr?hZi_I!-=^)l--o^4kH4RTv!9u3E2HrkUi9re z+b{DAwYP_Ca3Q{yUjg5DNojmO8Cq@b(&I~8%2=JBoLX8CX^D28T(+&+$^cLGnkg~v z7e1}i=I2@E%x_O?aCuL#+KA@uUYBIe2tz&?v2%@p$flb=lBa3PAlz&NCzFRo>Em0*vh62}YIr+dabK$t~)?bz%OM*RyJr{p$rrNwQ)@04&|#co-g$cHUWr6&3Tk4HEl;V zl~<(BL9u_&C)<)IW(fNzs$}zTy$p4Zt8Bmcp`_nu%2jV6q}q8lvf2BmT;V*M7&&&y z>uy0Ft^1rAv-GNkd@Y4A+N4}f8S@gQ+GJ9s$CKveIqoTQ)cS?Y;1=uB%kt@9lWWb= zBBw%4QV`H;qomQ@Yy;X5fRiaDGQMUT1e6=mrLN$P`^-@o zI4-DC2;cWe;Z$H#Q83aXtGdRgl~pAZ*j1eSP^^Oih_w;Co73?*Shl1%#8W-?gUd79 zY|yVTSp{sNT(KpZQmsZ-o8C5R;F_pRj609gCflIEwE@X^PXH8Zlhup}Zq!6E=f78O zDwfgl;mEgH;oP5%+${5;&+efMgPq3Qr)ckr%K|RVRi(Qr-w#jSg5%wh9fgGI|M(|- z_V^D)>WU^b;srz#jPZm=M6*eFhXHqL<^=gVAN{e_U%7gp!rd<+pLdGt-7U6@(dykR z)jqRTsg_Z_6#xVo=QK`*U0O%md`wtXjZ==<#t!FVD-SBCN%}>s34W0tMAN-=3oelprAJbCrKq2j1<+7QO~oL!li9-WdHWp@1Wx0AMm^uwO|{85;8@*9bgt zn70kq4@j=dlkRIBCRxG!yL58XrR{6U^Dq>@ghgPHXYgdl*+TitkF(@Zvl#AE7HIL~ z#H-AhNu-B?1WhoOGdZM>@>3y%>1)h%qk1# zrn5$FBR7MLaiImboG1e@TteW;1P|Qz6oCoOWbjIJi4H2Ia^UMws;fb}! z4s?W&7-d3LF-~C_W`DMaXo_z-wu7P*8Sa@z#)xi09>DQqCt9(TB9bt+!3jsPdK#%Ycte z%HZYG?Wji{m|kAIa2H;5gU3e6zt&Rm@Poql!J>HYVSGd7r50?}fOx~3BJG2?kOPZk zdBfrNU;C=8w;PK-n~M;gr~O>19G5Wh4g2YS-=FI#KPZ5glxNx3*Qf~y7~cHgk3iCUAQiL41YTqXhxvN z7r2Yx3r$TRo}j@Fk;C?tG?ZY7EnvG@H~F9^Vg)E2Rsj&%gX;2?&e&tt4WTX-CI?aC z>aQ$Y)Tpk|6G4G)sNZg+JoLC3-$oHC1f1xMUPBy#GLuxeE9yp|rxXNob+=C)-k5vx zAuFo&kB5wgJ$n-z^ibu`db2Hm)`p6QZV(7@fH=C9XznV_V2?9e+UByFD}ZRQJx_DE zeS8LPPyiSlbh7E)I#P!MoK*-OHQou-Y`{A?HINi(nd?6&sbk*!fa{w7^tDLWqDXe*nMZibYPMW6#ZA4R-fvlOm z+p(}ReI~<|Wt@?G*NqZE1^60Dt_T^S_V3k(SdT`>S2GL$@>``B{6)h^t37Q5=Tv3e zECUTBgVCEy0Wz7W&1r$EP*Jb(42Dw|iNduOM#bP`ME!X?BgS77Hv3j$fk>tM%#oJ#-a%X^D@8) zRD@pzjgrVlUp_H#^sg!20eD`OrF>V!)O#{*?Y5>0L*Xm;KbE*hF{s~}HUzEP8YvoD zA0i)p7ih9_PKwL`Ai%5(5%4jmS!JxYy+zcZHH8{GcABMJw1tDD12C{$P^q=A3N{K` zQ0va^ElepI57IVMt$^Bjmr-3}qzhLP+wNLn)E;3&K6KH~-l3naPc2K~?G>RbBl8O1 z4%G$`vi17)ZE_;UUA?&E{&pVT1^w=&5Q1OUrcY+*J{jHu0J>g6j6DTi#$mp6>l6k8 zUaK6G3sdJCh>$`l56X9X^z?7e0!Q3p)#0Ws!bnN=iyRB~qwqbely46+4z-{*n|O*r z;IJsBtmUOcl=dz^e^=ApdC9)b>g7&wdlH@{cs|^tTj)-&bchi-`K)E+sFkAC`f_H8 z8yUg==5o{nz!L&k2u@e7mq7VIp2xE>{31U^5g}>n7C7|Z9@v)VeDukVDeSx&cRY}! zB_#v%UufjrEvzyrsvU1%UYY9pt@?gNk?G%cM1j0oUZHx`+vc8kjoqIplMX08ls!DA zzoX$*x$39Ca(j)fV+3D`l1hYBiEZ49!<|@@-y^*MR@6D>?J4e-F2p0>o4mDS^QqsP z95hX~n=Z3*cTfho;uc94Q6rh(VT2;mA|2Et-xRU@3o(z@-#+ z1H~_5GOouUO}Hp)yGs31$%3EIFzyQ$oOhZ00kQtHB>hP2EFKBa%RGDH9;d0wx_2H1 z22>)bCwRIEzO+D*_4FYprmI2o0D%ucQp~jKUJf!P#~jnzmzIwc!g1q z403eJCs3MDAjZG*S9#1Xz19JlX%d%U+*Zd8nq}?r|HcXjKwgH{5`*qQ%WWuc%gbr?+d9{9G;QL;xRq-G zgli$LIO&z8LsiKL3Ti4(PTqt}0+UU%UL$bI#M6%R?1djZA+pJS#jCdM)kGTfX;)Bn zH>{d|OEGnME7l@S1ns}sH5ZPwN37!$uYHg&$*oN0VV3>K+jB05+U86qb#+R^HaQ^m z0G$ifqg;Bbb8HQx9t8Ikm#U7=Cx^oT9GZ^p(cs?f5pt8x^vKBOxX8HY;7N6-^vjHB zgmhs75$1HOh978l{6O>c2bxEzaP87y+(5~=u4oiUj@f;6BVEI$Nu3LEwom3&kQdK7 z`WwPc@n)?Icm)9$4!Y|7oPcb!{g<%L&ES7oq%acWOaAr+0C}1koA$Smae!;YWqtYL zctzK_kB+UY{#QSS5_GoGY=f@y>?wW`v%zG4AS(^kV<*nGD5s6ny<8=d!tPhoI!$^h zzYhwQs!ay@F-CiWg1J;|U>cW_p(qWpCK~2MhC!8;ceu!UYt0!%7!pRlToxvzaZ>Gjw$?!KT6ZG~ zY>^>R10z8<9Tfp%R-Y*$@G)Z()&V7saF1chf~Gg1h><-Cih z{$B%<>-_~Q+zSP}$^C$QVu!1Mp*!zF%xn!@;)(6@)JgYmjVcsg?NGjI+S=`U^N

q}BzlN{ zutuoGf_#JnAsyhOSg(nQ5_kMWE#r!@f$`!nx`fjh zT*7>D4dERCixMLDO$GJm>Fwi_;V)A@=+fB_Tno(E*>M!K?5(1fuffCJi2eBJH)k9W zs?L9u@VF~$i)!x31bdyTk$|^9egqrGdvGfOJzPvH4z6x;x9oZEss*jrh$ua*YzkJ{zA9RO~I@~M|o)JON z`T`?|Lk;>~RuzZ09$M+u5UzXr0Na*h*fD_4TM5efYXH<%56B{53V z7-M(>*yX&zEwvw*sKG;yooKcp5n_g6jbnhbEU;t#!8u1`9ifSy(U_$W{K2mAOoN~W z(HIWHLce8!l*|cs%!m!m0J&RPjr)^>Z|XP;c{KZ59jTYrwmAW+MEphP60AMn!c?W$ z!h?!6^4h6=THfiq=UOi-Q2UfG#B;wZ^u4nKfC(4l$&D}m9LBRZ4!GNBDL&+Mik_(N z^x_x~@^nwarvRllI~2ju!RJPTja?U`6&chvb_%ahQPL`c&u`ey=|yc$)a!`1}G z?aH&!|6u`}UGSP!B^?24rWxnBF!K}ur--=;{{hmx$Q&q7x?8hW7(E3ne67 z6R^QUl>(AMxfNCin+rm-KvNjMMEFFJnFeY}Q{((7KAmu&f^qFa3bz>*D}wYVC3yWf zlPuz`cW<=!udAHY1vUpjMjpz^+u8*thd`DakB}gcEWv2=BDBy()ypQy%HSlu$lfmp zll_~QF@7{kJs?FvNlb7=&V-U|0v=x(;0f`DB1xJV(KkrFY(L_xagvw$(Z1nomX>Dq z&X{XKA%!$+eeu$|gsE2)*(|R)mXvTgs9k^u`5*4~BOmdIkeLBcU%2e}=aJTC9X8fc z9SGJfdG*%2UMd^NYS_HZsl|$B`)BvPVkD|*>S2T6}ge3W6MJ!@ykp0NN~z8UOO%+R@lYlPOXos3UWk|zfH&D!^|@cM>uQ;qKn8WL%%F8$Eg zvvNe!=lkX*k*TGm?YHh*PWLWbSLv8{X811L8vqW>z09@5WU*=vJ`EtQtn!Wz9)_WU1He`mQ`=4gK~g6miW1`$x-vM#i7piF6-30 zuJ)YA@p41*@%3%QNA)QIV^C8JSK>X945$J45Nxt*H6bO zn-T1S31Il^#JdlXQ4?>*tlL1X&bbggA%TE7IE+$Rr;}F}-SB&3=-B-gy zVghSUKXP*J0EBG|#|TK~)LtT-bjuQidlYSN2q4xX3_^xn$<{2SfgfihYv7Q5n*waZkW8-xkT^tm#CP5(D!W$UPwne-m5S+ZXo zF<^5QypVKzQv+FbZVgg1PrdFsg%*i!)m1HtF&Q^?UHVM=3H7=VkLgBcq^u}0M zr~^8MzE~U#TP;h7bHX-nJ*G>(a?pNJ18~$38nPW2jNOb3r+Y0V+rH@0L0Oq??W&R1 z2^*Z6SB>$mu(15Se_dxVs$cusFc(muYt?zD-U;M(S5nS4yX}PS=~JssrrmNmQ~Era zK-ehru}<8rPg>9=Zt#v&OLV^v-r8Am>Vo#tJu%tmITY^qG8d&`(Uq%Q`lSUs2*6lE z`5+4Gd)&HOGSy$-oX@q$j(c~>9NYKS&Lz2BlZD0`HBA%}KfFmXFCF#I?+0b@r48od z5m7E%Fq>7lyfJ{E@!w1Aso())gxQAY$5lBib755+hXAr9+BK8}Ep)5RZ+k_DV5E}( zota_)UNCqVXdoA((mVfUHy@)x1t?#N9k?ie)30_8l;|*%0-FEJX>^4g0cv9Cyg;&e z8Lm{ZpeU8{y zg1aWMvOFJi(k#&CkeaC5?r1_f zmAGFME0DEWWGC*l(p&$hQje$A4~;SNRQ8`5a)4sM{iBA2*KUmfng-X0*hk)bmZ-U; z)g~c>Y_bvXS4Y@JtYy5pR!-g;YTflvWL!4L{3bi4Vc&zuv%2xRkDAIV2*58$ODv5 zR{B@2p++Z}_~<8b@jw+~K)L25KtMKjs5wVNG80b*e)J}rt<0yOfOG?W>Y^) z+leKwcl4B_A#1uka$e3$;IrGrE~_rSvOKFVyV!__s+9HfE+u1yxJ_d2O=V++NnILr zp!tQAQ1^-wX-r`NZ(q3+lyOct3GVcT?kY!T%$=jhD^cRfP9HpYfllUN`v+%<V$p29O8KIc z$rC|s7llFc`3(qyk++Ru^~&Wwtfy} z_k7D~Ld=I0ilY;;g!>(ThT!&hQ<+$|hBXS|jg8bXwhaPD{bP(5ejQvyVg11P}JdRUYmvQSDK6;bQXd1y z-kK1eSyrC=ZX_LJKmFnTa4}hab7{ThA+ zQ;a-5#^nEFU}l(T6?xF6D?p1v_e$O1vlhVXMQ&9(su&bxQRN5g-wGg7NW+S;0p%7{ zAU{(qQhRd6M-SvU67#iVTS&#&LUV2GSy^LWZCw7b#>Uz@EU>ag6Gj|CDk+Cc^p{8l zDnG+Y3H)bNqz&W(=aGn_6dSR*84-eVs!}p4WkZVHq0Kn=LUnW-ac@QFky?|}^<>o7 z8+dmlB6%*Ho+2}9c#E6PN&yu=_l~Xh zW|4|jmEsFB$9YYZP#7#~IQID|+Bs8sI?%pYs}6?1U}6dKMr_XHFX=FZjK}WuB|RBP z^sx|U8?!+KDT*@7NPZFF^fqNSZeFYpwr5{TGVj7yiQ}ac1ojpS$pC!+YgfG2hc=5= z|2MIAAj_LSYy>Gv+l#Yd@)1~%y22nTrPtV8RE3?3^Mum&w)tI5I7;i{ zr-{&eNoZYQz$GR@3>HZKRGPce6~6925BCXPN|mEOo!-nKaJZxZa*e(kA+YFyuoLiO8wU4`&3(dJb#_HTZrhMDBecyLi+oC*$hWO zeYPU}-ke_jWd!JHl0-I*p7OPcLaO!;+rmI zkvesN^Y(e_2s*N4Eja}@a!7v+@h~R`J2G5A`nB*-&K;&%PBO6uJOA8o<*c^0*0 zQCnT4ze(k9VP-ZTeTDj78#JHh<1B91P@|2~6)ZB>Al%8-N!}zYtywQ-N#iNdslzo=57;jbv~AQ>TPqYX+78PNc-I8 znFW-tX=lA_3bx_GZ@%e06drxzp8EUDY#n?!Bi^fBAhen;{UU_Y0zuU6AM$ zY=LKANs}>YC;1^TCN2JeA&?sSKyr=Up^oqH#1O{tjmXNn zRQrEq^%2m+ekK6ARESEyWg%wg$-hb|tAHQuI+|3Yxu!@E+|)lEbfy2&V9W#(@z1`; zauVZ}GQGnb94rX=$7{)KaT5-Ww+DTh&{Q@p!dt#$tx(f$eGYl9vvY={kcT*ZIPy!{ z8K-HyGm{F@u@|sacZQ?N9L#7!8Kjlz`^+YMwY2u778<(t4U6Qw)W)lLW$;|5fGEtV z)P#FkQa!DSfX|qFQZ1p9u~NX6Q>)K|O8c9uK|U5*^O>JO5dDxl=_;-b-YVH8xJKo? z28#nfo#i*LrzOi1K@-+gYh5piCFIw+>S68Jv4Qn|-*lfa1dlLsoii0p)aB2nzL;F~ zoN>bOcptt@TKLzYeC0D~EzosXK*LVnWw<5f-K95KIcD_UW$Ame(rsMcW1S;mrnbE| zzwEJjw7X`zXXjgg;cQ9d=zHZP$D=*R>Fs3`eqX7W)&M7eXI7{7v5t|imI$3TS)7+U z+I3S|k%zq5nM(M@W86cjx8>SxbCoNhLrMZ8?tI4XVE;R1Iq@4=qbJY-G=1*07vku* zY4UzPzaPTc{q3YdR?+q>Yv0yQE(e)yngsW(cGA%C^wa7fHAtvFX!V+&4dt;gEquE( z40{mA;XL!#cS|XkTlnw~P&hGI+TYfN$1>QJ9WJ)}-M+d^n&}q|Z5M5%gZBAG$9vV{ zt?5-A6#inDRk-=G-8oqaBnQYyGdzds=!2VW93O&c5VhEEv=U)Kx1hnWkC_&Gic!AB= zKD?rwm2mLPHWPWr)!yTN&4vf^*iKKDQ;rQCtGY}}MxG?RtjcTkXm)&2M?jT1&Z%dN8NI6&+;&f8eD!KX zyfCdP)?$JF<8$H4@5?$GmzHXC^ZN@S+NMT5v4#7ubO-zTrD52Xtl?_)#<=o;#_+ExRd7a#^yi*eKHH6&YOkNXr`L<~; zCQN;2ykiWb+e@1`!0ysD?a%1DDG9lu%js9j^||#7e6ex~Iza*|1)7>Z_tIXILGOcp zv37MI_uM}D?zl2Q^YTfX?}V|&vi<9O;#e63XhT2sZ#n%LR$KHekq(18xY*?*La!8B zAsE>yZ5V9IjufBzm@}9Ze$wY)csrL3sXXnX9G)#XL~Y}cj1ER^CzEwUjx_W*gt3FP z7v^_QX%SJAK@Q9jEJ#Pl!0FnIwTE zq#fw9=vb23)!l{(a`w@+-JiY=V*5b^DA$>s+@`2(EY>T zvTX5Bt(r@=?(JnyZ=~M>-=2bgfN%w+vcg`T>A1)RowCW^gFc2BV$6cao`ivsDdEyW z9)GH=6}=}}18@rd9)#vV^6Ee3hMCp)uZql^etA+A+Z3P(VkU)u>w1o(~)NP9X z@oM4wZCgRT=!HJD*!Gd-rW`-wnrV59ubTF(dItF1;58j*SS^lA_cC!Y2 zaKLU!RvP`40k}`KCadWF?dDs3^Vkh4f{;B4$leG4wH%447rwTGm>KE3N=hYM~5HaTGmwXQyTs? zI2qEMC9BnQvD1a#((ldCAI5q`#}axJ`rZ%PEqbp1i82aK=^9`$ml<2^GmyAjABGye#`?CuV zYM2V-nZKG+YNw5mGRo|WFZ`0-C$`8Q9qwjjzMvK$9uT~&#q?QjNYi+Vdq)G^gH@=J zh4|ZvT(Q!5)Jda*snP)BjaU)BBn0K;tX)D?lbx>nnXa z7H6mq7J;jUunk@Cb7>02mu)+v4z?)&AZP=&fcmW>S7S`WO!O2BljLXC2M{%)?nN6|H-0pT zZ9q3@POH_}@>5wtdtEK*R_Gb`o}l$WEgeMA->2v{95cXKzG@jRNz!fW13UUd-h=(| z_;WE94~7+>VQ^e51W|JK=! z|HiF-#;N=0$;PffI3MX>+4aWbuFbrCxEMdW5{7D_-;4CTW@_WDxzSnr{vw33+2Dy5 z#d|!-=&bhhe0G`ymu3?w9=X5@uOx}ejuv*RWjWWi`7X&b4z z&Fanhk+)`rWczzI$4YezgAq_Y9qf;Pi!$1{dzI_{-|(W+$xySIXFFH=!N{1K1V`_0 zj9%b>I`oDSiK}YYr_N%2G26KXe0Ejpz>$Y z#^4bxuFLWLN1X4nSBE#=$o!d%RwqKfL+Cmaqy2RuN8C#MXjEg(44@7g7ypbqNu6Mq zA!|dIBF%$ZUv9c^E~7=2knWMjUCM67{`;&~fo=J5h|Rr!#*YWdq55qbw^p8PSe0~% z-$Z0KI(~NW3{z5*|2JYN1t$_}qJHv}NjFUbYkMpV=4kl@SxJ9Q)nlw2*7zdDG9zs% zk7J(chl>EUVzuzKKQLF}I3xKgblC6sOv+IH4}~vJFX6CgW>x(rn3kiIyp#|(!bY65 zX+ylbX3*V>GbQJjkJr-Pg#Nv>nUBWxC1hoYX}I%3MQGU>9vVV2T39Pv-H z`4}OGiw#($`-9`7Lbn-70src^-3HIvY;Xn*R!z+h{avAI*iS#lIyDjyMF zLlpOzwZ?kn%ipT@dN+gKHi{(arZ4)K`xku-jz;|=YR#(&xhB<4j~uAWOCd-c72x4q zM0F03%v>@9T6U^!oFEYx-?Wr1tUg2MasN`_Z7#{;93+B%jIxgwKA-Np?{I4ZYEx$d zLkz>4zc4*KuG0_v*2Lan9!a`>IkzXMY6U4iTPzhu%`9V;w^uA3+6QQ}y@|Z=u|DQ< zIYc2O+ZY@&4FrpS>L(KPjWd+q+^ms&hq$CV7Htjym{TssXCv&xtT4zlBwOUIKh`C5 zM@AhSc!F(nuD=Ghk?YW4yXOXVZ^0O8ki)CQu0Ln+u2Z>u!cYoIbByqj*gkdnot5kn zR&#TTttt&qtbm>rNbtYWW_R6DnevlJ1S9=cZ9w^DnPRi@TJTEa_5>{fdORROh?0?( zgmw#%IG&q^(l9e>K=4u)^tD-{;6fH`7XLPi`fk3tQEvQBXt%(yslE^<&<<-gxDU&y-+m!NnXz`OuJ9xetQ&d%q{;~}C;f|F79EVfHBqF0(Ns7_!);uS zI{R72AjX@5!Dgwuw0Gqh2Ut`+H$38COjp3q1Z-X9@&#c@dvU~d)FZOLUA)-?0T@Yz z8+6rBC*s@;pIvDXtr;){mTuJOf|E%0^Jrsjt!70xMHQ8JC6h!pp1bn&+rfmK%+j3d zHW{QR&!TgEA?6(@PLKwSW`lEP;qBy9vsXUQ;xw!Xq^fhuli-n=s`hNs<918gaw)*C zV}CYJ=?5}*Z>qRH{TzF$xIF0PetRlMaU80GbXan;J}m4#DJpULr(%3~@@LVS`U8A= zzNDlB{OA@bDTm14)jnzyD8=6uTF4KB>l`f;9P+HtO36$3s;~|6zu+Y27n}_Lf|K1} za8mCJPQr$1*OuRI>&5;*4FTXxRm;Sw8TbKM)-MXzdbvdF3T)-{A{xNrv|?h3ebEpa zzGw)ZUo-^iFB$@FueE|x=~Cr-b_;3?(T|1;?dR93`^w*4L3L*_(Dc$T7MtqN^y^1F z*ZWw_*Gx-Vow$vrhlw{4yp2@mhsqM;XUv)OIP;yr>Vjzj6b1=n`#W>4Jpu8*KMSM~iEuvuf)$JZO+nI7qjC%Ni~Vjbk`h1C zTe!|qr<5}&bpqS}2p$bmr|gQGuUI5_J*Y^;h59o>pa2c{tS@qNJ($$X_-y>w$;-sa z(u4Xz*}5U~<&uaOOX1X2K!_=LTB==)Akzb(!JrT~^%3`j3t6ldpmnxCbLp3fe6L=D ztqRho1i1`L2We$=CRq}yM$3Bamw^b=ryL~gm$7vl!3pIV=KO+e;a`w#>kG0meL=Rr z<<uCiB2QOUj5JYRgGjH3Q6mVWU~Wa8HobKT4Qo;!HgS=R_{_o8Q`0d(O?Y zsJ1s2*>G`OhBOW%_$>P^qXkIpWQ%wwxH2!VRjZRmvy!9UrOr2vgp}U##+@bUQrjJ` zm|E`1$$GpGr7<)OvyDuD#WeUoRQmIZUqXS~>zzs0>*S+{lduWe3D3P7WRs1BN7V2w zo#>}m8Gb&d*F6KGYM-a>4B#<4QlIFt_3{aeMY&)(T{KTO_wik@SZ^s2+IA(eHQPPD z-=9vNm5TY#A|!3)VJ@IGFd@IL`}}JppmJ#t*+6k;--WJYV_}2+R)lNxSZ`A--idF= z{GfCt>Ajx5&>ikqiN$Mxp^ssBV2oH5 zPkE_d1O%4R_j?g*I(T4Xm}(Q}=yrjY*;B(I_Y*ONS+X0}kUC40_P#5E0{7T5PTrbr z$|VFd!W%!|H@ar+!J)5p#=Nn9?m>!=Jz=H6W{k;I!P>xmJsVSZrW9 z2j4o@_s{mAH=Ij~#XB$bz?MA5SZ4q`Ip)IzT^^tz@5?3ly%u1bk-@*L*D9W3G?qGs ziWxclv+(QF$o*PQb_@TkkSN3ZQMPgO^TP#rd5hYV#{!;u3orQv-Y?*jle}Mjk1D*w zlV>v;1E3@tEa@7Fyxm{;5cXKr;;cWR)bL*tJ6?OwgFf9~K4dd9J3hOOJN73i{4Iq` z?vwE+8?Nys+<}6J7uOG(-Rm{6!jN*7;rT;PFrx|o!#8Qv-u1zA%1-Ouhn~e}wKjIV zvj+ahfH{?E8AsaCgSpTggE=QXzq$`z7PT>=`iSZ>GJ?>>l+um$#uj7;NUaxh)6#%F zzv+iI2D0A^qRXZ$YS#)sT6q{POvL7B5b9u(hBPCpu>py@Y0R116*Cg3M3$C~H5PGy zKX~dmzvct&y@g+W>ajnntK`W#XtWont^FP*D8#xn(P{GM;xIH6cqbL)mq{Dm#63eRZPKM8n{)qmw50*F-BerPL&vZOZy!MA=L-d%1o|6;qC23 z@gpw$>PA&+E)xf*mG zVduKh(MshODix%;uo~AjjtA!T9h)&>sC*|8627bC6-@AZzI#ARA2~Qk`jDa>j&E7(v;nGYB+iv;EpzV8jQ`sZeD2xIBWm2ng zM;SnY%>eaxMu;O0!>{PL0ga}|^xHV0^RWheRKuE_1Z=K&emXCj=q!hkZ8v2VeErX# zFr@Ym=`_qgN}T!PBjxnv+q1PRZgRDQYfkq^XJz`AM{)?R64ngk+D_-jB^j7H(ur?E z&cc}8ZFcT#usZu?RWj~Qc8xR)RjXQ{%T7VVSJTa zY#sja79#3%m0MNYgJk^?Q@9|>116~X%iZ0bkMsqQj#!PhPR%u7`Z7`|cronZax-&* z@$tHP>&4n;?B@O@I;Y~${B-c*zyjE&i!URtT%}vII>_i{h+&=jkOU0{=j!ouJ} zQd&qmB*$wibP=bEW5{0%niBjT@*WGXik${6CsMJ6LKVTUo)v9qe}9}x2@^u^c;F-inid2V+1YI>UpTC#VJNTtH;B^P96X6Yq_WHZzRiqvf2#(}>d?G1 zOV1~$t_AK5>*~BFnjO9oU{bCUs1V@QR;FLc!*%N**JSQuf`KkCb z{?uF`HT~P_JN-Y9vr_3}hV)tgJ)>-PNP2DsV)a>WMKdpKc1lvTmHl-ftGkPIKc%!t zOQ2?yn(xP08$S!Rs!8b%tmfco@`uN?hYJInm2f)S$vI_f9J}KRrkdWhB$)Q~j6$^c zXmVu=dW#5{Rkv5+eYc1+#cW;)1Y5g;m?gORihDJ9swrc-CXTPNM{uQlvncp z7*Apr9k)!?Pflp^lLyMFMNxXpWo2ldy(hKYaIqKPWIt-%u9rQbEp&l zo})`o)M*8g*Kj(RlGpG#!1d4kvf@w^4~!;}PBNY}&?$58(F zssG#u=B~hY+jIe-mk5X2mt^R!Qp|E7&@bO5W-^s~yY=8fhmazHu8;<+W>oJ^C+(Ix zosp8&F=HI^!Yt>JCS4w-eJ-D=6@JT3V{Rjc931(!nYJKAJSu=O=?XXWt&{i?hBUB{ zAaQVObl$LU-&bzp@4B2dj6qg&=RFD?(AjR`C9vmH@7clEjwer{O1%vM-n&)j^_49xLrdrG(rXvr|_iDWh*I=)0N;HY(Hub;E-26j+t9 z_KCw~qid^1iiyv8m!D9{b#E7x8`3eQZfCc&Phn!P34baKe#i8|*o!+x;w12h2QspP zC7#+vPDL#vXsNb!{QdXOX^h;z65orrErqv%sMJpuc)&k|8UWYl9dfKvV4wIA&E@Qt zz#kJ~wA6DvYX=MN`-!C*u%_0Y#v-t(-a3D9>4u?MrnJ?MrOE|(e7uJ|bbvjQgH*)n zrrmh#4btK?+G^TXF?{=@Dd&_ws#3iI{h^#UCi9Ht_SL=B5RCz+ zLdnt+P!9LX)-{e`g=Tj{1ICLg{$S_BSjO@!ciBSl{6r;&{o`>h^4zD7rMi)#pV@`W2ToC)HD7Ak5e$mD$2aw;^z!Q5sy+N7JlOg#xBF8 zzRi4wGaU2a zYJm$kdHk`Nn1fL(^H_4O=Ou?>jxEq($>V%##4c~wJr!h4#kb<@Kpk6OfS9w~Yk35z z#Xf@=J7au#u-zx$C6fZiEj&si`&S3hePDZy}4{Fo)d=S zW2pr0#FK$C_4~aNoa87?vE>QJyI1+msdj1EqF%nLmDeoWu0)6d-#H&I;zx;Vbw%&4 zNPC=Xw6WcTbg3b)+E5{q205@loQ>|@>XeovIuI#OYEW1d{Zo0vm%%MQ+~ntEyS0m- zsA#R_nUAUNy39{fgTt)o-!z@p*dgKj$ZRY<>+xEuteCQA!gs7>>&Mku1HVb#a$tmt zqxqWo{41hm|2JVZqPS~h;Pl47zlS@Z+4W;0{*uBGUh<83psNu8z$+TzMXl@#L%`zt z4G*WbO?xbh@v%o#w4T#mAppu;B5DL_>FX==-xLDf#H+)}SLJkrPK5Jq3AVsl(rbjU- z_c))jjB5zE07ybAF2c;L;PECDqv>7II5i{!`4&<~VfHIi`1$@^mbp@#&TJ_6yda4a zlx!z%;pfu9$f8>mBR{KPQ}l3{zH(!07N{oU1XQRV24&3GQg){RGS8`t6|bzukM77$f6iic0LC2kvTxPai9Dqk`8p#g`Q$D3vcw41Jz1 zV_X|rsBafpz>A6Kzg7QGSapVc&rqUV$Nth+-py8TuVmo@qwIKb+W}n_ifD^jKFX`W zAm(K{C@0irH*d__pJxRctq6@ii4uZ{PdN?$`%$PGInr^2;({1_op4MU&ZeCycRr4I)3( zaALz5@l=TZhskiIc&0#40Rz6@NVx}l2V8TGvkaEwOb&`>yDj}{W8S9EmIv* zHUn6_4t@5L4U`Vd6>qk=H${aWX5F<#rR+tp;|!U#?(G#PL(WE(B_Uod zxXzRJr22EzIlxe!p!;u0+h(YHKm;WJ(iK?8>KLP-X2AFxQ*Ox-N7z$zj$B(ZRnU*B zi0k2wnGBUoUSw%@mY2!|SCVoZcnX?blaF>Ez(iuQVuopu@C}0CY}JKfRxJB!G6`ezWc(KoFyc+!^dSn7_-ifz;7%_M@;!c^bTrG3n^C7sBH7r!VA zGA}|o!)=xoJKVdASf&q@^~K`>1AId~zF&uMt+_ zc&_TTH{wxpVs$J#nOJQvu@;prji=94q19+RBd~*2BNvv0~9!oAuw1a3(sjI-9h!1Rg{%yJHL8j$)gH+u5|U47jzkl$G&B zQJo%)YN@#pw$@yjnkZ-e3X&_q74nZ+NCKPdSTP*!DAO38;h;N3Jo%}`F@*!?=uav) zgqP+YqqD_~4jsfMsORz<0YG<_z4j~F`zKVSjp!D@ZSwD|Ci$zlC4^c%^CCz zQ%PkeCG39v^^D(wP_}_qV_RQB{D`4e^qkl6kfEERHRDVnC(}w(6@b(yy3z4iE~v#J z^Z^G*kaRXLCcZ1`?;~_t8^A0Z)0IH~g3tSm2=T{mpsNID8LP-v-zJp9t zVg#cA*Da7=ba61cu1rrvROEISCZHu%2 zZn+7m^@;&w=J{=Q^$H0$r#j_tKYBlrM%)jfjmG76$8*4)(2%hQC+7IUcbCeVe*XJ} zG_Mf&p5*Oh(l*a1wn_L~jQ$opr>$5tSszSC@Jah&303-&{}|Y~-e)o)np9axF|1Zf zmW`hs?dw+6)_6KLJXDyje7{e6!t)mEO2Ugp9~_1)k>|*@Pr^5NFpp$r*%xQ}VK@_p zUm1U9#^E*`8Er5|Ga^xQ+wvp@){q^z?9Cy1&PSSyDmZ)$X&fI*fH9EN-b_c0h%tH! zBbj;j#5}M@iVRTvBs6%KiDQO`#&Kedy<4hnv(~oF3HV#8f6<_jmYXoRqsNhpTFY_} z$+SFd8NS@A-<|hC8in4$zN}{x-i&mxn{t+@Jus4}Il$eMFR8W%Q+atlSL5c2{LXx! z_ZKOg8HvLajI0PHX{?y#gg6{6f5A{qjgo*A6Ga-8^$5t0W%Xx9s!lT_b3hG0Umh)* zZw~yXlGeDO8LJ^koQ<5F~HW6&$p;8nO9Mi7V4##&?dR|<~zLpsWoNT za3;5@0mUp*t#tAw-ymqh;%UH%C2JIna$V)6L@VCxH_&?3EQ06|z&d+juTI(?wid87%zZ7jN_L*9L0$lUu1@hM!rP*9gMT#R=lvznxISf&TW6# zaE|^XdZO63#|JuVri%Ry{0@5}y@lvE!$hS=lo6vE8ej5PD3}2<36n7^SuI`(thus3 zT5MlWh1uzlnn;)FnMin(Tu(nU0RWB8szK|eu8i{=R1c&~k$WHN=P zDuW~S>{4YkyB3*k?467neP_$>EsA76{Z^RMI~E5lz4VJAXB3I7A)UlsU5KC(Ygby(5ABQR5#e+V|f6pt!DH&k2GyBO^H`4~< z2LbEuL2V1DN(sBq^26^kY*1feM8sDZf&CRmkbH#^Wl8KSKPZt>1Sv^ZM#OFEiYIXD z+9!V2&BQL6PHLPHr8#frLlgYPut;`cmd)8|TA$i(TJke7uL5jasxV)n3riimeikn2 zer`EtR`^{wdwphcZ39uT{f!)FM0@S{Ylo{eos7AMor66p)mQJNnu*ZS^mwaYnnxxE zuG5nKtmI@ttHy{NfF)vMG2~v893we{rSsMkoOV%l%d-1yuF!yG=Xc>CKf)ZLfyilM zgEkrl9+eTQFX{KfQS8cETF%1(sDL?vY%G(h2b`c*lkjtKU!cf`xq;UWOMq>I&M_D% zRrOamQmQ3CcVE!Al?Uu7TU;ECRS`5_WP^rHs9yyGm1mA7G7u`^*ZegIeoO0&SpM*jPH6ErbNZbLugFX3)STHPX3#(r>- z_PMCmuJntLDv?K}rN=vSrr$0ACzeYr=jpLrH2;Mg5FJU#MAA*FD?HIODTe57>C=`W z4ffORwMe6)Z`szD8`+z_5TscldHm18zQ0R$o)=Bl> z@RD^@mYj{(bW@@>kvg(kn>sFji8^V1ygGemD>fGyqPkESF}BRuEmPxkcGJl80MjPQ z+UdSlKsAfj_WEZgvykW=10ib;mi@2@z;1-kmudm-F1Uz$7q8epRoX(5^XL?SAn;C{ zZ6ID56iN5Pj2Y$mbsDYnBA0T+-+p&u^-unuJCWTF9t0T~%h;GB=yL(iKqQuQyTBF| zt}&{6)eCq79~%@`apyQVBH7E;bg)M!9CWq3=MyS%vjahvCpcYz*hg$M{y5*-V9aIAj=MNGZAfw?A z0Pc^DRm}E{9t_9Lp+$|SaQ?=(d%}(U*Mly8G^}+Flm|jag4Z?crA1f1WiJDLon3Zg zog*;XMAK;EHqET`1X^^y7yf6F|JxI<02JH)nO zvB9liZ}4ESQI+37xZ74vT9N%sIYnO@pyQ-Lf}E0OG#6{h03NQ!Fd-5^jMV+7=x!Um zJ0+ONBJgVh3G}2t^Y#xFH32 zkjcjSVTSJoNlIDa48vg+s7Ea62ETAv(vp-M{r3KVRCFvlL2CDO`xWuXGtJ@}W-4U7 zX=>&9&othX#k5m@!SpDN*Axke2-W=&zhrH<-omXh1&8-Ir78O(SI@;)5PHjRw}Pbk zFUBqFnIdX1$qONt+MR-8({yGtZq}xQlO58sP<0L8`E^C<_ZLl-`Kt*cw95sKJP9?! zK9)BqXO54~3M>XB34>v9-dLP?_w8WOcUq;7`xG^?tNYXmD$aXplYSYXFf;$s((N&I z0-M{Ko7PZn@~g*Z&24b@L>>JL^Zt!Gnq;u^Qh;1xC@&OxkRBqpwQ_JA%F>gIrb`+& z*W$`&6-)G%37mr)nFbWrI`}(XZG3+@+FyF={Z;ElwQYkPv#zSs@azg6F8xIugF`Ko za6;K(-7{B-K;6Qq5GKI=EeS@i<+N<*_-=flw>iP;wl)oWi>Nn5jmOZ0q@UHpknJre zBBJ^#^9S^YV_dp8WUbMhOeI{)RkcD`hCRk!Y;Hjlot2oWXsc(xQ%&Bem{^!Qi2(tT znMlXLGJ0VJhCm%{pD#1d8f~8_;zUiCF=x&(^-rX9A~aNpa_504h;RhHEXgTkp*T+BI@ zkh*~|50C!&9(t1oXYhit&viVqnNwd$C40kEk}02ISeC}8|A+u#GKN|d%ld7l+M@gC zz}Zs$meYR2`w~$94^H%csUDdy@XLqHI2Gm-5AVuLtJwXmG-rB{xF{IU&3L!l36xY+{_Y7UdFY{ z=lru~L@t?-zPgWU$f#09(Qj3+bV=Z%%Wg0Wct8?@Gk+i0+s|MmSH#%b-iz9Qzpq4y zo44wv29SubnXQ&=ACt|-FThE&w6`>bP`V+5dID=dl6-CujH+5*!}C!T3KMPmD}Qx$ zCKh(^LAGf=*d&yP5H?@OT+79UW z9nYRp??HvJRxb*|jv-VYA%SfaW+ZM8MJ0~c@n@%`l`Su5&$J)>Dla&ZGS@Cd+VvX= z?~8#9k-j0hrig=OY@e0oa6O52Jeyg(fm#+6$LBSt^NQm>1Ii;fH~Q()2~_zFMg z7OJU+OY4_Zc2So4NF;bnyw{)-pJ)2fl~Td1iILu$ePyS`PO~TUWc$7191>h-OWIO` zcejoFA~Yo~x}@P#TKN)ae5X?932G+ovf?(`ahGenyOALF z*2H;5^RR}$vBN(X$kEPjosYkdg7mqPu)guUhEYcv z%Vr`3QN4`|-B~ncRL6tn=G}SY0`O)q`PkNLAo-B`oZ*@Nyg3pihA%+18B1%dUC7i= zZU3=v*DhDQ>r#&?t&Hd2&mMMI(sJ1dsb5v^}2Y2YwyQ9O!Ki zcenXUoOA9X&NXqYT*v=;Yb!je_zQ)^X-B!56@f_kmK?sh>WDqi#dZCqg&{-a+GjGT z_u=CI7h2N;*_d^4VGs0S@kk-u^Njka!r>5cYMk%oTam*xvgIdTq)ziGQXS>|#irfq z1@kpDA|K2`fDk!9+sdKoKJfDTUM3TCaaTHxe}`&Zqp`sIqI){I)sy?ZfNy2A`;Tfm zoQTfIjreyrYER|PN-MkJfEbqsd+2ZA#7KWGROcmmcJ2bAq_%y3!$WKzi4cnO+|c^{ zo~_A^fFUGEi04UuB0Om5NuqnQ=~#34(6gm*bnR+|h9@~#S7iy590jr)cMr96t_fTF z_ee{F)2`*Nb@O%L9b|E583v3p%5Z{Q)c;=hFnOn`;|As0!~?a9?$4y8C&F!56UUQXScL%B({sM9#zMVS%ZwC{6s5Vel8u(Pgh z9$tOMz8N17v&yf(`hm)ryLrof)1{yT*NgiBfQ~3Zw8X;t1Od!UtemX;{NMj~>yZ_l zYudS%#w1yzo!6&#KQHuEk((7NGDMlOIw=yAJ<2~5Av=7CR?#y~L2qx@64kxq)iaJ2 z#)JUZ{riWsWNYmc8O+j4{y)zS8Y@6&%j{tN%W71n_Q%tXX2;=!$$g`@+NuhFlj9`+ zvxaJo=K9AS(3%K5x2_Vc&~IOOswec18XQu(&sC#T<>$%g@*YKeYzfX5&W-r9 z<(o@cNeNX!3+ya&qEjjDtyO^!pVTU5TObV-9q-$~eksu8^?t9?>Gq|pT|WWbjyG<$ z1J5TyZS@SFQ|^_l=hiccsx|_i?$0gb(wYfzubVR;4bKwU?^=oE9X6jY4~xf-lD!6V zlXmly#E+ZzuRGB1_!gfWj~)yeiyxGmyKdD~2a6ktbC*9oE?+KBIU0#RcFCVzk-8h7 zHLL-Fx6^Zr_GN3=wI<%J*UdKI`6Fn(teM#&0_2&~g8fkq{&J7F!YSuI+itl4@5qE3 zC(&_t^%-YfIMHx||L&rlCz6X_G8g)mvh#d%`0!H5Agv3;>7T;ViMyK-UfV!}(#PK;j0R{-W3>DM6X-fw9+395>iSqQP~-NyDRHh#+MwKpJW#z!#R|VzzoY2Us?B2fOBs80Yz|;A z<0bweRKHxskWTCL(D`+yV`BU?`PBj$a5$& zw3W4ES$6gPgXp`B9G>Iaw>d0LvGf9Fas(@m=TsRjbZ+)CKHf;`$k2LgDlaH{+@`YP zjU?j^G(~`yn*M1oz>b!A+|s|v!Vw5;vUN;(iVqY^8+(;dSah8w4oRH6ih&y+90 zCirY$jxNu*U39OYYdVMJQ)#&n*U)N!m@(@(EiF(?W98$&4_&+M68+Y`43MgxxYL>w z?R5yZU~D>R;Yr(69Jbt-RTlK_v+}vjCi?Tgoh(M+j(eEu)R}2!V_T%xsR6CwpcZ6f zYRu97fw0y4E<)yb+)MiBH|tg1{1%Jg2zcQQhyn7WhQsxx34sU;S|X6;T~JY#1*Iq4 z0ea`$<$4qh7Ajs!gb)oCZg9&_KV17Pe;XUjBorNaC_SfIgZY*GzRDG2tgGgWZTaI`$*DQPd+z?uaNgXcKRO zfpw=uKit#~hY1$f|;Ncd?GqMo0L^qD!xh z=6zRg5W#J&btyecivjTERD9>Cq#w{oC^I$v8>2H&kD^mePS(Fr2bJB}oA2DVb&88_ z#Sws4^^l~Faoa)Bt?pmE+5UB6WmC(-(f)Df<#gd;G!*4ezzUnP?}}W!8U~O!vdp!ewCn114}T{d#o2GniP#+5Q$h zO5u}D0eMwD9E@5aKuIUpQ8X>EKE2!GDzG%tum<=`_5e+UafwxC6 z5POKIY6>ij(}7#LEDGO&DA&GNiZ(9zw%Vi}{y>LHdE3I>hSarC#&t>n{UeDoXv?Ca znqqB{Q-g{JCIr-JhiLfbV|%V$u}`&a1K*9*;6p+L=__;3Xi3Z7kYg)e{2P+=8Hy)%2vvI#}XkMy-<7Mw!Id>4VH=TdS+vQ*>dsj|Hgb}ah z;K*ngc)iNE^b7lyWlt$XDGdH|4{x?qFJj1AXqf`xdQzFB zl{s1;0FVoeJ*>wHA?~-=~8>)0+ zib!Jl4X!9Im5D?;sw3x#We8^>Wj~Bp%XG_P%YrSL%4!CR#Os&Os-WuB47IopQ|n9Q z1M4g0{{i=RdF&RByKoC{1ANA$3ka#v%*@V)sRov#3uY{wtITMS4K5T+mNgklPIFSe)%A^m;~Tw}2Rsql#VU#i z!pQ|iqln4Jd!bvZ-tfxU|D)=igCuL7aN)6S+dH;x&+OQ??cT9%+s4l9*tTuk)}8nF zMSOAZA5|TdStqk2IwSj>I+@Qi*lan}c*oUU{){aq6aHMDy65{O^VjyWzxNsp;&cp` zh1x=_iXEPYaio&89TqO3lW7_#9|Q&4$w2P62m4Ds*(|l=J`PauljDIXP+$tofi+Md z|2=Lk*-!IXunNs9Lr)$t%PUt;o=pD`DacyWmGX#tgy|sC1SuLJ>Xc9@2voF+4Td!63qo`0d$Lx2O8W`?17o6sodQ3E*)^KrAj9*miw5Zl8f z`sNCX5VI&%#ZXH>R6Q66y#I38aWE&i@rQ@@nM=mXk z!H*%)ht-VSNHQ6;uNqVZV{dz8RJ%M|+5NL_a_(Jx?SRIS0xYw=OJzronbO)%oLHcz zRgaG#fJx*k4UQ|54B&osa!-rQ7;NV3)A<-^EArSZG<00Uv{!G_S2JosQ`0^l9M<82MUJ5E2xjQ# z{~%~yBaEO&Tz2*p18JIdN(L7OG`RmP4D%0h4)g#^&l}8#37}?&Pv_9p!4TIuFhhb) zlYgvQlTrI!y=&_8XhY{p5CjNLNQX!WxyqhfHXg*vF&|n#PD~4R`ipujHcZ&Q%Dw*ldG-?z!lBZPQE?wX^m1&QVej z3+`MLOh9I<-GFpaP_;(c529M_v6Z8=D4?cI7g9gqCX%JhDDV+>E(*xD;wQP7(efS; zvN#VMjqL-h4n*4Vm^n0LgSKHNQ>nT+dje%h6%MWv1MZd$Q4>dC%~-G3+h9>VAWQ#S zygAGT63diXjyXYNxT4A<@FaU=ySLDwa%9I@67|!g<8O+qXg30ulAD`c(*m{_YZGz?Wx7Kbu0FCC^+cF6>$G_*opCg(D5F}SfHK(`YzBY^4XW9e%7t2`>qx<)- z+(0?!tuU`>)&fLhs%yyV%-aMUt^&yv7d$PSNyXlkUo<$O*83taCo?SN3l3ZsZ9zy%756Eg@nOEa0!p#HHpSKe6$byofYUQlmJQ%FxS@off0^f41etCu zgcYVT=;s<7F2J1JhF_BypzM|7Xn7qrEP9VR4%!Kw=G6wX+WPwlui@V33PpDYWypEX ztr4y#f@Rk^zmf7Z9=~5Se++(R*q3GY$G6rB2~1>_qwQM3MFx zm|&`E_{B+oy+rLT9;o)xw}2(TT($S|+bImUZ*R3e*4qi_?FjP_WhZ-L{gqpH*UDcG0mh9y$;3C~`BGXb$ zPK%OBV;yHwgF)e}0fK|yK+gW7kHU}{0~gU)h@E+;!X%nPp>dV@isK$bN_+w-C7LyT z^nuLHMzh@o0ri7ow)8$1Q9$T^O+%P_m-9oX#_hePfBMd5#Vz~t>7nNE5kGZ3UErRe z$lIZ=;Pj$ho0S#MZ})B&5b4`N^cC=Prb5lH7pBA+FDE72aHg}m#CmbE4_%S@I`6|) zW&ftYvRoG!3t4C0B;UTuDCd)X#CB8|3F&aX2izE3Zn%u==5i~nGpv=`3ggK4&!a~+ zIQ|-0ebzNzrvn3Q%__^&<4+#%PsbK)eME-t57l+^^Ua_1Jqo}t0A0ZzM~-F!Et9MF z&1`xo=Avu7&7i9(A|l~4fu4@c^hXH<@DtkYESmvevX6&{U=zqk+>FOAi2WKio17#A5u1kC8&>l0 zERQaLw9iQ;BPOQMit*n%98&}`Ib4>sSwd%eX^o|Qv{M9;04`qPIk0|9vTUYoz9ss8 zWO6!IJheIXgH`!Kb{&H`z!7y~0aN=55dkw<8#JWYm=r}9z%Ic2dx0cZmPnz$?r z^B#NyJ1Kp-SvUw*gFfj3F%Jg_NkbSKcl;$D6GplQ?BE1OcXZ=(#6Ic{mdQ~`V59oy z{MXWAO5b8VAP`c1&Xi(pk-x{Ob=l!GQ?E62+FsjdYSsHFa+-7K*l#~D5WV7dJR`<$ zUmL&VrQri()=MhpcFZ)%xMONkY;k4!wykRf3mw%MY9^qP6Y-84zF%~wpeS7ZwS2%@ zv$y0NEva7_X^(UIM+4%lq~WZaB_4UFxc&1vlniJMJYxbv&ptp$-v-H}s#O)5baTX6 zj1UW(+CV>M1$x2{F$R@oH6MNutvv^JRh~i7(?RUazt}7IvdE-VTIZg0t5~+=WH6(l zKT3#z3>)bd5cE;L-K!I=qbY;**41~r_&E#2T*f5eroAE)tXCHfI4ptSGcq5J431dg zu?M6Yy)`A{^7nDy1@bP~=(DEVf(+hC=UoB!(?k_IdZa~l>9K^uq5a|sHya*yr3G4L z^{O{$(_=EUn2*NBaGq&x#HI?bK z@EkCk=HGq%G|Zgm^D!KDQ3%tOx>n^p@Y9ry(=x{?@|27-`Hm3j(-`lDP*5g!^@${= zS?NO;oXWdaVav4@tzo8y`IKATfueH9HhCX~(L%p*m}PZXtbsRb5MX}~Mcs|~u>yM1 z*r_O}35T{SjWTeIobu9&;?n+k43aGdf&Ut(hP3sJFt|D<){tg7B02*X?fyw?snI>8 z(1Cvg_(oa7JOmnNqnqo$Y#$QfO$z&m!Z^;Rj?4RGLE7Wz{5(kmkG=VkhSW7NAb`~=H>o4nvtp0z&j#)4gdvbm zMmtk+cN2*5DA3SeS{6N4eN+uZ+R{?!I>OA1lr}ORJvKZ!{RaGj3_pqdhKt2<3)$k?o*pSmkWkYNx-nwOVWeGtRqZRzM)1vhT)1Es zGF(e+1{!y}#G)qq4?hff8h|{m`K*BqoAl8Vgt%&nNht`J?H*LFKdT_>rCL?51La^a zwPeVoK>bp^$yg98vz1Y*YK{%0wan5(G3u#Z_cV28_PVPc$%3}!Gau3ho8~Ok$R|5$ zAe-&U0gsCb^m$6YvYPpqdPQ*_Uv=7)emR;TV)^C4HK3#aTh^r*V>$Lkm9rjN=BZ>Pki1Cc=fh;~=S`6U(K@F7& zOVad=D}2~o&j8xovc~dk^?3KA-wj3mw`8V_KEIW54+awgu)pZ33wALR$1=WHPMdcv z5)tqaxGZIyHl=D2C;_<(wSyojK3TlgYX7A0yu> zd|z4PI)t>3B)aUUMt&Kk$?wY5_)0}@jmjcR(;4;g=lxG@8vx5#~AKeXJIq0 zQ!dBGDK>>$K$Rk2IMXjpg#v1D`%La-d7D~{og4*CR^$vA-F9U<(+qDlgy0%rE;=V> z39Ts@UC`vj0hJS+v@FgN;pLwHRMO&HsMQwv*6Pi{HR!n$jCSNT)Re(B=H_AWKYh4{ zefMcqk@&&L&qRZ)Ik0Hr5^ zXZ+IV#;ES3Uccq*SYPwAbR- z+Fw}v#a*N42p6gl4;@VA#spm!wxA~W(KWdb(lMkp_fY}E(0wK12S4lqU2TF6`To6; z{j&hXZnVhZKTqHyc_^*Prd6~ci9ofq#>fq=eHbt#&mgBsQc51ZFQ)p-4^&s-D-HkZ zL11K;IpTJaSuH@QcCF&m+!v2c;jJTow`kUx06W|o7h{xV@zMLyo`T#1hgE-qoW{2l zO`R~;>ldxawR1#0niwQ>s018Im<)Qw{0;|XNbRB}+fXI-g*!cHF=~oXIof1HmsG-& zN3%KQp@fI^*PNe(wMc(I4`ZhOph1Sogy+EZ9{YK?@(!EIok(Y5_&-HA&T<&|?%PD= z#}BhlSu_d053Q!9E```;MZbbBxwE;HWT&LymHy!o`}0uP7iedTdyn$m3+6Yb`uik3*fxrYg*A@xX^ndhaF|y9%bh?xR`tu0)N=y}yoOUi=^yi5@ zoY*JeG$d`b3{`5OanR}X(1z&~X}Gwu*=AY8-`G^G>Q`fWi1Z!2XHfCH->_XDq! zT{!f5lVR1pegx?`=SAZ_McPo6sZ|GnW`JSKD3zxxjFQ0Ubmk~A=znY7m9oxyYd{@J z{N*q(&T~k$pB++t9x@!~XQ!%7$?>+p;TvWh-$CClGO!JQ{w_%d1;2n#iGr1dpdGOu zhEdlQDJFdKd;7*nNDLgI-J&7)@oXPfrUMh4F)4sAbaB`w9zFUo8a*M}Uv(LPMSISf ziM|xf?p?)p%-iUu>Q#rpUQyqi^I+O(m(}y8&uKP_E0W()EItGm(U7O{Q_m8mx+*MJ zVy10&G0i?b5LCU7M%7$M;bmjj9+aW#mza!j&EGxee~7nAbUz}NeU5k7UK+SNjvhSD zK=1yS9_RU$WasIXq~_^$PstAO>2NEiS+j5Ty_3v!b zZr4LB4$&MN|HI75#60601!qG@`ree&0Sj}&|38I4zLCkFb}UVz$ar6xbu3Rmp8kf{ zIAqe_#w_AFof)?~7oSmho>`;=S*XmUvs{iW;z!guvzKH;Q2~^*fTVzRtkqJFuz3GV zW0TxIsVF!XOj6Lb;Sv7VL@ex+FH^;yCx$=}x3GBND`OM1h?pUYkoeEwZ$4GIM}X-6uAly&)xVV`ZNKGQEB~`nVg7$#@c*0p zPxIq7*eW7c^>^ZjE_8S$tNm*#M){EaMRw+gysRE4%itnr`-^*lgAMQm#=+Bd>iQ*% zWG=>=ZvNUgrG4UBH(?J3F^A>ZyDx%r5kO?tX?3Vx~F z+?dck$h!4b+!E>}tV^jU@FknQ!KL!K8Z97!uGkG*c>^W;znp2B|y?Jnzj91csM+f|VYP8zv*V zMh%$`t&Jvag%1RpzrSAQG|mWq078t^qvZ9G{G4I86oB~Yo*yH(;JgH{fP@W(hC_pg9e`47_ZZakdiEXE6LMRfGS%;g=x#1XR4+|GdY!@J{#H%t?+1K$h9=_yK1nLizj@6g>!%3F+CZwI3902Q^S5^Izr7^HY(7Zmf33dxUl z!p%kifaW)T`Xs`o>vFuY6VTCsD}J`EGO6^|m7OVJ(Vn1KpczSIXX5GinmfKsY=3iefb-V`067m=${MHdAnP!4pB(JFoNpS z^MV)y4h#Ougw<$}r>v0=0Jlc{%)eTfCron2I?X7Y^_w%&CrbWXyG^y0x+3o%E3qbu zk^PvVmF9Zvphs!rjWBEQIMQQHEan{cP9;NkU(BsYl*|M?jMH?wL<86TRQONQevPBe zW7gEv)Q*sfNELvXZi)Y+p7ZoYc|6@OTrL+;*Vke9^R?P>Dt|iN2OGbaV4yEOVD7zO z9zJLOb#Z!7`vV4i?2%k4+tWQ2ub(U4nw3z>b(>L}Gl{=JfAU_^Exzv~;mog~nR)|% z%$%cedszYi+rMVGxt_`e9A$X0f)v|{xPn{mKL&rY;3Kc!)76joLl?dnA8p!z~Of`^QnaYv_+8B5Q=IF4J zJZ4ze3}sATdr#e*<9vZS-(LomDm2s5WIQ%-q_hKdkn>{&ey~rI74v zp6jT?X_M2@NB;fiA^(G5k_(kD<5E+huwi4OT@qSmprg?Iyv53_n2bpwG)M)*b2=)v z?wS2_ItxLuWJr8vB7{M6Ms9Xc&%+~s;>zsdtyk_ShM+fmOD}KF(v-)TiJ-XDzusuT ztmfsv-X8@4fafPrbdYKB{wrPQ0_ii}QExSJop}?uovD%@h zY^7KL7;uKR^Ly}Aof5CFB*CjxwjK!pblL8#wf~+KBu{=-GbGRZ6G=oA$F6Q{d!!qh zbd0QT8c$?qYS_(f<@6Qn)O?W}gSqAoWs0g(N`C$-8KT)y?2u6NmK_btv`OY-J?^Y5z4&I8uI~_lz2M00 zq0?wgrT(GwlBo%@I*N4=@HM^tm7jm@_i+#Se%eRue$N%y?)tj<3`O*Fz3qPvd+K^U zD%rdpuh%=EE6HOgQnW6m;~(KKI3_CPXEDFaZ?!NbXNgX8c7O7eDWB${6nDx|5(whB z3rmwo3u*5UQ(JS&wRWK)CX502;(wU&icdFvluN!!sJS^GaN|#@Tpw|FV!JM@D?bZ` zfbtznZeIJ51V5ivC@6l)P;<}OVa_FDPRIK_85b4&VBD!oh?7Py$256d+IT!>l{Pzo$mYk87KmbBe3!h78j#E zdE(v+ZtdsIgRHOcv&Lm(xI=gQ14DUfCK+>Y+1GBQG?C%a-0$WnEovu2I?&GM>EGv> zS)Nz(Lc1M=P{DyuAbqhB*(Z~=GHR*WWo)qD#c)Xbjk2;Mv|17LGe>8tkwYEE>+NP?9<^^sA zYSQfIZPxrECWdUHe?|Y{E&-S%>!!lmPfLU;vfIRRi&#YZW_((>9F5$k$AVQ&;UpG_o7MldOFNH_vG1neWxF) z1Y0-jIg(H*-PRAF{1~mQQ`@Da)?NKGwbXV2OD?6I`Z#K)CZ6F6lJ_Ue(}E_#sdKOE zIPsNt0kfVcnefo+I&rCN11+KIoW8IrN;wo8ul11iCL_3{cH|^&1GO=91KVi(fsWLF zh>yN06LF^_Sm^tLuGGIl%=kXS8@!+42H;oN18u5rBLS)$W0Q8Mv?L4Yy9kM@Pq?fg(d3owLW#lzOS!wT|@4)*^!&JsIuX!*wl}d*h(Uh`xUf-d^ zVh!?`iapUx6mMXs0>kh(Bm5FKsg$M(AEgAl2LR(U+Nu~cdt}5zG=Z^%XMv5(W|VcJ z@Etwz{&j%{;1mg3c=XMUBqcTBkxraKvokt}*p7Kcsk%?7L2D*ajG+k%vW8uZ6R6Iv zZnzF39loKfzNTKUfw&GL)7Vtkys?j_UV-3zifg>en1@XR9d}m4QsJ(_i$mOi#Q?4! z!rr(6Lla|Ph+S}~(x!q!y-|tf%Y5J5sn5(w8Vy$^k*~R(qR=dNy9hzTN37(fte<$Z z;PUUdN>yn~@mAf5U#ND5bvM0F z6rSF1*zqWL`b6Y6)I`W4N&piVBPZ+sQ}^h*8biyKu<7k5#t*9)Gv5jt4P0U84()}M zR}9RDC_M+&MOLXZ`-*Td(C2@cjYL z|J2(3^|n3^07#X0{(aQn)_-)W5xC@9Y-wKpWV4S3)arc?1AJbezb_uUYjO`-nwD+X z-MVaj0<=HxRi2Z!q_ZEA9)2FX?Y{>rbv|Od0k4^Wc>V7$K-bK*x8}-{c>(1|Y3hRB z_{N#__R%>WOpOHX2i;-L@^`K6++@v8+wC;K?=@5Z?EI}ice%4@^YrgwOIugHmeNs< z{`Uu9eVnkFuDV6uveWZxeOcf;HC5m<9q>`B|9unM{i?qGbx63(@cm>D_}Xtt?S6It zzP$cA2LZf20zR+1-@lH(UjSdr=Y)Q*^9O`mry=iap+gZfXG9|!e=q|S+u zpOyA^-S?o0d^c-A|0Z*`%y2tv1U_B`I=%q@TL9Oum1gdi>Y46J-N(!ww)11%+SBdk zF7>5vzuD`Vmc_D&8@<-DVLp| znd=hQd$4l7dJzypI59E$p@N}|H5%ORAPp%sL2^pXz#`VVL@?!i5zhyuOD z-0!doeX(i0sRUoH>=o(ziU4$c``fMU`UknrF0coFGjCtvt2PJ17E~Z{!5xrqBstvi zcNXLMWJ08EHUW0T#~f*!+BB8mO^yNc`L&Ba^`qvS8+cuN9Rr-^eLY1Y2jsHcY-nyz z)z;9n>j!hAL|-2(JJJTajbHxDOfR5(Wy#C1YC&uY3fJCuTn@0=JayeLlU3^DJlo%i zw6vUg*j4w@%uPhyEJ^Uq$pDaUR0s-9AAv(=|P|;-xbgP_1TI*ou0xl8|+tZ`NLy4 z2JtDOF{P<>&L?MKEd`-D98|YDre=I%g=6o%s?8n6l+TKcMFb!8$TkX;Pizr0%OkBW zcW=AxCBj5TJKf2Oqz>q_(&TeQvJqZCJ4c`qTv>Sok~6eG^9(yj%Wo_WSQ}n>s|`w^ z7a^tT@T;#peg6v3uR5L7o4snuV>@}@9d$hxTBbbzMeh*p={=Z2Yjd=KU|S;tZT^=~ z`oQZH#flup3~<^+UMbYBaITS2Sl93XdZ!8$`y0z|;0Ny#nj_+S zq0*VujHmo@RdUzukMnWB*Fr*IjVYeyoI?t${=C(O_;)g>c7al^43$Pnb4yN22aNMt z5c>1tE?+8J&XBc4*K7aAm7mh}*Ua_TO{v27?vvVOjyPb-8%K)W`cb@ggd#Zp6Y0I; zo$-l0b)xHGPWFvRlNz1wyH6Pf1cg4JhujZ5d$ez=DYEX@CCP(qI~31+O`C#RiHk!N zELruh6Cq6Twbhwf`U~lHj75QY`hXF76PH_9Qdp-05Llg*p_kygkgStW%7jR8T`BcR z9^BTTAX9+hf-7qHWZ#HQ2`Tv4t8g0>=$xvv;~ZN>VvQ1Fk+p9}T+J*&d`+;P6`Sf0chCc>Xx3Cmkb7#PhLpPVBTeKl3qb_YUd zg48-#w=if+;B+7fXG&F=(kh2}K(N~KHH2uvb%0`%{W4|P&N})&`Km~JhAJ6e5Njr% zSq;pMX-!PtpU&rw!g+d&$e+PBQ*%OKt~>LCb(Yue@7mkLc^LrgvIZ^!-vn#YXMq_O zGf$7ioTp0^Bi=4(mF?#519}M}=dcEjv)=^k0&9V3kv~tbs8XO?)u%ck&$Jdyqo5B0 zsN8u5eg{?nli9z9z!+TzYKGOq6`yJcx5Cxza3D9(x0=mCO z0rdkhf#r>mA@(3hRl89lTH2Y^0q!|(EeP@k`+<2oYb(8amh0TaY^ZMPRA`Y@Yj#cb zDc0VPQT=pz4*iU|{qT8?yh}cy=3Au!kgU&_TJ6U34SJ^b^ePcOEXh_f!j?|ze^`*jpH2knQ?T;@2&d>4 zP=*VR*e5WCm7&gjNSV#_(<&9C_fgV+H+}|xv~;yhk@CZ>Z1LI(fg-i=v`R$Xk0H|f z%GKCv-IIpjsLPLQE2Hj@0h=6U*UneNF$4?mneYiwBYi1!***U2BZy^a`NxmH`sB~m z!Q!n2B9^EyDa2O7rI1~8y8t8)9X?_!mah@{<9F!!%9WDC*7QmGuiYqax zM+>9N;}0ri3rLqcf+Zajp;Eny^C*f$<>b+W#|u@nj0HxtYQ&e>paWRuqqy@U=2LrM zUVMA>dQf{CUfTV^@7RON1BL?R?(Klr%{wvKQM|CD%3~o{ba2@jrx?2o2X&EpR@!_1 zr~{3{Jnxb~=?#gYe;|*rdeEnSIXKji?LrBq_ZYXWl^6Q{9)3#humt3C#OK+Jdo2F4 z&&bs+X)Bh{Z*NYz;{)(%sa;juG+bXkoH)lLxMqI!-}?0PCNr!vEt_}YimGg{<|e;) zw3~kIUK(xcZu$kJg|%OAU7oDD`vtt8HuDVg!>zcraE9yeaUgDEx_ft9Iz&RW`mh>} zT!lLlHWyyDuPQW;&GYQS%6!tpH=N zQyYJM$Yp<_G_z^-teX@}bZ@0Lu3s*Xv&5B>C-GtcoVnr#t|heLFS0!nx~NOeZDGlB zRlt*iTWu@ONdOj}Jg=8`jvdCWw)LH7=TJdo{1;~4ykMtpmuBrkL9au0v<4HF+C8J4 zk9{tc8fu~q23_TN)|9Z54Zkt0X<_GW&orWmY0*91s@7>;HnZEfQru23r1S#1bPw?@ z)6NY_jP;X@Rs^vJ85;I^iybFg##$aU(&H5r+5qwjK|NJSW6X{jyDmmWwq6MiXG2fu`$F55tigfTFk6lzBp;a z$>6lnLl#P8UUm3E?q`+MKKKh3QOg7n{T!o@5ld=hbPb&pq&>-{kcb#SYuQTwfFP=B zV#4DSIk?Vyfa?<5JerAA8`&fgXIQ>TlvQOQQZ~K*7{f)BEF#HJ8vWS85m-A zH8E~#2o4Kp$~J%_(_0v}sUqh@Je4j@bP&GGfw(@CzRdNxq>}j@^tmVjb)KeS_B9c0 z=0ab0Flt5%a>&2Cn|Fz716HA8XF#<4mI3f&L`W>Ur*nPuEgFa!y0FGsE#CpJLaM9ZorR@;%y&efJe)W(0-C+YNb;!Y(pV7jL$`Q~k+ zE8+BPT3l^2CYAnP22AEWBCr^!^?pS>C+*INoy6y zTffPt0z0!&Qk$SGR0)1YxMg8L6h1Qn8sO3Z9qF8hok1)m&XW?<5IoLW`=dqScXovq zei^4&r07s0X$TrX68u*%;s>jVoJx5mH&4>A{0~X17;Fey$TYSxmL!p+fmAk;e=l1A zSPC{2%8G-zq``SMvHx$N5U{I$Y?Oc4=8`*ce~A6hokGCqr?62tMGPc&*t3b@55$kW zxF`RO8Xw*+U21b5ztS#^VZGXJ%*N}xdfZzS&84!BO%$}hZ0a>A zyI*_3+o}1Ue~MK*5*jHm*u!_yk|-Jp7mL7812$c<*S%?1P}i!;4?6ak%u7dKcsKFZ2RG`uHRPI&5Y3x zvFuHTy_PF$?6gsIZ^d$vZueW(^L=|wnTL<1&M<_r?6!?7q1E9ee z`eT^u2?NasqW$AQmJXNSWorqAvfP>Tm|A;)|Vhcgi6J=_GHvp8DL^(-x6eATyY3xnpJqK&K zI6b-L5|+^UFk{Nhwt=dzNzcm~P(X4> zJcRcZGqBsXDI}ig2$ly5ruYpfebY{+U`KCcE6JZ0=V0J&s0?s|1y>}z>hcQD1BRdC zS;zn=Nq`aS3$s$vyuS0z;TKukAKG{(`{Rh*D0<0F0B5cQ=7m0nuEDeqLz@ABvQ6;% zp0SNc8$YgDmxkzLYrrQ4iwX%J=uw)J=_~WfT6>R=;$RwHO}zzCO^x#?Vo+DPZ<1IH*xV>f@sxKESAA6Q9f zp&Ox%7*N~ix>sC3^&<-bR>CoI8N`p0R9we$*%*uX=lVeCWkw6ybCel#*XG?@LmzBM-YvRzp95s~0D)Nn7 z5?MMkA4D_xNK721X8erRDx5AXoM{*atr~FICzy8Qkcu4;R*Q*NBmC=62UsO5&&Dkh%E?(Tp$WF2hVrw{@ zDhu`u_H!au|Fu{Hn!@(klC_?^)5Tj6Tzt^zr43P#>aK8vHb_jS2U3d26MI>+S(adz zLPQomL4EVJ06nG!n9ovbqBhON-_OJPEVyriM*`s!Y1;e81ZE;XT(;}f6S9EZY>LhA zJvXs$c85JPF@Z(braTC_1#D_#3f^05np8D9r2&TH*9>2 zOdN;X#hTrli0}I9|Hcaue4>OO%>v>RV)*b!&zUIV_pd}SM{hWX;sNZ0b4aI;#H{gQ zh;!)J@5CWFD}-}6=s=1!g=&Hpf(vL+a^Yv7Wxth5iJI*7l3gf_vz$hwP`k^%;I7T> z5OeVmP_}1vsGA3M=$pB-SX^Q~9WTW0pH?>IVI6d$1a@Aqr+eZN!~;n37r@Dfu@J^I z9Eg*|4`r#E#H$rM0s%q!Bv`s4!Ax4A73g3{$ungnXXQ%LUX6KpPRL6x<-FUdYy!fEJKfi0-2dps#5*2ww6Nj2D&VzR!xPqr&bWAHY%Uf{+HuzD$_FKQutM zpP$VAmEWx=`?F0nzW`lao%p+KZ&yLb!h-9c?FZ$Pr6AQn8l_b5RCF2%-6hoNy*wHE zCg3e&J6)GOMyVZQ7)E}E8S=FnhslV8}koG!_i4%Ndx zsJ1&=gw-S})n%YQc^NM_sRiINm3`J5(n+HW$;J#;wLO!{S=x^RExV3fY!4r&e;^)W z_t+~a_jD^qH^MVqM>Tbblhu~y<88680{BUw<9)p>p%MLfIhcn+x~vh=o=#|WH?LF? z(g=!1fM}6C8_0D*I!3*KHKPykN18MQt2{>%73F>T$)!ih*UEa@1&+T8Cb#=Xsx9=nC_09Twk8Y=!p?g%7f@7`NidjbcXykdB_%EYdup}rn>GNphY zO?;Y-dAMJxeS*gAl%%|}u(@O>0>*ZSW_>nsGM~r5Kdtox`?&@-?J(*=?+_Ij%LqWY zKp_l+=H4W<$uLLJ9n`jcZbA@qk$8C8ieZk6Bok`-z9Z1b`Ah~SOuadQGG6g%>|!Wl zO+f;)wJ4^&z`wPzBy2NGHO3;^NZK#=eZ;~rCFua>c`UIgb>t}Q(VYaw;GAc`{1{)j(!VFo8$sxl^`-V(b$I_|5G|H)4YEeM3FloXO z2=+)tBCD;%L|_W}BqI$dT0-w5VRsdcosm^S@p#C|+jD9^ho!NE{-V8PLo_9O%MdXKB8aW*jgkP#I z6wBctifvq)NlAU{Rke`eG`fI}C!sg#mXD0UB8;s)U%oIGY+-DKJ^hgS$iRvj@uLF{ z@M0PftZ^aWaYiR+#UrLFbqn9nC8(fRNFK* zsA}CN{L2DY)HQ`mdDf=cTZ;tSs2Qhoje_u4AqjJXJ%9QB0jN$HNj$(m;zYRzHHv|g zW#O$^&?W(a*SnwaJoNPwd(3QT^85ZJY5S&C@I?0ER6eV$ zMV>4dzVT97P{% zv>~O0FjeomRGvtvdjgn>4?J)*|4zRvD7pB= z2eMT4>^2pF{C2V_OXRJJh156lnu5jF7H&`fdV_KXOGX3z!3m$F98Nsa@>jO`#WGTs z_2Xt&gZ31|^MYm*`AT5p>Op-$cyGQEd-Pn@Kin(SHg96<1FLP8BsqplB9tlIH@656s56^zICwHk8^vm{%Hl_#X zPyN7ct?zUoR6!{U)^SW>^wM)xgTX?;vC3vUtJZ}9hAe*|bl+W3&sniA>SisQRs=g{ z+jt}-1a?dabRm!cE)4uqf)WSw&@NhxkAjdteAq6*{Q1DO(9VP|b^Hp-!yhFCH^0I) zymQ0i7n0Zslz*bn1xq^>Cxl^QEBPqf-jfQ@-#|Gw99z~z$ zuqa1M*glJ))4Uy-8zz3K{zbv-w*E~d%G|cz zZAianm4GKuc(gj6yip-_zmyHD7f?7L`U?AJi5r@@a&iq!#x8Eg85xa?H)Uj8B~hn= z1T(d@BC06sK{mQiWJ+pLHAcFvY*`gyi!NzlbJy|U3lre*w3iM&6yg<{UAb-3;BPj`o`!$nrPdZ*tTuk z#>BR5n;kou*mg3pZQB#u6Pq(P-&^ngxIen9`gEPutJkWouBx;5+2LkEzK-_9_mGm7 z=T43prIL`(I5ZxP!=>4fd3M?tSD!LtcCSLoc#+C^6ZWHj|GBXJ-8r=6JB&Y)x*^zb zf#1f36hOdU)s6n^kxi#>t!hwaEC=N3>643QB}MFv{~e*Z)crWyxb{RGlNIb8q&$J~ zdTt+RJ#h(b0G4(8b6>Z03;3XU1Ku|Y)ONT2!QXWXCd~R#IV1l5c>nBwxH>st(z&eZ za*^)RyaX@fN(xx;DayH0w&l%20;bDDs`pD4Hhvq<>s zCudJj*#}i({cr+VIkSNZPzWG(7H_}EF&+usADRV8+a(_4c4Z<7CxYd5T`5*9m)gZh zYl9VZ$q1*bvyjA`1cq2m7b!$fW}8u80gUv;WScDGJ59G43T~e+xlaMOrb{L{*%p2_K)xdL6UU2YTPQnyPHuh zo5CJ!^|;1i@g~)$_%~I^`*$IHW=|4TynBz}3Da$eawCZ9P-}~AMn$ygcf^S@VFl3w zc0!c$(PL4_lnul9f)OAqS~NMxr6RD>m&TwrywaB>qTNJI08_JE9kLMK?NS%I@FV9B z%+fe$bx@Rd4WR2hi>4~*2zg6h>$z4Un{z|aw9EGJdFf=MNtep8Z4-#%0$Zzq%dU%! ziPIs`SLj(FV_79{_6l=}oHKEUt}mJR(0~=wqj!FX>|QgeaSCjwb@+zdWn&+ON;_B7 zWf&^ut(Hrc`wR|?6nq)nBG~$5y>drboR%Kfzaq%J!l1QprC;0%8gp+Aao!=% ztCe%YEO9r;DikmpS9m&ERil$(j;9kW+I*CPwl4%W-FOwR5R#CJW;n39RSvxhN8T}x z>H*1WAwGU24O8R&Hxu%$F>)mvAZe0i9QjYl%lT#^ojVNK@MdN_Z9~-JmOzp6ZkQqk zRESj~oDnYmtuz+>B+6k(uuy}onqnzMNCNnw15MhD++9hu;Y11aa)UsKGM;)D^xJv~9+DV`@i2E{rkn9_z^dP0j_ipJP#o1!x>HIwCKv}#c#sgtb8{R3`eF;gH+ZA))PRTI7Y9_uMb_ME>M^l>HpC!x|1>u>mbaC zYCSYI63kS6cyyr7ftVhIOtJJMV;sb2VoTN(iY1XV_D9q>8|B;0Bg;!Rtg3U%Qim?S&{ znK!EbfOR%qe3(kb$@D;n7%{}ztQ84YK&yHhsg5C?xf@BGW~WQVI%u5sw~P5Yma$wq z@|5B?ki^K03iJNpRkOGbs^siGn5GEi82mDn4i{QDuW(jM)N5-5vXx)iFo z_PD=d5xG`Dwf|$0Ovz^lD96Wyk+GhEc0ky)N))^RkR6XEzv4*{yI`mxvZgQ32OIV5 z{d?roua7Bj^9vmO%@x|fpy#nc`6cgF0_Fyr{Eg)KtazEr7Q$v(g1M2s&E-pCVO?mZ z6$C|kX_$G63Lx$Mvz0xqfynv2P_UabIRwkf(@*vvWkfRZL^%mRO$*=W6@_`Zew>VD zODiCztDO1MsWIhVQED(#pRc8>Y?LvVwJ7}Z5&P!H$6A)k-%XhNqZ|X|#)DKA7Qz!( z`)L7WPFtiID)3omQvX-q`%flk`?Ih8yxcWZBOLz&li$w%eYsG}AblgZ zE&jsUBFnV;L;o47kuvT8c`8wL2yBB~d1{s;J<-Kb9@c_ezap(j^IRw`k%=GoNIYLyKWrv;7;~Ftx}s^dk!|o!n36jV z-U{xk^XjYN%JggvEJRK2!B}D6C|Cue0otKp7lu6QK<{t}3GiVk%R6AQ|3T(!Gi5pe zJ{mKc{rEe+;v?`;O5X!x8z521L;UE~f$lmn^PmlEo&C`&d-a6fTAq1g|#?W2?VXwWc`p3I79dmaTdLt-#jpjF7M zoyVKYrypYriSQI;n}3V^6O!{QT@_}hTa}qO85`+v3bo||;cx}DFa{>^hBhZxYWyPM zm%?0o7_!-55N9fZC1@hLX*2tR!fz(dBg{(#L_o5FXc!K-E5yniz%8%M(A)dN zir9zUu2A*XgwN>OqbaLVToO?W7wH7%oJx#Fk zhBc-YE|40b=!;AjqJ3_5CY>DByRwXfy(C8K*zBc9Rk1u=|F6cIS7BC-^D+3r9^LKl zRaz!E?z3k6G2+l7hQ>WukY{bEHHdJRppu9bQA8?=R})y!X;L{8;7}%7L?*LMIs9Op$GnCS&UT(9l3T_?{yN;k zqX@~O*!nav9n)ChU+B{k@8uUH|Y`q-*mgOeJ^Tk=R`DdJK!jyX= z5Wvh(2(n)sG`)8jlEZ^ZDb(q;tkE26m~{anJGq#~uMTU1SDPQ!pJLRB(o!EnN`iWV zhpBp>W_J@CSb^`Y9eyM9%RSY89vkEaleBqatIF!V5(@Esejn+Am0&z>v2E{&u*{Dq z^RLZ-nrjdLbNA^7&-U78+B=`%IU*_%8*tZN3OPTU&SzA=^NG6gSr%a(J@$O+6FYKL z^o@RI)i_`9CcD!FT#);a9zU$Bi}mpSSJ-Cm`*wV*$3FLiz)w^b0dMbpN_m+sFtLNP zSVzMS@J*fM(QAG=6jUj$K3@Jv`7ic%EEUKj5y)dZRMUeQiJ~ACh(b%$uE0-mApmiG z$d#OcV(#i^v2;onT;o&QhY^vkWx`{Byo9SR7+O+42_Rdfe~I&fGD0 zhc5w}cDK2i%+HwX)A&qwRf4zb^9vZCwskrP}>@3GyHa2?>7^bdp-!KW6o>ixu_vPCB>XOf5( z+Ce=`OVHh=)C4>lz_P;gfC0;(1L11egzmb2sO$SbwQqlK6|B49w|is5{=NFg?c`qI z*GKM1PCzdB`zRMF&*Y`tquZSe)gpPlH*FgEYU{q zl#9C6N=PxsyHUIxwe!$$t1ewzb5K2&>FZz*qdm`(+TA{H39P~DKbg-5g-BaXZPQi8 zGf@jHW!Yu7w)kWeZf`a;>rFa89b?py)B7%!ct#m(6IXb&R?wdzNL<_daP!o2j7&+l zPGhZXhiBcloNdbx+CO1R@Ur=}`B-LMA3h+*nNGwhZ;mb^o+Q8-{Jx;vyvfbg&LLpJg zn?pX9p|YgQo4~ovU@5{{P|i2Se8|g;JJDCXz_5Qu>QgLfCd5Dx_EkI*02XEz$LDfHS$sks*M22$N5F0%j3x1tUUoFVHH5);t68V&lOa z$kv;`AL8nZyv>!s&h{8+K0m>GSN~*n7jD&R#Lk6MCf!-nIdmC2;5@+6pUDLW7fcuX z<9uaaZB&fp4AUo5J7_aKwO414G>mgHvMW-wz!F$sM~Dmyyjlz{6DE5@Q-^R~EKB5! zubYuH0ua8!x_F`j`5fEUPGQ#{i|$Ec&=u)I6(x`>>NMUATM#VB$|VR z;^c~Uv;fHK*amgPZCr4_R)<2pI^II?NQw z8szsC1LLg%jey{lz>(`52kZEjg#Um}Y_>~!F-qeXPMht!Q$N5bW(q(6_*++5fuyVHM9rz4tIO~2#1BLMciYXSu5GW~I=5D2VDEJ% zt3f;$gA-bigR7&UcS+A)#DXE;U&p;%?o9YjdG!d!W>;$uEe;{S4%%1jR}p^+FEM|K z_QX6TzfXxy`z6UuizU`)?8gZ|37;XrPomQ~Z=PY(f^AX@v;t?VP*3DTqP097X>p#= zDQ}*e8pt1AnzTb@mR0OGq z%iUjnpS0+PqF{+Y$W$i8WNPQ|HOw-~?vLse3uyKj|K9qI1Oj2m3>hzW($_&NYX{*?XzL=_L%ffCAU_qn(*LIS*5^pVA2q z0FM+AR{i($&YJBzIqwTtc>prvax!y3e!4tay1%ohuRim6tk*e9ZUDaXy<2DLb9aU$%SOJJ>N=yQIkB$R!ftj=UJ zr8gLhE1EvPf0+%wEUzM&QLeyU23xZ;xm-2g50zgMndcm_Y)Z;Z@f2@AmdPnM!|$T` zyGHVUltb>Hb~+I>f?rtTavi)jEQy_ZRYWFM|CEu-PW02V-cP;)wMj&~<#U>|ooY^~5OJYA%ZJThG?-hgBpm3{Ja#ow zIp^_W=-%>DtZNGl+&sJ%eEs?CZ!JUF;4R#nFi&yZL>J;Ns;gUj3x>K=&wDo+KZgPl zETTvX^fit~@an;;$!kl#HA#`zr`Q;S{o*|%wHUS(ssjcqY6|H0 zjO+Iw(fU0!{|0j3_5X?klt{AI_iW&0zGR38$)B#{<1a#`D~){c3fJ`)wO>3IzPg&B z?rZr#F3b@6UfRdgNVp!C772q)29}2=NPhwFec@XFDoFv#Rlh>RXAiLV$pz@k_G_3Y z-m?(zywS6eGJw=vz?UnI`rBuxxOPF_;<`UyO@jIB!&UE@Sr#6}!L4FW<#=sb_rkp0 zIXTpZ3Uzd?thKFm4}kRJbLf<>X0a$p6lI!mR*-zC z<_WRE(d-EZ*U{Bu!VdM@5IZqwlFHxp7^VfnKuc-E?#v9kT3;)KTWH6In%7fD6@S>!lFZ6OE z3IlYA)fsde)_^MtQenzuQ>=BG@PMo6hFJ=eUJG~yMRJ;l-V1cXS%55C$N z;b7`S`QNwsHWCZyf~O)hZ+*1EbH8+ozl=nu;(CG{AterR&+YSKs7dV2=hwL)BCD#_d9tl@Z*IeOxW*;6&ZSn-6PLRh?+1)LX6`Cm(pg!bIiO! z$`!bg;7p&|v(<7iS%#Ut%;}CY6&Z1U$txKK1?PULP5VVblfDt4YC9?uZ=FudBF_EE zXvqiQnne_>VIl}L9+&j)e^0d@Lk8h!0j8c>t+i5AQ>|B+MgP9HeC*IZJ;m3?QZ|3v z6!70N7o-n{j!l#)Rce2NH22oEL^I-{mmE|$jg&wxwX)um!f-E80?V~RGqS)*vASaX zg}nRcylakXV1_NKjy86psgKxbd@p{(d~b5EZR06G0@=G%N!RB6M^T&mbEt$<4seYc zyN|O+i6g$6BB8W)%NjdzCsd@=j$WixqFSU>m-pk_#q+zLVJ~4W)cfaO`}(yrHW+vD zK#Bgp6&|p*jW|hBmzqS%bq;?HzHf92*w-P$k;3VWFu>L|U$B7k{w3C})45cJ>Re~2 zt~)?Y8O#m1fA0-s4;rJAj`~JSZAG9^}n* zxuFLKz&xR2|FhX$I9sBoZ# z64)C82Jovun)*&5ZC`oiBI$u$*1DtXDM+;?tVGM3IaatBnSv4CKOmF47XX|s)D2f1 zhx|()4L38`J2)B(T#k!eUAX*@erFIjaNIv+n6~xGMs;gK8T}o+?GTK+WV&18JY!fq z7?e-D0lpwexiIE1y9>VZ1vRw+9qCDY&eX1D0vX?1ZCnWMXAK5QM#AM)cBd#)S5VVB zrk#4GqyGBxx9Ie^`=G7rB>;Qx7QP*0H;uljw-+&xtOEwPmPEdC3>$n9I0205m^}~) z5Rlg_jK1(3=6!mv7&HC#ujYttLOW-Nr9w#_1JnfGlM2n zy~Z4swUX>|e6zFXissc3D!zod`w2{=layNRUv?89W~8c$%p4-NW+YU& z1r`(P?QlPGxtyDyAd_Piw`$$3h-6!u^(>(}==_#>7-C}USWQSTCRU-ASvB>*p?H}& z!d$^=T%+b#O@6rr`2*@I25)z4HRfp!Px=-wde`qe>+A%9&h;aByld_=JHjep}p%i{<*h&&T-qsoq$nykd+ z=}uquOzt;=U}Kbp$FEVSIM!fk{)x9dHvzBGX~y;M5K-Jyb}v`0h&a-^qv<77Ox_$- z_RtkNW*QKM(Ev8wP8vqMNKWnd4-*_^FFRbc4(L!HT)oesmD?)Iitv0beCpiBDP3g( z+&oSA)4~1ReVSaf{_{FdU}`(07>&wH+qCYy(p~XiYp?RQm*YihTd(C!Yc}v;umQfB zKDy=v4$;c*8QHJ+oisFWLE(*ZK?EM$jGzVDw_>~6 zzbHX|Yx@c9;{1H%a1??f9nCS?)jmL5(MA-NEhpGM{KCHy+#Rxrt{P)j7dp~QHQ)I% zgjTy%@1G1v&+W5U5DaC`-6!H2QG$%lh4vwPQ#e+`&&hudjhZzZfz2@NTy)QXArNB9 zLu><+UC2E>Ui7w>FPx{yE+MN<$4vF%gU$Pz>8K;jtQN6Fxc2x*LYsop(FtJ5zw%Lu zfG;AIY;1165M+YzJm*9(jqwsx3iS`P%A9%nCD|gg!Zz7mv7C&)fGg3 zG13FJMgtG}dE4(!muY%3Y{4@j8%1AbH6UNJ;q@Cuj$QGw?ri3)|AF_};U@?EeAbIA zNLQQ!Z=Ya4Sc%@3=fP_-q%Y}I?7G|Ug|6$Yj*ePWdqS?>fDp4aR(BLY_&w!W_j<7m zws@npgI{kq$E|C0>QZWm2zSSq!d}q#VM&wKn%lc_)|bz_QictbfPa}heb4a$P)#$0 z5cokIw||N^Rj2UZO{T%U(+Y-uxU!=~uZ-609 zcV(m}9N`(S$*RJsP$gT-$$I~GD>%@uxqY`W}Z@Pi67eij=v+@ zh{b)*r50PTlUhVs$tL4XZ>YwQPIYZe$})RP_q5VSR~K|NIZJf?=rmYpE7Rzj+-05p zO?7|@nG+}fUU(t^r5>>R!dfU!o>qb+P#@#_IF*5UHWecoJqQ+qNPXT8~+#x2ZUui8Xz`EVBl1`~yK&`D^g?kA zUPG;b6Ck*c?Vw(ya6-}Pu;I(*d!T4a|B+>?n7afFef>iEeryN@v4wYXgc{06{hylG%UWX3PrslONYz+7 z!MRSIFgJ~;x2N>dcli0Qx(t*I$!x$QLRL1khoKMm5 zsEE6OwOzz@TVK3^O(~M<>4FwxLsid?knihlU?A47;k{JBuYf#XiJXL{?O?dJzefYboVChU@zMfe)8 z*hqZWj3$u%5lboWCx-hnKrlsnVegB)(nY3g4~+6?*@q~Todl%p;z3Syr;)G@EN1BNGJV!bov>%= zhkTc#Rv}T+W})Y^^{XIH{aEzUtI&&Kf1aET+)vIBH=XpPG4Snhhbvy+Yh*CUUe}xr zke--y+%%|9i1@Y!5OG70Hvk0^5ZVV`Dj_uA?{Z)U4zbV_hH$V?lPzqKE1RZSJ6A{} z^6{PfpgK)qQK`!E#gws)oV9(6^J4v8+V2udB~IUvDPU2XTx5JfBlGF)Qmv|VH@ot}T*KUknis)Xyy_)+kdu&FgDj8f}^KdWJt~%27_NmwX~IgW_Kp z1zUyiV4{N%9?N8G!$W3?G{vF}3dn2?BHN{*P@>o)*!IF=uxS^!?_{#~MtX|e1;Pvb zs>MlvwIiCP1c)bkoDOZlu}}7cR{s!876HE0SYj}EA3}&}jnBe! z;q=wykI>N*8-YY!OJgQI0+e8Aq083y{G52oT<4(A<+(de)Hw-plm2wA+WhgxZP5d) ztr+zs2(Z}dI9%-`EW@Uq;j(a}lV}CfLE_|e`>+!#0Y-R472m(-HRXL`oW7}2f^RMR zs3$i;;O47)jDXzbTy>>;$G=aMb3s8Qd}!`|8|AySuMOUxIturBLREdfC`aS%zLT+L zWTys+H7c?06Xc6C%99!HHNEPvb@lXia5JDA-P_ZMi$#zm1$$( z{z8=Hxt^3p-p;}|vFijkGs^E79w@H+Ibc>b2rPx?M?i26k6JAY9@sB$e&b@}Wm-%~ zt6%ziTw{7i+GA@_c?*5VYDvLN9JMu5*$w2RxoT(h;*qx%#CQrEZ4RBG*{^=*EXNxA zQl}Z7DDD)wzi8>15Wf0J*qm4I($Pv2PLZ2|nZl?UZb2UO@-9CvQV^T?V3-~BI_UA2 zix-MJV4Mr4mu^9B((RTk6l4kO3n@h&<1vXil%zQA>U2gK!=(>OZ)BTH`bc&o%TIfc zv@H8c)SVRTyfX_37*Xw>WHil&Qg~Z+U z#6IXtfVU4K$tRNlKN1px z*?Mr_(df;eBH#4LNatk(8a0_QMD%m~3bmY!;f_b4*|2Ex*9{l4lY@_3?hrUoGzGA} zkOBeI%~qgT7U>27*v}aeneQMXCjJHajs>8%*hpMBdDMY2LEPwEjCp>6NvwY(ub5r{ zN*?*Vr$C^2t$=&Kb}x@G;+CwytB>Dde3Ra&tHivuOry6k=O6lzN2lM&N!pNu!{aEh z2^IcI*5>G0@e$l?~1%|9&RdwSSDF+Pc#7B_P?W`l(kpoMq0aY3( zk&n(R(B5All|T1$vmq$oEtyC{w083mbTfxZ;Y>oH$Zl!Br^cu%5)rAt)Q`!hfMj)l-EPuykf@3D}|(Nxe&bV&vq5n9$`GXz_%n z(qc&?_M)@vNEKS%mBPTd837-b<`VcFy-*KZ(R9+55_qZTKJ`{BXtY&9JLyXBCliaP zn$HHwrBRt^mKqX=|+WTweoR(?ZI%?~wCnQXUiHV^KmaWi<<99-E=> z=}YSUrdj$&K2W8$Fld2yZk~S#A4*u!5vLczHMs)M^9yBP73I<@&;jsN%NGib(VKbj zeDS)C{L6UAIF-ZlZX9h=8<6#COImHNuOMg0SCEsnC~v;wE69nw;v{N=4;tgXCHDQY zHxiBqCY9dn_J)cs#Ec+FQciPTJXEuYl@(m5%pxl2idhu~zk-_ZO=nrjWzs+tPY|6~ zI>QUNolMPRPyq7AnI8~apryT?b;`orZ)HQSQ~fyV+hgK7P0k z^lJTk2EGT`jX8Z~&f*0)S-AgC&Mdu+II?ypzw6p^3(#{p7B6rN*r_RdSbwD5$#4D` zD>m38F@}>YyR#m;J;iBc>KltBqqCv6_DE^DXP4!L`y>jy_C zwF>`k(L}r$9?C|d_1xdoHbwmzm`5jj(0gdo1cA@H2L-_8m2|5?Fg(50E_&hO13L3f z&a!^xq?-JST=(T#@Z+iQOD=S9(W7^Z5qO!U?CGT#Xjun+zF|}-&~>&sQf~D>n-)3` zx;d%)o%2^PZ6;PPcId8=ilGX9ly5?!m}$v|Cg78va;*Hw>!W;Nf5!0kCT6IpJ}tb zAJ2J=JG~zdcPKVL7zOPZ1?Nr}?)uZ(@O>OMF5DT{=dT6MdQHOndAkU}*iZ*u7^}_S zhEISV-`QD(e}5KSSM#3f>3gRW{w~|eF>Z0irg*ZId_GUM8FTIIaWJ&)bh@TN8) z0@?ZxVX6-&cvbzDSf7(}*G{@TrSEr?gQvs`l5f9v|8BiSx=;V3Up>k0o>iDFLDznx zF;>*0sS!eM9obL)v1AI@Jj{)nX-TqVKP6i*vz_fP>FQrwH>Qg(ejDRSYnE zf+1xL_@gw9R#RsxU)+u7j5w^STcgmKEx?ZqxNJQcd!$vDR-N{Ee3DsNBrDt{U8XQu zQ-s8$k>XD}dyu7+W+=Jt=%gu>u3IbFZnz*<9d~@a@?^Q&iPp`cVFf+H_7Px+V$N19`1>(4THQ!SZdN0A~VD!h&V{sLDR#-)cJRp-(FWwO*71at~RqS^Z?Wux!q*c z;|HD!ospi7hzr?!gtCw(`9Tk&l~mB1ftDrnpGz~ zM<+rq#{3(sEYdOrj7%6KZvX*ITqYk3y_dXu>oj5!xkvZLalJ!Ins0{Vh~>Opv#l9c zvG`9+P2mymHPjln9UKFRB-A7riL+AJ2n5k3cX#ZKU&aqeom*86tF1E%S&T#tG4tgh zFq|gb!?u-1)_qjdsvYSa59L_Xr%SXp3CH@K1UO?<)yf?KiBENUVu0Uk&|}Z}Q5vP9 z$Lm}ZRAY`6Z`G)I>S)!JZ;MszF;?l;z&rvdXPH@MKeyka;Xa?jAdiMA&ThTqqVfTZ zLY9D;(fVI%)zTpM&{K>=4S+_20JF>(cnSVb3O2c3e-$OD| zm~t51)i9on2*CcIR(hhXI=bD_ci7b(tM8JnhzHx3S1{hZoEl7}y;GHN6`oin+Z@d# z!hZTEFu%cT2JzB8c z#|USnnrjg1&v6?3ji-0_qdEu|m*X+hD>uLNu27B>0Us52aiL|y$d~j)roaf=>mX`9 z(yEx#XeE*sVWs^fDFG?4I@}g?Z>W)E8kE!w+V?G4nxaA+Qk0QHR^}0f7F0Dd_X;*O zru_*Kl?;~!IB;=l#j`spik?p6rONGTG%fEnFXfPR*2XPrGSy`J4zhy2YRph$(+PUj z_Cq~pz&py46E&6+R@8DSB72n+KA$|)5~tG;591Iq*b5{G`gb>0#im=W66%N7~c!)^zKuMC0~WA9B#hzzp8I98~d&MgLa7)&T= zovP%H8V*hBTHV+1Vk|4lLkK_rph*4_ZL+BaT-D%lKAf|vzFv*Yo65P6VDHzl(y`7^ zh0^utHgLo!SuQ@ehj6>b1v=}mWGca=ihxxZ#spQS3VCBKYT_QnG^v3!L!gXfNnR7R z!C9sM{Mt~V04rr-k|;0*%|R|N>7c?4&W;+(4-1;lV{2x&Nn=rLm#tcP>0iqIgzn}C zg2-Be;#8iA;0WS{v~QjJosd?@bH0<#;En?RjdJjTO}p!nvxW#biu<}Jy9JarFa;>Z z`{zgb{d6@haRg6=LP*kEmGN!6Na|jHg$JM-0&vBduV)jBzeSQqpcTQT)Rx83CbNjDCY z9|1?nNq}YOsHWaK-POgML++T#pUj>Jomp;1@~fl%f?b0dRhJ%WvsW@a%-Rh`pFFzs2x5h=pbSW3cR9FmH9F zz$=`B`Xmr7N-{-($rb#^D^@<0AgsCos$_LdLGzkYxIh>o-9t*Fp>$9i1p(R)oL&FY zqd-8qV1a6cYuK4vJ%FKrOBQ~z{t|9$ugpLEw_43i$LkK)P(+qVl5cwnF#ix}ZqOlw6+rgGwDtqEQ`A8%|i8_2{(}& z8L(Uw(ud3Ib37+w7)Oa^61M;s%~DzQ&hGw>(XwTKQjL!+N^+~4hoYQ-pFho%xkN_9 zTG2t99zi$usrCc&o;8ddU@(p6%s17BF79K39utc@77+$14y4%7_EAdj*rl{=ctkhV z_PSU{@e{xp?71nqEQIb8#396oA6{_#h1+R5M|I`NGZF*y(`cw;&7LSOU1^ImJ4qC$ zY$MtP0ej7?7S|$6X{!$J&p^DrP25p5`}$u>2DTzRMYee85l=~Uz%;yITU)1?Ze^>* zvP_7jRHt3V8T(+Bie6-Uc6pPT zjz#$UoJLkR&9v+kVBz5Ii;qEw$%BcAqDTUj;s^pB&J@R^J5VWtksCmEOrr!hK`V@M zk#CA>ZiIaPtpG)+pazK|5Q7R`6bHWW>8NsJu{{6bM`edrwfgT#Muq5_6L&4Rpw=cV z#4|SbMuEY(mjil=@zMJ9TJFQ)rPm8Oj(Kw@<~)}UOc@(kpi$G*pl{fFwppL9J9>B@ zRo5TmA2Ye#EjvR}w1)GZ9^Y#6{qRP+G@bvv8>HT;YQykGhd@V~dMv)cyI)Ip>!>jC zTtMRmCFG^+UzX!Q{&^?@Z~TYku&bujPi9DaQ3u zP*lBxmBWujpw+;D7+c2`ry@;+^b1SqUm-s0Bm2BuXz^oizWKC0`3yzpA$#&6o8H?U z!p}B3cQj+WP5hVT_u4J8cD(cR9q45mY$6c5R%@JHSi9DatWd2cQ*fT7pe9o{zNGT6 zx*%+k)wpyp#iNxLY(xNIvu%n5Y?Ae`bz*=^vvD&Z(>I+-mbNI3XYxxO5!|&_jW$DB z!V*n^)j=MYyB(rQiNy_aeGI#sc71F&fkS#FUe`Q`*wKC7xtd8+LMD(q!S!eW8{6rp zfJOQ|sD-TZzh*}XsT_SL38^@IE>aW7nXx%^3t3`aCy9}`>;&e?vS2<|@57iFe6AuP zjqC(qp40-(c3DoZvG`qPo}1KvjvtBRQ~;(k_X;j|{*wS<7@rKm`%O8Uz@w8Z_A1Y) zr;IY(%_;BaN3pgz|i4YS0aa5SzdpcDVO4EF~ zB*wyZ?n%+k2`h=N&Lv}8|%djc{PvIAbCflk2 z<%S_yU~(|K+YBK4Bo}>N~PwfJML$FyApKt-jwea}Zr9V8Xk-5^Z4q z_91G!$i#m^cDPBJ-K%p3v3n5(eZ}>Pq2yp&U-qa^US*cVdq|7;w#>Oo0v!lP*W$zh z-m?$f*S+qj$)o8MP-a=?msDaNClNarCvTsDxS{xZ8{;1kW1Jk2vqWPpf{?hxV^MPPEl3k1 z%-?z=JNW={3^C0V=lD>%;bLOG1)2dMZYrL+8Zd~^p4vyjkicy8jI}Ig#IOikLrK*2 ztJB!&HV**!SO#TT&2{$XNQ)$`$5xq((yhR2D~O9)j0BI#8x>D`dK3sn)xUkapDI^_ zc?n_~0tc_N%^-h>B4F_@4v)bl2IS+ z&#nd%z>w9}IbeHyYq*BHvGAY_^OBM_B)!V6>pUCTZQtD4JLohR3Y15LVcoC6 zpq$ZTk-v4_uEV%GavINu-`$tr4p82O0}UOHh>%&%lwi9Bm5&fP2ZI{+Vj)NKJy9(u zn(02ah9Rw;vX=Y%R1~d4Akg+~criKqgEj1y`z(Lu{>C&j45hxH>u(x(SuQJRzVs`@&<|z15D#hYa!azABmCZH_vpPIgj%GX_@U{2R~=&{NN!dZ*$*ss#BlE1{?5Vb zQfUxQed1mSy1bVCa7K{-cuYYP*ZlCd;LrrcUC!&UW-I^CdlfHk>H8cOB5PrTA>P6+% zR}ug7JOo1b-D#P_2(ZnbG4|H5OgJMnSj>h=T9WJ+Frjl{uU{2Mkel28~>15H#k`axs@2|^W* z_7)_<{Pm!qY8-7-`4I5)k~*P}{7zikIee4{K7LHTf=({Hh)xl_JJ(Dm&MRFfm@Vi7 zQw5LM$^AI|ujs)yhKFJpDr9*YUB{cNu6Ml zrC(AIN}xGI1&P4j(Al>oT{X(!@~bJVeiArk=oXVi;U<>g@*sAc5R3~9MT0uWV6tFh zR|a?tR4&eRb;=XN0LXAi6?j|1n70VnzL%db-#5X)aCQ|Xet^VTgfQ$D5{-Pf;3y<^ z^d_|id4}3U=UPCH2<*lGp5=4=yccrBOlextE(JXcy&Vp4I*{a*qAR?={M$O>Oc>)e zt2xBT9n=nJ@BW~9qgswH4l#JFWcpREXR1~Bn}qqi#IDi2&@y`hi#8msJo&Jv#;y^m zh|KS@)ar(OLzet(gIlhMZT`=IlQo?;=dU`|G_+=h4=HswE2eWFVfv|sM3hU<hpwQ&n%&nLC$2$KE4ZXdB3WXy5Atn8b{!o1^uoq zjY7#CQ$dl#PpR69kAa}f_HUu~;+Wot#oEJijXAQvvaG(UO(yKvN+ff8>8}Jh^qJpu z_4%K=nV-)mlukvyuc3^?v})illJ2^zvYQX|nQgAXSUCY13t?=1%|pMWkiDofy&bmA z5-IZqv#a{pvGh3v1*84jxuStN_XNWZMcmTwVCHSfDVMc<3PyUVV)ox@O8l*6(jX?@ zJ(I~;Bc8ul3oVC<9MmImov=+~)|9}N%%*7XOBGqQhuGV0SO=Quf)b%tl+SA9r?1^g zPogLRtWPTyLH1~)Ssc}pUcNm@n}lb*x^8XTXjtzWH`}m&))ngwa}%=W^<$ivww8K$ zNEgv^Jd=Hwu>s9ayNfkb+T!r5-NGe%ozOZ@+Zpr{>h2=D$cT` zxD|4Ek_w5OrSfn-iCWnSAWa8xMnIUl$Ci!|qR1s8Ld5>YW6$KyBWw!eh_&P}>-n{| zX=LbUHixhQQrMqM8(X?%2BH@*iSP!4%;I--rYeS&^pdgXqiZ=YBX=tS97hHC&n^St z{D-P^4<$80r_ORJTdci^KDIyCNF!y}zjW%=&?8Pdd&}Od%H(nurW-NW{&sNh=RE5S zkwD6^CBF1U+m0@>?RHc88&GZB!rb}C_tG}uMLXUhB;_%lQCfE0byxa8qF-*j3Jaq> zrDEm$lfX*pwWq8->F!e@*v^e|*B=EQorFDhybEh?s>^);RhNBk%^cnM6Lvo~338f@V4gYH1lC=Wzqe=pJSejkd){gc1Eo!c+O9hM+A#o|Yp zx_<;qaD4IgBP4uE1fr6eV4<;pnpDaBt<43Dt-@z`p)5E z&}?QZyquaWQha!e7meMJhO$b|YTSNZJ%2ybKYqZkb}45}#27qa+q0gi8fAN3-VI_% z>-poTUZgN~go;t?9HXKdR7S0bOp0mn8KZ5G@0=yH7&U5%rJ))MM=iyar{PGFNO_E- zXp=E7=Z~YjlTkV4g)t`RcDDxHaTJX1sgKY+YH8`Ns2rcmm{p)M7I#64^e2cN#(&GG zRW9sF5ABUn3SV1SNOKHPOJu8Jo{flFOj{JyyhR*Ew~T3eBWiiBW17^BaTM}0D!FyW zI2MzkP^2z%mzvk}@2Rcz{0u;0@n~mOAVY^xsyrSIN}9(Ip!gXE>owA2PG%Xk&m7eA z!xTeVwk-t|Z;u6oGH+N~CNj zl=CyHr^mu97C&WnPIsBd(avQl)n5get52WFNXRK{Jfm4|nx+>>q)Q;|%idniH@gsU$ zC3`B`TqS!7dhVZedyt?-w;aj))@+a2m^2=;T+kNzV9;ufQKNbD>2WK#!yLN3EX!o8 zUF~y8(D?ewp_!g*j0WAM0e=m@OAWe+DPHJITn^Fch`hFn-bn;Ib-UT!n5sa$xVuZB zD()EDqEqfdBWNFbT2s>DlHVocviDb1^+(=_HDO&&J3dcI{NKuMpr z^IyFEMTa+^Ty#3X?d;Wv^8wyDuR7g1(3Rg#NO@N~vK&}#anr~T-G2z>Z=OH%@{KVg z#AALoPQEv&JFnzQC@?fD;nB>Pe6Zf{9-kfWXQk5ab7o)p(lwxY#W%jlG1s1JF@fHm znDC?!%J0d{_O)?e9Y5u0$<)a?wQ?g_M)I1x%JarMgTD7R3lF+3X8~P>Mu*nY zdj*ZwFWGU5l-n50qko_=-HE!PSvinEvZzbYcHpS@8$Shtxeu{hAqC z#o3;~^v31yHOY(gZpjOK{=hF?pjJH;#0S|6Z&w&g-)>0an}1jEaFQJ!I`*w|fA0jl z)bE>1=Cfulvzg1hYeMxeVe)JuU$(IWqN?+z#4l+XTEBKb@tfc4Ys*HzkEAT$|K2ih z=SJf9SEaWCM@`)JSG$y`DexDS*fwY8Acqe>+sfDuWlRr0<4tngIi+CE!*YQ+!)35U z@C-7qXg9}G$*V^vTOKijH=P)We--~SZ0Hjdh1SW+iJiV<`loWZyY`f^lLYFvOvS5>w8)xMHbWqz)nXSA+&HVYLB`{(?;h$9M;W-OO;CcgH4a+V^7|b!ZIA8mpv%{q(Qf~ya$R`cxL4N{cwxw{z7s?i;$ro(tI{DhQT?)~c zRVLx1OP3Ir2NqMBunS5JVYRw+B?Y>E1s(_?3+~n~D5`vTLyu(El&l?*|O!cM0eHjibglCDO;4?Kf0I&Z_`ak%1if)x$!4m z41bdkX)$7B@Qc0kX<7`UP3K}m=e#f0R@Y~-%D#+?1)nRvSbG-Rjg;?1e2w4noYT360$$#5+UL*CbVJsXbzLd!Lwe*DzEy|ij=Q?dQ;%W`+*R+J@~rmoZl;O^L`%&ZgUdSV+a+E)L7`;Op%2dwrkX==b5W-2Xy5 zZ|C;1;Ma`Z%Ork)sr9A!aL6=b`G1O~ussQXZ&`8KxX$fXo!wbs)@j!BUS8=nU;TC* z8`KZZLaMimQd&gm!58c0cl%~N@Ar`?l?UIfXYHKSs`_1?FU)%rKInTD9}1M{FGXK^K@pd{%}x<1d!OD2`sGal+hK8? zGg^0lPk;XhM*Xb@3T19&bCVYO4wo_(0VsboI5aXoJ|J^+a%Ev{3V59DeOZq*M|RzN z|B8M#pq|Xw6BrCYa)yE*1b89fXMvVw7#{^&mI42K$GKaathJjgjWvQe;4tfSRc1!q z?L@?l8y_hj^3VG=|MyoP^syi5{pVla{@2^Sw~sde>FJ#=Q{L-GOEtact>LQV_kVx< zySM-H@817m{w9CysczerwwEo_=n-~CwL)AoP<)4aX*#r|H#e9jo}KmGFd`)$j|AKriZAG0?; zYE3h{+Rk+e*Dw+;~(bt-nG%Q$rn!_+j?wn>uuK?uLq{+ysJjgZPNa6 zw9#vH77F0^)bTQL+hd=}_jn>- zz0FOZ>LDtBOOyQ61e`F>hyVAR-N)B9B(huop|mu-P!kt%H#L>XHuSOoadxW zUs0YPRHzSWf!!~Jd+U1BJyfp!*SIe@vVDR*T2ETfOwCSNrOP z2*%GmsP#&i#qidB%`}d}rcs}m#;Yh+Jol+-JSJ6spWCMKoppctSe`NXR59hdp-?9g zJmXk5IBj9Ya`Ct_nh}Ir5Vbiyn?x%HMv8jNlYUX`a}38~Z%@QtUnO>b?o+Y1$6~kp z+!p%{KJpTgwg)Q2zN#;^+wu~9EoP-Z-0*MyPWIeThZ{qIuZp^#MBSf=y1z`+{ga{| zPek4Ci#ok%q;!AJs%}~6<580RrW3a*^j`kEuZb}2ClQV(B0OFtLVxbl`GoDU2<<+% zt#!BV`{x|kS^y9cxE10%Kc4^Y_hiciOGsb0x>QdhJ06QHy=n?5p8Hf}Psohj=kXlS zGf{m7}5p#KfdvTvHs!u*st?!?x&&#M* z{v_2(PpDRYK(#`Bo>8K&c#0?8f8`ZusL2DQV9W&IyQ#!|+onOrOpJy_OxGCP(JU+WW+ zK?CheH{>%_FuzxieV zXj_|3Ie%<-5(XYab&W`}@ytf*xt#6)j~d53oG7)v&EiaRDn8%ddIV zkG|z*KW~mmm4ahd$yRANwdf-zR^k`IsIrp$`ODXO9hfHDFULTcIZ8G&}6@ zm+-~{ZH@XQrzw>A{l0n*P|gVR+{Hj!+gv=51)!s47Y`(sQ~gLK)o~In&^lGJk`e&x z?HHYu1=ul0?^kBI_kgVK=5fE_IzEZnlCdAWB} z4ATOjb)PCt$^xvnaZ)Q_^Kq_Lrhk8Bn`*VS{oR!mKtA@Jbs1PK$qd1i9$-6?8iE-I zu(7p9RwU5KDy}d$p!43xJ6WV)hcraGuZX1|dim{*3_QL`jv(&nE@MAE+nr0Imvkq@ zjd6F?xYg#?MyKu}?-zYYev*2d9BRmg{BFpPJTys~e0k^u`FzoxdUTEsre%K?S}cs1 zI%;UKa1&~~;u7gM2Qaq;4s>EKwVy(wT2`@Nd+<~flwXsPMg;!(?Z1C13CXgXE(pq+ zOF7IEz2}N8cksX(;uXI?{VCTMsUEYvL+H%PXky)m!$dNAvkpEj~$*ALP7T-Tasahv<}l z{eXwZyN}l9pAg)~&-zWI7EHXPG&!wY?chB9_>iV8tEI zYu}~|9SFxjr@iMx(NZS!nHc;+X^Kr(T7bcUs5?BS3r+TGxSC!S&AETeui=u!8%}ea zm+xa2*VPQ0_X97Us5m)8GsZg;gEQ0{j@gJA&nG5sQ?QOMf!7s2HyvzO6g&wm4Sv`l zyaO27blA;)JMDewZ{gar`0)mQHoGhfv(@0$l*fT=f!a33=15H5yC}8Y6`fr*TUeCZ z7R4rkEWi+_sy)T1<|Kbnh-k%7;iMCj$fwVFANJp$-=<&G%Wt@pK-vt!X9U|^=tg@U z5|(p{XJ)z0Km?y2o?Z{&4E4K8%Gxm%K}do2VKf==q#m30qxH@lWP@c4zkzfkK=6_6 z+~a`3U0e{54X~rdHzC2j>>xuepF|CG(k5jMrWC*?y*kn$?E!x{nb_E?D_WJGC*f=w z-c2O|PI6b3FqrBB1P`poNy`Dxpf}wp83aIKmOELFfRlqto0gFQ23?hQxjpVBlf~Mn zB;U?z<=^7+17pV1T_z^1_w>Zc=#2NC-fqG|d{6C|phWyrnz%HUvEP4_cv4mR%W?!~Zs|Bl9Nbz-5vvBcd3rx7(1hkow6n5dNT7u5q?oCL zyVduT3a73l@1*V%R62OFjEM?yJlW6$XYXFv8$czaC)=E`@Ya(70|dcU15e_VnqGZ- zV|Uu@FOjq7 zcje#+;Y!4@Wa%3P9oI{aO`^b4YdMOEt_u<7c;{xpanbFEBj_?Ujzy8Q8phCeraN5taU^cL$U?r#y0VA#fv!P-H zKwv(mj8F*>RyQcB0-MH}Df&*IC05)|gb-*9do82`i{Y`weqb?>4wg`=OoEML(Fs7= z`J0jsKrw_5dIB^C`^IE2?;eu^MtOk6>_M=j*$aPbp23I|u$Yf9#sw^9E`ku2Dzjky zARY&7icO~!+Wa`25!UT+Mp)6oKDE-`@o~Px#`l>Di}+Ofi4Fpd2_1VkV3_#n)P@R0 znUSWRS_>3`G*iFSJxRo+?gNCGsebBcpa|nc0|CWUm&&b9mj+U>p9BmPvuA@;0T_4& zX$*g$n2vJ}Sob2#rH~Q=!~9+&T?H01fuYqvXXKZ-=IRd&42!Hppi$%@%btKv+9pBF zEl;rdPazAf!dis^>ZLG1{-#9|zM%&ke)I}W^o}0GxG5g%xY3INa`!j^JWG0U0agj+45l~ZAZFnjwx54Eh^b;P#8y;giPE@cC+0qG0)o( zrYiCdk*C`kAFR7y-W$sqQ&ZAKP6zD_xldXj^uv=R#Zr8m?XRM|#pv#7ugY&**%uR? zZ}p2^X0V|I?>+y4?dPiN`_s$APIrHWbbWtfZqXUz=OIh6vT<$JqR zqB%f~Wv0CA^8TJ-z}Y7}x{dl(i)UeGR-BOc(ekW()j+&90YUH=WKYTZ>33v^vM-NCBbmHm~oQum^Zy_+MKj?R>+VZ!!lnBcAn2>~6ep=}sjOn!|C{cU8`$T4J zZ_!3^9K#u|_eN7x7_Rr4{Q7{1OZ2Z{Q^Y14lS4U_r?9vtHW_R=3ATT3xJ;%Lt^pIR zX;bxaMVVMPC3B6M(4<_hQKouzS8m1{TCw0RZC;}{?6EJYnjx6dPjHR|$~)V}#DqPP z5drcw_GN7qOVwL>XM+T$tM=#>GxV;P-`?21q1}u4MM&D~^ad7L6?) zZ$fQXU?Tmd2o{z=kuL0oVj>w9Mb9un3bJmg9*tkZbxZ!lD*sfP*~?j8qW)!b-SS{t zfjBK&?gwoRtmBxoEy9Vc_BvH&zOo3?A>C?z}$=R1NPNl4>FZ7Q(E z1jEE^#t?I;O`L!99IhMDsuC8vOeSCu4@w3MUSA?f)6qkP`px*TE9TRhJpxH>KL6Px z;9w3&r%AhnCV5Ep4AQ!fn5UVj&b*EoJxoYO55Q!xPq8_A==NiTPkD6lIp4!a511?h zPX-k6xHzMp))A9am_P#e28Ogz`?XMXU_RXiOv(J@Sdo7fC{sYj z%X(c!is8Hzvf^I?g&UYVr~6F1$K>9{6X6YJrzL(jP}H2ZQyY4Xc|~gNL}!#%{^0%6 zTaY;Kz1|kvTm9VIqJ=Jz-eP{#1=suHnM=YG#fp1jU6>e%YYUw@1oIJuDwk+iAHju1 z4X6G9bIyMp>N+uJ*QD4J^_k`{fr%Me4@&`LGuLEODEwn{++lsdY$`mgRAxupCOKWj4}F_FYpTxh)gZS#xUjWaKup$o&ICk10s*$Ek9X zrO7=Gt<1^9<)Z1?X3a^27>9sAvam5;QKrdS0eyd+Z)VCf44U^|YGyx{)D8WyPn$!D zw_e{_Z|CJ~)_&6Pd0BNqiA({%Ir4aClbP7;(6ey?8}{pEhP{fA-q}*+hgmOR{Dysd zW1H{l0^BXceaL~(6Uo)YyOB$ZHjwjLja^PII)!{;bRKz4>SpqW zPF|Ag{H&*CZ(drXKDqZ!2{T*)<}~K`Z5&;E|7`Ftb~%K>9eYIfk&Oc!DVz&7Q3+Q# zQn;a!f>j(T92T~33I90OQXq2GT2stjAhOkT(-Y9?EOS#-_VEFmPF1G-2IfYv7Jq-_ zVCqOhYx?N5u8Djz?92k@{#>%irbK~-=RbnS9cx8(qC)r%U3kq3DK9*9iB=&ekcX`0 zs+S%{HIEuGY#1RuR%*+{O4R|zu~w16Y=q<LjmsVFk zfp;G;XX>k?fd<(!i2ws9%S&*r%8YQWCkX@fxntJ_U^d07E;OHZT7PpaDWw>N+OCbZe! z(Qi1RjzxBU^i)y^-5zc4IKe6N_RdY2n9O%_qoRU9*0g@v(6rerf;xz zV;5I(({MAGpd^H_xlBxU&9Q%B0n_<+HbHC_Loy0m>2c_cz8LY05Mup9FTcI9(fc>q zIrtsfjjU(0!|}Id$KihREk~-Q-W=215IFX^!ElsZmc{YZZII)xnQ8>+moR_!`iY5u$b6ce zO#GwI|B@+teK7G4SJa!%JqLOI%mi|MTqL^Bk)~7ee<>N!uTKv__n_D2i(qwY9^eGkObSp*B?e|L9GIjW1G9x*!K@TR zi&-3?TC<_WL=QG3~b5iv*C2fm%6%&<0>u zb|AC{nB^~!ew96DB|{T|+3aO#EHInrRNYR^er;SUi~!iAWWAHI2&UwX%nB&dJJ#g%%F=lTgnI^Nr_Mmmy{7;mOSCM&=r+53%7q6yP;+rlXU^pxmLErWF;Kf zRFjo@P)kllTtL#xZ*Oe*{!R7}en<8t>)Gse{4Lo#d285@t#-4=^B!W)XdUS;^wi(% zYfUihkzIc5yO*Td%ezi+G;rPFxUsa1BaG`KMCwl>KlpwAES2wMhP1BlT~(0h@~U-_ZLgotxjVnL0v_k+M0K^Qzq=~b%ya0M z86jTDjk8N6qvXMfFHdIw;ilJ+EC)4b9+>BgSEU$DQOzu`o9C|r(**RoNK0#xs$O@`i3O@T?REFuSYo?*`0CpSK~W5%h4i7N`?R@0Xkor<>k= zfQ*)|eg1ZP=DO>fI4r^GFKA_VBT=Mm0`LVjV5m zFUfy2NB8P?;-tk#i5+WUQnG(=|0a6^za#sM^=$So{+8^8yfy5vR=e4=c@MD% z^qyp2xw@Ras>z0ZuZxhq^b$7vb5{%Y`>sA5AeNqSC~<}4kmHKW!D*>DhcPz>4tH)c z92l2zaR_xQd^z|5gvC#@mDWcKEeEcI~oL4UrcQ1Qz-JZS_8m&1s%q3e79yh-onkCiAbpk`vJe zn63FxToP1Qha!LhoAxmV1v+4`q9wQQbd zNlyf7YrXMqz%E%{EwOk^tp$3?@@DwBWO;x*DzA;?c#(+Y?Ep-{E zeNfR3!Eviwiux>wJLw*#5`R88gUfXQ|B_Q(Tnx4?mItX8*v`R*0dNG+nsYWHcjVn zYPmyQRdcq-mhRtVkKlK7-*IMp>}C8d*&BIl*l(?NvxoB@Vo&HjNiK7BIr~!7l8p(mjHJ3xw(s2%EZVept+-iR~JTCL%KRQ&rN;psj%z8wz2db4> z53346H8m$DC3f-OIgZozNpXqPW3)a2eDndm-zKGD`{IA;c>pm-KraRe!DUbbW^cu$ z!)j{Msf{gDryy?}fo-SG0|sVwoVppP$4VCnFifD7CAXCK2);|eKoO=7QUzd$<~ykj zFx#uNbSq`81=~mofq_VL(p6wqUV^k5C`!>L(tlv!Fp2C$Fs=DO76sIKk=veNHug3X zO{#tRwpo9z`r8|Qv2D#t)vp@@(_;4P(bE8L8#x zIk7r&3esx$TaORLtl0k&4M05=V2Kczo*uA--S#cc8CY5YR74%R14ObLNy~uw6wlJf zwtK0BrMJNJ%mmZ$u9zLJpr&BI)k7G}V3J}wU1fik<(N%uEgJ-?Q(((X1(T_=B+nG< zZ+dmAqZ?l&-w-z>FG7zde-kfBekmG59&9z5TwU}Ixy0y2a-P)R!(V3t2m>;$N7 ziwzzF%(l-4-^p8wRf!-*0DVO33<{W!e4S|l^D*+`WO>VxC1&Iekmr&)#{*`A^F;=; z9Gg^}bn3F}R=m1r&`V&pPlAZ(>>9786qFU19oZJt7MRaTEDoGEt>jdREN3kbY`=e= zAG?$8Tz4nkx$aE5@$r&$=bElbH$cxoj90_n8k^FICe(a`bpyR*-MJQ@&WzrZ>ZZAz zySeH)T!ZBy`AQTTDx;@xm3hVR0NHoEmNQA+#NZ7>1NGpu9k?sVuGbPLY!~vH!23aJf4N^(! zz1Sz&LC{pQmlNl9!#WdRH$msuvXH&3G^n%~v2yObbtm0q^y{0;IjlP_H^P6c?=N+~3Q~F3Bus?DAVqo8`RR`_hON2A1ZmctI+*0?X3H z6@Zq`u299=y@J}ZgBARiy{s_FmbC)vvcVO1m#un)ehKUD`zP{t@#r*^cGSO!iOv2X z?N8j5&eJZ+_%C>gSt`&gC6j+krDRl$-u*pl6kk#@satGw=qrE-dO^v6dAhlWBw*K+ z4Co~#19nNtq|%739Yov&cuC2m%t;@e;;>Xmxng8eO=UWPyh1ymd6U7@pupzS%9$$w zJ$#;P^D0?bvOM}A?jh;&TOKEpg3S8q_E1x|J>0dHc>B;jJ3Gvk{kI3DU;P7Tdxdd7_qDwDl_smCzCa%3r+^?l9K`RrB_nx zu@-5=07k6khMkP!>3x4>P@`NiGQln^bW~?#8iDojkoCpz@^r(92J6WbHr5+Pe4&O! z9HJ&u#G=lL*hZZgF_3zD1_8x58vCaip{rrr4%nf&_Zat(j$j?0PgvzNPBZ@Jvk zYEAerYW4DSt9zC|T-~@lCwKVru}d_|6}teJ%Vt4`Z(ka*Lcr3T6)Q-?R!~{0xPs48 z*%hW(xmQ42X0QU^GM5!1*{)VFT?V+{FjSAuuc2d~*?OP0Ya(`U?(ROVy1TRL?l106 zHGcQX?7;pYI}m@#21$40Ur@IjYtpAerM^BbTYerq{K>BUmc48jh~252EA6)T`Nw=& z$oH^a`&O#y<_4t;5*nY!suXZ)<-M&upCqa`=Sth-xzgTVwXMhc6UW}~d*6@GPLe*U z&TF@ov$v=S@oTa@adXS|Y-u}Zd$!$*VN#X~Fg@dK<+FdZecVX*1gbl=SB4C*>ETc5 zo(;Pvw|tTA*~Ck0>WgRRw7n?}qCB1^8vYeyOU+fz_5`Gx_gB^wFyH3C@~ePm1Zm2{0;YunR<@^LR$^e~b^+C51SVk@qbhIk^-pcnRTz=DQY8!Gk{J70;` z0u5$k{Zg@i*%^?Rtd(uf#+6pdTG?JYjj(M}}&-LiMNAl--MWh2r@+Y+QjktD6n)d(l)cdpJ%$q;ZRi7;3)m|TtNl4$`mPE1Caz0NGzDMY72Yo7Jl z*O6S{zVZ2RZP#u5y2fT3XG)%=Mpxp4$nB$7N6)NZs-{;JSrI zXnqY3|I9gWDCecS^=EJXYh~k)%GsixgEX6X@$-q)`wtsWHn6uEER>H+BKC-(I3-5ARCBkwE!+kC@Rz%`DznY;k{e3v^)9u&n>Ty+7k4@DgH(X=C=~!+S~ut~ZuzzSO}{|wbmWbFR#ZrvZ z%lRrXR$TNFsE;b0ECBP-r;`d`F-{HoftlbK&l*ty7UN#!Gk|=29PBcWvIf$|F7v2s zz-{yrSPadBUQR-|2JuEOf!Sg1K`(*%tm2}VdGtuDa(W5O)31LrL^YgV)~z|ctXpGx zS+^DmUrsMkg40vO7Qd`pR6_}VS!JCottO-i4L?Sg=q1ogdRe#Qf?n3m>jV+I1Q_!| zDvi1wSM0Lx+YNSE_b5FRicoj2P!sx6W$jTXxPn~PefQ#?K`!gQdlAr3)w=ID$Yqt~ z(KETMx{TU8u}go!bWb-KRNZ$kY8s|j_iGcadvbQEmwMJ2ebb{B-_he5KYK+$eoK#) z+#08s-0np$xraPXb5D9a=PqCLl4RrTl11o5f`z>(2djmX6V@K%Fs5aabGgWlX=Cq1 zi&SfgJGpY7xusdbiCdbroVcai)rsG^0W!B_8+FF0CMQvx9Q|TEW^uBeOp7CG4DrUbu||x34aNM#BEJnB&Xx7=(w}=< zdVa;Wp?iP)?ry5*uPD*_I+A?<886?=bemj0N>;!r(mqPyqXSM$?N=wLUOeC>=ks2_ z3K+w7ta_K%EAGE;vwk18SsxX?PMh_ofP5GA>gA;TSE7@N1CXzPy42F9vu61uU!cC}#5Dn!Z%%1e>mL~E zF{V&0Jw|@>%8j9fznbqcL9?_PsML%M?FZt!;N40D8>Jm5dy*65Z9>y6k4}+y z15Ij3(oJ$H$AIw{{lgB?x{*ES>Th@BIn67L z*iYQ;tf2WNz$|aS`*B9V^njGU&h$z$*&=`Cg}a`R zq+hf$#9dBO0wo#4m$bT^xuj1Xeuzt#y{e#G6SH}Yu7@}^!EDB(uj8K5ID9v1w{xKY z*{0R*$43FPgU9=K?0Rz5A&|sK#hmscL92D`|76vykldv^ zb^GQ#dSZyr_B}6;btIpQ>YIOab2-bf*{|ovtQWSGxNo|ZI12p$z(<=Ui~How>v7Qo z0ouGO@PkO{x&le}*}D;Qk|%vPtVlY!bqV~8W~n@>o()bbt$ znn=7rZH_Y(0hmsOhQ0u@In$+Bc~8D}9~ubE*7!qHff?B)od#-q=|g|{f!Ut>FcQIr zN_U-*wB)Aa%dpY`(F8{0YDEV%-|4?7Kg;xL!v?!{k?-H>?*aB z-Br3%RbjB_b&;`;UczN>?rOkZ-_?b~L#P$U5!XMCH?F4?n3jJ+a|CnM=Sb%!!ZC3f z6GucRV?bEubI<2@-920DL2Bu-KUkQD^Egwz?Z@A~)Sfmc zFnX!Sk?zMOfti23A~3+N35=i@1P0h8fdOW#7wqlRcEw|7 zwsGJ}kq^WnE=7OlP{hI%`9&*argVeB0JRe-Rv1qClEDDFW-!zJUojY9mkb8jHG`Q0 z?kffZ%#!(qoT!ZC+fHV_;qt^_j(p8vj&g&+9Oat99Oat99Q781IpS!?)h&k~0J%Ev zXdl-U=4d|CwB&)jIh~OTu^s&ug*m!UaxG0bx=)5JjX8h%4Gwb*pQBtlcnm*EZ7qYq_FJzda71_y)8nPZfN+vEYwqB7J_7{u1uxE)^BM%f! zAYVm|T}~}}g?wN19(l<{Uf7?SILPUS(8xWLc*&86B9Oxmg`vo>G>bw=s33)!P*n;_ zq|_9?Lj5Vsg_%%5B!i;RxyB5~C3}fb{2KO>KCyqIK2>J6Ky>uXUjF}95B>9;S9;_J zWDEYTzMgKCE#`~#Qs@>oWna*(`PVDD1+ys0y%4wgt>Gl8F42{d&F#7|j=zJ?4vwPI|}*NUbp2!pBRt zRa(7fTL3TF7O+dURa(2jwt!x;t%9>}&TI?N725)MIbj6sV#27jaf59Ey<}U!F4-2a zE4EeIaW!KE>~h8k*frY%ddaqcU9v5~uGoJT&`Y)@*oB4m%{iA|>gn(8%CGbN;`DcV zGM)ZT?--}QQ(HXraI5L`cj})w{hj*J!yb2d#7CBl2U3=x2V9o*3eBt(9>iIBG}N1p zT`(_FM&}N!v(7PCyXo+EvV%DMo$STw4H*`l{Z1C>jERj@G^9B5Qll2;#paGL?bm

cUQdv~**FJh&v#369u_&OIEUJ&INh@I2EUJ%d z7KO}%3l`On8!T#qS1hU@S5sENZm=lHb*Kl;eE_;*QAoGAW>Kj7b}?mDB!lCEMIk@r znnfX#cNq87!iFvqW*{;CKO5h=wl|=(JE7jsnq1h84(tN4BW!?bcm}HL z!MS)C2d3-Bx%d**z*Y`_TVc+{7qf;<^~g7E(Q6>TN@@?~>P%zEwhdX+Lyh+XP7J6Xa&IQb26e5kO;MW3xlr=hL07 z4Lz-;2xhzvm~Gk5c{l?EDm$Zq8B+wNxe0lAeFDKOive5pcPUGM4ph?}vedym6nmfX zNiT#$>g6}3lR8HTKscvPBiem-;ifv@s1MXKt0T^YvR6~O3nE^q2||mNvQuM)J2&c+ zGKy#0McU{*$4W?hZH6a{iao$ccGObrv%k;k}gmi&4eBRvr$jz3ot9jv=pn1 z=G*E+1A*E0d(+f^BA5-#RHsw3U)vDQv|qoeBRw?|nPG@ynaG@g+Tbw^udJLgx6d-V z+AV(3)tbM(@fVYwo=x||FaRdaPo9GajFjxj_KHc)?QZYf5{z`Rj6hbK6HWrJhyB=l zCl#weNxhh=jRdH>G4#?A1IZ;-8(NV3QneunNjkL{tdL57U@R!_xHKopf$C=+!!XjO z@ktvoIHb5La_DiDli zt~ivs1$qS53Z+m0kja@~7=s-n z{^i$~KYXpP>kq%KbIF76ueH35xvd9U=WgpyzrXyne{Fl$fA)3v`H!!^{^QG^f8`VW zhu5Ee`orIR`S*WXNB{AUzx?UT%OC#pfB)NmTHw#W{mcLQ+xK7p?tlNw>rY?*{Pk<< zd-?k3?du=cey_aa*R-9lKDM}QZgQc&`6B2@a z`foj+uWf&)^B1`n-sfvvuYTs9^_+Gubd24@;d%5P=$`m*dY<~T-bo;wc)G*TXf*|Gj!sGG4XHRpF91F zUZZKJm*}WNXM$0|a|49IzUV$G?A3uQLyA_d87@2{zJO8*N4L&Jn#^fWHBmIR-ID>ASSn@4C6X zf9HK|Zg0eJeF6J?Ys=`@U*EPo@)RiTH8ZyFHD$ua+enLietThbrhON*lr(wIyzXDI zt@XlKsf*?a>u-G{lH;S>)=LsJ=P7%xJ4=PIw(cyag{8M;J#rP|%Ub#9wCH)6m7qEI z$$OSQdKPTURgUhpXTD0MMj3o`razAI zwO_@%T-fTQt>Dv)b&s=c>G<4(`VO0C^f$8bj?Fm85OOZZ2484v+f3Ls3!5!Z?7=bK zQb~0jyLzE@*=R+hSXgg!bTpoY%`tj8n%P($u=RE@$c5#ZN;AV9ld)QI+TFx=J-V&- z?&b_l_8eR9-JPZgHi}#&+-sq;e^I}KBNBG<*SU!|uOp^L#P=86F>loC?G;bBus-x* z?9zF;bDKpkZ8y2lT9*Of!z^t5lkBl~YVy1sa+aw_TLUe$)geb)L+0gtE7TpDJd^jO zsvTyXlga-!=`icWg{_V+hwjdWHj~SnusFV|>p-Bqw!^rpoR^vKmt<<if9^4!accxVa;pXA0{aGzb58&+bdLen1m6OFbuR=Oc5gMp z{_W)-K9$jFs(6%9)n(Lt-B;64y0D@)$|Fc68NomnryPDDl87>L%O#o~-Wc zwtIukH_IApL@|#Ud@Dmy)p57#)3vrw}Qjeg$&>ef!}Yzbr(0$8~Vw9ZB>F#JLWm9jPkU8;8~-h;prdXl6nwDXY;PjWd;OJw%<> zawEat_CxOyO6lMLJ0NUj5EHD0Aj&U0npMl4Qj!kle@D>DSH)x0ObMfe{%FvIN)8;R zPuR+u26zZVoK&MP5xUavf=w_oMY;x z^&S_vdR!jb9%W&i#Nb1>ZS{C9dayOmLRXK=p4y6Sr~GLiT6u)sEx zIEFdP!q)#C-HNc0rQgBxHg6xyGsm9 z_B0s4{IMa>S@U2xlxEy9ZgP8f3%M3wt!FR{e`^O~ypEoRz-}gi@t;hGl6fQwu`y*C zV-zz+WFE6wjZ*c^&%i-(FTU zlg)S91ge-Vxy zS}zr$%z0>MLWx`l^ax?Im90j{r6OdV4?RpM(fR~iAdJ|52b&>mQS?CDN`>V_YhZ+g z(OZNGwn`WYl;&2w>(OnNErb0NMvA9`pD;F65ztiM3p=6e-1|$lEEh#S;z>Vc@!Ii#?~1{Mys(EM-?K})@JE9 zs;M&Umr+HQVgHRP9E?3Znvpe{#NdNo(Q-x;@<$sR&19KbBcGD*x4xRyR>9VD?QY*g zFn!-(j<5^LZzj-TMwd4j=vt%OyAE{1A=>#B{d7>*C)rq@-(>6k1^t~2e-}c6od$!4 zTyRL}@i1ezhT+H_0RvY&EQUC177T^fd>AyNp)tH#mtYjup2Kh*U5tU=2p9>=ijGEF0O(d;nR`d>yqW8d&{Wwk@e^7Q-v zk814p58LIFU)}D0d5x*x($UZ|6t*Z(g6J7Ff6`miMjQqkb3Ldi z3YaTKAN1B}{GPm{E~BVy8F(l-nuDGRjw$ux^ zqgusVGzP{;F{Z|c4o=7BG4{u1G?ie@oey#XJH~_ucAyCqf9&dzGH4U3dC+uB8i9?4 zh5}nOv4tjUq702YvfAQoBI117*U^7qHfb~4F1AYv#icIRcq7twqlg7r+(W(8hP9=L;YDG-z z+m!01!n>ACmqPB(pS{Na6{UK4jVpzBdGSk)zF+Fj%jdYf_~ip$T|=AwV?jFZOz@&t za{K59LHfyw4SPyBvEi2o6C38UCN|i0A5CmX4`#jSe|f%lV#9foz&A{A;C~X#YS9T2 zw2#l4)0rlppApbZKjD`_hE-Tm}#Qt`M5(qn(JXxs@kzTxC_2#iq};a zo>qZfP6gX^-v<++KAHse@HsB#prDD_eSgwy(&lDEHkTimO@5Zy*mWP8&HaT$cAn>& z%}2|4f6!E(xIph;lj)q-kCk%GFR4E0mt?C5`Ho<+tIu70xEk%w)nmA&P^dpnUtU-5 zU9X>pt|`e>?gE&hzmsU|5@Z?4{@sTa)NMsg~t_ z0Mo49#tHk=(O+?0qaB03Zc`HJ9(+pSkB`^U95HT#-*t24k?*!iE3H;;pT}-#24QJm zmQ5HXB#p3@+AoVl$lR*^%`R#&$yd;Y-O6;0oJV-+rzpo%{v*Db~i4^CGgcf>nkw>s{4bLMVi0R+%b9WLB~%ALyjjXDI!0oRM~DoiKqC{V6SurO2&17H?6xwi%>;uECRB%e z+!P4YVIeme!gLZ^*jAZM*PewD5+-ZZ!dMBDMSN)1gz7{&w|~N9eO&knV>0s&e>{p% zS#uY@$CwPnxsMk4#p6c2xmWJx*mJMCE(p#@%N)tC@!ET%UY~kxyUT^HZkMC&X=p)X z-rM21_f8X|>}YGDz3ZqOv?MKPTw&qRs>upB}4t_oeBXDI1IDU^7n09y;3t<@_+G1US z*3po-K_go1w6^Y9L#Hg^i(bKCY`uqJJNg*|yjcVifmseRhMO2ti`gPle~{TMa8(#L zlA5^zlApN?(quRm5~{hN5wSR_)ACaW?$UfbaF=CRc4v<(FmRX3)tJ*vpMD8?`J(k| z;O=@P>~b*ba@6o@0CKxL;&SZla>(-Pz3^<;NkqOgM8q+e(*;!8nz^9j-pf&We|Vv% z47S|f5>3g$@u`QUQ|=7Gf83s(U)fbkHtrVRxzy-)+T(r=mqBxnG>>0G<$-TDo^Tb`C%$#bVntN2Ts-`cGYQgJ(NTY-0ZNBPeFJdSNLu5W?=M64bJ9fmfBm{{)t$$Cls2!7 zG8Svz?I;^mvYItpB*N$l#ayI8(rW`3>RLWH^q`a3l?IMQe$dJN8#?)EuM4!jGOefT zG5YhUpUZ={2X@+4I0BC!a;cja05G(8Gt6;1x1EQ_s4Dj4ozhJAYp)Gbw@P^Vq7TR8 zJ}l3w3}*LJmw-a2e|p%5k61=d+w0p(S-zjx3qQ>OklGR@<`4v;1J z;ssbw;{4vgif~>P2DLX--XLG#e0MymJ|NiY8D+6oN}G0*`|GDYs@B5`p$BC<>(kiT zuKUQN>H|8~fAf6&B3EDH(Sp&#AFtfVdXs9fq*I~BLs3V3rKj#ttTgKn73mqYdKUWQ zL6M&NG)lJXKJ1SNl&t6ZVM@MG%da(br8GckR#%UV8k*@I#& z^=X-?UH4&^J;*-wJl|F{`BB%Qx0LNTkHAV@wI6;De@bs#_`ZMF%~W|ZEY08Lf&Z5D zO-s_j+bS5pkx4Sl%e&=Ry|CLVa6>4LusC6wPIrg$?!7{6~!`VK?)^Q8;^wu4Z9 zg_+`|NRu@WvhmwXrWvZV`A(bmiiLn2GpGGL*{4{;1+&b>o_K3n=4|iq1X(9{kHfQO zod({ZRkF?&&(U_-XO%-6=a_!(y^&*05U~Z|uD(_sxm*0I;->Se_ za+T7Fc)i?gxdPl+wpTfR_t{?fz*AB^6PePD?LjqC$Re@bGQDfchxR1{|G(aN3nN`;YTH2K7zv)drb*GS@dltdu-7)PO|y_f*!6rVj!^dVaSLpV{oxs#2{pk zg5k;^8N!-14F*4JLJX79*cec)TQKlifA?XCj*iA)ZYF_2-%JPD!EFp!#7q&%#!MDi zDQp|*%e(+-&U^*Gm7>f5f$qq{BpAR}3DOx=VAX``+$%SKF5-1mPz=drF7PKp&kBl)e@usO>aWT> zcT-TdX@#iTje^4KMYM+-GgiR+H}=3M4W5A}F+ReUGv2}`c7B7dFdoDnGrq*W4Q53v zFb+m*F|J0t3RVaEGx|p}HJN}0?Q#Mw-*g9hi0KpbrBE{Hb*6dHF;yCg+ZKry!!#7S zxrr@^2Cm5&T-uzQ+053vj0u1Uo3^1+dI>yOQQBiGs ztfI(fWERkkin^>Ua;b@a{&cC1%UNodg6!&u?NZxaE@A!r+SW^9e|b4e?XnRsuQ5KY zQLm=q?Vo?Z%dWk=_+^=y&ui^FFGbp&mm*a4P!{JrS0L9`O(4rA3*_30ReB5(ZuLeW z6Q+y5kKaBzkN4_+;TUCECq104is{oNcvg} zo`+cERv{C5R>(|NCxy(kcB7C9Ju76Q)T2UX;=NJGO$L4re+pTIK(;J~`)vt`4-_(? zG-Or476>C**1%>6)2aVqT#d%IWQ~AZVdEleyq3VNm9X0}Mnbiwh>_JmUf7sWdqtGf$ajEqTRAy#p`$5C0J$4*1L%TIqh!*bZ5naJ#Cc2EtQFN{l zuIPp)anVy%35y@IWESsc$&7w)+8V-xOK=DzAl4z|xU7fJpY);kmz{_ z1W!m%Ak2Cy1L4?H9thl!96^ZpGzzG|(=FhPNXvj+e>{H!67oC`=n4`-AU01OfdDf_ir!z z++_2eHsf_tex;v2TB4^}SLIhz>2N_p{UsKce`PAXr@iaSQk`z$R!mu*wezvbRt-v{ zbUHR$EoEuD#E_P`g+|_G$)U8Kb_ZcLIAz_o&tesJp@Rw4TD)!wglWxQHyOh89i*Gq zKC4v$b{iy&^hGyQC0i28(-vo)*OGE0c1=q{qS%G>k%XoPTW8a^6oi)1Ea*!NMBr#X3*&W_YG_3u zUF>QG$)_y5P}A(T3dHL<&A^9XqD8hG-{rQbZZ`Jf3*A@ z%~c+2E-$6r=#v|uxh{vYt_CBo7r=ggDC_eo?eZFzuZ^!3r|zE~lDi(!y|di1-I?jh zQB{<1ozEM1OU%A3`ec(;U)s_QrKHVkDLVBKMwUGeB*p0Rfdq6$82O6RUKdOU|3mZ< zXm1Hj^buxn6O3`wCdDQzQZs>;e{30r6J|-7Q9WT4Ny%2HV}P;Q9MS`N0`51at*dJJc;q3)(9gS zkh@twr>Q;}1Yy-jUmwuY{JazO!tf`M^Q_J?Zh|Y)ClgMpkBes?RbL`Ie>tl@0*yUQ z^`$anYL%!yf|QJ*jTdN>wY)dVyb*n=ZXbv~LT#d$Tf)L@LYZ64!p@>E)!iqkxe4<7 zLz&2CqK`2Bm;{JELeHX)u(Rl6>_+qvdKP_2-)J2?RJ1uyC926pAMRfL7AGVNDe<`-4QLeW5QS@Qg7>8pQ8rNfIhblm`F#Uk$V>$!uECdPK zqbe6PTN5~F->!tf4@@zkyO^>v$1+SO+<^<4T0<{wbi>U=pLjK^KJ<6m2||LO2Z9G& z5yFh$8-yc&1_)g7tP$Y6O&|Vh({%$Zp6Jc4v zCvJkkJ8r5$P+-%*WN!Vyc@jo?qfqV9RXw(gQw6p zH&E!9JQhBYY{#?`MM27A`h*mq?=fTguSz7!XipM}5?`AL6B219$()L!L|T}BiZLY8 z!t|q!C|D>xU-7V_w3+-#RXzGuUpMf?8F}485@~JXz!?2Je-DhURLSRT`vnQ~*DR`# z2s!nX)Vs?`d_v1;79q@^RN3d;-aIg)Hn4qnlz@STv=&kl@Y|NP(~5gTp2<1e=}tSVG@)P1XNc>5O`e~L5K!r z1i{>u5d?i#M!*iCjDSX583En6G74S-WdsD~$_R+gl@U-PC?g@f6`XC9M%d{*Ke%j@KIf#A6cC|C$3I@@Wq9`J#BTeUiZ=J5ne9DIp_OI=7Nd2BSic3j|{b;V{_BLMbw53;Z6T)Q5!zi zH~sTQjX&hW6zZQrYQx43XADgY5bgeHrN&GDIA8FuFEO?e#1A1$G_!2J>nc;x2D&3b zeGieiMmcufuFxr|> zn^kDNLYT=l>%B}LqE%rR{Yb4+tv$g1e{z}Nq54af4o`9Gci*&y%W;-zirp`_VoI!A z_WL4K6uaF$A)?shDfsHXfol9S5?HuU{!gS%X_ZMNhaM^oy zwQVe1b{im67cRT45GIm6tcoySxa{WFX^2b~F1wi$rVE$do(WUU?siX@X!dXqf5Jqw zyB{&6nmrtjP|@t+myAt@=!fX`DVy&v;OVv_1Oz`Hgbuhe1R1|Y2uA)W5VhiwA-s9p zKos;ggm?+94UyIR1tPHbAH-_tX^84>6A=B~c7P_r#(+=U7=d@(Xn~=?yn)Ny5rFgD zU4R|Iv5-g21CejdQ=OTgBH#Nre@r11Lz02bd64g)|B%GV@0 zKXsa_k;n$0)#2{~ocQYScLvUnb@Jp*${T4m&#~2e|o8mcB7XFyVXmC+CpFR0m5`B(OiWg9dit)BGg7F&Hc)_ zb<;As=_c8f@0!4#7L)Oe7Q5lv5ar`0oetnxoHpR8fncD0oQj|wowA_8gWI5IoCKi< zoh+fRfmXpPoPfc4oT$OhfYQMro&3#eT_J#Nhm-&(aLobE;@TvgiJQT#hDQ>aD8@gxlpC=Fh)+zC7acIi9yLCeIa_br|ZTttLaAB9P;_Ba!W|F-snccY&{ZC+^jc4ZG@eN+6bdWCLh^# z)|;U={$A2)sExj)Vau?B*y#&QNhV{s0+{V)sEx4Op|&z*f2~+U^)Y!(+03X?X4h~1 zpq!cAz6s>IXU1wamq&BhH-ZAIL7X@0Vc=t_R1qf#`vWm+AtHFIa|H1t`e^0`b0;58kIQ2%;IYVm`kBn3v zUE!1uJ?7E?`W8e4Sb@t8uojmkU{@euzyMw9fT6l10*emq1g7sI3tYs-7&sHiHgG!^ zc;KC;162WX9iweG!3h5DJ4RRt0U7}WrD}wl(6kYfLid1`!MpnMP0rq$I&9k-G%S>#Q@dy!uSLt-KZ zT-a2M ze+Bm-*tl}TNw763tBZoIY5m=!U~5vT_b}SW^*Yw&Gjv~*+Q0QUq}!xQ@L{yCNj2fa zXkU}6!~KvHG$~J92iRiMGR9!BP3j%*^MhSf8hR|sNhL~(xOS6`=I5VBcX|dOrbBFb)nCk zouPMu$H5Mq@xfkP8GvPhh5!?Eu>q#)q6BO@)C(BD%N%eLmqXxAAe_MQTw;NLni6C0 z70ITT=Yl%n@xEgOhB#k@5WI2(o4CgaN+CZZdVx-jFc*S0qG1SM51XivBff@~e~vgD znmZyks&fzRA>)GqLhc7uKw99G66r%QPh=UvQJ9Yen?>dltQQ%M(<7!rz@wfs0pEIV zWz75>z4i^W8_8lm)@#=~=hK5$*EQ|#EQjrP<`MEd_S?6hKV1K$FXNEaP>z@#ITmOX6bNv&-&h<|iyQzOd=(+w$ zXNe;J{_SO#p@mMBF{)(ARWAEVzj+;AffFsCmI$5>*Cd#x!w4Db?GZ?&S$+H^E%XqC(dY=z|#Ag?nwbQW83wP+e2$ zW-7=Xo$DJzZ`Z=S?i+UNmJIsD0l;@ zcx4p4*;KSN3O-gUS{ntMAXP7pg3YyHW}!pFrY3ZC=!4Xh*ACs4nifcbeoajaq<{sa z?gdi7R#MjjDQHxwYlRdvz|@V<54M_yQ2)WI(-4ht@PIU|P6|3pe;QgT1>GtQEtP^U zNTAkAL3d307X6F3>8A6$N;$=0D_itUGS#LkBiCoYY#$?g(km^}_gJAZHti`GOK zJ*_P<&PKCiM7AEn$ZcJTF+MsS*}%*LS;Nc->BS8WXvi!R*~&~9c`d9R8PFU9nbJH6 zIW?RO+1LCMS=t=ff7tvfLTY?Nd1o)1(o;IfsLMgD%iLU%az;lg(YqniY)xG-p!QUI$Gq%wER>qYx_Vxr2Nbrt7|4 zw-H8(!Z_$QLdg{h=r*okwLGRGNzxdu&Ea%9rJ7ioi=qYbf6@T5&1x`)rom@f7LQ!c zX$G^4lm3*^3Dj+b`P7Th5wpc44OJXGx;`Z>Gi5?)nN$Km5km=_O%E}>voNhK5W;9- zKH(%Z)XIOfUO~vMIjy8Y=QZ}52{)bH)496Ei1{#7hC;>kJk&5z&kTK!6z`X z#}R&Ae@8={2E`2#-L*MHe%J6o5ux^#O9t4Yan2!u5O(SZ+eRAmtOV%J(-$B{$aH{0 zJt>;#qfW%n(Ous#zklZ;%%kSIesTD{^Q}HJH|_KD#_oKyd)!$IkZ2uwtCG&;f19gm zd&{_*_RIa%wBu=?XSVA;T1`71e4bg)^PJCRe{=g%pZ#+C32biP`nmqM^YXG=`+z!p zWq!|}?ys?Ve@#2Vo&I{-x0&s_5BuxEx0&@kkNPYA@NEB(_xpOxSNZ4OQfmBLX}5i7 z-{!W@qucpD`sVlDSh36gc27sU_>b$q{|96(>(a!YiD(V<%ootF1oWMHcy8Pkk)b*@wpeoVNb&FV66>G=KW? z)6;)EIhW75|5N-44t;RxoPF}Auw^=m;q-^!K7akw-<*Em&k1Me)3$A%+nt}FfnWF% zOE|aes2g{pfB)fECpq}T@1DNbHIGb(`IWEFJy&MgHtNbk^bJAfOrV`qb8v`WK)7 z`Sd+qfB#R$;QSfBNWTBc{ZEk}rT!=OL4T*0{`aeVPoJZHAL+MUoU!WfIv!uN9h#`u z_q9VB!QX$<^YwGo^Z7XIpQ_iG^}AQanqJ52Y%|r}c${9FUB6!Y_)gEKKhDj$|NIV3 zsf(th+nVAZrYZG(niB44NaQHGTq z3HiV+vXZzDSm%rW?kg0eEecX@D@b{mg0%N3NWG&V?N~v~eZD7_ni5-8i*Ce+d)eAYrCJuLw%by5?qOmr?-Z-QBi8bNNUTQ&{sLb7d6%2q z@z@^}w{wfQpYMn}JWAZw?_F`<&Y`TG+dleQim2iqf%Fmn920=&iL=@yI4@71yYMQr zbj$311o5kXXEk`;7Qg-8w1514*KwTAx^zbtAz3~Peri90k1A+MsGy(jC}@6|f@;5a z6|~%$6lv#*g5osv>@SDYx$xbLVmCJ~K)!2I>8^>}vb6n^9_Dm<>xb#gw|6`t@tpgt z_duA>Td2`1=v}M~I+uJ21cr0<)t$aPG2FcK3U|Rp{%zCa{J z)IjX=A8NTa`vRoit6d*97`>^2)KnL=a*DM zWN@STsoX%N@0)7^_w#55D!0`1xBW^4?472Z1l)Ry+CXd31sYdsXSylnw${(@>7W-Z zZ#gp9N8d@dfPFG}0)Jd@Di@L*!+qk)iNF}c#uwYcKE;v2>RU|uOA-e+;JS!XjSBZJ z`W1Ar_qzGaVE-(aLccFf4&UhT9J-j2{-}Q}HQH56Lv=g%JUsce&yJ?9U>+~8V_i@V zhf({bwY=>{TuFM{mT_{bKT~YNNvxy|A+&Y6JK9ff870%PmVe`xP=qy{ee^u5AnlH( zuB{Fgqhlp^9YYQ3SQAN2Rjb_;wxLv_lpPCw@C}u>V<`rndC>EY<`%brCeg9FmAcpt zVKwHqnpsC%b}6An64w8zXu36tY11j{4BwvcmnD(J^9ft*SQoor`YzqB`=n^!c9k7X zi3K}H)3Fw|vVV-bbgOL9&bArqXiiP~v6(F0{JQ(M8820^5WI@ZL{rH6HW8PJuwyNU zwg|iHuqW3gs$y!<(H>t!RZM+I+q=g!MT-Kp+FhKSObSV8S8Ts!cS6POSm+UFQE@Vg zXy&1&(2sHpVjX5N{jhF158Dcg)lkJg*$NfyZHr}^p?{K5vI&c3u(kHXx2MJC)dvj6 zFj`V464Tl#I-GHR=$ghr(2dOzqsJR_gRXH*BDztSZ*;jsGU%L#2+@&)w9)Ag#lY|| zGzcTf)HR4XLn$#h4eiB128xbBZ`cHe$6-7eO2N)B><*K}06lEiV)>V+fBjIQLn|n| zgk;{;=zk*)XG$3R=$FKVRH;Zl(mRgl;=1@H%i1L0p~>$u>0`EprG|qq+IDnCI{Km< zeevUmzc_3v-$-QJan8nWFSs@JTyOaP?Bvb+&5}1c%^#3hW)7a}uZ zZ0So3_ujKpfM8D$wSwsyVdQ7lY>iNINp9vD-Uo7BwLv;U7&*DJBre`Z@rRJ&5JrwO zK_)~PCu&R1kzBgxufC5MwO-;_(M z6wO!iim4Qsx>`9!i|ZU$cC;;_G-~Bo>``i!op*Mtcx$^z z(Foh8XoOM1P!`Q<8)p^~Rj_TGfn-$GwsEfFR;6wf<02}5+c@_@8zHDCNoBRBwp}D> zzB#l^`IPv_&Qdcw6vvLOSOmcSX0U(@vwyHMuil~$j&cSnoDYj>IBypGaDqpaL`hgY zMTuG9McK|6jap#g9JR&bzUft2QUp{$%O-}FTF!yWJhBtiddp+bIxOJ8n@cI+5czC@ha!Nl9|{9OVQQ8}kBTa&QKq1(N<1p7PD9`t+OGl5qm5`N%&Rd$ z&>Ut5!F8CYh2e+fU4FZtcahHYnGf|c?W#xF)$@llpQE&^9i7n*bH1<1uKbPlE9}$` za;tsKTW^SS@!pE@uzKX$UEP#Fe1Ctjn=syAe7Up2<55dIM!)y&FZ$bSJgl9^t?|Ix z$k!}2cv;UM?Wa|IYdWpP%X&lfSg=g%P3>iQM4mUl?S?n^|2k_qDScc`(ohqsk%T*H z5+9}}>78nF=ia=wb8pdDd*3Pq)Df#az0TiXtzo@@tZ;45PJURRVEw5-n}2Qvx+6mq z@RJ@!O4WKI$`PRuph;c-nj!~re!@8IBaC7UpEwdkMulz>8l#K+ONv^G^)N3O(Jk&} zWTu2F-6FJSMvZ@|bjwH0bwk%cimXvENs0;Nn;-(}$&o{K6O6NL!YHV7CnFyZDRJ~y zlrwk2dX7PP9ATbP6~g$wj(=dv1qjv5!v`V_)J^6Dr3ggBVvI7GESOS|kP7EKQBWo; zgi&tf1!Gb}7-dn~iPE2tD(74J%PsVICX8>9DYg;R_(MN~7NPRt8y#|jSLY82(mZgq zmrJlac+fMUbgwVLH4;X*1OtpE_mHml4q?=U(p|;?^OJiDLU$wQEPoQBDKbnqq5a(2 zKrn<+D%L=NxhFrGo`a|f?TNgrpcI5r!VkJbkP?HbWSNq&t)vRtNEk5 z+A~@)Ej0wfgy9T(VTe|SF!B3aVV)Bwvs3X)XUfI66K1u zX?J>ANs~&v`lQJxj(;*&#nyHTH z{1_IN@3Sz{8n-bE^9fm)JG{s3j_z@9FGpv%>tFczdeqbr1$3W2ddA^Re0SK#5z{*! zpnu%R4?8~`;D2FL@#v}!#^F*sYU<<4aM<~Q1pmsEp)FN1cj--9?oy9_gmKDTw^5Vs zVVe>n%BHH^LZz5YXpB8~t#YfC>Ia1NgorV^CreR2Y@873*?jjl3Cfk1x>=PyaA~^- z`6_pVvtpTRBvo!3M+KQYRJpw@?IqzSRc=Hl#-cHqDtD|Yk0F#fPxWJg0byL0s(!3R zAWT_Q^?zg8LfAMVI@K_iHxR_6tjgW@mIYJ#R^>i@ae^|@t9m~_3dV%6#<7@-F`cMVjHxv_e4|4vNDx3DHE$lxbUoAJ2J}auRzb#<5hklw#sK0r zR=L1X2~`p>CM9lOxq?j{A<8LWjtSMW&yWUTT7MoIQj1$KJ_GV4RGH7v1j2+M4TT{{ ziPY4rxJ9dV4HYCzYhpuF2~!FOI!!27*@o^DB8+gD2t#aLc|eTa_kZV^qP?`IMT;eA znXQ?o1=)8hku4?35+OpC5oN0oaxIapl|mv^v{0l{*(1rCQbgIJ{65b!(<|@y_YcoJ z_nvdle$GAjKDei|{mdtd-*TJ^4_KWz5TI>f-@n(^kvT3e>}Kqqs6TDlSob*%2a}C= zO}{?0b?o^jv1ZQ5Gutgro{ygW#X)5J=2wr}oymh|OHMgfdYbmFUq2?Xs^_V36>d|k zer70CcJ<>Ws`Xc>b-kESulL~8ggob&gUi!BySdD4P<-&<-oEK3+YZTTwVv#9PKT9l z5Mh9FVvG8Qq1}$(=r*Qo_=$Z!hg{Z0J_`*Ap0d6AaQW>zH_OHNfITy+(#%mWi??i$ zkXkm`FY(=@K*_lBwz~TX@o^qeCJ(~H4nGRt)IW5a-qkC8snE3^`YP&!(@dlGwfkP+ zx)fX%*mt+sSJ!`-W4cDv)_Z$6p$95__t?L>F!z_nf$r6A)(uu#Z1v|4f_i>29N9L^ zJtyYAVNd%i%dFs83D=IVH6DJ#FfG^ZV?(%x$)rA)*5M!cT6{_}?o6X|+_Cmv55#`4 zOWKcbj?paDC>|m3i@hjWcI4Zfx}7|&!V7mso|?O>II-$uuRZsC^INWQeB&K|LS!9Q-M`wO?bsp-lY z`j0ECJfJnPIPUPTxz)Txq_Sdz^?1e!^`rw^1cop zH|opqmbBW`X`4cpp4mfR6yM|StNv)%z7r+FO>u^`57!ykBBAM? zv@F^`XVAsj_OD&{?akO!6+~@Ym)bQnMZ|)v_6z;xN!)E=taYdu#M*BvM-tOZr*S(nks`zNdgSU2DzAU{u zHn4S}(bS0Gj9mvj9fq%1bx`Ndsu>e2Mx{yOnp%?^tO4y z!#|hqN!`pX8dI9?|HU%8A$6eRiM_GCkE{vaH}p=DqSz}Yc>b74+cspzUbkMVW_(;e zd-`iR&r-L@xFh!~y|m{KNd5N4ypPw&NmDm{-P1K}aB=adFXawd?OQ9i5kJ2>=gs{O ztlC>(`BtKsV%%boKD@;?WZ}DrK$UlA3w~?QZl;~ut{{EBReky$BT(5w=v)s6L!iZ1zqSRld7}RaKwZkm> zlgq`@4|!Q1(oTOLW|&h^7((0?A5B`k?ssIqU?qtn?HZ{?SU9C9gX{GXL+*hedm%`;ni z{0}*E`VM?u?^!*!uuoihiN}Dk)sK4z1%jTen&|1&?o)|1na92M>Q-A0y}0m2wENmf zr|Mgh<&FvKHi|~s+u3Hj)vt4^PL$7&5REe9T4%eB-tJUwSx^)!8l@WiCVJ}o>8p-u z51oux_wZ`}@|%Vyx@UbJ*7wPoY`5E4tE(*|YGOt1jr&UXs_hZoeUWeY3UaMb`>yh? zTXykfVbdT#m723}ee%+xr?7sD<^(y8+UMUSNgQlavubly?(mJ_c?Z>J{Bw4|vMwuM zO|;!&F<9BGT4iCxExAxtZlKpcH!^+u<{IXm`3+Zi9o=Xc^sCS? z=Tl)&_NU%K*=fDCSNZ)MRjq$L-|%Cgu~CnUBY(g9W)c*2X+_9}bAypfXXcp0YnWZAQxeUSkgDZG7M%_u)~AX2wjuVc#oPy!fNvtt++m z{b`>bKI6>(XcyPY)cw8Y=FHi9t{AU)%HjSC!@1MKUbnl{-Rjmx&a=0RZj}a=3U9C#wUP}ls?0DQBU)zQI9NaRbxY#(>V+Be zo|g~GpF3|ZOXA-vN;jr(XsY6yf|G;W6ccokOiIGJmFqQBwoULqa=k@=ccXaI)=`5F ztu)l?UlO*W=s-@1tLXE3-6W-6hU-eM1@}x6H9kGF%gU#3aV1YT`Mf+K+}bnIHkDU| zPU5T^<+Q8*o96sN% zJu=%k-Nk31q0^^^K3Q7x7v7vb*`PegJhdWlaN`lb^J7)_jlMbC$&h26zwDJE$MtAo z_E0sizP{0Bt>w$wtc`8n2Q;pDr=KETW|r=^Oc=8D-JU?pch?GcR+Lp%9dWuK9&%G0 zU^pYCNPb3Ik@}&pdjyiq755ZX*e9Lz?KbUloz9(cqsh-PGHm{Q(I!DUTV?GW8~vWA zX81bTE8jS`VDJ1FKg_a)t?JfCqc7M!cKZ5M{95zFmR59`jzzEBF0PoV_$vFb+jFnH znmHINH)Czvql$~u{S5~koU!crsRr{a z=g&tDvCBCoKfOjx@l`MH8i%ajGgq1KD0j&+4J@8_e1cO*Oy>Bibme^8$MRuI zKd1}{Z>${p^4smkO8JDvo;2jXS+wQSzW+ zSt8|opg=9wY|Qy*NmE-?#+UV0PBa}*fA8JGT^=5a_XLK^4)oC8b@kTfuUaQp?^W;T zJH{l6y?WR19dUC{PxWqM1$qova%Hc&%ak%h#zYR3($5|6Amkvnx! zx17{0i{F*xl^6X|)zYUX(k0<=7rU}U3B$Suc^*spk+)#EqDs$|se{7$c02jSij!G$ z@w|M9L3V@E^-2BuF4=o5V*KNecw53aWloh0X- zeakAS;`6{Y9$oX|crTqKE())!G@t*Dx#Tm?@>;*}nzqOko{e*5&Mm9v+gj^psAnhj z49c8le(hd(ZlvCnH>ERH$LQqg*_}6UdP$>O72~PyKRqJ%QKm-W1En==m9WX)vxhbn zM5ZWYuZ+>zNHFs|W*YC&n^NIg_CZ)seR$pGEl(8>+9A`qqeFH}>_(P<#+=y~#)6o~qp@Ikt|< z>;)8*)4Swj^KwDTk>-MDkNs`8 z7Zs*Eq;Z=Ho>ywyYG3x5rs#{;tc`UQn!`5b`{r^B zrkn4c*Q8l+^1NNQvW8h(qv!M=ZFESoDdWcU^rBvl2S05e*sj6bTeX(ADJZSp+pq6O zqtE+x8YMI9TuRN~!bMN5IN$Cv9tlE-RAH7{=MNWAf>_`2H6NlQjtRKK>kZfA(g znlont9*VrDl)Ck6RLJ+bUaIPZ>#TNu$&(syab#rykKzYcWjR%YER;Az^*Is7Y+d5cD@UYho$nm^!n{X%Z^ z?Sc@`!tj2Rr!DC3kv@Il*w!&G&fkbQ*L(GqC)H&Z{YpwRwj3_LqfQ01LCrHi?D?e6Oq-R#m zM+Hsk(|z-aQ$9oaF++pXaRmtP-h2G%5m*@W5k$W~g@UNf`1k*@r8OWt>* zAqVq*n%c4khbss#_Z*U$=U~>GvX6Kt9+5I^#)&IG680}$dGnr2OH-V6{ExkszwP=+ zJ{4vJz7BjNR=n)=E6sCsONK=8a_X-&KQoq&QqM|_t6nut{QOF4-1bHNzWrV&p4_cs z?V6`u<3836_&71@+F^_ANX2*u}a(j%EY1< zCW~f}q<^;G+rDCLlzqD0r8Bh-ez#VH@ET{FwtY6aB^+ZN&naot{tk;XuN=Gd(t;t| z=M2xfn_`+&J7%}F?)z~eACE2@GhlewfC09p!+SjV^y<`giMo4c!Hb)x{eqJ&T!{3T zWPEY)GXIuOWfGHhKVN+BA-PZyIdPIgf_u&vk9&DLrg|Cc85*ft>}aX|m}Asj5HB(E zZaca|^6TTk#;dH}YxW58KX$EaDw1FIYY5?vSdu+prT^37HG_k%zDs;o(Jy^SpGKwD zBc9Y?PJiF|F}62e-5fk9LS6o%u1MqU(e3Y3-3nBuvO{`Kuu~H4`RZupF+mbA*kq() zQ1Gca-Ka~UCy4$AB7fg>>w)(LS^8sK4@Fx&n;*L;dHudoi_S(_1)smX_X@kbmh+yP zX3!Wjuy%-->&FeFj}#^@=*nF=!%-u@bxauh#kiN=BadsVIh0JeESLN)-0Fz^{(sVj zMAzwRNAZVKsmsl@ISRF!mRC9N58+=?8fbiLi##u1N8iFH;~#F)PS^4A#Sd<7bbs@? zec)`RJ{N2i+$-bE*RdE4dn(G^e6Z5`s1|D$H1lflvP@6K^8$_^@ocTd_o zm}kxHK5u&Q==Bri-_IypkvrEee8D4yBjrNXsgpfg3#O@Gp1CTw%keIiqZ9|8NQ(>E z-A8iEVxZXx70;IA$JMH+#z%v2fBHbbY}WOuTe~Q=`?4mB?e3}@wHh~`95B*z{q4lu zF3;xcB-~A&@HTCp>EgwY63xSgPV)`f7CpZul&{!B{r855?}qJhoauE>cE7NiJo~cG zB@>axyYDe4(x0}S`KnZ5)^BIvU2i*$kw-TmF)D3%^W#ru&TBAA9=Zx!y;khld zMx0&my21F#KO2vXh`%xU=j9~l%^aR6EipCotNW;&x!ay{sc~kv`-A2 z^3vwO-9dphE(0YB(YiGu3$3{`m17i2P4@{DuVomEH9fYTJT`5Xm7C*&gFi;9&r3IZ ze(5voJ#ox-oNU zdD3Q+K|k+nl$_YqYkP!W;ZoNNrrj2|n~T=Uy)9fE^!=Mheb*Q2JuAOAC>XO$C|0+g zPlwog_^X@|YV57*=enITIln|MU+enhKKD(935L7N?r6mMZMb!{I6SXV(X+e6!?MP2 zn0+Ao+17nwan2mC>C=0dwQ75tCXdvAy{G$4?JfKEX35SH%c+$X=d?MoPOd}p-2+eXdk?Wr_0XTA;Hm7djsHjP;qhXP4Z{X|ZF@hl zFzTXUf#n({mj5vOg44N{6EB$g@is)~O57(VDfiypo_A)#Kl9fNt8giNC>}AkykbuB zVmtYiy3dDg`{wsOZd7M6XjakzZ;de?Ex&x62X&iU`@ninw@vEqBL2X{*jeAoOJgSt zv5dG-qN6AOhMn+vyGBp7Co9JE)?VnBWfbnl(>&-O?B-tma`vU%aPtDUlilR=cPjgj zv@@3s)<1u;yl8Law$J?nx|{Wk`pkKx(9ieWno%LM#?HO-A(_(HdpY=w+oVQ1aJZtdWv`l zG_#Y37>r5sd2oq(o0671XOqXKDGx5K=la&|HaqQe`%RlKzsr|9^Z5sCBUcr2i&Ub3$F>xZU#7s;Uc!M~b*y1sQh z?0j-D8{4z-o8vWDW(^k{f7`QukN)-X(>Jw8LF@Xj`~L04v$HEUujpZ-VtR>XX|+}` zaER%iuI2YD4^~|{;(BD6*8;EXU!*Dg$FHkvqsxZepYfxix$S7Lb1g9ns$Z@xisLCZ zXI@y%8FnJssbjXs?Ui{d4d_6^+0V{&5R6 z-l&enQf={bh@@&$t?Q!1Ovo%AmI!N(XW`q2w*p#sYg&JcX_e`2MUF*B!t=tpKxp$dM{gf9qH*Np9!O;0YWnSf~Avc$QIq-AC zE6+IZsp~d0&sZ`s;#>O6A=|e)pY=+995L%roWb-bS#Oo)MUF=$*XER`g!enB;}kF{ zUu$11U)y2Kg7AIDe%?)G6KdvJm|2J}$DN#icyd+E1`pf4TO0I#g)VO1+5C1%XhP4Y z8`4dh-&drrS}@7c+idpJ#-sw(jX&2qmwegrJ@QI?-Km3*721OIr*m6^n?p-$j9gUO zPQ=e>uG>_SIi}lt&&JI7G|79LwJFDtL-?5epLLb}7)f(gD(TQmpu>p$3Lx!yxr*dc9&V}5p3w^o-@byC8rX0w4Ur`Vl zm7o>HB2js>e^!c?)vNmDiU%84kL&JzXXn!IRhO@F=YDeP^8DlQ)^FKuD#s+7W)$_| zH|Q;u|J3XeV{Tp0Ev32c*)N+eZ6>qIJuN~CeVXU*wfYeGV^`5HrO)E-PF?yfZmuYu zkdzSFWWYALJYpZW#`ihryjn!5wZq_2{WZOJk-Z6*i%93*sd_@&3pZxvy*9jauBtohP1@chkXj`u=Vn_P;je zo}ISvRa?(#b^aD|4{zVmd+=7dq1isSE@k)GCFy|yk4_LB%c>`|lTC3XqS^LhnPr{mV7Y)->IE#NpZt@uSW1jYPua+Am^gcb`Fig*; z_mW*}hpFXtFI=!^lh>g+;}482+gRrDcv<+uyzVnYa@zMUpI%(sI9u+glJnG4C;KR# zSunNt`}?s2zxupgLzTMS`RI23sI#3QZl3RZ-L}e&A0jWMkG{UE_~JXQ#01^#&8(0o z8{%9)T)1$4&iD5w60uJstN8Sft}0WLr{2pqIqAFW&WDwEZ_RT%^EkK0S5o#Rc=_X- zZJYvi;r_!_%JJ5BTa>sHN>*N-*|TQxnQLW@tl(F-^W)cU>_7F=I7%+$@W#-<&?{`ouehSx`t;pr zg1)lCD?>$32fUgZ@cwPXlD>=LeL^C?@@}4aT)y6zh(ihv_nY$}U~ude$M&LBU;C*& zCb#~`Do<)%d8j;fQj_QOvP<4Qaz;7ZuMG)v*_yj_Mf;XP@t1d8F8}z+O~pRbAfX|c zca`uSTI>k2yeg+NJ2Zazn|uRx$@So)r9r->Kjj|IUb@NeNo1UMAD7G%$Fe0AFPE9I z?z0WYy5Gyn+4gH;V3x}Uv2)&2i+x(n-}8raHV@jd%C{zSYW#-E$!99YnuZoVFV#2x zlKXICK$I}!S%yZT3-|r~De|w%^3GTJUv4{~lAq7EPx8Jse?X6uAIkje?e(9A-*FPoAGSc{$pGV5_y*EhnAy!Ta#iKW<$`GL zUGG)bb_Y}nshrRJN9j75{Bg)Az?UfjM(J}F zJRR@vnH4A5?XTFc*Yr<^B|{?oU$zXkY5v&q_AA-*>h2?tpBv@~HVVGhsT7U9y56_DE&z`+mNl zZV)xMPnp5Qj2WNfSi6VDrwz5ObP4$C+{19@n4mA?$M0PJSn~W^d$zGn;FMJ!vtB-W z-M+@(&~WwPw88ly1sRvC7HOV79k)VkBRN)i`hn<&#k#SJf+uCnSb8uxqcvoz+^}ZN z1z*O><(`eHI;9g9y>Ly^`WX`*-Yq$3`mp4Xzi3#nLF&4gkkZ(D!(-%Cua-Mv8@-yh0PEOhTwY#eNX^u0Qx8#_oL90%N zT_yJeR9|>k_lM9nZchE&y$!GLwROKRI&E&xjn78aJ`Eq&93Y4cZoQq;`_9-8u8ZWh zAC5dallNOv(tMeE%47ww zNJcixflRx{GA8|2v32+6vy{miJGK@%mCaHoT31=7q{)X;BhFV@<|HYbrAiiDWqFc4 z*H~sGcN3*fc5$fgMB_F~g~X);tnW3J8fl1 zM79}G&0%Shgv*o;o5K+k>s*%g-rZQ}u0CZb#kVhqHJI?$Ql@yXPMWT=6bY-IrAJD0 zu!O@kQ0B9n>PD7a!@KplK)d8I%Z9M5*v1SOKSL=k@+B8s49;OWu4b9n|UJ5Ej?j~A@-eAAk?KmOVHt|YA=cMfzQphuOPdtm z0Oo`e%9cE%Axmz66BQs*wio{^Jd!{G)!G8g^u58FM54M;T5Jx_ft220O~*=B1uPzA zkN=ma00br#f}O4Tz@@R3k|!T6*h*?b4vouH$Y=f{Tn^AF-2`P(1<>ZAn=A{$E@X`- zH8-((o+l+^Gp3NGPj=kGJA<28cJ(BPRK5scye@28l5-PlbS=Utmra?H2^#FKMDG^f zWfp+~ts<6~WF@jS8EqKdW|^}@B+r0tLr4*p+d-Sm@KVg)d7F|~7UAm-nWc~zd$z7R zhcE2gzkkQa9}Xn%DwG>|8|JC(Bf~lEG^I_Z6@#3(+mNqD6AbQ;%p7RT&?VE0LEph! zkPA(p@}FfKNVhVKtCv8i^NS(G)j4p2$c@0csRTH07SlT8u+>;R@{xYtOwYVogs1<( z=wq=w^Cggx$BCg0v8Dxxr-R;OdW{pU6wAz=aH=?tRW<8w2YswcOZ?l zDU>bcU{AW2f@I@65K@>L+k9^sOM`L{l1~p=I;2k-2(h{YlK&OOwlaux^Boz*GFbNda$s1J!@_?6xe5Fhm4ouDcL7ZgDE*NUaeYPU zN{7#vV%Wz7B6RpyQ)0p}zNP}$1Ql44!J9UkZN%uj@->M4Rss17%HT<2;=2rD`by7E z0Wl0V5LiV&pSufAjY{y;Av|R@skFolIi_O9e<^_jnQ|AFz^t_E4JBP^!CR~peGe=7 za^OhOF0A0ZW5Sz7Ia>0jOPa zA5h&NKsZqqcst=NTS0~UFZWo0W}nRw@`%Et4s@D}W!%?q1IjTE0c>`UJA1fg`HHPFGnk^+|_<(zQt!wdZ%0n?yelntr6&obWo7~(>})*+mi z;JV=vE1Xz9V0l2uYaW0UL`DtZUa}kN)2{^NiwCUH4A8ntSjzN=EH_HTBWE9CE&_2k zip!N6rHDfU9BP1k%VvB67J3B1y?)Ym>Md@ZjE~MZYs~0))8B)9YhBb=CC;h7dvpNic7Akr|Zd3#2*Gs_kd=4%cn9 z5O3gHj4Hmug6rvb^Iox%$-Y`VnZ0INQd}_^{hDP(T5Ay>pc*qo`_xvJb~mZ;O}RWK zYnyWU#4V7vZ;_BRy=Dy~h7VcYAas-fY0&($ckq@OZ=g9wBjIo0g7qG3Rp|il7cv4p zz!DJGHdqVe4tn)~+4!1er}W2-$ctK-w|+h3da4%KXwy~X3Z%9Vt6TvS4x!pHBlGg|vj)<}uPMBy#VMn|R{0TbS(R*L{NwVq`{Y8xS_hhN8@L2s3lQuPgM|<+50Z@#ws5MGw z>X7kYStE(^C*a@R2z?5KM-pu=n_k-p_W3)4=N-GGdr7;DL zj&w%w51Aj*314dDD#Y#=IPLn4W&0m6+SKV9)T9-Hq1{c1>maQUxeg?z3#F^db?6j{ z2!Cqhho8>D#t7c|dATL=3;3DN;tU|dm~awjS6 z5Sm{B+ZH^2GGoj}g{TZcd;~%@veu5RNrwLhx0OFpEO1GJBZlxoow#=(SM7{kOe)MN zeX$ZL$p9nwSk!V-Dvzg06g8Q|?S$fo zb-}!ZOn6>9MfD;hx_}Z3c@Qz7E9P~htBkIc9eJwK@#;5CE0bqUy8?8i9OXr3>;jXm z^v~;Z6lX7+QXxxsqXxq(4Kk?<#aLSpawr|LzpsFIEy{EuPp<%UC_R@#2h6}rR28U* zUJPLyk;Q#69;Zl|lPY=8$IP4{qV&jFMXaQx0J7kYhGZun^PaX-nq-R-1}=8N06iJX zrJYmy_LTyK%BTj@&j~Pnf-*H2<8T-onsFvUp=x9!A&{PIYM8buk0aG6k0Xr`JXBUc zKC?~8aN4nVvZ>MJjtXe6WmCwP0-`BL^(D5dAYh*oWeXl)e3sJU<&-K|9->Hz@wS^0 zSj7tz!io?ntsFHT_fM@0yMet~liw_AB*|3+so#_!VN^0&WWPG_>`|s{Rd|1DXC6~N zNXJZ+WcvOu%7oECsi*;^&r_hxy8o~J@}z}{DXCDR3{X{c`2oSuk;Fji3#MFIeasb0 z%Vi!shu*OE>IPOaR4GTYpavUO#%WP3nG;<#nZ>B`{;np~5=$(7k8UuKhne}j{UTIZ?`i(w;cDk~g#{6FO`58FXwEy|ce zq0wEJa+bOf!|P9ds4Z+F8=*iOhJEB2TaTz2fSA!bG%>JLb)K|dVnQBIfRgJ4vg0!Y zFtbUQnnJdBr-qWAde9w1r)-+kP;PVw-|GxI{667bhlryLv8-8ND3uNfs-2P?!Y%gB zIwal@pvUxKz0Ce8)CfOK46uJiejaB4=ru<0ll$EfXRx`J86i^$dK!cLm8LR9{0BE( zbrO1pv}&@U!#md%Iy5qY{n&S>>{L1vLt^rf);T7$c8m~AusJc5+WXIRlp4xCFu*sY z?EbR~<0Tl>ApXWsHOq%GA{r(zRVyDD5%Vk2jzsK1$%iJ&ruoRIocdF7Z@{vjcFY*Fa9n3)Of;9t|lZ*6sk5rU>jxu zenNYI0Mvm)iM}aiM+xo8NN9=@3CK=!>_2m9Ni#l`+!Ol9w1pPwcgmgO0^x3j5U=$F z8Tn?g54!r3=8dFYa4r{f$_~n1Xik}f__r2#MQ<*oGq%M->Y2R(nr;KDq)~ScIU;GP zp4A&v-09hoYnYtWR)_M0d0G$v9GClG%0vrjUf78=X=TU^vZM_uiYJn0AO>{3B@EXc zh*dg6F-<8pS0pA^d&4>1C&60QcY`-F6$}7TA@%y7m82zy1BYbwftnnosi$f?(tDs4 z_+#q2|MDj*>zE10ERnIK6`eGj3i?4*R(&YjzgR-6k>0&5=m&m3-)6yK&|>;G1FLq0 zMGUisV*6PBheAxF6Y)@M0Is%zP8_6yU^2I=4J-gT^l$ND2J*2w*Fn&!L`3ApW=8b4 zS;<18tdQr4q$MU#T1}hsMA8bFhuvkb7IqIZrUiS)p)Xjy2^?S)NwEb@^+uGbtf>3T z4TRF&Ax|i!U&Ri>9H|atakis$HDrD!+d^Uzv$(zXZXQYi=XJgp&OhfdjF%oN7t4hM~12a<3FC7HSwrJ~>Q8fC?|@~ zG_z0!iTNao2Pf2Uq0}f23MCz?4>=&9B8j8019m5eQbwup=_+$|t zT}nD1SpHP${e&Pl-I_A*NKs-Y;z%=w*q$urQYIvtp7fHB+QP{dKX(_wz`BS)f4Dtj z0Zp13=MS5Fj*$4;!#)*606WN)=B%!2oIjZP9HuX0MRLX>2$?tl)gS>hRrC_BvY-Ch z)1KmVI!)k9TU!{?AR!_!jz!g_?&Tv!X)$<&^qrat=TB>ZFRf>ni2-y_2=va5h+n!Q zBrJ}I45QJEcf?qd0}|HgHpC;QB#jymtFUqce$C-B_EbA#l~uFMjE&;Is#&8_gdurn zfZ8~~kN$>&AL)`V&ajvxl`LC&U%>>`5@!&lApW1}Op#LK4Eh|M{?xIjT)^#XF-p(Q z$feb6mJ259I5U&!O`(*XEpBX`y+g3-X*ck7r9bAxxc?VEW*=x{#+ELESQgXLr6URh zxXGQZ#pXd|(N2`p-|G&<84ELX%>@AuMI{P*2B!ZT*{YI(aD`>g|6z|QKXoaN1Ig~s z05YPO;!0Tn3CoJIQR8>!59K;tb}n=U@y7>%L0CIo)r&o0FCzxwZNL6-;Lad?QV|56 zMh*feM^S3Zi(Nq!|BnRT4@PKY5Bv`km_YX&cw8PS zcSSg<8-iJr2O-Yzg=EVh#2EqkG7!Fab||H&`4@4Fk&;hCQTRL`itKxN5R&GOVIYe) z_&=-QAPuz_RtYDWtRld&R{gp@`jsVO%r=s)9cS312`LBsQdGBzDg|$H-g`vinomZ65{fqG6OH zMNg*B5P8`5oE#>Tt*YQpzQ+W{(Y!}P(cE9M;PapL5Qh5^h+zs-oy&T{yv`z!B@;eL zc!qsq$QYQ|!qFh!bS&7wnWYgK=mP;f8w0|Qk3iwYrw=Q2NfSLY-%{Ff>#8EH1(|5d zCus(tH+L*FEgVISA?Jb-9v6=Tg=wQG57b5Sv=nIRsC5RjmsR&5cN94|9$e8i`v0dk zdzk?+%}pKhlb-8l1NTFg)G?5z0w`5lQu3u5FonDr-&!;Qj4_9zV9|gWet~Ao$AChd z3}}&e^ym^6eI5V-blO$$W#^@sph51gp=>C;L2YeG&bndch%pG`fA%1Jf+`vT1DWv9 zcreQ}qxiCd7=Sb-7)5(<0ySH@*Z%2_mA_4(&`fuyHR?`l6uC{EFD(kBvK2ByV$KfS zh{8mGYzvYZ67kJM4})PPXd>;PZj>V(3<{vF6ZA~9JO5vl9nGxgEH^d}Vp1MQ*~mIJF%MMxj%qc5oa!I&5s1KclNUiJv!go#r;R`&l%8`-iO78MNF@cigU0<=@nHw<8_dR&>u9Y`xI2( zOaP^c$(;srGbST|{ykqBK(QY+ohsYW?xm;Wd_s$ynGQ5Ny%630hG8mFX0YqDj%3Pc zi`iptodGDEk^UEo@$qdlfczy5h4jIAq$+u`0eb=lzN#LFGn>5uA2s!V;2E38pa!`% z9m#=dQOYokp9$vXPD6_9Oej&7e5{fnub=3@)At?cofSZj~``DHaH$%#uv2UOWpJzWpx- zMlz1G&`RSor=$1_1)_}D(>-yKfQObty*E<%U;Js%*EO{LK<{W@xG`;qW*uSfsUK_^ zP0YVUA|P%95F0;YuNS7du1`j3@g*~Zch){FTFF}UT?7oFDko@iD_FM#3BolAFaa3CnN zFg0>@2P(uafuKP%0J)YPqifc#fv~jb06I$2T~d6_^l!@_QW98Qv7@F@2oX zK@j||afn*zjcRMka)BvdDlvMR8_se`Z4fBe3B<;QX*Ud9j8L&W5RA~5l~knXzKnPU zgsyNYxT-zm_ce7fmN|Fz3<4YbgYA zfR5F4f`j_$GMT6cqr=5xT1ynV+f2w}Y5<#tj*wN-8xF;oNp>(bkMvt2TSHZPL@Om# zRt)Pd!y+~d|19!J6&#n+Z*MM@!NK=)-I0r}tbn&>JCu%d94&HtIi&YBh!Rr*#E3Bf zD_#z;7vFHG#BhFkF`RH+2zZTH_6HT?qzo43#@M$Iz-(MX8;Z0NCd``vdU2X>lCTu# zHD^~~R_Jmh9+flfZZr`%MW@dnELUQna=8pWVTZs6`>w>OAVi9wE7IQ#JX7eWtPep( zJ*bG?)zno0>#_oAb=oRSp0u@tKEwo9#H;dkD9fI-Q(AOWM6?r;m(g{nf)oX!F0E@^ zuj#jv?nKe04#O6%keL&*QihRMQtnE;(O8XzP}9+l%(P3H$f+jJUx`OtSLRJ@BL8l^FAnODQq@}K@ zKz6VwkaZgc_R?e>w-&S(t%4^pClxyDK*iutG=e(?VCHI^4q?WQg<@*eI?!djnyD7X zt)|Ia2P|t>V~Du~aa#f`-=yP~YcO6c!FadPfTAyRnfyhl?4(m*FYO0`FloUqM#pSD zSo6UxLi)t#5E>b+>!I|?YnX7%+@4bl!%E3(u`n)>X_GqoXU}!0A^$Yap#%DI95WQY z4l~bfz^)NZAKV6H3xphEC!x$$#htoUQ1}fT;6+KOek5umh^~}?RSr>FkN6S45teEa z20g9bh2944WNDMoa4hS&1&q?f{T~GHC zI}`lkD}b1>dmGSnLwQTLZy7MuU>0O;*nc6+ZUKTrOG?C?jluH5dLmtEY=RHtGKdyY z-i)QZfKGPTPZ}H0TuX?6KdWxWyshD=*)+bO?qHU}r73OlmImW*L_O4*LJ_SaoW5?s z;Ac9j()MTfms+J2uc<&*?FyvLQv8;7vjsvix%iFUlMs8Pp64{8Dmrw~*PC?te|j&nJ?#5ctTgpp;ufA17l?T><~kZb2YBT|qs`?B$cTGR-*D6SOC~rb$JQ?ff?A zv@VYXx|2UzifuMxP2kzbGtwj zZk}inaTGL7w^-E$(nKp2GeSpRGz8`p1wZhQfWQ#&x)^sltrs{*yOIJ2>2?d0(WRXR zpVRrMT_9qv>#6<4HSRth1MZ(uw5GO64YLQq4Hj(@5{>mnL_x0fU0jtv{YqSdVSwlf zENQ=zEx>X76MC*K9dkoBR*cymKvOC6Fs9gk|{VlB<4I zilp5aj8bAQ=^qJkR_{Qt&De@38uQ<5;JhBHAi|wM9UhGoTynD`{^P!iHrcWpLVgtu zSUNxx{4g`3mL$EXEL_+FvS-9~M3$WcC3sGVr$;J=7MelYyNTRtk694Hc2*ffomz}y| zi%r+QJz{_+ke0;%BiRaXT5h;^VXzEx`}dxoxj^a;rUKdZQ0R%d8zKNcY{qK5ai%RN4D4 z_6}22C0pt{h-FSw-W>q3U>(FVm7We^-b@BzQgpla0NsdvKo?H_MaLAn1LN=#$113^ z=t=>Vs-E;og+4ZUu%Agz6>*5|F0nW*27c}qOnyj{mJ-{6zZSa`HGb!|7>+FSQBPz3 zl3l2{rtf0-7n8|*sbTaPFYTTbUrh7~j6td)F3F1rY8O>DVmd)H%6T^pgtBAQKFXUe zKa%%ha_#}xx%*1gh;oNv5uPe+`i4AxO_@<9%@73ab`Vy`9B7!tLpbyHBdOXGrY6J- z4U%$*xmZtwF$7k{V*gT|fT>!Cr4piWa^iw#@;m{&emj8Fn!T4HNKCdK#GwSn3$Y3| zrH}W6F6d33Xo5IpQ+uBDYym-?IeU3XlQ84}C_;VEl?2gGoFl->q7U!e;}Byx$6-nI zCkVvn9G-BaRhwvB!4$eUq?<_n4^b|NK5Gu40tDW=gR&*n?D>Cc84NJK@*@!oCJY4e zxOJ}pu!J}~Z=%^-cogLqqT_h5J6ipLmM(t4;3*P)bin5m}!P-&*9dQi% z7fetlxyN9(?WsWV<`__**Q8CZB+*OJ)g?m+Gw;B0%*#x|JoFfCN#k*B{?;cWT8K|{ zpjvi<(xZez5`6+|;nsu&(K^{N#+rk$&^HR`>-n9-l{%{(LD)_ z3MgUAez9obEj19PHu|5N9qFB&Y7yaemNcs4ffo%`m zXHQdR{~1M1w-^Shk^%vnro%QIGr{+i6dVQsU|R}Uz#DavnF4FWJp~;K*NiPw|4R>D zDS{pm2{ruvFtoEFm*~lT$G7loY(3a|X-x zWiB|-zQtT{P`>~=*k`eW(zt+kerKss^cL&vS;}7d&sNr+Fg579G{g>_bHMWY9R$vJ z=-f*{fBqa0thodPnrR4KXh~_4$(QjnIt>HNQzJcKas`v;o=0aBj=DqV${nI(z96ZgIh=X{G54=gu~g_O7a(*dEuOiGdEYNk z9^~v*XwmB;u%eBmLl-Q!E+VGlZ_5nOz@$9oY}gy_R4k#Reb5!SRb2*lZYtU6ouP?M ze_7yi38>K?Lg9?bWa}lMuEjX1y9Crs4`}L549vcafob$p!DUz@o&D7Le;u3P{x6LX zoT!k{E0n(4e@1aHmC0T5r0@#0jK0X`oJrZMbW#XYr0bD}3&3zB6KBp_>yZ94~w!P59SKup?ny| zmu!SH=E?IaHI2N_0gkIz8TYQe3YS8uq;w4sNtG}MERH+OHZXVQ$z?bCNAn6{F(x_G z1o~+N*}N3{0owv#{+f%hQsIO)9TOf0+<=2G&Y_0WE>8z>P$MD@IiP<1d$h^p3$d~w z7q}IR06i%W0%!8u_nY`xk@wf-CZI^G0lpu!3cPaR3V(2*howW#-2zoxt}|z&ET0Y< z=p=|16_@nNN0lOEj!~K4lWs7ll4xhjsHHO@nRy#4t6WE@_sPeRJFY|1$EM6%mjZ0; zaAojc_9{mM;1o@HZ6^Sx5yZSr$?rs@3K`!DaTZpf61s95EF3C;6)i4;!Y+?tYtWrI z0{h zW#*WDQZXc=a7#MDfu1nA7!&kvV>i=OhNp^5V0|zamW(D|r@9SWOq{2(g}}S-Hp&49 zqEdtyYf^$3D<;WB(n_JWh^Z9j-v^lty0k<{{YV*<${esO-N6#r_el|rc!2el=~uUI z)BaORd)yre!oL_16f5m5#sua~{tY~JXji4<;{~Ct0uf3t72?Y`>Ap+Imo^TCvZ5PF zm1+IYrG=q!lj_^=kB13mC#XWM43;ZxVF+b+GKF+^Pmip+4!XkVGtfIF=qLi48IRFJ1T)@-$OjrR5SJar@JuSwnRD_ zJptaBakRaHzV44OXZ{n+Uhx3*6+B{0*7_k`GH}SehyQ6D37JnJ=;DZ}>ULIR;Uka1 zv}qMk1T+8{O*ghzG4wO@cH|@2Z)hdx{7Fx$eI%t*|1l=ujXD|e7!!VtKu!PP8GhzJ zM(;;@a?7N61Qoi)#Eh9&g2+87VB;M4B8Muaxb9TKCLo~^Wil&L?sQ&E9^a?>7?=uW z6@pOKuMx`nH6-ReOgQ8kOG91o*KSNGz4|FNhrQ4;eFv%J39PQ)8CV_7JCdR=swxuf zjnHQF5)^qnMgK{9G9e`%{U@_(#6**q5LFxKlv-e?qZ@SCrNJI|MgyOK0hs|NJ;CIt z=RnHblA}F_T&;o?y3##yM)X!bki?xgn4Fw_f2c{uJ_kh#FQHwZ zci?dUbBaULQT!ZqFmHZ52kuw&1gAPoSXP5H)tL@yzs0c*G~Ta44*%>&Tf03O`~ubv zOkpqRmH!IkB&`%Fy!r)VjT!xo^Mv=1K);t#2~2;A1|e-M6Z~k zDX%b8^BNR&e=QyGdd&=kzQ#b-8<_L-W{}Ey^IuY9e!~!_HDk3|Z@|^wx0pJi5mT!$ zl_pm0E!f5zHRAFX6LjZ6{8k?@|MFWYb#?TFejhMFzZOj~@)19G*U~4lfAoXT z5c4Xed!AEIJFHstr)@~`-ctc&l88bsL}gk9RmkjSW)%V#SXQBcBZ1AfC2jA3;MRQ5 zQeF>Y-{A>;VG(huL%#r%R@G7F6n-D7gK^D8M~5%V%Rb> z8eR_uY4K~I)7i;rFp2(BnZ|4Pp2jOC4?kmle4H%HpiYelGC0X-2F-Y@ruz314BLRd z&;V-mK0t%G@Y)DP;TGMFMkq=|(i)+t&(b0557MFeADE%24;U)_$Ut@dNICz79A{0S z9|+#oVr_c6t|H?6>1h#e1EptZDw1V8k?e>~#Fe(Az!{S%$tNbl`R1WjBa?ajJE+yQ z3Fe#Io6UTesw;h>&xP0mY+tT5(NzGC{A@xX!EcjKP(L%dx{cDNZRfxz>5NC8=ot>A z_1_tn+bJQ*q*b!vGh$<>Pb@^ze#Vs_knQB}pkXmBWmG>#G;US$D-S;z=zKS?2}NPC%GI>y%68euNrnq1lQ$9TbXq(%L{I z{g}d3B>Q+$B&$EL<77G@w_6!1=qyfpG{HnwzkyWB6*x=3pdHDOVNS7y>VJI&3UF80 zFn!Hw@mB~2ABJCQkeTq4C!%JKRb&6%_gMUehC-$BtwZ2K`jb>cXGsm3;q!tl1o7~*Q82#Qc)?8<=JqP*mJ!;|FV>v1T1} z%+cnUWA$Y)TjdgMx9$}9S6ZNFayXZ;x5R~_1)l8`EflXri<{j8b8UGOBuMYBi7piK zOjC4-oA(hux@U#rW=0YE9@=R{0fp!Z+vX^m=;kkBgQHFLjwAH9qMIM<6x=B>bI{nA zjlF2%?{U(^j?E1I!Cs*8;ARG~VE{Vkyg@AWmgb17M|JJI;`A78??Du8>l`g|kBH0R zoW8Vmcju(7H#^hTxqT_nvkPslZ;1xtqdvDwGLQ$mL|9G*ckaI-H=*^(mE>whf)0N@ zqvE5{D&EynNnI@$_lO7@7MIuco#`_@{p`Zp=DuKUKY&t@zGJw>U3d0xU-EpyJ1tvF z-VP}xihpaVRB^ZWjK(eUf0sS|mi@VIIZ>Tj%ZV^-^$Z-olN=U!p3v&IE%fi`no)YIH?)-mAMTOV!QjMeBMfp@Y-A9r{b|cF=6eJ=`l=EY{Po-oAOaU+-va?|k-V z0wUsB94Wr-JA1PjmknfwPj<~NOZSRDo@3Oijh47T{9GTu@j7wTB`yNpm-AkNed;)R z$=y|jeKIPF*IvO!xo~jQyNNp@>iavmZ#1@v*v032GZFE~FzBi~u}`#f6UX|u_hFj+ zeSJUQi`%j@@j2Swjjhp+ZrvIhoIgD3y|zENS9Um|f3&^ZXE^Ke=|Es$v~RykEs65v zo49&v#PV=H=U!zb?mJRSYd-M|yo~@$g0&TV9$Pjk=@t(MMK=* zhf(Oz{%o9{Q)p3Z&)d__S=6qZS}8wjT*Q6IwTyN0Ft))z`bP)2DZ?0I+dwA49f=;| zOuT7_Xi)D$R=egUX?7XGSTCm`GczYL;H!VZ{Mts*P;oHTB!P=tJUH53d?x=G2Cg-w3%zz|37?F^ zd^u+%x*d;^Z`dn@t zN(BXcAoJyLs9zI9NcJ8l<{OMQNvt%C4Lay#4=l92PjX!9hqVm50tFw%85vwIdaS3 zlS$CWU2+}afgK{z#?&c!>?q;`Hts;vKi{5Cq)Rx6@~fon#GiKib`12e;ZlOmduBU# z8j@AwIPKEWzH_(X_GBAzNGR?RX5G`>H6^O{E@ky}a6T`Z8dY&64QXX3;`V)W1WhQH zs%CD+qC2UFmwqq1cxw3n3Bttrq`MBf9Aoc`{dWqu;1nyxo*)ed5UTz3Z zk-nvJ1L+skMu@6d)PEd9=QyD*A64(X9_3d}w8yA~?{1>ZFztK!XsL#cArze+CHENW zRdtWVRzDA(?wumI=pmTY6J#1z*Q8(vzoj~6KB+NWi3g**vfH^8y6HDI8Y1qF&s*t6 zNXzXuMj%Dkc?Td$IGxsm@0HVN`J-3JucNK>d==Yz>nt!f^;L9)C42Jg!}r)W`nLP~ z(D2qnfa&?!hQs;w%iEgzM(nL8pnkVVHTMCgqhB-iaI$SAuRlYHCmMY(qXN;MjMVDgKArU7oBJk4)E zKH3STUaui2;EC~mm${F}v-8$WqoUsLRjQ(gy}3vrtoNhI>FCiGGm?V7^-St!JeJC&1mhb!k($E=c zP}2`eGk3)4$)FLPcGO(NpQb73lzvYna;ZS6 z`!z8gm`qQn0q5uLLFG=<5VhRnlsg6j;J4l~&^~@SEgIXWmi4F;PNe2_x-L7mMPqu` zvQD6?Tf?0#njzp!cVAC;o}9<&2vjdG*FfD9W12`S*Tx=)cqQmeq4RPn{?5t4^bf02 z@-Bsezn)o&R^MY(=6GoTQZmy%?rUR7(5LgXRx+ zVeDPZD1(z&;Pz32^rcV7LlVXI)WP6pNc@L?^p{Kio86?QFKt z$e%#omWm~Fk>MzwcIRS8YmQZjrE-LD)kd=3ft1!!5Ccq!H&aRi^_9&wv zA3oP(tykT(Rb_QS&LB8LtrqQ~?1A35kZ_^1kcNVcoQOQ`RT*(riaqP*yc z+h#N3!{$=wxoSi-ex@7OSJK-pnhP>#?Ho;Ws}6@*=%YHUg~ZfBy?Kpduja1VIc!Kns5pLc)26f3s?=(gFZaf>YjZ1U zzOiRfZaJAEwsQs*h#&Ktg&VVevrPVTx^1r9hp{~WI~L*ay_o&MyEe|AcvU4eUiNW^ z&O~{radUReUQ|LO9OP z9k_eaeJYQ7IqhdZ)uVH9mmlCEcZy|)Ds68T>eqD?Pw6s>ewN&-Nj8)uHoxWrd z+rA_Z%duZFpEX~Cjn2mq;WvLKzv7ZtoS5E}5}W+;>GV2fj$o1FR>k7ylTvna$^Ibq z-YF=KI>TY_fnL=YmfZsE+yzvNKw7qWBXJ3hqKvG z^)OFLsdb_63WqYB3nd}qtmU#pL@zn=Kz7J=2Qct&&55$X#x<9Fg5~_~0W_+5vQ}I$ zFY1vPBRXDgp;AOrq0L+5+wPSdC8}CW?}}RY6&g8lugKdXTD9e1rGWGIh<3@2m(VV` z^T{Em+i7pu9yYb2Y~XL0;XVh^&L?|D(|Tq*5!HCG+xH-5g9}2=qU(sc=@rg=w7);h zW;UvT^_&A^9e*%QJ-1ibl;pun-hEC}l6=q89_LyuZrmYMx^3^Ul4Rmb-n}xPN~)G? zpIi-XVJa1O#yqxb!q32Z6qo{oM?aE5Ldv8i%`yR;xAGeGum3^XV4XeWq2w`&il6-jyZ9ukl z^i5d8BDJ~s`yvps!}s~}%G_u=e*xp?@08JrdiTy!_P|XsXzsm?c@*{w=kX~g_Q|{F z_h-epASy@XiZhOwTHNr%s3u3`y=#r#Dmm%f+YbQMsYc#Y4xU=v-=*4z3xa7T*NBss zw|#|LPwWo$tD4LiR7(@4|N-K>Eqq+O;K0+4l zASUFUy*i=uj%5M9xtMC54-Bixbqp@*QLS>YR;%OTVUDMwGGWp$Gk^x<`+LChZtiTa zzU^2`ENs8+5>HsopKsLs`9=*R_n%)zGp^Y)9(_%F-0zz2#GZ4l+mGSBwi|>ano3sH zXA7$=_;4STijsThaPY?^;Nc1W{(2mq!NFp1xPz5hs|r5o7$)?mg_K+=iDnfG9Dp$$ z%-7Y2G;VnGZgHN;tA5Lvjj$Oy>Yyh#?n74g(W7Z{<-&kNsWPswCLWeLNwl{QP5|ef zk7isKAC>Z@%tRrJju)378g!?6xxV^zim-Eh&cd6JQTOc& z9dWFs-2g4b?IWQQ^&<1j>7tu zOIZz?sH9b(I&)P6&MmQh6m!QM3GwPJ;58?KjIW)-a;-U*U&9weiVXu*js41FnRn?B zp#x;#jIT&{cm5JA5xfI`TrAK)e!LyD_yZW?i;u|3T`+p&z-<(LNXD&k)*WLIWpy*c8cRL7O3X(_F zG9d!BN)oeE^FHrd#eKB~AHp%QPLW}zt)Ysmj|Zt&J;PxveSCVENQ85uvO8-9QyO~= zQWUVN0cWmYE>9kl>NuYsBgS{$J-^(ev|;CCHLQpR_ioFa`O?l+d#WV?qZ;qj`7!ex zdeH#m4Oj9@v*6u*CT0hPHH2~Ua;!2O%W~a9UbxEfP^CKRKKUBP$SVd;#Zlup0>oB;vQJVukRkmKAy5X>LEExW#sO` zRkVKgazERVwM;qH_#6fw>v7RLV;z~FngZB&gC8m7afvsCZ3h$XVcN_lcJrY9A>MM7NEZF=cj<)Yo8Jim7rJC!S$3ElhWpT z)#^42IR#a3*AkDMNr##e8mQ2bCJ8_1Tq-x8g34WMsOUY{`ub}t>6GO9zEinO7L~C8 zMxDu47oLvY-*I=A@e(a_f$A0quZpIN_#f}|9@!}A>m4pOo4%A|>+9L4dc!c8pq^VU zIfr`htu*z#_|n%qoEEi7mR6G2W7i9AR(=hu;y#l< z_Wl(;9VdNmt0!46&{`#S#P@`nt3;*#8=aZPXX`IHJ9W=rNI!$m@?F2Pnhm%4Li%{< zEZ?>J@GSf)AGK3##Myp^;-#9)A5o<(?|N(xk~_S_?f%Ho`!-vv{)n;aj|i(?mR0@9 zXVss0R(;4=)nBTv`lHBd%9j0chL?}6h$lUf@~phI=B>ubp5?UGk_0O}lL!-5BBc`V z$YxQ=%gJ?wihKI(=vX~2?ptZNGABh&X`1S8I49bH$yVLZ&H=INtL}U*r&xWz4q9%x z0JO-ms)ODWdN0j&oDh?q9dEsaqN~qUL=#T&9YhS|^YZ!8p6*|lVc3%HuEkv}h32H~ zxrfe;dcbM$M6ZUoUUCUkl7G>6mKp$UmqSILNd`RqMFu=i!sIp>l=Oe(rO}RS|A^hJ z%RcmSxS8Ia(mzQtH`sk5-l5Aoirgg^p!97)?k?#s?k@RX8jP(lyfWnAUk$k&dp`W( z;d7(zvQ^a7`1@*_-0M6~MXgE1if&*glx|!fH!D-rlhF#UHOd^`nk(9)rSd%U>!5Pbi}=51NY{GHQ<{-;(BT*1 zwB=M~%Z04-Uvue9UU@5>=i}c2DQ$mFaimGd4*m|!XhbcG+qY-^^qDED@u3C2X!ldh zX8obWI}%>|&r50I+zTn8`S|nht_wLpz+*JyA_l^>dyi5*^=p$wct=8gcfB|o*TmuO zF&9URBp!Lw#Zg(N@sEp{1{V!Se1qCMyqgXl&rXZmASb%{OQHjX3cq_+k#9;<9E5+9rcUf=N}V=sg5y7bQ<^Hd&o50`i3X62cO(Vl^3*jHIr=hBi*Cef zNb|bOplLY6KUdS_-7iq;6Df7urI5zR)v*5GU&?O7G%q{fq=t~_hPfRg)|6pe`00aT#=Q@c~Tt^II{F;L4JrM_DRE=#^a7mRIh{%cDcxQMW)M7|exl zMZ3xvx%(?>dIiwhZ!t*q;jFurhFh;d5NHWi$`$tYD~S6bOBi9t-<7@(YUoOpUwyIc zO3G<+u-dg!PTbO+_znR+SxAW)g-{T$k7{*-TTchQhZi6i3h5Mb9d+HU& z|Iqa?C(3oYGA-xzVtD};xvr%WZP3e-Auuw)>06^40GmB$=xQC#Gl^JQAA+w54Ru&W$l6LA&=@8J>Fo#uiXNc zIh|s@5})?lTPgWEFt_|W5YRsBX?EjnG|~LsC?^G~-=%;;j{7eCO3ZOo!Ge74yV0)l ze#o^E2TFr?+(7&4n0e?26c~47QefeY6nOXt6j*&D1wO?G<0jrofzIoa z0@ZaCm~-Ho^vQaJW>mT=KJp)G8n-!zTu%U4CR zDkrC&$T@fI4RpNMO?3Ru@9_=lGR1@syDoP#grD8SBB3Jw-%TuR*Sjft{5skGx8W7Z zcvvW*fed}`pw9bJB4zGFZW81a-RCze@|MbBwDzI?oC+tr=iCzQLbm>*dk~V5Bi|7> z3kSL_>e@qfff7{KO_FuhO+ON7VZ)FC3--L_kw^8($<|aAsUaH*v z{pdjVU-vS6b=}hVB-i5}{ygEfWSd-boAjM`58akFqqdwjgDp2un)VsZOZU;>u|J@} z@_n@MiyuVu-P7y&HTL$Tt^ID7w#x3b+oi3ysmHZZE-U;9E~}|RKK>ysNDzYC_YSP2 zPku<{uirs4?Hl;@)*VSR-R`6rj%26YnGT5{Q5^^oaSuWx&)!ezf8WVK^w*NRXrU%; z{p7Bsh4=507K*O>-DwM0WxfT80F5emv+leb3C*+DJrvp?pLjXro}~J^d!%~RJtc1x z6WCfr0|}BfC&wKRFppL18Ni(nQ17Mn4B)vR^Q%F;A9^p%aAJDFy=gOlScquVW;C2r ze`&Uj*MCBTlQz)cZ+}8FS8SlcJs#rMhZ~{^y|dH{xhVCn-pJcI_fbw;A$T(#pnTov z*vDz_z5AlCB)?Am11x*pA8^5GVZA6?CC+l?{Vaui#0Ed*5AKh)>jyAnNB-4bO z@*~Jb!#TT4!+OD1s!7u8Pk#haD)``s_yri$NNx}9>H@J{-g<@vvvwjkqC z`q%z2(MUG`5G$aHEqwO_aHfTSKu|-31V_s!P}V+4v!#tu4wkljBmF4gb?H%dcke{f zB%6=6HTt)TqO#WmAS>P7-+X}L*FQ!}XFbRalIx{HA8Ni_@H1Zg^+68PG70)%6`Hk0 zUlx8seZ@Ri$$p2;E62$M9}$=G6Tc?n;(CZ;3LX0}6Is4d%T(M?AC9JHH9u@yj@dPK z>9UPfmwAj%?R+FEt{{`*r{TOt8?=Pr$&tuVI z_rTNq8uoZJp;rT4Cw{yC{V5gBe4LIS_%K;Dp9F2~^VAx+iH_a#bbR(EI+h!(bX?_@ zr*vF(^Piw&y{fvC6o2^%itjANt4~Hpy0?E0?6xP9J^td8kl^TNfHeJ--UxB5HgVK+ z%};5G=RbZ*OZ&czqDC0{8BYnY=w5va;MCthtj}zr(WOt*y#9LXX`0{sOJKR5MH6Kt zNBoTDdp`%{TR&r@YOt^&db^Kb!N)}ogfY)Zn>BaQGqkCB7ryyx2Gi^3w7FV-t@=5` z`sHhMHtE;Y`-{BLUkiRgXNSrF9{okq*@wTNvuig~Y1p$=I`mIqZqsWJ$uTF*$A2%n~Za zB)&4LqG(qU!ox0rnTVzB%7Z<*kKzl1+cKP8}JA%F7#cgkD5I3sPA4{T(r z`fqS(kvlfiI$Bd_QpILe3i9Zxmx8Z;c`roz$qhagO#nS_EB5i=ba?%S58cc>3fs;fC^k z8jUyH_$Hm{CpDzAUb&2IOEe#6tMWO(_|<4SUIxYE74KpnON?by#a(jyZ=yZ<*bRA+ z--!lebL{X6tL1yE#}`Tgy`FOQ+w}JG%YJG>Z>vT}gZfs>4bqV8g0q^Yx>2vQv+nvG zwm!j@-0ggiIjfQQ-QUyTS6=rE>dt*V+QD7>dlq@Uz+@m~MlHD4UWYL5cnA13ulUY; zH%v7-Q*}!uEaT4Kvih1ePW$0HYAw;H#7K;)mD1WbJW0CZ8_^DO?0c9%l4)lG2W8qK z%3ROC(5&hyg5v=F=sbtj80({7uG=*=rueML0-o;eXll3F$Db+R=Hq7T=C|2r zSWzqg63uTce<&x(=8qRL+3p>lY5#XFRi%`Dq#p!q z&H4Kix#Zg)t+`6O=jF*qrdm@9@ZTqB&HH|Q_UP7vADYiz*;@2WrI=4TD*6j!#e&AC zFxzBCJ}Xyi$$QRA{C`~HOdSaE#+2^$G@FyoI zMcVo`SJF8m{itj%ullq0jsQ-|{O9L*U%+pDkCvQAJ3PhD4>RD?Xz&>SXX-z-PxsGH zqtQcsG4F%Vd9p^KcT4{#8n?GkrPac_f_qR3;-78t5eA##6ag*enZrs$wnx6A}@HBQSckZ&Dn#?;LGz|; zOtC;1`;`BU2Dc}JE+jL~VqQk2n9qB<{f`6iSSk1*gF=$Jh%C2$z}}uI_)o5MJcSWX z;`7f1e~?Z>Aw{o!CKz-hP9X8Zt|x$=eNSLIi%;Oz>IMAQFTr5Z&$vkF%zb}H_;31q z)V1Be^WXj|{>Nw12gxdQ4FB<2P!h-@N-&tPisT)3wY5egCsTDmxFIJOPF8X^_Tu4pE+3`$Bw&bbAK9lxJo_b22 zotALG-SZK2;JLFWo>HQ&!o`zrxOk@BnWz6aYss@2u979?(x(?6C5tw}k)o|6jJq>v z;)lEEA21)^r^i~U<5_l{{uxaj=IN?ro_V*|KRFOP@}JQYp3Eh>_xYbSjb4-ttL%qU z_A6EPjG^phN7<+HBvwwRQTAQepS~TxfD#Dx;%BVbA3lqQ^h+>Y_I#jB9LUgrF`H!J z%044@#}mb8uYX1Rx!eC0wc_UZ1w}DQKKxfSVn~*{q_(1|f{NAc^JvsWkJ^f#OU2Kn z;^)xulnmydN2B*j`mgvQcRc;Bt#mwnIjUjS1XolA_DxNOu&jd3S z&!#(`K3gQ-yrh|qXRJ=gLZ2wO$yfm%)?=N;dz2vNV(O>m?N!3$s z{h3f*)yoik7CPYY*Ao<&` zVzuL$tR@z5@}47rd;TjL+|9R#Q~FW)Ga*^I81X!RPEVG)>QyrP^u_(!SA(a!c5bv? z+9XcZd*()?yZQc!e0x;>OnRu{_j{f{-Me$6A^xjbHNQar`I(Hp<~1C5{-Q`eU9)CU zG|hKf<1A^zBAR_>5f=Ohi=rW&@@o%`TDrB?JRaP}qoQ297eqC$iPxXWU_%um4C3cWBnz`f;dEgZgRr|KI&^ z3!36#90%Ui6qnp*P4QS)i{gGQo-=X0n9dL0v^a_vK@AT^@%GesgTMS%z;)$khG#Vy ztN)Q*P?7q&pzh!}-qD>N$5Y&$aa?w<#PQ&Lu)9(XIM>mvR|0vJHk*zoSO4KrnDat` zp381wbNsZIx0vj{a^^=uLD=qodif;vhgkEzxx8miK+?kLs`0_jWRm%G9qK+K6Apd;KTpF}PASA6<*e(=TV&hd8cvCeV-|6l&s+1>Oh&cr>s#iQHPwE;u^=pipZ z6GRl`r&j{yXM)0#{7lreviwX|p&~z%4N;Y!elN?yY-p>K;$py*7d5%DN8YPg!yFF;bldazK;LLTECY zEHv+C_J{}KYCEY%Jaj@LVYBax6H-q^7Fu%aDLyzsMD|6Q;$_#`GbTQ|qEGifJ>miF z4Ajp*Q##)^q19s|3(W&f5FbL#@bU%9CM%OITLPM_jE8m?ypXT1m804%J>!AymY#9{ z_9}lH?BxY&@RVl)-crqUQ~=Z777L-t#>+yPmX{VD>MrjUcN<_vPu$CbUh%*q7;Tbp ztTo#T2==li3uVk+(u7bmzXCJC9oN>IRd3VB0E5E`k3j3T=p#k^q!myv;?ZX;@1Fm8)#+E63F$^F#DGAd*ddA8myNX zKlcQ#>I3BxhAq#DUXEt#f@tq&%RteLmQWsRVgkM+v+`wzj%*FLX_+x2MctCVv0Ryy zhkLnC+)qAB`(>Ya&{5zn=MySqJ5#X1X_=7`B4IiKnW+aT+lYYqc0i|o^qq6lc(_~p z#{JxkesSk^v-v7)GY)6N#w*}Am576VM?13Cg3cYy5IJTySv%_;sKpy zu0*VTA>%u(U);Ya>el*IuS}RThGXw;Orw2K0~n z59JfEtvPQTWeXPhZgxCqo=n7t5oX`AHFMq>X21reRhb&6jWY+(>HYoV0YhXCUf^b{ z*WBBTYkp1U;%&>!>zdG(_eF(ZFRQa)nJEW!@6f4a=}evl*QZ7PF6q;KeE@@zDSB5! zwmu?#Ks=}@WA|o5_N|bh7o;JW&o*pmQCfRT9t9^4w?j+ZcOSNf)C;MLts&r$jL;GV z9MZoBlTmIUQ{gI1J5Tr5mUw_$GcazR7;Z{5KbrBuW%a?b-`uEy%uuG{6|U@C1&4IT zMv~Gc*E)#4IiixMyLw>UUqXu>XCTW&Bie``ki#u&dJfI7ie_HdHqEmT@1#FZw+LiI8y@;@~< zvb7b=G5c_(ml?yM$sY}4S1uSH$L-$bmo3j4rUy@1u*}c9p9r{Sit@@^E8E#Ql$wsrzpUWvYv=k=j~Wu*}6Dxfrk+xu_swr!5%CvOGm+ zZpp~Fxrv*m7mSPt4KN%C?fGNIHBu((&7^E63MO2H*5pGL$+PH2kCMMj`b0?zX;)I( z&>JSr8Xj|Hy2dErlt{YFtX;Bn6~Th#;zU{I=+tc)#ca4)xQRbnEIWs39?6^eqOhcA zEt&ZwU^8A(Sn|de$R%K+fk*55>7&hEIhtWaqapZpqvN>6Uo6RXQgu_QAp(cvn-Dh@ znYPjQa|yWO+FHRZcjl63%`I-#zUAS*KN_wqs!iUg@Hq~gUtnOPszT?MX(!;4dr_L_ zV+P5y?7rl0cUmhFMM&DaqcU?LZsP{Jo`<~28*Mx%8c*J+@NjYqA5dat6x-qcY z0b}9;Lq*leTTadS-;6QwKuLeeYa>c(Offxn$_!P&@|F7S;=zcqS=&MFhN)r>Y#jq8 zFWfGUce6aZ#(ek!e7Ix@*sLTMqk7ZJNT$V?u}mce*IeK2S->`ZxQn-o`?lvrIZ8it zT_3*(hgi#t&cx@igXTRr924S6N{3?BgLPu=$J=9&aKYui?I8tDLf)1E=JeqX+&-3z zZWjP5LJ$SR>)7BBOA7aM4{jmPS#$<=Ns-)v|M}xzS_kj!Yx;K0n7^FBqjfpMb-~ zLq~S8h zI1YxtWnA1m%M4L8t%7%XWmY6F6Ed259@At8&(7vc*g+{jzLV{Q<0rT0(@vJzm(`ovw=+oV@ zW5UeRj6skqGyO&D{*sOb5Ef(?0z9wy)B*&>~A8ZS>bdpwo^R@VytSXPud8IF#C z7qFqA1Z)<$D0A`w5t$(;V4|TWfKt+;@Ng{?K#Jd_JZN=fZcr)FvdkCobWdUo?>^w@!+i-4FRSj}2Y)N7fl!i7r<(`Z*3=0UHLI zfJ<(}B-V56q=aaShWX?9b^9>{aorRRm&X|l*eLHF94cFAJ5t(^SOO+`a5DI_tX`Z= zd_&l^^V8q;GMaGF=5Y49KqwO+{iDpwW0zy6}3OE!H1)|K?&|R^>!jydATDCC-8_bGhif?y5 zUSgl&0^GzvTl@)fwsOVgC^3!IDH*npsw-_61QITEB+YdZt%Yzdx3mlr@Bm)PbD=+Y z&h#Okq%>=M7A%N1)<8kDjgoNzp~8R3IEM<4OTW#TZ42wVoCp{nKbAR6Lm#G6!A+~M z!Hp~^$eB{fczZaVTStpS#6_fGX9QwoIxM-(yzRnwZFtMI%?hV%MfU|g3^n!vQI3>C zF&>a)!4&D82CHRSExQ%8&@S$plCcEPkOgcug$VeP5eg{I0ydjO1boRj?@^qk zbh6T8vm+8JGQtD(+x25IqG!+G*`+Laz(2O41`rpJJSQ3#5aFCs%y1lHFspF4ihG+! zmx|zqqqe>~Ne4N7f|78z%UM;)_5}k83~y0`Z2Ld#zRyPwSv^l;SfA5jn*+nTHWj9?Z?D84S@# zqN2Eg%06ha&Oi-nnH#q&dA+zwnP zQ8CzE0uIGG+;`P<*tzIDB%w8x+>N}QFDGwhN`xxaA zIhaeo4U?G}C&x3FHb)RxbOH`#0`}DYv!s%&mvLWV=n2>?W5Kmk$!*$=GXxHl zH|!PI5fI)4)cCucYF?_i15AE@4iwaP4~dm9 z^eH-H#W>42IDCP|yNHg+*P7f-G{fP=<~^`1IKzH{KNlG%SW$GniWN8twgN}a{VG=A zV3x0%3;FYbj2n5D#8p%=&ak4Wj1^g(zVnvjy^oB}i z;t4oZ%!+(_g3@H2pC|4v!v)22lwNPiHdb@3d!t2hMM~at)J=7=7>}9{>B~v?eDokA zQSc8)=@3C491e}^RqlzT6PXbSnl{lY?EP^%nPog+-j>dk7JpO4$PyeV0zs_UE}ww3_sDW0|oi*oc#o zXfx?Gu54)qhg?xZowzLS`tDDMoB+#nlCfj(u}Gt#vV)JsZDoY>MXRZrgO-x0GwIE- z%up0;L=UbODUFXnhJs7&ZJzF;1&D`__ZRVCmR3Aa=~uF{%@be*VoP$0l-^6rzE-ed zMWS3(QOqwqfHg5k@VHgn0>;xWYC_eVwcv~qupwFT4W+l+GDAqfWvI&nZiP}*0 zqR1WimALODBY;Yx1*F&JG9AI9J{4?|7Hu^1(kP&+v3YQi7i0m|DZ)T)?X9}>{g(AU88xu041RTl%{}(mQnnm zun}-&k@7gmUN{&Jn6Zq?BBr@48H~q+LoW^v8Yvx)9>q%Ebx?dZWp_YOmpZh=$)C z0?U_Qdl=D(gG#CxVoAVuZlIm7h`9DcG1H8sEQ`j#2aL>=6>QKiibT!WU)+^<7lQFo za@>_(x~*^7asno9{xF2u*hS2&?Xb9ck@58Lbs(vqA?$>}6l^?wc*!Vj%rn4lzeQLv z;_j(&E941!ZQ_*bV||wOxtnqFmBqnRGhqiFY>>^F&nI-UShSd$k(6ce=+uma^k9Qk z3EZw3!6{$ixr#-@Xp+~4XP_B9&TF^saJ)eUcje*nAchkzq-a7lW0jQ^Yy#Zy`BB;! zX&#(+xg$WOL@n@i%MN29R~#X6#3gqmkUfl%Ru+}1X5^p;+p!8Vi?y|jMRJ*4C>m4E z`227Vx=x3Si6gtw$U8~9FpbxX#YvQ2?aq*90yel6r%}y_KYWS;HpGA>xP?A6FuZ2O zATCF08S&@Aq>*I0l3G@tn0=cUOJGFFy}+L>M$VP74{wxJ;JJ$Dd{NobJoTA*$ys5| z$~4j3(mU+g(hAPGl}BRF8k>#u6jI9w2vOD2FPmf=tGJnreUzwd=?71;uN6#=x0amby?w5WyAX7_pznZb!%A)(F_x!V^6>O#}x?lP& zg6xnmQ}+kGT}1h-@fnqUj}q5io4bIgyJ!jf_==-Agt?zzdGXh9xzUJN4>weRmvrlr zcu-fpxF#O}Suc&YETz%MXjFnD-V(@cfqVp{#R?(fhE^_RNIci^>?$rF`Ids4zAPRz z*~%MlW&}3zjjP_^7xa-&5f3>rrs4Hd_1g@v)evdx|&1g*w z7MR;>AzQ2HZLc(?LVYg4-GXI|Xv#5+1DQ7J7@E3>rrZ%g-2KZy=i*~Pr!kiBgu1Ov z(_O)9`3UiPsoHY1tO$@{MjBK^Ez*phZ%N77QgYO>)Wsjy`&b~S0}))Tlj-cMZ_4fz zdGnH#y+9!qcY{FUV}SHtPHntPQA_Ise+u{AQStDW^o+9c^q?jSNa)sJY#5C?th6ZZ2Iw(n=O!idDjGUIt7S? z3&_)*&YNL!lEU>v+fCW60|moGWOBjR&ChcFhsNsqgIalGLWT;RAcb{mxI(?(T zOCtPMa5PL#R;X{sM_iZS5^A`RXID8qp|K^d>w#7^^vqhz}c^X6aenF zN|$mv!h3@8SxteAI*AQsbaDK%+GNd5my)+i$qOjy zUP^xrGb(pQc~yL%>pR`5hunHnQ-ruPiJ z?nbP1#T7o+>E2NE@KHce*aQm(R zU$@Gy_56}s%$q6WUJ}S#Kw6Bi24CdbQ-p`Fgky4OHFYIz;+>PHE1m-9mW1fw*yxs$ zJ$(sP$uiC%BtN?GLran^Mp}XD<>{WH6?eU~54~O?kiQA!c_1xDFO)Rntt;Yz!>eMj zbAdkG)4<&V3b-k&;OG~vprvo|OS#!97$-T-R>5rU=LK!Z#vvz6K*f?|e5)Xj7{9&@ zsH@o1l&iS6Xu{22DX2UZ1agFS%BdPYaWDrB3IKyWkAjH|a0oRyWAImjtq&cXDLASs?N0K&GDw1Tvg@rl>_`okVJ!F5Fh| zOU__-1?Ak))D)4uhF5x%f>(w{#OeVa$~j5Ay@`5mGd;V%$r$7p*I52?CX*X`27oUB zOg4snRr!0G*r={40e1_SkbJx3LYdg&vuOE#8j>raTY(TcBV#cNn`DF*c+IUpi+U|* zN)@aZ<~Ul68#1DXa;&Oc8v5^bc09Pn9HCZG0#;JJtN5a+UUt*ZrsZ2{*{wgDSs4SJ zq|Z{)nBu_Q7FuemRMs*$v6R|)?k%2WiklrHW(Dw&os&~p;f4Y^4O=4ZaxYslqkxo%SPqoO0~B)>7a`Cpv|CoDJYuk5~c3q!kqYV$(A%)%#p zq>t+U%@0B(?xEY`5$>*=$*7{ptGLMrG(YJcdOz;zCjBWMxpDAUnxCd&WpP2ni2NHq zpf=_B@1W*WJ5@K{a8UEFn%u;{K)BZ));!VOy|8(hNd6lSYOZbUw5a)#CT=sXKCJm5 z$>Pq)$8GF7^Sn*XnV!qvM^Tey5KR!@%m$8N&O&8=?E;^w*3y?k-= z5FU4)+|UF(=#(*e!>Hy*jP z`B&W{?ku}Y4{NTulTU0O=9&&_p0IJliOpwqqQCJcH!qiPysJ)@?l;o?_Hp0DX-!vi zP)u{YeREawP$~6~Rn60y(MA!nlTU3PJA@m$>^%9`dP=J%o8qbhDM8(Fr#5d-Uh9gu z>9ViMzgL#cnuQe#*c>pHEKJIYn9RaNmlZyty7WCUD$CcTFU{EivH^3k$;YtCF&}swITSnP(%z~Awm(%qpKV3mgnTCQT z0%C)~P!2Y4%9%kU-?`S)SWb}|)CJaF-bTTacpI{V;qxGBwl=~*j420wnC0Y}b!NuW z2JNv2r4Qy`M}I-n@HBRU6UH{kNs}3%UM^~^OQ5war$-?jb8lo9Kbk}G_X>;on4Vgc~h_!G9NnD9Jpa8c1a*$vrHYkq&4H~T%6c_>Jc7XWjOkH(42X*yo zS_o^Cd};xZYo7+D2aG|vswJ*++0qPQMrMG-FZv~EuTwvSZfB>C@Wze_i8JU&I2lw| z@)rF>Wi_Cm{RelfSo9MLXO^U@#!lm4u$S%ZY8HdlVBKXo37g2Zho~kP#LNWK(sV-h zVuJ-Vd9!p_8is$=H1UH@q}{6o7<`(VCzze4@oj|F2%8TF%^8;2Vzr_iOg7XdGl*!y zSy($ASLFmO3j|g%;*(5PqR|HBYT_4ZfMNfb0g{L#RA`WOa%olNPn`!K01c|iP$CCm zjh(^>*a+c_NfKg&6QNgMy`XtOJH77 zoYD9&RrNYm+MX^Yz@m}Bs8fa&K<%N%hi<{PG#%H>h9qN_rIKQML4xbk(a4hqH7QU4 z%h}m+bJAdjm}NuTMWe~lhhExfR3$)`;X$OPF!BwTysjN1tS=oaV(5r#dImEDxMewk z;GZ;jdXcel#@i4JP`2E6YAi?iRJK8FkN66+(X3|3PARn;wSjMzgtiT;HN+5h%wdvQ zx^0Lfv|b|>pmQ%hGO7eA91M5P6Mk;ixT+rE7EmQfp&-tRh7po_%CKNQ zW@FTb0%l}mgR}<%4Gat0^npE53snj1eq$ySNLm`MC-Tzlk^)LmxD~NZB&wA4Bhjtc$XT2H}W3Xh~ulCTpR{UA++F*zJZSu))I3hx;N+ z?}=~(xkj%deV4Jp$UYGIR~RxU7~x<#?5Mivn%P1 z?8ds>IWfyw)=%^{mg5Suw#WQC1RQAwjBY}r0!yD5e`bKFFt+2Wv0PA{8knizA2Zu{ zfXJ$>;h2r1=BAeE1l`_XW*epu$pjk30{ueM?Y6-xrhB*~7@}sG*l6h%PmP5l{M9f{ zKGtFe%~xcS_A5w~p{wAKf8E%U3P6o(V3wKcK~@Q>oG`F9#oO(3LMqNQyp*sI|!4T?PezM6vK5%?uC0fY_DV{!gcj@ zN$SFptLp>QPOmqizHCZv8+f5{PeW5=kF1_o;lxg$>C4j#}U9Eu3yu%>&LzzQ_TPqA3RD=@4$O!O)DSyPLUJ!f$%E^g zMdK1g2Nk45fPrgpOc1w)Y5vDX>Z@VM1t=l)mWoJ0atDsNe=9f1gUZ&l=97hn`YjS(fq=~1q^E-*_WLhtT3~Px;gmr zl_msg9N{+nVz^d}znBZNMiz+zp6Nu|r4Q>#FBLch3 zl~%)(IDIj^1AEE{)e@q^EJ-QHZN9K$WQUmvcW%v+aBDI<6P*a6!%U>ijy8Ry%pjv2 zbLwelf`Mk%9bdB<4Cfdjw`RgiFm6-|g)FR0}-z^D;MK%c=D zHjy24ExYZc4bHxZo;3tQaDYJ}H-_8X{BIMpK+di37?^e%X-eC!=|_4S$6C`b83!=V z@WZ*o63zIzN5d*AyQpuNn$?NX9gO8jNQLEV1WOq5p{iL3Vk+u%o5U>e2^jq_O~XvM zPHAWq(lfjXN1ELEX{_6ZL1SR}OG8+Dn>~L`t7lje;dh%23D2cnW0zQ(moD2P#~BaDOpxtHhv8;oXqezsJVE^XrO>p)Lu0(P zoLL&Bl>}b4W30IPM)RbIf@20#(u~oHRd?cdo4d7>fx@gM-Z6t_{8qMus$sol__5iH zWSBHGM4~6@w{cI9ips1TSDwva2+1%r1JAaueo>{7hJ?q}mu;H7#Ok+dCOV@fHok>* zE&BR4&REFIW$6%!Zzj$i7lTL?GXnz^X7k|OmN_;ety(aOiU`WgB$GLkbt4qz>`!CV z;~zGjLi|eEiKrmq^D$OZvZ|JY;mk2Jsp0RduR=0FEEHSL%8FX0-5ywrhcc{OK}y?B zG`pd6SZBrf*UT~ziefN`&{I+zlc~(5H`6f*d#+jsnc%SsF%CmEq)VPJWBA}|G&Vaf zX2YL_62q}`B~De`1~S3KHg-`ZulG|MkU{i`9Skmj5E;024T87~mmPE$T~?xgU;JM4 zfPoz1hWnFOS6v65I8O=JiAWnmnH4@L6>fVXG>!kN!YQ)BNuF;S1O!LSrW%)xc;bZD z5K_@91Z2rFT8D59Ge`1_o59F=Mtv~JcH)G?cz8$*W|RahO5@={r#8k<1({`LTtsZu zJ5JW8NdI=mmZ^|A%+91}qvI;*m4@swG(%y@HMvAE(tpQZlmlq9#w0E?XeGsx88lH+ zq3pprFzgncv_Yf@{<(OgncW)q0)opnXbls5f_8t1@)e>QZPN_8Txd7Wp9-EhgDxDp zW<7Dlne~ME+fHn#m_&~yePqnI3iOtt%!EMjyPHl(3}}{#3~_dutXHr?&kcQme>t|b zL__q8>7=T8=o*)a-~rPym&yzViCSprSo$Tm67!e#GDJu!9NRHIkf0oQvyA;Hr%tB5 z8mEv!U9yy==b?2)m~d8eaEcy~7Od|Qj0{5y#CVua2$#0yH0y3=!YIOE%Mc-c(1vY7 z4R~$Mh%fSw86CBX=nc6ZN{-P{s{|gjg^Dm&;><}8C)q~n#ZtEo64w|KD}v7`!UU^y zuWs+F$2f!AlCGZ10mbU7zEXr za%MdX6%%PhUBmmi5okPVXmw`iv~%^(I05kB8&4V=%+8LZyI?)JLx}|%>~|8F83UP< zXW=srd=a_I^)d!egEplL*hU@vu|Zc-T2g zH3~W>n#RLkt+wN22vIHj&cHPLbR)4sNoJXd88=J9;hVu0j8OYv{&n}6@eUP{7~ zYPJ)s$GDN;{FVp_&d-Wy!9SlsW|4y#bLL@;3&v--Batx1xZvW4afjkqGPVT)b?wIK zLB=s-gkf!)9YL-!BceG=G$I;In{CI1CNH8h`k$EK;d#)P@O>oy;hnXjf*7k(bP(m4M!cPP7jjFo-&1?~8XwVpMknGXg<&n6 zre-}Q(mx2o)ft)u>}8|Zu%(R3L4Gph%H~kTcr=h&mIV>vZP5jl81$1e(X2GG%#aR8 zG6sY2X0vf|B!*ic%S;v1;#kVGcd!DHN2U|B zYcp!>3DY23++d;V_P+z#=G5JcQxvOA|4H|R-i9#jGEKcT@VGJ&~J7hY+31&8Kt>Ip=r)?HB7&U`2K`6jX*dQ=X`oY*cs05g~c>+u`YX{}p zP523Pqggx}3nqDn8e!bw4lu(8XbW|A+B2t(znwZLBBioWT}i#t6jlAC@ybyK^aSSPSAU)YE7}zmwCj2qd+rkKGTQ1RI7e zVSuQ@DdHv7-MB75G)6eb#uyLjjB@0$56cO^4`KLy!$sf{pHZE~HZz-mu^4iaTdW~D zA(PFfl6jbka3#)=Siar3>$oxmzQURCEf6ykz6EMJK^ld-nF#$*$%2gi9nq|Mfz&ce z7EwHQFvM7xPVD_G4lT^R4q#+&$xKewiyZ96%$R$?23^plS$CpO%(^4rvYjZ+5Poa0 zRVs4NJu{l5pouLYq{v+C0A?hi4P2ggJ*}QT0sZPK%)yCd2FCUXwJx{3eQr2Y1m-nIPrnYI2-wr_#ZkULZ_>cAkz zhgsEpTZ_5Z!(iNfkBG#uEDHf|m@jIMSsBUg5F!I|3D11+cbQ{%U~TH>Z&(?`;x;OC zV>*~PBEyI!cIGzf)~^PoSfQYMViPMvG+4MlG2FJ%mpOsqYL`hBBG)NNhLhe5Ju5jA zw_;2JbS$H6aO`ZD3irZ{)`qE?buIgqK{|zW4Y-O#>;X?r9RG?vvWiX^{uuIJM26i>0wwG?HY;JG>BVVKY+mp@X+6{H1UKl$T z9%Oc!B!UYGl+ZLo$OXh~IC0WGc#)b}LSnIv$}Q(6Atp)FU^sk%E9K#`!X%B41g}-& zp@LiY)8@Ec#D2IAqQHbO#H5)DyTz;_j_HtTkoO@xHHSCD4Cq7laR(#8*%ltzP*6XO zMzL%;bGZp>vW$ciAVWMDEm;;T{X=E;3NkR`YX-)_P>2~~zYJ!uF$@MdP&Jt0ywX^W z7%hg6lkdTZM|hg0R<8YqB2xk+%@Px9r~_pFb@X%QXl6oCi&%8( zEwr%4wbL1+pxbh7mOWw&7z`p*+6}d0G}?kD;fAmoyGw9{nf5r>x9xQ#ZK%6^Im5MU zjC0I3Xd=uR49E^J2z3~)C&@S)2Lt`F>XzWp&~1Yzf)+)Uy=Xcn1k1pzw~KrK)pF?a z<#gMikQ5RIg+z22>K9i{NSH<8nc-k0n~sManp!@hHK)Kj40Y2~Hu-SSxUJ?(2KpzS zZ60tS2Tx{9+++<`mBS>%Bsm$*M0RNuktB2DlRNi6*F4Vs_w&vDF@ua51`D=ba_$o{ z3-VqV6`AIWEkSY>tKl{6$sh(wjr@d%$n^( z`e%gOkXVHG8HrWghQuP#gk21ly>Xk+2fpi&Ef+C^jH8-p4vT)AbfE|&2ZV8Lkr~2b zhB!b&!8nYxJ?39WzufK&sg>+OX6?AhWMITP7)nQzHZvyFA&VKozg$nZ#Kp}4(;)sc zJCki}9g+!VJJCL%U$c+ORU!t$856f>P|eL6!;vIHHLSahV;{1j*rnsvLDEM?d=ejH z(aJ3bGh>_ch{#=zr_EsW+jm0X^(7`bOhbF%pUNgP2hIn3IE{aWH5hJY~5n(!NrF8EkaP>#K2 zC?!Y|WCga9L{WYiflD|0|G_g+x7o@B(yT63NmBE?x&rLYO z*fYQchLs}|Y=^ot!Ex>$f21z3_4hK3I?6SBrgm|!><*3J*G!!)3vk?eB4BBW|y z#v+##jG>bR7~krscYOM(OOHS4m{a8gHD5XYT=^_aE#H0G0bN$CIGx{Rx8;@Q)*d1U OyYH~Woc-o@|9=2|J}Qs^ delta 190352 zcmYgVb8uikw63kKZQHhO+jh6ct!*1y+qP|cw{Ev~x7fG8_s5$zlSytS=Oj6k^PMmE zBt0MNy&fwu2$VZ1nBia5fDOyc#>~RS&cn);w21rvI*-O+oIEL-pyt3u?E|M^a?JHT z<&&q-=kc*pf9IFT>1%}hBKF~H*ZsL41MZmN>rKMG;nl2?P>IPRFac7MV4i*-*t8|mhsay@XVfmP^^Ws3-vtbO+_DZ(P+P4 zxNa`|h$P~t0>Ud}?;4N^FP`Em;}?W7X)dOvkRVT%y2O|$kMvz+B0txfpifTlF`N&;=eA^(({plK+UZZ?yB>b>nKnyn=OAFTC(mU32qvvpgK_Dn zNT1;YE%~$iG75;`rmHqJScz-Rg#_-wX^{aE)B;v>t=9vg6Jg(<;NSYMiE_$RYTAUH zc&^QaP`0s^+!iP;7kQIY*9g9}$8+pr6*Oy{H`g(jJ0bkKspG`ne^RLSMHMDftA2pg zQf7xmYkGYB3Kj!CH1vxkt!Prn!3&SoS+0_37HnzQf6P^0T1%&x98U;Z_jMH}qpKpQ zPpb)vDXf~Ukv$b*ELRm}z{pXQFl(T#WYb%+!7+7L*ro_+eAynU1_0}i?-~6?12S<|3VHDS zt+x?Xbo{NaIW=J6VQ@-!rR#_7AH1j^Ix@WZ)4j#BB6u@+v}`k@ z1$IaCmDg^3z1vlR1^4AA>a4E=Oi6+PS`{V~XT6~1!&P4p>JEb#Q2{8CBNKtQV-qsO zC_4vIgR9x@jQIe-|Le_azxQ)jYsJv-ZZrp|-|O>xR_N&I-uo7y%Vy4mI}+~P`+j%q zW^0H78PU!DS!ziM@#h_}w7PTyOT-kM}oDzBuTM>puQxt+bISm&oztO8NnFbyAdJrw3&R^4t&2Jct3RbyO%)}ujGYG zq?BhCGk+nJk*c5rhuhXD&_|?q+3x9IclWAlaA>#aRp(=O805l^wJnRS@Q#GT>Ld+Kw#m=~jRiM>AQN?<2+`SQARGg<3ibf5mPBl88+@r;hA z8WbcKlXpw*SzU8$=Tg%IqYy6GqUni&4-B{yp<@ZD?3-+sE%+VcF4rTFZloPvA) zH_Gv{gTmp!LrxaX6B7~k%YK7wWN(l2^Z9|84|Ufc+7q0pFo(|_iBpqj;dJc5jtfM} zZbNv#YWdSVYoYq4aYX~#s3HPT>U_FJDzLe(Z7%evQnrGO!Zl_u`+hpZsRCg6`D;hV zm8J)+nA;3u>BO~^SrhQDHZs&;80o!>N*4ZeiI#S5J{39 zC}v`J#RX%i0s<3V_A7hr8F=rRLbJ zxWo&F1tv$+nM^b1zKW5$>iU>C%`M0Bftq*dTCusm!j{|0pRR-A9Dn(k&0Kmvs>KEd zYZ=Hm@W`8Lv#fG_M*p}OwRkgj>!|V_C_GDw{HEU2rzk7?CwBj%_CB6-512~sa`(G1 zzhBzJt%tYH#)y(Fw>v-)aZ+us`ozzh=b@w<6-)P$pj;~0VyMI!R5^0+QPW8c0j{*w zVR+j2h-US?NG%N!#Fy$WJQG@h@UtGPqa);yUTj&;es`aFr|au*i~h}@P`Jy8y0hrm z5}#kZub$zXLmG9pf7LjEWjrn?8;I;3+_@0T@nY}A0XL@5O#T#d!qmg0CG zdlP9o4thylVIaHk;BVqIcUR>mwK^8zB4{+_NF7xy(?0dY{4;8fyGZpT=UnGtfn2*R z9+E~B%-BSiS4&0X!7kTe_L&VE#Y8OYF^c)Z0kG^cd~|B*q1a(|g?XoC1UR4WATT9x zP2~kW?Z!kfB?3TG)p&K&kex<5jsKR9<`IUr{UaW(QOBY>J8$auFX*(dVS_5=R5J~k zIFyR1m}m_Cow?}yT#U^Ca=QHHAWN>sqVPCGauTBIeAhTC&crVFZzT@S73UDps$ATO zZG%BA;P}!8zd&pTicWBlT$NE(>sWpkLZfm2GY9^kIY8V$dzk*&WAc(44&Ln*B8EH$ z5%G;Jejg#?!t=iwin_$mL=L8)k~ujS4*m{6sk$hx*b^hJGiD=}5Nrrvj6vMl>Thcp{N#U6!|Dz+P|__4$#0j_GFhXlubB@5C4OY*cw2N+v9}n zM126vdHuFEH)>l($=A3oB)9mB}!U!|&|DvW)Gm0aKP~b=QHO$Ixki1N0~q<25)iIQy!V(+J1&Zq@`L{Yv@? zZgog94E@P8CSD=!|Co?XkbYA-9#b1wXOEbCjUsyVK7?jJs&SQN4dTn-{sn#!j4Vwj zm>dP|Cv0#B>TrcvbfuJ8$oOh}J|+dQ+6+bTa-o_0&-LQJ{*F*%d^{!I930pGv_q7owsR=aXfQAzF@*7sEKD!d>}V@gh|#ljVUSIpr5Rw zq|#w9OgzG}lF71eukyhKRd%;R=jD!u{?7j+MYvO#C(IhbhlCrZR1!b zXJeB>k~duA2C)S)nI&hEvr!*PUmwM#(xRnGG9wN{S+<6UprgW^#ZAXRb4k#qk+QU( zzsN1~n+ixm99ZGa0qHGbv}F@_aCd`UVLdIb1tdhcN<52O-u{5L?EGFh+yDqY6;Arj~7Hl4Spiogz=q2cZeD2Nn6{&!#YI#L+SO^$q*CVwE}@R z@u|#M%eQn))lE_!YEHSfi%l8B7$Wk|Q3F-#-NuJ|wJ>2?B~c9@d}L=OrC<4CJ-@D< zrZz0F?5v&pxT0JhHn;-fK9OwQGWXOy{wm(7ypsa1*`CUar+Lga`=V)T0wk2Hh%7ey zB5BP$B$PP>ESvT*>elb17#B^_7B<9`^L!O6A~JTJW5Th7@+f4MG7?d5s=huyilvwP zLS*r&A{PlU`Ahu4)1q;poh{|3_{>!Ia3^w?ih@F;d9X$^S2&R^1m@9|Vr5+Hh>L0w z$y)$$v!%WWTDO-8rfe3Ong|5)hnKNeE`H;p=pa%%>L*^)O_ zntxv$t<~Rt;~BTI74Lcs|Gg~Lms!ou6Erp28yq+hvC{j!A3wO%kG42TI&o-QFO@4T zB4m#dl}+}PLEXb-8Q^H$_Z&(ABw4~~4k-11KZF?nuqi#0VY-Y)pg}{Jbbv7rtI?7G z3FE%+So&j(B)3xaP%*9RrhV$EWgqTht8=BnlX3NCzK_^3PHwkdPh`8mUu3sX^>fvT zUA=10v2;$2=1@tw^4){ZqFGj}U+7)cQ2CAMxlf{7V|Ar(TNbkFk(v<5y!Y$IAT&LL z%)$A~d1UCkdo{+?P*zi~tA=S)E7+ov_i_%9!HaMAosq^l-6~Z8d2+%Z#d?Tpe|iSd zx0)bIRz&kMcpK4ak8Qezo^nIlnp%#0jA>TVN*6TKMYr+TE8yjHx^#4-v$U&_;_o%q zJ9M_7^|Y&IaF3KvkVgP{v|gPOe%8cNelBg^H!ox5U>57j|G=uO>$;^3=U@Plj?Z$8 zPn9Za5D*mF@&zWN6Wq=sPag)y=sl`x{hJhJYfiO-PHwxIB|wGVp^6-=!0I5C)d7O9 zQGN4AvhzmGlE$neg~v`ni2Ai^=@0yBTUv)0VT`J!!;ayVEZ~%x;aV;K_U#?kNdHUZ z{>?^V&8Jkz z$Zv9f0-KL*n_m$^7PiXam@glKm`~j-`9%F7m8XE#3$N;JzEaEW_|yFURyZhnR5<)U z_dJl{cn_cktm%}hc&;LXyIL$0*Vbxq+uJQs*4GfWwz5UGUBKK&WsZp;UL}5&R3<~e zdsO`6550E}YK!J6&3}SZ|E`5EyUHng8WLe~l(fpFQg^~Br`<(W1l>i~;~y_=Ymym( zL=Cf&u}06(p+XD5UnnL!F%dWmM{~FDt`;T^a26@}s9K<0Dc?~|fpph%1?|*y5BI4m z33#o#fY0~idO-UN(f^S)4MVho-SIsp?kOaivStw~W_bd#|L^@_GE>0k+x;)8-j9z0 z_~#cW=3m7lIA1PFj!`0vh9i$z4IJ2~=^S3KQCmNy$so*vcZh>@a~tK(U#(uhj(_N< z(=iT4txBI>{eY-t24EV0yq+-9vAZP6!oFf)UQMI+&KHJ_qGsai7U0V2dO5;Ux7D2C z<^{P+)zg0VQW`qM#CwDNX6N zqwu$}wBSepXWGG==?Z8FZp`n@lCp66KH9)9l3=o4l2Z036nLEl`=cp?V9&{DY{l%v z2`?P`gfE~57@ zAodsn8Duduw%f9?-oZPdfXEAfO^-%?9^X$q7q~)Cth}X;a_w~~m1^J9dhEO>Z zVmZ=9-&x=oiDC6IlOW*aLAlSD`x@2}q|GRf!N{jGr%uCGyg|8;OOe^w_r$_Vl(<-y z9$qFrj`YJ%oM%8g^k+5^aE?jZ>yfCWI#0$_0j*fbNp8HDP?kOhcJH5LYN~fbCG^w$ zzdISKaL0&XXTCVSi)J6T4ixStN=l$Dj}AJIdfgqh(8tDP>|lC(3_>%`6q@+CBII4) zK9(i&?0%DZk6ntzTM*StrSzE+GwHB9V6r}(kyxyzGW&GV*_fb)nPu~!acJC;y!2+L z0~6j5a-LF$RrJHYk|%44ZXsE8P%-JGRY!XF>h}iX?-R~phPM&+RDp;GZ{BV+` zYU&v<WRaVHy)0irpMdB6t=8*00n|0!q%M2Wpddu4M^&OEpnT;;}hFdguZ^8 z55L{`THkRRixT#F8qsKM4-HYLQR|{eLQ0`SpOfbIw@X!9>W8@SR%aUVX%(9v>YR75 z0c?i9;~;G_nFOj$|R>$66;bPlygseK)2`gkS2#BWBq5U&E0QV-{ z79^Qyu%>Hthy1fO$K<19if5bQNLpi}FS9l*9VWOcJW%;xmQ;M{vHX^ur06pD{$BokXzp1$ z{wDd6ba^yw79eA$l|yj0P_R_g)P9y&&_l%%P_O%|*R9#2t3?Ybm=#~k7Al~z87846 z;xkS5Refd~sk+T;Dp>=H14YtTf0X9>$KUI% ztM*Dc%{jyLgYXO)VDPLWHg!YJQIu-O6e~qPuCIA6G#*$LMelh~(aqa3%)@kYT@(O% zR^OiSue@?@WbagE*HnEI+z8v>BQ%lLP|pi@)S$QNmP;vgZGHR%ywy)E0vHsan*ejm zO8&jn_-u)}33nm(-rLibTsNnCx6c|zZs}pcQgbC7AMi2&fq+?T8m7uskbZxv6n^?Q zWLkt1^Fa*VTs;!`_d=CUID*)j!l4%elo0vM6@(lmvF-x$*jX;6^Yxn*fbHV zw7JlgDD0S4kP8QdKNWBWV4dv4TjRCG#pQp=mbO7buy^PT&ViD|J53V9kZrFR)xyc8 z#o7`igV=Haf?gRS(#C=zdp>!8?0RP47rca~s~R&xpg@MCSuB++ONc>SRC7eoCDK8K zg|i@(W$f`mBql#G>XfKpFyod;psE_YKQS@T<-|08P@L7BeCCbc8#;b-)?UJgZ z=%FdK61)y|O$_6c5hwYNqe9`0@{l|XE|E=0dLE7naWgJN@@RWwwFGcP>{?iR*U2t_ z{JIMQlu-nk3P@>!244lwP~wp6=MI)97(=HEbk-8V|F#-ZHZ%EQ4=g%AQ)Pv;j~h~&>Y>ZHL@*&`vL z5wU5*p0cRZ^N{f&VTDxjNR?0GPvVSw$dzmRHQAY&Xmw|4mw!7+_c|xMH~f-#V(Hfn zkVG84qw+BB4`s(Z?ADEdT}4MjA~+P*!87!&sv_JAWSO>J?-?=u9l=7|_Y$=81MRcu zGfe}798=b$komk=7VFm6iqa49Qs&GA!Ouk^R+)1Qos9cwB`|Xto{3oMbZz34Dw`gG z!soWbn;PlpDmIqW%7;hGzgLsId1T57jO$mOLmpy#)b zV6o9-cl-X!v6bh)pc74-6z^KOR9 zp_S(x{0r)yQyw&gZWLtO;!sfQO4f*k+=%l@QuD!G!GJC-$E(2dH_FcOl9r*eENYKaljUo> zEAf)r#zyD5i6ih}1Q^CBkBD5m3LHjK=V}vB;gdCyz9s6-M@N!8EkDFX+U_pLMT#Wy z1SrN$nA&ehiWj9Eo0FN!{<7&KNcx8MS|38NicQk|mN_>(!cNN08W%|doUWn8MP7(I zwmb-$vU<>)1q;6kOh!^8?775#`};|E@|HN{%xTnjK*53q^Rpmqr{WNM1DOqeh*G>^ zfkJ{c3l~$jw1yb$Br1@`?y0h!s;bO-RCrn$JFki_6s|L~HFp9J1YSyg=9}8ED1}Bd z4p!86Qz*%n1+`TSlxccR;0Zg_6sE|HA#!RY2InO7-;Pc)n@Pjvb1rvqRiLw<=|ND$ z4&p~;f`eW9BvWbglHgkCpHZQV@<%J~C_)?MU@zCOy)qtc| zj$*3AVAv)}5EU8|Hs69s(5uAI1hi7weq-XZZEQR84w5{=DVd#BLxi2I812HAWN6c1 zvuv!2V2P24>jLC*boR@vFsn_xNEx3Gak_D`Pd!{=`=Aql-|mujXI^HF9>jRp7kx(f zrQfK}cE9Co4h6EraOh$;PYgvnm7@pxZI=qy;yrdV$4KUxW0IkF5!(G4Dxab5;c4e8 zjqTf+(o#5uQM<5{{L@RO!+HFC0&)I5h%If#X=iGV5JjzIxoD-DzrjL_GT>0BRO7Hj)8q28q^;PeKg_#=(^$N#+2Yu^#vKwW}{PIL+35Jpp~6FMq$k z_djsG`760^w~@~q0E^&Xbq>DX^-_a+&v;)q{hx;lOkYn0`vETrZ_o38ZxDrUEKK!? z_zZ9R_ntkrrR3WC;et$?$uk9^ojTe%Wn-*@qcTgH<@U*kN zfm;JMt)cg&=suqXeX1USgxa4r2|xYr{mirDlBCv}2x*83aej&wAC*58+~|@0tmGIs zJdH_6etGNnw_D1FMoHlRzVo6d_}CtFbk$biGvj%+>samkw7rF1XN8=T?CFzf@;L3C z6F*tI*8NQfg%E(AyrCsL6woT!Y5%%rY#9Wgu2%m16Gin|_Zd9Pcro3Q1c-dA$xBcM zgi`#<2txEv?P_^!_|WO45K*}1Jf`E`KmPt!EbL%gn2&PZd%B{z6AL;h3JQ=VZIx?J zUt@<^GR0k5ySd?Y&pCa(Ghs#fU?zm>au{b|*Zl-d!P+sA_#?F6;A3PjeeLV)x!uf0 z@c{~)DKs*yi!~VfrW;vxrW#p&G;^{ZN}YM6k0Xq#Vw(5WX-X`>ykFU`Gdd|QZFy5= z7YZqysbgAuJf20*UTeL%j3(ksEb=H@o92mSw3lo!`Zbxx#)!Ec9gib6yI}JYA#vDe zvcKPbsO@vzC=P9&978kiKTH(U1`1iBJ<9^~GX6a`{ug8Cal*gRi@UO+tdCmMpqCnZ z%NN@YS2PM8E|iN!WX92J-_Qv8jCtN6Hi^M=g$Ow)!6&|Z;wkCymZ7AsJTD)C)v8e= zqk5JP{v1Dg=R^yExyB%Dy{rD$Y~BJi}fh*8OK&y8{T8 zU9RiNkrTgyt{&u>_Rp1Z%ivn1&st=YE#}?4aUW6EZC)i#Dj9K!(~)vVQ*h)W9>s3` zY`+e6`Ia9#749HvS3#=EIIwK^Zu>4{-}DEZBWIQ2}A}` z+~W-BqhqO{J;qmnhS=X6)dngsoKdx>AG=%SLm}9%W)#e9--VWghLv6a3#+>i?8eHU zKCZ{!c*y*S8(HO`L9;egaG>aGl_={I?;i8ZAcH$`Xx@|WjNy%Fvj8X*xU4x03cUkQ zW7*^$kryuWfz9R_*>zpcLyPw$KO!)smz%HV*~(OorHB$9iA`R}mz{2h3TVy?8u@RKL#&zh>fd&k=K72613+vwIE!zzILC@lx>F0ut3PiuLIqqqm8_Vob=y(H$EwgQ!4j56*FU4FZ80dA!zJ_gZ-f_w; zjuJ8H%;t}Eg^?K5!}Lkc(RpSU`r@<{e|h)A6VVx+m?fr(9Vj8!)cB`k6a2l^>EaCN zIT3ow{u@b>43zCX6bQb*6o<9(e?5haO`)6&0Rr)w;hz}?4ybBwmsZhd95KC5-7olB zE}g4TZ+t2U^~?PPzr8VoeR(mjeCP)*>{5Piq*4+@N1PzW@IGVs$7-o9+Zz6*9R8`$ zK0$#zxy)EF6#w#VtlIjZv--2E8qsGt!kyLW*%a^a9vFUL*%u-2VH4_$M|EFRyxU{_u&Ms7XtakKy3=&n#+zx%C1!@IQE` zHbCPdC?K#!Rq*$k>@lo14jUt|A#Y4C5P z4=}}3&@xc`^*PO%F(!y$+Og8C01ex|OcbWgP$_8A_3n`C@qLV|eu55rU(n(RtJ|I! z@PLKlhJE^gzXZF}GKS>~9vBci>f6mg4My7S1Dv`UCxdVrK{;^>zi@+SEr&D45R`8q%CqI|>I(yLl<0^0JVwi6e|J;4E1`yg(f+14mcXVeWRM$Nxq z`IdCxr8q6hBq!AS?Tq}#xQGKd=i9|vB{IWw)9k;*17x(jUb#t@tjTXOB7WjF`f?R0 zTe`YTB;(@a!R587YdP+0U#@@n&HQY`k%wNn@j7PRKb9Q zkv~cEH`h94yL%3Cxj%E={aarwOv!Fe4PSzv(ZrJ28qF8M2clP3~M8lcWc3q6@I`(|% zR!tz7w^1e_@&fu8l(csGnpsh^-yEop!OE&FHHV|7{$z8s9-0_16@G~Q#}cPh1D1mY z!%*hENeXf8aSF*VLH6qx^msf(0A^d5pr1MWI(M`C6OIX;J=*w*&n)w%I~FA8Uq;qT zYW21qnNB$u8uRtTr71<*Nsex|br28VI+{!34B19H_hUD#nhPAHw{H5C7mUmO>oXb!EGG2+1^n)i$De~Q z)3H9f&5I(T9}JGmWZBAX#7I$9CbR~Fdi#E^!Y193*5l?cqsvJ5$)8G(69_!(mmf^? zOt+$TIe05V;<75{Zsw;Wm5yw`yBO*ny=6ZZ_ljnDJ`1nVyqujfEOq5KddG>LeYEh1 z)T+{%g1Yf1jErDAe?RHL2ZX;Y1(zE4YoYxht}}#~!0_H?36F}at?$Eqi?uxGar=2dA zOGg%;X`KJ&dZFXhzv<(A@O({eXF}MGkxoQ1i0e2^z+KpsKOwtq1nM2j4i%4THxqDQ z9NybVr8J%$j+-X>9JU3-s4%u^ZJSEDyz7NUwSuy!a=)XHi<^Ehbk0Lmb+;>cJ|X0g zi?cioRZcjrHyD{|IZ;==n=*77DM_@=C(dLGC?n6LM+?W%fvhrgQsVgv(1q`U4aWMF zG(Ep&J6>`~oF?2}0|)j{*qrpbEKA_V%Xy=kx%j1|ae3_;r^V%l5N2 zILgk6c+7GDC}lN^aT^I)=2cnSbt*~)KS5^WSSVsh*;V#G5clV&=qHjD^GSl-mOIdn zx=mHIy^AwJSl4i6L(Ocsd@mwixAG$EX%^NiW}zvDXSlHg&OmSgBQXS&>JfA_&=E~= z76S|X!sI7z1$yO6XiZd5a*FVa z(BXN_inOGebt}?Yfu=7UNn5ZUYjZZu>Yh~J(&VBbZ{u3&;E$m-x0MgHv~>Eu`?hj5 zZBb%)mYIqGEyy>VoO)_;224bSH5HfVe}qi~vmJ`x67kB!^H0khWZ%4zau~stns+^n z#2WP3chSs$*))OGl2}MIZbsS*dAQg&Rm`?0Zc@_if0A!0tWA_*)qyK`h-}BXmriDP zcc@}?J0bOa`BWOExc5|**jcAM37#lzRi9ieOeb&wnqK`Wh#^8r3KKqDcz8|}coa8? zIrV3p+dM=>oDqVN=A7%+|Dfsp51PyWL6Z&7BLl_*gpuc(R+02XFw7#!KVh2Qw~}J_ za$X;KBZ8>}U9j|rO?TOkWdV7Mf$Rua8%@;Ii%$!5hfQDX}X4 z8wjmD681-k$@>NdywVc$?Y)`84d;SESO;Zia_3@<_Y3nSc*gYdY|cqRx>sL58<0oR zVJ+C}9GuSDs>{hTTcb;m$++%%*jZid)3k=0dcNsCPa5vXzTaF(f+=b2Cu(I%nl96J zV&@7AZ~8Ez$Q~IRGcXc-+fflXX8n;H2A4WMVI8^89UL2;8O&(&g8=?foMEb;95CHL zn5ZEcKq{gxku9{%hV4j2%IvIF1{6&UQO{PUD;J5J{HW%5q?u##xmjSdm#Py&ag?5I zoyd?3R?4oP`+g2c?u}Qjb8i&wWsgHkNgVA!#~rFLpAJiXC{F}WadL=>2)u}}aX0c@ zz1!3!L{B@q9;mV`(t1RiTbcUYhlJXjV#-jN@Mq_J5NG9O=6?{M=Vy-I0y2n{6;wjf zdX$vDU^SWp-(LbTZmm7;L%ySDYMZP466>Ok_MZSHQhn=4kr(4nvWMx-sZnT2u2Fpq zzr=FSp*KK4!5P7pZpvjpFgG!COecw_A&*f=QD_qw3HB3?MD~VHX1k{&Njw5XoimC_ zVW|=@yM*(ZzK8pf+hBPw1Il9eT}5@*1^x4j37^w`=&HqUJWI?!iZiHa1$z}-K4Yeb zamJ~Lo_=#esQP?U!RKyht**T%7aT!*@n7VDweZpJt-b9yVGl6dQ9czv2!FCvpJkjy zHnyVt-ia(<<8;D;TpQ&=bC-Ugv1FrW5nS6%k0G8@Gc11X6T|uEhWALu-=j_! zrD?Y_!YnJ_H^+4NmwS2vMJWB5sVL44eh*S?()Kv*$msU5GfX2F31iD)xI=_U4m%f$ zH4!U~nzFe*^_Z~oN=JAlv)UKFP2N|u&Da{x=D|D7CX@TU23WmMOS4n55zfVkq_|UD zXU--;4*OVt0B+O1e$o>B#&j@#U^K#D43+(!fidYaSl@M0iviZE{G@AOZr(k7_h^aH zqoOY2I#R$?yPryI+UOfg?tPQo^KSu(cZSiUdd5-mG&{*ChbZ!_sTt}UkNi)Vak2c7 zJA11?tCpWJl6~A`WORu=-c@}>D|hRH3Q{)J@W@n(fMHpca`d#<41;%CM^ay6hsu4y zgS6})Ra7a)e9=^(!7umad#L^?^$i6H+F`E?LCC+*!9?YWiwAmC2E zcXP9)$va^ay)4TBJ2@->aF>Vdlo$BX)ROtr)S7h>;LZ5!RpQO39;Jqv1Klf)O`+^3 zX@f(+IdR{}@{9j6D^j1=bK$H-uHi+WOMGv|q>n|2_gA%(4ydYXmYJJe{1@)$Od}$c zdX#Pa6|1qVb+coQg)v2iQ#=EAp=`37{pzH*!LKEr=f}qZ$7N3|p~XrmkHLAjOVp_# zgI{+%&uA{Z>#UPaKG^LDuY}lnM?lK=E%vM*RiR&s55*Q1Z zyv-S}?G1cyq77#WtIeUeiVlhzb{|JJrQ(^f)zgr;1_eC5-yHq+>jtPBU)>`e<<#^# z*Q(kOn@=4TO)0vfv)41D1-tpxQG64AOH>}Eb>5dQ24cfpKtbz{mN_77S#<&>JsqGo z{mHZDIxol7E4vxkx=Qg(ngjS1axAf+mdflCxqc4vyvImh8Xa_*y`*7T*+`Cb{BxD+UT9rf^!@#R;`N6Qw!U4IL$9l zb?yz@uQiE0@O>B_q{}ceZhZ?ouJ7trUzoOiz-*We0VoUa|8$yo3uglcYs`Pk!c)@-nImA>H1#Qi73LV4R=#cP7A;30CpJ!T%z(rN zY}tb}J|hV#@TaLU<(8jl{(P&Jhr@Ac{!9Y$TYMC<@c}(R86D(QIu1YwMm$T43bZ-njFQ?f%zf({BfFXRn>? zwDIU-yX}Vsw7i}1rngNcLPUJ(F&Y)ZR#Fb_X&b-kJ`V^}(y41bXuCdVBwe?Z^_lb$ zof$@O3W+YD8D3VVue*`Fs-zXUNxa^CpGAjMx9O&a-h`2dwLN1cJ^NbsW{(%yCW5!shOtEbX4Bhk z1L&iPxm+hyE<=?PB938>Fz13@*=B0De8Z&YrpYPL5E{E18AH~MhoyHfC)c+b)JfS; z?B;Kh(SaV5S6)s0uD!hCJhpE!nA~srU{eY$)4k?%T<-&Vd!(Xe_oM%u{rSVRUAE16 zyGZROhepIU>$P1XpkG?rKVjgR%v9`T9NyJeW%-Ks7Rbs8dx^yYzbhqZT=EkuSN&|o zj%EUCs9wd;!+!Vf)=u}eb(f1R3sSsX@urQxw~0y}wC14mCQs9b#ZUcWnO9ALl!|~h z1kpio_lhi2ubll+wDoHczYubiE=b24#u&4YAb`7KMdQl)M>-#5)HH%yY(Y${0EFV~SB3T)_! zp^FNss%@-N?aJcp8f_~Y!}AKt`D2iiUw-0C9J(;-;D6DYD@d7li8HY?O*m%SP?fVZ z<|{#06(XWGz1yN@g`TLms)Iu0Rt6>sF(CtmYR6>x%hOQh0-q!cMO=GURA^!lbcl3; z%KS#LUWZb~0F2Ujezk3AWa(QDTK5&q<``9}Y_hrLHCZF|Bw2zd3EJWn736E2wD^Oc z1E@8c@uQZ-ODadB5rtsQ%z{zu%G0gLzo4PIcBN$?QjYwWCqXlJ%`H`Z#Z>bH2S(@AWD7szXI>9eONDd)HluS%mWT4~pwj5!<5eL>pgW4p8N4?2*ty76AUGil9oD8(=* zwmTG&DwpehJ2$AK3w#3f3lvnK+HoMF^O7JSTYJ>PvvFCOS4CjUJJ^7q_kg{YQ76mm zbD-li*y>JZ?b|a0^K9IvuDF7a>lXORA)WuapTD}q`o}&g&ba|g`?`PWSRr}0ghyBT zSYdXzCOt@5B@5bvwn_$b_?J(p);a2!FqRZ|{$_WRlMl)9>Epc^?c!h<0i1LvZ;a=g zoAT=1=dXYFf|uMqP8uM;oCkCf8hx|*2=u}s?V#_X#b3X~abMG4zXhQZy?$X%(iWj= zw#}e?L(S}&ux5x#u?hzFueKV(N>(&HI5QbLBU@nZTd4D@fNV)9I+z>n@e@nI*Ps;gO%fAH51D30|v?YMB>*ZyMAaHv-gYEOw z$ZDpEmvB7_s-=ZAA6ukIM8_5$e)?|+cWju=%(^F`QI=qA1i$dL8}t3)jW7HTKKr~8 z@*7DOc8&^Wa$eL^0BU0+BqXU0es@NYJ}aNcp*s1lnNb);1|htzzN4pfg~DuAuBeN^)=Q&`qxjo?^p?N(wD z8l}NC4u9SHfFH9aMT57!_ty=SN#T$sjVz zpeu1`0?Vop|3sEqgTxY&C-WR>rP@hdWMXYm#kLQutw|rYFHvkr$##z_Y-|ZduxF7= z$}p3{RnlO}uW?cXQ~x!U=>xei!IY>$m=rgV(Xq{cQJO@$w zq^?X{y_t1wHogN%xZWG*mv}rTzKRa3YC6EbcgNvIz3o8niph6nJ$1F>J+M}{eip`7 zcVySiv(+`S8Qfxhy@ZOaISB_9R7T4h&I3u7cHumUPIM5qrsE+nm{{t95!(y-TP`eN zORMJRaxKaa*_0d9Z7#P&XTtF zM+XI5=2S%Lb!}C0HO#l0j%mu67pbr24R&%7(M|!;6d~fo~Fj1Z~oJ zp?h*foNf|b!fC>~)-lCB=8l96`>-RHB93cwB@?HqS1`!D#HMUAH$pyf6M2&aT0~T` zj(j9ZUonz_hYHo%)vO5a=vvfbf+g9p5#F7_TA8dd?$K%GXM+X;}a)Su?@>GSo7$8pH?aNZv3 z1hE6WI}Are^FA+pU7b|-V*?Ei$q+axq1eg(-~;`+Yw2@&$ZB@$(77I)$9%pUjHBKW zJm7qSKg(2g%h=w+1Asp}AWa;4$!_4ToztD5y)9_q_bfC~LL8qL@urxSwtrR$WD4qs z&2$y|yNW$^FRRbBJfn@Xvo;@#`9=fmf3=hu?JnXmT&{)IlO(k`5CVmE|5QG_g2$|~ z1Kg#YTIiSmNvOL873?MfF9g?R`@2b!uj^hpex6d#-%FyK1KQiK zJgf`f)_k@Tfe$Nss=6(C~MCk>E zUD{8LkG6hBq3Qtq{?23l{_$>E#Fg{=)!|jv9?VLFcO7C9%J<$7HxshEyj6gX2Y;VA zW{XDS+wE?8^6Y;dUxoM%a?eogBXSZu7E>^X3?2Jd+;DgYd3K&;|bnmuj1Z zbEQRSe>8$vL&{_pA}o$D0Uui?*X-J4364fCGTR`Zt4+fSX``dNqXETVqd(h5V;FB} zsUna3^z{d2DHe_5&SVBN$KwNhPUUFc%IX5{0{}IhMcsxPv#%|OlH>!Y4?H#rvn3v~ zQ(n64k<=qVk%S248uvS`m4I8 zfjUwY2DEAJwg?YB&6%DG_8VH^8*lMP1p&^J4?S(pNLI;Vlvwlev!mnJw@RIVjBY2F z0dUppacvoj$$&8f@cU{P!riTf8BE3?u(s#WFr(>Xxw`wIZ?mE_9?Ixw{Qtn6fkt90%5I9f`$C#Ykx zwlc`i4~y7UL!hpIK~(66dve<9_k4Y44KT}BPL%%KOI;PnaDV0OTMnzqdb%0`2RYSz z>xQH`5zlJg=_C*YqZWtq*Nl)cxb3Dj5R>qFLbL_}b7oTE>j#H}6W1y{Wqo$&cF3pYv9cDV{8IJD^=)_n5?Gd^ERnSO&ZV`tLkx_0^m#j)!10i4om znu{)%j|SpcXs>6fJnkJ|vh(-A&`xh$_bYqP;i+)ml|vc@tU+=;8uWBm-93&Wu7NiH zXZEGih}S}vB8SMVhOYctFn)ZxOkd56@vdt+Jr_4z~}ETnipc=fUL3sgHfgo83xGU5{doJ0stbU6He zgpQ4%CR0P{Yx*u2xuDq;xU2tzHGKX^8N_KhffU)GR^Dy-zM3P_OUhpyZ0##5uO#%< zF|@oQ(r~2<=S`T7tt*~?nrs|99U+UlZusPMo4Ix#tqD*o?|k?B7XTgOmn@TN0c+%A z6e8BF=h=LYY6~wcLs}p0Y5r}D7TG5_6TpqE`utG=J*Z1ddJD9t&WCJ<4^jxz6YAefZ~LJBSEQ& zlTO@J=`_H^!-ZSBSf>uT@2fS@3U`ls>}wRQ_J5zJ=*JsCP*i=AEg-L`?~00wQJRUO1#B^4E=WC@&U4=DAA0ROfw^Is{RNc6D`BA%Yh zcegSkyq68qfqo(!>IHc` z$B&<|M)e?Oxub+2l_OUK3s8zxx2HeM^N8#HX)R*`COBoqPa)_(7HInv&;w$ej*3(t z$)~dxkF?QLzJAGBrT#7QvmA@K|K%Qb-*U)au6p%NK3s*jXHJ+dc(hp`8#=@E{p=bA zl@D2f$zd)f;AxL4tHZ=BWU}N;dv4RYq=*y&J<*9gT;#-%c5(QP?n~iVMJ)HIk&aGh z((DWh7|S>nQATqw>n@X%)SUZ}V}tq>VZ%G$vN7pOwgGmr+q4vH*zEZDtRlQ}Gz{td zoNiev4YjSCBE&goU9wr$rCfdQ{8v|)=Ze^#q(Kya9+8a7Nu}i+&mFad)!wZ!6dzRd zfZsl^ft3N-(p>nqe=RINv4T56<@dQC6Qc(K$a<=r!MaX$JcKpN99Q*uPw>7}C-v+s zid0W>?_B@Ub}>@Q-DZo?>oIpXk*d%3WaWL>p{h>$l5n9vJ@U8@YxY*~nBYZ9CG-%y z<`hGCNFXJbcMSUaBs%X4Ql^iQed$bRJEv*WnN!fX@V+H(4q~ad5IOy5iOO4RDQX@7 zu+m%5ngd#%bJ9*xEOK-Dp#OCG|Pi9z$suo$FM zRAJZR(&qiFeWBo(n?T@*9RJdx@k)B@uvED<(PUan7lPv~m^t^Aq9kfV4h$z( zgp8e|i`ST%9;B=g)E!qG@<7Jri4+#9}GL;7;e>X}8%3xUlB^#cA@&S+^^=-jk||<=X7Xpoi`15r>|JCceZsQF~4u z!_~z>tw0mgA?9eWhx<@BL*XuoARRW9e8l3)OIGvra^KI_yy;Q!M!yuF5D^gpHfu@# z5#&J3)z=Y`9f=v|i2JCFGSnjt_$a}Vq|M`b3^K(@!w_@D`(fs)D6HzQsk_KgLGtZ^ zzx-(xq9`l~zA#WWzrBmJUPDzTy|XXZ0DB|COn7g{%sMBE=|EEQ;dBVy zXwFkd&V+u}|8eDoUwQY1x=~*gEqJbKx~S#dIr(m@^hQ7h_f`N*^nm5OW)w~1Cl(Zy zuOx8(hghiVGq(HN6CrBHk9lp+GNfF8EUGltU5}P?psJ*t|KHvsK?Ay%m3#xb{}~48 zXhM;hK9mMI#nQ9Tk2P{Y`8wZv1V-uYXq2*NLi4P$=cv|+lhZ#Lp!c|ZIMeJ~6}UkQ z-7z|!>6ge4&%mS$6p&qpLCfsl=>EKBv_GakO}(E~s9rEYQ{<&jC5J(0z14V_OowzvR0ITEg^JmimlUL`|$r zY?{WbM7L{arQve`n0N=}YNy3n8$*4#`AR4bF0sr}@ z(h(1_u$neXFv;!?vM9+U>OP`T=@~I8Mx(OFqW+wpPvWHx0gaMyyi@s#*}KQ4))S&3 zz(HBl-iz*dM8DAWVictNEAq@$c&7~N$sTYL?N(JItqHJU*&`hB8N9vZcrU~MZ~56-qfv&7 zAFkd+ePK}-SvJ8R>75@-3|)ACqz``l6y^*i;081LzR2^-U`*`U-ubvCt=qyq&ZK`| zAl%)IWDZqi!#}sexN=?M|o@Yp3#xz3^$45&LA6&ig5RvD@M8esxt7 zK<$UAY0t28q-oai0#20KLX3zlO@?cyGDf87F@EW^m8>>A@>?CM>?1F8v|fGF-|0U( zw1Bo@8&pZ=WvG@J%{dp7!+WOAA>>rVgrEZG>7c=44f1=QI6XRzHcvKl*Tk_*7w2JS9fM%NP`}xmVPbS@OhLpxc1kp0>kh9{xC52~i ze9CI9B1~*wdmgIBU8(M(UXLKAr0kag0b6^chOaXAU$uAdersZ_`bD^mS~c2`AhVVw ziAO>#3)My;2?ed@gZN|%gvkXNna3Y&Zz&BC7HTrR?KT5CXq9Rou7?>vmsHY{0oDjI zuxrC(@BvkObW}RlYB;Gb4TkS--ToQo|Dm?a(3kISXfvl2%K7#@le2A#HzoBqH}rMs zTG?dYM}-4sGvcwAg$RusYORHQL^k%e+pCPV&}JxC1$`ykqM_M=ktuH^?gaF~7iKyd zV+3^NW+R8UGYHeo!QaVB3bzbEjmL$yuHYY7Kd#Y)6}iy zr&oJU8^Ve{I?EekgY<1{+|ah3PiZ^hlOq2>H&k7mZY`PG%C5>M_Ty=x%cH1uEzM)Q zPCf=aAl`3g^21_!(^&XuW0e!gWHjHqY6|JtI8o8X(+UOE&n?xVXlDojmU!Q}6mA-6 zgO4pI*d=8GT9MOkZ#Op)h_fvITWCL)3KP10V#vrLw5B#Tuw>%iLm|&TzQsQPt*{X7 z6bpsRS4Y@M-7a2*Fg@p{+R*6c-%*}`_$5Wj$P1GZ8;-p96FJ2;_*dpp=3~!kj}-oA zfRaE*eS&x}1;x=|7XV6^JEK5qasnM>CW4BIK|5G1;MAR3X^kX&z16)^v-djynrKaV z*ps&x+Hiacm>>i}>C4Ue_je{81%J?|8>tM%*&c_H8b#)gqR6_MvDF#ia;uDJs9xWyC9thu;15q*cCh#=jWkkcOy7E z9xBot1(0$wC^5^K$KhT*NUV+p8TKN&{j1XJOs?3*_R!-jJbwif#%2CMp*Jtx`R`Mt z;L0jHii83E}k_aj`7rEY^>=f7)b0vp#)tTokyOTrX zVxzbVFzI=rSGV9%;Q+ahqhZNW6amB+p?%E|l)P_S$a4f6ZT`K0y1Mut z#GnkabPb$jJnQeR$`R>RQ3mYIpz1kbP_J5)NX=pjNAeKA;I|4!V8`VliIGd$um~Kn zYGK}PNe3Delgc(Rc^r)4tcvm&@D~hqHPV2vD2K#knT|LVY4QV9e=#T_>7EKTsY`%V zWbm}Y4bnV4wKB3-nrm0tGW6oARklDo|K4r>GBl%U^SSFtPy2asC`htX*dhqP;HgC9M-{XZVi6o}KREQ)pwn0Lk(4OnX zOk_6hn{IugF@V+$^df&1y6?@1qVFmy8|qQv0_?=M9;Lrvb*x^z9z`d|DRfVc8Q~kU zk$gioj&H~&^9|VyD>ncWi{DarQ6LlPhGe0v8rxAwmE$DAn(epL{T~s^0kn|YsCin_ zmMKCAPXY!^yY5vaSk}8%8K@~j`gj&|m`wXs!>KU**h6SXXyPZ|#iR4u{d~htMfQ93 zNQ8dzTCEj@a@%!}XsVu>8D{K9MN#DCJssTcTuSVhDwAbJ&mO?1>-o2y4|zxTYr$RQ zZ-RE7!SvRLZZMK(b<)qCM0vzXzL!;TT0+0N;~n3!!qt(FEAGz_V6vrKDH7G{i7&r` z73Sk1NY>+_U74Qg4WaZRoD|%WYybH9%ZYw!y|W6tMo*m6F3ls;;A)b`3tm)hYqR^5 zkK(kG*Xom^X*O?L#!Cg88K7P=XgzJD>`DJ_^_b9aV}%Dl()?4Z{6xQ1QP{T*v9L|3 z$cSdwXT^l&!3Bs1-t@&!p3}nizcpQn7}`{zjO>X*+Gc<$diGaU`f}c<&D&~P-5NW< z$5ScbBWwe(Kyt`=*g`9vVsH`Lr`Id*mLyA_nD~_^W zWT2}yD4+;uqJgEozUod4>u{h0F1X=$x*6d$A?Fkw z`Gg9h{L_e809j0UjAS)?S+!rxD2h4mm6$yR9B^%tbPad!d7g~fQ(dGtvyq3@h?*sk z0&3Nygt%!@5I-%3btv}JH`QY9WJD1glWM}2U%ZQ^+D%*9c4kr8xZL(_7%qt7kga3| z&kBSb50}wTrHt9UcGfAQf0qqQ0?qHD)SrEKH z&+FCQ!gWua?`bPR_{mv++V4wG?X>W8m;J{-^76f<0Y2o;^Ork>&ca{w?tr$BfBNz} zU#E8qPyDN0t($9lvx`dAGY8Hd+f>Q-GT+^DZr)v;uL>6i)zS~nocRKnkNcfJ$s?Ao z_8$}VTOGZ3&);eNGOAs*bKitIDlI5F&_tcBMCX{!Iv54D0Ql*Xhq3F!8fppfL)KHO z*H_xQ5|m)NuT~b7Aw_|6k6rYnV#{J{7VDZfN^G6n4A$lhi`4K8_kcO{ z`MdFXQwOTT^C`MS7Rt6bHmWr1D^WW-kt$Y86j*JMy~;gTyi0P6Ya4s8Nzr^IDOt^W zvY|U#wB#+ri5c8ypGMnvmhwU)UrjVpJ6dDqI_Bc?09zh=vQm>73`2;3=(ci~$(aZd z$vzQa9gZ@w>fZ5+xsh;%=58?@Hh?z3ltz1@=h?jb`6hy+DwV;9%KbEv{WD%mi;HDZ z60>}!yo?)*9k2_8OGNs9MR7ZgYl%ky4}ihhYc8 zC%keSfs99YG40kz6IOw{03!iPUKe3aqVNnm?tEh4@a%+7#nvsR_ujl*R z-gJK&(LPb5IEfbYPi6Ob^{a>WWYTzb3Qf5pUTnW&S)uA=;F}gT750$nms_E}&FLA& z#~#N1!V=2F5{h~@pmc&_e2HOwiJ|ACZMR1Kk1v2ARiw*`T6fB)^7`oS62owt*Ir;p zxv$?b%7mNfpd)MS&EcQ2xA=KK)>v@!9I66fi9?$SoUy_OA0PeIjwSqG?)IU#iJ=dS zk1LK~k8X>v&kxHFCjtW4nybfQTK!slsw1zO7OxAt9&|Ycz!=PJ$CT5S*%jvnv8Jo7 z@;ZsVrl)AeDZyRR+e<-jr7B=Y?ee>Tb!K+vA<@Y5WV{8H&CG`Agn%~{8_2nK_lR5T zbLd|Aa93^Az}y7D_D9X5n&M{@&+avl!_ z=oFb<;e7X_n@RXtcm!W%qynf5rpT~61KP;U`Gp~fb!gG*!VInAE z@w(Y;DB&g4uJQ^hUNbT;q6@?NV=<1haddao$y9nu084v0kIRi6{9itaT^J7vT{kdp zWR&D@!TUyJc`9gm#H(;zOGSvKw_*`YYu-kH5QRKEs)B66n zq<>aRVxAPFEVyb-<%f+Kv&>Vg04QTETXCn093pdS2s&!ho7NV zbEp>5qh0!3PBFt1>dm>RRLdQb z&LB(xW!z9D?U#x{Hl#=g;`)b_%-}`xEzD#w_lT8g!COOZ9L0((8fw(z28=kn5$3gM z-_+fmbV=nk1V5w5P+(6a=bH9Al*^C-FJt9ifwq}4J1k8m3;KQoO|OU0_PC@mJYW{F zghrmjG2+HCwafLfakIlJS$Bjci7^H}h0eF;jpo_R!A>3jLQ!#Pe)~9UA%@VtsPJr2 z5&nJ;?IHnU=D6wL2QjE8BBeqKal*R^w-W)e@Ig!BfPw^Wg1DKa=Ju3z!D!O}_yP-* zl6L+@5KuDd@D8E0A{4=L%=tkQD}wxlLJ{yom{1dps=LbXuebaP6#wPE4Z%((ZxPsi zVP|O-0~otTuIVM4ja7e2J5ZEgh|!0nzcW;iAv5%kaj?(E3|UU;VJ%*D&1S{R99Zud zuVi&#=FZ!i3IG{S(K(Z>eY|=AH{Mh2=V5$o)l18#f*P+A8(HB$G}gp-*1v(ysy(`< zmC&{jrpI)T8t9enQ)P8a5_`UINat@mb3NE4YmVyWYyUFfAF3<0#}G*(lZ=wh zagu9X9booMLh00ua0>C0v%47Hydnz;EitpAy$r`DcS%I=;F zoEH|>Hz}7k1sW%rCSG+AqYI*p@@a)G(9P@Fqz{A-?MJow{Hfvs)9ix>^o80px=ww0vNV18s_+>4c%Is8fqhRh@plYg0KeeHy zjhFQ_W?z^Cf9`?;j0V!GiG_911>%Stm+M z63xSB8i$2hOsG>^IM-ieDCcxku$bv36B&qcNT;x?QUNfx|>!&oNaF&QmwpA zb5gHV@?P34s?KiJQd@HD$7&Yeuc%Ye(p45Ul<(X>HILVNS2yT|B^xzA$SweB$YLIv zp8jz>SMCjUAjD!kDD8=646U(OC)}72K|@rnMo;V>8JE+@8_w=i-}6lCx+vpO6-66>SrRsw_#`{xZN zE8wwMV~NOR^e>Z*$>gmUQ&7()EDqMv_^2crcA2UI#0{oXDZYrA0|7U4K}cqzG0P2i zJxO5}-V`A?(9sCKIE0CgUbMZyPz&oUNnp50%XOSe7*(XGCDB4GHlM^;iGrI|Bv1KZ zl+v71@f@s>AFZj80g3ahSR}@yl$*?E4zPv($V(!QSp*rwfq{tYxcu7z?ABv5T;;wE z=@d^64{Lv$0P92%w83i_g%TCrBk#b&CyK~#^c1U786$bB6nPM}=^wA_9AlMiF}G~au@-K-+LF9PxA z@;xuYV`hxS-Q(X@k+Lmmcb2&)c-&_QPy}OENF-9yi!-{6z|zl6)A!z_l^K2xO_cO> zR)}?-?ROyDZ805txQqVl3_8oj0tnh6Qj=S>C*4x{0q4;euI_xUUmr}7(^Ep!$osK^ zbkjv@WZAR&aPWssN--BD543!9zYU{TRic56+n+w~GM%XFUqS3@Ky+{01N)XyzpOJ- zOztH~Mvw0m7aA1t)*Z?e{U`Nuf%V4OV8+;o0^d7MfRA9|M@7#bQm7fp`<7 zU<=ur|BR9pneP5wB{9+^{)N^0Wc#D{%*>1n_AmBg6uU_|!%TX-MqJF40U8+1wN?DM6xVxiAA8|1jmd5Kj1$8}lwWu`xOgmuT38vGB2mS0sR` zG7&1?aI(>eNV|CIJ{Y-l<;4k1v5l}tyH_XDVjB}5r%pj4ZOT^xdJ`!E2p zz}r2y6?1N(2zq7_M*TQ}vMq_SfC||(3Wmvs6+?d5vs5UFOF9GmBbf!qKDbLN*9nhE z5ibxd#S;;1lR2Cyc9XA=|ApPzq!lP=)U)rZ{|sQxENWBvCDqcfrQiis z*djbxA(V+OEn|6cs%e64l9Ja@T%Tw+Kv`y0f>Q$-JnkpAh%peJWm&2T)MWnUQb!?; z6PUqF?xxw)W?q~2cS3haWHVw}PR8Na%HD{z9!35TMagGWU;(KJ zp^{LXPD|#gQhs&kC*2;IO5LU9{$)B1V6VBH<{f$UDVsQMz&P#vDO+7sB=|DY zqqBcZr#_CXx^?geVIuibWoc@*zJlBSsiFgmw_2^mN3YuEblb{Q`gm#Ft>(<^qDyOS zT6GJUtp=dk*HdLLEL|GsPZi>M;i)py~ zdw%>dUe|ENQ&5%3;BLC*c`@Emn5`KAgC|sO1qUysWelV6W|c_y)?h~_y;E1kT?Xm8 zC16fD3m+puWbc3=z+RbiDEFa%qXAdHaj#d&~smL=Fwh|k6HqoPDu z+02u*40X{k>{hV7<-BZ})<$t<%B#EboV-tsrcrR%r5TwQ<=Uv8Ic&772mCRDk(m3z zaKQAmr;$BJ&;QNIG z@O;~D1$Etmd!c!!ig-WL(|?qYNM?WUh$b@0tS`fdqKktGkadq~Yhg5dfT~dg_1qOY z$xXtwh!8F-OCge=0{coT==i=B*2!%sw8BkLY+$bt)+j;2%~CQD%hZgv8kJxH2Gz*H zU<=TskR&)=AjY^nV2$vb5I+f=Kw=012ar6&NxvQFh+_W+3fc8*1_TFb!|M7kNm;;E zsR^|96^9}R9>bf$6MQgLCf^P(NokJP0-A3(;J)}N&$9`VScRk6qYxHl1q^VxmEYii z#*KRrf}a>=?VtVzuS?N4YQ4C=-h_C~lZfHBCD^8s&^{o$+H1zrEFW)0+9RoeKUuy! z`kK}WLu#gcN^%S+kj9?2yQPVEQlh<&E5>{F&v+olb}~v?WE5p$TflKiC*WEo=kRC} zMgMA?B!g3nT0`m90U5V&3{xc~%^1S@9trenD7M+#7H0Dk5GeJ7EDR$}RnAQg)A;eI zp@>6~ww8p}x1n(a(>Yck4a^e&T$5HFro}Z`?3S7TJ#*XP*&l(9Toc*8A>|mZg&!5R z1(cc`Pvagi8EIfLyN(1;e2wK%dR{i6=w>?NOPjH3(D%Zk(Rac+hf1Y4jVI~qX;q#$ z+7-MXNee^bV;tt${0AMECuYE0I$jpWD3_#_Xlk160@M&;k(|s6lbZ&>4f6~-mBdd< zGPamA6sjF#2lk~c{R!=3G*irzN||gQht}{NC!A^@*VJ@{)w~S!{E@LY$RS2oX?I)e z?j?|UG0M@;ax3d-gd2oUOu@}0R~HnimJCxa6gNSu3guwlqFh=xWOJ;nxx(Bp!*d*` z{`M$nw(HfiYjSH=JkAKXY!E4D{#8b+Rsk1GJ0_JJy(h|q)qXqSseEz5a9~(3JP@}* zHjN_OPU&@z87W`?dt6{z3YQRaPa{&5I%qM)XlR^pr&y%^RwY=eOT&{|rv7eCpk6BL zAQW5UVwPQH{@bgWQBm-&$)KO3aQq?H1iwv;9lyq&fkQx=K?cZ$!>&tX)#9Q+#1^3- z$(WY3XK9$mWEmdjZ(2{Bv-nQ0%zmd=@lx0SZ-JnD=GsMk?k+tGfG zZ)ytQ>KnpfTdjE5Mm}$W;3<& zy53OgDl{s&&iywtbFH8Jn@~L;GwDtGEA@iR6KGWda2!)>7f;z_PLNJVclS7RqFP`< zoN%N!&G={7K3gnf+$*;165l5~&u!ZLenuRSX#x{@NnEusF{vBu+Cj1*N(o+i)a-+^ zJ73~`uDIH8e+t!^+(+xnHECDO92IQ4#C1daKy0|tK~-^TvxdB|cs!c{f#&hssIlOEWdlHL!}L&Y{v|t^VD>f@DHVtdOWO zOsocZqM*j-*xTvI_M_c%z>mvE{z6gySK++UrkDHhJnAl)ehTS_@41PE(bqBh* zrkj~u!AM`p*FH7JUh5O0*`i4TdvBp7>?_=1={lLyM;Gb*{kUMJZs&NnTGA?-(?{ZD-(dvicNoF;9Yz>@hY{i5VMK$`vc*Ogj|FHp(1M1d zd#;4beD;wGa!yKKuaMWi9^kOf*`AA z`T;!KDCi?-!M6jZW8>i?=qQ+<92Ky$T?dGJa&pMEuYB(T=6vD9>JJS($vf!ci?rC- zJUQm)M(>I;z)vT|;o4<#Zob!ZZkC|O?F)4$wbiXz?$dbW51*Nx%f=#LHGTyC!h`V& zNBE8|7^_83A?rl#K+==2nXW* z9L%{40_j|1_JaH6tx0Td#tnd&*i%LMzMvNn@%t4R_BZRzXFta&y78cq1~4H=b4kD% zm;R_v#jSnUh3LFEpPT=YsyckJ2_9!9W?QH`%5U63z(6b#;IfY&91dJZ?}b7FU#Rxa zFX%=^M14@|y#RIZpcp{kQa9XLsO%@)`ql4lA^pt%hoyfZ$VC zKn7NfATw9ENsoqmUAq_f{zIQjnCzK5dZwIXd$E~~9BP`|sfWV2cg=t$nfnI zG`9Equ;3W7ZhWqW)uJJhgKKg5_m0>cO2qMKZhPhAgmd4)wF?#w&U#s?0)nQmznFZZ zF2h)7dWVdKi^lB?KoCCBzhrBQ)IL1j_UJt(H}13+LRo`VLz3p>5Zlwk1!6AlBW%x=E5OLz{t*sE}2zx;gHm5B|+H6VC;hGtC<` zwji{>*R5Bd0e0H=Ua;!3z9jngyT4yIZ&$oMQm-<9zRBpg?1-#-cez|RcN*&NKbSm4 zNBBmsr1|C(xawp9=f>z7+Iz$iLVtYDEwF6M;Z+_xn}xx3;5_9s9bIjgD!iPiO^{BF zF`pp?Cl<#{{e&mMCrRmt!Tx;|5am=bF4>y#%h_+q77!s|;gq5%-_Q=nXx7ewffmXG zrkp=VlQ~e|I}H3sBp5Qz&(Qv|~o0)BFDe4$T;^62I}Kj3&w%;&#v= zin^^H@uFVE^T@(zF(weuGc}u%(&(gFu^I&to$b_BhnE$Qyu4t@%;i_`-`^fWvuymd_Gq-A%-07q8-eltr$ye5c49$AKkZ|0_*onMPM`+?@C1?ald-Lk|c-{sqt}Je*v$0@Y!+d zZVtGXJ5*twp@~7r^Xvft- zxUM-c+dZ4fi-#_KpcEp(@0#pz>b4>tkp6#<7DIyfTJ+GjLVKd zowC+o7tsL1m-+H}#{QJ~3412gJ3WSPvH!|qlFpNx zX0#Zo0f)qDG+qf@N#1xgUJ;@OU@m8Fy@Qh{<&&2K)^ITCepAsU|R*e{DS=lNyPV;Q)U{W zb4G}`A0y--aD^F*-^XCE$?(sXc?oMLBGBI}z#d){3buv?(n>f( zFPG0v@}A2B>z)fBK;Osp`Rsg1U7vd!>H3{@Z{cI&!|k^8?MZ)E{qmx>`QvV+7o+e_ zJ^i}&8DAyx4!ZUgPnzlaG1=ppSo#9)BUpTp=j1|Gb?butc*W2v=n3zi@0hGd1+~)vaffQlm(#Kj z(`Xyf;_a`$be`?jrPWqgjU1$ssor-JdlP$G3PqPsj%<0eFf)}xFSswGg z&Bta$du!w0?CLhs;`bO({U_pY$M z9I|*-=PtNU_~;}1Ec9&E*NNxwyskU@F0}4w-No_(cJ2^j>DKHIoo`)B05rLHj_)}> z@-?ZR*$t>+qc359QrTy__$64J<-7GY<}Z4RFX>XO9oidVZI91AlXm2(v;@xGdU|Q! zydt=KGo3w;H(o#Wntq*JYp1KN^y*>qJ?|Bsls>j_+UK)b?H^mp%DHg(!7IFa_Z5q8 zK&49qGQ~qEzHT9?oA-g-3j5m@BkD>wcR2-}FxWghgT6LFY+Shi%$fb{XADr3;zr?c4w7@kgO@}`G`t3Dbz{0^)6 zXLD3K0VCC&rGo?<_k?N~2+7aW7P*DV=hshwMy~Akg<3J^S?RPfJJq`r?`r-a*jS^q zM++KAWkXkLR9}h-$bf_5e~KSHO+#oHQrm0ec#Oax9=Ud7Rffy(1&ki1kYggcUqOW! zo}`zfwc$jv6ESSW9xfWHS0;PjX&W%c4XeE`Rx>YQ_35*_AlLX+VQKEhW0-VwVcRhP zeRtm>?~CPx*eYVDVUnSsWIwubUQ3xy%v8??Gu&-Uq+yhiHV{juqxbDIwC(-gji99z z2dbyqe>>b(oe0lb$mNfH*RSr;BxWq*1=HC+_FU)VS3kB~j_&JsR;oU)xThey*H1SM zKd{WnF~f@SQaykiA$*7&PX@jeS=RUf&k(t-x7Wu<5ArACCvZ;XQnIR@D|7$LVX57iP+*cc$KMDL%4B-dm@=@p)oDDR%DeoYZMs)>4_TcOUsCcVg}B_}|~8BVKZp zHj$%G!vO8R)$D)`_!*p3NT09DScaW1hdeEZ3Z$QB=~jhu6~&0RaRS+Sd~r#a9sM7) z82br!KAn8d?CsJ*jq;7&1k=XT_J?yQuVePd?zf&@Aub!}J;JxD2^!d6m!+xe-zsE9 ze{bySEzGF$)+&wjLHYqLSXPALJzkU7tymv-c#?+#3upk@KZZMW>yt=VCBk8e$1zaG z;WIqY9bL)8GHXS}j;O1e_aq@HN=#leMs$m+qNPAZ{^z3sJerNJbS{}}S{{G9SLbwu)`<&qoFV@Ln$s{Z~R#J&B ziZfnakX^tY?{JRPW+KOSt6EUPbQ)5UC0cq3?g96|jc5qjs#RXoeL-($xS@Vyx%Dh} z;H*q{x8N6af#C6$fbsEpm5EcrFDdq+%mjMaT&Th@a|%Z_U`PJDqu#H!W@fw5MvnAy ze!VPopRvFl7@@}XAE&p|{-|E1f_jD?gllq8vp)c(7$-0a=*?CQKayuSmZD?7#QaR` zkN1qZSJ-{_fhyq44(cW<$BI?pG@@cka7_aHkV;@Z%SnGjDZ>&l|}_o!O)F| z?lpks;0}$Z@}1!J=O#-?C}%-yJ4P{m;qDj%#2xu!{JCMCmwUEx#Vxa`d>}>$QC+1o<1!lx!48Lk9*1X33W-zItCDTw$A-V23M^-Q~%|<{u9%}^-ln5xs4I! z{m%i_dJ#kMzgFb1oQkEk!ZAx@ICDOl$!iiba)=|+V9_Am z-9D*ns&iyi@M^oPH-C-+GS+}n!~_>~PC?a!o!sB0%U&i)4~hIo3NrBDkx?07i-LSga1{VEX8@8onsqH` zHnH_eR@bvk!w_SZK_EqRTl-~hcevDr$zYryiWYJ1ZaEU%!^j_&+|<9N++#uC4Qy1R z*MRnm0p6rzu-pj0wF;!8M?sCNsbfn<8Ckqi`y8Ov*GF68D_DLB4|8Y}5LN?|vy8UK zSPNY#zJT}Dt_mmtl(qKUApoPKd9UQwaxY1$>JCnRi{G*jFOB-lQE%`B180lo*VUZ! zPyX4+c#9X9tcTO+y&H+;$|<4CkS{Hx6QxBYbAy4*^Y$IfG4!76aiw zl<{QlHP2T`3L<|kx2h>7W1eZcTAt$O4}NFIn=b@OaF^EcMYjs|{QLyzTJ;N9>nIA= zG;9k4>g5WE8v66bZWV(pf1l-nvrrdQ>)eY~T4f2ITjPpwcY8#mZxw;k^-9LRgtwsl zb|5E@IdPV;nd7Dd5eM*_Rrr5SqeAfR&(q%Lmjsn1vB+)7clVt#@U_2c<9IY*bsNOiM{ez^pLQ>QuT9o zCupAQ?foQ9ij7^Tw7`%a*X_Fh^y$90 ztGYg--yyyd@&Zih$oXD3qE?bR5s`7tPBBO$j6l`uL0Z9VEf!8V$$L}g`F9Z4hyYtM zhCyCXJ(FTbM1)F1yKeXj-6IezUKgQk!U)b7bj6L{-x}J2jabJ8^n4@h27m-*dPP_t z`;e@lAf><~qEl&)DZ}Q07RZZ`KiV--OZ~d9hXH@IgVQDx>O^5iyJH{)0iccAp-pzk zv5UbUkDFR}f>Jq250QtkJ8Z5f0-q;mIUuJQl>jF$dz?U;!n0X+xKHjV;iXYSKkmy& z6GkomQ05X+&=Qj0qo1XwCWMKJ>aYuEv7DFvvRK>rMP0<3NjbiL_ob73%LMYXCuPf`ntHHUZS94 z13j`}ZJlLSUc10uuJoui?!Sgo2rLP~IYH_;<83q%8ZCp9A7wU%*MtD2lg8591i zKRHePQx4xXC4(;xjvpFoEk9lAmaJ0jxlS=W%4>c#maG}SS?db=R_Z@Xc|qTw`~tEW zQXhdmQ76M$pw@Pc*WG;_*I$(Cr@_~g#f%=quE$7!!h;Gp#-OTSVDgO$OVY@E?7tH- zI11xqbAFP+GMX0UW`f1Hc@!y}5ssXnv_h+I-t<=Auvc`%WP>9-RpxNBC>F!0kb_hS z0Ge|~C|Pp&u8LjJ9SJb0flbYRvf@`i=dN_~i|W?`fC*t9Fmm`?7PMBqM|nkmO#>3b z5)tL_MYPoEcYAqU#@udY6$^V*=izMcnoEpRtg(FTRK`AJ(+h2Og^%~8#GY1}S4pmY zI}}99e^AESD{K2DP82P#AFt_McWXDAS-gYLZ|1| z?>ORBDy-PFvLwdKCA-TfF*+I<26}>2Xwy8@&EtZ>D6gN$-Cv`>2cM8+4OX4fR8X{_ zKDU6ZY05Y}@Bz{*dJQH;_}FA|99ZF-y;q|R zQK8PB)-Sw%cZ}qH#HIVH)LcW6A-pdPf2JXPAee&8uDb)j-mnE!>j3n>Pg+5iOk2T9 zp_d^YEUZG9FSo)x;H@C0Y_!AVg@q-2RT`xFmKBY7awA7N`=?v)p$|CO784*2 zZ3nr0>}|oU$u&=O)lrnVD=&wCoMWOHQ`{5ed!s^tN&wWF^GpjAA|4KIx_0sy4vzn5 zL!Yb@EDw?}@r#!QVL1qmazh<&F>h1;NpfI!AL9n}d=}xu%udGJGzYL#vV&9`!}-l5 z?GMxrUk*9pF|xm)-6Tga5CYy}4F$dwhzMUQ42`a2X>XRb#WKRv^}(6-9I$WT&0pKF%XvRSHUE!*>e?aYzumBE5hTRSa-^*OBuGIi|kdN`gnr zs^%rf%=D)^D4c{WvXF>5lyX9e*VdSK)d@c%w%C;{KLdIAf=w)eeo}#xICzKTP!%G) zW?6D805C6a-8fIST21y3_NgmV?$DAfI`6UaC~Ld?bNl-9;h#u;hvXKZMjYYE@ezyz zCv54EpoU+&Qro|9kP%dh5}`SO1l&<6U$b*~Z^%)01ONwpymOTc@Zge4)P}GD`<65j z>u=%?Eh~W(f=VJligXo3_9AGN{e!((nK(&8ZGWC+04p^wEWl-7>d#T_NYL~MdAW@M zZgHl)O3R96r$pSs;wS2fo>Lx#yN?SR9cccA_AgcP;62pQcOqMXNj>L^w9y&yhVZ6_H#nc{t5jEE_6al-5bNX ziK=&LUd ztlu>?@wQcO%(Qxqqz;3aaK3_F^;6}M#9ab6(W{dxu#WU#@G?UMJ{>-cRJy8@mYeXx z6e&CD32;E_VyPKw7+#yRJP*}Wj-f1)Bqqh=&rh(eYPAQXApGI}8QjYnEA%&$+RsY@ z%j+lnmnZQ}7+{&E-%S{0eR}lb1Z)*(KfP=gV>%?g{c<^7?&&mjD93+Q zk^A{-8>OgBs%Wr=i|xxN2QfGk8ntE@i|S?>UcWvFTSZ~Lw%6#gP?5&zPDbh-}5S)L4v2Ki9lBpF3Ub+ zLPQNEPP!ZMkqsRGuxF4p8?cR~-+UI>#tZCMVj~WAkvzT03_0#!-ZyX&4EIDL78d~9 znvA{i86SRQ**|d6$EM$NN4Uo2z<{Zjwl_It5AjTbUbD@T^hBz^ChUM?*(Wn^5e*q$ zVe1D>e8z3*nqgq{L{0pvLZ7b-7lw(tY6xR)(5dGFUH#i->mRS4PTrm&4R(oa^#DfK zw*bZ)rveZL^@WR#aD?Hu>ZL=0zaA7{t#Lb`O`R{Bc>2)|-}bVS=?^G3SFd z%I@cvv-t6;7`}?BZ!18A&X{d`7^li*(!7$2V|@(!cj?m%3?Ce)WAhC2i8vF z{NTtiEn-lc^qbM0Ape)kFII!j6gdt7zppz@+o)uWdVyXQQ2tXGFEU4+^;BQyj#)FRfvpyv}`1K!p<&rZNz6-PfI+sem&PVLsLu^_>RMc>Q{8zG zK1t3H^_hcO7eFde)QV(ZGhJ}ioB*rpwZ|xJj6YjD{k2Xuy@8g~3~p1ABICtRXQO9@ zL41?sP_h6MJ|d3ri8F>x8v6jA;%Pi$QWHEEYPb>ouxUJ|?j$yv)Br!Tqa9dN*L$-^ zTC|_oN88GdCne*|%7YcP|G15lq^GJOsGDTjv~P@eHZkXm$x2{nVt8qjMU`UBw>=EgWjy!$G)?{99$Ke4UHmL9 z(0+&43N-HBvq`XoZ3pG87lYe0j&DJNIKYJS@f<{U9NoIO&}HgrKJ?z-plfpFSd=`1-%`#Vz}#~v(IEFhht z4LcG~rT<(ccfiy=d#HcL>qVJ)t%uBRsm8m+1@;_+4UhBUn#v;72{voe$de@=DoF>q zBCYx^kh2#O5=a=q0>1ZgwWUaR!O`RGmlXw&0$IWQUkTul0EcDlsOdxH5Cvn54DJPC zcWN4V6hMM!<_gn=5(K6iQ(LfY2^C~^znoO8aj}t0iz&V360VxLr3EG(qk(YN7JROS z0g|o(3TnG$4w|$HGv;t-CzI+hA&2U$Kgdx`=tyKnz9hG09H3P%f+|REr6a}p!{FJ45-dW*Wmxj)j4fTT+ zhBz~5HGmcy2{hbc6d}M2li0jtQD;YN8H{`vKv+c;a$%$?I0AcX)AnV>N(R5Tz{eXR zWqbacBU)T-0LS$NOjeAA$T+`f1+@JHFp=KTBgZ!o5W+RVb+P~kPnnsnekV`0Bm~Ck+mrg9$bscUaOy-cV;2Lp~7E^qn&(aTAeGbgKxJ0fwf43Q~!iGd#ly-9kcftYDWl;8K zQ&}U4V!oZ&mFW3B&t@o<_4DkJ>uo3RbP?~H_$4QtZ4cj(HyWgRUM_08)L4NI9;)&i zNOP0N%W3XDag)|}!Oe3Z{@uCCzwHt>RN1j&kgp09?COke&YD5 z@!)%!UHrf2M1xWH!IlSFi7inXa|!ncx0*`CK{8GN;n4L`Y^&S&Fm5(R7)b75i91)@ zQ~|xS`-ze=v_A#mW(|mFprnntPn!nhJ>;SwxfpFTLluG=OPg}ILWnJr#RyKQaUb={ z6son>Sq~1I48oER@VQIZkutknD$M;g4sBh?>zuAw7_8)Zr9kSWFH{%BZQ`N7qYjM>J6x`u#>}UX;uNz8s z`g6GBjL!iJH#=_SD1p8h-%n-o;GnIC;4#BI!tDgl)T8RPhajmyX4sv|Do@ZT9i*GJ z-uF*mxrBZ}I2IaBi{94jNQeXc#Dh%%BJ=yfk^~m&qPms~;+1VjprxNrf!|kJ!H7XU!mB` z-Jhs#!KupKM9pq!|3sKv`EtULpalleU0!Km4CP%1VS0dC%)|&$q*qp$pb1a?3vVS1l<3}f8>Nd28(OlP;g)v9;I;mFL&SiEMfhES__54$vBX=z#% zDFcRnh%PUCf~VQ^J9AH4v z(<*d<*~6;1Ync&N=X0hoPYWzvUQp?EHOl~pTH)iAM8^8@D{ixSvn%fQb4D}Fb5505 z%=2WHIQ`Fq@ZdI1AHB2^C*urov6ZuVz_n8e9V}{z)&K3oxA<>RE9ZZv z5a&5-6y{r56#*F~PM@{Ie=pQ50scP&aQ^pbtN&D%8DOaSq})vExz_Zqix0z2#gl*jUot~BnAC)q zczfg8^M?QgehoLWz5h%nyOf32o&={AFaMU`ANv5U=<p$2+I^?AJZ~7H z8Mf(n*^6-7s{FIgXXMSb4g>9bOYi(d`&Y8q`A|%S9998mecjT|d#R*^r0eZojGm>m zK{y-u;_WR?@rnFl3NBiML0-X8RDd@q)1>Z@b$}9wE?}m76)~9y`F3DM=)^!;P8`zhmbQH2!! z6E^fdx6BRH&0)~gxrJWl6Q}r@{dBiS_5&S=;0b=w8sI+prIqJ9lUn&WQ_$^tG*70) zO5zV9Q1au|8ri%Rwb1{F32md9{?1_i<}>yOOJy|VDxFsm@AdDhc#i$Zt;MU?W_CH7 zx^!rO-Fk-rk|uE%VV8cTz{4m*-5+xjgw=W-P~UMYYsE^*#!Cp!J(d9y>cZB|*gh)o zMdbn#K{>p%U?~UIhs&pq<}QwARJMmA$ZOqUA&Df}5mofS_f0yrgZqB?&7id`Ii)Yl zdyrTpA}^&m>BUQo!k_i~r~@tP9tS2}BEODde#A8jq^JL^nYtHuTh6H#u-^o`sZ@J&36r8`y7p+lLruTTti95+_rdQgRb|xN3uf;I=y+8!m1yV6M zMLOjyyHtf9ydePG=oD;JDxoXq8&X z5s@9Ur5Fy~@Il$jR;=Eic2}IT!;DHlJBXL9nhH)iGcJa9xs|RzH?*do7f4sbZQr&? z1}d*wQwTkf+4;C_y_a!;^M2VvkOpVmkHCH{ylj5SZ2Ha;$9bY+DS^2sB;lXBVS%dOH z(ur9lUBf-aUn3`g)T!puXmXIk;tZA&66iDOBWE5m|R24>ssG zL+p$kCFLVZ{OS5bzG5~${k3p_Lr`?Nl@lSm?3nm@t-Rm>n6Q0#KIEWXMAj7~iI2*S zEU@u<<#-Q%IsfI^sj@dovnwEAaCA-NU}$?|N+RjsvK2g8A@z)$>O*8U!D?3WrXeI zo@lD?v0ha`a#1P;e-4jfnde;NAmfXy`cdTEz|d^Yhpy746pcOJuvk_y$YlCllM#mO zNFn1J317o19yhHs?phn*B_EaXBCV} ztc_r+mB=2^5C3=t>cgPRNxCU&d0rQ z_uD|vLwh$+{BvAfo;qCWeGJhI?D%7&*PNgtJ(I{j|*J^c5bhko)_j1eqq*CsM@aq>u1Nnb<4N1+t0Oo zd;3G|Qkdc6rDf83_f&Onn@@Pz@7*D#aiV8gd+8?eo#}MD;@$7P>64gb@hcskLA%dI4n}W=^IuQUNou;xIGOqJdc!uUS|W zMpIo^IODSxug13H&1~)q6u08;6^TfnQ2Yi!#V>m`y{ zm7)c!Zu|P*(p_=^5VFG_AozSj=O$V{Y z*~k6SVi#cHY2rN=4bOUK7eJO;%C0-9ZNeI#l76esoqFvg4!=>SilF&PXA>jSu12wV zlD!_hAH0;gV%f%cu7{z2VNGfN4I{gmOv)sTqh7pviqTeV{%6Pgifz3TV&=&Sk)6AV zS5b@B+vSWUT(!G>d+%)W`6%> zn83Ts52G-66Kz*UfPf;Vi%N=`0U2CJ%PqxUNe23*k%%i?IK?(+y=x@U@_lfGs5+W$ z>kP83_Y78c;2ddn2nk(#1PSMfUV$)uG7AE4CJWrk&axF+W$hoaS9x*5_;$Jud`_6t zfCu)R6rXupb(Z3N1{&5fwnyst-6gD^um7e{9LGX#jua9y_akYu4QJTMad>BK=`dXA z5GM2h{yRRNB7{c`DSB$K9a8lS2Yyz2f#HK0C+c|j;{iX#>TgY7KR^HizO*{`qVO_cg z8>hTmieX6LYeie@rvrXpvo`8AgM{U#^0)MjO##jmSG_jLdZ5|SFvZhiY~}088$Gax z`a#5B@s7NQ+C9b4Pawe%g9>tc7MuF}fS;kQxryc**LPKv=0Yqb5GD-%X-EmCtQ*&9 zWP+tOp^-`AUd)gRT&B{JW-9*rPavB6oT0PNl3_pG+0d2byrHA;vf-8KjNw%bb8jBw zXIUWaE%4R@iZZpo2c4k2eLdfS1R||Xf5mO$gkxoe$1yVEqwehmiv$F6wSR%Cbc29- zK!!vT==+N62|{GOV)|zECzQFjS4BUdo#Q z!A9#5!e2`o@yj3{O(-8sHl;H!!ufz5(u!<{jJ8z`nbunkOG`0<)H-yI2ILtz$6i4| zBJ`Zphxj+GPaT2oi-^0}r5yP$^JWXtP4i95Bfi}Bminop<2k$Y`S=3$CHwB_=>lgz znZ80$MTG-~NWAm9sK5kTQR?75uEN@j<0n;WRmGjEm^*;M@F$ir&d;GgO=^D-f^J+N zkg~*9IMwj%ogc`OklLYspaI=Mf>4=U1#gWdEj@xu_&=&s4?(FM{qP-*F; z&i4?|N-L78Xr3wR(c4BVB3L%C{j~T@$C^jm?29iPXy%Y z`$bfnHxyKx0ck}UskG%syV|PF-GXuIAvsi7#ul=R-X>$K%X3PuQo!;+3cu=0%*mLb z#pUt~7onwJ7wRvWTnSAwG$kWYO^&BefkotZ0tJ#QRuWO91^*VCyxVB$`;~tE$~z6f z&Od};>Q{o&LDGk5g3E?1W42#r_*d-9^RHvEC`sSHak;@q>mRsOGB13YU99&v_fD@f z%#cVZE{<^*o`vyO{x+bfI4-=251zKkI81c`JT63GIqi=^#jp8=_jtF3$r)lIJ}7j7 zDGmitf`fzb&#EK1cYGKEM`_fcL5Ir040CjZw~Ze7>)uPac&Hp?Ht;sONqj1G5H==3 zL8j(63DMdSxK!ocZ<^Isq|e@nVp(A=F##7+5Ki0CuyEuc#t7hGG}=FKGu0 z8)@0pCKWB(214sRkuu$5rs@Xb{rq*kKRN%Z`9hiI8)rA4y&FTK0sqRvrP&N!|OAJXZ7Z%!EZG!!uZG|A7no3#Fp_SRM+D9E)4T_WKh#Iu|pbrtAlRUt2;FGE_e8}PIdW6$}0joYUr zz@wwk3AXH)Fbi|PrOSn%)a5XB5y!Z}+r}NjO-{OdHE}K>uEIe8NE~ak=Gw+wCq_>F zDkz`AwMYl9V7`R15yX=*ve_+S0=O}flAWpkDuboK&c8ULgci&DL=G|sD^{R262baS*xWNByd+V2 z76d@!@=D$e#(2@%*{~iz(%8Q=&7HwtF@;`k94U<;44n?vm64EwC)`9d0f(c=pCqR) zQAR*@sjr)kxVwGgzgfc${mgnMC>C z`}3Cwm4*!erTD=~MFFEh8y|24f2<76$~$?O4UI7g zZLTIzfM|(nU=c4O3UXbP$LKgJjuf1c2Yl}4^(@}92D!t!C-&au*Pc-z)Y*XPS4(jj z_guUK;v*_CJFT&;XjX#m2KFW$;v*oH*tECR_bpi#H0MS6keoYoQJOAJ!Tmr3^1G^3 zIR0a*pc?P;#odDcX-Cd98jznArQ)`K+A*d444=YEONhoRc1i`g7wiP(6#R-G>0}DJE*K5MD|Ct%8$bvG+74)CB@R@?b#6Xq z?F~qYBZhDlTElgq`k}p}@lguEW6A&1v&?jqPZ8d$D~XqKkKRLJ#vcWIv80T}j*_}* zg~T7-Mg0`iqof+*V9-aQ3}q-0;b<+j614*tKrh+ z80Qel3EJdT;X<#2_p0pA{RW@ImZ;aUq(3zf-IYQV6J>uKsfNoQDp41GL-5)NDUnh8 zKw&7@z<5QVU5J}2arqwy{Cc8rN(@uEzlTq9VD%n!`tm1G!yJ`@>OVYys6yK8_-iKQn{mon_oK==}w78MJBB&vQ3>1zrLEs3u%YRLj7F#!M+|5{2y2HDu$kk`Oios+qBSTH0P)sOkw%g=V7bU6uA(M?B*k&8opzEZ;bTvhi-3v54MG}J8q}XB~*UW97OfdhPrdsGF&}lutov5|@Sh@K5t#TUI@Dg|HeW!-| z_vVK6$5V~F18~;gyTPL`u@lieSWq_LSB^1dZ>J+kz?i}af*P~7v6A5FoB({fZl znh{$eO*v{!?`3r_of9 zWA8YbI$Xmwc`^sI%0JsrBX?D-rv}UjiL3;(2$Me_y;ageR&mqIdHQP*8ZRb?Hx=;E z&Ba|fKblBNSQR6gPiOYzyCGpNc5Td3Xr3$ZJ-H42pvBFzH|>F z5)R=6GcoUvgL|LAi_+5U<>eu1DQ1>^7M|j}g1)Y-l-)&6bl6}XoG79*q-Ez%bBg7-}+7itWUUETfW;vjJjv&^TrQoERH*B=Lem6qaN33t14H zMD(m-DRL*K7Ijo6Afcz|_6vZj%}K~SeOf|J|Id%qzZZjS?q7$f#0|U1S3hfM7qtK z`b9kG2SjT7<2h>Q!pIX>#VrRO;=HBrjN=R7bmjtf!r^{%lck$^HwSs_a@v{D()^^V z%b@-8OpmhqLRax0eBc<_#Z3I=e$8go?h);Si+6haGv(yJm3!@9JDl+@)5@#$d zWR$XV9nnfc-7zq{`b#Cc6t9%s-|d#-#(r|ktzr_<16|2k-nSATLriRA z&Ctb`Gd!&lCAdZfCN;JYeJqXjF-c=I7=&@y+k@YBJeRQg-W7O$>IC}CkN?{24NY#Lb!6eiPMBWUFy2H(D#~;umI1HsS%(RRCU5OseD4+U;0}83OBpI z87!ZQZ19z5zYfi|zR~r@gRBvnJGvIM{#WcDDK`EAykCqIZX6&6h4_th0!5R}(-6v-oO zl1df9$;ZvJbz%F8Z+stV3(Jm^UeF0w*|V%Z^JaAcS+A)>le+9CWtbwvxz4}tOi$Up z79otf+81-i6#3ERq3zSkFj(JyOFonhlZWwQL?d_9nZdSCMmzk`U9X=^jcd{8rcELX zleGeb^?2io7Ey~TR@CsE0z+RS0v9Xf#RwS!vOU@ zFh}kaUzY@J7C9RgQcI32A3r7UD8E>0DQ6B$9cq_UQQA6dFVoDq-MZg4+*VCqPOr}5 zT&)@dY$s9|?L%_QC3I-qb_;OGW~_fRUs#sUK&5#TVUnI(XzON?q)vOjuNFI}R0K18 ztzeVgB1WYXiKdynY7F}WmW@ZSv`gc(U}cHUrtFCOt;*RblM&MD(U=Qhl}RYqY~%!D z@5!nX5ID43Nu_gsZ6Gn~lx?Is)jAV!GBI2ABvE#WEP_viX}F}ETs#9fH5OTA7Y9qT z^L!-!#+p`ajxwBgXyez86ulErLU% z8Y>QEH>0@0vU23u`%=D{8Xt+ilv)P3S!Qolvk;0^uWywqZ}OulfD>dftBxLP-^D_m z?1_11>TiWRTv%R`J-oCvTLPasBp>yLp(U^J!KO*(Di{AAqa;a6V_5*jz7mD&$ivWA z6*5zZA?%YHg-4m8_vRTqBl1N8wFh+&&y!Mu638E+XMhypq+$dYX2A80vl;=&)-GiR zAZ&5(bF4lOcM`oQ8D+F3w3^<4IG%lliR9EnqFe4n zOV{pNf_vpEsPJQ~uuS(&nM)NGg*>)dTurYRleAL}?zF{ZxMuFHn%zr~%rLNy zb2zVv6zb>-}XMUOVxIwz-?RE#4sBO7$D`|;Il>=N}sXjf^; z3fdq9KM*xZ$2!|j7;2oGxI~0*rajuX&^nEFm=F`!PRpbNF&^FtNtbK9-l@rk)`9w9 zQ(;~dWA|U1TnUAw(692!U=NmrRpjTt_I!5RjmJ%Xse7s7U!F(eNiG_JmkBbB2;yRq zKioaJ`%Txsv-Ee%qfFOhrYMthELgk{!&_^L zX$qmr>uy#`&S(|7mOK^a7PmMK{LluTwU~H8TA()1YN9nka z&O=Cb_-sPcpO@e02;@^o%bvJSDuGqqBbIWfv3JY4_S0i;qx2!!?wtC`3&D#JJ&(RP z{oSou!8`5Lp>MCgKwfG8MK;;@iP#jEJ=6z`xfcPgsq5hoIudjh?X(*+W8?P4qaw`3 zQUXuacs5^{u5GmjMMO3MB3I3{1j>IM7h_c83K)TV4}{9&_BQtLCEsS-dpj%11D6ta znLb97xg+`QaFp+lsmUs6>7QK_jlhGt2@3USGJ&z_jaQaJK-ft|G0NOIRjrc=ja6?~ zlc>mrYH8r_5V=k7I}k_g(R6Lhk*LLddFG%`1`o|lh_$Nq%yyKjVn5ky!)lTBT0v!Q z_+;=DU!+Q)fazG02np}Vovs&_$zah6YI~Eq9pq8r!Q#K@2fX~qpO5?LA^0C_r)VXd zc0()2U(kzhfwb4m>J4UPS$?W$$HAD%GT$bnqKn(%sfK3r&D@0=B&GbS;5`cDh-7{( zQ7?pLO|ZgIC?@p(1tTPiE8B-KHK2vV z;Kseqi%&`Idn*H055ZQe?BMzSW`g7KaUEt@Rid%$4_sWV5N-|9isr6j)+nTG9-Y8Q zY5Nq{%0ETy%BaP%3j`A`{E~K^Xqc)Rjly!9vY)KKDy*?=OEYx7GE|ajE)pK6C?;HQ zP1;r(6=*K@b{JJ?4xp`3W27Fj*d@X%-Bq=$wmaPQN%6U0^l)<9W!k>b8C0Q}rjC<1 zM6CnYHB-MBKQ>FRPH`ZUg-RNc*)aWzpygd@QS4o zsi|!>85Jn3H5A=paFdg}4IK9AMYz4?_igrJ?ew{N3%(Hb(tb4ZZSc9GEd6rf(s5s@ z`Qf2e`WEW8I$o0RIN7sJa(Co!kjb0;lCzQe19ft}A^EKIyS(5Vcx-sRs{(#qF5efp zhTn2W^ZvLu17n>^hi6Nm<^4Qe&m}&|T^t=P<1}ZmEchhs?+J{jkl1_gW&FYq& zxNoC&$ZAk(=X+oRj$I$%rD5~NoWL9y?(rCo?RV#QJ1w8iiLzIEd0q67dp0=PydBec zUa7zM{+w|$ne&33DKvmhQ@f@eWPV+4`srZX4;^=w^>$>pJJ3JdcO)FslPTt)mi|zx zTJwb}OvsS7q-!D&OMybiTGwF!#aB?4t*FBW771783DAk*9;?4oS5u{H@~#8PVnAH0 znPe90pGlu`V#yR9t;j*8c5u7##{I8I(OFRwn}}n&a(e|GPaK2#j{UB`75i<~B5f`7 zl+>r6M%qr`xJ4UEC2GE-E2W`e>}@bYBq?u|$FLIV(kMJ6jkp_?8nu^72-$Y#D6guK zle8Rt^2PzFpFg}~WYZ;fuy;UCm^amHD1sd!$r$&taj2+V2((&_*Qy9wu~{{$6ICrS zH-*8<;t^gfBKq2qKy0(}{Q_7+SIgLbSkt6xsYWbeS*Z2jBk2Ub-;=b(W(#@QwG?JK z1W>q{)&)ekrN2=WMdRNq$H9Pg?*7F!q`CbKmYR8v%9cV`QoUPA05}0l3t+SIcG;*a z=Qc&7a0ArUuz>H^VcWLeF|-?Xt4@XfCS!v;MsuFS<}_*EqLwvM52+E5ztLXgB^H~= zHf5^BGN=mPsWl$zhu+a=8HddY6eMnm+&dXK@6cfTf+PteJ7z3-q(4J1uPM}U2^M-% zNh;}xJMOk;O=9)=o-Kjv!!_cNN6^E}E`~>putbt#KGtEHXq1UoNB+Y#1PTG+bMZuH z9Ri&+#D1nR^M6klUwik9cRUZ5uw(OHQx*@@A07bg-xw*! z_Ijor1hQ?l3AL9zPN_-mJ-ZTJscrkC%=|2;N%96u>Fv|9XYH3fUCCt2|8`15#QztRe?E# zSxde6-r~J)$n_si$ujN0XH1O2F&+b66y<1+2 zuCC83IlQWODNZNMhYb0HQk_QObrWu0O`#etNu%hNMOkZ74jrL31;t|p6r)LE%=ZX| zrC4^r=><%5{GJ?HTJq$$X`Y=I$!j%!w_=O|5_DbvtT)X&``dYOO&OZzVAF?z^rII-OlQa;fMs0by zhHPxu4F*u*cjq%{4gnx@$QRi*|~<~wc{4%XjV}6=@F|xURpMlt~RT`bQvZ) zcBn{sk(cC5)z1>TjS_J!!UX>=DFyxmj>qkh%>D4WEXmzVxS!v8yTgv1+(h+?{I=EM z(MG!BAIY4|{Mz;hmx69_cIEn5{W#RkEZ+zMYNCY>G@P!QWbP`zC`V_C?!6HbGELc#cKAMzvvO39yz z$VXlsMETvI82F2yD5mJIC=pZxvb~opYvx4rwG1)IMpd$@K!Ox(<}ZxRzbV-3tE@lI z9OXNB&X_yQ!gcZ4ZP(;lhM0hMB*x;V-9vWOY$@it8_q2uptkfjbayP}kTKdE2Pb)` z7@DWS6>T9bgS?SS_>D(gUHztr?gT^5#2^18k;goRqc)%aw4BiRNah98hF`iP?jw8m zWn6FC=fn8@)-6AgXR_F`l)JTM}T&f|P zdH1W-y~6lJo(jGu?G29D6Z>YO z2`2^TT*F9)+YT982d{$#S!Jyg(O=_BW)LhDHgaK&kK6l`TUm0%<$qE2jlr3GPq>>6 zHp#}eZQIty*2cCyv2ELSHnwdW8{632{QkG@hx_5}>N)4sshT=d^Y(N<&(k|7%Qro| z)lYs!xu)N|j=Ujvc&{wK2@BPL0e=?S=>=Ms#u;sVqFi1F$S@U!SeI3}y?NI^Z4jr#y#u+D%NS5=}m!6I)~122I=8n!bM%Yv-NVf zp%i2I^RsvP#=l)hW|u9BD$zlL}o8g$$?}oQ0c2R0aC{rRkww6 zl2vo(2{yB!9{IK|ZHACBT_?%md2+8NC8GK9CtXpo(%ISfxg7{%IxeJKs!)r@Z~5T{ z72|B;P^=m$uyLw4OPrnW#}s#Mg(>Wb0h><-Lc1%R-S6roWX|O+R7C4!D#pYuEHdTI zELJ~czaQ_rSJqstgO*7h0~+N>F3IKAPo34dje*%k7VA$9%A_NISq+CfyjyS|J4GS6 zqaK=g`D4oiPsJ*1paV~$^=-bgPlXoia2O`{#TE37?iybK7A`1 zl}K)A6?51vzcvm6yjs#_n#OG(HBJ4X;R7bucdERe*xWp~J7LE#0h(ymz4aEs$(KiK z`9V5@T3Q)%y^J)X-X+)ze-k~bACsbuv1uxrEXXT4Vbm;2$ogh8)k`zC-rLOA2;2Cu zUX+1E9$Au7PG4<%_F9N|{0Rwi+@9s5@-U0|Xo|Zv`!~ST)97`JCBFFXz<-o_P?(>Ucy1V zTO{C1C#3xSrTe>CaXtG@Az>Nbf%={=CdI((@x7lu)74GVYsd(Y^N1es7(ajR{42PJ zg!DW1y07o$gVG^Y2y2?cBBHQ zQ&ZTt5zb$i^>jOMw+wp55KHNN)74Z zt$7p5kPF<^Dxs5;N%C^aUXsZ>qBdmR{7OAyG2w>h0p|Tqm}XK#oChHnz8ZX&L?C}P z(piNgB$q*^cf?VXP2s{yf6#V(RSS`6$o7%_v=}nQvp*(^u)+&E%uos@?FNBgGU0R1 zitt(~wZXGL+B;_Zml2ZH%E5?BKGi>^otYXCFY6qW!gb3mi3yX@?Y!FMyj80ZLt_H!qGTqgQ4q~k-i@Utz`v17nnEDyEcM64PUeW$u@SygAb5pjHTmp#*rtqnE zYgD^I9w{*XnW=(DCjYE_cMlh=cyN9fPNuSx=)~R`-)ISqrWx;|-<$k1a|%!O_dCwh zH4q(t9+-Ar@SVIrWEhoSm@l(l{<{>N1LIrRI#~+;R!=9CFXUHxRsAcyTDo@yF*`i| z%^q6nC*tH8`1hP;{6L9Pv(Ta~5(I~;LjpEoWMLFnLtnEiG0;YYA@KKIRY;!wC9FU& zRoIEcM|haOKHs$=;esm7t3wXT@lI*p;{iIKkAZuoqb#sRsn3Uz!R`QJblbZJTjU*} z>uPVA+))hY;3@l-Xw5c8TY2=QL27IMyW=P=a7%6lr5E$D^ z5pQ4=>oba(C|ET!S~c{{FK{1GpUxry=EIoc*NP2R_b=HY_;2 z)F3v9E=?1URpdkhW_Z@Ox~h_2ocCc%QfLNem=^RuLF;$IJf`}R3WOqzj+CeN>w?FH zx@em6gBogCBA6P2Xsq~pjOu6pDaQ^S>oGMv$@0U|t7xC9Zw zCp+XC1G3y`F=Ip#>L3|cjLmIkXr_8q{VA;u*u&@zRx1Hd<85{De4KB10@vXhu0Q+Y zjW$&w$1}Zu5LISXW}xcR9#tDalykc(@y^m{uuJtVjkgsbH9I~|rpypXoZq>x=yAA@ z)UE32FO24Pc)irE5?!2&0a|wjlgYoP&mhj|GAbtQ0`j?)^IA|gLs2)%pNrLw0nsNH zQFPi9oy-=AiIxA5fn0B340tQv3=RXxj6*9G`ZV=KdJEz823`%Cy&PsuA&AVUn1&T> zkYak4?2(JJeHe?AXbi6zlV4rztqF5d5s9u+>xhJdG>B8uKneZ=X$1t_!QzB5=~slC z<@3|=VwzNx+thKo`V!Slf*%K)iIgS$3CPERMqfQ(0r*2w>w ztsLX^Rkx8}ZA1YVpvR6WTQyA$AGIo{6yT3GXRE?2=bKBN zAPxQFR_E_PzkVu@_g-6{jZ;`5qpgg&rR5<=IHV zhukIYLy3n+(E}0cKO=ra4soE9&_qAhwngDq!oqMEC=fXH-K*_;1a$U&DFcR}GF+oT zt9P-;0WU}vIF1ZUoNMtp4l*kc*VJ6YJU$Gq(9Tqe-Jh2JjY`R#Q^fZIgPj`tRvt^auf`fo%=- zXpqTVIYqKh5XVxy)k)C!)EbktzN{rdeeXXLU)G{RGrF*@L3^^Wo}X-VX{{p7^OCHn z$?@xGOYE!b!DtI8Wjy&dhaCK%)BPZ7dHlXEAW3v*OWtI3XItvvgf_LHxEfzpq*z{7e(!SxDOyNX0|6&F{SN(S$tW@IR@z8eI!B^1 zo6YdWfgIDhBDsrC%RK}3qZi2U9=0$CnqMP>CEe+(Qp$@IL&`{7H%R*)Eh+HOn?zPr zXc;{er314Tk-oxpkz);7L>E=*BI_@I$K5K7K}QZ7WtC0KJ;G>hPJ<57DOoyD=MX8+ zv{iY{C+o~?q`|w7JRI44zl0@m6EF8*g`VSO0A%HQ`*V2ln4?b4wIJtc} zk_Bel`%TC@7+hN6UnjlSNO^yEi_#zOu8{OHprsR%M%5sDsvQWG1Mq@# zFUK(byQ!^=!;CwiP6k-HXJpOZZUpEFlSBc1?fdw+{qmGpv4VoRnvb*_sm?_Hyp-a} z83p`h{Sv2)NEdDrr*@%>@oqP+Hsx$1U4@N$g~r!6Rkc~D$)(-J$E( z(_j#QpIN66oMU%e3E{&>x*=HQQ!UnIw89F{a=s7R@3UGj=y@3u{Lx!4*g3s#9Pn3I zi_eiG7&DLdVcp;*7r$#wx0ZU7@akWN?j_)rZS<5`B1Nuwx5O6`2PWv?KxqAq!n>*s zU*xc!bwhtZxb#xW6+;lQxP1V%aS-^Ib0=0g0htS7C`4%X*%rp}Jh zr~DFNez?~@+lGi#th8)X8F<1#o64HUlXaIGoAg#3;;WvW?P-v(o`EDjw zM#zQN{2-c`viYV(BZ}Ub+FRd#ebHAfT}MpZ10prsK-!}qHJi76U8?96iJ@JCvYH9n z*?_V-Ae^ZN7o2pu>*Q$X0=$tyfVUF|$GEXUV0lWyNT_1K=;&HN+N*M7Kvh9AntWA< zotjK~2`Z~XX1UTa_uDYRh5%+9Bj~!?avsA>qGk#b;|)W$pCqV5QC224zLlm^{_hyN zK{6KqLIN#)P8Z(e|1H&dn<%wyLO8jL>fX0phU9%>7QgVXOejB0auTc;G`TZs;hFJUs)se919;5g^%@khS5IMHUZY5G(u}@U+ z^eJE1mdS&^A`O@fZPB_ap23Z*S8cv2{W+d`T+?oha6zrK&!xMZBn$nxvLI zK={3ATe7D<2SEf=8nA<>O1UKXLHRJyrDnM>2WnWctEKM#=nuy9dGbx=a~1bH^FFQH?xTMySP!fUO@OZCs^^bpLMN6WO6OiFR5M> zK!VZ=-B84e-%!@-WJjF^iqxx(Vanm6Q;@;QRT@1i+vkVT%2%B?CRE)gd#-&zcu)c!u0* zC~zgQa1aLz8D{XeAt&WpCmC(RoMDs{WI!e`h%XceR2eDG5FwuUXh$f0zzR1!HFf!C zEAkzX7j96D@Srq789WzmE{0kBhGlqlhmUz|#fpL_Zsu+T z9nk+9S0lB41@HNDnlTslqhc*(X}lxj2*d3G(TEsXVfKr$fUVC}WJSwvcnCTwRyw8F z&iM6_y=ub@rW4Y2>J-snKzv@g0@+T*Cghx;{si(xO^71I^@A??0`RU_;O^!ucBFK1 z%T%lufdL(1abSFO$6#CIZa;o+KSTY*0%U?!3=%_BOu1mGSDmp~g5zkL)8d$#ZD!ch z{cd?QBSt}*D(X*J7zC6s%u0$yX7Y9Fa!)cE1<@Iy0;f<6pf;zBP(6xA>FqZZX}bji zvAEi#xga6wJ_wwAB?1ZdEs*@n6;|LeQxxb)I**s#;(O;nu+WQwy|8tt9`=?g zn&i%d`o-?#%QmSpftwIKo@Bdemn^~r3$DgzAwu#^C^QEyh@qQqzrYN9I;7~@vsml` z!)-KOi{&)wzG|fCnT9~(bDCWfz{-okS+dkb^#^WCHPnjW+Qsa|VP!&tKk+fof!K=k zNYu<-tQK$cT`aa>TM&p;`aYMVhFg_1GIBZg*4GgiWAC?5BDf^kRb4eB=dA1Rs}!&)P==t~fB5+mCk}1QfJ0^! zx}(^k4tZz{Z(!l8byIN+k-W`kHcD1qYk+u-a=~?*f%&ns5c!e+*x#YXV%JxQ?5~~a zb&=;5i%<_EJF0Edna~H?F^CP{FdYr0e+(B$mSPBuGfw)lp`CuOnl*ydtQtjav|VOB zh9vWy(U+mfvkWQ}B4@b?^06TLwUK(5$-zF(>Ewy-gMg<^fERPbzZUG?#pix{3Gt`8U)X?!|V5G294Yb3@+d}#6Ai7R^_(LeXSk= zwmw0M1EUq&r}VK^?L#Xm#R$LbEU3FPB?9aiku`ycW}e0|Lz>@XH7As z>29DTpyG&tXn3Uv=$&7Jrd+OR`IbnDD)R#z(CEGDIuCs} zZKq1gArDj`zo^FuTh;Wxxleg61Aw=*BC?mm10gbJ$hZ61Bh3r8lUT{THlA4dbjzx1 zi@;eLWHdrt2HeA-U&Hz#9-d8wpk#jwFDVksNoXus&`npUtW(fY#)!atFv z+VlZmS_H8GQ7EfmhE+ULE9wVYr0NAosD=TW29-Vukfy$ff*McI`{N)VcO*=|bMcE^tYdDy{z*Rzoq(60`Vk zZvb*LowVnS+^Sl+w#>Ax!^1x8M^+z9AXqyrM2s6jFs3IfjJPTojJB?7q@5}y1{6?r z%U~kL`W0h5_7GG~2G4S>q3^e8eDy$Uz#s{)rPV`W79zo8{t{hauq0u2{6@m-h*CIg zM@gdS$akRipipqQEYbC^?jVCqsXo!?vt3f{ZFBClSAP3KYcrehp_k>-@a56S8dO|% z6)7bB(HPXVLm}UcqqP$0Ifh#J8U+9(f5u5L3Ggb&8cl$6N_zB4892vb@gT#bSN`dCJlj+R7v;kb@b zxFT_!ar)`k@Rue+KY8P$NHTPh;Z1sjyCw-qH@2Pe!Jy?s5frthg^mIHNhm?80ZI{O zwK{|c?F%6%jpPTFtEA3^?KJgOj&v`E@#9?52{MJLzrkqeNFCr+D|@)OmA zO_Qw;C;F1tgrXnZzoG$r-5dG@rS=v0QOZ^$&ZZW1RRck6F&p0Uehm77PZ#Zj1-ODC zSqg?Om;q4YSy=@R18e1C!}W+vq8TNuNF40SCq}qIg$F$?93M4Jo7%aN6|LdByRkc_ z+iu!$0WwG#?h{TFh6Ds8;lDW0;fProD+-OrG{LZmWo@%B(YSy!!c@e}Wc^85rt7@Y z9n)M!jO(i#9%{z>oq!yoMWOzcSnBk5b4)V#!EknZ+B{RiBuCz#RQ|Wd%8@e-xkTqA zr4BamV5nacqAQZ}h)#GY<1c@XDf^~8!WrhVzDO2pub__K{^LvLMdXjY{Gp&4QbnI^ z&8Qw*x_Z3{27WI*M?Ez##K^%3`KqxT^~7WJ>!k%m)Vf4A)}lpiYM56{SNWvOWNHfS&x+cQsc9I{--!9<1_K5J^hPgp|?#Ac)I&)<8l@V> z{F1LPnZ%JCbfiz#aU@xs>U=(JAs)oES$sK_a0%9O*5!`R+EvX0i9s>_!}@oOcoowI zm^`_cXv_VlM@pvB`XyYRhm9eY)^TZ!lOlCnpG{)K|y<0 zXrD>iGV=bM#pp0YuR&7EOCUwul)_|SJj7a_AY=pUw;jmp_H;t@P`8kac$>jU&c@hIQ5DhaGi*9$*f zZE4f1@?{-Y6G8^6h3Skzsqehr$iyJqiHG9d*u-!>B_m~3F(M5WtRUS~`7zL|@EHBY zf($DclY3*WU_*Pk)3N$HFu{R2KTLR}5G_oENDboKSPfbP)l_z-49@RNxtuWaMQ+I- zD;$en2(8OriyE)2im%9+K}L)kO3TNEdHhw0UA#r2A&lL(k?=?a_?AQDFMc=-#vDyYKphcWKelch5>CL&XLZzRV2(C- zvrb1DSKm}cd_`sPFpjRAF2+g0IZy*0|6oW0T_t7MN7WfjM+Fzx)kb55E==t4gdjzh z*i)B1v{Jzku8L^mWTqgjCCfvI$0VS^O}2lD*YI=LiJRIF(e}! zSJWm4m)TNDk&2}WCiI}%%DIH5%fC>5_AF}p$3&-)O@cCx-RaaEr9Sag z3`qQ^e-i$nH)#yKvb_%?h0PD3ViX!kXWkp&a`7J=Vjvq5V+MwXj$m!Xg&9zNAqorx zX)7w3;ACbFerT4DqBNe&Fq?f8d(BA85a#g*B@0b6F9uDSpUQZ-9@6Rmj+(bFd z+N1HR;)d7{4U!EIqZc8x3UrBuI%fThn|WXukU^M2(D|h=jNn2Dw~Ix>4d#OWB=Btu z>RY+*mXMv46E)!Png7OEEd;kp>Q;=)hb5<9Y1+brC|lw zkUkv-82lr(!kf<_VQ}bRNBk7>(~xHKqfDV;c$iDAIEZK@nJ7l~1&3NJQkzN%LN5q^ zX4ItZz-X#^*BUvEiQK2}z_9kX5IQb;K4KL3D0&WOMhBpZR{B_$ks3wIWOsZ|DHcsV zv~y-mw8)JmSDZUyXBz4&i?WhP1=%dYH7jtsbOI`v(lhxezrNwd;{RsK?FR+=)mIv) z)?2;u>Lf@Vka|R?uxAbb)QZvQbu*YJ*1g$G&j!oLgZVWbc_D4Cl}UH@F!zq2S<{JD zvM9vM&Iv3v8%D73{c}-CriB{|VzaR?tkx2~OK{yZNynSXKtHo^NTh$XOV50!?spqh z#T%cvTQjxz_yak9Bo5nNz`~jEtj<$DxI1|1Np-f!{g9w6&;G@v5K?hNFJN)g9+7gR zC6@H^Bvzs^ouOL_yOe&)YsYB`0IW!y$7jn0VY_wbP~;$ z)rEeyiIx0jon`A<)JnUfleF=<8&I?Wzj)vl-@R%UVsH7n?_80#e$TEkxzXHMZDQka zP4S<7K5k1-gU2^M?GMuVe-{96l}U2H_;f|u;q|OBD{~I7hvsCZX-rqmc-q7HtTAT; z4qqFc>DLl>YrM+Bgnsd}`s_4W{K@e#9zM_e`g9FAd>u6AyVZh{!3l>)iWE#$__5W3 zxBAqyX*^z9lcfgn?dAVwj@wexmLN~NySqk>_H%jZkBTNtM-8`u6K3)w^gpv!CWJkk zIisy7Dt{DBzCAoZ7Up3=9cxA_Cjn1IBVc#B9jF$j(746-iuq_z1%yS`RaYdIsKKoL zRv7+PALXpukxgB5tXS#t+>^aB{tQS=nGE#JN*D*m&5M(f0NrXx2Y(JGi609aIZR2g zG{Fh2>?1rjd8#Y$AiV890{HplL%(tSAajKk*TCEXrJ)J4@>kM<2(G?xa;7uw8;F0Y#2cZ^6~l}MneS@{5k z%L?TCVF#BLjZjA7qE^$5d33AZ+jM;z8i+JuVv3$GFCrO0&D!$_i9_OZ_}8SEmR08y z1magN4GPFUxqM2ZZw>-ggj`PnWTFbyjyKGyKiajjzXn}CH#5gT$qBM}DVf^%nCT}G z7-BbZAhsI^7#Sc3si#W->8#)s8m23Wz}3k{I3hGC%<#zOpKEOmHH(Xd>((;~`rJ1O znMw*nhcN=sB8QIs!k~by#2uN&1(lfNg*-;dgbiDMM|#otST=iSrMgE>%kFw@Ewbjs zxl#S`PbYll;_dD?&ytxOk^r(bs!ymy0mKWlv2V8Y`~5_RDspz(a!yVfyKXX-#qw9%6hdVR9+z+iEi=>~%7`9(j4`!$VeXMSvJ=GjUItqO2Ll~L zC7Zx4=5W+>Rd!0UpV&9=h5on?zJ?1cER<}CQrXnkcEn=j3f*AEdgD1kbErjq)|wQ> z@aQg$L&W?7C;9QfQ!i*nB5Gd>9mzjpR8%^%gQgZ5@6_ByHrcBn0{G6THS&5 zA&l&I2JSghwL%%4ClmSH_LNi#vT;1@E1RyHoOoz}aQz!e>&)HFu>&W5jeREMRm+=R zW+=IVNS#{$h@of?#-VYLx{0$t;`Aw;p`kLaWYd}jMq+_GqgMu@UMhQlppad^ z&=CWuNHC)?I2Ck+*c8*cxD7J^FNg-CCe+1JBCM&h?exz(YVMy5kr__p^64Y_istRO z#`o_1DjU=5Pw?|pmTZ#7TR&ATSxoR(>8Z*xGVa58W7D!j8gA(-^i|2!sVV{`B#-#4 zuQ-BSzs(nkvTZ5ilH|OS`{#ud5wjEpJjJ(cCvyGtXB3Zu<{xbh3;X#1H5{bzkq`v+ruA8Piow&`v@Qf|=M{YsAQ zwhY$F<;bAj=`Bi4vlSD8Fe7XDEH|7L3oc=I#cZaORw}uyTaiOb#{$zs%7)S(Yq>Jb zw=nJN1gn7IBn>^P4W>4wRUAMv&@c|36vlOM7hZ9;c3JWJ!1AZ&5Ir`;49!J4XX);5n<7NJDBM!?^iqw^_45Dd^hCit-K?6P`4iops8zM28 z2aw@?#n-quO&r^j8HP?Q@w9mVec~vb5tp7SkMFf0i76w}olA5RQ6!KrS&D3-^fy)j z0#+u~jFBfCDPoj#>1E}Gi9qUQ&&82YYMDq&1@BdJSqt_~w(I))`b8oGcH7SgGG%rY z*L89kc05;neVJjH{)|T)r0Mr)#?_qZ4ZzWKK7s3KJm4Lpd!*fJJmJEp1G6Q0Fk5Eb z<;+0KO?-976Bw?)7Takwz?7Qg4jxbDl;>}3;jpa+eHihKohReb+|^-Nul|uPh8A~q zwG!Cz=1wPVIL>#{juoC3bYA)|x|tZeW_fVTO8N_Ql~!PN^eH#v)mQtCzuH=0f(@(%B3EbUFg7R2V!)>zp|*f{4!t*Ff3MELWMVP1ed7H4+ZsrsCVckI@ zz9)g|NHTPX6V`Z9BNbo!14tx^YbGzFu`3wXKw<)orReRV0Xi#8s+X=5fhMmX&c_on z@oydhFk71${Q0PR<412w;k)<-sc8F|vSx9Y{1b;Ui3P>%fBwF{%4iMNA2 zkFaMB))h2K!ac&ivs=bUMA=IwG#q*#bgEQrsGcwUP`1cOL)hoKuRozko-Vf>tuKi- zY3c-(K~~W4Dl-todX$T&fXOI$zKz2eH{qK3o4(&P^Ke%C7*S~+c#l_tM>Z)4)lEfo z+>}2@Y}nHk>?fbDLKB~z+^uU4nI6)rfXS(kX~yPjjj7@(H{K2Ag&9Q~F=Ovxs)P=8fY6wmbiBCLxjShaoAR&mnnl zk`eRsSr8{`H}D?v{fXE-c!dyxUW4^4VL=&J*WvTo8(9Y2TcCD8TW|^BYMF8|TEugS zTC@mgYwdE`pTKhkpD;-$j<#6um&K|i-$X}xE^CGs=}$4ekFKBk&Ys|^{flhxx7kDX zBrgTmvI`dhG~Hhbs)v@h>4z&fBH5TrvRaM#mBLUp&ke8^^GkfOEj|=xe3XK6tGs)t zRX_HqoEp@;AED!_6uwG~2B_6^0K95rI@QE-w>lOhe}G95(v`YNmC9>F$P;-M! z^%lyF+Z9YyQ*s^ZN1KJpd!^K8=;^M-SsZL9NE)TIf@=gHEv2 zgoGwSVt;Y1v=|5c{NzNY{f85#aRU0NNj7~)oEpR3<_f4?oEU6ItP z>$P=SAM^^)fgY@`aKQQF5!>Ss@bmxebJUk4ZE{Hh^J9)!rSvW*ia2QX3gIc7VuXEl zT-)jXowYg4ws%ruOaJ+ZB*d%sJij-pGlVkMI)o%=Ug4HBe%WiTr>7MmpHF+wPmoLQ*{Cb~_2n)03O1GM;}+X@*WdcF(Dc~5 z;bFTx7PjDB&#y6Gbkh(0Z%m(B*YuGRVRu-cRqM&SZ|_r22QNTt;0xyEw6|`5_hHiK z;2X4$&7EV0vxpDcIJNB^Ck?RD`3&bo@8gqnTlMn$_f(S_M!VSlijg|KKzvH{ZF~!- z|MqizjMuC0xR+R~4P>F?<|$McuWeaLuRKfEf`L{h)+i*$PW~DCP~}`g z2KKOl<}GBmAYhF+NeuJPNNJ`|#l(ZCRuSm}Xv6ed@5Roa67Y(^#v53g2IAQSn9E&->eH__`)Z zP&H_jr0-Em0+xQjtx%A>33Mt;Ia`+2H+R5Tarq}=Bn0jjQe-SsAtK&K{-@i$sP~^} z`};wcYf%aDq?UsG+gaoq_?8ZjFUd1mF0xWHMtzF4zWOlCF4<;{D19PF5}IEwr>mqs zJ{d3#TqdtWR`HiFM8LIj~2z$3EOuR7mt&QVu9m@Ve7!0=K<94QN_cr?Vj|?yLKe|+o6RE~h z@SATYjN^;XC0vw)f4j7$vN}GSp4?>QbA3hSZ>V2lvBxtt4&Lm)ZUXm6iw0Lj61L?HMlY_uSwtPR1?9I9Ox zY+Q*rh>_1-Cs4V_nE6b=;&G)rWgsnKV(Eeuh7ruM7)ED+0dpuihL}_ zVZqTlBASruCf$r!KY>ZMDhj0`QdZ7r=_Urf9nr6$gD6EDA=1@}6;uq^&oZ674+raW zTTW;Sto75+X~GnUv={(}zk69>e?7I^?97Y<1Zqpnn1tc>-1+)&qZpnxR=RDOK>dz4j#sCUa7nDETaHWHwNu`ENp$PE5ZDVcM8e zr5G2KOsg{6#3@j+<%+X`NIwa};2b8(e>>wb=p~mf70fWI#mq!q9;SBZqFLtkXq?PP z*jF;y4++fCOLSJ)Emy$6iOJCe#CXD&0IIQ<(PSb1Th zznQv9bKrnC*EE`1sK~f$FHYO5nVx5?H{d6w!FlQzN+d8=zi`wCcJ&vWP)r{RMyzmx zf2c3opJPsLUK4xfQ==#kk-Vpc5nMBP&K^UpYk1B?;#m&lVu%^8TfA|w zW)Ue@VO2qu&dpis5 z);uK@k@~W7Ne?gl~Lqm0#L~8lkddi$Y88jeKgF{zj80}#Y6iQ^|?^ zIl+B)q~O%ti1IzNLsz27iAdbxskC>{Sp|g(5$e*!3H!olNaaKtqbCx|mHr{F--!78 zRvn7wA#C0a>@9zmQc-dNO*`I=VhS9-&obZTVS*q?Q0pKFl#z zxaZm}aDlCE*z^V8+3K@dQeiMU86*|Zh=`h|sAX604rW9ao@1aI$fd|0#mZ!OBR$fH z+~ZBCOr540=gfZZs*&B|RUn8cIf#=kVsMO=nHUn5Sm@zIs0bgdRHs)4p;y>D!e~b2 z7OYy(q4QM-FS@m_{T9DkRHO&|eAk@NnMyBQ^Mbgb@cm2K?eoGtaM9;NJv9yR9}MZF z6oJ3_ln;^8D@A+@;AZm=*(D{OWUMkd610L)RLe&Q!-U-2nN&Ozi*C*R41TeN?Bq<`{M4lXquyYj$5rn$&G9eMtQQ1&EN{xh@ zKu97NNib>3^qmqCXa-3z<$CbcLKrSh)l+apkqN|J#dL(;F2(G^^8Cv4RCfBD?na` z5$IQht6s*-%E9CXxD>QuQ%}Fgsh;Debmh8pScbR@S=K$JtpTh@T2((Le`u+3n_3$h z=x%N=rm9<)}6;otg8d=p0>*~2c6JnToF_$9n!Q5Q>0Q(M zuh78a7?z=$;W-f6nSMbECJ%b$5AF;`S1KQ~8vyT2ODCm(evpsptSY@yU^59War#f2 zpeWiQ?9W0`+lmZtO_1GQevUBQxVJ;7kYf@y9&;x>d<{LmEDPS!&F9arm~Rx@y>bf;q^4H5o<0_ygpTpW!em96{UI=;ti6kI(dk z!np1^!S$JeLkm-F)XsBi8dl-eHFx(Lr06v#nbMS?uQdZEo$;*;+PmfJS&+Zyh=r|AHmaU{)KEY&lxFebWi0tBD?#j zmm{Ah>;k||tUf94#%2k-Jr<(2L+d&Ozos$nnP-uMk5w8owN1_caL+f|eakf2@sRcY z_ckwmFd7gZp@MB2Y!0*Yf2exL;7Xq_T6khR6HaWN*qGRMGO<0ebAA)swl#4w@riBg z#J0_w|NGYca6j~;W_7K4x@)i9YfHHrcjDE)all}vB4WVEu^0Go_775GHo$b_T0Im4 z?4vs}%{m8v1#enqDnEj7xi^$KQv72YpeYmHJ$Lc2FP zNLf9nO1l4mQP?}Pdr8LA4FU|=P_*`t35w!g^1<9lG9K*EjSi^E$a3@@@55+cl7Zt# zuzVW&ajuvUv;cj+5r|5KIxGw*=@ijymJ%*ph3x6sUnIwo;oL^`h_>F}NC8WHZV*wa zZeMP(gL;b{h$Vx16CEkkNoT#dd5_68LIxd8P+KU#0PJ0bP>rMLsE!P7$ysQ}rpl^~ zZkZZSF?=Fho6TzhL ze~;z`-!=}zGdwS?5cl89%5prK3kr5pa>awB&nTj-*X zqndh$A4h1C%ez$!YkS!;>1@is<|)T~HRBQB5|_y2#iz;U%wjX0t3jSs;(q72KV5$= z(M4sS;Mm&1L;K0b01==UOiqFoT^}Y1q9C}oE>IDoBjDy5XmhT1Oar5coJ9?2ExE0r z^!O{C{UxM6c4+RqSw$banyHqg>#8nj*d&tq@=O>UVQ%QK;yPQkW*640bmvmeDV+jd z-ab1`oU}N#fyi0{wBk^DJh1EMLxXt+Cy<=lDf*{Yi7M|mzVCp+fyG&;5BAN)OJFXd zw>HF4n=yYKUEx8fC;!a@s%&>emED}s838aAQf9$`%TS6EUfMoJ!XdswY8Tt)FT zmM=LHuk>Cj=dQRk5_UVjBorXrkpYo1nq_!~2@naZ&=R$1?pXtUyk&gj z7>XEodQ(Y!yJ2Y1hU|&IG?D3Ax;FynckrddZ9(KsEpPTi}?V3mzKDXet z#w#ADhu<{_$Qx{T`2WRs)4F-N{|=Gm^*)QrVeU#CVGB6f5a1oSN47Zot=V-?dV*g( z+R{m_ka*^ekFEMI8cr4#?K=vrFTTYzeT$u%q&V@nY_E4}?lPd-f#(>IRU~8CF(E8n zNsqt0anR&&BTN}e(>a5HY&KSgB~9b>AM|}n?3#+3XxUV#!lg;Pny)-31rdKAZrOP> zK-i!oVaWT&{paX4PM^(PlZ3$pnAAF;S#wp>aj{6P<35wtwB;G&uN`Rqum?WPAdc+)gG*GF$jjXs14e2tsPt9%kq5c;tW;UK+Rc3U3&lEE{%!l^7QrS>!ZOX;`+_MisrP| z?M@Nb!YbC!-(_Xkq~cHB%g#5elg9w@y1;I=0kkkXDq!X%DP05F%(q~DGvl438&mJ~ zk1$^Jx4odVZ$8Y~i4&4zOx)tY3RPxfoBxBIH-lm&X?jH#epj2N**IRVk|m9%$?_(k z`XO?1;*r_X2X`|-rp7G>!cN`wdpTDI1X~7st6qYX0qe^uyQ8g`C+`I;Oh(n1Dev|M zuzcfivBjBlw+O%~<{&3Q7?Wm!*jOWEQbPFABwweE2ubY!QAn}C2*G1^*&yGf3mMP3F+(1v3y~cq;Pv{JD8aYc zg+%fgcaDa;bKLC1**j!W#;5RE7HB!aNGKwJ7w~z#?8G0vov70}mtv%ktr{)oIq_$_ zqk7PgRhmn#S}!XMhkE=<2~Sb2piP8OQeR>+Dgn5i#>XI*K73(RL!DKyA-$MftI zT}(+TSDuEA{60OeJtSA|tzjhBf7ob9HAky&vYr6_)of*dB#yU9mMU1+oaQu6XgDuL z(~WC5pI%~{kI4rPInhZkz)n6O)75Cnr|mMfz#^lS?V7 z*R|{*GhILH!rh$-lNAsW9IUy_W!mmn=IL7%W=sAHzabwQIklR#U%LB|4J{UtePl#Z zbL$K|H6bdJucK^bTmWcFZMfDc%@z%$=$zuV(-8gBmOh>t$k5#cq-aT6v(5;lMY1-l z7$SGU5ATqRC*U}mupJV`!XNJBi$~x(T0nMr3e7|hNJU^Weaz3>UxNzLBU5t-DnH)n zdJJCr4}K&S4Q4^p8+aW4u#h4ia0nf05pn?%KJ+;)?5dnPsl;meV+#>AzlDpeZ#O+j z5kB3fyw621-f4dA&tPDE{78Ch}IsxajtB9_Z`@LTV z!uXj^{#Bo z&FP=0B=C(&P7@<17)w_;mgnTD$Tx|9(hUb`0#Ig(I8-ndH3~TLyYp$h7vf}*!wNqx+?ccFr%~%y8Q71e$yDC zA?p;{8Fpz0THnUp`u8Nt8%uJe+0;GW{{lGCyyw2;d&k^2Sd8!sSsK~HK z7wI@}q}{2oZ;XxR_=DCxDdyd|j)UefS_hr#3%vU?QF+97t`{0UmeeCHjIe<{OB5*Y zhvu1|uYa{(mItqIP8|(DmQwv{YTQ2NVsP68W(^EZRbo;bHClnA$NRY-A7j90kFU6n zz(j+`LOZbgk>3(cTaO`;&*+dX*u!i5gZ%SV33zLQ`+0|E`0?U6`{hM;3AlMpp=tV8 zH-_~AP6c(&8-V4&gJVailTz|;Zc0oOp8&Vv35Oo9T@v8)&603x>T{^!0jP5ORc@rl z&#pn_b_3M$2D|~MZrXzl4!i6>+NYZT$5HMBeV=y$-hrQ2H|?A6_nRMgm!B-a_t(wO zr_kKaw|n46F7PoH>uq}p_#q5@yie`=?D~AWY0v$9x}A~&-%bJ7{6F5`HX{A64^7*J zK#r$%<*R`o4>YfjFWp3F9rn=c2g`<1=T+mvZ#O_gLw}k}VYoa;y=N!zjnZvbgMIPy zy`AAlPp8`6Ca>=P)oEX6=Iz^~<*Qo{P@x>DWQ=A}?A+qV^=QxAWkPol@9F7vKSR-j8`ESk0;%Ce`B(eoT^Wv65JC?S+) zuGKI9!=LZ990&34f^+Ea>q@S%xxQPhPZPNsXI^-Bo{CiCHDjT0s`F`ZH=&16I>OeZ zyI%t^^WlqYnJ7gmvP%5`W%J_(=07@3gaaYgkJ=wOn%78Z*C^y|sC$l1z4)GlnXulj zR-!ARk+dnu0*gJTLt+t?gb=1;r-Dm?8CQFc2veS7o;UnKhm%_k&u?+bo`tuLj9)qk z)lWRadW;GJKJD;5-0%QsnvK}x?OtA?rO)Pb`7M8MX6aW;))vo;OympR;6A_3DIjVq zh4DLzsqm+Pf19b2zcybE@K>Mf3llFYM!Ju?hy+7om9|)MTp?fol zaAaHlkc+HZnD^wyz9Z_M3q5W#)4rRc_QUlA1wLh);BoZZoB0E;K3kP?fXXo7*LYma ziuSG#CzK;*QVVX^`Ds?;gthh@9Z;ta`5bn>+%UC#ll8N}@jX-D!NuU^d+Pf?hkJ8> z&vn(QP>~^n1d~^T70UT*Vme8uiDK_+gPV$V)Fw?X@hyi$(6d5`xjfH7=JvzOXkAj!X^l;PB(R* zlQ$W@Gr>dBsj(%FS=u{=9-!`&&ze(=9$(B7uL$7!sN|8?KrS82*jwgHTf0dO*3XXmP3986R6l)8n$5p~Vx$URrGe%v2pw2JMlJ8M2LlMPR%P67;d&X?UYV zT@K-V#cpZg#UhSYw;7)?!3jx-e{;GJFna7c;DMzp^k3FYJdL0bSovDs(ezOF z&BR~C%(%?Z0g7|hn83Yya%~q8mwZgCPKg_m_9ult^2=99jN~abBzn1eBdS-q&~YT) z&`zVH5Tgceop9`v@=P{SFm(2AqMCCg~q z__4-t!5#W7c03Nv_3NS`SO{i;M~?eou0N1;LkD+9(ste)^I%~YHh-5AZox_e?I?J>!5j)YOq2^l? zrzs_KH()rLf8ao#@JfgY57!u8sI~stU}PdR&-fz~4>)bpg(Fs2$TCBzE6mC&ZG*Hw zF?&7h@$c6{owe|QtAe_HR^i-#7SAQiqM+^m5}2xh@&)xux!AD48d>G9Zv6cv$=j1irIX73ljX%iU)$U_3K^aGJNx+!eUGcZta4> zsShxYi^s5=e=3RE%<*uFIN@CUiNxoX5D)WpRHmmSl}L(a1>-m0UT11z+WE6`ibeH0 zm1?)lVMIMl@|qAf_JNip{PP8O8nzRG$}Aj2vfM=x52E5?d9*GcbuGHOJ>I<2l=bmn zU~Q*t$&TT!Dr{$G)&*P7^O^gX(07g6P>3+=hC{E*UDd=)41%H;&!oMg8jsW z_)D%iR6?o5#taJN5Z90}_f%v99RkOuLBS`mr&f@SS!XA&J~Ag0BK~yB6AA9mipi#Q ziD*S{PJ~yIN7#^AlaPr*%278pV6YdUo9WQ>_fqA7h!<)4SuV~ zHx!$IB@yk35ebrdVrWNCWOot%%}E_|;@3+d;;`bugkcGQvo~^t|7YCQ$`K{Vm=sUM z+K7Yt>OyF1~m!eG6<+zDv?K^o{@ZZ{2>s2N9Nl?dF$Ku&Dk zFT}pLCRs~2N+a&QL^!w|mVko6t~wQmg2^0BA3j#hES6nU{Lq8|jd6 zcw3K9cxjfjrzIdR)8qZ8sqB;+{!(n!(X*-QQ)Bguyx9HZzyu>oWUodWm}fd&_B}F8 zn}sQ)+3L&;k`jJElu^K*7AMl$a)chIu{_i#|B*2doBL4a0L3}a*txesH|I777dmfUlDVHZ~%w#OGGHn<$ z|Bo37%?T9Iuy{fqL+~)R?ShGSC6LsrvLI0=?S_7eJz2A0Xf$UK2@JIs$}~joZD)Gr zP%9ySXY_Bj{GZ+CG{6oPbh&I$t!UAAQrL5V8#ox^jRMGYg@?=p`lAcFV~X4jr~h|U zH}$6|!9|yR!T`B-!6@8rl+(I5?4pM@f=>)m z_PKm+Fdmp`3Yi0Xm=Da5rC93nUO-U4tS045W#~?04WN5_fr-$TW>mnX(qj&OlDY)I zhpxqKz(r>QpmXERe#7r8C#1q>*r#&ulB&#M(ccCT5Kibku6gqqknB4UlLXx9ff-5q6a2# zn_*xIbGQTQ>&d5jw=$JPZd-+h)O${^76@~+*<%#P1>*S9_ZKtm{M)O*7qeyjZz65Y zNW^~d`9`Nm?}6$n?hOZ<4Z8?`$<9*4W>i*TInT8!PIDEGFvTR}jg#3vIqpIw!%N#= z_xNhyPWQ|BXK-oI*6QAI(nBuDo={lqdqfop2r zcybWg#8K@QyRVP=Uj@W8E>2>_pV@|=3xYT)se223IC(Ncr`xCV_6jQ}7!0d&d#BrS zn??BdS5!B}qW9Xi$8t+2e>5J8V>oqoCLDMrD>^yLjSV8049VAHU*nQ%Y22GxYiX`+ z%sdK!2oCuttyLDINg)N#oMd{x|`r zNwq&V#$3waEpDl=SjZ~IzQ@ZaP9YxCY~t{V8pI`qznPa2wQ5+=yj>pFf?r}d-{{yI zQWHDH-;pevmE4ib@^ALDjP#fG_oQ>*r!jAV_AeK*-#`jrzs7mLRNH2c-{(p)RbA&f zVwz7r_?Hvaf;nbun;U{MPnCNw=Q2%$K_riI-k4LG7lH`UGCi!cL+j6+lAr4`O(f%& zKz8kqTfK%DN3=Lx=pEC-QI84yi0a>y8*dW;aJ332XieZsbKvDzbSg+dNNYi{!UGSO z#}g4FX1ybxjEoQx*V~`Oj=-hRxO%jzgr3)vBCSff|K3}9-CB?{}q{I^IB__p5uzKdy$MJHC`(d(~ zTzK_vmaJpCd$;E=Zs!X!5fMMQaZ%dRTjR&lFc}0bH%ySVwEH~pLdVKY z5fhePpRSnha?FCn?XtuRaASednMbZe8IeRLyP*Fz+gMJrO5_IX>4z{^4FrW0ch+tD zhh#9k@1J<+^71+?6q}V9$ z?AUm(Q_M07IL-RY*2h*Q;Nn%HVkmEA^c6#JOvMg(LgJ9QQMl5d(2;=7Fl0g(?4pxz zpi~c)@bLqutzc2-5ySYXL`x)lQZzhWvCf3~$POFY0)Epub zJBC@@(Ni9byk|Faa*BXctDmu4N}w$2!=qRJL#pGiXblc}F-y!YNlGJ@{(no|KG*B0 zf!>$dH>M{Kq@T~PWo@1i)>n@1t!U=Xrf4L>_3?k4f~?~~Dx>&=7?M^++TJ8mX$&hV zR6eoLfjWsG!+I$h7QAk+W1n>B>=HH&v1mvXeZP65+|HG(#Z+K?K<$?vfC>UUgP_Q| zBNbldb6lKU6G`7iEYs1Nwrx3<#s)W|b0#vIH;(rEqL}|X|qHN3y^|0TRNgCTEKT`$)CtU?wVFl)a`yz3coN#^AbtG(7XW*I?O$$QjF$Hb4P|Ud#6+u&D=E%m zY-x@1i-`bL!ekR)!w7pYiavi5L9ulk?$(n9EXt>a?q_E`LN$8qeDRjekghJ&1p zIRO*_0)P`A0@f)eIFB?$^V(Ng>78*I-o7mzWjJzH+VfrD{Ut!r{k1|ps*_Yb#hqO} z&ljxIzhK>`*^pWlc|n$lx87n$bI*;xf`?x}fcKMam1EXyLyUSDCFm@!>o*z0h5cGX z3r|L~6B@ROTxY~yW{0j7q*vE8-c4eW?w*Pm5Mksxq&_6_x4M~Qc=6V=Lx zH!#nZU9`qi`(pg;#R1=uECW_!?lBXMdpL%v(yIE8`I062pzlzc18hDTj5=Ah7FkQ% zfeu)<%e@R~FgwuLwsnMM82ml`6_kA(_&-^ea|HucFHK;I@S z^(g<&yE7+O$;h)>6C>J;!Gtv@O;u(=^DSv(+Rch`M!=E$@ek`H1jcY6s=v4mFti0j z42=Yra3Iz7bRTI^J-n~g+RxYc?Pi9Z1-L8ZH8s{cfCY13IqAvW)2r`Icw^uic*pZk zbNZ@#1K?G&tVi;m`WV)uqI3u{Y4?u`HzJ{t2Xc4|aB=-vihEYOAx0?4HpGmqI<2sog#sdCG+!tGccHF}F%y-(*f! zt?e2sFOLQN$#2Gj)yBwI2;MIa_p&dm9EW81RQRiwFC9h!E_ZJkm;rqDSq24kR7z$y zRV|;=91AU-?{p!tlsMkbK=lg>ueICTC%=!5ClILp3^LVv`Fexn<4yD1<|V^OP?M6W z%*i8FAA>1j{q7ud`@ye+fJ#syxU>FQi}De{%&XNa{f?M$0Xuu}lV#r7&qcx{-zWt$ z%f3~aq+Y_fz2i-BQ$UOt@L9xP5Nm2OmdLr1n|i)rGbr>vCig=jpyL2-T;=%J(0GU(=-cVVH zE|=FzTo-*BRd(utuC86bz-UaCwg^)!=uA2@dwDD$x>-ko$0q_u@UKWoh6c&)kM$NM zzKjJ59zhjlrPpW=AQtj3G<)f}KLOvX7ZDLZ!u)0CHu)#+Hn93vj!w)W1lwWy$l^-H zhRTXZSOgCL3~DKh>yaS@=+p{8OOpN-HclwUmVuAm?`wx2Rr1*D3oS#WcFA$av=QMf z6$mm!2mHX5ElAT$W4AwfDo-sy0?Cbj{9=6%{CCM>{y~t61N^<4iM;77sYF=E9c^g) z#N2d$)A!isL?Lw+v3r5n=@-*(|HQ?Avhio#lLN8O`7mx+&*yVq`Wp(%Q*K?<}vY*sg!VZoVFgJ_6~Ls^0G(CD6)I zWVaGb@Ga_AcR-Cv2RiT(&Y*?gkM-X5lIj$rDp@;DDH+hU0vA*Z1tGFu6V+~_b&p;> zf~f7XcJ%V~hy@B!{~{XEi2JN}M|*aV$iQ;#_CJg-1BPUV0NugefiH>8S<&DSw z?Jm7Ldt|atSRmufF7|`v=9YINTev7z=5wCr@ana+nUM)XPDF>Qy=iN_2 za1b`aGFA54nFIsTMJZtjXN>zdXMl0OrHX)rpA7tlTx~fiC@~dFUY#zxBR{YH$AG^Y zi^^m+Ezp42hw(R41kI7_YhmIL4)Qh{k9!X~tqwNnDW(Q%!M+*UtEh)=mMCfLG~)#s zsVMKH%8fL}HAEr?a$Wv_*Ud171SCHu@(gt?ZBK1N>ysui6}h&NMF83G!k)!<gD9^0ryiQD1mCTNZ7Dt*oE z3Rtx^v>jy4xK-&jyfyFjJN1hnV9DsNhh*DUO}-635_zG=z)n#`$4@yl@@9P6lB^`% zQm&MZJg%GllUipG(3QTb8y%+7bEiG=1sJ#%3gn^m-2n&?C_ z2hJFRTz~Nhxw^Ol>`IoT8$?3oYqx=+XSI>=_@;)C#%8%t`R136{h9B0*ni%M!iaqa zCGM6(1CHwc23Louef%g`+Em#w<#L+Bxe#Oros%IkkWlNz7AzG4g2aqdAdbc7CcfX6?|@ITdi#mzb=29@MMzTq30yzDj;}@&w(0=eoFsb zU>1UvE9hy{s8?0qdnlh7!P{Mu#iAmdw~pUAPqz#wE=E`QD9mY)aN%fVa-Qa4PsK4=g*h z7cawIj%WVkosU|Z~u@irn zSAW>jvH8TkAyGpgkP51d(+k8&t~eh#+?=$PrcHE+Nugm06H$QXS3Tb*)|+eQP(03@ zOQkMtg#|!+G1<5CX+->I*1i3Fb?O>C(6jv+dW#SDR;nhosvY@x<} z6zh-&-$|sA(B?x(C9*qL)wRcV%MEP*$Z0+y)GBn_FMC(Q)o1totrHZ*T6UIDTj|eN zTE;H8T(+tgZ&TklP~)GGioE2W$}UK$)`2^p%=cLKOQz#>iOsw)p?V)9kJiTn`k54*%9Q8hU& ze^gj34JOI60`3*<`c^FLX`1Y@<(s=)&jt%WRyzXuGvF)|?J~hZ~*7$9Dk|@9_BkEO>KU0J-``{}APe}quKjc~oL&6cthOT3d`LBC|Lj=|F8|T&s`qn>6SSxICm0hPqSW_)GS)4IZD*TR7PT33!Q&dav2|H zkK{hq1f(jSG>aVQQC1z(E!q%3Rkqxo|M6dw2AE#|25=2J zZ#PC4!<|hIF#f|rqx6C{HmifFGlM{b9nJVw0X!jaF##)Au|Ef6;uMTjmL|$%!jf3H z6C82bcKC)ziLQl?!wJSCD|8Uz7g<52S1)MSJIyedAr(HR%oG_=pAzhfNaFQLE@lj- zo_R|{u6)MfIb&0PflKr&pi59=LLzx9wFeHtPX_=;@DIvk?AF<7A?H?Q)u)50ZSXS@ zkhe|EVwQvVIK=651(tm*5nK458cwFZ+4YpCj1I#XA%24#m8rU!5VGIQI+Z0`iCZ|6 zvtqT_3=%%pxXV}{K7za4AT%g}wWr!l{xp0!poiQP(qJSFhus}~%l%8)YZJf$HzCPgOFmZ9n*1(o*Eum^F17^^a3^D;;2P83dakvGB3(WCx+!6Y6G7 z5n_hZ@;deChqaIEYP{SGV{Jafhh$?xvw5bF&o(B=zmzujEfl^hpi`_UK|M{ z9q3e}beKbS&gq6k-P2)4}U#W05-Li^(qNoUAC zFh!*uXo8Y|V25+I)+>K=_R6Q-`yo>}9366U-b{el^~NiHCP)Z8jXh5Z5R6z7q*h0J zR1$m}=)2lM%T0&V&e?;&(V?jYJ>br|Tf)4k$727TX{$RN`7*C0=CX}CBNX#%*cXHD z!gxz;K^xmXHz4e}b$e;t7yR7U3aH;U`-Ld{mqleByM_1BPe)Ic6Z{*wbA(DLcCVh6 zMva{+K}(MO6Su(f#jC?Tx6ui~8nqv@bTw-A`v9-(jGw@f(*W=YvmNw5!7T<{skwc(nkU&+jB)PdnloYuK{{7Mtiyx$d9BVki|JSYhh#0v zG6!G7V=2g$kEdZZ%poRZv$qy>hx{fSnOZ znLI;#sEC@Txh}6MVi0VywRs|27@F+diG@X}^k0su3!ev0v!s&b_ZfJ9FY8q{9A3R* z>qwl5Iv{l$3;Y39vZxg_k^x?^^=T7)QDnXmX$HDh&rg|DBP7Hd#P8_iyv!UDWV^j` z#Stl2+_T90YU6^k&sv=m7y+aGh1h=r*te}GAYyfwPTl<4>x3NpXzafPW6#;EEA zWN_F|$`i&9PIPi8*IUWQ66b$D1Y4!hl*>sDXsK3q*z_eJTByfUF-??l*@`X2?Wf;8 zk!gDSCPqVDNbBU>*>UlB%5lkCp=8!tae?{n(7@t%6!=pM+ji!DX3IFH-&SmD@-1Fb z^MOXfaUez}{-_`3)+_(a0CHo@@XlkCHZnZzoJWxD!biybqs70@RP%$+y!3VYB!Gw{ zHJ7}@_M=gk6S)&C6zbk3kzrITzV5FWFfOX(Wx1v)^|&W%dN->;Nb52c(oICVG&riqlsaqG>BeJzpoLvE zwtQb!K=2ANeAq>mQC~?O0pIs=Zg)jH|3*DI_smw|^>K47&93FLW%Wl)faUx zwg0AW<(JH#6nmG={F6{2Imub=ctLYBy&p|j+vc=UzL{39(Hs%e231g@0o|itQW?Ly z;Q@_~%e`+C(-tsBO67?6f52}uF*ccu-%$cEfAjW?b8{uqH%=(QQ6yVu=8`wL{*|ax z(d=#Vx}iHR|Cj`b-~at`!RRH}9RJo$yCq~Nw1~Aby|u7RnvY=DrfE7dn6LG>I5N9)7d+p&)`dIBUdT3mvW#D@G-KJ=o2A6BoR|*@ zBhN`>9Q~xNNGwK$-Uh@#zFV^ z-s3@1pp*ZKR88@d+Mmoz3h)Y^iqq(EpexSPlBG-2!bMRm2d3F?P)B3VGo<{_Fg!C; zPqLNdZY`BD!@X{Mjk3M?G&2TqBiF0pY`Ue|x-$0c4A-OJBGsGik_zZjGKC807K116 z2?Wu?$-xXG$i=$grLrm1{W2RGsN*b|iwuLgbFiMk|=y*2_@XTO?FarkQ1)sf#{E@gTIY^K+?9pL@E}v;{{Rg9H7{Z;e%6hv_jdQ^HqqGi*(SP{gv=Ch zT)!nXQHB&ezNMT&5j2JxzNwrt)2}=_vqHz+R)JuBKlgi{ow>Ei#f5F8E4SKI$w~0q z#q)&6Iw^bE^jhwSI2(h6&pVCzx$dUqOJ3%R`}Hcp%T^XPfGhDW%SPxPfngN(7>X%BxthB9+65!^Ss7S(E<;efy0@-s|GFjdKK4gB9{4S?uY{`tRq6ia zlB&Z0>L}1RD@JH|DptrU*ZmG6=T%eJ#%K5F%jb2y5N$Rz<_ToRLjeV8>2>{kZSTgv z!w57k*N`(~p6V^RG-G;LOFTjWbL!JKt~<3d6L1eQM$NgGCu7hClx1rs+~1LvN6iz? z-Z$i^QU>q&-0mvX1Boov--irDmM5pu4Rly)II^66&d%`TG&pA!QRb1%BslFQ7!i*R z^JK`d#Cn?v_K!T(+1-1f1@b2!Z?(R6r#z$k_W0WR(T16<4{~wH{H$Ro;Y&69-8A7~RZ$)+T2DOr zHOD--!0X?=-P{6M+S7?@Ea?6Nd%uD+O=z%)N+sv;CFcd*m*WLt*ULi5lU;yw*D|(7 zJ6Ti&U3>B|QhYFnrs>lZIh4aP38qpa!C{<%=p0l!KzT(uF{4BmtrT0nzY!cimHs8L zQYp;L)o@r+sz=0(kgv-r4(JFbs=3c?n6-W%VeaxbwjbhNq2G$J6JBgsncbpVAY^h}jB`pld3-(F#g zX9Ig6ki2#-u(#IdSH(aKHsA0EP8&hav)Zzs++~@5jVQ&QxzMAp>QbLtV@^?W)0>%> zf!#>@gS{~DGvKxE&-ijN5l>qzL;4I#C@vetGE=(Bov4K?)^6}P{6QpszlAH(Uho9G zyE%J(=}pMQk)#}dk*8N#-$7$C(F%r+$k|N{aF|4Q@;Z!zqGfuwrO(2(xguK#L+Dvr zi;H5KDKouuE9C#HAFy7JzjEzt&fdvBxaM0AC6G1o-?DG=7*^(tNe?a;`wh`oV#>sS zPML^uj-80&X?1cN>xPJ(@z9lhmbH|Wm_{(oPfowp^z3g8xkbsI(VZeV(^bvm1m+J( zGcpyfZ?hLtXt(Y;x@K`UJdGbcK1FG^bY9_C1^I2WYqGZ+z)u{(Gc$t-1F`3XXkqXv z%AySU!t*ns!}EtQBJ**PaKupHal{m;aKy4P8AJF0+Q|28b$A4^d8`}`BBoYB;e&CE z(9vY!5Yen7ZL?`qe|k)$zal5Z0j06x$+pqR#bhzXEv&IH@KxJM*^1Id%(@NUo){_E zDv!QMefTd@pXiI!XS+@?iz;9>YbskA>y-G6`yS;_>C+m94AzK3PT%}uKj%5-&1S`D zhwnnK;$lfzDI75&WejMbQ{S+{dA#bCVQ)P1Ira!;K*N#MEB!6TY}+Y7;n0yJkIE*c z@^l5|KZ5M(z!k&-V1}Bko}Xw(|6B4@sexA{Pr_Gxs04*o+!M}EZ!r+`t-6#mPJ}^O zs!`7G9~V-!nLG*q<@Eg+mt&E0Lmf(Ojv+7}6GQZ*G6)DyL3M5oSjVjCh$h@gZgwIw z@FL{7$d>+-m$LzN6X#X}wxa~DpvjV>>cWb;B9U&_imV$O3FPh*X=?o6K6|G zx8(o-X9Vb{ry6mOGsuN3P$f_!r|!FBI7vn9c5!f^ap>3g%0J2ob;mk4sB_|1k=n$rRZMk8kPV9_FX))FiB#;1w*t&ipp152bOy6=kR>=kiSz)%%DfgXoWnh0iyYOiH z3@utCT;QNde+K8iZsa7PVwzI&Z@*fyS1bksRgQ~UD;6E>-Mh@yvD*8}ph0XE;rf9( z0qbn^6I5+1^t^Nzy=8l8ErgPsJzuHLmR7EoKT7tNY;>zzx@m4VO-06ikf|_1_V=N( z=EdvR6LNx{Bvm@KmL!$VnATT~uhMKKHBl9%ScNxwQ;vjGT9O*E0lF@b!%_gC6z*fW z)cklJ4Wf6kdVoHihG4-jxG$GUz!}E7YOH_0`u)-NnI^Xu|6X&=HoADkClx`Xx0R?S zFIr8W!5Ag<7x(Oi2}!YhS7mcAR&O&~R5vRF4TClMGf9?oQ$!?5R(aDFqaKiUev9&5 zrHp?c#k|70-B_LTTn_NwH+>1b*ivob_&-#AV|XA<=YwH-5rs>L*xnkX={^KK{tz$l z?l2xi{zz{RE)GJtRv|)`RvE&LeN8RIe}P)s>naVJ^oU|RP)pOwuo1mCog?5f{FYEQ z&_^(*v)`F3U2}OW({ja&Tg3Cd5K+av2+1POgyN{`@kR63hcYFT*7DK9ohkrV5+(aB zd9tyIf4@cJ`^YfGLNMqe&Kzo~>gWIDj}${ieqSS^i^v48E8Uk16pNpO!EEY8tD|x< z>B}G4fQWP&_ApY~6AluKFG0YB$a&+UJ0ZYv|IRw6N#MS?M<`zZfnFjgK&N%f*mQx? zvc~U#HL)w&CcwKBi)8R*n5Ycb^moo796{VJYS|9&_wa(XyPe`ET2hh;mg%rP|--^lVWfpz?)oOR8hQ9Wz}z0?vazfbxTMImKZ6U>Lh|GgXzq{ zZe%pK1uVfF3<@8<_kC-!Zpp@AW3q?{T+vcOyXA(A@XQy%1(@;eu&r@Wq-emCjF!h; zsEU%n)g>~+oXm|Vc62(8jjvgmhwDDRX?JyI)5q?n1T-_5W^|0%&vbh=_| zd6i%r_ZOR8Z^pXW@raQ9*O5s5Z|bQoi@69RBeb)E;bt!c79Ce;a2)^|@fF55n_MGK zLP=}l04Vt9N!;+|0do2B01x08!0)+d#N{C7S!_~J%QFH5Ns zw9D54?NX!?ek8D$ST{r8&i=ju&#NASy_dYf*pEVrKusH%;$k$TPvSWT%Hpj}!z%AX!?BxeGz^`z!!yDD<7ppaNixVjD z*>(9A&XVeoMz;7)#{J%Q6m{Mp3N`I3<1&QThuJf&H^b$py)iMI&AY+*1ctB+<`}^^ zHGQ}&_y^+#w|wqrf@U!1!Rxg0#2~|;*6L~G0UMaZSlfg@+Z3}3uQ7ZjGG_8nt#41f z02TY@^12opV&SthUI3ap6)ss03VC3HzWamz*5$#`nS*BIW>t&d?YKxu96jvim~kY% z_OMbK=yU#kjF^p@>UEvAJ3BB{~J ziy$>^U#+dLKehTK(xTZZr>`obL34~VAbsli$FzPhpg3@~v0<>UByfeAhTe!koDsiZ zc86}k>q*O}&Fspu&vw7v4B5V~)@cK_v@Mr?#vY;s7up={ruaScjha)uNKF~P+$vt>E=%I+<1GPmKn~MYpn98-w#np8 zK64V^-)vedQNEV2z|ZJtUY7Fi!ak^fvjr6a^MmggOlGuF$v0PUd$!AURk*Y?vzZw7 zt%4wo%-WY5xvcmh!u`*?vQ7yH@NcxN#qd#LUze8F{aZtS2e`k2eFw4x~G8@j@GrP`+n4%Woje01DCjK5AiDQcaA?uJ6 zk;CK<4&)VrMrwmcWpVmJ61NvD{Bu+>b(oREnprGpl2ntK)>Reh@xX@Y|vTN%-**V%-$PWgs<0Il3cqd z@MeuT+KGZ2ILpj?4(1FTOy7Pt)}kk!%lRT6I#D78714fd3UJ;$-iW-sL~n+gzrQ|g zG`xOC?>P>DbkjOJ111PcXqu@~^z#v&BlAzhXxS+P)bH<|3`;}?JRt+QV62sK38O;*T%~#{=^-fiL=1 z*eHEI-$Mh?0O^yA9?M{e`*aZ!IBETg_eFAX;w|@PQJJ)d%my}8A=0hTvgpWiL*_OC zxTaiw62xn)iIf!)8T5J__T$7{<@jt2g}TVV#d$ekpK_z|KX7(&iu4lty{iO$S@!Dj zin0#@^~rUDdeOVbc5`kzPm9-r@8O5gFOL&(^n^p;LZAH5N>?!>I~0lS%rjS`$vXvl ze$Zm{`sSI=Slgn<^^@s~s_I$GQmHj(&^!6bLaf*5TO}hWtG}8J0Yk5JDHMuraoS&% zjOWqUBaR6#myWlWUkij=rnmk)^(1)%=p%c7%HT}XcU&Nuja^~}>fIdwf#D2tVi;@v zXIuiz9jCx?b~$4LC)f#e>(0D0e+tj$k%h_TZ!gu}~)M+@Vt4vq8PIb&+!F(6axsmgV$*Zr}D*K^OR+BKohQ zq*Dj?vHO;e|64pce$PRxk$&!42x`c$2&MaF(JAWRWtWiWv>qcW9Rx%gUeZBSo5Ntt z)yBFY?1T?GwHwuJj#fNpb%bjq<(4WhYA=tvL`Z51%6?#W#Apm}*NAVrhwQucD%y!Tc{|Z|DoGrkAClGF5>tqok9P6wx|A zYZi>tlFe}A_xVVr%B^-C7-F^4l7MjQcUFI;s+^GY^7}+tc=TYh6&!tzgy5*L`wrF< zdb6dB@Oq6?2c@d5!4ABT*_3Lijy(11oV!7q?HsnqvHL_saiGmld5&tSMjQW2T}}V1 z#s90|*i_RFm;V&2^FKO|^)ub|Y|$1F4~b@ijGKJe_)@+6|EgZ&e|zOW)sNq|@ce&0 zBhZL}_>x$>ip%J4QVGeq_A`p#u1&E$jgQ zzj6ij)%j76q}Hu7_NdH(%Sz!KLH+Z3EsPgYc_ohihlx%#Mgs^lhBdTBnN*$&7%}yf zwF~NEtG$2T{o3dGpnOJh?n)uqCJ~Z*`4*LE44AVli-}k|$6V$me{8&j+R}*yy`Xa^ z-GCs<`@rwP6QyJ-y)=5@j>+x)`X}GRPK~HL-eq;0XzG&Np?As$W9bhC!YT~Ajk3Zj zF!i%Hj}3=bULzPRH+&d1G9Ia%C))`G6H&n9Vo_$UUQI{29mHXST49f@?_;)*IS>7-yA#m2ETQRnCw8-+pogQswr{g)3c+_}sCa+f1ZIf*thVk|6F%y~dy z+GrIbe86|Wya#DKC4v}aF0rR=ObCempgPdmtF$y1x2He&x%XjQEfJGo{%cR!E0F0IIQxwvrhL_|L(Pg;Tatu;x zkFQPW9GLw}VR{wzt+~!DCda$siHHCZ@BQxWJd_bgPSUGCR8Q9HmAJVq;6{2kzt)Dd z#2e_oCwSBYW!9bBIoxz6(Ur>mKy>)|K?K}QM5X?b1>pv`*f?1KU!sl;y_J}~5!WwL zjS&kl>G(P*M(o@UR{AF)|5T7Sx+pUo@o2+w=6}=f>v-;5WRbsgLHW3?xFrI<%r z$GPeb*#1lbKgORfu{54Ey<6YzZpVSHN}INn>yi*S{E*fI8yGI#9pxjc!LJP+9&Z2! z!2Nlkl|p|hF4YXi$KVs3<4H`?%4!K44x>T;s0VntHzRzzeq`u*bM1Wl=rK5YNr!Bn z?^cHSe5g;6u`AO%nPupL;f%n3a*bw-`J67An~eF_dVNS_;P*^!FoY!#<2{LGz`&)a zV=x34?VWnPFwL+w6^{3hTfoP{ z={UpZvjFfK3gY*2tnhie*7EhzJwUt9<9;ZEfw10ODp3l7~Tg`w^VA2e~XY4WO zfU9iO{mxyJ5sC}Z$uIqoKIg!KzlFP-A@ovjzw^gqSp$BDU%c}@H_ai7?&oL@?LO3& zNqqfDCuMTYbmG`U+tR}1)vj*|&S&Xd6zHPInpJ;8rg&u6A?tPX+=yNFDXTZwVOBxX zGeJ(`A=f20)cRIteD^Cj@c0hwaYpiQl|OFrBxI0pFv;ltDSHagw-~$%sw9e>D8TaG zUV&9e-PY6OG}Dl-YPjO;^3ba}#TC&hcn)3UcoqNGVBB@U`DW#fs)os@L8Z@S`!<2q zbg!KfpZos3dYi!>f{Ury#xA2nC2c<+ix;)QPK#&Awws_~Uy8{F7~G6p@tWhhW4|1- zmAoL-!E57M<}e^39IT>))aUz{=z)1%U{`;BMSQGS<5WOhyMwoW@ubH+)m~*hX<|0g z*uMlD>CcU4471B}y=uTmWVmC49aG}BN9phlBvQwUP18?U?-?uAjRQp8U&zd#0k9x$gSowrV&LNY491!EJ4A*%wfRp2}F) z(yi1rsvol2h?&P}ucTF*DA!wJjG7%eBKcsbRF1E?4Doeob zYIYxS@O=U%P^)wDjH^s_I@B9{!01BP3To5@p9-2vQrV(j@uHp`%V+IbM*bTs1kR`~ zRJB(JW}JFTd7=h}zMz~I{F{+oS(9)s8nW|RvOT^2dpmS^PBYa`RE&@ZOtMD#L zzAnuLc1UWp`U*ssn_*pz+3ptDIJIdwVsvmojF&W4IQA4h7~XxGw&f^+#8==yA2e83 z?<@m0P!jC=;N`bAacyw8y#^Q3l^uR8bQu=@XM8BBK%uP6>Q~DQ879YN)$tD@1SxIZ zS_-xRduv@5JI6Ug{_KZ=&U3dR_!`0h+1%`)B%>c8>-pVb_=Ws%ru$RTmBmK>XC>Q# zyvG5*qRL51WqE_9f^k}4*68F`;d3+SPYxe7iNUQf**d8gdK`smp$ajoyJ=D)dyaNwd+Z&eY@pdfTt9 z=qsK#Ngn#Z%I;#*@7-9|?RCUg3Hsu@XS3Jrk@!pOJFuN@FYAu~>{sfq1$XJJ?SnOC z<>;<)(J#eHC_XEy#g^uYc3+0qmv>(SUXR+7L5LQX>ugC6l)ji62Au>^d2y_wu#KKg zOTxnAFTXCZe~XkEQSR}GR}(Qhd8fx)_ztqVh~HP|bhvd3A$Y7MaDufsz*5Ugt_Gzw zcSVHi$82=n^REjf&mXYC}Cn^k4#K%C4tCf=%(n<^i& zFE1I!Z?3gVuDwIcXYPZ%I$dPBjn@-FC4wAmE`^fP>`huKb`U6CTb)(zZxZx(i3~gCJP!W^%)lK=PtH>< zj0zXwcRRl2Jo_M5s(&U7F7FT0(v3?|@mj}r*Gcr4#Fi-4r+6IRg+)gI>jF@us zYwY3TM6R)JpR(gIK|c0|>{Xe+2T?>in$#<}%RV%wlzvq(b=S`MdXmV|j2pkWjCQjM zwCMdr=}WQEU%`#4yLCWd+$eV@QE;OX&i!pzaF>o;FVJP; zkb_f>wTP3USl^^CWtM`yBh@7L$8sT-ihxT7)qT}%coWnQ^4qXofAb!lF%1R4$`{!sjiIBLU!w>v6WH~@UCHHHt@C~LUy48d62Be&FUGg%Q=nMRS8 zsfzaoz3T!x9Sq1*90s3NR0p#`76;SEsT9vbU}bG?V#s3-GtU-GgKz#ljJ&90bEL&2 zM%Yzx63A-H#E83pdQw)!BEB1NFz4(8puP^(yPTp2KK*+6#;2`WY*1Q5MyNA>qFN_k*@C-o zecvrQ;5z5JAcYov@~htQP;?hi5*AwLKjtJ6mDsud6KEugEXThu+2|p|Eeb>O+k@(s z8I0X5<__RS+R|t2-4~qz^AecA)@MGz^c9`>3Xe&vI!h+0uv##@NW}d^cB~eCtQs9? zr4bzpvpN}7rb_^-(#?(N1m>-Yu8)GKBq3U^6bd2lG%bEJi!GQiCkeuS7bd(qzbxXl zfX(*ZZ>-hg?%?*gmy&BD(`soM%kH1El?7M`UltI}mmLk49UI2a|KMTr-PHDQEXv1e zzXdFy&FA?6$CNeRRJz1-WS06sjWXLKW-7pk*ll75Eb-cL;xYK55zWZ^Ty$B82ZhSy zsW=NdvCa=ofoZtF7jy-t z)F8m)yX}`KPee)DsSqy;&zCo>L7l87<^4WaavK`c8}CJldXIYv4qs`Bm*?F5JTUK!JorgB-N472Ru9VGQxDZ$b_=f>euJ`@d4s85M@_}}>xNic z_8HagbRt4O7e8t1q?kBh_m|-3Wj& zU1=QFdWe~pD#|HYI}TnpUTF2(IV8-GC?VN*w4k_pT~;q^7DpHuMK&r^Y2=DH6}d&> z3$|xCE!<${J?F&vxJNlJFrlRgPs@_3) zZO-w{_6{ve{R~9n$0u+Ep%7fzJQ)U^&;II>!V1emvwq0^M<{n|!P5nJJ_0$%~{# zc-Y_8Y=SlP^gFY9{gqmIzZu5etLIWmysnQ)G)FNQ5S?MGpk<6Jj~N ztXZdlT--AmdHc#@n{C#rDX{)#kj6?qsSJoNoS`|X3y8j%ZQhMkOjp7e+(|A*i`9ch zj9NCYz?PxZF2`xw?^TB7%ZDUbF5PcEKOJ`^@tzNCcQZ6o^*}k+(O4KJS6>+3jq}tL zW%b3MZ~f;xCYdJTD|@6*ga$M(4F`2>&I|`%++QQJ^Z3e+C=sQuoHl&rpvbw^>X2yj z9GM80b?*1@XVk7Y5l{1;`;5W37=YB^IbO zw<%I*n9IHX2A0SCU92wnORMS_{>Z9oeqwPdJ`gUTe)L16MNKXY(S8+$R7i|MJSsvd ziaxap`xnhmCPgu*X-4xt-k=N!mXIzQn-N5cUXoaU)zB!Dd_v~La6rLmQ_^46q6%gt zZ1u>09wr)1vVJit05G+kB#>PD%NPjmAV)|Uzy7U-Do~3 zo-1IZ52_^0gHE-eT`AbLSg)4g7hx=a>N_}LkG?rG4vg{-d*`2kbotnHiL^686#TuC zx^P^Qd6q+s8ZI1e5tuHJ{iDmn12W9hvRSHO@;lNAe7DFA3?OYO-_s~4BexYgvaGK& zKyV3Wt)fep>tJRo&IwS$iv#=4AgyX=ba)sxJzm%tpcMCW^(^tZ)ZOQgGK#J8-Z!oj zaMK?}Q!gl4EJ1gpZS&I#2nIvx^(+W5ifC=}tk-Nt>_rf8c}zpm_HEipLU45Oq{Es; zMd?_Cqes3Ee89X^JlO7#-|sZZgp^htLyB4M!SUYGSK^ZJx)B^~S5{MM(LKd+*-`1MtqR}3Ku1eqEp$;xbq*C|7L{$}{_AJu-N@cawaf*072@<5Tp>2BzAy|w& z3zHqFG;okr>WhS0epULO;3y0aa`ZLMP1}|Hbx=l&EC9Kij<>OV3?3YsbeA51PXMFw zGlowHBY_{;)|ii-`HEsM3=FBKQlAD4DM59LqFs3f^yPNT}ASq>Dj(g%9$ zGbZ*A*07o6Q*w#!!iiQt?>-ipOfG^;PR6NsZT7A&(6bSY&sYF+&c8KeBjn3}-bltM zA^o`DwSj^dmP)A|QEhE1wkhTsbQD9&bY+Ujd>EPEwvj`Gjr5&S_DqWAKV5PH7UHoM zW@dv;SBkjFw(4hIChqfNGAP9dj1P9~jJd2lB&pz|*xs zgI>By^8uf8$f1eqYJd3LA3>@{-4IFn{9zLX-4Xcv`q8$q4U{ zn93*K@K-P{$A947#NOTyh`VJym}T9IXEXTub~2ng=DBGP9hY9O^v~aK^S9mp*ub-) zp97+;vNJVGuzy^8@;L-Nr@C(Onr>sI{3K3hZ0VGwdJ8=BoMC4jJPHf=7L0k2jYSa7 zFu})g5<)V7YL_P1#(I^F#hgi;iRUpFsl*8@09w^WPDc18*Ys@#YV$7NiQQQX*<%h4 z2Ok9l<-e;aN*>BV2#qK0TR(FLxX=^utL;z>>KEEU3YJ~PFHi?hC9$m0O8(88?>|ak zzmg=RvJ?aT%&*3%(9OL%`shj;yCxdjlwHJRZ$l)vQpt%!5=HnONEoDh;N&p_U00;G zly9I5%R)~m{^PIhCU!nK-#94bL)I@A;DGoKYMmOwBmGB|<|W@K0vDn@?+q+dSsS$c%4w~~ zNs&cgk76g-O{F%dakrHI5>@_z7NyO($ITP|N|Jr$N~wL_vg@h~kvXdH0+{5pndKjF zf9X{Pb6-pUeiLvO3;ZZug?Ie+ zDs7AMq7!wyd{8o1;X`rG><^u$7~O(!^(`f-Dnd2o3W?+<>0J@y30&91;k)`(S`YfjP*_-6a`Cq{mW`nf#${orAL>(8T8+nD@6U+3n0 z)MMSzGJ7^SwiyZGiBkJg>K^pAm+vNsypul>+v22gLznr)i5@ph3Ytt4o2vvt?JC6x zqieGyBbuH}9lbS#?X=tGr7K+-5}?1|td^4rKhlIVuAGlgU;;L`D6}k$dF)uSx&e$? z%oKzofAz@_)`#c+K)}q^ak#4W$7GoVPc49*yau0urSdG&I*eeY{m8tUU#H4kiOhXhNcn#3Drq+(a#;%TP%fbIP$uS8+m)7@6DnWpL4Iu~<1u=vWi|ts77%x^w z@BsN8Xs3X1(h*$Z7~-BZ&Olz%9cbp1NYZIriWuV0-<*N6FkceoUlLtk88Shffj;&- z&^O)Tq{Prz61`*;G5(IS_*`rOoS=v-j^Mf$JJ5h8${&=gl5o<0T4)kuBhx4nL|ULi zI_NjueNc|`Ig7vVpG4d4@6=1WTuT)0e}=A1dYZPRXtAclUuBzjG=*Z@>(84moZ7q7 z>Y`MK)+!J;bpsDv2PzUYD&d!8DCa>^;8Q|xZS3Ag{~ z?Jx$8{8XC}dRs=_zJK$I&G`lAh5qBO%dA@Sqoq|zh3(}GD!Q{s#&_1$PS^uT%*=H{ z+dzbvw6v-Dqv|#9MlJ$9SMON%$AU8ZOR2}5s7V)Zg_NF*lZR}&X^w?+J{(fkrSlEE z#YFt0rY;cvQ6u9q@kIP`-KvHuN}edRNc$}S{}(=X;(3M%*tWi1`>QF`?CL`Cpn{uZ zl+~vw*!HGvIbQ=<3r_mv2&FAa*p~5+kLcSgIrVgTS7OSWbwU&rub#FGo6(FwPwjY@ z)g#iI^`bKUJ2~UAVyCw(7&X4aCNveM4YFj(IC+MYJ>{^HK;PX0ztq@q?Aoq|GGrG9fuA%dgr zefh+8bDaEa|>uW2QV zC{eM?!iFG;+TftO+J(3r z0%E;~ND~y9F@L%;NCOpnbC5`K9@Mg}j~beL+wgnx@@}K0{4-DbxhL=bplqjAL{RW& z=7+0So{OQ;Tdqb@^vC3fD`^4UW^{2C^ta5-Ba6A<%A=b%tS_UR!ffedn@O(x$WKPj8+#=lcLM|EGQH`o&j{(T~#$M29*-MqC(f%U~x!he3BIX4+-J5 z1*Z9sC;H4N&55#gqRFylRW!eqbsiJKbGuBX>G8?Y0#*|XVkNOBMTP+lsYwlw7a7V; z7|;_6HvJ#k6-$QJ&U#j>s%&}O1^Us#X;YmVyG27b+FE94aSRf#f?v{fcWm5TCA<*(zP?D*JE ziSbQE_B~HPk`&wn3m`@Gu*tHpN^Pv>Y#>hWoA-%$*_qU)SW{v^ zq=N+l^07Qa^+8sM?meD?(QR+|Bp#}~|K|G7@;@QriRCSZH%!XW#W@8z{EYNJxe?q~ z&+q5Tj=0X1c-3?*RA5r)0uF{HausSgePa)+P`Ta-qHp=P=N_N7L!3I9l7IgEwqH_0 zJ3QY&Bf+0J77qaCmI{)5L`kGZ?VK=F)rTVPct)=m?ER(GXf0=}w|O1W0ISu~hPXg! zo=tt`^07r)e`cZ)Y;Nj*g2NZh^N0O)fhPsGpbdmdMRznk4?#}F8t+=fb9@^b&A)k1 zXSqxS5xWkOB=IU5izKxKqu3Y&I)wN>^D)6E^^#RNvUtg(CsJkNfiAy`mN@cW zKiKlbb}WnrD5i#H)^k3*vL>!4_zWb zh9(8{)QJtT*W6oCTCrkLRZxp=!j~wm>pdDow9t>-nc8o5{FnZIZ=eiU0QxB4>H{_n%f83jbay z8i>VZV}w`(eg?I&ghOqYNh`7vFJ0G{n+E#>EogiUt>E|YfyN8Y(G}X$Qq_KZ-T|@? ztcPB!4SA9FG8v^)d_CP?xYq;{5f2kbRuNNa5Vq2UtOKSP{ zq7LXOE%+UbxFn2KCRXP0?55f`TUGr0Vocw9gN2>a*LQgmu4%=4Kbs%oJPn#Q(hkx9 zo!5raW?ryl)ivGP>2msUNCS_sQ8o6D8 zh~+l&k{L3HhwhHp-Y#=ey2%ypp(!wK>1JN1*r{r!p+ld>WZPf@GQ0quQTCfdp?VZI zd}4yS0)g*V%%P0Z1q6G@MiQgyDffSYHHqcw76k!a4;$!YTe0T&FEde#R!5Gl3|zMcbWN zA0iV^pE^fT3u`-7iNfh#_xHaK%Vk_)x*U@0T(ZYsTSY>~NP#pZWZoVnj85vfbdB&j zqWR1^GS#{{>g9e9EL-z8_(cc`C;`SPD1gcCTQ&p@sP5lA$ky^v)SuQ%4FBFKT!^J* zk%f2zTmnZ};vqoFwJRr>=z!`y@>0v7xUXTr^7PIdYB-v0_lCnq+xG4L4MKVWElWmw zI`oGxy<@)k1N^D=Dob63{q#!dG<{n~oIB#rzDrXO1Tazz2SLt951s)nSRJw{i%mDj z&0F>u6f*XZOsTGgy{OYF+Wmt=s%E4KC$d;igSsr*tWcinsg~A`I)IaXD@}p(W{r(t zSh&YiB#AXW&shZhg?fK7gvyFO6hR4k%^@sdv2q13B?PT~3;7pgF_@+;f2m=x&az#Y z@X`AGAN87&1sbq6a)4o0_Qr|Yur)Hv1_acl}3QlmDGUu1H- zXBk&76lssmBZj!3O?V=5tq1wz6n)FVW1uq5aQ&qK6gle^5vb>=xwwK3i~ATlVU}VJ zSzOY$603VX(6R!`$LI{SiH!CtWEAil+bRs<&^{6^?JZH9zCwG>P#ZyJ$N4?kXN3V!Pvu=GoCOhtHjM&QF6{x0wl^;36EJVSHB6fD z=1p)E*VS;>_V|(GorH!->Fym1Rzd?BCy~-*JUBRU?CVRLiSjZad!e1y#xlkJ7WkRf zkx4%B&g$Uwqu(t7I}LFJEC-nz%Z=wAUKZ1zM`9*waz@rthZ~RTm$2|b0Zz`>7Q)J8 z_uFHY;sGPD}&+1qSibL_CLXDy~evVMF1@Scb?r#_~k#cj2 zU431rzOz*)sMbl7d?1SbinnqUVL;j{PTCpszj{kU?tO6dc}uymDTp7p+*2h{J)o(V1Mm;W;EF@u1laA8=0PUK^mFoVvhkl1K~JO)nx{cbn> z*W~IPC8w9nsMQQBFIQ^YX>*~FCSSV5Xe4VM<0*(zzM+8Ym1p>KtVByh>ep|=u{WdE z$YMXbX(`Yg*<QvD>6^hW~*1bULJV%(r;kMh-F&@3}jg(7Y0&=@}U0vfHp{kS~Lu0;sQ(s9Z`+;`y zYf**Kv_DnDI_{f&Td|_sW6Gix64?_xd7nYl(6gDEx_NS0IuJWqb8Y0kKX|rq56N+M z-yDw`BW>oNBH|^qY9OK!o%YFC+EkjfEIWEd}^4_e;_VK zR>uDq#C5K>7DLCS{y!kD!ciE5ffQ}hER_wYYyUq*IWXkwY$he0H0myCF0Ons6;7 z-BJ&`L_9d!3VIj3>xj%N#43I=wj^BTEoeL2I?QjBJbaD=#X0%`@4GwAa~kx;Lvw2~ z>(k7uID(vq^i7z_x0up*`b=Nr{fo8K^LZ*Ka%(NF>s#gKuX4+%A3KA!Md|3)E+|yR zojiT(o?DqqvA2suJv6w&)gBEq>q`X7i`t8uQTLr(hYz`$Q%dF4(Mrwq>SFh&UNPP) zk1=*6V@uw^s)+Cg#B^D64cbS#HJ+rXvo}M!b^jkrmYfEvAZa2ii~}+blJ1vv_fEo=uQCx^okPNk8#Yn((mh?)d{- zX}t70hTUL?3h2U3F++9&dwEwzWcNbYI^lF)$Yv6N=66BPtxzOM{_3VgM5r<*EN6p5 zXlOT;NKN`8d@VSi(-uAnV_`$PH)9HOh!kVIa4;P(JLLkpbqGOG^EJ5e za6xHcgj&JF_RFcX0IpE`pg;yW^>F}srP#wW!ByuI9PG`CR@U8uY+v8mzuIlo+Q>H9q? z!9Hcoec|(7Y79P4ULWoq{BECLmr@Nr-+O@1-Aml3bMC(W>fQFaaSwE*cs{qB&;7aHN&=2} zIv-cpZdS*Cc13+;C*6w-2;5&LG=pr}8@zPXM79smsk~ghNb*o{{gB$;A`#nlG9!a8 zM^CBd`BzQTI-a$_bucyk*v7&e$y2rZ*vhg=l%PL>aIq)Ed65;NdDHp9lN&rYhU3#z`1*$MzSoEdU03H)mxXX>C!^lX@q2UJ-|vUFZbU z-VPw4m(MZ+8DBCwwG3gazG=Seq9aZUj&&G61oRQX5O$}ey`N#&s%!FZEu6VG{*I=p z>AyJC>oZ@u_s0I9G8}qBr_K%AcURkfAP^VCQ-1BJB8TmNI4u0PD18Re`vgE8YY2C& zRj5t&XuuPoBR}+@L#!E&d~21%_h0XE0Bgzl)(`e~h@z?CTL)ZjZu%ZO#R-^;W+jIp zCkQ{>vY(C0)rbE5HA3tTWZ{SMYnlBw3{`eVu(!IYkbZ=#_0Et!gn#zvOI`jVv3Rfy z#JB&@8T7v)83+A?n&17&f$j$gnvbDtj<%9h7{Tm71(P=6!3y*;nXtn92^u0=Yn~_J zR;uTFfbg)G4g7;pHQx;BgBy|Hcd%snt78~%iQVZRboR~0-j6RrOJo6wI2?TOgPN|L zyv%Ypu^M(u|7mgvD|+Yo4>@~f{D$*JwCi*=f^;Gv{}pkiu5fAowptlkFKt0& z=zVeaMdt^r<^jAgVJrWQI>-)l0Qp6eMTn0`hj6SY^=)y8I#bfnzv+5Hq)~WSnvN#> zdoY0=YdK}Y+{r_tBqJd}{H9N|rLVcSPd^LSP*^Qu%&ji{V%{9fI(G(b#dN|%-O0sX zh%=0xfVw|J@r&nJxZD#pZk}^4UG>8hju|l#7>PkHk&9%}N|2q~(_=Q7I552_7L9Yv z%ohnsDvFA}K$c{m7IB(P_`J*2*`j2K*_6cHlssk3hj~Lo(uV=Ctu!nO7do=sm%?fg z7mK?Qhq~hnXO=pXQ89tiwUfxkmx1n=0VJePBP~_^j#|(2n(#5Wiz63pOXBLgk4OTJ zOAhDtJ0*OM%ai0A2LKb($&}1LU~RT96M7YUE`A#X67j(_*PqRtW2-WQIX5m+R2&I= zFEqNqfuD|yz7D{Efc|Z211B4tTFJ~9e;f4vuo)>$EP@0rXQ+XI-8eC$0tV~5R~)%U2ptczm!_vdS$)ir-PGub0#+Qi(~z7DdPjX^zozNmVcBMqR%x2!upp3V!aYwvu2 z+sGdNUfs@$+>%G)aH%i%7TZrO%@?y(&X}#W!I@#bCdU9-^u$=PFy_BjUwIG+ioND- zZ?H|YC5o-WaMOsa-IiGv7(+?tSfOs%?`HYH+>WzBf*NXxI4kUZQ$jS6(Ri3;L@HMq zvx>MF*^0fbO%EKxCT8NIzF8yA`XzmZj&XBaJi$p7f6S(4wV6GXT4%{Hy(`?um!%=# ziJLY0EfWGKM|Vb8)N`Hb?+-*{|2JL_6{F3^;3?$NfIUw;wg46&l)^ zt+_-D($Jqt2KZJGzr)MI8t>|QWo-CM)4lIlyUB)yZf&+5Nscx9UMVSIQWCH^RnlJGGr`J zk)J{nup{|#ql<#BVm`3nY6<7lGNDy>{E(^qF)4l@nLSSgH+;^fMoQnUc>thGPvkN!&2!B9JaJG9d~w$))@!CFNm%H-jy{-x+)km{cizLfHmqUTdA za}{os8PqzVJX5@i9lKMV${oP8u9^gy;JOBzu_0j1Z&hwWvuXB_nFVQaXHfs(^aqpHndKu9Mw0xN-Llg-Xy$eD(iB)^`U|{k@NOUpFJ0 zY?&1)>n@{=R2pcYL@0$wDnv%Oq=hmPN0L;UR#f)N3|UPXl@!W|A`EVdw_4M zZ#=;IXHICt^$+)ULgU#yt8I(NX1Eyd?$C+$CE zR*esyDvEuwSpS4_te~L2u(9P+6N_aM?-ne59=oQ_>}%1rk5^7nmiPTQ$0T1LkZIhs zlMv3Ihu%H6UX_DFR%YuIlw%eIu&t!yF`0$e$dO? zXIq@Ia!osf?;PZFlG5oYcieH^EqAQ*e#^A{=!FK&3%McTU+ugsMLuVgI~u0;j~#sQ zjrV)5yZO|*L+0DpoX#1q9%E;GWA0RO9jH1ooS^nbSj#h)Wc*~Cm!fsUQOP*`YhJ$f zw7HjO;ZMp5WB6{&Tu7u}(JXv#h$BA?yl`uoOFvaku2a8R_t@zuG z7j5cT&G5M1+_|B836F}$l0)3D*k$)9nLHKPzNX=ViXXY{?${sAs0E)JeFK=44tx9s z<{2D+^<&ws(MxI$?t$~XOB`}}5?-9UP_v0T5-KjBbXkb&=hX-@Z!+p6XpK(Ki+S**K@k; zE4eKGx#CxH>&YQ`1+4DFBJPDP$=Q0$sx9~1FXcoy3riXuI%pmfbi7;3!hC0fiK$f- z*Y9mU5o>JK9=-08x^%x{Dg9A0J$0Wf+l2Ps$0}{NH8pt~Ig@>P7RJA;5Ffn0jkC#n zjrVmq0r)lhA@f!d^;@15Lf3|;h#K8Q!}0O5RbJ})8qZ0Tpjl=b^GYxt+${tyvynY zZ*VrBO?aJyqxm_pH{ZmYbIvDrHokiLF_@W=yotM`R@u^R)8=_^J|w0jIt6WcG8JM} zQA4M=O!VXhkK2?_soKwo-haz&^))>&BDU3g)6}I=*UgKvZuxw8>6{TA<^L{X=gf?V z=Ze11qhJ2q6xlM!xz3>MM=f@nHl|vp(S5V%wqf3MxVK8zdEUSV^>habz9ap|gRWf9 zK}^b+UYYcBku6U)98_{WVGGjQJJ8)Ntkkrr()H>S(ey0$A9`h54DGrH zj|YYBE39}kF>SoG!?ydPUfIp%%MXMZ{+Pb^{N&4<_m$b5H(tvwSGEaSYPqJO)D$%& zzY`L$Tt7GjH;ZZkwuwj!wg^cM*~y70N$eXxjJc+Q@po+FbU##U`aU zsw4knm*z}+KPlw+SH4P~?P3{>fcdsFHo(%d?^(yJ}hq$eepi7v3lf**~zMJ-W2QJ1+#NI6(^^wNma zr+&5M8I)90X{-qeIWoCL# zmDazxzb`H6@X5~?!lhQ8Iw$$4joO#G%P8snKnSz+QIk_s-GWE$)V_}iyAEAC`pwda z{@~2-N8eI9{M**1bD35w-sfsBxj}G({KC6Qd1<-Vm812s_JLQ98p~|6>r1Lowi4kq z*zT|{FyOenS)SOY#pk|l^x4*!>a<>Jlhpar=(mYi6xp=apBZ~EZe*Tt^r7_wNjodD z)Qr{6t;P?SmRia7Lr01o_E%71v-K#49g7@n8$?~dX?0Lz=jZw0 z=z;&^?x@uIlCL#U6a0tod;We`8`bX|C7b*KL>*;^I?NMwb^*|#`njO`SLbg zW7MGe$0Q6^GFJq71(LaIqxfD#^SqHTz@8f^e3P5!>OV9_54Nj`YI+wg8?w75s@(Bc zhu4{TcC}GWcGXeAYCRk5Uym+sX_ypjbDCb(wqu$TFuEnwMEUlQE|%dRT|Do{zAo?S zjf@=U!OWgoW-G_BM_n0{9_P4!4i7I6O5JKE^lcRQz5QR7QhkGH=v8PIE&Q8FxHJ3~UPBr5P92WslQa9aczbyPh1>S8|;$w-yj) z6ppC6PKz>vA|%U<&imY`S!I1)m|;FLVgDju_Il0Cl{+5HT`%&P8m`3;`i(#79@#UT z5h~q9x#7Jo>0#_jHH8O@q8SHsEg!hp-K|yGrF8pw?-T2X<&H%XP74ZhI%??kN|^s8Bknc=kbxk`_Qd~6KTj(EyzEQuJd zN-vMLl;n5g-TrJV$1k#Bz$2V!5|8YoGIz?zn+p_)kyF(X9 z9X>^8_RHnWdvQeRXYt4Ssrr*Y5_b%&y6hD{a)DW-eA(;O=!IJyjwceHn&^L(nRJd4ejkO*@eA_BPQ6Fe3#t^QmUHZ;Muvv37ZXzttJ6N^#1(HZx%&dA|E6Pazl5c3 zFNzs6{O&U9_2dTIYOcM)Ywv|FU$T^zxW3-SE9AwiLFV$$c@)J|_S&|Xic~Yjmn-`X zm;1JyzsN94cro>!&HPWO^OG&6y@@{@N8~QS-*a$GIh$5@k@vS!tXAsDbBpU1UN(!> z)yz}8wm<&r!sb^T<}T8a*spTsRSn`58EcXs^^~m)a+c$4hlmL8&h2~>Z^IT3X%+w-vOkmu*~Wli2Uy1mPO z1bTg1S)V^Pxm2M}c#~C?VA0O4wOJ2ucHmgyO zTyB4nac@L<(G9Mv(=XrZ+N0y&13a~U^pfIqn3mPNv5!cW?aTuYLN%>Q8ce@5nVpIn zcReC=Kdr=Xp87;Dsp#Bt-CL$v*SS(g_rY*OiC=l+tq#Tp@{<9XFF-l_(Dw zy7#OR`Lbf09`k~Kr140hT1?-2(uEr<{h~>U&MqJ4?UzZ7QS~h``?S$Mr8iD;#XQ>A zmsadn6P_Fg+0+|Wt;&{5nYUMN3)}wT@s9^m{KqCg2HE?s`*~65u~)>Rx`iz=7*8Fy zeze<TWo<{FGKKOljyKyBwE#gaq$J37%4U+ec{(cd<=ohnn-ZZ6_0lO7}kRmVQ+! z#5z`L#r+zs_`T0Hd?QTHX3N<~_H57H6np!Pzr@6YIGXa_#MC!3SWVdD~)SIGJXUhMs5I{xWyQkwluwcNu@>V-6%yoV6N%OQ}&9*IfQd-&Dn{&iZl3q0z ziwpBuDYQJNoNZhEOGh$PJ@~VSR48-a_{aRZ1Ek7g-sESxRywVVUQ;%|Wqakozwc;D zPABCfiFsB=o%(Tois)EX=vk7HZ`HG93AfaFvw7EOb=fS5sxw)l_s+DG!*=_=Z+i0K zU$%HAISzSGtiP4Ap{zMMHHD+_U%^MzsA(y=@OC+#`Hf z4dvcGSiidc*IRWVkwuBh$E$9clD@QxF4)t4{GrjeOUJsd-14{0y7Xq+G1V+L)yvFAd)>7A->PJE(FsxssEeU*E<0q-hvc{q^X9=3%8X%+FW zEmT5>s%33=vG3k0o7Pe4U9wQv(CAi#z}}CpZ^Ad1tuQ>A6~v6Gl>X+PKW?^Y__vGV zDxXWv&yyc~(s-~i`hnA`tv>S34dKbVjhf;O8sBbcn$g|&&BAlIPc+sb*2knvu~zA8 ze2<=9YUd->Rpx$Qoma@(X4mX6=JUAMF=FNnF0;g|VqzxC8$&v4VXpSNknt4w~1G5ut>cz2$$=#qJJx2D^wG7`P_#%5Ao0U7IkT&D|%$jMBb)&1&>{z$T*|~M%ARS-!DZD z+f+qIbIo;H#9ZFVQng7|?>11i*~J6CJV_UcmGe5*)c8xv)>U7D_I*V0 z(m>-^$IluZaaAsbIV#K}z2i9>kA1abvz&GjaTvW}UEbKOsHZXQ`Aq!di7npSB;e+)oqdI z5+Vm1&(1udnqAze=~fl%II#Z3Cd-%#i=3;Aqlb>=ohkfzsnoMm|NdqSSGNWI7yj!cpGQ0p0gUq1R)yg}F1U6H>JSTu|~STs%Zc(d2we&wpy+%>mVG3%1AIhCs-R+l7oTqx|2OnUb**KPNS2m@O; zp8Afq7j*MUx6Z|fmS0bk`_!>jj7cl>iIJ)OX>%#df|qmV#~;Ry=+2axz6o_E@3~Lb z5A*!r-JH3yiEFuY!I{RxJMSNtI`b+pI(?_Yp97a~rwlHM-*d}l&%OAf)Xpqx&pT(1 z4^c(m2ep4Ul3wiaV|@4VS2An;`-Gpru-*9SW)wv+ZqRqL-tLUMJ;jGr-^BVFSq{1U z>08C%r@m zhXq$xbPr{hOvkO>lk~QEr9j!QEfY@ z$E?<3`*nHIu{wEwx6WXb`%Z@z{PH@+tl{E2%wGHZs+{vVUt8`zceY(?d;Dq_aLM?* zsP5;w-?D4B&6~3sPCsw%{k`bd%@Nfp{(PAtJ$duT`qve-q7J+qKDUtSuI@8XI+nH8 zbE!|XySIJ*WhsjI{vEw}{a#f~qe7st>PPk;luHZo_kE{^*SVVKGo+uWjNx`@l)>3z96C9r90f*pL8@#=Y||w zrWLiKIwSJoro!aT?n4;|thlEKUY)s?S9EP$#fIJa&$H99yP_9$oVi9)9qC;A=V6rP z+8CY28CbI7WH8FlM;Df`7!#9PO*!BTa>c)!BFLG%L|D<8*)!uq-NsZX;#V@Nrn|#Xtc9}odmuc2?%|Z6S zpFXx>v7tTV1JAKNkDOb7d%|B;Am`bK?c2(9t^OUdh;GRoyb)+(VJ$0mdxLjcGdIc2 zqxL!dlYeb}&*eRqYf3YwvfobUbY|zgIBsI}t-tlifTgPUfd59B#-bt%yeX|NvvlZ6 zJ<4v#>62~$;yofR7Jk^TxNFT`wT6O>{^`C`*dFCC-)2I?eQs{tIq5Ji6G!UFi~95Z z=P{kbe>^uZnL+Q}M9l_&{oY_PxRuKGldLTIgnQ>&`x%|YpGWljuZHrw3VGa!baE_l zd-;VwYHOnImdD=ba?>5^+@p?b$tJpK`%ZGR?Y2xFSrdXf!aWXbi;t-`Hd7b=T@h;_ zQ}!!nju}SW(g2$V=6mC%6sz$l=lh4X zo*IaTS^bK<;hu0})qF>*C)2WGk;#*2^<{XfL!)c_=l@%Rr#goh6$l1i%}VHF>)b!O zrCj6vfC4}Fl91q;c}hiwavV>3|AZtdyy5 zquQ*1OA2>;hU8sd?~a#B9H?8;6J^+;?B_`nzy4C09M!@huXBIoLV@tAKrR!UpHuwWk3 zxYMwHr#K_!QB_=Gez3B`G_vsBIN#?Pqx1V##f3#!82@^+jYp}=Km2`{W8KuN+w&+(Y)5SVkZZmh|IE#rx4h>< z_Mt5EgcIDsc|7yn_PVCVtIm65m{%CTbDoGGvs#snVktQP997lEZ(f>xcUFAc>Tdn9 z9@B}HoWTwWN_jjtboT|DKN~r5fJ5xYN3ZloD|Q8U?blz7t5&)Q2D;vHJv|{LQM%~& zsnw%e)5&M|{9NfieQ)QYGJ(=zgOqI}CBb=bzrHr#apJ1S#B0$*#-tUSU${q|R9mVd z&UW82gc)HhWhHnZ{9{6$@eO9n&GOauM|d3$n}?l!a}ev_ypkHOc0NW*dbPxvAoh60 z%a=u_t0n~Y^0ZGaF%F5+c{U=TSlSS*z_ymB$A!&wb4Wl?TgZ;qPiF$xJq|nHD|24A zpC{m&SEi7`l<7bn=wvyAPaIOMFYV+jX&RsbFMI7W#{*1;by(+}*?cw)aG(3PX=^ z6pPtE^h|F`gIRRvrMBzM7MWa=6>&nhlU36=1rBX;x|NVrV6yy7bi#D}c1|7TOL056 zx}Wxu-sEtpGB*Ub<%H++Ja7{Ec46^Rv?F?9{E(}4wXM00BqeNABgl}6nsU;U^__B**=P9j&`N5`x8OtTVhA>+Kw|uUf!8(LYjI{Zc z&+(RWWU_Z8J=J(p_RUG;O7y8Ar-G0y?JfK0U>?I3T`I?y0Mt=q2gLbxOS!D(wO(6rD&4 zk9=alsiURN0&BK6voV)|OGV3+TD{*d@gcVU+2S4ACZg;yzb>T7xh|7Cd1rx$shg?t zyzra(^PXXAU)EMdi5;j=SbX5BVLbdom2T3A*EyY<<~)DVtvqW^zxtwgyv$L307PWJ=e0*GI|GsSCB?^5o{_V$m)0h;I@~i3k5zLk=5uPj4n(I&B z+*O{ge{k>1b-~s_<{jc2jDo&wE(*z+R=MDEEXKl!*Dwx)KWp$SzkHPycTAx;WM_dK-EZoT*$-%n||Oe}tyCqbzq z@uWt~-yv@ZaWq$;qYXpq=ogqUY-V@Mi{OzgYJ?D#=I_cRL$%HS2rKrL}oy z#yx^baf#Do>4Gs^mD=JYV}nPnt~1+HUG=s_q&91*NeV99wQQcHL$%aAjnvH)r(=nh zE!$4_JpE#4FMfhk`JlnP52gvGpF7(fR_myZR0VzBWgj0{$=@uLy;`1ju(tuLSit=t z@yyP!e9N5s-VRM`25W|$=F^9482ft8I$1G>ch$W6^3o~waAz6Mms>a5H&T51XPEtz zt*hGYyH!tK*i<0R;QRFUWagA;+(yZ3hZLU98&Rivh}un*@9-)q(<%NvFxq(eby>h< z!-f~5KZbrq$?|0xRQfk%Pdh|ul}X=8cN9upGA3T^{e66dT{bbV_A*n}*Jyqy$#1pv zk>4KE@%;KT-?~RW_eR={-M3o+zm&9MBQwn}Ve8;d#US^JVz~f;oBS8HZwOEij846N zaqOhy;cqv3!&T7=F&ni2}|iPMjsT6-+4&9il9<&1oyl)?GjwM&xR zGTTBkcAO3Q<+fp25a+vxMJ4Z|;?{mW`3-)^p7PvS_$PLo{`r?h-BxGx%<}h)J=h-k zk@;uF^GRTI<%3~UskgS8hZ3?MW+#Z9SzPU#AD0vQ<7+DaNy;X3A-Qbn*V@x-tGm@+ z$~OpRf4Y!Wb$#Re;oMJ`AC7ibWJhZzFB>%eY*@B)?Zgp@R}NbxS1=d4wtKFBK9a!9 zZOy5k7*e_>yXpSb3TK^?wx)+-WqaCJSzPzx&tsm1Ki!gOn|SnmsXArqN1f>1WkOd4 zeyx2$T4VO$#iBcFk9}}|t^e^t*J#f#1w(T&(ek|;=c)Ia33sj^KDlt;?S<*3=?kAF zEZqOSsnB-`WlHcnJ4J5yKIM&z8b;lQqWcs-2(JrR!&7MPThv5Xiyt_)pY-cs*_DWA zb$hfkTiWh1$6WVZWN(BQ+^u0}uT* z-kS_$hlXu^=z_KCu2?yJuFc=RTG7& zoibJ4VLWM7^33w%F-mInM1xL&$fm$m0%x~R>706dlx-j~knh?4@RjC4(#OY7Jhi7h zF@6!Bmr--{ggEtPIVH(x%k#TO)Hxy_s$bsHr(j0`t?qBG+Gj4tkq|JvV=Oaa zs5)}$x3S$To!13lKmYD$`q}Lpd35%9$b%zm$%1mb$x6S{oL{H%CPj2)hJ2UQE?epz zUg|%HJ<~5c{@U4aNKBglht0bO*E`gNRCXu$T$+d&vh$OlNlGew7oY5X(W&+LftH@g zh%av$?7z*!B4h@ityNktMZS9)&7fBQ+Z187&fPSx=nTq8*t;wlyKBtjRmv~FJ`(BN zai+6;bS7r6QuvVXGYhdEr6tYU)zNiwnj;;W&V|QTrJf(p7OVew-uv_FivGjlUO6V( zf=X}IU#=>=W-wWixII#6aA!rGUiV4)f|*dRc9Y4Vk`EC_Zfg#2{<<#4yx84U(*INu zW5lVXGEgCxXRC1a&-asBaXd`f82>8ygC2)|9XEQ}m}KD<_C)Bw=YMj$9pX-WE3u@e=jheJglh}+4~AYJyLZBLUQB!sH+{_~=YUTi=p=vVqIO*+ zEGdF|qmRc@-L_d`aOFcE-ql4T*FSryVSLFntFB{BN7*Y>rUY$1E*aK|=wtp|7f307 zY0$ZvviDEHMBkyW74dwp4WIs&?7X_COVPD?!(jATqp+<>N3=FAN;5yE(^&TQ%?jqH z(KzOYRr!qtg+oalNjK7t+*WQ`rB3m>IS;mP`1v+_@5{y8<&NDEKTxwaTD(_AM9aUA z%KjjE#ev9N=O526?Dy!n>Qt}0?_aB*pdQ9uK1r_=fvEP9XgunHe$qF zdMMPktZCx+Szo_*vdV#m6?KbMbA5K4<_@R}^C%nFJE$_G@b1H@*e%{A4;&XJ$68Eu zJfnr$#Wx}LD?he=RcTt{^G0u@Rz638c-wKc@IN+}|BxG2BV8`1!;VM2Je~F);zH+y zNSt|%X(V?xq>)3~ns*|bltw~&*(9U9fCr>xEKe<$beM#S3P^HDzz^d`m=7k2Gzv&O zXjv;sg!M^llC%&l%_s4rq&$)~BK4ESky1WMb-w9=!v~RFK1qp3OIcqZr+Z|dD;MgP zC(EPkd=dlQDJ1EjRbwPU9FZzwD30Q|;`gUqHyAnC7Skd)g8BRJb4|{k~JuFBvA^y{FRso@r+;#(O@xf(7lta zhVGOCnj!qF%43rJ!daOa|76xAWCl!H$hR1f`<9S|&^}*G1YIowuG&gTJJ7Tj;1n%| zuarhi4F#3~PVrJuWO^A%kz4bhl!!6_Le}AsSUD_I#UcI5N!!rXG5~*7PEy1)spxk( zNuGx`N5?2T5bzd1CM`oY3gm^zwHz2`uYh$2@lTEwpazXv5<9;5Tm@{S>|?N(4A2S6 znokzs*QDW!mebT^{Xl!4kwi%plu3lB7h^ zK)Y&Lq6?C=SX+`-0Wy552D-tc7#}j^#-v!L$zMrYj6PM8v;h()gV7kstO`~Ge;g>H z3IuMe1m^ZSfJtr>CG(@6H?S7$ga@fE0ok@x0V||2k{Z&h2HUxxiHWkt&Q#;J3Rp;* zC=V!OG);8r31D_#0$9G${<;Y}KPHU)s)4^%HNb{83K4|eA_gARuoT6?MQDOBY81l( z)~Qkh@BvR@+Flp1t#u^N^3=JMypUgmPM@*fY$=z|81$q>FPh%bm{? z;MBSn6j@jWpYG2m^NVU}5xUpbVEtfi2)OQ6OoXgKqoS|%xFm)^yW;L&eJJ91rk;Rr zcJBusb)JA`JnKmEtgT6^BPsIIHRmvfT2Eo}xP=NLQawo=4L<=E>KZ@=tEMo*7kLn` z1-6i^!Jr_?rzDm5MiL*1jB5ybO`nc_2{tFCsq&ov1$ZVCft8r@OV9J zb#5a`jzFV@-Zlce!}UOul7}gB&q0FZt8s5+P*HmmXwJSFkUhSOEn;nZR~J}dQ3I^= zXaV!UXSoSA5e!fe={Gn{VFR!VpY1@x|DQ(+iV*<)9C`}+xi$q%;6~4=ivR2Q*NQhI8M74fU~?6cyW0N+dSbx7C^_I0mbKSpwVqF z;M2Dz@QRjaBz45y4W8m&LKfi0b<9!~m57w+>obx7^8Ad+{Zkc%*a8+5g%uUFC}{cx zXbRHCLbUEBNetb64*IEm2@>|OKPn;n| zoHei)K6K<2tp1=4j!sOZyuv3Sg)E>@iSP@8XFrBWlK&Ex(cb_S8NiK%xG`1K`G&NF zUrT4M>Zq&@i8RI75u=@?h_XJC%#p!spj6Wii-{NWsb+C@^rsG4X?7fBf@zJZa`U4R1uuL6qEhaHl8OQQ14jW84%>K-O3A&K{Z z_u^a9F;vhFpTypgtdL9x=_|VMj%0>@cL1ty??`u%XcsVc_dRJDPUiW0(sJb61@Ltr zAas*BA)K^y!KQh4lU9NYje39{M!H~a$Qn$Ek3y&X+e12f&xx%-Wp7E=2=&4q3w!`L zk`D_7FFNuLcn)a*p79B8#=n(#5hBK~Lz$~ZIw1w$e+X!zZcc1DdfG`cMwj0M+sZw# zRe#tp4xD$h9xw+YUjKRzgg3v2xvcLb5kdH0B=8JIp|PAA^7`Xyhzic#fZ=Qps0BQ0 zF(Sh*k!UFJ6WEK}Q?QrvZcqc^JcYO*pFaUUg7bd~o`Sjy!TgHwd54d90syliQ|LPA zX)j3z9q$1OlfAHC?|VRYk3NzaSwlw~Rrf)LB6fSSkG0$OD6AhC`6UMF=lCbUHvco& zOu#2t@Aw($62Re~S-=)3tQT05`T~2#pdlmpiTZnCQNS0#v9%9K{rEz%0AY*=NO>rr zAFx#X0b|u2gxziMA}@qM!9dA_q}>?&d@&3Xf8xXx(YCJ;YxuqZ?mJ&uxSxH66-V%q zk3%5FA}Mf^{x5)UR0dNcQ#5r@_AsyqL;Q$)2owLx&A?+>@u<#nL>dm^c{9aqn*Sq^B);l z8JD6(*sL5yON%8F=*t?N!o|jIP=qljs%z@7Y)%VhXM)bAz5?ev#=()g-vHA@D6$^` ztAk<%_ba?o0R|Z8$QT4RLWx=g23FwH21COwACzc}&X0or_y3&L0)*R98n_sN@~$k< z;`j#hRSUq+a5eI3&*6%wXGB>L9b>+4T#|Lu3-ni z$(sQ_c}bW$ByBwsrhp1&K-hvmpoDTMjDt_(UujC!(8hOC1s&(WHlmi_0Eef4j0#&O z!m<}$I4R-<%paiaM#5G?)e!R>G)oL5l7R};On3$W+v1HA0CMXwOamp6FfIV~=*LZ# zriH@iW2*p?GW8eo3qTTOK_Us`!3pApDzYPC0?2UzemrA`s$Z~)41ORDpY#ggRP-93 z{RK1$^hl5k6Gv?%m@Qz(R-)-9u!(I7@bxMN$R#=cV!2GhxG^eGJ&0m-4Rn@Uvu5w^4?{#4T?+6sUXXe9% z2`4awgQHWNm;?%&53_wFAdYLBdyckI+W=XCkLB}JD$D56TTaXewXk8laTH*h2oXB} z@+DP+m6kw1a59Fo4iyD+W4h?^SqKmUQrK**a*rJpqs@is0LO+>P^l6FIb5?$p!ZyO zNanQY4=^c!S2VMR zME#eYsWc*jpFo4$fcpPPL1mo_VGrQMCW0O<03sz5;5B&a71x<9pmb(c!%~?X5Y+~v z%eZhI^MLZBxIjZSJeWBjeQqrU28q`=guw*z!8Qa`L+${V=EEzXg(#345S$U11>vRr z3+YrE%jyUSMP3|YIVOnFXvkj>lSXk8}uA7kz*8zhn^tD!AIuy2syWRS`d2wnz!fLDGEu5$Vu-dJT6 zF?n2KmU)Owga;AAaqt5VHw7_`Ib9Aa5;TYH_veR=(pd;P8~gz~Pk_T&Zy^#FfQi=& z!E33ALm0412moU4%PC3Im;5QHVf`L@_QLk|GU$ zqe(~n5)gqHcq3sMdWxTt0!2UE3JTfl3pimEY*PtWxDnj zrT`RGNdhl_0SN(*hy#GtBG6ytBM3YMA9!hocqCwAe9RfA>LY*xah6f8B-lF9B-$+lnICGr#dvwA z!82#)v{=f}kOIA0;>S(cTTb3NPJx$svs=3nZCV5v>*a_v1qoys%31{bYbHyi7^0Hv zT?7K%lm{V+A`Yb2Kq_)TbB>p=N;fi8T?i?_1_KZO3yrIWfpH=sq{{&66@ckKuCnbL zNsM1>ZhwOcwa+j~6{7;$R)~wl;(M|nE4#w~x0rGYjHN^tI1E?<91;~90nT$Ac8d7K zMTea#k^>O(VgL!2B{B-pZz4u_E(PJCLxT&y{1FuO@$vvma)1!Ql*M?!B8kosF}g#M zfF-;ikXxWmoGOkI1Ez`GIi>)5r=G^-;+F%OHF$%GV8eDX@SndFjBu6%yrqPWEC!&k zWf0s-D}iAm2@;te{`#u`VpIMHP83ow3UNXi!1FFZEZn#h=Tv)^QzWq*5})x>D57-L zXG0YdJOe&?Um3;(6fq;jyXo%)i)kGM{a6vSUJ(#Im4&(gV=Oe(F-VrdpseK{BFhTS z1{PLwl%wjv304C0LRm_H0D7IQVDw)bo~^H8H;MY1e;G*jf)@PRLPZ*{gmE|Xp zZL-V3T>NnuqWkuAIh<1u)xs9;P=+zx6_^>aR0d+bDwq!5q>@3!%GeTgRt*pm$;WjC z2)oY~0&WYwB54Ia0SSduXEyy2T`Cl{91Pz_1A=$TN?eQh_CIAp)OOzr>m^ozF4h^& z&d#w{8hYFW463Yv)$3GY9+D0ebN^}ung$Jz&%Q`>H4tXu_JJ~i*n@gkSOHyqVWg!B zM3dD)hG0Y3HEq25A$mo-Dd5;wRIvz@P669$RL8i`CklW_!c7a3&;X=3Nzwn1WJyMY zIub~`B6W2Leu`>93r`KAG>w04Hkt-2070cd#I`7Pz}ia%iz*fZB`?qbwxIY_=cUXM z2^w#B^x@I~SZ*q4CVCyl!AqHgm4dEyl2)KL4G5BA3~-X!A`@~RFIuDv`E{BCn^8f- zbTHa%l}U_zXMl+l1ttMH)eN9MQ~oo906$-WBbh}_Y9omXP&MZEeSo`=O_&<2 z`xhqfX@V3SI-rf&bwmYOstJ^Lts-a;v5=tAQ4ib_^{?tH*tB9T&==dve@m}PgQ{SZ zA2D=cDGfhHEJN&JAPUlkQTf9F`;`V2KNMMnQxd~8Jp!0;h21(3s|$hfUv}VVB#Pp6 zU^QOn#jk=7p4A{U!G_&Ru(dd#ML^?NAr^x6b9bzKJ;zH>@DO=96hB2nWOaGgiGns;snJ-? zGdUWaRqfH}L<4OFYFP(ILQO-UbsBd(qSX73KePN)4*UZSc?jW<*m^jJ5m#Y^wfr^& z?eAMZ%PG&CiiCz@6ro{HrD&s+ji7kwrm*qT=G+9*piJz>JB4pFfQ{vA0lDM`%yd=_ z#-N6q_}Ik_upzhCf~${hz~uke5T-Hyl?ZS>6ygsi0mthABPhBcf^hQuD@tG*I+7~5 zxK?Q8S_pFgSJK%O0U4(df{~vQn9ECJFgd6t!6saRI(~d4Q>k?1wFz4fW)G#L7zSU5 zH?b&k@G<_Kx@ipJ)IBR3_Xd!oYRjyWpk4%*S%g{+0oJZ(a40>6&!2aho#)k@6Z-n2!O*r0ybzBujHO9b* z*k6&6t|<^R-GXtVpL<|}m_1|)Y~nqe1+>|Mm4@X1Kr?{~*<4~P(1PQt0;?iz+KMfW z$8kVGDv#$VPNcjIVj8s6%@FryoQG|&xdB~J=Rl5~Jr>@ERIyeJy zAQ1;RKE7N5Bpz)6N%S1CWh8C1-x0E-IKKLkIUoz#3Z@-n4`E9S*;`=p7!6cl_II}jh?XCIn0&Ycid&*qTm*XL zMT2IT3v%5K6>*sbbXvfl@JmJ`bCBt>C2*z9N(=-QxRFypMmuI7QFDn@J(EJMy*J=yVtL*?jJqMg97hx2lv^6lI zL)bIHbMg-0s%`JggC~Lx?6K3xU-bRH?W2z;wf2STw6PBFPY=;!b#y znF1#TDjLYw32@xEz$9=k2*YM*As1(07Dvpg@CbHRJOXxX_kt+NjhR=u7?{CW8vUlI4&-{3FQfsL)yWmU46oT)^WE^^Xn^Bet6ZDpnGjbH6~Fz2Aq9 z9e(nRbOer}C8-7?5H%xVHRF!3v6C+N7P4+57dQdf(F1@Gn)vMK+5uP!eZa+dG%|)< zBXz~pWRi9TE-a1!dg#XqvE=X2`78gwQ(2uW)Nc=t043b0@HT7*e8J#q%l8lFN@R0cH!KsGo|~QGrTy!k(rGO1mbt;=H@G}FLVPjq!N(54 z=&Jvrgccy)vL!Upc?eF{T<-V=5%-ng!&-FY>yFJn)XH?nmSI{n)CMCgsYN|N>W0IB zQP%@@3V-JXYc$b44{SHze|jMh+9u$-Z)*>U8^`XU3#?2Z0W}+WK~y42pKT`~^b(zU zZ+Dm&@nkVV^mvI8*P|c{WN~&3s>;hpA*88$z>?FxfAs^knJn1dh!+G7HZ}0i+a7=@ z)eA?&V9~te0nAQ#1G9%c0fEOcXaM~?Ap#VuoYvMv)yE)bcRqvMQFIhM)zk-)1O)~7 z0I}kufHvI+u1JXIS#e%4ujEV2@5GtW^a3KTet*qu#2>hXR{#p=dhjf(yo@l%s zd;ol1un?Lg#LJes+@h{vFxww{pzp1tfo=v8Jv73?KnZ-T&bJNzOwc9(-;~)NA2D(+ z2n+$bInu2CBbwQo{s5{O2ovD}khKAxFdQu$mopO-u7w|nW_NtX9~@Z_$MP4LwU;_N zNHdsV1iWV%>R1Zt%`^bEY$yoA)&F1%!6G*Y0KMNQK}y^)0Xt!sggq^N0(nF!5SBe* z&RIrSXDz;rcmtMk0!)u}WWjli3IwgjorFy%-bO|QKygJ!Sw4Z*Dp_d|HI#4b($ zSDDgT7A;3-y&r_1#O(~3s!c^)p0n6R>8$QQ%d+XLQvx_0VZlFe+}dYnJp}3`!fv*m zfl<2?phwG7xXD1L5ATt?<3bUSr|_LZS!dv;2HNC8h=?LYcikiuKn!#6z^<)>7MukX zn?u3CzemiHK%`w@ZN!2E6(~#;Pr`x^r=e-2{jU!V1aULMCk4>6Q(zi+1d`UClMi%Q z&29SZ%@eHXz5>Sd^&~Jx!FK>xEEz;cyYO!tPXQUVaM*=^VK3_xa2IoyNVR)y;b20e zFyg~NYdA5qDh&4R_-Q~FLGTXf;Lje79=Pf*f|spJB-ujWxYTnEEO)1@R!7hfS5SXvH|?LuRXjN zMRsAZpL=5<+W#}aCltu~MBFE?4OkhV5CTu%c^nvS#mNi`1$~YI75ATqjWvmaPxuKH zuo5@oiy{E<%>_J%;KeC{fhdNFPnU9l9SwY;PAn`Wlm#uIz4#YmxH9@5zEKY-S7>n3 z{Symy2lSeSSRt1CIMmhzx&_^TKf%p`2s#}Jh!0+zMa(tl6A+-$<~B9q*aEpt4gE&&7NYQfDssPo%||~S z;jI<)xR8DVcnFItv}QSg_`_yS_!dptNDSOl9iW6s?#m)T2}as z{XINtT>}(3#iT{?Z$O|KFL1SF9P8LUK$ntCR8BH!u(2sOV4gh{P}?Pg34jLSHEAk- z6xT$PsQ^521rh|l{XC30ksdkUz?8V;7_$vFi1GL>b6XPZAcS2-G6Syf?k8jT?-q>T zgpM`Qr6QEuyO=D7-lqW4z*|5DUfyTk!p|Jw61M=5c+1{_b8mH^%9gK!e}@hL^+lT6U3)inXneGIrwS+d6&yzUB9M0 z1pE8y|gHp4AN4~q52&S!pWbb2p!0DOyVT|Ycc=&&Dj!+ca3TKN}FQR|6;Y z&jSYD;}gg8U}AL+uu|_u1~qC!UoQvSjloZW2Y`o_Mz!fE;sHKNM+5k%PX?3_o)19{ z=Q04(vxk5fxBS5U01;ER4F>?%FxCP{5w=g)1(+R~1~;&jLd+SoajB3X)LaOJr0-+A;Ei~~L@GrPEg)wRyUT-!oJCMp z!Lt|f$?Jc!c)k#z>CFALBIsVXJ_S6(MVJEK0Q^)8%{St=e!yCI5Yd#0F9dCvmjLDW zMQ|x}x&$nU7&}$U8UyQ|f&)i%5lB4519XW`#8tO=KCJaAh8q2A5#YnC5+soi!rm(Z zVeyM@G9Ah)iBc%~2?$SdvIsF`S_Wy3_23LN8TT2srKtd71+?3{Sq$UX_e5;N#}Ta@ z+!(F`rE%&CsP+jk(^U#%AQ}(r4zT(Oz!4oCa1ZhU#EqXoF}87$ zoF;{prZg$69+l>7k4h7&P5$p>Sv+lv!3J-Af-&a!G;9?iZSo^Pe6AAc2$VzmZFI#8 zeB9UuU4g7+IK{SF)tX%~gBvuOQ4#8U(~X7i+7 zB>*Rtz_K;fxJe4Zmde!u1>zd{PdR{>RO1xj_N5wfJq_7ZfvO1ftQ1VdC`}>_lj-oD z_Z2>mW9R;NM9@UUwPWpLKsQ+fbnJSdJ|rY5s{%8bssskSYB4pQIj_FpjE&zMPFBLA zXLT&|BW@0*Sse0;!mDaJ+SqFjo zKNN|__Lnpz-**20pbnfD-Zf{~{nBj1d6vC-bb(wmK*f z;K^zOw(9?b6ULc?hlnp<{2B#71RaX_fV%??ZJmjBtAsPuN;pHUgfrBNm;ddRU@up~0iql9Sj%{K#3^9v^t<@) z;=3DUec#>8Yqxuu*H72B?1wh6;1#9+`rkpI&M zK>ptz76qc>K6{w*mpnlENsoa12OeTiKlUI6u6hK+l>(1HLV<5QNP+H;Qeev;)54rJ zLY$9cr2FfEe*1-(9DSKQL9G*>r`Ui^60eB$xqzCJ)&e>}Uaq5!jNV89-R=*;9JXA` zFkgI(o(_JLq4ao&j<0;&^wdp4i@QHWWB++6?dghtp!Wa$!lX@{n^(LH)0RF!_!BR~ zG&j&}IXBot9PcVp&pJkN)q<~ELi04|SHcv;+ z;^fUe&(Y5Pm(b2fFC$zk-enVTv*>wR`}pOSKBD{GbR&fH?DH*?V6j51?zeNGoOX&Z zt&!{e=nhz?f1bXMRySD3EI;B!bI)?v<}Rl*ci0Q)C+9AgA(q|4FZdP)yhsaWSA3Bc zZhwJQ9{m)He(Q@Z9fHNTcy~O-}@*-V)A_Xpb$rrdsR$L+D-ef1qWl~mGC8jD7 zSMP<|fvYxS>=35--b0?ApL~<;kMZ;A%N)0!wKuHv#%CDlFJ5Vx!Uk(t6;u(P;#NLG z*SS}j#u=|L)N`Ii8RA0gaf$AZm9H{_08<62?`!b5d9Sv#wQy!N`!&2}OzE80D0TRA zbo2Fx7`q6rtt$=7xl-{?xJo!NsZ_mvS*ZrW9WJ0$!hw<7{NFU# z0cffpzsVNp@g6Kw7cuXqya%E_d6VHup>9y*r<`V#Fpz%o7K}1GIyns+DyGv%Z?P3A z-pBp^Alh91CeubyBUUG=GRPbMiRD|#y2r3Qa0PNJ<83^TQW5I8^J&KJUSaH~zU{}p z;%&zM;VW#s+g@XUVi9do^_rBjyK2y;szIBo<^%Tq85*IoqU)S_FE=;#et}jhuhU*o zc#hzA3n3#{zY~Ve2(DO{Y9rgtPry2>_%7Q8_I~iYlx8(%|BKxTqC8LaQy#N`DL?xU zV88ws?aN!*dRBfv_YY>Har8hZX>sx8$-ZvMcevf}VaB(-L77kA!`dbeS1KuB!}mi| zPFSiGK5-Yg$DH?AEh4YLE2BDxLM_$OvVS+GFkm%gPuT8d|Hfg^;hy@plqkCg-e%l_ zzb&g7Ww08YDAnLZsru8i_Ntf0?VKun2QD)Hb>_C`I}9jN=c@h$uvDqJ8{Th>VU~mi zu&B78B*Opbx2eAG2Q7QJW8M~Ye2AlS*$1r2@&Dw-#~-##$Y_XM?~)Mr58vh01^*#5 zN!$681eu7^hPdvw0&A~?mABc4O)dzu33Ms(`>*%_xg(S9Q_Z*x2tIzDaee+TFj)Fe zP!XDXR-JA8cj$SKkC@H;w^}M<_`Up**pF4WI7tYs|Af~fPu-kNqMV#tiTeKE~YC6bkElCq9G((oX%fxp605tFQ89t$g=8fU1mc&jU zK%F>&#w45dse12;-%8$t^2Ub@>(o!fQg;KFpSH9oCC;$E_c_z4$vUk5h@G z*KSno{~s!j!}IR;Xi1t}Fjaq>QQzI%lBl;vT4_&wEAx_MjM#ziw7ln=Tz`7MGF4MuWcQSH^x zUf9L_9oT#D`a#pdLtb?UYye75V=G;BUeecXzG1S5{y3X67@v0G+6|M<`*mb*I7tZE z+Z^6*I1oqepq>f0-o9WlZ|MbDeD)lB>2v-PZx%-sWw&|nWa~aYOx|ypx*M>m92b?{ zk9xuZJiqZrU|~mz^5?GU4jJy(i>2n^sE0edSF$Ng?1;X}j+zyPP6oKgf1M1}-VT30 z8LU5coUGl}-MxKjTS%*gi<_VKW&QCOoZY+8VdDgdLu6sR`))vog+6JA3;51`OTOaT z`+=Yp&xdJA5EV{Rt||9V=C$xVZ2$z%xy=CW{*>$Wb;&(5psRc4JCN=PzubK=zz)gO z!6EF%T4AGG!oc-9@bC>;gWdy@DSfN{_L(9CKi_~H1Kdd7{;q#AZe+FIU{Ez5)ZShT z0qr#(m_M;6v-vokP4CQsB==c4Aaq~$Kz+QR4*mb9-nM5h%LQKFL?OB+t^`{%OLmN zSupK4`Xqf}ksNtVmirVOFKW|$9T#J`tl-mb>8+Q~ zV4%IZexs7%2+vRCrC?UBzgA_0XSUJVL!*+df*-YaQskZjGgi^BcY7ueqp!l~Fdm6@ zIzaxIGK`u-NAOE}>*EzNKR3?bgux&tuNe_KIO8RF&jbJ<44gj=_H8Nkck#W zVI<~EbdFQys7rrc_6Mf>>~Kn+Ejgv6q+2-#G(9(*{=0vptN(^YMEi^H#k*04d?$=r z{{WPBzA=<$FBI$x?QB%@>(gEfxgTml$)r8q{=brid3Fn+H|q@m8Liw3qPMD> zuqnOCO9b=5o3bFlzB4*$oO{>2hsdMJhiJJCM!*O3+9;$p(DfRF)jUonH|B3Gei3JJKN`)_jrfJjbDaBp>txWfAq-~ZR90`^NCv15KppDiW7+-( zkECpm%{;<-V3X(h-GZchbWDmP@2^Tnr<4AO9z^Zp?9FX4jG3-D6g(I^K z`!{1VBcUEe7t`L)90$|FkiB*s{j3?A^kA2+8<#}cV>stnE0+X?Jo`igfy=q8Mlk&A z$3v-_m__@YIh2{d^%7XqKd+m?)W0=`srT8OX?Bd~S9x=$e(D(NE)*EucW>dac?o~? ztz?C2O)jQ-zSGn_XI~Jr`{Wzo_J9e=);=GR_ILFxgp%M~J)Yw>rMufEq#eIJfsV&- zO2=&zL&xB8+C;8=SF`TTnxyzxZ@-?1vE9C$7(|>~G>Z1V{xU1CztkQ2kr3n2lj!5! zdys4wOrqb9$5QStf$4-R9qym}(YKoQY7#qid$;j@Ygt@}K(^yHp~+jf0M|l!%L+_U z4te#5rh>a_90fMoGVODlE$Q>>arAkTz{u{yeFTPg9HA;FY6nebenMB; z!P8eFkqfldeKK0?-ka0YeUsCk-jiPnP){&x}&j=o|TMA${eg6 zH)Z{u35mGfCNS_VN~qE-sfhB`d(zzj&n9h(Pi&gDzV#*@!6!pgUV29%=|w%!py{dR zzAS|9MZK6>l*!hsZe%|6-#be!8VBb-6TH1x*6zEJxJNtXuzF|r`m<<o;uNm9y=s}l8mB1GcPPxTy6`aUW?U>Ab}*Q!^<;`R&NL<1OQ959 z+m3UKTM_BZAO1B=MUb{oR9^YP9RvSEj*Hz)Xo)5WHJj{iEhWAAt?DFjw&XOl4{Y8p zwCGuKh3jv#w+_RlFNykM4t3XiI!X}5yHIiIDF~lM?Xdabw}jsB$)n-4--?WSZDxWp zPheJondpkhADkoT8~3m23Aac!zESWx#eHiU|H%-w3qtVvSMu4D3Cd!UPDWM+baB^5 zE(>V?ub-NZL=TJ=MsAlO?u!DW`zC#9({9boWVnZYG#4hcdTP>7G-U?Bp@c;Ek1X+P zj~Ssnv)7O>h3>TtI0<|QwknZA+7Cz1Fnqx+%d>{FC&hE!dqzK!_BysryxOe&h)ULv z1JaEAtNRmgKYP8kIyj-kvh9+oYI`_kKANB9h6)Y-cALfkiS`=mZmh7J8d*x{`(dG_484T^`I%&eYTYfH%|{Pu8(~n@x-dRZVPDa&h43y z(4Zd}G5@3>I~@M2<5YD_QR5?zgmLOs=v}vFl*eo*R21UM6mr=P%tp0tt*)ogOIaDW z3D_iUN$e!86yEF*!n zni2zgal@kSW^&O_x90x$vm@`AK@T4@q^^-Fn^N!vyU?-Es-hJ>-kRMsAB{!-l1s)( zg}V~>?gS;uJZ03RR-xmpHU&_k%GT^mM_qfhH%eFkO4C6ll7h&$EyEnR1SW@k6mj!+ zgDr8ZK&)P2DSG$#jkz@UZw8q5tbu3>-SK~P*j;RF&2$K5r){XIK4DE8>6g*#+HS{f zXls+%TC0ndZE+t??EX`!g{HKV>v$~bpH%Svu4Xi8pW>%g;Cr(fVz|tp@=}$X&$p%B zs~AndZP1w&{OKIJBhF1kp4Rw-C`S6L-?sdEYCC%VE@SGds}%Iab~O3e?pjwVNNdQk zFXJe>-RFeCi7@tj9q2Fj(9tOYX?boE4{~qsKvM_MR5}}V)GG9)1Cuc!+of(Rt+af5 zJbz_3k;b~lq_lG5jx_Y{p6Cn0j{F=3z@>#B^>M@2($^2aLXll))hF!~>_aSaZPvf~ z+g@y~1}^llcHvIc*<;Tx3=o+r>{`LU+MDt^|Czh6(=OdH8QdqUB*6OQ*xhf3;LM#V z1o+x^q9RFLTRq=6@p5koR~q#(3~TR?VMxcxuVwt|AGlJu1%WeY)*<43s=M!RyB?*2 zZgB*_E30nKzA#Hgo{n(9Ho_GyV8hk^hhcQzC)o-FX!x80s{65|9D&Pi7_G1+*MeKP zOY`VH$<*F@NT!xeJviSuop;^$XIV+qA|#}B?!OQd;_cbAf7`yvls*|hGu0G%`tqOq zYhMlY>B;b0bExMSMpRG3&-LY-2WUMdBl;WQmM#NV_v}u+lV~!oC)%C9ykK6SCawbu zlh&~w>o7ZsDR8q6z{A%(RG}(;_uxT6xAt{*`w8>g@*p~$Ixo>Ys!bKcbq+1i=MY~& zu5^qD7`<3~thr#KH8aHk#_8@2x`DQQ7g|G~HDP`%qHHQUj&1?Tl_F$hpH;-PrAK`oH?Y-rG3#j7lo}EXdw=fEw*ND2$&*w|j zyt}RL6_0jz#SzJ{7Tg)P2^s{mSxcbqErH$krM+Jr4vB}WA3FXOdotmD4q+%A3q?@~ zs`%cAK!ht6!X-RX(e9sK$WZP-h>`;jTOU%r{-5A|cc*?8r1sw58>e*FMP>X}Mlo+6 zB*6ajY3tRmDgyeszDL496g1~=-DHei;;p_fg)0jve9sX{N3VvPjxwUEmlrUx%2C0b z6A3D{IRjT=`p$mI;J(#nvK95bPd$^77*2)Lw_hbHrx#!Z0VC`F@`=ZOno2law?Oq2 zU-0P%GmM^xuMah;y~2_9Yey$rldH3#)iYM2hQcQN4oBm);jZ90M`EGITZvO$F(O(By!pkk$y9Bo3!4`nl+@j&3+ZCd zW0Gld0=#x68m&T>9LIrJzT=`hy#ggKZ+Zg9usfXYi^nF#%$)$X=z&|tXFyuy zb4hK!uO19iesCm6X*({-H`f$5usi!mXl&?7Lg1t_rfQe+#4-60aZS8>Tr#b%4~0<7 zOE-d#q{7QxPfWg|oJ^OweF4379Lcn9J(2w?Ey|Jjt0zKL0@fi8xKM|f;zH*4!t2cM zn_p#qt4>G?eVRH`Vdr1=KN*%J-U8`Nkv5$zeC-L$;2S5)E(!fzelpX!M!*jr17WjT zy)u_++-;vE;|Hj*(9T>`KJ!DbH76BvkREk(SkAr~OJ1o3?knrL?rW%OdY%%-p?Zi| z));DwH-Q%&aWtJ1lQG4e@^zdi`sa0D_hac(P@Wuc=_6UsK8o@u$tnmL^~&_?Uid~b z3{;ohXWvK;cYi!2sfgUUzbIIwiA0399V1tt&p8HP=1mZq84e9vWyDh|(oJ8HNPWO{? zkAIJ)IrhV3 zL-(BzlMUQ?^5fZ+!vPdO(uMb{ zz$=e9p#Wlfhaq1MIxU&*g^OZAu1zqhx~qRH`HE1T*Z>On-M5m-UCC(jWQ=cG0m;F$ z@z=o7wx@tR9M=ONe{XQO>m-x+veP-~{t*ZJuKmX#PcKqj`gLCH_nl-_$(=N;w<6{r$BWm*-8S=h>h>I) z{(40Y`}HkpG16cEVZ>VQtK-vhD?UnL_>A;ze|M0iXV-F1J(rS-oT+-EA+JOoeew83 z>{T7tt&4b7I)wrM@jJ;@eL!?L`sIgbBvsJTvoopmDK?a4@T`f47M?7aTFivR+2gwq zZ;$_lyJxUF>vW1#znjeUzkd4NWEaV1^xAjXDjZRbJ|o$rUq{xhOWQcIC%f;QkxX)X zUXKN~^pvFNM&5#tQI{Nt4nCg4z}QGh<}l<`I(YXC7G>zEEXv&PCA+%nxA=9#_mT_W?aTpOu_Ca^?RdT)W9Rv7 zhTBi${XfrSs(5zBy93|H<2rFMwU0V0$wQZyo<*Taiz(FS%)m-A8ZDC&ML($$Z+!Zh za4?RfyXT;|io5MhDqjB`Dqep!txx_otxx_fTlnSg()z?7XaI&g@CTH7<-0P*A5e!Z%|uP;4MUKiZz^OD2mjsc-mMK^7U@Bg$V^0MfbFQM+G zf1vJmQg`A~U-!VJ^uPW2^k2Lz-B}vFvAPpVP-o8P->3X1;cfpu*$t0g`Yj0bi|rhdsz^_irh!Ip_X(o|YCx zA}XyqAg{Sh@RMYJC;lII*%B@N9;JI{+m^3S43)Q>Q(jDA96sEBT?)fIG5zX9Q|p|j z%SSIxUrL1^|C9=vZf=L4F*Lb^+_xDsZuJASu5VAign_S^k+cmU$R*OgSztiDxV!3ekd3<#H#H-csJ z?yAdKa8;4;DnCzA0q*oOy4d0|(A0hb^ZMXtYz27d_{#|_;S8|*71Yrdxu$bIp%Ub! z8!Ryo3*<%G*u_`CVVlzS!VAyemJ-vK!(m^gPQRvbVP4G|p=;^+7nd{gPkxEG z_~qq{;huXD6}j3CL^pr4(+v3UQ=jit>F8c*F zM%<8@*%l~2Iy3GFa9gqBZoDCx@8)04kckZ#=l*gt6YlXkT51&)e88{$@OJt&-S74* z3aK8k$gT;n%rgB{dZy0ik^vp^~yU2He_L zyA7qIx?6H1n@31jRmS^oWbCanrW0S|&dJ+1B@^A}LX5ayr`(Ke!}oIB&B>UAz$kaZ zZ>ZY7lEPfk#g#83(wo1htN`}JZ|Gm%_Q{wFgt;jb(GsWr8rsy9FTHP|!bZPA_b9nt zrJe#lT*WVC2_$9tJuE>!{X)+;Fn%9;ru>rM>u{=W{BL0}ORj>_n9i&)`zZQR;a|7r?;@xBu3Ts{WUKxT*dqUHC>zvXTFA0YG1e#?t9{*cUbYgY1W%#>uj-?kgy z#_0Rs2yEBesCI;?@4E2h5a;IN@A0Dk^R{Gezoy(7?0)^=7oQAb1Co{{squ}QJN}p~ z=$Fq%Ur-KxW{R74J7lMUseAsO5nXpXBiift98KZae1c(D?qH(F{f0rDc86Dsuet+v zhcx-y9nip&&!JO;{E(||>TL|_TdPspr`<-Cr&lv>PJ#!E*L#;c;R-x&xRZLCoo?M9 z=&|;vWKYRSdETFrquuMPsI|de$%MXHuE<5fwGT7-&40(+!|tL@tcK97gk8FO@1UXF zpBegncTnVrKT~8SiNYoA`Qv}4Tb^6}g>IMrj*Wk;l=<^tD6PN7-|gcm&$`>QfjjPI zeyH0o-A#oPR-vyhKLry)xBi3!xFc69W?f#~n-oRC-F{CpPVODNdJomEABmDm7?nHp zUV7(w_q{+z+)D2s|0(I~X5W|W<$v9LUvluWJ2+nk1u0kC<*zLK%s*0YhbQ@kK;|_v zQ1+$TAy9!2RCMd^X6C>6Te5WvOX=zF8!T&e=;4dW99v50>$hZ37rj?3w6x?dos9pI}HRu&C#R?>T~`C zhR^srV{e!%*UO)OU(LWbJC$GJBM>sLy1STdTgnGI((T^?zx?>G$?UceK@5jTl>r3j z+`lFH9Q}f`EAeOHwfoHjjGJ@vHaGNcI-mAnQoy)6;X%3@b~g@YKEd&imNCQ9tY{3m zaWKLk-i1;93)q||={&@+cNagv5&OP>X2=&mOgkQ*>FKL1!Im#D+5Wde{ckM6dY*qT z)fcbvi=mzvg*@{R#-T>C>AGD~fnsOgM^Qa?y>SiIPkJ~ZZ6B87qc9=q$Ia+PfVq~} zxW@mA-a>imJ_p4Xl3gKH9 zd=|{7(8=>{41ML+K9UUYSIR~WFsj{gq$#=dr$!?_mOs24AY98m_e44ub_7Y)Wwh5F zF2bH)7rns}tXa#j{bw-r12~T+y%RcCHm@%^4Au~G#@)j$dMp_$dhf3uqg_v`^zEK~ zjMe__leF}Ur@RA_{TEJXwa=aJfhqP|1Dzf9IOk|kPyd#ouJ0OZZ25#oN)LC?6ZiGUo<|5an!oi4nm_)2UVQ6m)=W=~wApiBgq+&%qk(fC=It|2OH)jP%&6Hl@Tarx zhY!=;pPvlf^~roP18mA|=>D}zlitM9zBry_AmD@z@f3FFJ2H#%Gw93n?|~3WkM6PQ zekN&yRNP=I4tCo=O1T|hfobZmYhMZd_Rb{I%Det;EklzU8}!|$0!I5Zt)~0(HBPFg zJPd)3UIS`{3yh0Pm`rf<^Y6jkjD9ZXmpVu_QNQ4z zU6nUzD3hj+KRnsWduqXF#|#One0Y~}+_E{yYz*R>EIObP(@C~ON%5m6&-*`4PbZ?c z$zWc1lqQ!|?0%m%J40?PfoM^Jm2@#FQ4%?Bx3EYcErz{V`VdoWG~*dF#up zyDGLbpJM~;gm9XbG_x)?oWttYXq(yZeyZ4d-f6T2f~^II|&~BkZ`$6 z8q@;Z-}7iMcy}#Ne>t>JFL!DKA!B!YF?^vlB;+K&rsqzjP_Yy))Rh7SmI48Wq-E_P zffr9-k6c*VemM-h90pzvp6GI+)6aZZ#m`t0h8(8)$b*Yj}xP4SPLV+|8}{GU>TRn#Io74q5O*vc~k` z-(l@O_K#$f&M;&@fH0BNEAN5n!Cg@2!_^SnWPTK3l6kK%9F%@HIbTq@FP~680IfWf zwa?}ksk1+XugerKe*=1d^^K(ePF~jJOaI$vpu2#Re2PHaCH>w^#_b#~7w4;?T-P%U zvg%hYpFYDeaz6FZ1uW(9(saI=j1QP3S-wt*B>3T}&1LZ-1w3Br!D#YVaN5Zk@9P9K zq+B$Wz>Q}p7oz%=$xi1Jj|Hz|^W_gu!i7>8M96(d-e=!I`V5gQ1-vBp4R0CI+3r`3 zmcphggll1ia5cN@8L&rER^MXR(_^m?ux6g&!+B(4^!2))(oQEGhwa~Zh9P^GAYVuE z%TM-D-#|EDE_6LpHsR^D7!Hz(fgKftPpaz~6y2iGs5^FM%QW}%nJvS@7B2>b76b1n z2I4CQ9@2RFl`Mwz7{x$z#jpiQA10&CQh{(urGoX2a2%`IHN;>^7ehA7Vpx+RN1UB+ zCqu`CzQbL@VnAsz#5?eG+Z@_5V}f6qVjwos|0n_*Pmj<-}JzFgEYva`JuP*w__cy2WNsf0aVs)Zp1SyT!#t`s(IDSX$h z9AsYO>FbpPb8I|)`(-7%z4mDLKji5br}6aETMn1$yPknDmIJQKL2@*nC3n?(%DXU#oGnE~N-P*N&*FMGV7%*Kbb*`_(X;YGA%hJH=zoaFyuW-{Wy z_Ii+u_UR{E5880!8CnRdS`Qp*Jx@1pZZd;`oHsX_+%x2ps*~&PhPmwEzsyYr4`{Ck z_FNCBcc&kiY{UWMPYz7B=xnctJTUcut9r--QxCXmJi}N6?&<+oji<+PJ>aSy*m>g_ z-Uqf`*Jpi?_IlV0^?=3nNqCCK!g_yj-T4HhBYJ(<0sQbC@WZbjKm3phYe`%3KT;|Z zA`&`RBBE4Uuj@yUsu&N!p33}?-rOCZCPOi9*L|97;Xe5kL(=}YscZWz89|{TpCyyp z0v|!M4;pp{B4Dr2lKm)f<7Zr%FSv*KYfN~{_o8*5a=7QYAwN7jbqhYncs>7fyd~Ft z-o=n8X1Jap!Ot)s*dAWNwAscF-z=}Xes~r@hv{H~ZUiJ9O#02`yxaSWXzH2 zGj(|u(y0{EW0L>l9~nB**kX_6&i~_H#4Zhl{J;9q`Ttb<|GscA(*7Su{eL$O@45K@ zzx(X!3n|L#Pn|ktPdBP1w{d5>X;{7BoG-{vze9@h)AOW~{Peq|EI&OHtH@8k5v%gk z6Ms#9`dwLzDZMGxdF`+#OlPokp0l$v2sV1nKk;@IFmoQP(Q*Zs9Q`GPE3!^<%Xj@9xn~}sb`B-sBFhp1#eOczE8KHPoD83~F4QrIGQk&2oWNj1Fz0jI# z8&P0@!Sk1S%h4IRs@#J#iX&DYgFMM(%M{$~?zzFOpqAi)0sM3qcFzsyBp*7dZ{jHz z8Cy_Zvu!Z8V5Y@TgR~+e4LU%kYzblrO0b8zzCCi?TLoHncQU9!o~pA|_~b>8+~Cd< zWz0A^?`RLc&ukS&AAA&9C?pU(7BSR|iY%0w2IV|JdkT#clZ3wHPGmgLpFG_AJ#quL zg$9C}l4*l59<-MjvkEoy!1;6V2D!nb%8U_B!&Fi*hvpmP+O|!-yVdlGENLJSPR~CRXJ5-ig8GyNvnTRoyj@OJxdl@QsMusL;JsnX9&DDiE(=F! zTmL?EPU;JuLng-C8e@V|L6SE{&Q^BsQGS?AAc*no+oBuYH*6}7_imyjf>s{G;$dJB zNE7&rcss~;UvsPb<_33k$kdGZV8;qL-hdKR`L^^gD~6z7L<^E6(LXEh2Hqj@<>40g zgJNYC!M@APg2=HY{a8DpwczN;zEv=+s~?S%`)0O2OZwa<`1rELWdgzfoCV7Sg6Y@< zb{+k}mQ27fd z^E%$_Fb4q>>_ZFtn#Cf+R(m11ezR>d$AaPgc@g=A-~h^$hLtQI!20Cf13W~o@-60w zCBZ-hY-p*-lnWi)5*ur3Bn@)8(xFb{VvVG=tm9l zjGhy(n7Ar3Wg;|JQqo;CBsWm>4eWIHoK&sp!`(F`H((U$p*SEj)ak)_xBC!qMwqgH z7F?(PUDD?yqr~S$14*r@>{LkaF;rLYJRZ7wMq!7oQrEIv5AJa7L*Y7>^;TtK!Izfl z5iZ`APgwP(d_LMa$g_r1xR{mn3)e!;qu|o zgrLMS;+ld96dKNwa$oLXeOC0jjnTRh64Hv{W*%(z7}tbnZo~$!frRuk)R~bn_~SP6 ze1{{#WgF$%1{Z_dFRY6dZFKB$JemaRS(N(pIZXzToM@E0@&Ti$*^#i2hRy=~c6}6bwJ3QBj-yv*P-WRPvRF`^!iO6yBAdFK4Q= zAn#CQq+leRbY$NunA^aNOZ4I!^;y=Z)sG7#_Mw$n00yu@5y8|;M={^L%-1+qh*kg` z9QWBFDY(PUq3Sk<7b9n-mRTh}nFly#$`ZSm9}S*34&>2YR+t+e?~MXPVgVk*;@yVu zr4YLE=+U4A&M(h4<5(#as>|B3zC<5Nzr&uHga_N<$W{%`uWV@rSKVsHI5FPmc#5Tx z87EYCMLQFaIT;pS;QHHxycHQ##J#eBv5I;u&*34~A~OJSnecsKw}dK2zd^jqTRQ-D z;TWOGy8GFfuwji3EuV02FJc&WNKrxwrDh`5ly z>hc)u=8nw`+66LCBQ&z(QE=>2LXDBqu|y4EKGroB6r&{jXT?n)t6j^(eK0mRV0ak{ z=Ud*9&VVKo3(-?Jg|AdZ#byPV81RigOcWNPOtbi z*BAuQwiDBG0G1t1E@rR&aQr@uY z0FDi|BFPmg9TPcVcf%y`B~v&29i7yT*@9urnUrgFdu+j2#d~Uwh*b1nJE5< zJGRUX*+nL1BtTJ)f65_jDpN^xo-|-O3ufiY=ybc&uSf)Wx1FA(RGdX9pweos}GJ;^bT}mz$CsglB8Y6gl^iX&6l(JzT&Bp&o2D zmMA-ABR+~AYzAAB6%KwHciog+uO20tEO)o=oD9+s9rAP!PXTFPPR_ONYlKIUykqTU zV=JJl3)l?LgUw{h?t~6l%kn9?);8m-kr?fF7 z0@&;@aSxFXT{q6y%yN3TogPlCJVuOYFy#<+k*Ot)q_XkHV?PME=JHHZ9Pj!>+c}uO z+l;8ffN(F+$?%Gx!}!_>*meC1EL#6OJFQY)M$t}VMG(#_m198^z=qaEWhom$#3cx6 z#PAJqGL^HQAa_S0*L{=+8i-dO}4H!y?{k&#)Es?5N+ii#d=s6jkPWn+$D?FiTqLro^uWThy3E_yf@#~GG< zW=NiH(-K;?>~t&5#Jf~BXTN;@R!SRmdT_zbkXHX(V&l#(va5_|zsNcCJEh#SCHK*Z}*u~JUJWqdU2in+GoWYmpYlOr?;ei7qvKQ8CmI^h}>cNnOgeI z*9?7muptdOYD=S;v!xZR6Pl25cVP)i@pvr)*u7hZ)|0B}V1hp5;3|psRxuV+0LL@I zf|SxRiwWW}5e4zRy}y!&e^rn4xL7jS*j1 zxYA_Ia!YcyS20EuHr?}eh@)Q}QNU@#m&|9Dafg*ep{p2a6~OWKqRmBHiCQceHQ`6R zy@9u*NUzLSo?^=di(0^Ww;ZG$WZY!(0ajkeyCr}PMar39`X#9hc8jv1D{dykXyF)n z)>f?H+^t!|&aJ=#Uzj`|$Tmi5VO&$s_{IX*>=IO@_qG<2l^L1i4UBF9#~e#+@zGOp zHVIu|ME9qKeT^+v5=F3Lf|5Mg*k%~+QreIvwlF>Q5XG;8seKb&xx1$32JR|4AE^T) zzQ!FE0h|xWu?mJuOS_c{7g&*L&X}KYt;tnG-q3KkxXAHHH zxWg(&VsX7jz;@&cHX|3sv=WX@dS~c^3%t{zU(rOXMq+U`I)%4x>C{{p z=(JUHcoM*dGDLR`AJuGkA56>jYvYrh@yb-(yZm-a#w)h;ArUZY(bRIRZ99NOZ%h6^lB;z|`Av1XHLUDZe+RsX8SM;O2{55iL=jl>+QESg>TdSZrf z`D7!3zd`RF6Gx7=VmVnL5qt9PXEsgR@GYVu@N3^*b2hvM- z;LM%7clu-7nz6BPa8c06r?U9%YQ~hp*X3q@1?^cBx%2{GrdJ8xsu>p{t}p=;Cc%JP zNSErLgh}wXd-*H5fx?jc?F9D{jV`?am~B_V26LjxrCAfQrDaOS9OBET0xm6M{4Irw zJSG{>VOf-~^s9K8CQ&k0GQLsbYpWU4sH|WDvaX;}8<2&ki&~)WLFpPBNS!h82iks%C;~@q!81>>yDiYQ~1buO(oQ-mNpk6pf%}#8KIU4KL#?e(A1YN{-{m z$`i9X(FoG}q1iqZOxhlhJlt4Sc)g?+(Hp#WrQN{P9lPKbH)mEjyriJvSK>D!(@i`W zQ37gKTzRk=x+np)tgCQ0mA|;V1a8(ugnP}(GY>XvQqM2@AHtyd5S-L9G%lW>^yX^@ zZ61ty2gcis6((PGyMk8THknsi0-QSw3`xEnCQor|7Ih=%DxwtB zjUy4TTgMpZk>ZfoF-har6L7o%DtYK9y{X)wp8$@<3m-9ai+9JW5ygW~jk%855YbJ$ zo7D4~yrX7E~yXL|SJ9mc}8joQ`TvT-<`2yH1 zx@b0aW0aAYLcj)%qS@55Uc|7kJ)D3U<|}Fbw8t$I|17%a^>3_Co^3|*sY7%xR#{Y^Ix!ZDz^^1OmggiR%lJ$b#f%G3z8Fk+bR7rMYgmc%ZMmGs3c&s$3583 z%k8pHu9sw?;AhRYQ^5DG*GqExY?{5En z3G0yv_qs95@a_UOZo&XIxEB`?-|KMQm|F{(e5deqzuA}VIb$ERx)=G?De7C@${i0j zvQyNzG_yhm{~l~8Mep9R+>w%l!a-o>i2M_O)8$c>jl3c9WC)aiuzYIe4dR_XJ zk!-K57Uhkk6@?DC(FX#&>Q3A@*Cu@u62q@fei<5(Q${XpnV|=`LA9uZls7aI;AT$Z zIikD}IGMCElL{})q(qIRf|*o+o0SqL6Xos1JUp{jdaHk&nzse@2AiyH+@2P}_^~hjUurXYizGs!Bu_S7>821voa}?gxOLlACh? z=qVBBAUTu8W3dhOitFNQ_M#hs^73U3u;p1Zmf*f2;v-HW$M}6kq zi9B~U##vQ#BQE^L>=mE1!eb&!;bpg0+cU@#J&5)UvP9wO%2CoFa&k3kdA?3@5aTl@ z8Q;>-dhxEQ>V3Hm<1tL(9NN&Hc)H4gMC%IGg?^<|bi5x8Txzr|4OrR_DN$|Tq^KPv^+4K6ufj?i$;lS5t z+2!>~D2_h)jNyDj=wPq%gMu7scmTWE|6n`&A4UCfsJ)zyqnt^nDJ(NI6yRp-h~_|f zgS-IeMuPUpB^v(&f83Y_GEA(B@B;*TNGbgR3O$6J_5KI90R0cJc8FHzu+;zH0|i111T@uBkPvO_)R%=6dI#_fg2TP9$RYN`@F4ctsDz&SV4_6&81DCe@h z;aDQHfg5TLaHv_@Gn}@n(wocWkyNjW_l5Qh^9XR<(1%HThT6p~Lp?Ju71#FKdDX+= zv^Pn6#+az8$mIfhJU*4IT>AVk@RA#_P}(yDrGhbUPI;>0lOa)(nNNVDTxfe{J;XUf zek8LV;)Veps}^|S70#s!Y0olq@y}4ttcQ4FfSdUQI1>7BsIlxi4u>2uNEYy?7$ovM z#8@8Wnv>=%uMTj7ZoMX-x4b&Q;nnoBvpL?uS+D)XWKa|F{N zPGRv8{E3;Re`2lir?6)KBoDd%jezC3kvYu4OE0}i29&Q#J@z(Fnw$AmB#Cir;eMCm z#&SsEF>-LgYx$TKQ#hv((p}B1p*#76O1C2!1?M*MJj4Wk*Cc=@Z*R5-xG^JY;^m;c z8CHOEkxTl+VmM!)+(ytRsaK?bV=dHFUfcWaDLmdHq!HBqKlnVcj-{~dnB36e#{I-u zfwYW|jMpgY^LdD(zTg;0s^FIDpGXV-6fe`A`s7HKXZp2(hM46rKpHa+q!i9lNqw&1 z$ny{*O-R(J^<(bDiGjk+!iaHBe+Df9UUj=4EB)2nP5R^;^*qtH*B#3&(YFU2CrsQ> zww#iXtHG>-oQD86!wYa$LEAIKQ6bIkwMdxMR2ZkZn=@z(a6bERyfE>Y`Ag1w#$lL0 zM*#{q;|}nG%hR3&r!C+KGoOEaZs=^o^EnI9X3TI^HmB*}GQ$mU-5v+=&Eedz4R<;6 zu#?*lki<22oRB+sxIa7ZIc2Bq_B?6fLdNcWJkzJU{WobH;pU#0JJjvBX>0FQe>yR@ zdh-@8Jihmp)`{+hpXOGJM*Qt@6#CI6xslzftFFBy_i78z^M96mznerH-??k+ph5oP zdQ+;gRo5@iy)&%^MOWLp_qp7vHm?n5i=qGWx{d31t%JIIR_(5MIX7a}GtcM7CEaQl z9Jgrvs);Y{{HS)T3>4O{Jg0EpO#LiK&gH^xBdxr{DR{bja&8c&aHQM1Gbu$H}IYy8P%b! z1=n}C)|0x`S1sPH^`RDF-p9^u-O4SQ(@K`kRoBjGy|abOKgY~%-HXSpv904*{bO!x z&u;v&_!8Vg%#yf=y;>h1=*2?MDf=F=14<)#MM|#s!q#@T`QEKNP@35c<8ki7)^D#$ z_Gw+vt?0u8dQLfF2b|TES7MbveRbX9)A`p(8iyh9v)uS}!1?`JU)nH{8&-_C?&ciY zx)Fcnb-EWE+WJiyW3Pp+M+nfJuy-rz3Rcnmrn&z9K!mQgr&GzAwED=_;gXHx=_6aG zv|==1!}L33D!J!-_N9F3`p2)(;@1!Zz6#pq%h(RQ> zJzG#rev#`Fm*FF!>aX| z77Cn(yS2x)4(jZPUopqJm|NK_bLif#J%7*O7m@CR%H0b(zCZY+wo6B*g<~Ler2K}5sM&u+Goy5;Zl{LsI zg5fnZ&IDfA${LT|RgfRxy(|h)GYna0FhkC9iv^ADi0T$Q#rlhZS#Bop7`1+jB`R05 zgXZ({W-uHs+CKD#80}@qxzM2(ubMg`1Dcr$FbU;rDn}`?)|+6oXFA5zY^FExkDXaC z>yC*S>kE|A)9a`cl#;k(7-&p0eAUmeMe?bY+(Rd~4(wF-U~{`x0*iIIo;C=TH2v4a z-xIZ`vDM8mZiVYOH_7mHY(}vTn+sxn-uX4z@8T?vUUi6-6T$QedVJ&)#Cu)LQ({Z!JcgLKNoGNx!C3U_vw}+|| zlOmdqIQ5z(B}vF7?k%dU-^Xf(aiiCiLz6R|z?BUixv89mDQh96iR933?xbFksIg{P zr6?}PW>^_6X<&L4B`T-)Tbp5(d|T6Kcng(t2JsD6rfw(1AyF)C$#pFeby2%S5gJ&@ zt`=u;S!DR`H8LSu8E*fW25Wj-skvjq=nXQs4PcN~ElN;jb6sy3biw?}RO`*GNDxFE zx@oYchXh@f`2j%B!y_1XX-&ua;i~3xe8tVu7!t#vtEORZ&6SB9G}z+H5*AjF%SO$0 z5h8wx4{GQzB-1dO7kS)_4ncE9uwy?;+*DI1Vs^f8n&=gV1(L(UtRO7Kur#uCh#40( zTa=^p2&NyYh+$sWV2QibWIljpba9$9^a;cnq`mGYg2&yownC@N&nuuFnrZBR|#!zqgRj^&d3sS$Qf0aj299Y+&q(_ezP!w>4$wHnBMPfz`#EeUjrB#K!Fu& zvCkn7!!Z1iA)8IgC(aB@WqgLelZB!xm;0ML#@vc`X|bg7)6M0$MIZAo{03$>BQC;j z&Ja4|3p=N?LH&f3#~pKt)zSxk60`2>v2cn+pxSaBk=4@)stLP@c^dg3jJm{EERBvy z>IWlV$v!8y&YQ7CK#JM2+%T>3xrye2bz)v)ShZ}l?;=;m% z`2jkEUkof%En2xqVjARrjG=xeVmKkEK&IoG(cJkI6++JtQjH_A7z;Sd%`)+oB-_b) z_yXFWnF#b-Zx{ZTVZkNxcbW$48c5qzj%;+scSY_4vm^NOp5daT5NOE8PVbiFyqh!I zXvTc!&u~Im#d;d#@Y~ca8%~HxV`v5^oCf(f%??+OQ7@=$h>&!3jhUnqflbAPS;8KO z(T|oa6H)wk@c?{>h6VF2L*q)}Lcf^_c>`iUCazM=h}S$hgj0i9y%SV?s&*#m_GU@g z@D^ru2s~rPSU`)9J+k>yC(ODr8uiE$3&8E3cs@!uEkXU6z>nH_%_H*mWYB*=!wB z3)oHw6pCqv8|r2v6^&8u!i?ZwcCpdxV9Lg^fxer{?Z%+dSu^V?4bz_GjzVt+TeXf( z%V>~J23_0-G&4asnI++(n!#3WJscAy*q6)be`MCPY_z6HUAoYvv#XO3JVrJ5XJYho zx!0&`C|Av@`$mGU_1G*V&vWOWDfWrs863?R*3QLdBPvi3%sBaCw$WX=FKkpzG()+a z#Zgs;K5>&7V+n`2Q5$e+lZE!^Gh4@Ya;Oq7I$Pa1^zmF61%eyDhS*4BXZA3uN9q>KayMAA z(eKH1XE+{Ty|pw$3JSAK+`KoKDFt_Zpjzc_Wm&u!3(&1W7l)o^CXufUoP!okiO`IG zzRhcvxLmgm6f)Ksj>n~4I}>gQ#vBi`({MakjGaiAKP@TlHolID$IOx}!yz zf_%8uV21m$W<4>24b9*gH(01^AdpPhmCtD%$;bSxX3AApqZGh8?3Uw;sxj)x^=4>@ zYpg~Liyp%ylnHgoYtF(9rE=ZWP(IgOjb)2PZ3vZXpaxSUfXiSdsMvIDY%tUbqb6hj zuBT(G$CK;H9Pd={1H^oy@>PrqgF-lHyymQ~;g*>4MrLrtYS=kfLb($7=DDro*>bY- z4XutL$%Xp}X00>MRE-8l41qbC;tr?TcpNOJLvJ`#$RB48*~sQ*w0Sbc89fEAViy4l zYuepxZqms`Zl!GnC|W}_V+^Nw^Ki%9SpF4k&yu_ATyzHx$6^jhq>4p729#Oe5_V8L z0<=;ye9mCZ+MqYd=w;h9b`8p*9eyF4wP(ta5ZKTa87*ulMPplX43%Yox^43n@~FlP zhA|rsNL6FHVNKW_2irDS<^HI_R)sIBo0%Y3%uJ9gF_)#(dOEHe%@gOD9SrA>+8*<7 zpr5-rW`qPLm;vI)HrPUwwdJ_f6VnF=H(5G5n)SzJjSC?zSkq642z@sOh>yb12gzG( zU2CS1KhB-_V^n=~lDI3TV`0|R0N-}?i6Ag5jpNS@vmSWnyzG1sMF!#Az_krp$2<`j z#-%~DhwFABbF?N2o>9Y!i3Bhbj({)IJ=gEd2?tmBGQ!7uR5*a~b+bf8hBmV=#bS=v z4EHdYk>zfzH>ZYXVYrrO_yKjB_SV!h1dh`IC=$ta{85`^Fl#GU5p8Bk$egrxnb5X5GJuy^(m`Csdk{m?n4GA? zcCpqY6FFPdgt5lLjw^M>q<{fiL=rU{GaXJFj4y$1n~q;SZKGeCWFEaE_su6>JPJ2wpg!S3>tep%$51TJb+uUC^DCD@u zjGC=$I)Tv{Y+;QUY~fRHn#fT?+j!_~C;BCZ<{gfQ&UT_XE1Sy^5!lp;_EC3NTnxQ) zwh<#7pIj^=$XjQQzUaM4*3u_lAT@<^7KZF0 zX7%Ai@xs7loA#8_JFXbxpu=WuV)}k|@S+G?#K0MzkLGMPA1udgK2G5}n|7acg0WyW z9}6g#?V8X^+^AtUWU4b}1qzH&onXen?8?wP7v78#h!@B3L&(D@ft>UiQ=>*0p}`gb z2~B$d{3G~Gyto_}88$+SI^*Lc$(<3KgbN!f2h4C0{Lvle=$sQzW7Ct}%vhv&fSTPT zG7*A0nr5eyt9vJGM)5%ROnG0!(&Jj2@nGQ7FsB$bR>{x;De>bS!R|Dt7{szhljG# z(om`G&Jiba*iBtW=R{E&4hPI`F+wH`Q$fDPjH{m4?-?|0**ZZr5w|6;CgyiKn)DnW zCzajDn3kqvVnpMP31>6Te6F?`3BXA_=9uum?3$3-IvOFokxvlD%m>;sM2K9C#SE9% zjQK)P) zmW0D5gRPp?lW^L~Zc_YrS)hc@+wDZwHnSx5G7}Z8ha5kViRB^AFT+`bUr!Y7=b<{&6kaNO9cF#%o(g^2YKVy))+NMDyE=48Sa5 zmODC)@`%UB$ag|83`44u*VbSGP|SSfu*AT+0unO%pQ!F;J+bCuo(}&oYBkyJj6A4g z9h&x7;imS$KcOjXfQZiv<1$3Eo|7)3+bv(HkmoOMZ#`k~oZfVFnt~)aGJ_FUR@@-c z&QLniu4#5MIi#IIKf*4w*U3?)$oGlW;5nC|8h!Sp|2{03s0E~##xEuk{U9h14F=`Vc z1bV>~7X{rHH??8wJ$2N=1Hz&{-$T203saK|t!qvWi`vIo?9gF%cNGeAyw z$7hK_(a)7O+c7bQH?Ubs@!=}7Zi>>S1!RLb7^AV{3^aU^BQGO?Bqv9V3t*mRvzvu< zlCh~FS8QV!1c@2U^;2Nx(1Z9x6GcpWByr13L^q4LI^*R>?T+1=G-z&U0wek^)1YEY zeDMYru6$-B5NC#+vHnYgCf5eeN|TL39GJ2C3(OpA0yEd=f$0Z-7;9#;fP`3~LnmNQ z#xucT5bsDdBjzQf(q)%X7c>}Hls-T<3zcKl6qtVhB5II>$hbk=E4CBNHB-){Ndcwc z-^|1wy;0C4z##mCXo|QK>{GMu#I4#sx&(WdB9DnqNPpZQai(S_c$LkPAh*n5xIS;N zg~zcOTQF;KP8eB=bTwi@PL)k3L~OF7evN9V7D$wh&QHQNp=p!pOD-h&}U$`#WIABQtA{V-C~dQ#VHJ0wiJ z#*zTZEV1xv`VjfkV3{gS;*RA?g@JM1(!fl#C{iQqwDr0xdn99{2SvVseH3pytl0QW z1&E0SkgA4#BXc5;ff&WcrBML?<}M=zjY~s@5-y86reSQR1-ut#jj<98vD!>bxF0xdjp+j& z+_p!W1ye9w4{O25n_f|*JHpDCFZqy=HEcSjf7z)`q8Im%;5XCgXysQ zog1fSfHJ<36g~(lFf2X1SoU3BUqo z-4aBF7?V+Mq1rw;-_*fm^goiiSacCTY3Kt2Hdw&iF|$K%7#M;mV%4CZ6E=f>jQH$2 z$ue=#iR2*f{GoMRXY96Q+nZZrz|6f`U?w02n2AV%wUB)(UM^hIenJ_nK~6?glgz=` z6GeOKL?`By0>)_)M*)j`vQRBR>i~oy8u3lmhc0a=928SG)&Cp25B)gyILly+fRh9d z%wKk7rZR#)=5$2SP$DYFp^1UXC7rk&C#kl*u2g#styxk~#I(b$7(=w2pc@^5E{y*I zH=*H@B!Y-eqi2DB7T%1IsC6?Fu1&;z1Vzp*z8&M6%UAKli~3cwX5@0iKH4+|{FKH! zff*H_IZ}?xW^o^!QR&e8W>=7JERMND90G>zarR?Kr zNP1+JQ*^?ZW`LzuYKFDJo#KMznTVr)Fe%MVdtlaR-~y+yYKU`F&JsD#@ro*Yh=N-=f_2%n4Bm@^tfNWjeACijF>^f1!8 zb}`~|DkD+J<4`fwbQ8-aSte>#x67Z=N-TyrM~Qa^mr9Ii!@p#ghIKUov1`*}9zH*tPa&R!uUEG!hnDFw=P3 z6P{~3Cd$xY0VTq0U9L(RK7s`mA2Y*&Onw5)Icr>URcbvQclnJPTbBb!OP~bZ#heqT zwK1{9jx@`(9$^Nzi3nb{E@w*yh3gS!1fkkpg{){|#j>1S;Eh=}K2CG^g*H&AnXOCG z9z(%6tPH`e=M0L#Ps@V{vNi1yLY%UPE?*wEB8-rdl*0!7=rsn_m`i5HuojCM{gh~y zsB?r=<=vS3P@>{^SujbMsc8fGWnm^4ICZ(=8|f_s(5?p=`t5AAu#93SN?9z^IP@__ z3n!m$?Y$)MTo01T#b|IRkxB8G>NP)o@*764U^B*^!XaTOox~YNUj%W+n}MIf=<{W` zvkp^qsFaOMDv5YUlsV#x@lGZT<5=WUp3$C|wb7mkDsJK_J)jC)FhzIMU!eu=gT%(DR zjk%EBrSuOnkSS)y$f#^VUyh@$7+YvoW(A4mGgu%mnk`3`AG6fR01M-~R@^ay+6=lW z48rS1grFEJnK1vLjAx`Wnupy42v$QMoO8uYk|PVlILpL>n7YIVH%(5YG9+VknKBM{ zgF=pP;|5_pMgq&t_@++igDdprNPzq5)i@7>oHE7{W*FzR5TRc(Uc>_=(TRbfV;iMN zuJDBR8d90~)L6fO_D!-q-Q5a#X@r=3Q6*DQ6O1w^C zFsW1q2+xj2DABFawgaao>liTeQ3|5BjH?0|3Q%(&+i+B3F8cuEB%@LAYbPx@@|cAu v^_)6&%G@JQ<=Zv{B=?-M$MMI1O+Itu-h807y%+bvD?K;cZ2Q?e^!)z-O_ds@ diff --git a/security/certora/scripts/run-all-execution.sh b/security/certora/scripts/run-all-execution.sh new file mode 100644 index 0000000..bdcf436 --- /dev/null +++ b/security/certora/scripts/run-all-execution.sh @@ -0,0 +1,136 @@ +#CMN="--compilation_steps_only" + + + + +echo "******** Running: execution 0 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule payload_maximal_access_level_gt_action_access_level state_cant_decrease no_transition_beyond_state_gt_3 no_transition_beyond_state_variable_gt_3 no_queue_after_expiration empty_actions_if_out_of_bound_payload expirationTime_equal_to_createAt_plus_EXPIRATION_DELAY empty_actions_iff_uninitialized null_access_level_if_out_of_bound_payload null_creator_and_zero_expiration_time_if_out_of_bound_payload empty_actions_only_if_uninitialized_payload executor_access_level_within_range consecutiveIDs empty_actions_if_uninitialized_payload queued_before_expiration_delay payload_grace_period_eq_global_grace_period null_access_level_only_if_out_of_bound_payload null_state_variable_if_out_of_bound_payload created_in_the_past queued_after_created executed_after_queue queuedAt_is_zero_before_queued no_early_cancellation execute_before_delay__maximumAccessLevelRequired action_immutable_fixed_size_fields initialized_payload_fields_are_immutable payload_fields_immutable_after_createPayload method_reachability \ + --msg "execution 0 " + + + +echo "******** Running: execution 1 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule executor_exists_if_action_not_null \ + --msg "execution 1 " + + +echo "******** Running: execution 2 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule executor_exists_only_if_action_not_null \ + --msg "execution 2 " + + +echo "******** Running: execution 3 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule payload_delay_within_range \ + --msg "execution 3 " + + +echo "******** Running: execution 4 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule delay_of_executor_of_max_access_level_within_range \ + --msg "execution 4 " + + +echo "******** Running: execution 5 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule nonempty_actions \ + --msg "execution 5 " + + +echo "******** Running: execution 6 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule executor_exists_iff_action_not_null \ + --msg "execution 6 " + + +echo "******** Running: execution 7 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule null_access_level_iff_state_is_none \ + --msg "execution 7" + + +echo "******** Running: execution 8 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule executor_of_maximumAccessLevelRequired_exists \ + --msg "execution 8 " + + +echo "******** Running: execution 9 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule executor_of_maximumAccessLevelRequired_exists_after_createPayload \ + --msg "execution 9 " + + +echo "******** Running: execution 10 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule action_access_level_isnt_null_after_createPayload \ + --msg "execution 10 " + + +echo "******** Running: execution 11 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule executor_exists_after_createPayload \ + --msg "execution 11 " + + +echo "******** Running: execution 12 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule action_callData_immutable \ + --msg "execution 12 " + + +echo "******** Running: execution 13 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule action_signature_immutable \ + --msg "execution 13 " + + +echo "******** Running: execution 14 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule action_immutable_check_only_fixed_size_fields \ + --msg "execution 14 " + + +echo "******** Running: execution 15 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule zero_executedAt_if_not_executed \ + --msg "execution 15 " + + +echo "******** Running: execution16: ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule executor_isnt_used_twice executor_of_level_null_is_zero \ + --msg "execution 16 " + +echo "******** Running: execution 17 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule executed_after_queue_state_variable zero_executedAt_if_not_executed_state_variable \ + --msg "execution 17 " + + +echo "******** Running: execution 18 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule queuedAt_is_zero_before_queued_state_variable executedAt_is_zero_before_executed_state_variable null_state_equivalence \ + --msg "execution 18 " + + +echo "******** Running: execution 19 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule executedAt_is_zero_before_executed \ + --msg "execution 19 " + + +echo "******** Running: execution 20 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule executed_when_in_queued_state executed_when_in_queued_state_variable guardian_can_cancel no_late_cancel state_variable_cant_decrease \ + --msg "execution 20 " + + +echo "******** Running: execution 21 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule checkUpdateExecutors checkUpdateExecutors_witness_1 checkUpdateExecutors_witness_2 checkUpdateExecutors_witness_3 checkUpdateExecutors_witness_4 \ + --msg "execution 21 " + + +echo "******** Running: execution 22 ***************" +certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule payload_state_transition_post_state payload_state_transition_pre_state \ + --msg "execution 22 " + + +# certoraRun $CMN security/certora/confs/payloads/verifyPayloadsController.conf --rule executor_exists + + + + + + + + + + + + + + + diff --git a/security/certora/scripts/run-all-mainnet.sh b/security/certora/scripts/run-all-mainnet.sh new file mode 100644 index 0000000..1167f27 --- /dev/null +++ b/security/certora/scripts/run-all-mainnet.sh @@ -0,0 +1,122 @@ +#CMN="--compilation_steps_only" + + + +echo "******** Running: mainnet 1 ***************" +certoraRun $CMN security/certora/confs/verifyVotingStrategy_unittests.conf \ + --msg "mainnet 1 " + +echo "******** Running: mainnet 2 ***************" +certoraRun $CMN security/certora/confs/verifyGovernancePowerStrategy.conf --rule delegatePowerCompliance \ + --msg "mainnet 2 " + + +echo "******** Running: mainnet 3 ***************" +certoraRun $CMN security/certora/confs/verifyGovernancePowerStrategy.conf --rule transferPowerCompliance \ + --msg "mainnet 3 " + + +echo "******** Running: mainnet 4 ***************" +certoraRun $CMN security/certora/confs/verifyGovernancePowerStrategy.conf --rule powerlessCompliance method_reachability \ + --msg "mainnet 4 " + + +echo "******** Running: mainnet 5 ***************" +certoraRun $CMN security/certora/confs/verifyGovernance.conf --rule cancellationFeeZeroForFutureProposals null_state_variable_iff_null_access_level zero_voting_portal_iff_uninitialized_proposal \ + --msg "mainnet 5 " + + +echo "******** Running: mainnet 6 ***************" +certoraRun $CMN security/certora/confs/verifyGovernance.conf --rule no_self_representative no_representative_is_zero consecutiveIDs totalCancellationFeeEqualETHBalance zero_address_is_not_a_valid_voting_portal \ + --msg "mainnet 6 " + + +echo "******** Running: mainnet 7 ***************" +certoraRun $CMN security/certora/confs/verifyGovernance.conf --rule no_representative_is_zero_2 no_representative_of_zero \ + --msg "mainnet 7 " + + +echo "******** Running: mainnet 8 ***************" +certoraRun $CMN security/certora/confs/verifyGovernance.conf --rule state_changing_function_self_check state_variable_changing_function_self_check method_reachability userFeeDidntChangeImplyNativeBalanceDidntDecrease \ + --msg "mainnet 8 " + + +echo "******** Running: mainnet 9 ***************" +certoraRun $CMN security/certora/confs/verifyGovernance.conf --rule check_new_representative_set_size_after_updateRepresentatives check_old_representative_set_size_after_updateRepresentatives \ + --msg "mainnet 9 " + + +echo "******** Running: mainnet 10 ***************" +certoraRun $CMN security/certora/confs/verifyGovernance.conf --rule at_least_single_payload_active empty_payloads_iff_uninitialized_proposal \ + --msg "mainnet 10 " + + +echo "******** Running: mainnet 11 ***************" +certoraRun $CMN security/certora/confs/verifyGovernance.conf --rule null_state_iff_uninitialized_proposal setInvariant addressSetInvariant \ + --msg "mainnet 11 " + + +echo "******** Running: mainnet 12 ***************" +certoraRun $CMN security/certora/confs/verifyGovernance.conf --rule state_changing_function_cannot_be_called_while_in_terminal_state proposal_executes_after_cooldown_period \ + --msg "mainnet 12 " + + +echo "******** Running: mainnet 13 ***************" +certoraRun $CMN security/certora/confs/verifyGovernance.conf --rule only_valid_voting_portal_can_queue_proposal immutable_after_activation immutable_after_creation only_guardian_can_cancel guardian_can_cancel \ + --msg "mainnet 13 " + + +echo "******** Running: mainnet 14 ***************" +certoraRun $CMN security/certora/confs/verifyGovernance.conf --rule cannot_queue_when_voting_portal_unapproved only_owner_can_set_voting_config_witness only_owner_can_set_voting_config single_state_transition_per_block_non_creator_witness \ + --msg "mainnet 14 " + + +echo "******** Running: mainnet 15 ***************" +certoraRun $CMN security/certora/confs/verifyGovernance.conf --rule single_state_transition_per_block_non_creator_non_guardian state_cant_decrease no_state_transitions_beyond_3 immutable_voting_portal \ + --msg "mainnet 15 " + + +echo "******** Running: mainnet 16 ***************" +certoraRun $CMN security/certora/confs/verifyGovernance.conf --rule proposal_after_voting_portal_invalidate insufficient_proposition_power insufficient_proposition_power_witness_state_is_failed insufficient_proposition_power_witness_state_is_cancelled insufficient_proposition_power_witness_time_elapsed \ + --msg "mainnet 16 " + + +echo "******** Running: mainnet 17 ***************" +certoraRun $CMN security/certora/confs/verifyGovernance.conf --rule creator_is_not_zero creator_of_initialized_proposal_is_not_zero null_state_equivalence \ + --msg "mainnet 17 " + + +echo "******** Running: mainnet 18 ***************" +certoraRun $CMN security/certora/confs/verifyGovernance.conf --rule insufficient_proposition_power_witness_time_elapsed \ + --msg "mainnet 18 " + + +echo "******** Running: mainnet 19 ***************" +certoraRun $CMN security/certora/confs/verifyGovernance.conf --rule immutable_after_creation_witness_creator immutable_after_creation_witness_voting_portal \ + --msg "mainnet 19 " + + +echo "******** Running: mainnet 20 ***************" +certoraRun $CMN security/certora/confs/verifyGovernance.conf --rule immutable_after_creation_witness_access_level immutable_after_creation_witness_creation_time immutable_after_creation_witness_ipfs_hash \ + --msg "mainnet 20 " + + +echo "******** Running: mainnet 21 ***************" +certoraRun $CMN security/certora/confs/verifyGovernance.conf --rule immutable_after_creation_witness_payload_length immutable_after_activation_witness only_state_changing_function_initiate_transitions__pre_state \ + --msg "mainnet 21 " + + +echo "******** Running: mainnet 22 ***************" +certoraRun $CMN security/certora/confs/verifyGovernance.conf --rule only_state_changing_function_initiate_transitions__post_state \ + --msg "mainnet 22 " + + +echo "******** Running: mainnet 23 ***************" +certoraRun $CMN security/certora/confs/verifyGovernance.conf --rule check_new_representative_set_size_after_updateRepresentatives_witness_antecedent_first check_new_representative_set_size_after_updateRepresentatives_witness_antecedent_second check_new_representative_set_size_after_updateRepresentatives_witness_consequent_first check_new_representative_set_size_after_updateRepresentatives_witness_consequent_second \ + --msg "mainnet 23 " + + +echo "******** Running: mainnet 24 ***************" +certoraRun $CMN security/certora/confs/verifyGovernance.conf --rule proposal_voting_duration_lt_expiration_time config_voting_duration_lt_expiration_time proposal_state_transition_post_state proposal_state_transition_pre_state \ + --msg "mainnet 24 " + diff --git a/security/certora/scripts/run-all-voting.sh b/security/certora/scripts/run-all-voting.sh new file mode 100644 index 0000000..961a60c --- /dev/null +++ b/security/certora/scripts/run-all-voting.sh @@ -0,0 +1,209 @@ +#CMN="--compilation_steps_only" + + + +echo "******** Running: voting:1 ***************" +certoraRun $CMN security/certora/confs/voting/verifyLegality.conf \ + --rule createdVoteHasNonZeroHash \ + --msg "voting 1: " + +echo "******** Running: voting:2 ***************" +certoraRun $CMN security/certora/confs/voting/verifyLegality.conf \ + --rule votedPowerIsImmutable \ + --msg "voting 2: " + +echo "******** Running: voting:3 ***************" +certoraRun $CMN security/certora/confs/voting/verifyLegality.conf \ + --rule onlyValidProposalCanChangeTally \ + --msg "voting 3: " + + +echo "******** Running: voting:4 ***************" +certoraRun $CMN security/certora/confs/voting/verifyLegality.conf \ + --rule legalVote \ + --msg "voting 4: " + + +echo "******** Running: voting:5 ***************" +certoraRun $CMN security/certora/confs/voting/verifyLegality.conf \ + --rule method_reachability \ + --msg "voting 5: " + + +echo "******** Running: voting:6 ***************" +certoraRun $CMN security/certora/confs/voting/verifyMisc.conf \ + --msg "voting 6: " + + +#TODO: uncomment with certora-cli version 6.0 or higher +echo "******** Running: voting:7 ***************" +certoraRun $CMN security/certora/confs/voting/verifyPower_summary.conf \ + --rule onlyThreeTokens \ + --msg "voting 7: " + +echo "******** Running: voting:8 ***************" +certoraRun $CMN security/certora/confs/voting/verifyPower_summary.conf \ + --rule method_reachability \ + --msg "voting 8: " + + +echo "******** Running: voting:9 ***************" +certoraRun $CMN security/certora/confs/voting/verifyProposal_config.conf \ + --rule startedProposalHasConfig \ + --msg "voting 9: " + +echo "******** Running: voting:10 ***************" +certoraRun $CMN security/certora/confs/voting/verifyProposal_config.conf \ + --rule createdProposalHasRoots \ + --msg "voting 10: " + + +echo "******** Running: voting:11 ***************" +certoraRun $CMN security/certora/confs/voting/verifyProposal_config.conf \ + --rule proposalHasNonzeroDuration newProposalUnusedId configIsImmutable \ + --msg "voting 11: " + + +echo "******** Running: voting:12 ***************" +certoraRun $CMN security/certora/confs/voting/verifyProposal_config.conf \ + --rule getProposalsConfigsDoesntRevert \ + --msg "voting 12: " + + +echo "******** Running: voting:13 ***************" +certoraRun $CMN security/certora/confs/voting/verifyProposal_config.conf \ + --rule method_reachability \ + --msg "voting 13: " + + +echo "******** Running: voting:14 ***************" +certoraRun $CMN security/certora/confs/voting/verifyProposal_states.conf \ + --rule startsBeforeEnds \ + --msg "voting 14: " + + +echo "******** Running: voting:15 ***************" +certoraRun $CMN security/certora/confs/voting/verifyProposal_states.conf \ + --rule startsStrictlyBeforeEnds \ + --msg "voting 15: " + + +echo "******** Running: voting:16 ***************" +certoraRun $CMN security/certora/confs/voting/verifyProposal_states.conf \ + --rule proposalLegalStates \ + --msg "voting 16: " + + +echo "******** Running: voting:17 ***************" +certoraRun $CMN security/certora/confs/voting/verifyProposal_states.conf \ + --rule proposalMethodStateTransitionCompliance \ + --msg "voting 17: " + + +echo "******** Running: voting:18 ***************" +certoraRun $CMN security/certora/confs/voting/verifyProposal_states.conf \ + --rule proposalTimeStateTransitionCompliance \ + --msg "voting 18: " + + +echo "******** Running: voting:19 ***************" +certoraRun $CMN security/certora/confs/voting/verifyProposal_states.conf \ + --rule proposalIdIsImmutable \ + --msg "voting 19: " + + +echo "******** Running: voting:20 ***************" +certoraRun $CMN security/certora/confs/voting/verifyProposal_states.conf \ + --rule proposalImmutability \ + --msg "voting 20: " + + +echo "******** Running: voting:21 ***************" +certoraRun $CMN security/certora/confs/voting/verifyProposal_states.conf \ + --rule startedProposalHasConfig \ + --msg "voting 21: " + + +echo "******** Running: voting:22 ***************" +certoraRun $CMN security/certora/confs/voting/verifyProposal_states.conf \ + --rule proposalHasNonzeroDuration method_reachability \ + --msg "voting 22: " + + +echo "******** Running: voting:23 ***************" +certoraRun $CMN security/certora/confs/voting/verifyVoting_and_tally.conf \ + --rule votingPowerGhostIsVotingPower \ + --msg "voting 23: " + + +echo "******** Running: voting:24 ***************" +certoraRun $CMN security/certora/confs/voting/verifyVoting_and_tally.conf \ + --rule sumOfVotes \ + --msg "voting 24: " + + +echo "******** Running: voting:25 ***************" +certoraRun $CMN security/certora/confs/voting/verifyVoting_and_tally.conf \ + --rule voteTallyChangedOnlyByVoting \ + --msg "voting 25: " + + +echo "******** Running: voting:26 ***************" +certoraRun $CMN security/certora/confs/voting/verifyVoting_and_tally.conf \ + --rule voteUpdatesTally \ + --msg "voting 26: " + + +echo "******** Running: voting:27 ***************" +certoraRun $CMN security/certora/confs/voting/verifyVoting_and_tally.conf \ + --rule onlyVoteCanChangeResult \ + --msg "voting 27: " + + +echo "******** Running: voting:28 ***************" +certoraRun $CMN security/certora/confs/voting/verifyVoting_and_tally.conf \ + --rule votingTallyCanOnlyIncrease \ + --msg "voting 28: " + + +echo "******** Running: voting:29 ***************" +certoraRun $CMN security/certora/confs/voting/verifyVoting_and_tally.conf \ + --rule strangerVoteUnchanged \ + --msg "voting 29: " + + +echo "******** Running: voting:30 ***************" +certoraRun $CMN security/certora/confs/voting/verifyVoting_and_tally.conf \ + --rule otherProposalUnchanged \ + --msg "voting 30: " + + +echo "******** Running: voting:31 ***************" +certoraRun $CMN security/certora/confs/voting/verifyVoting_and_tally.conf \ + --rule otherVoterUntouched \ + --msg "voting 31: " + + +echo "******** Running: voting:32 ***************" +certoraRun $CMN security/certora/confs/voting/verifyVoting_and_tally.conf \ + --rule cannot_vote_twice_with_submitVote_and_submitVoteAsRepresentative \ + --msg "voting 32: " + + +echo "******** Running: voting:33 ***************" +certoraRun $CMN security/certora/confs/voting/verifyVoting_and_tally.conf \ + --rule cannot_vote_twice_with_submitVoteAsRepresentative_and_submitVote \ + --msg "voting 33: " + + +echo "******** Running: voting:34 ***************" +certoraRun $CMN security/certora/confs/voting/verifyVoting_and_tally.conf \ + --rule cannot_vote_twice_with_submitVoteSingleProofAsRepresentative_and_submitVote \ + --msg "voting 34: " + + +echo "******** Running: voting:35 ***************" +certoraRun $CMN security/certora/confs/voting/verifyVoting_and_tally.conf \ + --rule method_reachability \ + --msg "voting 35: " + diff --git a/security/certora/specs/Governance.spec b/security/certora/specs/Governance.spec index 5a9b2ae..84efd78 100644 --- a/security/certora/specs/Governance.spec +++ b/security/certora/specs/Governance.spec @@ -2,7 +2,7 @@ import "votersRepresentedAddressSet.spec"; using GovernancePowerStrategy as _GovernancePowerStrategy; -using VotingPortal as _VotingPortal; +//using VotingPortal as _VotingPortal; methods { @@ -19,8 +19,11 @@ methods { function _GovernancePowerStrategy._getFullPowerByType(address user,IGovernancePowerDelegationToken.GovernancePowerType type) internal returns (uint256) with (env e) => get_fixed_user_and_type_power(e, user, type); - // forwardMessage() sends a payload to execution chain, called by executeProposal() - // forwardMessage() is verified at Delivery Infrastructure::CrossChainForwarder-simpleRules.spec + + // We abstract function + // CrossChainForwarder.forwardMessage(uint256 destinationChainId, address destination, uint256 gasLimit, bytes memory message) external returns (bytes32, bytes32)`. + // We replace the function with no-op and we allow it to return arbitrary values. + // The function sends payloads to the execution chain, it's called by executeProposal() function _.forwardMessage(uint256,address,uint256,bytes) external => NONDET; @@ -31,6 +34,7 @@ methods { function PRECISION_DIVIDER() external returns (uint256) envfree; function ACHIEVABLE_VOTING_PARTICIPATION() external returns (uint256) envfree; function COOLDOWN_PERIOD() external returns (uint256) envfree; + function PROPOSAL_EXPIRATION_TIME() external returns (uint256) envfree; function getProposalsCount() external returns (uint256) envfree; function getVotingPortalsCount() external returns (uint256) envfree; function isVotingPortalApproved(address) external returns (bool) envfree; @@ -51,7 +55,6 @@ methods { function getProposalVotingActivationTime(uint256) external returns (uint40) envfree; function getProposalSnapshotBlockHash(uint256) external returns (bytes32) envfree; function getProposalCancellationFee(uint256) external returns (uint256) envfree; - function getProposalCount() external returns (uint256) envfree; function getPayloadChain(uint256, uint256) external returns (uint256) envfree; function getPayloadAccessLevel(uint256,uint256) external returns (PayloadsControllerUtils.AccessControl) envfree; function getPayloadPayloadsController(uint256,uint256) external returns (address) envfree; @@ -59,20 +62,20 @@ methods { function isRepresentativeOfVoter(address,address,uint256) external returns (bool) envfree; } -ghost mapping(uint256 => mapping(address => mapping(IGovernancePowerDelegationToken.GovernancePowerType => uint256))) user_type_power; +persistent ghost mapping(uint256 => mapping(address => mapping(IGovernancePowerDelegationToken.GovernancePowerType => uint256))) user_type_power; function get_fixed_user_and_type_power(env e, address user, IGovernancePowerDelegationToken.GovernancePowerType type) returns uint256{ return user_type_power[e.block.timestamp][user][type]; } -ghost mathint totalCancellationFee{ +persistent ghost mathint totalCancellationFee{ init_state axiom totalCancellationFee == 0; } -ghost bool isCancellationChanged; +persistent ghost bool isCancellationChanged; hook Sstore _proposals[KEY uint256 proposalId].cancellationFee uint256 newFee - (uint256 oldFee) STORAGE + (uint256 oldFee) { if (newFee != oldFee){ isCancellationChanged = true; @@ -88,17 +91,16 @@ use invariant array_out_of_bound_entries_are_zero; use rule set_size_eq_max_uint160_witness; // State changing methods -definition state_advancing_function(method f) returns bool = +definition state_changing_function(method f) returns bool = f.selector == sig:createProposal(PayloadsControllerUtils.Payload[],address,bytes32).selector || f.selector == sig:activateVoting(uint256).selector || f.selector == sig:queueProposal(uint256,uint128,uint128).selector || - f.selector == sig:executeProposal(uint256).selector; - -definition state_changing_function(method f) returns bool = - state_advancing_function(f) || f.selector == sig:cancelProposal(uint256).selector; + f.selector == sig:executeProposal(uint256).selector || + f.selector == sig:cancelProposal(uint256).selector; definition initializeSig(method f) returns bool = - f.selector == sig:initialize(address,address,address, IGovernanceCore.SetVotingConfigInput[],address[],uint256,uint256).selector; + f.selector == sig:initialize(address,address,address, IGovernanceCore.SetVotingConfigInput[],address[],uint256,uint256).selector + || f.selector == sig:initializeWithRevision(uint256).selector; definition initializeWithRevisionSig(method f) returns bool = f.selector == sig:initializeWithRevision(uint256).selector; @@ -114,16 +116,25 @@ function getMinPropositionPower(IGovernanceCore.VotingConfig votingConfig) retur return votingConfig.minPropositionPower; } +function getConfigDuration(PayloadsControllerUtils.AccessControl accessLevel) returns uint24{ + IGovernanceCore.VotingConfig config = getVotingConfig(accessLevel); + return config.votingDuration; +} +function getPropsalConfigDuration(uint256 proposalId) returns uint24{ + IGovernanceCore.VotingConfig config = getVotingConfig(getProposalAccessLevel(proposalId)); + return config.votingDuration; +} // // from properties.md // -// @title Property #1: Proposal IDs are consecutive and incremental. +// @title Property #1: Proposal IDs are consecutive and incremental. // Proposal ID increments by 1 iff createProposal was called rule consecutiveIDs(method f) filtered -{ f -> f.selector != sig:createProposal(PayloadsControllerUtils.Payload[],address,bytes32).selector } +{ f -> f.selector != sig:createProposal(PayloadsControllerUtils.Payload[],address,bytes32).selector + && !f.isView} { env e1; env e2; env e3; @@ -138,81 +149,27 @@ rule consecutiveIDs(method f) filtered // @title Property #2: Every proposal should contain at least one payload. // For initialized property, the proposal list is not empty -invariant at_least_single_payload_active (env e, uint256 proposalId) - getProposalState(e, proposalId) != IGovernanceCore.State.Null - => getPayloadLength(proposalId) > 0 - { - preserved{ - requireInvariant empty_payloads_if_uninitialized_proposal(proposalId); - } - } -// Same property just referring directly to the storage -invariant at_least_single_payload_active_variable (uint256 proposalId) - getProposalStateVariable(proposalId) != IGovernanceCore.State.Null => getPayloadLength(proposalId) > 0 - { - preserved{ - requireInvariant empty_payloads_if_uninitialized_proposal(proposalId); - } - } - - -// -// Helper invariants -// - -// Address zero cannot be a creator of a proposal -invariant creator_is_not_zero(uint256 proposalId) - getProposalStateVariable(proposalId) != IGovernanceCore.State.Null => getProposalCreator(proposalId) != 0 - { - preserved with (env e) - {require e.msg.sender != 0;} - } - -invariant creator_is_not_zero_2(uint256 proposalId) - proposalId < getProposalsCount() => getProposalCreator(proposalId) != 0 - { - preserved with (env e) - {require e.msg.sender != 0;} - } - -// Uninitialized proposals has no payloads -invariant empty_payloads_iff_uninitialized_proposal(uint256 proposalId) - proposalId >= getProposalsCount() <=> getPayloadLength(proposalId) == 0; - -invariant empty_payloads_if_uninitialized_proposal(uint256 proposalId) - proposalId >= getProposalsCount() => getPayloadLength(proposalId) == 0; - -// A proposal is uninitialized iff its state is Null -invariant null_state_iff_uninitialized_proposal(env e, uint256 proposalId) - proposalId >= getProposalsCount() <=> getProposalState(e, proposalId) == IGovernanceCore.State.Null; - - -invariant null_state_variable_iff_uninitialized_proposal(uint256 proposalId) - proposalId >= getProposalsCount() <=> getProposalStateVariable(proposalId) == IGovernanceCore.State.Null; - -invariant null_state_if_uninitialized_proposal(env e, uint256 proposalId) - proposalId >= getProposalsCount() => getProposalState(e, proposalId) == IGovernanceCore.State.Null; - -invariant null_state_variable_if_uninitialized_proposal(uint256 proposalId) - proposalId >= getProposalsCount() => getProposalStateVariable(proposalId) == IGovernanceCore.State.Null; - -invariant null_state_only_if_uninitialized_proposal(env e, uint256 proposalId) - getProposalState(e, proposalId) == IGovernanceCore.State.Null => proposalId >= getProposalsCount(); - -invariant null_state_variable_only_if_uninitialized_proposal(uint256 proposalId) - getProposalStateVariable(proposalId) == IGovernanceCore.State.Null => proposalId >= getProposalsCount(); - +rule at_least_single_payload_active(method f)filtered { f-> !f.isView } +{ + env e1; env e2; env e3; + calldataarg args; + uint256 proposalId; + + requireInvariant empty_payloads_iff_uninitialized_proposal(proposalId); + require getProposalState(e1, proposalId) != IGovernanceCore.State.Null => getPayloadLength(proposalId) > 0; + f(e2, args); + assert getProposalState(e3, proposalId) != IGovernanceCore.State.Null => getPayloadLength(proposalId) > 0; +} // @title Property #3: If a voting portal gets invalidated during the proposal life cycle, // the proposal should not transition to any state apart from Cancelled, Expired, and Failed. // Note: if voting power decreases after queuing the proposal can still be executed. -rule proposal_after_voting_portal_invalidate{ +rule proposal_after_voting_portal_invalidate(method f) filtered { f-> !f.isView }{ env e1; env e2; env e3; calldataarg args; - method f; uint256 proposalId; require e1.block.timestamp <= e3.block.timestamp; @@ -225,34 +182,41 @@ rule proposal_after_voting_portal_invalidate{ IGovernanceCore.State state_after = getProposalState(e3, proposalId); assert !voting_portal_approved_after => (state_before != state_after => isTerminalState(state_after)); + + // An equivalent property: if a proposal state changes to a non-terminal state then its voting portal is approved + //(state_before != state_after && !isTerminalState(state_after)) => voting_portal_approved_after } - - // @title Property #4: If the proposer's proposition power goes below the minimum required threshold, the proposal -// should not go to any state apart from Failed or Canceled. -rule insufficient_proposition_power(method f) filtered { f -> !f.isView}{ - env e; +// should not go to any state apart from Failed or Cancelled at the same block. +// If time has elapsed state could become Expired. +rule insufficient_proposition_power(method f) filtered {f -> !f.isView} +{ + env e1; env e2; env e3; calldataarg args; uint256 proposalId; - IGovernanceCore.State state1 = getProposalState(e, proposalId); - f(e, args); - IGovernanceCore.State state2 = getProposalState(e, proposalId); - - mathint creator_power = _GovernancePowerStrategy.getFullPropositionPower(e,getProposalCreator(proposalId)); + require e1.block.timestamp <= e2.block.timestamp && e2.block.timestamp <= e3.block.timestamp; + + IGovernanceCore.State state1 = getProposalState(e1, proposalId); + f(e2, args); + IGovernanceCore.State state2 = getProposalState(e3, proposalId); + mathint creator_power = _GovernancePowerStrategy.getFullPropositionPower(e2,getProposalCreator(proposalId)); mathint voting_config_min_power = getMinPropositionPower(getVotingConfig(getProposalAccessLevel(proposalId))) * PRECISION_DIVIDER(); //uint56 - require state1 != state2; - require creator_power <= voting_config_min_power; - assert state2 == IGovernanceCore.State.Cancelled || state2 == IGovernanceCore.State.Failed; + bool belowThreshold = (state1 != state2 && creator_power <= voting_config_min_power ); + + assert belowThreshold && e1.block.timestamp == e3.block.timestamp => + state2 == IGovernanceCore.State.Cancelled || state2 == IGovernanceCore.State.Failed; + + assert belowThreshold => + state2 == IGovernanceCore.State.Cancelled || state2 == IGovernanceCore.State.Failed || state2 == IGovernanceCore.State.Expired; } -//pass -rule insufficient_proposition_power_allow_time_elapse(method f) filtered { f -> !f.isView} -{ +//witness 1 +rule insufficient_proposition_power_witness_state_is_failed{ env e1; env e2; env e3; calldataarg args; uint256 proposalId; @@ -260,18 +224,22 @@ rule insufficient_proposition_power_allow_time_elapse(method f) filtered { f -> require e1.block.timestamp <= e2.block.timestamp && e2.block.timestamp <= e3.block.timestamp; IGovernanceCore.State state1 = getProposalState(e1, proposalId); - f(e2, args); + queueProposal(e2, args); IGovernanceCore.State state2 = getProposalState(e3, proposalId); mathint creator_power = _GovernancePowerStrategy.getFullPropositionPower(e2,getProposalCreator(proposalId)); mathint voting_config_min_power = getMinPropositionPower(getVotingConfig(getProposalAccessLevel(proposalId))) * PRECISION_DIVIDER(); //uint56 - assert (state1 != state2 && (creator_power <= voting_config_min_power)) => - state2 == IGovernanceCore.State.Cancelled || state2 == IGovernanceCore.State.Failed || state2 == IGovernanceCore.State.Expired; + bool belowThreshold = (state1 != state2 && creator_power <= voting_config_min_power ); -} + require belowThreshold && e1.block.timestamp == e3.block.timestamp; + satisfy belowThreshold && e1.block.timestamp == e3.block.timestamp => + state2 == IGovernanceCore.State.Failed; -rule insufficient_proposition_power_time_elapsed_tight_witness(method f) filtered { f -> state_advancing_function(f)}{ +} + +//witness 2 +rule insufficient_proposition_power_witness_state_is_cancelled{ env e1; env e2; env e3; calldataarg args; uint256 proposalId; @@ -279,69 +247,51 @@ rule insufficient_proposition_power_time_elapsed_tight_witness(method f) filtere require e1.block.timestamp <= e2.block.timestamp && e2.block.timestamp <= e3.block.timestamp; IGovernanceCore.State state1 = getProposalState(e1, proposalId); - f(e2, args); + cancelProposal(e2, args); IGovernanceCore.State state2 = getProposalState(e3, proposalId); mathint creator_power = _GovernancePowerStrategy.getFullPropositionPower(e2,getProposalCreator(proposalId)); mathint voting_config_min_power = getMinPropositionPower(getVotingConfig(getProposalAccessLevel(proposalId))) * PRECISION_DIVIDER(); //uint56 - require state1 != state2; - require creator_power <= (voting_config_min_power); - satisfy ! (state2 == IGovernanceCore.State.Cancelled || state2 == IGovernanceCore.State.Failed); -} - - -//helper a proposal state is Null iff its required access level is null -invariant null_state_variable_iff_null_access_level(uint256 proposalId) - getProposalStateVariable(proposalId) == IGovernanceCore.State.Null <=> - getProposalAccessLevel(proposalId) == PayloadsControllerUtils.AccessControl.Level_null; - + bool belowThreshold = (state1 != state2 && creator_power <= voting_config_min_power ); + require belowThreshold && e1.block.timestamp == e3.block.timestamp; -// Once assign the voting portal is immutable -rule immutable_voting_portal(){ + satisfy belowThreshold && e1.block.timestamp == e3.block.timestamp => state2 == IGovernanceCore.State.Cancelled; - env e; +} +//witness 3 +rule insufficient_proposition_power_witness_time_elapsed(method f){ + env e1; env e2; env e3; calldataarg args; - method f; uint256 proposalId; + + require e1.block.timestamp <= e2.block.timestamp && e2.block.timestamp <= e3.block.timestamp; + + IGovernanceCore.State state1 = getProposalState(e1, proposalId); + f(e2, args); + IGovernanceCore.State state2 = getProposalState(e3, proposalId); + mathint creator_power = _GovernancePowerStrategy.getFullPropositionPower(e2,getProposalCreator(proposalId)); + mathint voting_config_min_power = getMinPropositionPower(getVotingConfig(getProposalAccessLevel(proposalId))) * PRECISION_DIVIDER(); //uint56 - requireInvariant zero_voting_portal_iff_uninitialized_proposal(proposalId); + bool belowThreshold = (state1 != state2 && creator_power <= voting_config_min_power ); - address votingPortal_before = getProposalVotingPortal(proposalId); - f(e, args); - address votingPortal_after = getProposalVotingPortal(proposalId); + require belowThreshold; - assert votingPortal_before != 0 => votingPortal_before == votingPortal_after; + satisfy state2 == IGovernanceCore.State.Expired; } -// helper: A proposal is uninitialized iff its voting portal is address zero. -invariant zero_voting_portal_iff_uninitialized_proposal(uint256 proposalId) - proposalId >= getProposalsCount() <=> getProposalVotingPortal(proposalId) == 0 - { - preserved { - requireInvariant zero_address_is_not_a_valid_voting_portal(); - } - - } - -//helper: Zero address is never an approved voting portal -invariant zero_address_is_not_a_valid_voting_portal() - !isVotingPortalApproved(0); - -// @title Property #5: No further state transitions are possible if proposal.state > 3. -// All state that are greater than 3 are terminal -rule no_state_transitions_beyond_3{ +// @title Property #7: No further state transitions are possible if proposal.state > 3. +// All states that are greater than 3 are terminal +rule no_state_transitions_beyond_3(method f) filtered { f-> !f.isView }{ env e1; env e2; env e3; calldataarg args; - method f; uint256 proposalId; require e1.block.timestamp <= e2.block.timestamp; require e2.block.timestamp <= e3.block.timestamp; requireInvariant null_state_iff_uninitialized_proposal(e1, proposalId); - IGovernanceCore.State state1 = getProposalState(e1, proposalId); f(e2, args); @@ -353,12 +303,11 @@ rule no_state_transitions_beyond_3{ } -// @title Property #6 proposal.state can't decrease. +// @title Property #8 proposal.state can't decrease. // Forward progress of the proposal state-machine: the state cannot decrease. -rule state_cant_decrease{ +rule state_cant_decrease(method f) filtered { f-> !f.isView }{ env e1; env e2; env e3; calldataarg args; - method f; uint256 proposalId; require e1.block.timestamp <= e2.block.timestamp && e2.block.timestamp <= e3.block.timestamp; @@ -371,13 +320,12 @@ rule state_cant_decrease{ assert assert_uint256(state1) <= assert_uint256(state2); } - // @title Property #7 // It should be impossible to do more than 1 state transition per proposal per block, except: -// Cancellation because of the proposition power change. -// Cancellation after proposal creation by creator. -// Proposal execution after proposal queuing if COOLDOWN_PERIOD is 0. -// /owner calling setVotingConfigs(), removeVotingPortals() +// (a) Cancellation because of the proposition power change. +// (b) Cancellation after proposal creation by creator. +// (c) Proposal execution after proposal queuing if COOLDOWN_PERIOD is 0. +// (d) The owner is calling setVotingConfigs(), removeVotingPortals() // No two transitions of a proposal's state happen in a single block timestamp, except cancellation by the owner or by a guardian. rule single_state_transition_per_block_non_creator_non_guardian(method f, method g, method h) @@ -398,7 +346,7 @@ filtered { f -> state_changing_function(f), uint256 proposalId; require e1.block.timestamp <= e2.block.timestamp; - require e2.block.timestamp == e3.block.timestamp; + require e2.block.timestamp == e3.block.timestamp; require e3.block.timestamp == e4.block.timestamp; require e4.block.timestamp == e5.block.timestamp; require e5.block.timestamp == e6.block.timestamp; @@ -421,9 +369,7 @@ filtered { f -> state_changing_function(f), state1 != state2 => state2 == state3; } - -//todo: add witnesses of double transition -//todo: investigate: should there be more witnesses in addition to queueProposal-executeProposal +// witness rule single_state_transition_per_block_non_creator_witness { env e1; @@ -459,7 +405,7 @@ rule single_state_transition_per_block_non_creator_witness /// Property #8: Only the owner can set the voting power strategy and voting config. -// A unauthorized user (not an owner) cannot change voting parameters +//An unauthorized user (not an owner) cannot change voting parameters rule only_owner_can_set_voting_config(method f) filtered { f -> !f.isView && !initializeSig(f) && !initializeWithRevisionSig(f)} @@ -480,6 +426,7 @@ rule only_owner_can_set_voting_config(method f) filtered { } +// witness rule only_owner_can_set_voting_config_witness(method f) filtered { f -> !f.isView} { env e; @@ -498,7 +445,7 @@ rule only_owner_can_set_voting_config_witness(method f) filtered { f -> !f.isVie } -//Property #9: When invalidating voting config, proposal can not be queued +//Property #9: When invalidating the voting config, a proposal can not be queued. // One can not queue a proposal if its voting portal is unapproved rule cannot_queue_when_voting_portal_unapproved{ env e1; env e2; env e3; @@ -535,7 +482,7 @@ rule guardian_can_cancel() assert assert_uint256(state1) < 4; } -// Only a guardian, an owner can cancel any proposal, a creator can cancel his own proposal +// Property : Only a guardian or an owner can cancel any proposal, a creator can cancel his own proposal rule only_guardian_can_cancel(method f)filtered { f -> !f.isView && !initializeSig(f) @@ -557,32 +504,17 @@ rule only_guardian_can_cancel(method f)filtered cancelProposal(e3, proposalId); assert guardian() == e2.msg.sender || - owner() == e2.msg.sender || //todo: review + owner() == e2.msg.sender || guardian() == e3.msg.sender || getProposalCreator(proposalId) == e3.msg.sender || creator_power_after < creator_power_before; } -//helper parametric function -function call_state_changing_function(env e, uint256 proposalId) { -uint128 forVotes; - calldataarg args; - uint128 againstVotes; - uint256 sel; - if (sel == 1) {require createProposal(e, args) == proposalId;} - else if (sel ==2) {activateVoting(e, proposalId);} - else if (sel ==3) {queueProposal(e, proposalId, forVotes, againstVotes);} - else if (sel ==4) {executeProposal(e, proposalId);} - else if (sel ==5) {cancelProposal(e, proposalId);} - else {require false;} - } - - //Property #11: The following proposal parameters can only be set once, at proposal creation: -// creator, accessLevel, votingPortal, votingDuration, creationTime, ipfsHash, payloads. -// Once a proposal is initialized its creator, accessLevel, votingPortal, votingDuration, creationTime, ipfsHash, payloads length cannot change. -rule immutable_after_creation(method f){ +// creator, accessLevel, votingPortal, creationTime, ipfsHash, payloads. +// Once a proposal is initialized its creator, accessLevel, votingPortal, creationTime, ipfsHash, payloads.length cannot change. +rule immutable_after_creation(method f)filtered { f -> !f.isView}{ env e1; env e2; @@ -591,13 +523,12 @@ rule immutable_after_creation(method f){ requireInvariant null_state_iff_uninitialized_proposal(e2, proposalId); - + IGovernanceCore.State state_before = getProposalState(e1, proposalId); address creator_before = getProposalCreator(proposalId); address voting_portal_before = getProposalVotingPortal(proposalId); PayloadsControllerUtils.AccessControl access_level_before = getProposalAccessLevel(proposalId); - uint24 voting_duration_before = getProposalVotingDuration(proposalId); uint40 creation_time_before = getProposalCreationTime(proposalId); bytes32 ipfs_hash_before = getProposalIpfsHash(proposalId); uint256 payloads_length_before = getPayloadLength(proposalId); @@ -606,7 +537,6 @@ rule immutable_after_creation(method f){ address creator_after = getProposalCreator(proposalId); address voting_portal_after = getProposalVotingPortal(proposalId); PayloadsControllerUtils.AccessControl access_level_after = getProposalAccessLevel(proposalId); - uint24 voting_duration_after = getProposalVotingDuration(proposalId); uint40 creation_time_after = getProposalCreationTime(proposalId); bytes32 ipfs_hash_after = getProposalIpfsHash(proposalId); uint256 payloads_length_after = getPayloadLength(proposalId); @@ -615,48 +545,111 @@ rule immutable_after_creation(method f){ assert state_before != IGovernanceCore.State.Null => creator_before == creator_after; assert state_before != IGovernanceCore.State.Null => access_level_before == access_level_after; assert state_before != IGovernanceCore.State.Null => voting_portal_before == voting_portal_after; - assert state_before != IGovernanceCore.State.Null => voting_duration_before == voting_duration_before; assert state_before != IGovernanceCore.State.Null => creation_time_before == creation_time_before; assert state_before != IGovernanceCore.State.Null => ipfs_hash_before == ipfs_hash_after; assert state_before != IGovernanceCore.State.Null => payloads_length_before == payloads_length_after; -} + } -// Proposal payloads cannot change. -rule immutable_payload_after_creation(method f){ + // Once assigned the voting portal is immutable +rule immutable_voting_portal(method f) filtered { f-> !f.isView }{ - env e1; - env e2; + env e; calldataarg args; uint256 proposalId; - uint256 payloadId; + requireInvariant zero_voting_portal_iff_uninitialized_proposal(proposalId); + + address voting_portal_before = getProposalVotingPortal(proposalId); + f(e, args); + address voting_portal_after = getProposalVotingPortal(proposalId); + + assert voting_portal_before != 0 => voting_portal_before == voting_portal_after; +} + + +//witnesses - createProposal may change the proposal's +// creator, accessLevel, votingPortal, creationTime, ipfsHash, payloads length + +// witness 1 +rule immutable_after_creation_witness_creator{ + + env e1; env e2; calldataarg args; uint256 proposalId; requireInvariant null_state_iff_uninitialized_proposal(e2, proposalId); - requireInvariant empty_payloads_iff_uninitialized_proposal(proposalId); - IGovernanceCore.State state_before = getProposalState(e1, proposalId); - uint256 payload_chain_before = getPayloadChain(proposalId, payloadId); - PayloadsControllerUtils.AccessControl payload_access_level_before = getPayloadAccessLevel(proposalId, payloadId); - address payloads_controller_before = getPayloadPayloadsController(proposalId, payloadId); - uint40 payloads_id_before = getPayloadPayloadId(proposalId, payloadId); + address creator_before = getProposalCreator(proposalId); + createProposal(e2, args); + satisfy creator_before != getProposalCreator(proposalId); +} - f(e2, args); - uint256 payload_chain_after = getPayloadChain(proposalId, payloadId); - PayloadsControllerUtils.AccessControl payload_access_level_after = getPayloadAccessLevel(proposalId, payloadId); - address payloads_controller_after = getPayloadPayloadsController(proposalId, payloadId); - uint40 payloads_id_after = getPayloadPayloadId(proposalId, payloadId); +// witness 2 +rule immutable_after_creation_witness_voting_portal{ + + env e1; env e2; calldataarg args; uint256 proposalId; + requireInvariant null_state_iff_uninitialized_proposal(e2, proposalId); + requireInvariant zero_voting_portal_iff_uninitialized_proposal(proposalId); + + IGovernanceCore.State state_before = getProposalState(e1, proposalId); + + address voting_portal_before = getProposalVotingPortal(proposalId); + createProposal(e2, args); + satisfy voting_portal_before != getProposalVotingPortal(proposalId); + + satisfy voting_portal_before == 0 && getProposalVotingPortal(proposalId) != 0; +} + +// witness 3 +rule immutable_after_creation_witness_access_level{ + + env e1; env e2; calldataarg args; uint256 proposalId; + requireInvariant null_state_iff_uninitialized_proposal(e2, proposalId); + IGovernanceCore.State state_before = getProposalState(e1, proposalId); + + PayloadsControllerUtils.AccessControl access_level_before = getProposalAccessLevel(proposalId); + createProposal(e2, args); + satisfy access_level_before != getProposalAccessLevel(proposalId); +} + +// witness 4 +rule immutable_after_creation_witness_creation_time{ - assert payload_chain_before == payload_chain_after; - assert payload_access_level_before == payload_access_level_after; - assert payloads_controller_before == payloads_controller_after; - assert payloads_id_before == payloads_id_after; + env e1; env e2; calldataarg args; uint256 proposalId; + requireInvariant null_state_iff_uninitialized_proposal(e2, proposalId); + IGovernanceCore.State state_before = getProposalState(e1, proposalId); + + uint40 creation_time_before = getProposalCreationTime(proposalId); + createProposal(e2, args); + satisfy creation_time_before != getProposalCreationTime(proposalId); +} + +// witness 5 +rule immutable_after_creation_witness_ipfs_hash{ + + env e1; env e2; calldataarg args; uint256 proposalId; + requireInvariant null_state_iff_uninitialized_proposal(e2, proposalId); + IGovernanceCore.State state_before = getProposalState(e1, proposalId); + + bytes32 ipfs_hash_before = getProposalIpfsHash(proposalId); + createProposal(e2, args); + satisfy ipfs_hash_before != getProposalIpfsHash(proposalId); +} + +// witness 6 +rule immutable_after_creation_witness_payload_length{ + + env e1; env e2; calldataarg args; uint256 proposalId; + requireInvariant null_state_iff_uninitialized_proposal(e2, proposalId); + IGovernanceCore.State state_before = getProposalState(e1, proposalId); + uint256 payloads_length_before = getPayloadLength(proposalId); + createProposal(e2, args); + satisfy payloads_length_before != getPayloadLength(proposalId); } // Property #12: The following proposal parameters can only be set once, during voting activation: -// votingActivationTime, snapshotBlockHash, snapshotBlockNumber. +// votingActivationTime, snapshotBlockHash, proposalVotingDuration // Proposal's votingActivationTime and snapshotBlockHash are immutable rule immutable_after_activation(method f) filtered {f -> !f.isView} @@ -670,18 +663,36 @@ filtered {f -> !f.isView} uint40 voting_activation_time_before = getProposalVotingActivationTime(proposalId); bytes32 snapshot_blockhash_before = getProposalSnapshotBlockHash(proposalId); + uint24 voting_duration_before = getProposalVotingDuration(proposalId); f(e2, args); uint40 voting_activation_time_after = getProposalVotingActivationTime(proposalId); bytes32 snapshot_blockhash_after = getProposalSnapshotBlockHash(proposalId); - + uint24 voting_duration_after = getProposalVotingDuration(proposalId); + assert voting_activation_time_before == voting_activation_time_after; assert snapshot_blockhash_before == snapshot_blockhash_after; + assert voting_duration_before == voting_duration_after; + } +//witness - assignment to proposalVotingActivationTime and proposalSnapshotBlockHash can happen +rule immutable_after_activation_witness +{ + env e; + uint256 proposalId; + + uint40 voting_activation_time_before = getProposalVotingActivationTime(proposalId); + bytes32 snapshot_blockhash_before = getProposalSnapshotBlockHash(proposalId); + activateVoting(e, proposalId); + uint40 voting_activation_time_after = getProposalVotingActivationTime(proposalId); + bytes32 snapshot_blockhash_after = getProposalSnapshotBlockHash(proposalId); + satisfy voting_activation_time_before != voting_activation_time_after; + satisfy snapshot_blockhash_before != snapshot_blockhash_after; +} -//Property #14: Only a valid voting portal can queue a proposal and only if this is in Active state. -// Only by an approved voting protal can call queue(), only if state is Active +//Property #14: Only a valid voting portal can queue a proposal and only if this is in Active state +// Only by an approved voting portal can call queue(), only if state is Active rule only_valid_voting_portal_can_queue_proposal(method f){ env e1; @@ -712,7 +723,6 @@ rule proposal_executes_after_cooldown_period(){ uint128 againstVotes; require e2.block.timestamp <= e3.block.timestamp; require e1.block.timestamp < 2^40; - require e3.block.timestamp < 2^40; // record the time between queueProposal and executeProposal queueProposal(e1, proposalId, forVotes, againstVotes); @@ -732,9 +742,10 @@ rule proposal_executes_after_cooldown_period(){ // and big enough for at least mig to long term -//property #20: When if in a terminal state, no state changing function can be called. + +// From an old or version of properties.md - property #20: When if in a terminal state, no state-changing function can be called. // Terminal states >= 4 are terminal, a proposal in a terminal state cannot change its state -rule state_changing_function_cannot_be_called_while_in_terminal_state() +rule state_changing_function_cannot_be_called_while_in_terminal_state(method f) filtered {f -> state_changing_function(f)} { env e1; env e2; @@ -744,136 +755,54 @@ rule state_changing_function_cannot_be_called_while_in_terminal_state() requireInvariant null_state_iff_uninitialized_proposal(e2, proposalId); IGovernanceCore.State state1 = getProposalState(e1, proposalId); - call_state_changing_function(e2, proposalId); + uint128 forVotes; + calldataarg args; + uint128 againstVotes; + + if (f.selector == sig:createProposal(PayloadsControllerUtils.Payload[],address,bytes32).selector ) {require createProposal(e2, args) == proposalId;} + else if (f.selector == sig:activateVoting(uint256).selector) {activateVoting(e2, proposalId);} + else if (f.selector == sig:queueProposal(uint256,uint128,uint128).selector) {queueProposal(e2, proposalId, forVotes, againstVotes);} + else if (f.selector == sig:executeProposal(uint256).selector) {executeProposal(e2, proposalId);} + else if (f.selector == sig:cancelProposal(uint256).selector) {cancelProposal(e2, proposalId);} + else {assert false;} + assert !isTerminalState(state1); assert assert_uint256(state1) < 4; } -// Terminal states >= 4 are terminal, a proposal in a terminal state cannot change its state -// Only the relevant state-changing function actually change the state -// Check by the states before a transition occurs -rule pre_state(method f) -{ - env e1; - env e2; - env e3; - calldataarg args1; - uint256 proposalId; - - require e1.block.timestamp <= e3.block.timestamp; - requireInvariant null_state_iff_uninitialized_proposal(e1, proposalId); - IGovernanceCore.State state1 = getProposalState(e1, proposalId); - f(e2, args1); - IGovernanceCore.State state2 = getProposalState(e3, proposalId); - - assert state1 != state2 && state1 == IGovernanceCore.State.Null && state2 != IGovernanceCore.State.Expired - => f.selector == sig:createProposal(PayloadsControllerUtils.Payload[],address,bytes32).selector; - assert state1 != state2 && state1 == IGovernanceCore.State.Created && state2 != IGovernanceCore.State.Expired - => f.selector == sig:activateVoting(uint256).selector || f.selector == sig:cancelProposal(uint256).selector; - assert state1 != state2 && state1 == IGovernanceCore.State.Active && state2 != IGovernanceCore.State.Expired - => f.selector == sig:queueProposal(uint256,uint128,uint128).selector || f.selector == sig:cancelProposal(uint256).selector; - assert state1 != state2 && state1 == IGovernanceCore.State.Queued && state2 != IGovernanceCore.State.Expired - => (f.selector == sig:executeProposal(uint256).selector || f.selector == sig:cancelProposal(uint256).selector); - //todo: relevant assertion for Failed, Expired? +// +// Cancellation fee +// -} +// Property 22: For any proposal id that wasn't yet created, the cancellation fee must be 0 +invariant cancellationFeeZeroForFutureProposals(uint256 proposalId) + proposalId >= getProposalsCount() => getProposalCancellationFee(proposalId) == 0; +// Property: eth balance can cover the total cancellation fee of users +invariant totalCancellationFeeEqualETHBalance() + to_mathint(nativeBalances[currentContract]) >= totalCancellationFee + { + preserved with (env e2) + { + require e2.msg.sender != currentContract; + } + } -// Only the relevant state-changing function actually change the state -// Check by the states after a transition occurs -rule post_state(method f) -{ - env e1; - env e2; - env e3; - calldataarg args1; - uint256 proposalId; +// Property: In any case that proposal.CancellationFee doesn't change, eth balance cannot decrease +rule userFeeDidntChangeImplyNativeBalanceDidntDecrease(){ + require(!isCancellationChanged); + uint256 _ethBal = nativeBalances[currentContract]; + method f; env e; calldataarg args; + f(e, args); + uint256 ethBal_ = nativeBalances[currentContract]; + assert(!isCancellationChanged => _ethBal <= ethBal_); +} - require e1.block.timestamp <= e3.block.timestamp; - - IGovernanceCore.State state1 = getProposalState(e1, proposalId); - f(e2, args1); - IGovernanceCore.State state2 = getProposalState(e3, proposalId); - - assert state1 != state2 && state2 == IGovernanceCore.State.Created => - f.selector == sig:createProposal(PayloadsControllerUtils.Payload[],address,bytes32).selector; - assert state1 != state2 && state2 == IGovernanceCore.State.Active => f.selector == sig:activateVoting(uint256).selector; - assert state1 != state2 && state2 == IGovernanceCore.State.Queued => f.selector == sig:queueProposal(uint256,uint128,uint128).selector; - assert state1 != state2 && state2 == IGovernanceCore.State.Executed => f.selector == sig:executeProposal(uint256).selector; - assert state1 != state2 && state2 == IGovernanceCore.State.Cancelled => f.selector == sig:cancelProposal(uint256).selector; - //todo: relevant assertion for Failed, Expired? - -} - -//helper: only method of state_changing_function can change a proposal state -rule state_changing_function_self_check(method f) -filtered { f -> !state_changing_function(f)} -{ - env e1; - env e2; - env e3; - calldataarg args1; - uint256 proposalId; - - require e1.block.timestamp <= e3.block.timestamp; - IGovernanceCore.State state1 = getProposalState(e1, proposalId); - f(e2, args1); - IGovernanceCore.State state2 = getProposalState(e3, proposalId); - - assert state2 != IGovernanceCore.State.Expired => state1 == state2; - assert e1.block.timestamp == e3.block.timestamp => state1 == state2; -} - -rule state_variable_changing_function_self_check(method f) -filtered { f -> !state_changing_function(f)} -{ - env e1; - env e2; - env e3; - calldataarg args1; - uint256 proposalId; - - IGovernanceCore.State state1 = getProposalStateVariable(e1, proposalId); - f(e2, args1); - IGovernanceCore.State state2 = getProposalStateVariable(e3, proposalId); - - assert state1 == state2; -} - -// -// Cancellation fee -// - -// Property: For any proposal id that wasn't yet created, the cancellation fee must be 0 -invariant cancellationFeeZeroForFutureProposals(uint256 proposalId) - proposalId >= getProposalCount() => getProposalCancellationFee(proposalId) == 0; - -// Property: eth balance can cover the total cancellation fee of users -invariant totalCancellationFeeEqualETHBalance() - to_mathint(nativeBalances[currentContract]) >= totalCancellationFee - { - preserved with (env e2) - { - requireInvariant cancellationFeeZeroForFutureProposals(getProposalCount()); - require e2.msg.sender != currentContract; - } - } - -// Property: In any case that proposal.CancellationFee doesn't change, eth balance cannot decrease -rule userFeeDidntChangeImplyNativeBalanceDidntDecrease(){ - require(!isCancellationChanged); - uint256 _ethBal = nativeBalances[currentContract]; - method f; env e; calldataarg args; - f(e, args); - uint256 ethBal_ = nativeBalances[currentContract]; - assert(!isCancellationChanged => _ethBal <= ethBal_); -} - -// -// Voting by representative -// +// +// Voting by representative +// // A voter cannot represent himself invariant no_self_representative(address voter, uint256 chainId) @@ -911,29 +840,143 @@ rule check_new_representative_set_size_after_updateRepresentatives{ requireInvariant no_self_representative(e.msg.sender, chainId); requireInvariant in_representatives_iff_in_votersRepresented(e.msg.sender, new_representative, chainId); - address[] new_voters_before = getRepresentedVotersByChain(new_representative, chainId); mathint new_voters_size_before = new_voters_before.length; address representative_before = getRepresentativeByChain(e.msg.sender, chainId); - updateSingleRepresentativeForChain(e, new_representative, chainId); + IGovernanceCore.RepresentativeInput[] representatives; + require representatives[0].representative == new_representative; + require representatives[0].chainId == chainId; + updateRepresentativesForChain(e, representatives); address[] new_voters_after = getRepresentedVotersByChain(new_representative, chainId); mathint new_voters_size_after = new_voters_after.length; address representative_after = getRepresentativeByChain(e.msg.sender, chainId); - assert new_representative != 0 && new_representative !=e.msg.sender && new_representative != representative_before => - new_voters_size_after == new_voters_size_before + 1; + assert representatives.length == 1 => (new_representative != 0 && new_representative !=e.msg.sender && new_representative != representative_before => + new_voters_size_after == new_voters_size_before + 1); - assert new_representative != 0 && new_representative !=e.msg.sender && new_representative == representative_before => - new_voters_size_after == new_voters_size_before; + assert representatives.length == 1 => (new_representative != 0 && new_representative !=e.msg.sender && new_representative == representative_before => + new_voters_size_after == new_voters_size_before); assert (new_representative == e.msg.sender ) => new_voters_size_after == new_voters_size_before; } +rule check_new_representative_set_size_after_updateRepresentatives_witness_antecedent_first{ + + env e; + address new_representative; + uint256 chainId; + + requireInvariant no_self_representative(e.msg.sender, chainId); + requireInvariant in_representatives_iff_in_votersRepresented(e.msg.sender, new_representative, chainId); + + + address[] new_voters_before = getRepresentedVotersByChain(new_representative, chainId); + mathint new_voters_size_before = new_voters_before.length; + address representative_before = getRepresentativeByChain(e.msg.sender, chainId); + + IGovernanceCore.RepresentativeInput[] representatives; + require representatives[0].representative == new_representative; + require representatives[0].chainId == chainId; + updateRepresentativesForChain(e, representatives); + address[] new_voters_after = getRepresentedVotersByChain(new_representative, chainId); + mathint new_voters_size_after = new_voters_after.length; + address representative_after = getRepresentativeByChain(e.msg.sender, chainId); + + + require representatives.length == 1; + satisfy new_representative != 0 && new_representative !=e.msg.sender && new_representative != representative_before; +} + +rule check_new_representative_set_size_after_updateRepresentatives_witness_antecedent_second{ + + env e; + address new_representative; + uint256 chainId; + + requireInvariant no_self_representative(e.msg.sender, chainId); + requireInvariant in_representatives_iff_in_votersRepresented(e.msg.sender, new_representative, chainId); + + + address[] new_voters_before = getRepresentedVotersByChain(new_representative, chainId); + mathint new_voters_size_before = new_voters_before.length; + address representative_before = getRepresentativeByChain(e.msg.sender, chainId); + + IGovernanceCore.RepresentativeInput[] representatives; + require representatives[0].representative == new_representative; + require representatives[0].chainId == chainId; + updateRepresentativesForChain(e, representatives); + address[] new_voters_after = getRepresentedVotersByChain(new_representative, chainId); + mathint new_voters_size_after = new_voters_after.length; + address representative_after = getRepresentativeByChain(e.msg.sender, chainId); + + require representatives.length == 1; + satisfy new_representative != 0 && new_representative !=e.msg.sender && new_representative == representative_before; +} + +rule check_new_representative_set_size_after_updateRepresentatives_witness_consequent_first{ + + env e; + address new_representative; + uint256 chainId; + + requireInvariant no_self_representative(e.msg.sender, chainId); + requireInvariant in_representatives_iff_in_votersRepresented(e.msg.sender, new_representative, chainId); + + + address[] new_voters_before = getRepresentedVotersByChain(new_representative, chainId); + mathint new_voters_size_before = new_voters_before.length; + address representative_before = getRepresentativeByChain(e.msg.sender, chainId); + + IGovernanceCore.RepresentativeInput[] representatives; + require representatives[0].representative == new_representative; + require representatives[0].chainId == chainId; + updateRepresentativesForChain(e, representatives); + address[] new_voters_after = getRepresentedVotersByChain(new_representative, chainId); + mathint new_voters_size_after = new_voters_after.length; + address representative_after = getRepresentativeByChain(e.msg.sender, chainId); + + + require representatives.length == 1; + satisfy new_voters_size_after == new_voters_size_before + 1; +} + + +rule check_new_representative_set_size_after_updateRepresentatives_witness_consequent_second{ + + env e; + address new_representative; + uint256 chainId; + + requireInvariant no_self_representative(e.msg.sender, chainId); + requireInvariant in_representatives_iff_in_votersRepresented(e.msg.sender, new_representative, chainId); + + + address[] new_voters_before = getRepresentedVotersByChain(new_representative, chainId); + mathint new_voters_size_before = new_voters_before.length; + address representative_before = getRepresentativeByChain(e.msg.sender, chainId); + + IGovernanceCore.RepresentativeInput[] representatives; + require representatives[0].representative == new_representative; + require representatives[0].chainId == chainId; + updateRepresentativesForChain(e, representatives); + address[] new_voters_after = getRepresentedVotersByChain(new_representative, chainId); + mathint new_voters_size_after = new_voters_after.length; + address representative_after = getRepresentativeByChain(e.msg.sender, chainId); + + + require representatives.length == 1; + satisfy new_voters_size_after == new_voters_size_before; +} + + + + + // The size of the old representative set is correct after updateRepresentatives() rule check_old_representative_set_size_after_updateRepresentatives{ @@ -949,21 +992,24 @@ rule check_old_representative_set_size_after_updateRepresentatives{ address[] old_voters_before = getRepresentedVotersByChain(representative_before, chainId); mathint old_voters_size_before = old_voters_before.length; - updateSingleRepresentativeForChain(e, new_representative, chainId); + IGovernanceCore.RepresentativeInput[] representatives; + require representatives[0].representative == new_representative; + require representatives[0].chainId == chainId; + updateRepresentativesForChain(e, representatives); address[] old_voters_after = getRepresentedVotersByChain(representative_before, chainId); mathint old_voters_size_after = old_voters_after.length; address representative_after = getRepresentativeByChain(e.msg.sender, chainId); - assert new_representative != 0 && new_representative !=e.msg.sender + assert representatives.length == 1 => (new_representative != 0 && new_representative !=e.msg.sender && new_representative != representative_before && old_voters_size_before > 0 => - old_voters_size_after + 1 == old_voters_size_before; + old_voters_size_after + 1 == old_voters_size_before); - assert new_representative != 0 && new_representative !=e.msg.sender && new_representative == representative_before => - old_voters_size_after == old_voters_size_before; + assert representatives.length == 1 => (new_representative != 0 && new_representative !=e.msg.sender && new_representative == representative_before => + old_voters_size_after == old_voters_size_before); - assert (new_representative == e.msg.sender || new_representative == 0) && old_voters_size_before > 0 => - old_voters_size_after + 1 == old_voters_size_before; + assert representatives.length == 1 => ((new_representative == e.msg.sender || new_representative == 0) && old_voters_size_before > 0 => + old_voters_size_after + 1 == old_voters_size_before); } @@ -976,7 +1022,45 @@ invariant no_representative_of_zero_in_set(address representative, uint256 chain } } -// helper +// +// Valid-state invariants +// + +// Address zero cannot be a creator of a proposal +invariant creator_is_not_zero(uint256 proposalId) + getProposalStateVariable(proposalId) != IGovernanceCore.State.Null => getProposalCreator(proposalId) != 0 + { + preserved with (env e) + {require e.msg.sender != 0;} + } + +// The creator of an initialized proposal is not address zero +invariant creator_of_initialized_proposal_is_not_zero(uint256 proposalId) + proposalId < getProposalsCount() => getProposalCreator(proposalId) != 0 + { + preserved with (env e) + {require e.msg.sender != 0;} + } + +// A proposal is initialized if and only if it has payloads +invariant empty_payloads_iff_uninitialized_proposal(uint256 proposalId) + proposalId >= getProposalsCount() <=> getPayloadLength(proposalId) == 0; + +// A proposal is uninitialized if and only if its state is Null +invariant null_state_iff_uninitialized_proposal(env e, uint256 proposalId) + proposalId >= getProposalsCount() <=> getProposalState(e, proposalId) == IGovernanceCore.State.Null; + + +// getProposalState() is Null if and only if the state storage variable is Null +invariant null_state_equivalence(env e, uint256 proposalId) + getProposalState(e, proposalId) == IGovernanceCore.State.Null <=> getProposalStateVariable(proposalId) == IGovernanceCore.State.Null; + +// a proposal state is Null if and only if its required access level is null +invariant null_state_variable_iff_null_access_level(uint256 proposalId) + getProposalStateVariable(proposalId) == IGovernanceCore.State.Null <=> + getProposalAccessLevel(proposalId) == PayloadsControllerUtils.AccessControl.Level_null; + +// A representative is in map _representatives if and only if it's contained in set _votersRepresented invariant in_representatives_iff_in_votersRepresented(address voter, address representative, uint256 chainId) (representative != 0) => (isRepresentativeOfVoter(voter, representative, chainId) <=> @@ -987,13 +1071,205 @@ invariant in_representatives_iff_in_votersRepresented(address voter, address rep } } +// A proposal is uninitialized iff its voting portal is address zero. +invariant zero_voting_portal_iff_uninitialized_proposal(uint256 proposalId) + proposalId >= getProposalsCount() <=> getProposalVotingPortal(proposalId) == 0 + { + preserved { + requireInvariant zero_address_is_not_a_valid_voting_portal(); + } + + } + +//Zero address is never an approved voting portal +invariant zero_address_is_not_a_valid_voting_portal() + !isVotingPortalApproved(0); + +// Given a proposal, it's voting duration is less than or equal to the contract's expiration time +invariant proposal_voting_duration_lt_expiration_time(uint256 proposalId) + to_mathint(getProposalVotingDuration(proposalId)) <= to_mathint(PROPOSAL_EXPIRATION_TIME()) + { + preserved + {requireInvariant config_voting_duration_lt_expiration_time(getProposalAccessLevel(proposalId));} + } + +// The voting duration of any voting configuration is less than the contract's expiration time +invariant config_voting_duration_lt_expiration_time(PayloadsControllerUtils.AccessControl accessLevel) + to_mathint(getConfigDuration(accessLevel)) < to_mathint(PROPOSAL_EXPIRATION_TIME()); + + + + +// +// Sanity properties +// + +// Only the relevant state-changing functions can change the state +// Check by the states before a transition occurs +rule only_state_changing_function_initiate_transitions__pre_state(method f) +{ + env e1; + env e2; + env e3; + calldataarg args1; + uint256 proposalId; + + require e1.block.timestamp <= e3.block.timestamp; + requireInvariant null_state_iff_uninitialized_proposal(e1, proposalId); + IGovernanceCore.State state1 = getProposalState(e1, proposalId); + f(e2, args1); + IGovernanceCore.State state2 = getProposalState(e3, proposalId); + + assert state1 != state2 && state1 == IGovernanceCore.State.Null && state2 != IGovernanceCore.State.Expired + => f.selector == sig:createProposal(PayloadsControllerUtils.Payload[],address,bytes32).selector; + + assert state1 != state2 && state1 == IGovernanceCore.State.Created && state2 != IGovernanceCore.State.Expired + => f.selector == sig:activateVoting(uint256).selector || f.selector == sig:cancelProposal(uint256).selector; + + assert state1 != state2 && state1 == IGovernanceCore.State.Active && state2 != IGovernanceCore.State.Expired + => f.selector == sig:queueProposal(uint256,uint128,uint128).selector || f.selector == sig:cancelProposal(uint256).selector; + + assert state1 != state2 && state1 == IGovernanceCore.State.Queued && state2 != IGovernanceCore.State.Expired + => (f.selector == sig:executeProposal(uint256).selector || f.selector == sig:cancelProposal(uint256).selector); +} + + +// Only the relevant state-changing function can change the state +// Check by the states after a transition occurs +rule only_state_changing_function_initiate_transitions__post_state(method f) +{ + env e1; + env e2; + env e3; + calldataarg args1; + uint256 proposalId; + + require e1.block.timestamp <= e3.block.timestamp; + + IGovernanceCore.State state1 = getProposalState(e1, proposalId); + f(e2, args1); + IGovernanceCore.State state2 = getProposalState(e3, proposalId); + + assert state1 != state2 && state2 == IGovernanceCore.State.Created => + f.selector == sig:createProposal(PayloadsControllerUtils.Payload[],address,bytes32).selector; + assert state1 != state2 && state2 == IGovernanceCore.State.Active => f.selector == sig:activateVoting(uint256).selector; + assert state1 != state2 && state2 == IGovernanceCore.State.Queued => f.selector == sig:queueProposal(uint256,uint128,uint128).selector; + assert state1 != state2 && state2 == IGovernanceCore.State.Executed => f.selector == sig:executeProposal(uint256).selector; + assert state1 != state2 && state2 == IGovernanceCore.State.Cancelled => f.selector == sig:cancelProposal(uint256).selector; +} + +// State-machine verification - check post state of transitions +rule proposal_state_transition_post_state(method f) filtered { f -> state_changing_function(f)} +{ + env e1; env e2; env e3; calldataarg args1; + uint256 proposalId; + + require e1.block.timestamp <= e2.block.timestamp; + require e2.block.timestamp <= e3.block.timestamp; + require e3.block.timestamp < 2^40; + + requireInvariant null_state_iff_uninitialized_proposal(e1, proposalId); + requireInvariant proposal_voting_duration_lt_expiration_time(proposalId); + + IGovernanceCore.State state1 = getProposalState(e1, proposalId); + f(e2, args1); + + IGovernanceCore.State state2 = getProposalState(e3, proposalId); -// setup self check - reachability of currentContract external functions -rule method_reachability { + assert (e1.block.timestamp == e3.block.timestamp && state1 != state2) => (state1 == IGovernanceCore.State.Null => state2 == IGovernanceCore.State.Created); + + assert (e1.block.timestamp == e3.block.timestamp && state1 != state2) => + (state1 == IGovernanceCore.State.Created => (state2 == IGovernanceCore.State.Active || state2 == IGovernanceCore.State.Cancelled)); + + assert (e1.block.timestamp == e3.block.timestamp && state1 != state2) => + (state1 == IGovernanceCore.State.Active => + (state2 == IGovernanceCore.State.Queued || state2 == IGovernanceCore.State.Cancelled || state2 == IGovernanceCore.State.Failed)); + + assert (e1.block.timestamp == e3.block.timestamp && state1 != state2) => + (state1 == IGovernanceCore.State.Queued => state2 == IGovernanceCore.State.Executed || state2 == IGovernanceCore.State.Cancelled); +} + + +// State-machine verification - check post state of transitions +rule proposal_state_transition_pre_state(method f) filtered { f -> state_changing_function(f)} +{ + env e1; env e2; env e3; calldataarg args1; + uint256 proposalId; + + require e1.block.timestamp <= e2.block.timestamp; + require e2.block.timestamp <= e3.block.timestamp; + require e3.block.timestamp < 2^40; + + requireInvariant null_state_iff_uninitialized_proposal(e1, proposalId); + requireInvariant proposal_voting_duration_lt_expiration_time(proposalId); + + IGovernanceCore.State state1 = getProposalState(e1, proposalId); + f(e2, args1); + + IGovernanceCore.State state2 = getProposalState(e3, proposalId); + + assert (state1 != state2) => (state2 == IGovernanceCore.State.Created => state1 == IGovernanceCore.State.Null); + assert (state1 != state2) => (state2 == IGovernanceCore.State.Active => state1 == IGovernanceCore.State.Created); + assert (state1 != state2) => (state2 == IGovernanceCore.State.Queued => state1 == IGovernanceCore.State.Active); + assert (state1 != state2) => (state2 == IGovernanceCore.State.Executed => state1 == IGovernanceCore.State.Queued); + assert (state1 != state2) => (state2 == IGovernanceCore.State.Cancelled => + (state1 == IGovernanceCore.State.Created || state1 == IGovernanceCore.State.Active || state1 == IGovernanceCore.State.Queued)); + + assert (state1 != state2) => (state2 == IGovernanceCore.State.Failed => state1 == IGovernanceCore.State.Active); + + assert (state1 != state2 && e2.block.timestamp == e3.block.timestamp) => (state2 == IGovernanceCore.State.Expired => + (state1 == IGovernanceCore.State.Created || state1 == IGovernanceCore.State.Active || state1 == IGovernanceCore.State.Queued)); + +} + +//only methods belonging to state_changing_function() can change a proposal state +rule state_changing_function_self_check(method f) +filtered { f -> !state_changing_function(f)} +{ + env e1; + env e2; + env e3; + calldataarg args1; + uint256 proposalId; + + require e1.block.timestamp <= e3.block.timestamp; + IGovernanceCore.State state1 = getProposalState(e1, proposalId); + f(e2, args1); + IGovernanceCore.State state2 = getProposalState(e3, proposalId); + + assert state2 != IGovernanceCore.State.Expired => state1 == state2; + assert e1.block.timestamp == e3.block.timestamp => state1 == state2; +} + +//only methods belonging to state_changing_function() can change the variable that stores the proposals' state +rule state_variable_changing_function_self_check(method f) +filtered { f -> !state_changing_function(f)} +{ + env e1; + env e2; + env e3; + calldataarg args; + uint256 proposalId; + + IGovernanceCore.State state1 = getProposalStateVariable(e1, proposalId); + f(e2, args); + IGovernanceCore.State state2 = getProposalStateVariable(e3, proposalId); + + assert state1 == state2; +} + + +// self-check - all external functions are reachability +rule method_reachability(method f) +filtered {f -> f.contract == currentContract} +{ env e; calldataarg arg; - method f; f(e, arg); satisfy true; } + + + + diff --git a/security/certora/specs/GovernancePowerStrategy.spec b/security/certora/specs/GovernancePowerStrategy.spec index 42881a5..a78207c 100644 --- a/security/certora/specs/GovernancePowerStrategy.spec +++ b/security/certora/specs/GovernancePowerStrategy.spec @@ -22,6 +22,10 @@ methods function getFullVotingPower(address) external returns (uint256) envfree; function getFullPropositionPower(address) external returns (uint256) envfree; + // GovernancePowerStrategyHarness ========================================== + function getVotingAsset(uint256) external returns (address) envfree; + function getVotingAssetsNumber() external returns (uint256) envfree; + // AaveTokenV3 ============================================================= function AaveTokenV3_DummyA.getPowerCurrent( address, @@ -81,17 +85,17 @@ function _getPower( // Rules ======================================================================= -/// @title Invalid token or slot is refused - a unittest -rule invalidTokenRefused(address token, uint128 slot) { - require ( - (token != AAVE() || slot != BASE_BALANCE_SLOT()) && - (token != STK_AAVE() || slot != BASE_BALANCE_SLOT()) && +/// @title Token and slot pair acceptance - a unittest +rule onlyValidTokensAccepted(address token, uint128 slot) { + bool isValidTokenSlot = ( + (token == AAVE() && slot == BASE_BALANCE_SLOT()) || + (token == STK_AAVE() && slot == BASE_BALANCE_SLOT()) || ( - token != A_AAVE() || - (slot != A_AAVE_BASE_BALANCE_SLOT() && slot != A_AAVE_DELEGATED_STATE_SLOT()) + token == A_AAVE() && + (slot == A_AAVE_BASE_BALANCE_SLOT() || slot == A_AAVE_DELEGATED_STATE_SLOT()) ) ); - assert !isTokenSlotAccepted(token, slot); + assert isTokenSlotAccepted(token, slot) <=> isValidTokenSlot; } @@ -148,6 +152,42 @@ rule transferPowerCompliance( } +/** @title Sufficient increase in balance will increase voting power + * @notice The dummy tokens used here will increase power for any amount greater than + * zero. However, this may not be true for the real tokens, and that is why we use + * `satisfy` here - to indicate only that for a certain amount the power must grow. + */ +rule balanceIncreaseRaisesVotingPower( + address from, + address receiver, + uint256 amountA, + uint256 amountB, + uint256 amountC +) { + eachDummyIsUniqueToken(); + IGovernancePowerDelegationToken.GovernancePowerType govType = ( + IGovernancePowerDelegationToken.GovernancePowerType.VOTING + ); + + env e; + require e.msg.sender == from; + require amountA > 0 && amountB > 0 && amountC > 0; + + uint256 prePowerA = _getPower(receiver, govType); + _DummyTokenA.transfer(e, receiver, amountA); + + uint256 prePowerB = _getPower(receiver, govType); + _DummyTokenB.transfer(e, receiver, amountB); + + uint256 prePowerC = _getPower(receiver, govType); + _DummyTokenC.transfer(e, receiver, amountC); + + uint256 postPower = _getPower(receiver, govType); + + satisfy prePowerA < prePowerB && prePowerB < prePowerC && prePowerC < postPower; +} + + /** @title Delegating does not increase the power of the delegator, nor reduce the * power of the new delegatee. * @@ -195,6 +235,17 @@ rule delegatePowerCompliance( ); } + +/// @title Voting assets integrity +invariant votingAssetsIntegrity(uint256 i, uint256 j) + (i != j) => (getVotingAsset(i) != getVotingAsset(j)); + + +/// @title The number of tokens must be 3 (affects the `loop_iter`) +invariant numberOfVotingAssets() + getVotingAssetsNumber() == 3; + + // setup self check - reachability of currentContract external functions rule method_reachability { env e; diff --git a/security/certora/specs/VotingStrategy_unittests.spec b/security/certora/specs/VotingStrategy_unittests.spec index aefad46..5163edb 100644 --- a/security/certora/specs/VotingStrategy_unittests.spec +++ b/security/certora/specs/VotingStrategy_unittests.spec @@ -190,10 +190,11 @@ rule wrongAssetYieldsZeroPower( } // setup self check - reachability of currentContract external functions -rule method_reachability { +rule method_reachability(method f) +filtered {f -> f.contract == currentContract} +{ env e; calldataarg arg; - method f; f(e, arg); satisfy true; } diff --git a/security/certora/specs/payloads/PayloadsController.spec b/security/certora/specs/payloads/PayloadsController.spec index 4670a8f..9743fca 100644 --- a/security/certora/specs/payloads/PayloadsController.spec +++ b/security/certora/specs/payloads/PayloadsController.spec @@ -4,7 +4,7 @@ methods { //Summarization // executes a transaction - function Executor.executeTransaction(address,uint256,string,bytes,bool) external returns (bytes) => NONDET; + function _.executeTransaction(address,uint256,string,bytes,bool) external => NONDET; function _.transfer(address,uint256) external => DISPATCHER(true); //Envfree methods @@ -22,8 +22,6 @@ methods { function getPayloadById(uint40) external returns (IPayloadsControllerCore.Payload); function getPayloadFieldsById(uint40 payloadId) external returns (address,PayloadsControllerUtils.AccessControl,IPayloadsControllerCore.PayloadState,uint40,uint40,uint40,uint40,uint40,uint40,uint40) envfree; - function getPayloadQueuedAtById(uint40 payloadId) external returns (uint40) envfree; - function getPayloadExpirationTimeById(uint40 payloadId) external returns (uint40) envfree; function getPayloadGracePeriod(uint40 payloadId) external returns (uint40) envfree; function getPayloadDelay(uint40 payloadId) external returns (uint40) envfree; function getPayloadCreatedAt(uint40 payloadId) external returns (uint40) envfree; @@ -34,7 +32,6 @@ methods { function getPayloadStateVariable(uint40) external returns (IPayloadsControllerCore.PayloadState) envfree; function getCreator(uint40) external returns (address) envfree; function getExpirationTime(uint40) external returns (uint40) envfree; - function MIN_EXECUTION_DELAY() external returns (uint40) envfree; function decodeMessage(bytes) external returns (uint40, PayloadsControllerUtils.AccessControl, uint40) envfree; function encodeMessage(uint40,PayloadsControllerUtils.AccessControl,uint40) external returns (bytes) envfree; @@ -191,7 +188,7 @@ rule consecutiveIDs(method f) filtered { f-> !f.isView }{ invariant empty_actions_only_if_uninitialized_payload (uint40 id) (getMaximumAccessLevelRequired(id) != PayloadsControllerUtils.AccessControl.Level_null || getPayloadStateVariable(id) != IPayloadsControllerCore.PayloadState.None - || getPayloadExpirationTimeById(id) != 0 ) + || getExpirationTime(id) != 0 ) => getActionsLength(id) > 0 { preserved{ @@ -516,13 +513,13 @@ rule execute_before_delay__maximumAccessLevelRequired{ executePayload(e, id); mathint timestamp = e.block.timestamp; - assert timestamp > getPayloadQueuedAtById(id) + getPayloadDelay(id); - assert timestamp < getPayloadQueuedAtById(id) + getPayloadDelay(id) + GRACE_PERIOD(); + assert timestamp > getPayloadQueuedAt(id) + getPayloadDelay(id); + assert timestamp < getPayloadQueuedAt(id) + getPayloadDelay(id) + GRACE_PERIOD(); } // @title A Payload can only be executed when in queued state -rule executed_when_in_queued_state{ +rule executed_when_in_queued_state_variable{ env e; uint40 payloadId; @@ -531,6 +528,15 @@ rule executed_when_in_queued_state{ assert state_before == IPayloadsControllerCore.PayloadState.Queued; } +rule executed_when_in_queued_state{ + env e; + uint40 payloadId; + + IPayloadsControllerCore.PayloadState state_before = getPayloadState(e, payloadId); + executePayload(e,payloadId); + assert state_before == IPayloadsControllerCore.PayloadState.Queued; +} + // @title property #7: The Guardian can cancel a Payload if it has not been executed @@ -540,12 +546,13 @@ rule guardian_can_cancel{ env e; calldataarg args; uint40 payloadId; - IPayloadsControllerCore.PayloadState state_before = getPayloadStateVariable(payloadId); + IPayloadsControllerCore.PayloadState state_before = getPayloadState(e, payloadId); cancelPayload@withrevert(e, payloadId); + bool call_reverted = lastReverted; assert e.msg.sender == guardian() && (state_before == IPayloadsControllerCore.PayloadState.Created || - state_before == IPayloadsControllerCore.PayloadState.Queued) => !lastReverted ; + state_before == IPayloadsControllerCore.PayloadState.Queued) => !call_reverted ; } @@ -582,7 +589,7 @@ rule no_late_cancel{ /// @title Property #8: Payload State can’t decrease // Forward progress of payload state machine -rule state_cant_decrease(method f) filtered { f -> !f.isView} +rule state_variable_cant_decrease(method f) filtered { f -> !f.isView} { env e; calldataarg args; @@ -597,8 +604,24 @@ rule state_cant_decrease(method f) filtered { f -> !f.isView} assert assert_uint256(state_before) <= assert_uint256(state_after); } +rule state_cant_decrease(method f) filtered { f -> !f.isView} +{ + env e; + calldataarg args; + uint40 payloadId; + + requireInvariant null_state_variable_if_out_of_bound_payload(payloadId); + + IPayloadsControllerCore.PayloadState state_before = getPayloadState(e, payloadId); + f(e,args); + IPayloadsControllerCore.PayloadState state_after = getPayloadState(e, payloadId); + + assert assert_uint256(state_before) <= assert_uint256(state_after); +} + /// @title Property #9: No further state transitions are possible if proposal.state > 3 /// @notice The rule uses a getter function + rule no_transition_beyond_state_gt_3(method f) filtered { f -> !f.isView}{ env e; @@ -676,6 +699,100 @@ invariant executor_access_level_within_range(PayloadsControllerUtils.AccessContr get_executor(access_level) != 0 => get_delay(access_level) >= MIN_EXECUTION_DELAY() && get_delay(access_level) <= MAX_EXECUTION_DELAY(); +// check that the same executor is not being used in 2 different levels +invariant executor_isnt_used_twice(PayloadsControllerUtils.AccessControl levelA, PayloadsControllerUtils.AccessControl levelB ) + get_executor(levelA) != 0 => (levelA != levelB <=> get_executor(levelA) != get_executor(levelB)) + { + preserved + { + requireInvariant executor_of_level_null_is_zero; + } + + } + +invariant executor_of_level_null_is_zero() + get_executor(PayloadsControllerUtils.AccessControl.Level_null) == 0; + + +rule checkUpdateExecutors { + env e; + IPayloadsControllerCore.UpdateExecutorInput[] executors; + require executors.length == 2; + updateExecutors(e, executors); + + PayloadsControllerUtils.AccessControl levelA; + PayloadsControllerUtils.AccessControl levelB; + address executorA; + address executorB; + + bool no_duplicate_access_level = executors[0].accessLevel != executors[1].accessLevel; + + assert (executors[0].accessLevel == levelA && executors[0].executorConfig.executor == executorA && no_duplicate_access_level) + => get_executor(levelA) == executorA; + assert (executors[1].accessLevel == levelA && executors[1].executorConfig.executor == executorA && no_duplicate_access_level) + => get_executor(levelA) == executorA; + assert (executors[0].accessLevel == levelB && executors[0].executorConfig.executor == executorB && no_duplicate_access_level) + => get_executor(levelB) == executorB; + assert (executors[1].accessLevel == levelB && executors[1].executorConfig.executor == executorB && no_duplicate_access_level) + => get_executor(levelB) == executorB; + +} + + +rule checkUpdateExecutors_witness_1 +{ + env e; + IPayloadsControllerCore.UpdateExecutorInput[] executors; + updateExecutors(e, executors); + + PayloadsControllerUtils.AccessControl levelA; PayloadsControllerUtils.AccessControl levelB; + address executorA; address executorB; + bool no_duplicate_access_level = executors[0].accessLevel != executors[1].accessLevel && executors.length <= 2; + + satisfy executors[0].accessLevel == levelA && executors[0].executorConfig.executor == executorA && no_duplicate_access_level; +} + +rule checkUpdateExecutors_witness_2 +{ + env e; + IPayloadsControllerCore.UpdateExecutorInput[] executors; + updateExecutors(e, executors); + + PayloadsControllerUtils.AccessControl levelA; PayloadsControllerUtils.AccessControl levelB; + address executorA; address executorB; + bool no_duplicate_access_level = executors[0].accessLevel != executors[1].accessLevel && executors.length <= 2; + + require executors[0].accessLevel == levelA && executors[0].executorConfig.executor == executorA && no_duplicate_access_level; + satisfy get_executor(levelA) == executorA; +} + +rule checkUpdateExecutors_witness_3 +{ + env e; + IPayloadsControllerCore.UpdateExecutorInput[] executors; + updateExecutors(e, executors); + + PayloadsControllerUtils.AccessControl levelA; PayloadsControllerUtils.AccessControl levelB; + address executorA; address executorB; + bool no_duplicate_access_level = executors[0].accessLevel != executors[1].accessLevel && executors.length <= 2; + + satisfy executors[1].accessLevel == levelA && executors[1].executorConfig.executor == executorA && no_duplicate_access_level; +} + +rule checkUpdateExecutors_witness_4 +{ + env e; + IPayloadsControllerCore.UpdateExecutorInput[] executors; + updateExecutors(e, executors); + + PayloadsControllerUtils.AccessControl levelA; PayloadsControllerUtils.AccessControl levelB; + address executorA; address executorB; + bool no_duplicate_access_level = executors[0].accessLevel != executors[1].accessLevel && executors.length <= 2; + + require executors[1].accessLevel == levelA && executors[1].executorConfig.executor == executorA && no_duplicate_access_level; + satisfy get_executor(levelA) == executorA; +} + /// @title Property #6: A Payload can never be executed if it has not been queued before the EXPIRATION_DELAY defined. @@ -687,7 +804,7 @@ invariant queued_before_expiration_delay(uint40 id) preserved with (env e){ requireInvariant expirationTime_equal_to_createAt_plus_EXPIRATION_DELAY(id); // requireInvariant created_in_the_past(e, id); - requireInvariant queuedAt_is_zero_before_queued(id); + requireInvariant queuedAt_is_zero_before_queued(e, id); // requireInvariant executedAt_is_zero_before_executed(id); requireInvariant null_state_variable_if_out_of_bound_payload(id); } @@ -697,7 +814,7 @@ invariant queued_before_expiration_delay(uint40 id) /// @notice assuming that the EXPIRATION_DELAY + CreatedAt <= max_uint40 invariant expirationTime_equal_to_createAt_plus_EXPIRATION_DELAY(uint40 id) getPayloadStateVariable(id) != IPayloadsControllerCore.PayloadState.None => - getPayloadExpirationTimeById(id) <= require_uint40(EXPIRATION_DELAY() + getPayloadCreatedAt(id)); + getExpirationTime(id) <= require_uint40(EXPIRATION_DELAY() + getPayloadCreatedAt(id)); //helper: creation time cannot be in the future @@ -717,22 +834,28 @@ invariant queued_after_created(uint40 id) { preserved with (env e){ requireInvariant created_in_the_past(e, id); - requireInvariant queuedAt_is_zero_before_queued(id); + requireInvariant queuedAt_is_zero_before_queued(e, id); requireInvariant null_state_variable_if_out_of_bound_payload(id); } } /// @title Execution happens after queue //execution time cannot be after queuing time -invariant executed_after_queue(uint40 id) +invariant executed_after_queue_state_variable(uint40 id) getPayloadStateVariable(id) == IPayloadsControllerCore.PayloadState.Executed => getPayloadExecutedAt(id) >= getPayloadQueuedAt(id) { preserved{ - requireInvariant executedAt_is_zero_before_executed(id); + requireInvariant executedAt_is_zero_before_executed_state_variable(id); } } -invariant zero_executedAt_if_not_executed(uint40 id) + +invariant executed_after_queue(env e1, uint40 id) + getPayloadState(e1, id) == IPayloadsControllerCore.PayloadState.Executed => + getPayloadExecutedAt(id) >= getPayloadQueuedAt(id) ; + + +invariant zero_executedAt_if_not_executed_state_variable(uint40 id) getPayloadStateVariable(id) != IPayloadsControllerCore.PayloadState.Executed => getPayloadExecutedAt(id) == 0 { @@ -740,8 +863,18 @@ invariant zero_executedAt_if_not_executed(uint40 id) requireInvariant null_state_variable_if_out_of_bound_payload(id); } } + +invariant zero_executedAt_if_not_executed(env e, uint40 id) + getPayloadState(e, id) != IPayloadsControllerCore.PayloadState.Executed => + getPayloadExecutedAt(id) == 0 + { + preserved{ + requireInvariant null_state_variable_if_out_of_bound_payload(id); + } + } + //helper: queuing time is nonzero for initialized payloads -invariant queuedAt_is_zero_before_queued(uint40 id) +invariant queuedAt_is_zero_before_queued_state_variable(uint40 id) getPayloadStateVariable(id) == IPayloadsControllerCore.PayloadState.None || getPayloadStateVariable(id) == IPayloadsControllerCore.PayloadState.Created => getPayloadQueuedAt(id) == 0 @@ -751,8 +884,18 @@ invariant queuedAt_is_zero_before_queued(uint40 id) } } +invariant queuedAt_is_zero_before_queued(env e, uint40 id) + getPayloadState(e, id) == IPayloadsControllerCore.PayloadState.None || + getPayloadState(e, id) == IPayloadsControllerCore.PayloadState.Created => getPayloadQueuedAt(id) == 0 + +{ + preserved{ + requireInvariant null_state_variable_if_out_of_bound_payload(id); + } + } + //helper: ExecutedAt == 0 before execution -invariant executedAt_is_zero_before_executed(uint40 id) +invariant executedAt_is_zero_before_executed_state_variable(uint40 id) getPayloadStateVariable(id) == IPayloadsControllerCore.PayloadState.None || getPayloadStateVariable(id) == IPayloadsControllerCore.PayloadState.Created || getPayloadStateVariable(id) == IPayloadsControllerCore.PayloadState.Queued => getPayloadExecutedAt(id) == 0 @@ -763,13 +906,29 @@ invariant executedAt_is_zero_before_executed(uint40 id) } } +invariant executedAt_is_zero_before_executed(env e, uint40 id) + getPayloadState(e, id) == IPayloadsControllerCore.PayloadState.None || + getPayloadState(e, id) == IPayloadsControllerCore.PayloadState.Created || + getPayloadState(e, id) == IPayloadsControllerCore.PayloadState.Queued => getPayloadExecutedAt(id) == 0 + +{ + preserved with (env e2){ + requireInvariant null_state_variable_if_out_of_bound_payload(id); + require e.block.timestamp == e2.block.timestamp; + } + } + +// getPayloadState() is Null if and only if the state storage variable is None +invariant null_state_equivalence(env e, uint40 payloadId) + getPayloadState(e, payloadId) == IPayloadsControllerCore.PayloadState.None <=> + getPayloadStateVariable(payloadId) == IPayloadsControllerCore.PayloadState.None; //helper: One cannot queue a payload if expiration time have elapsed rule no_queue_after_expiration{ env e; uint40 payloadId; - mathint expiration_time = getPayloadExpirationTimeById(payloadId); + mathint expiration_time = getExpirationTime(payloadId); mathint timestamp = e.block.timestamp; address originSender; uint256 originChainId; @@ -783,6 +942,87 @@ rule no_queue_after_expiration{ assert expiration_time > timestamp; } +// State-machine verification - check post-state of transitions +rule payload_state_transition_post_state(method f) filtered { f -> !f.isView}{ + + env e1; env e2; env e3; calldataarg args1; + //require 0 < e1.block.timestamp; + require e1.block.timestamp <= e2.block.timestamp; + require e2.block.timestamp <= e3.block.timestamp; + require e3.block.timestamp < 2^40; + calldataarg args; + + uint40 payloadId; + + requireInvariant null_state_variable_if_out_of_bound_payload(payloadId); + requireInvariant payload_grace_period_eq_global_grace_period(payloadId); + requireInvariant null_access_level_iff_state_is_none(payloadId); + requireInvariant expirationTime_equal_to_createAt_plus_EXPIRATION_DELAY(payloadId); + + IPayloadsControllerCore.PayloadState state1 = getPayloadState(e1,payloadId); + f(e2,args); + IPayloadsControllerCore.PayloadState state2 = getPayloadState(e3,payloadId); + + assert (e1.block.timestamp == e3.block.timestamp && state1 != state2) => ((state1 == IPayloadsControllerCore.PayloadState.None + => state2 == IPayloadsControllerCore.PayloadState.Created )); + + assert (e1.block.timestamp == e3.block.timestamp && state1 != state2) => (state1 == IPayloadsControllerCore.PayloadState.Created + => (state2 == IPayloadsControllerCore.PayloadState.Queued || state2 == IPayloadsControllerCore.PayloadState.Cancelled )); + + assert (e1.block.timestamp == e3.block.timestamp && state1 != state2) => (state1 == IPayloadsControllerCore.PayloadState.Queued + => (state2 == IPayloadsControllerCore.PayloadState.Executed || state2 == IPayloadsControllerCore.PayloadState.Cancelled )); + + + assert (e1.block.timestamp == e3.block.timestamp && state1 != state2) => ((state1 == IPayloadsControllerCore.PayloadState.None + => state2 == IPayloadsControllerCore.PayloadState.Created )); + + assert (e1.block.timestamp == e3.block.timestamp && state1 != state2) => (state1 == IPayloadsControllerCore.PayloadState.Created + => (state2 == IPayloadsControllerCore.PayloadState.Queued || state2 == IPayloadsControllerCore.PayloadState.Cancelled )); + + assert (e1.block.timestamp == e3.block.timestamp && state1 != state2) => (state1 == IPayloadsControllerCore.PayloadState.Queued + => (state2 == IPayloadsControllerCore.PayloadState.Executed || state2 == IPayloadsControllerCore.PayloadState.Cancelled )); + + +} + +// State-machine verification - check pre-state of transitions +rule payload_state_transition_pre_state(method f) filtered { f -> !f.isView}{ + + env e1; env e2; env e3; calldataarg args1; +// require 0 < e1.block.timestamp; + require e1.block.timestamp <= e2.block.timestamp; + require e2.block.timestamp <= e3.block.timestamp; + require e3.block.timestamp < 2^40; + calldataarg args; + + uint40 payloadId; + + requireInvariant null_state_variable_if_out_of_bound_payload(payloadId); + //requireInvariant payload_grace_period_eq_global_grace_period(payloadId); + //requireInvariant null_access_level_iff_state_is_none(payloadId); + requireInvariant expirationTime_equal_to_createAt_plus_EXPIRATION_DELAY(payloadId); + + IPayloadsControllerCore.PayloadState state1 = getPayloadState(e1,payloadId); + f(e2,args); + IPayloadsControllerCore.PayloadState state2 = getPayloadState(e3,payloadId); + + assert (state1 != state2) => (state2 == IPayloadsControllerCore.PayloadState.Created + => state1 == IPayloadsControllerCore.PayloadState.None ); + + assert (state1 != state2) => (state2 == IPayloadsControllerCore.PayloadState.Queued + => state1 == IPayloadsControllerCore.PayloadState.Created ); + + assert (state1 != state2) => (state2 == IPayloadsControllerCore.PayloadState.Executed + => state1 == IPayloadsControllerCore.PayloadState.Queued ); + + assert (state1 != state2) => (state2 == IPayloadsControllerCore.PayloadState.Cancelled + => (state1 == IPayloadsControllerCore.PayloadState.Created || state1 == IPayloadsControllerCore.PayloadState.Queued)); + + assert (e2.block.timestamp == e3.block.timestamp && state1 != state2) => (state2 == IPayloadsControllerCore.PayloadState.Expired + => (state1 == IPayloadsControllerCore.PayloadState.Created || state1 == IPayloadsControllerCore.PayloadState.Queued)); + +} + rule method_reachability{ env e; diff --git a/security/certora/specs/votersRepresentedAddressSet.spec b/security/certora/specs/votersRepresentedAddressSet.spec index 3af0687..1bf5a1d 100644 --- a/security/certora/specs/votersRepresentedAddressSet.spec +++ b/security/certora/specs/votersRepresentedAddressSet.spec @@ -1,5 +1,10 @@ // // Specification for Openzeppelin AddressSet used by GovernanceCore._votersRepresented + +/* ND - we have a much better spec for this: + https://github.com/Certora/Examples/blob/master/CVLByExample/QuantifierExamples/EnumerableSet/certora/spec/set.spec +lets switch to that on new projects and then the requireinvaraint is much easier +*/ // methods{ @@ -85,7 +90,7 @@ definition ARRAY_OUT_OF_BOUND_ZERO() returns bool = forall address rep. forall u /** * ghost mirror map, mimics Set map **/ -ghost mapping(address => mapping(uint256 => mapping(bytes32 => uint256))) mirrorMap{ +persistent ghost mapping(address => mapping(uint256 => mapping(bytes32 => uint256))) mirrorMap{ init_state axiom forall address rep. forall uint256 chain. forall bytes32 a. mirrorMap[rep][chain][a] == 0; } @@ -93,7 +98,7 @@ ghost mapping(address => mapping(uint256 => mapping(bytes32 => uint256))) mirror /** * ghost mirror array, mimics Set array **/ -ghost mapping(address => mapping(uint256 => mapping(uint256 => bytes32))) mirrorArray{ +persistent ghost mapping(address => mapping(uint256 => mapping(uint256 => bytes32))) mirrorArray{ init_state axiom forall address rep. forall uint256 chain. forall uint256 i. mirrorArray[rep][chain][i] == to_bytes32(0); } @@ -104,7 +109,7 @@ ghost mapping(address => mapping(uint256 => mapping(uint256 => bytes32))) mirror * The assumption holds: breaking the assumptions would violate the invariant condition 'map(array(index)) == index + 1'. Set map uses 0 as a sentinel value, so the array cannot contain MAX_INT different values. * The assumption is necessary: if a value is added when length==MAX_INT then length overflows and becomes zero. **/ -ghost mapping(address => mapping(uint256 => uint256)) mirrorArrayLen{ +persistent ghost mapping(address => mapping(uint256 => uint256)) mirrorArrayLen{ init_state axiom forall address rep. forall uint256 chain. mirrorArrayLen[rep][chain] == 0; axiom forall address rep. forall uint256 chain. mirrorArrayLen[rep][chain] < max_uint256; } @@ -114,7 +119,7 @@ ghost mapping(address => mapping(uint256 => uint256)) mirrorArrayLen{ * hook for Set array stores * @dev user of this spec must replace _list with the instance name of the Set. **/ -hook Sstore _votersRepresented [KEY address rep] [KEY uint256 chain] .(offset 0)[INDEX uint256 index] bytes32 newValue (bytes32 oldValue) STORAGE { +hook Sstore _votersRepresented [KEY address rep] [KEY uint256 chain] .(offset 0)[INDEX uint256 index] bytes32 newValue (bytes32 oldValue) { mirrorArray[rep][chain][index] = newValue; } @@ -122,14 +127,14 @@ hook Sstore _votersRepresented [KEY address rep] [KEY uint256 chain] .(offset 0) * hook for Set array loads * @dev user of this spec must replace _list with the instance name of the Set. **/ -hook Sload bytes32 value _votersRepresented [KEY address rep] [KEY uint256 chain] .(offset 0)[INDEX uint256 index] STORAGE { +hook Sload bytes32 value _votersRepresented [KEY address rep] [KEY uint256 chain] .(offset 0)[INDEX uint256 index] { require(mirrorArray[rep][chain][index] == value); } /** * hook for Set map stores * @dev user of this spec must replace _list with the instance name of the Set. **/ -hook Sstore _votersRepresented [KEY address rep] [KEY uint256 chain] .(offset 32)[KEY bytes32 key] uint256 newIndex (uint256 oldIndex) STORAGE { +hook Sstore _votersRepresented [KEY address rep] [KEY uint256 chain] .(offset 32)[KEY bytes32 key] uint256 newIndex (uint256 oldIndex) { mirrorMap[rep][chain][key] = newIndex; } @@ -137,7 +142,7 @@ hook Sstore _votersRepresented [KEY address rep] [KEY uint256 chain] .(offset 32 * hook for Set map loads * @dev user of this spec must replace _list with the instance name of the Set. **/ -hook Sload uint256 index _votersRepresented [KEY address rep] [KEY uint256 chain] .(offset 32)[KEY bytes32 key] STORAGE { +hook Sload uint256 index _votersRepresented [KEY address rep] [KEY uint256 chain] .(offset 32)[KEY bytes32 key] { require(mirrorMap[rep][chain][key] == index); } @@ -145,7 +150,7 @@ hook Sload uint256 index _votersRepresented [KEY address rep] [KEY uint256 chain * hook for Set array length stores * @dev user of this spec must replace _list with the instance name of the Set. **/ -hook Sstore _votersRepresented [KEY address rep] [KEY uint256 chain] .(offset 0).(offset 0) uint256 newLen (uint256 oldLen) STORAGE { +hook Sstore _votersRepresented [KEY address rep] [KEY uint256 chain] .(offset 0).(offset 0) uint256 newLen (uint256 oldLen) { mirrorArrayLen[rep][chain] = newLen; } @@ -153,7 +158,7 @@ hook Sstore _votersRepresented [KEY address rep] [KEY uint256 chain] .(offset 0 * hook for Set array length load * @dev user of this spec must replace _votersRepresented with the instance name of the Set. **/ -hook Sload uint256 len _votersRepresented [KEY address rep] [KEY uint256 chain] .(offset 0).(offset 0) STORAGE { +hook Sload uint256 len _votersRepresented [KEY address rep] [KEY uint256 chain] .(offset 0).(offset 0) { require mirrorArrayLen[rep][chain] == len; } @@ -161,11 +166,7 @@ hook Sload uint256 len _votersRepresented [KEY address rep] [KEY uint256 chain] * main Set general invariant **/ invariant setInvariant(env e1, address representative, uint256 chainId) - SET_INVARIANT(representative, chainId) - { - preserved with (env e2) - {require e1.msg.sender == e2.msg.sender;} - } + SET_INVARIANT(representative, chainId); /** diff --git a/security/certora/specs/voting/legality.spec b/security/certora/specs/voting/legality.spec index f960278..4660fa0 100644 --- a/security/certora/specs/voting/legality.spec +++ b/security/certora/specs/voting/legality.spec @@ -38,7 +38,10 @@ function is_proposalCreated(uint256 proposalId) returns bool { invariant createdVoteHasNonZeroHash(uint256 proposalId) - is_proposalCreated(proposalId) => is_proposalHashNonZero(proposalId); + is_proposalCreated(proposalId) => is_proposalHashNonZero(proposalId) + filtered { + f -> filteredMethods(f) + } /** @title Stored voting power is immutable (once positive) @@ -46,7 +49,9 @@ invariant createdVoteHasNonZeroHash(uint256 proposalId) * and that once it is positive it is immutable. This rule, together with the * previous section proves that a voter cannot vote twice. */ -rule votedPowerIsImmutable(method f, address voter, uint256 proposalId) { +rule votedPowerIsImmutable(method f, address voter, uint256 proposalId) filtered { + f -> filteredMethods(f) +} { IVotingMachineWithProofs.Vote pre = getUserProposalVote(voter, proposalId); env e; @@ -61,7 +66,9 @@ rule votedPowerIsImmutable(method f, address voter, uint256 proposalId) { /// @title Vote tally can change only for active and properly configured proposals -rule onlyValidProposalCanChangeTally(method f, uint256 proposalId) { +rule onlyValidProposalCanChangeTally(method f, uint256 proposalId) filtered { + f -> filteredMethods(f) +} { requireInvariant createdVoteHasNonZeroHash(proposalId); IVotingMachineWithProofs.ProposalWithoutVotes pre = getProposalById(proposalId); @@ -91,7 +98,7 @@ rule onlyValidProposalCanChangeTally(method f, uint256 proposalId) { * and positive after. */ rule legalVote(method f, uint256 proposalId, address voter) filtered { - f -> !f.isView + f -> !f.isView && filteredMethods(f) } { IVotingMachineWithProofs.ProposalWithoutVotes pre = getProposalById(proposalId); IVotingMachineWithProofs.Vote preVote = getUserProposalVote(voter, proposalId); diff --git a/security/certora/specs/voting/misc.spec b/security/certora/specs/voting/misc.spec index 75f8dc4..38c7487 100644 --- a/security/certora/specs/voting/misc.spec +++ b/security/certora/specs/voting/misc.spec @@ -170,11 +170,13 @@ rule rejectEquivalentProofs( assert lastReverted; } + // setup self check - reachability of currentContract external functions -rule method_reachability { +rule method_reachability(method f) filtered { + f -> filteredMethods(f) +} { env e; calldataarg arg; - method f; f(e, arg); satisfy true; } diff --git a/security/certora/specs/voting/power_summary.spec b/security/certora/specs/voting/power_summary.spec index 71debdc..0238bba 100644 --- a/security/certora/specs/voting/power_summary.spec +++ b/security/certora/specs/voting/power_summary.spec @@ -42,6 +42,13 @@ methods bytes32 blockHash ) external => _getVotingPower(asset, baseStorageSlot, power, blockHash) expect (uint256); + function _.getVotingPower( + address asset, + uint128 baseStorageSlot, + uint256 power, + bytes32 blockHash + ) internal => + _getVotingPower(asset, baseStorageSlot, power, blockHash) expect (uint256); // `DataWarehouse` ========================================================= // Summarized since it retrieves data from slots @@ -54,7 +61,9 @@ methods _getStorage(account, blockHash, slot, storageProof); // `CrossChainController` ================================================== - // NOTE: Not clear why this call is not resolved, we summarize it as `NONDET` + // NOTE: Summarized since it contains a `delegatecall` in `CrossChainForwarder.sol` + // Line 284 + // NOTE: This is not a view function, so `NONDET` summary is not safe! function CrossChainController.forwardMessage( uint256, address, uint256, bytes ) external returns (bytes32,bytes32) => NONDET; @@ -73,7 +82,7 @@ methods * @param storageProof * @return raw voting power for the given asset */ -ghost mapping(address => mapping(bytes => uint256)) _slotValues; +persistent ghost mapping(address => mapping(bytes => uint256)) _slotValues; /// @title Summary of `DataWarehouse.getStorage` - slot always exists @@ -105,7 +114,7 @@ function _getStorage( * @param baseStorageSlot * @return voter's voting power for the given asset */ -ghost mapping(uint256 => mapping(address => mapping(uint128 => uint256))) _votingAssetPower; +persistent ghost mapping(uint256 => mapping(address => mapping(uint128 => uint256))) _votingAssetPower; /** @title Mock voting power @@ -150,6 +159,69 @@ function _getVotingPower( } +// Filters ===================================================================== +// Defines methods that usually must be filtered out from invariants and parametric rules +definition filteredMethods(method f) returns bool = ( + // Filtered due to unresolved call from `Address.sol` Line 136: + // `target.call{value: value}(data)` + f.selector != sig:CrossChainController.emergencyTokenTransfer( + address, address, uint256 + ).selector && + + // Filtered due to unresolved call from `CrossChainReceiver.sol` Line 231: + // `IBaseReceiverPortal(envelope.destination).receiveCrossChainMessage(` + // ` envelope.origin,envelope.originChainId,envelope.message` + // `)` + f.selector != sig:receiveCrossChainMessage(address,uint256,bytes).selector && + + // Filtered due to unresolved call from `CrossChainReceiver.sol` Line 231: see above + f.selector != sig:CrossChainController.deliverEnvelope( + CrossChainController.Envelope + ).selector && + + // Filtered due to unresolved call from `Rescuable.sol` Line 3: + // to.call{value: amount}(new bytes(0)) + f.selector != sig:CrossChainController.emergencyEtherTransfer( + address,uint256 + ).selector && + + // Filtered due to unresolved call from `Address.sol` Line 189: + // `target.delegatecall(data)` + f.selector != sig:CrossChainController.enableBridgeAdapters( + ICrossChainForwarder.ForwarderBridgeAdapterConfigInput[] + ).selector && + + // Unreachable methods + // NOTE: It is unclear why these are unreachable in 6.0.0 + f.selector != sig:CrossChainController.isEnvelopeRegistered( + CrossChainController.Envelope + ).selector && + f.selector != sig:CrossChainController.retryEnvelope( + CrossChainController.Envelope, uint256 + ).selector && + f.selector != sig:CrossChainController.receiveCrossChainMessage( + bytes, uint256 + ).selector && + f.selector != sig:CrossChainController.getEnvelopeState( + CrossChainController.Envelope + ).selector && + f.selector != sig:CrossChainController.forwardMessage( + uint256, address, uint256, bytes + ).selector && + f.selector != sig:CrossChainController.retryTransaction( + bytes, uint256, address[] + ).selector && + f.selector != sig:CrossChainController.initialize( + address, + address, + ICrossChainReceiver.ConfirmationInput[], + ICrossChainReceiver.ReceiverBridgeAdapterConfigInput[], + ICrossChainForwarder.ForwarderBridgeAdapterConfigInput[], + address[] + ).selector +); + + // Code mock verification rules ================================================ /** @title There are exactly three acceptable tokens @@ -159,16 +231,18 @@ function _getVotingPower( * therefore should be retained in CI. */ invariant onlyThreeTokens() - _VotingStrategy.getVotingAssetListLength() == 3; + _VotingStrategy.getVotingAssetListLength() == 3 + filtered { + f -> filteredMethods(f) + } // setup self check - reachability of currentContract external functions -rule method_reachability { +rule method_reachability(method f) filtered { + f -> filteredMethods(f) +} { env e; calldataarg arg; - method f; - f(e, arg); satisfy true; } - diff --git a/security/certora/specs/voting/proposal_config.spec b/security/certora/specs/voting/proposal_config.spec index 9849586..373ab4d 100644 --- a/security/certora/specs/voting/proposal_config.spec +++ b/security/certora/specs/voting/proposal_config.spec @@ -56,12 +56,18 @@ function is_proposalHasRoots(uint256 proposalId) returns bool { * `VotingMachineWithProofs.sol:412`) it will not revert the original call. */ invariant startedProposalHasConfig(uint256 proposalId) - is_proposalStarted(proposalId) => is_proposalConfigCreated(proposalId); + is_proposalStarted(proposalId) => is_proposalConfigCreated(proposalId) + filtered { + f -> filteredMethods(f) + } /// @title Once a proposal vote is started the required roots exist invariant createdProposalHasRoots(uint256 proposalId) is_proposalStarted(proposalId) => is_proposalHasRoots(proposalId) + filtered { + f -> filteredMethods(f) + } { preserved { // Without this one can create a proposal with `l1ProposalBlockHash` zero @@ -72,7 +78,10 @@ invariant createdProposalHasRoots(uint256 proposalId) /// @title Existing proposal config has non-zero duration invariant proposalHasNonzeroDuration(uint256 proposalId) - is_proposalConfigCreated(proposalId) <=> (getProposalVotingDuration(proposalId) != 0); + is_proposalConfigCreated(proposalId) <=> (getProposalVotingDuration(proposalId) != 0) + filtered { + f -> filteredMethods(f) + } /// @title New proposal must have unused ID @@ -102,7 +111,9 @@ rule newProposalUnusedId(uint256 proposalId, bytes32 blockHash, uint24 votingDur /// @title A proposal's configuration is immutable once set -rule configIsImmutable(method f, uint256 proposalId) { +rule configIsImmutable(method f, uint256 proposalId) filtered { + f -> filteredMethods(f) +} { IVotingMachineWithProofs.ProposalVoteConfiguration preConf = ( getProposalVoteConfiguration(proposalId) ); @@ -123,4 +134,14 @@ rule configIsImmutable(method f, uint256 proposalId) { } +/// @title The function `getProposalsVoteConfigurationIds` must not revert +rule getProposalsConfigsDoesntRevert(uint256 skip, uint256 size) { + require size < 2^64; + require size + skip < 2^256; // Avoid overflow + + getProposalsVoteConfigurationIds@withrevert(skip, size); + assert !lastReverted, "getProposalsConfigsDoesntRevert must not revert"; +} + + use rule method_reachability; diff --git a/security/certora/specs/voting/proposal_states.spec b/security/certora/specs/voting/proposal_states.spec index 52ed55d..1f16f62 100644 --- a/security/certora/specs/voting/proposal_states.spec +++ b/security/certora/specs/voting/proposal_states.spec @@ -47,6 +47,9 @@ invariant startsBeforeEnds(uint256 proposalId) proposalStartTime(proposalId) < proposalEndTime(proposalId) )) ) + filtered { + f -> filteredMethods(f) + } { preserved { // Without this one can create a proposal with `l1ProposalBlockHash` zero @@ -64,6 +67,9 @@ invariant startsStrictlyBeforeEnds(uint256 proposalId) to_mathint(proposalEndTime(proposalId)) == proposalStartTime(proposalId) + proposalVotingDuration(proposalId) ) + filtered { + f -> filteredMethods(f) + } { preserved { // Without this one can create a proposal with `l1ProposalBlockHash` zero @@ -117,7 +123,9 @@ rule proposalLegalStates(uint256 proposalId) { /// @title A proposal's valid state transitions by method call -rule proposalMethodStateTransitionCompliance(method f, uint256 proposalId) { +rule proposalMethodStateTransitionCompliance(method f, uint256 proposalId) filtered { + f -> filteredMethods(f) +} { env e; IVotingMachineWithProofs.ProposalState before = getProposalState(e, proposalId); @@ -216,7 +224,9 @@ rule proposalTimeStateTransitionCompliance(uint256 proposalId) { * Verifies that certain fields of the proposal are immutable (once the proposal is * created of course). */ -rule proposalImmutability(method f, uint256 proposalId) { +rule proposalImmutability(method f, uint256 proposalId) filtered { + f -> filteredMethods(f) +} { IVotingMachineWithProofs.ProposalWithoutVotes pre = getProposalById(proposalId); env e; @@ -240,7 +250,10 @@ rule proposalImmutability(method f, uint256 proposalId) { /// @title A created proposal vote's ID is never changed invariant proposalIdIsImmutable(uint256 proposalId) - isProposalStarted(proposalId) => (getIdOfProposal(proposalId) == proposalId); + isProposalStarted(proposalId) => (getIdOfProposal(proposalId) == proposalId) + filtered { + f -> filteredMethods(f) + } use rule method_reachability; diff --git a/security/certora/specs/voting/setup.spec b/security/certora/specs/voting/setup.spec index 0d3da67..610abcb 100644 --- a/security/certora/specs/voting/setup.spec +++ b/security/certora/specs/voting/setup.spec @@ -21,6 +21,10 @@ methods function getIdOfProposal(uint256) external returns (uint256) envfree; + function getProposalsVoteConfigurationIds( + uint256, uint256 + ) external returns (uint256[] memory) envfree; + // `VotingStrategy` ======================================================== function VotingStrategyHarness.is_hasRequiredRoots( bytes32 @@ -46,7 +50,9 @@ methods ) external returns (StateProofVerifier.SlotValue) => NONDET; // `CrossChainController` ================================================== - // NOTE: Not clear why this call is not resolved, we summarize it as `NONDET` + // NOTE: Summarized since it contains a `delegatecall` in `CrossChainForwarder.sol` + // Line 284 + // NOTE: This is not a view function, so `NONDET` summary is not safe! function CrossChainController.forwardMessage( uint256, address, uint256, bytes ) external returns (bytes32,bytes32) => NONDET; @@ -58,12 +64,75 @@ methods ) internal returns (bytes32) => NONDET; } + +// Defines methods that usually must be filtered out from invariants and parametric rules +definition filteredMethods(method f) returns bool = ( + // Filtered due to unresolved call from `Address.sol` Line 136: + // `target.call{value: value}(data)` + f.selector != sig:CrossChainController.emergencyTokenTransfer( + address, address, uint256 + ).selector && + + // Filtered due to unresolved call from `CrossChainReceiver.sol` Line 231: + // `IBaseReceiverPortal(envelope.destination).receiveCrossChainMessage(` + // ` envelope.origin,envelope.originChainId,envelope.message` + // `)` + f.selector != sig:receiveCrossChainMessage(address,uint256,bytes).selector && + + // Filtered due to unresolved call from `CrossChainReceiver.sol` Line 231: see above + f.selector != sig:CrossChainController.deliverEnvelope( + CrossChainController.Envelope + ).selector && + + // Filtered due to unresolved call from `Rescuable.sol` Line 3: + // to.call{value: amount}(new bytes(0)) + f.selector != sig:CrossChainController.emergencyEtherTransfer( + address,uint256 + ).selector && + + // Filtered due to unresolved call from `Address.sol` Line 189: + // `target.delegatecall(data)` + f.selector != sig:CrossChainController.enableBridgeAdapters( + ICrossChainForwarder.ForwarderBridgeAdapterConfigInput[] + ).selector && + + // Unreachable methods + // NOTE: It is unclear why these are unreachable in 6.0.0 + f.selector != sig:CrossChainController.isEnvelopeRegistered( + CrossChainController.Envelope + ).selector && + f.selector != sig:CrossChainController.retryEnvelope( + CrossChainController.Envelope, uint256 + ).selector && + f.selector != sig:CrossChainController.receiveCrossChainMessage( + bytes, uint256 + ).selector && + f.selector != sig:CrossChainController.getEnvelopeState( + CrossChainController.Envelope + ).selector && + f.selector != sig:CrossChainController.forwardMessage( + uint256, address, uint256, bytes + ).selector && + f.selector != sig:CrossChainController.retryTransaction( + bytes, uint256, address[] + ).selector && + f.selector != sig:CrossChainController.initialize( + address, + address, + ICrossChainReceiver.ConfirmationInput[], + ICrossChainReceiver.ReceiverBridgeAdapterConfigInput[], + ICrossChainForwarder.ForwarderBridgeAdapterConfigInput[], + address[] + ).selector +); + + // setup self check - reachability of currentContract external functions -rule method_reachability { +rule method_reachability(method f) filtered { + f -> filteredMethods(f) +} { env e; calldataarg arg; - method f; f(e, arg); satisfy true; } - diff --git a/security/certora/specs/voting/voting_and_tally.spec b/security/certora/specs/voting/voting_and_tally.spec index 1dbd5b2..805160a 100644 --- a/security/certora/specs/voting/voting_and_tally.spec +++ b/security/certora/specs/voting/voting_and_tally.spec @@ -67,7 +67,7 @@ ghost mapping(uint256 => mathint) votesSum { */ hook Sstore _proposals[KEY uint256 proposalId].votes[KEY address voter].votingPower - uint248 newPower (uint248 oldPower) STORAGE + uint248 newPower (uint248 oldPower) { // Update `is_someoneVoting` - only the new havoc is_someoneVoting assuming ( @@ -110,7 +110,10 @@ function getRegisteredVotingPower(uint256 proposalId, address voter) returns uin * It follows that if a vote is cast on proposal `i` then `is_someoneVoting(i)` is true. */ invariant votingPowerGhostIsVotingPower(uint256 proposalId, address voter) - getRegisteredVotingPower(proposalId, voter) == storedVotingPower(proposalId, voter); + getRegisteredVotingPower(proposalId, voter) == storedVotingPower(proposalId, voter) + filtered { + f -> filteredMethods(f) + } // Votes tally ================================================================= @@ -124,7 +127,10 @@ function getVotesSum(uint256 proposalId) returns mathint { /// @title The sum of votes in favor and against equals the sum of stored voting powers invariant sumOfVotes(uint256 proposalId) - votesSum[proposalId] == getVotesSum(proposalId); + votesSum[proposalId] == getVotesSum(proposalId) + filtered { + f -> filteredMethods(f) + } // Casting votes =============================================================== @@ -133,7 +139,9 @@ invariant sumOfVotes(uint256 proposalId) * To be precise, if the proposal's votes tally changed then there exists a voter `v` * whose stored voting power on the proposal changed from zero to positive. */ -rule voteTallyChangedOnlyByVoting(method f, uint256 proposalId) { +rule voteTallyChangedOnlyByVoting(method f, uint256 proposalId) filtered { + f -> filteredMethods(f) +} { assert sig:getProposalById(uint256).isView; IVotingMachineWithProofs.ProposalWithoutVotes pre = getProposalById(proposalId); @@ -159,7 +167,9 @@ rule voteTallyChangedOnlyByVoting(method f, uint256 proposalId) { * If a vote was cast for a proposal, then the proposal's votes tally changed. * Moreover, the change in tally corresponds to the vote that was cast. */ -rule voteUpdatesTally(method f, uint256 proposalId, address voter) { +rule voteUpdatesTally(method f, uint256 proposalId, address voter) filtered { + f -> filteredMethods(f) +} { env e; IVotingMachineWithProofs.ProposalWithoutVotes pre = getProposalById(proposalId); IVotingMachineWithProofs.Vote preVote = getUserProposalVote(voter, proposalId); @@ -252,7 +262,7 @@ function dispatchVote(method f, env e, address voter) { ) { submitVoteFromVoter(e, voter, aProposalId, support, votingBalanceProofs); } else { - if isSenderVoterFunction(f) { + if (isSenderVoterFunction(f)) { // The sender is the voter require voter == e.msg.sender; } @@ -263,7 +273,9 @@ function dispatchVote(method f, env e, address voter) { /// @title Vote tally can be changed only by one of the voting methods -rule onlyVoteCanChangeResult(method f, uint256 proposalId, address voter) { +rule onlyVoteCanChangeResult(method f, uint256 proposalId, address voter) filtered { + f -> filteredMethods(f) +} { env e; IVotingMachineWithProofs.ProposalWithoutVotes pre = getProposalById(proposalId); IVotingMachineWithProofs.Vote preVote = getUserProposalVote(voter, proposalId); @@ -303,7 +315,9 @@ rule onlyVoteCanChangeResult(method f, uint256 proposalId, address voter) { /// @title Voting tally can only increase -rule votingTallyCanOnlyIncrease(method f, uint256 proposalId) { +rule votingTallyCanOnlyIncrease(method f, uint256 proposalId) filtered { + f -> filteredMethods(f) +} { IVotingMachineWithProofs.ProposalWithoutVotes pre = getProposalById(proposalId); env e; @@ -326,7 +340,9 @@ rule votingTallyCanOnlyIncrease(method f, uint256 proposalId) { /// @title A stranger's stored vote is unchanged when another votes rule strangerVoteUnchanged(method f, uint256 proposalId, address stranger, address voter) -{ +filtered { + f -> filteredMethods(f) +} { require voter != stranger; IVotingMachineWithProofs.Vote strangePre = getUserProposalVote(stranger, proposalId); @@ -343,7 +359,9 @@ rule strangerVoteUnchanged(method f, uint256 proposalId, address stranger, addre /// @title Only a single proposal's tally and votes may change by a single method call rule otherProposalUnchanged( method f, uint256 proposalId, uint256 otherProposal, address otherVoter -) { +) filtered { + f -> filteredMethods(f) +} { require proposalId != otherProposal; env e; @@ -374,7 +392,9 @@ rule otherProposalUnchanged( /// @title Only a single voter's stored voting power may change (on a given proposal) rule otherVoterUntouched( method f, uint256 proposalId, address voter, address stranger -) { +) filtered { + f -> filteredMethods(f) +} { require voter != stranger; env e; @@ -442,7 +462,9 @@ rule otherVoterUntouched( //check submitVoteAsRepresentative and submitVote -rule cannot_vote_twice_with_submitVote_and_submitVoteAsRepresentative(method f) filtered { f -> !f.isView}{ +rule cannot_vote_twice_with_submitVote_and_submitVoteAsRepresentative(method f) filtered { + f -> filteredMethods(f) && !f.isView +} { env e1; env e2; @@ -492,8 +514,10 @@ rule cannot_vote_twice_with_submitVote_and_submitVoteAsRepresentative(method f) // } -rule cannot_vote_twice_with_submitVoteAsRepresentative_and_submitVote(method f) filtered { f -> !f.isView}{ - +rule cannot_vote_twice_with_submitVoteAsRepresentative_and_submitVote(method f) filtered { + f -> filteredMethods(f) && !f.isView +} { + env e1; env e2; uint256 proposalId1; @@ -594,7 +618,10 @@ rule cannot_vote_twice_with_submitVoteAsRepresentative_and_submitVote(method f) // } -rule cannot_vote_twice_with_submitVoteSingleProofAsRepresentative_and_submitVote(method f) filtered { f -> !f.isView}{ +rule cannot_vote_twice_with_submitVoteSingleProofAsRepresentative_and_submitVote(method f) +filtered { + f -> filteredMethods(f) && !f.isView +} { env e1; env e2; @@ -645,11 +672,12 @@ rule cannot_vote_twice_with_submitVoteSingleProofAsRepresentative_and_submitVote -// setup self check - reachability of currentContract external functions -rule method_reachability { +// setup self check - reachability of currentContract and external functions +rule method_reachability(method f) filtered { + f -> filteredMethods(f) +} { env e; calldataarg arg; - method f; f(e, arg); satisfy true; }