From a7b5958fddbbf520c461c12c2ecd988d00f56bf9 Mon Sep 17 00:00:00 2001 From: "Q. T. Felix" <53819958+Quant-TheodoreFelix@users.noreply.github.com> Date: Thu, 19 Mar 2026 19:33:55 +0900 Subject: [PATCH 1/5] =?UTF-8?q?`2.0.0`=20=EB=A6=B4=EB=A6=AC=EC=A6=88=20?= =?UTF-8?q?=EB=AC=B8=EC=84=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 1 + CONTRIBUTION.md | 38 ++++++++++------- CONTRIBUTION_EN.md | 76 ++++++++++++++++++--------------- Cargo.toml | 35 +++++++-------- INTRODUCTION.md | 70 ------------------------------ INTRODUCTION_EN.md | 70 ------------------------------ README.md | 74 +++++++++++++++++++------------- README_EN.md | 90 +++++++++++++++++++++++---------------- SECURITY.md | 27 +++++++----- SECURITY_EN.md | 51 ++++++++++++---------- entanglementlib-logo.png | Bin 0 -> 307651 bytes 11 files changed, 226 insertions(+), 306 deletions(-) delete mode 100644 INTRODUCTION.md delete mode 100644 INTRODUCTION_EN.md create mode 100644 entanglementlib-logo.png diff --git a/.gitignore b/.gitignore index 5cd2c17..0adf3a5 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,7 @@ dist/ *.iml test-vectors/ .DS_* +*.pdf ### Rust template # Generated by Cargo diff --git a/CONTRIBUTION.md b/CONTRIBUTION.md index ba96379..e44001b 100644 --- a/CONTRIBUTION.md +++ b/CONTRIBUTION.md @@ -4,33 +4,38 @@ _안녕하세요. 저희는 팀 퀀트(Quant)이며, 저는 Quant Theodore Felix라고 합니다._ -**이 프로젝트에 기여해주시는 모든 여러분에게 정말 감사드리며,** 몇 가지 사전 준비 사항을 알려드리고자 합니다. 우선, 이 프로젝트는 [`MIT LICENSE`](LICENSE)를 따릅니다. +**이 프로젝트에 기여해주시는 모든 여러분에게 정말 감사드리며,** 몇 가지 사전 준비 사항을 알려드리고자 합니다. 우선, 이 프로젝트는 [`MIT LICENSE`](LICENSE)를 따르지만 상위 프로젝트인 "얽힘 라이브러리"는 `PolyForm Noncommercial License 1.0.0` 라이선스를 따르기 때문에 상업(경제)적 선에서 자유롭지 못한 것을 이해해주시길 바랍니다. 정리하면 다음의 용도가 가능합니다. -저희 팀은 모든 프로젝트를 진행함에 있어 **매우 엄격한 보안**과 **효율적인 메모리 관리**를 중요시합니다. 여러분은 [이 프로젝트의 보안 정책](SECURITY.md)을 참고하실 수 있습니다. 만약 여러분이 이 프로젝트에 기여하고자 한다면 "내가 작성하는 모든 코드에 있어 기본적으로 보안에 충실하다." 라는 사항에 반드시 동의해주셔야 합니다. 이하, 여러분이 기여해주시면 이 사항에 전적으로 동의한 것으로 간주됩니다. +- **허용**: 학습, 개인 프로젝트, 비영리 연구, 교육 목적의 내부적 사용 등. +- **금지**: 직접적 판매 행위, 상용 서비스 내부 활용, 영리 회사 내 업무 사용 등. -여러분이 쉽고 빠르게 코드를 작성하고, 저희는 여러분의 변경을 적극적으로 반영하기 위해 다음의 기본 규칙을 정의했습니다. 해당 규칙은 기여자 여러분들에게 1차적으로 적용되며, 병합 작업을 처리하는 저희들에게 다시금 적용됩니다. 이러한 부분에서 다소 불편을 드려 죄송할 따름입니다. **하지만 저희는 매우 엄격한 보안 규칙에 대해 깊은 신념을 가지고 있고, 이를 이해해주십사 합니다.** +저희 팀은 모든 프로젝트를 진행함에 있어 **매우 엄격한 보안**과 **효율적인 메모리 관리**를 중요시합니다. 여러분은 [이 프로젝트의 보안 정책](SECURITY.md)을 참고하실 수 있습니다. + +이 프로젝트에 기여하기 전, 얽힘 라이브러리의 보안 철학에 따라 **"내가 작성한 코드는 보안에 충실한가?"** 라는 의문을 가져주시길 바랍니다! ## 기여 규칙 -1. 여러분은 Rust 기반의 코드를 작성하실 수 있습니다. 이 떄 명심해야 하는 것은, 해당 코드는 [얽힘 라이브러리](https://github.com/Quant-Off/entanglementlib) 측에서 [FFM API](https://openjdk.org/jeps/454)를 통해 호출됩니다. 말인 즉슨, 작성되는 코드는 해당 라이브러리로부터 접근 가능한 부분이 관측되어야 합니다. 이는 곧 "정밀한 구현의 캡슐화"라는 의미로 직결됩니다. **API로서 공개 가능한 부분과, 내부 구현을 명확히 캡슐화**하여 주시길 바랍니다. -2. 기본적으로 저희는 **적극적인 테스트**를 기대하고 예상합니다. 이는 간단히, 여러분이 작성한 기능에 대해서 **아주 명확한 테스트가 존재해야 함**을 의미합니다. 테스트는 아시다시피 프로젝트 발전 뿐 아니라 **여러분이 작성한 코드를 파악하는 데 아주 큰 도움이 됩니다.** 작성한 기능이 어떻게 동작해야 하고, 특수한 경우에는 어떻게 동작하는지(엣지케이스)에 대해 명확히 테스트를 작성해 주시길 바랍니다. **테스트에서도 아주 치명적인 취약점을 발견할 수도 있습니다!** -3. 그리고 벤치마킹에 관해 알려드리고 싶습니다. 이 프로젝트는 `Criterion` 크레이트를 사용하여 벤치마킹을 진행하고, 그 결과를 [benchmarks/](benchmarks) 하위에 명명백백히 기록합니다. 다만 여러분이 진행한 벤치마킹 결과를 관련 문서에 정리하실 필요는 없습니다! 어쨌든, 저희가 진행하는 벤치마킹은 일반적으로 "보안성(security)", "처리량(throughout)" 평가로 나뉩니다. 여러분도 일관된 스타일로 벤치마킹 코드를 작서해주셨으면 합니다. **그리고 이 사항은 필수가 아님을 말씀드리고 싶습니다!** +여러분이 쉽고 빠르게 코드를 작성하고, 여러분의 변경을 적극적으로 반영하기 위해 다음의 기본 규칙을 정의했습니다. 해당 규칙은 메인테이너와 기여자 여러분 모두에게 공통적으로 적용됩니다. + +1. 여러분은 Rust, C/C++ 기반의 코드를 작성하실 수 있습니다. 이 떄 명심해야 하는 것은, **FFI 경계 통신 표준을 위한 구현**입니다. 말인 즉슨, 작성되는 코드가 외부로부터 접근 가능한 부분과 핵심 연산이 수행되는 부분이 엄격히 차별(캡슐화)되어 있어야 합니다. +2. 기본적으로 저희는 **적극적인 테스트**를 예상합니다. 이는 간단히, 여러분이 작성한 기능에 대해 **명확한 테스트가 존재해야 함**을 의미합니다. 테스트는 프로젝트 발전 뿐 아니라 **여러분이 작성한 코드를 파악하는 데 아주 큰 도움이 됩니다.** 작성한 기능이 어떻게 동작해야 하고, 특수한 경우에는 어떻게 동작하는지(엣지케이스)에 대해 명확히 테스트를 작성해 주시길 바랍니다. **테스트에서도 아주 치명적인 취약점을 발견할 수도 있습니다!** +3. 그리고 벤치마킹에 관해 알려드리고 싶습니다. 이 프로젝트는 `Criterion` 크레이트를 사용하여 벤치마킹을 진행하고, 그 결과를 [benchmarks/](benchmarks) 하위에 명명백백히 기록합니다. `entlib-native`의 벤치마킹은 "보안성(security)", "처리량(throughout)"의 성능 평가로 구분됩니다. (이 사항은 필수가 아닙니다!) 여러분은 **위 규칙에 전적으로 해당되는 아주 방대한 양의 특수 보안 기능에 대한 코드를 작성**하실 수 있고, 단순 최적화나 버그, `docstring` 및 문서 오타 발견 등의 문제를 발견하여 이를 수정하고자 하실 수도 있습니다. 간단한 변경이라 판단되는 경우 위 규칙을 **엄격하게 따르실 필요는 없습니다.** -좀 더 구체적으로 설명드리자면, 위 규칙은 여러분이 작성한 코드에 **외부 가시성**, **함수 및 변수 등의 멤버 정의**, **기존 기능의 변경**이 포함된 경우에만 적용됩니다. 갑작스러운 오류에 대비하기 위해 저희가 해당 변경을 면밀히 검토하겠습니다. +좀 더 구체적으로 설명드리자면, 위 규칙은 여러분이 작성한 코드에 **외부로부터의 가시성**, **함수 및 변수 등의 멤버 정의**, **기존 기능의 변경**이 포함된 경우에만 적용됩니다. 갑작스러운 오류에 대비하기 위해 저희가 해당 변경을 면밀히 검토하겠습니다. -꽤 특수한 경우는 존재합니다. **만약 여러분이 워크플로를 추가 및 수정하고자 한다면, 반드시 이슈(issues)로 알려주시길 바랍니다.** 이는 혼동의 위험이 있기 때문입니다. +꽤 특수한 경우로, **만약 여러분이 워크플로를 추가 및 수정(또는 아이디어 논의)하고자 한다면, 반드시 `Level 2`(후술) 이슈(issues)로 알려주시길 바랍니다.** 이는 혼동의 위험이 있기 때문입니다. ## 마음 편하게 기여해주세요 -이 프로젝트는 상당히 기여 기준점이 높다는 것을 저희도 알고 있습니다. **하지만 이것이 "당신의 코드가 이 규칙을 충족하지 않으면 사용하지 않겠다." 라는 의미가 아님을 명확히** 말씀드리고 싶습니다. +상당히 기여 기준점이 높다는 것을 저희도 알고 있습니다. **하지만 이것이 "당신의 코드가 이 규칙을 충족하지 않으면 사용하지 않겠다." 라는 의미가 아님을 명확히** 말씀드리고 싶습니다. -저희는 여러분의 피드백이 큰지, 작은지, 중요한지, 필요한지, 의미 있는지 등을 기계처럼 평가하는 단체가 아닙니다. **어디까지나 중요한 것은 여러분 개개인이 가진 철학을 이 코드에** 심어주시는 것이며, 단순히 **코드에 대한 감상을 말씀해주시는 것 만으로도 저희는 너무나 감사할 따름입니다!** 저희가 말하고 싶은 것은 **여러분이 이 코드를 어떠한 방식으로든 리뷰함에 있어 기본적으로 감사함을 느끼고 있다**는 것입니다. +저희는 여러분의 피드백이 큰지, 작은지, 중요한지, 필요한지, 의미 있는지 등을 기계처럼 평가하는 단체가 아닙니다. **어디까지나 중요한 것은 여러분 개개인이 가진 철학을 이 코드에** 심어주시는 것이며, 단순히 **코드에 대한 감상을 말씀해주시는 것 만으로도 저희는 너무나 감사할 따름입니다! **저희가 말하고 싶은 것은 **여러분이 이 코드를 어떠한 방식으로든 리뷰함에 있어 기본적으로 감사함을 느끼고 있다**는 것입니다. 짜증나는 규칙으로 인해 이 프로젝트와의 상호 작용을 그만두진 않으셨으면 합니다. **여러분이 이 코드를 리뷰함에 있어 부담감을 느낀다면, 이 프로젝트는 존재 가치가 없다고 저희는 생각하고 있습니다.** -저희 팀은 보안의 측면에서 가능한 수에 대비하고, 또 그 행동을 모두와 함께 하는 미래를 그리고 있다는 걸 알아주시면 감사하겠습니다! +저희 팀은 보안의 측면에서 가능한 많은 수에 대비하고, 또 그 행동을 모두와 함께 하는 미래를 그리고 있다는 걸 알아주시면 감사하겠습니다. # 손쉬운 접근 및 방향성 @@ -54,14 +59,17 @@ _안녕하세요. 저희는 팀 퀀트(Quant)이며, 저는 Quant Theodore Felix # 최신 릴리즈 업데이트 기준 주요 기여 -이 프로젝트에 있어 다음 항목에 해당하는 기여는 저희가 1순위로 검토합니다(물론 보안 기여는 0순위입니다). +이 프로젝트에 있어 다음 항목에 해당하는 기여는 `Level 3`으로 분류되며, 1순위로 검토합니다(물론 보안 기여는 0순위입니다). - 공통 - - 많은 크레이트의 핵심 기능은 `Result` 열거형을 통해 `SecureBuffer` 구조체와 문자열 참조를 반환합니다. 이는 오류 전파에 부적절합니다. + - **올바른 오류 전파 방법**: 많은 크레이트의 핵심 기능은 `Result` 열거형을 통해 `SecureBuffer` 구조체와 문자열 참조를 반환합니다. 이는 오류 전파에 부적절합니다. + - **컴플라이언스 문제**: 암호 모듈 구현에 있어 국제적 인증 및 규정을 준수하지 않은 부분을 발견했다면, 즉시 연락주세요. - 보안 버퍼 크레이트 `entlib-native-secure-buffer` - - `zeroizer.rs` 내 no_std 폐쇄 환경을 위한 Fall-back 시, 해당 환경의 하드웨어(CPU) 특성에 따라 캐시 라인 플러시가 보장되지 않을 수 있다고 합니다. 이 부분에 대해 섬세한 평가검증이 필요합니다. + - **베어메탈 캐시 플러시 문제**: `zeroizer.rs` 내 no_std 폐쇄 환경을 위한 Fall-back 시, 해당 환경의 하드웨어(CPU) 특성에 따라 캐시 라인 플러시가 보장되지 않을 수 있다고 합니다. 이 부분에 대해 섬세한 평가검증이 필요합니다. + - **이중 잠금**: JO(Java-Owned) 패턴을 통해 상호 작용 시 메모리 lock 수행 후 전달됩니다. Rust 측 `SecureMemoryBlock` 구조체는 이 데이터에 대해 한 번 더 lock을 수행합니다. 이 작업에 대해 어떻게 생각하시나요? - CI 워크플로 - - CC 상수-시간 감사 워크플로의 Level 3(바이너리 메모리 오염 추적)은 Unix 환경에서 Valgrind를 사용하여 테스트를 수행합니다. 하지만 저는 아직 이 부분에 대해 큰 아이디어가 없어 임시 비활성화해둔 상태입니다. 이 부분에 대해 좋은 아이디어를 가지고 있다면 알려주세요. + - **엄격한 상수-시간 검사**: 현재 구현된 상수-시간 연산이 부족해 보이시거나, 엄격한 검증을 위해서는 어떻게 해야 한다고 생각하시나요? + - **메모리 오염 추적 방법**: CC 상수-시간 감사 워크플로의 Level 3(바이너리 메모리 오염 추적)은 Unix 환경에서 Valgrind를 사용하여 테스트를 수행합니다. 하지만 저는 아직 이 부분에 대해 큰 아이디어가 없어 임시 비활성화해둔 상태입니다. 이 부분에 대해 좋은 아이디어를 가지고 있다면 알려주세요. # 연락 diff --git a/CONTRIBUTION_EN.md b/CONTRIBUTION_EN.md index 725714d..a28396f 100644 --- a/CONTRIBUTION_EN.md +++ b/CONTRIBUTION_EN.md @@ -4,67 +4,75 @@ _Hello. We are Team Quant, and I am Quant Theodore Felix._ -**We truly appreciate everyone who contributes to this project,** and we would like to inform you of a few prerequisites. First of all, this project follows the [`MIT LICENSE`](LICENSE). +**Thank you very much to everyone who contributes to this project.** I would like to inform you of a few preliminary preparations. First of all, please understand that this project follows the [`MIT LICENSE`](LICENSE), but the parent project, "Entanglement Library," follows the `PolyForm Noncommercial License 1.0.0`, so it is not free from commercial (economic) use. In summary, the following uses are possible: -Our team prioritizes **very strict security** and **efficient memory management** in conducting all projects. You can refer to [this project's security policy](SECURITY_EN.md). If you wish to contribute to this project, you must agree to the statement: "I am fundamentally committed to security in all code I write." Hereinafter, if you contribute, it will be considered that you fully agree to this statement. +- **Allowed**: Learning, personal projects, non-profit research, internal use for educational purposes, etc. +- **Prohibited**: Direct sales, use within commercial services, business use within a for-profit company, etc. -To help you write code easily and quickly, and for us to actively reflect your changes, we have defined the following basic rules. These rules apply primarily to you, the contributors, and again to us who handle the merge operations. We apologize for any inconvenience this may cause. **However, we have a deep belief in very strict security rules, and we ask for your understanding.** +Our team emphasizes **very strict security** and **efficient memory management** in all our projects. You can refer to [this project's security policy](SECURITY_EN.md). + +Before contributing to this project, please ask yourself, **"Is the code I'm writing faithful to security?"** in accordance with the security philosophy of the Entanglement Library. ## Contribution Rules -1. You can write Rust-based code. Please keep in mind that this code is called via the [FFM API](https://openjdk.org/jeps/454) from the [EntanglementLib](https://github.com/Quant-Off/entanglementlib/blob/master/README_EN.md). This means that the code written must be observable in parts accessible from that library. This directly leads to the meaning of "encapsulation of precise implementation". Please **clearly encapsulate the parts that can be exposed as APIs and the internal implementations**. -2. Basically, we expect and anticipate **active testing**. This simply means that **very clear tests must exist** for the features you write. As you know, tests are very helpful not only for project development but also for **understanding the code you wrote**. Please write clear tests on how the written function should behave and how it behaves in special cases (edge cases). **You might even discover very critical vulnerabilities in tests!** -3. Also, we would like to inform you about benchmarking. This project uses the `Criterion` crate to conduct benchmarking, and the results are clearly recorded under [benchmarks/](benchmarks). However, you do not need to organize the results of your benchmarking in related documents! Anyway, the benchmarking we conduct is generally divided into "security" and "throughput" evaluations. We hope you also write benchmarking code in a consistent style. **And we would like to say that this is not mandatory!** +We have defined the following basic rules to help you write code easily and quickly and to actively incorporate your changes. These rules apply to both maintainers and contributors. + +1. You can write code based on Rust, C/C++. The important thing to keep in mind here is the **implementation for the FFI boundary communication standard**. In other words, the code you write must have a strict distinction (encapsulation) between the parts accessible from the outside and the parts where core operations are performed. +2. Basically, we expect **active testing**. This simply means that **there must be clear tests for the features you write**. Testing not only helps the project develop, but it also **greatly helps you understand the code you've written.** Please write clear tests for how the feature you've written should work and how it works in special cases (edge cases). **You can also find very critical vulnerabilities in testing!** +3. And I want to tell you about benchmarking. This project uses the `Criterion` crate to perform benchmarking and records the results clearly under [benchmarks/](benchmarks). The benchmarking of `entlib-native` is divided into performance evaluations of "security" and "throughput". (This is not mandatory!) -You might be writing **code for a vast amount of special security features that fully fall under the above rules**, or you might simply want to fix simple optimizations, bugs, `docstring`s, or typos in documentation. In cases deemed as simple changes, you **do not need to strictly follow** the above rules. +You can **write a very large amount of code for special security features that fully correspond to the above rules**, or you may find and want to fix problems such as simple optimizations, bugs, `docstring` and document typos. If you judge it to be a simple change, you **do not need to strictly follow the above rules.** -To be more specific, the above rules apply only if your code involves **external visibility**, **definition of members such as functions and variables**, or **changes to existing features**. To prepare for sudden errors, we will carefully review such changes. +To be more specific, the above rules only apply if the code you write includes **visibility from the outside**, **definition of members such as functions and variables**, and **changes to existing features**. We will review the changes carefully to prepare for sudden errors. -There are quite special cases. **If you wish to add or modify workflows, please be sure to let us know via issues.** This is because there is a risk of confusion. +In a rather special case, **if you want to add or modify a workflow (or discuss ideas), please be sure to let us know as a `Level 2` (see below) issue.** This is because there is a risk of confusion. -## Please Contribute Comfortably +## Feel Free to Contribute -We also know that the contribution standards for this project are quite high. **However, we want to clearly state that this does not mean "If your code does not meet these rules, we will not use it."** +We are also aware that the contribution threshold is quite high. **However, I want to make it clear that this does not mean "we will not use your code if it does not meet these rules."** -We are not an organization that evaluates like a machine whether your feedback is big, small, important, necessary, or meaningful. **What is important is that you plant your individual philosophy into this code**, and we are **extremely grateful just for you sharing your thoughts on the code!** What we want to say is that **we basically feel gratitude for you reviewing this code in any way**. +We are not an organization that evaluates your feedback like a machine, whether it is big, small, important, necessary, or meaningful. **What is important is that you instill your individual philosophy into this code**, and we are very grateful just for you to **share your thoughts on the code!** What we want to say is that **we are basically grateful for you reviewing this code in any way.** -We hope you do not stop interacting with this project due to annoying rules. **If you feel burdened in reviewing this code, we believe that this project has no value of existence.** +We hope you don't stop interacting with this project because of annoying rules. **We believe that this project has no reason to exist if you feel burdened to review this code.** -We would appreciate it if you recognize that our team prepares for possible scenarios in terms of security and envisions a future where we do this together with everyone! +We would appreciate it if you would know that our team is preparing for as many numbers as possible in terms of security and is drawing a future where we do that action with everyone. # Easy Access and Direction -The above rules might just be an eyesore. If you fall into one of the following categories, do not hesitate! **We use the concept of "Levels" for easy contribution.** Let's categorize your contribution through this. +The above rules may just be an eyesore. If any of the following apply, you don't have to hesitate! **We use the concept of "levels" for easy contribution.** Let's break down your contributions through this. - `LEVEL 1` - **Very, very simple** - - Are there errors (strange grammar, typos, omissions, etc.) in the Markdown documents (`.md`)? - - Is there necessary information (technical specifications, usage instructions, etc.)? - - Do you have ideas for necessary features? + - Is there an error (strange grammar, typo, omission, etc.) in the content of the markdown document (`.md`)? + - Is there any necessary information (technical specifications, feature usage, etc.)? + - Do you have an idea for a necessary feature? - `LEVEL 2` - **Complex at times** - - Does there seem to be a problem with the test code (wrong references, no handling for specific situations, etc.)? - - Do you have ideas for workflows? **<<= In this case, please leave it via issues!** + - Does there seem to be a problem with the test code (wrong reference, no handling of a specific situation, etc.)? + - Do you have an idea for a workflow? **<<= In this case, please leave it as an issue!** - Does the benchmarking seem wrong, or do you need additional benchmarking data? - - Do you have ideas for feature encapsulation? - - Does there seem to be a problem with values calculated through cryptographic operations (mismatch with expected values, logic different from operations specified in technical specifications, etc.)? + - Do you have an idea for feature encapsulation? + - Does there seem to be a problem with the value calculated through cryptographic operations (does not match the expected value, different logic from the operation specified in the technical specification, etc.)? - `LEVEL 3` - **Looks very serious** - - Does the logic seem different from what is described in NIST's `FIPS`, `SP`, or `IG`? - - Have you discovered a serious security vulnerability? **<<= In this case, please be sure to let us know at !** - - Do you have opinions on data erasure, its method, or the currently implemented logic? - - **Do you judge that the security of the overall security logic currently implemented is not rigorous?** + - Does it seem to be a different logic from what is described in NIST's `FIPS`, `SP`, or `IG`? + - Have you found a serious security vulnerability? **<<= In this case, please be sure to let us know at !** + - Do you have an opinion on the method or currently implemented logic for data erasure? + - **Do you judge that the security of the overall security logic currently implemented is not strict?** -# Key Contributions Based on Latest Release Updates +# Major Contributions Based on the Latest Release Update Criteria -For this project, contributions corresponding to the following items are our top priority for review (of course, security contributions are priority 0). +Contributions corresponding to the following items for this project are classified as `Level 3` and are reviewed with the highest priority (of course, security contributions are the 0th priority). - Common - - Core functions in many crates return a `SecureBuffer` struct and a string reference via the `Result` enum. This is inappropriate for error propagation. -- Security Buffer Crate `entlib-native-secure-buffer` - - During fall-back for `no_std` isolated environments in `zeroizer.rs`, it is said that cache line flushing may not be guaranteed depending on the hardware (CPU) characteristics of that environment. Delicate evaluation and verification are required for this part. -- CI Workflow - - Level 3 (Binary Memory Corruption Tracking) of the CC Constant-Time Audit workflow performs tests using Valgrind in Unix environments. However, I do not have a significant idea for this part yet, so it is temporarily disabled. If you have any good ideas regarding this, please let us know. + - **Correct error propagation method**: The core function of many crates returns a `SecureBuffer` struct and a string reference through a `Result` enum. This is inappropriate for error propagation. + - **Compliance issues**: If you find any parts that do not comply with international certifications and regulations in the implementation of the cryptographic module, please contact us immediately. +- Secure buffer crate `entlib-native-secure-buffer` + - **Bare-metal cache flush issue**: When falling back for a no_std closed environment in `zeroizer.rs`, it is said that cache line flushing may not be guaranteed depending on the hardware (CPU) characteristics of the environment. Delicate evaluation and verification are needed for this part. + - **Double lock**: When interacting through the JO (Java-Owned) pattern, the memory is locked and then transmitted. The `SecureMemoryBlock` struct on the Rust side performs another lock on this data. What do you think about this operation? +- CI workflow + - **Strict constant-time check**: Do you think the currently implemented constant-time operation is insufficient, or what do you think should be done for strict verification? + - **How to track memory corruption**: Level 3 (binary memory corruption tracking) of the CC constant-time audit workflow uses Valgrind to perform tests in a Unix environment. However, I have temporarily disabled it because I don't have a big idea about this part yet. Please let me know if you have a good idea about this. # Contact -You can contact us in any way regarding the above content (with the exception of specific items). +You can contact us in any way regarding the above (except for certain items). You can use email or Discord `qtfelix`. \ No newline at end of file diff --git a/Cargo.toml b/Cargo.toml index 9f1b291..20933ce 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -3,7 +3,7 @@ members = ["internal/*", "crypto/*", "core/*"] resolver = "2" [workspace.package] -version = "1.1.2" +version = "2.0.0" edition = "2024" authors = ["Q. T. Felix "] license = "MIT LICENSE" @@ -22,21 +22,22 @@ panic = "abort" [workspace.dependencies] ### INTERNAL DEPENDENCIES ### -entlib-native-ffi = { path = "internal/ffi", version = "1.1.2" } -entlib-native-quantum-util = { path = "internal/quantum-util", version = "1.1.2" } +entlib-native-ffi = { path = "internal/ffi", version = "2.0.0" } +entlib-native-quantum-util = { path = "internal/quantum-util", version = "2.0.0" } ### CORE DEPENDENCIES ### -entlib-native-hex = { path = "core/hex", version = "1.1.2" } -entlib-native-result = { path = "core/result", version = "1.1.2" } -entlib-native-base64 = { path = "core/base64", version = "1.1.2" } -entlib-native-secure-buffer = { path = "core/secure-buffer", version = "1.1.2" } -entlib-native-constant-time = { path = "core/constant-time", version = "1.1.2" } +entlib-native-rng = { path = "core/rng", version = "2.0.0" } +entlib-native-hex = { path = "core/hex", version = "2.0.0" } +entlib-native-result = { path = "core/result", version = "2.0.0" } +entlib-native-base64 = { path = "core/base64", version = "2.0.0" } +entlib-native-secure-buffer = { path = "core/secure-buffer", version = "2.0.0" } +entlib-native-constant-time = { path = "core/constant-time", version = "2.0.0" } ### INTERNAL CRYPTO DEPENDENCIES ### -entlib-native-rng = { path = "crypto/rng", version = "1.1.2" } -entlib-native-tls = { path = "crypto/tls", version = "1.1.2" } -entlib-native-hkdf = { path = "crypto/hkdf", version = "1.1.2" } -entlib-native-hmac = { path = "crypto/hmac", version = "1.1.2" } -entlib-native-sha2 = { path = "crypto/sha2", version = "1.1.2" } -entlib-native-sha3 = { path = "crypto/sha3", version = "1.1.2" } -entlib-native-chacha20 = { path = "crypto/chacha20", version = "1.1.2" } -entlib-native-key-establishment = { path = "crypto/key-establishment", version = "1.1.2" } -entlib-native-digital-signature = { path = "crypto/digital-signature", version = "1.1.2" } +entlib-native-tls = { path = "crypto/tls", version = "2.0.0" } +entlib-native-hkdf = { path = "crypto/hkdf", version = "2.0.0" } +entlib-native-hmac = { path = "crypto/hmac", version = "2.0.0" } +entlib-native-sha2 = { path = "crypto/sha2", version = "2.0.0" } +entlib-native-sha3 = { path = "crypto/sha3", version = "2.0.0" } +entlib-native-mldsa = { path = "crypto/mldsa", version = "2.0.0" } +entlib-native-chacha20 = { path = "crypto/chacha20", version = "2.0.0" } +entlib-native-key-establishment = { path = "crypto/key-establishment", version = "2.0.0" } +entlib-native-digital-signature = { path = "crypto/digital-signature", version = "2.0.0" } diff --git a/INTRODUCTION.md b/INTRODUCTION.md deleted file mode 100644 index f1282de..0000000 --- a/INTRODUCTION.md +++ /dev/null @@ -1,70 +0,0 @@ -# 얽힘 라이브러리 네이티브 - -> [English INTRODUCTION](INTRODUCTION_EN.md) - -> [!WARNING] -> 이 문서의 내용은 현재 `entlib-native`의 기능과 사뭇 다를 수 있습니다! - -[얽힘 라이브러리](https://github.com/Quant-Off/entanglementlib)의 핵심 로직은 모두 이 [Rust 기반 네이티브 라이브러리](https://github.com/Quant-Off/entlib-native)에서 진행됩니다. 이 문서에선 편하게 "네이티브"라고 부르겠습니다. - -이 문서에서, 이 네이티브가 얽힘 라이브러리와 어떻게 동작하는지와, 보안 작업을 어떻게 수행하는지 기술적으로 정확히 짚어드리고 싶지만 이 내용은 매-우 방대하기 떄문에 따로 [우리 문서 사이트](https://docs.qu4nt.space/docs/projects/entanglementlib/entlib-native)에 세밀히 정리해두겠습니다. - -# 설계 철학 - -네이티브의 설계 철학은 한 문장으로 요약됩니다: **보안 연산에 관여하는 모든 코드는 외부 의존 없이, 스스로 통제할 수 있어야 한다.** - -이 원칙은 단순히 외부 크레이트를 배제하겠다는 강박이 아닙니다. 보안 연산의 생명주기 전체를 직접 설계하고, 각 바이트가 언제 생성되고 언제 소거되는지를 개발자가 명시적으로 보장할 수 있어야 한다는 의미입니다. 외부 라이브러리가 내부적으로 어떤 최적화를 수행하는지, 어떤 임시 버퍼를 남기는지는 제가 통제할 수 없습니다. 따라서 네이티브에서 수행하는 모든 보안 연산은 직접 구현합니다. - -이 철학 위에서, 네이티브는 다음 네 가지 원칙을 지킵니다. - -**1. 메모리 소거의 보장.** 민감한 데이터를 다루는 모든 구조체는 범위를 벗어나는 순간 내부 상태가 완전히 소거됩니다. Rust의 `Drop` 트레이트와 `write_volatile`을 결합하여 컴파일러의 죽은 코드 제거(DCE) 최적화가 소거 로직을 건너뛰지 못하도록 강제하고, `compiler_fence`로 소거 순서를 보장합니다. - -**2. 상수 시간 연산.** 비밀 데이터에 의존하는 비교, 선택, 분기 등 모든 연산은 입력 값에 관계없이 동일한 시간 내에 완료됩니다. 조건 분기 대신 비트마스크 기반 선택을 사용하며, `x86_64`와 `aarch64` 아키텍처에서는 인라인 어셈블리를 통해 컴파일러의 개입 없이 명령어 수준에서 이를 보장합니다. - -**3. 하드웨어 수준의 제어.** 난수 생성은 CPU의 하드웨어 엔트로피 소스(`rdseed`, `rdrand`, `rndr`)를 직접 호출하며, 상수 시간 연산 역시 아키텍처별 어셈블리 명령어를 직접 작성합니다. 소프트웨어 계층의 추상화가 아닌, 하드웨어가 제공하는 보장에 기반합니다. - -**4. 감사 가능한 코드.** 보안 연산에 관여하는 코드는 외부 크레이트 없이 이 저장소 안에서 완결됩니다. 보안 검토 시 추적해야 할 코드의 범위가 명확하며, 의존성 체인에 의한 공급망 공격 표면을 원천적으로 차단합니다. - -# 상호 작용 - -네이티브는 얽힘 라이브러리 측에서 [FFM API(Linker API)](https://openjdk.org/jeps/454)를 통해 안전하며 빠르게 호출됩니다. - -얽힘 라이브러리에서 민감 데이터를 처리할 때, [민감 데이터 컨테이너](https://docs.qu4nt.space/docs/projects/entanglementlib/sensitive-data-container) 로직은 `MemorySegment`를 통해 네이티브에 메모리 주소를 전송하고, 네이티브는 메모리 주소를 받아 보안 연산 후 완벽하게 소거하여 Raw 결과를 얽힘 라이브러리에 전송합니다. 즉, 전체적으로 Heap 메모리에 데이터를 보관할 필요가 전혀 없기 때문에 얽힘 라이브러리의 가비지 컬렉터(GC)가 바보같은 실수를 할 필요도 없어집니다. - -# 모든 연산의 보안성 - -네이티브는 보안 철학에 따라 모든 보안 연산에 있어 기본적으로 외부 크레이트의 의존 없이 구현됩니다. 하지만 당연히 이것이 보안성과 직결되지 않습니다. 그렇다면 네이티브는 어떻게 연산을 안전하게 수행할까요? - -## 휘발성 메모리 소거 - -보안 연산에서 가장 기본적이면서 가장 중요한 것은 "사용이 끝난 민감 데이터가 메모리에 남지 않는 것"입니다. 일반적인 제로화 코드(예를 들어 배열을 0으로 채우는 루프)는 컴파일러가 "이후 읽히지 않는 쓰기"로 판단하여 최적화 과정에서 제거할 수 있습니다. 이른바 죽은 코드 제거입니다. - -네이티브에서는 `core::ptr::write_volatile`을 사용하여 모든 소거 연산이 컴파일러 최적화를 관통하도록 강제합니다. 이어서 `compiler_fence(Ordering::SeqCst)`로 메모리 배리어를 설정하여 소거가 의도된 순서대로 완료됨을 보장합니다. 이 패턴은 해시 내부 상태(`KeccakState`, `Sha256State` 등), 보안 버퍼(`SecureBuffer`), 난수 생성기 상태(`MixedRng`), 그리고 연산 중 사용되는 임시 변수까지 모두 일관되게 적용됩니다. - -## 상수 시간 연산 - -타이밍 사이드 채널 공격은 연산 시간의 미세한 차이를 관측하여 비밀 데이터를 추론합니다. 네이티브의 `constant_time` 모듈은 비밀 데이터에 의존하는 모든 연산이 입력 값과 무관하게 동일한 명령어 경로를 실행하도록 설계되었습니다. - -핵심 원칙은 조건 분기(`if-else`)를 사용하지 않고, 비트 연산만으로 결과를 선택하는 것입니다. 비교 결과는 `bool`이 아닌 비트마스크(`0` 또는 `!0`)로 반환되며, 이 마스크를 통해 분기 없이 값을 선택합니다. 아키텍처별로 세 단계(Tier)의 구현을 갖추고 있습니다: - -- **Tier 1 (완전 어셈블리):** `x86_64`, `aarch64`에서 32비트 및 64비트 타입에 대해 순수 인라인 어셈블리로 구현합니다. Rust 컴파일러가 명령어를 재배치하거나 분기로 변환할 가능성을 원천 차단합니다. -- **Tier 2 (어셈블리 배리어):** 동일 아키텍처에서 8비트, 16비트, 128비트 타입에 대해 어셈블리 최적화 배리어와 Rust 비트 연산을 조합합니다. -- **Tier 3 (폴백):** 그 외 아키텍처에서 `core::hint::black_box`를 사용하여 최적화를 억제하고, 순수 Rust 비트 연산으로 구현합니다. - -이 상수 시간 원시 연산은 `Base64` 인코딩/디코딩 등 실제 연산에 직접 사용됩니다. - -## 하드웨어 엔트로피 - -소프트웨어 의사 난수 생성기(PRNG)만으로는 엔트로피 소스의 품질을 보장하기 어렵습니다. 네이티브의 난수 생성기는 CPU가 제공하는 하드웨어 엔트로피 소스를 직접 호출합니다. `x86_64` 환경에서는 [NIST SP 800-90B](https://csrc.nist.gov/pubs/sp/800/90/b/final) 준거 `rdseed` 명령어를 우선 사용하고, `aarch64` 환경에서는 ARMv8.5-A의 `RNDR` 레지스터를 읽습니다. - -순수 하드웨어 출력에 추가적인 비선형 혼합이 필요한 경우, ChaCha20 코어 블록 기반의 `MixedRng`를 통해 하드웨어 엔트로피를 키와 논스로 사용한 스트림을 생성합니다. 이 과정에서 사용된 내부 상태와 스택 위의 중간값 역시 연산 완료 후 휘발성 소거됩니다. - -## SecureBuffer - -네이티브의 연산 결과는 일반적인 `Vec`이나 바이트 배열로 Java Heap에 직접 전달되지 않습니다. 대신 `SecureBuffer` 구조체에 담겨 Off-Heap 메모리에 유지되며, Java 측에는 오직 해당 메모리의 원시 포인터만 전달됩니다. - -이 설계가 필요한 이유는 명확합니다. Java의 가비지 컬렉터는 Heap 객체를 자유롭게 복사하고 이동시키며, 원본 위치의 데이터가 언제 소거될지 보장하지 않습니다. `SecureBuffer`는 이 문제를 원천적으로 회피합니다. Java가 데이터 사용을 마치고 해제를 요청하면, `Drop` 트레이트에 의해 내부 바이트가 휘발성 소거된 후 메모리가 반환됩니다. - -# 구성 - -네이티브는 가상 매니페스트(virtual manifest) 기반의 워크스페이스로 구성되며, 각 크레이트는 세분화되어 명확한 책임 경계를 가집니다. `crypto/` 하위에는 `Base64`, `Hash` 또는 알고리즘 연산을 수행하기 위한 크레이트가 위치해 있고, `internal/` 하위에는 `ffi` 연동 및 양자 관련 유틸리티 크레이트가 포함되어 있습니다. \ No newline at end of file diff --git a/INTRODUCTION_EN.md b/INTRODUCTION_EN.md deleted file mode 100644 index 09c2dcf..0000000 --- a/INTRODUCTION_EN.md +++ /dev/null @@ -1,70 +0,0 @@ -# EntanglementLib Native - -> [Korean INTRODUCTION](INTRODUCTION.md) - -> [!WARNING] -> The content of this document may differ significantly from the current functionality of `entlib-native`! - -The core logic of the [EntanglementLib](https://github.com/Quant-Off/entanglementlib) is all processed within this [Rust-based native library](https://github.com/Quant-Off/entlib-native). In this document, we will simply refer to it as "Native". - -In this document, I would like to technically pinpoint exactly how this Native works with the EntanglementLib and how it performs security operations, but since this content is extremely vast, I will organize it in detail separately on [our documentation site](https://docs.qu4nt.space/en/docs/projects/entanglementlib/entlib-native). - -# Design Philosophy - -The design philosophy of Native can be summarized in one sentence: **All code involved in security operations must be controllable by itself, without external dependencies.** - -This principle is not simply an obsession with excluding external crates. It means that the developer must be able to directly design the entire lifecycle of security operations and explicitly guarantee when each byte is created and when it is erased. I cannot control what optimizations external libraries perform internally or what temporary buffers they leave behind. Therefore, all security operations performed in Native are implemented directly. - -Based on this philosophy, Native adheres to the following four principles. - -**1. Guarantee of Memory Erasure.** All structures handling sensitive data have their internal states completely erased the moment they go out of scope. By combining Rust's `Drop` trait and `write_volatile`, we force the compiler's Dead Code Elimination (DCE) optimization not to skip the erasure logic, and guarantee the erasure order with `compiler_fence`. - -**2. Constant Time Operations.** All operations dependent on secret data, such as comparison, selection, and branching, are completed within the same time regardless of the input value. Instead of conditional branching, we use bitmask-based selection, and on `x86_64` and `aarch64` architectures, we guarantee this at the instruction level through inline assembly without compiler intervention. - -**3. Hardware-Level Control.** Random number generation directly calls the CPU's hardware entropy sources (`rdseed`, `rdrand`, `rndr`), and constant time operations also directly write assembly instructions for each architecture. It is based on guarantees provided by hardware, not abstraction at the software layer. - -**4. Auditable Code.** Code involved in security operations is completed within this repository without external crates. The scope of code to trace during security reviews is clear, and the attack surface of the supply chain due to dependency chains is fundamentally blocked. - -# Interaction - -Native is called safely and quickly from the EntanglementLib side via the [FFM API (Linker API)](https://openjdk.org/jeps/454). - -When processing sensitive data in the EntanglementLib, the [Sensitive Data Container](https://docs.qu4nt.space/en/docs/projects/entanglementlib/sensitive-data-container) logic transmits the memory address to Native via `MemorySegment`, and Native receives the memory address, performs security operations, completely erases it, and transmits the Raw result to the EntanglementLib. In other words, since there is absolutely no need to store data in Heap memory overall, the Garbage Collector (GC) of the EntanglementLib does not need to make foolish mistakes. - -# Security of All Operations - -Native is basically implemented without dependence on external crates for all security operations according to its security philosophy. However, naturally, this is not directly connected to security. Then how does Native perform operations safely? - -## Volatile Memory Erasure - -The most basic and most important thing in security operations is "that used sensitive data does not remain in memory". General zeroing code (for example, a loop filling an array with 0) can be judged by the compiler as "writes that are not read later" and removed during the optimization process. This is so-called dead code elimination. - -In Native, we use `core::ptr::write_volatile` to force all erasure operations to penetrate compiler optimizations. Subsequently, we set a memory barrier with `compiler_fence(Ordering::SeqCst)` to guarantee that erasure is completed in the intended order. This pattern is consistently applied to hash internal states (`KeccakState`, `Sha256State`, etc.), security buffers (`SecureBuffer`), random number generator states (`MixedRng`), and even temporary variables used during operations. - -## Constant Time Operations - -Timing side-channel attacks infer secret data by observing minute differences in operation time. Native's `constant_time` module is designed so that all operations dependent on secret data execute the same instruction path regardless of the input value. - -The core principle is not to use conditional branching (`if-else`) but to select results only with bitwise operations. Comparison results are returned as bitmasks (`0` or `!0`) rather than `bool`, and values are selected without branching through this mask. We have implementations of three tiers for each architecture: - -- **Tier 1 (Full Assembly):** Implemented in pure inline assembly for 32-bit and 64-bit types on `x86_64`, `aarch64`. It fundamentally blocks the possibility of the Rust compiler rearranging instructions or converting them to branches. -- **Tier 2 (Assembly Barrier):** Combines assembly optimization barriers and Rust bitwise operations for 8-bit, 16-bit, and 128-bit types on the same architectures. -- **Tier 3 (Fallback):** Uses `core::hint::black_box` on other architectures to suppress optimizations and implements with pure Rust bitwise operations. - -These constant time primitive operations are directly used in actual operations such as `Base64` encoding/decoding. - -## Hardware Entropy - -It is difficult to guarantee the quality of entropy sources with only software Pseudo-Random Number Generators (PRNG). Native's random number generator directly calls hardware entropy sources provided by the CPU. In `x86_64` environments, it prioritizes using `rdseed` instructions compliant with [NIST SP 800-90B](https://csrc.nist.gov/pubs/sp/800/90/b/final), and in `aarch64` environments, it reads the `RNDR` register of ARMv8.5-A. - -If additional non-linear mixing is required for pure hardware output, a stream using hardware entropy as key and nonce is generated through `MixedRng` based on the ChaCha20 core block. Internal states and intermediate values on the stack used in this process are also volatilely erased after operation completion. - -## SecureBuffer - -Native's operation results are not directly delivered to the Java Heap as general `Vec` or byte arrays. Instead, they are contained in the `SecureBuffer` structure and maintained in Off-Heap memory, and only the raw pointer of that memory is delivered to the Java side. - -The reason this design is necessary is clear. Java's Garbage Collector freely copies and moves Heap objects, and does not guarantee when the data at the original location will be erased. `SecureBuffer` fundamentally avoids this problem. When Java finishes using the data and requests release, the internal bytes are volatilely erased by the `Drop` trait, and then the memory is returned. - -# Composition - -Native is composed of a virtual manifest-based workspace, and each crate is granularized to have clear responsibility boundaries. Under `crypto/`, crates for performing `Base64`, `Hash`, or algorithm operations are located, and under `internal/`, crates for `ffi` integration and quantum-related utilities are included. \ No newline at end of file diff --git a/README.md b/README.md index 7cde4ff..b1f8ff0 100644 --- a/README.md +++ b/README.md @@ -1,43 +1,63 @@ -# 얽힘 라이브러리: 네이티브 브릿지 +# 얽힘 라이브러리 네이티브 + +[![Version](https://img.shields.io/badge/version-1.1.0%20Alpha-blue?style=for-the-badge)](https://github.com/Quant-Off/entlib-native) +[![License](https://img.shields.io/badge/license-MIT-green?style=for-the-badge)](LICENSE) +[![Language](https://img.shields.io/badge/language-Java-orange?style=for-the-badge)](https://github.com/Quant-Off/entlib-native) + +![lol](entanglementlib-logo.png) + +[얽힘 라이브러리(EntanglementLib)](https://github.com/Quant-Off/entanglementlib)의 모든 보안 기능을 책임지는 Rust 기반의 네이티브 라이브러리입니다. > [English README](README_EN.md) -> [이 라이브러리는 무슨 기능을 할까요?](INTRODUCTION.md) 기술에 대한 세부적 설명은 [퀀트 팀 공개 문서](https://docs.qu4nt.space/docs/projects/entanglementlib/entlib-native) 에서 확인할 수 있습니다. +EntanglementLib의 보안 기능을 완벽히 수행하기 위한 네이티브 베이스 언어는 Rust가 가장 잘 어울립니다. 이 언어의 가장 큰 장점은 성능 저하 없이 메모리 안정성을 보장하는 거예요. 세부적으로 [소유권 개념(Ownership)](https://doc.rust-kr.org/ch04-00-understanding-ownership.html)은 자원 관리를 용이하게 하고, **데이터 경쟁 없는 동시성 기능**은 통해 멀티 스레드 환경에서도 보안성을 강화해줍니다. + +Python이나 JPMS(Java Platform Module System)와 일관된 모듈 관리, 캡슐화가 간편한 등, 언어 자체가 유연한 특성을 가지고 있으며 FFI(Foreign Function Interface)로 Java와 간편히 연결되는 것은 충분히 매력으로 다가옵니다. -[얽힘 라이브러리(EntanglementLib)](https://github.com/Quant-Off/entanglementlib)의 핵심적 기능은 Rust 기반의 네이티브 라이브러리에 있습니다. 모든 보안 연산을 이 네이티브에서 수행하는 겁니다. +--- -EntanglementLib의 보안 기능을 완벽히 수행하기 위한 네이티브 베이스 언어는 Rust가 가장 잘 어울립니다. 이 언어의 가장 큰 장점은 성능 저하 없이 메모리 안정성을 보장하는 거예요. 세부적으로 [소유권 개념(Ownership)](https://doc.rust-kr.org/ch04-00-understanding-ownership.html)은 자원 관리를 용이하게 하고, **데이터 경쟁 없는 동시성 기능**은 통해 멀티 스레드 환경에서도 보안성을 강화해줍니다. Python이나 JPMS(Java Platform Module System)와 일관된 모듈 관리, 캡슐화가 간편한 등, 언어 자체가 유연한 특성을 가지고 있으며 FFI(Foreign Function Interface)로 Java와 간편히 연결되는 것은 충분히 매력으로 다가옵니다. +**현재로써** 이 네이티브에선 다음의 기능을 제공합니다(이 항목은 안정화 완료됐음을 의미합니다). -EntanglementLib의 모든 보안 연산은 이 네이티브에서 수행되죠. 구체적으로 다음의 기능을 제공합니다. +- `core` + - 메모리 소거를 보장하는 보안 버퍼(Secure Buffer) + - 상수-시간(Constant-Time) 연산 + - RNG(HashDRBG) + - Base65, Hex 인/디코딩 +- `crypto` + - HASH(SHA-2, 3, SHAKE 포함) + - HKDF(모든 해시 알고리즘에 대해) + - HMAC(모든 해시 알고리즘에 대해) -- [X] 하드웨어 진난수, 혼합 난수, 양자난수(Quantum RNG) 생성 -- [X] AEAD 암호화(ChaCha20) -- [X] 메모리 소거를 보장하는 보안 버퍼(Secure Buffer) -- [X] 상수-시간(Constant-Time) 연산 -- [X] 해시(SHA2, SHA3, SHAKE 포함) +각 기능은 특정 디렉토리 하위에 개별 크레이트로 분리되어 관리되고, 루트는 가상 매니페스트로 구성되어 있어 하위 크레이트를 관리하기 용이하죠. FFI를 구현한 `entlib-native-ffi` 크레이트는 Java 측에서 사용되어야 할 주요 함수를 전달하는 용도로 사용됩니다. 이러한 기능(및 잡동사니)은 `internal/`에서 관리됩니다. -각 기능은 개별 크레이트로 분리되어 관리됩니다. 루트는 가상 매니페스트로 구성되어 있어 하위 크레이트를 관리하기 용이하죠. 또한 Java 측에서 이 네이티브를 사용할 때 잘못된 호출을 원천적으로 차단하기 위해 FFI 함수를 구현한 크레이트가 존재합니다. 이 크레이트는 Java 측에서 사용되어야 할 주요 함수를 전달하는 용도로 사용됩니다. +## 보안 수준 -이 네이티브 라이브러리는 핵심 보안 기능 구현에 있어 외부 의존성(크레이트)을 사용하지 않습니다. 다르게 말해 외부로부터 들여오는 모든 자원을 기본적으로 신뢰하지 않는다는 겁니다. 이런 개발 철학은 **Zero Trust 원칙**을 지지하고, 이렇게 만들어진 하나의 결과물(얽힘 라이브러리)은 폐쇄 환경에서도 원활히 동작하게 됩니다. 이는 **Air-Gapped Ready 라는 원칙**에 부합합니다. +얽힘 라이브러리의 Common Criteria(CC) 보안보증등급(EAL) 4를 목표로 합니다. 현재 모든 구현은 미국 국립표준기술연구소(NIST) 연방 정보 처리 표준(FIPS) 140-3 을 기준삼았고, 개별 알고리즘 구현이 만들어지거나 변경될 때 마다 CAVP 검증을 자체적으로 진행합니다. -궁극적으로 이 네이티브는 엄격한 환경에서 자란 귀중한 자원으로서, 얽힘 라이브러리에서 적극적으로 안전하게 사용됩니다. +물론 이는 정식적인 검증이 아니라 어디까지나 자체적인 평가일 뿐 입니다. CAVP에 제공되는 테스트 벡터는 단순히 '이 알고리즘은 정상적으로 작동한다'에 대한 안내일 뿐 입니다. 암호모듈 검증(CMVP)를 위해선 구현된 모든 암호 알고리즘이 정상 작동하며, FIPS 표준을 한 치의 오차도 없이 명확히 따라야 합니다. + +얽힘 라이브러리의 최종 보안 목표는 CC EAL5+ 이상(EAL7)의 등급을 취득하는 것입니다. 이를 위해서는 하드웨어 레벨에서의 엄격한 설계, 정형적 명세 등의 까다롭고 복잡한 준비가 필요하지만 향후 군사급 보안에 다다를 예정입니다. 저는 이를 위한 아키텍처 설계 중에 있습니다. ## 향후 계획 -이 네이티브는 아직 갈 길이 멉니다. 지원되는 고전적 암호화 알고리즘 모듈을 다양하게 구현해야 합니다. +지원되는 고전적 암호화 알고리즘 모듈을 다양하게 구현해야 합니다. -- [ ] AES(128, 192, 256) -- [ ] ARIA(128, 192, 256) -- [ ] RSA(2048, 4096, 8192) -- [ ] ED25519, ED448 서명 -- [ ] X25519, X448 키 합의 +- AEAD + - [ ] ChaCha20 +- BlockCipher + - [ ] AES(128, 192, 256) + - [ ] ARIA(128, 192, 256) +- Digital Signature + - [ ] RSA(2048, 4096, 8192) + - [ ] ED25519, ED448 서명 + - [ ] X25519, X448 키 합의 이 뿐만 아니라 HMAC, HKDF 등의 암호학적 필수 기능도 제공되어야 합니다. 양자-내성 암호화(Post-Quantum Cryptography, PQC) 알고리즘은 다음의 목표를 가집니다. - [ ] [FIPS 203(Module Lattice-based Key Encapsulate Mechanism, ML-KEM)](https://csrc.nist.gov/pubs/fips/203/final) -- [ ] [FIPS 204(Module Lattice-based Digital Signature Algorithm, ML-DSA)](https://csrc.nist.gov/pubs/fips/204/final) +- [X] [FIPS 204(Module Lattice-based Digital Signature Algorithm, ML-DSA)](https://csrc.nist.gov/pubs/fips/204/final) - [ ] [FIPS 205(Stateless Hash-based Digital Signature Algorithm, SLH-DSA)](https://csrc.nist.gov/pubs/fips/205/final) 위 PQC 알고리즘이 구현되면 다음의 TLS 기능도 제공되어야 합니다. @@ -49,20 +69,16 @@ PKIX나 JWT 및 CWT, OTP 등, 아직 갈 길이 멀다는 것이 실감됩니다 ## 인증 및 규정 준수 필요 -구현 뿐만이 아닙니다. 이 네이티브에서 구현되는 모든 기능은 국제적 인증 기관이 명시한 기능의 보안 구현(명세) 상황을 완전히 따라야 하고, 정식적인 인증을 받아야 합니다. 그 전까진 어떤 알고리즘도 '안전'하다고 판단하진 않습니다. 숨겨진 변수는 언제든 나타나기 마련이니까요. +앞서 언급한 인증 및 규정 준수(컴플라이언스) 사항을 완벽히 지켜내기 위해 암호 알고리즘은 계속해서 검증되고, 얽힘 라이브러리 자체의 FIPS 표준 또한 점검됩니다. CAVP에 대한 구체적인 진행 상황은 다른 문서에 기록하겠습니다. -따라서 이 네이티브의 모든 기능을 사용하신다면 반드시 '살험적(experimental)' 기능으로 제공하거나, 사용하시길 바랍니다. +따라서 `entlib-naitve`를 사용하신다면 반드시 '살험적(experimental)' 기능으로 제공하거나, 사용하시길 바랍니다. > [!NOTE] > 엄격한 인증 및 규정 심사를 통과한 기능은 즉각적으로 업데이트히겠습니다. [이 문서](COMPLIANCE.md)에서 해당 정보를 확인할 수 있도록 하겠습니다. -# 영감 및 기여 +# 기여 -마침 존경하는 보안 단체 `Legion of the BouncyCastle Inc`는 [`bc-rust`](https://github.com/bcgit/bc-rust/) 개발을 시작했고 얽힘 라이브러리 브릿징 기술에 유용할 법 한 영감을 많이 얻었습니다. 이들은 제가 얽힘 라이브러리 개발을 시작했을 때 부터 지금까지 언제나 저의 힘이 되어주고 있습니다. 어쨌든 저는 이 개발 속도를 유지할 것이며, 향후 업데이트에 따라 이 문서를 지속적으로 수정하겠습니다. 결국 이 목표를 향해 쭉 개발할 예정입니다. +제가 정말 좋아하는 보안 단체인 `Legion of the BouncyCastle Inc`는 [`bc-rust`](https://github.com/bcgit/bc-rust/) 개발을 시작했고 여기서 암호 알고리즘이나 키 관리 방식 등 유용한 기술적 영감을 많이 얻었습니다. 이들은 제가 얽힘 라이브러리 개발을 시작했을 때 부터 지금까지 언제나 저의 힘이 되어주고 있습니다. 어쨌든 저는 이 개발 속도(주 7일 10시간, 하지만 커밋은 느린.)를 유지할 것이며, 향후 업데이트에 따라 이 문서를 지속적으로 수정하겠습니다. 결국 이 목표를 향해 쭉 개발할 예정입니다. > [!TIP] -> 여러분의 피드백은 언제나 아주 큰 힘이 됩니다. 이 프로젝트에 기여하고자 한다면 [이 곳](CONTRIBUTION.md)을 참고해주세요! - -# 벤치마킹 - -이 네이티브 라이브러리의 벤치마킹은 `criterion` 크레이트를 통해 진행됩니다. 자세한 각 벤치마킹 결과는 [benchmarks 디렉토리 하위](benchmarks)에서 확인하실 수 있습니다. \ No newline at end of file +> 여러분의 피드백은 언제나 아주 큰 힘이 됩니다. 이 프로젝트에 기여하고자 한다면 이슈 또는 [기여 문서](CONTRIBUTION.md)를 참고해주세요! \ No newline at end of file diff --git a/README_EN.md b/README_EN.md index 07307ea..bb6ea05 100644 --- a/README_EN.md +++ b/README_EN.md @@ -1,68 +1,84 @@ -# EntanglementLib: Native Bridge +# Entanglement Library Native -> [English README](README_EN.md) +[![Version](https://img.shields.io/badge/version-1.1.0%20Alpha-blue?style=for-the-badge)](https://github.com/Quant-Off/entlib-native) +[![License](https://img.shields.io/badge/license-MIT-green?style=for-the-badge)](LICENSE) +[![Language](https://img.shields.io/badge/language-Java-orange?style=for-the-badge)](https://github.com/Quant-Off/entlib-native) -> [What does this library do?](INTRODUCTION.md) Detailed technical explanations can be found in the [Quant Team Public Documentation](https://docs.qu4nt.space/docs/projects/entanglementlib/entlib-native). +![lol](entanglementlib-logo.png) -The core functionality of the [EntanglementLib](https://github.com/Quant-Off/entanglementlib/blob/master/README_EN.md) resides in the Rust-based native library. All security operations are performed entirely within this native component. +A Rust-based native library responsible for all the security features of the [EntanglementLib](https://github.com/Quant-Off/entanglementlib). -Rust is the most suitable native base language for perfectly executing EntanglementLib’s security features. Its greatest strength is guaranteeing memory safety without any performance penalty. In detail, the [Ownership concept](https://doc.rust-lang.org/book/ch04-01-what-is-ownership.html) makes resource management straightforward, and **data-race-free concurrency** strengthens security even in multi-threaded environments. It offers consistent module management aligned with Python or JPMS (Java Platform Module System), easy encapsulation, and other flexible language characteristics. The ability to connect seamlessly with Java via FFI (Foreign Function Interface) is particularly compelling. +> [Korean README](README.md) -All security operations of EntanglementLib are executed in this native layer. Specifically, it provides the following capabilities: +Rust is the most suitable native base language for fully implementing the security features of EntanglementLib. The biggest advantage of this language is that it guarantees memory stability without performance degradation. In detail, the [Ownership concept](https://doc.rust-kr.org/ch04-00-understanding-ownership.html) facilitates resource management, and the **concurrency feature without data competition** enhances security even in a multi-threaded environment. -- [X] Hardware true random, mixed random, and quantum random number (Quantum RNG) generation -- [X] AEAD encryption (ChaCha20) -- [X] Secure Buffer that guarantees memory erasure -- [X] Constant-Time operations -- [X] Hash functions (including SHA2, SHA3, SHAKE) +It is flexible in itself, such as easy module management and encapsulation consistent with Python or JPMS (Java Platform Module System), and the easy connection with Java through FFI (Foreign Function Interface) is sufficiently attractive. -Each feature is managed as a separate crate. The root uses a virtual manifest, making sub-crate management straightforward. In addition, a dedicated crate implements the FFI functions to fundamentally block incorrect calls when the native is used from the Java side. This crate serves to expose only the essential functions that the Java side should call. +--- -This native library uses **no external dependencies (crates)** for the implementation of its core security features. In other words, it fundamentally does not trust any resources imported from outside. This development philosophy fully supports the **Zero Trust principle**, and the resulting single artifact (the EntanglementLib) operates smoothly even in closed environments. This perfectly aligns with the **Air-Gapped Ready** principle. +**Currently**, this native library provides the following features(indicating that these items have been stabilized): -Ultimately, this native is a precious resource cultivated in a strict environment and is actively and safely utilized throughout the EntanglementLib. +- `core` + - Secure Buffer that guarantees memory erasure + - Constant-Time operation + - RNG(HashDRBG) + - Base65, Hex en/decoding +- `crypto` + - HASH (including SHA-2, 3, SHAKE) + - HKDF (for all hash algorithms) + - HMAC (for all hash algorithms) + +Each feature is managed as a separate crate under a specific directory, and the root is configured as a virtual manifest, making it easy to manage the sub-crates. The `entlib-native-ffi` crate that implements FFI is used to deliver the main functions to be used on the Java side. These features (and miscellaneous items) are managed under the `internal` directory. + +## Security Level + +The Entanglement Library aims for Common Criteria (CC) Evaluation Assurance Level (EAL) 4. Currently, all implementations are based on the National Institute of Standards and Technology (NIST) Federal Information Processing Standards (FIPS) 140-3, and CAVP verification is conducted internally whenever an individual algorithm implementation is created or changed. + +Of course, this is not a formal verification, but only an internal evaluation. The test vectors provided to CAVP are simply a guide to 'this algorithm works normally'. For Cryptographic Module Validation Program (CMVP), all implemented cryptographic algorithms must operate normally and clearly follow the FIPS standard without any error. + +The final security goal of the Entanglement Library is to obtain a grade of CC EAL5+ or higher (EAL7). This requires difficult and complex preparations such as strict design at the hardware level and formal specifications, but it is planned to reach military-grade security in the future. I am in the process of designing the architecture for this. ## Future Plans -This native still has a long way to go. We must implement a wide variety of classical encryption algorithm modules. +We need to implement a variety of supported classic cryptographic algorithm modules. -- [ ] AES (128, 192, 256) -- [ ] ARIA (128, 192, 256) -- [ ] RSA (2048, 4096, 8192) -- [ ] ED25519, ED448 signatures -- [ ] X25519, X448 key agreement +- AEAD + - [ ] ChaCha20 +- BlockCipher + - [ ] AES(128, 192, 256) + - [ ] ARIA(128, 192, 256) +- Digital Signature + - [ ] RSA(2048, 4096, 8192) + - [ ] ED25519, ED448 signature + - [ ] X25519, X448 key agreement -In addition, essential cryptographic primitives such as HMAC and HKDF must be provided. +In addition, cryptographic essential functions such as HMAC and HKDF must also be provided. -The Post-Quantum Cryptography (PQC) algorithms have the following targets: +The Post-Quantum Cryptography (PQC) algorithm has the following goals. -- [ ] [FIPS 203 (Module Lattice-based Key Encapsulation Mechanism, ML-KEM)](https://csrc.nist.gov/pubs/fips/203/final) -- [ ] [FIPS 204 (Module Lattice-based Digital Signature Algorithm, ML-DSA)](https://csrc.nist.gov/pubs/fips/204/final) +- [ ] [FIPS 203 (Module Lattice-based Key Encapsulate Mechanism, ML-KEM)](https://csrc.nist.gov/pubs/fips/203/final) +- [X] [FIPS 204(Module Lattice-based Digital Signature Algorithm, ML-DSA)](https://csrc.nist.gov/pubs/fips/204/final) - [ ] [FIPS 205 (Stateless Hash-based Digital Signature Algorithm, SLH-DSA)](https://csrc.nist.gov/pubs/fips/205/final) -Once the above PQC algorithms are implemented, the following TLS features must also be provided: +Once the above PQC algorithm is implemented, the following TLS features must also be provided. - [ ] TLS 1.3 - [ ] X25519MLKEM768 according to [`draft-ietf-tls-ecdhe-mlkem`](https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/) -PKIX, JWT and CWT, OTP, and many others — there is clearly still a long road ahead. +I realize that there is still a long way to go, such as PKIX, JWT and CWT, and OTP. -## Certification and Compliance Requirements +## Certification and Compliance Required -Implementation alone is not enough. Every feature implemented in this native must completely follow the security implementation (specification) requirements set by international certification authorities and must obtain formal certification. Until then, no algorithm is considered “safe.” Hidden variables can surface at any time. +In order to fully comply with the aforementioned certification and compliance matters, the cryptographic algorithm is continuously verified, and the FIPS standard of the Entanglement Library itself is also checked. I will record the specific progress on CAVP in another document. -Therefore, when using any functionality from this native, please treat it as an **experimental** feature or use it with that understanding. +Therefore, if you use `entlib-naitve`, please provide or use it as an 'experimental' feature. > [!NOTE] -> Features that have passed strict certification and regulatory review will be updated immediately. You can check the relevant information in [this document](COMPLIANCE_EN.md). +> Features that have passed strict certification and regulatory review will be updated immediately. I will make sure that this information is available in [this document](COMPLIANCE_EN.md). -# Inspiration and Contribution +# Contribution -Coincidentally, the respected security collective `Legion of the BouncyCastle Inc` has begun development of [`bc-rust`](https://github.com/bcgit/bc-rust/), providing a great deal of inspiration that is highly relevant to EntanglementLib’s bridging technology. They have been a constant source of strength for me from the very beginning of EntanglementLib development up to now. In any case, I will maintain this development pace and will continue to update this document in line with future releases. Ultimately, development will proceed steadily toward this goal. +My favorite security group, `Legion of the BouncyCastle Inc`, has started developing [`bc-rust`](https://github.com/bcgit/bc-rust/), and I have gained a lot of useful technical inspiration from it, such as cryptographic algorithms and key management methods. They have always been my strength since I started developing the Entanglement Library. Anyway, I will maintain this development speed (10 hours a day, 7 days a week, but commits are slow), and I will continue to revise this document according to future updates. In the end, I plan to develop towards this goal. > [!TIP] -> Your feedback is always an enormous help. If you would like to contribute to this project, please refer to [this guide](CONTRIBUTION_EN.md)! - -# Benchmarking - -Benchmarking of this native library is performed using the `criterion` crate. Detailed results for each benchmark can be found in the [benchmarks subdirectory](benchmarks). \ No newline at end of file +> Your feedback is always a great help. If you want to contribute to this project, please refer to the issues or the [contribution document](CONTRIBUTION_EN.md)! \ No newline at end of file diff --git a/SECURITY.md b/SECURITY.md index dabc71a..015124a 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,23 +2,25 @@ > [English SECURITY](SECURITY_EN.md) -이 얽힘 라이브러리(EntanglementLib)의 네이티브 라이브러리는 "군사적 수준의 보안"과 "완벽한 데이터 소거(Anti-Data Remanence)"를 핵심 철학으로 삼고 있습니다. 우리는 여러분의 보안 취약점 제보를 매우 중요하게 생각하며, 발견된 문제는 최우선 순위로 처리됩니다. +`entlib-native`는 Zero-Trust 원칙을 엄중히 따르고 있습니다. + +여러분의 보안 취약점 제보를 매우 중요하게 생각하며, 발견된 문제는 최우선 순위로 처리됩니다. ## 취약점 보고 (Reporting a Vulnerability) -이 네이티브 라이브러리의 보안 취약점이나 민감한 데이터 잔류 문제, 메모리 관련 문제를 발견하셨다면, **절대 GitHub Issue에 공개적으로 게시하지 마세요!** 대신 아래 절차에 따라 비공개로 제보해 주시기를 부탁드립니다. +복합적 보안 취약점이나 데이터 잔류 문제, 메모리 관련 문제를 발견하셨다면, **절대 GitHub Issue에 공개적으로 게시하지 마세요!** 대신 아래 절차에 따라 비공개로 제보해 주시기를 부탁드립니다. ### 보고 방법 1. 이메일 로 저에게 직접 연락하세요. 2. 메일 제목에 `[SECURITY] entlib-native Vulnerability Report [GITHUB USERNAME]`를 포함해 주세요. 3. 가능하다면 아래의 정보를 포함해 주세요. - * 취약점의 유형 (타이밍 문제, 메모리 덤프 시 키 잔류, FFI 경계 검사 우회, PQC 알고리즘 구현 오류 등) - * 재현 방법 (PoC 코드 또는 단계별 설명) - * 영향을 받는 버전 및 환경의 상세한 정보 (OS, 컴퓨터 하드웨어 정보, Java 버전 등) + * 취약점의 유형 (상수-시간 문제, 타이밍 문제, 메모리 데이터 잔류, FFI 경계 검사 우회, 암호 알고리즘 구현 오류 등) + * 재현 방법 (PoC 코드 또는 단계별 설명) + * 영향을 받는 버전 및 환경의 상세한 정보 (OS, 컴퓨터 하드웨어 정보, Java, Rust 버전 등) > [!NOTE] -> 보안 통신을 위해 PGP 키가 필요한 경우, 저장소 내의 `KEYS` 파일을 확인하거나 요청해 주십시오. +> 보안 통신을 위해 PGP 키가 필요한 경우, 저장소 내의 [KEYS](KEYS) 파일을 확인하거나 요청해 주십시오. ### 처리 절차 @@ -33,11 +35,12 @@ 이 프로젝트는 특히 다음 영역의 보안을 중요하게 다룹니다. -* **메모리 소거 (Memory Erasure):** 민감한 데이터(키, 평문, 난수 시드 등)가 사용 후 즉시, 그리고 확실하게 메모리에서 소거되는지 여부. `Drop` 트레이트와 `write_volatile`을 통한 소거 로직의 무결성 -* **상수 시간 연산 (Constant-Time Operations):** 비밀 키나 데이터에 의존하는 연산이 입력 값에 상관없이 일정한 시간에 수행되는지 여부. 타이밍 공격(Timing Attack)에 대한 저항성 -* **난수 생성 (Random Number Generation):** 하드웨어 엔트로피(`rdseed`, `rdrand`, `rndr`)의 올바른 사용과 `MixedRng`의 비선형 혼합 로직의 안전성 -* **FFI 경계 (FFI Boundaries):** Java와 Rust 간의 데이터 교환 시 발생할 수 있는 메모리 오염, `null` 포인터 역참조, 버퍼 오버플로 등의 문제 -* **암호학적 정확성 (Cryptographic Correctness):** 구현된 알고리즘(`SHA-2`, `SHA-3`, `Base64` 등)이 표준 명세(`NIST FIPS`, `SP` 등)를 정확히 준수하는지 여부 +* **메모리 소거 (Memory Erasure):** 민감한 데이터(키, 평문, Seed 등)가 사용 후 즉시, 그리고 확실하게 메모리에서 소거되는지 여부. `Drop` 트레이트와 `write_volatile`을 통한 소거 로직의 무결성 +* **상수-시간 연산 (Constant-Time Operations):** 비밀 키나 데이터에 의존하는 연산이 입력 값에 상관없이 일정한 시간에 수행되는지 여부. 타이밍 공격(Timing Attack)에 대한 저항성 +* **난수 생성 (Random Number Generation):** OS 하드웨어 엔트로피의 올바른 사용과 안전성 +* **FFI 경계 (FFI Boundaries):** Java와 Rust 간의 데이터 교환 시 발생할 수 있는 메모리 오염, `null` 포인터 역참조, 버퍼 오버플로, 필터링 부재 등의 문제 +* **암호학적 정확성 (Cryptographic Correctness):** 구현된 암호 알고리즘이 표준 명세(`NIST FIPS`, `SP` 등)를 정확히 준수하는지 여부 +* **암호학적 정확성 (암호모듈):** 얽힘 라이브러리(Java), `entlib-native`(Rust) 개별 또는 둘이 혼합된 하나의 암호모듈이 `FIPS 140-2/3`을 정확히 준수하는지 여부 ## 범위 외 (Out of Scope) @@ -48,6 +51,8 @@ * **실험적 기능:** 명시적으로 "실험적(Experimental)"이라고 표시된 기능의 버그 * **사용자 환경 문제:** 사용자의 OS나 하드웨어 자체의 결함으로 인한 문제 +[기여 문서](CONTRIBUTION.md)에서 자세한 사항을 확인할 수 있습니다. + ## 감사의 말 해당 문제가 취약점으로 확인되면 보안 권고사항을 발표하고 당신의 기여를 기여자 목록에 포함시키겠습니다. 원하시는 경우, 기여자 목록에 당신의 성함과 연락처 정보를 기재할 수도 있습니다. diff --git a/SECURITY_EN.md b/SECURITY_EN.md index c520a1a..5dd536d 100644 --- a/SECURITY_EN.md +++ b/SECURITY_EN.md @@ -2,54 +2,59 @@ > [Korean SECURITY](SECURITY.md) -The native library of this EntanglementLib has "military-grade security" and "Anti-Data Remanence" as its core philosophies. We take your security vulnerability reports very seriously, and discovered issues are handled with the highest priority. +`entlib-native` strictly adheres to the Zero-Trust principle. + +We take your security vulnerability reports very seriously, and any issues found will be treated as a top priority. ## Reporting a Vulnerability -If you have discovered a security vulnerability, sensitive data remanence issue, or memory-related problem in this native library, **please DO NOT post it publicly on GitHub Issues!** Instead, please report it privately according to the procedure below. +If you discover a complex security vulnerability, data residue issue, or memory-related problem, **NEVER post it publicly on GitHub Issues!** Instead, please report it privately by following the procedure below. ### How to Report 1. Contact me directly via email at . -2. Please include `[SECURITY] entlib-native Vulnerability Report [GITHUB USERNAME]` in the email subject. +2. Please include `[SECURITY] entlib-native Vulnerability Report [GITHUB USERNAME]` in the email subject line. 3. If possible, please include the following information: - * Type of vulnerability (timing issue, key remanence in memory dump, FFI boundary check bypass, PQC algorithm implementation error, etc.) - * Reproduction method (PoC code or step-by-step description) - * Detailed information of the affected version and environment (OS, computer hardware information, Java version, etc.) + * The type of vulnerability (constant-time issue, timing issue, memory data residue, FFI boundary check bypass, cryptographic algorithm implementation error, etc.) + * How to reproduce it (PoC code or step-by-step description) + * Detailed information about the affected version and environment (OS, computer hardware information, Java, Rust version, etc.) > [!NOTE] -> If a PGP key is required for secure communication, please check the `KEYS` file in the repository or request it. +> If you need a PGP key for secure communication, please check the [KEYS](KEYS) file in the repository or request it. -### Handling Procedure +### Processing Procedure -Reported vulnerabilities are handled according to the following procedure: +Reported vulnerabilities are handled through the following procedure: -1. **Receipt Confirmation:** A receipt confirmation email is sent to the reporter within 48 hours. -2. **Analysis and Verification:** The Quant team internally analyzes the impact and reproducibility of the vulnerability in detail. -3. **Patch Development:** If the issue is confirmed, a hotfix for `entlib-native` or `entanglementlib` is developed. -4. **Disclosure and Deployment:** After the patch is completed and released, the vulnerability information is disclosed at an appropriate time in consultation with the reporter. +1. **Receipt Confirmation:** We will send a confirmation email to the reporter within 48 hours. +2. **Analysis and Verification:** The Quant team will analyze the impact and reproducibility of the vulnerability in detail. +3. **Patch Development:** If the problem is confirmed, we will develop a hotfix for `entlib-native` or `entanglementlib`. +4. **Disclosure and Distribution:** After the patch is completed and released, we will disclose the vulnerability information at an appropriate time in consultation with the reporter. ## Security Focus Areas -This project particularly considers security in the following areas important: +This project places particular importance on security in the following areas: -* **Memory Erasure:** Whether sensitive data (keys, plaintexts, random seeds, etc.) are immediately and certainly erased from memory after use. Integrity of erasure logic through `Drop` trait and `write_volatile`. -* **Constant-Time Operations:** Whether operations dependent on secret keys or data are performed in constant time regardless of input values. Resistance to Timing Attacks. -* **Random Number Generation:** Correct use of hardware entropy (`rdseed`, `rdrand`, `rndr`) and safety of non-linear mixing logic of `MixedRng`. -* **FFI Boundaries:** Problems such as memory corruption, null pointer dereference, and buffer overflow that may occur during data exchange between Java and Rust. -* **Cryptographic Correctness:** Whether implemented algorithms (`SHA-2`, `SHA-3`, `Base64`, etc.) accurately comply with standard specifications (`NIST FIPS`, `SP`, etc.). +* **Memory Erasure:** Whether sensitive data (keys, plaintext, seeds, etc.) is immediately and reliably erased from memory after use. The integrity of the erasure logic through the `Drop` trait and `write_volatile`. +* **Constant-Time Operations:** Whether operations that depend on secret keys or data are performed in a constant time regardless of the input value. Resistance to timing attacks. +* **Random Number Generation:** The correct use and safety of OS hardware entropy. +* **FFI Boundaries:** Issues that can occur during data exchange between Java and Rust, such as memory corruption, `null` pointer dereferencing, buffer overflows, and lack of filtering. +* **Cryptographic Correctness:** Whether the implemented cryptographic algorithms accurately comply with standard specifications (`NIST FIPS`, `SP`, etc.). +* **Cryptographic Correctness (Cryptographic Module):** Whether the Entanglement Library (Java), `entlib-native` (Rust), individually or as a mixed cryptographic module, accurately complies with `FIPS 140-2/3`. ## Out of Scope The following items are generally excluded from security vulnerability reports, but may be reviewed in serious cases: -* **Simple Performance Issues:** Simple performance degradation that does not affect security (except when it can lead to `DoS` attacks). +* **Simple Performance Issues:** Simple performance degradation that does not affect security (except in cases that could lead to a `DoS` attack). * **Typos in Documentation:** Simple typos or grammatical errors that do not cause technical misunderstandings. * **Experimental Features:** Bugs in features explicitly marked as "Experimental". * **User Environment Issues:** Problems caused by defects in the user's OS or hardware itself. -## Acknowledgements +You can find more details in the [Contribution Document](CONTRIBUTION_EN.md). + +## Acknowledgments -If the issue is confirmed as a vulnerability, we will publish a security advisory and include your contribution in the contributors list. If you wish, we can also list your name and contact information in the contributors list. +If the issue is confirmed as a vulnerability, we will issue a security advisory and include your contribution in the list of contributors. If you wish, we can also include your name and contact information in the list of contributors. -We thank in advance all security researchers and developers who have contributed to enhancing the security of the Entanglement Library. \ No newline at end of file +We would like to thank in advance all security researchers and developers who have contributed to strengthening the security of the Entanglement Library. \ No newline at end of file diff --git a/entanglementlib-logo.png b/entanglementlib-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..5d13cab8c4098fc8ab1ed9f0d065f19a18e63a15 GIT binary patch literal 307651 zcmeEvbwE^GyEhIYASi+b2n-6 zf`DlInt*@}{7XPUm~h~qza~I-{z_wFtcJVsDSHtx&q$L)p-@Q#+*Dls%C%pQgHKXt%pD!=#rgPLTwHiv1bOWcW_;(x#Kidc z1^5I6c)%Sz4sN!Nw_JH_9nSuI$=e;;-xHBU zk=7TFnKWIiK2WMc!F$D4;^n!)DN}obu$23kxCYy}$b}#s2f{R|uK!h=_ySUUPJmQ^ z=x@k@5IH%->c*6~D+LB4CMG;tHqm8OrWu=Nu(jpc=$n>lwGu!-3WeP#H~=9crTWjs zf0*zeP56%${KpFZV+H@Qg8x{-f2`m?R`4Gy`2T7JPRF#LKfRhBxid&YE`*SfumxS! z3J-&i&EK3~4sD-sJ5`84-*yXmSt>eU*Z3ho@8zQQCT~{6%NVUse6l(v85&Q~9}_F2 ztQx(!YXx#6vRf~^*+6xIB%AMf8!~Qn-!qgJl;N0ZP-avNU(nS_j+w6^=gLr%p4l(; zP6@t$z*@LiTY>dgD&c+K6IPjFUrPV0Ll!i3y%LvaE!Sjv}u|oFEddY zv68|%g@BQa9-iMiP__TCF!++9L$nq0#(`7{TSY^1#r zY;mV*!be3}EBFFwKZ%G29^Ri^8J0;*VVu4=tReYRH=D?i6uLdoiNlArxB`6$J8CCr z#B-8`$y#B?P~k6ep-5{{7L#*&m;l=PrBO-oePTmC6=1`O2>IY&Y+xr6Ft_Q;D7lIr z4*F;_=b<|Yg&AWZM@CwELIj>otui;(*%w@0>AAQ+HG>p?V4q<{$H{c!(HW5!NU2huR<4I46cNKg`mxWg9nv&jDC~<6kV)jHD%)GR z()qR(tH~Zop{FOx6MoUkq^3JOb2NJNt_P4pLL5X;W2x!6bp=MPU@ppM$7SFrh$fK( zgq_{jESP^Pbpj0p;512^O}KTuB;U#?JQ|)~eephQp178vpr5Tm@wKf~1*=cjiQ%Gs zB7ol#5O7U-gm6azi3RL!sxo9QSZ7MwMkq~SwUpn#X4!|DWrrV2ju z4tneh4kWBVNV0{u=q7@;hre+NTGh^$6g0{rk&nL2*rAFWd@QumKsvF5P3zhSD3M^rQ6E83luE zG#MFwiV08UgE5f-m6tuKm%jbF1Qdk!%~D>*);j!SB85SZw9fgvV1@~`kiu7Q>QHqd zhXjMB0&nta+U(2dm7M^2=}Vp;-!@;E5pLS679Jg%wN3fTtJIfTh)9K$6DW*J;QX{T z&WbH`tw(-^4|v(ym^eCh!SwM$pv;sfJ{2n8%ttF!A96M zZF8?`_3SS%jhDQYap?9lDJdE_M1vFbs?OH}A(;z7Qy*z- zL`ve%FYLr9ctv94=YWDSWJN`h;U)k(NCZZ{9qy?jaKYYYR5HF7naM4Wn=~o6+}R36 zl7nc27^HQe=qoW#ye9lhOa28|`5{Q4ThQb(bXdg5-QlAi^&Gexv*E}`b91U8^NIrg zHX|Xb^PKx3Y-p1rkoLV)JG-BtZi1xHkABAEBDbXEtXQDjdxYpMPTYq{dxL} z>R<)L44qXW`=jCKh$-}GS)aB1dLS@ZE=A+8t2o&*wf_eVm%u|Vtitv zRh^8J(@W0#qHRPZIO_`iF1KwgbZ3H)R;cD$6%1F17MmXXcJKr|>0hA;9fTLc&^M<~ zJGS}8CA=)_mySm90d1Sl$~laib;1!aX`8k@9pB8dg2gwwOnI4CfhdHoem!D=jnVW9 zLs}CmTPQK@2fq^@0}Q`8o0j6Yjf?&;=;e;~T8k`&B^ASPrEUKKRkK6taBTgBoy5x0 zeh{hnGL;gCCy4&^7pfqX9yg#leso)=ugKwJ-Phda+km8(-obHk1CX>Sx#Y6~QCIGLpl;cRP1&-iK$w`xwJ-Tj2&ssi-W?vj>#qcuG`tj>GVBYC zE*%2S+Dn6rdPl{+>aI+AUPP;cId5qE;`Y>uXR*XvTq~N0TfR9`U#2NDWcS0S$2oyb z8)U^4Z`-scgtoN6g#3$yn+94w^RX5;j@hjSU*8JZJ0q?k+RirM;y`$e+s{l$hP*HSvZ`kXR5EeReC@4D?tGVCEqMl z9^%Z~k}v4Fm8v|=8k@=Y?kAT0K_sO9^vfO4-gwDp^(u^vbJ}qcL&5Ni0zs0Yp?ACl zM(rA}Ei;+K2cI66c3yn15))dXr8AkIy5e4YJ4?B)pXQ{yO+b4;*YI70y0nJ0UR*>6 zNe6GEmQ7js!Gp+d@=$LhKIKnx<*~P{eYU3C3z#473oC;`f+M2NG5QOmwprPfCp$NS zy@`43=K~8PuC>q8!PH~Rv6~>?A1ZU>&Wc!`!Kfv@Wwu&rIe#w5dxjnBMq8~(QW%D` zWwl~eRc*I5nH^0Zb~=dUBoDp#WR%V1R1fjW^5!h(iBz`zFt;XNTxP^-!GL?&7#EVl zh_m9k1lt<>8jA@j$_K_re8O~IK*%Pws#SNUFJeH!d)nmrMzKq|Xj0;GGTQ|EL;>T$ zc$u@_SsnMvD4ZOr#=>ALj4SsLmgQVt9qDH#75BqF#5sU{usdZc<6ag(Q$z4dx#b3J zu_pTZ5M8U6qLAT`66Oo=Fg{*vOPJ)lK z(kcl#CJQt-JMVE5c1$Zx*M5E31xignqG9Ez_8OE~fjUWE*r>?`EL-L%&HNa&Nd@Vq zGbsU}-T7`giln>fP5!ny;^|Idg#g$m3f^qsUX~yNp+zkGbxhCqb=mny&FFW>b*~~H za*Quw+u`<=-Cry7dj#soo|jHT`Av}?cFMJ9Kxu}yW+@|)!i1|)F)r92ByJzh*egnV z=pycwmrOI(U6S4xf!|{V0?)!uZNDt+Sk3nr!Wx~Mm>yInr%vLFG;V&0_kE%3<%<`7 ztdCG|Mi~viYisvFdQ>Q@M3_K(a`n2-1V$GMu!1Vq%cJLfSiPUcM8!nRy!j|Qe`|Cb z;PJ&xLtHgO(bIj~{j(AYgqnMhyIIT?VDsf^)v-|im`W+P`C_bZB8A@CWyBp4s=jF1 zgGgPnymCTOrO!S-UA1>;KWPf^+@;bEuk;jqPH|g8tly`QZvsBEFJNSd^JWuV#@^d@ z9SQS2oEhEFA5$vWm16d=^Gz)zF!7CmekO%(N%`WBbc$1)RlcW*==hpe(59Z&xB2l7@$s?{qffA_ZZOB@IMz2GH=8h zV5a?;FI}|v*E{7SU_KS4`MPc>A2US@6$+9CAqNlABT%KGMIgu~8a|;}&@e>j=Tn(b z$>63=k`o&>^V$8N(ZbJw98Xh8g97zC{`xPvZ7Ugq(4Jbzv!2VsATfe8vRmZbauX(< z-C>szP9#JP-;AhZX-<{E%FQ|&ID2@)oj#PKk6ZHc%Pe~Haa48k3bdj}v@}-mcbn#a zg9;91QBe1GfWmqR4sH76HY$agKpl_p2-l+L=I1Ljh}IWo=`bN^xRaeQiE>hy&)1--{SdR=R z?hg%pYo%A{boa?k9phV%xvD&0p9-NDz?xkQd!k8?^rES8S!ijQpGQsU1rD!_gLVLj zq1$pp8b>8oi#ILwlJO)8_qf_|oSGq6Tes`DcTUu(#W$d9^g>+Nto+?B9=c&*Y)W2= zkmId`#ve>K%v&X;az(?+D>@p|CDC<`s+?A7hkMO4|dS!Urge0|j;!lxDZqSJ zNbzfMp2IzadinBJQ%1Yv<$Z_&Zi0?ZCa2b=?b00o86?Hmt~2b6A(Qb+44)sx+&GAg zR>#s1b_h5ouTKHaR;m-vx%2bbO$ULNf&?p{lBUY(1}g1P5neeJCEog(cQC>3W@7x< z^)ofS2;4rWKCv(^38~D6(4sZGvYb_=o9->F31?^z_v=3+_m0+&(GOXd^l>sB{){V# z441@_eh}HCj`i2%ttE&(IIfmQM@E&B1@pShmblu0VnFqU7@&k{ zWIc&%vp;E|XyzpZa?5Q}V(<(nB5ZB(v`p@%BM7~PIi`F^R5_{6J9 zD^xtIj504KA?6^6g+PYgNHo_YARTQN8+y^2PuW>MiS_9!S-mo5E7C)xg0HYO%j5Vy z_)SB z?-fu9gxw*YlgKxX>JjeZal4838cZp#%;cC&#A4S~8q&RrIDd7f@F5Oq2r}CCLr(4> z%u5I)7HBd>bjv`+gu3zqImVk-g*oOvVjf~%k#w~Vgro+8b^s~1FnxVF$tFaLg-_L4 zNmJ=`+wnJ|uRKLo)V(SgQ*9$T_n~0;8&yY$1xiiZ@-|*$2{GcHa%zvlnUsSCLzvh` z&5RoiekvB#SOLtdMH3TO0#ZJ(ilE^7U`i55Atn;B^D72ijr-D}FpfE3y~zx8iU9eP z94^>k#!;(Ne;DRYni8ab#SUxC))=r zbkx8lc$Pg+z<{36ptpjJD$z_TOUi6Z7weqNXB#=@da>@9hqM<23lCpS4+eKRovg7N ze6Wyx2Q8~kg0>01kjDJowe|v+m`KGF(VH(>ZsL3fxDOwm!3u%To(RwL1V#gzs_kF% zk0dp0gb3Jw_^gNQ$=z56U6-jriUK0lH4Hg*gYE$%(-ZX8 z3g+`l=DJg$RgM&X1Z~g9Q6BJ$_hOGP_@sQihCh<0x#y_gTdT5)8qvfDxhMz0Dh%%gAGSzRPww?L@OZBY0Zm5dXo2jZp>#~sw)+BQGVh?xM$z{URb3n>M> zXG=jkuD`8+F^Q;TAJRzJUb6U+6nL-P-Kkpq|`L zY+|WvW+q!R%G}YabK`K`!Lf1}ZS_)LBE{{Jg0-F=oYLW=Ot{DQ)LM`vWN>JGxW(vq zcm@2Dk8b*9u0tAFJ``{_^t40{MhuTN&*BF3SB6%UX`tWLg_NN>*nD${pV!F(vV5>9 z>zjss!(}%6Q6y!c1_9vZ>~K)21od`-b(83YxzAW9zy5$}gHGbEadrR-&MLm;>#yAP zdbV2>X>39LL#e42fdCbH1a&y>I;t99FW{`e$c~Dx_)gncvE$7wP&0dQ|Dt%TT0R?K z1RXT!B42b;z)O^8$SkFK>S3PH0p18UGuD1#$IQbKN+4jM0uu9jS@%6(;DJp)D5FHj zTqr)P=9OL%snj^L5YX4v%!{u8aX?^;tLpJsN`VQ2BG_evcGW|&Y<9|Q?WM8Bq29{m zJeNDl<8JY~w7)WU!YMLrhIp=|>|Rqe*m)sgQiBV%&;mhJ;7H-x67Qthp?zSL z`Ad-b*i`2o1FRb74m!YVm9%*o<%3FfntsKW-ybGk5gilvmPe~C(bQy{sE5RJdgX?- zTveTiOxo>>QiUS3RDKc_ZoaS4D_BTiWiaTq(TwL3vt$TZ4%%q1i z;FJ!@Yl?*oYWi(=g1kk9Fv`C9#mj0g2|jg8WwE`J$QJW4P@z0>?XRnM^lFp01&tqV z2?n6ck+0Y+j$>6e%r~Qye>gTMR91G4*ei~;t|{NnK2o<+3N}(v!F&&uolwgL=_$_g%!v?8=cPwyqDlqb zJVB`;4?ueOstUqk`++ma{YgOX2Z@kEHdTg+d(vA+AP(~#@|a|V_w09>(xD@Gt2l5R zDF8hghVw6g0gKs#4sc}E*?wee9RKn3};yk$m}k_a>@td#pPFqX;?Vu7!T6vATXyKZC5T%C?V1RbU^7(ZI;xv%G>M{oR8 z5n~QWk(Qh77jb?!2LUIJWH&b~!~rori#cCpqJz4#Z9Zo{q; z3Dm<;p>tjE#>b&IMg?9g&VFR=uYsb7ooug6Z4Z@@1}SoJ)3tPWL8zfMZ%$-fHxPZ* zzJ+p+n76u-tByZfs_6hv$LVfy>>5C)yF&t{@K+a3ho6p9x+TDdOrQVO$ZBTdig|ZF z6I=Cj?v;NNA@~Hv*r%gC_`5u=Fd>@lA%b%w%taAJUT;vP`w;|JfwqoFX`l<3U6UY^ zg4@kWM24d)!R)HgouRsx4|i#AAZ!J@KmROjro_Xhtv)1=ON9vBaQ?XJq?Y=aNmbZL z;c4wg!=%E^q*M6Itn~`8|0w-)AYN;dfzYa7Qh(lOIvl5RV8yGLlgJHv(gIm;peZ!nYROC|aN7Ur659kTj6T_`?WdM0+NE`a? zN0d*9A46Y8(UV41D>K%QCR7;Z1{)2tpIWpDDO&ClGFaC`zy$I)85T2qxN_&;7A>#1 zHF9R3$6u{2*+8|kf%h4LjLJL-MiMj``$$ zL>`TqIri@>(pKFK_nor<{?%nKyaM>->DDEzd><5K1&rahEiar~xq?>6nn)ekTuvV0 zV~ww~4}N5+T@mur%#p81vCRC|a%H8YSJabpS$Y11dt*GF1cArLtN=i*uFhG-5g={J;eXfEcFoja`%z?l zy(I_S`@$KYDylRP1QSz^$sYPe6)6bDg{70HaYfpZr#h)@;I%{nfmif?g@011l0BTR%~UXI{Ij!W$gbL?#HPWI7k zyq-2u;?iPVmoJ?V$+;-?t9e$(7v!E1JNNA+%3Eji=IR{Ep?Pru>$9zs1@sG9V zC--5%?nJiEf#@cI5JF2XAYI28>LC!>j^v3d#%8s2vWGYb9)l;ODv#qzjNlpbK-hGV zVR)Ey)MRJe@io)1{=^nShYBZ?e#eaK_{)j{w@HfB7uRV8d$dT9)*(*iA*G276N?zS z3c2`?ETgog?d)3m(c9!F1VD!)s1Ie>}zUxfO|uniAAVrP3t}7eCc9&!^B2 zma4t??5-&I1we<%v0o-xb-eDOH4YY9bT{`aUY_~1(N&)$oWz8`q_}zcy=G6YZ)@P$ zlQs5%VIf2Fenu>pA7wSrp=)0-H?D1bBRd>w4362a9Sf1~x6|6+Rim zU>Llfg*I4trVLOo6}9!lBvks14_-ac=@Ef~z>38!Xt_>G=j01ROIx zJ{qDVxgw($=FgvPU<$i<&O|MCXRTF}FtRr{%pEPDZ+#DavqR+d@--Q`m6_VIp1wuf z%ZuA8hnK-=qX7~rI?v)3x`%THF*Bx*HZ-!>Df+H4#zri!d4BJHb^d}tl?3mn-7PjC zr0T5-XdJOql8y>JQ1o7j4#I*<9#Fp)jQuyKK_{Oq!mx8+*x z3H-Zdus~e8bhOk4^nN2?BuA->#UIN2auyO%CR_%+elpuVgsoF zz|w0Ts*xOkv{BVm2ACy=WU-WJy?jx7^St13hS->pTl9fiuf>UXCf>~wwDvADxAi=R z(MA{TS68pB!K9#4TQ=~5O(X^Xf_xM%P7};Ze+^Lk6^z6>bf(IMC0<^WVff?Pz=CWu zHW}4u`sPE7m$~-NN_pg&ptWj)IeUHd<&~bCE6BR}aXm!5>pXS;;u-uco)Z`UzvulM zv0eK2wX_a0s0b;|SS!);`nZz%9g7{KXnl5b#q#)ee+R(c*nOCl_Ka2T!g-7-L+1-J z#c<{_rW&a`MOn^&UKiPkToRgrK7+vK+*8~}xI7Yz(zEWTe>FXvwdV)W7%9=lzDsv+sMcEXk-)dMW%fC=T_I9djY=v`{XTXR&HG^ zE!=cwhb26L&<5q)D_E<*cp3B-9M!7T4W;>Kjq^fsv1~Pv+?7o-xlSIBfM`;;9I6?y=eSU{8%ck zbjFHfl$;tfBQ4vpuwsrN_ZFMnem{&#UvD9adu%M- zk@~W4gu*E|{qT;;gp@$(!Ph`-ifYUSN%2Nol*Ei}t9j-`=H}?gY$x^yMd7oL4|c31 zVGWXb;O&~pD8i_~Yndx$@~KM_nh+7cnp>-x!oMTWKV}gf&Q+Y{OHU$QNQRNh1FHS(Y;cZ{}XP zx#QmcSaX_$aDLtS>f+@Dus*2f_U-OXIRspw{0P|zyOp%k@0%3aZ>(oUf93!2tEC^08=QT|di)v_~d|p2XQM&MHn7K@T44of9iylthUBB~<82 z3^oWmKo{EkjasXY#B5Z0%L>z~VrS}!x8|&B89&^#F&G8S^_vO8{sWz@-u4FW=6Cuk z8gyqqeSd0Ha93GzS0fyCpv!M2;B`YG8#G%6p1p6<2ea*_9qcf>dB>kPhF`IO&GGNv z@2P4t24wfnpw(k2@##z1@(<&+@CViRXgl4Jc@D4ef(Xnd;g&Ev4#M5FF z4Z&yBt4|$2enm|!OV?Re;QSPx3^VwOT3t{qg~)`YQzoqR@-S zf{jb)j{Qw~;P}PyN(zT*?{BmM6oSc91?Bl(6K-F`%x22km&<1C;tk5(;$~R+FCsnq zV}ms+f;#R0iV#}KJE+k+uu`t)x#hACv5Xa@%77jN!^KQFu&C>&gE`9M&E4nobMIsu z(p^8DyrLVpHAb;hL>kM5mG>Kl zMAU3Pm`OX(Pu(IxpE{Oa5jNQ$%tj-_Q%sK8aYCeyEI~6L>P+ufsCWqFc*y#MdC#VD z4AgkYdL^!_-@wCQeqvE2lt{>!{z0)A8PzEbXalQe4OzV6Y3UKa2Cwhsq08mf92VT? znTd1?%1oZ@3;04jgT z*QAL$@6fbkZ>rsCY&?y`Gt*=Ogr*x*|7jl~$qr%H7F5JmjHvlyw>923bRo$jzWk-z ztJJ@D{P`aQ-!I0)d z!9NRdxHSu3iRQ}gy|3RKs6I%2(`QJ8u|ody+DOS_n+>;N!!8g1^g>A=Se75I<%Q%u zlqg@FE{N@*=9`>rVxYOSxfcZ;Qh8e3SH{aS*!E&Cnr{j{S`o~;Z z2>%hSwi2{IKY94I3)`mZ?bX{y3WvdVsj=rPpEm6E$Tivjn2sIOqB+@g-)2zr6ALWi z5aeY8R66+i({JzWUs0Y9d61suFr#|*??(!XhUL5bHzC88EGvfGUEFY3LkrC47KoZ9 zMy^bIT6J6#qQaY;04iYVM^#^*Aq`~?BB8QkZONtS2@k%jmAh_oP2xfW(}<(f4WAuv z4XPNIq5W?k&3~7m_Kw%K@Yjf5Z7SoiuJAZgfleh(`_(A;bL&E44&9*7!L24AD}vF< zSck}$N1NZ7&)3jcP8TwoSc#7$+hHWp2>?1x#D09(=|!58+)MWKw$kiZ4Wkxoa>$g& zdcON_uX)~O;~!j95)oNT#}R~R0BV$=0f)cD9ZgF*Qs*L~epjnM(*KBZ)swo%b^7mi zUmb9)#%10|z0-_3T^L=N^F&ONDr(eAa3rx)upsm zR4qaB>_bA5^jVq;!3KtD`Wujuoznop87nME4^<U`<^2n7qFU6{f z8;p1>&K*+oN)eK$k4UMW6~m&$Gs4pw6(%n%UVmIVw+Y{PE#!D1vu2WYw@KARhx9P( zmw3OaH`tZQv8wt|I*94usKnX|Pr6>wE(8Dc!k^r{azqsg(D+bda8)tw!n^8K1E$h1 zgobeoU*fJEc4?PT?)pcGf1qIHB^A($*k|T?L)hTf_0;M|a~qx)z3@Na%{;i${)y#H zQ04cek|TT+E7-71ZDU!!BscD9cU!cf+Hd3?26s_79qgL&tXe`f&r;4? zY4BafEzK#93uphqq}@mUy$iJvSpGmKZi5$aQg`3F3pB~Fg@3EPZ$dFQmFQ+qr`4-@ ztr)$F!?;6vJmQT+17kuvEiq<7OJCw&p{3?xH%|s+s@?ii(d^Db@~ZI29rh00?@ z%_+Bvs!uw6Go!JwC|}aH+<@Jd_?*!7sSsO{`iZ{uyR#waW%sttsDQn zCV9Yp6AN>K?KX_$iSlp9X*Xl4{TWp>3ZHw2J~%Ar^O&if=lsepFbb4bNhxB+wRqMq^9muwf=5EmcJR$>+kU~hoIOTfV zIbQ-~Iawm}TieLVbic4Qk#ENAt4>KWECJ`r&vy#dtLz3V2^El)=?Vu^Nsb(6Z!^X* z>rt~M!nuvD0i@|I1m3>;-WmR0)OAXQ`>>b9&G!eIj=A2#apse9W>&LD=4bEr$Gdx> zv>(ID4;lqO5>dFJjOj*{o_}Z7ZzTRmGG-)JvS9z--EQazTeP0wLbM<`gIHt^?C zw}_v9{h*FXE<`qQpgNjnIXo!)^gkmlT!QvL@{Z`_y2BLXnsU;i)xJLMTkoO{p^afx zZ{n3*{{7(v>>%VagZ_j%gh-bqD2cExxfexkXCdF!k^G6U89o@nld2W@k6yB|1m(XK z7n{wi)}$#;SVxT{Jt#D@`5rc>c>Mt0eju!pp9BcnpFN1=kkv>`I*pBa`I77SdcU8I zkkOOBcKWNp>Tg3<;ym=GyLo3*tL0vN`$*35Jul;lbZApe`M1Ubu-p0HL$`lPx^$V1 zhwQoHOs`S{e?&)7Dx~Etl{4Kc%P~?L&)P!RtTy=Jwm|r~-T5L9ki*NqM?`M6Ry!Pg zc15DwsS!%t}YGZs`BGb!GN<*d(WMAX3M3{H+6vyr6%8gjleAj|*LlywcKtmRC8zPO<9m68axPoIelr z!l?tSpBNpULYEU8r(H6GTK0Z-P;hutM^(RfE45*#LG{O417n9&#p+Lj)^`+ZkSSRU zHG5K8BU@Cj$5e2uiz^-LPiUOZMQm!l0+ z@YP*#@*#kjB&nC<%=}l8LX^+q6#3*%3%qAmD4HB$Db}I8T+hjR%k7^K@|-+KQnn;k zrbB;d-@Yhcq{`f3QDmywuE7-fE}s|geJI8-$YsK)4j}ASIcNh!Q&IdRYeCv|-98l) z7D7$sjxQ0uRDq7}_Cx=KRM78^$P8iUy0T=}G-276K$QB|0Uf(~t9#GKcQN`8C8bt; zpTzo=jL#f9z+bvEr57&ihieyBJs7hKI zsPRFi(yXLLpFvT+UF-j|3#1cI6{OIm&T~$l5}&anR-&)U8-$Il292_# zcJV@is>WruCuCI9k1s69?vYrzbca!FetQ(d)1iHEjOTz^AGu4ZobU-^L7IJME?z+2#3rG(c z8CH2a)SI$5SoVnTPaIYYbCZ=k{jZKN|ig^*|~@#_3ZUXU{`o$r9b(Itacq@e2Tj=>n}S z$;dKhF|fzeNojHGm@K<=5Hg#F-kH09qjiZiBcJ^5K|C0~g2bFAelAFVb6vuf_ zs`+J$Px0`$*xc7e>8kUQxZT%y$q0EJd5anxC#nbyAQw@(+QAal>0!g-#1Qc;_4km9 zjx%UxZ8R}2le$niuR1Nma!SN359#bvcLUcC`M0^S3tPY(R>>&Z_*iL=LiukZt$X{= zba+Y4#-u*IJ~T1HR#?^i_dp)q=sDp%gA|_&5?0AC5aY_ZeDYCdkJ?u3180oxsH~Hs z65fXwMsf1@w!UkL$Q~2&B zAD(ss1eOUp7wK&+%(M^#E8|yPjah^3cxIrf~7AMlik!33B8R!2b17?T3^n zYe+WIj=r_GruNT_-&6-q!hv0$tqMH3sR4^OSYvZ73%X!p0z3`OcuXCvFElw3lvW2flxQc zQ&IsOFW>b*CiH@|AA?>AR$SHG*0+<7^0;)*irTe3uTDsX=m<*2bc0=?dC!Ga6b;zT zrk20>wkLD%v9Uj*itzX;y0J+%c9^j`L_Yk%OH42uhIl8&-x=0cApvoS}Rfx&bMv71XU&u zmp_wB{iyZK^J%u(7K-I!q2q7LN~-Ag*eX(l6ke8hXIzp!$MW)o6z{~VBO-YsCVS%X zKSKVo65xI#5?wUDQ2hl}QM{y8ui|T`B8XhGiccll1r@MsHxt&bJi%7< zgl3{m1oMenf;pl>&?=cYmU74vU!D;89tCHn*&&6FYD?3`g_+-;&qt|u*hXbt#hv24 zBNmt}L`SPP3demSbom=mjhUDW4ls^|d)*s?Z*^V<6uV1B%MIQ(G)kS?_f1%;HTEE@w?jwi`m+S9IjbZ0$GW)Jr6-LMK1 zB|^ugZB`5o`BhAPa1}oNQkScoVMAuX zd;zDf7c0|>#^W!UrR&}@^Z5jItyO)wsSi81fazYksyZMb<-keFg66M!v z3P_}L75)jq|IBj!A%!gQe5Ga4U~M%Ussz1cwk1hB9hF2-*deV!wkOMKx`52cHw=GK z9_M;@=<%9{fne^Jdl|@lj(@5j|BWi_mBfFcK)}EHx(lRTB%^wk2cv^XN}M!^GuNHZ zr&n(&h{{r4ReeXi3p-%ZzdUpzIE`aL(~rJH2p;R(C56!s5*{XZQc%GAs!(H z4y!o$xKXAnitUliG2S4j+VxO-?ZKB1BhZNp!ngE799LNBGFznSlzKP6R{PgiM6FuFqxWXRMJ0!O8)%yF^IF{EzWC!AL0w!S(TI@26+*qi7>{IuG zUC=1_dVd0$o~kwI4*ZV_uy;=Xdb8RafFTcMkj;D`Jzv}6)-j58wQ%d=6CRSm2A838 zw$fh34eX_awDksbB9B&nYP~v5Sov<6g+chC^!)DL)WcuJ@pXC1xOF#vjcHMqTtUhk zR;)#7@?CXS(O4`^iA2O?9OZ_n@}|1hUVBJjgy>}1JX7LTUU!oc7}q_a1y2+;f7dRo zN{A=A3c-MkNF@Cf&RvE^uXHFS0d=LUt#Q4i^Cc?R8FOvZNNLQPeeWO%A0Rq~QheV$ zrE=~Dw8SV_-lQoIHJw@-yTR)WcF^q6?Y%Sj--!>IL`ET+30T%PFeyuii`W4taj~5{ccDQ^v zp!2HuTib&%TYAz1s8=mep|5JSR+1K&VPflj@Rzg$JeQ&F&Wn* zY_tt(@vYGETY$9yY|0}L2+hfw4@);4mQ4J#RMykFBgZueZ# zU))$CrXnv`kw-5p%$(^u!-r)X^fO z1OBaOt*E1t-3d{ldw*#JnM?-nn|Gb=l{r6QaU|UHV}0V*s|=luc(ty^my>uRi#Szw zR{^191hsb5HoO^iixGeEzJ!p5DwB>Je^wH@_x=19$PDkenya!bPvaNfFP4A(nz&qa zFZrAVeyVx^Qbq&J*rni_Z7M7(D>DW_i}h#dUqj8VUm5&}DbwV)e*$MG%s8b5ok$3- z{wy}@GZd%aP9|%zv6_Qc59j$KS^Tcvtt!yy4lRXxd7)wLpi7%c&P~*NKHXotlA7k>WhJrp;L%@cB?V_-f+=)0cpL+2N(ohdmc{90$9 zK7amPhcZ=`b}tZ&X+y0lHUw+r{Y)enGZ+c|Spq6*yJsHUOFWDB8DC{!sa59k2UBw- zOynzHgg~QW>1*a;={WJj^(5=Lbn1Zud%Y>x0h)2ZDE@7lRJ*dl&RGD9>TQ3Qkjb_^ zm}<&6plW^Tyyd^ci~kDd_~U@T86tCwsk{K`a;;EOSy8whe^-TPctAE}EE+w#iB_i$ z|81GsDo;@USO0pqTc7~j*!OZJuI9~}36HCD;0Mv|pW^thM)_B%{5SU?yFsN~GdlUw z8CG(5)rS3?wAfvk-wGe|=$b?SMDBpsCu&9qu*`jr#JJA{2@jkoa7B zI-?Gap$_6G0^e%mKdezFLVqs5x3R7`So11Iy}NIjWxyc!^QMe~qW(V%;{Z{oKs@hD zZ#JEFtBcO3_IcgBbjYl8UH5lA1I7;fJw*RE)BkN^|JOa1XZiJ`l~^t%NFs+&2#u($ z4K2$q&H4PfO;VGc?Px$7DvgQJPm9H9CxcR=bVUbTO&`DE4;U7)*auz7W&toCo;WBC z86t(BUCj|2-WZC}tgR|!|2)+q^fmlnHD#P7Xt6aA)#zUx>r|WWqpyj{k1(4mxp?r- zo6z5Z;s2WKUQ76|ln2zMeJ!ISt8vi}eN#WGRa&oQfi1ed(c$e=ixW+uYzI)8{VRJ} zJ{ARQe==d3ZO0bZpMUY7M3X_JS5F459fLKUDZZN0WB?dbJYkXNdk8ML5zH}bM6K*P zwSLZNGBjXeS!mrtFraQ;-!*Aj4pRfq@YuJQ> zEvsps|Gjz$PP2i;%q3RaZ{#wFRz)K|eCmR2mE3J~g#4yyN(#`4k0*!!N+atLM-^w6 zv-iien!+hp9<3&w!~4vOo%N;GIWUpNnc%rbMI|eOs({p65!Nvkg$MG_?dk0tfaD*m z5ua;Bbxu|n=PTLI$s5EfIyZn54KYUJnLvmbwfP9B-XoNBE6;JKSn$?Nv8##9dWrwxq zKawvsRK(lK@zml8{N_0T_j$bL!lVm8P*BEVrXTFO)M<8Nc5E1f=&;`O&i>n)_2>C* zKW!1|OA2RjR#ixi%HGIkX5F~iUN^HJbfi|QDNbmLAkPz{BiG%;2D+=o@5E_;@Hxre zAZpgKb;l%;OL4F0g;b#v^=%q$lhxNKQ*2p;ONA%u1?kkDQ2$Sm@jr-57uUl+6z|9y z$P=VIn~wEQr^%vQt3Sh7c1~wHb4B-PV;IYxV8r|ltUcN)u{s?D+zG92sRN5Tc7~tt z>xTYUX!Sn~y_fPP0pvhBv?TyJ(!+{WAiu!J2o9rC7Z2Ib=Y zPFMi@UPntNdF?VizK1jJ@}`dFhqd~biqgFJ@L9j2(HiR!qwjgLy?g4xK=k=XYl^3| z$uZ04r_CRZ{q!A71hc3s=5nJ!b-GT@%efp1SE2A}KLdBaOll6(5c|LcMGl4~3Uc_kW0ml#`g=tPa_cP-Wp zD{8Kj`q#o%yZknCb-cX>oaEy7zB%(`jjq#6sE6Qe42f~6lvNuIz1kyu0gVm^XoT@M zSOa)K8q8Nu+rb(qx)ho3y-*7O5pHcBueGMc`unOi8tR%TCsfRjfa+X!$BUk-Y3*qx z@P>OgJvBmU_xhy0fVHcN|IZ7U9>~e9CItJNi*tiL^FyWCbG!zKBG|Ud(7_uy?_uZlNs05>^#UJAjJDBm@B#ZPV16|>4 z_8Vg0w~U^h}*$TFg8^PpRQaS)C$ zY#**`V>|1&SMmM;>hlaiS*?AGERW=?VCsVMLoIicIqy3n1C2bThrj)1j9~i-db0%l zbgtBS0c6XBM{R-p^aFABbE11~>ffgZ>5SvW>(P?1wx|C7>&oQbE(7lyRW|KvM%H8x zWnEs~6PAH9cF2$!gsPZtZN&u(LqQphGHUmZ&fyupoBLL(3D&9+Bf*bGIV{&pBAj1f zO?~$%)+8;QOnNXu)5!BCbW3U4J6QSK@-cm% z*1b^(EI|>XGoiT^I6qv?Y(R%ltLhE&E3Ch_+~K28S^5X#@8#YUZWUBtqxaeLM&E@n z_0D|10CL{%PqF37A}_bnzS1TB4%P-IYNA{sDcnp4l?@n+`>QsfG@8mEnWmSkNAO+u z$?tz3h9W{A_0$~~W514=&+lj1iUsRhnvMPsYu_2wWY(@dMoR41wnd`f&uB$dxDBc57K*-7Ntc(2>}A%!<_TJGoG`)bB`TZ!nV|-VL=FsY%x0|glz}WodP5*VJ z|C<-JeC}O)RTD1MPUe#t4uz%U_1+yqCHA zpUPbS8J%qN#rpqTNG-6qRWh7+1uoP5&71+ZF!;6g&$h7t^&kFadG8L&B+sAMTE9`1 z&BSRe?>1Kx5ydhliMU#HuPIAaVTL;vRBL;Y%^GV zB>FEk^S`?xe>{|}2;hXZ_N|(o0gZZKV9ZSdWp-!iRg~IaPWYS2riD{}oT`ib^_QbW zCF;dW(vr2gcDgK7wi_I39EVzKhU6jbf3-jV0MDgw+SZ;izMNeJ8g;+~JW~bJ z1QaHs1!q^sPB<6_3_e(X)UpN?j<%3gciE0`yWRebUwvenB(d14IW%nj_m;LkTmhB0 zR4c-!BRKr+W~%1D^ws|6BmC=yzj6U~=ULdc1!}j5&I9`H1AjYpl9nLu|H}daYHr%Q z%#;Vp20012aUGVvUv~0*U%UUKEAp2Yrv;>+vjyd2R5NMR)YOzyLiR8^a@vx~?0$Pu z9xuX!;)dmZy)krAS7K$>2!0>*?X!%C$5D5KOL1wG^5DEHhb#ji3=Rlj8>#L-Q=@k= z?j6|cWm>OK)(8@Z9e629Pv^yd4d&jKsSb4y22+Y!y4dpMpl(&tZlhn*~`A2-#yH! zyW$PBbXA3aIPq8KLKRO_z8NAN-^8<8fzckLB4vAGE9zB>&KwTaX~qtW|M))WM7~P* za4!E~1z22^Z|+k+NBhNnVfL@i;(HIr|8l4RNPfivGJiak?h~jxG5LITM|ysbqJki= zyNdPySG@l9d;cS%RNe;s!6d~mjF;Cc^6y1HTHMl;#h~=>?-~5{Mf`>U(UzZY5_QFj zt=>oc5Z9vgyMCyqeqay#3#H^A-Pi9%wr~57SRF91M;$_K=dYuO*VgaviaUSYd9B2O z@BMW-wpxgyV(0lM6=1aN4E9=`xAK^tSC@s-uVKxv-}xV30q_QG6%P;{OxjYVEx!@c z&v)O`?kPe*a-&_m8x41QytSKu>YL^-_`%%^uoOo=J0ygE4|#)#{z>g>^c))TJDzk{ zlTY)XiUF-o=U+yDD@2#O`EAHQHQDN)Z8DaP*ni!-i~e_4^B-@V5!`06^CaQH?e~tE zY5tox{u|W&?aU#9jqcPj=M#SlfLRB#JC1!!!c(8Y7{G zCS&D?bVlAj2YeBKn855R;EX&Xrm_DfY4U45y17B!D6ywSP|Wl9|GXYL1g@}I}V zm=fm(iG%vlRa=4WZWE3L$64eG$lF4Z^_(&MW$LXOCEFYp2H={7`i1Q~G3tIfZs!}n z>ra-f*sKRBUgLzWzu1L_t{9`9KIdHX%h~R-To1Z*?fm|PW$ezLL~!4SGL}87>nk71 z<_Ug&t5;br;sMDMfWSq3zv%FmC{RFbz~G@NeVJ+4jpF%s)DjHVP^KIy%1Pf3Cc`NpQJAn2P@~X4BLlI3nEc-p>wOd4-QNS z5d^~*4>1^nt5~928P?V)$OTM6o#WsG&t<>{`o-7h904&Hd|XBn`R4h=dYqjHzXPL! zfiwUKiuKk};MHH)KNBicO0gHvD*!Yp{x+=qVz(8q=q=2T2{QbI_|cUA*y%E=(0zR_ zR0W1>%O$Fx=(ZW7aTAOsKXHsR8np84Z*j^|u}MS;3yeMJf|N0&mrZ8i3v)eGG$*pi z9E@B?zX8jWLNww_vd%!0g1)#IX%7{=^)gjS*1b-bz^5nU&>*l{7GeUmHkkJ1m$-}w zIUl0v7apXy7I@uzBQvP9aZ3FAeU9W`B8Y!`4FBs7m3IMKdR}SNUrZ*w37@&EY)atx z+_sD*jU-!p_?)m%Qv0e9@jyhTG zZF+2JpPTH|VM?e9Q{T^%{bLs0Ki?%)B;e5}ZWYOh5IokWr1`rwL~LwbPYDu=E82JF zL4L`S2*iomDy$~+2+vhseHp89z`^`*)gRH|>pB>_9MKY3h+o@Vw>=QGaCxaZWrITb z7Lo^|nb`#ja@~zx+*oPUg=tH)2OH+4%C=Wl03&<_MAw;7wN^~xv9#740?1{+-2&VssO9@1AKBO|-*$R>k z*tdRN2T518p&_x^Tmdg9jR@<@Sofd3Om|eVAi_gM%cy&#M8_(fTn1n32SBi!mK0X+ zW-y_sFJopo;^9f%#drYV*xW*+9E)qx)m<`jKI2lVs_X}iUntcPv3YfK(7~s)aY+2K zMBtS}UXyiw;F>7gr7z@zMh8M2Rw%=HQqijl-F=M^=(?o za*7$xx3_t!8=RYuTjr3R%)^9G&#;57xbRAKN_}>2XJluvf#aFs9&Ts%PhXb(C)4eUPPqpO+)vL<-VK0%x z#LK4pxr(VuDv*fMcBd7UfrIqj_jpxkzp!&bDzZkPT300geuCiraD%MOw`pb8S>!r} z4&fWEG#$)sJI))SA(JiH-9rWQ?w!fTNDun6y!S07CoiLXPMwP{yG?)cE;mXag&R<3 zblKL)E8fH28*d!qB0k_AKICRd8v>i*q+D86B9va6C-|P7S-jLg8=|v$7jy zeySl^6;4C4fQk*Sq#f+X%gbf2?fL?ucz(t!n#kBUNL&>phU!N7lpKih0JlRS(r-)+ z$%hPqC#()?Vs3Naa%A24d3!@1+GM(Rp(X%?)mCHS z@6okNC4Z=^>eRbQ<91nM?7rvB8xt9;Lbef)c(a46ZF?Vt?Hq6?RCw%tHIR@(NYaqx zOhTPP#aH7bCBrn6c^m((U@%bvCwmE^UJp+zac|2E8+1? zD(p4;`S6ddNL4uyY*`HD;Ve+l>TV3?L2=!1SzW#FR+^@7(k&v^4xb4Xt=5wVD2}sA z6>dg#@NBo*YEQetCy#$a1k*PPpltBPrkVgHLKhKI;+fD@0?{gUj<9z!4%MCHDRm8?BBEKq$}f{HSR zIah2xrkxja1Q`N{Ct${E%M|&TSy;>UG)tBKSLE4H;zRPIMdLi1Nz(kL0}uv+sN=b*_NB40{5rS(IT<*?~L1K|3q zDHm@D3$a(JBo=8-EbZ!%N&vDLc00f0cVJ>6$zoD8$E0*{xk07=jHSTOy9-U1eblDQ z8)KA*%C{58RS}KqCCTNR+Fe>k(L$lgOphL`z6K@FR^+?A0%pzIJ_1oVIC}C4f}1H{ z`TgZR`P#d>7BL<8Ut_?(e`-|w>B5gTv9t*+UzF-Rhjgn5&`__s0VjI&D%ZSuGpA`= z4uVCSFg}4MZ#A^c$2Uz;Xau+1l3;&mb9~S3Ib*=-R zMnp521gmtE($uF#?9tEq`OI}~PPS}Q)2rO2sLH%e@}*Q8|HJbW&I;?vO!}Puo~kPA ztfKIEUwxWZDg900Q7%;Us5;pzh!=dJQ5BjKo+_f8+8gBgQ&-(mvX=L082{?0#?Mn@ zN!f$uNvc!q`y#AZxw1gJ!Y9Noz;wB!G{=zSD)m3Q889I*bhCcGOojCV zOr4nZtFR!LE>f9eu-%JTx0}m{ix*D+i@*f84wiM`dMT&#eM3>{!v0EBovW+^e(-S_ zqlWD(5X`y+MWdWF0)K@}$!InN9P4fd<~%+p0yS_p|5U>rprIUQGa;SBl{F%+FLTci zFiuQ}hBa74fP$tmKVph*R%*S1m7>(d+LV`L5pjO}hT}3G$e8=(FSU^UT&I*M~^>5I7%SK;m%#F$`d{Zq2Zm6niHD9Rb z8xLsn`x;@sS@xF>h+hJ||7sxqKS*I41w_2;Gw})q`E&eB#!{O#%nDHj5j?F*m&9$k zR9aS<_Ux)>&w9FcV%bcHZvM=p7B$bec{nzmF2Ap%p`7-Czoz#7ZXy$L z^$Z}YsiotPp8JyJ9X=!Yg^QuK(hv!~L~d(**!1Qzby@AzAjmK}Vk+@cpqKyaXS@NpDzs&A=XGTe7XSr`= zV^HYE1NLIxUSR%a?Apmxr?ZhZi8pFGE51I{Kk21)$hZCl zAQH&R@0792iCcNcYFH;+X4I{(6wxY!&puuB4#;<@VouTFCV%@_vG=AWx8JkoMRN+B zNRJ{W_Bs!4r8K%dLo4SJLh*Q@X2D0Wu2zwSzJ)9BxVngLlAJFkNT<7qPFgq?hbQ5a zbu<)9MqdiEE>}8?3gRB~CpyIcTbKWzxqGj`AmM;)%{u{izJ^|@bnhO1wtS#4+QFaO zlS0z*n@;)XdJ48Vy&7!Mf@lr8+w7z?$T8ctGYA^P@ zrd{c~hqv<{&>%FxX0Sd14-Cx$bBY@@z?QUMUUJo~Yv zOefxa(}0;%tS^dCh4U$AVCEq{$K6dO5!e&6d*i~`5Q#EYW)N89{+)TKa^zIJ^R_W~ zNkZQcw^k}`zJqIlfGu?fX0?-kLkQ7ScR9DBjrrmLClyOSTLEj>4S?Epzet_P2;P^& zJ>l{%@|rtjnc*bBjT(P=pJ^vj75Z*UAUqTGeT-qqG4UR*PDmGpFgkAh^m3gS6=;cv0t)rLV?b zrPGR2Rn9{tQId%E)|O&g?@zV)eH$t{R{|t*4ijf0_GqP-e&D;#K_=*$;T3{(8UezuKb zCFo-oA;K81bJqnk^a}f$F6#9|qMm(_fwt>9h!VKDpZkm)gNefkkMO8-^po|O4r#2v zzj?^gqW~MTFkUaqciJ&A9UOs+0$qN{{(cSmmO+)>e78Z7BBy7kH*G{-3? zNbVZWTS*@}_x9Bkjqjf9-9}mXzN|i5sb}B#%T0i;*jxnKQ&JR;iKdBQ4hnm*x2ngg z=Jyjq%AC28!#ei%P;dGONc%*WyRU?Obh0W`Gt9+lJ@NK%Nsgbv+T*^5o?n78&s3z+ zASMFEI}~FeMbh+ZGU}jn3|1*2b9_}-S#X?Ak#WC7A2YW^9f;gc zxWU4HTYH67YE1|5Mt7&KY$+gR6pXh{2wNou*L1FZOM5X`Y<0+EqD*75WN*{Jyw#uz zeKREyzKgv*oK|X`oJQ^s5nH@c0jilGLq;YWJ;DWCBzMZ53YK9^uewe&mMp_^>P>kixQMsCL;W zbXpwA4qgKf3v`rU_nEW_UtA6!>hzk!XD$k8eypehv-8PnCG3PIM4u<32zyWS-`{+w z8V#akU~l!=#BSxWMdtJR!&WA*;gFpRcg22b;QIRr)a-KLj1`9y)Ns%H$8*20f!!Yz zZP}owme-~qxL&%)(@T$-@FqiE+h}-9ARnF60A|x9JD)(G8HdZ*xz9Vy%hkB4$zNZ6 z_Qcs*YDtafT~V{Xxlcg0^o8xvejHZucn4OvT4UFFnt~Ka&XmLxW#nF!(PZ+ut?2jD+}};*{K|yCxg&-hbP!!FRfO z;DJwe3Vf*Q2Ti_X9}NaYY{%cVN~^8=(eB)p&dkEc)H&kq8MK?o#)-R6BVfW!4sxA^ zvXumQjtbKz6Geby@%K06&*dYo0?nPCT{!PDTc44?cmPYz&~Eu(%e->+^0KX$UMG5U1lO=qWDpz0l=}$X!a2e z?r9P-tn;n?vF=|Pev16b(HU^2IZ!82?DCK``l&d=taUoq(C>$O_9Gzw6G7h^btbQN zWF|+Gdmb8h1L1B zC4aN=p1Jn4A+8XSUsx-ba;_Wfc z0%7>8vHpg{oi%GG=s^(lPhyilPhYbL2znhw`#BeIRQP8U=4wvy)o+%s+8C^b&+-$W zhNmO<`Fp*9g*4=SzzG0kL2|yq`Yx>9l6Va62f-d!8d z=zl`wE=ia zFHcdtH1nBbxOlWrr$Ke{&U`h&6}C4OYZiQEU+oI66P?_*^-fXUd&j&apOji>k-cP@ zRmY#SM-`(qNb6ZC-AlE66~eRk(G|9U6uPx&L;EeS800a{GFwmlyiufHBW%~>R@^zWneJ$v-shWsJ z1Ln6@+~iTE`1OpIV~K*v_gxWv9N#}9Q37FETh`O0e3a>IYT0${wffnK(u^YzaJ4A2 zC4Y6sGx#i_35>3bMK^&6=t>sC*cEcAqbB#TziX8L-E3(aVeJu-$+MTc1;W#}HjJ#2 zP~j=h`ijaGRrXUBu}i}X{KF2g9yBSNeRftY8%H zi|HWXW7ydIW4bn$B3dPZF}Q%c2^H6Vj!hcz%pbJg+E_YE`KqYEwqJ9L<^I6oxHjM8 z4uVd3OU7aO!J=$wm63PfUPoRmk*2NlhW;+5B1&T+8oT2$b2i9pdZk#b68?$G&mZn5 zq#0ktHJ5tdKRNfMyZxsDOSZB^fg9tx)CoBinFWTMok@mxuGuHgUmWPuGcH zt8D4Bm6bMMBNDbM^0)4U?Fp?e=GTTyq<78+i*|#E=|Ota?~&n z%0b~p4k-{A*?5xL-nB=6@odmdXvCh;@kJBT6Z%kU^MH{ zDH4a7(XeVxSNh_77VG{I!!q}50VxLT2>&;y;`?f!sdCUJ0@$fT$(;aeHzgn z20NuXr^ms&rsgL=I^YE}jFtz#PGn zmGU*_b*yvLela|QjT9~+enTbakBei(O*Vt=C8;5HOwxi#af!J%xim5|;QN;G*Qn=A z+Nvsb=BeJuNidvGlUIas^pQmNoH#2v8VUB*?%~pBjAl$
rs$slhrmo&7_I$!)= z?$LB#2xAjAZ?WqiX0d%bWjjNRkrtH}WM}tSnTadXdOt&B>H0Hw!Oc(g`D#h0x;bzc zBEe2fH1#3?5eA%(RdjEt%t#`9p0XA)D?a4|A!C5?9ZjO%64%t!muM6QF*|@ul=-PhxqC3QAA@n{pOu50{UpNp%>l>qV zrGL-tgH-MQ+I|HGDPlT#C-laCr0&$2x~Y{^b3oAXXNwoI?`~UPMl*}l!0S3__~1nB z#)|~^1t{w`EEqnd5VzDxmq3(P(MWJ|C+JXj%}a{;DU*G%swMlGk^?+|Yh>c>GNRAq zXHZi1I9-IhbhWJ72OH7`BkLHQ8kP%fD`0=VZw!m zXa9la_zPwL0dCrUSBDggeXVZ|>p0{rSRdfoC?~Fj4I=fVum);#lSi5i*J{A-{>7VT zhT+DoDgr)sD;rOFOVAY`3EP$mpH%qDbhD)$#-;D&+t`LhT$fy}w!&t5CM7O9cXxeD zMDj8h3W#i+NN}HvM3(aRXom0(1~5)1A>!Ul;}Xi9_)%M1qIyoD zkC8E&{Cn3j-W_+hQMyb6(#cU>)OXS|(kdqTWcu6W8TC;U@39vCb(VmlwE-`_5#=I=ANubzeSg*W5C|xf#@%$UH(SU(?Uu{JvteJFLkv z8y?u+*~1b5uHR>FcVx9yNhyIhEGz)5I{lZKVQF7O>RSOo;GE zE2DiKF;_4fa=T=aI27AJN~jZ)h4cmTcU0ZWhrW`omgilaYf1LCcBwUK^5JFmD=kVy zFzGZZmfhfeEUVCVO=@DLPK{+y$wQ=*pzGQ^);!z-Yp6YUdj`cn{ ze@$A4wG|u5-XePz0i_{{G+o|lDo+lztkk8f?9QJb%sG3=c#e~1e&bz?wSX$Owuv&z zRk_^WkQ%lyDJSkC{@rY{BU1t~VKeT~frk`by=TbfP*0eDMfJ1U_l!7h8EzIU$R1^^1b<$0X7$5+`;N-U5spp zR*WV`hMB9DlQqVVnBcy3+#e?x23g>=7uv_9;+)yoIwff6)-T7ZtGd1jQnSNxo^t)@ zHCMOsRnZVL6k+$5i4A{7M}J1C|05bm)BtXvAA2;F6IMsLn(8pjc4{ImZNCnA?6iIO zkrdlvP#xB!`#1Dz4^tJ>0Cg69?>#*-c^)%lRE8!<4X+)$vh0KGi}ED5)JmW0Fk-Xz z>T+qAv%tRlq7T0yLfCq^v^msrF?eKBOo~CIBiEZxM>|BGuuV!0ta8i%%3#Y0lqSKl znUt=z#;zGeT`t7_{a8|MBK)niZ2=q>GH@$KYhk!8oimMWz5=7KZ~B1DaS}FEsT-I8V9VPt<|Sp8k!dkUd_8# zpwL){HL#y9R#5U49+Mm9lYP+zu)_a8M;vCPo(@$PC^M_@JEPn>G{QLkTn%LJlrxiEKg5i#z z1x(Y1mf~2-SsomqT8ipQ>7?Xb1vt&RC*+{(5Y0OHNs4F(8K?Cv_ReHOWo^Z@{@ekXKo_llndq%+*~-4JA0+gQ|cKrU4!o&R6E{ z`B*xBYwTo&X9-zlK*p-bOLJv#u>)%~CFsbBvRd%QGIIke42q|8G&Ewo&CM$k4YO>> zJr#4N70V9n|Kmyii~auZ=fC;;K_ZPRcfp(%_7YZja_{49a5rN?8bMTJ9S2LT8}Q`m zwE!-7A-c9tzy_3!C zpUS(3(?2nrW}Xma?>3^O&n6Y%KdORzx$Gtqb}zavS!Wsl5#qj;smef0>S`2nyg2ls z&q>%7rO3;rFwRtcND59A)OPASMDP7&8j|GC8OfDAwX2(_?UPz%PPH+NFhsO{(*sp8 z%S@J1O$WwEQZfv9P!6QR)ekxvRW6J55@$B`r8A)(EqWp=N zZkhH5=*7C^c1mT}w^_#_3NQ!r{E6AR`VkJYf&35kBDp~G&liS4H^ zOy2AIbhDr4WTaLs|5*4`oIM%W+4<+fg>ZvpK53hD=uS~lnA?gY(D6iO?W~f+tK4nm zjvp7%XLHVYX%=^ZfDVCPOoAmZHUTrX0`6)P1c5K@bO__#>hf&@Bon`_gX+b6K!rLN zs4iCwx6;6`JoWjW=h((Q%G6qH+6fCQ!zsspx4W34-?8+SreEc*6hly-((|TFYmyBe z4;iNcg2VGNKRdMG&tGU$2VD(TXI=~zO|+lAF3~^bDw(HDD1yx7eV&JkF`g3zUyk() zcL%6px1^|W{;9NDr;}GS4be)HxSE=KUaqmy;`(e~Gm|f`B&E`pbmitSrxSLSK{61W&edE8Q<9i!9|gzqRj)x|KZEn{~f+bB|}9KdP? zr#%)y*%XIJ*7?1{BD`aP&xex@W=cpxrl8Xdo?ALEw-!65e)YfO?ce$zRXj*|GxW*PdNIAU=MVBJ zW5xO8RM!@N^DXQBHzE)t#fTvMCAlLUg4FF=ryvl)}(tM38G>QpfA2O>-?=_Jhc)<E&ZHp$#kCZ@x7Li8@nH0 z8`v|<%WRWrbwbKJUA5%%HFR#yxXCcbhN1{AV+U8Ji%o|-ZV^aIOuNu>fridVFqSYo z*uJ^DASoO7Tc2`;YdL%&0U7(1uSmS-W7IYm?w`eE!oy zpU9`10Kv#LsM7jGh+E-v4sD<3QcK_JVmfsh5ExqDWvk>MKc?NhmiI`T&CEAbN2k)( z;km6Q(!Y0BeE*V9*lnRMW(E+-@fpwXiM8rIgB8rl0ba*WWZg#GlKi0?=rXO_A@yD7 z+|anu(dtB@B6A^NXxX_SoroR#id#%FW5T42rM~cZR=0Ad!|_WV+yIiIVi{;2_bv!# zobS`OTe+^=KWlPtbOfez4g}F0I~!#DVolMSlgL{aBW@N}B}20fZu5TtnSR4j<)1CB zuzMq%RS3V6w32<0rcu4`47` zjB8*@SK@Q2e~8ZJDcAtz}EU3f0p7v3R!uo~2+@%3GFkNGnREFB-wGY_6oKLe;{2-Bt|N zs`}o2V}i-L+)W880KQ^h5CH+qabp}g$5I8 z9m6&2y6j*ykE-nhP^8oMMfGbTcwSWOzRnCjCbUBCA4RhN_W$*ofRJ`Dy;{H?x?rvJ ziDNkJQLymr8|k#`4K>!wcWf&`b)RLmXmzDLPLjDXdaJuFSxIwzz z8TiSUFqNuo`Em-H%{dD^i~-S!WzQq}wDzMZlbvFe^Y+qO|Hv5GOm z8c(ORXrIG5=#!L$?K6ygrZD{g1$7J=GuI4eE?m#F-DTPe&3$lx`iPv0b2NUv>-T0n zEi?`p(Ah4(6KWYn^<;WO4R{mJG`k?QoGA7PB~&7%WvN{EUkl zH;U()z>6N2aXw|}m$%mhaWipb>bW`g>)Kfgj!?X|BJ3;QjGwKXc&YA$6k+~N%k*k$ zTIy*tDEIJIwE51`ZAymcTKTGgSm9Tgi)=LUpnkAQg3wn>#scZNFIy{GH^ z?);sxeC;Kb!`9|7O9Z6g7HH>w;g2H zh3Yv16Cci&z-%4sutFSXM!Zm9`b zB@7vxyq))EorTc2Ti;-)Cx>_sq{+5aUnttX%VAeoI9jK2io>b0Yi*h%Jm#M7y3bPa zD4FGt(r2yWYF-N}d7F~F8|FDbxOpt-O8-q;Us}@Ab=it=b9I`I3c?hu#H#OQaN=L3 zDgXXg+;gQY~vp;h1`>!UP^CIrqob9Anlp&Ko zCt14FBF+Fw1X0FLXmSwL4z1jAnK6hnb&;|Y%3(+;$;S@twzix}6eL1FJU1YHlM{3f zEPZee{8o({_e47`Uz)+PFfFRep-#yBT6Myh)!L`+p`p{cE#1hz zw|+OWrCo$OMUj+n>azEucgl8?*+jLj>vX{Kz&2?n4Jg_A2!8fl9l(bHb|_CZ>!SN? zEEiw(!dkEX@?QJInl9U+^>wrkMqJtl(axf0yd5kW{9W93=Fl_y%X&?knfDPB_Uuo; zmbVCjb;_33A@(n${Zx{3`ObrincG4eASZ%trj?b>2He<$Jt&#$d*bN;al_aj6K7=P zk}tnBcJ;pN{CYvlj<3!!ukQmd^4~sc{t1G~a%76AGotc`PVT4eY)srxZ{rA0vajJ> z-(unlG;j+KSkjD_1rl&a>1HXbUpWHQvKjW93MUpD=CV|rALh#+l6-4>7jZ69aq1h8 z-|KAE)zq*CW^<`QWrsqF9fx1~&Yumk*mNnNjBT(MN=I8rI2-5SzZuq{WNg@}FunKE zpgLJ>=AeRrCT}Tw?&w^#F|k7&?bG`1JRkJzLkai_2|jBo2AB6ar;V@w>E?l0V&TN{3hh6N{kK|;p~{f%YMOq zghyG@1N0gE){vXrSBxBXjDqt`CDazTTez-o47NNjr^dE)Q$ige$~dmf_t?Y{H-|e> zVPE?c9UC&9v+$K%43!h&?&U;GfYHcVpXGd)F-=aH<*_MK9k-*^myGs8*KL{%M}dTd zE6t0xdKH}tOmty@j=rv^{XMtC)efT?nj3vkU-`Pl87-kNDHzNxKe1@^iyy%G<$rf` zrJ^D7TVKRwvCiw3^U8HHGbQo((z`{Yy(3g6KWnBD?kce*vg!`_0=jvisY+saMLVY` zCo0pTgIwO{Q5GVr;}$=GcU}?iplrE>0n%S7H@I=nt15ofAQgJvLD)^aU&1NZ9-ob) zP_KXXRA?)+f6&D~J^b`oqy23!p&7ndLR(lWE>b}e*HFJ#&Nrn!S@ZuVw-X5^%4ql1OX8Sx#^Zt4=fq&N$va;K#tkP5J znjzE|CL`m9F?sriBl<)FT=+}GygNFzPY_(Htu;-qAngWO+NEcl>K+E&>LU5RHe zr%qNZ_doK4pVa?2&GX`7@-3T};WLR5832#%*y%Pu60h9SI*=;<#FOsW`%&%cyQ_yw z6~~K6AQ_cgH$t#HV9T0Y@d|w6xA7CNgA+Bs$|6F&chK{w=W+Yg&M2Qz$?%#Vxc)Jt zD2oFX3dVqytYDmmA_n4bYPML{US)`3;mF#8JcXezNvwc~Z8YAlt9*f6+132FI23du zG4iN0pI`Jp>3XXA5rk_GvZfH3#5<`N{g28KhilQ+sysl```c@AE1RjU{R+~FG3fUl zKQ0!S=F{v6No?HQEn)Ntkt4SglUUu09rwKYQ9$d?50AHKDG;n=>7^YuexyX|j;ZPQ zL5+>BmZNKp4R7l!CC{XsL`+;Wb;w1zu6h9LkYya%Lzt#XUPPskV~oRi0gWIaND=Q2 z^ImeqpI;{=6>lQE^3GhBgSYq^FyCt8Sfj0g@mP*?YXA;dz$%& zu|Ly0iYTF*t$=+Wq!NP&)m1hgPJ|sm6JS~&vZhm$~-{}+wM870O*z)AN&kw6y zo2wNkc+CCnlvQ@w!(i<0bX~x7b@n;D2^x8iC5hDZvsUbEf!d*vz4V@lHt7%cfx(sW@Iy*tSwDkn}?F5UcWE_Mg_Kp z8hot*?~g6qEEHc+(5SP=9OcNo96bWClZ=G#yH))V>fU^Hq#`j~0cc3#28iU}Gy?n* z>D{~htuWVm3a?@Z4iP{cL=p#F_MGG!(ALSzXl&!HIaErnF#eA{0l3duoh5I75Gn0D zPhEXWrMl~7i-Z^r#5`{CxN-M7Aws-V6gM*CN3y&9O{^?oS&2?%4f6`kF+x3}7mtAU zPhS_uLU&?REH}oj*LK<8AeZ7yx^G?uly{)q_&Z^#8jbn9;88jMmGPGrhxC%a7XiSP zspK!*D1rZt%YH>@kgpZcs=LL5!0}46)46~e;DWZA0*s62xfi8E>Jp=N2%_oF8 zSe`%>Kt3LrTP1ymfABZJgI`qigwY2+PoNetC5GK*yJgk?ht&uG)e%g3o=tkylw(ws zd98Acdjk0_Aa6|Z@-<`%zJWjfV*VlAX~a3o$tCA-ASG}x>(MKVFpORr zlsDKOHYBuP%r{P@abm93l`T@}Z#^-LPqDJe;K3J26>)7WK-8@tuF_ZPb4L%aq|{^L zuD^}m7&Pinjt?A{zD7~C)6llR3*6Urkh3nf{+xRa=c^OA*dx6hHy<`nfG96WbxSh+ z*t&V0-X%`;IfXfkZYEdh!@<(*!PN6IzszKBVtO2E>}5F%y62u1zdI6 z2Tv4^Dj6OTBHaBhY@je)W&sqX3(O9t6io@qWTuZ)cvcM>;k4V~LDOeo5!BbYSKsif z+MWkGv#{;+)l=b?JqFua=>Q^Wv;w)eg45SUG`vbK>37S?YV5HLDMqXx>JlT62UJ9O z-d^;TI$^@{8|lZjZ{aOM0`D@Kbvldloj>JQyve-QS*`C?{~+Npd%Eg44ImjPZM_pP z4fQN6&JFIcs=*PcJyUh3 z-MA2Jqo2B)vB2S=(-36sIy-n}p#E7mq~?_7O6Wp|jn9;O9C7d*A>l>yTbckb+pn~& zGg0QPu8V8i&&=Jbk<6Ye}zJqr5l6or?T=y`XmD3eB=DZOR&P;dJPsFR_x>NSp(Xkkb*)yor+ z(-%9pz%*EB1nNKW=3ZOc=zXH=HIoKXdYyAgCcmR4dvce_nn-^cvU!VcR<6uox;XU< z99$TM>vGCy$5l8ED^@_0E_d^a($H1j`U+pZY+om2(vjw$WT~+8>{Eqzbs_-MAL(Zm zy0qJWlD?Ho2dr1DS^E{Xs!5$b)DGC*JQ$qNhV1FAj?vC<2zWDrdeaja_y=x6zV40Q zo2v^bu-!?XZ!5e1VmW7Qm!Qw+VRg`pOjsMspBZTR2J|A&vnBEEYalQ7SI#!b#PBN} z0Z|#OCiZ!vFZz5|Ru{st1HmxO!uc(;V_PPZkBwrn(pyToj}(FKjeqAK|H%gtexNVX z;DRSrrrX*?)3emuJ+yydVK{REi%QMXXU@ zWkFN}+-p%(C)UH#+HeDav_5c-2nZr!{z~e=<=Hht zzwcbQvideD8D2)#uQhAb*D03JNQ0 zjx_)HyOlDv46L+Yu>bVyy5Z6bKB5tVs;{mgp2NqBSDUsyo9B1#%;dE_q!F)@^gu)~7M{kWjZCk>c41AnlB8WIcMgCI0i~_};s2RubI0J+ z=jyT}>GPMBGOjm7#i+7DixPq$PV0Lu1v63=uFk%&p_NqJ#;{xE_2QUBnlYiDJ4xq< zypLA%i)Kca15Mbs5Fx{LBK^UZ>bU_{>I+7P1j&tqm%Vis-QIc8U}c=F3E^+9lOjmk@kL3NZ1_m!! zOa$?sxf}mnRO)9PGE~h#)$g%bm)>VS&O}1rU^k;XAJE%**2Vp3wefaF4lrls(P-vx zh;KBcNy4_n_262O=!>Bq7*vnDhx8!_xwIMqZcS3wNTXJRh9*1=(rH;;pDBX z6}3xxRn1(5I%fKq#GS4g1vQjy0C4b`5oE#6Q^M^=-f@|6dsjD@coYtGJ#BY^qJTS5 zF3exkvao56+Em`h@$ILy`xm}%M7}UqUW6!HO6L!y7y7`tT2{71e;xxQ9^yf+m;jd( z;^gn!nHj3YJK;PHQ!1!A^y`ABzahLBcJtA5`8R#M~b2FDKhcTdsUrhS5>I8sgCxa~#6)zh`^-F{ovD=3>y zNwrPO6sp&ENBl9exfHH2k(~plcTjKiZwj71%DS|S^ue@39_QpR$Fxh$r|nh(x#v(s zx~2TnFcjL;Rle|y6-4~9nbRH|VQ`%3s>QBT39ILHfxiKr)o1hBx zil>$7XfI6+r0}xkNn4GJYpY?TvsW1*4^@>wH3RVh-;1bw#5!>2NTYge$#}UkpKR&xlVWAJ>|$Di=>fYt!~Zi|i|`s5hO*WcZWO@f#SqMm z_r{|RSy6kX3jpahO(C4zsJNrcI^*geW2nCuNVtQC2zBr?B4ketOg>z857nucmLD&| z*)L2rNk8d-SnTCUVFzTeeqxnz0VDYRUY3!yk0u#^cy|FGb9pr@v^nYpQnJh5;H&;hK12T;Xxs z7|q;Lhd3?TwVhAhpEHUNxbd4U9Uhs%?XCEWxht`yg!sL0oo|)6 zu8#YGYyUd0@A>+V4@g@_+*ufs|N?4qdN3Li4#|vu>+A$LtDivwcSO1wvz)rV%V1eS`i7Y z%yH%V?g6EAt_-!HuL7IZCjBOJzB7Q`2~TQTc-J~Dq7;}IB3iVSj@X9G=_jfKEgQNv z74#6Qq!!dQSB(fd;6b@>K`t_UI$et?0p;9xEoe|EFJ%>K9J-;QzZEX?qJ)~bs9iw~ zq?7U`t0_G8QwPbSb{vWWsZ@xjscXQ6ec?;m5OpoT#W~DwL*XfDL(5w<%m7H`F&wd) z;}g^jMwxBFgG)(?2b%bJ#X6YS-8-y+Sj(KDYF~CyK*9!JzJ2&;K2J%KY$;Pj5T{fs zIO@9~E=&9;U(#4tOCAaiE{WTpI#Q^w7rjX+=RHU;nZwC9Y6HJTRrd1g0LmRtX|TU{#)4quu(pprE<(z?tVZ zL1fb~f8I_;)=&n9DzHqK9OILG52%>+yl}Wx@=W9I*DR)A8@CSQgRDBMXKiCt!T{=L z+EtBdICacjxjy93+NUk#JQsz4*KP#{H;9`aJ}R1d8m81sg461FOz&iD(U-k$m5OU~ zK{Tf^5#cm1^^51cKu-2v@J$%Hw;PAnvL536ir@J%wK36)I$ zGDi9zV|1ZG(>r-rE(EKe6_83Q&QOW2!Tme37f-*d0PW=*Brf%ZvG&6zbz2{#&)sSg zW+@?);}aOUz~Rm`b(%{jYR4H*2z*@ZWpKT?{;_kAHt`A0T>x{(oQt)|ag zL-FIghnR)o+hl#JHfQuDp6g-F^D|*!yjY{NOKsYf3?>Nyptg$C4C2P~RQENFxJ38| zac=sKI_|?9X57TDkR&~Lk%_DGSa1Aj26C956zTj1C;m_lPzjYCPC-wX0_eO{Qg22Vu5FkafS)|8$ z^oBLVhCC!G{ah{IjcTk^Y^nZZchdPfEOP2x!2hvi43&}=Be)IHk-c-D1zPW%J(Lo@mK(6%8FRSOek~); z?#3iQ>$=2g?BHqUr^Hn>_TV~9I)k-84D}K3Qj?2-9#9qTs@@y@x!|AAYQfnK=1G(@ zZn+MpkBw9Mrhv*|p8+eXu_L`SXA!#I&W(Dv>B_xyg@i~eFu-akuv>xI!N71;7UwRs zo*gE!9;4=KQO{$~223Q8VW_ece$xe%_so$W&59s+&lH~wtWTHa|q8?VU&yLC0>KPls+uR4|tddsEB3+N8oJj3iV6<(g*I%+Gv zF8*)peE;L?lX=DL4o>y&di5**5$Amu)3JKIO06Gk{DAuG+a)W)r0SnCi=Hsg& zjoZ_>^F}7g0mR#IMzL;TNkmo0(9}7lby2Ye*~wo6hp;{Qt=|e%481#oBiL_q1@~vt z|F@6gAHoT!iuw5mk~unmQ5%7>-EToXa38qhzJACG6wzt^IS0u%x`3zMmg)&&RJU;g zrp@l;veUBrFvyq^Xo93T6igtK2YK9gsqaITKu?=bZuD*24*(vnZc;%@!p6L6vZ?z# zV6%!mKq_P*EBZjmhL(hlRw`ia?ucdA$t*g**|+xJcN_huJQ$!d0z_Y<&7ryxmUd#w zhvFN%pkJPb)~YiZ0KYgn8@Ao|AU#B?r`nq-;83h1u9G|}AxU)xGD+cDTUwa4HPp5X`)2wmv(btW#>Qh~joSWqJ zFH@5NlrUXhJ;D$%5Ud*uuHjLG741xJ#vZV}c&ntKqtRVILEX=3RQb>`3NoSt)={sG zldNk}DFRA60Z=9t>u=F_Z%qXG^cCI(f3CS=-Wh|rmhl=e=M&~W$rJ^nW$@6D=n@AV z)n~b~H^f~k;XA+feDGX*&2%+lwl0J{YtU~`t@$Ve7N`u__zcKuZ~8chvFVEW&amf} z;70mky!3_tz$%k=z9V#@AkZF5L5;>X35E`k`6AjwhnjRIPXQvyZ25|^<7YuAAkCaj z#gziSN##*I&H-EWW(+r}kte4{&V-Tm`^hSFjTzZ;#W1MO}9Af|UX164g~@<;qHGF91^vb~FDdpR}S z875GILv224;c>Xw^;1ot*WCH4PpO1u(Ja8{H6)6YYy8(NfWq-HN1cXO2cyAYrUO|k z!EnHF3927F_#WLgHhN2RlG}H5OoxFtJe)WPYsb5c-geO0I;X3optOtCs!iL>DiWrL z8j;tX&Cc{)b8RgYHd>6?H1kg2E;fZ)Sex7TK&VyOIe(ZDf-uKjLChDIBRv4gj3Fyx zV86CIwRT5rE+%vba>U6{#s9OmVb%v329{u&zY(3G)KQX?#*@<51-6bI!S<+w1@(f7 zyHLef=ayc62F1@x`^v z$0ZNX_|o?xg5~L`Fxdu;R7=NXioF1(%0 z8P>ILe*@bgzQ3G^d;Cb?{#yRE*x3T8@GarTB%rnipOqfXW17f)PMZx1(S9r%a#Ypx z>7Sy`B|s9GD*D2q-$^+G(Btz6_RFu=P$Z>la-Z)kxh=*2?#|C*rHW_+DEU^62w5Mn0$~C5KhKT259I)U?|zb6rKI z{00tEM$w-SD6Y%D%3QstRa?1X2v$HEA`BHsEUBehNPEvA9qzbk;*aBUQ(0yP-g9%B zZe>iIO8?o(>iB8V5QfxnlKna~;l`SkNj7xT^;?6(RT>unO^H;Dll48xcZUX9DM(!p zR^0v7LAA4Ug{%1YJ4^QJ6;2g+8BRi~E< zx5H)#WQLBEaqjm6LFWLaRpJPZIUu<+KXWW@TbT2~4(qL6OzPN@k>pS}HTOA}IdvUu z({D0x?iWNz&r~OI0Wgq{%PKD;FSlv<&5h)Ul6S?r{k1fP66YCzDon5|0g5;|MdM){ z*uBdK4&Fc5g{ZL*ZnwImXnm%oG}ol+hs|{>_yFAwVkGYON2`KkPCf_uxK1GN_z;;G zl`73MgnMVo3)U}5)6Bp~ll=7QyB6jyk2qfqYVOSFx@`-==C(hS7GRRlq3pkK0pM!+ z16Z;hcf1RFCu3TY8unas$T!hN1R3l})hYTkz90yG+c?7hBp- z)b%!URP2^qa}{4v*Rr_}4eFGY?a!0djJ+0{lO}xI-G)(_xY%tbD8w_Wt>XRg_Hb8O zobxZ{{&o>UduM;}wu((6nR<78OX@zKdXV-r|1X-go{1?ALib2&Zx$ZUiPm&Kiww>1 z?%$m|s?~H%6T=>D_-PHh0T5B%9_*dD>poK?1*xg+hmp?F4N;wx_l(so>mT)e5F)hc!ER|$cgJ%mEF8h`tLgFWGQb6=G&^KQUGlRgI{8c_c^Y(z&Z<13 zM%88wa=v{P62u)0=jDq((f<8atvw`oop10I`_kW+BZK{cPzZ_SlvL3d`l=j#yO{36 zC0Q+7BW6yhT|dzF^9=Nt0ll7_kDQ~_c6sW{?cK zd9Sca@Ro^%zmG({!K_%tkcH@|HEBb}%W|&o07^&kAz+e?`N_@dQtYVF;R}y2;^=;% zYJd)zdbNS4-sDvaG@&dl(>{)EV+;zOQbV%|agumTsDJr#Wj@Z%lAfml+-!Gqt{wcW z)X|IN*usJf=%V>G+oMuYR=Ar08-A}d;<$Y$@>xurn-Y*}8?hoLQ$(7vbwRHkv9ppt z50fh;Y+P1MVOPwD1%uFc-ggZ~qUtPGv`ca8{4iaAVuJY}P%|KJDtmWWtrmz3&@)c0 z7qbcsyzC_fjs!U=RTNV;kWkg&CQMS=2D+vJ{JrXgV3#}iyEK<@B^j%UXtVUMpiTv zYK7XJZ~N+TMw|+HkXY4~W0P6Tbmr7+J7fi~UNnzKC*HX)c$vL|tsYF7 z-o<uZpM#E&A<>6bJ+MVk{w zt74``$S^42y?W{`57*9jKwPgFa&QwJ?LI8~=Vl2&4~w$P<_yO@r(83{36C15ZxRO) z-vFvBquogD+6)3a+U;&hg^VTWHsr}ax5@#yRon~Qh!0bId(J?ySJokfs=_ID+)LAD zqxP3951}YBMaJk{2puAO9i@*m*r9O&1&J=91y&`B}UwcSs}*7D<3Y_m0}uGntnD|^B&Cttb0B0XMN!B&%EQO z8qwU5@$nk7JuawW0kT}cL|g^wXBEI4-py@mt81|uKMQ=zv-!N9RSl)5`nNPWkm%%4 z&fGNQpqwclK{%J572qu_3X1A^%KnCCZ?%(c#qSL^9 zN~p}$-1s$Fq_oo2W|&4Sf-=K#Fuwl~;+JA)I6DF^mM#~axVB0Dr&F3z2gAAa-S$RH zLw;i|(3UAZxA}ieTK!voOTz`gmim%YI<-cldLBN+!N)eT)2yLd_2)LHWJAMy-U8-E z>8HaNdF_O-w4z72>+tMiaHKrhUeyFV1t)%TkzCC z%*VegGfUOO<4K)?cc}%C_<<(8vYge9S$BPmrl^vRsrFg|o;tEU*988tQIf2z%yax7 zN=pg&m08lykdHl?S`*F~v(N79i0#y+AHe2^%zJ(wUu0qHHydYGbp2yMXRYOZ0X8rW&E%8YIOh zU;;uX<3cBs`z3?k0UMs?6?Ug@?MC#Z$TEKEoy^nGZ7mx7Ud?~6gcF#(r?)(qF|~h9 zs8*6Pzps}g74f`2RjZ!5B2g7kbG#~l_&rl;i7z)kb7|bnQe$IQp;PhIU~mX=D^Eu* z*XQlu-VIUn?haU&8T{R0aZ1S17ST|*IUoy}+f8=U;|tA2c0R8hzxAaT4F`R%heW+C z1&Kfzk%1iDyOD~yk0w|TLm*$4WD)I2*G$_#k^gx=TM6D=N??1hpzRP0Jiz)FSM(Nd3i83(h< zr}0AUI;id7drxyWw`mI5ja!zi*oByk?oFCBmM)8>bi7>*r?R+b^pIig74uOGzNyYd zb-o3iFr_RKX~ERuUKY377L-A~hLyX|#i+X*QRa|gF5%wI>(aEPORS&+Sp1jazb=xZ zLKKncKRjvDIiPaZ@PVL^#UI%|@MgQs566lxgpIcis89=X#XeTY0rv(xZ&5M5()FX`1=oWB2{HCv;ae7l0$RFD$LIzIi*8SY%0mLf4*uk=RDMMM(gN*woBSH zuirC-;{ykMkwel&o0rn(5UySLtz(u*m)}xee9C9+Z?`hAv#sVl&w&k$Bkz>p?Y;w= zdGhhI9g@I!y4!`*z4lg3M``5lhht&jesY&OKqRF9=fLr<9o<1X&#m^{2UL%61Y~VE zm^j`{`JPid$OPZeEVX}=XYWT0?Me6KVQ!y`0W49yOOrP8Hh(#)w|7Q?=nV2eLAPpcc& zg3Lx8-1w$~M^lWN^8SEguHFW>ecKDb|GfMi;^=}*;JGL1E3ora%J^q$i?*@H*a`gf zA{!(hDefX?(kb&HZSeKBz_G96QdC4_brQQe&Tg*xZ6_ZosRY}7+DA55zOu^d@f~#e zIcQ1A3TWcUQfUT`8^yj#KlI2!PfPlteDx;!8OmLf6P+b&$}(Jv<{C#=S5NpVyc93% z8*Lm@Ig?&*&0Tk~(*3Seen3YXQI$M{%l$l_ef^rbpC)c~K0iQu%e-DAb1+^GWYVbs zjDZy{vG`cvo7N>A`upQrYtK$-o_D{cj8q(b-_NnLgc{I_G0041PV93D&6I+b4*jJZ z)-^(rjDN*>oY|90nz>cx*|A_yy_DHJ&07{%404&OTH04#^Vm!8si2lE_jQ~HbSzBJ zY%av;04x*!lPxY_+toiVp|RlsQ3qwyMPh!t>7X<%H);`={LoEw|A~=czL>I<-M&^i zAf3Mo#Z|rvt!Q<(b^|@4Fn@M+Jr>?e}*|g9GrvC!Zs|;oJRq{pm;1F?tyi)P(oWs zUd}uh2YimPbD^zrWZO8)UGU69dxx7)(cqetVr&8qFK_kyBnGq^@oWxBl=06ypwY(j zteXuQuJwHq_THdZhKxgcOOVv!FZPw4+NVK~?DV{T_Ks{M!87lzQXUCxz(z+qxj(pU z*t)RFx6v%Sg}4|{56HE%H1`l(^X>R{#PE%axnu5YtU|3MmXbED0rUwlyxcZjWrLy=0cvBd%0QMl-d~YV+YOgH9DC`f6R#=zURZoTU z5`*s>n@8$Wut9%(U5Zhxf2eiLh`K**tf`$wYYN65=~9{xolGoQC?0>c@9%#r)RR@5 z53)?+U!IfQzc?=%^G;GOMYg0bt8jX6X@PL>4N+VYx=fCIl>AVxYq?sj$&hs>r`~2_= zLEFI@7jFKyK^^yQ0HikX+AZ21?7ogZi4IZC^{c}t{ph7}%&>Z`C5=0r-2w-Qitl-n zFnD4+A`A9TWyL-|KJ!%H*?hA6Ol@wjxkOGAYH=uNPpDV{sh}2VC3bcC1pYk)Um8a}QsCmVi4X)8yvudeGaGrD0b)?SNooa@o z@UKUfOCy2ly%%L)5q$v212Bm+OUX|pd#+s53V;WHWy@Z`!dnQ=nqIo-Il`A#&sj)b zrC3%#&`Pks0vsYb*Br|F`)WKM<3YDc6C5Lnk)j&Lf858l^<`%+5_eD2fXq&!kL>~N z$5e_s7KOgb;GMl{i%Ij$4WNfDU30lLX}bfn1gL#w=orm^9@ zV@)E0?Ofu=D~ce7`9_+<*ALl#jfX_g1ty~gbA4F?-DQa*r>?OAG6cWtAl#Nu_^!`3 z7)HAqQos)%h7^1VsV_09%e_*$Y*Xqn} z>b}uBvd5V>vgVeA9WHV3Ps9LXomRjiT=IrOPLpq|VWrt@py%zgzAxs{oi(sNr{EaT zjyLjzdo!Y>9kK{S#R>C_AB5}GONZ0ZK1cZ;OnyufZyXUakw2Z(0PM0GtFlS^kvR_( z?A2B}3zY6SNcshi+YeyoTtBv*xwJYYz2j>ghPWm*IgxWDAoe}g*^SLeE-p-S>2pv6 z{nxh`z4$;)_TEnSC+E?-r{N6VBJXBGjWYVNrBgJ^#^E~~lI zH5Ti>A%9~n*h$*@)P+h}OQdIUFTi_Sjd~`H7<*X1*8uTKE%Lg zf`r{stMqYQk8UzfbQd0M*hDvSVdW2B-FuJ6aW19s$7))*qxrFa zj|z$mlkU+U*F6O>zq~XJc6s*%b{pw_(?mXytoOHs7Zk1Iztd7qM1+vFmR(f)S1L5M z{uZHWGFgr}#=#gGW<=`c>wcUhs}Pfr{h5BbntdNH&)#Zbd)B(&pbBdGjadR(f1tCp z_g|7Wh&|)Mz8-&5F=aph*MVcjJxL1hBG5oz4~t1LZc#`Xrm1k(j%l zj~t}-@tlhx!YN~rpNSLKc9{TdVnyC|!X~N+DZi8)sgbO9Fs2#}Blkp0*&{c)>sFea^r8&R^le#_g^q z(5O>NzLwnvUdiBDc8QeLs)!FD?c~Nz&}?27O>0Svb?o1Xndf|Sc(!~uR`XsNEaw$R+q#T!oM*v_P0>tH| zbnelt&XlA6o`y4{?}JW?+S9Z?iO1t=1ZNe4!0fqWfr^zz(2WH!eKr-d#n-?5JhU@7RJ1+=XICNKzU~L zlauNa2>%s78%$`>$}V{^0Dyl;Er`IPa0s2tcnQqiKK7gM`AYX|GqRf+xeordb3H&4 zUgqefsOiq;ls?U{Z*#rnSuVo-c0<5hs%Oh62EpH5a#RiOZ7OKu3Rlzom#V~x`@ZL<2!g;^J@oG;QwWM3?insA0Cfis8GOUo=L0_;h zuFc}m_fsWb%$m^drZ=poeHmwtiHxHB)$V+7YZe_|#+}sdNPQa+2A%}=!+2{^` zoOx=LH)@{n`5L0@CVkPVNPTDZyAv+D6;K8tLXCQ4wL^HGceifj ztf^-aGiH+^&5}iM%j-WIrq0}WM7kybH0#}5lM71eQKnJlz#md0G`CEAlR0a0l6iAy zo^pU`f7F+3uZp^PBk6oq33u*4W5t;x5I!&#`*|KW{AZq6uoF?duoBm$`Vu~O(pwB$ z2pZe@DOv+mKMHOJ@iF8|Z1mZ=H3}0Jy+?wPbKB_Id~^hBqh|1-i3|1gg%N8^$iaZS zwU(Tu$6Hio#=JRt_pGLeY0u1re%us*G~Y9n;9re(M2ZGQ^3=B_9paK` z+@B|7KF+f{1oOn?qNecd1n1~!q?A0KuCk_UiWi#{+htGYnS0i`a10$TciN0qtuu^u zCJz23k-JLI?m%h}3q&U+nEy@WKmwzAB^iOWenVqHGrw1B#X>vJ&ZbwFepVK&g zEIM;lq`M;%7yyw8!+V^s9+8J^ww}9d99PyC3 z6p?AqJmm(&nFb2tJ`y~fbEv*r%g3H7K+#MKL)qe0>-Q_{R2rH(nDV8w{GNrG2Dv3dM@9KD*Hh$#}50UGZ=`2FjVS-{zLxs z-$^lO!qrrlAfY`tzRFfWfM1J+dHTrWqGI zE_|V0PeDEs@VlQfkRO8~#-M!PB#yGvmfm}UlR@C)caNDRDJYBYxmPU&+XsWhyqkL& zDpwDDW*fw+=^dMceCB+znQ9T!k$kbuICaW)6|KhaBQBHMNEZXm52K%lrSPUWVZrI% zprRtVYeRBr0!fUkMa`#6on3;WYmcQ7xf2)P&7EFKT=i0}v#?Y0<8hhicJ2{rOA4(GS9`XeN)%$enl492B&RmujI0{z6^UbkXq6JDm64y1B zvGF!?{AcknI*k27Z~Ka8?sLUrt#_QbP9)q?7?q>Hx>H&o=iqyHc!$&Qk&iZpmTPBm z^hS*jf4rSZro}c8HhC*^o1Xmrkz-k(IKMyLad8<~3py}wGZ ze;?V2j0iAM8PZqD*A@sbWw#-;w!Z70(}VJI*$>MToIXqMN%4&~<|g{-J?V~{qFOUx zz^<936gx?(FWBM{<6`a))Vu2|s4qo4w{(|rdrR0w{YOEQc*51vYS-4e;{#e#YkFIO z#%LM1C!xhXgshDvE6;B6n1@VT%;B!;GAb{ zHz$2;Ej6~=%BPr9D7b-J%%ilY&$PVn=(60iv2Y(=8fu+0D8(c4M@ciZt8#t%c zOfMK-)SyWz@s(DJYMvM=6Wcy{vN9T(V^&^0mKgx{(x->@{$Pka1ZLjMDA)o?N!KIt zAh9I>tu9W3%&LlpqmkCkSnq-xP9J1HB!Zo9G8&1RUT;>PuqBeQ_(dY1Vtw{!Lx?VD zlNMcB>B0~FK_0}(k%v^CJzRH=76YGpcy_jyou=$93C2{q8SofSfJ6|RoJ*+>6|0%*opdMttoUV!MYBQGVgn|yHY-(X1^sI*8$bcxR73PTC zr&yCaUEkUt-N((&Gl#|>_Q@VfWI~C!c)&R_0gJaANL&Rt+ii^&L*7pDF9cf%49T~= zeKM(J11w3&mSux%ulgGcIH5|Fk;<|omTdcd?EcO%Pb)A3yNd$5*^|Hu7HA}8#q^w? zWw1EhKZG%Ny6Np6@L58Uz+!a#;+_>2nZ%wk-a)G^1r;VWZL*OP>RmU z^9&4co)%ni8g4F)QXbFW3P^!y%UfdV>{oR32O4Q~bSy$Po>8`j!5J3U{N#C_>M%0dO2p^J*Fn=%e$!MWD3qBGmt2>3#rTrsO#}ji3-j zWn5w`BG~Tm%S;O0eVCtOtQ9=!U%LFO)cE5cBzT@z209Z8pI1F{ksjx26YeQwh-@)6 z4MIr*@=7T-y{C)@>0H`y1vw5{&1S4s?ZaFpJq9`1_bGS^Kx*YP~_JjkdqrU4coW(8uJ-2pV9ElrMdGz~`8;2s7VsDrm7f zFn6r9TiCdlar(%WWx+3)$g)HEWhd93T!r=1xszv2!(}aLUAJx&stx*Q^r;4>tAkFw zUKp>wWG;F7;tx|i_j5TZ+uV}^#(#45Z-@K{wEKHC zNGKCP@(}J<&X_j$C8{91+t?1jp`5nZN6cN@8Gp|Ba5~shEB|$*^g*He$2XSb!_g%{ z$)GUe_>=O>1|sUbQQA14>EBL+uU1b_y0^S0rDW&c0U~u0Rioj$fKTr#I|5ef-E|^x zTG>VOWav-lSw6B)7q?0e=OT^SH-UXU17%_pwO(v5+C8*m7v=RgengJ{ak+UDYWkOy zbW#f>6Bb zWk6f3k7;hOCsJH6&{y=ZO@Q`?)ug8Q%?CnxBrGF!1V82_xzT)|?GIAeM2aNBRZBE1 z+1GAQu1v2|dt%MRQhxW_t-YL{Jg$ZfFQvgKrKvt?=@8^|xG!gez~Dck_s38g(UNvN z^Kv>}_Pmt-mlGKg?JEa#Z^DYp!=*Gu&DU%*Ooy>wt|Q9ZB8ke*MFoN5v8VDFrj1LD z&~a~b9ozwgQ#w#Ferf4drp1YLDx6=oB>P32EVJGC@9V|F(-oXr<5TCQ;MN}f#EaI* zPBn{AtPcQzmgq^xr7nIV0boY>}PPXSwcBB8gXGgZ2-f3++p`olv49<3Sm74-uVZ+$36Zd)rJqf>`n!>fR zy>}}#LQ+w~o(?M?Xi@arin8T3v*=p4`Mc9;!VOloi$2YvWp}6fC6`iaw^#Zc3FTGp zEWU)LLMnT^a?V#KM(01A88kgCK{i2%o>0x|Ys$oR_w-S}dazqGdwT$e{`Si#&2y{* z7$*T73~2-Q_luzeU>ppyY+HA=Rnh|D`PR&j`$@$Ltdt11v_4_$OtG;-LP_kn$=dQ$ z;Z{uH@s?tO(zc3ZTGnTJS>UVkwV=4-^6?-oHtaBS9suLgm_F{v>kN7XDK92>52PMi zPskZ{NYeFnzf3I)a^yU$c?!~;S=n3utLTb(l&XprF-P46#N8N+Ol+LsnTvjBPPVgp zHy41hC~p)V_X_i@s>-MA4G8oPTENxM(|n{=-YzgCuCnm0(aAnL331hwdr01qK`O7ce4#vqK3QZ{8ieD2we+7du;AsUj4rO}B>jEyPQ46PVKcEI)19RWDJ4t#!Hxp8`@vfcC3k zXk5t~`8~RoH|uGiUaON7J=k90N4L);bG4%ZsgNA>;R}U#buF$b-*%AB9vj3_Vdd=k zV*~E?>X01IF{iTOEOUNMOEQef^7~wj6?}?n)3aR6kp~#KUq39&iw^NAl4C1U>jsAA z|45^`NN5^-E<1`-u^yOIoW%c@G-O5)J`LrM12%|5C10+!x`zbkncbneWkERY(Blb? zsU1JsVTk}BeYcdhsHHs|i*7$?WXN5EQX-3qoI+OvoWyA=`fF$V>_Ub6+TZgqapRQN zH~u_wy`jAk`Qr!ZTEoZHYOB;!M<2Pq!gU<=J9#dxn(1@8)t1P^m#uN^KBg`NY3qxe zkz!rR#X`=uLJKOM(Wfi1vwrsdsBoA=t;+CXjA^t1XKSmX9g4B>aH?8%5rap zCuU=4FT9727PWy@tY=vCvz|nFh~B(HvUnpqy^gS!9pogr?kM5{fbNW^&Nh1dVv6%M zSFUsX$&I3{4_KN@pWE5~lc;D#7IAskI8--v_6pucwWI}ZB}ciSIu>po-eLXzrmHoe zd?i6XdS8%kb%D7r5G}Nu5(^`ETg>p9iVZRG|SXa%Ny5G4PU+Vy*UkQQWS$&8G6~{j!^Dj2G>$uYP}F z(DFq?CzzIg663`FfbNq!iFrmM!>9YFH>dO9&l(iByq|{OVXb0@>e#R5!5rU_H?+Ic z$AJ~Up1bU1;z!A6e~P=fNu5!i3*WPpc;F8zKAKq9sU5tjkorYEDen;W!qOV?P9$ji zn*0)N#j6*KT46xprKGs#9X2}%^)wHQa(Fy#Y62XP_icCl6>?X`7ZvI`U}&S5TzmT- z-S!40vV_Q2R78g97<(>oyZzZyHy@sqh7i#4%3MRCfwIj_5|EGQ4r<`qLkwf zigw?7IT{er^Z>Hz!{Qz-h<3fZAh1HTmI`W6SyPwN%ehrD>Gk=MM$Qw z)$G31-91G~EwNVD2wnR5prR)^wec%Wnk%vXu5GLyWArrRVPHzuvP;GE$1dI3(8laI zmQ*SGZx;9t!gu;&aQX!4^tU!icxgLGk~1D3;txAZ=o>P#fJ37~J+g?RME)t#n!9>j zL{NQCXl^=4`!5rY{6bFKxS}u8itR$bcbfg0m|xNXaTXCz6$IXW`vJVh2q< z-!p5=B`WqSTUll0xI9|@f2EVD$J%AW~3ZLApSZ z5U{=Nl1(SC2@$Ul$U2ALEgUquXgH)Df~XY?l3=R70g#x^SjL;c;wJYNKlJJW?G zXtI1s)p|%m)^bm(ZS%@Kw4#t!e`U+h!%DXfp-3GZuYXY+QazW;XsBKaW%;IXFuuOVa@bynEd;L*cS(eL3jl7LxEkxSQh zTwa$&ParJ_^o}W|X5z2ABJMP-2PBOf3_Zywhqf_iCp|f@jr==RaHR{4^SM;&{qNa_ zeEv%d$M>Fnyhw<0Mu0bed;*9RqdP|y(`T9loJG(TulJ^ z()caM{z~T$-8_S5jh1NlN4P+J#Ha{1R6ASI0qhvljFM`d0!|Kxi|UiUcJM&Rmqc38 zM;@!=7^bMcl~{dS$Kv~b7$m#%VDmXLIY;rRCATXK@6si)94=W<)LH+-f3bNO;Yf)v zC#nk3)kTJB09@j=c5v(zC4+($zqRJPP}cYjO;y%WU3Jp9#(k-iuktbbpQ7<)xqbA$ z>3o1$42A8yc0t|?B-g7@aeAv){25WQyQ}1z+rZ3+H$_$sht0v(UUcL@s`b553DkC) z+EXb_h08dy`P*sq>xo2}uoZZ9?$~)mH&%v(VY4vdEg(qNVV}_XVqcc^S?p1p@nUif zaj|%VVgyo<5WWF18aAQ-5mad=5qaa!pBl@*I<5^#NoueS%C|5Jj#_IE-xu5t$i8`e z@rW4-i+7y;%cDt%@BE>#ON=2Lk!=;<Zx)LzEFCCerx;X1&c-6Tx)_`BT26dwx zd%T~O!;9iZ_)wvu*h1(-Ay|xxTV6A6 z;g|9<_+QA{h*m0Sf65TK)EO5wH}Mz7xb)!&mUPu)-c9dZ~u zK@o8lr@573N7%pHkg>Ky!8z-nL%4LJFkIC1pc{k)B3PwGHa#D`zO@B;x$+~@1$|10 z?@^^LO2|Ujkklh^X-q#715fB3i*}KLp%gI#)8_bcS440aD^Jg0oURxG&)62HLv&(l-*TLo zXb-WvKVOinwu83<`;>(}0zw+=9=ssbSNU{EBpc`gIuE>*li~7vBMJ@6L-!^LV1@<} zL@rrFdaDXsmIRoWR=aT_Y@3NW4JbSrvuYWJWNs)ftlql46lAsOH848*w^h?OR(|n? zIWA^GE;kO*VvY zE5n{d4xSzK*wIK1A0K2!0`n+xq(lz^7W%$U{#%SA|D;fEZo7l!at=_X6F7El2qw0g zlMaDaW>VFSw3vTrb?d&`QTAgFU?;nrNMJ1BT3+)-cGDdLj)^%ns{}1=GlyD!h_!~+ zOl}^c+XAPVfG)$>+r|El5f(Gke4Xp;u7P zonzgVv&hir3w+i3@LHs{9QW=}&u%kfyh91V&IgX=-#o6isopn+hveK`+sCBe`o7@; zH!1~pYF}aJBIe+3XtI7c4bLQZ-UvX3w=mnhK1D4B?QW6rY^h%k(pD{wND3@pT~_ED zI$j@%#=pMX$E!7CX6mE%fNG;A-GnjgRB*>LnjDgsb9N!@u{wFu@HCIoAz~p6%#5Pd zI(ktn3(dI8ttAnfe&hvIwmLQBSaq%JD%0^B`_zZ(a(uhzJ><TpdWi+36%Chf3`H4}NPg+4J%( zH5)kD_#1Rvw);{hNU^%4)O~6~%0AtgGdH=(=(y+ydRF=xZm3$Sv725aymovNg1y~; zpKD*XW+F-CkR`4b@-|qYJl@WX2dFWmws~Mp^TlLj?dZa+F&#ytXaDy4|HhC054}<*b$Zz~*Mv^+%3-DqNt!^h*l0D7 z6)=#%hQ(Ukx(;fichj2F+bv$9h7+sd@Tx&VJX&Mta=VGU`sE#tkKiAk z(XA?%xzEne!5j*?3M&!6C06!GEvrr!a~8~7J+!SUXVe!_n%S9B{JQj4t&)!nKRrSp z)(UiZ4~D{r<3wrCI$qV9cH>=Jzy4G40l zuN?m!)O(Kolg>h3#Ot9CjzZ=wnB57tV#+rb5Ap*uepEF1$j;l zCN8kR@4M^lUH1{`a#GWQJ0PC73G65LnNL^&RVBiWAg=xm2N!n-ic75f(dRsTP zJBnIzNZ23z=`FCjsgGhfG{DSRvSocUcuZLS_@uUNkiSJR#2g1I3%r>+4vF*bJzZLb}DC=_>yUdke+?vK5ctG9$zVzA83|l_h`^E zv$u`S10Q`R8EMULs<>?}nC^3hCK`n#d`jZ_JXU!Lj9%yf_5`F_I*gx|YgjfrK4Hxx zS1;IEWyl%v#%GkHajW$9#NmklXCL=5)qqNcRnys-#UsL$E~hO630VYNJa)gi^k9m{ zC`k7}@sY>snylE^Q%KpQhplq}2GhI<=tS;?x@LSjFM9WF$m3j-YLziXc<0ZH>+Bu# z-F~aL#;|sEKC9UsOSCy6x6A)&X3TH7j7A$*)n}rW%1|6)q=oUEWM*z#)*VSiE)343 z{#iEmoFb{ik>XkTi*8w?Ce$K;Agq@SGrk?$X|G1jx;Ki=1$eEj2}8V^=K~YlCQUN4 z!AP_c4W?thSS#xwPpJP(EA}W^#Xn9nyLlsG6?SUov#7Ybz_DAjJMp{55d=pf^)9^< zE=qfwVnFKhkiM4z1{D?cx{x#&6n3I!4;{gUyI0MCVZ^ZA5_=tDGR!a~Ns?f3`t{Q2pj7WCD#r-#ScA+8dEV;4gNr<1GtNAwv_g!| z|K!sZ9aFE?`YgdAm&c&Lkh9crIL_kHY^)esd zw&<<)LkOJ`7gq3Elt!J&;iw+cP69cLjx%OIF5$iPB6C*$fk)DP7KJzc-#$qn&W3@< zstnx@_B(!#@J^}!(`S@)GkWjbbzFE$u~~^?6k+z+)>DlR^EiL%+67wL3*j&I2ZpGw z_*<&^Fcr3md(Fr?3KRQNwsDjGw-;r9m_D=lN#Y-S;f{ILLytdtI*m&NQ>mSL#(>Su z&!Yb_fZG|XEwGMlxD3}yfamIzH#S`dtNBK;%o+C^zZ%WrW+NHcksl-Ro`FuoZ{_b< z5cX?f{X0!@am*mfXTY&F|9M%olto!EzJY4$T^5tM?cH{lA}Gzy-70N~#ORjfzo(oE z%TACZSq`%14h5~S<{!T${1Cq*Bt))|$lsLXvrEBPXr$Re`sK%+HsO)0sg;c1aHWK( zQv4$6=lzY+-3&`4T^!Cax}+SEU0VwXh$TnPL(`;!a|n%f$5-X=>Hq5<0xL##AOFn_ zyq=NxFix8Z+4QXvNB1@F8*7jrm-QrR{fQE(+ZZS`#^pKBq6}F8X=#z z(AFnyXqMXw&-tAYW7MIwF$Wu)12)eP5qC#EcFBp^w5oRZ?~{TWCL9YgBY2WkYy`+| z4?dy-21Xp6$z7n5o1E@BvsU zcXu9iR_f8b_*fEoDfBwiBpq2%*nou($K!fx!C!p(-~= zgcZc?7}KTP$4t-%Wi&-sP!A$ao!c6OMisIUlWsOm9=6m>7jgxwr{kAq`~-Yz>zA|4 zDdRzb zqJ|*7-(#7;?r1=MCw6sQb4!)(!f>M8mdUQOFplEFZm)OpcU{ku)%s0rM?br^iE4#} zrD^{E4V}$<$>o4a%v z95TPJcX&ixwj;y=?Vyj*1O=Ecc$<;N3GHxs>Ta#GxjNDSFY=b!^8X?2t%ItL-t|$~ zY>^NtrMrnM^^tU83E;n2I`!<}+VqKDsmXVhCt zub*;p{%R6N7LwvU)gnZ^>#Taw4?5EKoSc~6=Re1I_D`87&ZpKQLrI^ckZAZdX^GN9 z$&*NdN~v3UIEsVZcI(dF>kr`AOUBR3xMt%8a`&7``j;(#r_Gt#@3)mt_-J6S6MY13 zoCE>jg&tm*s8b68Wsq6C%Qtzh207|;Eo1fncqfxvi};P^8&=m5&=A|d!6*anWzxRS zE*-kp+yx2omZLX`ZAJ*O%gazu*32l5y^mIY4>D4VB zRQvw0(>a3++PHl4F7K>BI^S)cr=2~s3s5%r{{iFwB%^~CU<~d{b=G}7&HJ)w{j;70 z`)*S2$#qVGrmh44yj2Xl=9&9PD9LTqo=vq~5Sw?K=8xFx_x14?E1k2OWabfRV|Zpm30-|1(RL_eaaOk>i!4>|^y} z;Fo|29-#3<-_=@js_M8OF{v=r0<0ezMdsw!;$sFI#8z+K7SU!=O|eX<&mT zX6wL&lgZ&Vocp5T;jgA+#JifV@r53(=ML*HkZM7exuoJJzi$iy%|DNENwAmJeT zTgElvR7Cm#ZbnMbW&;JF;yHvKUHh7{RGl`F+dZ{Bvq3`iCBC0y&dXUYw}Wvj`~H7& z(3_G*0DUTK1`sLn&FMM51-6oCF8D4|?FBG*stO+0+SdrvG@FkDEdK^0-hIaQ`@Xso zo)j;e{J;r?W_7h&`=<8*$HvHXZTJg?B-9dpj;#+O0XGj=K!!G_=$|7}-mRBCDPAIR zWf#2i5-!qk#N;i~$aDj1;CU>|vyjyK-=o^R0sRYLIeS2ra{>05A<@soA18?Quh>5 zAeEZ_7W!AevrO~>$$O-}x4J;`;a92ST~%4MpXCI)x+stujisPV0D7oYx?0s%mQIk7kM6Ckj&KC0q@`~m? zSj-bA)#<>uy)AAojg8_No+@0wEcn8sr{zZyy5<$VbWy719vuJ=9?%buLT*TAN_P8? z%&&{;qA$>VhkLYKX<|ZVV2x+1()kVEqR|e^|BNAs(I!b5Y;6coQ&}t@Gric+yYc#v zQ^gEG2#UFJQ=^i1oZESgmy`C`pK)G9Xly6;bV>7N>%0*8cLTWZnn#P*&L+2d=8&aL z^kmO94c5#i+}d~?=)QXK2IzLm)Y7vEt&+q|JRz4`}RVk8Q_vf>%9 z*>E6sN^O2j?%b%s;YD8VlL~Z=WJ5?o4l*t!ZLYP}`1XoU%4glD-40(4Z>o$aZ$(tD zKl|h9tXLut>}+Y?OU+-ov+g^FsC3C13Iy&rImX$!j@rWzXd<4YmRIPqH~#jzh`3`M z*XRQJji!aq>zvA^(tq}Q&{kFh$wnX+J)r$hWQfWT!(d#a>_cUK?`~4cHNa7d!l9C( zY>3TgH*=g5aazG;yYF4IXVyB-Is8zvmgY|v#pZL(m=-O>_)m@r%$TPvvmu}CIf3EY z`$+|VwxwB`b#vT+GyI3E`4t5!N)mZCGy||-WNu_nJN}6@2BwuQRH%l=9lm<#TKs`^ zF0u?B|LHqnd=4*4SQDIG`Ci3mV|KgTdD$H~!TpQdhF?n8{;sNL7ue^zLZ#kU51y@7 zE34E(v&vBB>ZkV-1%uw!!KYM5LJ;L4jdgIE5X^NNfZ~^j;NyRfkuryer582)aCYyN zO4YSk*6&$tS-%yXaP|Wv*Z@bDwqBCr;g{#B2TUKNY#nbgTs&`}Q^fE89d|zq^h|MG zO!b|^KO?^HN6`wpi-#o(U9U1!+L#vO*G>Aw9qn+N#s7Y_4-xE7 zkS`BOfzB~WpF`aFd~x~EFAe|qIw+(`NKj+U?_6^lVSz8h9T_rWXYvAx^@Rj87hW&r zG8?7~^$UlTE$|**5Q~3{oYZPy*2(<6_ke0&5)~((b zU7}?bDicC~i+5=QPXmTa4tTDol$j|1WxpXt&!E~3pFE;f8AO8Z*$2PMC>iTX0EW;B z%7fHkndjuQ_AZQEC}TK|d&#Yy%(No}D;F_g2sCrT7C0jNp0jMFoxk_x9b%3meAm7I z0G0&X#3*2^E17@{w0y2q+jmkVyk{W|DAc~8%IxUB-qg77LGu4PqNmS8eDvn6%|Czz zP?r5`Q1aCav1XdThU=^B;kN^O_e7V9Fl$-#q;7D{H;nX*Cw0IwZR@>=#&9U*0MQZf z2riFMkf_gp*U!sgZNp!wJyiT5ClxRrg-txvfJ_1Qc}?>- zRM%uw9VyREY3OSLh<|YsnLXY^npp>A9CC&HqMuXxcRE8bwsyOdj#8-q0whA zBUAwZ)I)~Nh3E_tJ$*#EB3}Ft+^3X4EW{CzbS>SpM?+)^;l8BAQ$g4ovfg*wQ@p4Q<7X%tYn^aczZ|HT@+>o6HZJ~$; z5cIO^*^5v8*L!giuGP14eN0|G)NXQcH_qiK(e+vR0QqU1$Gj*iH|oFL*w+u?3#O^t zZRI4Y-F=mD2kMYUz33GjpC}8$&e@{2HX47I+euEE+J4&5j3m0%UHNjW#oBJEFyZv$ z*PBD2m6YED3PfG{oF4Rlu?tNA^X%xzSzKNSRdCyuj^m6jHw?{H%r7@u9D++(fm1PqEY)mGsFeyRK_rJ`Q`3A!+Sl|gYR zi9$}z>0dZJ?%oI>39}H80nl8iI!RFoTt{Fa?So`7z}uso{mJJ zdm_c)zU7Wp%0M}_K%Htx6KS!6_P-#v^$Et4W@KHG6+PY_SRNKd>NwAeI@VM!pbzVX z(_6O#2gGiEU^A91cEspEJvknPS?E746TC=0J^ew^UBJ}|Om*7pRsZ~=7*+m=oy2uAFQ|3{^9>IaMB$IFY(Bhe7}GU$y7{R3iARoALoM4Mp-(}A4*QMj-2g?he z7BPIX=g&+nTO>qP44wCz4*tn+;An-mChpBtPbw(@Vy#IU92WLt@=9O}aVo;kzyr66 z+>L}uVe;1rM@Hw&LC0wxIhIJ+E8W=pdE%`u;uY(3EH(aXaGn`m%5w&kI((DSSx}l<_I#-a=%RFJkY6xFGSz(o(C~^-g#EW!-0DeHT?#_lMLw4?}(bgJ><{1?M)Z9fCGDGI{$zI^8aM zUO&DZC~Dy@yaDF{v^C*CN->o}rrz3Goez(r)B+`f$_;b&4xCHL zejnMu+`~yDCHeoa0uvy4c(d58q_$=dHqYRYQ0tj}qjH{Cr^gkTRBK=|-8l{`nz&6^ zKy(3AN-|rHD)KoG%7Fiqj}}3HQje?~;qawaO+{mmcys24YocIpwyhfQekxS{VC@tm zVZjrXuy2_vG9pMLeT`x%u6p^AsyK@F>q&JP(K8w(TG&R?ps5mwyI`=b!f?)})i?mcp9&dU#J=trP@D zZdW&JYyS-H1ub~^XWtABGP*=HtgJo11B$+Xcj5!N6N7Cfsw4foMZ@*zTV;;$YSL%Tc5`!`I*b(-K`^28}_VtFFu|wuCm$pll)2}~IzN)+!_yvX& zG5aH_Q_x~Y$HBcl)8d&3VQlWAA|e+_M{WI&R2b>|*H`cHmU~UJ(>hp9(KfV-E~*@g zRr^m^2sNj4`rQ$_lk$neuyT#{$`6A139hqr3dx$0{)J2O!I)T(BEXc~$`#_pZrT7B5Ef*!4E2JnAcbQ61a#!oxPF@IF{bq%!deejG( z=$Z2jgNv3eu$QijDaE^9jD?MCl&c@s0Bm$r(W{HGM)#dZjPh~c;YWqAa$TU0>r~s* zu>6p|Zom{F1c?8Y4x9c--BUIREx_CmVE1d%_n>?uniN06in&!2?$W^Ht<@MmLI&eK zoFKcdBrJ9E{sV>!F#A`!EO+_>qwh_`2EsYZL;m-6u4##aEgUuXFIDd>!wlk3xNH@o zPNI^3qu{yA>anPbcEmH4M#36vF1?cgjvNmBExLY$6Lr5YOz(2N^P+!5*x<%jo{F^t zx7XEp)y;pk^0fUZoUwf2;ti}J5WZx*QxRjibE|)Ekl_t$D0fbTr?HP*PbLPBxDMD? z9;Yw3?De-W7o9cfS=;QVm8Z=?js{K(d?=lII@$0rmudIo=fhhRew;MT6A%{)A1W)P zeHCCoDd_y-shBX$fC+v62pC&io?T)nw_UqRHQl;lT_(0mVk$+U<>=F_W?RMvy5X3e zU9x>f-ch8&gaS($o0EGi1gCXg;m!Ey4S3IX4Ll9^?>ngQt2^2ss4Ki_=<-S`Z&9BU zej{k8e}klR)XHMlGG}|frmx{`Z_udksTU2`K28&E_T{M1a>%MV6|OgsUw&Ecot=h1 zVERjM{SCz)456OAz^>Y?tG^?d@Q$#B<5tQqk!h>T6rWO_ETLyW=SZkB*?bPYC~6`rXlC%YJ?_0$#2@e9^)1%d+>ZIQL!4{v7;sE}77zd55~| ze)sJ?ucKc~eeFQM?xD`~P;Tj|`4)WEwW`Hd*ET?oA}*)7nO#%Dvx%*=frZTyhT!hE zh09+z0GxN-U>67Wt=4(^J5J}tPB*-kxLTWRA5rF`n*NI@g%%0sqlSUK-FEj2*sTtN z)k`P4amr6jwK@O(D2=~=3k4JCFYP`3;nTd#>s%=5S?cv$(vv;m0u5I8Yd7|Gz}6Pw zSMFngFkX{M^-mmO2L#YQx1%YLImQn;Br@F(>osfYUe?6Jwc#(q5)vnu0ux(kS^QP1 z7t};mO8$_~+bo;g^*6&B>lP{mj@JBbwJ#g0D^vi+m{TWhf@oK13J#WA(q4Mq>xX$1 zX&fd;oY2O2j%T`hqO&HdHZ+i|D9BPoA~wpAoL;GNcbmDV#fv-0^t-L0!~3o)ZQ?D% zdWu4|JMX-u(7Z$bcm0e*yC7Jg#zC$RK--8D3V~<1Wy$gxSek$5i&DyY=0P~iRN|ASW)!^ zPA``h`_P(y7V942y@UnAcNJT%{~$Q`W_^3j3`W^YXxLhHe7z=C&vH+sdw24Fl~QKl z4)eaZ{!K@_7VIK6M~|p_PHfErf4~JKI0d7eH%y;lD_@X$I&e_EbUoZFkU602DAy>` zV{>9^)Kq7;90-Zh6udu7ViFsm>|78~y~`?^Qlr3E88KajRpAYbXMA0tJ@vR}9qb}Y zA*khyu8PiU-`W(soXul-w~z~VSvZUlGDxUB&(%=;qu}YNp9mNAE{3rbtVY9Y5wkj^ zIx0qjP+`A*?=Veq1?iXdHYq2vxTiOH+-8!@M+!yKy9Le>!9B{D0KGZoHGYhfac;B@9whTvhl~!RMVfMGI zCrz&f`x5virorxFEmybX>h$kq^vx*;NI-%Pu=Yz|yvGcGl=OsDZM8kp*_YcAU?pL2 zANJ*IF@c`#RG6{?AS)o<@V$Z-uj;P3l&7w-ZIdawt|Befx&J~b)MNQWxr{Yuqo%{b zms*Q#;n2_XAHv`%?g^dkyfU!6E`J5p<_mV9RF)W=M~K;SErpplo zV6xd?P;8wn*&e&!bzxa43fVsC17N|~kHUbejh9L6(ZzuG4?I}i`^wI>+?(S0X_ubW zuq5x6`mdX@^C!&yfv3B`5q>yK@?a%mZCrlQl63TfpgB|P(mgczNTC0!>;A6%*sr9q zhh;f5{=ycv%rD;zcO-*-=qoSNue*e_XZ-@msF#Zl>C3h=~eXH6^j{F>Xu|W@37QM+K$0L zF*gwBb9BCM&pYE7eJnFvA1h@@hfrf|I3p@1Zj&U6^oP`+Gc8M`#dt^zQ;wwB(4!Cw zk5s{XunpxFe)hz+d@1jzbWRfcRK~*;)6*5Grhza`C`p1p{w}mxzJmRfPod|Itq!qL zvI=7?lg+xp-7(zqtUd0L3fHKcjfD(j*T{)v%CR;ZnUc`^y$C#v>xmG<$OyR$=ovJv zy-^wu#e;zsRTEvfQqb-mO6qv7JomTGdvj4dlKCSZW6-MIIV!=`oHw;sLF|!O^4&^T@cHc)Y z@}sT+qP7t)0#FNX@A@wv2G&fh{JMBs-wy-prwzYZP0&oYJQ9wql@;PgtO)=X%=i&% znAhhK27rvW>QrXYd8vB9b)Pob)w*%&!bKjnG3V51c|RvQsi&K<@;oEwh-)kn8?dgC z_~u`s>81vEA|*T>FCwQ|0dZxf<&!1hk&g9ivI#Bl<~ypb>mJKPm}A0#Wx6OJR)f$l z(XPVziVhVHElCQCzlient2uS|q!96DKw?p*=~?@h8ZFgTq!!8iCZ#%I(+;-G;TO;3 z%O(2dQl6rrnG!oF7yxO%m=U&1U$}T3+BGT`&|s__1fw(q8eDGt{|uun#AfTvyZXyX z3=>;~kUi>4h9ZYhhkwilWm6eZVG`kR>Q}bDd;9j;6HU&nUS7RM&cFaBxsTv4WORWW z`}f7km4es%i{9=(e^&k6-Pkuhg zzfjv@y*bSAz)(35%i{|9&1p^a?*ok_3-}eEyxmVj##<-Q$dE(LkO{D_!O8()YARNg z@Q))6RgqbDOz4Byg@q2y3{RVp+a~oEWJZTw0@c6S9DT(ZrDH~cpFE@Zf)m3<`>|-? z3n6(+aO=?Y)v59nuU)8 zso+L@Eij1|dy}cM8dMnDLu{9qSnPP4(P&3|zJyc7z-IF`s1(1oiG^cJepK{3xe1~u z5i^{Igx|2R`*XQ8dar<)RM0IhABo6N3kDh*OQgh7Un9~v_j2TTmSHwNf}11TP8Dwm zX72g4({!PB2-#TlBNg%^5Zuo0<)fyza-dmU2x$XyTH?^2zDQh2JEvKyK^H|gH4yhX zVIKr^PE!YE%%j(JXK_&m2krN;Kq#|Z*wYL#j3t6dI zAO5;7VGAMgr0&*2qFRg3TyCIyteOd}h%z|Alces&!ku_VN$Q2prjNLTfbf{`7f#gr zqEdt4J`UPOZoG{eVbYTmif5g0*#O8kwlzaQ1bYmG7W9~A(k@bsPle8xoq{d~19_J7 zZH8d5C;@gcC!Q~L&yz1yT$Y=lGAqrXQX0MJI(RCsvN+m#o1H7f3I|<_5$80Uv=DP6 zPj}?~oD7KWO*+ymE_~c;7qF-qIsYNOQ;gEKMn|5NSl2yu^!m5`Z!s9UyH{}8S!?Ey zzEGUwlND;omfp}s3C4 z2TISfdXCH)aK1hS6ObdV$ffyvwelwAo8y)UFK-%$Ll&`S=0pu)7Dv_adpFxr!eqi# zr?gs>RiB_pgO*;gUA&kiml5&Wr-~QiD>A;jcuy!>tQBVe}rV`er z=UzMRV0`|XONSFgy_Nk@P)e#8U3T%0xD+#sMnsYl&l$3rtBP$Zsr>zY)2tbYoLnBs z{Ouz$ZIR2!Ead-Be z5a1}pUTM9>%{JWVIK+F~s0af71|4SrWIn0dtE*!1h<7jlfr~KJi0QokD>@CIf@k;} zh&dgQ1ij$krJnn`-h_kb=CZt$NNvq>;p$~i&P=c@s<6(q<9ScnE`kO(hQ6>REV73n zSDuPGsYJ;Lpgubk7kC8a@Bn?xk>JY{BV0A%H0b!E`1wS_C>T^eE~+dYljI8Xc((c> z=rw6k-#~*}&rskS*vbI&J0>n=*#}UFUrFg7pvh()ji7PR$lm*F`8(p3oDwNO_=GAw z$fBCVe(4I!8i`T;I2HDwSz8V}b`RRaEs>6KyCtO6`*chigo)$Fg?C4Izx?T#^Wy|9 z2lb8ZMok2*w;1^D-pPR;OwoaUoILC#+Nh&UbtbI_Bj_TPxRO!Yl6&mQ=IWTARh&5V z&0~fd$4l8&FcF%Z+#=saa|~MRON#^(cO1)x2MFiKu3X2wYP#0KyP%#fbjM#^rdtUO zurr{%imCIb0FLtjZ6aC4CO@n|j_L{W&V_x*v0Kpf7`8B}@et?Ff?%*LAfC%aY4Ht& z+rUq>`E|UCv`lW)RKC6-5iHwEjXd#k{`JBL?xs5vpR_7GV3TRW{^hU8P%N?6&5bA@ z_J7(dNZrm;Ej`9**5DG&nWSAY71t$DzZ9)SPIYXLSNRJl2`TxTuvuV~E)Q1L;Wsd=Ln|M#+cbt%%Mp={AV+K~6Vy1|$h`9F zq01e&pI8W-oi7I@dApj*BKp z_`IKS*IEU_x0mpt$aQcYk+X6yg)t2C>)%DS!~eqND0L}!NE}~zzn$7Yml|lp9aC-6 zm16CclhmZwLWZ|6n)<1w2d7M@CW0$gOc8&@^|kvf?FfOUbS>rUO#|4)0@^z6T#>UL z;SM(B@+k2-QS8QE#o>R|}cTf()kJ$&m z-BI3&VU1k)AIJ;90E0h4JE~oz#gX8*UuFDJQA10Jy~YCPfEpR^hYAvTygO}z574(0 zDguAAX%rMWs+tPDFD9e>NIjy(mG_Z6Q^M2cR2=f?`K&ae=JANcS-8*40rDfMSiq4$ z2*4((RuMx>@ff(X`SGb|xk;_&O^gvY2H2(r6~Uv@in+v3(T`aipBh`RzBr?qAW|LJ zM5!d^)FXiU_XUvi7{^0;rCtb*G)3c4@;hkX5LI(2x$E62fke^X`T|`C4*g`}NbBF| zojud3Re!Pfk@ZpN^cV2UgWTo>wfEW0{n5d4TkyKY;o8z_s3L%hUM;GPHfIyrIh6OS z6h4^ji$PB8?UG=MJM`X}d(I%zR)6>V-5=i=kRz1>dEQTTwr?jtfFOZ*&TauVP0p|PIQb>F@3->jBlw^0<83>-kF(S5+C>1OA`EKM1PL@efY6vb3Kab38 zyLlal%?J^}#s-_|%WRv@Z1#M!M=x>wesfBJrksJ%fY$3;o>cF5s)9#_EC%M8%H#O- zp&M4|C}zf#0Jg(lISpF7S#8+u(lZfZF}*&(8J1}{Aq1CuD={iE9RRkLq!Cx;jNGG+nQHiDOU&M*g#a<*i(1rXI#tp}jrJ zq}gPc$0XN1@Eq-uh%98A5K-0u&=v!S58#Q3YNcNJL;0uN*1>%h?G>B0kbO)LvIngb z8=daLh7Lt+@!pUvMzwtF+GGBrifsKr^y99pHoI4vtXy;WrxtNSAt(NBAZo$_CzNXK zSrJu{X=}(Kn6(PMZcD24UfsEU*Qe8=sT?>`_CNBOHBv}KWi_kH}n)|qstCBP^$^0g@7UHrQe@bAFR4`6}&Va z&FS~|yM73|C-L=GA6hCgwI;2RN>4EOZEn?2s6)rj~; zzRuHqtnJtu!p%rZ3a0|d77e7=_>PR4Ke;pLx6F@rQ|8e_-=YWkDKnG7noLR(6sjc0 zO5cDlg};6MHCbieH3hdL2a(cL2rsvQjKg1{6DI-jFgX;5H1bzvnLyQB5`yRfHWH~+ zAWrT_&q9IU<1`0<&6MaZ|IHlt-jcQ`0=;1!H=}!5Bl@?|OlA>@rqOhsfV*UyXNHYT zYfq=kC-3{J4-PMR|3+s4#vtlB+>S#=dy-SWo&BMC!H8P}WGG9dT1@$~=ti{TRVxF8 ze$PCijpU{@H>_+!VJ0yOpN%-Kj*WWHnEgfSyO~rMW2I1T8QG@6Z0few7K4xQPR^P`n}h7wHeXRjYNgoSC21Wfd>wBM3cE4(tN0| z9eb0k1qJQLG&i6Vfh6lD4qis(kPZ8|+-8#{LEO>{61M_39ZV9wH&+`P{43lMY*@cX z@4wtE&;Q_G2q+ddorz|(>?G^boY&yDidM zT;w&|=;$-_ID4SV$R{+uXdJ~$)}!nxl0cL!j+Fj1dF2)UsxQ5&dXvv{vU!l(%pDrG zmOCC_KdMG3P46_diJ)k(OSKnkx3r065osBsOemH$C;1_eGKzxOrP_2^l-50QG{%{& z3F!H*ic>rIBO#TjD%=7=%ejLWU>20NgaPLpE{Y) z-|E0Yn>~6KZRVHc`qUWyA&+3eGIc$A4_Ep1sE79ZJo20Tm;k$0Z)Es(INH?iws;`E zNCB^Zml8G}+Z)`5u0MingD*{9%~#w-l!+eItF-h9$Du>nR<^jMePO6}FyanBGeO#J zBIN*Aln#Ve{fpZ|6>V-NQ{CO7IOkwy;6MnRAH}-JW>F)1YQ{cflKvo_Q#mqC#E7nq zY-)h?y?}l889N`Sp>-woIO2W)?X=56_<$bz6-}}Rne@e@9V?xM&du?!+!@t?ix{Ng ztjIbhyO|S{V8CwO3dH5>&a+7B*$~@LD5dkKr%5$$n~9e0*OjzL<(ur0wxGU}N_)ny zUt~oFcoz$>&oBC9>L+XL{9>3NljXS?jR1W+rI#Z~WQ$t^8iJek-kFxJ9NdCo1pGd) zs0I6-U(u272E8h3K_mK%Vz`eXmEwhpYjkgmL%euO3TdjsQuhwqpYs0LB4-4&vOi9n ze$_cd8$piq6H(@*Y-rt%G=6?ly66JGc_F>JynRL&_*`b;TDbfS7RLl>XJ(ZElm{9PZ z0TYzg!aQuz?5H_NKUrBZwaFBu%jvMp`;Kvk5ZwwNt$gg0E#-6|B%DL_wy!ED9>@(> zl8{~zaWmht1T7F~w;*MTg_phH;}$}pp2GU39D;oh`2_R8fAT!lvzB_r^miH#iZbPg z25Ncc2gpM}_UJ)YGIMjiXG3V5j;YS3KRwWT(-OO!SHThUNfD1}+1wxj*fQjh@1LCQ zY6bwRBZcM;)_DrIyUh-oV;vk2b!JofaArcT&nlhlSY9kOxVF_5jjT&S{kfawJCW!1 z{Cn`9zu-}p-zs4m{U9eA@!p|y1$)yVD0r$T zp)kf>2s@$;vl-2*D!K^M7sdqRqt7a5wpG_n9tIq_U#=2fj)rv=R}Mk^y}2iCiOU{w z4j=LvKWw%mqY6Jnq4m#?G~P_}_?IRTt6;5=kkj%H?>3diY=(Y3IT$1A*lI>570XCm zjkFjvcWAX>m9SE-0RQR^&@=pE_a)mDiq>ds7R4O%>L)ewZ*XFW+tzx90HLw*@5FHd zyiYNZh;R&k?tTP!&WABpJSr#%wEcE4@OO*!O!z=m;Smyjn|MALH$nQYZS7<+b>BGRRe&{u?jy9nyR(rFl7mMg>i>;OnU z#_tq1R=@dms_!C!NY1mqwj-vIiQ9kMfCV_RLqv(Y0Fy4pVro>O*)l5}CjezWc69C# z?Jjfv#wYrRw#t>t@0RPA%8B}iy|$&VELw}jvhsy;5YspU&mQ)zjL?f`C&8av^51Uc|ksTF*;G>nblykl3VGBWp_uGPdjn}U}^NuTIBhVoXu3k zo|KkLF|n-`8hT9Y8_>35uL5$5OiXBf9a(hym^-av_rN)S{u+-@@>9d%&%Kn^?jzE~ z8`G+DmMPJZgW^EoYDYGm!9f3?5=br8igzXUGF+ci_8sbMeoEz8VQOpcqS%w$TLy{h z(P#Hy9s=yEi_awD_-I_!*ava8z8Zv)he3ibr>;v}8!{SaccmPk>)LYZvgC-+ZEAI( zy!~7x6>wp~rgul1!={I$!}q7OFDxWIUG`hd1iFRIRI`+$$Jn)Z2Lkz}0P=e(Gqp3HprOdr-SNgu@fngI z`NQI}&SQOJ$4ACVt-=F31aOtpBHG6%qWvzP2-$pQ(k1+U%REG$R8Swl)?^NB>y&*P zlr~_5R)g7XSz6V-96Hz0i&V>fkVmb$B`pZ%58zKKf%1!%-`hGw#OfDF@1qx$#wDWN zmhmMgaZuarc+DgvL$99-gZ?)MSu}}}D%I!Ffh2fTI2Hb?kEcm-5kqcxoF(cY5)Qs& zm|(uPfCJgpsVi05qw;*JGQ+*ErLnaaua6MD)1L8XTi-SIq*$hc1rsU+d?L;F@gENf z7jHC5`#1Mge0j$2b~MsJHMJAUT!;mJlr-eP7s{pN^Z)oL^1yXnhP;t2y{%}}IW9O55$7{;j?3I%tKSW!xC zz-S$+>euGg-x=eB78^D`&ZN^ofW!P`urNI-55cEbck(}$4svl1GhqeZyvlTxk31|&J*oUk=IH> z&qJ4}q)gYbZ0iO&h;#?O-0XW&izN+t3r{u%=b)BEeeg~md#DFupa&fqJ|p2;*q3+zzrYNFk{V3(X3`KI-`;ov&EuPY1af@^jNhk#Jq*D9Rq zS!auuvuQDc{2e*1Vy?_&@6=w;I68;)AL%QV*Z;NidrdJ~n|3t)@+m3Q$fD}KoWFNm z*g(28f8Kdawa68}jR1;goFM@kmd+8lync3{Y6%D-1{xiYrRkCJ-cSWR4P;#tAvE@W zbpGvKKdOo)RU>+8oc=SNx)9Mz1pc;&iiA66`m$u5UbEEILfq9%FRNtBcGbemsJl2I zNe-X}mCWNUo4%X=L(-3tA`YU6M>E}7qs5x6BwWdYhR?Mn0hCGrdz z@pZS0XrP5LUVN7tI)P^8Mv&^V@WWbsWT)hqHFFKH@j5sVnb!;-M_%`?7Fxr{Z}>bs z?~H;L43@5teEdPwi4p`1_eijp)zvc?hLowJmrDXNGbd6`EcBl~JQ#C`4_N${IzfTf z@%%?Dg3}PbT$vS;K=!`d3+ccQV{~HROQQ+w>4op2$*CP!HC!0CKVxpo3 zr#aPnrVb((d|!?blD-3U#y6O99E9D&f?t74c5jUL@7*G2C0uWCSK96U?ObCA0bNYj`Ky6y*N$L` zfkmSy*g(PXO`k7vjoIpN3iuZqxvZy9nO#W>y(4g**Yt`(+lNCbH4_uC_yx!ATAW}g zndq8EQuxs&$t`4Wooabdcc5o3Rf=kZCJ0LhGbca`%?@3{Kddq7(VXxC-sq3VT`0pX z^+Pi9wkoY&hUHD6@hhoFhRR2bMU&lUx@vwQrsXcusyz@fwWaIiXHa}Hjzmj5;)K5e zA`omiiB6R^qqtqEO+_k>ibitz0C49wQaG0WJeW&JTbZ;O3n>EsTIvHlczGhxoPAh; zH05mU{jXr~E}p>Cb;NJnOJy^CmxxSW=!^rACywbs?O@95U!g#~_6c-kWg6LZ`1^$f zAH_TtX$*Np%sHm+@x8avNkebN<;(5X68z*Lg2D5X0NTH=HU#iMzP})k0P8vK!>)}Z zY`snUUM}mIu0n+5sKCgDq-Dj#?Vh`wuLH29mCPj0q=hM(9^a9FT76W6ZPIMl=>KeD zRD$YEp_D7Wi$ZePUvx!}=20v}1cW^mK0K50H@<>fRcam&2CuC%;MDt%1x?8@^`r&b ziI;ei0QQ^bJs+bPEB)b@VB>L0oF%hCo|N^>)@MHi;?BRjj_Ppel(WCjNO(3Ai9!yQ{$e`!Ntr_a773PMh*c6d;I|e+} zFE22ybT2x;kpdhk3Q&h30TQT(~mOd8d-DN4XBUe^0Nhf z+gl~-H?jRe4?5(i8y=urNo|#Ae*VUf7vv$$L%~&3L@=+%I{P*FG5Ql4oQ@Q_**7*@ zub&<_5`su>TNex|?9#qi<|w~9Kge4k0@v}lnQVM5a)Bw<10vDDkH zW1>-sZZ+Mho0!Y_x_k9##lFauy7=V_eB^}yw)BXo0tdNJFP#kG(^BWxn$Ba6~Qg!-PON?8=0r$!4 z{m|G}wpgbPuI3Gnv+N zNm|D2n`hK6=N$=Za#_(x-D(%>8)Db&+nHM7akp2=IK3cIA}sJLXWkmd!%WNz6HmD{ zqKW$=LcI+SH{x%E&OK@bh4@93rv`MZNx$}7O)=cTGY<8pvl`=OXfaANCc@QWV^(uy zfaSlFQtwgTT#!(IA31J)hQj-v@1rT_*tF4a4b+2dIb-y+056y5vKMhvc~yMDr>t^> zg-q$D$r0T1ip00I%(iw!`18J1aaeZ0+If-B$TgvZym|xYbQ~8$7C(((U+XdGyNRV& zz8DjFvSENQJNn(FjICcu+YFL#7%YpWD4%>|{DK#AA?XQx_$6c3Sodema$)|9Oq2-- zXbAmSbl0-y;@}F{crK`f(^co1g0KRJZd3_USUF=aG1`vh^wLXWE z>!GW~R2BZ~7iY*zE~1^F<%$s|^fpm*w+$-H^=V0qLp z$wGPQEyWg74^l7dgJ;DGJ<>Z@#KgtKNbJx{JLLmN%eqorO%FsdP61zh5mhBTY)De% z>WHtc+2vXK-HaEo_ssk|;pQM6S4I;12AEHlJ>6&!(iUUN8&eWIB6=s9?(-w!+rAc{ z;QRUE9_ZHeA_F7uYp_pA3HDiDK!(E(q7A?Gi&S@YPgmXD#R}0_7Fb8c3t<=i8;%eufl_TqZ^7}F+sjm?nIQ;P7 z5`c$1bt1p=_kEA~;r%!)(Dv1NY)F-M z^4nftJ%v~tIk1zuCL}?oXba(%%-B(a9h52HJewDe1>Wf24RdmzFsLL!6fuodES7)! zzXqG`xQ2Kz%g&CNtBM^jr6ASdA3Rhp3P$GIuELNx_!+=N^-&ZmeI|M%Liq?{(HYF z#&A$ZxIC2Dmx%tD=I&--Tjh>d98wr*oq}BW&0eS6+9dC#k`e#!sYu?a^{#T^&wgEJ zcICZ(8NV4@qj7h(pqQ8%&=_)kv}~ZZGb%QoqB+u})M)E5eEb64gOO@o@8KEs4&4e! zcXrNI;z?ww$bbZ3+j5Av_EyouLICP$GFXQ=W@?lNdE$R6`2B|=P}?o{b*dE}x|sq} zuWTXj{K(bPp)D?Tdau3hn2Ksk5e5WGu1uS9ZvSJ4A<9wAAhI6d2fPa zei+}orZ?LfB_oJTNm>?67krUrfCPP+Q*@EnLzRLV;q%EjSc+hv4olUfiWciWLh^aVze{i(7Fh zP@uTGdx7Gv@6zA@eczk8!z43dCOP+ylp4C z5VzSMPW)x_`elvcck-KA2-{+(8L4n6qz%T4x*7pNF?nUg5%3(dHQ-1$pp8;6(&p={ zF0U7>nGkleV}^i72{!@10kfg73Ie|p?S|K@I03ICOIHI}H%24jTh%P3pX*83@|C{A zb{Y!b@@?%-H&{Al4o_Z_d-u%vtV=PAvvYRK<0~_Qns_36T_W-NIl{bp9i_tAlHlRN z1?a5<3^ACzZ`eIdxHP{jEF8}?E8hCXQ#k}Ba+ASPtX+UhhEyJQCi zB@ndzwy+KV%B`o>0A)B=0@m#%(oKAjL(eB^Ak$9mOGne`fIW;>uxW!l75TlCK*B=? zstGEjH9fi&4|r|R_aJaLhm9h&!O)QZ%6=IO@i&UGzdmXV(s-u08;W1|@jE&%4lxCR zlLO?ks?nuc!gh+WKPLA0#xXV!5==8nMIa%3QZN2ptWxc}J&04B-Cwq@$T5ED)sjuq z*HZY>VwPJ9uh6IY;H+NaY;KS;)#1rTN(Q}8^2oow@GD9`{9UJAovKMXd zu<_IH%I8IZ8Ro{}K}CD-;q`Ib9n)o{XS7sC=Fpc43=ldNz64DFwHvA^_l*Z+6&L*H zGBdcn6VaE%Hfgjk)Gp?xMguE}_Z_H`34TvCXF3~DWVsMyO&WM1KjmymoaR(0Lvjgc ztp8febNW`nm~Ul7{nP)^zkQvy0 z?p}^`5Mmh_yh-ZQkUXm(2^vDK@N$XdwDuiy5e|c<)(A#GogUaP9|=3KAyu-);MuqD zrbZtKeWgVZN*`R>s3(UN#3#x%qlS_&pNv@DoMh3r<{a-r-zr>d|03%?7S9?F>URpc z#W;|x$6W=5lO1+F3XVZpUpRsGD3l*lf&|Q4Mv7fc_T~BeCF1vJRa>Y1+kcST!da0; zg>$G<`%j<F8k%3pyqkNR}xw+9;YGLeVlv9(B5 zl_cFP+~0OX0jo~e*i1=8$!H3UP~#22{aN{&r2s3AC*iIO%6IkR0kmf30+C* zBrSb>)i(GMX+V`yqb*$>j%R&tj+@13)+yJHFa~H7VM%WYe2aJHJmbZ;{}}A^Zq)kd zcuhP+wx;TqdJZ*v^+|_;f%3d4C@7vb&?%S|(H(3O(`2**Ht8<28X!$s4~8*1O)f6= z_lulhsT`8CAph?wCb8(O0o$ zmphDWyF!Qa!9)G(EuSAF8ha-MwaR^w?;`D<*Zm#gE{$^hxy|N{lG)8skKyFtUBnkJ ztakbSc?^~{S-tYcQi3A;mSi+uH?COpw`$qcn(EU*K@J;io>i7q;ojzkyOw8S+tF_6 zF4|?T+`;yk<=-f$9`oKGES4Cmq-sng;MT6PPcP12;QZQ4+uPYY!{%q9bG^YHn~rvQ zWJ9LYl?^yH(Dn|85|#f>K_T0FXDsv|Pkf zS=@;}{&~6DgL@>ekGi3n2{+Gh@{hT>{`L9+@@b3o&Z>~PfnzJ-xFNhqz=Vjvq`%pF zd&ib>?3(FOKIPyd-%>bBp!Ki~Y4BQeQkPSCG_{U{XVj~egJsmK%#t*(^LyuoWDTw4 zuyo_*(cvzbb3SQTBQm0a=?2HCnm9ZV>zZX2&Xn)J{_A96%q_!-V4$&Pp=QSf^>f|f zeC3c+U}Q#4UCX$+>)P1`8@~;iY4a`Wu7lOQ`-bR>eZ4!3w5-^@NcAwZTIcg5?DCD& zdl#Z1uf|)!o8qya1dBryih(HTu#l;@WJZ6#>ZcD=Uq>x2(wE;o;JtT7CopiG0?FuH zhoqKZM~iP!P=9Q)!zGcY__Vg7e7C)+9TYvYy4*%0%Chml>Mh`grF_)j_3|{1l$Smk zhh$11<-5izO};xy2+T4N*J=(TH;`ylT#>&t{zmvaRXT7;H|thC`Y3rz&95N-_Z5fH zC3l5EA1KNjB;2P4oWOlDg>wt);U{7XC;X>`ZW~um=N-;f_38^C6^d~Be$TQOv&^Hu z(O?3SH7ksflxG= z^b=x6wCmSY8U<97PMPOM><~E__mt$#WOXUGydYIO1+JtIW~^T=ehSL8GaxKrp9~m= zYEl~o^sm*NW0awOi`1c@z*u*xjPhf_!@prL)$xKccb7#MSSHp<)U3aesKwt@!asi( zz%d%daqkE`x;OE>l@eh#;rioEKoSKWNN4ld z``H6`$2sH&#X?x4HuvjQQ4l@Gh^ z?;A;-GK9|kl9rhwt0PFE09x5g!}P}<=nhofXETDy08%WWk@D;$en8`^qRe7z#q8DjT-|TTpT>z$YVlH5 z+-`NjZl}#FOY$@Jp57>JLWAgRR=ogY#4)g+A(T1E%vAkRcjsLz< z843)geeX|KE)_V|guk4X45;H{H1O{Gh@&IhfOr}YGe;M)3ARTY`pb45{;&ed{h9W% zh-h>4fK$R;=NJiGuY(|H7|eu^KP***DD0>2-?K_Ka@uN;1;u2{)AnFTaHl&sktq_{ zjg{Bc#;tE;X0S_U6+*tEff7};{Q41_a)Q^M^vNMSj;t&>a&(;{i%XNqz@(Lu`E5-C zFa$C>(ZE<>Db&S~dg1$H$ly`P{-jpdU_*V#%Mb>22eP(j+F1NOCiQIwf9@c6k3tpO zW$pY$k>JnBz4>Ng=NaK=m#=3A(Pk(H1*6Pu&e-M}tEuPmnMS1a<}@(I@vugApIiT7 z3NSpT>bnP3?AZp)9L(DoRyQYIIxYMdEnW8?=2sWlSIL64!vx8U)Ve{fUPe0bMrCG_gv-)b?wv4yO6IBo}YjG*WIS*H<`Y1@3 zTq??R6NYns3Nn>@PldsO;Ldli0{#%Y!-7}43u9_|kWo8P0pSz%OQBSmD|Kup?KR;& z8icRxxuN-K4|$H}=>d6AF}P-zoT=qq11l+V7YtgrJ;TOoXYwu3^?q(fgoEj(i)A$` zSgHf&zQe#06}Crd3y0pC+4@4sC?l_vAnQ?*ylm#QmIBE2G#K&)gFv;S3Lf@kOrSvc zq_q`zlL-yippU+GN%^O!8}VWdpSd-g0WA5 zcHh5e%tc_0?3mQU9GX$c<5gu~-_Z-XwpAcMcYeniPD^~N!%03@PV?mHK-5BaWET6B zTJ9|H;&u~d6=`K*7t;2p)%@zCcJ;Yr=Y=-6Vzts(aWK<1lHE9ER#ha%fpFt=6o>xNUjoh~nMy>JYD3sCgH@@OWk@9kf_C+0xDrN7G ztS2sC9Gt%G05^(EOzmw|*t9rYr#>yg9Dse9(_`~NIODN!E|AXf>k@|wV`YtXB*Ff~ zsQZlIBesCQG00)i-sX!xkV|OSXJX&u`;JONErbj4ku#Oy0 zGp7ucgc)8yY#G^)pAEz?X#<9{G>j3gw48T`0tiy%O2}79d(PI-z!emOzCApT!h3Iv%?V^nTh1HZSaTpOJ20>~r8yR)IL4Ok8d*w_R zpdeD6(VKd)MO`89V`ZaMF7c47+OUQ?E76;_ssNr2EG^W&@rRr+fYyptJ8{R)oUV-iE{zb{ss7`;@&XL zTk~h0mh%1UAZ1aDJtLG?@WXvb&(8z~3?PXZrzLm&5PY&5dh-TrpfFX2??G) z=t!t_&F&qBiKt}BTSd?}Fe?i!3s<+!*0$f@ldKdVzz~M18#9G@JHpleg$}rj_7u!E zC3^kj?qgiQT{go9NY}!W&kPz!?hko;r4Kp=rAQm9fbmSpE#XW9_ZADfv|ArUfW^GM z%^<8CvV4)#UOJ*aT0V-e-gr(?!dcp=(j4Ak_bOF>0@n|&vAAk7s14Dd5Cy%1bmgE3$L#Fp(-KvlsxNPHPI6?eHwp02VoJM z_d#1#1J7QX@&y2W4g8LLL65=#+-lr9+oB+A8ZH*ihO?N`{37v(Zm3L+mYyg z3h`MPhOgqSL$@xU$})beU|jVD+4zWF5qA(r+UX#kEFEf@n>mcdNN!wGbk&6&W%nkg zGYF(ecWL2u{u;UL`vxABe@bETc_PC^*63bT)?GV{^)XDNFB#j&!Eu#^|a zrgl*0^ZEd_4vB#83?8(Z%*ph$I|Etj?{rf2*of6@p9^z`g+wpRUfgz5H~q65(E(U~ zm#v`Pr5JFI*zkt-16yf%{9Q#IOHfON4F}8|7)5*9REEsHg{2dRIWsBUgcU$-gSg0k zG~#}EN9yT?wdz%Im<}1%uElm~!88&95RX&wJM(MYlt!kl7j|RRK%k}HLvoLX6@!hv zw|=3`tg(D;lHLd1%5-ul`=j?9cb*1l%C>_L+^3y9P=cr|{iRwM@J$ZnX|zydKNVe4 zLQi5MhVbuyQ3>U%1N(joa1>Q`h^qgn^~@5Y8i{|l{W2x?G%j*I7*yug`Uv*hA7n!o z1)^vPG^JL(iaC?4s3w7-Mmhq9nqJ2>v4g7NN&QBo6_qs!y*wJu1Jb&qH}HQX=y3Ze z*MXeyrNdt}6Yv!X#09O^Tv~$W8!&QBTygwtJGS<&=*}4T<=v9?Dq2Y#A{oLg_8U>9 zT9H1;6I9EO6O;Y5N4=*|+?r5)$`^|;?H3d5PezoHfl|00{a0`w1hCt(i!~qk!>5wM z?INNUauvRVYYsRx1x=NXp_(0Z7N`gjRX=ZB6>v@OJI}8KZIV6-zX8#=Ce_%z<%5}s zV}!UPl+1W5KxC5tJn@M$*Fg)WDYD*f9s|w~JKrik@|2wNVv+YJ9<5wP{WRnV5J1}o z+L&Yw-E$!O7-9z@n^v9kVmu>%$@)6TNTf=1WO%h=zIc>qt z>9RaCFv(DV8AA)4Ee!~<)vxHT{gLA5v!pZ{(cz7!a*6Lx*AIt!iaBqH-sc|y{%BtX zh-IC#&R-82ZFwFJazO17`NnmtlG1o9i!b1BaW@R@^(J8;PYcRw4VFR95oZ-)xpxAZ zs)P^*UzxnSI(Y}S3AR=00t_m!;P%997aWpFrP|h)R)?ZUyQl?fL@&jAWN>Zt!=OZQ z*Q6ngU=nFcOVR@I>q9Oy%PbGJ+-tUzH$inxz8N-2_(>~R5^H9zsY$&NzL>p7L;Lg!Sp5v0KaSC~K*XH+C?kMmT9&(YNq9A~iSQ{z+bILb z(Lo&RsC3xCz5cA5(fkYtRP$DP%fBvU<}v9o9b<;;%5n$wXDq)AlnbOjidYhpqKf-?_kqdn^!2R0u-dw?cNi*$49KrKbRN6Dq}P%0fv%Y9hU18&4(d;^$nu9zQndm=Hm1mjos&@~6E+{0`0(eHN7*Yym}Y+?_1(U29u`wC5OxA9xXwx8 zdX!p6&ec0;64ZPFg2)(Hg^Uq`G%OL)qJF{XIfIj)cUr@Ns_?@Xt;+J8H((?^=Xm6r z4P5)&-CiWVr#^YMAjb8?%!Kp+IiS!$Y{yRAc2qp2xG) zihZGh?Gsw4c81$^Xk)ChjbJem{|nI*l`|o{b8=qwWE~SMrj~?icXWIUXO0nh!+Bh- z@ng6doUqRKxBN&GPsc~Dv&0=eZ&&atk{VC3|`3KgY@EK@9I)JJBYR5w9TFSr< zJESFJd6rvWhbI8G?~Zrd!a-#-_r4=7WU4yt^;Z1cPYY|Tkl^;#G!f?vZJocd3Hsa5 z=tnqxMV%0Iyk3o0Jb99VKED*Z^!yLoQ2J)Xz=x=|G)aPxXU z(~o~cOi|3kmV7ybPDxi5wj898q+4T3N zbNm80wrm9K<=>VP?ayt5KhIvK5q%}P3lu38Hf+SG9_Pgpv0j3(tG&*C$f z>e2^504pR8Zm!$Irj%wDq%lwN6gNaTGhHpGitec>`2DxG8tp$Kx8DwR3UpV@lTk|A-LlCK@DaYi@g8H6g(l4*M#QR0Z7s#9) ze4p2g-S5Hy1JzAzJ|yKv6LwcVtq`a4iOjzfBksZ}Hv#huFnYkj6f_t)ORisNxjo+B zlre?v*E+#(Y9R|*d2S&~UxW45^R9r5QoSN0s%?M7e;2Iw=CDV@HI))mIqb5lxg(hm^J!S6Pc*B=U1U;Zy##sh$5VY$mp+lfzwf%GK# zIE)~Fr0zjyN?Lb+43uFev-fHY#3z%bHSuhVMgJKu3#!DZShA`Hgm?p!-+FVhfLa9; zZ(+UT<#II854!jGCjRM5KAB+y%9%k#MQc8ZP~)ZF`@M@alpE~plV`8{XlyG<4na*` zCLD9wEl+vlC`-yB`ST|U3t+sK((TT=9ltwWuG#3g8eUO!o>Hx3!T};_s_sDg2SD9Z z@$eVpgIu3+iG1VxZWEG-<{9fyS#8Vzg>ie_5l(=hgaZaEs%&n$CZfg**bI?qMsOf+ zZW}pDms>O(W8|~y0GF3`wSAUNc5>f1VVvck+LS>uZp)eX6;^MiJ_=fmaL3X3PWrPd z%w6M!6I=iTxTQQfNO4k-(;ZI!K(GgCxnt@Bs7njA73Ul33P-74J3FjE=LP-27>*tfg7Mp z$s6MsIQ>=H2o+ejU~nr~JB%+LPiNx0N<9m|*dw-%!w=!+a5@(Lv|z)({R?9Rx28Wz z34JJiykE75OpGk5ZU5<=f2Z3Q!qpJ<%bpz33oxThVM#YV#f|?is0e79=u-zA|+H4+M+@|x<~A^#FZ;uw**i#bw=qRtR?9>U?mg8&FDiznAS$Xb*Y z;xK>jPzysAIrvc6^WDw7)) z>XjK&%M`^u&fy-TR`TF#o0Zj`aQEw1@zvMiv!;W@0Gr~i5U$Z6JgJkmd0sbt(yere zO&cvH)b`>A3xz5}xv1fX4d_*#{oz#~A``b~(VS+a8Z+`0CG@mF$2mx({1cUp!^GHk z@noG+%#k#f>TbV_Cvyj7*6fr+_&SRLJs%*R4!=Gj*Be$Jl%BkjJm8u+HKvw-XLy3r@IF~Z=wo-pJlbEsU+C8p=bd7n z5sfP11uv#*vNNC1$(u<~9OMG&m5vi5!E>f>Y}@;|?4u+}l&;g($y5Dyv!Dk0QQLH^ zwaEM}tgYq-UJ@t8q1{)hAsnv5c9VGaV%guB>qmITngJJb8c+o-N$$4zH0xM&(Iy5K>&rU`9#W&}CCvQ}G zgvShvbT)5WKh{iG>?h33f)&4w`O5R`uqQXQTj z*NzXERU?09Klop-(xFsntm$Gn*HJn!cQHOESJ#8&pkjr@z|WQD<+`(4K^`C2&9Mi` zeW{RFvP*2~&d~yr1dK8zdbV$+*mvGgx}dVJtNSwt@JBV@;C=dSysjz!=TokQSMPNV zr8e7_<72KdjQbp7p8l{Ry-|%PP^wUXZh1Qpl{MTf1`z;~8w1EybVR)@fG?I3WkBN- zRhaQUCWMWK;RNtx#V`pJ6(1S3BCIr6FmnBki^gafn=j&o z;qDS8{SWnx(l4EeQ@ORH6AaJ_tqtufn47mu%}C>)7%>u2J&P$ARy#dAr*}896N{TYw5c z?^}LtAe)#KEiwuRZbtNLguyx`byu}y8H*~K_6NVxeT$YYZV_Ry!(~0rtXxWo2rwf= z8;e!9!Dw{axHslS#Ae^1R?S%sTdL(NGQv; zhstHCz0RH!$BANFiF*BL&_n#Ac|JI){F^88#0JS+#FCf;9NEB^Sc!*)xO5f$d@c3# zwi9CLN#%7w6#PrIk;Xt_GlmACwC=6^$CL({@)B&;TZO_G^o{xM$|k!GCEqdIrs@;I;4-j>x@WTuv> z6B7>nnppC0rX>9iLHl2(Ue{dz=)5W?bTqUHpTy%bjp9=0?CDHtEZuzmca%1(wlXv- z%6oS__XQPe80^jcQu;`uVJePvk&@Y>Be3RCYTuk$tk1DMS#uSzdcU-9S$3K|e32Fa z={Q5@fwZU&@pD(^=PzDt`a0O2qnJVI9gT>mCc2!HECDqjooJpcBgs4JN zy~~pB|4p$W3%1c99z%{K`bdSb&lm-H)0o_$r3M_FhrbWSbZkpJPjD*f(Z{ zO2NARKu`7Cq`kpJ8lfLbhPQCUKI!1bsF8Jn5A9QmBFk;+dNL1ef^m~O0(okoH8Yim zeBZ%;EefGRNV*q4brKR$XJ0qbX9hn_KNW0&c9s{l$nrqG5No<0C;NwI~1jF60+7ojW+Q7_{JoT)VesB1h^HVyB*rQ z^g;cwBT8s=)IIw)H>Pcv!?*{^u@S~2fZB+^D|m8Xwlhbzdac4w@<*H4u{Cql&xed< zGZ6o5aFwo&{{O3f{ENLHgI+{%uBKoEh5C(qQ$Fd!KTSU1Mj%MEDE80#BSlV30%_?U z{K^b;ZQQcMK%cr5<{4EV(s;=$(Kk*Eo)%@X`-R60O-T|SXz33z-#6b;M?WVU| zM_y4f_ldv4n~YRVdK2+>vl=mC4vXSoz_jLp;(xqvbCiRqA@3w9JI7>&y z%4G2)^bZFVdyJAf38(SrK5`CEK(kcwtanO$15}@59kERljd&JQ_*#RH?rgNX^h$MX zX)Bo-qE8b2oLZHBqlnF4V<|O^V#w6CJj!tL84jzIvd8Rd6)L^z*8wpQY4+bVl~1r` zI51#eF&i%#@YOAc2xL8S{4l^7m76X`d4a#zX&I&%8)WlUnt`Q^D!J&BT>2CKcOF{_ z2dL$%g9HS=<})zndGv6}GI8sqqBm?wyHiC|A{6nw>K}Co7Pff`0VFx!3PX@BhY}^j zBl3YRnF*>a?dgj2(q!#$C7>R`dAJI4suKD2c~Bg)eF=A3biaXAf(NsKDC2T?l!|;j z8a4oC1Sk?dnBglfIuJ#b!6O**>7QPTg_Epm8eZy-HZ=Ui&X_Vbn*WY*azEvF_j2ah zn(OiRoT{^O@~y)+J$2Z})%A(oH71cf@}AA{csU2F@J`*BEW@Xe3|vQ2Pzkc1smHGs z0RNd5;8a(W&rDiiekw9eox1dcnVghid%{kKvTa?IthC&%z3UOyzE zd2BN@_^wRGC@iIaFknkE+Ve%H0=|#6bGi5^9~vlC6YB{^>zJLs^xfOrcY0v z1rz`$uc>+6_^?5YKFOw>i&VbhfY0ubfU;l@8EfTE(I?+p_|VY%Y&-ZnMccW}%c$HFIM?*+@EsE(olHEz{7xAA%b5^ z+=7E&VKWurrTWX<>cYsJ&`t0Qu=}7_z}|PRv#cB)+e;zajDeMbxBS+Fw|1MK zx7BtZXb)%e_ws}Sq3ip?kLr{n;Pe|)0-N7H99!2ay9F27a;X#7Jw!1@fzw%c5S`Y= zNa&Xx#u*ZA#~g~glLuxz4CH`Wv0$Y;ir+^R4s_W(HH~W>(HjWgzs*&;$0teo*lj4V z-;C$-uvA}a)7kn%s{*sxbbU}9!`K7C)_ukk_kf}Qujf4DMGP&Fn4Q)*r#T^mwcY+?i7T)@NN+WkTh>7p6&q1AKl=y1InR+OA!PZcACl1fieM27hEebRAg1P?3 zG$fCaTu8@EOuqbUi7rwQqfL8~reP;7+DuFha?-fh%U69p1Wd%b+N>Q}XerKEJ!^<4 z65TXFC>|0w)!SjWf4|py5;)aI)6setrv1U%J#MaLy~@_={QY(Fuo<%&F7gh>6?9Aa zdP#!g;-6$>9-kEYzu&owJz~4Zdr*>Tpdbor0lSf%V~yUIY8UK&CY5UXDkSgHGn3&? zLNi?S3xW_Af%ZW{J4B!jQ;LM+!|vVBM_{>{F?d00iKi5^6UZYLF z@G`#*i}9=Ywj+jA%LKZW<>;wVL57<%y4>CC2u^0$a@lv;rJ4-RjwQdky9B`gl|a@N4SNAXp&V*r z=rW1-2EdJrQZbb;BV+}k!B*z=`r3wt;pLJR^hVE=z!_n` zWwCznduOXFe$_GljAI13M{x=T(X3)AAzzi7FfK|k{+af?A$OH+!PBHQD#Mf~uFv_5 z5SW+{&4>`@WE>Zpm;S><$F3-0so5!Y$p*9HMxmEFYF+PTzf6ME`y_GqfkMdWJAm(E zf#wtST-~pK#tz!$H@(#movL~1fKUA%MCcVB&3V~bt##c_6}1aMw8VkeaQb(Pm>)?j z;wKi(vIQ$_;1Rrf9NGuLt=yp~zHAq9lF9s9>nB)Ow0Iez4itySvH@Iw^QpNB>ho+YQ_CJ}46d(Cgc|~!f5?P_$y5_b!BE!v` zVYumwlGFmB`Y7!-hnUi*AtT_!&C9II7nmBNS&xaW2Y74h8HEAQ+0&xKK#Gt6%Yu}d zU!1_}KiCz#wA}Pw``Vuifr1S;cmG;K>A23Nw#*8VF|)0sOyHNDF`!+5ANzON#=?jm zB%WA--!uW%i#EedpRMB3LgoIqpXi&Nexb`78ks=Y?mE+~*3QUVc7|v&0Mh3ZkyMdb z{F-Yk_&R2_TpcX39HqFbA!%0Nt}Utk3ezA!k46Omw(t3zu|HhHeM2xH;;sP48mzHl)RCWaO!_W_P?`jo;1A%oSQ+V0GY z9Sp6QD8>N$6V<@^}$| zt~w(xsPTxxui`*ES)oUOFH85k)5fY3oX`oH<(wI4?xANHh`clYZ{2%~sot-I4a=G{ zr0-(1p9Z@hUDBj4BRpj4=d5Gtp}Q~tMrk-PW(FpHZj3DX*l!3Aa|G{sl)j^JB)$C@ zVOw>yb~C+)hnH_DyP}ut)0&5h_j}rboQjPA5S$GM8iW-}@TpfLHEz3Zp}f0~8FcOgeo_H)vrHDf@A~uBg3$@7{8UMxzDDcw zKf(r)gjJWW*K@pOR#)zOB9QS7+~*P3qw#vbKFy4;@k_Kc8Gp(gow}q?tCDReMEIW0 zZIc=&7$CRHW|J%pvs;=icVy;i{W;|?7xue+doad@}j~Cf!?H;apN$ZoWzPBrK zFIJy?UE$}eBcSlfR`TO^`1waTcNuAQlG{;ktkIi~?k!&`oSn&l;K{)8ByEr)EXM`6 zZt4!k=-t<)kkv3KgM5PL%kiDOV%a<_BZ+{-yfs0eXMzrB9>s)kJ*p1BxvX^Uy6aC} z2vgL_0iZ|TU7>M>*Kz1vubi?Ppgn1rGq|x^pJ+<;M#7C$k5HwBv#@X0ojkQaYvt#9 zDFWd&rLe?#MxqfPr^E!vFXAb9YC zZ5v3c_nq=PwKN0+$3$rDf&Ve+Wuhe!)$qx zokVtjy}CZ|(GyZi?*!V~F_}lo&kqAQ|2J@n#s_R^Mb6`CMVgWt#7~^0p`~v4pt1J;6ajPzVu3a&-bW96OMZkU*lGJ{IVCRG1SZrIyO_`;bBbO0e zv4oDg7}BVBa&H;$z?@R9u>-)rl1cVb+Dy%5K*!-Y&L_1^M$k6Fv&uKSy$z@{M!&&; z){MWQN2c@Ud5z=`M(ZX20S~MrMd+{3`kpDfM8un#lyL8K+p;FT+8Nbfa>q*!UlDZv z(f|)pex>#bc?N2qhQ?tjiHtDSLJfDDWk4tu4%RH71I%{q!~g;X{Vi!&gZWcXWx1nE zhx9l79zZ_~v3OGt4Nu9|p(@uTBJ{_Tg_47+3C_*@*qVwN)ws>s0acR@Lj01!47)BV zQvCSjT8NE6uvg>CL4-8u5q0{K;B`;$byVk&LA(Am(FZO^bQeJ+kENh4A5r{enGpS) z!;Xu+)y`61g)6}`Tfd4XB(Ji5@m_@Gla=Gq4>Y}r1;@AU0Tvh;gx9y)cgtSQp=6GB zGvw_0__)~{DQ9Tg3|}~QswTGW_=XS&$a!*gpWPrT8VirE7uw^rE(UvY-POimv#dRC zV^F1c#kFlVZWP@u{+^dUx_n-bPA&YD2LA5~0p>rmelip9W{wm-Yu-_pB@2`02hT;) zro`fN(pbKU`XkfMj!=55;QxDmR3j~Z-P+|J;u$1au|<*=1FiM-foBV;;AO-9HZVtK~KnPz|>=PJ&tEbeZ~U)v{<;H4b? zWlQ2(OSvIj@a4UTW*xc3d7IzqiLb2tt8(XF!hlK48Fc(Xgh75;^-DU02VffU^lpG* z=PeX$wmU)*ZGD}Am}OxjnzzITb|F4xNGB^=5@2?e2}9#)bdB+d7X|coTYvXr#pAm* zWfui@yDwA3#R>Z3$)f9in1lB4C zmm_9>gSXg_`&gzq;f=BY+jkZ4ues;Kzlo5;rrA;))~Vqh>qc6S$^jmjr1;2>?TMZG?BhRpMUQJP-)<$T{j^(^1C@)q_Y~FC|Xiz5^LP zQr%FF9Rx36)b%#=tWn(}d^4@t6|02(?=~*LBh27nPfVHGjLcBsLED}A<~0=JO${2> zTE~HUiWB!=D|chXnvNtr=tIc*&((a^U0Y7&QVN*h=8Ymk#%8q)49MY_B!(K~=L${E#MSGx{o302##{&ME!MHtj2E>6`jm$N8!;jNi)h$$5N;+im;E=# z*h^!D7R${UcjVcpm9xCv~RH30*npbn7-vp6Q+RRRb`ESVe5*E_RQcxtu^uR)U{%FE?#&DTSdQgKn+oICxM9CY%e1%vJbaXi)6bIkT6SJJeFoI^1}TD2Bey^Tm*BBmDRBvnL! zFthmzjU<$)dVaC+0P5L96$gKRLmp7&fS`ut9NPzEZNMm}DXx^p$)DrTu?b@Z7@&1R%5~3%RH7SKMV{#D#}emtqp#mV%Co#jnfx;;C~OFTM~r z$v9wQCXv*&BCm==sz%qv>n&I$d0!cE-2wCIsSM-bhrh*Jqd#ygTj3yYh(XW7uHV%w z6=QvI$N{<(n8(M6-ffL&VTHuEFI3z<2e$m2?ecmug^$)FuIefuaLy(m0iJc|kd;Yy zb1q8OeMPpm7JI|=w*|^T)}H<6d^Dwxa68jaiT1!l1PRi($ z1q%*}#v-lq!1a$t&$+K1T`hu5VK*!vlQm>(tGq!yEI5Yznd-g6gbmT14Mh?Q(1vr1@W z{kr$-n)nFEcuSTNY|8d~3z8{bPjGo~4k44)8Vd2^1QL0myRhz^5wAMR)9!id$u3o~ zeKRbj0Q+7FEVzTl=qId@&~_tykzt~*zxcbYCjtriop;o12oR>7TFh?T(!qWhuv^OW z1#Z#!K{fX0!^XP{${e6Mnqt!o54nG<5B+iBjlOWp@W-U!#S1WFSrh~7_;rzDntTcE z(Y9r(o_B6(hD&#b>@#6?=r^NDK-H19%8<)#@Pp#mB7?LZ9IL{Z1 z%6YKB{l==^o@Ym8H>nGvlTY0roiHLI(2eC-ax+d+p!LG!`>qN5m=imh6znB$T z4T`Kme_okfj1XhV__niQ@;M0D-djpsaC4nAC}JZj{J?xa#-&s>2tJ(?TqU|vcn7i#d?I_{Xc_k z2w{uQkxi#ByQ;+rP?!XwWs*=t(7pxfyur9ye(B&TrTw$u2x4Ya7nRaTIq)WBKL&0- zUs5zrsTNA(n+#TCUf#=!YC=8L{@NZ{JXfR_2G@9G+q_X=U?~Euj2KBIQuYrug0xzf z3BW*_Gl=Ea+cTLl%KuRtnMA;)d~>Q%jhU< zhyNY2pA}W4iWWu?e720G{{i<)L3#U-tMPcD1x4kLh-4AbHIF$6B>rLr_Sw2flzV72ki47H_X_*mrLbOAf?y7cnxJA_RGX3N+C`kfw~G zJd_t{RbycuiF`nm3Lt5s5c?BWi1{19cBn#igf6)#S-dSRViA*rB8bQIR3c((88v^6 zM(c|RCKXG$gmTW}=leExQ1#?28fLa&3=YKovu*qYyGh2u_ZsvS4GL4i=2);)4!nmM z3h1lZjr`yFZ-5vuqsmo!iu5=P^r(0|dW;CE#vB<@p2KsH-!6(ndn(} zMA?lvU$4M+2tfX~A^@VyD?Ct*$iu1`t#=PL+kpoQq`-FXm;SO&t?~0t=jEp~lYEyn zDFFi|pH!eg^s_@EaR8I|8SeWM)5+kG{Qh7@w;2kc=s2GPv#EjP3MY)N$+ZB#+~hy@ z)1$V+f)$eZ?Dl)zN#wcC%-zV+p=Djgff^C=&JzSNmIi-Qsdfo`Yx!C^7M2T+3|z$B zOQ%Q+HbPkAki=6HLh>==DB++uIyC&w?YG)e@i!f!sP8!XN&cX}`WR|+t|A4WoE(`9 z`ns2RqSucS82kC@SqC`ws=Md&4nA$@zRwqpYTP2g``EqCj_jIke-mYNk|=%WQTc_Q zgv%m60PqduKRT%?$O5BuEWch#v*Dew4?NgAjq4WZAz`^#GEu)r&@rQYpL1673Snq) zD*IP`B}Vk%bT<;Giq&uGF>3bHsCZ2>Bc=;27Wao1`(=vj^p;`ja5YbbbAFi+F)btA3b++K=Zlw#6-IH(3m*Zk-VXI$nrq>OSwa8 zI9IUK+QL-JHumkH1(iR?+c32Gy`SzK3{)$j@MZ>jr$WLWW0f0yv|kf^@z3^_vfbQ9 zIi9k6iyw3u|F=p5v{+r>5qErohOQ$aVc3M!S4-)Usb1?hq8GQ#_X%h3!E^QQikK zafR6BGw-WiXzYZiOME4_KYwR#1J6DP>vHn4UKWduB1t8$dh0ydB?~m#YC{r2s6FNU z=ynfU-~xY^Kd`QRLg|28_t?sbM!UU|*Ep(&xED6u#6dvs#Zd5@IsEv22!hF8kOp$qOxW>m055I0ic*ib#}uJI{a` zPfNI1&A=J;e7fRDo!nRE)gmJMm<)Mf>~{ROc;Mj;ri!l~-lVDzWv*PCQLUElc0K)E zGH++`=IF8VTu}XS`U>nVcr+gSQ(~!SKW&yEMsJmvdE-}kgv(A-fqiP@i&8micJSPk zsE^-U?08^+NFhoFmghlL85z?&K>OiijuZ4xdROJqNVARb$v+#)D&Udt;ZemOCUyA9?Jsys_Gcp5Kjcm} zqtnqWV1KR{55l>tOL}K*?|$Lm4~>PeBQ?J~)2j>4v9~R$U6l?F(wenn!?lVQ0}WIc z73*h;uu%hP@b=?2tY4m-yh0IMWc{`BLCMxtu)2@Fm0LiF_(|Xa+H-1t#Ib_DK>7pn z)HgNsFVxlMzK4LW2S0^40Ikmmtw#gkBAiP1DZ)S*6H)_u-@_sQzqHI>hEH`;#Bx+a zX`UYbIiU98&uX;(5gMaqpWmNf)Pw*#c>=ztyP$T_>8fr<8}{}-bZHq``aKEcCA!i) zu%(J)`AWeTmp!@I)e3#5?bNN4MqxZu2%dEnIKF8uP@1$D10vflrw|OnP{~_k5aD%v z1icorP&w8B8p+_yAf-pLDNa1If}rWjE0Q&}S=j431Lp!h8ANI8_=xQz@qwSgK>fkr z7oD#^)c|XvO>5b=EXTeC7*cu4h-#cRWfvi12K6_xgGVQ^t!^V@*3=X=l^jwkrG-2R zztiCYQy@dhTRx5sJu;G+no_=A-XiA!7pHG6e_cNN#4nD6)MdrvU)QN_!Qrx zLG$ukI>1)an1F9m0d3}_T~9r~lh&57?Y($9<2KRGoBdn}Mi1o4LorX4fE!1^B_gz~ z6p*n;3WOGz&-Nnj zT|`=wlX8W%0&St;kuSjou%0Y!L!ma%*;QQuTfP%L92X?^DV*tx6*G{gp@Y}!6{xNU zG30$2tN0SvM<>b6ZGrJ_?4fMeU$Sq(UmQ?;rakiKMz;2Elp}+*Com*#?t>q|sUDg| zF5==l${7pyU{2Sk{~B?RdJ|ZXc~HCjbD0m?4>XE&#Zmpan~m?EA@m(OiF4K0EFIrn z<2yCdY(#rqT$Z`{kf6b1pJ7j1h{N4m`!Nz+-oy#!;dxF6rup%zMF$w zXD*IXVy*a_NrW#|cfB|Z;&F4zV}!%{ZzfB$rwrd1?yvj7!Q4MKbZ}2OYi?NIcl$Av zE{!SO6n+&4=#(XH2AT$}a<24mp)-)$qd|0r9t6C4@)KaN<}49_8hEs1WHPQw23uA@ z&2$})bXWhS{FkKxAEG^m*bhoc-PNF*fZJ?zMl)8`|4t}j?KOFCEGw(nNTcx`*kb>P zf;B_uM_Y+5DQeUDx|Xa%@`+oM;ipYKLur2EC_pHA75ISYub()!iM^Yx6|hd6(PzmVnZ#1QpGwiw?SYOHV|0(M4 zsuHEa_dYM{3-);7)xVy;w()CMLkxWm|Zj&HYqVJE&3JuN*nU4MX(@; zWV&>)T&!QL6B~ValL-@FaX$2GZ~=n^!Zu?Ewtpp$2%RfpAm4t?_swh;UhztE{5Z4( zj|9kyvz{Y&qej{$bY5NsQ`vF^;{R9PzyFzq4;r{|Qk;)p$t-Iqf7yc z6UcpPpr);3YnSj`#(R@ZnzMBt2t)39tYB~jg&!NUGc@Eew=!+NY5?L0Cx$aQE>(xN0( zdkJX#KQMKTv*Lus5iBm72<9?A@2Q3H0ukLGk~d_(v4~-p;GEmSc3+SBecJUD2?2T} zp6yBF8Y%~0=p6~~b)Ua0zC2F~{2vE-hL@zqoRBIPE!mHaBV{c@H$RA+fBXU*1a)l_ zdFs>}y`OcR?YJG)x^{@^RqV_PDz6&WVd=O@Ay(4NENJ`F=)WgAMHJ372EE2hF;X2F zjJk+Jsk6a|8L}FSKh(M%$$Wip8G~R0kKBE$)cW8aQ~zDSw!)n@sfiXz!P4!5r)Wsq zJQPCRD;J11yG36eqeRTKeM@aV&2Gk)@ z0)Op&OAb&LSDbHL<-bviM%$y)_v~#17WQVhfKn$&gDT^SqaX;B-ijr#IVnu%CGZ*b z2+q;yb@rxuwZDk}o*4~>EYf`7yhw0LG!Lqzh@72zuDlyWCM-^S=?}KMaS$0xVT&7h z>a8s~=?DE1zwUYySYhkQuzJJ=OQNqNExRPxy^wsRC!70!X2J?@m<_};;A0JGjaXF> zx}Sx82&q|(t~nM$$l%e#v5~D0ztFiL+O!XimDX>vKHHZ7tH{=wfC%BoC_=ytid5D@ zZV;fS_`_z#s@Iq``;!eBJ}(IXw{xDWOhpl=x)KtBt&!*H}YYYg!3bD5w6Z|0Vm zf*Yf5mq6`{zd3>y=Squ=SaJ071XX{JeJ*Jt$_ zZY}T^(~ntabT*mVuB$rI^T6Ccy>SrQl^Ne5QtK096QVPjm(h95;Ra5d-5WCbU(Nh@ zs3(IeMRt!ouz(F1hc<-WyUOY2Ti_)3gmTAY0F)`f9_K0&8Sv^+H$qP@+4Rwwb+NfN5~(B%DEJi%HQE|4mWAo|dxX~piiQy1hP z8^DJ=;9MlL>hzD~tgm}MrVNh313bl?M8*YZ_#wq>_@?^IA83qPWw;J6Tz&=BNu?Wt z2+#LNA{H?0=x#I1dj6mjpRs2ZWtITHUk2uA?;iKy?n5T(6lsw3M{Ys-6TzinT3}rg zhni3?qSLfy^;N`WW?|51?8`D7DNiF6`Fh^k?5&iKcX}38x#Gunu@WrXBR{aGnv98W zj{c(DZwM~kJB8roLIRcFG=SC>m6(9lW*_^Tzz@0|R>0g0s?Tc6LUb)sOKp?kcd?;s zw>`pGJr8z5F3oo!jP>UL!@WtaqptmdbUl}V!+HW!ehjclJcp=oNHQTqNS5AekV%QBdJbwang*FrT_b*(S9Q#ijZ=2`V6{mzez>Drc+cL_U zr@+-;X0ctx-EYR0*$vAQEVAz1kaP4?9_>;bK~8GN?AFj&n=K1;Q5e#KTp*`N>BK+4 z*_}ZyQYr8SevezVfOgvv+s5&n5b_%~X+s&HwX3~`lnuoEkdB`CjNk=_;2J)^b9wOD zNJlaFNCz02@lIFBNBmQDkaMu$-vMu%uokUisRGmV4SGswB>8gn+GKoWqGAIk<_s4S zjZ_C$By|@wIs~YWDa-OwZMf+I-gsBbyfKlk|DryoI6e-&e*9}t`qQ0%#Qwuz1z;Vf z$j>%mnGS+;BZ)srlxq<9O|1)G%ydJ?U5MJ?jt#aLUmku-ae+ z^!7fhx{a#4UBNRU`i8If0*BwY6s_1IjzYiSORUdjPeVFc<#;wBV};h;fjDQYMJfej zbTNZ6*w@T=tg||KGcn##&cLPYvwZ|GFliXUYNaj)(b+xvY3ub8obn&krSuo4LSEwo z`$Ck}<6*1z8YgEmY zr4Mjp(WYz0HgO0}hu6tY;hUfbyWyF4^1!g7gQpMf`q6iLR{hdB@%+CGpXd(`g}m>h zw)b5G z{*|yfAkb^|wYM&@;#|KY1SLECE3k&4vewS3lP^X6G!kCUKYV-DHKG%_7#kpCG*T!Y zM?nNiXlpo(0PMI7fX1#Aml{AK!dskcZTXzl!ki>Zd&@dvd6OeP`7{|~hgUf^)x#*{ zGTp(g)Oy?xR3)-NpjUnlAI!ISFw_@8OR(B z!KX((yE=lsFfCB8Zh?&KL%bY;DyHP2t&EtA`(wDNXVv$$dPSQ6TJIQE= zXWq z>aaA>lP5&ihYGP1tLB~1Qq6{{02_O70YChQdpO7!M};F5{ZCEL|oX(RNf~>G$QZkDH(Cr&#T_`a!eTLCbaW(+|hNi7r%k<@iMVz3gaV>5~ z=Smf@ECQ481`@$yiEBaP@snuBJhnyH%hiUJaPv7*T%MW?Tn$=^cG{y#iTdFh2eHFn z?8-B2{nSF~ZNn#ncH^=UwqV=OIxQ0R5LQEDZ2hr0it3dDI05#UeQ}rTJl4QJ?Dj|? z@|`YjaDkWt)z!4n9GlI`>o4D5XDcc~?H1@&BX~yj^VnWKJCs<6PR*srDC{B5PynuG zcymyBlDhif5%pdc294B-`t$TQ6UNrn{m2kw+9i0xy+!z6v{#8jD4m$_(njV>BV5Fk z)awZyHW@&f5JM`XC=rE>U3J~)?Q}1{qe5Y@FhZlquan}b@L6P1MQygjQ=|D670S;w zMyvxtTrK_asI8rMpa5>i-I%~58l@JZqr!*~6)6e;B>wxQi~ny^!XVez4cE^Qf%=8a z^6W{^6TSV=-vrk?Q78|G&!sTGIz66lT0no$v9U|w3_YR|>36#LZe_L$Oy=*)qQ(BM zR_!yqUFXS{VTy0rhl`yggPVYq65` zC3=e4A)4_Z!)o1h*7bG2B%pG&u4kxuMjQ<>rJ*LEEzE7bkz&OdRRT_npu%YVvSLfA zD&k&(-$Li+8LPr-`n*2L$9Uo`cD6MirvBc96W4*d1^RDZh3O`)C-K?yuFvbr^N-(e z7D9vN0ax-c?1;W~g`MhTv|kV8_hVMCBGTBNb(uZJFH$fzz9X}ck+s_&~tS~WLaM`rd|sGP5MuOT-wCxvhBJ+{GX#lS)dQde+rOkt3NZqDm;3^ z;92uzqMA(wKP)j7xR>dk{>vf)&&ih*?}FJIMyDM~DT=s+7pIO-b)#YgPXLzQ8wAfwmS~!m{;Rv5Z%!0 z&C9NHz$KgrjQv@6uX9i6;aH#v-m2xtJM>6XfN68A=6EJ};(xp~{iE^3W+a8~DNiVq zJg{R-;mIuiU1ke6vOe$W-s$-tR3&E5D#o+---_O=J~p?U8gE!UO>VG#t&;mb>wb{&gkyx%MJSuFOoH$0PjkZo(US}_~|IWK30j=7Js+4u7(E%LB|+4 z?-&M}4xkT#!J>rTr2P?x3bXvp!N*7RcBllF2VuECZ1AqiN8wu+7vZ~Mr-k3EUcViZ z)q5(lW(?J-XuDc5e!BD&LX8H3x-u9GvO5%iW8wcRiK0XDUK(vW+~~<pqmUJcU?7Y)!Mo4z7Whwv z&xV4WS)`~S)Rie{W?xHH_j8TG-sW|p<1*Hz%d#J$<_rEzzwi}uu$3;D?i0O(+?HK* z3Ay#rgjO`StJK$S3R%Z?$S7|ush#t)k2?Q(J7pJy4m_bEs)Y4Xf^Jm%V1dN@Y`n^{ zR5mwUw)BH{#E_EBS_1B-Rt}f%zpU4;sZXUhJ2Sag+oSHkKweZ_th=v)9ZD=c!L>zH)H4|e_gYlnf0pB+gs&jh7>K1*y<`0ci3aIk+XYLUuz8L9p zrjXk|-2DG@jOb?+tc0dFTQ^|V@=0gVQ)4_rkc>6puhJ=D;AqZcv8=>Pv zYojs2+Z;t-?0L!C{L2R1O?C{}KbPTD0k=#AC?0VnvfTJ32x50O^o{fjsU}7Td~eVz zSA@hbXk&J6T&R>~Z|K^10~dau+y)>-!0#fMN~-d(NPkd+|JnYd_<)s$=KS640)D@< zRD>qgc5ozn*y$b}*CttDNg9=jxEtlL{@P9YmU6^F#OqeKakHPm!NR5j$^#nCWQ0ed z&1Uw&Xroca=WT@t-@c9#7au2a7T-78@Vcf%L=4{v3;Z`)f!8Id!pLd&5KGh;$)q zNjYOC(W=$yh-mrd^*pbbqBr&p%ixi#*Q)T(@*TIOJ}-Idt?mfZI-Acg*uHpA&E@BB zNCgEjBk7K>#XHBqagr!p5QfWWUdY3W8iJ8LHnl#6ML;`3aIrQo1t9dnKEB0lf`4CR zi6Mc7MApqr%{oW7m!`R)k9G$6rQ+XL>Ow?nPToxS+=xKdT~_`?CP+be#JrTlTm5Md zG)+0izjK$`OEuNeeokXFb$7r|s+0yAYhuUp3_UaP2KK=RTam7~nmg1p86~kD#Ih67 zg;5qoePe~+?6)2K02~y9J<1U|4yP<##jEU(=!f+yJi6U}0*ZK3YBR9)GbhD`uH4r< z{zK?sk#be|n7B|bjAd=3H`!secvU$JG8Hgjl4Gpq03AzdORV4fWv$6aRp#~6)Mr|f zR=;LL^MTh|e}EWz@W7tf@@UPB7Oy8sZk-BP!Wa!A;s1Bk23^Dtt@SVMKl4MN zf$ItOfyg+uAAkeYN4!QBeRd1YkNd4~Akb#kvPcq99963Ok z5s=hoHPrt|%SMTL#pNsQSMe7Vz>*TgUR5vS&=3Fc&M#3q%^GiqqM}^&OWuAKd%jb% ziS_+B`(xR_lOCJ2rFyqV^p7Caj%1+HYWOvLUkX*yiuq`&|GT;pDnSgcqw>Xi?k}dG zyO+!wF#b-t%{dtVH8P`(ao#4DN_kJ?yTZUBgX){a%utWTL`3<8_xOg%_OTTme@B=@ zhH0L6kxdv^sLsGq(x+Jok3f-(2@ z4@1RcIaEpi8Gtgz)h1jJ8@!_00Aab2^BwHVJtG_WC@QNesaD2T9eThfxuL8c@-8wS z_L3+v0>9d_igAuWZrWWB4jBDJ>eu8G7;XzY{5+aE6UCdw@@p@E&TEz7o ztI5!)rxH)L=L3p@Zl9_5Rb4@e*Dqi3+MP-ntCP6Y^yWW)PXGUR0R)_gl7z6qdtOnW zpe$@IlAW?~!0@N>0her(J*SRdLVO42kLn)FQonlX1pN1{VPk;UH5ge5N*$MVHq36_ z>9%$P_RZa+{iOuLO@{c3ZpL(GJo8EM(7XKQJAwRCizVxH3B)C4? zW1sTgnA$$Yzd5Y+z0r*{x)m+osO!J32cZFbuZdrJPGRE2RO15>^M~#cIq=Fvz_FLc zOkL{F)zv(xEQgY_p`7ukIRWiK>?x&R0%O~bH)|voMoO7G8%4pMU;LVFW%1L^#39xA!^3vnr`C8%zA?fp*-lf8YQ-AHqFQ4L- zCq2vkZHaV_Nx?_r)H~UzZ!vw zgt?=loYNTOtXGSuwoKESdF-dKfc7BL7S7y*DslNb%{ynw4L@o01t=y!8kta2cJD&v zD(T?eQuRGWxA+@EEJ3YLNL>51t6Xm%+_GmN@XTy%yhEd-eS6-Y&gY*s$~2XasqGaq zI5dK09Y&i%U7^Px&@4>8d?t9KhhIq^`-VF)AzY@07OHdH*&!QN`f+dbucjtHzQHVi z%p6U)Z&4cd&DiT7C79CnTCe+@tkuK@vuD5IL^xY?1q*pg1>VuXGZDEL-o@hdt*}}K z%Gbi?z-91+mYeMNO!;`!3yBG)Q&=D<4+BDQGLHBUP30%Fp&0T1ImlTrdX&L8HQQ3> zk0)f`A}+HD_SGtN+0jzt9!>?k#V4td%t}F-xp|Im>a$n)Nj&k{;izq>oce-ibYMG^ zBP&=}UT57~Dz3h`w#Dl7%fdtcq}0oE-fZ4b7#j-k^%}-~a?!iyqTi%ccvwuIyg2K- z++Re}D-Q66M)d@s;ILrDK~aiS4=xP-5A=%`Y0YvT#MnquNDBKR4lVAar#kjDb6~TQ z?<@l|gpL3VFQNwmmp#KHc0yU>=zhY?GQm9Zq5cp3eh=LGH1D`@%+bWMUzQ%*9YtP$ z6?mQb={wIa2kJfLPJ*2bO~1%hgyM_T$w!H_Qz6X3w7_5YUI_pu6IVxQq!NmYgZ<+! zHkgLf4jfOWZGBDKk5$(H-qPWue5$ONY`^83v;(=frt~8|dgj`2ZEDb=5i&gVC;aKB01I8S;%}(D4s$3X z3l47fk73HDjFlabVp~&c?!<;3e+ozp9B>9r<(XSBb<3MK;2>?ljZB86@hCS~Cu<+pP z6v)n#>o5*eX8>!QV2|8JLM{dE#Uw}}rg#kk30ZQ^K&Zp-0Y&KAqFR@PAkJ{BngC(q zysDJ_!(0Dl&I$?H^GejwvkDhxc4YRc(_gjiFrG`_8@V6ZURBcImut4J$BkGwJv56yhk&#9cd`HSy2u8B^9DJ z6QMGQe;Ce5W30>nH9125b1n}7DB|>#C!NXsP`C*8)?|z57gtlN)VQI1o)%Wi>%^g= zhInrg8}p7D9}&#Xy9=1go3%F|yZ^wg)PGajykCn7ZDP~VKTTx4mS*~oY)}({Hm6?a z{X$3bKs-W69d~HQ`^2OTe4f(mvUkg5yeXqPf%m*bDYRQQqS@i^voOss0<2v{-Z-lB*kZvpA{o`t2W*kLJ5XhxMR$iTyzdC4$y7Ch$AB!W|aC%BZxYrC|WJkbV60K*n z55eP*8P-Ld&mFY(rHO_(8f_DOQg18pk&U zt69&>?~~-D2u0uO%|NCFLFM*REzP?IT3z4ZZ4@5{K_MP;I5bhN?jz*X+w!>nRFTFN%Edca+j`wE zI9MyOq^#+?Z+*dRp{6nYS&gcC3(pw6&MOW20LcfL>0h|3e|*y%RSk8@C~mU(26cu5 z_0ryna)NUpzqG z-lLDFkNn|>TPATz32GdW=3=VCNavEA0`1C@d>)Sex^`L<)h6$dXB8eF8z(eYe`xq3 zRR-?{a%-D>XeqwhU$b1uEeQvBL6O2@JLY*^6B70inE^Le%VUCtlL4WR4g9-%K*Vn@ zn@|qiNCRNb95(#X1{xqbS4JuR=JMn!tSbIujU$TDl**+?LyR- zt3b1l1-R|mMsN1Hj4GD$U?21bm=r&aFCTXK%t^^9cdETP<1ulv-G`7mpbET1Bey6l zrPzHm4$$c432oT=46*!w!H|dmA7!z7E}<0QT(QR-=?|}@F*c~%zm>jp^^enFmH%Q{ z5;|J=dxa6=C4=gdI_$=2G+Y~Id=(g=4ZiB({DPftYd%ZV638-DQF(rCptQ4~>Ylzi zR@ZH5UA-Bt=Xhr)Eh7D9@BvQL+jRIJDvP@>%Rdqs=gwR&gFXTA+$0jM=$cj#O!odSg+} zlu>PmCgVLe>B=AINb;QmM!#y1K7n3vIW3&f_8!tUpspljFtbm}N^fQ~emacI=N5)8 zG6Few5F(L_Hq_4?k;R5wc}rIp`Odk|<85xaN>|XVj6I1%ad+J0NK*B9Ume>3;|v6> zWoBcr8Snp@Lpgm>d9&}2=PXC?W%m*tm?m^-mpqE3|G;cJjSsZK2rf_U!EgI4&6OsEBe- zL-7(v0$eT!|6dL#8}gnLN{qiK$Q3O9qIS|(nlVX#dBq^A9B1jSH1aJ%6jF`9&-Jv$ zN$blSmT$?@EnjKyz+f}TDdpA9&f4U$NSNZ304+Xzl$!_X^ij&5NY##2Rk#a(S^A?# zCgblfF``rlrt0Xz54!bVuv!Cc6O1`Q+&A*O#9N1OykJ_p+YP!yEeLX83_q?}Be<16Y{s5+ss z%> zz0R0!%QV5wE>=e7*`PFeB)^1l^vwt|wu|Lby^x?SOy+UQv*Gv2PGA(l|LjTWI68x@PJstmE0O0ayhHc1YSB?js6-0lM z-%~c5&?w$oxA(|g-75&){4p?hviLqF{&$SuZ5SYT0@+y}Bf=mth4YXG4Vit9pU2F% zW5>@5Y|cZv!R#5NfvNCy5)j9O)Nyd7{7=u$JhIooADjR(@MD#a%YN;~igX2cCo3EE zjk8G9q;Qua$w@nNi2hG4x|7@yib4G76Z7M{qUHwK@NP41h#GvD+c#p6W8*dBMfTjK zcDi=qum$Up$;ch18JP+$@--ys(@$wqQFuVWL$J07r)fWM&BE`90H}9(kT5xz2|H1% zfRPm(738Mt%P;;f;Q|(qx0*>N*O^%!X)TWxR&8zN?Oh4F4Q^nXt&+pnC9-U1kA~TM zg}bnq`X0K!S03AdgmU>g@XEMvxL(hNph3v*6OwhPV8JVD<7A@gehY~l$3`MZ(`ncY zA}Rlf4ByL^tetI1q{^bXU1n5Z(%so_HWE!DBguWapMy@=@-4jp=8rqi`@p{vRcC@{ zRSTLW&#C;iVIk9Ss@<}(bE8i8xCjvFfwYj|7>5xD5abA8Itjc9O-$fF7!XW4luHd~ zds*`S?e`9zaChmO1#fvE?Sa%0)KnYrn7+t*4K~E&b3iu+lt%lE?!#*cC0l&znzp{e zQWU0}UHK=7jpX7oUkq25XBKI~1VxyJ{Vqp)VIF=4P;O+nV|kf+La_Bh1oD9{i)eaq zj3i^PQvT1D>urSqQvumEj_8%)EaoWN8atqXBLl+R=gS^+QVN)$L!1fr>p-)nwfr63 zL*zg-XFZyHMn*9q36yRsc8b6Bc5+8H&uP2$cSgCM8I)TzF1)MDznH9zd^%vXz4H*6 z?`-BIqwQDveA(#D7{6Mr=`r2X9iWQi@s&J-k>{4S6*b4+{xvGyX>{}AEg&u1yveQ+ zEuUC0ut_OZ!TFa=GvEVS>~w#A7kSWt8%#$;U!A{i#G`wKOKc5euW$T|o*EJHAA7pW zca}I``HaoDYx-e-bqod%w0{tDVuR(Ob8}iHo2UB+3I5h(ZD!3;kMC9}EaKqvIf~j~ zBD-yV(4lYJDA69k2c#pOuJt?s;FJpHF`Z5O0GG-hq!uTw^`ZR_<{n+DSS*iOr6 zF)i*DfFI$HCV{jCm4U_4*jTNGey!bDRp1|*_AF6E$<=}Sn^z;J!G$0&8?L_=BBUTf zNs}vH`hdN8%FuMv#Kjrx)%|7S0>q4I6z>y1i1nFeAlI0n_~J^WWEhMzB&ek1`5I_@ zBJsPSP0~VqFkk_mq>P%yuxl6NGfvHXc|9K-kmz*C$VWg3X24q?D^NEQ?DEgd?tDnR zDZ>j1MP#XyJcl68*FU2U`?bn@${g|rCH5*(Wc9qw(e5O(9w3!YdSB0S_mAt4|M~uR zQuirkz+iUdK{aR=jfW$jtirBjwgx^>TB+?WGBHVeiB5h@&^0hfFwK^ z7qXY4YDA^66aOoG7$=4IH;dHMvYtBV{l6M~!eiWH1Hb@`9 zKZ{^k=5P!B@-W^*L|R7Q_oPV5a7qLL_8N2;zMyIJ6Hosmoyy`J@W+AYk8dXBIT8z= zBohEjwsxIa2(tBd?+Qk|1Y$(OXZC6~Xr*ey12ind|We(c41f z#T>ZKHrkKBj#=HrKyDNtoA5~(Rva#&k&Ro0AOs=DWea&n=+y#tU8g4L25kbC8$LQ^ zCxi;>JH?MZw?r{+tpIB>zIYX*c+(WuVSJIvt-tfP75g{_YWT;E?;x$rX7Agz92Q-Q>Jt zL1^W-i-*Nxok};xJej*=qi@q^o(!pavuJVP9 znEN^d3%~Xr8P|RvnsjM9*=#!pA#d^IL>;Y9OjF!m=C9i9P+iifJVS~L^32Vi=SWKJ zDps=|wM52#Q>K3uj8Fhq%~anp-e_^0w!QMzGelV@gWh8xNg$^2c-&)-WZ+-WZFYIV z*$N^npL70SWe)6C(nr80bk-eK5J-{{UTSzj^rE>Nx@a=x>;=PjgAFB7oF!(uMZ3PNssUl|TD_ zUU0HDeYw;y@fH4I2lgJo!RPIg=gs>*1$>ee-oRr|f=pg=wr$+a?GF4$E)lexUvD#3 zqBhU4o~*ij?Oe_RKk%|bjlQk`{$)wv(X&l$Nz+>V z!nf~%t>wozTGu!ImzyP6vCkw0Zk3cM^^0<|JH6wC(1nR?#4RPMg+b%C3kf5#>yJ`7 z+%v8RcL9CgGzv(>u&aGLmSK50^BErAy zlwHtWdW6%^`3Zq)MLD$JE5E{x-`*|wd_7`5^7euHUg461uD#ydxb%;Vp8*C9MNspC z`WpAX7pF^#K_0<$YU;N(McBC$nJg!?OPbQiD(C6t3dhjg6rwn*f;hEBl8Y?T2Qchn zM?-|+>o2J%NRK7WCH9<`M0aQU;j)4PWFd^irEo)IO zAcd`SgE+1ppF|x*EDsw*re7Y;r2xD70h)My4@O(7?|e(TxBlgc)SR^Ys9(5Ycm6-J z6@7U&h@5+uCL{c63L z=NoALNvp~vr5HQHuo@F?M|1BBve0Om%9NFq8yG6NG_8hvE<3jZgAGfcGxxOub zJ$I0uA;0pg6j+r{QN7VGAx*p+it5aN_l|D92r&2iAb`kv1x{F6N@(hP#a0%I26;)1 z^3Yq>NFmGhaWk)a+vQuJNdFg+g?s0!yu-0qC*6kxlzRP>Ry?)dEcUK!Z^Ea1^L`9sJOAkUQp8@t=u#v$nda{V-VJ@ z)&DbcF@5#AlhoS$2( z=>(eCt3pf@YVXX~JMsLCKVL;e9b11KXm z&UN76DuI*Zga#`{)Q#xTpR=eMs|qI-vXm=H$I%=MK=$2Itta z^B63JP!p+h=csx*);P?Fk%vxJPQ4r}RyqMxE?lfk-&7K=qY0ZmY;l*(1K6QFjGSj9 z7hKZUc1t~Vc!t)clso@fI|wR8>*z}_Sk+ZV1cXZr`2g%GjO1;B^cci8QN#kvtXW@K z#1bOP=Krc85Aqv(SauMAEv^HMYcI#^9&pRRQCDaOvPXgB0GQIELO-SpK%2wg~$g$0biArtDt*wH#aiR6rlQwQ92Yk1&Y57Xp$KZOra~D>eluiMI zYSvYFAXXo*-(`|cEA>M#oReWV&&b5)X)h2jb6_eHkJEjKaY0ZGcqRKJv2v+gTwUT= z+q{a?!Y@9*E{{D`qXnBtz8tdmfe2yXjn^^k^eYpx_aiqTelE(B#DmXkf&_u9%N~Snqfm`2pTGU$LOB};wx;TOoFY?hhu43 z7ny7K2~w8vwP=U=B*Z^wOy4>#@GR!{O{8lsA=sAzUK_d2LVxWnY3ymKpk+S6FP|Pl z5j`SsC=>hWuMngF{$B4((aweMh8}S8zE}S&albH6gOhq%%Qrji{XN+9Z#-@K4+n_u zjeg%m8&G3Wp(v;1@!eQmqvxBe6C117!>If~^|Q{+dg6dbC-|wpBmtS(pLu|=KMP++ zPy<_3T=>XG+7l{NakrnLOnmxoKTDD)@xZ~$S4esudkIw1zdFM#vG67hJPK_{l_%~O ztfHrT#IKY%)0#X2dQSn50u>1avODyDkc_6LPX`IY9Rc!UpENep zk#15?cC23LellM6HBHEJez^amGzVI<_Dk_p11FIX<$rFpOrCTZ1GEP*`N)it$H9RU2g7;0Z?zG%65~1tW z#zr@SHlUTD+{>L&DNl%My6c^VUsHJ9(+$6=99*1_VE4SRpC+ zm1%80F6w45BY9(}S#yG!nYO0d8qi+A86IFkWd&XNL%;j_Od6=_R3}G#X%66Zg6W9q z18hFl>0fjz}o*qiHSJNmOecR^5fi_Fa7lwh=HSd82M%d-MWJPX|fma%C(0(@0? zk}S1Nav9gH$IrWV5sJoJpOjSx$|MC6uYaEs0K}&$0Ty@NYVUr9haLc0iY+*@Q2Hh1 ziEVvi(WDgqq;$Xc*pIg22(-TvS*~D8z}5rT%MUzkH((Jr0JtyOkNi1V8Ot=^r+V@Z zF0l78v%)V#M5t>i-&v>`s=j$3QCKFI)AEPK6^je|nVR$Cg#?sVlf6s-)M(TtzaNo(XV!rIbBc zz0(-Gs(yLQnkSbjbkWf%;6fq%Ew~EUc)!UWN^r02qd_p_QPuW_B65EPu#v718}T7h zBPi9m5N|p&7X5<$P4Pq4hTaf_@t1z$j&2dR=%Q5cxCZHE3FYt766;;#z~^D&NqOC> z=wRmFnKROJJdM!9D?rgM9-FW?lIBCbbTH?KYd;05YT2-`X&@NA1-N6aDjpp84)4*H ztnu&_%%=X(K{AIM-62i}Qm@N;sPvuht zDc@4J?o;^t?aEk1p5*|W+O+aZ3A6gKB}X^X46Txbsr$h24E^@SCGOXn?1J5>$GgnD zo%oNy@P>cQU1f$nWJB-%Cm$36;65(hX-oNo7~3hUi3UXIzz>megz6Be-0{~CEI3&G z0Ms<~qB^U0qk~E@pDlW8di*Uuci7kh8SR3I{>gmEgi`c|(eqQ`$svoz$JtCUP-&Bx zR}0tVX-%59pnyE)G_j5T$DFzcRlx;XSr|M8rll znCdhtKcW$hi*Z4(8&(#t0(Gw6T&6UMHfw8+j3QF6*O#^5*xCBoUsTV(?SwwY8wbMg+s8QT=Xj%nXk%iwuH-zDy zcI2w*dCihrxy>zf6F+HaC4qy@xDRGO^Mx{fjQwki6Rs#D0;wk0ZwAdKPg_6I$tKnK zW81AQAmzv(#%J-|dN(AkP+>Ys_i?v2{tQ#*xYX3(fixW+IEZ>*#*>7xx`oQ*s~ip# z*pt;_9Nj+0Qw*Erc^!j^B!*N((9q{R0{A0c6Y?n?xY^MHLRlL`^T}p#g`4)=o9=_R z)wYc+-8}Qy$ga|hC&_NGuHDSZaRmXOEdB`?Ie4Oo{fgYr!t_G(FIB;%`%wwm>!1J- za`?1)7~!DO_-1G(gOE6E__x6jcsosr@DFK+tXm9(^$G!GOcDK$(RpU>fu;|Qo1Fa{ zEg*Dv|IEH!VdOF?jI_MguuVzrU(utP zxsJ^BVD>kC!5ZdN`IN59k8wAOd?5!DgUFfC{d6DhgLN*;fj@e6wxP-h&CJJM&hA?AK<-j4G=!BxOF%`N41eU zL&>u4^P+heJu_WXY6t{6_X4q$l-+XPAY5U7QOgyPaQRY6dw5^9AWe3iZaYDprpfCC zwR}rX-P%CT(NJhG4%gWH!|?<&oW^rq-?T+7Q7ZlwXM8}h1_<>q0ElkfNAfK{Wd!~P zBXZYt-~QM~?qG4vw3c?e@%0pafoOX7_SABbdPztc$X}jt+d+i@qv!4HZ=W~h5{Pyp z246sf2S(J$GvkICQ|-HJ{;ZT7@qc7?45%ip-NNX3nD{Rb%klyKq4fOSLv(vNj%q8jA^?I^BpcBF|A>04uqfNMZCHj82k8ds4r%F@?v(CE z8tG<~Qd&}^rMp`|y1Tn$kna92yr1{~S6Ecrmz#KoM+ME2?XD}eg)_f+jd<5F21BijpijAxQwX** zTP~RTK;^Xr0S`aFn5YQuGhA>Jz$g=r36ZBBbrCBqXt!8I9=W%F*N%K}Y4C$ss3o&S zm>Zdt(qp$sXIg>HN1D3hdziW~H;&wkXrAVn<+jdoGRQ^$evaoAB;dgV*RDRHL3!Vwq%hw&#phQ7g^A={`R!R=H+Co^ zBu>7~TG=Ay2Vl`u^&K)^bnp`cdat`Xtc_Rk0M?|ffi#row1vb~H^D3Nu|Zs)2t z(brHdgu-^R6Cidt$TA|2MsV)+QL?nazR5wVE}}+}B7eI;$V9n)I*tk*I0fjT@1IfP zFjJnO@IRPF@U4Gn9#)B>mJqmJ<+mJdv9DuE1_zc!{vMWgC!HLhJ`!W-KFM@9S0iGS zc9H}pNbg})Vs{mbRM*Lpd@Q<8N#-$IRzLoKj$RVbWN~)}Asr_7YkP{ywE{heAODMt%m*Y}+iNSMvuY+fL`K*UctS8j^cU zUpFaDb&(rP@GVA5eX?)E<+6RW5Szxe%gLyU+sPvz&icYaKkpSD0^A!Q1Hj$RH)6NK z;lFf<%GC5NIVEu?42$^sWF6$)dKnU5+>|X=cYK1xiT^7``l@e?0qjN@7g`<}^otzs zLYFj~Ze_GVyCa|evmsfggDg4z4?y<@;EL*bM8F^CH3o1u;-c$4npEqEo7q6Le8YTZ zm2F$D_*mGBOvSsmsm7GKs!>t{$4Z5!Yne-`3}Sytn4wqw7w?FgTG2*oHzxO5Kgye& z3rCoGN*jEYz~uF%Ts_#5`1_7ypq6m z1L_Byy3OKK%Q_~xR3Zk_GI(qeJ$lu%T0+qQkY z1v{g@@}B_}gaLP5V@ARS_?tqTDg1y9NyLy}ZgT^|aV*a9_z&m@g&FRmsC~Bmqics0#GN$aXi@lcicsh*e-&0w-KZs} zfo)FR%d9`*nZqRVsvG%m&`DC|y8xfc`RXUKsXH42)`)`f%2wdya4Xec8&uQ3H;B-2 zM31FKSo`=NTxQ?GvyMGvI*TDhdAdmJ^HOohOP<1Ye?G`gP3_&ptR(P&Hz=#==D%O9RhBDhP%Tmk~ zB@%f#Ngk|aP{LN^igNMm&A*9!98-(og!hgxb6GEbI>&9CbDC&c#ivUDuVRJh8^<^) zGAY9HZ?dSrLu4za8nZO>4;p0RH}rnWwsr8FeSoK2tey`Tf|<`ldI3?-I}k6dP-Yk< zQy^uNf5!J&wI054(~qR}P7h?qwG9)sNoS7n#&$0oY^j#nnfwV-5H*?_NjHm1+@G8? zPzCXmp(l!rS86yTCiX5yb#XS-R^Kt0d06Idb`<`t8Q1-!W9%&e+HCb;1fK8b=U)5W z4-|KRh=xmB3o0-h>g*7bKq}yA%HkBdn!I`W<3c9YU^~BsL3jB88E0Fh?d9{7576fy z5myghj(@EEga*<8ADZNN1TU`)*N+@2fyERI9hWOV-?$QkbV9T2zyu+O9rDi+Gy7l@?th>Qcp4|s($kI~weSgvoA!I9W* zo>aV{P!Vj9m*hx7#;;!x8)h>xiMdwK>OVdB?blwzL!v$JunEf}CRVxs&0LezMh$Mh zGWwK=uK-;v#b|AbuO8Fh2?)gxo~xt@Wxs$F4{c9gW~b=se&9zYEh9AxWcnhdWHSTo#u#-|CkPjIf`bj(H&F%<7xL($@Ldy1rw|3Qt8GJr9w(`Ww)U11^$~k+ z_JAjH)-NKZUR%)wZrRNbZv?USb3TlU&57Y})ady4AlM4}7&+4OLiJqL<0*mBrs#e< z8IXN>Ix*GcB&nSy(w19!fLmA+S%!8mvCjXZJ$xCK>*C)@hGFUCmPzRD(Ug=mXXgAC zmyY!ou2np~vCK`ep?c&^m` zE9$u^5CAiKE?v{|n$fEM=Z}0H$yv^>!6@y55l;G4-k0j>53&yAk!J zeUun?LIk;iKb(XlstT%KQ{o$g&Xs-%Ukks5E9z>lO4)n~vlexj+IlK%QSY3pG28Ob zXPmDAZdAeq`9X-*dg3@45$(Q76*~n9lPS|cCu1oJwi0ECpT{jZ5VtNv+30~&ctyKB zGcR@9HFP5IPw_6ecs{PdAmOGmG!-jVM-aO3b~bkZr7J-{gF}5FRAmlvlYz35Ke+uA z(Tc&EF>K_8Gyts>SM`O*u{#0#E+hDT|Che7ElJ_KKI z0Q2~YJW{711UWSzFggG6C`J zYh)lbx7oL?&8D@QS*d*v^Y}UwPM5+eL_`myJ-_U1YLM_Vs+F9XEBjxo0xUJg6J;r; zSee5DUCp_Y3P2Z~+(~U$=2Q>DN zntij$d9AQT0Lu+<1dx;{21mq=9^}20;el#QJL>kObWfFbWy$iiW%v%Eb8G~KXznvT`Ys`q5%5$At+_z&A~BkObNJm#Q!eRGjk_PoMqg6{ zCb7gM>se&zDde9vXF!gg5gnm^O{d;BxYHw;(t;TgcN@?QGYmg|?7&{~XWJsFBU642 z7X@#YQ{JKYkGEOICHFo^O!(2rrJ*~WV<60B6pIN^?LHu0+8bf!vkvjvu8Oek0ur0d zdgauFEx*iOFB`XE_N+Q|Cq@G3Rv(onl91R&eWJ$7Cs)@TDCdCsh?mxi$toWMA!e^e z*{bl8`r00mQqg|DsvG?!N};v*qv&U+@#%CA# zGCjt)5H+}_nIOs&k*Y2`?j}mWmr1Eu99fl+_HN(#oQG4W}+D3>}YD# zzmPdKt7?+Pds)Ahltq|?#b4Hg{v+edYeYCK&`QE|-cPHv(m0ga+_N=6JM~PcwNb(W zPXIeY2j32jlAMW09>iDUyVL5pnqM*m%bV@PObT^_1vb zR83|4MTe|(e_7Z*t^~TeI`l0*pxeWzuK8w1xRmAqk^ZemIZsEqXUlxtGurb`k;s1Q zB0ZgQa&P~-indvwOx53!*y7iPtN^-XTM*$estM+2lv(-mmE6gFNlRYZkiWa`qs75z zXj6TjE#iTA@UlxzUfy$$oHrP5#x1$8W`|ne8 zV?MyTitH#T&X=Bj_7E_hU``82d8Gx1RRj3CE!c!2xL@#~|b0L{gbw#<`Q+ z^k6{u+*xe}u~Pzmn!%xwVgJB@HXl&M4&Bbcjsql4q^;3jNY<|Y3TcwmB{=HQpy1sg zN}w0heT$4`5)#Dn+Bay}(Sbt~{gHGiHpqLe0oAt=otudK?=EE)cm9yagPrCLz)S*g z{AcEt3YcV;jWK*}IpUxZYP`F#@0C3PG3pjdQ0hkO(o_-^vghU;O( zE&t#_i0KE1kd;h>^b3rulUsq#0zOe+p`sP<64>pi!D@hr47lAn?(Eu~-uvfp)Ak3x zy!|c)spZU_b5-~yJN3u(T8yu+pq~-7qOh>TQ6~Um6yZM;1PVF^HmLNUQIRBx(X2gw zVW&6}JCvKRZhNoA#tT0o5xj6WUVfC zE10a;SSIiNL+lKejNLMRMSpXmc}jcLX{1jGYza1?G}>rVDjr&0cu`?6AG*kIFh^PCLzpJe5gfUbu}<(g*R2P|4r?in}>y_ za$sy97kw*4v<7#I2>K_WTyEL{Q9a1*kh_}}VYjf7J6t#holpR9c#6q#!UutLCVf3$*lOG(l7g)Mi|0#al+~tLy zG{-GYDIdXjZ}PE!(>GKGy`G-Pd2nsNQ=g-*7D7yAMKH9)lgo1DTF zIl})5%%PHCW|iH<0@6p}2onr^5W1E^TSwSepaW}&8q>kj%1T-zg0UU?z+d%mW>yqTVysC}f1? z3M1an5_3T4XAKg||5+qxSZ(FI1lhS>b3NFqkBD!bLPeeF(8+$=0}O_K0KegrDm+af zG|rwqRJzG7r4Mp`C>TwjtFupuTm!%(d%lkQKgyBE#v3U;C&ck=28$SEV`1dwPGWLu zb$F#8em`2r52Syz!uvBoWmK`fFP+IJlGoK_Ri^UjmwxI_Pl{R%W6|DYI-_rg%>rta zimw!aqa&X}L|aWF$OfG*kfNw4RT~EzfcT_ z6M?tZamFbg51H1{&9%VA-KRo~gPH)^BxN^39PW~sHO*kSxoKL1FuH(mthl}V z8Him-@XY|UD0UM;9-fHNcxR`IB}}$tRT0CZG)w9`Rjw@tI~aVLFag5@^=UAoxKb4U zi1Q3eQ*zc)-p9c9j-%AMM=X9=mDSs>-X7v5H$q}A`&gPrWA~WO8S%t#B4yymlm*rj z!&Yg&4yilFNQIp9F5GXru=$RYs5X^{1swa)ZF(OMxZ#Rm$U}r6C(-5v;`{< zjH$LQxEPFC!7|T75zj%_hCk1Z9h=ier|aOef6Rc}sHqS@PG#R44Pc8>_HGV*MIkSQ z`u@lY#LMi^q?Z#~{uQLl!Z-(K8zLeKGB6CBWzHN41#0=fp_NSN87q}1>r&cS#FXh+ z?6f-%!mEhXNcWWjetlw0xCrNxxK?4-Q{M1Ip%rQFXFmZ0uD#?0CFrgUf|+HI(3Wx z_6F_q)ErynxuN_i9!llw%k^Qxl#DodhjUQC=d5U5Q|@9N$I9v&N7J9i#fi;L&MFUD zGZ%{LN$|4xZGQ@j!Q*nJMQ>W^$(Fw2DER(jhJgWKa?wB)17oEIp7=X|VemkN2{y=B zarG! zzUDbl&nV@GHwMc)0Rd8=qeK;rv!apdsy`w2G&`>cg!;^iZaMYDy8bTnb1 z9t#n*>J!L$|_taAYhu8&IQv)tX`O(uWcVd)Fff2!2p zex+I|H0YnR2n~GACP*RjxUXWe{u)dKI7xuu4}L{V`7a`r0A+yW^v8@mmRt|f_x6{I zeVO0o8sD6*Iiw&mY7U}>(jU%W?{SYt+sZ^^pHd%50OT~Z?Qhf3V8PXdUhqWYQUtOP z+x;EwQcf`37%iocSN-LkgY0XL(XGhEzBx2P7bWEO3H?ySC>q?{0>QYYaVIqUw#otA zp@|P`qkA~>y7{7vUQV`paC6Q&{4oY~H&CPioKV<0?5t}Ii#NYYG&{VJq**caN;k`H z0@sKgY{W%#HQ1d`mku5X-=<(B{k)pztkQnVz8{t|+0cR0e*ouBw}qzxz)La z&M$g9z@$dMdolE}3QYKmKcejqu$-X@A-(wjhkcO@1gISL_E(+sbN19VZh+NA{}B*^ zmvTrnmxsUpNoldOoPYqmSEg-We4~VyJi~?)dK~YGcF|}3W!q2h7ee;d=BSVNw>#Z? zA(~$+`YCHRZ<^B{1vFyKqqNT0{ofmnf&~&IuJB#@SAF&XapxmyO?q;&&E5^_9l4QA zn{LBqg`xEiA!=CeAPd{n`~nf~xYy!n>u;&f6v?)~H`CV|vw`=aAG@hr+>K0bDms7W zs4%{YR^xzkIOxwZHu1p*@yqtps8CJeRaW{b3zMslJgQFL54UA4p|}8AX;(y|!T=4| zg)mOq{t$au?uV!LvD_oW1%7$Lpi3(DwKD+o89C zd{4B_3B^TEcxAN=4^bg9UCVn@F4H1&3k2k#*Hj`cEUaU!1fZAyxg_zDJ|rPSWq}7i zUaOvm3?v+1hNj+nTMu^=UWDGO*w#T+3-H60wBXm|%J|Qa^;Vh-6XV?XA5EU@eM?}& zB__U#9Z0jplYfij8~2z8W31W(q$~I{a`Z3}kDJB)KVk0;)DW5k06)d77=sZ!0GKPb z>5?vX@a*uA`T_RdDnwgWeh4`kdQe-dTtAKq6(?S0Sa9J=+xH3ToU zC0^T7-nGc&brHSINb(v4n1sO9qbHWC$=(|QG3ooeJvNg5$HM>hkBrYR&LVJ>>j8em zj2wL#r}y`qCvJ~&C7s67r%J8ml$aeX4mVOR-@UVn*pvm1UtjVHm3;KUz75=*Xr4Uh zd5PlX#6U6tJY3mP&^fe(mb7@r$F~i=8xSS!7e-FC6c$A}{?{X+ndljj#Imv*&rW*4 zw@@$5d{A;SBX_&=hU9%49vs@w^sRfH_xiUDwDz!h2_A?C`RYjnitS)a=Q_1<_}|%X z=_AIP#F5u+4|Cv2vKhYECts+jeS!1dUwnHp@SW0kmZsjkmHHaY4zlQwfQ!x>4wkt9 z<2S^IT{I%CEL>w8r%AiA|0COVd4UWPHdP$pxX7&rH^WA`K7igJHR_m(KG8g(ahW(~ zoC{4ncT0dP0-j#XBx6$@5TIW(Bzt&OSX9jQTHi=M4CyWQP6N}r>(@^XQwIy*7Rs6+ zc^#pfwl`p1fSd5=j+B!TbJf}8&8B3n%e2>wZei+ zOLCllAzs1sP@St{rvvnVd7p8=N3=^gx%9q1p4r_9CBIi^@W(&G2qoy@=^%LDfC62{ zG*Zl~li{DLPa7BGU+EdBqWRXMD1>fmN-=zEgVqr_)nCM|HSI@7hOCF}=&g;*`-Ss8s z-L#>dn1D&@IiMz3#1kw(@TTVdB)B0~BE7CTuHEDx7?Gs3N;gH`n(iOd3VhCMFbxyz zYuU$2aWt;Mx=6{tJ{0#TfY{hWA7U(sQBISyc3)GXruk7`QWl?c&|#cxq>74}(Q%IX zyA~4LRowW-)3(zuotMLC`AnW{QFroh6iqr zNI$8J46}t|pj(NrHcDn9>aoM29TcFwUfp*M#+z{_Rhsa?{@J;i8`<(5;$fqi(21%` ziKXoMJ5pSTxpG!}U1Rw5>iy$u%Dc;G11_U?pQGmYz#M3vmHn|t^pl42Xg@aXJ&f;h z_|Rl1h%?dg>EHw>R^s;ECkUqH6c&zcW1$o}2en#D`NHiq(ZAl=&btB2?C$-y{$4|v zKOmcX0V3%}k_iHg52gIWN))Nxt%!YwFL5*|vx`!q=9@k5ZJAujG#WBpdhhYjof(lUZN^ zRquaZ#r|U#O;gBMWbDgX+dj+Yc74bGE=LcYc@tL==LWR?s{wGKv3ve-lc{ed? zEbcPun~G&suy-@YapTxr$+8GaXWAX##hFQ-8_vfBnnvc>wKcheMBKeLVo8UxbXx0i z`w4z#;3d9Lu4baKBJu${5=F-aCWO^dTa=-uDu(T|+hXXHKWI4(WyCJ!aVMCEL^ZK{ zP3v16A;+|%0)6*o@9-ZX%YFwudSYSAxP-N?_VSybJErBH9nM+Ey= zpKrvOQ8UnqQT4E%D>Ut(vD(R-RwMVn`evi|Ie->)#LcmNk&L8olJB2vJ)b(U>(caU z!T#Q&t0f&2Si`mexN(XV_*`v{rDjLnkW!&@zg&X(?z;HUrf!_$l^VF4;&md~Kyf&x ztNbq05`3dxso=~q7FhNW$by^bBk-ZyUx7FhMb-_pKt2i$*tz6J`oTxVr~;fo zGjNivTrlpRAgtbo;|5fQv?;zg2t1rHxLxvy2(S#UveH)FDJS70>l5`WbZG#E9P`Umb1R*{tV%zaknOmMj9s(EVT#&>k-B=hLuikcm! zdiqg*@(%KJiY+~S=gIn(U~;pl6^|o9i{DL4zG{5nh1rA77vH9!cJ!(01Bh)uf%J7d zHNkt^yo#U$cGy4xgYD;^&WoEi7^wqu8jXI#hx|)EXG1np=Wr_MbUy%SAwI?H!fr%+ zT0NSdP=VurXlOr>M9~98*3;&cV*~jo9>IkTj;{FN z_E+4I6CRh8A#2PAqHU1@Au@kcV)AF@6kDZ@^$#;QM|UpU_)Zc5hyT`m_->NK?QFq;BJV&XTt+q)PHCeC2v}zxVYm#= zb~(d?O$yH{|KdXv^=gU!9xirp4s`~*m)OTy`jUi~9_HOBG8Bi&w=o=DwJ>qlF$cdKJYoMk?JU0`Bd&@C(lD36B1Ggz25oj3 zXP?yrU{lV156dw>B2-8~mzIkBowk)Bx6y)W<-pj{BGp$~iMZsdD7Kc!?^lHsG!$9i zXjmWhun!>JO4QL+#i>@I%QC#0+)tJ!0oB~?7I$R|MOiiHLe+aZ{7RjF0Jam2YtM-Y z^aTKaxbru=wSnPHq~ZI^s<+g}OYPn+X(hZ@tz&&jxka0Ql7!G#Ght#3>+s-HEJwCg zgSE?BoSFK#gtlqSRs$WJlAQDjJ{k;5%+bIZew9%jnAvJAr0!oQq#YGeG7S89 zBn+P$^7_JtZz^mmykVMkvlrKvo;n|-?S#0=Xk)4EH(UGy@u*exVp|`x-{I~2vz%xl z0qX?#0`6zZ&H;kXgIYv;gVVem33LHDMxNOa&o@SgY_vY*o_WJ&f;pp}gYl?9KIz*K3m49U9^n=4i>|K2>L&Xx&Tu*(j)6I0j0W~x$^eH=}5@~S_4kjNL)bO z&Yh#!8;4PRY}W*1P{y-ps|_18khdu3v~Pj<;P(2DB)byZ=pB9@ixfeI$QC}FgWZUK zf}I9wx@TNk%%b^%mg@1lcW@4#!c})NQ$Z*lJnNXVRHZ!GoMa-}V=r*u$6}JP&~)vq z^6W!TspL*Z61YwqwetPGznZbrY2UU{>dj{fDO@C+CMBFJNZCi{O05zU;2&HPSCsC= zk!#!c7VQGLT6+vvx-o#J9#&KXjucVi4!0#SiI+o8+^|=2&k(S^|7VAB1{d#Z**utm z|Fx)HQm9m4j=B!vId$sQ-*j&eFyJRmqRY2X6s!I38+P2^4XJwSX%*iZtX@t&gXE<> zypLtm1Om3WExtN=@LCC{3hzVJSiYkj9YIO!UjVZBLp|DP6?`sZR*vS^yaMvBhI>cN@0-z(Erx@n)la{so+=BhluFe319%z7} z<7C3U>8F(OiSi%N7f1QJcZ^6{oasZQ?m$uzw90g0B zqRpll*-N-0OV%Kk-W2(^g~gPuSCgotaxgiXU+fKHsb-&vbGiY=e>Y-)7vR-Hg6nT& zOi~#Ka&yIyu<&S*ejs1S&hD)3z*Zhh6fdLRSTnaB(SZd7M3xZ_L0V{fSyZf|WYM7k zGhgE`ux`R;`@kf;Hwk;G&hj;A(hUZ0>SYgwBrHh{QczRF>X7Mf99;vzaXokgc3eh; zM)Mn=sG;KsZ{(`#F!}I+<7t3#%$2({lx9H9H7r5~2NepZq-y)zO9bXfa}7K9VGSuo ztyTsmccK#{xM%_Wv1VWrJ*nrP||4YA-dlX(98CGsUkpYIo0aFkfT44@~;k~NDY z?Nhp+&3yWs$v(WF^7z4O(N^BbZ=M@hB=9S^`F9}y*yv|_NFP%R`^s%{qW(VRXi6Uzn? zfS{~V{Qz8}VSYeWDYf5SM!O{M1L`CFc%wQTsYFIgMU`)4m2*=l-#tF~#$ zivMe4azJ(u9LN@ZwL3)8#5PGx_rPIOPQ_*ky)o%8ZH^ER{J4`@t8=Rf$4}I034o%% zU4hGJAl;iJ=9x*coO&&hK?gn`hXGe#i>GQzVOYK0Ooiz+|Ct6?i;>Yo6{wbMbgwMt z+*DMLFi?R7tCPg){MNQ)kJJBIx)Uk|AU1eSdQnoZWq?|Q1C;|3N=xd%%~J$$=Ta^P z#^OGB5yFDg{~sot-1bR-__v#hc@4d}!IYkg2QLf+zdsi+^rF!@{%}6cOK2FUip6|g zLp^~wPKMjs7IAZab7WeM@L+#7|Da|X#rq)DVP|nF7T^K&ML~mmRDt^+IQF3_H1gmo z)k&t6@A_*UZ4Hrk9|!%K^!hRP=hRPU3m-i|QGH%Yq zpfkk4p@~KzF<%cnBO$y;H$@Rw8T=W(@zFu}Dct-wnw%Vc;;!G^QomBtF?|Ol<-KMd zRuF8dfXdu@stzMa@%sQv4-}%h2e{ZE`T9z$v9!;}?=GCLULXKJOv(#*@u|U8)uEsw zbbMg{adh4_lqSwmN_d*OZfwF{VhXF=mi3zzc+J*`KH52hhW$jq=K!PVky#XrZ#CTQ z#0AiMThPyLTzr*fPX@VbF9Y$6P++jn!Z1?idm{^ePeu<{_OpxD_01YOT~gc4%Z13j zA;fwcrGh5{1CnbiXU(iG9w_SZ#1KPxGX(w+HivlP>5@D;nvEK!M#ofGT_>7}2d>B%C7s`657qlyXuIXi}+3 zxO*ygh?@IA4;%I`#&VQRN+C2-Wc#A~6-b7qRB+y>TWa=s4uT;eoAdvn?58%?JTd{AZioNwHSzNExgFC++U=Ko)VcojImH{Q7!~_Tp+3Z|O$DYWP$WauE(#=EUVXBq z4PzpvRa8<4`z;dgXOB){5=?36?hYA>ZdQj{p9FrGtT{NcyiwItMI2oFjJ7y z#O#EdpoMM^C+v_fE*K-YnKj(y@^I^P5W!E=nPJ9!`iIz3A(1SD%cfsLeLI+$mtxge zzzGgj@NCUgqk$V8e-49-kI(V^)zei%zziDwCEPWiuVecUG_jR{2%+dIUJQVK!#L*Ksy? zsciz!<=&UvnNfQ~`IYT`ez#KDl)o_+SJB3h#<#cUIuTAy19&*L^^=AmjhmKM@e{x$ zcq|?8ARv(Yn(O(L@3KHyX`kRq)SoO5IwBQJ&7_-+NeLNQlf%X5Ci|% zMZE$bNriaYO?6FO-PwDyJ%epLQ3@#sDx<-$Q1J(gukO&{>N`|(v zYSYjyA>ajsgHn0k%yU|f0%aReP zk-b&a=mv!-H;oFv9SchKtVYB$6qb99=U?Seb#J%Y+4@$)#`PD(<fYG{Ixx*Z=2;7b-zK;9Yq4Zeujyc z+e>TecBw;6fMLd}dtZ%a@N ztC5JqmfjwH!T_0L&i<*G6LzyD%)N+x0pI!{uh|ULmQ$dS`bjpVu^fznp{3wq7(>7{ zdZ_d&dS9i-58C=;iU|IovQclI=Ba&>q<$Qa&kJzn^+zqA!({ zQ~S4hkQ%fMGt*mGUn-7L7omL(3X1b@8l@^d4+Yll9J#@A`v6KnJ6zno^_2q>Cmm3c zU#V*6{KK0i)o$QuCBM}}LYo=S#?Il^xc?m<1CC!B8})R2DXrOLqNqClM!$9oNn$%< z-{6m^9`5A+K4uKQPEjK`DA&#H;!D-~Q7I7b!2JCEho=y4DD04vKT_8>R3d1D1MR8V-3}_BB~fDDD1fg^pp55aX0j{c9)? zc&Zp&iaR<%>bUo@eO-eCG$R>{t%+`E8#&;d#lcy5SoqU``-ImnYi+StW>tj#PA^C_ z5z7t7Es{AXh_i=ogoRjt)gOYbXk^)QSq1lVqw`O-4phZG?_Xf{RH!muM*F*rV?06!;sNB=a(S8rFx7%Ddy5|t z_U`O0QhBFRzpKrqlwMpsZJ?ZIjnl%7*o`Rf5L<^H#3!FE_A2`;+x-wqXmmERgs*jp zn~|mUD*qlbJXwi0c~$9Hj)oH{Mg|Y%mjle1WmDV8TZhneCAx{f*R92!^p% z2k-VI$!D(mZFefZo^PdGJ&mQHk&~W1DrbQuY@NWvZ--5g?Zw(E4fzI^S^ccdS6Zz5 zg?tjA1c!OHhUToKIR7UslP41)7KTGk45Kib(qMV5DrqVc6<+S0Va4v^Vr`Gb3gmN7NZ)+SY(7@f?ynA1S z(|qu6EsW{M+xNYGVYg`Xg=^Pp_NBW;c-DP%sRyKY)zrs#6`?alBZSikku&ME;Y&NT z;AC_leKEP3qZ=o!VaWy|3WHJLO86^zzNqAI?RdWan|bN#SO!e7#80_WH81ssWL9bD z`T6riU6z2`x_PTcwcj>OCEWi2rRlwOycfx2_VD$oh@e)b<&=~RBmv|(S7aDY|E_Wg zsI;e{00G?=1yQ+_11xzg(G>cJ?TwPbD_r210A!y8Lu3$GGL|0c$nhlz9RhB)Z>!B= zc;FvlS|!T?j62C1KD2wl9XyDJ&Anc@4&(0{(y2-(Z+dzA2zQ^3U_SSYD>?UdEyyTM z{6|c!E$ZLKW)Y#D;P$iKn$$ZxL0#^VszhPH_78`^EGNhI7tqGsO12%Wx3xgKNg*y& zjuGqrRX}KSqEwr!uJ*&&(Z@mB@GF7g7YDfGHv*}oY@-pf0IMUyKP)GUJP}E}b!qWK zUzob8Wf7*arNNWu!1CZ99b-Q!n!yF68ab#eoIQMV6d#hVSQvjL{S;IAYlQHU!_Fk#O$}J;Lv*Jlu zJO;El)c0lu%7GM`LmnqtAV{>Y4BweyKbTyJ*5?OsJ zE@@LY?Kbu^=@WQQt_KnJv&|Ql^kxiNAvY*r1C+KMDN@&M#@GHW0{RS(5Yp4@>f4ql zP2ZJ|AJv+F@w@<1lO==1e%AX&isk(tDF}05dp?Rxj9!bXJ4YrwU&8@XT;aEk`wE(2f3i0s!<{837IrOWHgd_?WZk^(xjKNkhgkwGc!NR6ji+9`H@5Bd$~iQlWwa%<=|_|ldn$2t7?)X@QL%Cc4UH}1CeQOsOl zi0si)&QsQ)mkRff0QH5cK(`^OpaUj8?w{c-bEzd%H)Sr5-s~ulS_);+|BenA{dJ0gEP5;!+(!FcGf8t9m+z5+Iup~0z=u&0)^JL8$jIa)m85&7` z`hjzriQfq@MAL|U#B(!URteXjQBx(?x_u;DGKNac2HGK|W;(NZWmZ>59!XXT%EJ!G zTNP&O7-u22YfLUZ#ndR>4t$SJq2Y~?q2XlUO0q)JqRRGsMbxX$ zgJk?f8yB}8-sF=@nQ5r(VvD1Z5YnppBsK~a{NfB; zw553Mexdm;W;1cG|L^=YV`Uue2?mt|`adh#Rpg7Gut7_X_k=HXDw~Gi81`3K z<*^*`r-&oA*lI*16H1t{qPs0AAcSLvPCiJ71y#EG9(nW3UI_-Bl(B$iwTNc%rhU&g zS|=@iRaR2kNg+Ix(TydGbNcb{Z(uho<)L>g{75#mWakSZz&%dsqVQSF4;8z#XA~n%9h*J+HgesqRH43O`!kB;X-&{#G(1cZ)H3n2N#GYgwnJ2=;*uJ%h*s@dhnkGt`FD+DqIYHS)C zG}N16xr~U0sBi;LpFhzV(*uQ-55Vfi)zI(ASEB-48$KlnQ{6C**Q?LkY!$6d;vd+Y zKOOQJX1x3Rry_C~GZL-u(y%|#A>N3QOO))@vxdUs-{L2A`|J5Gq`p~M`qu6d@EZ_Rt#|YF&xqaWKEMREqUjKO%o*74c2DpJ1@WD&}hC>s7nmMg(p}!@3Q8PDs+U4=XiTeT*-N}+V zGa9=iMNduIzqEj8-zY>@I`XNY7R^W_-OatXj58kR5Cxt@hT808Fa1*`Wg zEM7$D1`Yj*N+Dp?4}hQeD#`v&7W4sqwrX7mCYP73vHHFRHhFAvE`d-R*kv?0haZrh zFF$!28U*R?4hd;#kQ}5# zLTX4sq`Mpb2S4B6v!1nP`NB7xbMAfbxc0TLt&uJ09}Ua}0Xh-=R(wu}BR4H&3+3g| zkmFbf!Va6GEQg|Av%d8y;o_8BO^8k-L2+6yE9C5x1e3+Gyo^u1uBGFVp2BM62j=Wa z{xcU`n!OTUdWm+YEQAt(xn2u!#fCo-(E%y394KI)M_jd}VerINjOl#2CMq)_zRh4i&;QN-0a-X0bSNBu-axJJoUVJ*t;j3<3s@*MBl7 zT#9Mm*zJhcSPFcSG~NQIIoAv$RyUc&S^{JEFf?uzYi#^~qdfH3SJePT`;ULb%`s+{ zxz3;6dT(4LxjQY8A0b1|4kiB*4xFaWg6dlUbDgTP`&UAyvHM>&@tF_PwqoODzU;*Y zG;*7-=(^iVr(LR(P0#45j2qH_XD52CDKnB(_o~I34((i3Whw`^d*c`bBb_4*f(qc* z3UaVAij@P(QuIH#0K)JzJ}Uat5ScPY&Ql3M!^*^yUNH zA8#U+&;!Tf{GqmD{<$XpjLP<1#Avp~&6{jy($;GIMzR&S7(giH1KIOvM-#LCyCN?C zxY3u*@pmz*l=iTVbAhgM6KxNhA66*a4~3&PNIWP^ii-#^2Dp)#t4u=Dtjf2Xi27rCl&CE*0ZV{NWO<8B*Hdi0kkhp}8xTm?LZ%#JLMttRW zK6JQ={2F`&yvItr0kvmTYtvA-yhoCxn>aAktcA~>zftVipy=r+?z%Jly;M%Mb7!aa zqhXNWa^Lwb7Y!-c6o>F55ndu)EoEFJOo^#QER}0}PSvjnAV=6$DtUy&w%9MdmpBdU zxA84kTi;sRzzU9~*YSIu=lu$u0r}AF1w-XAk2tU&$VSsiJP%@0@H%o$>`hBD~)ztUbUBFn|CU3zy#)WD$zc^#l zn=?rm2_mvZnPzZ^Jug9(lyMex_659=f$)pj*DNWy@G>*4bhGlHu&2AkQP~(EtR{CLkmrkEk9w=A{uW;eezRb2#bKe zoikr&|LBJWUw}nvqPx8>)3+(~wVEy>`G+(TJ(lOiq*t&Qee{2n3qx0Av(9*`8W|@=TGX>F&yL%`5|?}BO3R%YyBO* zl4n(gY*J*;r!29EB1IORDGMFyX?kz@`YRmg=yLnk8!I(=D#Lxgpw_>{>j?3T5D|7e;TqkO4WECV1J?%GswW!_Uw@ zK>p;?D(X&G{-cpaAxQ%u3oDU39C25DeqgflP>L+{Q>#o&RC%a7QsaAUHN?JYQE7rd z9x6*@^haPn9~ZT_^O)r)lS8WE3*wKjDJxXA&hv#>?Gaoozh#dcX7v^mU$Jz}hH^5YxE`1ev%oF1s3 znMYB_HQM1tK>{V{5F=|Ff5l}GU}^}Id-!^B`d?;v^gVCXW|15K#CiWUmSHauZv?6m zkj&oWFjlfp{8ITcO$+p5c_pJ!CU1iD-2K&O$;(a)k9{!wLp^^P9l|hPL!m^7^k`)h zlmElIa3SpZ-XcFvhe4}6OsAiCObZl5=_8UJAcC)}_GZSjIW$gfSgVa@I1D#ec39eU zrIvr|#$h7r4MpMhy691C824hKGCn#`cXsA+x7F`o3jix#iE>`_@IiQJCB$o~sx!J) z-{azS0dZTFzxzLTx`@MAqe8&fRsFuFz4PW`w^c<2JqVZ@XBmkY!wc7hltjI-qfJpo zP1u>?*F^PTnYEq#-cHI*lwp%}%=<>)mCop0HN`9>gIXbt#`4(wdF{2ud%rBozxh<8 z@|azNQDX1Uo48v9-X>ez>--`7sg<@EEP)0}88b$64F{%zN3aLl5f>bZrQeTn`^`1U zT1Ss`tv&`(KfGj-ba|Soq?OQp7ydaC2-scVDpt6M>*VyTsG3}G>_CU&X5|L* zk_l{q_rmv3_~9=BI7AjInZ9#YOr`g)bH@PCw;GMt?)zV?dwPOgql*k$l$GcM0d11; zSCu&hx!-IQh3sd}ekUB4q#U=(2&>17Ps>6JnlF=B872mulc_T9UX(Zk(4fKIw2;(35>SN_1` zxm@^YM*2=+K*4h9v0ILaCR6Uw2&+3Sg-e8$(rH`jtF^XYo~j%!5g_}Z6GQMISj!#; zZ2IBCN?Y)vt2g^VwyQKz^*yO!3U|hBbCLF-ImLr7+HyksPj*>xX%a)5g%4G1sC6K0 zAIvf&ik59KDeNopa|dp)_SM9ZX;!j5DU#>^luEr($NL9|NgQl|&B%0KA-@W32uf$& z!(Z#S$GLwMzW+8_eX%kq)GdU7DNpDsHWEYyM*ucRljBQzXN_1^4^i`fspA2e!~>P4 z3D+K)VKnnp6~TbxH?kzxDcGHCzJ5VQWq5Y=^@_aE^Ck7;*yIX>4g5+sym#y^Zuh!E zMit|`yNllpS!VMat(-L=9h{#A_o+s z1+XdE<6eBgt%hgqCM~K8O*H))h}qYQbu9mQHY<0d;e&!0$+i5&z%{ggKj1#}ONZv> z%)V@W%y${i%h~Ih8Jrz?7GA#{A8Uey7jT@~ciA{I{14U#uS=M6t*4VO;~QO1ZS($O?G=)>C{s#CLx^+OiI&`@_sd|5xl+vfX42pX2^C{hLsM zevhyP+A>+eY;FpE6V9{hwn^SIQs^TSpzcm2bX`!B{+4+7sw!BdI5F=czB}Y@%#os9 zW2Axja|}UqvoH3TJMB+EaS5rue<0-lP=AR$5zuU^Rjpd&^yUj6A(mA4{@ulqz+|;l zQJ;Y-Tr&74)Tixs-Fas}bw#VbMydLUss)}7xY$yjM}Is`*!gxfw|w&SOENv1LjepZHgEaDWpn_5 zJ+JNJW3Qjj!d3cOcCl5?Pi}5$d4mt2(%bmbbq18FH(l!Yj^UBkPtUP%y6qChY4<4) z=!!z2W>2U2zGTWtR0Xk9_X$hCj34;gPq3?G8h`!cW!D3t+4s0salGR~)IiZE;iQWx zg%3)&t|{n^8Jdl7>u>dEgC^`2zA8h2uDeS#<`jAkHT)sNDuQz?>j$6t42`o{yYYmy zZaWt7Qas}G`n^P5`?6K0@KOrVBIHK&_@{71ReT-i+gM`up^@o>0|MU=_ic>7z`gh; zyx+p~=>9b+%SlbBXBpS3Lq#98sGQsei; zh9H%Xq@fZ{s7DW~J%!UP`4mcvxNe4|8ukPlhi}EpcXOKYDn0``G<{yQ##wr{!eHk29{8Eb)wLbN}YwV);+ zbRI40bvby$XzuSvfjFeh0NWv%1lgaBd-6dA#cMCD5c=+2iu3;Z=4KsBK1NCyff{Bd z{jQlhAtQ8gCmkNhNniE7yhOj9ikZyr7}p#x8q3_>YMq@HmWgYoloFZS()^4&I`91R zhnc*#m<3e2b2dKJffg9>g0((hWEV*|&t$%1P{)ri%E#GAdk6r9mM(|Gi$t&yu?bZq z+?TBRgc30k8;DNB-#%BSP{=Q&C)*0Tr@8YJyAUS3aZ^rB^n-UM*KB(7Qfh`*I7Gfy_ z(jm3-5i<85_*FX)Zm(%@*WLf1a$LT4o}#w*?qwyh(`d9mZeTYaE8@O*5C15|2el{x zy4-QYyyO`=mHwd{jNa5(LC~gMO(X%%FD&WQlpx?I4g!&kTiRzzZnK5sardF|5;15v zbE|j1LR+4%BML5q;5L0GP^P>1`#j1=KSSp$gS%CH)Ev3rrgEH{awWu#8rt%MUVYvR z)6NH_Dw9rksHlk_aRy``dD*BB(gCOKuj(6}S@ymvG_+ilzM;~k9uI}?uKXj0rb05g~@TJ-D1?nHCn;R}$Ylnjg@ zFsn-1=x?7MP1V})A>*Xo+ii0;pEx`QO5n{v6BIJ>RBeSuV?GTYmJ4O;c>tc|!i!k;R=D@;`hs z=rOV!-3Jz!t6zsJ%R|o*wOC;(Y<>B>oViGLMt2IA{o_TtCo*|thz3FXUQ7)@XV+QD zG^mXY*61pQq3x8DqGKfGj#;WCBreq8O0=t~&xMim+Ea~klkYfH@)8-x$ZJBkxy!E&A5Ut2|y#rZ9_ zm!WW1#z&N-4gLUJ?hV*MkbR-gbE`z%)CqDt|=ROud?o5*nb)hp`+ zZmg)!soH_*492ndbSI*DYi6bKD^#oaTlJ_cIlCErI^>}}U#T6{Y!el2WQ_?ClL{r?|ovVt?TVvm; zs?=}TG&kh+;>r#rmIi#pNvJb-t-ZwXVp=g&j&G=}us&wok>=C36w6p}nnlfp(14kD zoXRSMBd6Q*QWqCem&Ux_zGEZ@EzQEeroTAku2O9O%SkCTXZ~A1eEK z_l}NLyu(X{PbB-Yg9&Geq^+=)n;Dj#N#?$wuE>nzUo*TLaMUH)eAN)p$caE#kpMlo zeH&t+8Y$rp)|!1w@IjCT)QdZQE9@eDXA<_PtN${(u#;e{>xRRKMoUQxgov5VRl)8Y z6Pb&`wzfAZh_oV^>f6Y;W4bD-69B7lO+l+GY_MmbBBn%4qD-V;-tm5Vs>0gcXoQ zWesCcZm>un+U7>z4LsLLyxu|{I?caP8OzZM!+v2YhElsDKz*QFmOdt-dpR-kr9@l? zn9-l#%{%y;qzMkeRru&6Dc=2zW9?+MSVph~z0i?N_Je1>n)FP++t{+u=3u4k*)YtS znRB7<-a0v3*yjEXpOQBN=oG@SGw&^TCSYuK>3K2mn_)L%;I3E+k!g?Ge42A_N+YOPJpu)xqGz6!Oc|20w*i!6Sv~$JMA#^mtmddMti}IP=CGJY} z8Xiw81OXZKib*wW4PG@lh9L|^v$j}X0*#zEMDKrE zNuec)U~d8P6MmvAZ&Th{6xBk9m-+yHuYM`}77s=?P6QO9^%^P&&k?>TSbO*5Tg|-^#_Frof`P75m~?dY~$SR_$)}&Q8_RPxtnZeAKO3<+{FqB#h%J^mnIi z=?H>tzxQWxVR4<#iEWU&F0d9KVbp3~x@6CH^@-^cp7Yc>EQY?__I{cAi-zSf4P5KU zo%eVq2fKZRz2Z;kQ!V@6%z?NyR#y9iti+Qakbx>oj0xyJ{2~uQIMtP!9ls;wO5a+_ zzCMQd=W|LJARtH}D9T7`fyX)ng2rP}2o?=j5WO%gQ<^UDnL_~%#!9|sA8;V#&2H$W zwc!$PK%J^(mDyakwFAZbwT$Papxe>wg@xSTCzk53e8$xqzQuGhCwCxH#=>8% za}U>*+qBT*qNiFbQNkiWLw%A=INT|cuMjxYTHIhcOqd_YI5fGC-#H0@H}a&dAzIYl4B zF>Jc;uFhs5G!3um__s>_b=9m{)89j9QHHzfAq9=8?@{( z>m!!C=PJ+xvb}Avk~MAsFzpnFSMoORavIxxw*wEmN+y;r@Ag4Q8*6i^C3LgLrKveII@nJ}2kp6X@3HexnS|!h)e8T})SZ3UgYe z5ecIUmzX7@8cUti#P3)nYW{kokMy$?<=kcz1aw(Jbp0M_3GN}+O~ zagT;vA`KUD2>67_MfN`*|@Xo3a_~k zyh=ny&BJKeBR!Vv=s641bv&6DK+4j4~n;!N;j16vO1#wzsum}#2rb!B}Jh*X!{l!bh zJ$@{IzWq?)T%>i6B6K&l8I5gQBm1^xw}?WL1`$CIPX<1+)7q(=amaX2V+(jJyToWes^Sr+@JE* z?b?`jQN-xJ9eQ)qI7_0Qzj|;A$(U%?jteAsoxZIw)}^@gW+U7Iy90;s7W6CK_`4$N z=s;*SSe?xS+GAw;NPLm}LrINoKeX9DAV;B9qXPtxtpx&~W zv9qUdYLVnWw~%KE@~Udbc?d}Cf%TnYgq19Gdzr{w(#{J8j*o4sEKQ$UYQC{3^dVj} zKCAgiF0X>GyC}UcWW`F`zm=mEQ;Ok zoycBZgI}^RI-s~Q2$7WwheE*gc`a-l>fz-v&?+h;s#%ad>RO!@OEm6$V zuo+ShseYL}S`ayXqqjcPVLRayi;)Z^S706W@F9)A-QtKt*DD8B$m`DFqi?LW90}z8 z>N^sf8r4*NGM8*s4l%F$3)*NYR=T=>$d0$;UXZj99&n7AnM@KHm&(FPkwZ;zhJK{L z_XDqZ_AX3~4>Dg&1#oyWn0G#D_m3_j#|hD5&ti-x$pW`SL9nJZT=_k;5|yq9D9uW; z5$vel6&-~1z(Kt(PGin<4$WqUsskt2dg+ zGiUbKUOYk_%Zwq4Hw$L1BDe)hp`8O>We^n=$KXyeTZ-+QMw>8URADtep<(jmyexf8 z`jGG0K}-;iD(;Zc6_#Vw!E3Cco2$rcSIWLav#GZ&?9bR)ancY231{CRI}XbL7iI`j zQdQ2f^5Gr$IYZtv_%D@r;!^Q!07j-5FW7STXfpaP=sz3c-Nvs5CV(5|YElTjA`5TDC@gx%UHXFTM{FQ>eK1jChFE&AZAqr*O&AJx% zwa6m>nd#$~70&)7hdoU_QE-IKY#v69&)@u>@pkkz?Oo&}l{R5S>6H9sQ2l$JBl6OmJF&>-Q>rSZF^5LaV}inlZzH#9yYQ8L ze7+5S$Epf_ub>`v#4YC^(#y&*YHRFl;_C#m5-D)WR+ceHDLzy47(gCc~u;yeI+Rfn!ko{@;)_~Vje6K0#^CGqx<2sC$J)bCiky-zY9>x+0WXXZjOfI7kjswo5 zUGJ9M)hVhwGp=gyvJr=`Jws}W6;5&nBZQ+{X}97D2y-(6X1H{ zsx_gCDMpRCP6XUkz;5=t38SK2FfFf`vj100!+`CSYWUvUFBGA3mQ%bu;t8+m`BG)| zOhI1Ah6u?7^xDGjmY6rl$A43+;~=tU|9U4F)KbXpV;%$XVsK6|LwfhgVL_mAEYs$; zi&8t(4;OzkFVIUdF_^9}-JhrjKTB`nyZCT-hf|lK4?BX+U+|Xzzrhw@ zN&Z6haru*2$T-^f@+DDlJq8^OEGsQ}M3LzW4m>??$P|%9%%i6BM|fzkl!M_$>F1OF#4I0$KJ^VqoG+^iYh6dhedHEU zLVz#-454Aq`BuKsw=z!A6F3ah9VYWO?j-l?K?5bEQQA>H+!Z8!_t?5 z`l!{&x|t{QNT_N+Af0iuKB_?Y{n-2c(a6=&$og~{Gq5!npIC7@k?OJ?E>5WUpi`q0 zyl!V1j`-3q!vVPdiPGVqwcSbjzRa3lQDya6Bc_ zaHcb$hQ5x`uZiB{z)LM|um&H)Iwt7vXQ|xQY0VHP;QM*E{4)1%SV7sSd1BvRtOXcB zp`M=jzu4D0#seUG)h-r} zI1clnCg;2mKU6AlQh!;{nWh_q;x~IZ2gXaC6FEzT1k-Z3{zhj?q({4~@NxMjf`d#d z!}aI$_@g=8#f0+yqdXOsLb#0zRF{9NV;%JdgawXQLi7MasvoR5YieZShO?7SP$2DNLgl-1xY()q-2>=0Vrd8L^ z9KFeyz&y7Ze?SkvdKeE7*n`wSLcU|27S(HnoxSFZc7;j#jf- zVZuAoe`gjU5bfv|d5;;BRQcRhk5PyxnQL2DL4sX{U1s98e>LvNV=szR{nmMEw_5ME z>9Eh2&v@rxxKh!d6*d!`@CzNs*bo;;M>uc*tk@mLct$dc&o)~lWtJK%9pR?mN#^(1 zwfgCZ&D(ctkJHrUOD|6x0#m0JT=O{AukM&i$wbdqgU;Ektun z(LZSNCt+t^9aHaJzIhS<0lOp<=HUG3KDi&%qBw9n4=Lg1SM3pXw(wBu&wo`)jTHjp zGU)*){`fe^lZJ#t`vf-fTkNkr>gqW$`>BA-;NIv z4(MNY?U0<#$fx0b+!#t5Gj9mM&OS#smrWtM9API)H^M?}$J0{hSRWDrMfsrLE`K=T zc~;jgra;n~ZGu+K*_e&PoV}W%voF0vxSp1u*wq-RN>9Rm*y6rgEJ6*4>H-e*2lD+_ zKF@nNf~Y1g?C=}A3j2jT8uz#KKm0CLx?Tpa9e&->P) z02Th}?QWFV{-2RleI4vM2#?Tye!s7QXl>c}pUZyObY=c$k9ZVe`;-3Rn%Rfxzid}Y z@?a?}0fgCA3o5YUKYJ0Ng6$=Fe3GyXgQV7#q zd|nUS9vC6}6d2uf)us5oMVGF`b8d$7;Zp9adV~e^@asqRv;fAz_?LO>Hi|ro;gB90 zXNXK4KDxJvTPF+DF3Q6Sp{@?g1#?h|6($FwkYIJ)E4cVhI$}j>xrl_P7mgK33D(&! zrR-AU$J;aNIN_M)iCUA4csSx=3o^h_8qpr?a)Jv@&JxZ})gBbDJ? zuo65nnH#7w((zaR1}UUew{7<%T&cMs-9zHIefE6WH1MxN6y&cA5Y4i_(CGoutmP@1 z0d>1Kwfat7Fhk#W_?KE(^c0i&SO$%0jyV3U_&lZqH83~Dj=NChj;xJVEr=F2GWZFm zSe-Dfy96FzE|fe3N?QfovO4h;_Ed?ZPdY!c2bU-=+FRxBSm_0p81tKCh96Q^@O~9cd>(iKk2JP;Q3( zoEqyhG*va7B@8Pm{cvThy;@wrSw|c&gg@BLq+g7p?bOH^j|r7) zoj@69FB!!C5Qml*Mo2(F7g_r@Ku0;}3zZ&_@U`I>i++2#P~6RZ6b-p}7lw!lgp~9{ zi?+D1H)Y{q9e3Obi&9k?m|=(kUwoA$FToT?G4Gc1@NWXj_9bzmg+}zE1%x%_lr7Q zi&%OhyUg8c$*y>j-zp(ady&G*mK)Q0oZ-D4_L20(~7U%f+3-(Q_4FgC*nTP~*iD>p%a zaDFb0KA-oS8Y>c^AjfJeYnc7~lSw1x`yq$^;34~pwW#2mwvu0Wexh}yZ#-M*e~6gq_Z9d_@r=V{i7a+?iz!1zH1 zcUX;Is9p#Sv#(q8@ISD;-efzonf+Pmiu=cD(xhd>(Q_46>x#*Db*u5>*9fgHvA8{A zPH**?2)h`lbN_n6ZQ)wp%!ueVv4)$k&PjO>jc|y0dT{GqdA@-w$Izs9A=f$jl*^bL z$<<=a4X^eBwtlz02Zb>UPw6u_G4g;e7rI=xcuB)6OWqS>c%y;*Hh>1XCn z23vCO-B2h(!Lr%bYod7Ryr}bdauO78(F?V6XZUbyhp4{#%xhGR-4NnF4=z@GEl4oYtqFxxqp8;eGnWwwCal^QL zj%#Z~+FY6oS;r4-fvi~iVLQ$Q1kS3t?OpF0F9?$^q|VnjNv$T7CO1x97Nu<0DaY*g z4Xqod6Zxa=HFV{(@J*@ptE$OegV1O4eDO6B|0wI^Vwuwyd#$PW{p=CJC(!Kxup(CVn*P41QK>~-m{6LEhSeH&`52`Gx)rW z642M@LfkmNi*w&1=_L1)?Chm@6qs8yX7c!4NE4(;!fMT(^>J@&vTH00N8gkjG##+Y zt$KFT%Yd&-2a<%~864(2I19}qcOsW2IRtgV+K_HyKapKxklP>ogyY*JYk`%h09FZ8 zd=kZfZ%vIA3osdu;U4k&XRa0ml!YSVq00pEZkh8|#sEa#gP`E<1!ALb%-0<3_#v`q zH@Yh7$Tnd}J53Lw9?yZQT%5PHKhK`K_gik+ssQZ8_`{2k@I>Hos1#4%XgV`KH_ z=w7_w(^IY_Bb2KZUWH?BdDbHSebxh8peFR=>+_;27r9t1Y;%EB4@n)nYi2oH(70Ra zlo49tRuzUgW@=?7aYFC{_6zoHE=Q$_oPjYkOtVE2tMPY)j6VfzY9JZlWql-|!b zfzh`oGWa95Gu-MND6|S-t|vg63o~zoLK*53dwhcK@k@tmRc#(*&(xUxhLLF8xm zLvt06U_<@DP;M2Nhw@kQ;+5|op`6&!2!u$OElV%WnJr=?wz1nkW{3=+^dy~Nn^|f9 z?u_^1`cu=_;~#T5+uw*GCEprD7{6Xl;2TfUgSsIiNSCi~6_Oiyz*_zNYrdp1M)+!X zI)gJ-w^cPva=BWqt~{AoR=_P{#r@$msGth<7G2I=)H8aXekmW_di@HmHbh#&RbODS zs6iiOc)(gpfU$slkH)lde~?zawTNKQ2>`1}ujKT?^Iel3g*w8ZsW%q!vNv>~b*z&7 zF24H0giPyx@0pI){*aMp{ z-i?I=gD0aRnEy6(nrQ}YB|v>Mmv2_ zMig$Ullw1Dewaj`pZ{H@8fNV}!YUx=U>G?h} zSuOWw>9jf@@NS_}x-R$|=YSjWdiE`(B~JcbhAUN`f0#Zsov^=8#JX z0`tHk?n*v-)i%9(g>lfUI0g5z4z_pqY7~*^_Yo=1kCI|MZ;4P(g-qnif>i68^Vp zik|X_XG@1Eki2vt71ns2!8R-l6fU=EbF6hSg}2>?puLkW=8fSX-g-g6qUU~K&7T0k zvG$n%sN$IOtUATHOyM3iRx%WyAR^-3k3lfuC81@eDb>NYV5PW$7v;}b1Df(VE$ubQ8-_kW&+>|q7Mz_z8AF^EkhNOg8J2al$A9m4{5e;kq+DW!I1NKZRe+C!&q{)YkfT)+&dwXGch%DFW^f+)L9rkDsp(3|1rd+S7 z9;WZvte^W^_wI|NzlEw?Y~9Na(od%-QOX6bfH9v!NI%o~tlfNfS|%dH3cP~^AM9yb zIc9OK1ln!Y;)EsvMaO&4dnhZblMU{Zoi9FRRz;>)FBn@`l4}J&;&=Zx!0+PV%mIi= z%|+tOl(3H*Wu=Z~d4xYdxNPbMY-3`lsTsFkhq}ptPiUYu84D)on_(%PI4)^P+!tKJtdvZ$xgX3xb}`6%2K&6J)GC1{UO^|_t8ss>AXC>0v) z0Pxp^jGTx8pi-tm@r}{Ywf_8nzRkP(-Yrch0xheR9fWUva&|vxB|ji#g^%J7zxwN z@n=d7;-HF62_MHQKeI&&DkV-YdTKRz>FNaUy}~s;-5;3`q+0Bq=2R2>kd{XK)%@-W1!V8R0OwfMR506 zp?;z#cooO%Mu5A3G?a!(kqWiB)JRH*PM3NmSc2D`bsl9l@Y+S@AXCyaQ}!(Z!~A=d z@045@RT;X-Zoe-Lh0JsR_wkQVOWHZakw-2_G%tN|+$l`hVfd#sbnf!n%bJjC`d{d- z7kwru;r-;&Q>@d}>Y%{KAy_zpS=`Ma5u9j5=BiaFc%SICF{vaUQ<|WnNX)yq=MQ{T zf7T}Oda&(-RKLMiCWBmh*b{6M<*MuE=^yI`aPDyc`Z=X>B<*3a(26or|C#0!iu4BO zXk4)>W;F>rwMrjSu|6_ho;63~`egCIN>1(8KIu$0-PcFxe!@v})bga~J&(X%Lnyrw=qs-N@>ZfuqL`Mp&0x(#9@)dXi{^qL{|BX&I=u1GfP8t=iAu zn2pZw@4vDdGudc>+eF{tJ$p9_7+f>ZEFD#0G*`d`HHa#oNhH%U*BNT)D&YK)Q(^-W zBEv84f5KDDpP)9)ul1}4D>gnA3})t$kiT*W?CJLyd`4S~j&}OwD~o;O8|^PZ?Vdvc zFV{C4$7AZ&SBv_KjJx@(*}EHyKKtvr?XQQ)pY@`{tn{{SxGyx1eR}cvLX^r-I@D?D zzS4pMg1N^e$egtmRR;;M!xW%%E<_WoE!HkYp%Tbpz?MzxZwv089LDsC>KOrVcF;J_lDe#rKsp6&!XB4Gt(txnbpEeB!X2B}EeyhCl z-L+#PWZh&aK-M3Kn+W)bt#v0*o8j`ONyf)y*98@Mbel#RiQ_+;1K#F2(2L0W0ea;r z14Bd?UAFapW(H@w@K=_mxwbm876UUKtM_}k=scF5)fw4Z~NqoL@#zX z%WuOP+1ku^`WVDUsoHi74!MU(!vV#Q(D2L~e%F-G6kX6sH7m04Bb1>HT&jx&xPwc} zeobz;St)~!-3Kz59c~~Z$V0_3TxjJ_pxMoTl*WH4rQC`OJk=xQkJA4+qa!6KFZ{rU z<&~oSk%%8F-dsPS&Vv7zQ5~if&r(^Wh9-wnYA`~%qtc(OB-*E%CV^&5d$q6mT~$Km z`88pckeERQhU!<_oMK)V^D%GvPzs$7SF5!0c3!1{4G5X%1h&Jm2)iGBDaEzASS^<+ z>`KsrP+o%yu#62+UN31FE0sXvP`z54?$AXX6$g4Y+V~9Ai{f>+zEwYb%#_cx6(%zy zzASz-BY|0vW4UDy{c=OQypy_vM2#>3;TZZDeW>Eg@*bRt>TgtMt_dJnRE%`YF$e{0 zEEr!%0f*qMCgGlai!~^LJrIKcT!w&*+&@43Q*AB88O_5XXACRbpCd?aTXD61m<1^% za$uJv!UDP+4x>xxjMpTSgEt!h8P+e_4ih=yfp=*0mM1ynxYRjFB$tEFNFKvKXs^m}sC>Wy#+nX-w(ivl4#V#oy=-Z9!TMP0 zONZ3xxY0lpU5!T-RVMEZ$WHhyQ`C9|EBrO^%s_~62Eg(zV--WAmo1mJUB)%|Hqvy{ z+`5bj*TWjR1L7fUBCxa{Aspr}2>J%XNFh48lZ}FeuSjI`P!XfH??Bt5wh4T1GCcW` zhTk8R=6laEm;rWnwKq7u4V*<=r|M!|o23|%E{Q@WWJ(n}ZS+pq^Ex*KVU2ukXZe#A zjo#k*6i+jO?VQ8vHx6;WptSyA>}drhTf@XC)1);;zG>eaBFuN^%0E9#bjUNnnnwwR z3W7+#8n-;2ExOoH=PnSf>8Ls71${@*b6@`=DPpVqg-czpXZ_p%qC-6c%$~g@H_xxl zbi+91bDIA;<1I1aJ>`Tm&>;zCpI$}vdJo+XIXXB`0IHFXtD2VBX&F)s=f7bllE^F< zGFBIL+|_k;;YVXTw@vQ&acpZ=lch=psCyKsD*Yx_Z9VYmLA&_lm(3xXJT2nS4b;d@ zx4516LRYNN>WkoK|BtS>jEcH@zlWJ&l%b@gyCo#0ySq_9YG|Zenn7B+I}~Y<1|>)7 zkXE`=x;y?KyuZH}&x>a*-m)0xoO8v#_TCpF^+Sytz^QnGF-I_Yzr28%>_@Yd1Q&E& zg>)n9)Z?vmzR^6PuWH~PKL`}z6R1_#_^(tOWLWy7!Z-UF60m%AO;dcO0DhgXy&KzB zU%0Esz7Shu*t0_e)TK7weiQi7Ev@qcjwco(fd~&sc74gj3c)*C2Xv&`h5+eV*UYE= z>3gbgGV?(xFa>M$s(R0J=teo@jG;=~5p^D74dQ*Ef#d(38B7CsW^Xr1=M@y{g6lt~FI+|SE`vu1e;m2X2^_3l zzOGsgQ?)~V*R6rwAS)jjZ!t|*+d8_{CRmfhWZ?NLJF|jeViaIxyV$seeW4Nz+{?F(1B+BLvLbI$ z3gB$}XR5CoygtbCf%PtW2RcEM;9-v)ncVL;Xj@^@1=NoWLMMvC5U+rV+RLi&EutW# z6G3$`2<^%k6Zjo!7Q~%tC*7T+$Ndh@#=AF(_34=1Go>!JVzRA(mA$^!VYPkctGzW- z1+0fcdVPyfm-GIG8smdO3DhvxSdawS6c8DH4#HupW=G0B4W@oIz4u0SiIk z+gy6nqg@uAqb;SXtlP;%L%sBJ<82u#A`l-?LmYOuIe6M~3}2(aB_Y>mIVYq=rBN3N zJP1V86RUeN*wxAOE6$$}BdUkh7SXvl>eC~>#kSxw885KbXKGW*lBvepV*+~u$c?+& zrXYswh%0tlzg^x)hDjA@uqvSvf%%b~qKLR?=EIU)L&7CTekbc^Jm zGO_Ck>hlk$8T&2F160xN1+kk&V`T=#&hHJhNMGLCUSi2MyMCj$plHqB`a>c;uQ?z6 z7@#UMzssy|kNY#B1p_!RE~s8ZVX1%@71S-#J)iaLbif#Srd?IiH$GvW;BNOGeOP;d z`XXhXzHZ1%afi&p5@sM|k$|z2+EUsmNcX=1 zr3)Qg)h3hwVqMwpf&Xb`45s^DHiAv$kOw0)0bgdR=g<;wuB`oal8%ckBm+-}mj-nXWx-gQ`6Yn~Tx;Aj-eL=oK8{ebg5CPEivCdNZ#LnkhB#eb!>w zz#O|?j#I_k9W*8Pn-)v=GwSR)-q4Pl82IhnXUcZA?+@td_Y3r9aA6OXeLjhpnQT0y zGhsig;ak6&%1OrBV@)Wl%%~ubJC;HvV}1S%86PR z`@FgE?lDN2glxh7R6a>P7D#52cFm@D(#~i4etGV>rfjJKcc!2=c zESP3x0uf=0B2vH!+(z{UL0rhrL12J-#s1^$-gkFlW-;C{ z)e|RNQ9P*K`S7DH+1CVSuphMiH=}ECOP8>cEQ~h(5uRHL5#O_KI-tf5pntk*kLkuf zO%>!Hi{j`Q>07DbXhQdtap<~Gp*$G#b* zsF1I6!c>t_2RACHq<5h+Wvbu=9^<+9Q;^-!!qDG&f3ovsSv&>`jc^$ zxL-C=jE}xW+r@}xDLsQvgwX;Kvb)y6?DkzYz@@d8M9Q8>rJ8@IGA1a0LXGi3Y$lLg zLK)5;8X0UF5?ED(;#l{JdOL&LX=2N5_j%wlJwRLSECl&*QocDu5Oqmpy z3^-#~xKLpz<8DDFrgLjR5hQFa=zpa`IDiXT$IjAKF@E_isFC@St?d6sqjR_j?r$Qo z0U6dy3*W+G^&uU~r~e2p8Y^R}@>kc=t3PR+LEoG%^bN6MsnYHm8ZL^+W$TT7 z_=m~wHI}idxgl++df)RvMO3ovh{f2zY!oX~TRiT?80o>vyjRsnIz*jfl?p$}#$X)g zFQ={|$n40gj)KB}{6!AvxxI44c0fmdHoI#v;hd>5^*}*XDZ-}F;~Lc`N3Qak7iUX) zDXh1i>Fe2D6}NHQmU#-+MPc=OpkSH=m7$ zZNA9V$*hT`;mH;CG~Ki?5UTb=qtET@wz$JZD_;voN(VSj49%iEAs#>NIev2)0JlG?C?V&FQW;}R90ZI4@ciyp5KvRm^-F&+trebmct*6QUfW&EMR7|ct7U$%X&=t z&cE9=9M1G;5}}KdN)G$ey76SsSw_;`Lu=lUQ5Wqj7hX5_>xkmOaQIO^=0^WmAvA4| zvj{$YOd{e~zj zrwBBD&wk6Y7YmdE3$)t*ra@rxHr}`_Hq)Fat7kr5+WMjZ)|wBDe!zBD2J|(r7(n%S zW@E{_8K@jzUk>|mG19YPH0P_#h4rvS?EMB5Pk~mYF&dSFdB^8pXQK>(+XFW6Zo;k9sRFgQX)fh-zwJTY*sYHa=U&l-fN3T2u}uK#L?_Gpo_jY?=I>naTSfc&K-&Y9o6@zKS9)r#?xBb643tmcFL2zz zsfZ7;Fk`~WbERtAWgc&N^T#)W1SYXYL(-s;rlJb0NA5?X?$4oYIb#exRN@)~mVn9S z{PB65Nyy704gYO`cIzZEWmRsGZ{?G|-mKsk^E##Vpqyj?%Zgh_tmkoqCT#yWR!Lcb z`d@&t@TQ(xl>C+Z&{<9nif*r8#TPuI#!hpo4wSgDZ|kb6HaVb-BR!>_T%5$kJgA+5 zjPBaJ=FUOJY#@NGiXy+8tC&$TiUBG=ZAthM#>P27slUp^zBs|_@xNfZF1*@B@Zikdr~yg$3UFP6L^t|%xZ>U=yZmtBGsa88>U z<7PyC;NJ25(5(4?&`=*Lo#O@lg*uw;qxSIe+yov)8UnH^yv=mLqnVjSPqh6Ol@Wy- zsEnGIe{Y#~-xW0&z%E$F*WbG!p=BH;_J>?}>9Eny?+X3do{jz3=~@^&?dov__X!tS zknM5s^X(r!-^c_dCN23L_i%TV-oe2a(Z9peky%%rFBBb5Pf>{=ke)a!P;5* z7|kmmCs@cdArMUm;EhMoSN)l){j0VR+z@Ltr8M07Dw;a?rIHzKKtC;F`(ebrp_r9C zG`Cz~4mhQuNagf1+Yr5gf-9+E^>_T6c_FX)))BJ2stmAI&oUL&!sj#`DTsWh^Aa1uNVdK{J?1EJL5d*twK<`oqwE+Cu%Yjr7WLUQ$H=Llu>Jmej@!5$B0cJDco z1jkEm@@wI}WN08ml;^veZ$XdcaBJ>GXQ%UGMSfcm^`avAiASG@Vyg0!O_S)^HF#2= z>}sSy683Z&ElAeq2R-9y?mcSgU9fdleZJ@`xd$%S`#-rr+Y34v#;@;`@CQP8Cp{oJ zWHVM!lY&pH#dS-)!wD2dom1oWVXE;5CZjM&%j0AezK5gxN;dJ~13n)rZeSR63f=O; z;-{&?)Ror+vViE^elBQrmBZRu>Zu1W=cuRSJl&_nR{=rf2g=q1H=lNnFi$yW>Af!< zv8m{trIuuMkKK2DOpWo~|B_ba1{nseI7re-aRFPp8DhoPrwE3F%FCYzIzU=pp88qv z@g*riEOAC!EeW38Q3ErjM5LVg2aGGRs1maeyN$8@?JMD{oLD>QtPJxl=4GsF`0S2< z_Sb$cY()gwF(tzLFK)l(yn0ZdpdCiks-=cZctqIz zwp+$p86LN!EWKwp`)tn-vTXgCr6rmb8uL+{3|vxKJ8`|Dj?Q=%=k!@n!5e4hnLfsv zf%j6Q|3`5fKuss%_ogKOrQiQ%@gvblwXGw+R%%>JFkgH4&U#*mXLjO@)tt#WDbU!` zFO_PMu;lxT$O{bhqAbXnVu^v#cq)*C zv-mAqJiKcK80K`V(@Tc*2{ch4*%uQE-KnQ%jCHg>G7C%~{;@$QCW~k{%-=#Uy6^3G zFED^*RKVwoh8FKT21n$`lm9%$?nS~$lYzDB1spwm%X0j{`T`Cw6Fmld_CEpUseKSp z0Re@&=R%*_9XhDTbckG(!=$P3K_aMmSIaROcT7=msTf&Vo5aa@WAB z6k^5}yn>kzww1*47LoT{W*rkEaO&&fozJ#J6-()!3sv82T~(2sYwoLh;s=$vbVAnj zwdx10^4@O$EUZ=+qySxK6lDFM7r=%);^b|H3}Cp|&7F4PGw^_P^ZRI&eWHrUf3M}R zazjj$4ROvQ%rb)ltA9xYbQ=WKX*ZEx!+-ei=d8CJaiCIgFT=1Ss=ViOc*B9;PQV{` zX||D()6;;DY=;4nd?dC$b~038(1G6z9D|fzFe=A2C3@$JRB0;yz?&c?JI2E{kG|x$ zkXzitDW<#kR^R?OS;h|H1mZ${$yC=SM(!aDlnxm}zcx$8@d8y}8Ot!{*2LSZQXIr&X7%e4fhfGE|&E$DcH%Qi866bT*j~ z_l{C?i~&pywTtGe*M>?Ya7Mzr7cH0b?wmPPP9`RHob9K>ZL%ss4ttRdV`b`J|g-gSo?Z4*?e7N^Cb5W#Q$nV_e z-R`Vf^|bVU9^=TlYw*R4Q7(a0ku{&pR&--)i}S|gRU5w`n;p~B)G zz(tHlraD`OdfslYtvfj;I(;qZfEe6gT`F^wUZpVEvj-H=EoIfl&SAHjauzjQ@fN(t1;7>EOaitMh zfoHdAH6sa11ovZDI9sYfr?bDC#0?C)@39Q6P6j@ztlaP4b|}QO;NE$JeSTQR8lQR7 z{qRu(_f(VX129k_F^PF*1yH7C^%f#p{}kEYwZAuQM3wo2WoMjH=Wmj^^y;KNntLJ0 z&$9M7U|^7P{2?>T#IKXPW|L0szNqz<`=UcSa(U|Gc*+#nbA7}tuRfilW&CiuZ_35! zlupLN%gQi&J)-I-9;8a+1Tg^UVD%SMjxCR_?nYJi=710TyPkNpip=z9+u@#j01NaO zoU>sfB;=%)x=5J{P->9aX2jDqb4jpfDmT===`N2wy*2jvoA>}kodP@pC6e z-Wd03fR1p`%TTN8!btBu$gJjhY*s>?3|lEhdgLdFP`bSi0O>=&X=_5iv<+$Q4ia)*6^;6PGC+pN15iuM5?GU?6@uMF83M_2SWK_kr-8ra4sa!Onazua@3LQZFuXEvHG!Mi^B)FAWqreMXe;gd5`+D94~u$X zU^NQZJ#b$cHg+-m!r`jjy&)uR_XyhiS4iN8QASN_k>ZR)Aa{o##qM=F6YV*NHG9)9 zJ8t%&>BV!+`9T_6h5`S@ke#99$NO?92b(%u=uyNBKYdj4Qh^1qb%#I2rwZ07Fs#ev z9n@<0Qw*$Rpawf2PY%{p9*Du=VkV1um3hyu_GH+0au@9d51Po$Uqn6%*v1bCGz-mt zOTbWSG9S?HicH#{`61rQf05$YwJziKwU6Qk3zOsTn=t=bn@hKD1 zO#i}m@rO!;^y!vy1V}b@l)4KXl4p?QgPBDBEhD`NbX|Eod;h89-bBEoqD3$KMwD zs&O&Ed>7ZVOHjGZQ#P-1 z)wOeLH@6{VWtxxIVd<1z!x} ze@E$1bJzTh?+)u;3`59v_Q^*vgr-sPLU~UxdSu_x;b#8SB;92_{?`L6$paPlDY_FjRrE z6?={t^?Be2D67)>y6FGPR$&iCV}ikEjt{!*Ilr~FV0z)4uGfhh_BU>6ac11CID4pxH!opu?*Adoq`&|jMB>+ZA=#(^k)sl(5gde%9-D{>rhJ} zh9aiTVQ1CX0oVQ{xwt|sSD`}g)Yr&%&F3=udO#Fh>xG5mS9_1W%EsL6$22tTh@QyR zqs}Wg?Y-+;>-Gf&^vC_@*evqvx$<%LDQ-gkTWnzi#;>V(1+_V03?u|xAX9r|f;Rpy zgDEwCWDNU#HR=n#{{{#_XGU5t&tzhDMC-#t`~fvQaOZ;Q0n4AYv0)!m-3h#cJyFiC z4piPB0cAYOq%_lg)WOmzKVI~($euG<9YuK#9*$kEV4woN876>x+D=stBq>yshcuI) zE3cRB^BeI(EB8L47i#!-MS;2s%0QaU{K=gRIA?$YATEEUj^tDcylC=#8j7sf>P5rY zUDowFjNrdEO04k$X@F8Bscn#Wnun9qj>(F*j|}I<2jH0npvw7YrE{}%EL7$h9qI-ii>-6<1#-d&S&wODCcLa`}+Fl1V zwaO}-#{Hz-4{wBx7r1tVVB+Fh6}_LkOh#Qst14Ohc^=tK^N`#@t#7h6N`mfk+!n0h5V?TaTGE{Yg28>+5?o^x`>yyi24=l`5L_se306s*DFa6+^qX z2AAr{)|TvHGzXk)%)kd0T~Pn~(jCm|8n`n7O>dI)lAjYpqimx}%LA601Va3-u*wQu zjTf`JivgR0XU)?gEC&7~w!hPQC)gkPod%dCQNW%_X!l?UHOlVsD-ZktWS5}s{cp-% zmB-J|rwl}{nDrkCVF2sRaF;x7cOVqrBYJGN)HkvV1@aKzlRVyeK!&}l{VNg{#gNa< zg98&es5$-fd^W9(i?FYWGA0{;{CmGeK;~}1HeqhxzN}7V6R+UP1{#N@FQH~ChtcBP z-)SaW=GcI&J@4ao5BaYeXtTIeU+hE0|2j$=n%kGm@V$A6a@L_#*(*@H2W|oY-WBpX zmg#=RJoYh{zl!-d@A}>zX5Q}~j{al$_$lx2q_v@UR@3Y+ye)_9nr+AyUHjtf1@P2; zOr%epa_hP#+g`1>VTPr<`(ygL9%`IPJ<~{t2D0tr4}uihPbPf{qRqqV65H8(F~?1(M;FK`Z&WU~jC z`Ayq|cIUWJ^o#6;pAM=i+OzXduf@A-?d+AXufyX3=MQ353&O`Tu?TYdQ!)z?{@?JZ z0-6`y&dOCj!>o1NsV8RK-9wA{|Ecsd;3H@{x1C$fwW&U$gvN=l!r`{SQ#ABb^i$Bl&g=)^oAstd1kuov%-)P$H{%Mb7M=tV&5OGg8}7v`X24JD=Nf`MS*#J zRRyxb`R>0`&30Z{0e`-|3LGvt7puC`=$w{ZZ+Llh7;ya_3Iei$S?Kka<^Qq)(2SkY z#nh=u?D{!NH>Z}?EQ?CZkQN{7xOuK;0d@VWz^rTa=dS=vPyAw6!yL%o-ym<6N^_h3 zZ?^qDdn~QoF0vA!-sSMVL~JmT)D%dADdAcdmK$jzhZK>Z!(Y=L9ZzkEyxw9sJWuG5 z%kEv~=dXkciRA`WjPu@;KeR`hA25&DCQ7-?XsSB>s%RTvim7@1*apsE_g1XxAhX$j zE~^9X!Y9;nl)#1UPfAikOkTfn58pJDVFr__Nm5xn^yEo34LyA~_+WomSkLx>GdDD5 zLY}H|^Mu4~t=}qYa_Xc{P&!|gahuJEXCrbB!WbaocFH-@N~{s^u2gStc#Qw)3CiSD zH1>J!56A|6aUpL{$l6GG*bUE#k&4G+>va+K%Ug7fM#kTRU6vxwaWCERivPA5y#KQ9 zX9JG1s>-^4uphlhnvJn0Wap9n!cK8^~ro?xa`&Pm+&2Ti|t z)B_^L3jqMO-p71PtQ9QlKi>Mu8AE$IyyLZICXV`*ZMQ-R@c$n(#A#6~E_|`@QwB%f z_oUs+HvrqyU@D&h7W0$=9UvHifGV@cQu*@%hIiHz>5U|r$BEw0e0KA#-&|E!LPS)J z5toB|1?oda*&YcG?Xp?J=}Em;S3$7F)$Cb*vmAHPcAP=SOo6z|0Dbt&#+Mdhck|zW z#J4`aJoOiWBklpap!kvV4ctFd2ANL9$$ogeidw*GfhEMOM+9Gxxmp9H~+HZ2Zk?QS*)n^B_N3+W9{3C5#fa~~} zVj0!7G8@rb$K#mRdtCQuyY-_v-8MNlC3Bllz^=I+jYj$X zi(e?ly#Eg~YB`~_T%_jLrDe1X=&Iu1(lrFc!5iBjt6G4F%K_#d&ihOa7Qh=35!&49 zJ5N9@mvP&FGuShV(i;wn+pdBDME(b!^32u(fatjZr5A@V;9kDaoa5w7Zim?Z{NiYe z)6f-BxTi2NuYIQcf zyzmJ)@_HAHuBGBKB-YFv#V$-rUZmKnuG>3RxVM*-biH6Z%bAI1P?duMqam4td z?ml=7iT0i!L9oqy8er^h_2Zr_?kVz1-=*gRsJG9*WC(x^{a)oLO3pVFv*+z!4%~P` zh=yU)bNVBy4FcPn-5p}u$NL>Irm8j0O5c%g^$x{Sy~>ylaL%bcW*z)5#qNZHk@Ahw zIaetQE0fdP&)T6$ic}V@Rv21418ff8tnNXwxk=f}cbIRcw}v_1qYiQ*CbE6z01q_a zY=NIIbckI>`M*VO5#qd%k$?u)D8n%8Lrj2O@)G<5)zk0$uHz4pJ;p2tx;k_;#+&$0uA@#7XvdJ85@tjJ)NyoFRsLXd`_~3zyg_4;2q^fw@IfqxahOaV zeqhoaWl(5Ig|NI?uj6T~aZJY|nTukWbly{NhO(hl67p3zXJ!|bO{VxtQ@8-0djrAX zuH;w4oJHy@{Jk28N-KT;On#7Jxeig;ogVwqMos{kf^8GZ38j!{ zN@{Sh3#I?7T_25Ezn^`=aFzi6pHhLRXpPV{$t5O^BmutFYXk8st} znQe=A#zOxlDMJ`=MnpVtsk7N5#CLgZ70QX)$RGtwH^oGv&$i3^CMDX>d_+ONRUW;f ztiftMOdCX<#Q7@Y>FN-UA&WEcNf%6i%kf72UYkwMy=5E>-x(wjEH67V9v@qHE@rRurX&QEs0QCqyl+lnvD?LJ+hhtbs?{G1OSPHih{U(H^4Acf@I)K zmFm@4m#{@J=zWlZi$9*jB9yheq%L$Xv73HG0QjwY$cTb{;@(2A$Ye~d6sP+A_C4KO zC4M9UyCcEaIlJZh;l}e`h0wndSO?Cgs(9R@K|9tGiNW#X<=A@u7)MN%xy@$$RR42Q zuRsm{dSiwa9^BB#!=V{EWuV}oPyscUgZWtz7>8Nq3T02zxgOIm)yE1Of3BJ12EEDD zv~PM^0KVY8;qOx;p?gV>S|*(Gvyx6sn?UiSrLVC^RHbQoXa)fb2|CS>zH!_wq9W5x zXGZt0oFJ7p`>2lzhp>-tV#Y{jNq3)2v5xsT{d`$r2DRhfFxb^%Nh>>Aa)GuEz(jq@>5_C$ra(^poEg3LXb4_mL05b=KJkj0{hiid% zn;0_h@rsTT^+cgnm9&)4%|oDs?_h}j79Tb_WF^0HM!6g=I zO*W4NrUW}>eW0RG6Hz^gUD#%*Ic@@`7EzzD|Mb^-B{L5RAa5|7d|4K05Z3Xrz)+WK zI$SAk?Lk#Fg|5p*p)UA!f=dEI#6%_a)gxkw9T)?Ve1B^r{>6-n!TbclFb$*+#0+GZyoROpG7wf|blmIi`h&?^qe(wsVw9k2Ulf)c59mbJ{ z?7e{&T7xDr_+)BVM%hO}N1p^-B!zimRIRVd9#@2_!1%IUa6u~9lo7_nZ9=w4Ab9Jp zm@REsUL)`3wapIH5z;WM-vxs-9NHIEU1FgOQBH@qP%c;eKD*T|igeqO`1!}uVI&Hv zY(8`LZoSizKd2z%_fsiSFK&4wzO>W6531=|ov+bk1={BELB`!2E1dGM>K|gj_5d{c zxNBn0`nIf&b3-CWKf8K6X3~0T@4DQ<8&RzbYZ?HOe)Ki@%~K$wea`_c{?(f&`nG7h ze$=j%Kd5a3e`)KDxfMIZPO3K!R1vX0V3D@=9=)Z7v$*Ik#D2m!m=4G+ujs18#^z@@ zDjLm|5P1iAqcs*b9qRAzu?6{h?jt9fdbWg22L&dJusc!_2t7PXGEzINuMZ!%oWk%( zQ{S7)k#cK_+5tmF-gu3-|DDYY>Kd;`?zP-{F@8 z4F}f$BD_)&kGGep_=u5N_v_2)3Do*{Pnd518QIFvXa1+Jbpq5DYyAmOtjtPchMLbomFtuf8MfCtoqo zff40*2Iafxf3(;apkeYcLX@+*_A1QlNC5K14rG9gX!v1{`F&G(Tl6j^#89jg?se>q zyvr8ipkLu3w!7Q)Z75izJ&1hTK0LeYFp-$p|G94NUhl#>+4R^%QW93?dp;h;zmM}H zamZ&}==@O`D86_(!3j7inn28mCb^RPlYe6xa_APt!lS593FsZ<8sf-^?m1C-zi?2W za_gaG7SKKeQi$`nlo#%#{1%jwruJ4f&vnW#Uez2lC!VF|8M(JSyvRYqvrWU$vz<+B zManb;`CPVRlvW>h9VQ9roR-_jt9c}O1(>G<_L(PrW&qbOWZHhL_Fcz@&6~N9+TJkz zOgyG-Qj%Eoctgj*=k@OP!saI1x>m+xNd5~;QpUsul%>5}Vb%#;?rqVX(PioX=yaDR zzP-a*-!><8VZjeOX#5RK%qFnck3>r`qBiqufoFGx2b*;LewMpN>Fk9agmfeLaan7K zOY0(keXvw}_PzU(E~aY?87u|01nQZizPx98a#{1P)P+Wb20`USmvo==i9c>AnR=5B zBc+l+-pGtoH+%=Q8%EoqRmI(IV9C4IG#2b;p*m=_y+Gs%92f*;A}}ETq(T>0{|bVZX8&B;O`W2!eoKX zkwzb`XW3$#P7wh%T&fWodmDIV4yJ$iWEH+g!TqY^zi0Pp8u+0PWU7`B#=YrF}_i-MDX5EjCStx6WHC0+qMEmp)pi#y6#ANvkN=B!*7@ zvcgZD*+ehH{3FFbK{So62Cc?+CBtvFS~;$3r->JSElpTdXD0XKCnDAQt6xPD>-7PN zJB=DqzBw3LeywJi_cs714It3%3W)ax)a>xo+_;y?1=RZWocFuK~N=OE- z@Mx(YUx|fxAJvxsl@@i-q>#dSl6Sn$IEqeW_S4>F%#0jdVkDjg1st%GpdjwY_ zqxcnpGV&K68?=jB{2wOzG?7oF=P6!uAH;5>pXt(U*F|_a{&82gN-yiO{UgHA<3$ee z%AWg(FXB%v=I9=o_Js~`sf zREii6y&C0TUr%a--=vK`MkhmEqIICYL=b^XZMzYpOgPr^RA(njQnjTjh29l2BVudc zDkzV2xjrny{Lqu7T(G~0vVw+@`xY2DW+%1&php^y0THDe2cdE?$^Q`V{EmzNf^N!_ zje*+%o~^n0Vb!_nhf&%C^PVB?8I{K=Ns||9(iimQoWR zFq~)lufPM$Q68JU@hnzx=NLS9bOalrG>jk+)ADY86$=1TXrC46e)3Uybm>q5`ea1Y zP=>UX2g%M!Gwl4+3b4C8YejNqn)=QB#5Bx8Sq*8G@4Px6bKKUb*csGqru~L+Mg9bN z(B9xA>(xxCO?CCWVOY-Sk3xuByQAXAv}cnUe(`^dXjr|Gcc{K&W( zQcBL7Gd!qgd1Kf8wDO_$#=|8mcAqDuW`I3#Vp7k>&%cka4#UrmkM=JiDZ{WpdcW+@ zD7u+YEyk7}gE9s^;1&iG23d+&rM!E#etEfNM*(pgKF4SDXx)gE_50H@7C6xE1`ATg zel!xmq66qMzYyGv?kJco!4cxJ5Yeal!$Z9bCWT)kg3etKN{1hMXQmR>Z0b}4c2RzY z7Qr4+&(mh>vG0GUq0#g&kk&LtzYzPfrB7}55C=x??{`KBt#@q9gY=Y={%b%f0flu0 z9y*o*k32SGLqY}!B;3x1%01~~x&7L+t@T&B3KydzIOnGKgn?y81Q%9sD_r+ixZCWD z%C||q@@FLJc~N-f$GT5jYg*LxUa;g;w@fpoEQPuZ+oh@Y{lw#c+0y$4H+Pb`9(R}? zSZKqB(;h&HI=+8sYved!!xmX|Q8;Og7#JP?W*WemFcJj+6=Gt~EA~@L!2C)~*|GnM z$@Q#^-Hi?B&X5+MF7e2=Qsmk?Tr_;-x?W<`7klo})vS7Kq`1fD{C#S}b#^_Zc zF9QJ81|BLbZkEFC;)nlDXJ;E;ImXF7db5gwKN|_(0O#P7;m9ied>gr4LfM+-@sap> zu+})9zZg!00!B3o{3MwZf)ba$3V+|v+am%ZQu;T}3l|RnGws~p|55z#cv4PKVH_L6 z&0>m@Gd0@btzf7d?b7$ymQ1;RdcerDiUH@{@yJ$Ml+ek`tkcWt&(6G!0!3CeymkGm zWi{#^zEWORt8WMQlnamh-D?S9v&3fMePUlnYQ8!um-f8QpQH?Q^0+_UhHXYJrN zcG=ShIq7+$|K*jp%;q|Z;HGDqV<}%J{vAYRS)wM&i|RHlydCs{m};W8zlNg{SGp|| zSA9p^DV&`+-!Z~5# zlc{U&BnUv8MPlbA3yKokO`0}l@Cm$Iteyp1*I_Cj^!U?Z=n~!pPC25&1~uZmY>@;M zWR}*mizJsb6PWkD?oychA@lqA>l(H+`_yGI0l<3wf9TC2>X-7HtA&2>V>PxVi!d`z zYrOyIV4ggH2U4*)1WeCxGm*+L2ggV=tD=Np5wS#AESVpw33<8RgqVF%T-JU zR>RM4lZu_V#bF)!vK{XKAQ#2)D6^j&IB7R56V8Hzy@8cMlxS zUryi`Ek>zWuGcvQ`WI!U*_|O^D@+Zj2G-06ahJh0I%eW{Rtxs(O^P z_tnT;BCYP-hs6G(B9-hd<_gb2G$26Y@a#UcIB6ncF(zFzQd}Nf8OE_eI3#slgBpA% zw4H=6iMB_Bj+rG?9RT*Sr*6P9Yj2GtTl-FUgF}8&Q|m|abdBr#c7Ay3#S;{l+ZEmZ zFcrZ0ux+Kl_^|<5!5)E!f9s~EDgkC#Rh&9^>U#ks-r6WKc|riUZEape3oyP?gY!g$ z7rYk@9E{1MJoHcVmAACycaqtsMJ)lWkajb^#X>r z^)7tQetWR<@H*yo`f!)Adc;akWr?A(e66kX6WY}7R)ugd_KC_`3)$ZAM@qEPdNW59(-kplKjMApMe%(GhlUv5$f^rmls?8;%4RH!I(KcdpS+F$cOLZ4!YjU z1=ZWh#A-k`7d2}J_PG>3*1@GG8M2n1O`1LXzx2CBJozoiEpX%wDKW46CPb`(Y8hw) zRp5S=12qqTFAnvAAU4ccj$D~dFmgs+ChYwe*8@r~hP?=_@zO+I9C<0kO)#1x`ry=x zt(qbp$va@onx=#l^kZ^)iek!sL@3o>8~G1K+FnTfdoO2*uj9{q>Zw|ghko3y>aKl5 zB~^e2`kKklze-DMuCx4#$~P!mqG`qLCEHz@3~otm>m7idzw2|)binLSohMLZukNe5 zd^(3pc&1-t2$tapb2TID2_L^u5$|BHG&_ zMPHdmIFlp6K{KQD$ssXI%>BSSW=1=Q>HsaXrQwlu6ysO!pSMG;sCBH)MtGvcaH32t!Aa#@$ zfA@GZ8Mt%U`z;E!>T5;TW^GoIb4yRU|Mj=Tp<&McBjllUj$dYCY5;M@^0Yt*KXBsA z$i}aPpJ5bO9hfUQ%AW8-sWRAbv*<#XWD^(m2a7qtHUCpPz^gQU3|O4E@ya+bY}i7r zJLYgKKR3lm#c2E%gk#ZE>4lero6N80S!1l}ni1kgkQTM#!%N9^tz)!mV76WZ&Fi=p z_B>6AYH9L|s^I;*bZ33oVx^q1R)n}@-o24J%9s+1x+{DtJ7sQoL*nsy<`Pm^oU~7&E4*$V(IV`H#Ip<-?JgnQufY=~z zArpnBFzO}zE|zl)+^&`1M*00VV6_dY=E^b;2XJru@%6^`!0_uRlaWs7u61_ zsO9C?TS8&NcQmkwg6N&ZeI8(!SWXI(ZIz+@!M*dnu(ZLVaTE(``SBLohbS*Vtq#Qx zc827HBo0I=VPDOq$FD2-x`KBJ!+;6Ei7sZLHo2HQZQ|mV&lQvMoeaYUFOQb}a7oDl zPYAxiye$WxW6%2wur+5QP2cpeA#!%Qty$*NSjr(DwUq}z`^X55)CRUS0r*z26*~I# z#QUWYV|LUF1~+9^khURTf*<-zYP!*iZC&Le~+g_?C7MK!es5J zfBoT4M~)YKe?o$UswmN#|8zS<*E*U~-p)+^zP!nws+~bxS94tYr4!i)-8`g3R9ITZ zATKac@*ezpk;3(FKCZ}+_hTj@pXG6-1E7}V4~|1{3Hz5*S4HB=Q7yH`X2GSI0T+H7 z8Mkhmq$bCVy6LQ;BQtH;JyYVQdgmrlDY2= z8+RIhpN7!oWH$Z^7QdKs;b8*(sZaLtX|7A{x<@fXFBC~`u7{jO zy)~YQ57AM_H7zJru%mV+DLUoWi#Cj1t6@?%52+E${v}a`KPGz2*oYWFPyx`Z0E8ux z;UF#SOcyZn6b5aGWcp!-6-^t{a8uk>qy~3GIPTktaD6hQ_Scc&(ZtN308QDFx8xJS zf?dn4y)wznS0QC?z^gfe=J|i49J}bezwmsUptL|vGAt!!eYciD`l3#d_@-paIA*QP z1lST3RDBR=#<%(~*AN6d{FqL3$HvhhGvzW(Fx)i)5(4Vt1-?9;|8dv*sq;Yb{MFAV z`3>k_Lo%>ET@s}u#sOk}CxS&|vnjSEfvESF8$=fmTl2j6OMbf1c)Ysan38z;ahj;h z7=Hv(8Edga#&crI&1pb~x{e%Fjucp1%`N6s3qEx$0bX!kQv(kdA8{L|(*1UK#(k)^ zF#+e|5(!K=U#y=BcLDCj$-617FAP4%k=gJi${at7_T0B%PX`?1mnH}^{EnEqK^yKc z_D7DGCTi78>!7WmG^-MTo19{+hjVGB7NH!rteI5X&>WAJ{s?_tIY~F>%#o%I4v{Q;+6cBy(fzZ7 zlk*5W}-Gd+gIr>s^L{Hn)x=I3woo8m3PfSL1T8Mdm z(Jjq1unctd4 zTnZt@BgVqoN|AaD_}e7~q+7zY7ST2Mehx{;KjQyP@+kW`wXI|QV=yGyzorKFpIp}V^o z;(h%6-}gKCIOKrq;@S7TW39EDv1k;b52nWNEa%sS8L~Kasq$54Qb!y0hzwdUZRZ1FK4pv(3 z0O)lt7Nf&Y9en~)CrwqsXMFv?j?Z&d3wnTEn9YhIcIpc8PU3%4J=29=SOe~R_vU|{ zz#Pn$P_OFz!#d9V$No$jpVOyTC+CzAKKE#&-B%+2d`YQ%NuI|%twgo<5q^I6HAb2O zI}^!z;t7M9^^f(t*?h|@l*{#TI$n~N=a}o_(=?&mwpg{&i8kVp(ZkgbefFs#r=E5p zwRynp1&WCSId*gImuD33{Gy~2#!RU38cYh%j%6UFOdkjZY+obw^;$lgC!mEp(|l=A!J@T=pLF#{9L2~f zLqe3oJBFzX+Tl&&%?}SI#x2>}YMb^lD=n4#3bgfYpmW2F_3nhPLr9Z7D`CtF!x>oT znLWbc>uCFr=1Y}>pGb0IQYewPIGW1+No2z;tz~?sM|≻|6CP-tbjH((^B#&4I3j zi1#a>VvFZxux=zp8=_ppS*5S_p8o{i(<`oEGu7r79Ihq$g;kIzq4SR_8IP%_0joSu z`K&|)P#tOLd0tCtgEB_5(BPe85_I6Lj01~Vqt@K zLe~Mf%SUwyp9NqdTmKU+Q-P*&J6EnDwvW@Zvfr8D&o1XHGb5f)l-%fRlY>@naeum5 zliOAGco1wNK32txN7=->LFbhO?)NQRo8n*20oEntATKoY&HzG;s_m*oQ(R>JkIWd; z7O_*2N)}d5+COwt(SFcmNzZ2o%Vao%s4uhK%-$^sUc6pH%a%kX9KuN|5sFw(udRRI z$$(LUH7_0<>*O8*56~iHy3Z%mL#re-aA(L!B-=;%MB`Mcw`H`b&5kb1!7+YSOL#3b z&s2v{X+EYD|5@CIeJ4OWUhQ>F`MF|?r=b)5Pqt|*s$?eDg!KDNp(%D|Vw)*ONSlstl}C?~EX`q>6WJol1b zvXA#oJ^!}jTnr2@M#Y!$L?8DpTF^({X-D}p5Tl^f&yOM{mF{I@J>W8uw|5ec!?9xuhzZAJLgC5DD%-bkFy8Ig`NLwro00@`q=PV zQVY|S99XX67Z>3Mv@+)E><$ISDO#}X&n}}r6FP`grOUooSrdwdfU*CNfviaon?VAB z0kKbZCKgU*B!RA?vEhTtJoe>w(H(NkIO!d}bUCUz;;mF|z-(>2Sm&hQh$70&#{~a` zee|s^OJoee?z*-2hke;(>Y*BPnBaZaZtadIVz*~@`GhF;a@UQHd(rl6+9-kO^&I!ygJ;k8NX%gaF zVA`mzA0dOQmu0^Nj%iQm|0f6nw7iYq=0nYb`l93$nusn~g^hOCCoz6T5BF<5%o{$q zCA*wh$L(sfS2>m^L)xdJ_Ev?iD=mL8pUI4eV1OYYO_|L9PcUY?n)-dtC&<2iLJ_MC|OJ)pTE{h#sp>O>vSDc8_EyMdW^;+ z>&|E+GqT|`)?R3o?B}1m-d!IQA1pIFJ)eSE3{8yj->{%UI|4n?tLLu%oZ=W0+kY7? zNwiO5O_P0TVg@WQS#~&YBXky1 zkK=Fq!oS!xnQez912tX+yo4;VESJxeO^P^MbFa({y6amHJwgBCpp0T2DL(S7Wm6$z zkVasBV^*hugztwEP}7m?b!6)ffB?}&3-2JuksNzNx>a?cKVvMJqB{#P)6Xux7K!n* z7o#G#Sx!I8s5X@*ci?M82M3POIBlkF8NBg+s(n_v?ydcUS@mhA7QXaUtaI^6BMeDR z^Y38_JNuD4x?po#k2|R-isa7ku#F`nYWTa5nPbKSJ1gTx*BLu1gu10kq zTiFqQlwAoy%=&#Em{)%cBcf_KOx!SYhgn^fTGGBKdE+^rEaytGDAH|`qKBoNYw2kY zOjDY=TkYy(_gmwb3j=$3Y!2MQGrq%7f&_Lq_#Eqs!Qz$C@f!M=yK40YWk6j zpi_v1Rc?_8c7<4III6>Rzp(w%RA(#usv)fVjD?|6?+*&g&y6(dZE}cY)ACd2g~^gD z?ZuD^&-BC8vGY=LL(5&7vZAUw@RQl3SDv=ommVz8&!vzuyGlTkbk5&kFiC~RnJ&Bs z4fEpm2)zqY;Wm7%LN`IvZ#kSuY8KinkVWhl{B{ObAPIca9@66Jw~3N88r}E@5||vxcNVO4`A{|J>xBkv{kNRpP} zXlT99O-;l-{qSpyu?HDcg?ZO2M^vx4HPP~Y)o)PL{3%+m2t{%j#2|x(uf2r?+4n2j z22Vo@=Zs)cQp(Zsj$u02#lv+%4VPmogIybR4=$%mySS-cjv#9n%L1t9Oe07y#;daC zpwRsNin4Em4+j+B^(ia1AEP_KLeJxSCdFD2B+w(;#?f};(*=y?#N6XwaQvi4%UOF* zYLfBWBrGPlzaU#?xKRh8+?I=F+M)yHE3P_g?O=sEQ!ktOkplPwnCRvpgjdrgQU7nu zMU2&$hZpOK)RNymTy9{$NG%sjn^Acyq#*_ADC72Ud*9C8Kdkcc>6#mz$i(-*u)GDk zkh4FNtn}u$HBsW#aLg$JgPOgo&#lFR+HnEb;e5`&)HWU1Q{=VyJ@0)WggwSlJ6MbGd#|Z< zFfb>m9LJg$PJ&^uyDT=dLfLHTDcZk&7vt%jM*#9v*8lz+cJ(rkC5{Mz^Jf8BLoA*; znUu{vG3-H>-M{PAyKb$-RUfyjEnsV`TCWk6@QFK0xE$K~84j1l1*gc6_j%aG_QEBL z4HqdwwOz@fE9RZ z6m5#Ovb?%nNyt4W&3SMjK$^)guMCXVIWv=DW7Y)aw>3L>mtFP^^PZykK^{C^tTMr( z6n$kwE7@VJ;_|!u+x!?uMd3hQ9Y?cs`JINlp4ge}%Ggjjj!&5v%EpcbR9AgZnf`+r zZPCOkO0!ECVAyYE8QJJfS2iTdA3PViYVU9ZJ{J?aTQc1CCFJ8#IMmv1zF zB1&wc?)=@ShW*zO^NkLuvMwjMu09H)=VLh}kaXmJ(B~-Ieylkbm5^C2KL_c0SlbDV zJ#Usrsvo};i#S8iI|@>|s@a4o4C9)U7{XR#EljUdm>sn*2C|2}HZ7k)tQwj|==s3# zPvqA;Mcvm{^E035j?F=kZ8ZDLuH4x|v$ zEM(9ldK_-$HfQ#Q6J=ZS(_W7lT5YNi%a-%c&QR(?&ZHl&3M@r7gNY2R##ihWbU5u? zQ!u^yx?fC?Hm1VM9^ekU#og%HDj!qprGoxnSbntkF`eFR=h6haBg0lbW-)xsyNZQEpKSF<_{UAk!*)atT^LlZ;AN4N6F5apWJqULIsh>1f`XwEauT78TS6p7LHOv0{zB&v(}EdR!LYysf#*KbBVe zrZHE*Jd&8#IhZqPXi{a6>;7u+^H@7B?GL3zOI)9_tiZ5RY#-rubl@ftW3k&K%aW*z zfAVuf6Q`}TbHG?9<}tb#;{kz;a11h>nRJX<(u5-<(8Ag%xrm0nGa0A7f946+!%3{z zoRY_c-umjW+KfM^Ev>+pJdFDD7n@k}N85lE>_}a{2GuVx^#rhM1I(ek(CgD*) z31fWr+@M&HE9P$YdlT)h;>{pD&4OuWITr%`<^3RZS;L4qFm?r~xp>)b(v34H2{NG@ zvh?K}&3dl7jruZet7bf)rV(UDWaQaD)08RqIDgsdE#Mk0Q%IH=_gsC!0y3`QmCnWX zL%MP=X(xRlZ<#ZThmrz>WdI4O0Hb=usi;f_#Ojc7op95^KxV#pel70E-o+f`_8iD` zoQLfc4wqS2AZ#=-a^R!7vl;H;FuS5}v}QH}|D~?hD8vhjo<~)9vEcpe*1dHjGY#?J zxyYzCA8`G z-jVY@?KtY5oQGioh%8m_?-u4>i)QLa@>kD(bWAt;2!9dadQWpaRqzz;atGM>O(kIN z*u{HG;{A1OTWclK{kS0|M&8F$#Q@loGvIn~M+--gONSF#Sm;2Di2@%^q`&P}PLPnU z+3eXVMVy;To$4M9^qWHx#cf{zo1=N{2?a-HT@&`dD8FRc+S&qd$w2=CLnM~fy|0gcvZ^J@ylOOwW_eI4 z3^ssj(7%Fy)9V@#vm^fyCL9qUUc99n7~fKb;H+>ddExxo7iDOi0Hb^AMIyA#L7wu5d;0X$v86~3LcKTAwt@tgXr{Ut*Zax}iznQ5#m=4}V`!?(n z3Xiwo=bkNvK%FK=1ZuZ>l(VV~A3rV9VnV6wD{pCW5q6(g`|lRKPuJuOy*7A{6I8U< z=ClpN^Rth(NNRv0mmMDRRY07)?~;1^mZTIen`+bGCPYCH_R>vxsbiDJjGa6kZmgg% zsCX#wf_x=Yc))Aae1pI60oHp#`l!NCo~b8K@JgNpW`eBQIIeR@?x?Tf!nG<0Cjao> zSI1LllLdPI8eLG9ChFYF56QAdTj9vds$SCat&H&KH)plL8fyKhxRb{L7~iR8U_xj* zwmGhE45%{w2>ad?)AJ8C&?_Jz>uywxmlH}^+D-)4#=mgQd2Wm<#ceL;+cH?h-XZst zcyiX|d3L_s;%U=){l5gKK6jF z{2Rt2dWDIIBQQ zhKkln&@MQ>69n9vS$PtR(QD=WI(~?zQFZF~O(sg^0gE4Pjf0U4k=BGj9U5TFSXZaI zv1A9d*%@|nRu%n@A4@HpX_oWDm(%NV!~R7mUSugT@!xQeS>fdK5!;->cfs@3K1K?> z8m?NN1_g6Rils=CJ9ltT5A;0i-{5n5?QpVa95DkfGTul1@S99UFgVcrJY_Ev>V~JGieI>p?4)3mdeBXK; z&WatLf%IAA59NdLM2oGtHGi==o{J*?OJ@dP(d!3ly(holVMS==IIB5CfLV*>gqik{ zJZwLspXOK^`=_))K+?eYE5PYlG}3<`pY^}CfhMv%zOU#*)3fogK@QlTMY{(oZ(vsN zJJ;xlgNkT)lxzaYSG&nE5q`dId{RI4spUXGVL5Z=Qb-?x_jkN+yK=7MVtDb+==EXm zpO8L*{*xDoJf~#{zidL=l}9JR#iK%X{EY8VZ0%mM?|_8`USwjc_!{#ZM$e3sR4mS4 zSH;#TV-_er*bn!wE9S4F$GSRS0sk3_0e;-SY|GQ#Raak1bRyT+MXZi0MfhGUW}LMz z&7{mXCU61;wLSmLJbn)&6Wja)peme*d$9B`wK5-PLYjXk2EAEGZf3sA^HFbtBO|Mt zy93qw1(4;a$~?;4dgF6MtD*yhM-b@1z*@==L~Wk3eh5h9U-+b$c2We+mrZ*Wo}N5p zEGD7l!{>@+(N)cs*EMAV1BB3gWWaf;OMVTL>a&AXI_@k^J zZDS|#2$uH2bJFm7sl6pd+$f1M5tK`E(1HnFw z<}fyjhL`Ey1V2|gC{oeOGWH*_b4n&lYY`S=)f)?3ioN<&5aF}T7)LHsbB{5Scsu(3 zZ52I?`a`ajZ5W@GBufkpdDOaKk$o(ZC6Jn+|Kc|5Xk3>T(8mp?!2N4y&2>a7XGDUC zUhJZrQ8u5(5M>Bx@a?t)e;*B9GeCeQh`s`pMK4kn4io6+h-N|#fMyVOV1Nz zje=8a&uO1=+$@UBpJ;!i7Z{wzwC7ip>3^+_?c;+5qCfuV8TW>j96LjJ#DW`n))Yqj z0Jo%>YcOXS^wK!8ikaLD8(utOqPOze2jA+fd6q5Eh#2sKdcX#g;5c3INK$#@@5p-8 z(^1Uw*8xBb96)=@OefP3F&w$X=O&$cdajWhpjS)nl&Z-$4+9_a8D+n&F=q$N1N)1{`;G(yZ;rSQbsbHMv9Zou~X*Y(89n=|jC*HIRMlr*FI>&5-M{za76X;s@h z1Jy{D>JcLeEI~6~4zT%L<6AOnNvQ+%907j5pCB=l8VG!yDl>-ZZO`8e8P?d43WbV- zX(D?aO2(CXr!cVZ0@yy|nVM4u`i3>~Y$VWNH%$wehN_m6xNUEL;PsVnVXZNHCNEQb zyl-QJ+bU(!e`{Zd(qDrR0Y+pwa>tHDxL)kOwZ_~*5Lm{YbZ*LSvC{49vL%41{7hR9 zpTnO8A)|4|3zrL)ug%SxX{#dNTB7`$fnU!eN?1KuXrfy5wGYtrFVOZkp*kkM<=@l_{0G<-atvS;%Y0&cRYZcsFDApN<49Znnc%iwBXJKoIK z*ZRG<~fHE3LNtEbKax5GlmmIV!EgDw4YclZO$r)$s65Tp=Gt z-`CbDSllk!Yq#3+iQDWXX5DM@;5g1OYD-}$>+?Ql}O<|3;NN& zxV6Z-nXHM)`qUp@Pl!j&88mQP<|2xZ!7s$6icmL@x7)L2RS)E&z+RbAfN zl7aB>=&aZRn17um)Sql&KLVh{CAvAbZOwCTzTKY>R9AEL#vR}9)bQ+XY6O{^k9^l+ z_GzTHXcZa!+cqlaH;7_LZ*lBQV|eJ#qI(Ylp+|ppCQVkdHy!SIi2iFT|GS&yxX6o& zWen5%5=uhhT9N0zlW{>tp13!X>Cdh{-z3JIJ9Lb&rXzmQw!Q#bZHgZh+eBR}3Z)Vc zu&TXLg1>ta-w{O>IjA%-e;W^Lj3R|LoY z7$=i0p^#%~y?iIja!*@dD@t^J2uK&h~m{?eFq=m~%HsG*ty=+TyfKS+##_#Tx{T z5o7m~-gK$SbJrV$j@w^fXUx_1H%u8-g)kdchk!GI^eYFP zF5Nbh_ek2TIFGFHK8w)ppNd^BhEAdVa}}B=RgxB%y%`mpEX9_QO4(`&zou}sDeEJQ z4@b5G?>u7izIh^~878->sL*N?gd;E(I4ckHE)(j{{&%F-amJ926K4B*fQJ&TbJ#t~Z*<>Suo zy90o`SPz_Lx}tBs{>Z|gS@_`9tQzytOnFbSo1MjJAbtBU_MWOL%sRrcKxX3xl#?!k zGot11qyuM~Ua|!>h@Mex&ccb|r);_Vx1qujP3U`;zZg<@&yOZPiz0Eud!|$u=}?LZ zO*eNih*b@+56QPf-&%-f81YPel4-rV-@1$Ba&&LYB&ELrCZ&1#Pq9U=(p?b}E; z+F1M$h3++>)80>dA^PuhTwMaf1ok-|e5$pUO))~Cv=~Qb7%8aKsiUrK!SJ=yyZd5e z{W^IJhE2i#?ZW)aVJ+{V-0w$Cjy>FZsmm!|k&-w}vmj+F2v1Rz^B@U3iCZdjhaS~AeAZ_8X( zT^9LJ7NWB-x?oiA%CJQ6F1a~RcUvL9RKH~(R?qC+ah^4yd|i{-CenAsm*{>TF)*o} zumr7GK2_CMnkyO5O<$gd#`p9k*vnVE*w~o7TbcTH+Cy2l3clJJ47^6N45C?yf{X82 zh#$Y9baa)iOw6^}-KvgwWGha0uqrR7T{P-FG8-!>MZl-rncvk{z#^@Q+Ykp&1BqUU z602#)s=E$E4XokF^Q!H-d7-Uixv|0hsgmm@){d4XLi!Ya?6}7)t;cU98#+xk=dxy^ zN%Cg7=u({uE$=9nVXd~~{~i6NW2;A1BmageIs-0!HOl=prs)Ov+AFU1sV4Q^!h#gp zc@1KP`Qq(-FcLFL25yewaE`b94!&h@Wr86c`8_`KA&P{ zpUg zd3BC<8nWsAuk}d&U;%Tc2Z%T5c)H0F!{3{#ze&p5W4nv2Dq7`;`L;gkpkmaMDkwO5 zKLGda@_1vLmU<~xe&)W#nYQp^bT6knE+>3D;}>I<-pSkl^~Ko;&s3k#WKjh1BrK}g z2wJvop*;sP6w5HhnO!inQiJ1!mFN071@ts4mS%neqe= z@rPdOJE~VSQR}~V)?|ne2;4<+#vry~Be5tG4Mue7(H9#!_c+B;Md^ORd#;m)A|i!! z&w~_1R#15B-9@JGOK5m6@GmpD>&fFKSFoGX&gYIWjGt0B4Q03N_8u2s^uD3gyc9Iv zVZ758MXCpoJS%x{b;16sYIEidVR20z2X#L4#;@Qq=&g|Fqk?_ZfKh16BGqkubDC@0 zhJ4I+lijZj%9)OKc{!W%#B?1>w2h?9x2qFji-UVYc(SGZ_v0BIyy~TY;Fn!`;40%$ zh7u%vHSa52zkG%$$xHjBMfF*)L5uT*D~hDuN~YAK<6 z^M0-4wvzKI?d_5y3;fo2Tgee~?(#vYpOiOfWSVvt2L#C|8?0Z-lpRn1SM*2*w?bWJ>bu6M%PT+vR*}q*X1H0Hq(KgF!$uS z*YPd-9FYg8Os!8pdo1lOcO_Rm_wZPE8vL!W0rgrAsB$;&A@#XvVX0p$voKsq@S$1$ zRZz8PRxp^?bErj?+nw&hmnOk(h`lWD-sbQxWY7D0;yN>QlI!jwNsqCR`(#HWQqes) zTLNlre+F=sxb5_$2Hc*=t5ge+=l{+o3y7442yg|UY9Z}?T^k>x^|D<-%%J8QW`x6m zbo50I0SMdtxo^DcOFUUcw;Q98xx0n3^Ylmnyk-(L;Ggbb`D(qWJJ5z|kgMBmiM+Y1 z!1i%oo?23W_J3T`QB6eBA+Gj|_m#q4T4XW%eZKV*94Z2L7FH`^UxumrpjANo_~j*0 zo4(bPc=|KRlBjuJR`YU+m656oXT{4qqv_JNH+LbA5FML3pN|!LKg&4y^_CB{>}oeO z;>%tn<$15u&VBUGpq!IF`x-p_d#l;B|3YPVf2}X+8^aF{%&iRL=a>yoL-A&%4z3Mu zuxo66o6ka35hG=MVswmhs7CdF7?^5W7zf&=k0Iuxs7q0EA8odvVeYB?qwaAGvv)h2 zZK@7^WC+7UnybR%`6`q!idVEz%?g3;T}wLPgSHq3$H?eXD}TY|9JXWlUWK`&KbipU zthH@KrF$dUt3hZHcin@~E(woXa%&sv{OB>s`R&8Kfwmr~sW(xF_H2f4=KUA}FjF+v zpIm+(*=x@~5(s_J7_i~z(M!T=>J1-S9kQmou&7C{G+_rVk3H;<((uLQl8-Tgs9APS zZ`L-|hQAZUJqI098(`&9li~X=QpxMR`Cv`0?QmHk!vcHe^NhM8UZulH9u&~Tud z{^3{8GN%!bx6lRDO-8FXgHPmKdfsUj*67T(F%Lz1h15Y()-&*!Nh*YtAcJf427OF^ zoy{JVKxBd?rE8=yR&bk+d+Nq$%p$e6l#EU(eFGUo7wsVi{Tt-Fd;_{rwF`6COujdc zEIz+72PE1xoj%&A+4;rMNRIjSW{jpl8`bO9Tr)gHqSV$ErT3b&wPEsrJhv$Ups)DS zI#b|Q$JtTO@uWN>@{i0=6I%t`+m)ogB$v|VP`CA`zW&9?`%2c&u3YpTp6#?)sn5&Zq#b5y=gW5IpS0=m=3MKx(zo0FE`mpQ zb+I4mF`kHyx~I!e2k#|v$?Mnu!O@aF!M(kz-)ceQYB|{wRfM4C25s$j{+UoAT`z2( zGK}Z??~#19z%v!`rHje-Oj^eL@rA>lTBcA`P9n84e5hU5LCq+k?-Xkgd@z=Z7VIGO z^_l{r-&uWS=KDoz6PHJ&T!=3hp*?V=&knz~Ft6`C+`T%e^P%>`JPlSuqn>N<}a`xj_?L=39mIeR1?AyhkP` zp6~1LSW;HkobKVsHv@@LyIS<_>2UFg+aFPzCj}T8OW&z7g%k(PcuP%sEj3R+_TIpo z14k#hLR>Q>OKRO0&i>9cE~f}Sd1sv*;u5ZQ!wKa)@{XS=N5&pqg?9xwFDSPZ1?Hqz zl6@Jxr6gKf&G$m3brjl9_kQtol^6}Bf@B6v)6+h9zLOaqjV*n*(U|zn%SuTUAiWcj zpfPRYH&1WLlYR=9pMn73MxF2*f*Ki1 zpiOPRtpajHvK+w<3df~T#HZIDLcz>gRKrvTp_2Mb(W%`7JP%6MpATYQEttT(-n)DZ zzIF&DVcLXQwAO@e>WB0Q_m6~YM2%tmM|{traIHW0 zkHe$}l6xxJuYR3}zk3R8KJIy9#y^24>1+FTJb2{bZO;vjGME&m69HD=eI>cPBH`Yo^F%j$x-8b> zOd}j0D~C-xMS&C?NFd&<%gxcuvHaq3em(5&#nDivml(O%8p-pAw(}P<8+zrCQXMBe z!=9I5a^O+m$?Xqm1}p>Nh4`CgWMqwq|c|{dzG^o&O0R# z|I~_qf7v)XU$dpA>XiA%dfrTXKwdJBGq8*f9FZ`S=KH!KOsT|_Zn)}%`;sgFEf<$3 z{Xr0%B}Gr3^HnQ94+LJZJGLz6#Un|eu;QPR`=GpPac1MsP&G-aZRaiX{?eUyulCk)%ZDv zl2-9A7qa7_Egtt_;uFA^hi)uVBZuoEDE}|ADP{l-l7RGQD>ee+g*Xv|OZJ7KEt3e; zBPP88mBp0#dLPapV|Jkd%kqGh-21QIq@dz$dGyYN!VFZ+MW?X{@%cz8V^of4v>i7y zSX>uHaYgP`@|`aQqKe@k8`+xyK2Orc8gJO)ueG@Sm`j|pARJN8)6@_Vp|S|SziFYO z<+I07pTNG!+4COdEYSKE;8h$yz0@#f<@q}lnq>nuSOQdg2_$YR_ghBfL91$vM% ziHHAxG4UKUulV}~7uieL%Ec=G=-S0es8ulMV45V zCHxctK!C>A-H1WbIU1}sp%qCTdcj{Y*|dd@2HcUQrjFF%AI!Pv_Y#`*Q8QIN19~qibH~AD*s9(PaCAi$sgS*K^~jaKOHa$7VM%q_o-`vw}dr#-?Wox(TI7upx@PYIsFPYm`K_O(eX)bUnQWrj+9X` zKRX?DyV)Ag$I8i_vU1~Jg;7|sJY3SV5H5d{5#EMv&g!e=pO>~%Igl~$3NV-!{|@jE z@+{<@!-;c-{tju4Mgfw&)iuY(6DE->FaDnijWQ#NcTW)(f8wu{`Usx0^?c1DVNGfL zPR{cWJw^hsOewqcl-Z`AsBUPMFtsb3($~`?XqM#OY7SemP3xzqZ%DrWqhhnLeBVrNiyhjoE)ircYN$Kv-rrf7JBddP-{v7`(8|t?J z6HnLy!zhLI$e47u&kv<0o}0`w%AL z<^RW!)?=eRh?@4pI_sw(n*eWjhd0~&wDn8d>i12Lra)(-1tf-T(rZUD1b;U8nN> zD_sc2;gnMeLaMN*uZ#`tptzM4R(F!X7V(}DtRhOP!I0g1+ zA!Dq`!?X@6zq<)l_%q)JT>LeClP*M8W9-KI6OF-Yzj(A!C}t-<>+!k4fU-poAZg4x z1S?%2tjtJq?n!&yYvZxGf-y(I^$t4=(#^+P3s4OSftzr! zv0wF;#^>~|EwFit`_H>!4pm;8^SCC0BkqQrK^DzDS7k4pNk#Yme}Fw1z6-8TC)u-| zB$b{mw_w|TX)Nm#I|#v2L3;sb<6SRnN^klVrIXN`r@uRrV=SQeYVR`XR0)2BlQF&Q zo{CQK+#Iw}>02nxFUGH6)h?tLP-{jXn&z=DK6=G`tDrv_6Qb~Wh~%0CJ%p<&80ZA* zbtW;B8rA-g@d&lbI1?%B(EKJC+|Q2iBGOBL|7xYlMx|IyuDpW$!(?(;R@2` zQ&=gQi{7fjM6WK!zkUV>UfR zN}2k=zQ@LfpUXk)n>K2x{<-+$keYo*pz`(cryOS1Cq&sL1lmr&-P+bUGRt8QI!^R+ zJ?|(#rf44+n8QlO!B<}rK9*QR06X><@m<3d}V^Fh4FGL@J~Y(8pM0yY$Nm z)PM2t1B}CoTo&k1^=WP^fBfF-s=J&F63TgeApCay$aqFO*yo?4bW+^9v2PHv!az!v zaBC^;0(9TPgN&b z4MPZIw<;lNq8QiTSr8tt5s48YBWqrg@vEKjUgrgf!3tT*+bfuq+ZR4kU*NEgn7!~; zTK-$pcDgs@ek3&bJC&XHwl%E2E#(N-(RUS}*!>lcG+Wqm@wlOo0eMPB!P4A zx7W2NHzd%gt6Xs29N0d5(bWA9fgSS&&}|6G&f0#WPbAcGqp`AxzFrPLlK(gncgSo>&XQg`0(}tSF<(W2WNx z>!qqbPzQv^0De9HbRd9aYZmX=ibP!l@pHINf!LA}!E5a4&fOvf6yAz%53?Pu^z4q+@g%nc zPfmEjuKR1{z3~sfx&_v77A@EHG&>12Bz}_K#Hkc?Q=eWBqI%y4-;Dmd&i0^0dZbrY z@S=95>>kn^vh-$U^a5<1t|yVp>3}LNqgu(0vR6qK_BS1K!Yd5c!AwwnBV#6OHfn!CFID&6hG}B#Xp0+;s#48 zDc2o4a$ka@*6|xf>;w9byN}H}Mh%ZkmDA6BWjDGb+#a92(1r3=vOk?<^MDpv8RNI^ z(d}o~J55_Agx6TX^4Hf4WEid0Yo>GRto;SN$Z-__GKVpSTycKYmr_<{!y@DH)w5bbbPZn+XFU(ZF^ z#)J@%Bc(4QjO(-62#i`uh>t%PV1+_KK7XM%Lu_rzx;sL3H1%ikfLqBVRWPWDENcg zR#wBY$6}Ce8(sjtC9jK0+pL33iG|qYU%rTn;b2{kERQ{^8c@ouiG2q0M0aS&ZGWrP zdK%GfGRmeWr6c~d#Yt;)OzevBYd|O9sUY@GmyQTgqe5Pht|ia{e4;CyFO60b#yPc|#nSniQty+PFliy>92>%V(%l0VAm!y3<9B{EN8~Vn9 z&WSJxe>smHoaT+c1+>tvO`Z+gpy<*WtL_X>2CZGxVKy z(UJ00a^FgoZ;HV8e{4U#Bst(@$LilFm;DgFYaz7=;IJ33b+PH90au^&$D03kT(Idv zg|++S9WCfLWf|iYTU(W)Pfl-Lo1$A3G;UUNnO)8(E?al?1zxv@x9_-)$}n7idOK(h zVDDj9Z0{m{+A8B1$0m5c&s+2|YDK3&bt94H8y%YBH*@WtF#_`I+8>RR3 zDQ=y_If^hPSHz3q;+MUD_HE^8$Gb1T<9;6&C@5oniphwJhOE8Wsn5Da>xxez|ASrX~TY`;5H!5soMaZMo#&%MTzASB$ z!N`*NPU>4fGODN?3)v#q+=q4aHg@cf=38kK7IhL^9NnzPNS8yc)+Joue~1(A7g73U z(D#a2HzR%i`ri7k7D|B{G0~w)r-uLQ1KFCk~^_km0%~I=n;mPCeApNb9mt z>Ni=Ts?y0RHL7$~k6V@U3*xFlpZ|8Wuy+)*+$tx$S+!+pgclQZ+;0SVtyQWx;Z-DY4%6`2htZCURTvptL{%*N$Noqotvsor6}CdQuxMys^JO63-a-t1b>H`;KK?e$&z zO>)|!F%}B-AA1Po{vhKmdE8#DXjjFer5Oef)#|#vy%2OqTMZu2h3u*Zw}^7YEicx> z(VMj&WkNOX+${yOX})ES`kJDC!XJ?>C;`nnP0V)CNBdS=NX^u@r+J~WrnfU&qc;_E zPkCvqBW%uJv<@93bz7E&YP=fD){`do#{4^Ktu233MlHnMF(=1&CGW zE%k7*aoJ^F*$*Gur=QG`p1c6bQ`xSA1FD;3T3F%6enyaPA>aC8tAL_tlJ#C7ZoRy9E#X+6l?w<0S8$7Z%(lR{n0q9dsD$5<@A^KVqi%+oh^0D_2*8EoL+N?_r ztv1BxIg_*WqkO=UsJ#-#i>GDuftz+PcL7&b%iba>LjzYlP_Mq&SfT%&ow-tM0wAgC z|L6|X_pc6Z=<7BOEyvZa@@sMK)6zPjj^-misQ&!4Nb}_EmH?)|hr8l?W~)?8sIr{f zR2|1U@RC))oe`uzl_*URr`o58NWPQs`}P1hJc5;2hMKv(>?%L|cb;2p1SfA+0%Fzl z^iHq00<#}-ts)DcOln77^s|()^|u!&v?yEZUU;fMj-I^el?lQo)>GQW@pV#~boA!_ zSRke?j>bJzaA1sNmn%J?_3g&|47LdZ-VIq6=dCLEUX7HtZRHkL0^ZM6KMg?Y2ZFwA z+s9YXXA<}@!-!&pI8nZa+vgG0Xz6b8*nB6qjn7A9G`oif>y{=uY|@VaYxhPOV;qq^ z?T)=1i`#Q+p3&`jdaT&RZ^FMITqUVjQ+A5j*_&hbQ3;NRG)(2hkU)nNA9mfEOakby z5Tb`A=tB8c^9yQdXOP}-!T{S=Uta6)2FY|2=AcA|!SWb+uEG!A|L!&tXdV0HgyNj% z@oKBi{E2k(iZuNXEzoOVA-^(ENZ1^vu85t@>7}7@H#~A?!>BhO&molRxK1Qch>v_C zj1@y}1{(KSR>3|6ppvmXyZf(m4-no#iRS+tJjuR76vU|Y-T+*0|MNG&N!sQZ>pvQ0 zfI=9le)a#b_SIogc3a;tv`7dFNK1EjgGzTwBOwjaF*G6qA~+zON_QiTg22#!!oX7v>n(Ll>_S!4=TED&4@w-3|aFu00jb{ETSlHebKe{vd z4hH(Pz-K=v3A;t_96fATudSAJ{GgkNB0;U&LU~k}Wsc45YwSc$U1;@EO?Lysk0reo zP5g$g?r=_aOKTtPxptnC1>O`KxUvj4^eYhpYiX#pQtLFwHh6OAN2i%{hiJS0EQ*B> zqkHk$1uQ4jzqV4^ho-zB^^2}q%>p&A?1DC5b*(upZEz}V9aqG~*EQJFRJRPxrMXA??xKU3 zI$pixXp63WY&sKN_VDPG`4=dF1Ctu_}YZr0js+9{WIKtFSg}NFL(Ipn-;453s z9&jBfJPPn38?vF|Z9JBEjMns|vP?RV*I7%)IaR2?)iz`i1LL3M6RMb_V zf|NXATnBB3C&XFjvGu9FX+K9#X^kH>$hF<@bx;36QM)^9ckjnWQrYX!UQwMP(7F@1 zdi+?jbG+7INX`B`Wpu#wPuM?VhJ*0twDZQ;%{6IG zIbh4f$?9N>=NA_%}XmkLO^{}GTe)mx!>bn_)z(8 z2rg<>NpP+YT(ej*R|*Ti3i04>UQsLSc6bflY%JDC-`@;)SVe+I92V$ZS-73BOT9xV zu1hj5{Uc~blD%*Qm^EyK6XrOxX67u8OE^>aQqki<;#(kvVbo`B-O3Wa<-EoS2Oxjz zcvauifG&7~TTA)Zy9QiFbpjjjJxxo5;Rldukj`xS>wk22g_O_FL#)L?GCgFELa`y{fo}i`iLu12i618}~Pfi!q~r z%bZN{O708cOBG6zdxPdu*;eG3Wrrm1A9+M~ESsq%%Tb0EI_R#6(B+Vfi6tEwHvcO0 z;UhO@m9rWEa9V$?M=d#;FJjc)J}lPzZFOEcyR z9kWO&D4D*r?7agk8ChlpyX_6r%>j48sY%AW*D+&`$$68LTj>!>{9iYXmbuxw+iYfW z^UlqFE=6TW%fFFq`XzL#^+PR|-W@$dh~tLI4H0s&A+k&Z-!6dp+@P8$h8SAhVWyh- z;ZXAn`?w3u=Rfc?0YAx1TJt#H=$%;@W@oX55LiA!;Hk9&C?m6}r7Se1pmXtKphBv6 zMGK}b_i$a_U9Q2w#W%V*Hk&-P@uZsD3*E?PBpX~Z=LzbCU>BA)i;;!&=~^{Xc#jzY zNP<<%sHwxrHvV1IdG8b3{_%3(=h3#JG<7)$Qxc0)n#je(3X#6cB3tSG%K}8ogMgXU z=&+94pHO#XkKaxt4S7+Hxn$Zaq;uw>ueEgLn#YKAs!H#9?z@PZ)UKxDshugs@9V;x zKQA8(zjIO_!Y>QnADc}>%`9`_OlwP_gU2F(doE@6n|_-a5LC;rUyyp_15jD2?B>v& z`yO+T-~-BwsXxtD&f!5%yQzRI>L<)mx92l#v!}ofZV?$lNrqz|xHEM+bR$YOwvqTp z`r5dItjUo)l(JP6oLTVQpHY1JDJe)E?==+@bIHEkpe7_oKklI4V`e3;V&zoJ0*E#q zpcA|#8<;DCz*KZEBQ#!-%s#xF#>ZP=qe{U0;qr*aQirCF@8D_o${TJe>0ULRXfpkX zzwR@SFfBdMenJWbIP1WGF^CCVW|kT?&8|A<2!Zk`x~6_eLh%+?Nr6%1$IL*U6}UjQ znaadNy?qNTMLaHUgWqB^wtqs_SRnq(V)0CtFdV#6l3jSr*Lc>{Q6YvO5lL|3B5TzB zZm)!(z@KahO_1kR_qFnVV=1ySDb(N4 z*_HG0vPCWJD(99RBRM8E3H`tqIiWbe0!ml`VRFsKu%Ob%OQeJEw&pXE4^JDd64{B+ z=k=yD-hcNpYOD~vM5cbD z?put;ot8+ERolkd&dK*UeF@p~?OP$TTOtBdz0q>}yaMHnwOD7gp%!v4+HQj}kzWT^&xbw7vxV2LKb|l6F;s`nW&OuNZ zSnUKY{JR@yOnX0c!VNQ71}%IMYy7MCy;5@7tU2#I0`^=iS!Hp$o&6Szhh=rs)&;k^ zPvWfcgam3yb&fZTfIG z7Em0}tz#e7n2s7N{Dqc9GR$ue?Z3v^{i7EE=5}h18{`RJ+yqm!S_sdX7F3DZJ!QID zHdr;c-~nduKuD>`B>ofGByJS)!SN5f)Y+(xU+18h$r&0*+E0g>6&Rxp36CC98gH)2 z5_}O1l1wX6TCy2@20OV6?Yje3@zuXh;+VFK^?dpP8-4O@fAGXaC6?X_XK?h~`Qv00 zS8-W45fj_daozqIrY|2qR`{rROQ(L2uIDSJ6SZ8CzSEa45NTnvU!)xk(CQlz9IH|-s7Y!#;6W7!Zar*Eq zu63to@dRo0o$(K432VRE!C5V<{2*<7;0i5fF1W(n7Ka*K`eDsGtt8DyIB{vs*dsi* z&yL(TO}_T67vjWKV&%m7#McDY)0eOm+`*JsdAIj^pwA8WHpBDS+3}x|zIB&RLDsfN z91+$7&Y0kYcW+_~DLOvkPM_O|7$q*xIIcEei8LLHGU4iDZW|9(PRhQOt-K88t|Rz< z!^kvwIh$%a=SXuey<;E2?ZX5rP}e)w^^f~STuOvVZC#1I8O=Y7_6f4y-_9&n za>Luj0V@RdeJYRVs^RV9Hcixf)rJ@$iA$)3%x-3F`d z!#}VQefZ8|GDU{LVkRMFV6O#(dG##Ol-fzwT8ar6jodz%w^&*zd3K^wk98cN%PK|) zNM@KlXfr{U@!D5wY31C9<}8Fw@&FzZ>=vhuLT#KiU0iDC?!+%JRW)r~1*hYmJ*&0< zYPY7^9V7;lsP5!&rNb}gPb*^GG;3o>6S*t=GHiA`mSgw>bGe#fQU$%Sv9%YxBe&ck zvoIvrAO!9%k=np(?wHdFr@jrKrTu<7-z(^q*$GuUVQ@gkjf=`Q9RH9#`D}Hp9sGU& zqZ^~`RYX!<7>wK0Qea4rr0lU&RhQA{owmG<1d{72#81@a zc1Cl8+m#RQLP?pORks7(V5m*6jP+Sxni+Z5J&IsR7O{4Rsd=cv0g}WS;{ha|rYhNt zyEaOrSoNx;waX&6fD9P43r>!`=764%P~lgy*1Arxm=gOn*=og@ue_HQ&7S(2)$eyo zg=AH8xj6HWnO{ktzFe?j=2T%(5t$N`I~ZFI{mFDojD;7yk*H0nxoKZaWs+yR)e62N zGrtQ1?;SS&%-5eUUnslYZVR3jUJ`&ZlYpVkt*Mh;1-iH;=F=U~@pmlP17d6;;5#&i z-mTgTdz@$Sv$d6W^o?O*vz_zECzc;0diywrR4XpwKHoY`yBv@zC-c3i{>?U5OI7QB zlg+EnhO6q)54(Frc8IZFOc!cvBt25i#q5cBs>?#p?!&$0X`hWiC_(nv)=@wy!X+Cn zLOzQs@O9srUCS*yadrJZ>w(Pbyvm+{`*J5V9&*f_jc2cI=Bo5v`0~U{;(XmwYo?3r zgtxQ}=VhZeo5CAJBwQ&A`ui+9kn$o%L27i7lj1gQWqZC=)8cwRn^#8obKgYyyhNirh?6qHHbE7LW=L*aeYReu`m%HIK|Rx0vXsVw1GEe>$u!juZ~UM-Rc#V#4V^9W zXw%U(kKUmS>O|azepxn=9{b)^Ac3h*H)hyLuAIYAd+xtwy1g)O3vsR@WE6j(9dFO+ zw>|3y^H=lLXgVyUTrq?_hx^rE>XcQj_>MHW`V!8r+d;aX6Oc#oCyh4u|4bxc)_NzU zSXYFoCD|f(z3rImt6^#JEqnW_XR`w0e0&LtISyql;oXqC8LNF^&A2}Q~k(*;(m9+E&6N!nP6vPU7Gc}p%YIU1~wZc4@_ z59NZhFF15`gO(fUfA82KJ6IL=X z!_}G~6^x~8bgsjc);TWuN7D(e0?~}bJ&?`MYmt7*Qbu**y}RtLv?IH$l{pz%t?TS% zp1xzw(@jnbpF2%+t;T4%48~Zu&x1)aVKuhFFL&y%cdlkTGYP>g4u_1BesDi&SN*%n z#16#a#N;*GViM#(sSvNs>7@$QzB|f5lOCP|H(Qg{fTc_41$7}9NvKZOG~3D(&ds=3 z^({=(yyJUiI*NE>Ke<_C5B*5p93hj)${slJUGCyb<~|E4^PYKFmgWdP3worEu>s_O z=(Q!#kNb0V?)z$Kzd@F2T~%xQB9I>68XvO-2On)e2$h|)2Y(QaDW7~R-8+`Pz;x0z z{1dI|0Wl2Ida! zmR$SFqHPO*KPRsByLOeh_7|I1D|~!io^1*bZtb;z)ZpwiCBkG}!S7tqs~btd{&SaT zXMvZYmAz!E7R628T{0>JEO{r^yyH*6HJx8&Qd6JgPG`G>M{rBkGS)zev-sso5L= zziuDrb$kg1TZ(b^hvtV* z7|>AdyX+I$nj{1>V7=W|I$2n#;MA<*x}JHcCcTU&%7chFxpkB?%v8;ndlz|`pN+Cv zDOeEKfr}bhuM~$skJ1+wgd7$cMHdUM;T@6ltlq^TyjIg8ZK)gCbdBe?Bw5>%I$WM2 z(?oXtwbx57wSYV;y*4%a@uhFI-B|s$c-Zm8$vnzmZ7SEa%i?%qQjn#MsLj+fsuyJB zLB~ZruVNNoJfb6GVSQ-Y=QDn+(?+Z6TUqP;rnV7jMVsMFyvTW+jTyd-yCGE*0N&Da zxhhg^szhcthS>D();jo9(Af85ysb{=!zp2+zz?GMxKa=z>V)1H}{_qcTSO;OBzM4B{8Q(^q>CGwFeud}+9t`sG{ zg)D1SUh~?MRu@kFW=?BrX%8>|zGqP~+Yby$3Cuk=T1k!7>I%480M|N6H@bEiz^K{? z-;$7yi`yPz_%1wYYxero2{)0YQmc4SD=vf|c&Z;WQtHE6zHX^}rE+Y4tegP}+x(D0 zy1N@)cIBFQB0q+Ov)a6KnNv+L7#in$JJY^ubai)SPcO5EpBeAwQjZYmlI+nVK{B;k ziJ{ENvs~^=s@^*O`~{y?7*G_BBBdRBdJ_@@e$&#Lbl%di>p&wI$TG64?2SZ;Fsq0_ zJN<0c+#w;E+sKUVXG?8>nr|5GMIOAadhMDKtz^Tvf_8IOdVB+?O${PAGJE^{*i7=& zkQ%t3JR1pkXo-;5zw47;LgY3pQ42UI#iB)#SMqtvAg6VaexE?4SS}3BVn#sM@J*h4 zhY*UVwBmX7b2WLZ2k-kumuWJ0wD8CRe?+jN+2uv zR9?4gcVOxDHV~JYDCG&}oJZbr6Hv10@HwuHwB>}7L5kH>gHo)V!>+i*%NSWpD%vp_ zCB(tcHN(g%A8=djpg>&J26-hC{$9^N75tZ*aS zXyF5x-`8gkwURO!G8LpTT`sdmj7<`)Kv)yBzf1Yri}v#2W#G%HK`n%}a4^ODS z+uDAsx5OuWhCZY2vTy*R8JjDVd!f1v&3ew3wgIe~QY-Hc`m{u2gLdu$s3zT+H-$K_ zUm57a5KfON5jijIV^f=Yw^RN=CFU_$GoA1qUFu_z)6oG`u|ZcVg_&R_1eoqS61Uj5Ptuske@p*)vwR;#2IYB>Tc3iz`Hte9V+}{q);A8T=Z~NRA-AVBeb5W zDdg9El5=JsB4~tZHm`WG+IIA_F(YHzan>90`|ltBPaoyBa5n-NM zG;~YMjJshw%K4XhyzN8*^+{JZEfv2kkzlH_=279B7PKUgC0*&}x~Bx`TgR#B73B5_ zy%#VR-%gF~V8Ne0h))}h2{->>q$h1jKB0*@&x}K%cIQ?9L*jJY$v3LMrIkea>mE5? zU-|@4qR7hcrNNbYwDee0oO<^=@7!-T|EBo=Su{22ct))0>OwwEz<^$5bB#T|v+C3i zr2l6d)J7t=d}AV_StDup>nE7%cK`VmM~jKIvs9TY`NnzF!G1_EE_-*vf zCb;IG&f*^}fHGaGADbUGBn~pv{C*E6>$q`AOX}Ud!mDS_!69Y`o+=f#aYjV13fn&* z&EFntm50cBG)L9(PiPfhRF+L-9tG6&rqOY=oph}ub|j<-%kPH!<1z?p#wU{BSP3%_ zJL>WyvqQ8m5p4AFj+_R&sX})MTeoSe2~vC=>~#yksr<7o0i;C$&!O|{+Hv*fz}Ftt zeBt|KFI*o(J+sF+&OaP|0Ts`42grH0^?n;63LS1S_jQr{{}PM;EjPdvfr!;kz*4rBdn@DF!>XyGTsxHS5lzI1f6i@Ht{A}|T+*}+ais)M_aiuWvf+@(f};=3HH(Tka0^5?jv4Tj$s;-ZM_TXNH6Dk& zv?Wp*`0`#h;k73@0O_cUcl^$K7rs)YqrEb%#Wpr4bHU0Zqi+BePJmsrK%1!Z z+Vj&U>|5~w)GX5RFQ^$Adi9|m{?O-F&3}p>03#ZHQxiq)Tb9Jhw(2qaqf5wo7DFm;QBF6FieK?+8)!Pn%a=xgO zvALJ>6FeDj3QaZRdKs;1!I>^u^hSFIsBb@VhUYK6$N9~O2ol`jJqk(fC#KbUw0&f* zc63KC9vWMKT4kS@(6-Z8lLuE?=7EQYP`ghV|6#BH0Ku=6yL;k>KgAZ4i?}BX;J;bn zo{2l8#=vuyf=Tl};~tao;`>NXEW+}Yz2^9**{_oj zI@&MneCEI`;!R$!&0&7Y7mA+YN5N)wf%cYV36OrWe2o1g8w-KlkkzMDH>?CkZ)_md z)>ghCr^9#JlSyUii8H$m1!@#r7)du|gCcCiF#niz0ssCvY(E$56f850^KX+%JqZp2{n(6RXdAK8h zlkI5-iv6t85BSNlyEVUZzjp5)tz_(zea-kkd6j?eYyRc8-A9-ySr$=}1o*38F-Y9) zOyy-jAyZ8h`tJHQ=FBq|LM- z&mtY;^|bM1j>x$D7}a_AKH;?L3^LV>4ZJwHo}j<(7hh~`y9v|5{DJjviany;u$oas!H`WN?-<-50lj;~>ruTLUV{}_RaBmn-&>vm0apEjl3`bweA z3R<8xI-oZ!dENSCQu}I*!zMYYs$?A39uOmyjM=d_a{MQ|qOXG=wPI8ymPRsUf;*0? zNoM-^jyWCHWmR|#Gv}2K5Kq&UwoL}HD z6zp=k2?fM8(Y|meUxzZUZ$=?Q6NlCIJnxfz=>x%x(FCd;tC>@tF!+Y0m}lQznEh$W zyk24v!es0W>QW`_CTq(fD8}lhzsaZFw9LbtJkTNf&|Xu^07R8(Sz+@-JhEp$zP^!C zK^iwdo_J$@W6S>#ReTY0j2JaPu}07JcNvwErD40-UibTWfOe+$!ilu}kMw-zav*B= zhBp_PIJHWOq0z2|pQXP#qI2^NS?~wzWlldr~aI{y>Mz28e+COI{=Io4H^N^bX1cB}u#zZCpm=+D1n zTf$R_9c%$zn+J3)nu;@Vgft8F66i=MM+cIy=YBP-hT5jIPr|A}K@b8z&&zB_JP6(V z7evK)78S6L+r{ca>0&EFDUa2*mXOL^#PC#R9}w;=e_;_0shB2O6J{bmAk}htEaBfG zoZhXuk2q1JkNkEA2^G`=r!0Bexx#mQ`{(Wkdp zVc9nKC_4a>?t-rAEAvr9N-D5^Ch{%2Q#uu{kEYH^gYIUQI~3hoHmIV5YM#sLI7i0B z-POYN6-XT75G;8tqAUy;yte`V=XE`P^*1LbG)xi_q)3?C2#?%VI7!Dr`0zVnCmEddfhGc|fY2SIWHl z#gxHcKucngTii$_gmZ=~BA!IwjfWNXd~?I~z`1Ln)A)Ip9RnPZk+iS1a4Y6yv+$7CmS9IQlg1U9w^c>E{~!imx6LRl2e+`CR=Z9)U}bpA6<- z{2`?RydZ*kd>YM#rUL(9nZ_Yl606Gi>5_#nptm`=?N3H~ZxcVe{8i4(T4E`tUYAt- zne~@lDy9gF@IDv|>!b6xNF|!$)~2P9J(_o8Kd-nEuo#XWQRWU)uZbIh-f6}W= z7`X)ZsVY2zE2`RDNP(Upyt$bFF!9~aG13aFLE`ZN8MOUHlUMoyb=Z#4+x&I~6fD+- zu_zFq9{CiS?o=-6d*7sT3+!llW70c?*iLU6J^*kS;Jl+Ilx8sc{*y3kunW1GoXrvI z;8{F1SvP7SlIG8v^Vf0{7&SCysEf=AiQvM&?9T@AIQ|xyveWu)Igyl+Tos-qqTHm4 z^iRK;1N9esLiT%Gw_X8-A*cRv|SaikGd z-Bhd{C~x#i3R}WSAv++gS(#taLBU)H+Y-}aWhnd0!iC4aXy+fI=_U>fe|>`vrEWVt zw4qAVzE+iRi^fY>=v7HK)|eemwJ99d z3=3#AY#_LG14R5Y-nW|(z}iH6I1_OSj7%dNS=@5Olnlx|qwxic!IDQ$Z^@H`|j!3dmbC zwMXJI_+}``lAk;WF|#r5bkGFEn2Sg>Fv&NUPYNIWCnb#%?-RioHHEUjaht+8zbqFuP`Un=k7767IG z(yi+v68t{JzY@|xm-=s zzMb&mOZTfej?!(U>%rmjyZWtMKGrdNFgi-ym^LeOP{yD>Lk!+jy>U{K3bg=BlYK8m>fM; zcpr|{mRtk5lr*-LAku>S0b1r;diidm@NC2&WyoCmDpaSw>25Cz|#Se2%$Co#MdlzZHAf`JE=3jd6z0%m6^BCMZWz$Q%m zk?J)|I@QCoWC_dCJjOkvJgmb6pw4hg{|lSW?e@|8qrCXcQd>>}F7pMN!$~?A-lkw_ z>R#@V+#59odT;t1Ce7yIS6HG4v^Aq`q1?^_tM`nM*nWds(Gj&jCn5&SIa?liI<6lo z1m{$5-3v~UQ%|=NWA1(w-B0LZR7?R3y?7WSWr5p17{@3bl2zdhvjjKo-(+_GhzbDP zHK3Sx4}JP5VqN2w?Js+skPwk?kp!}eZB1{vsI#J^0U_i7ZE~i(t?bgWa|cP1RqQX} zy*czAILXQSxo>x!a~*kE-gIos4%Xp|VvChuYSTqgLs9(6A4qQmSOYY~nG4N$c(7Qs zHHbGGT7gi8=6a8LEhb)UZ)*K6>V$s=;utOw*i~g@B{5rKSQP>1&<;&@>y=V*$PcnV zM=3Y+FF$S$B>I~nlv97_4@zLH(9#!pD=>*xj&kMRV zVDl2LpA2ZTO_zaV{@Uvg=*DUfs(pUg^Tk z$cH#qoY`$g*V3;UhR{$t zjl-i@%MWsRu4QpQWAf2~QOWHOayIERLhn6NV`1LhN=f>;ZU;2{+1|g^?K4!Op0sV$ zk_z+KOG7+)qoO9~x&$2O3BGIh72PbB+jM zPaBL{4$i??yEJ?9kg5ZlX>*+yPCu>;x}|IV>669o$LB-?qGO+!w({VL>1&hFvdb*YhNmW_v6Qa~@ zMlDGexZ6YTJvcu3`dGVCMw{C0fX`jt)MJ|Oxg!hu@gbSFS8=-O`~?!{cqdEAtqeoy zIJh}ObZ)0h;eKuDyh(kLN4cNI_3W2Zq@&am-bzb4byM2Mk_dj&q0Rh8 zPmL5P=ttr$#=OHFd8ps&i5FAx-8Grro0<(DXh?N|UR>KVKjJV*zb>}3O=~l>IwgrW zX^!mc3=YOt(~@7oFU%#%9Cpe~mF~57DIO*bi{i)l&3}#}2mbITEGzh;hk2L9C*n1U z6CxP>I5vnZuh(l9UhgFwd`KC#Lv|LbFe30eTSMM<;eDh9n=#+XC+fuPu+2Rw@qH<% zC{tXWI41bxlu0W31ZPj6Ec8NLcfO0xMF69x*l?k-9Edm?@*|eB zHSt#nWpC^D3;}7dZJ*SAGPZ%CMeB@|kou?c(;`V1hPo!>scHUmTZZ%VtY;3yh?m`f%GOOxqXR?Ga%CN z5eMuGjPOp(g}h3y^Id4yzTcU7H^!eNG&2k)Csr>_(7YPHDsrc zo%#ldz$cE5@75THcr+hJO>Z3PX`qvE@uDGm*AGrP&gJy@vG(rMg@`7Sd~2Qi$ziat zE5Fj@Xl!ow!9S;qVRH00_JvSCdDe+gXSB_ET{F|;UOJq;Ql$cjdT$9?uP@-!B#9}Z z=W2RyTbjdij6`jggVtmAm}6XdL|EZ45OJoUGC_Qnr{O#@%n#V& z;2EF!0o?Iz5O85{6*3_tf(l2}+E7zTm!r(LoUd~cW9aeH6xyk!0x$XXOshp}Tc%3u zo9e22UP`6om2`#FnN3U8Q$-Hby}vpim6x0${6o(2CRFw$aWF>{={OCD4x`H=Md8B9 zhNFORu7LR$N4lv*CA79;N7~RWI{n^VE8~{N@Q1KrX8hrF>7OX?IE0#~tvNKB*~s2+ zunU88-CO6lQTc%G;Kw8hmF4eQBSPWbX7{X(pl7Wi*KM}KurcUgnCGB{|KjPo=0j)pqie19Qy$?wPH*L1|H;(oh^` zBST;!;NvBn)@L$yQ&YWE`j%Zu&`KsFCXsmY8#Uv{lTsb*ViPwC-chrmq*Q7~%~2&^ z+d(q7#m+>u=tL|sn4$=~74vFToSq)>)2?xo#rq~v10iSk*5&pkgQt}U2gP4lnLnen zjJQC$G~h*?jxQa3B~tOLRL8f~0_*kP!ys>vtMZbDMx8sGh>_%VVk}BW1+=PlyJgYA z?cl-Zh!S=2lk$bVw?Rftxm*EVFP1FoIhSi^y=z8SgzfiK+aCM)yyP;GY}UF#S%tIQ zd7>0`CVSl21*!OvZ?)-l%^+*R7$CPeQrL209|71YI3~|)A7#_Xuz=q!=WK+v1&Ueo zLe9kNP{T(l&ckwKJ?EHW zt37{!j9efFga;u&lw=1$aPhsen)Dymi)De%g>KgY%Q-&cV8kUL7IeaYa&_u+ig2dpbRB=&cL_>0h!U5r^s*&rRCtEi3~mVN}fq7LS}*Pksh`K{$>yg^4=rHe_V6!^ugwN=d^wHN=+>*8-w@eP3?1o zJ6jEWG8>)L!qCt`n7G9Ba$#uU;+PUMVXmdn)U}%X>+l4&{I|nm=))RTFF;zfKg=#Q zeeAGJ2TMaoly1_`;(G48*7G^zgmgeV-m-haQvZy{igUR-g~ zBfxgKex>Tm1@IpZa!bC@v;E%EmbHb_@QdKWVPPc3eZJx2CRc)ySwnZrey@~lwbMN^ z^TyoO8h__GPz#|^d~dGIuEevnE(!ZL=|7}-NpDvA-%I{?Kg1HV{g7Ytkk{9UCwt?3 zAiicUyeIqgO>nzLSa%{Q!0PfurFJXPF@yR_){)EeVG`+U2EQ!PAt|ai)>Y_hVgX_N zHZ+j2-s2d*!dGpqgc@@~QxSvdK|{$0^Fa%{!n+X9pfZ~}t>vA6kgRN#fasuy&9Mq6 zcjY$l4v(%Q1+4}<{`E`!4cOHQ$D!csT(u?j~&$^4LiZUUXKc9bqqkK-Ba8c!9 z-u$6gh3T6SNN=WIuNSFkLL)^Iz?{7M;m44ZxR$jLj#^DYz2R(O*z8t4OpgRM+<{aD zH&o^u8|@uuU+$4{23vQ?Sp|fb{ctaZ8>w-toBx*_{%4ei+kwnO6VKF!=x<%Lm{Q(% z(X}#HW#Cf*CGh(5lNaX?7-PX;T8_v)`}I4!V8z$)DStcWoQfZ*F=hMet3iFLlHPk! zWe>(xTB2o&UlguS2MPE{Nq89G9hZay0!M(motY&&?Bkb-?TJhlfX&9$uM7pw2ApMY zUeWTopB*(`PflXHXtbSp=CwL4#>EHs(I+~)9cMQ?u~{q|X7d_EI{ZBz<~f8{iCUdI zy%~M4kf813lB46`I>;~{7%o-QsY$lK6hVG46XCqo+^~b9;d_6nMfFvRF`Z?^epF>U z1)7s}x}(g(?FX6Eo&6y`wwOe5?w3uSnxr>Y6{9x9tal&S^p_+bO%+2$VROYq@9bWE zYMBaQ>5*NukJY{A7Ml>*bfXZRkSgq`LN|3(dL+$^D<%B6!b0J}#P{chRnV@CH6PwP ze@{0_D8PCU4<|(U_@e#QM89zlwb!0t|M>!ooYnJiCA$sENFsM{1jP1Q;e+67wgAdn zeFDK=i~cwz8BK5<#I~O#Ia=htNAw~W3-spm27fl*OyT)4<|g@F4re;+MT*>E>R_cvcH#L z#MlL+>E)EE?d;r^rp8kP(mGM*D$crrwYXV&y{t6wW?V+D)5(2LDKh4hF^e&k~)>tqV;18ZiEsRdm2Y_0$kj>3o?Duq){rnVynffhH}$R#b~`f0kXI_Krv;$xW&UeMn!RKHL(uzp8%Sf<5u~qJu!P@vt2_{rJ4(oa`ahKYMv=P!}Pm*pX~Jm|!#{#9TGzBYRvtjhSeOb-|9jp-S> zC-g@4Ak1MhXeZ5Mczz`dT=ewQOX*!_Q4r>{I|D7=x$VKJ#=iI0O^u!%koFtPWqb7p z#v|Im+2YQFJ|FRScU$VWb0E`U2{ z(^#4kzT05vNuBBJHi_n)438F=Nf%U~euU9v<)vB(;(1Rz%ikjTwc(8k3QWDo+lWX$YY0u*1gLyTJni+WR)a{IB|go~ zDG+jJZBf9>09O62$^D(-_{UA?`p#HPu;BGW(k==k8k;QSX!<$a@!9@s{;6NcQZH(^ zCxKiR>EyH1cOB+l01hQDD7=h+E7fac-bcT1t<^+$B+z2H&vDIV*#z$WfsbIiNIa1- zPz9suj(p}b!|-*){G|Q7O^~}qYN^_ltO!N!>vX)|A^3k7`dDKLS)H%vi?erKt>%W3 zA>o~03<~H$J9pVy(BY}GDiSu6$ejJ`{Z5Zj|6*SE6QPnb#j;lSW%HQKq4Juqu~X_N zV}%dK!6b)N*`?74aWc9Aw>H)gc+alyjTeDqPN{zCUkhxzEV(u2a~vvY4Ty45Ih zCGDR~(jfzmMt7N?XX<+eRW)bE*OZl^!?g_4s$*V$Fo-N*X=c`7;T1zpQx)_Tm7idR za!DA??i%k)-?BJap)L|C57dmr`)AZx#MW2fqZ;YldK6ht6Q{&$%3D7|oX3K|z z#(4eDj0&4b@vF2P|6YXd2#9IsX9&*W*l4b7=7FwbmkguEEmc=qgN%29xazDm>)yO% z2eYa8r5{EGR9(7HA|=ShN?SZ-&CLwEfaR4~TE!JeNxRm zo$N#lWJXA|$ltwcw2G-lP=X(RI{uq3lCLrh+l8~9y7oZrOS|W}zQD;#zAp}JFXXO4 z2^*mU%8F*0#zi8S_n`%hX$UvQv=58yAya!{JbSr{w`7M=e(LRvU;7k=BWXK*1b%Tk z`tGmww#z4d7v|~zQGu8h@z6IHU%k=D2Ox048|3Sn6jAl`ts?fW=2cjg2s&pzI()e) zNcp??TM*dZpq#wDjuF2~<8N~9KEO58^dhJ3CWqD3xPaBOFZ%C^LEI$Dq=h4TyV>~M zXD@(G9#!MB*c_Y-TlPyk*pzeId2yK%PGwtmAMHMdVy;>~pQG!(^s5jo)%OycM zupE!-I~{Lrp4%-$(|6fpI2DB|9f25w?^d`GLgM^LM?HDVVe-k*QK6Ule0P?H=+3qi zMiUkRb$N&$a7eCByWG0#@0Ja98uc+g$TsoP{Q38SImSEVVXjzfQpuLmQh~F#cvFwo zA5P>g?K0mhAOmsVneJGUNMQfiB(KJKEaCGt4}TN&agMHwE^>zyhgH>0-vpT-s6dkQ z4(vYJ>#=S6riWaw*Dxl5xz(Gx&#f8_gh_et^hs6yWTWd{cqmVHK@7Hw;H0In=J}So z`^kPFU_nRrdP+*o+h#AS*tG({cLy5x!)JVkX#ME=-INgLrF#V{iK49kksa#)BGrd5o%4IhNh>3t#H0bDoRsf>{E@0 zEs}3VM((){D=sHrlOXgh5lK2fXfPLNtJ=pT5FSDm4~R1v7!&n zm{hUt8|Ta{`>46et{+#Bk2|-jk>~a|-st&Q>7mT{o=0nTfe~pF`y`GL&wsOy^xCb~yFQCT)Q7d#78o?<$=-J>`~n&bWLU@ih7SC2~KN zLCq#z+%}uo`q#=zc~7&u^FU{>HDE5!TUlOmiujnGAnTsJ!qWEFjcG95G^bZ^!)OZxd4S0L+17U);6CzT9nLE3S2m-g zUVixON1~h0?M0@O$^FJV6zOs@*OMLZQGVMsus20cGJ@-0cr=((Z%!Wnxz!(Ukej^S zeY0)!9U?@nA?&<+ZJ$jGFN~$XUvKmpsj@56V5*W0oCPI(H?lr#jNR#l?7S?gbYjz+ zJ&FEy%gIZ+#mFKXm78?9b$U@jIjv8?z!KbMKnC=sJFfumQ8*k4_c795JNJooluFX` z^@xYq&8v+a7dXXs7%z9KeQR1gjKZV7owWd1U4H~86CLgkf$#U z+L<*R46WaI9}JUmX0AfEu$R4YR?>4m*Vl_#W&V4ir^5eY?LDKKY@2rBTLcvmQBY92 z(nOjF0YXO)4uW(D0wMGuE%Z=?(AgKyyY^b&pKq1E(Ze*KCb48NB?$N6z4n@e8WI?Ip*_)HZp6vXqtOKg@ z{Qy9>J!<2LLMzwcrQ^x5Wfz?@mG{sjWfPmNqoC28D~6A*XYyF`Iu7dZ1`z6`yXNyt z7^&9TiLr-M3qaC|;p;WKV;2Lb2jf^TPv-8X^>L*7KXCUO8zwf1dO0N(H;Wy|e~2)P z$X#71bzselx%;{z1G=~H9f9F|4{tqeieKp z&ON^Y>00Q?lHBkwuk~o5M&qA-=yIR;JWxoy49$-O!abSTM z356Lb2;-12<0kyS%Y`mUUVTwH=awyFM-|7Sc9`m;Al}+<2SGy~)gke;&AV#%P11LX zOJ^=OZD^lM{Ql$R^Jk+WWPb*?)OJp0QQW#ndXugj48z3KI)ArJGq5psi>WeaQnDL# zHXb<2PF7$YfDfYjrnsaf2d1JAHPH^Z0fYstscw^7Ih`n2UsLnLF-YWl~+LW@z0MfqQhv%Rs#i4QA_~du2rOv?R}a~+&RO+ zA2KbYq)AntTIn3(_(E@Lo6W16QpNAPQ+J0>@lo@iAB_lueY4mD-bK@NtC*3HxO{E+;fj{FxW&B|^dkT7 zUcgc%z|t1Zb2iWn-_B?U3Q}15#b7I*QJ~}z>WLOF#?7&}!+wz*csVAt+)!A)8p8vlOpt2b%Kp8OLS1Bz`;J27rII>8cStRYH z8!sQCM&@eEa03au&p?#i%1-vV!Kris8?j zh~grX-=sGxHCZu}L5K^b9fGQ)=+2Zb|GVQ%Y^43#@koo#DN-w$hVOM1nvi8)!!L3L zxd9okw=wyHh0y0%sgMr=Ot&#p&Cv0X(EX{qHXW zmMbJnHx|7cp6v8!yM}ilY4l>XW?EyXIoSv-o_|-at2)Xy%uAV}>3dgy`nkT!z0aiQ z8=xKF@!Ma!dRgCOj{B%$u`?Pw*tDFv1U;Z5?!ZznO>>?uRJb;=q~)?9GFXGWK5QyH zNYby8p$*R&2(RX;Y{t_X=rLIW5A9KdITcw6!^t$IJzozXr(Q5!kp)QMHA$WJj8dF< z*KvJC%VeviE2?+XEEgQ49 zLH_mI$1#fk*Ocb}*H2gUfp9;YFP%11sNj(E9#G@|1cLCX8k2TDDbrat@d?>OiR=@s zd@7dk#acFJ#tsIWqu*c4XDnzAi6HRzbl$l9l9Vh!4M=&fFXu)i0yd0LEGGHr&pUe& zln_|87CjylV3N@bP_|y{KEX;OV`&tf9535Og1)-J@t#6!w2p&T zS4$;F#0+WcHGGRL!e=e#;YCJ=1dXwc)vka(jxemgV0&Z>fXdcxfbftKkJeSO4QDx8 z+*dhlG*U#a+a}jAXr7i0m<2Oo6O%k-kmD>DwYvIk`q=*mN0e5e zd-M|D5N3%w>wJz>B9GxKlmEVS#!gjYs%7Ko76V`brmr+9Z0Q$42vIA959hg98`QYE zvTC=FZdh`q386{f!;2hHBOw(B8dh7TKl;1aXQSSX{^Tf4N}{qcpV5LgtDGl@?gw4* z$9#1Br!wh_>+fbxaa-@Z-5wnh?^=c#)&sKRtHy(gOU1NTD962JG`rqmqLMotlCQht zu_v$%r3@Mp0-tLv9dKWaEsKry9(!>b0?QAogEwo`Qa}?tO_pw@y-r+9{!MLsrH4Vl z|G-Aw4f1fFcTC)hL=-+UoT|>l9oN13^NMQ9%&}yNFU>xf+&5tV#n|YplNT!zTAk1z z!=Rfcn`Cvtu1gX=ZNYLx)yuM%*MC1h@w$prZ%O*9Gr@WDVAxs3!Gt7-JX=l?{f`B5 zc+J27l`U#!Sfx(j0EqI{AFzNX;eQ%9Z*Se`VAjV`xr9y@u&q}qlaSt|>2|BJ^FR97 zu@n?5q6glqXz#;K+VDNnK z!Sk0d){JDxxe8D+l>S z_#TehWiJemzB7M&p?n-XQf`Yq)sMO4t?i`-KU9M zN34+qhNpHex8-W=snhS=+fa0Z-E=ZOVnLcDTINElqJxscWEoVj+5Kr$#tQh? zu^BY$lc^O!>-fR*HDkTL&nTAt>}59f{MIIlV&v2HpP%fJS;B-k@p}>pY=jAccM}p^ z{wV3%9@kZEt|wdxkD=p$fpbnJkozY$%`9t%__;=Q!|Eg zx5N(t#}kT&fX|H!7A%7V{#Mjk8|iq45`QR4s@Qi(-`a~uY)m_ELyZ*H9Dl&bAdamE zH4#+>zk65}J!e@1LmsJd{z8N;N{KRED7$RNGq{n9fRa+U zl9ApU+ltsdr#h>_bjM)9X3SrY41N(aLyM3umx)n;e~jL)aEBYA+@Zrvc4|gWKf^J} zs+Z9HzvpvhA6{ON0LHMs2-AHThj(lugUaDd6Aqk@)k|7+gW?Vrge4OHE=- zQzSn;g-wqO6HQb4dfG^D_S2puYn7i2rP!9~hfts$V)lXzHXtPfo#Of(hv!Pp9h0Kr zc&`$0eeEq<8Ja?D$kJ^y*+BnJwI+MxNAAhnL)$vH*8~qOV_4XZyC{S7&rvqxU z)qpSZANWsFSd)}EhhIk74=WzrQbiNE4PTX`WRe=3@%fsAv1{qxgI-XeY%^g79t> z`6#Pr0sUoJ*B^-YJ}PBgdbj*oJ)!kWfpzguI|JRp()hFIZ8A_tb$!rsMU^@$VFs#o z@E##=_~x9Iqvc7UD%9nB==FyVw}2nKcDK9gpfkirH*@slaMV(V@Rv)??|TF``Ml)! zF9kFEdmkJcR!sgmc^4mn_p-MRLh<;Ajm$&zfR%K-VA}@qWl<*&P2)Z+%GV z$wm|t3f1IGFu6V+4t$^Xn~UN;{;)>JaY;7%iDHm zo|NgsL3}(w1I&^->te!HE9Q4;exT6u`AHq`2^?YSVRlr5qE~~^RMUBw6<-EeFbQ6j zn=VdkFeKI?etltCs97S>$);5#ZDH~iVdu5SyD_7N!V6l$?$3B1gJus?ZK7lAEsl&U zQ|i7*Mv>|5PQ?~>s)O139eril3`w|3AI~cOzRmyxKVN0Fcwc?V;5*PV428Vwl2R~y zYre6+#czJmc}y^~POndrW$^5DyMvxBX+)UxhU*(v%y^Lgc^|c-jre{{7*nALV{|=L zkAWK(BP(|PO6P+YW+L#erGa6F*Z%LS$viI)@V^gF&&WxVe&6!AClmiCfPw#2Ru%?& z(8Q1`2P3h(>0n@`k2H$R<;2h#7^Ygr)^~cj@oSds+*~v|c6sXg^6kY-I{GY0uJu!s zq%y~(^vftO{4~OT<6+`lw*prImzOOtQUTnEpp%)e=^^`izUH@p3d-+Re`?Y$I;ix3 zP=H4UVe*M93|ohQ>_91(&`FAUcW52_TJY=lQsoNTF0XsT%TJWdfOkw2HKF^gK6KUV zH;uFH&A(r_8u|faF^LirTetu@qcgk=gx^n%db@9}H&o?YUD9VJa7^xBB!$4mY#rx& zAP2j})npI8UYV*5ZzUZ_w;vnSALI`bShY9`^Kz8yO zd82okIU9qUg_XF&yNbkriE|@`D+4xPI@ByarE~o1kic2Jd5TNFX>2;8qH)vMU9`9N>=38F%8$5MZT(93E)=gyQ!T(gw$|!>nd)}P8%4D) z+0FO9wx;bSR1fTKEm+NF{p%6dPguj! zX&@dG0XBfoKuKZKs!O%~Xg}MQx39!&h~OV;8J{34M{-nD8VMWY&(AK%iJ5JEXII>Q zY63FjDc1<{nSG{MMP@O=JD=2{rL~5np)ge6E#r{pBX3S#pUrLOe4YmU@Cf;0l7XKG z_Ze3FLIBf-&O-*=Dh1837I)zFRD>=O;OfF;<@eL28`@Y6T)fs`Wo(T9Kzg-}05wr_ za@Xzx>F-WeY*$J`ynpp>->atG-poRcTkvI45gY#fp~MRj*Dti}uPfpTchIq9aR%NM zfh0YX`kK;#c<2(9(&_h9o)sj38wrFF-<9uvp+5jkD^hQ|Ls|ExdcuriGtMB<85fBX zKl{9w8&FrRM~99pAVa{M4EZeMwr83FTx+mRZmWkllGGa@CGa(_jqFMtpAwx5Gem$~ zXqVA{wGbM$90VF+31hs|_kU7F5k-!}y@7r<60JBLb=cMFThW}m8u#0h1X@gGZ z&P}d8b#yjHD5P=`GLH}^T(==9$wwCv`AJ#Q+!~;p0$w8@ix;zi{l9P}gdwfT@}HwL zBanFoaTLEefXNKcf=?ojwZ@X1o8I}D7eC}+Q;%z1vy81U0vX%29t89iH-^ZFaA)1p z3DII5;5d&uVo4mA`8}y1B1Nx@-MbB8OtuoO*>nz>0j~A4V%d^(3@(%=*RLXku7*D& z#ETL$RH$H9M{tPn)SS<9t`l~)njb(gQ9B+x-8DYGoi1;I)Suf2;gAwDne3-#GfGRu z5i6B)8NlFKO`A)sFsGPQkcqlydFi11wmq#$*6xj4Ps=(pt|~q&fetVL12EO9C4TE+ zb7IMvAK=r-c=p?>iQ#Ie#oMs;CwL7dn3eQ};b^2Xa8lxY9~|0{0^hF~j!3=|y*=P( z_txx7`SNVak-vqcD6_$uQCi=^W zcXv$Zwj-ybqdqbiODNz=eo5L(4g5J|L1Rt+G&#O4>nk+AoDi zlXbSFyPv<{BGdkX_t1(J&n?aHU~18wM%czLIDwM8Z~8H6lH5DLi_U5g71T~j8wm+9 z7qde-oV{R&YI?F+b&HZ*O}~tSj$PtXDugZ}=6WX7<^09XV+-3?#p?hYbG_v04bS+x{`8WB|8gfA%gz?Oxma=hO}WKozNPC;XMV1U1PxQ{$;A{+ z^VKlOj3g=NYgSA@v?4__xkz^avjviy9^tdxaTN&Lty(*etTmng*fEjVaO{DnqY-%R z5R=eRT-)gp{ja1gP$!pbjs2bbiE%S2S;ziAI3JoJ->fT>lC9qI!~V7KQMcS_-kvmF z>lbx5?mfN?dnF*JC*^W|)j__hu^JJwTT>X$LZ5janrQ#D!9IFyf*60O+*qI5<^IC) z{X?aes|vLjV{9q*j9Ps3UD~ zuv*V>V@*9?91)jU9jRA-whu3eGhf6aN|`W=QiCUWuYYH)GZc9nsuavZ$F#+df=smM zs9Ds_R3J}ZvZ{FKu@4cH)W%Z)-7|TY1=a+1DzyJ?@kM#$?>5%zlYod6 z;&Q9$zsGX$C^BKJ-O5TfqR%wyxPmgLl*e&jecNIk!bt^xL7Md5SFry%w8SyNZ9w?o zXX5OGg>{0G{AY=9XMZg^{)iL8LvH7j4#G`=s<7RyBzEi|cqd9csz>gltTm~>$u`^P`ZShcJRU5g>f_(4; zdz^ZYR4AzDVbrTQ=AB^mu|0nHNMI^hH}%tQOA_j(TSM7QS9wP zN4^Z}q3xDB&F$#>(c46WQ9H1^Xs*x01)x+%B7EHb!*R5JAVIe{LuR(L)y<)RDC-w< z*fM=Uct;CIm|9xlm60BV9#=JF+={l=Yq_RT-i!l|S&Aj&X)+k2VCg1I+xIFF;uEhJQ;z*H+P0Sz=y^fMN(k?%piARDSBM=z!pi;{d|s-+%>DvCTQ zezG6K9f8`h)|%i)KzobI#tN&It6gCJlEq_1QNTW#Es5T}#tao0B?FF7T;L*5GO^k@ z9ev#U@S7WTxQefs#!MGKgfVJds9g8wSaR#nS@#M(3>hrV@j;;9O^3OVCVxd3L3o;BD`H^pQ^OGGrGEdyr|G+I8lqi?6wGwtDS-^{g6aC}M-H(?(tW`pEw}Cy z5eb33(t8IOz!dKK)0em$pOt7gr|;f-wLP5Pvl33)d$+bAMN_wMag3+w`H?`1@d~v^ z56G$Fg}s*UcM{v5)nYqiF@*6BQwqL{!5{9BAA7Kp4Sj3Px*K;AZopgaHGWmOS>R|V zR4ooU_KIc4EFK|JX|8h?;`IZR85763%FTc3wzQ)6^J1Jy$PQ3RWBk6xii-^!mc+AJ z-9WE^;ffpc2jdvq+Yj5c+f|*_ndeIzG+N6*57jbE;Zezti_!SEoMspJ`}JSe3Z3CWOdf=+j)oS6wdiI+whDwDro9BrH*4>ab>gBQ|4ra-W@e>bH!khd4i2@cH_rt>8_-#%jBb4c z#QV$DiQ+B?p^{Y;Bc{Wpzu{Ghht7f$1JM5|^zq5GTdXmiUxr6j+7AV4ZBfByPg~q$ ziw%HD-#hsYb#GER;)Y3W2kbQJtW=GsU;)a0?f6%hOw`{$51pLBU7~7aC}yYoQUm8{ zX$L=Oh#`GtGvoozH1xnMfOW)JVv_qL&2c^C5Yw#qP&R`Rpj3Lnw0%#xfo(<|taRVk zztO-%sqIg9o6fDs!d`uK?C@!k!FL=Zwn5sBJr(jE}L^_^Q41=Qs*J_ zg_`PjNsgFZvG;bfAAe13`Zv%zV5)&QGv42{`2jj!IA=-R&Hb%5g$XgV#EVG2oW^8s zOh1H2F_bxuCT5kLzCiV*WB4yL1p|uXAdFPGXw0)bJMtl7^D4&p9ggnQ)045QXv_L%mQ zmm&&26GZ^4hsmx|eT`$&(cpeH!AiDPF!(Z{|ft}}Hx z3te-Ulvc1pO))uEI1_vcFH1E9e(7J z6@Kv+u=S=sGUVGHq}4VxP7ZUFON9_MdwV0~6#!`j%ksGUP|r8@x}LeUXf?A@l8tS6 zM4XY|V^z0n&!Tiu9pGuTX5>f_4pZ_;sSxKBSaCLOxVxgyN;qM$#1#snFh0zqTTC9% zBOFegFzzlOzfXGOFYBcd4Bq)IamKJFA605U3FmkNYKZ2i)~I{VHuL3m;aKe#a&}MD zSaIiBn&_*&NQa!SxBGFm$I4U0fojs+%dHFgn7d7X5Bjx^1Iv=LJLAK;+l5Kj?$rW4 z8ql%Fi? zSLSd4jW95Ip2d8^cutKTY+PFNjSPk|O%Zzr^;FKZ>lRrxL?exjrE(A_?Z3qD@T&? zvwvH71<^!7vs4=3kQ#$ejTcgz^CmETCZ%{=HHo`V6oD$ifxsVZyBM1yw)^lT`9q7a zb|Myg$A@Ocm{sLj7;096oqxqo8%bzXER+$#p|2pwicJvn+Bp9>5A7}DSt8(yL#1{5v}gd(l&=Os?H)r#x^ z@eFGs{ZpRDSnDr=G=y%cBXdL+wWz2xlAQC^oQ{5XF5jDe!`(WQ;ZNek#yI3QY(!)Qgtm&CxY4JC8(JLf1H;R1voR-dD7VR8T4S!CDF#_Ac z*^<0Fa~-KLs#%$xzT><|=P0sWU<{_Hl=4DXOw=vz+^IzAJpT<*iWftV0rb-8Tedq# zDChp}EnEH95ij|{7eD+>n*|PG#p$3u7r27#98z6Y-GjzNzWxYf{>3ie@7%(eu6Rpu zR-HtOV$oo~ZKKg=emL!Vl}{H)>s*nVYf-Ynr6E4kn1j9rMXo74RO9V+wh|l0bAmuxiJvU%UM3P&}|<) z?@g%sdgN8(JvXk9!AF9-Z(!p#GgCD*sh~0DoVYltp)B0N=*0B4=sW2#_3OY8AtAGd z4$))!@vT(k@+%otwk#aSa+MEvA@H8qCB878oztibfR)ae`4;K*jB^{+ekdw*16Z!2M5^5x%5PTGBsd4yND@zT+c7kM)!Pv6hyc0q!% z?#9pvs7`YbMjWY~lv5JlOb3Xw-ROVv;q|O-dw`4&RQe?Pz!=sUI8RAbd~YoyarFG? zIu5F~Je@MsTxl3_H8+9U=~&fV0@ShnWhTX%xvZlx+R^+Da_ZL=A+HdkmP$SxB`Fy> zXV2`9dU@Bq-pn>U!}6u!Pk!-2W*-C1j8v_`Pd^|AB}sj8C&*cu`g5idlYzD$XQp46 z;yhj7o=r=zq#nMWuL;Z%`U;R+NB+B`8|CX8KKFOFyb9(&KYpq~N?iTGK|*hP-!)^` z3=ihE?)n5tDu~HjzCyT2TvaKhc_PP(8%ZiyD12E!`J%el>u(Fko6!0%IbF-U{XSC~ zs2QAZc%R_0LAu3;s+kQite4E8gwFra@I5+IrfojvgVp@SzIreB1TF}SFI*M}#!7D9 z?*^^4ac_>k=xcb6iP%rd=UZ=9**)jhSo7%Pj5B^QxUShzL(Qcdx!~hW{;J?R0}1qE zM)NG$afG($FcK^yY-ZmE*L+Nj(duEX#l76GIPQA-K<}LkQ9Z`ib5uR8$RhDNJU!+; z`}ryUBKwoQePv}%S1zRrBh_Hld$fWeJJ+*N*}=%dEBffN4Vsb0ndTH-F_T zu;DJVO-}_|x~53|1{$>ILJY1WNJIH?ot4*X%}k-^3Lz!0D>+5`Z_j^jE3-O!xd zDmKj`|KH~8R~^<*W45Ygw?YL^_d^}Bk zM`B!+{OtS4M`Qn63qVX1hi#y?AFPbVkl%Umt<~Kkv8qN%VAHV%elTg9p>b`1eLK2w zhXrW7Gc5WOK6iA{w4~a8#E^%)nVU&;+PsSbce`3IHiDfa;GIOFF4FqTj;?w7M@cas zWr%o9*^gYFJi9NNQV|Yp>OWc^a&IkvqVUyds|wAmR113>^$0i4x_}jXce|bZ7DojB z8jed29Z_@~Hk9KiM+>aZe-bwLQIDs6UrY+Q-(4prQx!WcdyuCxZaIT)Nk*=hIeviK z3su&KH;I+oZaETw^)6?F%ticqVCi`G*v-Whtn@FLEDnnNW}XQmLI1To38JkJ|Q=OhJiynvU-`^O%X;8JLq#1douk1s~W&`664 z|F6xw<=%gO2`KwXEQ%Scd#3g#e}Jb5p$XL(uGzHwBvvFNJsezkA8n*{hfte6WcT zdo`D=H6%D`nueaZf^@gzBj;SOo-aGX1m8pVPRm)m?x%qcL1gt9muB zgV3T*DvgE3j0(oLj{J~kNGj!nq&g+p3(f+%Sj3P93Hq`^iHVM#XM+q~#RmDOqYy^c4rvnQtIc*_;+_%ppszcV8*~;&fBV| zuGF;Flrz-b9^VS(+|e7=lv8)XDF5LvFVMu12Tyb|`cwiSQk*rTvB3c?Q8LUPeH2UQ znjrC7MdtG}!#a+_A|weoeA#-l1v=eq7TC3PdSuYH4>B+a`@NcIR&zNyd1M;3Yy#F* z0eKYULG;DhB3!J|ya#g~JQ5WvOLX;50{oxt#HGaR@m<8V016g{te6yZR7L&u+1#yZ z(2@ig^C=h;V_zq%e**TBqp1$apN?R`LQ*2cq?ctby86!JWlzXpB`s`7Pk9Pm&D3B* z{}CaXcC_#%QCLT|oTTPy_46Pdk`pf4>W}lc3wBia^0g35_qyd*bpq3dlare`s7^fU z9xb03?*29saPu#^%%N8S9kH1dPn|dekp1Rcn$g0xWq(Ba5`DdgKQLKkqdO<3WNNop zWw%5pTz+a~s;f48A`;o~3LFq?fW*tHsZI+L(iGWmE7>&D-kAa#E=Darx|)8acI^k> zQv#AotNy$$h$O~QpBMmO^%IpEbAHp4B_@pz2rcMIjbxcG>T=y4mm)OpPhFLU=b ztpZP)+0l$6tCa`Xk2QpB^(HvIkem+2lka=qwnTcWyzQH|7J)WC1LlDW`Q_f&=aJqX zu*2B2eMP!#&s=_9;^@cu%lvqLr+7Cm#?$!7vgC(>-Kh%ol2yEcR4~t&hURznRZ@os%;n zT2_w?rdpg-CG&lIKYc{qPeM4Rrn0g{MGm-#(&heJJXA`JqB|qQH+87s^<=P6A0yb7 zzQ^pB-803(J{eGqAwZ53kve4a08GPk`T^HA*{3-lOd;T+@71srpT~RBu11n`V^Ojm zT*asdkrEm$cVRva7`lab`?I8G6&YaD^8%xinm)J#qjK!IvJOeC8#7KG=UOkGpDZcz z334lmY{ACVis4pf$wSTc{@LY%Um;_Tb@pKVu<_)Jaojrg7o|$2io91>s=LNbF#%_@ zOuOeEmB7Iga<>>!{ajpdR2P3gu*YUKz0XD)TZxVB7cz z+fto1sxupZJ;7-t${==v51wUMHtkWF(WwAY&I(_TI-FC85{<636Z4W4DzM~umLfZt z#};Ld>v+{}X}7-;s&!^form-3$re$w+rOgeyH1*B?D;ECG~W7WJB^xh zQToZR+lZ^wIF7iG`UiV=pS+yIYIRu!jXu|VczwyJ$-5-AQH`h!!8(-O+6eS}F|}mF zl8dngfBY6ovbv6_2ISjL_G?RLZiKvK#SMK@{+rwZEJ1wORyqgaPc2IMn)gj$zO>9V{j^hQ5_ zguN0vVP*d1zH#B`rarhuM$f}p-v?cGTG&y%J}8yx`|UaE2(duj#p!>CD|C#+oK2m4 zk+H?l|5QxlOd|X5rXKfp8aUYL>3=4%iOG8vsqwK#^ay=s!PbtWee*%y zsIPWr{Q*{*0B54U&OQhQ0_;5oI5!DPH{Q{vSvU5yGo?MLR0ZtmPn_<>Egp4HczM-J zR!Vv1M9r4jC>Tm9RRVYA&o90Ly+o!v-C$P~?_M5axYVz-yUykH_1irVXun_~J?rW7 z@*Rj%+{p_xbSnU>os2OopJs-j@Kh^^ypLEXkmZYjYY=# zC(tuhiZ~y2dXmb5EBcPvUi#oiDw)0!-$@OdMiD(EFKxHy5u_G&%*=ov57k z-4bI5D&}i-X)=O4Jsm8^D(`^3Gu;W9Ysoboe=1XOTvge+mc-$61CD2DnQ2`?wd{#kTw99xrdvlr?zy0aNP5eppKkzGntPqx?-9IV+-1yCL zwHVn}%-%)gFoh1FdO$=%%?Q0b(Cz#s_@6@O(O-zEnv7G9f}J)mv%^XNJ9b=puD3_r z@i8rLjopn(x50F5WyaVfwBK2rTZu*2XMUMRH*_H_X(1P(wKrz<-~}sgy#C=iq9gjt zYav^Cfq_r6afdGl{}iqwLS?zgV1DD$6fzQmEgwFzxs*sZA?PjC&yv>#5E|#nN2o-6 z@?{XVa@1SS3;hR9PX>Fhheac;P>$oml}_y%nry__I%ELXkXD{G$fl-1$+rtYjDus} zObLU|oJ^)TDM{a_ElUa9eE`f!q=yQvav;!((q0!dX-SW$@Nd~N81qivZOSOe%${1- zXL&$Ic(#qBYl^W`wzDwcEpPr)$XaL0F$@!j0(O$C9Iz zH-v`~*ONDtz-r;l4l5g3^JVr24}O8>6ccglh{Dy$34K)NX(h1c1Nhl`VVw(lv5wLZ z-S73yh{k{B%UdD~7+~&V|3gzT@OX#X1YKqJUp_4y(m)gWTmpD~VO#+9yk#gVN1ENO zxtODB%)lyaBuMFv@%m(~l<=$cI8LhdnsQH&haxL(BC6x0V*Wa(KRPuQRX5C3(NzPx z9l+s?0u!pQ!h5L41^R5|_o|SZ*67-z0>||))TZf;U0fznwe}@#hFr4|hbAxfs=f^6 za73IO*=Zb>(kd|~*?(HL=My)B5S4Bwxt^8!aUeYt0gWktb^nXyA1xFYUXE*1y;nPe zSaNR1#_w4p0TE()x<2ouA4y0cJ zIV$(5dxyU}qQCLG{{6+*ACs=cnBa0$la)RjLaM+Ou`Y`iJ8JBp&q{WiOT3K&A2q@i zQG(BCS^D@<=@vC6*mGldNfBqGd4__MdXwvu;s3zB0ie<%m^f>qR^3@~${{o@h55?E zklsT|#03Tf`)^ZJe&10Krb10aQSu$8y(SmpgtS*1&TpAnXDj}N+>>J^0S6RvJ_xrX zS3q}ss7aC6(TY)Z1goNYK2bUCWC}nx!%^iDHNWiDkMEEi-MWB&k>TF?*daypjpicx z&<;@Q6DdKV-d2yEOy6^PJwNvAo{qvJ(cF-BYJ9(7LuN>nwp@lZJmmz*HASGFLdRGA zRz?#tg_4pUF1?|)3u+t!#Ac{)%; z!*~o>72UKp+QIyb7VKfJ6IhH}8uv5bGTsyuMJYb@P^sXz*nG8;v^Hl3DYa;Qn#$rl?hK0I&qtmS26IP2@L^crmA zP#Jg-&J%r7?FYz?6{W`JCzbets*I<*-ZTK4i5aqkI03G+1%{N&!O<4T4?Y-W0euUR z>qme`C8)4c(XneACTG z$?B6FG0HeDg?s)k)gItunEJ5`lzeCV6Zn`8e{@3U&8P%mR~`uD(!9TOH*K#9jL8y{ zt^jXuCSBgIs!9EJuRFTKKCkQ>wWHU{h0xyez*Nm^ z-Lmt>7OiU}E@&a9M5Xkgd!}ji*f=rCuC3*`61fQ`+HP>OMO=XQ+v2!qM$zK4lH=ky~pMzON4TKT;+$@z! zuWk^h{lfaJRyLXbHf3`!IZI-&3zC!cq{b%E2Pd}@T%B){qgn=}vo-iBn_+cFL*A?t zPO@IHZ;iQnn!q84<}KZvGSP4K0{c%@`8`^@2$l_7x=MrXG38>v=Gd&u(V#VN*t37S z7Oq)s#D!Fl*Qw~$f)*5%i5Fh04d&no(Aw-}P#;pDm&ftj;+ysET8Q z8QT>d8Gz)f8_pKG_%3{u{7+=(1D?7by5PuPq_!PU0~49|!r!@9(TC2p1j__8wzan^l(M3vgVHV6Ro|s0^D|$#+{h4n^dW?eeKU2gkWb zW_2z&KxuFa;3Tq_f>&6UmfjS{newah?u2u#pZ)oseU3+5qYZI^e9Z+)!vA{Sdf*+TKTuez%sUxNE-te| zCk=Cz(q@O+}t9H-tckG zLj%zylQ2hj;8hd#AlVYs*xl`ZYZP(gSCua_l2zmlUTCX5)GzW;`61Pq z7DDG~N~_RPndzG|`5rE>IV*KPuJ#Q~niDsyNORR$1y!{*KI-cl)MaPF?UYQ%-?uaM z&P2kq`5_5d0mENH75VvvwuF+Vo6>}*`?&@>^Ul&k)&XEVVJr$EXjoobqBp;3$ z+XvSfK2U&|3pv_ z1D2mXA)GbC3aM0uZ9tvE-p|7q-~@2g!SnQx)ix>2RVhP)AbxVab)^|eyZub*kG)9?Z+Rw(0Z3Ag{zx$F7QU2isjd5YdJQgnn2HM`6drVE z$dUey=J**QU#oMOa^epUA}_Q)i|$)1-~$?4cfoNU@mvn1-h2@*)xspFa`T|3w1%sD zsmU&RxnCemPbTh=-U!iS#nf5urD3_!q-O~Swinl*<0)W%4RvaJ$#KNc!>rHBNVKk3 z@5a%ly=t)B*=oKYtCz&pl=na9+^#tr@)gQEpk1Oo0xy1AVy;|3WxQV9H<ntw$>o+QIxf?$gssawrvs-YZ#!SEm&r1KxoK{j;A#W|3;)hhvz)E1(@Hs|Blgy|mn^wO>$AcN%u1~3 z$l(X}7ah`wSBjH);i%N4y1XS9XEhd=2hMA?n~8MN$#3jBm?V!p;lXQk-v{QTnSJe9CAdv8^prFKl2hcjwSK2YHo5zUr>g{@-!UksFWX zds;61;#hk=8r-$zq+uK$8?~TA|CKr2Q+~>hK^G-|bhO>k1^79`K_d$nYXnO9h+zed z7=Ge_d>I-*GXR+lWWsjNa4q}+k7XDc8M#S{7!$l4}Kt4sJ}kc;Dq1;-I2nix-K z9fH7z%R0w2;k?U!>^Ym!PbdxS#^Y3?6vra+8Lz*{@TEmLXyoKPY*VBTcpdnui8@El z!oJ!F-|P0?V4kj+dkqm3b4?sz0n!%;xu5adT=WBk#9F?zaS4eyPNpSBthk27UR8FJ z?9r{5z2pATN?)%`CBwl!ELVCc%|)bVtx}y%M4wjl!a2eo<`9rFE>dnr<^?Uk0*G<& zrXHGT9$8&_z^lD7BdApj%jF9q4*((7hFy(*w!@XK6v##q5L1en2+ojCg&ybg z0M;MZql)9wO~w!I<3G4T#Kd;a7~3cI<40z0?oPbn5Q@S7q|T|+nW~=B9GcqIKa``P z_;#_@v;OZ(+it7mgw_GCso#iFoETQD{81xvlLU-0Nu&=~lFTEk8hlNOT-rOArLfZ= zxk6%0-R*`?eRvEtrf+6wkHc@n92-g*0vU*N0a>$+%Ms<7!bzzLR<8;63oK&kDfj%~ zVx0mlJJvv{dDx*GC>>HYXO;N)%Y}Eug`Ir|>k=LFg}OE-3Kl+fe09vXz6CN$^OKHR z5cRuta(k5jh?h6*lZWy~qNmQ=JLg+R?rWz6PXFL#&wCfP2oz^8ma`f`(cf*@SAGr& z+vlTU>6Dmy9I=N?(Ynqt8~dh=!)-GGMd0Quc=ZsFOp-HO!JlKTRyZ1-`PO`yeuSx3 z5b594ZR;d1+zIQL-Jy>ZMmOhqS(@)MCvGQ8rMkkRQ=?w>&90a8+Rf>Rs^ddoe zGlSwF(t8V_(o|ZIUIK#B3DQCjJs_O`q4OQ)u2fI;}^_3ROvGNSs6tlI~ z$+Z`^t)EyYCe^(4*zpK_OOrY6ju9&xtE>=(C8?9MVOPbPYXe0eE@fbGmG(9Wpby^! z4k{zrzsc_)j$%&0e-4G(50-maHxW3|Ck`MwWup`7^Ca{mO0Dw!n+QzYm!<}ts5~u$ z!>g?z%Jr6Ma!kz4%8!z(E#bgAjNJ;4P4c3>qzRo|H(8~q39-9_Ih@6p>R6x@2U4Uj zun+j-B*avs0*oYCb?)}jJs5?9=aW#i>WP1aPv|6YN0Y>&Y)pM=r?oCFC8ylv2Bs>! zy0oL`@d;?Ez@k2L&Z!1cu^M$CsFzfvZKrWw$}QhD&YlDT#RV?Qyo`%;%$E>@a?$MB zwo?PHJ|!H2G6dZ4K#O)wACZzK-{3P+bJ(g4=Q^VPT6C1*#alVy#La%$tj5;G4*;kN zHAnJjT8c_r$I_)EjD5p4P1|d60myq@C~=4M+AhVw&Mb?L;&{%|OLZCt>d;F|4m6Mu zduzl-LcQ(F@mc%#dHzLFsME(!)2LM$8RQTWM$ zjTi7%bL!u>a}FETVK)vNQrR;$=A<pH5Hk=YBu)iAQ53_t3gEg(b=6-Sx2Ku(3An z%YJ)5fytY9B{?b7&DEyEC^&MW*q}-JMv<%XnM`e+sJ6UQh5#Y0fP!3sY5nMSR7`w&>^JGsB*NRo=NnlvQ z9>6Lyg{gT}`}tH1qfpP;OJG@#TEr2at3#4Ecnj<(#nlBGB3H|XJpNo-2Z|y|ZiCVF zk(%Gn(nfpThYsIFm)zlQ)_eckw%^}4=_P+%;v_eBYrx2aj*CC)BEQ;4&HFhO=4q>B zv{T$YbmWtl285=VhsUY!aOViGa8Xu0DS zRFD^6DMO`}b}+Hq2bfEFFCyiwML*pdp8`zW1!A(ndSW%yjS-7+$EAHq=OOx5o+(3V z)|Ku>lvM!fuKIX^g`Hez?3DAWK)eO%WRkm*ASY$OhLYXT>yPCL^46rK7Bc=NZZ35G zG~jzhklf&k^k+-jTDQwydRph&r)L)tb~8d!Z-Fj;6P__ybU_<@Vq<^aW3zALa%q*4 zP?ar>E=5o$>-g787{DGX;%#``Pf@Kf&Q|wE*w}#e(Ogo^X(*3uf7w{Mn1&2Zi}_k8 z`$+ipU^DwFn(L~j%_4hm(l)ha#KhJdJcXuk$fp;IRp*m{Dw=QgV7n0~>;@yN;8mrpg(VtNyk*g!nKJ1NDJbUoNVMny{c{>8^UvTK{WQn?Zr z)Z5PtAMQ9H^8Qp;>$y?ErE2|FzZksFZWO7m4xEw z3V@&Oi4nYB;gc;z#qs8P+%~+mkETzYJXZbU&f*4ZhcqlnPE%;xjk?0cF^20-wUpkK z#G5kMIZD-!;D$xbCR-%?G&=`~neMtOVkE(NWrz84NoL(t(l94Y%+~^L{8Q7&Hsw^| zRc=*AKcNe;Qw740D|kbTZ;(z3RXuPWWWAq|3)CGyG7T%alD>(?3JKeWo$poy*6o4H zTpd!R)fj#96soqZ5dGKD#l~V>+)cj}>-*=q9=mct0h!-DiV-Tkno7O*GTirDu&Kfu z4_L_K9IsTqO&@1JGkHn>x(9P)2QYO1be8Z;85qb0O(vE2`Hu7Ld9XL+7~-m<-0%1a z3UI^Vq)`@EDkg_^QsAwthxDV=dp_F~}_&P@~7Iq##e zwab^FhgP*qaCb4CxV@z^NcX@*;ha$ds@eDva557kV89k%EIL;yszJZF&e^_ett{p( z8!+GdA0n*3;8B=>iEXSaMZ!*J(#u<3#f8UPE*Z7mE!kvk;N9|L&gh7(k5K(*hk8+k%?gtH=ljIIHZFg42 zVpj*Cft{D0yhy{~OcFyO)^u9|hIwl7C|@8#WKu)CntafE?vnQTy7|d+`CLa!ov1=B zLKY651fAjprlmqIZxMDQ7pZ!v(=?ZiTI0f}8S( zwq5KLHVH3;>-)yr@X>ImUA;2(?J1_$5IoW4rVe8@AR|6ry{M{*YLpAscUAg&5Z&=t z4qT3-tCsrajj6?ixfu3lf0rR`Ws@P$mJvqQQNnJ>aej%ZxP5)$&Yo)RJOS$H@Kk2B zz@a{BoXR(*yQ!`m-=L-SU9QPxkLOAC`!`AH5xMQwEAW; zAZy)rZqvH6PX?WPIx#$i2dH6w52zAo>qzn>`MjIOC6o80jVzu@C!y721NfhP2!5V{npO}MJy2UJCk zAJH^PqbZga*V+@9*}A9n)^FzlokZ+3mnbNhrcu1eB!VjiMa7XJ%2(^ku5}S?7*YE4 zI$x8>cyU2Yg4ssM{LWOtqN6NG`rLKOAerQw!YNZbUINA+G8)CDGtUp+;?7~}ix8q5N)Bmv8c?KQFv_vz!r_;K z3LXbm@+ttce{mWfQ;2#lmZfivmX3FIY^NmL+*k@DFA(VZXB`H-nuSXFEmm;N+564) z5wx7%oa8B(hllD90vu+ld?&a5QQ();VUQ*uwZylaS-D$K|7}an%Y5x&l>{R!ZEi)B zaiXR^Ad<1gi|m~HpEWl;EbB4GK3ABXxu3n{M-OA?A zRRUE4!$XtrGyGmI_lOaHxhvRU@(|mYc=^G+4?LE$XXAi+(f&aGjCmItdKYHs3x4!r#0T%|Y`NWjaG1IJYa z<5#@Q8xnxNpz`XZxuj`ZGl|cK3#$pxWx|>!NTEGKPZ1HozH|c+-eQ!WO(uLP7wKk8JrSY`Mo&=|Vo%cy zvI=uuW=gCgZ9VTUEL+KeMnF{$XN#JsfVLKWj9hnB-(>8h9Vk{$VVD;gHNy#n{+!i2 zKobW`@w6#&1*N6L+vO_p3?_Y?PHYNAG>Ga^NPAU#4Zt9$h@kMCFkzYaxZY<^-vQGf z9ElcD!gtvAxiPvW>lR9dueE^#&|6^e9Iom-qP_V3(3%r~c{|{STA%MeDSA%=nC*L^ z5x?-+qlKTE=`}8AZ^%c79m9jJz-`ArFC$Qp+4%)rR^=Gd+CX|*yV!0#yxC@mYpc2n zk(4f30}@9$C`Pf%4zfF3GC7k@!$1U!=Ui>9e=oj-iR|#sf!&dAn4$uPAr@J3$Rw1$ zg;^^FLNtkT6|eE5#NTe|Yli$KMcU1>yz)+86IXO?=KxyO<(&gZ#ia1p2|uY=M9p9j}? z6C)Zoi|0R~yxr`2&)TvjtBZ28^`B!%gtV6_Be2_neriJk#cusUCtxIGL*a%p2@k}v zxP3C@@9DCakw7vHHqgQO63 zdgttho(NIv?)J{HVveze1DT)CgoPul0wH>vHY@@bFrJuwS6APzI84U@vn9ui1;jm1 z&jZcylZSDlN-vF(GRN_ndJP(;FBPQcX2NTX0j8r#X>vmiO9P7=d@eMKlnaOTv#jI= zT5jB+)ufquQ4<(HxlmTUS41Bf?|%ZeK{n}y+sppG+{{%WwdD|Ii>ZsA;(bVnmkqeD z_YddA5jQBSUuZO)eY`ra9Y~w9X=9dB#v7lL{H3!*R8%hTJcB=^9Z8EAtPLz-r&H+z z?9q^#b;T+2K$cY>oQZR1gkl~MG}wsM**^Aq@MF>Wp33Q~9W1cUd#l4`)zKEMht1_G zcfpwGx#?hfR=VVl6MG(-TNMs_h6lcbDYI=#ged-V;0|6OB2>;cIPO$vwJpNAlo^;H zBWuZu;VrcCbPb{k?gWCk*in7X^)7(zfnvv*yc(2{k9DQ1Qni`Ix)^Ptm^>IgtIHni zr)rndAyCM9TH!Jc?RCF9OUbrF!8FV@JAgkFw)B z;;NH-wQlar@F$D+z_#eo&};oKdbz3P!kZBMx-~ z>^?D+k1vXOBnp@%QTBFmULJsl`-vvWCKM?1jUBqtUt8(-gb12rB+ygMwF0m2CG+z? zUEBKr)@e0U5s07Cce6ArjAA$m>LH!g0 zO%^D2x`&^&I(8}aj>2$P5YaSC*xWifqGgcUQH>`t|GZTMq->;02wfhO7!_p*wAku` zFho-}H=y;4-?)2AZFtY!JOiwjTeP1wfD#Fr)wm!~_n3pCCfSZ5MicuL|`l zpGEp|lV@Xw)>x7_f0@grux!F(s?j`urYwoynGoK*2=%B}~ zerof{eK*IJR>6JS>;f!8em9-$ay<&SV_pQ3owJIDRL{X<{`8G>*LnOR+IEbIyG5^@ zK*xIGLdVRbBoo&Z12Fk}`ZghYj^2cw=&uLGmULQvZ&&n`!fJ?!1KQhsRyU|v;o`NA zDuZjlXQC`@?{HK{E(IbfuRTlf;t#XkC={A=0PF|&;0{IW%^J{@1iq;r>)ht`aH!}xju*=&;&b|=f`b<`ux2|voVh*NLTBg zwLrlmI_+2mNl{P^ZR1wi-B*JmP7u?gUb^=Jph%ihNk>_}l?8A9B-ygG%EX#_;(&x6 zJNWsLq`s>K4?ZiTGJ)`qJNP+d!sp-?k;CUi*5&K>MKonQ_Kfi9+NhKKD=>M4-;otAaq#M{>O z#ZIRKgo$9Hq=pICLR7rPFvRJM;lU6yBIvM@L{k(=LIs;qcw9pM`M8e|>*9?s_4L53 zJ~M>Bhb&+$C;$!feIHhL;{%EBcvjV-eAv-n{cNB3Y7jQ!{@hF|!2QhimnPE!5+qea zYkQ-`FU1n~rWXVT*VK?sdh-T*?~4?e0d=yZr<{{642ZxC1XphazJ=}~i){-T;vlDi zotnP-0fSrx&ZaH(e~>Z3R!E0pl93UchPgg&!PwvppctUWooF?=$a~{J)%3+mW!}l1 zeLnFhk_9SZFg+)MA^tT8-~(R znTFO2MqchXL6pG##8E?%*U4_2qikBXb4cs4g2_`@8nQ&`RNDegA}bx!9FaW>(^g^7Jno{@1k_u9#J#o5x%ZldG6hY1}U;|0Q2I#(SsC`wT zp=nWs|3Tq)1jXF&a`x1ij1;e_gCN55L~#O{dmJDtzBWCt_QB zyuKa}Wkyy7DmDi~@`$0##@C%4qWYv(n(Ijdq4p(3%A?a!&VP*e86NOi>sr6R3Q47d zd1Irz4p#9G>?xC$l-v26)^P*+AEy)vy2Zd9;(#qDVQKyD5lHV@m6~srKtW@ErtPLv z3QzUEK4oBYI0UdYW%yIdTorefP4|r2Y%hb}k`5)K+wUeB{n1r)|6S#66JQa->Z(}3 zXP_>tsG?oc1NKKB)JH?!d25XK)o+!N#3)1^nxt#;U=06M#XDgWKVM_&xS@BBZ6a%P zkxZW}2=ge3Y=BU4PA`k@tr5Mys*F2#wTQFNs;|Iy5%=jH8Q<7dl%)YLBSGSM#&IdG zYIcWwj=y`(PWpT)d*QACkX+omhMtX=j_+Y5(gzmSZ*@l%d%h7i<5uk#Rgn^VWDBpE zfA`d5{EnQ{{aje6D8DKrkgc!+$zj;091D55Kkj`pRBn+DCNM8=0wES|XY4qI2|~Q2 zGfN3CGa3%slDOGG$!J@}^R@b|zuCoCkU1h~h^(}H6<>j>>4$o1Ky9j#MNR)f&z=$6 zD6-|2e6jB)5bxm$o7)!jm|_cb3HTDUiu;qyz>#>d^{K4#Zt3k@m|y$bLr{aM8}VNo zB0EkqMR)f_lu1|Q#M{mpe=V-4A}|{+MYPJL2_9e*o||L(`Id>6IRuN3P+X*Xp+})#Q_veijjZHw!$* zT>>rH?1(P&Kk%9?vJa~O&{<(cV(V}u$ z`nQg}>E{8q{_7|2EsT;t7)H^yofZX=5IqA89q9B5SfH-ciDuWagG%vES>?Fn1CH9kTnLx zmai?atv06z(uY*uF-xfui?@#>9?%s#^ro|bhV18^&n)X66#%3EHD09O^)QF&d2A2V ze+eX~p=Zr)E?NthI&8{Yj)PQ_)3sA6v%v)~q-U#dRY}D>u;^O~n#Llck(~4%^O*;G z>iv#skC3qi8SF~9!cG;pO`VI2Qu`8G334)0pERvgb&ADzq{C9Ks6^pgt$T&MQ+9CP z@mNQ|F-I~U-l$eUP0!%ewx^A0;u&&YzZ8dWv@qSPR}L`Ek&01}1ak7N zDxOGX!|S+KQEROVrI?*9}?6p>FlZiHq8glg$Gq;2i2`A1Ll+5dlnw;gap ziZRK$2bfB{)jW45TOl*T#7oCaD2f3VLpJGoLxe3SA+9UTzI|eqm%Ati+Pv>*9f1*qkiulh#ew^svJ+OoCO?>Vr zi<;$CrEdJZfUxq)WS3^i+ZxDba-6|e0!HK62WaHwg5I$oh>(^kU{b*5x zu+EQjGjEBCw9ewd*f9FB&^UvFc9-MmY9?=*r}6`@wlu@16Womp)X0*e6vhyYV4j-lF!Q9W( zDAjfY;E=8VTaU+OLKe|f%|WM8&M&8t%lu`=2S&KAsH+5Odn6D$or|sXxI)wTX7TZA zog+23?8fbf2U`ksPnYy`n-PG^c$927x<;REHIMcB+c^goPgNFs@NsT0j0jtocn*AT z$yC1~S01D{w1)XpdGzpHMFisha$IeX$LjCsNl^JDWW9K5imzSv{ zE8tO&35~&0!Ls+_x|4_k$ju+Eec9Tpt4sMXgOw|U`0M}`OaGN9aQ_psXs_ECnaOTr zU%hb`>K8d}tA6tn{GUtUe#yONIOK}+_oRC0Vd|E>T|0ufNp@arha2La&u|mv#PD$? zn<@(`%j8u>XK?6zS0`bPUzfA4c71e5L6Gz~*8VL}kU8RvPt|`A>#&3oW7JgafCAr}*& z7+t3(Dt3Hwz{PT1!+>tW004SA1=7(p386K+M2HiW!X#4C1yj2l_A_%B6(cW;lbiDa z(;U3Vu)qMUKJ;>A`ZJP-Tt}rqeX$CuNFYGv^QYLt3`mc(T4ke@wV-*% zOLU{B4ney6?5hRGjpHypfDJh#g}WOvtNX`J>r;X9aNL%Okk2U|L(`fe68O<9G?`*OhpUV>?g1R9nD z+yX^a>DeE7L3)PLLPhgQrRkjsbm}9rt$*T+xZ8{ej#2wwNzGM7EjCJ*ZARwGD}qiX(mLyHY9z`9!6r3IK5s-O&(lq>~CBlUS^*}JRv4}^G^1$&7qJW zA}Ie}aTKnnSy=+$jkujzy=e4RpX2yCehnWx!vFbSumDmO`@5Gr!2-rGo=-CTlFR}a z=ERCRCB=n#9$(|!GS24L$3$S@TG$TCUbBUsI}hvD4R5#h0n1upkN9gBreMh_ehlGRYG8buE&FT= zM@%l?)`7CSg|D~$Vxr%MpZZqdF~t3Qb_G^VX1H1~ygfIQ452f|#P++Y4E0p#Ny>Ct zFs_`|yMVN6xFZTa#)cFhA&Ww~iYu0^HV)M~A(#pgV{VGW0N^hf75_I6!yFFXTS{#+ z*N5Ps{DU|}SM}EK+vdZGqeYC{r92_VSzek9$GgNyJ_w2@kHOJAHeg`o$Kpjmj-h&CI0K{bYBt@F+y8e334zCaQm>cZUa@eSU zxvX~V8w|H$LrnY$<$l2E-l=utJ;lsO5aq>md|-hFq+L<`2#43B0W zi7SP6GbbL5%P6kk+SD}zj{SZID=h8nBt}iGNX&T0*``k)SH$j9KKaKFt@Jw&R(Zhn zvLIc2N>h){5))}!qB^AG@omRqZ1?K_qWMft4OVcty($?oQ5e0m-RZp$5E5!f;OwH4 zAeO`RW}sJ@-)R{1-&L6j`ejwmW1BbSfK_axhN#UK$K~)fIBcgObZXY;j(c`SrUiRH zv$L_EhpJ*r^zrxpEoY=U0Fl1$GQNl_>_8X@*_yXQ;q|`v$^m!K4E}?NhX>73@q*xq zp_t8)*442^RCf=fh2>h6v#g(vuH}uJ#{~M{0`WHm2l&F|XI`?~U@X#~l@#qg$PPVr zvakGMJ73(`n|;g{24NFlET)(% z)Z+!GDkgk0#f}{X!VTkF*xuC%IW7~@u%WrdxNo8AJl$1#o`S1XLM>;@ z(7gCc0@db8kTgAz8^KPp&qqV(GGsZNA4a(=)I?*~m2P-xU{~w$@v-vB)Qvu)%7VSKfdh$o!|@l3f!a3B6pD#s z{PgcxMMVMdpqpkq9BF}gg3lk+d$(zuLg40r&QPJlED3Bo7#)jg0962!`;KkhPCBNu z&2t{$Eyu(ioUE47%QXVMHvMY?>1;07{ei%k-Y263N?-nhmMqEMmGRbhTPVHKeSeA0 zXtrZq0*vRu7w|WFwJY<;j^IV@4(>#vn1<>^=dk-vI)Q{+<0m(9WAR64dJ?*b(P6GTuT2@jXxzVC%A(&+aB3NZ<`HP`_!y7%4N ztFgIf%xm#-@g^_pA3sda67%PeuvTk*v%BCal&p756{OOG%1~ae)0}N+cu&w)xm3f| zGWr9JSge55F{~Yf{g==Lb0Sw^#7kDfAX6Z{*6Kf$O2Gxtsr0C|D{Ave#0!~4|Ai5g zRAMMnAINF)6ey8{t0TO6+=^4r9!J_QefSvMpY8#CN_Sa{t<4x5G?0=~c54r_p?%&17NB>NMBW$OX zR%oE?5RwY8i(TfHK33+60%7I%=YBZUY#_Z0GSb=AZzG;!W2fKrkDb=5MAq%Pt^u{@ zM-I4V48}X6?$TMZ!!ZYT?8&v-jAQF%sA|7X7DfV<`ZGxEVIEE}e=Lzd?9134wif@y zl-W2zLsl>56!~38hOUw0<@&H{z+^R+Jv?VJ-FqANr0+giR9xp)ld-w>BY zQkB{Edlo#YNe?*`Y8(Nd)eAcvvVqXS?dRY)#@GNWt##>Y{hU7~|5tZ* z6-{FmR!Gpmy1H0@$zowZ#jm9?ak?7!KDW)p({_J9K1$S z41GZp_Yy)^&mR%1rfhd3^r4NHrz^FuAKe$f+~WGFqhVNBG3lfcPA_|EzWzOLmbHaV zA0Iwm*5MW~e)*Tg^&c6V0RqcD^`J1~FeFAiNoDzxnFbqLZYIqiqY#wRW_mz{jzk>m zbLhAX8w!=?=t)Yn0;VAAWt$~T+b(Q*zb9-@rNCc@3T^zpE)FQk58K_J|D-yO*jhA1 zoxRfX=0I*vQ8(i#lCuCAe#C#5HoX>)`<^#laAqXdYkI;!BS`SrW%Q4y{zs&dXaVZ| zr1Ww#90{R|I*|6VkKe4@#phato)UiaVfuk$)K9v@nu(zY>u;i-IGCn4E5}Ff!^(8` zKPMSW9h0k{@BgwuXK9-#x|95%-S=KZZ9G7@)>*oL~VG7*CS1NX6c@mDe}sjavAO zRo^Tru@vhSvGN@2vhN0mc{RF3V%2HXKU~G!m~_|L=;y$P7B=MPJv{cy|DGbG!bT=G z6GBm77zwF)_|}!kuf2gtF>tb4`tkIMuvx^WkF*LN)o?Tq#TZ~tI=Us=Lp(`@oE>bi{ z`S=*Rf01Wr{A;>pTCJ5pJ>=%+xAizpD{d#!y+sPHCq;fess3UA1n03|m8Nc#?*62* zzV|mS;`LpD?yoynz+D7_v39tzx;j7c6D3IRwXeeWK9L)Rl)-51g|H2{_oy~OMnAib!4|EMB^@o>6m z{CM|jkTA8oZ;*|~u>~L!Twz`rrvyjosWl}eo*a|5r-#HW=?Wh0%~nbXO08@Tv1APVFx_ z^1fH({6%K?N2#7ZoZuj34RqRhgY=#s#8ggX-A+u%kN$!;czk~U#Y9*Bv2^4BV5e5g zYxI;*R}^QJcRsBEtkpt!5zhY#T>WdN0bI(%?%WA^&;(7R>2B3(2n&t9M9HGE^q}R9 zeZBt$220pZ6-RnPBz2yxx;FXl)uLU^MZAOke=*Z<+%JdOg>2k#-C3YQQV$%|8`|8y z6TC&~GGBVTGYM{SYOp&zm**%W0_%2%sCbjlqwapn-Ws@~iTWUHJU4Io#fm`6xB!tt zod&0f$3PK5<$nCT3O{+yP_~{gh^{7UiTuF_uEkVGFU`YbN2=w!m=rcq2W8c4GllV< zGQXx!p=f5Z*FaRgPd2#;lW$DhuM}|<(~%b%_fTAn zo!YJp-M!sBT=g z@YPNCH@kL6DF$f#+Zud|3ikul?n48g-VeD}694pq5(U(j>zjPQ^{EKq2*F9u zD5cl6ty|Sa!PIQFz$!x$-Y{9{fyUYW##Hqz6fE&wcaTu(sK+{|Uiwik ziYoz%SvFd@IoMP$R*MSl0kABU3>6-IQ zkvI}Ig-N*O{N>7q*HO)vssk$1WlH`N8R4C;^Mb#$uOT3BxN=mE`PQ+U_us>mDh(pZ zFTz&!TFVn%lzP4pat_HW*O!}3T6D~W%7?&)-ttEHtEm?2jn=M9)GQZyRvEuP7A!of zL;m^PM?t)Pzve_Sb%DM7=#4{OsNk0lL7gj3k?#GFcl5Qa_mIW57&Ut=+njFE*GIiB z%I!?CUWKw}ao(9nt-;?x1(20Dep}IX3HIvDWaua|s#8Yi+p2;_uZH;6X-3ohsk?Me zd`Ayf&KtH9qm5{Itk?xmAPGKVzNvpf>er6@&s;(QHaRhPLIBR*VGrBAv3tJXEXCZR z1kdHM_XUB`W3WiKTZ_IwQpkW!OF(ah{HX z{>wl@wg8@pc67J{3MHQm9Y-el&BqJdlMc?T3A4#jo>fzj9?5q+`fD9#0Cxc0FTM#M zJ0>(Fs`i!&M@xq+M+RnJKLGDm0pktcYOdaIf{Sqb2uzK{ z`HMF1#f;hde}hu|7Eyi@A4bYhGu`kE@`6b4f=OZ&F2~&NMe}zpPO-;nC6?D~mL!W( zU4BAx4xA6vU0L#mn^h;<6{ninZhGGEwl`cXbjW+OphU3oDRlBwpQnPO83-tTeDcin zdQE)O8=TCWUerk9_mbu(&y;P4UyL6yaf6CMOKuj;OT>-v`&7>Qy!FibzlBGxl>FeEh6tk8(lX;K&!EfDlLKi^8^o zrXA(JTzZ2G_!ondBeS(eb`HlvA^(CVKYm@68X%71Qijn*?yy^+JVj@WdW@}Aq;6&& zui)L$;((3JqlJRy*8!jHapA6B6UoD&j96v$wrR;pxV0;P&~ZQJsHpv-Hi2c3u8E|d z_c>>Ufb2K!qi2^?n{p@@oZHsc=O|SB^3(RLgMLZ_jE`(m#x$76N4~Rr%r-Nl#Eq%C zH~k8@g+Np6lLm16>QpZzm}OHCQ?rxz_JBCvKUDaWtUaNZ@Jt|J6G}fS;e?F=(z|Fm-73b0rf_`GoFc+b zdpY{*naIc&+{QVeBYFhr6J4ZNVB2|&bB<*5(zuNmla|6i^I~-_M@BRM21$;ooKMOo zS``C5yf6z=^Nt#g*~y9~ro?aGq$=XzmL*O3FiGszdyXT(SfxW2U(%^gaIh~~3)Iw> z(Mx=)-Lw8*wf#O^k2C%=3*Z+y-8jmuQb~lJ2-))jyJZl%~HU(F0dI&>^BO zim4u;E&pA=j1RmKg$d~431-?lTE3>R7s*%rzKR|B$R`ajp4d@k0;!T9;l1!}t@y*3 zZO-mWuke44_mkQG&A&jJ4(${Q2g$o1 zFbbCI0i3>U{cm+%P*wFUVWXG@qee&4Qod6hNvnKk5A#Zv*TBU_Q1#|)TJo&RlvNCt-h@@nN zK^7f#)WkI-i@3FPGL_5t$sNLX5|t&Z^4E{N_B;FnEM0hz>Npx(`NuQJFwyFrozt1q zc(%~)!y{K{gjBKCF>EMPgkJ(B$^De7ZeVE3HdA^pcO*NNaRtj>u#k5SpKSDZ0y|5r zBA$)Ot9pv9|B-48t~*oQT9U~YBywr0at%L1!Lw;wx6}QzQ68p4x<;ipBG%?BYQ5UA zDfddd{z5aVhIPzDi<^XM!NJ^Mt2qMAK(YF4%B=c;<#{4_8M~@Gq|}FE|<; z;S>qrUW~&&j@OJ-mCQGcj@^`hHOPY(z-yJ=Eh1F?0=JNHWMUT+OcXHpxBL?JgRa_@ zhz&iOTEj!%^5km?%!E9HP#x;GtJOJV zPYu9+-G25P5BTH1EmV0{?!W0jcurw|lUEPXP}FxM9|*g3W^&s{1!{E`d0o#bEVE}l zUsH2)b0~AKFqbkb@%L29kG}#YlPUatMFZQLAS4&1`15?l^eji;Uc@zD>1^6yv{?@N z`t;rTpA@15LMF{h)^mwXB$Rebv%JjV92;#u%|n^UQDATQud0wA-#`8k#owX3ALGgj zNwtIRh94X}Mg>P$KVBO4-!n>(=5G;rsm|uxus%we|FdQWMoc!T@6&S0*`;%B%r-Qm zfeH(sHw(z)oyq(>M<_teKqb?N4v=I|MS~cj0-_=+YOb>`yle{xRr7_;B+Nsaoxa6K z)UJsPsEk8TnEy)nym(4o!fNL!>&fA=E8-=bl(Pi0jwTU>iEXoFHWf(jTw{m7qWEs( zJ4aH0A37>DH`N$Dm;K8{QyqR%O7&c$PviU9iBINj>}!S3E-$vt8BEKVZ-YW`|J6@* zL|~7bwEs*`>2p?f%juW%2O=Ov#DYYlSz4t&f*%H=UEh^YA(}r?c-`b->|T5 zBJ%INy_o1HR#@uA{_(B@{zGe1HP0>SV^_86R3m=bH zVE+dH64B{rQ31Pxh|a($DBM~5g)ob;t(cZY!6NnuhSi1%#5e{carm*^F& zz3G58 z2$*z+u={n=-#maJ4}kGv+iJx9;pRw_x@MQ=D!9F_LXc+B$tH}*fV|u zMnPN38&t&^-&-I*SI{BBiTh3w9T&x*r5B1BM9f2Uf9wn)b$Lqpe` z>d;Etw+bnb!2IL=fAIk0JHx=!EpMm{3>|`y@Vr*#Z(y$wNzc5x=4ABEEr4f8`nmI^ zpFOatPM|XW2U4oc;oe~Du7i{(UfaW5cp_w@F4fPA;$M9JDD)S>9T~E54mE@6#GoqL z#+nyZnzwE|dGyqgo6`qhftc74dNTHBr(5yQ_GH)@pzO$GA<9W<_0^duO$#z)v&Don z|1wrktcd>TPaoxlU-lq}X=mmZS9LfbK>HP=#PZZyp~q?o`?|&j!*-xHvpf93wFCM$EdMHcv$04a>Z ztt~q5gS(!)4-QUz zr~C8)m^b(n=AYmAbxvNOnXxr)kpMOtyaO@b7GSZhlo2<3XWO&9tF3{1!KiS9O%D;U z&i%8^rv^j}&8e_GTP|TexLj1xg<}T{s^vTNCkX_E$c9(oeQysp`~(b6ZZ1$)f5Ayb zuo(L#%D9HPf7PF{{fWbt!Qc_4izSBo9PECS5NE_}^>8D{^EAhv8)6Q!fllnO&{KJ+X2c|sV=(1OAJ@tID zjMCcrx_wfDKgV>!er;OPOhEJhM`RC;n1yotLnCHlxyY*%pK)l! zSn3jL#1JW56R=_BkUX3Wh@);i_mX#Y7afUhpIfJsa?|x367s*)ZgVS7|A(ubl?KV} zk5%t);4nbv@2W+4YtzL80~OXge_e%CXAr&2yHlD5jZG z5?NX9D%IAiX0;}N%0*3EfCIJy%fh4QE|>@$CVp;(`%Y;{*H6>p2ipJLgVi&L@hQ&^ zz_O#IZw&KadROlfVash~Bi1q~6=a-JOHWf#7FhK2Gg5kBbc!+u2ewQoqWG+_q*zs+ z_2xjNpP;w;56k%X9#V%7GtN7EXlYm{k>LF3SG!^dsD^c-j^o>Ojm}AmnwzqEWu8;n zKlT#>*H+ndQkbuA?0nz5>VS@x`AZeLi}J-vi%g$A&Jvh{21@M5KyNROq-+2~TvH(= zx8|b|AM|yuhDs^^O^IA_nsBQBIA9^4b zUFfY%U?&$at3?$E43%fw0;3a1E;QczOLzK9c9YGi%iSULxvGg3mIC#t!Ed>IKL}OM z88$axV!6lJ^lEr0bKKTAY}>V6WW$)tD07vt%MoDznQ(}4=tdFmNf0l6qrh{fKb8X~ zKgDQ%4ByYRy!Um|yeY=OD&;@djY%A+EXMGCX-4ZTM)gpx!`FQ8BGSif?;pY4FB>h# zh0g>6yML;BoEQ+QDAurB=e;aG94OLpTDQD+z+o>G>juatJ?sJX{BYXtNy7})L)Eo8 zSh=Nf_`R%UM|IuX-ZXzgUmG?zy2@gx|iTiANpM5^bJ2n5H|Di<&f*G2;TiC3V1&pNs&s)Fwz{TC6+uwXa;Tgo1 zSn&4Pr0_xcWO?s3sc)Mfa0`zaKiv@5TMf+g`B9$G!45Md-(aKZ!WAhFzRXLe^+z*Q z_huXr&k)!l`wZB<4#YM;X7&IA6$T05912S}O1U(g#x_@}vQkmbP`pw>G2EBk9-Q@K z?uH4lX^zBD+VUY>MJSa5cr{-q1D8wup^&zNu4zt5guGY_`WdElvyw`{13;D1c|Wxms` zg<1|cka;xI{5plS~dXA z3&H26-vlnf=U+@X!4g-8M;H}Wh8t2=e)y{pdtzu?h3TsUC_>dfamH}W%`*ETG)FSW zSy`XZSqK1a$$8CBB&L9X7zjsL+69BmnLIXSbnfONt@o`Mc+}VhF*iqY?jN_#Q)Mu^ z)U0sha?_*#*WOi!HNC!lML?9m{{LE9n`BRlQxJ$0Q#6mB+Jpg6yvCo6xiz9z60yMKSa=+m0-gGvhx6 z0(Ec;x!uF8LP5&Y`ccJ*Ve$^^FN^3nH%+;0(+Fca7h8kZ4LpFq*E}+9F%1H!pwn!u zNvKkc>Vqy@?Scr2@nL0&S5^aiv}b=cPQ^Mf<~j9IEPSV&5HO6%wV#lzj?mPSC-v&!<4CxCnN?q1W4KT|a) zK|FW)P*Ru$6tkzaWofZmt147-o5j4e|MFkq#9Gxny5uE=n6U>iyJAy%#R4>dE-@UzQ6z4OfTYq zx#ByFbNjB}ZUIc!kw!sWa}*_uxn$(S^s?vj%|=b&eqPL|$VkDio;A~FjWDw!*Y~_=E0Wy7hByWt^gAc__0gg4Qxg+ui=-jqOl{POSkOoNa z+Bm<5v(_C2d1EXU5&0}|bk1h7)6%9wQB;O!lUQ$aCettX+e;wGv6@HsjWWg;Q|4u= z+2c`siftI}SY;|;6n1B=@b^p3>=J-t;e0wIHDi4l4*Yp>p(x^+4;MVcm*MWf4CU}- z*MY!`zZHqu|A65o_E%lzP*Z#=e`9A-*7u;z^+O*pS0Ho9h7LTP&s>1#GpJ2xbE8i| z0=gfBFo*)qk4K^k;_iNwvQN&n?@c4`Ie@;VhdJ25`V-e;F$}r*!x598Lk|ZPyuvt2 zBXCwPM}>0}BkO{0Wzntbu)EZXTx~=$SZl>B5`;Ps(bIng6TI2aF!iy|sZY_^!_S@{ zxRIUWR<)|b)aNzIiwevjBO&7ns%zTM|mCd*Rlh{yWrt>yx^f|?l^o>q2e zWVsI7&?NTNQ095(p;z*A45C7dl**R1DYKB;X9j&2z(c<)2*>^ahClLfz7L7khNiQV zOtvXb*G~`~@rSNDxjZrX?>+Yau~5Zs1aYurw`L>opN{V-7k$)%xW`8tyg<~At69>^ z6JT!gmD?oQE0w2LwOZhh=B`z`iS&u)XHLg0#fSRL|54I4judOX8Q@q3)$#e|%l=2+ z&Ts!1<_=ynE{Zex3Eq{wrJMb>Y1LS=r@-*L zq^o6OG@FkO#ef3Y`C0qT-j5fylfUP^f8Po4(>khA6i3phuxL zW$8RuM}{gMnGV0WKJgUNo`b&@W&bl%U{?skZ)stDn}oTB`@qiLT~v@|f!~}2@%hu} zKW5JV@TPS%QAG|R3H-p-ow&fciF+w1N?L77^=Q8)8==+xoBnJn1S%s1$M0hkSe>MJ zwE<<;k`}S|u8oK$#NtrvU}Zs8$`{8?n>^_b`+ztHrg(U!03n2pGK%|rD{EVP7tdba zEB2~HX}n&H^yR?Yu@=;h@zp7`*l>p2k@*^Z51kCnuZo`C+28R66JN~6HIK~fOkXpD zeo-lQj$!Fl!A}T!4)edZw-`DNyg~W=`w5Mg2d!q>_haHDuyO1ay{qW*61+zL=fjrc^EF8T}i_I9w;9bMfy0UxX$1*OCt%XdP4ONzvQ6@~v7~ zl-WldI&p_efMXsos3i=U9Ebtj_$O>KQm5{vz#q@v*b(CMNB06G{=*ZuTLxdG!;Et z$>B~_LpNa=?)63^BZN=L3;fG4{D)h*9ozS=8o2*cGX9Y|D6XxbM08H{J_sEwIZ==W zW5M*{P#<|XBKDj7G6ZExsSHJ@+x+;jspe+Wp4DKGiG?gX)Fea3kfa{WcQW0aEM9Oa zIvRF3((%=O<{JTV|M=N|6tY^#M!#pD1E(+U2M;)^aBhN`hqxA@3kYYdo1SC6b;;LA z7Y{H{T4eX8U0BIk#AX9rG?8W-ig60bDL%5$G1hQ+4rS)H==>w;)H(=J)vh0#2dX?p z+(GAK8Kd}4aunb9azt4`u;HZZQZ&O8?V`x%oHq;$jVD(b$4ZtR)NGq9L42d!NS}P1 zoiz8P=is0zVdTsh-9G(J_UFKHJJu*nJWvQ%?u+R=T z?IaOBmI7Vj2C5n0VhVeXA;esO`IRTc+|pzFqN}ShK6OcKrr|K13wD5dqHKUDHCIj> z7y*`PaF(7ik48UMl}a|YcRyk498hpdMmCr8?AZXn)pHo|@Mr?R>g9 zRWC&CCv}`z$nEyu(&obuQO;>yKP0cJ`^8jBHjuWB>UpmNyD|W~&holZGi(=lgH9i- zA#J_S?ah5fnP}ozQzQ@-qr-jn{D>3o&U+ffz&3&M^hsVMGIS^+t*&HW{-^p)ZQVb} zthrj@O~X}btC1reiZ2VeW%%KSW))~bIm20c-aPukc6B21+}T2VD-WWAbQpT$@%@vD zjQKxZ`>37egt}w!B=!Oi7=Y_S$VQ*-lBAA=a*8VXOU$E&^8 zLt`Z35r$D)jRa`lvbzJrBj@TrTp-0GGT#;2?ew3`Io0QTvgM@Fj&+y<1+m5?!%~0Y zq!I&IVDd5p<{w-jG!oCh58-=f80OjLF-sRTMrLqRej+mqEV}=?DNlbC~qt z19g5WRzwhK_xI&EQW41tN$htSEw1pwVD!Wr$#1r&BUhFM*B(Tfr3PwcenUSX{SiNt z4QLdAdJW~?+;gz!>R*yZ7ny!s2ZxFl{z~nzewhRFk0=o3Ir?lUoZYEDcY1I{&|TNn z$3L>OKGzxt5?Mf!!i9nyF>DQAwv&#M9)^EH+JCwf6vYePqVKKu$l67}SesC_|KVpR z9MFDH9F+4kke$=dKxWDgdP=+LzR4oLB!7h{hINbw>|Ie2e%_$LpdxJ6MRBpPAoi_? z{@5;$uRORMHTXnb?o|j6{d|L2ZlD6>?J?@G&A_psjVBHzHH&bkC#zRUri@D`Px@i> zBv^W)4>sZSY38$*4ZL-d7J08Lra;8=w2_p3-wWxa;U`ergG=qz92+jJW{cN+G#xy! zYCT>Z)cL4OyUIneMS=ysl(2aAz^`?1R2zI`A)fvH)LqC0&#cUkrYloa`bL~B2UwHx zs?eX%nwYP7rEwArH>|@-(R{f@C-BmLo9+BZ?D^kM9?J;mqy{500XkLe?&k=id>%4_ zP>hLbzNW;QBj2aV+gga<3ps9Z3F-e%@D&$ZYXgFHK`++y6YVuvz z$JSc<%c4r-LB!G`d0~gdei-H)!d93}8wMmNU^RQg< zsjO^I;(=P1R0Il-T(PIgxhQzjog*!niI=wnT646{N-H|1=bRXyDmQT}BA2VG_5qp4@xQSiGpOEGzD|MSRs&-Xz=pil|{bcqrBC>R5vcbbD#>2C9 zLn(dnwI4AUOoRBJJsj?QX0(`J#}DN*l8zPT*+)Z%UqwB%6}%9jK;IW|7!dL1mwv(WkP|0{)9$~C+uaAxE1y@i1yh@zurU7a?7&Wp*-oC#*A3UUu zIiH^$5!}b612LC785UmCFEf7glOFwt;?%hYaGZaMnU6ZN1|D8_2`w60d`xa233wUY z_uZc-#B2-I!+iIDJ^KLMA122%cOSoKl-DKI#_#DN$K%yLxvgz+oFqN&xnQR)@LGnd z$aGRFPz3~)yT)XwN?f&H^iQ1b=ol`!SMI@Or(iGBy;OZ1VIfQ03`;A3>q0JdaKpLB zPFQsJI(gotNZxI!_>g^^{!`>}0Wgx*$AOR?#k>{4QrVwH@O6bz0+@-$*&)uVZ)~A` z+zs3QNbcxJ0xQlXxSc5HuL4Y(r)`BR^s8)TkF>%p$qOG6$M(djVXpwL$q1iv$;o zkB0@NMdfI-p4q|CVl!F;wPi18F1_)lnU2G(%JhrdN<*W^@CnqhxUFGP#K-*FR~$ZUp*^Q zAhCc7VL`mo7z@*d1kc{ga8_@}>qWTf4)u^^&Wj^@6J^=b4Z-IcFLK5_`j|8Vx(sYc zrf6H9qfI+cDDHo_F#-4|sVNuH{B)j(`rl&(0RmK@XL`CH*63ltDZZp&nW(f&7-V^I>bCe<70ceUjDMiYbC8} z5j5)LjmG4gAd>)#4P}^3Gd(%K|E}^wl%pw+h?;x~^oNd`>~WcsF>cZZ>GEvr;6uT} zfIr8|Z%- zr_<`K{P!oIo;-Ex9&HU0paLWVF6+&9w{=Rx@Pwnqe4ugnn=}_yN-6m*BrDhXoq!1y zUf9^mZJP%8kPS;tLFo_mv-GVM47xKG#>>f(K3WQMjiC#_ZT(ogz%7`TY>-mgLe=eB z2^1t7ek$T>*icl#YukIRH**+n^u3GW-Otk?-rr07B21PCyq+-Oj8Xj<@Baw>2$Rht zz;kqR=QE6W5>HHxZQXhaL^m+!5$6_8ix^kQrsPp z$5N^JyoFmyLs&z&YG)*Tb^z1~QEFQ!c5L+Z4d~!*I|&y!5OuRrxqFmv(veg*TRE%e zTVcqzb}Ie4&x8pu&gR9Nrl_7HDv1TbS^bdmE*d0K>a{)Vlm@teSOyew^D$>Ep33Dd zy>_&UHX=3w{7{iHml^`*+M?%`BH`$pjoRHI*o9zn>Z}v!zxDj}^Xd2vii zhVzfTOfN~-ox4b~pM`kl6d_+mu7gtk){+C7mwcGSVM#M-?I+tLJWX{Wjbks1OE%d* zXD|0q^~0BoMtzl`j@3Z`%L--)0vvLY3y^Lg@l1q6REZf;by^axnArewymS9(}84|hhVQ$uy| zgs9@4ebub#n$4P0Dgh|RkK9MAcIHSTHMF!U``%otvQq^$B|3PyBB_5r99Tg3TrSS- zM-IYDoQrR1xK17=S6^?SU15FTt=rY{_C}DAy1T1X8Cg(DZi@Z*%TY9z2 z@Xu=9>QkyuYrYQLN4nL(U>Cqx{?R|Eegn+XnBhSAcztA!X@+`6=c|3!bfXxZwO*IG zM1Nq;Tom8rWz&?r5m=>HmcT!XNbM~rpsiX>#I6qqKbQ~YJo#hn$;5RNSB+aq7A+-9 zSu2S*`bfvNN3gu1awBy}mIMAG_QXLsI6kXtXGxb!eKf{iMUJGck3Vx_&RHDSz zxo8^L3SNfUBTIL%CJ;+@a__E#$cT?RpoO1Zr@5meCt z_VWOFykbaNtW5@%Miw06*x8 zMNHSX3@3|d*jWBdBspineCe8JNBcVT4l}aI1E0TR&%Pp>+vvXqQC@S*-rh$Sa-}2Z z^02+F9m9^kA6?KgOX3GtcmL&1r7Y{ipjT9fk>WkWBvZtmHDzobI=apD&{iwA$AywO z9|1n*^eQJUQ`uiltZSzo>bFu7m;`(4iLVd{-fwmQ)vNlM40 zK17JtMp5ytWG5pVv^=Z`BSE)R;&4%C^W;P#7hqz9xYipXy%%O@Fms zsD-1KxLB6M(w5@W(<`PQLXU!B`Y!IWT7n)We_W(&&w8W=VXIs?Gq)oXT3PN_2n-jsgOL!ROf{xrlInW}JeQ6O!Ol zd?7>Q>*?91_ses#sar3q)2Jw_&tQUvR;Q4r!KxoY%&iFkRotNPU=2tvP*rzbS@!_KbDi_SWA)8r#R&o zE~l!)+9bx)$nL|r!-dV63Z*{Oz;11Mh+5u_OiswWL(Q~8n(rq%x01Z#&P$u zBJ&&e?2`8d<2~_P+Z2WE)Hl{mU5j~hXv@S!&MuUj+w3@o70nONj}O~#E5&kHvzt`# zrG<29_H*iPDSB6u(C|3R9QH9J1ADB_mTgdrH8(~8p$EX*CYO@5#q)8_(;gf<45t&cBc#A8h;lbMUPis=~ zJ(h9rt8I;9%V=qq!L?_QmfW^LaV>heq!YLCjsdWv9P zKx<0Sa3iYYHq(x~CDBe_znvkLKDMa&ww%aq-y!OB9Xk~?8Zvk3mWeKpLll}&-N|Pf zp`^w;)oz3eb)A$Gm{m+3J+v-@2MNB-KzyDTB}H=#3U{l(>$l`KYpMpnz7(pV31L9) zY7M@pf1tyZ6hR6>IF9E;r+)Jqslo~jmpf^oVMPMHJ&iy$jN~%I2CpS-ZK_t$y81ZD zT8d>t-O^3i$H-N=Xn*ub%P}*$=QpTs%fuPjMpF^&CEC^fO*om<4N|U~>RLPX?U=Md zIo@+@@N_{ zeMutWNXf^yS&heWiW0Fnw@yA}$AR0vs%!-YB)v!cZgSWm)z8`v*8@5St|?fgx6D62 zsa5f?;mL%5fzgPmhS>ZX0rKy#`i)Je zM9Q3Rbft6o180ypG1+ro8q)C0v89runPHQLD%m*AiN?Q2CGuzr$a9TB1tz{`>L3s9xS__eAe{IE_(Ch5C z9|J%pbmQ%cM@?qbeea&&eq8@a=81h)$Yus)u_AbeelQ@%k{%IkHh^trz{B zJSC#6CoB*3<~v@c-a%9p(AyMS_Bm3Yt0Mpf&$&mlM@o!Sg$oz zK!FP%<;-WK1z`RDu!>f#8qcB#ACX)s8AUPb$t-gin{DI_a;9LE)@vV*Wc%e1ZKc=a z%CXDf#&do<(pD4$nCXhvUh>&4RcAH4dM^(%^+=Ft7+ab`i2Sq8n70IeONsRmuMH?w zVE?2ZfhTXwCj?HdLq!Aa(q+3orHDAn?EKUq21=7F-wX}6XF4RxdlhgBLg5&&r{$ZnaC<<<5 zh!cptjl4cu2wIkaG_kP62O@2VxyNP=F#_WA(@HEE3gkPH-6}RMNPx zM)3Mer@`6=CPAT`Eg>r)=*1IshB%wsERE(z$cGYw>5QkDfF3QgU^xBT%g5ful6XlP{rh7v* z4Y1R|z5OSv+gB(KW+k__C6clGp+-=H_lDyys4`yiilrdtk^IvI$>e%Ml5P%BDRXtM z;xDOLi^YUI1>EM!3nQ-dCVB}4=@KQ}s`#x;pX&2l5Z~`dzMqY>Xm9%#(hA3q7%9|}`z)A~pdQ4;Ly8N=Sfk=(cJw8NFW zPa8_+T`phHsA%>edJy)}yPtmLb6IL20!VefU-lCxuQ2IWNXb1BQ4fJexe_0`$t!%X zD3>h4eoe$jI##M~@5vd29&x*MpYg)^ZkSY_)T}MVjN()^8}TW!?SFE0O@E@H0uw9$ zqt)l6nA!b;EjsZuSGgx3(-06pU?$VsHUg-}CDo z@;ihfCb#OFMvRO{Pg@^`-(-+Hi^UBuRo?JkhnWHzNSp?a?Vdlz#a5s;_7Vf1jhvi- zNw^tW|FmgvhLCE?h5?l;e&%K|k(fxAcxkUk8&G(b!K~NN-Zw~!wYUlU>a`5HeVoL?e+v-YW9iN#YkH0S}_+div$`DIN6FblcK+sV# z!z9&*0|^g))6^G){d!qM$AzRH^slj`c{;Eg08rdp8roL;9@NI2Dq z2epv_w;QAoQaUb+t$2bkB_`cUspBmcXhHS&A(=we-%9=awg;&jW z6P%$?X4K`~t)W$EnzGi8BE30kE#{hS?Qhn}&7kI6?(ct)b?eQ()t-fZ0xY0St5QGG=Ug8h24A=YM?L4ldPL^BjTHvS=_C=1~$B`;omfvQOztvRchv1=4vSj zoJ6{IoylS`l5PiR1u2;gVH-P2KFhMM%9v1)7117E+D6JHWyGtsITW1?i(+SN7uK}x`VpI0~w1#UsVbMm&IzU<;Y6*1Gr_bFCHYEJ=c zMDF83&*C?CEGP6W_3%W+l_4%*ayZJde!Gh~`J6x)Nte$)rd!nfJ<*zQ>+OugA8$61%_kGkA}O zT+$r4X{yU)KgyGj*?|U{r1i$c7N0@jH}QrhILL{w8@m*!3Cpuip{uXGK<>cQIumW8 z3|bAZc!&$haLI^$59D`}OCGn39B& Date: Thu, 19 Mar 2026 19:50:28 +0900 Subject: [PATCH 2/5] =?UTF-8?q?README.md=20=EB=B1=83=EC=A7=80=EC=97=90=20?= =?UTF-8?q?=ED=91=9C=EA=B8=B0=EB=90=9C=20=EB=B2=84=EC=A0=84=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b1f8ff0..ba6bfa7 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # 얽힘 라이브러리 네이티브 -[![Version](https://img.shields.io/badge/version-1.1.0%20Alpha-blue?style=for-the-badge)](https://github.com/Quant-Off/entlib-native) +[![Version](https://img.shields.io/badge/version-2.0.0-blue?style=for-the-badge)](https://github.com/Quant-Off/entlib-native) [![License](https://img.shields.io/badge/license-MIT-green?style=for-the-badge)](LICENSE) [![Language](https://img.shields.io/badge/language-Java-orange?style=for-the-badge)](https://github.com/Quant-Off/entlib-native) From 873bede31a5d7c2980fad21c937f912f6167c42a Mon Sep 17 00:00:00 2001 From: "Q. T. Felix" <53819958+Quant-TheodoreFelix@users.noreply.github.com> Date: Thu, 19 Mar 2026 20:33:15 +0900 Subject: [PATCH 3/5] =?UTF-8?q?=EC=83=81=EC=88=98-=EC=8B=9C=EA=B0=84=20?= =?UTF-8?q?=EB=AA=85=EC=84=B8=20=EC=9E=91=EC=84=B1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/constant-time/README.md | 142 ++++++++++++++++++++++++++++++++ core/constant-time/README_EN.md | 142 ++++++++++++++++++++++++++++++++ 2 files changed, 284 insertions(+) create mode 100644 core/constant-time/README.md create mode 100644 core/constant-time/README_EN.md diff --git a/core/constant-time/README.md b/core/constant-time/README.md new file mode 100644 index 0000000..f4980c0 --- /dev/null +++ b/core/constant-time/README.md @@ -0,0 +1,142 @@ +# 상수-시간 크레이트 (entlib-native-constant-time) + +> Q. T. Felix (수정: 25.03.19 UTC+9) +> +> [English README](README_EN.md) + +`entlib-native-constant-time`은 암호학적 구현에서 발생하는 타이밍 부채널 공격(Timing Side-Channel Attack)을 원천적으로 차단하기 위해 설계된 `no_std` 호환 크레이트입니다. 본 크레이트는 비밀 데이터에 의존하는 모든 조건 분기(Conditional Branch)를 제거하고, 연산 소요 시간이 입력 값의 비밀성과 완전히 독립적임을 보장하는 상수-시간(Constant-Time) 프리미티브(Primitive)를 제공합니다. + +## 보안 위협 모델 + +현대 고성능 프로세서는 분기 예측기(Branch Predictor), 투기적 실행(Speculative Execution), 데이터 의존적 파이프라인 지연 등 다양한 마이크로아키텍처 최적화 기법을 활용합니다. 비밀 값을 피연산자로 하는 `if`/`else` 분기문 또는 조건부 반환(Early Return)이 존재할 경우, 공격자는 정밀한 시간 측정만으로 해당 비밀 값을 통계적으로 복원할 수 있습니다. 본 크레이트는 이 공격 표면을 완전히 제거하는 것을 목표로 합니다. + +## 핵심 추상화: Choice 구조체 + +`Choice` 구조체는 암호학적 조건부 연산의 결과를 안전하게 표현하는 불투명(Opaque) 타입입니다. 내부적으로 `0x00`(거짓) 또는 `0xFF`(참) 두 상태 중 하나만을 가지도록 설계되었으며, 이 불변 조건(Invariant)이 유지되는 한 비트 연산(`&`, `|`, `^`, `!`)은 논리 연산과 수학적으로 동치이면서도 분기를 유발하지 않습니다. + +```rust +#[derive(Clone, Copy)] +#[repr(transparent)] +pub struct Choice(u8); // 0x00 또는 0xFF만 허용 +``` + +내부 필드를 비공개로 유지함으로써 임의의 바이트 값이 `Choice`로 직접 주입되는 것을 방지합니다. 외부에서는 반드시 `from_mask_normalized` 함수를 통해서만 `Choice`를 생성할 수 있으며, 이 함수는 임의의 `u8` 입력을 `0x00` 또는 `0xFF`로 정규화합니다. + +> [!NOTE] +> **정규화 메커니즘**: 임의의 마스크 값 $m \in [0, 255]$에 대하여 정규화 과정은 다음과 같이 전개됩니다. +> +> 먼저 $m' = m \mathbin{|} (-m)$을 산출하면, $m = 0$일 때 $m' = 0$, $m \ne 0$일 때 $m'$의 최상위 비트(MSB)는 반드시 1이 됩니다. +> +> 이후 $b = m' \gg 7$로 MSB를 추출하면 $b \in \{0, 1\}$이 확정되고, 최종 마스크 $c = -b$ (2의 보수)는 $b = 0$이면 `0x00`, $b = 1$이면 `0xFF`를 산출합니다. +> +> 이 일련의 과정은 단 세 개의 비분기 CPU 명령어로 컴파일됩니다. + +`unwrap_u8` 메서드는 컴파일러 최적화가 내부 값을 상수로 접어(Constant Folding) 분기를 유발하는 것을 방지하기 위해 `core::hint::black_box`를 경유하여 반환합니다. + +## 트레이트 명세 + +### `ConstantTimeEq` + +두 값의 동일성 여부를 상수-시간으로 판별합니다. `ct_eq` 함수는 `Choice(0xFF)`(동일), `ct_ne`는 `Choice(0xFF)`(상이)를 반환하며, `ct_is_ge`는 대소 관계를 판별합니다. + +> [!NOTE] +> **동일성 판별 (`ct_eq`)**: 두 부호 없는 정수 $a, b$에 대하여 $v = a \oplus b$를 산출합니다. +> +> $a = b$이면 $v = 0$이고 $v \mathbin{|} (-v) = 0$이므로 MSB는 0입니다. +> +> $a \ne b$이면 $v \ne 0$이고 $v \mathbin{|} (-v)$의 MSB는 반드시 1입니다. +> +> MSB를 추출한 뒤 $\mathtt{mask} = -((\text{msb} \oplus 1))$로 최종 마스크를 산출합니다. +> +> $a = b$이면 `0xFF`, $a \ne b$이면 `0x00`이 반환됩니다. + +```rust +let v = *self ^ *other; +let msb = (v | v.wrapping_neg()) >> (u64::BITS - 1); +let mask = ((msb as u8) ^ 1).wrapping_neg(); // 0x00 또는 0xFF +``` + +> [!NOTE] +> **대소 판별 (`ct_is_ge`)**: 부호 없는 정수의 $a \ge b$ 판별은 뺄셈 $a - b$에서 언더플로우(Borrow) 발생 여부로 환원됩니다. +> +> Borrow 방정식 $\text{borrow} = (\lnot a \land b) \mathbin{|} (\lnot(a \oplus b) \land (a - b))$에서 결과의 MSB가 1이면 $a < b$, 0이면 $a \ge b$입니다. +> +> 이 공식은 정수 폭에 무관하게 올바르게 동작하도록 타입 크기 `<$t>::BITS`를 동적으로 참조합니다. + +부호 있는 정수의 동일성 판별 시에는 산술 시프트(Arithmetic Shift)로 인한 MSB 오염을 회피하기 위해 부호 없는 정수로 재해석(bitwise reinterpretation)한 뒤 기존 로직으로 위임합니다. 대소 비교 시에는 2의 보수 표현에서 부호 비트를 XOR로 반전시켜 ($a' = a_u \oplus 2^{N-1}$) 수학적 대소 순서를 보존한 채 부호 없는 정수 도메인으로 안전하게 사상(Mapping)합니다. + +### `ConstantTimeSelect` + +`ct_select(a, b, choice)`는 `choice`가 `0xFF`이면 `a`를, `0x00`이면 `b`를 반환합니다. Sign-Extension 트릭을 활용하여 `choice` 내부의 `u8`을 `i8`로 재해석한 뒤 대상 타입으로 부호 확장(Sign-Extend)합니다. `0xFF as i8`은 $-1$이며, 이를 임의의 정수형으로 확장하면 모든 비트가 1인 마스크가 됩니다. 이를 통해 분기 없이 비트 단위 다중화(Bitwise Multiplexing)를 수행합니다. + +$$\text{result} = (a \land \text{mask}) \mathbin{|} (b \land \lnot\text{mask})$$ + +```rust +let mask = (choice.unwrap_u8() as i8) as T; +(a & mask) | (b & !mask) +``` + +### `ConstantTimeSwap` + +`ct_swap(a, b, choice)`는 `choice`가 `0xFF`일 때 `a`와 `b`의 값을 교환하고, `0x00`일 때 원래 값을 유지합니다. XOR 스왑 알고리즘을 조건 마스크와 결합하여 추가 임시 버퍼 없이 분기 없는 교환을 구현합니다. + +$$t = (a \oplus b) \land \text{mask}, \quad a' = a \oplus t, \quad b' = b \oplus t$$ + +이 기법은 타원 곡선 스칼라 곱셈(ECSM)의 몽고메리 래더(Montgomery Ladder)와 같이 비밀 비트에 의한 조건부 교환이 빈번히 요구되는 암호 알고리즘에서 필수적으로 활용됩니다. + +### `ConstantTimeIsZero` 및 `ConstantTimeIsNegative` + +`ct_is_zero`는 값이 0인지를 판별하며, 기존 `ct_eq` 구현에 위임하여 중복 로직을 배제합니다. `ct_is_negative`는 MSB를 논리 시프트(Logical Shift)로 추출하여 판별합니다. 부호 있는 정수의 경우 산술 시프트로 인한 마스크 오염을 방지하기 위해 반드시 부호 없는 정수로 변환한 후 시프트를 수행합니다. + +$$\text{mask} = -\left(\left(\text{val}_u \gg (N-1)\right) \land 1\right)$$ + +이 연산은 단일 `SHR` 명령어와 단일 `NEG` 명령어만으로 컴파일됩니다. `ct_is_negative`는 다중 정밀도(Multi-Precision) 산술에서 `wrapping_sub`의 언더플로우를 분기 없이 감지하거나, 모듈러 보정(Modular Reduction)의 필요 여부를 판단하는 데 활용됩니다. + +## 적용 범위 + +본 크레이트의 모든 트레이트는 Rust 표준 정수 타입 `u8`, `u16`, `u32`, `u64`, `u128`, `usize`, `i8`, `i16`, `i32`, `i64`, `i128`, `isize`에 대해 선언적 매크로를 통해 일괄 구현됩니다. 각 구현체는 `#[inline(always)]` 어노테이션이 적용되어 호출 오버헤드가 존재하지 않습니다. + +## 감사 인프라 + +### `audit_mode` 피처: 어셈블리 검사 지원 + +`audit_mode` 피처를 활성화하면 `wrapper` 모듈이 컴파일됩니다. 이 모듈은 `#[inline(never)]` 및 `#[unsafe(no_mangle)]` 어노테이션이 적용된 감사 전용 함수들을 노출하며, 컴파일러가 해당 함수를 인라인하거나 심볼을 맹글링하지 않도록 강제합니다. 이로써 `objdump` 또는 `llvm-objdump`로 생성된 어셈블리를 직접 검사하여 의도치 않은 분기 명령어(`jne`, `je`, `cmov` 등)가 삽입되었는지 확인할 수 있습니다. + +```bash +cargo build --release -p entlib-native-constant-time --features audit_mode +objdump -d target/release/libentlib_native_constant_time.rlib | grep -E 'j[a-z]+' +``` + +### `valgrind_taint_audit` 피처: Memcheck 기반 오염 추적 + +`valgrind_taint_audit` 피처는 Valgrind의 Memcheck 도구와 연동되는 오염 추적(Taint Tracking) 테스트를 활성화합니다. 테스트는 Valgrind Client Request 인터페이스(`VALGRIND_MAKE_MEM_UNDEFINED`)를 통해 비밀 데이터를 오염(Taint) 상태로 표시하고, 연산 완료 후 결과 메모리가 오염 상태를 전파하는지 검사합니다. Valgrind의 추상 해석(Abstract Interpretation)은 오염된 값에 의존하는 분기(`jcc` 명령어)를 탐지하면 오류를 보고합니다. 이 테스트는 Linux `x86_64` 환경에서만 유효하며, Valgrind가 존재하지 않는 환경에서는 요청이 무시되어 테스트가 정상 통과합니다. + +```bash +cargo test -p entlib-native-constant-time \ + --features valgrind_taint_audit \ + --target x86_64-unknown-linux-gnu -- --test-threads=1 +# valgrind --tool=memcheck --track-origins=yes +``` + +> [!WARNING] +> 이 테스트는 현재 정상적으로 수행되지 않을 수 있습니다. 저희는 이 테스트가 엄밀하며, 정합한지에 대한 판단 중에 있습니다. 만약 이 테스트에 의견이 있으시다면 [적극적으로 피드백 해주시길 바랍니다.](../../CONTRIBUTION.md) + +### DudeCT 통계적 타이밍 검증 + +`dudect_audit` 벤치마크는 DudeCT 방법론에 기반하여 통계적 타이밍 동등성(Statistical Timing Equivalence)을 검증합니다. Welch's t-검정(test)을 적용하여 비밀 값이 동일한 경우(`Class::Right`)와 상이한 경우(`Class::Left`) 각 100,000회 이상의 실행 시간 분포를 비교합니다. $|t| < 5$ 기준을 충족하면 두 집단 간의 타이밍 차이가 통계적으로 유의하지 않다고 판단합니다. + +> [!IMPORTANT] +> 본 벤치마크는 가상화 환경(VM, 퍼블릭 클라우드)에서 하이퍼바이저 개입 및 CPU 클럭 변동으로 인해 t 값이 오염될 수 있습니다. 신뢰할 수 있는 결과를 얻기 위해서는 BIOS/UEFI 수준에서 전원 관리 기능(Turbo Boost, C-states)을 비활성화하고 CPU 주파수를 고정한 베어메탈 환경에서 실행할 것을 권고합니다. + +```bash +cargo +nightly build --release -p entlib-native-constant-time --bench dudect_audit +./target/release/deps/dudect_audit- +``` + +## 설계 원칙 요약 + +본 크레이트는 세 가지 수준의 보안 검증 체계를 순차적으로 적용하는 방어 심층화(Defense-in-Depth) 전략을 채택합니다. + +1. 구현 수준에서 XOR/OR/NEG 등 단일 명령어 비트 연산만을 사용하여 분기의 발생 가능성을 원천 차단합니다. +2. 어셈블리 감사(`audit_mode`)를 통해 컴파일러 최적화가 예상치 않은 분기를 삽입하지 않았음을 어셈블리 수준에서 검증합니다. +3. DudeCT 통계 검증 및 Valgrind 오염 추적을 통해 최종 바이너리가 실제 환경에서 타이밍 독립성을 유지함을 확인합니다. \ No newline at end of file diff --git a/core/constant-time/README_EN.md b/core/constant-time/README_EN.md new file mode 100644 index 0000000..7210f38 --- /dev/null +++ b/core/constant-time/README_EN.md @@ -0,0 +1,142 @@ +# Constant-Time Crate (entlib-native-constant-time) + +> Q. T. Felix (Modified: 25.03.19 UTC+9) +> +> [Korean README](README.md) + +`entlib-native-constant-time` is a `no_std` compatible crate designed to fundamentally block timing side-channel attacks that occur in cryptographic implementations. This crate provides constant-time primitives that eliminate all conditional branches that depend on secret data and ensure that the operation time is completely independent of the secrecy of the input value. + +## Security Threat Model + +Modern high-performance processors utilize various microarchitectural optimization techniques such as branch predictors, speculative execution, and data-dependent pipeline delays. If there is an `if`/`else` branch or a conditional return (early return) with a secret value as an operand, an attacker can statistically recover the secret value just by precise time measurement. This crate aims to completely eliminate this attack surface. + +## Core Abstraction: Choice Struct + +The `Choice` struct is an opaque type that safely represents the result of a cryptographic conditional operation. It is designed to have only one of two states internally, `0x00` (false) or `0xFF` (true), and as long as this invariant is maintained, bitwise operations (`&`, `|`, `^`, `!`) are mathematically equivalent to logical operations and do not cause branching. + +```rust +#[derive(Clone, Copy)] +#[repr(transparent)] +pub struct Choice(u8); // Only 0x00 or 0xFF is allowed +``` + +By keeping the internal fields private, it prevents arbitrary byte values from being directly injected into `Choice`. From the outside, `Choice` can only be created through the `from_mask_normalized` function, which normalizes an arbitrary `u8` input to `0x00` or `0xFF`. + +> [!NOTE] +> **Normalization Mechanism**: For an arbitrary mask value $m \in [0, 255]$, the normalization process proceeds as follows. +> +> First, if we calculate $m' = m \mathbin{|} (-m)$, then when $m = 0$, $m' = 0$, and when $m \ne 0$, the most significant bit (MSB) of $m'$ must be 1. +> +> After that, if we extract the MSB with $b = m' \gg 7$, then $b \in \{0, 1\}$ is confirmed, and the final mask $c = -b$ (2's complement) yields `0x00` if $b = 0$ and `0xFF` if $b = 1$. +> +> This series of processes is compiled into only three non-branching CPU instructions. + +The `unwrap_u8` method returns via `core::hint::black_box` to prevent the compiler from causing branching by constant folding the internal value. + +## Trait Specification + +### `ConstantTimeEq` + +Determines the equality of two values in constant time. The `ct_eq` function returns `Choice(0xFF)` (equal), `ct_ne` returns `Choice(0xFF)` (not equal), and `ct_is_ge` determines the greater-than-or-equal-to relationship. + +> [!NOTE] +> **Equality Determination (`ct_eq`)**: For two unsigned integers $a, b$, we calculate $v = a \oplus b$. +> +> If $a = b$, then $v = 0$ and $v \mathbin{|} (-v) = 0$, so the MSB is 0. +> +> If $a \ne b$, then $v \ne 0$ and the MSB of $v \mathbin{|} (-v)$ must be 1. +> +> After extracting the MSB, we calculate the final mask with $\mathtt{mask} = -((\text{msb} \oplus 1))$. +> +> `0xFF` is returned if $a = b$, and `0x00` is returned if $a \ne b$. + +```rust +let v = *self ^ *other; +let msb = (v | v.wrapping_neg()) >> (u64::BITS - 1); +let mask = ((msb as u8) ^ 1).wrapping_neg(); // 0x00 or 0xFF +``` + +> [!NOTE] +> **Greater-Than-or-Equal-To Determination (`ct_is_ge`)**: The determination of $a \ge b$ for unsigned integers is reduced to whether an underflow (borrow) occurs in the subtraction $a - b$. +> +> In the borrow equation $\text{borrow} = (\lnot a \land b) \mathbin{|} (\lnot(a \oplus b) \land (a - b))$, if the MSB of the result is 1, then $a < b$, and if it is 0, then $a \ge b$. +> +> This formula dynamically refers to the type size `<$t>::BITS` to operate correctly regardless of the integer width. + +When determining the equality of signed integers, to avoid MSB contamination due to arithmetic shifts, they are reinterpreted as unsigned integers (bitwise reinterpretation) and then delegated to the existing logic. When comparing magnitudes, the sign bit is inverted with XOR in the 2's complement representation ($a' = a_u \oplus 2^{N-1}$) to safely map to the unsigned integer domain while preserving the mathematical order. + +### `ConstantTimeSelect` + +`ct_select(a, b, choice)` returns `a` if `choice` is `0xFF`, and `b` if `choice` is `0x00`. It utilizes the sign-extension trick to reinterpret the `u8` inside `choice` as `i8` and then sign-extend it to the target type. `0xFF as i8` is $-1$, and extending it to an arbitrary integer type results in a mask with all bits set to 1. This allows for bitwise multiplexing without branching. + +$$\text{result} = (a \land \text{mask}) \mathbin{|} (b \land \lnot\text{mask})$$ + +```rust +let mask = (choice.unwrap_u8() as i8) as T; +(a & mask) | (b & !mask) +``` + +### `ConstantTimeSwap` + +`ct_swap(a, b, choice)` swaps the values of `a` and `b` if `choice` is `0xFF`, and keeps the original values if `choice` is `0x00`. It combines the XOR swap algorithm with a conditional mask to implement a branchless swap without an additional temporary buffer. + +$$t = (a \oplus b) \land \text{mask}, \quad a' = a \oplus t, \quad b' = b \oplus t$$ + +This technique is essential in cryptographic algorithms where conditional swaps by secret bits are frequently required, such as the Montgomery Ladder in Elliptic Curve Scalar Multiplication (ECSM). + +### `ConstantTimeIsZero` and `ConstantTimeIsNegative` + +`ct_is_zero` determines if a value is zero and delegates to the existing `ct_eq` implementation to eliminate duplicate logic. `ct_is_negative` determines by extracting the MSB with a logical shift. For signed integers, to prevent mask contamination due to arithmetic shifts, they must be converted to unsigned integers before performing the shift. + +$$\text{mask} = -\left(\left(\text{val}_u \gg (N-1)\right) \land 1\right)$$ + +This operation is compiled into only a single `SHR` instruction and a single `NEG` instruction. `ct_is_negative` is used to detect underflow of `wrapping_sub` without branching in multi-precision arithmetic or to determine the need for modular reduction. + +## Scope of Application + +All traits in this crate are implemented for the standard Rust integer types `u8`, `u16`, `u32`, `u64`, `u128`, `usize`, `i8`, `i16`, `i32`, `i64`, `i128`, `isize` through declarative macros. Each implementation has the `#[inline(always)]` annotation, so there is no call overhead. + +## Audit Infrastructure + +### `audit_mode` Feature: Assembly Inspection Support + +Activating the `audit_mode` feature compiles the `wrapper` module. This module exposes audit-only functions with the `#[inline(never)]` and `#[unsafe(no_mangle)]` annotations, forcing the compiler not to inline the functions or mangle the symbols. This allows for direct inspection of the assembly generated by `objdump` or `llvm-objdump` to check for the insertion of unintended branch instructions (`jne`, `je`, `cmov`, etc.). + +```bash +cargo build --release -p entlib-native-constant-time --features audit_mode +objdump -d target/release/libentlib_native_constant_time.rlib | grep -E 'j[a-z]+' +``` + +### `valgrind_taint_audit` Feature: Memcheck-based Taint Tracking + +The `valgrind_taint_audit` feature enables taint tracking tests that integrate with Valgrind's Memcheck tool. The test marks secret data as tainted using the Valgrind Client Request interface (`VALGRIND_MAKE_MEM_UNDEFINED`) and checks if the result memory propagates the tainted state after the operation is complete. Valgrind's abstract interpretation reports an error if it detects a branch (`jcc` instruction) that depends on a tainted value. This test is only valid in a Linux `x86_64` environment, and in environments where Valgrind does not exist, the request is ignored and the test passes normally. + +```bash +cargo test -p entlib-native-constant-time \ + --features valgrind_taint_audit \ + --target x86_64-unknown-linux-gnu -- --test-threads=1 +# valgrind --tool=memcheck --track-origins=yes +``` + +> [!WARNING] +> This test may not perform correctly at this time. We are in the process of determining whether this test is strict and correct. If you have an opinion on this test, [please provide active feedback.](../../CONTRIBUTION_EN.md) + +### DudeCT Statistical Timing Verification + +The `dudect_audit` benchmark verifies statistical timing equivalence based on the DudeCT methodology. It applies Welch's t-test to compare the execution time distributions of more than 100,000 runs for the case where the secret value is the same (`Class::Right`) and the case where it is different (`Class::Left`). If the $|t| < 5$ criterion is met, it is judged that the timing difference between the two groups is not statistically significant. + +> [!IMPORTANT] +> This benchmark's t-value can be contaminated in a virtualized environment (VM, public cloud) due to hypervisor intervention and CPU clock fluctuations. To obtain reliable results, it is recommended to run it in a bare-metal environment with power management features (Turbo Boost, C-states) disabled at the BIOS/UEFI level and the CPU frequency fixed. + +```bash +cargo +nightly build --release -p entlib-native-constant-time --bench dudect_audit +./target/release/deps/dudect_audit- +``` + +## Summary of Design Principles + +This crate adopts a defense-in-depth strategy that sequentially applies a three-level security verification system. + +1. At the implementation level, it fundamentally blocks the possibility of branching by using only single-instruction bitwise operations such as XOR/OR/NEG. +2. Through assembly auditing (`audit_mode`), it verifies at the assembly level that compiler optimizations have not inserted unexpected branches. +3. Through DudeCT statistical verification and Valgrind taint tracking, it confirms that the final binary maintains timing independence in a real environment. \ No newline at end of file From b83ad44267dcf52a658ef29b58e4769b6f8a96a7 Mon Sep 17 00:00:00 2001 From: "Q. T. Felix" <53819958+Quant-TheodoreFelix@users.noreply.github.com> Date: Thu, 19 Mar 2026 21:36:01 +0900 Subject: [PATCH 4/5] =?UTF-8?q?=EB=B3=B4=EC=95=88=20=EB=B2=84=ED=8D=BC=20?= =?UTF-8?q?=EB=AA=85=EC=84=B8=20=EC=9E=91=EC=84=B1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/secure-buffer/README.md | 109 +++++++++++++++++++++++--------- core/secure-buffer/README_EN.md | 90 ++++++++++++++++++++++++++ 2 files changed, 170 insertions(+), 29 deletions(-) create mode 100644 core/secure-buffer/README_EN.md diff --git a/core/secure-buffer/README.md b/core/secure-buffer/README.md index 7f3b4e5..7e0aa62 100644 --- a/core/secure-buffer/README.md +++ b/core/secure-buffer/README.md @@ -1,39 +1,90 @@ -# entlib-native-secure-buffer 기술 명세서 (초기) +# 보안 버퍼 크레이트 (entlib-native-secure-buffer) -> [보안 노트](../../SECURE_NOTE.md) 참고 +> Q. T. Felix (수정: 26.03.19 UTC+9) +> +> [English README](README_EN.md) -이 크레이트는 통합 제어 아키텍처(UCA)를 기반으로 구축되어, Java와 Rust 간의 상호작용에서 발생하는 메모리 소유권의 불확실성을 완벽하게 제어합니다. +`entlib-native-secure-buffer`는 비밀 데이터의 전체 생명주기—할당, 사용, 소멸—에 걸쳐 물리적 메모리 보안을 보장하기 위해 설계된 크레이트입니다. 표준 `Vec`이나 힙(Heap) 할당 API는 할당자(Allocator)의 재사용 정책으로 인해 해제 후에도 이전 데이터가 힙 잔재(Heap Residue)로 남거나, OS의 페이지 스왑(Swap) 메커니즘을 통해 디스크에 기록될 수 있습니다. 본 크레이트는 이러한 메모리 포렌식(Memory Forensics) 공격 표면을 체계적으로 제거합니다. -## 보안 버퍼 핵심 작동 방식 +## 보안 위협 모델 -`SecureBuffer`는 데이터 생성 주체에 따라 두 가지 생명 주기 패턴(RO 패턴, JO 패턴)을 통해 작동하며, 모든 메모리 접근은 Zero-Trust 원칙을 따릅니다. +비밀 키 또는 암호학적 중간값(Intermediate Value)이 프로세스 힙에 잔존할 경우, 공격자는 프로세스 메모리 덤프, `/proc/self/mem` 접근, 동면(Hibernation) 이미지 또는 스왑 파티션 분석 등을 통해 해당 데이터를 복원할 수 있습니다. 본 크레이트는 세 가지 방어 계층을 통해 이 위협에 대응합니다. 첫째, 할당 시점에 제로화(Zeroization)하여 힙 잔재 유출을 차단합니다. 둘째, OS 레벨 메모리 잠금으로 페이지가 디스크에 기록되는 것을 방지합니다. 셋째, 소멸 시점에 컴파일러 최적화를 우회하는 물리적 메모리 소거를 수행합니다. -* **메모리 잠금 및 할당 (OS-Level Lock)** - * 시스템의 기본 페이지 크기(4096 바이트)의 배수로 메모리를 할당하며, 할당 시점에 `heap` 영역의 잔여 데이터를 0으로 덮어씁니다. 할당된 메모리는 Unix의 `mlock` 또는 Windows의 `VirtualLock`을 통해 OS 레벨에서 잠겨, 민감 데이터가 디스크의 스왑(Swap) 영역으로 유출되는 것을 원천 차단합니다. -* **RO 패턴 작동 흐름** - * Rust 내부에서 `SecureBuffer::new_owned`를 통해 페이지 정렬 및 잠금 처리된 안전한 메모리를 할당하여 데이터를 생성합니다. - * Java로 데이터를 전달할 때는 `SecureBuffer` 내부의 `Drop` 로직이 실행되지 않도록 우회한 뒤, 포인터(`ptr`)와 길이(`len`), 그리고 `is_rust_owned = true` 플래그를 `FFIStandard` 구조체에 담아 반환합니다. - * Java 측 스코프가 종료되면 Rust 측 해제 전용 함수인 `entlib_side_secure_free`가 호출됩니다. 이 함수는 `Box::from_raw`를 통해 불투명 포인터의 소유권을 회수하고 스코프를 벗어나게 하여, 내장된 `Drop` 트레이트를 즉각 실행시킵니다. -* **JO 패턴 작동 흐름** - * Java의 FFM API `Arena`를 통해 선언된 메모리를 `SecureBuffer::from_raw_parts`를 이용하여 Rust로 주입받습니다. - * Zero-Trust 방어적 프로그래밍 원칙에 따라, 주입된 포인터와 길이가 페이지 크기(`PAGE_SIZE`)의 배수로 정확히 정렬되어 있는지 엄격히 검증하며, 어긋날 경우 사이드 채널 공격 등의 취약점으로 간주하여 즉시 거부합니다. - * Rust 내부에서 외부 메모리를 사용하는 동안에도 OS 잠금을 시도하여 스왑을 방지합니다. 연산 스코프 종료 시 Rust는 물리적 소거만 수행하며, 메모리의 최종 반환은 Java의 `Arena#close()` 호출에 위임합니다. +## 저수준 메모리 블록: `SecureMemoryBlock` 구조체 -## 무결성을 보장하는 물리적 소거 방식 +`SecureMemoryBlock`은 보안 요구사항을 충족하는 저수준 메모리 블록입니다. 표준 할당 API와 달리, 메모리 시작 주소가 반드시 시스템 페이지 경계에 정렬(Page-Aligned)되도록 `Layout`을 구성하여 할당합니다. `alloc_zeroed`를 통해 할당 즉시 내용 전체를 0으로 초기화하며, 이전 힙 데이터가 패딩 영역에 노출되는 것을 원천 차단합니다. -보안 데이터의 사용이 끝난 후 `SecureBuffer`의 `Drop` 트레이트가 호출되면, 단순한 메모리 반환이 아닌 하드웨어 아키텍처 수준의 강력한 물리적 소거(`Zeroizer::zeroize_raw`)가 선행됩니다. 데이터 유효 길이뿐만 아니라 패딩 영역이 포함된 전체 용량(`capacity`)에 대해 꼼꼼하게 소거를 수행합니다. +### 페이지 크기 획득 -* **x86_64 아키텍처 특화 소거** - * CPU 마이크로코드에서 가장 효율적으로 0을 채우도록 설계된 `rep stosb` 어셈블리 명령어를 사용하여 메모리 구간을 고속 초기화합니다. - * 이후 `clflush` 명령어를 64바이트 캐시 라인 단위로 순회 적용하여, L1/L2/L3 캐시에 남아있을 수 있는 데이터를 무효Zero 데이터를 강제로 메인 메모리(DRAM)로 밀어내 물리적인 덮어쓰기를 완수합니다. - * 마지막으로 `mfence` 메모리 배리어를 통해 모든 저장 및 플러시 작업이 완료될 때까지 CPU의 파이프라인 실행을 강제 동기화합니다. -* **AArch64 (ARM) 아키텍처 특화 소거** - * `write_volatile`을 통해 컴파일러 최적화를 무시하고 메모리를 0으로 덮어씁니다. - * `dc civac` (Data Cache Clean and Invalidate) 명령어를 사용하여 캐시 라인을 정리하고 무효화합니다. - * `dsb sy` 명령어를 통해 데이터 동기화 배리어를 세워 소거의 원자성을 보장합니다. -* **안티 포렌식 및 컴파일러 최적화 방어** - * 컴파일러가 불필요한 연산으로 간주하여 소거 로직을 삭제해 버리는 DSE(Dead Store Elimination) 취약점을 원천 차단하기 위해, `compiler_fence(Ordering::SeqCst)` 및 `fence(Ordering::SeqCst)`를 수행하여 하드웨어 및 컴파일러 동기화를 강제합니다. +올바른 페이지 정렬과 캐시 라인 플러시를 수행하려면 런타임에 실제 시스템 페이지 크기를 파악해야 합니다. `std` 피처가 활성화된 Linux 환경에서는 libc나 `sysconf`를 거치지 않고 `/proc/self/auxv` 보조 벡터(Auxiliary Vector)를 원시 시스템 콜(`SYS_open`, `SYS_read`, `SYS_close`)로 직접 파싱하여 `AT_PAGESZ` 항목을 추출합니다. 이 방식은 중간 계층 라이브러리에 대한 의존을 제거하여 공급망 공격(Supply Chain Attack) 표면을 축소합니다. 비 Linux Unix 환경(macOS 등)에서는 POSIX `getpagesize()`를 호출합니다. -## 규정 준수 측면 +획득된 페이지 크기는 최솟값(4096) 및 2의 거듭제곱(Power-of-Two) 여부를 반드시 검증합니다. 검증에 실패하면 변조된 커널 응답으로 간주하고 패닉(Panic)을 발생시킵니다. -이러한 설계는 FIPS 140의 엄격한 요구사항을 완벽히 충족합니다. 특히 데이터의 전체 생명 주기가 하나의 컨텍스트 객체라는 단일 병목점 내에서 철저히 관리되며, 데이터 선언 ➔ 연산 ➔ 스코프 종료에 따른 물리적 소거 ➔ 완전한 할당 해제의 흐름이 코드 스코프에 의해 기계적으로 보장됩니다. \ No newline at end of file +```rust +if size < 4096 || !size.is_power_of_two() { + panic!("Security Violation: 안전하지 않거나 변조된 OS 페이지 크기가 감지되었습니다! ({})", size); +} +``` + +> [!IMPORTANT] +> `no_std` 환경에서는 런타임 조회가 불가능하므로 보수적 기본값 4096을 사용하며, 실제 배포 환경의 하드웨어 사양에 맞춘 포팅이 요구됩니다. + +### OS 레벨 메모리 잠금 + +`allocate_locked`는 메모리 할당 후 OS 잠금을 시도합니다. Unix 계열에서는 `mlock(2)` 시스템 콜을 사용하며, Linux에서는 1차 잠금 실패 시 `RLIMIT_MEMLOCK` 리소스 한도를 `RLIM_INFINITY`로 동적 상향 조정한 뒤 2차 재시도합니다. Windows에서는 `VirtualLock` API를 통해 프로세스 워킹 셋(Working Set)에 해당 페이지를 고정합니다. 잠금에 최종 실패하면 이미 할당된 메모리를 즉시 해제하고 오류를 반환하여, 잠금되지 않은 상태로 비밀 데이터가 사용되는 상황을 방지합니다. + +## 물리적 메모리 소거: `SecureZeroize` 트레이트 + +컴파일러는 소거 직후 메모리가 더 이상 읽히지 않는다고 판단하면 `memset`이나 단순 대입 루프를 데드 스토어 제거(Dead Store Elimination, DSE) 최적화로 삭제할 수 있습니다. `SecureZeroize` 트레이트와 `Zeroizer` 구현체는 아키텍처별 하드웨어 명령어를 직접 사용하여 DSE를 원천적으로 차단합니다. + +### x86_64 소거 루틴 + +x86_64 환경에서는 인라인 어셈블리(`rep stosb`)를 사용하여 CPU 마이크로코드 수준에서 메모리를 0으로 채웁니다. 이 명령어는 컴파일러 IR 단계를 거치지 않으므로 DSE가 적용될 수 없습니다. 이후 L1/L2/L3 캐시에 잔존할 수 있는 데이터를 제거하기 위해 `clflush` 명령어를 캐시 라인 단위로 순차 실행합니다. + +캐시 라인 크기는 하드코딩하지 않고 `CPUID Leaf 1`의 `EBX[15:8]` 필드(`CLFLUSH line size`)에서 동적으로 획득합니다($`\text{clflush\_size} = ((\texttt{ebx} \gg 8) \mathbin{\&} \texttt{0xFF}) \times 8`$). CPUID 조회 실패 또는 비정상 반환 시에는 64바이트를 안전한 기본값으로 사용합니다. 모든 플러시가 완료된 후 `mfence` 명령어로 메모리 버스 수준의 완전한 순서 보장(Full Memory Barrier)을 수행합니다. + +```rust +// rep stosb: CPU 마이크로코드 수준 메모리 초기화 (DSE 불가) +asm!("rep stosb", inout("rcx") capacity => _, inout("rdi") ptr => _, in("al") 0u8, ...); +// clflush: 캐시에 잔존하는 데이터 강제 축출 +asm!("clflush [{0}]", in(reg) flush_ptr, ...); +// mfence: 전체 메모리 배리어 +asm!("mfence", ...); +``` + +### AArch64 소거 루틴 + +AArch64 환경에서는 `write_volatile`을 사용한 바이트 단위 초기화로 컴파일러 최적화를 억제합니다. 이후 캐시 정리를 위해 AArch64의 `dc civac`(Data Cache Clean and Invalidate by Virtual Address to Point of Coherency) 명령어를 실행합니다. 캐시 라인 크기는 `CTR_EL0` 시스템 레지스터의 `DminLine` 필드(`bits [19:16]`)에서 직접 획득합니다($`\text{cache\_line} = 4 \times 2^{\text{DminLine}}`$ 바이트). 모든 작업 완료 후 `dsb sy`로 완전한 데이터 동기화 배리어를 수행합니다. + +### 폴백(Fallback) 소거 루틴 + +위 두 아키텍처 외의 환경에서는 OS가 제공하는 안전한 소거 API를 우선 사용합니다. `std` 피처가 활성화된 Unix 환경에서는 `explicit_bzero(3)` (OpenBSD, FreeBSD, Linux glibc 2.25+에서 지원)를, Windows에서는 `RtlSecureZeroMemory` Windows 커널 API를 호출합니다. 두 API 모두 컴파일러 DSE를 방지하도록 명세가 보장되어 있습니다. OS API가 전혀 부재한 `no_std` 베어메탈 환경에서는 `write_volatile` 기반 바이트 단위 루프를 폴백으로 사용하며, 이 경우 캐시 라인 플러시의 보장 여부는 대상 하드웨어에 종속됩니다. + +모든 소거 경로는 종료 직전 `compiler_fence(SeqCst)` 및 `fence(SeqCst)`를 적용하여 컴파일러와 하드웨어 파이프라인 모두에서 소거 연산이 선행 완료됨을 보장합니다. + + +## 고수준 보안 버퍼: `SecureBuffer` 구조체 + +`SecureBuffer`는 `SecureMemoryBlock`을 래핑하여 데이터의 전체 생명주기를 안전하게 관리하는 고수준 API입니다. Rust 내부에서 할당한 소유(Owned) 메모리와, Java FFM API 등 외부 시스템에서 전달된 비소유(Borrowed) 메모리를 `owned_block: Option` 필드로 구분하여 처리합니다. + +### 소유 메모리 생성: `new_owned` + +`new_owned(size)`는 `SecureMemoryBlock::allocate_locked`에 위임하여 페이지 정렬된, 0으로 초기화된, OS 잠금이 적용된 메모리를 할당합니다. `owned_block`에 할당 정보가 기록되며, `Drop` 시점에 소거 후 해제 책임이 `SecureMemoryBlock`으로 위임됩니다. + +### 외부 메모리 래핑: `from_raw_parts` + +`from_raw_parts(ptr, len)`은 Zero-Trust 원칙에 따라 외부에서 주입된 포인터가 페이지 경계에 정렬되어 있는지 엄격히 검증합니다. 포인터 주소(`ptr as usize`)와 길이(`len`) 모두 시스템 페이지 크기의 배수여야 하며, 하나라도 위반하면 즉시 오류를 반환합니다. 검증 통과 후에는 외부 메모리에 대해서도 OS 잠금을 시도합니다. `owned_block`은 `None`으로 설정되어 `Drop` 시점에 메모리 해제가 수행되지 않으며, 실제 해제는 원래 소유자(예: Java Arena)에 위임됩니다. + +```rust +if !(ptr as usize).is_multiple_of(ps) { + return Err("Security Violation: External memory pointer is not page-aligned."); +} +``` + +### 자동 소거와 해제: `Drop` 구현 + +`SecureBuffer`의 `Drop` 구현은 소유권 여부와 무관하게 항상 `Zeroizer::zeroize_raw`를 통해 `capacity` 전체를 소거합니다. 소거 대상 범위가 유효 데이터 길이(`len`)가 아닌 할당 전체 용량(`capacity`)임에 주목해야 합니다. 이는 페이지 정렬에 의해 생성된 패딩 영역에도 이전 데이터가 잔존할 수 있기 때문입니다. 소거 완료 후, 소유 메모리는 `SecureMemoryBlock::deallocate_unlocked`를 통해 잠금 해제 및 `dealloc`을 수행하고, 비소유 메모리는 잠금 해제만 수행합니다. + +## 피처 플래그 + +`std` 피처는 페이지 크기 런타임 조회, OS 메모리 잠금(`mlock`/`VirtualLock`), `explicit_bzero`/`RtlSecureZeroMemory` 폴백 소거 루틴을 활성화합니다. 이 피처를 비활성화하면 크레이트는 `no_std` 환경에서 동작하며, 페이지 크기는 4096으로 고정되고 메모리 잠금 및 OS API 폴백은 비활성화됩니다. 아키텍처별 인라인 어셈블리 소거 루틴(x86_64, AArch64)은 피처와 무관하게 항상 활성화됩니다. \ No newline at end of file diff --git a/core/secure-buffer/README_EN.md b/core/secure-buffer/README_EN.md new file mode 100644 index 0000000..152a6a0 --- /dev/null +++ b/core/secure-buffer/README_EN.md @@ -0,0 +1,90 @@ +# Secure Buffer Crate (entlib-native-secure-buffer) + +> Q. T. Felix (Modified: 26.03.19 UTC+9) +> +> [Korean README](README.md) + +`entlib-native-secure-buffer` is a crate designed to ensure physical memory security throughout the entire lifecycle of secret data—allocation, use, and destruction. Standard `Vec` or heap allocation APIs can leave previous data as heap residue after deallocation due to the allocator's reuse policy, or it can be written to disk through the OS's page swap mechanism. This crate systematically eliminates these memory forensics attack surfaces. + +## Security Threat Model + +If a secret key or cryptographic intermediate value remains in the process heap, an attacker can recover the data through a process memory dump, `/proc/self/mem` access, hibernation image analysis, or swap partition analysis. This crate counters this threat with three layers of defense. First, it prevents heap residue leakage by zeroizing at the time of allocation. Second, it prevents pages from being written to disk with OS-level memory locking. Third, it performs physical memory erasure that bypasses compiler optimizations at the time of destruction. + +## Low-Level Memory Block: `SecureMemoryBlock` Struct + +`SecureMemoryBlock` is a low-level memory block that meets security requirements. Unlike standard allocation APIs, it allocates by configuring the `Layout` so that the memory start address is always page-aligned. It immediately initializes the entire content to 0 upon allocation via `alloc_zeroed`, fundamentally blocking the exposure of previous heap data in the padding area. + +### Obtaining Page Size + +To perform correct page alignment and cache line flushing, the actual system page size must be determined at runtime. In a Linux environment with the `std` feature enabled, it directly parses the `/proc/self/auxv` auxiliary vector using raw system calls (`SYS_open`, `SYS_read`, `SYS_close`) to extract the `AT_PAGESZ` entry, without going through libc or `sysconf`. This approach reduces the supply chain attack surface by eliminating dependencies on intermediate libraries. In non-Linux Unix environments (macOS, etc.), it calls the POSIX `getpagesize()`. + +The obtained page size is always verified for a minimum value (4096) and whether it is a power-of-two. If the verification fails, it is considered a tampered kernel response and a panic is triggered. + +```rust +if size < 4096 || !size.is_power_of_two() { + panic!("Security Violation: Unsafe or tampered OS page size detected! ({})", size); +} +``` + +> [!IMPORTANT] +> In a `no_std` environment, runtime lookup is not possible, so a conservative default of 4096 is used, and porting is required to match the hardware specifications of the actual deployment environment. + +### OS-Level Memory Locking + +`allocate_locked` attempts to lock the memory after allocation. On Unix-like systems, it uses the `mlock(2)` system call, and on Linux, if the primary lock fails, it dynamically raises the `RLIMIT_MEMLOCK` resource limit to `RLIM_INFINITY` and retries a second time. On Windows, it pins the page to the process's working set via the `VirtualLock` API. If the lock ultimately fails, it immediately deallocates the already allocated memory and returns an error, preventing the use of secret data in an unlocked state. + +## Physical Memory Erasure: `SecureZeroize` Trait + +If the compiler determines that the memory is no longer read after erasure, it can delete the `memset` or simple assignment loop as a Dead Store Elimination (DSE) optimization. The `SecureZeroize` trait and `Zeroizer` implementation fundamentally block DSE by directly using architecture-specific hardware instructions. + +### x86_64 Erasure Routine + +In an x86_64 environment, it uses inline assembly (`rep stosb`) to fill the memory with zeros at the CPU microcode level. Since this instruction does not go through the compiler IR stage, DSE cannot be applied. After that, to remove any data that may remain in the L1/L2/L3 caches, the `clflush` instruction is executed sequentially on a cache line basis. + +The cache line size is not hardcoded but is dynamically obtained from the `EBX[15:8]` field (`CLFLUSH line size`) of `CPUID Leaf 1` ($\text{clflush\_size} = ((\texttt{ebx} \gg 8) \mathbin{\&} \texttt{0xFF}) \times 8$). If the CPUID lookup fails or returns an abnormal value, 64 bytes are used as a safe default. After all flushes are complete, a full memory barrier is performed at the memory bus level with the `mfence` instruction. + +```rust +// rep stosb: CPU microcode level memory initialization (DSE not possible) +asm!("rep stosb", inout("rcx") capacity => _, inout("rdi") ptr => _, in("al") 0u8, ...); +// clflush: Force eviction of data remaining in the cache +asm!("clflush [{0}]", in(reg) flush_ptr, ...); +// mfence: Full memory barrier +asm!("mfence", ...); +``` + +### AArch64 Erasure Routine + +In an AArch64 environment, compiler optimizations are suppressed by byte-wise initialization using `write_volatile`. After that, for cache cleaning, the AArch64 `dc civac` (Data Cache Clean and Invalidate by Virtual Address to Point of Coherency) instruction is executed. The cache line size is obtained directly from the `DminLine` field (`bits [19:16]`) of the `CTR_EL0` system register ($\text{cache\_line} = 4 \times 2^{\text{DminLine}}$ bytes). After all operations are complete, a full data synchronization barrier is performed with `dsb sy`. + +### Fallback Erasure Routine + +In environments other than the two architectures above, the secure erasure API provided by the OS is used first. In a Unix environment with the `std` feature enabled, `explicit_bzero(3)` (supported on OpenBSD, FreeBSD, Linux glibc 2.25+) is used, and on Windows, the `RtlSecureZeroMemory` Windows kernel API is called. Both APIs are specified to prevent compiler DSE. In a `no_std` bare-metal environment where there is no OS API at all, a `write_volatile`-based byte-wise loop is used as a fallback, in which case the guarantee of cache line flushing depends on the target hardware. + +All erasure paths apply `compiler_fence(SeqCst)` and `fence(SeqCst)` just before termination to ensure that the erasure operation is completed first in both the compiler and the hardware pipeline. + + +## High-Level Secure Buffer: `SecureBuffer` Struct + +`SecureBuffer` is a high-level API that wraps `SecureMemoryBlock` to securely manage the entire lifecycle of data. It handles owned memory allocated within Rust and borrowed memory passed from external systems such as the Java FFM API by distinguishing them with the `owned_block: Option` field. + +### Creating Owned Memory: `new_owned` + +`new_owned(size)` delegates to `SecureMemoryBlock::allocate_locked` to allocate page-aligned, zero-initialized, and OS-locked memory. The allocation information is recorded in `owned_block`, and the responsibility for erasure and deallocation at the time of `Drop` is delegated to `SecureMemoryBlock`. + +### Wrapping External Memory: `from_raw_parts` + +`from_raw_parts(ptr, len)` strictly verifies that the pointer injected from the outside is page-aligned according to the Zero-Trust principle. Both the pointer address (`ptr as usize`) and the length (`len`) must be multiples of the system page size, and if either is violated, an error is returned immediately. After passing verification, it also attempts to lock the external memory with the OS. `owned_block` is set to `None` so that memory deallocation is not performed at the time of `Drop`, and the actual deallocation is delegated to the original owner (e.g., Java Arena). + +```rust +if !(ptr as usize).is_multiple_of(ps) { + return Err("Security Violation: External memory pointer is not page-aligned."); +} +``` + +### Automatic Erasure and Deallocation: `Drop` Implementation + +The `Drop` implementation of `SecureBuffer` always erases the entire `capacity` through `Zeroizer::zeroize_raw`, regardless of ownership. It is important to note that the scope of erasure is the entire allocated capacity (`capacity`), not the valid data length (`len`). This is because previous data may remain in the padding area created by page alignment. After erasure is complete, owned memory is unlocked and `dealloc` is performed through `SecureMemoryBlock::deallocate_unlocked`, while borrowed memory is only unlocked. + +## Feature Flags + +The `std` feature enables page size runtime lookup, OS memory locking (`mlock`/`VirtualLock`), and the `explicit_bzero`/`RtlSecureZeroMemory` fallback erasure routine. Disabling this feature makes the crate operate in a `no_std` environment, where the page size is fixed at 4096 and memory locking and OS API fallbacks are disabled. Architecture-specific inline assembly erasure routines (x86_64, AArch64) are always enabled regardless of the feature. \ No newline at end of file From 74da2385c18ef45c327a301d66f64dc8f9da4261 Mon Sep 17 00:00:00 2001 From: "Q. T. Felix" <53819958+Quant-TheodoreFelix@users.noreply.github.com> Date: Thu, 19 Mar 2026 21:54:26 +0900 Subject: [PATCH 5/5] =?UTF-8?q?=EC=BB=B4=ED=94=8C=EB=9D=BC=EC=9D=B4?= =?UTF-8?q?=EC=96=B8=EC=8A=A4=20=EB=AC=B8=EC=84=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- COMPLIANCE.md | 81 ++++++++++++++++++++++++++++++++------------- COMPLIANCE_EN.md | 85 ++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 141 insertions(+), 25 deletions(-) diff --git a/COMPLIANCE.md b/COMPLIANCE.md index 96932ee..3e31e5f 100644 --- a/COMPLIANCE.md +++ b/COMPLIANCE.md @@ -1,49 +1,84 @@ # 인증 및 규정 준수 사항 > [!IMPORTANT] -> 테스트 벡터를 통과했다고 해서, 각 암호화 모듈 및 알고리즘 구현이 완전히 검증됐다는 것이 아닙니다. -> 이러한 테스트 벡터의 사용은 CAVP(Cryptographic Algorithm Validation Program)를 통해 얻은 검증을 대체하지 않습니다. +> 테스트 벡터를 통과했다고 해서 각 암호화 모듈 및 알고리즘 구현이 완전히 검증됐다는 것이 아닙니다. +> 이러한 CAVP(Cryptographic Algorithm Validation Program) 테스트 벡터 검증은 아무런 효력이 없으며, 암호 알고리즘이 '정상적으로 작동한다'를 알려줄 뿐 입니다. NIST CAVP는 단일 알고리즘에 대한 검증 작업입니다. 실제 프로덕션 환경에서 사용되기 위해서는 FIPS 140-2/3에 따른 CMVP(Cryptographic Module Validation Program) 검증이 필요합니다. 즉, CAVP 인증은 CMVP 인증의 필수 선수 조건입니다. -## RNG +## RNG SP 800-90A Rev. 1 (B, C) > [NIST CAVP - Random Number Generators](https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/Random-Number-Generators) -- [ ] SP 800-90A DRBG(Deterministic Random Bit Generators) +- [ ] Hash DRBG +- [ ] HMAC DRBG +- [ ] CTR DRBG -> [KCMVP](https://seed.kisa.or.kr/kisa/kcmvp/EgovVerification.do) (KS X ISO/IEC 18031) +> [KCMVP](https://seed.kisa.or.kr/kisa/kcmvp/EgovVerification.do) -- [ ] Security techniques - Hash-functions - Part 3: Dedicated hash-functions (2018) +- [ ] Hash DRBG +- [ ] HMAC DRBG +- [ ] CTR DRBG -## SHA2 +## SHA2 (FIPS 180-4) > [NIST CAVP - Secure Hashing](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/secure-hashing) -- [ ] FIPS 180-4 SHA Test Vectors for Hashing Bit/Byte-Oriented Messages +- [ ] SHA-224 +- [ ] SHA-256 +- [ ] SHA-384 +- [ ] SHA-512 -> [KCMVP](https://seed.kisa.or.kr/kisa/kcmvp/EgovVerification.do) (KS X ISO/IEC 10118-3:2001) +> [KCMVP](https://seed.kisa.or.kr/kisa/kcmvp/EgovVerification.do) -- [ ] Security techniques - Hash-functions - Part 3: Dedicated hash-functions (2018) +- [X] SHA-224 +- [X] SHA-256 +- [X] SHA-384 +- [X] SHA-512 -## SHA3 +## SHA3 (FIPS 202) > [NIST CAVP - Secure Hashing](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/secure-hashing) -- [X] FIPS 202 SHA-3 Hash Function Test Vectors for Hashing Bit/Byte-Oriented Messages -- [X] FIPS 202 SHA-3 XOF Test Vectors for Bit/Byte-Oriented Output +- [X] SHA-3 224 +- [X] SHA-3 256 +- [X] SHA-3 384 +- [X] SHA-3 512 +- [X] XOF (SHAKE128) +- [X] XOF (SHAKE256) -> [KCMVP](https://seed.kisa.or.kr/kisa/kcmvp/EgovVerification.do) (KS X ISO/IEC 10118-3:2001) +> [KCMVP](https://seed.kisa.or.kr/kisa/kcmvp/EgovVerification.do) -- [X] Security techniques - Hash-functions - Part 3: Dedicated hash-functions (2018) +- [X] SHA-3 224 +- [X] SHA-3 256 +- [X] SHA-3 384 +- [X] SHA-3 512 -## HKDF +## HKDF (SP 800-108) -> [NIST CAVP - Key Derivation](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/key-derivation) (SP 800-108) +> [NIST CAVP - Key Derivation](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/key-derivation) -- [ ] KDF in Counter Mode Test Vectors -- [ ] KDF in Feedback Mode Test Vectors where no counter is used -- [ ] KDF in Feedback Mode Test Vectors where zero length IV is allowed -- [ ] KDF in Feedback Mode Test Vectors where zero length IV is not allowed -- [ ] KDF in Double-Pipeline Iteration Mode Test Vectors where no counter is used -- [ ] KDF in Double-Pipeline Iteration Mode Test Vectors where counter is used \ No newline at end of file +- [ ] HKDF SHA-2 +- [ ] HKDF SHA-3 + +## HMAC (FIPS 198-1) + +> [NIST CAVP - Keyed-Hash Message Authentication Code](https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/Message-Authentication) + +- [ ] HMAC + +> [KCMVP](https://seed.kisa.or.kr/kisa/kcmvp/EgovVerification.do) + +- [X] HMAC (SHA-2) +- [X] HMAC (SHA-3) + +## Digital Signature (Composite) + +> [Post-Quantum-Cryptography/KAT/MLDSA](https://github.com/post-quantum-cryptography/KAT/tree/main/MLDSA) (FIPS 204) + +- [ ] ML-DSA-44 KeyPair generation +- [ ] ML-DSA-44 Sign/Verify +- [ ] ML-DSA-65 KeyPair generation +- [ ] ML-DSA-65 Sign/Verify +- [ ] ML-DSA-87 KeyPair generation +- [ ] ML-DSA-87 Sign/Verify diff --git a/COMPLIANCE_EN.md b/COMPLIANCE_EN.md index 8c8e769..0f3c993 100644 --- a/COMPLIANCE_EN.md +++ b/COMPLIANCE_EN.md @@ -1,3 +1,84 @@ -# Certification or Compliance +# Certification and Compliance -In Progressss... \ No newline at end of file +> [!IMPORTANT] +> Passing the test vectors does not mean that each cryptographic module and algorithm implementation is fully validated. +> These CAVP (Cryptographic Algorithm Validation Program) test vector validations have no legal effect and merely indicate that the cryptographic algorithm 'operates normally.' + +NIST CAVP is a validation process for individual algorithms. For use in actual production environments, CMVP (Cryptographic Module Validation Program) validation according to FIPS 140-2/3 is required. In other words, CAVP certification is a mandatory prerequisite for CMVP certification. + +## RNG SP 800-90A Rev. 1 (B, C) + +> [NIST CAVP - Random Number Generators](https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/Random-Number-Generators) + +- [ ] Hash DRBG +- [ ] HMAC DRBG +- [ ] CTR DRBG + +> [KCMVP](https://seed.kisa.or.kr/kisa/kcmvp/EgovVerification.do) + +- [ ] Hash DRBG +- [ ] HMAC DRBG +- [ ] CTR DRBG + +## SHA2 (FIPS 180-4) + +> [NIST CAVP - Secure Hashing](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/secure-hashing) + +- [ ] SHA-224 +- [ ] SHA-256 +- [ ] SHA-384 +- [ ] SHA-512 + +> [KCMVP](https://seed.kisa.or.kr/kisa/kcmvp/EgovVerification.do) + +- [X] SHA-224 +- [X] SHA-256 +- [X] SHA-384 +- [X] SHA-512 + +## SHA3 (FIPS 202) + +> [NIST CAVP - Secure Hashing](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/secure-hashing) + +- [X] SHA-3 224 +- [X] SHA-3 256 +- [X] SHA-3 384 +- [X] SHA-3 512 +- [X] XOF (SHAKE128) +- [X] XOF (SHAKE256) + +> [KCMVP](https://seed.kisa.or.kr/kisa/kcmvp/EgovVerification.do) + +- [X] SHA-3 224 +- [X] SHA-3 256 +- [X] SHA-3 384 +- [X] SHA-3 512 + +## HKDF (SP 800-108) + +> [NIST CAVP - Key Derivation](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/key-derivation) + +- [ ] HKDF SHA-2 +- [ ] HKDF SHA-3 + +## HMAC (FIPS 198-1) + +> [NIST CAVP - Keyed-Hash Message Authentication Code](https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/Message-Authentication) + +- [ ] HMAC + +> [KCMVP](https://seed.kisa.or.kr/kisa/kcmvp/EgovVerification.do) + +- [X] HMAC (SHA-2) +- [X] HMAC (SHA-3) + +## Digital Signature (Composite) + +> [Post-Quantum-Cryptography/KAT/MLDSA](https://github.com/post-quantum-cryptography/KAT/tree/main/MLDSA) (FIPS 204) + +- [ ] ML-DSA-44 KeyPair generation +- [ ] ML-DSA-44 Sign/Verify +- [ ] ML-DSA-65 KeyPair generation +- [ ] ML-DSA-65 Sign/Verify +- [ ] ML-DSA-87 KeyPair generation +- [ ] ML-DSA-87 Sign/Verify